commit fac3c18e6ccd573e98fbd3fe810269a2d1420837 Author: WolverinDEV Date: Mon Mar 2 16:50:34 2020 +0000 Initial upload diff --git a/linux_amd64/bin/c_rehash b/linux_amd64/bin/c_rehash new file mode 100755 index 0000000..ec0a871 --- /dev/null +++ b/linux_amd64/bin/c_rehash @@ -0,0 +1,232 @@ +#!/usr/bin/env perl + +# WARNING: do not edit! +# Generated by Makefile from ../tools/c_rehash.in +# Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +# Perl c_rehash script, scan all files in a directory +# and add symbolic links to their hash values. + +my $dir = ""; +my $prefix = "/root/openssl/build/../out"; + +my $errorcount = 0; +my $openssl = $ENV{OPENSSL} || "openssl"; +my $pwd; +my $x509hash = "-subject_hash"; +my $crlhash = "-hash"; +my $verbose = 0; +my $symlink_exists=eval {symlink("",""); 1}; +my $removelinks = 1; + +## Parse flags. +while ( $ARGV[0] =~ /^-/ ) { + my $flag = shift @ARGV; + last if ( $flag eq '--'); + if ( $flag eq '-old') { + $x509hash = "-subject_hash_old"; + $crlhash = "-hash_old"; + } elsif ( $flag eq '-h' || $flag eq '-help' ) { + help(); + } elsif ( $flag eq '-n' ) { + $removelinks = 0; + } elsif ( $flag eq '-v' ) { + $verbose++; + } + else { + print STDERR "Usage error; try -h.\n"; + exit 1; + } +} + +sub help { + print "Usage: c_rehash [-old] [-h] [-help] [-v] [dirs...]\n"; + print " -old use old-style digest\n"; + print " -h or -help print this help text\n"; + print " -v print files removed and linked\n"; + exit 0; +} + +eval "require Cwd"; +if (defined(&Cwd::getcwd)) { + $pwd=Cwd::getcwd(); +} else { + $pwd=`pwd`; + chomp($pwd); +} + +# DOS/Win32 or Unix delimiter? Prefix our installdir, then search. +my $path_delim = ($pwd =~ /^[a-z]\:/i) ? ';' : ':'; +$ENV{PATH} = "$prefix/bin" . ($ENV{PATH} ? $path_delim . $ENV{PATH} : ""); + +if (! -x $openssl) { + my $found = 0; + foreach (split /$path_delim/, $ENV{PATH}) { + if (-x "$_/$openssl") { + $found = 1; + $openssl = "$_/$openssl"; + last; + } + } + if ($found == 0) { + print STDERR "c_rehash: rehashing skipped ('openssl' program not available)\n"; + exit 0; + } +} + +if (@ARGV) { + @dirlist = @ARGV; +} elsif ($ENV{SSL_CERT_DIR}) { + @dirlist = split /$path_delim/, $ENV{SSL_CERT_DIR}; +} else { + $dirlist[0] = "$dir/certs"; +} + +if (-d $dirlist[0]) { + chdir $dirlist[0]; + $openssl="$pwd/$openssl" if (!-x $openssl); + chdir $pwd; +} + +foreach (@dirlist) { + if (-d $_ ) { + if ( -w $_) { + hash_dir($_); + } else { + print "Skipping $_, can't write\n"; + $errorcount++; + } + } +} +exit($errorcount); + +sub hash_dir { + my %hashlist; + print "Doing $_[0]\n"; + chdir $_[0]; + opendir(DIR, "."); + my @flist = sort readdir(DIR); + closedir DIR; + if ( $removelinks ) { + # Delete any existing symbolic links + foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @flist) { + if (-l $_) { + print "unlink $_" if $verbose; + unlink $_ || warn "Can't unlink $_, $!\n"; + } + } + } + FILE: foreach $fname (grep {/\.(pem)|(crt)|(cer)|(crl)$/} @flist) { + # Check to see if certificates and/or CRLs present. + my ($cert, $crl) = check_file($fname); + if (!$cert && !$crl) { + print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n"; + next; + } + link_hash_cert($fname) if ($cert); + link_hash_crl($fname) if ($crl); + } +} + +sub check_file { + my ($is_cert, $is_crl) = (0,0); + my $fname = $_[0]; + open IN, $fname; + while() { + if (/^-----BEGIN (.*)-----/) { + my $hdr = $1; + if ($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) { + $is_cert = 1; + last if ($is_crl); + } elsif ($hdr eq "X509 CRL") { + $is_crl = 1; + last if ($is_cert); + } + } + } + close IN; + return ($is_cert, $is_crl); +} + + +# Link a certificate to its subject name hash value, each hash is of +# the form . where n is an integer. If the hash value already exists +# then we need to up the value of n, unless its a duplicate in which +# case we skip the link. We check for duplicates by comparing the +# certificate fingerprints + +sub link_hash_cert { + my $fname = $_[0]; + $fname =~ s/'/'\\''/g; + my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`; + chomp $hash; + chomp $fprint; + $fprint =~ s/^.*=//; + $fprint =~ tr/://d; + my $suffix = 0; + # Search for an unused hash filename + while(exists $hashlist{"$hash.$suffix"}) { + # Hash matches: if fingerprint matches its a duplicate cert + if ($hashlist{"$hash.$suffix"} eq $fprint) { + print STDERR "WARNING: Skipping duplicate certificate $fname\n"; + return; + } + $suffix++; + } + $hash .= ".$suffix"; + if ($symlink_exists) { + print "link $fname -> $hash\n" if $verbose; + symlink $fname, $hash || warn "Can't symlink, $!"; + } else { + print "copy $fname -> $hash\n" if $verbose; + if (open($in, "<", $fname)) { + if (open($out,">", $hash)) { + print $out $_ while (<$in>); + close $out; + } else { + warn "can't open $hash for write, $!"; + } + close $in; + } else { + warn "can't open $fname for read, $!"; + } + } + $hashlist{$hash} = $fprint; +} + +# Same as above except for a CRL. CRL links are of the form .r + +sub link_hash_crl { + my $fname = $_[0]; + $fname =~ s/'/'\\''/g; + my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`; + chomp $hash; + chomp $fprint; + $fprint =~ s/^.*=//; + $fprint =~ tr/://d; + my $suffix = 0; + # Search for an unused hash filename + while(exists $hashlist{"$hash.r$suffix"}) { + # Hash matches: if fingerprint matches its a duplicate cert + if ($hashlist{"$hash.r$suffix"} eq $fprint) { + print STDERR "WARNING: Skipping duplicate CRL $fname\n"; + return; + } + $suffix++; + } + $hash .= ".r$suffix"; + if ($symlink_exists) { + print "link $fname -> $hash\n" if $verbose; + symlink $fname, $hash || warn "Can't symlink, $!"; + } else { + print "cp $fname -> $hash\n" if $verbose; + system ("cp", $fname, $hash); + warn "Can't copy, $!" if ($? >> 8) != 0; + } + $hashlist{$hash} = $fprint; +} diff --git a/linux_amd64/bin/openssl b/linux_amd64/bin/openssl new file mode 100755 index 0000000..61d0225 Binary files /dev/null and b/linux_amd64/bin/openssl differ diff --git a/linux_amd64/include/openssl/aes.h b/linux_amd64/include/openssl/aes.h new file mode 100644 index 0000000..f6e74db --- /dev/null +++ b/linux_amd64/include/openssl/aes.h @@ -0,0 +1,116 @@ +/* + * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_AES_H +# define OPENSSL_AES_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_AES_H +# endif + +# include + +# include +# ifdef __cplusplus +extern "C" { +# endif + +# define AES_BLOCK_SIZE 16 + +# ifndef OPENSSL_NO_DEPRECATED_3_0 + +# define AES_ENCRYPT 1 +# define AES_DECRYPT 0 + +# define AES_MAXNR 14 + + +/* This should be a hidden type, but EVP requires that the size be known */ +struct aes_key_st { +# ifdef AES_LONG + unsigned long rd_key[4 * (AES_MAXNR + 1)]; +# else + unsigned int rd_key[4 * (AES_MAXNR + 1)]; +# endif + int rounds; +}; +typedef struct aes_key_st AES_KEY; + +# endif + +DEPRECATEDIN_3_0(const char *AES_options(void)) + +DEPRECATEDIN_3_0(int + AES_set_encrypt_key(const unsigned char *userKey, + const int bits, AES_KEY *key)) +DEPRECATEDIN_3_0(int + AES_set_decrypt_key(const unsigned char *userKey, + const int bits, AES_KEY *key)) + +DEPRECATEDIN_3_0(void + AES_encrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key)) +DEPRECATEDIN_3_0(void + AES_decrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key)) + +DEPRECATEDIN_3_0(void + AES_ecb_encrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key, const int enc)) +DEPRECATEDIN_3_0(void + AES_cbc_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, const int enc)) +DEPRECATEDIN_3_0(void + AES_cfb128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, int *num, + const int enc)) +DEPRECATEDIN_3_0(void + AES_cfb1_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, int *num, const int enc)) +DEPRECATEDIN_3_0(void + AES_cfb8_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, int *num, const int enc)) +DEPRECATEDIN_3_0(void + AES_ofb128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, int *num)) + +/* NB: the IV is _two_ blocks long */ +DEPRECATEDIN_3_0(void + AES_ige_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, const int enc)) +/* NB: the IV is _four_ blocks long */ +DEPRECATEDIN_3_0(void + AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + const AES_KEY *key2, + const unsigned char *ivec, const int enc)) + +DEPRECATEDIN_3_0(int + AES_wrap_key(AES_KEY *key, const unsigned char *iv, + unsigned char *out, const unsigned char *in, + unsigned int inlen)) +DEPRECATEDIN_3_0(int + AES_unwrap_key(AES_KEY *key, const unsigned char *iv, + unsigned char *out, const unsigned char *in, + unsigned int inlen)) + + +# ifdef __cplusplus +} +# endif + +#endif diff --git a/linux_amd64/include/openssl/asn1.h b/linux_amd64/include/openssl/asn1.h new file mode 100644 index 0000000..5863fef --- /dev/null +++ b/linux_amd64/include/openssl/asn1.h @@ -0,0 +1,867 @@ +/* + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_ASN1_H +# define OPENSSL_ASN1_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_ASN1_H +# endif + +# include +# include +# include +# include +# include +# include +# include + +# include +# include + +# ifdef OPENSSL_BUILD_SHLIBCRYPTO +# undef OPENSSL_EXTERN +# define OPENSSL_EXTERN OPENSSL_EXPORT +# endif + +#ifdef __cplusplus +extern "C" { +#endif + +# define V_ASN1_UNIVERSAL 0x00 +# define V_ASN1_APPLICATION 0x40 +# define V_ASN1_CONTEXT_SPECIFIC 0x80 +# define V_ASN1_PRIVATE 0xc0 + +# define V_ASN1_CONSTRUCTED 0x20 +# define V_ASN1_PRIMITIVE_TAG 0x1f +# define V_ASN1_PRIMATIVE_TAG /*compat*/ V_ASN1_PRIMITIVE_TAG + +# define V_ASN1_APP_CHOOSE -2/* let the recipient choose */ +# define V_ASN1_OTHER -3/* used in ASN1_TYPE */ +# define V_ASN1_ANY -4/* used in ASN1 template code */ + +# define V_ASN1_UNDEF -1 +/* ASN.1 tag values */ +# define V_ASN1_EOC 0 +# define V_ASN1_BOOLEAN 1 /**/ +# define V_ASN1_INTEGER 2 +# define V_ASN1_BIT_STRING 3 +# define V_ASN1_OCTET_STRING 4 +# define V_ASN1_NULL 5 +# define V_ASN1_OBJECT 6 +# define V_ASN1_OBJECT_DESCRIPTOR 7 +# define V_ASN1_EXTERNAL 8 +# define V_ASN1_REAL 9 +# define V_ASN1_ENUMERATED 10 +# define V_ASN1_UTF8STRING 12 +# define V_ASN1_SEQUENCE 16 +# define V_ASN1_SET 17 +# define V_ASN1_NUMERICSTRING 18 /**/ +# define V_ASN1_PRINTABLESTRING 19 +# define V_ASN1_T61STRING 20 +# define V_ASN1_TELETEXSTRING 20/* alias */ +# define V_ASN1_VIDEOTEXSTRING 21 /**/ +# define V_ASN1_IA5STRING 22 +# define V_ASN1_UTCTIME 23 +# define V_ASN1_GENERALIZEDTIME 24 /**/ +# define V_ASN1_GRAPHICSTRING 25 /**/ +# define V_ASN1_ISO64STRING 26 /**/ +# define V_ASN1_VISIBLESTRING 26/* alias */ +# define V_ASN1_GENERALSTRING 27 /**/ +# define V_ASN1_UNIVERSALSTRING 28 /**/ +# define V_ASN1_BMPSTRING 30 + +/* + * NB the constants below are used internally by ASN1_INTEGER + * and ASN1_ENUMERATED to indicate the sign. They are *not* on + * the wire tag values. + */ + +# define V_ASN1_NEG 0x100 +# define V_ASN1_NEG_INTEGER (2 | V_ASN1_NEG) +# define V_ASN1_NEG_ENUMERATED (10 | V_ASN1_NEG) + +/* For use with d2i_ASN1_type_bytes() */ +# define B_ASN1_NUMERICSTRING 0x0001 +# define B_ASN1_PRINTABLESTRING 0x0002 +# define B_ASN1_T61STRING 0x0004 +# define B_ASN1_TELETEXSTRING 0x0004 +# define B_ASN1_VIDEOTEXSTRING 0x0008 +# define B_ASN1_IA5STRING 0x0010 +# define B_ASN1_GRAPHICSTRING 0x0020 +# define B_ASN1_ISO64STRING 0x0040 +# define B_ASN1_VISIBLESTRING 0x0040 +# define B_ASN1_GENERALSTRING 0x0080 +# define B_ASN1_UNIVERSALSTRING 0x0100 +# define B_ASN1_OCTET_STRING 0x0200 +# define B_ASN1_BIT_STRING 0x0400 +# define B_ASN1_BMPSTRING 0x0800 +# define B_ASN1_UNKNOWN 0x1000 +# define B_ASN1_UTF8STRING 0x2000 +# define B_ASN1_UTCTIME 0x4000 +# define B_ASN1_GENERALIZEDTIME 0x8000 +# define B_ASN1_SEQUENCE 0x10000 +/* For use with ASN1_mbstring_copy() */ +# define MBSTRING_FLAG 0x1000 +# define MBSTRING_UTF8 (MBSTRING_FLAG) +# define MBSTRING_ASC (MBSTRING_FLAG|1) +# define MBSTRING_BMP (MBSTRING_FLAG|2) +# define MBSTRING_UNIV (MBSTRING_FLAG|4) +# define SMIME_OLDMIME 0x400 +# define SMIME_CRLFEOL 0x800 +# define SMIME_STREAM 0x1000 + struct X509_algor_st; +DEFINE_STACK_OF(X509_ALGOR) + +# define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */ +/* + * This indicates that the ASN1_STRING is not a real value but just a place + * holder for the location where indefinite length constructed data should be + * inserted in the memory buffer + */ +# define ASN1_STRING_FLAG_NDEF 0x010 + +/* + * This flag is used by the CMS code to indicate that a string is not + * complete and is a place holder for content when it had all been accessed. + * The flag will be reset when content has been written to it. + */ + +# define ASN1_STRING_FLAG_CONT 0x020 +/* + * This flag is used by ASN1 code to indicate an ASN1_STRING is an MSTRING + * type. + */ +# define ASN1_STRING_FLAG_MSTRING 0x040 +/* String is embedded and only content should be freed */ +# define ASN1_STRING_FLAG_EMBED 0x080 +/* String should be parsed in RFC 5280's time format */ +# define ASN1_STRING_FLAG_X509_TIME 0x100 +/* This is the base type that holds just about everything :-) */ +struct asn1_string_st { + int length; + int type; + unsigned char *data; + /* + * The value of the following field depends on the type being held. It + * is mostly being used for BIT_STRING so if the input data has a + * non-zero 'unused bits' value, it will be handled correctly + */ + long flags; +}; + +/* + * ASN1_ENCODING structure: this is used to save the received encoding of an + * ASN1 type. This is useful to get round problems with invalid encodings + * which can break signatures. + */ + +typedef struct ASN1_ENCODING_st { + unsigned char *enc; /* DER encoding */ + long len; /* Length of encoding */ + int modified; /* set to 1 if 'enc' is invalid */ +} ASN1_ENCODING; + +/* Used with ASN1 LONG type: if a long is set to this it is omitted */ +# define ASN1_LONG_UNDEF 0x7fffffffL + +# define STABLE_FLAGS_MALLOC 0x01 +/* + * A zero passed to ASN1_STRING_TABLE_new_add for the flags is interpreted + * as "don't change" and STABLE_FLAGS_MALLOC is always set. By setting + * STABLE_FLAGS_MALLOC only we can clear the existing value. Use the alias + * STABLE_FLAGS_CLEAR to reflect this. + */ +# define STABLE_FLAGS_CLEAR STABLE_FLAGS_MALLOC +# define STABLE_NO_MASK 0x02 +# define DIRSTRING_TYPE \ + (B_ASN1_PRINTABLESTRING|B_ASN1_T61STRING|B_ASN1_BMPSTRING|B_ASN1_UTF8STRING) +# define PKCS9STRING_TYPE (DIRSTRING_TYPE|B_ASN1_IA5STRING) + +typedef struct asn1_string_table_st { + int nid; + long minsize; + long maxsize; + unsigned long mask; + unsigned long flags; +} ASN1_STRING_TABLE; + +DEFINE_STACK_OF(ASN1_STRING_TABLE) + +/* size limits: this stuff is taken straight from RFC2459 */ + +# define ub_name 32768 +# define ub_common_name 64 +# define ub_locality_name 128 +# define ub_state_name 128 +# define ub_organization_name 64 +# define ub_organization_unit_name 64 +# define ub_title 64 +# define ub_email_address 128 + +/* + * Declarations for template structures: for full definitions see asn1t.h + */ +typedef struct ASN1_TEMPLATE_st ASN1_TEMPLATE; +typedef struct ASN1_TLC_st ASN1_TLC; +/* This is just an opaque pointer */ +typedef struct ASN1_VALUE_st ASN1_VALUE; + +/* Declare ASN1 functions: the implement macro in in asn1t.h */ + +# define DECLARE_ASN1_FUNCTIONS(type) DECLARE_ASN1_FUNCTIONS_name(type, type) + +# define DECLARE_ASN1_ALLOC_FUNCTIONS(type) \ + DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, type) + +# define DECLARE_ASN1_FUNCTIONS_name(type, name) \ + DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ + DECLARE_ASN1_ENCODE_FUNCTIONS_name(type, name) + +# define DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) \ + DECLARE_ASN1_ENCODE_FUNCTIONS_only(type, name) \ + DECLARE_ASN1_ITEM(itname) + +# define DECLARE_ASN1_ENCODE_FUNCTIONS_name(type, name) \ + DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name) + +# define DECLARE_ASN1_ENCODE_FUNCTIONS_only(type, name) \ + type *d2i_##name(type **a, const unsigned char **in, long len); \ + int i2d_##name(const type *a, unsigned char **out); + +# define DECLARE_ASN1_NDEF_FUNCTION(name) \ + int i2d_##name##_NDEF(const name *a, unsigned char **out); + +# define DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ + type *name##_new(void); \ + void name##_free(type *a); + +# define DECLARE_ASN1_DUP_FUNCTION(type) \ + DECLARE_ASN1_DUP_FUNCTION_name(type, type) + +# define DECLARE_ASN1_DUP_FUNCTION_name(type, name) \ + type *name##_dup(const type *a); + +# define DECLARE_ASN1_PRINT_FUNCTION(stname) \ + DECLARE_ASN1_PRINT_FUNCTION_fname(stname, stname) + +# define DECLARE_ASN1_PRINT_FUNCTION_fname(stname, fname) \ + int fname##_print_ctx(BIO *out, const stname *x, int indent, \ + const ASN1_PCTX *pctx); + +# define D2I_OF(type) type *(*)(type **,const unsigned char **,long) +# define I2D_OF(type) int (*)(const type *,unsigned char **) + +# define CHECKED_D2I_OF(type, d2i) \ + ((d2i_of_void*) (1 ? d2i : ((D2I_OF(type))0))) +# define CHECKED_I2D_OF(type, i2d) \ + ((i2d_of_void*) (1 ? i2d : ((I2D_OF(type))0))) +# define CHECKED_NEW_OF(type, xnew) \ + ((void *(*)(void)) (1 ? xnew : ((type *(*)(void))0))) +# define CHECKED_PTR_OF(type, p) \ + ((void*) (1 ? p : (type*)0)) +# define CHECKED_PPTR_OF(type, p) \ + ((void**) (1 ? p : (type**)0)) + +# define TYPEDEF_D2I_OF(type) typedef type *d2i_of_##type(type **,const unsigned char **,long) +# define TYPEDEF_I2D_OF(type) typedef int i2d_of_##type(const type *,unsigned char **) +# define TYPEDEF_D2I2D_OF(type) TYPEDEF_D2I_OF(type); TYPEDEF_I2D_OF(type) + +typedef void *d2i_of_void(void **, const unsigned char **, long); +typedef int i2d_of_void(const void *, unsigned char **); + +/*- + * The following macros and typedefs allow an ASN1_ITEM + * to be embedded in a structure and referenced. Since + * the ASN1_ITEM pointers need to be globally accessible + * (possibly from shared libraries) they may exist in + * different forms. On platforms that support it the + * ASN1_ITEM structure itself will be globally exported. + * Other platforms will export a function that returns + * an ASN1_ITEM pointer. + * + * To handle both cases transparently the macros below + * should be used instead of hard coding an ASN1_ITEM + * pointer in a structure. + * + * The structure will look like this: + * + * typedef struct SOMETHING_st { + * ... + * ASN1_ITEM_EXP *iptr; + * ... + * } SOMETHING; + * + * It would be initialised as e.g.: + * + * SOMETHING somevar = {...,ASN1_ITEM_ref(X509),...}; + * + * and the actual pointer extracted with: + * + * const ASN1_ITEM *it = ASN1_ITEM_ptr(somevar.iptr); + * + * Finally an ASN1_ITEM pointer can be extracted from an + * appropriate reference with: ASN1_ITEM_rptr(X509). This + * would be used when a function takes an ASN1_ITEM * argument. + * + */ + + +/* + * Platforms that can't easily handle shared global variables are declared as + * functions returning ASN1_ITEM pointers. + */ + +/* ASN1_ITEM pointer exported type */ +typedef const ASN1_ITEM *ASN1_ITEM_EXP (void); + +/* Macro to obtain ASN1_ITEM pointer from exported type */ +# define ASN1_ITEM_ptr(iptr) (iptr()) + +/* Macro to include ASN1_ITEM pointer from base type */ +# define ASN1_ITEM_ref(iptr) (iptr##_it) + +# define ASN1_ITEM_rptr(ref) (ref##_it()) + +# define DECLARE_ASN1_ITEM(name) \ + const ASN1_ITEM * name##_it(void); + +/* Parameters used by ASN1_STRING_print_ex() */ + +/* + * These determine which characters to escape: RFC2253 special characters, + * control characters and MSB set characters + */ + +# define ASN1_STRFLGS_ESC_2253 1 +# define ASN1_STRFLGS_ESC_CTRL 2 +# define ASN1_STRFLGS_ESC_MSB 4 + +/* + * This flag determines how we do escaping: normally RC2253 backslash only, + * set this to use backslash and quote. + */ + +# define ASN1_STRFLGS_ESC_QUOTE 8 + +/* These three flags are internal use only. */ + +/* Character is a valid PrintableString character */ +# define CHARTYPE_PRINTABLESTRING 0x10 +/* Character needs escaping if it is the first character */ +# define CHARTYPE_FIRST_ESC_2253 0x20 +/* Character needs escaping if it is the last character */ +# define CHARTYPE_LAST_ESC_2253 0x40 + +/* + * NB the internal flags are safely reused below by flags handled at the top + * level. + */ + +/* + * If this is set we convert all character strings to UTF8 first + */ + +# define ASN1_STRFLGS_UTF8_CONVERT 0x10 + +/* + * If this is set we don't attempt to interpret content: just assume all + * strings are 1 byte per character. This will produce some pretty odd + * looking output! + */ + +# define ASN1_STRFLGS_IGNORE_TYPE 0x20 + +/* If this is set we include the string type in the output */ +# define ASN1_STRFLGS_SHOW_TYPE 0x40 + +/* + * This determines which strings to display and which to 'dump' (hex dump of + * content octets or DER encoding). We can only dump non character strings or + * everything. If we don't dump 'unknown' they are interpreted as character + * strings with 1 octet per character and are subject to the usual escaping + * options. + */ + +# define ASN1_STRFLGS_DUMP_ALL 0x80 +# define ASN1_STRFLGS_DUMP_UNKNOWN 0x100 + +/* + * These determine what 'dumping' does, we can dump the content octets or the + * DER encoding: both use the RFC2253 #XXXXX notation. + */ + +# define ASN1_STRFLGS_DUMP_DER 0x200 + +/* + * This flag specifies that RC2254 escaping shall be performed. + */ +#define ASN1_STRFLGS_ESC_2254 0x400 + +/* + * All the string flags consistent with RFC2253, escaping control characters + * isn't essential in RFC2253 but it is advisable anyway. + */ + +# define ASN1_STRFLGS_RFC2253 (ASN1_STRFLGS_ESC_2253 | \ + ASN1_STRFLGS_ESC_CTRL | \ + ASN1_STRFLGS_ESC_MSB | \ + ASN1_STRFLGS_UTF8_CONVERT | \ + ASN1_STRFLGS_DUMP_UNKNOWN | \ + ASN1_STRFLGS_DUMP_DER) + +DEFINE_STACK_OF(ASN1_INTEGER) + +DEFINE_STACK_OF(ASN1_GENERALSTRING) + +DEFINE_STACK_OF(ASN1_UTF8STRING) + +typedef struct asn1_type_st { + int type; + union { + char *ptr; + ASN1_BOOLEAN boolean; + ASN1_STRING *asn1_string; + ASN1_OBJECT *object; + ASN1_INTEGER *integer; + ASN1_ENUMERATED *enumerated; + ASN1_BIT_STRING *bit_string; + ASN1_OCTET_STRING *octet_string; + ASN1_PRINTABLESTRING *printablestring; + ASN1_T61STRING *t61string; + ASN1_IA5STRING *ia5string; + ASN1_GENERALSTRING *generalstring; + ASN1_BMPSTRING *bmpstring; + ASN1_UNIVERSALSTRING *universalstring; + ASN1_UTCTIME *utctime; + ASN1_GENERALIZEDTIME *generalizedtime; + ASN1_VISIBLESTRING *visiblestring; + ASN1_UTF8STRING *utf8string; + /* + * set and sequence are left complete and still contain the set or + * sequence bytes + */ + ASN1_STRING *set; + ASN1_STRING *sequence; + ASN1_VALUE *asn1_value; + } value; +} ASN1_TYPE; + +DEFINE_STACK_OF(ASN1_TYPE) + +typedef STACK_OF(ASN1_TYPE) ASN1_SEQUENCE_ANY; + +DECLARE_ASN1_ENCODE_FUNCTIONS_name(ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY) +DECLARE_ASN1_ENCODE_FUNCTIONS_name(ASN1_SEQUENCE_ANY, ASN1_SET_ANY) + +/* This is used to contain a list of bit names */ +typedef struct BIT_STRING_BITNAME_st { + int bitnum; + const char *lname; + const char *sname; +} BIT_STRING_BITNAME; + +# define B_ASN1_TIME \ + B_ASN1_UTCTIME | \ + B_ASN1_GENERALIZEDTIME + +# define B_ASN1_PRINTABLE \ + B_ASN1_NUMERICSTRING| \ + B_ASN1_PRINTABLESTRING| \ + B_ASN1_T61STRING| \ + B_ASN1_IA5STRING| \ + B_ASN1_BIT_STRING| \ + B_ASN1_UNIVERSALSTRING|\ + B_ASN1_BMPSTRING|\ + B_ASN1_UTF8STRING|\ + B_ASN1_SEQUENCE|\ + B_ASN1_UNKNOWN + +# define B_ASN1_DIRECTORYSTRING \ + B_ASN1_PRINTABLESTRING| \ + B_ASN1_TELETEXSTRING|\ + B_ASN1_BMPSTRING|\ + B_ASN1_UNIVERSALSTRING|\ + B_ASN1_UTF8STRING + +# define B_ASN1_DISPLAYTEXT \ + B_ASN1_IA5STRING| \ + B_ASN1_VISIBLESTRING| \ + B_ASN1_BMPSTRING|\ + B_ASN1_UTF8STRING + +DECLARE_ASN1_ALLOC_FUNCTIONS_name(ASN1_TYPE, ASN1_TYPE) +DECLARE_ASN1_ENCODE_FUNCTIONS(ASN1_TYPE, ASN1_ANY, ASN1_TYPE) + +int ASN1_TYPE_get(const ASN1_TYPE *a); +void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value); +int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value); +int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b); + +ASN1_TYPE *ASN1_TYPE_pack_sequence(const ASN1_ITEM *it, void *s, ASN1_TYPE **t); +void *ASN1_TYPE_unpack_sequence(const ASN1_ITEM *it, const ASN1_TYPE *t); + +DECLARE_ASN1_FUNCTIONS(ASN1_OBJECT) +DEFINE_STACK_OF(ASN1_OBJECT) + +ASN1_STRING *ASN1_STRING_new(void); +void ASN1_STRING_free(ASN1_STRING *a); +void ASN1_STRING_clear_free(ASN1_STRING *a); +int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str); +DECLARE_ASN1_DUP_FUNCTION(ASN1_STRING) +ASN1_STRING *ASN1_STRING_type_new(int type); +int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b); + /* + * Since this is used to store all sorts of things, via macros, for now, + * make its data void * + */ +int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len); +void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len); +int ASN1_STRING_length(const ASN1_STRING *x); +void ASN1_STRING_length_set(ASN1_STRING *x, int n); +int ASN1_STRING_type(const ASN1_STRING *x); +DEPRECATEDIN_1_1_0(unsigned char *ASN1_STRING_data(ASN1_STRING *x)) +const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x); + +DECLARE_ASN1_FUNCTIONS(ASN1_BIT_STRING) +int ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d, int length); +int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value); +int ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n); +int ASN1_BIT_STRING_check(const ASN1_BIT_STRING *a, + const unsigned char *flags, int flags_len); + +int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs, + BIT_STRING_BITNAME *tbl, int indent); +int ASN1_BIT_STRING_num_asc(const char *name, BIT_STRING_BITNAME *tbl); +int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, const char *name, int value, + BIT_STRING_BITNAME *tbl); + +DECLARE_ASN1_FUNCTIONS(ASN1_INTEGER) +ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, + long length); +DECLARE_ASN1_DUP_FUNCTION(ASN1_INTEGER) +int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y); + +DECLARE_ASN1_FUNCTIONS(ASN1_ENUMERATED) + +int ASN1_UTCTIME_check(const ASN1_UTCTIME *a); +ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t); +ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, + int offset_day, long offset_sec); +int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str); +int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t); + +int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *a); +ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s, + time_t t); +ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s, + time_t t, int offset_day, + long offset_sec); +int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str); + +int ASN1_TIME_diff(int *pday, int *psec, + const ASN1_TIME *from, const ASN1_TIME *to); + +DECLARE_ASN1_FUNCTIONS(ASN1_OCTET_STRING) +DECLARE_ASN1_DUP_FUNCTION(ASN1_OCTET_STRING) +int ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a, + const ASN1_OCTET_STRING *b); +int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, const unsigned char *data, + int len); + +DECLARE_ASN1_FUNCTIONS(ASN1_VISIBLESTRING) +DECLARE_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING) +DECLARE_ASN1_FUNCTIONS(ASN1_UTF8STRING) +DECLARE_ASN1_FUNCTIONS(ASN1_NULL) +DECLARE_ASN1_FUNCTIONS(ASN1_BMPSTRING) + +int UTF8_getc(const unsigned char *str, int len, unsigned long *val); +int UTF8_putc(unsigned char *str, int len, unsigned long value); + +DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, ASN1_PRINTABLE) + +DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DIRECTORYSTRING) +DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DISPLAYTEXT) +DECLARE_ASN1_FUNCTIONS(ASN1_PRINTABLESTRING) +DECLARE_ASN1_FUNCTIONS(ASN1_T61STRING) +DECLARE_ASN1_FUNCTIONS(ASN1_IA5STRING) +DECLARE_ASN1_FUNCTIONS(ASN1_GENERALSTRING) +DECLARE_ASN1_FUNCTIONS(ASN1_UTCTIME) +DECLARE_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME) +DECLARE_ASN1_FUNCTIONS(ASN1_TIME) + +DECLARE_ASN1_DUP_FUNCTION(ASN1_TIME) +DECLARE_ASN1_DUP_FUNCTION(ASN1_UTCTIME) +DECLARE_ASN1_DUP_FUNCTION(ASN1_GENERALIZEDTIME) + +DECLARE_ASN1_ITEM(ASN1_OCTET_STRING_NDEF) + +ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t); +ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t, + int offset_day, long offset_sec); +int ASN1_TIME_check(const ASN1_TIME *t); +ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(const ASN1_TIME *t, + ASN1_GENERALIZEDTIME **out); +int ASN1_TIME_set_string(ASN1_TIME *s, const char *str); +int ASN1_TIME_set_string_X509(ASN1_TIME *s, const char *str); +int ASN1_TIME_to_tm(const ASN1_TIME *s, struct tm *tm); +int ASN1_TIME_normalize(ASN1_TIME *s); +int ASN1_TIME_cmp_time_t(const ASN1_TIME *s, time_t t); +int ASN1_TIME_compare(const ASN1_TIME *a, const ASN1_TIME *b); + +int i2a_ASN1_INTEGER(BIO *bp, const ASN1_INTEGER *a); +int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size); +int i2a_ASN1_ENUMERATED(BIO *bp, const ASN1_ENUMERATED *a); +int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size); +int i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *a); +int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size); +int i2a_ASN1_STRING(BIO *bp, const ASN1_STRING *a, int type); +int i2t_ASN1_OBJECT(char *buf, int buf_len, const ASN1_OBJECT *a); + +int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num); +ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len, + const char *sn, const char *ln); + +int ASN1_INTEGER_get_int64(int64_t *pr, const ASN1_INTEGER *a); +int ASN1_INTEGER_set_int64(ASN1_INTEGER *a, int64_t r); +int ASN1_INTEGER_get_uint64(uint64_t *pr, const ASN1_INTEGER *a); +int ASN1_INTEGER_set_uint64(ASN1_INTEGER *a, uint64_t r); + +int ASN1_INTEGER_set(ASN1_INTEGER *a, long v); +long ASN1_INTEGER_get(const ASN1_INTEGER *a); +ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai); +BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn); + +int ASN1_ENUMERATED_get_int64(int64_t *pr, const ASN1_ENUMERATED *a); +int ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *a, int64_t r); + + +int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v); +long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a); +ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(const BIGNUM *bn, ASN1_ENUMERATED *ai); +BIGNUM *ASN1_ENUMERATED_to_BN(const ASN1_ENUMERATED *ai, BIGNUM *bn); + +/* General */ +/* given a string, return the correct type, max is the maximum length */ +int ASN1_PRINTABLE_type(const unsigned char *s, int max); + +unsigned long ASN1_tag2bit(int tag); + +/* SPECIALS */ +int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag, + int *pclass, long omax); +int ASN1_check_infinite_end(unsigned char **p, long len); +int ASN1_const_check_infinite_end(const unsigned char **p, long len); +void ASN1_put_object(unsigned char **pp, int constructed, int length, + int tag, int xclass); +int ASN1_put_eoc(unsigned char **pp); +int ASN1_object_size(int constructed, int length, int tag); + +/* Used to implement other functions */ +void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, const void *x); + +# define ASN1_dup_of(type,i2d,d2i,x) \ + ((type*)ASN1_dup(CHECKED_I2D_OF(type, i2d), \ + CHECKED_D2I_OF(type, d2i), \ + CHECKED_PTR_OF(const type, x))) + +void *ASN1_item_dup(const ASN1_ITEM *it, const void *x); + +/* ASN1 alloc/free macros for when a type is only used internally */ + +# define M_ASN1_new_of(type) (type *)ASN1_item_new(ASN1_ITEM_rptr(type)) +# define M_ASN1_free_of(x, type) \ + ASN1_item_free(CHECKED_PTR_OF(type, x), ASN1_ITEM_rptr(type)) + +# ifndef OPENSSL_NO_STDIO +void *ASN1_d2i_fp(void *(*xnew) (void), d2i_of_void *d2i, FILE *in, void **x); + +# define ASN1_d2i_fp_of(type,xnew,d2i,in,x) \ + ((type*)ASN1_d2i_fp(CHECKED_NEW_OF(type, xnew), \ + CHECKED_D2I_OF(type, d2i), \ + in, \ + CHECKED_PPTR_OF(type, x))) + +void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x); +int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, const void *x); + +# define ASN1_i2d_fp_of(type,i2d,out,x) \ + (ASN1_i2d_fp(CHECKED_I2D_OF(type, i2d), \ + out, \ + CHECKED_PTR_OF(const type, x))) + +int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, const void *x); +int ASN1_STRING_print_ex_fp(FILE *fp, const ASN1_STRING *str, unsigned long flags); +# endif + +int ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in); + +void *ASN1_d2i_bio(void *(*xnew) (void), d2i_of_void *d2i, BIO *in, void **x); + +# define ASN1_d2i_bio_of(type,xnew,d2i,in,x) \ + ((type*)ASN1_d2i_bio( CHECKED_NEW_OF(type, xnew), \ + CHECKED_D2I_OF(type, d2i), \ + in, \ + CHECKED_PPTR_OF(type, x))) + +void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x); +int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, const void *x); + +# define ASN1_i2d_bio_of(type,i2d,out,x) \ + (ASN1_i2d_bio(CHECKED_I2D_OF(type, i2d), \ + out, \ + CHECKED_PTR_OF(const type, x))) + +int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, const void *x); +int ASN1_UTCTIME_print(BIO *fp, const ASN1_UTCTIME *a); +int ASN1_GENERALIZEDTIME_print(BIO *fp, const ASN1_GENERALIZEDTIME *a); +int ASN1_TIME_print(BIO *fp, const ASN1_TIME *a); +int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v); +int ASN1_STRING_print_ex(BIO *out, const ASN1_STRING *str, unsigned long flags); +int ASN1_buf_print(BIO *bp, const unsigned char *buf, size_t buflen, int off); +int ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num, + unsigned char *buf, int off); +int ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent); +int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent, + int dump); +const char *ASN1_tag2str(int tag); + +/* Used to load and write Netscape format cert */ + +int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s); + +int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len); +int ASN1_TYPE_get_octetstring(const ASN1_TYPE *a, unsigned char *data, int max_len); +int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, + unsigned char *data, int len); +int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num, + unsigned char *data, int max_len); + +void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it); + +ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, + ASN1_OCTET_STRING **oct); + +void ASN1_STRING_set_default_mask(unsigned long mask); +int ASN1_STRING_set_default_mask_asc(const char *p); +unsigned long ASN1_STRING_get_default_mask(void); +int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len, + int inform, unsigned long mask); +int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, + int inform, unsigned long mask, + long minsize, long maxsize); + +ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, + const unsigned char *in, int inlen, + int inform, int nid); +ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid); +int ASN1_STRING_TABLE_add(int, long, long, unsigned long, unsigned long); +void ASN1_STRING_TABLE_cleanup(void); + +/* ASN1 template functions */ + +/* Old API compatible functions */ +ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it); +void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it); +ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **val, const unsigned char **in, + long len, const ASN1_ITEM *it); +int ASN1_item_i2d(const ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it); +int ASN1_item_ndef_i2d(const ASN1_VALUE *val, unsigned char **out, + const ASN1_ITEM *it); + +void ASN1_add_oid_module(void); +void ASN1_add_stable_module(void); + +ASN1_TYPE *ASN1_generate_nconf(const char *str, CONF *nconf); +ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf); +int ASN1_str2mask(const char *str, unsigned long *pmask); + +/* ASN1 Print flags */ + +/* Indicate missing OPTIONAL fields */ +# define ASN1_PCTX_FLAGS_SHOW_ABSENT 0x001 +/* Mark start and end of SEQUENCE */ +# define ASN1_PCTX_FLAGS_SHOW_SEQUENCE 0x002 +/* Mark start and end of SEQUENCE/SET OF */ +# define ASN1_PCTX_FLAGS_SHOW_SSOF 0x004 +/* Show the ASN1 type of primitives */ +# define ASN1_PCTX_FLAGS_SHOW_TYPE 0x008 +/* Don't show ASN1 type of ANY */ +# define ASN1_PCTX_FLAGS_NO_ANY_TYPE 0x010 +/* Don't show ASN1 type of MSTRINGs */ +# define ASN1_PCTX_FLAGS_NO_MSTRING_TYPE 0x020 +/* Don't show field names in SEQUENCE */ +# define ASN1_PCTX_FLAGS_NO_FIELD_NAME 0x040 +/* Show structure names of each SEQUENCE field */ +# define ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME 0x080 +/* Don't show structure name even at top level */ +# define ASN1_PCTX_FLAGS_NO_STRUCT_NAME 0x100 + +int ASN1_item_print(BIO *out, const ASN1_VALUE *ifld, int indent, + const ASN1_ITEM *it, const ASN1_PCTX *pctx); +ASN1_PCTX *ASN1_PCTX_new(void); +void ASN1_PCTX_free(ASN1_PCTX *p); +unsigned long ASN1_PCTX_get_flags(const ASN1_PCTX *p); +void ASN1_PCTX_set_flags(ASN1_PCTX *p, unsigned long flags); +unsigned long ASN1_PCTX_get_nm_flags(const ASN1_PCTX *p); +void ASN1_PCTX_set_nm_flags(ASN1_PCTX *p, unsigned long flags); +unsigned long ASN1_PCTX_get_cert_flags(const ASN1_PCTX *p); +void ASN1_PCTX_set_cert_flags(ASN1_PCTX *p, unsigned long flags); +unsigned long ASN1_PCTX_get_oid_flags(const ASN1_PCTX *p); +void ASN1_PCTX_set_oid_flags(ASN1_PCTX *p, unsigned long flags); +unsigned long ASN1_PCTX_get_str_flags(const ASN1_PCTX *p); +void ASN1_PCTX_set_str_flags(ASN1_PCTX *p, unsigned long flags); + +ASN1_SCTX *ASN1_SCTX_new(int (*scan_cb) (ASN1_SCTX *ctx)); +void ASN1_SCTX_free(ASN1_SCTX *p); +const ASN1_ITEM *ASN1_SCTX_get_item(ASN1_SCTX *p); +const ASN1_TEMPLATE *ASN1_SCTX_get_template(ASN1_SCTX *p); +unsigned long ASN1_SCTX_get_flags(ASN1_SCTX *p); +void ASN1_SCTX_set_app_data(ASN1_SCTX *p, void *data); +void *ASN1_SCTX_get_app_data(ASN1_SCTX *p); + +const BIO_METHOD *BIO_f_asn1(void); + +/* cannot constify val because of CMS_stream() */ +BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it); + +int i2d_ASN1_bio_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags, + const ASN1_ITEM *it); +int PEM_write_bio_ASN1_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags, + const char *hdr, const ASN1_ITEM *it); +/* cannot constify val because of CMS_dataFinal() */ +int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags, + int ctype_nid, int econt_nid, + STACK_OF(X509_ALGOR) *mdalgs, const ASN1_ITEM *it); +ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it); +int SMIME_crlf_copy(BIO *in, BIO *out, int flags); +int SMIME_text(BIO *in, BIO *out); + +const ASN1_ITEM *ASN1_ITEM_lookup(const char *name); +const ASN1_ITEM *ASN1_ITEM_get(size_t i); + +/* Legacy compatibility */ +# define DECLARE_ASN1_FUNCTIONS_fname(type, itname, name) \ + DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ + DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) +# define DECLARE_ASN1_FUNCTIONS_const(type) DECLARE_ASN1_FUNCTIONS(type) +# define DECLARE_ASN1_ENCODE_FUNCTIONS_const(type, name) \ + DECLARE_ASN1_ENCODE_FUNCTIONS(type, name) +# define I2D_OF_const(type) I2D_OF(type) +# define ASN1_dup_of_const(type,i2d,d2i,x) ASN1_dup_of(type,i2d,d2i,x) +# define ASN1_i2d_fp_of_const(type,i2d,out,x) ASN1_i2d_fp_of(type,i2d,out,x) +# define ASN1_i2d_bio_of_const(type,i2d,out,x) ASN1_i2d_bio_of(type,i2d,out,x) + +# ifdef __cplusplus +} +# endif +#endif diff --git a/linux_amd64/include/openssl/asn1_mac.h b/linux_amd64/include/openssl/asn1_mac.h new file mode 100644 index 0000000..fdcb983 --- /dev/null +++ b/linux_amd64/include/openssl/asn1_mac.h @@ -0,0 +1,10 @@ +/* + * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#error "This file is obsolete; please update your software." diff --git a/linux_amd64/include/openssl/asn1err.h b/linux_amd64/include/openssl/asn1err.h new file mode 100644 index 0000000..15f9939 --- /dev/null +++ b/linux_amd64/include/openssl/asn1err.h @@ -0,0 +1,266 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_ASN1ERR_H +# define OPENSSL_ASN1ERR_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_ASN1ERR_H +# endif + +# include +# include + + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_ASN1_strings(void); + +/* + * ASN1 function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define ASN1_F_A2D_ASN1_OBJECT 0 +# define ASN1_F_A2I_ASN1_INTEGER 0 +# define ASN1_F_A2I_ASN1_STRING 0 +# define ASN1_F_APPEND_EXP 0 +# define ASN1_F_ASN1_BIO_INIT 0 +# define ASN1_F_ASN1_BIT_STRING_SET_BIT 0 +# define ASN1_F_ASN1_CB 0 +# define ASN1_F_ASN1_CHECK_TLEN 0 +# define ASN1_F_ASN1_COLLECT 0 +# define ASN1_F_ASN1_D2I_EX_PRIMITIVE 0 +# define ASN1_F_ASN1_D2I_FP 0 +# define ASN1_F_ASN1_D2I_READ_BIO 0 +# define ASN1_F_ASN1_DIGEST 0 +# define ASN1_F_ASN1_DO_ADB 0 +# define ASN1_F_ASN1_DO_LOCK 0 +# define ASN1_F_ASN1_DUP 0 +# define ASN1_F_ASN1_ENC_SAVE 0 +# define ASN1_F_ASN1_EX_C2I 0 +# define ASN1_F_ASN1_FIND_END 0 +# define ASN1_F_ASN1_GENERALIZEDTIME_ADJ 0 +# define ASN1_F_ASN1_GENERATE_V3 0 +# define ASN1_F_ASN1_GET_INT64 0 +# define ASN1_F_ASN1_GET_OBJECT 0 +# define ASN1_F_ASN1_GET_UINT64 0 +# define ASN1_F_ASN1_I2D_BIO 0 +# define ASN1_F_ASN1_I2D_FP 0 +# define ASN1_F_ASN1_ITEM_D2I_FP 0 +# define ASN1_F_ASN1_ITEM_DUP 0 +# define ASN1_F_ASN1_ITEM_EMBED_D2I 0 +# define ASN1_F_ASN1_ITEM_EMBED_NEW 0 +# define ASN1_F_ASN1_ITEM_FLAGS_I2D 0 +# define ASN1_F_ASN1_ITEM_I2D_BIO 0 +# define ASN1_F_ASN1_ITEM_I2D_FP 0 +# define ASN1_F_ASN1_ITEM_PACK 0 +# define ASN1_F_ASN1_ITEM_SIGN 0 +# define ASN1_F_ASN1_ITEM_SIGN_CTX 0 +# define ASN1_F_ASN1_ITEM_UNPACK 0 +# define ASN1_F_ASN1_ITEM_VERIFY 0 +# define ASN1_F_ASN1_MBSTRING_NCOPY 0 +# define ASN1_F_ASN1_OBJECT_NEW 0 +# define ASN1_F_ASN1_OUTPUT_DATA 0 +# define ASN1_F_ASN1_PCTX_NEW 0 +# define ASN1_F_ASN1_PRIMITIVE_NEW 0 +# define ASN1_F_ASN1_SCTX_NEW 0 +# define ASN1_F_ASN1_SIGN 0 +# define ASN1_F_ASN1_STR2TYPE 0 +# define ASN1_F_ASN1_STRING_GET_INT64 0 +# define ASN1_F_ASN1_STRING_GET_UINT64 0 +# define ASN1_F_ASN1_STRING_SET 0 +# define ASN1_F_ASN1_STRING_TABLE_ADD 0 +# define ASN1_F_ASN1_STRING_TO_BN 0 +# define ASN1_F_ASN1_STRING_TYPE_NEW 0 +# define ASN1_F_ASN1_TEMPLATE_EX_D2I 0 +# define ASN1_F_ASN1_TEMPLATE_NEW 0 +# define ASN1_F_ASN1_TEMPLATE_NOEXP_D2I 0 +# define ASN1_F_ASN1_TIME_ADJ 0 +# define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING 0 +# define ASN1_F_ASN1_TYPE_GET_OCTETSTRING 0 +# define ASN1_F_ASN1_UTCTIME_ADJ 0 +# define ASN1_F_ASN1_VERIFY 0 +# define ASN1_F_B64_READ_ASN1 0 +# define ASN1_F_B64_WRITE_ASN1 0 +# define ASN1_F_BIO_NEW_NDEF 0 +# define ASN1_F_BITSTR_CB 0 +# define ASN1_F_BN_TO_ASN1_STRING 0 +# define ASN1_F_C2I_ASN1_BIT_STRING 0 +# define ASN1_F_C2I_ASN1_INTEGER 0 +# define ASN1_F_C2I_ASN1_OBJECT 0 +# define ASN1_F_C2I_IBUF 0 +# define ASN1_F_C2I_UINT64_INT 0 +# define ASN1_F_COLLECT_DATA 0 +# define ASN1_F_D2I_ASN1_OBJECT 0 +# define ASN1_F_D2I_ASN1_UINTEGER 0 +# define ASN1_F_D2I_AUTOPRIVATEKEY 0 +# define ASN1_F_D2I_KEYPARAMS 0 +# define ASN1_F_D2I_PRIVATEKEY 0 +# define ASN1_F_D2I_PUBLICKEY 0 +# define ASN1_F_DO_BUF 0 +# define ASN1_F_DO_CREATE 0 +# define ASN1_F_DO_DUMP 0 +# define ASN1_F_DO_TCREATE 0 +# define ASN1_F_I2A_ASN1_OBJECT 0 +# define ASN1_F_I2D_ASN1_BIO_STREAM 0 +# define ASN1_F_I2D_ASN1_OBJECT 0 +# define ASN1_F_I2D_DSA_PUBKEY 0 +# define ASN1_F_I2D_EC_PUBKEY 0 +# define ASN1_F_I2D_KEYPARAMS 0 +# define ASN1_F_I2D_PRIVATEKEY 0 +# define ASN1_F_I2D_PUBLICKEY 0 +# define ASN1_F_I2D_RSA_PUBKEY 0 +# define ASN1_F_LONG_C2I 0 +# define ASN1_F_NDEF_PREFIX 0 +# define ASN1_F_NDEF_SUFFIX 0 +# define ASN1_F_OID_MODULE_INIT 0 +# define ASN1_F_PARSE_TAGGING 0 +# define ASN1_F_PKCS5_PBE2_SET_IV 0 +# define ASN1_F_PKCS5_PBE2_SET_SCRYPT 0 +# define ASN1_F_PKCS5_PBE_SET 0 +# define ASN1_F_PKCS5_PBE_SET0_ALGOR 0 +# define ASN1_F_PKCS5_PBKDF2_SET 0 +# define ASN1_F_PKCS5_SCRYPT_SET 0 +# define ASN1_F_SMIME_READ_ASN1 0 +# define ASN1_F_SMIME_TEXT 0 +# define ASN1_F_STABLE_GET 0 +# define ASN1_F_STBL_MODULE_INIT 0 +# define ASN1_F_UINT32_C2I 0 +# define ASN1_F_UINT32_NEW 0 +# define ASN1_F_UINT64_C2I 0 +# define ASN1_F_UINT64_NEW 0 +# define ASN1_F_X509_CRL_ADD0_REVOKED 0 +# define ASN1_F_X509_INFO_NEW 0 +# define ASN1_F_X509_NAME_ENCODE 0 +# define ASN1_F_X509_NAME_EX_D2I 0 +# define ASN1_F_X509_NAME_EX_NEW 0 +# define ASN1_F_X509_PKEY_NEW 0 +# endif + +/* + * ASN1 reason codes. + */ +# define ASN1_R_ADDING_OBJECT 171 +# define ASN1_R_ASN1_PARSE_ERROR 203 +# define ASN1_R_ASN1_SIG_PARSE_ERROR 204 +# define ASN1_R_AUX_ERROR 100 +# define ASN1_R_BAD_OBJECT_HEADER 102 +# define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 214 +# define ASN1_R_BN_LIB 105 +# define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106 +# define ASN1_R_BUFFER_TOO_SMALL 107 +# define ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 108 +# define ASN1_R_CONTEXT_NOT_INITIALISED 217 +# define ASN1_R_DATA_IS_WRONG 109 +# define ASN1_R_DECODE_ERROR 110 +# define ASN1_R_DEPTH_EXCEEDED 174 +# define ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED 198 +# define ASN1_R_ENCODE_ERROR 112 +# define ASN1_R_ERROR_GETTING_TIME 173 +# define ASN1_R_ERROR_LOADING_SECTION 172 +# define ASN1_R_ERROR_SETTING_CIPHER_PARAMS 114 +# define ASN1_R_EXPECTING_AN_INTEGER 115 +# define ASN1_R_EXPECTING_AN_OBJECT 116 +# define ASN1_R_EXPLICIT_LENGTH_MISMATCH 119 +# define ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED 120 +# define ASN1_R_FIELD_MISSING 121 +# define ASN1_R_FIRST_NUM_TOO_LARGE 122 +# define ASN1_R_HEADER_TOO_LONG 123 +# define ASN1_R_ILLEGAL_BITSTRING_FORMAT 175 +# define ASN1_R_ILLEGAL_BOOLEAN 176 +# define ASN1_R_ILLEGAL_CHARACTERS 124 +# define ASN1_R_ILLEGAL_FORMAT 177 +# define ASN1_R_ILLEGAL_HEX 178 +# define ASN1_R_ILLEGAL_IMPLICIT_TAG 179 +# define ASN1_R_ILLEGAL_INTEGER 180 +# define ASN1_R_ILLEGAL_NEGATIVE_VALUE 226 +# define ASN1_R_ILLEGAL_NESTED_TAGGING 181 +# define ASN1_R_ILLEGAL_NULL 125 +# define ASN1_R_ILLEGAL_NULL_VALUE 182 +# define ASN1_R_ILLEGAL_OBJECT 183 +# define ASN1_R_ILLEGAL_OPTIONAL_ANY 126 +# define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE 170 +# define ASN1_R_ILLEGAL_PADDING 221 +# define ASN1_R_ILLEGAL_TAGGED_ANY 127 +# define ASN1_R_ILLEGAL_TIME_VALUE 184 +# define ASN1_R_ILLEGAL_ZERO_CONTENT 222 +# define ASN1_R_INTEGER_NOT_ASCII_FORMAT 185 +# define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 128 +# define ASN1_R_INVALID_BIT_STRING_BITS_LEFT 220 +# define ASN1_R_INVALID_BMPSTRING_LENGTH 129 +# define ASN1_R_INVALID_DIGIT 130 +# define ASN1_R_INVALID_MIME_TYPE 205 +# define ASN1_R_INVALID_MODIFIER 186 +# define ASN1_R_INVALID_NUMBER 187 +# define ASN1_R_INVALID_OBJECT_ENCODING 216 +# define ASN1_R_INVALID_SCRYPT_PARAMETERS 227 +# define ASN1_R_INVALID_SEPARATOR 131 +# define ASN1_R_INVALID_STRING_TABLE_VALUE 218 +# define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH 133 +# define ASN1_R_INVALID_UTF8STRING 134 +# define ASN1_R_INVALID_VALUE 219 +# define ASN1_R_LIST_ERROR 188 +# define ASN1_R_MIME_NO_CONTENT_TYPE 206 +# define ASN1_R_MIME_PARSE_ERROR 207 +# define ASN1_R_MIME_SIG_PARSE_ERROR 208 +# define ASN1_R_MISSING_EOC 137 +# define ASN1_R_MISSING_SECOND_NUMBER 138 +# define ASN1_R_MISSING_VALUE 189 +# define ASN1_R_MSTRING_NOT_UNIVERSAL 139 +# define ASN1_R_MSTRING_WRONG_TAG 140 +# define ASN1_R_NESTED_ASN1_STRING 197 +# define ASN1_R_NESTED_TOO_DEEP 201 +# define ASN1_R_NON_HEX_CHARACTERS 141 +# define ASN1_R_NOT_ASCII_FORMAT 190 +# define ASN1_R_NOT_ENOUGH_DATA 142 +# define ASN1_R_NO_CONTENT_TYPE 209 +# define ASN1_R_NO_MATCHING_CHOICE_TYPE 143 +# define ASN1_R_NO_MULTIPART_BODY_FAILURE 210 +# define ASN1_R_NO_MULTIPART_BOUNDARY 211 +# define ASN1_R_NO_SIG_CONTENT_TYPE 212 +# define ASN1_R_NULL_IS_WRONG_LENGTH 144 +# define ASN1_R_OBJECT_NOT_ASCII_FORMAT 191 +# define ASN1_R_ODD_NUMBER_OF_CHARS 145 +# define ASN1_R_SECOND_NUMBER_TOO_LARGE 147 +# define ASN1_R_SEQUENCE_LENGTH_MISMATCH 148 +# define ASN1_R_SEQUENCE_NOT_CONSTRUCTED 149 +# define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG 192 +# define ASN1_R_SHORT_LINE 150 +# define ASN1_R_SIG_INVALID_MIME_TYPE 213 +# define ASN1_R_STREAMING_NOT_SUPPORTED 202 +# define ASN1_R_STRING_TOO_LONG 151 +# define ASN1_R_STRING_TOO_SHORT 152 +# define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 154 +# define ASN1_R_TIME_NOT_ASCII_FORMAT 193 +# define ASN1_R_TOO_LARGE 223 +# define ASN1_R_TOO_LONG 155 +# define ASN1_R_TOO_SMALL 224 +# define ASN1_R_TYPE_NOT_CONSTRUCTED 156 +# define ASN1_R_TYPE_NOT_PRIMITIVE 195 +# define ASN1_R_UNEXPECTED_EOC 159 +# define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 215 +# define ASN1_R_UNKNOWN_FORMAT 160 +# define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 161 +# define ASN1_R_UNKNOWN_OBJECT_TYPE 162 +# define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE 163 +# define ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM 199 +# define ASN1_R_UNKNOWN_TAG 194 +# define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE 164 +# define ASN1_R_UNSUPPORTED_CIPHER 228 +# define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE 167 +# define ASN1_R_UNSUPPORTED_TYPE 196 +# define ASN1_R_WRONG_INTEGER_TYPE 225 +# define ASN1_R_WRONG_PUBLIC_KEY_TYPE 200 +# define ASN1_R_WRONG_TAG 168 + +#endif diff --git a/linux_amd64/include/openssl/asn1t.h b/linux_amd64/include/openssl/asn1t.h new file mode 100644 index 0000000..934b10c --- /dev/null +++ b/linux_amd64/include/openssl/asn1t.h @@ -0,0 +1,905 @@ +/* + * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_ASN1T_H +# define OPENSSL_ASN1T_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_ASN1T_H +# endif + +# include +# include +# include + +# ifdef OPENSSL_BUILD_SHLIBCRYPTO +# undef OPENSSL_EXTERN +# define OPENSSL_EXTERN OPENSSL_EXPORT +# endif + +/* ASN1 template defines, structures and functions */ + +#ifdef __cplusplus +extern "C" { +#endif + +/* Macro to obtain ASN1_ADB pointer from a type (only used internally) */ +# define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)((iptr)())) + +/* Macros for start and end of ASN1_ITEM definition */ + +# define ASN1_ITEM_start(itname) \ + const ASN1_ITEM * itname##_it(void) \ + { \ + static const ASN1_ITEM local_it = { + +# define static_ASN1_ITEM_start(itname) \ + static ASN1_ITEM_start(itname) + +# define ASN1_ITEM_end(itname) \ + }; \ + return &local_it; \ + } + +/* Macros to aid ASN1 template writing */ + +# define ASN1_ITEM_TEMPLATE(tname) \ + static const ASN1_TEMPLATE tname##_item_tt + +# define ASN1_ITEM_TEMPLATE_END(tname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_PRIMITIVE,\ + -1,\ + &tname##_item_tt,\ + 0,\ + NULL,\ + 0,\ + #tname \ + ASN1_ITEM_end(tname) +# define static_ASN1_ITEM_TEMPLATE_END(tname) \ + ;\ + static_ASN1_ITEM_start(tname) \ + ASN1_ITYPE_PRIMITIVE,\ + -1,\ + &tname##_item_tt,\ + 0,\ + NULL,\ + 0,\ + #tname \ + ASN1_ITEM_end(tname) + +/* This is a ASN1 type which just embeds a template */ + +/*- + * This pair helps declare a SEQUENCE. We can do: + * + * ASN1_SEQUENCE(stname) = { + * ... SEQUENCE components ... + * } ASN1_SEQUENCE_END(stname) + * + * This will produce an ASN1_ITEM called stname_it + * for a structure called stname. + * + * If you want the same structure but a different + * name then use: + * + * ASN1_SEQUENCE(itname) = { + * ... SEQUENCE components ... + * } ASN1_SEQUENCE_END_name(stname, itname) + * + * This will create an item called itname_it using + * a structure called stname. + */ + +# define ASN1_SEQUENCE(tname) \ + static const ASN1_TEMPLATE tname##_seq_tt[] + +# define ASN1_SEQUENCE_END(stname) ASN1_SEQUENCE_END_name(stname, stname) + +# define static_ASN1_SEQUENCE_END(stname) static_ASN1_SEQUENCE_END_name(stname, stname) + +# define ASN1_SEQUENCE_END_name(stname, tname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + NULL,\ + sizeof(stname),\ + #tname \ + ASN1_ITEM_end(tname) + +# define static_ASN1_SEQUENCE_END_name(stname, tname) \ + ;\ + static_ASN1_ITEM_start(tname) \ + ASN1_ITYPE_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + NULL,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + +# define ASN1_NDEF_SEQUENCE(tname) \ + ASN1_SEQUENCE(tname) + +# define ASN1_NDEF_SEQUENCE_cb(tname, cb) \ + ASN1_SEQUENCE_cb(tname, cb) + +# define ASN1_SEQUENCE_cb(tname, cb) \ + static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0, NULL}; \ + ASN1_SEQUENCE(tname) + +# define ASN1_SEQUENCE_const_cb(tname, const_cb) \ + static const ASN1_AUX tname##_aux = \ + {NULL, ASN1_AFLG_CONST_CB, 0, 0, NULL, 0, const_cb}; \ + ASN1_SEQUENCE(tname) + +# define ASN1_SEQUENCE_cb_const_cb(tname, cb, const_cb) \ + static const ASN1_AUX tname##_aux = \ + {NULL, ASN1_AFLG_CONST_CB, 0, 0, cb, 0, const_cb}; \ + ASN1_SEQUENCE(tname) + +# define ASN1_SEQUENCE_ref(tname, cb) \ + static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), offsetof(tname, lock), cb, 0, NULL}; \ + ASN1_SEQUENCE(tname) + +# define ASN1_SEQUENCE_enc(tname, enc, cb) \ + static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_ENCODING, 0, 0, cb, offsetof(tname, enc), NULL}; \ + ASN1_SEQUENCE(tname) + +# define ASN1_NDEF_SEQUENCE_END(tname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_NDEF_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + NULL,\ + sizeof(tname),\ + #tname \ + ASN1_ITEM_end(tname) +# define static_ASN1_NDEF_SEQUENCE_END(tname) \ + ;\ + static_ASN1_ITEM_start(tname) \ + ASN1_ITYPE_NDEF_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + NULL,\ + sizeof(tname),\ + #tname \ + ASN1_ITEM_end(tname) + + +# define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname) + +# define ASN1_SEQUENCE_END_cb(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname) +# define static_ASN1_SEQUENCE_END_cb(stname, tname) static_ASN1_SEQUENCE_END_ref(stname, tname) + +# define ASN1_SEQUENCE_END_ref(stname, tname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + &tname##_aux,\ + sizeof(stname),\ + #tname \ + ASN1_ITEM_end(tname) +# define static_ASN1_SEQUENCE_END_ref(stname, tname) \ + ;\ + static_ASN1_ITEM_start(tname) \ + ASN1_ITYPE_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + &tname##_aux,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + +# define ASN1_NDEF_SEQUENCE_END_cb(stname, tname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_NDEF_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + &tname##_aux,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + +/*- + * This pair helps declare a CHOICE type. We can do: + * + * ASN1_CHOICE(chname) = { + * ... CHOICE options ... + * ASN1_CHOICE_END(chname) + * + * This will produce an ASN1_ITEM called chname_it + * for a structure called chname. The structure + * definition must look like this: + * typedef struct { + * int type; + * union { + * ASN1_SOMETHING *opt1; + * ASN1_SOMEOTHER *opt2; + * } value; + * } chname; + * + * the name of the selector must be 'type'. + * to use an alternative selector name use the + * ASN1_CHOICE_END_selector() version. + */ + +# define ASN1_CHOICE(tname) \ + static const ASN1_TEMPLATE tname##_ch_tt[] + +# define ASN1_CHOICE_cb(tname, cb) \ + static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0, NULL}; \ + ASN1_CHOICE(tname) + +# define ASN1_CHOICE_END(stname) ASN1_CHOICE_END_name(stname, stname) + +# define static_ASN1_CHOICE_END(stname) static_ASN1_CHOICE_END_name(stname, stname) + +# define ASN1_CHOICE_END_name(stname, tname) ASN1_CHOICE_END_selector(stname, tname, type) + +# define static_ASN1_CHOICE_END_name(stname, tname) static_ASN1_CHOICE_END_selector(stname, tname, type) + +# define ASN1_CHOICE_END_selector(stname, tname, selname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_CHOICE,\ + offsetof(stname,selname) ,\ + tname##_ch_tt,\ + sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\ + NULL,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + +# define static_ASN1_CHOICE_END_selector(stname, tname, selname) \ + ;\ + static_ASN1_ITEM_start(tname) \ + ASN1_ITYPE_CHOICE,\ + offsetof(stname,selname) ,\ + tname##_ch_tt,\ + sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\ + NULL,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + +# define ASN1_CHOICE_END_cb(stname, tname, selname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_CHOICE,\ + offsetof(stname,selname) ,\ + tname##_ch_tt,\ + sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\ + &tname##_aux,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + +/* This helps with the template wrapper form of ASN1_ITEM */ + +# define ASN1_EX_TEMPLATE_TYPE(flags, tag, name, type) { \ + (flags), (tag), 0,\ + #name, ASN1_ITEM_ref(type) } + +/* These help with SEQUENCE or CHOICE components */ + +/* used to declare other types */ + +# define ASN1_EX_TYPE(flags, tag, stname, field, type) { \ + (flags), (tag), offsetof(stname, field),\ + #field, ASN1_ITEM_ref(type) } + +/* implicit and explicit helper macros */ + +# define ASN1_IMP_EX(stname, field, type, tag, ex) \ + ASN1_EX_TYPE(ASN1_TFLG_IMPLICIT | (ex), tag, stname, field, type) + +# define ASN1_EXP_EX(stname, field, type, tag, ex) \ + ASN1_EX_TYPE(ASN1_TFLG_EXPLICIT | (ex), tag, stname, field, type) + +/* Any defined by macros: the field used is in the table itself */ + +# define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, tblname##_adb } +# define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, tblname##_adb } + +/* Plain simple type */ +# define ASN1_SIMPLE(stname, field, type) ASN1_EX_TYPE(0,0, stname, field, type) +/* Embedded simple type */ +# define ASN1_EMBED(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_EMBED,0, stname, field, type) + +/* OPTIONAL simple type */ +# define ASN1_OPT(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL, 0, stname, field, type) +# define ASN1_OPT_EMBED(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL|ASN1_TFLG_EMBED, 0, stname, field, type) + +/* IMPLICIT tagged simple type */ +# define ASN1_IMP(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, 0) +# define ASN1_IMP_EMBED(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_EMBED) + +/* IMPLICIT tagged OPTIONAL simple type */ +# define ASN1_IMP_OPT(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL) +# define ASN1_IMP_OPT_EMBED(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_EMBED) + +/* Same as above but EXPLICIT */ + +# define ASN1_EXP(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, 0) +# define ASN1_EXP_EMBED(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_EMBED) +# define ASN1_EXP_OPT(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL) +# define ASN1_EXP_OPT_EMBED(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_EMBED) + +/* SEQUENCE OF type */ +# define ASN1_SEQUENCE_OF(stname, field, type) \ + ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, stname, field, type) + +/* OPTIONAL SEQUENCE OF */ +# define ASN1_SEQUENCE_OF_OPT(stname, field, type) \ + ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type) + +/* Same as above but for SET OF */ + +# define ASN1_SET_OF(stname, field, type) \ + ASN1_EX_TYPE(ASN1_TFLG_SET_OF, 0, stname, field, type) + +# define ASN1_SET_OF_OPT(stname, field, type) \ + ASN1_EX_TYPE(ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type) + +/* Finally compound types of SEQUENCE, SET, IMPLICIT, EXPLICIT and OPTIONAL */ + +# define ASN1_IMP_SET_OF(stname, field, type, tag) \ + ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF) + +# define ASN1_EXP_SET_OF(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF) + +# define ASN1_IMP_SET_OF_OPT(stname, field, type, tag) \ + ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL) + +# define ASN1_EXP_SET_OF_OPT(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL) + +# define ASN1_IMP_SEQUENCE_OF(stname, field, type, tag) \ + ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF) + +# define ASN1_IMP_SEQUENCE_OF_OPT(stname, field, type, tag) \ + ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL) + +# define ASN1_EXP_SEQUENCE_OF(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF) + +# define ASN1_EXP_SEQUENCE_OF_OPT(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL) + +/* EXPLICIT using indefinite length constructed form */ +# define ASN1_NDEF_EXP(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_NDEF) + +/* EXPLICIT OPTIONAL using indefinite length constructed form */ +# define ASN1_NDEF_EXP_OPT(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_NDEF) + +/* Macros for the ASN1_ADB structure */ + +# define ASN1_ADB(name) \ + static const ASN1_ADB_TABLE name##_adbtbl[] + +# define ASN1_ADB_END(name, flags, field, adb_cb, def, none) \ + ;\ + static const ASN1_ITEM *name##_adb(void) \ + { \ + static const ASN1_ADB internal_adb = \ + {\ + flags,\ + offsetof(name, field),\ + adb_cb,\ + name##_adbtbl,\ + sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\ + def,\ + none\ + }; \ + return (const ASN1_ITEM *) &internal_adb; \ + } \ + void dummy_function(void) + +# define ADB_ENTRY(val, template) {val, template} + +# define ASN1_ADB_TEMPLATE(name) \ + static const ASN1_TEMPLATE name##_tt + +/* + * This is the ASN1 template structure that defines a wrapper round the + * actual type. It determines the actual position of the field in the value + * structure, various flags such as OPTIONAL and the field name. + */ + +struct ASN1_TEMPLATE_st { + unsigned long flags; /* Various flags */ + long tag; /* tag, not used if no tagging */ + unsigned long offset; /* Offset of this field in structure */ + const char *field_name; /* Field name */ + ASN1_ITEM_EXP *item; /* Relevant ASN1_ITEM or ASN1_ADB */ +}; + +/* Macro to extract ASN1_ITEM and ASN1_ADB pointer from ASN1_TEMPLATE */ + +# define ASN1_TEMPLATE_item(t) (t->item_ptr) +# define ASN1_TEMPLATE_adb(t) (t->item_ptr) + +typedef struct ASN1_ADB_TABLE_st ASN1_ADB_TABLE; +typedef struct ASN1_ADB_st ASN1_ADB; + +struct ASN1_ADB_st { + unsigned long flags; /* Various flags */ + unsigned long offset; /* Offset of selector field */ + int (*adb_cb)(long *psel); /* Application callback */ + const ASN1_ADB_TABLE *tbl; /* Table of possible types */ + long tblcount; /* Number of entries in tbl */ + const ASN1_TEMPLATE *default_tt; /* Type to use if no match */ + const ASN1_TEMPLATE *null_tt; /* Type to use if selector is NULL */ +}; + +struct ASN1_ADB_TABLE_st { + long value; /* NID for an object or value for an int */ + const ASN1_TEMPLATE tt; /* item for this value */ +}; + +/* template flags */ + +/* Field is optional */ +# define ASN1_TFLG_OPTIONAL (0x1) + +/* Field is a SET OF */ +# define ASN1_TFLG_SET_OF (0x1 << 1) + +/* Field is a SEQUENCE OF */ +# define ASN1_TFLG_SEQUENCE_OF (0x2 << 1) + +/* + * Special case: this refers to a SET OF that will be sorted into DER order + * when encoded *and* the corresponding STACK will be modified to match the + * new order. + */ +# define ASN1_TFLG_SET_ORDER (0x3 << 1) + +/* Mask for SET OF or SEQUENCE OF */ +# define ASN1_TFLG_SK_MASK (0x3 << 1) + +/* + * These flags mean the tag should be taken from the tag field. If EXPLICIT + * then the underlying type is used for the inner tag. + */ + +/* IMPLICIT tagging */ +# define ASN1_TFLG_IMPTAG (0x1 << 3) + +/* EXPLICIT tagging, inner tag from underlying type */ +# define ASN1_TFLG_EXPTAG (0x2 << 3) + +# define ASN1_TFLG_TAG_MASK (0x3 << 3) + +/* context specific IMPLICIT */ +# define ASN1_TFLG_IMPLICIT (ASN1_TFLG_IMPTAG|ASN1_TFLG_CONTEXT) + +/* context specific EXPLICIT */ +# define ASN1_TFLG_EXPLICIT (ASN1_TFLG_EXPTAG|ASN1_TFLG_CONTEXT) + +/* + * If tagging is in force these determine the type of tag to use. Otherwise + * the tag is determined by the underlying type. These values reflect the + * actual octet format. + */ + +/* Universal tag */ +# define ASN1_TFLG_UNIVERSAL (0x0<<6) +/* Application tag */ +# define ASN1_TFLG_APPLICATION (0x1<<6) +/* Context specific tag */ +# define ASN1_TFLG_CONTEXT (0x2<<6) +/* Private tag */ +# define ASN1_TFLG_PRIVATE (0x3<<6) + +# define ASN1_TFLG_TAG_CLASS (0x3<<6) + +/* + * These are for ANY DEFINED BY type. In this case the 'item' field points to + * an ASN1_ADB structure which contains a table of values to decode the + * relevant type + */ + +# define ASN1_TFLG_ADB_MASK (0x3<<8) + +# define ASN1_TFLG_ADB_OID (0x1<<8) + +# define ASN1_TFLG_ADB_INT (0x1<<9) + +/* + * This flag when present in a SEQUENCE OF, SET OF or EXPLICIT causes + * indefinite length constructed encoding to be used if required. + */ + +# define ASN1_TFLG_NDEF (0x1<<11) + +/* Field is embedded and not a pointer */ +# define ASN1_TFLG_EMBED (0x1 << 12) + +/* This is the actual ASN1 item itself */ + +struct ASN1_ITEM_st { + char itype; /* The item type, primitive, SEQUENCE, CHOICE + * or extern */ + long utype; /* underlying type */ + const ASN1_TEMPLATE *templates; /* If SEQUENCE or CHOICE this contains + * the contents */ + long tcount; /* Number of templates if SEQUENCE or CHOICE */ + const void *funcs; /* functions that handle this type */ + long size; /* Structure size (usually) */ + const char *sname; /* Structure name */ +}; + +/*- + * These are values for the itype field and + * determine how the type is interpreted. + * + * For PRIMITIVE types the underlying type + * determines the behaviour if items is NULL. + * + * Otherwise templates must contain a single + * template and the type is treated in the + * same way as the type specified in the template. + * + * For SEQUENCE types the templates field points + * to the members, the size field is the + * structure size. + * + * For CHOICE types the templates field points + * to each possible member (typically a union) + * and the 'size' field is the offset of the + * selector. + * + * The 'funcs' field is used for application + * specific functions. + * + * The EXTERN type uses a new style d2i/i2d. + * The new style should be used where possible + * because it avoids things like the d2i IMPLICIT + * hack. + * + * MSTRING is a multiple string type, it is used + * for a CHOICE of character strings where the + * actual strings all occupy an ASN1_STRING + * structure. In this case the 'utype' field + * has a special meaning, it is used as a mask + * of acceptable types using the B_ASN1 constants. + * + * NDEF_SEQUENCE is the same as SEQUENCE except + * that it will use indefinite length constructed + * encoding if requested. + * + */ + +# define ASN1_ITYPE_PRIMITIVE 0x0 + +# define ASN1_ITYPE_SEQUENCE 0x1 + +# define ASN1_ITYPE_CHOICE 0x2 + +# define ASN1_ITYPE_EXTERN 0x4 + +# define ASN1_ITYPE_MSTRING 0x5 + +# define ASN1_ITYPE_NDEF_SEQUENCE 0x6 + +/* + * Cache for ASN1 tag and length, so we don't keep re-reading it for things + * like CHOICE + */ + +struct ASN1_TLC_st { + char valid; /* Values below are valid */ + int ret; /* return value */ + long plen; /* length */ + int ptag; /* class value */ + int pclass; /* class value */ + int hdrlen; /* header length */ +}; + +/* Typedefs for ASN1 function pointers */ +typedef int ASN1_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, + const ASN1_ITEM *it, int tag, int aclass, char opt, + ASN1_TLC *ctx); + +typedef int ASN1_ex_i2d(const ASN1_VALUE **pval, unsigned char **out, + const ASN1_ITEM *it, int tag, int aclass); +typedef int ASN1_ex_new_func(ASN1_VALUE **pval, const ASN1_ITEM *it); +typedef void ASN1_ex_free_func(ASN1_VALUE **pval, const ASN1_ITEM *it); + +typedef int ASN1_ex_print_func(BIO *out, const ASN1_VALUE **pval, + int indent, const char *fname, + const ASN1_PCTX *pctx); + +typedef int ASN1_primitive_i2c(const ASN1_VALUE **pval, unsigned char *cont, + int *putype, const ASN1_ITEM *it); +typedef int ASN1_primitive_c2i(ASN1_VALUE **pval, const unsigned char *cont, + int len, int utype, char *free_cont, + const ASN1_ITEM *it); +typedef int ASN1_primitive_print(BIO *out, const ASN1_VALUE **pval, + const ASN1_ITEM *it, int indent, + const ASN1_PCTX *pctx); + +typedef struct ASN1_EXTERN_FUNCS_st { + void *app_data; + ASN1_ex_new_func *asn1_ex_new; + ASN1_ex_free_func *asn1_ex_free; + ASN1_ex_free_func *asn1_ex_clear; + ASN1_ex_d2i *asn1_ex_d2i; + ASN1_ex_i2d *asn1_ex_i2d; + ASN1_ex_print_func *asn1_ex_print; +} ASN1_EXTERN_FUNCS; + +typedef struct ASN1_PRIMITIVE_FUNCS_st { + void *app_data; + unsigned long flags; + ASN1_ex_new_func *prim_new; + ASN1_ex_free_func *prim_free; + ASN1_ex_free_func *prim_clear; + ASN1_primitive_c2i *prim_c2i; + ASN1_primitive_i2c *prim_i2c; + ASN1_primitive_print *prim_print; +} ASN1_PRIMITIVE_FUNCS; + +/* + * This is the ASN1_AUX structure: it handles various miscellaneous + * requirements. For example the use of reference counts and an informational + * callback. The "informational callback" is called at various points during + * the ASN1 encoding and decoding. It can be used to provide minor + * customisation of the structures used. This is most useful where the + * supplied routines *almost* do the right thing but need some extra help at + * a few points. If the callback returns zero then it is assumed a fatal + * error has occurred and the main operation should be abandoned. If major + * changes in the default behaviour are required then an external type is + * more appropriate. + * For the operations ASN1_OP_I2D_PRE, ASN1_OP_I2D_POST, ASN1_OP_PRINT_PRE, and + * ASN1_OP_PRINT_POST, meanwhile a variant of the callback with const parameter + * 'in' is provided to make clear statically that its input is not modified. If + * and only if this variant is in use the flag ASN1_AFLG_CONST_CB must be set. + */ + +typedef int ASN1_aux_cb(int operation, ASN1_VALUE **in, const ASN1_ITEM *it, + void *exarg); +typedef int ASN1_aux_const_cb(int operation, const ASN1_VALUE **in, + const ASN1_ITEM *it, void *exarg); + +typedef struct ASN1_AUX_st { + void *app_data; + int flags; + int ref_offset; /* Offset of reference value */ + int ref_lock; /* Lock type to use */ + ASN1_aux_cb *asn1_cb; + int enc_offset; /* Offset of ASN1_ENCODING structure */ + ASN1_aux_const_cb *asn1_const_cb; /* for ASN1_OP_I2D_ and ASN1_OP_PRINT_ */ +} ASN1_AUX; + +/* For print related callbacks exarg points to this structure */ +typedef struct ASN1_PRINT_ARG_st { + BIO *out; + int indent; + const ASN1_PCTX *pctx; +} ASN1_PRINT_ARG; + +/* For streaming related callbacks exarg points to this structure */ +typedef struct ASN1_STREAM_ARG_st { + /* BIO to stream through */ + BIO *out; + /* BIO with filters appended */ + BIO *ndef_bio; + /* Streaming I/O boundary */ + unsigned char **boundary; +} ASN1_STREAM_ARG; + +/* Flags in ASN1_AUX */ + +/* Use a reference count */ +# define ASN1_AFLG_REFCOUNT 1 +/* Save the encoding of structure (useful for signatures) */ +# define ASN1_AFLG_ENCODING 2 +/* The Sequence length is invalid */ +# define ASN1_AFLG_BROKEN 4 +/* Use the new asn1_const_cb */ +# define ASN1_AFLG_CONST_CB 8 + +/* operation values for asn1_cb */ + +# define ASN1_OP_NEW_PRE 0 +# define ASN1_OP_NEW_POST 1 +# define ASN1_OP_FREE_PRE 2 +# define ASN1_OP_FREE_POST 3 +# define ASN1_OP_D2I_PRE 4 +# define ASN1_OP_D2I_POST 5 +# define ASN1_OP_I2D_PRE 6 +# define ASN1_OP_I2D_POST 7 +# define ASN1_OP_PRINT_PRE 8 +# define ASN1_OP_PRINT_POST 9 +# define ASN1_OP_STREAM_PRE 10 +# define ASN1_OP_STREAM_POST 11 +# define ASN1_OP_DETACHED_PRE 12 +# define ASN1_OP_DETACHED_POST 13 + +/* Macro to implement a primitive type */ +# define IMPLEMENT_ASN1_TYPE(stname) IMPLEMENT_ASN1_TYPE_ex(stname, stname, 0) +# define IMPLEMENT_ASN1_TYPE_ex(itname, vname, ex) \ + ASN1_ITEM_start(itname) \ + ASN1_ITYPE_PRIMITIVE, V_##vname, NULL, 0, NULL, ex, #itname \ + ASN1_ITEM_end(itname) + +/* Macro to implement a multi string type */ +# define IMPLEMENT_ASN1_MSTRING(itname, mask) \ + ASN1_ITEM_start(itname) \ + ASN1_ITYPE_MSTRING, mask, NULL, 0, NULL, sizeof(ASN1_STRING), #itname \ + ASN1_ITEM_end(itname) + +# define IMPLEMENT_EXTERN_ASN1(sname, tag, fptrs) \ + ASN1_ITEM_start(sname) \ + ASN1_ITYPE_EXTERN, \ + tag, \ + NULL, \ + 0, \ + &fptrs, \ + 0, \ + #sname \ + ASN1_ITEM_end(sname) + +/* Macro to implement standard functions in terms of ASN1_ITEM structures */ + +# define IMPLEMENT_ASN1_FUNCTIONS(stname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, stname, stname) + +# define IMPLEMENT_ASN1_FUNCTIONS_name(stname, itname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, itname) + +# define IMPLEMENT_ASN1_FUNCTIONS_ENCODE_name(stname, itname) \ + IMPLEMENT_ASN1_FUNCTIONS_ENCODE_fname(stname, itname, itname) + +# define IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(stname) \ + IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(static, stname, stname, stname) + +# define IMPLEMENT_ASN1_ALLOC_FUNCTIONS(stname) \ + IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, stname, stname) + +# define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(pre, stname, itname, fname) \ + pre stname *fname##_new(void) \ + { \ + return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \ + } \ + pre void fname##_free(stname *a) \ + { \ + ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \ + } + +# define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) \ + stname *fname##_new(void) \ + { \ + return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \ + } \ + void fname##_free(stname *a) \ + { \ + ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \ + } + +# define IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, fname) \ + IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \ + IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) + +# define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \ + stname *d2i_##fname(stname **a, const unsigned char **in, long len) \ + { \ + return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\ + } \ + int i2d_##fname(const stname *a, unsigned char **out) \ + { \ + return ASN1_item_i2d((const ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\ + } + +# define IMPLEMENT_ASN1_NDEF_FUNCTION(stname) \ + int i2d_##stname##_NDEF(const stname *a, unsigned char **out) \ + { \ + return ASN1_item_ndef_i2d((const ASN1_VALUE *)a, out, ASN1_ITEM_rptr(stname));\ + } + +# define IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(stname) \ + static stname *d2i_##stname(stname **a, \ + const unsigned char **in, long len) \ + { \ + return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, \ + ASN1_ITEM_rptr(stname)); \ + } \ + static int i2d_##stname(const stname *a, unsigned char **out) \ + { \ + return ASN1_item_i2d((const ASN1_VALUE *)a, out, \ + ASN1_ITEM_rptr(stname)); \ + } + +# define IMPLEMENT_ASN1_DUP_FUNCTION(stname) \ + stname * stname##_dup(const stname *x) \ + { \ + return ASN1_item_dup(ASN1_ITEM_rptr(stname), x); \ + } + +# define IMPLEMENT_ASN1_PRINT_FUNCTION(stname) \ + IMPLEMENT_ASN1_PRINT_FUNCTION_fname(stname, stname, stname) + +# define IMPLEMENT_ASN1_PRINT_FUNCTION_fname(stname, itname, fname) \ + int fname##_print_ctx(BIO *out, const stname *x, int indent, \ + const ASN1_PCTX *pctx) \ + { \ + return ASN1_item_print(out, (const ASN1_VALUE *)x, indent, \ + ASN1_ITEM_rptr(itname), pctx); \ + } + +/* external definitions for primitive types */ + +DECLARE_ASN1_ITEM(ASN1_BOOLEAN) +DECLARE_ASN1_ITEM(ASN1_TBOOLEAN) +DECLARE_ASN1_ITEM(ASN1_FBOOLEAN) +DECLARE_ASN1_ITEM(ASN1_SEQUENCE) +DECLARE_ASN1_ITEM(CBIGNUM) +DECLARE_ASN1_ITEM(BIGNUM) +DECLARE_ASN1_ITEM(INT32) +DECLARE_ASN1_ITEM(ZINT32) +DECLARE_ASN1_ITEM(UINT32) +DECLARE_ASN1_ITEM(ZUINT32) +DECLARE_ASN1_ITEM(INT64) +DECLARE_ASN1_ITEM(ZINT64) +DECLARE_ASN1_ITEM(UINT64) +DECLARE_ASN1_ITEM(ZUINT64) + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +/* + * LONG and ZLONG are strongly discouraged for use as stored data, as the + * underlying C type (long) differs in size depending on the architecture. + * They are designed with 32-bit longs in mind. + */ +DECLARE_ASN1_ITEM(LONG) +DECLARE_ASN1_ITEM(ZLONG) +# endif + +DEFINE_STACK_OF(ASN1_VALUE) + +/* Functions used internally by the ASN1 code */ + +int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it); +void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it); + +int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, + const ASN1_ITEM *it, int tag, int aclass, char opt, + ASN1_TLC *ctx); + +int ASN1_item_ex_i2d(const ASN1_VALUE **pval, unsigned char **out, + const ASN1_ITEM *it, int tag, int aclass); + +/* Legacy compatibility */ +# define IMPLEMENT_ASN1_FUNCTIONS_const(name) IMPLEMENT_ASN1_FUNCTIONS(name) +# define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \ + IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) + +#ifdef __cplusplus +} +#endif +#endif diff --git a/linux_amd64/include/openssl/async.h b/linux_amd64/include/openssl/async.h new file mode 100644 index 0000000..bc27d5d --- /dev/null +++ b/linux_amd64/include/openssl/async.h @@ -0,0 +1,96 @@ +/* + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include + +#ifndef OPENSSL_ASYNC_H +# define OPENSSL_ASYNC_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_ASYNC_H +# endif + +#if defined(_WIN32) +# if defined(BASETYPES) || defined(_WINDEF_H) +/* application has to include to use this */ +#define OSSL_ASYNC_FD HANDLE +#define OSSL_BAD_ASYNC_FD INVALID_HANDLE_VALUE +# endif +#else +#define OSSL_ASYNC_FD int +#define OSSL_BAD_ASYNC_FD -1 +#endif +# include + + +# ifdef __cplusplus +extern "C" { +# endif + +typedef struct async_job_st ASYNC_JOB; +typedef struct async_wait_ctx_st ASYNC_WAIT_CTX; +typedef int (*ASYNC_callback_fn)(void *arg); + +#define ASYNC_ERR 0 +#define ASYNC_NO_JOBS 1 +#define ASYNC_PAUSE 2 +#define ASYNC_FINISH 3 + +#define ASYNC_STATUS_UNSUPPORTED 0 +#define ASYNC_STATUS_ERR 1 +#define ASYNC_STATUS_OK 2 +#define ASYNC_STATUS_EAGAIN 3 + +int ASYNC_init_thread(size_t max_size, size_t init_size); +void ASYNC_cleanup_thread(void); + +#ifdef OSSL_ASYNC_FD +ASYNC_WAIT_CTX *ASYNC_WAIT_CTX_new(void); +void ASYNC_WAIT_CTX_free(ASYNC_WAIT_CTX *ctx); +int ASYNC_WAIT_CTX_set_wait_fd(ASYNC_WAIT_CTX *ctx, const void *key, + OSSL_ASYNC_FD fd, + void *custom_data, + void (*cleanup)(ASYNC_WAIT_CTX *, const void *, + OSSL_ASYNC_FD, void *)); +int ASYNC_WAIT_CTX_get_fd(ASYNC_WAIT_CTX *ctx, const void *key, + OSSL_ASYNC_FD *fd, void **custom_data); +int ASYNC_WAIT_CTX_get_all_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *fd, + size_t *numfds); +int ASYNC_WAIT_CTX_get_callback(ASYNC_WAIT_CTX *ctx, + ASYNC_callback_fn *callback, + void **callback_arg); +int ASYNC_WAIT_CTX_set_callback(ASYNC_WAIT_CTX *ctx, + ASYNC_callback_fn callback, + void *callback_arg); +int ASYNC_WAIT_CTX_set_status(ASYNC_WAIT_CTX *ctx, int status); +int ASYNC_WAIT_CTX_get_status(ASYNC_WAIT_CTX *ctx); +int ASYNC_WAIT_CTX_get_changed_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *addfd, + size_t *numaddfds, OSSL_ASYNC_FD *delfd, + size_t *numdelfds); +int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key); +#endif + +int ASYNC_is_capable(void); + +int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *ctx, int *ret, + int (*func)(void *), void *args, size_t size); +int ASYNC_pause_job(void); + +ASYNC_JOB *ASYNC_get_current_job(void); +ASYNC_WAIT_CTX *ASYNC_get_wait_ctx(ASYNC_JOB *job); +void ASYNC_block_pause(void); +void ASYNC_unblock_pause(void); + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/linux_amd64/include/openssl/asyncerr.h b/linux_amd64/include/openssl/asyncerr.h new file mode 100644 index 0000000..17defd0 --- /dev/null +++ b/linux_amd64/include/openssl/asyncerr.h @@ -0,0 +1,50 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_ASYNCERR_H +# define OPENSSL_ASYNCERR_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_ASYNCERR_H +# endif + +# include +# include + + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_ASYNC_strings(void); + +/* + * ASYNC function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define ASYNC_F_ASYNC_CTX_NEW 0 +# define ASYNC_F_ASYNC_INIT_THREAD 0 +# define ASYNC_F_ASYNC_JOB_NEW 0 +# define ASYNC_F_ASYNC_PAUSE_JOB 0 +# define ASYNC_F_ASYNC_START_FUNC 0 +# define ASYNC_F_ASYNC_START_JOB 0 +# define ASYNC_F_ASYNC_WAIT_CTX_SET_WAIT_FD 0 +# endif + +/* + * ASYNC reason codes. + */ +# define ASYNC_R_FAILED_TO_SET_POOL 101 +# define ASYNC_R_FAILED_TO_SWAP_CONTEXT 102 +# define ASYNC_R_INIT_FAILED 105 +# define ASYNC_R_INVALID_POOL_SIZE 103 + +#endif diff --git a/linux_amd64/include/openssl/bio.h b/linux_amd64/include/openssl/bio.h new file mode 100644 index 0000000..8583362 --- /dev/null +++ b/linux_amd64/include/openssl/bio.h @@ -0,0 +1,842 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_BIO_H +# define OPENSSL_BIO_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_BIO_H +# endif + +# include + +# ifndef OPENSSL_NO_STDIO +# include +# endif +# include + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* There are the classes of BIOs */ +# define BIO_TYPE_DESCRIPTOR 0x0100 /* socket, fd, connect or accept */ +# define BIO_TYPE_FILTER 0x0200 +# define BIO_TYPE_SOURCE_SINK 0x0400 + +/* These are the 'types' of BIOs */ +# define BIO_TYPE_NONE 0 +# define BIO_TYPE_MEM ( 1|BIO_TYPE_SOURCE_SINK) +# define BIO_TYPE_FILE ( 2|BIO_TYPE_SOURCE_SINK) + +# define BIO_TYPE_FD ( 4|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) +# define BIO_TYPE_SOCKET ( 5|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) +# define BIO_TYPE_NULL ( 6|BIO_TYPE_SOURCE_SINK) +# define BIO_TYPE_SSL ( 7|BIO_TYPE_FILTER) +# define BIO_TYPE_MD ( 8|BIO_TYPE_FILTER) +# define BIO_TYPE_BUFFER ( 9|BIO_TYPE_FILTER) +# define BIO_TYPE_CIPHER (10|BIO_TYPE_FILTER) +# define BIO_TYPE_BASE64 (11|BIO_TYPE_FILTER) +# define BIO_TYPE_CONNECT (12|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) +# define BIO_TYPE_ACCEPT (13|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) + +# define BIO_TYPE_NBIO_TEST (16|BIO_TYPE_FILTER)/* server proxy BIO */ +# define BIO_TYPE_NULL_FILTER (17|BIO_TYPE_FILTER) +# define BIO_TYPE_BIO (19|BIO_TYPE_SOURCE_SINK)/* half a BIO pair */ +# define BIO_TYPE_LINEBUFFER (20|BIO_TYPE_FILTER) +# define BIO_TYPE_DGRAM (21|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) +# define BIO_TYPE_ASN1 (22|BIO_TYPE_FILTER) +# define BIO_TYPE_COMP (23|BIO_TYPE_FILTER) +# ifndef OPENSSL_NO_SCTP +# define BIO_TYPE_DGRAM_SCTP (24|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) +# endif + +#define BIO_TYPE_START 128 + +/* + * BIO_FILENAME_READ|BIO_CLOSE to open or close on free. + * BIO_set_fp(in,stdin,BIO_NOCLOSE); + */ +# define BIO_NOCLOSE 0x00 +# define BIO_CLOSE 0x01 + +/* + * These are used in the following macros and are passed to BIO_ctrl() + */ +# define BIO_CTRL_RESET 1/* opt - rewind/zero etc */ +# define BIO_CTRL_EOF 2/* opt - are we at the eof */ +# define BIO_CTRL_INFO 3/* opt - extra tit-bits */ +# define BIO_CTRL_SET 4/* man - set the 'IO' type */ +# define BIO_CTRL_GET 5/* man - get the 'IO' type */ +# define BIO_CTRL_PUSH 6/* opt - internal, used to signify change */ +# define BIO_CTRL_POP 7/* opt - internal, used to signify change */ +# define BIO_CTRL_GET_CLOSE 8/* man - set the 'close' on free */ +# define BIO_CTRL_SET_CLOSE 9/* man - set the 'close' on free */ +# define BIO_CTRL_PENDING 10/* opt - is their more data buffered */ +# define BIO_CTRL_FLUSH 11/* opt - 'flush' buffered output */ +# define BIO_CTRL_DUP 12/* man - extra stuff for 'duped' BIO */ +# define BIO_CTRL_WPENDING 13/* opt - number of bytes still to write */ +# define BIO_CTRL_SET_CALLBACK 14/* opt - set callback function */ +# define BIO_CTRL_GET_CALLBACK 15/* opt - set callback function */ + +# define BIO_CTRL_PEEK 29/* BIO_f_buffer special */ +# define BIO_CTRL_SET_FILENAME 30/* BIO_s_file special */ + +/* dgram BIO stuff */ +# define BIO_CTRL_DGRAM_CONNECT 31/* BIO dgram special */ +# define BIO_CTRL_DGRAM_SET_CONNECTED 32/* allow for an externally connected + * socket to be passed in */ +# define BIO_CTRL_DGRAM_SET_RECV_TIMEOUT 33/* setsockopt, essentially */ +# define BIO_CTRL_DGRAM_GET_RECV_TIMEOUT 34/* getsockopt, essentially */ +# define BIO_CTRL_DGRAM_SET_SEND_TIMEOUT 35/* setsockopt, essentially */ +# define BIO_CTRL_DGRAM_GET_SEND_TIMEOUT 36/* getsockopt, essentially */ + +# define BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP 37/* flag whether the last */ +# define BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP 38/* I/O operation tiemd out */ + +/* #ifdef IP_MTU_DISCOVER */ +# define BIO_CTRL_DGRAM_MTU_DISCOVER 39/* set DF bit on egress packets */ +/* #endif */ + +# define BIO_CTRL_DGRAM_QUERY_MTU 40/* as kernel for current MTU */ +# define BIO_CTRL_DGRAM_GET_FALLBACK_MTU 47 +# define BIO_CTRL_DGRAM_GET_MTU 41/* get cached value for MTU */ +# define BIO_CTRL_DGRAM_SET_MTU 42/* set cached value for MTU. + * want to use this if asking + * the kernel fails */ + +# define BIO_CTRL_DGRAM_MTU_EXCEEDED 43/* check whether the MTU was + * exceed in the previous write + * operation */ + +# define BIO_CTRL_DGRAM_GET_PEER 46 +# define BIO_CTRL_DGRAM_SET_PEER 44/* Destination for the data */ + +# define BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT 45/* Next DTLS handshake timeout + * to adjust socket timeouts */ +# define BIO_CTRL_DGRAM_SET_DONT_FRAG 48 + +# define BIO_CTRL_DGRAM_GET_MTU_OVERHEAD 49 + +/* Deliberately outside of OPENSSL_NO_SCTP - used in bss_dgram.c */ +# define BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE 50 +# ifndef OPENSSL_NO_SCTP +/* SCTP stuff */ +# define BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY 51 +# define BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY 52 +# define BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD 53 +# define BIO_CTRL_DGRAM_SCTP_GET_SNDINFO 60 +# define BIO_CTRL_DGRAM_SCTP_SET_SNDINFO 61 +# define BIO_CTRL_DGRAM_SCTP_GET_RCVINFO 62 +# define BIO_CTRL_DGRAM_SCTP_SET_RCVINFO 63 +# define BIO_CTRL_DGRAM_SCTP_GET_PRINFO 64 +# define BIO_CTRL_DGRAM_SCTP_SET_PRINFO 65 +# define BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN 70 +# endif + +# define BIO_CTRL_DGRAM_SET_PEEK_MODE 71 + +/* + * internal BIO: + * # define BIO_CTRL_SET_KTLS_SEND 72 + * # define BIO_CTRL_SET_KTLS_SEND_CTRL_MSG 74 + * # define BIO_CTRL_CLEAR_KTLS_CTRL_MSG 75 + */ + +# define BIO_CTRL_GET_KTLS_SEND 73 +# define BIO_CTRL_GET_KTLS_RECV 76 + +# define BIO_CTRL_DGRAM_SCTP_WAIT_FOR_DRY 77 +# define BIO_CTRL_DGRAM_SCTP_MSG_WAITING 78 + +/* BIO_f_prefix controls */ +# define BIO_CTRL_SET_PREFIX 79 +# define BIO_CTRL_SET_INDENT 80 +# define BIO_CTRL_GET_INDENT 81 + +# ifndef OPENSSL_NO_KTLS +# define BIO_get_ktls_send(b) \ + BIO_ctrl(b, BIO_CTRL_GET_KTLS_SEND, 0, NULL) +# define BIO_get_ktls_recv(b) \ + BIO_ctrl(b, BIO_CTRL_GET_KTLS_RECV, 0, NULL) +# else +# define BIO_get_ktls_send(b) (0) +# define BIO_get_ktls_recv(b) (0) +# endif + +/* modifiers */ +# define BIO_FP_READ 0x02 +# define BIO_FP_WRITE 0x04 +# define BIO_FP_APPEND 0x08 +# define BIO_FP_TEXT 0x10 + +# define BIO_FLAGS_READ 0x01 +# define BIO_FLAGS_WRITE 0x02 +# define BIO_FLAGS_IO_SPECIAL 0x04 +# define BIO_FLAGS_RWS (BIO_FLAGS_READ|BIO_FLAGS_WRITE|BIO_FLAGS_IO_SPECIAL) +# define BIO_FLAGS_SHOULD_RETRY 0x08 +# ifndef OPENSSL_NO_DEPRECATED_3_0 +/* This #define was replaced by an internal constant and should not be used. */ +# define BIO_FLAGS_UPLINK 0 +# endif + +# define BIO_FLAGS_BASE64_NO_NL 0x100 + +/* + * This is used with memory BIOs: + * BIO_FLAGS_MEM_RDONLY means we shouldn't free up or change the data in any way; + * BIO_FLAGS_NONCLEAR_RST means we shouldn't clear data on reset. + */ +# define BIO_FLAGS_MEM_RDONLY 0x200 +# define BIO_FLAGS_NONCLEAR_RST 0x400 +# define BIO_FLAGS_IN_EOF 0x800 + +typedef union bio_addr_st BIO_ADDR; +typedef struct bio_addrinfo_st BIO_ADDRINFO; + +int BIO_get_new_index(void); +void BIO_set_flags(BIO *b, int flags); +int BIO_test_flags(const BIO *b, int flags); +void BIO_clear_flags(BIO *b, int flags); + +# define BIO_get_flags(b) BIO_test_flags(b, ~(0x0)) +# define BIO_set_retry_special(b) \ + BIO_set_flags(b, (BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY)) +# define BIO_set_retry_read(b) \ + BIO_set_flags(b, (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY)) +# define BIO_set_retry_write(b) \ + BIO_set_flags(b, (BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY)) + +/* These are normally used internally in BIOs */ +# define BIO_clear_retry_flags(b) \ + BIO_clear_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY)) +# define BIO_get_retry_flags(b) \ + BIO_test_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY)) + +/* These should be used by the application to tell why we should retry */ +# define BIO_should_read(a) BIO_test_flags(a, BIO_FLAGS_READ) +# define BIO_should_write(a) BIO_test_flags(a, BIO_FLAGS_WRITE) +# define BIO_should_io_special(a) BIO_test_flags(a, BIO_FLAGS_IO_SPECIAL) +# define BIO_retry_type(a) BIO_test_flags(a, BIO_FLAGS_RWS) +# define BIO_should_retry(a) BIO_test_flags(a, BIO_FLAGS_SHOULD_RETRY) + +/* + * The next three are used in conjunction with the BIO_should_io_special() + * condition. After this returns true, BIO *BIO_get_retry_BIO(BIO *bio, int + * *reason); will walk the BIO stack and return the 'reason' for the special + * and the offending BIO. Given a BIO, BIO_get_retry_reason(bio) will return + * the code. + */ +/* + * Returned from the SSL bio when the certificate retrieval code had an error + */ +# define BIO_RR_SSL_X509_LOOKUP 0x01 +/* Returned from the connect BIO when a connect would have blocked */ +# define BIO_RR_CONNECT 0x02 +/* Returned from the accept BIO when an accept would have blocked */ +# define BIO_RR_ACCEPT 0x03 + +/* These are passed by the BIO callback */ +# define BIO_CB_FREE 0x01 +# define BIO_CB_READ 0x02 +# define BIO_CB_WRITE 0x03 +# define BIO_CB_PUTS 0x04 +# define BIO_CB_GETS 0x05 +# define BIO_CB_CTRL 0x06 + +/* + * The callback is called before and after the underling operation, The + * BIO_CB_RETURN flag indicates if it is after the call + */ +# define BIO_CB_RETURN 0x80 +# define BIO_CB_return(a) ((a)|BIO_CB_RETURN) +# define BIO_cb_pre(a) (!((a)&BIO_CB_RETURN)) +# define BIO_cb_post(a) ((a)&BIO_CB_RETURN) + +typedef long (*BIO_callback_fn)(BIO *b, int oper, const char *argp, int argi, + long argl, long ret); +typedef long (*BIO_callback_fn_ex)(BIO *b, int oper, const char *argp, + size_t len, int argi, + long argl, int ret, size_t *processed); +BIO_callback_fn BIO_get_callback(const BIO *b); +void BIO_set_callback(BIO *b, BIO_callback_fn callback); + +BIO_callback_fn_ex BIO_get_callback_ex(const BIO *b); +void BIO_set_callback_ex(BIO *b, BIO_callback_fn_ex callback); + +char *BIO_get_callback_arg(const BIO *b); +void BIO_set_callback_arg(BIO *b, char *arg); + +typedef struct bio_method_st BIO_METHOD; + +const char *BIO_method_name(const BIO *b); +int BIO_method_type(const BIO *b); + +typedef int BIO_info_cb(BIO *, int, int); +typedef BIO_info_cb bio_info_cb; /* backward compatibility */ + +DEFINE_STACK_OF(BIO) + +/* Prefix and suffix callback in ASN1 BIO */ +typedef int asn1_ps_func (BIO *b, unsigned char **pbuf, int *plen, + void *parg); + +typedef void (*BIO_dgram_sctp_notification_handler_fn) (BIO *b, + void *context, + void *buf); +# ifndef OPENSSL_NO_SCTP +/* SCTP parameter structs */ +struct bio_dgram_sctp_sndinfo { + uint16_t snd_sid; + uint16_t snd_flags; + uint32_t snd_ppid; + uint32_t snd_context; +}; + +struct bio_dgram_sctp_rcvinfo { + uint16_t rcv_sid; + uint16_t rcv_ssn; + uint16_t rcv_flags; + uint32_t rcv_ppid; + uint32_t rcv_tsn; + uint32_t rcv_cumtsn; + uint32_t rcv_context; +}; + +struct bio_dgram_sctp_prinfo { + uint16_t pr_policy; + uint32_t pr_value; +}; +# endif + +/* + * #define BIO_CONN_get_param_hostname BIO_ctrl + */ + +# define BIO_C_SET_CONNECT 100 +# define BIO_C_DO_STATE_MACHINE 101 +# define BIO_C_SET_NBIO 102 +/* # define BIO_C_SET_PROXY_PARAM 103 */ +# define BIO_C_SET_FD 104 +# define BIO_C_GET_FD 105 +# define BIO_C_SET_FILE_PTR 106 +# define BIO_C_GET_FILE_PTR 107 +# define BIO_C_SET_FILENAME 108 +# define BIO_C_SET_SSL 109 +# define BIO_C_GET_SSL 110 +# define BIO_C_SET_MD 111 +# define BIO_C_GET_MD 112 +# define BIO_C_GET_CIPHER_STATUS 113 +# define BIO_C_SET_BUF_MEM 114 +# define BIO_C_GET_BUF_MEM_PTR 115 +# define BIO_C_GET_BUFF_NUM_LINES 116 +# define BIO_C_SET_BUFF_SIZE 117 +# define BIO_C_SET_ACCEPT 118 +# define BIO_C_SSL_MODE 119 +# define BIO_C_GET_MD_CTX 120 +/* # define BIO_C_GET_PROXY_PARAM 121 */ +# define BIO_C_SET_BUFF_READ_DATA 122/* data to read first */ +# define BIO_C_GET_CONNECT 123 +# define BIO_C_GET_ACCEPT 124 +# define BIO_C_SET_SSL_RENEGOTIATE_BYTES 125 +# define BIO_C_GET_SSL_NUM_RENEGOTIATES 126 +# define BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT 127 +# define BIO_C_FILE_SEEK 128 +# define BIO_C_GET_CIPHER_CTX 129 +# define BIO_C_SET_BUF_MEM_EOF_RETURN 130/* return end of input + * value */ +# define BIO_C_SET_BIND_MODE 131 +# define BIO_C_GET_BIND_MODE 132 +# define BIO_C_FILE_TELL 133 +# define BIO_C_GET_SOCKS 134 +# define BIO_C_SET_SOCKS 135 + +# define BIO_C_SET_WRITE_BUF_SIZE 136/* for BIO_s_bio */ +# define BIO_C_GET_WRITE_BUF_SIZE 137 +# define BIO_C_MAKE_BIO_PAIR 138 +# define BIO_C_DESTROY_BIO_PAIR 139 +# define BIO_C_GET_WRITE_GUARANTEE 140 +# define BIO_C_GET_READ_REQUEST 141 +# define BIO_C_SHUTDOWN_WR 142 +# define BIO_C_NREAD0 143 +# define BIO_C_NREAD 144 +# define BIO_C_NWRITE0 145 +# define BIO_C_NWRITE 146 +# define BIO_C_RESET_READ_REQUEST 147 +# define BIO_C_SET_MD_CTX 148 + +# define BIO_C_SET_PREFIX 149 +# define BIO_C_GET_PREFIX 150 +# define BIO_C_SET_SUFFIX 151 +# define BIO_C_GET_SUFFIX 152 + +# define BIO_C_SET_EX_ARG 153 +# define BIO_C_GET_EX_ARG 154 + +# define BIO_C_SET_CONNECT_MODE 155 + +# define BIO_set_app_data(s,arg) BIO_set_ex_data(s,0,arg) +# define BIO_get_app_data(s) BIO_get_ex_data(s,0) + +# define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) + +# ifndef OPENSSL_NO_SOCK +/* IP families we support, for BIO_s_connect() and BIO_s_accept() */ +/* Note: the underlying operating system may not support some of them */ +# define BIO_FAMILY_IPV4 4 +# define BIO_FAMILY_IPV6 6 +# define BIO_FAMILY_IPANY 256 + +/* BIO_s_connect() */ +# define BIO_set_conn_hostname(b,name) BIO_ctrl(b,BIO_C_SET_CONNECT,0, \ + (char *)(name)) +# define BIO_set_conn_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,1, \ + (char *)(port)) +# define BIO_set_conn_address(b,addr) BIO_ctrl(b,BIO_C_SET_CONNECT,2, \ + (char *)(addr)) +# define BIO_set_conn_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_CONNECT,3,f) +# define BIO_get_conn_hostname(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0)) +# define BIO_get_conn_port(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1)) +# define BIO_get_conn_address(b) ((const BIO_ADDR *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2)) +# define BIO_get_conn_ip_family(b) BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL) +# define BIO_set_conn_mode(b,n) BIO_ctrl(b,BIO_C_SET_CONNECT_MODE,(n),NULL) + +/* BIO_s_accept() */ +# define BIO_set_accept_name(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0, \ + (char *)(name)) +# define BIO_set_accept_port(b,port) BIO_ctrl(b,BIO_C_SET_ACCEPT,1, \ + (char *)(port)) +# define BIO_get_accept_name(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0)) +# define BIO_get_accept_port(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,1)) +# define BIO_get_peer_name(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,2)) +# define BIO_get_peer_port(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,3)) +/* #define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */ +# define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(n)?(void *)"a":NULL) +# define BIO_set_accept_bios(b,bio) BIO_ctrl(b,BIO_C_SET_ACCEPT,3, \ + (char *)(bio)) +# define BIO_set_accept_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_ACCEPT,4,f) +# define BIO_get_accept_ip_family(b) BIO_ctrl(b,BIO_C_GET_ACCEPT,4,NULL) + +/* Aliases kept for backward compatibility */ +# define BIO_BIND_NORMAL 0 +# define BIO_BIND_REUSEADDR BIO_SOCK_REUSEADDR +# define BIO_BIND_REUSEADDR_IF_UNUSED BIO_SOCK_REUSEADDR +# define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL) +# define BIO_get_bind_mode(b) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL) + +/* BIO_s_accept() and BIO_s_connect() */ +# define BIO_do_connect(b) BIO_do_handshake(b) +# define BIO_do_accept(b) BIO_do_handshake(b) +# endif /* OPENSSL_NO_SOCK */ + +# define BIO_do_handshake(b) BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL) + +/* BIO_s_datagram(), BIO_s_fd(), BIO_s_socket(), BIO_s_accept() and BIO_s_connect() */ +# define BIO_set_fd(b,fd,c) BIO_int_ctrl(b,BIO_C_SET_FD,c,fd) +# define BIO_get_fd(b,c) BIO_ctrl(b,BIO_C_GET_FD,0,(char *)(c)) + +/* BIO_s_file() */ +# define BIO_set_fp(b,fp,c) BIO_ctrl(b,BIO_C_SET_FILE_PTR,c,(char *)(fp)) +# define BIO_get_fp(b,fpp) BIO_ctrl(b,BIO_C_GET_FILE_PTR,0,(char *)(fpp)) + +/* BIO_s_fd() and BIO_s_file() */ +# define BIO_seek(b,ofs) (int)BIO_ctrl(b,BIO_C_FILE_SEEK,ofs,NULL) +# define BIO_tell(b) (int)BIO_ctrl(b,BIO_C_FILE_TELL,0,NULL) + +/* + * name is cast to lose const, but might be better to route through a + * function so we can do it safely + */ +# ifdef CONST_STRICT +/* + * If you are wondering why this isn't defined, its because CONST_STRICT is + * purely a compile-time kludge to allow const to be checked. + */ +int BIO_read_filename(BIO *b, const char *name); +# else +# define BIO_read_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \ + BIO_CLOSE|BIO_FP_READ,(char *)(name)) +# endif +# define BIO_write_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \ + BIO_CLOSE|BIO_FP_WRITE,name) +# define BIO_append_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \ + BIO_CLOSE|BIO_FP_APPEND,name) +# define BIO_rw_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \ + BIO_CLOSE|BIO_FP_READ|BIO_FP_WRITE,name) + +/* + * WARNING WARNING, this ups the reference count on the read bio of the SSL + * structure. This is because the ssl read BIO is now pointed to by the + * next_bio field in the bio. So when you free the BIO, make sure you are + * doing a BIO_free_all() to catch the underlying BIO. + */ +# define BIO_set_ssl(b,ssl,c) BIO_ctrl(b,BIO_C_SET_SSL,c,(char *)(ssl)) +# define BIO_get_ssl(b,sslp) BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)(sslp)) +# define BIO_set_ssl_mode(b,client) BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL) +# define BIO_set_ssl_renegotiate_bytes(b,num) \ + BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL) +# define BIO_get_num_renegotiates(b) \ + BIO_ctrl(b,BIO_C_GET_SSL_NUM_RENEGOTIATES,0,NULL) +# define BIO_set_ssl_renegotiate_timeout(b,seconds) \ + BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL) + +/* defined in evp.h */ +/* #define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,1,(char *)(md)) */ + +# define BIO_get_mem_data(b,pp) BIO_ctrl(b,BIO_CTRL_INFO,0,(char *)(pp)) +# define BIO_set_mem_buf(b,bm,c) BIO_ctrl(b,BIO_C_SET_BUF_MEM,c,(char *)(bm)) +# define BIO_get_mem_ptr(b,pp) BIO_ctrl(b,BIO_C_GET_BUF_MEM_PTR,0, \ + (char *)(pp)) +# define BIO_set_mem_eof_return(b,v) \ + BIO_ctrl(b,BIO_C_SET_BUF_MEM_EOF_RETURN,v,NULL) + +/* For the BIO_f_buffer() type */ +# define BIO_get_buffer_num_lines(b) BIO_ctrl(b,BIO_C_GET_BUFF_NUM_LINES,0,NULL) +# define BIO_set_buffer_size(b,size) BIO_ctrl(b,BIO_C_SET_BUFF_SIZE,size,NULL) +# define BIO_set_read_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,0) +# define BIO_set_write_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,1) +# define BIO_set_buffer_read_data(b,buf,num) BIO_ctrl(b,BIO_C_SET_BUFF_READ_DATA,num,buf) + +/* Don't use the next one unless you know what you are doing :-) */ +# define BIO_dup_state(b,ret) BIO_ctrl(b,BIO_CTRL_DUP,0,(char *)(ret)) + +# define BIO_reset(b) (int)BIO_ctrl(b,BIO_CTRL_RESET,0,NULL) +# define BIO_eof(b) (int)BIO_ctrl(b,BIO_CTRL_EOF,0,NULL) +# define BIO_set_close(b,c) (int)BIO_ctrl(b,BIO_CTRL_SET_CLOSE,(c),NULL) +# define BIO_get_close(b) (int)BIO_ctrl(b,BIO_CTRL_GET_CLOSE,0,NULL) +# define BIO_pending(b) (int)BIO_ctrl(b,BIO_CTRL_PENDING,0,NULL) +# define BIO_wpending(b) (int)BIO_ctrl(b,BIO_CTRL_WPENDING,0,NULL) +/* ...pending macros have inappropriate return type */ +size_t BIO_ctrl_pending(BIO *b); +size_t BIO_ctrl_wpending(BIO *b); +# define BIO_flush(b) (int)BIO_ctrl(b,BIO_CTRL_FLUSH,0,NULL) +# define BIO_get_info_callback(b,cbp) (int)BIO_ctrl(b,BIO_CTRL_GET_CALLBACK,0, \ + cbp) +# define BIO_set_info_callback(b,cb) (int)BIO_callback_ctrl(b,BIO_CTRL_SET_CALLBACK,cb) + +/* For the BIO_f_buffer() type */ +# define BIO_buffer_get_num_lines(b) BIO_ctrl(b,BIO_CTRL_GET,0,NULL) +# define BIO_buffer_peek(b,s,l) BIO_ctrl(b,BIO_CTRL_PEEK,(l),(s)) + +/* For BIO_s_bio() */ +# define BIO_set_write_buf_size(b,size) (int)BIO_ctrl(b,BIO_C_SET_WRITE_BUF_SIZE,size,NULL) +# define BIO_get_write_buf_size(b,size) (size_t)BIO_ctrl(b,BIO_C_GET_WRITE_BUF_SIZE,size,NULL) +# define BIO_make_bio_pair(b1,b2) (int)BIO_ctrl(b1,BIO_C_MAKE_BIO_PAIR,0,b2) +# define BIO_destroy_bio_pair(b) (int)BIO_ctrl(b,BIO_C_DESTROY_BIO_PAIR,0,NULL) +# define BIO_shutdown_wr(b) (int)BIO_ctrl(b, BIO_C_SHUTDOWN_WR, 0, NULL) +/* macros with inappropriate type -- but ...pending macros use int too: */ +# define BIO_get_write_guarantee(b) (int)BIO_ctrl(b,BIO_C_GET_WRITE_GUARANTEE,0,NULL) +# define BIO_get_read_request(b) (int)BIO_ctrl(b,BIO_C_GET_READ_REQUEST,0,NULL) +size_t BIO_ctrl_get_write_guarantee(BIO *b); +size_t BIO_ctrl_get_read_request(BIO *b); +int BIO_ctrl_reset_read_request(BIO *b); + +/* ctrl macros for dgram */ +# define BIO_ctrl_dgram_connect(b,peer) \ + (int)BIO_ctrl(b,BIO_CTRL_DGRAM_CONNECT,0, (char *)(peer)) +# define BIO_ctrl_set_connected(b,peer) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_CONNECTED, 0, (char *)(peer)) +# define BIO_dgram_recv_timedout(b) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP, 0, NULL) +# define BIO_dgram_send_timedout(b) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP, 0, NULL) +# define BIO_dgram_get_peer(b,peer) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)(peer)) +# define BIO_dgram_set_peer(b,peer) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)(peer)) +# define BIO_dgram_get_mtu_overhead(b) \ + (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL) + +/* ctrl macros for BIO_f_prefix */ +# define BIO_set_prefix(b,p) BIO_ctrl((b), BIO_CTRL_SET_PREFIX, 0, (void *)(p)) +# define BIO_set_indent(b,i) BIO_ctrl((b), BIO_CTRL_SET_INDENT, (i), NULL) +# define BIO_get_indent(b) BIO_ctrl((b), BIO_CTRL_GET_INDENT, 0, NULL) + +#define BIO_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_BIO, l, p, newf, dupf, freef) +int BIO_set_ex_data(BIO *bio, int idx, void *data); +void *BIO_get_ex_data(BIO *bio, int idx); +uint64_t BIO_number_read(BIO *bio); +uint64_t BIO_number_written(BIO *bio); + +/* For BIO_f_asn1() */ +int BIO_asn1_set_prefix(BIO *b, asn1_ps_func *prefix, + asn1_ps_func *prefix_free); +int BIO_asn1_get_prefix(BIO *b, asn1_ps_func **pprefix, + asn1_ps_func **pprefix_free); +int BIO_asn1_set_suffix(BIO *b, asn1_ps_func *suffix, + asn1_ps_func *suffix_free); +int BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix, + asn1_ps_func **psuffix_free); + +const BIO_METHOD *BIO_s_file(void); +BIO *BIO_new_file(const char *filename, const char *mode); +# ifndef OPENSSL_NO_STDIO +BIO *BIO_new_fp(FILE *stream, int close_flag); +# endif +BIO *BIO_new(const BIO_METHOD *type); +int BIO_free(BIO *a); +void BIO_set_data(BIO *a, void *ptr); +void *BIO_get_data(BIO *a); +void BIO_set_init(BIO *a, int init); +int BIO_get_init(BIO *a); +void BIO_set_shutdown(BIO *a, int shut); +int BIO_get_shutdown(BIO *a); +void BIO_vfree(BIO *a); +int BIO_up_ref(BIO *a); +int BIO_read(BIO *b, void *data, int dlen); +int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes); +int BIO_gets(BIO *bp, char *buf, int size); +int BIO_write(BIO *b, const void *data, int dlen); +int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written); +int BIO_puts(BIO *bp, const char *buf); +int BIO_indent(BIO *b, int indent, int max); +long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg); +long BIO_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp); +void *BIO_ptr_ctrl(BIO *bp, int cmd, long larg); +long BIO_int_ctrl(BIO *bp, int cmd, long larg, int iarg); +BIO *BIO_push(BIO *b, BIO *append); +BIO *BIO_pop(BIO *b); +void BIO_free_all(BIO *a); +BIO *BIO_find_type(BIO *b, int bio_type); +BIO *BIO_next(BIO *b); +void BIO_set_next(BIO *b, BIO *next); +BIO *BIO_get_retry_BIO(BIO *bio, int *reason); +int BIO_get_retry_reason(BIO *bio); +void BIO_set_retry_reason(BIO *bio, int reason); +BIO *BIO_dup_chain(BIO *in); + +int BIO_nread0(BIO *bio, char **buf); +int BIO_nread(BIO *bio, char **buf, int num); +int BIO_nwrite0(BIO *bio, char **buf); +int BIO_nwrite(BIO *bio, char **buf, int num); + +long BIO_debug_callback(BIO *bio, int cmd, const char *argp, int argi, + long argl, long ret); + +const BIO_METHOD *BIO_s_mem(void); +const BIO_METHOD *BIO_s_secmem(void); +BIO *BIO_new_mem_buf(const void *buf, int len); +# ifndef OPENSSL_NO_SOCK +const BIO_METHOD *BIO_s_socket(void); +const BIO_METHOD *BIO_s_connect(void); +const BIO_METHOD *BIO_s_accept(void); +# endif +const BIO_METHOD *BIO_s_fd(void); +const BIO_METHOD *BIO_s_log(void); +const BIO_METHOD *BIO_s_bio(void); +const BIO_METHOD *BIO_s_null(void); +const BIO_METHOD *BIO_f_null(void); +const BIO_METHOD *BIO_f_buffer(void); +const BIO_METHOD *BIO_f_linebuffer(void); +const BIO_METHOD *BIO_f_nbio_test(void); +const BIO_METHOD *BIO_f_prefix(void); +# ifndef OPENSSL_NO_DGRAM +const BIO_METHOD *BIO_s_datagram(void); +int BIO_dgram_non_fatal_error(int error); +BIO *BIO_new_dgram(int fd, int close_flag); +# ifndef OPENSSL_NO_SCTP +const BIO_METHOD *BIO_s_datagram_sctp(void); +BIO *BIO_new_dgram_sctp(int fd, int close_flag); +int BIO_dgram_is_sctp(BIO *bio); +int BIO_dgram_sctp_notification_cb(BIO *b, + BIO_dgram_sctp_notification_handler_fn handle_notifications, + void *context); +int BIO_dgram_sctp_wait_for_dry(BIO *b); +int BIO_dgram_sctp_msg_waiting(BIO *b); +# endif +# endif + +# ifndef OPENSSL_NO_SOCK +int BIO_sock_should_retry(int i); +int BIO_sock_non_fatal_error(int error); +int BIO_socket_wait(int fd, int for_read, time_t max_time); +# endif +int BIO_wait(BIO *bio, time_t max_time, unsigned int milliseconds); +int BIO_connect_retry(BIO *bio, int timeout); + +int BIO_fd_should_retry(int i); +int BIO_fd_non_fatal_error(int error); +int BIO_dump_cb(int (*cb) (const void *data, size_t len, void *u), + void *u, const void *s, int len); +int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u), + void *u, const void *s, int len, int indent); +int BIO_dump(BIO *b, const void *bytes, int len); +int BIO_dump_indent(BIO *b, const void *bytes, int len, int indent); +# ifndef OPENSSL_NO_STDIO +int BIO_dump_fp(FILE *fp, const void *s, int len); +int BIO_dump_indent_fp(FILE *fp, const void *s, int len, int indent); +# endif +int BIO_hex_string(BIO *out, int indent, int width, const void *data, + int datalen); + +# ifndef OPENSSL_NO_SOCK +BIO_ADDR *BIO_ADDR_new(void); +int BIO_ADDR_rawmake(BIO_ADDR *ap, int family, + const void *where, size_t wherelen, unsigned short port); +void BIO_ADDR_free(BIO_ADDR *); +void BIO_ADDR_clear(BIO_ADDR *ap); +int BIO_ADDR_family(const BIO_ADDR *ap); +int BIO_ADDR_rawaddress(const BIO_ADDR *ap, void *p, size_t *l); +unsigned short BIO_ADDR_rawport(const BIO_ADDR *ap); +char *BIO_ADDR_hostname_string(const BIO_ADDR *ap, int numeric); +char *BIO_ADDR_service_string(const BIO_ADDR *ap, int numeric); +char *BIO_ADDR_path_string(const BIO_ADDR *ap); + +const BIO_ADDRINFO *BIO_ADDRINFO_next(const BIO_ADDRINFO *bai); +int BIO_ADDRINFO_family(const BIO_ADDRINFO *bai); +int BIO_ADDRINFO_socktype(const BIO_ADDRINFO *bai); +int BIO_ADDRINFO_protocol(const BIO_ADDRINFO *bai); +const BIO_ADDR *BIO_ADDRINFO_address(const BIO_ADDRINFO *bai); +void BIO_ADDRINFO_free(BIO_ADDRINFO *bai); + +enum BIO_hostserv_priorities { + BIO_PARSE_PRIO_HOST, BIO_PARSE_PRIO_SERV +}; +int BIO_parse_hostserv(const char *hostserv, char **host, char **service, + enum BIO_hostserv_priorities hostserv_prio); +enum BIO_lookup_type { + BIO_LOOKUP_CLIENT, BIO_LOOKUP_SERVER +}; +int BIO_lookup(const char *host, const char *service, + enum BIO_lookup_type lookup_type, + int family, int socktype, BIO_ADDRINFO **res); +int BIO_lookup_ex(const char *host, const char *service, + int lookup_type, int family, int socktype, int protocol, + BIO_ADDRINFO **res); +int BIO_sock_error(int sock); +int BIO_socket_ioctl(int fd, long type, void *arg); +int BIO_socket_nbio(int fd, int mode); +int BIO_sock_init(void); +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define BIO_sock_cleanup() while(0) continue +# endif +int BIO_set_tcp_ndelay(int sock, int turn_on); + +DEPRECATEDIN_1_1_0(struct hostent *BIO_gethostbyname(const char *name)) +DEPRECATEDIN_1_1_0(int BIO_get_port(const char *str, unsigned short *port_ptr)) +DEPRECATEDIN_1_1_0(int BIO_get_host_ip(const char *str, unsigned char *ip)) +DEPRECATEDIN_1_1_0(int BIO_get_accept_socket(char *host_port, int mode)) +DEPRECATEDIN_1_1_0(int BIO_accept(int sock, char **ip_port)) + +union BIO_sock_info_u { + BIO_ADDR *addr; +}; +enum BIO_sock_info_type { + BIO_SOCK_INFO_ADDRESS +}; +int BIO_sock_info(int sock, + enum BIO_sock_info_type type, union BIO_sock_info_u *info); + +# define BIO_SOCK_REUSEADDR 0x01 +# define BIO_SOCK_V6_ONLY 0x02 +# define BIO_SOCK_KEEPALIVE 0x04 +# define BIO_SOCK_NONBLOCK 0x08 +# define BIO_SOCK_NODELAY 0x10 + +int BIO_socket(int domain, int socktype, int protocol, int options); +int BIO_connect(int sock, const BIO_ADDR *addr, int options); +int BIO_bind(int sock, const BIO_ADDR *addr, int options); +int BIO_listen(int sock, const BIO_ADDR *addr, int options); +int BIO_accept_ex(int accept_sock, BIO_ADDR *addr, int options); +int BIO_closesocket(int sock); + +BIO *BIO_new_socket(int sock, int close_flag); +BIO *BIO_new_connect(const char *host_port); +BIO *BIO_new_accept(const char *host_port); +# endif /* OPENSSL_NO_SOCK*/ + +BIO *BIO_new_fd(int fd, int close_flag); + +int BIO_new_bio_pair(BIO **bio1, size_t writebuf1, + BIO **bio2, size_t writebuf2); +/* + * If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints. + * Otherwise returns 0 and sets *bio1 and *bio2 to NULL. Size 0 uses default + * value. + */ + +void BIO_copy_next_retry(BIO *b); + +/* + * long BIO_ghbn_ctrl(int cmd,int iarg,char *parg); + */ + +# define ossl_bio__attr__(x) +# if defined(__GNUC__) && defined(__STDC_VERSION__) \ + && !defined(__APPLE__) + /* + * Because we support the 'z' modifier, which made its appearance in C99, + * we can't use __attribute__ with pre C99 dialects. + */ +# if __STDC_VERSION__ >= 199901L +# undef ossl_bio__attr__ +# define ossl_bio__attr__ __attribute__ +# if __GNUC__*10 + __GNUC_MINOR__ >= 44 +# define ossl_bio__printf__ __gnu_printf__ +# else +# define ossl_bio__printf__ __printf__ +# endif +# endif +# endif +int BIO_printf(BIO *bio, const char *format, ...) +ossl_bio__attr__((__format__(ossl_bio__printf__, 2, 3))); +int BIO_vprintf(BIO *bio, const char *format, va_list args) +ossl_bio__attr__((__format__(ossl_bio__printf__, 2, 0))); +int BIO_snprintf(char *buf, size_t n, const char *format, ...) +ossl_bio__attr__((__format__(ossl_bio__printf__, 3, 4))); +int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) +ossl_bio__attr__((__format__(ossl_bio__printf__, 3, 0))); +# undef ossl_bio__attr__ +# undef ossl_bio__printf__ + + +BIO_METHOD *BIO_meth_new(int type, const char *name); +void BIO_meth_free(BIO_METHOD *biom); +int (*BIO_meth_get_write(const BIO_METHOD *biom)) (BIO *, const char *, int); +int (*BIO_meth_get_write_ex(const BIO_METHOD *biom)) (BIO *, const char *, size_t, + size_t *); +int BIO_meth_set_write(BIO_METHOD *biom, + int (*write) (BIO *, const char *, int)); +int BIO_meth_set_write_ex(BIO_METHOD *biom, + int (*bwrite) (BIO *, const char *, size_t, size_t *)); +int (*BIO_meth_get_read(const BIO_METHOD *biom)) (BIO *, char *, int); +int (*BIO_meth_get_read_ex(const BIO_METHOD *biom)) (BIO *, char *, size_t, size_t *); +int BIO_meth_set_read(BIO_METHOD *biom, + int (*read) (BIO *, char *, int)); +int BIO_meth_set_read_ex(BIO_METHOD *biom, + int (*bread) (BIO *, char *, size_t, size_t *)); +int (*BIO_meth_get_puts(const BIO_METHOD *biom)) (BIO *, const char *); +int BIO_meth_set_puts(BIO_METHOD *biom, + int (*puts) (BIO *, const char *)); +int (*BIO_meth_get_gets(const BIO_METHOD *biom)) (BIO *, char *, int); +int BIO_meth_set_gets(BIO_METHOD *biom, + int (*gets) (BIO *, char *, int)); +long (*BIO_meth_get_ctrl(const BIO_METHOD *biom)) (BIO *, int, long, void *); +int BIO_meth_set_ctrl(BIO_METHOD *biom, + long (*ctrl) (BIO *, int, long, void *)); +int (*BIO_meth_get_create(const BIO_METHOD *bion)) (BIO *); +int BIO_meth_set_create(BIO_METHOD *biom, int (*create) (BIO *)); +int (*BIO_meth_get_destroy(const BIO_METHOD *biom)) (BIO *); +int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy) (BIO *)); +long (*BIO_meth_get_callback_ctrl(const BIO_METHOD *biom)) + (BIO *, int, BIO_info_cb *); +int BIO_meth_set_callback_ctrl(BIO_METHOD *biom, + long (*callback_ctrl) (BIO *, int, + BIO_info_cb *)); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/linux_amd64/include/openssl/bioerr.h b/linux_amd64/include/openssl/bioerr.h new file mode 100644 index 0000000..95cc056 --- /dev/null +++ b/linux_amd64/include/openssl/bioerr.h @@ -0,0 +1,135 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_BIOERR_H +# define OPENSSL_BIOERR_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_BIOERR_H +# endif + +# include +# include + + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_BIO_strings(void); + +/* + * BIO function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define BIO_F_ACPT_STATE 0 +# define BIO_F_ADDRINFO_WRAP 0 +# define BIO_F_ADDR_STRINGS 0 +# define BIO_F_BIO_ACCEPT 0 +# define BIO_F_BIO_ACCEPT_EX 0 +# define BIO_F_BIO_ACCEPT_NEW 0 +# define BIO_F_BIO_ADDR_NEW 0 +# define BIO_F_BIO_BIND 0 +# define BIO_F_BIO_CALLBACK_CTRL 0 +# define BIO_F_BIO_CONNECT 0 +# define BIO_F_BIO_CONNECT_NEW 0 +# define BIO_F_BIO_CTRL 0 +# define BIO_F_BIO_GETS 0 +# define BIO_F_BIO_GET_HOST_IP 0 +# define BIO_F_BIO_GET_NEW_INDEX 0 +# define BIO_F_BIO_GET_PORT 0 +# define BIO_F_BIO_LISTEN 0 +# define BIO_F_BIO_LOOKUP 0 +# define BIO_F_BIO_LOOKUP_EX 0 +# define BIO_F_BIO_MAKE_PAIR 0 +# define BIO_F_BIO_METH_NEW 0 +# define BIO_F_BIO_NEW 0 +# define BIO_F_BIO_NEW_DGRAM_SCTP 0 +# define BIO_F_BIO_NEW_FILE 0 +# define BIO_F_BIO_NEW_MEM_BUF 0 +# define BIO_F_BIO_NREAD 0 +# define BIO_F_BIO_NREAD0 0 +# define BIO_F_BIO_NWRITE 0 +# define BIO_F_BIO_NWRITE0 0 +# define BIO_F_BIO_PARSE_HOSTSERV 0 +# define BIO_F_BIO_PUTS 0 +# define BIO_F_BIO_READ 0 +# define BIO_F_BIO_READ_EX 0 +# define BIO_F_BIO_READ_INTERN 0 +# define BIO_F_BIO_SOCKET 0 +# define BIO_F_BIO_SOCKET_NBIO 0 +# define BIO_F_BIO_SOCK_INFO 0 +# define BIO_F_BIO_SOCK_INIT 0 +# define BIO_F_BIO_WRITE 0 +# define BIO_F_BIO_WRITE_EX 0 +# define BIO_F_BIO_WRITE_INTERN 0 +# define BIO_F_BUFFER_CTRL 0 +# define BIO_F_CONN_CTRL 0 +# define BIO_F_CONN_STATE 0 +# define BIO_F_DGRAM_SCTP_NEW 0 +# define BIO_F_DGRAM_SCTP_READ 0 +# define BIO_F_DGRAM_SCTP_WRITE 0 +# define BIO_F_DOAPR_OUTCH 0 +# define BIO_F_FILE_CTRL 0 +# define BIO_F_FILE_READ 0 +# define BIO_F_LINEBUFFER_CTRL 0 +# define BIO_F_LINEBUFFER_NEW 0 +# define BIO_F_MEM_WRITE 0 +# define BIO_F_NBIOF_NEW 0 +# define BIO_F_SLG_WRITE 0 +# define BIO_F_SSL_NEW 0 +# endif + +/* + * BIO reason codes. + */ +# define BIO_R_ACCEPT_ERROR 100 +# define BIO_R_ADDRINFO_ADDR_IS_NOT_AF_INET 141 +# define BIO_R_AMBIGUOUS_HOST_OR_SERVICE 129 +# define BIO_R_BAD_FOPEN_MODE 101 +# define BIO_R_BROKEN_PIPE 124 +# define BIO_R_CONNECT_ERROR 103 +# define BIO_R_CONNECT_TIMEOUT 147 +# define BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET 107 +# define BIO_R_GETSOCKNAME_ERROR 132 +# define BIO_R_GETSOCKNAME_TRUNCATED_ADDRESS 133 +# define BIO_R_GETTING_SOCKTYPE 134 +# define BIO_R_INVALID_ARGUMENT 125 +# define BIO_R_INVALID_SOCKET 135 +# define BIO_R_IN_USE 123 +# define BIO_R_LENGTH_TOO_LONG 102 +# define BIO_R_LISTEN_V6_ONLY 136 +# define BIO_R_LOOKUP_RETURNED_NOTHING 142 +# define BIO_R_MALFORMED_HOST_OR_SERVICE 130 +# define BIO_R_NBIO_CONNECT_ERROR 110 +# define BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED 143 +# define BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED 144 +# define BIO_R_NO_PORT_DEFINED 113 +# define BIO_R_NO_SUCH_FILE 128 +# define BIO_R_NULL_PARAMETER 115 +# define BIO_R_TRANSFER_ERROR 104 +# define BIO_R_TRANSFER_TIMEOUT 105 +# define BIO_R_UNABLE_TO_BIND_SOCKET 117 +# define BIO_R_UNABLE_TO_CREATE_SOCKET 118 +# define BIO_R_UNABLE_TO_KEEPALIVE 137 +# define BIO_R_UNABLE_TO_LISTEN_SOCKET 119 +# define BIO_R_UNABLE_TO_NODELAY 138 +# define BIO_R_UNABLE_TO_REUSEADDR 139 +# define BIO_R_UNAVAILABLE_IP_FAMILY 145 +# define BIO_R_UNINITIALIZED 120 +# define BIO_R_UNKNOWN_INFO_TYPE 140 +# define BIO_R_UNSUPPORTED_IP_FAMILY 146 +# define BIO_R_UNSUPPORTED_METHOD 121 +# define BIO_R_UNSUPPORTED_PROTOCOL_FAMILY 131 +# define BIO_R_WRITE_TO_READ_ONLY_BIO 126 +# define BIO_R_WSASTARTUP 122 + +#endif diff --git a/linux_amd64/include/openssl/blowfish.h b/linux_amd64/include/openssl/blowfish.h new file mode 100644 index 0000000..c83a208 --- /dev/null +++ b/linux_amd64/include/openssl/blowfish.h @@ -0,0 +1,78 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_BLOWFISH_H +# define OPENSSL_BLOWFISH_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_BLOWFISH_H +# endif + +# include + +# ifndef OPENSSL_NO_BF +# include +# ifdef __cplusplus +extern "C" { +# endif + +# define BF_BLOCK 8 + +# ifndef OPENSSL_NO_DEPRECATED_3_0 + +# define BF_ENCRYPT 1 +# define BF_DECRYPT 0 + +/*- + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + * ! BF_LONG has to be at least 32 bits wide. ! + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + */ +# define BF_LONG unsigned int + +# define BF_ROUNDS 16 + +typedef struct bf_key_st { + BF_LONG P[BF_ROUNDS + 2]; + BF_LONG S[4 * 256]; +} BF_KEY; + +# endif /* OPENSSL_NO_DEPRECATED_3_0 */ + +DEPRECATEDIN_3_0(void BF_set_key(BF_KEY *key, int len, + const unsigned char *data)) + +DEPRECATEDIN_3_0(void BF_encrypt(BF_LONG *data, const BF_KEY *key)) +DEPRECATEDIN_3_0(void BF_decrypt(BF_LONG *data, const BF_KEY *key)) + +DEPRECATEDIN_3_0(void BF_ecb_encrypt(const unsigned char *in, + unsigned char *out, const BF_KEY *key, + int enc)) +DEPRECATEDIN_3_0(void BF_cbc_encrypt(const unsigned char *in, + unsigned char *out, long length, + const BF_KEY *schedule, + unsigned char *ivec, int enc)) +DEPRECATEDIN_3_0(void BF_cfb64_encrypt(const unsigned char *in, + unsigned char *out, + long length, const BF_KEY *schedule, + unsigned char *ivec, int *num, int enc)) +DEPRECATEDIN_3_0(void BF_ofb64_encrypt(const unsigned char *in, + unsigned char *out, + long length, const BF_KEY *schedule, + unsigned char *ivec, int *num)) +DEPRECATEDIN_3_0(const char *BF_options(void)) + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/linux_amd64/include/openssl/bn.h b/linux_amd64/include/openssl/bn.h new file mode 100644 index 0000000..69cd127 --- /dev/null +++ b/linux_amd64/include/openssl/bn.h @@ -0,0 +1,561 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_BN_H +# define OPENSSL_BN_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_BN_H +# endif + +# include +# ifndef OPENSSL_NO_STDIO +# include +# endif +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * 64-bit processor with LP64 ABI + */ +# ifdef SIXTY_FOUR_BIT_LONG +# define BN_ULONG unsigned long +# define BN_BYTES 8 +# endif + +/* + * 64-bit processor other than LP64 ABI + */ +# ifdef SIXTY_FOUR_BIT +# define BN_ULONG unsigned long long +# define BN_BYTES 8 +# endif + +# ifdef THIRTY_TWO_BIT +# define BN_ULONG unsigned int +# define BN_BYTES 4 +# endif + +# define BN_BITS2 (BN_BYTES * 8) +# define BN_BITS (BN_BITS2 * 2) +# define BN_TBIT ((BN_ULONG)1 << (BN_BITS2 - 1)) + +# define BN_FLG_MALLOCED 0x01 +# define BN_FLG_STATIC_DATA 0x02 + +/* + * avoid leaking exponent information through timing, + * BN_mod_exp_mont() will call BN_mod_exp_mont_consttime, + * BN_div() will call BN_div_no_branch, + * BN_mod_inverse() will call BN_mod_inverse_no_branch. + */ +# define BN_FLG_CONSTTIME 0x04 +# define BN_FLG_SECURE 0x08 + +# ifndef OPENSSL_NO_DEPRECATED_0_9_8 +/* deprecated name for the flag */ +# define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME +# define BN_FLG_FREE 0x8000 /* used for debugging */ +# endif + +void BN_set_flags(BIGNUM *b, int n); +int BN_get_flags(const BIGNUM *b, int n); + +/* Values for |top| in BN_rand() */ +#define BN_RAND_TOP_ANY -1 +#define BN_RAND_TOP_ONE 0 +#define BN_RAND_TOP_TWO 1 + +/* Values for |bottom| in BN_rand() */ +#define BN_RAND_BOTTOM_ANY 0 +#define BN_RAND_BOTTOM_ODD 1 + +/* + * get a clone of a BIGNUM with changed flags, for *temporary* use only (the + * two BIGNUMs cannot be used in parallel!). Also only for *read only* use. The + * value |dest| should be a newly allocated BIGNUM obtained via BN_new() that + * has not been otherwise initialised or used. + */ +void BN_with_flags(BIGNUM *dest, const BIGNUM *b, int flags); + +/* Wrapper function to make using BN_GENCB easier */ +int BN_GENCB_call(BN_GENCB *cb, int a, int b); + +BN_GENCB *BN_GENCB_new(void); +void BN_GENCB_free(BN_GENCB *cb); + +/* Populate a BN_GENCB structure with an "old"-style callback */ +void BN_GENCB_set_old(BN_GENCB *gencb, void (*callback) (int, int, void *), + void *cb_arg); + +/* Populate a BN_GENCB structure with a "new"-style callback */ +void BN_GENCB_set(BN_GENCB *gencb, int (*callback) (int, int, BN_GENCB *), + void *cb_arg); + +void *BN_GENCB_get_arg(BN_GENCB *cb); + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define BN_prime_checks 0 /* default: select number of iterations based + * on the size of the number */ + +/* + * BN_prime_checks_for_size() returns the number of Miller-Rabin iterations + * that will be done for checking that a random number is probably prime. The + * error rate for accepting a composite number as prime depends on the size of + * the prime |b|. The error rates used are for calculating an RSA key with 2 primes, + * and so the level is what you would expect for a key of double the size of the + * prime. + * + * This table is generated using the algorithm of FIPS PUB 186-4 + * Digital Signature Standard (DSS), section F.1, page 117. + * (https://dx.doi.org/10.6028/NIST.FIPS.186-4) + * + * The following magma script was used to generate the output: + * securitybits:=125; + * k:=1024; + * for t:=1 to 65 do + * for M:=3 to Floor(2*Sqrt(k-1)-1) do + * S:=0; + * // Sum over m + * for m:=3 to M do + * s:=0; + * // Sum over j + * for j:=2 to m do + * s+:=(RealField(32)!2)^-(j+(k-1)/j); + * end for; + * S+:=2^(m-(m-1)*t)*s; + * end for; + * A:=2^(k-2-M*t); + * B:=8*(Pi(RealField(32))^2-6)/3*2^(k-2)*S; + * pkt:=2.00743*Log(2)*k*2^-k*(A+B); + * seclevel:=Floor(-Log(2,pkt)); + * if seclevel ge securitybits then + * printf "k: %5o, security: %o bits (t: %o, M: %o)\n",k,seclevel,t,M; + * break; + * end if; + * end for; + * if seclevel ge securitybits then break; end if; + * end for; + * + * It can be run online at: + * http://magma.maths.usyd.edu.au/calc + * + * And will output: + * k: 1024, security: 129 bits (t: 6, M: 23) + * + * k is the number of bits of the prime, securitybits is the level we want to + * reach. + * + * prime length | RSA key size | # MR tests | security level + * -------------+--------------|------------+--------------- + * (b) >= 6394 | >= 12788 | 3 | 256 bit + * (b) >= 3747 | >= 7494 | 3 | 192 bit + * (b) >= 1345 | >= 2690 | 4 | 128 bit + * (b) >= 1080 | >= 2160 | 5 | 128 bit + * (b) >= 852 | >= 1704 | 5 | 112 bit + * (b) >= 476 | >= 952 | 5 | 80 bit + * (b) >= 400 | >= 800 | 6 | 80 bit + * (b) >= 347 | >= 694 | 7 | 80 bit + * (b) >= 308 | >= 616 | 8 | 80 bit + * (b) >= 55 | >= 110 | 27 | 64 bit + * (b) >= 6 | >= 12 | 34 | 64 bit + */ + +# define BN_prime_checks_for_size(b) ((b) >= 3747 ? 3 : \ + (b) >= 1345 ? 4 : \ + (b) >= 476 ? 5 : \ + (b) >= 400 ? 6 : \ + (b) >= 347 ? 7 : \ + (b) >= 308 ? 8 : \ + (b) >= 55 ? 27 : \ + /* b >= 6 */ 34) +# endif + +# define BN_num_bytes(a) ((BN_num_bits(a)+7)/8) + +int BN_abs_is_word(const BIGNUM *a, const BN_ULONG w); +int BN_is_zero(const BIGNUM *a); +int BN_is_one(const BIGNUM *a); +int BN_is_word(const BIGNUM *a, const BN_ULONG w); +int BN_is_odd(const BIGNUM *a); + +# define BN_one(a) (BN_set_word((a),1)) + +void BN_zero_ex(BIGNUM *a); + +# if OPENSSL_API_LEVEL > 908 +# define BN_zero(a) BN_zero_ex(a) +# else +# define BN_zero(a) (BN_set_word((a),0)) +# endif + +const BIGNUM *BN_value_one(void); +char *BN_options(void); +BN_CTX *BN_CTX_new_ex(OPENSSL_CTX *ctx); +BN_CTX *BN_CTX_new(void); +BN_CTX *BN_CTX_secure_new_ex(OPENSSL_CTX *ctx); +BN_CTX *BN_CTX_secure_new(void); +void BN_CTX_free(BN_CTX *c); +void BN_CTX_start(BN_CTX *ctx); +BIGNUM *BN_CTX_get(BN_CTX *ctx); +void BN_CTX_end(BN_CTX *ctx); +int BN_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, BN_CTX *ctx); +int BN_rand(BIGNUM *rnd, int bits, int top, int bottom); +int BN_priv_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, BN_CTX *ctx); +int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom); +int BN_rand_range_ex(BIGNUM *r, const BIGNUM *range, BN_CTX *ctx); +int BN_rand_range(BIGNUM *rnd, const BIGNUM *range); +int BN_priv_rand_range_ex(BIGNUM *r, const BIGNUM *range, BN_CTX *ctx); +int BN_priv_rand_range(BIGNUM *rnd, const BIGNUM *range); +int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom); +int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range); +int BN_num_bits(const BIGNUM *a); +int BN_num_bits_word(BN_ULONG l); +int BN_security_bits(int L, int N); +BIGNUM *BN_new(void); +BIGNUM *BN_secure_new(void); +void BN_clear_free(BIGNUM *a); +BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b); +void BN_swap(BIGNUM *a, BIGNUM *b); +BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret); +int BN_bn2bin(const BIGNUM *a, unsigned char *to); +int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen); +BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret); +int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen); +BIGNUM *BN_native2bn(const unsigned char *s, int len, BIGNUM *ret); +int BN_bn2nativepad(const BIGNUM *a, unsigned char *to, int tolen); +BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret); +int BN_bn2mpi(const BIGNUM *a, unsigned char *to); +int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); +int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx); +/** BN_set_negative sets sign of a BIGNUM + * \param b pointer to the BIGNUM object + * \param n 0 if the BIGNUM b should be positive and a value != 0 otherwise + */ +void BN_set_negative(BIGNUM *b, int n); +/** BN_is_negative returns 1 if the BIGNUM is negative + * \param b pointer to the BIGNUM object + * \return 1 if a < 0 and 0 otherwise + */ +int BN_is_negative(const BIGNUM *b); + +int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, + BN_CTX *ctx); +# define BN_mod(rem,m,d,ctx) BN_div(NULL,(rem),(m),(d),(ctx)) +int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx); +int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, + BN_CTX *ctx); +int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *m); +int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, + BN_CTX *ctx); +int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *m); +int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, + BN_CTX *ctx); +int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); +int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); +int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m); +int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, + BN_CTX *ctx); +int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m); + +BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w); +BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w); +int BN_mul_word(BIGNUM *a, BN_ULONG w); +int BN_add_word(BIGNUM *a, BN_ULONG w); +int BN_sub_word(BIGNUM *a, BN_ULONG w); +int BN_set_word(BIGNUM *a, BN_ULONG w); +BN_ULONG BN_get_word(const BIGNUM *a); + +int BN_cmp(const BIGNUM *a, const BIGNUM *b); +void BN_free(BIGNUM *a); +int BN_is_bit_set(const BIGNUM *a, int n); +int BN_lshift(BIGNUM *r, const BIGNUM *a, int n); +int BN_lshift1(BIGNUM *r, const BIGNUM *a); +int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); + +int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx); +int BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *in_mont); +int BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +int BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1, const BIGNUM *p1, + const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m, + BN_CTX *ctx, BN_MONT_CTX *m_ctx); +int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx); + +int BN_mask_bits(BIGNUM *a, int n); +# ifndef OPENSSL_NO_STDIO +int BN_print_fp(FILE *fp, const BIGNUM *a); +# endif +int BN_print(BIO *bio, const BIGNUM *a); +int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx); +int BN_rshift(BIGNUM *r, const BIGNUM *a, int n); +int BN_rshift1(BIGNUM *r, const BIGNUM *a); +void BN_clear(BIGNUM *a); +BIGNUM *BN_dup(const BIGNUM *a); +int BN_ucmp(const BIGNUM *a, const BIGNUM *b); +int BN_set_bit(BIGNUM *a, int n); +int BN_clear_bit(BIGNUM *a, int n); +char *BN_bn2hex(const BIGNUM *a); +char *BN_bn2dec(const BIGNUM *a); +int BN_hex2bn(BIGNUM **a, const char *str); +int BN_dec2bn(BIGNUM **a, const char *str); +int BN_asc2bn(BIGNUM **a, const char *str); +int BN_gcd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); +int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); /* returns + * -2 for + * error */ +BIGNUM *BN_mod_inverse(BIGNUM *ret, + const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx); +BIGNUM *BN_mod_sqrt(BIGNUM *ret, + const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx); + +void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords); + +/* Deprecated versions */ +DEPRECATEDIN_0_9_8(BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, + const BIGNUM *add, + const BIGNUM *rem, + void (*callback) (int, int, + void *), + void *cb_arg)) +DEPRECATEDIN_0_9_8(int + BN_is_prime(const BIGNUM *p, int nchecks, + void (*callback) (int, int, void *), + BN_CTX *ctx, void *cb_arg)) +DEPRECATEDIN_0_9_8(int + BN_is_prime_fasttest(const BIGNUM *p, int nchecks, + void (*callback) (int, int, void *), + BN_CTX *ctx, void *cb_arg, + int do_trial_division)) + +DEPRECATEDIN_3_0(int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, BN_GENCB *cb)) +DEPRECATEDIN_3_0(int BN_is_prime_fasttest_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, + int do_trial_division, BN_GENCB *cb)) +/* Newer versions */ +int BN_generate_prime_ex2(BIGNUM *ret, int bits, int safe, + const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb, + BN_CTX *ctx); +int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add, + const BIGNUM *rem, BN_GENCB *cb); +int BN_check_prime(const BIGNUM *p, BN_CTX *ctx, BN_GENCB *cb); + +int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx); + +int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, + const BIGNUM *Xp, const BIGNUM *Xp1, + const BIGNUM *Xp2, const BIGNUM *e, BN_CTX *ctx, + BN_GENCB *cb); +int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, BIGNUM *Xp1, + BIGNUM *Xp2, const BIGNUM *Xp, const BIGNUM *e, + BN_CTX *ctx, BN_GENCB *cb); + +BN_MONT_CTX *BN_MONT_CTX_new(void); +int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + BN_MONT_CTX *mont, BN_CTX *ctx); +int BN_to_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, + BN_CTX *ctx); +int BN_from_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, + BN_CTX *ctx); +void BN_MONT_CTX_free(BN_MONT_CTX *mont); +int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx); +BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from); +BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, CRYPTO_RWLOCK *lock, + const BIGNUM *mod, BN_CTX *ctx); + +/* BN_BLINDING flags */ +# define BN_BLINDING_NO_UPDATE 0x00000001 +# define BN_BLINDING_NO_RECREATE 0x00000002 + +BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod); +void BN_BLINDING_free(BN_BLINDING *b); +int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx); +int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); +int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); +int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *); +int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, + BN_CTX *); + +int BN_BLINDING_is_current_thread(BN_BLINDING *b); +void BN_BLINDING_set_current_thread(BN_BLINDING *b); +int BN_BLINDING_lock(BN_BLINDING *b); +int BN_BLINDING_unlock(BN_BLINDING *b); + +unsigned long BN_BLINDING_get_flags(const BN_BLINDING *); +void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long); +BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, + const BIGNUM *e, BIGNUM *m, BN_CTX *ctx, + int (*bn_mod_exp) (BIGNUM *r, + const BIGNUM *a, + const BIGNUM *p, + const BIGNUM *m, + BN_CTX *ctx, + BN_MONT_CTX *m_ctx), + BN_MONT_CTX *m_ctx); + +DEPRECATEDIN_0_9_8(void BN_set_params(int mul, int high, int low, int mont)) +DEPRECATEDIN_0_9_8(int BN_get_params(int which)) /* 0, mul, 1 high, 2 low, 3 + * mont */ + +BN_RECP_CTX *BN_RECP_CTX_new(void); +void BN_RECP_CTX_free(BN_RECP_CTX *recp); +int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *rdiv, BN_CTX *ctx); +int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y, + BN_RECP_CTX *recp, BN_CTX *ctx); +int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx); +int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, + BN_RECP_CTX *recp, BN_CTX *ctx); + +# ifndef OPENSSL_NO_EC2M + +/* + * Functions for arithmetic over binary polynomials represented by BIGNUMs. + * The BIGNUM::neg property of BIGNUMs representing binary polynomials is + * ignored. Note that input arguments are not const so that their bit arrays + * can be expanded to the appropriate size if needed. + */ + +/* + * r = a + b + */ +int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +# define BN_GF2m_sub(r, a, b) BN_GF2m_add(r, a, b) +/* + * r=a mod p + */ +int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p); +/* r = (a * b) mod p */ +int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *p, BN_CTX *ctx); +/* r = (a * a) mod p */ +int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +/* r = (1 / b) mod p */ +int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx); +/* r = (a / b) mod p */ +int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *p, BN_CTX *ctx); +/* r = (a ^ b) mod p */ +int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *p, BN_CTX *ctx); +/* r = sqrt(a) mod p */ +int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + BN_CTX *ctx); +/* r^2 + r = a mod p */ +int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + BN_CTX *ctx); +# define BN_GF2m_cmp(a, b) BN_ucmp((a), (b)) +/*- + * Some functions allow for representation of the irreducible polynomials + * as an unsigned int[], say p. The irreducible f(t) is then of the form: + * t^p[0] + t^p[1] + ... + t^p[k] + * where m = p[0] > p[1] > ... > p[k] = 0. + */ +/* r = a mod p */ +int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[]); +/* r = (a * b) mod p */ +int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const int p[], BN_CTX *ctx); +/* r = (a * a) mod p */ +int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[], + BN_CTX *ctx); +/* r = (1 / b) mod p */ +int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const int p[], + BN_CTX *ctx); +/* r = (a / b) mod p */ +int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const int p[], BN_CTX *ctx); +/* r = (a ^ b) mod p */ +int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const int p[], BN_CTX *ctx); +/* r = sqrt(a) mod p */ +int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, + const int p[], BN_CTX *ctx); +/* r^2 + r = a mod p */ +int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a, + const int p[], BN_CTX *ctx); +int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max); +int BN_GF2m_arr2poly(const int p[], BIGNUM *a); + +# endif + +/* + * faster mod functions for the 'NIST primes' 0 <= a < p^2 + */ +int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); + +const BIGNUM *BN_get0_nist_prime_192(void); +const BIGNUM *BN_get0_nist_prime_224(void); +const BIGNUM *BN_get0_nist_prime_256(void); +const BIGNUM *BN_get0_nist_prime_384(void); +const BIGNUM *BN_get0_nist_prime_521(void); + +int (*BN_nist_mod_func(const BIGNUM *p)) (BIGNUM *r, const BIGNUM *a, + const BIGNUM *field, BN_CTX *ctx); + +int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, + const BIGNUM *priv, const unsigned char *message, + size_t message_len, BN_CTX *ctx); + +# ifndef OPENSSL_NO_DH +/* Primes from RFC 2409 */ +BIGNUM *BN_get_rfc2409_prime_768(BIGNUM *bn); +BIGNUM *BN_get_rfc2409_prime_1024(BIGNUM *bn); + +/* Primes from RFC 3526 */ +BIGNUM *BN_get_rfc3526_prime_1536(BIGNUM *bn); +BIGNUM *BN_get_rfc3526_prime_2048(BIGNUM *bn); +BIGNUM *BN_get_rfc3526_prime_3072(BIGNUM *bn); +BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *bn); +BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn); +BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn); + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define get_rfc2409_prime_768 BN_get_rfc2409_prime_768 +# define get_rfc2409_prime_1024 BN_get_rfc2409_prime_1024 +# define get_rfc3526_prime_1536 BN_get_rfc3526_prime_1536 +# define get_rfc3526_prime_2048 BN_get_rfc3526_prime_2048 +# define get_rfc3526_prime_3072 BN_get_rfc3526_prime_3072 +# define get_rfc3526_prime_4096 BN_get_rfc3526_prime_4096 +# define get_rfc3526_prime_6144 BN_get_rfc3526_prime_6144 +# define get_rfc3526_prime_8192 BN_get_rfc3526_prime_8192 +# endif +# endif + +int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom); + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/linux_amd64/include/openssl/bnerr.h b/linux_amd64/include/openssl/bnerr.h new file mode 100644 index 0000000..cce4cbb --- /dev/null +++ b/linux_amd64/include/openssl/bnerr.h @@ -0,0 +1,110 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_BNERR_H +# define OPENSSL_BNERR_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_BNERR_H +# endif + +# include +# include + + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_BN_strings(void); + +/* + * BN function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define BN_F_BNRAND 0 +# define BN_F_BNRAND_RANGE 0 +# define BN_F_BN_BLINDING_CONVERT_EX 0 +# define BN_F_BN_BLINDING_CREATE_PARAM 0 +# define BN_F_BN_BLINDING_INVERT_EX 0 +# define BN_F_BN_BLINDING_NEW 0 +# define BN_F_BN_BLINDING_UPDATE 0 +# define BN_F_BN_BN2DEC 0 +# define BN_F_BN_BN2HEX 0 +# define BN_F_BN_COMPUTE_WNAF 0 +# define BN_F_BN_CTX_GET 0 +# define BN_F_BN_CTX_NEW 0 +# define BN_F_BN_CTX_NEW_EX 0 +# define BN_F_BN_CTX_START 0 +# define BN_F_BN_DIV 0 +# define BN_F_BN_DIV_RECP 0 +# define BN_F_BN_EXP 0 +# define BN_F_BN_EXPAND_INTERNAL 0 +# define BN_F_BN_GENCB_NEW 0 +# define BN_F_BN_GENERATE_DSA_NONCE 0 +# define BN_F_BN_GENERATE_PRIME_EX 0 +# define BN_F_BN_GF2M_MOD 0 +# define BN_F_BN_GF2M_MOD_EXP 0 +# define BN_F_BN_GF2M_MOD_MUL 0 +# define BN_F_BN_GF2M_MOD_SOLVE_QUAD 0 +# define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR 0 +# define BN_F_BN_GF2M_MOD_SQR 0 +# define BN_F_BN_GF2M_MOD_SQRT 0 +# define BN_F_BN_LSHIFT 0 +# define BN_F_BN_MOD_EXP2_MONT 0 +# define BN_F_BN_MOD_EXP_MONT 0 +# define BN_F_BN_MOD_EXP_MONT_CONSTTIME 0 +# define BN_F_BN_MOD_EXP_MONT_WORD 0 +# define BN_F_BN_MOD_EXP_RECP 0 +# define BN_F_BN_MOD_EXP_SIMPLE 0 +# define BN_F_BN_MOD_INVERSE 0 +# define BN_F_BN_MOD_INVERSE_NO_BRANCH 0 +# define BN_F_BN_MOD_LSHIFT_QUICK 0 +# define BN_F_BN_MOD_SQRT 0 +# define BN_F_BN_MONT_CTX_NEW 0 +# define BN_F_BN_MPI2BN 0 +# define BN_F_BN_NEW 0 +# define BN_F_BN_POOL_GET 0 +# define BN_F_BN_RAND 0 +# define BN_F_BN_RAND_RANGE 0 +# define BN_F_BN_RECP_CTX_NEW 0 +# define BN_F_BN_RSHIFT 0 +# define BN_F_BN_SET_WORDS 0 +# define BN_F_BN_STACK_PUSH 0 +# define BN_F_BN_USUB 0 +# endif + +/* + * BN reason codes. + */ +# define BN_R_ARG2_LT_ARG3 100 +# define BN_R_BAD_RECIPROCAL 101 +# define BN_R_BIGNUM_TOO_LONG 114 +# define BN_R_BITS_TOO_SMALL 118 +# define BN_R_CALLED_WITH_EVEN_MODULUS 102 +# define BN_R_DIV_BY_ZERO 103 +# define BN_R_ENCODING_ERROR 104 +# define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA 105 +# define BN_R_INPUT_NOT_REDUCED 110 +# define BN_R_INVALID_LENGTH 106 +# define BN_R_INVALID_RANGE 115 +# define BN_R_INVALID_SHIFT 119 +# define BN_R_NOT_A_SQUARE 111 +# define BN_R_NOT_INITIALIZED 107 +# define BN_R_NO_INVERSE 108 +# define BN_R_NO_SOLUTION 116 +# define BN_R_NO_SUITABLE_DIGEST 120 +# define BN_R_PRIVATE_KEY_TOO_LARGE 117 +# define BN_R_P_IS_NOT_PRIME 112 +# define BN_R_TOO_MANY_ITERATIONS 113 +# define BN_R_TOO_MANY_TEMPORARY_VARIABLES 109 + +#endif diff --git a/linux_amd64/include/openssl/buffer.h b/linux_amd64/include/openssl/buffer.h new file mode 100644 index 0000000..5773b98 --- /dev/null +++ b/linux_amd64/include/openssl/buffer.h @@ -0,0 +1,62 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_BUFFER_H +# define OPENSSL_BUFFER_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_BUFFER_H +# endif + +# include +# ifndef OPENSSL_CRYPTO_H +# include +# endif +# include + + +#ifdef __cplusplus +extern "C" { +#endif + +# include +# include + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define BUF_strdup(s) OPENSSL_strdup(s) +# define BUF_strndup(s, size) OPENSSL_strndup(s, size) +# define BUF_memdup(data, size) OPENSSL_memdup(data, size) +# define BUF_strlcpy(dst, src, size) OPENSSL_strlcpy(dst, src, size) +# define BUF_strlcat(dst, src, size) OPENSSL_strlcat(dst, src, size) +# define BUF_strnlen(str, maxlen) OPENSSL_strnlen(str, maxlen) +# endif + +struct buf_mem_st { + size_t length; /* current number of bytes */ + char *data; + size_t max; /* size of buffer */ + unsigned long flags; +}; + +# define BUF_MEM_FLAG_SECURE 0x01 + +BUF_MEM *BUF_MEM_new(void); +BUF_MEM *BUF_MEM_new_ex(unsigned long flags); +void BUF_MEM_free(BUF_MEM *a); +size_t BUF_MEM_grow(BUF_MEM *str, size_t len); +size_t BUF_MEM_grow_clean(BUF_MEM *str, size_t len); +void BUF_reverse(unsigned char *out, const unsigned char *in, size_t siz); + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/linux_amd64/include/openssl/buffererr.h b/linux_amd64/include/openssl/buffererr.h new file mode 100644 index 0000000..1a5de3a --- /dev/null +++ b/linux_amd64/include/openssl/buffererr.h @@ -0,0 +1,42 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_BUFFERERR_H +# define OPENSSL_BUFFERERR_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_BUFERR_H +# endif + +# include +# include + + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_BUF_strings(void); + +/* + * BUF function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define BUF_F_BUF_MEM_GROW 0 +# define BUF_F_BUF_MEM_GROW_CLEAN 0 +# define BUF_F_BUF_MEM_NEW 0 +# endif + +/* + * BUF reason codes. + */ + +#endif diff --git a/linux_amd64/include/openssl/camellia.h b/linux_amd64/include/openssl/camellia.h new file mode 100644 index 0000000..dc95dee --- /dev/null +++ b/linux_amd64/include/openssl/camellia.h @@ -0,0 +1,118 @@ +/* + * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_CAMELLIA_H +# define OPENSSL_CAMELLIA_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_CAMELLIA_H +# endif + +# include + +# ifndef OPENSSL_NO_CAMELLIA +# include +#ifdef __cplusplus +extern "C" { +#endif + +# define CAMELLIA_BLOCK_SIZE 16 + +# ifndef OPENSSL_NO_DEPRECATED_3_0 + +# define CAMELLIA_ENCRYPT 1 +# define CAMELLIA_DECRYPT 0 + +/* + * Because array size can't be a const in C, the following two are macros. + * Both sizes are in bytes. + */ + +/* This should be a hidden type, but EVP requires that the size be known */ + +# define CAMELLIA_TABLE_BYTE_LEN 272 +# define CAMELLIA_TABLE_WORD_LEN (CAMELLIA_TABLE_BYTE_LEN / 4) + +typedef unsigned int KEY_TABLE_TYPE[CAMELLIA_TABLE_WORD_LEN]; /* to match + * with WORD */ + +struct camellia_key_st { + union { + double d; /* ensures 64-bit align */ + KEY_TABLE_TYPE rd_key; + } u; + int grand_rounds; +}; +typedef struct camellia_key_st CAMELLIA_KEY; + +# endif /* OPENSSL_NO_DEPRECATED_3_0 */ + +DEPRECATEDIN_3_0(int Camellia_set_key(const unsigned char *userKey, + const int bits, + CAMELLIA_KEY *key)) + +DEPRECATEDIN_3_0(void Camellia_encrypt(const unsigned char *in, + unsigned char *out, + const CAMELLIA_KEY *key)) +DEPRECATEDIN_3_0(void Camellia_decrypt(const unsigned char *in, + unsigned char *out, + const CAMELLIA_KEY *key)) + +DEPRECATEDIN_3_0(void Camellia_ecb_encrypt(const unsigned char *in, + unsigned char *out, + const CAMELLIA_KEY *key, + const int enc)) +DEPRECATEDIN_3_0(void Camellia_cbc_encrypt(const unsigned char *in, + unsigned char *out, + size_t length, const + CAMELLIA_KEY *key, + unsigned char *ivec, const int enc)) +DEPRECATEDIN_3_0(void Camellia_cfb128_encrypt(const unsigned char *in, + unsigned char *out, + size_t length, + const CAMELLIA_KEY *key, + unsigned char *ivec, + int *num, + const int enc)) +DEPRECATEDIN_3_0(void Camellia_cfb1_encrypt(const unsigned char *in, + unsigned char *out, + size_t length, + const CAMELLIA_KEY *key, + unsigned char *ivec, + int *num, + const int enc)) +DEPRECATEDIN_3_0(void Camellia_cfb8_encrypt(const unsigned char *in, + unsigned char *out, + size_t length, + const CAMELLIA_KEY *key, + unsigned char *ivec, + int *num, + const int enc)) +DEPRECATEDIN_3_0(void Camellia_ofb128_encrypt(const unsigned char *in, + unsigned char *out, + size_t length, + const CAMELLIA_KEY *key, + unsigned char *ivec, + int *num)) +DEPRECATEDIN_3_0(void Camellia_ctr128_encrypt(const unsigned char *in, + unsigned char *out, + size_t length, + const CAMELLIA_KEY *key, + unsigned char ivec[CAMELLIA_BLOCK_SIZE], + unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE], + unsigned int *num)) + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/linux_amd64/include/openssl/cast.h b/linux_amd64/include/openssl/cast.h new file mode 100644 index 0000000..f338d41 --- /dev/null +++ b/linux_amd64/include/openssl/cast.h @@ -0,0 +1,78 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_CAST_H +# define OPENSSL_CAST_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_CAST_H +# endif + +# include + +# ifndef OPENSSL_NO_CAST +# ifdef __cplusplus +extern "C" { +# endif + +# define CAST_BLOCK 8 +# define CAST_KEY_LENGTH 16 + +# ifndef OPENSSL_NO_DEPRECATED_3_0 + +# define CAST_ENCRYPT 1 +# define CAST_DECRYPT 0 + +# define CAST_LONG unsigned int + +typedef struct cast_key_st { + CAST_LONG data[32]; + int short_key; /* Use reduced rounds for short key */ +} CAST_KEY; + +# endif /* OPENSSL_NO_DEPRECATED_3_0 */ + +DEPRECATEDIN_3_0(void CAST_set_key(CAST_KEY *key, int len, + const unsigned char *data)) +DEPRECATEDIN_3_0(void CAST_ecb_encrypt(const unsigned char *in, + unsigned char *out, + const CAST_KEY *key, + int enc)) +DEPRECATEDIN_3_0(void CAST_encrypt(CAST_LONG *data, + const CAST_KEY *key)) +DEPRECATEDIN_3_0(void CAST_decrypt(CAST_LONG *data, + const CAST_KEY *key)) +DEPRECATEDIN_3_0(void CAST_cbc_encrypt(const unsigned char *in, + unsigned char *out, + long length, + const CAST_KEY *ks, + unsigned char *iv, + int enc)) +DEPRECATEDIN_3_0(void CAST_cfb64_encrypt(const unsigned char *in, + unsigned char *out, + long length, + const CAST_KEY *schedule, + unsigned char *ivec, + int *num, + int enc)) +DEPRECATEDIN_3_0(void CAST_ofb64_encrypt(const unsigned char *in, + unsigned char *out, + long length, + const CAST_KEY *schedule, + unsigned char *ivec, + int *num)) + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/linux_amd64/include/openssl/cmac.h b/linux_amd64/include/openssl/cmac.h new file mode 100644 index 0000000..2f43ece --- /dev/null +++ b/linux_amd64/include/openssl/cmac.h @@ -0,0 +1,50 @@ +/* + * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_CMAC_H +# define OPENSSL_CMAC_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_CMAC_H +# endif + +# ifndef OPENSSL_NO_CMAC + +# ifdef __cplusplus +extern "C" { +# endif + +# include + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +/* Opaque */ +typedef struct CMAC_CTX_st CMAC_CTX; +# endif + +DEPRECATEDIN_3_0(CMAC_CTX *CMAC_CTX_new(void)) +DEPRECATEDIN_3_0(void CMAC_CTX_cleanup(CMAC_CTX *ctx)) +DEPRECATEDIN_3_0(void CMAC_CTX_free(CMAC_CTX *ctx)) +DEPRECATEDIN_3_0(EVP_CIPHER_CTX *CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx)) +DEPRECATEDIN_3_0(int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in)) + +DEPRECATEDIN_3_0(int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen, + const EVP_CIPHER *cipher, ENGINE *impl)) +DEPRECATEDIN_3_0(int CMAC_Update(CMAC_CTX *ctx, const void *data, size_t dlen)) +DEPRECATEDIN_3_0(int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, + size_t *poutlen)) +DEPRECATEDIN_3_0(int CMAC_resume(CMAC_CTX *ctx)) + +# ifdef __cplusplus +} +# endif + +# endif +#endif diff --git a/linux_amd64/include/openssl/cmp.h b/linux_amd64/include/openssl/cmp.h new file mode 100644 index 0000000..43dcc69 --- /dev/null +++ b/linux_amd64/include/openssl/cmp.h @@ -0,0 +1,360 @@ +/* + * Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright Nokia 2007-2019 + * Copyright Siemens AG 2015-2019 + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_CMP_H +# define OPENSSL_CMP_H + +# include +# ifndef OPENSSL_NO_CMP + +# include +# include +# include +# include + +/* explicit #includes not strictly needed since implied by the above: */ +# include +# include +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +# define OSSL_CMP_PVNO 2 + +/*- + * PKIFailureInfo ::= BIT STRING { + * -- since we can fail in more than one way! + * -- More codes may be added in the future if/when required. + * badAlg (0), + * -- unrecognized or unsupported Algorithm Identifier + * badMessageCheck (1), + * -- integrity check failed (e.g., signature did not verify) + * badRequest (2), + * -- transaction not permitted or supported + * badTime (3), + * -- messageTime was not sufficiently close to the system time, + * -- as defined by local policy + * badCertId (4), + * -- no certificate could be found matching the provided criteria + * badDataFormat (5), + * -- the data submitted has the wrong format + * wrongAuthority (6), + * -- the authority indicated in the request is different from the + * -- one creating the response token + * incorrectData (7), + * -- the requester's data is incorrect (for notary services) + * missingTimeStamp (8), + * -- when the timestamp is missing but should be there + * -- (by policy) + * badPOP (9), + * -- the proof-of-possession failed + * certRevoked (10), + * -- the certificate has already been revoked + * certConfirmed (11), + * -- the certificate has already been confirmed + * wrongIntegrity (12), + * -- invalid integrity, password based instead of signature or + * -- vice versa + * badRecipientNonce (13), + * -- invalid recipient nonce, either missing or wrong value + * timeNotAvailable (14), + * -- the TSA's time source is not available + * unacceptedPolicy (15), + * -- the requested TSA policy is not supported by the TSA. + * unacceptedExtension (16), + * -- the requested extension is not supported by the TSA. + * addInfoNotAvailable (17), + * -- the additional information requested could not be + * -- understood or is not available + * badSenderNonce (18), + * -- invalid sender nonce, either missing or wrong size + * badCertTemplate (19), + * -- invalid cert. template or missing mandatory information + * signerNotTrusted (20), + * -- signer of the message unknown or not trusted + * transactionIdInUse (21), + * -- the transaction identifier is already in use + * unsupportedVersion (22), + * -- the version of the message is not supported + * notAuthorized (23), + * -- the sender was not authorized to make the preceding + * -- request or perform the preceding action + * systemUnavail (24), + * -- the request cannot be handled due to system unavailability + * systemFailure (25), + * -- the request cannot be handled due to system failure + * duplicateCertReq (26) + * -- certificate cannot be issued because a duplicate + * -- certificate already exists + * } + */ +# define OSSL_CMP_PKIFAILUREINFO_badAlg 0 +# define OSSL_CMP_PKIFAILUREINFO_badMessageCheck 1 +# define OSSL_CMP_PKIFAILUREINFO_badRequest 2 +# define OSSL_CMP_PKIFAILUREINFO_badTime 3 +# define OSSL_CMP_PKIFAILUREINFO_badCertId 4 +# define OSSL_CMP_PKIFAILUREINFO_badDataFormat 5 +# define OSSL_CMP_PKIFAILUREINFO_wrongAuthority 6 +# define OSSL_CMP_PKIFAILUREINFO_incorrectData 7 +# define OSSL_CMP_PKIFAILUREINFO_missingTimeStamp 8 +# define OSSL_CMP_PKIFAILUREINFO_badPOP 9 +# define OSSL_CMP_PKIFAILUREINFO_certRevoked 10 +# define OSSL_CMP_PKIFAILUREINFO_certConfirmed 11 +# define OSSL_CMP_PKIFAILUREINFO_wrongIntegrity 12 +# define OSSL_CMP_PKIFAILUREINFO_badRecipientNonce 13 +# define OSSL_CMP_PKIFAILUREINFO_timeNotAvailable 14 +# define OSSL_CMP_PKIFAILUREINFO_unacceptedPolicy 15 +# define OSSL_CMP_PKIFAILUREINFO_unacceptedExtension 16 +# define OSSL_CMP_PKIFAILUREINFO_addInfoNotAvailable 17 +# define OSSL_CMP_PKIFAILUREINFO_badSenderNonce 18 +# define OSSL_CMP_PKIFAILUREINFO_badCertTemplate 19 +# define OSSL_CMP_PKIFAILUREINFO_signerNotTrusted 20 +# define OSSL_CMP_PKIFAILUREINFO_transactionIdInUse 21 +# define OSSL_CMP_PKIFAILUREINFO_unsupportedVersion 22 +# define OSSL_CMP_PKIFAILUREINFO_notAuthorized 23 +# define OSSL_CMP_PKIFAILUREINFO_systemUnavail 24 +# define OSSL_CMP_PKIFAILUREINFO_systemFailure 25 +# define OSSL_CMP_PKIFAILUREINFO_duplicateCertReq 26 +# define OSSL_CMP_PKIFAILUREINFO_MAX 26 +# define OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN \ + ((1 << (OSSL_CMP_PKIFAILUREINFO_MAX + 1)) - 1) +# if OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN > INT_MAX +# error CMP_PKIFAILUREINFO_MAX bit pattern does not fit in type int +# endif + +typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO; + +# define OSSL_CMP_CTX_FAILINFO_badAlg (1 << 0) +# define OSSL_CMP_CTX_FAILINFO_badMessageCheck (1 << 1) +# define OSSL_CMP_CTX_FAILINFO_badRequest (1 << 2) +# define OSSL_CMP_CTX_FAILINFO_badTime (1 << 3) +# define OSSL_CMP_CTX_FAILINFO_badCertId (1 << 4) +# define OSSL_CMP_CTX_FAILINFO_badDataFormat (1 << 5) +# define OSSL_CMP_CTX_FAILINFO_wrongAuthority (1 << 6) +# define OSSL_CMP_CTX_FAILINFO_incorrectData (1 << 7) +# define OSSL_CMP_CTX_FAILINFO_missingTimeStamp (1 << 8) +# define OSSL_CMP_CTX_FAILINFO_badPOP (1 << 9) +# define OSSL_CMP_CTX_FAILINFO_certRevoked (1 << 10) +# define OSSL_CMP_CTX_FAILINFO_certConfirmed (1 << 11) +# define OSSL_CMP_CTX_FAILINFO_wrongIntegrity (1 << 12) +# define OSSL_CMP_CTX_FAILINFO_badRecipientNonce (1 << 13) +# define OSSL_CMP_CTX_FAILINFO_timeNotAvailable (1 << 14) +# define OSSL_CMP_CTX_FAILINFO_unacceptedPolicy (1 << 15) +# define OSSL_CMP_CTX_FAILINFO_unacceptedExtension (1 << 16) +# define OSSL_CMP_CTX_FAILINFO_addInfoNotAvailable (1 << 17) +# define OSSL_CMP_CTX_FAILINFO_badSenderNonce (1 << 18) +# define OSSL_CMP_CTX_FAILINFO_badCertTemplate (1 << 19) +# define OSSL_CMP_CTX_FAILINFO_signerNotTrusted (1 << 20) +# define OSSL_CMP_CTX_FAILINFO_transactionIdInUse (1 << 21) +# define OSSL_CMP_CTX_FAILINFO_unsupportedVersion (1 << 22) +# define OSSL_CMP_CTX_FAILINFO_notAuthorized (1 << 23) +# define OSSL_CMP_CTX_FAILINFO_systemUnavail (1 << 24) +# define OSSL_CMP_CTX_FAILINFO_systemFailure (1 << 25) +# define OSSL_CMP_CTX_FAILINFO_duplicateCertReq (1 << 26) + +/*- + * PKIStatus ::= INTEGER { + * accepted (0), + * -- you got exactly what you asked for + * grantedWithMods (1), + * -- you got something like what you asked for; the + * -- requester is responsible for ascertaining the differences + * rejection (2), + * -- you don't get it, more information elsewhere in the message + * waiting (3), + * -- the request body part has not yet been processed; expect to + * -- hear more later (note: proper handling of this status + * -- response MAY use the polling req/rep PKIMessages specified + * -- in Section 5.3.22; alternatively, polling in the underlying + * -- transport layer MAY have some utility in this regard) + * revocationWarning (4), + * -- this message contains a warning that a revocation is + * -- imminent + * revocationNotification (5), + * -- notification that a revocation has occurred + * keyUpdateWarning (6) + * -- update already done for the oldCertId specified in + * -- CertReqMsg + * } + */ +# define OSSL_CMP_PKISTATUS_accepted 0 +# define OSSL_CMP_PKISTATUS_grantedWithMods 1 +# define OSSL_CMP_PKISTATUS_rejection 2 +# define OSSL_CMP_PKISTATUS_waiting 3 +# define OSSL_CMP_PKISTATUS_revocationWarning 4 +# define OSSL_CMP_PKISTATUS_revocationNotification 5 +# define OSSL_CMP_PKISTATUS_keyUpdateWarning 6 + +typedef ASN1_INTEGER OSSL_CMP_PKISTATUS; +DECLARE_ASN1_ITEM(OSSL_CMP_PKISTATUS) + +# define OSSL_CMP_CERTORENCCERT_CERTIFICATE 0 +# define OSSL_CMP_CERTORENCCERT_ENCRYPTEDCERT 1 + +/* data type declarations */ +typedef struct ossl_cmp_ctx_st OSSL_CMP_CTX; +typedef struct ossl_cmp_pkiheader_st OSSL_CMP_PKIHEADER; +DECLARE_ASN1_FUNCTIONS(OSSL_CMP_PKIHEADER) +typedef struct ossl_cmp_msg_st OSSL_CMP_MSG; +DECLARE_ASN1_ENCODE_FUNCTIONS(OSSL_CMP_MSG, OSSL_CMP_MSG, OSSL_CMP_MSG) +typedef struct ossl_cmp_certstatus_st OSSL_CMP_CERTSTATUS; +DEFINE_STACK_OF(OSSL_CMP_CERTSTATUS) +typedef struct ossl_cmp_itav_st OSSL_CMP_ITAV; +DEFINE_STACK_OF(OSSL_CMP_ITAV) +typedef struct ossl_cmp_revrepcontent_st OSSL_CMP_REVREPCONTENT; +typedef struct ossl_cmp_pkisi_st OSSL_CMP_PKISI; +DEFINE_STACK_OF(OSSL_CMP_PKISI) +typedef struct ossl_cmp_certrepmessage_st OSSL_CMP_CERTREPMESSAGE; +DEFINE_STACK_OF(OSSL_CMP_CERTREPMESSAGE) +typedef struct ossl_cmp_pollrep_st OSSL_CMP_POLLREP; +typedef STACK_OF(OSSL_CMP_POLLREP) OSSL_CMP_POLLREPCONTENT; +typedef struct ossl_cmp_certresponse_st OSSL_CMP_CERTRESPONSE; +DEFINE_STACK_OF(OSSL_CMP_CERTRESPONSE) +typedef STACK_OF(ASN1_UTF8STRING) OSSL_CMP_PKIFREETEXT; + +/* + * function DECLARATIONS + */ + +/* from cmp_asn.c */ +OSSL_CMP_ITAV *OSSL_CMP_ITAV_create(ASN1_OBJECT *type, ASN1_TYPE *value); +void OSSL_CMP_ITAV_set0(OSSL_CMP_ITAV *itav, ASN1_OBJECT *type, + ASN1_TYPE *value); +ASN1_OBJECT *OSSL_CMP_ITAV_get0_type(const OSSL_CMP_ITAV *itav); +ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav); +int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p, + OSSL_CMP_ITAV *itav); +void OSSL_CMP_ITAV_free(OSSL_CMP_ITAV *itav); +void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg); + +/* from cmp_ctx.c */ +OSSL_CMP_CTX *OSSL_CMP_CTX_new(void); +void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx); +int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx); +/* various CMP options: */ +# define OSSL_CMP_OPT_LOG_VERBOSITY 0 +# define OSSL_CMP_OPT_MSGTIMEOUT 1 +# define OSSL_CMP_OPT_TOTALTIMEOUT 2 +# define OSSL_CMP_OPT_VALIDITYDAYS 3 +# define OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT 4 +# define OSSL_CMP_OPT_SUBJECTALTNAME_CRITICAL 5 +# define OSSL_CMP_OPT_POLICIES_CRITICAL 6 +# define OSSL_CMP_OPT_POPOMETHOD 7 +# define OSSL_CMP_OPT_DIGEST_ALGNID 8 +# define OSSL_CMP_OPT_OWF_ALGNID 9 +# define OSSL_CMP_OPT_MAC_ALGNID 10 +# define OSSL_CMP_OPT_REVOCATION_REASON 11 +# define OSSL_CMP_OPT_IMPLICITCONFIRM 12 +# define OSSL_CMP_OPT_DISABLECONFIRM 13 +# define OSSL_CMP_OPT_UNPROTECTED_SEND 14 +# define OSSL_CMP_OPT_UNPROTECTED_ERRORS 15 +# define OSSL_CMP_OPT_IGNORE_KEYUSAGE 16 +# define OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR 17 +int OSSL_CMP_CTX_set_option(OSSL_CMP_CTX *ctx, int opt, int val); +int OSSL_CMP_CTX_get_option(const OSSL_CMP_CTX *ctx, int opt); +/* CMP-specific callback for logging and outputting the error queue: */ +int OSSL_CMP_CTX_set_log_cb(OSSL_CMP_CTX *ctx, OSSL_cmp_log_cb_t cb); +# define OSSL_CMP_CTX_set_log_verbosity(ctx, level) \ + OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_LOG_VERBOSITY, level) +void OSSL_CMP_CTX_print_errors(OSSL_CMP_CTX *ctx); +/* message transfer: */ +int OSSL_CMP_CTX_set1_serverPath(OSSL_CMP_CTX *ctx, const char *path); +int OSSL_CMP_CTX_set1_serverName(OSSL_CMP_CTX *ctx, const char *name); +int OSSL_CMP_CTX_set_serverPort(OSSL_CMP_CTX *ctx, int port); +int OSSL_CMP_CTX_set1_proxyName(OSSL_CMP_CTX *ctx, const char *name); +int OSSL_CMP_CTX_set_proxyPort(OSSL_CMP_CTX *ctx, int port); +# define OSSL_CMP_DEFAULT_PORT 80 +int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_HTTP_bio_cb_t cb); +int OSSL_CMP_CTX_set_http_cb_arg(OSSL_CMP_CTX *ctx, void *arg); +void *OSSL_CMP_CTX_get_http_cb_arg(const OSSL_CMP_CTX *ctx); +typedef OSSL_CMP_MSG *(*OSSL_cmp_transfer_cb_t) (OSSL_CMP_CTX *ctx, + const OSSL_CMP_MSG *req); +int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX *ctx, OSSL_cmp_transfer_cb_t cb); +int OSSL_CMP_CTX_set_transfer_cb_arg(OSSL_CMP_CTX *ctx, void *arg); +void *OSSL_CMP_CTX_get_transfer_cb_arg(const OSSL_CMP_CTX *ctx); +/* server authentication: */ +int OSSL_CMP_CTX_set1_srvCert(OSSL_CMP_CTX *ctx, X509 *cert); +int OSSL_CMP_CTX_set1_expected_sender(OSSL_CMP_CTX *ctx, const X509_NAME *name); +int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX *ctx, X509_STORE *store); +X509_STORE *OSSL_CMP_CTX_get0_trustedStore(const OSSL_CMP_CTX *ctx); +int OSSL_CMP_CTX_set1_untrusted_certs(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs); +STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted_certs(const OSSL_CMP_CTX *ctx); +/* client authentication: */ +int OSSL_CMP_CTX_set1_clCert(OSSL_CMP_CTX *ctx, X509 *cert); +int OSSL_CMP_CTX_set1_pkey(OSSL_CMP_CTX *ctx, EVP_PKEY *pkey); +int OSSL_CMP_CTX_set1_referenceValue(OSSL_CMP_CTX *ctx, + const unsigned char *ref, int len); +int OSSL_CMP_CTX_set1_secretValue(OSSL_CMP_CTX *ctx, const unsigned char *sec, + const int len); +/* CMP message header and extra certificates: */ +int OSSL_CMP_CTX_set1_recipient(OSSL_CMP_CTX *ctx, const X509_NAME *name); +int OSSL_CMP_CTX_push0_geninfo_ITAV(OSSL_CMP_CTX *ctx, OSSL_CMP_ITAV *itav); +int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx, + STACK_OF(X509) *extraCertsOut); +/* certificate template: */ +int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey); +EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv); +int OSSL_CMP_CTX_set1_issuer(OSSL_CMP_CTX *ctx, const X509_NAME *name); +int OSSL_CMP_CTX_set1_subjectName(OSSL_CMP_CTX *ctx, const X509_NAME *name); +int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx, const GENERAL_NAME *name); +int OSSL_CMP_CTX_set0_reqExtensions(OSSL_CMP_CTX *ctx, X509_EXTENSIONS *exts); +int OSSL_CMP_CTX_reqExtensions_have_SAN(OSSL_CMP_CTX *ctx); +int OSSL_CMP_CTX_push0_policy(OSSL_CMP_CTX *ctx, POLICYINFO *pinfo); +int OSSL_CMP_CTX_set1_oldCert(OSSL_CMP_CTX *ctx, X509 *cert); +int OSSL_CMP_CTX_set1_p10CSR(OSSL_CMP_CTX *ctx, const X509_REQ *csr); +/* misc body contents: */ +int OSSL_CMP_CTX_push0_genm_ITAV(OSSL_CMP_CTX *ctx, OSSL_CMP_ITAV *itav); +/* certificate confirmation: */ +typedef int (*OSSL_cmp_certConf_cb_t) (OSSL_CMP_CTX *ctx, X509 *cert, + int fail_info, const char **txt); +int OSSL_CMP_CTX_set_certConf_cb(OSSL_CMP_CTX *ctx, OSSL_cmp_certConf_cb_t cb); +int OSSL_CMP_CTX_set_certConf_cb_arg(OSSL_CMP_CTX *ctx, void *arg); +void *OSSL_CMP_CTX_get_certConf_cb_arg(const OSSL_CMP_CTX *ctx); +/* result fetching: */ +int OSSL_CMP_CTX_get_status(const OSSL_CMP_CTX *ctx); +OSSL_CMP_PKIFREETEXT *OSSL_CMP_CTX_get0_statusString(const OSSL_CMP_CTX *ctx); +int OSSL_CMP_CTX_get_failInfoCode(const OSSL_CMP_CTX *ctx); +# define OSSL_CMP_PKISI_BUFLEN 1024 +X509 *OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX *ctx); +STACK_OF(X509) *OSSL_CMP_CTX_get1_caPubs(const OSSL_CMP_CTX *ctx); +STACK_OF(X509) *OSSL_CMP_CTX_get1_extraCertsIn(const OSSL_CMP_CTX *ctx); +/* support application-level CMP debugging in cmp.c: */ +int OSSL_CMP_CTX_set1_transactionID(OSSL_CMP_CTX *ctx, + const ASN1_OCTET_STRING *id); +int OSSL_CMP_CTX_set1_senderNonce(OSSL_CMP_CTX *ctx, + const ASN1_OCTET_STRING *nonce); + +/* from cmp_status.c */ +char *OSSL_CMP_CTX_snprint_PKIStatus(OSSL_CMP_CTX *ctx, char *buf, + size_t bufsize); + +/* from cmp_hdr.c */ +/* support application-level CMP debugging in cmp.c: */ +ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_transactionID(const OSSL_CMP_PKIHEADER *hdr); +ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_recipNonce(const OSSL_CMP_PKIHEADER *hdr); + +/* from cmp_msg.c */ +/* support application-level CMP debugging in cmp.c: */ +OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg); + +/* from cmp_vfy.c */ +int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg); +int OSSL_CMP_validate_cert_path(OSSL_CMP_CTX *ctx, + X509_STORE *trusted_store, X509 *cert); + +# ifdef __cplusplus +} +# endif +# endif /* !defined OPENSSL_NO_CMP */ +#endif /* !defined OPENSSL_CMP_H */ diff --git a/linux_amd64/include/openssl/cmp_util.h b/linux_amd64/include/openssl/cmp_util.h new file mode 100644 index 0000000..56fb49e --- /dev/null +++ b/linux_amd64/include/openssl/cmp_util.h @@ -0,0 +1,54 @@ +/* + * Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright Nokia 2007-2019 + * Copyright Siemens AG 2015-2019 + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_CMP_UTIL_H +# define OPENSSL_CMP_UTIL_H + +# include +# ifndef OPENSSL_NO_CMP + +# include +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +int OSSL_CMP_log_open(void); +void OSSL_CMP_log_close(void); +# define OSSL_CMP_LOG_PREFIX "CMP " + +/* + * generalized logging/error callback mirroring the severity levels of syslog.h + */ +typedef int OSSL_CMP_severity; +# define OSSL_CMP_LOG_EMERG 0 +# define OSSL_CMP_LOG_ALERT 1 +# define OSSL_CMP_LOG_CRIT 2 +# define OSSL_CMP_LOG_ERR 3 +# define OSSL_CMP_LOG_WARNING 4 +# define OSSL_CMP_LOG_NOTICE 5 +# define OSSL_CMP_LOG_INFO 6 +# define OSSL_CMP_LOG_DEBUG 7 +typedef int (*OSSL_cmp_log_cb_t)(const char *func, const char *file, int line, + OSSL_CMP_severity level, const char *msg); + +int OSSL_CMP_print_to_bio(BIO *bio, const char *component, const char *file, + int line, OSSL_CMP_severity level, const char *msg); +/* use of the logging callback for outputting error queue */ +void OSSL_CMP_print_errors_cb(OSSL_cmp_log_cb_t log_fn); + +# ifdef __cplusplus +} +# endif +# endif /* !defined OPENSSL_NO_CMP */ +#endif /* !defined OPENSSL_CMP_UTIL_H */ diff --git a/linux_amd64/include/openssl/cmperr.h b/linux_amd64/include/openssl/cmperr.h new file mode 100644 index 0000000..51795a5 --- /dev/null +++ b/linux_amd64/include/openssl/cmperr.h @@ -0,0 +1,91 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_CMPERR_H +# define OPENSSL_CMPERR_H + +# include +# include + + +# include + +# ifndef OPENSSL_NO_CMP + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_CMP_strings(void); + +/* + * CMP function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# endif + +/* + * CMP reason codes. + */ +# define CMP_R_ALGORITHM_NOT_SUPPORTED 139 +# define CMP_R_BAD_REQUEST_ID 108 +# define CMP_R_CERTID_NOT_FOUND 109 +# define CMP_R_CERTIFICATE_NOT_FOUND 112 +# define CMP_R_CERTRESPONSE_NOT_FOUND 113 +# define CMP_R_CERT_AND_KEY_DO_NOT_MATCH 114 +# define CMP_R_ERROR_CALCULATING_PROTECTION 115 +# define CMP_R_ERROR_CREATING_CERTCONF 116 +# define CMP_R_ERROR_CREATING_CERTREP 117 +# define CMP_R_ERROR_CREATING_ERROR 118 +# define CMP_R_ERROR_CREATING_GENM 119 +# define CMP_R_ERROR_CREATING_GENP 120 +# define CMP_R_ERROR_CREATING_P10CR 121 +# define CMP_R_ERROR_CREATING_PKICONF 122 +# define CMP_R_ERROR_CREATING_POLLREP 123 +# define CMP_R_ERROR_CREATING_POLLREQ 124 +# define CMP_R_ERROR_CREATING_RP 125 +# define CMP_R_ERROR_CREATING_RR 126 +# define CMP_R_ERROR_PARSING_PKISTATUS 107 +# define CMP_R_ERROR_PROTECTING_MESSAGE 127 +# define CMP_R_ERROR_SETTING_CERTHASH 128 +# define CMP_R_ERROR_VALIDATING_PROTECTION 140 +# define CMP_R_FAILED_EXTRACTING_PUBKEY 141 +# define CMP_R_FAILURE_OBTAINING_RANDOM 110 +# define CMP_R_FAIL_INFO_OUT_OF_RANGE 129 +# define CMP_R_INVALID_ARGS 100 +# define CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION 130 +# define CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE 142 +# define CMP_R_MISSING_PRIVATE_KEY 131 +# define CMP_R_MISSING_PROTECTION 143 +# define CMP_R_MISSING_SENDER_IDENTIFICATION 111 +# define CMP_R_MISSING_TRUST_STORE 144 +# define CMP_R_MULTIPLE_SAN_SOURCES 102 +# define CMP_R_NO_STDIO 194 +# define CMP_R_NO_SUITABLE_SENDER_CERT 145 +# define CMP_R_NULL_ARGUMENT 103 +# define CMP_R_PKIBODY_ERROR 146 +# define CMP_R_PKISTATUSINFO_NOT_FOUND 132 +# define CMP_R_POTENTIALLY_INVALID_CERTIFICATE 147 +# define CMP_R_RECIPNONCE_UNMATCHED 148 +# define CMP_R_REQUEST_NOT_ACCEPTED 149 +# define CMP_R_SENDER_GENERALNAME_TYPE_NOT_SUPPORTED 150 +# define CMP_R_SRVCERT_DOES_NOT_VALIDATE_MSG 151 +# define CMP_R_TRANSACTIONID_UNMATCHED 152 +# define CMP_R_UNEXPECTED_PKIBODY 133 +# define CMP_R_UNEXPECTED_PVNO 153 +# define CMP_R_UNKNOWN_ALGORITHM_ID 134 +# define CMP_R_UNKNOWN_CERT_TYPE 135 +# define CMP_R_UNSUPPORTED_ALGORITHM 136 +# define CMP_R_UNSUPPORTED_KEY_TYPE 137 +# define CMP_R_UNSUPPORTED_PROTECTION_ALG_DHBASEDMAC 154 +# define CMP_R_WRONG_ALGORITHM_OID 138 +# define CMP_R_WRONG_PBM_VALUE 155 + +# endif +#endif diff --git a/linux_amd64/include/openssl/cms.h b/linux_amd64/include/openssl/cms.h new file mode 100644 index 0000000..1d502fa --- /dev/null +++ b/linux_amd64/include/openssl/cms.h @@ -0,0 +1,346 @@ +/* + * Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_CMS_H +# define OPENSSL_CMS_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_CMS_H +# endif + +# include + +# ifndef OPENSSL_NO_CMS +# include +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + +typedef struct CMS_ContentInfo_st CMS_ContentInfo; +typedef struct CMS_SignerInfo_st CMS_SignerInfo; +typedef struct CMS_CertificateChoices CMS_CertificateChoices; +typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice; +typedef struct CMS_RecipientInfo_st CMS_RecipientInfo; +typedef struct CMS_ReceiptRequest_st CMS_ReceiptRequest; +typedef struct CMS_Receipt_st CMS_Receipt; +typedef struct CMS_RecipientEncryptedKey_st CMS_RecipientEncryptedKey; +typedef struct CMS_OtherKeyAttribute_st CMS_OtherKeyAttribute; + +DEFINE_STACK_OF(CMS_SignerInfo) +DEFINE_STACK_OF(CMS_RecipientEncryptedKey) +DEFINE_STACK_OF(CMS_RecipientInfo) +DEFINE_STACK_OF(CMS_RevocationInfoChoice) +DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo) +DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest) +DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo) + +# define CMS_SIGNERINFO_ISSUER_SERIAL 0 +# define CMS_SIGNERINFO_KEYIDENTIFIER 1 + +# define CMS_RECIPINFO_NONE -1 +# define CMS_RECIPINFO_TRANS 0 +# define CMS_RECIPINFO_AGREE 1 +# define CMS_RECIPINFO_KEK 2 +# define CMS_RECIPINFO_PASS 3 +# define CMS_RECIPINFO_OTHER 4 + +/* S/MIME related flags */ + +# define CMS_TEXT 0x1 +# define CMS_NOCERTS 0x2 +# define CMS_NO_CONTENT_VERIFY 0x4 +# define CMS_NO_ATTR_VERIFY 0x8 +# define CMS_NOSIGS \ + (CMS_NO_CONTENT_VERIFY|CMS_NO_ATTR_VERIFY) +# define CMS_NOINTERN 0x10 +# define CMS_NO_SIGNER_CERT_VERIFY 0x20 +# define CMS_NOVERIFY 0x20 +# define CMS_DETACHED 0x40 +# define CMS_BINARY 0x80 +# define CMS_NOATTR 0x100 +# define CMS_NOSMIMECAP 0x200 +# define CMS_NOOLDMIMETYPE 0x400 +# define CMS_CRLFEOL 0x800 +# define CMS_STREAM 0x1000 +# define CMS_NOCRL 0x2000 +# define CMS_PARTIAL 0x4000 +# define CMS_REUSE_DIGEST 0x8000 +# define CMS_USE_KEYID 0x10000 +# define CMS_DEBUG_DECRYPT 0x20000 +# define CMS_KEY_PARAM 0x40000 +# define CMS_ASCIICRLF 0x80000 +# define CMS_CADES 0x100000 + +const ASN1_OBJECT *CMS_get0_type(const CMS_ContentInfo *cms); + +BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont); +int CMS_dataFinal(CMS_ContentInfo *cms, BIO *bio); + +ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms); +int CMS_is_detached(CMS_ContentInfo *cms); +int CMS_set_detached(CMS_ContentInfo *cms, int detached); + +# ifdef OPENSSL_PEM_H +DECLARE_PEM_rw(CMS, CMS_ContentInfo) +# endif +int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms); +CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms); +int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms); + +BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms); +int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags); +int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, + int flags); +CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont); +int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags); + +int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, + unsigned int flags); + +CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, + STACK_OF(X509) *certs, BIO *data, + unsigned int flags); + +CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, + X509 *signcert, EVP_PKEY *pkey, + STACK_OF(X509) *certs, unsigned int flags); + +int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags); +CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags); + +int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out, + unsigned int flags); +CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md, + unsigned int flags); + +int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms, + const unsigned char *key, size_t keylen, + BIO *dcont, BIO *out, unsigned int flags); + +CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher, + const unsigned char *key, + size_t keylen, unsigned int flags); + +int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph, + const unsigned char *key, size_t keylen); + +int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, + X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags); + +int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms, + STACK_OF(X509) *certs, + X509_STORE *store, unsigned int flags); + +STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms); + +CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in, + const EVP_CIPHER *cipher, unsigned int flags); + +int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert, + BIO *dcont, BIO *out, unsigned int flags); + +int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert); +int CMS_decrypt_set1_key(CMS_ContentInfo *cms, + unsigned char *key, size_t keylen, + const unsigned char *id, size_t idlen); +int CMS_decrypt_set1_password(CMS_ContentInfo *cms, + unsigned char *pass, ossl_ssize_t passlen); + +STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms); +int CMS_RecipientInfo_type(CMS_RecipientInfo *ri); +EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri); +CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher); +CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, + X509 *recip, unsigned int flags); +int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey); +int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert); +int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri, + EVP_PKEY **pk, X509 **recip, + X509_ALGOR **palg); +int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri, + ASN1_OCTET_STRING **keyid, + X509_NAME **issuer, + ASN1_INTEGER **sno); + +CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid, + unsigned char *key, size_t keylen, + unsigned char *id, size_t idlen, + ASN1_GENERALIZEDTIME *date, + ASN1_OBJECT *otherTypeId, + ASN1_TYPE *otherType); + +int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, + X509_ALGOR **palg, + ASN1_OCTET_STRING **pid, + ASN1_GENERALIZEDTIME **pdate, + ASN1_OBJECT **potherid, + ASN1_TYPE **pothertype); + +int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, + unsigned char *key, size_t keylen); + +int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, + const unsigned char *id, size_t idlen); + +int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri, + unsigned char *pass, + ossl_ssize_t passlen); + +CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, + int iter, int wrap_nid, + int pbe_nid, + unsigned char *pass, + ossl_ssize_t passlen, + const EVP_CIPHER *kekciph); + +int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri); +int CMS_RecipientInfo_encrypt(const CMS_ContentInfo *cms, CMS_RecipientInfo *ri); + +int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, + unsigned int flags); +CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags); + +int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid); +const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms); + +CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms); +int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert); +int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert); +STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms); + +CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms); +int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl); +int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl); +STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms); + +int CMS_SignedData_init(CMS_ContentInfo *cms); +CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, + X509 *signer, EVP_PKEY *pk, const EVP_MD *md, + unsigned int flags); +EVP_PKEY_CTX *CMS_SignerInfo_get0_pkey_ctx(CMS_SignerInfo *si); +EVP_MD_CTX *CMS_SignerInfo_get0_md_ctx(CMS_SignerInfo *si); +STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms); + +void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer); +int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, + ASN1_OCTET_STRING **keyid, + X509_NAME **issuer, ASN1_INTEGER **sno); +int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert); +int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *certs, + unsigned int flags); +void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, + X509 **signer, X509_ALGOR **pdig, + X509_ALGOR **psig); +ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si); +int CMS_SignerInfo_sign(CMS_SignerInfo *si); +int CMS_SignerInfo_verify(CMS_SignerInfo *si); +int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain); + +int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs); +int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, + int algnid, int keysize); +int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap); + +int CMS_signed_get_attr_count(const CMS_SignerInfo *si); +int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid, + int lastpos); +int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, const ASN1_OBJECT *obj, + int lastpos); +X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc); +X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc); +int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr); +int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si, + const ASN1_OBJECT *obj, int type, + const void *bytes, int len); +int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si, + int nid, int type, + const void *bytes, int len); +int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si, + const char *attrname, int type, + const void *bytes, int len); +void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, const ASN1_OBJECT *oid, + int lastpos, int type); + +int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si); +int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid, + int lastpos); +int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, + const ASN1_OBJECT *obj, int lastpos); +X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc); +X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc); +int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr); +int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si, + const ASN1_OBJECT *obj, int type, + const void *bytes, int len); +int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si, + int nid, int type, + const void *bytes, int len); +int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si, + const char *attrname, int type, + const void *bytes, int len); +void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, + int lastpos, int type); + +int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr); +CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen, + int allorfirst, + STACK_OF(GENERAL_NAMES) + *receiptList, STACK_OF(GENERAL_NAMES) + *receiptsTo); +int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr); +void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, + ASN1_STRING **pcid, + int *pallorfirst, + STACK_OF(GENERAL_NAMES) **plist, + STACK_OF(GENERAL_NAMES) **prto); +int CMS_RecipientInfo_kari_get0_alg(CMS_RecipientInfo *ri, + X509_ALGOR **palg, + ASN1_OCTET_STRING **pukm); +STACK_OF(CMS_RecipientEncryptedKey) +*CMS_RecipientInfo_kari_get0_reks(CMS_RecipientInfo *ri); + +int CMS_RecipientInfo_kari_get0_orig_id(CMS_RecipientInfo *ri, + X509_ALGOR **pubalg, + ASN1_BIT_STRING **pubkey, + ASN1_OCTET_STRING **keyid, + X509_NAME **issuer, + ASN1_INTEGER **sno); + +int CMS_RecipientInfo_kari_orig_id_cmp(CMS_RecipientInfo *ri, X509 *cert); + +int CMS_RecipientEncryptedKey_get0_id(CMS_RecipientEncryptedKey *rek, + ASN1_OCTET_STRING **keyid, + ASN1_GENERALIZEDTIME **tm, + CMS_OtherKeyAttribute **other, + X509_NAME **issuer, ASN1_INTEGER **sno); +int CMS_RecipientEncryptedKey_cert_cmp(CMS_RecipientEncryptedKey *rek, + X509 *cert); +int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk); +EVP_CIPHER_CTX *CMS_RecipientInfo_kari_get0_ctx(CMS_RecipientInfo *ri); +int CMS_RecipientInfo_kari_decrypt(CMS_ContentInfo *cms, + CMS_RecipientInfo *ri, + CMS_RecipientEncryptedKey *rek); + +int CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg, + ASN1_OCTET_STRING *ukm, int keylen); + +/* Backward compatibility for spelling errors. */ +# define CMS_R_UNKNOWN_DIGEST_ALGORITM CMS_R_UNKNOWN_DIGEST_ALGORITHM +# define CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE \ + CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/linux_amd64/include/openssl/cmserr.h b/linux_amd64/include/openssl/cmserr.h new file mode 100644 index 0000000..10e0fd6 --- /dev/null +++ b/linux_amd64/include/openssl/cmserr.h @@ -0,0 +1,212 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_CMSERR_H +# define OPENSSL_CMSERR_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_CMSERR_H +# endif + +# include +# include + + +# include + +# ifndef OPENSSL_NO_CMS + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_CMS_strings(void); + +/* + * CMS function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define CMS_F_CHECK_CONTENT 0 +# define CMS_F_CMS_ADD0_CERT 0 +# define CMS_F_CMS_ADD0_RECIPIENT_KEY 0 +# define CMS_F_CMS_ADD0_RECIPIENT_PASSWORD 0 +# define CMS_F_CMS_ADD1_RECEIPTREQUEST 0 +# define CMS_F_CMS_ADD1_RECIPIENT_CERT 0 +# define CMS_F_CMS_ADD1_SIGNER 0 +# define CMS_F_CMS_ADD1_SIGNINGTIME 0 +# define CMS_F_CMS_ADD1_SIGNING_CERT 0 +# define CMS_F_CMS_ADD1_SIGNING_CERT_V2 0 +# define CMS_F_CMS_COMPRESS 0 +# define CMS_F_CMS_COMPRESSEDDATA_CREATE 0 +# define CMS_F_CMS_COMPRESSEDDATA_INIT_BIO 0 +# define CMS_F_CMS_COPY_CONTENT 0 +# define CMS_F_CMS_COPY_MESSAGEDIGEST 0 +# define CMS_F_CMS_DATA 0 +# define CMS_F_CMS_DATAFINAL 0 +# define CMS_F_CMS_DATAINIT 0 +# define CMS_F_CMS_DECRYPT 0 +# define CMS_F_CMS_DECRYPT_SET1_KEY 0 +# define CMS_F_CMS_DECRYPT_SET1_PASSWORD 0 +# define CMS_F_CMS_DECRYPT_SET1_PKEY 0 +# define CMS_F_CMS_DIGESTALGORITHM_FIND_CTX 0 +# define CMS_F_CMS_DIGESTALGORITHM_INIT_BIO 0 +# define CMS_F_CMS_DIGESTEDDATA_DO_FINAL 0 +# define CMS_F_CMS_DIGEST_VERIFY 0 +# define CMS_F_CMS_ENCODE_RECEIPT 0 +# define CMS_F_CMS_ENCRYPT 0 +# define CMS_F_CMS_ENCRYPTEDCONTENT_INIT 0 +# define CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO 0 +# define CMS_F_CMS_ENCRYPTEDDATA_DECRYPT 0 +# define CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT 0 +# define CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY 0 +# define CMS_F_CMS_ENVELOPEDDATA_CREATE 0 +# define CMS_F_CMS_ENVELOPEDDATA_INIT_BIO 0 +# define CMS_F_CMS_ENVELOPED_DATA_INIT 0 +# define CMS_F_CMS_ENV_ASN1_CTRL 0 +# define CMS_F_CMS_FINAL 0 +# define CMS_F_CMS_GET0_CERTIFICATE_CHOICES 0 +# define CMS_F_CMS_GET0_CONTENT 0 +# define CMS_F_CMS_GET0_ECONTENT_TYPE 0 +# define CMS_F_CMS_GET0_ENVELOPED 0 +# define CMS_F_CMS_GET0_REVOCATION_CHOICES 0 +# define CMS_F_CMS_GET0_SIGNED 0 +# define CMS_F_CMS_MSGSIGDIGEST_ADD1 0 +# define CMS_F_CMS_RECEIPTREQUEST_CREATE0 0 +# define CMS_F_CMS_RECEIPT_VERIFY 0 +# define CMS_F_CMS_RECIPIENTINFO_DECRYPT 0 +# define CMS_F_CMS_RECIPIENTINFO_ENCRYPT 0 +# define CMS_F_CMS_RECIPIENTINFO_KARI_ENCRYPT 0 +# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ALG 0 +# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ORIG_ID 0 +# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_REKS 0 +# define CMS_F_CMS_RECIPIENTINFO_KARI_ORIG_ID_CMP 0 +# define CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT 0 +# define CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT 0 +# define CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID 0 +# define CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP 0 +# define CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP 0 +# define CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT 0 +# define CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT 0 +# define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS 0 +# define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID 0 +# define CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT 0 +# define CMS_F_CMS_RECIPIENTINFO_SET0_KEY 0 +# define CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD 0 +# define CMS_F_CMS_RECIPIENTINFO_SET0_PKEY 0 +# define CMS_F_CMS_SD_ASN1_CTRL 0 +# define CMS_F_CMS_SET1_IAS 0 +# define CMS_F_CMS_SET1_KEYID 0 +# define CMS_F_CMS_SET1_SIGNERIDENTIFIER 0 +# define CMS_F_CMS_SET_DETACHED 0 +# define CMS_F_CMS_SIGN 0 +# define CMS_F_CMS_SIGNED_DATA_INIT 0 +# define CMS_F_CMS_SIGNERINFO_CONTENT_SIGN 0 +# define CMS_F_CMS_SIGNERINFO_SIGN 0 +# define CMS_F_CMS_SIGNERINFO_VERIFY 0 +# define CMS_F_CMS_SIGNERINFO_VERIFY_CERT 0 +# define CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT 0 +# define CMS_F_CMS_SIGN_RECEIPT 0 +# define CMS_F_CMS_SI_CHECK_ATTRIBUTES 0 +# define CMS_F_CMS_STREAM 0 +# define CMS_F_CMS_UNCOMPRESS 0 +# define CMS_F_CMS_VERIFY 0 +# define CMS_F_KEK_UNWRAP_KEY 0 +# endif + +/* + * CMS reason codes. + */ +# define CMS_R_ADD_SIGNER_ERROR 99 +# define CMS_R_ATTRIBUTE_ERROR 161 +# define CMS_R_CERTIFICATE_ALREADY_PRESENT 175 +# define CMS_R_CERTIFICATE_HAS_NO_KEYID 160 +# define CMS_R_CERTIFICATE_VERIFY_ERROR 100 +# define CMS_R_CIPHER_INITIALISATION_ERROR 101 +# define CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR 102 +# define CMS_R_CMS_DATAFINAL_ERROR 103 +# define CMS_R_CMS_LIB 104 +# define CMS_R_CONTENTIDENTIFIER_MISMATCH 170 +# define CMS_R_CONTENT_NOT_FOUND 105 +# define CMS_R_CONTENT_TYPE_MISMATCH 171 +# define CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA 106 +# define CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA 107 +# define CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA 108 +# define CMS_R_CONTENT_VERIFY_ERROR 109 +# define CMS_R_CTRL_ERROR 110 +# define CMS_R_CTRL_FAILURE 111 +# define CMS_R_DECRYPT_ERROR 112 +# define CMS_R_ERROR_GETTING_PUBLIC_KEY 113 +# define CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE 114 +# define CMS_R_ERROR_SETTING_KEY 115 +# define CMS_R_ERROR_SETTING_RECIPIENTINFO 116 +# define CMS_R_INVALID_ENCRYPTED_KEY_LENGTH 117 +# define CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER 176 +# define CMS_R_INVALID_KEY_LENGTH 118 +# define CMS_R_MD_BIO_INIT_ERROR 119 +# define CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH 120 +# define CMS_R_MESSAGEDIGEST_WRONG_LENGTH 121 +# define CMS_R_MSGSIGDIGEST_ERROR 172 +# define CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE 162 +# define CMS_R_MSGSIGDIGEST_WRONG_LENGTH 163 +# define CMS_R_NEED_ONE_SIGNER 164 +# define CMS_R_NOT_A_SIGNED_RECEIPT 165 +# define CMS_R_NOT_ENCRYPTED_DATA 122 +# define CMS_R_NOT_KEK 123 +# define CMS_R_NOT_KEY_AGREEMENT 181 +# define CMS_R_NOT_KEY_TRANSPORT 124 +# define CMS_R_NOT_PWRI 177 +# define CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 125 +# define CMS_R_NO_CIPHER 126 +# define CMS_R_NO_CONTENT 127 +# define CMS_R_NO_CONTENT_TYPE 173 +# define CMS_R_NO_DEFAULT_DIGEST 128 +# define CMS_R_NO_DIGEST_SET 129 +# define CMS_R_NO_KEY 130 +# define CMS_R_NO_KEY_OR_CERT 174 +# define CMS_R_NO_MATCHING_DIGEST 131 +# define CMS_R_NO_MATCHING_RECIPIENT 132 +# define CMS_R_NO_MATCHING_SIGNATURE 166 +# define CMS_R_NO_MSGSIGDIGEST 167 +# define CMS_R_NO_PASSWORD 178 +# define CMS_R_NO_PRIVATE_KEY 133 +# define CMS_R_NO_PUBLIC_KEY 134 +# define CMS_R_NO_RECEIPT_REQUEST 168 +# define CMS_R_NO_SIGNERS 135 +# define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 136 +# define CMS_R_RECEIPT_DECODE_ERROR 169 +# define CMS_R_RECIPIENT_ERROR 137 +# define CMS_R_SIGNER_CERTIFICATE_NOT_FOUND 138 +# define CMS_R_SIGNFINAL_ERROR 139 +# define CMS_R_SMIME_TEXT_ERROR 140 +# define CMS_R_STORE_INIT_ERROR 141 +# define CMS_R_TYPE_NOT_COMPRESSED_DATA 142 +# define CMS_R_TYPE_NOT_DATA 143 +# define CMS_R_TYPE_NOT_DIGESTED_DATA 144 +# define CMS_R_TYPE_NOT_ENCRYPTED_DATA 145 +# define CMS_R_TYPE_NOT_ENVELOPED_DATA 146 +# define CMS_R_UNABLE_TO_FINALIZE_CONTEXT 147 +# define CMS_R_UNKNOWN_CIPHER 148 +# define CMS_R_UNKNOWN_DIGEST_ALGORITHM 149 +# define CMS_R_UNKNOWN_ID 150 +# define CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM 151 +# define CMS_R_UNSUPPORTED_CONTENT_TYPE 152 +# define CMS_R_UNSUPPORTED_KEK_ALGORITHM 153 +# define CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM 179 +# define CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE 155 +# define CMS_R_UNSUPPORTED_RECIPIENT_TYPE 154 +# define CMS_R_UNSUPPORTED_TYPE 156 +# define CMS_R_UNWRAP_ERROR 157 +# define CMS_R_UNWRAP_FAILURE 180 +# define CMS_R_VERIFICATION_FAILURE 158 +# define CMS_R_WRAP_ERROR 159 + +# endif +#endif diff --git a/linux_amd64/include/openssl/comp.h b/linux_amd64/include/openssl/comp.h new file mode 100644 index 0000000..06ff581 --- /dev/null +++ b/linux_amd64/include/openssl/comp.h @@ -0,0 +1,59 @@ +/* + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_COMP_H +# define OPENSSL_COMP_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_COMP_H +# endif + +# include + +# ifndef OPENSSL_NO_COMP +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + + + +COMP_CTX *COMP_CTX_new(COMP_METHOD *meth); +const COMP_METHOD *COMP_CTX_get_method(const COMP_CTX *ctx); +int COMP_CTX_get_type(const COMP_CTX* comp); +int COMP_get_type(const COMP_METHOD *meth); +const char *COMP_get_name(const COMP_METHOD *meth); +void COMP_CTX_free(COMP_CTX *ctx); + +int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen, + unsigned char *in, int ilen); +int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen, + unsigned char *in, int ilen); + +COMP_METHOD *COMP_zlib(void); + +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define COMP_zlib_cleanup() while(0) continue +#endif + +# ifdef OPENSSL_BIO_H +# ifdef ZLIB +const BIO_METHOD *BIO_f_zlib(void); +# endif +# endif + + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/linux_amd64/include/openssl/comperr.h b/linux_amd64/include/openssl/comperr.h new file mode 100644 index 0000000..4794562 --- /dev/null +++ b/linux_amd64/include/openssl/comperr.h @@ -0,0 +1,52 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_COMPERR_H +# define OPENSSL_COMPERR_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_COMPERR_H +# endif + +# include +# include + + +# include + +# ifndef OPENSSL_NO_COMP + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_COMP_strings(void); + +/* + * COMP function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define COMP_F_BIO_ZLIB_FLUSH 0 +# define COMP_F_BIO_ZLIB_NEW 0 +# define COMP_F_BIO_ZLIB_READ 0 +# define COMP_F_BIO_ZLIB_WRITE 0 +# define COMP_F_COMP_CTX_NEW 0 +# endif + +/* + * COMP reason codes. + */ +# define COMP_R_ZLIB_DEFLATE_ERROR 99 +# define COMP_R_ZLIB_INFLATE_ERROR 100 +# define COMP_R_ZLIB_NOT_SUPPORTED 101 + +# endif +#endif diff --git a/linux_amd64/include/openssl/conf.h b/linux_amd64/include/openssl/conf.h new file mode 100644 index 0000000..438361e --- /dev/null +++ b/linux_amd64/include/openssl/conf.h @@ -0,0 +1,175 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_CONF_H +# define OPENSSL_CONF_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_CONF_H +# endif + +# include +# include +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct { + char *section; + char *name; + char *value; +} CONF_VALUE; + +DEFINE_STACK_OF(CONF_VALUE) +DEFINE_LHASH_OF(CONF_VALUE); + +struct conf_st; +struct conf_method_st; +typedef struct conf_method_st CONF_METHOD; + +struct conf_method_st { + const char *name; + CONF *(*create) (CONF_METHOD *meth); + int (*init) (CONF *conf); + int (*destroy) (CONF *conf); + int (*destroy_data) (CONF *conf); + int (*load_bio) (CONF *conf, BIO *bp, long *eline); + int (*dump) (const CONF *conf, BIO *bp); + int (*is_number) (const CONF *conf, char c); + int (*to_int) (const CONF *conf, char c); + int (*load) (CONF *conf, const char *name, long *eline); +}; + +/* Module definitions */ + +typedef struct conf_imodule_st CONF_IMODULE; +typedef struct conf_module_st CONF_MODULE; + +DEFINE_STACK_OF(CONF_MODULE) +DEFINE_STACK_OF(CONF_IMODULE) + +/* DSO module function typedefs */ +typedef int conf_init_func (CONF_IMODULE *md, const CONF *cnf); +typedef void conf_finish_func (CONF_IMODULE *md); + +# define CONF_MFLAGS_IGNORE_ERRORS 0x1 +# define CONF_MFLAGS_IGNORE_RETURN_CODES 0x2 +# define CONF_MFLAGS_SILENT 0x4 +# define CONF_MFLAGS_NO_DSO 0x8 +# define CONF_MFLAGS_IGNORE_MISSING_FILE 0x10 +# define CONF_MFLAGS_DEFAULT_SECTION 0x20 + +int CONF_set_default_method(CONF_METHOD *meth); +void CONF_set_nconf(CONF *conf, LHASH_OF(CONF_VALUE) *hash); +LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file, + long *eline); +# ifndef OPENSSL_NO_STDIO +LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp, + long *eline); +# endif +LHASH_OF(CONF_VALUE) *CONF_load_bio(LHASH_OF(CONF_VALUE) *conf, BIO *bp, + long *eline); +STACK_OF(CONF_VALUE) *CONF_get_section(LHASH_OF(CONF_VALUE) *conf, + const char *section); +char *CONF_get_string(LHASH_OF(CONF_VALUE) *conf, const char *group, + const char *name); +long CONF_get_number(LHASH_OF(CONF_VALUE) *conf, const char *group, + const char *name); +void CONF_free(LHASH_OF(CONF_VALUE) *conf); +#ifndef OPENSSL_NO_STDIO +int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out); +#endif +int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out); + +DEPRECATEDIN_1_1_0(void OPENSSL_config(const char *config_name)) + +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define OPENSSL_no_config() \ + OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG, NULL) +#endif + +/* + * New conf code. The semantics are different from the functions above. If + * that wasn't the case, the above functions would have been replaced + */ + +struct conf_st { + CONF_METHOD *meth; + void *meth_data; + LHASH_OF(CONF_VALUE) *data; + unsigned int flag_dollarid:1; +}; + +CONF *NCONF_new(CONF_METHOD *meth); +CONF_METHOD *NCONF_default(void); +DEPRECATEDIN_3_0(CONF_METHOD *NCONF_WIN32(void)) +void NCONF_free(CONF *conf); +void NCONF_free_data(CONF *conf); + +int NCONF_load(CONF *conf, const char *file, long *eline); +# ifndef OPENSSL_NO_STDIO +int NCONF_load_fp(CONF *conf, FILE *fp, long *eline); +# endif +int NCONF_load_bio(CONF *conf, BIO *bp, long *eline); +STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf, + const char *section); +char *NCONF_get_string(const CONF *conf, const char *group, const char *name); +int NCONF_get_number_e(const CONF *conf, const char *group, const char *name, + long *result); +#ifndef OPENSSL_NO_STDIO +int NCONF_dump_fp(const CONF *conf, FILE *out); +#endif +int NCONF_dump_bio(const CONF *conf, BIO *out); + +#define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r) + +/* Module functions */ + +int CONF_modules_load(const CONF *cnf, const char *appname, + unsigned long flags); +int CONF_modules_load_file(const char *filename, const char *appname, + unsigned long flags); +void CONF_modules_unload(int all); +void CONF_modules_finish(void); +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define CONF_modules_free() while(0) continue +#endif +int CONF_module_add(const char *name, conf_init_func *ifunc, + conf_finish_func *ffunc); + +const char *CONF_imodule_get_name(const CONF_IMODULE *md); +const char *CONF_imodule_get_value(const CONF_IMODULE *md); +void *CONF_imodule_get_usr_data(const CONF_IMODULE *md); +void CONF_imodule_set_usr_data(CONF_IMODULE *md, void *usr_data); +CONF_MODULE *CONF_imodule_get_module(const CONF_IMODULE *md); +unsigned long CONF_imodule_get_flags(const CONF_IMODULE *md); +void CONF_imodule_set_flags(CONF_IMODULE *md, unsigned long flags); +void *CONF_module_get_usr_data(CONF_MODULE *pmod); +void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data); + +char *CONF_get1_default_config_file(void); + +int CONF_parse_list(const char *list, int sep, int nospc, + int (*list_cb) (const char *elem, int len, void *usr), + void *arg); + +void OPENSSL_load_builtin_modules(void); + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/linux_amd64/include/openssl/conf_api.h b/linux_amd64/include/openssl/conf_api.h new file mode 100644 index 0000000..ed67d57 --- /dev/null +++ b/linux_amd64/include/openssl/conf_api.h @@ -0,0 +1,46 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_CONF_API_H +# define OPENSSL_CONF_API_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_CONF_API_H +# endif + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* Up until OpenSSL 0.9.5a, this was new_section */ +CONF_VALUE *_CONF_new_section(CONF *conf, const char *section); +/* Up until OpenSSL 0.9.5a, this was get_section */ +CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section); +/* Up until OpenSSL 0.9.5a, this was CONF_get_section */ +STACK_OF(CONF_VALUE) *_CONF_get_section_values(const CONF *conf, + const char *section); + +int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value); +char *_CONF_get_string(const CONF *conf, const char *section, + const char *name); +long _CONF_get_number(const CONF *conf, const char *section, + const char *name); + +int _CONF_new_data(CONF *conf); +void _CONF_free_data(CONF *conf); + +#ifdef __cplusplus +} +#endif +#endif diff --git a/linux_amd64/include/openssl/conferr.h b/linux_amd64/include/openssl/conferr.h new file mode 100644 index 0000000..b3d2596 --- /dev/null +++ b/linux_amd64/include/openssl/conferr.h @@ -0,0 +1,86 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_CONFERR_H +# define OPENSSL_CONFERR_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_CONFERR_H +# endif + +# include +# include + + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_CONF_strings(void); + +/* + * CONF function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define CONF_F_CONF_DUMP_FP 0 +# define CONF_F_CONF_LOAD 0 +# define CONF_F_CONF_LOAD_FP 0 +# define CONF_F_CONF_PARSE_LIST 0 +# define CONF_F_DEF_LOAD 0 +# define CONF_F_DEF_LOAD_BIO 0 +# define CONF_F_GET_NEXT_FILE 0 +# define CONF_F_MODULE_ADD 0 +# define CONF_F_MODULE_INIT 0 +# define CONF_F_MODULE_LOAD_DSO 0 +# define CONF_F_MODULE_RUN 0 +# define CONF_F_NCONF_DUMP_BIO 0 +# define CONF_F_NCONF_DUMP_FP 0 +# define CONF_F_NCONF_GET_NUMBER_E 0 +# define CONF_F_NCONF_GET_SECTION 0 +# define CONF_F_NCONF_GET_STRING 0 +# define CONF_F_NCONF_LOAD 0 +# define CONF_F_NCONF_LOAD_BIO 0 +# define CONF_F_NCONF_LOAD_FP 0 +# define CONF_F_NCONF_NEW 0 +# define CONF_F_PROCESS_INCLUDE 0 +# define CONF_F_SSL_MODULE_INIT 0 +# define CONF_F_STR_COPY 0 +# endif + +/* + * CONF reason codes. + */ +# define CONF_R_ERROR_LOADING_DSO 110 +# define CONF_R_INVALID_PRAGMA 122 +# define CONF_R_LIST_CANNOT_BE_NULL 115 +# define CONF_R_MANDATORY_BRACES_IN_VARIABLE_EXPANSION 123 +# define CONF_R_MISSING_CLOSE_SQUARE_BRACKET 100 +# define CONF_R_MISSING_EQUAL_SIGN 101 +# define CONF_R_MISSING_INIT_FUNCTION 112 +# define CONF_R_MODULE_INITIALIZATION_ERROR 109 +# define CONF_R_NO_CLOSE_BRACE 102 +# define CONF_R_NO_CONF 105 +# define CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE 106 +# define CONF_R_NO_SECTION 107 +# define CONF_R_NO_SUCH_FILE 114 +# define CONF_R_NO_VALUE 108 +# define CONF_R_NUMBER_TOO_LARGE 121 +# define CONF_R_RECURSIVE_DIRECTORY_INCLUDE 111 +# define CONF_R_SSL_COMMAND_SECTION_EMPTY 117 +# define CONF_R_SSL_COMMAND_SECTION_NOT_FOUND 118 +# define CONF_R_SSL_SECTION_EMPTY 119 +# define CONF_R_SSL_SECTION_NOT_FOUND 120 +# define CONF_R_UNABLE_TO_CREATE_NEW_SECTION 103 +# define CONF_R_UNKNOWN_MODULE_NAME 113 +# define CONF_R_VARIABLE_EXPANSION_TOO_LONG 116 +# define CONF_R_VARIABLE_HAS_NO_VALUE 104 + +#endif diff --git a/linux_amd64/include/openssl/configuration.h b/linux_amd64/include/openssl/configuration.h new file mode 100644 index 0000000..f0c6b74 --- /dev/null +++ b/linux_amd64/include/openssl/configuration.h @@ -0,0 +1,126 @@ +/* + * WARNING: do not edit! + * Generated by Makefile from ../include/openssl/configuration.h.in + * + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_CONFIGURATION_H +# define OPENSSL_CONFIGURATION_H + +# ifdef __cplusplus +extern "C" { +# endif + +# ifdef OPENSSL_ALGORITHM_DEFINES +# error OPENSSL_ALGORITHM_DEFINES no longer supported +# endif + +/* + * OpenSSL was configured with the following options: + */ + +# define OPENSSL_CONFIGURED_API 30000 +# ifndef OPENSSL_RAND_SEED_OS +# define OPENSSL_RAND_SEED_OS +# endif +# ifndef OPENSSL_THREADS +# define OPENSSL_THREADS +# endif +# ifndef OPENSSL_NO_ASAN +# define OPENSSL_NO_ASAN +# endif +# ifndef OPENSSL_NO_CRYPTO_MDEBUG +# define OPENSSL_NO_CRYPTO_MDEBUG +# endif +# ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE +# define OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE +# endif +# ifndef OPENSSL_NO_DEVCRYPTOENG +# define OPENSSL_NO_DEVCRYPTOENG +# endif +# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 +# define OPENSSL_NO_EC_NISTP_64_GCC_128 +# endif +# ifndef OPENSSL_NO_EGD +# define OPENSSL_NO_EGD +# endif +# ifndef OPENSSL_NO_EXTERNAL_TESTS +# define OPENSSL_NO_EXTERNAL_TESTS +# endif +# ifndef OPENSSL_NO_FUZZ_AFL +# define OPENSSL_NO_FUZZ_AFL +# endif +# ifndef OPENSSL_NO_FUZZ_LIBFUZZER +# define OPENSSL_NO_FUZZ_LIBFUZZER +# endif +# ifndef OPENSSL_NO_KTLS +# define OPENSSL_NO_KTLS +# endif +# ifndef OPENSSL_NO_MD2 +# define OPENSSL_NO_MD2 +# endif +# ifndef OPENSSL_NO_MSAN +# define OPENSSL_NO_MSAN +# endif +# ifndef OPENSSL_NO_RC5 +# define OPENSSL_NO_RC5 +# endif +# ifndef OPENSSL_NO_SCTP +# define OPENSSL_NO_SCTP +# endif +# ifndef OPENSSL_NO_SSL_TRACE +# define OPENSSL_NO_SSL_TRACE +# endif +# ifndef OPENSSL_NO_SSL3 +# define OPENSSL_NO_SSL3 +# endif +# ifndef OPENSSL_NO_SSL3_METHOD +# define OPENSSL_NO_SSL3_METHOD +# endif +# ifndef OPENSSL_NO_TRACE +# define OPENSSL_NO_TRACE +# endif +# ifndef OPENSSL_NO_UBSAN +# define OPENSSL_NO_UBSAN +# endif +# ifndef OPENSSL_NO_UNIT_TEST +# define OPENSSL_NO_UNIT_TEST +# endif +# ifndef OPENSSL_NO_UPLINK +# define OPENSSL_NO_UPLINK +# endif +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS +# define OPENSSL_NO_WEAK_SSL_CIPHERS +# endif +# ifndef OPENSSL_NO_STATIC_ENGINE +# define OPENSSL_NO_STATIC_ENGINE +# endif + + +/* Generate 80386 code? */ +# undef I386_ONLY + +/* + * The following are cipher-specific, but are part of the public API. + */ +# if !defined(OPENSSL_SYS_UEFI) +# undef BN_LLONG +/* Only one for the following should be defined */ +# define SIXTY_FOUR_BIT_LONG +# undef SIXTY_FOUR_BIT +# undef THIRTY_TWO_BIT +# endif + +# define RC4_INT unsigned int + +# ifdef __cplusplus +} +# endif + +#endif /* OPENSSL_CONFIGURATION_H */ diff --git a/linux_amd64/include/openssl/core.h b/linux_amd64/include/openssl/core.h new file mode 100644 index 0000000..5959a31 --- /dev/null +++ b/linux_amd64/include/openssl/core.h @@ -0,0 +1,219 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_CORE_H +# define OPENSSL_CORE_H + +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +/*- + * Base types + * ---------- + * + * These are the types that the OpenSSL core and providers have in common + * to communicate data between them. + */ + +/* + * Dispatch table element. function_id numbers are defined further down, + * see macros with '_FUNC' in their names. + * + * An array of these is always terminated by function_id == 0 + */ +struct ossl_dispatch_st { + int function_id; + void (*function)(void); +}; + +/* + * Other items, essentially an int<->pointer map element. + * + * We make this type distinct from OSSL_DISPATCH to ensure that dispatch + * tables remain tables with function pointers only. + * + * This is used whenever we need to pass things like a table of error reason + * codes <-> reason string maps, ... + * + * Usage determines which field works as key if any, rather than field order. + * + * An array of these is always terminated by id == 0 && ptr == NULL + */ +struct ossl_item_st { + unsigned int id; + void *ptr; +}; + +/* + * Type to tie together algorithm names, property definition string and + * the algorithm implementation in the form of a dispatch table. + * + * An array of these is always terminated by algorithm_names == NULL + */ +struct ossl_algorithm_st { + const char *algorithm_names; /* key */ + const char *property_definition; /* key */ + const OSSL_DISPATCH *implementation; +}; + +/* + * Type to pass object data in a uniform way, without exposing the object + * structure. + * + * An array of these is always terminated by key == NULL + */ +struct ossl_param_st { + const char *key; /* the name of the parameter */ + unsigned int data_type; /* declare what kind of content is in buffer */ + void *data; /* value being passed in or out */ + size_t data_size; /* data size */ + size_t return_size; /* returned content size */ +}; + +/* Currently supported OSSL_PARAM data types */ +/* + * OSSL_PARAM_INTEGER and OSSL_PARAM_UNSIGNED_INTEGER + * are arbitrary length and therefore require an arbitrarily sized buffer, + * since they may be used to pass numbers larger than what is natively + * available. + * + * The number must be buffered in native form, i.e. MSB first on B_ENDIAN + * systems and LSB first on L_ENDIAN systems. This means that arbitrary + * native integers can be stored in the buffer, just make sure that the + * buffer size is correct and the buffer itself is properly aligned (for + * example by having the buffer field point at a C integer). + */ +# define OSSL_PARAM_INTEGER 1 +# define OSSL_PARAM_UNSIGNED_INTEGER 2 +/*- + * OSSL_PARAM_REAL + * is a C binary floating point values in native form and alignment. + */ +# define OSSL_PARAM_REAL 3 +/*- + * OSSL_PARAM_UTF8_STRING + * is a printable string. Is expteced to be printed as it is. + */ +# define OSSL_PARAM_UTF8_STRING 4 +/*- + * OSSL_PARAM_OCTET_STRING + * is a string of bytes with no further specification. Is expected to be + * printed as a hexdump. + */ +# define OSSL_PARAM_OCTET_STRING 5 +/*- + * OSSL_PARAM_UTF8_PTR + * is a pointer to a printable string. Is expteced to be printed as it is. + * + * The difference between this and OSSL_PARAM_UTF8_STRING is that only pointers + * are manipulated for this type. + * + * This is more relevant for parameter requests, where the responding + * function doesn't need to copy the data to the provided buffer, but + * sets the provided buffer to point at the actual data instead. + * + * WARNING! Using these is FRAGILE, as it assumes that the actual + * data and its location are constant. + */ +# define OSSL_PARAM_UTF8_PTR 6 +/*- + * OSSL_PARAM_OCTET_PTR + * is a pointer to a string of bytes with no further specification. It is + * expected to be printed as a hexdump. + * + * The difference between this and OSSL_PARAM_OCTET_STRING is that only pointers + * are manipulated for this type. + * + * This is more relevant for parameter requests, where the responding + * function doesn't need to copy the data to the provided buffer, but + * sets the provided buffer to point at the actual data instead. + * + * WARNING! Using these is FRAGILE, as it assumes that the actual + * data and its location are constant. + */ +# define OSSL_PARAM_OCTET_PTR 7 + +/* + * Typedef for the thread stop handling callback. Used both internally and by + * providers. + * + * Providers may register for notifications about threads stopping by + * registering a callback to hear about such events. Providers register the + * callback using the OSSL_FUNC_CORE_THREAD_START function in the |in| dispatch + * table passed to OSSL_provider_init(). The arg passed back to a provider will + * be the provider side context object. + */ +typedef void (*OSSL_thread_stop_handler_fn)(void *arg); + + +/*- + * Provider entry point + * -------------------- + * + * This function is expected to be present in any dynamically loadable + * provider module. By definition, if this function doesn't exist in a + * module, that module is not an OpenSSL provider module. + */ +/*- + * |provider| pointer to opaque type OSSL_PROVIDER. This can be used + * together with some functions passed via |in| to query data. + * |in| is the array of functions that the Core passes to the provider. + * |out| will be the array of base functions that the provider passes + * back to the Core. + * |provctx| a provider side context object, optionally created if the + * provider needs it. This value is passed to other provider + * functions, notably other context constructors. + */ +typedef int (OSSL_provider_init_fn)(const OSSL_PROVIDER *provider, + const OSSL_DISPATCH *in, + const OSSL_DISPATCH **out, + void **provctx); +# ifdef __VMS +# pragma names save +# pragma names uppercase,truncated +# endif +extern OSSL_provider_init_fn OSSL_provider_init; +# ifdef __VMS +# pragma names restore +# endif + +/* + * Generic callback function signature. + * + * The expectation is that any provider function that wants to offer + * a callback / hook can do so by taking an argument with this type, + * as well as a pointer to caller-specific data. When calling the + * callback, the provider function can populate an OSSL_PARAM array + * with data of its choice and pass that in the callback call, along + * with the caller data argument. + * + * libcrypto may use the OSSL_PARAM array to create arguments for an + * application callback it knows about. + */ +typedef int (OSSL_CALLBACK)(const OSSL_PARAM params[], void *arg); + +/* + * Passphrase callback function signature + * + * This is similar to the generic callback function above, but adds a + * result parameter. + */ +typedef int (OSSL_PASSPHRASE_CALLBACK)(char *pass, size_t pass_size, + size_t *pass_len, + const OSSL_PARAM params[], void *arg); + +# ifdef __cplusplus +} +# endif + +#endif diff --git a/linux_amd64/include/openssl/core_names.h b/linux_amd64/include/openssl/core_names.h new file mode 100644 index 0000000..5e3a13a --- /dev/null +++ b/linux_amd64/include/openssl/core_names.h @@ -0,0 +1,286 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_CORE_NAMES_H +# define OPENSSL_CORE_NAMES_H + +# ifdef __cplusplus +extern "C" { +# endif + +/* Well known parameter names that Providers can define */ +#define OSSL_PROV_PARAM_NAME "name" /* utf8_string */ +#define OSSL_PROV_PARAM_VERSION "version" /* utf8_string */ +#define OSSL_PROV_PARAM_BUILDINFO "buildinfo" /* utf8_string */ +#define OSSL_PROV_PARAM_MODULE_FILENAME "module-filename" /* octet_string */ + +/* Self test callback parameters */ +#define OSSL_PROV_PARAM_SELF_TEST_PHASE "st-phase" /* utf8_string */ +#define OSSL_PROV_PARAM_SELF_TEST_TYPE "st-type" /* utf8_string */ +#define OSSL_PROV_PARAM_SELF_TEST_DESC "st-desc" /* utf8_string */ + +/* + * Algorithm parameters + * If "engine" or "properties" are specified, they should always be paired + * with the algorithm type. + */ +#define OSSL_ALG_PARAM_DIGEST "digest" /* utf8_string */ +#define OSSL_ALG_PARAM_CIPHER "cipher" /* utf8_string */ +#define OSSL_ALG_PARAM_MAC "mac" /* utf8_string */ +#define OSSL_ALG_PARAM_PROPERTIES "properties"/* utf8_string */ + +/* cipher parameters */ +#define OSSL_CIPHER_PARAM_PADDING "padding" /* uint */ +#define OSSL_CIPHER_PARAM_MODE "mode" /* uint */ +#define OSSL_CIPHER_PARAM_BLOCK_SIZE "blocksize" /* size_t */ +#define OSSL_CIPHER_PARAM_FLAGS "flags" /* ulong */ +#define OSSL_CIPHER_PARAM_KEYLEN "keylen" /* size_t */ +#define OSSL_CIPHER_PARAM_IVLEN "ivlen" /* size_t */ +#define OSSL_CIPHER_PARAM_IV "iv" /* octet_string OR octet_ptr */ +#define OSSL_CIPHER_PARAM_NUM "num" /* uint */ +#define OSSL_CIPHER_PARAM_ROUNDS "rounds" /* uint */ +#define OSSL_CIPHER_PARAM_AEAD_TAG "tag" /* octet_string */ +#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD "tlsaad" /* octet_string */ +#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD "tlsaadpad" /* size_t */ +#define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED "tlsivfixed" /* octet_string */ +#define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen" /* octet_string */ +#define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv" /* octet_string */ +#define OSSL_CIPHER_PARAM_AEAD_IVLEN OSSL_CIPHER_PARAM_IVLEN +#define OSSL_CIPHER_PARAM_AEAD_TAGLEN "taglen" /* size_t */ +#define OSSL_CIPHER_PARAM_AEAD_MAC_KEY "mackey" /* octet_string */ +#define OSSL_CIPHER_PARAM_RANDOM_KEY "randkey" /* octet_string */ +#define OSSL_CIPHER_PARAM_RC2_KEYBITS "keybits" /* size_t */ +#define OSSL_CIPHER_PARAM_SPEED "speed" /* uint */ +/* For passing the AlgorithmIdentifier parameter in DER form */ +#define OSSL_CIPHER_PARAM_ALG_ID "alg_id_param" /* octet_string */ + +#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT \ + "tls1multi_maxsndfrag" /* uint */ +#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE \ + "tls1multi_maxbufsz" /* size_t */ +#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE \ + "tls1multi_interleave" /* uint */ +#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD \ + "tls1multi_aad" /* octet_string */ +#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN \ + "tls1multi_aadpacklen" /* uint */ +#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC \ + "tls1multi_enc" /* octet_string */ +#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN \ + "tls1multi_encin" /* octet_string */ +#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN \ + "tls1multi_enclen" /* size_t */ + +/* digest parameters */ +#define OSSL_DIGEST_PARAM_XOFLEN "xoflen" /* size_t */ +#define OSSL_DIGEST_PARAM_SSL3_MS "ssl3-ms" /* octet string */ +#define OSSL_DIGEST_PARAM_PAD_TYPE "pad_type" /* uint */ +#define OSSL_DIGEST_PARAM_MICALG "micalg" /* utf8 string */ +#define OSSL_DIGEST_PARAM_BLOCK_SIZE "blocksize" /* size_t */ +#define OSSL_DIGEST_PARAM_SIZE "size" /* size_t */ +#define OSSL_DIGEST_PARAM_FLAGS "flags" /* ulong */ + +/* Known DIGEST names (not a complete list) */ +#define OSSL_DIGEST_NAME_MD5 "MD5" +#define OSSL_DIGEST_NAME_MD5_SHA1 "MD5-SHA1" +#define OSSL_DIGEST_NAME_SHA1 "SHA1" +#define OSSL_DIGEST_NAME_SHA2_224 "SHA2-224" +#define OSSL_DIGEST_NAME_SHA2_256 "SHA2-256" +#define OSSL_DIGEST_NAME_SHA2_384 "SHA2-384" +#define OSSL_DIGEST_NAME_SHA2_512 "SHA2-512" +#define OSSL_DIGEST_NAME_MD2 "MD2" +#define OSSL_DIGEST_NAME_MD4 "MD4" +#define OSSL_DIGEST_NAME_MDC2 "MDC2" +#define OSSL_DIGEST_NAME_RIPEMD160 "RIPEMD160" +#define OSSL_DIGEST_NAME_SHA3_224 "SHA3-224" +#define OSSL_DIGEST_NAME_SHA3_256 "SHA3-256" +#define OSSL_DIGEST_NAME_SHA3_384 "SHA3-384" +#define OSSL_DIGEST_NAME_SHA3_512 "SHA3-512" +#define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128" +#define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256" + +/* MAC parameters */ +#define OSSL_MAC_PARAM_KEY "key" /* octet string */ +#define OSSL_MAC_PARAM_IV "iv" /* octet string */ +#define OSSL_MAC_PARAM_CUSTOM "custom" /* utf8 string */ +#define OSSL_MAC_PARAM_SALT "salt" /* octet string */ +#define OSSL_MAC_PARAM_XOF "xof" /* int, 0 or 1 */ +#define OSSL_MAC_PARAM_FLAGS "flags" /* int */ +/* + * If "engine" or "properties" are specified, they should always be paired + * with "cipher" or "digest". + */ +#define OSSL_MAC_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER /* utf8 string */ +#define OSSL_MAC_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST /* utf8 string */ +#define OSSL_MAC_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES /* utf8 string */ +#define OSSL_MAC_PARAM_SIZE "size" /* size_t */ + +/* Known MAC names (not a complete list) */ +#define OSSL_MAC_NAME_CMAC "CMAC" +#define OSSL_MAC_NAME_HMAC "HMAC" +#define OSSL_MAC_NAME_KMAC128 "KMAC128" +#define OSSL_MAC_NAME_KMAC256 "KMAC256" + +/* KDF / PRF parameters */ +#define OSSL_KDF_PARAM_SECRET "secret" /* octet string */ +#define OSSL_KDF_PARAM_KEY "key" /* octet string */ +#define OSSL_KDF_PARAM_SALT "salt" /* octet string */ +#define OSSL_KDF_PARAM_PASSWORD "pass" /* octet string */ +#define OSSL_KDF_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST /* utf8 string */ +#define OSSL_KDF_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER /* utf8 string */ +#define OSSL_KDF_PARAM_MAC OSSL_ALG_PARAM_MAC /* utf8 string */ +#define OSSL_KDF_PARAM_MAC_SIZE "maclen" /* size_t */ +#define OSSL_KDF_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES /* utf8 string */ +#define OSSL_KDF_PARAM_ITER "iter" /* unsigned int */ +#define OSSL_KDF_PARAM_MODE "mode" /* utf8 string or int */ +#define OSSL_KDF_PARAM_PKCS5 "pkcs5" /* int */ +#define OSSL_KDF_PARAM_UKM "ukm" /* octet string */ +#define OSSL_KDF_PARAM_CEK_ALG "cekalg" /* utf8 string */ +#define OSSL_KDF_PARAM_SCRYPT_N "n" /* uint64_t */ +#define OSSL_KDF_PARAM_SCRYPT_R "r" /* uint32_t */ +#define OSSL_KDF_PARAM_SCRYPT_P "p" /* uint32_t */ +#define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes" /* uint64_t */ +#define OSSL_KDF_PARAM_INFO "info" /* octet string */ +#define OSSL_KDF_PARAM_SEED "seed" /* octet string */ +#define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash" /* octet string */ +#define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id" /* octet string */ +#define OSSL_KDF_PARAM_SSHKDF_TYPE "type" /* int */ +#define OSSL_KDF_PARAM_SIZE "size" /* size_t */ +#define OSSL_KDF_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER /* utf8 string */ +#define OSSL_KDF_PARAM_CONSTANT "constant" /* octet string */ + +/* Known KDF names */ +#define OSSL_KDF_NAME_HKDF "HKDF" +#define OSSL_KDF_NAME_PBKDF2 "PBKDF2" +#define OSSL_KDF_NAME_SCRYPT "SCRYPT" +#define OSSL_KDF_NAME_SSHKDF "SSHKDF" +#define OSSL_KDF_NAME_SSKDF "SSKDF" +#define OSSL_KDF_NAME_TLS1_PRF "TLS1-PRF" +#define OSSL_KDF_NAME_X942KDF "X942KDF" +#define OSSL_KDF_NAME_X963KDF "X963KDF" +#define OSSL_KDF_NAME_KBKDF "KBKDF" +#define OSSL_KDF_NAME_KRB5KDF "KRB5KDF" + +/* PKEY parameters */ +/* Common PKEY parameters */ +#define OSSL_PKEY_PARAM_BITS "bits" /* integer */ +#define OSSL_PKEY_PARAM_MAX_SIZE "max-size" /* integer */ +#define OSSL_PKEY_PARAM_SECURITY_BITS "security-bits" /* integer */ +#define OSSL_PKEY_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST +#define OSSL_PKEY_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES +#define OSSL_PKEY_PARAM_DEFAULT_DIGEST "default-digest" /* utf8 string */ +#define OSSL_PKEY_PARAM_MANDATORY_DIGEST "mandatory-digest" /* utf8 string */ +#define OSSL_PKEY_PARAM_PAD_MODE "pad-mode" +#define OSSL_PKEY_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST +#define OSSL_PKEY_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES +#define OSSL_PKEY_PARAM_DIGEST_SIZE "digest-size" +#define OSSL_PKEY_PARAM_MGF1_DIGEST "mgf1-digest" +#define OSSL_PKEY_PARAM_MGF1_PROPERTIES "mgf1-properties" + +/* Diffie-Hellman/DSA public/private key */ +#define OSSL_PKEY_PARAM_PUB_KEY "pub" +#define OSSL_PKEY_PARAM_PRIV_KEY "priv" + +/* Diffie-Hellman/DSA Parameters */ +#define OSSL_PKEY_PARAM_FFC_P "p" +#define OSSL_PKEY_PARAM_FFC_G "g" +#define OSSL_PKEY_PARAM_FFC_Q "q" + +/* Elliptic Curve Domain Parameters */ +#define OSSL_PKEY_PARAM_EC_NAME "curve-name" + +/* Elliptic Curve Key Parameters */ +#define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag" +#define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH \ + OSSL_PKEY_PARAM_USE_COFACTOR_FLAG + +/* RSA Keys */ +/* + * n, e, d are the usual public and private key components + * + * rsa-num is the number of factors, including p and q + * rsa-factor is used for each factor: p, q, r_i (i = 3, ...) + * rsa-exponent is used for each exponent: dP, dQ, d_i (i = 3, ...) + * rsa-coefficient is used for each coefficient: qInv, t_i (i = 3, ...) + * + * The number of rsa-factor items must be equal to the number of rsa-exponent + * items, and the number of rsa-coefficients must be one less. + * (the base i for the coefficients is 2, not 1, at least as implied by + * RFC 8017) + */ +#define OSSL_PKEY_PARAM_RSA_N "n" +#define OSSL_PKEY_PARAM_RSA_E "e" +#define OSSL_PKEY_PARAM_RSA_D "d" +#define OSSL_PKEY_PARAM_RSA_FACTOR "rsa-factor" +#define OSSL_PKEY_PARAM_RSA_EXPONENT "rsa-exponent" +#define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient" + +/* Key Exchange parameters */ + +#define OSSL_EXCHANGE_PARAM_PAD "pad" /* uint */ +#define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode" /* int */ +#define OSSL_EXCHANGE_PARAM_KDF_TYPE "kdf-type" /* utf8_string */ +#define OSSL_EXCHANGE_PARAM_KDF_DIGEST "kdf-digest" /* utf8_string */ +#define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS "kdf-digest-props" /* utf8_string */ +#define OSSL_EXCHANGE_PARAM_KDF_OUTLEN "kdf-outlen" /* size_t */ + +/* + * TODO(3.0): improve this pattern + * + * Currently the sole internal user of OSSL_EXCHANGE_PARAM_KDF_UKM is + * EVP_PKEY_CTX_{set0,get0}_ecdh_kdf_ukm(): + * OSSL_EXCHANGE_PARAM_KDF_UKM is handled as a octet_string on set0, + * and as an octet_ptr on get0. + * + * This pattern is borrowed from the handling of + * OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL in + * EVP_PKEY_CTX_{set0,get0}_rsa_oaep_label(). + */ +#define OSSL_EXCHANGE_PARAM_KDF_UKM "kdf-ukm" /* see note above */ +#define OSSL_EXCHANGE_PARAM_KDF_UKM_LEN "kdf-ukm-len" /* size_t */ + +/* Signature parameters */ +#define OSSL_SIGNATURE_PARAM_ALGORITHM_ID "algorithm-id" +#define OSSL_SIGNATURE_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE +#define OSSL_SIGNATURE_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST +#define OSSL_SIGNATURE_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES +#define OSSL_SIGNATURE_PARAM_PSS_SALTLEN "pss-saltlen" +#define OSSL_SIGNATURE_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST +#define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES \ + OSSL_PKEY_PARAM_MGF1_PROPERTIES + +/* Asym cipher parameters */ +#define OSSL_ASYM_CIPHER_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE +#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST \ + OSSL_PKEY_PARAM_MGF1_DIGEST +#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS \ + OSSL_PKEY_PARAM_MGF1_PROPERTIES +#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST OSSL_ALG_PARAM_DIGEST +#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS "digest-props" +#define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label" +#define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL_LEN "oaep-label-len" +#define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version" +#define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version" + +/* + * Serializer parameters + */ +/* The passphrase may be passed as a utf8 string or an octet string */ +#define OSSL_SERIALIZER_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER +#define OSSL_SERIALIZER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES +#define OSSL_SERIALIZER_PARAM_PASS "passphrase" + +/* Passphrase callback parameters */ +#define OSSL_PASSPHRASE_PARAM_INFO "info" + +# ifdef __cplusplus +} +# endif + +#endif diff --git a/linux_amd64/include/openssl/core_numbers.h b/linux_amd64/include/openssl/core_numbers.h new file mode 100644 index 0000000..3314a0f --- /dev/null +++ b/linux_amd64/include/openssl/core_numbers.h @@ -0,0 +1,615 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_CORE_NUMBERS_H +# define OPENSSL_CORE_NUMBERS_H + +# include +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +/*- + * Identities + * ---------- + * + * All series start with 1, to allow 0 to be an array terminator. + * For any FUNC identity, we also provide a function signature typedef + * and a static inline function to extract a function pointer from a + * OSSL_DISPATCH element in a type safe manner. + * + * Names: + * for any function base name 'foo' (uppercase form 'FOO'), we will have + * the following: + * - a macro for the identity with the name OSSL_FUNC_'FOO' or derivatives + * thereof (to be specified further down) + * - a function signature typedef with the name OSSL_'foo'_fn + * - a function pointer extractor function with the name OSSL_'foo' + */ + +/* + * Helper macro to create the function signature typedef and the extractor + * |type| is the return-type of the function, |name| is the name of the + * function to fetch, and |args| is a parenthesized list of parameters + * for the function (that is, it is |name|'s function signature). + */ +#define OSSL_CORE_MAKE_FUNC(type,name,args) \ + typedef type (OSSL_##name##_fn)args; \ + static ossl_inline \ + OSSL_##name##_fn *OSSL_get_##name(const OSSL_DISPATCH *opf) \ + { \ + return (OSSL_##name##_fn *)opf->function; \ + } + +/* + * Core function identities, for the two OSSL_DISPATCH tables being passed + * in the OSSL_provider_init call. + * + * 0 serves as a marker for the end of the OSSL_DISPATCH array, and must + * therefore NEVER be used as a function identity. + */ +/* Functions provided by the Core to the provider, reserved numbers 1-1023 */ +# define OSSL_FUNC_CORE_GETTABLE_PARAMS 1 +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, + core_gettable_params,(const OSSL_PROVIDER *prov)) +# define OSSL_FUNC_CORE_GET_PARAMS 2 +OSSL_CORE_MAKE_FUNC(int,core_get_params,(const OSSL_PROVIDER *prov, + OSSL_PARAM params[])) +# define OSSL_FUNC_CORE_THREAD_START 3 +OSSL_CORE_MAKE_FUNC(int,core_thread_start,(const OSSL_PROVIDER *prov, + OSSL_thread_stop_handler_fn handfn)) +# define OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT 4 +OSSL_CORE_MAKE_FUNC(OPENSSL_CTX *,core_get_library_context, + (const OSSL_PROVIDER *prov)) +# define OSSL_FUNC_CORE_NEW_ERROR 5 +OSSL_CORE_MAKE_FUNC(void,core_new_error,(const OSSL_PROVIDER *prov)) +# define OSSL_FUNC_CORE_SET_ERROR_DEBUG 6 +OSSL_CORE_MAKE_FUNC(void,core_set_error_debug, + (const OSSL_PROVIDER *prov, + const char *file, int line, const char *func)) +# define OSSL_FUNC_CORE_VSET_ERROR 7 +OSSL_CORE_MAKE_FUNC(void,core_vset_error, + (const OSSL_PROVIDER *prov, + uint32_t reason, const char *fmt, va_list args)) +# define OSSL_FUNC_CORE_SET_ERROR_MARK 8 +OSSL_CORE_MAKE_FUNC(int, core_set_error_mark, (const OSSL_PROVIDER *prov)) +# define OSSL_FUNC_CORE_CLEAR_LAST_ERROR_MARK 9 +OSSL_CORE_MAKE_FUNC(int, core_clear_last_error_mark, + (const OSSL_PROVIDER *prov)) +# define OSSL_FUNC_CORE_POP_ERROR_TO_MARK 10 +OSSL_CORE_MAKE_FUNC(int, core_pop_error_to_mark, (const OSSL_PROVIDER *prov)) + +/* Memory allocation, freeing, clearing. */ +#define OSSL_FUNC_CRYPTO_MALLOC 20 +OSSL_CORE_MAKE_FUNC(void *, + CRYPTO_malloc, (size_t num, const char *file, int line)) +#define OSSL_FUNC_CRYPTO_ZALLOC 21 +OSSL_CORE_MAKE_FUNC(void *, + CRYPTO_zalloc, (size_t num, const char *file, int line)) +#define OSSL_FUNC_CRYPTO_FREE 22 +OSSL_CORE_MAKE_FUNC(void, + CRYPTO_free, (void *ptr, const char *file, int line)) +#define OSSL_FUNC_CRYPTO_CLEAR_FREE 23 +OSSL_CORE_MAKE_FUNC(void, + CRYPTO_clear_free, (void *ptr, size_t num, const char *file, int line)) +#define OSSL_FUNC_CRYPTO_REALLOC 24 +OSSL_CORE_MAKE_FUNC(void *, + CRYPTO_realloc, (void *addr, size_t num, const char *file, int line)) +#define OSSL_FUNC_CRYPTO_CLEAR_REALLOC 25 +OSSL_CORE_MAKE_FUNC(void *, + CRYPTO_clear_realloc, (void *addr, size_t old_num, size_t num, + const char *file, int line)) +#define OSSL_FUNC_CRYPTO_SECURE_MALLOC 26 +OSSL_CORE_MAKE_FUNC(void *, + CRYPTO_secure_malloc, (size_t num, const char *file, int line)) +#define OSSL_FUNC_CRYPTO_SECURE_ZALLOC 27 +OSSL_CORE_MAKE_FUNC(void *, + CRYPTO_secure_zalloc, (size_t num, const char *file, int line)) +#define OSSL_FUNC_CRYPTO_SECURE_FREE 28 +OSSL_CORE_MAKE_FUNC(void, + CRYPTO_secure_free, (void *ptr, const char *file, int line)) +#define OSSL_FUNC_CRYPTO_SECURE_CLEAR_FREE 29 +OSSL_CORE_MAKE_FUNC(void, + CRYPTO_secure_clear_free, (void *ptr, size_t num, const char *file, + int line)) +#define OSSL_FUNC_CRYPTO_SECURE_ALLOCATED 30 +OSSL_CORE_MAKE_FUNC(int, + CRYPTO_secure_allocated, (const void *ptr)) +#define OSSL_FUNC_OPENSSL_CLEANSE 31 +OSSL_CORE_MAKE_FUNC(void, + OPENSSL_cleanse, (void *ptr, size_t len)) + +/* Bio functions provided by the core */ +#define OSSL_FUNC_BIO_NEW_FILE 40 +#define OSSL_FUNC_BIO_NEW_MEMBUF 41 +#define OSSL_FUNC_BIO_READ_EX 42 +#define OSSL_FUNC_BIO_FREE 43 +#define OSSL_FUNC_BIO_VPRINTF 44 + +OSSL_CORE_MAKE_FUNC(BIO *, BIO_new_file, (const char *filename, const char *mode)) +OSSL_CORE_MAKE_FUNC(BIO *, BIO_new_membuf, (const void *buf, int len)) +OSSL_CORE_MAKE_FUNC(int, BIO_read_ex, (BIO *bio, void *data, size_t data_len, + size_t *bytes_read)) +OSSL_CORE_MAKE_FUNC(int, BIO_free, (BIO *bio)) +OSSL_CORE_MAKE_FUNC(int, BIO_vprintf, (BIO *bio, const char *format, + va_list args)) + +#define OSSL_FUNC_SELF_TEST_CB 100 +OSSL_CORE_MAKE_FUNC(void, self_test_cb, (OPENSSL_CTX *ctx, OSSL_CALLBACK **cb, + void **cbarg)) + +/* Functions provided by the provider to the Core, reserved numbers 1024-1535 */ +# define OSSL_FUNC_PROVIDER_TEARDOWN 1024 +OSSL_CORE_MAKE_FUNC(void,provider_teardown,(void *provctx)) +# define OSSL_FUNC_PROVIDER_GETTABLE_PARAMS 1025 +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, + provider_gettable_params,(void *provctx)) +# define OSSL_FUNC_PROVIDER_GET_PARAMS 1026 +OSSL_CORE_MAKE_FUNC(int,provider_get_params,(void *provctx, + OSSL_PARAM params[])) +# define OSSL_FUNC_PROVIDER_QUERY_OPERATION 1027 +OSSL_CORE_MAKE_FUNC(const OSSL_ALGORITHM *,provider_query_operation, + (void *provctx, int operation_id, const int *no_store)) +# define OSSL_FUNC_PROVIDER_GET_REASON_STRINGS 1028 +OSSL_CORE_MAKE_FUNC(const OSSL_ITEM *,provider_get_reason_strings, + (void *provctx)) + +/* Operations */ + +# define OSSL_OP_DIGEST 1 +# define OSSL_OP_CIPHER 2 /* Symmetric Ciphers */ +# define OSSL_OP_MAC 3 +# define OSSL_OP_KDF 4 +# define OSSL_OP_KEYMGMT 10 +# define OSSL_OP_KEYEXCH 11 +# define OSSL_OP_SIGNATURE 12 +# define OSSL_OP_ASYM_CIPHER 13 +/* New section for non-EVP operations */ +# define OSSL_OP_SERIALIZER 20 +/* Highest known operation number */ +# define OSSL_OP__HIGHEST 20 + +/* Digests */ + +# define OSSL_FUNC_DIGEST_NEWCTX 1 +# define OSSL_FUNC_DIGEST_INIT 2 +# define OSSL_FUNC_DIGEST_UPDATE 3 +# define OSSL_FUNC_DIGEST_FINAL 4 +# define OSSL_FUNC_DIGEST_DIGEST 5 +# define OSSL_FUNC_DIGEST_FREECTX 6 +# define OSSL_FUNC_DIGEST_DUPCTX 7 +# define OSSL_FUNC_DIGEST_GET_PARAMS 8 +# define OSSL_FUNC_DIGEST_SET_CTX_PARAMS 9 +# define OSSL_FUNC_DIGEST_GET_CTX_PARAMS 10 +# define OSSL_FUNC_DIGEST_GETTABLE_PARAMS 11 +# define OSSL_FUNC_DIGEST_SETTABLE_CTX_PARAMS 12 +# define OSSL_FUNC_DIGEST_GETTABLE_CTX_PARAMS 13 + +OSSL_CORE_MAKE_FUNC(void *, OP_digest_newctx, (void *provctx)) +OSSL_CORE_MAKE_FUNC(int, OP_digest_init, (void *dctx)) +OSSL_CORE_MAKE_FUNC(int, OP_digest_update, + (void *dctx, const unsigned char *in, size_t inl)) +OSSL_CORE_MAKE_FUNC(int, OP_digest_final, + (void *dctx, + unsigned char *out, size_t *outl, size_t outsz)) +OSSL_CORE_MAKE_FUNC(int, OP_digest_digest, + (void *provctx, const unsigned char *in, size_t inl, + unsigned char *out, size_t *outl, size_t outsz)) + +OSSL_CORE_MAKE_FUNC(void, OP_digest_freectx, (void *dctx)) +OSSL_CORE_MAKE_FUNC(void *, OP_digest_dupctx, (void *dctx)) + +OSSL_CORE_MAKE_FUNC(int, OP_digest_get_params, (OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, OP_digest_set_ctx_params, + (void *vctx, const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, OP_digest_get_ctx_params, + (void *vctx, OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_digest_gettable_params, (void)) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_digest_settable_ctx_params, (void)) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_digest_gettable_ctx_params, (void)) + +/* Symmetric Ciphers */ + +# define OSSL_FUNC_CIPHER_NEWCTX 1 +# define OSSL_FUNC_CIPHER_ENCRYPT_INIT 2 +# define OSSL_FUNC_CIPHER_DECRYPT_INIT 3 +# define OSSL_FUNC_CIPHER_UPDATE 4 +# define OSSL_FUNC_CIPHER_FINAL 5 +# define OSSL_FUNC_CIPHER_CIPHER 6 +# define OSSL_FUNC_CIPHER_FREECTX 7 +# define OSSL_FUNC_CIPHER_DUPCTX 8 +# define OSSL_FUNC_CIPHER_GET_PARAMS 9 +# define OSSL_FUNC_CIPHER_GET_CTX_PARAMS 10 +# define OSSL_FUNC_CIPHER_SET_CTX_PARAMS 11 +# define OSSL_FUNC_CIPHER_GETTABLE_PARAMS 12 +# define OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS 13 +# define OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS 14 + +OSSL_CORE_MAKE_FUNC(void *, OP_cipher_newctx, (void *provctx)) +OSSL_CORE_MAKE_FUNC(int, OP_cipher_encrypt_init, (void *cctx, + const unsigned char *key, + size_t keylen, + const unsigned char *iv, + size_t ivlen)) +OSSL_CORE_MAKE_FUNC(int, OP_cipher_decrypt_init, (void *cctx, + const unsigned char *key, + size_t keylen, + const unsigned char *iv, + size_t ivlen)) +OSSL_CORE_MAKE_FUNC(int, OP_cipher_update, + (void *cctx, + unsigned char *out, size_t *outl, size_t outsize, + const unsigned char *in, size_t inl)) +OSSL_CORE_MAKE_FUNC(int, OP_cipher_final, + (void *cctx, + unsigned char *out, size_t *outl, size_t outsize)) +OSSL_CORE_MAKE_FUNC(int, OP_cipher_cipher, + (void *cctx, + unsigned char *out, size_t *outl, size_t outsize, + const unsigned char *in, size_t inl)) +OSSL_CORE_MAKE_FUNC(void, OP_cipher_freectx, (void *cctx)) +OSSL_CORE_MAKE_FUNC(void *, OP_cipher_dupctx, (void *cctx)) +OSSL_CORE_MAKE_FUNC(int, OP_cipher_get_params, (OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, OP_cipher_get_ctx_params, (void *cctx, + OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, OP_cipher_set_ctx_params, (void *cctx, + const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_cipher_gettable_params, (void)) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_cipher_settable_ctx_params, (void)) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_cipher_gettable_ctx_params, (void)) + +/* MACs */ + +# define OSSL_FUNC_MAC_NEWCTX 1 +# define OSSL_FUNC_MAC_DUPCTX 2 +# define OSSL_FUNC_MAC_FREECTX 3 +# define OSSL_FUNC_MAC_INIT 4 +# define OSSL_FUNC_MAC_UPDATE 5 +# define OSSL_FUNC_MAC_FINAL 6 +# define OSSL_FUNC_MAC_GET_PARAMS 7 +# define OSSL_FUNC_MAC_GET_CTX_PARAMS 8 +# define OSSL_FUNC_MAC_SET_CTX_PARAMS 9 +# define OSSL_FUNC_MAC_GETTABLE_PARAMS 10 +# define OSSL_FUNC_MAC_GETTABLE_CTX_PARAMS 11 +# define OSSL_FUNC_MAC_SETTABLE_CTX_PARAMS 12 + +OSSL_CORE_MAKE_FUNC(void *, OP_mac_newctx, (void *provctx)) +OSSL_CORE_MAKE_FUNC(void *, OP_mac_dupctx, (void *src)) +OSSL_CORE_MAKE_FUNC(void, OP_mac_freectx, (void *mctx)) +OSSL_CORE_MAKE_FUNC(size_t, OP_mac_size, (void *mctx)) +OSSL_CORE_MAKE_FUNC(int, OP_mac_init, (void *mctx)) +OSSL_CORE_MAKE_FUNC(int, OP_mac_update, + (void *mctx, const unsigned char *in, size_t inl)) +OSSL_CORE_MAKE_FUNC(int, OP_mac_final, + (void *mctx, + unsigned char *out, size_t *outl, size_t outsize)) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_mac_gettable_params, (void)) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_mac_gettable_ctx_params, (void)) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_mac_settable_ctx_params, (void)) +OSSL_CORE_MAKE_FUNC(int, OP_mac_get_params, (OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, OP_mac_get_ctx_params, + (void *mctx, OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, OP_mac_set_ctx_params, + (void *mctx, const OSSL_PARAM params[])) + +/* KDFs and PRFs */ + +# define OSSL_FUNC_KDF_NEWCTX 1 +# define OSSL_FUNC_KDF_DUPCTX 2 +# define OSSL_FUNC_KDF_FREECTX 3 +# define OSSL_FUNC_KDF_RESET 4 +# define OSSL_FUNC_KDF_DERIVE 5 +# define OSSL_FUNC_KDF_GETTABLE_PARAMS 6 +# define OSSL_FUNC_KDF_GETTABLE_CTX_PARAMS 7 +# define OSSL_FUNC_KDF_SETTABLE_CTX_PARAMS 8 +# define OSSL_FUNC_KDF_GET_PARAMS 9 +# define OSSL_FUNC_KDF_GET_CTX_PARAMS 10 +# define OSSL_FUNC_KDF_SET_CTX_PARAMS 11 + +OSSL_CORE_MAKE_FUNC(void *, OP_kdf_newctx, (void *provctx)) +OSSL_CORE_MAKE_FUNC(void *, OP_kdf_dupctx, (void *src)) +OSSL_CORE_MAKE_FUNC(void, OP_kdf_freectx, (void *kctx)) +OSSL_CORE_MAKE_FUNC(void, OP_kdf_reset, (void *kctx)) +OSSL_CORE_MAKE_FUNC(int, OP_kdf_derive, (void *kctx, unsigned char *key, + size_t keylen)) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_kdf_gettable_params, (void)) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_kdf_gettable_ctx_params, (void)) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_kdf_settable_ctx_params, (void)) +OSSL_CORE_MAKE_FUNC(int, OP_kdf_get_params, (OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, OP_kdf_get_ctx_params, + (void *kctx, OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, OP_kdf_set_ctx_params, + (void *kctx, const OSSL_PARAM params[])) + +/*- + * Key management + * + * The Key Management takes care of provider side key objects, and includes + * all current functionality to create them, destroy them, set parameters + * and key material, etc, essentially everything that manipulates the keys + * themselves and their parameters. + * + * The key objects are commonly refered to as |keydata|, and it MUST be able + * to contain parameters if the key has any, the public key and the private + * key. All parts are optional, but their presence determines what can be + * done with the key object in terms of encryption, signature, and so on. + * The assumption from libcrypto is that the key object contains any of the + * following data combinations: + * + * - parameters only + * - public key only + * - public key + private key + * - parameters + public key + * - parameters + public key + private key + * + * What "parameters", "public key" and "private key" means in detail is left + * to the implementation. In the case of DH and DSA, they would typically + * include domain parameters, while for certain variants of RSA, they would + * typically include PSS or OAEP parameters. + * + * Key objects are created with OP_keymgmt_new() and destroyed with + * Op_keymgmt_free(). Key objects can have data filled in with + * OP_keymgmt_import(). + * + * Three functions are made available to check what selection of data is + * present in a key object: OP_keymgmt_has_parameters(), + * OP_keymgmt_has_public_key(), and OP_keymgmt_has_private_key(), + */ + +/* Key data subset selection - individual bits */ +# define OSSL_KEYMGMT_SELECT_PRIVATE_KEY 0x01 +# define OSSL_KEYMGMT_SELECT_PUBLIC_KEY 0x02 +# define OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS 0x04 +# define OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS 0x80 + +/* Key data subset selection - combinations */ +# define OSSL_KEYMGMT_SELECT_ALL_PARAMETERS \ + ( OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS \ + | OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) +# define OSSL_KEYMGMT_SELECT_KEYPAIR \ + ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY | OSSL_KEYMGMT_SELECT_PUBLIC_KEY ) +# define OSSL_KEYMGMT_SELECT_ALL \ + ( OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ) + +/* Basic key object creation, destruction */ +# define OSSL_FUNC_KEYMGMT_NEW 1 +# define OSSL_FUNC_KEYMGMT_FREE 9 +OSSL_CORE_MAKE_FUNC(void *, OP_keymgmt_new, (void *provctx)) +OSSL_CORE_MAKE_FUNC(void, OP_keymgmt_free, (void *keydata)) + +/* Key object information, with discovery */ +#define OSSL_FUNC_KEYMGMT_GET_PARAMS 10 +#define OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS 11 +OSSL_CORE_MAKE_FUNC(int, OP_keymgmt_get_params, + (void *keydata, OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_keymgmt_gettable_params, (void)) + +#define OSSL_FUNC_KEYMGMT_SET_PARAMS 12 +#define OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS 13 +OSSL_CORE_MAKE_FUNC(int, OP_keymgmt_set_params, + (void *keydata, const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_keymgmt_settable_params, (void)) + +/* Key checks - discovery of supported operations */ +# define OSSL_FUNC_KEYMGMT_QUERY_OPERATION_NAME 20 +OSSL_CORE_MAKE_FUNC(const char *, OP_keymgmt_query_operation_name, + (int operation_id)) + +/* Key checks - key data content checks */ +# define OSSL_FUNC_KEYMGMT_HAS 21 +OSSL_CORE_MAKE_FUNC(int, OP_keymgmt_has, (void *keydata, int selection)) + +/* Key checks - validation */ +# define OSSL_FUNC_KEYMGMT_VALIDATE 22 +OSSL_CORE_MAKE_FUNC(int, OP_keymgmt_validate, (void *keydata, int selection)) + +/* Key checks - matching */ +# define OSSL_FUNC_KEYMGMT_MATCH 23 +OSSL_CORE_MAKE_FUNC(int, OP_keymgmt_match, + (const void *keydata1, const void *keydata2, + int selection)) + +/* Import and export functions, with discovery */ +# define OSSL_FUNC_KEYMGMT_IMPORT 40 +# define OSSL_FUNC_KEYMGMT_IMPORT_TYPES 41 +# define OSSL_FUNC_KEYMGMT_EXPORT 42 +# define OSSL_FUNC_KEYMGMT_EXPORT_TYPES 43 +OSSL_CORE_MAKE_FUNC(int, OP_keymgmt_import, + (void *keydata, int selection, const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_keymgmt_import_types, + (int selection)) +OSSL_CORE_MAKE_FUNC(int, OP_keymgmt_export, + (void *keydata, int selection, + OSSL_CALLBACK *param_cb, void *cbarg)) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_keymgmt_export_types, + (int selection)) + +/* Copy function, only works for matching keymgmt */ +# define OSSL_FUNC_KEYMGMT_COPY 44 +OSSL_CORE_MAKE_FUNC(int, OP_keymgmt_copy, + ( void *keydata_to, const void *keydata_from, + int selection)) + +/* Key Exchange */ + +# define OSSL_FUNC_KEYEXCH_NEWCTX 1 +# define OSSL_FUNC_KEYEXCH_INIT 2 +# define OSSL_FUNC_KEYEXCH_DERIVE 3 +# define OSSL_FUNC_KEYEXCH_SET_PEER 4 +# define OSSL_FUNC_KEYEXCH_FREECTX 5 +# define OSSL_FUNC_KEYEXCH_DUPCTX 6 +# define OSSL_FUNC_KEYEXCH_SET_CTX_PARAMS 7 +# define OSSL_FUNC_KEYEXCH_SETTABLE_CTX_PARAMS 8 +# define OSSL_FUNC_KEYEXCH_GET_CTX_PARAMS 9 +# define OSSL_FUNC_KEYEXCH_GETTABLE_CTX_PARAMS 10 + +OSSL_CORE_MAKE_FUNC(void *, OP_keyexch_newctx, (void *provctx)) +OSSL_CORE_MAKE_FUNC(int, OP_keyexch_init, (void *ctx, void *provkey)) +OSSL_CORE_MAKE_FUNC(int, OP_keyexch_derive, (void *ctx, unsigned char *secret, + size_t *secretlen, size_t outlen)) +OSSL_CORE_MAKE_FUNC(int, OP_keyexch_set_peer, (void *ctx, void *provkey)) +OSSL_CORE_MAKE_FUNC(void, OP_keyexch_freectx, (void *ctx)) +OSSL_CORE_MAKE_FUNC(void *, OP_keyexch_dupctx, (void *ctx)) +OSSL_CORE_MAKE_FUNC(int, OP_keyexch_set_ctx_params, (void *ctx, + const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_keyexch_settable_ctx_params, + (void)) +OSSL_CORE_MAKE_FUNC(int, OP_keyexch_get_ctx_params, (void *ctx, + OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_keyexch_gettable_ctx_params, + (void)) + +/* Signature */ + +# define OSSL_FUNC_SIGNATURE_NEWCTX 1 +# define OSSL_FUNC_SIGNATURE_SIGN_INIT 2 +# define OSSL_FUNC_SIGNATURE_SIGN 3 +# define OSSL_FUNC_SIGNATURE_VERIFY_INIT 4 +# define OSSL_FUNC_SIGNATURE_VERIFY 5 +# define OSSL_FUNC_SIGNATURE_VERIFY_RECOVER_INIT 6 +# define OSSL_FUNC_SIGNATURE_VERIFY_RECOVER 7 +# define OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT 8 +# define OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE 9 +# define OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL 10 +# define OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT 11 +# define OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE 12 +# define OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL 13 +# define OSSL_FUNC_SIGNATURE_FREECTX 14 +# define OSSL_FUNC_SIGNATURE_DUPCTX 15 +# define OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS 16 +# define OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS 17 +# define OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS 18 +# define OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS 19 +# define OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS 20 +# define OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS 21 +# define OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS 22 +# define OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS 23 + +OSSL_CORE_MAKE_FUNC(void *, OP_signature_newctx, (void *provctx)) +OSSL_CORE_MAKE_FUNC(int, OP_signature_sign_init, (void *ctx, void *provkey)) +OSSL_CORE_MAKE_FUNC(int, OP_signature_sign, (void *ctx, unsigned char *sig, + size_t *siglen, size_t sigsize, + const unsigned char *tbs, + size_t tbslen)) +OSSL_CORE_MAKE_FUNC(int, OP_signature_verify_init, (void *ctx, void *provkey)) +OSSL_CORE_MAKE_FUNC(int, OP_signature_verify, (void *ctx, + const unsigned char *sig, + size_t siglen, + const unsigned char *tbs, + size_t tbslen)) +OSSL_CORE_MAKE_FUNC(int, OP_signature_verify_recover_init, (void *ctx, + void *provkey)) +OSSL_CORE_MAKE_FUNC(int, OP_signature_verify_recover, (void *ctx, + unsigned char *rout, + size_t *routlen, + size_t routsize, + const unsigned char *sig, + size_t siglen)) +OSSL_CORE_MAKE_FUNC(int, OP_signature_digest_sign_init, + (void *ctx, const char *mdname, const char *props, + void *provkey)) +OSSL_CORE_MAKE_FUNC(int, OP_signature_digest_sign_update, + (void *ctx, const unsigned char *data, size_t datalen)) +OSSL_CORE_MAKE_FUNC(int, OP_signature_digest_sign_final, + (void *ctx, unsigned char *sig, size_t *siglen, + size_t sigsize)) +OSSL_CORE_MAKE_FUNC(int, OP_signature_digest_verify_init, + (void *ctx, const char *mdname, const char *props, + void *provkey)) +OSSL_CORE_MAKE_FUNC(int, OP_signature_digest_verify_update, + (void *ctx, const unsigned char *data, size_t datalen)) +OSSL_CORE_MAKE_FUNC(int, OP_signature_digest_verify_final, + (void *ctx, const unsigned char *sig, size_t siglen)) +OSSL_CORE_MAKE_FUNC(void, OP_signature_freectx, (void *ctx)) +OSSL_CORE_MAKE_FUNC(void *, OP_signature_dupctx, (void *ctx)) +OSSL_CORE_MAKE_FUNC(int, OP_signature_get_ctx_params, + (void *ctx, OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_signature_gettable_ctx_params, + (void)) +OSSL_CORE_MAKE_FUNC(int, OP_signature_set_ctx_params, + (void *ctx, const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_signature_settable_ctx_params, + (void)) +OSSL_CORE_MAKE_FUNC(int, OP_signature_get_ctx_md_params, + (void *ctx, OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_signature_gettable_ctx_md_params, + (void *ctx)) +OSSL_CORE_MAKE_FUNC(int, OP_signature_set_ctx_md_params, + (void *ctx, const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_signature_settable_ctx_md_params, + (void *ctx)) + + +/* Asymmetric Ciphers */ + +# define OSSL_FUNC_ASYM_CIPHER_NEWCTX 1 +# define OSSL_FUNC_ASYM_CIPHER_ENCRYPT_INIT 2 +# define OSSL_FUNC_ASYM_CIPHER_ENCRYPT 3 +# define OSSL_FUNC_ASYM_CIPHER_DECRYPT_INIT 4 +# define OSSL_FUNC_ASYM_CIPHER_DECRYPT 5 +# define OSSL_FUNC_ASYM_CIPHER_FREECTX 6 +# define OSSL_FUNC_ASYM_CIPHER_DUPCTX 7 +# define OSSL_FUNC_ASYM_CIPHER_GET_CTX_PARAMS 8 +# define OSSL_FUNC_ASYM_CIPHER_GETTABLE_CTX_PARAMS 9 +# define OSSL_FUNC_ASYM_CIPHER_SET_CTX_PARAMS 10 +# define OSSL_FUNC_ASYM_CIPHER_SETTABLE_CTX_PARAMS 11 + +OSSL_CORE_MAKE_FUNC(void *, OP_asym_cipher_newctx, (void *provctx)) +OSSL_CORE_MAKE_FUNC(int, OP_asym_cipher_encrypt_init, (void *ctx, void *provkey)) +OSSL_CORE_MAKE_FUNC(int, OP_asym_cipher_encrypt, (void *ctx, unsigned char *out, + size_t *outlen, + size_t outsize, + const unsigned char *in, + size_t inlen)) +OSSL_CORE_MAKE_FUNC(int, OP_asym_cipher_decrypt_init, (void *ctx, void *provkey)) +OSSL_CORE_MAKE_FUNC(int, OP_asym_cipher_decrypt, (void *ctx, unsigned char *out, + size_t *outlen, + size_t outsize, + const unsigned char *in, + size_t inlen)) +OSSL_CORE_MAKE_FUNC(void, OP_asym_cipher_freectx, (void *ctx)) +OSSL_CORE_MAKE_FUNC(void *, OP_asym_cipher_dupctx, (void *ctx)) +OSSL_CORE_MAKE_FUNC(int, OP_asym_cipher_get_ctx_params, + (void *ctx, OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_asym_cipher_gettable_ctx_params, + (void)) +OSSL_CORE_MAKE_FUNC(int, OP_asym_cipher_set_ctx_params, + (void *ctx, const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_asym_cipher_settable_ctx_params, + (void)) + +/* Serializers */ +# define OSSL_FUNC_SERIALIZER_NEWCTX 1 +# define OSSL_FUNC_SERIALIZER_FREECTX 2 +# define OSSL_FUNC_SERIALIZER_SET_CTX_PARAMS 3 +# define OSSL_FUNC_SERIALIZER_SETTABLE_CTX_PARAMS 4 +# define OSSL_FUNC_SERIALIZER_SERIALIZE_DATA 10 +# define OSSL_FUNC_SERIALIZER_SERIALIZE_OBJECT 11 +OSSL_CORE_MAKE_FUNC(void *, OP_serializer_newctx, (void *provctx)) +OSSL_CORE_MAKE_FUNC(void, OP_serializer_freectx, (void *ctx)) +OSSL_CORE_MAKE_FUNC(int, OP_serializer_set_ctx_params, + (void *ctx, const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_serializer_settable_ctx_params, + (void)) + +OSSL_CORE_MAKE_FUNC(int, OP_serializer_serialize_data, + (void *ctx, const OSSL_PARAM[], BIO *out, + OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg)) +OSSL_CORE_MAKE_FUNC(int, OP_serializer_serialize_object, + (void *ctx, void *obj, BIO *out, + OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg)) + +# ifdef __cplusplus +} +# endif + +#endif diff --git a/linux_amd64/include/openssl/crmf.h b/linux_amd64/include/openssl/crmf.h new file mode 100644 index 0000000..09b57f6 --- /dev/null +++ b/linux_amd64/include/openssl/crmf.h @@ -0,0 +1,139 @@ +/*- + * Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright Nokia 2007-2019 + * Copyright Siemens AG 2015-2019 + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + * + * CRMF (RFC 4211) implementation by M. Peylo, M. Viljanen, and D. von Oheimb. + */ + +#ifndef OPENSSL_CRMF_H +# define OPENSSL_CRMF_H + +# include + +# ifndef OPENSSL_NO_CRMF +# include +# include +# include +# include /* for GENERAL_NAME etc. */ + +/* explicit #includes not strictly needed since implied by the above: */ +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +# define OSSL_CRMF_POPOPRIVKEY_THISMESSAGE 0 +# define OSSL_CRMF_POPOPRIVKEY_SUBSEQUENTMESSAGE 1 +# define OSSL_CRMF_POPOPRIVKEY_DHMAC 2 +# define OSSL_CRMF_POPOPRIVKEY_AGREEMAC 3 +# define OSSL_CRMF_POPOPRIVKEY_ENCRYPTEDKEY 4 + +# define OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT 0 +# define OSSL_CRMF_SUBSEQUENTMESSAGE_CHALLENGERESP 1 + +typedef struct ossl_crmf_encryptedvalue_st OSSL_CRMF_ENCRYPTEDVALUE; +DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_ENCRYPTEDVALUE) +typedef struct ossl_crmf_msg_st OSSL_CRMF_MSG; +DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSG) +DEFINE_STACK_OF(OSSL_CRMF_MSG) +typedef struct ossl_crmf_attributetypeandvalue_st OSSL_CRMF_ATTRIBUTETYPEANDVALUE; +typedef struct ossl_crmf_pbmparameter_st OSSL_CRMF_PBMPARAMETER; +DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_PBMPARAMETER) +typedef struct ossl_crmf_poposigningkey_st OSSL_CRMF_POPOSIGNINGKEY; +typedef struct ossl_crmf_certrequest_st OSSL_CRMF_CERTREQUEST; +typedef struct ossl_crmf_certid_st OSSL_CRMF_CERTID; +DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_CERTID) +DEFINE_STACK_OF(OSSL_CRMF_CERTID) + +typedef struct ossl_crmf_pkipublicationinfo_st OSSL_CRMF_PKIPUBLICATIONINFO; +DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_PKIPUBLICATIONINFO) +typedef struct ossl_crmf_singlepubinfo_st OSSL_CRMF_SINGLEPUBINFO; +DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_SINGLEPUBINFO) +typedef struct ossl_crmf_certtemplate_st OSSL_CRMF_CERTTEMPLATE; +DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_CERTTEMPLATE) +typedef STACK_OF(OSSL_CRMF_MSG) OSSL_CRMF_MSGS; +DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSGS) + +typedef struct ossl_crmf_optionalvalidity_st OSSL_CRMF_OPTIONALVALIDITY; + +/* crmf_pbm.c */ +OSSL_CRMF_PBMPARAMETER *OSSL_CRMF_pbmp_new(size_t slen, int owfnid, + int itercnt, int macnid); +int OSSL_CRMF_pbm_new(const OSSL_CRMF_PBMPARAMETER *pbmp, + const unsigned char *msg, size_t msglen, + const unsigned char *sec, size_t seclen, + unsigned char **mac, size_t *maclen); + +/* crmf_lib.c */ +int OSSL_CRMF_MSG_set1_regCtrl_regToken(OSSL_CRMF_MSG *msg, + const ASN1_UTF8STRING *tok); +int OSSL_CRMF_MSG_set1_regCtrl_authenticator(OSSL_CRMF_MSG *msg, + const ASN1_UTF8STRING *auth); +int +OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo(OSSL_CRMF_PKIPUBLICATIONINFO *pi, + OSSL_CRMF_SINGLEPUBINFO *spi); +# define OSSL_CRMF_PUB_METHOD_DONTCARE 0 +# define OSSL_CRMF_PUB_METHOD_X500 1 +# define OSSL_CRMF_PUB_METHOD_WEB 2 +# define OSSL_CRMF_PUB_METHOD_LDAP 3 +int OSSL_CRMF_MSG_set0_SinglePubInfo(OSSL_CRMF_SINGLEPUBINFO *spi, + int method, GENERAL_NAME *nm); +# define OSSL_CRMF_PUB_ACTION_DONTPUBLISH 0 +# define OSSL_CRMF_PUB_ACTION_PLEASEPUBLISH 1 +int OSSL_CRMF_MSG_set_PKIPublicationInfo_action(OSSL_CRMF_PKIPUBLICATIONINFO *pi, + int action); +int OSSL_CRMF_MSG_set1_regCtrl_pkiPublicationInfo(OSSL_CRMF_MSG *msg, + const OSSL_CRMF_PKIPUBLICATIONINFO *pi); +int OSSL_CRMF_MSG_set1_regCtrl_protocolEncrKey(OSSL_CRMF_MSG *msg, + const X509_PUBKEY *pubkey); +int OSSL_CRMF_MSG_set1_regCtrl_oldCertID(OSSL_CRMF_MSG *msg, + const OSSL_CRMF_CERTID *cid); +OSSL_CRMF_CERTID *OSSL_CRMF_CERTID_gen(const X509_NAME *issuer, + const ASN1_INTEGER *serial); + +int OSSL_CRMF_MSG_set1_regInfo_utf8Pairs(OSSL_CRMF_MSG *msg, + const ASN1_UTF8STRING *utf8pairs); +int OSSL_CRMF_MSG_set1_regInfo_certReq(OSSL_CRMF_MSG *msg, + const OSSL_CRMF_CERTREQUEST *cr); + +int OSSL_CRMF_MSG_set_validity(OSSL_CRMF_MSG *crm, time_t from, time_t to); +int OSSL_CRMF_MSG_set_certReqId(OSSL_CRMF_MSG *crm, int rid); +int OSSL_CRMF_MSG_get_certReqId(OSSL_CRMF_MSG *crm); +int OSSL_CRMF_MSG_set0_extensions(OSSL_CRMF_MSG *crm, X509_EXTENSIONS *exts); + +int OSSL_CRMF_MSG_push0_extension(OSSL_CRMF_MSG *crm, X509_EXTENSION *ext); +# define OSSL_CRMF_POPO_NONE -1 +# define OSSL_CRMF_POPO_RAVERIFIED 0 +# define OSSL_CRMF_POPO_SIGNATURE 1 +# define OSSL_CRMF_POPO_KEYENC 2 +# define OSSL_CRMF_POPO_KEYAGREE 3 +int OSSL_CRMF_MSG_create_popo(OSSL_CRMF_MSG *crm, EVP_PKEY *pkey, + int dgst, int ppmtd); +int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs, + int rid, int acceptRAVerified); +OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm); +ASN1_INTEGER *OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(OSSL_CRMF_CERTTEMPLATE *t); +X509_NAME *OSSL_CRMF_CERTTEMPLATE_get0_issuer(OSSL_CRMF_CERTTEMPLATE *tmpl); +X509_NAME *OSSL_CRMF_CERTID_get0_issuer(const OSSL_CRMF_CERTID *cid); +ASN1_INTEGER *OSSL_CRMF_CERTID_get0_serialNumber(const OSSL_CRMF_CERTID *cid); +int OSSL_CRMF_CERTTEMPLATE_fill(OSSL_CRMF_CERTTEMPLATE *tmpl, + EVP_PKEY *pubkey, + const X509_NAME *subject, + const X509_NAME *issuer, + const ASN1_INTEGER *serial); +X509 *OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert(OSSL_CRMF_ENCRYPTEDVALUE *ecert, + EVP_PKEY *pkey); + +# ifdef __cplusplus +} +# endif +# endif /* !defined OPENSSL_NO_CRMF */ +#endif /* !defined OPENSSL_CRMF_H */ diff --git a/linux_amd64/include/openssl/crmferr.h b/linux_amd64/include/openssl/crmferr.h new file mode 100644 index 0000000..97a3028 --- /dev/null +++ b/linux_amd64/include/openssl/crmferr.h @@ -0,0 +1,75 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_CRMFERR_H +# define OPENSSL_CRMFERR_H + +# include +# include + + +# include + +# ifndef OPENSSL_NO_CRMF + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_CRMF_strings(void); + +/* + * CRMF function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define CRMF_F_CRMF_POPOSIGNINGKEY_INIT 0 +# define CRMF_F_OSSL_CRMF_CERTID_GEN 0 +# define CRMF_F_OSSL_CRMF_CERTTEMPLATE_FILL 0 +# define CRMF_F_OSSL_CRMF_ENCRYPTEDVALUE_GET1_ENCCERT 0 +# define CRMF_F_OSSL_CRMF_MSGS_VERIFY_POPO 0 +# define CRMF_F_OSSL_CRMF_MSG_CREATE_POPO 0 +# define CRMF_F_OSSL_CRMF_MSG_GET0_TMPL 0 +# define CRMF_F_OSSL_CRMF_MSG_GET_CERTREQID 0 +# define CRMF_F_OSSL_CRMF_MSG_PKIPUBLICATIONINFO_PUSH0_SINGLEPUBINFO 0 +# define CRMF_F_OSSL_CRMF_MSG_PUSH0_EXTENSION 0 +# define CRMF_F_OSSL_CRMF_MSG_PUSH0_REGCTRL 0 +# define CRMF_F_OSSL_CRMF_MSG_PUSH0_REGINFO 0 +# define CRMF_F_OSSL_CRMF_MSG_SET0_EXTENSIONS 0 +# define CRMF_F_OSSL_CRMF_MSG_SET0_SINGLEPUBINFO 0 +# define CRMF_F_OSSL_CRMF_MSG_SET_CERTREQID 0 +# define CRMF_F_OSSL_CRMF_MSG_SET_PKIPUBLICATIONINFO_ACTION 0 +# define CRMF_F_OSSL_CRMF_MSG_SET_VALIDITY 0 +# define CRMF_F_OSSL_CRMF_PBMP_NEW 0 +# define CRMF_F_OSSL_CRMF_PBM_NEW 0 +# endif + +/* + * CRMF reason codes. + */ +# define CRMF_R_BAD_PBM_ITERATIONCOUNT 100 +# define CRMF_R_CRMFERROR 102 +# define CRMF_R_ERROR 103 +# define CRMF_R_ERROR_DECODING_CERTIFICATE 104 +# define CRMF_R_ERROR_DECRYPTING_CERTIFICATE 105 +# define CRMF_R_ERROR_DECRYPTING_SYMMETRIC_KEY 106 +# define CRMF_R_FAILURE_OBTAINING_RANDOM 107 +# define CRMF_R_ITERATIONCOUNT_BELOW_100 108 +# define CRMF_R_MALFORMED_IV 101 +# define CRMF_R_NULL_ARGUMENT 109 +# define CRMF_R_SETTING_MAC_ALGOR_FAILURE 110 +# define CRMF_R_SETTING_OWF_ALGOR_FAILURE 111 +# define CRMF_R_UNSUPPORTED_ALGORITHM 112 +# define CRMF_R_UNSUPPORTED_ALG_FOR_POPSIGNINGKEY 113 +# define CRMF_R_UNSUPPORTED_CIPHER 114 +# define CRMF_R_UNSUPPORTED_METHOD_FOR_CREATING_POPO 115 +# define CRMF_R_UNSUPPORTED_POPO_METHOD 116 +# define CRMF_R_UNSUPPORTED_POPO_NOT_ACCEPTED 117 + +# endif +#endif diff --git a/linux_amd64/include/openssl/crypto.h b/linux_amd64/include/openssl/crypto.h new file mode 100644 index 0000000..a157558 --- /dev/null +++ b/linux_amd64/include/openssl/crypto.h @@ -0,0 +1,501 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_CRYPTO_H +# define OPENSSL_CRYPTO_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_CRYPTO_H +# endif + +# include +# include + +# include + +# ifndef OPENSSL_NO_STDIO +# include +# endif + +# include +# include +# include +# include +# include + +# ifdef CHARSET_EBCDIC +# include +# endif + +/* + * Resolve problems on some operating systems with symbol names that clash + * one way or another + */ +# include + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# include +# endif + +#ifdef __cplusplus +extern "C" { +#endif + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define SSLeay OpenSSL_version_num +# define SSLeay_version OpenSSL_version +# define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER +# define SSLEAY_VERSION OPENSSL_VERSION +# define SSLEAY_CFLAGS OPENSSL_CFLAGS +# define SSLEAY_BUILT_ON OPENSSL_BUILT_ON +# define SSLEAY_PLATFORM OPENSSL_PLATFORM +# define SSLEAY_DIR OPENSSL_DIR + +/* + * Old type for allocating dynamic locks. No longer used. Use the new thread + * API instead. + */ +typedef struct { + int dummy; +} CRYPTO_dynlock; + +# endif /* OPENSSL_NO_DEPRECATED_1_1_0 */ + +typedef void CRYPTO_RWLOCK; + +CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void); +int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock); +int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock); +int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock); +void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock); + +int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock); + +/* No longer needed, so this is a no-op */ +#define OPENSSL_malloc_init() while(0) continue + +# define OPENSSL_malloc(num) \ + CRYPTO_malloc(num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_zalloc(num) \ + CRYPTO_zalloc(num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_realloc(addr, num) \ + CRYPTO_realloc(addr, num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_clear_realloc(addr, old_num, num) \ + CRYPTO_clear_realloc(addr, old_num, num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_clear_free(addr, num) \ + CRYPTO_clear_free(addr, num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_free(addr) \ + CRYPTO_free(addr, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_memdup(str, s) \ + CRYPTO_memdup((str), s, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_strdup(str) \ + CRYPTO_strdup(str, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_strndup(str, n) \ + CRYPTO_strndup(str, n, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_secure_malloc(num) \ + CRYPTO_secure_malloc(num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_secure_zalloc(num) \ + CRYPTO_secure_zalloc(num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_secure_free(addr) \ + CRYPTO_secure_free(addr, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_secure_clear_free(addr, num) \ + CRYPTO_secure_clear_free(addr, num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_secure_actual_size(ptr) \ + CRYPTO_secure_actual_size(ptr) + +size_t OPENSSL_strlcpy(char *dst, const char *src, size_t siz); +size_t OPENSSL_strlcat(char *dst, const char *src, size_t siz); +size_t OPENSSL_strnlen(const char *str, size_t maxlen); +int OPENSSL_buf2hexstr_ex(char *str, size_t str_n, size_t *strlen, + const unsigned char *buf, size_t buflen); +char *OPENSSL_buf2hexstr(const unsigned char *buf, long buflen); +int OPENSSL_hexstr2buf_ex(unsigned char *buf, size_t buf_n, size_t *buflen, + const char *str); +unsigned char *OPENSSL_hexstr2buf(const char *str, long *buflen); +int OPENSSL_hexchar2int(unsigned char c); + +# define OPENSSL_MALLOC_MAX_NELEMS(type) (((1U<<(sizeof(int)*8-1))-1)/sizeof(type)) + +/* + * These functions return the values of OPENSSL_VERSION_MAJOR, + * OPENSSL_VERSION_MINOR, OPENSSL_VERSION_PATCH, OPENSSL_VERSION_PRE_RELEASE + * and OPENSSL_VERSION_BUILD_METADATA, respectively. + */ +unsigned int OPENSSL_version_major(void); +unsigned int OPENSSL_version_minor(void); +unsigned int OPENSSL_version_patch(void); +const char *OPENSSL_version_pre_release(void); +const char *OPENSSL_version_build_metadata(void); + +unsigned long OpenSSL_version_num(void); +const char *OpenSSL_version(int type); +# define OPENSSL_VERSION 0 +# define OPENSSL_CFLAGS 1 +# define OPENSSL_BUILT_ON 2 +# define OPENSSL_PLATFORM 3 +# define OPENSSL_DIR 4 +# define OPENSSL_ENGINES_DIR 5 +# define OPENSSL_VERSION_STRING 6 +# define OPENSSL_FULL_VERSION_STRING 7 +# define OPENSSL_MODULES_DIR 8 +# define OPENSSL_CPU_INFO 9 + +const char *OPENSSL_info(int type); +/* + * The series starts at 1001 to avoid confusion with the OpenSSL_version + * types. + */ +# define OPENSSL_INFO_CONFIG_DIR 1001 +# define OPENSSL_INFO_ENGINES_DIR 1002 +# define OPENSSL_INFO_MODULES_DIR 1003 +# define OPENSSL_INFO_DSO_EXTENSION 1004 +# define OPENSSL_INFO_DIR_FILENAME_SEPARATOR 1005 +# define OPENSSL_INFO_LIST_SEPARATOR 1006 +# define OPENSSL_INFO_SEED_SOURCE 1007 +# define OPENSSL_INFO_CPU_SETTINGS 1008 + +int OPENSSL_issetugid(void); + +struct crypto_ex_data_st { + OPENSSL_CTX *ctx; + STACK_OF(void) *sk; +}; +DEFINE_STACK_OF(void) + +/* + * Per class, we have a STACK of function pointers. + */ +# define CRYPTO_EX_INDEX_SSL 0 +# define CRYPTO_EX_INDEX_SSL_CTX 1 +# define CRYPTO_EX_INDEX_SSL_SESSION 2 +# define CRYPTO_EX_INDEX_X509 3 +# define CRYPTO_EX_INDEX_X509_STORE 4 +# define CRYPTO_EX_INDEX_X509_STORE_CTX 5 +# define CRYPTO_EX_INDEX_DH 6 +# define CRYPTO_EX_INDEX_DSA 7 +# define CRYPTO_EX_INDEX_EC_KEY 8 +# define CRYPTO_EX_INDEX_RSA 9 +# define CRYPTO_EX_INDEX_ENGINE 10 +# define CRYPTO_EX_INDEX_UI 11 +# define CRYPTO_EX_INDEX_BIO 12 +# define CRYPTO_EX_INDEX_APP 13 +# define CRYPTO_EX_INDEX_UI_METHOD 14 +# define CRYPTO_EX_INDEX_RAND_DRBG 15 +# define CRYPTO_EX_INDEX_DRBG CRYPTO_EX_INDEX_RAND_DRBG +# define CRYPTO_EX_INDEX_OPENSSL_CTX 16 +# define CRYPTO_EX_INDEX__COUNT 17 + +typedef void CRYPTO_EX_new (void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp); +typedef void CRYPTO_EX_free (void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp); +typedef int CRYPTO_EX_dup (CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, + void *from_d, int idx, long argl, void *argp); +__owur int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp, + CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, + CRYPTO_EX_free *free_func); +/* No longer use an index. */ +int CRYPTO_free_ex_index(int class_index, int idx); + +/* + * Initialise/duplicate/free CRYPTO_EX_DATA variables corresponding to a + * given class (invokes whatever per-class callbacks are applicable) + */ +int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad); +int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, + const CRYPTO_EX_DATA *from); + +void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad); + +/* Allocate a single item in the CRYPTO_EX_DATA variable */ +int CRYPTO_alloc_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad, + int idx); + +/* + * Get/set data in a CRYPTO_EX_DATA variable corresponding to a particular + * index (relative to the class type involved) + */ +int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val); +void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx); + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +/* + * This function cleans up all "ex_data" state. It mustn't be called under + * potential race-conditions. + */ +# define CRYPTO_cleanup_all_ex_data() while(0) continue + +/* + * The old locking functions have been removed completely without compatibility + * macros. This is because the old functions either could not properly report + * errors, or the returned error values were not clearly documented. + * Replacing the locking functions with no-ops would cause race condition + * issues in the affected applications. It is far better for them to fail at + * compile time. + * On the other hand, the locking callbacks are no longer used. Consequently, + * the callback management functions can be safely replaced with no-op macros. + */ +# define CRYPTO_num_locks() (1) +# define CRYPTO_set_locking_callback(func) +# define CRYPTO_get_locking_callback() (NULL) +# define CRYPTO_set_add_lock_callback(func) +# define CRYPTO_get_add_lock_callback() (NULL) + +/* + * These defines where used in combination with the old locking callbacks, + * they are not called anymore, but old code that's not called might still + * use them. + */ +# define CRYPTO_LOCK 1 +# define CRYPTO_UNLOCK 2 +# define CRYPTO_READ 4 +# define CRYPTO_WRITE 8 + +/* This structure is no longer used */ +typedef struct crypto_threadid_st { + int dummy; +} CRYPTO_THREADID; +/* Only use CRYPTO_THREADID_set_[numeric|pointer]() within callbacks */ +# define CRYPTO_THREADID_set_numeric(id, val) +# define CRYPTO_THREADID_set_pointer(id, ptr) +# define CRYPTO_THREADID_set_callback(threadid_func) (0) +# define CRYPTO_THREADID_get_callback() (NULL) +# define CRYPTO_THREADID_current(id) +# define CRYPTO_THREADID_cmp(a, b) (-1) +# define CRYPTO_THREADID_cpy(dest, src) +# define CRYPTO_THREADID_hash(id) (0UL) + +# ifndef OPENSSL_NO_DEPRECATED_1_0_0 +# define CRYPTO_set_id_callback(func) +# define CRYPTO_get_id_callback() (NULL) +# define CRYPTO_thread_id() (0UL) +# endif /* OPENSSL_NO_DEPRECATED_1_0_0 */ + +# define CRYPTO_set_dynlock_create_callback(dyn_create_function) +# define CRYPTO_set_dynlock_lock_callback(dyn_lock_function) +# define CRYPTO_set_dynlock_destroy_callback(dyn_destroy_function) +# define CRYPTO_get_dynlock_create_callback() (NULL) +# define CRYPTO_get_dynlock_lock_callback() (NULL) +# define CRYPTO_get_dynlock_destroy_callback() (NULL) +# endif /* OPENSSL_NO_DEPRECATED_1_1_0 */ + +typedef void *(*CRYPTO_malloc_fn)(size_t num, const char *file, int line); +typedef void *(*CRYPTO_realloc_fn)(void *addr, size_t num, const char *file, + int line); +typedef void (*CRYPTO_free_fn)(void *addr, const char *file, int line); +int CRYPTO_set_mem_functions(CRYPTO_malloc_fn malloc_fn, + CRYPTO_realloc_fn realloc_fn, + CRYPTO_free_fn free_fn); +void CRYPTO_get_mem_functions(CRYPTO_malloc_fn *malloc_fn, + CRYPTO_realloc_fn *realloc_fn, + CRYPTO_free_fn *free_fn); + +void *CRYPTO_malloc(size_t num, const char *file, int line); +void *CRYPTO_zalloc(size_t num, const char *file, int line); +void *CRYPTO_memdup(const void *str, size_t siz, const char *file, int line); +char *CRYPTO_strdup(const char *str, const char *file, int line); +char *CRYPTO_strndup(const char *str, size_t s, const char *file, int line); +void CRYPTO_free(void *ptr, const char *file, int line); +void CRYPTO_clear_free(void *ptr, size_t num, const char *file, int line); +void *CRYPTO_realloc(void *addr, size_t num, const char *file, int line); +void *CRYPTO_clear_realloc(void *addr, size_t old_num, size_t num, + const char *file, int line); + +int CRYPTO_secure_malloc_init(size_t sz, size_t minsize); +int CRYPTO_secure_malloc_done(void); +void *CRYPTO_secure_malloc(size_t num, const char *file, int line); +void *CRYPTO_secure_zalloc(size_t num, const char *file, int line); +void CRYPTO_secure_free(void *ptr, const char *file, int line); +void CRYPTO_secure_clear_free(void *ptr, size_t num, + const char *file, int line); +int CRYPTO_secure_allocated(const void *ptr); +int CRYPTO_secure_malloc_initialized(void); +size_t CRYPTO_secure_actual_size(void *ptr); +size_t CRYPTO_secure_used(void); + +void OPENSSL_cleanse(void *ptr, size_t len); + +# ifndef OPENSSL_NO_CRYPTO_MDEBUG +/* + * The following can be used to detect memory leaks in the library. If + * used, it turns on malloc checking + */ +# define CRYPTO_MEM_CHECK_OFF 0x0 /* Control only */ +# define CRYPTO_MEM_CHECK_ON 0x1 /* Control and mode bit */ +# define CRYPTO_MEM_CHECK_ENABLE 0x2 /* Control and mode bit */ +# define CRYPTO_MEM_CHECK_DISABLE 0x3 /* Control only */ + +void CRYPTO_get_alloc_counts(int *mcount, int *rcount, int *fcount); +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define OPENSSL_mem_debug_push(info) \ + CRYPTO_mem_debug_push(info, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_mem_debug_pop() \ + CRYPTO_mem_debug_pop() +# endif +DEPRECATEDIN_3_0(int CRYPTO_set_mem_debug(int flag)) +DEPRECATEDIN_3_0(int CRYPTO_mem_ctrl(int mode)) +DEPRECATEDIN_3_0(int CRYPTO_mem_debug_push(const char *info, + const char *file, int line)) +DEPRECATEDIN_3_0(int CRYPTO_mem_debug_pop(void)) + +DEPRECATEDIN_3_0(void CRYPTO_mem_debug_malloc(void *addr, size_t num, + int flag, + const char *file, int line)) +DEPRECATEDIN_3_0(void CRYPTO_mem_debug_realloc(void *addr1, void *addr2, + size_t num, int flag, + const char *file, int line)) +DEPRECATEDIN_3_0(void CRYPTO_mem_debug_free(void *addr, int flag, + const char *file, int line)) + +DEPRECATEDIN_3_0(int CRYPTO_mem_leaks_cb( + int (*cb)(const char *str, size_t len, void *u), void *u)) +# ifndef OPENSSL_NO_STDIO +DEPRECATEDIN_3_0(int CRYPTO_mem_leaks_fp(FILE *)) +# endif +DEPRECATEDIN_3_0(int CRYPTO_mem_leaks(BIO *bio)) +# endif /* OPENSSL_NO_CRYPTO_MDEBUG */ + +/* die if we have to */ +ossl_noreturn void OPENSSL_die(const char *assertion, const char *file, int line); +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define OpenSSLDie(f,l,a) OPENSSL_die((a),(f),(l)) +# endif +# define OPENSSL_assert(e) \ + (void)((e) ? 0 : (OPENSSL_die("assertion failed: " #e, OPENSSL_FILE, OPENSSL_LINE), 1)) + +int OPENSSL_isservice(void); + +int FIPS_mode(void); +int FIPS_mode_set(int r); + +void OPENSSL_init(void); +# ifdef OPENSSL_SYS_UNIX +void OPENSSL_fork_prepare(void); +void OPENSSL_fork_parent(void); +void OPENSSL_fork_child(void); +# endif + +struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result); +int OPENSSL_gmtime_adj(struct tm *tm, int offset_day, long offset_sec); +int OPENSSL_gmtime_diff(int *pday, int *psec, + const struct tm *from, const struct tm *to); + +/* + * CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. + * It takes an amount of time dependent on |len|, but independent of the + * contents of |a| and |b|. Unlike memcmp, it cannot be used to put elements + * into a defined order as the return value when a != b is undefined, other + * than to be non-zero. + */ +int CRYPTO_memcmp(const void * in_a, const void * in_b, size_t len); + +/* Standard initialisation options */ +# define OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS 0x00000001L +# define OPENSSL_INIT_LOAD_CRYPTO_STRINGS 0x00000002L +# define OPENSSL_INIT_ADD_ALL_CIPHERS 0x00000004L +# define OPENSSL_INIT_ADD_ALL_DIGESTS 0x00000008L +# define OPENSSL_INIT_NO_ADD_ALL_CIPHERS 0x00000010L +# define OPENSSL_INIT_NO_ADD_ALL_DIGESTS 0x00000020L +# define OPENSSL_INIT_LOAD_CONFIG 0x00000040L +# define OPENSSL_INIT_NO_LOAD_CONFIG 0x00000080L +# define OPENSSL_INIT_ASYNC 0x00000100L +# define OPENSSL_INIT_ENGINE_RDRAND 0x00000200L +# define OPENSSL_INIT_ENGINE_DYNAMIC 0x00000400L +# define OPENSSL_INIT_ENGINE_OPENSSL 0x00000800L +# define OPENSSL_INIT_ENGINE_CRYPTODEV 0x00001000L +# define OPENSSL_INIT_ENGINE_CAPI 0x00002000L +# define OPENSSL_INIT_ENGINE_PADLOCK 0x00004000L +# define OPENSSL_INIT_ENGINE_AFALG 0x00008000L +/* OPENSSL_INIT_ZLIB 0x00010000L */ +# define OPENSSL_INIT_ATFORK 0x00020000L +/* OPENSSL_INIT_BASE_ONLY 0x00040000L */ +# define OPENSSL_INIT_NO_ATEXIT 0x00080000L +/* OPENSSL_INIT flag range 0x03f00000 reserved for OPENSSL_init_ssl() */ +/* FREE: 0x04000000L */ +/* FREE: 0x08000000L */ +/* FREE: 0x10000000L */ +/* FREE: 0x20000000L */ +/* FREE: 0x40000000L */ +/* FREE: 0x80000000L */ +/* Max OPENSSL_INIT flag value is 0x80000000 */ + +/* openssl and dasync not counted as builtin */ +# define OPENSSL_INIT_ENGINE_ALL_BUILTIN \ + (OPENSSL_INIT_ENGINE_RDRAND | OPENSSL_INIT_ENGINE_DYNAMIC \ + | OPENSSL_INIT_ENGINE_CRYPTODEV | OPENSSL_INIT_ENGINE_CAPI | \ + OPENSSL_INIT_ENGINE_PADLOCK) + + +/* Library initialisation functions */ +void OPENSSL_cleanup(void); +int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); +int OPENSSL_atexit(void (*handler)(void)); +void OPENSSL_thread_stop(void); +void OPENSSL_thread_stop_ex(OPENSSL_CTX *ctx); + +/* Low-level control of initialization */ +OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void); +# ifndef OPENSSL_NO_STDIO +int OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *settings, + const char *config_filename); +void OPENSSL_INIT_set_config_file_flags(OPENSSL_INIT_SETTINGS *settings, + unsigned long flags); +int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *settings, + const char *config_appname); +# endif +void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *settings); + +# if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG) +# if defined(_WIN32) +# if defined(BASETYPES) || defined(_WINDEF_H) +/* application has to include in order to use this */ +typedef DWORD CRYPTO_THREAD_LOCAL; +typedef DWORD CRYPTO_THREAD_ID; + +typedef LONG CRYPTO_ONCE; +# define CRYPTO_ONCE_STATIC_INIT 0 +# endif +# else +# include +typedef pthread_once_t CRYPTO_ONCE; +typedef pthread_key_t CRYPTO_THREAD_LOCAL; +typedef pthread_t CRYPTO_THREAD_ID; + +# define CRYPTO_ONCE_STATIC_INIT PTHREAD_ONCE_INIT +# endif +# endif + +# if !defined(CRYPTO_ONCE_STATIC_INIT) +typedef unsigned int CRYPTO_ONCE; +typedef unsigned int CRYPTO_THREAD_LOCAL; +typedef unsigned int CRYPTO_THREAD_ID; +# define CRYPTO_ONCE_STATIC_INIT 0 +# endif + +int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void)); + +int CRYPTO_THREAD_init_local(CRYPTO_THREAD_LOCAL *key, void (*cleanup)(void *)); +void *CRYPTO_THREAD_get_local(CRYPTO_THREAD_LOCAL *key); +int CRYPTO_THREAD_set_local(CRYPTO_THREAD_LOCAL *key, void *val); +int CRYPTO_THREAD_cleanup_local(CRYPTO_THREAD_LOCAL *key); + +CRYPTO_THREAD_ID CRYPTO_THREAD_get_current_id(void); +int CRYPTO_THREAD_compare_id(CRYPTO_THREAD_ID a, CRYPTO_THREAD_ID b); + +OPENSSL_CTX *OPENSSL_CTX_new(void); +void OPENSSL_CTX_free(OPENSSL_CTX *); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/linux_amd64/include/openssl/cryptoerr.h b/linux_amd64/include/openssl/cryptoerr.h new file mode 100644 index 0000000..ae146c4 --- /dev/null +++ b/linux_amd64/include/openssl/cryptoerr.h @@ -0,0 +1,105 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_CRYPTOERR_H +# define OPENSSL_CRYPTOERR_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_CRYPTOERR_H +# endif + +# include +# include + + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_CRYPTO_strings(void); + +/* + * CRYPTO function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define CRYPTO_F_CMAC_CTX_NEW 0 +# define CRYPTO_F_CRYPTO_DUP_EX_DATA 0 +# define CRYPTO_F_CRYPTO_FREE_EX_DATA 0 +# define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX 0 +# define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX_EX 0 +# define CRYPTO_F_CRYPTO_MEMDUP 0 +# define CRYPTO_F_CRYPTO_NEW_EX_DATA 0 +# define CRYPTO_F_CRYPTO_NEW_EX_DATA_EX 0 +# define CRYPTO_F_CRYPTO_OCB128_COPY_CTX 0 +# define CRYPTO_F_CRYPTO_OCB128_INIT 0 +# define CRYPTO_F_CRYPTO_SET_EX_DATA 0 +# define CRYPTO_F_FIPS_MODE_SET 0 +# define CRYPTO_F_GET_AND_LOCK 0 +# define CRYPTO_F_GET_PROVIDER_STORE 0 +# define CRYPTO_F_OPENSSL_ATEXIT 0 +# define CRYPTO_F_OPENSSL_BUF2HEXSTR 0 +# define CRYPTO_F_OPENSSL_BUF2HEXSTR_EX 0 +# define CRYPTO_F_OPENSSL_FOPEN 0 +# define CRYPTO_F_OPENSSL_HEXSTR2BUF 0 +# define CRYPTO_F_OPENSSL_HEXSTR2BUF_EX 0 +# define CRYPTO_F_OPENSSL_INIT_CRYPTO 0 +# define CRYPTO_F_OPENSSL_LH_NEW 0 +# define CRYPTO_F_OPENSSL_SK_DEEP_COPY 0 +# define CRYPTO_F_OPENSSL_SK_DUP 0 +# define CRYPTO_F_OSSL_PARAM_BLD_PUSH_BN 0 +# define CRYPTO_F_OSSL_PARAM_BLD_PUSH_OCTET_PTR 0 +# define CRYPTO_F_OSSL_PARAM_BLD_PUSH_OCTET_STRING 0 +# define CRYPTO_F_OSSL_PARAM_BLD_PUSH_UTF8_PTR 0 +# define CRYPTO_F_OSSL_PARAM_BLD_PUSH_UTF8_STRING 0 +# define CRYPTO_F_OSSL_PARAM_BLD_TO_PARAM 0 +# define CRYPTO_F_OSSL_PARAM_BLD_TO_PARAM_EX 0 +# define CRYPTO_F_OSSL_PARAM_TYPE_TO_PARAM 0 +# define CRYPTO_F_OSSL_PROVIDER_ACTIVATE 0 +# define CRYPTO_F_OSSL_PROVIDER_ADD_BUILTIN 0 +# define CRYPTO_F_OSSL_PROVIDER_ADD_PARAMETER 0 +# define CRYPTO_F_OSSL_PROVIDER_NEW 0 +# define CRYPTO_F_OSSL_PROVIDER_SET_MODULE_PATH 0 +# define CRYPTO_F_PARAM_PUSH 0 +# define CRYPTO_F_PARAM_PUSH_NUM 0 +# define CRYPTO_F_PKEY_HMAC_INIT 0 +# define CRYPTO_F_PKEY_POLY1305_INIT 0 +# define CRYPTO_F_PKEY_SIPHASH_INIT 0 +# define CRYPTO_F_PROVIDER_ACTIVATE 0 +# define CRYPTO_F_PROVIDER_CONF_INIT 0 +# define CRYPTO_F_PROVIDER_CONF_LOAD 0 +# define CRYPTO_F_PROVIDER_NEW 0 +# define CRYPTO_F_PROVIDER_STORE_NEW 0 +# define CRYPTO_F_SK_RESERVE 0 +# endif + +/* + * CRYPTO reason codes. + */ +# define CRYPTO_R_BAD_ALGORITHM_NAME 117 +# define CRYPTO_R_CONFLICTING_NAMES 118 +# define CRYPTO_R_FIPS_MODE_NOT_SUPPORTED 101 +# define CRYPTO_R_ILLEGAL_HEX_DIGIT 102 +# define CRYPTO_R_INSUFFICIENT_DATA_SPACE 106 +# define CRYPTO_R_INSUFFICIENT_PARAM_SIZE 107 +# define CRYPTO_R_INSUFFICIENT_SECURE_DATA_SPACE 108 +# define CRYPTO_R_INVALID_NULL_ARGUMENT 109 +# define CRYPTO_R_INVALID_OSSL_PARAM_TYPE 110 +# define CRYPTO_R_ODD_NUMBER_OF_DIGITS 103 +# define CRYPTO_R_PROVIDER_ALREADY_EXISTS 104 +# define CRYPTO_R_PROVIDER_SECTION_ERROR 105 +# define CRYPTO_R_SECURE_MALLOC_FAILURE 111 +# define CRYPTO_R_STRING_TOO_LONG 112 +# define CRYPTO_R_TOO_MANY_BYTES 113 +# define CRYPTO_R_TOO_MANY_RECORDS 114 +# define CRYPTO_R_TOO_SMALL_BUFFER 116 +# define CRYPTO_R_ZERO_LENGTH_NUMBER 115 + +#endif diff --git a/linux_amd64/include/openssl/ct.h b/linux_amd64/include/openssl/ct.h new file mode 100644 index 0000000..b7c211d --- /dev/null +++ b/linux_amd64/include/openssl/ct.h @@ -0,0 +1,480 @@ +/* + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_CT_H +# define OPENSSL_CT_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_CT_H +# endif + +# include + +# ifndef OPENSSL_NO_CT +# include +# include +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + + +/* Minimum RSA key size, from RFC6962 */ +# define SCT_MIN_RSA_BITS 2048 + +/* All hashes are SHA256 in v1 of Certificate Transparency */ +# define CT_V1_HASHLEN SHA256_DIGEST_LENGTH + +typedef enum { + CT_LOG_ENTRY_TYPE_NOT_SET = -1, + CT_LOG_ENTRY_TYPE_X509 = 0, + CT_LOG_ENTRY_TYPE_PRECERT = 1 +} ct_log_entry_type_t; + +typedef enum { + SCT_VERSION_NOT_SET = -1, + SCT_VERSION_V1 = 0 +} sct_version_t; + +typedef enum { + SCT_SOURCE_UNKNOWN, + SCT_SOURCE_TLS_EXTENSION, + SCT_SOURCE_X509V3_EXTENSION, + SCT_SOURCE_OCSP_STAPLED_RESPONSE +} sct_source_t; + +typedef enum { + SCT_VALIDATION_STATUS_NOT_SET, + SCT_VALIDATION_STATUS_UNKNOWN_LOG, + SCT_VALIDATION_STATUS_VALID, + SCT_VALIDATION_STATUS_INVALID, + SCT_VALIDATION_STATUS_UNVERIFIED, + SCT_VALIDATION_STATUS_UNKNOWN_VERSION +} sct_validation_status_t; + +DEFINE_STACK_OF(SCT) +DEFINE_STACK_OF(CTLOG) + +/****************************************** + * CT policy evaluation context functions * + ******************************************/ + +/* + * Creates a new, empty policy evaluation context. + * The caller is responsible for calling CT_POLICY_EVAL_CTX_free when finished + * with the CT_POLICY_EVAL_CTX. + */ +CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void); + +/* Deletes a policy evaluation context and anything it owns. */ +void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx); + +/* Gets the peer certificate that the SCTs are for */ +X509* CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx); + +/* + * Sets the certificate associated with the received SCTs. + * Increments the reference count of cert. + * Returns 1 on success, 0 otherwise. + */ +int CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert); + +/* Gets the issuer of the aforementioned certificate */ +X509* CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx); + +/* + * Sets the issuer of the certificate associated with the received SCTs. + * Increments the reference count of issuer. + * Returns 1 on success, 0 otherwise. + */ +int CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer); + +/* Gets the CT logs that are trusted sources of SCTs */ +const CTLOG_STORE *CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX *ctx); + +/* Sets the log store that is in use. It must outlive the CT_POLICY_EVAL_CTX. */ +void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx, + CTLOG_STORE *log_store); + +/* + * Gets the time, in milliseconds since the Unix epoch, that will be used as the + * current time when checking whether an SCT was issued in the future. + * Such SCTs will fail validation, as required by RFC6962. + */ +uint64_t CT_POLICY_EVAL_CTX_get_time(const CT_POLICY_EVAL_CTX *ctx); + +/* + * Sets the time to evaluate SCTs against, in milliseconds since the Unix epoch. + * If an SCT's timestamp is after this time, it will be interpreted as having + * been issued in the future. RFC6962 states that "TLS clients MUST reject SCTs + * whose timestamp is in the future", so an SCT will not validate in this case. + */ +void CT_POLICY_EVAL_CTX_set_time(CT_POLICY_EVAL_CTX *ctx, uint64_t time_in_ms); + +/***************** + * SCT functions * + *****************/ + +/* + * Creates a new, blank SCT. + * The caller is responsible for calling SCT_free when finished with the SCT. + */ +SCT *SCT_new(void); + +/* + * Creates a new SCT from some base64-encoded strings. + * The caller is responsible for calling SCT_free when finished with the SCT. + */ +SCT *SCT_new_from_base64(unsigned char version, + const char *logid_base64, + ct_log_entry_type_t entry_type, + uint64_t timestamp, + const char *extensions_base64, + const char *signature_base64); + +/* + * Frees the SCT and the underlying data structures. + */ +void SCT_free(SCT *sct); + +/* + * Free a stack of SCTs, and the underlying SCTs themselves. + * Intended to be compatible with X509V3_EXT_FREE. + */ +void SCT_LIST_free(STACK_OF(SCT) *a); + +/* + * Returns the version of the SCT. + */ +sct_version_t SCT_get_version(const SCT *sct); + +/* + * Set the version of an SCT. + * Returns 1 on success, 0 if the version is unrecognized. + */ +__owur int SCT_set_version(SCT *sct, sct_version_t version); + +/* + * Returns the log entry type of the SCT. + */ +ct_log_entry_type_t SCT_get_log_entry_type(const SCT *sct); + +/* + * Set the log entry type of an SCT. + * Returns 1 on success, 0 otherwise. + */ +__owur int SCT_set_log_entry_type(SCT *sct, ct_log_entry_type_t entry_type); + +/* + * Gets the ID of the log that an SCT came from. + * Ownership of the log ID remains with the SCT. + * Returns the length of the log ID. + */ +size_t SCT_get0_log_id(const SCT *sct, unsigned char **log_id); + +/* + * Set the log ID of an SCT to point directly to the *log_id specified. + * The SCT takes ownership of the specified pointer. + * Returns 1 on success, 0 otherwise. + */ +__owur int SCT_set0_log_id(SCT *sct, unsigned char *log_id, size_t log_id_len); + +/* + * Set the log ID of an SCT. + * This makes a copy of the log_id. + * Returns 1 on success, 0 otherwise. + */ +__owur int SCT_set1_log_id(SCT *sct, const unsigned char *log_id, + size_t log_id_len); + +/* + * Returns the timestamp for the SCT (epoch time in milliseconds). + */ +uint64_t SCT_get_timestamp(const SCT *sct); + +/* + * Set the timestamp of an SCT (epoch time in milliseconds). + */ +void SCT_set_timestamp(SCT *sct, uint64_t timestamp); + +/* + * Return the NID for the signature used by the SCT. + * For CT v1, this will be either NID_sha256WithRSAEncryption or + * NID_ecdsa_with_SHA256 (or NID_undef if incorrect/unset). + */ +int SCT_get_signature_nid(const SCT *sct); + +/* + * Set the signature type of an SCT + * For CT v1, this should be either NID_sha256WithRSAEncryption or + * NID_ecdsa_with_SHA256. + * Returns 1 on success, 0 otherwise. + */ +__owur int SCT_set_signature_nid(SCT *sct, int nid); + +/* + * Set *ext to point to the extension data for the SCT. ext must not be NULL. + * The SCT retains ownership of this pointer. + * Returns length of the data pointed to. + */ +size_t SCT_get0_extensions(const SCT *sct, unsigned char **ext); + +/* + * Set the extensions of an SCT to point directly to the *ext specified. + * The SCT takes ownership of the specified pointer. + */ +void SCT_set0_extensions(SCT *sct, unsigned char *ext, size_t ext_len); + +/* + * Set the extensions of an SCT. + * This takes a copy of the ext. + * Returns 1 on success, 0 otherwise. + */ +__owur int SCT_set1_extensions(SCT *sct, const unsigned char *ext, + size_t ext_len); + +/* + * Set *sig to point to the signature for the SCT. sig must not be NULL. + * The SCT retains ownership of this pointer. + * Returns length of the data pointed to. + */ +size_t SCT_get0_signature(const SCT *sct, unsigned char **sig); + +/* + * Set the signature of an SCT to point directly to the *sig specified. + * The SCT takes ownership of the specified pointer. + */ +void SCT_set0_signature(SCT *sct, unsigned char *sig, size_t sig_len); + +/* + * Set the signature of an SCT to be a copy of the *sig specified. + * Returns 1 on success, 0 otherwise. + */ +__owur int SCT_set1_signature(SCT *sct, const unsigned char *sig, + size_t sig_len); + +/* + * The origin of this SCT, e.g. TLS extension, OCSP response, etc. + */ +sct_source_t SCT_get_source(const SCT *sct); + +/* + * Set the origin of this SCT, e.g. TLS extension, OCSP response, etc. + * Returns 1 on success, 0 otherwise. + */ +__owur int SCT_set_source(SCT *sct, sct_source_t source); + +/* + * Returns a text string describing the validation status of |sct|. + */ +const char *SCT_validation_status_string(const SCT *sct); + +/* + * Pretty-prints an |sct| to |out|. + * It will be indented by the number of spaces specified by |indent|. + * If |logs| is not NULL, it will be used to lookup the CT log that the SCT came + * from, so that the log name can be printed. + */ +void SCT_print(const SCT *sct, BIO *out, int indent, const CTLOG_STORE *logs); + +/* + * Pretty-prints an |sct_list| to |out|. + * It will be indented by the number of spaces specified by |indent|. + * SCTs will be delimited by |separator|. + * If |logs| is not NULL, it will be used to lookup the CT log that each SCT + * came from, so that the log names can be printed. + */ +void SCT_LIST_print(const STACK_OF(SCT) *sct_list, BIO *out, int indent, + const char *separator, const CTLOG_STORE *logs); + +/* + * Gets the last result of validating this SCT. + * If it has not been validated yet, returns SCT_VALIDATION_STATUS_NOT_SET. + */ +sct_validation_status_t SCT_get_validation_status(const SCT *sct); + +/* + * Validates the given SCT with the provided context. + * Sets the "validation_status" field of the SCT. + * Returns 1 if the SCT is valid and the signature verifies. + * Returns 0 if the SCT is invalid or could not be verified. + * Returns -1 if an error occurs. + */ +__owur int SCT_validate(SCT *sct, const CT_POLICY_EVAL_CTX *ctx); + +/* + * Validates the given list of SCTs with the provided context. + * Sets the "validation_status" field of each SCT. + * Returns 1 if there are no invalid SCTs and all signatures verify. + * Returns 0 if at least one SCT is invalid or could not be verified. + * Returns a negative integer if an error occurs. + */ +__owur int SCT_LIST_validate(const STACK_OF(SCT) *scts, + CT_POLICY_EVAL_CTX *ctx); + + +/********************************* + * SCT parsing and serialisation * + *********************************/ + +/* + * Serialize (to TLS format) a stack of SCTs and return the length. + * "a" must not be NULL. + * If "pp" is NULL, just return the length of what would have been serialized. + * If "pp" is not NULL and "*pp" is null, function will allocate a new pointer + * for data that caller is responsible for freeing (only if function returns + * successfully). + * If "pp" is NULL and "*pp" is not NULL, caller is responsible for ensuring + * that "*pp" is large enough to accept all of the serialized data. + * Returns < 0 on error, >= 0 indicating bytes written (or would have been) + * on success. + */ +__owur int i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp); + +/* + * Convert TLS format SCT list to a stack of SCTs. + * If "a" or "*a" is NULL, a new stack will be created that the caller is + * responsible for freeing (by calling SCT_LIST_free). + * "**pp" and "*pp" must not be NULL. + * Upon success, "*pp" will point to after the last bytes read, and a stack + * will be returned. + * Upon failure, a NULL pointer will be returned, and the position of "*pp" is + * not defined. + */ +STACK_OF(SCT) *o2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, + size_t len); + +/* + * Serialize (to DER format) a stack of SCTs and return the length. + * "a" must not be NULL. + * If "pp" is NULL, just returns the length of what would have been serialized. + * If "pp" is not NULL and "*pp" is null, function will allocate a new pointer + * for data that caller is responsible for freeing (only if function returns + * successfully). + * If "pp" is NULL and "*pp" is not NULL, caller is responsible for ensuring + * that "*pp" is large enough to accept all of the serialized data. + * Returns < 0 on error, >= 0 indicating bytes written (or would have been) + * on success. + */ +__owur int i2d_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp); + +/* + * Parses an SCT list in DER format and returns it. + * If "a" or "*a" is NULL, a new stack will be created that the caller is + * responsible for freeing (by calling SCT_LIST_free). + * "**pp" and "*pp" must not be NULL. + * Upon success, "*pp" will point to after the last bytes read, and a stack + * will be returned. + * Upon failure, a NULL pointer will be returned, and the position of "*pp" is + * not defined. + */ +STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, + long len); + +/* + * Serialize (to TLS format) an |sct| and write it to |out|. + * If |out| is null, no SCT will be output but the length will still be returned. + * If |out| points to a null pointer, a string will be allocated to hold the + * TLS-format SCT. It is the responsibility of the caller to free it. + * If |out| points to an allocated string, the TLS-format SCT will be written + * to it. + * The length of the SCT in TLS format will be returned. + */ +__owur int i2o_SCT(const SCT *sct, unsigned char **out); + +/* + * Parses an SCT in TLS format and returns it. + * If |psct| is not null, it will end up pointing to the parsed SCT. If it + * already points to a non-null pointer, the pointer will be free'd. + * |in| should be a pointer to a string containing the TLS-format SCT. + * |in| will be advanced to the end of the SCT if parsing succeeds. + * |len| should be the length of the SCT in |in|. + * Returns NULL if an error occurs. + * If the SCT is an unsupported version, only the SCT's 'sct' and 'sct_len' + * fields will be populated (with |in| and |len| respectively). + */ +SCT *o2i_SCT(SCT **psct, const unsigned char **in, size_t len); + +/******************** + * CT log functions * + ********************/ + +/* + * Creates a new CT log instance with the given |public_key| and |name|. + * Takes ownership of |public_key| but copies |name|. + * Returns NULL if malloc fails or if |public_key| cannot be converted to DER. + * Should be deleted by the caller using CTLOG_free when no longer needed. + */ +CTLOG *CTLOG_new(EVP_PKEY *public_key, const char *name); + +/* + * Creates a new CTLOG instance with the base64-encoded SubjectPublicKeyInfo DER + * in |pkey_base64|. The |name| is a string to help users identify this log. + * Returns 1 on success, 0 on failure. + * Should be deleted by the caller using CTLOG_free when no longer needed. + */ +int CTLOG_new_from_base64(CTLOG ** ct_log, + const char *pkey_base64, const char *name); + +/* + * Deletes a CT log instance and its fields. + */ +void CTLOG_free(CTLOG *log); + +/* Gets the name of the CT log */ +const char *CTLOG_get0_name(const CTLOG *log); +/* Gets the ID of the CT log */ +void CTLOG_get0_log_id(const CTLOG *log, const uint8_t **log_id, + size_t *log_id_len); +/* Gets the public key of the CT log */ +EVP_PKEY *CTLOG_get0_public_key(const CTLOG *log); + +/************************** + * CT log store functions * + **************************/ + +/* + * Creates a new CT log store. + * Should be deleted by the caller using CTLOG_STORE_free when no longer needed. + */ +CTLOG_STORE *CTLOG_STORE_new(void); + +/* + * Deletes a CT log store and all of the CT log instances held within. + */ +void CTLOG_STORE_free(CTLOG_STORE *store); + +/* + * Finds a CT log in the store based on its log ID. + * Returns the CT log, or NULL if no match is found. + */ +const CTLOG *CTLOG_STORE_get0_log_by_id(const CTLOG_STORE *store, + const uint8_t *log_id, + size_t log_id_len); + +/* + * Loads a CT log list into a |store| from a |file|. + * Returns 1 if loading is successful, or 0 otherwise. + */ +__owur int CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file); + +/* + * Loads the default CT log list into a |store|. + * Returns 1 if loading is successful, or 0 otherwise. + */ +__owur int CTLOG_STORE_load_default_file(CTLOG_STORE *store); + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/linux_amd64/include/openssl/cterr.h b/linux_amd64/include/openssl/cterr.h new file mode 100644 index 0000000..b0d904e --- /dev/null +++ b/linux_amd64/include/openssl/cterr.h @@ -0,0 +1,88 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_CTERR_H +# define OPENSSL_CTERR_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_CTERR_H +# endif + +# include +# include + + +# include + +# ifndef OPENSSL_NO_CT + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_CT_strings(void); + +/* + * CT function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define CT_F_CTLOG_NEW 0 +# define CT_F_CTLOG_NEW_FROM_BASE64 0 +# define CT_F_CTLOG_NEW_FROM_CONF 0 +# define CT_F_CTLOG_STORE_LOAD_CTX_NEW 0 +# define CT_F_CTLOG_STORE_LOAD_FILE 0 +# define CT_F_CTLOG_STORE_LOAD_LOG 0 +# define CT_F_CTLOG_STORE_NEW 0 +# define CT_F_CT_BASE64_DECODE 0 +# define CT_F_CT_POLICY_EVAL_CTX_NEW 0 +# define CT_F_CT_V1_LOG_ID_FROM_PKEY 0 +# define CT_F_I2O_SCT 0 +# define CT_F_I2O_SCT_LIST 0 +# define CT_F_I2O_SCT_SIGNATURE 0 +# define CT_F_O2I_SCT 0 +# define CT_F_O2I_SCT_LIST 0 +# define CT_F_O2I_SCT_SIGNATURE 0 +# define CT_F_SCT_CTX_NEW 0 +# define CT_F_SCT_CTX_VERIFY 0 +# define CT_F_SCT_NEW 0 +# define CT_F_SCT_NEW_FROM_BASE64 0 +# define CT_F_SCT_SET0_LOG_ID 0 +# define CT_F_SCT_SET1_EXTENSIONS 0 +# define CT_F_SCT_SET1_LOG_ID 0 +# define CT_F_SCT_SET1_SIGNATURE 0 +# define CT_F_SCT_SET_LOG_ENTRY_TYPE 0 +# define CT_F_SCT_SET_SIGNATURE_NID 0 +# define CT_F_SCT_SET_VERSION 0 +# endif + +/* + * CT reason codes. + */ +# define CT_R_BASE64_DECODE_ERROR 108 +# define CT_R_INVALID_LOG_ID_LENGTH 100 +# define CT_R_LOG_CONF_INVALID 109 +# define CT_R_LOG_CONF_INVALID_KEY 110 +# define CT_R_LOG_CONF_MISSING_DESCRIPTION 111 +# define CT_R_LOG_CONF_MISSING_KEY 112 +# define CT_R_LOG_KEY_INVALID 113 +# define CT_R_SCT_FUTURE_TIMESTAMP 116 +# define CT_R_SCT_INVALID 104 +# define CT_R_SCT_INVALID_SIGNATURE 107 +# define CT_R_SCT_LIST_INVALID 105 +# define CT_R_SCT_LOG_ID_MISMATCH 114 +# define CT_R_SCT_NOT_SET 106 +# define CT_R_SCT_UNSUPPORTED_VERSION 115 +# define CT_R_UNRECOGNIZED_SIGNATURE_NID 101 +# define CT_R_UNSUPPORTED_ENTRY_TYPE 102 +# define CT_R_UNSUPPORTED_VERSION 103 + +# endif +#endif diff --git a/linux_amd64/include/openssl/des.h b/linux_amd64/include/openssl/des.h new file mode 100644 index 0000000..bd5d5b4 --- /dev/null +++ b/linux_amd64/include/openssl/des.h @@ -0,0 +1,207 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_DES_H +# define OPENSSL_DES_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_DES_H +# endif + +# include + +# ifndef OPENSSL_NO_DES +# ifdef __cplusplus +extern "C" { +# endif +# include + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +typedef unsigned int DES_LONG; + +# ifdef OPENSSL_BUILD_SHLIBCRYPTO +# undef OPENSSL_EXTERN +# define OPENSSL_EXTERN OPENSSL_EXPORT +# endif + +typedef unsigned char DES_cblock[8]; +typedef /* const */ unsigned char const_DES_cblock[8]; +/* + * With "const", gcc 2.8.1 on Solaris thinks that DES_cblock * and + * const_DES_cblock * are incompatible pointer types. + */ + +typedef struct DES_ks { + union { + DES_cblock cblock; + /* + * make sure things are correct size on machines with 8 byte longs + */ + DES_LONG deslong[2]; + } ks[16]; +} DES_key_schedule; + +# define DES_KEY_SZ (sizeof(DES_cblock)) +# define DES_SCHEDULE_SZ (sizeof(DES_key_schedule)) + +# define DES_ENCRYPT 1 +# define DES_DECRYPT 0 + +# define DES_CBC_MODE 0 +# define DES_PCBC_MODE 1 + +# define DES_ecb2_encrypt(i,o,k1,k2,e) \ + DES_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e)) + +# define DES_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \ + DES_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e)) + +# define DES_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \ + DES_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e)) + +# define DES_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \ + DES_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n)) + +# define DES_fixup_key_parity DES_set_odd_parity +# endif + +DEPRECATEDIN_3_0(const char *DES_options(void)) +DEPRECATEDIN_3_0(void DES_ecb3_encrypt(const_DES_cblock *input, + DES_cblock *output, + DES_key_schedule *ks1, + DES_key_schedule *ks2, + DES_key_schedule *ks3, int enc)) +DEPRECATEDIN_3_0(DES_LONG DES_cbc_cksum(const unsigned char *input, + DES_cblock *output, long length, + DES_key_schedule *schedule, + const_DES_cblock *ivec)) +/* DES_cbc_encrypt does not update the IV! Use DES_ncbc_encrypt instead. */ +DEPRECATEDIN_3_0(void DES_cbc_encrypt(const unsigned char *input, + unsigned char *output, long length, + DES_key_schedule *schedule, + DES_cblock *ivec, int enc)) +DEPRECATEDIN_3_0(void DES_ncbc_encrypt(const unsigned char *input, + unsigned char *output, long length, + DES_key_schedule *schedule, + DES_cblock *ivec, int enc)) +DEPRECATEDIN_3_0(void DES_xcbc_encrypt(const unsigned char *input, + unsigned char *output, long length, + DES_key_schedule *schedule, + DES_cblock *ivec, const_DES_cblock *inw, + const_DES_cblock *outw, int enc)) +DEPRECATEDIN_3_0(void DES_cfb_encrypt(const unsigned char *in, + unsigned char *out, int numbits, + long length, DES_key_schedule *schedule, + DES_cblock *ivec, int enc)) +DEPRECATEDIN_3_0(void DES_ecb_encrypt(const_DES_cblock *input, + DES_cblock *output, DES_key_schedule *ks, + int enc)) + +/* + * This is the DES encryption function that gets called by just about every + * other DES routine in the library. You should not use this function except + * to implement 'modes' of DES. I say this because the functions that call + * this routine do the conversion from 'char *' to long, and this needs to be + * done to make sure 'non-aligned' memory access do not occur. The + * characters are loaded 'little endian'. Data is a pointer to 2 unsigned + * long's and ks is the DES_key_schedule to use. enc, is non zero specifies + * encryption, zero if decryption. + */ +DEPRECATEDIN_3_0(void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, + int enc)) + +/* + * This functions is the same as DES_encrypt1() except that the DES initial + * permutation (IP) and final permutation (FP) have been left out. As for + * DES_encrypt1(), you should not use this function. It is used by the + * routines in the library that implement triple DES. IP() DES_encrypt2() + * DES_encrypt2() DES_encrypt2() FP() is the same as DES_encrypt1() + * DES_encrypt1() DES_encrypt1() except faster :-). + */ +DEPRECATEDIN_3_0(void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, + int enc)) + +DEPRECATEDIN_3_0(void DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1, + DES_key_schedule *ks2, DES_key_schedule *ks3)) +DEPRECATEDIN_3_0(void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1, + DES_key_schedule *ks2, DES_key_schedule *ks3)) +DEPRECATEDIN_3_0(void DES_ede3_cbc_encrypt(const unsigned char *input, + unsigned char *output, long length, + DES_key_schedule *ks1, + DES_key_schedule *ks2, + DES_key_schedule *ks3, + DES_cblock *ivec, int enc)) +DEPRECATEDIN_3_0(void DES_ede3_cfb64_encrypt(const unsigned char *in, + unsigned char *out, long length, + DES_key_schedule *ks1, + DES_key_schedule *ks2, + DES_key_schedule *ks3, + DES_cblock *ivec, int *num, + int enc)) +DEPRECATEDIN_3_0(void DES_ede3_cfb_encrypt(const unsigned char *in, + unsigned char *out, int numbits, + long length, DES_key_schedule *ks1, + DES_key_schedule *ks2, + DES_key_schedule *ks3, + DES_cblock *ivec, int enc)) +DEPRECATEDIN_3_0(void DES_ede3_ofb64_encrypt(const unsigned char *in, + unsigned char *out, long length, + DES_key_schedule *ks1, + DES_key_schedule *ks2, + DES_key_schedule *ks3, + DES_cblock *ivec, int *num)) +DEPRECATEDIN_3_0(char *DES_fcrypt(const char *buf, const char *salt, char *ret)) +DEPRECATEDIN_3_0(char *DES_crypt(const char *buf, const char *salt)) +DEPRECATEDIN_3_0(void DES_ofb_encrypt(const unsigned char *in, + unsigned char *out, int numbits, + long length, DES_key_schedule *schedule, + DES_cblock *ivec)) +DEPRECATEDIN_3_0(void DES_pcbc_encrypt(const unsigned char *input, + unsigned char *output, long length, + DES_key_schedule *schedule, + DES_cblock *ivec, int enc)) +DEPRECATEDIN_3_0(DES_LONG DES_quad_cksum(const unsigned char *input, + DES_cblock output[], long length, + int out_count, DES_cblock *seed)) +DEPRECATEDIN_3_0(int DES_random_key(DES_cblock *ret)) +DEPRECATEDIN_3_0(void DES_set_odd_parity(DES_cblock *key)) +DEPRECATEDIN_3_0(int DES_check_key_parity(const_DES_cblock *key)) +DEPRECATEDIN_3_0(int DES_is_weak_key(const_DES_cblock *key)) +/* + * DES_set_key (= set_key = DES_key_sched = key_sched) calls + * DES_set_key_checked + */ +DEPRECATEDIN_3_0(int DES_set_key(const_DES_cblock *key, + DES_key_schedule *schedule)) +DEPRECATEDIN_3_0(int DES_key_sched(const_DES_cblock *key, + DES_key_schedule *schedule)) +DEPRECATEDIN_3_0(int DES_set_key_checked(const_DES_cblock *key, + DES_key_schedule *schedule)) +DEPRECATEDIN_3_0(void DES_set_key_unchecked(const_DES_cblock *key, + DES_key_schedule *schedule)) +DEPRECATEDIN_3_0(void DES_string_to_key(const char *str, DES_cblock *key)) +DEPRECATEDIN_3_0(void DES_string_to_2keys(const char *str, DES_cblock *key1, + DES_cblock *key2)) +DEPRECATEDIN_3_0(void DES_cfb64_encrypt(const unsigned char *in, + unsigned char *out, long length, + DES_key_schedule *schedule, + DES_cblock *ivec, int *num, int enc)) +DEPRECATEDIN_3_0(void DES_ofb64_encrypt(const unsigned char *in, + unsigned char *out, long length, + DES_key_schedule *schedule, + DES_cblock *ivec, int *num)) + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/linux_amd64/include/openssl/dh.h b/linux_amd64/include/openssl/dh.h new file mode 100644 index 0000000..b26e94e --- /dev/null +++ b/linux_amd64/include/openssl/dh.h @@ -0,0 +1,371 @@ +/* + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_DH_H +# define OPENSSL_DH_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_DH_H +# endif + +# include + +# ifndef OPENSSL_NO_DH +# include +# include +# include +# include +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# include +# endif +# include + +# ifdef __cplusplus +extern "C" { +# endif + +# ifndef OPENSSL_DH_MAX_MODULUS_BITS +# define OPENSSL_DH_MAX_MODULUS_BITS 10000 +# endif + +# define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024 + +# define DH_FLAG_CACHE_MONT_P 0x01 + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +/* + * Does nothing. Previously this switched off constant time behaviour. + */ +# define DH_FLAG_NO_EXP_CONSTTIME 0x00 +# endif + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +/* + * If this flag is set the DH method is FIPS compliant and can be used in + * FIPS mode. This is set in the validated module method. If an application + * sets this flag in its own methods it is its responsibility to ensure the + * result is compliant. + */ + +# define DH_FLAG_FIPS_METHOD 0x0400 + +/* + * If this flag is set the operations normally disabled in FIPS mode are + * permitted it is then the applications responsibility to ensure that the + * usage is compliant. + */ + +# define DH_FLAG_NON_FIPS_ALLOW 0x0400 +# endif + +/* Already defined in ossl_typ.h */ +/* typedef struct dh_st DH; */ +/* typedef struct dh_method DH_METHOD; */ + +DECLARE_ASN1_ITEM(DHparams) + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define DH_GENERATOR_2 2 +# define DH_GENERATOR_3 3 +# define DH_GENERATOR_5 5 + +/* DH_check error codes */ +/* + * NB: These values must align with the equivalently named macros in + * internal/ffc.h. + */ +# define DH_CHECK_P_NOT_PRIME 0x01 +# define DH_CHECK_P_NOT_SAFE_PRIME 0x02 +# define DH_UNABLE_TO_CHECK_GENERATOR 0x04 +# define DH_NOT_SUITABLE_GENERATOR 0x08 +# define DH_CHECK_Q_NOT_PRIME 0x10 +# define DH_CHECK_INVALID_Q_VALUE 0x20 +# define DH_CHECK_INVALID_J_VALUE 0x40 +# define DH_MODULUS_TOO_SMALL 0x80 +# define DH_MODULUS_TOO_LARGE 0x100 + +/* DH_check_pub_key error codes */ +# define DH_CHECK_PUBKEY_TOO_SMALL 0x01 +# define DH_CHECK_PUBKEY_TOO_LARGE 0x02 +# define DH_CHECK_PUBKEY_INVALID 0x04 + +/* + * primes p where (p-1)/2 is prime too are called "safe"; we define this for + * backward compatibility: + */ +# define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME + +/* DH parameter generation types used by EVP_PKEY_CTX_set_dh_paramgen_type() */ +# define DH_PARAMGEN_TYPE_GENERATOR 0 /* Use a generator g */ +# define DH_PARAMGEN_TYPE_FIPS_186_2 1 /* Use legacy FIPS186-2 standard */ +# define DH_PARAMGEN_TYPE_FIPS_186_4 2 /* Use FIPS186-4 standard */ + +# define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME + +# define d2i_DHparams_fp(fp, x) \ + (DH *)ASN1_d2i_fp((char *(*)())DH_new, \ + (char *(*)())d2i_DHparams, \ + (fp), \ + (unsigned char **)(x)) +# define i2d_DHparams_fp(fp, x) \ + ASN1_i2d_fp(i2d_DHparams,(fp), (unsigned char *)(x)) +# define d2i_DHparams_bio(bp, x) \ + ASN1_d2i_bio_of(DH, DH_new, d2i_DHparams, bp, x) +# define i2d_DHparams_bio(bp, x) \ + ASN1_i2d_bio_of(DH, i2d_DHparams, bp, x) + +# define d2i_DHxparams_fp(fp,x) \ + (DH *)ASN1_d2i_fp((char *(*)())DH_new, \ + (char *(*)())d2i_DHxparams, \ + (fp), \ + (unsigned char **)(x)) +# define i2d_DHxparams_fp(fp, x) \ + ASN1_i2d_fp(i2d_DHxparams,(fp), (unsigned char *)(x)) +# define d2i_DHxparams_bio(bp, x) \ + ASN1_d2i_bio_of(DH, DH_new, d2i_DHxparams, bp, x) +# define i2d_DHxparams_bio(bp, x) \ + ASN1_i2d_bio_of(DH, i2d_DHxparams, bp, x) +# endif + +DECLARE_ASN1_DUP_FUNCTION_name(DH, DHparams) + +DEPRECATEDIN_3_0(const DH_METHOD *DH_OpenSSL(void)) + +DEPRECATEDIN_3_0(void DH_set_default_method(const DH_METHOD *meth)) +DEPRECATEDIN_3_0(const DH_METHOD *DH_get_default_method(void)) +DEPRECATEDIN_3_0(int DH_set_method(DH *dh, const DH_METHOD *meth)) +DEPRECATEDIN_3_0(DH *DH_new_method(ENGINE *engine)) + +DH *DH_new(void); +void DH_free(DH *dh); +int DH_up_ref(DH *dh); +DEPRECATEDIN_3_0(int DH_bits(const DH *dh)) +DEPRECATEDIN_3_0(int DH_size(const DH *dh)) +DEPRECATEDIN_3_0(int DH_security_bits(const DH *dh)) +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define DH_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, l, p, newf, dupf, freef) +# endif +DEPRECATEDIN_3_0(int DH_set_ex_data(DH *d, int idx, void *arg)) +DEPRECATEDIN_3_0(void *DH_get_ex_data(DH *d, int idx)) + +/* Deprecated version */ +DEPRECATEDIN_0_9_8(DH *DH_generate_parameters(int prime_len, int generator, + void (*callback) (int, int, + void *), + void *cb_arg)) + +/* New version */ +DEPRECATEDIN_3_0(int DH_generate_parameters_ex(DH *dh, int prime_len, + int generator, BN_GENCB *cb)) + +DEPRECATEDIN_3_0(int DH_check_params_ex(const DH *dh)) +DEPRECATEDIN_3_0(int DH_check_ex(const DH *dh)) +DEPRECATEDIN_3_0(int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key)) +/* + * TODO(3.0): deprecate DH_check_params once ssl/statem/statem_clnt.c is fixed. + */ +int DH_check_params(const DH *dh, int *ret); +DEPRECATEDIN_3_0(int DH_check(const DH *dh, int *codes)) +DEPRECATEDIN_3_0(int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, + int *codes)) +DEPRECATEDIN_3_0(int DH_generate_key(DH *dh)) +DEPRECATEDIN_3_0(int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, + DH *dh)) +DEPRECATEDIN_3_0(int DH_compute_key_padded(unsigned char *key, + const BIGNUM *pub_key, DH *dh)) +DECLARE_ASN1_ENCODE_FUNCTIONS_only(DH, DHparams) +DECLARE_ASN1_ENCODE_FUNCTIONS_only(DH, DHxparams) +# ifndef OPENSSL_NO_STDIO +DEPRECATEDIN_3_0(int DHparams_print_fp(FILE *fp, const DH *x)) +# endif +DEPRECATEDIN_3_0(int DHparams_print(BIO *bp, const DH *x)) + +/* RFC 5114 parameters */ +DH *DH_get_1024_160(void); +DH *DH_get_2048_224(void); +DH *DH_get_2048_256(void); + +/* Named parameters, currently RFC7919 and RFC3526 */ +/* TODO(3.0): deprecate DH_new_by_nid() after converting ssl/s3_lib.c */ +DH *DH_new_by_nid(int nid); +DEPRECATEDIN_3_0(int DH_get_nid(DH *dh)) + +# ifndef OPENSSL_NO_CMS +/* RFC2631 KDF */ +DEPRECATEDIN_3_0(int DH_KDF_X9_42(unsigned char *out, size_t outlen, + const unsigned char *Z, size_t Zlen, + ASN1_OBJECT *key_oid, + const unsigned char *ukm, + size_t ukmlen, const EVP_MD *md)) +# endif + +void DH_get0_pqg(const DH *dh, + const BIGNUM **p, const BIGNUM **q, const BIGNUM **g); +int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); +void DH_get0_key(const DH *dh, + const BIGNUM **pub_key, const BIGNUM **priv_key); +int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key); +const BIGNUM *DH_get0_p(const DH *dh); +const BIGNUM *DH_get0_q(const DH *dh); +const BIGNUM *DH_get0_g(const DH *dh); +const BIGNUM *DH_get0_priv_key(const DH *dh); +const BIGNUM *DH_get0_pub_key(const DH *dh); +void DH_clear_flags(DH *dh, int flags); +int DH_test_flags(const DH *dh, int flags); +void DH_set_flags(DH *dh, int flags); +DEPRECATEDIN_3_0(ENGINE *DH_get0_engine(DH *d)) +DEPRECATEDIN_3_0(long DH_get_length(const DH *dh)) +DEPRECATEDIN_3_0(int DH_set_length(DH *dh, long length)) + +DEPRECATEDIN_3_0(DH_METHOD *DH_meth_new(const char *name, int flags)) +DEPRECATEDIN_3_0(void DH_meth_free(DH_METHOD *dhm)) +DEPRECATEDIN_3_0(DH_METHOD *DH_meth_dup(const DH_METHOD *dhm)) +DEPRECATEDIN_3_0(const char *DH_meth_get0_name(const DH_METHOD *dhm)) +DEPRECATEDIN_3_0(int DH_meth_set1_name(DH_METHOD *dhm, const char *name)) +DEPRECATEDIN_3_0(int DH_meth_get_flags(const DH_METHOD *dhm)) +DEPRECATEDIN_3_0(int DH_meth_set_flags(DH_METHOD *dhm, int flags)) +DEPRECATEDIN_3_0(void *DH_meth_get0_app_data(const DH_METHOD *dhm)) +DEPRECATEDIN_3_0(int DH_meth_set0_app_data(DH_METHOD *dhm, void *app_data)) +DEPRECATEDIN_3_0(int (*DH_meth_get_generate_key(const DH_METHOD *dhm)) (DH *)) +DEPRECATEDIN_3_0(int DH_meth_set_generate_key(DH_METHOD *dhm, + int (*generate_key) (DH *))) +DEPRECATEDIN_3_0(int (*DH_meth_get_compute_key(const DH_METHOD *dhm)) + (unsigned char *key, + const BIGNUM *pub_key, DH *dh)) +DEPRECATEDIN_3_0(int DH_meth_set_compute_key(DH_METHOD *dhm, + int (*compute_key) + (unsigned char *key, + const BIGNUM *pub_key, + DH *dh))) +DEPRECATEDIN_3_0(int (*DH_meth_get_bn_mod_exp(const DH_METHOD *dhm)) + (const DH *, BIGNUM *, + const BIGNUM *, + const BIGNUM *, + const BIGNUM *, BN_CTX *, + BN_MONT_CTX *)) +DEPRECATEDIN_3_0(int DH_meth_set_bn_mod_exp(DH_METHOD *dhm, + int (*bn_mod_exp) + (const DH *, BIGNUM *, + const BIGNUM *, const BIGNUM *, + const BIGNUM *, BN_CTX *, + BN_MONT_CTX *))) +DEPRECATEDIN_3_0(int (*DH_meth_get_init(const DH_METHOD *dhm))(DH *)) +DEPRECATEDIN_3_0(int DH_meth_set_init(DH_METHOD *dhm, int (*init)(DH *))) +DEPRECATEDIN_3_0(int (*DH_meth_get_finish(const DH_METHOD *dhm)) (DH *)) +DEPRECATEDIN_3_0(int DH_meth_set_finish(DH_METHOD *dhm, int (*finish) (DH *))) +DEPRECATEDIN_3_0(int (*DH_meth_get_generate_params(const DH_METHOD *dhm)) + (DH *, int, int, + BN_GENCB *)) +DEPRECATEDIN_3_0(int DH_meth_set_generate_params(DH_METHOD *dhm, + int (*generate_params) + (DH *, int, int, + BN_GENCB *))) + +# define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, len, NULL) + +# define EVP_PKEY_CTX_set_dh_paramgen_subprime_len(ctx, len) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN, len, NULL) + +# define EVP_PKEY_CTX_set_dh_paramgen_type(ctx, typ) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_PARAMGEN_TYPE, typ, NULL) + +# define EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, gen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR, gen, NULL) + +# define EVP_PKEY_CTX_set_dh_rfc5114(ctx, gen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_RFC5114, gen, NULL) + +# define EVP_PKEY_CTX_set_dhx_rfc5114(ctx, gen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_RFC5114, gen, NULL) + +# define EVP_PKEY_CTX_set_dh_nid(ctx, nid) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, \ + EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_DH_NID, nid, NULL) + +int EVP_PKEY_CTX_set_dh_pad(EVP_PKEY_CTX *ctx, int pad); + +# define EVP_PKEY_CTX_set_dh_kdf_type(ctx, kdf) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_DH_KDF_TYPE, kdf, NULL) + +# define EVP_PKEY_CTX_get_dh_kdf_type(ctx) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_DH_KDF_TYPE, -2, NULL) + +# define EVP_PKEY_CTX_set0_dh_kdf_oid(ctx, oid) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_DH_KDF_OID, 0, (void *)(oid)) + +# define EVP_PKEY_CTX_get0_dh_kdf_oid(ctx, poid) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_DH_KDF_OID, 0, (void *)(poid)) + +# define EVP_PKEY_CTX_set_dh_kdf_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_DH_KDF_MD, 0, (void *)(md)) + +# define EVP_PKEY_CTX_get_dh_kdf_md(ctx, pmd) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_DH_KDF_MD, 0, (void *)(pmd)) + +# define EVP_PKEY_CTX_set_dh_kdf_outlen(ctx, len) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_DH_KDF_OUTLEN, len, NULL) + +# define EVP_PKEY_CTX_get_dh_kdf_outlen(ctx, plen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN, 0, (void *)(plen)) + +# define EVP_PKEY_CTX_set0_dh_kdf_ukm(ctx, p, plen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_DH_KDF_UKM, plen, (void *)(p)) + +# define EVP_PKEY_CTX_get0_dh_kdf_ukm(ctx, p) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_DH_KDF_UKM, 0, (void *)(p)) + +# define EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN (EVP_PKEY_ALG_CTRL + 1) +# define EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR (EVP_PKEY_ALG_CTRL + 2) +# define EVP_PKEY_CTRL_DH_RFC5114 (EVP_PKEY_ALG_CTRL + 3) +# define EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN (EVP_PKEY_ALG_CTRL + 4) +# define EVP_PKEY_CTRL_DH_PARAMGEN_TYPE (EVP_PKEY_ALG_CTRL + 5) +# define EVP_PKEY_CTRL_DH_KDF_TYPE (EVP_PKEY_ALG_CTRL + 6) +# define EVP_PKEY_CTRL_DH_KDF_MD (EVP_PKEY_ALG_CTRL + 7) +# define EVP_PKEY_CTRL_GET_DH_KDF_MD (EVP_PKEY_ALG_CTRL + 8) +# define EVP_PKEY_CTRL_DH_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 9) +# define EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 10) +# define EVP_PKEY_CTRL_DH_KDF_UKM (EVP_PKEY_ALG_CTRL + 11) +# define EVP_PKEY_CTRL_GET_DH_KDF_UKM (EVP_PKEY_ALG_CTRL + 12) +# define EVP_PKEY_CTRL_DH_KDF_OID (EVP_PKEY_ALG_CTRL + 13) +# define EVP_PKEY_CTRL_GET_DH_KDF_OID (EVP_PKEY_ALG_CTRL + 14) +# define EVP_PKEY_CTRL_DH_NID (EVP_PKEY_ALG_CTRL + 15) +# define EVP_PKEY_CTRL_DH_PAD (EVP_PKEY_ALG_CTRL + 16) + +/* KDF types */ +# define EVP_PKEY_DH_KDF_NONE 1 +# ifndef OPENSSL_NO_CMS +# define EVP_PKEY_DH_KDF_X9_42 2 +# endif + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/linux_amd64/include/openssl/dherr.h b/linux_amd64/include/openssl/dherr.h new file mode 100644 index 0000000..463019d --- /dev/null +++ b/linux_amd64/include/openssl/dherr.h @@ -0,0 +1,99 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_DHERR_H +# define OPENSSL_DHERR_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_DHERR_H +# endif + +# include +# include + + +# include + +# ifndef OPENSSL_NO_DH + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_DH_strings(void); + +/* + * DH function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define DH_F_COMPUTE_KEY 0 +# define DH_F_DHPARAMS_PRINT_FP 0 +# define DH_F_DH_BUF2KEY 0 +# define DH_F_DH_BUILTIN_GENPARAMS 0 +# define DH_F_DH_CHECK_EX 0 +# define DH_F_DH_CHECK_PARAMS_EX 0 +# define DH_F_DH_CHECK_PUB_KEY_EX 0 +# define DH_F_DH_CMS_DECRYPT 0 +# define DH_F_DH_CMS_SET_PEERKEY 0 +# define DH_F_DH_CMS_SET_SHARED_INFO 0 +# define DH_F_DH_KEY2BUF 0 +# define DH_F_DH_METH_DUP 0 +# define DH_F_DH_METH_NEW 0 +# define DH_F_DH_METH_SET1_NAME 0 +# define DH_F_DH_NEW_BY_NID 0 +# define DH_F_DH_NEW_METHOD 0 +# define DH_F_DH_PARAM_DECODE 0 +# define DH_F_DH_PKEY_PUBLIC_CHECK 0 +# define DH_F_DH_PRIV_DECODE 0 +# define DH_F_DH_PRIV_ENCODE 0 +# define DH_F_DH_PUB_DECODE 0 +# define DH_F_DH_PUB_ENCODE 0 +# define DH_F_DO_DH_PRINT 0 +# define DH_F_GENERATE_KEY 0 +# define DH_F_PKEY_DH_CTRL_STR 0 +# define DH_F_PKEY_DH_DERIVE 0 +# define DH_F_PKEY_DH_INIT 0 +# define DH_F_PKEY_DH_KEYGEN 0 +# endif + +/* + * DH reason codes. + */ +# define DH_R_BAD_GENERATOR 101 +# define DH_R_BN_DECODE_ERROR 109 +# define DH_R_BN_ERROR 106 +# define DH_R_CHECK_INVALID_J_VALUE 115 +# define DH_R_CHECK_INVALID_Q_VALUE 116 +# define DH_R_CHECK_PUBKEY_INVALID 122 +# define DH_R_CHECK_PUBKEY_TOO_LARGE 123 +# define DH_R_CHECK_PUBKEY_TOO_SMALL 124 +# define DH_R_CHECK_P_NOT_PRIME 117 +# define DH_R_CHECK_P_NOT_SAFE_PRIME 118 +# define DH_R_CHECK_Q_NOT_PRIME 119 +# define DH_R_DECODE_ERROR 104 +# define DH_R_INVALID_PARAMETER_NAME 110 +# define DH_R_INVALID_PARAMETER_NID 114 +# define DH_R_INVALID_PUBKEY 102 +# define DH_R_KDF_PARAMETER_ERROR 112 +# define DH_R_KEYS_NOT_SET 108 +# define DH_R_MISSING_PUBKEY 125 +# define DH_R_MODULUS_TOO_LARGE 103 +# define DH_R_MODULUS_TOO_SMALL 126 +# define DH_R_NOT_SUITABLE_GENERATOR 120 +# define DH_R_NO_PARAMETERS_SET 107 +# define DH_R_NO_PRIVATE_VALUE 100 +# define DH_R_PARAMETER_ENCODING_ERROR 105 +# define DH_R_PEER_KEY_ERROR 111 +# define DH_R_SHARED_INFO_ERROR 113 +# define DH_R_UNABLE_TO_CHECK_GENERATOR 121 + +# endif +#endif diff --git a/linux_amd64/include/openssl/dsa.h b/linux_amd64/include/openssl/dsa.h new file mode 100644 index 0000000..ac4d221 --- /dev/null +++ b/linux_amd64/include/openssl/dsa.h @@ -0,0 +1,266 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_DSA_H +# define OPENSSL_DSA_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_DSA_H +# endif + +# include + +# ifndef OPENSSL_NO_DSA +# ifdef __cplusplus +extern "C" { +# endif +# include +# include +# include +# include +# include +# include +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# include +# endif +# include + +# ifndef OPENSSL_DSA_MAX_MODULUS_BITS +# define OPENSSL_DSA_MAX_MODULUS_BITS 10000 +# endif + +# define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024 + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +/* + * Does nothing. Previously this switched off constant time behaviour. + */ +# define DSA_FLAG_NO_EXP_CONSTTIME 0x00 +# endif + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define DSA_FLAG_CACHE_MONT_P 0x01 + +/* + * If this flag is set the DSA method is FIPS compliant and can be used in + * FIPS mode. This is set in the validated module method. If an application + * sets this flag in its own methods it is its responsibility to ensure the + * result is compliant. + */ + +# define DSA_FLAG_FIPS_METHOD 0x0400 + +/* + * If this flag is set the operations normally disabled in FIPS mode are + * permitted it is then the applications responsibility to ensure that the + * usage is compliant. + */ + +# define DSA_FLAG_NON_FIPS_ALLOW 0x0400 +# define DSA_FLAG_FIPS_CHECKED 0x0800 +# endif /* OPENSSL_NO_DEPRECATED_3_0 */ + +/* Already defined in ossl_typ.h */ +/* typedef struct dsa_st DSA; */ +/* typedef struct dsa_method DSA_METHOD; */ + +typedef struct DSA_SIG_st DSA_SIG; + +/* + * TODO(3.0): consider removing the ASN.1 encoding and decoding when + * deserialisation is completed elsewhere. + */ +# define d2i_DSAparams_fp(fp, x) \ + (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \ + (char *(*)())d2i_DSAparams, (fp), \ + (unsigned char **)(x)) +# define i2d_DSAparams_fp(fp, x) \ + ASN1_i2d_fp(i2d_DSAparams, (fp), (unsigned char *)(x)) +# define d2i_DSAparams_bio(bp, x) \ + ASN1_d2i_bio_of(DSA, DSA_new, d2i_DSAparams, bp, x) +# define i2d_DSAparams_bio(bp, x) \ + ASN1_i2d_bio_of(DSA, i2d_DSAparams, bp, x) + +DECLARE_ASN1_DUP_FUNCTION_name(DSA, DSAparams) +DSA_SIG *DSA_SIG_new(void); +void DSA_SIG_free(DSA_SIG *a); +DECLARE_ASN1_ENCODE_FUNCTIONS_only(DSA_SIG, DSA_SIG) +void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); +int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s); + +DEPRECATEDIN_3_0(DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, + DSA *dsa)) +DEPRECATEDIN_3_0(int DSA_do_verify(const unsigned char *dgst, int dgst_len, + DSA_SIG *sig, DSA *dsa)) + +DEPRECATEDIN_3_0(const DSA_METHOD *DSA_OpenSSL(void)) + +DEPRECATEDIN_3_0(void DSA_set_default_method(const DSA_METHOD *)) +DEPRECATEDIN_3_0(const DSA_METHOD *DSA_get_default_method(void)) +DEPRECATEDIN_3_0(int DSA_set_method(DSA *dsa, const DSA_METHOD *)) +DEPRECATEDIN_3_0(const DSA_METHOD *DSA_get_method(DSA *d)) + +DSA *DSA_new(void); +DEPRECATEDIN_3_0(DSA *DSA_new_method(ENGINE *engine)) +void DSA_free(DSA *r); +/* "up" the DSA object's reference count */ +int DSA_up_ref(DSA *r); +DEPRECATEDIN_3_0(int DSA_size(const DSA *)) +DEPRECATEDIN_3_0(int DSA_bits(const DSA *d)) +DEPRECATEDIN_3_0(int DSA_security_bits(const DSA *d)) + /* next 4 return -1 on error */ +DEPRECATEDIN_3_0(int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, + BIGNUM **rp)) +DEPRECATEDIN_3_0(int DSA_sign(int type, const unsigned char *dgst, int dlen, + unsigned char *sig, unsigned int *siglen, + DSA *dsa)) +DEPRECATEDIN_3_0(int DSA_verify(int type, const unsigned char *dgst, + int dgst_len, const unsigned char *sigbuf, + int siglen, DSA *dsa)) +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define DSA_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, l, p, newf, dupf, freef) +# endif +DEPRECATEDIN_3_0(int DSA_set_ex_data(DSA *d, int idx, void *arg)) +DEPRECATEDIN_3_0(void *DSA_get_ex_data(DSA *d, int idx)) + +DECLARE_ASN1_ENCODE_FUNCTIONS_only(DSA, DSAPublicKey) +DECLARE_ASN1_ENCODE_FUNCTIONS_only(DSA, DSAPrivateKey) +DECLARE_ASN1_ENCODE_FUNCTIONS_only(DSA, DSAparams) + +/* Deprecated version */ +DEPRECATEDIN_0_9_8(DSA *DSA_generate_parameters(int bits, + unsigned char *seed, + int seed_len, + int *counter_ret, + unsigned long *h_ret, void + (*callback) (int, int, + void *), + void *cb_arg)) + +/* New version */ +DEPRECATEDIN_3_0(int DSA_generate_parameters_ex(DSA *dsa, int bits, + const unsigned char *seed, + int seed_len, int *counter_ret, + unsigned long *h_ret, + BN_GENCB *cb)) + +DEPRECATEDIN_3_0(int DSA_generate_key(DSA *a)) + +DEPRECATEDIN_3_0(int DSAparams_print(BIO *bp, const DSA *x)) +DEPRECATEDIN_3_0(int DSA_print(BIO *bp, const DSA *x, int off)) +# ifndef OPENSSL_NO_STDIO +DEPRECATEDIN_3_0(int DSAparams_print_fp(FILE *fp, const DSA *x)) +DEPRECATEDIN_3_0(int DSA_print_fp(FILE *bp, const DSA *x, int off)) +# endif + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define DSS_prime_checks 64 +/* + * Primality test according to FIPS PUB 186-4, Appendix C.3. Since we only + * have one value here we set the number of checks to 64 which is the 128 bit + * security level that is the highest level and valid for creating a 3072 bit + * DSA key. + */ +# define DSA_is_prime(n, callback, cb_arg) \ + BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg) +# endif + +# ifndef OPENSSL_NO_DH +/* + * Convert DSA structure (key or just parameters) into DH structure (be + * careful to avoid small subgroup attacks when using this!) + */ +DEPRECATEDIN_3_0(DH *DSA_dup_DH(const DSA *r)) +# endif + +# define EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, nbits, NULL) +# define EVP_PKEY_CTX_set_dsa_paramgen_q_bits(ctx, qbits) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, qbits, NULL) +# define EVP_PKEY_CTX_set_dsa_paramgen_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0, (void *)(md)) + +# define EVP_PKEY_CTRL_DSA_PARAMGEN_BITS (EVP_PKEY_ALG_CTRL + 1) +# define EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS (EVP_PKEY_ALG_CTRL + 2) +# define EVP_PKEY_CTRL_DSA_PARAMGEN_MD (EVP_PKEY_ALG_CTRL + 3) + +void DSA_get0_pqg(const DSA *d, + const BIGNUM **p, const BIGNUM **q, const BIGNUM **g); +int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g); +void DSA_get0_key(const DSA *d, + const BIGNUM **pub_key, const BIGNUM **priv_key); +int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key); +const BIGNUM *DSA_get0_p(const DSA *d); +const BIGNUM *DSA_get0_q(const DSA *d); +const BIGNUM *DSA_get0_g(const DSA *d); +const BIGNUM *DSA_get0_pub_key(const DSA *d); +const BIGNUM *DSA_get0_priv_key(const DSA *d); +void DSA_clear_flags(DSA *d, int flags); +int DSA_test_flags(const DSA *d, int flags); +void DSA_set_flags(DSA *d, int flags); +DEPRECATEDIN_3_0(ENGINE *DSA_get0_engine(DSA *d)) + +DEPRECATEDIN_3_0(DSA_METHOD *DSA_meth_new(const char *name, int flags)) +DEPRECATEDIN_3_0(void DSA_meth_free(DSA_METHOD *dsam)) +DEPRECATEDIN_3_0(DSA_METHOD *DSA_meth_dup(const DSA_METHOD *dsam)) +DEPRECATEDIN_3_0(const char *DSA_meth_get0_name(const DSA_METHOD *dsam)) +DEPRECATEDIN_3_0(int DSA_meth_set1_name(DSA_METHOD *dsam, const char *name)) +DEPRECATEDIN_3_0(int DSA_meth_get_flags(const DSA_METHOD *dsam)) +DEPRECATEDIN_3_0(int DSA_meth_set_flags(DSA_METHOD *dsam, int flags)) +DEPRECATEDIN_3_0(void *DSA_meth_get0_app_data(const DSA_METHOD *dsam)) +DEPRECATEDIN_3_0(int DSA_meth_set0_app_data(DSA_METHOD *dsam, void *app_data)) +DEPRECATEDIN_3_0(DSA_SIG *(*DSA_meth_get_sign(const DSA_METHOD *dsam)) + (const unsigned char *, int, DSA *)) +DEPRECATEDIN_3_0(int DSA_meth_set_sign(DSA_METHOD *dsam, + DSA_SIG *(*sign) (const unsigned char *, int, DSA *))) +DEPRECATEDIN_3_0(int (*DSA_meth_get_sign_setup(const DSA_METHOD *dsam)) + (DSA *, BN_CTX *, BIGNUM **, BIGNUM **)) +DEPRECATEDIN_3_0(int DSA_meth_set_sign_setup(DSA_METHOD *dsam, + int (*sign_setup) (DSA *, BN_CTX *, BIGNUM **, BIGNUM **))) +DEPRECATEDIN_3_0(int (*DSA_meth_get_verify(const DSA_METHOD *dsam)) + (const unsigned char *, int, DSA_SIG *, DSA *)) +DEPRECATEDIN_3_0(int DSA_meth_set_verify(DSA_METHOD *dsam, + int (*verify) (const unsigned char *, int, DSA_SIG *, DSA *))) +DEPRECATEDIN_3_0(int (*DSA_meth_get_mod_exp(const DSA_METHOD *dsam)) + (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, + const BIGNUM *, const BIGNUM *, BN_CTX *, BN_MONT_CTX *)) +DEPRECATEDIN_3_0(int DSA_meth_set_mod_exp(DSA_METHOD *dsam, + int (*mod_exp) (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, + const BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *, + BN_MONT_CTX *))) +DEPRECATEDIN_3_0(int (*DSA_meth_get_bn_mod_exp(const DSA_METHOD *dsam)) + (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, + BN_CTX *, BN_MONT_CTX *)) +DEPRECATEDIN_3_0(int DSA_meth_set_bn_mod_exp(DSA_METHOD *dsam, + int (*bn_mod_exp) (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, + const BIGNUM *, BN_CTX *, BN_MONT_CTX *))) +DEPRECATEDIN_3_0(int (*DSA_meth_get_init(const DSA_METHOD *dsam))(DSA *)) +DEPRECATEDIN_3_0(int DSA_meth_set_init(DSA_METHOD *dsam, int (*init)(DSA *))) +DEPRECATEDIN_3_0(int (*DSA_meth_get_finish(const DSA_METHOD *dsam)) (DSA *)) +DEPRECATEDIN_3_0(int DSA_meth_set_finish(DSA_METHOD *dsam, int (*finish) (DSA *))) +DEPRECATEDIN_3_0(int (*DSA_meth_get_paramgen(const DSA_METHOD *dsam)) + (DSA *, int, const unsigned char *, int, int *, unsigned long *, + BN_GENCB *)) +DEPRECATEDIN_3_0(int DSA_meth_set_paramgen(DSA_METHOD *dsam, + int (*paramgen) (DSA *, int, const unsigned char *, int, int *, + unsigned long *, BN_GENCB *))) +DEPRECATEDIN_3_0(int (*DSA_meth_get_keygen(const DSA_METHOD *dsam)) (DSA *)) +DEPRECATEDIN_3_0(int DSA_meth_set_keygen(DSA_METHOD *dsam, int (*keygen) (DSA *))) + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/linux_amd64/include/openssl/dsaerr.h b/linux_amd64/include/openssl/dsaerr.h new file mode 100644 index 0000000..48dd7d0 --- /dev/null +++ b/linux_amd64/include/openssl/dsaerr.h @@ -0,0 +1,80 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_DSAERR_H +# define OPENSSL_DSAERR_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_DSAERR_H +# endif + +# include +# include + + +# include + +# ifndef OPENSSL_NO_DSA + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_DSA_strings(void); + +/* + * DSA function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define DSA_F_DSAPARAMS_PRINT 0 +# define DSA_F_DSAPARAMS_PRINT_FP 0 +# define DSA_F_DSA_BUILTIN_PARAMGEN 0 +# define DSA_F_DSA_BUILTIN_PARAMGEN2 0 +# define DSA_F_DSA_DO_SIGN 0 +# define DSA_F_DSA_DO_VERIFY 0 +# define DSA_F_DSA_METH_DUP 0 +# define DSA_F_DSA_METH_NEW 0 +# define DSA_F_DSA_METH_SET1_NAME 0 +# define DSA_F_DSA_NEW_METHOD 0 +# define DSA_F_DSA_PARAM_DECODE 0 +# define DSA_F_DSA_PRINT_FP 0 +# define DSA_F_DSA_PRIV_DECODE 0 +# define DSA_F_DSA_PRIV_ENCODE 0 +# define DSA_F_DSA_PUB_DECODE 0 +# define DSA_F_DSA_PUB_ENCODE 0 +# define DSA_F_DSA_SIGN 0 +# define DSA_F_DSA_SIGN_SETUP 0 +# define DSA_F_DSA_SIG_NEW 0 +# define DSA_F_OLD_DSA_PRIV_DECODE 0 +# define DSA_F_PKEY_DSA_CTRL 0 +# define DSA_F_PKEY_DSA_CTRL_STR 0 +# define DSA_F_PKEY_DSA_KEYGEN 0 +# endif + +/* + * DSA reason codes. + */ +# define DSA_R_BAD_Q_VALUE 102 +# define DSA_R_BN_DECODE_ERROR 108 +# define DSA_R_BN_ERROR 109 +# define DSA_R_DECODE_ERROR 104 +# define DSA_R_INVALID_DIGEST_TYPE 106 +# define DSA_R_INVALID_PARAMETERS 112 +# define DSA_R_MISSING_PARAMETERS 101 +# define DSA_R_MISSING_PRIVATE_KEY 111 +# define DSA_R_MODULUS_TOO_LARGE 103 +# define DSA_R_NO_PARAMETERS_SET 107 +# define DSA_R_PARAMETER_ENCODING_ERROR 105 +# define DSA_R_Q_NOT_PRIME 113 +# define DSA_R_SEED_LEN_SMALL 110 + +# endif +#endif diff --git a/linux_amd64/include/openssl/dtls1.h b/linux_amd64/include/openssl/dtls1.h new file mode 100644 index 0000000..bfc2d6e --- /dev/null +++ b/linux_amd64/include/openssl/dtls1.h @@ -0,0 +1,65 @@ +/* + * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_DTLS1_H +# define OPENSSL_DTLS1_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_DTLS1_H +# endif + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +# define DTLS1_VERSION 0xFEFF +# define DTLS1_2_VERSION 0xFEFD +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define DTLS_MIN_VERSION DTLS1_VERSION +# define DTLS_MAX_VERSION DTLS1_2_VERSION +# endif +# define DTLS1_VERSION_MAJOR 0xFE + +# define DTLS1_BAD_VER 0x0100 + +/* Special value for method supporting multiple versions */ +# define DTLS_ANY_VERSION 0x1FFFF + +/* lengths of messages */ +/* + * Actually the max cookie length in DTLS is 255. But we can't change this now + * due to compatibility concerns. + */ +# define DTLS1_COOKIE_LENGTH 256 + +# define DTLS1_RT_HEADER_LENGTH 13 + +# define DTLS1_HM_HEADER_LENGTH 12 + +# define DTLS1_HM_BAD_FRAGMENT -2 +# define DTLS1_HM_FRAGMENT_RETRY -3 + +# define DTLS1_CCS_HEADER_LENGTH 1 + +# define DTLS1_AL_HEADER_LENGTH 2 + +/* Timeout multipliers */ +# define DTLS1_TMO_READ_COUNT 2 +# define DTLS1_TMO_WRITE_COUNT 2 + +# define DTLS1_TMO_ALERT_COUNT 12 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/linux_amd64/include/openssl/e_os2.h b/linux_amd64/include/openssl/e_os2.h new file mode 100644 index 0000000..982dd2b --- /dev/null +++ b/linux_amd64/include/openssl/e_os2.h @@ -0,0 +1,280 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_E_OS2_H +# define OPENSSL_E_OS2_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_E_OS2_H +# endif + +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/****************************************************************************** + * Detect operating systems. This probably needs completing. + * The result is that at least one OPENSSL_SYS_os macro should be defined. + * However, if none is defined, Unix is assumed. + **/ + +# define OPENSSL_SYS_UNIX + +/* --------------------- Microsoft operating systems ---------------------- */ + +/* + * Note that MSDOS actually denotes 32-bit environments running on top of + * MS-DOS, such as DJGPP one. + */ +# if defined(OPENSSL_SYS_MSDOS) +# undef OPENSSL_SYS_UNIX +# endif + +/* + * For 32 bit environment, there seems to be the CygWin environment and then + * all the others that try to do the same thing Microsoft does... + */ +/* + * UEFI lives here because it might be built with a Microsoft toolchain and + * we need to avoid the false positive match on Windows. + */ +# if defined(OPENSSL_SYS_UEFI) +# undef OPENSSL_SYS_UNIX +# elif defined(OPENSSL_SYS_UWIN) +# undef OPENSSL_SYS_UNIX +# define OPENSSL_SYS_WIN32_UWIN +# else +# if defined(__CYGWIN__) || defined(OPENSSL_SYS_CYGWIN) +# define OPENSSL_SYS_WIN32_CYGWIN +# else +# if defined(_WIN32) || defined(OPENSSL_SYS_WIN32) +# undef OPENSSL_SYS_UNIX +# if !defined(OPENSSL_SYS_WIN32) +# define OPENSSL_SYS_WIN32 +# endif +# endif +# if defined(_WIN64) || defined(OPENSSL_SYS_WIN64) +# undef OPENSSL_SYS_UNIX +# if !defined(OPENSSL_SYS_WIN64) +# define OPENSSL_SYS_WIN64 +# endif +# endif +# if defined(OPENSSL_SYS_WINNT) +# undef OPENSSL_SYS_UNIX +# endif +# if defined(OPENSSL_SYS_WINCE) +# undef OPENSSL_SYS_UNIX +# endif +# endif +# endif + +/* Anything that tries to look like Microsoft is "Windows" */ +# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN64) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE) +# undef OPENSSL_SYS_UNIX +# define OPENSSL_SYS_WINDOWS +# ifndef OPENSSL_SYS_MSDOS +# define OPENSSL_SYS_MSDOS +# endif +# endif + +/* + * DLL settings. This part is a bit tough, because it's up to the + * application implementor how he or she will link the application, so it + * requires some macro to be used. + */ +# ifdef OPENSSL_SYS_WINDOWS +# ifndef OPENSSL_OPT_WINDLL +# if defined(_WINDLL) /* This is used when building OpenSSL to + * indicate that DLL linkage should be used */ +# define OPENSSL_OPT_WINDLL +# endif +# endif +# endif + +/* ------------------------------- OpenVMS -------------------------------- */ +# if defined(__VMS) || defined(VMS) || defined(OPENSSL_SYS_VMS) +# if !defined(OPENSSL_SYS_VMS) +# undef OPENSSL_SYS_UNIX +# endif +# define OPENSSL_SYS_VMS +# if defined(__DECC) +# define OPENSSL_SYS_VMS_DECC +# elif defined(__DECCXX) +# define OPENSSL_SYS_VMS_DECC +# define OPENSSL_SYS_VMS_DECCXX +# else +# define OPENSSL_SYS_VMS_NODECC +# endif +# endif + +/* -------------------------------- Unix ---------------------------------- */ +# ifdef OPENSSL_SYS_UNIX +# if defined(linux) || defined(__linux__) && !defined(OPENSSL_SYS_LINUX) +# define OPENSSL_SYS_LINUX +# endif +# if defined(_AIX) && !defined(OPENSSL_SYS_AIX) +# define OPENSSL_SYS_AIX +# endif +# endif + +/* -------------------------------- VOS ----------------------------------- */ +# if defined(__VOS__) && !defined(OPENSSL_SYS_VOS) +# define OPENSSL_SYS_VOS +# ifdef __HPPA__ +# define OPENSSL_SYS_VOS_HPPA +# endif +# ifdef __IA32__ +# define OPENSSL_SYS_VOS_IA32 +# endif +# endif + +/** + * That's it for OS-specific stuff + *****************************************************************************/ + +/*- + * OPENSSL_EXTERN is normally used to declare a symbol with possible extra + * attributes to handle its presence in a shared library. + * OPENSSL_EXPORT is used to define a symbol with extra possible attributes + * to make it visible in a shared library. + * Care needs to be taken when a header file is used both to declare and + * define symbols. Basically, for any library that exports some global + * variables, the following code must be present in the header file that + * declares them, before OPENSSL_EXTERN is used: + * + * #ifdef SOME_BUILD_FLAG_MACRO + * # undef OPENSSL_EXTERN + * # define OPENSSL_EXTERN OPENSSL_EXPORT + * #endif + * + * The default is to have OPENSSL_EXPORT and OPENSSL_EXTERN + * have some generally sensible values. + */ + +# if defined(OPENSSL_SYS_WINDOWS) && defined(OPENSSL_OPT_WINDLL) +# define OPENSSL_EXPORT extern __declspec(dllexport) +# define OPENSSL_EXTERN extern __declspec(dllimport) +# else +# define OPENSSL_EXPORT extern +# define OPENSSL_EXTERN extern +# endif + +# ifdef _WIN32 +# ifdef _WIN64 +# define ossl_ssize_t __int64 +# define OSSL_SSIZE_MAX _I64_MAX +# else +# define ossl_ssize_t int +# define OSSL_SSIZE_MAX INT_MAX +# endif +# endif + +# if defined(OPENSSL_SYS_UEFI) && !defined(ossl_ssize_t) +# define ossl_ssize_t INTN +# define OSSL_SSIZE_MAX MAX_INTN +# endif + +# ifndef ossl_ssize_t +# define ossl_ssize_t ssize_t +# if defined(SSIZE_MAX) +# define OSSL_SSIZE_MAX SSIZE_MAX +# elif defined(_POSIX_SSIZE_MAX) +# define OSSL_SSIZE_MAX _POSIX_SSIZE_MAX +# else +# define OSSL_SSIZE_MAX ((ssize_t)(SIZE_MAX>>1)) +# endif +# endif + +# ifdef DEBUG_UNUSED +# define __owur __attribute__((__warn_unused_result__)) +# else +# define __owur +# endif + +/* Standard integer types */ +# define OPENSSL_NO_INTTYPES_H +# define OPENSSL_NO_STDINT_H +# if defined(OPENSSL_SYS_UEFI) +typedef INT8 int8_t; +typedef UINT8 uint8_t; +typedef INT16 int16_t; +typedef UINT16 uint16_t; +typedef INT32 int32_t; +typedef UINT32 uint32_t; +typedef INT64 int64_t; +typedef UINT64 uint64_t; +# elif (defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) || \ + defined(__osf__) || defined(__sgi) || defined(__hpux) || \ + defined(OPENSSL_SYS_VMS) || defined (__OpenBSD__) +# include +# undef OPENSSL_NO_INTTYPES_H +/* Because the specs say that inttypes.h includes stdint.h if present */ +# undef OPENSSL_NO_STDINT_H +# elif defined(_MSC_VER) && _MSC_VER<=1500 +/* + * minimally required typdefs for systems not supporting inttypes.h or + * stdint.h: currently just older VC++ + */ +typedef signed char int8_t; +typedef unsigned char uint8_t; +typedef short int16_t; +typedef unsigned short uint16_t; +typedef int int32_t; +typedef unsigned int uint32_t; +typedef __int64 int64_t; +typedef unsigned __int64 uint64_t; +# else +# include +# undef OPENSSL_NO_STDINT_H +# endif + +/* ossl_inline: portable inline definition usable in public headers */ +# if !defined(inline) && !defined(__cplusplus) +# if defined(__STDC_VERSION__) && __STDC_VERSION__>=199901L + /* just use inline */ +# define ossl_inline inline +# elif defined(__GNUC__) && __GNUC__>=2 +# define ossl_inline __inline__ +# elif defined(_MSC_VER) + /* + * Visual Studio: inline is available in C++ only, however + * __inline is available for C, see + * http://msdn.microsoft.com/en-us/library/z8y1yy88.aspx + */ +# define ossl_inline __inline +# else +# define ossl_inline +# endif +# else +# define ossl_inline inline +# endif + +# if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L +# define ossl_noreturn _Noreturn +# elif defined(__GNUC__) && __GNUC__ >= 2 +# define ossl_noreturn __attribute__((noreturn)) +# else +# define ossl_noreturn +# endif + +/* ossl_unused: portable unused attribute for use in public headers */ +# if defined(__GNUC__) +# define ossl_unused __attribute__((unused)) +# else +# define ossl_unused +# endif + +#ifdef __cplusplus +} +#endif +#endif diff --git a/linux_amd64/include/openssl/ebcdic.h b/linux_amd64/include/openssl/ebcdic.h new file mode 100644 index 0000000..e0ae1aa --- /dev/null +++ b/linux_amd64/include/openssl/ebcdic.h @@ -0,0 +1,39 @@ +/* + * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_EBCDIC_H +# define OPENSSL_EBCDIC_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_EBCDIC_H +# endif + +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* Avoid name clashes with other applications */ +# define os_toascii _openssl_os_toascii +# define os_toebcdic _openssl_os_toebcdic +# define ebcdic2ascii _openssl_ebcdic2ascii +# define ascii2ebcdic _openssl_ascii2ebcdic + +extern const unsigned char os_toascii[256]; +extern const unsigned char os_toebcdic[256]; +void *ebcdic2ascii(void *dest, const void *srce, size_t count); +void *ascii2ebcdic(void *dest, const void *srce, size_t count); + +#ifdef __cplusplus +} +#endif +#endif diff --git a/linux_amd64/include/openssl/ec.h b/linux_amd64/include/openssl/ec.h new file mode 100644 index 0000000..c5d5fc0 --- /dev/null +++ b/linux_amd64/include/openssl/ec.h @@ -0,0 +1,1519 @@ +/* + * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_EC_H +# define OPENSSL_EC_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_EC_H +# endif + +# include + +# ifndef OPENSSL_NO_EC +# include +# include +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# include +# endif +# include +# ifdef __cplusplus +extern "C" { +# endif + +# ifndef OPENSSL_ECC_MAX_FIELD_BITS +# define OPENSSL_ECC_MAX_FIELD_BITS 661 +# endif + +/** Enum for the point conversion form as defined in X9.62 (ECDSA) + * for the encoding of a elliptic curve point (x,y) */ +typedef enum { + /** the point is encoded as z||x, where the octet z specifies + * which solution of the quadratic equation y is */ + POINT_CONVERSION_COMPRESSED = 2, + /** the point is encoded as z||x||y, where z is the octet 0x04 */ + POINT_CONVERSION_UNCOMPRESSED = 4, + /** the point is encoded as z||x||y, where the octet z specifies + * which solution of the quadratic equation y is */ + POINT_CONVERSION_HYBRID = 6 +} point_conversion_form_t; + +typedef struct ec_method_st EC_METHOD; +typedef struct ec_group_st EC_GROUP; +typedef struct ec_point_st EC_POINT; +typedef struct ecpk_parameters_st ECPKPARAMETERS; +typedef struct ec_parameters_st ECPARAMETERS; + +/********************************************************************/ +/* EC_METHODs for curves over GF(p) */ +/********************************************************************/ + +/** Returns the basic GFp ec methods which provides the basis for the + * optimized methods. + * \return EC_METHOD object + */ +const EC_METHOD *EC_GFp_simple_method(void); + +/** Returns GFp methods using montgomery multiplication. + * \return EC_METHOD object + */ +const EC_METHOD *EC_GFp_mont_method(void); + +/** Returns GFp methods using optimized methods for NIST recommended curves + * \return EC_METHOD object + */ +const EC_METHOD *EC_GFp_nist_method(void); + +# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 +/** Returns 64-bit optimized methods for nistp224 + * \return EC_METHOD object + */ +const EC_METHOD *EC_GFp_nistp224_method(void); + +/** Returns 64-bit optimized methods for nistp256 + * \return EC_METHOD object + */ +const EC_METHOD *EC_GFp_nistp256_method(void); + +/** Returns 64-bit optimized methods for nistp521 + * \return EC_METHOD object + */ +const EC_METHOD *EC_GFp_nistp521_method(void); +# endif + +# ifndef OPENSSL_NO_EC2M +/********************************************************************/ +/* EC_METHOD for curves over GF(2^m) */ +/********************************************************************/ + +/** Returns the basic GF2m ec method + * \return EC_METHOD object + */ +const EC_METHOD *EC_GF2m_simple_method(void); + +# endif + +/********************************************************************/ +/* EC_GROUP functions */ +/********************************************************************/ + +/** + * Creates a new EC_GROUP object + * \param libctx The associated library context or NULL for the default + * library context + * \param meth EC_METHOD to use + * \return newly created EC_GROUP object or NULL in case of an error. + */ +EC_GROUP *EC_GROUP_new_ex(OPENSSL_CTX *libctx, const EC_METHOD *meth); + +/** + * Creates a new EC_GROUP object. Same as EC_GROUP_new_ex with NULL for the + * library context. + * \param meth EC_METHOD to use + * \return newly created EC_GROUP object or NULL in case of an error. + */ +EC_GROUP *EC_GROUP_new(const EC_METHOD *meth); + +/** Frees a EC_GROUP object + * \param group EC_GROUP object to be freed. + */ +void EC_GROUP_free(EC_GROUP *group); + +/** Clears and frees a EC_GROUP object + * \param group EC_GROUP object to be cleared and freed. + */ +DEPRECATEDIN_3_0(void EC_GROUP_clear_free(EC_GROUP *group)) + +/** Copies EC_GROUP objects. Note: both EC_GROUPs must use the same EC_METHOD. + * \param dst destination EC_GROUP object + * \param src source EC_GROUP object + * \return 1 on success and 0 if an error occurred. + */ +int EC_GROUP_copy(EC_GROUP *dst, const EC_GROUP *src); + +/** Creates a new EC_GROUP object and copies the content + * form src to the newly created EC_KEY object + * \param src source EC_GROUP object + * \return newly created EC_GROUP object or NULL in case of an error. + */ +EC_GROUP *EC_GROUP_dup(const EC_GROUP *src); + +/** Returns the EC_METHOD of the EC_GROUP object. + * \param group EC_GROUP object + * \return EC_METHOD used in this EC_GROUP object. + */ +const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group); + +/** Returns the field type of the EC_METHOD. + * \param meth EC_METHOD object + * \return NID of the underlying field type OID. + */ +int EC_METHOD_get_field_type(const EC_METHOD *meth); + +/** Sets the generator and its order/cofactor of a EC_GROUP object. + * \param group EC_GROUP object + * \param generator EC_POINT object with the generator. + * \param order the order of the group generated by the generator. + * \param cofactor the index of the sub-group generated by the generator + * in the group of all points on the elliptic curve. + * \return 1 on success and 0 if an error occurred + */ +int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, + const BIGNUM *order, const BIGNUM *cofactor); + +/** Returns the generator of a EC_GROUP object. + * \param group EC_GROUP object + * \return the currently used generator (possibly NULL). + */ +const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group); + +/** Returns the montgomery data for order(Generator) + * \param group EC_GROUP object + * \return the currently used montgomery data (possibly NULL). +*/ +BN_MONT_CTX *EC_GROUP_get_mont_data(const EC_GROUP *group); + +/** Gets the order of a EC_GROUP + * \param group EC_GROUP object + * \param order BIGNUM to which the order is copied + * \param ctx unused + * \return 1 on success and 0 if an error occurred + */ +int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx); + +/** Gets the order of an EC_GROUP + * \param group EC_GROUP object + * \return the group order + */ +const BIGNUM *EC_GROUP_get0_order(const EC_GROUP *group); + +/** Gets the number of bits of the order of an EC_GROUP + * \param group EC_GROUP object + * \return number of bits of group order. + */ +int EC_GROUP_order_bits(const EC_GROUP *group); + +/** Gets the cofactor of a EC_GROUP + * \param group EC_GROUP object + * \param cofactor BIGNUM to which the cofactor is copied + * \param ctx unused + * \return 1 on success and 0 if an error occurred + */ +int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, + BN_CTX *ctx); + +/** Gets the cofactor of an EC_GROUP + * \param group EC_GROUP object + * \return the group cofactor + */ +const BIGNUM *EC_GROUP_get0_cofactor(const EC_GROUP *group); + +/** Sets the name of a EC_GROUP object + * \param group EC_GROUP object + * \param nid NID of the curve name OID + */ +void EC_GROUP_set_curve_name(EC_GROUP *group, int nid); + +/** Returns the curve name of a EC_GROUP object + * \param group EC_GROUP object + * \return NID of the curve name OID or 0 if not set. + */ +int EC_GROUP_get_curve_name(const EC_GROUP *group); + +/** Gets the field of an EC_GROUP + * \param group EC_GROUP object + * \return the group field + */ +const BIGNUM *EC_GROUP_get0_field(const EC_GROUP *group); + +void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag); +int EC_GROUP_get_asn1_flag(const EC_GROUP *group); + +void EC_GROUP_set_point_conversion_form(EC_GROUP *group, + point_conversion_form_t form); +point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *); + +unsigned char *EC_GROUP_get0_seed(const EC_GROUP *x); +size_t EC_GROUP_get_seed_len(const EC_GROUP *); +size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len); + +/** Sets the parameters of a ec curve defined by y^2 = x^3 + a*x + b (for GFp) + * or y^2 + x*y = x^3 + a*x^2 + b (for GF2m) + * \param group EC_GROUP object + * \param p BIGNUM with the prime number (GFp) or the polynomial + * defining the underlying field (GF2m) + * \param a BIGNUM with parameter a of the equation + * \param b BIGNUM with parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_GROUP_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, + const BIGNUM *b, BN_CTX *ctx); + +/** Gets the parameters of the ec curve defined by y^2 = x^3 + a*x + b (for GFp) + * or y^2 + x*y = x^3 + a*x^2 + b (for GF2m) + * \param group EC_GROUP object + * \param p BIGNUM with the prime number (GFp) or the polynomial + * defining the underlying field (GF2m) + * \param a BIGNUM for parameter a of the equation + * \param b BIGNUM for parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, + BN_CTX *ctx); + +/** Sets the parameters of an ec curve. Synonym for EC_GROUP_set_curve + * \param group EC_GROUP object + * \param p BIGNUM with the prime number (GFp) or the polynomial + * defining the underlying field (GF2m) + * \param a BIGNUM with parameter a of the equation + * \param b BIGNUM with parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_3_0(int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, + const BIGNUM *a, const BIGNUM *b, + BN_CTX *ctx)) + +/** Gets the parameters of an ec curve. Synonym for EC_GROUP_get_curve + * \param group EC_GROUP object + * \param p BIGNUM with the prime number (GFp) or the polynomial + * defining the underlying field (GF2m) + * \param a BIGNUM for parameter a of the equation + * \param b BIGNUM for parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_3_0(int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, + BIGNUM *a, BIGNUM *b, + BN_CTX *ctx)) + +# ifndef OPENSSL_NO_EC2M +/** Sets the parameter of an ec curve. Synonym for EC_GROUP_set_curve + * \param group EC_GROUP object + * \param p BIGNUM with the prime number (GFp) or the polynomial + * defining the underlying field (GF2m) + * \param a BIGNUM with parameter a of the equation + * \param b BIGNUM with parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_3_0(int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, + const BIGNUM *a, const BIGNUM *b, + BN_CTX *ctx)) + +/** Gets the parameters of an ec curve. Synonym for EC_GROUP_get_curve + * \param group EC_GROUP object + * \param p BIGNUM with the prime number (GFp) or the polynomial + * defining the underlying field (GF2m) + * \param a BIGNUM for parameter a of the equation + * \param b BIGNUM for parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_3_0(int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, + BIGNUM *a, BIGNUM *b, + BN_CTX *ctx)) +# endif +/** Returns the number of bits needed to represent a field element + * \param group EC_GROUP object + * \return number of bits needed to represent a field element + */ +int EC_GROUP_get_degree(const EC_GROUP *group); + +/** Checks whether the parameter in the EC_GROUP define a valid ec group + * \param group EC_GROUP object + * \param ctx BN_CTX object (optional) + * \return 1 if group is a valid ec group and 0 otherwise + */ +int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx); + +/** Checks whether the discriminant of the elliptic curve is zero or not + * \param group EC_GROUP object + * \param ctx BN_CTX object (optional) + * \return 1 if the discriminant is not zero and 0 otherwise + */ +int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx); + +/** Compares two EC_GROUP objects + * \param a first EC_GROUP object + * \param b second EC_GROUP object + * \param ctx BN_CTX object (optional) + * \return 0 if the groups are equal, 1 if not, or -1 on error + */ +int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx); + +/* + * EC_GROUP_new_GF*() calls EC_GROUP_new() and EC_GROUP_set_GF*() after + * choosing an appropriate EC_METHOD + */ + +/** Creates a new EC_GROUP object with the specified parameters defined + * over GFp (defined by the equation y^2 = x^3 + a*x + b) + * \param p BIGNUM with the prime number + * \param a BIGNUM with the parameter a of the equation + * \param b BIGNUM with the parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return newly created EC_GROUP object with the specified parameters + */ +EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, + const BIGNUM *b, BN_CTX *ctx); +# ifndef OPENSSL_NO_EC2M +/** Creates a new EC_GROUP object with the specified parameters defined + * over GF2m (defined by the equation y^2 + x*y = x^3 + a*x^2 + b) + * \param p BIGNUM with the polynomial defining the underlying field + * \param a BIGNUM with the parameter a of the equation + * \param b BIGNUM with the parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return newly created EC_GROUP object with the specified parameters + */ +EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, + const BIGNUM *b, BN_CTX *ctx); +# endif + +/** + * Creates a EC_GROUP object with a curve specified by a NID + * \param libctx The associated library context or NULL for the default + * context + * \param nid NID of the OID of the curve name + * \return newly created EC_GROUP object with specified curve or NULL + * if an error occurred + */ +EC_GROUP *EC_GROUP_new_by_curve_name_ex(OPENSSL_CTX *libctx, int nid); + +/** + * Creates a EC_GROUP object with a curve specified by a NID. Same as + * EC_GROUP_new_by_curve_name_ex but the libctx is always NULL. + * \param nid NID of the OID of the curve name + * \return newly created EC_GROUP object with specified curve or NULL + * if an error occurred + */ +EC_GROUP *EC_GROUP_new_by_curve_name(int nid); + +/** Creates a new EC_GROUP object from an ECPARAMETERS object + * \param params pointer to the ECPARAMETERS object + * \return newly created EC_GROUP object with specified curve or NULL + * if an error occurred + */ +EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params); + +/** Creates an ECPARAMETERS object for the given EC_GROUP object. + * \param group pointer to the EC_GROUP object + * \param params pointer to an existing ECPARAMETERS object or NULL + * \return pointer to the new ECPARAMETERS object or NULL + * if an error occurred. + */ +ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group, + ECPARAMETERS *params); + +/** Creates a new EC_GROUP object from an ECPKPARAMETERS object + * \param params pointer to an existing ECPKPARAMETERS object, or NULL + * \return newly created EC_GROUP object with specified curve, or NULL + * if an error occurred + */ +EC_GROUP *EC_GROUP_new_from_ecpkparameters(const ECPKPARAMETERS *params); + +/** Creates an ECPKPARAMETERS object for the given EC_GROUP object. + * \param group pointer to the EC_GROUP object + * \param params pointer to an existing ECPKPARAMETERS object or NULL + * \return pointer to the new ECPKPARAMETERS object or NULL + * if an error occurred. + */ +ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group, + ECPKPARAMETERS *params); + +/********************************************************************/ +/* handling of internal curves */ +/********************************************************************/ + +typedef struct { + int nid; + const char *comment; +} EC_builtin_curve; + +/* + * EC_builtin_curves(EC_builtin_curve *r, size_t size) returns number of all + * available curves or zero if a error occurred. In case r is not zero, + * nitems EC_builtin_curve structures are filled with the data of the first + * nitems internal groups + */ +size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems); + +const char *EC_curve_nid2nist(int nid); +int EC_curve_nist2nid(const char *name); +int EC_GROUP_check_named_curve(const EC_GROUP *group, int nist_only, + BN_CTX *ctx); + +/********************************************************************/ +/* EC_POINT functions */ +/********************************************************************/ + +/** Creates a new EC_POINT object for the specified EC_GROUP + * \param group EC_GROUP the underlying EC_GROUP object + * \return newly created EC_POINT object or NULL if an error occurred + */ +EC_POINT *EC_POINT_new(const EC_GROUP *group); + +/** Frees a EC_POINT object + * \param point EC_POINT object to be freed + */ +void EC_POINT_free(EC_POINT *point); + +/** Clears and frees a EC_POINT object + * \param point EC_POINT object to be cleared and freed + */ +void EC_POINT_clear_free(EC_POINT *point); + +/** Copies EC_POINT object + * \param dst destination EC_POINT object + * \param src source EC_POINT object + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_copy(EC_POINT *dst, const EC_POINT *src); + +/** Creates a new EC_POINT object and copies the content of the supplied + * EC_POINT + * \param src source EC_POINT object + * \param group underlying the EC_GROUP object + * \return newly created EC_POINT object or NULL if an error occurred + */ +EC_POINT *EC_POINT_dup(const EC_POINT *src, const EC_GROUP *group); + +/** Returns the EC_METHOD used in EC_POINT object + * \param point EC_POINT object + * \return the EC_METHOD used + */ +const EC_METHOD *EC_POINT_method_of(const EC_POINT *point); + +/** Sets a point to infinity (neutral element) + * \param group underlying EC_GROUP object + * \param point EC_POINT to set to infinity + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point); + +/** Sets the jacobian projective coordinates of a EC_POINT over GFp + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with the x-coordinate + * \param y BIGNUM with the y-coordinate + * \param z BIGNUM with the z-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, + EC_POINT *p, const BIGNUM *x, + const BIGNUM *y, const BIGNUM *z, + BN_CTX *ctx); + +/** Gets the jacobian projective coordinates of a EC_POINT over GFp + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM for the x-coordinate + * \param y BIGNUM for the y-coordinate + * \param z BIGNUM for the z-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, + const EC_POINT *p, BIGNUM *x, + BIGNUM *y, BIGNUM *z, + BN_CTX *ctx); + +/** Sets the affine coordinates of an EC_POINT + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with the x-coordinate + * \param y BIGNUM with the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_set_affine_coordinates(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, const BIGNUM *y, + BN_CTX *ctx); + +/** Gets the affine coordinates of an EC_POINT. + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM for the x-coordinate + * \param y BIGNUM for the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *p, + BIGNUM *x, BIGNUM *y, BN_CTX *ctx); + +/** Sets the affine coordinates of an EC_POINT. A synonym of + * EC_POINT_set_affine_coordinates + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with the x-coordinate + * \param y BIGNUM with the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_3_0(int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, + EC_POINT *p, + const BIGNUM *x, + const BIGNUM *y, + BN_CTX *ctx)) + +/** Gets the affine coordinates of an EC_POINT. A synonym of + * EC_POINT_get_affine_coordinates + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM for the x-coordinate + * \param y BIGNUM for the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_3_0(int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, + const EC_POINT *p, + BIGNUM *x, + BIGNUM *y, + BN_CTX *ctx)) + +/** Sets the x9.62 compressed coordinates of a EC_POINT + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with x-coordinate + * \param y_bit integer with the y-Bit (either 0 or 1) + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, int y_bit, + BN_CTX *ctx); + +/** Sets the x9.62 compressed coordinates of a EC_POINT. A synonym of + * EC_POINT_set_compressed_coordinates + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with x-coordinate + * \param y_bit integer with the y-Bit (either 0 or 1) + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_3_0(int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, + EC_POINT *p, + const BIGNUM *x, + int y_bit, + BN_CTX *ctx)) +# ifndef OPENSSL_NO_EC2M +/** Sets the affine coordinates of an EC_POINT. A synonym of + * EC_POINT_set_affine_coordinates + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with the x-coordinate + * \param y BIGNUM with the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_3_0(int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, + EC_POINT *p, + const BIGNUM *x, + const BIGNUM *y, + BN_CTX *ctx)) + +/** Gets the affine coordinates of an EC_POINT. A synonym of + * EC_POINT_get_affine_coordinates + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM for the x-coordinate + * \param y BIGNUM for the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_3_0(int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, + const EC_POINT *p, + BIGNUM *x, + BIGNUM *y, + BN_CTX *ctx)) + +/** Sets the x9.62 compressed coordinates of a EC_POINT. A synonym of + * EC_POINT_set_compressed_coordinates + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with x-coordinate + * \param y_bit integer with the y-Bit (either 0 or 1) + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_3_0(int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, + EC_POINT *p, + const BIGNUM *x, + int y_bit, + BN_CTX *ctx)) +# endif +/** Encodes a EC_POINT object to a octet string + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param form point conversion form + * \param buf memory buffer for the result. If NULL the function returns + * required buffer size. + * \param len length of the memory buffer + * \param ctx BN_CTX object (optional) + * \return the length of the encoded octet string or 0 if an error occurred + */ +size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *p, + point_conversion_form_t form, + unsigned char *buf, size_t len, BN_CTX *ctx); + +/** Decodes a EC_POINT from a octet string + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param buf memory buffer with the encoded ec point + * \param len length of the encoded ec point + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *p, + const unsigned char *buf, size_t len, BN_CTX *ctx); + +/** Encodes an EC_POINT object to an allocated octet string + * \param group underlying EC_GROUP object + * \param point EC_POINT object + * \param form point conversion form + * \param pbuf returns pointer to allocated buffer + * \param ctx BN_CTX object (optional) + * \return the length of the encoded octet string or 0 if an error occurred + */ +size_t EC_POINT_point2buf(const EC_GROUP *group, const EC_POINT *point, + point_conversion_form_t form, + unsigned char **pbuf, BN_CTX *ctx); + +/* other interfaces to point2oct/oct2point: */ +BIGNUM *EC_POINT_point2bn(const EC_GROUP *, const EC_POINT *, + point_conversion_form_t form, BIGNUM *, BN_CTX *); +EC_POINT *EC_POINT_bn2point(const EC_GROUP *, const BIGNUM *, + EC_POINT *, BN_CTX *); +char *EC_POINT_point2hex(const EC_GROUP *, const EC_POINT *, + point_conversion_form_t form, BN_CTX *); +EC_POINT *EC_POINT_hex2point(const EC_GROUP *, const char *, + EC_POINT *, BN_CTX *); + +/********************************************************************/ +/* functions for doing EC_POINT arithmetic */ +/********************************************************************/ + +/** Computes the sum of two EC_POINT + * \param group underlying EC_GROUP object + * \param r EC_POINT object for the result (r = a + b) + * \param a EC_POINT object with the first summand + * \param b EC_POINT object with the second summand + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, + const EC_POINT *b, BN_CTX *ctx); + +/** Computes the double of a EC_POINT + * \param group underlying EC_GROUP object + * \param r EC_POINT object for the result (r = 2 * a) + * \param a EC_POINT object + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, + BN_CTX *ctx); + +/** Computes the inverse of a EC_POINT + * \param group underlying EC_GROUP object + * \param a EC_POINT object to be inverted (it's used for the result as well) + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx); + +/** Checks whether the point is the neutral element of the group + * \param group the underlying EC_GROUP object + * \param p EC_POINT object + * \return 1 if the point is the neutral element and 0 otherwise + */ +int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *p); + +/** Checks whether the point is on the curve + * \param group underlying EC_GROUP object + * \param point EC_POINT object to check + * \param ctx BN_CTX object (optional) + * \return 1 if the point is on the curve, 0 if not, or -1 on error + */ +int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, + BN_CTX *ctx); + +/** Compares two EC_POINTs + * \param group underlying EC_GROUP object + * \param a first EC_POINT object + * \param b second EC_POINT object + * \param ctx BN_CTX object (optional) + * \return 1 if the points are not equal, 0 if they are, or -1 on error + */ +int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, + BN_CTX *ctx); + +int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx); +int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, + EC_POINT *points[], BN_CTX *ctx); + +/** Computes r = generator * n + sum_{i=0}^{num-1} p[i] * m[i] + * \param group underlying EC_GROUP object + * \param r EC_POINT object for the result + * \param n BIGNUM with the multiplier for the group generator (optional) + * \param num number further summands + * \param p array of size num of EC_POINT objects + * \param m array of size num of BIGNUM objects + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, + size_t num, const EC_POINT *p[], const BIGNUM *m[], + BN_CTX *ctx); + +/** Computes r = generator * n + q * m + * \param group underlying EC_GROUP object + * \param r EC_POINT object for the result + * \param n BIGNUM with the multiplier for the group generator (optional) + * \param q EC_POINT object with the first factor of the second summand + * \param m BIGNUM with the second factor of the second summand + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, + const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx); + +/** Stores multiples of generator for faster point multiplication + * \param group EC_GROUP object + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx); + +/** Reports whether a precomputation has been done + * \param group EC_GROUP object + * \return 1 if a pre-computation has been done and 0 otherwise + */ +int EC_GROUP_have_precompute_mult(const EC_GROUP *group); + +/********************************************************************/ +/* ASN1 stuff */ +/********************************************************************/ + +DECLARE_ASN1_ITEM(ECPKPARAMETERS) +DECLARE_ASN1_ALLOC_FUNCTIONS(ECPKPARAMETERS) +DECLARE_ASN1_ITEM(ECPARAMETERS) +DECLARE_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS) + +/* + * EC_GROUP_get_basis_type() returns the NID of the basis type used to + * represent the field elements + */ +int EC_GROUP_get_basis_type(const EC_GROUP *); +# ifndef OPENSSL_NO_EC2M +int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k); +int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1, + unsigned int *k2, unsigned int *k3); +# endif + +# define OPENSSL_EC_EXPLICIT_CURVE 0x000 +# define OPENSSL_EC_NAMED_CURVE 0x001 + +EC_GROUP *d2i_ECPKParameters(EC_GROUP **, const unsigned char **in, long len); +int i2d_ECPKParameters(const EC_GROUP *, unsigned char **out); + +# define d2i_ECPKParameters_bio(bp,x) \ + ASN1_d2i_bio_of(EC_GROUP, NULL, d2i_ECPKParameters, bp, x) +# define i2d_ECPKParameters_bio(bp,x) \ + ASN1_i2d_bio_of(EC_GROUP, i2d_ECPKParameters, bp, x) +# define d2i_ECPKParameters_fp(fp,x) \ + (EC_GROUP *)ASN1_d2i_fp(NULL, (char *(*)())d2i_ECPKParameters, (fp), \ + (unsigned char **)(x)) +# define i2d_ECPKParameters_fp(fp,x) \ + ASN1_i2d_fp(i2d_ECPKParameters,(fp), (unsigned char *)(x)) + +int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off); +# ifndef OPENSSL_NO_STDIO +int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off); +# endif + +/********************************************************************/ +/* EC_KEY functions */ +/********************************************************************/ + +/* some values for the encoding_flag */ +# define EC_PKEY_NO_PARAMETERS 0x001 +# define EC_PKEY_NO_PUBKEY 0x002 + +/* some values for the flags field */ +# define EC_FLAG_NON_FIPS_ALLOW 0x1 +# define EC_FLAG_FIPS_CHECKED 0x2 +# define EC_FLAG_COFACTOR_ECDH 0x1000 + +/** + * Creates a new EC_KEY object. + * \param ctx The library context for to use for this EC_KEY. May be NULL in + * which case the default library context is used. + * \return EC_KEY object or NULL if an error occurred. + */ +EC_KEY *EC_KEY_new_ex(OPENSSL_CTX *ctx); + +/** + * Creates a new EC_KEY object. Same as calling EC_KEY_new_ex with a NULL + * library context + * \return EC_KEY object or NULL if an error occurred. + */ +EC_KEY *EC_KEY_new(void); + +int EC_KEY_get_flags(const EC_KEY *key); + +void EC_KEY_set_flags(EC_KEY *key, int flags); + +void EC_KEY_clear_flags(EC_KEY *key, int flags); + +/** + * Creates a new EC_KEY object using a named curve as underlying + * EC_GROUP object. + * \param ctx The library context for to use for this EC_KEY. May be NULL in + * which case the default library context is used. + * \param nid NID of the named curve. + * \return EC_KEY object or NULL if an error occurred. + */ +EC_KEY *EC_KEY_new_by_curve_name_ex(OPENSSL_CTX *ctx, int nid); + +/** + * Creates a new EC_KEY object using a named curve as underlying + * EC_GROUP object. Same as calling EC_KEY_new_by_curve_name_ex with a NULL + * library context. + * \param nid NID of the named curve. + * \return EC_KEY object or NULL if an error occurred. + */ +EC_KEY *EC_KEY_new_by_curve_name(int nid); + + +/** Frees a EC_KEY object. + * \param key EC_KEY object to be freed. + */ +void EC_KEY_free(EC_KEY *key); + +/** Copies a EC_KEY object. + * \param dst destination EC_KEY object + * \param src src EC_KEY object + * \return dst or NULL if an error occurred. + */ +EC_KEY *EC_KEY_copy(EC_KEY *dst, const EC_KEY *src); + +/** Creates a new EC_KEY object and copies the content from src to it. + * \param src the source EC_KEY object + * \return newly created EC_KEY object or NULL if an error occurred. + */ +EC_KEY *EC_KEY_dup(const EC_KEY *src); + +/** Increases the internal reference count of a EC_KEY object. + * \param key EC_KEY object + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_up_ref(EC_KEY *key); + +/** Returns the ENGINE object of a EC_KEY object + * \param eckey EC_KEY object + * \return the ENGINE object (possibly NULL). + */ +ENGINE *EC_KEY_get0_engine(const EC_KEY *eckey); + +/** Returns the EC_GROUP object of a EC_KEY object + * \param key EC_KEY object + * \return the EC_GROUP object (possibly NULL). + */ +const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key); + +/** Sets the EC_GROUP of a EC_KEY object. + * \param key EC_KEY object + * \param group EC_GROUP to use in the EC_KEY object (note: the EC_KEY + * object will use an own copy of the EC_GROUP). + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group); + +/** Returns the private key of a EC_KEY object. + * \param key EC_KEY object + * \return a BIGNUM with the private key (possibly NULL). + */ +const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key); + +/** Sets the private key of a EC_KEY object. + * \param key EC_KEY object + * \param prv BIGNUM with the private key (note: the EC_KEY object + * will use an own copy of the BIGNUM). + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *prv); + +/** Returns the public key of a EC_KEY object. + * \param key the EC_KEY object + * \return a EC_POINT object with the public key (possibly NULL) + */ +const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key); + +/** Sets the public key of a EC_KEY object. + * \param key EC_KEY object + * \param pub EC_POINT object with the public key (note: the EC_KEY object + * will use an own copy of the EC_POINT object). + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub); + +unsigned EC_KEY_get_enc_flags(const EC_KEY *key); +void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags); +point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key); +void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform); + +# define EC_KEY_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_EC_KEY, l, p, newf, dupf, freef) +int EC_KEY_set_ex_data(EC_KEY *key, int idx, void *arg); +void *EC_KEY_get_ex_data(const EC_KEY *key, int idx); + +/* wrapper functions for the underlying EC_GROUP object */ +void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag); + +/** Creates a table of pre-computed multiples of the generator to + * accelerate further EC_KEY operations. + * \param key EC_KEY object + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx); + +/** Creates a new ec private (and optional a new public) key. + * \param key EC_KEY object + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_generate_key(EC_KEY *key); + +/** Verifies that a private and/or public key is valid. + * \param key the EC_KEY object + * \return 1 on success and 0 otherwise. + */ +int EC_KEY_check_key(const EC_KEY *key); + +/** Indicates if an EC_KEY can be used for signing. + * \param eckey the EC_KEY object + * \return 1 if can can sign and 0 otherwise. + */ +int EC_KEY_can_sign(const EC_KEY *eckey); + +/** Sets a public key from affine coordinates performing + * necessary NIST PKV tests. + * \param key the EC_KEY object + * \param x public key x coordinate + * \param y public key y coordinate + * \return 1 on success and 0 otherwise. + */ +int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, + BIGNUM *y); + +/** Encodes an EC_KEY public key to an allocated octet string + * \param key key to encode + * \param form point conversion form + * \param pbuf returns pointer to allocated buffer + * \param ctx BN_CTX object (optional) + * \return the length of the encoded octet string or 0 if an error occurred + */ +size_t EC_KEY_key2buf(const EC_KEY *key, point_conversion_form_t form, + unsigned char **pbuf, BN_CTX *ctx); + +/** Decodes a EC_KEY public key from a octet string + * \param key key to decode + * \param buf memory buffer with the encoded ec point + * \param len length of the encoded ec point + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ + +int EC_KEY_oct2key(EC_KEY *key, const unsigned char *buf, size_t len, + BN_CTX *ctx); + +/** Decodes an EC_KEY private key from an octet string + * \param key key to decode + * \param buf memory buffer with the encoded private key + * \param len length of the encoded key + * \return 1 on success and 0 if an error occurred + */ + +int EC_KEY_oct2priv(EC_KEY *key, const unsigned char *buf, size_t len); + +/** Encodes a EC_KEY private key to an octet string + * \param key key to encode + * \param buf memory buffer for the result. If NULL the function returns + * required buffer size. + * \param len length of the memory buffer + * \return the length of the encoded octet string or 0 if an error occurred + */ + +size_t EC_KEY_priv2oct(const EC_KEY *key, unsigned char *buf, size_t len); + +/** Encodes an EC_KEY private key to an allocated octet string + * \param eckey key to encode + * \param pbuf returns pointer to allocated buffer + * \return the length of the encoded octet string or 0 if an error occurred + */ +size_t EC_KEY_priv2buf(const EC_KEY *eckey, unsigned char **pbuf); + +/********************************************************************/ +/* de- and encoding functions for SEC1 ECPrivateKey */ +/********************************************************************/ + +/** Decodes a private key from a memory buffer. + * \param key a pointer to a EC_KEY object which should be used (or NULL) + * \param in pointer to memory with the DER encoded private key + * \param len length of the DER encoded private key + * \return the decoded private key or NULL if an error occurred. + */ +EC_KEY *d2i_ECPrivateKey(EC_KEY **key, const unsigned char **in, long len); + +/** Encodes a private key object and stores the result in a buffer. + * \param key the EC_KEY object to encode + * \param out the buffer for the result (if NULL the function returns number + * of bytes needed). + * \return 1 on success and 0 if an error occurred. + */ +int i2d_ECPrivateKey(const EC_KEY *key, unsigned char **out); + +/********************************************************************/ +/* de- and encoding functions for EC parameters */ +/********************************************************************/ + +/** Decodes ec parameter from a memory buffer. + * \param key a pointer to a EC_KEY object which should be used (or NULL) + * \param in pointer to memory with the DER encoded ec parameters + * \param len length of the DER encoded ec parameters + * \return a EC_KEY object with the decoded parameters or NULL if an error + * occurred. + */ +EC_KEY *d2i_ECParameters(EC_KEY **key, const unsigned char **in, long len); + +/** Encodes ec parameter and stores the result in a buffer. + * \param key the EC_KEY object with ec parameters to encode + * \param out the buffer for the result (if NULL the function returns number + * of bytes needed). + * \return 1 on success and 0 if an error occurred. + */ +int i2d_ECParameters(const EC_KEY *key, unsigned char **out); + +/********************************************************************/ +/* de- and encoding functions for EC public key */ +/* (octet string, not DER -- hence 'o2i' and 'i2o') */ +/********************************************************************/ + +/** Decodes a ec public key from a octet string. + * \param key a pointer to a EC_KEY object which should be used + * \param in memory buffer with the encoded public key + * \param len length of the encoded public key + * \return EC_KEY object with decoded public key or NULL if an error + * occurred. + */ +EC_KEY *o2i_ECPublicKey(EC_KEY **key, const unsigned char **in, long len); + +/** Encodes a ec public key in an octet string. + * \param key the EC_KEY object with the public key + * \param out the buffer for the result (if NULL the function returns number + * of bytes needed). + * \return 1 on success and 0 if an error occurred + */ +int i2o_ECPublicKey(const EC_KEY *key, unsigned char **out); + +/** Prints out the ec parameters on human readable form. + * \param bp BIO object to which the information is printed + * \param key EC_KEY object + * \return 1 on success and 0 if an error occurred + */ +int ECParameters_print(BIO *bp, const EC_KEY *key); + +/** Prints out the contents of a EC_KEY object + * \param bp BIO object to which the information is printed + * \param key EC_KEY object + * \param off line offset + * \return 1 on success and 0 if an error occurred + */ +int EC_KEY_print(BIO *bp, const EC_KEY *key, int off); + +# ifndef OPENSSL_NO_STDIO +/** Prints out the ec parameters on human readable form. + * \param fp file descriptor to which the information is printed + * \param key EC_KEY object + * \return 1 on success and 0 if an error occurred + */ +int ECParameters_print_fp(FILE *fp, const EC_KEY *key); + +/** Prints out the contents of a EC_KEY object + * \param fp file descriptor to which the information is printed + * \param key EC_KEY object + * \param off line offset + * \return 1 on success and 0 if an error occurred + */ +int EC_KEY_print_fp(FILE *fp, const EC_KEY *key, int off); + +# endif + +const EC_KEY_METHOD *EC_KEY_OpenSSL(void); +const EC_KEY_METHOD *EC_KEY_get_default_method(void); +void EC_KEY_set_default_method(const EC_KEY_METHOD *meth); +const EC_KEY_METHOD *EC_KEY_get_method(const EC_KEY *key); +int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth); +EC_KEY *EC_KEY_new_method(ENGINE *engine); + +/** The old name for ecdh_KDF_X9_63 + * The ECDH KDF specification has been mistakingly attributed to ANSI X9.62, + * it is actually specified in ANSI X9.63. + * This identifier is retained for backwards compatibility + */ +DEPRECATEDIN_3_0(int ECDH_KDF_X9_62(unsigned char *out, size_t outlen, + const unsigned char *Z, size_t Zlen, + const unsigned char *sinfo, size_t sinfolen, + const EVP_MD *md)) + +DEPRECATEDIN_3_0(int ECDH_compute_key(void *out, size_t outlen, + const EC_POINT *pub_key, + const EC_KEY *ecdh, + void *(*KDF)(const void *in, size_t inlen, + void *out, size_t *outlen))) + +typedef struct ECDSA_SIG_st ECDSA_SIG; + +/** Allocates and initialize a ECDSA_SIG structure + * \return pointer to a ECDSA_SIG structure or NULL if an error occurred + */ +ECDSA_SIG *ECDSA_SIG_new(void); + +/** frees a ECDSA_SIG structure + * \param sig pointer to the ECDSA_SIG structure + */ +void ECDSA_SIG_free(ECDSA_SIG *sig); + +/** i2d_ECDSA_SIG encodes content of ECDSA_SIG (note: this function modifies *pp + * (*pp += length of the DER encoded signature)). + * \param sig pointer to the ECDSA_SIG object + * \param pp pointer to a unsigned char pointer for the output or NULL + * \return the length of the DER encoded ECDSA_SIG object or a negative value + * on error + */ +DECLARE_ASN1_ENCODE_FUNCTIONS_only(ECDSA_SIG, ECDSA_SIG) + +/** d2i_ECDSA_SIG decodes an ECDSA signature (note: this function modifies *pp + * (*pp += len)). + * \param sig pointer to ECDSA_SIG pointer (may be NULL) + * \param pp memory buffer with the DER encoded signature + * \param len length of the buffer + * \return pointer to the decoded ECDSA_SIG structure (or NULL) + */ + +/** Accessor for r and s fields of ECDSA_SIG + * \param sig pointer to ECDSA_SIG structure + * \param pr pointer to BIGNUM pointer for r (may be NULL) + * \param ps pointer to BIGNUM pointer for s (may be NULL) + */ +void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); + +/** Accessor for r field of ECDSA_SIG + * \param sig pointer to ECDSA_SIG structure + */ +const BIGNUM *ECDSA_SIG_get0_r(const ECDSA_SIG *sig); + +/** Accessor for s field of ECDSA_SIG + * \param sig pointer to ECDSA_SIG structure + */ +const BIGNUM *ECDSA_SIG_get0_s(const ECDSA_SIG *sig); + +/** Setter for r and s fields of ECDSA_SIG + * \param sig pointer to ECDSA_SIG structure + * \param r pointer to BIGNUM for r (may be NULL) + * \param s pointer to BIGNUM for s (may be NULL) + */ +int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s); + +/** Computes the ECDSA signature of the given hash value using + * the supplied private key and returns the created signature. + * \param dgst pointer to the hash value + * \param dgst_len length of the hash value + * \param eckey EC_KEY object containing a private EC key + * \return pointer to a ECDSA_SIG structure or NULL if an error occurred + */ +DEPRECATEDIN_3_0(ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, + int dgst_len, EC_KEY *eckey)) + +/** Computes ECDSA signature of a given hash value using the supplied + * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). + * \param dgst pointer to the hash value to sign + * \param dgstlen length of the hash value + * \param kinv BIGNUM with a pre-computed inverse k (optional) + * \param rp BIGNUM with a pre-computed rp value (optional), + * see ECDSA_sign_setup + * \param eckey EC_KEY object containing a private EC key + * \return pointer to a ECDSA_SIG structure or NULL if an error occurred + */ +DEPRECATEDIN_3_0(ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, + int dgstlen, const BIGNUM *kinv, + const BIGNUM *rp, EC_KEY *eckey)) + +/** Verifies that the supplied signature is a valid ECDSA + * signature of the supplied hash value using the supplied public key. + * \param dgst pointer to the hash value + * \param dgst_len length of the hash value + * \param sig ECDSA_SIG structure + * \param eckey EC_KEY object containing a public EC key + * \return 1 if the signature is valid, 0 if the signature is invalid + * and -1 on error + */ +DEPRECATEDIN_3_0(int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, + const ECDSA_SIG *sig, EC_KEY *eckey)) + +/** Precompute parts of the signing operation + * \param eckey EC_KEY object containing a private EC key + * \param ctx BN_CTX object (optional) + * \param kinv BIGNUM pointer for the inverse of k + * \param rp BIGNUM pointer for x coordinate of k * generator + * \return 1 on success and 0 otherwise + */ +DEPRECATEDIN_3_0(int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, + BIGNUM **kinv, BIGNUM **rp)) + +/** Computes ECDSA signature of a given hash value using the supplied + * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). + * \param type this parameter is ignored + * \param dgst pointer to the hash value to sign + * \param dgstlen length of the hash value + * \param sig memory for the DER encoded created signature + * \param siglen pointer to the length of the returned signature + * \param eckey EC_KEY object containing a private EC key + * \return 1 on success and 0 otherwise + */ +DEPRECATEDIN_3_0(int ECDSA_sign(int type, const unsigned char *dgst, + int dgstlen, unsigned char *sig, + unsigned int *siglen, EC_KEY *eckey)) + +/** Computes ECDSA signature of a given hash value using the supplied + * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). + * \param type this parameter is ignored + * \param dgst pointer to the hash value to sign + * \param dgstlen length of the hash value + * \param sig buffer to hold the DER encoded signature + * \param siglen pointer to the length of the returned signature + * \param kinv BIGNUM with a pre-computed inverse k (optional) + * \param rp BIGNUM with a pre-computed rp value (optional), + * see ECDSA_sign_setup + * \param eckey EC_KEY object containing a private EC key + * \return 1 on success and 0 otherwise + */ +DEPRECATEDIN_3_0(int ECDSA_sign_ex(int type, const unsigned char *dgst, + int dgstlen, unsigned char *sig, + unsigned int *siglen, const BIGNUM *kinv, + const BIGNUM *rp, EC_KEY *eckey)) + +/** Verifies that the given signature is valid ECDSA signature + * of the supplied hash value using the specified public key. + * \param type this parameter is ignored + * \param dgst pointer to the hash value + * \param dgstlen length of the hash value + * \param sig pointer to the DER encoded signature + * \param siglen length of the DER encoded signature + * \param eckey EC_KEY object containing a public EC key + * \return 1 if the signature is valid, 0 if the signature is invalid + * and -1 on error + */ +DEPRECATEDIN_3_0(int ECDSA_verify(int type, const unsigned char *dgst, + int dgstlen, const unsigned char *sig, + int siglen, EC_KEY *eckey)) + +/** Returns the maximum length of the DER encoded signature + * \param eckey EC_KEY object + * \return numbers of bytes required for the DER encoded signature + */ +DEPRECATEDIN_3_0(int ECDSA_size(const EC_KEY *eckey)) + +/********************************************************************/ +/* EC_KEY_METHOD constructors, destructors, writers and accessors */ +/********************************************************************/ + +DEPRECATEDIN_3_0(EC_KEY_METHOD *EC_KEY_METHOD_new(const EC_KEY_METHOD *meth)) +DEPRECATEDIN_3_0(void EC_KEY_METHOD_free(EC_KEY_METHOD *meth)) +DEPRECATEDIN_3_0(void EC_KEY_METHOD_set_init + (EC_KEY_METHOD *meth, + int (*init)(EC_KEY *key), + void (*finish)(EC_KEY *key), + int (*copy)(EC_KEY *dest, const EC_KEY *src), + int (*set_group)(EC_KEY *key, const EC_GROUP *grp), + int (*set_private)(EC_KEY *key, + const BIGNUM *priv_key), + int (*set_public)(EC_KEY *key, + const EC_POINT *pub_key))) + +DEPRECATEDIN_3_0(void EC_KEY_METHOD_set_keygen(EC_KEY_METHOD *meth, + int (*keygen)(EC_KEY *key))) + +DEPRECATEDIN_3_0(void EC_KEY_METHOD_set_compute_key + (EC_KEY_METHOD *meth, + int (*ckey)(unsigned char **psec, + size_t *pseclen, + const EC_POINT *pub_key, + const EC_KEY *ecdh))) + +DEPRECATEDIN_3_0(void EC_KEY_METHOD_set_sign + (EC_KEY_METHOD *meth, + int (*sign)(int type, const unsigned char *dgst, + int dlen, unsigned char *sig, + unsigned int *siglen, + const BIGNUM *kinv, const BIGNUM *r, + EC_KEY *eckey), + int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in, + BIGNUM **kinvp, BIGNUM **rp), + ECDSA_SIG *(*sign_sig)(const unsigned char *dgst, + int dgst_len, + const BIGNUM *in_kinv, + const BIGNUM *in_r, + EC_KEY *eckey))) + +DEPRECATEDIN_3_0(void EC_KEY_METHOD_set_verify + (EC_KEY_METHOD *meth, + int (*verify)(int type, const unsigned + char *dgst, int dgst_len, + const unsigned char *sigbuf, + int sig_len, EC_KEY *eckey), + int (*verify_sig)(const unsigned char *dgst, + int dgst_len, + const ECDSA_SIG *sig, + EC_KEY *eckey))) + +DEPRECATEDIN_3_0(void EC_KEY_METHOD_get_init + (const EC_KEY_METHOD *meth, + int (**pinit)(EC_KEY *key), + void (**pfinish)(EC_KEY *key), + int (**pcopy)(EC_KEY *dest, const EC_KEY *src), + int (**pset_group)(EC_KEY *key, + const EC_GROUP *grp), + int (**pset_private)(EC_KEY *key, + const BIGNUM *priv_key), + int (**pset_public)(EC_KEY *key, + const EC_POINT *pub_key))) + +DEPRECATEDIN_3_0(void EC_KEY_METHOD_get_keygen(const EC_KEY_METHOD *meth, + int (**pkeygen)(EC_KEY *key))) + +DEPRECATEDIN_3_0(void EC_KEY_METHOD_get_compute_key + (const EC_KEY_METHOD *meth, + int (**pck)(unsigned char **psec, + size_t *pseclen, + const EC_POINT *pub_key, + const EC_KEY *ecdh))) + +DEPRECATEDIN_3_0(void EC_KEY_METHOD_get_sign + (const EC_KEY_METHOD *meth, + int (**psign)(int type, const unsigned char *dgst, + int dlen, unsigned char *sig, + unsigned int *siglen, + const BIGNUM *kinv, const BIGNUM *r, + EC_KEY *eckey), + int (**psign_setup)(EC_KEY *eckey, BN_CTX *ctx_in, + BIGNUM **kinvp, BIGNUM **rp), + ECDSA_SIG *(**psign_sig)(const unsigned char *dgst, + int dgst_len, + const BIGNUM *in_kinv, + const BIGNUM *in_r, + EC_KEY *eckey))) + +DEPRECATEDIN_3_0(void EC_KEY_METHOD_get_verify + (const EC_KEY_METHOD *meth, + int (**pverify)(int type, const unsigned + char *dgst, int dgst_len, + const unsigned char *sigbuf, + int sig_len, EC_KEY *eckey), + int (**pverify_sig)(const unsigned char *dgst, + int dgst_len, + const ECDSA_SIG *sig, + EC_KEY *eckey))) + +# define ECParameters_dup(x) ASN1_dup_of(EC_KEY, i2d_ECParameters, \ + d2i_ECParameters, x) + +# ifndef __cplusplus +# if defined(__SUNPRO_C) +# if __SUNPRO_C >= 0x520 +# pragma error_messages (default,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE) +# endif +# endif +# endif + +# define EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_PARAMGEN|EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, nid, NULL) + +# define EVP_PKEY_CTX_set_ec_param_enc(ctx, flag) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_PARAMGEN|EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_EC_PARAM_ENC, flag, NULL) + +int EVP_PKEY_CTX_set_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx, int cofactor_mode); +int EVP_PKEY_CTX_get_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx); + +int EVP_PKEY_CTX_set_ecdh_kdf_type(EVP_PKEY_CTX *ctx, int kdf); +int EVP_PKEY_CTX_get_ecdh_kdf_type(EVP_PKEY_CTX *ctx); + +int EVP_PKEY_CTX_set_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); +int EVP_PKEY_CTX_get_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD **md); + +int EVP_PKEY_CTX_set_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int len); +int EVP_PKEY_CTX_get_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int *len); + +int EVP_PKEY_CTX_set0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char *ukm, + int len); +int EVP_PKEY_CTX_get0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm); + +/* SM2 will skip the operation check so no need to pass operation here */ +# define EVP_PKEY_CTX_set1_id(ctx, id, id_len) \ + EVP_PKEY_CTX_ctrl(ctx, -1, -1, \ + EVP_PKEY_CTRL_SET1_ID, (int)id_len, (void*)(id)) +# define EVP_PKEY_CTX_get1_id(ctx, id) \ + EVP_PKEY_CTX_ctrl(ctx, -1, -1, \ + EVP_PKEY_CTRL_GET1_ID, 0, (void*)(id)) + +# define EVP_PKEY_CTX_get1_id_len(ctx, id_len) \ + EVP_PKEY_CTX_ctrl(ctx, -1, -1, \ + EVP_PKEY_CTRL_GET1_ID_LEN, 0, (void*)(id_len)) + +# define EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID (EVP_PKEY_ALG_CTRL + 1) +# define EVP_PKEY_CTRL_EC_PARAM_ENC (EVP_PKEY_ALG_CTRL + 2) +# define EVP_PKEY_CTRL_EC_ECDH_COFACTOR (EVP_PKEY_ALG_CTRL + 3) +# define EVP_PKEY_CTRL_EC_KDF_TYPE (EVP_PKEY_ALG_CTRL + 4) +# define EVP_PKEY_CTRL_EC_KDF_MD (EVP_PKEY_ALG_CTRL + 5) +# define EVP_PKEY_CTRL_GET_EC_KDF_MD (EVP_PKEY_ALG_CTRL + 6) +# define EVP_PKEY_CTRL_EC_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 7) +# define EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 8) +# define EVP_PKEY_CTRL_EC_KDF_UKM (EVP_PKEY_ALG_CTRL + 9) +# define EVP_PKEY_CTRL_GET_EC_KDF_UKM (EVP_PKEY_ALG_CTRL + 10) +# define EVP_PKEY_CTRL_SET1_ID (EVP_PKEY_ALG_CTRL + 11) +# define EVP_PKEY_CTRL_GET1_ID (EVP_PKEY_ALG_CTRL + 12) +# define EVP_PKEY_CTRL_GET1_ID_LEN (EVP_PKEY_ALG_CTRL + 13) + +/* KDF types */ +# define EVP_PKEY_ECDH_KDF_NONE 1 +# define EVP_PKEY_ECDH_KDF_X9_63 2 +/** The old name for EVP_PKEY_ECDH_KDF_X9_63 + * The ECDH KDF specification has been mistakingly attributed to ANSI X9.62, + * it is actually specified in ANSI X9.63. + * This identifier is retained for backwards compatibility + */ +# define EVP_PKEY_ECDH_KDF_X9_62 EVP_PKEY_ECDH_KDF_X9_63 + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/linux_amd64/include/openssl/ecdh.h b/linux_amd64/include/openssl/ecdh.h new file mode 100644 index 0000000..56bd4cc --- /dev/null +++ b/linux_amd64/include/openssl/ecdh.h @@ -0,0 +1,10 @@ +/* + * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include diff --git a/linux_amd64/include/openssl/ecdsa.h b/linux_amd64/include/openssl/ecdsa.h new file mode 100644 index 0000000..56bd4cc --- /dev/null +++ b/linux_amd64/include/openssl/ecdsa.h @@ -0,0 +1,10 @@ +/* + * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include diff --git a/linux_amd64/include/openssl/ecerr.h b/linux_amd64/include/openssl/ecerr.h new file mode 100644 index 0000000..88399db --- /dev/null +++ b/linux_amd64/include/openssl/ecerr.h @@ -0,0 +1,300 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_ECERR_H +# define OPENSSL_ECERR_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_ECERR_H +# endif + +# include +# include + + +# include + +# ifndef OPENSSL_NO_EC + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_EC_strings(void); + +/* + * EC function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define EC_F_BN_TO_FELEM 0 +# define EC_F_D2I_ECPARAMETERS 0 +# define EC_F_D2I_ECPKPARAMETERS 0 +# define EC_F_D2I_ECPRIVATEKEY 0 +# define EC_F_DO_EC_KEY_PRINT 0 +# define EC_F_ECDH_CMS_DECRYPT 0 +# define EC_F_ECDH_CMS_SET_SHARED_INFO 0 +# define EC_F_ECDH_COMPUTE_KEY 0 +# define EC_F_ECDH_SIMPLE_COMPUTE_KEY 0 +# define EC_F_ECDSA_DO_SIGN_EX 0 +# define EC_F_ECDSA_DO_VERIFY 0 +# define EC_F_ECDSA_S390X_NISTP_SIGN_SIG 0 +# define EC_F_ECDSA_S390X_NISTP_VERIFY_SIG 0 +# define EC_F_ECDSA_SIGN_EX 0 +# define EC_F_ECDSA_SIGN_SETUP 0 +# define EC_F_ECDSA_SIG_NEW 0 +# define EC_F_ECDSA_SIMPLE_SIGN_SETUP 0 +# define EC_F_ECDSA_SIMPLE_SIGN_SIG 0 +# define EC_F_ECDSA_SIMPLE_VERIFY_SIG 0 +# define EC_F_ECDSA_VERIFY 0 +# define EC_F_ECD_ITEM_VERIFY 0 +# define EC_F_ECKEY_PARAM2TYPE 0 +# define EC_F_ECKEY_PARAM_DECODE 0 +# define EC_F_ECKEY_PRIV_DECODE 0 +# define EC_F_ECKEY_PRIV_ENCODE 0 +# define EC_F_ECKEY_PUB_DECODE 0 +# define EC_F_ECKEY_PUB_ENCODE 0 +# define EC_F_ECKEY_TYPE2PARAM 0 +# define EC_F_ECPARAMETERS_PRINT 0 +# define EC_F_ECPARAMETERS_PRINT_FP 0 +# define EC_F_ECPKPARAMETERS_PRINT 0 +# define EC_F_ECPKPARAMETERS_PRINT_FP 0 +# define EC_F_ECP_NISTZ256_GET_AFFINE 0 +# define EC_F_ECP_NISTZ256_INV_MOD_ORD 0 +# define EC_F_ECP_NISTZ256_MULT_PRECOMPUTE 0 +# define EC_F_ECP_NISTZ256_POINTS_MUL 0 +# define EC_F_ECP_NISTZ256_PRE_COMP_NEW 0 +# define EC_F_ECP_NISTZ256_WINDOWED_MUL 0 +# define EC_F_ECX_KEY_OP 0 +# define EC_F_ECX_PRIV_ENCODE 0 +# define EC_F_ECX_PUB_ENCODE 0 +# define EC_F_EC_ASN1_GROUP2CURVE 0 +# define EC_F_EC_ASN1_GROUP2FIELDID 0 +# define EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY 0 +# define EC_F_EC_GF2M_SIMPLE_FIELD_INV 0 +# define EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT 0 +# define EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE 0 +# define EC_F_EC_GF2M_SIMPLE_LADDER_POST 0 +# define EC_F_EC_GF2M_SIMPLE_LADDER_PRE 0 +# define EC_F_EC_GF2M_SIMPLE_OCT2POINT 0 +# define EC_F_EC_GF2M_SIMPLE_POINT2OCT 0 +# define EC_F_EC_GF2M_SIMPLE_POINTS_MUL 0 +# define EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES 0 +# define EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES 0 +# define EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES 0 +# define EC_F_EC_GFP_MONT_FIELD_DECODE 0 +# define EC_F_EC_GFP_MONT_FIELD_ENCODE 0 +# define EC_F_EC_GFP_MONT_FIELD_INV 0 +# define EC_F_EC_GFP_MONT_FIELD_MUL 0 +# define EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE 0 +# define EC_F_EC_GFP_MONT_FIELD_SQR 0 +# define EC_F_EC_GFP_MONT_GROUP_SET_CURVE 0 +# define EC_F_EC_GFP_NISTP224_GROUP_SET_CURVE 0 +# define EC_F_EC_GFP_NISTP224_POINTS_MUL 0 +# define EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES 0 +# define EC_F_EC_GFP_NISTP256_GROUP_SET_CURVE 0 +# define EC_F_EC_GFP_NISTP256_POINTS_MUL 0 +# define EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES 0 +# define EC_F_EC_GFP_NISTP521_GROUP_SET_CURVE 0 +# define EC_F_EC_GFP_NISTP521_POINTS_MUL 0 +# define EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES 0 +# define EC_F_EC_GFP_NIST_FIELD_MUL 0 +# define EC_F_EC_GFP_NIST_FIELD_SQR 0 +# define EC_F_EC_GFP_NIST_GROUP_SET_CURVE 0 +# define EC_F_EC_GFP_SIMPLE_BLIND_COORDINATES 0 +# define EC_F_EC_GFP_SIMPLE_FIELD_INV 0 +# define EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT 0 +# define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE 0 +# define EC_F_EC_GFP_SIMPLE_MAKE_AFFINE 0 +# define EC_F_EC_GFP_SIMPLE_OCT2POINT 0 +# define EC_F_EC_GFP_SIMPLE_POINT2OCT 0 +# define EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE 0 +# define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES 0 +# define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES 0 +# define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES 0 +# define EC_F_EC_GROUP_CHECK 0 +# define EC_F_EC_GROUP_CHECK_DISCRIMINANT 0 +# define EC_F_EC_GROUP_CHECK_NAMED_CURVE 0 +# define EC_F_EC_GROUP_COPY 0 +# define EC_F_EC_GROUP_GET_CURVE 0 +# define EC_F_EC_GROUP_GET_CURVE_GF2M 0 +# define EC_F_EC_GROUP_GET_CURVE_GFP 0 +# define EC_F_EC_GROUP_GET_DEGREE 0 +# define EC_F_EC_GROUP_GET_ECPARAMETERS 0 +# define EC_F_EC_GROUP_GET_ECPKPARAMETERS 0 +# define EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS 0 +# define EC_F_EC_GROUP_GET_TRINOMIAL_BASIS 0 +# define EC_F_EC_GROUP_NEW 0 +# define EC_F_EC_GROUP_NEW_BY_CURVE_NAME 0 +# define EC_F_EC_GROUP_NEW_BY_CURVE_NAME_EX 0 +# define EC_F_EC_GROUP_NEW_EX 0 +# define EC_F_EC_GROUP_NEW_FROM_DATA 0 +# define EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS 0 +# define EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS 0 +# define EC_F_EC_GROUP_SET_CURVE 0 +# define EC_F_EC_GROUP_SET_CURVE_GF2M 0 +# define EC_F_EC_GROUP_SET_CURVE_GFP 0 +# define EC_F_EC_GROUP_SET_GENERATOR 0 +# define EC_F_EC_GROUP_SET_SEED 0 +# define EC_F_EC_KEY_CHECK_KEY 0 +# define EC_F_EC_KEY_COPY 0 +# define EC_F_EC_KEY_GENERATE_KEY 0 +# define EC_F_EC_KEY_NEW 0 +# define EC_F_EC_KEY_NEW_METHOD 0 +# define EC_F_EC_KEY_NEW_METHOD_INT 0 +# define EC_F_EC_KEY_OCT2PRIV 0 +# define EC_F_EC_KEY_PRINT 0 +# define EC_F_EC_KEY_PRINT_FP 0 +# define EC_F_EC_KEY_PRIV2BUF 0 +# define EC_F_EC_KEY_PRIV2OCT 0 +# define EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES 0 +# define EC_F_EC_KEY_SIMPLE_CHECK_KEY 0 +# define EC_F_EC_KEY_SIMPLE_OCT2PRIV 0 +# define EC_F_EC_KEY_SIMPLE_PRIV2OCT 0 +# define EC_F_EC_PKEY_CHECK 0 +# define EC_F_EC_PKEY_PARAM_CHECK 0 +# define EC_F_EC_POINTS_MAKE_AFFINE 0 +# define EC_F_EC_POINTS_MUL 0 +# define EC_F_EC_POINT_ADD 0 +# define EC_F_EC_POINT_BN2POINT 0 +# define EC_F_EC_POINT_CMP 0 +# define EC_F_EC_POINT_COPY 0 +# define EC_F_EC_POINT_DBL 0 +# define EC_F_EC_POINT_GET_AFFINE_COORDINATES 0 +# define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M 0 +# define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP 0 +# define EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP 0 +# define EC_F_EC_POINT_INVERT 0 +# define EC_F_EC_POINT_IS_AT_INFINITY 0 +# define EC_F_EC_POINT_IS_ON_CURVE 0 +# define EC_F_EC_POINT_MAKE_AFFINE 0 +# define EC_F_EC_POINT_NEW 0 +# define EC_F_EC_POINT_OCT2POINT 0 +# define EC_F_EC_POINT_POINT2BUF 0 +# define EC_F_EC_POINT_POINT2OCT 0 +# define EC_F_EC_POINT_SET_AFFINE_COORDINATES 0 +# define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M 0 +# define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP 0 +# define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES 0 +# define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M 0 +# define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP 0 +# define EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP 0 +# define EC_F_EC_POINT_SET_TO_INFINITY 0 +# define EC_F_EC_PRE_COMP_NEW 0 +# define EC_F_EC_SCALAR_MUL_LADDER 0 +# define EC_F_EC_WNAF_MUL 0 +# define EC_F_EC_WNAF_PRECOMPUTE_MULT 0 +# define EC_F_I2D_ECPARAMETERS 0 +# define EC_F_I2D_ECPKPARAMETERS 0 +# define EC_F_I2D_ECPRIVATEKEY 0 +# define EC_F_I2O_ECPUBLICKEY 0 +# define EC_F_NISTP224_PRE_COMP_NEW 0 +# define EC_F_NISTP256_PRE_COMP_NEW 0 +# define EC_F_NISTP521_PRE_COMP_NEW 0 +# define EC_F_O2I_ECPUBLICKEY 0 +# define EC_F_OLD_EC_PRIV_DECODE 0 +# define EC_F_OSSL_ECDH_COMPUTE_KEY 0 +# define EC_F_OSSL_ECDSA_SIGN_SETUP 0 +# define EC_F_OSSL_ECDSA_SIGN_SIG 0 +# define EC_F_OSSL_ECDSA_VERIFY_SIG 0 +# define EC_F_PKEY_ECD_CTRL 0 +# define EC_F_PKEY_ECD_DIGESTSIGN 0 +# define EC_F_PKEY_ECD_DIGESTSIGN25519 0 +# define EC_F_PKEY_ECD_DIGESTSIGN448 0 +# define EC_F_PKEY_ECX_DERIVE 0 +# define EC_F_PKEY_EC_CTRL 0 +# define EC_F_PKEY_EC_CTRL_STR 0 +# define EC_F_PKEY_EC_DERIVE 0 +# define EC_F_PKEY_EC_INIT 0 +# define EC_F_PKEY_EC_KDF_DERIVE 0 +# define EC_F_PKEY_EC_KEYGEN 0 +# define EC_F_PKEY_EC_PARAMGEN 0 +# define EC_F_PKEY_EC_SIGN 0 +# define EC_F_S390X_PKEY_ECD_DIGESTSIGN25519 0 +# define EC_F_S390X_PKEY_ECD_DIGESTSIGN448 0 +# define EC_F_S390X_PKEY_ECD_KEYGEN25519 0 +# define EC_F_S390X_PKEY_ECD_KEYGEN448 0 +# define EC_F_S390X_PKEY_ECX_KEYGEN25519 0 +# define EC_F_S390X_PKEY_ECX_KEYGEN448 0 +# define EC_F_VALIDATE_ECX_DERIVE 0 +# endif + +/* + * EC reason codes. + */ +# define EC_R_ASN1_ERROR 115 +# define EC_R_BAD_SIGNATURE 156 +# define EC_R_BIGNUM_OUT_OF_RANGE 144 +# define EC_R_BUFFER_TOO_SMALL 100 +# define EC_R_CANNOT_INVERT 165 +# define EC_R_COORDINATES_OUT_OF_RANGE 146 +# define EC_R_CURVE_DOES_NOT_SUPPORT_ECDH 160 +# define EC_R_CURVE_DOES_NOT_SUPPORT_ECDSA 170 +# define EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING 159 +# define EC_R_D2I_ECPKPARAMETERS_FAILURE 117 +# define EC_R_DECODE_ERROR 142 +# define EC_R_DISCRIMINANT_IS_ZERO 118 +# define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE 119 +# define EC_R_FIELD_TOO_LARGE 143 +# define EC_R_GF2M_NOT_SUPPORTED 147 +# define EC_R_GROUP2PKPARAMETERS_FAILURE 120 +# define EC_R_I2D_ECPKPARAMETERS_FAILURE 121 +# define EC_R_INCOMPATIBLE_OBJECTS 101 +# define EC_R_INVALID_ARGUMENT 112 +# define EC_R_INVALID_COMPRESSED_POINT 110 +# define EC_R_INVALID_COMPRESSION_BIT 109 +# define EC_R_INVALID_CURVE 141 +# define EC_R_INVALID_DIGEST 151 +# define EC_R_INVALID_DIGEST_TYPE 138 +# define EC_R_INVALID_ENCODING 102 +# define EC_R_INVALID_FIELD 103 +# define EC_R_INVALID_FORM 104 +# define EC_R_INVALID_GROUP_ORDER 122 +# define EC_R_INVALID_KEY 116 +# define EC_R_INVALID_OUTPUT_LENGTH 161 +# define EC_R_INVALID_PEER_KEY 133 +# define EC_R_INVALID_PENTANOMIAL_BASIS 132 +# define EC_R_INVALID_PRIVATE_KEY 123 +# define EC_R_INVALID_TRINOMIAL_BASIS 137 +# define EC_R_KDF_PARAMETER_ERROR 148 +# define EC_R_KEYS_NOT_SET 140 +# define EC_R_LADDER_POST_FAILURE 136 +# define EC_R_LADDER_PRE_FAILURE 153 +# define EC_R_LADDER_STEP_FAILURE 162 +# define EC_R_MISSING_PARAMETERS 124 +# define EC_R_MISSING_PRIVATE_KEY 125 +# define EC_R_NEED_NEW_SETUP_VALUES 157 +# define EC_R_NOT_A_NIST_PRIME 135 +# define EC_R_NOT_IMPLEMENTED 126 +# define EC_R_NOT_INITIALIZED 111 +# define EC_R_NO_PARAMETERS_SET 139 +# define EC_R_NO_PRIVATE_VALUE 154 +# define EC_R_OPERATION_NOT_SUPPORTED 152 +# define EC_R_PASSED_NULL_PARAMETER 134 +# define EC_R_PEER_KEY_ERROR 149 +# define EC_R_PKPARAMETERS2GROUP_FAILURE 127 +# define EC_R_POINT_ARITHMETIC_FAILURE 155 +# define EC_R_POINT_AT_INFINITY 106 +# define EC_R_POINT_COORDINATES_BLIND_FAILURE 163 +# define EC_R_POINT_IS_NOT_ON_CURVE 107 +# define EC_R_RANDOM_NUMBER_GENERATION_FAILED 158 +# define EC_R_SHARED_INFO_ERROR 150 +# define EC_R_SLOT_FULL 108 +# define EC_R_UNDEFINED_GENERATOR 113 +# define EC_R_UNDEFINED_ORDER 128 +# define EC_R_UNKNOWN_COFACTOR 164 +# define EC_R_UNKNOWN_GROUP 129 +# define EC_R_UNKNOWN_ORDER 114 +# define EC_R_UNSUPPORTED_FIELD 131 +# define EC_R_WRONG_CURVE_PARAMETERS 145 +# define EC_R_WRONG_ORDER 130 + +# endif +#endif diff --git a/linux_amd64/include/openssl/engine.h b/linux_amd64/include/openssl/engine.h new file mode 100644 index 0000000..3c9648d --- /dev/null +++ b/linux_amd64/include/openssl/engine.h @@ -0,0 +1,757 @@ +/* + * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_ENGINE_H +# define OPENSSL_ENGINE_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_ENGINE_H +# endif + +# include + +# ifndef OPENSSL_NO_ENGINE +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# include +# include +# include +# include +# include +# include +# include +# include +# endif +# include +# include +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + +/* + * These flags are used to control combinations of algorithm (methods) by + * bitwise "OR"ing. + */ +# define ENGINE_METHOD_RSA (unsigned int)0x0001 +# define ENGINE_METHOD_DSA (unsigned int)0x0002 +# define ENGINE_METHOD_DH (unsigned int)0x0004 +# define ENGINE_METHOD_RAND (unsigned int)0x0008 +# define ENGINE_METHOD_CIPHERS (unsigned int)0x0040 +# define ENGINE_METHOD_DIGESTS (unsigned int)0x0080 +# define ENGINE_METHOD_PKEY_METHS (unsigned int)0x0200 +# define ENGINE_METHOD_PKEY_ASN1_METHS (unsigned int)0x0400 +# define ENGINE_METHOD_EC (unsigned int)0x0800 +/* Obvious all-or-nothing cases. */ +# define ENGINE_METHOD_ALL (unsigned int)0xFFFF +# define ENGINE_METHOD_NONE (unsigned int)0x0000 + +/* + * This(ese) flag(s) controls behaviour of the ENGINE_TABLE mechanism used + * internally to control registration of ENGINE implementations, and can be + * set by ENGINE_set_table_flags(). The "NOINIT" flag prevents attempts to + * initialise registered ENGINEs if they are not already initialised. + */ +# define ENGINE_TABLE_FLAG_NOINIT (unsigned int)0x0001 + +/* ENGINE flags that can be set by ENGINE_set_flags(). */ +/* Not used */ +/* #define ENGINE_FLAGS_MALLOCED 0x0001 */ + +/* + * This flag is for ENGINEs that wish to handle the various 'CMD'-related + * control commands on their own. Without this flag, ENGINE_ctrl() handles + * these control commands on behalf of the ENGINE using their "cmd_defns" + * data. + */ +# define ENGINE_FLAGS_MANUAL_CMD_CTRL (int)0x0002 + +/* + * This flag is for ENGINEs who return new duplicate structures when found + * via "ENGINE_by_id()". When an ENGINE must store state (eg. if + * ENGINE_ctrl() commands are called in sequence as part of some stateful + * process like key-generation setup and execution), it can set this flag - + * then each attempt to obtain the ENGINE will result in it being copied into + * a new structure. Normally, ENGINEs don't declare this flag so + * ENGINE_by_id() just increments the existing ENGINE's structural reference + * count. + */ +# define ENGINE_FLAGS_BY_ID_COPY (int)0x0004 + +/* + * This flag if for an ENGINE that does not want its methods registered as + * part of ENGINE_register_all_complete() for example if the methods are not + * usable as default methods. + */ + +# define ENGINE_FLAGS_NO_REGISTER_ALL (int)0x0008 + +/* + * ENGINEs can support their own command types, and these flags are used in + * ENGINE_CTRL_GET_CMD_FLAGS to indicate to the caller what kind of input + * each command expects. Currently only numeric and string input is + * supported. If a control command supports none of the _NUMERIC, _STRING, or + * _NO_INPUT options, then it is regarded as an "internal" control command - + * and not for use in config setting situations. As such, they're not + * available to the ENGINE_ctrl_cmd_string() function, only raw ENGINE_ctrl() + * access. Changes to this list of 'command types' should be reflected + * carefully in ENGINE_cmd_is_executable() and ENGINE_ctrl_cmd_string(). + */ + +/* accepts a 'long' input value (3rd parameter to ENGINE_ctrl) */ +# define ENGINE_CMD_FLAG_NUMERIC (unsigned int)0x0001 +/* + * accepts string input (cast from 'void*' to 'const char *', 4th parameter + * to ENGINE_ctrl) + */ +# define ENGINE_CMD_FLAG_STRING (unsigned int)0x0002 +/* + * Indicates that the control command takes *no* input. Ie. the control + * command is unparameterised. + */ +# define ENGINE_CMD_FLAG_NO_INPUT (unsigned int)0x0004 +/* + * Indicates that the control command is internal. This control command won't + * be shown in any output, and is only usable through the ENGINE_ctrl_cmd() + * function. + */ +# define ENGINE_CMD_FLAG_INTERNAL (unsigned int)0x0008 + +/* + * NB: These 3 control commands are deprecated and should not be used. + * ENGINEs relying on these commands should compile conditional support for + * compatibility (eg. if these symbols are defined) but should also migrate + * the same functionality to their own ENGINE-specific control functions that + * can be "discovered" by calling applications. The fact these control + * commands wouldn't be "executable" (ie. usable by text-based config) + * doesn't change the fact that application code can find and use them + * without requiring per-ENGINE hacking. + */ + +/* + * These flags are used to tell the ctrl function what should be done. All + * command numbers are shared between all engines, even if some don't make + * sense to some engines. In such a case, they do nothing but return the + * error ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED. + */ +# define ENGINE_CTRL_SET_LOGSTREAM 1 +# define ENGINE_CTRL_SET_PASSWORD_CALLBACK 2 +# define ENGINE_CTRL_HUP 3/* Close and reinitialise + * any handles/connections + * etc. */ +# define ENGINE_CTRL_SET_USER_INTERFACE 4/* Alternative to callback */ +# define ENGINE_CTRL_SET_CALLBACK_DATA 5/* User-specific data, used + * when calling the password + * callback and the user + * interface */ +# define ENGINE_CTRL_LOAD_CONFIGURATION 6/* Load a configuration, + * given a string that + * represents a file name + * or so */ +# define ENGINE_CTRL_LOAD_SECTION 7/* Load data from a given + * section in the already + * loaded configuration */ + +/* + * These control commands allow an application to deal with an arbitrary + * engine in a dynamic way. Warn: Negative return values indicate errors FOR + * THESE COMMANDS because zero is used to indicate 'end-of-list'. Other + * commands, including ENGINE-specific command types, return zero for an + * error. An ENGINE can choose to implement these ctrl functions, and can + * internally manage things however it chooses - it does so by setting the + * ENGINE_FLAGS_MANUAL_CMD_CTRL flag (using ENGINE_set_flags()). Otherwise + * the ENGINE_ctrl() code handles this on the ENGINE's behalf using the + * cmd_defns data (set using ENGINE_set_cmd_defns()). This means an ENGINE's + * ctrl() handler need only implement its own commands - the above "meta" + * commands will be taken care of. + */ + +/* + * Returns non-zero if the supplied ENGINE has a ctrl() handler. If "not", + * then all the remaining control commands will return failure, so it is + * worth checking this first if the caller is trying to "discover" the + * engine's capabilities and doesn't want errors generated unnecessarily. + */ +# define ENGINE_CTRL_HAS_CTRL_FUNCTION 10 +/* + * Returns a positive command number for the first command supported by the + * engine. Returns zero if no ctrl commands are supported. + */ +# define ENGINE_CTRL_GET_FIRST_CMD_TYPE 11 +/* + * The 'long' argument specifies a command implemented by the engine, and the + * return value is the next command supported, or zero if there are no more. + */ +# define ENGINE_CTRL_GET_NEXT_CMD_TYPE 12 +/* + * The 'void*' argument is a command name (cast from 'const char *'), and the + * return value is the command that corresponds to it. + */ +# define ENGINE_CTRL_GET_CMD_FROM_NAME 13 +/* + * The next two allow a command to be converted into its corresponding string + * form. In each case, the 'long' argument supplies the command. In the + * NAME_LEN case, the return value is the length of the command name (not + * counting a trailing EOL). In the NAME case, the 'void*' argument must be a + * string buffer large enough, and it will be populated with the name of the + * command (WITH a trailing EOL). + */ +# define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD 14 +# define ENGINE_CTRL_GET_NAME_FROM_CMD 15 +/* The next two are similar but give a "short description" of a command. */ +# define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD 16 +# define ENGINE_CTRL_GET_DESC_FROM_CMD 17 +/* + * With this command, the return value is the OR'd combination of + * ENGINE_CMD_FLAG_*** values that indicate what kind of input a given + * engine-specific ctrl command expects. + */ +# define ENGINE_CTRL_GET_CMD_FLAGS 18 + +/* + * ENGINE implementations should start the numbering of their own control + * commands from this value. (ie. ENGINE_CMD_BASE, ENGINE_CMD_BASE + 1, etc). + */ +# define ENGINE_CMD_BASE 200 + +/* + * NB: These 2 nCipher "chil" control commands are deprecated, and their + * functionality is now available through ENGINE-specific control commands + * (exposed through the above-mentioned 'CMD'-handling). Code using these 2 + * commands should be migrated to the more general command handling before + * these are removed. + */ + +/* Flags specific to the nCipher "chil" engine */ +# define ENGINE_CTRL_CHIL_SET_FORKCHECK 100 + /* + * Depending on the value of the (long)i argument, this sets or + * unsets the SimpleForkCheck flag in the CHIL API to enable or + * disable checking and workarounds for applications that fork(). + */ +# define ENGINE_CTRL_CHIL_NO_LOCKING 101 + /* + * This prevents the initialisation function from providing mutex + * callbacks to the nCipher library. + */ + +/* + * If an ENGINE supports its own specific control commands and wishes the + * framework to handle the above 'ENGINE_CMD_***'-manipulation commands on + * its behalf, it should supply a null-terminated array of ENGINE_CMD_DEFN + * entries to ENGINE_set_cmd_defns(). It should also implement a ctrl() + * handler that supports the stated commands (ie. the "cmd_num" entries as + * described by the array). NB: The array must be ordered in increasing order + * of cmd_num. "null-terminated" means that the last ENGINE_CMD_DEFN element + * has cmd_num set to zero and/or cmd_name set to NULL. + */ +typedef struct ENGINE_CMD_DEFN_st { + unsigned int cmd_num; /* The command number */ + const char *cmd_name; /* The command name itself */ + const char *cmd_desc; /* A short description of the command */ + unsigned int cmd_flags; /* The input the command expects */ +} ENGINE_CMD_DEFN; + +/* Generic function pointer */ +typedef int (*ENGINE_GEN_FUNC_PTR) (void); +/* Generic function pointer taking no arguments */ +typedef int (*ENGINE_GEN_INT_FUNC_PTR) (ENGINE *); +/* Specific control function pointer */ +typedef int (*ENGINE_CTRL_FUNC_PTR) (ENGINE *, int, long, void *, + void (*f) (void)); +/* Generic load_key function pointer */ +typedef EVP_PKEY *(*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *, + UI_METHOD *ui_method, + void *callback_data); +typedef int (*ENGINE_SSL_CLIENT_CERT_PTR) (ENGINE *, SSL *ssl, + STACK_OF(X509_NAME) *ca_dn, + X509 **pcert, EVP_PKEY **pkey, + STACK_OF(X509) **pother, + UI_METHOD *ui_method, + void *callback_data); +/*- + * These callback types are for an ENGINE's handler for cipher and digest logic. + * These handlers have these prototypes; + * int foo(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid); + * int foo(ENGINE *e, const EVP_MD **digest, const int **nids, int nid); + * Looking at how to implement these handlers in the case of cipher support, if + * the framework wants the EVP_CIPHER for 'nid', it will call; + * foo(e, &p_evp_cipher, NULL, nid); (return zero for failure) + * If the framework wants a list of supported 'nid's, it will call; + * foo(e, NULL, &p_nids, 0); (returns number of 'nids' or -1 for error) + */ +/* + * Returns to a pointer to the array of supported cipher 'nid's. If the + * second parameter is non-NULL it is set to the size of the returned array. + */ +typedef int (*ENGINE_CIPHERS_PTR) (ENGINE *, const EVP_CIPHER **, + const int **, int); +typedef int (*ENGINE_DIGESTS_PTR) (ENGINE *, const EVP_MD **, const int **, + int); +typedef int (*ENGINE_PKEY_METHS_PTR) (ENGINE *, EVP_PKEY_METHOD **, + const int **, int); +typedef int (*ENGINE_PKEY_ASN1_METHS_PTR) (ENGINE *, EVP_PKEY_ASN1_METHOD **, + const int **, int); +/* + * STRUCTURE functions ... all of these functions deal with pointers to + * ENGINE structures where the pointers have a "structural reference". This + * means that their reference is to allowed access to the structure but it + * does not imply that the structure is functional. To simply increment or + * decrement the structural reference count, use ENGINE_by_id and + * ENGINE_free. NB: This is not required when iterating using ENGINE_get_next + * as it will automatically decrement the structural reference count of the + * "current" ENGINE and increment the structural reference count of the + * ENGINE it returns (unless it is NULL). + */ + +/* Get the first/last "ENGINE" type available. */ +ENGINE *ENGINE_get_first(void); +ENGINE *ENGINE_get_last(void); +/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */ +ENGINE *ENGINE_get_next(ENGINE *e); +ENGINE *ENGINE_get_prev(ENGINE *e); +/* Add another "ENGINE" type into the array. */ +int ENGINE_add(ENGINE *e); +/* Remove an existing "ENGINE" type from the array. */ +int ENGINE_remove(ENGINE *e); +/* Retrieve an engine from the list by its unique "id" value. */ +ENGINE *ENGINE_by_id(const char *id); + +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define ENGINE_load_openssl() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_OPENSSL, NULL) +# define ENGINE_load_dynamic() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_DYNAMIC, NULL) +# ifndef OPENSSL_NO_STATIC_ENGINE +# define ENGINE_load_padlock() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_PADLOCK, NULL) +# define ENGINE_load_capi() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_CAPI, NULL) +# define ENGINE_load_afalg() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_AFALG, NULL) +# endif +# define ENGINE_load_cryptodev() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_CRYPTODEV, NULL) +# define ENGINE_load_rdrand() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_RDRAND, NULL) +#endif +void ENGINE_load_builtin_engines(void); + +/* + * Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation + * "registry" handling. + */ +unsigned int ENGINE_get_table_flags(void); +void ENGINE_set_table_flags(unsigned int flags); + +/*- Manage registration of ENGINEs per "table". For each type, there are 3 + * functions; + * ENGINE_register_***(e) - registers the implementation from 'e' (if it has one) + * ENGINE_unregister_***(e) - unregister the implementation from 'e' + * ENGINE_register_all_***() - call ENGINE_register_***() for each 'e' in the list + * Cleanup is automatically registered from each table when required. + */ + +int ENGINE_register_RSA(ENGINE *e); +void ENGINE_unregister_RSA(ENGINE *e); +void ENGINE_register_all_RSA(void); + +int ENGINE_register_DSA(ENGINE *e); +void ENGINE_unregister_DSA(ENGINE *e); +void ENGINE_register_all_DSA(void); + +int ENGINE_register_EC(ENGINE *e); +void ENGINE_unregister_EC(ENGINE *e); +void ENGINE_register_all_EC(void); + +int ENGINE_register_DH(ENGINE *e); +void ENGINE_unregister_DH(ENGINE *e); +void ENGINE_register_all_DH(void); + +int ENGINE_register_RAND(ENGINE *e); +void ENGINE_unregister_RAND(ENGINE *e); +void ENGINE_register_all_RAND(void); + +int ENGINE_register_ciphers(ENGINE *e); +void ENGINE_unregister_ciphers(ENGINE *e); +void ENGINE_register_all_ciphers(void); + +int ENGINE_register_digests(ENGINE *e); +void ENGINE_unregister_digests(ENGINE *e); +void ENGINE_register_all_digests(void); + +int ENGINE_register_pkey_meths(ENGINE *e); +void ENGINE_unregister_pkey_meths(ENGINE *e); +void ENGINE_register_all_pkey_meths(void); + +int ENGINE_register_pkey_asn1_meths(ENGINE *e); +void ENGINE_unregister_pkey_asn1_meths(ENGINE *e); +void ENGINE_register_all_pkey_asn1_meths(void); + +/* + * These functions register all support from the above categories. Note, use + * of these functions can result in static linkage of code your application + * may not need. If you only need a subset of functionality, consider using + * more selective initialisation. + */ +int ENGINE_register_complete(ENGINE *e); +int ENGINE_register_all_complete(void); + +/* + * Send parameterised control commands to the engine. The possibilities to + * send down an integer, a pointer to data or a function pointer are + * provided. Any of the parameters may or may not be NULL, depending on the + * command number. In actuality, this function only requires a structural + * (rather than functional) reference to an engine, but many control commands + * may require the engine be functional. The caller should be aware of trying + * commands that require an operational ENGINE, and only use functional + * references in such situations. + */ +int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)); + +/* + * This function tests if an ENGINE-specific command is usable as a + * "setting". Eg. in an application's config file that gets processed through + * ENGINE_ctrl_cmd_string(). If this returns zero, it is not available to + * ENGINE_ctrl_cmd_string(), only ENGINE_ctrl(). + */ +int ENGINE_cmd_is_executable(ENGINE *e, int cmd); + +/* + * This function works like ENGINE_ctrl() with the exception of taking a + * command name instead of a command number, and can handle optional + * commands. See the comment on ENGINE_ctrl_cmd_string() for an explanation + * on how to use the cmd_name and cmd_optional. + */ +int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, + long i, void *p, void (*f) (void), int cmd_optional); + +/* + * This function passes a command-name and argument to an ENGINE. The + * cmd_name is converted to a command number and the control command is + * called using 'arg' as an argument (unless the ENGINE doesn't support such + * a command, in which case no control command is called). The command is + * checked for input flags, and if necessary the argument will be converted + * to a numeric value. If cmd_optional is non-zero, then if the ENGINE + * doesn't support the given cmd_name the return value will be success + * anyway. This function is intended for applications to use so that users + * (or config files) can supply engine-specific config data to the ENGINE at + * run-time to control behaviour of specific engines. As such, it shouldn't + * be used for calling ENGINE_ctrl() functions that return data, deal with + * binary data, or that are otherwise supposed to be used directly through + * ENGINE_ctrl() in application code. Any "return" data from an ENGINE_ctrl() + * operation in this function will be lost - the return value is interpreted + * as failure if the return value is zero, success otherwise, and this + * function returns a boolean value as a result. In other words, vendors of + * 'ENGINE'-enabled devices should write ENGINE implementations with + * parameterisations that work in this scheme, so that compliant ENGINE-based + * applications can work consistently with the same configuration for the + * same ENGINE-enabled devices, across applications. + */ +int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg, + int cmd_optional); + +/* + * These functions are useful for manufacturing new ENGINE structures. They + * don't address reference counting at all - one uses them to populate an + * ENGINE structure with personalised implementations of things prior to + * using it directly or adding it to the builtin ENGINE list in OpenSSL. + * These are also here so that the ENGINE structure doesn't have to be + * exposed and break binary compatibility! + */ +ENGINE *ENGINE_new(void); +int ENGINE_free(ENGINE *e); +int ENGINE_up_ref(ENGINE *e); +int ENGINE_set_id(ENGINE *e, const char *id); +int ENGINE_set_name(ENGINE *e, const char *name); +int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth); +int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth); +int ENGINE_set_EC(ENGINE *e, const EC_KEY_METHOD *ecdsa_meth); +int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth); +int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth); +int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f); +int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f); +int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f); +int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f); +int ENGINE_set_load_privkey_function(ENGINE *e, + ENGINE_LOAD_KEY_PTR loadpriv_f); +int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f); +int ENGINE_set_load_ssl_client_cert_function(ENGINE *e, + ENGINE_SSL_CLIENT_CERT_PTR + loadssl_f); +int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f); +int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f); +int ENGINE_set_pkey_meths(ENGINE *e, ENGINE_PKEY_METHS_PTR f); +int ENGINE_set_pkey_asn1_meths(ENGINE *e, ENGINE_PKEY_ASN1_METHS_PTR f); +int ENGINE_set_flags(ENGINE *e, int flags); +int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns); +/* These functions allow control over any per-structure ENGINE data. */ +#define ENGINE_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ENGINE, l, p, newf, dupf, freef) +int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg); +void *ENGINE_get_ex_data(const ENGINE *e, int idx); + +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +/* + * This function previously cleaned up anything that needs it. Auto-deinit will + * now take care of it so it is no longer required to call this function. + */ +# define ENGINE_cleanup() while(0) continue +#endif + +/* + * These return values from within the ENGINE structure. These can be useful + * with functional references as well as structural references - it depends + * which you obtained. Using the result for functional purposes if you only + * obtained a structural reference may be problematic! + */ +const char *ENGINE_get_id(const ENGINE *e); +const char *ENGINE_get_name(const ENGINE *e); +const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e); +const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e); +const EC_KEY_METHOD *ENGINE_get_EC(const ENGINE *e); +const DH_METHOD *ENGINE_get_DH(const ENGINE *e); +const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e); +ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e); +ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e); +ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e); +ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e); +ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e); +ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e); +ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE + *e); +ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e); +ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e); +ENGINE_PKEY_METHS_PTR ENGINE_get_pkey_meths(const ENGINE *e); +ENGINE_PKEY_ASN1_METHS_PTR ENGINE_get_pkey_asn1_meths(const ENGINE *e); +const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid); +const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid); +const EVP_PKEY_METHOD *ENGINE_get_pkey_meth(ENGINE *e, int nid); +const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth(ENGINE *e, int nid); +const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth_str(ENGINE *e, + const char *str, + int len); +const EVP_PKEY_ASN1_METHOD *ENGINE_pkey_asn1_find_str(ENGINE **pe, + const char *str, + int len); +const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e); +int ENGINE_get_flags(const ENGINE *e); + +/* + * FUNCTIONAL functions. These functions deal with ENGINE structures that + * have (or will) be initialised for use. Broadly speaking, the structural + * functions are useful for iterating the list of available engine types, + * creating new engine types, and other "list" operations. These functions + * actually deal with ENGINEs that are to be used. As such these functions + * can fail (if applicable) when particular engines are unavailable - eg. if + * a hardware accelerator is not attached or not functioning correctly. Each + * ENGINE has 2 reference counts; structural and functional. Every time a + * functional reference is obtained or released, a corresponding structural + * reference is automatically obtained or released too. + */ + +/* + * Initialise a engine type for use (or up its reference count if it's + * already in use). This will fail if the engine is not currently operational + * and cannot initialise. + */ +int ENGINE_init(ENGINE *e); +/* + * Free a functional reference to a engine type. This does not require a + * corresponding call to ENGINE_free as it also releases a structural + * reference. + */ +int ENGINE_finish(ENGINE *e); + +/* + * The following functions handle keys that are stored in some secondary + * location, handled by the engine. The storage may be on a card or + * whatever. + */ +EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, + UI_METHOD *ui_method, void *callback_data); +EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id, + UI_METHOD *ui_method, void *callback_data); +int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s, + STACK_OF(X509_NAME) *ca_dn, X509 **pcert, + EVP_PKEY **ppkey, STACK_OF(X509) **pother, + UI_METHOD *ui_method, void *callback_data); + +/* + * This returns a pointer for the current ENGINE structure that is (by + * default) performing any RSA operations. The value returned is an + * incremented reference, so it should be free'd (ENGINE_finish) before it is + * discarded. + */ +ENGINE *ENGINE_get_default_RSA(void); +/* Same for the other "methods" */ +ENGINE *ENGINE_get_default_DSA(void); +ENGINE *ENGINE_get_default_EC(void); +ENGINE *ENGINE_get_default_DH(void); +ENGINE *ENGINE_get_default_RAND(void); +/* + * These functions can be used to get a functional reference to perform + * ciphering or digesting corresponding to "nid". + */ +ENGINE *ENGINE_get_cipher_engine(int nid); +ENGINE *ENGINE_get_digest_engine(int nid); +ENGINE *ENGINE_get_pkey_meth_engine(int nid); +ENGINE *ENGINE_get_pkey_asn1_meth_engine(int nid); + +/* + * This sets a new default ENGINE structure for performing RSA operations. If + * the result is non-zero (success) then the ENGINE structure will have had + * its reference count up'd so the caller should still free their own + * reference 'e'. + */ +int ENGINE_set_default_RSA(ENGINE *e); +int ENGINE_set_default_string(ENGINE *e, const char *def_list); +/* Same for the other "methods" */ +int ENGINE_set_default_DSA(ENGINE *e); +int ENGINE_set_default_EC(ENGINE *e); +int ENGINE_set_default_DH(ENGINE *e); +int ENGINE_set_default_RAND(ENGINE *e); +int ENGINE_set_default_ciphers(ENGINE *e); +int ENGINE_set_default_digests(ENGINE *e); +int ENGINE_set_default_pkey_meths(ENGINE *e); +int ENGINE_set_default_pkey_asn1_meths(ENGINE *e); + +/* + * The combination "set" - the flags are bitwise "OR"d from the + * ENGINE_METHOD_*** defines above. As with the "ENGINE_register_complete()" + * function, this function can result in unnecessary static linkage. If your + * application requires only specific functionality, consider using more + * selective functions. + */ +int ENGINE_set_default(ENGINE *e, unsigned int flags); + +void ENGINE_add_conf_module(void); + +/* Deprecated functions ... */ +/* int ENGINE_clear_defaults(void); */ + +/**************************/ +/* DYNAMIC ENGINE SUPPORT */ +/**************************/ + +/* Binary/behaviour compatibility levels */ +# define OSSL_DYNAMIC_VERSION (unsigned long)0x00030000 +/* + * Binary versions older than this are too old for us (whether we're a loader + * or a loadee) + */ +# define OSSL_DYNAMIC_OLDEST (unsigned long)0x00030000 + +/* + * When compiling an ENGINE entirely as an external shared library, loadable + * by the "dynamic" ENGINE, these types are needed. The 'dynamic_fns' + * structure type provides the calling application's (or library's) error + * functionality and memory management function pointers to the loaded + * library. These should be used/set in the loaded library code so that the + * loading application's 'state' will be used/changed in all operations. The + * 'static_state' pointer allows the loaded library to know if it shares the + * same static data as the calling application (or library), and thus whether + * these callbacks need to be set or not. + */ +typedef void *(*dyn_MEM_malloc_fn) (size_t, const char *, int); +typedef void *(*dyn_MEM_realloc_fn) (void *, size_t, const char *, int); +typedef void (*dyn_MEM_free_fn) (void *, const char *, int); +typedef struct st_dynamic_MEM_fns { + dyn_MEM_malloc_fn malloc_fn; + dyn_MEM_realloc_fn realloc_fn; + dyn_MEM_free_fn free_fn; +} dynamic_MEM_fns; +/* + * FIXME: Perhaps the memory and locking code (crypto.h) should declare and + * use these types so we (and any other dependent code) can simplify a bit?? + */ +/* The top-level structure */ +typedef struct st_dynamic_fns { + void *static_state; + dynamic_MEM_fns mem_fns; +} dynamic_fns; + +/* + * The version checking function should be of this prototype. NB: The + * ossl_version value passed in is the OSSL_DYNAMIC_VERSION of the loading + * code. If this function returns zero, it indicates a (potential) version + * incompatibility and the loaded library doesn't believe it can proceed. + * Otherwise, the returned value is the (latest) version supported by the + * loading library. The loader may still decide that the loaded code's + * version is unsatisfactory and could veto the load. The function is + * expected to be implemented with the symbol name "v_check", and a default + * implementation can be fully instantiated with + * IMPLEMENT_DYNAMIC_CHECK_FN(). + */ +typedef unsigned long (*dynamic_v_check_fn) (unsigned long ossl_version); +# define IMPLEMENT_DYNAMIC_CHECK_FN() \ + OPENSSL_EXPORT unsigned long v_check(unsigned long v); \ + OPENSSL_EXPORT unsigned long v_check(unsigned long v) { \ + if (v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \ + return 0; } + +/* + * This function is passed the ENGINE structure to initialise with its own + * function and command settings. It should not adjust the structural or + * functional reference counts. If this function returns zero, (a) the load + * will be aborted, (b) the previous ENGINE state will be memcpy'd back onto + * the structure, and (c) the shared library will be unloaded. So + * implementations should do their own internal cleanup in failure + * circumstances otherwise they could leak. The 'id' parameter, if non-NULL, + * represents the ENGINE id that the loader is looking for. If this is NULL, + * the shared library can choose to return failure or to initialise a + * 'default' ENGINE. If non-NULL, the shared library must initialise only an + * ENGINE matching the passed 'id'. The function is expected to be + * implemented with the symbol name "bind_engine". A standard implementation + * can be instantiated with IMPLEMENT_DYNAMIC_BIND_FN(fn) where the parameter + * 'fn' is a callback function that populates the ENGINE structure and + * returns an int value (zero for failure). 'fn' should have prototype; + * [static] int fn(ENGINE *e, const char *id); + */ +typedef int (*dynamic_bind_engine) (ENGINE *e, const char *id, + const dynamic_fns *fns); +# define IMPLEMENT_DYNAMIC_BIND_FN(fn) \ + OPENSSL_EXPORT \ + int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns); \ + OPENSSL_EXPORT \ + int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \ + if (ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \ + CRYPTO_set_mem_functions(fns->mem_fns.malloc_fn, \ + fns->mem_fns.realloc_fn, \ + fns->mem_fns.free_fn); \ + skip_cbs: \ + if (!fn(e, id)) return 0; \ + return 1; } + +/* + * If the loading application (or library) and the loaded ENGINE library + * share the same static data (eg. they're both dynamically linked to the + * same libcrypto.so) we need a way to avoid trying to set system callbacks - + * this would fail, and for the same reason that it's unnecessary to try. If + * the loaded ENGINE has (or gets from through the loader) its own copy of + * the libcrypto static data, we will need to set the callbacks. The easiest + * way to detect this is to have a function that returns a pointer to some + * static data and let the loading application and loaded ENGINE compare + * their respective values. + */ +void *ENGINE_get_static_state(void); + +# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__DragonFly__) +DEPRECATEDIN_1_1_0(void ENGINE_setup_bsd_cryptodev(void)) +# endif + + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/linux_amd64/include/openssl/engineerr.h b/linux_amd64/include/openssl/engineerr.h new file mode 100644 index 0000000..006d73a --- /dev/null +++ b/linux_amd64/include/openssl/engineerr.h @@ -0,0 +1,119 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_ENGINEERR_H +# define OPENSSL_ENGINEERR_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_ENGINEERR_H +# endif + +# include +# include + + +# include + +# ifndef OPENSSL_NO_ENGINE + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_ENGINE_strings(void); + +/* + * ENGINE function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define ENGINE_F_DIGEST_UPDATE 0 +# define ENGINE_F_DYNAMIC_CTRL 0 +# define ENGINE_F_DYNAMIC_GET_DATA_CTX 0 +# define ENGINE_F_DYNAMIC_LOAD 0 +# define ENGINE_F_DYNAMIC_SET_DATA_CTX 0 +# define ENGINE_F_ENGINE_ADD 0 +# define ENGINE_F_ENGINE_BY_ID 0 +# define ENGINE_F_ENGINE_CMD_IS_EXECUTABLE 0 +# define ENGINE_F_ENGINE_CTRL 0 +# define ENGINE_F_ENGINE_CTRL_CMD 0 +# define ENGINE_F_ENGINE_CTRL_CMD_STRING 0 +# define ENGINE_F_ENGINE_FINISH 0 +# define ENGINE_F_ENGINE_GET_CIPHER 0 +# define ENGINE_F_ENGINE_GET_DIGEST 0 +# define ENGINE_F_ENGINE_GET_FIRST 0 +# define ENGINE_F_ENGINE_GET_LAST 0 +# define ENGINE_F_ENGINE_GET_NEXT 0 +# define ENGINE_F_ENGINE_GET_PKEY_ASN1_METH 0 +# define ENGINE_F_ENGINE_GET_PKEY_METH 0 +# define ENGINE_F_ENGINE_GET_PREV 0 +# define ENGINE_F_ENGINE_INIT 0 +# define ENGINE_F_ENGINE_LIST_ADD 0 +# define ENGINE_F_ENGINE_LIST_REMOVE 0 +# define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY 0 +# define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY 0 +# define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT 0 +# define ENGINE_F_ENGINE_NEW 0 +# define ENGINE_F_ENGINE_PKEY_ASN1_FIND_STR 0 +# define ENGINE_F_ENGINE_REMOVE 0 +# define ENGINE_F_ENGINE_SET_DEFAULT_STRING 0 +# define ENGINE_F_ENGINE_SET_ID 0 +# define ENGINE_F_ENGINE_SET_NAME 0 +# define ENGINE_F_ENGINE_TABLE_REGISTER 0 +# define ENGINE_F_ENGINE_UNLOCKED_FINISH 0 +# define ENGINE_F_ENGINE_UP_REF 0 +# define ENGINE_F_INT_CLEANUP_ITEM 0 +# define ENGINE_F_INT_CTRL_HELPER 0 +# define ENGINE_F_INT_ENGINE_CONFIGURE 0 +# define ENGINE_F_INT_ENGINE_MODULE_INIT 0 +# define ENGINE_F_OSSL_HMAC_INIT 0 +# endif + +/* + * ENGINE reason codes. + */ +# define ENGINE_R_ALREADY_LOADED 100 +# define ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER 133 +# define ENGINE_R_CMD_NOT_EXECUTABLE 134 +# define ENGINE_R_COMMAND_TAKES_INPUT 135 +# define ENGINE_R_COMMAND_TAKES_NO_INPUT 136 +# define ENGINE_R_CONFLICTING_ENGINE_ID 103 +# define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED 119 +# define ENGINE_R_DSO_FAILURE 104 +# define ENGINE_R_DSO_NOT_FOUND 132 +# define ENGINE_R_ENGINES_SECTION_ERROR 148 +# define ENGINE_R_ENGINE_CONFIGURATION_ERROR 102 +# define ENGINE_R_ENGINE_IS_NOT_IN_LIST 105 +# define ENGINE_R_ENGINE_SECTION_ERROR 149 +# define ENGINE_R_FAILED_LOADING_PRIVATE_KEY 128 +# define ENGINE_R_FAILED_LOADING_PUBLIC_KEY 129 +# define ENGINE_R_FINISH_FAILED 106 +# define ENGINE_R_ID_OR_NAME_MISSING 108 +# define ENGINE_R_INIT_FAILED 109 +# define ENGINE_R_INTERNAL_LIST_ERROR 110 +# define ENGINE_R_INVALID_ARGUMENT 143 +# define ENGINE_R_INVALID_CMD_NAME 137 +# define ENGINE_R_INVALID_CMD_NUMBER 138 +# define ENGINE_R_INVALID_INIT_VALUE 151 +# define ENGINE_R_INVALID_STRING 150 +# define ENGINE_R_NOT_INITIALISED 117 +# define ENGINE_R_NOT_LOADED 112 +# define ENGINE_R_NO_CONTROL_FUNCTION 120 +# define ENGINE_R_NO_INDEX 144 +# define ENGINE_R_NO_LOAD_FUNCTION 125 +# define ENGINE_R_NO_REFERENCE 130 +# define ENGINE_R_NO_SUCH_ENGINE 116 +# define ENGINE_R_UNIMPLEMENTED_CIPHER 146 +# define ENGINE_R_UNIMPLEMENTED_DIGEST 147 +# define ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD 101 +# define ENGINE_R_VERSION_INCOMPATIBILITY 145 + +# endif +#endif diff --git a/linux_amd64/include/openssl/err.h b/linux_amd64/include/openssl/err.h new file mode 100644 index 0000000..ef8e895 --- /dev/null +++ b/linux_amd64/include/openssl/err.h @@ -0,0 +1,364 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_ERR_H +# define OPENSSL_ERR_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_ERR_H +# endif + +# include + +# ifndef OPENSSL_NO_STDIO +# include +# include +# endif + +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# ifndef OPENSSL_NO_FILENAMES +# define ERR_PUT_error(l,f,r,fn,ln) ERR_put_error(l,f,r,fn,ln) +# else +# define ERR_PUT_error(l,f,r,fn,ln) ERR_put_error(l,f,r,NULL,0) +# endif +# endif + +# include + +# define ERR_TXT_MALLOCED 0x01 +# define ERR_TXT_STRING 0x02 + +# if !defined(OPENSSL_NO_DEPRECATED_3_0) || defined(OSSL_FORCE_ERR_STATE) +# define ERR_FLAG_MARK 0x01 +# define ERR_FLAG_CLEAR 0x02 + +# define ERR_NUM_ERRORS 16 +struct err_state_st { + int err_flags[ERR_NUM_ERRORS]; + unsigned long err_buffer[ERR_NUM_ERRORS]; + char *err_data[ERR_NUM_ERRORS]; + size_t err_data_size[ERR_NUM_ERRORS]; + int err_data_flags[ERR_NUM_ERRORS]; + const char *err_file[ERR_NUM_ERRORS]; + int err_line[ERR_NUM_ERRORS]; + const char *err_func[ERR_NUM_ERRORS]; + int top, bottom; +}; +# endif + +/* library */ +# define ERR_LIB_NONE 1 +# define ERR_LIB_SYS 2 +# define ERR_LIB_BN 3 +# define ERR_LIB_RSA 4 +# define ERR_LIB_DH 5 +# define ERR_LIB_EVP 6 +# define ERR_LIB_BUF 7 +# define ERR_LIB_OBJ 8 +# define ERR_LIB_PEM 9 +# define ERR_LIB_DSA 10 +# define ERR_LIB_X509 11 +/* #define ERR_LIB_METH 12 */ +# define ERR_LIB_ASN1 13 +# define ERR_LIB_CONF 14 +# define ERR_LIB_CRYPTO 15 +# define ERR_LIB_EC 16 +# define ERR_LIB_SSL 20 +/* #define ERR_LIB_SSL23 21 */ +/* #define ERR_LIB_SSL2 22 */ +/* #define ERR_LIB_SSL3 23 */ +/* #define ERR_LIB_RSAREF 30 */ +/* #define ERR_LIB_PROXY 31 */ +# define ERR_LIB_BIO 32 +# define ERR_LIB_PKCS7 33 +# define ERR_LIB_X509V3 34 +# define ERR_LIB_PKCS12 35 +# define ERR_LIB_RAND 36 +# define ERR_LIB_DSO 37 +# define ERR_LIB_ENGINE 38 +# define ERR_LIB_OCSP 39 +# define ERR_LIB_UI 40 +# define ERR_LIB_COMP 41 +# define ERR_LIB_ECDSA 42 +# define ERR_LIB_ECDH 43 +# define ERR_LIB_OSSL_STORE 44 +# define ERR_LIB_FIPS 45 +# define ERR_LIB_CMS 46 +# define ERR_LIB_TS 47 +# define ERR_LIB_HMAC 48 +/* # define ERR_LIB_JPAKE 49 */ +# define ERR_LIB_CT 50 +# define ERR_LIB_ASYNC 51 +# define ERR_LIB_KDF 52 +# define ERR_LIB_SM2 53 +# define ERR_LIB_ESS 54 +# define ERR_LIB_PROP 55 +# define ERR_LIB_CRMF 56 +# define ERR_LIB_PROV 57 +# define ERR_LIB_CMP 58 +# define ERR_LIB_OSSL_SERIALIZER 59 +# define ERR_LIB_HTTP 60 + +# define ERR_LIB_USER 128 + +# if 1 || !defined(OPENSSL_NO_DEPRECATED_3_0) +# define ASN1err(f, r) ERR_raise_data(ERR_LIB_ASN1, (r), NULL) +# define ASYNCerr(f, r) ERR_raise_data(ERR_LIB_ASYNC, (r), NULL) +# define BIOerr(f, r) ERR_raise_data(ERR_LIB_BIO, (r), NULL) +# define BNerr(f, r) ERR_raise_data(ERR_LIB_BN, (r), NULL) +# define BUFerr(f, r) ERR_raise_data(ERR_LIB_BUF, (r), NULL) +# define CMPerr(f, r) ERR_raise_data(ERR_LIB_CMP, (r), NULL) +# define CMSerr(f, r) ERR_raise_data(ERR_LIB_CMS, (r), NULL) +# define COMPerr(f, r) ERR_raise_data(ERR_LIB_COMP, (r), NULL) +# define CONFerr(f, r) ERR_raise_data(ERR_LIB_CONF, (r), NULL) +# define CRMFerr(f, r) ERR_raise_data(ERR_LIB_CRMF, (r), NULL) +# define CRYPTOerr(f, r) ERR_raise_data(ERR_LIB_CRYPTO, (r), NULL) +# define CTerr(f, r) ERR_raise_data(ERR_LIB_CT, (r), NULL) +# define DHerr(f, r) ERR_raise_data(ERR_LIB_DH, (r), NULL) +# define DSAerr(f, r) ERR_raise_data(ERR_LIB_DSA, (r), NULL) +# define DSOerr(f, r) ERR_raise_data(ERR_LIB_DSO, (r), NULL) +# define ECDHerr(f, r) ERR_raise_data(ERR_LIB_ECDH, (r), NULL) +# define ECDSAerr(f, r) ERR_raise_data(ERR_LIB_ECDSA, (r), NULL) +# define ECerr(f, r) ERR_raise_data(ERR_LIB_EC, (r), NULL) +# define ENGINEerr(f, r) ERR_raise_data(ERR_LIB_ENGINE, (r), NULL) +# define ESSerr(f, r) ERR_raise_data(ERR_LIB_ESS, (r), NULL) +# define EVPerr(f, r) ERR_raise_data(ERR_LIB_EVP, (r), NULL) +# define FIPSerr(f, r) ERR_raise_data(ERR_LIB_FIPS, (r), NULL) +# define HMACerr(f, r) ERR_raise_data(ERR_LIB_HMAC, (r), NULL) +# define HTTPerr(f, r) ERR_raise_data(ERR_LIB_HTTP, (r), NULL) +# define KDFerr(f, r) ERR_raise_data(ERR_LIB_KDF, (r), NULL) +# define OBJerr(f, r) ERR_raise_data(ERR_LIB_OBJ, (r), NULL) +# define OCSPerr(f, r) ERR_raise_data(ERR_LIB_OCSP, (r), NULL) +# define OSSL_STOREerr(f, r) ERR_raise_data(ERR_LIB_OSSL_STORE, (r), NULL) +# define PEMerr(f, r) ERR_raise_data(ERR_LIB_PEM, (r), NULL) +# define PKCS12err(f, r) ERR_raise_data(ERR_LIB_PKCS12, (r), NULL) +# define PKCS7err(f, r) ERR_raise_data(ERR_LIB_PKCS7, (r), NULL) +# define PROPerr(f, r) ERR_raise_data(ERR_LIB_PROP, (r), NULL) +# define PROVerr(f, r) ERR_raise_data(ERR_LIB_PROV, (r), NULL) +# define RANDerr(f, r) ERR_raise_data(ERR_LIB_RAND, (r), NULL) +# define RSAerr(f, r) ERR_raise_data(ERR_LIB_RSA, (r), NULL) +# define KDFerr(f, r) ERR_raise_data(ERR_LIB_KDF, (r), NULL) +# define SM2err(f, r) ERR_raise_data(ERR_LIB_SM2, (r), NULL) +# define SSLerr(f, r) ERR_raise_data(ERR_LIB_SSL, (r), NULL) +# define SYSerr(f, r) ERR_raise_data(ERR_LIB_SYS, (r), NULL) +# define TSerr(f, r) ERR_raise_data(ERR_LIB_TS, (r), NULL) +# define UIerr(f, r) ERR_raise_data(ERR_LIB_UI, (r), NULL) +# define X509V3err(f, r) ERR_raise_data(ERR_LIB_X509V3, (r), NULL) +# define X509err(f, r) ERR_raise_data(ERR_LIB_X509, (r), NULL) +# endif + +# define ERR_PACK(l,f,r) ( \ + (((unsigned int)(l) & 0x0FF) << 24L) | \ + (((unsigned int)(f) & 0xFFF) << 12L) | \ + (((unsigned int)(r) & 0xFFF) ) ) +# define ERR_GET_LIB(l) (int)(((l) >> 24L) & 0x0FFL) +# define ERR_GET_FUNC(l) (int)(((l) >> 12L) & 0xFFFL) +# define ERR_GET_REASON(l) (int)( (l) & 0xFFFL) +# define ERR_FATAL_ERROR(l) (int)( (l) & ERR_R_FATAL) + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define SYS_F_FOPEN 0 +# define SYS_F_CONNECT 0 +# define SYS_F_GETSERVBYNAME 0 +# define SYS_F_SOCKET 0 +# define SYS_F_IOCTLSOCKET 0 +# define SYS_F_BIND 0 +# define SYS_F_LISTEN 0 +# define SYS_F_ACCEPT 0 +# define SYS_F_WSASTARTUP 0 +# define SYS_F_OPENDIR 0 +# define SYS_F_FREAD 0 +# define SYS_F_GETADDRINFO 0 +# define SYS_F_GETNAMEINFO 0 +# define SYS_F_SETSOCKOPT 0 +# define SYS_F_GETSOCKOPT 0 +# define SYS_F_GETSOCKNAME 0 +# define SYS_F_GETHOSTBYNAME 0 +# define SYS_F_FFLUSH 0 +# define SYS_F_OPEN 0 +# define SYS_F_CLOSE 0 +# define SYS_F_IOCTL 0 +# define SYS_F_STAT 0 +# define SYS_F_FCNTL 0 +# define SYS_F_FSTAT 0 +# define SYS_F_SENDFILE 0 +# endif + +/* reasons */ +# define ERR_R_SYS_LIB ERR_LIB_SYS/* 2 */ +# define ERR_R_BN_LIB ERR_LIB_BN/* 3 */ +# define ERR_R_RSA_LIB ERR_LIB_RSA/* 4 */ +# define ERR_R_DH_LIB ERR_LIB_DH/* 5 */ +# define ERR_R_EVP_LIB ERR_LIB_EVP/* 6 */ +# define ERR_R_BUF_LIB ERR_LIB_BUF/* 7 */ +# define ERR_R_OBJ_LIB ERR_LIB_OBJ/* 8 */ +# define ERR_R_PEM_LIB ERR_LIB_PEM/* 9 */ +# define ERR_R_DSA_LIB ERR_LIB_DSA/* 10 */ +# define ERR_R_X509_LIB ERR_LIB_X509/* 11 */ +# define ERR_R_ASN1_LIB ERR_LIB_ASN1/* 13 */ +# define ERR_R_EC_LIB ERR_LIB_EC/* 16 */ +# define ERR_R_BIO_LIB ERR_LIB_BIO/* 32 */ +# define ERR_R_PKCS7_LIB ERR_LIB_PKCS7/* 33 */ +# define ERR_R_X509V3_LIB ERR_LIB_X509V3/* 34 */ +# define ERR_R_ENGINE_LIB ERR_LIB_ENGINE/* 38 */ +# define ERR_R_UI_LIB ERR_LIB_UI/* 40 */ +# define ERR_R_ECDSA_LIB ERR_LIB_ECDSA/* 42 */ +# define ERR_R_OSSL_STORE_LIB ERR_LIB_OSSL_STORE/* 44 */ + +# define ERR_R_NESTED_ASN1_ERROR 58 +# define ERR_R_MISSING_ASN1_EOS 63 + +/* fatal error */ +# define ERR_R_FATAL 64 +# define ERR_R_MALLOC_FAILURE (1|ERR_R_FATAL) +# define ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED (2|ERR_R_FATAL) +# define ERR_R_PASSED_NULL_PARAMETER (3|ERR_R_FATAL) +# define ERR_R_INTERNAL_ERROR (4|ERR_R_FATAL) +# define ERR_R_DISABLED (5|ERR_R_FATAL) +# define ERR_R_INIT_FAIL (6|ERR_R_FATAL) +# define ERR_R_PASSED_INVALID_ARGUMENT (7) +# define ERR_R_OPERATION_FAIL (8|ERR_R_FATAL) +# define ERR_R_INVALID_PROVIDER_FUNCTIONS (9|ERR_R_FATAL) +# define ERR_R_INTERRUPTED_OR_CANCELLED (10) + +/* + * 99 is the maximum possible ERR_R_... code, higher values are reserved for + * the individual libraries + */ + +typedef struct ERR_string_data_st { + unsigned long error; + const char *string; +} ERR_STRING_DATA; + +DEFINE_LHASH_OF(ERR_STRING_DATA); + +/* 12 lines and some on an 80 column terminal */ +#define ERR_MAX_DATA_SIZE 1024 + +/* Building blocks */ +void ERR_new(void); +void ERR_set_debug(const char *file, int line, const char *func); +void ERR_set_error(int lib, int reason, const char *fmt, ...); +void ERR_vset_error(int lib, int reason, const char *fmt, va_list args); + +/* Main error raising functions */ +# define ERR_raise(lib, reason) ERR_raise_data((lib),(reason),NULL) +# define ERR_raise_data \ + (ERR_new(), \ + ERR_set_debug(OPENSSL_FILE,OPENSSL_LINE,OPENSSL_FUNC), \ + ERR_set_error) + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +/* Backward compatibility */ +# define ERR_put_error(lib, func, reason, file, line) \ + (ERR_new(), \ + ERR_set_debug((file), (line), OPENSSL_FUNC), \ + ERR_set_error((lib), (reason), NULL)) +# endif + +void ERR_set_error_data(char *data, int flags); + +unsigned long ERR_get_error(void); +/* + * TODO(3.0) consider if the following three functions should be deprecated. + * They all drop the error record from the error queue, so regardless of which + * one is used, the rest of the information is lost, making them not so useful. + * The recommendation should be to use the peek functions to extract all the + * additional data. + */ +unsigned long ERR_get_error_line(const char **file, int *line); +unsigned long ERR_get_error_func(const char **func); +unsigned long ERR_get_error_data(const char **data, int *flags); +unsigned long ERR_get_error_all(const char **file, int *line, + const char **func, + const char **data, int *flags); +DEPRECATEDIN_3_0(unsigned long ERR_get_error_line_data(const char **file, + int *line, + const char **data, + int *flags)) +unsigned long ERR_peek_error(void); +unsigned long ERR_peek_error_line(const char **file, int *line); +unsigned long ERR_peek_error_func(const char **func); +unsigned long ERR_peek_error_data(const char **data, int *flags); +unsigned long ERR_peek_error_all(const char **file, int *line, + const char **func, + const char **data, int *flags); +DEPRECATEDIN_3_0(unsigned long ERR_peek_error_line_data(const char **file, + int *line, + const char **data, + int *flags)) +unsigned long ERR_peek_last_error(void); +unsigned long ERR_peek_last_error_line(const char **file, int *line); +unsigned long ERR_peek_last_error_func(const char **func); +unsigned long ERR_peek_last_error_data(const char **data, int *flags); +unsigned long ERR_peek_last_error_all(const char **file, int *line, + const char **func, + const char **data, int *flags); +DEPRECATEDIN_3_0(unsigned long ERR_peek_last_error_line_data(const char **file, + int *line, + const char **data, + int *flags)) + +void ERR_clear_error(void); + +char *ERR_error_string(unsigned long e, char *buf); +void ERR_error_string_n(unsigned long e, char *buf, size_t len); +const char *ERR_lib_error_string(unsigned long e); +DEPRECATEDIN_3_0(const char *ERR_func_error_string(unsigned long e)) +const char *ERR_reason_error_string(unsigned long e); + +void ERR_print_errors_cb(int (*cb) (const char *str, size_t len, void *u), + void *u); +# ifndef OPENSSL_NO_STDIO +void ERR_print_errors_fp(FILE *fp); +# endif +void ERR_print_errors(BIO *bp); + +void ERR_add_error_data(int num, ...); +void ERR_add_error_vdata(int num, va_list args); +void ERR_add_error_txt(const char *sepr, const char *txt); +void ERR_add_error_mem_bio(const char *sep, BIO *bio); + +int ERR_load_strings(int lib, ERR_STRING_DATA *str); +int ERR_load_strings_const(const ERR_STRING_DATA *str); +int ERR_unload_strings(int lib, ERR_STRING_DATA *str); +int ERR_load_ERR_strings(void); + +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define ERR_load_crypto_strings() \ + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL) +# define ERR_free_strings() while(0) continue +#endif + +DEPRECATEDIN_1_1_0(void ERR_remove_thread_state(void *)) +DEPRECATEDIN_1_0_0(void ERR_remove_state(unsigned long pid)) +DEPRECATEDIN_3_0(ERR_STATE *ERR_get_state(void)) + +int ERR_get_next_error_library(void); + +int ERR_set_mark(void); +int ERR_pop_to_mark(void); +int ERR_clear_last_mark(void); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/linux_amd64/include/openssl/ess.h b/linux_amd64/include/openssl/ess.h new file mode 100644 index 0000000..c20bf82 --- /dev/null +++ b/linux_amd64/include/openssl/ess.h @@ -0,0 +1,56 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_ESS_H +# define OPENSSL_ESS_H + +# include + +# ifdef __cplusplus +extern "C" { +# endif +# include +# include +# include + +typedef struct ESS_issuer_serial ESS_ISSUER_SERIAL; +typedef struct ESS_cert_id ESS_CERT_ID; +typedef struct ESS_signing_cert ESS_SIGNING_CERT; + +DEFINE_STACK_OF(ESS_CERT_ID) + +typedef struct ESS_signing_cert_v2_st ESS_SIGNING_CERT_V2; +typedef struct ESS_cert_id_v2_st ESS_CERT_ID_V2; + +DEFINE_STACK_OF(ESS_CERT_ID_V2) + +DECLARE_ASN1_ALLOC_FUNCTIONS(ESS_ISSUER_SERIAL) +DECLARE_ASN1_ENCODE_FUNCTIONS_only(ESS_ISSUER_SERIAL, ESS_ISSUER_SERIAL) +DECLARE_ASN1_DUP_FUNCTION(ESS_ISSUER_SERIAL) + +DECLARE_ASN1_ALLOC_FUNCTIONS(ESS_CERT_ID) +DECLARE_ASN1_ENCODE_FUNCTIONS_only(ESS_CERT_ID, ESS_CERT_ID) +DECLARE_ASN1_DUP_FUNCTION(ESS_CERT_ID) + +DECLARE_ASN1_ALLOC_FUNCTIONS(ESS_SIGNING_CERT) +DECLARE_ASN1_ENCODE_FUNCTIONS_only(ESS_SIGNING_CERT, ESS_SIGNING_CERT) +DECLARE_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT) + +DECLARE_ASN1_ALLOC_FUNCTIONS(ESS_CERT_ID_V2) +DECLARE_ASN1_ENCODE_FUNCTIONS_only(ESS_CERT_ID_V2, ESS_CERT_ID_V2) +DECLARE_ASN1_DUP_FUNCTION(ESS_CERT_ID_V2) + +DECLARE_ASN1_ALLOC_FUNCTIONS(ESS_SIGNING_CERT_V2) +DECLARE_ASN1_ENCODE_FUNCTIONS_only(ESS_SIGNING_CERT_V2, ESS_SIGNING_CERT_V2) +DECLARE_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT_V2) + +# ifdef __cplusplus +} +# endif +#endif diff --git a/linux_amd64/include/openssl/esserr.h b/linux_amd64/include/openssl/esserr.h new file mode 100644 index 0000000..8befce5 --- /dev/null +++ b/linux_amd64/include/openssl/esserr.h @@ -0,0 +1,42 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_ESSERR_H +# define OPENSSL_ESSERR_H + +# include +# include + + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_ESS_strings(void); + +/* + * ESS function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define ESS_F_ESS_CERT_ID_NEW_INIT 0 +# define ESS_F_ESS_CERT_ID_V2_NEW_INIT 0 +# define ESS_F_ESS_SIGNING_CERT_ADD 0 +# define ESS_F_ESS_SIGNING_CERT_NEW_INIT 0 +# define ESS_F_ESS_SIGNING_CERT_V2_ADD 0 +# define ESS_F_ESS_SIGNING_CERT_V2_NEW_INIT 0 +# endif + +/* + * ESS reason codes. + */ +# define ESS_R_ESS_SIGNING_CERTIFICATE_ERROR 102 +# define ESS_R_ESS_SIGNING_CERT_ADD_ERROR 100 +# define ESS_R_ESS_SIGNING_CERT_V2_ADD_ERROR 101 + +#endif diff --git a/linux_amd64/include/openssl/evp.h b/linux_amd64/include/openssl/evp.h new file mode 100644 index 0000000..7aa56b3 --- /dev/null +++ b/linux_amd64/include/openssl/evp.h @@ -0,0 +1,1867 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_EVP_H +# define OPENSSL_EVP_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_ENVELOPE_H +# endif + +# include + +# include +# include +# include +# include +# include +# include +# include + +# define EVP_MAX_MD_SIZE 64/* longest known is SHA512 */ +# define EVP_MAX_KEY_LENGTH 64 +# define EVP_MAX_IV_LENGTH 16 +# define EVP_MAX_BLOCK_LENGTH 32 + +# define PKCS5_SALT_LEN 8 +/* Default PKCS#5 iteration count */ +# define PKCS5_DEFAULT_ITER 2048 + +# include + +# define EVP_PK_RSA 0x0001 +# define EVP_PK_DSA 0x0002 +# define EVP_PK_DH 0x0004 +# define EVP_PK_EC 0x0008 +# define EVP_PKT_SIGN 0x0010 +# define EVP_PKT_ENC 0x0020 +# define EVP_PKT_EXCH 0x0040 +# define EVP_PKS_RSA 0x0100 +# define EVP_PKS_DSA 0x0200 +# define EVP_PKS_EC 0x0400 + +# define EVP_PKEY_NONE NID_undef +# define EVP_PKEY_RSA NID_rsaEncryption +# define EVP_PKEY_RSA2 NID_rsa +# define EVP_PKEY_RSA_PSS NID_rsassaPss +# define EVP_PKEY_DSA NID_dsa +# define EVP_PKEY_DSA1 NID_dsa_2 +# define EVP_PKEY_DSA2 NID_dsaWithSHA +# define EVP_PKEY_DSA3 NID_dsaWithSHA1 +# define EVP_PKEY_DSA4 NID_dsaWithSHA1_2 +# define EVP_PKEY_DH NID_dhKeyAgreement +# define EVP_PKEY_DHX NID_dhpublicnumber +# define EVP_PKEY_EC NID_X9_62_id_ecPublicKey +# define EVP_PKEY_SM2 NID_sm2 +# define EVP_PKEY_HMAC NID_hmac +# define EVP_PKEY_CMAC NID_cmac +# define EVP_PKEY_SCRYPT NID_id_scrypt +# define EVP_PKEY_TLS1_PRF NID_tls1_prf +# define EVP_PKEY_HKDF NID_hkdf +# define EVP_PKEY_POLY1305 NID_poly1305 +# define EVP_PKEY_SIPHASH NID_siphash +# define EVP_PKEY_X25519 NID_X25519 +# define EVP_PKEY_ED25519 NID_ED25519 +# define EVP_PKEY_X448 NID_X448 +# define EVP_PKEY_ED448 NID_ED448 + +#ifdef __cplusplus +extern "C" { +#endif + +int EVP_set_default_properties(OPENSSL_CTX *libctx, const char *propq); + +# define EVP_PKEY_MO_SIGN 0x0001 +# define EVP_PKEY_MO_VERIFY 0x0002 +# define EVP_PKEY_MO_ENCRYPT 0x0004 +# define EVP_PKEY_MO_DECRYPT 0x0008 + +# ifndef EVP_MD +EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type); +EVP_MD *EVP_MD_meth_dup(const EVP_MD *md); +void EVP_MD_meth_free(EVP_MD *md); + +int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize); +int EVP_MD_meth_set_result_size(EVP_MD *md, int resultsize); +int EVP_MD_meth_set_app_datasize(EVP_MD *md, int datasize); +int EVP_MD_meth_set_flags(EVP_MD *md, unsigned long flags); +int EVP_MD_meth_set_init(EVP_MD *md, int (*init)(EVP_MD_CTX *ctx)); +int EVP_MD_meth_set_update(EVP_MD *md, int (*update)(EVP_MD_CTX *ctx, + const void *data, + size_t count)); +int EVP_MD_meth_set_final(EVP_MD *md, int (*final)(EVP_MD_CTX *ctx, + unsigned char *md)); +int EVP_MD_meth_set_copy(EVP_MD *md, int (*copy)(EVP_MD_CTX *to, + const EVP_MD_CTX *from)); +int EVP_MD_meth_set_cleanup(EVP_MD *md, int (*cleanup)(EVP_MD_CTX *ctx)); +int EVP_MD_meth_set_ctrl(EVP_MD *md, int (*ctrl)(EVP_MD_CTX *ctx, int cmd, + int p1, void *p2)); + +int EVP_MD_meth_get_input_blocksize(const EVP_MD *md); +int EVP_MD_meth_get_result_size(const EVP_MD *md); +int EVP_MD_meth_get_app_datasize(const EVP_MD *md); +unsigned long EVP_MD_meth_get_flags(const EVP_MD *md); +int (*EVP_MD_meth_get_init(const EVP_MD *md))(EVP_MD_CTX *ctx); +int (*EVP_MD_meth_get_update(const EVP_MD *md))(EVP_MD_CTX *ctx, + const void *data, + size_t count); +int (*EVP_MD_meth_get_final(const EVP_MD *md))(EVP_MD_CTX *ctx, + unsigned char *md); +int (*EVP_MD_meth_get_copy(const EVP_MD *md))(EVP_MD_CTX *to, + const EVP_MD_CTX *from); +int (*EVP_MD_meth_get_cleanup(const EVP_MD *md))(EVP_MD_CTX *ctx); +int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd, + int p1, void *p2); + +/* digest can only handle a single block */ +# define EVP_MD_FLAG_ONESHOT 0x0001 + +/* digest is extensible-output function, XOF */ +# define EVP_MD_FLAG_XOF 0x0002 + +/* DigestAlgorithmIdentifier flags... */ + +# define EVP_MD_FLAG_DIGALGID_MASK 0x0018 + +/* NULL or absent parameter accepted. Use NULL */ + +# define EVP_MD_FLAG_DIGALGID_NULL 0x0000 + +/* NULL or absent parameter accepted. Use NULL for PKCS#1 otherwise absent */ + +# define EVP_MD_FLAG_DIGALGID_ABSENT 0x0008 + +/* Custom handling via ctrl */ + +# define EVP_MD_FLAG_DIGALGID_CUSTOM 0x0018 + +/* Note if suitable for use in FIPS mode */ +# define EVP_MD_FLAG_FIPS 0x0400 + +/* Digest ctrls */ + +# define EVP_MD_CTRL_DIGALGID 0x1 +# define EVP_MD_CTRL_MICALG 0x2 +# define EVP_MD_CTRL_XOF_LEN 0x3 + +/* Minimum Algorithm specific ctrl value */ + +# define EVP_MD_CTRL_ALG_CTRL 0x1000 + +# endif /* !EVP_MD */ + +/* values for EVP_MD_CTX flags */ + +# define EVP_MD_CTX_FLAG_ONESHOT 0x0001/* digest update will be + * called once only */ +# define EVP_MD_CTX_FLAG_CLEANED 0x0002/* context has already been + * cleaned */ +# define EVP_MD_CTX_FLAG_REUSE 0x0004/* Don't free up ctx->md_data + * in EVP_MD_CTX_reset */ +/* + * FIPS and pad options are ignored in 1.0.0, definitions are here so we + * don't accidentally reuse the values for other purposes. + */ + +# define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008/* Allow use of non FIPS + * digest in FIPS mode */ + +/* + * The following PAD options are also currently ignored in 1.0.0, digest + * parameters are handled through EVP_DigestSign*() and EVP_DigestVerify*() + * instead. + */ +# define EVP_MD_CTX_FLAG_PAD_MASK 0xF0/* RSA mode to use */ +# define EVP_MD_CTX_FLAG_PAD_PKCS1 0x00/* PKCS#1 v1.5 mode */ +# define EVP_MD_CTX_FLAG_PAD_X931 0x10/* X9.31 mode */ +# define EVP_MD_CTX_FLAG_PAD_PSS 0x20/* PSS mode */ + +# define EVP_MD_CTX_FLAG_NO_INIT 0x0100/* Don't initialize md_data */ +/* + * Some functions such as EVP_DigestSign only finalise copies of internal + * contexts so additional data can be included after the finalisation call. + * This is inefficient if this functionality is not required: it is disabled + * if the following flag is set. + */ +# define EVP_MD_CTX_FLAG_FINALISE 0x0200 +/* NOTE: 0x0400 is reserved for internal usage */ + +EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len); +EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher); +void EVP_CIPHER_meth_free(EVP_CIPHER *cipher); + +int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len); +int EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags); +int EVP_CIPHER_meth_set_impl_ctx_size(EVP_CIPHER *cipher, int ctx_size); +int EVP_CIPHER_meth_set_init(EVP_CIPHER *cipher, + int (*init) (EVP_CIPHER_CTX *ctx, + const unsigned char *key, + const unsigned char *iv, + int enc)); +int EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher, + int (*do_cipher) (EVP_CIPHER_CTX *ctx, + unsigned char *out, + const unsigned char *in, + size_t inl)); +int EVP_CIPHER_meth_set_cleanup(EVP_CIPHER *cipher, + int (*cleanup) (EVP_CIPHER_CTX *)); +int EVP_CIPHER_meth_set_set_asn1_params(EVP_CIPHER *cipher, + int (*set_asn1_parameters) (EVP_CIPHER_CTX *, + ASN1_TYPE *)); +int EVP_CIPHER_meth_set_get_asn1_params(EVP_CIPHER *cipher, + int (*get_asn1_parameters) (EVP_CIPHER_CTX *, + ASN1_TYPE *)); +int EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher, + int (*ctrl) (EVP_CIPHER_CTX *, int type, + int arg, void *ptr)); + +int (*EVP_CIPHER_meth_get_init(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx, + const unsigned char *key, + const unsigned char *iv, + int enc); +int (*EVP_CIPHER_meth_get_do_cipher(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx, + unsigned char *out, + const unsigned char *in, + size_t inl); +int (*EVP_CIPHER_meth_get_cleanup(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *); +int (*EVP_CIPHER_meth_get_set_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, + ASN1_TYPE *); +int (*EVP_CIPHER_meth_get_get_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, + ASN1_TYPE *); +int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, + int type, int arg, + void *ptr); + +/* Values for cipher flags */ + +/* Modes for ciphers */ + +# define EVP_CIPH_STREAM_CIPHER 0x0 +# define EVP_CIPH_ECB_MODE 0x1 +# define EVP_CIPH_CBC_MODE 0x2 +# define EVP_CIPH_CFB_MODE 0x3 +# define EVP_CIPH_OFB_MODE 0x4 +# define EVP_CIPH_CTR_MODE 0x5 +# define EVP_CIPH_GCM_MODE 0x6 +# define EVP_CIPH_CCM_MODE 0x7 +# define EVP_CIPH_XTS_MODE 0x10001 +# define EVP_CIPH_WRAP_MODE 0x10002 +# define EVP_CIPH_OCB_MODE 0x10003 +# define EVP_CIPH_SIV_MODE 0x10004 +# define EVP_CIPH_MODE 0xF0007 +/* Set if variable length cipher */ +# define EVP_CIPH_VARIABLE_LENGTH 0x8 +/* Set if the iv handling should be done by the cipher itself */ +# define EVP_CIPH_CUSTOM_IV 0x10 +/* Set if the cipher's init() function should be called if key is NULL */ +# define EVP_CIPH_ALWAYS_CALL_INIT 0x20 +/* Call ctrl() to init cipher parameters */ +# define EVP_CIPH_CTRL_INIT 0x40 +/* Don't use standard key length function */ +# define EVP_CIPH_CUSTOM_KEY_LENGTH 0x80 +/* Don't use standard block padding */ +# define EVP_CIPH_NO_PADDING 0x100 +/* cipher handles random key generation */ +# define EVP_CIPH_RAND_KEY 0x200 +/* cipher has its own additional copying logic */ +# define EVP_CIPH_CUSTOM_COPY 0x400 +/* Don't use standard iv length function */ +# define EVP_CIPH_CUSTOM_IV_LENGTH 0x800 +/* Legacy and no longer relevant: Allow use default ASN1 get/set iv */ +# define EVP_CIPH_FLAG_DEFAULT_ASN1 0 +/* Free: 0x1000 */ +/* Buffer length in bits not bytes: CFB1 mode only */ +# define EVP_CIPH_FLAG_LENGTH_BITS 0x2000 +/* Note if suitable for use in FIPS mode */ +# define EVP_CIPH_FLAG_FIPS 0x4000 +/* Allow non FIPS cipher in FIPS mode */ +# define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x8000 +/* + * Cipher handles any and all padding logic as well as finalisation. + */ +# define EVP_CIPH_FLAG_CUSTOM_CIPHER 0x100000 +# define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000 +# define EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0x400000 +/* Cipher can handle pipeline operations */ +# define EVP_CIPH_FLAG_PIPELINE 0X800000 +/* For provider implementations that handle ASN1 get/set param themselves */ +# define EVP_CIPH_FLAG_CUSTOM_ASN1 0x1000000 + +/* + * Cipher context flag to indicate we can handle wrap mode: if allowed in + * older applications it could overflow buffers. + */ + +# define EVP_CIPHER_CTX_FLAG_WRAP_ALLOW 0x1 + +/* ctrl() values */ + +# define EVP_CTRL_INIT 0x0 +# define EVP_CTRL_SET_KEY_LENGTH 0x1 +# define EVP_CTRL_GET_RC2_KEY_BITS 0x2 +# define EVP_CTRL_SET_RC2_KEY_BITS 0x3 +# define EVP_CTRL_GET_RC5_ROUNDS 0x4 +# define EVP_CTRL_SET_RC5_ROUNDS 0x5 +# define EVP_CTRL_RAND_KEY 0x6 +# define EVP_CTRL_PBE_PRF_NID 0x7 +# define EVP_CTRL_COPY 0x8 +# define EVP_CTRL_AEAD_SET_IVLEN 0x9 +# define EVP_CTRL_AEAD_GET_TAG 0x10 +# define EVP_CTRL_AEAD_SET_TAG 0x11 +# define EVP_CTRL_AEAD_SET_IV_FIXED 0x12 +# define EVP_CTRL_GCM_SET_IVLEN EVP_CTRL_AEAD_SET_IVLEN +# define EVP_CTRL_GCM_GET_TAG EVP_CTRL_AEAD_GET_TAG +# define EVP_CTRL_GCM_SET_TAG EVP_CTRL_AEAD_SET_TAG +# define EVP_CTRL_GCM_SET_IV_FIXED EVP_CTRL_AEAD_SET_IV_FIXED +# define EVP_CTRL_GCM_IV_GEN 0x13 +# define EVP_CTRL_CCM_SET_IVLEN EVP_CTRL_AEAD_SET_IVLEN +# define EVP_CTRL_CCM_GET_TAG EVP_CTRL_AEAD_GET_TAG +# define EVP_CTRL_CCM_SET_TAG EVP_CTRL_AEAD_SET_TAG +# define EVP_CTRL_CCM_SET_IV_FIXED EVP_CTRL_AEAD_SET_IV_FIXED +# define EVP_CTRL_CCM_SET_L 0x14 +# define EVP_CTRL_CCM_SET_MSGLEN 0x15 +/* + * AEAD cipher deduces payload length and returns number of bytes required to + * store MAC and eventual padding. Subsequent call to EVP_Cipher even + * appends/verifies MAC. + */ +# define EVP_CTRL_AEAD_TLS1_AAD 0x16 +/* Used by composite AEAD ciphers, no-op in GCM, CCM... */ +# define EVP_CTRL_AEAD_SET_MAC_KEY 0x17 +/* Set the GCM invocation field, decrypt only */ +# define EVP_CTRL_GCM_SET_IV_INV 0x18 + +# define EVP_CTRL_TLS1_1_MULTIBLOCK_AAD 0x19 +# define EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT 0x1a +# define EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT 0x1b +# define EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE 0x1c + +# define EVP_CTRL_SSL3_MASTER_SECRET 0x1d + +/* EVP_CTRL_SET_SBOX takes the char * specifying S-boxes */ +# define EVP_CTRL_SET_SBOX 0x1e +/* + * EVP_CTRL_SBOX_USED takes a 'size_t' and 'char *', pointing at a + * pre-allocated buffer with specified size + */ +# define EVP_CTRL_SBOX_USED 0x1f +/* EVP_CTRL_KEY_MESH takes 'size_t' number of bytes to mesh the key after, + * 0 switches meshing off + */ +# define EVP_CTRL_KEY_MESH 0x20 +/* EVP_CTRL_BLOCK_PADDING_MODE takes the padding mode */ +# define EVP_CTRL_BLOCK_PADDING_MODE 0x21 + +/* Set the output buffers to use for a pipelined operation */ +# define EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS 0x22 +/* Set the input buffers to use for a pipelined operation */ +# define EVP_CTRL_SET_PIPELINE_INPUT_BUFS 0x23 +/* Set the input buffer lengths to use for a pipelined operation */ +# define EVP_CTRL_SET_PIPELINE_INPUT_LENS 0x24 +/* Get the IV length used by the cipher */ +# define EVP_CTRL_GET_IVLEN 0x25 +/* Get the IV used by the cipher */ +# define EVP_CTRL_GET_IV 0x26 +/* Tell the cipher it's doing a speed test (SIV disallows multiple ops) */ +# define EVP_CTRL_SET_SPEED 0x27 + +/* Padding modes */ +#define EVP_PADDING_PKCS7 1 +#define EVP_PADDING_ISO7816_4 2 +#define EVP_PADDING_ANSI923 3 +#define EVP_PADDING_ISO10126 4 +#define EVP_PADDING_ZERO 5 + +/* RFC 5246 defines additional data to be 13 bytes in length */ +# define EVP_AEAD_TLS1_AAD_LEN 13 + +typedef struct { + unsigned char *out; + const unsigned char *inp; + size_t len; + unsigned int interleave; +} EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM; + +/* GCM TLS constants */ +/* Length of fixed part of IV derived from PRF */ +# define EVP_GCM_TLS_FIXED_IV_LEN 4 +/* Length of explicit part of IV part of TLS records */ +# define EVP_GCM_TLS_EXPLICIT_IV_LEN 8 +/* Length of tag for TLS */ +# define EVP_GCM_TLS_TAG_LEN 16 + +/* CCM TLS constants */ +/* Length of fixed part of IV derived from PRF */ +# define EVP_CCM_TLS_FIXED_IV_LEN 4 +/* Length of explicit part of IV part of TLS records */ +# define EVP_CCM_TLS_EXPLICIT_IV_LEN 8 +/* Total length of CCM IV length for TLS */ +# define EVP_CCM_TLS_IV_LEN 12 +/* Length of tag for TLS */ +# define EVP_CCM_TLS_TAG_LEN 16 +/* Length of CCM8 tag for TLS */ +# define EVP_CCM8_TLS_TAG_LEN 8 + +/* Length of tag for TLS */ +# define EVP_CHACHAPOLY_TLS_TAG_LEN 16 + +typedef struct evp_cipher_info_st { + const EVP_CIPHER *cipher; + unsigned char iv[EVP_MAX_IV_LENGTH]; +} EVP_CIPHER_INFO; + + +/* Password based encryption function */ +typedef int (EVP_PBE_KEYGEN) (EVP_CIPHER_CTX *ctx, const char *pass, + int passlen, ASN1_TYPE *param, + const EVP_CIPHER *cipher, const EVP_MD *md, + int en_de); + +# ifndef OPENSSL_NO_RSA +# define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\ + (rsa)) +# endif + +# ifndef OPENSSL_NO_DSA +# define EVP_PKEY_assign_DSA(pkey,dsa) EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\ + (dsa)) +# endif + +# ifndef OPENSSL_NO_DH +# define EVP_PKEY_assign_DH(pkey,dh) EVP_PKEY_assign((pkey),EVP_PKEY_DH,(dh)) +# endif + +# ifndef OPENSSL_NO_EC +# define EVP_PKEY_assign_EC_KEY(pkey,eckey) EVP_PKEY_assign((pkey),EVP_PKEY_EC,\ + (eckey)) +# endif +# ifndef OPENSSL_NO_SIPHASH +# define EVP_PKEY_assign_SIPHASH(pkey,shkey) EVP_PKEY_assign((pkey),\ + EVP_PKEY_SIPHASH,(shkey)) +# endif + +# ifndef OPENSSL_NO_POLY1305 +# define EVP_PKEY_assign_POLY1305(pkey,polykey) EVP_PKEY_assign((pkey),\ + EVP_PKEY_POLY1305,(polykey)) +# endif + +/* Add some extra combinations */ +# define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a)) +# define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a)) +# define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a)) +# define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a)) + +int EVP_MD_type(const EVP_MD *md); +# define EVP_MD_nid(e) EVP_MD_type(e) +const char *EVP_MD_name(const EVP_MD *md); +int EVP_MD_number(const EVP_MD *md); +int EVP_MD_is_a(const EVP_MD *md, const char *name); +void EVP_MD_names_do_all(const EVP_MD *md, + void (*fn)(const char *name, void *data), + void *data); +const OSSL_PROVIDER *EVP_MD_provider(const EVP_MD *md); +int EVP_MD_pkey_type(const EVP_MD *md); +int EVP_MD_size(const EVP_MD *md); +int EVP_MD_block_size(const EVP_MD *md); +unsigned long EVP_MD_flags(const EVP_MD *md); + +const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx); +int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx, + const void *data, size_t count); +void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx, + int (*update) (EVP_MD_CTX *ctx, + const void *data, size_t count)); +# define EVP_MD_CTX_name(e) EVP_MD_name(EVP_MD_CTX_md(e)) +# define EVP_MD_CTX_size(e) EVP_MD_size(EVP_MD_CTX_md(e)) +# define EVP_MD_CTX_block_size(e) EVP_MD_block_size(EVP_MD_CTX_md(e)) +# define EVP_MD_CTX_type(e) EVP_MD_type(EVP_MD_CTX_md(e)) +EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx); +void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx); +void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx); + +int EVP_CIPHER_nid(const EVP_CIPHER *cipher); +const char *EVP_CIPHER_name(const EVP_CIPHER *cipher); +int EVP_CIPHER_number(const EVP_CIPHER *cipher); +int EVP_CIPHER_is_a(const EVP_CIPHER *cipher, const char *name); +void EVP_CIPHER_names_do_all(const EVP_CIPHER *cipher, + void (*fn)(const char *name, void *data), + void *data); +const OSSL_PROVIDER *EVP_CIPHER_provider(const EVP_CIPHER *cipher); +int EVP_CIPHER_block_size(const EVP_CIPHER *cipher); +int EVP_CIPHER_impl_ctx_size(const EVP_CIPHER *cipher); +int EVP_CIPHER_key_length(const EVP_CIPHER *cipher); +int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher); +unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher); +int EVP_CIPHER_mode(const EVP_CIPHER *cipher); +EVP_CIPHER *EVP_CIPHER_fetch(OPENSSL_CTX *ctx, const char *algorithm, + const char *properties); +int EVP_CIPHER_up_ref(EVP_CIPHER *cipher); +void EVP_CIPHER_free(EVP_CIPHER *cipher); + +const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_tag_length(const EVP_CIPHER_CTX *ctx); +const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx); +const unsigned char *EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX *ctx); +unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx); +unsigned char *EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_num(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num); +int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in); +void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx); +void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data); +void *EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx); +void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data); +# define EVP_CIPHER_CTX_name(c) EVP_CIPHER_name(EVP_CIPHER_CTX_cipher(c)) +# define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c)) +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define EVP_CIPHER_CTX_flags(c) EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(c)) +# endif +# define EVP_CIPHER_CTX_mode(c) EVP_CIPHER_mode(EVP_CIPHER_CTX_cipher(c)) + +# define EVP_ENCODE_LENGTH(l) ((((l)+2)/3*4)+((l)/48+1)*2+80) +# define EVP_DECODE_LENGTH(l) (((l)+3)/4*3+80) + +# define EVP_SignInit_ex(a,b,c) EVP_DigestInit_ex(a,b,c) +# define EVP_SignInit(a,b) EVP_DigestInit(a,b) +# define EVP_SignUpdate(a,b,c) EVP_DigestUpdate(a,b,c) +# define EVP_VerifyInit_ex(a,b,c) EVP_DigestInit_ex(a,b,c) +# define EVP_VerifyInit(a,b) EVP_DigestInit(a,b) +# define EVP_VerifyUpdate(a,b,c) EVP_DigestUpdate(a,b,c) +# define EVP_OpenUpdate(a,b,c,d,e) EVP_DecryptUpdate(a,b,c,d,e) +# define EVP_SealUpdate(a,b,c,d,e) EVP_EncryptUpdate(a,b,c,d,e) + +# ifdef CONST_STRICT +void BIO_set_md(BIO *, const EVP_MD *md); +# else +# define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,0,(void *)(md)) +# endif +# define BIO_get_md(b,mdp) BIO_ctrl(b,BIO_C_GET_MD,0,(mdp)) +# define BIO_get_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_GET_MD_CTX,0,(mdcp)) +# define BIO_set_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_SET_MD_CTX,0,(mdcp)) +# define BIO_get_cipher_status(b) BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL) +# define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(c_pp)) + +/*__owur*/ int EVP_Cipher(EVP_CIPHER_CTX *c, + unsigned char *out, + const unsigned char *in, unsigned int inl); + +# define EVP_add_cipher_alias(n,alias) \ + OBJ_NAME_add((alias),OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS,(n)) +# define EVP_add_digest_alias(n,alias) \ + OBJ_NAME_add((alias),OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,(n)) +# define EVP_delete_cipher_alias(alias) \ + OBJ_NAME_remove(alias,OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS); +# define EVP_delete_digest_alias(alias) \ + OBJ_NAME_remove(alias,OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS); + +int EVP_MD_get_params(const EVP_MD *digest, OSSL_PARAM params[]); +int EVP_MD_CTX_set_params(EVP_MD_CTX *ctx, const OSSL_PARAM params[]); +int EVP_MD_CTX_get_params(EVP_MD_CTX *ctx, OSSL_PARAM params[]); +const OSSL_PARAM *EVP_MD_gettable_params(const EVP_MD *digest); +const OSSL_PARAM *EVP_MD_settable_ctx_params(const EVP_MD *md); +const OSSL_PARAM *EVP_MD_gettable_ctx_params(const EVP_MD *md); +const OSSL_PARAM *EVP_MD_CTX_settable_params(EVP_MD_CTX *ctx); +const OSSL_PARAM *EVP_MD_CTX_gettable_params(EVP_MD_CTX *ctx); +int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2); +EVP_MD_CTX *EVP_MD_CTX_new(void); +int EVP_MD_CTX_reset(EVP_MD_CTX *ctx); +void EVP_MD_CTX_free(EVP_MD_CTX *ctx); +# define EVP_MD_CTX_create() EVP_MD_CTX_new() +# define EVP_MD_CTX_init(ctx) EVP_MD_CTX_reset((ctx)) +# define EVP_MD_CTX_destroy(ctx) EVP_MD_CTX_free((ctx)) +__owur int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in); +void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags); +void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags); +int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags); +__owur int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, + ENGINE *impl); +__owur int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, + size_t cnt); +__owur int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, + unsigned int *s); +__owur int EVP_Digest(const void *data, size_t count, + unsigned char *md, unsigned int *size, + const EVP_MD *type, ENGINE *impl); + +__owur int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in); +__owur int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); +__owur int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, + unsigned int *s); +__owur int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, + size_t len); + +__owur EVP_MD *EVP_MD_fetch(OPENSSL_CTX *ctx, const char *algorithm, + const char *properties); +int EVP_MD_up_ref(EVP_MD *md); +void EVP_MD_free(EVP_MD *md); + +int EVP_read_pw_string(char *buf, int length, const char *prompt, int verify); +int EVP_read_pw_string_min(char *buf, int minlen, int maxlen, + const char *prompt, int verify); +void EVP_set_pw_prompt(const char *prompt); +char *EVP_get_pw_prompt(void); + +__owur int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, + const unsigned char *salt, + const unsigned char *data, int datal, int count, + unsigned char *key, unsigned char *iv); + +void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags); +void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags); +int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags); + +__owur int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + const unsigned char *key, const unsigned char *iv); +/*__owur*/ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, + const EVP_CIPHER *cipher, ENGINE *impl, + const unsigned char *key, + const unsigned char *iv); +/*__owur*/ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl, const unsigned char *in, int inl); +/*__owur*/ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl); +/*__owur*/ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl); + +__owur int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + const unsigned char *key, const unsigned char *iv); +/*__owur*/ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, + const EVP_CIPHER *cipher, ENGINE *impl, + const unsigned char *key, + const unsigned char *iv); +/*__owur*/ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl, const unsigned char *in, int inl); +__owur int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, + int *outl); +/*__owur*/ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, + int *outl); + +__owur int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + const unsigned char *key, const unsigned char *iv, + int enc); +/*__owur*/ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, + const EVP_CIPHER *cipher, ENGINE *impl, + const unsigned char *key, + const unsigned char *iv, int enc); +__owur int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl, const unsigned char *in, int inl); +__owur int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, + int *outl); +__owur int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, + int *outl); + +__owur int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s, + EVP_PKEY *pkey); + +__owur int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, + size_t *siglen, const unsigned char *tbs, + size_t tbslen); + +__owur int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, + unsigned int siglen, EVP_PKEY *pkey); + +__owur int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, + size_t siglen, const unsigned char *tbs, + size_t tbslen); + +int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + const char *mdname, const char *props, + EVP_PKEY *pkey); +/*__owur*/ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + const EVP_MD *type, ENGINE *e, + EVP_PKEY *pkey); +int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize); +__owur int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, + size_t *siglen); + +int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + const char *mdname, const char *props, + EVP_PKEY *pkey); +__owur int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + const EVP_MD *type, ENGINE *e, + EVP_PKEY *pkey); +int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize); +__owur int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, + size_t siglen); + +# ifndef OPENSSL_NO_RSA +__owur int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, + const unsigned char *ek, int ekl, + const unsigned char *iv, EVP_PKEY *priv); +__owur int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); + +__owur int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, + unsigned char **ek, int *ekl, unsigned char *iv, + EVP_PKEY **pubk, int npubk); +__owur int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); +# endif + +EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void); +void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx); +int EVP_ENCODE_CTX_copy(EVP_ENCODE_CTX *dctx, const EVP_ENCODE_CTX *sctx); +int EVP_ENCODE_CTX_num(EVP_ENCODE_CTX *ctx); +void EVP_EncodeInit(EVP_ENCODE_CTX *ctx); +int EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, + const unsigned char *in, int inl); +void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl); +int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n); + +void EVP_DecodeInit(EVP_ENCODE_CTX *ctx); +int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, + const unsigned char *in, int inl); +int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned + char *out, int *outl); +int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n); + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define EVP_CIPHER_CTX_init(c) EVP_CIPHER_CTX_reset(c) +# define EVP_CIPHER_CTX_cleanup(c) EVP_CIPHER_CTX_reset(c) +# endif +EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void); +int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c); +void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *c); +int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen); +int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad); +int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); +int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key); +int EVP_CIPHER_get_params(EVP_CIPHER *cipher, OSSL_PARAM params[]); +int EVP_CIPHER_CTX_set_params(EVP_CIPHER_CTX *ctx, const OSSL_PARAM params[]); +int EVP_CIPHER_CTX_get_params(EVP_CIPHER_CTX *ctx, OSSL_PARAM params[]); +const OSSL_PARAM *EVP_CIPHER_gettable_params(const EVP_CIPHER *cipher); +const OSSL_PARAM *EVP_CIPHER_settable_ctx_params(const EVP_CIPHER *cipher); +const OSSL_PARAM *EVP_CIPHER_gettable_ctx_params(const EVP_CIPHER *cipher); + +const BIO_METHOD *BIO_f_md(void); +const BIO_METHOD *BIO_f_base64(void); +const BIO_METHOD *BIO_f_cipher(void); +const BIO_METHOD *BIO_f_reliable(void); +__owur int BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k, + const unsigned char *i, int enc); + +const EVP_MD *EVP_md_null(void); +# ifndef OPENSSL_NO_MD2 +const EVP_MD *EVP_md2(void); +# endif +# ifndef OPENSSL_NO_MD4 +const EVP_MD *EVP_md4(void); +# endif +# ifndef OPENSSL_NO_MD5 +const EVP_MD *EVP_md5(void); +const EVP_MD *EVP_md5_sha1(void); +# endif +# ifndef OPENSSL_NO_BLAKE2 +const EVP_MD *EVP_blake2b512(void); +const EVP_MD *EVP_blake2s256(void); +# endif +const EVP_MD *EVP_sha1(void); +const EVP_MD *EVP_sha224(void); +const EVP_MD *EVP_sha256(void); +const EVP_MD *EVP_sha384(void); +const EVP_MD *EVP_sha512(void); +const EVP_MD *EVP_sha512_224(void); +const EVP_MD *EVP_sha512_256(void); +const EVP_MD *EVP_sha3_224(void); +const EVP_MD *EVP_sha3_256(void); +const EVP_MD *EVP_sha3_384(void); +const EVP_MD *EVP_sha3_512(void); +const EVP_MD *EVP_shake128(void); +const EVP_MD *EVP_shake256(void); + +# ifndef OPENSSL_NO_MDC2 +const EVP_MD *EVP_mdc2(void); +# endif +# ifndef OPENSSL_NO_RMD160 +const EVP_MD *EVP_ripemd160(void); +# endif +# ifndef OPENSSL_NO_WHIRLPOOL +const EVP_MD *EVP_whirlpool(void); +# endif +# ifndef OPENSSL_NO_SM3 +const EVP_MD *EVP_sm3(void); +# endif +const EVP_CIPHER *EVP_enc_null(void); /* does nothing :-) */ +# ifndef OPENSSL_NO_DES +const EVP_CIPHER *EVP_des_ecb(void); +const EVP_CIPHER *EVP_des_ede(void); +const EVP_CIPHER *EVP_des_ede3(void); +const EVP_CIPHER *EVP_des_ede_ecb(void); +const EVP_CIPHER *EVP_des_ede3_ecb(void); +const EVP_CIPHER *EVP_des_cfb64(void); +# define EVP_des_cfb EVP_des_cfb64 +const EVP_CIPHER *EVP_des_cfb1(void); +const EVP_CIPHER *EVP_des_cfb8(void); +const EVP_CIPHER *EVP_des_ede_cfb64(void); +# define EVP_des_ede_cfb EVP_des_ede_cfb64 +const EVP_CIPHER *EVP_des_ede3_cfb64(void); +# define EVP_des_ede3_cfb EVP_des_ede3_cfb64 +const EVP_CIPHER *EVP_des_ede3_cfb1(void); +const EVP_CIPHER *EVP_des_ede3_cfb8(void); +const EVP_CIPHER *EVP_des_ofb(void); +const EVP_CIPHER *EVP_des_ede_ofb(void); +const EVP_CIPHER *EVP_des_ede3_ofb(void); +const EVP_CIPHER *EVP_des_cbc(void); +const EVP_CIPHER *EVP_des_ede_cbc(void); +const EVP_CIPHER *EVP_des_ede3_cbc(void); +const EVP_CIPHER *EVP_desx_cbc(void); +const EVP_CIPHER *EVP_des_ede3_wrap(void); +/* + * This should now be supported through the dev_crypto ENGINE. But also, why + * are rc4 and md5 declarations made here inside a "NO_DES" precompiler + * branch? + */ +# endif +# ifndef OPENSSL_NO_RC4 +const EVP_CIPHER *EVP_rc4(void); +const EVP_CIPHER *EVP_rc4_40(void); +# ifndef OPENSSL_NO_MD5 +const EVP_CIPHER *EVP_rc4_hmac_md5(void); +# endif +# endif +# ifndef OPENSSL_NO_IDEA +const EVP_CIPHER *EVP_idea_ecb(void); +const EVP_CIPHER *EVP_idea_cfb64(void); +# define EVP_idea_cfb EVP_idea_cfb64 +const EVP_CIPHER *EVP_idea_ofb(void); +const EVP_CIPHER *EVP_idea_cbc(void); +# endif +# ifndef OPENSSL_NO_RC2 +const EVP_CIPHER *EVP_rc2_ecb(void); +const EVP_CIPHER *EVP_rc2_cbc(void); +const EVP_CIPHER *EVP_rc2_40_cbc(void); +const EVP_CIPHER *EVP_rc2_64_cbc(void); +const EVP_CIPHER *EVP_rc2_cfb64(void); +# define EVP_rc2_cfb EVP_rc2_cfb64 +const EVP_CIPHER *EVP_rc2_ofb(void); +# endif +# ifndef OPENSSL_NO_BF +const EVP_CIPHER *EVP_bf_ecb(void); +const EVP_CIPHER *EVP_bf_cbc(void); +const EVP_CIPHER *EVP_bf_cfb64(void); +# define EVP_bf_cfb EVP_bf_cfb64 +const EVP_CIPHER *EVP_bf_ofb(void); +# endif +# ifndef OPENSSL_NO_CAST +const EVP_CIPHER *EVP_cast5_ecb(void); +const EVP_CIPHER *EVP_cast5_cbc(void); +const EVP_CIPHER *EVP_cast5_cfb64(void); +# define EVP_cast5_cfb EVP_cast5_cfb64 +const EVP_CIPHER *EVP_cast5_ofb(void); +# endif +# ifndef OPENSSL_NO_RC5 +const EVP_CIPHER *EVP_rc5_32_12_16_cbc(void); +const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void); +const EVP_CIPHER *EVP_rc5_32_12_16_cfb64(void); +# define EVP_rc5_32_12_16_cfb EVP_rc5_32_12_16_cfb64 +const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void); +# endif +const EVP_CIPHER *EVP_aes_128_ecb(void); +const EVP_CIPHER *EVP_aes_128_cbc(void); +const EVP_CIPHER *EVP_aes_128_cfb1(void); +const EVP_CIPHER *EVP_aes_128_cfb8(void); +const EVP_CIPHER *EVP_aes_128_cfb128(void); +# define EVP_aes_128_cfb EVP_aes_128_cfb128 +const EVP_CIPHER *EVP_aes_128_ofb(void); +const EVP_CIPHER *EVP_aes_128_ctr(void); +const EVP_CIPHER *EVP_aes_128_ccm(void); +const EVP_CIPHER *EVP_aes_128_gcm(void); +const EVP_CIPHER *EVP_aes_128_xts(void); +const EVP_CIPHER *EVP_aes_128_wrap(void); +const EVP_CIPHER *EVP_aes_128_wrap_pad(void); +# ifndef OPENSSL_NO_OCB +const EVP_CIPHER *EVP_aes_128_ocb(void); +# endif +const EVP_CIPHER *EVP_aes_192_ecb(void); +const EVP_CIPHER *EVP_aes_192_cbc(void); +const EVP_CIPHER *EVP_aes_192_cfb1(void); +const EVP_CIPHER *EVP_aes_192_cfb8(void); +const EVP_CIPHER *EVP_aes_192_cfb128(void); +# define EVP_aes_192_cfb EVP_aes_192_cfb128 +const EVP_CIPHER *EVP_aes_192_ofb(void); +const EVP_CIPHER *EVP_aes_192_ctr(void); +const EVP_CIPHER *EVP_aes_192_ccm(void); +const EVP_CIPHER *EVP_aes_192_gcm(void); +const EVP_CIPHER *EVP_aes_192_wrap(void); +const EVP_CIPHER *EVP_aes_192_wrap_pad(void); +# ifndef OPENSSL_NO_OCB +const EVP_CIPHER *EVP_aes_192_ocb(void); +# endif +const EVP_CIPHER *EVP_aes_256_ecb(void); +const EVP_CIPHER *EVP_aes_256_cbc(void); +const EVP_CIPHER *EVP_aes_256_cfb1(void); +const EVP_CIPHER *EVP_aes_256_cfb8(void); +const EVP_CIPHER *EVP_aes_256_cfb128(void); +# define EVP_aes_256_cfb EVP_aes_256_cfb128 +const EVP_CIPHER *EVP_aes_256_ofb(void); +const EVP_CIPHER *EVP_aes_256_ctr(void); +const EVP_CIPHER *EVP_aes_256_ccm(void); +const EVP_CIPHER *EVP_aes_256_gcm(void); +const EVP_CIPHER *EVP_aes_256_xts(void); +const EVP_CIPHER *EVP_aes_256_wrap(void); +const EVP_CIPHER *EVP_aes_256_wrap_pad(void); +# ifndef OPENSSL_NO_OCB +const EVP_CIPHER *EVP_aes_256_ocb(void); +# endif +const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void); +const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void); +const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha256(void); +const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void); +# ifndef OPENSSL_NO_SIV +const EVP_CIPHER *EVP_aes_128_siv(void); +const EVP_CIPHER *EVP_aes_192_siv(void); +const EVP_CIPHER *EVP_aes_256_siv(void); +# endif +# ifndef OPENSSL_NO_ARIA +const EVP_CIPHER *EVP_aria_128_ecb(void); +const EVP_CIPHER *EVP_aria_128_cbc(void); +const EVP_CIPHER *EVP_aria_128_cfb1(void); +const EVP_CIPHER *EVP_aria_128_cfb8(void); +const EVP_CIPHER *EVP_aria_128_cfb128(void); +# define EVP_aria_128_cfb EVP_aria_128_cfb128 +const EVP_CIPHER *EVP_aria_128_ctr(void); +const EVP_CIPHER *EVP_aria_128_ofb(void); +const EVP_CIPHER *EVP_aria_128_gcm(void); +const EVP_CIPHER *EVP_aria_128_ccm(void); +const EVP_CIPHER *EVP_aria_192_ecb(void); +const EVP_CIPHER *EVP_aria_192_cbc(void); +const EVP_CIPHER *EVP_aria_192_cfb1(void); +const EVP_CIPHER *EVP_aria_192_cfb8(void); +const EVP_CIPHER *EVP_aria_192_cfb128(void); +# define EVP_aria_192_cfb EVP_aria_192_cfb128 +const EVP_CIPHER *EVP_aria_192_ctr(void); +const EVP_CIPHER *EVP_aria_192_ofb(void); +const EVP_CIPHER *EVP_aria_192_gcm(void); +const EVP_CIPHER *EVP_aria_192_ccm(void); +const EVP_CIPHER *EVP_aria_256_ecb(void); +const EVP_CIPHER *EVP_aria_256_cbc(void); +const EVP_CIPHER *EVP_aria_256_cfb1(void); +const EVP_CIPHER *EVP_aria_256_cfb8(void); +const EVP_CIPHER *EVP_aria_256_cfb128(void); +# define EVP_aria_256_cfb EVP_aria_256_cfb128 +const EVP_CIPHER *EVP_aria_256_ctr(void); +const EVP_CIPHER *EVP_aria_256_ofb(void); +const EVP_CIPHER *EVP_aria_256_gcm(void); +const EVP_CIPHER *EVP_aria_256_ccm(void); +# endif +# ifndef OPENSSL_NO_CAMELLIA +const EVP_CIPHER *EVP_camellia_128_ecb(void); +const EVP_CIPHER *EVP_camellia_128_cbc(void); +const EVP_CIPHER *EVP_camellia_128_cfb1(void); +const EVP_CIPHER *EVP_camellia_128_cfb8(void); +const EVP_CIPHER *EVP_camellia_128_cfb128(void); +# define EVP_camellia_128_cfb EVP_camellia_128_cfb128 +const EVP_CIPHER *EVP_camellia_128_ofb(void); +const EVP_CIPHER *EVP_camellia_128_ctr(void); +const EVP_CIPHER *EVP_camellia_192_ecb(void); +const EVP_CIPHER *EVP_camellia_192_cbc(void); +const EVP_CIPHER *EVP_camellia_192_cfb1(void); +const EVP_CIPHER *EVP_camellia_192_cfb8(void); +const EVP_CIPHER *EVP_camellia_192_cfb128(void); +# define EVP_camellia_192_cfb EVP_camellia_192_cfb128 +const EVP_CIPHER *EVP_camellia_192_ofb(void); +const EVP_CIPHER *EVP_camellia_192_ctr(void); +const EVP_CIPHER *EVP_camellia_256_ecb(void); +const EVP_CIPHER *EVP_camellia_256_cbc(void); +const EVP_CIPHER *EVP_camellia_256_cfb1(void); +const EVP_CIPHER *EVP_camellia_256_cfb8(void); +const EVP_CIPHER *EVP_camellia_256_cfb128(void); +# define EVP_camellia_256_cfb EVP_camellia_256_cfb128 +const EVP_CIPHER *EVP_camellia_256_ofb(void); +const EVP_CIPHER *EVP_camellia_256_ctr(void); +# endif +# ifndef OPENSSL_NO_CHACHA +const EVP_CIPHER *EVP_chacha20(void); +# ifndef OPENSSL_NO_POLY1305 +const EVP_CIPHER *EVP_chacha20_poly1305(void); +# endif +# endif + +# ifndef OPENSSL_NO_SEED +const EVP_CIPHER *EVP_seed_ecb(void); +const EVP_CIPHER *EVP_seed_cbc(void); +const EVP_CIPHER *EVP_seed_cfb128(void); +# define EVP_seed_cfb EVP_seed_cfb128 +const EVP_CIPHER *EVP_seed_ofb(void); +# endif + +# ifndef OPENSSL_NO_SM4 +const EVP_CIPHER *EVP_sm4_ecb(void); +const EVP_CIPHER *EVP_sm4_cbc(void); +const EVP_CIPHER *EVP_sm4_cfb128(void); +# define EVP_sm4_cfb EVP_sm4_cfb128 +const EVP_CIPHER *EVP_sm4_ofb(void); +const EVP_CIPHER *EVP_sm4_ctr(void); +# endif + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define OPENSSL_add_all_algorithms_conf() \ + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \ + | OPENSSL_INIT_ADD_ALL_DIGESTS \ + | OPENSSL_INIT_LOAD_CONFIG, NULL) +# define OPENSSL_add_all_algorithms_noconf() \ + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \ + | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL) + +# ifdef OPENSSL_LOAD_CONF +# define OpenSSL_add_all_algorithms() OPENSSL_add_all_algorithms_conf() +# else +# define OpenSSL_add_all_algorithms() OPENSSL_add_all_algorithms_noconf() +# endif + +# define OpenSSL_add_all_ciphers() \ + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS, NULL) +# define OpenSSL_add_all_digests() \ + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS, NULL) + +# define EVP_cleanup() while(0) continue +# endif + +int EVP_add_cipher(const EVP_CIPHER *cipher); +int EVP_add_digest(const EVP_MD *digest); + +const EVP_CIPHER *EVP_get_cipherbyname(const char *name); +const EVP_MD *EVP_get_digestbyname(const char *name); + +void EVP_CIPHER_do_all(void (*fn) (const EVP_CIPHER *ciph, + const char *from, const char *to, void *x), + void *arg); +void EVP_CIPHER_do_all_sorted(void (*fn) + (const EVP_CIPHER *ciph, const char *from, + const char *to, void *x), void *arg); +void EVP_CIPHER_do_all_provided(OPENSSL_CTX *libctx, + void (*fn)(EVP_CIPHER *cipher, void *arg), + void *arg); + +void EVP_MD_do_all(void (*fn) (const EVP_MD *ciph, + const char *from, const char *to, void *x), + void *arg); +void EVP_MD_do_all_sorted(void (*fn) + (const EVP_MD *ciph, const char *from, + const char *to, void *x), void *arg); +void EVP_MD_do_all_provided(OPENSSL_CTX *libctx, + void (*fn)(EVP_MD *md, void *arg), + void *arg); + +/* MAC stuff */ + +EVP_MAC *EVP_MAC_fetch(OPENSSL_CTX *libctx, const char *algorithm, + const char *properties); +int EVP_MAC_up_ref(EVP_MAC *mac); +void EVP_MAC_free(EVP_MAC *mac); +int EVP_MAC_number(const EVP_MAC *mac); +int EVP_MAC_is_a(const EVP_MAC *mac, const char *name); +const OSSL_PROVIDER *EVP_MAC_provider(const EVP_MAC *mac); +int EVP_MAC_get_params(EVP_MAC *mac, OSSL_PARAM params[]); + +EVP_MAC_CTX *EVP_MAC_CTX_new(EVP_MAC *mac); +void EVP_MAC_CTX_free(EVP_MAC_CTX *ctx); +EVP_MAC_CTX *EVP_MAC_CTX_dup(const EVP_MAC_CTX *src); +EVP_MAC *EVP_MAC_CTX_mac(EVP_MAC_CTX *ctx); +int EVP_MAC_CTX_get_params(EVP_MAC_CTX *ctx, OSSL_PARAM params[]); +int EVP_MAC_CTX_set_params(EVP_MAC_CTX *ctx, const OSSL_PARAM params[]); + +size_t EVP_MAC_size(EVP_MAC_CTX *ctx); +int EVP_MAC_init(EVP_MAC_CTX *ctx); +int EVP_MAC_update(EVP_MAC_CTX *ctx, const unsigned char *data, size_t datalen); +int EVP_MAC_final(EVP_MAC_CTX *ctx, + unsigned char *out, size_t *outl, size_t outsize); +const OSSL_PARAM *EVP_MAC_gettable_params(const EVP_MAC *mac); +const OSSL_PARAM *EVP_MAC_gettable_ctx_params(const EVP_MAC *mac); +const OSSL_PARAM *EVP_MAC_settable_ctx_params(const EVP_MAC *mac); + +void EVP_MAC_do_all_provided(OPENSSL_CTX *libctx, + void (*fn)(EVP_MAC *mac, void *arg), + void *arg); +void EVP_MAC_names_do_all(const EVP_MAC *mac, + void (*fn)(const char *name, void *data), + void *data); + +/* PKEY stuff */ +DEPRECATEDIN_3_0(int EVP_PKEY_decrypt_old(unsigned char *dec_key, + const unsigned char *enc_key, + int enc_key_len, + EVP_PKEY *private_key)) +DEPRECATEDIN_3_0(int EVP_PKEY_encrypt_old(unsigned char *enc_key, + const unsigned char *key, + int key_len, EVP_PKEY *pub_key)) +int EVP_PKEY_type(int type); +int EVP_PKEY_id(const EVP_PKEY *pkey); +int EVP_PKEY_base_id(const EVP_PKEY *pkey); +int EVP_PKEY_bits(const EVP_PKEY *pkey); +int EVP_PKEY_security_bits(const EVP_PKEY *pkey); +int EVP_PKEY_size(const EVP_PKEY *pkey); +int EVP_PKEY_set_type(EVP_PKEY *pkey, int type); +int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len); +int EVP_PKEY_set_alias_type(EVP_PKEY *pkey, int type); +# ifndef OPENSSL_NO_ENGINE +int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *e); +ENGINE *EVP_PKEY_get0_engine(const EVP_PKEY *pkey); +# endif +int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key); +void *EVP_PKEY_get0(const EVP_PKEY *pkey); +const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len); +# ifndef OPENSSL_NO_POLY1305 +const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len); +# endif +# ifndef OPENSSL_NO_SIPHASH +const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len); +# endif + +# ifndef OPENSSL_NO_RSA +struct rsa_st; +int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, struct rsa_st *key); +struct rsa_st *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey); +struct rsa_st *EVP_PKEY_get1_RSA(EVP_PKEY *pkey); +# endif +# ifndef OPENSSL_NO_DSA +struct dsa_st; +int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, struct dsa_st *key); +struct dsa_st *EVP_PKEY_get0_DSA(const EVP_PKEY *pkey); +struct dsa_st *EVP_PKEY_get1_DSA(EVP_PKEY *pkey); +# endif +# ifndef OPENSSL_NO_DH +struct dh_st; +int EVP_PKEY_set1_DH(EVP_PKEY *pkey, struct dh_st *key); +struct dh_st *EVP_PKEY_get0_DH(const EVP_PKEY *pkey); +struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey); +# endif +# ifndef OPENSSL_NO_EC +struct ec_key_st; +int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, struct ec_key_st *key); +struct ec_key_st *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey); +struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey); +# endif + +EVP_PKEY *EVP_PKEY_new(void); +int EVP_PKEY_up_ref(EVP_PKEY *pkey); +void EVP_PKEY_free(EVP_PKEY *pkey); + +EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, + long length); +int i2d_PublicKey(const EVP_PKEY *a, unsigned char **pp); + +EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, + long length); +EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, + long length); +int i2d_PrivateKey(const EVP_PKEY *a, unsigned char **pp); + +int i2d_KeyParams(const EVP_PKEY *a, unsigned char **pp); +EVP_PKEY *d2i_KeyParams(int type, EVP_PKEY **a, const unsigned char **pp, + long length); +int i2d_KeyParams_bio(BIO *bp, const EVP_PKEY *pkey); +EVP_PKEY *d2i_KeyParams_bio(int type, EVP_PKEY **a, BIO *in); + +int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from); +int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey); +int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode); +int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b); + +int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b); + +int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey, + int indent, ASN1_PCTX *pctx); +int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey, + int indent, ASN1_PCTX *pctx); +int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey, + int indent, ASN1_PCTX *pctx); + +int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid); +int EVP_PKEY_get_default_digest_name(EVP_PKEY *pkey, + char *mdname, size_t mdname_sz); +int EVP_PKEY_supports_digest_nid(EVP_PKEY *pkey, int nid); + +int EVP_PKEY_set1_tls_encodedpoint(EVP_PKEY *pkey, + const unsigned char *pt, size_t ptlen); +size_t EVP_PKEY_get1_tls_encodedpoint(EVP_PKEY *pkey, unsigned char **ppt); + +int EVP_CIPHER_type(const EVP_CIPHER *ctx); + +/* calls methods */ +int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type); +int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type); + +/* These are used by EVP_CIPHER methods */ +int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type); +int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type); + +/* PKCS5 password based encryption */ +int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + ASN1_TYPE *param, const EVP_CIPHER *cipher, + const EVP_MD *md, int en_de); +int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, + const unsigned char *salt, int saltlen, int iter, + int keylen, unsigned char *out); +int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, + const unsigned char *salt, int saltlen, int iter, + const EVP_MD *digest, int keylen, unsigned char *out); +int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + ASN1_TYPE *param, const EVP_CIPHER *cipher, + const EVP_MD *md, int en_de); + +#ifndef OPENSSL_NO_SCRYPT +int EVP_PBE_scrypt(const char *pass, size_t passlen, + const unsigned char *salt, size_t saltlen, + uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem, + unsigned char *key, size_t keylen); + +int PKCS5_v2_scrypt_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, + int passlen, ASN1_TYPE *param, + const EVP_CIPHER *c, const EVP_MD *md, int en_de); +#endif + +void PKCS5_PBE_add(void); + +int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, + ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de); + +/* PBE type */ + +/* Can appear as the outermost AlgorithmIdentifier */ +# define EVP_PBE_TYPE_OUTER 0x0 +/* Is an PRF type OID */ +# define EVP_PBE_TYPE_PRF 0x1 +/* Is a PKCS#5 v2.0 KDF */ +# define EVP_PBE_TYPE_KDF 0x2 + +int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid, + int md_nid, EVP_PBE_KEYGEN *keygen); +int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md, + EVP_PBE_KEYGEN *keygen); +int EVP_PBE_find(int type, int pbe_nid, int *pcnid, int *pmnid, + EVP_PBE_KEYGEN **pkeygen); +void EVP_PBE_cleanup(void); +int EVP_PBE_get(int *ptype, int *ppbe_nid, size_t num); + +# define ASN1_PKEY_ALIAS 0x1 +# define ASN1_PKEY_DYNAMIC 0x2 +# define ASN1_PKEY_SIGPARAM_NULL 0x4 + +# define ASN1_PKEY_CTRL_PKCS7_SIGN 0x1 +# define ASN1_PKEY_CTRL_PKCS7_ENCRYPT 0x2 +# define ASN1_PKEY_CTRL_DEFAULT_MD_NID 0x3 +# define ASN1_PKEY_CTRL_CMS_SIGN 0x5 +# define ASN1_PKEY_CTRL_CMS_ENVELOPE 0x7 +# define ASN1_PKEY_CTRL_CMS_RI_TYPE 0x8 + +# define ASN1_PKEY_CTRL_SET1_TLS_ENCPT 0x9 +# define ASN1_PKEY_CTRL_GET1_TLS_ENCPT 0xa +# define ASN1_PKEY_CTRL_SUPPORTS_MD_NID 0xb + +int EVP_PKEY_asn1_get_count(void); +const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx); +const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type); +const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe, + const char *str, int len); +int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth); +int EVP_PKEY_asn1_add_alias(int to, int from); +int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *pkey_base_id, + int *ppkey_flags, const char **pinfo, + const char **ppem_str, + const EVP_PKEY_ASN1_METHOD *ameth); + +const EVP_PKEY_ASN1_METHOD *EVP_PKEY_get0_asn1(const EVP_PKEY *pkey); +EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags, + const char *pem_str, + const char *info); +void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst, + const EVP_PKEY_ASN1_METHOD *src); +void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth); +void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth, + int (*pub_decode) (EVP_PKEY *pk, + X509_PUBKEY *pub), + int (*pub_encode) (X509_PUBKEY *pub, + const EVP_PKEY *pk), + int (*pub_cmp) (const EVP_PKEY *a, + const EVP_PKEY *b), + int (*pub_print) (BIO *out, + const EVP_PKEY *pkey, + int indent, ASN1_PCTX *pctx), + int (*pkey_size) (const EVP_PKEY *pk), + int (*pkey_bits) (const EVP_PKEY *pk)); +void EVP_PKEY_asn1_set_private(EVP_PKEY_ASN1_METHOD *ameth, + int (*priv_decode) (EVP_PKEY *pk, + const PKCS8_PRIV_KEY_INFO + *p8inf), + int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8, + const EVP_PKEY *pk), + int (*priv_print) (BIO *out, + const EVP_PKEY *pkey, + int indent, + ASN1_PCTX *pctx)); +void EVP_PKEY_asn1_set_param(EVP_PKEY_ASN1_METHOD *ameth, + int (*param_decode) (EVP_PKEY *pkey, + const unsigned char **pder, + int derlen), + int (*param_encode) (const EVP_PKEY *pkey, + unsigned char **pder), + int (*param_missing) (const EVP_PKEY *pk), + int (*param_copy) (EVP_PKEY *to, + const EVP_PKEY *from), + int (*param_cmp) (const EVP_PKEY *a, + const EVP_PKEY *b), + int (*param_print) (BIO *out, + const EVP_PKEY *pkey, + int indent, + ASN1_PCTX *pctx)); + +void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth, + void (*pkey_free) (EVP_PKEY *pkey)); +void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_ctrl) (EVP_PKEY *pkey, int op, + long arg1, void *arg2)); +void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth, + int (*item_verify) (EVP_MD_CTX *ctx, + const ASN1_ITEM *it, + void *asn, + X509_ALGOR *a, + ASN1_BIT_STRING *sig, + EVP_PKEY *pkey), + int (*item_sign) (EVP_MD_CTX *ctx, + const ASN1_ITEM *it, + void *asn, + X509_ALGOR *alg1, + X509_ALGOR *alg2, + ASN1_BIT_STRING *sig)); + +void EVP_PKEY_asn1_set_siginf(EVP_PKEY_ASN1_METHOD *ameth, + int (*siginf_set) (X509_SIG_INFO *siginf, + const X509_ALGOR *alg, + const ASN1_STRING *sig)); + +void EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_check) (const EVP_PKEY *pk)); + +void EVP_PKEY_asn1_set_public_check(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_pub_check) (const EVP_PKEY *pk)); + +void EVP_PKEY_asn1_set_param_check(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_param_check) (const EVP_PKEY *pk)); + +void EVP_PKEY_asn1_set_set_priv_key(EVP_PKEY_ASN1_METHOD *ameth, + int (*set_priv_key) (EVP_PKEY *pk, + const unsigned char + *priv, + size_t len)); +void EVP_PKEY_asn1_set_set_pub_key(EVP_PKEY_ASN1_METHOD *ameth, + int (*set_pub_key) (EVP_PKEY *pk, + const unsigned char *pub, + size_t len)); +void EVP_PKEY_asn1_set_get_priv_key(EVP_PKEY_ASN1_METHOD *ameth, + int (*get_priv_key) (const EVP_PKEY *pk, + unsigned char *priv, + size_t *len)); +void EVP_PKEY_asn1_set_get_pub_key(EVP_PKEY_ASN1_METHOD *ameth, + int (*get_pub_key) (const EVP_PKEY *pk, + unsigned char *pub, + size_t *len)); + +void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_security_bits) (const EVP_PKEY + *pk)); + +int EVP_PKEY_CTX_get_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD **md); +int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); + +# define EVP_PKEY_OP_UNDEFINED 0 +# define EVP_PKEY_OP_PARAMGEN (1<<1) +# define EVP_PKEY_OP_KEYGEN (1<<2) +# define EVP_PKEY_OP_PARAMFROMDATA (1<<3) +# define EVP_PKEY_OP_KEYFROMDATA (1<<4) +# define EVP_PKEY_OP_SIGN (1<<5) +# define EVP_PKEY_OP_VERIFY (1<<6) +# define EVP_PKEY_OP_VERIFYRECOVER (1<<7) +# define EVP_PKEY_OP_SIGNCTX (1<<8) +# define EVP_PKEY_OP_VERIFYCTX (1<<9) +# define EVP_PKEY_OP_ENCRYPT (1<<10) +# define EVP_PKEY_OP_DECRYPT (1<<11) +# define EVP_PKEY_OP_DERIVE (1<<12) + +# define EVP_PKEY_OP_TYPE_SIG \ + (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY | EVP_PKEY_OP_VERIFYRECOVER \ + | EVP_PKEY_OP_SIGNCTX | EVP_PKEY_OP_VERIFYCTX) + +# define EVP_PKEY_OP_TYPE_CRYPT \ + (EVP_PKEY_OP_ENCRYPT | EVP_PKEY_OP_DECRYPT) + +# define EVP_PKEY_OP_TYPE_NOGEN \ + (EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT | EVP_PKEY_OP_DERIVE) + +# define EVP_PKEY_OP_TYPE_GEN \ + (EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN) + +# define EVP_PKEY_OP_TYPE_FROMDATA \ + (EVP_PKEY_OP_PARAMFROMDATA | EVP_PKEY_OP_KEYFROMDATA) + +# define EVP_PKEY_CTX_set_mac_key(ctx, key, len) \ + EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_SET_MAC_KEY, len, (void *)(key)) + +# define EVP_PKEY_CTRL_MD 1 +# define EVP_PKEY_CTRL_PEER_KEY 2 + +# define EVP_PKEY_CTRL_PKCS7_ENCRYPT 3 +# define EVP_PKEY_CTRL_PKCS7_DECRYPT 4 + +# define EVP_PKEY_CTRL_PKCS7_SIGN 5 + +# define EVP_PKEY_CTRL_SET_MAC_KEY 6 + +# define EVP_PKEY_CTRL_DIGESTINIT 7 + +/* Used by GOST key encryption in TLS */ +# define EVP_PKEY_CTRL_SET_IV 8 + +# define EVP_PKEY_CTRL_CMS_ENCRYPT 9 +# define EVP_PKEY_CTRL_CMS_DECRYPT 10 +# define EVP_PKEY_CTRL_CMS_SIGN 11 + +# define EVP_PKEY_CTRL_CIPHER 12 + +# define EVP_PKEY_CTRL_GET_MD 13 + +# define EVP_PKEY_CTRL_SET_DIGEST_SIZE 14 + +# define EVP_PKEY_ALG_CTRL 0x1000 + +# define EVP_PKEY_FLAG_AUTOARGLEN 2 +/* + * Method handles all operations: don't assume any digest related defaults. + */ +# define EVP_PKEY_FLAG_SIGCTX_CUSTOM 4 + +const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type); +EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags); +void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags, + const EVP_PKEY_METHOD *meth); +void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src); +void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth); +int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth); +int EVP_PKEY_meth_remove(const EVP_PKEY_METHOD *pmeth); +size_t EVP_PKEY_meth_get_count(void); +const EVP_PKEY_METHOD *EVP_PKEY_meth_get0(size_t idx); + +EVP_KEYMGMT *EVP_KEYMGMT_fetch(OPENSSL_CTX *ctx, const char *algorithm, + const char *properties); +int EVP_KEYMGMT_up_ref(EVP_KEYMGMT *keymgmt); +void EVP_KEYMGMT_free(EVP_KEYMGMT *keymgmt); +const OSSL_PROVIDER *EVP_KEYMGMT_provider(const EVP_KEYMGMT *keymgmt); +int EVP_KEYMGMT_number(const EVP_KEYMGMT *keymgmt); +int EVP_KEYMGMT_is_a(const EVP_KEYMGMT *keymgmt, const char *name); +void EVP_KEYMGMT_do_all_provided(OPENSSL_CTX *libctx, + void (*fn)(EVP_KEYMGMT *keymgmt, void *arg), + void *arg); +void EVP_KEYMGMT_names_do_all(const EVP_KEYMGMT *keymgmt, + void (*fn)(const char *name, void *data), + void *data); + +EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e); +EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e); +EVP_PKEY_CTX *EVP_PKEY_CTX_new_from_name(OPENSSL_CTX *libctx, + const char *name, + const char *propquery); +EVP_PKEY_CTX *EVP_PKEY_CTX_new_from_pkey(OPENSSL_CTX *libctx, + EVP_PKEY *pkey, const char *propquery); +EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *ctx); +void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx); + +int EVP_PKEY_CTX_get_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params); +const OSSL_PARAM *EVP_PKEY_CTX_gettable_params(EVP_PKEY_CTX *ctx); +int EVP_PKEY_CTX_set_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params); +const OSSL_PARAM *EVP_PKEY_CTX_settable_params(EVP_PKEY_CTX *ctx); +int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, + int cmd, int p1, void *p2); +int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, + const char *value); +int EVP_PKEY_CTX_ctrl_uint64(EVP_PKEY_CTX *ctx, int keytype, int optype, + int cmd, uint64_t value); + +int EVP_PKEY_CTX_str2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *str); +int EVP_PKEY_CTX_hex2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *hex); + +int EVP_PKEY_CTX_md(EVP_PKEY_CTX *ctx, int optype, int cmd, const char *md); + +int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx); +void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen); + +EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, + const unsigned char *key, int keylen); +EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *e, + const unsigned char *priv, + size_t len); +EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *e, + const unsigned char *pub, + size_t len); +int EVP_PKEY_get_raw_private_key(const EVP_PKEY *pkey, unsigned char *priv, + size_t *len); +int EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey, unsigned char *pub, + size_t *len); + +EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv, + size_t len, const EVP_CIPHER *cipher); + +void EVP_PKEY_CTX_set_data(EVP_PKEY_CTX *ctx, void *data); +void *EVP_PKEY_CTX_get_data(const EVP_PKEY_CTX *ctx); +EVP_PKEY *EVP_PKEY_CTX_get0_pkey(EVP_PKEY_CTX *ctx); + +EVP_PKEY *EVP_PKEY_CTX_get0_peerkey(EVP_PKEY_CTX *ctx); + +void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data); +void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx); + +void EVP_SIGNATURE_free(EVP_SIGNATURE *signature); +int EVP_SIGNATURE_up_ref(EVP_SIGNATURE *signature); +OSSL_PROVIDER *EVP_SIGNATURE_provider(const EVP_SIGNATURE *signature); +EVP_SIGNATURE *EVP_SIGNATURE_fetch(OPENSSL_CTX *ctx, const char *algorithm, + const char *properties); +int EVP_SIGNATURE_is_a(const EVP_SIGNATURE *signature, const char *name); +int EVP_SIGNATURE_number(const EVP_SIGNATURE *signature); +void EVP_SIGNATURE_do_all_provided(OPENSSL_CTX *libctx, + void (*fn)(EVP_SIGNATURE *signature, + void *data), + void *data); +void EVP_SIGNATURE_names_do_all(const EVP_SIGNATURE *signature, + void (*fn)(const char *name, void *data), + void *data); + +void EVP_ASYM_CIPHER_free(EVP_ASYM_CIPHER *cipher); +int EVP_ASYM_CIPHER_up_ref(EVP_ASYM_CIPHER *cipher); +OSSL_PROVIDER *EVP_ASYM_CIPHER_provider(const EVP_ASYM_CIPHER *cipher); +EVP_ASYM_CIPHER *EVP_ASYM_CIPHER_fetch(OPENSSL_CTX *ctx, const char *algorithm, + const char *properties); +int EVP_ASYM_CIPHER_is_a(const EVP_ASYM_CIPHER *cipher, const char *name); +int EVP_ASYM_CIPHER_number(const EVP_ASYM_CIPHER *cipher); +void EVP_ASYM_CIPHER_do_all_provided(OPENSSL_CTX *libctx, + void (*fn)(EVP_ASYM_CIPHER *cipher, + void *arg), + void *arg); +void EVP_ASYM_CIPHER_names_do_all(const EVP_ASYM_CIPHER *cipher, + void (*fn)(const char *name, void *data), + void *data); + +int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_sign(EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen); +int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_verify(EVP_PKEY_CTX *ctx, + const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen); +int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx, + unsigned char *rout, size_t *routlen, + const unsigned char *sig, size_t siglen); +int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx, + unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen); +int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, + unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen); + +int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer); +int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); + +typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx); + +int EVP_PKEY_param_fromdata_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_key_fromdata_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_fromdata(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey, OSSL_PARAM param[]); +const OSSL_PARAM *EVP_PKEY_param_fromdata_settable(EVP_PKEY_CTX *ctx); +const OSSL_PARAM *EVP_PKEY_key_fromdata_settable(EVP_PKEY_CTX *ctx); +int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); +int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); +int EVP_PKEY_check(EVP_PKEY_CTX *ctx); +int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx); +int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx); +int EVP_PKEY_private_check(EVP_PKEY_CTX *ctx); +int EVP_PKEY_pairwise_check(EVP_PKEY_CTX *ctx); + +void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb); +EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx); + +int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx); + +void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth, + int (*init) (EVP_PKEY_CTX *ctx)); + +void EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD *pmeth, + int (*copy) (EVP_PKEY_CTX *dst, + const EVP_PKEY_CTX *src)); + +void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD *pmeth, + void (*cleanup) (EVP_PKEY_CTX *ctx)); + +void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD *pmeth, + int (*paramgen_init) (EVP_PKEY_CTX *ctx), + int (*paramgen) (EVP_PKEY_CTX *ctx, + EVP_PKEY *pkey)); + +void EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD *pmeth, + int (*keygen_init) (EVP_PKEY_CTX *ctx), + int (*keygen) (EVP_PKEY_CTX *ctx, + EVP_PKEY *pkey)); + +void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth, + int (*sign_init) (EVP_PKEY_CTX *ctx), + int (*sign) (EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD *pmeth, + int (*verify_init) (EVP_PKEY_CTX *ctx), + int (*verify) (EVP_PKEY_CTX *ctx, + const unsigned char *sig, + size_t siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD *pmeth, + int (*verify_recover_init) (EVP_PKEY_CTX + *ctx), + int (*verify_recover) (EVP_PKEY_CTX + *ctx, + unsigned char + *sig, + size_t *siglen, + const unsigned + char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD *pmeth, + int (*signctx_init) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (*signctx) (EVP_PKEY_CTX *ctx, + unsigned char *sig, + size_t *siglen, + EVP_MD_CTX *mctx)); + +void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD *pmeth, + int (*verifyctx_init) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (*verifyctx) (EVP_PKEY_CTX *ctx, + const unsigned char *sig, + int siglen, + EVP_MD_CTX *mctx)); + +void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *pmeth, + int (*encrypt_init) (EVP_PKEY_CTX *ctx), + int (*encryptfn) (EVP_PKEY_CTX *ctx, + unsigned char *out, + size_t *outlen, + const unsigned char *in, + size_t inlen)); + +void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *pmeth, + int (*decrypt_init) (EVP_PKEY_CTX *ctx), + int (*decrypt) (EVP_PKEY_CTX *ctx, + unsigned char *out, + size_t *outlen, + const unsigned char *in, + size_t inlen)); + +void EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD *pmeth, + int (*derive_init) (EVP_PKEY_CTX *ctx), + int (*derive) (EVP_PKEY_CTX *ctx, + unsigned char *key, + size_t *keylen)); + +void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, + int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, + void *p2), + int (*ctrl_str) (EVP_PKEY_CTX *ctx, + const char *type, + const char *value)); + +void EVP_PKEY_meth_set_digestsign(EVP_PKEY_METHOD *pmeth, + int (*digestsign) (EVP_MD_CTX *ctx, + unsigned char *sig, + size_t *siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_set_digestverify(EVP_PKEY_METHOD *pmeth, + int (*digestverify) (EVP_MD_CTX *ctx, + const unsigned char *sig, + size_t siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth, + int (*check) (EVP_PKEY *pkey)); + +void EVP_PKEY_meth_set_public_check(EVP_PKEY_METHOD *pmeth, + int (*check) (EVP_PKEY *pkey)); + +void EVP_PKEY_meth_set_param_check(EVP_PKEY_METHOD *pmeth, + int (*check) (EVP_PKEY *pkey)); + +void EVP_PKEY_meth_set_digest_custom(EVP_PKEY_METHOD *pmeth, + int (*digest_custom) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx)); + +void EVP_PKEY_meth_get_init(const EVP_PKEY_METHOD *pmeth, + int (**pinit) (EVP_PKEY_CTX *ctx)); + +void EVP_PKEY_meth_get_copy(const EVP_PKEY_METHOD *pmeth, + int (**pcopy) (EVP_PKEY_CTX *dst, + const EVP_PKEY_CTX *src)); + +void EVP_PKEY_meth_get_cleanup(const EVP_PKEY_METHOD *pmeth, + void (**pcleanup) (EVP_PKEY_CTX *ctx)); + +void EVP_PKEY_meth_get_paramgen(const EVP_PKEY_METHOD *pmeth, + int (**pparamgen_init) (EVP_PKEY_CTX *ctx), + int (**pparamgen) (EVP_PKEY_CTX *ctx, + EVP_PKEY *pkey)); + +void EVP_PKEY_meth_get_keygen(const EVP_PKEY_METHOD *pmeth, + int (**pkeygen_init) (EVP_PKEY_CTX *ctx), + int (**pkeygen) (EVP_PKEY_CTX *ctx, + EVP_PKEY *pkey)); + +void EVP_PKEY_meth_get_sign(const EVP_PKEY_METHOD *pmeth, + int (**psign_init) (EVP_PKEY_CTX *ctx), + int (**psign) (EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_get_verify(const EVP_PKEY_METHOD *pmeth, + int (**pverify_init) (EVP_PKEY_CTX *ctx), + int (**pverify) (EVP_PKEY_CTX *ctx, + const unsigned char *sig, + size_t siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_get_verify_recover(const EVP_PKEY_METHOD *pmeth, + int (**pverify_recover_init) (EVP_PKEY_CTX + *ctx), + int (**pverify_recover) (EVP_PKEY_CTX + *ctx, + unsigned char + *sig, + size_t *siglen, + const unsigned + char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_get_signctx(const EVP_PKEY_METHOD *pmeth, + int (**psignctx_init) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (**psignctx) (EVP_PKEY_CTX *ctx, + unsigned char *sig, + size_t *siglen, + EVP_MD_CTX *mctx)); + +void EVP_PKEY_meth_get_verifyctx(const EVP_PKEY_METHOD *pmeth, + int (**pverifyctx_init) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (**pverifyctx) (EVP_PKEY_CTX *ctx, + const unsigned char *sig, + int siglen, + EVP_MD_CTX *mctx)); + +void EVP_PKEY_meth_get_encrypt(const EVP_PKEY_METHOD *pmeth, + int (**pencrypt_init) (EVP_PKEY_CTX *ctx), + int (**pencryptfn) (EVP_PKEY_CTX *ctx, + unsigned char *out, + size_t *outlen, + const unsigned char *in, + size_t inlen)); + +void EVP_PKEY_meth_get_decrypt(const EVP_PKEY_METHOD *pmeth, + int (**pdecrypt_init) (EVP_PKEY_CTX *ctx), + int (**pdecrypt) (EVP_PKEY_CTX *ctx, + unsigned char *out, + size_t *outlen, + const unsigned char *in, + size_t inlen)); + +void EVP_PKEY_meth_get_derive(const EVP_PKEY_METHOD *pmeth, + int (**pderive_init) (EVP_PKEY_CTX *ctx), + int (**pderive) (EVP_PKEY_CTX *ctx, + unsigned char *key, + size_t *keylen)); + +void EVP_PKEY_meth_get_ctrl(const EVP_PKEY_METHOD *pmeth, + int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1, + void *p2), + int (**pctrl_str) (EVP_PKEY_CTX *ctx, + const char *type, + const char *value)); + +void EVP_PKEY_meth_get_digestsign(EVP_PKEY_METHOD *pmeth, + int (**digestsign) (EVP_MD_CTX *ctx, + unsigned char *sig, + size_t *siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_get_digestverify(EVP_PKEY_METHOD *pmeth, + int (**digestverify) (EVP_MD_CTX *ctx, + const unsigned char *sig, + size_t siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_get_check(const EVP_PKEY_METHOD *pmeth, + int (**pcheck) (EVP_PKEY *pkey)); + +void EVP_PKEY_meth_get_public_check(const EVP_PKEY_METHOD *pmeth, + int (**pcheck) (EVP_PKEY *pkey)); + +void EVP_PKEY_meth_get_param_check(const EVP_PKEY_METHOD *pmeth, + int (**pcheck) (EVP_PKEY *pkey)); + +void EVP_PKEY_meth_get_digest_custom(EVP_PKEY_METHOD *pmeth, + int (**pdigest_custom) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx)); + +void EVP_KEYEXCH_free(EVP_KEYEXCH *exchange); +int EVP_KEYEXCH_up_ref(EVP_KEYEXCH *exchange); +EVP_KEYEXCH *EVP_KEYEXCH_fetch(OPENSSL_CTX *ctx, const char *algorithm, + const char *properties); +OSSL_PROVIDER *EVP_KEYEXCH_provider(const EVP_KEYEXCH *exchange); +int EVP_KEYEXCH_is_a(const EVP_KEYEXCH *keyexch, const char *name); +int EVP_KEYEXCH_number(const EVP_KEYEXCH *keyexch); +void EVP_KEYEXCH_do_all_provided(OPENSSL_CTX *libctx, + void (*fn)(EVP_KEYEXCH *keyexch, void *data), + void *data); +void EVP_KEYEXCH_names_do_all(const EVP_KEYEXCH *keyexch, + void (*fn)(const char *name, void *data), + void *data); + +void EVP_add_alg_module(void); + +/* + * Convenient helper functions to transfer string based controls. + * The callback gets called with the parsed value. + */ +int EVP_str2ctrl(int (*cb)(void *ctx, int cmd, void *buf, size_t buflen), + void *ctx, int cmd, const char *value); +int EVP_hex2ctrl(int (*cb)(void *ctx, int cmd, void *buf, size_t buflen), + void *ctx, int cmd, const char *hex); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/linux_amd64/include/openssl/evperr.h b/linux_amd64/include/openssl/evperr.h new file mode 100644 index 0000000..7744465 --- /dev/null +++ b/linux_amd64/include/openssl/evperr.h @@ -0,0 +1,257 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_EVPERR_H +# define OPENSSL_EVPERR_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_EVPERR_H +# endif + +# include +# include + + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_EVP_strings(void); + +/* + * EVP function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define EVP_F_AESNI_INIT_KEY 0 +# define EVP_F_AESNI_XTS_INIT_KEY 0 +# define EVP_F_AES_GCM_CTRL 0 +# define EVP_F_AES_GCM_TLS_CIPHER 0 +# define EVP_F_AES_INIT_KEY 0 +# define EVP_F_AES_OCB_CIPHER 0 +# define EVP_F_AES_T4_INIT_KEY 0 +# define EVP_F_AES_T4_XTS_INIT_KEY 0 +# define EVP_F_AES_WRAP_CIPHER 0 +# define EVP_F_AES_XTS_CIPHER 0 +# define EVP_F_AES_XTS_INIT_KEY 0 +# define EVP_F_ALG_MODULE_INIT 0 +# define EVP_F_ARIA_CCM_INIT_KEY 0 +# define EVP_F_ARIA_GCM_CTRL 0 +# define EVP_F_ARIA_GCM_INIT_KEY 0 +# define EVP_F_ARIA_INIT_KEY 0 +# define EVP_F_B64_NEW 0 +# define EVP_F_CAMELLIA_INIT_KEY 0 +# define EVP_F_CHACHA20_POLY1305_CTRL 0 +# define EVP_F_CMLL_T4_INIT_KEY 0 +# define EVP_F_DES_EDE3_WRAP_CIPHER 0 +# define EVP_F_DO_SIGVER_INIT 0 +# define EVP_F_ENC_NEW 0 +# define EVP_F_EVP_CIPHERINIT_EX 0 +# define EVP_F_EVP_CIPHER_ASN1_TO_PARAM 0 +# define EVP_F_EVP_CIPHER_CTX_COPY 0 +# define EVP_F_EVP_CIPHER_CTX_CTRL 0 +# define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 0 +# define EVP_F_EVP_CIPHER_CTX_SET_PADDING 0 +# define EVP_F_EVP_CIPHER_FROM_DISPATCH 0 +# define EVP_F_EVP_CIPHER_MODE 0 +# define EVP_F_EVP_CIPHER_PARAM_TO_ASN1 0 +# define EVP_F_EVP_DECRYPTFINAL_EX 0 +# define EVP_F_EVP_DECRYPTUPDATE 0 +# define EVP_F_EVP_DIGESTFINALXOF 0 +# define EVP_F_EVP_DIGESTFINAL_EX 0 +# define EVP_F_EVP_DIGESTINIT_EX 0 +# define EVP_F_EVP_DIGESTUPDATE 0 +# define EVP_F_EVP_ENCRYPTDECRYPTUPDATE 0 +# define EVP_F_EVP_ENCRYPTFINAL_EX 0 +# define EVP_F_EVP_ENCRYPTUPDATE 0 +# define EVP_F_EVP_KDF_CTX_DUP 0 +# define EVP_F_EVP_KDF_CTX_NEW 0 +# define EVP_F_EVP_KEYEXCH_FETCH 0 +# define EVP_F_EVP_KEYEXCH_FROM_DISPATCH 0 +# define EVP_F_EVP_MAC_CTRL 0 +# define EVP_F_EVP_MAC_CTRL_STR 0 +# define EVP_F_EVP_MAC_CTX_DUP 0 +# define EVP_F_EVP_MAC_CTX_NEW 0 +# define EVP_F_EVP_MAC_INIT 0 +# define EVP_F_EVP_MD_BLOCK_SIZE 0 +# define EVP_F_EVP_MD_CTX_COPY_EX 0 +# define EVP_F_EVP_MD_SIZE 0 +# define EVP_F_EVP_OPENINIT 0 +# define EVP_F_EVP_PBE_ALG_ADD 0 +# define EVP_F_EVP_PBE_ALG_ADD_TYPE 0 +# define EVP_F_EVP_PBE_CIPHERINIT 0 +# define EVP_F_EVP_PBE_SCRYPT 0 +# define EVP_F_EVP_PKCS82PKEY 0 +# define EVP_F_EVP_PKEY2PKCS8 0 +# define EVP_F_EVP_PKEY_ASN1_ADD0 0 +# define EVP_F_EVP_PKEY_CHECK 0 +# define EVP_F_EVP_PKEY_COPY_PARAMETERS 0 +# define EVP_F_EVP_PKEY_CTX_CTRL 0 +# define EVP_F_EVP_PKEY_CTX_CTRL_STR 0 +# define EVP_F_EVP_PKEY_CTX_DUP 0 +# define EVP_F_EVP_PKEY_CTX_MD 0 +# define EVP_F_EVP_PKEY_DECRYPT 0 +# define EVP_F_EVP_PKEY_DECRYPT_INIT 0 +# define EVP_F_EVP_PKEY_DECRYPT_OLD 0 +# define EVP_F_EVP_PKEY_DERIVE 0 +# define EVP_F_EVP_PKEY_DERIVE_INIT 0 +# define EVP_F_EVP_PKEY_DERIVE_INIT_EX 0 +# define EVP_F_EVP_PKEY_DERIVE_SET_PEER 0 +# define EVP_F_EVP_PKEY_ENCRYPT 0 +# define EVP_F_EVP_PKEY_ENCRYPT_INIT 0 +# define EVP_F_EVP_PKEY_ENCRYPT_OLD 0 +# define EVP_F_EVP_PKEY_GET0_DH 0 +# define EVP_F_EVP_PKEY_GET0_DSA 0 +# define EVP_F_EVP_PKEY_GET0_EC_KEY 0 +# define EVP_F_EVP_PKEY_GET0_HMAC 0 +# define EVP_F_EVP_PKEY_GET0_POLY1305 0 +# define EVP_F_EVP_PKEY_GET0_RSA 0 +# define EVP_F_EVP_PKEY_GET0_SIPHASH 0 +# define EVP_F_EVP_PKEY_GET_RAW_PRIVATE_KEY 0 +# define EVP_F_EVP_PKEY_GET_RAW_PUBLIC_KEY 0 +# define EVP_F_EVP_PKEY_KEYGEN 0 +# define EVP_F_EVP_PKEY_KEYGEN_INIT 0 +# define EVP_F_EVP_PKEY_METH_ADD0 0 +# define EVP_F_EVP_PKEY_METH_NEW 0 +# define EVP_F_EVP_PKEY_NEW 0 +# define EVP_F_EVP_PKEY_NEW_CMAC_KEY 0 +# define EVP_F_EVP_PKEY_NEW_RAW_PRIVATE_KEY 0 +# define EVP_F_EVP_PKEY_NEW_RAW_PUBLIC_KEY 0 +# define EVP_F_EVP_PKEY_PARAMGEN 0 +# define EVP_F_EVP_PKEY_PARAMGEN_INIT 0 +# define EVP_F_EVP_PKEY_PARAM_CHECK 0 +# define EVP_F_EVP_PKEY_PUBLIC_CHECK 0 +# define EVP_F_EVP_PKEY_SET1_ENGINE 0 +# define EVP_F_EVP_PKEY_SET_ALIAS_TYPE 0 +# define EVP_F_EVP_PKEY_SIGN 0 +# define EVP_F_EVP_PKEY_SIGN_INIT 0 +# define EVP_F_EVP_PKEY_VERIFY 0 +# define EVP_F_EVP_PKEY_VERIFY_INIT 0 +# define EVP_F_EVP_PKEY_VERIFY_RECOVER 0 +# define EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT 0 +# define EVP_F_EVP_SET_DEFAULT_PROPERTIES 0 +# define EVP_F_EVP_SIGNFINAL 0 +# define EVP_F_EVP_VERIFYFINAL 0 +# define EVP_F_GMAC_CTRL 0 +# define EVP_F_INT_CTX_NEW 0 +# define EVP_F_KMAC_CTRL 0 +# define EVP_F_KMAC_INIT 0 +# define EVP_F_OK_NEW 0 +# define EVP_F_PKCS5_PBE_KEYIVGEN 0 +# define EVP_F_PKCS5_V2_PBE_KEYIVGEN 0 +# define EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN 0 +# define EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN 0 +# define EVP_F_PKEY_KDF_CTRL 0 +# define EVP_F_PKEY_MAC_COPY 0 +# define EVP_F_PKEY_MAC_INIT 0 +# define EVP_F_PKEY_SET_TYPE 0 +# define EVP_F_POLY1305_CTRL 0 +# define EVP_F_RC2_MAGIC_TO_METH 0 +# define EVP_F_RC5_CTRL 0 +# define EVP_F_R_32_12_16_INIT_KEY 0 +# define EVP_F_S390X_AES_GCM_CTRL 0 +# define EVP_F_S390X_AES_GCM_TLS_CIPHER 0 +# define EVP_F_SCRYPT_ALG 0 +# define EVP_F_UPDATE 0 +# endif + +/* + * EVP reason codes. + */ +# define EVP_R_AES_KEY_SETUP_FAILED 143 +# define EVP_R_ARIA_KEY_SETUP_FAILED 176 +# define EVP_R_BAD_ALGORITHM_NAME 200 +# define EVP_R_BAD_DECRYPT 100 +# define EVP_R_BAD_KEY_LENGTH 195 +# define EVP_R_BUFFER_TOO_SMALL 155 +# define EVP_R_CAMELLIA_KEY_SETUP_FAILED 157 +# define EVP_R_CANNOT_GET_PARAMETERS 197 +# define EVP_R_CANNOT_SET_PARAMETERS 198 +# define EVP_R_CIPHER_NOT_GCM_MODE 184 +# define EVP_R_CIPHER_PARAMETER_ERROR 122 +# define EVP_R_COMMAND_NOT_SUPPORTED 147 +# define EVP_R_CONFLICTING_ALGORITHM_NAME 201 +# define EVP_R_COPY_ERROR 173 +# define EVP_R_CTRL_NOT_IMPLEMENTED 132 +# define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133 +# define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138 +# define EVP_R_DECODE_ERROR 114 +# define EVP_R_DIFFERENT_KEY_TYPES 101 +# define EVP_R_DIFFERENT_PARAMETERS 153 +# define EVP_R_ERROR_LOADING_SECTION 165 +# define EVP_R_ERROR_SETTING_FIPS_MODE 166 +# define EVP_R_EXPECTING_AN_HMAC_KEY 174 +# define EVP_R_EXPECTING_AN_RSA_KEY 127 +# define EVP_R_EXPECTING_A_DH_KEY 128 +# define EVP_R_EXPECTING_A_DSA_KEY 129 +# define EVP_R_EXPECTING_A_EC_KEY 142 +# define EVP_R_EXPECTING_A_POLY1305_KEY 164 +# define EVP_R_EXPECTING_A_SIPHASH_KEY 175 +# define EVP_R_FINAL_ERROR 188 +# define EVP_R_FIPS_MODE_NOT_SUPPORTED 167 +# define EVP_R_GET_RAW_KEY_FAILED 182 +# define EVP_R_ILLEGAL_SCRYPT_PARAMETERS 171 +# define EVP_R_INITIALIZATION_ERROR 134 +# define EVP_R_INPUT_NOT_INITIALIZED 111 +# define EVP_R_INVALID_CUSTOM_LENGTH 185 +# define EVP_R_INVALID_DIGEST 152 +# define EVP_R_INVALID_FIPS_MODE 168 +# define EVP_R_INVALID_IV_LENGTH 194 +# define EVP_R_INVALID_KEY 163 +# define EVP_R_INVALID_KEY_LENGTH 130 +# define EVP_R_INVALID_OPERATION 148 +# define EVP_R_INVALID_PROVIDER_FUNCTIONS 193 +# define EVP_R_INVALID_SALT_LENGTH 186 +# define EVP_R_KEYGEN_FAILURE 120 +# define EVP_R_KEY_SETUP_FAILED 180 +# define EVP_R_MEMORY_LIMIT_EXCEEDED 172 +# define EVP_R_MESSAGE_DIGEST_IS_NULL 159 +# define EVP_R_METHOD_NOT_SUPPORTED 144 +# define EVP_R_MISSING_PARAMETERS 103 +# define EVP_R_NOT_ABLE_TO_COPY_CTX 190 +# define EVP_R_NOT_XOF_OR_INVALID_LENGTH 178 +# define EVP_R_NO_CIPHER_SET 131 +# define EVP_R_NO_DEFAULT_DIGEST 158 +# define EVP_R_NO_DIGEST_SET 139 +# define EVP_R_NO_KEYMGMT_AVAILABLE 199 +# define EVP_R_NO_KEYMGMT_PRESENT 196 +# define EVP_R_NO_KEY_SET 154 +# define EVP_R_NO_OPERATION_SET 149 +# define EVP_R_ONLY_ONESHOT_SUPPORTED 177 +# define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150 +# define EVP_R_OPERATON_NOT_INITIALIZED 151 +# define EVP_R_PARAMETER_TOO_LARGE 187 +# define EVP_R_PARTIALLY_OVERLAPPING 162 +# define EVP_R_PBKDF2_ERROR 181 +# define EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED 179 +# define EVP_R_PRIVATE_KEY_DECODE_ERROR 145 +# define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146 +# define EVP_R_PUBLIC_KEY_NOT_RSA 106 +# define EVP_R_TOO_MANY_RECORDS 183 +# define EVP_R_UNKNOWN_CIPHER 160 +# define EVP_R_UNKNOWN_DIGEST 161 +# define EVP_R_UNKNOWN_OPTION 169 +# define EVP_R_UNKNOWN_PBE_ALGORITHM 121 +# define EVP_R_UNSUPPORTED_ALGORITHM 156 +# define EVP_R_UNSUPPORTED_CIPHER 107 +# define EVP_R_UNSUPPORTED_KEYLENGTH 123 +# define EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION 124 +# define EVP_R_UNSUPPORTED_KEY_SIZE 108 +# define EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS 135 +# define EVP_R_UNSUPPORTED_PRF 125 +# define EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM 118 +# define EVP_R_UNSUPPORTED_SALT_TYPE 126 +# define EVP_R_UPDATE_ERROR 189 +# define EVP_R_WRAP_MODE_NOT_ALLOWED 170 +# define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109 +# define EVP_R_XTS_DATA_UNIT_IS_TOO_LARGE 191 +# define EVP_R_XTS_DUPLICATED_KEYS 192 + +#endif diff --git a/linux_amd64/include/openssl/fips_names.h b/linux_amd64/include/openssl/fips_names.h new file mode 100644 index 0000000..aeb9670 --- /dev/null +++ b/linux_amd64/include/openssl/fips_names.h @@ -0,0 +1,46 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_FIPS_NAMES_H +# define OPENSSL_FIPS_NAMES_H + +# ifdef __cplusplus +extern "C" { +# endif + +/* + * Parameter names that the FIPS Provider defines + */ + +/* + * The calculated MAC of the module file (Used for FIPS Self Testing) + * Type: OSSL_PARAM_UTF8_STRING + */ +# define OSSL_PROV_FIPS_PARAM_MODULE_MAC "module-checksum" +/* + * A version number for the fips install process (Used for FIPS Self Testing) + * Type: OSSL_PARAM_UTF8_STRING + */ +# define OSSL_PROV_FIPS_PARAM_INSTALL_VERSION "install-version" +/* + * The calculated MAC of the install status indicator (Used for FIPS Self Testing) + * Type: OSSL_PARAM_UTF8_STRING + */ +# define OSSL_PROV_FIPS_PARAM_INSTALL_MAC "install-checksum" +/* + * The install status indicator (Used for FIPS Self Testing) + * Type: OSSL_PARAM_UTF8_STRING + */ +# define OSSL_PROV_FIPS_PARAM_INSTALL_STATUS "install-status" + +# ifdef __cplusplus +} +# endif + +#endif /* OPENSSL_FIPS_NAMES_H */ diff --git a/linux_amd64/include/openssl/hmac.h b/linux_amd64/include/openssl/hmac.h new file mode 100644 index 0000000..d05cdde --- /dev/null +++ b/linux_amd64/include/openssl/hmac.h @@ -0,0 +1,58 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_HMAC_H +# define OPENSSL_HMAC_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_HMAC_H +# endif + +# include + +# include + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HMAC_MAX_MD_CBLOCK 128 /* Deprecated */ +# endif + +# ifdef __cplusplus +extern "C" { +# endif + +DEPRECATEDIN_3_0(size_t HMAC_size(const HMAC_CTX *e)) +DEPRECATEDIN_3_0(HMAC_CTX *HMAC_CTX_new(void)) +DEPRECATEDIN_3_0(int HMAC_CTX_reset(HMAC_CTX *ctx)) +DEPRECATEDIN_3_0(void HMAC_CTX_free(HMAC_CTX *ctx)) + +DEPRECATEDIN_1_1_0(__owur int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, + const EVP_MD *md)) + +DEPRECATEDIN_3_0(int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, + const EVP_MD *md, ENGINE *impl)) +DEPRECATEDIN_3_0(int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, + size_t len)) +DEPRECATEDIN_3_0(int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, + unsigned int *len)) +DEPRECATEDIN_3_0(unsigned char *HMAC(const EVP_MD *evp_md, const void *key, + int key_len, const unsigned char *d, + size_t n, unsigned char *md, + unsigned int *md_len)) +DEPRECATEDIN_3_0(__owur int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx)) + +DEPRECATEDIN_3_0(void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags)) +DEPRECATEDIN_3_0(const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx)) + +# ifdef __cplusplus +} +# endif + +#endif diff --git a/linux_amd64/include/openssl/http.h b/linux_amd64/include/openssl/http.h new file mode 100644 index 0000000..e37f636 --- /dev/null +++ b/linux_amd64/include/openssl/http.h @@ -0,0 +1,72 @@ +/* + * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright Siemens AG 2018-2020 + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_HTTP_H +# define OPENSSL_HTTP_H +# pragma once + +# include + +# include +# include +# include + + +# ifdef __cplusplus +extern "C" { +# endif + +typedef BIO *(*OSSL_HTTP_bio_cb_t)(BIO *bio, void *arg, int connect, int detail); + +BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *proxy_port, + BIO *bio, BIO *rbio, + OSSL_HTTP_bio_cb_t bio_update_fn, void *arg, + const STACK_OF(CONF_VALUE) *headers, + int maxline, unsigned long max_resp_len, int timeout, + const char *expected_content_type, int expect_asn1); +ASN1_VALUE *OSSL_HTTP_get_asn1(const char *url, + const char *proxy, const char *proxy_port, + BIO *bio, BIO *rbio, + OSSL_HTTP_bio_cb_t bio_update_fn, void *arg, + const STACK_OF(CONF_VALUE) *headers, + int maxline, unsigned long max_resp_len, + int timeout, const char *expected_content_type, + const ASN1_ITEM *it); +ASN1_VALUE *OSSL_HTTP_post_asn1(const char *server, const char *port, + const char *path, int use_ssl, + const char *proxy, const char *proxy_port, + BIO *bio, BIO *rbio, + OSSL_HTTP_bio_cb_t bio_update_fn, void *arg, + const STACK_OF(CONF_VALUE) *headers, + const char *content_type, + ASN1_VALUE *req, const ASN1_ITEM *req_it, + int maxline, unsigned long max_resp_len, + int timeout, const char *expected_ct, + const ASN1_ITEM *rsp_it); +BIO *OSSL_HTTP_transfer(const char *server, const char *port, const char *path, + int use_ssl, const char *proxy, const char *proxy_port, + BIO *bio, BIO *rbio, + OSSL_HTTP_bio_cb_t bio_update_fn, void *arg, + const STACK_OF(CONF_VALUE) *headers, + const char *content_type, BIO *req_mem, + int maxline, unsigned long max_resp_len, int timeout, + const char *expected_ct, int expect_asn1, + char **redirection_url); +int OSSL_HTTP_proxy_connect(BIO *bio, const char *server, const char *port, + const char *proxyuser, const char *proxypass, + int timeout, BIO *bio_err, const char *prog); + +int OSSL_HTTP_parse_url(const char *url, char **phost, char **pport, + char **ppath, int *pssl); + +# ifdef __cplusplus +} +# endif +#endif /* !defined OPENSSL_HTTP_H */ diff --git a/linux_amd64/include/openssl/httperr.h b/linux_amd64/include/openssl/httperr.h new file mode 100644 index 0000000..36dd7cb --- /dev/null +++ b/linux_amd64/include/openssl/httperr.h @@ -0,0 +1,55 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_HTTPERR_H +# define OPENSSL_HTTPERR_H + +# include +# include + + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_HTTP_strings(void); + +/* + * HTTP function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# endif + +/* + * HTTP reason codes. + */ +# define HTTP_R_ASN1_LEN_EXCEEDS_MAX_RESP_LEN 108 +# define HTTP_R_CONNECT_FAILURE 100 +# define HTTP_R_ERROR_PARSING_ASN1_LENGTH 109 +# define HTTP_R_ERROR_PARSING_CONTENT_LENGTH 119 +# define HTTP_R_ERROR_PARSING_URL 101 +# define HTTP_R_ERROR_RECEIVING 103 +# define HTTP_R_ERROR_SENDING 102 +# define HTTP_R_INCONSISTENT_CONTENT_LENGTH 120 +# define HTTP_R_MAX_RESP_LEN_EXCEEDED 117 +# define HTTP_R_MISSING_ASN1_ENCODING 110 +# define HTTP_R_MISSING_CONTENT_TYPE 121 +# define HTTP_R_MISSING_REDIRECT_LOCATION 111 +# define HTTP_R_REDIRECTION_FROM_HTTPS_TO_HTTP 112 +# define HTTP_R_REDIRECTION_NOT_ENABLED 116 +# define HTTP_R_RESPONSE_LINE_TOO_LONG 113 +# define HTTP_R_SERVER_RESPONSE_PARSE_ERROR 104 +# define HTTP_R_SERVER_SENT_ERROR 105 +# define HTTP_R_SERVER_SENT_WRONG_HTTP_VERSION 106 +# define HTTP_R_STATUS_CODE_UNSUPPORTED 114 +# define HTTP_R_TLS_NOT_ENABLED 107 +# define HTTP_R_TOO_MANY_REDIRECTIONS 115 +# define HTTP_R_UNEXPECTED_CONTENT_TYPE 118 + +#endif diff --git a/linux_amd64/include/openssl/idea.h b/linux_amd64/include/openssl/idea.h new file mode 100644 index 0000000..a651ee2 --- /dev/null +++ b/linux_amd64/include/openssl/idea.h @@ -0,0 +1,79 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_IDEA_H +# define OPENSSL_IDEA_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_IDEA_H +# endif + +# include + +# ifndef OPENSSL_NO_IDEA +# ifdef __cplusplus +extern "C" { +# endif + +# define IDEA_BLOCK 8 +# define IDEA_KEY_LENGTH 16 + +# ifndef OPENSSL_NO_DEPRECATED_3_0 + +typedef unsigned int IDEA_INT; + +# define IDEA_ENCRYPT 1 +# define IDEA_DECRYPT 0 + +typedef struct idea_key_st { + IDEA_INT data[9][6]; +} IDEA_KEY_SCHEDULE; +#endif + +DEPRECATEDIN_3_0(const char *IDEA_options(void)) +DEPRECATEDIN_3_0(void IDEA_ecb_encrypt(const unsigned char *in, + unsigned char *out, + IDEA_KEY_SCHEDULE *ks)) +DEPRECATEDIN_3_0(void IDEA_set_encrypt_key(const unsigned char *key, + IDEA_KEY_SCHEDULE *ks)) +DEPRECATEDIN_3_0(void IDEA_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, + IDEA_KEY_SCHEDULE *dk)) +DEPRECATEDIN_3_0(void IDEA_cbc_encrypt(const unsigned char *in, + unsigned char *out, long length, + IDEA_KEY_SCHEDULE *ks, + unsigned char *iv, int enc)) +DEPRECATEDIN_3_0(void IDEA_cfb64_encrypt(const unsigned char *in, + unsigned char *out, long length, + IDEA_KEY_SCHEDULE *ks, + unsigned char *iv, int *num, int enc)) +DEPRECATEDIN_3_0(void IDEA_ofb64_encrypt(const unsigned char *in, + unsigned char *out, long length, + IDEA_KEY_SCHEDULE *ks, + unsigned char *iv, int *num)) +DEPRECATEDIN_3_0(void IDEA_encrypt(unsigned long *in, IDEA_KEY_SCHEDULE *ks)) + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define idea_options IDEA_options +# define idea_ecb_encrypt IDEA_ecb_encrypt +# define idea_set_encrypt_key IDEA_set_encrypt_key +# define idea_set_decrypt_key IDEA_set_decrypt_key +# define idea_cbc_encrypt IDEA_cbc_encrypt +# define idea_cfb64_encrypt IDEA_cfb64_encrypt +# define idea_ofb64_encrypt IDEA_ofb64_encrypt +# define idea_encrypt IDEA_encrypt +# endif + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/linux_amd64/include/openssl/kdf.h b/linux_amd64/include/openssl/kdf.h new file mode 100644 index 0000000..d8f81c9 --- /dev/null +++ b/linux_amd64/include/openssl/kdf.h @@ -0,0 +1,178 @@ +/* + * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_KDF_H +# define OPENSSL_KDF_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_KDF_H +# endif + +# include +# include +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +int EVP_KDF_up_ref(EVP_KDF *kdf); +void EVP_KDF_free(EVP_KDF *kdf); +EVP_KDF *EVP_KDF_fetch(OPENSSL_CTX *libctx, const char *algorithm, + const char *properties); + +EVP_KDF_CTX *EVP_KDF_CTX_new(EVP_KDF *kdf); +void EVP_KDF_CTX_free(EVP_KDF_CTX *ctx); +EVP_KDF_CTX *EVP_KDF_CTX_dup(const EVP_KDF_CTX *src); +int EVP_KDF_number(const EVP_KDF *kdf); +int EVP_KDF_is_a(const EVP_KDF *kdf, const char *name); +const OSSL_PROVIDER *EVP_KDF_provider(const EVP_KDF *kdf); +const EVP_KDF *EVP_KDF_CTX_kdf(EVP_KDF_CTX *ctx); + +void EVP_KDF_reset(EVP_KDF_CTX *ctx); +size_t EVP_KDF_size(EVP_KDF_CTX *ctx); +int EVP_KDF_derive(EVP_KDF_CTX *ctx, unsigned char *key, size_t keylen); +int EVP_KDF_get_params(EVP_KDF *kdf, OSSL_PARAM params[]); +int EVP_KDF_CTX_get_params(EVP_KDF_CTX *ctx, OSSL_PARAM params[]); +int EVP_KDF_CTX_set_params(EVP_KDF_CTX *ctx, const OSSL_PARAM params[]); +const OSSL_PARAM *EVP_KDF_gettable_params(const EVP_KDF *kdf); +const OSSL_PARAM *EVP_KDF_gettable_ctx_params(const EVP_KDF *kdf); +const OSSL_PARAM *EVP_KDF_settable_ctx_params(const EVP_KDF *kdf); + +void EVP_KDF_do_all_provided(OPENSSL_CTX *libctx, + void (*fn)(EVP_KDF *kdf, void *arg), + void *arg); +void EVP_KDF_names_do_all(const EVP_KDF *kdf, + void (*fn)(const char *name, void *data), + void *data); + +# define EVP_KDF_CTRL_SET_PASS 0x01 /* unsigned char *, size_t */ +# define EVP_KDF_CTRL_SET_SALT 0x02 /* unsigned char *, size_t */ +# define EVP_KDF_CTRL_SET_ITER 0x03 /* int */ +# define EVP_KDF_CTRL_SET_MD 0x04 /* EVP_MD * */ +# define EVP_KDF_CTRL_SET_KEY 0x05 /* unsigned char *, size_t */ +# define EVP_KDF_CTRL_SET_MAXMEM_BYTES 0x06 /* uint64_t */ +# define EVP_KDF_CTRL_SET_TLS_SECRET 0x07 /* unsigned char *, size_t */ +# define EVP_KDF_CTRL_ADD_TLS_SEED 0x08 /* unsigned char *, size_t */ +# define EVP_KDF_CTRL_RESET_HKDF_INFO 0x09 +# define EVP_KDF_CTRL_ADD_HKDF_INFO 0x0a /* unsigned char *, size_t */ +# define EVP_KDF_CTRL_SET_HKDF_MODE 0x0b /* int */ +# define EVP_KDF_CTRL_SET_SCRYPT_N 0x0c /* uint64_t */ +# define EVP_KDF_CTRL_SET_SCRYPT_R 0x0d /* uint32_t */ +# define EVP_KDF_CTRL_SET_SCRYPT_P 0x0e /* uint32_t */ +# define EVP_KDF_CTRL_SET_SSHKDF_XCGHASH 0x0f /* unsigned char *, size_t */ +# define EVP_KDF_CTRL_SET_SSHKDF_SESSION_ID 0x10 /* unsigned char *, size_t */ +# define EVP_KDF_CTRL_SET_SSHKDF_TYPE 0x11 /* int */ +# define EVP_KDF_CTRL_SET_MAC 0x12 /* EVP_MAC * */ +# define EVP_KDF_CTRL_SET_MAC_SIZE 0x13 /* size_t */ +# define EVP_KDF_CTRL_SET_SSKDF_INFO 0x14 /* unsigned char *, size_t */ +# define EVP_KDF_CTRL_SET_PBKDF2_PKCS5_MODE 0x15 /* int */ +# define EVP_KDF_CTRL_SET_UKM 0x16 /* unsigned char *, size_t */ +# define EVP_KDF_CTRL_SET_CEK_ALG 0x17 /* char * */ +# define EVP_KDF_CTRL_SET_SHARED_INFO EVP_KDF_CTRL_SET_SSKDF_INFO + +# define EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND 0 +# define EVP_KDF_HKDF_MODE_EXTRACT_ONLY 1 +# define EVP_KDF_HKDF_MODE_EXPAND_ONLY 2 + +#define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV 65 +#define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_SRV_TO_CLI 66 +#define EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_CLI_TO_SRV 67 +#define EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_SRV_TO_CLI 68 +#define EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_CLI_TO_SRV 69 +#define EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_SRV_TO_CLI 70 + +/**** The legacy PKEY-based KDF API follows. ****/ + +# define EVP_PKEY_CTRL_TLS_MD (EVP_PKEY_ALG_CTRL) +# define EVP_PKEY_CTRL_TLS_SECRET (EVP_PKEY_ALG_CTRL + 1) +# define EVP_PKEY_CTRL_TLS_SEED (EVP_PKEY_ALG_CTRL + 2) +# define EVP_PKEY_CTRL_HKDF_MD (EVP_PKEY_ALG_CTRL + 3) +# define EVP_PKEY_CTRL_HKDF_SALT (EVP_PKEY_ALG_CTRL + 4) +# define EVP_PKEY_CTRL_HKDF_KEY (EVP_PKEY_ALG_CTRL + 5) +# define EVP_PKEY_CTRL_HKDF_INFO (EVP_PKEY_ALG_CTRL + 6) +# define EVP_PKEY_CTRL_HKDF_MODE (EVP_PKEY_ALG_CTRL + 7) +# define EVP_PKEY_CTRL_PASS (EVP_PKEY_ALG_CTRL + 8) +# define EVP_PKEY_CTRL_SCRYPT_SALT (EVP_PKEY_ALG_CTRL + 9) +# define EVP_PKEY_CTRL_SCRYPT_N (EVP_PKEY_ALG_CTRL + 10) +# define EVP_PKEY_CTRL_SCRYPT_R (EVP_PKEY_ALG_CTRL + 11) +# define EVP_PKEY_CTRL_SCRYPT_P (EVP_PKEY_ALG_CTRL + 12) +# define EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES (EVP_PKEY_ALG_CTRL + 13) + +# define EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND \ + EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND +# define EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY \ + EVP_KDF_HKDF_MODE_EXTRACT_ONLY +# define EVP_PKEY_HKDEF_MODE_EXPAND_ONLY \ + EVP_KDF_HKDF_MODE_EXPAND_ONLY + +# define EVP_PKEY_CTX_set_tls1_prf_md(pctx, md) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_TLS_MD, 0, (void *)(md)) + +# define EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, sec, seclen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_TLS_SECRET, seclen, (void *)(sec)) + +# define EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed, seedlen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_TLS_SEED, seedlen, (void *)(seed)) + +# define EVP_PKEY_CTX_set_hkdf_md(pctx, md) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_HKDF_MD, 0, (void *)(md)) + +# define EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, saltlen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_HKDF_SALT, saltlen, (void *)(salt)) + +# define EVP_PKEY_CTX_set1_hkdf_key(pctx, key, keylen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_HKDF_KEY, keylen, (void *)(key)) + +# define EVP_PKEY_CTX_add1_hkdf_info(pctx, info, infolen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_HKDF_INFO, infolen, (void *)(info)) + +# define EVP_PKEY_CTX_hkdf_mode(pctx, mode) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_HKDF_MODE, mode, NULL) + +# define EVP_PKEY_CTX_set1_pbe_pass(pctx, pass, passlen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_PASS, passlen, (void *)(pass)) + +# define EVP_PKEY_CTX_set1_scrypt_salt(pctx, salt, saltlen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_SCRYPT_SALT, saltlen, (void *)(salt)) + +# define EVP_PKEY_CTX_set_scrypt_N(pctx, n) \ + EVP_PKEY_CTX_ctrl_uint64(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_SCRYPT_N, n) + +# define EVP_PKEY_CTX_set_scrypt_r(pctx, r) \ + EVP_PKEY_CTX_ctrl_uint64(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_SCRYPT_R, r) + +# define EVP_PKEY_CTX_set_scrypt_p(pctx, p) \ + EVP_PKEY_CTX_ctrl_uint64(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_SCRYPT_P, p) + +# define EVP_PKEY_CTX_set_scrypt_maxmem_bytes(pctx, maxmem_bytes) \ + EVP_PKEY_CTX_ctrl_uint64(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES, maxmem_bytes) + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/linux_amd64/include/openssl/kdferr.h b/linux_amd64/include/openssl/kdferr.h new file mode 100644 index 0000000..31f112c --- /dev/null +++ b/linux_amd64/include/openssl/kdferr.h @@ -0,0 +1,118 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_KDFERR_H +# define OPENSSL_KDFERR_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_OSSL_KDFERR_H +# endif + +# include +# include + + +# ifdef __cplusplus +extern "C" +# endif +DEPRECATEDIN_3_0(int ERR_load_KDF_strings(void)) + +/* + * KDF function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define KDF_F_HKDF_EXTRACT 0 +# define KDF_F_KDF_HKDF_DERIVE 0 +# define KDF_F_KDF_HKDF_NEW 0 +# define KDF_F_KDF_HKDF_SIZE 0 +# define KDF_F_KDF_MD2CTRL 0 +# define KDF_F_KDF_PBKDF2_CTRL 0 +# define KDF_F_KDF_PBKDF2_CTRL_STR 0 +# define KDF_F_KDF_PBKDF2_DERIVE 0 +# define KDF_F_KDF_PBKDF2_NEW 0 +# define KDF_F_KDF_SCRYPT_CTRL_STR 0 +# define KDF_F_KDF_SCRYPT_CTRL_UINT32 0 +# define KDF_F_KDF_SCRYPT_CTRL_UINT64 0 +# define KDF_F_KDF_SCRYPT_DERIVE 0 +# define KDF_F_KDF_SCRYPT_NEW 0 +# define KDF_F_KDF_SSHKDF_CTRL 0 +# define KDF_F_KDF_SSHKDF_CTRL_STR 0 +# define KDF_F_KDF_SSHKDF_DERIVE 0 +# define KDF_F_KDF_SSHKDF_NEW 0 +# define KDF_F_KDF_TLS1_PRF_CTRL_STR 0 +# define KDF_F_KDF_TLS1_PRF_DERIVE 0 +# define KDF_F_KDF_TLS1_PRF_NEW 0 +# define KDF_F_PBKDF2_DERIVE 0 +# define KDF_F_PBKDF2_SET_MEMBUF 0 +# define KDF_F_PKEY_HKDF_CTRL_STR 0 +# define KDF_F_PKEY_HKDF_DERIVE 0 +# define KDF_F_PKEY_HKDF_INIT 0 +# define KDF_F_PKEY_SCRYPT_CTRL_STR 0 +# define KDF_F_PKEY_SCRYPT_CTRL_UINT64 0 +# define KDF_F_PKEY_SCRYPT_DERIVE 0 +# define KDF_F_PKEY_SCRYPT_INIT 0 +# define KDF_F_PKEY_SCRYPT_SET_MEMBUF 0 +# define KDF_F_PKEY_TLS1_PRF_CTRL_STR 0 +# define KDF_F_PKEY_TLS1_PRF_DERIVE 0 +# define KDF_F_PKEY_TLS1_PRF_INIT 0 +# define KDF_F_SCRYPT_SET_MEMBUF 0 +# define KDF_F_SSKDF_CTRL_STR 0 +# define KDF_F_SSKDF_DERIVE 0 +# define KDF_F_SSKDF_MAC2CTRL 0 +# define KDF_F_SSKDF_NEW 0 +# define KDF_F_SSKDF_SIZE 0 +# define KDF_F_TLS1_PRF_ALG 0 +# define KDF_F_X942KDF_CTRL 0 +# define KDF_F_X942KDF_DERIVE 0 +# define KDF_F_X942KDF_HASH_KDM 0 +# define KDF_F_X942KDF_NEW 0 +# define KDF_F_X942KDF_SIZE 0 +# define KDF_F_X963KDF_DERIVE 0 +# endif + +/* + * KDF reason codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define KDF_R_BAD_ENCODING 122 +# define KDF_R_BAD_LENGTH 123 +# define KDF_R_BOTH_MODE_AND_MODE_INT 127 +# define KDF_R_INAVLID_UKM_LEN 124 +# define KDF_R_INVALID_DIGEST 100 +# define KDF_R_INVALID_ITERATION_COUNT 119 +# define KDF_R_INVALID_KEY_LEN 120 +# define KDF_R_INVALID_MAC_TYPE 116 +# define KDF_R_INVALID_MODE 128 +# define KDF_R_INVALID_MODE_INT 129 +# define KDF_R_INVALID_SALT_LEN 121 +# define KDF_R_MISSING_CEK_ALG 125 +# define KDF_R_MISSING_ITERATION_COUNT 109 +# define KDF_R_MISSING_KEY 104 +# define KDF_R_MISSING_MESSAGE_DIGEST 105 +# define KDF_R_MISSING_PARAMETER 101 +# define KDF_R_MISSING_PASS 110 +# define KDF_R_MISSING_SALT 111 +# define KDF_R_MISSING_SECRET 107 +# define KDF_R_MISSING_SEED 106 +# define KDF_R_MISSING_SESSION_ID 113 +# define KDF_R_MISSING_TYPE 114 +# define KDF_R_MISSING_XCGHASH 115 +# define KDF_R_NOT_SUPPORTED 118 +# define KDF_R_UNKNOWN_PARAMETER_TYPE 103 +# define KDF_R_UNSUPPORTED_CEK_ALG 126 +# define KDF_R_UNSUPPORTED_MAC_TYPE 117 +# define KDF_R_VALUE_ERROR 108 +# define KDF_R_VALUE_MISSING 102 +# define KDF_R_WRONG_OUTPUT_BUFFER_SIZE 112 +# endif + +#endif diff --git a/linux_amd64/include/openssl/lhash.h b/linux_amd64/include/openssl/lhash.h new file mode 100644 index 0000000..2be4cf4 --- /dev/null +++ b/linux_amd64/include/openssl/lhash.h @@ -0,0 +1,252 @@ +/* + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * Header for dynamic hash table routines Author - Eric Young + */ + +#ifndef OPENSSL_LHASH_H +# define OPENSSL_LHASH_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_LHASH_H +# endif + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct lhash_node_st OPENSSL_LH_NODE; +typedef int (*OPENSSL_LH_COMPFUNC) (const void *, const void *); +typedef unsigned long (*OPENSSL_LH_HASHFUNC) (const void *); +typedef void (*OPENSSL_LH_DOALL_FUNC) (void *); +typedef void (*OPENSSL_LH_DOALL_FUNCARG) (void *, void *); +typedef struct lhash_st OPENSSL_LHASH; + +/* + * Macros for declaring and implementing type-safe wrappers for LHASH + * callbacks. This way, callbacks can be provided to LHASH structures without + * function pointer casting and the macro-defined callbacks provide + * per-variable casting before deferring to the underlying type-specific + * callbacks. NB: It is possible to place a "static" in front of both the + * DECLARE and IMPLEMENT macros if the functions are strictly internal. + */ + +/* First: "hash" functions */ +# define DECLARE_LHASH_HASH_FN(name, o_type) \ + unsigned long name##_LHASH_HASH(const void *); +# define IMPLEMENT_LHASH_HASH_FN(name, o_type) \ + unsigned long name##_LHASH_HASH(const void *arg) { \ + const o_type *a = arg; \ + return name##_hash(a); } +# define LHASH_HASH_FN(name) name##_LHASH_HASH + +/* Second: "compare" functions */ +# define DECLARE_LHASH_COMP_FN(name, o_type) \ + int name##_LHASH_COMP(const void *, const void *); +# define IMPLEMENT_LHASH_COMP_FN(name, o_type) \ + int name##_LHASH_COMP(const void *arg1, const void *arg2) { \ + const o_type *a = arg1; \ + const o_type *b = arg2; \ + return name##_cmp(a,b); } +# define LHASH_COMP_FN(name) name##_LHASH_COMP + +/* Fourth: "doall_arg" functions */ +# define DECLARE_LHASH_DOALL_ARG_FN(name, o_type, a_type) \ + void name##_LHASH_DOALL_ARG(void *, void *); +# define IMPLEMENT_LHASH_DOALL_ARG_FN(name, o_type, a_type) \ + void name##_LHASH_DOALL_ARG(void *arg1, void *arg2) { \ + o_type *a = arg1; \ + a_type *b = arg2; \ + name##_doall_arg(a, b); } +# define LHASH_DOALL_ARG_FN(name) name##_LHASH_DOALL_ARG + + +# define LH_LOAD_MULT 256 + +int OPENSSL_LH_error(OPENSSL_LHASH *lh); +OPENSSL_LHASH *OPENSSL_LH_new(OPENSSL_LH_HASHFUNC h, OPENSSL_LH_COMPFUNC c); +void OPENSSL_LH_free(OPENSSL_LHASH *lh); +void OPENSSL_LH_flush(OPENSSL_LHASH *lh); +void *OPENSSL_LH_insert(OPENSSL_LHASH *lh, void *data); +void *OPENSSL_LH_delete(OPENSSL_LHASH *lh, const void *data); +void *OPENSSL_LH_retrieve(OPENSSL_LHASH *lh, const void *data); +void OPENSSL_LH_doall(OPENSSL_LHASH *lh, OPENSSL_LH_DOALL_FUNC func); +void OPENSSL_LH_doall_arg(OPENSSL_LHASH *lh, OPENSSL_LH_DOALL_FUNCARG func, void *arg); +unsigned long OPENSSL_LH_strhash(const char *c); +unsigned long OPENSSL_LH_num_items(const OPENSSL_LHASH *lh); +unsigned long OPENSSL_LH_get_down_load(const OPENSSL_LHASH *lh); +void OPENSSL_LH_set_down_load(OPENSSL_LHASH *lh, unsigned long down_load); + +# ifndef OPENSSL_NO_STDIO +void OPENSSL_LH_stats(const OPENSSL_LHASH *lh, FILE *fp); +void OPENSSL_LH_node_stats(const OPENSSL_LHASH *lh, FILE *fp); +void OPENSSL_LH_node_usage_stats(const OPENSSL_LHASH *lh, FILE *fp); +# endif +void OPENSSL_LH_stats_bio(const OPENSSL_LHASH *lh, BIO *out); +void OPENSSL_LH_node_stats_bio(const OPENSSL_LHASH *lh, BIO *out); +void OPENSSL_LH_node_usage_stats_bio(const OPENSSL_LHASH *lh, BIO *out); + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define _LHASH OPENSSL_LHASH +# define LHASH_NODE OPENSSL_LH_NODE +# define lh_error OPENSSL_LH_error +# define lh_new OPENSSL_LH_new +# define lh_free OPENSSL_LH_free +# define lh_insert OPENSSL_LH_insert +# define lh_delete OPENSSL_LH_delete +# define lh_retrieve OPENSSL_LH_retrieve +# define lh_doall OPENSSL_LH_doall +# define lh_doall_arg OPENSSL_LH_doall_arg +# define lh_strhash OPENSSL_LH_strhash +# define lh_num_items OPENSSL_LH_num_items +# ifndef OPENSSL_NO_STDIO +# define lh_stats OPENSSL_LH_stats +# define lh_node_stats OPENSSL_LH_node_stats +# define lh_node_usage_stats OPENSSL_LH_node_usage_stats +# endif +# define lh_stats_bio OPENSSL_LH_stats_bio +# define lh_node_stats_bio OPENSSL_LH_node_stats_bio +# define lh_node_usage_stats_bio OPENSSL_LH_node_usage_stats_bio +# endif + +/* Type checking... */ + +# define LHASH_OF(type) struct lhash_st_##type + +# define DEFINE_LHASH_OF(type) \ + LHASH_OF(type) { union lh_##type##_dummy { void* d1; unsigned long d2; int d3; } dummy; }; \ + static ossl_unused ossl_inline LHASH_OF(type) *lh_##type##_new(unsigned long (*hfn)(const type *), \ + int (*cfn)(const type *, const type *)) \ + { \ + return (LHASH_OF(type) *) \ + OPENSSL_LH_new((OPENSSL_LH_HASHFUNC)hfn, (OPENSSL_LH_COMPFUNC)cfn); \ + } \ + static ossl_unused ossl_inline void lh_##type##_free(LHASH_OF(type) *lh) \ + { \ + OPENSSL_LH_free((OPENSSL_LHASH *)lh); \ + } \ + static ossl_unused ossl_inline void lh_##type##_flush(LHASH_OF(type) *lh) \ + { \ + OPENSSL_LH_flush((OPENSSL_LHASH *)lh); \ + } \ + static ossl_unused ossl_inline type *lh_##type##_insert(LHASH_OF(type) *lh, type *d) \ + { \ + return (type *)OPENSSL_LH_insert((OPENSSL_LHASH *)lh, d); \ + } \ + static ossl_unused ossl_inline type *lh_##type##_delete(LHASH_OF(type) *lh, const type *d) \ + { \ + return (type *)OPENSSL_LH_delete((OPENSSL_LHASH *)lh, d); \ + } \ + static ossl_unused ossl_inline type *lh_##type##_retrieve(LHASH_OF(type) *lh, const type *d) \ + { \ + return (type *)OPENSSL_LH_retrieve((OPENSSL_LHASH *)lh, d); \ + } \ + static ossl_unused ossl_inline int lh_##type##_error(LHASH_OF(type) *lh) \ + { \ + return OPENSSL_LH_error((OPENSSL_LHASH *)lh); \ + } \ + static ossl_unused ossl_inline unsigned long lh_##type##_num_items(LHASH_OF(type) *lh) \ + { \ + return OPENSSL_LH_num_items((OPENSSL_LHASH *)lh); \ + } \ + static ossl_unused ossl_inline void lh_##type##_node_stats_bio(const LHASH_OF(type) *lh, BIO *out) \ + { \ + OPENSSL_LH_node_stats_bio((const OPENSSL_LHASH *)lh, out); \ + } \ + static ossl_unused ossl_inline void lh_##type##_node_usage_stats_bio(const LHASH_OF(type) *lh, BIO *out) \ + { \ + OPENSSL_LH_node_usage_stats_bio((const OPENSSL_LHASH *)lh, out); \ + } \ + static ossl_unused ossl_inline void lh_##type##_stats_bio(const LHASH_OF(type) *lh, BIO *out) \ + { \ + OPENSSL_LH_stats_bio((const OPENSSL_LHASH *)lh, out); \ + } \ + static ossl_unused ossl_inline unsigned long lh_##type##_get_down_load(LHASH_OF(type) *lh) \ + { \ + return OPENSSL_LH_get_down_load((OPENSSL_LHASH *)lh); \ + } \ + static ossl_unused ossl_inline void lh_##type##_set_down_load(LHASH_OF(type) *lh, unsigned long dl) \ + { \ + OPENSSL_LH_set_down_load((OPENSSL_LHASH *)lh, dl); \ + } \ + static ossl_unused ossl_inline void lh_##type##_doall(LHASH_OF(type) *lh, \ + void (*doall)(type *)) \ + { \ + OPENSSL_LH_doall((OPENSSL_LHASH *)lh, (OPENSSL_LH_DOALL_FUNC)doall); \ + } \ + LHASH_OF(type) + +#define IMPLEMENT_LHASH_DOALL_ARG_CONST(type, argtype) \ + int_implement_lhash_doall(type, argtype, const type) + +#define IMPLEMENT_LHASH_DOALL_ARG(type, argtype) \ + int_implement_lhash_doall(type, argtype, type) + +#define int_implement_lhash_doall(type, argtype, cbargtype) \ + static ossl_unused ossl_inline void \ + lh_##type##_doall_##argtype(LHASH_OF(type) *lh, \ + void (*fn)(cbargtype *, argtype *), \ + argtype *arg) \ + { \ + OPENSSL_LH_doall_arg((OPENSSL_LHASH *)lh, (OPENSSL_LH_DOALL_FUNCARG)fn, (void *)arg); \ + } \ + LHASH_OF(type) + +DEFINE_LHASH_OF(OPENSSL_STRING); +# ifdef _MSC_VER +/* + * push and pop this warning: + * warning C4090: 'function': different 'const' qualifiers + */ +# pragma warning (push) +# pragma warning (disable: 4090) +# endif + +DEFINE_LHASH_OF(OPENSSL_CSTRING); + +# ifdef _MSC_VER +# pragma warning (pop) +# endif + +/* + * If called without higher optimization (min. -xO3) the Oracle Developer + * Studio compiler generates code for the defined (static inline) functions + * above. + * This would later lead to the linker complaining about missing symbols when + * this header file is included but the resulting object is not linked against + * the Crypto library (openssl#6912). + */ +# ifdef __SUNPRO_C +# pragma weak OPENSSL_LH_new +# pragma weak OPENSSL_LH_free +# pragma weak OPENSSL_LH_insert +# pragma weak OPENSSL_LH_delete +# pragma weak OPENSSL_LH_retrieve +# pragma weak OPENSSL_LH_error +# pragma weak OPENSSL_LH_num_items +# pragma weak OPENSSL_LH_node_stats_bio +# pragma weak OPENSSL_LH_node_usage_stats_bio +# pragma weak OPENSSL_LH_stats_bio +# pragma weak OPENSSL_LH_get_down_load +# pragma weak OPENSSL_LH_set_down_load +# pragma weak OPENSSL_LH_doall +# pragma weak OPENSSL_LH_doall_arg +# endif /* __SUNPRO_C */ + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/linux_amd64/include/openssl/macros.h b/linux_amd64/include/openssl/macros.h new file mode 100644 index 0000000..28e3a30 --- /dev/null +++ b/linux_amd64/include/openssl/macros.h @@ -0,0 +1,256 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include + +#ifndef OPENSSL_MACROS_H +# define OPENSSL_MACROS_H + +/* Helper macros for CPP string composition */ +# define OPENSSL_MSTR_HELPER(x) #x +# define OPENSSL_MSTR(x) OPENSSL_MSTR_HELPER(x) + +/* + * Sometimes OPENSSSL_NO_xxx ends up with an empty file and some compilers + * don't like that. This will hopefully silence them. + */ +# define NON_EMPTY_TRANSLATION_UNIT static void *dummy = &dummy; + +/* + * Generic deprecation macro + * + * If OPENSSL_SUPPRESS_DEPRECATED is defined, then DECLARE_DEPRECATED + * becomes a no-op + */ +# ifndef DECLARE_DEPRECATED +# define DECLARE_DEPRECATED(f) f; +# ifndef OPENSSL_SUPPRESS_DEPRECATED +# ifdef __GNUC__ +# if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0) +# undef DECLARE_DEPRECATED +# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); +# endif +# elif defined(__SUNPRO_C) +# if (__SUNPRO_C >= 0x5130) +# undef DECLARE_DEPRECATED +# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); +# endif +# endif +# endif +# endif + +/* + * Applications should use -DOPENSSL_API_COMPAT= to suppress the + * declarations of functions deprecated in or before . If this is + * undefined, the value of the macro OPENSSL_CONFIGURED_API (defined in + * ) is the default. + * + * For any version number up until version 1.1.x, is expected to be + * the calculated version number 0xMNNFFPPSL. + * For version numbers 3.0 and on, is expected to be a computation + * of the major and minor numbers in decimal using this formula: + * + * MAJOR * 10000 + MINOR * 100 + * + * So version 3.0 becomes 30000, version 3.2 becomes 30200, etc. + */ + +/* + * We use the OPENSSL_API_COMPAT value to define API level macros. These + * macros are used to enable or disable features at that API version boundary. + */ + +# ifdef OPENSSL_API_LEVEL +# error "OPENSSL_API_LEVEL must not be defined by application" +# endif + +/* + * We figure out what API level was intended by simple numeric comparison. + * The lowest old style number we recognise is 0x00908000L, so we take some + * safety margin and assume that anything below 0x00900000L is a new style + * number. This allows new versions up to and including v943.71.83. + */ +# ifdef OPENSSL_API_COMPAT +# if OPENSSL_API_COMPAT < 0x900000L +# define OPENSSL_API_LEVEL (OPENSSL_API_COMPAT) +# else +# define OPENSSL_API_LEVEL \ + (((OPENSSL_API_COMPAT >> 28) & 0xF) * 10000 \ + + ((OPENSSL_API_COMPAT >> 20) & 0xFF) * 100 \ + + ((OPENSSL_API_COMPAT >> 12) & 0xFF)) +# endif +# endif + +/* + * If OPENSSL_API_COMPAT wasn't given, we use default numbers to set + * the API compatibility level. + */ +# ifndef OPENSSL_API_LEVEL +# if OPENSSL_CONFIGURED_API > 0 +# define OPENSSL_API_LEVEL (OPENSSL_CONFIGURED_API) +# else +# define OPENSSL_API_LEVEL \ + (OPENSSL_VERSION_MAJOR * 10000 + OPENSSL_VERSION_MINOR * 100) +# endif +# endif + +# if OPENSSL_API_LEVEL > OPENSSL_CONFIGURED_API +# error "The requested API level higher than the configured API compatibility level" +# endif + +/* + * Check of sane values. + */ +/* Can't go higher than the current version. */ +# if OPENSSL_API_LEVEL > (OPENSSL_VERSION_MAJOR * 10000 + OPENSSL_VERSION_MINOR * 100) +# error "OPENSSL_API_COMPAT expresses an impossible API compatibility level" +# endif +/* OpenSSL will have no version 2.y.z */ +# if OPENSSL_API_LEVEL < 30000 && OPENSSL_API_LEVEL >= 20000 +# error "OPENSSL_API_COMPAT expresses an impossible API compatibility level" +# endif +/* Below 0.9.8 is unacceptably low */ +# if OPENSSL_API_LEVEL < 908 +# error "OPENSSL_API_COMPAT expresses an impossible API compatibility level" +# endif + +/* + * Define macros for deprecation purposes. We always define the macros + * DEPERECATEDIN_{major}_{minor}() for all OpenSSL versions we care for, + * and OPENSSL_NO_DEPRECATED_{major}_{minor} to be used to check if + * removal of deprecated functions applies on that particular version. + */ + +# undef OPENSSL_NO_DEPRECATED_3_0 +# undef OPENSSL_NO_DEPRECATED_1_1_1 +# undef OPENSSL_NO_DEPRECATED_1_1_0 +# undef OPENSSL_NO_DEPRECATED_1_0_2 +# undef OPENSSL_NO_DEPRECATED_1_0_1 +# undef OPENSSL_NO_DEPRECATED_1_0_0 +# undef OPENSSL_NO_DEPRECATED_0_9_8 + +# if OPENSSL_API_LEVEL >= 30000 +# ifndef OPENSSL_NO_DEPRECATED +# define DEPRECATEDIN_3_0(f) DECLARE_DEPRECATED(f) +# else +# define DEPRECATEDIN_3_0(f) +# define OPENSSL_NO_DEPRECATED_3_0 +# endif +# else +# define DEPRECATEDIN_3_0(f) f; +# endif +# if OPENSSL_API_LEVEL >= 10101 +# ifndef OPENSSL_NO_DEPRECATED +# define DEPRECATEDIN_1_1_1(f) DECLARE_DEPRECATED(f) +# else +# define DEPRECATEDIN_1_1_1(f) +# define OPENSSL_NO_DEPRECATED_1_1_1 +# endif +# else +# define DEPRECATEDIN_1_1_1(f) f; +# endif +# if OPENSSL_API_LEVEL >= 10100 +# ifndef OPENSSL_NO_DEPRECATED +# define DEPRECATEDIN_1_1_0(f) DECLARE_DEPRECATED(f) +# else +# define DEPRECATEDIN_1_1_0(f) +# define OPENSSL_NO_DEPRECATED_1_1_0 +# endif +# else +# define DEPRECATEDIN_1_1_0(f) f; +# endif +# if OPENSSL_API_LEVEL >= 10002 +# ifndef OPENSSL_NO_DEPRECATED +# define DEPRECATEDIN_1_0_2(f) DECLARE_DEPRECATED(f) +# else +# define DEPRECATEDIN_1_0_2(f) +# define OPENSSL_NO_DEPRECATED_1_0_2 +# endif +# else +# define DEPRECATEDIN_1_0_2(f) f; +# endif +# if OPENSSL_API_LEVEL >= 10001 +# ifndef OPENSSL_NO_DEPRECATED +# define DEPRECATEDIN_1_0_1(f) DECLARE_DEPRECATED(f) +# else +# define DEPRECATEDIN_1_0_1(f) +# define OPENSSL_NO_DEPRECATED_1_0_1 +# endif +# else +# define DEPRECATEDIN_1_0_1(f) f; +# endif +# if OPENSSL_API_LEVEL >= 10000 +# ifndef OPENSSL_NO_DEPRECATED +# define DEPRECATEDIN_1_0_0(f) DECLARE_DEPRECATED(f) +# else +# define DEPRECATEDIN_1_0_0(f) +# define OPENSSL_NO_DEPRECATED_1_0_0 +# endif +# else +# define DEPRECATEDIN_1_0_0(f) f; +# endif +# if OPENSSL_API_LEVEL >= 908 +# ifndef OPENSSL_NO_DEPRECATED +# define DEPRECATEDIN_0_9_8(f) DECLARE_DEPRECATED(f) +# else +# define DEPRECATEDIN_0_9_8(f) +# define OPENSSL_NO_DEPRECATED_0_9_8 +# endif +# else +# define DEPRECATEDIN_0_9_8(f) f; +# endif + +/* + * Make our own variants of __FILE__ and __LINE__, depending on configuration + */ + +# ifndef OPENSSL_FILE +# ifdef OPENSSL_NO_FILENAMES +# define OPENSSL_FILE "" +# define OPENSSL_LINE 0 +# else +# define OPENSSL_FILE __FILE__ +# define OPENSSL_LINE __LINE__ +# endif +# endif + +/* + * __func__ was standardized in C99, so for any compiler that claims + * to implement that language level or newer, we assume we can safely + * use that symbol. + * + * GNU C also provides __FUNCTION__ since version 2, which predates + * C99. We can, however, only use this if __STDC_VERSION__ exists, + * as it's otherwise not allowed according to ISO C standards (C90). + * (compiling with GNU C's -pedantic tells us so) + * + * If none of the above applies, we check if the compiler is MSVC, + * and use __FUNCTION__ if that's the case. + */ +# ifndef OPENSSL_FUNC +# if defined(__STDC_VERSION__) +# if __STDC_VERSION__ >= 199901L +# define OPENSSL_FUNC __func__ +# elif defined(__GNUC__) && __GNUC__ >= 2 +# define OPENSSL_FUNC __FUNCTION__ +# endif +# elif defined(_MSC_VER) +# define OPENSSL_FUNC __FUNCTION__ +# endif +/* + * If all these possibilities are exhausted, we give up and use a + * static string. + */ +# ifndef OPENSSL_FUNC +# define OPENSSL_FUNC "(unknown function)" +# endif +# endif + +#endif /* OPENSSL_MACROS_H */ diff --git a/linux_amd64/include/openssl/md2.h b/linux_amd64/include/openssl/md2.h new file mode 100644 index 0000000..21e24c3 --- /dev/null +++ b/linux_amd64/include/openssl/md2.h @@ -0,0 +1,55 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_MD2_H +# define OPENSSL_MD2_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_MD2_H +# endif + +# include + +# ifndef OPENSSL_NO_MD2 +# include +# ifdef __cplusplus +extern "C" { +# endif + +# define MD2_DIGEST_LENGTH 16 + +# if !defined(OPENSSL_NO_DEPRECATED_3_0) + +typedef unsigned char MD2_INT; + +# define MD2_BLOCK 16 + +typedef struct MD2state_st { + unsigned int num; + unsigned char data[MD2_BLOCK]; + MD2_INT cksm[MD2_BLOCK]; + MD2_INT state[MD2_BLOCK]; +} MD2_CTX; +# endif + +DEPRECATEDIN_3_0(const char *MD2_options(void)) +DEPRECATEDIN_3_0(int MD2_Init(MD2_CTX *c)) +DEPRECATEDIN_3_0(int MD2_Update(MD2_CTX *c, const unsigned char *data, + size_t len)) +DEPRECATEDIN_3_0(int MD2_Final(unsigned char *md, MD2_CTX *c)) +DEPRECATEDIN_3_0(unsigned char *MD2(const unsigned char *d, size_t n, + unsigned char *md)) + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/linux_amd64/include/openssl/md4.h b/linux_amd64/include/openssl/md4.h new file mode 100644 index 0000000..4166e41 --- /dev/null +++ b/linux_amd64/include/openssl/md4.h @@ -0,0 +1,62 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_MD4_H +# define OPENSSL_MD4_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_MD4_H +# endif + +# include + +# ifndef OPENSSL_NO_MD4 +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + +# define MD4_DIGEST_LENGTH 16 + +# if !defined(OPENSSL_NO_DEPRECATED_3_0) + +/*- + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + * ! MD4_LONG has to be at least 32 bits wide. ! + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + */ +# define MD4_LONG unsigned int + +# define MD4_CBLOCK 64 +# define MD4_LBLOCK (MD4_CBLOCK/4) + +typedef struct MD4state_st { + MD4_LONG A, B, C, D; + MD4_LONG Nl, Nh; + MD4_LONG data[MD4_LBLOCK]; + unsigned int num; +} MD4_CTX; +# endif + +DEPRECATEDIN_3_0(int MD4_Init(MD4_CTX *c)) +DEPRECATEDIN_3_0(int MD4_Update(MD4_CTX *c, const void *data, size_t len)) +DEPRECATEDIN_3_0(int MD4_Final(unsigned char *md, MD4_CTX *c)) +DEPRECATEDIN_3_0(unsigned char *MD4(const unsigned char *d, size_t n, + unsigned char *md)) +DEPRECATEDIN_3_0(void MD4_Transform(MD4_CTX *c, const unsigned char *b)) + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/linux_amd64/include/openssl/md5.h b/linux_amd64/include/openssl/md5.h new file mode 100644 index 0000000..0a75b08 --- /dev/null +++ b/linux_amd64/include/openssl/md5.h @@ -0,0 +1,56 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_MD5_H +# define OPENSSL_MD5_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_MD5_H +# endif + +# include + +# ifndef OPENSSL_NO_MD5 +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + +/* + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + * ! MD5_LONG has to be at least 32 bits wide. ! + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + */ +# define MD5_LONG unsigned int + +# define MD5_CBLOCK 64 +# define MD5_LBLOCK (MD5_CBLOCK/4) +# define MD5_DIGEST_LENGTH 16 + +typedef struct MD5state_st { + MD5_LONG A, B, C, D; + MD5_LONG Nl, Nh; + MD5_LONG data[MD5_LBLOCK]; + unsigned int num; +} MD5_CTX; + +int MD5_Init(MD5_CTX *c); +int MD5_Update(MD5_CTX *c, const void *data, size_t len); +int MD5_Final(unsigned char *md, MD5_CTX *c); +unsigned char *MD5(const unsigned char *d, size_t n, unsigned char *md); +void MD5_Transform(MD5_CTX *c, const unsigned char *b); +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/linux_amd64/include/openssl/mdc2.h b/linux_amd64/include/openssl/mdc2.h new file mode 100644 index 0000000..06ab411 --- /dev/null +++ b/linux_amd64/include/openssl/mdc2.h @@ -0,0 +1,54 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_MDC2_H +# define OPENSSL_MDC2_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_MDC2_H +# endif + +# include + +# ifndef OPENSSL_NO_MDC2 +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + +# define MDC2_DIGEST_LENGTH 16 + +# if !defined(OPENSSL_NO_DEPRECATED_3_0) + +# define MDC2_BLOCK 8 + +typedef struct mdc2_ctx_st { + unsigned int num; + unsigned char data[MDC2_BLOCK]; + DES_cblock h, hh; + unsigned int pad_type; /* either 1 or 2, default 1 */ +} MDC2_CTX; +# endif + +DEPRECATEDIN_3_0(int MDC2_Init(MDC2_CTX *c)) +DEPRECATEDIN_3_0(int MDC2_Update(MDC2_CTX *c, const unsigned char *data, + size_t len)) +DEPRECATEDIN_3_0(int MDC2_Final(unsigned char *md, MDC2_CTX *c)) +DEPRECATEDIN_3_0(unsigned char *MDC2(const unsigned char *d, size_t n, + unsigned char *md)) + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/linux_amd64/include/openssl/modes.h b/linux_amd64/include/openssl/modes.h new file mode 100644 index 0000000..e190799 --- /dev/null +++ b/linux_amd64/include/openssl/modes.h @@ -0,0 +1,219 @@ +/* + * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_MODES_H +# define OPENSSL_MODES_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_MODES_H +# endif + +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif +typedef void (*block128_f) (const unsigned char in[16], + unsigned char out[16], const void *key); + +typedef void (*cbc128_f) (const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], int enc); + +typedef void (*ecb128_f) (const unsigned char *in, unsigned char *out, + size_t len, const void *key, + int enc); + +typedef void (*ctr128_f) (const unsigned char *in, unsigned char *out, + size_t blocks, const void *key, + const unsigned char ivec[16]); + +typedef void (*ccm128_f) (const unsigned char *in, unsigned char *out, + size_t blocks, const void *key, + const unsigned char ivec[16], + unsigned char cmac[16]); + +void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], block128_f block); +void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], block128_f block); + +void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], + unsigned char ecount_buf[16], unsigned int *num, + block128_f block); + +void CRYPTO_ctr128_encrypt_ctr32(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], + unsigned char ecount_buf[16], + unsigned int *num, ctr128_f ctr); + +void CRYPTO_ofb128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], int *num, + block128_f block); + +void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], int *num, + int enc, block128_f block); +void CRYPTO_cfb128_8_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const void *key, + unsigned char ivec[16], int *num, + int enc, block128_f block); +void CRYPTO_cfb128_1_encrypt(const unsigned char *in, unsigned char *out, + size_t bits, const void *key, + unsigned char ivec[16], int *num, + int enc, block128_f block); + +size_t CRYPTO_cts128_encrypt_block(const unsigned char *in, + unsigned char *out, size_t len, + const void *key, unsigned char ivec[16], + block128_f block); +size_t CRYPTO_cts128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], cbc128_f cbc); +size_t CRYPTO_cts128_decrypt_block(const unsigned char *in, + unsigned char *out, size_t len, + const void *key, unsigned char ivec[16], + block128_f block); +size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], cbc128_f cbc); + +size_t CRYPTO_nistcts128_encrypt_block(const unsigned char *in, + unsigned char *out, size_t len, + const void *key, + unsigned char ivec[16], + block128_f block); +size_t CRYPTO_nistcts128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], cbc128_f cbc); +size_t CRYPTO_nistcts128_decrypt_block(const unsigned char *in, + unsigned char *out, size_t len, + const void *key, + unsigned char ivec[16], + block128_f block); +size_t CRYPTO_nistcts128_decrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], cbc128_f cbc); + +typedef struct gcm128_context GCM128_CONTEXT; + +GCM128_CONTEXT *CRYPTO_gcm128_new(void *key, block128_f block); +void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block); +void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const unsigned char *iv, + size_t len); +int CRYPTO_gcm128_aad(GCM128_CONTEXT *ctx, const unsigned char *aad, + size_t len); +int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, + const unsigned char *in, unsigned char *out, + size_t len); +int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, + const unsigned char *in, unsigned char *out, + size_t len); +int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, + const unsigned char *in, unsigned char *out, + size_t len, ctr128_f stream); +int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, + const unsigned char *in, unsigned char *out, + size_t len, ctr128_f stream); +int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const unsigned char *tag, + size_t len); +void CRYPTO_gcm128_tag(GCM128_CONTEXT *ctx, unsigned char *tag, size_t len); +void CRYPTO_gcm128_release(GCM128_CONTEXT *ctx); + +typedef struct ccm128_context CCM128_CONTEXT; + +void CRYPTO_ccm128_init(CCM128_CONTEXT *ctx, + unsigned int M, unsigned int L, void *key, + block128_f block); +int CRYPTO_ccm128_setiv(CCM128_CONTEXT *ctx, const unsigned char *nonce, + size_t nlen, size_t mlen); +void CRYPTO_ccm128_aad(CCM128_CONTEXT *ctx, const unsigned char *aad, + size_t alen); +int CRYPTO_ccm128_encrypt(CCM128_CONTEXT *ctx, const unsigned char *inp, + unsigned char *out, size_t len); +int CRYPTO_ccm128_decrypt(CCM128_CONTEXT *ctx, const unsigned char *inp, + unsigned char *out, size_t len); +int CRYPTO_ccm128_encrypt_ccm64(CCM128_CONTEXT *ctx, const unsigned char *inp, + unsigned char *out, size_t len, + ccm128_f stream); +int CRYPTO_ccm128_decrypt_ccm64(CCM128_CONTEXT *ctx, const unsigned char *inp, + unsigned char *out, size_t len, + ccm128_f stream); +size_t CRYPTO_ccm128_tag(CCM128_CONTEXT *ctx, unsigned char *tag, size_t len); + +typedef struct xts128_context XTS128_CONTEXT; + +int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, + const unsigned char iv[16], + const unsigned char *inp, unsigned char *out, + size_t len, int enc); + +size_t CRYPTO_128_wrap(void *key, const unsigned char *iv, + unsigned char *out, + const unsigned char *in, size_t inlen, + block128_f block); + +size_t CRYPTO_128_unwrap(void *key, const unsigned char *iv, + unsigned char *out, + const unsigned char *in, size_t inlen, + block128_f block); +size_t CRYPTO_128_wrap_pad(void *key, const unsigned char *icv, + unsigned char *out, const unsigned char *in, + size_t inlen, block128_f block); +size_t CRYPTO_128_unwrap_pad(void *key, const unsigned char *icv, + unsigned char *out, const unsigned char *in, + size_t inlen, block128_f block); + +# ifndef OPENSSL_NO_OCB +typedef struct ocb128_context OCB128_CONTEXT; + +typedef void (*ocb128_f) (const unsigned char *in, unsigned char *out, + size_t blocks, const void *key, + size_t start_block_num, + unsigned char offset_i[16], + const unsigned char L_[][16], + unsigned char checksum[16]); + +OCB128_CONTEXT *CRYPTO_ocb128_new(void *keyenc, void *keydec, + block128_f encrypt, block128_f decrypt, + ocb128_f stream); +int CRYPTO_ocb128_init(OCB128_CONTEXT *ctx, void *keyenc, void *keydec, + block128_f encrypt, block128_f decrypt, + ocb128_f stream); +int CRYPTO_ocb128_copy_ctx(OCB128_CONTEXT *dest, OCB128_CONTEXT *src, + void *keyenc, void *keydec); +int CRYPTO_ocb128_setiv(OCB128_CONTEXT *ctx, const unsigned char *iv, + size_t len, size_t taglen); +int CRYPTO_ocb128_aad(OCB128_CONTEXT *ctx, const unsigned char *aad, + size_t len); +int CRYPTO_ocb128_encrypt(OCB128_CONTEXT *ctx, const unsigned char *in, + unsigned char *out, size_t len); +int CRYPTO_ocb128_decrypt(OCB128_CONTEXT *ctx, const unsigned char *in, + unsigned char *out, size_t len); +int CRYPTO_ocb128_finish(OCB128_CONTEXT *ctx, const unsigned char *tag, + size_t len); +int CRYPTO_ocb128_tag(OCB128_CONTEXT *ctx, unsigned char *tag, size_t len); +void CRYPTO_ocb128_cleanup(OCB128_CONTEXT *ctx); +# endif /* OPENSSL_NO_OCB */ + +# ifdef __cplusplus +} +# endif + +#endif diff --git a/linux_amd64/include/openssl/obj_mac.h b/linux_amd64/include/openssl/obj_mac.h new file mode 100644 index 0000000..0e564ac --- /dev/null +++ b/linux_amd64/include/openssl/obj_mac.h @@ -0,0 +1,5294 @@ +/* + * WARNING: do not edit! + * Generated by crypto/objects/objects.pl + * + * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#define SN_undef "UNDEF" +#define LN_undef "undefined" +#define NID_undef 0 +#define OBJ_undef 0L + +#define SN_itu_t "ITU-T" +#define LN_itu_t "itu-t" +#define NID_itu_t 645 +#define OBJ_itu_t 0L + +#define NID_ccitt 404 +#define OBJ_ccitt OBJ_itu_t + +#define SN_iso "ISO" +#define LN_iso "iso" +#define NID_iso 181 +#define OBJ_iso 1L + +#define SN_joint_iso_itu_t "JOINT-ISO-ITU-T" +#define LN_joint_iso_itu_t "joint-iso-itu-t" +#define NID_joint_iso_itu_t 646 +#define OBJ_joint_iso_itu_t 2L + +#define NID_joint_iso_ccitt 393 +#define OBJ_joint_iso_ccitt OBJ_joint_iso_itu_t + +#define SN_member_body "member-body" +#define LN_member_body "ISO Member Body" +#define NID_member_body 182 +#define OBJ_member_body OBJ_iso,2L + +#define SN_identified_organization "identified-organization" +#define NID_identified_organization 676 +#define OBJ_identified_organization OBJ_iso,3L + +#define SN_gmac "GMAC" +#define LN_gmac "gmac" +#define NID_gmac 1195 +#define OBJ_gmac OBJ_iso,0L,9797L,3L,4L + +#define SN_hmac_md5 "HMAC-MD5" +#define LN_hmac_md5 "hmac-md5" +#define NID_hmac_md5 780 +#define OBJ_hmac_md5 OBJ_identified_organization,6L,1L,5L,5L,8L,1L,1L + +#define SN_hmac_sha1 "HMAC-SHA1" +#define LN_hmac_sha1 "hmac-sha1" +#define NID_hmac_sha1 781 +#define OBJ_hmac_sha1 OBJ_identified_organization,6L,1L,5L,5L,8L,1L,2L + +#define SN_x509ExtAdmission "x509ExtAdmission" +#define LN_x509ExtAdmission "Professional Information or basis for Admission" +#define NID_x509ExtAdmission 1093 +#define OBJ_x509ExtAdmission OBJ_identified_organization,36L,8L,3L,3L + +#define SN_certicom_arc "certicom-arc" +#define NID_certicom_arc 677 +#define OBJ_certicom_arc OBJ_identified_organization,132L + +#define SN_ieee "ieee" +#define NID_ieee 1170 +#define OBJ_ieee OBJ_identified_organization,111L + +#define SN_ieee_siswg "ieee-siswg" +#define LN_ieee_siswg "IEEE Security in Storage Working Group" +#define NID_ieee_siswg 1171 +#define OBJ_ieee_siswg OBJ_ieee,2L,1619L + +#define SN_international_organizations "international-organizations" +#define LN_international_organizations "International Organizations" +#define NID_international_organizations 647 +#define OBJ_international_organizations OBJ_joint_iso_itu_t,23L + +#define SN_wap "wap" +#define NID_wap 678 +#define OBJ_wap OBJ_international_organizations,43L + +#define SN_wap_wsg "wap-wsg" +#define NID_wap_wsg 679 +#define OBJ_wap_wsg OBJ_wap,1L + +#define SN_selected_attribute_types "selected-attribute-types" +#define LN_selected_attribute_types "Selected Attribute Types" +#define NID_selected_attribute_types 394 +#define OBJ_selected_attribute_types OBJ_joint_iso_itu_t,5L,1L,5L + +#define SN_clearance "clearance" +#define NID_clearance 395 +#define OBJ_clearance OBJ_selected_attribute_types,55L + +#define SN_ISO_US "ISO-US" +#define LN_ISO_US "ISO US Member Body" +#define NID_ISO_US 183 +#define OBJ_ISO_US OBJ_member_body,840L + +#define SN_X9_57 "X9-57" +#define LN_X9_57 "X9.57" +#define NID_X9_57 184 +#define OBJ_X9_57 OBJ_ISO_US,10040L + +#define SN_X9cm "X9cm" +#define LN_X9cm "X9.57 CM ?" +#define NID_X9cm 185 +#define OBJ_X9cm OBJ_X9_57,4L + +#define SN_ISO_CN "ISO-CN" +#define LN_ISO_CN "ISO CN Member Body" +#define NID_ISO_CN 1140 +#define OBJ_ISO_CN OBJ_member_body,156L + +#define SN_oscca "oscca" +#define NID_oscca 1141 +#define OBJ_oscca OBJ_ISO_CN,10197L + +#define SN_sm_scheme "sm-scheme" +#define NID_sm_scheme 1142 +#define OBJ_sm_scheme OBJ_oscca,1L + +#define SN_dsa "DSA" +#define LN_dsa "dsaEncryption" +#define NID_dsa 116 +#define OBJ_dsa OBJ_X9cm,1L + +#define SN_dsaWithSHA1 "DSA-SHA1" +#define LN_dsaWithSHA1 "dsaWithSHA1" +#define NID_dsaWithSHA1 113 +#define OBJ_dsaWithSHA1 OBJ_X9cm,3L + +#define SN_ansi_X9_62 "ansi-X9-62" +#define LN_ansi_X9_62 "ANSI X9.62" +#define NID_ansi_X9_62 405 +#define OBJ_ansi_X9_62 OBJ_ISO_US,10045L + +#define OBJ_X9_62_id_fieldType OBJ_ansi_X9_62,1L + +#define SN_X9_62_prime_field "prime-field" +#define NID_X9_62_prime_field 406 +#define OBJ_X9_62_prime_field OBJ_X9_62_id_fieldType,1L + +#define SN_X9_62_characteristic_two_field "characteristic-two-field" +#define NID_X9_62_characteristic_two_field 407 +#define OBJ_X9_62_characteristic_two_field OBJ_X9_62_id_fieldType,2L + +#define SN_X9_62_id_characteristic_two_basis "id-characteristic-two-basis" +#define NID_X9_62_id_characteristic_two_basis 680 +#define OBJ_X9_62_id_characteristic_two_basis OBJ_X9_62_characteristic_two_field,3L + +#define SN_X9_62_onBasis "onBasis" +#define NID_X9_62_onBasis 681 +#define OBJ_X9_62_onBasis OBJ_X9_62_id_characteristic_two_basis,1L + +#define SN_X9_62_tpBasis "tpBasis" +#define NID_X9_62_tpBasis 682 +#define OBJ_X9_62_tpBasis OBJ_X9_62_id_characteristic_two_basis,2L + +#define SN_X9_62_ppBasis "ppBasis" +#define NID_X9_62_ppBasis 683 +#define OBJ_X9_62_ppBasis OBJ_X9_62_id_characteristic_two_basis,3L + +#define OBJ_X9_62_id_publicKeyType OBJ_ansi_X9_62,2L + +#define SN_X9_62_id_ecPublicKey "id-ecPublicKey" +#define NID_X9_62_id_ecPublicKey 408 +#define OBJ_X9_62_id_ecPublicKey OBJ_X9_62_id_publicKeyType,1L + +#define OBJ_X9_62_ellipticCurve OBJ_ansi_X9_62,3L + +#define OBJ_X9_62_c_TwoCurve OBJ_X9_62_ellipticCurve,0L + +#define SN_X9_62_c2pnb163v1 "c2pnb163v1" +#define NID_X9_62_c2pnb163v1 684 +#define OBJ_X9_62_c2pnb163v1 OBJ_X9_62_c_TwoCurve,1L + +#define SN_X9_62_c2pnb163v2 "c2pnb163v2" +#define NID_X9_62_c2pnb163v2 685 +#define OBJ_X9_62_c2pnb163v2 OBJ_X9_62_c_TwoCurve,2L + +#define SN_X9_62_c2pnb163v3 "c2pnb163v3" +#define NID_X9_62_c2pnb163v3 686 +#define OBJ_X9_62_c2pnb163v3 OBJ_X9_62_c_TwoCurve,3L + +#define SN_X9_62_c2pnb176v1 "c2pnb176v1" +#define NID_X9_62_c2pnb176v1 687 +#define OBJ_X9_62_c2pnb176v1 OBJ_X9_62_c_TwoCurve,4L + +#define SN_X9_62_c2tnb191v1 "c2tnb191v1" +#define NID_X9_62_c2tnb191v1 688 +#define OBJ_X9_62_c2tnb191v1 OBJ_X9_62_c_TwoCurve,5L + +#define SN_X9_62_c2tnb191v2 "c2tnb191v2" +#define NID_X9_62_c2tnb191v2 689 +#define OBJ_X9_62_c2tnb191v2 OBJ_X9_62_c_TwoCurve,6L + +#define SN_X9_62_c2tnb191v3 "c2tnb191v3" +#define NID_X9_62_c2tnb191v3 690 +#define OBJ_X9_62_c2tnb191v3 OBJ_X9_62_c_TwoCurve,7L + +#define SN_X9_62_c2onb191v4 "c2onb191v4" +#define NID_X9_62_c2onb191v4 691 +#define OBJ_X9_62_c2onb191v4 OBJ_X9_62_c_TwoCurve,8L + +#define SN_X9_62_c2onb191v5 "c2onb191v5" +#define NID_X9_62_c2onb191v5 692 +#define OBJ_X9_62_c2onb191v5 OBJ_X9_62_c_TwoCurve,9L + +#define SN_X9_62_c2pnb208w1 "c2pnb208w1" +#define NID_X9_62_c2pnb208w1 693 +#define OBJ_X9_62_c2pnb208w1 OBJ_X9_62_c_TwoCurve,10L + +#define SN_X9_62_c2tnb239v1 "c2tnb239v1" +#define NID_X9_62_c2tnb239v1 694 +#define OBJ_X9_62_c2tnb239v1 OBJ_X9_62_c_TwoCurve,11L + +#define SN_X9_62_c2tnb239v2 "c2tnb239v2" +#define NID_X9_62_c2tnb239v2 695 +#define OBJ_X9_62_c2tnb239v2 OBJ_X9_62_c_TwoCurve,12L + +#define SN_X9_62_c2tnb239v3 "c2tnb239v3" +#define NID_X9_62_c2tnb239v3 696 +#define OBJ_X9_62_c2tnb239v3 OBJ_X9_62_c_TwoCurve,13L + +#define SN_X9_62_c2onb239v4 "c2onb239v4" +#define NID_X9_62_c2onb239v4 697 +#define OBJ_X9_62_c2onb239v4 OBJ_X9_62_c_TwoCurve,14L + +#define SN_X9_62_c2onb239v5 "c2onb239v5" +#define NID_X9_62_c2onb239v5 698 +#define OBJ_X9_62_c2onb239v5 OBJ_X9_62_c_TwoCurve,15L + +#define SN_X9_62_c2pnb272w1 "c2pnb272w1" +#define NID_X9_62_c2pnb272w1 699 +#define OBJ_X9_62_c2pnb272w1 OBJ_X9_62_c_TwoCurve,16L + +#define SN_X9_62_c2pnb304w1 "c2pnb304w1" +#define NID_X9_62_c2pnb304w1 700 +#define OBJ_X9_62_c2pnb304w1 OBJ_X9_62_c_TwoCurve,17L + +#define SN_X9_62_c2tnb359v1 "c2tnb359v1" +#define NID_X9_62_c2tnb359v1 701 +#define OBJ_X9_62_c2tnb359v1 OBJ_X9_62_c_TwoCurve,18L + +#define SN_X9_62_c2pnb368w1 "c2pnb368w1" +#define NID_X9_62_c2pnb368w1 702 +#define OBJ_X9_62_c2pnb368w1 OBJ_X9_62_c_TwoCurve,19L + +#define SN_X9_62_c2tnb431r1 "c2tnb431r1" +#define NID_X9_62_c2tnb431r1 703 +#define OBJ_X9_62_c2tnb431r1 OBJ_X9_62_c_TwoCurve,20L + +#define OBJ_X9_62_primeCurve OBJ_X9_62_ellipticCurve,1L + +#define SN_X9_62_prime192v1 "prime192v1" +#define NID_X9_62_prime192v1 409 +#define OBJ_X9_62_prime192v1 OBJ_X9_62_primeCurve,1L + +#define SN_X9_62_prime192v2 "prime192v2" +#define NID_X9_62_prime192v2 410 +#define OBJ_X9_62_prime192v2 OBJ_X9_62_primeCurve,2L + +#define SN_X9_62_prime192v3 "prime192v3" +#define NID_X9_62_prime192v3 411 +#define OBJ_X9_62_prime192v3 OBJ_X9_62_primeCurve,3L + +#define SN_X9_62_prime239v1 "prime239v1" +#define NID_X9_62_prime239v1 412 +#define OBJ_X9_62_prime239v1 OBJ_X9_62_primeCurve,4L + +#define SN_X9_62_prime239v2 "prime239v2" +#define NID_X9_62_prime239v2 413 +#define OBJ_X9_62_prime239v2 OBJ_X9_62_primeCurve,5L + +#define SN_X9_62_prime239v3 "prime239v3" +#define NID_X9_62_prime239v3 414 +#define OBJ_X9_62_prime239v3 OBJ_X9_62_primeCurve,6L + +#define SN_X9_62_prime256v1 "prime256v1" +#define NID_X9_62_prime256v1 415 +#define OBJ_X9_62_prime256v1 OBJ_X9_62_primeCurve,7L + +#define OBJ_X9_62_id_ecSigType OBJ_ansi_X9_62,4L + +#define SN_ecdsa_with_SHA1 "ecdsa-with-SHA1" +#define NID_ecdsa_with_SHA1 416 +#define OBJ_ecdsa_with_SHA1 OBJ_X9_62_id_ecSigType,1L + +#define SN_ecdsa_with_Recommended "ecdsa-with-Recommended" +#define NID_ecdsa_with_Recommended 791 +#define OBJ_ecdsa_with_Recommended OBJ_X9_62_id_ecSigType,2L + +#define SN_ecdsa_with_Specified "ecdsa-with-Specified" +#define NID_ecdsa_with_Specified 792 +#define OBJ_ecdsa_with_Specified OBJ_X9_62_id_ecSigType,3L + +#define SN_ecdsa_with_SHA224 "ecdsa-with-SHA224" +#define NID_ecdsa_with_SHA224 793 +#define OBJ_ecdsa_with_SHA224 OBJ_ecdsa_with_Specified,1L + +#define SN_ecdsa_with_SHA256 "ecdsa-with-SHA256" +#define NID_ecdsa_with_SHA256 794 +#define OBJ_ecdsa_with_SHA256 OBJ_ecdsa_with_Specified,2L + +#define SN_ecdsa_with_SHA384 "ecdsa-with-SHA384" +#define NID_ecdsa_with_SHA384 795 +#define OBJ_ecdsa_with_SHA384 OBJ_ecdsa_with_Specified,3L + +#define SN_ecdsa_with_SHA512 "ecdsa-with-SHA512" +#define NID_ecdsa_with_SHA512 796 +#define OBJ_ecdsa_with_SHA512 OBJ_ecdsa_with_Specified,4L + +#define OBJ_secg_ellipticCurve OBJ_certicom_arc,0L + +#define SN_secp112r1 "secp112r1" +#define NID_secp112r1 704 +#define OBJ_secp112r1 OBJ_secg_ellipticCurve,6L + +#define SN_secp112r2 "secp112r2" +#define NID_secp112r2 705 +#define OBJ_secp112r2 OBJ_secg_ellipticCurve,7L + +#define SN_secp128r1 "secp128r1" +#define NID_secp128r1 706 +#define OBJ_secp128r1 OBJ_secg_ellipticCurve,28L + +#define SN_secp128r2 "secp128r2" +#define NID_secp128r2 707 +#define OBJ_secp128r2 OBJ_secg_ellipticCurve,29L + +#define SN_secp160k1 "secp160k1" +#define NID_secp160k1 708 +#define OBJ_secp160k1 OBJ_secg_ellipticCurve,9L + +#define SN_secp160r1 "secp160r1" +#define NID_secp160r1 709 +#define OBJ_secp160r1 OBJ_secg_ellipticCurve,8L + +#define SN_secp160r2 "secp160r2" +#define NID_secp160r2 710 +#define OBJ_secp160r2 OBJ_secg_ellipticCurve,30L + +#define SN_secp192k1 "secp192k1" +#define NID_secp192k1 711 +#define OBJ_secp192k1 OBJ_secg_ellipticCurve,31L + +#define SN_secp224k1 "secp224k1" +#define NID_secp224k1 712 +#define OBJ_secp224k1 OBJ_secg_ellipticCurve,32L + +#define SN_secp224r1 "secp224r1" +#define NID_secp224r1 713 +#define OBJ_secp224r1 OBJ_secg_ellipticCurve,33L + +#define SN_secp256k1 "secp256k1" +#define NID_secp256k1 714 +#define OBJ_secp256k1 OBJ_secg_ellipticCurve,10L + +#define SN_secp384r1 "secp384r1" +#define NID_secp384r1 715 +#define OBJ_secp384r1 OBJ_secg_ellipticCurve,34L + +#define SN_secp521r1 "secp521r1" +#define NID_secp521r1 716 +#define OBJ_secp521r1 OBJ_secg_ellipticCurve,35L + +#define SN_sect113r1 "sect113r1" +#define NID_sect113r1 717 +#define OBJ_sect113r1 OBJ_secg_ellipticCurve,4L + +#define SN_sect113r2 "sect113r2" +#define NID_sect113r2 718 +#define OBJ_sect113r2 OBJ_secg_ellipticCurve,5L + +#define SN_sect131r1 "sect131r1" +#define NID_sect131r1 719 +#define OBJ_sect131r1 OBJ_secg_ellipticCurve,22L + +#define SN_sect131r2 "sect131r2" +#define NID_sect131r2 720 +#define OBJ_sect131r2 OBJ_secg_ellipticCurve,23L + +#define SN_sect163k1 "sect163k1" +#define NID_sect163k1 721 +#define OBJ_sect163k1 OBJ_secg_ellipticCurve,1L + +#define SN_sect163r1 "sect163r1" +#define NID_sect163r1 722 +#define OBJ_sect163r1 OBJ_secg_ellipticCurve,2L + +#define SN_sect163r2 "sect163r2" +#define NID_sect163r2 723 +#define OBJ_sect163r2 OBJ_secg_ellipticCurve,15L + +#define SN_sect193r1 "sect193r1" +#define NID_sect193r1 724 +#define OBJ_sect193r1 OBJ_secg_ellipticCurve,24L + +#define SN_sect193r2 "sect193r2" +#define NID_sect193r2 725 +#define OBJ_sect193r2 OBJ_secg_ellipticCurve,25L + +#define SN_sect233k1 "sect233k1" +#define NID_sect233k1 726 +#define OBJ_sect233k1 OBJ_secg_ellipticCurve,26L + +#define SN_sect233r1 "sect233r1" +#define NID_sect233r1 727 +#define OBJ_sect233r1 OBJ_secg_ellipticCurve,27L + +#define SN_sect239k1 "sect239k1" +#define NID_sect239k1 728 +#define OBJ_sect239k1 OBJ_secg_ellipticCurve,3L + +#define SN_sect283k1 "sect283k1" +#define NID_sect283k1 729 +#define OBJ_sect283k1 OBJ_secg_ellipticCurve,16L + +#define SN_sect283r1 "sect283r1" +#define NID_sect283r1 730 +#define OBJ_sect283r1 OBJ_secg_ellipticCurve,17L + +#define SN_sect409k1 "sect409k1" +#define NID_sect409k1 731 +#define OBJ_sect409k1 OBJ_secg_ellipticCurve,36L + +#define SN_sect409r1 "sect409r1" +#define NID_sect409r1 732 +#define OBJ_sect409r1 OBJ_secg_ellipticCurve,37L + +#define SN_sect571k1 "sect571k1" +#define NID_sect571k1 733 +#define OBJ_sect571k1 OBJ_secg_ellipticCurve,38L + +#define SN_sect571r1 "sect571r1" +#define NID_sect571r1 734 +#define OBJ_sect571r1 OBJ_secg_ellipticCurve,39L + +#define OBJ_wap_wsg_idm_ecid OBJ_wap_wsg,4L + +#define SN_wap_wsg_idm_ecid_wtls1 "wap-wsg-idm-ecid-wtls1" +#define NID_wap_wsg_idm_ecid_wtls1 735 +#define OBJ_wap_wsg_idm_ecid_wtls1 OBJ_wap_wsg_idm_ecid,1L + +#define SN_wap_wsg_idm_ecid_wtls3 "wap-wsg-idm-ecid-wtls3" +#define NID_wap_wsg_idm_ecid_wtls3 736 +#define OBJ_wap_wsg_idm_ecid_wtls3 OBJ_wap_wsg_idm_ecid,3L + +#define SN_wap_wsg_idm_ecid_wtls4 "wap-wsg-idm-ecid-wtls4" +#define NID_wap_wsg_idm_ecid_wtls4 737 +#define OBJ_wap_wsg_idm_ecid_wtls4 OBJ_wap_wsg_idm_ecid,4L + +#define SN_wap_wsg_idm_ecid_wtls5 "wap-wsg-idm-ecid-wtls5" +#define NID_wap_wsg_idm_ecid_wtls5 738 +#define OBJ_wap_wsg_idm_ecid_wtls5 OBJ_wap_wsg_idm_ecid,5L + +#define SN_wap_wsg_idm_ecid_wtls6 "wap-wsg-idm-ecid-wtls6" +#define NID_wap_wsg_idm_ecid_wtls6 739 +#define OBJ_wap_wsg_idm_ecid_wtls6 OBJ_wap_wsg_idm_ecid,6L + +#define SN_wap_wsg_idm_ecid_wtls7 "wap-wsg-idm-ecid-wtls7" +#define NID_wap_wsg_idm_ecid_wtls7 740 +#define OBJ_wap_wsg_idm_ecid_wtls7 OBJ_wap_wsg_idm_ecid,7L + +#define SN_wap_wsg_idm_ecid_wtls8 "wap-wsg-idm-ecid-wtls8" +#define NID_wap_wsg_idm_ecid_wtls8 741 +#define OBJ_wap_wsg_idm_ecid_wtls8 OBJ_wap_wsg_idm_ecid,8L + +#define SN_wap_wsg_idm_ecid_wtls9 "wap-wsg-idm-ecid-wtls9" +#define NID_wap_wsg_idm_ecid_wtls9 742 +#define OBJ_wap_wsg_idm_ecid_wtls9 OBJ_wap_wsg_idm_ecid,9L + +#define SN_wap_wsg_idm_ecid_wtls10 "wap-wsg-idm-ecid-wtls10" +#define NID_wap_wsg_idm_ecid_wtls10 743 +#define OBJ_wap_wsg_idm_ecid_wtls10 OBJ_wap_wsg_idm_ecid,10L + +#define SN_wap_wsg_idm_ecid_wtls11 "wap-wsg-idm-ecid-wtls11" +#define NID_wap_wsg_idm_ecid_wtls11 744 +#define OBJ_wap_wsg_idm_ecid_wtls11 OBJ_wap_wsg_idm_ecid,11L + +#define SN_wap_wsg_idm_ecid_wtls12 "wap-wsg-idm-ecid-wtls12" +#define NID_wap_wsg_idm_ecid_wtls12 745 +#define OBJ_wap_wsg_idm_ecid_wtls12 OBJ_wap_wsg_idm_ecid,12L + +#define SN_cast5_cbc "CAST5-CBC" +#define LN_cast5_cbc "cast5-cbc" +#define NID_cast5_cbc 108 +#define OBJ_cast5_cbc OBJ_ISO_US,113533L,7L,66L,10L + +#define SN_cast5_ecb "CAST5-ECB" +#define LN_cast5_ecb "cast5-ecb" +#define NID_cast5_ecb 109 + +#define SN_cast5_cfb64 "CAST5-CFB" +#define LN_cast5_cfb64 "cast5-cfb" +#define NID_cast5_cfb64 110 + +#define SN_cast5_ofb64 "CAST5-OFB" +#define LN_cast5_ofb64 "cast5-ofb" +#define NID_cast5_ofb64 111 + +#define LN_pbeWithMD5AndCast5_CBC "pbeWithMD5AndCast5CBC" +#define NID_pbeWithMD5AndCast5_CBC 112 +#define OBJ_pbeWithMD5AndCast5_CBC OBJ_ISO_US,113533L,7L,66L,12L + +#define SN_id_PasswordBasedMAC "id-PasswordBasedMAC" +#define LN_id_PasswordBasedMAC "password based MAC" +#define NID_id_PasswordBasedMAC 782 +#define OBJ_id_PasswordBasedMAC OBJ_ISO_US,113533L,7L,66L,13L + +#define SN_id_DHBasedMac "id-DHBasedMac" +#define LN_id_DHBasedMac "Diffie-Hellman based MAC" +#define NID_id_DHBasedMac 783 +#define OBJ_id_DHBasedMac OBJ_ISO_US,113533L,7L,66L,30L + +#define SN_rsadsi "rsadsi" +#define LN_rsadsi "RSA Data Security, Inc." +#define NID_rsadsi 1 +#define OBJ_rsadsi OBJ_ISO_US,113549L + +#define SN_pkcs "pkcs" +#define LN_pkcs "RSA Data Security, Inc. PKCS" +#define NID_pkcs 2 +#define OBJ_pkcs OBJ_rsadsi,1L + +#define SN_pkcs1 "pkcs1" +#define NID_pkcs1 186 +#define OBJ_pkcs1 OBJ_pkcs,1L + +#define LN_rsaEncryption "rsaEncryption" +#define NID_rsaEncryption 6 +#define OBJ_rsaEncryption OBJ_pkcs1,1L + +#define SN_md2WithRSAEncryption "RSA-MD2" +#define LN_md2WithRSAEncryption "md2WithRSAEncryption" +#define NID_md2WithRSAEncryption 7 +#define OBJ_md2WithRSAEncryption OBJ_pkcs1,2L + +#define SN_md4WithRSAEncryption "RSA-MD4" +#define LN_md4WithRSAEncryption "md4WithRSAEncryption" +#define NID_md4WithRSAEncryption 396 +#define OBJ_md4WithRSAEncryption OBJ_pkcs1,3L + +#define SN_md5WithRSAEncryption "RSA-MD5" +#define LN_md5WithRSAEncryption "md5WithRSAEncryption" +#define NID_md5WithRSAEncryption 8 +#define OBJ_md5WithRSAEncryption OBJ_pkcs1,4L + +#define SN_sha1WithRSAEncryption "RSA-SHA1" +#define LN_sha1WithRSAEncryption "sha1WithRSAEncryption" +#define NID_sha1WithRSAEncryption 65 +#define OBJ_sha1WithRSAEncryption OBJ_pkcs1,5L + +#define SN_rsaesOaep "RSAES-OAEP" +#define LN_rsaesOaep "rsaesOaep" +#define NID_rsaesOaep 919 +#define OBJ_rsaesOaep OBJ_pkcs1,7L + +#define SN_mgf1 "MGF1" +#define LN_mgf1 "mgf1" +#define NID_mgf1 911 +#define OBJ_mgf1 OBJ_pkcs1,8L + +#define SN_pSpecified "PSPECIFIED" +#define LN_pSpecified "pSpecified" +#define NID_pSpecified 935 +#define OBJ_pSpecified OBJ_pkcs1,9L + +#define SN_rsassaPss "RSASSA-PSS" +#define LN_rsassaPss "rsassaPss" +#define NID_rsassaPss 912 +#define OBJ_rsassaPss OBJ_pkcs1,10L + +#define SN_sha256WithRSAEncryption "RSA-SHA256" +#define LN_sha256WithRSAEncryption "sha256WithRSAEncryption" +#define NID_sha256WithRSAEncryption 668 +#define OBJ_sha256WithRSAEncryption OBJ_pkcs1,11L + +#define SN_sha384WithRSAEncryption "RSA-SHA384" +#define LN_sha384WithRSAEncryption "sha384WithRSAEncryption" +#define NID_sha384WithRSAEncryption 669 +#define OBJ_sha384WithRSAEncryption OBJ_pkcs1,12L + +#define SN_sha512WithRSAEncryption "RSA-SHA512" +#define LN_sha512WithRSAEncryption "sha512WithRSAEncryption" +#define NID_sha512WithRSAEncryption 670 +#define OBJ_sha512WithRSAEncryption OBJ_pkcs1,13L + +#define SN_sha224WithRSAEncryption "RSA-SHA224" +#define LN_sha224WithRSAEncryption "sha224WithRSAEncryption" +#define NID_sha224WithRSAEncryption 671 +#define OBJ_sha224WithRSAEncryption OBJ_pkcs1,14L + +#define SN_sha512_224WithRSAEncryption "RSA-SHA512/224" +#define LN_sha512_224WithRSAEncryption "sha512-224WithRSAEncryption" +#define NID_sha512_224WithRSAEncryption 1145 +#define OBJ_sha512_224WithRSAEncryption OBJ_pkcs1,15L + +#define SN_sha512_256WithRSAEncryption "RSA-SHA512/256" +#define LN_sha512_256WithRSAEncryption "sha512-256WithRSAEncryption" +#define NID_sha512_256WithRSAEncryption 1146 +#define OBJ_sha512_256WithRSAEncryption OBJ_pkcs1,16L + +#define SN_pkcs3 "pkcs3" +#define NID_pkcs3 27 +#define OBJ_pkcs3 OBJ_pkcs,3L + +#define LN_dhKeyAgreement "dhKeyAgreement" +#define NID_dhKeyAgreement 28 +#define OBJ_dhKeyAgreement OBJ_pkcs3,1L + +#define SN_pkcs5 "pkcs5" +#define NID_pkcs5 187 +#define OBJ_pkcs5 OBJ_pkcs,5L + +#define SN_pbeWithMD2AndDES_CBC "PBE-MD2-DES" +#define LN_pbeWithMD2AndDES_CBC "pbeWithMD2AndDES-CBC" +#define NID_pbeWithMD2AndDES_CBC 9 +#define OBJ_pbeWithMD2AndDES_CBC OBJ_pkcs5,1L + +#define SN_pbeWithMD5AndDES_CBC "PBE-MD5-DES" +#define LN_pbeWithMD5AndDES_CBC "pbeWithMD5AndDES-CBC" +#define NID_pbeWithMD5AndDES_CBC 10 +#define OBJ_pbeWithMD5AndDES_CBC OBJ_pkcs5,3L + +#define SN_pbeWithMD2AndRC2_CBC "PBE-MD2-RC2-64" +#define LN_pbeWithMD2AndRC2_CBC "pbeWithMD2AndRC2-CBC" +#define NID_pbeWithMD2AndRC2_CBC 168 +#define OBJ_pbeWithMD2AndRC2_CBC OBJ_pkcs5,4L + +#define SN_pbeWithMD5AndRC2_CBC "PBE-MD5-RC2-64" +#define LN_pbeWithMD5AndRC2_CBC "pbeWithMD5AndRC2-CBC" +#define NID_pbeWithMD5AndRC2_CBC 169 +#define OBJ_pbeWithMD5AndRC2_CBC OBJ_pkcs5,6L + +#define SN_pbeWithSHA1AndDES_CBC "PBE-SHA1-DES" +#define LN_pbeWithSHA1AndDES_CBC "pbeWithSHA1AndDES-CBC" +#define NID_pbeWithSHA1AndDES_CBC 170 +#define OBJ_pbeWithSHA1AndDES_CBC OBJ_pkcs5,10L + +#define SN_pbeWithSHA1AndRC2_CBC "PBE-SHA1-RC2-64" +#define LN_pbeWithSHA1AndRC2_CBC "pbeWithSHA1AndRC2-CBC" +#define NID_pbeWithSHA1AndRC2_CBC 68 +#define OBJ_pbeWithSHA1AndRC2_CBC OBJ_pkcs5,11L + +#define LN_id_pbkdf2 "PBKDF2" +#define NID_id_pbkdf2 69 +#define OBJ_id_pbkdf2 OBJ_pkcs5,12L + +#define LN_pbes2 "PBES2" +#define NID_pbes2 161 +#define OBJ_pbes2 OBJ_pkcs5,13L + +#define LN_pbmac1 "PBMAC1" +#define NID_pbmac1 162 +#define OBJ_pbmac1 OBJ_pkcs5,14L + +#define SN_pkcs7 "pkcs7" +#define NID_pkcs7 20 +#define OBJ_pkcs7 OBJ_pkcs,7L + +#define LN_pkcs7_data "pkcs7-data" +#define NID_pkcs7_data 21 +#define OBJ_pkcs7_data OBJ_pkcs7,1L + +#define LN_pkcs7_signed "pkcs7-signedData" +#define NID_pkcs7_signed 22 +#define OBJ_pkcs7_signed OBJ_pkcs7,2L + +#define LN_pkcs7_enveloped "pkcs7-envelopedData" +#define NID_pkcs7_enveloped 23 +#define OBJ_pkcs7_enveloped OBJ_pkcs7,3L + +#define LN_pkcs7_signedAndEnveloped "pkcs7-signedAndEnvelopedData" +#define NID_pkcs7_signedAndEnveloped 24 +#define OBJ_pkcs7_signedAndEnveloped OBJ_pkcs7,4L + +#define LN_pkcs7_digest "pkcs7-digestData" +#define NID_pkcs7_digest 25 +#define OBJ_pkcs7_digest OBJ_pkcs7,5L + +#define LN_pkcs7_encrypted "pkcs7-encryptedData" +#define NID_pkcs7_encrypted 26 +#define OBJ_pkcs7_encrypted OBJ_pkcs7,6L + +#define SN_pkcs9 "pkcs9" +#define NID_pkcs9 47 +#define OBJ_pkcs9 OBJ_pkcs,9L + +#define LN_pkcs9_emailAddress "emailAddress" +#define NID_pkcs9_emailAddress 48 +#define OBJ_pkcs9_emailAddress OBJ_pkcs9,1L + +#define LN_pkcs9_unstructuredName "unstructuredName" +#define NID_pkcs9_unstructuredName 49 +#define OBJ_pkcs9_unstructuredName OBJ_pkcs9,2L + +#define LN_pkcs9_contentType "contentType" +#define NID_pkcs9_contentType 50 +#define OBJ_pkcs9_contentType OBJ_pkcs9,3L + +#define LN_pkcs9_messageDigest "messageDigest" +#define NID_pkcs9_messageDigest 51 +#define OBJ_pkcs9_messageDigest OBJ_pkcs9,4L + +#define LN_pkcs9_signingTime "signingTime" +#define NID_pkcs9_signingTime 52 +#define OBJ_pkcs9_signingTime OBJ_pkcs9,5L + +#define LN_pkcs9_countersignature "countersignature" +#define NID_pkcs9_countersignature 53 +#define OBJ_pkcs9_countersignature OBJ_pkcs9,6L + +#define LN_pkcs9_challengePassword "challengePassword" +#define NID_pkcs9_challengePassword 54 +#define OBJ_pkcs9_challengePassword OBJ_pkcs9,7L + +#define LN_pkcs9_unstructuredAddress "unstructuredAddress" +#define NID_pkcs9_unstructuredAddress 55 +#define OBJ_pkcs9_unstructuredAddress OBJ_pkcs9,8L + +#define LN_pkcs9_extCertAttributes "extendedCertificateAttributes" +#define NID_pkcs9_extCertAttributes 56 +#define OBJ_pkcs9_extCertAttributes OBJ_pkcs9,9L + +#define SN_ext_req "extReq" +#define LN_ext_req "Extension Request" +#define NID_ext_req 172 +#define OBJ_ext_req OBJ_pkcs9,14L + +#define SN_SMIMECapabilities "SMIME-CAPS" +#define LN_SMIMECapabilities "S/MIME Capabilities" +#define NID_SMIMECapabilities 167 +#define OBJ_SMIMECapabilities OBJ_pkcs9,15L + +#define SN_SMIME "SMIME" +#define LN_SMIME "S/MIME" +#define NID_SMIME 188 +#define OBJ_SMIME OBJ_pkcs9,16L + +#define SN_id_smime_mod "id-smime-mod" +#define NID_id_smime_mod 189 +#define OBJ_id_smime_mod OBJ_SMIME,0L + +#define SN_id_smime_ct "id-smime-ct" +#define NID_id_smime_ct 190 +#define OBJ_id_smime_ct OBJ_SMIME,1L + +#define SN_id_smime_aa "id-smime-aa" +#define NID_id_smime_aa 191 +#define OBJ_id_smime_aa OBJ_SMIME,2L + +#define SN_id_smime_alg "id-smime-alg" +#define NID_id_smime_alg 192 +#define OBJ_id_smime_alg OBJ_SMIME,3L + +#define SN_id_smime_cd "id-smime-cd" +#define NID_id_smime_cd 193 +#define OBJ_id_smime_cd OBJ_SMIME,4L + +#define SN_id_smime_spq "id-smime-spq" +#define NID_id_smime_spq 194 +#define OBJ_id_smime_spq OBJ_SMIME,5L + +#define SN_id_smime_cti "id-smime-cti" +#define NID_id_smime_cti 195 +#define OBJ_id_smime_cti OBJ_SMIME,6L + +#define SN_id_smime_mod_cms "id-smime-mod-cms" +#define NID_id_smime_mod_cms 196 +#define OBJ_id_smime_mod_cms OBJ_id_smime_mod,1L + +#define SN_id_smime_mod_ess "id-smime-mod-ess" +#define NID_id_smime_mod_ess 197 +#define OBJ_id_smime_mod_ess OBJ_id_smime_mod,2L + +#define SN_id_smime_mod_oid "id-smime-mod-oid" +#define NID_id_smime_mod_oid 198 +#define OBJ_id_smime_mod_oid OBJ_id_smime_mod,3L + +#define SN_id_smime_mod_msg_v3 "id-smime-mod-msg-v3" +#define NID_id_smime_mod_msg_v3 199 +#define OBJ_id_smime_mod_msg_v3 OBJ_id_smime_mod,4L + +#define SN_id_smime_mod_ets_eSignature_88 "id-smime-mod-ets-eSignature-88" +#define NID_id_smime_mod_ets_eSignature_88 200 +#define OBJ_id_smime_mod_ets_eSignature_88 OBJ_id_smime_mod,5L + +#define SN_id_smime_mod_ets_eSignature_97 "id-smime-mod-ets-eSignature-97" +#define NID_id_smime_mod_ets_eSignature_97 201 +#define OBJ_id_smime_mod_ets_eSignature_97 OBJ_id_smime_mod,6L + +#define SN_id_smime_mod_ets_eSigPolicy_88 "id-smime-mod-ets-eSigPolicy-88" +#define NID_id_smime_mod_ets_eSigPolicy_88 202 +#define OBJ_id_smime_mod_ets_eSigPolicy_88 OBJ_id_smime_mod,7L + +#define SN_id_smime_mod_ets_eSigPolicy_97 "id-smime-mod-ets-eSigPolicy-97" +#define NID_id_smime_mod_ets_eSigPolicy_97 203 +#define OBJ_id_smime_mod_ets_eSigPolicy_97 OBJ_id_smime_mod,8L + +#define SN_id_smime_ct_receipt "id-smime-ct-receipt" +#define NID_id_smime_ct_receipt 204 +#define OBJ_id_smime_ct_receipt OBJ_id_smime_ct,1L + +#define SN_id_smime_ct_authData "id-smime-ct-authData" +#define NID_id_smime_ct_authData 205 +#define OBJ_id_smime_ct_authData OBJ_id_smime_ct,2L + +#define SN_id_smime_ct_publishCert "id-smime-ct-publishCert" +#define NID_id_smime_ct_publishCert 206 +#define OBJ_id_smime_ct_publishCert OBJ_id_smime_ct,3L + +#define SN_id_smime_ct_TSTInfo "id-smime-ct-TSTInfo" +#define NID_id_smime_ct_TSTInfo 207 +#define OBJ_id_smime_ct_TSTInfo OBJ_id_smime_ct,4L + +#define SN_id_smime_ct_TDTInfo "id-smime-ct-TDTInfo" +#define NID_id_smime_ct_TDTInfo 208 +#define OBJ_id_smime_ct_TDTInfo OBJ_id_smime_ct,5L + +#define SN_id_smime_ct_contentInfo "id-smime-ct-contentInfo" +#define NID_id_smime_ct_contentInfo 209 +#define OBJ_id_smime_ct_contentInfo OBJ_id_smime_ct,6L + +#define SN_id_smime_ct_DVCSRequestData "id-smime-ct-DVCSRequestData" +#define NID_id_smime_ct_DVCSRequestData 210 +#define OBJ_id_smime_ct_DVCSRequestData OBJ_id_smime_ct,7L + +#define SN_id_smime_ct_DVCSResponseData "id-smime-ct-DVCSResponseData" +#define NID_id_smime_ct_DVCSResponseData 211 +#define OBJ_id_smime_ct_DVCSResponseData OBJ_id_smime_ct,8L + +#define SN_id_smime_ct_compressedData "id-smime-ct-compressedData" +#define NID_id_smime_ct_compressedData 786 +#define OBJ_id_smime_ct_compressedData OBJ_id_smime_ct,9L + +#define SN_id_smime_ct_contentCollection "id-smime-ct-contentCollection" +#define NID_id_smime_ct_contentCollection 1058 +#define OBJ_id_smime_ct_contentCollection OBJ_id_smime_ct,19L + +#define SN_id_smime_ct_authEnvelopedData "id-smime-ct-authEnvelopedData" +#define NID_id_smime_ct_authEnvelopedData 1059 +#define OBJ_id_smime_ct_authEnvelopedData OBJ_id_smime_ct,23L + +#define SN_id_ct_asciiTextWithCRLF "id-ct-asciiTextWithCRLF" +#define NID_id_ct_asciiTextWithCRLF 787 +#define OBJ_id_ct_asciiTextWithCRLF OBJ_id_smime_ct,27L + +#define SN_id_ct_xml "id-ct-xml" +#define NID_id_ct_xml 1060 +#define OBJ_id_ct_xml OBJ_id_smime_ct,28L + +#define SN_id_smime_aa_receiptRequest "id-smime-aa-receiptRequest" +#define NID_id_smime_aa_receiptRequest 212 +#define OBJ_id_smime_aa_receiptRequest OBJ_id_smime_aa,1L + +#define SN_id_smime_aa_securityLabel "id-smime-aa-securityLabel" +#define NID_id_smime_aa_securityLabel 213 +#define OBJ_id_smime_aa_securityLabel OBJ_id_smime_aa,2L + +#define SN_id_smime_aa_mlExpandHistory "id-smime-aa-mlExpandHistory" +#define NID_id_smime_aa_mlExpandHistory 214 +#define OBJ_id_smime_aa_mlExpandHistory OBJ_id_smime_aa,3L + +#define SN_id_smime_aa_contentHint "id-smime-aa-contentHint" +#define NID_id_smime_aa_contentHint 215 +#define OBJ_id_smime_aa_contentHint OBJ_id_smime_aa,4L + +#define SN_id_smime_aa_msgSigDigest "id-smime-aa-msgSigDigest" +#define NID_id_smime_aa_msgSigDigest 216 +#define OBJ_id_smime_aa_msgSigDigest OBJ_id_smime_aa,5L + +#define SN_id_smime_aa_encapContentType "id-smime-aa-encapContentType" +#define NID_id_smime_aa_encapContentType 217 +#define OBJ_id_smime_aa_encapContentType OBJ_id_smime_aa,6L + +#define SN_id_smime_aa_contentIdentifier "id-smime-aa-contentIdentifier" +#define NID_id_smime_aa_contentIdentifier 218 +#define OBJ_id_smime_aa_contentIdentifier OBJ_id_smime_aa,7L + +#define SN_id_smime_aa_macValue "id-smime-aa-macValue" +#define NID_id_smime_aa_macValue 219 +#define OBJ_id_smime_aa_macValue OBJ_id_smime_aa,8L + +#define SN_id_smime_aa_equivalentLabels "id-smime-aa-equivalentLabels" +#define NID_id_smime_aa_equivalentLabels 220 +#define OBJ_id_smime_aa_equivalentLabels OBJ_id_smime_aa,9L + +#define SN_id_smime_aa_contentReference "id-smime-aa-contentReference" +#define NID_id_smime_aa_contentReference 221 +#define OBJ_id_smime_aa_contentReference OBJ_id_smime_aa,10L + +#define SN_id_smime_aa_encrypKeyPref "id-smime-aa-encrypKeyPref" +#define NID_id_smime_aa_encrypKeyPref 222 +#define OBJ_id_smime_aa_encrypKeyPref OBJ_id_smime_aa,11L + +#define SN_id_smime_aa_signingCertificate "id-smime-aa-signingCertificate" +#define NID_id_smime_aa_signingCertificate 223 +#define OBJ_id_smime_aa_signingCertificate OBJ_id_smime_aa,12L + +#define SN_id_smime_aa_smimeEncryptCerts "id-smime-aa-smimeEncryptCerts" +#define NID_id_smime_aa_smimeEncryptCerts 224 +#define OBJ_id_smime_aa_smimeEncryptCerts OBJ_id_smime_aa,13L + +#define SN_id_smime_aa_timeStampToken "id-smime-aa-timeStampToken" +#define NID_id_smime_aa_timeStampToken 225 +#define OBJ_id_smime_aa_timeStampToken OBJ_id_smime_aa,14L + +#define SN_id_smime_aa_ets_sigPolicyId "id-smime-aa-ets-sigPolicyId" +#define NID_id_smime_aa_ets_sigPolicyId 226 +#define OBJ_id_smime_aa_ets_sigPolicyId OBJ_id_smime_aa,15L + +#define SN_id_smime_aa_ets_commitmentType "id-smime-aa-ets-commitmentType" +#define NID_id_smime_aa_ets_commitmentType 227 +#define OBJ_id_smime_aa_ets_commitmentType OBJ_id_smime_aa,16L + +#define SN_id_smime_aa_ets_signerLocation "id-smime-aa-ets-signerLocation" +#define NID_id_smime_aa_ets_signerLocation 228 +#define OBJ_id_smime_aa_ets_signerLocation OBJ_id_smime_aa,17L + +#define SN_id_smime_aa_ets_signerAttr "id-smime-aa-ets-signerAttr" +#define NID_id_smime_aa_ets_signerAttr 229 +#define OBJ_id_smime_aa_ets_signerAttr OBJ_id_smime_aa,18L + +#define SN_id_smime_aa_ets_otherSigCert "id-smime-aa-ets-otherSigCert" +#define NID_id_smime_aa_ets_otherSigCert 230 +#define OBJ_id_smime_aa_ets_otherSigCert OBJ_id_smime_aa,19L + +#define SN_id_smime_aa_ets_contentTimestamp "id-smime-aa-ets-contentTimestamp" +#define NID_id_smime_aa_ets_contentTimestamp 231 +#define OBJ_id_smime_aa_ets_contentTimestamp OBJ_id_smime_aa,20L + +#define SN_id_smime_aa_ets_CertificateRefs "id-smime-aa-ets-CertificateRefs" +#define NID_id_smime_aa_ets_CertificateRefs 232 +#define OBJ_id_smime_aa_ets_CertificateRefs OBJ_id_smime_aa,21L + +#define SN_id_smime_aa_ets_RevocationRefs "id-smime-aa-ets-RevocationRefs" +#define NID_id_smime_aa_ets_RevocationRefs 233 +#define OBJ_id_smime_aa_ets_RevocationRefs OBJ_id_smime_aa,22L + +#define SN_id_smime_aa_ets_certValues "id-smime-aa-ets-certValues" +#define NID_id_smime_aa_ets_certValues 234 +#define OBJ_id_smime_aa_ets_certValues OBJ_id_smime_aa,23L + +#define SN_id_smime_aa_ets_revocationValues "id-smime-aa-ets-revocationValues" +#define NID_id_smime_aa_ets_revocationValues 235 +#define OBJ_id_smime_aa_ets_revocationValues OBJ_id_smime_aa,24L + +#define SN_id_smime_aa_ets_escTimeStamp "id-smime-aa-ets-escTimeStamp" +#define NID_id_smime_aa_ets_escTimeStamp 236 +#define OBJ_id_smime_aa_ets_escTimeStamp OBJ_id_smime_aa,25L + +#define SN_id_smime_aa_ets_certCRLTimestamp "id-smime-aa-ets-certCRLTimestamp" +#define NID_id_smime_aa_ets_certCRLTimestamp 237 +#define OBJ_id_smime_aa_ets_certCRLTimestamp OBJ_id_smime_aa,26L + +#define SN_id_smime_aa_ets_archiveTimeStamp "id-smime-aa-ets-archiveTimeStamp" +#define NID_id_smime_aa_ets_archiveTimeStamp 238 +#define OBJ_id_smime_aa_ets_archiveTimeStamp OBJ_id_smime_aa,27L + +#define SN_id_smime_aa_signatureType "id-smime-aa-signatureType" +#define NID_id_smime_aa_signatureType 239 +#define OBJ_id_smime_aa_signatureType OBJ_id_smime_aa,28L + +#define SN_id_smime_aa_dvcs_dvc "id-smime-aa-dvcs-dvc" +#define NID_id_smime_aa_dvcs_dvc 240 +#define OBJ_id_smime_aa_dvcs_dvc OBJ_id_smime_aa,29L + +#define SN_id_smime_aa_signingCertificateV2 "id-smime-aa-signingCertificateV2" +#define NID_id_smime_aa_signingCertificateV2 1086 +#define OBJ_id_smime_aa_signingCertificateV2 OBJ_id_smime_aa,47L + +#define SN_id_smime_alg_ESDHwith3DES "id-smime-alg-ESDHwith3DES" +#define NID_id_smime_alg_ESDHwith3DES 241 +#define OBJ_id_smime_alg_ESDHwith3DES OBJ_id_smime_alg,1L + +#define SN_id_smime_alg_ESDHwithRC2 "id-smime-alg-ESDHwithRC2" +#define NID_id_smime_alg_ESDHwithRC2 242 +#define OBJ_id_smime_alg_ESDHwithRC2 OBJ_id_smime_alg,2L + +#define SN_id_smime_alg_3DESwrap "id-smime-alg-3DESwrap" +#define NID_id_smime_alg_3DESwrap 243 +#define OBJ_id_smime_alg_3DESwrap OBJ_id_smime_alg,3L + +#define SN_id_smime_alg_RC2wrap "id-smime-alg-RC2wrap" +#define NID_id_smime_alg_RC2wrap 244 +#define OBJ_id_smime_alg_RC2wrap OBJ_id_smime_alg,4L + +#define SN_id_smime_alg_ESDH "id-smime-alg-ESDH" +#define NID_id_smime_alg_ESDH 245 +#define OBJ_id_smime_alg_ESDH OBJ_id_smime_alg,5L + +#define SN_id_smime_alg_CMS3DESwrap "id-smime-alg-CMS3DESwrap" +#define NID_id_smime_alg_CMS3DESwrap 246 +#define OBJ_id_smime_alg_CMS3DESwrap OBJ_id_smime_alg,6L + +#define SN_id_smime_alg_CMSRC2wrap "id-smime-alg-CMSRC2wrap" +#define NID_id_smime_alg_CMSRC2wrap 247 +#define OBJ_id_smime_alg_CMSRC2wrap OBJ_id_smime_alg,7L + +#define SN_id_alg_PWRI_KEK "id-alg-PWRI-KEK" +#define NID_id_alg_PWRI_KEK 893 +#define OBJ_id_alg_PWRI_KEK OBJ_id_smime_alg,9L + +#define SN_id_smime_cd_ldap "id-smime-cd-ldap" +#define NID_id_smime_cd_ldap 248 +#define OBJ_id_smime_cd_ldap OBJ_id_smime_cd,1L + +#define SN_id_smime_spq_ets_sqt_uri "id-smime-spq-ets-sqt-uri" +#define NID_id_smime_spq_ets_sqt_uri 249 +#define OBJ_id_smime_spq_ets_sqt_uri OBJ_id_smime_spq,1L + +#define SN_id_smime_spq_ets_sqt_unotice "id-smime-spq-ets-sqt-unotice" +#define NID_id_smime_spq_ets_sqt_unotice 250 +#define OBJ_id_smime_spq_ets_sqt_unotice OBJ_id_smime_spq,2L + +#define SN_id_smime_cti_ets_proofOfOrigin "id-smime-cti-ets-proofOfOrigin" +#define NID_id_smime_cti_ets_proofOfOrigin 251 +#define OBJ_id_smime_cti_ets_proofOfOrigin OBJ_id_smime_cti,1L + +#define SN_id_smime_cti_ets_proofOfReceipt "id-smime-cti-ets-proofOfReceipt" +#define NID_id_smime_cti_ets_proofOfReceipt 252 +#define OBJ_id_smime_cti_ets_proofOfReceipt OBJ_id_smime_cti,2L + +#define SN_id_smime_cti_ets_proofOfDelivery "id-smime-cti-ets-proofOfDelivery" +#define NID_id_smime_cti_ets_proofOfDelivery 253 +#define OBJ_id_smime_cti_ets_proofOfDelivery OBJ_id_smime_cti,3L + +#define SN_id_smime_cti_ets_proofOfSender "id-smime-cti-ets-proofOfSender" +#define NID_id_smime_cti_ets_proofOfSender 254 +#define OBJ_id_smime_cti_ets_proofOfSender OBJ_id_smime_cti,4L + +#define SN_id_smime_cti_ets_proofOfApproval "id-smime-cti-ets-proofOfApproval" +#define NID_id_smime_cti_ets_proofOfApproval 255 +#define OBJ_id_smime_cti_ets_proofOfApproval OBJ_id_smime_cti,5L + +#define SN_id_smime_cti_ets_proofOfCreation "id-smime-cti-ets-proofOfCreation" +#define NID_id_smime_cti_ets_proofOfCreation 256 +#define OBJ_id_smime_cti_ets_proofOfCreation OBJ_id_smime_cti,6L + +#define LN_friendlyName "friendlyName" +#define NID_friendlyName 156 +#define OBJ_friendlyName OBJ_pkcs9,20L + +#define LN_localKeyID "localKeyID" +#define NID_localKeyID 157 +#define OBJ_localKeyID OBJ_pkcs9,21L + +#define SN_ms_csp_name "CSPName" +#define LN_ms_csp_name "Microsoft CSP Name" +#define NID_ms_csp_name 417 +#define OBJ_ms_csp_name 1L,3L,6L,1L,4L,1L,311L,17L,1L + +#define SN_LocalKeySet "LocalKeySet" +#define LN_LocalKeySet "Microsoft Local Key set" +#define NID_LocalKeySet 856 +#define OBJ_LocalKeySet 1L,3L,6L,1L,4L,1L,311L,17L,2L + +#define OBJ_certTypes OBJ_pkcs9,22L + +#define LN_x509Certificate "x509Certificate" +#define NID_x509Certificate 158 +#define OBJ_x509Certificate OBJ_certTypes,1L + +#define LN_sdsiCertificate "sdsiCertificate" +#define NID_sdsiCertificate 159 +#define OBJ_sdsiCertificate OBJ_certTypes,2L + +#define OBJ_crlTypes OBJ_pkcs9,23L + +#define LN_x509Crl "x509Crl" +#define NID_x509Crl 160 +#define OBJ_x509Crl OBJ_crlTypes,1L + +#define OBJ_pkcs12 OBJ_pkcs,12L + +#define OBJ_pkcs12_pbeids OBJ_pkcs12,1L + +#define SN_pbe_WithSHA1And128BitRC4 "PBE-SHA1-RC4-128" +#define LN_pbe_WithSHA1And128BitRC4 "pbeWithSHA1And128BitRC4" +#define NID_pbe_WithSHA1And128BitRC4 144 +#define OBJ_pbe_WithSHA1And128BitRC4 OBJ_pkcs12_pbeids,1L + +#define SN_pbe_WithSHA1And40BitRC4 "PBE-SHA1-RC4-40" +#define LN_pbe_WithSHA1And40BitRC4 "pbeWithSHA1And40BitRC4" +#define NID_pbe_WithSHA1And40BitRC4 145 +#define OBJ_pbe_WithSHA1And40BitRC4 OBJ_pkcs12_pbeids,2L + +#define SN_pbe_WithSHA1And3_Key_TripleDES_CBC "PBE-SHA1-3DES" +#define LN_pbe_WithSHA1And3_Key_TripleDES_CBC "pbeWithSHA1And3-KeyTripleDES-CBC" +#define NID_pbe_WithSHA1And3_Key_TripleDES_CBC 146 +#define OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC OBJ_pkcs12_pbeids,3L + +#define SN_pbe_WithSHA1And2_Key_TripleDES_CBC "PBE-SHA1-2DES" +#define LN_pbe_WithSHA1And2_Key_TripleDES_CBC "pbeWithSHA1And2-KeyTripleDES-CBC" +#define NID_pbe_WithSHA1And2_Key_TripleDES_CBC 147 +#define OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC OBJ_pkcs12_pbeids,4L + +#define SN_pbe_WithSHA1And128BitRC2_CBC "PBE-SHA1-RC2-128" +#define LN_pbe_WithSHA1And128BitRC2_CBC "pbeWithSHA1And128BitRC2-CBC" +#define NID_pbe_WithSHA1And128BitRC2_CBC 148 +#define OBJ_pbe_WithSHA1And128BitRC2_CBC OBJ_pkcs12_pbeids,5L + +#define SN_pbe_WithSHA1And40BitRC2_CBC "PBE-SHA1-RC2-40" +#define LN_pbe_WithSHA1And40BitRC2_CBC "pbeWithSHA1And40BitRC2-CBC" +#define NID_pbe_WithSHA1And40BitRC2_CBC 149 +#define OBJ_pbe_WithSHA1And40BitRC2_CBC OBJ_pkcs12_pbeids,6L + +#define OBJ_pkcs12_Version1 OBJ_pkcs12,10L + +#define OBJ_pkcs12_BagIds OBJ_pkcs12_Version1,1L + +#define LN_keyBag "keyBag" +#define NID_keyBag 150 +#define OBJ_keyBag OBJ_pkcs12_BagIds,1L + +#define LN_pkcs8ShroudedKeyBag "pkcs8ShroudedKeyBag" +#define NID_pkcs8ShroudedKeyBag 151 +#define OBJ_pkcs8ShroudedKeyBag OBJ_pkcs12_BagIds,2L + +#define LN_certBag "certBag" +#define NID_certBag 152 +#define OBJ_certBag OBJ_pkcs12_BagIds,3L + +#define LN_crlBag "crlBag" +#define NID_crlBag 153 +#define OBJ_crlBag OBJ_pkcs12_BagIds,4L + +#define LN_secretBag "secretBag" +#define NID_secretBag 154 +#define OBJ_secretBag OBJ_pkcs12_BagIds,5L + +#define LN_safeContentsBag "safeContentsBag" +#define NID_safeContentsBag 155 +#define OBJ_safeContentsBag OBJ_pkcs12_BagIds,6L + +#define SN_md2 "MD2" +#define LN_md2 "md2" +#define NID_md2 3 +#define OBJ_md2 OBJ_rsadsi,2L,2L + +#define SN_md4 "MD4" +#define LN_md4 "md4" +#define NID_md4 257 +#define OBJ_md4 OBJ_rsadsi,2L,4L + +#define SN_md5 "MD5" +#define LN_md5 "md5" +#define NID_md5 4 +#define OBJ_md5 OBJ_rsadsi,2L,5L + +#define SN_md5_sha1 "MD5-SHA1" +#define LN_md5_sha1 "md5-sha1" +#define NID_md5_sha1 114 + +#define LN_hmacWithMD5 "hmacWithMD5" +#define NID_hmacWithMD5 797 +#define OBJ_hmacWithMD5 OBJ_rsadsi,2L,6L + +#define LN_hmacWithSHA1 "hmacWithSHA1" +#define NID_hmacWithSHA1 163 +#define OBJ_hmacWithSHA1 OBJ_rsadsi,2L,7L + +#define SN_sm2 "SM2" +#define LN_sm2 "sm2" +#define NID_sm2 1172 +#define OBJ_sm2 OBJ_sm_scheme,301L + +#define SN_sm3 "SM3" +#define LN_sm3 "sm3" +#define NID_sm3 1143 +#define OBJ_sm3 OBJ_sm_scheme,401L + +#define SN_sm3WithRSAEncryption "RSA-SM3" +#define LN_sm3WithRSAEncryption "sm3WithRSAEncryption" +#define NID_sm3WithRSAEncryption 1144 +#define OBJ_sm3WithRSAEncryption OBJ_sm_scheme,504L + +#define SN_SM2_with_SM3 "SM2-SM3" +#define LN_SM2_with_SM3 "SM2-with-SM3" +#define NID_SM2_with_SM3 1204 +#define OBJ_SM2_with_SM3 OBJ_sm_scheme,501L + +#define LN_hmacWithSHA224 "hmacWithSHA224" +#define NID_hmacWithSHA224 798 +#define OBJ_hmacWithSHA224 OBJ_rsadsi,2L,8L + +#define LN_hmacWithSHA256 "hmacWithSHA256" +#define NID_hmacWithSHA256 799 +#define OBJ_hmacWithSHA256 OBJ_rsadsi,2L,9L + +#define LN_hmacWithSHA384 "hmacWithSHA384" +#define NID_hmacWithSHA384 800 +#define OBJ_hmacWithSHA384 OBJ_rsadsi,2L,10L + +#define LN_hmacWithSHA512 "hmacWithSHA512" +#define NID_hmacWithSHA512 801 +#define OBJ_hmacWithSHA512 OBJ_rsadsi,2L,11L + +#define LN_hmacWithSHA512_224 "hmacWithSHA512-224" +#define NID_hmacWithSHA512_224 1193 +#define OBJ_hmacWithSHA512_224 OBJ_rsadsi,2L,12L + +#define LN_hmacWithSHA512_256 "hmacWithSHA512-256" +#define NID_hmacWithSHA512_256 1194 +#define OBJ_hmacWithSHA512_256 OBJ_rsadsi,2L,13L + +#define SN_rc2_cbc "RC2-CBC" +#define LN_rc2_cbc "rc2-cbc" +#define NID_rc2_cbc 37 +#define OBJ_rc2_cbc OBJ_rsadsi,3L,2L + +#define SN_rc2_ecb "RC2-ECB" +#define LN_rc2_ecb "rc2-ecb" +#define NID_rc2_ecb 38 + +#define SN_rc2_cfb64 "RC2-CFB" +#define LN_rc2_cfb64 "rc2-cfb" +#define NID_rc2_cfb64 39 + +#define SN_rc2_ofb64 "RC2-OFB" +#define LN_rc2_ofb64 "rc2-ofb" +#define NID_rc2_ofb64 40 + +#define SN_rc2_40_cbc "RC2-40-CBC" +#define LN_rc2_40_cbc "rc2-40-cbc" +#define NID_rc2_40_cbc 98 + +#define SN_rc2_64_cbc "RC2-64-CBC" +#define LN_rc2_64_cbc "rc2-64-cbc" +#define NID_rc2_64_cbc 166 + +#define SN_rc4 "RC4" +#define LN_rc4 "rc4" +#define NID_rc4 5 +#define OBJ_rc4 OBJ_rsadsi,3L,4L + +#define SN_rc4_40 "RC4-40" +#define LN_rc4_40 "rc4-40" +#define NID_rc4_40 97 + +#define SN_des_ede3_cbc "DES-EDE3-CBC" +#define LN_des_ede3_cbc "des-ede3-cbc" +#define NID_des_ede3_cbc 44 +#define OBJ_des_ede3_cbc OBJ_rsadsi,3L,7L + +#define SN_rc5_cbc "RC5-CBC" +#define LN_rc5_cbc "rc5-cbc" +#define NID_rc5_cbc 120 +#define OBJ_rc5_cbc OBJ_rsadsi,3L,8L + +#define SN_rc5_ecb "RC5-ECB" +#define LN_rc5_ecb "rc5-ecb" +#define NID_rc5_ecb 121 + +#define SN_rc5_cfb64 "RC5-CFB" +#define LN_rc5_cfb64 "rc5-cfb" +#define NID_rc5_cfb64 122 + +#define SN_rc5_ofb64 "RC5-OFB" +#define LN_rc5_ofb64 "rc5-ofb" +#define NID_rc5_ofb64 123 + +#define SN_ms_ext_req "msExtReq" +#define LN_ms_ext_req "Microsoft Extension Request" +#define NID_ms_ext_req 171 +#define OBJ_ms_ext_req 1L,3L,6L,1L,4L,1L,311L,2L,1L,14L + +#define SN_ms_code_ind "msCodeInd" +#define LN_ms_code_ind "Microsoft Individual Code Signing" +#define NID_ms_code_ind 134 +#define OBJ_ms_code_ind 1L,3L,6L,1L,4L,1L,311L,2L,1L,21L + +#define SN_ms_code_com "msCodeCom" +#define LN_ms_code_com "Microsoft Commercial Code Signing" +#define NID_ms_code_com 135 +#define OBJ_ms_code_com 1L,3L,6L,1L,4L,1L,311L,2L,1L,22L + +#define SN_ms_ctl_sign "msCTLSign" +#define LN_ms_ctl_sign "Microsoft Trust List Signing" +#define NID_ms_ctl_sign 136 +#define OBJ_ms_ctl_sign 1L,3L,6L,1L,4L,1L,311L,10L,3L,1L + +#define SN_ms_sgc "msSGC" +#define LN_ms_sgc "Microsoft Server Gated Crypto" +#define NID_ms_sgc 137 +#define OBJ_ms_sgc 1L,3L,6L,1L,4L,1L,311L,10L,3L,3L + +#define SN_ms_efs "msEFS" +#define LN_ms_efs "Microsoft Encrypted File System" +#define NID_ms_efs 138 +#define OBJ_ms_efs 1L,3L,6L,1L,4L,1L,311L,10L,3L,4L + +#define SN_ms_smartcard_login "msSmartcardLogin" +#define LN_ms_smartcard_login "Microsoft Smartcard Login" +#define NID_ms_smartcard_login 648 +#define OBJ_ms_smartcard_login 1L,3L,6L,1L,4L,1L,311L,20L,2L,2L + +#define SN_ms_upn "msUPN" +#define LN_ms_upn "Microsoft User Principal Name" +#define NID_ms_upn 649 +#define OBJ_ms_upn 1L,3L,6L,1L,4L,1L,311L,20L,2L,3L + +#define SN_idea_cbc "IDEA-CBC" +#define LN_idea_cbc "idea-cbc" +#define NID_idea_cbc 34 +#define OBJ_idea_cbc 1L,3L,6L,1L,4L,1L,188L,7L,1L,1L,2L + +#define SN_idea_ecb "IDEA-ECB" +#define LN_idea_ecb "idea-ecb" +#define NID_idea_ecb 36 + +#define SN_idea_cfb64 "IDEA-CFB" +#define LN_idea_cfb64 "idea-cfb" +#define NID_idea_cfb64 35 + +#define SN_idea_ofb64 "IDEA-OFB" +#define LN_idea_ofb64 "idea-ofb" +#define NID_idea_ofb64 46 + +#define SN_bf_cbc "BF-CBC" +#define LN_bf_cbc "bf-cbc" +#define NID_bf_cbc 91 +#define OBJ_bf_cbc 1L,3L,6L,1L,4L,1L,3029L,1L,2L + +#define SN_bf_ecb "BF-ECB" +#define LN_bf_ecb "bf-ecb" +#define NID_bf_ecb 92 + +#define SN_bf_cfb64 "BF-CFB" +#define LN_bf_cfb64 "bf-cfb" +#define NID_bf_cfb64 93 + +#define SN_bf_ofb64 "BF-OFB" +#define LN_bf_ofb64 "bf-ofb" +#define NID_bf_ofb64 94 + +#define SN_id_pkix "PKIX" +#define NID_id_pkix 127 +#define OBJ_id_pkix 1L,3L,6L,1L,5L,5L,7L + +#define SN_id_pkix_mod "id-pkix-mod" +#define NID_id_pkix_mod 258 +#define OBJ_id_pkix_mod OBJ_id_pkix,0L + +#define SN_id_pe "id-pe" +#define NID_id_pe 175 +#define OBJ_id_pe OBJ_id_pkix,1L + +#define SN_id_qt "id-qt" +#define NID_id_qt 259 +#define OBJ_id_qt OBJ_id_pkix,2L + +#define SN_id_kp "id-kp" +#define NID_id_kp 128 +#define OBJ_id_kp OBJ_id_pkix,3L + +#define SN_id_it "id-it" +#define NID_id_it 260 +#define OBJ_id_it OBJ_id_pkix,4L + +#define SN_id_pkip "id-pkip" +#define NID_id_pkip 261 +#define OBJ_id_pkip OBJ_id_pkix,5L + +#define SN_id_alg "id-alg" +#define NID_id_alg 262 +#define OBJ_id_alg OBJ_id_pkix,6L + +#define SN_id_cmc "id-cmc" +#define NID_id_cmc 263 +#define OBJ_id_cmc OBJ_id_pkix,7L + +#define SN_id_on "id-on" +#define NID_id_on 264 +#define OBJ_id_on OBJ_id_pkix,8L + +#define SN_id_pda "id-pda" +#define NID_id_pda 265 +#define OBJ_id_pda OBJ_id_pkix,9L + +#define SN_id_aca "id-aca" +#define NID_id_aca 266 +#define OBJ_id_aca OBJ_id_pkix,10L + +#define SN_id_qcs "id-qcs" +#define NID_id_qcs 267 +#define OBJ_id_qcs OBJ_id_pkix,11L + +#define SN_id_cct "id-cct" +#define NID_id_cct 268 +#define OBJ_id_cct OBJ_id_pkix,12L + +#define SN_id_ppl "id-ppl" +#define NID_id_ppl 662 +#define OBJ_id_ppl OBJ_id_pkix,21L + +#define SN_id_ad "id-ad" +#define NID_id_ad 176 +#define OBJ_id_ad OBJ_id_pkix,48L + +#define SN_id_pkix1_explicit_88 "id-pkix1-explicit-88" +#define NID_id_pkix1_explicit_88 269 +#define OBJ_id_pkix1_explicit_88 OBJ_id_pkix_mod,1L + +#define SN_id_pkix1_implicit_88 "id-pkix1-implicit-88" +#define NID_id_pkix1_implicit_88 270 +#define OBJ_id_pkix1_implicit_88 OBJ_id_pkix_mod,2L + +#define SN_id_pkix1_explicit_93 "id-pkix1-explicit-93" +#define NID_id_pkix1_explicit_93 271 +#define OBJ_id_pkix1_explicit_93 OBJ_id_pkix_mod,3L + +#define SN_id_pkix1_implicit_93 "id-pkix1-implicit-93" +#define NID_id_pkix1_implicit_93 272 +#define OBJ_id_pkix1_implicit_93 OBJ_id_pkix_mod,4L + +#define SN_id_mod_crmf "id-mod-crmf" +#define NID_id_mod_crmf 273 +#define OBJ_id_mod_crmf OBJ_id_pkix_mod,5L + +#define SN_id_mod_cmc "id-mod-cmc" +#define NID_id_mod_cmc 274 +#define OBJ_id_mod_cmc OBJ_id_pkix_mod,6L + +#define SN_id_mod_kea_profile_88 "id-mod-kea-profile-88" +#define NID_id_mod_kea_profile_88 275 +#define OBJ_id_mod_kea_profile_88 OBJ_id_pkix_mod,7L + +#define SN_id_mod_kea_profile_93 "id-mod-kea-profile-93" +#define NID_id_mod_kea_profile_93 276 +#define OBJ_id_mod_kea_profile_93 OBJ_id_pkix_mod,8L + +#define SN_id_mod_cmp "id-mod-cmp" +#define NID_id_mod_cmp 277 +#define OBJ_id_mod_cmp OBJ_id_pkix_mod,9L + +#define SN_id_mod_qualified_cert_88 "id-mod-qualified-cert-88" +#define NID_id_mod_qualified_cert_88 278 +#define OBJ_id_mod_qualified_cert_88 OBJ_id_pkix_mod,10L + +#define SN_id_mod_qualified_cert_93 "id-mod-qualified-cert-93" +#define NID_id_mod_qualified_cert_93 279 +#define OBJ_id_mod_qualified_cert_93 OBJ_id_pkix_mod,11L + +#define SN_id_mod_attribute_cert "id-mod-attribute-cert" +#define NID_id_mod_attribute_cert 280 +#define OBJ_id_mod_attribute_cert OBJ_id_pkix_mod,12L + +#define SN_id_mod_timestamp_protocol "id-mod-timestamp-protocol" +#define NID_id_mod_timestamp_protocol 281 +#define OBJ_id_mod_timestamp_protocol OBJ_id_pkix_mod,13L + +#define SN_id_mod_ocsp "id-mod-ocsp" +#define NID_id_mod_ocsp 282 +#define OBJ_id_mod_ocsp OBJ_id_pkix_mod,14L + +#define SN_id_mod_dvcs "id-mod-dvcs" +#define NID_id_mod_dvcs 283 +#define OBJ_id_mod_dvcs OBJ_id_pkix_mod,15L + +#define SN_id_mod_cmp2000 "id-mod-cmp2000" +#define NID_id_mod_cmp2000 284 +#define OBJ_id_mod_cmp2000 OBJ_id_pkix_mod,16L + +#define SN_info_access "authorityInfoAccess" +#define LN_info_access "Authority Information Access" +#define NID_info_access 177 +#define OBJ_info_access OBJ_id_pe,1L + +#define SN_biometricInfo "biometricInfo" +#define LN_biometricInfo "Biometric Info" +#define NID_biometricInfo 285 +#define OBJ_biometricInfo OBJ_id_pe,2L + +#define SN_qcStatements "qcStatements" +#define NID_qcStatements 286 +#define OBJ_qcStatements OBJ_id_pe,3L + +#define SN_ac_auditEntity "ac-auditEntity" +#define NID_ac_auditEntity 287 +#define OBJ_ac_auditEntity OBJ_id_pe,4L + +#define SN_ac_targeting "ac-targeting" +#define NID_ac_targeting 288 +#define OBJ_ac_targeting OBJ_id_pe,5L + +#define SN_aaControls "aaControls" +#define NID_aaControls 289 +#define OBJ_aaControls OBJ_id_pe,6L + +#define SN_sbgp_ipAddrBlock "sbgp-ipAddrBlock" +#define NID_sbgp_ipAddrBlock 290 +#define OBJ_sbgp_ipAddrBlock OBJ_id_pe,7L + +#define SN_sbgp_autonomousSysNum "sbgp-autonomousSysNum" +#define NID_sbgp_autonomousSysNum 291 +#define OBJ_sbgp_autonomousSysNum OBJ_id_pe,8L + +#define SN_sbgp_routerIdentifier "sbgp-routerIdentifier" +#define NID_sbgp_routerIdentifier 292 +#define OBJ_sbgp_routerIdentifier OBJ_id_pe,9L + +#define SN_ac_proxying "ac-proxying" +#define NID_ac_proxying 397 +#define OBJ_ac_proxying OBJ_id_pe,10L + +#define SN_sinfo_access "subjectInfoAccess" +#define LN_sinfo_access "Subject Information Access" +#define NID_sinfo_access 398 +#define OBJ_sinfo_access OBJ_id_pe,11L + +#define SN_proxyCertInfo "proxyCertInfo" +#define LN_proxyCertInfo "Proxy Certificate Information" +#define NID_proxyCertInfo 663 +#define OBJ_proxyCertInfo OBJ_id_pe,14L + +#define SN_tlsfeature "tlsfeature" +#define LN_tlsfeature "TLS Feature" +#define NID_tlsfeature 1020 +#define OBJ_tlsfeature OBJ_id_pe,24L + +#define SN_id_qt_cps "id-qt-cps" +#define LN_id_qt_cps "Policy Qualifier CPS" +#define NID_id_qt_cps 164 +#define OBJ_id_qt_cps OBJ_id_qt,1L + +#define SN_id_qt_unotice "id-qt-unotice" +#define LN_id_qt_unotice "Policy Qualifier User Notice" +#define NID_id_qt_unotice 165 +#define OBJ_id_qt_unotice OBJ_id_qt,2L + +#define SN_textNotice "textNotice" +#define NID_textNotice 293 +#define OBJ_textNotice OBJ_id_qt,3L + +#define SN_server_auth "serverAuth" +#define LN_server_auth "TLS Web Server Authentication" +#define NID_server_auth 129 +#define OBJ_server_auth OBJ_id_kp,1L + +#define SN_client_auth "clientAuth" +#define LN_client_auth "TLS Web Client Authentication" +#define NID_client_auth 130 +#define OBJ_client_auth OBJ_id_kp,2L + +#define SN_code_sign "codeSigning" +#define LN_code_sign "Code Signing" +#define NID_code_sign 131 +#define OBJ_code_sign OBJ_id_kp,3L + +#define SN_email_protect "emailProtection" +#define LN_email_protect "E-mail Protection" +#define NID_email_protect 132 +#define OBJ_email_protect OBJ_id_kp,4L + +#define SN_ipsecEndSystem "ipsecEndSystem" +#define LN_ipsecEndSystem "IPSec End System" +#define NID_ipsecEndSystem 294 +#define OBJ_ipsecEndSystem OBJ_id_kp,5L + +#define SN_ipsecTunnel "ipsecTunnel" +#define LN_ipsecTunnel "IPSec Tunnel" +#define NID_ipsecTunnel 295 +#define OBJ_ipsecTunnel OBJ_id_kp,6L + +#define SN_ipsecUser "ipsecUser" +#define LN_ipsecUser "IPSec User" +#define NID_ipsecUser 296 +#define OBJ_ipsecUser OBJ_id_kp,7L + +#define SN_time_stamp "timeStamping" +#define LN_time_stamp "Time Stamping" +#define NID_time_stamp 133 +#define OBJ_time_stamp OBJ_id_kp,8L + +#define SN_OCSP_sign "OCSPSigning" +#define LN_OCSP_sign "OCSP Signing" +#define NID_OCSP_sign 180 +#define OBJ_OCSP_sign OBJ_id_kp,9L + +#define SN_dvcs "DVCS" +#define LN_dvcs "dvcs" +#define NID_dvcs 297 +#define OBJ_dvcs OBJ_id_kp,10L + +#define SN_ipsec_IKE "ipsecIKE" +#define LN_ipsec_IKE "ipsec Internet Key Exchange" +#define NID_ipsec_IKE 1022 +#define OBJ_ipsec_IKE OBJ_id_kp,17L + +#define SN_capwapAC "capwapAC" +#define LN_capwapAC "Ctrl/provision WAP Access" +#define NID_capwapAC 1023 +#define OBJ_capwapAC OBJ_id_kp,18L + +#define SN_capwapWTP "capwapWTP" +#define LN_capwapWTP "Ctrl/Provision WAP Termination" +#define NID_capwapWTP 1024 +#define OBJ_capwapWTP OBJ_id_kp,19L + +#define SN_sshClient "secureShellClient" +#define LN_sshClient "SSH Client" +#define NID_sshClient 1025 +#define OBJ_sshClient OBJ_id_kp,21L + +#define SN_sshServer "secureShellServer" +#define LN_sshServer "SSH Server" +#define NID_sshServer 1026 +#define OBJ_sshServer OBJ_id_kp,22L + +#define SN_sendRouter "sendRouter" +#define LN_sendRouter "Send Router" +#define NID_sendRouter 1027 +#define OBJ_sendRouter OBJ_id_kp,23L + +#define SN_sendProxiedRouter "sendProxiedRouter" +#define LN_sendProxiedRouter "Send Proxied Router" +#define NID_sendProxiedRouter 1028 +#define OBJ_sendProxiedRouter OBJ_id_kp,24L + +#define SN_sendOwner "sendOwner" +#define LN_sendOwner "Send Owner" +#define NID_sendOwner 1029 +#define OBJ_sendOwner OBJ_id_kp,25L + +#define SN_sendProxiedOwner "sendProxiedOwner" +#define LN_sendProxiedOwner "Send Proxied Owner" +#define NID_sendProxiedOwner 1030 +#define OBJ_sendProxiedOwner OBJ_id_kp,26L + +#define SN_cmcCA "cmcCA" +#define LN_cmcCA "CMC Certificate Authority" +#define NID_cmcCA 1131 +#define OBJ_cmcCA OBJ_id_kp,27L + +#define SN_cmcRA "cmcRA" +#define LN_cmcRA "CMC Registration Authority" +#define NID_cmcRA 1132 +#define OBJ_cmcRA OBJ_id_kp,28L + +#define SN_id_it_caProtEncCert "id-it-caProtEncCert" +#define NID_id_it_caProtEncCert 298 +#define OBJ_id_it_caProtEncCert OBJ_id_it,1L + +#define SN_id_it_signKeyPairTypes "id-it-signKeyPairTypes" +#define NID_id_it_signKeyPairTypes 299 +#define OBJ_id_it_signKeyPairTypes OBJ_id_it,2L + +#define SN_id_it_encKeyPairTypes "id-it-encKeyPairTypes" +#define NID_id_it_encKeyPairTypes 300 +#define OBJ_id_it_encKeyPairTypes OBJ_id_it,3L + +#define SN_id_it_preferredSymmAlg "id-it-preferredSymmAlg" +#define NID_id_it_preferredSymmAlg 301 +#define OBJ_id_it_preferredSymmAlg OBJ_id_it,4L + +#define SN_id_it_caKeyUpdateInfo "id-it-caKeyUpdateInfo" +#define NID_id_it_caKeyUpdateInfo 302 +#define OBJ_id_it_caKeyUpdateInfo OBJ_id_it,5L + +#define SN_id_it_currentCRL "id-it-currentCRL" +#define NID_id_it_currentCRL 303 +#define OBJ_id_it_currentCRL OBJ_id_it,6L + +#define SN_id_it_unsupportedOIDs "id-it-unsupportedOIDs" +#define NID_id_it_unsupportedOIDs 304 +#define OBJ_id_it_unsupportedOIDs OBJ_id_it,7L + +#define SN_id_it_subscriptionRequest "id-it-subscriptionRequest" +#define NID_id_it_subscriptionRequest 305 +#define OBJ_id_it_subscriptionRequest OBJ_id_it,8L + +#define SN_id_it_subscriptionResponse "id-it-subscriptionResponse" +#define NID_id_it_subscriptionResponse 306 +#define OBJ_id_it_subscriptionResponse OBJ_id_it,9L + +#define SN_id_it_keyPairParamReq "id-it-keyPairParamReq" +#define NID_id_it_keyPairParamReq 307 +#define OBJ_id_it_keyPairParamReq OBJ_id_it,10L + +#define SN_id_it_keyPairParamRep "id-it-keyPairParamRep" +#define NID_id_it_keyPairParamRep 308 +#define OBJ_id_it_keyPairParamRep OBJ_id_it,11L + +#define SN_id_it_revPassphrase "id-it-revPassphrase" +#define NID_id_it_revPassphrase 309 +#define OBJ_id_it_revPassphrase OBJ_id_it,12L + +#define SN_id_it_implicitConfirm "id-it-implicitConfirm" +#define NID_id_it_implicitConfirm 310 +#define OBJ_id_it_implicitConfirm OBJ_id_it,13L + +#define SN_id_it_confirmWaitTime "id-it-confirmWaitTime" +#define NID_id_it_confirmWaitTime 311 +#define OBJ_id_it_confirmWaitTime OBJ_id_it,14L + +#define SN_id_it_origPKIMessage "id-it-origPKIMessage" +#define NID_id_it_origPKIMessage 312 +#define OBJ_id_it_origPKIMessage OBJ_id_it,15L + +#define SN_id_it_suppLangTags "id-it-suppLangTags" +#define NID_id_it_suppLangTags 784 +#define OBJ_id_it_suppLangTags OBJ_id_it,16L + +#define SN_id_regCtrl "id-regCtrl" +#define NID_id_regCtrl 313 +#define OBJ_id_regCtrl OBJ_id_pkip,1L + +#define SN_id_regInfo "id-regInfo" +#define NID_id_regInfo 314 +#define OBJ_id_regInfo OBJ_id_pkip,2L + +#define SN_id_regCtrl_regToken "id-regCtrl-regToken" +#define NID_id_regCtrl_regToken 315 +#define OBJ_id_regCtrl_regToken OBJ_id_regCtrl,1L + +#define SN_id_regCtrl_authenticator "id-regCtrl-authenticator" +#define NID_id_regCtrl_authenticator 316 +#define OBJ_id_regCtrl_authenticator OBJ_id_regCtrl,2L + +#define SN_id_regCtrl_pkiPublicationInfo "id-regCtrl-pkiPublicationInfo" +#define NID_id_regCtrl_pkiPublicationInfo 317 +#define OBJ_id_regCtrl_pkiPublicationInfo OBJ_id_regCtrl,3L + +#define SN_id_regCtrl_pkiArchiveOptions "id-regCtrl-pkiArchiveOptions" +#define NID_id_regCtrl_pkiArchiveOptions 318 +#define OBJ_id_regCtrl_pkiArchiveOptions OBJ_id_regCtrl,4L + +#define SN_id_regCtrl_oldCertID "id-regCtrl-oldCertID" +#define NID_id_regCtrl_oldCertID 319 +#define OBJ_id_regCtrl_oldCertID OBJ_id_regCtrl,5L + +#define SN_id_regCtrl_protocolEncrKey "id-regCtrl-protocolEncrKey" +#define NID_id_regCtrl_protocolEncrKey 320 +#define OBJ_id_regCtrl_protocolEncrKey OBJ_id_regCtrl,6L + +#define SN_id_regInfo_utf8Pairs "id-regInfo-utf8Pairs" +#define NID_id_regInfo_utf8Pairs 321 +#define OBJ_id_regInfo_utf8Pairs OBJ_id_regInfo,1L + +#define SN_id_regInfo_certReq "id-regInfo-certReq" +#define NID_id_regInfo_certReq 322 +#define OBJ_id_regInfo_certReq OBJ_id_regInfo,2L + +#define SN_id_alg_des40 "id-alg-des40" +#define NID_id_alg_des40 323 +#define OBJ_id_alg_des40 OBJ_id_alg,1L + +#define SN_id_alg_noSignature "id-alg-noSignature" +#define NID_id_alg_noSignature 324 +#define OBJ_id_alg_noSignature OBJ_id_alg,2L + +#define SN_id_alg_dh_sig_hmac_sha1 "id-alg-dh-sig-hmac-sha1" +#define NID_id_alg_dh_sig_hmac_sha1 325 +#define OBJ_id_alg_dh_sig_hmac_sha1 OBJ_id_alg,3L + +#define SN_id_alg_dh_pop "id-alg-dh-pop" +#define NID_id_alg_dh_pop 326 +#define OBJ_id_alg_dh_pop OBJ_id_alg,4L + +#define SN_id_cmc_statusInfo "id-cmc-statusInfo" +#define NID_id_cmc_statusInfo 327 +#define OBJ_id_cmc_statusInfo OBJ_id_cmc,1L + +#define SN_id_cmc_identification "id-cmc-identification" +#define NID_id_cmc_identification 328 +#define OBJ_id_cmc_identification OBJ_id_cmc,2L + +#define SN_id_cmc_identityProof "id-cmc-identityProof" +#define NID_id_cmc_identityProof 329 +#define OBJ_id_cmc_identityProof OBJ_id_cmc,3L + +#define SN_id_cmc_dataReturn "id-cmc-dataReturn" +#define NID_id_cmc_dataReturn 330 +#define OBJ_id_cmc_dataReturn OBJ_id_cmc,4L + +#define SN_id_cmc_transactionId "id-cmc-transactionId" +#define NID_id_cmc_transactionId 331 +#define OBJ_id_cmc_transactionId OBJ_id_cmc,5L + +#define SN_id_cmc_senderNonce "id-cmc-senderNonce" +#define NID_id_cmc_senderNonce 332 +#define OBJ_id_cmc_senderNonce OBJ_id_cmc,6L + +#define SN_id_cmc_recipientNonce "id-cmc-recipientNonce" +#define NID_id_cmc_recipientNonce 333 +#define OBJ_id_cmc_recipientNonce OBJ_id_cmc,7L + +#define SN_id_cmc_addExtensions "id-cmc-addExtensions" +#define NID_id_cmc_addExtensions 334 +#define OBJ_id_cmc_addExtensions OBJ_id_cmc,8L + +#define SN_id_cmc_encryptedPOP "id-cmc-encryptedPOP" +#define NID_id_cmc_encryptedPOP 335 +#define OBJ_id_cmc_encryptedPOP OBJ_id_cmc,9L + +#define SN_id_cmc_decryptedPOP "id-cmc-decryptedPOP" +#define NID_id_cmc_decryptedPOP 336 +#define OBJ_id_cmc_decryptedPOP OBJ_id_cmc,10L + +#define SN_id_cmc_lraPOPWitness "id-cmc-lraPOPWitness" +#define NID_id_cmc_lraPOPWitness 337 +#define OBJ_id_cmc_lraPOPWitness OBJ_id_cmc,11L + +#define SN_id_cmc_getCert "id-cmc-getCert" +#define NID_id_cmc_getCert 338 +#define OBJ_id_cmc_getCert OBJ_id_cmc,15L + +#define SN_id_cmc_getCRL "id-cmc-getCRL" +#define NID_id_cmc_getCRL 339 +#define OBJ_id_cmc_getCRL OBJ_id_cmc,16L + +#define SN_id_cmc_revokeRequest "id-cmc-revokeRequest" +#define NID_id_cmc_revokeRequest 340 +#define OBJ_id_cmc_revokeRequest OBJ_id_cmc,17L + +#define SN_id_cmc_regInfo "id-cmc-regInfo" +#define NID_id_cmc_regInfo 341 +#define OBJ_id_cmc_regInfo OBJ_id_cmc,18L + +#define SN_id_cmc_responseInfo "id-cmc-responseInfo" +#define NID_id_cmc_responseInfo 342 +#define OBJ_id_cmc_responseInfo OBJ_id_cmc,19L + +#define SN_id_cmc_queryPending "id-cmc-queryPending" +#define NID_id_cmc_queryPending 343 +#define OBJ_id_cmc_queryPending OBJ_id_cmc,21L + +#define SN_id_cmc_popLinkRandom "id-cmc-popLinkRandom" +#define NID_id_cmc_popLinkRandom 344 +#define OBJ_id_cmc_popLinkRandom OBJ_id_cmc,22L + +#define SN_id_cmc_popLinkWitness "id-cmc-popLinkWitness" +#define NID_id_cmc_popLinkWitness 345 +#define OBJ_id_cmc_popLinkWitness OBJ_id_cmc,23L + +#define SN_id_cmc_confirmCertAcceptance "id-cmc-confirmCertAcceptance" +#define NID_id_cmc_confirmCertAcceptance 346 +#define OBJ_id_cmc_confirmCertAcceptance OBJ_id_cmc,24L + +#define SN_id_on_personalData "id-on-personalData" +#define NID_id_on_personalData 347 +#define OBJ_id_on_personalData OBJ_id_on,1L + +#define SN_id_on_permanentIdentifier "id-on-permanentIdentifier" +#define LN_id_on_permanentIdentifier "Permanent Identifier" +#define NID_id_on_permanentIdentifier 858 +#define OBJ_id_on_permanentIdentifier OBJ_id_on,3L + +#define SN_XmppAddr "id-on-xmppAddr" +#define LN_XmppAddr "XmppAddr" +#define NID_XmppAddr 1209 +#define OBJ_XmppAddr OBJ_id_on,5L + +#define SN_SRVName "id-on-dnsSRV" +#define LN_SRVName "SRVName" +#define NID_SRVName 1210 +#define OBJ_SRVName OBJ_id_on,7L + +#define SN_NAIRealm "id-on-NAIRealm" +#define LN_NAIRealm "NAIRealm" +#define NID_NAIRealm 1211 +#define OBJ_NAIRealm OBJ_id_on,8L + +#define SN_id_on_SmtpUTF8Mailbox "id-on-SmtpUTF8Mailbox" +#define LN_id_on_SmtpUTF8Mailbox "Smtp UTF8 Mailbox" +#define NID_id_on_SmtpUTF8Mailbox 1208 +#define OBJ_id_on_SmtpUTF8Mailbox OBJ_id_on,9L + +#define SN_id_pda_dateOfBirth "id-pda-dateOfBirth" +#define NID_id_pda_dateOfBirth 348 +#define OBJ_id_pda_dateOfBirth OBJ_id_pda,1L + +#define SN_id_pda_placeOfBirth "id-pda-placeOfBirth" +#define NID_id_pda_placeOfBirth 349 +#define OBJ_id_pda_placeOfBirth OBJ_id_pda,2L + +#define SN_id_pda_gender "id-pda-gender" +#define NID_id_pda_gender 351 +#define OBJ_id_pda_gender OBJ_id_pda,3L + +#define SN_id_pda_countryOfCitizenship "id-pda-countryOfCitizenship" +#define NID_id_pda_countryOfCitizenship 352 +#define OBJ_id_pda_countryOfCitizenship OBJ_id_pda,4L + +#define SN_id_pda_countryOfResidence "id-pda-countryOfResidence" +#define NID_id_pda_countryOfResidence 353 +#define OBJ_id_pda_countryOfResidence OBJ_id_pda,5L + +#define SN_id_aca_authenticationInfo "id-aca-authenticationInfo" +#define NID_id_aca_authenticationInfo 354 +#define OBJ_id_aca_authenticationInfo OBJ_id_aca,1L + +#define SN_id_aca_accessIdentity "id-aca-accessIdentity" +#define NID_id_aca_accessIdentity 355 +#define OBJ_id_aca_accessIdentity OBJ_id_aca,2L + +#define SN_id_aca_chargingIdentity "id-aca-chargingIdentity" +#define NID_id_aca_chargingIdentity 356 +#define OBJ_id_aca_chargingIdentity OBJ_id_aca,3L + +#define SN_id_aca_group "id-aca-group" +#define NID_id_aca_group 357 +#define OBJ_id_aca_group OBJ_id_aca,4L + +#define SN_id_aca_role "id-aca-role" +#define NID_id_aca_role 358 +#define OBJ_id_aca_role OBJ_id_aca,5L + +#define SN_id_aca_encAttrs "id-aca-encAttrs" +#define NID_id_aca_encAttrs 399 +#define OBJ_id_aca_encAttrs OBJ_id_aca,6L + +#define SN_id_qcs_pkixQCSyntax_v1 "id-qcs-pkixQCSyntax-v1" +#define NID_id_qcs_pkixQCSyntax_v1 359 +#define OBJ_id_qcs_pkixQCSyntax_v1 OBJ_id_qcs,1L + +#define SN_id_cct_crs "id-cct-crs" +#define NID_id_cct_crs 360 +#define OBJ_id_cct_crs OBJ_id_cct,1L + +#define SN_id_cct_PKIData "id-cct-PKIData" +#define NID_id_cct_PKIData 361 +#define OBJ_id_cct_PKIData OBJ_id_cct,2L + +#define SN_id_cct_PKIResponse "id-cct-PKIResponse" +#define NID_id_cct_PKIResponse 362 +#define OBJ_id_cct_PKIResponse OBJ_id_cct,3L + +#define SN_id_ppl_anyLanguage "id-ppl-anyLanguage" +#define LN_id_ppl_anyLanguage "Any language" +#define NID_id_ppl_anyLanguage 664 +#define OBJ_id_ppl_anyLanguage OBJ_id_ppl,0L + +#define SN_id_ppl_inheritAll "id-ppl-inheritAll" +#define LN_id_ppl_inheritAll "Inherit all" +#define NID_id_ppl_inheritAll 665 +#define OBJ_id_ppl_inheritAll OBJ_id_ppl,1L + +#define SN_Independent "id-ppl-independent" +#define LN_Independent "Independent" +#define NID_Independent 667 +#define OBJ_Independent OBJ_id_ppl,2L + +#define SN_ad_OCSP "OCSP" +#define LN_ad_OCSP "OCSP" +#define NID_ad_OCSP 178 +#define OBJ_ad_OCSP OBJ_id_ad,1L + +#define SN_ad_ca_issuers "caIssuers" +#define LN_ad_ca_issuers "CA Issuers" +#define NID_ad_ca_issuers 179 +#define OBJ_ad_ca_issuers OBJ_id_ad,2L + +#define SN_ad_timeStamping "ad_timestamping" +#define LN_ad_timeStamping "AD Time Stamping" +#define NID_ad_timeStamping 363 +#define OBJ_ad_timeStamping OBJ_id_ad,3L + +#define SN_ad_dvcs "AD_DVCS" +#define LN_ad_dvcs "ad dvcs" +#define NID_ad_dvcs 364 +#define OBJ_ad_dvcs OBJ_id_ad,4L + +#define SN_caRepository "caRepository" +#define LN_caRepository "CA Repository" +#define NID_caRepository 785 +#define OBJ_caRepository OBJ_id_ad,5L + +#define OBJ_id_pkix_OCSP OBJ_ad_OCSP + +#define SN_id_pkix_OCSP_basic "basicOCSPResponse" +#define LN_id_pkix_OCSP_basic "Basic OCSP Response" +#define NID_id_pkix_OCSP_basic 365 +#define OBJ_id_pkix_OCSP_basic OBJ_id_pkix_OCSP,1L + +#define SN_id_pkix_OCSP_Nonce "Nonce" +#define LN_id_pkix_OCSP_Nonce "OCSP Nonce" +#define NID_id_pkix_OCSP_Nonce 366 +#define OBJ_id_pkix_OCSP_Nonce OBJ_id_pkix_OCSP,2L + +#define SN_id_pkix_OCSP_CrlID "CrlID" +#define LN_id_pkix_OCSP_CrlID "OCSP CRL ID" +#define NID_id_pkix_OCSP_CrlID 367 +#define OBJ_id_pkix_OCSP_CrlID OBJ_id_pkix_OCSP,3L + +#define SN_id_pkix_OCSP_acceptableResponses "acceptableResponses" +#define LN_id_pkix_OCSP_acceptableResponses "Acceptable OCSP Responses" +#define NID_id_pkix_OCSP_acceptableResponses 368 +#define OBJ_id_pkix_OCSP_acceptableResponses OBJ_id_pkix_OCSP,4L + +#define SN_id_pkix_OCSP_noCheck "noCheck" +#define LN_id_pkix_OCSP_noCheck "OCSP No Check" +#define NID_id_pkix_OCSP_noCheck 369 +#define OBJ_id_pkix_OCSP_noCheck OBJ_id_pkix_OCSP,5L + +#define SN_id_pkix_OCSP_archiveCutoff "archiveCutoff" +#define LN_id_pkix_OCSP_archiveCutoff "OCSP Archive Cutoff" +#define NID_id_pkix_OCSP_archiveCutoff 370 +#define OBJ_id_pkix_OCSP_archiveCutoff OBJ_id_pkix_OCSP,6L + +#define SN_id_pkix_OCSP_serviceLocator "serviceLocator" +#define LN_id_pkix_OCSP_serviceLocator "OCSP Service Locator" +#define NID_id_pkix_OCSP_serviceLocator 371 +#define OBJ_id_pkix_OCSP_serviceLocator OBJ_id_pkix_OCSP,7L + +#define SN_id_pkix_OCSP_extendedStatus "extendedStatus" +#define LN_id_pkix_OCSP_extendedStatus "Extended OCSP Status" +#define NID_id_pkix_OCSP_extendedStatus 372 +#define OBJ_id_pkix_OCSP_extendedStatus OBJ_id_pkix_OCSP,8L + +#define SN_id_pkix_OCSP_valid "valid" +#define NID_id_pkix_OCSP_valid 373 +#define OBJ_id_pkix_OCSP_valid OBJ_id_pkix_OCSP,9L + +#define SN_id_pkix_OCSP_path "path" +#define NID_id_pkix_OCSP_path 374 +#define OBJ_id_pkix_OCSP_path OBJ_id_pkix_OCSP,10L + +#define SN_id_pkix_OCSP_trustRoot "trustRoot" +#define LN_id_pkix_OCSP_trustRoot "Trust Root" +#define NID_id_pkix_OCSP_trustRoot 375 +#define OBJ_id_pkix_OCSP_trustRoot OBJ_id_pkix_OCSP,11L + +#define SN_algorithm "algorithm" +#define LN_algorithm "algorithm" +#define NID_algorithm 376 +#define OBJ_algorithm 1L,3L,14L,3L,2L + +#define SN_md5WithRSA "RSA-NP-MD5" +#define LN_md5WithRSA "md5WithRSA" +#define NID_md5WithRSA 104 +#define OBJ_md5WithRSA OBJ_algorithm,3L + +#define SN_des_ecb "DES-ECB" +#define LN_des_ecb "des-ecb" +#define NID_des_ecb 29 +#define OBJ_des_ecb OBJ_algorithm,6L + +#define SN_des_cbc "DES-CBC" +#define LN_des_cbc "des-cbc" +#define NID_des_cbc 31 +#define OBJ_des_cbc OBJ_algorithm,7L + +#define SN_des_ofb64 "DES-OFB" +#define LN_des_ofb64 "des-ofb" +#define NID_des_ofb64 45 +#define OBJ_des_ofb64 OBJ_algorithm,8L + +#define SN_des_cfb64 "DES-CFB" +#define LN_des_cfb64 "des-cfb" +#define NID_des_cfb64 30 +#define OBJ_des_cfb64 OBJ_algorithm,9L + +#define SN_rsaSignature "rsaSignature" +#define NID_rsaSignature 377 +#define OBJ_rsaSignature OBJ_algorithm,11L + +#define SN_dsa_2 "DSA-old" +#define LN_dsa_2 "dsaEncryption-old" +#define NID_dsa_2 67 +#define OBJ_dsa_2 OBJ_algorithm,12L + +#define SN_dsaWithSHA "DSA-SHA" +#define LN_dsaWithSHA "dsaWithSHA" +#define NID_dsaWithSHA 66 +#define OBJ_dsaWithSHA OBJ_algorithm,13L + +#define SN_shaWithRSAEncryption "RSA-SHA" +#define LN_shaWithRSAEncryption "shaWithRSAEncryption" +#define NID_shaWithRSAEncryption 42 +#define OBJ_shaWithRSAEncryption OBJ_algorithm,15L + +#define SN_des_ede_ecb "DES-EDE" +#define LN_des_ede_ecb "des-ede" +#define NID_des_ede_ecb 32 +#define OBJ_des_ede_ecb OBJ_algorithm,17L + +#define SN_des_ede3_ecb "DES-EDE3" +#define LN_des_ede3_ecb "des-ede3" +#define NID_des_ede3_ecb 33 + +#define SN_des_ede_cbc "DES-EDE-CBC" +#define LN_des_ede_cbc "des-ede-cbc" +#define NID_des_ede_cbc 43 + +#define SN_des_ede_cfb64 "DES-EDE-CFB" +#define LN_des_ede_cfb64 "des-ede-cfb" +#define NID_des_ede_cfb64 60 + +#define SN_des_ede3_cfb64 "DES-EDE3-CFB" +#define LN_des_ede3_cfb64 "des-ede3-cfb" +#define NID_des_ede3_cfb64 61 + +#define SN_des_ede_ofb64 "DES-EDE-OFB" +#define LN_des_ede_ofb64 "des-ede-ofb" +#define NID_des_ede_ofb64 62 + +#define SN_des_ede3_ofb64 "DES-EDE3-OFB" +#define LN_des_ede3_ofb64 "des-ede3-ofb" +#define NID_des_ede3_ofb64 63 + +#define SN_desx_cbc "DESX-CBC" +#define LN_desx_cbc "desx-cbc" +#define NID_desx_cbc 80 + +#define SN_sha "SHA" +#define LN_sha "sha" +#define NID_sha 41 +#define OBJ_sha OBJ_algorithm,18L + +#define SN_sha1 "SHA1" +#define LN_sha1 "sha1" +#define NID_sha1 64 +#define OBJ_sha1 OBJ_algorithm,26L + +#define SN_dsaWithSHA1_2 "DSA-SHA1-old" +#define LN_dsaWithSHA1_2 "dsaWithSHA1-old" +#define NID_dsaWithSHA1_2 70 +#define OBJ_dsaWithSHA1_2 OBJ_algorithm,27L + +#define SN_sha1WithRSA "RSA-SHA1-2" +#define LN_sha1WithRSA "sha1WithRSA" +#define NID_sha1WithRSA 115 +#define OBJ_sha1WithRSA OBJ_algorithm,29L + +#define SN_ripemd160 "RIPEMD160" +#define LN_ripemd160 "ripemd160" +#define NID_ripemd160 117 +#define OBJ_ripemd160 1L,3L,36L,3L,2L,1L + +#define SN_ripemd160WithRSA "RSA-RIPEMD160" +#define LN_ripemd160WithRSA "ripemd160WithRSA" +#define NID_ripemd160WithRSA 119 +#define OBJ_ripemd160WithRSA 1L,3L,36L,3L,3L,1L,2L + +#define SN_blake2bmac "BLAKE2BMAC" +#define LN_blake2bmac "blake2bmac" +#define NID_blake2bmac 1201 +#define OBJ_blake2bmac 1L,3L,6L,1L,4L,1L,1722L,12L,2L,1L + +#define SN_blake2smac "BLAKE2SMAC" +#define LN_blake2smac "blake2smac" +#define NID_blake2smac 1202 +#define OBJ_blake2smac 1L,3L,6L,1L,4L,1L,1722L,12L,2L,2L + +#define SN_blake2b512 "BLAKE2b512" +#define LN_blake2b512 "blake2b512" +#define NID_blake2b512 1056 +#define OBJ_blake2b512 OBJ_blake2bmac,16L + +#define SN_blake2s256 "BLAKE2s256" +#define LN_blake2s256 "blake2s256" +#define NID_blake2s256 1057 +#define OBJ_blake2s256 OBJ_blake2smac,8L + +#define SN_sxnet "SXNetID" +#define LN_sxnet "Strong Extranet ID" +#define NID_sxnet 143 +#define OBJ_sxnet 1L,3L,101L,1L,4L,1L + +#define SN_X500 "X500" +#define LN_X500 "directory services (X.500)" +#define NID_X500 11 +#define OBJ_X500 2L,5L + +#define SN_X509 "X509" +#define NID_X509 12 +#define OBJ_X509 OBJ_X500,4L + +#define SN_commonName "CN" +#define LN_commonName "commonName" +#define NID_commonName 13 +#define OBJ_commonName OBJ_X509,3L + +#define SN_surname "SN" +#define LN_surname "surname" +#define NID_surname 100 +#define OBJ_surname OBJ_X509,4L + +#define LN_serialNumber "serialNumber" +#define NID_serialNumber 105 +#define OBJ_serialNumber OBJ_X509,5L + +#define SN_countryName "C" +#define LN_countryName "countryName" +#define NID_countryName 14 +#define OBJ_countryName OBJ_X509,6L + +#define SN_localityName "L" +#define LN_localityName "localityName" +#define NID_localityName 15 +#define OBJ_localityName OBJ_X509,7L + +#define SN_stateOrProvinceName "ST" +#define LN_stateOrProvinceName "stateOrProvinceName" +#define NID_stateOrProvinceName 16 +#define OBJ_stateOrProvinceName OBJ_X509,8L + +#define SN_streetAddress "street" +#define LN_streetAddress "streetAddress" +#define NID_streetAddress 660 +#define OBJ_streetAddress OBJ_X509,9L + +#define SN_organizationName "O" +#define LN_organizationName "organizationName" +#define NID_organizationName 17 +#define OBJ_organizationName OBJ_X509,10L + +#define SN_organizationalUnitName "OU" +#define LN_organizationalUnitName "organizationalUnitName" +#define NID_organizationalUnitName 18 +#define OBJ_organizationalUnitName OBJ_X509,11L + +#define SN_title "title" +#define LN_title "title" +#define NID_title 106 +#define OBJ_title OBJ_X509,12L + +#define LN_description "description" +#define NID_description 107 +#define OBJ_description OBJ_X509,13L + +#define LN_searchGuide "searchGuide" +#define NID_searchGuide 859 +#define OBJ_searchGuide OBJ_X509,14L + +#define LN_businessCategory "businessCategory" +#define NID_businessCategory 860 +#define OBJ_businessCategory OBJ_X509,15L + +#define LN_postalAddress "postalAddress" +#define NID_postalAddress 861 +#define OBJ_postalAddress OBJ_X509,16L + +#define LN_postalCode "postalCode" +#define NID_postalCode 661 +#define OBJ_postalCode OBJ_X509,17L + +#define LN_postOfficeBox "postOfficeBox" +#define NID_postOfficeBox 862 +#define OBJ_postOfficeBox OBJ_X509,18L + +#define LN_physicalDeliveryOfficeName "physicalDeliveryOfficeName" +#define NID_physicalDeliveryOfficeName 863 +#define OBJ_physicalDeliveryOfficeName OBJ_X509,19L + +#define LN_telephoneNumber "telephoneNumber" +#define NID_telephoneNumber 864 +#define OBJ_telephoneNumber OBJ_X509,20L + +#define LN_telexNumber "telexNumber" +#define NID_telexNumber 865 +#define OBJ_telexNumber OBJ_X509,21L + +#define LN_teletexTerminalIdentifier "teletexTerminalIdentifier" +#define NID_teletexTerminalIdentifier 866 +#define OBJ_teletexTerminalIdentifier OBJ_X509,22L + +#define LN_facsimileTelephoneNumber "facsimileTelephoneNumber" +#define NID_facsimileTelephoneNumber 867 +#define OBJ_facsimileTelephoneNumber OBJ_X509,23L + +#define LN_x121Address "x121Address" +#define NID_x121Address 868 +#define OBJ_x121Address OBJ_X509,24L + +#define LN_internationaliSDNNumber "internationaliSDNNumber" +#define NID_internationaliSDNNumber 869 +#define OBJ_internationaliSDNNumber OBJ_X509,25L + +#define LN_registeredAddress "registeredAddress" +#define NID_registeredAddress 870 +#define OBJ_registeredAddress OBJ_X509,26L + +#define LN_destinationIndicator "destinationIndicator" +#define NID_destinationIndicator 871 +#define OBJ_destinationIndicator OBJ_X509,27L + +#define LN_preferredDeliveryMethod "preferredDeliveryMethod" +#define NID_preferredDeliveryMethod 872 +#define OBJ_preferredDeliveryMethod OBJ_X509,28L + +#define LN_presentationAddress "presentationAddress" +#define NID_presentationAddress 873 +#define OBJ_presentationAddress OBJ_X509,29L + +#define LN_supportedApplicationContext "supportedApplicationContext" +#define NID_supportedApplicationContext 874 +#define OBJ_supportedApplicationContext OBJ_X509,30L + +#define SN_member "member" +#define NID_member 875 +#define OBJ_member OBJ_X509,31L + +#define SN_owner "owner" +#define NID_owner 876 +#define OBJ_owner OBJ_X509,32L + +#define LN_roleOccupant "roleOccupant" +#define NID_roleOccupant 877 +#define OBJ_roleOccupant OBJ_X509,33L + +#define SN_seeAlso "seeAlso" +#define NID_seeAlso 878 +#define OBJ_seeAlso OBJ_X509,34L + +#define LN_userPassword "userPassword" +#define NID_userPassword 879 +#define OBJ_userPassword OBJ_X509,35L + +#define LN_userCertificate "userCertificate" +#define NID_userCertificate 880 +#define OBJ_userCertificate OBJ_X509,36L + +#define LN_cACertificate "cACertificate" +#define NID_cACertificate 881 +#define OBJ_cACertificate OBJ_X509,37L + +#define LN_authorityRevocationList "authorityRevocationList" +#define NID_authorityRevocationList 882 +#define OBJ_authorityRevocationList OBJ_X509,38L + +#define LN_certificateRevocationList "certificateRevocationList" +#define NID_certificateRevocationList 883 +#define OBJ_certificateRevocationList OBJ_X509,39L + +#define LN_crossCertificatePair "crossCertificatePair" +#define NID_crossCertificatePair 884 +#define OBJ_crossCertificatePair OBJ_X509,40L + +#define SN_name "name" +#define LN_name "name" +#define NID_name 173 +#define OBJ_name OBJ_X509,41L + +#define SN_givenName "GN" +#define LN_givenName "givenName" +#define NID_givenName 99 +#define OBJ_givenName OBJ_X509,42L + +#define SN_initials "initials" +#define LN_initials "initials" +#define NID_initials 101 +#define OBJ_initials OBJ_X509,43L + +#define LN_generationQualifier "generationQualifier" +#define NID_generationQualifier 509 +#define OBJ_generationQualifier OBJ_X509,44L + +#define LN_x500UniqueIdentifier "x500UniqueIdentifier" +#define NID_x500UniqueIdentifier 503 +#define OBJ_x500UniqueIdentifier OBJ_X509,45L + +#define SN_dnQualifier "dnQualifier" +#define LN_dnQualifier "dnQualifier" +#define NID_dnQualifier 174 +#define OBJ_dnQualifier OBJ_X509,46L + +#define LN_enhancedSearchGuide "enhancedSearchGuide" +#define NID_enhancedSearchGuide 885 +#define OBJ_enhancedSearchGuide OBJ_X509,47L + +#define LN_protocolInformation "protocolInformation" +#define NID_protocolInformation 886 +#define OBJ_protocolInformation OBJ_X509,48L + +#define LN_distinguishedName "distinguishedName" +#define NID_distinguishedName 887 +#define OBJ_distinguishedName OBJ_X509,49L + +#define LN_uniqueMember "uniqueMember" +#define NID_uniqueMember 888 +#define OBJ_uniqueMember OBJ_X509,50L + +#define LN_houseIdentifier "houseIdentifier" +#define NID_houseIdentifier 889 +#define OBJ_houseIdentifier OBJ_X509,51L + +#define LN_supportedAlgorithms "supportedAlgorithms" +#define NID_supportedAlgorithms 890 +#define OBJ_supportedAlgorithms OBJ_X509,52L + +#define LN_deltaRevocationList "deltaRevocationList" +#define NID_deltaRevocationList 891 +#define OBJ_deltaRevocationList OBJ_X509,53L + +#define SN_dmdName "dmdName" +#define NID_dmdName 892 +#define OBJ_dmdName OBJ_X509,54L + +#define LN_pseudonym "pseudonym" +#define NID_pseudonym 510 +#define OBJ_pseudonym OBJ_X509,65L + +#define SN_role "role" +#define LN_role "role" +#define NID_role 400 +#define OBJ_role OBJ_X509,72L + +#define LN_organizationIdentifier "organizationIdentifier" +#define NID_organizationIdentifier 1089 +#define OBJ_organizationIdentifier OBJ_X509,97L + +#define SN_countryCode3c "c3" +#define LN_countryCode3c "countryCode3c" +#define NID_countryCode3c 1090 +#define OBJ_countryCode3c OBJ_X509,98L + +#define SN_countryCode3n "n3" +#define LN_countryCode3n "countryCode3n" +#define NID_countryCode3n 1091 +#define OBJ_countryCode3n OBJ_X509,99L + +#define LN_dnsName "dnsName" +#define NID_dnsName 1092 +#define OBJ_dnsName OBJ_X509,100L + +#define SN_X500algorithms "X500algorithms" +#define LN_X500algorithms "directory services - algorithms" +#define NID_X500algorithms 378 +#define OBJ_X500algorithms OBJ_X500,8L + +#define SN_rsa "RSA" +#define LN_rsa "rsa" +#define NID_rsa 19 +#define OBJ_rsa OBJ_X500algorithms,1L,1L + +#define SN_mdc2WithRSA "RSA-MDC2" +#define LN_mdc2WithRSA "mdc2WithRSA" +#define NID_mdc2WithRSA 96 +#define OBJ_mdc2WithRSA OBJ_X500algorithms,3L,100L + +#define SN_mdc2 "MDC2" +#define LN_mdc2 "mdc2" +#define NID_mdc2 95 +#define OBJ_mdc2 OBJ_X500algorithms,3L,101L + +#define SN_id_ce "id-ce" +#define NID_id_ce 81 +#define OBJ_id_ce OBJ_X500,29L + +#define SN_subject_directory_attributes "subjectDirectoryAttributes" +#define LN_subject_directory_attributes "X509v3 Subject Directory Attributes" +#define NID_subject_directory_attributes 769 +#define OBJ_subject_directory_attributes OBJ_id_ce,9L + +#define SN_subject_key_identifier "subjectKeyIdentifier" +#define LN_subject_key_identifier "X509v3 Subject Key Identifier" +#define NID_subject_key_identifier 82 +#define OBJ_subject_key_identifier OBJ_id_ce,14L + +#define SN_key_usage "keyUsage" +#define LN_key_usage "X509v3 Key Usage" +#define NID_key_usage 83 +#define OBJ_key_usage OBJ_id_ce,15L + +#define SN_private_key_usage_period "privateKeyUsagePeriod" +#define LN_private_key_usage_period "X509v3 Private Key Usage Period" +#define NID_private_key_usage_period 84 +#define OBJ_private_key_usage_period OBJ_id_ce,16L + +#define SN_subject_alt_name "subjectAltName" +#define LN_subject_alt_name "X509v3 Subject Alternative Name" +#define NID_subject_alt_name 85 +#define OBJ_subject_alt_name OBJ_id_ce,17L + +#define SN_issuer_alt_name "issuerAltName" +#define LN_issuer_alt_name "X509v3 Issuer Alternative Name" +#define NID_issuer_alt_name 86 +#define OBJ_issuer_alt_name OBJ_id_ce,18L + +#define SN_basic_constraints "basicConstraints" +#define LN_basic_constraints "X509v3 Basic Constraints" +#define NID_basic_constraints 87 +#define OBJ_basic_constraints OBJ_id_ce,19L + +#define SN_crl_number "crlNumber" +#define LN_crl_number "X509v3 CRL Number" +#define NID_crl_number 88 +#define OBJ_crl_number OBJ_id_ce,20L + +#define SN_crl_reason "CRLReason" +#define LN_crl_reason "X509v3 CRL Reason Code" +#define NID_crl_reason 141 +#define OBJ_crl_reason OBJ_id_ce,21L + +#define SN_invalidity_date "invalidityDate" +#define LN_invalidity_date "Invalidity Date" +#define NID_invalidity_date 142 +#define OBJ_invalidity_date OBJ_id_ce,24L + +#define SN_delta_crl "deltaCRL" +#define LN_delta_crl "X509v3 Delta CRL Indicator" +#define NID_delta_crl 140 +#define OBJ_delta_crl OBJ_id_ce,27L + +#define SN_issuing_distribution_point "issuingDistributionPoint" +#define LN_issuing_distribution_point "X509v3 Issuing Distribution Point" +#define NID_issuing_distribution_point 770 +#define OBJ_issuing_distribution_point OBJ_id_ce,28L + +#define SN_certificate_issuer "certificateIssuer" +#define LN_certificate_issuer "X509v3 Certificate Issuer" +#define NID_certificate_issuer 771 +#define OBJ_certificate_issuer OBJ_id_ce,29L + +#define SN_name_constraints "nameConstraints" +#define LN_name_constraints "X509v3 Name Constraints" +#define NID_name_constraints 666 +#define OBJ_name_constraints OBJ_id_ce,30L + +#define SN_crl_distribution_points "crlDistributionPoints" +#define LN_crl_distribution_points "X509v3 CRL Distribution Points" +#define NID_crl_distribution_points 103 +#define OBJ_crl_distribution_points OBJ_id_ce,31L + +#define SN_certificate_policies "certificatePolicies" +#define LN_certificate_policies "X509v3 Certificate Policies" +#define NID_certificate_policies 89 +#define OBJ_certificate_policies OBJ_id_ce,32L + +#define SN_any_policy "anyPolicy" +#define LN_any_policy "X509v3 Any Policy" +#define NID_any_policy 746 +#define OBJ_any_policy OBJ_certificate_policies,0L + +#define SN_policy_mappings "policyMappings" +#define LN_policy_mappings "X509v3 Policy Mappings" +#define NID_policy_mappings 747 +#define OBJ_policy_mappings OBJ_id_ce,33L + +#define SN_authority_key_identifier "authorityKeyIdentifier" +#define LN_authority_key_identifier "X509v3 Authority Key Identifier" +#define NID_authority_key_identifier 90 +#define OBJ_authority_key_identifier OBJ_id_ce,35L + +#define SN_policy_constraints "policyConstraints" +#define LN_policy_constraints "X509v3 Policy Constraints" +#define NID_policy_constraints 401 +#define OBJ_policy_constraints OBJ_id_ce,36L + +#define SN_ext_key_usage "extendedKeyUsage" +#define LN_ext_key_usage "X509v3 Extended Key Usage" +#define NID_ext_key_usage 126 +#define OBJ_ext_key_usage OBJ_id_ce,37L + +#define SN_freshest_crl "freshestCRL" +#define LN_freshest_crl "X509v3 Freshest CRL" +#define NID_freshest_crl 857 +#define OBJ_freshest_crl OBJ_id_ce,46L + +#define SN_inhibit_any_policy "inhibitAnyPolicy" +#define LN_inhibit_any_policy "X509v3 Inhibit Any Policy" +#define NID_inhibit_any_policy 748 +#define OBJ_inhibit_any_policy OBJ_id_ce,54L + +#define SN_target_information "targetInformation" +#define LN_target_information "X509v3 AC Targeting" +#define NID_target_information 402 +#define OBJ_target_information OBJ_id_ce,55L + +#define SN_no_rev_avail "noRevAvail" +#define LN_no_rev_avail "X509v3 No Revocation Available" +#define NID_no_rev_avail 403 +#define OBJ_no_rev_avail OBJ_id_ce,56L + +#define SN_anyExtendedKeyUsage "anyExtendedKeyUsage" +#define LN_anyExtendedKeyUsage "Any Extended Key Usage" +#define NID_anyExtendedKeyUsage 910 +#define OBJ_anyExtendedKeyUsage OBJ_ext_key_usage,0L + +#define SN_netscape "Netscape" +#define LN_netscape "Netscape Communications Corp." +#define NID_netscape 57 +#define OBJ_netscape 2L,16L,840L,1L,113730L + +#define SN_netscape_cert_extension "nsCertExt" +#define LN_netscape_cert_extension "Netscape Certificate Extension" +#define NID_netscape_cert_extension 58 +#define OBJ_netscape_cert_extension OBJ_netscape,1L + +#define SN_netscape_data_type "nsDataType" +#define LN_netscape_data_type "Netscape Data Type" +#define NID_netscape_data_type 59 +#define OBJ_netscape_data_type OBJ_netscape,2L + +#define SN_netscape_cert_type "nsCertType" +#define LN_netscape_cert_type "Netscape Cert Type" +#define NID_netscape_cert_type 71 +#define OBJ_netscape_cert_type OBJ_netscape_cert_extension,1L + +#define SN_netscape_base_url "nsBaseUrl" +#define LN_netscape_base_url "Netscape Base Url" +#define NID_netscape_base_url 72 +#define OBJ_netscape_base_url OBJ_netscape_cert_extension,2L + +#define SN_netscape_revocation_url "nsRevocationUrl" +#define LN_netscape_revocation_url "Netscape Revocation Url" +#define NID_netscape_revocation_url 73 +#define OBJ_netscape_revocation_url OBJ_netscape_cert_extension,3L + +#define SN_netscape_ca_revocation_url "nsCaRevocationUrl" +#define LN_netscape_ca_revocation_url "Netscape CA Revocation Url" +#define NID_netscape_ca_revocation_url 74 +#define OBJ_netscape_ca_revocation_url OBJ_netscape_cert_extension,4L + +#define SN_netscape_renewal_url "nsRenewalUrl" +#define LN_netscape_renewal_url "Netscape Renewal Url" +#define NID_netscape_renewal_url 75 +#define OBJ_netscape_renewal_url OBJ_netscape_cert_extension,7L + +#define SN_netscape_ca_policy_url "nsCaPolicyUrl" +#define LN_netscape_ca_policy_url "Netscape CA Policy Url" +#define NID_netscape_ca_policy_url 76 +#define OBJ_netscape_ca_policy_url OBJ_netscape_cert_extension,8L + +#define SN_netscape_ssl_server_name "nsSslServerName" +#define LN_netscape_ssl_server_name "Netscape SSL Server Name" +#define NID_netscape_ssl_server_name 77 +#define OBJ_netscape_ssl_server_name OBJ_netscape_cert_extension,12L + +#define SN_netscape_comment "nsComment" +#define LN_netscape_comment "Netscape Comment" +#define NID_netscape_comment 78 +#define OBJ_netscape_comment OBJ_netscape_cert_extension,13L + +#define SN_netscape_cert_sequence "nsCertSequence" +#define LN_netscape_cert_sequence "Netscape Certificate Sequence" +#define NID_netscape_cert_sequence 79 +#define OBJ_netscape_cert_sequence OBJ_netscape_data_type,5L + +#define SN_ns_sgc "nsSGC" +#define LN_ns_sgc "Netscape Server Gated Crypto" +#define NID_ns_sgc 139 +#define OBJ_ns_sgc OBJ_netscape,4L,1L + +#define SN_org "ORG" +#define LN_org "org" +#define NID_org 379 +#define OBJ_org OBJ_iso,3L + +#define SN_dod "DOD" +#define LN_dod "dod" +#define NID_dod 380 +#define OBJ_dod OBJ_org,6L + +#define SN_iana "IANA" +#define LN_iana "iana" +#define NID_iana 381 +#define OBJ_iana OBJ_dod,1L + +#define OBJ_internet OBJ_iana + +#define SN_Directory "directory" +#define LN_Directory "Directory" +#define NID_Directory 382 +#define OBJ_Directory OBJ_internet,1L + +#define SN_Management "mgmt" +#define LN_Management "Management" +#define NID_Management 383 +#define OBJ_Management OBJ_internet,2L + +#define SN_Experimental "experimental" +#define LN_Experimental "Experimental" +#define NID_Experimental 384 +#define OBJ_Experimental OBJ_internet,3L + +#define SN_Private "private" +#define LN_Private "Private" +#define NID_Private 385 +#define OBJ_Private OBJ_internet,4L + +#define SN_Security "security" +#define LN_Security "Security" +#define NID_Security 386 +#define OBJ_Security OBJ_internet,5L + +#define SN_SNMPv2 "snmpv2" +#define LN_SNMPv2 "SNMPv2" +#define NID_SNMPv2 387 +#define OBJ_SNMPv2 OBJ_internet,6L + +#define LN_Mail "Mail" +#define NID_Mail 388 +#define OBJ_Mail OBJ_internet,7L + +#define SN_Enterprises "enterprises" +#define LN_Enterprises "Enterprises" +#define NID_Enterprises 389 +#define OBJ_Enterprises OBJ_Private,1L + +#define SN_dcObject "dcobject" +#define LN_dcObject "dcObject" +#define NID_dcObject 390 +#define OBJ_dcObject OBJ_Enterprises,1466L,344L + +#define SN_mime_mhs "mime-mhs" +#define LN_mime_mhs "MIME MHS" +#define NID_mime_mhs 504 +#define OBJ_mime_mhs OBJ_Mail,1L + +#define SN_mime_mhs_headings "mime-mhs-headings" +#define LN_mime_mhs_headings "mime-mhs-headings" +#define NID_mime_mhs_headings 505 +#define OBJ_mime_mhs_headings OBJ_mime_mhs,1L + +#define SN_mime_mhs_bodies "mime-mhs-bodies" +#define LN_mime_mhs_bodies "mime-mhs-bodies" +#define NID_mime_mhs_bodies 506 +#define OBJ_mime_mhs_bodies OBJ_mime_mhs,2L + +#define SN_id_hex_partial_message "id-hex-partial-message" +#define LN_id_hex_partial_message "id-hex-partial-message" +#define NID_id_hex_partial_message 507 +#define OBJ_id_hex_partial_message OBJ_mime_mhs_headings,1L + +#define SN_id_hex_multipart_message "id-hex-multipart-message" +#define LN_id_hex_multipart_message "id-hex-multipart-message" +#define NID_id_hex_multipart_message 508 +#define OBJ_id_hex_multipart_message OBJ_mime_mhs_headings,2L + +#define SN_zlib_compression "ZLIB" +#define LN_zlib_compression "zlib compression" +#define NID_zlib_compression 125 +#define OBJ_zlib_compression OBJ_id_smime_alg,8L + +#define OBJ_csor 2L,16L,840L,1L,101L,3L + +#define OBJ_nistAlgorithms OBJ_csor,4L + +#define OBJ_aes OBJ_nistAlgorithms,1L + +#define SN_aes_128_ecb "AES-128-ECB" +#define LN_aes_128_ecb "aes-128-ecb" +#define NID_aes_128_ecb 418 +#define OBJ_aes_128_ecb OBJ_aes,1L + +#define SN_aes_128_cbc "AES-128-CBC" +#define LN_aes_128_cbc "aes-128-cbc" +#define NID_aes_128_cbc 419 +#define OBJ_aes_128_cbc OBJ_aes,2L + +#define SN_aes_128_ofb128 "AES-128-OFB" +#define LN_aes_128_ofb128 "aes-128-ofb" +#define NID_aes_128_ofb128 420 +#define OBJ_aes_128_ofb128 OBJ_aes,3L + +#define SN_aes_128_cfb128 "AES-128-CFB" +#define LN_aes_128_cfb128 "aes-128-cfb" +#define NID_aes_128_cfb128 421 +#define OBJ_aes_128_cfb128 OBJ_aes,4L + +#define SN_id_aes128_wrap "id-aes128-wrap" +#define NID_id_aes128_wrap 788 +#define OBJ_id_aes128_wrap OBJ_aes,5L + +#define SN_aes_128_gcm "id-aes128-GCM" +#define LN_aes_128_gcm "aes-128-gcm" +#define NID_aes_128_gcm 895 +#define OBJ_aes_128_gcm OBJ_aes,6L + +#define SN_aes_128_ccm "id-aes128-CCM" +#define LN_aes_128_ccm "aes-128-ccm" +#define NID_aes_128_ccm 896 +#define OBJ_aes_128_ccm OBJ_aes,7L + +#define SN_id_aes128_wrap_pad "id-aes128-wrap-pad" +#define NID_id_aes128_wrap_pad 897 +#define OBJ_id_aes128_wrap_pad OBJ_aes,8L + +#define SN_aes_192_ecb "AES-192-ECB" +#define LN_aes_192_ecb "aes-192-ecb" +#define NID_aes_192_ecb 422 +#define OBJ_aes_192_ecb OBJ_aes,21L + +#define SN_aes_192_cbc "AES-192-CBC" +#define LN_aes_192_cbc "aes-192-cbc" +#define NID_aes_192_cbc 423 +#define OBJ_aes_192_cbc OBJ_aes,22L + +#define SN_aes_192_ofb128 "AES-192-OFB" +#define LN_aes_192_ofb128 "aes-192-ofb" +#define NID_aes_192_ofb128 424 +#define OBJ_aes_192_ofb128 OBJ_aes,23L + +#define SN_aes_192_cfb128 "AES-192-CFB" +#define LN_aes_192_cfb128 "aes-192-cfb" +#define NID_aes_192_cfb128 425 +#define OBJ_aes_192_cfb128 OBJ_aes,24L + +#define SN_id_aes192_wrap "id-aes192-wrap" +#define NID_id_aes192_wrap 789 +#define OBJ_id_aes192_wrap OBJ_aes,25L + +#define SN_aes_192_gcm "id-aes192-GCM" +#define LN_aes_192_gcm "aes-192-gcm" +#define NID_aes_192_gcm 898 +#define OBJ_aes_192_gcm OBJ_aes,26L + +#define SN_aes_192_ccm "id-aes192-CCM" +#define LN_aes_192_ccm "aes-192-ccm" +#define NID_aes_192_ccm 899 +#define OBJ_aes_192_ccm OBJ_aes,27L + +#define SN_id_aes192_wrap_pad "id-aes192-wrap-pad" +#define NID_id_aes192_wrap_pad 900 +#define OBJ_id_aes192_wrap_pad OBJ_aes,28L + +#define SN_aes_256_ecb "AES-256-ECB" +#define LN_aes_256_ecb "aes-256-ecb" +#define NID_aes_256_ecb 426 +#define OBJ_aes_256_ecb OBJ_aes,41L + +#define SN_aes_256_cbc "AES-256-CBC" +#define LN_aes_256_cbc "aes-256-cbc" +#define NID_aes_256_cbc 427 +#define OBJ_aes_256_cbc OBJ_aes,42L + +#define SN_aes_256_ofb128 "AES-256-OFB" +#define LN_aes_256_ofb128 "aes-256-ofb" +#define NID_aes_256_ofb128 428 +#define OBJ_aes_256_ofb128 OBJ_aes,43L + +#define SN_aes_256_cfb128 "AES-256-CFB" +#define LN_aes_256_cfb128 "aes-256-cfb" +#define NID_aes_256_cfb128 429 +#define OBJ_aes_256_cfb128 OBJ_aes,44L + +#define SN_id_aes256_wrap "id-aes256-wrap" +#define NID_id_aes256_wrap 790 +#define OBJ_id_aes256_wrap OBJ_aes,45L + +#define SN_aes_256_gcm "id-aes256-GCM" +#define LN_aes_256_gcm "aes-256-gcm" +#define NID_aes_256_gcm 901 +#define OBJ_aes_256_gcm OBJ_aes,46L + +#define SN_aes_256_ccm "id-aes256-CCM" +#define LN_aes_256_ccm "aes-256-ccm" +#define NID_aes_256_ccm 902 +#define OBJ_aes_256_ccm OBJ_aes,47L + +#define SN_id_aes256_wrap_pad "id-aes256-wrap-pad" +#define NID_id_aes256_wrap_pad 903 +#define OBJ_id_aes256_wrap_pad OBJ_aes,48L + +#define SN_aes_128_xts "AES-128-XTS" +#define LN_aes_128_xts "aes-128-xts" +#define NID_aes_128_xts 913 +#define OBJ_aes_128_xts OBJ_ieee_siswg,0L,1L,1L + +#define SN_aes_256_xts "AES-256-XTS" +#define LN_aes_256_xts "aes-256-xts" +#define NID_aes_256_xts 914 +#define OBJ_aes_256_xts OBJ_ieee_siswg,0L,1L,2L + +#define SN_aes_128_cfb1 "AES-128-CFB1" +#define LN_aes_128_cfb1 "aes-128-cfb1" +#define NID_aes_128_cfb1 650 + +#define SN_aes_192_cfb1 "AES-192-CFB1" +#define LN_aes_192_cfb1 "aes-192-cfb1" +#define NID_aes_192_cfb1 651 + +#define SN_aes_256_cfb1 "AES-256-CFB1" +#define LN_aes_256_cfb1 "aes-256-cfb1" +#define NID_aes_256_cfb1 652 + +#define SN_aes_128_cfb8 "AES-128-CFB8" +#define LN_aes_128_cfb8 "aes-128-cfb8" +#define NID_aes_128_cfb8 653 + +#define SN_aes_192_cfb8 "AES-192-CFB8" +#define LN_aes_192_cfb8 "aes-192-cfb8" +#define NID_aes_192_cfb8 654 + +#define SN_aes_256_cfb8 "AES-256-CFB8" +#define LN_aes_256_cfb8 "aes-256-cfb8" +#define NID_aes_256_cfb8 655 + +#define SN_aes_128_ctr "AES-128-CTR" +#define LN_aes_128_ctr "aes-128-ctr" +#define NID_aes_128_ctr 904 + +#define SN_aes_192_ctr "AES-192-CTR" +#define LN_aes_192_ctr "aes-192-ctr" +#define NID_aes_192_ctr 905 + +#define SN_aes_256_ctr "AES-256-CTR" +#define LN_aes_256_ctr "aes-256-ctr" +#define NID_aes_256_ctr 906 + +#define SN_aes_128_ocb "AES-128-OCB" +#define LN_aes_128_ocb "aes-128-ocb" +#define NID_aes_128_ocb 958 + +#define SN_aes_192_ocb "AES-192-OCB" +#define LN_aes_192_ocb "aes-192-ocb" +#define NID_aes_192_ocb 959 + +#define SN_aes_256_ocb "AES-256-OCB" +#define LN_aes_256_ocb "aes-256-ocb" +#define NID_aes_256_ocb 960 + +#define SN_des_cfb1 "DES-CFB1" +#define LN_des_cfb1 "des-cfb1" +#define NID_des_cfb1 656 + +#define SN_des_cfb8 "DES-CFB8" +#define LN_des_cfb8 "des-cfb8" +#define NID_des_cfb8 657 + +#define SN_des_ede3_cfb1 "DES-EDE3-CFB1" +#define LN_des_ede3_cfb1 "des-ede3-cfb1" +#define NID_des_ede3_cfb1 658 + +#define SN_des_ede3_cfb8 "DES-EDE3-CFB8" +#define LN_des_ede3_cfb8 "des-ede3-cfb8" +#define NID_des_ede3_cfb8 659 + +#define OBJ_nist_hashalgs OBJ_nistAlgorithms,2L + +#define SN_sha256 "SHA256" +#define LN_sha256 "sha256" +#define NID_sha256 672 +#define OBJ_sha256 OBJ_nist_hashalgs,1L + +#define SN_sha384 "SHA384" +#define LN_sha384 "sha384" +#define NID_sha384 673 +#define OBJ_sha384 OBJ_nist_hashalgs,2L + +#define SN_sha512 "SHA512" +#define LN_sha512 "sha512" +#define NID_sha512 674 +#define OBJ_sha512 OBJ_nist_hashalgs,3L + +#define SN_sha224 "SHA224" +#define LN_sha224 "sha224" +#define NID_sha224 675 +#define OBJ_sha224 OBJ_nist_hashalgs,4L + +#define SN_sha512_224 "SHA512-224" +#define LN_sha512_224 "sha512-224" +#define NID_sha512_224 1094 +#define OBJ_sha512_224 OBJ_nist_hashalgs,5L + +#define SN_sha512_256 "SHA512-256" +#define LN_sha512_256 "sha512-256" +#define NID_sha512_256 1095 +#define OBJ_sha512_256 OBJ_nist_hashalgs,6L + +#define SN_sha3_224 "SHA3-224" +#define LN_sha3_224 "sha3-224" +#define NID_sha3_224 1096 +#define OBJ_sha3_224 OBJ_nist_hashalgs,7L + +#define SN_sha3_256 "SHA3-256" +#define LN_sha3_256 "sha3-256" +#define NID_sha3_256 1097 +#define OBJ_sha3_256 OBJ_nist_hashalgs,8L + +#define SN_sha3_384 "SHA3-384" +#define LN_sha3_384 "sha3-384" +#define NID_sha3_384 1098 +#define OBJ_sha3_384 OBJ_nist_hashalgs,9L + +#define SN_sha3_512 "SHA3-512" +#define LN_sha3_512 "sha3-512" +#define NID_sha3_512 1099 +#define OBJ_sha3_512 OBJ_nist_hashalgs,10L + +#define SN_shake128 "SHAKE128" +#define LN_shake128 "shake128" +#define NID_shake128 1100 +#define OBJ_shake128 OBJ_nist_hashalgs,11L + +#define SN_shake256 "SHAKE256" +#define LN_shake256 "shake256" +#define NID_shake256 1101 +#define OBJ_shake256 OBJ_nist_hashalgs,12L + +#define SN_hmac_sha3_224 "id-hmacWithSHA3-224" +#define LN_hmac_sha3_224 "hmac-sha3-224" +#define NID_hmac_sha3_224 1102 +#define OBJ_hmac_sha3_224 OBJ_nist_hashalgs,13L + +#define SN_hmac_sha3_256 "id-hmacWithSHA3-256" +#define LN_hmac_sha3_256 "hmac-sha3-256" +#define NID_hmac_sha3_256 1103 +#define OBJ_hmac_sha3_256 OBJ_nist_hashalgs,14L + +#define SN_hmac_sha3_384 "id-hmacWithSHA3-384" +#define LN_hmac_sha3_384 "hmac-sha3-384" +#define NID_hmac_sha3_384 1104 +#define OBJ_hmac_sha3_384 OBJ_nist_hashalgs,15L + +#define SN_hmac_sha3_512 "id-hmacWithSHA3-512" +#define LN_hmac_sha3_512 "hmac-sha3-512" +#define NID_hmac_sha3_512 1105 +#define OBJ_hmac_sha3_512 OBJ_nist_hashalgs,16L + +#define SN_kmac128 "KMAC128" +#define LN_kmac128 "kmac128" +#define NID_kmac128 1196 +#define OBJ_kmac128 OBJ_nist_hashalgs,19L + +#define SN_kmac256 "KMAC256" +#define LN_kmac256 "kmac256" +#define NID_kmac256 1197 +#define OBJ_kmac256 OBJ_nist_hashalgs,20L + +#define OBJ_dsa_with_sha2 OBJ_nistAlgorithms,3L + +#define SN_dsa_with_SHA224 "dsa_with_SHA224" +#define NID_dsa_with_SHA224 802 +#define OBJ_dsa_with_SHA224 OBJ_dsa_with_sha2,1L + +#define SN_dsa_with_SHA256 "dsa_with_SHA256" +#define NID_dsa_with_SHA256 803 +#define OBJ_dsa_with_SHA256 OBJ_dsa_with_sha2,2L + +#define OBJ_sigAlgs OBJ_nistAlgorithms,3L + +#define SN_dsa_with_SHA384 "id-dsa-with-sha384" +#define LN_dsa_with_SHA384 "dsa_with_SHA384" +#define NID_dsa_with_SHA384 1106 +#define OBJ_dsa_with_SHA384 OBJ_sigAlgs,3L + +#define SN_dsa_with_SHA512 "id-dsa-with-sha512" +#define LN_dsa_with_SHA512 "dsa_with_SHA512" +#define NID_dsa_with_SHA512 1107 +#define OBJ_dsa_with_SHA512 OBJ_sigAlgs,4L + +#define SN_dsa_with_SHA3_224 "id-dsa-with-sha3-224" +#define LN_dsa_with_SHA3_224 "dsa_with_SHA3-224" +#define NID_dsa_with_SHA3_224 1108 +#define OBJ_dsa_with_SHA3_224 OBJ_sigAlgs,5L + +#define SN_dsa_with_SHA3_256 "id-dsa-with-sha3-256" +#define LN_dsa_with_SHA3_256 "dsa_with_SHA3-256" +#define NID_dsa_with_SHA3_256 1109 +#define OBJ_dsa_with_SHA3_256 OBJ_sigAlgs,6L + +#define SN_dsa_with_SHA3_384 "id-dsa-with-sha3-384" +#define LN_dsa_with_SHA3_384 "dsa_with_SHA3-384" +#define NID_dsa_with_SHA3_384 1110 +#define OBJ_dsa_with_SHA3_384 OBJ_sigAlgs,7L + +#define SN_dsa_with_SHA3_512 "id-dsa-with-sha3-512" +#define LN_dsa_with_SHA3_512 "dsa_with_SHA3-512" +#define NID_dsa_with_SHA3_512 1111 +#define OBJ_dsa_with_SHA3_512 OBJ_sigAlgs,8L + +#define SN_ecdsa_with_SHA3_224 "id-ecdsa-with-sha3-224" +#define LN_ecdsa_with_SHA3_224 "ecdsa_with_SHA3-224" +#define NID_ecdsa_with_SHA3_224 1112 +#define OBJ_ecdsa_with_SHA3_224 OBJ_sigAlgs,9L + +#define SN_ecdsa_with_SHA3_256 "id-ecdsa-with-sha3-256" +#define LN_ecdsa_with_SHA3_256 "ecdsa_with_SHA3-256" +#define NID_ecdsa_with_SHA3_256 1113 +#define OBJ_ecdsa_with_SHA3_256 OBJ_sigAlgs,10L + +#define SN_ecdsa_with_SHA3_384 "id-ecdsa-with-sha3-384" +#define LN_ecdsa_with_SHA3_384 "ecdsa_with_SHA3-384" +#define NID_ecdsa_with_SHA3_384 1114 +#define OBJ_ecdsa_with_SHA3_384 OBJ_sigAlgs,11L + +#define SN_ecdsa_with_SHA3_512 "id-ecdsa-with-sha3-512" +#define LN_ecdsa_with_SHA3_512 "ecdsa_with_SHA3-512" +#define NID_ecdsa_with_SHA3_512 1115 +#define OBJ_ecdsa_with_SHA3_512 OBJ_sigAlgs,12L + +#define SN_RSA_SHA3_224 "id-rsassa-pkcs1-v1_5-with-sha3-224" +#define LN_RSA_SHA3_224 "RSA-SHA3-224" +#define NID_RSA_SHA3_224 1116 +#define OBJ_RSA_SHA3_224 OBJ_sigAlgs,13L + +#define SN_RSA_SHA3_256 "id-rsassa-pkcs1-v1_5-with-sha3-256" +#define LN_RSA_SHA3_256 "RSA-SHA3-256" +#define NID_RSA_SHA3_256 1117 +#define OBJ_RSA_SHA3_256 OBJ_sigAlgs,14L + +#define SN_RSA_SHA3_384 "id-rsassa-pkcs1-v1_5-with-sha3-384" +#define LN_RSA_SHA3_384 "RSA-SHA3-384" +#define NID_RSA_SHA3_384 1118 +#define OBJ_RSA_SHA3_384 OBJ_sigAlgs,15L + +#define SN_RSA_SHA3_512 "id-rsassa-pkcs1-v1_5-with-sha3-512" +#define LN_RSA_SHA3_512 "RSA-SHA3-512" +#define NID_RSA_SHA3_512 1119 +#define OBJ_RSA_SHA3_512 OBJ_sigAlgs,16L + +#define SN_hold_instruction_code "holdInstructionCode" +#define LN_hold_instruction_code "Hold Instruction Code" +#define NID_hold_instruction_code 430 +#define OBJ_hold_instruction_code OBJ_id_ce,23L + +#define OBJ_holdInstruction OBJ_X9_57,2L + +#define SN_hold_instruction_none "holdInstructionNone" +#define LN_hold_instruction_none "Hold Instruction None" +#define NID_hold_instruction_none 431 +#define OBJ_hold_instruction_none OBJ_holdInstruction,1L + +#define SN_hold_instruction_call_issuer "holdInstructionCallIssuer" +#define LN_hold_instruction_call_issuer "Hold Instruction Call Issuer" +#define NID_hold_instruction_call_issuer 432 +#define OBJ_hold_instruction_call_issuer OBJ_holdInstruction,2L + +#define SN_hold_instruction_reject "holdInstructionReject" +#define LN_hold_instruction_reject "Hold Instruction Reject" +#define NID_hold_instruction_reject 433 +#define OBJ_hold_instruction_reject OBJ_holdInstruction,3L + +#define SN_data "data" +#define NID_data 434 +#define OBJ_data OBJ_itu_t,9L + +#define SN_pss "pss" +#define NID_pss 435 +#define OBJ_pss OBJ_data,2342L + +#define SN_ucl "ucl" +#define NID_ucl 436 +#define OBJ_ucl OBJ_pss,19200300L + +#define SN_pilot "pilot" +#define NID_pilot 437 +#define OBJ_pilot OBJ_ucl,100L + +#define LN_pilotAttributeType "pilotAttributeType" +#define NID_pilotAttributeType 438 +#define OBJ_pilotAttributeType OBJ_pilot,1L + +#define LN_pilotAttributeSyntax "pilotAttributeSyntax" +#define NID_pilotAttributeSyntax 439 +#define OBJ_pilotAttributeSyntax OBJ_pilot,3L + +#define LN_pilotObjectClass "pilotObjectClass" +#define NID_pilotObjectClass 440 +#define OBJ_pilotObjectClass OBJ_pilot,4L + +#define LN_pilotGroups "pilotGroups" +#define NID_pilotGroups 441 +#define OBJ_pilotGroups OBJ_pilot,10L + +#define LN_iA5StringSyntax "iA5StringSyntax" +#define NID_iA5StringSyntax 442 +#define OBJ_iA5StringSyntax OBJ_pilotAttributeSyntax,4L + +#define LN_caseIgnoreIA5StringSyntax "caseIgnoreIA5StringSyntax" +#define NID_caseIgnoreIA5StringSyntax 443 +#define OBJ_caseIgnoreIA5StringSyntax OBJ_pilotAttributeSyntax,5L + +#define LN_pilotObject "pilotObject" +#define NID_pilotObject 444 +#define OBJ_pilotObject OBJ_pilotObjectClass,3L + +#define LN_pilotPerson "pilotPerson" +#define NID_pilotPerson 445 +#define OBJ_pilotPerson OBJ_pilotObjectClass,4L + +#define SN_account "account" +#define NID_account 446 +#define OBJ_account OBJ_pilotObjectClass,5L + +#define SN_document "document" +#define NID_document 447 +#define OBJ_document OBJ_pilotObjectClass,6L + +#define SN_room "room" +#define NID_room 448 +#define OBJ_room OBJ_pilotObjectClass,7L + +#define LN_documentSeries "documentSeries" +#define NID_documentSeries 449 +#define OBJ_documentSeries OBJ_pilotObjectClass,9L + +#define SN_Domain "domain" +#define LN_Domain "Domain" +#define NID_Domain 392 +#define OBJ_Domain OBJ_pilotObjectClass,13L + +#define LN_rFC822localPart "rFC822localPart" +#define NID_rFC822localPart 450 +#define OBJ_rFC822localPart OBJ_pilotObjectClass,14L + +#define LN_dNSDomain "dNSDomain" +#define NID_dNSDomain 451 +#define OBJ_dNSDomain OBJ_pilotObjectClass,15L + +#define LN_domainRelatedObject "domainRelatedObject" +#define NID_domainRelatedObject 452 +#define OBJ_domainRelatedObject OBJ_pilotObjectClass,17L + +#define LN_friendlyCountry "friendlyCountry" +#define NID_friendlyCountry 453 +#define OBJ_friendlyCountry OBJ_pilotObjectClass,18L + +#define LN_simpleSecurityObject "simpleSecurityObject" +#define NID_simpleSecurityObject 454 +#define OBJ_simpleSecurityObject OBJ_pilotObjectClass,19L + +#define LN_pilotOrganization "pilotOrganization" +#define NID_pilotOrganization 455 +#define OBJ_pilotOrganization OBJ_pilotObjectClass,20L + +#define LN_pilotDSA "pilotDSA" +#define NID_pilotDSA 456 +#define OBJ_pilotDSA OBJ_pilotObjectClass,21L + +#define LN_qualityLabelledData "qualityLabelledData" +#define NID_qualityLabelledData 457 +#define OBJ_qualityLabelledData OBJ_pilotObjectClass,22L + +#define SN_userId "UID" +#define LN_userId "userId" +#define NID_userId 458 +#define OBJ_userId OBJ_pilotAttributeType,1L + +#define LN_textEncodedORAddress "textEncodedORAddress" +#define NID_textEncodedORAddress 459 +#define OBJ_textEncodedORAddress OBJ_pilotAttributeType,2L + +#define SN_rfc822Mailbox "mail" +#define LN_rfc822Mailbox "rfc822Mailbox" +#define NID_rfc822Mailbox 460 +#define OBJ_rfc822Mailbox OBJ_pilotAttributeType,3L + +#define SN_info "info" +#define NID_info 461 +#define OBJ_info OBJ_pilotAttributeType,4L + +#define LN_favouriteDrink "favouriteDrink" +#define NID_favouriteDrink 462 +#define OBJ_favouriteDrink OBJ_pilotAttributeType,5L + +#define LN_roomNumber "roomNumber" +#define NID_roomNumber 463 +#define OBJ_roomNumber OBJ_pilotAttributeType,6L + +#define SN_photo "photo" +#define NID_photo 464 +#define OBJ_photo OBJ_pilotAttributeType,7L + +#define LN_userClass "userClass" +#define NID_userClass 465 +#define OBJ_userClass OBJ_pilotAttributeType,8L + +#define SN_host "host" +#define NID_host 466 +#define OBJ_host OBJ_pilotAttributeType,9L + +#define SN_manager "manager" +#define NID_manager 467 +#define OBJ_manager OBJ_pilotAttributeType,10L + +#define LN_documentIdentifier "documentIdentifier" +#define NID_documentIdentifier 468 +#define OBJ_documentIdentifier OBJ_pilotAttributeType,11L + +#define LN_documentTitle "documentTitle" +#define NID_documentTitle 469 +#define OBJ_documentTitle OBJ_pilotAttributeType,12L + +#define LN_documentVersion "documentVersion" +#define NID_documentVersion 470 +#define OBJ_documentVersion OBJ_pilotAttributeType,13L + +#define LN_documentAuthor "documentAuthor" +#define NID_documentAuthor 471 +#define OBJ_documentAuthor OBJ_pilotAttributeType,14L + +#define LN_documentLocation "documentLocation" +#define NID_documentLocation 472 +#define OBJ_documentLocation OBJ_pilotAttributeType,15L + +#define LN_homeTelephoneNumber "homeTelephoneNumber" +#define NID_homeTelephoneNumber 473 +#define OBJ_homeTelephoneNumber OBJ_pilotAttributeType,20L + +#define SN_secretary "secretary" +#define NID_secretary 474 +#define OBJ_secretary OBJ_pilotAttributeType,21L + +#define LN_otherMailbox "otherMailbox" +#define NID_otherMailbox 475 +#define OBJ_otherMailbox OBJ_pilotAttributeType,22L + +#define LN_lastModifiedTime "lastModifiedTime" +#define NID_lastModifiedTime 476 +#define OBJ_lastModifiedTime OBJ_pilotAttributeType,23L + +#define LN_lastModifiedBy "lastModifiedBy" +#define NID_lastModifiedBy 477 +#define OBJ_lastModifiedBy OBJ_pilotAttributeType,24L + +#define SN_domainComponent "DC" +#define LN_domainComponent "domainComponent" +#define NID_domainComponent 391 +#define OBJ_domainComponent OBJ_pilotAttributeType,25L + +#define LN_aRecord "aRecord" +#define NID_aRecord 478 +#define OBJ_aRecord OBJ_pilotAttributeType,26L + +#define LN_pilotAttributeType27 "pilotAttributeType27" +#define NID_pilotAttributeType27 479 +#define OBJ_pilotAttributeType27 OBJ_pilotAttributeType,27L + +#define LN_mXRecord "mXRecord" +#define NID_mXRecord 480 +#define OBJ_mXRecord OBJ_pilotAttributeType,28L + +#define LN_nSRecord "nSRecord" +#define NID_nSRecord 481 +#define OBJ_nSRecord OBJ_pilotAttributeType,29L + +#define LN_sOARecord "sOARecord" +#define NID_sOARecord 482 +#define OBJ_sOARecord OBJ_pilotAttributeType,30L + +#define LN_cNAMERecord "cNAMERecord" +#define NID_cNAMERecord 483 +#define OBJ_cNAMERecord OBJ_pilotAttributeType,31L + +#define LN_associatedDomain "associatedDomain" +#define NID_associatedDomain 484 +#define OBJ_associatedDomain OBJ_pilotAttributeType,37L + +#define LN_associatedName "associatedName" +#define NID_associatedName 485 +#define OBJ_associatedName OBJ_pilotAttributeType,38L + +#define LN_homePostalAddress "homePostalAddress" +#define NID_homePostalAddress 486 +#define OBJ_homePostalAddress OBJ_pilotAttributeType,39L + +#define LN_personalTitle "personalTitle" +#define NID_personalTitle 487 +#define OBJ_personalTitle OBJ_pilotAttributeType,40L + +#define LN_mobileTelephoneNumber "mobileTelephoneNumber" +#define NID_mobileTelephoneNumber 488 +#define OBJ_mobileTelephoneNumber OBJ_pilotAttributeType,41L + +#define LN_pagerTelephoneNumber "pagerTelephoneNumber" +#define NID_pagerTelephoneNumber 489 +#define OBJ_pagerTelephoneNumber OBJ_pilotAttributeType,42L + +#define LN_friendlyCountryName "friendlyCountryName" +#define NID_friendlyCountryName 490 +#define OBJ_friendlyCountryName OBJ_pilotAttributeType,43L + +#define SN_uniqueIdentifier "uid" +#define LN_uniqueIdentifier "uniqueIdentifier" +#define NID_uniqueIdentifier 102 +#define OBJ_uniqueIdentifier OBJ_pilotAttributeType,44L + +#define LN_organizationalStatus "organizationalStatus" +#define NID_organizationalStatus 491 +#define OBJ_organizationalStatus OBJ_pilotAttributeType,45L + +#define LN_janetMailbox "janetMailbox" +#define NID_janetMailbox 492 +#define OBJ_janetMailbox OBJ_pilotAttributeType,46L + +#define LN_mailPreferenceOption "mailPreferenceOption" +#define NID_mailPreferenceOption 493 +#define OBJ_mailPreferenceOption OBJ_pilotAttributeType,47L + +#define LN_buildingName "buildingName" +#define NID_buildingName 494 +#define OBJ_buildingName OBJ_pilotAttributeType,48L + +#define LN_dSAQuality "dSAQuality" +#define NID_dSAQuality 495 +#define OBJ_dSAQuality OBJ_pilotAttributeType,49L + +#define LN_singleLevelQuality "singleLevelQuality" +#define NID_singleLevelQuality 496 +#define OBJ_singleLevelQuality OBJ_pilotAttributeType,50L + +#define LN_subtreeMinimumQuality "subtreeMinimumQuality" +#define NID_subtreeMinimumQuality 497 +#define OBJ_subtreeMinimumQuality OBJ_pilotAttributeType,51L + +#define LN_subtreeMaximumQuality "subtreeMaximumQuality" +#define NID_subtreeMaximumQuality 498 +#define OBJ_subtreeMaximumQuality OBJ_pilotAttributeType,52L + +#define LN_personalSignature "personalSignature" +#define NID_personalSignature 499 +#define OBJ_personalSignature OBJ_pilotAttributeType,53L + +#define LN_dITRedirect "dITRedirect" +#define NID_dITRedirect 500 +#define OBJ_dITRedirect OBJ_pilotAttributeType,54L + +#define SN_audio "audio" +#define NID_audio 501 +#define OBJ_audio OBJ_pilotAttributeType,55L + +#define LN_documentPublisher "documentPublisher" +#define NID_documentPublisher 502 +#define OBJ_documentPublisher OBJ_pilotAttributeType,56L + +#define SN_id_set "id-set" +#define LN_id_set "Secure Electronic Transactions" +#define NID_id_set 512 +#define OBJ_id_set OBJ_international_organizations,42L + +#define SN_set_ctype "set-ctype" +#define LN_set_ctype "content types" +#define NID_set_ctype 513 +#define OBJ_set_ctype OBJ_id_set,0L + +#define SN_set_msgExt "set-msgExt" +#define LN_set_msgExt "message extensions" +#define NID_set_msgExt 514 +#define OBJ_set_msgExt OBJ_id_set,1L + +#define SN_set_attr "set-attr" +#define NID_set_attr 515 +#define OBJ_set_attr OBJ_id_set,3L + +#define SN_set_policy "set-policy" +#define NID_set_policy 516 +#define OBJ_set_policy OBJ_id_set,5L + +#define SN_set_certExt "set-certExt" +#define LN_set_certExt "certificate extensions" +#define NID_set_certExt 517 +#define OBJ_set_certExt OBJ_id_set,7L + +#define SN_set_brand "set-brand" +#define NID_set_brand 518 +#define OBJ_set_brand OBJ_id_set,8L + +#define SN_setct_PANData "setct-PANData" +#define NID_setct_PANData 519 +#define OBJ_setct_PANData OBJ_set_ctype,0L + +#define SN_setct_PANToken "setct-PANToken" +#define NID_setct_PANToken 520 +#define OBJ_setct_PANToken OBJ_set_ctype,1L + +#define SN_setct_PANOnly "setct-PANOnly" +#define NID_setct_PANOnly 521 +#define OBJ_setct_PANOnly OBJ_set_ctype,2L + +#define SN_setct_OIData "setct-OIData" +#define NID_setct_OIData 522 +#define OBJ_setct_OIData OBJ_set_ctype,3L + +#define SN_setct_PI "setct-PI" +#define NID_setct_PI 523 +#define OBJ_setct_PI OBJ_set_ctype,4L + +#define SN_setct_PIData "setct-PIData" +#define NID_setct_PIData 524 +#define OBJ_setct_PIData OBJ_set_ctype,5L + +#define SN_setct_PIDataUnsigned "setct-PIDataUnsigned" +#define NID_setct_PIDataUnsigned 525 +#define OBJ_setct_PIDataUnsigned OBJ_set_ctype,6L + +#define SN_setct_HODInput "setct-HODInput" +#define NID_setct_HODInput 526 +#define OBJ_setct_HODInput OBJ_set_ctype,7L + +#define SN_setct_AuthResBaggage "setct-AuthResBaggage" +#define NID_setct_AuthResBaggage 527 +#define OBJ_setct_AuthResBaggage OBJ_set_ctype,8L + +#define SN_setct_AuthRevReqBaggage "setct-AuthRevReqBaggage" +#define NID_setct_AuthRevReqBaggage 528 +#define OBJ_setct_AuthRevReqBaggage OBJ_set_ctype,9L + +#define SN_setct_AuthRevResBaggage "setct-AuthRevResBaggage" +#define NID_setct_AuthRevResBaggage 529 +#define OBJ_setct_AuthRevResBaggage OBJ_set_ctype,10L + +#define SN_setct_CapTokenSeq "setct-CapTokenSeq" +#define NID_setct_CapTokenSeq 530 +#define OBJ_setct_CapTokenSeq OBJ_set_ctype,11L + +#define SN_setct_PInitResData "setct-PInitResData" +#define NID_setct_PInitResData 531 +#define OBJ_setct_PInitResData OBJ_set_ctype,12L + +#define SN_setct_PI_TBS "setct-PI-TBS" +#define NID_setct_PI_TBS 532 +#define OBJ_setct_PI_TBS OBJ_set_ctype,13L + +#define SN_setct_PResData "setct-PResData" +#define NID_setct_PResData 533 +#define OBJ_setct_PResData OBJ_set_ctype,14L + +#define SN_setct_AuthReqTBS "setct-AuthReqTBS" +#define NID_setct_AuthReqTBS 534 +#define OBJ_setct_AuthReqTBS OBJ_set_ctype,16L + +#define SN_setct_AuthResTBS "setct-AuthResTBS" +#define NID_setct_AuthResTBS 535 +#define OBJ_setct_AuthResTBS OBJ_set_ctype,17L + +#define SN_setct_AuthResTBSX "setct-AuthResTBSX" +#define NID_setct_AuthResTBSX 536 +#define OBJ_setct_AuthResTBSX OBJ_set_ctype,18L + +#define SN_setct_AuthTokenTBS "setct-AuthTokenTBS" +#define NID_setct_AuthTokenTBS 537 +#define OBJ_setct_AuthTokenTBS OBJ_set_ctype,19L + +#define SN_setct_CapTokenData "setct-CapTokenData" +#define NID_setct_CapTokenData 538 +#define OBJ_setct_CapTokenData OBJ_set_ctype,20L + +#define SN_setct_CapTokenTBS "setct-CapTokenTBS" +#define NID_setct_CapTokenTBS 539 +#define OBJ_setct_CapTokenTBS OBJ_set_ctype,21L + +#define SN_setct_AcqCardCodeMsg "setct-AcqCardCodeMsg" +#define NID_setct_AcqCardCodeMsg 540 +#define OBJ_setct_AcqCardCodeMsg OBJ_set_ctype,22L + +#define SN_setct_AuthRevReqTBS "setct-AuthRevReqTBS" +#define NID_setct_AuthRevReqTBS 541 +#define OBJ_setct_AuthRevReqTBS OBJ_set_ctype,23L + +#define SN_setct_AuthRevResData "setct-AuthRevResData" +#define NID_setct_AuthRevResData 542 +#define OBJ_setct_AuthRevResData OBJ_set_ctype,24L + +#define SN_setct_AuthRevResTBS "setct-AuthRevResTBS" +#define NID_setct_AuthRevResTBS 543 +#define OBJ_setct_AuthRevResTBS OBJ_set_ctype,25L + +#define SN_setct_CapReqTBS "setct-CapReqTBS" +#define NID_setct_CapReqTBS 544 +#define OBJ_setct_CapReqTBS OBJ_set_ctype,26L + +#define SN_setct_CapReqTBSX "setct-CapReqTBSX" +#define NID_setct_CapReqTBSX 545 +#define OBJ_setct_CapReqTBSX OBJ_set_ctype,27L + +#define SN_setct_CapResData "setct-CapResData" +#define NID_setct_CapResData 546 +#define OBJ_setct_CapResData OBJ_set_ctype,28L + +#define SN_setct_CapRevReqTBS "setct-CapRevReqTBS" +#define NID_setct_CapRevReqTBS 547 +#define OBJ_setct_CapRevReqTBS OBJ_set_ctype,29L + +#define SN_setct_CapRevReqTBSX "setct-CapRevReqTBSX" +#define NID_setct_CapRevReqTBSX 548 +#define OBJ_setct_CapRevReqTBSX OBJ_set_ctype,30L + +#define SN_setct_CapRevResData "setct-CapRevResData" +#define NID_setct_CapRevResData 549 +#define OBJ_setct_CapRevResData OBJ_set_ctype,31L + +#define SN_setct_CredReqTBS "setct-CredReqTBS" +#define NID_setct_CredReqTBS 550 +#define OBJ_setct_CredReqTBS OBJ_set_ctype,32L + +#define SN_setct_CredReqTBSX "setct-CredReqTBSX" +#define NID_setct_CredReqTBSX 551 +#define OBJ_setct_CredReqTBSX OBJ_set_ctype,33L + +#define SN_setct_CredResData "setct-CredResData" +#define NID_setct_CredResData 552 +#define OBJ_setct_CredResData OBJ_set_ctype,34L + +#define SN_setct_CredRevReqTBS "setct-CredRevReqTBS" +#define NID_setct_CredRevReqTBS 553 +#define OBJ_setct_CredRevReqTBS OBJ_set_ctype,35L + +#define SN_setct_CredRevReqTBSX "setct-CredRevReqTBSX" +#define NID_setct_CredRevReqTBSX 554 +#define OBJ_setct_CredRevReqTBSX OBJ_set_ctype,36L + +#define SN_setct_CredRevResData "setct-CredRevResData" +#define NID_setct_CredRevResData 555 +#define OBJ_setct_CredRevResData OBJ_set_ctype,37L + +#define SN_setct_PCertReqData "setct-PCertReqData" +#define NID_setct_PCertReqData 556 +#define OBJ_setct_PCertReqData OBJ_set_ctype,38L + +#define SN_setct_PCertResTBS "setct-PCertResTBS" +#define NID_setct_PCertResTBS 557 +#define OBJ_setct_PCertResTBS OBJ_set_ctype,39L + +#define SN_setct_BatchAdminReqData "setct-BatchAdminReqData" +#define NID_setct_BatchAdminReqData 558 +#define OBJ_setct_BatchAdminReqData OBJ_set_ctype,40L + +#define SN_setct_BatchAdminResData "setct-BatchAdminResData" +#define NID_setct_BatchAdminResData 559 +#define OBJ_setct_BatchAdminResData OBJ_set_ctype,41L + +#define SN_setct_CardCInitResTBS "setct-CardCInitResTBS" +#define NID_setct_CardCInitResTBS 560 +#define OBJ_setct_CardCInitResTBS OBJ_set_ctype,42L + +#define SN_setct_MeAqCInitResTBS "setct-MeAqCInitResTBS" +#define NID_setct_MeAqCInitResTBS 561 +#define OBJ_setct_MeAqCInitResTBS OBJ_set_ctype,43L + +#define SN_setct_RegFormResTBS "setct-RegFormResTBS" +#define NID_setct_RegFormResTBS 562 +#define OBJ_setct_RegFormResTBS OBJ_set_ctype,44L + +#define SN_setct_CertReqData "setct-CertReqData" +#define NID_setct_CertReqData 563 +#define OBJ_setct_CertReqData OBJ_set_ctype,45L + +#define SN_setct_CertReqTBS "setct-CertReqTBS" +#define NID_setct_CertReqTBS 564 +#define OBJ_setct_CertReqTBS OBJ_set_ctype,46L + +#define SN_setct_CertResData "setct-CertResData" +#define NID_setct_CertResData 565 +#define OBJ_setct_CertResData OBJ_set_ctype,47L + +#define SN_setct_CertInqReqTBS "setct-CertInqReqTBS" +#define NID_setct_CertInqReqTBS 566 +#define OBJ_setct_CertInqReqTBS OBJ_set_ctype,48L + +#define SN_setct_ErrorTBS "setct-ErrorTBS" +#define NID_setct_ErrorTBS 567 +#define OBJ_setct_ErrorTBS OBJ_set_ctype,49L + +#define SN_setct_PIDualSignedTBE "setct-PIDualSignedTBE" +#define NID_setct_PIDualSignedTBE 568 +#define OBJ_setct_PIDualSignedTBE OBJ_set_ctype,50L + +#define SN_setct_PIUnsignedTBE "setct-PIUnsignedTBE" +#define NID_setct_PIUnsignedTBE 569 +#define OBJ_setct_PIUnsignedTBE OBJ_set_ctype,51L + +#define SN_setct_AuthReqTBE "setct-AuthReqTBE" +#define NID_setct_AuthReqTBE 570 +#define OBJ_setct_AuthReqTBE OBJ_set_ctype,52L + +#define SN_setct_AuthResTBE "setct-AuthResTBE" +#define NID_setct_AuthResTBE 571 +#define OBJ_setct_AuthResTBE OBJ_set_ctype,53L + +#define SN_setct_AuthResTBEX "setct-AuthResTBEX" +#define NID_setct_AuthResTBEX 572 +#define OBJ_setct_AuthResTBEX OBJ_set_ctype,54L + +#define SN_setct_AuthTokenTBE "setct-AuthTokenTBE" +#define NID_setct_AuthTokenTBE 573 +#define OBJ_setct_AuthTokenTBE OBJ_set_ctype,55L + +#define SN_setct_CapTokenTBE "setct-CapTokenTBE" +#define NID_setct_CapTokenTBE 574 +#define OBJ_setct_CapTokenTBE OBJ_set_ctype,56L + +#define SN_setct_CapTokenTBEX "setct-CapTokenTBEX" +#define NID_setct_CapTokenTBEX 575 +#define OBJ_setct_CapTokenTBEX OBJ_set_ctype,57L + +#define SN_setct_AcqCardCodeMsgTBE "setct-AcqCardCodeMsgTBE" +#define NID_setct_AcqCardCodeMsgTBE 576 +#define OBJ_setct_AcqCardCodeMsgTBE OBJ_set_ctype,58L + +#define SN_setct_AuthRevReqTBE "setct-AuthRevReqTBE" +#define NID_setct_AuthRevReqTBE 577 +#define OBJ_setct_AuthRevReqTBE OBJ_set_ctype,59L + +#define SN_setct_AuthRevResTBE "setct-AuthRevResTBE" +#define NID_setct_AuthRevResTBE 578 +#define OBJ_setct_AuthRevResTBE OBJ_set_ctype,60L + +#define SN_setct_AuthRevResTBEB "setct-AuthRevResTBEB" +#define NID_setct_AuthRevResTBEB 579 +#define OBJ_setct_AuthRevResTBEB OBJ_set_ctype,61L + +#define SN_setct_CapReqTBE "setct-CapReqTBE" +#define NID_setct_CapReqTBE 580 +#define OBJ_setct_CapReqTBE OBJ_set_ctype,62L + +#define SN_setct_CapReqTBEX "setct-CapReqTBEX" +#define NID_setct_CapReqTBEX 581 +#define OBJ_setct_CapReqTBEX OBJ_set_ctype,63L + +#define SN_setct_CapResTBE "setct-CapResTBE" +#define NID_setct_CapResTBE 582 +#define OBJ_setct_CapResTBE OBJ_set_ctype,64L + +#define SN_setct_CapRevReqTBE "setct-CapRevReqTBE" +#define NID_setct_CapRevReqTBE 583 +#define OBJ_setct_CapRevReqTBE OBJ_set_ctype,65L + +#define SN_setct_CapRevReqTBEX "setct-CapRevReqTBEX" +#define NID_setct_CapRevReqTBEX 584 +#define OBJ_setct_CapRevReqTBEX OBJ_set_ctype,66L + +#define SN_setct_CapRevResTBE "setct-CapRevResTBE" +#define NID_setct_CapRevResTBE 585 +#define OBJ_setct_CapRevResTBE OBJ_set_ctype,67L + +#define SN_setct_CredReqTBE "setct-CredReqTBE" +#define NID_setct_CredReqTBE 586 +#define OBJ_setct_CredReqTBE OBJ_set_ctype,68L + +#define SN_setct_CredReqTBEX "setct-CredReqTBEX" +#define NID_setct_CredReqTBEX 587 +#define OBJ_setct_CredReqTBEX OBJ_set_ctype,69L + +#define SN_setct_CredResTBE "setct-CredResTBE" +#define NID_setct_CredResTBE 588 +#define OBJ_setct_CredResTBE OBJ_set_ctype,70L + +#define SN_setct_CredRevReqTBE "setct-CredRevReqTBE" +#define NID_setct_CredRevReqTBE 589 +#define OBJ_setct_CredRevReqTBE OBJ_set_ctype,71L + +#define SN_setct_CredRevReqTBEX "setct-CredRevReqTBEX" +#define NID_setct_CredRevReqTBEX 590 +#define OBJ_setct_CredRevReqTBEX OBJ_set_ctype,72L + +#define SN_setct_CredRevResTBE "setct-CredRevResTBE" +#define NID_setct_CredRevResTBE 591 +#define OBJ_setct_CredRevResTBE OBJ_set_ctype,73L + +#define SN_setct_BatchAdminReqTBE "setct-BatchAdminReqTBE" +#define NID_setct_BatchAdminReqTBE 592 +#define OBJ_setct_BatchAdminReqTBE OBJ_set_ctype,74L + +#define SN_setct_BatchAdminResTBE "setct-BatchAdminResTBE" +#define NID_setct_BatchAdminResTBE 593 +#define OBJ_setct_BatchAdminResTBE OBJ_set_ctype,75L + +#define SN_setct_RegFormReqTBE "setct-RegFormReqTBE" +#define NID_setct_RegFormReqTBE 594 +#define OBJ_setct_RegFormReqTBE OBJ_set_ctype,76L + +#define SN_setct_CertReqTBE "setct-CertReqTBE" +#define NID_setct_CertReqTBE 595 +#define OBJ_setct_CertReqTBE OBJ_set_ctype,77L + +#define SN_setct_CertReqTBEX "setct-CertReqTBEX" +#define NID_setct_CertReqTBEX 596 +#define OBJ_setct_CertReqTBEX OBJ_set_ctype,78L + +#define SN_setct_CertResTBE "setct-CertResTBE" +#define NID_setct_CertResTBE 597 +#define OBJ_setct_CertResTBE OBJ_set_ctype,79L + +#define SN_setct_CRLNotificationTBS "setct-CRLNotificationTBS" +#define NID_setct_CRLNotificationTBS 598 +#define OBJ_setct_CRLNotificationTBS OBJ_set_ctype,80L + +#define SN_setct_CRLNotificationResTBS "setct-CRLNotificationResTBS" +#define NID_setct_CRLNotificationResTBS 599 +#define OBJ_setct_CRLNotificationResTBS OBJ_set_ctype,81L + +#define SN_setct_BCIDistributionTBS "setct-BCIDistributionTBS" +#define NID_setct_BCIDistributionTBS 600 +#define OBJ_setct_BCIDistributionTBS OBJ_set_ctype,82L + +#define SN_setext_genCrypt "setext-genCrypt" +#define LN_setext_genCrypt "generic cryptogram" +#define NID_setext_genCrypt 601 +#define OBJ_setext_genCrypt OBJ_set_msgExt,1L + +#define SN_setext_miAuth "setext-miAuth" +#define LN_setext_miAuth "merchant initiated auth" +#define NID_setext_miAuth 602 +#define OBJ_setext_miAuth OBJ_set_msgExt,3L + +#define SN_setext_pinSecure "setext-pinSecure" +#define NID_setext_pinSecure 603 +#define OBJ_setext_pinSecure OBJ_set_msgExt,4L + +#define SN_setext_pinAny "setext-pinAny" +#define NID_setext_pinAny 604 +#define OBJ_setext_pinAny OBJ_set_msgExt,5L + +#define SN_setext_track2 "setext-track2" +#define NID_setext_track2 605 +#define OBJ_setext_track2 OBJ_set_msgExt,7L + +#define SN_setext_cv "setext-cv" +#define LN_setext_cv "additional verification" +#define NID_setext_cv 606 +#define OBJ_setext_cv OBJ_set_msgExt,8L + +#define SN_set_policy_root "set-policy-root" +#define NID_set_policy_root 607 +#define OBJ_set_policy_root OBJ_set_policy,0L + +#define SN_setCext_hashedRoot "setCext-hashedRoot" +#define NID_setCext_hashedRoot 608 +#define OBJ_setCext_hashedRoot OBJ_set_certExt,0L + +#define SN_setCext_certType "setCext-certType" +#define NID_setCext_certType 609 +#define OBJ_setCext_certType OBJ_set_certExt,1L + +#define SN_setCext_merchData "setCext-merchData" +#define NID_setCext_merchData 610 +#define OBJ_setCext_merchData OBJ_set_certExt,2L + +#define SN_setCext_cCertRequired "setCext-cCertRequired" +#define NID_setCext_cCertRequired 611 +#define OBJ_setCext_cCertRequired OBJ_set_certExt,3L + +#define SN_setCext_tunneling "setCext-tunneling" +#define NID_setCext_tunneling 612 +#define OBJ_setCext_tunneling OBJ_set_certExt,4L + +#define SN_setCext_setExt "setCext-setExt" +#define NID_setCext_setExt 613 +#define OBJ_setCext_setExt OBJ_set_certExt,5L + +#define SN_setCext_setQualf "setCext-setQualf" +#define NID_setCext_setQualf 614 +#define OBJ_setCext_setQualf OBJ_set_certExt,6L + +#define SN_setCext_PGWYcapabilities "setCext-PGWYcapabilities" +#define NID_setCext_PGWYcapabilities 615 +#define OBJ_setCext_PGWYcapabilities OBJ_set_certExt,7L + +#define SN_setCext_TokenIdentifier "setCext-TokenIdentifier" +#define NID_setCext_TokenIdentifier 616 +#define OBJ_setCext_TokenIdentifier OBJ_set_certExt,8L + +#define SN_setCext_Track2Data "setCext-Track2Data" +#define NID_setCext_Track2Data 617 +#define OBJ_setCext_Track2Data OBJ_set_certExt,9L + +#define SN_setCext_TokenType "setCext-TokenType" +#define NID_setCext_TokenType 618 +#define OBJ_setCext_TokenType OBJ_set_certExt,10L + +#define SN_setCext_IssuerCapabilities "setCext-IssuerCapabilities" +#define NID_setCext_IssuerCapabilities 619 +#define OBJ_setCext_IssuerCapabilities OBJ_set_certExt,11L + +#define SN_setAttr_Cert "setAttr-Cert" +#define NID_setAttr_Cert 620 +#define OBJ_setAttr_Cert OBJ_set_attr,0L + +#define SN_setAttr_PGWYcap "setAttr-PGWYcap" +#define LN_setAttr_PGWYcap "payment gateway capabilities" +#define NID_setAttr_PGWYcap 621 +#define OBJ_setAttr_PGWYcap OBJ_set_attr,1L + +#define SN_setAttr_TokenType "setAttr-TokenType" +#define NID_setAttr_TokenType 622 +#define OBJ_setAttr_TokenType OBJ_set_attr,2L + +#define SN_setAttr_IssCap "setAttr-IssCap" +#define LN_setAttr_IssCap "issuer capabilities" +#define NID_setAttr_IssCap 623 +#define OBJ_setAttr_IssCap OBJ_set_attr,3L + +#define SN_set_rootKeyThumb "set-rootKeyThumb" +#define NID_set_rootKeyThumb 624 +#define OBJ_set_rootKeyThumb OBJ_setAttr_Cert,0L + +#define SN_set_addPolicy "set-addPolicy" +#define NID_set_addPolicy 625 +#define OBJ_set_addPolicy OBJ_setAttr_Cert,1L + +#define SN_setAttr_Token_EMV "setAttr-Token-EMV" +#define NID_setAttr_Token_EMV 626 +#define OBJ_setAttr_Token_EMV OBJ_setAttr_TokenType,1L + +#define SN_setAttr_Token_B0Prime "setAttr-Token-B0Prime" +#define NID_setAttr_Token_B0Prime 627 +#define OBJ_setAttr_Token_B0Prime OBJ_setAttr_TokenType,2L + +#define SN_setAttr_IssCap_CVM "setAttr-IssCap-CVM" +#define NID_setAttr_IssCap_CVM 628 +#define OBJ_setAttr_IssCap_CVM OBJ_setAttr_IssCap,3L + +#define SN_setAttr_IssCap_T2 "setAttr-IssCap-T2" +#define NID_setAttr_IssCap_T2 629 +#define OBJ_setAttr_IssCap_T2 OBJ_setAttr_IssCap,4L + +#define SN_setAttr_IssCap_Sig "setAttr-IssCap-Sig" +#define NID_setAttr_IssCap_Sig 630 +#define OBJ_setAttr_IssCap_Sig OBJ_setAttr_IssCap,5L + +#define SN_setAttr_GenCryptgrm "setAttr-GenCryptgrm" +#define LN_setAttr_GenCryptgrm "generate cryptogram" +#define NID_setAttr_GenCryptgrm 631 +#define OBJ_setAttr_GenCryptgrm OBJ_setAttr_IssCap_CVM,1L + +#define SN_setAttr_T2Enc "setAttr-T2Enc" +#define LN_setAttr_T2Enc "encrypted track 2" +#define NID_setAttr_T2Enc 632 +#define OBJ_setAttr_T2Enc OBJ_setAttr_IssCap_T2,1L + +#define SN_setAttr_T2cleartxt "setAttr-T2cleartxt" +#define LN_setAttr_T2cleartxt "cleartext track 2" +#define NID_setAttr_T2cleartxt 633 +#define OBJ_setAttr_T2cleartxt OBJ_setAttr_IssCap_T2,2L + +#define SN_setAttr_TokICCsig "setAttr-TokICCsig" +#define LN_setAttr_TokICCsig "ICC or token signature" +#define NID_setAttr_TokICCsig 634 +#define OBJ_setAttr_TokICCsig OBJ_setAttr_IssCap_Sig,1L + +#define SN_setAttr_SecDevSig "setAttr-SecDevSig" +#define LN_setAttr_SecDevSig "secure device signature" +#define NID_setAttr_SecDevSig 635 +#define OBJ_setAttr_SecDevSig OBJ_setAttr_IssCap_Sig,2L + +#define SN_set_brand_IATA_ATA "set-brand-IATA-ATA" +#define NID_set_brand_IATA_ATA 636 +#define OBJ_set_brand_IATA_ATA OBJ_set_brand,1L + +#define SN_set_brand_Diners "set-brand-Diners" +#define NID_set_brand_Diners 637 +#define OBJ_set_brand_Diners OBJ_set_brand,30L + +#define SN_set_brand_AmericanExpress "set-brand-AmericanExpress" +#define NID_set_brand_AmericanExpress 638 +#define OBJ_set_brand_AmericanExpress OBJ_set_brand,34L + +#define SN_set_brand_JCB "set-brand-JCB" +#define NID_set_brand_JCB 639 +#define OBJ_set_brand_JCB OBJ_set_brand,35L + +#define SN_set_brand_Visa "set-brand-Visa" +#define NID_set_brand_Visa 640 +#define OBJ_set_brand_Visa OBJ_set_brand,4L + +#define SN_set_brand_MasterCard "set-brand-MasterCard" +#define NID_set_brand_MasterCard 641 +#define OBJ_set_brand_MasterCard OBJ_set_brand,5L + +#define SN_set_brand_Novus "set-brand-Novus" +#define NID_set_brand_Novus 642 +#define OBJ_set_brand_Novus OBJ_set_brand,6011L + +#define SN_des_cdmf "DES-CDMF" +#define LN_des_cdmf "des-cdmf" +#define NID_des_cdmf 643 +#define OBJ_des_cdmf OBJ_rsadsi,3L,10L + +#define SN_rsaOAEPEncryptionSET "rsaOAEPEncryptionSET" +#define NID_rsaOAEPEncryptionSET 644 +#define OBJ_rsaOAEPEncryptionSET OBJ_rsadsi,1L,1L,6L + +#define SN_ipsec3 "Oakley-EC2N-3" +#define LN_ipsec3 "ipsec3" +#define NID_ipsec3 749 + +#define SN_ipsec4 "Oakley-EC2N-4" +#define LN_ipsec4 "ipsec4" +#define NID_ipsec4 750 + +#define SN_whirlpool "whirlpool" +#define NID_whirlpool 804 +#define OBJ_whirlpool OBJ_iso,0L,10118L,3L,0L,55L + +#define SN_cryptopro "cryptopro" +#define NID_cryptopro 805 +#define OBJ_cryptopro OBJ_member_body,643L,2L,2L + +#define SN_cryptocom "cryptocom" +#define NID_cryptocom 806 +#define OBJ_cryptocom OBJ_member_body,643L,2L,9L + +#define SN_id_tc26 "id-tc26" +#define NID_id_tc26 974 +#define OBJ_id_tc26 OBJ_member_body,643L,7L,1L + +#define SN_id_GostR3411_94_with_GostR3410_2001 "id-GostR3411-94-with-GostR3410-2001" +#define LN_id_GostR3411_94_with_GostR3410_2001 "GOST R 34.11-94 with GOST R 34.10-2001" +#define NID_id_GostR3411_94_with_GostR3410_2001 807 +#define OBJ_id_GostR3411_94_with_GostR3410_2001 OBJ_cryptopro,3L + +#define SN_id_GostR3411_94_with_GostR3410_94 "id-GostR3411-94-with-GostR3410-94" +#define LN_id_GostR3411_94_with_GostR3410_94 "GOST R 34.11-94 with GOST R 34.10-94" +#define NID_id_GostR3411_94_with_GostR3410_94 808 +#define OBJ_id_GostR3411_94_with_GostR3410_94 OBJ_cryptopro,4L + +#define SN_id_GostR3411_94 "md_gost94" +#define LN_id_GostR3411_94 "GOST R 34.11-94" +#define NID_id_GostR3411_94 809 +#define OBJ_id_GostR3411_94 OBJ_cryptopro,9L + +#define SN_id_HMACGostR3411_94 "id-HMACGostR3411-94" +#define LN_id_HMACGostR3411_94 "HMAC GOST 34.11-94" +#define NID_id_HMACGostR3411_94 810 +#define OBJ_id_HMACGostR3411_94 OBJ_cryptopro,10L + +#define SN_id_GostR3410_2001 "gost2001" +#define LN_id_GostR3410_2001 "GOST R 34.10-2001" +#define NID_id_GostR3410_2001 811 +#define OBJ_id_GostR3410_2001 OBJ_cryptopro,19L + +#define SN_id_GostR3410_94 "gost94" +#define LN_id_GostR3410_94 "GOST R 34.10-94" +#define NID_id_GostR3410_94 812 +#define OBJ_id_GostR3410_94 OBJ_cryptopro,20L + +#define SN_id_Gost28147_89 "gost89" +#define LN_id_Gost28147_89 "GOST 28147-89" +#define NID_id_Gost28147_89 813 +#define OBJ_id_Gost28147_89 OBJ_cryptopro,21L + +#define SN_gost89_cnt "gost89-cnt" +#define NID_gost89_cnt 814 + +#define SN_gost89_cnt_12 "gost89-cnt-12" +#define NID_gost89_cnt_12 975 + +#define SN_gost89_cbc "gost89-cbc" +#define NID_gost89_cbc 1009 + +#define SN_gost89_ecb "gost89-ecb" +#define NID_gost89_ecb 1010 + +#define SN_gost89_ctr "gost89-ctr" +#define NID_gost89_ctr 1011 + +#define SN_id_Gost28147_89_MAC "gost-mac" +#define LN_id_Gost28147_89_MAC "GOST 28147-89 MAC" +#define NID_id_Gost28147_89_MAC 815 +#define OBJ_id_Gost28147_89_MAC OBJ_cryptopro,22L + +#define SN_gost_mac_12 "gost-mac-12" +#define NID_gost_mac_12 976 + +#define SN_id_GostR3411_94_prf "prf-gostr3411-94" +#define LN_id_GostR3411_94_prf "GOST R 34.11-94 PRF" +#define NID_id_GostR3411_94_prf 816 +#define OBJ_id_GostR3411_94_prf OBJ_cryptopro,23L + +#define SN_id_GostR3410_2001DH "id-GostR3410-2001DH" +#define LN_id_GostR3410_2001DH "GOST R 34.10-2001 DH" +#define NID_id_GostR3410_2001DH 817 +#define OBJ_id_GostR3410_2001DH OBJ_cryptopro,98L + +#define SN_id_GostR3410_94DH "id-GostR3410-94DH" +#define LN_id_GostR3410_94DH "GOST R 34.10-94 DH" +#define NID_id_GostR3410_94DH 818 +#define OBJ_id_GostR3410_94DH OBJ_cryptopro,99L + +#define SN_id_Gost28147_89_CryptoPro_KeyMeshing "id-Gost28147-89-CryptoPro-KeyMeshing" +#define NID_id_Gost28147_89_CryptoPro_KeyMeshing 819 +#define OBJ_id_Gost28147_89_CryptoPro_KeyMeshing OBJ_cryptopro,14L,1L + +#define SN_id_Gost28147_89_None_KeyMeshing "id-Gost28147-89-None-KeyMeshing" +#define NID_id_Gost28147_89_None_KeyMeshing 820 +#define OBJ_id_Gost28147_89_None_KeyMeshing OBJ_cryptopro,14L,0L + +#define SN_id_GostR3411_94_TestParamSet "id-GostR3411-94-TestParamSet" +#define NID_id_GostR3411_94_TestParamSet 821 +#define OBJ_id_GostR3411_94_TestParamSet OBJ_cryptopro,30L,0L + +#define SN_id_GostR3411_94_CryptoProParamSet "id-GostR3411-94-CryptoProParamSet" +#define NID_id_GostR3411_94_CryptoProParamSet 822 +#define OBJ_id_GostR3411_94_CryptoProParamSet OBJ_cryptopro,30L,1L + +#define SN_id_Gost28147_89_TestParamSet "id-Gost28147-89-TestParamSet" +#define NID_id_Gost28147_89_TestParamSet 823 +#define OBJ_id_Gost28147_89_TestParamSet OBJ_cryptopro,31L,0L + +#define SN_id_Gost28147_89_CryptoPro_A_ParamSet "id-Gost28147-89-CryptoPro-A-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_A_ParamSet 824 +#define OBJ_id_Gost28147_89_CryptoPro_A_ParamSet OBJ_cryptopro,31L,1L + +#define SN_id_Gost28147_89_CryptoPro_B_ParamSet "id-Gost28147-89-CryptoPro-B-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_B_ParamSet 825 +#define OBJ_id_Gost28147_89_CryptoPro_B_ParamSet OBJ_cryptopro,31L,2L + +#define SN_id_Gost28147_89_CryptoPro_C_ParamSet "id-Gost28147-89-CryptoPro-C-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_C_ParamSet 826 +#define OBJ_id_Gost28147_89_CryptoPro_C_ParamSet OBJ_cryptopro,31L,3L + +#define SN_id_Gost28147_89_CryptoPro_D_ParamSet "id-Gost28147-89-CryptoPro-D-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_D_ParamSet 827 +#define OBJ_id_Gost28147_89_CryptoPro_D_ParamSet OBJ_cryptopro,31L,4L + +#define SN_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet 828 +#define OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet OBJ_cryptopro,31L,5L + +#define SN_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet 829 +#define OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet OBJ_cryptopro,31L,6L + +#define SN_id_Gost28147_89_CryptoPro_RIC_1_ParamSet "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_RIC_1_ParamSet 830 +#define OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet OBJ_cryptopro,31L,7L + +#define SN_id_GostR3410_94_TestParamSet "id-GostR3410-94-TestParamSet" +#define NID_id_GostR3410_94_TestParamSet 831 +#define OBJ_id_GostR3410_94_TestParamSet OBJ_cryptopro,32L,0L + +#define SN_id_GostR3410_94_CryptoPro_A_ParamSet "id-GostR3410-94-CryptoPro-A-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_A_ParamSet 832 +#define OBJ_id_GostR3410_94_CryptoPro_A_ParamSet OBJ_cryptopro,32L,2L + +#define SN_id_GostR3410_94_CryptoPro_B_ParamSet "id-GostR3410-94-CryptoPro-B-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_B_ParamSet 833 +#define OBJ_id_GostR3410_94_CryptoPro_B_ParamSet OBJ_cryptopro,32L,3L + +#define SN_id_GostR3410_94_CryptoPro_C_ParamSet "id-GostR3410-94-CryptoPro-C-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_C_ParamSet 834 +#define OBJ_id_GostR3410_94_CryptoPro_C_ParamSet OBJ_cryptopro,32L,4L + +#define SN_id_GostR3410_94_CryptoPro_D_ParamSet "id-GostR3410-94-CryptoPro-D-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_D_ParamSet 835 +#define OBJ_id_GostR3410_94_CryptoPro_D_ParamSet OBJ_cryptopro,32L,5L + +#define SN_id_GostR3410_94_CryptoPro_XchA_ParamSet "id-GostR3410-94-CryptoPro-XchA-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_XchA_ParamSet 836 +#define OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet OBJ_cryptopro,33L,1L + +#define SN_id_GostR3410_94_CryptoPro_XchB_ParamSet "id-GostR3410-94-CryptoPro-XchB-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_XchB_ParamSet 837 +#define OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet OBJ_cryptopro,33L,2L + +#define SN_id_GostR3410_94_CryptoPro_XchC_ParamSet "id-GostR3410-94-CryptoPro-XchC-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_XchC_ParamSet 838 +#define OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet OBJ_cryptopro,33L,3L + +#define SN_id_GostR3410_2001_TestParamSet "id-GostR3410-2001-TestParamSet" +#define NID_id_GostR3410_2001_TestParamSet 839 +#define OBJ_id_GostR3410_2001_TestParamSet OBJ_cryptopro,35L,0L + +#define SN_id_GostR3410_2001_CryptoPro_A_ParamSet "id-GostR3410-2001-CryptoPro-A-ParamSet" +#define NID_id_GostR3410_2001_CryptoPro_A_ParamSet 840 +#define OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet OBJ_cryptopro,35L,1L + +#define SN_id_GostR3410_2001_CryptoPro_B_ParamSet "id-GostR3410-2001-CryptoPro-B-ParamSet" +#define NID_id_GostR3410_2001_CryptoPro_B_ParamSet 841 +#define OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet OBJ_cryptopro,35L,2L + +#define SN_id_GostR3410_2001_CryptoPro_C_ParamSet "id-GostR3410-2001-CryptoPro-C-ParamSet" +#define NID_id_GostR3410_2001_CryptoPro_C_ParamSet 842 +#define OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet OBJ_cryptopro,35L,3L + +#define SN_id_GostR3410_2001_CryptoPro_XchA_ParamSet "id-GostR3410-2001-CryptoPro-XchA-ParamSet" +#define NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet 843 +#define OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet OBJ_cryptopro,36L,0L + +#define SN_id_GostR3410_2001_CryptoPro_XchB_ParamSet "id-GostR3410-2001-CryptoPro-XchB-ParamSet" +#define NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet 844 +#define OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet OBJ_cryptopro,36L,1L + +#define SN_id_GostR3410_94_a "id-GostR3410-94-a" +#define NID_id_GostR3410_94_a 845 +#define OBJ_id_GostR3410_94_a OBJ_id_GostR3410_94,1L + +#define SN_id_GostR3410_94_aBis "id-GostR3410-94-aBis" +#define NID_id_GostR3410_94_aBis 846 +#define OBJ_id_GostR3410_94_aBis OBJ_id_GostR3410_94,2L + +#define SN_id_GostR3410_94_b "id-GostR3410-94-b" +#define NID_id_GostR3410_94_b 847 +#define OBJ_id_GostR3410_94_b OBJ_id_GostR3410_94,3L + +#define SN_id_GostR3410_94_bBis "id-GostR3410-94-bBis" +#define NID_id_GostR3410_94_bBis 848 +#define OBJ_id_GostR3410_94_bBis OBJ_id_GostR3410_94,4L + +#define SN_id_Gost28147_89_cc "id-Gost28147-89-cc" +#define LN_id_Gost28147_89_cc "GOST 28147-89 Cryptocom ParamSet" +#define NID_id_Gost28147_89_cc 849 +#define OBJ_id_Gost28147_89_cc OBJ_cryptocom,1L,6L,1L + +#define SN_id_GostR3410_94_cc "gost94cc" +#define LN_id_GostR3410_94_cc "GOST 34.10-94 Cryptocom" +#define NID_id_GostR3410_94_cc 850 +#define OBJ_id_GostR3410_94_cc OBJ_cryptocom,1L,5L,3L + +#define SN_id_GostR3410_2001_cc "gost2001cc" +#define LN_id_GostR3410_2001_cc "GOST 34.10-2001 Cryptocom" +#define NID_id_GostR3410_2001_cc 851 +#define OBJ_id_GostR3410_2001_cc OBJ_cryptocom,1L,5L,4L + +#define SN_id_GostR3411_94_with_GostR3410_94_cc "id-GostR3411-94-with-GostR3410-94-cc" +#define LN_id_GostR3411_94_with_GostR3410_94_cc "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom" +#define NID_id_GostR3411_94_with_GostR3410_94_cc 852 +#define OBJ_id_GostR3411_94_with_GostR3410_94_cc OBJ_cryptocom,1L,3L,3L + +#define SN_id_GostR3411_94_with_GostR3410_2001_cc "id-GostR3411-94-with-GostR3410-2001-cc" +#define LN_id_GostR3411_94_with_GostR3410_2001_cc "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom" +#define NID_id_GostR3411_94_with_GostR3410_2001_cc 853 +#define OBJ_id_GostR3411_94_with_GostR3410_2001_cc OBJ_cryptocom,1L,3L,4L + +#define SN_id_GostR3410_2001_ParamSet_cc "id-GostR3410-2001-ParamSet-cc" +#define LN_id_GostR3410_2001_ParamSet_cc "GOST R 3410-2001 Parameter Set Cryptocom" +#define NID_id_GostR3410_2001_ParamSet_cc 854 +#define OBJ_id_GostR3410_2001_ParamSet_cc OBJ_cryptocom,1L,8L,1L + +#define SN_id_tc26_algorithms "id-tc26-algorithms" +#define NID_id_tc26_algorithms 977 +#define OBJ_id_tc26_algorithms OBJ_id_tc26,1L + +#define SN_id_tc26_sign "id-tc26-sign" +#define NID_id_tc26_sign 978 +#define OBJ_id_tc26_sign OBJ_id_tc26_algorithms,1L + +#define SN_id_GostR3410_2012_256 "gost2012_256" +#define LN_id_GostR3410_2012_256 "GOST R 34.10-2012 with 256 bit modulus" +#define NID_id_GostR3410_2012_256 979 +#define OBJ_id_GostR3410_2012_256 OBJ_id_tc26_sign,1L + +#define SN_id_GostR3410_2012_512 "gost2012_512" +#define LN_id_GostR3410_2012_512 "GOST R 34.10-2012 with 512 bit modulus" +#define NID_id_GostR3410_2012_512 980 +#define OBJ_id_GostR3410_2012_512 OBJ_id_tc26_sign,2L + +#define SN_id_tc26_digest "id-tc26-digest" +#define NID_id_tc26_digest 981 +#define OBJ_id_tc26_digest OBJ_id_tc26_algorithms,2L + +#define SN_id_GostR3411_2012_256 "md_gost12_256" +#define LN_id_GostR3411_2012_256 "GOST R 34.11-2012 with 256 bit hash" +#define NID_id_GostR3411_2012_256 982 +#define OBJ_id_GostR3411_2012_256 OBJ_id_tc26_digest,2L + +#define SN_id_GostR3411_2012_512 "md_gost12_512" +#define LN_id_GostR3411_2012_512 "GOST R 34.11-2012 with 512 bit hash" +#define NID_id_GostR3411_2012_512 983 +#define OBJ_id_GostR3411_2012_512 OBJ_id_tc26_digest,3L + +#define SN_id_tc26_signwithdigest "id-tc26-signwithdigest" +#define NID_id_tc26_signwithdigest 984 +#define OBJ_id_tc26_signwithdigest OBJ_id_tc26_algorithms,3L + +#define SN_id_tc26_signwithdigest_gost3410_2012_256 "id-tc26-signwithdigest-gost3410-2012-256" +#define LN_id_tc26_signwithdigest_gost3410_2012_256 "GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit)" +#define NID_id_tc26_signwithdigest_gost3410_2012_256 985 +#define OBJ_id_tc26_signwithdigest_gost3410_2012_256 OBJ_id_tc26_signwithdigest,2L + +#define SN_id_tc26_signwithdigest_gost3410_2012_512 "id-tc26-signwithdigest-gost3410-2012-512" +#define LN_id_tc26_signwithdigest_gost3410_2012_512 "GOST R 34.10-2012 with GOST R 34.11-2012 (512 bit)" +#define NID_id_tc26_signwithdigest_gost3410_2012_512 986 +#define OBJ_id_tc26_signwithdigest_gost3410_2012_512 OBJ_id_tc26_signwithdigest,3L + +#define SN_id_tc26_mac "id-tc26-mac" +#define NID_id_tc26_mac 987 +#define OBJ_id_tc26_mac OBJ_id_tc26_algorithms,4L + +#define SN_id_tc26_hmac_gost_3411_2012_256 "id-tc26-hmac-gost-3411-2012-256" +#define LN_id_tc26_hmac_gost_3411_2012_256 "HMAC GOST 34.11-2012 256 bit" +#define NID_id_tc26_hmac_gost_3411_2012_256 988 +#define OBJ_id_tc26_hmac_gost_3411_2012_256 OBJ_id_tc26_mac,1L + +#define SN_id_tc26_hmac_gost_3411_2012_512 "id-tc26-hmac-gost-3411-2012-512" +#define LN_id_tc26_hmac_gost_3411_2012_512 "HMAC GOST 34.11-2012 512 bit" +#define NID_id_tc26_hmac_gost_3411_2012_512 989 +#define OBJ_id_tc26_hmac_gost_3411_2012_512 OBJ_id_tc26_mac,2L + +#define SN_id_tc26_cipher "id-tc26-cipher" +#define NID_id_tc26_cipher 990 +#define OBJ_id_tc26_cipher OBJ_id_tc26_algorithms,5L + +#define SN_id_tc26_cipher_gostr3412_2015_magma "id-tc26-cipher-gostr3412-2015-magma" +#define NID_id_tc26_cipher_gostr3412_2015_magma 1173 +#define OBJ_id_tc26_cipher_gostr3412_2015_magma OBJ_id_tc26_cipher,1L + +#define SN_id_tc26_cipher_gostr3412_2015_magma_ctracpkm "id-tc26-cipher-gostr3412-2015-magma-ctracpkm" +#define NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm 1174 +#define OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm OBJ_id_tc26_cipher_gostr3412_2015_magma,1L + +#define SN_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac "id-tc26-cipher-gostr3412-2015-magma-ctracpkm-omac" +#define NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac 1175 +#define OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac OBJ_id_tc26_cipher_gostr3412_2015_magma,2L + +#define SN_id_tc26_cipher_gostr3412_2015_kuznyechik "id-tc26-cipher-gostr3412-2015-kuznyechik" +#define NID_id_tc26_cipher_gostr3412_2015_kuznyechik 1176 +#define OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik OBJ_id_tc26_cipher,2L + +#define SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm" +#define NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm 1177 +#define OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik,1L + +#define SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm-omac" +#define NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac 1178 +#define OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik,2L + +#define SN_id_tc26_agreement "id-tc26-agreement" +#define NID_id_tc26_agreement 991 +#define OBJ_id_tc26_agreement OBJ_id_tc26_algorithms,6L + +#define SN_id_tc26_agreement_gost_3410_2012_256 "id-tc26-agreement-gost-3410-2012-256" +#define NID_id_tc26_agreement_gost_3410_2012_256 992 +#define OBJ_id_tc26_agreement_gost_3410_2012_256 OBJ_id_tc26_agreement,1L + +#define SN_id_tc26_agreement_gost_3410_2012_512 "id-tc26-agreement-gost-3410-2012-512" +#define NID_id_tc26_agreement_gost_3410_2012_512 993 +#define OBJ_id_tc26_agreement_gost_3410_2012_512 OBJ_id_tc26_agreement,2L + +#define SN_id_tc26_wrap "id-tc26-wrap" +#define NID_id_tc26_wrap 1179 +#define OBJ_id_tc26_wrap OBJ_id_tc26_algorithms,7L + +#define SN_id_tc26_wrap_gostr3412_2015_magma "id-tc26-wrap-gostr3412-2015-magma" +#define NID_id_tc26_wrap_gostr3412_2015_magma 1180 +#define OBJ_id_tc26_wrap_gostr3412_2015_magma OBJ_id_tc26_wrap,1L + +#define SN_id_tc26_wrap_gostr3412_2015_magma_kexp15 "id-tc26-wrap-gostr3412-2015-magma-kexp15" +#define NID_id_tc26_wrap_gostr3412_2015_magma_kexp15 1181 +#define OBJ_id_tc26_wrap_gostr3412_2015_magma_kexp15 OBJ_id_tc26_wrap_gostr3412_2015_magma,1L + +#define SN_id_tc26_wrap_gostr3412_2015_kuznyechik "id-tc26-wrap-gostr3412-2015-kuznyechik" +#define NID_id_tc26_wrap_gostr3412_2015_kuznyechik 1182 +#define OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik OBJ_id_tc26_wrap,2L + +#define SN_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 "id-tc26-wrap-gostr3412-2015-kuznyechik-kexp15" +#define NID_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 1183 +#define OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik,1L + +#define SN_id_tc26_constants "id-tc26-constants" +#define NID_id_tc26_constants 994 +#define OBJ_id_tc26_constants OBJ_id_tc26,2L + +#define SN_id_tc26_sign_constants "id-tc26-sign-constants" +#define NID_id_tc26_sign_constants 995 +#define OBJ_id_tc26_sign_constants OBJ_id_tc26_constants,1L + +#define SN_id_tc26_gost_3410_2012_256_constants "id-tc26-gost-3410-2012-256-constants" +#define NID_id_tc26_gost_3410_2012_256_constants 1147 +#define OBJ_id_tc26_gost_3410_2012_256_constants OBJ_id_tc26_sign_constants,1L + +#define SN_id_tc26_gost_3410_2012_256_paramSetA "id-tc26-gost-3410-2012-256-paramSetA" +#define LN_id_tc26_gost_3410_2012_256_paramSetA "GOST R 34.10-2012 (256 bit) ParamSet A" +#define NID_id_tc26_gost_3410_2012_256_paramSetA 1148 +#define OBJ_id_tc26_gost_3410_2012_256_paramSetA OBJ_id_tc26_gost_3410_2012_256_constants,1L + +#define SN_id_tc26_gost_3410_2012_256_paramSetB "id-tc26-gost-3410-2012-256-paramSetB" +#define LN_id_tc26_gost_3410_2012_256_paramSetB "GOST R 34.10-2012 (256 bit) ParamSet B" +#define NID_id_tc26_gost_3410_2012_256_paramSetB 1184 +#define OBJ_id_tc26_gost_3410_2012_256_paramSetB OBJ_id_tc26_gost_3410_2012_256_constants,2L + +#define SN_id_tc26_gost_3410_2012_256_paramSetC "id-tc26-gost-3410-2012-256-paramSetC" +#define LN_id_tc26_gost_3410_2012_256_paramSetC "GOST R 34.10-2012 (256 bit) ParamSet C" +#define NID_id_tc26_gost_3410_2012_256_paramSetC 1185 +#define OBJ_id_tc26_gost_3410_2012_256_paramSetC OBJ_id_tc26_gost_3410_2012_256_constants,3L + +#define SN_id_tc26_gost_3410_2012_256_paramSetD "id-tc26-gost-3410-2012-256-paramSetD" +#define LN_id_tc26_gost_3410_2012_256_paramSetD "GOST R 34.10-2012 (256 bit) ParamSet D" +#define NID_id_tc26_gost_3410_2012_256_paramSetD 1186 +#define OBJ_id_tc26_gost_3410_2012_256_paramSetD OBJ_id_tc26_gost_3410_2012_256_constants,4L + +#define SN_id_tc26_gost_3410_2012_512_constants "id-tc26-gost-3410-2012-512-constants" +#define NID_id_tc26_gost_3410_2012_512_constants 996 +#define OBJ_id_tc26_gost_3410_2012_512_constants OBJ_id_tc26_sign_constants,2L + +#define SN_id_tc26_gost_3410_2012_512_paramSetTest "id-tc26-gost-3410-2012-512-paramSetTest" +#define LN_id_tc26_gost_3410_2012_512_paramSetTest "GOST R 34.10-2012 (512 bit) testing parameter set" +#define NID_id_tc26_gost_3410_2012_512_paramSetTest 997 +#define OBJ_id_tc26_gost_3410_2012_512_paramSetTest OBJ_id_tc26_gost_3410_2012_512_constants,0L + +#define SN_id_tc26_gost_3410_2012_512_paramSetA "id-tc26-gost-3410-2012-512-paramSetA" +#define LN_id_tc26_gost_3410_2012_512_paramSetA "GOST R 34.10-2012 (512 bit) ParamSet A" +#define NID_id_tc26_gost_3410_2012_512_paramSetA 998 +#define OBJ_id_tc26_gost_3410_2012_512_paramSetA OBJ_id_tc26_gost_3410_2012_512_constants,1L + +#define SN_id_tc26_gost_3410_2012_512_paramSetB "id-tc26-gost-3410-2012-512-paramSetB" +#define LN_id_tc26_gost_3410_2012_512_paramSetB "GOST R 34.10-2012 (512 bit) ParamSet B" +#define NID_id_tc26_gost_3410_2012_512_paramSetB 999 +#define OBJ_id_tc26_gost_3410_2012_512_paramSetB OBJ_id_tc26_gost_3410_2012_512_constants,2L + +#define SN_id_tc26_gost_3410_2012_512_paramSetC "id-tc26-gost-3410-2012-512-paramSetC" +#define LN_id_tc26_gost_3410_2012_512_paramSetC "GOST R 34.10-2012 (512 bit) ParamSet C" +#define NID_id_tc26_gost_3410_2012_512_paramSetC 1149 +#define OBJ_id_tc26_gost_3410_2012_512_paramSetC OBJ_id_tc26_gost_3410_2012_512_constants,3L + +#define SN_id_tc26_digest_constants "id-tc26-digest-constants" +#define NID_id_tc26_digest_constants 1000 +#define OBJ_id_tc26_digest_constants OBJ_id_tc26_constants,2L + +#define SN_id_tc26_cipher_constants "id-tc26-cipher-constants" +#define NID_id_tc26_cipher_constants 1001 +#define OBJ_id_tc26_cipher_constants OBJ_id_tc26_constants,5L + +#define SN_id_tc26_gost_28147_constants "id-tc26-gost-28147-constants" +#define NID_id_tc26_gost_28147_constants 1002 +#define OBJ_id_tc26_gost_28147_constants OBJ_id_tc26_cipher_constants,1L + +#define SN_id_tc26_gost_28147_param_Z "id-tc26-gost-28147-param-Z" +#define LN_id_tc26_gost_28147_param_Z "GOST 28147-89 TC26 parameter set" +#define NID_id_tc26_gost_28147_param_Z 1003 +#define OBJ_id_tc26_gost_28147_param_Z OBJ_id_tc26_gost_28147_constants,1L + +#define SN_INN "INN" +#define LN_INN "INN" +#define NID_INN 1004 +#define OBJ_INN OBJ_member_body,643L,3L,131L,1L,1L + +#define SN_OGRN "OGRN" +#define LN_OGRN "OGRN" +#define NID_OGRN 1005 +#define OBJ_OGRN OBJ_member_body,643L,100L,1L + +#define SN_SNILS "SNILS" +#define LN_SNILS "SNILS" +#define NID_SNILS 1006 +#define OBJ_SNILS OBJ_member_body,643L,100L,3L + +#define SN_subjectSignTool "subjectSignTool" +#define LN_subjectSignTool "Signing Tool of Subject" +#define NID_subjectSignTool 1007 +#define OBJ_subjectSignTool OBJ_member_body,643L,100L,111L + +#define SN_issuerSignTool "issuerSignTool" +#define LN_issuerSignTool "Signing Tool of Issuer" +#define NID_issuerSignTool 1008 +#define OBJ_issuerSignTool OBJ_member_body,643L,100L,112L + +#define SN_grasshopper_ecb "grasshopper-ecb" +#define NID_grasshopper_ecb 1012 + +#define SN_grasshopper_ctr "grasshopper-ctr" +#define NID_grasshopper_ctr 1013 + +#define SN_grasshopper_ofb "grasshopper-ofb" +#define NID_grasshopper_ofb 1014 + +#define SN_grasshopper_cbc "grasshopper-cbc" +#define NID_grasshopper_cbc 1015 + +#define SN_grasshopper_cfb "grasshopper-cfb" +#define NID_grasshopper_cfb 1016 + +#define SN_grasshopper_mac "grasshopper-mac" +#define NID_grasshopper_mac 1017 + +#define SN_magma_ecb "magma-ecb" +#define NID_magma_ecb 1187 + +#define SN_magma_ctr "magma-ctr" +#define NID_magma_ctr 1188 + +#define SN_magma_ofb "magma-ofb" +#define NID_magma_ofb 1189 + +#define SN_magma_cbc "magma-cbc" +#define NID_magma_cbc 1190 + +#define SN_magma_cfb "magma-cfb" +#define NID_magma_cfb 1191 + +#define SN_magma_mac "magma-mac" +#define NID_magma_mac 1192 + +#define SN_camellia_128_cbc "CAMELLIA-128-CBC" +#define LN_camellia_128_cbc "camellia-128-cbc" +#define NID_camellia_128_cbc 751 +#define OBJ_camellia_128_cbc 1L,2L,392L,200011L,61L,1L,1L,1L,2L + +#define SN_camellia_192_cbc "CAMELLIA-192-CBC" +#define LN_camellia_192_cbc "camellia-192-cbc" +#define NID_camellia_192_cbc 752 +#define OBJ_camellia_192_cbc 1L,2L,392L,200011L,61L,1L,1L,1L,3L + +#define SN_camellia_256_cbc "CAMELLIA-256-CBC" +#define LN_camellia_256_cbc "camellia-256-cbc" +#define NID_camellia_256_cbc 753 +#define OBJ_camellia_256_cbc 1L,2L,392L,200011L,61L,1L,1L,1L,4L + +#define SN_id_camellia128_wrap "id-camellia128-wrap" +#define NID_id_camellia128_wrap 907 +#define OBJ_id_camellia128_wrap 1L,2L,392L,200011L,61L,1L,1L,3L,2L + +#define SN_id_camellia192_wrap "id-camellia192-wrap" +#define NID_id_camellia192_wrap 908 +#define OBJ_id_camellia192_wrap 1L,2L,392L,200011L,61L,1L,1L,3L,3L + +#define SN_id_camellia256_wrap "id-camellia256-wrap" +#define NID_id_camellia256_wrap 909 +#define OBJ_id_camellia256_wrap 1L,2L,392L,200011L,61L,1L,1L,3L,4L + +#define OBJ_ntt_ds 0L,3L,4401L,5L + +#define OBJ_camellia OBJ_ntt_ds,3L,1L,9L + +#define SN_camellia_128_ecb "CAMELLIA-128-ECB" +#define LN_camellia_128_ecb "camellia-128-ecb" +#define NID_camellia_128_ecb 754 +#define OBJ_camellia_128_ecb OBJ_camellia,1L + +#define SN_camellia_128_ofb128 "CAMELLIA-128-OFB" +#define LN_camellia_128_ofb128 "camellia-128-ofb" +#define NID_camellia_128_ofb128 766 +#define OBJ_camellia_128_ofb128 OBJ_camellia,3L + +#define SN_camellia_128_cfb128 "CAMELLIA-128-CFB" +#define LN_camellia_128_cfb128 "camellia-128-cfb" +#define NID_camellia_128_cfb128 757 +#define OBJ_camellia_128_cfb128 OBJ_camellia,4L + +#define SN_camellia_128_gcm "CAMELLIA-128-GCM" +#define LN_camellia_128_gcm "camellia-128-gcm" +#define NID_camellia_128_gcm 961 +#define OBJ_camellia_128_gcm OBJ_camellia,6L + +#define SN_camellia_128_ccm "CAMELLIA-128-CCM" +#define LN_camellia_128_ccm "camellia-128-ccm" +#define NID_camellia_128_ccm 962 +#define OBJ_camellia_128_ccm OBJ_camellia,7L + +#define SN_camellia_128_ctr "CAMELLIA-128-CTR" +#define LN_camellia_128_ctr "camellia-128-ctr" +#define NID_camellia_128_ctr 963 +#define OBJ_camellia_128_ctr OBJ_camellia,9L + +#define SN_camellia_128_cmac "CAMELLIA-128-CMAC" +#define LN_camellia_128_cmac "camellia-128-cmac" +#define NID_camellia_128_cmac 964 +#define OBJ_camellia_128_cmac OBJ_camellia,10L + +#define SN_camellia_192_ecb "CAMELLIA-192-ECB" +#define LN_camellia_192_ecb "camellia-192-ecb" +#define NID_camellia_192_ecb 755 +#define OBJ_camellia_192_ecb OBJ_camellia,21L + +#define SN_camellia_192_ofb128 "CAMELLIA-192-OFB" +#define LN_camellia_192_ofb128 "camellia-192-ofb" +#define NID_camellia_192_ofb128 767 +#define OBJ_camellia_192_ofb128 OBJ_camellia,23L + +#define SN_camellia_192_cfb128 "CAMELLIA-192-CFB" +#define LN_camellia_192_cfb128 "camellia-192-cfb" +#define NID_camellia_192_cfb128 758 +#define OBJ_camellia_192_cfb128 OBJ_camellia,24L + +#define SN_camellia_192_gcm "CAMELLIA-192-GCM" +#define LN_camellia_192_gcm "camellia-192-gcm" +#define NID_camellia_192_gcm 965 +#define OBJ_camellia_192_gcm OBJ_camellia,26L + +#define SN_camellia_192_ccm "CAMELLIA-192-CCM" +#define LN_camellia_192_ccm "camellia-192-ccm" +#define NID_camellia_192_ccm 966 +#define OBJ_camellia_192_ccm OBJ_camellia,27L + +#define SN_camellia_192_ctr "CAMELLIA-192-CTR" +#define LN_camellia_192_ctr "camellia-192-ctr" +#define NID_camellia_192_ctr 967 +#define OBJ_camellia_192_ctr OBJ_camellia,29L + +#define SN_camellia_192_cmac "CAMELLIA-192-CMAC" +#define LN_camellia_192_cmac "camellia-192-cmac" +#define NID_camellia_192_cmac 968 +#define OBJ_camellia_192_cmac OBJ_camellia,30L + +#define SN_camellia_256_ecb "CAMELLIA-256-ECB" +#define LN_camellia_256_ecb "camellia-256-ecb" +#define NID_camellia_256_ecb 756 +#define OBJ_camellia_256_ecb OBJ_camellia,41L + +#define SN_camellia_256_ofb128 "CAMELLIA-256-OFB" +#define LN_camellia_256_ofb128 "camellia-256-ofb" +#define NID_camellia_256_ofb128 768 +#define OBJ_camellia_256_ofb128 OBJ_camellia,43L + +#define SN_camellia_256_cfb128 "CAMELLIA-256-CFB" +#define LN_camellia_256_cfb128 "camellia-256-cfb" +#define NID_camellia_256_cfb128 759 +#define OBJ_camellia_256_cfb128 OBJ_camellia,44L + +#define SN_camellia_256_gcm "CAMELLIA-256-GCM" +#define LN_camellia_256_gcm "camellia-256-gcm" +#define NID_camellia_256_gcm 969 +#define OBJ_camellia_256_gcm OBJ_camellia,46L + +#define SN_camellia_256_ccm "CAMELLIA-256-CCM" +#define LN_camellia_256_ccm "camellia-256-ccm" +#define NID_camellia_256_ccm 970 +#define OBJ_camellia_256_ccm OBJ_camellia,47L + +#define SN_camellia_256_ctr "CAMELLIA-256-CTR" +#define LN_camellia_256_ctr "camellia-256-ctr" +#define NID_camellia_256_ctr 971 +#define OBJ_camellia_256_ctr OBJ_camellia,49L + +#define SN_camellia_256_cmac "CAMELLIA-256-CMAC" +#define LN_camellia_256_cmac "camellia-256-cmac" +#define NID_camellia_256_cmac 972 +#define OBJ_camellia_256_cmac OBJ_camellia,50L + +#define SN_camellia_128_cfb1 "CAMELLIA-128-CFB1" +#define LN_camellia_128_cfb1 "camellia-128-cfb1" +#define NID_camellia_128_cfb1 760 + +#define SN_camellia_192_cfb1 "CAMELLIA-192-CFB1" +#define LN_camellia_192_cfb1 "camellia-192-cfb1" +#define NID_camellia_192_cfb1 761 + +#define SN_camellia_256_cfb1 "CAMELLIA-256-CFB1" +#define LN_camellia_256_cfb1 "camellia-256-cfb1" +#define NID_camellia_256_cfb1 762 + +#define SN_camellia_128_cfb8 "CAMELLIA-128-CFB8" +#define LN_camellia_128_cfb8 "camellia-128-cfb8" +#define NID_camellia_128_cfb8 763 + +#define SN_camellia_192_cfb8 "CAMELLIA-192-CFB8" +#define LN_camellia_192_cfb8 "camellia-192-cfb8" +#define NID_camellia_192_cfb8 764 + +#define SN_camellia_256_cfb8 "CAMELLIA-256-CFB8" +#define LN_camellia_256_cfb8 "camellia-256-cfb8" +#define NID_camellia_256_cfb8 765 + +#define OBJ_aria 1L,2L,410L,200046L,1L,1L + +#define SN_aria_128_ecb "ARIA-128-ECB" +#define LN_aria_128_ecb "aria-128-ecb" +#define NID_aria_128_ecb 1065 +#define OBJ_aria_128_ecb OBJ_aria,1L + +#define SN_aria_128_cbc "ARIA-128-CBC" +#define LN_aria_128_cbc "aria-128-cbc" +#define NID_aria_128_cbc 1066 +#define OBJ_aria_128_cbc OBJ_aria,2L + +#define SN_aria_128_cfb128 "ARIA-128-CFB" +#define LN_aria_128_cfb128 "aria-128-cfb" +#define NID_aria_128_cfb128 1067 +#define OBJ_aria_128_cfb128 OBJ_aria,3L + +#define SN_aria_128_ofb128 "ARIA-128-OFB" +#define LN_aria_128_ofb128 "aria-128-ofb" +#define NID_aria_128_ofb128 1068 +#define OBJ_aria_128_ofb128 OBJ_aria,4L + +#define SN_aria_128_ctr "ARIA-128-CTR" +#define LN_aria_128_ctr "aria-128-ctr" +#define NID_aria_128_ctr 1069 +#define OBJ_aria_128_ctr OBJ_aria,5L + +#define SN_aria_192_ecb "ARIA-192-ECB" +#define LN_aria_192_ecb "aria-192-ecb" +#define NID_aria_192_ecb 1070 +#define OBJ_aria_192_ecb OBJ_aria,6L + +#define SN_aria_192_cbc "ARIA-192-CBC" +#define LN_aria_192_cbc "aria-192-cbc" +#define NID_aria_192_cbc 1071 +#define OBJ_aria_192_cbc OBJ_aria,7L + +#define SN_aria_192_cfb128 "ARIA-192-CFB" +#define LN_aria_192_cfb128 "aria-192-cfb" +#define NID_aria_192_cfb128 1072 +#define OBJ_aria_192_cfb128 OBJ_aria,8L + +#define SN_aria_192_ofb128 "ARIA-192-OFB" +#define LN_aria_192_ofb128 "aria-192-ofb" +#define NID_aria_192_ofb128 1073 +#define OBJ_aria_192_ofb128 OBJ_aria,9L + +#define SN_aria_192_ctr "ARIA-192-CTR" +#define LN_aria_192_ctr "aria-192-ctr" +#define NID_aria_192_ctr 1074 +#define OBJ_aria_192_ctr OBJ_aria,10L + +#define SN_aria_256_ecb "ARIA-256-ECB" +#define LN_aria_256_ecb "aria-256-ecb" +#define NID_aria_256_ecb 1075 +#define OBJ_aria_256_ecb OBJ_aria,11L + +#define SN_aria_256_cbc "ARIA-256-CBC" +#define LN_aria_256_cbc "aria-256-cbc" +#define NID_aria_256_cbc 1076 +#define OBJ_aria_256_cbc OBJ_aria,12L + +#define SN_aria_256_cfb128 "ARIA-256-CFB" +#define LN_aria_256_cfb128 "aria-256-cfb" +#define NID_aria_256_cfb128 1077 +#define OBJ_aria_256_cfb128 OBJ_aria,13L + +#define SN_aria_256_ofb128 "ARIA-256-OFB" +#define LN_aria_256_ofb128 "aria-256-ofb" +#define NID_aria_256_ofb128 1078 +#define OBJ_aria_256_ofb128 OBJ_aria,14L + +#define SN_aria_256_ctr "ARIA-256-CTR" +#define LN_aria_256_ctr "aria-256-ctr" +#define NID_aria_256_ctr 1079 +#define OBJ_aria_256_ctr OBJ_aria,15L + +#define SN_aria_128_cfb1 "ARIA-128-CFB1" +#define LN_aria_128_cfb1 "aria-128-cfb1" +#define NID_aria_128_cfb1 1080 + +#define SN_aria_192_cfb1 "ARIA-192-CFB1" +#define LN_aria_192_cfb1 "aria-192-cfb1" +#define NID_aria_192_cfb1 1081 + +#define SN_aria_256_cfb1 "ARIA-256-CFB1" +#define LN_aria_256_cfb1 "aria-256-cfb1" +#define NID_aria_256_cfb1 1082 + +#define SN_aria_128_cfb8 "ARIA-128-CFB8" +#define LN_aria_128_cfb8 "aria-128-cfb8" +#define NID_aria_128_cfb8 1083 + +#define SN_aria_192_cfb8 "ARIA-192-CFB8" +#define LN_aria_192_cfb8 "aria-192-cfb8" +#define NID_aria_192_cfb8 1084 + +#define SN_aria_256_cfb8 "ARIA-256-CFB8" +#define LN_aria_256_cfb8 "aria-256-cfb8" +#define NID_aria_256_cfb8 1085 + +#define SN_aria_128_ccm "ARIA-128-CCM" +#define LN_aria_128_ccm "aria-128-ccm" +#define NID_aria_128_ccm 1120 +#define OBJ_aria_128_ccm OBJ_aria,37L + +#define SN_aria_192_ccm "ARIA-192-CCM" +#define LN_aria_192_ccm "aria-192-ccm" +#define NID_aria_192_ccm 1121 +#define OBJ_aria_192_ccm OBJ_aria,38L + +#define SN_aria_256_ccm "ARIA-256-CCM" +#define LN_aria_256_ccm "aria-256-ccm" +#define NID_aria_256_ccm 1122 +#define OBJ_aria_256_ccm OBJ_aria,39L + +#define SN_aria_128_gcm "ARIA-128-GCM" +#define LN_aria_128_gcm "aria-128-gcm" +#define NID_aria_128_gcm 1123 +#define OBJ_aria_128_gcm OBJ_aria,34L + +#define SN_aria_192_gcm "ARIA-192-GCM" +#define LN_aria_192_gcm "aria-192-gcm" +#define NID_aria_192_gcm 1124 +#define OBJ_aria_192_gcm OBJ_aria,35L + +#define SN_aria_256_gcm "ARIA-256-GCM" +#define LN_aria_256_gcm "aria-256-gcm" +#define NID_aria_256_gcm 1125 +#define OBJ_aria_256_gcm OBJ_aria,36L + +#define SN_kisa "KISA" +#define LN_kisa "kisa" +#define NID_kisa 773 +#define OBJ_kisa OBJ_member_body,410L,200004L + +#define SN_seed_ecb "SEED-ECB" +#define LN_seed_ecb "seed-ecb" +#define NID_seed_ecb 776 +#define OBJ_seed_ecb OBJ_kisa,1L,3L + +#define SN_seed_cbc "SEED-CBC" +#define LN_seed_cbc "seed-cbc" +#define NID_seed_cbc 777 +#define OBJ_seed_cbc OBJ_kisa,1L,4L + +#define SN_seed_cfb128 "SEED-CFB" +#define LN_seed_cfb128 "seed-cfb" +#define NID_seed_cfb128 779 +#define OBJ_seed_cfb128 OBJ_kisa,1L,5L + +#define SN_seed_ofb128 "SEED-OFB" +#define LN_seed_ofb128 "seed-ofb" +#define NID_seed_ofb128 778 +#define OBJ_seed_ofb128 OBJ_kisa,1L,6L + +#define SN_sm4_ecb "SM4-ECB" +#define LN_sm4_ecb "sm4-ecb" +#define NID_sm4_ecb 1133 +#define OBJ_sm4_ecb OBJ_sm_scheme,104L,1L + +#define SN_sm4_cbc "SM4-CBC" +#define LN_sm4_cbc "sm4-cbc" +#define NID_sm4_cbc 1134 +#define OBJ_sm4_cbc OBJ_sm_scheme,104L,2L + +#define SN_sm4_ofb128 "SM4-OFB" +#define LN_sm4_ofb128 "sm4-ofb" +#define NID_sm4_ofb128 1135 +#define OBJ_sm4_ofb128 OBJ_sm_scheme,104L,3L + +#define SN_sm4_cfb128 "SM4-CFB" +#define LN_sm4_cfb128 "sm4-cfb" +#define NID_sm4_cfb128 1137 +#define OBJ_sm4_cfb128 OBJ_sm_scheme,104L,4L + +#define SN_sm4_cfb1 "SM4-CFB1" +#define LN_sm4_cfb1 "sm4-cfb1" +#define NID_sm4_cfb1 1136 +#define OBJ_sm4_cfb1 OBJ_sm_scheme,104L,5L + +#define SN_sm4_cfb8 "SM4-CFB8" +#define LN_sm4_cfb8 "sm4-cfb8" +#define NID_sm4_cfb8 1138 +#define OBJ_sm4_cfb8 OBJ_sm_scheme,104L,6L + +#define SN_sm4_ctr "SM4-CTR" +#define LN_sm4_ctr "sm4-ctr" +#define NID_sm4_ctr 1139 +#define OBJ_sm4_ctr OBJ_sm_scheme,104L,7L + +#define SN_hmac "HMAC" +#define LN_hmac "hmac" +#define NID_hmac 855 + +#define SN_cmac "CMAC" +#define LN_cmac "cmac" +#define NID_cmac 894 + +#define SN_rc4_hmac_md5 "RC4-HMAC-MD5" +#define LN_rc4_hmac_md5 "rc4-hmac-md5" +#define NID_rc4_hmac_md5 915 + +#define SN_aes_128_cbc_hmac_sha1 "AES-128-CBC-HMAC-SHA1" +#define LN_aes_128_cbc_hmac_sha1 "aes-128-cbc-hmac-sha1" +#define NID_aes_128_cbc_hmac_sha1 916 + +#define SN_aes_192_cbc_hmac_sha1 "AES-192-CBC-HMAC-SHA1" +#define LN_aes_192_cbc_hmac_sha1 "aes-192-cbc-hmac-sha1" +#define NID_aes_192_cbc_hmac_sha1 917 + +#define SN_aes_256_cbc_hmac_sha1 "AES-256-CBC-HMAC-SHA1" +#define LN_aes_256_cbc_hmac_sha1 "aes-256-cbc-hmac-sha1" +#define NID_aes_256_cbc_hmac_sha1 918 + +#define SN_aes_128_cbc_hmac_sha256 "AES-128-CBC-HMAC-SHA256" +#define LN_aes_128_cbc_hmac_sha256 "aes-128-cbc-hmac-sha256" +#define NID_aes_128_cbc_hmac_sha256 948 + +#define SN_aes_192_cbc_hmac_sha256 "AES-192-CBC-HMAC-SHA256" +#define LN_aes_192_cbc_hmac_sha256 "aes-192-cbc-hmac-sha256" +#define NID_aes_192_cbc_hmac_sha256 949 + +#define SN_aes_256_cbc_hmac_sha256 "AES-256-CBC-HMAC-SHA256" +#define LN_aes_256_cbc_hmac_sha256 "aes-256-cbc-hmac-sha256" +#define NID_aes_256_cbc_hmac_sha256 950 + +#define SN_chacha20_poly1305 "ChaCha20-Poly1305" +#define LN_chacha20_poly1305 "chacha20-poly1305" +#define NID_chacha20_poly1305 1018 + +#define SN_chacha20 "ChaCha20" +#define LN_chacha20 "chacha20" +#define NID_chacha20 1019 + +#define SN_dhpublicnumber "dhpublicnumber" +#define LN_dhpublicnumber "X9.42 DH" +#define NID_dhpublicnumber 920 +#define OBJ_dhpublicnumber OBJ_ISO_US,10046L,2L,1L + +#define SN_brainpoolP160r1 "brainpoolP160r1" +#define NID_brainpoolP160r1 921 +#define OBJ_brainpoolP160r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,1L + +#define SN_brainpoolP160t1 "brainpoolP160t1" +#define NID_brainpoolP160t1 922 +#define OBJ_brainpoolP160t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,2L + +#define SN_brainpoolP192r1 "brainpoolP192r1" +#define NID_brainpoolP192r1 923 +#define OBJ_brainpoolP192r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,3L + +#define SN_brainpoolP192t1 "brainpoolP192t1" +#define NID_brainpoolP192t1 924 +#define OBJ_brainpoolP192t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,4L + +#define SN_brainpoolP224r1 "brainpoolP224r1" +#define NID_brainpoolP224r1 925 +#define OBJ_brainpoolP224r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,5L + +#define SN_brainpoolP224t1 "brainpoolP224t1" +#define NID_brainpoolP224t1 926 +#define OBJ_brainpoolP224t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,6L + +#define SN_brainpoolP256r1 "brainpoolP256r1" +#define NID_brainpoolP256r1 927 +#define OBJ_brainpoolP256r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,7L + +#define SN_brainpoolP256t1 "brainpoolP256t1" +#define NID_brainpoolP256t1 928 +#define OBJ_brainpoolP256t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,8L + +#define SN_brainpoolP320r1 "brainpoolP320r1" +#define NID_brainpoolP320r1 929 +#define OBJ_brainpoolP320r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,9L + +#define SN_brainpoolP320t1 "brainpoolP320t1" +#define NID_brainpoolP320t1 930 +#define OBJ_brainpoolP320t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,10L + +#define SN_brainpoolP384r1 "brainpoolP384r1" +#define NID_brainpoolP384r1 931 +#define OBJ_brainpoolP384r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,11L + +#define SN_brainpoolP384t1 "brainpoolP384t1" +#define NID_brainpoolP384t1 932 +#define OBJ_brainpoolP384t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,12L + +#define SN_brainpoolP512r1 "brainpoolP512r1" +#define NID_brainpoolP512r1 933 +#define OBJ_brainpoolP512r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,13L + +#define SN_brainpoolP512t1 "brainpoolP512t1" +#define NID_brainpoolP512t1 934 +#define OBJ_brainpoolP512t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,14L + +#define OBJ_x9_63_scheme 1L,3L,133L,16L,840L,63L,0L + +#define OBJ_secg_scheme OBJ_certicom_arc,1L + +#define SN_dhSinglePass_stdDH_sha1kdf_scheme "dhSinglePass-stdDH-sha1kdf-scheme" +#define NID_dhSinglePass_stdDH_sha1kdf_scheme 936 +#define OBJ_dhSinglePass_stdDH_sha1kdf_scheme OBJ_x9_63_scheme,2L + +#define SN_dhSinglePass_stdDH_sha224kdf_scheme "dhSinglePass-stdDH-sha224kdf-scheme" +#define NID_dhSinglePass_stdDH_sha224kdf_scheme 937 +#define OBJ_dhSinglePass_stdDH_sha224kdf_scheme OBJ_secg_scheme,11L,0L + +#define SN_dhSinglePass_stdDH_sha256kdf_scheme "dhSinglePass-stdDH-sha256kdf-scheme" +#define NID_dhSinglePass_stdDH_sha256kdf_scheme 938 +#define OBJ_dhSinglePass_stdDH_sha256kdf_scheme OBJ_secg_scheme,11L,1L + +#define SN_dhSinglePass_stdDH_sha384kdf_scheme "dhSinglePass-stdDH-sha384kdf-scheme" +#define NID_dhSinglePass_stdDH_sha384kdf_scheme 939 +#define OBJ_dhSinglePass_stdDH_sha384kdf_scheme OBJ_secg_scheme,11L,2L + +#define SN_dhSinglePass_stdDH_sha512kdf_scheme "dhSinglePass-stdDH-sha512kdf-scheme" +#define NID_dhSinglePass_stdDH_sha512kdf_scheme 940 +#define OBJ_dhSinglePass_stdDH_sha512kdf_scheme OBJ_secg_scheme,11L,3L + +#define SN_dhSinglePass_cofactorDH_sha1kdf_scheme "dhSinglePass-cofactorDH-sha1kdf-scheme" +#define NID_dhSinglePass_cofactorDH_sha1kdf_scheme 941 +#define OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme OBJ_x9_63_scheme,3L + +#define SN_dhSinglePass_cofactorDH_sha224kdf_scheme "dhSinglePass-cofactorDH-sha224kdf-scheme" +#define NID_dhSinglePass_cofactorDH_sha224kdf_scheme 942 +#define OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme OBJ_secg_scheme,14L,0L + +#define SN_dhSinglePass_cofactorDH_sha256kdf_scheme "dhSinglePass-cofactorDH-sha256kdf-scheme" +#define NID_dhSinglePass_cofactorDH_sha256kdf_scheme 943 +#define OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme OBJ_secg_scheme,14L,1L + +#define SN_dhSinglePass_cofactorDH_sha384kdf_scheme "dhSinglePass-cofactorDH-sha384kdf-scheme" +#define NID_dhSinglePass_cofactorDH_sha384kdf_scheme 944 +#define OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme OBJ_secg_scheme,14L,2L + +#define SN_dhSinglePass_cofactorDH_sha512kdf_scheme "dhSinglePass-cofactorDH-sha512kdf-scheme" +#define NID_dhSinglePass_cofactorDH_sha512kdf_scheme 945 +#define OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme OBJ_secg_scheme,14L,3L + +#define SN_dh_std_kdf "dh-std-kdf" +#define NID_dh_std_kdf 946 + +#define SN_dh_cofactor_kdf "dh-cofactor-kdf" +#define NID_dh_cofactor_kdf 947 + +#define SN_ct_precert_scts "ct_precert_scts" +#define LN_ct_precert_scts "CT Precertificate SCTs" +#define NID_ct_precert_scts 951 +#define OBJ_ct_precert_scts 1L,3L,6L,1L,4L,1L,11129L,2L,4L,2L + +#define SN_ct_precert_poison "ct_precert_poison" +#define LN_ct_precert_poison "CT Precertificate Poison" +#define NID_ct_precert_poison 952 +#define OBJ_ct_precert_poison 1L,3L,6L,1L,4L,1L,11129L,2L,4L,3L + +#define SN_ct_precert_signer "ct_precert_signer" +#define LN_ct_precert_signer "CT Precertificate Signer" +#define NID_ct_precert_signer 953 +#define OBJ_ct_precert_signer 1L,3L,6L,1L,4L,1L,11129L,2L,4L,4L + +#define SN_ct_cert_scts "ct_cert_scts" +#define LN_ct_cert_scts "CT Certificate SCTs" +#define NID_ct_cert_scts 954 +#define OBJ_ct_cert_scts 1L,3L,6L,1L,4L,1L,11129L,2L,4L,5L + +#define SN_jurisdictionLocalityName "jurisdictionL" +#define LN_jurisdictionLocalityName "jurisdictionLocalityName" +#define NID_jurisdictionLocalityName 955 +#define OBJ_jurisdictionLocalityName 1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,1L + +#define SN_jurisdictionStateOrProvinceName "jurisdictionST" +#define LN_jurisdictionStateOrProvinceName "jurisdictionStateOrProvinceName" +#define NID_jurisdictionStateOrProvinceName 956 +#define OBJ_jurisdictionStateOrProvinceName 1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,2L + +#define SN_jurisdictionCountryName "jurisdictionC" +#define LN_jurisdictionCountryName "jurisdictionCountryName" +#define NID_jurisdictionCountryName 957 +#define OBJ_jurisdictionCountryName 1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,3L + +#define SN_id_scrypt "id-scrypt" +#define LN_id_scrypt "scrypt" +#define NID_id_scrypt 973 +#define OBJ_id_scrypt 1L,3L,6L,1L,4L,1L,11591L,4L,11L + +#define SN_tls1_prf "TLS1-PRF" +#define LN_tls1_prf "tls1-prf" +#define NID_tls1_prf 1021 + +#define SN_hkdf "HKDF" +#define LN_hkdf "hkdf" +#define NID_hkdf 1036 + +#define SN_sshkdf "SSHKDF" +#define LN_sshkdf "sshkdf" +#define NID_sshkdf 1203 + +#define SN_sskdf "SSKDF" +#define LN_sskdf "sskdf" +#define NID_sskdf 1205 + +#define SN_x942kdf "X942KDF" +#define LN_x942kdf "x942kdf" +#define NID_x942kdf 1207 + +#define SN_x963kdf "X963KDF" +#define LN_x963kdf "x963kdf" +#define NID_x963kdf 1206 + +#define SN_id_pkinit "id-pkinit" +#define NID_id_pkinit 1031 +#define OBJ_id_pkinit 1L,3L,6L,1L,5L,2L,3L + +#define SN_pkInitClientAuth "pkInitClientAuth" +#define LN_pkInitClientAuth "PKINIT Client Auth" +#define NID_pkInitClientAuth 1032 +#define OBJ_pkInitClientAuth OBJ_id_pkinit,4L + +#define SN_pkInitKDC "pkInitKDC" +#define LN_pkInitKDC "Signing KDC Response" +#define NID_pkInitKDC 1033 +#define OBJ_pkInitKDC OBJ_id_pkinit,5L + +#define SN_X25519 "X25519" +#define NID_X25519 1034 +#define OBJ_X25519 1L,3L,101L,110L + +#define SN_X448 "X448" +#define NID_X448 1035 +#define OBJ_X448 1L,3L,101L,111L + +#define SN_ED25519 "ED25519" +#define NID_ED25519 1087 +#define OBJ_ED25519 1L,3L,101L,112L + +#define SN_ED448 "ED448" +#define NID_ED448 1088 +#define OBJ_ED448 1L,3L,101L,113L + +#define SN_kx_rsa "KxRSA" +#define LN_kx_rsa "kx-rsa" +#define NID_kx_rsa 1037 + +#define SN_kx_ecdhe "KxECDHE" +#define LN_kx_ecdhe "kx-ecdhe" +#define NID_kx_ecdhe 1038 + +#define SN_kx_dhe "KxDHE" +#define LN_kx_dhe "kx-dhe" +#define NID_kx_dhe 1039 + +#define SN_kx_ecdhe_psk "KxECDHE-PSK" +#define LN_kx_ecdhe_psk "kx-ecdhe-psk" +#define NID_kx_ecdhe_psk 1040 + +#define SN_kx_dhe_psk "KxDHE-PSK" +#define LN_kx_dhe_psk "kx-dhe-psk" +#define NID_kx_dhe_psk 1041 + +#define SN_kx_rsa_psk "KxRSA_PSK" +#define LN_kx_rsa_psk "kx-rsa-psk" +#define NID_kx_rsa_psk 1042 + +#define SN_kx_psk "KxPSK" +#define LN_kx_psk "kx-psk" +#define NID_kx_psk 1043 + +#define SN_kx_srp "KxSRP" +#define LN_kx_srp "kx-srp" +#define NID_kx_srp 1044 + +#define SN_kx_gost "KxGOST" +#define LN_kx_gost "kx-gost" +#define NID_kx_gost 1045 + +#define SN_kx_any "KxANY" +#define LN_kx_any "kx-any" +#define NID_kx_any 1063 + +#define SN_auth_rsa "AuthRSA" +#define LN_auth_rsa "auth-rsa" +#define NID_auth_rsa 1046 + +#define SN_auth_ecdsa "AuthECDSA" +#define LN_auth_ecdsa "auth-ecdsa" +#define NID_auth_ecdsa 1047 + +#define SN_auth_psk "AuthPSK" +#define LN_auth_psk "auth-psk" +#define NID_auth_psk 1048 + +#define SN_auth_dss "AuthDSS" +#define LN_auth_dss "auth-dss" +#define NID_auth_dss 1049 + +#define SN_auth_gost01 "AuthGOST01" +#define LN_auth_gost01 "auth-gost01" +#define NID_auth_gost01 1050 + +#define SN_auth_gost12 "AuthGOST12" +#define LN_auth_gost12 "auth-gost12" +#define NID_auth_gost12 1051 + +#define SN_auth_srp "AuthSRP" +#define LN_auth_srp "auth-srp" +#define NID_auth_srp 1052 + +#define SN_auth_null "AuthNULL" +#define LN_auth_null "auth-null" +#define NID_auth_null 1053 + +#define SN_auth_any "AuthANY" +#define LN_auth_any "auth-any" +#define NID_auth_any 1064 + +#define SN_poly1305 "Poly1305" +#define LN_poly1305 "poly1305" +#define NID_poly1305 1061 + +#define SN_siphash "SipHash" +#define LN_siphash "siphash" +#define NID_siphash 1062 + +#define SN_ffdhe2048 "ffdhe2048" +#define NID_ffdhe2048 1126 + +#define SN_ffdhe3072 "ffdhe3072" +#define NID_ffdhe3072 1127 + +#define SN_ffdhe4096 "ffdhe4096" +#define NID_ffdhe4096 1128 + +#define SN_ffdhe6144 "ffdhe6144" +#define NID_ffdhe6144 1129 + +#define SN_ffdhe8192 "ffdhe8192" +#define NID_ffdhe8192 1130 + +#define SN_modp_1536 "modp_1536" +#define NID_modp_1536 1212 + +#define SN_modp_2048 "modp_2048" +#define NID_modp_2048 1213 + +#define SN_modp_3072 "modp_3072" +#define NID_modp_3072 1214 + +#define SN_modp_4096 "modp_4096" +#define NID_modp_4096 1215 + +#define SN_modp_6144 "modp_6144" +#define NID_modp_6144 1216 + +#define SN_modp_8192 "modp_8192" +#define NID_modp_8192 1217 + +#define SN_ISO_UA "ISO-UA" +#define NID_ISO_UA 1150 +#define OBJ_ISO_UA OBJ_member_body,804L + +#define SN_ua_pki "ua-pki" +#define NID_ua_pki 1151 +#define OBJ_ua_pki OBJ_ISO_UA,2L,1L,1L,1L + +#define SN_dstu28147 "dstu28147" +#define LN_dstu28147 "DSTU Gost 28147-2009" +#define NID_dstu28147 1152 +#define OBJ_dstu28147 OBJ_ua_pki,1L,1L,1L + +#define SN_dstu28147_ofb "dstu28147-ofb" +#define LN_dstu28147_ofb "DSTU Gost 28147-2009 OFB mode" +#define NID_dstu28147_ofb 1153 +#define OBJ_dstu28147_ofb OBJ_dstu28147,2L + +#define SN_dstu28147_cfb "dstu28147-cfb" +#define LN_dstu28147_cfb "DSTU Gost 28147-2009 CFB mode" +#define NID_dstu28147_cfb 1154 +#define OBJ_dstu28147_cfb OBJ_dstu28147,3L + +#define SN_dstu28147_wrap "dstu28147-wrap" +#define LN_dstu28147_wrap "DSTU Gost 28147-2009 key wrap" +#define NID_dstu28147_wrap 1155 +#define OBJ_dstu28147_wrap OBJ_dstu28147,5L + +#define SN_hmacWithDstu34311 "hmacWithDstu34311" +#define LN_hmacWithDstu34311 "HMAC DSTU Gost 34311-95" +#define NID_hmacWithDstu34311 1156 +#define OBJ_hmacWithDstu34311 OBJ_ua_pki,1L,1L,2L + +#define SN_dstu34311 "dstu34311" +#define LN_dstu34311 "DSTU Gost 34311-95" +#define NID_dstu34311 1157 +#define OBJ_dstu34311 OBJ_ua_pki,1L,2L,1L + +#define SN_dstu4145le "dstu4145le" +#define LN_dstu4145le "DSTU 4145-2002 little endian" +#define NID_dstu4145le 1158 +#define OBJ_dstu4145le OBJ_ua_pki,1L,3L,1L,1L + +#define SN_dstu4145be "dstu4145be" +#define LN_dstu4145be "DSTU 4145-2002 big endian" +#define NID_dstu4145be 1159 +#define OBJ_dstu4145be OBJ_dstu4145le,1L,1L + +#define SN_uacurve0 "uacurve0" +#define LN_uacurve0 "DSTU curve 0" +#define NID_uacurve0 1160 +#define OBJ_uacurve0 OBJ_dstu4145le,2L,0L + +#define SN_uacurve1 "uacurve1" +#define LN_uacurve1 "DSTU curve 1" +#define NID_uacurve1 1161 +#define OBJ_uacurve1 OBJ_dstu4145le,2L,1L + +#define SN_uacurve2 "uacurve2" +#define LN_uacurve2 "DSTU curve 2" +#define NID_uacurve2 1162 +#define OBJ_uacurve2 OBJ_dstu4145le,2L,2L + +#define SN_uacurve3 "uacurve3" +#define LN_uacurve3 "DSTU curve 3" +#define NID_uacurve3 1163 +#define OBJ_uacurve3 OBJ_dstu4145le,2L,3L + +#define SN_uacurve4 "uacurve4" +#define LN_uacurve4 "DSTU curve 4" +#define NID_uacurve4 1164 +#define OBJ_uacurve4 OBJ_dstu4145le,2L,4L + +#define SN_uacurve5 "uacurve5" +#define LN_uacurve5 "DSTU curve 5" +#define NID_uacurve5 1165 +#define OBJ_uacurve5 OBJ_dstu4145le,2L,5L + +#define SN_uacurve6 "uacurve6" +#define LN_uacurve6 "DSTU curve 6" +#define NID_uacurve6 1166 +#define OBJ_uacurve6 OBJ_dstu4145le,2L,6L + +#define SN_uacurve7 "uacurve7" +#define LN_uacurve7 "DSTU curve 7" +#define NID_uacurve7 1167 +#define OBJ_uacurve7 OBJ_dstu4145le,2L,7L + +#define SN_uacurve8 "uacurve8" +#define LN_uacurve8 "DSTU curve 8" +#define NID_uacurve8 1168 +#define OBJ_uacurve8 OBJ_dstu4145le,2L,8L + +#define SN_uacurve9 "uacurve9" +#define LN_uacurve9 "DSTU curve 9" +#define NID_uacurve9 1169 +#define OBJ_uacurve9 OBJ_dstu4145le,2L,9L + +#define SN_aes_128_siv "AES-128-SIV" +#define LN_aes_128_siv "aes-128-siv" +#define NID_aes_128_siv 1198 + +#define SN_aes_192_siv "AES-192-SIV" +#define LN_aes_192_siv "aes-192-siv" +#define NID_aes_192_siv 1199 + +#define SN_aes_256_siv "AES-256-SIV" +#define LN_aes_256_siv "aes-256-siv" +#define NID_aes_256_siv 1200 diff --git a/linux_amd64/include/openssl/objects.h b/linux_amd64/include/openssl/objects.h new file mode 100644 index 0000000..9ea91c2 --- /dev/null +++ b/linux_amd64/include/openssl/objects.h @@ -0,0 +1,183 @@ +/* + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_OBJECTS_H +# define OPENSSL_OBJECTS_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_OBJECTS_H +# endif + +# include +# include +# include +# include + +# define OBJ_NAME_TYPE_UNDEF 0x00 +# define OBJ_NAME_TYPE_MD_METH 0x01 +# define OBJ_NAME_TYPE_CIPHER_METH 0x02 +# define OBJ_NAME_TYPE_PKEY_METH 0x03 +# define OBJ_NAME_TYPE_COMP_METH 0x04 +# define OBJ_NAME_TYPE_MAC_METH 0x05 +# define OBJ_NAME_TYPE_KDF_METH 0x06 +# define OBJ_NAME_TYPE_NUM 0x07 + +# define OBJ_NAME_ALIAS 0x8000 + +# define OBJ_BSEARCH_VALUE_ON_NOMATCH 0x01 +# define OBJ_BSEARCH_FIRST_VALUE_ON_MATCH 0x02 + + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct obj_name_st { + int type; + int alias; + const char *name; + const char *data; +} OBJ_NAME; + +# define OBJ_create_and_add_object(a,b,c) OBJ_create(a,b,c) + +int OBJ_NAME_init(void); +int OBJ_NAME_new_index(unsigned long (*hash_func) (const char *), + int (*cmp_func) (const char *, const char *), + void (*free_func) (const char *, int, const char *)); +const char *OBJ_NAME_get(const char *name, int type); +int OBJ_NAME_add(const char *name, int type, const char *data); +int OBJ_NAME_remove(const char *name, int type); +void OBJ_NAME_cleanup(int type); /* -1 for everything */ +void OBJ_NAME_do_all(int type, void (*fn) (const OBJ_NAME *, void *arg), + void *arg); +void OBJ_NAME_do_all_sorted(int type, + void (*fn) (const OBJ_NAME *, void *arg), + void *arg); + +DECLARE_ASN1_DUP_FUNCTION_name(ASN1_OBJECT, OBJ) +ASN1_OBJECT *OBJ_nid2obj(int n); +const char *OBJ_nid2ln(int n); +const char *OBJ_nid2sn(int n); +int OBJ_obj2nid(const ASN1_OBJECT *o); +ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name); +int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name); +int OBJ_txt2nid(const char *s); +int OBJ_ln2nid(const char *s); +int OBJ_sn2nid(const char *s); +int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b); +const void *OBJ_bsearch_(const void *key, const void *base, int num, int size, + int (*cmp) (const void *, const void *)); +const void *OBJ_bsearch_ex_(const void *key, const void *base, int num, + int size, + int (*cmp) (const void *, const void *), + int flags); + +# define _DECLARE_OBJ_BSEARCH_CMP_FN(scope, type1, type2, nm) \ + static int nm##_cmp_BSEARCH_CMP_FN(const void *, const void *); \ + static int nm##_cmp(type1 const *, type2 const *); \ + scope type2 * OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) + +# define DECLARE_OBJ_BSEARCH_CMP_FN(type1, type2, cmp) \ + _DECLARE_OBJ_BSEARCH_CMP_FN(static, type1, type2, cmp) +# define DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, nm) \ + type2 * OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) + +/*- + * Unsolved problem: if a type is actually a pointer type, like + * nid_triple is, then its impossible to get a const where you need + * it. Consider: + * + * typedef int nid_triple[3]; + * const void *a_; + * const nid_triple const *a = a_; + * + * The assignment discards a const because what you really want is: + * + * const int const * const *a = a_; + * + * But if you do that, you lose the fact that a is an array of 3 ints, + * which breaks comparison functions. + * + * Thus we end up having to cast, sadly, or unpack the + * declarations. Or, as I finally did in this case, declare nid_triple + * to be a struct, which it should have been in the first place. + * + * Ben, August 2008. + * + * Also, strictly speaking not all types need be const, but handling + * the non-constness means a lot of complication, and in practice + * comparison routines do always not touch their arguments. + */ + +# define IMPLEMENT_OBJ_BSEARCH_CMP_FN(type1, type2, nm) \ + static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) \ + { \ + type1 const *a = a_; \ + type2 const *b = b_; \ + return nm##_cmp(a,b); \ + } \ + static type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \ + { \ + return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \ + nm##_cmp_BSEARCH_CMP_FN); \ + } \ + extern void dummy_prototype(void) + +# define IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, nm) \ + static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) \ + { \ + type1 const *a = a_; \ + type2 const *b = b_; \ + return nm##_cmp(a,b); \ + } \ + type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \ + { \ + return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \ + nm##_cmp_BSEARCH_CMP_FN); \ + } \ + extern void dummy_prototype(void) + +# define OBJ_bsearch(type1,key,type2,base,num,cmp) \ + ((type2 *)OBJ_bsearch_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \ + num,sizeof(type2), \ + ((void)CHECKED_PTR_OF(type1,cmp##_type_1), \ + (void)CHECKED_PTR_OF(type2,cmp##_type_2), \ + cmp##_BSEARCH_CMP_FN))) + +# define OBJ_bsearch_ex(type1,key,type2,base,num,cmp,flags) \ + ((type2 *)OBJ_bsearch_ex_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \ + num,sizeof(type2), \ + ((void)CHECKED_PTR_OF(type1,cmp##_type_1), \ + (void)type_2=CHECKED_PTR_OF(type2,cmp##_type_2), \ + cmp##_BSEARCH_CMP_FN)),flags) + +int OBJ_new_nid(int num); +int OBJ_add_object(const ASN1_OBJECT *obj); +int OBJ_create(const char *oid, const char *sn, const char *ln); +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define OBJ_cleanup() while(0) continue +#endif +int OBJ_create_objects(BIO *in); + +size_t OBJ_length(const ASN1_OBJECT *obj); +const unsigned char *OBJ_get0_data(const ASN1_OBJECT *obj); + +int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid); +int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid); +int OBJ_add_sigid(int signid, int dig_id, int pkey_id); +void OBJ_sigid_free(void); + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/linux_amd64/include/openssl/objectserr.h b/linux_amd64/include/openssl/objectserr.h new file mode 100644 index 0000000..84c7501 --- /dev/null +++ b/linux_amd64/include/openssl/objectserr.h @@ -0,0 +1,50 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_OBJECTSERR_H +# define OPENSSL_OBJECTSERR_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_OBJERR_H +# endif + +# include +# include + + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_OBJ_strings(void); + +/* + * OBJ function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define OBJ_F_OBJ_ADD_OBJECT 0 +# define OBJ_F_OBJ_ADD_SIGID 0 +# define OBJ_F_OBJ_CREATE 0 +# define OBJ_F_OBJ_DUP 0 +# define OBJ_F_OBJ_NAME_NEW_INDEX 0 +# define OBJ_F_OBJ_NID2LN 0 +# define OBJ_F_OBJ_NID2OBJ 0 +# define OBJ_F_OBJ_NID2SN 0 +# define OBJ_F_OBJ_TXT2OBJ 0 +# endif + +/* + * OBJ reason codes. + */ +# define OBJ_R_OID_EXISTS 102 +# define OBJ_R_UNKNOWN_NID 101 + +#endif diff --git a/linux_amd64/include/openssl/ocsp.h b/linux_amd64/include/openssl/ocsp.h new file mode 100644 index 0000000..209afd6 --- /dev/null +++ b/linux_amd64/include/openssl/ocsp.h @@ -0,0 +1,375 @@ +/* + * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_OCSP_H +# define OPENSSL_OCSP_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_OCSP_H +# endif + +# include + +/* + * These definitions are outside the OPENSSL_NO_OCSP guard because although for + * historical reasons they have OCSP_* names, they can actually be used + * independently of OCSP. E.g. see RFC5280 + */ +/*- + * CRLReason ::= ENUMERATED { + * unspecified (0), + * keyCompromise (1), + * cACompromise (2), + * affiliationChanged (3), + * superseded (4), + * cessationOfOperation (5), + * certificateHold (6), + * -- value 7 is not used + * removeFromCRL (8), + * privilegeWithdrawn (9), + * aACompromise (10) } + */ +# define OCSP_REVOKED_STATUS_NOSTATUS -1 +# define OCSP_REVOKED_STATUS_UNSPECIFIED 0 +# define OCSP_REVOKED_STATUS_KEYCOMPROMISE 1 +# define OCSP_REVOKED_STATUS_CACOMPROMISE 2 +# define OCSP_REVOKED_STATUS_AFFILIATIONCHANGED 3 +# define OCSP_REVOKED_STATUS_SUPERSEDED 4 +# define OCSP_REVOKED_STATUS_CESSATIONOFOPERATION 5 +# define OCSP_REVOKED_STATUS_CERTIFICATEHOLD 6 +# define OCSP_REVOKED_STATUS_REMOVEFROMCRL 8 +# define OCSP_REVOKED_STATUS_PRIVILEGEWITHDRAWN 9 +# define OCSP_REVOKED_STATUS_AACOMPROMISE 10 + +/* + * These definitions are outside the OPENSSL_NO_OCSP guard because although for + * historical reasons they have OCSP_* names, they are used for the HTTP client. + */ +# include +/* The following functions are used only internally */ +OCSP_REQ_CTX *OCSP_REQ_CTX_new(BIO *wbio, BIO *rbio, + int method_GET, int maxline, + unsigned long max_resp_len, int timeout, + const char *expected_content_type, + int expect_asn1); +void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx); +int OCSP_REQ_CTX_http(OCSP_REQ_CTX *rctx, + const char *server, const char *port, const char *path); +int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx, + const char *name, const char *value); +int OCSP_REQ_CTX_i2d(OCSP_REQ_CTX *rctx, const char *content_type, + const ASN1_ITEM *it, ASN1_VALUE *req); +int OCSP_REQ_CTX_nbio(OCSP_REQ_CTX *rctx); +ASN1_VALUE *OCSP_REQ_CTX_nbio_d2i(OCSP_REQ_CTX *rctx, const ASN1_ITEM *it); +BIO *OCSP_REQ_CTX_get0_mem_bio(OCSP_REQ_CTX *rctx); +void OCSP_set_max_response_length(OCSP_REQ_CTX *rctx, unsigned long len); +/* End of functions used only internally */ + + +# ifndef OPENSSL_NO_OCSP + +# include +# include +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +/* Various flags and values */ + +# define OCSP_DEFAULT_NONCE_LENGTH 16 + +# define OCSP_NOCERTS 0x1 +# define OCSP_NOINTERN 0x2 +# define OCSP_NOSIGS 0x4 +# define OCSP_NOCHAIN 0x8 +# define OCSP_NOVERIFY 0x10 +# define OCSP_NOEXPLICIT 0x20 +# define OCSP_NOCASIGN 0x40 +# define OCSP_NODELEGATED 0x80 +# define OCSP_NOCHECKS 0x100 +# define OCSP_TRUSTOTHER 0x200 +# define OCSP_RESPID_KEY 0x400 +# define OCSP_NOTIME 0x800 + +typedef struct ocsp_cert_id_st OCSP_CERTID; + +DEFINE_STACK_OF(OCSP_CERTID) + +typedef struct ocsp_one_request_st OCSP_ONEREQ; + +DEFINE_STACK_OF(OCSP_ONEREQ) + +typedef struct ocsp_req_info_st OCSP_REQINFO; +typedef struct ocsp_signature_st OCSP_SIGNATURE; +typedef struct ocsp_request_st OCSP_REQUEST; + +# define OCSP_RESPONSE_STATUS_SUCCESSFUL 0 +# define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST 1 +# define OCSP_RESPONSE_STATUS_INTERNALERROR 2 +# define OCSP_RESPONSE_STATUS_TRYLATER 3 +# define OCSP_RESPONSE_STATUS_SIGREQUIRED 5 +# define OCSP_RESPONSE_STATUS_UNAUTHORIZED 6 + +typedef struct ocsp_resp_bytes_st OCSP_RESPBYTES; + +# define V_OCSP_RESPID_NAME 0 +# define V_OCSP_RESPID_KEY 1 + +DEFINE_STACK_OF(OCSP_RESPID) + +typedef struct ocsp_revoked_info_st OCSP_REVOKEDINFO; + +# define V_OCSP_CERTSTATUS_GOOD 0 +# define V_OCSP_CERTSTATUS_REVOKED 1 +# define V_OCSP_CERTSTATUS_UNKNOWN 2 + +typedef struct ocsp_cert_status_st OCSP_CERTSTATUS; +typedef struct ocsp_single_response_st OCSP_SINGLERESP; + +DEFINE_STACK_OF(OCSP_SINGLERESP) + +typedef struct ocsp_response_data_st OCSP_RESPDATA; + +typedef struct ocsp_basic_response_st OCSP_BASICRESP; + +typedef struct ocsp_crl_id_st OCSP_CRLID; +typedef struct ocsp_service_locator_st OCSP_SERVICELOC; + +# define PEM_STRING_OCSP_REQUEST "OCSP REQUEST" +# define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE" + +# define d2i_OCSP_REQUEST_bio(bp,p) ASN1_d2i_bio_of(OCSP_REQUEST,OCSP_REQUEST_new,d2i_OCSP_REQUEST,bp,p) + +# define d2i_OCSP_RESPONSE_bio(bp,p) ASN1_d2i_bio_of(OCSP_RESPONSE,OCSP_RESPONSE_new,d2i_OCSP_RESPONSE,bp,p) + +# define PEM_read_bio_OCSP_REQUEST(bp,x,cb) (OCSP_REQUEST *)PEM_ASN1_read_bio( \ + (char *(*)())d2i_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST, \ + bp,(char **)(x),cb,NULL) + +# define PEM_read_bio_OCSP_RESPONSE(bp,x,cb) (OCSP_RESPONSE *)PEM_ASN1_read_bio(\ + (char *(*)())d2i_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE, \ + bp,(char **)(x),cb,NULL) + +# define PEM_write_bio_OCSP_REQUEST(bp,o) \ + PEM_ASN1_write_bio((int (*)())i2d_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,\ + bp,(char *)(o), NULL,NULL,0,NULL,NULL) + +# define PEM_write_bio_OCSP_RESPONSE(bp,o) \ + PEM_ASN1_write_bio((int (*)())i2d_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,\ + bp,(char *)(o), NULL,NULL,0,NULL,NULL) + +# define i2d_OCSP_RESPONSE_bio(bp,o) ASN1_i2d_bio_of(OCSP_RESPONSE,i2d_OCSP_RESPONSE,bp,o) + +# define i2d_OCSP_REQUEST_bio(bp,o) ASN1_i2d_bio_of(OCSP_REQUEST,i2d_OCSP_REQUEST,bp,o) + +# define ASN1_BIT_STRING_digest(data,type,md,len) \ + ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len) + +# define OCSP_CERTSTATUS_dup(cs)\ + (OCSP_CERTSTATUS*)ASN1_dup((int(*)())i2d_OCSP_CERTSTATUS,\ + (char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs)) + +DECLARE_ASN1_DUP_FUNCTION(OCSP_CERTID) + +OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, const char *path, OCSP_REQUEST *req); +OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req, + int maxline); +int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx); + +/* TODO: remove this (documented but) meanwhile obsolete function? */ +int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, const OCSP_REQUEST *req); + +OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, const X509 *subject, + const X509 *issuer); + +OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, + const X509_NAME *issuerName, + const ASN1_BIT_STRING *issuerKey, + const ASN1_INTEGER *serialNumber); + +OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid); + +int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len); +int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len); +int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs); +int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req); + +int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm); +int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert); + +int OCSP_request_sign(OCSP_REQUEST *req, + X509 *signer, + EVP_PKEY *key, + const EVP_MD *dgst, + STACK_OF(X509) *certs, unsigned long flags); + +int OCSP_response_status(OCSP_RESPONSE *resp); +OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp); + +const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs); +const X509_ALGOR *OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *bs); +const OCSP_RESPDATA *OCSP_resp_get0_respdata(const OCSP_BASICRESP *bs); +int OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer, + STACK_OF(X509) *extra_certs); + +int OCSP_resp_count(OCSP_BASICRESP *bs); +OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx); +const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at(const OCSP_BASICRESP* bs); +const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs); +int OCSP_resp_get0_id(const OCSP_BASICRESP *bs, + const ASN1_OCTET_STRING **pid, + const X509_NAME **pname); +int OCSP_resp_get1_id(const OCSP_BASICRESP *bs, + ASN1_OCTET_STRING **pid, + X509_NAME **pname); + +int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last); +int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason, + ASN1_GENERALIZEDTIME **revtime, + ASN1_GENERALIZEDTIME **thisupd, + ASN1_GENERALIZEDTIME **nextupd); +int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status, + int *reason, + ASN1_GENERALIZEDTIME **revtime, + ASN1_GENERALIZEDTIME **thisupd, + ASN1_GENERALIZEDTIME **nextupd); +int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, + ASN1_GENERALIZEDTIME *nextupd, long sec, long maxsec); + +int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, + X509_STORE *store, unsigned long flags); + +# define OCSP_parse_url OSSL_HTTP_parse_url /* for backward compatibility */ + +int OCSP_id_issuer_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b); +int OCSP_id_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b); + +int OCSP_request_onereq_count(OCSP_REQUEST *req); +OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i); +OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one); +int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd, + ASN1_OCTET_STRING **pikeyHash, + ASN1_INTEGER **pserial, OCSP_CERTID *cid); +int OCSP_request_is_signed(OCSP_REQUEST *req); +OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs); +OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp, + OCSP_CERTID *cid, + int status, int reason, + ASN1_TIME *revtime, + ASN1_TIME *thisupd, + ASN1_TIME *nextupd); +int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert); +int OCSP_basic_sign(OCSP_BASICRESP *brsp, + X509 *signer, EVP_PKEY *key, const EVP_MD *dgst, + STACK_OF(X509) *certs, unsigned long flags); +int OCSP_basic_sign_ctx(OCSP_BASICRESP *brsp, + X509 *signer, EVP_MD_CTX *ctx, + STACK_OF(X509) *certs, unsigned long flags); +int OCSP_RESPID_set_by_name(OCSP_RESPID *respid, X509 *cert); +int OCSP_RESPID_set_by_key(OCSP_RESPID *respid, X509 *cert); +int OCSP_RESPID_match(OCSP_RESPID *respid, X509 *cert); + +X509_EXTENSION *OCSP_crlID_new(const char *url, long *n, char *tim); + +X509_EXTENSION *OCSP_accept_responses_new(char **oids); + +X509_EXTENSION *OCSP_archive_cutoff_new(char *tim); + +X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME *issuer, const char **urls); + +int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x); +int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos); +int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, const ASN1_OBJECT *obj, + int lastpos); +int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos); +X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc); +X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc); +void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, + int *idx); +int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit, + unsigned long flags); +int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc); + +int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x); +int OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos); +int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, const ASN1_OBJECT *obj, int lastpos); +int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos); +X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc); +X509_EXTENSION *OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc); +void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx); +int OCSP_ONEREQ_add1_ext_i2d(OCSP_ONEREQ *x, int nid, void *value, int crit, + unsigned long flags); +int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc); + +int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x); +int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos); +int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, const ASN1_OBJECT *obj, + int lastpos); +int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, + int lastpos); +X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc); +X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc); +void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit, + int *idx); +int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value, + int crit, unsigned long flags); +int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc); + +int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x); +int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos); +int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, const ASN1_OBJECT *obj, + int lastpos); +int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit, + int lastpos); +X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc); +X509_EXTENSION *OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *x, int loc); +void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit, + int *idx); +int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value, + int crit, unsigned long flags); +int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc); +const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *x); + +DECLARE_ASN1_FUNCTIONS(OCSP_SINGLERESP) +DECLARE_ASN1_FUNCTIONS(OCSP_CERTSTATUS) +DECLARE_ASN1_FUNCTIONS(OCSP_REVOKEDINFO) +DECLARE_ASN1_FUNCTIONS(OCSP_BASICRESP) +DECLARE_ASN1_FUNCTIONS(OCSP_RESPDATA) +DECLARE_ASN1_FUNCTIONS(OCSP_RESPID) +DECLARE_ASN1_FUNCTIONS(OCSP_RESPONSE) +DECLARE_ASN1_FUNCTIONS(OCSP_RESPBYTES) +DECLARE_ASN1_FUNCTIONS(OCSP_ONEREQ) +DECLARE_ASN1_FUNCTIONS(OCSP_CERTID) +DECLARE_ASN1_FUNCTIONS(OCSP_REQUEST) +DECLARE_ASN1_FUNCTIONS(OCSP_SIGNATURE) +DECLARE_ASN1_FUNCTIONS(OCSP_REQINFO) +DECLARE_ASN1_FUNCTIONS(OCSP_CRLID) +DECLARE_ASN1_FUNCTIONS(OCSP_SERVICELOC) + +const char *OCSP_response_status_str(long s); +const char *OCSP_cert_status_str(long s); +const char *OCSP_crl_reason_str(long s); + +int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST *a, unsigned long flags); +int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE *o, unsigned long flags); + +int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, + X509_STORE *st, unsigned long flags); + + +# ifdef __cplusplus +} +# endif +# endif /* !defined OPENSSL_NO_OCSP */ +#endif diff --git a/linux_amd64/include/openssl/ocsperr.h b/linux_amd64/include/openssl/ocsperr.h new file mode 100644 index 0000000..7e3fd0f --- /dev/null +++ b/linux_amd64/include/openssl/ocsperr.h @@ -0,0 +1,81 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_OCSPERR_H +# define OPENSSL_OCSPERR_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_OCSPERR_H +# endif + +# include +# include + + +# include + +# ifndef OPENSSL_NO_OCSP + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_OCSP_strings(void); + +/* + * OCSP function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define OCSP_F_D2I_OCSP_NONCE 0 +# define OCSP_F_OCSP_BASIC_ADD1_STATUS 0 +# define OCSP_F_OCSP_BASIC_SIGN 0 +# define OCSP_F_OCSP_BASIC_SIGN_CTX 0 +# define OCSP_F_OCSP_BASIC_VERIFY 0 +# define OCSP_F_OCSP_CERT_ID_NEW 0 +# define OCSP_F_OCSP_CHECK_DELEGATED 0 +# define OCSP_F_OCSP_CHECK_IDS 0 +# define OCSP_F_OCSP_CHECK_ISSUER 0 +# define OCSP_F_OCSP_CHECK_VALIDITY 0 +# define OCSP_F_OCSP_MATCH_ISSUERID 0 +# define OCSP_F_OCSP_REQUEST_SIGN 0 +# define OCSP_F_OCSP_REQUEST_VERIFY 0 +# define OCSP_F_OCSP_RESPONSE_GET1_BASIC 0 +# endif + +/* + * OCSP reason codes. + */ +# define OCSP_R_CERTIFICATE_VERIFY_ERROR 101 +# define OCSP_R_DIGEST_ERR 102 +# define OCSP_R_ERROR_IN_NEXTUPDATE_FIELD 122 +# define OCSP_R_ERROR_IN_THISUPDATE_FIELD 123 +# define OCSP_R_MISSING_OCSPSIGNING_USAGE 103 +# define OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE 124 +# define OCSP_R_NOT_BASIC_RESPONSE 104 +# define OCSP_R_NO_CERTIFICATES_IN_CHAIN 105 +# define OCSP_R_NO_RESPONSE_DATA 108 +# define OCSP_R_NO_REVOKED_TIME 109 +# define OCSP_R_NO_SIGNER_KEY 130 +# define OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 110 +# define OCSP_R_REQUEST_NOT_SIGNED 128 +# define OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA 111 +# define OCSP_R_ROOT_CA_NOT_TRUSTED 112 +# define OCSP_R_SIGNATURE_FAILURE 117 +# define OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND 118 +# define OCSP_R_STATUS_EXPIRED 125 +# define OCSP_R_STATUS_NOT_YET_VALID 126 +# define OCSP_R_STATUS_TOO_OLD 127 +# define OCSP_R_UNKNOWN_MESSAGE_DIGEST 119 +# define OCSP_R_UNKNOWN_NID 120 +# define OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE 129 + +# endif +#endif diff --git a/linux_amd64/include/openssl/opensslconf.h b/linux_amd64/include/openssl/opensslconf.h new file mode 100644 index 0000000..9a49bce --- /dev/null +++ b/linux_amd64/include/openssl/opensslconf.h @@ -0,0 +1,16 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_OPENSSLCONF_H +# define OPENSSL_OPENSSLCONF_H + +#include +#include + +#endif /* OPENSSL_OPENSSLCONF_H */ diff --git a/linux_amd64/include/openssl/opensslv.h b/linux_amd64/include/openssl/opensslv.h new file mode 100644 index 0000000..7805942 --- /dev/null +++ b/linux_amd64/include/openssl/opensslv.h @@ -0,0 +1,114 @@ +/* + * WARNING: do not edit! + * Generated by Makefile from ../include/openssl/opensslv.h.in + * + * Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_OPENSSLV_H +# define OPENSSL_OPENSSLV_H +# pragma once + +# ifdef __cplusplus +extern "C" { +# endif + +/* + * SECTION 1: VERSION DATA. These will change for each release + */ + +/* + * Base version macros + * + * These macros express version number MAJOR.MINOR.PATCH exactly + */ +# define OPENSSL_VERSION_MAJOR 3 +# define OPENSSL_VERSION_MINOR 0 +# define OPENSSL_VERSION_PATCH 0 + +/* + * Additional version information + * + * These are also part of the new version scheme, but aren't part + * of the version number itself. + */ + +/* Could be: #define OPENSSL_VERSION_PRE_RELEASE "-alpha.1" */ +# define OPENSSL_VERSION_PRE_RELEASE "-dev" +/* Could be: #define OPENSSL_VERSION_BUILD_METADATA "+fips" */ +/* Could be: #define OPENSSL_VERSION_BUILD_METADATA "+vendor.1" */ +# define OPENSSL_VERSION_BUILD_METADATA "" + +/* + * Note: The OpenSSL Project will never define OPENSSL_VERSION_BUILD_METADATA + * to be anything but the empty string. Its use is entirely reserved for + * others + */ + +/* + * Shared library version + * + * This is strictly to express ABI version, which may or may not + * be related to the API version expressed with the macros above. + * This is defined in free form. + */ +# define OPENSSL_SHLIB_VERSION 3 + +/* + * SECTION 2: USEFUL MACROS + */ + +/* For checking general API compatibility when preprocessing */ +# define OPENSSL_VERSION_PREREQ(maj,min) \ + ((OPENSSL_VERSION_MAJOR << 16) + OPENSSL_VERSION_MINOR >= ((maj) << 16) + (min)) + +/* + * Macros to get the version in easily digested string form, both the short + * "MAJOR.MINOR.PATCH" variant (where MAJOR, MINOR and PATCH are replaced + * with the values from the corresponding OPENSSL_VERSION_ macros) and the + * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and + * OPENSSL_VERSION_BUILD_METADATA_STR appended. + */ +# define OPENSSL_VERSION_STR "3.0.0" +# define OPENSSL_FULL_VERSION_STR "3.0.0-dev" + +/* + * SECTION 3: ADDITIONAL METADATA + * + * These strings are defined separately to allow them to be parsable. + */ +# define OPENSSL_RELEASE_DATE "xx XXX xxxx" + +/* + * SECTION 4: BACKWARD COMPATIBILITY + */ + +# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.0-dev xx XXX xxxx" + +/* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ +# ifdef OPENSSL_VERSION_PRE_RELEASE +# define _OPENSSL_VERSION_PRE_RELEASE 0x0 +# else +# define _OPENSSL_VERSION_PRE_RELEASE 0xf +# endif +# define OPENSSL_VERSION_NUMBER \ + ( (OPENSSL_VERSION_MAJOR<<28) \ + |(OPENSSL_VERSION_MINOR<<20) \ + |(OPENSSL_VERSION_PATCH<<4) \ + |_OPENSSL_VERSION_PRE_RELEASE ) + +# ifdef __cplusplus +} +# endif + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_OPENSSLV_H +# endif + +#endif /* OPENSSL_OPENSSLV_H */ diff --git a/linux_amd64/include/openssl/ossl_typ.h b/linux_amd64/include/openssl/ossl_typ.h new file mode 100644 index 0000000..82a5898 --- /dev/null +++ b/linux_amd64/include/openssl/ossl_typ.h @@ -0,0 +1,16 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * The original was renamed to + * + * This header file only exists for compatibility reasons with older + * applications which #include . + */ +# include diff --git a/linux_amd64/include/openssl/params.h b/linux_amd64/include/openssl/params.h new file mode 100644 index 0000000..cd0f784 --- /dev/null +++ b/linux_amd64/include/openssl/params.h @@ -0,0 +1,141 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_PARAMS_H +# define OPENSSL_PARAMS_H + +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +# define OSSL_PARAM_END \ + { NULL, 0, NULL, 0, 0 } + +# define OSSL_PARAM_DEFN(key, type, addr, sz) \ + { (key), (type), (addr), (sz), 0 } + +/* Basic parameter types without return sizes */ +# define OSSL_PARAM_int(key, addr) \ + OSSL_PARAM_DEFN((key), OSSL_PARAM_INTEGER, (addr), sizeof(int)) +# define OSSL_PARAM_uint(key, addr) \ + OSSL_PARAM_DEFN((key), OSSL_PARAM_UNSIGNED_INTEGER, (addr), \ + sizeof(unsigned int)) +# define OSSL_PARAM_long(key, addr) \ + OSSL_PARAM_DEFN((key), OSSL_PARAM_INTEGER, (addr), sizeof(long int)) +# define OSSL_PARAM_ulong(key, addr) \ + OSSL_PARAM_DEFN((key), OSSL_PARAM_UNSIGNED_INTEGER, (addr), \ + sizeof(unsigned long int)) +# define OSSL_PARAM_int32(key, addr) \ + OSSL_PARAM_DEFN((key), OSSL_PARAM_INTEGER, (addr), sizeof(int32_t)) +# define OSSL_PARAM_uint32(key, addr) \ + OSSL_PARAM_DEFN((key), OSSL_PARAM_UNSIGNED_INTEGER, (addr), \ + sizeof(uint32_t)) +# define OSSL_PARAM_int64(key, addr) \ + OSSL_PARAM_DEFN((key), OSSL_PARAM_INTEGER, (addr), sizeof(int64_t)) +# define OSSL_PARAM_uint64(key, addr) \ + OSSL_PARAM_DEFN((key), OSSL_PARAM_UNSIGNED_INTEGER, (addr), \ + sizeof(uint64_t)) +# define OSSL_PARAM_size_t(key, addr) \ + OSSL_PARAM_DEFN((key), OSSL_PARAM_UNSIGNED_INTEGER, (addr), sizeof(size_t)) +# define OSSL_PARAM_double(key, addr) \ + OSSL_PARAM_DEFN((key), OSSL_PARAM_REAL, (addr), sizeof(double)) + +# define OSSL_PARAM_BN(key, bn, sz) \ + OSSL_PARAM_DEFN((key), OSSL_PARAM_UNSIGNED_INTEGER, (bn), (sz)) +# define OSSL_PARAM_utf8_string(key, addr, sz) \ + OSSL_PARAM_DEFN((key), OSSL_PARAM_UTF8_STRING, (addr), sz) +# define OSSL_PARAM_octet_string(key, addr, sz) \ + OSSL_PARAM_DEFN((key), OSSL_PARAM_OCTET_STRING, (addr), sz) + +# define OSSL_PARAM_utf8_ptr(key, addr, sz) \ + OSSL_PARAM_DEFN((key), OSSL_PARAM_UTF8_PTR, &(addr), sz) +# define OSSL_PARAM_octet_ptr(key, addr, sz) \ + OSSL_PARAM_DEFN((key), OSSL_PARAM_OCTET_PTR, &(addr), sz) + +/* Search an OSSL_PARAM array for a matching name */ +OSSL_PARAM *OSSL_PARAM_locate(OSSL_PARAM *p, const char *key); +const OSSL_PARAM *OSSL_PARAM_locate_const(const OSSL_PARAM *p, const char *key); + +/* Basic parameter type run-time construction */ +OSSL_PARAM OSSL_PARAM_construct_int(const char *key, int *buf); +OSSL_PARAM OSSL_PARAM_construct_uint(const char *key, unsigned int *buf); +OSSL_PARAM OSSL_PARAM_construct_long(const char *key, long int *buf); +OSSL_PARAM OSSL_PARAM_construct_ulong(const char *key, unsigned long int *buf); +OSSL_PARAM OSSL_PARAM_construct_int32(const char *key, int32_t *buf); +OSSL_PARAM OSSL_PARAM_construct_uint32(const char *key, uint32_t *buf); +OSSL_PARAM OSSL_PARAM_construct_int64(const char *key, int64_t *buf); +OSSL_PARAM OSSL_PARAM_construct_uint64(const char *key, uint64_t *buf); +OSSL_PARAM OSSL_PARAM_construct_size_t(const char *key, size_t *buf); +OSSL_PARAM OSSL_PARAM_construct_BN(const char *key, unsigned char *buf, + size_t bsize); +OSSL_PARAM OSSL_PARAM_construct_double(const char *key, double *buf); +OSSL_PARAM OSSL_PARAM_construct_utf8_string(const char *key, char *buf, + size_t bsize); +OSSL_PARAM OSSL_PARAM_construct_utf8_ptr(const char *key, char **buf, + size_t bsize); +OSSL_PARAM OSSL_PARAM_construct_octet_string(const char *key, void *buf, + size_t bsize); +OSSL_PARAM OSSL_PARAM_construct_octet_ptr(const char *key, void **buf, + size_t bsize); +OSSL_PARAM OSSL_PARAM_construct_end(void); + +int OSSL_PARAM_allocate_from_text(OSSL_PARAM *to, + const OSSL_PARAM *paramdefs, + const char *key, const char *value, + size_t value_n, int *found); + +int OSSL_PARAM_get_int(const OSSL_PARAM *p, int *val); +int OSSL_PARAM_get_uint(const OSSL_PARAM *p, unsigned int *val); +int OSSL_PARAM_get_long(const OSSL_PARAM *p, long int *val); +int OSSL_PARAM_get_ulong(const OSSL_PARAM *p, unsigned long int *val); +int OSSL_PARAM_get_int32(const OSSL_PARAM *p, int32_t *val); +int OSSL_PARAM_get_uint32(const OSSL_PARAM *p, uint32_t *val); +int OSSL_PARAM_get_int64(const OSSL_PARAM *p, int64_t *val); +int OSSL_PARAM_get_uint64(const OSSL_PARAM *p, uint64_t *val); +int OSSL_PARAM_get_size_t(const OSSL_PARAM *p, size_t *val); + +int OSSL_PARAM_set_int(OSSL_PARAM *p, int val); +int OSSL_PARAM_set_uint(OSSL_PARAM *p, unsigned int val); +int OSSL_PARAM_set_long(OSSL_PARAM *p, long int val); +int OSSL_PARAM_set_ulong(OSSL_PARAM *p, unsigned long int val); +int OSSL_PARAM_set_int32(OSSL_PARAM *p, int32_t val); +int OSSL_PARAM_set_uint32(OSSL_PARAM *p, uint32_t val); +int OSSL_PARAM_set_int64(OSSL_PARAM *p, int64_t val); +int OSSL_PARAM_set_uint64(OSSL_PARAM *p, uint64_t val); +int OSSL_PARAM_set_size_t(OSSL_PARAM *p, size_t val); + +int OSSL_PARAM_get_double(const OSSL_PARAM *p, double *val); +int OSSL_PARAM_set_double(OSSL_PARAM *p, double val); + +int OSSL_PARAM_get_BN(const OSSL_PARAM *p, BIGNUM **val); +int OSSL_PARAM_set_BN(OSSL_PARAM *p, const BIGNUM *val); + +int OSSL_PARAM_get_utf8_string(const OSSL_PARAM *p, char **val, size_t max_len); +int OSSL_PARAM_set_utf8_string(OSSL_PARAM *p, const char *val); + +int OSSL_PARAM_get_octet_string(const OSSL_PARAM *p, void **val, size_t max_len, + size_t *used_len); +int OSSL_PARAM_set_octet_string(OSSL_PARAM *p, const void *val, size_t len); + +int OSSL_PARAM_get_utf8_ptr(const OSSL_PARAM *p, const char **val); +int OSSL_PARAM_set_utf8_ptr(OSSL_PARAM *p, const char *val); + +int OSSL_PARAM_get_octet_ptr(const OSSL_PARAM *p, const void **val, + size_t *used_len); +int OSSL_PARAM_set_octet_ptr(OSSL_PARAM *p, const void *val, + size_t used_len); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/linux_amd64/include/openssl/pem.h b/linux_amd64/include/openssl/pem.h new file mode 100644 index 0000000..e48d247 --- /dev/null +++ b/linux_amd64/include/openssl/pem.h @@ -0,0 +1,411 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_PEM_H +# define OPENSSL_PEM_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_PEM_H +# endif + +# include +# include +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# define PEM_BUFSIZE 1024 + +# define PEM_STRING_X509_OLD "X509 CERTIFICATE" +# define PEM_STRING_X509 "CERTIFICATE" +# define PEM_STRING_X509_TRUSTED "TRUSTED CERTIFICATE" +# define PEM_STRING_X509_REQ_OLD "NEW CERTIFICATE REQUEST" +# define PEM_STRING_X509_REQ "CERTIFICATE REQUEST" +# define PEM_STRING_X509_CRL "X509 CRL" +# define PEM_STRING_EVP_PKEY "ANY PRIVATE KEY" +# define PEM_STRING_PUBLIC "PUBLIC KEY" +# define PEM_STRING_RSA "RSA PRIVATE KEY" +# define PEM_STRING_RSA_PUBLIC "RSA PUBLIC KEY" +# define PEM_STRING_DSA "DSA PRIVATE KEY" +# define PEM_STRING_DSA_PUBLIC "DSA PUBLIC KEY" +# define PEM_STRING_PKCS7 "PKCS7" +# define PEM_STRING_PKCS7_SIGNED "PKCS #7 SIGNED DATA" +# define PEM_STRING_PKCS8 "ENCRYPTED PRIVATE KEY" +# define PEM_STRING_PKCS8INF "PRIVATE KEY" +# define PEM_STRING_DHPARAMS "DH PARAMETERS" +# define PEM_STRING_DHXPARAMS "X9.42 DH PARAMETERS" +# define PEM_STRING_SSL_SESSION "SSL SESSION PARAMETERS" +# define PEM_STRING_DSAPARAMS "DSA PARAMETERS" +# define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY" +# define PEM_STRING_ECPARAMETERS "EC PARAMETERS" +# define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY" +# define PEM_STRING_PARAMETERS "PARAMETERS" +# define PEM_STRING_CMS "CMS" + +# define PEM_TYPE_ENCRYPTED 10 +# define PEM_TYPE_MIC_ONLY 20 +# define PEM_TYPE_MIC_CLEAR 30 +# define PEM_TYPE_CLEAR 40 + +/* + * These macros make the PEM_read/PEM_write functions easier to maintain and + * write. Now they are all implemented with either: IMPLEMENT_PEM_rw(...) or + * IMPLEMENT_PEM_rw_cb(...) + */ + +# define PEM_write_fnsig(name, type, OUTTYPE, writename) \ + int PEM_##writename##_##name(OUTTYPE *out, const type *x) +# define PEM_write_cb_fnsig(name, type, OUTTYPE, writename) \ + int PEM_##writename##_##name(OUTTYPE *out, const type *x, \ + const EVP_CIPHER *enc, \ + const unsigned char *kstr, int klen, \ + pem_password_cb *cb, void *u) + +# ifdef OPENSSL_NO_STDIO + +# define IMPLEMENT_PEM_read_fp(name, type, str, asn1) /**/ +# define IMPLEMENT_PEM_write_fp(name, type, str, asn1) /**/ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) /**/ +# endif +# define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) /**/ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) /**/ +# endif +# else + +# define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \ + type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u) \ + { \ + return PEM_ASN1_read((d2i_of_void *)d2i_##asn1, str, fp, \ + (void **)x, cb, u); \ + } + +# define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \ + PEM_write_fnsig(name, type, FILE, write) \ + { \ + return PEM_ASN1_write((i2d_of_void *)i2d_##asn1, str, out, \ + x, NULL, NULL, 0, NULL, NULL); \ + } + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_fp(name, type, str, asn1) +# endif + +# define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \ + PEM_write_cb_fnsig(name, type, FILE, write) \ + { \ + return PEM_ASN1_write((i2d_of_void *)i2d_##asn1, str, out, \ + x, enc, kstr, klen, cb, u); \ + } + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) +# endif +# endif + +# define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \ + type *PEM_read_bio_##name(BIO *bp, type **x, \ + pem_password_cb *cb, void *u) \ + { \ + return PEM_ASN1_read_bio((d2i_of_void *)d2i_##asn1, str, bp, \ + (void **)x, cb, u); \ + } + +# define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \ + PEM_write_fnsig(name, type, BIO, write_bio) \ + { \ + return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1, str, out, \ + x, NULL,NULL,0,NULL,NULL); \ + } + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_bio(name, type, str, asn1) +# endif + +# define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \ + PEM_write_cb_fnsig(name, type, BIO, write_bio) \ + { \ + return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1, str, out, \ + x, enc, kstr, klen, cb, u); \ + } + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) +# endif + +# define IMPLEMENT_PEM_write(name, type, str, asn1) \ + IMPLEMENT_PEM_write_bio(name, type, str, asn1) \ + IMPLEMENT_PEM_write_fp(name, type, str, asn1) + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define IMPLEMENT_PEM_write_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) +# endif + +# define IMPLEMENT_PEM_write_cb(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define IMPLEMENT_PEM_write_cb_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) +# endif + +# define IMPLEMENT_PEM_read(name, type, str, asn1) \ + IMPLEMENT_PEM_read_bio(name, type, str, asn1) \ + IMPLEMENT_PEM_read_fp(name, type, str, asn1) + +# define IMPLEMENT_PEM_rw(name, type, str, asn1) \ + IMPLEMENT_PEM_read(name, type, str, asn1) \ + IMPLEMENT_PEM_write(name, type, str, asn1) + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define IMPLEMENT_PEM_rw_const(name, type, str, asn1) \ + IMPLEMENT_PEM_read(name, type, str, asn1) \ + IMPLEMENT_PEM_write_const(name, type, str, asn1) +# endif + +# define IMPLEMENT_PEM_rw_cb(name, type, str, asn1) \ + IMPLEMENT_PEM_read(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb(name, type, str, asn1) + +/* These are the same except they are for the declarations */ + +# if defined(OPENSSL_NO_STDIO) + +# define DECLARE_PEM_read_fp(name, type) /**/ +# define DECLARE_PEM_write_fp(name, type) /**/ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define DECLARE_PEM_write_fp_const(name, type) /**/ +# endif +# define DECLARE_PEM_write_cb_fp(name, type) /**/ +# else + +# define DECLARE_PEM_read_fp(name, type) \ + type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u); + +# define DECLARE_PEM_write_fp(name, type) \ + PEM_write_fnsig(name, type, FILE, write); + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define DECLARE_PEM_write_fp_const(name, type) \ + PEM_write_fnsig(name, type, FILE, write); +# endif + +# define DECLARE_PEM_write_cb_fp(name, type) \ + PEM_write_cb_fnsig(name, type, FILE, write); + +# endif + +# define DECLARE_PEM_read_bio(name, type) \ + type *PEM_read_bio_##name(BIO *bp, type **x, \ + pem_password_cb *cb, void *u); + +# define DECLARE_PEM_write_bio(name, type) \ + PEM_write_fnsig(name, type, BIO, write_bio); + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define DECLARE_PEM_write_bio_const(name, type) \ + PEM_write_fnsig(name, type, BIO, write_bio); +# endif + +# define DECLARE_PEM_write_cb_bio(name, type) \ + PEM_write_cb_fnsig(name, type, BIO, write_bio); + +# define DECLARE_PEM_write(name, type) \ + DECLARE_PEM_write_bio(name, type) \ + DECLARE_PEM_write_fp(name, type) +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define DECLARE_PEM_write_const(name, type) \ + DECLARE_PEM_write_bio_const(name, type) \ + DECLARE_PEM_write_fp_const(name, type) +# endif +# define DECLARE_PEM_write_cb(name, type) \ + DECLARE_PEM_write_cb_bio(name, type) \ + DECLARE_PEM_write_cb_fp(name, type) +# define DECLARE_PEM_read(name, type) \ + DECLARE_PEM_read_bio(name, type) \ + DECLARE_PEM_read_fp(name, type) +# define DECLARE_PEM_rw(name, type) \ + DECLARE_PEM_read(name, type) \ + DECLARE_PEM_write(name, type) +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define DECLARE_PEM_rw_const(name, type) \ + DECLARE_PEM_read(name, type) \ + DECLARE_PEM_write_const(name, type) +# endif +# define DECLARE_PEM_rw_cb(name, type) \ + DECLARE_PEM_read(name, type) \ + DECLARE_PEM_write_cb(name, type) + +int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher); +int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *len, + pem_password_cb *callback, void *u); + +int PEM_read_bio(BIO *bp, char **name, char **header, + unsigned char **data, long *len); +# define PEM_FLAG_SECURE 0x1 +# define PEM_FLAG_EAY_COMPATIBLE 0x2 +# define PEM_FLAG_ONLY_B64 0x4 +int PEM_read_bio_ex(BIO *bp, char **name, char **header, + unsigned char **data, long *len, unsigned int flags); +int PEM_bytes_read_bio_secmem(unsigned char **pdata, long *plen, char **pnm, + const char *name, BIO *bp, pem_password_cb *cb, + void *u); +int PEM_write_bio(BIO *bp, const char *name, const char *hdr, + const unsigned char *data, long len); +int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, + const char *name, BIO *bp, pem_password_cb *cb, + void *u); +void *PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, void **x, + pem_password_cb *cb, void *u); +int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, + const void *x, const EVP_CIPHER *enc, + const unsigned char *kstr, int klen, + pem_password_cb *cb, void *u); + +STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, + pem_password_cb *cb, void *u); +int PEM_X509_INFO_write_bio(BIO *bp, const X509_INFO *xi, EVP_CIPHER *enc, + const unsigned char *kstr, int klen, + pem_password_cb *cd, void *u); + +#ifndef OPENSSL_NO_STDIO +int PEM_read(FILE *fp, char **name, char **header, + unsigned char **data, long *len); +int PEM_write(FILE *fp, const char *name, const char *hdr, + const unsigned char *data, long len); +void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x, + pem_password_cb *cb, void *u); +int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp, + const void *x, const EVP_CIPHER *enc, + const unsigned char *kstr, int klen, + pem_password_cb *callback, void *u); +STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, + pem_password_cb *cb, void *u); +#endif + +int PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type); +int PEM_SignUpdate(EVP_MD_CTX *ctx, const unsigned char *d, unsigned int cnt); +int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, + unsigned int *siglen, EVP_PKEY *pkey); + +/* The default pem_password_cb that's used internally */ +int PEM_def_callback(char *buf, int num, int rwflag, void *userdata); +void PEM_proc_type(char *buf, int type); +void PEM_dek_info(char *buf, const char *type, int len, const char *str); + +# include + +DECLARE_PEM_rw(X509, X509) +DECLARE_PEM_rw(X509_AUX, X509) +DECLARE_PEM_rw(X509_REQ, X509_REQ) +DECLARE_PEM_write(X509_REQ_NEW, X509_REQ) +DECLARE_PEM_rw(X509_CRL, X509_CRL) +DECLARE_PEM_rw(X509_PUBKEY, X509_PUBKEY) +DECLARE_PEM_rw(PKCS7, PKCS7) +DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE) +DECLARE_PEM_rw(PKCS8, X509_SIG) +DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO) +# ifndef OPENSSL_NO_RSA +DECLARE_PEM_rw_cb(RSAPrivateKey, RSA) +DECLARE_PEM_rw(RSAPublicKey, RSA) +DECLARE_PEM_rw(RSA_PUBKEY, RSA) +# endif +# ifndef OPENSSL_NO_DSA +DECLARE_PEM_rw_cb(DSAPrivateKey, DSA) +DECLARE_PEM_rw(DSA_PUBKEY, DSA) +DECLARE_PEM_rw(DSAparams, DSA) +# endif +# ifndef OPENSSL_NO_EC +DECLARE_PEM_rw(ECPKParameters, EC_GROUP) +DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY) +DECLARE_PEM_rw(EC_PUBKEY, EC_KEY) +# endif +# ifndef OPENSSL_NO_DH +DECLARE_PEM_rw(DHparams, DH) +DECLARE_PEM_write(DHxparams, DH) +# endif +DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY) +DECLARE_PEM_rw(PUBKEY, EVP_PKEY) + +int PEM_write_bio_PrivateKey_traditional(BIO *bp, const EVP_PKEY *x, + const EVP_CIPHER *enc, + const unsigned char *kstr, int klen, + pem_password_cb *cb, void *u); + +/* Why do these take a signed char *kstr? */ +int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, const EVP_PKEY *x, int nid, + const char *kstr, int klen, + pem_password_cb *cb, void *u); +int PEM_write_bio_PKCS8PrivateKey(BIO *, const EVP_PKEY *, const EVP_CIPHER *, + const char *kstr, int klen, + pem_password_cb *cb, void *u); +int i2d_PKCS8PrivateKey_bio(BIO *bp, const EVP_PKEY *x, const EVP_CIPHER *enc, + const char *kstr, int klen, + pem_password_cb *cb, void *u); +int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, const EVP_PKEY *x, int nid, + const char *kstr, int klen, + pem_password_cb *cb, void *u); +EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, + void *u); + +# ifndef OPENSSL_NO_STDIO +int i2d_PKCS8PrivateKey_fp(FILE *fp, const EVP_PKEY *x, const EVP_CIPHER *enc, + const char *kstr, int klen, + pem_password_cb *cb, void *u); +int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, const EVP_PKEY *x, int nid, + const char *kstr, int klen, + pem_password_cb *cb, void *u); +int PEM_write_PKCS8PrivateKey_nid(FILE *fp, const EVP_PKEY *x, int nid, + const char *kstr, int klen, + pem_password_cb *cb, void *u); + +EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, + void *u); + +int PEM_write_PKCS8PrivateKey(FILE *fp, const EVP_PKEY *x, const EVP_CIPHER *enc, + const char *kstr, int klen, + pem_password_cb *cd, void *u); +# endif +EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x); +int PEM_write_bio_Parameters(BIO *bp, const EVP_PKEY *x); + +# ifndef OPENSSL_NO_DSA +EVP_PKEY *b2i_PrivateKey(const unsigned char **in, long length); +EVP_PKEY *b2i_PublicKey(const unsigned char **in, long length); +EVP_PKEY *b2i_PrivateKey_bio(BIO *in); +EVP_PKEY *b2i_PublicKey_bio(BIO *in); +int i2b_PrivateKey_bio(BIO *out, const EVP_PKEY *pk); +int i2b_PublicKey_bio(BIO *out, const EVP_PKEY *pk); +# ifndef OPENSSL_NO_RC4 +EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u); +int i2b_PVK_bio(BIO *out, const EVP_PKEY *pk, int enclevel, + pem_password_cb *cb, void *u); +# endif +# endif + +# ifdef __cplusplus +} +# endif +#endif diff --git a/linux_amd64/include/openssl/pem2.h b/linux_amd64/include/openssl/pem2.h new file mode 100644 index 0000000..a8a5325 --- /dev/null +++ b/linux_amd64/include/openssl/pem2.h @@ -0,0 +1,19 @@ +/* + * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_PEM2_H +# define OPENSSL_PEM2_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_PEM2_H +# endif +# include +#endif diff --git a/linux_amd64/include/openssl/pemerr.h b/linux_amd64/include/openssl/pemerr.h new file mode 100644 index 0000000..c37a3ac --- /dev/null +++ b/linux_amd64/include/openssl/pemerr.h @@ -0,0 +1,111 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_PEMERR_H +# define OPENSSL_PEMERR_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_PEMERR_H +# endif + +# include +# include + + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_PEM_strings(void); + +/* + * PEM function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define PEM_F_B2I_DSS 0 +# define PEM_F_B2I_PVK_BIO 0 +# define PEM_F_B2I_RSA 0 +# define PEM_F_CHECK_BITLEN_DSA 0 +# define PEM_F_CHECK_BITLEN_RSA 0 +# define PEM_F_D2I_PKCS8PRIVATEKEY_BIO 0 +# define PEM_F_D2I_PKCS8PRIVATEKEY_FP 0 +# define PEM_F_DO_B2I 0 +# define PEM_F_DO_B2I_BIO 0 +# define PEM_F_DO_BLOB_HEADER 0 +# define PEM_F_DO_I2B 0 +# define PEM_F_DO_PK8PKEY 0 +# define PEM_F_DO_PK8PKEY_FP 0 +# define PEM_F_DO_PVK_BODY 0 +# define PEM_F_DO_PVK_HEADER 0 +# define PEM_F_GET_HEADER_AND_DATA 0 +# define PEM_F_GET_NAME 0 +# define PEM_F_I2B_PVK 0 +# define PEM_F_I2B_PVK_BIO 0 +# define PEM_F_LOAD_IV 0 +# define PEM_F_PEM_ASN1_READ 0 +# define PEM_F_PEM_ASN1_READ_BIO 0 +# define PEM_F_PEM_ASN1_WRITE 0 +# define PEM_F_PEM_ASN1_WRITE_BIO 0 +# define PEM_F_PEM_DEF_CALLBACK 0 +# define PEM_F_PEM_DO_HEADER 0 +# define PEM_F_PEM_GET_EVP_CIPHER_INFO 0 +# define PEM_F_PEM_READ 0 +# define PEM_F_PEM_READ_BIO 0 +# define PEM_F_PEM_READ_BIO_DHPARAMS 0 +# define PEM_F_PEM_READ_BIO_EX 0 +# define PEM_F_PEM_READ_BIO_PARAMETERS 0 +# define PEM_F_PEM_READ_BIO_PRIVATEKEY 0 +# define PEM_F_PEM_READ_DHPARAMS 0 +# define PEM_F_PEM_READ_PRIVATEKEY 0 +# define PEM_F_PEM_SIGNFINAL 0 +# define PEM_F_PEM_WRITE 0 +# define PEM_F_PEM_WRITE_BIO 0 +# define PEM_F_PEM_WRITE_PRIVATEKEY 0 +# define PEM_F_PEM_X509_INFO_READ 0 +# define PEM_F_PEM_X509_INFO_READ_BIO 0 +# define PEM_F_PEM_X509_INFO_WRITE_BIO 0 +# endif + +/* + * PEM reason codes. + */ +# define PEM_R_BAD_BASE64_DECODE 100 +# define PEM_R_BAD_DECRYPT 101 +# define PEM_R_BAD_END_LINE 102 +# define PEM_R_BAD_IV_CHARS 103 +# define PEM_R_BAD_MAGIC_NUMBER 116 +# define PEM_R_BAD_PASSWORD_READ 104 +# define PEM_R_BAD_VERSION_NUMBER 117 +# define PEM_R_BIO_WRITE_FAILURE 118 +# define PEM_R_CIPHER_IS_NULL 127 +# define PEM_R_ERROR_CONVERTING_PRIVATE_KEY 115 +# define PEM_R_EXPECTING_PRIVATE_KEY_BLOB 119 +# define PEM_R_EXPECTING_PUBLIC_KEY_BLOB 120 +# define PEM_R_HEADER_TOO_LONG 128 +# define PEM_R_INCONSISTENT_HEADER 121 +# define PEM_R_KEYBLOB_HEADER_PARSE_ERROR 122 +# define PEM_R_KEYBLOB_TOO_SHORT 123 +# define PEM_R_MISSING_DEK_IV 129 +# define PEM_R_NOT_DEK_INFO 105 +# define PEM_R_NOT_ENCRYPTED 106 +# define PEM_R_NOT_PROC_TYPE 107 +# define PEM_R_NO_START_LINE 108 +# define PEM_R_PROBLEMS_GETTING_PASSWORD 109 +# define PEM_R_PVK_DATA_TOO_SHORT 124 +# define PEM_R_PVK_TOO_SHORT 125 +# define PEM_R_READ_KEY 111 +# define PEM_R_SHORT_HEADER 112 +# define PEM_R_UNEXPECTED_DEK_IV 130 +# define PEM_R_UNSUPPORTED_CIPHER 113 +# define PEM_R_UNSUPPORTED_ENCRYPTION 114 +# define PEM_R_UNSUPPORTED_KEY_COMPONENTS 126 + +#endif diff --git a/linux_amd64/include/openssl/pkcs12.h b/linux_amd64/include/openssl/pkcs12.h new file mode 100644 index 0000000..51d6e8a --- /dev/null +++ b/linux_amd64/include/openssl/pkcs12.h @@ -0,0 +1,229 @@ +/* + * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_PKCS12_H +# define OPENSSL_PKCS12_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_PKCS12_H +# endif + +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# define PKCS12_KEY_ID 1 +# define PKCS12_IV_ID 2 +# define PKCS12_MAC_ID 3 + +/* Default iteration count */ +# ifndef PKCS12_DEFAULT_ITER +# define PKCS12_DEFAULT_ITER PKCS5_DEFAULT_ITER +# endif + +# define PKCS12_MAC_KEY_LENGTH 20 + +# define PKCS12_SALT_LEN 8 + +/* It's not clear if these are actually needed... */ +# define PKCS12_key_gen PKCS12_key_gen_utf8 +# define PKCS12_add_friendlyname PKCS12_add_friendlyname_utf8 + +/* MS key usage constants */ + +# define KEY_EX 0x10 +# define KEY_SIG 0x80 + +typedef struct PKCS12_MAC_DATA_st PKCS12_MAC_DATA; + +typedef struct PKCS12_st PKCS12; + +typedef struct PKCS12_SAFEBAG_st PKCS12_SAFEBAG; + +DEFINE_STACK_OF(PKCS12_SAFEBAG) + +typedef struct pkcs12_bag_st PKCS12_BAGS; + +# define PKCS12_ERROR 0 +# define PKCS12_OK 1 + +/* Compatibility macros */ + +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 + +# define M_PKCS12_bag_type PKCS12_bag_type +# define M_PKCS12_cert_bag_type PKCS12_cert_bag_type +# define M_PKCS12_crl_bag_type PKCS12_cert_bag_type + +# define PKCS12_certbag2x509 PKCS12_SAFEBAG_get1_cert +# define PKCS12_certbag2scrl PKCS12_SAFEBAG_get1_crl +# define PKCS12_bag_type PKCS12_SAFEBAG_get_nid +# define PKCS12_cert_bag_type PKCS12_SAFEBAG_get_bag_nid +# define PKCS12_x5092certbag PKCS12_SAFEBAG_create_cert +# define PKCS12_x509crl2certbag PKCS12_SAFEBAG_create_crl +# define PKCS12_MAKE_KEYBAG PKCS12_SAFEBAG_create0_p8inf +# define PKCS12_MAKE_SHKEYBAG PKCS12_SAFEBAG_create_pkcs8_encrypt + +#endif + +DEPRECATEDIN_1_1_0(ASN1_TYPE *PKCS12_get_attr(const PKCS12_SAFEBAG *bag, int attr_nid)) + +ASN1_TYPE *PKCS8_get_attr(PKCS8_PRIV_KEY_INFO *p8, int attr_nid); +int PKCS12_mac_present(const PKCS12 *p12); +void PKCS12_get0_mac(const ASN1_OCTET_STRING **pmac, + const X509_ALGOR **pmacalg, + const ASN1_OCTET_STRING **psalt, + const ASN1_INTEGER **piter, + const PKCS12 *p12); + +const ASN1_TYPE *PKCS12_SAFEBAG_get0_attr(const PKCS12_SAFEBAG *bag, + int attr_nid); +const ASN1_OBJECT *PKCS12_SAFEBAG_get0_type(const PKCS12_SAFEBAG *bag); +int PKCS12_SAFEBAG_get_nid(const PKCS12_SAFEBAG *bag); +int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag); + +X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag); +X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag); +const STACK_OF(PKCS12_SAFEBAG) * +PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag); +const PKCS8_PRIV_KEY_INFO *PKCS12_SAFEBAG_get0_p8inf(const PKCS12_SAFEBAG *bag); +const X509_SIG *PKCS12_SAFEBAG_get0_pkcs8(const PKCS12_SAFEBAG *bag); + +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_cert(X509 *x509); +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_crl(X509_CRL *crl); +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_p8inf(PKCS8_PRIV_KEY_INFO *p8); +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_pkcs8(X509_SIG *p8); +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid, + const char *pass, + int passlen, + unsigned char *salt, + int saltlen, int iter, + PKCS8_PRIV_KEY_INFO *p8inf); + +PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, + int nid1, int nid2); +PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(const X509_SIG *p8, const char *pass, + int passlen); +PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(const PKCS12_SAFEBAG *bag, + const char *pass, int passlen); +X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, + const char *pass, int passlen, unsigned char *salt, + int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8); +X509_SIG *PKCS8_set0_pbe(const char *pass, int passlen, + PKCS8_PRIV_KEY_INFO *p8inf, X509_ALGOR *pbe); +PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk); +STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7); +PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, + unsigned char *salt, int saltlen, int iter, + STACK_OF(PKCS12_SAFEBAG) *bags); +STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, + int passlen); + +int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes); +STACK_OF(PKCS7) *PKCS12_unpack_authsafes(const PKCS12 *p12); + +int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, + int namelen); +int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name, + int namelen); +int PKCS12_add_friendlyname_utf8(PKCS12_SAFEBAG *bag, const char *name, + int namelen); +int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name, + int namelen); +int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, + const unsigned char *name, int namelen); +int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage); +ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs, + int attr_nid); +char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag); +const STACK_OF(X509_ATTRIBUTE) * +PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag); +unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor, + const char *pass, int passlen, + const unsigned char *in, int inlen, + unsigned char **data, int *datalen, + int en_de); +void *PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it, + const char *pass, int passlen, + const ASN1_OCTET_STRING *oct, int zbuf); +ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, + const ASN1_ITEM *it, + const char *pass, int passlen, + void *obj, int zbuf); +PKCS12 *PKCS12_init(int mode); +int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt, + int saltlen, int id, int iter, int n, + unsigned char *out, const EVP_MD *md_type); +int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, + int saltlen, int id, int iter, int n, + unsigned char *out, const EVP_MD *md_type); +int PKCS12_key_gen_utf8(const char *pass, int passlen, unsigned char *salt, + int saltlen, int id, int iter, int n, + unsigned char *out, const EVP_MD *md_type); +int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + ASN1_TYPE *param, const EVP_CIPHER *cipher, + const EVP_MD *md_type, int en_de); +int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, + unsigned char *mac, unsigned int *maclen); +int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen); +int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, + unsigned char *salt, int saltlen, int iter, + const EVP_MD *md_type); +int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, + int saltlen, const EVP_MD *md_type); +unsigned char *OPENSSL_asc2uni(const char *asc, int asclen, + unsigned char **uni, int *unilen); +char *OPENSSL_uni2asc(const unsigned char *uni, int unilen); +unsigned char *OPENSSL_utf82uni(const char *asc, int asclen, + unsigned char **uni, int *unilen); +char *OPENSSL_uni2utf8(const unsigned char *uni, int unilen); + +DECLARE_ASN1_FUNCTIONS(PKCS12) +DECLARE_ASN1_FUNCTIONS(PKCS12_MAC_DATA) +DECLARE_ASN1_FUNCTIONS(PKCS12_SAFEBAG) +DECLARE_ASN1_FUNCTIONS(PKCS12_BAGS) + +DECLARE_ASN1_ITEM(PKCS12_SAFEBAGS) +DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES) + +void PKCS12_PBE_add(void); +int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, + STACK_OF(X509) **ca); +PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey, + X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert, + int iter, int mac_iter, int keytype); + +PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert); +PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, + EVP_PKEY *key, int key_usage, int iter, + int key_nid, const char *pass); +int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags, + int safe_nid, int iter, const char *pass); +PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int p7_nid); + +int i2d_PKCS12_bio(BIO *bp, const PKCS12 *p12); +# ifndef OPENSSL_NO_STDIO +int i2d_PKCS12_fp(FILE *fp, const PKCS12 *p12); +# endif +PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12); +# ifndef OPENSSL_NO_STDIO +PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12); +# endif +int PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/linux_amd64/include/openssl/pkcs12err.h b/linux_amd64/include/openssl/pkcs12err.h new file mode 100644 index 0000000..12eac4a --- /dev/null +++ b/linux_amd64/include/openssl/pkcs12err.h @@ -0,0 +1,89 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_PKCS12ERR_H +# define OPENSSL_PKCS12ERR_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_PKCS12ERR_H +# endif + +# include +# include + + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_PKCS12_strings(void); + +/* + * PKCS12 function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define PKCS12_F_OPENSSL_ASC2UNI 0 +# define PKCS12_F_OPENSSL_UNI2ASC 0 +# define PKCS12_F_OPENSSL_UNI2UTF8 0 +# define PKCS12_F_OPENSSL_UTF82UNI 0 +# define PKCS12_F_PKCS12_CREATE 0 +# define PKCS12_F_PKCS12_GEN_MAC 0 +# define PKCS12_F_PKCS12_INIT 0 +# define PKCS12_F_PKCS12_ITEM_DECRYPT_D2I 0 +# define PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT 0 +# define PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG 0 +# define PKCS12_F_PKCS12_KEY_GEN_ASC 0 +# define PKCS12_F_PKCS12_KEY_GEN_UNI 0 +# define PKCS12_F_PKCS12_KEY_GEN_UTF8 0 +# define PKCS12_F_PKCS12_NEWPASS 0 +# define PKCS12_F_PKCS12_PACK_P7DATA 0 +# define PKCS12_F_PKCS12_PACK_P7ENCDATA 0 +# define PKCS12_F_PKCS12_PARSE 0 +# define PKCS12_F_PKCS12_PBE_CRYPT 0 +# define PKCS12_F_PKCS12_PBE_KEYIVGEN 0 +# define PKCS12_F_PKCS12_SAFEBAG_CREATE0_P8INF 0 +# define PKCS12_F_PKCS12_SAFEBAG_CREATE0_PKCS8 0 +# define PKCS12_F_PKCS12_SAFEBAG_CREATE_PKCS8_ENCRYPT 0 +# define PKCS12_F_PKCS12_SETUP_MAC 0 +# define PKCS12_F_PKCS12_SET_MAC 0 +# define PKCS12_F_PKCS12_UNPACK_AUTHSAFES 0 +# define PKCS12_F_PKCS12_UNPACK_P7DATA 0 +# define PKCS12_F_PKCS12_VERIFY_MAC 0 +# define PKCS12_F_PKCS8_ENCRYPT 0 +# define PKCS12_F_PKCS8_SET0_PBE 0 +# endif + +/* + * PKCS12 reason codes. + */ +# define PKCS12_R_CANT_PACK_STRUCTURE 100 +# define PKCS12_R_CONTENT_TYPE_NOT_DATA 121 +# define PKCS12_R_DECODE_ERROR 101 +# define PKCS12_R_ENCODE_ERROR 102 +# define PKCS12_R_ENCRYPT_ERROR 103 +# define PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE 120 +# define PKCS12_R_INVALID_NULL_ARGUMENT 104 +# define PKCS12_R_INVALID_NULL_PKCS12_POINTER 105 +# define PKCS12_R_IV_GEN_ERROR 106 +# define PKCS12_R_KEY_GEN_ERROR 107 +# define PKCS12_R_MAC_ABSENT 108 +# define PKCS12_R_MAC_GENERATION_ERROR 109 +# define PKCS12_R_MAC_SETUP_ERROR 110 +# define PKCS12_R_MAC_STRING_SET_ERROR 111 +# define PKCS12_R_MAC_VERIFY_FAILURE 113 +# define PKCS12_R_PARSE_ERROR 114 +# define PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR 115 +# define PKCS12_R_PKCS12_CIPHERFINAL_ERROR 116 +# define PKCS12_R_PKCS12_PBE_CRYPT_ERROR 117 +# define PKCS12_R_UNKNOWN_DIGEST_ALGORITHM 118 +# define PKCS12_R_UNSUPPORTED_PKCS12_MODE 119 + +#endif diff --git a/linux_amd64/include/openssl/pkcs7.h b/linux_amd64/include/openssl/pkcs7.h new file mode 100644 index 0000000..7c079a2 --- /dev/null +++ b/linux_amd64/include/openssl/pkcs7.h @@ -0,0 +1,325 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_PKCS7_H +# define OPENSSL_PKCS7_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_PKCS7_H +# endif + +# include +# include +# include + +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/*- +Encryption_ID DES-CBC +Digest_ID MD5 +Digest_Encryption_ID rsaEncryption +Key_Encryption_ID rsaEncryption +*/ + +typedef struct pkcs7_issuer_and_serial_st { + X509_NAME *issuer; + ASN1_INTEGER *serial; +} PKCS7_ISSUER_AND_SERIAL; + +typedef struct pkcs7_signer_info_st { + ASN1_INTEGER *version; /* version 1 */ + PKCS7_ISSUER_AND_SERIAL *issuer_and_serial; + X509_ALGOR *digest_alg; + STACK_OF(X509_ATTRIBUTE) *auth_attr; /* [ 0 ] */ + X509_ALGOR *digest_enc_alg; + ASN1_OCTET_STRING *enc_digest; + STACK_OF(X509_ATTRIBUTE) *unauth_attr; /* [ 1 ] */ + /* The private key to sign with */ + EVP_PKEY *pkey; +} PKCS7_SIGNER_INFO; + +DEFINE_STACK_OF(PKCS7_SIGNER_INFO) + +typedef struct pkcs7_recip_info_st { + ASN1_INTEGER *version; /* version 0 */ + PKCS7_ISSUER_AND_SERIAL *issuer_and_serial; + X509_ALGOR *key_enc_algor; + ASN1_OCTET_STRING *enc_key; + X509 *cert; /* get the pub-key from this */ +} PKCS7_RECIP_INFO; + +DEFINE_STACK_OF(PKCS7_RECIP_INFO) + +typedef struct pkcs7_signed_st { + ASN1_INTEGER *version; /* version 1 */ + STACK_OF(X509_ALGOR) *md_algs; /* md used */ + STACK_OF(X509) *cert; /* [ 0 ] */ + STACK_OF(X509_CRL) *crl; /* [ 1 ] */ + STACK_OF(PKCS7_SIGNER_INFO) *signer_info; + struct pkcs7_st *contents; +} PKCS7_SIGNED; +/* + * The above structure is very very similar to PKCS7_SIGN_ENVELOPE. How about + * merging the two + */ + +typedef struct pkcs7_enc_content_st { + ASN1_OBJECT *content_type; + X509_ALGOR *algorithm; + ASN1_OCTET_STRING *enc_data; /* [ 0 ] */ + const EVP_CIPHER *cipher; +} PKCS7_ENC_CONTENT; + +typedef struct pkcs7_enveloped_st { + ASN1_INTEGER *version; /* version 0 */ + STACK_OF(PKCS7_RECIP_INFO) *recipientinfo; + PKCS7_ENC_CONTENT *enc_data; +} PKCS7_ENVELOPE; + +typedef struct pkcs7_signedandenveloped_st { + ASN1_INTEGER *version; /* version 1 */ + STACK_OF(X509_ALGOR) *md_algs; /* md used */ + STACK_OF(X509) *cert; /* [ 0 ] */ + STACK_OF(X509_CRL) *crl; /* [ 1 ] */ + STACK_OF(PKCS7_SIGNER_INFO) *signer_info; + PKCS7_ENC_CONTENT *enc_data; + STACK_OF(PKCS7_RECIP_INFO) *recipientinfo; +} PKCS7_SIGN_ENVELOPE; + +typedef struct pkcs7_digest_st { + ASN1_INTEGER *version; /* version 0 */ + X509_ALGOR *md; /* md used */ + struct pkcs7_st *contents; + ASN1_OCTET_STRING *digest; +} PKCS7_DIGEST; + +typedef struct pkcs7_encrypted_st { + ASN1_INTEGER *version; /* version 0 */ + PKCS7_ENC_CONTENT *enc_data; +} PKCS7_ENCRYPT; + +typedef struct pkcs7_st { + /* + * The following is non NULL if it contains ASN1 encoding of this + * structure + */ + unsigned char *asn1; + long length; +# define PKCS7_S_HEADER 0 +# define PKCS7_S_BODY 1 +# define PKCS7_S_TAIL 2 + int state; /* used during processing */ + int detached; + ASN1_OBJECT *type; + /* content as defined by the type */ + /* + * all encryption/message digests are applied to the 'contents', leaving + * out the 'type' field. + */ + union { + char *ptr; + /* NID_pkcs7_data */ + ASN1_OCTET_STRING *data; + /* NID_pkcs7_signed */ + PKCS7_SIGNED *sign; + /* NID_pkcs7_enveloped */ + PKCS7_ENVELOPE *enveloped; + /* NID_pkcs7_signedAndEnveloped */ + PKCS7_SIGN_ENVELOPE *signed_and_enveloped; + /* NID_pkcs7_digest */ + PKCS7_DIGEST *digest; + /* NID_pkcs7_encrypted */ + PKCS7_ENCRYPT *encrypted; + /* Anything else */ + ASN1_TYPE *other; + } d; +} PKCS7; + +DEFINE_STACK_OF(PKCS7) + +# define PKCS7_OP_SET_DETACHED_SIGNATURE 1 +# define PKCS7_OP_GET_DETACHED_SIGNATURE 2 + +# define PKCS7_get_signed_attributes(si) ((si)->auth_attr) +# define PKCS7_get_attributes(si) ((si)->unauth_attr) + +# define PKCS7_type_is_signed(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_signed) +# define PKCS7_type_is_encrypted(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted) +# define PKCS7_type_is_enveloped(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_enveloped) +# define PKCS7_type_is_signedAndEnveloped(a) \ + (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped) +# define PKCS7_type_is_data(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_data) +# define PKCS7_type_is_digest(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_digest) + +# define PKCS7_set_detached(p,v) \ + PKCS7_ctrl(p,PKCS7_OP_SET_DETACHED_SIGNATURE,v,NULL) +# define PKCS7_get_detached(p) \ + PKCS7_ctrl(p,PKCS7_OP_GET_DETACHED_SIGNATURE,0,NULL) + +# define PKCS7_is_detached(p7) (PKCS7_type_is_signed(p7) && PKCS7_get_detached(p7)) + +/* S/MIME related flags */ + +# define PKCS7_TEXT 0x1 +# define PKCS7_NOCERTS 0x2 +# define PKCS7_NOSIGS 0x4 +# define PKCS7_NOCHAIN 0x8 +# define PKCS7_NOINTERN 0x10 +# define PKCS7_NOVERIFY 0x20 +# define PKCS7_DETACHED 0x40 +# define PKCS7_BINARY 0x80 +# define PKCS7_NOATTR 0x100 +# define PKCS7_NOSMIMECAP 0x200 +# define PKCS7_NOOLDMIMETYPE 0x400 +# define PKCS7_CRLFEOL 0x800 +# define PKCS7_STREAM 0x1000 +# define PKCS7_NOCRL 0x2000 +# define PKCS7_PARTIAL 0x4000 +# define PKCS7_REUSE_DIGEST 0x8000 +# define PKCS7_NO_DUAL_CONTENT 0x10000 + +/* Flags: for compatibility with older code */ + +# define SMIME_TEXT PKCS7_TEXT +# define SMIME_NOCERTS PKCS7_NOCERTS +# define SMIME_NOSIGS PKCS7_NOSIGS +# define SMIME_NOCHAIN PKCS7_NOCHAIN +# define SMIME_NOINTERN PKCS7_NOINTERN +# define SMIME_NOVERIFY PKCS7_NOVERIFY +# define SMIME_DETACHED PKCS7_DETACHED +# define SMIME_BINARY PKCS7_BINARY +# define SMIME_NOATTR PKCS7_NOATTR + +/* CRLF ASCII canonicalisation */ +# define SMIME_ASCIICRLF 0x80000 + +DECLARE_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL) + +int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, + const EVP_MD *type, unsigned char *md, + unsigned int *len); +# ifndef OPENSSL_NO_STDIO +PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7); +int i2d_PKCS7_fp(FILE *fp, const PKCS7 *p7); +# endif +DECLARE_ASN1_DUP_FUNCTION(PKCS7) +PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7); +int i2d_PKCS7_bio(BIO *bp, const PKCS7 *p7); +int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *in, int flags); +int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *in, int flags); + +DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNER_INFO) +DECLARE_ASN1_FUNCTIONS(PKCS7_RECIP_INFO) +DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNED) +DECLARE_ASN1_FUNCTIONS(PKCS7_ENC_CONTENT) +DECLARE_ASN1_FUNCTIONS(PKCS7_ENVELOPE) +DECLARE_ASN1_FUNCTIONS(PKCS7_SIGN_ENVELOPE) +DECLARE_ASN1_FUNCTIONS(PKCS7_DIGEST) +DECLARE_ASN1_FUNCTIONS(PKCS7_ENCRYPT) +DECLARE_ASN1_FUNCTIONS(PKCS7) + +DECLARE_ASN1_ITEM(PKCS7_ATTR_SIGN) +DECLARE_ASN1_ITEM(PKCS7_ATTR_VERIFY) + +DECLARE_ASN1_NDEF_FUNCTION(PKCS7) +DECLARE_ASN1_PRINT_FUNCTION(PKCS7) + +long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg); + +int PKCS7_set_type(PKCS7 *p7, int type); +int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other); +int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data); +int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, + const EVP_MD *dgst); +int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si); +int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i); +int PKCS7_add_certificate(PKCS7 *p7, X509 *x509); +int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509); +int PKCS7_content_new(PKCS7 *p7, int nid); +int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, + BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si); +int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, + X509 *x509); + +BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio); +int PKCS7_dataFinal(PKCS7 *p7, BIO *bio); +BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert); + +PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, + EVP_PKEY *pkey, const EVP_MD *dgst); +X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si); +int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md); +STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7); + +PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509); +void PKCS7_SIGNER_INFO_get0_algs(PKCS7_SIGNER_INFO *si, EVP_PKEY **pk, + X509_ALGOR **pdig, X509_ALGOR **psig); +void PKCS7_RECIP_INFO_get0_alg(PKCS7_RECIP_INFO *ri, X509_ALGOR **penc); +int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri); +int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509); +int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher); +int PKCS7_stream(unsigned char ***boundary, PKCS7 *p7); + +PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx); +ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk); +int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int type, + void *data); +int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, + void *value); +ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid); +ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid); +int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si, + STACK_OF(X509_ATTRIBUTE) *sk); +int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, + STACK_OF(X509_ATTRIBUTE) *sk); + +PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, + BIO *data, int flags); + +PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, + X509 *signcert, EVP_PKEY *pkey, + const EVP_MD *md, int flags); + +int PKCS7_final(PKCS7 *p7, BIO *data, int flags); +int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, + BIO *indata, BIO *out, int flags); +STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, + int flags); +PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, + int flags); +int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, + int flags); + +int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, + STACK_OF(X509_ALGOR) *cap); +STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si); +int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg); + +int PKCS7_add_attrib_content_type(PKCS7_SIGNER_INFO *si, ASN1_OBJECT *coid); +int PKCS7_add0_attrib_signing_time(PKCS7_SIGNER_INFO *si, ASN1_TIME *t); +int PKCS7_add1_attrib_digest(PKCS7_SIGNER_INFO *si, + const unsigned char *md, int mdlen); + +int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags); +PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont); + +BIO *BIO_new_PKCS7(BIO *out, PKCS7 *p7); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/linux_amd64/include/openssl/pkcs7err.h b/linux_amd64/include/openssl/pkcs7err.h new file mode 100644 index 0000000..41735bd --- /dev/null +++ b/linux_amd64/include/openssl/pkcs7err.h @@ -0,0 +1,111 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_PKCS7ERR_H +# define OPENSSL_PKCS7ERR_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_PKCS7ERR_H +# endif + +# include +# include + + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_PKCS7_strings(void); + +/* + * PKCS7 function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define PKCS7_F_DO_PKCS7_SIGNED_ATTRIB 0 +# define PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME 0 +# define PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP 0 +# define PKCS7_F_PKCS7_ADD_CERTIFICATE 0 +# define PKCS7_F_PKCS7_ADD_CRL 0 +# define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO 0 +# define PKCS7_F_PKCS7_ADD_SIGNATURE 0 +# define PKCS7_F_PKCS7_ADD_SIGNER 0 +# define PKCS7_F_PKCS7_BIO_ADD_DIGEST 0 +# define PKCS7_F_PKCS7_COPY_EXISTING_DIGEST 0 +# define PKCS7_F_PKCS7_CTRL 0 +# define PKCS7_F_PKCS7_DATADECODE 0 +# define PKCS7_F_PKCS7_DATAFINAL 0 +# define PKCS7_F_PKCS7_DATAINIT 0 +# define PKCS7_F_PKCS7_DATAVERIFY 0 +# define PKCS7_F_PKCS7_DECRYPT 0 +# define PKCS7_F_PKCS7_DECRYPT_RINFO 0 +# define PKCS7_F_PKCS7_ENCODE_RINFO 0 +# define PKCS7_F_PKCS7_ENCRYPT 0 +# define PKCS7_F_PKCS7_FINAL 0 +# define PKCS7_F_PKCS7_FIND_DIGEST 0 +# define PKCS7_F_PKCS7_GET0_SIGNERS 0 +# define PKCS7_F_PKCS7_RECIP_INFO_SET 0 +# define PKCS7_F_PKCS7_SET_CIPHER 0 +# define PKCS7_F_PKCS7_SET_CONTENT 0 +# define PKCS7_F_PKCS7_SET_DIGEST 0 +# define PKCS7_F_PKCS7_SET_TYPE 0 +# define PKCS7_F_PKCS7_SIGN 0 +# define PKCS7_F_PKCS7_SIGNATUREVERIFY 0 +# define PKCS7_F_PKCS7_SIGNER_INFO_SET 0 +# define PKCS7_F_PKCS7_SIGNER_INFO_SIGN 0 +# define PKCS7_F_PKCS7_SIGN_ADD_SIGNER 0 +# define PKCS7_F_PKCS7_SIMPLE_SMIMECAP 0 +# define PKCS7_F_PKCS7_VERIFY 0 +# endif + +/* + * PKCS7 reason codes. + */ +# define PKCS7_R_CERTIFICATE_VERIFY_ERROR 117 +# define PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 144 +# define PKCS7_R_CIPHER_NOT_INITIALIZED 116 +# define PKCS7_R_CONTENT_AND_DATA_PRESENT 118 +# define PKCS7_R_CTRL_ERROR 152 +# define PKCS7_R_DECRYPT_ERROR 119 +# define PKCS7_R_DIGEST_FAILURE 101 +# define PKCS7_R_ENCRYPTION_CTRL_FAILURE 149 +# define PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 150 +# define PKCS7_R_ERROR_ADDING_RECIPIENT 120 +# define PKCS7_R_ERROR_SETTING_CIPHER 121 +# define PKCS7_R_INVALID_NULL_POINTER 143 +# define PKCS7_R_INVALID_SIGNED_DATA_TYPE 155 +# define PKCS7_R_NO_CONTENT 122 +# define PKCS7_R_NO_DEFAULT_DIGEST 151 +# define PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND 154 +# define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE 115 +# define PKCS7_R_NO_SIGNATURES_ON_DATA 123 +# define PKCS7_R_NO_SIGNERS 142 +# define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE 104 +# define PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR 124 +# define PKCS7_R_PKCS7_ADD_SIGNER_ERROR 153 +# define PKCS7_R_PKCS7_DATASIGN 145 +# define PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 127 +# define PKCS7_R_SIGNATURE_FAILURE 105 +# define PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND 128 +# define PKCS7_R_SIGNING_CTRL_FAILURE 147 +# define PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 148 +# define PKCS7_R_SMIME_TEXT_ERROR 129 +# define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE 106 +# define PKCS7_R_UNABLE_TO_FIND_MEM_BIO 107 +# define PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST 108 +# define PKCS7_R_UNKNOWN_DIGEST_TYPE 109 +# define PKCS7_R_UNKNOWN_OPERATION 110 +# define PKCS7_R_UNSUPPORTED_CIPHER_TYPE 111 +# define PKCS7_R_UNSUPPORTED_CONTENT_TYPE 112 +# define PKCS7_R_WRONG_CONTENT_TYPE 113 +# define PKCS7_R_WRONG_PKCS7_TYPE 114 + +#endif diff --git a/linux_amd64/include/openssl/provider.h b/linux_amd64/include/openssl/provider.h new file mode 100644 index 0000000..86dabf4 --- /dev/null +++ b/linux_amd64/include/openssl/provider.h @@ -0,0 +1,38 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_PROVIDER_H +# define OPENSSL_PROVIDER_H + +# include + +# ifdef __cplusplus +extern "C" { +# endif + +/* Load and unload a provider */ +OSSL_PROVIDER *OSSL_PROVIDER_load(OPENSSL_CTX *, const char *name); +int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov); +int OSSL_PROVIDER_available(OPENSSL_CTX *, const char *name); + +const OSSL_PARAM *OSSL_PROVIDER_gettable_params(const OSSL_PROVIDER *prov); +int OSSL_PROVIDER_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[]); + +/* Add a built in providers */ +int OSSL_PROVIDER_add_builtin(OPENSSL_CTX *, const char *name, + OSSL_provider_init_fn *init_fn); + +/* Information */ +const char *OSSL_PROVIDER_name(const OSSL_PROVIDER *prov); + +# ifdef __cplusplus +} +# endif + +#endif diff --git a/linux_amd64/include/openssl/rand.h b/linux_amd64/include/openssl/rand.h new file mode 100644 index 0000000..574592a --- /dev/null +++ b/linux_amd64/include/openssl/rand.h @@ -0,0 +1,90 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_RAND_H +# define OPENSSL_RAND_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_RAND_H +# endif + +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +struct rand_meth_st { + int (*seed) (const void *buf, int num); + int (*bytes) (unsigned char *buf, int num); + void (*cleanup) (void); + int (*add) (const void *buf, int num, double randomness); + int (*pseudorand) (unsigned char *buf, int num); + int (*status) (void); +}; + +int RAND_set_rand_method(const RAND_METHOD *meth); +const RAND_METHOD *RAND_get_rand_method(void); +# ifndef OPENSSL_NO_ENGINE +int RAND_set_rand_engine(ENGINE *engine); +# endif + +RAND_METHOD *RAND_OpenSSL(void); + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define RAND_cleanup() while(0) continue +# endif +int RAND_bytes(unsigned char *buf, int num); +int RAND_priv_bytes(unsigned char *buf, int num); + +/* Equivalent of RAND_priv_bytes() but additionally taking an OPENSSL_CTX */ +int RAND_priv_bytes_ex(OPENSSL_CTX *ctx, unsigned char *buf, int num); + +/* Equivalent of RAND_bytes() but additionally taking an OPENSSL_CTX */ +int RAND_bytes_ex(OPENSSL_CTX *ctx, unsigned char *buf, int num); + +DEPRECATEDIN_1_1_0(int RAND_pseudo_bytes(unsigned char *buf, int num)) + +void RAND_seed(const void *buf, int num); +void RAND_keep_random_devices_open(int keep); + +# if defined(__ANDROID__) && defined(__NDK_FPABI__) +__NDK_FPABI__ /* __attribute__((pcs("aapcs"))) on ARM */ +# endif +void RAND_add(const void *buf, int num, double randomness); +int RAND_load_file(const char *file, long max_bytes); +int RAND_write_file(const char *file); +const char *RAND_file_name(char *file, size_t num); +int RAND_status(void); + +# ifndef OPENSSL_NO_EGD +int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes); +int RAND_egd(const char *path); +int RAND_egd_bytes(const char *path, int bytes); +# endif + +int RAND_poll(void); + +# if defined(_WIN32) && (defined(BASETYPES) || defined(_WINDEF_H)) +/* application has to include in order to use these */ +DEPRECATEDIN_1_1_0(void RAND_screen(void)) +DEPRECATEDIN_1_1_0(int RAND_event(UINT, WPARAM, LPARAM)) +# endif + + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/linux_amd64/include/openssl/rand_drbg.h b/linux_amd64/include/openssl/rand_drbg.h new file mode 100644 index 0000000..6d8368d --- /dev/null +++ b/linux_amd64/include/openssl/rand_drbg.h @@ -0,0 +1,161 @@ +/* + * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_RAND_DRBG_H +# define OPENSSL_RAND_DRBG_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_DRBG_RAND_H +# endif + +# include +# include +# include + +/* + * RAND_DRBG flags + * + * Note: if new flags are added, the constant `rand_drbg_used_flags` + * in drbg_lib.c needs to be updated accordingly. + */ + +/* In CTR mode, disable derivation function ctr_df */ +# define RAND_DRBG_FLAG_CTR_NO_DF 0x1 +/* + * This flag is only used when a digest NID is specified (i.e: not a CTR cipher) + * Selects DRBG_HMAC if this is set otherwise use DRBG_HASH. + */ +# define RAND_DRBG_FLAG_HMAC 0x2 + +/* Used by RAND_DRBG_set_defaults() to set the master DRBG type and flags. */ +# define RAND_DRBG_FLAG_MASTER 0x4 +/* Used by RAND_DRBG_set_defaults() to set the public DRBG type and flags. */ +# define RAND_DRBG_FLAG_PUBLIC 0x8 +/* Used by RAND_DRBG_set_defaults() to set the private DRBG type and flags. */ +# define RAND_DRBG_FLAG_PRIVATE 0x10 + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +/* This #define was replaced by an internal constant and should not be used. */ +# define RAND_DRBG_USED_FLAGS (RAND_DRBG_FLAG_CTR_NO_DF) +# endif + +/* + * Default security strength (in the sense of [NIST SP 800-90Ar1]) + * + * NIST SP 800-90Ar1 supports the strength of the DRBG being smaller than that + * of the cipher by collecting less entropy. The current DRBG implementation + * does not take RAND_DRBG_STRENGTH into account and sets the strength of the + * DRBG to that of the cipher. + * + * RAND_DRBG_STRENGTH is currently only used for the legacy RAND + * implementation. + * + * Currently supported ciphers are: NID_aes_128_ctr, NID_aes_192_ctr and + * NID_aes_256_ctr. + * The digest types for DRBG_hash or DRBG_hmac are: NID_sha1, NID_sha224, + * NID_sha256, NID_sha384, NID_sha512, NID_sha512_224, NID_sha512_256, + * NID_sha3_224, NID_sha3_256, NID_sha3_384 and NID_sha3_512. + */ +# define RAND_DRBG_STRENGTH 256 +/* Default drbg type */ +# define RAND_DRBG_TYPE NID_aes_256_ctr +/* Default drbg flags */ +# define RAND_DRBG_FLAGS 0 + + +# ifdef __cplusplus +extern "C" { +# endif + +/* + * Object lifetime functions. + */ +RAND_DRBG *RAND_DRBG_new_ex(OPENSSL_CTX *ctx, int type, unsigned int flags, + RAND_DRBG *parent); +RAND_DRBG *RAND_DRBG_secure_new_ex(OPENSSL_CTX *ctx, int type, + unsigned int flags, RAND_DRBG *parent); +RAND_DRBG *RAND_DRBG_new(int type, unsigned int flags, RAND_DRBG *parent); +RAND_DRBG *RAND_DRBG_secure_new(int type, unsigned int flags, RAND_DRBG *parent); +int RAND_DRBG_set(RAND_DRBG *drbg, int type, unsigned int flags); +int RAND_DRBG_set_defaults(int type, unsigned int flags); +int RAND_DRBG_instantiate(RAND_DRBG *drbg, + const unsigned char *pers, size_t perslen); +int RAND_DRBG_uninstantiate(RAND_DRBG *drbg); +void RAND_DRBG_free(RAND_DRBG *drbg); + +/* + * Object "use" functions. + */ +int RAND_DRBG_reseed(RAND_DRBG *drbg, + const unsigned char *adin, size_t adinlen, + int prediction_resistance); +int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen, + int prediction_resistance, + const unsigned char *adin, size_t adinlen); +int RAND_DRBG_bytes(RAND_DRBG *drbg, unsigned char *out, size_t outlen); + +int RAND_DRBG_set_reseed_interval(RAND_DRBG *drbg, unsigned int interval); +int RAND_DRBG_set_reseed_time_interval(RAND_DRBG *drbg, time_t interval); + +int RAND_DRBG_set_reseed_defaults( + unsigned int master_reseed_interval, + unsigned int slave_reseed_interval, + time_t master_reseed_time_interval, + time_t slave_reseed_time_interval + ); + +RAND_DRBG *OPENSSL_CTX_get0_master_drbg(OPENSSL_CTX *ctx); +RAND_DRBG *OPENSSL_CTX_get0_public_drbg(OPENSSL_CTX *ctx); +RAND_DRBG *OPENSSL_CTX_get0_private_drbg(OPENSSL_CTX *ctx); +RAND_DRBG *RAND_DRBG_get0_master(void); +RAND_DRBG *RAND_DRBG_get0_public(void); +RAND_DRBG *RAND_DRBG_get0_private(void); + +/* + * EXDATA + */ +# define RAND_DRBG_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RAND_DRBG, l, p, newf, dupf, freef) +int RAND_DRBG_set_ex_data(RAND_DRBG *drbg, int idx, void *arg); +void *RAND_DRBG_get_ex_data(const RAND_DRBG *drbg, int idx); + +/* + * Callback function typedefs + */ +typedef size_t (*RAND_DRBG_get_entropy_fn)(RAND_DRBG *drbg, + unsigned char **pout, + int entropy, size_t min_len, + size_t max_len, + int prediction_resistance); +typedef void (*RAND_DRBG_cleanup_entropy_fn)(RAND_DRBG *ctx, + unsigned char *out, size_t outlen); +typedef size_t (*RAND_DRBG_get_nonce_fn)(RAND_DRBG *drbg, unsigned char **pout, + int entropy, size_t min_len, + size_t max_len); +typedef void (*RAND_DRBG_cleanup_nonce_fn)(RAND_DRBG *drbg, + unsigned char *out, size_t outlen); + +int RAND_DRBG_set_callbacks(RAND_DRBG *drbg, + RAND_DRBG_get_entropy_fn get_entropy, + RAND_DRBG_cleanup_entropy_fn cleanup_entropy, + RAND_DRBG_get_nonce_fn get_nonce, + RAND_DRBG_cleanup_nonce_fn cleanup_nonce); + + +int RAND_DRBG_set_callback_data(RAND_DRBG *drbg, void *data); + +void *RAND_DRBG_get_callback_data(RAND_DRBG *drbg); + +# ifdef __cplusplus +} +# endif + +#endif diff --git a/linux_amd64/include/openssl/randerr.h b/linux_amd64/include/openssl/randerr.h new file mode 100644 index 0000000..780d268 --- /dev/null +++ b/linux_amd64/include/openssl/randerr.h @@ -0,0 +1,107 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_RANDERR_H +# define OPENSSL_RANDERR_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_RANDERR_H +# endif + +# include +# include + + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_RAND_strings(void); + +/* + * RAND function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define RAND_F_DRBG_BYTES 0 +# define RAND_F_DRBG_CTR_INIT 0 +# define RAND_F_DRBG_GET_ENTROPY 0 +# define RAND_F_DRBG_SETUP 0 +# define RAND_F_GET_ENTROPY 0 +# define RAND_F_RAND_BYTES 0 +# define RAND_F_RAND_BYTES_EX 0 +# define RAND_F_RAND_DRBG_ENABLE_LOCKING 0 +# define RAND_F_RAND_DRBG_GENERATE 0 +# define RAND_F_RAND_DRBG_GET_ENTROPY 0 +# define RAND_F_RAND_DRBG_GET_NONCE 0 +# define RAND_F_RAND_DRBG_INSTANTIATE 0 +# define RAND_F_RAND_DRBG_NEW 0 +# define RAND_F_RAND_DRBG_RESEED 0 +# define RAND_F_RAND_DRBG_RESTART 0 +# define RAND_F_RAND_DRBG_SET 0 +# define RAND_F_RAND_DRBG_SET_DEFAULTS 0 +# define RAND_F_RAND_DRBG_UNINSTANTIATE 0 +# define RAND_F_RAND_LOAD_FILE 0 +# define RAND_F_RAND_POOL_ACQUIRE_ENTROPY 0 +# define RAND_F_RAND_POOL_ADD 0 +# define RAND_F_RAND_POOL_ADD_BEGIN 0 +# define RAND_F_RAND_POOL_ADD_END 0 +# define RAND_F_RAND_POOL_ATTACH 0 +# define RAND_F_RAND_POOL_BYTES_NEEDED 0 +# define RAND_F_RAND_POOL_GROW 0 +# define RAND_F_RAND_POOL_NEW 0 +# define RAND_F_RAND_PRIV_BYTES_EX 0 +# define RAND_F_RAND_PSEUDO_BYTES 0 +# define RAND_F_RAND_WRITE_FILE 0 +# endif + +/* + * RAND reason codes. + */ +# define RAND_R_ADDITIONAL_INPUT_TOO_LONG 102 +# define RAND_R_ALREADY_INSTANTIATED 103 +# define RAND_R_ARGUMENT_OUT_OF_RANGE 105 +# define RAND_R_CANNOT_OPEN_FILE 121 +# define RAND_R_DERIVATION_FUNCTION_MANDATORY_FOR_FIPS 137 +# define RAND_R_DRBG_ALREADY_INITIALIZED 129 +# define RAND_R_DRBG_NOT_INITIALISED 104 +# define RAND_R_ENTROPY_INPUT_TOO_LONG 106 +# define RAND_R_ENTROPY_OUT_OF_RANGE 124 +# define RAND_R_ERROR_ENTROPY_POOL_WAS_IGNORED 127 +# define RAND_R_ERROR_INITIALISING_DRBG 107 +# define RAND_R_ERROR_INSTANTIATING_DRBG 108 +# define RAND_R_ERROR_RETRIEVING_ADDITIONAL_INPUT 109 +# define RAND_R_ERROR_RETRIEVING_ENTROPY 110 +# define RAND_R_ERROR_RETRIEVING_NONCE 111 +# define RAND_R_FAILED_TO_CREATE_LOCK 126 +# define RAND_R_FUNC_NOT_IMPLEMENTED 101 +# define RAND_R_FWRITE_ERROR 123 +# define RAND_R_GENERATE_ERROR 112 +# define RAND_R_INTERNAL_ERROR 113 +# define RAND_R_IN_ERROR_STATE 114 +# define RAND_R_NOT_A_REGULAR_FILE 122 +# define RAND_R_NOT_INSTANTIATED 115 +# define RAND_R_NO_DRBG_IMPLEMENTATION_SELECTED 128 +# define RAND_R_PARENT_LOCKING_NOT_ENABLED 130 +# define RAND_R_PARENT_STRENGTH_TOO_WEAK 131 +# define RAND_R_PERSONALISATION_STRING_TOO_LONG 116 +# define RAND_R_PREDICTION_RESISTANCE_NOT_SUPPORTED 133 +# define RAND_R_PRNG_NOT_SEEDED 100 +# define RAND_R_RANDOM_POOL_OVERFLOW 125 +# define RAND_R_RANDOM_POOL_UNDERFLOW 134 +# define RAND_R_REQUEST_TOO_LARGE_FOR_DRBG 117 +# define RAND_R_RESEED_ERROR 118 +# define RAND_R_SELFTEST_FAILURE 119 +# define RAND_R_TOO_LITTLE_NONCE_REQUESTED 135 +# define RAND_R_TOO_MUCH_NONCE_REQUESTED 136 +# define RAND_R_UNSUPPORTED_DRBG_FLAGS 132 +# define RAND_R_UNSUPPORTED_DRBG_TYPE 120 + +#endif diff --git a/linux_amd64/include/openssl/rc2.h b/linux_amd64/include/openssl/rc2.h new file mode 100644 index 0000000..2c63c75 --- /dev/null +++ b/linux_amd64/include/openssl/rc2.h @@ -0,0 +1,64 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_RC2_H +# define OPENSSL_RC2_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_RC2_H +# endif + +# include + +# ifndef OPENSSL_NO_RC2 +# ifdef __cplusplus +extern "C" { +# endif + +# define RC2_BLOCK 8 +# define RC2_KEY_LENGTH 16 + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +typedef unsigned int RC2_INT; + +# define RC2_ENCRYPT 1 +# define RC2_DECRYPT 0 + +typedef struct rc2_key_st { + RC2_INT data[64]; +} RC2_KEY; +# endif + +DEPRECATEDIN_3_0(void RC2_set_key(RC2_KEY *key, int len, + const unsigned char *data, int bits)) +DEPRECATEDIN_3_0(void RC2_ecb_encrypt(const unsigned char *in, + unsigned char *out, RC2_KEY *key, + int enc)) +DEPRECATEDIN_3_0(void RC2_encrypt(unsigned long *data, RC2_KEY *key)) +DEPRECATEDIN_3_0(void RC2_decrypt(unsigned long *data, RC2_KEY *key)) +DEPRECATEDIN_3_0(void RC2_cbc_encrypt(const unsigned char *in, + unsigned char *out, long length, + RC2_KEY *ks, unsigned char *iv, int enc)) +DEPRECATEDIN_3_0(void RC2_cfb64_encrypt(const unsigned char *in, + unsigned char *out, long length, + RC2_KEY *schedule, unsigned char *ivec, + int *num, int enc)) +DEPRECATEDIN_3_0(void RC2_ofb64_encrypt(const unsigned char *in, + unsigned char *out, long length, + RC2_KEY *schedule, unsigned char *ivec, + int *num)) + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/linux_amd64/include/openssl/rc4.h b/linux_amd64/include/openssl/rc4.h new file mode 100644 index 0000000..98ba8d8 --- /dev/null +++ b/linux_amd64/include/openssl/rc4.h @@ -0,0 +1,45 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_RC4_H +# define OPENSSL_RC4_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_RC4_H +# endif + +# include + +# ifndef OPENSSL_NO_RC4 +# include +# ifdef __cplusplus +extern "C" { +# endif + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +typedef struct rc4_key_st { + RC4_INT x, y; + RC4_INT data[256]; +} RC4_KEY; +# endif + +DEPRECATEDIN_3_0(const char *RC4_options(void)) +DEPRECATEDIN_3_0(void RC4_set_key(RC4_KEY *key, int len, + const unsigned char *data)) +DEPRECATEDIN_3_0(void RC4(RC4_KEY *key, size_t len, const unsigned char *indata, + unsigned char *outdata)) + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/linux_amd64/include/openssl/rc5.h b/linux_amd64/include/openssl/rc5.h new file mode 100644 index 0000000..a9c06d3 --- /dev/null +++ b/linux_amd64/include/openssl/rc5.h @@ -0,0 +1,76 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_RC5_H +# define OPENSSL_RC5_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_RC5_H +# endif + +# include + +# ifndef OPENSSL_NO_RC5 +# ifdef __cplusplus +extern "C" { +# endif + +# define RC5_32_BLOCK 8 +# define RC5_32_KEY_LENGTH 16/* This is a default, max is 255 */ + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define RC5_ENCRYPT 1 +# define RC5_DECRYPT 0 + +# define RC5_32_INT unsigned int + +/* + * This are the only values supported. Tweak the code if you want more The + * most supported modes will be RC5-32/12/16 RC5-32/16/8 + */ +# define RC5_8_ROUNDS 8 +# define RC5_12_ROUNDS 12 +# define RC5_16_ROUNDS 16 + +typedef struct rc5_key_st { + /* Number of rounds */ + int rounds; + RC5_32_INT data[2 * (RC5_16_ROUNDS + 1)]; +} RC5_32_KEY; +# endif + +DEPRECATEDIN_3_0(int RC5_32_set_key(RC5_32_KEY *key, int len, + const unsigned char *data, int rounds)) +DEPRECATEDIN_3_0(void RC5_32_ecb_encrypt(const unsigned char *in, + unsigned char *out, RC5_32_KEY *key, + int enc)) +DEPRECATEDIN_3_0(void RC5_32_encrypt(unsigned long *data, RC5_32_KEY *key)) +DEPRECATEDIN_3_0(void RC5_32_decrypt(unsigned long *data, RC5_32_KEY *key)) +DEPRECATEDIN_3_0(void RC5_32_cbc_encrypt(const unsigned char *in, + unsigned char *out, long length, + RC5_32_KEY *ks, unsigned char *iv, + int enc)) +DEPRECATEDIN_3_0(void RC5_32_cfb64_encrypt(const unsigned char *in, + unsigned char *out, long length, + RC5_32_KEY *schedule, + unsigned char *ivec, int *num, + int enc)) +DEPRECATEDIN_3_0(void RC5_32_ofb64_encrypt(const unsigned char *in, + unsigned char *out, long length, + RC5_32_KEY *schedule, + unsigned char *ivec, int *num)) + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/linux_amd64/include/openssl/ripemd.h b/linux_amd64/include/openssl/ripemd.h new file mode 100644 index 0000000..936d4e4 --- /dev/null +++ b/linux_amd64/include/openssl/ripemd.h @@ -0,0 +1,58 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_RIPEMD_H +# define OPENSSL_RIPEMD_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_RIPEMD_H +# endif + +# include + +# ifndef OPENSSL_NO_RMD160 +# include +# include + +# define RIPEMD160_DIGEST_LENGTH 20 + +# ifdef __cplusplus +extern "C" { +# endif +# if !defined(OPENSSL_NO_DEPRECATED_3_0) + +# define RIPEMD160_LONG unsigned int + +# define RIPEMD160_CBLOCK 64 +# define RIPEMD160_LBLOCK (RIPEMD160_CBLOCK/4) + +typedef struct RIPEMD160state_st { + RIPEMD160_LONG A, B, C, D, E; + RIPEMD160_LONG Nl, Nh; + RIPEMD160_LONG data[RIPEMD160_LBLOCK]; + unsigned int num; +} RIPEMD160_CTX; +# endif + +DEPRECATEDIN_3_0(int RIPEMD160_Init(RIPEMD160_CTX *c)) +DEPRECATEDIN_3_0(int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, + size_t len)) +DEPRECATEDIN_3_0(int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c)) +DEPRECATEDIN_3_0(unsigned char *RIPEMD160(const unsigned char *d, size_t n, + unsigned char *md)) +DEPRECATEDIN_3_0(void RIPEMD160_Transform(RIPEMD160_CTX *c, + const unsigned char *b)) + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/linux_amd64/include/openssl/rsa.h b/linux_amd64/include/openssl/rsa.h new file mode 100644 index 0000000..1f0687d --- /dev/null +++ b/linux_amd64/include/openssl/rsa.h @@ -0,0 +1,553 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_RSA_H +# define OPENSSL_RSA_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_RSA_H +# endif + +# include + +# ifndef OPENSSL_NO_RSA +# include +# include +# include +# include +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# include +# endif +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +# ifndef OPENSSL_RSA_MAX_MODULUS_BITS +# define OPENSSL_RSA_MAX_MODULUS_BITS 16384 +# endif + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +/* The types RSA and RSA_METHOD are defined in ossl_typ.h */ + +# define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 1024 + +# ifndef OPENSSL_RSA_SMALL_MODULUS_BITS +# define OPENSSL_RSA_SMALL_MODULUS_BITS 3072 +# endif + +/* exponent limit enforced for "large" modulus only */ +# ifndef OPENSSL_RSA_MAX_PUBEXP_BITS +# define OPENSSL_RSA_MAX_PUBEXP_BITS 64 +# endif + +# define RSA_3 0x3L +# define RSA_F4 0x10001L + +/* based on RFC 8017 appendix A.1.2 */ +# define RSA_ASN1_VERSION_DEFAULT 0 +# define RSA_ASN1_VERSION_MULTI 1 + +# define RSA_DEFAULT_PRIME_NUM 2 +# endif /* OPENSSL_NO_DEPRECATED_3_0 */ + +/* Don't check pub/private match */ +/* TODO(3.0): deprecate this? It is exposed for sls/t1_lib.c's use */ +# define RSA_METHOD_FLAG_NO_CHECK 0x0001 + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define RSA_FLAG_CACHE_PUBLIC 0x0002 +# define RSA_FLAG_CACHE_PRIVATE 0x0004 +# define RSA_FLAG_BLINDING 0x0008 +# define RSA_FLAG_THREAD_SAFE 0x0010 +/* + * This flag means the private key operations will be handled by rsa_mod_exp + * and that they do not depend on the private key components being present: + * for example a key stored in external hardware. Without this flag + * bn_mod_exp gets called when private key components are absent. + */ +# define RSA_FLAG_EXT_PKEY 0x0020 + +/* + * new with 0.9.6j and 0.9.7b; the built-in + * RSA implementation now uses blinding by + * default (ignoring RSA_FLAG_BLINDING), + * but other engines might not need it + */ +# define RSA_FLAG_NO_BLINDING 0x0080 +# endif /* OPENSSL_NO_DEPRECATED_3_0 */ +/* + * Does nothing. Previously this switched off constant time behaviour. + */ +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define RSA_FLAG_NO_CONSTTIME 0x0000 +# endif +/* deprecated name for the flag*/ +/* + * new with 0.9.7h; the built-in RSA + * implementation now uses constant time + * modular exponentiation for secret exponents + * by default. This flag causes the + * faster variable sliding window method to + * be used for all exponents. + */ +# ifndef OPENSSL_NO_DEPRECATED_0_9_8 +# define RSA_FLAG_NO_EXP_CONSTTIME RSA_FLAG_NO_CONSTTIME +# endif + +int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int pad_mode); +int EVP_PKEY_CTX_get_rsa_padding(EVP_PKEY_CTX *ctx, int *pad_mode); + +int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int saltlen); +int EVP_PKEY_CTX_get_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int *saltlen); + +/* Salt length matches digest */ +# define RSA_PSS_SALTLEN_DIGEST -1 +/* Verify only: auto detect salt length */ +# define RSA_PSS_SALTLEN_AUTO -2 +/* Set salt length to maximum possible */ +# define RSA_PSS_SALTLEN_MAX -3 +/* Old compatible max salt length for sign only */ +# define RSA_PSS_SALTLEN_MAX_SIGN -2 + +# define EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(ctx, len) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_RSA_PSS_SALTLEN, len, NULL) + +# define EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, bits) \ + RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_RSA_KEYGEN_BITS, bits, NULL) + +# define EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp) \ + RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, 0, pubexp) + +# define EVP_PKEY_CTX_set_rsa_keygen_primes(ctx, primes) \ + RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES, primes, NULL) + +int EVP_PKEY_CTX_set_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); +int EVP_PKEY_CTX_set_rsa_mgf1_md_name(EVP_PKEY_CTX *ctx, const char *mdname, + const char *mdprops); +int EVP_PKEY_CTX_get_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD **md); +int EVP_PKEY_CTX_get_rsa_mgf1_md_name(EVP_PKEY_CTX *ctx, char *name, + size_t namelen); + +# define EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)(md)) + +int EVP_PKEY_CTX_set_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); +int EVP_PKEY_CTX_set_rsa_oaep_md_name(EVP_PKEY_CTX *ctx, const char *mdname, + const char *mdprops); +int EVP_PKEY_CTX_get_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD **md); +int EVP_PKEY_CTX_get_rsa_oaep_md_name(EVP_PKEY_CTX *ctx, char *name, + size_t namelen); +int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *ctx, void *label, int llen); +int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label); + +# define EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, \ + EVP_PKEY_OP_KEYGEN, EVP_PKEY_CTRL_MD, \ + 0, (void *)(md)) + + +# define EVP_PKEY_CTRL_RSA_PADDING (EVP_PKEY_ALG_CTRL + 1) +# define EVP_PKEY_CTRL_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 2) + +# define EVP_PKEY_CTRL_RSA_KEYGEN_BITS (EVP_PKEY_ALG_CTRL + 3) +# define EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP (EVP_PKEY_ALG_CTRL + 4) +# define EVP_PKEY_CTRL_RSA_MGF1_MD (EVP_PKEY_ALG_CTRL + 5) + +# define EVP_PKEY_CTRL_GET_RSA_PADDING (EVP_PKEY_ALG_CTRL + 6) +# define EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 7) +# define EVP_PKEY_CTRL_GET_RSA_MGF1_MD (EVP_PKEY_ALG_CTRL + 8) + +# define EVP_PKEY_CTRL_RSA_OAEP_MD (EVP_PKEY_ALG_CTRL + 9) +# define EVP_PKEY_CTRL_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 10) + +# define EVP_PKEY_CTRL_GET_RSA_OAEP_MD (EVP_PKEY_ALG_CTRL + 11) +# define EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 12) + +# define EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES (EVP_PKEY_ALG_CTRL + 13) + +# define RSA_PKCS1_PADDING 1 +# define RSA_SSLV23_PADDING 2 +# define RSA_NO_PADDING 3 +# define RSA_PKCS1_OAEP_PADDING 4 +# define RSA_X931_PADDING 5 + +/* EVP_PKEY_ only */ +# define RSA_PKCS1_PSS_PADDING 6 +# define RSA_PKCS1_WITH_TLS_PADDING 7 + +# define RSA_PKCS1_PADDING_SIZE 11 + +# define RSA_set_app_data(s,arg) RSA_set_ex_data(s,0,arg) +# define RSA_get_app_data(s) RSA_get_ex_data(s,0) + +RSA *RSA_new(void); +DEPRECATEDIN_3_0(RSA *RSA_new_method(ENGINE *engine)) +DEPRECATEDIN_3_0(int RSA_bits(const RSA *rsa)) +DEPRECATEDIN_3_0(int RSA_size(const RSA *rsa)) +DEPRECATEDIN_3_0(int RSA_security_bits(const RSA *rsa)) + +int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d); +int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q); +int RSA_set0_crt_params(RSA *r,BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp); +int RSA_set0_multi_prime_params(RSA *r, BIGNUM *primes[], BIGNUM *exps[], + BIGNUM *coeffs[], int pnum); +void RSA_get0_key(const RSA *r, + const BIGNUM **n, const BIGNUM **e, const BIGNUM **d); +void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q); +int RSA_get_multi_prime_extra_count(const RSA *r); +int RSA_get0_multi_prime_factors(const RSA *r, const BIGNUM *primes[]); +void RSA_get0_crt_params(const RSA *r, + const BIGNUM **dmp1, const BIGNUM **dmq1, + const BIGNUM **iqmp); +int RSA_get0_multi_prime_crt_params(const RSA *r, const BIGNUM *exps[], + const BIGNUM *coeffs[]); +const BIGNUM *RSA_get0_n(const RSA *d); +const BIGNUM *RSA_get0_e(const RSA *d); +const BIGNUM *RSA_get0_d(const RSA *d); +const BIGNUM *RSA_get0_p(const RSA *d); +const BIGNUM *RSA_get0_q(const RSA *d); +const BIGNUM *RSA_get0_dmp1(const RSA *r); +const BIGNUM *RSA_get0_dmq1(const RSA *r); +const BIGNUM *RSA_get0_iqmp(const RSA *r); +DEPRECATEDIN_3_0(const RSA_PSS_PARAMS *RSA_get0_pss_params(const RSA *r)) +void RSA_clear_flags(RSA *r, int flags); +int RSA_test_flags(const RSA *r, int flags); +void RSA_set_flags(RSA *r, int flags); +DEPRECATEDIN_3_0(int RSA_get_version(RSA *r)) +DEPRECATEDIN_3_0(ENGINE *RSA_get0_engine(const RSA *r)) + +/* Deprecated version */ +DEPRECATEDIN_0_9_8(RSA *RSA_generate_key(int bits, unsigned long e, void + (*callback) (int, int, void *), + void *cb_arg)) + +/* New version */ +DEPRECATEDIN_3_0(int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, + BN_GENCB *cb)) +/* Multi-prime version */ +DEPRECATEDIN_3_0(int RSA_generate_multi_prime_key(RSA *rsa, int bits, + int primes, BIGNUM *e, + BN_GENCB *cb)) + +DEPRECATEDIN_3_0(int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, + BIGNUM *q1, BIGNUM *q2, + const BIGNUM *Xp1, const BIGNUM *Xp2, + const BIGNUM *Xp, const BIGNUM *Xq1, + const BIGNUM *Xq2, const BIGNUM *Xq, + const BIGNUM *e, BN_GENCB *cb)) +DEPRECATEDIN_3_0(int RSA_X931_generate_key_ex(RSA *rsa, int bits, + const BIGNUM *e, BN_GENCB *cb)) + +DEPRECATEDIN_3_0(int RSA_check_key(const RSA *)) +DEPRECATEDIN_3_0(int RSA_check_key_ex(const RSA *, BN_GENCB *cb)) + /* next 4 return -1 on error */ +DEPRECATEDIN_3_0(int RSA_public_encrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, + int padding)) +DEPRECATEDIN_3_0(int RSA_private_encrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, + int padding)) +DEPRECATEDIN_3_0(int RSA_public_decrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, + int padding)) +DEPRECATEDIN_3_0(int RSA_private_decrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, + int padding)) +void RSA_free(RSA *r); +/* "up" the RSA object's reference count */ +int RSA_up_ref(RSA *r); + +/* TODO(3.0): deprecate this one ssl/ssl_rsa.c can be changed to avoid it */ +int RSA_flags(const RSA *r); + +DEPRECATEDIN_3_0(void RSA_set_default_method(const RSA_METHOD *meth)) +DEPRECATEDIN_3_0(const RSA_METHOD *RSA_get_default_method(void)) +DEPRECATEDIN_3_0(const RSA_METHOD *RSA_null_method(void)) +DEPRECATEDIN_3_0(const RSA_METHOD *RSA_get_method(const RSA *rsa)) +DEPRECATEDIN_3_0(int RSA_set_method(RSA *rsa, const RSA_METHOD *meth)) + +/* these are the actual RSA functions */ +DEPRECATEDIN_3_0(const RSA_METHOD *RSA_PKCS1_OpenSSL(void)) + +int RSA_pkey_ctx_ctrl(EVP_PKEY_CTX *ctx, int optype, int cmd, int p1, void *p2); + +DECLARE_ASN1_ENCODE_FUNCTIONS_name(RSA, RSAPublicKey) +DECLARE_ASN1_ENCODE_FUNCTIONS_name(RSA, RSAPrivateKey) + +struct rsa_pss_params_st { + X509_ALGOR *hashAlgorithm; + X509_ALGOR *maskGenAlgorithm; + ASN1_INTEGER *saltLength; + ASN1_INTEGER *trailerField; + /* Decoded hash algorithm from maskGenAlgorithm */ + X509_ALGOR *maskHash; +}; + +DECLARE_ASN1_FUNCTIONS(RSA_PSS_PARAMS) + +typedef struct rsa_oaep_params_st { + X509_ALGOR *hashFunc; + X509_ALGOR *maskGenFunc; + X509_ALGOR *pSourceFunc; + /* Decoded hash algorithm from maskGenFunc */ + X509_ALGOR *maskHash; +} RSA_OAEP_PARAMS; + +DECLARE_ASN1_FUNCTIONS(RSA_OAEP_PARAMS) + +# ifndef OPENSSL_NO_STDIO +DEPRECATEDIN_3_0(int RSA_print_fp(FILE *fp, const RSA *r, int offset)) +# endif + +DEPRECATEDIN_3_0(int RSA_print(BIO *bp, const RSA *r, int offset)) + +/* + * The following 2 functions sign and verify a X509_SIG ASN1 object inside + * PKCS#1 padded RSA encryption + */ +DEPRECATEDIN_3_0(int RSA_sign(int type, const unsigned char *m, + unsigned int m_length, unsigned char *sigret, + unsigned int *siglen, RSA *rsa)) +DEPRECATEDIN_3_0(int RSA_verify(int type, const unsigned char *m, + unsigned int m_length, + const unsigned char *sigbuf, + unsigned int siglen, RSA *rsa)) + +/* + * The following 2 function sign and verify a ASN1_OCTET_STRING object inside + * PKCS#1 padded RSA encryption + */ +DEPRECATEDIN_3_0(int RSA_sign_ASN1_OCTET_STRING(int type, + const unsigned char *m, + unsigned int m_length, + unsigned char *sigret, + unsigned int *siglen, RSA *rsa)) +DEPRECATEDIN_3_0(int RSA_verify_ASN1_OCTET_STRING(int type, + const unsigned char *m, + unsigned int m_length, + unsigned char *sigbuf, + unsigned int siglen, + RSA *rsa)) + +/* TODO(3.0): figure out how to deprecate these two */ +int RSA_blinding_on(RSA *rsa, BN_CTX *ctx); +void RSA_blinding_off(RSA *rsa); +DEPRECATEDIN_3_0(BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *ctx)) + +DEPRECATEDIN_3_0(int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen, + const unsigned char *f, + int fl)) +DEPRECATEDIN_3_0(int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen, + const unsigned char *f, + int fl, int rsa_len)) +DEPRECATEDIN_3_0(int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen, + const unsigned char *f, + int fl)) +DEPRECATEDIN_3_0(int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, + const unsigned char *f, + int fl, int rsa_len)) +DEPRECATEDIN_3_0(int PKCS1_MGF1(unsigned char *mask, long len, + const unsigned char *seed, long seedlen, + const EVP_MD *dgst)) +DEPRECATEDIN_3_0(int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, + const unsigned char *f, int fl, + const unsigned char *p, int pl)) +DEPRECATEDIN_3_0(int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, + const unsigned char *f, + int fl, int rsa_len, + const unsigned char *p, + int pl)) +DEPRECATEDIN_3_0(int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, + int tlen, + const unsigned char *from, + int flen, + const unsigned char *param, + int plen, + const EVP_MD *md, + const EVP_MD *mgf1md)) +DEPRECATEDIN_3_0(int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, + int tlen, + const unsigned char *from, + int flen, int num, + const unsigned char *param, + int plen, const EVP_MD *md, + const EVP_MD *mgf1md)) +DEPRECATEDIN_3_0(int RSA_padding_add_SSLv23(unsigned char *to, int tlen, + const unsigned char *f, int fl)) +DEPRECATEDIN_3_0(int RSA_padding_check_SSLv23(unsigned char *to, int tlen, + const unsigned char *f, int fl, + int rsa_len)) +DEPRECATEDIN_3_0(int RSA_padding_add_none(unsigned char *to, int tlen, + const unsigned char *f, int fl)) +DEPRECATEDIN_3_0(int RSA_padding_check_none(unsigned char *to, int tlen, + const unsigned char *f, int fl, + int rsa_len)) +DEPRECATEDIN_3_0(int RSA_padding_add_X931(unsigned char *to, int tlen, + const unsigned char *f, int fl)) +DEPRECATEDIN_3_0(int RSA_padding_check_X931(unsigned char *to, int tlen, + const unsigned char *f, int fl, + int rsa_len)) +DEPRECATEDIN_3_0(int RSA_X931_hash_id(int nid)) + +DEPRECATEDIN_3_0(int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash, + const EVP_MD *Hash, + const unsigned char *EM, int sLen)) +DEPRECATEDIN_3_0(int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM, + const unsigned char *mHash, + const EVP_MD *Hash, int sLen)) + +DEPRECATEDIN_3_0(int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, + const unsigned char *mHash, + const EVP_MD *Hash, + const EVP_MD *mgf1Hash, + const unsigned char *EM, + int sLen)) + +DEPRECATEDIN_3_0(int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, + unsigned char *EM, + const unsigned char *mHash, + const EVP_MD *Hash, + const EVP_MD *mgf1Hash, + int sLen)) + +# define RSA_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, l, p, newf, dupf, freef) +DEPRECATEDIN_3_0(int RSA_set_ex_data(RSA *r, int idx, void *arg)) +DEPRECATEDIN_3_0(void *RSA_get_ex_data(const RSA *r, int idx)) + +DECLARE_ASN1_DUP_FUNCTION_name(RSA, RSAPublicKey) +DECLARE_ASN1_DUP_FUNCTION_name(RSA, RSAPrivateKey) + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +/* + * If this flag is set the RSA method is FIPS compliant and can be used in + * FIPS mode. This is set in the validated module method. If an application + * sets this flag in its own methods it is its responsibility to ensure the + * result is compliant. + */ + +# define RSA_FLAG_FIPS_METHOD 0x0400 + +/* + * If this flag is set the operations normally disabled in FIPS mode are + * permitted it is then the applications responsibility to ensure that the + * usage is compliant. + */ + +# define RSA_FLAG_NON_FIPS_ALLOW 0x0400 +/* + * Application has decided PRNG is good enough to generate a key: don't + * check. + */ +# define RSA_FLAG_CHECKED 0x0800 +# endif /* OPENSSL_NO_DEPRECATED_3_0 */ + +DEPRECATEDIN_3_0(RSA_METHOD *RSA_meth_new(const char *name, int flags)) +DEPRECATEDIN_3_0(void RSA_meth_free(RSA_METHOD *meth)) +DEPRECATEDIN_3_0(RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth)) +DEPRECATEDIN_3_0(const char *RSA_meth_get0_name(const RSA_METHOD *meth)) +DEPRECATEDIN_3_0(int RSA_meth_set1_name(RSA_METHOD *meth, const char *name)) +DEPRECATEDIN_3_0(int RSA_meth_get_flags(const RSA_METHOD *meth)) +DEPRECATEDIN_3_0(int RSA_meth_set_flags(RSA_METHOD *meth, int flags)) +DEPRECATEDIN_3_0(void *RSA_meth_get0_app_data(const RSA_METHOD *meth)) +DEPRECATEDIN_3_0(int RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data)) +DEPRECATEDIN_3_0(int (*RSA_meth_get_pub_enc(const RSA_METHOD *meth)) + (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding)) +DEPRECATEDIN_3_0(int RSA_meth_set_pub_enc(RSA_METHOD *rsa, + int (*pub_enc) (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, + int padding))) +DEPRECATEDIN_3_0(int (*RSA_meth_get_pub_dec(const RSA_METHOD *meth)) + (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding)) +DEPRECATEDIN_3_0(int RSA_meth_set_pub_dec(RSA_METHOD *rsa, + int (*pub_dec) (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, + int padding))) +DEPRECATEDIN_3_0(int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth)) + (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding)) +DEPRECATEDIN_3_0(int RSA_meth_set_priv_enc(RSA_METHOD *rsa, + int (*priv_enc) (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, + int padding))) +DEPRECATEDIN_3_0(int (*RSA_meth_get_priv_dec(const RSA_METHOD *meth)) + (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding)) +DEPRECATEDIN_3_0(int RSA_meth_set_priv_dec(RSA_METHOD *rsa, + int (*priv_dec) (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, + int padding))) +DEPRECATEDIN_3_0(int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth)) + (BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx)) +DEPRECATEDIN_3_0(int RSA_meth_set_mod_exp(RSA_METHOD *rsa, + int (*mod_exp) (BIGNUM *r0, const BIGNUM *i, RSA *rsa, + BN_CTX *ctx))) +DEPRECATEDIN_3_0(int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth)) + (BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)) +DEPRECATEDIN_3_0(int RSA_meth_set_bn_mod_exp(RSA_METHOD *rsa, + int (*bn_mod_exp) (BIGNUM *r, + const BIGNUM *a, + const BIGNUM *p, + const BIGNUM *m, + BN_CTX *ctx, + BN_MONT_CTX *m_ctx))) +DEPRECATEDIN_3_0(int (*RSA_meth_get_init(const RSA_METHOD *meth)) (RSA *rsa)) +DEPRECATEDIN_3_0(int RSA_meth_set_init(RSA_METHOD *rsa, int (*init) (RSA *rsa))) +DEPRECATEDIN_3_0(int (*RSA_meth_get_finish(const RSA_METHOD *meth)) (RSA *rsa)) +DEPRECATEDIN_3_0(int RSA_meth_set_finish(RSA_METHOD *rsa, + int (*finish) (RSA *rsa))) +DEPRECATEDIN_3_0(int (*RSA_meth_get_sign(const RSA_METHOD *meth)) + (int type, + const unsigned char *m, unsigned int m_length, + unsigned char *sigret, unsigned int *siglen, + const RSA *rsa)) +DEPRECATEDIN_3_0(int RSA_meth_set_sign(RSA_METHOD *rsa, + int (*sign) (int type, const unsigned char *m, + unsigned int m_length, + unsigned char *sigret, unsigned int *siglen, + const RSA *rsa))) +DEPRECATEDIN_3_0(int (*RSA_meth_get_verify(const RSA_METHOD *meth)) + (int dtype, const unsigned char *m, + unsigned int m_length, const unsigned char *sigbuf, + unsigned int siglen, const RSA *rsa)) +DEPRECATEDIN_3_0(int RSA_meth_set_verify(RSA_METHOD *rsa, + int (*verify) (int dtype, const unsigned char *m, + unsigned int m_length, + const unsigned char *sigbuf, + unsigned int siglen, const RSA *rsa))) +DEPRECATEDIN_3_0(int (*RSA_meth_get_keygen(const RSA_METHOD *meth)) + (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)) +DEPRECATEDIN_3_0(int RSA_meth_set_keygen(RSA_METHOD *rsa, + int (*keygen) (RSA *rsa, int bits, BIGNUM *e, + BN_GENCB *cb))) +DEPRECATEDIN_3_0(int (*RSA_meth_get_multi_prime_keygen(const RSA_METHOD *meth)) + (RSA *rsa, int bits, int primes, BIGNUM *e, BN_GENCB *cb)) +DEPRECATEDIN_3_0(int RSA_meth_set_multi_prime_keygen(RSA_METHOD *meth, + int (*keygen) (RSA *rsa, int bits, + int primes, BIGNUM *e, + BN_GENCB *cb))) + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/linux_amd64/include/openssl/rsaerr.h b/linux_amd64/include/openssl/rsaerr.h new file mode 100644 index 0000000..ef72bc7 --- /dev/null +++ b/linux_amd64/include/openssl/rsaerr.h @@ -0,0 +1,187 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_RSAERR_H +# define OPENSSL_RSAERR_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_RSAERR_H +# endif + +# include +# include + + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_RSA_strings(void); + +/* + * RSA function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define RSA_F_CHECK_PADDING_MD 0 +# define RSA_F_ENCODE_PKCS1 0 +# define RSA_F_INT_RSA_VERIFY 0 +# define RSA_F_OLD_RSA_PRIV_DECODE 0 +# define RSA_F_PKEY_PSS_INIT 0 +# define RSA_F_PKEY_RSA_CTRL 0 +# define RSA_F_PKEY_RSA_CTRL_STR 0 +# define RSA_F_PKEY_RSA_SIGN 0 +# define RSA_F_PKEY_RSA_VERIFY 0 +# define RSA_F_PKEY_RSA_VERIFYRECOVER 0 +# define RSA_F_RSA_ALGOR_TO_MD 0 +# define RSA_F_RSA_BUILTIN_KEYGEN 0 +# define RSA_F_RSA_CHECK_KEY 0 +# define RSA_F_RSA_CHECK_KEY_EX 0 +# define RSA_F_RSA_CMS_DECRYPT 0 +# define RSA_F_RSA_CMS_VERIFY 0 +# define RSA_F_RSA_FIPS186_4_GEN_PROB_PRIMES 0 +# define RSA_F_RSA_ITEM_VERIFY 0 +# define RSA_F_RSA_METH_DUP 0 +# define RSA_F_RSA_METH_NEW 0 +# define RSA_F_RSA_METH_SET1_NAME 0 +# define RSA_F_RSA_MGF1_TO_MD 0 +# define RSA_F_RSA_MULTIP_INFO_NEW 0 +# define RSA_F_RSA_NEW_METHOD 0 +# define RSA_F_RSA_NULL 0 +# define RSA_F_RSA_NULL_PRIVATE_DECRYPT 0 +# define RSA_F_RSA_NULL_PRIVATE_ENCRYPT 0 +# define RSA_F_RSA_NULL_PUBLIC_DECRYPT 0 +# define RSA_F_RSA_NULL_PUBLIC_ENCRYPT 0 +# define RSA_F_RSA_OSSL_PRIVATE_DECRYPT 0 +# define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT 0 +# define RSA_F_RSA_OSSL_PUBLIC_DECRYPT 0 +# define RSA_F_RSA_OSSL_PUBLIC_ENCRYPT 0 +# define RSA_F_RSA_PADDING_ADD_NONE 0 +# define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 0 +# define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1 0 +# define RSA_F_RSA_PADDING_ADD_PKCS1_PSS 0 +# define RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1 0 +# define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 0 +# define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 0 +# define RSA_F_RSA_PADDING_ADD_SSLV23 0 +# define RSA_F_RSA_PADDING_ADD_X931 0 +# define RSA_F_RSA_PADDING_CHECK_NONE 0 +# define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP 0 +# define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1 0 +# define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 0 +# define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 0 +# define RSA_F_RSA_PADDING_CHECK_SSLV23 0 +# define RSA_F_RSA_PADDING_CHECK_X931 0 +# define RSA_F_RSA_PARAM_DECODE 0 +# define RSA_F_RSA_PRINT 0 +# define RSA_F_RSA_PRINT_FP 0 +# define RSA_F_RSA_PRIV_DECODE 0 +# define RSA_F_RSA_PRIV_ENCODE 0 +# define RSA_F_RSA_PSS_GET_PARAM 0 +# define RSA_F_RSA_PSS_TO_CTX 0 +# define RSA_F_RSA_PUB_DECODE 0 +# define RSA_F_RSA_SETUP_BLINDING 0 +# define RSA_F_RSA_SIGN 0 +# define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 0 +# define RSA_F_RSA_SP800_56B_CHECK_KEYPAIR 0 +# define RSA_F_RSA_SP800_56B_CHECK_PUBLIC 0 +# define RSA_F_RSA_SP800_56B_PAIRWISE_TEST 0 +# define RSA_F_RSA_SP800_56B_VALIDATE_STRENGTH 0 +# define RSA_F_RSA_VERIFY 0 +# define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 0 +# define RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1 0 +# define RSA_F_SETUP_TBUF 0 +# endif + +/* + * RSA reason codes. + */ +# define RSA_R_ALGORITHM_MISMATCH 100 +# define RSA_R_BAD_E_VALUE 101 +# define RSA_R_BAD_FIXED_HEADER_DECRYPT 102 +# define RSA_R_BAD_PAD_BYTE_COUNT 103 +# define RSA_R_BAD_SIGNATURE 104 +# define RSA_R_BLOCK_TYPE_IS_NOT_01 106 +# define RSA_R_BLOCK_TYPE_IS_NOT_02 107 +# define RSA_R_DATA_GREATER_THAN_MOD_LEN 108 +# define RSA_R_DATA_TOO_LARGE 109 +# define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 110 +# define RSA_R_DATA_TOO_LARGE_FOR_MODULUS 132 +# define RSA_R_DATA_TOO_SMALL 111 +# define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE 122 +# define RSA_R_DIGEST_DOES_NOT_MATCH 158 +# define RSA_R_DIGEST_NOT_ALLOWED 145 +# define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 112 +# define RSA_R_DMP1_NOT_CONGRUENT_TO_D 124 +# define RSA_R_DMQ1_NOT_CONGRUENT_TO_D 125 +# define RSA_R_D_E_NOT_CONGRUENT_TO_1 123 +# define RSA_R_FIRST_OCTET_INVALID 133 +# define RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE 144 +# define RSA_R_INVALID_DIGEST 157 +# define RSA_R_INVALID_DIGEST_LENGTH 143 +# define RSA_R_INVALID_HEADER 137 +# define RSA_R_INVALID_KEYPAIR 171 +# define RSA_R_INVALID_KEY_LENGTH 173 +# define RSA_R_INVALID_LABEL 160 +# define RSA_R_INVALID_MESSAGE_LENGTH 131 +# define RSA_R_INVALID_MGF1_MD 156 +# define RSA_R_INVALID_MODULUS 174 +# define RSA_R_INVALID_MULTI_PRIME_KEY 167 +# define RSA_R_INVALID_OAEP_PARAMETERS 161 +# define RSA_R_INVALID_PADDING 138 +# define RSA_R_INVALID_PADDING_MODE 141 +# define RSA_R_INVALID_PSS_PARAMETERS 149 +# define RSA_R_INVALID_PSS_SALTLEN 146 +# define RSA_R_INVALID_REQUEST 175 +# define RSA_R_INVALID_SALT_LENGTH 150 +# define RSA_R_INVALID_STRENGTH 176 +# define RSA_R_INVALID_TRAILER 139 +# define RSA_R_INVALID_X931_DIGEST 142 +# define RSA_R_IQMP_NOT_INVERSE_OF_Q 126 +# define RSA_R_KEY_PRIME_NUM_INVALID 165 +# define RSA_R_KEY_SIZE_TOO_SMALL 120 +# define RSA_R_LAST_OCTET_INVALID 134 +# define RSA_R_MGF1_DIGEST_NOT_ALLOWED 152 +# define RSA_R_MISSING_PRIVATE_KEY 179 +# define RSA_R_MODULUS_TOO_LARGE 105 +# define RSA_R_MP_COEFFICIENT_NOT_INVERSE_OF_R 168 +# define RSA_R_MP_EXPONENT_NOT_CONGRUENT_TO_D 169 +# define RSA_R_MP_R_NOT_PRIME 170 +# define RSA_R_NO_PUBLIC_EXPONENT 140 +# define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 +# define RSA_R_N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES 172 +# define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 +# define RSA_R_OAEP_DECODING_ERROR 121 +# define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 +# define RSA_R_PADDING_CHECK_FAILED 114 +# define RSA_R_PAIRWISE_TEST_FAILURE 177 +# define RSA_R_PKCS_DECODING_ERROR 159 +# define RSA_R_PSS_SALTLEN_TOO_SMALL 164 +# define RSA_R_PUB_EXPONENT_OUT_OF_RANGE 178 +# define RSA_R_P_NOT_PRIME 128 +# define RSA_R_Q_NOT_PRIME 129 +# define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130 +# define RSA_R_SLEN_CHECK_FAILED 136 +# define RSA_R_SLEN_RECOVERY_FAILED 135 +# define RSA_R_SSLV3_ROLLBACK_ATTACK 115 +# define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116 +# define RSA_R_UNKNOWN_ALGORITHM_TYPE 117 +# define RSA_R_UNKNOWN_DIGEST 166 +# define RSA_R_UNKNOWN_MASK_DIGEST 151 +# define RSA_R_UNKNOWN_PADDING_TYPE 118 +# define RSA_R_UNSUPPORTED_ENCRYPTION_TYPE 162 +# define RSA_R_UNSUPPORTED_LABEL_SOURCE 163 +# define RSA_R_UNSUPPORTED_MASK_ALGORITHM 153 +# define RSA_R_UNSUPPORTED_MASK_PARAMETER 154 +# define RSA_R_UNSUPPORTED_SIGNATURE_TYPE 155 +# define RSA_R_VALUE_MISSING 147 +# define RSA_R_WRONG_SIGNATURE_LENGTH 119 + +#endif diff --git a/linux_amd64/include/openssl/safestack.h b/linux_amd64/include/openssl/safestack.h new file mode 100644 index 0000000..b8de23c --- /dev/null +++ b/linux_amd64/include/openssl/safestack.h @@ -0,0 +1,213 @@ +/* + * Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_SAFESTACK_H +# define OPENSSL_SAFESTACK_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_SAFESTACK_H +# endif + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# define STACK_OF(type) struct stack_st_##type + +# define SKM_DEFINE_STACK_OF(t1, t2, t3) \ + STACK_OF(t1); \ + typedef int (*sk_##t1##_compfunc)(const t3 * const *a, const t3 *const *b); \ + typedef void (*sk_##t1##_freefunc)(t3 *a); \ + typedef t3 * (*sk_##t1##_copyfunc)(const t3 *a); \ + static ossl_unused ossl_inline int sk_##t1##_num(const STACK_OF(t1) *sk) \ + { \ + return OPENSSL_sk_num((const OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline t2 *sk_##t1##_value(const STACK_OF(t1) *sk, int idx) \ + { \ + return (t2 *)OPENSSL_sk_value((const OPENSSL_STACK *)sk, idx); \ + } \ + static ossl_unused ossl_inline STACK_OF(t1) *sk_##t1##_new(sk_##t1##_compfunc compare) \ + { \ + return (STACK_OF(t1) *)OPENSSL_sk_new((OPENSSL_sk_compfunc)compare); \ + } \ + static ossl_unused ossl_inline STACK_OF(t1) *sk_##t1##_new_null(void) \ + { \ + return (STACK_OF(t1) *)OPENSSL_sk_new_null(); \ + } \ + static ossl_unused ossl_inline STACK_OF(t1) *sk_##t1##_new_reserve(sk_##t1##_compfunc compare, int n) \ + { \ + return (STACK_OF(t1) *)OPENSSL_sk_new_reserve((OPENSSL_sk_compfunc)compare, n); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_reserve(STACK_OF(t1) *sk, int n) \ + { \ + return OPENSSL_sk_reserve((OPENSSL_STACK *)sk, n); \ + } \ + static ossl_unused ossl_inline void sk_##t1##_free(STACK_OF(t1) *sk) \ + { \ + OPENSSL_sk_free((OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline void sk_##t1##_zero(STACK_OF(t1) *sk) \ + { \ + OPENSSL_sk_zero((OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline t2 *sk_##t1##_delete(STACK_OF(t1) *sk, int i) \ + { \ + return (t2 *)OPENSSL_sk_delete((OPENSSL_STACK *)sk, i); \ + } \ + static ossl_unused ossl_inline t2 *sk_##t1##_delete_ptr(STACK_OF(t1) *sk, t2 *ptr) \ + { \ + return (t2 *)OPENSSL_sk_delete_ptr((OPENSSL_STACK *)sk, \ + (const void *)ptr); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_push(STACK_OF(t1) *sk, t2 *ptr) \ + { \ + return OPENSSL_sk_push((OPENSSL_STACK *)sk, (const void *)ptr); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_unshift(STACK_OF(t1) *sk, t2 *ptr) \ + { \ + return OPENSSL_sk_unshift((OPENSSL_STACK *)sk, (const void *)ptr); \ + } \ + static ossl_unused ossl_inline t2 *sk_##t1##_pop(STACK_OF(t1) *sk) \ + { \ + return (t2 *)OPENSSL_sk_pop((OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline t2 *sk_##t1##_shift(STACK_OF(t1) *sk) \ + { \ + return (t2 *)OPENSSL_sk_shift((OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline void sk_##t1##_pop_free(STACK_OF(t1) *sk, sk_##t1##_freefunc freefunc) \ + { \ + OPENSSL_sk_pop_free((OPENSSL_STACK *)sk, (OPENSSL_sk_freefunc)freefunc); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_insert(STACK_OF(t1) *sk, t2 *ptr, int idx) \ + { \ + return OPENSSL_sk_insert((OPENSSL_STACK *)sk, (const void *)ptr, idx); \ + } \ + static ossl_unused ossl_inline t2 *sk_##t1##_set(STACK_OF(t1) *sk, int idx, t2 *ptr) \ + { \ + return (t2 *)OPENSSL_sk_set((OPENSSL_STACK *)sk, idx, (const void *)ptr); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_find(STACK_OF(t1) *sk, t2 *ptr) \ + { \ + return OPENSSL_sk_find((OPENSSL_STACK *)sk, (const void *)ptr); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_find_ex(STACK_OF(t1) *sk, t2 *ptr) \ + { \ + return OPENSSL_sk_find_ex((OPENSSL_STACK *)sk, (const void *)ptr); \ + } \ + static ossl_unused ossl_inline void sk_##t1##_sort(STACK_OF(t1) *sk) \ + { \ + OPENSSL_sk_sort((OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_is_sorted(const STACK_OF(t1) *sk) \ + { \ + return OPENSSL_sk_is_sorted((const OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline STACK_OF(t1) * sk_##t1##_dup(const STACK_OF(t1) *sk) \ + { \ + return (STACK_OF(t1) *)OPENSSL_sk_dup((const OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline STACK_OF(t1) *sk_##t1##_deep_copy(const STACK_OF(t1) *sk, \ + sk_##t1##_copyfunc copyfunc, \ + sk_##t1##_freefunc freefunc) \ + { \ + return (STACK_OF(t1) *)OPENSSL_sk_deep_copy((const OPENSSL_STACK *)sk, \ + (OPENSSL_sk_copyfunc)copyfunc, \ + (OPENSSL_sk_freefunc)freefunc); \ + } \ + static ossl_unused ossl_inline sk_##t1##_compfunc sk_##t1##_set_cmp_func(STACK_OF(t1) *sk, sk_##t1##_compfunc compare) \ + { \ + return (sk_##t1##_compfunc)OPENSSL_sk_set_cmp_func((OPENSSL_STACK *)sk, (OPENSSL_sk_compfunc)compare); \ + } + +# define DEFINE_SPECIAL_STACK_OF(t1, t2) SKM_DEFINE_STACK_OF(t1, t2, t2) +# define DEFINE_STACK_OF(t) SKM_DEFINE_STACK_OF(t, t, t) +# define DEFINE_SPECIAL_STACK_OF_CONST(t1, t2) \ + SKM_DEFINE_STACK_OF(t1, const t2, t2) +# define DEFINE_STACK_OF_CONST(t) SKM_DEFINE_STACK_OF(t, const t, t) + +/*- + * Strings are special: normally an lhash entry will point to a single + * (somewhat) mutable object. In the case of strings: + * + * a) Instead of a single char, there is an array of chars, NUL-terminated. + * b) The string may have be immutable. + * + * So, they need their own declarations. Especially important for + * type-checking tools, such as Deputy. + * + * In practice, however, it appears to be hard to have a const + * string. For now, I'm settling for dealing with the fact it is a + * string at all. + */ +typedef char *OPENSSL_STRING; +typedef const char *OPENSSL_CSTRING; + +/*- + * Confusingly, LHASH_OF(STRING) deals with char ** throughout, but + * STACK_OF(STRING) is really more like STACK_OF(char), only, as mentioned + * above, instead of a single char each entry is a NUL-terminated array of + * chars. So, we have to implement STRING specially for STACK_OF. This is + * dealt with in the autogenerated macros below. + */ +DEFINE_SPECIAL_STACK_OF(OPENSSL_STRING, char) +DEFINE_SPECIAL_STACK_OF_CONST(OPENSSL_CSTRING, char) + +/* + * Similarly, we sometimes use a block of characters, NOT nul-terminated. + * These should also be distinguished from "normal" stacks. + */ +typedef void *OPENSSL_BLOCK; +DEFINE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) + +/* + * If called without higher optimization (min. -xO3) the Oracle Developer + * Studio compiler generates code for the defined (static inline) functions + * above. + * This would later lead to the linker complaining about missing symbols when + * this header file is included but the resulting object is not linked against + * the Crypto library (openssl#6912). + */ +# ifdef __SUNPRO_C +# pragma weak OPENSSL_sk_num +# pragma weak OPENSSL_sk_value +# pragma weak OPENSSL_sk_new +# pragma weak OPENSSL_sk_new_null +# pragma weak OPENSSL_sk_new_reserve +# pragma weak OPENSSL_sk_reserve +# pragma weak OPENSSL_sk_free +# pragma weak OPENSSL_sk_zero +# pragma weak OPENSSL_sk_delete +# pragma weak OPENSSL_sk_delete_ptr +# pragma weak OPENSSL_sk_push +# pragma weak OPENSSL_sk_unshift +# pragma weak OPENSSL_sk_pop +# pragma weak OPENSSL_sk_shift +# pragma weak OPENSSL_sk_pop_free +# pragma weak OPENSSL_sk_insert +# pragma weak OPENSSL_sk_set +# pragma weak OPENSSL_sk_find +# pragma weak OPENSSL_sk_find_ex +# pragma weak OPENSSL_sk_sort +# pragma weak OPENSSL_sk_is_sorted +# pragma weak OPENSSL_sk_dup +# pragma weak OPENSSL_sk_deep_copy +# pragma weak OPENSSL_sk_set_cmp_func +# endif /* __SUNPRO_C */ + +# ifdef __cplusplus +} +# endif +#endif diff --git a/linux_amd64/include/openssl/seed.h b/linux_amd64/include/openssl/seed.h new file mode 100644 index 0000000..2e1ba2a --- /dev/null +++ b/linux_amd64/include/openssl/seed.h @@ -0,0 +1,110 @@ +/* + * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * Copyright (c) 2007 KISA(Korea Information Security Agency). All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Neither the name of author nor the names of its contributors may + * be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef OPENSSL_SEED_H +# define OPENSSL_SEED_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_SEED_H +# endif + +# include + +# ifndef OPENSSL_NO_SEED +# include +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +# define SEED_BLOCK_SIZE 16 +# define SEED_KEY_LENGTH 16 + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +/* look whether we need 'long' to get 32 bits */ +# ifdef AES_LONG +# ifndef SEED_LONG +# define SEED_LONG 1 +# endif +# endif + + +typedef struct seed_key_st { +# ifdef SEED_LONG + unsigned long data[32]; +# else + unsigned int data[32]; +# endif +} SEED_KEY_SCHEDULE; +# endif /* OPENSSL_NO_DEPRECATED_3_0 */ + +DEPRECATEDIN_3_0(void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], + SEED_KEY_SCHEDULE *ks)) + +DEPRECATEDIN_3_0(void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE], + unsigned char d[SEED_BLOCK_SIZE], + const SEED_KEY_SCHEDULE *ks)) +DEPRECATEDIN_3_0(void SEED_decrypt(const unsigned char s[SEED_BLOCK_SIZE], + unsigned char d[SEED_BLOCK_SIZE], + const SEED_KEY_SCHEDULE *ks)) + +DEPRECATEDIN_3_0(void SEED_ecb_encrypt(const unsigned char *in, + unsigned char *out, + const SEED_KEY_SCHEDULE *ks, int enc)) +DEPRECATEDIN_3_0(void SEED_cbc_encrypt(const unsigned char *in, + unsigned char *out, size_t len, + const SEED_KEY_SCHEDULE *ks, + unsigned char ivec[SEED_BLOCK_SIZE], + int enc)) +DEPRECATEDIN_3_0(void SEED_cfb128_encrypt(const unsigned char *in, + unsigned char *out, size_t len, + const SEED_KEY_SCHEDULE *ks, + unsigned char ivec[SEED_BLOCK_SIZE], + int *num, int enc)) +DEPRECATEDIN_3_0(void SEED_ofb128_encrypt(const unsigned char *in, + unsigned char *out, size_t len, + const SEED_KEY_SCHEDULE *ks, + unsigned char ivec[SEED_BLOCK_SIZE], + int *num)) + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/linux_amd64/include/openssl/self_test.h b/linux_amd64/include/openssl/self_test.h new file mode 100644 index 0000000..31dd6bd --- /dev/null +++ b/linux_amd64/include/openssl/self_test.h @@ -0,0 +1,68 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_SELF_TEST_H +# define OPENSSL_SELF_TEST_H + +# include /* OSSL_CALLBACK */ + +# ifdef __cplusplus +extern "C" { +# endif + +/* The test event phases */ +# define OSSL_SELF_TEST_PHASE_NONE "None" +# define OSSL_SELF_TEST_PHASE_START "Start" +# define OSSL_SELF_TEST_PHASE_CORRUPT "Corrupt" +# define OSSL_SELF_TEST_PHASE_PASS "Pass" +# define OSSL_SELF_TEST_PHASE_FAIL "Fail" + +/* Test event categories */ +# define OSSL_SELF_TEST_TYPE_NONE "None" +# define OSSL_SELF_TEST_TYPE_MODULE_INTEGRITY "Module_Integrity" +# define OSSL_SELF_TEST_TYPE_INSTALL_INTEGRITY "Install_Integrity" +# define OSSL_SELF_TEST_TYPE_PCT "Pairwise_Consistency_Test" +# define OSSL_SELF_TEST_TYPE_KAT_CIPHER "KAT_Cipher" +# define OSSL_SELF_TEST_TYPE_KAT_DIGEST "KAT_Digest" +# define OSSL_SELF_TEST_TYPE_KAT_SIGNATURE "KAT_Signature" +# define OSSL_SELF_TEST_TYPE_KAT_KDF "KAT_KDF" +# define OSSL_SELF_TEST_TYPE_KAT_KA "KAT_KA" +# define OSSL_SELF_TEST_TYPE_DRBG "DRBG" + +/* Test event sub categories */ +# define OSSL_SELF_TEST_DESC_NONE "None" +# define OSSL_SELF_TEST_DESC_INTEGRITY_HMAC "HMAC" +# define OSSL_SELF_TEST_DESC_PCT_RSA_PKCS1 "RSA" +# define OSSL_SELF_TEST_DESC_PCT_ECDSA "ECDSA" +# define OSSL_SELF_TEST_DESC_PCT_DSA "DSA" +# define OSSL_SELF_TEST_DESC_CIPHER_AES_GCM "AES_GCM" +# define OSSL_SELF_TEST_DESC_CIPHER_TDES "TDES" +# define OSSL_SELF_TEST_DESC_MD_SHA1 "SHA1" +# define OSSL_SELF_TEST_DESC_MD_SHA2 "SHA2" +# define OSSL_SELF_TEST_DESC_MD_SHA3 "SHA3" +# define OSSL_SELF_TEST_DESC_SIGN_DSA "DSA" +# define OSSL_SELF_TEST_DESC_SIGN_RSA "RSA" +# define OSSL_SELF_TEST_DESC_SIGN_ECDSA "ECDSA" +# define OSSL_SELF_TEST_DESC_DRBG_CTR "CTR" +# define OSSL_SELF_TEST_DESC_DRBG_HASH "HASH" +# define OSSL_SELF_TEST_DESC_DRBG_HMAC "HMAC" +# define OSSL_SELF_TEST_DESC_KA_ECDH "ECDH" +# define OSSL_SELF_TEST_DESC_KA_ECDSA "ECDSA" +# define OSSL_SELF_TEST_DESC_KDF_HKDF "HKDF" + +# ifdef __cplusplus +} +# endif + +void OSSL_SELF_TEST_set_callback(OPENSSL_CTX *libctx, OSSL_CALLBACK *cb, + void *cbarg); +void OSSL_SELF_TEST_get_callback(OPENSSL_CTX *libctx, OSSL_CALLBACK **cb, + void **cbarg); + +#endif /* OPENSSL_SELF_TEST_H */ diff --git a/linux_amd64/include/openssl/serializer.h b/linux_amd64/include/openssl/serializer.h new file mode 100644 index 0000000..ceeeffb --- /dev/null +++ b/linux_amd64/include/openssl/serializer.h @@ -0,0 +1,104 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_SERIALIZER_H +# define OPENSSL_SERIALIZER_H +# pragma once + +# include + +# ifndef OPENSSL_NO_STDIO +# include +# endif +# include +# include +# include +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +OSSL_SERIALIZER *OSSL_SERIALIZER_fetch(OPENSSL_CTX *libctx, + const char *name, + const char *properties); +int OSSL_SERIALIZER_up_ref(OSSL_SERIALIZER *ser); +void OSSL_SERIALIZER_free(OSSL_SERIALIZER *ser); + +const OSSL_PROVIDER *OSSL_SERIALIZER_provider(const OSSL_SERIALIZER *ser); +const char *OSSL_SERIALIZER_properties(const OSSL_SERIALIZER *ser); +int OSSL_SERIALIZER_number(const OSSL_SERIALIZER *ser); +int OSSL_SERIALIZER_is_a(const OSSL_SERIALIZER *ser, + const char *name); + +void OSSL_SERIALIZER_do_all_provided(OPENSSL_CTX *libctx, + void (*fn)(OSSL_SERIALIZER *ser, + void *arg), + void *arg); +void OSSL_SERIALIZER_names_do_all(const OSSL_SERIALIZER *ser, + void (*fn)(const char *name, void *data), + void *data); + +const OSSL_PARAM *OSSL_SERIALIZER_settable_ctx_params(OSSL_SERIALIZER *ser); +OSSL_SERIALIZER_CTX *OSSL_SERIALIZER_CTX_new(OSSL_SERIALIZER *ser); +const OSSL_SERIALIZER * +OSSL_SERIALIZER_CTX_get_serializer(OSSL_SERIALIZER_CTX *ctx); +int OSSL_SERIALIZER_CTX_set_params(OSSL_SERIALIZER_CTX *ctx, + const OSSL_PARAM params[]); +void OSSL_SERIALIZER_CTX_free(OSSL_SERIALIZER_CTX *ctx); + +/* Utilities that help set specific parameters */ +int OSSL_SERIALIZER_CTX_set_cipher(OSSL_SERIALIZER_CTX *ctx, + const char *cipher_name, + const char *propquery); +int OSSL_SERIALIZER_CTX_set_passphrase(OSSL_SERIALIZER_CTX *ctx, + const unsigned char *kstr, + size_t klen); +int OSSL_SERIALIZER_CTX_set_passphrase_cb(OSSL_SERIALIZER_CTX *ctx, int enc, + pem_password_cb *cb, void *cbarg); +int OSSL_SERIALIZER_CTX_set_passphrase_ui(OSSL_SERIALIZER_CTX *ctx, + const UI_METHOD *ui_method, + void *ui_data); + +/* Utilities to output the object to serialize */ +int OSSL_SERIALIZER_to_bio(OSSL_SERIALIZER_CTX *ctx, BIO *out); +#ifndef OPENSSL_NO_STDIO +int OSSL_SERIALIZER_to_fp(OSSL_SERIALIZER_CTX *ctx, FILE *fp); +#endif + +/* + * Create the OSSL_SERIALIZER_CTX with an associated type. This will perform + * an implicit OSSL_SERIALIZER_fetch(), suitable for the object of that type. + * This is more useful than calling OSSL_SERIALIZER_CTX_new(). + */ +OSSL_SERIALIZER_CTX *OSSL_SERIALIZER_CTX_new_by_EVP_PKEY(const EVP_PKEY *pkey, + const char *propquery); + +/* + * These macros define the last argument to pass to + * OSSL_SERIALIZER_CTX_new_by_TYPE(). + */ +# define OSSL_SERIALIZER_PUBKEY_TO_PEM_PQ "format=pem,type=public" +# define OSSL_SERIALIZER_PrivateKey_TO_PEM_PQ "format=pem,type=private" +# define OSSL_SERIALIZER_Parameters_TO_PEM_PQ "format=pem,type=parameters" + +# define OSSL_SERIALIZER_PUBKEY_TO_DER_PQ "format=der,type=public" +# define OSSL_SERIALIZER_PrivateKey_TO_DER_PQ "format=der,type=private" +# define OSSL_SERIALIZER_Parameters_TO_DER_PQ "format=der,type=parameters" + +/* Corresponding macros for text output */ +# define OSSL_SERIALIZER_PUBKEY_TO_TEXT_PQ "format=text,type=public" +# define OSSL_SERIALIZER_PrivateKey_TO_TEXT_PQ "format=text,type=private" +# define OSSL_SERIALIZER_Parameters_TO_TEXT_PQ "format=text,type=parameters" + +# ifdef __cplusplus +} +# endif +#endif diff --git a/linux_amd64/include/openssl/serializererr.h b/linux_amd64/include/openssl/serializererr.h new file mode 100644 index 0000000..4eff9de --- /dev/null +++ b/linux_amd64/include/openssl/serializererr.h @@ -0,0 +1,34 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_OSSL_SERIALIZERERR_H +# define OPENSSL_OSSL_SERIALIZERERR_H + +# include +# include + + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_OSSL_SERIALIZER_strings(void); + +/* + * OSSL_SERIALIZER function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# endif + +/* + * OSSL_SERIALIZER reason codes. + */ +# define OSSL_SERIALIZER_R_INCORRECT_PROPERTY_QUERY 100 + +#endif diff --git a/linux_amd64/include/openssl/sha.h b/linux_amd64/include/openssl/sha.h new file mode 100644 index 0000000..3a31bb6 --- /dev/null +++ b/linux_amd64/include/openssl/sha.h @@ -0,0 +1,122 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_SHA_H +# define OPENSSL_SHA_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_SHA_H +# endif + +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +/*- + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + * ! SHA_LONG has to be at least 32 bits wide. ! + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + */ +# define SHA_LONG unsigned int + +# define SHA_LBLOCK 16 +# define SHA_CBLOCK (SHA_LBLOCK*4)/* SHA treats input data as a + * contiguous array of 32 bit wide + * big-endian values. */ +# define SHA_LAST_BLOCK (SHA_CBLOCK-8) +# define SHA_DIGEST_LENGTH 20 + +typedef struct SHAstate_st { + SHA_LONG h0, h1, h2, h3, h4; + SHA_LONG Nl, Nh; + SHA_LONG data[SHA_LBLOCK]; + unsigned int num; +} SHA_CTX; + +int SHA1_Init(SHA_CTX *c); +int SHA1_Update(SHA_CTX *c, const void *data, size_t len); +int SHA1_Final(unsigned char *md, SHA_CTX *c); +unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md); +void SHA1_Transform(SHA_CTX *c, const unsigned char *data); + +# define SHA256_CBLOCK (SHA_LBLOCK*4)/* SHA-256 treats input data as a + * contiguous array of 32 bit wide + * big-endian values. */ + +typedef struct SHA256state_st { + SHA_LONG h[8]; + SHA_LONG Nl, Nh; + SHA_LONG data[SHA_LBLOCK]; + unsigned int num, md_len; +} SHA256_CTX; + +int SHA224_Init(SHA256_CTX *c); +int SHA224_Update(SHA256_CTX *c, const void *data, size_t len); +int SHA224_Final(unsigned char *md, SHA256_CTX *c); +unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md); +int SHA256_Init(SHA256_CTX *c); +int SHA256_Update(SHA256_CTX *c, const void *data, size_t len); +int SHA256_Final(unsigned char *md, SHA256_CTX *c); +unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md); +void SHA256_Transform(SHA256_CTX *c, const unsigned char *data); + +# define SHA224_DIGEST_LENGTH 28 +# define SHA256_DIGEST_LENGTH 32 +# define SHA384_DIGEST_LENGTH 48 +# define SHA512_DIGEST_LENGTH 64 + +/* + * Unlike 32-bit digest algorithms, SHA-512 *relies* on SHA_LONG64 + * being exactly 64-bit wide. See Implementation Notes in sha512.c + * for further details. + */ +/* + * SHA-512 treats input data as a + * contiguous array of 64 bit + * wide big-endian values. + */ +# define SHA512_CBLOCK (SHA_LBLOCK*8) +# if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) +# define SHA_LONG64 unsigned __int64 +# elif defined(__arch64__) +# define SHA_LONG64 unsigned long +# else +# define SHA_LONG64 unsigned long long +# endif + +typedef struct SHA512state_st { + SHA_LONG64 h[8]; + SHA_LONG64 Nl, Nh; + union { + SHA_LONG64 d[SHA_LBLOCK]; + unsigned char p[SHA512_CBLOCK]; + } u; + unsigned int num, md_len; +} SHA512_CTX; + +int SHA384_Init(SHA512_CTX *c); +int SHA384_Update(SHA512_CTX *c, const void *data, size_t len); +int SHA384_Final(unsigned char *md, SHA512_CTX *c); +unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md); +int SHA512_Init(SHA512_CTX *c); +int SHA512_Update(SHA512_CTX *c, const void *data, size_t len); +int SHA512_Final(unsigned char *md, SHA512_CTX *c); +unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md); +void SHA512_Transform(SHA512_CTX *c, const unsigned char *data); + +# ifdef __cplusplus +} +# endif + +#endif diff --git a/linux_amd64/include/openssl/srp.h b/linux_amd64/include/openssl/srp.h new file mode 100644 index 0000000..9f6f1b8 --- /dev/null +++ b/linux_amd64/include/openssl/srp.h @@ -0,0 +1,147 @@ +/* + * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2004, EdelKey Project. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + * + * Originally written by Christophe Renou and Peter Sylvester, + * for the EdelKey project. + */ + +#ifndef OPENSSL_SRP_H +# define OPENSSL_SRP_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_SRP_H +# endif + +#include + +#ifndef OPENSSL_NO_SRP +# include +# include +# include +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +typedef struct SRP_gN_cache_st { + char *b64_bn; + BIGNUM *bn; +} SRP_gN_cache; + + +DEFINE_STACK_OF(SRP_gN_cache) + +typedef struct SRP_user_pwd_st { + /* Owned by us. */ + char *id; + BIGNUM *s; + BIGNUM *v; + /* Not owned by us. */ + const BIGNUM *g; + const BIGNUM *N; + /* Owned by us. */ + char *info; +} SRP_user_pwd; + +SRP_user_pwd *SRP_user_pwd_new(void); +void SRP_user_pwd_free(SRP_user_pwd *user_pwd); + +void SRP_user_pwd_set_gN(SRP_user_pwd *user_pwd, const BIGNUM *g, const BIGNUM *N); +int SRP_user_pwd_set1_ids(SRP_user_pwd *user_pwd, const char *id, const char *info); +int SRP_user_pwd_set0_sv(SRP_user_pwd *user_pwd, BIGNUM *s, BIGNUM *v); + +DEFINE_STACK_OF(SRP_user_pwd) + +typedef struct SRP_VBASE_st { + STACK_OF(SRP_user_pwd) *users_pwd; + STACK_OF(SRP_gN_cache) *gN_cache; +/* to simulate a user */ + char *seed_key; + const BIGNUM *default_g; + const BIGNUM *default_N; +} SRP_VBASE; + +/* + * Internal structure storing N and g pair + */ +typedef struct SRP_gN_st { + char *id; + const BIGNUM *g; + const BIGNUM *N; +} SRP_gN; + +DEFINE_STACK_OF(SRP_gN) + +SRP_VBASE *SRP_VBASE_new(char *seed_key); +void SRP_VBASE_free(SRP_VBASE *vb); +int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file); + +int SRP_VBASE_add0_user(SRP_VBASE *vb, SRP_user_pwd *user_pwd); +/* This method ignores the configured seed and fails for an unknown user. */ +DEPRECATEDIN_1_1_0(SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username)) +/* NOTE: unlike in SRP_VBASE_get_by_user, caller owns the returned pointer.*/ +SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username); + +char *SRP_create_verifier(const char *user, const char *pass, char **salt, + char **verifier, const char *N, const char *g); +int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, + BIGNUM **verifier, const BIGNUM *N, + const BIGNUM *g); + +# define SRP_NO_ERROR 0 +# define SRP_ERR_VBASE_INCOMPLETE_FILE 1 +# define SRP_ERR_VBASE_BN_LIB 2 +# define SRP_ERR_OPEN_FILE 3 +# define SRP_ERR_MEMORY 4 + +# define DB_srptype 0 +# define DB_srpverifier 1 +# define DB_srpsalt 2 +# define DB_srpid 3 +# define DB_srpgN 4 +# define DB_srpinfo 5 +# undef DB_NUMBER +# define DB_NUMBER 6 + +# define DB_SRP_INDEX 'I' +# define DB_SRP_VALID 'V' +# define DB_SRP_REVOKED 'R' +# define DB_SRP_MODIF 'v' + +/* see srp.c */ +char *SRP_check_known_gN_param(const BIGNUM *g, const BIGNUM *N); +SRP_gN *SRP_get_default_gN(const char *id); + +/* server side .... */ +BIGNUM *SRP_Calc_server_key(const BIGNUM *A, const BIGNUM *v, const BIGNUM *u, + const BIGNUM *b, const BIGNUM *N); +BIGNUM *SRP_Calc_B(const BIGNUM *b, const BIGNUM *N, const BIGNUM *g, + const BIGNUM *v); +int SRP_Verify_A_mod_N(const BIGNUM *A, const BIGNUM *N); +BIGNUM *SRP_Calc_u(const BIGNUM *A, const BIGNUM *B, const BIGNUM *N); + +/* client side .... */ +BIGNUM *SRP_Calc_x(const BIGNUM *s, const char *user, const char *pass); +BIGNUM *SRP_Calc_A(const BIGNUM *a, const BIGNUM *N, const BIGNUM *g); +BIGNUM *SRP_Calc_client_key(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g, + const BIGNUM *x, const BIGNUM *a, const BIGNUM *u); +int SRP_Verify_B_mod_N(const BIGNUM *B, const BIGNUM *N); + +# define SRP_MINIMAL_N 1024 + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/linux_amd64/include/openssl/srtp.h b/linux_amd64/include/openssl/srtp.h new file mode 100644 index 0000000..d64606e --- /dev/null +++ b/linux_amd64/include/openssl/srtp.h @@ -0,0 +1,56 @@ +/* + * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * DTLS code by Eric Rescorla + * + * Copyright (C) 2006, Network Resonance, Inc. Copyright (C) 2011, RTFM, Inc. + */ + +#ifndef OPENSSL_SRTP_H +# define OPENSSL_SRTP_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_D1_SRTP_H +# endif + +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# define SRTP_AES128_CM_SHA1_80 0x0001 +# define SRTP_AES128_CM_SHA1_32 0x0002 +# define SRTP_AES128_F8_SHA1_80 0x0003 +# define SRTP_AES128_F8_SHA1_32 0x0004 +# define SRTP_NULL_SHA1_80 0x0005 +# define SRTP_NULL_SHA1_32 0x0006 + +/* AEAD SRTP protection profiles from RFC 7714 */ +# define SRTP_AEAD_AES_128_GCM 0x0007 +# define SRTP_AEAD_AES_256_GCM 0x0008 + +# ifndef OPENSSL_NO_SRTP + +__owur int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles); +__owur int SSL_set_tlsext_use_srtp(SSL *ssl, const char *profiles); + +__owur STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl); +__owur SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s); + +# endif + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/linux_amd64/include/openssl/ssl.h b/linux_amd64/include/openssl/ssl.h new file mode 100644 index 0000000..c1b6b8e --- /dev/null +++ b/linux_amd64/include/openssl/ssl.h @@ -0,0 +1,2482 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * Copyright 2005 Nokia. All rights reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_SSL_H +# define OPENSSL_SSL_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_SSL_H +# endif + +# include +# include +# include +# include +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# include +# include +# include +# endif +# include +# include +# include +# include + +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* OpenSSL version number for ASN.1 encoding of the session information */ +/*- + * Version 0 - initial version + * Version 1 - added the optional peer certificate + */ +# define SSL_SESSION_ASN1_VERSION 0x0001 + +# define SSL_MAX_SSL_SESSION_ID_LENGTH 32 +# define SSL_MAX_SID_CTX_LENGTH 32 + +# define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES (512/8) +# define SSL_MAX_KEY_ARG_LENGTH 8 +# define SSL_MAX_MASTER_KEY_LENGTH 48 + +/* The maximum number of encrypt/decrypt pipelines we can support */ +# define SSL_MAX_PIPELINES 32 + +/* text strings for the ciphers */ + +/* These are used to specify which ciphers to use and not to use */ + +# define SSL_TXT_LOW "LOW" +# define SSL_TXT_MEDIUM "MEDIUM" +# define SSL_TXT_HIGH "HIGH" +# define SSL_TXT_FIPS "FIPS" + +# define SSL_TXT_aNULL "aNULL" +# define SSL_TXT_eNULL "eNULL" +# define SSL_TXT_NULL "NULL" + +# define SSL_TXT_kRSA "kRSA" +# define SSL_TXT_kDHr "kDHr"/* this cipher class has been removed */ +# define SSL_TXT_kDHd "kDHd"/* this cipher class has been removed */ +# define SSL_TXT_kDH "kDH"/* this cipher class has been removed */ +# define SSL_TXT_kEDH "kEDH"/* alias for kDHE */ +# define SSL_TXT_kDHE "kDHE" +# define SSL_TXT_kECDHr "kECDHr"/* this cipher class has been removed */ +# define SSL_TXT_kECDHe "kECDHe"/* this cipher class has been removed */ +# define SSL_TXT_kECDH "kECDH"/* this cipher class has been removed */ +# define SSL_TXT_kEECDH "kEECDH"/* alias for kECDHE */ +# define SSL_TXT_kECDHE "kECDHE" +# define SSL_TXT_kPSK "kPSK" +# define SSL_TXT_kRSAPSK "kRSAPSK" +# define SSL_TXT_kECDHEPSK "kECDHEPSK" +# define SSL_TXT_kDHEPSK "kDHEPSK" +# define SSL_TXT_kGOST "kGOST" +# define SSL_TXT_kSRP "kSRP" + +# define SSL_TXT_aRSA "aRSA" +# define SSL_TXT_aDSS "aDSS" +# define SSL_TXT_aDH "aDH"/* this cipher class has been removed */ +# define SSL_TXT_aECDH "aECDH"/* this cipher class has been removed */ +# define SSL_TXT_aECDSA "aECDSA" +# define SSL_TXT_aPSK "aPSK" +# define SSL_TXT_aGOST94 "aGOST94" +# define SSL_TXT_aGOST01 "aGOST01" +# define SSL_TXT_aGOST12 "aGOST12" +# define SSL_TXT_aGOST "aGOST" +# define SSL_TXT_aSRP "aSRP" + +# define SSL_TXT_DSS "DSS" +# define SSL_TXT_DH "DH" +# define SSL_TXT_DHE "DHE"/* same as "kDHE:-ADH" */ +# define SSL_TXT_EDH "EDH"/* alias for DHE */ +# define SSL_TXT_ADH "ADH" +# define SSL_TXT_RSA "RSA" +# define SSL_TXT_ECDH "ECDH" +# define SSL_TXT_EECDH "EECDH"/* alias for ECDHE" */ +# define SSL_TXT_ECDHE "ECDHE"/* same as "kECDHE:-AECDH" */ +# define SSL_TXT_AECDH "AECDH" +# define SSL_TXT_ECDSA "ECDSA" +# define SSL_TXT_PSK "PSK" +# define SSL_TXT_SRP "SRP" + +# define SSL_TXT_DES "DES" +# define SSL_TXT_3DES "3DES" +# define SSL_TXT_RC4 "RC4" +# define SSL_TXT_RC2 "RC2" +# define SSL_TXT_IDEA "IDEA" +# define SSL_TXT_SEED "SEED" +# define SSL_TXT_AES128 "AES128" +# define SSL_TXT_AES256 "AES256" +# define SSL_TXT_AES "AES" +# define SSL_TXT_AES_GCM "AESGCM" +# define SSL_TXT_AES_CCM "AESCCM" +# define SSL_TXT_AES_CCM_8 "AESCCM8" +# define SSL_TXT_CAMELLIA128 "CAMELLIA128" +# define SSL_TXT_CAMELLIA256 "CAMELLIA256" +# define SSL_TXT_CAMELLIA "CAMELLIA" +# define SSL_TXT_CHACHA20 "CHACHA20" +# define SSL_TXT_GOST "GOST89" +# define SSL_TXT_ARIA "ARIA" +# define SSL_TXT_ARIA_GCM "ARIAGCM" +# define SSL_TXT_ARIA128 "ARIA128" +# define SSL_TXT_ARIA256 "ARIA256" + +# define SSL_TXT_MD5 "MD5" +# define SSL_TXT_SHA1 "SHA1" +# define SSL_TXT_SHA "SHA"/* same as "SHA1" */ +# define SSL_TXT_GOST94 "GOST94" +# define SSL_TXT_GOST89MAC "GOST89MAC" +# define SSL_TXT_GOST12 "GOST12" +# define SSL_TXT_GOST89MAC12 "GOST89MAC12" +# define SSL_TXT_SHA256 "SHA256" +# define SSL_TXT_SHA384 "SHA384" + +# define SSL_TXT_SSLV3 "SSLv3" +# define SSL_TXT_TLSV1 "TLSv1" +# define SSL_TXT_TLSV1_1 "TLSv1.1" +# define SSL_TXT_TLSV1_2 "TLSv1.2" + +# define SSL_TXT_ALL "ALL" + +/*- + * COMPLEMENTOF* definitions. These identifiers are used to (de-select) + * ciphers normally not being used. + * Example: "RC4" will activate all ciphers using RC4 including ciphers + * without authentication, which would normally disabled by DEFAULT (due + * the "!ADH" being part of default). Therefore "RC4:!COMPLEMENTOFDEFAULT" + * will make sure that it is also disabled in the specific selection. + * COMPLEMENTOF* identifiers are portable between version, as adjustments + * to the default cipher setup will also be included here. + * + * COMPLEMENTOFDEFAULT does not experience the same special treatment that + * DEFAULT gets, as only selection is being done and no sorting as needed + * for DEFAULT. + */ +# define SSL_TXT_CMPALL "COMPLEMENTOFALL" +# define SSL_TXT_CMPDEF "COMPLEMENTOFDEFAULT" + +/* + * The following cipher list is used by default. It also is substituted when + * an application-defined cipher list string starts with 'DEFAULT'. + * This applies to ciphersuites for TLSv1.2 and below. + * DEPRECATED IN 3.0.0, in favor of OSSL_default_cipher_list() + * Update both macro and function simultaneously + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL" +/* + * This is the default set of TLSv1.3 ciphersuites + * DEPRECATED IN 3.0.0, in favor of OSSL_default_ciphersuites() + * Update both macro and function simultaneously + */ +# if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) +# define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \ + "TLS_CHACHA20_POLY1305_SHA256:" \ + "TLS_AES_128_GCM_SHA256" +# else +# define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \ + "TLS_AES_128_GCM_SHA256" +# endif +# endif +/* + * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always + * starts with a reasonable order, and all we have to do for DEFAULT is + * throwing out anonymous and unencrypted ciphersuites! (The latter are not + * actually enabled by ALL, but "ALL:RSA" would enable some of them.) + */ + +/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ +# define SSL_SENT_SHUTDOWN 1 +# define SSL_RECEIVED_SHUTDOWN 2 + +#ifdef __cplusplus +} +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +# define SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1 +# define SSL_FILETYPE_PEM X509_FILETYPE_PEM + +/* + * This is needed to stop compilers complaining about the 'struct ssl_st *' + * function parameters used to prototype callbacks in SSL_CTX. + */ +typedef struct ssl_st *ssl_crock_st; +typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT; +typedef struct ssl_method_st SSL_METHOD; +typedef struct ssl_cipher_st SSL_CIPHER; +typedef struct ssl_session_st SSL_SESSION; +typedef struct tls_sigalgs_st TLS_SIGALGS; +typedef struct ssl_conf_ctx_st SSL_CONF_CTX; +typedef struct ssl_comp_st SSL_COMP; + +STACK_OF(SSL_CIPHER); +STACK_OF(SSL_COMP); + +/* SRTP protection profiles for use with the use_srtp extension (RFC 5764)*/ +typedef struct srtp_protection_profile_st { + const char *name; + unsigned long id; +} SRTP_PROTECTION_PROFILE; + +DEFINE_STACK_OF(SRTP_PROTECTION_PROFILE) + +typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data, + int len, void *arg); +typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, + STACK_OF(SSL_CIPHER) *peer_ciphers, + const SSL_CIPHER **cipher, void *arg); + +/* Extension context codes */ +/* This extension is only allowed in TLS */ +#define SSL_EXT_TLS_ONLY 0x0001 +/* This extension is only allowed in DTLS */ +#define SSL_EXT_DTLS_ONLY 0x0002 +/* Some extensions may be allowed in DTLS but we don't implement them for it */ +#define SSL_EXT_TLS_IMPLEMENTATION_ONLY 0x0004 +/* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */ +#define SSL_EXT_SSL3_ALLOWED 0x0008 +/* Extension is only defined for TLS1.2 and below */ +#define SSL_EXT_TLS1_2_AND_BELOW_ONLY 0x0010 +/* Extension is only defined for TLS1.3 and above */ +#define SSL_EXT_TLS1_3_ONLY 0x0020 +/* Ignore this extension during parsing if we are resuming */ +#define SSL_EXT_IGNORE_ON_RESUMPTION 0x0040 +#define SSL_EXT_CLIENT_HELLO 0x0080 +/* Really means TLS1.2 or below */ +#define SSL_EXT_TLS1_2_SERVER_HELLO 0x0100 +#define SSL_EXT_TLS1_3_SERVER_HELLO 0x0200 +#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS 0x0400 +#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST 0x0800 +#define SSL_EXT_TLS1_3_CERTIFICATE 0x1000 +#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET 0x2000 +#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST 0x4000 + +/* Typedefs for handling custom extensions */ + +typedef int (*custom_ext_add_cb)(SSL *s, unsigned int ext_type, + const unsigned char **out, size_t *outlen, + int *al, void *add_arg); + +typedef void (*custom_ext_free_cb)(SSL *s, unsigned int ext_type, + const unsigned char *out, void *add_arg); + +typedef int (*custom_ext_parse_cb)(SSL *s, unsigned int ext_type, + const unsigned char *in, size_t inlen, + int *al, void *parse_arg); + + +typedef int (*SSL_custom_ext_add_cb_ex)(SSL *s, unsigned int ext_type, + unsigned int context, + const unsigned char **out, + size_t *outlen, X509 *x, + size_t chainidx, + int *al, void *add_arg); + +typedef void (*SSL_custom_ext_free_cb_ex)(SSL *s, unsigned int ext_type, + unsigned int context, + const unsigned char *out, + void *add_arg); + +typedef int (*SSL_custom_ext_parse_cb_ex)(SSL *s, unsigned int ext_type, + unsigned int context, + const unsigned char *in, + size_t inlen, X509 *x, + size_t chainidx, + int *al, void *parse_arg); + +/* Typedef for verification callback */ +typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx); + +/* Typedef for SSL async callback */ +typedef int (*SSL_async_callback_fn)(SSL *s, void *arg); + +/* + * Some values are reserved until OpenSSL 3.0.0 because they were previously + * included in SSL_OP_ALL in a 1.1.x release. + */ + +/* Disable Extended master secret */ +# define SSL_OP_NO_EXTENDED_MASTER_SECRET 0x00000001U + +/* Reserved value (until OpenSSL 3.0.0) 0x00000002U */ + +/* Allow initial connection to servers that don't support RI */ +# define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004U + +/* Reserved value (until OpenSSL 3.0.0) 0x00000008U */ +# define SSL_OP_TLSEXT_PADDING 0x00000010U +/* Reserved value (until OpenSSL 3.0.0) 0x00000020U */ +# define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040U +/* + * Reserved value (until OpenSSL 3.0.0) 0x00000080U + * Reserved value (until OpenSSL 3.0.0) 0x00000100U + * Reserved value (until OpenSSL 3.0.0) 0x00000200U + */ + +/* In TLSv1.3 allow a non-(ec)dhe based kex_mode */ +# define SSL_OP_ALLOW_NO_DHE_KEX 0x00000400U + +/* + * Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added in + * OpenSSL 0.9.6d. Usually (depending on the application protocol) the + * workaround is not needed. Unfortunately some broken SSL/TLS + * implementations cannot handle it at all, which is why we include it in + * SSL_OP_ALL. Added in 0.9.6e + */ +# define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800U + +/* DTLS options */ +# define SSL_OP_NO_QUERY_MTU 0x00001000U +/* Turn on Cookie Exchange (on relevant for servers) */ +# define SSL_OP_COOKIE_EXCHANGE 0x00002000U +/* Don't use RFC4507 ticket extension */ +# define SSL_OP_NO_TICKET 0x00004000U +# ifndef OPENSSL_NO_DTLS1_METHOD +/* Use Cisco's "speshul" version of DTLS_BAD_VER + * (only with deprecated DTLSv1_client_method()) */ +# define SSL_OP_CISCO_ANYCONNECT 0x00008000U +# endif + +/* As server, disallow session resumption on renegotiation */ +# define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000U +/* Don't use compression even if supported */ +# define SSL_OP_NO_COMPRESSION 0x00020000U +/* Permit unsafe legacy renegotiation */ +# define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000U +/* Disable encrypt-then-mac */ +# define SSL_OP_NO_ENCRYPT_THEN_MAC 0x00080000U + +/* + * Enable TLSv1.3 Compatibility mode. This is on by default. A future version + * of OpenSSL may have this disabled by default. + */ +# define SSL_OP_ENABLE_MIDDLEBOX_COMPAT 0x00100000U + +/* Prioritize Chacha20Poly1305 when client does. + * Modifies SSL_OP_CIPHER_SERVER_PREFERENCE */ +# define SSL_OP_PRIORITIZE_CHACHA 0x00200000U + +/* + * Set on servers to choose the cipher according to the server's preferences + */ +# define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000U +/* + * If set, a server will allow a client to issue a SSLv3.0 version number as + * latest version supported in the premaster secret, even when TLSv1.0 + * (version 3.1) was announced in the client hello. Normally this is + * forbidden to prevent version rollback attacks. + */ +# define SSL_OP_TLS_ROLLBACK_BUG 0x00800000U + +/* + * Switches off automatic TLSv1.3 anti-replay protection for early data. This + * is a server-side option only (no effect on the client). + */ +# define SSL_OP_NO_ANTI_REPLAY 0x01000000U + +# define SSL_OP_NO_SSLv3 0x02000000U +# define SSL_OP_NO_TLSv1 0x04000000U +# define SSL_OP_NO_TLSv1_2 0x08000000U +# define SSL_OP_NO_TLSv1_1 0x10000000U +# define SSL_OP_NO_TLSv1_3 0x20000000U + +# define SSL_OP_NO_DTLSv1 0x04000000U +# define SSL_OP_NO_DTLSv1_2 0x08000000U + +# define SSL_OP_NO_SSL_MASK (SSL_OP_NO_SSLv3|\ + SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2|SSL_OP_NO_TLSv1_3) +# define SSL_OP_NO_DTLS_MASK (SSL_OP_NO_DTLSv1|SSL_OP_NO_DTLSv1_2) + +/* Disallow all renegotiation */ +# define SSL_OP_NO_RENEGOTIATION 0x40000000U + +/* + * Make server add server-hello extension from early version of cryptopro + * draft, when GOST ciphersuite is negotiated. Required for interoperability + * with CryptoPro CSP 3.x + */ +# define SSL_OP_CRYPTOPRO_TLSEXT_BUG 0x80000000U + +/* + * SSL_OP_ALL: various bug workarounds that should be rather harmless. + * This used to be 0x000FFFFFL before 0.9.7. + * This used to be 0x80000BFFU before 1.1.1. + */ +# define SSL_OP_ALL (SSL_OP_CRYPTOPRO_TLSEXT_BUG|\ + SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS|\ + SSL_OP_LEGACY_SERVER_CONNECT|\ + SSL_OP_TLSEXT_PADDING|\ + SSL_OP_SAFARI_ECDHE_ECDSA_BUG) + +/* OBSOLETE OPTIONS: retained for compatibility */ + +/* Removed from OpenSSL 1.1.0. Was 0x00000001L */ +/* Related to removed SSLv2. */ +# define SSL_OP_MICROSOFT_SESS_ID_BUG 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x00000002L */ +/* Related to removed SSLv2. */ +# define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x0 +/* Removed from OpenSSL 0.9.8q and 1.0.0c. Was 0x00000008L */ +/* Dead forever, see CVE-2010-4180 */ +# define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x0 +/* Removed from OpenSSL 1.0.1h and 1.0.2. Was 0x00000010L */ +/* Refers to ancient SSLREF and SSLv2. */ +# define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x00000020 */ +# define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x0 +/* Removed from OpenSSL 0.9.7h and 0.9.8b. Was 0x00000040L */ +# define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x00000080 */ +/* Ancient SSLeay version. */ +# define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x00000100L */ +# define SSL_OP_TLS_D5_BUG 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x00000200L */ +# define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x00080000L */ +# define SSL_OP_SINGLE_ECDH_USE 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x00100000L */ +# define SSL_OP_SINGLE_DH_USE 0x0 +/* Removed from OpenSSL 1.0.1k and 1.0.2. Was 0x00200000L */ +# define SSL_OP_EPHEMERAL_RSA 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x01000000L */ +# define SSL_OP_NO_SSLv2 0x0 +/* Removed from OpenSSL 1.0.1. Was 0x08000000L */ +# define SSL_OP_PKCS1_CHECK_1 0x0 +/* Removed from OpenSSL 1.0.1. Was 0x10000000L */ +# define SSL_OP_PKCS1_CHECK_2 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x20000000L */ +# define SSL_OP_NETSCAPE_CA_DN_BUG 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x40000000L */ +# define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x0 + +/* + * Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success + * when just a single record has been written): + */ +# define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001U +/* + * Make it possible to retry SSL_write() with changed buffer location (buffer + * contents must stay the same!); this is not the default to avoid the + * misconception that non-blocking SSL_write() behaves like non-blocking + * write(): + */ +# define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002U +/* + * Never bother the application with retries if the transport is blocking: + */ +# define SSL_MODE_AUTO_RETRY 0x00000004U +/* Don't attempt to automatically build certificate chain */ +# define SSL_MODE_NO_AUTO_CHAIN 0x00000008U +/* + * Save RAM by releasing read and write buffers when they're empty. (SSL3 and + * TLS only.) Released buffers are freed. + */ +# define SSL_MODE_RELEASE_BUFFERS 0x00000010U +/* + * Send the current time in the Random fields of the ClientHello and + * ServerHello records for compatibility with hypothetical implementations + * that require it. + */ +# define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020U +# define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040U +/* + * Send TLS_FALLBACK_SCSV in the ClientHello. To be set only by applications + * that reconnect with a downgraded protocol version; see + * draft-ietf-tls-downgrade-scsv-00 for details. DO NOT ENABLE THIS if your + * application attempts a normal handshake. Only use this in explicit + * fallback retries, following the guidance in + * draft-ietf-tls-downgrade-scsv-00. + */ +# define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080U +/* + * Support Asynchronous operation + */ +# define SSL_MODE_ASYNC 0x00000100U +/* + * Don't use the kernel TLS data-path for sending. + */ +# define SSL_MODE_NO_KTLS_TX 0x00000200U +/* + * When using DTLS/SCTP, include the terminating zero in the label + * used for computing the endpoint-pair shared secret. Required for + * interoperability with implementations having this bug like these + * older version of OpenSSL: + * - OpenSSL 1.0.0 series + * - OpenSSL 1.0.1 series + * - OpenSSL 1.0.2 series + * - OpenSSL 1.1.0 series + * - OpenSSL 1.1.1 and 1.1.1a + */ +# define SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG 0x00000400U +/* + * Don't use the kernel TLS data-path for receiving. + */ +# define SSL_MODE_NO_KTLS_RX 0x00000800U + +/* Cert related flags */ +/* + * Many implementations ignore some aspects of the TLS standards such as + * enforcing certificate chain algorithms. When this is set we enforce them. + */ +# define SSL_CERT_FLAG_TLS_STRICT 0x00000001U + +/* Suite B modes, takes same values as certificate verify flags */ +# define SSL_CERT_FLAG_SUITEB_128_LOS_ONLY 0x10000 +/* Suite B 192 bit only mode */ +# define SSL_CERT_FLAG_SUITEB_192_LOS 0x20000 +/* Suite B 128 bit mode allowing 192 bit algorithms */ +# define SSL_CERT_FLAG_SUITEB_128_LOS 0x30000 + +/* Perform all sorts of protocol violations for testing purposes */ +# define SSL_CERT_FLAG_BROKEN_PROTOCOL 0x10000000 + +/* Flags for building certificate chains */ +/* Treat any existing certificates as untrusted CAs */ +# define SSL_BUILD_CHAIN_FLAG_UNTRUSTED 0x1 +/* Don't include root CA in chain */ +# define SSL_BUILD_CHAIN_FLAG_NO_ROOT 0x2 +/* Just check certificates already there */ +# define SSL_BUILD_CHAIN_FLAG_CHECK 0x4 +/* Ignore verification errors */ +# define SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR 0x8 +/* Clear verification errors from queue */ +# define SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR 0x10 + +/* Flags returned by SSL_check_chain */ +/* Certificate can be used with this session */ +# define CERT_PKEY_VALID 0x1 +/* Certificate can also be used for signing */ +# define CERT_PKEY_SIGN 0x2 +/* EE certificate signing algorithm OK */ +# define CERT_PKEY_EE_SIGNATURE 0x10 +/* CA signature algorithms OK */ +# define CERT_PKEY_CA_SIGNATURE 0x20 +/* EE certificate parameters OK */ +# define CERT_PKEY_EE_PARAM 0x40 +/* CA certificate parameters OK */ +# define CERT_PKEY_CA_PARAM 0x80 +/* Signing explicitly allowed as opposed to SHA1 fallback */ +# define CERT_PKEY_EXPLICIT_SIGN 0x100 +/* Client CA issuer names match (always set for server cert) */ +# define CERT_PKEY_ISSUER_NAME 0x200 +/* Cert type matches client types (always set for server cert) */ +# define CERT_PKEY_CERT_TYPE 0x400 +/* Cert chain suitable to Suite B */ +# define CERT_PKEY_SUITEB 0x800 + +# define SSL_CONF_FLAG_CMDLINE 0x1 +# define SSL_CONF_FLAG_FILE 0x2 +# define SSL_CONF_FLAG_CLIENT 0x4 +# define SSL_CONF_FLAG_SERVER 0x8 +# define SSL_CONF_FLAG_SHOW_ERRORS 0x10 +# define SSL_CONF_FLAG_CERTIFICATE 0x20 +# define SSL_CONF_FLAG_REQUIRE_PRIVATE 0x40 +/* Configuration value types */ +# define SSL_CONF_TYPE_UNKNOWN 0x0 +# define SSL_CONF_TYPE_STRING 0x1 +# define SSL_CONF_TYPE_FILE 0x2 +# define SSL_CONF_TYPE_DIR 0x3 +# define SSL_CONF_TYPE_NONE 0x4 +# define SSL_CONF_TYPE_STORE 0x5 + +/* Maximum length of the application-controlled segment of a a TLSv1.3 cookie */ +# define SSL_COOKIE_LENGTH 4096 + +/* + * Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, they + * cannot be used to clear bits. + */ + +unsigned long SSL_CTX_get_options(const SSL_CTX *ctx); +unsigned long SSL_get_options(const SSL *s); +unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op); +unsigned long SSL_clear_options(SSL *s, unsigned long op); +unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op); +unsigned long SSL_set_options(SSL *s, unsigned long op); + +# define SSL_CTX_set_mode(ctx,op) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL) +# define SSL_CTX_clear_mode(ctx,op) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL) +# define SSL_CTX_get_mode(ctx) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL) +# define SSL_clear_mode(ssl,op) \ + SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL) +# define SSL_set_mode(ssl,op) \ + SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL) +# define SSL_get_mode(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL) +# define SSL_set_mtu(ssl, mtu) \ + SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL) +# define DTLS_set_link_mtu(ssl, mtu) \ + SSL_ctrl((ssl),DTLS_CTRL_SET_LINK_MTU,(mtu),NULL) +# define DTLS_get_link_min_mtu(ssl) \ + SSL_ctrl((ssl),DTLS_CTRL_GET_LINK_MIN_MTU,0,NULL) + +# define SSL_get_secure_renegotiation_support(ssl) \ + SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL) + +# define SSL_CTX_set_cert_flags(ctx,op) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_CERT_FLAGS,(op),NULL) +# define SSL_set_cert_flags(s,op) \ + SSL_ctrl((s),SSL_CTRL_CERT_FLAGS,(op),NULL) +# define SSL_CTX_clear_cert_flags(ctx,op) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_CERT_FLAGS,(op),NULL) +# define SSL_clear_cert_flags(s,op) \ + SSL_ctrl((s),SSL_CTRL_CLEAR_CERT_FLAGS,(op),NULL) + +void SSL_CTX_set_msg_callback(SSL_CTX *ctx, + void (*cb) (int write_p, int version, + int content_type, const void *buf, + size_t len, SSL *ssl, void *arg)); +void SSL_set_msg_callback(SSL *ssl, + void (*cb) (int write_p, int version, + int content_type, const void *buf, + size_t len, SSL *ssl, void *arg)); +# define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) +# define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) + +# define SSL_get_extms_support(s) \ + SSL_ctrl((s),SSL_CTRL_GET_EXTMS_SUPPORT,0,NULL) + +# ifndef OPENSSL_NO_SRP + +/* see tls_srp.c */ +__owur int SSL_SRP_CTX_init(SSL *s); +__owur int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx); +int SSL_SRP_CTX_free(SSL *ctx); +int SSL_CTX_SRP_CTX_free(SSL_CTX *ctx); +__owur int SSL_srp_server_param_with_username(SSL *s, int *ad); +__owur int SRP_Calc_A_param(SSL *s); + +# endif + +/* 100k max cert list */ +# define SSL_MAX_CERT_LIST_DEFAULT 1024*100 + +# define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT (1024*20) + +/* + * This callback type is used inside SSL_CTX, SSL, and in the functions that + * set them. It is used to override the generation of SSL/TLS session IDs in + * a server. Return value should be zero on an error, non-zero to proceed. + * Also, callbacks should themselves check if the id they generate is unique + * otherwise the SSL handshake will fail with an error - callbacks can do + * this using the 'ssl' value they're passed by; + * SSL_has_matching_session_id(ssl, id, *id_len) The length value passed in + * is set at the maximum size the session ID can be. In SSLv3/TLSv1 it is 32 + * bytes. The callback can alter this length to be less if desired. It is + * also an error for the callback to set the size to zero. + */ +typedef int (*GEN_SESSION_CB) (SSL *ssl, unsigned char *id, + unsigned int *id_len); + +# define SSL_SESS_CACHE_OFF 0x0000 +# define SSL_SESS_CACHE_CLIENT 0x0001 +# define SSL_SESS_CACHE_SERVER 0x0002 +# define SSL_SESS_CACHE_BOTH (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER) +# define SSL_SESS_CACHE_NO_AUTO_CLEAR 0x0080 +/* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */ +# define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100 +# define SSL_SESS_CACHE_NO_INTERNAL_STORE 0x0200 +# define SSL_SESS_CACHE_NO_INTERNAL \ + (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE) + +LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx); +# define SSL_CTX_sess_number(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL) +# define SSL_CTX_sess_connect(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL) +# define SSL_CTX_sess_connect_good(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL) +# define SSL_CTX_sess_connect_renegotiate(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL) +# define SSL_CTX_sess_accept(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL) +# define SSL_CTX_sess_accept_renegotiate(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL) +# define SSL_CTX_sess_accept_good(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL) +# define SSL_CTX_sess_hits(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL) +# define SSL_CTX_sess_cb_hits(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL) +# define SSL_CTX_sess_misses(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL) +# define SSL_CTX_sess_timeouts(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL) +# define SSL_CTX_sess_cache_full(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL) + +void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, + int (*new_session_cb) (struct ssl_st *ssl, + SSL_SESSION *sess)); +int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)) (struct ssl_st *ssl, + SSL_SESSION *sess); +void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, + void (*remove_session_cb) (struct ssl_ctx_st + *ctx, + SSL_SESSION *sess)); +void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)) (struct ssl_ctx_st *ctx, + SSL_SESSION *sess); +void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, + SSL_SESSION *(*get_session_cb) (struct ssl_st + *ssl, + const unsigned char + *data, int len, + int *copy)); +SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx)) (struct ssl_st *ssl, + const unsigned char *data, + int len, int *copy); +void SSL_CTX_set_info_callback(SSL_CTX *ctx, + void (*cb) (const SSL *ssl, int type, int val)); +void (*SSL_CTX_get_info_callback(SSL_CTX *ctx)) (const SSL *ssl, int type, + int val); +void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, + int (*client_cert_cb) (SSL *ssl, X509 **x509, + EVP_PKEY **pkey)); +int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx)) (SSL *ssl, X509 **x509, + EVP_PKEY **pkey); +# ifndef OPENSSL_NO_ENGINE +__owur int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e); +# endif +void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, + int (*app_gen_cookie_cb) (SSL *ssl, + unsigned char + *cookie, + unsigned int + *cookie_len)); +void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, + int (*app_verify_cookie_cb) (SSL *ssl, + const unsigned + char *cookie, + unsigned int + cookie_len)); + +void SSL_CTX_set_stateless_cookie_generate_cb( + SSL_CTX *ctx, + int (*gen_stateless_cookie_cb) (SSL *ssl, + unsigned char *cookie, + size_t *cookie_len)); +void SSL_CTX_set_stateless_cookie_verify_cb( + SSL_CTX *ctx, + int (*verify_stateless_cookie_cb) (SSL *ssl, + const unsigned char *cookie, + size_t cookie_len)); +# ifndef OPENSSL_NO_NEXTPROTONEG + +typedef int (*SSL_CTX_npn_advertised_cb_func)(SSL *ssl, + const unsigned char **out, + unsigned int *outlen, + void *arg); +void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s, + SSL_CTX_npn_advertised_cb_func cb, + void *arg); +# define SSL_CTX_set_npn_advertised_cb SSL_CTX_set_next_protos_advertised_cb + +typedef int (*SSL_CTX_npn_select_cb_func)(SSL *s, + unsigned char **out, + unsigned char *outlen, + const unsigned char *in, + unsigned int inlen, + void *arg); +void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s, + SSL_CTX_npn_select_cb_func cb, + void *arg); +# define SSL_CTX_set_npn_select_cb SSL_CTX_set_next_proto_select_cb + +void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, + unsigned *len); +# define SSL_get0_npn_negotiated SSL_get0_next_proto_negotiated +# endif + +__owur int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, + const unsigned char *in, unsigned int inlen, + const unsigned char *client, + unsigned int client_len); + +# define OPENSSL_NPN_UNSUPPORTED 0 +# define OPENSSL_NPN_NEGOTIATED 1 +# define OPENSSL_NPN_NO_OVERLAP 2 + +__owur int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, + unsigned int protos_len); +__owur int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos, + unsigned int protos_len); +typedef int (*SSL_CTX_alpn_select_cb_func)(SSL *ssl, + const unsigned char **out, + unsigned char *outlen, + const unsigned char *in, + unsigned int inlen, + void *arg); +void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, + SSL_CTX_alpn_select_cb_func cb, + void *arg); +void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, + unsigned int *len); + +# ifndef OPENSSL_NO_PSK +/* + * the maximum length of the buffer given to callbacks containing the + * resulting identity/psk + */ +# define PSK_MAX_IDENTITY_LEN 128 +# define PSK_MAX_PSK_LEN 256 +typedef unsigned int (*SSL_psk_client_cb_func)(SSL *ssl, + const char *hint, + char *identity, + unsigned int max_identity_len, + unsigned char *psk, + unsigned int max_psk_len); +void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, SSL_psk_client_cb_func cb); +void SSL_set_psk_client_callback(SSL *ssl, SSL_psk_client_cb_func cb); + +typedef unsigned int (*SSL_psk_server_cb_func)(SSL *ssl, + const char *identity, + unsigned char *psk, + unsigned int max_psk_len); +void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb); +void SSL_set_psk_server_callback(SSL *ssl, SSL_psk_server_cb_func cb); + +__owur int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint); +__owur int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint); +const char *SSL_get_psk_identity_hint(const SSL *s); +const char *SSL_get_psk_identity(const SSL *s); +# endif + +typedef int (*SSL_psk_find_session_cb_func)(SSL *ssl, + const unsigned char *identity, + size_t identity_len, + SSL_SESSION **sess); +typedef int (*SSL_psk_use_session_cb_func)(SSL *ssl, const EVP_MD *md, + const unsigned char **id, + size_t *idlen, + SSL_SESSION **sess); + +void SSL_set_psk_find_session_callback(SSL *s, SSL_psk_find_session_cb_func cb); +void SSL_CTX_set_psk_find_session_callback(SSL_CTX *ctx, + SSL_psk_find_session_cb_func cb); +void SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb); +void SSL_CTX_set_psk_use_session_callback(SSL_CTX *ctx, + SSL_psk_use_session_cb_func cb); + +/* Register callbacks to handle custom TLS Extensions for client or server. */ + +__owur int SSL_CTX_has_client_custom_ext(const SSL_CTX *ctx, + unsigned int ext_type); + +__owur int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, + unsigned int ext_type, + custom_ext_add_cb add_cb, + custom_ext_free_cb free_cb, + void *add_arg, + custom_ext_parse_cb parse_cb, + void *parse_arg); + +__owur int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, + unsigned int ext_type, + custom_ext_add_cb add_cb, + custom_ext_free_cb free_cb, + void *add_arg, + custom_ext_parse_cb parse_cb, + void *parse_arg); + +__owur int SSL_CTX_add_custom_ext(SSL_CTX *ctx, unsigned int ext_type, + unsigned int context, + SSL_custom_ext_add_cb_ex add_cb, + SSL_custom_ext_free_cb_ex free_cb, + void *add_arg, + SSL_custom_ext_parse_cb_ex parse_cb, + void *parse_arg); + +__owur int SSL_extension_supported(unsigned int ext_type); + +# define SSL_NOTHING 1 +# define SSL_WRITING 2 +# define SSL_READING 3 +# define SSL_X509_LOOKUP 4 +# define SSL_ASYNC_PAUSED 5 +# define SSL_ASYNC_NO_JOBS 6 +# define SSL_CLIENT_HELLO_CB 7 + +/* These will only be used when doing non-blocking IO */ +# define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING) +# define SSL_want_read(s) (SSL_want(s) == SSL_READING) +# define SSL_want_write(s) (SSL_want(s) == SSL_WRITING) +# define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP) +# define SSL_want_async(s) (SSL_want(s) == SSL_ASYNC_PAUSED) +# define SSL_want_async_job(s) (SSL_want(s) == SSL_ASYNC_NO_JOBS) +# define SSL_want_client_hello_cb(s) (SSL_want(s) == SSL_CLIENT_HELLO_CB) + +# define SSL_MAC_FLAG_READ_MAC_STREAM 1 +# define SSL_MAC_FLAG_WRITE_MAC_STREAM 2 + +/* + * A callback for logging out TLS key material. This callback should log out + * |line| followed by a newline. + */ +typedef void (*SSL_CTX_keylog_cb_func)(const SSL *ssl, const char *line); + +/* + * SSL_CTX_set_keylog_callback configures a callback to log key material. This + * is intended for debugging use with tools like Wireshark. The cb function + * should log line followed by a newline. + */ +void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb); + +/* + * SSL_CTX_get_keylog_callback returns the callback configured by + * SSL_CTX_set_keylog_callback. + */ +SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx); + +int SSL_CTX_set_max_early_data(SSL_CTX *ctx, uint32_t max_early_data); +uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx); +int SSL_set_max_early_data(SSL *s, uint32_t max_early_data); +uint32_t SSL_get_max_early_data(const SSL *s); +int SSL_CTX_set_recv_max_early_data(SSL_CTX *ctx, uint32_t recv_max_early_data); +uint32_t SSL_CTX_get_recv_max_early_data(const SSL_CTX *ctx); +int SSL_set_recv_max_early_data(SSL *s, uint32_t recv_max_early_data); +uint32_t SSL_get_recv_max_early_data(const SSL *s); + +#ifdef __cplusplus +} +#endif + +# include +# include +# include /* This is mostly sslv3 with a few tweaks */ +# include /* Datagram TLS */ +# include /* Support for the use_srtp extension */ + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * These need to be after the above set of includes due to a compiler bug + * in VisualStudio 2015 + */ +DEFINE_STACK_OF_CONST(SSL_CIPHER) +DEFINE_STACK_OF(SSL_COMP) + +/* compatibility */ +# define SSL_set_app_data(s,arg) (SSL_set_ex_data(s,0,(char *)(arg))) +# define SSL_get_app_data(s) (SSL_get_ex_data(s,0)) +# define SSL_SESSION_set_app_data(s,a) (SSL_SESSION_set_ex_data(s,0, \ + (char *)(a))) +# define SSL_SESSION_get_app_data(s) (SSL_SESSION_get_ex_data(s,0)) +# define SSL_CTX_get_app_data(ctx) (SSL_CTX_get_ex_data(ctx,0)) +# define SSL_CTX_set_app_data(ctx,arg) (SSL_CTX_set_ex_data(ctx,0, \ + (char *)(arg))) +DEPRECATEDIN_1_1_0(void SSL_set_debug(SSL *s, int debug)) + +/* TLSv1.3 KeyUpdate message types */ +/* -1 used so that this is an invalid value for the on-the-wire protocol */ +#define SSL_KEY_UPDATE_NONE -1 +/* Values as defined for the on-the-wire protocol */ +#define SSL_KEY_UPDATE_NOT_REQUESTED 0 +#define SSL_KEY_UPDATE_REQUESTED 1 + +/* + * The valid handshake states (one for each type message sent and one for each + * type of message received). There are also two "special" states: + * TLS = TLS or DTLS state + * DTLS = DTLS specific state + * CR/SR = Client Read/Server Read + * CW/SW = Client Write/Server Write + * + * The "special" states are: + * TLS_ST_BEFORE = No handshake has been initiated yet + * TLS_ST_OK = A handshake has been successfully completed + */ +typedef enum { + TLS_ST_BEFORE, + TLS_ST_OK, + DTLS_ST_CR_HELLO_VERIFY_REQUEST, + TLS_ST_CR_SRVR_HELLO, + TLS_ST_CR_CERT, + TLS_ST_CR_CERT_STATUS, + TLS_ST_CR_KEY_EXCH, + TLS_ST_CR_CERT_REQ, + TLS_ST_CR_SRVR_DONE, + TLS_ST_CR_SESSION_TICKET, + TLS_ST_CR_CHANGE, + TLS_ST_CR_FINISHED, + TLS_ST_CW_CLNT_HELLO, + TLS_ST_CW_CERT, + TLS_ST_CW_KEY_EXCH, + TLS_ST_CW_CERT_VRFY, + TLS_ST_CW_CHANGE, + TLS_ST_CW_NEXT_PROTO, + TLS_ST_CW_FINISHED, + TLS_ST_SW_HELLO_REQ, + TLS_ST_SR_CLNT_HELLO, + DTLS_ST_SW_HELLO_VERIFY_REQUEST, + TLS_ST_SW_SRVR_HELLO, + TLS_ST_SW_CERT, + TLS_ST_SW_KEY_EXCH, + TLS_ST_SW_CERT_REQ, + TLS_ST_SW_SRVR_DONE, + TLS_ST_SR_CERT, + TLS_ST_SR_KEY_EXCH, + TLS_ST_SR_CERT_VRFY, + TLS_ST_SR_NEXT_PROTO, + TLS_ST_SR_CHANGE, + TLS_ST_SR_FINISHED, + TLS_ST_SW_SESSION_TICKET, + TLS_ST_SW_CERT_STATUS, + TLS_ST_SW_CHANGE, + TLS_ST_SW_FINISHED, + TLS_ST_SW_ENCRYPTED_EXTENSIONS, + TLS_ST_CR_ENCRYPTED_EXTENSIONS, + TLS_ST_CR_CERT_VRFY, + TLS_ST_SW_CERT_VRFY, + TLS_ST_CR_HELLO_REQ, + TLS_ST_SW_KEY_UPDATE, + TLS_ST_CW_KEY_UPDATE, + TLS_ST_SR_KEY_UPDATE, + TLS_ST_CR_KEY_UPDATE, + TLS_ST_EARLY_DATA, + TLS_ST_PENDING_EARLY_DATA_END, + TLS_ST_CW_END_OF_EARLY_DATA, + TLS_ST_SR_END_OF_EARLY_DATA +} OSSL_HANDSHAKE_STATE; + +/* + * Most of the following state values are no longer used and are defined to be + * the closest equivalent value in the current state machine code. Not all + * defines have an equivalent and are set to a dummy value (-1). SSL_ST_CONNECT + * and SSL_ST_ACCEPT are still in use in the definition of SSL_CB_ACCEPT_LOOP, + * SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP and SSL_CB_CONNECT_EXIT. + */ + +# define SSL_ST_CONNECT 0x1000 +# define SSL_ST_ACCEPT 0x2000 + +# define SSL_ST_MASK 0x0FFF + +# define SSL_CB_LOOP 0x01 +# define SSL_CB_EXIT 0x02 +# define SSL_CB_READ 0x04 +# define SSL_CB_WRITE 0x08 +# define SSL_CB_ALERT 0x4000/* used in callback */ +# define SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ) +# define SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE) +# define SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP) +# define SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT) +# define SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP) +# define SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT) +# define SSL_CB_HANDSHAKE_START 0x10 +# define SSL_CB_HANDSHAKE_DONE 0x20 + +/* Is the SSL_connection established? */ +# define SSL_in_connect_init(a) (SSL_in_init(a) && !SSL_is_server(a)) +# define SSL_in_accept_init(a) (SSL_in_init(a) && SSL_is_server(a)) +int SSL_in_init(const SSL *s); +int SSL_in_before(const SSL *s); +int SSL_is_init_finished(const SSL *s); + +/* + * The following 3 states are kept in ssl->rlayer.rstate when reads fail, you + * should not need these + */ +# define SSL_ST_READ_HEADER 0xF0 +# define SSL_ST_READ_BODY 0xF1 +# define SSL_ST_READ_DONE 0xF2 + +/*- + * Obtain latest Finished message + * -- that we sent (SSL_get_finished) + * -- that we expected from peer (SSL_get_peer_finished). + * Returns length (0 == no Finished so far), copies up to 'count' bytes. + */ +size_t SSL_get_finished(const SSL *s, void *buf, size_t count); +size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); + +/* + * use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 3 options are + * 'ored' with SSL_VERIFY_PEER if they are desired + */ +# define SSL_VERIFY_NONE 0x00 +# define SSL_VERIFY_PEER 0x01 +# define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02 +# define SSL_VERIFY_CLIENT_ONCE 0x04 +# define SSL_VERIFY_POST_HANDSHAKE 0x08 + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define OpenSSL_add_ssl_algorithms() SSL_library_init() +# define SSLeay_add_ssl_algorithms() SSL_library_init() +# endif + +/* More backward compatibility */ +# define SSL_get_cipher(s) \ + SSL_CIPHER_get_name(SSL_get_current_cipher(s)) +# define SSL_get_cipher_bits(s,np) \ + SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np) +# define SSL_get_cipher_version(s) \ + SSL_CIPHER_get_version(SSL_get_current_cipher(s)) +# define SSL_get_cipher_name(s) \ + SSL_CIPHER_get_name(SSL_get_current_cipher(s)) +# define SSL_get_time(a) SSL_SESSION_get_time(a) +# define SSL_set_time(a,b) SSL_SESSION_set_time((a),(b)) +# define SSL_get_timeout(a) SSL_SESSION_get_timeout(a) +# define SSL_set_timeout(a,b) SSL_SESSION_set_timeout((a),(b)) + +# define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id) +# define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id) + +DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) +# define SSL_AD_REASON_OFFSET 1000/* offset to get SSL_R_... value + * from SSL_AD_... */ +/* These alert types are for SSLv3 and TLSv1 */ +# define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY +/* fatal */ +# define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE +/* fatal */ +# define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC +# define SSL_AD_DECRYPTION_FAILED TLS1_AD_DECRYPTION_FAILED +# define SSL_AD_RECORD_OVERFLOW TLS1_AD_RECORD_OVERFLOW +/* fatal */ +# define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE +/* fatal */ +# define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE +/* Not for TLS */ +# define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE +# define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE +# define SSL_AD_UNSUPPORTED_CERTIFICATE SSL3_AD_UNSUPPORTED_CERTIFICATE +# define SSL_AD_CERTIFICATE_REVOKED SSL3_AD_CERTIFICATE_REVOKED +# define SSL_AD_CERTIFICATE_EXPIRED SSL3_AD_CERTIFICATE_EXPIRED +# define SSL_AD_CERTIFICATE_UNKNOWN SSL3_AD_CERTIFICATE_UNKNOWN +/* fatal */ +# define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER +/* fatal */ +# define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA +/* fatal */ +# define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED +/* fatal */ +# define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR +# define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR +/* fatal */ +# define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION +/* fatal */ +# define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION +/* fatal */ +# define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY +/* fatal */ +# define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR +# define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED +# define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION +# define SSL_AD_MISSING_EXTENSION TLS13_AD_MISSING_EXTENSION +# define SSL_AD_CERTIFICATE_REQUIRED TLS13_AD_CERTIFICATE_REQUIRED +# define SSL_AD_UNSUPPORTED_EXTENSION TLS1_AD_UNSUPPORTED_EXTENSION +# define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE +# define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME +# define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE +# define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE +/* fatal */ +# define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY +/* fatal */ +# define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK +# define SSL_AD_NO_APPLICATION_PROTOCOL TLS1_AD_NO_APPLICATION_PROTOCOL +# define SSL_ERROR_NONE 0 +# define SSL_ERROR_SSL 1 +# define SSL_ERROR_WANT_READ 2 +# define SSL_ERROR_WANT_WRITE 3 +# define SSL_ERROR_WANT_X509_LOOKUP 4 +# define SSL_ERROR_SYSCALL 5/* look at error stack/return + * value/errno */ +# define SSL_ERROR_ZERO_RETURN 6 +# define SSL_ERROR_WANT_CONNECT 7 +# define SSL_ERROR_WANT_ACCEPT 8 +# define SSL_ERROR_WANT_ASYNC 9 +# define SSL_ERROR_WANT_ASYNC_JOB 10 +# define SSL_ERROR_WANT_CLIENT_HELLO_CB 11 +# define SSL_CTRL_SET_TMP_DH 3 +# define SSL_CTRL_SET_TMP_ECDH 4 +# define SSL_CTRL_SET_TMP_DH_CB 6 +# define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9 +# define SSL_CTRL_GET_NUM_RENEGOTIATIONS 10 +# define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 11 +# define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 12 +# define SSL_CTRL_GET_FLAGS 13 +# define SSL_CTRL_EXTRA_CHAIN_CERT 14 +# define SSL_CTRL_SET_MSG_CALLBACK 15 +# define SSL_CTRL_SET_MSG_CALLBACK_ARG 16 +/* only applies to datagram connections */ +# define SSL_CTRL_SET_MTU 17 +/* Stats */ +# define SSL_CTRL_SESS_NUMBER 20 +# define SSL_CTRL_SESS_CONNECT 21 +# define SSL_CTRL_SESS_CONNECT_GOOD 22 +# define SSL_CTRL_SESS_CONNECT_RENEGOTIATE 23 +# define SSL_CTRL_SESS_ACCEPT 24 +# define SSL_CTRL_SESS_ACCEPT_GOOD 25 +# define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE 26 +# define SSL_CTRL_SESS_HIT 27 +# define SSL_CTRL_SESS_CB_HIT 28 +# define SSL_CTRL_SESS_MISSES 29 +# define SSL_CTRL_SESS_TIMEOUTS 30 +# define SSL_CTRL_SESS_CACHE_FULL 31 +# define SSL_CTRL_MODE 33 +# define SSL_CTRL_GET_READ_AHEAD 40 +# define SSL_CTRL_SET_READ_AHEAD 41 +# define SSL_CTRL_SET_SESS_CACHE_SIZE 42 +# define SSL_CTRL_GET_SESS_CACHE_SIZE 43 +# define SSL_CTRL_SET_SESS_CACHE_MODE 44 +# define SSL_CTRL_GET_SESS_CACHE_MODE 45 +# define SSL_CTRL_GET_MAX_CERT_LIST 50 +# define SSL_CTRL_SET_MAX_CERT_LIST 51 +# define SSL_CTRL_SET_MAX_SEND_FRAGMENT 52 +/* see tls1.h for macros based on these */ +# define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53 +# define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54 +# define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 +# define SSL_CTRL_SET_TLSEXT_DEBUG_CB 56 +# define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57 +# define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58 +# define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59 +/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT 60 */ +/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB 61 */ +/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62 */ +# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63 +# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64 +# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65 +# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66 +# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS 67 +# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS 68 +# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS 69 +# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70 +# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71 +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72 +# endif +# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB 75 +# define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB 76 +# define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB 77 +# define SSL_CTRL_SET_SRP_ARG 78 +# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 79 +# define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80 +# define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 81 +# define DTLS_CTRL_GET_TIMEOUT 73 +# define DTLS_CTRL_HANDLE_TIMEOUT 74 +# define SSL_CTRL_GET_RI_SUPPORT 76 +# define SSL_CTRL_CLEAR_MODE 78 +# define SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB 79 +# define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82 +# define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83 +# define SSL_CTRL_CHAIN 88 +# define SSL_CTRL_CHAIN_CERT 89 +# define SSL_CTRL_GET_GROUPS 90 +# define SSL_CTRL_SET_GROUPS 91 +# define SSL_CTRL_SET_GROUPS_LIST 92 +# define SSL_CTRL_GET_SHARED_GROUP 93 +# define SSL_CTRL_SET_SIGALGS 97 +# define SSL_CTRL_SET_SIGALGS_LIST 98 +# define SSL_CTRL_CERT_FLAGS 99 +# define SSL_CTRL_CLEAR_CERT_FLAGS 100 +# define SSL_CTRL_SET_CLIENT_SIGALGS 101 +# define SSL_CTRL_SET_CLIENT_SIGALGS_LIST 102 +# define SSL_CTRL_GET_CLIENT_CERT_TYPES 103 +# define SSL_CTRL_SET_CLIENT_CERT_TYPES 104 +# define SSL_CTRL_BUILD_CERT_CHAIN 105 +# define SSL_CTRL_SET_VERIFY_CERT_STORE 106 +# define SSL_CTRL_SET_CHAIN_CERT_STORE 107 +# define SSL_CTRL_GET_PEER_SIGNATURE_NID 108 +# define SSL_CTRL_GET_PEER_TMP_KEY 109 +# define SSL_CTRL_GET_RAW_CIPHERLIST 110 +# define SSL_CTRL_GET_EC_POINT_FORMATS 111 +# define SSL_CTRL_GET_CHAIN_CERTS 115 +# define SSL_CTRL_SELECT_CURRENT_CERT 116 +# define SSL_CTRL_SET_CURRENT_CERT 117 +# define SSL_CTRL_SET_DH_AUTO 118 +# define DTLS_CTRL_SET_LINK_MTU 120 +# define DTLS_CTRL_GET_LINK_MIN_MTU 121 +# define SSL_CTRL_GET_EXTMS_SUPPORT 122 +# define SSL_CTRL_SET_MIN_PROTO_VERSION 123 +# define SSL_CTRL_SET_MAX_PROTO_VERSION 124 +# define SSL_CTRL_SET_SPLIT_SEND_FRAGMENT 125 +# define SSL_CTRL_SET_MAX_PIPELINES 126 +# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE 127 +# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB 128 +# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG 129 +# define SSL_CTRL_GET_MIN_PROTO_VERSION 130 +# define SSL_CTRL_GET_MAX_PROTO_VERSION 131 +# define SSL_CTRL_GET_SIGNATURE_NID 132 +# define SSL_CTRL_GET_TMP_KEY 133 +# define SSL_CTRL_GET_NEGOTIATED_GROUP 134 +# define SSL_CERT_SET_FIRST 1 +# define SSL_CERT_SET_NEXT 2 +# define SSL_CERT_SET_SERVER 3 +# define DTLSv1_get_timeout(ssl, arg) \ + SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)(arg)) +# define DTLSv1_handle_timeout(ssl) \ + SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL) +# define SSL_num_renegotiations(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL) +# define SSL_clear_num_renegotiations(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL) +# define SSL_total_renegotiations(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL) +# define SSL_CTX_set_tmp_dh(ctx,dh) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)(dh)) +# define SSL_CTX_set_dh_auto(ctx, onoff) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_DH_AUTO,onoff,NULL) +# define SSL_set_dh_auto(s, onoff) \ + SSL_ctrl(s,SSL_CTRL_SET_DH_AUTO,onoff,NULL) +# define SSL_set_tmp_dh(ssl,dh) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)(dh)) +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)(ecdh)) +# define SSL_set_tmp_ecdh(ssl,ecdh) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)(ecdh)) +# endif +# define SSL_CTX_add_extra_chain_cert(ctx,x509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)(x509)) +# define SSL_CTX_get_extra_chain_certs(ctx,px509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,0,px509) +# define SSL_CTX_get_extra_chain_certs_only(ctx,px509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,1,px509) +# define SSL_CTX_clear_extra_chain_certs(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL) +# define SSL_CTX_set0_chain(ctx,sk) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,0,(char *)(sk)) +# define SSL_CTX_set1_chain(ctx,sk) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,1,(char *)(sk)) +# define SSL_CTX_add0_chain_cert(ctx,x509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN_CERT,0,(char *)(x509)) +# define SSL_CTX_add1_chain_cert(ctx,x509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN_CERT,1,(char *)(x509)) +# define SSL_CTX_get0_chain_certs(ctx,px509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_CHAIN_CERTS,0,px509) +# define SSL_CTX_clear_chain_certs(ctx) \ + SSL_CTX_set0_chain(ctx,NULL) +# define SSL_CTX_build_cert_chain(ctx, flags) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL) +# define SSL_CTX_select_current_cert(ctx,x509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)(x509)) +# define SSL_CTX_set_current_cert(ctx, op) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CURRENT_CERT, op, NULL) +# define SSL_CTX_set0_verify_cert_store(ctx,st) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)(st)) +# define SSL_CTX_set1_verify_cert_store(ctx,st) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)(st)) +# define SSL_CTX_set0_chain_cert_store(ctx,st) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)(st)) +# define SSL_CTX_set1_chain_cert_store(ctx,st) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)(st)) +# define SSL_set0_chain(s,sk) \ + SSL_ctrl(s,SSL_CTRL_CHAIN,0,(char *)(sk)) +# define SSL_set1_chain(s,sk) \ + SSL_ctrl(s,SSL_CTRL_CHAIN,1,(char *)(sk)) +# define SSL_add0_chain_cert(s,x509) \ + SSL_ctrl(s,SSL_CTRL_CHAIN_CERT,0,(char *)(x509)) +# define SSL_add1_chain_cert(s,x509) \ + SSL_ctrl(s,SSL_CTRL_CHAIN_CERT,1,(char *)(x509)) +# define SSL_get0_chain_certs(s,px509) \ + SSL_ctrl(s,SSL_CTRL_GET_CHAIN_CERTS,0,px509) +# define SSL_clear_chain_certs(s) \ + SSL_set0_chain(s,NULL) +# define SSL_build_cert_chain(s, flags) \ + SSL_ctrl(s,SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL) +# define SSL_select_current_cert(s,x509) \ + SSL_ctrl(s,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)(x509)) +# define SSL_set_current_cert(s,op) \ + SSL_ctrl(s,SSL_CTRL_SET_CURRENT_CERT, op, NULL) +# define SSL_set0_verify_cert_store(s,st) \ + SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)(st)) +# define SSL_set1_verify_cert_store(s,st) \ + SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)(st)) +# define SSL_set0_chain_cert_store(s,st) \ + SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)(st)) +# define SSL_set1_chain_cert_store(s,st) \ + SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)(st)) +# define SSL_get1_groups(s, glist) \ + SSL_ctrl(s,SSL_CTRL_GET_GROUPS,0,(int*)(glist)) +# define SSL_CTX_set1_groups(ctx, glist, glistlen) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(char *)(glist)) +# define SSL_CTX_set1_groups_list(ctx, s) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS_LIST,0,(char *)(s)) +# define SSL_set1_groups(s, glist, glistlen) \ + SSL_ctrl(s,SSL_CTRL_SET_GROUPS,glistlen,(char *)(glist)) +# define SSL_set1_groups_list(s, str) \ + SSL_ctrl(s,SSL_CTRL_SET_GROUPS_LIST,0,(char *)(str)) +# define SSL_get_shared_group(s, n) \ + SSL_ctrl(s,SSL_CTRL_GET_SHARED_GROUP,n,NULL) +# define SSL_get_negotiated_group(s) \ + SSL_ctrl(s,SSL_CTRL_GET_NEGOTIATED_GROUP,0,NULL) +# define SSL_CTX_set1_sigalgs(ctx, slist, slistlen) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)(slist)) +# define SSL_CTX_set1_sigalgs_list(ctx, s) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)(s)) +# define SSL_set1_sigalgs(s, slist, slistlen) \ + SSL_ctrl(s,SSL_CTRL_SET_SIGALGS,slistlen,(int *)(slist)) +# define SSL_set1_sigalgs_list(s, str) \ + SSL_ctrl(s,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)(str)) +# define SSL_CTX_set1_client_sigalgs(ctx, slist, slistlen) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS,slistlen,(int *)(slist)) +# define SSL_CTX_set1_client_sigalgs_list(ctx, s) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)(s)) +# define SSL_set1_client_sigalgs(s, slist, slistlen) \ + SSL_ctrl(s,SSL_CTRL_SET_CLIENT_SIGALGS,slistlen,(int *)(slist)) +# define SSL_set1_client_sigalgs_list(s, str) \ + SSL_ctrl(s,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)(str)) +# define SSL_get0_certificate_types(s, clist) \ + SSL_ctrl(s, SSL_CTRL_GET_CLIENT_CERT_TYPES, 0, (char *)(clist)) +# define SSL_CTX_set1_client_certificate_types(ctx, clist, clistlen) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen, \ + (char *)(clist)) +# define SSL_set1_client_certificate_types(s, clist, clistlen) \ + SSL_ctrl(s,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen,(char *)(clist)) +# define SSL_get_signature_nid(s, pn) \ + SSL_ctrl(s,SSL_CTRL_GET_SIGNATURE_NID,0,pn) +# define SSL_get_peer_signature_nid(s, pn) \ + SSL_ctrl(s,SSL_CTRL_GET_PEER_SIGNATURE_NID,0,pn) +# define SSL_get_peer_tmp_key(s, pk) \ + SSL_ctrl(s,SSL_CTRL_GET_PEER_TMP_KEY,0,pk) +# define SSL_get_tmp_key(s, pk) \ + SSL_ctrl(s,SSL_CTRL_GET_TMP_KEY,0,pk) +# define SSL_get0_raw_cipherlist(s, plst) \ + SSL_ctrl(s,SSL_CTRL_GET_RAW_CIPHERLIST,0,plst) +# define SSL_get0_ec_point_formats(s, plst) \ + SSL_ctrl(s,SSL_CTRL_GET_EC_POINT_FORMATS,0,plst) +# define SSL_CTX_set_min_proto_version(ctx, version) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL) +# define SSL_CTX_set_max_proto_version(ctx, version) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL) +# define SSL_CTX_get_min_proto_version(ctx) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, NULL) +# define SSL_CTX_get_max_proto_version(ctx) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL) +# define SSL_set_min_proto_version(s, version) \ + SSL_ctrl(s, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL) +# define SSL_set_max_proto_version(s, version) \ + SSL_ctrl(s, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL) +# define SSL_get_min_proto_version(s) \ + SSL_ctrl(s, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, NULL) +# define SSL_get_max_proto_version(s) \ + SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL) + +/* Backwards compatibility, original 1.1.0 names */ +# define SSL_CTRL_GET_SERVER_TMP_KEY \ + SSL_CTRL_GET_PEER_TMP_KEY +# define SSL_get_server_tmp_key(s, pk) \ + SSL_get_peer_tmp_key(s, pk) + +/* + * The following symbol names are old and obsolete. They are kept + * for compatibility reasons only and should not be used anymore. + */ +# define SSL_CTRL_GET_CURVES SSL_CTRL_GET_GROUPS +# define SSL_CTRL_SET_CURVES SSL_CTRL_SET_GROUPS +# define SSL_CTRL_SET_CURVES_LIST SSL_CTRL_SET_GROUPS_LIST +# define SSL_CTRL_GET_SHARED_CURVE SSL_CTRL_GET_SHARED_GROUP + +# define SSL_get1_curves SSL_get1_groups +# define SSL_CTX_set1_curves SSL_CTX_set1_groups +# define SSL_CTX_set1_curves_list SSL_CTX_set1_groups_list +# define SSL_set1_curves SSL_set1_groups +# define SSL_set1_curves_list SSL_set1_groups_list +# define SSL_get_shared_curve SSL_get_shared_group + + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +/* Provide some compatibility macros for removed functionality. */ +# define SSL_CTX_need_tmp_RSA(ctx) 0 +# define SSL_CTX_set_tmp_rsa(ctx,rsa) 1 +# define SSL_need_tmp_RSA(ssl) 0 +# define SSL_set_tmp_rsa(ssl,rsa) 1 +# define SSL_CTX_set_ecdh_auto(dummy, onoff) ((onoff) != 0) +# define SSL_set_ecdh_auto(dummy, onoff) ((onoff) != 0) +/* + * We "pretend" to call the callback to avoid warnings about unused static + * functions. + */ +# define SSL_CTX_set_tmp_rsa_callback(ctx, cb) while(0) (cb)(NULL, 0, 0) +# define SSL_set_tmp_rsa_callback(ssl, cb) while(0) (cb)(NULL, 0, 0) +# endif +__owur const BIO_METHOD *BIO_f_ssl(void); +__owur BIO *BIO_new_ssl(SSL_CTX *ctx, int client); +__owur BIO *BIO_new_ssl_connect(SSL_CTX *ctx); +__owur BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx); +__owur int BIO_ssl_copy_session_id(BIO *to, BIO *from); +void BIO_ssl_shutdown(BIO *ssl_bio); + +__owur int SSL_CTX_set_cipher_list(SSL_CTX *, const char *str); +__owur SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth); +__owur SSL_CTX *SSL_CTX_new_with_libctx(OPENSSL_CTX *libctx, const char *propq, + const SSL_METHOD *meth); +int SSL_CTX_up_ref(SSL_CTX *ctx); +void SSL_CTX_free(SSL_CTX *); +__owur long SSL_CTX_set_timeout(SSL_CTX *ctx, long t); +__owur long SSL_CTX_get_timeout(const SSL_CTX *ctx); +__owur X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *); +void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *); +void SSL_CTX_set1_cert_store(SSL_CTX *, X509_STORE *); +__owur int SSL_want(const SSL *s); +__owur int SSL_clear(SSL *s); + +void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm); + +__owur const SSL_CIPHER *SSL_get_current_cipher(const SSL *s); +__owur const SSL_CIPHER *SSL_get_pending_cipher(const SSL *s); +__owur int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits); +__owur const char *SSL_CIPHER_get_version(const SSL_CIPHER *c); +__owur const char *SSL_CIPHER_get_name(const SSL_CIPHER *c); +__owur const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c); +__owur const char *OPENSSL_cipher_name(const char *rfc_name); +__owur uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c); +__owur uint16_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *c); +__owur int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c); +__owur int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c); +__owur const EVP_MD *SSL_CIPHER_get_handshake_digest(const SSL_CIPHER *c); +__owur int SSL_CIPHER_is_aead(const SSL_CIPHER *c); + +__owur int SSL_get_fd(const SSL *s); +__owur int SSL_get_rfd(const SSL *s); +__owur int SSL_get_wfd(const SSL *s); +__owur const char *SSL_get_cipher_list(const SSL *s, int n); +__owur char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size); +__owur int SSL_get_read_ahead(const SSL *s); +__owur int SSL_pending(const SSL *s); +__owur int SSL_has_pending(const SSL *s); +# ifndef OPENSSL_NO_SOCK +__owur int SSL_set_fd(SSL *s, int fd); +__owur int SSL_set_rfd(SSL *s, int fd); +__owur int SSL_set_wfd(SSL *s, int fd); +# endif +void SSL_set0_rbio(SSL *s, BIO *rbio); +void SSL_set0_wbio(SSL *s, BIO *wbio); +void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio); +__owur BIO *SSL_get_rbio(const SSL *s); +__owur BIO *SSL_get_wbio(const SSL *s); +__owur int SSL_set_cipher_list(SSL *s, const char *str); +__owur int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str); +__owur int SSL_set_ciphersuites(SSL *s, const char *str); +void SSL_set_read_ahead(SSL *s, int yes); +__owur int SSL_get_verify_mode(const SSL *s); +__owur int SSL_get_verify_depth(const SSL *s); +__owur SSL_verify_cb SSL_get_verify_callback(const SSL *s); +void SSL_set_verify(SSL *s, int mode, SSL_verify_cb callback); +void SSL_set_verify_depth(SSL *s, int depth); +void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg); +# ifndef OPENSSL_NO_RSA +__owur int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); +__owur int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const unsigned char *d, + long len); +# endif +__owur int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); +__owur int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d, + long len); +__owur int SSL_use_certificate(SSL *ssl, X509 *x); +__owur int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len); +__owur int SSL_use_cert_and_key(SSL *ssl, X509 *x509, EVP_PKEY *privatekey, + STACK_OF(X509) *chain, int override); + + +/* serverinfo file format versions */ +# define SSL_SERVERINFOV1 1 +# define SSL_SERVERINFOV2 2 + +/* Set serverinfo data for the current active cert. */ +__owur int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo, + size_t serverinfo_length); +__owur int SSL_CTX_use_serverinfo_ex(SSL_CTX *ctx, unsigned int version, + const unsigned char *serverinfo, + size_t serverinfo_length); +__owur int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file); + +#ifndef OPENSSL_NO_RSA +__owur int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); +#endif + +__owur int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type); +__owur int SSL_use_certificate_file(SSL *ssl, const char *file, int type); + +#ifndef OPENSSL_NO_RSA +__owur int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, + int type); +#endif +__owur int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, + int type); +__owur int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, + int type); +/* PEM type */ +__owur int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); +__owur int SSL_use_certificate_chain_file(SSL *ssl, const char *file); +__owur STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); +__owur int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, + const char *file); +int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, + const char *dir); +int SSL_add_store_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, + const char *uri); + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define SSL_load_error_strings() \ + OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS \ + | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL) +# endif + +__owur const char *SSL_state_string(const SSL *s); +__owur const char *SSL_rstate_string(const SSL *s); +__owur const char *SSL_state_string_long(const SSL *s); +__owur const char *SSL_rstate_string_long(const SSL *s); +__owur long SSL_SESSION_get_time(const SSL_SESSION *s); +__owur long SSL_SESSION_set_time(SSL_SESSION *s, long t); +__owur long SSL_SESSION_get_timeout(const SSL_SESSION *s); +__owur long SSL_SESSION_set_timeout(SSL_SESSION *s, long t); +__owur int SSL_SESSION_get_protocol_version(const SSL_SESSION *s); +__owur int SSL_SESSION_set_protocol_version(SSL_SESSION *s, int version); + +__owur const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s); +__owur int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname); +void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s, + const unsigned char **alpn, + size_t *len); +__owur int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s, + const unsigned char *alpn, + size_t len); +__owur const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *s); +__owur int SSL_SESSION_set_cipher(SSL_SESSION *s, const SSL_CIPHER *cipher); +__owur int SSL_SESSION_has_ticket(const SSL_SESSION *s); +__owur unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s); +void SSL_SESSION_get0_ticket(const SSL_SESSION *s, const unsigned char **tick, + size_t *len); +__owur uint32_t SSL_SESSION_get_max_early_data(const SSL_SESSION *s); +__owur int SSL_SESSION_set_max_early_data(SSL_SESSION *s, + uint32_t max_early_data); +__owur int SSL_copy_session_id(SSL *to, const SSL *from); +__owur X509 *SSL_SESSION_get0_peer(SSL_SESSION *s); +__owur int SSL_SESSION_set1_id_context(SSL_SESSION *s, + const unsigned char *sid_ctx, + unsigned int sid_ctx_len); +__owur int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid, + unsigned int sid_len); +__owur int SSL_SESSION_is_resumable(const SSL_SESSION *s); + +__owur SSL_SESSION *SSL_SESSION_new(void); +__owur SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src); +const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, + unsigned int *len); +const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s, + unsigned int *len); +__owur unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s); +# ifndef OPENSSL_NO_STDIO +int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses); +# endif +int SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses); +int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x); +int SSL_SESSION_up_ref(SSL_SESSION *ses); +void SSL_SESSION_free(SSL_SESSION *ses); +__owur int i2d_SSL_SESSION(const SSL_SESSION *in, unsigned char **pp); +__owur int SSL_set_session(SSL *to, SSL_SESSION *session); +int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *session); +int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *session); +__owur int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb); +__owur int SSL_set_generate_session_id(SSL *s, GEN_SESSION_CB cb); +__owur int SSL_has_matching_session_id(const SSL *s, + const unsigned char *id, + unsigned int id_len); +SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, + long length); + +# ifdef OPENSSL_X509_H +__owur X509 *SSL_get_peer_certificate(const SSL *s); +# endif + +__owur STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s); + +__owur int SSL_CTX_get_verify_mode(const SSL_CTX *ctx); +__owur int SSL_CTX_get_verify_depth(const SSL_CTX *ctx); +__owur SSL_verify_cb SSL_CTX_get_verify_callback(const SSL_CTX *ctx); +void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, SSL_verify_cb callback); +void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth); +void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, + int (*cb) (X509_STORE_CTX *, void *), + void *arg); +void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb) (SSL *ssl, void *arg), + void *arg); +# ifndef OPENSSL_NO_RSA +__owur int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); +__owur int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, + long len); +# endif +__owur int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); +__owur int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, + const unsigned char *d, long len); +__owur int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); +__owur int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, + const unsigned char *d); +__owur int SSL_CTX_use_cert_and_key(SSL_CTX *ctx, X509 *x509, EVP_PKEY *privatekey, + STACK_OF(X509) *chain, int override); + +void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb); +void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u); +pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx); +void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx); +void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb); +void SSL_set_default_passwd_cb_userdata(SSL *s, void *u); +pem_password_cb *SSL_get_default_passwd_cb(SSL *s); +void *SSL_get_default_passwd_cb_userdata(SSL *s); + +__owur int SSL_CTX_check_private_key(const SSL_CTX *ctx); +__owur int SSL_check_private_key(const SSL *ctx); + +__owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx, + const unsigned char *sid_ctx, + unsigned int sid_ctx_len); + +SSL *SSL_new(SSL_CTX *ctx); +int SSL_up_ref(SSL *s); +int SSL_is_dtls(const SSL *s); +__owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, + unsigned int sid_ctx_len); + +__owur int SSL_CTX_set_purpose(SSL_CTX *ctx, int purpose); +__owur int SSL_set_purpose(SSL *ssl, int purpose); +__owur int SSL_CTX_set_trust(SSL_CTX *ctx, int trust); +__owur int SSL_set_trust(SSL *ssl, int trust); + +__owur int SSL_set1_host(SSL *s, const char *hostname); +__owur int SSL_add1_host(SSL *s, const char *hostname); +__owur const char *SSL_get0_peername(SSL *s); +void SSL_set_hostflags(SSL *s, unsigned int flags); + +__owur int SSL_CTX_dane_enable(SSL_CTX *ctx); +__owur int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md, + uint8_t mtype, uint8_t ord); +__owur int SSL_dane_enable(SSL *s, const char *basedomain); +__owur int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector, + uint8_t mtype, unsigned const char *data, size_t dlen); +__owur int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki); +__owur int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector, + uint8_t *mtype, unsigned const char **data, + size_t *dlen); +/* + * Bridge opacity barrier between libcrypt and libssl, also needed to support + * offline testing in test/danetest.c + */ +SSL_DANE *SSL_get0_dane(SSL *ssl); +/* + * DANE flags + */ +unsigned long SSL_CTX_dane_set_flags(SSL_CTX *ctx, unsigned long flags); +unsigned long SSL_CTX_dane_clear_flags(SSL_CTX *ctx, unsigned long flags); +unsigned long SSL_dane_set_flags(SSL *ssl, unsigned long flags); +unsigned long SSL_dane_clear_flags(SSL *ssl, unsigned long flags); + +__owur int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm); +__owur int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm); + +__owur X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx); +__owur X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl); + +# ifndef OPENSSL_NO_SRP +int SSL_CTX_set_srp_username(SSL_CTX *ctx, char *name); +int SSL_CTX_set_srp_password(SSL_CTX *ctx, char *password); +int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength); +int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx, + char *(*cb) (SSL *, void *)); +int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx, + int (*cb) (SSL *, void *)); +int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx, + int (*cb) (SSL *, int *, void *)); +int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg); + +int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g, + BIGNUM *sa, BIGNUM *v, char *info); +int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass, + const char *grp); + +__owur BIGNUM *SSL_get_srp_g(SSL *s); +__owur BIGNUM *SSL_get_srp_N(SSL *s); + +__owur char *SSL_get_srp_username(SSL *s); +__owur char *SSL_get_srp_userinfo(SSL *s); +# endif + +/* + * ClientHello callback and helpers. + */ + +# define SSL_CLIENT_HELLO_SUCCESS 1 +# define SSL_CLIENT_HELLO_ERROR 0 +# define SSL_CLIENT_HELLO_RETRY (-1) + +typedef int (*SSL_client_hello_cb_fn) (SSL *s, int *al, void *arg); +void SSL_CTX_set_client_hello_cb(SSL_CTX *c, SSL_client_hello_cb_fn cb, + void *arg); +int SSL_client_hello_isv2(SSL *s); +unsigned int SSL_client_hello_get0_legacy_version(SSL *s); +size_t SSL_client_hello_get0_random(SSL *s, const unsigned char **out); +size_t SSL_client_hello_get0_session_id(SSL *s, const unsigned char **out); +size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out); +size_t SSL_client_hello_get0_compression_methods(SSL *s, + const unsigned char **out); +int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen); +int SSL_client_hello_get0_ext(SSL *s, unsigned int type, + const unsigned char **out, size_t *outlen); + +void SSL_certs_clear(SSL *s); +void SSL_free(SSL *ssl); +# ifdef OSSL_ASYNC_FD +/* + * Windows application developer has to include windows.h to use these. + */ +__owur int SSL_waiting_for_async(SSL *s); +__owur int SSL_get_all_async_fds(SSL *s, OSSL_ASYNC_FD *fds, size_t *numfds); +__owur int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd, + size_t *numaddfds, OSSL_ASYNC_FD *delfd, + size_t *numdelfds); +__owur int SSL_CTX_set_async_callback(SSL_CTX *ctx, SSL_async_callback_fn callback); +__owur int SSL_CTX_set_async_callback_arg(SSL_CTX *ctx, void *arg); +__owur int SSL_set_async_callback(SSL *s, SSL_async_callback_fn callback); +__owur int SSL_set_async_callback_arg(SSL *s, void *arg); +__owur int SSL_get_async_status(SSL *s, int *status); + +# endif +__owur int SSL_accept(SSL *ssl); +__owur int SSL_stateless(SSL *s); +__owur int SSL_connect(SSL *ssl); +__owur int SSL_read(SSL *ssl, void *buf, int num); +__owur int SSL_read_ex(SSL *ssl, void *buf, size_t num, size_t *readbytes); + +# define SSL_READ_EARLY_DATA_ERROR 0 +# define SSL_READ_EARLY_DATA_SUCCESS 1 +# define SSL_READ_EARLY_DATA_FINISH 2 + +__owur int SSL_read_early_data(SSL *s, void *buf, size_t num, + size_t *readbytes); +__owur int SSL_peek(SSL *ssl, void *buf, int num); +__owur int SSL_peek_ex(SSL *ssl, void *buf, size_t num, size_t *readbytes); +__owur ossl_ssize_t SSL_sendfile(SSL *s, int fd, off_t offset, size_t size, + int flags); +__owur int SSL_write(SSL *ssl, const void *buf, int num); +__owur int SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *written); +__owur int SSL_write_early_data(SSL *s, const void *buf, size_t num, + size_t *written); +long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg); +long SSL_callback_ctrl(SSL *, int, void (*)(void)); +long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg); +long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void)); + +# define SSL_EARLY_DATA_NOT_SENT 0 +# define SSL_EARLY_DATA_REJECTED 1 +# define SSL_EARLY_DATA_ACCEPTED 2 + +__owur int SSL_get_early_data_status(const SSL *s); + +__owur int SSL_get_error(const SSL *s, int ret_code); +__owur const char *SSL_get_version(const SSL *s); + +/* This sets the 'default' SSL version that SSL_new() will create */ +__owur int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth); + +# ifndef OPENSSL_NO_SSL3_METHOD +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_method(void)) /* SSLv3 */ +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_server_method(void)) +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_client_method(void)) +# endif + +#define SSLv23_method TLS_method +#define SSLv23_server_method TLS_server_method +#define SSLv23_client_method TLS_client_method + +/* Negotiate highest available SSL/TLS version */ +__owur const SSL_METHOD *TLS_method(void); +__owur const SSL_METHOD *TLS_server_method(void); +__owur const SSL_METHOD *TLS_client_method(void); + +# ifndef OPENSSL_NO_TLS1_METHOD +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_method(void)) /* TLSv1.0 */ +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_server_method(void)) +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_client_method(void)) +# endif + +# ifndef OPENSSL_NO_TLS1_1_METHOD +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_method(void)) /* TLSv1.1 */ +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_server_method(void)) +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_client_method(void)) +# endif + +# ifndef OPENSSL_NO_TLS1_2_METHOD +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_method(void)) /* TLSv1.2 */ +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_server_method(void)) +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_client_method(void)) +# endif + +# ifndef OPENSSL_NO_DTLS1_METHOD +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_method(void)) /* DTLSv1.0 */ +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_server_method(void)) +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_client_method(void)) +# endif + +# ifndef OPENSSL_NO_DTLS1_2_METHOD +/* DTLSv1.2 */ +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_method(void)) +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_server_method(void)) +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_client_method(void)) +# endif + +__owur const SSL_METHOD *DTLS_method(void); /* DTLS 1.0 and 1.2 */ +__owur const SSL_METHOD *DTLS_server_method(void); /* DTLS 1.0 and 1.2 */ +__owur const SSL_METHOD *DTLS_client_method(void); /* DTLS 1.0 and 1.2 */ + +__owur size_t DTLS_get_data_mtu(const SSL *s); + +__owur STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s); +__owur STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx); +__owur STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s); +__owur STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s); + +__owur int SSL_do_handshake(SSL *s); +int SSL_key_update(SSL *s, int updatetype); +int SSL_get_key_update_type(const SSL *s); +int SSL_renegotiate(SSL *s); +int SSL_renegotiate_abbreviated(SSL *s); +__owur int SSL_renegotiate_pending(const SSL *s); +int SSL_shutdown(SSL *s); +__owur int SSL_verify_client_post_handshake(SSL *s); +void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val); +void SSL_set_post_handshake_auth(SSL *s, int val); + +__owur const SSL_METHOD *SSL_CTX_get_ssl_method(const SSL_CTX *ctx); +__owur const SSL_METHOD *SSL_get_ssl_method(const SSL *s); +__owur int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method); +__owur const char *SSL_alert_type_string_long(int value); +__owur const char *SSL_alert_type_string(int value); +__owur const char *SSL_alert_desc_string_long(int value); +__owur const char *SSL_alert_desc_string(int value); + +void SSL_set0_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list); +void SSL_CTX_set0_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); +__owur const STACK_OF(X509_NAME) *SSL_get0_CA_list(const SSL *s); +__owur const STACK_OF(X509_NAME) *SSL_CTX_get0_CA_list(const SSL_CTX *ctx); +__owur int SSL_add1_to_CA_list(SSL *ssl, const X509 *x); +__owur int SSL_CTX_add1_to_CA_list(SSL_CTX *ctx, const X509 *x); +__owur const STACK_OF(X509_NAME) *SSL_get0_peer_CA_list(const SSL *s); + +void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list); +void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); +__owur STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s); +__owur STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s); +__owur int SSL_add_client_CA(SSL *ssl, X509 *x); +__owur int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x); + +void SSL_set_connect_state(SSL *s); +void SSL_set_accept_state(SSL *s); + +__owur long SSL_get_default_timeout(const SSL *s); + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define SSL_library_init() OPENSSL_init_ssl(0, NULL) +# endif + +__owur char *SSL_CIPHER_description(const SSL_CIPHER *, char *buf, int size); +__owur STACK_OF(X509_NAME) *SSL_dup_CA_list(const STACK_OF(X509_NAME) *sk); + +__owur SSL *SSL_dup(SSL *ssl); + +__owur X509 *SSL_get_certificate(const SSL *ssl); +/* + * EVP_PKEY + */ +struct evp_pkey_st *SSL_get_privatekey(const SSL *ssl); + +__owur X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx); +__owur EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx); + +void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode); +__owur int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx); +void SSL_set_quiet_shutdown(SSL *ssl, int mode); +__owur int SSL_get_quiet_shutdown(const SSL *ssl); +void SSL_set_shutdown(SSL *ssl, int mode); +__owur int SSL_get_shutdown(const SSL *ssl); +__owur int SSL_version(const SSL *ssl); +__owur int SSL_client_version(const SSL *s); +__owur int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); +__owur int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx); +__owur int SSL_CTX_set_default_verify_file(SSL_CTX *ctx); +__owur int SSL_CTX_set_default_verify_store(SSL_CTX *ctx); +__owur int SSL_CTX_load_verify_file(SSL_CTX *ctx, const char *CAfile); +__owur int SSL_CTX_load_verify_dir(SSL_CTX *ctx, const char *CApath); +__owur int SSL_CTX_load_verify_store(SSL_CTX *ctx, const char *CAstore); +DEPRECATEDIN_3_0(__owur int SSL_CTX_load_verify_locations(SSL_CTX *ctx, + const char *CAfile, + const char *CApath)) +# define SSL_get0_session SSL_get_session/* just peek at pointer */ +__owur SSL_SESSION *SSL_get_session(const SSL *ssl); +__owur SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */ +__owur SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); +SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx); +void SSL_set_info_callback(SSL *ssl, + void (*cb) (const SSL *ssl, int type, int val)); +void (*SSL_get_info_callback(const SSL *ssl)) (const SSL *ssl, int type, + int val); +__owur OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl); + +void SSL_set_verify_result(SSL *ssl, long v); +__owur long SSL_get_verify_result(const SSL *ssl); +__owur STACK_OF(X509) *SSL_get0_verified_chain(const SSL *s); + +__owur size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, + size_t outlen); +__owur size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, + size_t outlen); +__owur size_t SSL_SESSION_get_master_key(const SSL_SESSION *sess, + unsigned char *out, size_t outlen); +__owur int SSL_SESSION_set1_master_key(SSL_SESSION *sess, + const unsigned char *in, size_t len); +uint8_t SSL_SESSION_get_max_fragment_length(const SSL_SESSION *sess); + +#define SSL_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, l, p, newf, dupf, freef) +__owur int SSL_set_ex_data(SSL *ssl, int idx, void *data); +void *SSL_get_ex_data(const SSL *ssl, int idx); +#define SSL_SESSION_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, l, p, newf, dupf, freef) +__owur int SSL_SESSION_set_ex_data(SSL_SESSION *ss, int idx, void *data); +void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss, int idx); +#define SSL_CTX_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, l, p, newf, dupf, freef) +__owur int SSL_CTX_set_ex_data(SSL_CTX *ssl, int idx, void *data); +void *SSL_CTX_get_ex_data(const SSL_CTX *ssl, int idx); + +__owur int SSL_get_ex_data_X509_STORE_CTX_idx(void); + +# define SSL_CTX_sess_set_cache_size(ctx,t) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL) +# define SSL_CTX_sess_get_cache_size(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL) +# define SSL_CTX_set_session_cache_mode(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL) +# define SSL_CTX_get_session_cache_mode(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL) + +# define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx) +# define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m) +# define SSL_CTX_get_read_ahead(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL) +# define SSL_CTX_set_read_ahead(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL) +# define SSL_CTX_get_max_cert_list(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL) +# define SSL_CTX_set_max_cert_list(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL) +# define SSL_get_max_cert_list(ssl) \ + SSL_ctrl(ssl,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL) +# define SSL_set_max_cert_list(ssl,m) \ + SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL) + +# define SSL_CTX_set_max_send_fragment(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) +# define SSL_set_max_send_fragment(ssl,m) \ + SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) +# define SSL_CTX_set_split_send_fragment(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SPLIT_SEND_FRAGMENT,m,NULL) +# define SSL_set_split_send_fragment(ssl,m) \ + SSL_ctrl(ssl,SSL_CTRL_SET_SPLIT_SEND_FRAGMENT,m,NULL) +# define SSL_CTX_set_max_pipelines(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_PIPELINES,m,NULL) +# define SSL_set_max_pipelines(ssl,m) \ + SSL_ctrl(ssl,SSL_CTRL_SET_MAX_PIPELINES,m,NULL) + +void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len); +void SSL_set_default_read_buffer_len(SSL *s, size_t len); + +# ifndef OPENSSL_NO_DH +/* NB: the |keylength| is only applicable when is_export is true */ +void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, + DH *(*dh) (SSL *ssl, int is_export, + int keylength)); +void SSL_set_tmp_dh_callback(SSL *ssl, + DH *(*dh) (SSL *ssl, int is_export, + int keylength)); +# endif + +__owur const COMP_METHOD *SSL_get_current_compression(const SSL *s); +__owur const COMP_METHOD *SSL_get_current_expansion(const SSL *s); +__owur const char *SSL_COMP_get_name(const COMP_METHOD *comp); +__owur const char *SSL_COMP_get0_name(const SSL_COMP *comp); +__owur int SSL_COMP_get_id(const SSL_COMP *comp); +STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); +__owur STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP) + *meths); +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define SSL_COMP_free_compression_methods() while(0) continue +# endif +__owur int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm); + +const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr); +int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c); +int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c); +int SSL_bytes_to_cipher_list(SSL *s, const unsigned char *bytes, size_t len, + int isv2format, STACK_OF(SSL_CIPHER) **sk, + STACK_OF(SSL_CIPHER) **scsvs); + +/* TLS extensions functions */ +__owur int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len); + +__owur int SSL_set_session_ticket_ext_cb(SSL *s, + tls_session_ticket_ext_cb_fn cb, + void *arg); + +/* Pre-shared secret session resumption functions */ +__owur int SSL_set_session_secret_cb(SSL *s, + tls_session_secret_cb_fn session_secret_cb, + void *arg); + +void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx, + int (*cb) (SSL *ssl, + int + is_forward_secure)); + +void SSL_set_not_resumable_session_callback(SSL *ssl, + int (*cb) (SSL *ssl, + int is_forward_secure)); + +void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx, + size_t (*cb) (SSL *ssl, int type, + size_t len, void *arg)); +void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg); +void *SSL_CTX_get_record_padding_callback_arg(const SSL_CTX *ctx); +int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size); + +void SSL_set_record_padding_callback(SSL *ssl, + size_t (*cb) (SSL *ssl, int type, + size_t len, void *arg)); +void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg); +void *SSL_get_record_padding_callback_arg(const SSL *ssl); +int SSL_set_block_padding(SSL *ssl, size_t block_size); + +int SSL_set_num_tickets(SSL *s, size_t num_tickets); +size_t SSL_get_num_tickets(const SSL *s); +int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets); +size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx); + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define SSL_cache_hit(s) SSL_session_reused(s) +# endif + +__owur int SSL_session_reused(const SSL *s); +__owur int SSL_is_server(const SSL *s); + +__owur __owur SSL_CONF_CTX *SSL_CONF_CTX_new(void); +int SSL_CONF_CTX_finish(SSL_CONF_CTX *cctx); +void SSL_CONF_CTX_free(SSL_CONF_CTX *cctx); +unsigned int SSL_CONF_CTX_set_flags(SSL_CONF_CTX *cctx, unsigned int flags); +__owur unsigned int SSL_CONF_CTX_clear_flags(SSL_CONF_CTX *cctx, + unsigned int flags); +__owur int SSL_CONF_CTX_set1_prefix(SSL_CONF_CTX *cctx, const char *pre); + +void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl); +void SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *cctx, SSL_CTX *ctx); + +__owur int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value); +__owur int SSL_CONF_cmd_argv(SSL_CONF_CTX *cctx, int *pargc, char ***pargv); +__owur int SSL_CONF_cmd_value_type(SSL_CONF_CTX *cctx, const char *cmd); + +void SSL_add_ssl_module(void); +int SSL_config(SSL *s, const char *name); +int SSL_CTX_config(SSL_CTX *ctx, const char *name); + +# ifndef OPENSSL_NO_SSL_TRACE +void SSL_trace(int write_p, int version, int content_type, + const void *buf, size_t len, SSL *ssl, void *arg); +# endif + +# ifndef OPENSSL_NO_SOCK +int DTLSv1_listen(SSL *s, BIO_ADDR *client); +# endif + +# ifndef OPENSSL_NO_CT + +/* + * A callback for verifying that the received SCTs are sufficient. + * Expected to return 1 if they are sufficient, otherwise 0. + * May return a negative integer if an error occurs. + * A connection should be aborted if the SCTs are deemed insufficient. + */ +typedef int (*ssl_ct_validation_cb)(const CT_POLICY_EVAL_CTX *ctx, + const STACK_OF(SCT) *scts, void *arg); + +/* + * Sets a |callback| that is invoked upon receipt of ServerHelloDone to validate + * the received SCTs. + * If the callback returns a non-positive result, the connection is terminated. + * Call this function before beginning a handshake. + * If a NULL |callback| is provided, SCT validation is disabled. + * |arg| is arbitrary userdata that will be passed to the callback whenever it + * is invoked. Ownership of |arg| remains with the caller. + * + * NOTE: A side-effect of setting a CT callback is that an OCSP stapled response + * will be requested. + */ +int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback, + void *arg); +int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx, + ssl_ct_validation_cb callback, + void *arg); +#define SSL_disable_ct(s) \ + ((void) SSL_set_validation_callback((s), NULL, NULL)) +#define SSL_CTX_disable_ct(ctx) \ + ((void) SSL_CTX_set_validation_callback((ctx), NULL, NULL)) + +/* + * The validation type enumerates the available behaviours of the built-in SSL + * CT validation callback selected via SSL_enable_ct() and SSL_CTX_enable_ct(). + * The underlying callback is a static function in libssl. + */ +enum { + SSL_CT_VALIDATION_PERMISSIVE = 0, + SSL_CT_VALIDATION_STRICT +}; + +/* + * Enable CT by setting up a callback that implements one of the built-in + * validation variants. The SSL_CT_VALIDATION_PERMISSIVE variant always + * continues the handshake, the application can make appropriate decisions at + * handshake completion. The SSL_CT_VALIDATION_STRICT variant requires at + * least one valid SCT, or else handshake termination will be requested. The + * handshake may continue anyway if SSL_VERIFY_NONE is in effect. + */ +int SSL_enable_ct(SSL *s, int validation_mode); +int SSL_CTX_enable_ct(SSL_CTX *ctx, int validation_mode); + +/* + * Report whether a non-NULL callback is enabled. + */ +int SSL_ct_is_enabled(const SSL *s); +int SSL_CTX_ct_is_enabled(const SSL_CTX *ctx); + +/* Gets the SCTs received from a connection */ +const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s); + +/* + * Loads the CT log list from the default location. + * If a CTLOG_STORE has previously been set using SSL_CTX_set_ctlog_store, + * the log information loaded from this file will be appended to the + * CTLOG_STORE. + * Returns 1 on success, 0 otherwise. + */ +int SSL_CTX_set_default_ctlog_list_file(SSL_CTX *ctx); + +/* + * Loads the CT log list from the specified file path. + * If a CTLOG_STORE has previously been set using SSL_CTX_set_ctlog_store, + * the log information loaded from this file will be appended to the + * CTLOG_STORE. + * Returns 1 on success, 0 otherwise. + */ +int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path); + +/* + * Sets the CT log list used by all SSL connections created from this SSL_CTX. + * Ownership of the CTLOG_STORE is transferred to the SSL_CTX. + */ +void SSL_CTX_set0_ctlog_store(SSL_CTX *ctx, CTLOG_STORE *logs); + +/* + * Gets the CT log list used by all SSL connections created from this SSL_CTX. + * This will be NULL unless one of the following functions has been called: + * - SSL_CTX_set_default_ctlog_list_file + * - SSL_CTX_set_ctlog_list_file + * - SSL_CTX_set_ctlog_store + */ +const CTLOG_STORE *SSL_CTX_get0_ctlog_store(const SSL_CTX *ctx); + +# endif /* OPENSSL_NO_CT */ + +/* What the "other" parameter contains in security callback */ +/* Mask for type */ +# define SSL_SECOP_OTHER_TYPE 0xffff0000 +# define SSL_SECOP_OTHER_NONE 0 +# define SSL_SECOP_OTHER_CIPHER (1 << 16) +# define SSL_SECOP_OTHER_CURVE (2 << 16) +# define SSL_SECOP_OTHER_DH (3 << 16) +# define SSL_SECOP_OTHER_PKEY (4 << 16) +# define SSL_SECOP_OTHER_SIGALG (5 << 16) +# define SSL_SECOP_OTHER_CERT (6 << 16) + +/* Indicated operation refers to peer key or certificate */ +# define SSL_SECOP_PEER 0x1000 + +/* Values for "op" parameter in security callback */ + +/* Called to filter ciphers */ +/* Ciphers client supports */ +# define SSL_SECOP_CIPHER_SUPPORTED (1 | SSL_SECOP_OTHER_CIPHER) +/* Cipher shared by client/server */ +# define SSL_SECOP_CIPHER_SHARED (2 | SSL_SECOP_OTHER_CIPHER) +/* Sanity check of cipher server selects */ +# define SSL_SECOP_CIPHER_CHECK (3 | SSL_SECOP_OTHER_CIPHER) +/* Curves supported by client */ +# define SSL_SECOP_CURVE_SUPPORTED (4 | SSL_SECOP_OTHER_CURVE) +/* Curves shared by client/server */ +# define SSL_SECOP_CURVE_SHARED (5 | SSL_SECOP_OTHER_CURVE) +/* Sanity check of curve server selects */ +# define SSL_SECOP_CURVE_CHECK (6 | SSL_SECOP_OTHER_CURVE) +/* Temporary DH key */ +# define SSL_SECOP_TMP_DH (7 | SSL_SECOP_OTHER_PKEY) +/* SSL/TLS version */ +# define SSL_SECOP_VERSION (9 | SSL_SECOP_OTHER_NONE) +/* Session tickets */ +# define SSL_SECOP_TICKET (10 | SSL_SECOP_OTHER_NONE) +/* Supported signature algorithms sent to peer */ +# define SSL_SECOP_SIGALG_SUPPORTED (11 | SSL_SECOP_OTHER_SIGALG) +/* Shared signature algorithm */ +# define SSL_SECOP_SIGALG_SHARED (12 | SSL_SECOP_OTHER_SIGALG) +/* Sanity check signature algorithm allowed */ +# define SSL_SECOP_SIGALG_CHECK (13 | SSL_SECOP_OTHER_SIGALG) +/* Used to get mask of supported public key signature algorithms */ +# define SSL_SECOP_SIGALG_MASK (14 | SSL_SECOP_OTHER_SIGALG) +/* Use to see if compression is allowed */ +# define SSL_SECOP_COMPRESSION (15 | SSL_SECOP_OTHER_NONE) +/* EE key in certificate */ +# define SSL_SECOP_EE_KEY (16 | SSL_SECOP_OTHER_CERT) +/* CA key in certificate */ +# define SSL_SECOP_CA_KEY (17 | SSL_SECOP_OTHER_CERT) +/* CA digest algorithm in certificate */ +# define SSL_SECOP_CA_MD (18 | SSL_SECOP_OTHER_CERT) +/* Peer EE key in certificate */ +# define SSL_SECOP_PEER_EE_KEY (SSL_SECOP_EE_KEY | SSL_SECOP_PEER) +/* Peer CA key in certificate */ +# define SSL_SECOP_PEER_CA_KEY (SSL_SECOP_CA_KEY | SSL_SECOP_PEER) +/* Peer CA digest algorithm in certificate */ +# define SSL_SECOP_PEER_CA_MD (SSL_SECOP_CA_MD | SSL_SECOP_PEER) + +void SSL_set_security_level(SSL *s, int level); +__owur int SSL_get_security_level(const SSL *s); +void SSL_set_security_callback(SSL *s, + int (*cb) (const SSL *s, const SSL_CTX *ctx, + int op, int bits, int nid, + void *other, void *ex)); +int (*SSL_get_security_callback(const SSL *s)) (const SSL *s, + const SSL_CTX *ctx, int op, + int bits, int nid, void *other, + void *ex); +void SSL_set0_security_ex_data(SSL *s, void *ex); +__owur void *SSL_get0_security_ex_data(const SSL *s); + +void SSL_CTX_set_security_level(SSL_CTX *ctx, int level); +__owur int SSL_CTX_get_security_level(const SSL_CTX *ctx); +void SSL_CTX_set_security_callback(SSL_CTX *ctx, + int (*cb) (const SSL *s, const SSL_CTX *ctx, + int op, int bits, int nid, + void *other, void *ex)); +int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx)) (const SSL *s, + const SSL_CTX *ctx, + int op, int bits, + int nid, + void *other, + void *ex); +void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex); +__owur void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx); + +/* OPENSSL_INIT flag 0x010000 reserved for internal use */ +# define OPENSSL_INIT_NO_LOAD_SSL_STRINGS 0x00100000L +# define OPENSSL_INIT_LOAD_SSL_STRINGS 0x00200000L + +# define OPENSSL_INIT_SSL_DEFAULT \ + (OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS) + +int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); + +# ifndef OPENSSL_NO_UNIT_TEST +__owur const struct openssl_ssl_test_functions *SSL_test_functions(void); +# endif + +__owur int SSL_free_buffers(SSL *ssl); +__owur int SSL_alloc_buffers(SSL *ssl); + +/* Status codes passed to the decrypt session ticket callback. Some of these + * are for internal use only and are never passed to the callback. */ +typedef int SSL_TICKET_STATUS; + +/* Support for ticket appdata */ +/* fatal error, malloc failure */ +# define SSL_TICKET_FATAL_ERR_MALLOC 0 +/* fatal error, either from parsing or decrypting the ticket */ +# define SSL_TICKET_FATAL_ERR_OTHER 1 +/* No ticket present */ +# define SSL_TICKET_NONE 2 +/* Empty ticket present */ +# define SSL_TICKET_EMPTY 3 +/* the ticket couldn't be decrypted */ +# define SSL_TICKET_NO_DECRYPT 4 +/* a ticket was successfully decrypted */ +# define SSL_TICKET_SUCCESS 5 +/* same as above but the ticket needs to be renewed */ +# define SSL_TICKET_SUCCESS_RENEW 6 + +/* Return codes for the decrypt session ticket callback */ +typedef int SSL_TICKET_RETURN; + +/* An error occurred */ +#define SSL_TICKET_RETURN_ABORT 0 +/* Do not use the ticket, do not send a renewed ticket to the client */ +#define SSL_TICKET_RETURN_IGNORE 1 +/* Do not use the ticket, send a renewed ticket to the client */ +#define SSL_TICKET_RETURN_IGNORE_RENEW 2 +/* Use the ticket, do not send a renewed ticket to the client */ +#define SSL_TICKET_RETURN_USE 3 +/* Use the ticket, send a renewed ticket to the client */ +#define SSL_TICKET_RETURN_USE_RENEW 4 + +typedef int (*SSL_CTX_generate_session_ticket_fn)(SSL *s, void *arg); +typedef SSL_TICKET_RETURN (*SSL_CTX_decrypt_session_ticket_fn)(SSL *s, SSL_SESSION *ss, + const unsigned char *keyname, + size_t keyname_length, + SSL_TICKET_STATUS status, + void *arg); +int SSL_CTX_set_session_ticket_cb(SSL_CTX *ctx, + SSL_CTX_generate_session_ticket_fn gen_cb, + SSL_CTX_decrypt_session_ticket_fn dec_cb, + void *arg); +int SSL_SESSION_set1_ticket_appdata(SSL_SESSION *ss, const void *data, size_t len); +int SSL_SESSION_get0_ticket_appdata(SSL_SESSION *ss, void **data, size_t *len); + +typedef unsigned int (*DTLS_timer_cb)(SSL *s, unsigned int timer_us); + +void DTLS_set_timer_cb(SSL *s, DTLS_timer_cb cb); + + +typedef int (*SSL_allow_early_data_cb_fn)(SSL *s, void *arg); +void SSL_CTX_set_allow_early_data_cb(SSL_CTX *ctx, + SSL_allow_early_data_cb_fn cb, + void *arg); +void SSL_set_allow_early_data_cb(SSL *s, + SSL_allow_early_data_cb_fn cb, + void *arg); + +/* store the default cipher strings inside the library */ +const char *OSSL_default_cipher_list(void); +const char *OSSL_default_ciphersuites(void); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/linux_amd64/include/openssl/ssl2.h b/linux_amd64/include/openssl/ssl2.h new file mode 100644 index 0000000..428ead0 --- /dev/null +++ b/linux_amd64/include/openssl/ssl2.h @@ -0,0 +1,30 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_SSL2_H +# define OPENSSL_SSL2_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_SSL2_H +# endif + +#ifdef __cplusplus +extern "C" { +#endif + +# define SSL2_VERSION 0x0002 + +# define SSL2_MT_CLIENT_HELLO 1 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/linux_amd64/include/openssl/ssl3.h b/linux_amd64/include/openssl/ssl3.h new file mode 100644 index 0000000..efef3cc --- /dev/null +++ b/linux_amd64/include/openssl/ssl3.h @@ -0,0 +1,344 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_SSL3_H +# define OPENSSL_SSL3_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_SSL3_H +# endif + +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * Signalling cipher suite value from RFC 5746 + * (TLS_EMPTY_RENEGOTIATION_INFO_SCSV) + */ +# define SSL3_CK_SCSV 0x030000FF + +/* + * Signalling cipher suite value from draft-ietf-tls-downgrade-scsv-00 + * (TLS_FALLBACK_SCSV) + */ +# define SSL3_CK_FALLBACK_SCSV 0x03005600 + +# define SSL3_CK_RSA_NULL_MD5 0x03000001 +# define SSL3_CK_RSA_NULL_SHA 0x03000002 +# define SSL3_CK_RSA_RC4_40_MD5 0x03000003 +# define SSL3_CK_RSA_RC4_128_MD5 0x03000004 +# define SSL3_CK_RSA_RC4_128_SHA 0x03000005 +# define SSL3_CK_RSA_RC2_40_MD5 0x03000006 +# define SSL3_CK_RSA_IDEA_128_SHA 0x03000007 +# define SSL3_CK_RSA_DES_40_CBC_SHA 0x03000008 +# define SSL3_CK_RSA_DES_64_CBC_SHA 0x03000009 +# define SSL3_CK_RSA_DES_192_CBC3_SHA 0x0300000A + +# define SSL3_CK_DH_DSS_DES_40_CBC_SHA 0x0300000B +# define SSL3_CK_DH_DSS_DES_64_CBC_SHA 0x0300000C +# define SSL3_CK_DH_DSS_DES_192_CBC3_SHA 0x0300000D +# define SSL3_CK_DH_RSA_DES_40_CBC_SHA 0x0300000E +# define SSL3_CK_DH_RSA_DES_64_CBC_SHA 0x0300000F +# define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 0x03000010 + +# define SSL3_CK_DHE_DSS_DES_40_CBC_SHA 0x03000011 +# define SSL3_CK_EDH_DSS_DES_40_CBC_SHA SSL3_CK_DHE_DSS_DES_40_CBC_SHA +# define SSL3_CK_DHE_DSS_DES_64_CBC_SHA 0x03000012 +# define SSL3_CK_EDH_DSS_DES_64_CBC_SHA SSL3_CK_DHE_DSS_DES_64_CBC_SHA +# define SSL3_CK_DHE_DSS_DES_192_CBC3_SHA 0x03000013 +# define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA SSL3_CK_DHE_DSS_DES_192_CBC3_SHA +# define SSL3_CK_DHE_RSA_DES_40_CBC_SHA 0x03000014 +# define SSL3_CK_EDH_RSA_DES_40_CBC_SHA SSL3_CK_DHE_RSA_DES_40_CBC_SHA +# define SSL3_CK_DHE_RSA_DES_64_CBC_SHA 0x03000015 +# define SSL3_CK_EDH_RSA_DES_64_CBC_SHA SSL3_CK_DHE_RSA_DES_64_CBC_SHA +# define SSL3_CK_DHE_RSA_DES_192_CBC3_SHA 0x03000016 +# define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA SSL3_CK_DHE_RSA_DES_192_CBC3_SHA + +# define SSL3_CK_ADH_RC4_40_MD5 0x03000017 +# define SSL3_CK_ADH_RC4_128_MD5 0x03000018 +# define SSL3_CK_ADH_DES_40_CBC_SHA 0x03000019 +# define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A +# define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B + +/* a bundle of RFC standard cipher names, generated from ssl3_ciphers[] */ +# define SSL3_RFC_RSA_NULL_MD5 "TLS_RSA_WITH_NULL_MD5" +# define SSL3_RFC_RSA_NULL_SHA "TLS_RSA_WITH_NULL_SHA" +# define SSL3_RFC_RSA_DES_192_CBC3_SHA "TLS_RSA_WITH_3DES_EDE_CBC_SHA" +# define SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" +# define SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" +# define SSL3_RFC_ADH_DES_192_CBC_SHA "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA" +# define SSL3_RFC_RSA_IDEA_128_SHA "TLS_RSA_WITH_IDEA_CBC_SHA" +# define SSL3_RFC_RSA_RC4_128_MD5 "TLS_RSA_WITH_RC4_128_MD5" +# define SSL3_RFC_RSA_RC4_128_SHA "TLS_RSA_WITH_RC4_128_SHA" +# define SSL3_RFC_ADH_RC4_128_MD5 "TLS_DH_anon_WITH_RC4_128_MD5" + +# define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5" +# define SSL3_TXT_RSA_NULL_SHA "NULL-SHA" +# define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5" +# define SSL3_TXT_RSA_RC4_128_MD5 "RC4-MD5" +# define SSL3_TXT_RSA_RC4_128_SHA "RC4-SHA" +# define SSL3_TXT_RSA_RC2_40_MD5 "EXP-RC2-CBC-MD5" +# define SSL3_TXT_RSA_IDEA_128_SHA "IDEA-CBC-SHA" +# define SSL3_TXT_RSA_DES_40_CBC_SHA "EXP-DES-CBC-SHA" +# define SSL3_TXT_RSA_DES_64_CBC_SHA "DES-CBC-SHA" +# define SSL3_TXT_RSA_DES_192_CBC3_SHA "DES-CBC3-SHA" + +# define SSL3_TXT_DH_DSS_DES_40_CBC_SHA "EXP-DH-DSS-DES-CBC-SHA" +# define SSL3_TXT_DH_DSS_DES_64_CBC_SHA "DH-DSS-DES-CBC-SHA" +# define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA "DH-DSS-DES-CBC3-SHA" +# define SSL3_TXT_DH_RSA_DES_40_CBC_SHA "EXP-DH-RSA-DES-CBC-SHA" +# define SSL3_TXT_DH_RSA_DES_64_CBC_SHA "DH-RSA-DES-CBC-SHA" +# define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA "DH-RSA-DES-CBC3-SHA" + +# define SSL3_TXT_DHE_DSS_DES_40_CBC_SHA "EXP-DHE-DSS-DES-CBC-SHA" +# define SSL3_TXT_DHE_DSS_DES_64_CBC_SHA "DHE-DSS-DES-CBC-SHA" +# define SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA "DHE-DSS-DES-CBC3-SHA" +# define SSL3_TXT_DHE_RSA_DES_40_CBC_SHA "EXP-DHE-RSA-DES-CBC-SHA" +# define SSL3_TXT_DHE_RSA_DES_64_CBC_SHA "DHE-RSA-DES-CBC-SHA" +# define SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA "DHE-RSA-DES-CBC3-SHA" + +/* + * This next block of six "EDH" labels is for backward compatibility with + * older versions of OpenSSL. New code should use the six "DHE" labels above + * instead: + */ +# define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA "EXP-EDH-DSS-DES-CBC-SHA" +# define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA "EDH-DSS-DES-CBC-SHA" +# define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA "EDH-DSS-DES-CBC3-SHA" +# define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA "EXP-EDH-RSA-DES-CBC-SHA" +# define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA "EDH-RSA-DES-CBC-SHA" +# define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA "EDH-RSA-DES-CBC3-SHA" + +# define SSL3_TXT_ADH_RC4_40_MD5 "EXP-ADH-RC4-MD5" +# define SSL3_TXT_ADH_RC4_128_MD5 "ADH-RC4-MD5" +# define SSL3_TXT_ADH_DES_40_CBC_SHA "EXP-ADH-DES-CBC-SHA" +# define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA" +# define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA" + +# define SSL3_SSL_SESSION_ID_LENGTH 32 +# define SSL3_MAX_SSL_SESSION_ID_LENGTH 32 + +# define SSL3_MASTER_SECRET_SIZE 48 +# define SSL3_RANDOM_SIZE 32 +# define SSL3_SESSION_ID_SIZE 32 +# define SSL3_RT_HEADER_LENGTH 5 + +# define SSL3_HM_HEADER_LENGTH 4 + +# ifndef SSL3_ALIGN_PAYLOAD + /* + * Some will argue that this increases memory footprint, but it's not + * actually true. Point is that malloc has to return at least 64-bit aligned + * pointers, meaning that allocating 5 bytes wastes 3 bytes in either case. + * Suggested pre-gaping simply moves these wasted bytes from the end of + * allocated region to its front, but makes data payload aligned, which + * improves performance:-) + */ +# define SSL3_ALIGN_PAYLOAD 8 +# else +# if (SSL3_ALIGN_PAYLOAD&(SSL3_ALIGN_PAYLOAD-1))!=0 +# error "insane SSL3_ALIGN_PAYLOAD" +# undef SSL3_ALIGN_PAYLOAD +# endif +# endif + +/* + * This is the maximum MAC (digest) size used by the SSL library. Currently + * maximum of 20 is used by SHA1, but we reserve for future extension for + * 512-bit hashes. + */ + +# define SSL3_RT_MAX_MD_SIZE 64 + +/* + * Maximum block size used in all ciphersuites. Currently 16 for AES. + */ + +# define SSL_RT_MAX_CIPHER_BLOCK_SIZE 16 + +# define SSL3_RT_MAX_EXTRA (16384) + +/* Maximum plaintext length: defined by SSL/TLS standards */ +# define SSL3_RT_MAX_PLAIN_LENGTH 16384 +/* Maximum compression overhead: defined by SSL/TLS standards */ +# define SSL3_RT_MAX_COMPRESSED_OVERHEAD 1024 + +/* + * The standards give a maximum encryption overhead of 1024 bytes. In + * practice the value is lower than this. The overhead is the maximum number + * of padding bytes (256) plus the mac size. + */ +# define SSL3_RT_MAX_ENCRYPTED_OVERHEAD (256 + SSL3_RT_MAX_MD_SIZE) +# define SSL3_RT_MAX_TLS13_ENCRYPTED_OVERHEAD 256 + +/* + * OpenSSL currently only uses a padding length of at most one block so the + * send overhead is smaller. + */ + +# define SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \ + (SSL_RT_MAX_CIPHER_BLOCK_SIZE + SSL3_RT_MAX_MD_SIZE) + +/* If compression isn't used don't include the compression overhead */ + +# ifdef OPENSSL_NO_COMP +# define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH +# else +# define SSL3_RT_MAX_COMPRESSED_LENGTH \ + (SSL3_RT_MAX_PLAIN_LENGTH+SSL3_RT_MAX_COMPRESSED_OVERHEAD) +# endif +# define SSL3_RT_MAX_ENCRYPTED_LENGTH \ + (SSL3_RT_MAX_ENCRYPTED_OVERHEAD+SSL3_RT_MAX_COMPRESSED_LENGTH) +# define SSL3_RT_MAX_TLS13_ENCRYPTED_LENGTH \ + (SSL3_RT_MAX_PLAIN_LENGTH + SSL3_RT_MAX_TLS13_ENCRYPTED_OVERHEAD) +# define SSL3_RT_MAX_PACKET_SIZE \ + (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH) + +# define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54" +# define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52" + +# define SSL3_VERSION 0x0300 +# define SSL3_VERSION_MAJOR 0x03 +# define SSL3_VERSION_MINOR 0x00 + +# define SSL3_RT_CHANGE_CIPHER_SPEC 20 +# define SSL3_RT_ALERT 21 +# define SSL3_RT_HANDSHAKE 22 +# define SSL3_RT_APPLICATION_DATA 23 + +/* Pseudo content types to indicate additional parameters */ +# define TLS1_RT_CRYPTO 0x1000 +# define TLS1_RT_CRYPTO_PREMASTER (TLS1_RT_CRYPTO | 0x1) +# define TLS1_RT_CRYPTO_CLIENT_RANDOM (TLS1_RT_CRYPTO | 0x2) +# define TLS1_RT_CRYPTO_SERVER_RANDOM (TLS1_RT_CRYPTO | 0x3) +# define TLS1_RT_CRYPTO_MASTER (TLS1_RT_CRYPTO | 0x4) + +# define TLS1_RT_CRYPTO_READ 0x0000 +# define TLS1_RT_CRYPTO_WRITE 0x0100 +# define TLS1_RT_CRYPTO_MAC (TLS1_RT_CRYPTO | 0x5) +# define TLS1_RT_CRYPTO_KEY (TLS1_RT_CRYPTO | 0x6) +# define TLS1_RT_CRYPTO_IV (TLS1_RT_CRYPTO | 0x7) +# define TLS1_RT_CRYPTO_FIXED_IV (TLS1_RT_CRYPTO | 0x8) + +/* Pseudo content types for SSL/TLS header info */ +# define SSL3_RT_HEADER 0x100 +# define SSL3_RT_INNER_CONTENT_TYPE 0x101 + +# define SSL3_AL_WARNING 1 +# define SSL3_AL_FATAL 2 + +# define SSL3_AD_CLOSE_NOTIFY 0 +# define SSL3_AD_UNEXPECTED_MESSAGE 10/* fatal */ +# define SSL3_AD_BAD_RECORD_MAC 20/* fatal */ +# define SSL3_AD_DECOMPRESSION_FAILURE 30/* fatal */ +# define SSL3_AD_HANDSHAKE_FAILURE 40/* fatal */ +# define SSL3_AD_NO_CERTIFICATE 41 +# define SSL3_AD_BAD_CERTIFICATE 42 +# define SSL3_AD_UNSUPPORTED_CERTIFICATE 43 +# define SSL3_AD_CERTIFICATE_REVOKED 44 +# define SSL3_AD_CERTIFICATE_EXPIRED 45 +# define SSL3_AD_CERTIFICATE_UNKNOWN 46 +# define SSL3_AD_ILLEGAL_PARAMETER 47/* fatal */ + +# define TLS1_HB_REQUEST 1 +# define TLS1_HB_RESPONSE 2 + + +# define SSL3_CT_RSA_SIGN 1 +# define SSL3_CT_DSS_SIGN 2 +# define SSL3_CT_RSA_FIXED_DH 3 +# define SSL3_CT_DSS_FIXED_DH 4 +# define SSL3_CT_RSA_EPHEMERAL_DH 5 +# define SSL3_CT_DSS_EPHEMERAL_DH 6 +# define SSL3_CT_FORTEZZA_DMS 20 +/* + * SSL3_CT_NUMBER is used to size arrays and it must be large enough to + * contain all of the cert types defined for *either* SSLv3 and TLSv1. + */ +# define SSL3_CT_NUMBER 10 + +# if defined(TLS_CT_NUMBER) +# if TLS_CT_NUMBER != SSL3_CT_NUMBER +# error "SSL/TLS CT_NUMBER values do not match" +# endif +# endif + +/* No longer used as of OpenSSL 1.1.1 */ +# define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 + +/* Removed from OpenSSL 1.1.0 */ +# define TLS1_FLAGS_TLS_PADDING_BUG 0x0 + +# define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 + +/* Set if we encrypt then mac instead of usual mac then encrypt */ +# define TLS1_FLAGS_ENCRYPT_THEN_MAC_READ 0x0100 +# define TLS1_FLAGS_ENCRYPT_THEN_MAC TLS1_FLAGS_ENCRYPT_THEN_MAC_READ + +/* Set if extended master secret extension received from peer */ +# define TLS1_FLAGS_RECEIVED_EXTMS 0x0200 + +# define TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE 0x0400 + +# define TLS1_FLAGS_STATELESS 0x0800 + +# define SSL3_MT_HELLO_REQUEST 0 +# define SSL3_MT_CLIENT_HELLO 1 +# define SSL3_MT_SERVER_HELLO 2 +# define SSL3_MT_NEWSESSION_TICKET 4 +# define SSL3_MT_END_OF_EARLY_DATA 5 +# define SSL3_MT_ENCRYPTED_EXTENSIONS 8 +# define SSL3_MT_CERTIFICATE 11 +# define SSL3_MT_SERVER_KEY_EXCHANGE 12 +# define SSL3_MT_CERTIFICATE_REQUEST 13 +# define SSL3_MT_SERVER_DONE 14 +# define SSL3_MT_CERTIFICATE_VERIFY 15 +# define SSL3_MT_CLIENT_KEY_EXCHANGE 16 +# define SSL3_MT_FINISHED 20 +# define SSL3_MT_CERTIFICATE_URL 21 +# define SSL3_MT_CERTIFICATE_STATUS 22 +# define SSL3_MT_SUPPLEMENTAL_DATA 23 +# define SSL3_MT_KEY_UPDATE 24 +# ifndef OPENSSL_NO_NEXTPROTONEG +# define SSL3_MT_NEXT_PROTO 67 +# endif +# define SSL3_MT_MESSAGE_HASH 254 +# define DTLS1_MT_HELLO_VERIFY_REQUEST 3 + +/* Dummy message type for handling CCS like a normal handshake message */ +# define SSL3_MT_CHANGE_CIPHER_SPEC 0x0101 + +# define SSL3_MT_CCS 1 + +/* These are used when changing over to a new cipher */ +# define SSL3_CC_READ 0x001 +# define SSL3_CC_WRITE 0x002 +# define SSL3_CC_CLIENT 0x010 +# define SSL3_CC_SERVER 0x020 +# define SSL3_CC_EARLY 0x040 +# define SSL3_CC_HANDSHAKE 0x080 +# define SSL3_CC_APPLICATION 0x100 +# define SSL3_CHANGE_CIPHER_CLIENT_WRITE (SSL3_CC_CLIENT|SSL3_CC_WRITE) +# define SSL3_CHANGE_CIPHER_SERVER_READ (SSL3_CC_SERVER|SSL3_CC_READ) +# define SSL3_CHANGE_CIPHER_CLIENT_READ (SSL3_CC_CLIENT|SSL3_CC_READ) +# define SSL3_CHANGE_CIPHER_SERVER_WRITE (SSL3_CC_SERVER|SSL3_CC_WRITE) + +#ifdef __cplusplus +} +#endif +#endif diff --git a/linux_amd64/include/openssl/sslerr.h b/linux_amd64/include/openssl/sslerr.h new file mode 100644 index 0000000..25e304e --- /dev/null +++ b/linux_amd64/include/openssl/sslerr.h @@ -0,0 +1,779 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_SSLERR_H +# define OPENSSL_SSLERR_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_SSLERR_H +# endif + +# include +# include + + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_SSL_strings(void); + +/* + * SSL function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define SSL_F_ADD_CLIENT_KEY_SHARE_EXT 0 +# define SSL_F_ADD_KEY_SHARE 0 +# define SSL_F_BYTES_TO_CIPHER_LIST 0 +# define SSL_F_CHECK_SUITEB_CIPHER_LIST 0 +# define SSL_F_CIPHERSUITE_CB 0 +# define SSL_F_CONSTRUCT_CA_NAMES 0 +# define SSL_F_CONSTRUCT_KEY_EXCHANGE_TBS 0 +# define SSL_F_CONSTRUCT_STATEFUL_TICKET 0 +# define SSL_F_CONSTRUCT_STATELESS_TICKET 0 +# define SSL_F_CREATE_SYNTHETIC_MESSAGE_HASH 0 +# define SSL_F_CREATE_TICKET_PREQUEL 0 +# define SSL_F_CT_MOVE_SCTS 0 +# define SSL_F_CT_STRICT 0 +# define SSL_F_CUSTOM_EXT_ADD 0 +# define SSL_F_CUSTOM_EXT_PARSE 0 +# define SSL_F_D2I_SSL_SESSION 0 +# define SSL_F_DANE_CTX_ENABLE 0 +# define SSL_F_DANE_MTYPE_SET 0 +# define SSL_F_DANE_TLSA_ADD 0 +# define SSL_F_DERIVE_SECRET_KEY_AND_IV 0 +# define SSL_F_DO_DTLS1_WRITE 0 +# define SSL_F_DO_SSL3_WRITE 0 +# define SSL_F_DTLS1_BUFFER_RECORD 0 +# define SSL_F_DTLS1_CHECK_TIMEOUT_NUM 0 +# define SSL_F_DTLS1_HM_FRAGMENT_NEW 0 +# define SSL_F_DTLS1_PREPROCESS_FRAGMENT 0 +# define SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS 0 +# define SSL_F_DTLS1_PROCESS_RECORD 0 +# define SSL_F_DTLS1_READ_BYTES 0 +# define SSL_F_DTLS1_READ_FAILED 0 +# define SSL_F_DTLS1_RETRANSMIT_MESSAGE 0 +# define SSL_F_DTLS1_WRITE_APP_DATA_BYTES 0 +# define SSL_F_DTLS1_WRITE_BYTES 0 +# define SSL_F_DTLSV1_LISTEN 0 +# define SSL_F_DTLS_CONSTRUCT_CHANGE_CIPHER_SPEC 0 +# define SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST 0 +# define SSL_F_DTLS_GET_REASSEMBLED_MESSAGE 0 +# define SSL_F_DTLS_PROCESS_HELLO_VERIFY 0 +# define SSL_F_DTLS_RECORD_LAYER_NEW 0 +# define SSL_F_DTLS_WAIT_FOR_DRY 0 +# define SSL_F_EARLY_DATA_COUNT_OK 0 +# define SSL_F_FINAL_EARLY_DATA 0 +# define SSL_F_FINAL_EC_PT_FORMATS 0 +# define SSL_F_FINAL_EMS 0 +# define SSL_F_FINAL_KEY_SHARE 0 +# define SSL_F_FINAL_MAXFRAGMENTLEN 0 +# define SSL_F_FINAL_RENEGOTIATE 0 +# define SSL_F_FINAL_SERVER_NAME 0 +# define SSL_F_FINAL_SIG_ALGS 0 +# define SSL_F_GET_CERT_VERIFY_TBS_DATA 0 +# define SSL_F_NSS_KEYLOG_INT 0 +# define SSL_F_OPENSSL_INIT_SSL 0 +# define SSL_F_OSSL_STATEM_CLIENT13_READ_TRANSITION 0 +# define SSL_F_OSSL_STATEM_CLIENT13_WRITE_TRANSITION 0 +# define SSL_F_OSSL_STATEM_CLIENT_CONSTRUCT_MESSAGE 0 +# define SSL_F_OSSL_STATEM_CLIENT_POST_PROCESS_MESSAGE 0 +# define SSL_F_OSSL_STATEM_CLIENT_PROCESS_MESSAGE 0 +# define SSL_F_OSSL_STATEM_CLIENT_READ_TRANSITION 0 +# define SSL_F_OSSL_STATEM_CLIENT_WRITE_TRANSITION 0 +# define SSL_F_OSSL_STATEM_SERVER13_READ_TRANSITION 0 +# define SSL_F_OSSL_STATEM_SERVER13_WRITE_TRANSITION 0 +# define SSL_F_OSSL_STATEM_SERVER_CONSTRUCT_MESSAGE 0 +# define SSL_F_OSSL_STATEM_SERVER_POST_PROCESS_MESSAGE 0 +# define SSL_F_OSSL_STATEM_SERVER_POST_WORK 0 +# define SSL_F_OSSL_STATEM_SERVER_PROCESS_MESSAGE 0 +# define SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION 0 +# define SSL_F_OSSL_STATEM_SERVER_WRITE_TRANSITION 0 +# define SSL_F_PARSE_CA_NAMES 0 +# define SSL_F_PITEM_NEW 0 +# define SSL_F_PQUEUE_NEW 0 +# define SSL_F_PROCESS_KEY_SHARE_EXT 0 +# define SSL_F_READ_STATE_MACHINE 0 +# define SSL_F_SET_CLIENT_CIPHERSUITE 0 +# define SSL_F_SRP_GENERATE_CLIENT_MASTER_SECRET 0 +# define SSL_F_SRP_GENERATE_SERVER_MASTER_SECRET 0 +# define SSL_F_SRP_VERIFY_SERVER_PARAM 0 +# define SSL_F_SSL3_CHANGE_CIPHER_STATE 0 +# define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 0 +# define SSL_F_SSL3_CTRL 0 +# define SSL_F_SSL3_CTX_CTRL 0 +# define SSL_F_SSL3_DIGEST_CACHED_RECORDS 0 +# define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 0 +# define SSL_F_SSL3_ENC 0 +# define SSL_F_SSL3_FINAL_FINISH_MAC 0 +# define SSL_F_SSL3_FINISH_MAC 0 +# define SSL_F_SSL3_GENERATE_KEY_BLOCK 0 +# define SSL_F_SSL3_GENERATE_MASTER_SECRET 0 +# define SSL_F_SSL3_GET_RECORD 0 +# define SSL_F_SSL3_INIT_FINISHED_MAC 0 +# define SSL_F_SSL3_OUTPUT_CERT_CHAIN 0 +# define SSL_F_SSL3_READ_BYTES 0 +# define SSL_F_SSL3_READ_N 0 +# define SSL_F_SSL3_SETUP_KEY_BLOCK 0 +# define SSL_F_SSL3_SETUP_READ_BUFFER 0 +# define SSL_F_SSL3_SETUP_WRITE_BUFFER 0 +# define SSL_F_SSL3_WRITE_BYTES 0 +# define SSL_F_SSL3_WRITE_PENDING 0 +# define SSL_F_SSL_ADD_CERT_CHAIN 0 +# define SSL_F_SSL_ADD_CERT_TO_BUF 0 +# define SSL_F_SSL_ADD_CERT_TO_WPACKET 0 +# define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT 0 +# define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT 0 +# define SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT 0 +# define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK 0 +# define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK 0 +# define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT 0 +# define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT 0 +# define SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT 0 +# define SSL_F_SSL_BAD_METHOD 0 +# define SSL_F_SSL_BUILD_CERT_CHAIN 0 +# define SSL_F_SSL_BYTES_TO_CIPHER_LIST 0 +# define SSL_F_SSL_CACHE_CIPHERLIST 0 +# define SSL_F_SSL_CERT_ADD0_CHAIN_CERT 0 +# define SSL_F_SSL_CERT_DUP 0 +# define SSL_F_SSL_CERT_NEW 0 +# define SSL_F_SSL_CERT_SET0_CHAIN 0 +# define SSL_F_SSL_CHECK_PRIVATE_KEY 0 +# define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT 0 +# define SSL_F_SSL_CHECK_SRP_EXT_CLIENTHELLO 0 +# define SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG 0 +# define SSL_F_SSL_CHOOSE_CLIENT_VERSION 0 +# define SSL_F_SSL_CIPHER_DESCRIPTION 0 +# define SSL_F_SSL_CIPHER_LIST_TO_BYTES 0 +# define SSL_F_SSL_CIPHER_PROCESS_RULESTR 0 +# define SSL_F_SSL_CIPHER_STRENGTH_SORT 0 +# define SSL_F_SSL_CLEAR 0 +# define SSL_F_SSL_CLIENT_HELLO_GET1_EXTENSIONS_PRESENT 0 +# define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD 0 +# define SSL_F_SSL_CONF_CMD 0 +# define SSL_F_SSL_CREATE_CIPHER_LIST 0 +# define SSL_F_SSL_CTRL 0 +# define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 0 +# define SSL_F_SSL_CTX_ENABLE_CT 0 +# define SSL_F_SSL_CTX_MAKE_PROFILES 0 +# define SSL_F_SSL_CTX_NEW 0 +# define SSL_F_SSL_CTX_SET_ALPN_PROTOS 0 +# define SSL_F_SSL_CTX_SET_CIPHER_LIST 0 +# define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE 0 +# define SSL_F_SSL_CTX_SET_CT_VALIDATION_CALLBACK 0 +# define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 0 +# define SSL_F_SSL_CTX_SET_SSL_VERSION 0 +# define SSL_F_SSL_CTX_SET_TLSEXT_MAX_FRAGMENT_LENGTH 0 +# define SSL_F_SSL_CTX_USE_CERTIFICATE 0 +# define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 0 +# define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 0 +# define SSL_F_SSL_CTX_USE_PRIVATEKEY 0 +# define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 0 +# define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 0 +# define SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT 0 +# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 0 +# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 0 +# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 0 +# define SSL_F_SSL_CTX_USE_SERVERINFO 0 +# define SSL_F_SSL_CTX_USE_SERVERINFO_EX 0 +# define SSL_F_SSL_CTX_USE_SERVERINFO_FILE 0 +# define SSL_F_SSL_DANE_DUP 0 +# define SSL_F_SSL_DANE_ENABLE 0 +# define SSL_F_SSL_DERIVE 0 +# define SSL_F_SSL_DO_CONFIG 0 +# define SSL_F_SSL_DO_HANDSHAKE 0 +# define SSL_F_SSL_DUP_CA_LIST 0 +# define SSL_F_SSL_ENABLE_CT 0 +# define SSL_F_SSL_GENERATE_PKEY_GROUP 0 +# define SSL_F_SSL_GENERATE_SESSION_ID 0 +# define SSL_F_SSL_GET_NEW_SESSION 0 +# define SSL_F_SSL_GET_PREV_SESSION 0 +# define SSL_F_SSL_GET_SERVER_CERT_INDEX 0 +# define SSL_F_SSL_GET_SIGN_PKEY 0 +# define SSL_F_SSL_HANDSHAKE_HASH 0 +# define SSL_F_SSL_INIT_WBIO_BUFFER 0 +# define SSL_F_SSL_KEY_UPDATE 0 +# define SSL_F_SSL_LOAD_CLIENT_CA_FILE 0 +# define SSL_F_SSL_LOG_MASTER_SECRET 0 +# define SSL_F_SSL_LOG_RSA_CLIENT_KEY_EXCHANGE 0 +# define SSL_F_SSL_MODULE_INIT 0 +# define SSL_F_SSL_NEW 0 +# define SSL_F_SSL_NEXT_PROTO_VALIDATE 0 +# define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT 0 +# define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT 0 +# define SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT 0 +# define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT 0 +# define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 0 +# define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT 0 +# define SSL_F_SSL_PEEK 0 +# define SSL_F_SSL_PEEK_EX 0 +# define SSL_F_SSL_PEEK_INTERNAL 0 +# define SSL_F_SSL_READ 0 +# define SSL_F_SSL_READ_EARLY_DATA 0 +# define SSL_F_SSL_READ_EX 0 +# define SSL_F_SSL_READ_INTERNAL 0 +# define SSL_F_SSL_RENEGOTIATE 0 +# define SSL_F_SSL_RENEGOTIATE_ABBREVIATED 0 +# define SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT 0 +# define SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT 0 +# define SSL_F_SSL_SENDFILE 0 +# define SSL_F_SSL_SESSION_DUP 0 +# define SSL_F_SSL_SESSION_NEW 0 +# define SSL_F_SSL_SESSION_PRINT_FP 0 +# define SSL_F_SSL_SESSION_SET1_ID 0 +# define SSL_F_SSL_SESSION_SET1_ID_CONTEXT 0 +# define SSL_F_SSL_SET_ALPN_PROTOS 0 +# define SSL_F_SSL_SET_CERT 0 +# define SSL_F_SSL_SET_CERT_AND_KEY 0 +# define SSL_F_SSL_SET_CIPHER_LIST 0 +# define SSL_F_SSL_SET_CT_VALIDATION_CALLBACK 0 +# define SSL_F_SSL_SET_FD 0 +# define SSL_F_SSL_SET_PKEY 0 +# define SSL_F_SSL_SET_RFD 0 +# define SSL_F_SSL_SET_SESSION 0 +# define SSL_F_SSL_SET_SESSION_ID_CONTEXT 0 +# define SSL_F_SSL_SET_SESSION_TICKET_EXT 0 +# define SSL_F_SSL_SET_TLSEXT_MAX_FRAGMENT_LENGTH 0 +# define SSL_F_SSL_SET_WFD 0 +# define SSL_F_SSL_SHUTDOWN 0 +# define SSL_F_SSL_SRP_CTX_INIT 0 +# define SSL_F_SSL_START_ASYNC_JOB 0 +# define SSL_F_SSL_UNDEFINED_FUNCTION 0 +# define SSL_F_SSL_UNDEFINED_VOID_FUNCTION 0 +# define SSL_F_SSL_USE_CERTIFICATE 0 +# define SSL_F_SSL_USE_CERTIFICATE_ASN1 0 +# define SSL_F_SSL_USE_CERTIFICATE_FILE 0 +# define SSL_F_SSL_USE_PRIVATEKEY 0 +# define SSL_F_SSL_USE_PRIVATEKEY_ASN1 0 +# define SSL_F_SSL_USE_PRIVATEKEY_FILE 0 +# define SSL_F_SSL_USE_PSK_IDENTITY_HINT 0 +# define SSL_F_SSL_USE_RSAPRIVATEKEY 0 +# define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 0 +# define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 0 +# define SSL_F_SSL_VALIDATE_CT 0 +# define SSL_F_SSL_VERIFY_CERT_CHAIN 0 +# define SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE 0 +# define SSL_F_SSL_WRITE 0 +# define SSL_F_SSL_WRITE_EARLY_DATA 0 +# define SSL_F_SSL_WRITE_EARLY_FINISH 0 +# define SSL_F_SSL_WRITE_EX 0 +# define SSL_F_SSL_WRITE_INTERNAL 0 +# define SSL_F_STATE_MACHINE 0 +# define SSL_F_TLS12_CHECK_PEER_SIGALG 0 +# define SSL_F_TLS12_COPY_SIGALGS 0 +# define SSL_F_TLS13_CHANGE_CIPHER_STATE 0 +# define SSL_F_TLS13_ENC 0 +# define SSL_F_TLS13_FINAL_FINISH_MAC 0 +# define SSL_F_TLS13_GENERATE_SECRET 0 +# define SSL_F_TLS13_HKDF_EXPAND 0 +# define SSL_F_TLS13_RESTORE_HANDSHAKE_DIGEST_FOR_PHA 0 +# define SSL_F_TLS13_SAVE_HANDSHAKE_DIGEST_FOR_PHA 0 +# define SSL_F_TLS13_SETUP_KEY_BLOCK 0 +# define SSL_F_TLS1_CHANGE_CIPHER_STATE 0 +# define SSL_F_TLS1_CHECK_DUPLICATE_EXTENSIONS 0 +# define SSL_F_TLS1_ENC 0 +# define SSL_F_TLS1_EXPORT_KEYING_MATERIAL 0 +# define SSL_F_TLS1_GET_CURVELIST 0 +# define SSL_F_TLS1_PRF 0 +# define SSL_F_TLS1_SAVE_U16 0 +# define SSL_F_TLS1_SETUP_KEY_BLOCK 0 +# define SSL_F_TLS1_SET_GROUPS 0 +# define SSL_F_TLS1_SET_RAW_SIGALGS 0 +# define SSL_F_TLS1_SET_SERVER_SIGALGS 0 +# define SSL_F_TLS1_SET_SHARED_SIGALGS 0 +# define SSL_F_TLS1_SET_SIGALGS 0 +# define SSL_F_TLS_CHOOSE_SIGALG 0 +# define SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK 0 +# define SSL_F_TLS_COLLECT_EXTENSIONS 0 +# define SSL_F_TLS_CONSTRUCT_CERTIFICATE_AUTHORITIES 0 +# define SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST 0 +# define SSL_F_TLS_CONSTRUCT_CERT_STATUS 0 +# define SSL_F_TLS_CONSTRUCT_CERT_STATUS_BODY 0 +# define SSL_F_TLS_CONSTRUCT_CERT_VERIFY 0 +# define SSL_F_TLS_CONSTRUCT_CHANGE_CIPHER_SPEC 0 +# define SSL_F_TLS_CONSTRUCT_CKE_DHE 0 +# define SSL_F_TLS_CONSTRUCT_CKE_ECDHE 0 +# define SSL_F_TLS_CONSTRUCT_CKE_GOST 0 +# define SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE 0 +# define SSL_F_TLS_CONSTRUCT_CKE_RSA 0 +# define SSL_F_TLS_CONSTRUCT_CKE_SRP 0 +# define SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE 0 +# define SSL_F_TLS_CONSTRUCT_CLIENT_HELLO 0 +# define SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE 0 +# define SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_ALPN 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_CERTIFICATE 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_COOKIE 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_EC_PT_FORMATS 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_EMS 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_ETM 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_HELLO 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_KEY_EXCHANGE 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_KEY_SHARE 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_MAXFRAGMENTLEN 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_NPN 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_PADDING 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_POST_HANDSHAKE_AUTH 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_PSK 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_PSK_KEX_MODES 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_RENEGOTIATE 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_SCT 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_SERVER_NAME 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_SESSION_TICKET 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_SIG_ALGS 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_SRP 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_GROUPS 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_USE_SRTP 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_VERIFY 0 +# define SSL_F_TLS_CONSTRUCT_ENCRYPTED_EXTENSIONS 0 +# define SSL_F_TLS_CONSTRUCT_END_OF_EARLY_DATA 0 +# define SSL_F_TLS_CONSTRUCT_EXTENSIONS 0 +# define SSL_F_TLS_CONSTRUCT_FINISHED 0 +# define SSL_F_TLS_CONSTRUCT_HELLO_REQUEST 0 +# define SSL_F_TLS_CONSTRUCT_HELLO_RETRY_REQUEST 0 +# define SSL_F_TLS_CONSTRUCT_KEY_UPDATE 0 +# define SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET 0 +# define SSL_F_TLS_CONSTRUCT_NEXT_PROTO 0 +# define SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE 0 +# define SSL_F_TLS_CONSTRUCT_SERVER_HELLO 0 +# define SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE 0 +# define SSL_F_TLS_CONSTRUCT_STOC_ALPN 0 +# define SSL_F_TLS_CONSTRUCT_STOC_CERTIFICATE 0 +# define SSL_F_TLS_CONSTRUCT_STOC_COOKIE 0 +# define SSL_F_TLS_CONSTRUCT_STOC_CRYPTOPRO_BUG 0 +# define SSL_F_TLS_CONSTRUCT_STOC_DONE 0 +# define SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA 0 +# define SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA_INFO 0 +# define SSL_F_TLS_CONSTRUCT_STOC_EC_PT_FORMATS 0 +# define SSL_F_TLS_CONSTRUCT_STOC_EMS 0 +# define SSL_F_TLS_CONSTRUCT_STOC_ETM 0 +# define SSL_F_TLS_CONSTRUCT_STOC_HELLO 0 +# define SSL_F_TLS_CONSTRUCT_STOC_KEY_EXCHANGE 0 +# define SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE 0 +# define SSL_F_TLS_CONSTRUCT_STOC_MAXFRAGMENTLEN 0 +# define SSL_F_TLS_CONSTRUCT_STOC_NEXT_PROTO_NEG 0 +# define SSL_F_TLS_CONSTRUCT_STOC_PSK 0 +# define SSL_F_TLS_CONSTRUCT_STOC_RENEGOTIATE 0 +# define SSL_F_TLS_CONSTRUCT_STOC_SERVER_NAME 0 +# define SSL_F_TLS_CONSTRUCT_STOC_SESSION_TICKET 0 +# define SSL_F_TLS_CONSTRUCT_STOC_STATUS_REQUEST 0 +# define SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_GROUPS 0 +# define SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_VERSIONS 0 +# define SSL_F_TLS_CONSTRUCT_STOC_USE_SRTP 0 +# define SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO 0 +# define SSL_F_TLS_FINISH_HANDSHAKE 0 +# define SSL_F_TLS_GET_MESSAGE_BODY 0 +# define SSL_F_TLS_GET_MESSAGE_HEADER 0 +# define SSL_F_TLS_HANDLE_ALPN 0 +# define SSL_F_TLS_HANDLE_STATUS_REQUEST 0 +# define SSL_F_TLS_PARSE_CERTIFICATE_AUTHORITIES 0 +# define SSL_F_TLS_PARSE_CLIENTHELLO_TLSEXT 0 +# define SSL_F_TLS_PARSE_CTOS_ALPN 0 +# define SSL_F_TLS_PARSE_CTOS_COOKIE 0 +# define SSL_F_TLS_PARSE_CTOS_EARLY_DATA 0 +# define SSL_F_TLS_PARSE_CTOS_EC_PT_FORMATS 0 +# define SSL_F_TLS_PARSE_CTOS_EMS 0 +# define SSL_F_TLS_PARSE_CTOS_KEY_SHARE 0 +# define SSL_F_TLS_PARSE_CTOS_MAXFRAGMENTLEN 0 +# define SSL_F_TLS_PARSE_CTOS_POST_HANDSHAKE_AUTH 0 +# define SSL_F_TLS_PARSE_CTOS_PSK 0 +# define SSL_F_TLS_PARSE_CTOS_PSK_KEX_MODES 0 +# define SSL_F_TLS_PARSE_CTOS_RENEGOTIATE 0 +# define SSL_F_TLS_PARSE_CTOS_SERVER_NAME 0 +# define SSL_F_TLS_PARSE_CTOS_SESSION_TICKET 0 +# define SSL_F_TLS_PARSE_CTOS_SIG_ALGS 0 +# define SSL_F_TLS_PARSE_CTOS_SIG_ALGS_CERT 0 +# define SSL_F_TLS_PARSE_CTOS_SRP 0 +# define SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST 0 +# define SSL_F_TLS_PARSE_CTOS_SUPPORTED_GROUPS 0 +# define SSL_F_TLS_PARSE_CTOS_USE_SRTP 0 +# define SSL_F_TLS_PARSE_STOC_ALPN 0 +# define SSL_F_TLS_PARSE_STOC_COOKIE 0 +# define SSL_F_TLS_PARSE_STOC_EARLY_DATA 0 +# define SSL_F_TLS_PARSE_STOC_EARLY_DATA_INFO 0 +# define SSL_F_TLS_PARSE_STOC_EC_PT_FORMATS 0 +# define SSL_F_TLS_PARSE_STOC_KEY_SHARE 0 +# define SSL_F_TLS_PARSE_STOC_MAXFRAGMENTLEN 0 +# define SSL_F_TLS_PARSE_STOC_NPN 0 +# define SSL_F_TLS_PARSE_STOC_PSK 0 +# define SSL_F_TLS_PARSE_STOC_RENEGOTIATE 0 +# define SSL_F_TLS_PARSE_STOC_SCT 0 +# define SSL_F_TLS_PARSE_STOC_SERVER_NAME 0 +# define SSL_F_TLS_PARSE_STOC_SESSION_TICKET 0 +# define SSL_F_TLS_PARSE_STOC_STATUS_REQUEST 0 +# define SSL_F_TLS_PARSE_STOC_SUPPORTED_VERSIONS 0 +# define SSL_F_TLS_PARSE_STOC_USE_SRTP 0 +# define SSL_F_TLS_POST_PROCESS_CLIENT_HELLO 0 +# define SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE 0 +# define SSL_F_TLS_PREPARE_CLIENT_CERTIFICATE 0 +# define SSL_F_TLS_PROCESS_AS_HELLO_RETRY_REQUEST 0 +# define SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST 0 +# define SSL_F_TLS_PROCESS_CERT_STATUS 0 +# define SSL_F_TLS_PROCESS_CERT_STATUS_BODY 0 +# define SSL_F_TLS_PROCESS_CERT_VERIFY 0 +# define SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC 0 +# define SSL_F_TLS_PROCESS_CKE_DHE 0 +# define SSL_F_TLS_PROCESS_CKE_ECDHE 0 +# define SSL_F_TLS_PROCESS_CKE_GOST 0 +# define SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE 0 +# define SSL_F_TLS_PROCESS_CKE_RSA 0 +# define SSL_F_TLS_PROCESS_CKE_SRP 0 +# define SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE 0 +# define SSL_F_TLS_PROCESS_CLIENT_HELLO 0 +# define SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE 0 +# define SSL_F_TLS_PROCESS_ENCRYPTED_EXTENSIONS 0 +# define SSL_F_TLS_PROCESS_END_OF_EARLY_DATA 0 +# define SSL_F_TLS_PROCESS_FINISHED 0 +# define SSL_F_TLS_PROCESS_HELLO_REQ 0 +# define SSL_F_TLS_PROCESS_HELLO_RETRY_REQUEST 0 +# define SSL_F_TLS_PROCESS_INITIAL_SERVER_FLIGHT 0 +# define SSL_F_TLS_PROCESS_KEY_EXCHANGE 0 +# define SSL_F_TLS_PROCESS_KEY_UPDATE 0 +# define SSL_F_TLS_PROCESS_NEW_SESSION_TICKET 0 +# define SSL_F_TLS_PROCESS_NEXT_PROTO 0 +# define SSL_F_TLS_PROCESS_SERVER_CERTIFICATE 0 +# define SSL_F_TLS_PROCESS_SERVER_DONE 0 +# define SSL_F_TLS_PROCESS_SERVER_HELLO 0 +# define SSL_F_TLS_PROCESS_SKE_DHE 0 +# define SSL_F_TLS_PROCESS_SKE_ECDHE 0 +# define SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE 0 +# define SSL_F_TLS_PROCESS_SKE_SRP 0 +# define SSL_F_TLS_PSK_DO_BINDER 0 +# define SSL_F_TLS_SCAN_CLIENTHELLO_TLSEXT 0 +# define SSL_F_TLS_SETUP_HANDSHAKE 0 +# define SSL_F_USE_CERTIFICATE_CHAIN_FILE 0 +# define SSL_F_WPACKET_INTERN_INIT_LEN 0 +# define SSL_F_WPACKET_START_SUB_PACKET_LEN__ 0 +# define SSL_F_WRITE_STATE_MACHINE 0 +# endif + +/* + * SSL reason codes. + */ +# define SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY 291 +# define SSL_R_APP_DATA_IN_HANDSHAKE 100 +# define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272 +# define SSL_R_AT_LEAST_TLS_1_0_NEEDED_IN_FIPS_MODE 143 +# define SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE 158 +# define SSL_R_BAD_CHANGE_CIPHER_SPEC 103 +# define SSL_R_BAD_CIPHER 186 +# define SSL_R_BAD_DATA 390 +# define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106 +# define SSL_R_BAD_DECOMPRESSION 107 +# define SSL_R_BAD_DH_VALUE 102 +# define SSL_R_BAD_DIGEST_LENGTH 111 +# define SSL_R_BAD_EARLY_DATA 233 +# define SSL_R_BAD_ECC_CERT 304 +# define SSL_R_BAD_ECPOINT 306 +# define SSL_R_BAD_EXTENSION 110 +# define SSL_R_BAD_HANDSHAKE_LENGTH 332 +# define SSL_R_BAD_HANDSHAKE_STATE 236 +# define SSL_R_BAD_HELLO_REQUEST 105 +# define SSL_R_BAD_HRR_VERSION 263 +# define SSL_R_BAD_KEY_SHARE 108 +# define SSL_R_BAD_KEY_UPDATE 122 +# define SSL_R_BAD_LEGACY_VERSION 292 +# define SSL_R_BAD_LENGTH 271 +# define SSL_R_BAD_PACKET 240 +# define SSL_R_BAD_PACKET_LENGTH 115 +# define SSL_R_BAD_PROTOCOL_VERSION_NUMBER 116 +# define SSL_R_BAD_PSK 219 +# define SSL_R_BAD_PSK_IDENTITY 114 +# define SSL_R_BAD_RECORD_TYPE 443 +# define SSL_R_BAD_RSA_ENCRYPT 119 +# define SSL_R_BAD_SIGNATURE 123 +# define SSL_R_BAD_SRP_A_LENGTH 347 +# define SSL_R_BAD_SRP_PARAMETERS 371 +# define SSL_R_BAD_SRTP_MKI_VALUE 352 +# define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST 353 +# define SSL_R_BAD_SSL_FILETYPE 124 +# define SSL_R_BAD_VALUE 384 +# define SSL_R_BAD_WRITE_RETRY 127 +# define SSL_R_BINDER_DOES_NOT_VERIFY 253 +# define SSL_R_BIO_NOT_SET 128 +# define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG 129 +# define SSL_R_BN_LIB 130 +# define SSL_R_CALLBACK_FAILED 234 +# define SSL_R_CANNOT_CHANGE_CIPHER 109 +# define SSL_R_CA_DN_LENGTH_MISMATCH 131 +# define SSL_R_CA_KEY_TOO_SMALL 397 +# define SSL_R_CA_MD_TOO_WEAK 398 +# define SSL_R_CCS_RECEIVED_EARLY 133 +# define SSL_R_CERTIFICATE_VERIFY_FAILED 134 +# define SSL_R_CERT_CB_ERROR 377 +# define SSL_R_CERT_LENGTH_MISMATCH 135 +# define SSL_R_CIPHERSUITE_DIGEST_HAS_CHANGED 218 +# define SSL_R_CIPHER_CODE_WRONG_LENGTH 137 +# define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 138 +# define SSL_R_CLIENTHELLO_TLSEXT 226 +# define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140 +# define SSL_R_COMPRESSION_DISABLED 343 +# define SSL_R_COMPRESSION_FAILURE 141 +# define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 307 +# define SSL_R_COMPRESSION_LIBRARY_ERROR 142 +# define SSL_R_CONNECTION_TYPE_NOT_SET 144 +# define SSL_R_CONTEXT_NOT_DANE_ENABLED 167 +# define SSL_R_COOKIE_GEN_CALLBACK_FAILURE 400 +# define SSL_R_COOKIE_MISMATCH 308 +# define SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED 206 +# define SSL_R_DANE_ALREADY_ENABLED 172 +# define SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL 173 +# define SSL_R_DANE_NOT_ENABLED 175 +# define SSL_R_DANE_TLSA_BAD_CERTIFICATE 180 +# define SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE 184 +# define SSL_R_DANE_TLSA_BAD_DATA_LENGTH 189 +# define SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH 192 +# define SSL_R_DANE_TLSA_BAD_MATCHING_TYPE 200 +# define SSL_R_DANE_TLSA_BAD_PUBLIC_KEY 201 +# define SSL_R_DANE_TLSA_BAD_SELECTOR 202 +# define SSL_R_DANE_TLSA_NULL_DATA 203 +# define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145 +# define SSL_R_DATA_LENGTH_TOO_LONG 146 +# define SSL_R_DECRYPTION_FAILED 147 +# define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281 +# define SSL_R_DH_KEY_TOO_SMALL 394 +# define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148 +# define SSL_R_DIGEST_CHECK_FAILED 149 +# define SSL_R_DTLS_MESSAGE_TOO_BIG 334 +# define SSL_R_DUPLICATE_COMPRESSION_ID 309 +# define SSL_R_ECC_CERT_NOT_FOR_SIGNING 318 +# define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE 374 +# define SSL_R_EE_KEY_TOO_SMALL 399 +# define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 354 +# define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 +# define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151 +# define SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN 204 +# define SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE 194 +# define SSL_R_EXCESSIVE_MESSAGE_SIZE 152 +# define SSL_R_EXTENSION_NOT_RECEIVED 279 +# define SSL_R_EXTRA_DATA_IN_MESSAGE 153 +# define SSL_R_EXT_LENGTH_MISMATCH 163 +# define SSL_R_FAILED_TO_INIT_ASYNC 405 +# define SSL_R_FRAGMENTED_CLIENT_HELLO 401 +# define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154 +# define SSL_R_HTTPS_PROXY_REQUEST 155 +# define SSL_R_HTTP_REQUEST 156 +# define SSL_R_ILLEGAL_POINT_COMPRESSION 162 +# define SSL_R_ILLEGAL_SUITEB_DIGEST 380 +# define SSL_R_INAPPROPRIATE_FALLBACK 373 +# define SSL_R_INCONSISTENT_COMPRESSION 340 +# define SSL_R_INCONSISTENT_EARLY_DATA_ALPN 222 +# define SSL_R_INCONSISTENT_EARLY_DATA_SNI 231 +# define SSL_R_INCONSISTENT_EXTMS 104 +# define SSL_R_INSUFFICIENT_SECURITY 241 +# define SSL_R_INVALID_ALERT 205 +# define SSL_R_INVALID_CCS_MESSAGE 260 +# define SSL_R_INVALID_CERTIFICATE_OR_ALG 238 +# define SSL_R_INVALID_COMMAND 280 +# define SSL_R_INVALID_COMPRESSION_ALGORITHM 341 +# define SSL_R_INVALID_CONFIG 283 +# define SSL_R_INVALID_CONFIGURATION_NAME 113 +# define SSL_R_INVALID_CONTEXT 282 +# define SSL_R_INVALID_CT_VALIDATION_TYPE 212 +# define SSL_R_INVALID_KEY_UPDATE_TYPE 120 +# define SSL_R_INVALID_MAX_EARLY_DATA 174 +# define SSL_R_INVALID_NULL_CMD_NAME 385 +# define SSL_R_INVALID_SEQUENCE_NUMBER 402 +# define SSL_R_INVALID_SERVERINFO_DATA 388 +# define SSL_R_INVALID_SESSION_ID 999 +# define SSL_R_INVALID_SRP_USERNAME 357 +# define SSL_R_INVALID_STATUS_RESPONSE 328 +# define SSL_R_INVALID_TICKET_KEYS_LENGTH 325 +# define SSL_R_LENGTH_MISMATCH 159 +# define SSL_R_LENGTH_TOO_LONG 404 +# define SSL_R_LENGTH_TOO_SHORT 160 +# define SSL_R_LIBRARY_BUG 274 +# define SSL_R_LIBRARY_HAS_NO_CIPHERS 161 +# define SSL_R_MISSING_DSA_SIGNING_CERT 165 +# define SSL_R_MISSING_ECDSA_SIGNING_CERT 381 +# define SSL_R_MISSING_FATAL 256 +# define SSL_R_MISSING_PARAMETERS 290 +# define SSL_R_MISSING_RSA_CERTIFICATE 168 +# define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169 +# define SSL_R_MISSING_RSA_SIGNING_CERT 170 +# define SSL_R_MISSING_SIGALGS_EXTENSION 112 +# define SSL_R_MISSING_SIGNING_CERT 221 +# define SSL_R_MISSING_SRP_PARAM 358 +# define SSL_R_MISSING_SUPPORTED_GROUPS_EXTENSION 209 +# define SSL_R_MISSING_TMP_DH_KEY 171 +# define SSL_R_MISSING_TMP_ECDH_KEY 311 +# define SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA 293 +# define SSL_R_NOT_ON_RECORD_BOUNDARY 182 +# define SSL_R_NOT_REPLACING_CERTIFICATE 289 +# define SSL_R_NOT_SERVER 284 +# define SSL_R_NO_APPLICATION_PROTOCOL 235 +# define SSL_R_NO_CERTIFICATES_RETURNED 176 +# define SSL_R_NO_CERTIFICATE_ASSIGNED 177 +# define SSL_R_NO_CERTIFICATE_SET 179 +# define SSL_R_NO_CHANGE_FOLLOWING_HRR 214 +# define SSL_R_NO_CIPHERS_AVAILABLE 181 +# define SSL_R_NO_CIPHERS_SPECIFIED 183 +# define SSL_R_NO_CIPHER_MATCH 185 +# define SSL_R_NO_CLIENT_CERT_METHOD 331 +# define SSL_R_NO_COMPRESSION_SPECIFIED 187 +# define SSL_R_NO_COOKIE_CALLBACK_SET 287 +# define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER 330 +# define SSL_R_NO_METHOD_SPECIFIED 188 +# define SSL_R_NO_PEM_EXTENSIONS 389 +# define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190 +# define SSL_R_NO_PROTOCOLS_AVAILABLE 191 +# define SSL_R_NO_RENEGOTIATION 339 +# define SSL_R_NO_REQUIRED_DIGEST 324 +# define SSL_R_NO_SHARED_CIPHER 193 +# define SSL_R_NO_SHARED_GROUPS 410 +# define SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS 376 +# define SSL_R_NO_SRTP_PROFILES 359 +# define SSL_R_NO_SUITABLE_KEY_SHARE 101 +# define SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM 118 +# define SSL_R_NO_VALID_SCTS 216 +# define SSL_R_NO_VERIFY_COOKIE_CALLBACK 403 +# define SSL_R_NULL_SSL_CTX 195 +# define SSL_R_NULL_SSL_METHOD_PASSED 196 +# define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197 +# define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344 +# define SSL_R_OVERFLOW_ERROR 237 +# define SSL_R_PACKET_LENGTH_TOO_LONG 198 +# define SSL_R_PARSE_TLSEXT 227 +# define SSL_R_PATH_TOO_LONG 270 +# define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199 +# define SSL_R_PEM_NAME_BAD_PREFIX 391 +# define SSL_R_PEM_NAME_TOO_SHORT 392 +# define SSL_R_PIPELINE_FAILURE 406 +# define SSL_R_POST_HANDSHAKE_AUTH_ENCODING_ERR 278 +# define SSL_R_PRIVATE_KEY_MISMATCH 288 +# define SSL_R_PROTOCOL_IS_SHUTDOWN 207 +# define SSL_R_PSK_IDENTITY_NOT_FOUND 223 +# define SSL_R_PSK_NO_CLIENT_CB 224 +# define SSL_R_PSK_NO_SERVER_CB 225 +# define SSL_R_READ_BIO_NOT_SET 211 +# define SSL_R_READ_TIMEOUT_EXPIRED 312 +# define SSL_R_RECORD_LENGTH_MISMATCH 213 +# define SSL_R_RECORD_TOO_SMALL 298 +# define SSL_R_RENEGOTIATE_EXT_TOO_LONG 335 +# define SSL_R_RENEGOTIATION_ENCODING_ERR 336 +# define SSL_R_RENEGOTIATION_MISMATCH 337 +# define SSL_R_REQUEST_PENDING 285 +# define SSL_R_REQUEST_SENT 286 +# define SSL_R_REQUIRED_CIPHER_MISSING 215 +# define SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING 342 +# define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 345 +# define SSL_R_SCT_VERIFICATION_FAILED 208 +# define SSL_R_SERVERHELLO_TLSEXT 275 +# define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277 +# define SSL_R_SHUTDOWN_WHILE_IN_INIT 407 +# define SSL_R_SIGNATURE_ALGORITHMS_ERROR 360 +# define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 +# define SSL_R_SRP_A_CALC 361 +# define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES 362 +# define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG 363 +# define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE 364 +# define SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH 232 +# define SSL_R_SSL3_EXT_INVALID_SERVERNAME 319 +# define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 320 +# define SSL_R_SSL3_SESSION_ID_TOO_LONG 300 +# define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 +# define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 +# define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045 +# define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044 +# define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046 +# define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030 +# define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040 +# define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047 +# define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041 +# define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010 +# define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043 +# define SSL_R_SSL_COMMAND_SECTION_EMPTY 117 +# define SSL_R_SSL_COMMAND_SECTION_NOT_FOUND 125 +# define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228 +# define SSL_R_SSL_HANDSHAKE_FAILURE 229 +# define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 230 +# define SSL_R_SSL_NEGATIVE_LENGTH 372 +# define SSL_R_SSL_SECTION_EMPTY 126 +# define SSL_R_SSL_SECTION_NOT_FOUND 136 +# define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 301 +# define SSL_R_SSL_SESSION_ID_CONFLICT 302 +# define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273 +# define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 303 +# define SSL_R_SSL_SESSION_ID_TOO_LONG 408 +# define SSL_R_SSL_SESSION_VERSION_MISMATCH 210 +# define SSL_R_STILL_IN_INIT 121 +# define SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED 1116 +# define SSL_R_TLSV13_ALERT_MISSING_EXTENSION 1109 +# define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049 +# define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050 +# define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021 +# define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051 +# define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060 +# define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086 +# define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071 +# define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080 +# define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100 +# define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070 +# define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022 +# define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048 +# define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090 +# define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114 +# define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113 +# define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111 +# define SSL_R_TLSV1_UNRECOGNIZED_NAME 1112 +# define SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110 +# define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL 367 +# define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157 +# define SSL_R_TOO_MANY_KEY_UPDATES 132 +# define SSL_R_TOO_MANY_WARN_ALERTS 409 +# define SSL_R_TOO_MUCH_EARLY_DATA 164 +# define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 314 +# define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239 +# define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 242 +# define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243 +# define SSL_R_UNEXPECTED_CCS_MESSAGE 262 +# define SSL_R_UNEXPECTED_END_OF_EARLY_DATA 178 +# define SSL_R_UNEXPECTED_EOF_WHILE_READING 294 +# define SSL_R_UNEXPECTED_MESSAGE 244 +# define SSL_R_UNEXPECTED_RECORD 245 +# define SSL_R_UNINITIALIZED 276 +# define SSL_R_UNKNOWN_ALERT_TYPE 246 +# define SSL_R_UNKNOWN_CERTIFICATE_TYPE 247 +# define SSL_R_UNKNOWN_CIPHER_RETURNED 248 +# define SSL_R_UNKNOWN_CIPHER_TYPE 249 +# define SSL_R_UNKNOWN_CMD_NAME 386 +# define SSL_R_UNKNOWN_COMMAND 139 +# define SSL_R_UNKNOWN_DIGEST 368 +# define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250 +# define SSL_R_UNKNOWN_PKEY_TYPE 251 +# define SSL_R_UNKNOWN_PROTOCOL 252 +# define SSL_R_UNKNOWN_SSL_VERSION 254 +# define SSL_R_UNKNOWN_STATE 255 +# define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 338 +# define SSL_R_UNSOLICITED_EXTENSION 217 +# define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257 +# define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 315 +# define SSL_R_UNSUPPORTED_PROTOCOL 258 +# define SSL_R_UNSUPPORTED_SSL_VERSION 259 +# define SSL_R_UNSUPPORTED_STATUS_TYPE 329 +# define SSL_R_USE_SRTP_NOT_NEGOTIATED 369 +# define SSL_R_VERSION_TOO_HIGH 166 +# define SSL_R_VERSION_TOO_LOW 396 +# define SSL_R_WRONG_CERTIFICATE_TYPE 383 +# define SSL_R_WRONG_CIPHER_RETURNED 261 +# define SSL_R_WRONG_CURVE 378 +# define SSL_R_WRONG_SIGNATURE_LENGTH 264 +# define SSL_R_WRONG_SIGNATURE_SIZE 265 +# define SSL_R_WRONG_SIGNATURE_TYPE 370 +# define SSL_R_WRONG_SSL_VERSION 266 +# define SSL_R_WRONG_VERSION_NUMBER 267 +# define SSL_R_X509_LIB 268 +# define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 269 + +#endif diff --git a/linux_amd64/include/openssl/stack.h b/linux_amd64/include/openssl/stack.h new file mode 100644 index 0000000..031b672 --- /dev/null +++ b/linux_amd64/include/openssl/stack.h @@ -0,0 +1,89 @@ +/* + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_STACK_H +# define OPENSSL_STACK_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_STACK_H +# endif + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct stack_st OPENSSL_STACK; /* Use STACK_OF(...) instead */ + +typedef int (*OPENSSL_sk_compfunc)(const void *, const void *); +typedef void (*OPENSSL_sk_freefunc)(void *); +typedef void *(*OPENSSL_sk_copyfunc)(const void *); + +int OPENSSL_sk_num(const OPENSSL_STACK *); +void *OPENSSL_sk_value(const OPENSSL_STACK *, int); + +void *OPENSSL_sk_set(OPENSSL_STACK *st, int i, const void *data); + +OPENSSL_STACK *OPENSSL_sk_new(OPENSSL_sk_compfunc cmp); +OPENSSL_STACK *OPENSSL_sk_new_null(void); +OPENSSL_STACK *OPENSSL_sk_new_reserve(OPENSSL_sk_compfunc c, int n); +int OPENSSL_sk_reserve(OPENSSL_STACK *st, int n); +void OPENSSL_sk_free(OPENSSL_STACK *); +void OPENSSL_sk_pop_free(OPENSSL_STACK *st, void (*func) (void *)); +OPENSSL_STACK *OPENSSL_sk_deep_copy(const OPENSSL_STACK *, + OPENSSL_sk_copyfunc c, + OPENSSL_sk_freefunc f); +int OPENSSL_sk_insert(OPENSSL_STACK *sk, const void *data, int where); +void *OPENSSL_sk_delete(OPENSSL_STACK *st, int loc); +void *OPENSSL_sk_delete_ptr(OPENSSL_STACK *st, const void *p); +int OPENSSL_sk_find(OPENSSL_STACK *st, const void *data); +int OPENSSL_sk_find_ex(OPENSSL_STACK *st, const void *data); +int OPENSSL_sk_push(OPENSSL_STACK *st, const void *data); +int OPENSSL_sk_unshift(OPENSSL_STACK *st, const void *data); +void *OPENSSL_sk_shift(OPENSSL_STACK *st); +void *OPENSSL_sk_pop(OPENSSL_STACK *st); +void OPENSSL_sk_zero(OPENSSL_STACK *st); +OPENSSL_sk_compfunc OPENSSL_sk_set_cmp_func(OPENSSL_STACK *sk, + OPENSSL_sk_compfunc cmp); +OPENSSL_STACK *OPENSSL_sk_dup(const OPENSSL_STACK *st); +void OPENSSL_sk_sort(OPENSSL_STACK *st); +int OPENSSL_sk_is_sorted(const OPENSSL_STACK *st); + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define _STACK OPENSSL_STACK +# define sk_num OPENSSL_sk_num +# define sk_value OPENSSL_sk_value +# define sk_set OPENSSL_sk_set +# define sk_new OPENSSL_sk_new +# define sk_new_null OPENSSL_sk_new_null +# define sk_free OPENSSL_sk_free +# define sk_pop_free OPENSSL_sk_pop_free +# define sk_deep_copy OPENSSL_sk_deep_copy +# define sk_insert OPENSSL_sk_insert +# define sk_delete OPENSSL_sk_delete +# define sk_delete_ptr OPENSSL_sk_delete_ptr +# define sk_find OPENSSL_sk_find +# define sk_find_ex OPENSSL_sk_find_ex +# define sk_push OPENSSL_sk_push +# define sk_unshift OPENSSL_sk_unshift +# define sk_shift OPENSSL_sk_shift +# define sk_pop OPENSSL_sk_pop +# define sk_zero OPENSSL_sk_zero +# define sk_set_cmp_func OPENSSL_sk_set_cmp_func +# define sk_dup OPENSSL_sk_dup +# define sk_sort OPENSSL_sk_sort +# define sk_is_sorted OPENSSL_sk_is_sorted +# endif + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/linux_amd64/include/openssl/store.h b/linux_amd64/include/openssl/store.h new file mode 100644 index 0000000..7b2561c --- /dev/null +++ b/linux_amd64/include/openssl/store.h @@ -0,0 +1,272 @@ +/* + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_STORE_H +# define OPENSSL_STORE_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_OSSL_STORE_H +# endif + +# include +# include +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +/*- + * The main OSSL_STORE functions. + * ------------------------------ + * + * These allow applications to open a channel to a resource with supported + * data (keys, certs, crls, ...), read the data a piece at a time and decide + * what to do with it, and finally close. + */ + +typedef struct ossl_store_ctx_st OSSL_STORE_CTX; + +/* + * Typedef for the OSSL_STORE_INFO post processing callback. This can be used + * to massage the given OSSL_STORE_INFO, or to drop it entirely (by returning + * NULL). + */ +typedef OSSL_STORE_INFO *(*OSSL_STORE_post_process_info_fn)(OSSL_STORE_INFO *, + void *); + +/* + * Open a channel given a URI. The given UI method will be used any time the + * loader needs extra input, for example when a password or pin is needed, and + * will be passed the same user data every time it's needed in this context. + * + * Returns a context reference which represents the channel to communicate + * through. + */ +OSSL_STORE_CTX *OSSL_STORE_open(const char *uri, const UI_METHOD *ui_method, + void *ui_data, + OSSL_STORE_post_process_info_fn post_process, + void *post_process_data); + +/* + * Control / fine tune the OSSL_STORE channel. |cmd| determines what is to be + * done, and depends on the underlying loader (use OSSL_STORE_get0_scheme to + * determine which loader is used), except for common commands (see below). + * Each command takes different arguments. + */ +int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd, ... /* args */); +int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd, va_list args); + +/* + * Common ctrl commands that different loaders may choose to support. + */ +/* int on = 0 or 1; STORE_ctrl(ctx, STORE_C_USE_SECMEM, &on); */ +# define OSSL_STORE_C_USE_SECMEM 1 +/* Where custom commands start */ +# define OSSL_STORE_C_CUSTOM_START 100 + +/* + * Read one data item (a key, a cert, a CRL) that is supported by the OSSL_STORE + * functionality, given a context. + * Returns a OSSL_STORE_INFO pointer, from which OpenSSL typed data can be + * extracted with OSSL_STORE_INFO_get0_PKEY(), OSSL_STORE_INFO_get0_CERT(), ... + * NULL is returned on error, which may include that the data found at the URI + * can't be figured out for certain or is ambiguous. + */ +OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx); + +/* + * Check if end of data (end of file) is reached + * Returns 1 on end, 0 otherwise. + */ +int OSSL_STORE_eof(OSSL_STORE_CTX *ctx); + +/* + * Check if an error occurred + * Returns 1 if it did, 0 otherwise. + */ +int OSSL_STORE_error(OSSL_STORE_CTX *ctx); + +/* + * Close the channel + * Returns 1 on success, 0 on error. + */ +int OSSL_STORE_close(OSSL_STORE_CTX *ctx); + + +/*- + * Extracting OpenSSL types from and creating new OSSL_STORE_INFOs + * --------------------------------------------------------------- + */ + +/* + * Types of data that can be ossl_stored in a OSSL_STORE_INFO. + * OSSL_STORE_INFO_NAME is typically found when getting a listing of + * available "files" / "tokens" / what have you. + */ +# define OSSL_STORE_INFO_NAME 1 /* char * */ +# define OSSL_STORE_INFO_PARAMS 2 /* EVP_PKEY * */ +# define OSSL_STORE_INFO_PKEY 3 /* EVP_PKEY * */ +# define OSSL_STORE_INFO_CERT 4 /* X509 * */ +# define OSSL_STORE_INFO_CRL 5 /* X509_CRL * */ + +/* + * Functions to generate OSSL_STORE_INFOs, one function for each type we + * support having in them, as well as a generic constructor. + * + * In all cases, ownership of the object is transferred to the OSSL_STORE_INFO + * and will therefore be freed when the OSSL_STORE_INFO is freed. + */ +OSSL_STORE_INFO *OSSL_STORE_INFO_new_NAME(char *name); +int OSSL_STORE_INFO_set0_NAME_description(OSSL_STORE_INFO *info, char *desc); +OSSL_STORE_INFO *OSSL_STORE_INFO_new_PARAMS(EVP_PKEY *params); +OSSL_STORE_INFO *OSSL_STORE_INFO_new_PKEY(EVP_PKEY *pkey); +OSSL_STORE_INFO *OSSL_STORE_INFO_new_CERT(X509 *x509); +OSSL_STORE_INFO *OSSL_STORE_INFO_new_CRL(X509_CRL *crl); + +/* + * Functions to try to extract data from a OSSL_STORE_INFO. + */ +int OSSL_STORE_INFO_get_type(const OSSL_STORE_INFO *info); +const char *OSSL_STORE_INFO_get0_NAME(const OSSL_STORE_INFO *info); +char *OSSL_STORE_INFO_get1_NAME(const OSSL_STORE_INFO *info); +const char *OSSL_STORE_INFO_get0_NAME_description(const OSSL_STORE_INFO *info); +char *OSSL_STORE_INFO_get1_NAME_description(const OSSL_STORE_INFO *info); +EVP_PKEY *OSSL_STORE_INFO_get0_PARAMS(const OSSL_STORE_INFO *info); +EVP_PKEY *OSSL_STORE_INFO_get1_PARAMS(const OSSL_STORE_INFO *info); +EVP_PKEY *OSSL_STORE_INFO_get0_PKEY(const OSSL_STORE_INFO *info); +EVP_PKEY *OSSL_STORE_INFO_get1_PKEY(const OSSL_STORE_INFO *info); +X509 *OSSL_STORE_INFO_get0_CERT(const OSSL_STORE_INFO *info); +X509 *OSSL_STORE_INFO_get1_CERT(const OSSL_STORE_INFO *info); +X509_CRL *OSSL_STORE_INFO_get0_CRL(const OSSL_STORE_INFO *info); +X509_CRL *OSSL_STORE_INFO_get1_CRL(const OSSL_STORE_INFO *info); + +const char *OSSL_STORE_INFO_type_string(int type); + +/* + * Free the OSSL_STORE_INFO + */ +void OSSL_STORE_INFO_free(OSSL_STORE_INFO *info); + + +/*- + * Functions to construct a search URI from a base URI and search criteria + * ----------------------------------------------------------------------- + */ + +/* OSSL_STORE search types */ +# define OSSL_STORE_SEARCH_BY_NAME 1 /* subject in certs, issuer in CRLs */ +# define OSSL_STORE_SEARCH_BY_ISSUER_SERIAL 2 +# define OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT 3 +# define OSSL_STORE_SEARCH_BY_ALIAS 4 + +/* To check what search types the scheme handler supports */ +int OSSL_STORE_supports_search(OSSL_STORE_CTX *ctx, int search_type); + +/* Search term constructors */ +/* + * The input is considered to be owned by the caller, and must therefore + * remain present throughout the lifetime of the returned OSSL_STORE_SEARCH + */ +OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_name(X509_NAME *name); +OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_issuer_serial(X509_NAME *name, + const ASN1_INTEGER + *serial); +OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_key_fingerprint(const EVP_MD *digest, + const unsigned char + *bytes, size_t len); +OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_alias(const char *alias); + +/* Search term destructor */ +void OSSL_STORE_SEARCH_free(OSSL_STORE_SEARCH *search); + +/* Search term accessors */ +int OSSL_STORE_SEARCH_get_type(const OSSL_STORE_SEARCH *criterion); +X509_NAME *OSSL_STORE_SEARCH_get0_name(const OSSL_STORE_SEARCH *criterion); +const ASN1_INTEGER *OSSL_STORE_SEARCH_get0_serial(const OSSL_STORE_SEARCH + *criterion); +const unsigned char *OSSL_STORE_SEARCH_get0_bytes(const OSSL_STORE_SEARCH + *criterion, size_t *length); +const char *OSSL_STORE_SEARCH_get0_string(const OSSL_STORE_SEARCH *criterion); +const EVP_MD *OSSL_STORE_SEARCH_get0_digest(const OSSL_STORE_SEARCH *criterion); + +/* + * Add search criterion and expected return type (which can be unspecified) + * to the loading channel. This MUST happen before the first OSSL_STORE_load(). + */ +int OSSL_STORE_expect(OSSL_STORE_CTX *ctx, int expected_type); +int OSSL_STORE_find(OSSL_STORE_CTX *ctx, const OSSL_STORE_SEARCH *search); + + +/*- + * Function to register a loader for the given URI scheme. + * ------------------------------------------------------- + * + * The loader receives all the main components of an URI except for the + * scheme. + */ + +typedef struct ossl_store_loader_st OSSL_STORE_LOADER; +OSSL_STORE_LOADER *OSSL_STORE_LOADER_new(ENGINE *e, const char *scheme); +const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER *loader); +const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader); +/* struct ossl_store_loader_ctx_st is defined differently by each loader */ +typedef struct ossl_store_loader_ctx_st OSSL_STORE_LOADER_CTX; +typedef OSSL_STORE_LOADER_CTX *(*OSSL_STORE_open_fn)(const OSSL_STORE_LOADER + *loader, + const char *uri, + const UI_METHOD *ui_method, + void *ui_data); +int OSSL_STORE_LOADER_set_open(OSSL_STORE_LOADER *loader, + OSSL_STORE_open_fn open_function); +typedef int (*OSSL_STORE_ctrl_fn)(OSSL_STORE_LOADER_CTX *ctx, int cmd, + va_list args); +int OSSL_STORE_LOADER_set_ctrl(OSSL_STORE_LOADER *loader, + OSSL_STORE_ctrl_fn ctrl_function); +typedef int (*OSSL_STORE_expect_fn)(OSSL_STORE_LOADER_CTX *ctx, int expected); +int OSSL_STORE_LOADER_set_expect(OSSL_STORE_LOADER *loader, + OSSL_STORE_expect_fn expect_function); +typedef int (*OSSL_STORE_find_fn)(OSSL_STORE_LOADER_CTX *ctx, + const OSSL_STORE_SEARCH *criteria); +int OSSL_STORE_LOADER_set_find(OSSL_STORE_LOADER *loader, + OSSL_STORE_find_fn find_function); +typedef OSSL_STORE_INFO *(*OSSL_STORE_load_fn)(OSSL_STORE_LOADER_CTX *ctx, + const UI_METHOD *ui_method, + void *ui_data); +int OSSL_STORE_LOADER_set_load(OSSL_STORE_LOADER *loader, + OSSL_STORE_load_fn load_function); +typedef int (*OSSL_STORE_eof_fn)(OSSL_STORE_LOADER_CTX *ctx); +int OSSL_STORE_LOADER_set_eof(OSSL_STORE_LOADER *loader, + OSSL_STORE_eof_fn eof_function); +typedef int (*OSSL_STORE_error_fn)(OSSL_STORE_LOADER_CTX *ctx); +int OSSL_STORE_LOADER_set_error(OSSL_STORE_LOADER *loader, + OSSL_STORE_error_fn error_function); +typedef int (*OSSL_STORE_close_fn)(OSSL_STORE_LOADER_CTX *ctx); +int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *loader, + OSSL_STORE_close_fn close_function); +void OSSL_STORE_LOADER_free(OSSL_STORE_LOADER *loader); + +int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader); +OSSL_STORE_LOADER *OSSL_STORE_unregister_loader(const char *scheme); + +/*- + * Functions to list STORE loaders + * ------------------------------- + */ +int OSSL_STORE_do_all_loaders(void (*do_function) (const OSSL_STORE_LOADER + *loader, void *do_arg), + void *do_arg); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/linux_amd64/include/openssl/storeerr.h b/linux_amd64/include/openssl/storeerr.h new file mode 100644 index 0000000..cb7304d --- /dev/null +++ b/linux_amd64/include/openssl/storeerr.h @@ -0,0 +1,99 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_STOREERR_H +# define OPENSSL_STOREERR_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_OSSL_STOREERR_H +# endif + +# include +# include + + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_OSSL_STORE_strings(void); + +/* + * OSSL_STORE function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define OSSL_STORE_F_FILE_CTRL 0 +# define OSSL_STORE_F_FILE_FIND 0 +# define OSSL_STORE_F_FILE_GET_PASS 0 +# define OSSL_STORE_F_FILE_LOAD 0 +# define OSSL_STORE_F_FILE_LOAD_TRY_DECODE 0 +# define OSSL_STORE_F_FILE_NAME_TO_URI 0 +# define OSSL_STORE_F_FILE_OPEN 0 +# define OSSL_STORE_F_OSSL_STORE_ATTACH_PEM_BIO 0 +# define OSSL_STORE_F_OSSL_STORE_EXPECT 0 +# define OSSL_STORE_F_OSSL_STORE_FILE_ATTACH_PEM_BIO_INT 0 +# define OSSL_STORE_F_OSSL_STORE_FIND 0 +# define OSSL_STORE_F_OSSL_STORE_GET0_LOADER_INT 0 +# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_CERT 0 +# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_CRL 0 +# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME 0 +# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME_DESCRIPTION 0 +# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_PARAMS 0 +# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_PKEY 0 +# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_CERT 0 +# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_CRL 0 +# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_EMBEDDED 0 +# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_NAME 0 +# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_PARAMS 0 +# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_PKEY 0 +# define OSSL_STORE_F_OSSL_STORE_INFO_SET0_NAME_DESCRIPTION 0 +# define OSSL_STORE_F_OSSL_STORE_INIT_ONCE 0 +# define OSSL_STORE_F_OSSL_STORE_LOADER_NEW 0 +# define OSSL_STORE_F_OSSL_STORE_OPEN 0 +# define OSSL_STORE_F_OSSL_STORE_OPEN_INT 0 +# define OSSL_STORE_F_OSSL_STORE_REGISTER_LOADER_INT 0 +# define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ALIAS 0 +# define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ISSUER_SERIAL 0 +# define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT 0 +# define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_NAME 0 +# define OSSL_STORE_F_OSSL_STORE_UNREGISTER_LOADER_INT 0 +# define OSSL_STORE_F_TRY_DECODE_PARAMS 0 +# define OSSL_STORE_F_TRY_DECODE_PKCS12 0 +# define OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED 0 +# endif + +/* + * OSSL_STORE reason codes. + */ +# define OSSL_STORE_R_AMBIGUOUS_CONTENT_TYPE 107 +# define OSSL_STORE_R_BAD_PASSWORD_READ 115 +# define OSSL_STORE_R_ERROR_VERIFYING_PKCS12_MAC 113 +# define OSSL_STORE_R_FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST 121 +# define OSSL_STORE_R_INVALID_SCHEME 106 +# define OSSL_STORE_R_IS_NOT_A 112 +# define OSSL_STORE_R_LOADER_INCOMPLETE 116 +# define OSSL_STORE_R_LOADING_STARTED 117 +# define OSSL_STORE_R_NOT_A_CERTIFICATE 100 +# define OSSL_STORE_R_NOT_A_CRL 101 +# define OSSL_STORE_R_NOT_A_KEY 102 +# define OSSL_STORE_R_NOT_A_NAME 103 +# define OSSL_STORE_R_NOT_PARAMETERS 104 +# define OSSL_STORE_R_PASSPHRASE_CALLBACK_ERROR 114 +# define OSSL_STORE_R_PATH_MUST_BE_ABSOLUTE 108 +# define OSSL_STORE_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES 119 +# define OSSL_STORE_R_UI_PROCESS_INTERRUPTED_OR_CANCELLED 109 +# define OSSL_STORE_R_UNREGISTERED_SCHEME 105 +# define OSSL_STORE_R_UNSUPPORTED_CONTENT_TYPE 110 +# define OSSL_STORE_R_UNSUPPORTED_OPERATION 118 +# define OSSL_STORE_R_UNSUPPORTED_SEARCH_TYPE 120 +# define OSSL_STORE_R_URI_AUTHORITY_UNSUPPORTED 111 + +#endif diff --git a/linux_amd64/include/openssl/symhacks.h b/linux_amd64/include/openssl/symhacks.h new file mode 100644 index 0000000..d3eacc2 --- /dev/null +++ b/linux_amd64/include/openssl/symhacks.h @@ -0,0 +1,43 @@ +/* + * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_SYMHACKS_H +# define OPENSSL_SYMHACKS_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_SYMHACKS_H +# endif + +# include + +/* Case insensitive linking causes problems.... */ +# if defined(OPENSSL_SYS_VMS) +# undef ERR_load_CRYPTO_strings +# define ERR_load_CRYPTO_strings ERR_load_CRYPTOlib_strings +# undef OCSP_crlID_new +# define OCSP_crlID_new OCSP_crlID2_new + +# undef d2i_ECPARAMETERS +# define d2i_ECPARAMETERS d2i_UC_ECPARAMETERS +# undef i2d_ECPARAMETERS +# define i2d_ECPARAMETERS i2d_UC_ECPARAMETERS +# undef d2i_ECPKPARAMETERS +# define d2i_ECPKPARAMETERS d2i_UC_ECPKPARAMETERS +# undef i2d_ECPKPARAMETERS +# define i2d_ECPKPARAMETERS i2d_UC_ECPKPARAMETERS + +/* This one clashes with CMS_data_create */ +# undef cms_Data_create +# define cms_Data_create priv_cms_Data_create + +# endif + +#endif /* ! defined HEADER_VMS_IDHACKS_H */ diff --git a/linux_amd64/include/openssl/tls1.h b/linux_amd64/include/openssl/tls1.h new file mode 100644 index 0000000..9181e0d --- /dev/null +++ b/linux_amd64/include/openssl/tls1.h @@ -0,0 +1,1218 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * Copyright 2005 Nokia. All rights reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_TLS1_H +# define OPENSSL_TLS1_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_TLS1_H +# endif + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* Default security level if not overridden at config time */ +# ifndef OPENSSL_TLS_SECURITY_LEVEL +# define OPENSSL_TLS_SECURITY_LEVEL 1 +# endif + +# define TLS1_VERSION 0x0301 +# define TLS1_1_VERSION 0x0302 +# define TLS1_2_VERSION 0x0303 +# define TLS1_3_VERSION 0x0304 +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define TLS_MAX_VERSION TLS1_3_VERSION +# endif + +/* Special value for method supporting multiple versions */ +# define TLS_ANY_VERSION 0x10000 + +# define TLS1_VERSION_MAJOR 0x03 +# define TLS1_VERSION_MINOR 0x01 + +# define TLS1_1_VERSION_MAJOR 0x03 +# define TLS1_1_VERSION_MINOR 0x02 + +# define TLS1_2_VERSION_MAJOR 0x03 +# define TLS1_2_VERSION_MINOR 0x03 + +# define TLS1_get_version(s) \ + ((SSL_version(s) >> 8) == TLS1_VERSION_MAJOR ? SSL_version(s) : 0) + +# define TLS1_get_client_version(s) \ + ((SSL_client_version(s) >> 8) == TLS1_VERSION_MAJOR ? SSL_client_version(s) : 0) + +# define TLS1_AD_DECRYPTION_FAILED 21 +# define TLS1_AD_RECORD_OVERFLOW 22 +# define TLS1_AD_UNKNOWN_CA 48/* fatal */ +# define TLS1_AD_ACCESS_DENIED 49/* fatal */ +# define TLS1_AD_DECODE_ERROR 50/* fatal */ +# define TLS1_AD_DECRYPT_ERROR 51 +# define TLS1_AD_EXPORT_RESTRICTION 60/* fatal */ +# define TLS1_AD_PROTOCOL_VERSION 70/* fatal */ +# define TLS1_AD_INSUFFICIENT_SECURITY 71/* fatal */ +# define TLS1_AD_INTERNAL_ERROR 80/* fatal */ +# define TLS1_AD_INAPPROPRIATE_FALLBACK 86/* fatal */ +# define TLS1_AD_USER_CANCELLED 90 +# define TLS1_AD_NO_RENEGOTIATION 100 +/* TLSv1.3 alerts */ +# define TLS13_AD_MISSING_EXTENSION 109 /* fatal */ +# define TLS13_AD_CERTIFICATE_REQUIRED 116 /* fatal */ +/* codes 110-114 are from RFC3546 */ +# define TLS1_AD_UNSUPPORTED_EXTENSION 110 +# define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111 +# define TLS1_AD_UNRECOGNIZED_NAME 112 +# define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113 +# define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114 +# define TLS1_AD_UNKNOWN_PSK_IDENTITY 115/* fatal */ +# define TLS1_AD_NO_APPLICATION_PROTOCOL 120 /* fatal */ + +/* ExtensionType values from RFC3546 / RFC4366 / RFC6066 */ +# define TLSEXT_TYPE_server_name 0 +# define TLSEXT_TYPE_max_fragment_length 1 +# define TLSEXT_TYPE_client_certificate_url 2 +# define TLSEXT_TYPE_trusted_ca_keys 3 +# define TLSEXT_TYPE_truncated_hmac 4 +# define TLSEXT_TYPE_status_request 5 +/* ExtensionType values from RFC4681 */ +# define TLSEXT_TYPE_user_mapping 6 +/* ExtensionType values from RFC5878 */ +# define TLSEXT_TYPE_client_authz 7 +# define TLSEXT_TYPE_server_authz 8 +/* ExtensionType values from RFC6091 */ +# define TLSEXT_TYPE_cert_type 9 + +/* ExtensionType values from RFC4492 */ +/* + * Prior to TLSv1.3 the supported_groups extension was known as + * elliptic_curves + */ +# define TLSEXT_TYPE_supported_groups 10 +# define TLSEXT_TYPE_elliptic_curves TLSEXT_TYPE_supported_groups +# define TLSEXT_TYPE_ec_point_formats 11 + + +/* ExtensionType value from RFC5054 */ +# define TLSEXT_TYPE_srp 12 + +/* ExtensionType values from RFC5246 */ +# define TLSEXT_TYPE_signature_algorithms 13 + +/* ExtensionType value from RFC5764 */ +# define TLSEXT_TYPE_use_srtp 14 + +/* ExtensionType value from RFC7301 */ +# define TLSEXT_TYPE_application_layer_protocol_negotiation 16 + +/* + * Extension type for Certificate Transparency + * https://tools.ietf.org/html/rfc6962#section-3.3.1 + */ +# define TLSEXT_TYPE_signed_certificate_timestamp 18 + +/* + * ExtensionType value for TLS padding extension. + * http://tools.ietf.org/html/draft-agl-tls-padding + */ +# define TLSEXT_TYPE_padding 21 + +/* ExtensionType value from RFC7366 */ +# define TLSEXT_TYPE_encrypt_then_mac 22 + +/* ExtensionType value from RFC7627 */ +# define TLSEXT_TYPE_extended_master_secret 23 + +/* ExtensionType value from RFC4507 */ +# define TLSEXT_TYPE_session_ticket 35 + +/* As defined for TLS1.3 */ +# define TLSEXT_TYPE_psk 41 +# define TLSEXT_TYPE_early_data 42 +# define TLSEXT_TYPE_supported_versions 43 +# define TLSEXT_TYPE_cookie 44 +# define TLSEXT_TYPE_psk_kex_modes 45 +# define TLSEXT_TYPE_certificate_authorities 47 +# define TLSEXT_TYPE_post_handshake_auth 49 +# define TLSEXT_TYPE_signature_algorithms_cert 50 +# define TLSEXT_TYPE_key_share 51 + +/* Temporary extension type */ +# define TLSEXT_TYPE_renegotiate 0xff01 + +# ifndef OPENSSL_NO_NEXTPROTONEG +/* This is not an IANA defined extension number */ +# define TLSEXT_TYPE_next_proto_neg 13172 +# endif + +/* NameType value from RFC3546 */ +# define TLSEXT_NAMETYPE_host_name 0 +/* status request value from RFC3546 */ +# define TLSEXT_STATUSTYPE_ocsp 1 + +/* ECPointFormat values from RFC4492 */ +# define TLSEXT_ECPOINTFORMAT_first 0 +# define TLSEXT_ECPOINTFORMAT_uncompressed 0 +# define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime 1 +# define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 2 +# define TLSEXT_ECPOINTFORMAT_last 2 + +/* Signature and hash algorithms from RFC5246 */ +# define TLSEXT_signature_anonymous 0 +# define TLSEXT_signature_rsa 1 +# define TLSEXT_signature_dsa 2 +# define TLSEXT_signature_ecdsa 3 +# define TLSEXT_signature_gostr34102001 237 +# define TLSEXT_signature_gostr34102012_256 238 +# define TLSEXT_signature_gostr34102012_512 239 + +/* Total number of different signature algorithms */ +# define TLSEXT_signature_num 7 + +# define TLSEXT_hash_none 0 +# define TLSEXT_hash_md5 1 +# define TLSEXT_hash_sha1 2 +# define TLSEXT_hash_sha224 3 +# define TLSEXT_hash_sha256 4 +# define TLSEXT_hash_sha384 5 +# define TLSEXT_hash_sha512 6 +# define TLSEXT_hash_gostr3411 237 +# define TLSEXT_hash_gostr34112012_256 238 +# define TLSEXT_hash_gostr34112012_512 239 + +/* Total number of different digest algorithms */ + +# define TLSEXT_hash_num 10 + +/* Flag set for unrecognised algorithms */ +# define TLSEXT_nid_unknown 0x1000000 + +/* ECC curves */ + +# define TLSEXT_curve_P_256 23 +# define TLSEXT_curve_P_384 24 + +/* OpenSSL value to disable maximum fragment length extension */ +# define TLSEXT_max_fragment_length_DISABLED 0 +/* Allowed values for max fragment length extension */ +# define TLSEXT_max_fragment_length_512 1 +# define TLSEXT_max_fragment_length_1024 2 +# define TLSEXT_max_fragment_length_2048 3 +# define TLSEXT_max_fragment_length_4096 4 + +int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode); +int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode); + +# define TLSEXT_MAXLEN_host_name 255 + +__owur const char *SSL_get_servername(const SSL *s, const int type); +__owur int SSL_get_servername_type(const SSL *s); +/* + * SSL_export_keying_material exports a value derived from the master secret, + * as specified in RFC 5705. It writes |olen| bytes to |out| given a label and + * optional context. (Since a zero length context is allowed, the |use_context| + * flag controls whether a context is included.) It returns 1 on success and + * 0 or -1 otherwise. + */ +__owur int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, + const char *label, size_t llen, + const unsigned char *context, + size_t contextlen, int use_context); + +/* + * SSL_export_keying_material_early exports a value derived from the + * early exporter master secret, as specified in + * https://tools.ietf.org/html/draft-ietf-tls-tls13-23. It writes + * |olen| bytes to |out| given a label and optional context. It + * returns 1 on success and 0 otherwise. + */ +__owur int SSL_export_keying_material_early(SSL *s, unsigned char *out, + size_t olen, const char *label, + size_t llen, + const unsigned char *context, + size_t contextlen); + +int SSL_get_peer_signature_type_nid(const SSL *s, int *pnid); +int SSL_get_signature_type_nid(const SSL *s, int *pnid); + +int SSL_get_sigalgs(SSL *s, int idx, + int *psign, int *phash, int *psignandhash, + unsigned char *rsig, unsigned char *rhash); + +int SSL_get_shared_sigalgs(SSL *s, int idx, + int *psign, int *phash, int *psignandhash, + unsigned char *rsig, unsigned char *rhash); + +__owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain); + +# define SSL_set_tlsext_host_name(s,name) \ + SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,\ + (void *)name) + +# define SSL_set_tlsext_debug_callback(ssl, cb) \ + SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,\ + (void (*)(void))cb) + +# define SSL_set_tlsext_debug_arg(ssl, arg) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0,arg) + +# define SSL_get_tlsext_status_type(ssl) \ + SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE,0,NULL) + +# define SSL_set_tlsext_status_type(ssl, type) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type,NULL) + +# define SSL_get_tlsext_status_exts(ssl, arg) \ + SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS,0,arg) + +# define SSL_set_tlsext_status_exts(ssl, arg) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS,0,arg) + +# define SSL_get_tlsext_status_ids(ssl, arg) \ + SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS,0,arg) + +# define SSL_set_tlsext_status_ids(ssl, arg) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS,0,arg) + +# define SSL_get_tlsext_status_ocsp_resp(ssl, arg) \ + SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP,0,arg) + +# define SSL_set_tlsext_status_ocsp_resp(ssl, arg, arglen) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,arglen,arg) + +# define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \ + SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,\ + (void (*)(void))cb) + +# define SSL_TLSEXT_ERR_OK 0 +# define SSL_TLSEXT_ERR_ALERT_WARNING 1 +# define SSL_TLSEXT_ERR_ALERT_FATAL 2 +# define SSL_TLSEXT_ERR_NOACK 3 + +# define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0,arg) + +# define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_TLSEXT_TICKET_KEYS,keylen,keys) +# define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_TICKET_KEYS,keylen,keys) + +# define SSL_CTX_get_tlsext_status_cb(ssl, cb) \ + SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB,0,(void *)cb) +# define SSL_CTX_set_tlsext_status_cb(ssl, cb) \ + SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,\ + (void (*)(void))cb) + +# define SSL_CTX_get_tlsext_status_arg(ssl, arg) \ + SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG,0,arg) +# define SSL_CTX_set_tlsext_status_arg(ssl, arg) \ + SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0,arg) + +# define SSL_CTX_set_tlsext_status_type(ssl, type) \ + SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type,NULL) + +# define SSL_CTX_get_tlsext_status_type(ssl) \ + SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE,0,NULL) + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \ + SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,\ + (void (*)(void))cb) +# endif +int SSL_CTX_set_tlsext_ticket_key_evp_cb + (SSL_CTX *ctx, int (*fp)(SSL *, unsigned char *, unsigned char *, + EVP_CIPHER_CTX *, EVP_MAC_CTX *, int)); + +/* PSK ciphersuites from 4279 */ +# define TLS1_CK_PSK_WITH_RC4_128_SHA 0x0300008A +# define TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA 0x0300008B +# define TLS1_CK_PSK_WITH_AES_128_CBC_SHA 0x0300008C +# define TLS1_CK_PSK_WITH_AES_256_CBC_SHA 0x0300008D +# define TLS1_CK_DHE_PSK_WITH_RC4_128_SHA 0x0300008E +# define TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA 0x0300008F +# define TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA 0x03000090 +# define TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA 0x03000091 +# define TLS1_CK_RSA_PSK_WITH_RC4_128_SHA 0x03000092 +# define TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA 0x03000093 +# define TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA 0x03000094 +# define TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA 0x03000095 + +/* PSK ciphersuites from 5487 */ +# define TLS1_CK_PSK_WITH_AES_128_GCM_SHA256 0x030000A8 +# define TLS1_CK_PSK_WITH_AES_256_GCM_SHA384 0x030000A9 +# define TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256 0x030000AA +# define TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384 0x030000AB +# define TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256 0x030000AC +# define TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384 0x030000AD +# define TLS1_CK_PSK_WITH_AES_128_CBC_SHA256 0x030000AE +# define TLS1_CK_PSK_WITH_AES_256_CBC_SHA384 0x030000AF +# define TLS1_CK_PSK_WITH_NULL_SHA256 0x030000B0 +# define TLS1_CK_PSK_WITH_NULL_SHA384 0x030000B1 +# define TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256 0x030000B2 +# define TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384 0x030000B3 +# define TLS1_CK_DHE_PSK_WITH_NULL_SHA256 0x030000B4 +# define TLS1_CK_DHE_PSK_WITH_NULL_SHA384 0x030000B5 +# define TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256 0x030000B6 +# define TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384 0x030000B7 +# define TLS1_CK_RSA_PSK_WITH_NULL_SHA256 0x030000B8 +# define TLS1_CK_RSA_PSK_WITH_NULL_SHA384 0x030000B9 + +/* NULL PSK ciphersuites from RFC4785 */ +# define TLS1_CK_PSK_WITH_NULL_SHA 0x0300002C +# define TLS1_CK_DHE_PSK_WITH_NULL_SHA 0x0300002D +# define TLS1_CK_RSA_PSK_WITH_NULL_SHA 0x0300002E + +/* AES ciphersuites from RFC3268 */ +# define TLS1_CK_RSA_WITH_AES_128_SHA 0x0300002F +# define TLS1_CK_DH_DSS_WITH_AES_128_SHA 0x03000030 +# define TLS1_CK_DH_RSA_WITH_AES_128_SHA 0x03000031 +# define TLS1_CK_DHE_DSS_WITH_AES_128_SHA 0x03000032 +# define TLS1_CK_DHE_RSA_WITH_AES_128_SHA 0x03000033 +# define TLS1_CK_ADH_WITH_AES_128_SHA 0x03000034 +# define TLS1_CK_RSA_WITH_AES_256_SHA 0x03000035 +# define TLS1_CK_DH_DSS_WITH_AES_256_SHA 0x03000036 +# define TLS1_CK_DH_RSA_WITH_AES_256_SHA 0x03000037 +# define TLS1_CK_DHE_DSS_WITH_AES_256_SHA 0x03000038 +# define TLS1_CK_DHE_RSA_WITH_AES_256_SHA 0x03000039 +# define TLS1_CK_ADH_WITH_AES_256_SHA 0x0300003A + +/* TLS v1.2 ciphersuites */ +# define TLS1_CK_RSA_WITH_NULL_SHA256 0x0300003B +# define TLS1_CK_RSA_WITH_AES_128_SHA256 0x0300003C +# define TLS1_CK_RSA_WITH_AES_256_SHA256 0x0300003D +# define TLS1_CK_DH_DSS_WITH_AES_128_SHA256 0x0300003E +# define TLS1_CK_DH_RSA_WITH_AES_128_SHA256 0x0300003F +# define TLS1_CK_DHE_DSS_WITH_AES_128_SHA256 0x03000040 + +/* Camellia ciphersuites from RFC4132 */ +# define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000041 +# define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000042 +# define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000043 +# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000044 +# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000045 +# define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA 0x03000046 + +/* TLS v1.2 ciphersuites */ +# define TLS1_CK_DHE_RSA_WITH_AES_128_SHA256 0x03000067 +# define TLS1_CK_DH_DSS_WITH_AES_256_SHA256 0x03000068 +# define TLS1_CK_DH_RSA_WITH_AES_256_SHA256 0x03000069 +# define TLS1_CK_DHE_DSS_WITH_AES_256_SHA256 0x0300006A +# define TLS1_CK_DHE_RSA_WITH_AES_256_SHA256 0x0300006B +# define TLS1_CK_ADH_WITH_AES_128_SHA256 0x0300006C +# define TLS1_CK_ADH_WITH_AES_256_SHA256 0x0300006D + +/* Camellia ciphersuites from RFC4132 */ +# define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000084 +# define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000085 +# define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000086 +# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000087 +# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000088 +# define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA 0x03000089 + +/* SEED ciphersuites from RFC4162 */ +# define TLS1_CK_RSA_WITH_SEED_SHA 0x03000096 +# define TLS1_CK_DH_DSS_WITH_SEED_SHA 0x03000097 +# define TLS1_CK_DH_RSA_WITH_SEED_SHA 0x03000098 +# define TLS1_CK_DHE_DSS_WITH_SEED_SHA 0x03000099 +# define TLS1_CK_DHE_RSA_WITH_SEED_SHA 0x0300009A +# define TLS1_CK_ADH_WITH_SEED_SHA 0x0300009B + +/* TLS v1.2 GCM ciphersuites from RFC5288 */ +# define TLS1_CK_RSA_WITH_AES_128_GCM_SHA256 0x0300009C +# define TLS1_CK_RSA_WITH_AES_256_GCM_SHA384 0x0300009D +# define TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256 0x0300009E +# define TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384 0x0300009F +# define TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256 0x030000A0 +# define TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384 0x030000A1 +# define TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256 0x030000A2 +# define TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384 0x030000A3 +# define TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256 0x030000A4 +# define TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384 0x030000A5 +# define TLS1_CK_ADH_WITH_AES_128_GCM_SHA256 0x030000A6 +# define TLS1_CK_ADH_WITH_AES_256_GCM_SHA384 0x030000A7 + +/* CCM ciphersuites from RFC6655 */ +# define TLS1_CK_RSA_WITH_AES_128_CCM 0x0300C09C +# define TLS1_CK_RSA_WITH_AES_256_CCM 0x0300C09D +# define TLS1_CK_DHE_RSA_WITH_AES_128_CCM 0x0300C09E +# define TLS1_CK_DHE_RSA_WITH_AES_256_CCM 0x0300C09F +# define TLS1_CK_RSA_WITH_AES_128_CCM_8 0x0300C0A0 +# define TLS1_CK_RSA_WITH_AES_256_CCM_8 0x0300C0A1 +# define TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8 0x0300C0A2 +# define TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8 0x0300C0A3 +# define TLS1_CK_PSK_WITH_AES_128_CCM 0x0300C0A4 +# define TLS1_CK_PSK_WITH_AES_256_CCM 0x0300C0A5 +# define TLS1_CK_DHE_PSK_WITH_AES_128_CCM 0x0300C0A6 +# define TLS1_CK_DHE_PSK_WITH_AES_256_CCM 0x0300C0A7 +# define TLS1_CK_PSK_WITH_AES_128_CCM_8 0x0300C0A8 +# define TLS1_CK_PSK_WITH_AES_256_CCM_8 0x0300C0A9 +# define TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8 0x0300C0AA +# define TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8 0x0300C0AB + +/* CCM ciphersuites from RFC7251 */ +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM 0x0300C0AC +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM 0x0300C0AD +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8 0x0300C0AE +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8 0x0300C0AF + +/* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */ +# define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BA +# define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 0x030000BB +# define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BC +# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 0x030000BD +# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BE +# define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256 0x030000BF + +# define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x030000C0 +# define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 0x030000C1 +# define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x030000C2 +# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 0x030000C3 +# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x030000C4 +# define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256 0x030000C5 + +/* ECC ciphersuites from RFC4492 */ +# define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001 +# define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002 +# define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C003 +# define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0x0300C004 +# define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0x0300C005 + +# define TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA 0x0300C006 +# define TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA 0x0300C007 +# define TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C008 +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0x0300C009 +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0x0300C00A + +# define TLS1_CK_ECDH_RSA_WITH_NULL_SHA 0x0300C00B +# define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA 0x0300C00C +# define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA 0x0300C00D +# define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA 0x0300C00E +# define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA 0x0300C00F + +# define TLS1_CK_ECDHE_RSA_WITH_NULL_SHA 0x0300C010 +# define TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA 0x0300C011 +# define TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA 0x0300C012 +# define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA 0x0300C013 +# define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA 0x0300C014 + +# define TLS1_CK_ECDH_anon_WITH_NULL_SHA 0x0300C015 +# define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA 0x0300C016 +# define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA 0x0300C017 +# define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA 0x0300C018 +# define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA 0x0300C019 + +/* SRP ciphersuites from RFC 5054 */ +# define TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA 0x0300C01A +# define TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA 0x0300C01B +# define TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA 0x0300C01C +# define TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA 0x0300C01D +# define TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA 0x0300C01E +# define TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA 0x0300C01F +# define TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA 0x0300C020 +# define TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA 0x0300C021 +# define TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA 0x0300C022 + +/* ECDH HMAC based ciphersuites from RFC5289 */ +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256 0x0300C023 +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384 0x0300C024 +# define TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256 0x0300C025 +# define TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384 0x0300C026 +# define TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256 0x0300C027 +# define TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384 0x0300C028 +# define TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256 0x0300C029 +# define TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384 0x0300C02A + +/* ECDH GCM based ciphersuites from RFC5289 */ +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02B +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02C +# define TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02D +# define TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02E +# define TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0x0300C02F +# define TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0x0300C030 +# define TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256 0x0300C031 +# define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384 0x0300C032 + +/* ECDHE PSK ciphersuites from RFC5489 */ +# define TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA 0x0300C033 +# define TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 0x0300C034 +# define TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA 0x0300C035 +# define TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA 0x0300C036 + +# define TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256 0x0300C037 +# define TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384 0x0300C038 + +/* NULL PSK ciphersuites from RFC4785 */ +# define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA 0x0300C039 +# define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256 0x0300C03A +# define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384 0x0300C03B + +/* Camellia-CBC ciphersuites from RFC6367 */ +# define TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C072 +# define TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C073 +# define TLS1_CK_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C074 +# define TLS1_CK_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C075 +# define TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C076 +# define TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C077 +# define TLS1_CK_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C078 +# define TLS1_CK_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C079 + +# define TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C094 +# define TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C095 +# define TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C096 +# define TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C097 +# define TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C098 +# define TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C099 +# define TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C09A +# define TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C09B + +/* draft-ietf-tls-chacha20-poly1305-03 */ +# define TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305 0x0300CCA8 +# define TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 0x0300CCA9 +# define TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305 0x0300CCAA +# define TLS1_CK_PSK_WITH_CHACHA20_POLY1305 0x0300CCAB +# define TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305 0x0300CCAC +# define TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305 0x0300CCAD +# define TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305 0x0300CCAE + +/* TLS v1.3 ciphersuites */ +# define TLS1_3_CK_AES_128_GCM_SHA256 0x03001301 +# define TLS1_3_CK_AES_256_GCM_SHA384 0x03001302 +# define TLS1_3_CK_CHACHA20_POLY1305_SHA256 0x03001303 +# define TLS1_3_CK_AES_128_CCM_SHA256 0x03001304 +# define TLS1_3_CK_AES_128_CCM_8_SHA256 0x03001305 + +/* Aria ciphersuites from RFC6209 */ +# define TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C050 +# define TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C051 +# define TLS1_CK_DHE_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C052 +# define TLS1_CK_DHE_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C053 +# define TLS1_CK_DH_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C054 +# define TLS1_CK_DH_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C055 +# define TLS1_CK_DHE_DSS_WITH_ARIA_128_GCM_SHA256 0x0300C056 +# define TLS1_CK_DHE_DSS_WITH_ARIA_256_GCM_SHA384 0x0300C057 +# define TLS1_CK_DH_DSS_WITH_ARIA_128_GCM_SHA256 0x0300C058 +# define TLS1_CK_DH_DSS_WITH_ARIA_256_GCM_SHA384 0x0300C059 +# define TLS1_CK_DH_anon_WITH_ARIA_128_GCM_SHA256 0x0300C05A +# define TLS1_CK_DH_anon_WITH_ARIA_256_GCM_SHA384 0x0300C05B +# define TLS1_CK_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 0x0300C05C +# define TLS1_CK_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 0x0300C05D +# define TLS1_CK_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 0x0300C05E +# define TLS1_CK_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 0x0300C05F +# define TLS1_CK_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C060 +# define TLS1_CK_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C061 +# define TLS1_CK_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C062 +# define TLS1_CK_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C063 +# define TLS1_CK_PSK_WITH_ARIA_128_GCM_SHA256 0x0300C06A +# define TLS1_CK_PSK_WITH_ARIA_256_GCM_SHA384 0x0300C06B +# define TLS1_CK_DHE_PSK_WITH_ARIA_128_GCM_SHA256 0x0300C06C +# define TLS1_CK_DHE_PSK_WITH_ARIA_256_GCM_SHA384 0x0300C06D +# define TLS1_CK_RSA_PSK_WITH_ARIA_128_GCM_SHA256 0x0300C06E +# define TLS1_CK_RSA_PSK_WITH_ARIA_256_GCM_SHA384 0x0300C06F + +/* a bundle of RFC standard cipher names, generated from ssl3_ciphers[] */ +# define TLS1_RFC_RSA_WITH_AES_128_SHA "TLS_RSA_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_DHE_DSS_WITH_AES_128_SHA "TLS_DHE_DSS_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_DHE_RSA_WITH_AES_128_SHA "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_ADH_WITH_AES_128_SHA "TLS_DH_anon_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_RSA_WITH_AES_256_SHA "TLS_RSA_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_DHE_DSS_WITH_AES_256_SHA "TLS_DHE_DSS_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_DHE_RSA_WITH_AES_256_SHA "TLS_DHE_RSA_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_ADH_WITH_AES_256_SHA "TLS_DH_anon_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_RSA_WITH_NULL_SHA256 "TLS_RSA_WITH_NULL_SHA256" +# define TLS1_RFC_RSA_WITH_AES_128_SHA256 "TLS_RSA_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_RSA_WITH_AES_256_SHA256 "TLS_RSA_WITH_AES_256_CBC_SHA256" +# define TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256 "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256 "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256" +# define TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" +# define TLS1_RFC_ADH_WITH_AES_128_SHA256 "TLS_DH_anon_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_ADH_WITH_AES_256_SHA256 "TLS_DH_anon_WITH_AES_256_CBC_SHA256" +# define TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256 "TLS_RSA_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384 "TLS_RSA_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256 "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384 "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256 "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384 "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256 "TLS_DH_anon_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384 "TLS_DH_anon_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_RSA_WITH_AES_128_CCM "TLS_RSA_WITH_AES_128_CCM" +# define TLS1_RFC_RSA_WITH_AES_256_CCM "TLS_RSA_WITH_AES_256_CCM" +# define TLS1_RFC_DHE_RSA_WITH_AES_128_CCM "TLS_DHE_RSA_WITH_AES_128_CCM" +# define TLS1_RFC_DHE_RSA_WITH_AES_256_CCM "TLS_DHE_RSA_WITH_AES_256_CCM" +# define TLS1_RFC_RSA_WITH_AES_128_CCM_8 "TLS_RSA_WITH_AES_128_CCM_8" +# define TLS1_RFC_RSA_WITH_AES_256_CCM_8 "TLS_RSA_WITH_AES_256_CCM_8" +# define TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8 "TLS_DHE_RSA_WITH_AES_128_CCM_8" +# define TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8 "TLS_DHE_RSA_WITH_AES_256_CCM_8" +# define TLS1_RFC_PSK_WITH_AES_128_CCM "TLS_PSK_WITH_AES_128_CCM" +# define TLS1_RFC_PSK_WITH_AES_256_CCM "TLS_PSK_WITH_AES_256_CCM" +# define TLS1_RFC_DHE_PSK_WITH_AES_128_CCM "TLS_DHE_PSK_WITH_AES_128_CCM" +# define TLS1_RFC_DHE_PSK_WITH_AES_256_CCM "TLS_DHE_PSK_WITH_AES_256_CCM" +# define TLS1_RFC_PSK_WITH_AES_128_CCM_8 "TLS_PSK_WITH_AES_128_CCM_8" +# define TLS1_RFC_PSK_WITH_AES_256_CCM_8 "TLS_PSK_WITH_AES_256_CCM_8" +# define TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8 "TLS_PSK_DHE_WITH_AES_128_CCM_8" +# define TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8 "TLS_PSK_DHE_WITH_AES_256_CCM_8" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM "TLS_ECDHE_ECDSA_WITH_AES_128_CCM" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM "TLS_ECDHE_ECDSA_WITH_AES_256_CCM" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8 "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8 "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8" +# define TLS1_3_RFC_AES_128_GCM_SHA256 "TLS_AES_128_GCM_SHA256" +# define TLS1_3_RFC_AES_256_GCM_SHA384 "TLS_AES_256_GCM_SHA384" +# define TLS1_3_RFC_CHACHA20_POLY1305_SHA256 "TLS_CHACHA20_POLY1305_SHA256" +# define TLS1_3_RFC_AES_128_CCM_SHA256 "TLS_AES_128_CCM_SHA256" +# define TLS1_3_RFC_AES_128_CCM_8_SHA256 "TLS_AES_128_CCM_8_SHA256" +# define TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA "TLS_ECDHE_ECDSA_WITH_NULL_SHA" +# define TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA "TLS_ECDHE_RSA_WITH_NULL_SHA" +# define TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_ECDH_anon_WITH_NULL_SHA "TLS_ECDH_anon_WITH_NULL_SHA" +# define TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA "TLS_ECDH_anon_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA "TLS_ECDH_anon_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384" +# define TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384 "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_PSK_WITH_NULL_SHA "TLS_PSK_WITH_NULL_SHA" +# define TLS1_RFC_DHE_PSK_WITH_NULL_SHA "TLS_DHE_PSK_WITH_NULL_SHA" +# define TLS1_RFC_RSA_PSK_WITH_NULL_SHA "TLS_RSA_PSK_WITH_NULL_SHA" +# define TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA "TLS_PSK_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_PSK_WITH_AES_128_CBC_SHA "TLS_PSK_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_PSK_WITH_AES_256_CBC_SHA "TLS_PSK_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA "TLS_DHE_PSK_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA "TLS_DHE_PSK_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA "TLS_RSA_PSK_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA "TLS_RSA_PSK_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256 "TLS_PSK_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384 "TLS_PSK_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256 "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384 "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256 "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384 "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256 "TLS_PSK_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384 "TLS_PSK_WITH_AES_256_CBC_SHA384" +# define TLS1_RFC_PSK_WITH_NULL_SHA256 "TLS_PSK_WITH_NULL_SHA256" +# define TLS1_RFC_PSK_WITH_NULL_SHA384 "TLS_PSK_WITH_NULL_SHA384" +# define TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256 "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384 "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384" +# define TLS1_RFC_DHE_PSK_WITH_NULL_SHA256 "TLS_DHE_PSK_WITH_NULL_SHA256" +# define TLS1_RFC_DHE_PSK_WITH_NULL_SHA384 "TLS_DHE_PSK_WITH_NULL_SHA384" +# define TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256 "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384 "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384" +# define TLS1_RFC_RSA_PSK_WITH_NULL_SHA256 "TLS_RSA_PSK_WITH_NULL_SHA256" +# define TLS1_RFC_RSA_PSK_WITH_NULL_SHA384 "TLS_RSA_PSK_WITH_NULL_SHA384" +# define TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256 "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384 "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384" +# define TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA "TLS_ECDHE_PSK_WITH_NULL_SHA" +# define TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256 "TLS_ECDHE_PSK_WITH_NULL_SHA256" +# define TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384 "TLS_ECDHE_PSK_WITH_NULL_SHA384" +# define TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA "TLS_SRP_SHA_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA "TLS_SRP_SHA_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305 "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256" +# define TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" +# define TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" +# define TLS1_RFC_PSK_WITH_CHACHA20_POLY1305 "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256" +# define TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305 "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256" +# define TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305 "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256" +# define TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305 "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256" +# define TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256 "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256 "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256 "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256" +# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256" +# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256" +# define TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256 "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256" +# define TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA" +# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA" +# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA" +# define TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA" +# define TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA" +# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA" +# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA" +# define TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA" +# define TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384" +# define TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384" +# define TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256 "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384 "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384" +# define TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384" +# define TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384" +# define TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384" +# define TLS1_RFC_RSA_WITH_SEED_SHA "TLS_RSA_WITH_SEED_CBC_SHA" +# define TLS1_RFC_DHE_DSS_WITH_SEED_SHA "TLS_DHE_DSS_WITH_SEED_CBC_SHA" +# define TLS1_RFC_DHE_RSA_WITH_SEED_SHA "TLS_DHE_RSA_WITH_SEED_CBC_SHA" +# define TLS1_RFC_ADH_WITH_SEED_SHA "TLS_DH_anon_WITH_SEED_CBC_SHA" +# define TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA "TLS_ECDHE_PSK_WITH_RC4_128_SHA" +# define TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA "TLS_ECDH_anon_WITH_RC4_128_SHA" +# define TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA" +# define TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA "TLS_ECDHE_RSA_WITH_RC4_128_SHA" +# define TLS1_RFC_PSK_WITH_RC4_128_SHA "TLS_PSK_WITH_RC4_128_SHA" +# define TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA "TLS_RSA_PSK_WITH_RC4_128_SHA" +# define TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA "TLS_DHE_PSK_WITH_RC4_128_SHA" +# define TLS1_RFC_RSA_WITH_ARIA_128_GCM_SHA256 "TLS_RSA_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_RSA_WITH_ARIA_256_GCM_SHA384 "TLS_RSA_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_DHE_RSA_WITH_ARIA_128_GCM_SHA256 "TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_DHE_RSA_WITH_ARIA_256_GCM_SHA384 "TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_DH_RSA_WITH_ARIA_128_GCM_SHA256 "TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_DH_RSA_WITH_ARIA_256_GCM_SHA384 "TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_DHE_DSS_WITH_ARIA_128_GCM_SHA256 "TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_DHE_DSS_WITH_ARIA_256_GCM_SHA384 "TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_DH_DSS_WITH_ARIA_128_GCM_SHA256 "TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_DH_DSS_WITH_ARIA_256_GCM_SHA384 "TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_DH_anon_WITH_ARIA_128_GCM_SHA256 "TLS_DH_anon_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_DH_anon_WITH_ARIA_256_GCM_SHA384 "TLS_DH_anon_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 "TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 "TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 "TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 "TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_PSK_WITH_ARIA_128_GCM_SHA256 "TLS_PSK_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_PSK_WITH_ARIA_256_GCM_SHA384 "TLS_PSK_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_DHE_PSK_WITH_ARIA_128_GCM_SHA256 "TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_DHE_PSK_WITH_ARIA_256_GCM_SHA384 "TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_RSA_PSK_WITH_ARIA_128_GCM_SHA256 "TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_RSA_PSK_WITH_ARIA_256_GCM_SHA384 "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384" + + +/* + * XXX Backward compatibility alert: Older versions of OpenSSL gave some DHE + * ciphers names with "EDH" instead of "DHE". Going forward, we should be + * using DHE everywhere, though we may indefinitely maintain aliases for + * users or configurations that used "EDH" + */ +# define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA "DHE-DSS-RC4-SHA" + +# define TLS1_TXT_PSK_WITH_NULL_SHA "PSK-NULL-SHA" +# define TLS1_TXT_DHE_PSK_WITH_NULL_SHA "DHE-PSK-NULL-SHA" +# define TLS1_TXT_RSA_PSK_WITH_NULL_SHA "RSA-PSK-NULL-SHA" + +/* AES ciphersuites from RFC3268 */ +# define TLS1_TXT_RSA_WITH_AES_128_SHA "AES128-SHA" +# define TLS1_TXT_DH_DSS_WITH_AES_128_SHA "DH-DSS-AES128-SHA" +# define TLS1_TXT_DH_RSA_WITH_AES_128_SHA "DH-RSA-AES128-SHA" +# define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA "DHE-DSS-AES128-SHA" +# define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA "DHE-RSA-AES128-SHA" +# define TLS1_TXT_ADH_WITH_AES_128_SHA "ADH-AES128-SHA" + +# define TLS1_TXT_RSA_WITH_AES_256_SHA "AES256-SHA" +# define TLS1_TXT_DH_DSS_WITH_AES_256_SHA "DH-DSS-AES256-SHA" +# define TLS1_TXT_DH_RSA_WITH_AES_256_SHA "DH-RSA-AES256-SHA" +# define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA "DHE-DSS-AES256-SHA" +# define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA "DHE-RSA-AES256-SHA" +# define TLS1_TXT_ADH_WITH_AES_256_SHA "ADH-AES256-SHA" + +/* ECC ciphersuites from RFC4492 */ +# define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA "ECDH-ECDSA-NULL-SHA" +# define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA "ECDH-ECDSA-RC4-SHA" +# define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA "ECDH-ECDSA-DES-CBC3-SHA" +# define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA "ECDH-ECDSA-AES128-SHA" +# define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA "ECDH-ECDSA-AES256-SHA" + +# define TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA "ECDHE-ECDSA-NULL-SHA" +# define TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA "ECDHE-ECDSA-RC4-SHA" +# define TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA "ECDHE-ECDSA-DES-CBC3-SHA" +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "ECDHE-ECDSA-AES128-SHA" +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA "ECDHE-ECDSA-AES256-SHA" + +# define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA "ECDH-RSA-NULL-SHA" +# define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA "ECDH-RSA-RC4-SHA" +# define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA "ECDH-RSA-DES-CBC3-SHA" +# define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA "ECDH-RSA-AES128-SHA" +# define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA "ECDH-RSA-AES256-SHA" + +# define TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA "ECDHE-RSA-NULL-SHA" +# define TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA "ECDHE-RSA-RC4-SHA" +# define TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA "ECDHE-RSA-DES-CBC3-SHA" +# define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA "ECDHE-RSA-AES128-SHA" +# define TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA "ECDHE-RSA-AES256-SHA" + +# define TLS1_TXT_ECDH_anon_WITH_NULL_SHA "AECDH-NULL-SHA" +# define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA "AECDH-RC4-SHA" +# define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA "AECDH-DES-CBC3-SHA" +# define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA "AECDH-AES128-SHA" +# define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA "AECDH-AES256-SHA" + +/* PSK ciphersuites from RFC 4279 */ +# define TLS1_TXT_PSK_WITH_RC4_128_SHA "PSK-RC4-SHA" +# define TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA "PSK-3DES-EDE-CBC-SHA" +# define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA "PSK-AES128-CBC-SHA" +# define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA "PSK-AES256-CBC-SHA" + +# define TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA "DHE-PSK-RC4-SHA" +# define TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA "DHE-PSK-3DES-EDE-CBC-SHA" +# define TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA "DHE-PSK-AES128-CBC-SHA" +# define TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA "DHE-PSK-AES256-CBC-SHA" +# define TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA "RSA-PSK-RC4-SHA" +# define TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA "RSA-PSK-3DES-EDE-CBC-SHA" +# define TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA "RSA-PSK-AES128-CBC-SHA" +# define TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA "RSA-PSK-AES256-CBC-SHA" + +/* PSK ciphersuites from RFC 5487 */ +# define TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256 "PSK-AES128-GCM-SHA256" +# define TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384 "PSK-AES256-GCM-SHA384" +# define TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256 "DHE-PSK-AES128-GCM-SHA256" +# define TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384 "DHE-PSK-AES256-GCM-SHA384" +# define TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256 "RSA-PSK-AES128-GCM-SHA256" +# define TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384 "RSA-PSK-AES256-GCM-SHA384" + +# define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256 "PSK-AES128-CBC-SHA256" +# define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384 "PSK-AES256-CBC-SHA384" +# define TLS1_TXT_PSK_WITH_NULL_SHA256 "PSK-NULL-SHA256" +# define TLS1_TXT_PSK_WITH_NULL_SHA384 "PSK-NULL-SHA384" + +# define TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256 "DHE-PSK-AES128-CBC-SHA256" +# define TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384 "DHE-PSK-AES256-CBC-SHA384" +# define TLS1_TXT_DHE_PSK_WITH_NULL_SHA256 "DHE-PSK-NULL-SHA256" +# define TLS1_TXT_DHE_PSK_WITH_NULL_SHA384 "DHE-PSK-NULL-SHA384" + +# define TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256 "RSA-PSK-AES128-CBC-SHA256" +# define TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384 "RSA-PSK-AES256-CBC-SHA384" +# define TLS1_TXT_RSA_PSK_WITH_NULL_SHA256 "RSA-PSK-NULL-SHA256" +# define TLS1_TXT_RSA_PSK_WITH_NULL_SHA384 "RSA-PSK-NULL-SHA384" + +/* SRP ciphersuite from RFC 5054 */ +# define TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA "SRP-3DES-EDE-CBC-SHA" +# define TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA "SRP-RSA-3DES-EDE-CBC-SHA" +# define TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA "SRP-DSS-3DES-EDE-CBC-SHA" +# define TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA "SRP-AES-128-CBC-SHA" +# define TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA "SRP-RSA-AES-128-CBC-SHA" +# define TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA "SRP-DSS-AES-128-CBC-SHA" +# define TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA "SRP-AES-256-CBC-SHA" +# define TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA "SRP-RSA-AES-256-CBC-SHA" +# define TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA "SRP-DSS-AES-256-CBC-SHA" + +/* Camellia ciphersuites from RFC4132 */ +# define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA "CAMELLIA128-SHA" +# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA "DH-DSS-CAMELLIA128-SHA" +# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA "DH-RSA-CAMELLIA128-SHA" +# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA "DHE-DSS-CAMELLIA128-SHA" +# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA "DHE-RSA-CAMELLIA128-SHA" +# define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA "ADH-CAMELLIA128-SHA" + +# define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA "CAMELLIA256-SHA" +# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA "DH-DSS-CAMELLIA256-SHA" +# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA "DH-RSA-CAMELLIA256-SHA" +# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA "DHE-DSS-CAMELLIA256-SHA" +# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "DHE-RSA-CAMELLIA256-SHA" +# define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA "ADH-CAMELLIA256-SHA" + +/* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */ +# define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256 "CAMELLIA128-SHA256" +# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 "DH-DSS-CAMELLIA128-SHA256" +# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 "DH-RSA-CAMELLIA128-SHA256" +# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 "DHE-DSS-CAMELLIA128-SHA256" +# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "DHE-RSA-CAMELLIA128-SHA256" +# define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256 "ADH-CAMELLIA128-SHA256" + +# define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256 "CAMELLIA256-SHA256" +# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 "DH-DSS-CAMELLIA256-SHA256" +# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 "DH-RSA-CAMELLIA256-SHA256" +# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 "DHE-DSS-CAMELLIA256-SHA256" +# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 "DHE-RSA-CAMELLIA256-SHA256" +# define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256 "ADH-CAMELLIA256-SHA256" + +# define TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256 "PSK-CAMELLIA128-SHA256" +# define TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384 "PSK-CAMELLIA256-SHA384" +# define TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 "DHE-PSK-CAMELLIA128-SHA256" +# define TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 "DHE-PSK-CAMELLIA256-SHA384" +# define TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 "RSA-PSK-CAMELLIA128-SHA256" +# define TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 "RSA-PSK-CAMELLIA256-SHA384" +# define TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 "ECDHE-PSK-CAMELLIA128-SHA256" +# define TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 "ECDHE-PSK-CAMELLIA256-SHA384" + +/* SEED ciphersuites from RFC4162 */ +# define TLS1_TXT_RSA_WITH_SEED_SHA "SEED-SHA" +# define TLS1_TXT_DH_DSS_WITH_SEED_SHA "DH-DSS-SEED-SHA" +# define TLS1_TXT_DH_RSA_WITH_SEED_SHA "DH-RSA-SEED-SHA" +# define TLS1_TXT_DHE_DSS_WITH_SEED_SHA "DHE-DSS-SEED-SHA" +# define TLS1_TXT_DHE_RSA_WITH_SEED_SHA "DHE-RSA-SEED-SHA" +# define TLS1_TXT_ADH_WITH_SEED_SHA "ADH-SEED-SHA" + +/* TLS v1.2 ciphersuites */ +# define TLS1_TXT_RSA_WITH_NULL_SHA256 "NULL-SHA256" +# define TLS1_TXT_RSA_WITH_AES_128_SHA256 "AES128-SHA256" +# define TLS1_TXT_RSA_WITH_AES_256_SHA256 "AES256-SHA256" +# define TLS1_TXT_DH_DSS_WITH_AES_128_SHA256 "DH-DSS-AES128-SHA256" +# define TLS1_TXT_DH_RSA_WITH_AES_128_SHA256 "DH-RSA-AES128-SHA256" +# define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256 "DHE-DSS-AES128-SHA256" +# define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256 "DHE-RSA-AES128-SHA256" +# define TLS1_TXT_DH_DSS_WITH_AES_256_SHA256 "DH-DSS-AES256-SHA256" +# define TLS1_TXT_DH_RSA_WITH_AES_256_SHA256 "DH-RSA-AES256-SHA256" +# define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256 "DHE-DSS-AES256-SHA256" +# define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256 "DHE-RSA-AES256-SHA256" +# define TLS1_TXT_ADH_WITH_AES_128_SHA256 "ADH-AES128-SHA256" +# define TLS1_TXT_ADH_WITH_AES_256_SHA256 "ADH-AES256-SHA256" + +/* TLS v1.2 GCM ciphersuites from RFC5288 */ +# define TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256 "AES128-GCM-SHA256" +# define TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384 "AES256-GCM-SHA384" +# define TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256 "DHE-RSA-AES128-GCM-SHA256" +# define TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384 "DHE-RSA-AES256-GCM-SHA384" +# define TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256 "DH-RSA-AES128-GCM-SHA256" +# define TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384 "DH-RSA-AES256-GCM-SHA384" +# define TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256 "DHE-DSS-AES128-GCM-SHA256" +# define TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384 "DHE-DSS-AES256-GCM-SHA384" +# define TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256 "DH-DSS-AES128-GCM-SHA256" +# define TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384 "DH-DSS-AES256-GCM-SHA384" +# define TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256 "ADH-AES128-GCM-SHA256" +# define TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384 "ADH-AES256-GCM-SHA384" + +/* CCM ciphersuites from RFC6655 */ +# define TLS1_TXT_RSA_WITH_AES_128_CCM "AES128-CCM" +# define TLS1_TXT_RSA_WITH_AES_256_CCM "AES256-CCM" +# define TLS1_TXT_DHE_RSA_WITH_AES_128_CCM "DHE-RSA-AES128-CCM" +# define TLS1_TXT_DHE_RSA_WITH_AES_256_CCM "DHE-RSA-AES256-CCM" + +# define TLS1_TXT_RSA_WITH_AES_128_CCM_8 "AES128-CCM8" +# define TLS1_TXT_RSA_WITH_AES_256_CCM_8 "AES256-CCM8" +# define TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8 "DHE-RSA-AES128-CCM8" +# define TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8 "DHE-RSA-AES256-CCM8" + +# define TLS1_TXT_PSK_WITH_AES_128_CCM "PSK-AES128-CCM" +# define TLS1_TXT_PSK_WITH_AES_256_CCM "PSK-AES256-CCM" +# define TLS1_TXT_DHE_PSK_WITH_AES_128_CCM "DHE-PSK-AES128-CCM" +# define TLS1_TXT_DHE_PSK_WITH_AES_256_CCM "DHE-PSK-AES256-CCM" + +# define TLS1_TXT_PSK_WITH_AES_128_CCM_8 "PSK-AES128-CCM8" +# define TLS1_TXT_PSK_WITH_AES_256_CCM_8 "PSK-AES256-CCM8" +# define TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8 "DHE-PSK-AES128-CCM8" +# define TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8 "DHE-PSK-AES256-CCM8" + +/* CCM ciphersuites from RFC7251 */ +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM "ECDHE-ECDSA-AES128-CCM" +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM "ECDHE-ECDSA-AES256-CCM" +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8 "ECDHE-ECDSA-AES128-CCM8" +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8 "ECDHE-ECDSA-AES256-CCM8" + +/* ECDH HMAC based ciphersuites from RFC5289 */ +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256 "ECDHE-ECDSA-AES128-SHA256" +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384 "ECDHE-ECDSA-AES256-SHA384" +# define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256 "ECDH-ECDSA-AES128-SHA256" +# define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384 "ECDH-ECDSA-AES256-SHA384" +# define TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256 "ECDHE-RSA-AES128-SHA256" +# define TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384 "ECDHE-RSA-AES256-SHA384" +# define TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256 "ECDH-RSA-AES128-SHA256" +# define TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384 "ECDH-RSA-AES256-SHA384" + +/* ECDH GCM based ciphersuites from RFC5289 */ +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 "ECDHE-ECDSA-AES128-GCM-SHA256" +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 "ECDHE-ECDSA-AES256-GCM-SHA384" +# define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 "ECDH-ECDSA-AES128-GCM-SHA256" +# define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 "ECDH-ECDSA-AES256-GCM-SHA384" +# define TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256 "ECDHE-RSA-AES128-GCM-SHA256" +# define TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384 "ECDHE-RSA-AES256-GCM-SHA384" +# define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256 "ECDH-RSA-AES128-GCM-SHA256" +# define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384 "ECDH-RSA-AES256-GCM-SHA384" + +/* TLS v1.2 PSK GCM ciphersuites from RFC5487 */ +# define TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256 "PSK-AES128-GCM-SHA256" +# define TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384 "PSK-AES256-GCM-SHA384" + +/* ECDHE PSK ciphersuites from RFC 5489 */ +# define TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA "ECDHE-PSK-RC4-SHA" +# define TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA "ECDHE-PSK-3DES-EDE-CBC-SHA" +# define TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA "ECDHE-PSK-AES128-CBC-SHA" +# define TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA "ECDHE-PSK-AES256-CBC-SHA" + +# define TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256 "ECDHE-PSK-AES128-CBC-SHA256" +# define TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384 "ECDHE-PSK-AES256-CBC-SHA384" + +# define TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA "ECDHE-PSK-NULL-SHA" +# define TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256 "ECDHE-PSK-NULL-SHA256" +# define TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384 "ECDHE-PSK-NULL-SHA384" + +/* Camellia-CBC ciphersuites from RFC6367 */ +# define TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDHE-ECDSA-CAMELLIA128-SHA256" +# define TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDHE-ECDSA-CAMELLIA256-SHA384" +# define TLS1_TXT_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDH-ECDSA-CAMELLIA128-SHA256" +# define TLS1_TXT_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDH-ECDSA-CAMELLIA256-SHA384" +# define TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDHE-RSA-CAMELLIA128-SHA256" +# define TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDHE-RSA-CAMELLIA256-SHA384" +# define TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDH-RSA-CAMELLIA128-SHA256" +# define TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDH-RSA-CAMELLIA256-SHA384" + +/* draft-ietf-tls-chacha20-poly1305-03 */ +# define TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305 "ECDHE-RSA-CHACHA20-POLY1305" +# define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 "ECDHE-ECDSA-CHACHA20-POLY1305" +# define TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305 "DHE-RSA-CHACHA20-POLY1305" +# define TLS1_TXT_PSK_WITH_CHACHA20_POLY1305 "PSK-CHACHA20-POLY1305" +# define TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305 "ECDHE-PSK-CHACHA20-POLY1305" +# define TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305 "DHE-PSK-CHACHA20-POLY1305" +# define TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305 "RSA-PSK-CHACHA20-POLY1305" + +/* Aria ciphersuites from RFC6209 */ +# define TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256 "ARIA128-GCM-SHA256" +# define TLS1_TXT_RSA_WITH_ARIA_256_GCM_SHA384 "ARIA256-GCM-SHA384" +# define TLS1_TXT_DHE_RSA_WITH_ARIA_128_GCM_SHA256 "DHE-RSA-ARIA128-GCM-SHA256" +# define TLS1_TXT_DHE_RSA_WITH_ARIA_256_GCM_SHA384 "DHE-RSA-ARIA256-GCM-SHA384" +# define TLS1_TXT_DH_RSA_WITH_ARIA_128_GCM_SHA256 "DH-RSA-ARIA128-GCM-SHA256" +# define TLS1_TXT_DH_RSA_WITH_ARIA_256_GCM_SHA384 "DH-RSA-ARIA256-GCM-SHA384" +# define TLS1_TXT_DHE_DSS_WITH_ARIA_128_GCM_SHA256 "DHE-DSS-ARIA128-GCM-SHA256" +# define TLS1_TXT_DHE_DSS_WITH_ARIA_256_GCM_SHA384 "DHE-DSS-ARIA256-GCM-SHA384" +# define TLS1_TXT_DH_DSS_WITH_ARIA_128_GCM_SHA256 "DH-DSS-ARIA128-GCM-SHA256" +# define TLS1_TXT_DH_DSS_WITH_ARIA_256_GCM_SHA384 "DH-DSS-ARIA256-GCM-SHA384" +# define TLS1_TXT_DH_anon_WITH_ARIA_128_GCM_SHA256 "ADH-ARIA128-GCM-SHA256" +# define TLS1_TXT_DH_anon_WITH_ARIA_256_GCM_SHA384 "ADH-ARIA256-GCM-SHA384" +# define TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 "ECDHE-ECDSA-ARIA128-GCM-SHA256" +# define TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 "ECDHE-ECDSA-ARIA256-GCM-SHA384" +# define TLS1_TXT_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 "ECDH-ECDSA-ARIA128-GCM-SHA256" +# define TLS1_TXT_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 "ECDH-ECDSA-ARIA256-GCM-SHA384" +# define TLS1_TXT_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 "ECDHE-ARIA128-GCM-SHA256" +# define TLS1_TXT_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 "ECDHE-ARIA256-GCM-SHA384" +# define TLS1_TXT_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 "ECDH-ARIA128-GCM-SHA256" +# define TLS1_TXT_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 "ECDH-ARIA256-GCM-SHA384" +# define TLS1_TXT_PSK_WITH_ARIA_128_GCM_SHA256 "PSK-ARIA128-GCM-SHA256" +# define TLS1_TXT_PSK_WITH_ARIA_256_GCM_SHA384 "PSK-ARIA256-GCM-SHA384" +# define TLS1_TXT_DHE_PSK_WITH_ARIA_128_GCM_SHA256 "DHE-PSK-ARIA128-GCM-SHA256" +# define TLS1_TXT_DHE_PSK_WITH_ARIA_256_GCM_SHA384 "DHE-PSK-ARIA256-GCM-SHA384" +# define TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256 "RSA-PSK-ARIA128-GCM-SHA256" +# define TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384 "RSA-PSK-ARIA256-GCM-SHA384" + +# define TLS_CT_RSA_SIGN 1 +# define TLS_CT_DSS_SIGN 2 +# define TLS_CT_RSA_FIXED_DH 3 +# define TLS_CT_DSS_FIXED_DH 4 +# define TLS_CT_ECDSA_SIGN 64 +# define TLS_CT_RSA_FIXED_ECDH 65 +# define TLS_CT_ECDSA_FIXED_ECDH 66 +# define TLS_CT_GOST01_SIGN 22 +# define TLS_CT_GOST12_SIGN 238 +# define TLS_CT_GOST12_512_SIGN 239 + +/* + * when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see + * comment there) + */ +# define TLS_CT_NUMBER 10 + +# if defined(SSL3_CT_NUMBER) +# if TLS_CT_NUMBER != SSL3_CT_NUMBER +# error "SSL/TLS CT_NUMBER values do not match" +# endif +# endif + +# define TLS1_FINISH_MAC_LENGTH 12 + +# define TLS_MD_MAX_CONST_SIZE 22 +# define TLS_MD_CLIENT_FINISH_CONST "client finished" +# define TLS_MD_CLIENT_FINISH_CONST_SIZE 15 +# define TLS_MD_SERVER_FINISH_CONST "server finished" +# define TLS_MD_SERVER_FINISH_CONST_SIZE 15 +# define TLS_MD_KEY_EXPANSION_CONST "key expansion" +# define TLS_MD_KEY_EXPANSION_CONST_SIZE 13 +# define TLS_MD_CLIENT_WRITE_KEY_CONST "client write key" +# define TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE 16 +# define TLS_MD_SERVER_WRITE_KEY_CONST "server write key" +# define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16 +# define TLS_MD_IV_BLOCK_CONST "IV block" +# define TLS_MD_IV_BLOCK_CONST_SIZE 8 +# define TLS_MD_MASTER_SECRET_CONST "master secret" +# define TLS_MD_MASTER_SECRET_CONST_SIZE 13 +# define TLS_MD_EXTENDED_MASTER_SECRET_CONST "extended master secret" +# define TLS_MD_EXTENDED_MASTER_SECRET_CONST_SIZE 22 + +# ifdef CHARSET_EBCDIC +# undef TLS_MD_CLIENT_FINISH_CONST +/* + * client finished + */ +# define TLS_MD_CLIENT_FINISH_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x66\x69\x6e\x69\x73\x68\x65\x64" + +# undef TLS_MD_SERVER_FINISH_CONST +/* + * server finished + */ +# define TLS_MD_SERVER_FINISH_CONST "\x73\x65\x72\x76\x65\x72\x20\x66\x69\x6e\x69\x73\x68\x65\x64" + +# undef TLS_MD_SERVER_WRITE_KEY_CONST +/* + * server write key + */ +# define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" + +# undef TLS_MD_KEY_EXPANSION_CONST +/* + * key expansion + */ +# define TLS_MD_KEY_EXPANSION_CONST "\x6b\x65\x79\x20\x65\x78\x70\x61\x6e\x73\x69\x6f\x6e" + +# undef TLS_MD_CLIENT_WRITE_KEY_CONST +/* + * client write key + */ +# define TLS_MD_CLIENT_WRITE_KEY_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" + +# undef TLS_MD_SERVER_WRITE_KEY_CONST +/* + * server write key + */ +# define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" + +# undef TLS_MD_IV_BLOCK_CONST +/* + * IV block + */ +# define TLS_MD_IV_BLOCK_CONST "\x49\x56\x20\x62\x6c\x6f\x63\x6b" + +# undef TLS_MD_MASTER_SECRET_CONST +/* + * master secret + */ +# define TLS_MD_MASTER_SECRET_CONST "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74" +# undef TLS_MD_EXTENDED_MASTER_SECRET_CONST +/* + * extended master secret + */ +# define TLS_MD_EXTENDED_MASTER_SECRET_CONST "\x65\x78\x74\x65\x6e\x64\x65\x64\x20\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74" +# endif + +/* TLS Session Ticket extension struct */ +struct tls_session_ticket_ext_st { + unsigned short length; + void *data; +}; + +#ifdef __cplusplus +} +#endif +#endif diff --git a/linux_amd64/include/openssl/trace.h b/linux_amd64/include/openssl/trace.h new file mode 100644 index 0000000..f71d9fb --- /dev/null +++ b/linux_amd64/include/openssl/trace.h @@ -0,0 +1,297 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_TRACE_H +# define OPENSSL_TRACE_H + +# include + +# include + +# ifdef __cplusplus +extern "C" { +# endif + +/* + * TRACE CATEGORIES + */ + +/* + * The trace messages of the OpenSSL libraries are organized into different + * categories. For every trace category, the application can register a separate + * tracer callback. When a callback is registered, a so called trace channel is + * created for this category. This channel consists essentially of an internal + * BIO which sends all trace output it receives to the registered application + * callback. + * + * The ALL category can be used as a fallback category to register a single + * channel which receives the output from all categories. However, if the + * application intends to print the trace channel name in the line prefix, + * it is better to register channels for all categories separately. + * (This is how the openssl application does it.) + */ +# define OSSL_TRACE_CATEGORY_ALL 0 /* The fallback */ +# define OSSL_TRACE_CATEGORY_TRACE 1 +# define OSSL_TRACE_CATEGORY_INIT 2 +# define OSSL_TRACE_CATEGORY_TLS 3 +# define OSSL_TRACE_CATEGORY_TLS_CIPHER 4 +# define OSSL_TRACE_CATEGORY_CONF 5 +# define OSSL_TRACE_CATEGORY_ENGINE_TABLE 6 +# define OSSL_TRACE_CATEGORY_ENGINE_REF_COUNT 7 +# define OSSL_TRACE_CATEGORY_PKCS5V2 8 +# define OSSL_TRACE_CATEGORY_PKCS12_KEYGEN 9 +# define OSSL_TRACE_CATEGORY_PKCS12_DECRYPT 10 +# define OSSL_TRACE_CATEGORY_X509V3_POLICY 11 +# define OSSL_TRACE_CATEGORY_BN_CTX 12 +# define OSSL_TRACE_CATEGORY_CMP 13 +# define OSSL_TRACE_CATEGORY_STORE 14 +# define OSSL_TRACE_CATEGORY_NUM 15 + +/* Returns the trace category number for the given |name| */ +int OSSL_trace_get_category_num(const char *name); + +/* Returns the trace category name for the given |num| */ +const char *OSSL_trace_get_category_name(int num); + +/* + * TRACE CONSUMERS + */ + +/* + * Enables tracing for the given |category| by providing a BIO sink + * as |channel|. If a null pointer is passed as |channel|, an existing + * trace channel is removed and tracing for the category is disabled. + * + * Returns 1 on success and 0 on failure + */ +int OSSL_trace_set_channel(int category, BIO* channel); + +/* + * Attach a prefix and a suffix to the given |category|, to be printed at the + * beginning and at the end of each trace output group, i.e. when + * OSSL_trace_begin() and OSSL_trace_end() are called. + * If a null pointer is passed as argument, the existing prefix or suffix is + * removed. + * + * They return 1 on success and 0 on failure + */ +int OSSL_trace_set_prefix(int category, const char *prefix); +int OSSL_trace_set_suffix(int category, const char *suffix); + +/* + * OSSL_trace_cb is the type tracing callback provided by the application. + * It MUST return the number of bytes written, or 0 on error (in other words, + * it can never write zero bytes). + * + * The |buffer| will always contain text, which may consist of several lines. + * The |data| argument points to whatever data was provided by the application + * when registering the tracer function. + * + * The |category| number is given, as well as a |cmd| number, described below. + */ +typedef size_t (*OSSL_trace_cb)(const char *buffer, size_t count, + int category, int cmd, void *data); +/* + * Possible |cmd| numbers. + */ +# define OSSL_TRACE_CTRL_BEGIN 0 +# define OSSL_TRACE_CTRL_WRITE 1 +# define OSSL_TRACE_CTRL_END 2 + +/* + * Enables tracing for the given |category| by creating an internal + * trace channel which sends the output to the given |callback|. + * If a null pointer is passed as callback, an existing trace channel + * is removed and tracing for the category is disabled. + * + * NOTE: OSSL_trace_set_channel() and OSSL_trace_set_callback() are mutually + * exclusive. + * + * Returns 1 on success and 0 on failure + */ +int OSSL_trace_set_callback(int category, OSSL_trace_cb callback, void *data); + +/* + * TRACE PRODUCERS + */ + +/* + * Returns 1 if tracing for the specified category is enabled, otherwise 0 + */ +int OSSL_trace_enabled(int category); + +/* + * Wrap a group of tracing output calls. OSSL_trace_begin() locks tracing and + * returns the trace channel associated with the given category, or NULL if no + * channel is associated with the category. OSSL_trace_end() unlocks tracing. + * + * Usage: + * + * BIO *out; + * if ((out = OSSL_trace_begin(category)) != NULL) { + * ... + * BIO_fprintf(out, ...); + * ... + * OSSL_trace_end(category, out); + * } + * + * See also the convenience macros OSSL_TRACE_BEGIN and OSSL_TRACE_END below. + */ +BIO *OSSL_trace_begin(int category); +void OSSL_trace_end(int category, BIO *channel); + +/* + * OSSL_TRACE* Convenience Macros + */ + +/* + * When the tracing feature is disabled, these macros are defined to + * produce dead code, which a good compiler should eliminate. + */ + +/* + * OSSL_TRACE_BEGIN, OSSL_TRACE_END - Define a Trace Group + * + * These two macros can be used to create a block which is executed only + * if the corresponding trace category is enabled. Inside this block, a + * local variable named |trc_out| is defined, which points to the channel + * associated with the given trace category. + * + * Usage: (using 'TLS' as an example category) + * + * OSSL_TRACE_BEGIN(TLS) { + * + * BIO_fprintf(trc_out, ... ); + * + * } OSSL_TRACE_END(TLS); + * + * + * This expands to the following code + * + * do { + * BIO *trc_out = OSSL_trace_begin(OSSL_TRACE_CATEGORY_TLS); + * if (trc_out != NULL) { + * ... + * BIO_fprintf(trc_out, ...); + * } + * OSSL_trace_end(OSSL_TRACE_CATEGORY_TLS, trc_out); + * } while (0); + * + * The use of the inner '{...}' group and the trailing ';' is enforced + * by the definition of the macros in order to make the code look as much + * like C code as possible. + * + * Before returning from inside the trace block, it is necessary to + * call OSSL_TRACE_CANCEL(category). + */ + +# ifndef OPENSSL_NO_TRACE + +# define OSSL_TRACE_BEGIN(category) \ + do { \ + BIO *trc_out = OSSL_trace_begin(OSSL_TRACE_CATEGORY_##category); \ + \ + if (trc_out != NULL) + +# define OSSL_TRACE_END(category) \ + OSSL_trace_end(OSSL_TRACE_CATEGORY_##category, trc_out); \ + } while (0) + +# define OSSL_TRACE_CANCEL(category) \ + OSSL_trace_end(OSSL_TRACE_CATEGORY_##category, trc_out) \ + +# else + +# define OSSL_TRACE_BEGIN(category) \ + do { \ + BIO *trc_out = NULL; \ + if (0) + +# define OSSL_TRACE_END(category) \ + } while(0) + +# define OSSL_TRACE_CANCEL(category) \ + ((void)0) + +# endif + +/* + * OSSL_TRACE_ENABLED() - Check whether tracing is enabled for |category| + * + * Usage: + * + * if (OSSL_TRACE_ENABLED(TLS)) { + * ... + * } + */ +# ifndef OPENSSL_NO_TRACE + +# define OSSL_TRACE_ENABLED(category) \ + OSSL_trace_enabled(OSSL_TRACE_CATEGORY_##category) + +# else + +# define OSSL_TRACE_ENABLED(category) (0) + +# endif + +/* + * OSSL_TRACE*() - OneShot Trace Macros + * + * These macros are intended to produce a simple printf-style trace output. + * Unfortunately, C90 macros don't support variable arguments, so the + * "vararg" OSSL_TRACEV() macro has a rather weird usage pattern: + * + * OSSL_TRACEV(category, (trc_out, "format string", ...args...)); + * + * Where 'channel' is the literal symbol of this name, not a variable. + * For that reason, it is currently not intended to be used directly, + * but only as helper macro for the other oneshot trace macros + * OSSL_TRACE(), OSSL_TRACE1(), OSSL_TRACE2(), ... + * + * Usage: + * + * OSSL_TRACE(INIT, "Hello world!\n"); + * OSSL_TRACE1(TLS, "The answer is %d\n", 42); + * OSSL_TRACE2(TLS, "The ultimate question to answer %d is '%s'\n", + * 42, "What do you get when you multiply six by nine?"); + */ + +# define OSSL_TRACEV(category, args) \ + OSSL_TRACE_BEGIN(category) \ + BIO_printf args; \ + OSSL_TRACE_END(category) + +# define OSSL_TRACE(category, text) \ + OSSL_TRACEV(category, (trc_out, "%s", text)) + +# define OSSL_TRACE1(category, format, arg1) \ + OSSL_TRACEV(category, (trc_out, format, arg1)) +# define OSSL_TRACE2(category, format, arg1, arg2) \ + OSSL_TRACEV(category, (trc_out, format, arg1, arg2)) +# define OSSL_TRACE3(category, format, arg1, arg2, arg3) \ + OSSL_TRACEV(category, (trc_out, format, arg1, arg2, arg3)) +# define OSSL_TRACE4(category, format, arg1, arg2, arg3, arg4) \ + OSSL_TRACEV(category, (trc_out, format, arg1, arg2, arg3, arg4)) +# define OSSL_TRACE5(category, format, arg1, arg2, arg3, arg4, arg5) \ + OSSL_TRACEV(category, (trc_out, format, arg1, arg2, arg3, arg4, arg5)) +# define OSSL_TRACE6(category, format, arg1, arg2, arg3, arg4, arg5, arg6) \ + OSSL_TRACEV(category, (trc_out, format, arg1, arg2, arg3, arg4, arg5, arg6)) +# define OSSL_TRACE7(category, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7) \ + OSSL_TRACEV(category, (trc_out, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7)) +# define OSSL_TRACE8(category, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8) \ + OSSL_TRACEV(category, (trc_out, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8)) +# define OSSL_TRACE9(category, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8) \ + OSSL_TRACEV(category, (trc_out, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9)) + +# ifdef __cplusplus +} +# endif + +#endif diff --git a/linux_amd64/include/openssl/ts.h b/linux_amd64/include/openssl/ts.h new file mode 100644 index 0000000..1229838 --- /dev/null +++ b/linux_amd64/include/openssl/ts.h @@ -0,0 +1,504 @@ +/* + * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_TS_H +# define OPENSSL_TS_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_TS_H +# endif + +# include + +# ifndef OPENSSL_NO_TS +# include +# include +# include +# include +# include +# include +# include +# include +# include +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + +# include +# include + +typedef struct TS_msg_imprint_st TS_MSG_IMPRINT; +typedef struct TS_req_st TS_REQ; +typedef struct TS_accuracy_st TS_ACCURACY; +typedef struct TS_tst_info_st TS_TST_INFO; + +/* Possible values for status. */ +# define TS_STATUS_GRANTED 0 +# define TS_STATUS_GRANTED_WITH_MODS 1 +# define TS_STATUS_REJECTION 2 +# define TS_STATUS_WAITING 3 +# define TS_STATUS_REVOCATION_WARNING 4 +# define TS_STATUS_REVOCATION_NOTIFICATION 5 + +/* Possible values for failure_info. */ +# define TS_INFO_BAD_ALG 0 +# define TS_INFO_BAD_REQUEST 2 +# define TS_INFO_BAD_DATA_FORMAT 5 +# define TS_INFO_TIME_NOT_AVAILABLE 14 +# define TS_INFO_UNACCEPTED_POLICY 15 +# define TS_INFO_UNACCEPTED_EXTENSION 16 +# define TS_INFO_ADD_INFO_NOT_AVAILABLE 17 +# define TS_INFO_SYSTEM_FAILURE 25 + + +typedef struct TS_status_info_st TS_STATUS_INFO; + +typedef struct TS_resp_st TS_RESP; + +DECLARE_ASN1_ALLOC_FUNCTIONS(TS_REQ) +DECLARE_ASN1_ENCODE_FUNCTIONS_only(TS_REQ, TS_REQ) +DECLARE_ASN1_DUP_FUNCTION(TS_REQ) + +#ifndef OPENSSL_NO_STDIO +TS_REQ *d2i_TS_REQ_fp(FILE *fp, TS_REQ **a); +int i2d_TS_REQ_fp(FILE *fp, const TS_REQ *a); +#endif +TS_REQ *d2i_TS_REQ_bio(BIO *fp, TS_REQ **a); +int i2d_TS_REQ_bio(BIO *fp, const TS_REQ *a); + +DECLARE_ASN1_ALLOC_FUNCTIONS(TS_MSG_IMPRINT) +DECLARE_ASN1_ENCODE_FUNCTIONS_only(TS_MSG_IMPRINT, TS_MSG_IMPRINT) +DECLARE_ASN1_DUP_FUNCTION(TS_MSG_IMPRINT) + +#ifndef OPENSSL_NO_STDIO +TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT **a); +int i2d_TS_MSG_IMPRINT_fp(FILE *fp, const TS_MSG_IMPRINT *a); +#endif +TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *bio, TS_MSG_IMPRINT **a); +int i2d_TS_MSG_IMPRINT_bio(BIO *bio, const TS_MSG_IMPRINT *a); + +DECLARE_ASN1_ALLOC_FUNCTIONS(TS_RESP) +DECLARE_ASN1_ENCODE_FUNCTIONS_only(TS_RESP, TS_RESP) +DECLARE_ASN1_DUP_FUNCTION(TS_RESP) + +#ifndef OPENSSL_NO_STDIO +TS_RESP *d2i_TS_RESP_fp(FILE *fp, TS_RESP **a); +int i2d_TS_RESP_fp(FILE *fp, const TS_RESP *a); +#endif +TS_RESP *d2i_TS_RESP_bio(BIO *bio, TS_RESP **a); +int i2d_TS_RESP_bio(BIO *bio, const TS_RESP *a); + +DECLARE_ASN1_ALLOC_FUNCTIONS(TS_STATUS_INFO) +DECLARE_ASN1_ENCODE_FUNCTIONS_only(TS_STATUS_INFO, TS_STATUS_INFO) +DECLARE_ASN1_DUP_FUNCTION(TS_STATUS_INFO) + +DECLARE_ASN1_ALLOC_FUNCTIONS(TS_TST_INFO) +DECLARE_ASN1_ENCODE_FUNCTIONS_only(TS_TST_INFO, TS_TST_INFO) +DECLARE_ASN1_DUP_FUNCTION(TS_TST_INFO) +TS_TST_INFO *PKCS7_to_TS_TST_INFO(PKCS7 *token); + +#ifndef OPENSSL_NO_STDIO +TS_TST_INFO *d2i_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO **a); +int i2d_TS_TST_INFO_fp(FILE *fp, const TS_TST_INFO *a); +#endif +TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *bio, TS_TST_INFO **a); +int i2d_TS_TST_INFO_bio(BIO *bio, const TS_TST_INFO *a); + +DECLARE_ASN1_ALLOC_FUNCTIONS(TS_ACCURACY) +DECLARE_ASN1_ENCODE_FUNCTIONS_only(TS_ACCURACY, TS_ACCURACY) +DECLARE_ASN1_DUP_FUNCTION(TS_ACCURACY) + +int TS_REQ_set_version(TS_REQ *a, long version); +long TS_REQ_get_version(const TS_REQ *a); + +int TS_STATUS_INFO_set_status(TS_STATUS_INFO *a, int i); +const ASN1_INTEGER *TS_STATUS_INFO_get0_status(const TS_STATUS_INFO *a); + +const STACK_OF(ASN1_UTF8STRING) * +TS_STATUS_INFO_get0_text(const TS_STATUS_INFO *a); + +const ASN1_BIT_STRING * +TS_STATUS_INFO_get0_failure_info(const TS_STATUS_INFO *a); + +int TS_REQ_set_msg_imprint(TS_REQ *a, TS_MSG_IMPRINT *msg_imprint); +TS_MSG_IMPRINT *TS_REQ_get_msg_imprint(TS_REQ *a); + +int TS_MSG_IMPRINT_set_algo(TS_MSG_IMPRINT *a, X509_ALGOR *alg); +X509_ALGOR *TS_MSG_IMPRINT_get_algo(TS_MSG_IMPRINT *a); + +int TS_MSG_IMPRINT_set_msg(TS_MSG_IMPRINT *a, unsigned char *d, int len); +ASN1_OCTET_STRING *TS_MSG_IMPRINT_get_msg(TS_MSG_IMPRINT *a); + +int TS_REQ_set_policy_id(TS_REQ *a, const ASN1_OBJECT *policy); +ASN1_OBJECT *TS_REQ_get_policy_id(TS_REQ *a); + +int TS_REQ_set_nonce(TS_REQ *a, const ASN1_INTEGER *nonce); +const ASN1_INTEGER *TS_REQ_get_nonce(const TS_REQ *a); + +int TS_REQ_set_cert_req(TS_REQ *a, int cert_req); +int TS_REQ_get_cert_req(const TS_REQ *a); + +STACK_OF(X509_EXTENSION) *TS_REQ_get_exts(TS_REQ *a); +void TS_REQ_ext_free(TS_REQ *a); +int TS_REQ_get_ext_count(TS_REQ *a); +int TS_REQ_get_ext_by_NID(TS_REQ *a, int nid, int lastpos); +int TS_REQ_get_ext_by_OBJ(TS_REQ *a, const ASN1_OBJECT *obj, int lastpos); +int TS_REQ_get_ext_by_critical(TS_REQ *a, int crit, int lastpos); +X509_EXTENSION *TS_REQ_get_ext(TS_REQ *a, int loc); +X509_EXTENSION *TS_REQ_delete_ext(TS_REQ *a, int loc); +int TS_REQ_add_ext(TS_REQ *a, X509_EXTENSION *ex, int loc); +void *TS_REQ_get_ext_d2i(TS_REQ *a, int nid, int *crit, int *idx); + +/* Function declarations for TS_REQ defined in ts/ts_req_print.c */ + +int TS_REQ_print_bio(BIO *bio, TS_REQ *a); + +/* Function declarations for TS_RESP defined in ts/ts_resp_utils.c */ + +int TS_RESP_set_status_info(TS_RESP *a, TS_STATUS_INFO *info); +TS_STATUS_INFO *TS_RESP_get_status_info(TS_RESP *a); + +/* Caller loses ownership of PKCS7 and TS_TST_INFO objects. */ +void TS_RESP_set_tst_info(TS_RESP *a, PKCS7 *p7, TS_TST_INFO *tst_info); +PKCS7 *TS_RESP_get_token(TS_RESP *a); +TS_TST_INFO *TS_RESP_get_tst_info(TS_RESP *a); + +int TS_TST_INFO_set_version(TS_TST_INFO *a, long version); +long TS_TST_INFO_get_version(const TS_TST_INFO *a); + +int TS_TST_INFO_set_policy_id(TS_TST_INFO *a, ASN1_OBJECT *policy_id); +ASN1_OBJECT *TS_TST_INFO_get_policy_id(TS_TST_INFO *a); + +int TS_TST_INFO_set_msg_imprint(TS_TST_INFO *a, TS_MSG_IMPRINT *msg_imprint); +TS_MSG_IMPRINT *TS_TST_INFO_get_msg_imprint(TS_TST_INFO *a); + +int TS_TST_INFO_set_serial(TS_TST_INFO *a, const ASN1_INTEGER *serial); +const ASN1_INTEGER *TS_TST_INFO_get_serial(const TS_TST_INFO *a); + +int TS_TST_INFO_set_time(TS_TST_INFO *a, const ASN1_GENERALIZEDTIME *gtime); +const ASN1_GENERALIZEDTIME *TS_TST_INFO_get_time(const TS_TST_INFO *a); + +int TS_TST_INFO_set_accuracy(TS_TST_INFO *a, TS_ACCURACY *accuracy); +TS_ACCURACY *TS_TST_INFO_get_accuracy(TS_TST_INFO *a); + +int TS_ACCURACY_set_seconds(TS_ACCURACY *a, const ASN1_INTEGER *seconds); +const ASN1_INTEGER *TS_ACCURACY_get_seconds(const TS_ACCURACY *a); + +int TS_ACCURACY_set_millis(TS_ACCURACY *a, const ASN1_INTEGER *millis); +const ASN1_INTEGER *TS_ACCURACY_get_millis(const TS_ACCURACY *a); + +int TS_ACCURACY_set_micros(TS_ACCURACY *a, const ASN1_INTEGER *micros); +const ASN1_INTEGER *TS_ACCURACY_get_micros(const TS_ACCURACY *a); + +int TS_TST_INFO_set_ordering(TS_TST_INFO *a, int ordering); +int TS_TST_INFO_get_ordering(const TS_TST_INFO *a); + +int TS_TST_INFO_set_nonce(TS_TST_INFO *a, const ASN1_INTEGER *nonce); +const ASN1_INTEGER *TS_TST_INFO_get_nonce(const TS_TST_INFO *a); + +int TS_TST_INFO_set_tsa(TS_TST_INFO *a, GENERAL_NAME *tsa); +GENERAL_NAME *TS_TST_INFO_get_tsa(TS_TST_INFO *a); + +STACK_OF(X509_EXTENSION) *TS_TST_INFO_get_exts(TS_TST_INFO *a); +void TS_TST_INFO_ext_free(TS_TST_INFO *a); +int TS_TST_INFO_get_ext_count(TS_TST_INFO *a); +int TS_TST_INFO_get_ext_by_NID(TS_TST_INFO *a, int nid, int lastpos); +int TS_TST_INFO_get_ext_by_OBJ(TS_TST_INFO *a, const ASN1_OBJECT *obj, + int lastpos); +int TS_TST_INFO_get_ext_by_critical(TS_TST_INFO *a, int crit, int lastpos); +X509_EXTENSION *TS_TST_INFO_get_ext(TS_TST_INFO *a, int loc); +X509_EXTENSION *TS_TST_INFO_delete_ext(TS_TST_INFO *a, int loc); +int TS_TST_INFO_add_ext(TS_TST_INFO *a, X509_EXTENSION *ex, int loc); +void *TS_TST_INFO_get_ext_d2i(TS_TST_INFO *a, int nid, int *crit, int *idx); + +/* + * Declarations related to response generation, defined in ts/ts_resp_sign.c. + */ + +/* Optional flags for response generation. */ + +/* Don't include the TSA name in response. */ +# define TS_TSA_NAME 0x01 + +/* Set ordering to true in response. */ +# define TS_ORDERING 0x02 + +/* + * Include the signer certificate and the other specified certificates in + * the ESS signing certificate attribute beside the PKCS7 signed data. + * Only the signer certificates is included by default. + */ +# define TS_ESS_CERT_ID_CHAIN 0x04 + +/* Forward declaration. */ +struct TS_resp_ctx; + +/* This must return a unique number less than 160 bits long. */ +typedef ASN1_INTEGER *(*TS_serial_cb) (struct TS_resp_ctx *, void *); + +/* + * This must return the seconds and microseconds since Jan 1, 1970 in the sec + * and usec variables allocated by the caller. Return non-zero for success + * and zero for failure. + */ +typedef int (*TS_time_cb) (struct TS_resp_ctx *, void *, long *sec, + long *usec); + +/* + * This must process the given extension. It can modify the TS_TST_INFO + * object of the context. Return values: !0 (processed), 0 (error, it must + * set the status info/failure info of the response). + */ +typedef int (*TS_extension_cb) (struct TS_resp_ctx *, X509_EXTENSION *, + void *); + +typedef struct TS_resp_ctx TS_RESP_CTX; + +DEFINE_STACK_OF_CONST(EVP_MD) + +/* Creates a response context that can be used for generating responses. */ +TS_RESP_CTX *TS_RESP_CTX_new(void); +void TS_RESP_CTX_free(TS_RESP_CTX *ctx); + +/* This parameter must be set. */ +int TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer); + +/* This parameter must be set. */ +int TS_RESP_CTX_set_signer_key(TS_RESP_CTX *ctx, EVP_PKEY *key); + +int TS_RESP_CTX_set_signer_digest(TS_RESP_CTX *ctx, + const EVP_MD *signer_digest); +int TS_RESP_CTX_set_ess_cert_id_digest(TS_RESP_CTX *ctx, const EVP_MD *md); + +/* This parameter must be set. */ +int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT *def_policy); + +/* No additional certs are included in the response by default. */ +int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs); + +/* + * Adds a new acceptable policy, only the default policy is accepted by + * default. + */ +int TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT *policy); + +/* + * Adds a new acceptable message digest. Note that no message digests are + * accepted by default. The md argument is shared with the caller. + */ +int TS_RESP_CTX_add_md(TS_RESP_CTX *ctx, const EVP_MD *md); + +/* Accuracy is not included by default. */ +int TS_RESP_CTX_set_accuracy(TS_RESP_CTX *ctx, + int secs, int millis, int micros); + +/* + * Clock precision digits, i.e. the number of decimal digits: '0' means sec, + * '3' msec, '6' usec, and so on. Default is 0. + */ +int TS_RESP_CTX_set_clock_precision_digits(TS_RESP_CTX *ctx, + unsigned clock_precision_digits); +/* At most we accept usec precision. */ +# define TS_MAX_CLOCK_PRECISION_DIGITS 6 + +/* Maximum status message length */ +# define TS_MAX_STATUS_LENGTH (1024 * 1024) + +/* No flags are set by default. */ +void TS_RESP_CTX_add_flags(TS_RESP_CTX *ctx, int flags); + +/* Default callback always returns a constant. */ +void TS_RESP_CTX_set_serial_cb(TS_RESP_CTX *ctx, TS_serial_cb cb, void *data); + +/* Default callback uses the gettimeofday() and gmtime() system calls. */ +void TS_RESP_CTX_set_time_cb(TS_RESP_CTX *ctx, TS_time_cb cb, void *data); + +/* + * Default callback rejects all extensions. The extension callback is called + * when the TS_TST_INFO object is already set up and not signed yet. + */ +/* FIXME: extension handling is not tested yet. */ +void TS_RESP_CTX_set_extension_cb(TS_RESP_CTX *ctx, + TS_extension_cb cb, void *data); + +/* The following methods can be used in the callbacks. */ +int TS_RESP_CTX_set_status_info(TS_RESP_CTX *ctx, + int status, const char *text); + +/* Sets the status info only if it is still TS_STATUS_GRANTED. */ +int TS_RESP_CTX_set_status_info_cond(TS_RESP_CTX *ctx, + int status, const char *text); + +int TS_RESP_CTX_add_failure_info(TS_RESP_CTX *ctx, int failure); + +/* The get methods below can be used in the extension callback. */ +TS_REQ *TS_RESP_CTX_get_request(TS_RESP_CTX *ctx); + +TS_TST_INFO *TS_RESP_CTX_get_tst_info(TS_RESP_CTX *ctx); + +/* + * Creates the signed TS_TST_INFO and puts it in TS_RESP. + * In case of errors it sets the status info properly. + * Returns NULL only in case of memory allocation/fatal error. + */ +TS_RESP *TS_RESP_create_response(TS_RESP_CTX *ctx, BIO *req_bio); + +/* + * Declarations related to response verification, + * they are defined in ts/ts_resp_verify.c. + */ + +int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs, + X509_STORE *store, X509 **signer_out); + +/* Context structure for the generic verify method. */ + +/* Verify the signer's certificate and the signature of the response. */ +# define TS_VFY_SIGNATURE (1u << 0) +/* Verify the version number of the response. */ +# define TS_VFY_VERSION (1u << 1) +/* Verify if the policy supplied by the user matches the policy of the TSA. */ +# define TS_VFY_POLICY (1u << 2) +/* + * Verify the message imprint provided by the user. This flag should not be + * specified with TS_VFY_DATA. + */ +# define TS_VFY_IMPRINT (1u << 3) +/* + * Verify the message imprint computed by the verify method from the user + * provided data and the MD algorithm of the response. This flag should not + * be specified with TS_VFY_IMPRINT. + */ +# define TS_VFY_DATA (1u << 4) +/* Verify the nonce value. */ +# define TS_VFY_NONCE (1u << 5) +/* Verify if the TSA name field matches the signer certificate. */ +# define TS_VFY_SIGNER (1u << 6) +/* Verify if the TSA name field equals to the user provided name. */ +# define TS_VFY_TSA_NAME (1u << 7) + +/* You can use the following convenience constants. */ +# define TS_VFY_ALL_IMPRINT (TS_VFY_SIGNATURE \ + | TS_VFY_VERSION \ + | TS_VFY_POLICY \ + | TS_VFY_IMPRINT \ + | TS_VFY_NONCE \ + | TS_VFY_SIGNER \ + | TS_VFY_TSA_NAME) +# define TS_VFY_ALL_DATA (TS_VFY_SIGNATURE \ + | TS_VFY_VERSION \ + | TS_VFY_POLICY \ + | TS_VFY_DATA \ + | TS_VFY_NONCE \ + | TS_VFY_SIGNER \ + | TS_VFY_TSA_NAME) + +typedef struct TS_verify_ctx TS_VERIFY_CTX; + +int TS_RESP_verify_response(TS_VERIFY_CTX *ctx, TS_RESP *response); +int TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token); + +/* + * Declarations related to response verification context, + */ +TS_VERIFY_CTX *TS_VERIFY_CTX_new(void); +void TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx); +void TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx); +void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx); +int TS_VERIFY_CTX_set_flags(TS_VERIFY_CTX *ctx, int f); +int TS_VERIFY_CTX_add_flags(TS_VERIFY_CTX *ctx, int f); +BIO *TS_VERIFY_CTX_set_data(TS_VERIFY_CTX *ctx, BIO *b); +unsigned char *TS_VERIFY_CTX_set_imprint(TS_VERIFY_CTX *ctx, + unsigned char *hexstr, long len); +X509_STORE *TS_VERIFY_CTX_set_store(TS_VERIFY_CTX *ctx, X509_STORE *s); +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define TS_VERIFY_CTS_set_certs(ctx, cert) TS_VERIFY_CTX_set_certs(ctx,cert) +# endif +STACK_OF(X509) *TS_VERIFY_CTX_set_certs(TS_VERIFY_CTX *ctx, STACK_OF(X509) *certs); + +/*- + * If ctx is NULL, it allocates and returns a new object, otherwise + * it returns ctx. It initialises all the members as follows: + * flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME | TS_VFY_SIGNATURE) + * certs = NULL + * store = NULL + * policy = policy from the request or NULL if absent (in this case + * TS_VFY_POLICY is cleared from flags as well) + * md_alg = MD algorithm from request + * imprint, imprint_len = imprint from request + * data = NULL + * nonce, nonce_len = nonce from the request or NULL if absent (in this case + * TS_VFY_NONCE is cleared from flags as well) + * tsa_name = NULL + * Important: after calling this method TS_VFY_SIGNATURE should be added! + */ +TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx); + +/* Function declarations for TS_RESP defined in ts/ts_resp_print.c */ + +int TS_RESP_print_bio(BIO *bio, TS_RESP *a); +int TS_STATUS_INFO_print_bio(BIO *bio, TS_STATUS_INFO *a); +int TS_TST_INFO_print_bio(BIO *bio, TS_TST_INFO *a); + +/* Common utility functions defined in ts/ts_lib.c */ + +int TS_ASN1_INTEGER_print_bio(BIO *bio, const ASN1_INTEGER *num); +int TS_OBJ_print_bio(BIO *bio, const ASN1_OBJECT *obj); +int TS_ext_print_bio(BIO *bio, const STACK_OF(X509_EXTENSION) *extensions); +int TS_X509_ALGOR_print_bio(BIO *bio, const X509_ALGOR *alg); +int TS_MSG_IMPRINT_print_bio(BIO *bio, TS_MSG_IMPRINT *msg); + +/* + * Function declarations for handling configuration options, defined in + * ts/ts_conf.c + */ + +X509 *TS_CONF_load_cert(const char *file); +STACK_OF(X509) *TS_CONF_load_certs(const char *file); +EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass); +const char *TS_CONF_get_tsa_section(CONF *conf, const char *section); +int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb, + TS_RESP_CTX *ctx); +#ifndef OPENSSL_NO_ENGINE +int TS_CONF_set_crypto_device(CONF *conf, const char *section, + const char *device); +int TS_CONF_set_default_engine(const char *name); +#endif +int TS_CONF_set_signer_cert(CONF *conf, const char *section, + const char *cert, TS_RESP_CTX *ctx); +int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs, + TS_RESP_CTX *ctx); +int TS_CONF_set_signer_key(CONF *conf, const char *section, + const char *key, const char *pass, + TS_RESP_CTX *ctx); +int TS_CONF_set_signer_digest(CONF *conf, const char *section, + const char *md, TS_RESP_CTX *ctx); +int TS_CONF_set_def_policy(CONF *conf, const char *section, + const char *policy, TS_RESP_CTX *ctx); +int TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_digests(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_accuracy(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_clock_precision_digits(CONF *conf, const char *section, + TS_RESP_CTX *ctx); +int TS_CONF_set_ordering(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_tsa_name(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_ess_cert_id_chain(CONF *conf, const char *section, + TS_RESP_CTX *ctx); +int TS_CONF_set_ess_cert_id_digest(CONF *conf, const char *section, + TS_RESP_CTX *ctx); + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/linux_amd64/include/openssl/tserr.h b/linux_amd64/include/openssl/tserr.h new file mode 100644 index 0000000..4684dc2 --- /dev/null +++ b/linux_amd64/include/openssl/tserr.h @@ -0,0 +1,134 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_TSERR_H +# define OPENSSL_TSERR_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_TSERR_H +# endif + +# include +# include + + +# include + +# ifndef OPENSSL_NO_TS + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_TS_strings(void); + +/* + * TS function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define TS_F_DEF_SERIAL_CB 0 +# define TS_F_DEF_TIME_CB 0 +# define TS_F_INT_TS_RESP_VERIFY_TOKEN 0 +# define TS_F_PKCS7_TO_TS_TST_INFO 0 +# define TS_F_TS_ACCURACY_SET_MICROS 0 +# define TS_F_TS_ACCURACY_SET_MILLIS 0 +# define TS_F_TS_ACCURACY_SET_SECONDS 0 +# define TS_F_TS_CHECK_IMPRINTS 0 +# define TS_F_TS_CHECK_NONCES 0 +# define TS_F_TS_CHECK_POLICY 0 +# define TS_F_TS_CHECK_SIGNING_CERTS 0 +# define TS_F_TS_CHECK_STATUS_INFO 0 +# define TS_F_TS_COMPUTE_IMPRINT 0 +# define TS_F_TS_CONF_INVALID 0 +# define TS_F_TS_CONF_LOAD_CERT 0 +# define TS_F_TS_CONF_LOAD_CERTS 0 +# define TS_F_TS_CONF_LOAD_KEY 0 +# define TS_F_TS_CONF_LOOKUP_FAIL 0 +# define TS_F_TS_CONF_SET_DEFAULT_ENGINE 0 +# define TS_F_TS_GET_STATUS_TEXT 0 +# define TS_F_TS_MSG_IMPRINT_SET_ALGO 0 +# define TS_F_TS_REQ_SET_MSG_IMPRINT 0 +# define TS_F_TS_REQ_SET_NONCE 0 +# define TS_F_TS_REQ_SET_POLICY_ID 0 +# define TS_F_TS_RESP_CREATE_RESPONSE 0 +# define TS_F_TS_RESP_CREATE_TST_INFO 0 +# define TS_F_TS_RESP_CTX_ADD_FAILURE_INFO 0 +# define TS_F_TS_RESP_CTX_ADD_MD 0 +# define TS_F_TS_RESP_CTX_ADD_POLICY 0 +# define TS_F_TS_RESP_CTX_NEW 0 +# define TS_F_TS_RESP_CTX_SET_ACCURACY 0 +# define TS_F_TS_RESP_CTX_SET_CERTS 0 +# define TS_F_TS_RESP_CTX_SET_DEF_POLICY 0 +# define TS_F_TS_RESP_CTX_SET_SIGNER_CERT 0 +# define TS_F_TS_RESP_CTX_SET_STATUS_INFO 0 +# define TS_F_TS_RESP_GET_POLICY 0 +# define TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION 0 +# define TS_F_TS_RESP_SET_STATUS_INFO 0 +# define TS_F_TS_RESP_SET_TST_INFO 0 +# define TS_F_TS_RESP_SIGN 0 +# define TS_F_TS_RESP_VERIFY_SIGNATURE 0 +# define TS_F_TS_TST_INFO_SET_ACCURACY 0 +# define TS_F_TS_TST_INFO_SET_MSG_IMPRINT 0 +# define TS_F_TS_TST_INFO_SET_NONCE 0 +# define TS_F_TS_TST_INFO_SET_POLICY_ID 0 +# define TS_F_TS_TST_INFO_SET_SERIAL 0 +# define TS_F_TS_TST_INFO_SET_TIME 0 +# define TS_F_TS_TST_INFO_SET_TSA 0 +# define TS_F_TS_VERIFY 0 +# define TS_F_TS_VERIFY_CERT 0 +# define TS_F_TS_VERIFY_CTX_NEW 0 +# endif + +/* + * TS reason codes. + */ +# define TS_R_BAD_PKCS7_TYPE 132 +# define TS_R_BAD_TYPE 133 +# define TS_R_CANNOT_LOAD_CERT 137 +# define TS_R_CANNOT_LOAD_KEY 138 +# define TS_R_CERTIFICATE_VERIFY_ERROR 100 +# define TS_R_COULD_NOT_SET_ENGINE 127 +# define TS_R_COULD_NOT_SET_TIME 115 +# define TS_R_DETACHED_CONTENT 134 +# define TS_R_ESS_ADD_SIGNING_CERT_ERROR 116 +# define TS_R_ESS_ADD_SIGNING_CERT_V2_ERROR 139 +# define TS_R_ESS_SIGNING_CERTIFICATE_ERROR 101 +# define TS_R_INVALID_NULL_POINTER 102 +# define TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE 117 +# define TS_R_MESSAGE_IMPRINT_MISMATCH 103 +# define TS_R_NONCE_MISMATCH 104 +# define TS_R_NONCE_NOT_RETURNED 105 +# define TS_R_NO_CONTENT 106 +# define TS_R_NO_TIME_STAMP_TOKEN 107 +# define TS_R_PKCS7_ADD_SIGNATURE_ERROR 118 +# define TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR 119 +# define TS_R_PKCS7_TO_TS_TST_INFO_FAILED 129 +# define TS_R_POLICY_MISMATCH 108 +# define TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 120 +# define TS_R_RESPONSE_SETUP_ERROR 121 +# define TS_R_SIGNATURE_FAILURE 109 +# define TS_R_THERE_MUST_BE_ONE_SIGNER 110 +# define TS_R_TIME_SYSCALL_ERROR 122 +# define TS_R_TOKEN_NOT_PRESENT 130 +# define TS_R_TOKEN_PRESENT 131 +# define TS_R_TSA_NAME_MISMATCH 111 +# define TS_R_TSA_UNTRUSTED 112 +# define TS_R_TST_INFO_SETUP_ERROR 123 +# define TS_R_TS_DATASIGN 124 +# define TS_R_UNACCEPTABLE_POLICY 125 +# define TS_R_UNSUPPORTED_MD_ALGORITHM 126 +# define TS_R_UNSUPPORTED_VERSION 113 +# define TS_R_VAR_BAD_VALUE 135 +# define TS_R_VAR_LOOKUP_FAILURE 136 +# define TS_R_WRONG_CONTENT_TYPE 114 + +# endif +#endif diff --git a/linux_amd64/include/openssl/txt_db.h b/linux_amd64/include/openssl/txt_db.h new file mode 100644 index 0000000..af169a3 --- /dev/null +++ b/linux_amd64/include/openssl/txt_db.h @@ -0,0 +1,63 @@ +/* + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_TXT_DB_H +# define OPENSSL_TXT_DB_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_TXT_DB_H +# endif + +# include +# include +# include +# include + +# define DB_ERROR_OK 0 +# define DB_ERROR_MALLOC 1 +# define DB_ERROR_INDEX_CLASH 2 +# define DB_ERROR_INDEX_OUT_OF_RANGE 3 +# define DB_ERROR_NO_INDEX 4 +# define DB_ERROR_INSERT_INDEX_CLASH 5 +# define DB_ERROR_WRONG_NUM_FIELDS 6 + +#ifdef __cplusplus +extern "C" { +#endif + +typedef OPENSSL_STRING *OPENSSL_PSTRING; +DEFINE_SPECIAL_STACK_OF(OPENSSL_PSTRING, OPENSSL_STRING) + +typedef struct txt_db_st { + int num_fields; + STACK_OF(OPENSSL_PSTRING) *data; + LHASH_OF(OPENSSL_STRING) **index; + int (**qual) (OPENSSL_STRING *); + long error; + long arg1; + long arg2; + OPENSSL_STRING *arg_row; +} TXT_DB; + +TXT_DB *TXT_DB_read(BIO *in, int num); +long TXT_DB_write(BIO *out, TXT_DB *db); +int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (OPENSSL_STRING *), + OPENSSL_LH_HASHFUNC hash, OPENSSL_LH_COMPFUNC cmp); +void TXT_DB_free(TXT_DB *db); +OPENSSL_STRING *TXT_DB_get_by_index(TXT_DB *db, int idx, + OPENSSL_STRING *value); +int TXT_DB_insert(TXT_DB *db, OPENSSL_STRING *value); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/linux_amd64/include/openssl/types.h b/linux_amd64/include/openssl/types.h new file mode 100644 index 0000000..5761afc --- /dev/null +++ b/linux_amd64/include/openssl/types.h @@ -0,0 +1,231 @@ +/* + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_TYPES_H +# define OPENSSL_TYPES_H + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +# include +# include + +typedef struct ossl_provider_st OSSL_PROVIDER; /* Provider Object */ + +# ifdef NO_ASN1_TYPEDEFS +# define ASN1_INTEGER ASN1_STRING +# define ASN1_ENUMERATED ASN1_STRING +# define ASN1_BIT_STRING ASN1_STRING +# define ASN1_OCTET_STRING ASN1_STRING +# define ASN1_PRINTABLESTRING ASN1_STRING +# define ASN1_T61STRING ASN1_STRING +# define ASN1_IA5STRING ASN1_STRING +# define ASN1_UTCTIME ASN1_STRING +# define ASN1_GENERALIZEDTIME ASN1_STRING +# define ASN1_TIME ASN1_STRING +# define ASN1_GENERALSTRING ASN1_STRING +# define ASN1_UNIVERSALSTRING ASN1_STRING +# define ASN1_BMPSTRING ASN1_STRING +# define ASN1_VISIBLESTRING ASN1_STRING +# define ASN1_UTF8STRING ASN1_STRING +# define ASN1_BOOLEAN int +# define ASN1_NULL int +# else +typedef struct asn1_string_st ASN1_INTEGER; +typedef struct asn1_string_st ASN1_ENUMERATED; +typedef struct asn1_string_st ASN1_BIT_STRING; +typedef struct asn1_string_st ASN1_OCTET_STRING; +typedef struct asn1_string_st ASN1_PRINTABLESTRING; +typedef struct asn1_string_st ASN1_T61STRING; +typedef struct asn1_string_st ASN1_IA5STRING; +typedef struct asn1_string_st ASN1_GENERALSTRING; +typedef struct asn1_string_st ASN1_UNIVERSALSTRING; +typedef struct asn1_string_st ASN1_BMPSTRING; +typedef struct asn1_string_st ASN1_UTCTIME; +typedef struct asn1_string_st ASN1_TIME; +typedef struct asn1_string_st ASN1_GENERALIZEDTIME; +typedef struct asn1_string_st ASN1_VISIBLESTRING; +typedef struct asn1_string_st ASN1_UTF8STRING; +typedef struct asn1_string_st ASN1_STRING; +typedef int ASN1_BOOLEAN; +typedef int ASN1_NULL; +# endif + +typedef struct asn1_object_st ASN1_OBJECT; + +typedef struct ASN1_ITEM_st ASN1_ITEM; +typedef struct asn1_pctx_st ASN1_PCTX; +typedef struct asn1_sctx_st ASN1_SCTX; + +# ifdef _WIN32 +# undef X509_NAME +# undef X509_EXTENSIONS +# undef PKCS7_ISSUER_AND_SERIAL +# undef PKCS7_SIGNER_INFO +# undef OCSP_REQUEST +# undef OCSP_RESPONSE +# endif + +# ifdef BIGNUM +# undef BIGNUM +# endif + +typedef struct bio_st BIO; +typedef struct bignum_st BIGNUM; +typedef struct bignum_ctx BN_CTX; +typedef struct bn_blinding_st BN_BLINDING; +typedef struct bn_mont_ctx_st BN_MONT_CTX; +typedef struct bn_recp_ctx_st BN_RECP_CTX; +typedef struct bn_gencb_st BN_GENCB; + +typedef struct buf_mem_st BUF_MEM; + +STACK_OF(BIGNUM); +STACK_OF(BIGNUM_const); + +typedef struct err_state_st ERR_STATE; + +typedef struct evp_cipher_st EVP_CIPHER; +typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX; +typedef struct evp_md_st EVP_MD; +typedef struct evp_md_ctx_st EVP_MD_CTX; +typedef struct evp_mac_st EVP_MAC; +typedef struct evp_mac_ctx_st EVP_MAC_CTX; +typedef struct evp_pkey_st EVP_PKEY; + +typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD; + +typedef struct evp_pkey_method_st EVP_PKEY_METHOD; +typedef struct evp_pkey_ctx_st EVP_PKEY_CTX; + +typedef struct evp_keymgmt_st EVP_KEYMGMT; + +typedef struct evp_kdf_st EVP_KDF; +typedef struct evp_kdf_ctx_st EVP_KDF_CTX; + +typedef struct evp_keyexch_st EVP_KEYEXCH; + +typedef struct evp_signature_st EVP_SIGNATURE; + +typedef struct evp_asym_cipher_st EVP_ASYM_CIPHER; + +typedef struct evp_Encode_Ctx_st EVP_ENCODE_CTX; + +typedef struct hmac_ctx_st HMAC_CTX; + +typedef struct dh_st DH; +typedef struct dh_method DH_METHOD; + +typedef struct dsa_st DSA; +typedef struct dsa_method DSA_METHOD; + +typedef struct rsa_st RSA; +typedef struct rsa_meth_st RSA_METHOD; +typedef struct rsa_pss_params_st RSA_PSS_PARAMS; + +typedef struct ec_key_st EC_KEY; +typedef struct ec_key_method_st EC_KEY_METHOD; + +typedef struct rand_meth_st RAND_METHOD; +typedef struct rand_drbg_st RAND_DRBG; + +typedef struct ssl_dane_st SSL_DANE; +typedef struct x509_st X509; +typedef struct X509_algor_st X509_ALGOR; +typedef struct X509_crl_st X509_CRL; +typedef struct x509_crl_method_st X509_CRL_METHOD; +typedef struct x509_revoked_st X509_REVOKED; +typedef struct X509_name_st X509_NAME; +typedef struct X509_pubkey_st X509_PUBKEY; +typedef struct x509_store_st X509_STORE; +typedef struct x509_store_ctx_st X509_STORE_CTX; + +typedef struct x509_object_st X509_OBJECT; +typedef struct x509_lookup_st X509_LOOKUP; +typedef struct x509_lookup_method_st X509_LOOKUP_METHOD; +typedef struct X509_VERIFY_PARAM_st X509_VERIFY_PARAM; + +typedef struct x509_sig_info_st X509_SIG_INFO; + +typedef struct pkcs8_priv_key_info_st PKCS8_PRIV_KEY_INFO; + +typedef struct v3_ext_ctx X509V3_CTX; +typedef struct conf_st CONF; +typedef struct ossl_init_settings_st OPENSSL_INIT_SETTINGS; + +typedef struct ui_st UI; +typedef struct ui_method_st UI_METHOD; + +typedef struct engine_st ENGINE; +typedef struct ssl_st SSL; +typedef struct ssl_ctx_st SSL_CTX; + +typedef struct comp_ctx_st COMP_CTX; +typedef struct comp_method_st COMP_METHOD; + +typedef struct X509_POLICY_NODE_st X509_POLICY_NODE; +typedef struct X509_POLICY_LEVEL_st X509_POLICY_LEVEL; +typedef struct X509_POLICY_TREE_st X509_POLICY_TREE; +typedef struct X509_POLICY_CACHE_st X509_POLICY_CACHE; + +typedef struct AUTHORITY_KEYID_st AUTHORITY_KEYID; +typedef struct DIST_POINT_st DIST_POINT; +typedef struct ISSUING_DIST_POINT_st ISSUING_DIST_POINT; +typedef struct NAME_CONSTRAINTS_st NAME_CONSTRAINTS; + +typedef struct crypto_ex_data_st CRYPTO_EX_DATA; + +typedef struct ossl_http_req_ctx_st OCSP_REQ_CTX; /* backward compatibility */ +typedef struct ocsp_response_st OCSP_RESPONSE; +typedef struct ocsp_responder_id_st OCSP_RESPID; + +typedef struct sct_st SCT; +typedef struct sct_ctx_st SCT_CTX; +typedef struct ctlog_st CTLOG; +typedef struct ctlog_store_st CTLOG_STORE; +typedef struct ct_policy_eval_ctx_st CT_POLICY_EVAL_CTX; + +typedef struct ossl_store_info_st OSSL_STORE_INFO; +typedef struct ossl_store_search_st OSSL_STORE_SEARCH; + +typedef struct openssl_ctx_st OPENSSL_CTX; + +typedef struct ossl_dispatch_st OSSL_DISPATCH; +typedef struct ossl_item_st OSSL_ITEM; +typedef struct ossl_algorithm_st OSSL_ALGORITHM; +typedef struct ossl_param_st OSSL_PARAM; + +typedef int pem_password_cb (char *buf, int size, int rwflag, void *userdata); + +typedef struct ossl_serializer_st OSSL_SERIALIZER; +typedef struct ossl_serializer_ctx_st OSSL_SERIALIZER_CTX; + +#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L && \ + defined(INTMAX_MAX) && defined(UINTMAX_MAX) +typedef intmax_t ossl_intmax_t; +typedef uintmax_t ossl_uintmax_t; +#else +/* + * Not long long, because the C-library can only be expected to provide + * strtoll(), strtoull() at the same time as intmax_t and strtoimax(), + * strtoumax(). Since we use these for parsing arguments, we need the + * conversion functions, not just the sizes. + */ +typedef long ossl_intmax_t; +typedef unsigned long ossl_uintmax_t; +#endif + +#ifdef __cplusplus +} +#endif + +#endif /* OPENSSL_TYPES_H */ diff --git a/linux_amd64/include/openssl/ui.h b/linux_amd64/include/openssl/ui.h new file mode 100644 index 0000000..56fb6f5 --- /dev/null +++ b/linux_amd64/include/openssl/ui.h @@ -0,0 +1,374 @@ +/* + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_UI_H +# define OPENSSL_UI_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_UI_H +# endif + +# include + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# include +# endif +# include +# include +# include +# include + +/* For compatibility reasons, the macro OPENSSL_NO_UI is currently retained */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# ifdef OPENSSL_NO_UI_CONSOLE +# define OPENSSL_NO_UI +# endif +# endif + +# ifdef __cplusplus +extern "C" { +# endif + +/* + * All the following functions return -1 or NULL on error and in some cases + * (UI_process()) -2 if interrupted or in some other way cancelled. When + * everything is fine, they return 0, a positive value or a non-NULL pointer, + * all depending on their purpose. + */ + +/* Creators and destructor. */ +UI *UI_new(void); +UI *UI_new_method(const UI_METHOD *method); +void UI_free(UI *ui); + +/*- + The following functions are used to add strings to be printed and prompt + strings to prompt for data. The names are UI_{add,dup}__string + and UI_{add,dup}_input_boolean. + + UI_{add,dup}__string have the following meanings: + add add a text or prompt string. The pointers given to these + functions are used verbatim, no copying is done. + dup make a copy of the text or prompt string, then add the copy + to the collection of strings in the user interface. + + The function is a name for the functionality that the given + string shall be used for. It can be one of: + input use the string as data prompt. + verify use the string as verification prompt. This + is used to verify a previous input. + info use the string for informational output. + error use the string for error output. + Honestly, there's currently no difference between info and error for the + moment. + + UI_{add,dup}_input_boolean have the same semantics for "add" and "dup", + and are typically used when one wants to prompt for a yes/no response. + + All of the functions in this group take a UI and a prompt string. + The string input and verify addition functions also take a flag argument, + a buffer for the result to end up with, a minimum input size and a maximum + input size (the result buffer MUST be large enough to be able to contain + the maximum number of characters). Additionally, the verify addition + functions takes another buffer to compare the result against. + The boolean input functions take an action description string (which should + be safe to ignore if the expected user action is obvious, for example with + a dialog box with an OK button and a Cancel button), a string of acceptable + characters to mean OK and to mean Cancel. The two last strings are checked + to make sure they don't have common characters. Additionally, the same + flag argument as for the string input is taken, as well as a result buffer. + The result buffer is required to be at least one byte long. Depending on + the answer, the first character from the OK or the Cancel character strings + will be stored in the first byte of the result buffer. No NUL will be + added, so the result is *not* a string. + + On success, the all return an index of the added information. That index + is useful when retrieving results with UI_get0_result(). */ +int UI_add_input_string(UI *ui, const char *prompt, int flags, + char *result_buf, int minsize, int maxsize); +int UI_dup_input_string(UI *ui, const char *prompt, int flags, + char *result_buf, int minsize, int maxsize); +int UI_add_verify_string(UI *ui, const char *prompt, int flags, + char *result_buf, int minsize, int maxsize, + const char *test_buf); +int UI_dup_verify_string(UI *ui, const char *prompt, int flags, + char *result_buf, int minsize, int maxsize, + const char *test_buf); +int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc, + const char *ok_chars, const char *cancel_chars, + int flags, char *result_buf); +int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc, + const char *ok_chars, const char *cancel_chars, + int flags, char *result_buf); +int UI_add_info_string(UI *ui, const char *text); +int UI_dup_info_string(UI *ui, const char *text); +int UI_add_error_string(UI *ui, const char *text); +int UI_dup_error_string(UI *ui, const char *text); + +/* These are the possible flags. They can be or'ed together. */ +/* Use to have echoing of input */ +# define UI_INPUT_FLAG_ECHO 0x01 +/* + * Use a default password. Where that password is found is completely up to + * the application, it might for example be in the user data set with + * UI_add_user_data(). It is not recommended to have more than one input in + * each UI being marked with this flag, or the application might get + * confused. + */ +# define UI_INPUT_FLAG_DEFAULT_PWD 0x02 + +/*- + * The user of these routines may want to define flags of their own. The core + * UI won't look at those, but will pass them on to the method routines. They + * must use higher bits so they don't get confused with the UI bits above. + * UI_INPUT_FLAG_USER_BASE tells which is the lowest bit to use. A good + * example of use is this: + * + * #define MY_UI_FLAG1 (0x01 << UI_INPUT_FLAG_USER_BASE) + * +*/ +# define UI_INPUT_FLAG_USER_BASE 16 + +/*- + * The following function helps construct a prompt. object_desc is a + * textual short description of the object, for example "pass phrase", + * and object_name is the name of the object (might be a card name or + * a file name. + * The returned string shall always be allocated on the heap with + * OPENSSL_malloc(), and need to be free'd with OPENSSL_free(). + * + * If the ui_method doesn't contain a pointer to a user-defined prompt + * constructor, a default string is built, looking like this: + * + * "Enter {object_desc} for {object_name}:" + * + * So, if object_desc has the value "pass phrase" and object_name has + * the value "foo.key", the resulting string is: + * + * "Enter pass phrase for foo.key:" +*/ +char *UI_construct_prompt(UI *ui_method, + const char *object_desc, const char *object_name); + +/* + * The following function is used to store a pointer to user-specific data. + * Any previous such pointer will be returned and replaced. + * + * For callback purposes, this function makes a lot more sense than using + * ex_data, since the latter requires that different parts of OpenSSL or + * applications share the same ex_data index. + * + * Note that the UI_OpenSSL() method completely ignores the user data. Other + * methods may not, however. + */ +void *UI_add_user_data(UI *ui, void *user_data); +/* + * Alternatively, this function is used to duplicate the user data. + * This uses the duplicator method function. The destroy function will + * be used to free the user data in this case. + */ +int UI_dup_user_data(UI *ui, void *user_data); +/* We need a user data retrieving function as well. */ +void *UI_get0_user_data(UI *ui); + +/* Return the result associated with a prompt given with the index i. */ +const char *UI_get0_result(UI *ui, int i); +int UI_get_result_length(UI *ui, int i); + +/* When all strings have been added, process the whole thing. */ +int UI_process(UI *ui); + +/* + * Give a user interface parameterised control commands. This can be used to + * send down an integer, a data pointer or a function pointer, as well as be + * used to get information from a UI. + */ +int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f) (void)); + +/* The commands */ +/* + * Use UI_CONTROL_PRINT_ERRORS with the value 1 to have UI_process print the + * OpenSSL error stack before printing any info or added error messages and + * before any prompting. + */ +# define UI_CTRL_PRINT_ERRORS 1 +/* + * Check if a UI_process() is possible to do again with the same instance of + * a user interface. This makes UI_ctrl() return 1 if it is redoable, and 0 + * if not. + */ +# define UI_CTRL_IS_REDOABLE 2 + +/* Some methods may use extra data */ +# define UI_set_app_data(s,arg) UI_set_ex_data(s,0,arg) +# define UI_get_app_data(s) UI_get_ex_data(s,0) + +# define UI_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_UI, l, p, newf, dupf, freef) +int UI_set_ex_data(UI *r, int idx, void *arg); +void *UI_get_ex_data(UI *r, int idx); + +/* Use specific methods instead of the built-in one */ +void UI_set_default_method(const UI_METHOD *meth); +const UI_METHOD *UI_get_default_method(void); +const UI_METHOD *UI_get_method(UI *ui); +const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth); + +# ifndef OPENSSL_NO_UI_CONSOLE + +/* The method with all the built-in thingies */ +UI_METHOD *UI_OpenSSL(void); + +# endif + +/* + * NULL method. Literally does nothing, but may serve as a placeholder + * to avoid internal default. + */ +const UI_METHOD *UI_null(void); + +/* ---------- For method writers ---------- */ +/*- + A method contains a number of functions that implement the low level + of the User Interface. The functions are: + + an opener This function starts a session, maybe by opening + a channel to a tty, or by opening a window. + a writer This function is called to write a given string, + maybe to the tty, maybe as a field label in a + window. + a flusher This function is called to flush everything that + has been output so far. It can be used to actually + display a dialog box after it has been built. + a reader This function is called to read a given prompt, + maybe from the tty, maybe from a field in a + window. Note that it's called with all string + structures, not only the prompt ones, so it must + check such things itself. + a closer This function closes the session, maybe by closing + the channel to the tty, or closing the window. + + All these functions are expected to return: + + 0 on error. + 1 on success. + -1 on out-of-band events, for example if some prompting has + been canceled (by pressing Ctrl-C, for example). This is + only checked when returned by the flusher or the reader. + + The way this is used, the opener is first called, then the writer for all + strings, then the flusher, then the reader for all strings and finally the + closer. Note that if you want to prompt from a terminal or other command + line interface, the best is to have the reader also write the prompts + instead of having the writer do it. If you want to prompt from a dialog + box, the writer can be used to build up the contents of the box, and the + flusher to actually display the box and run the event loop until all data + has been given, after which the reader only grabs the given data and puts + them back into the UI strings. + + All method functions take a UI as argument. Additionally, the writer and + the reader take a UI_STRING. +*/ + +/* + * The UI_STRING type is the data structure that contains all the needed info + * about a string or a prompt, including test data for a verification prompt. + */ +typedef struct ui_string_st UI_STRING; +DEFINE_STACK_OF(UI_STRING) + +/* + * The different types of strings that are currently supported. This is only + * needed by method authors. + */ +enum UI_string_types { + UIT_NONE = 0, + UIT_PROMPT, /* Prompt for a string */ + UIT_VERIFY, /* Prompt for a string and verify */ + UIT_BOOLEAN, /* Prompt for a yes/no response */ + UIT_INFO, /* Send info to the user */ + UIT_ERROR /* Send an error message to the user */ +}; + +/* Create and manipulate methods */ +UI_METHOD *UI_create_method(const char *name); +void UI_destroy_method(UI_METHOD *ui_method); +int UI_method_set_opener(UI_METHOD *method, int (*opener) (UI *ui)); +int UI_method_set_writer(UI_METHOD *method, + int (*writer) (UI *ui, UI_STRING *uis)); +int UI_method_set_flusher(UI_METHOD *method, int (*flusher) (UI *ui)); +int UI_method_set_reader(UI_METHOD *method, + int (*reader) (UI *ui, UI_STRING *uis)); +int UI_method_set_closer(UI_METHOD *method, int (*closer) (UI *ui)); +int UI_method_set_data_duplicator(UI_METHOD *method, + void *(*duplicator) (UI *ui, void *ui_data), + void (*destructor)(UI *ui, void *ui_data)); +int UI_method_set_prompt_constructor(UI_METHOD *method, + char *(*prompt_constructor) (UI *ui, + const char + *object_desc, + const char + *object_name)); +int UI_method_set_ex_data(UI_METHOD *method, int idx, void *data); +int (*UI_method_get_opener(const UI_METHOD *method)) (UI *); +int (*UI_method_get_writer(const UI_METHOD *method)) (UI *, UI_STRING *); +int (*UI_method_get_flusher(const UI_METHOD *method)) (UI *); +int (*UI_method_get_reader(const UI_METHOD *method)) (UI *, UI_STRING *); +int (*UI_method_get_closer(const UI_METHOD *method)) (UI *); +char *(*UI_method_get_prompt_constructor(const UI_METHOD *method)) + (UI *, const char *, const char *); +void *(*UI_method_get_data_duplicator(const UI_METHOD *method)) (UI *, void *); +void (*UI_method_get_data_destructor(const UI_METHOD *method)) (UI *, void *); +const void *UI_method_get_ex_data(const UI_METHOD *method, int idx); + +/* + * The following functions are helpers for method writers to access relevant + * data from a UI_STRING. + */ + +/* Return type of the UI_STRING */ +enum UI_string_types UI_get_string_type(UI_STRING *uis); +/* Return input flags of the UI_STRING */ +int UI_get_input_flags(UI_STRING *uis); +/* Return the actual string to output (the prompt, info or error) */ +const char *UI_get0_output_string(UI_STRING *uis); +/* + * Return the optional action string to output (the boolean prompt + * instruction) + */ +const char *UI_get0_action_string(UI_STRING *uis); +/* Return the result of a prompt */ +const char *UI_get0_result_string(UI_STRING *uis); +int UI_get_result_string_length(UI_STRING *uis); +/* + * Return the string to test the result against. Only useful with verifies. + */ +const char *UI_get0_test_string(UI_STRING *uis); +/* Return the required minimum size of the result */ +int UI_get_result_minsize(UI_STRING *uis); +/* Return the required maximum size of the result */ +int UI_get_result_maxsize(UI_STRING *uis); +/* Set the result of a UI_STRING. */ +int UI_set_result(UI *ui, UI_STRING *uis, const char *result); +int UI_set_result_ex(UI *ui, UI_STRING *uis, const char *result, int len); + +/* A couple of popular utility functions */ +int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt, + int verify); +int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt, + int verify); +UI_METHOD *UI_UTIL_wrap_read_pem_callback(pem_password_cb *cb, int rwflag); + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/linux_amd64/include/openssl/uierr.h b/linux_amd64/include/openssl/uierr.h new file mode 100644 index 0000000..dbc6432 --- /dev/null +++ b/linux_amd64/include/openssl/uierr.h @@ -0,0 +1,73 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_UIERR_H +# define OPENSSL_UIERR_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_UIERR_H +# endif + +# include +# include + + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_UI_strings(void); + +/* + * UI function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define UI_F_CLOSE_CONSOLE 0 +# define UI_F_ECHO_CONSOLE 0 +# define UI_F_GENERAL_ALLOCATE_BOOLEAN 0 +# define UI_F_GENERAL_ALLOCATE_PROMPT 0 +# define UI_F_NOECHO_CONSOLE 0 +# define UI_F_OPEN_CONSOLE 0 +# define UI_F_UI_CONSTRUCT_PROMPT 0 +# define UI_F_UI_CREATE_METHOD 0 +# define UI_F_UI_CTRL 0 +# define UI_F_UI_DUP_ERROR_STRING 0 +# define UI_F_UI_DUP_INFO_STRING 0 +# define UI_F_UI_DUP_INPUT_BOOLEAN 0 +# define UI_F_UI_DUP_INPUT_STRING 0 +# define UI_F_UI_DUP_USER_DATA 0 +# define UI_F_UI_DUP_VERIFY_STRING 0 +# define UI_F_UI_GET0_RESULT 0 +# define UI_F_UI_GET_RESULT_LENGTH 0 +# define UI_F_UI_NEW_METHOD 0 +# define UI_F_UI_PROCESS 0 +# define UI_F_UI_SET_RESULT 0 +# define UI_F_UI_SET_RESULT_EX 0 +# endif + +/* + * UI reason codes. + */ +# define UI_R_COMMON_OK_AND_CANCEL_CHARACTERS 104 +# define UI_R_INDEX_TOO_LARGE 102 +# define UI_R_INDEX_TOO_SMALL 103 +# define UI_R_NO_RESULT_BUFFER 105 +# define UI_R_PROCESSING_ERROR 107 +# define UI_R_RESULT_TOO_LARGE 100 +# define UI_R_RESULT_TOO_SMALL 101 +# define UI_R_SYSASSIGN_ERROR 109 +# define UI_R_SYSDASSGN_ERROR 110 +# define UI_R_SYSQIOW_ERROR 111 +# define UI_R_UNKNOWN_CONTROL_COMMAND 106 +# define UI_R_UNKNOWN_TTYGET_ERRNO_VALUE 108 +# define UI_R_USER_DATA_DUPLICATION_UNSUPPORTED 112 + +#endif diff --git a/linux_amd64/include/openssl/whrlpool.h b/linux_amd64/include/openssl/whrlpool.h new file mode 100644 index 0000000..cc8802f --- /dev/null +++ b/linux_amd64/include/openssl/whrlpool.h @@ -0,0 +1,61 @@ +/* + * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_WHRLPOOL_H +# define OPENSSL_WHRLPOOL_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_WHRLPOOL_H +# endif + +# include + +# ifndef OPENSSL_NO_WHIRLPOOL +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + +# define WHIRLPOOL_DIGEST_LENGTH (512/8) + +# if !defined(OPENSSL_NO_DEPRECATED_3_0) + +# define WHIRLPOOL_BBLOCK 512 +# define WHIRLPOOL_COUNTER (256/8) + +typedef struct { + union { + unsigned char c[WHIRLPOOL_DIGEST_LENGTH]; + /* double q is here to ensure 64-bit alignment */ + double q[WHIRLPOOL_DIGEST_LENGTH / sizeof(double)]; + } H; + unsigned char data[WHIRLPOOL_BBLOCK / 8]; + unsigned int bitoff; + size_t bitlen[WHIRLPOOL_COUNTER / sizeof(size_t)]; +} WHIRLPOOL_CTX; +# endif + +DEPRECATEDIN_3_0(int WHIRLPOOL_Init(WHIRLPOOL_CTX *c)) +DEPRECATEDIN_3_0(int WHIRLPOOL_Update(WHIRLPOOL_CTX *c, + const void *inp, size_t bytes)) +DEPRECATEDIN_3_0(void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c, const void *inp, + size_t bits)) +DEPRECATEDIN_3_0(int WHIRLPOOL_Final(unsigned char *md, WHIRLPOOL_CTX *c)) +DEPRECATEDIN_3_0(unsigned char *WHIRLPOOL(const void *inp, size_t bytes, + unsigned char *md)) + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/linux_amd64/include/openssl/x509.h b/linux_amd64/include/openssl/x509.h new file mode 100644 index 0000000..a2d6e44 --- /dev/null +++ b/linux_amd64/include/openssl/x509.h @@ -0,0 +1,1071 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_X509_H +# define OPENSSL_X509_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_X509_H +# endif + +# include +# include +# include +# include +# include +# include +# include +# include +# include + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# include +# include +# include +# endif + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + + +/* Flags for X509_get_signature_info() */ +/* Signature info is valid */ +# define X509_SIG_INFO_VALID 0x1 +/* Signature is suitable for TLS use */ +# define X509_SIG_INFO_TLS 0x2 + +# define X509_FILETYPE_PEM 1 +# define X509_FILETYPE_ASN1 2 +# define X509_FILETYPE_DEFAULT 3 + +# define X509v3_KU_DIGITAL_SIGNATURE 0x0080 +# define X509v3_KU_NON_REPUDIATION 0x0040 +# define X509v3_KU_KEY_ENCIPHERMENT 0x0020 +# define X509v3_KU_DATA_ENCIPHERMENT 0x0010 +# define X509v3_KU_KEY_AGREEMENT 0x0008 +# define X509v3_KU_KEY_CERT_SIGN 0x0004 +# define X509v3_KU_CRL_SIGN 0x0002 +# define X509v3_KU_ENCIPHER_ONLY 0x0001 +# define X509v3_KU_DECIPHER_ONLY 0x8000 +# define X509v3_KU_UNDEF 0xffff + +struct X509_algor_st { + ASN1_OBJECT *algorithm; + ASN1_TYPE *parameter; +} /* X509_ALGOR */ ; + +typedef STACK_OF(X509_ALGOR) X509_ALGORS; + +typedef struct X509_val_st { + ASN1_TIME *notBefore; + ASN1_TIME *notAfter; +} X509_VAL; + +typedef struct X509_sig_st X509_SIG; + +typedef struct X509_name_entry_st X509_NAME_ENTRY; + +DEFINE_STACK_OF(X509_NAME_ENTRY) + +DEFINE_STACK_OF(X509_NAME) + +# define X509_EX_V_NETSCAPE_HACK 0x8000 +# define X509_EX_V_INIT 0x0001 +typedef struct X509_extension_st X509_EXTENSION; + +typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS; + +DEFINE_STACK_OF(X509_EXTENSION) + +typedef struct x509_attributes_st X509_ATTRIBUTE; + +DEFINE_STACK_OF(X509_ATTRIBUTE) + +typedef struct X509_req_info_st X509_REQ_INFO; + +typedef struct X509_req_st X509_REQ; + +typedef struct x509_cert_aux_st X509_CERT_AUX; + +typedef struct x509_cinf_st X509_CINF; + +DEFINE_STACK_OF(X509) + +/* This is used for a table of trust checking functions */ + +typedef struct x509_trust_st { + int trust; + int flags; + int (*check_trust) (struct x509_trust_st *, X509 *, int); + char *name; + int arg1; + void *arg2; +} X509_TRUST; + +DEFINE_STACK_OF(X509_TRUST) + +/* standard trust ids */ + +# define X509_TRUST_DEFAULT 0 /* Only valid in purpose settings */ + +# define X509_TRUST_COMPAT 1 +# define X509_TRUST_SSL_CLIENT 2 +# define X509_TRUST_SSL_SERVER 3 +# define X509_TRUST_EMAIL 4 +# define X509_TRUST_OBJECT_SIGN 5 +# define X509_TRUST_OCSP_SIGN 6 +# define X509_TRUST_OCSP_REQUEST 7 +# define X509_TRUST_TSA 8 + +/* Keep these up to date! */ +# define X509_TRUST_MIN 1 +# define X509_TRUST_MAX 8 + +/* trust_flags values */ +# define X509_TRUST_DYNAMIC (1U << 0) +# define X509_TRUST_DYNAMIC_NAME (1U << 1) +/* No compat trust if self-signed, preempts "DO_SS" */ +# define X509_TRUST_NO_SS_COMPAT (1U << 2) +/* Compat trust if no explicit accepted trust EKUs */ +# define X509_TRUST_DO_SS_COMPAT (1U << 3) +/* Accept "anyEKU" as a wildcard trust OID */ +# define X509_TRUST_OK_ANY_EKU (1U << 4) + +/* check_trust return codes */ + +# define X509_TRUST_TRUSTED 1 +# define X509_TRUST_REJECTED 2 +# define X509_TRUST_UNTRUSTED 3 + +/* Flags for X509_print_ex() */ + +# define X509_FLAG_COMPAT 0 +# define X509_FLAG_NO_HEADER 1L +# define X509_FLAG_NO_VERSION (1L << 1) +# define X509_FLAG_NO_SERIAL (1L << 2) +# define X509_FLAG_NO_SIGNAME (1L << 3) +# define X509_FLAG_NO_ISSUER (1L << 4) +# define X509_FLAG_NO_VALIDITY (1L << 5) +# define X509_FLAG_NO_SUBJECT (1L << 6) +# define X509_FLAG_NO_PUBKEY (1L << 7) +# define X509_FLAG_NO_EXTENSIONS (1L << 8) +# define X509_FLAG_NO_SIGDUMP (1L << 9) +# define X509_FLAG_NO_AUX (1L << 10) +# define X509_FLAG_NO_ATTRIBUTES (1L << 11) +# define X509_FLAG_NO_IDS (1L << 12) + +/* Flags specific to X509_NAME_print_ex() */ + +/* The field separator information */ + +# define XN_FLAG_SEP_MASK (0xf << 16) + +# define XN_FLAG_COMPAT 0/* Traditional; use old X509_NAME_print */ +# define XN_FLAG_SEP_COMMA_PLUS (1 << 16)/* RFC2253 ,+ */ +# define XN_FLAG_SEP_CPLUS_SPC (2 << 16)/* ,+ spaced: more readable */ +# define XN_FLAG_SEP_SPLUS_SPC (3 << 16)/* ;+ spaced */ +# define XN_FLAG_SEP_MULTILINE (4 << 16)/* One line per field */ + +# define XN_FLAG_DN_REV (1 << 20)/* Reverse DN order */ + +/* How the field name is shown */ + +# define XN_FLAG_FN_MASK (0x3 << 21) + +# define XN_FLAG_FN_SN 0/* Object short name */ +# define XN_FLAG_FN_LN (1 << 21)/* Object long name */ +# define XN_FLAG_FN_OID (2 << 21)/* Always use OIDs */ +# define XN_FLAG_FN_NONE (3 << 21)/* No field names */ + +# define XN_FLAG_SPC_EQ (1 << 23)/* Put spaces round '=' */ + +/* + * This determines if we dump fields we don't recognise: RFC2253 requires + * this. + */ + +# define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24) + +# define XN_FLAG_FN_ALIGN (1 << 25)/* Align field names to 20 + * characters */ + +/* Complete set of RFC2253 flags */ + +# define XN_FLAG_RFC2253 (ASN1_STRFLGS_RFC2253 | \ + XN_FLAG_SEP_COMMA_PLUS | \ + XN_FLAG_DN_REV | \ + XN_FLAG_FN_SN | \ + XN_FLAG_DUMP_UNKNOWN_FIELDS) + +/* readable oneline form */ + +# define XN_FLAG_ONELINE (ASN1_STRFLGS_RFC2253 | \ + ASN1_STRFLGS_ESC_QUOTE | \ + XN_FLAG_SEP_CPLUS_SPC | \ + XN_FLAG_SPC_EQ | \ + XN_FLAG_FN_SN) + +/* readable multiline form */ + +# define XN_FLAG_MULTILINE (ASN1_STRFLGS_ESC_CTRL | \ + ASN1_STRFLGS_ESC_MSB | \ + XN_FLAG_SEP_MULTILINE | \ + XN_FLAG_SPC_EQ | \ + XN_FLAG_FN_LN | \ + XN_FLAG_FN_ALIGN) + +DEFINE_STACK_OF(X509_REVOKED) + +typedef struct X509_crl_info_st X509_CRL_INFO; + +DEFINE_STACK_OF(X509_CRL) + +typedef struct private_key_st { + int version; + /* The PKCS#8 data types */ + X509_ALGOR *enc_algor; + ASN1_OCTET_STRING *enc_pkey; /* encrypted pub key */ + /* When decrypted, the following will not be NULL */ + EVP_PKEY *dec_pkey; + /* used to encrypt and decrypt */ + int key_length; + char *key_data; + int key_free; /* true if we should auto free key_data */ + /* expanded version of 'enc_algor' */ + EVP_CIPHER_INFO cipher; +} X509_PKEY; + +typedef struct X509_info_st { + X509 *x509; + X509_CRL *crl; + X509_PKEY *x_pkey; + EVP_CIPHER_INFO enc_cipher; + int enc_len; + char *enc_data; +} X509_INFO; + +DEFINE_STACK_OF(X509_INFO) + +/* + * The next 2 structures and their 8 routines are used to manipulate Netscape's + * spki structures - useful if you are writing a CA web page + */ +typedef struct Netscape_spkac_st { + X509_PUBKEY *pubkey; + ASN1_IA5STRING *challenge; /* challenge sent in atlas >= PR2 */ +} NETSCAPE_SPKAC; + +typedef struct Netscape_spki_st { + NETSCAPE_SPKAC *spkac; /* signed public key and challenge */ + X509_ALGOR sig_algor; + ASN1_BIT_STRING *signature; +} NETSCAPE_SPKI; + +/* Netscape certificate sequence structure */ +typedef struct Netscape_certificate_sequence { + ASN1_OBJECT *type; + STACK_OF(X509) *certs; +} NETSCAPE_CERT_SEQUENCE; + +/*- Unused (and iv length is wrong) +typedef struct CBCParameter_st + { + unsigned char iv[8]; + } CBC_PARAM; +*/ + +/* Password based encryption structure */ + +typedef struct PBEPARAM_st { + ASN1_OCTET_STRING *salt; + ASN1_INTEGER *iter; +} PBEPARAM; + +/* Password based encryption V2 structures */ + +typedef struct PBE2PARAM_st { + X509_ALGOR *keyfunc; + X509_ALGOR *encryption; +} PBE2PARAM; + +typedef struct PBKDF2PARAM_st { +/* Usually OCTET STRING but could be anything */ + ASN1_TYPE *salt; + ASN1_INTEGER *iter; + ASN1_INTEGER *keylength; + X509_ALGOR *prf; +} PBKDF2PARAM; + +#ifndef OPENSSL_NO_SCRYPT +typedef struct SCRYPT_PARAMS_st { + ASN1_OCTET_STRING *salt; + ASN1_INTEGER *costParameter; + ASN1_INTEGER *blockSize; + ASN1_INTEGER *parallelizationParameter; + ASN1_INTEGER *keyLength; +} SCRYPT_PARAMS; +#endif + +#ifdef __cplusplus +} +#endif + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# define X509_EXT_PACK_UNKNOWN 1 +# define X509_EXT_PACK_STRING 2 + +# define X509_extract_key(x) X509_get_pubkey(x)/*****/ +# define X509_REQ_extract_key(a) X509_REQ_get_pubkey(a) +# define X509_name_cmp(a,b) X509_NAME_cmp((a),(b)) + +void X509_CRL_set_default_method(const X509_CRL_METHOD *meth); +X509_CRL_METHOD *X509_CRL_METHOD_new(int (*crl_init) (X509_CRL *crl), + int (*crl_free) (X509_CRL *crl), + int (*crl_lookup) (X509_CRL *crl, + X509_REVOKED **ret, + ASN1_INTEGER *ser, + X509_NAME *issuer), + int (*crl_verify) (X509_CRL *crl, + EVP_PKEY *pk)); +void X509_CRL_METHOD_free(X509_CRL_METHOD *m); + +void X509_CRL_set_meth_data(X509_CRL *crl, void *dat); +void *X509_CRL_get_meth_data(X509_CRL *crl); + +const char *X509_verify_cert_error_string(long n); + +int X509_verify(X509 *a, EVP_PKEY *r); + +int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r); +int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r); +int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r); + +NETSCAPE_SPKI *NETSCAPE_SPKI_b64_decode(const char *str, int len); +char *NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *x); +EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x); +int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey); + +int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki); + +int X509_signature_dump(BIO *bp, const ASN1_STRING *sig, int indent); +int X509_signature_print(BIO *bp, const X509_ALGOR *alg, + const ASN1_STRING *sig); + +int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); +int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx); +int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md); +int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx); +int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md); +int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx); +int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md); + +int X509_pubkey_digest(const X509 *data, const EVP_MD *type, + unsigned char *md, unsigned int *len); +int X509_digest(const X509 *data, const EVP_MD *type, + unsigned char *md, unsigned int *len); +int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, + unsigned char *md, unsigned int *len); +int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, + unsigned char *md, unsigned int *len); +int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, + unsigned char *md, unsigned int *len); + +# if !defined(OPENSSL_NO_SOCK) +X509 *X509_load_http(const char *url, BIO *bio, BIO *rbio, int timeout); +# define X509_http_nbio(url) X509_load_http(url, NULL, NULL, 0) +X509_CRL *X509_CRL_load_http(const char *url, BIO *bio, BIO *rbio, int timeout); +# define X509_CRL_http_nbio(url) X509_CRL_load_http(url, NULL, NULL, 0) +# endif + +# ifndef OPENSSL_NO_STDIO +X509 *d2i_X509_fp(FILE *fp, X509 **x509); +int i2d_X509_fp(FILE *fp, const X509 *x509); +X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl); +int i2d_X509_CRL_fp(FILE *fp, const X509_CRL *crl); +X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req); +int i2d_X509_REQ_fp(FILE *fp, const X509_REQ *req); +# ifndef OPENSSL_NO_RSA +RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa); +int i2d_RSAPrivateKey_fp(FILE *fp, const RSA *rsa); +RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa); +int i2d_RSAPublicKey_fp(FILE *fp, const RSA *rsa); +RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa); +int i2d_RSA_PUBKEY_fp(FILE *fp, const RSA *rsa); +# endif +# ifndef OPENSSL_NO_DSA +DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa); +int i2d_DSA_PUBKEY_fp(FILE *fp, const DSA *dsa); +DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa); +int i2d_DSAPrivateKey_fp(FILE *fp, const DSA *dsa); +# endif +# ifndef OPENSSL_NO_EC +EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey); +int i2d_EC_PUBKEY_fp(FILE *fp, const EC_KEY *eckey); +EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey); +int i2d_ECPrivateKey_fp(FILE *fp, const EC_KEY *eckey); +# endif +X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8); +int i2d_PKCS8_fp(FILE *fp, const X509_SIG *p8); +X509_PUBKEY *d2i_X509_PUBKEY_fp(FILE *fp, X509_PUBKEY **xpk); +int i2d_X509_PUBKEY_fp(FILE *fp, const X509_PUBKEY *xpk); +PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, + PKCS8_PRIV_KEY_INFO **p8inf); +int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, const PKCS8_PRIV_KEY_INFO *p8inf); +int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, const EVP_PKEY *key); +int i2d_PrivateKey_fp(FILE *fp, const EVP_PKEY *pkey); +EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a); +int i2d_PUBKEY_fp(FILE *fp, const EVP_PKEY *pkey); +EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a); +# endif + +X509 *d2i_X509_bio(BIO *bp, X509 **x509); +int i2d_X509_bio(BIO *bp, const X509 *x509); +X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl); +int i2d_X509_CRL_bio(BIO *bp, const X509_CRL *crl); +X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req); +int i2d_X509_REQ_bio(BIO *bp, const X509_REQ *req); +# ifndef OPENSSL_NO_RSA +RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa); +int i2d_RSAPrivateKey_bio(BIO *bp, const RSA *rsa); +RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa); +int i2d_RSAPublicKey_bio(BIO *bp, const RSA *rsa); +RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa); +int i2d_RSA_PUBKEY_bio(BIO *bp, const RSA *rsa); +# endif +# ifndef OPENSSL_NO_DSA +DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa); +int i2d_DSA_PUBKEY_bio(BIO *bp, const DSA *dsa); +DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa); +int i2d_DSAPrivateKey_bio(BIO *bp, const DSA *dsa); +# endif +# ifndef OPENSSL_NO_EC +EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey); +int i2d_EC_PUBKEY_bio(BIO *bp, const EC_KEY *eckey); +EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey); +int i2d_ECPrivateKey_bio(BIO *bp, const EC_KEY *eckey); +# endif +X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8); +int i2d_PKCS8_bio(BIO *bp, const X509_SIG *p8); +X509_PUBKEY *d2i_X509_PUBKEY_bio(BIO *bp, X509_PUBKEY **xpk); +int i2d_X509_PUBKEY_bio(BIO *bp, const X509_PUBKEY *xpk); +PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, + PKCS8_PRIV_KEY_INFO **p8inf); +int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, const PKCS8_PRIV_KEY_INFO *p8inf); +int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, const EVP_PKEY *key); +int i2d_PrivateKey_bio(BIO *bp, const EVP_PKEY *pkey); +EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a); +int i2d_PUBKEY_bio(BIO *bp, const EVP_PKEY *pkey); +EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a); + +DECLARE_ASN1_DUP_FUNCTION(X509) +DECLARE_ASN1_DUP_FUNCTION(X509_ALGOR) +DECLARE_ASN1_DUP_FUNCTION(X509_ATTRIBUTE) +DECLARE_ASN1_DUP_FUNCTION(X509_CRL) +DECLARE_ASN1_DUP_FUNCTION(X509_EXTENSION) +DECLARE_ASN1_DUP_FUNCTION(X509_PUBKEY) +DECLARE_ASN1_DUP_FUNCTION(X509_REQ) +DECLARE_ASN1_DUP_FUNCTION(X509_REVOKED) +int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, + void *pval); +void X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype, + const void **ppval, const X509_ALGOR *algor); +void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md); +int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b); + +DECLARE_ASN1_DUP_FUNCTION(X509_NAME) +DECLARE_ASN1_DUP_FUNCTION(X509_NAME_ENTRY) + +int X509_cmp_time(const ASN1_TIME *s, time_t *t); +int X509_cmp_current_time(const ASN1_TIME *s); +int X509_cmp_timeframe(const X509_VERIFY_PARAM *vpm, + const ASN1_TIME *start, const ASN1_TIME *end); +ASN1_TIME *X509_time_adj(ASN1_TIME *s, long adj, time_t *t); +ASN1_TIME *X509_time_adj_ex(ASN1_TIME *s, + int offset_day, long offset_sec, time_t *t); +ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj); + +const char *X509_get_default_cert_area(void); +const char *X509_get_default_cert_dir(void); +const char *X509_get_default_cert_file(void); +const char *X509_get_default_cert_dir_env(void); +const char *X509_get_default_cert_file_env(void); +const char *X509_get_default_private_dir(void); + +X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); +X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey); + +DECLARE_ASN1_FUNCTIONS(X509_ALGOR) +DECLARE_ASN1_ENCODE_FUNCTIONS(X509_ALGORS, X509_ALGORS, X509_ALGORS) +DECLARE_ASN1_FUNCTIONS(X509_VAL) + +DECLARE_ASN1_FUNCTIONS(X509_PUBKEY) + +int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey); +EVP_PKEY *X509_PUBKEY_get0(X509_PUBKEY *key); +EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key); +int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain); +long X509_get_pathlen(X509 *x); +DECLARE_ASN1_ENCODE_FUNCTIONS_only(EVP_PKEY, PUBKEY) +# ifndef OPENSSL_NO_RSA +DECLARE_ASN1_ENCODE_FUNCTIONS_only(RSA, RSA_PUBKEY) +# endif +# ifndef OPENSSL_NO_DSA +DECLARE_ASN1_ENCODE_FUNCTIONS_only(DSA, DSA_PUBKEY) +# endif +# ifndef OPENSSL_NO_EC +DECLARE_ASN1_ENCODE_FUNCTIONS_only(EC_KEY, EC_PUBKEY) +# endif + +DECLARE_ASN1_FUNCTIONS(X509_SIG) +void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg, + const ASN1_OCTET_STRING **pdigest); +void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg, + ASN1_OCTET_STRING **pdigest); + +DECLARE_ASN1_FUNCTIONS(X509_REQ_INFO) +DECLARE_ASN1_FUNCTIONS(X509_REQ) + +DECLARE_ASN1_FUNCTIONS(X509_ATTRIBUTE) +X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value); + +DECLARE_ASN1_FUNCTIONS(X509_EXTENSION) +DECLARE_ASN1_ENCODE_FUNCTIONS(X509_EXTENSIONS, X509_EXTENSIONS, X509_EXTENSIONS) + +DECLARE_ASN1_FUNCTIONS(X509_NAME_ENTRY) + +DECLARE_ASN1_FUNCTIONS(X509_NAME) + +int X509_NAME_set(X509_NAME **xn, const X509_NAME *name); + +DECLARE_ASN1_FUNCTIONS(X509_CINF) +DECLARE_ASN1_FUNCTIONS(X509) +DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX) + +#define X509_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, l, p, newf, dupf, freef) +int X509_set_ex_data(X509 *r, int idx, void *arg); +void *X509_get_ex_data(X509 *r, int idx); +DECLARE_ASN1_ENCODE_FUNCTIONS_only(X509,X509_AUX) + +int i2d_re_X509_tbs(X509 *x, unsigned char **pp); + +int X509_SIG_INFO_get(const X509_SIG_INFO *siginf, int *mdnid, int *pknid, + int *secbits, uint32_t *flags); +void X509_SIG_INFO_set(X509_SIG_INFO *siginf, int mdnid, int pknid, + int secbits, uint32_t flags); + +int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits, + uint32_t *flags); + +void X509_get0_signature(const ASN1_BIT_STRING **psig, + const X509_ALGOR **palg, const X509 *x); +int X509_get_signature_nid(const X509 *x); + +# ifndef OPENSSL_NO_SM2 +void X509_set0_sm2_id(X509 *x, ASN1_OCTET_STRING *sm2_id); +ASN1_OCTET_STRING *X509_get0_sm2_id(X509 *x); +void X509_REQ_set0_sm2_id(X509_REQ *x, ASN1_OCTET_STRING *sm2_id); +ASN1_OCTET_STRING *X509_REQ_get0_sm2_id(X509_REQ *x); +# endif + +int X509_trusted(const X509 *x); +int X509_alias_set1(X509 *x, const unsigned char *name, int len); +int X509_keyid_set1(X509 *x, const unsigned char *id, int len); +unsigned char *X509_alias_get0(X509 *x, int *len); +unsigned char *X509_keyid_get0(X509 *x, int *len); +int (*X509_TRUST_set_default(int (*trust) (int, X509 *, int))) (int, X509 *, + int); +int X509_TRUST_set(int *t, int trust); +int X509_add1_trust_object(X509 *x, const ASN1_OBJECT *obj); +int X509_add1_reject_object(X509 *x, const ASN1_OBJECT *obj); +void X509_trust_clear(X509 *x); +void X509_reject_clear(X509 *x); + +STACK_OF(ASN1_OBJECT) *X509_get0_trust_objects(X509 *x); +STACK_OF(ASN1_OBJECT) *X509_get0_reject_objects(X509 *x); + +DECLARE_ASN1_FUNCTIONS(X509_REVOKED) +DECLARE_ASN1_FUNCTIONS(X509_CRL_INFO) +DECLARE_ASN1_FUNCTIONS(X509_CRL) + +int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev); +int X509_CRL_get0_by_serial(X509_CRL *crl, + X509_REVOKED **ret, ASN1_INTEGER *serial); +int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x); + +X509_PKEY *X509_PKEY_new(void); +void X509_PKEY_free(X509_PKEY *a); + +DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKI) +DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKAC) +DECLARE_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE) + +X509_INFO *X509_INFO_new(void); +void X509_INFO_free(X509_INFO *a); +char *X509_NAME_oneline(const X509_NAME *a, char *buf, int size); + +DEPRECATEDIN_3_0(int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *algor1, + ASN1_BIT_STRING *signature, char *data, + EVP_PKEY *pkey)) + +DEPRECATEDIN_3_0(int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, + char *data, + unsigned char *md, unsigned int *len)) + +DEPRECATEDIN_3_0(int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, + X509_ALGOR *algor2, ASN1_BIT_STRING *signature, + char *data, EVP_PKEY *pkey, const EVP_MD *type)) + +int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *data, + unsigned char *md, unsigned int *len); + +int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *algor1, + ASN1_BIT_STRING *signature, void *data, EVP_PKEY *pkey); +int ASN1_item_verify_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, + ASN1_BIT_STRING *signature, void *data, + EVP_MD_CTX *ctx); + +int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, + X509_ALGOR *algor2, ASN1_BIT_STRING *signature, void *data, + EVP_PKEY *pkey, const EVP_MD *type); +int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, + X509_ALGOR *algor2, ASN1_BIT_STRING *signature, + void *asn, EVP_MD_CTX *ctx); + +long X509_get_version(const X509 *x); +int X509_set_version(X509 *x, long version); +int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial); +ASN1_INTEGER *X509_get_serialNumber(X509 *x); +const ASN1_INTEGER *X509_get0_serialNumber(const X509 *x); +int X509_set_issuer_name(X509 *x, X509_NAME *name); +X509_NAME *X509_get_issuer_name(const X509 *a); +int X509_set_subject_name(X509 *x, X509_NAME *name); +X509_NAME *X509_get_subject_name(const X509 *a); +const ASN1_TIME * X509_get0_notBefore(const X509 *x); +ASN1_TIME *X509_getm_notBefore(const X509 *x); +int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm); +const ASN1_TIME *X509_get0_notAfter(const X509 *x); +ASN1_TIME *X509_getm_notAfter(const X509 *x); +int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm); +int X509_set_pubkey(X509 *x, EVP_PKEY *pkey); +int X509_up_ref(X509 *x); +int X509_get_signature_type(const X509 *x); + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define X509_get_notBefore X509_getm_notBefore +# define X509_get_notAfter X509_getm_notAfter +# define X509_set_notBefore X509_set1_notBefore +# define X509_set_notAfter X509_set1_notAfter +#endif + + +/* + * This one is only used so that a binary form can output, as in + * i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x), &buf) + */ +X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x); +const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x); +void X509_get0_uids(const X509 *x, const ASN1_BIT_STRING **piuid, + const ASN1_BIT_STRING **psuid); +const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x); + +EVP_PKEY *X509_get0_pubkey(const X509 *x); +EVP_PKEY *X509_get_pubkey(X509 *x); +ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x); +int X509_certificate_type(const X509 *x, const EVP_PKEY *pubkey); + +long X509_REQ_get_version(const X509_REQ *req); +int X509_REQ_set_version(X509_REQ *x, long version); +X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req); +int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name); +void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig, + const X509_ALGOR **palg); +int X509_REQ_get_signature_nid(const X509_REQ *req); +int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp); +int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey); +EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req); +EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req); +X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req); +int X509_REQ_extension_nid(int nid); +int *X509_REQ_get_extension_nids(void); +void X509_REQ_set_extension_nids(int *nids); +STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req); +int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts, + int nid); +int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts); +int X509_REQ_get_attr_count(const X509_REQ *req); +int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, int lastpos); +int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, const ASN1_OBJECT *obj, + int lastpos); +X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc); +X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc); +int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr); +int X509_REQ_add1_attr_by_OBJ(X509_REQ *req, + const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, int len); +int X509_REQ_add1_attr_by_NID(X509_REQ *req, + int nid, int type, + const unsigned char *bytes, int len); +int X509_REQ_add1_attr_by_txt(X509_REQ *req, + const char *attrname, int type, + const unsigned char *bytes, int len); + +int X509_CRL_set_version(X509_CRL *x, long version); +int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name); +int X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm); +int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm); +int X509_CRL_sort(X509_CRL *crl); +int X509_CRL_up_ref(X509_CRL *crl); + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define X509_CRL_set_lastUpdate X509_CRL_set1_lastUpdate +# define X509_CRL_set_nextUpdate X509_CRL_set1_nextUpdate +#endif + +long X509_CRL_get_version(const X509_CRL *crl); +const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl); +const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl); +DEPRECATEDIN_1_1_0(ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl)) +DEPRECATEDIN_1_1_0(ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl)) +X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl); +const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(const X509_CRL *crl); +STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl); +void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig, + const X509_ALGOR **palg); +int X509_CRL_get_signature_nid(const X509_CRL *crl); +int i2d_re_X509_CRL_tbs(X509_CRL *req, unsigned char **pp); + +const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *x); +int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial); +const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOKED *x); +int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm); +const STACK_OF(X509_EXTENSION) * +X509_REVOKED_get0_extensions(const X509_REVOKED *r); + +X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer, + EVP_PKEY *skey, const EVP_MD *md, unsigned int flags); + +int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey); + +int X509_check_private_key(const X509 *x509, const EVP_PKEY *pkey); +int X509_chain_check_suiteb(int *perror_depth, + X509 *x, STACK_OF(X509) *chain, + unsigned long flags); +int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags); +STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain); + +int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b); +unsigned long X509_issuer_and_serial_hash(X509 *a); + +int X509_issuer_name_cmp(const X509 *a, const X509 *b); +unsigned long X509_issuer_name_hash(X509 *a); + +int X509_subject_name_cmp(const X509 *a, const X509 *b); +unsigned long X509_subject_name_hash(X509 *x); + +# ifndef OPENSSL_NO_MD5 +unsigned long X509_issuer_name_hash_old(X509 *a); +unsigned long X509_subject_name_hash_old(X509 *x); +# endif + +int X509_cmp(const X509 *a, const X509 *b); +int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b); +unsigned long X509_NAME_hash(X509_NAME *x); +unsigned long X509_NAME_hash_old(X509_NAME *x); + +int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b); +int X509_CRL_match(const X509_CRL *a, const X509_CRL *b); +int X509_aux_print(BIO *out, X509 *x, int indent); +# ifndef OPENSSL_NO_STDIO +int X509_print_ex_fp(FILE *bp, X509 *x, unsigned long nmflag, + unsigned long cflag); +int X509_print_fp(FILE *bp, X509 *x); +int X509_CRL_print_fp(FILE *bp, X509_CRL *x); +int X509_REQ_print_fp(FILE *bp, X509_REQ *req); +int X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, int indent, + unsigned long flags); +# endif + +int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase); +int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent, + unsigned long flags); +int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflag, + unsigned long cflag); +int X509_print(BIO *bp, X509 *x); +int X509_ocspid_print(BIO *bp, X509 *x); +int X509_CRL_print_ex(BIO *out, X509_CRL *x, unsigned long nmflag); +int X509_CRL_print(BIO *bp, X509_CRL *x); +int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag, + unsigned long cflag); +int X509_REQ_print(BIO *bp, X509_REQ *req); + +int X509_NAME_entry_count(const X509_NAME *name); +int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len); +int X509_NAME_get_text_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, + char *buf, int len); + +/* + * NOTE: you should be passing -1, not 0 as lastpos. The functions that use + * lastpos, search after that position on. + */ +int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos); +int X509_NAME_get_index_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, + int lastpos); +X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc); +X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc); +int X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *ne, + int loc, int set); +int X509_NAME_add_entry_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, int len, int loc, + int set); +int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, + const unsigned char *bytes, int len, int loc, + int set); +X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, + const char *field, int type, + const unsigned char *bytes, + int len); +X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, + int type, + const unsigned char *bytes, + int len); +int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, + const unsigned char *bytes, int len, int loc, + int set); +X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, + const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, + int len); +int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, const ASN1_OBJECT *obj); +int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, + const unsigned char *bytes, int len); +ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne); +ASN1_STRING * X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne); +int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne); + +int X509_NAME_get0_der(X509_NAME *nm, const unsigned char **pder, + size_t *pderlen); + +int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x); +int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, + int nid, int lastpos); +int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x, + const ASN1_OBJECT *obj, int lastpos); +int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x, + int crit, int lastpos); +X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc); +X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc); +STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, + X509_EXTENSION *ex, int loc); + +int X509_get_ext_count(const X509 *x); +int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos); +int X509_get_ext_by_OBJ(const X509 *x, const ASN1_OBJECT *obj, int lastpos); +int X509_get_ext_by_critical(const X509 *x, int crit, int lastpos); +X509_EXTENSION *X509_get_ext(const X509 *x, int loc); +X509_EXTENSION *X509_delete_ext(X509 *x, int loc); +int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc); +void *X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx); +int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, + unsigned long flags); + +int X509_CRL_get_ext_count(const X509_CRL *x); +int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, int lastpos); +int X509_CRL_get_ext_by_OBJ(const X509_CRL *x, const ASN1_OBJECT *obj, + int lastpos); +int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit, int lastpos); +X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc); +X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc); +int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc); +void *X509_CRL_get_ext_d2i(const X509_CRL *x, int nid, int *crit, int *idx); +int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit, + unsigned long flags); + +int X509_REVOKED_get_ext_count(const X509_REVOKED *x); +int X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid, int lastpos); +int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x, const ASN1_OBJECT *obj, + int lastpos); +int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x, int crit, + int lastpos); +X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc); +X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc); +int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc); +void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *x, int nid, int *crit, + int *idx); +int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit, + unsigned long flags); + +X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, + int nid, int crit, + ASN1_OCTET_STRING *data); +X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex, + const ASN1_OBJECT *obj, int crit, + ASN1_OCTET_STRING *data); +int X509_EXTENSION_set_object(X509_EXTENSION *ex, const ASN1_OBJECT *obj); +int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit); +int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data); +ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex); +ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne); +int X509_EXTENSION_get_critical(const X509_EXTENSION *ex); + +int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x); +int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid, + int lastpos); +int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, + const ASN1_OBJECT *obj, int lastpos); +X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc); +X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc); +STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, + X509_ATTRIBUTE *attr); +STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) + **x, const ASN1_OBJECT *obj, + int type, + const unsigned char *bytes, + int len); +STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) + **x, int nid, int type, + const unsigned char *bytes, + int len); +STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) + **x, const char *attrname, + int type, + const unsigned char *bytes, + int len); +void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x, + const ASN1_OBJECT *obj, int lastpos, int type); +X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid, + int atrtype, const void *data, + int len); +X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr, + const ASN1_OBJECT *obj, + int atrtype, const void *data, + int len); +X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr, + const char *atrname, int type, + const unsigned char *bytes, + int len); +int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj); +int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, + const void *data, int len); +void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, int atrtype, + void *data); +int X509_ATTRIBUTE_count(const X509_ATTRIBUTE *attr); +ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr); +ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx); + +int EVP_PKEY_get_attr_count(const EVP_PKEY *key); +int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, int lastpos); +int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, const ASN1_OBJECT *obj, + int lastpos); +X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc); +X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc); +int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr); +int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key, + const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, int len); +int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key, + int nid, int type, + const unsigned char *bytes, int len); +int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key, + const char *attrname, int type, + const unsigned char *bytes, int len); + +int X509_verify_cert(X509_STORE_CTX *ctx); + +/* lookup a cert from a X509 STACK */ +X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name, + ASN1_INTEGER *serial); +X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name); + +DECLARE_ASN1_FUNCTIONS(PBEPARAM) +DECLARE_ASN1_FUNCTIONS(PBE2PARAM) +DECLARE_ASN1_FUNCTIONS(PBKDF2PARAM) +#ifndef OPENSSL_NO_SCRYPT +DECLARE_ASN1_FUNCTIONS(SCRYPT_PARAMS) +#endif + +int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter, + const unsigned char *salt, int saltlen); + +X509_ALGOR *PKCS5_pbe_set(int alg, int iter, + const unsigned char *salt, int saltlen); +X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, + unsigned char *salt, int saltlen); +X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, + unsigned char *salt, int saltlen, + unsigned char *aiv, int prf_nid); + +#ifndef OPENSSL_NO_SCRYPT +X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher, + const unsigned char *salt, int saltlen, + unsigned char *aiv, uint64_t N, uint64_t r, + uint64_t p); +#endif + +X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, + int prf_nid, int keylen); + +/* PKCS#8 utilities */ + +DECLARE_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO) + +EVP_PKEY *EVP_PKCS82PKEY(const PKCS8_PRIV_KEY_INFO *p8); +PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(const EVP_PKEY *pkey); + +int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj, + int version, int ptype, void *pval, + unsigned char *penc, int penclen); +int PKCS8_pkey_get0(const ASN1_OBJECT **ppkalg, + const unsigned char **pk, int *ppklen, + const X509_ALGOR **pa, const PKCS8_PRIV_KEY_INFO *p8); + +const STACK_OF(X509_ATTRIBUTE) * +PKCS8_pkey_get0_attrs(const PKCS8_PRIV_KEY_INFO *p8); +int PKCS8_pkey_add1_attr(PKCS8_PRIV_KEY_INFO *p8, X509_ATTRIBUTE *attr); +int PKCS8_pkey_add1_attr_by_NID(PKCS8_PRIV_KEY_INFO *p8, int nid, int type, + const unsigned char *bytes, int len); +int PKCS8_pkey_add1_attr_by_OBJ(PKCS8_PRIV_KEY_INFO *p8, const ASN1_OBJECT *obj, + int type, const unsigned char *bytes, int len); + + +int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj, + int ptype, void *pval, + unsigned char *penc, int penclen); +int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, + const unsigned char **pk, int *ppklen, + X509_ALGOR **pa, X509_PUBKEY *pub); + +int X509_check_trust(X509 *x, int id, int flags); +int X509_TRUST_get_count(void); +X509_TRUST *X509_TRUST_get0(int idx); +int X509_TRUST_get_by_id(int id); +int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int), + const char *name, int arg1, void *arg2); +void X509_TRUST_cleanup(void); +int X509_TRUST_get_flags(const X509_TRUST *xp); +char *X509_TRUST_get0_name(const X509_TRUST *xp); +int X509_TRUST_get_trust(const X509_TRUST *xp); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/linux_amd64/include/openssl/x509_vfy.h b/linux_amd64/include/openssl/x509_vfy.h new file mode 100644 index 0000000..75529b2 --- /dev/null +++ b/linux_amd64/include/openssl/x509_vfy.h @@ -0,0 +1,652 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_X509_VFY_H +# define OPENSSL_X509_VFY_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_X509_VFY_H +# endif + +/* + * Protect against recursion, x509.h and x509_vfy.h each include the other. + */ +# ifndef OPENSSL_X509_H +# include +# endif + +# include +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/*- +SSL_CTX -> X509_STORE + -> X509_LOOKUP + ->X509_LOOKUP_METHOD + -> X509_LOOKUP + ->X509_LOOKUP_METHOD + +SSL -> X509_STORE_CTX + ->X509_STORE + +The X509_STORE holds the tables etc for verification stuff. +A X509_STORE_CTX is used while validating a single certificate. +The X509_STORE has X509_LOOKUPs for looking up certs. +The X509_STORE then calls a function to actually verify the +certificate chain. +*/ + +typedef enum { + X509_LU_NONE = 0, + X509_LU_X509, X509_LU_CRL +} X509_LOOKUP_TYPE; + +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#define X509_LU_RETRY -1 +#define X509_LU_FAIL 0 +#endif + +DEFINE_STACK_OF(X509_LOOKUP) +DEFINE_STACK_OF(X509_OBJECT) +DEFINE_STACK_OF(X509_VERIFY_PARAM) + +int X509_STORE_set_depth(X509_STORE *store, int depth); + +typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *); +int X509_STORE_CTX_print_verify_cb(int ok, X509_STORE_CTX *ctx); +typedef int (*X509_STORE_CTX_verify_fn)(X509_STORE_CTX *); +typedef int (*X509_STORE_CTX_get_issuer_fn)(X509 **issuer, + X509_STORE_CTX *ctx, X509 *x); +typedef int (*X509_STORE_CTX_check_issued_fn)(X509_STORE_CTX *ctx, + X509 *x, X509 *issuer); +typedef int (*X509_STORE_CTX_check_revocation_fn)(X509_STORE_CTX *ctx); +typedef int (*X509_STORE_CTX_get_crl_fn)(X509_STORE_CTX *ctx, + X509_CRL **crl, X509 *x); +typedef int (*X509_STORE_CTX_check_crl_fn)(X509_STORE_CTX *ctx, X509_CRL *crl); +typedef int (*X509_STORE_CTX_cert_crl_fn)(X509_STORE_CTX *ctx, + X509_CRL *crl, X509 *x); +typedef int (*X509_STORE_CTX_check_policy_fn)(X509_STORE_CTX *ctx); +typedef STACK_OF(X509) *(*X509_STORE_CTX_lookup_certs_fn)(X509_STORE_CTX *ctx, + X509_NAME *nm); +typedef STACK_OF(X509_CRL) *(*X509_STORE_CTX_lookup_crls_fn)(X509_STORE_CTX *ctx, + X509_NAME *nm); +typedef int (*X509_STORE_CTX_cleanup_fn)(X509_STORE_CTX *ctx); + + +void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); + +# define X509_STORE_CTX_set_app_data(ctx,data) \ + X509_STORE_CTX_set_ex_data(ctx,0,data) +# define X509_STORE_CTX_get_app_data(ctx) \ + X509_STORE_CTX_get_ex_data(ctx,0) + +# define X509_L_FILE_LOAD 1 +# define X509_L_ADD_DIR 2 +# define X509_L_ADD_STORE 3 +# define X509_L_LOAD_STORE 4 + +# define X509_LOOKUP_load_file(x,name,type) \ + X509_LOOKUP_ctrl((x),X509_L_FILE_LOAD,(name),(long)(type),NULL) + +# define X509_LOOKUP_add_dir(x,name,type) \ + X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL) + +# define X509_LOOKUP_add_store(x,name) \ + X509_LOOKUP_ctrl((x),X509_L_ADD_STORE,(name),0,NULL) + +# define X509_LOOKUP_load_store(x,name) \ + X509_LOOKUP_ctrl((x),X509_L_LOAD_STORE,(name),0,NULL) + +# define X509_V_OK 0 +# define X509_V_ERR_UNSPECIFIED 1 +# define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2 +# define X509_V_ERR_UNABLE_TO_GET_CRL 3 +# define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4 +# define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE 5 +# define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6 +# define X509_V_ERR_CERT_SIGNATURE_FAILURE 7 +# define X509_V_ERR_CRL_SIGNATURE_FAILURE 8 +# define X509_V_ERR_CERT_NOT_YET_VALID 9 +# define X509_V_ERR_CERT_HAS_EXPIRED 10 +# define X509_V_ERR_CRL_NOT_YET_VALID 11 +# define X509_V_ERR_CRL_HAS_EXPIRED 12 +# define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD 13 +# define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD 14 +# define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD 15 +# define X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD 16 +# define X509_V_ERR_OUT_OF_MEM 17 +# define X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT 18 +# define X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN 19 +# define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY 20 +# define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21 +# define X509_V_ERR_CERT_CHAIN_TOO_LONG 22 +# define X509_V_ERR_CERT_REVOKED 23 +# define X509_V_ERR_INVALID_CA 24 +# define X509_V_ERR_PATH_LENGTH_EXCEEDED 25 +# define X509_V_ERR_INVALID_PURPOSE 26 +# define X509_V_ERR_CERT_UNTRUSTED 27 +# define X509_V_ERR_CERT_REJECTED 28 +/* These are 'informational' when looking for issuer cert */ +# define X509_V_ERR_SUBJECT_ISSUER_MISMATCH 29 +# define X509_V_ERR_AKID_SKID_MISMATCH 30 +# define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH 31 +# define X509_V_ERR_KEYUSAGE_NO_CERTSIGN 32 +# define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33 +# define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34 +# define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35 +# define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36 +# define X509_V_ERR_INVALID_NON_CA 37 +# define X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED 38 +# define X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE 39 +# define X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED 40 +# define X509_V_ERR_INVALID_EXTENSION 41 +# define X509_V_ERR_INVALID_POLICY_EXTENSION 42 +# define X509_V_ERR_NO_EXPLICIT_POLICY 43 +# define X509_V_ERR_DIFFERENT_CRL_SCOPE 44 +# define X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE 45 +# define X509_V_ERR_UNNESTED_RESOURCE 46 +# define X509_V_ERR_PERMITTED_VIOLATION 47 +# define X509_V_ERR_EXCLUDED_VIOLATION 48 +# define X509_V_ERR_SUBTREE_MINMAX 49 +/* The application is not happy */ +# define X509_V_ERR_APPLICATION_VERIFICATION 50 +# define X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE 51 +# define X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX 52 +# define X509_V_ERR_UNSUPPORTED_NAME_SYNTAX 53 +# define X509_V_ERR_CRL_PATH_VALIDATION_ERROR 54 +/* Another issuer check debug option */ +# define X509_V_ERR_PATH_LOOP 55 +/* Suite B mode algorithm violation */ +# define X509_V_ERR_SUITE_B_INVALID_VERSION 56 +# define X509_V_ERR_SUITE_B_INVALID_ALGORITHM 57 +# define X509_V_ERR_SUITE_B_INVALID_CURVE 58 +# define X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM 59 +# define X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED 60 +# define X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 61 +/* Host, email and IP check errors */ +# define X509_V_ERR_HOSTNAME_MISMATCH 62 +# define X509_V_ERR_EMAIL_MISMATCH 63 +# define X509_V_ERR_IP_ADDRESS_MISMATCH 64 +/* DANE TLSA errors */ +# define X509_V_ERR_DANE_NO_MATCH 65 +/* security level errors */ +# define X509_V_ERR_EE_KEY_TOO_SMALL 66 +# define X509_V_ERR_CA_KEY_TOO_SMALL 67 +# define X509_V_ERR_CA_MD_TOO_WEAK 68 +/* Caller error */ +# define X509_V_ERR_INVALID_CALL 69 +/* Issuer lookup error */ +# define X509_V_ERR_STORE_LOOKUP 70 +/* Certificate transparency */ +# define X509_V_ERR_NO_VALID_SCTS 71 + +# define X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION 72 +/* OCSP status errors */ +# define X509_V_ERR_OCSP_VERIFY_NEEDED 73 /* Need OCSP verification */ +# define X509_V_ERR_OCSP_VERIFY_FAILED 74 /* Couldn't verify cert through OCSP */ +# define X509_V_ERR_OCSP_CERT_UNKNOWN 75 /* Certificate wasn't recognized by the OCSP responder */ + +# define X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH 76 +# define X509_V_ERR_NO_ISSUER_PUBLIC_KEY 77 + + +/* Certificate verify flags */ + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define X509_V_FLAG_CB_ISSUER_CHECK 0x0 /* Deprecated */ +# endif +/* Use check time instead of current time */ +# define X509_V_FLAG_USE_CHECK_TIME 0x2 +/* Lookup CRLs */ +# define X509_V_FLAG_CRL_CHECK 0x4 +/* Lookup CRLs for whole chain */ +# define X509_V_FLAG_CRL_CHECK_ALL 0x8 +/* Ignore unhandled critical extensions */ +# define X509_V_FLAG_IGNORE_CRITICAL 0x10 +/* Disable workarounds for broken certificates */ +# define X509_V_FLAG_X509_STRICT 0x20 +/* Enable proxy certificate validation */ +# define X509_V_FLAG_ALLOW_PROXY_CERTS 0x40 +/* Enable policy checking */ +# define X509_V_FLAG_POLICY_CHECK 0x80 +/* Policy variable require-explicit-policy */ +# define X509_V_FLAG_EXPLICIT_POLICY 0x100 +/* Policy variable inhibit-any-policy */ +# define X509_V_FLAG_INHIBIT_ANY 0x200 +/* Policy variable inhibit-policy-mapping */ +# define X509_V_FLAG_INHIBIT_MAP 0x400 +/* Notify callback that policy is OK */ +# define X509_V_FLAG_NOTIFY_POLICY 0x800 +/* Extended CRL features such as indirect CRLs, alternate CRL signing keys */ +# define X509_V_FLAG_EXTENDED_CRL_SUPPORT 0x1000 +/* Delta CRL support */ +# define X509_V_FLAG_USE_DELTAS 0x2000 +/* Check self-signed CA signature */ +# define X509_V_FLAG_CHECK_SS_SIGNATURE 0x4000 +/* Use trusted store first */ +# define X509_V_FLAG_TRUSTED_FIRST 0x8000 +/* Suite B 128 bit only mode: not normally used */ +# define X509_V_FLAG_SUITEB_128_LOS_ONLY 0x10000 +/* Suite B 192 bit only mode */ +# define X509_V_FLAG_SUITEB_192_LOS 0x20000 +/* Suite B 128 bit mode allowing 192 bit algorithms */ +# define X509_V_FLAG_SUITEB_128_LOS 0x30000 +/* Allow partial chains if at least one certificate is in trusted store */ +# define X509_V_FLAG_PARTIAL_CHAIN 0x80000 +/* + * If the initial chain is not trusted, do not attempt to build an alternative + * chain. Alternate chain checking was introduced in 1.1.0. Setting this flag + * will force the behaviour to match that of previous versions. + */ +# define X509_V_FLAG_NO_ALT_CHAINS 0x100000 +/* Do not check certificate/CRL validity against current time */ +# define X509_V_FLAG_NO_CHECK_TIME 0x200000 + +# define X509_VP_FLAG_DEFAULT 0x1 +# define X509_VP_FLAG_OVERWRITE 0x2 +# define X509_VP_FLAG_RESET_FLAGS 0x4 +# define X509_VP_FLAG_LOCKED 0x8 +# define X509_VP_FLAG_ONCE 0x10 + +/* Internal use: mask of policy related options */ +# define X509_V_FLAG_POLICY_MASK (X509_V_FLAG_POLICY_CHECK \ + | X509_V_FLAG_EXPLICIT_POLICY \ + | X509_V_FLAG_INHIBIT_ANY \ + | X509_V_FLAG_INHIBIT_MAP) + +int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type, + X509_NAME *name); +X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, + X509_LOOKUP_TYPE type, + X509_NAME *name); +X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, + X509_OBJECT *x); +int X509_OBJECT_up_ref_count(X509_OBJECT *a); +X509_OBJECT *X509_OBJECT_new(void); +void X509_OBJECT_free(X509_OBJECT *a); +X509_LOOKUP_TYPE X509_OBJECT_get_type(const X509_OBJECT *a); +X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a); +int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj); +X509_CRL *X509_OBJECT_get0_X509_CRL(X509_OBJECT *a); +int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj); +X509_STORE *X509_STORE_new(void); +void X509_STORE_free(X509_STORE *v); +int X509_STORE_lock(X509_STORE *ctx); +int X509_STORE_unlock(X509_STORE *ctx); +int X509_STORE_up_ref(X509_STORE *v); + +STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *v); +STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *st); +STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *st, X509_NAME *nm); +STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(X509_STORE_CTX *st, X509_NAME *nm); +int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags); +int X509_STORE_set_purpose(X509_STORE *ctx, int purpose); +int X509_STORE_set_trust(X509_STORE *ctx, int trust); +int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm); +X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx); + +void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify); +#define X509_STORE_set_verify_func(ctx, func) \ + X509_STORE_set_verify((ctx),(func)) +void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, + X509_STORE_CTX_verify_fn verify); +X509_STORE_CTX_verify_fn X509_STORE_get_verify(X509_STORE *ctx); +void X509_STORE_set_verify_cb(X509_STORE *ctx, + X509_STORE_CTX_verify_cb verify_cb); +# define X509_STORE_set_verify_cb_func(ctx,func) \ + X509_STORE_set_verify_cb((ctx),(func)) +X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(X509_STORE *ctx); +void X509_STORE_set_get_issuer(X509_STORE *ctx, + X509_STORE_CTX_get_issuer_fn get_issuer); +X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(X509_STORE *ctx); +void X509_STORE_set_check_issued(X509_STORE *ctx, + X509_STORE_CTX_check_issued_fn check_issued); +X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(X509_STORE *ctx); +void X509_STORE_set_check_revocation(X509_STORE *ctx, + X509_STORE_CTX_check_revocation_fn check_revocation); +X509_STORE_CTX_check_revocation_fn X509_STORE_get_check_revocation(X509_STORE *ctx); +void X509_STORE_set_get_crl(X509_STORE *ctx, + X509_STORE_CTX_get_crl_fn get_crl); +X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(X509_STORE *ctx); +void X509_STORE_set_check_crl(X509_STORE *ctx, + X509_STORE_CTX_check_crl_fn check_crl); +X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(X509_STORE *ctx); +void X509_STORE_set_cert_crl(X509_STORE *ctx, + X509_STORE_CTX_cert_crl_fn cert_crl); +X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(X509_STORE *ctx); +void X509_STORE_set_check_policy(X509_STORE *ctx, + X509_STORE_CTX_check_policy_fn check_policy); +X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(X509_STORE *ctx); +void X509_STORE_set_lookup_certs(X509_STORE *ctx, + X509_STORE_CTX_lookup_certs_fn lookup_certs); +X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(X509_STORE *ctx); +void X509_STORE_set_lookup_crls(X509_STORE *ctx, + X509_STORE_CTX_lookup_crls_fn lookup_crls); +#define X509_STORE_set_lookup_crls_cb(ctx, func) \ + X509_STORE_set_lookup_crls((ctx), (func)) +X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(X509_STORE *ctx); +void X509_STORE_set_cleanup(X509_STORE *ctx, + X509_STORE_CTX_cleanup_fn cleanup); +X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(X509_STORE *ctx); + +#define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, l, p, newf, dupf, freef) +int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data); +void *X509_STORE_get_ex_data(X509_STORE *ctx, int idx); + +X509_STORE_CTX *X509_STORE_CTX_new(void); + +int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); + +void X509_STORE_CTX_free(X509_STORE_CTX *ctx); +int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, + X509 *x509, STACK_OF(X509) *chain); +void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); +void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx); + +X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx); +X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx); +STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx); +void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); +void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, + X509_STORE_CTX_verify_cb verify); +X509_STORE_CTX_verify_cb X509_STORE_CTX_get_verify_cb(X509_STORE_CTX *ctx); +X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx); +X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(X509_STORE_CTX *ctx); +X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(X509_STORE_CTX *ctx); +X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(X509_STORE_CTX *ctx); +X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(X509_STORE_CTX *ctx); +X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(X509_STORE_CTX *ctx); +X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(X509_STORE_CTX *ctx); +X509_STORE_CTX_check_policy_fn X509_STORE_CTX_get_check_policy(X509_STORE_CTX *ctx); +X509_STORE_CTX_lookup_certs_fn X509_STORE_CTX_get_lookup_certs(X509_STORE_CTX *ctx); +X509_STORE_CTX_lookup_crls_fn X509_STORE_CTX_get_lookup_crls(X509_STORE_CTX *ctx); +X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(X509_STORE_CTX *ctx); + +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define X509_STORE_CTX_get_chain X509_STORE_CTX_get0_chain +# define X509_STORE_CTX_set_chain X509_STORE_CTX_set0_untrusted +# define X509_STORE_CTX_trusted_stack X509_STORE_CTX_set0_trusted_stack +# define X509_STORE_get_by_subject X509_STORE_CTX_get_by_subject +# define X509_STORE_get1_certs X509_STORE_CTX_get1_certs +# define X509_STORE_get1_crls X509_STORE_CTX_get1_crls +/* the following macro is misspelled; use X509_STORE_get1_certs instead */ +# define X509_STORE_get1_cert X509_STORE_CTX_get1_certs +/* the following macro is misspelled; use X509_STORE_get1_crls instead */ +# define X509_STORE_get1_crl X509_STORE_CTX_get1_crls +#endif + +X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m); +X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void); +X509_LOOKUP_METHOD *X509_LOOKUP_file(void); +X509_LOOKUP_METHOD *X509_LOOKUP_store(void); + +typedef int (*X509_LOOKUP_ctrl_fn)(X509_LOOKUP *ctx, int cmd, const char *argc, + long argl, char **ret); +typedef int (*X509_LOOKUP_get_by_subject_fn)(X509_LOOKUP *ctx, + X509_LOOKUP_TYPE type, + X509_NAME *name, + X509_OBJECT *ret); +typedef int (*X509_LOOKUP_get_by_issuer_serial_fn)(X509_LOOKUP *ctx, + X509_LOOKUP_TYPE type, + X509_NAME *name, + ASN1_INTEGER *serial, + X509_OBJECT *ret); +typedef int (*X509_LOOKUP_get_by_fingerprint_fn)(X509_LOOKUP *ctx, + X509_LOOKUP_TYPE type, + const unsigned char* bytes, + int len, + X509_OBJECT *ret); +typedef int (*X509_LOOKUP_get_by_alias_fn)(X509_LOOKUP *ctx, + X509_LOOKUP_TYPE type, + const char *str, + int len, + X509_OBJECT *ret); + +X509_LOOKUP_METHOD *X509_LOOKUP_meth_new(const char *name); +void X509_LOOKUP_meth_free(X509_LOOKUP_METHOD *method); + +int X509_LOOKUP_meth_set_new_item(X509_LOOKUP_METHOD *method, + int (*new_item) (X509_LOOKUP *ctx)); +int (*X509_LOOKUP_meth_get_new_item(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx); + +int X509_LOOKUP_meth_set_free(X509_LOOKUP_METHOD *method, + void (*free_fn) (X509_LOOKUP *ctx)); +void (*X509_LOOKUP_meth_get_free(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx); + +int X509_LOOKUP_meth_set_init(X509_LOOKUP_METHOD *method, + int (*init) (X509_LOOKUP *ctx)); +int (*X509_LOOKUP_meth_get_init(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx); + +int X509_LOOKUP_meth_set_shutdown(X509_LOOKUP_METHOD *method, + int (*shutdown) (X509_LOOKUP *ctx)); +int (*X509_LOOKUP_meth_get_shutdown(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx); + +int X509_LOOKUP_meth_set_ctrl(X509_LOOKUP_METHOD *method, + X509_LOOKUP_ctrl_fn ctrl_fn); +X509_LOOKUP_ctrl_fn X509_LOOKUP_meth_get_ctrl(const X509_LOOKUP_METHOD *method); + +int X509_LOOKUP_meth_set_get_by_subject(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_subject_fn fn); +X509_LOOKUP_get_by_subject_fn X509_LOOKUP_meth_get_get_by_subject( + const X509_LOOKUP_METHOD *method); + +int X509_LOOKUP_meth_set_get_by_issuer_serial(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_issuer_serial_fn fn); +X509_LOOKUP_get_by_issuer_serial_fn X509_LOOKUP_meth_get_get_by_issuer_serial( + const X509_LOOKUP_METHOD *method); + +int X509_LOOKUP_meth_set_get_by_fingerprint(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_fingerprint_fn fn); +X509_LOOKUP_get_by_fingerprint_fn X509_LOOKUP_meth_get_get_by_fingerprint( + const X509_LOOKUP_METHOD *method); + +int X509_LOOKUP_meth_set_get_by_alias(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_alias_fn fn); +X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias( + const X509_LOOKUP_METHOD *method); + + +int X509_STORE_add_cert(X509_STORE *ctx, X509 *x); +int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x); + +int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type, + X509_NAME *name, X509_OBJECT *ret); +X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *vs, + X509_LOOKUP_TYPE type, + X509_NAME *name); + +int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, + long argl, char **ret); + +int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type); +int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type); +int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type); + +X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method); +void X509_LOOKUP_free(X509_LOOKUP *ctx); +int X509_LOOKUP_init(X509_LOOKUP *ctx); +int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, + X509_NAME *name, X509_OBJECT *ret); +int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, + X509_NAME *name, ASN1_INTEGER *serial, + X509_OBJECT *ret); +int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, + const unsigned char *bytes, int len, + X509_OBJECT *ret); +int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, + const char *str, int len, X509_OBJECT *ret); +int X509_LOOKUP_set_method_data(X509_LOOKUP *ctx, void *data); +void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx); +X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx); +int X509_LOOKUP_shutdown(X509_LOOKUP *ctx); + +int X509_STORE_load_file(X509_STORE *ctx, const char *file); +int X509_STORE_load_path(X509_STORE *ctx, const char *path); +int X509_STORE_load_store(X509_STORE *ctx, const char *store); +DEPRECATEDIN_3_0(int X509_STORE_load_locations(X509_STORE *ctx, const char *file, + const char *dir)) +int X509_STORE_set_default_paths(X509_STORE *ctx); + +#define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, l, p, newf, dupf, freef) +int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data); +void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx); +int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); +void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s); +int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); +void X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth); +X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); +void X509_STORE_CTX_set_current_cert(X509_STORE_CTX *ctx, X509 *x); +X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx); +X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx); +X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx); +STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx); +STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx); +void X509_STORE_CTX_set_cert(X509_STORE_CTX *c, X509 *x); +void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk); +void X509_STORE_CTX_set0_crls(X509_STORE_CTX *c, STACK_OF(X509_CRL) *sk); +int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose); +int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust); +int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, + int purpose, int trust); +void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags); +void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, + time_t t); + +X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx); +int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx); +int X509_STORE_CTX_get_num_untrusted(X509_STORE_CTX *ctx); + +X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx); +void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param); +int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name); + +/* + * Bridge opacity barrier between libcrypt and libssl, also needed to support + * offline testing in test/danetest.c + */ +void X509_STORE_CTX_set0_dane(X509_STORE_CTX *ctx, SSL_DANE *dane); +#define DANE_FLAG_NO_DANE_EE_NAMECHECKS (1L << 0) + +/* X509_VERIFY_PARAM functions */ + +X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void); +void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param); +int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *to, + const X509_VERIFY_PARAM *from); +int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to, + const X509_VERIFY_PARAM *from); +int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name); +int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, + unsigned long flags); +int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param, + unsigned long flags); +unsigned long X509_VERIFY_PARAM_get_flags(const X509_VERIFY_PARAM *param); +int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose); +int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust); +void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth); +void X509_VERIFY_PARAM_set_auth_level(X509_VERIFY_PARAM *param, int auth_level); +time_t X509_VERIFY_PARAM_get_time(const X509_VERIFY_PARAM *param); +void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t); +int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, + ASN1_OBJECT *policy); +int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, + STACK_OF(ASN1_OBJECT) *policies); + +int X509_VERIFY_PARAM_set_inh_flags(X509_VERIFY_PARAM *param, + uint32_t flags); +uint32_t X509_VERIFY_PARAM_get_inh_flags(const X509_VERIFY_PARAM *param); + +int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, + const char *name, size_t namelen); +int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param, + const char *name, size_t namelen); +void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, + unsigned int flags); +unsigned int X509_VERIFY_PARAM_get_hostflags(const X509_VERIFY_PARAM *param); +char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *); +void X509_VERIFY_PARAM_move_peername(X509_VERIFY_PARAM *, X509_VERIFY_PARAM *); +int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, + const char *email, size_t emaillen); +int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param, + const unsigned char *ip, size_t iplen); +int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, + const char *ipasc); + +int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param); +int X509_VERIFY_PARAM_get_auth_level(const X509_VERIFY_PARAM *param); +const char *X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM *param); + +int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param); +int X509_VERIFY_PARAM_get_count(void); +const X509_VERIFY_PARAM *X509_VERIFY_PARAM_get0(int id); +const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name); +void X509_VERIFY_PARAM_table_cleanup(void); + +/* Non positive return values are errors */ +#define X509_PCY_TREE_FAILURE -2 /* Failure to satisfy explicit policy */ +#define X509_PCY_TREE_INVALID -1 /* Inconsistent or invalid extensions */ +#define X509_PCY_TREE_INTERNAL 0 /* Internal error, most likely malloc */ + +/* + * Positive return values form a bit mask, all but the first are internal to + * the library and don't appear in results from X509_policy_check(). + */ +#define X509_PCY_TREE_VALID 1 /* The policy tree is valid */ +#define X509_PCY_TREE_EMPTY 2 /* The policy tree is empty */ +#define X509_PCY_TREE_EXPLICIT 4 /* Explicit policy required */ + +int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy, + STACK_OF(X509) *certs, + STACK_OF(ASN1_OBJECT) *policy_oids, unsigned int flags); + +void X509_policy_tree_free(X509_POLICY_TREE *tree); + +int X509_policy_tree_level_count(const X509_POLICY_TREE *tree); +X509_POLICY_LEVEL *X509_policy_tree_get0_level(const X509_POLICY_TREE *tree, + int i); + +STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_policies(const + X509_POLICY_TREE + *tree); + +STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_user_policies(const + X509_POLICY_TREE + *tree); + +int X509_policy_level_node_count(X509_POLICY_LEVEL *level); + +X509_POLICY_NODE *X509_policy_level_get0_node(X509_POLICY_LEVEL *level, + int i); + +const ASN1_OBJECT *X509_policy_node_get0_policy(const X509_POLICY_NODE *node); + +STACK_OF(POLICYQUALINFO) *X509_policy_node_get0_qualifiers(const + X509_POLICY_NODE + *node); +const X509_POLICY_NODE *X509_policy_node_get0_parent(const X509_POLICY_NODE + *node); + +#ifdef __cplusplus +} +#endif +#endif diff --git a/linux_amd64/include/openssl/x509err.h b/linux_amd64/include/openssl/x509err.h new file mode 100644 index 0000000..2653870 --- /dev/null +++ b/linux_amd64/include/openssl/x509err.h @@ -0,0 +1,144 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_X509ERR_H +# define OPENSSL_X509ERR_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_X509ERR_H +# endif + +# include +# include + + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_X509_strings(void); + +/* + * X509 function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define X509_F_ADD_CERT_DIR 0 +# define X509_F_BUILD_CHAIN 0 +# define X509_F_BY_FILE_CTRL 0 +# define X509_F_CHECK_NAME_CONSTRAINTS 0 +# define X509_F_CHECK_POLICY 0 +# define X509_F_COMMON_VERIFY_SM2 0 +# define X509_F_DANE_I2D 0 +# define X509_F_DIR_CTRL 0 +# define X509_F_GET_CERT_BY_SUBJECT 0 +# define X509_F_I2D_X509_AUX 0 +# define X509_F_LOOKUP_CERTS_SK 0 +# define X509_F_NETSCAPE_SPKI_B64_DECODE 0 +# define X509_F_NETSCAPE_SPKI_B64_ENCODE 0 +# define X509_F_NEW_DIR 0 +# define X509_F_X509AT_ADD1_ATTR 0 +# define X509_F_X509V3_ADD_EXT 0 +# define X509_F_X509_ATTRIBUTE_CREATE_BY_NID 0 +# define X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ 0 +# define X509_F_X509_ATTRIBUTE_CREATE_BY_TXT 0 +# define X509_F_X509_ATTRIBUTE_GET0_DATA 0 +# define X509_F_X509_ATTRIBUTE_SET1_DATA 0 +# define X509_F_X509_CHECK_PRIVATE_KEY 0 +# define X509_F_X509_CRL_DIFF 0 +# define X509_F_X509_CRL_METHOD_NEW 0 +# define X509_F_X509_CRL_PRINT_FP 0 +# define X509_F_X509_EXTENSION_CREATE_BY_NID 0 +# define X509_F_X509_EXTENSION_CREATE_BY_OBJ 0 +# define X509_F_X509_GET_PUBKEY_PARAMETERS 0 +# define X509_F_X509_LOAD_CERT_CRL_FILE 0 +# define X509_F_X509_LOAD_CERT_FILE 0 +# define X509_F_X509_LOAD_CRL_FILE 0 +# define X509_F_X509_LOOKUP_METH_NEW 0 +# define X509_F_X509_LOOKUP_NEW 0 +# define X509_F_X509_NAME_ADD_ENTRY 0 +# define X509_F_X509_NAME_CANON 0 +# define X509_F_X509_NAME_ENTRY_CREATE_BY_NID 0 +# define X509_F_X509_NAME_ENTRY_CREATE_BY_TXT 0 +# define X509_F_X509_NAME_ENTRY_SET_OBJECT 0 +# define X509_F_X509_NAME_ONELINE 0 +# define X509_F_X509_NAME_PRINT 0 +# define X509_F_X509_OBJECT_NEW 0 +# define X509_F_X509_PRINT_EX_FP 0 +# define X509_F_X509_PUBKEY_DECODE 0 +# define X509_F_X509_PUBKEY_GET0 0 +# define X509_F_X509_PUBKEY_SET 0 +# define X509_F_X509_REQ_CHECK_PRIVATE_KEY 0 +# define X509_F_X509_REQ_PRINT_EX 0 +# define X509_F_X509_REQ_PRINT_FP 0 +# define X509_F_X509_REQ_TO_X509 0 +# define X509_F_X509_REQ_VERIFY 0 +# define X509_F_X509_REQ_VERIFY_SM2 0 +# define X509_F_X509_STORE_ADD_CERT 0 +# define X509_F_X509_STORE_ADD_CRL 0 +# define X509_F_X509_STORE_ADD_LOOKUP 0 +# define X509_F_X509_STORE_CTX_GET1_ISSUER 0 +# define X509_F_X509_STORE_CTX_INIT 0 +# define X509_F_X509_STORE_CTX_NEW 0 +# define X509_F_X509_STORE_CTX_PURPOSE_INHERIT 0 +# define X509_F_X509_STORE_NEW 0 +# define X509_F_X509_TO_X509_REQ 0 +# define X509_F_X509_TRUST_ADD 0 +# define X509_F_X509_TRUST_SET 0 +# define X509_F_X509_VERIFY 0 +# define X509_F_X509_VERIFY_CERT 0 +# define X509_F_X509_VERIFY_PARAM_NEW 0 +# define X509_F_X509_VERIFY_SM2 0 +# endif + +/* + * X509 reason codes. + */ +# define X509_R_AKID_MISMATCH 110 +# define X509_R_BAD_SELECTOR 133 +# define X509_R_BAD_X509_FILETYPE 100 +# define X509_R_BASE64_DECODE_ERROR 118 +# define X509_R_CANT_CHECK_DH_KEY 114 +# define X509_R_CERT_ALREADY_IN_HASH_TABLE 101 +# define X509_R_CERTIFICATE_VERIFICATION_FAILED 139 +# define X509_R_CRL_ALREADY_DELTA 127 +# define X509_R_CRL_VERIFY_FAILURE 131 +# define X509_R_IDP_MISMATCH 128 +# define X509_R_INVALID_ATTRIBUTES 138 +# define X509_R_INVALID_DIRECTORY 113 +# define X509_R_INVALID_FIELD_NAME 119 +# define X509_R_INVALID_TRUST 123 +# define X509_R_ISSUER_MISMATCH 129 +# define X509_R_KEY_TYPE_MISMATCH 115 +# define X509_R_KEY_VALUES_MISMATCH 116 +# define X509_R_LOADING_CERT_DIR 103 +# define X509_R_LOADING_DEFAULTS 104 +# define X509_R_METHOD_NOT_SUPPORTED 124 +# define X509_R_NAME_TOO_LONG 134 +# define X509_R_NEWER_CRL_NOT_NEWER 132 +# define X509_R_NO_CERTIFICATE_FOUND 135 +# define X509_R_NO_CERTIFICATE_OR_CRL_FOUND 136 +# define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105 +# define X509_R_NO_CRL_FOUND 137 +# define X509_R_NO_CRL_NUMBER 130 +# define X509_R_PUBLIC_KEY_DECODE_ERROR 125 +# define X509_R_PUBLIC_KEY_ENCODE_ERROR 126 +# define X509_R_SHOULD_RETRY 106 +# define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN 107 +# define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY 108 +# define X509_R_UNKNOWN_KEY_TYPE 117 +# define X509_R_UNKNOWN_NID 109 +# define X509_R_UNKNOWN_PURPOSE_ID 121 +# define X509_R_UNKNOWN_TRUST_ID 120 +# define X509_R_UNSUPPORTED_ALGORITHM 111 +# define X509_R_WRONG_LOOKUP_TYPE 112 +# define X509_R_WRONG_TYPE 122 + +#endif diff --git a/linux_amd64/include/openssl/x509v3.h b/linux_amd64/include/openssl/x509v3.h new file mode 100644 index 0000000..a400486 --- /dev/null +++ b/linux_amd64/include/openssl/x509v3.h @@ -0,0 +1,943 @@ +/* + * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_X509V3_H +# define OPENSSL_X509V3_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_X509V3_H +# endif + +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* Forward reference */ +struct v3_ext_method; +struct v3_ext_ctx; + +/* Useful typedefs */ + +typedef void *(*X509V3_EXT_NEW)(void); +typedef void (*X509V3_EXT_FREE) (void *); +typedef void *(*X509V3_EXT_D2I)(void *, const unsigned char **, long); +typedef int (*X509V3_EXT_I2D) (const void *, unsigned char **); +typedef STACK_OF(CONF_VALUE) * + (*X509V3_EXT_I2V) (const struct v3_ext_method *method, void *ext, + STACK_OF(CONF_VALUE) *extlist); +typedef void *(*X509V3_EXT_V2I)(const struct v3_ext_method *method, + struct v3_ext_ctx *ctx, + STACK_OF(CONF_VALUE) *values); +typedef char *(*X509V3_EXT_I2S)(const struct v3_ext_method *method, + void *ext); +typedef void *(*X509V3_EXT_S2I)(const struct v3_ext_method *method, + struct v3_ext_ctx *ctx, const char *str); +typedef int (*X509V3_EXT_I2R) (const struct v3_ext_method *method, void *ext, + BIO *out, int indent); +typedef void *(*X509V3_EXT_R2I)(const struct v3_ext_method *method, + struct v3_ext_ctx *ctx, const char *str); + +/* V3 extension structure */ + +struct v3_ext_method { + int ext_nid; + int ext_flags; +/* If this is set the following four fields are ignored */ + ASN1_ITEM_EXP *it; +/* Old style ASN1 calls */ + X509V3_EXT_NEW ext_new; + X509V3_EXT_FREE ext_free; + X509V3_EXT_D2I d2i; + X509V3_EXT_I2D i2d; +/* The following pair is used for string extensions */ + X509V3_EXT_I2S i2s; + X509V3_EXT_S2I s2i; +/* The following pair is used for multi-valued extensions */ + X509V3_EXT_I2V i2v; + X509V3_EXT_V2I v2i; +/* The following are used for raw extensions */ + X509V3_EXT_I2R i2r; + X509V3_EXT_R2I r2i; + void *usr_data; /* Any extension specific data */ +}; + +typedef struct X509V3_CONF_METHOD_st { + char *(*get_string) (void *db, const char *section, const char *value); + STACK_OF(CONF_VALUE) *(*get_section) (void *db, const char *section); + void (*free_string) (void *db, char *string); + void (*free_section) (void *db, STACK_OF(CONF_VALUE) *section); +} X509V3_CONF_METHOD; + +/* Context specific info */ +struct v3_ext_ctx { +# define CTX_TEST 0x1 +# define X509V3_CTX_REPLACE 0x2 + int flags; + X509 *issuer_cert; + X509 *subject_cert; + X509_REQ *subject_req; + X509_CRL *crl; + X509V3_CONF_METHOD *db_meth; + void *db; +/* Maybe more here */ +}; + +typedef struct v3_ext_method X509V3_EXT_METHOD; + +DEFINE_STACK_OF(X509V3_EXT_METHOD) + +/* ext_flags values */ +# define X509V3_EXT_DYNAMIC 0x1 +# define X509V3_EXT_CTX_DEP 0x2 +# define X509V3_EXT_MULTILINE 0x4 + +typedef BIT_STRING_BITNAME ENUMERATED_NAMES; + +typedef struct BASIC_CONSTRAINTS_st { + int ca; + ASN1_INTEGER *pathlen; +} BASIC_CONSTRAINTS; + +typedef struct PKEY_USAGE_PERIOD_st { + ASN1_GENERALIZEDTIME *notBefore; + ASN1_GENERALIZEDTIME *notAfter; +} PKEY_USAGE_PERIOD; + +typedef struct otherName_st { + ASN1_OBJECT *type_id; + ASN1_TYPE *value; +} OTHERNAME; + +typedef struct EDIPartyName_st { + ASN1_STRING *nameAssigner; + ASN1_STRING *partyName; +} EDIPARTYNAME; + +typedef struct GENERAL_NAME_st { +# define GEN_OTHERNAME 0 +# define GEN_EMAIL 1 +# define GEN_DNS 2 +# define GEN_X400 3 +# define GEN_DIRNAME 4 +# define GEN_EDIPARTY 5 +# define GEN_URI 6 +# define GEN_IPADD 7 +# define GEN_RID 8 + int type; + union { + char *ptr; + OTHERNAME *otherName; /* otherName */ + ASN1_IA5STRING *rfc822Name; + ASN1_IA5STRING *dNSName; + ASN1_TYPE *x400Address; + X509_NAME *directoryName; + EDIPARTYNAME *ediPartyName; + ASN1_IA5STRING *uniformResourceIdentifier; + ASN1_OCTET_STRING *iPAddress; + ASN1_OBJECT *registeredID; + /* Old names */ + ASN1_OCTET_STRING *ip; /* iPAddress */ + X509_NAME *dirn; /* dirn */ + ASN1_IA5STRING *ia5; /* rfc822Name, dNSName, + * uniformResourceIdentifier */ + ASN1_OBJECT *rid; /* registeredID */ + ASN1_TYPE *other; /* x400Address */ + } d; +} GENERAL_NAME; + +typedef struct ACCESS_DESCRIPTION_st { + ASN1_OBJECT *method; + GENERAL_NAME *location; +} ACCESS_DESCRIPTION; + +typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; + +typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE; + +typedef STACK_OF(ASN1_INTEGER) TLS_FEATURE; + +DEFINE_STACK_OF(GENERAL_NAME) +typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES; +DEFINE_STACK_OF(GENERAL_NAMES) + +DEFINE_STACK_OF(ACCESS_DESCRIPTION) + +typedef struct DIST_POINT_NAME_st { + int type; + union { + GENERAL_NAMES *fullname; + STACK_OF(X509_NAME_ENTRY) *relativename; + } name; +/* If relativename then this contains the full distribution point name */ + X509_NAME *dpname; +} DIST_POINT_NAME; +/* All existing reasons */ +# define CRLDP_ALL_REASONS 0x807f + +# define CRL_REASON_NONE -1 +# define CRL_REASON_UNSPECIFIED 0 +# define CRL_REASON_KEY_COMPROMISE 1 +# define CRL_REASON_CA_COMPROMISE 2 +# define CRL_REASON_AFFILIATION_CHANGED 3 +# define CRL_REASON_SUPERSEDED 4 +# define CRL_REASON_CESSATION_OF_OPERATION 5 +# define CRL_REASON_CERTIFICATE_HOLD 6 +# define CRL_REASON_REMOVE_FROM_CRL 8 +# define CRL_REASON_PRIVILEGE_WITHDRAWN 9 +# define CRL_REASON_AA_COMPROMISE 10 + +struct DIST_POINT_st { + DIST_POINT_NAME *distpoint; + ASN1_BIT_STRING *reasons; + GENERAL_NAMES *CRLissuer; + int dp_reasons; +}; + +typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS; + +DEFINE_STACK_OF(DIST_POINT) + +struct AUTHORITY_KEYID_st { + ASN1_OCTET_STRING *keyid; + GENERAL_NAMES *issuer; + ASN1_INTEGER *serial; +}; + +/* Strong extranet structures */ + +typedef struct SXNET_ID_st { + ASN1_INTEGER *zone; + ASN1_OCTET_STRING *user; +} SXNETID; + +DEFINE_STACK_OF(SXNETID) + +typedef struct SXNET_st { + ASN1_INTEGER *version; + STACK_OF(SXNETID) *ids; +} SXNET; + +typedef struct NOTICEREF_st { + ASN1_STRING *organization; + STACK_OF(ASN1_INTEGER) *noticenos; +} NOTICEREF; + +typedef struct USERNOTICE_st { + NOTICEREF *noticeref; + ASN1_STRING *exptext; +} USERNOTICE; + +typedef struct POLICYQUALINFO_st { + ASN1_OBJECT *pqualid; + union { + ASN1_IA5STRING *cpsuri; + USERNOTICE *usernotice; + ASN1_TYPE *other; + } d; +} POLICYQUALINFO; + +DEFINE_STACK_OF(POLICYQUALINFO) + +typedef struct POLICYINFO_st { + ASN1_OBJECT *policyid; + STACK_OF(POLICYQUALINFO) *qualifiers; +} POLICYINFO; + +typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES; + +DEFINE_STACK_OF(POLICYINFO) + +typedef struct POLICY_MAPPING_st { + ASN1_OBJECT *issuerDomainPolicy; + ASN1_OBJECT *subjectDomainPolicy; +} POLICY_MAPPING; + +DEFINE_STACK_OF(POLICY_MAPPING) + +typedef STACK_OF(POLICY_MAPPING) POLICY_MAPPINGS; + +typedef struct GENERAL_SUBTREE_st { + GENERAL_NAME *base; + ASN1_INTEGER *minimum; + ASN1_INTEGER *maximum; +} GENERAL_SUBTREE; + +DEFINE_STACK_OF(GENERAL_SUBTREE) + +struct NAME_CONSTRAINTS_st { + STACK_OF(GENERAL_SUBTREE) *permittedSubtrees; + STACK_OF(GENERAL_SUBTREE) *excludedSubtrees; +}; + +typedef struct POLICY_CONSTRAINTS_st { + ASN1_INTEGER *requireExplicitPolicy; + ASN1_INTEGER *inhibitPolicyMapping; +} POLICY_CONSTRAINTS; + +/* Proxy certificate structures, see RFC 3820 */ +typedef struct PROXY_POLICY_st { + ASN1_OBJECT *policyLanguage; + ASN1_OCTET_STRING *policy; +} PROXY_POLICY; + +typedef struct PROXY_CERT_INFO_EXTENSION_st { + ASN1_INTEGER *pcPathLengthConstraint; + PROXY_POLICY *proxyPolicy; +} PROXY_CERT_INFO_EXTENSION; + +DECLARE_ASN1_FUNCTIONS(PROXY_POLICY) +DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION) + +struct ISSUING_DIST_POINT_st { + DIST_POINT_NAME *distpoint; + int onlyuser; + int onlyCA; + ASN1_BIT_STRING *onlysomereasons; + int indirectCRL; + int onlyattr; +}; + +/* Values in idp_flags field */ +/* IDP present */ +# define IDP_PRESENT 0x1 +/* IDP values inconsistent */ +# define IDP_INVALID 0x2 +/* onlyuser true */ +# define IDP_ONLYUSER 0x4 +/* onlyCA true */ +# define IDP_ONLYCA 0x8 +/* onlyattr true */ +# define IDP_ONLYATTR 0x10 +/* indirectCRL true */ +# define IDP_INDIRECT 0x20 +/* onlysomereasons present */ +# define IDP_REASONS 0x40 + +# define X509V3_conf_err(val) ERR_add_error_data(6, \ + "section:", (val)->section, \ + ",name:", (val)->name, ",value:", (val)->value) + +# define X509V3_set_ctx_test(ctx) \ + X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST) +# define X509V3_set_ctx_nodb(ctx) (ctx)->db = NULL; + +# define EXT_BITSTRING(nid, table) { nid, 0, ASN1_ITEM_ref(ASN1_BIT_STRING), \ + 0,0,0,0, \ + 0,0, \ + (X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \ + (X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \ + NULL, NULL, \ + table} + +# define EXT_IA5STRING(nid) { nid, 0, ASN1_ITEM_ref(ASN1_IA5STRING), \ + 0,0,0,0, \ + (X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \ + (X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \ + 0,0,0,0, \ + NULL} + +# define EXT_END { -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} + +/* X509_PURPOSE stuff */ + +# define EXFLAG_BCONS 0x1 +# define EXFLAG_KUSAGE 0x2 +# define EXFLAG_XKUSAGE 0x4 +# define EXFLAG_NSCERT 0x8 + +# define EXFLAG_CA 0x10 +/* Really self issued not necessarily self signed */ +# define EXFLAG_SI 0x20 +# define EXFLAG_V1 0x40 +# define EXFLAG_INVALID 0x80 +/* EXFLAG_SET is set to indicate that some values have been precomputed */ +# define EXFLAG_SET 0x100 +# define EXFLAG_CRITICAL 0x200 +# define EXFLAG_PROXY 0x400 + +# define EXFLAG_INVALID_POLICY 0x800 +# define EXFLAG_FRESHEST 0x1000 +/* Self signed */ +# define EXFLAG_SS 0x2000 + +# define KU_DIGITAL_SIGNATURE 0x0080 +# define KU_NON_REPUDIATION 0x0040 +# define KU_KEY_ENCIPHERMENT 0x0020 +# define KU_DATA_ENCIPHERMENT 0x0010 +# define KU_KEY_AGREEMENT 0x0008 +# define KU_KEY_CERT_SIGN 0x0004 +# define KU_CRL_SIGN 0x0002 +# define KU_ENCIPHER_ONLY 0x0001 +# define KU_DECIPHER_ONLY 0x8000 + +# define NS_SSL_CLIENT 0x80 +# define NS_SSL_SERVER 0x40 +# define NS_SMIME 0x20 +# define NS_OBJSIGN 0x10 +# define NS_SSL_CA 0x04 +# define NS_SMIME_CA 0x02 +# define NS_OBJSIGN_CA 0x01 +# define NS_ANY_CA (NS_SSL_CA|NS_SMIME_CA|NS_OBJSIGN_CA) + +# define XKU_SSL_SERVER 0x1 +# define XKU_SSL_CLIENT 0x2 +# define XKU_SMIME 0x4 +# define XKU_CODE_SIGN 0x8 +# define XKU_SGC 0x10 +# define XKU_OCSP_SIGN 0x20 +# define XKU_TIMESTAMP 0x40 +# define XKU_DVCS 0x80 +# define XKU_ANYEKU 0x100 + +# define X509_PURPOSE_DYNAMIC 0x1 +# define X509_PURPOSE_DYNAMIC_NAME 0x2 + +typedef struct x509_purpose_st { + int purpose; + int trust; /* Default trust ID */ + int flags; + int (*check_purpose) (const struct x509_purpose_st *, const X509 *, int); + char *name; + char *sname; + void *usr_data; +} X509_PURPOSE; + +# define X509_PURPOSE_SSL_CLIENT 1 +# define X509_PURPOSE_SSL_SERVER 2 +# define X509_PURPOSE_NS_SSL_SERVER 3 +# define X509_PURPOSE_SMIME_SIGN 4 +# define X509_PURPOSE_SMIME_ENCRYPT 5 +# define X509_PURPOSE_CRL_SIGN 6 +# define X509_PURPOSE_ANY 7 +# define X509_PURPOSE_OCSP_HELPER 8 +# define X509_PURPOSE_TIMESTAMP_SIGN 9 + +# define X509_PURPOSE_MIN 1 +# define X509_PURPOSE_MAX 9 + +/* Flags for X509V3_EXT_print() */ + +# define X509V3_EXT_UNKNOWN_MASK (0xfL << 16) +/* Return error for unknown extensions */ +# define X509V3_EXT_DEFAULT 0 +/* Print error for unknown extensions */ +# define X509V3_EXT_ERROR_UNKNOWN (1L << 16) +/* ASN1 parse unknown extensions */ +# define X509V3_EXT_PARSE_UNKNOWN (2L << 16) +/* BIO_dump unknown extensions */ +# define X509V3_EXT_DUMP_UNKNOWN (3L << 16) + +/* Flags for X509V3_add1_i2d */ + +# define X509V3_ADD_OP_MASK 0xfL +# define X509V3_ADD_DEFAULT 0L +# define X509V3_ADD_APPEND 1L +# define X509V3_ADD_REPLACE 2L +# define X509V3_ADD_REPLACE_EXISTING 3L +# define X509V3_ADD_KEEP_EXISTING 4L +# define X509V3_ADD_DELETE 5L +# define X509V3_ADD_SILENT 0x10 + +DEFINE_STACK_OF(X509_PURPOSE) + +DECLARE_ASN1_FUNCTIONS(BASIC_CONSTRAINTS) + +DECLARE_ASN1_FUNCTIONS(SXNET) +DECLARE_ASN1_FUNCTIONS(SXNETID) + +int SXNET_add_id_asc(SXNET **psx, const char *zone, const char *user, int userlen); +int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, const char *user, + int userlen); +int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, const char *user, + int userlen); + +ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, const char *zone); +ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone); +ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone); + +DECLARE_ASN1_FUNCTIONS(AUTHORITY_KEYID) + +DECLARE_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD) + +DECLARE_ASN1_FUNCTIONS(GENERAL_NAME) +DECLARE_ASN1_DUP_FUNCTION(GENERAL_NAME) +int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b); + +ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *nval); +STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, + ASN1_BIT_STRING *bits, + STACK_OF(CONF_VALUE) *extlist); +char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5); +ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, const char *str); + +STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, + GENERAL_NAME *gen, + STACK_OF(CONF_VALUE) *ret); +int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen); + +DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES) + +STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, + GENERAL_NAMES *gen, + STACK_OF(CONF_VALUE) *extlist); +GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); + +DECLARE_ASN1_FUNCTIONS(OTHERNAME) +DECLARE_ASN1_FUNCTIONS(EDIPARTYNAME) +int OTHERNAME_cmp(OTHERNAME *a, OTHERNAME *b); +void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value); +void *GENERAL_NAME_get0_value(const GENERAL_NAME *a, int *ptype); +int GENERAL_NAME_set0_othername(GENERAL_NAME *gen, + ASN1_OBJECT *oid, ASN1_TYPE *value); +int GENERAL_NAME_get0_otherName(const GENERAL_NAME *gen, + ASN1_OBJECT **poid, ASN1_TYPE **pvalue); + +char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, + const ASN1_OCTET_STRING *ia5); +ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, const char *str); + +DECLARE_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE) +int i2a_ACCESS_DESCRIPTION(BIO *bp, const ACCESS_DESCRIPTION *a); + +DECLARE_ASN1_ALLOC_FUNCTIONS(TLS_FEATURE) + +DECLARE_ASN1_FUNCTIONS(CERTIFICATEPOLICIES) +DECLARE_ASN1_FUNCTIONS(POLICYINFO) +DECLARE_ASN1_FUNCTIONS(POLICYQUALINFO) +DECLARE_ASN1_FUNCTIONS(USERNOTICE) +DECLARE_ASN1_FUNCTIONS(NOTICEREF) + +DECLARE_ASN1_FUNCTIONS(CRL_DIST_POINTS) +DECLARE_ASN1_FUNCTIONS(DIST_POINT) +DECLARE_ASN1_FUNCTIONS(DIST_POINT_NAME) +DECLARE_ASN1_FUNCTIONS(ISSUING_DIST_POINT) + +int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname); + +int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc); +int NAME_CONSTRAINTS_check_CN(X509 *x, NAME_CONSTRAINTS *nc); + +DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION) +DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS) + +DECLARE_ASN1_ITEM(POLICY_MAPPING) +DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING) +DECLARE_ASN1_ITEM(POLICY_MAPPINGS) + +DECLARE_ASN1_ITEM(GENERAL_SUBTREE) +DECLARE_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE) + +DECLARE_ASN1_ITEM(NAME_CONSTRAINTS) +DECLARE_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS) + +DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS) +DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS) + +GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out, + const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, int gen_type, + const char *value, int is_nc); + +# ifdef OPENSSL_CONF_H +GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, CONF_VALUE *cnf); +GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, + const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, CONF_VALUE *cnf, + int is_nc); +void X509V3_conf_free(CONF_VALUE *val); + +X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, + const char *value); +X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, const char *name, + const char *value); +int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section, + STACK_OF(X509_EXTENSION) **sk); +int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, + X509 *cert); +int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, + X509_REQ *req); +int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, + X509_CRL *crl); + +X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, + X509V3_CTX *ctx, int ext_nid, + const char *value); +X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + const char *name, const char *value); +int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + const char *section, X509 *cert); +int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + const char *section, X509_REQ *req); +int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + const char *section, X509_CRL *crl); + +int X509V3_add_value_bool_nf(const char *name, int asn1_bool, + STACK_OF(CONF_VALUE) **extlist); +int X509V3_get_value_bool(const CONF_VALUE *value, int *asn1_bool); +int X509V3_get_value_int(const CONF_VALUE *value, ASN1_INTEGER **aint); +void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf); +void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash); +# endif + +char *X509V3_get_string(X509V3_CTX *ctx, const char *name, const char *section); +STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, const char *section); +void X509V3_string_free(X509V3_CTX *ctx, char *str); +void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section); +void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject, + X509_REQ *req, X509_CRL *crl, int flags); + +int X509V3_add_value(const char *name, const char *value, + STACK_OF(CONF_VALUE) **extlist); +int X509V3_add_value_uchar(const char *name, const unsigned char *value, + STACK_OF(CONF_VALUE) **extlist); +int X509V3_add_value_bool(const char *name, int asn1_bool, + STACK_OF(CONF_VALUE) **extlist); +int X509V3_add_value_int(const char *name, const ASN1_INTEGER *aint, + STACK_OF(CONF_VALUE) **extlist); +char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const ASN1_INTEGER *aint); +ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const char *value); +char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, const ASN1_ENUMERATED *aint); +char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth, + const ASN1_ENUMERATED *aint); +int X509V3_EXT_add(X509V3_EXT_METHOD *ext); +int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist); +int X509V3_EXT_add_alias(int nid_to, int nid_from); +void X509V3_EXT_cleanup(void); + +const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext); +const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid); +int X509V3_add_standard_extensions(void); +STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line); +void *X509V3_EXT_d2i(X509_EXTENSION *ext); +void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit, + int *idx); + +X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc); +int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, + int crit, unsigned long flags); + +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +/* The new declarations are in crypto.h, but the old ones were here. */ +# define hex_to_string OPENSSL_buf2hexstr +# define string_to_hex OPENSSL_hexstr2buf +#endif + +void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, + int ml); +int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, + int indent); +#ifndef OPENSSL_NO_STDIO +int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent); +#endif +int X509V3_extensions_print(BIO *out, const char *title, + const STACK_OF(X509_EXTENSION) *exts, + unsigned long flag, int indent); + +int X509_check_ca(X509 *x); +int X509_check_purpose(X509 *x, int id, int ca); +int X509_supported_extension(X509_EXTENSION *ex); +int X509_PURPOSE_set(int *p, int purpose); +int X509_check_issued(X509 *issuer, X509 *subject); +int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid); +void X509_set_proxy_flag(X509 *x); +void X509_set_proxy_pathlen(X509 *x, long l); +long X509_get_proxy_pathlen(X509 *x); + +uint32_t X509_get_extension_flags(X509 *x); +uint32_t X509_get_key_usage(X509 *x); +uint32_t X509_get_extended_key_usage(X509 *x); +const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x); +const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x); +const GENERAL_NAMES *X509_get0_authority_issuer(X509 *x); +const ASN1_INTEGER *X509_get0_authority_serial(X509 *x); + +int X509_PURPOSE_get_count(void); +X509_PURPOSE *X509_PURPOSE_get0(int idx); +int X509_PURPOSE_get_by_sname(const char *sname); +int X509_PURPOSE_get_by_id(int id); +int X509_PURPOSE_add(int id, int trust, int flags, + int (*ck) (const X509_PURPOSE *, const X509 *, int), + const char *name, const char *sname, void *arg); +char *X509_PURPOSE_get0_name(const X509_PURPOSE *xp); +char *X509_PURPOSE_get0_sname(const X509_PURPOSE *xp); +int X509_PURPOSE_get_trust(const X509_PURPOSE *xp); +void X509_PURPOSE_cleanup(void); +int X509_PURPOSE_get_id(const X509_PURPOSE *); + +STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x); +STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x); +void X509_email_free(STACK_OF(OPENSSL_STRING) *sk); +STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x); +/* Flags for X509_check_* functions */ + +/* + * Always check subject name for host match even if subject alt names present + */ +# define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT 0x1 +/* Disable wildcard matching for dnsName fields and common name. */ +# define X509_CHECK_FLAG_NO_WILDCARDS 0x2 +/* Wildcards must not match a partial label. */ +# define X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS 0x4 +/* Allow (non-partial) wildcards to match multiple labels. */ +# define X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS 0x8 +/* Constraint verifier subdomain patterns to match a single labels. */ +# define X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS 0x10 +/* Never check the subject CN */ +# define X509_CHECK_FLAG_NEVER_CHECK_SUBJECT 0x20 +/* + * Match reference identifiers starting with "." to any sub-domain. + * This is a non-public flag, turned on implicitly when the subject + * reference identity is a DNS name. + */ +# define _X509_CHECK_FLAG_DOT_SUBDOMAINS 0x8000 + +int X509_check_host(X509 *x, const char *chk, size_t chklen, + unsigned int flags, char **peername); +int X509_check_email(X509 *x, const char *chk, size_t chklen, + unsigned int flags); +int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen, + unsigned int flags); +int X509_check_ip_asc(X509 *x, const char *ipasc, unsigned int flags); + +ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc); +ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc); +int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk, + unsigned long chtype); + +void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent); +DEFINE_STACK_OF(X509_POLICY_NODE) + +#ifndef OPENSSL_NO_RFC3779 +typedef struct ASRange_st { + ASN1_INTEGER *min, *max; +} ASRange; + +# define ASIdOrRange_id 0 +# define ASIdOrRange_range 1 + +typedef struct ASIdOrRange_st { + int type; + union { + ASN1_INTEGER *id; + ASRange *range; + } u; +} ASIdOrRange; + +typedef STACK_OF(ASIdOrRange) ASIdOrRanges; +DEFINE_STACK_OF(ASIdOrRange) + +# define ASIdentifierChoice_inherit 0 +# define ASIdentifierChoice_asIdsOrRanges 1 + +typedef struct ASIdentifierChoice_st { + int type; + union { + ASN1_NULL *inherit; + ASIdOrRanges *asIdsOrRanges; + } u; +} ASIdentifierChoice; + +typedef struct ASIdentifiers_st { + ASIdentifierChoice *asnum, *rdi; +} ASIdentifiers; + +DECLARE_ASN1_FUNCTIONS(ASRange) +DECLARE_ASN1_FUNCTIONS(ASIdOrRange) +DECLARE_ASN1_FUNCTIONS(ASIdentifierChoice) +DECLARE_ASN1_FUNCTIONS(ASIdentifiers) + +typedef struct IPAddressRange_st { + ASN1_BIT_STRING *min, *max; +} IPAddressRange; + +# define IPAddressOrRange_addressPrefix 0 +# define IPAddressOrRange_addressRange 1 + +typedef struct IPAddressOrRange_st { + int type; + union { + ASN1_BIT_STRING *addressPrefix; + IPAddressRange *addressRange; + } u; +} IPAddressOrRange; + +typedef STACK_OF(IPAddressOrRange) IPAddressOrRanges; +DEFINE_STACK_OF(IPAddressOrRange) + +# define IPAddressChoice_inherit 0 +# define IPAddressChoice_addressesOrRanges 1 + +typedef struct IPAddressChoice_st { + int type; + union { + ASN1_NULL *inherit; + IPAddressOrRanges *addressesOrRanges; + } u; +} IPAddressChoice; + +typedef struct IPAddressFamily_st { + ASN1_OCTET_STRING *addressFamily; + IPAddressChoice *ipAddressChoice; +} IPAddressFamily; + +typedef STACK_OF(IPAddressFamily) IPAddrBlocks; +DEFINE_STACK_OF(IPAddressFamily) + +DECLARE_ASN1_FUNCTIONS(IPAddressRange) +DECLARE_ASN1_FUNCTIONS(IPAddressOrRange) +DECLARE_ASN1_FUNCTIONS(IPAddressChoice) +DECLARE_ASN1_FUNCTIONS(IPAddressFamily) + +/* + * API tag for elements of the ASIdentifer SEQUENCE. + */ +# define V3_ASID_ASNUM 0 +# define V3_ASID_RDI 1 + +/* + * AFI values, assigned by IANA. It'd be nice to make the AFI + * handling code totally generic, but there are too many little things + * that would need to be defined for other address families for it to + * be worth the trouble. + */ +# define IANA_AFI_IPV4 1 +# define IANA_AFI_IPV6 2 + +/* + * Utilities to construct and extract values from RFC3779 extensions, + * since some of the encodings (particularly for IP address prefixes + * and ranges) are a bit tedious to work with directly. + */ +int X509v3_asid_add_inherit(ASIdentifiers *asid, int which); +int X509v3_asid_add_id_or_range(ASIdentifiers *asid, int which, + ASN1_INTEGER *min, ASN1_INTEGER *max); +int X509v3_addr_add_inherit(IPAddrBlocks *addr, + const unsigned afi, const unsigned *safi); +int X509v3_addr_add_prefix(IPAddrBlocks *addr, + const unsigned afi, const unsigned *safi, + unsigned char *a, const int prefixlen); +int X509v3_addr_add_range(IPAddrBlocks *addr, + const unsigned afi, const unsigned *safi, + unsigned char *min, unsigned char *max); +unsigned X509v3_addr_get_afi(const IPAddressFamily *f); +int X509v3_addr_get_range(IPAddressOrRange *aor, const unsigned afi, + unsigned char *min, unsigned char *max, + const int length); + +/* + * Canonical forms. + */ +int X509v3_asid_is_canonical(ASIdentifiers *asid); +int X509v3_addr_is_canonical(IPAddrBlocks *addr); +int X509v3_asid_canonize(ASIdentifiers *asid); +int X509v3_addr_canonize(IPAddrBlocks *addr); + +/* + * Tests for inheritance and containment. + */ +int X509v3_asid_inherits(ASIdentifiers *asid); +int X509v3_addr_inherits(IPAddrBlocks *addr); +int X509v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b); +int X509v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b); + +/* + * Check whether RFC 3779 extensions nest properly in chains. + */ +int X509v3_asid_validate_path(X509_STORE_CTX *); +int X509v3_addr_validate_path(X509_STORE_CTX *); +int X509v3_asid_validate_resource_set(STACK_OF(X509) *chain, + ASIdentifiers *ext, + int allow_inheritance); +int X509v3_addr_validate_resource_set(STACK_OF(X509) *chain, + IPAddrBlocks *ext, int allow_inheritance); + +#endif /* OPENSSL_NO_RFC3779 */ + +DEFINE_STACK_OF(ASN1_STRING) + +/* + * Admission Syntax + */ +typedef struct NamingAuthority_st NAMING_AUTHORITY; +typedef struct ProfessionInfo_st PROFESSION_INFO; +typedef struct Admissions_st ADMISSIONS; +typedef struct AdmissionSyntax_st ADMISSION_SYNTAX; +DECLARE_ASN1_FUNCTIONS(NAMING_AUTHORITY) +DECLARE_ASN1_FUNCTIONS(PROFESSION_INFO) +DECLARE_ASN1_FUNCTIONS(ADMISSIONS) +DECLARE_ASN1_FUNCTIONS(ADMISSION_SYNTAX) +DEFINE_STACK_OF(ADMISSIONS) +DEFINE_STACK_OF(PROFESSION_INFO) +typedef STACK_OF(PROFESSION_INFO) PROFESSION_INFOS; + +const ASN1_OBJECT *NAMING_AUTHORITY_get0_authorityId( + const NAMING_AUTHORITY *n); +const ASN1_IA5STRING *NAMING_AUTHORITY_get0_authorityURL( + const NAMING_AUTHORITY *n); +const ASN1_STRING *NAMING_AUTHORITY_get0_authorityText( + const NAMING_AUTHORITY *n); +void NAMING_AUTHORITY_set0_authorityId(NAMING_AUTHORITY *n, + ASN1_OBJECT* namingAuthorityId); +void NAMING_AUTHORITY_set0_authorityURL(NAMING_AUTHORITY *n, + ASN1_IA5STRING* namingAuthorityUrl); +void NAMING_AUTHORITY_set0_authorityText(NAMING_AUTHORITY *n, + ASN1_STRING* namingAuthorityText); + +const GENERAL_NAME *ADMISSION_SYNTAX_get0_admissionAuthority( + const ADMISSION_SYNTAX *as); +void ADMISSION_SYNTAX_set0_admissionAuthority( + ADMISSION_SYNTAX *as, GENERAL_NAME *aa); +const STACK_OF(ADMISSIONS) *ADMISSION_SYNTAX_get0_contentsOfAdmissions( + const ADMISSION_SYNTAX *as); +void ADMISSION_SYNTAX_set0_contentsOfAdmissions( + ADMISSION_SYNTAX *as, STACK_OF(ADMISSIONS) *a); +const GENERAL_NAME *ADMISSIONS_get0_admissionAuthority(const ADMISSIONS *a); +void ADMISSIONS_set0_admissionAuthority(ADMISSIONS *a, GENERAL_NAME *aa); +const NAMING_AUTHORITY *ADMISSIONS_get0_namingAuthority(const ADMISSIONS *a); +void ADMISSIONS_set0_namingAuthority(ADMISSIONS *a, NAMING_AUTHORITY *na); +const PROFESSION_INFOS *ADMISSIONS_get0_professionInfos(const ADMISSIONS *a); +void ADMISSIONS_set0_professionInfos(ADMISSIONS *a, PROFESSION_INFOS *pi); +const ASN1_OCTET_STRING *PROFESSION_INFO_get0_addProfessionInfo( + const PROFESSION_INFO *pi); +void PROFESSION_INFO_set0_addProfessionInfo( + PROFESSION_INFO *pi, ASN1_OCTET_STRING *aos); +const NAMING_AUTHORITY *PROFESSION_INFO_get0_namingAuthority( + const PROFESSION_INFO *pi); +void PROFESSION_INFO_set0_namingAuthority( + PROFESSION_INFO *pi, NAMING_AUTHORITY *na); +const STACK_OF(ASN1_STRING) *PROFESSION_INFO_get0_professionItems( + const PROFESSION_INFO *pi); +void PROFESSION_INFO_set0_professionItems( + PROFESSION_INFO *pi, STACK_OF(ASN1_STRING) *as); +const STACK_OF(ASN1_OBJECT) *PROFESSION_INFO_get0_professionOIDs( + const PROFESSION_INFO *pi); +void PROFESSION_INFO_set0_professionOIDs( + PROFESSION_INFO *pi, STACK_OF(ASN1_OBJECT) *po); +const ASN1_PRINTABLESTRING *PROFESSION_INFO_get0_registrationNumber( + const PROFESSION_INFO *pi); +void PROFESSION_INFO_set0_registrationNumber( + PROFESSION_INFO *pi, ASN1_PRINTABLESTRING *rn); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/linux_amd64/include/openssl/x509v3err.h b/linux_amd64/include/openssl/x509v3err.h new file mode 100644 index 0000000..6e73337 --- /dev/null +++ b/linux_amd64/include/openssl/x509v3err.h @@ -0,0 +1,172 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_X509V3ERR_H +# define OPENSSL_X509V3ERR_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_X509V3ERR_H +# endif + +# include +# include + + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_X509V3_strings(void); + +/* + * X509V3 function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define X509V3_F_A2I_GENERAL_NAME 0 +# define X509V3_F_ADDR_VALIDATE_PATH_INTERNAL 0 +# define X509V3_F_ASIDENTIFIERCHOICE_CANONIZE 0 +# define X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL 0 +# define X509V3_F_BIGNUM_TO_STRING 0 +# define X509V3_F_COPY_EMAIL 0 +# define X509V3_F_COPY_ISSUER 0 +# define X509V3_F_DO_DIRNAME 0 +# define X509V3_F_DO_EXT_I2D 0 +# define X509V3_F_DO_EXT_NCONF 0 +# define X509V3_F_GNAMES_FROM_SECTNAME 0 +# define X509V3_F_I2S_ASN1_ENUMERATED 0 +# define X509V3_F_I2S_ASN1_IA5STRING 0 +# define X509V3_F_I2S_ASN1_INTEGER 0 +# define X509V3_F_I2S_ASN1_UTF8STRING 0 +# define X509V3_F_I2V_AUTHORITY_INFO_ACCESS 0 +# define X509V3_F_LEVEL_ADD_NODE 0 +# define X509V3_F_NOTICE_SECTION 0 +# define X509V3_F_NREF_NOS 0 +# define X509V3_F_POLICY_CACHE_CREATE 0 +# define X509V3_F_POLICY_CACHE_NEW 0 +# define X509V3_F_POLICY_DATA_NEW 0 +# define X509V3_F_POLICY_SECTION 0 +# define X509V3_F_PROCESS_PCI_VALUE 0 +# define X509V3_F_R2I_CERTPOL 0 +# define X509V3_F_R2I_PCI 0 +# define X509V3_F_S2I_ASN1_IA5STRING 0 +# define X509V3_F_S2I_ASN1_INTEGER 0 +# define X509V3_F_S2I_ASN1_OCTET_STRING 0 +# define X509V3_F_S2I_ASN1_UTF8STRING 0 +# define X509V3_F_S2I_SKEY_ID 0 +# define X509V3_F_SET_DIST_POINT_NAME 0 +# define X509V3_F_SXNET_ADD_ID_ASC 0 +# define X509V3_F_SXNET_ADD_ID_INTEGER 0 +# define X509V3_F_SXNET_ADD_ID_ULONG 0 +# define X509V3_F_SXNET_GET_ID_ASC 0 +# define X509V3_F_SXNET_GET_ID_ULONG 0 +# define X509V3_F_TREE_INIT 0 +# define X509V3_F_V2I_ASIDENTIFIERS 0 +# define X509V3_F_V2I_ASN1_BIT_STRING 0 +# define X509V3_F_V2I_AUTHORITY_INFO_ACCESS 0 +# define X509V3_F_V2I_AUTHORITY_KEYID 0 +# define X509V3_F_V2I_BASIC_CONSTRAINTS 0 +# define X509V3_F_V2I_CRLD 0 +# define X509V3_F_V2I_EXTENDED_KEY_USAGE 0 +# define X509V3_F_V2I_GENERAL_NAMES 0 +# define X509V3_F_V2I_GENERAL_NAME_EX 0 +# define X509V3_F_V2I_IDP 0 +# define X509V3_F_V2I_IPADDRBLOCKS 0 +# define X509V3_F_V2I_ISSUER_ALT 0 +# define X509V3_F_V2I_NAME_CONSTRAINTS 0 +# define X509V3_F_V2I_POLICY_CONSTRAINTS 0 +# define X509V3_F_V2I_POLICY_MAPPINGS 0 +# define X509V3_F_V2I_SUBJECT_ALT 0 +# define X509V3_F_V2I_TLS_FEATURE 0 +# define X509V3_F_V3_GENERIC_EXTENSION 0 +# define X509V3_F_X509V3_ADD1_I2D 0 +# define X509V3_F_X509V3_ADD_VALUE 0 +# define X509V3_F_X509V3_EXT_ADD 0 +# define X509V3_F_X509V3_EXT_ADD_ALIAS 0 +# define X509V3_F_X509V3_EXT_I2D 0 +# define X509V3_F_X509V3_EXT_NCONF 0 +# define X509V3_F_X509V3_GET_SECTION 0 +# define X509V3_F_X509V3_GET_STRING 0 +# define X509V3_F_X509V3_GET_VALUE_BOOL 0 +# define X509V3_F_X509V3_PARSE_LIST 0 +# define X509V3_F_X509_PURPOSE_ADD 0 +# define X509V3_F_X509_PURPOSE_SET 0 +# endif + +/* + * X509V3 reason codes. + */ +# define X509V3_R_BAD_IP_ADDRESS 118 +# define X509V3_R_BAD_OBJECT 119 +# define X509V3_R_BN_DEC2BN_ERROR 100 +# define X509V3_R_BN_TO_ASN1_INTEGER_ERROR 101 +# define X509V3_R_DIRNAME_ERROR 149 +# define X509V3_R_DISTPOINT_ALREADY_SET 160 +# define X509V3_R_DUPLICATE_ZONE_ID 133 +# define X509V3_R_ERROR_CONVERTING_ZONE 131 +# define X509V3_R_ERROR_CREATING_EXTENSION 144 +# define X509V3_R_ERROR_IN_EXTENSION 128 +# define X509V3_R_EXPECTED_A_SECTION_NAME 137 +# define X509V3_R_EXTENSION_EXISTS 145 +# define X509V3_R_EXTENSION_NAME_ERROR 115 +# define X509V3_R_EXTENSION_NOT_FOUND 102 +# define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED 103 +# define X509V3_R_EXTENSION_VALUE_ERROR 116 +# define X509V3_R_ILLEGAL_EMPTY_EXTENSION 151 +# define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG 152 +# define X509V3_R_INVALID_ASNUMBER 162 +# define X509V3_R_INVALID_ASRANGE 163 +# define X509V3_R_INVALID_BOOLEAN_STRING 104 +# define X509V3_R_INVALID_EXTENSION_STRING 105 +# define X509V3_R_INVALID_INHERITANCE 165 +# define X509V3_R_INVALID_IPADDRESS 166 +# define X509V3_R_INVALID_MULTIPLE_RDNS 161 +# define X509V3_R_INVALID_NAME 106 +# define X509V3_R_INVALID_NULL_ARGUMENT 107 +# define X509V3_R_INVALID_NULL_NAME 108 +# define X509V3_R_INVALID_NULL_VALUE 109 +# define X509V3_R_INVALID_NUMBER 140 +# define X509V3_R_INVALID_NUMBERS 141 +# define X509V3_R_INVALID_OBJECT_IDENTIFIER 110 +# define X509V3_R_INVALID_OPTION 138 +# define X509V3_R_INVALID_POLICY_IDENTIFIER 134 +# define X509V3_R_INVALID_PROXY_POLICY_SETTING 153 +# define X509V3_R_INVALID_PURPOSE 146 +# define X509V3_R_INVALID_SAFI 164 +# define X509V3_R_INVALID_SECTION 135 +# define X509V3_R_INVALID_SYNTAX 143 +# define X509V3_R_ISSUER_DECODE_ERROR 126 +# define X509V3_R_MISSING_VALUE 124 +# define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS 142 +# define X509V3_R_NO_CONFIG_DATABASE 136 +# define X509V3_R_NO_ISSUER_CERTIFICATE 121 +# define X509V3_R_NO_ISSUER_DETAILS 127 +# define X509V3_R_NO_POLICY_IDENTIFIER 139 +# define X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED 154 +# define X509V3_R_NO_PUBLIC_KEY 114 +# define X509V3_R_NO_SUBJECT_DETAILS 125 +# define X509V3_R_OPERATION_NOT_DEFINED 148 +# define X509V3_R_OTHERNAME_ERROR 147 +# define X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED 155 +# define X509V3_R_POLICY_PATH_LENGTH 156 +# define X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED 157 +# define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 159 +# define X509V3_R_SECTION_NOT_FOUND 150 +# define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS 122 +# define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID 123 +# define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT 111 +# define X509V3_R_UNKNOWN_EXTENSION 129 +# define X509V3_R_UNKNOWN_EXTENSION_NAME 130 +# define X509V3_R_UNKNOWN_OPTION 120 +# define X509V3_R_UNSUPPORTED_OPTION 117 +# define X509V3_R_UNSUPPORTED_TYPE 167 +# define X509V3_R_USER_TOO_LONG 132 + +#endif diff --git a/linux_amd64/lib/engines-3/afalg.so b/linux_amd64/lib/engines-3/afalg.so new file mode 100755 index 0000000..17195f7 Binary files /dev/null and b/linux_amd64/lib/engines-3/afalg.so differ diff --git a/linux_amd64/lib/engines-3/capi.so b/linux_amd64/lib/engines-3/capi.so new file mode 100755 index 0000000..76ea8ba Binary files /dev/null and b/linux_amd64/lib/engines-3/capi.so differ diff --git a/linux_amd64/lib/engines-3/padlock.so b/linux_amd64/lib/engines-3/padlock.so new file mode 100755 index 0000000..4b8eae5 Binary files /dev/null and b/linux_amd64/lib/engines-3/padlock.so differ diff --git a/linux_amd64/lib/libcrypto.a b/linux_amd64/lib/libcrypto.a new file mode 100644 index 0000000..a0e6361 Binary files /dev/null and b/linux_amd64/lib/libcrypto.a differ diff --git a/linux_amd64/lib/libcrypto.so b/linux_amd64/lib/libcrypto.so new file mode 120000 index 0000000..e6d0d80 --- /dev/null +++ b/linux_amd64/lib/libcrypto.so @@ -0,0 +1 @@ +libcrypto.so.3 \ No newline at end of file diff --git a/linux_amd64/lib/libcrypto.so.3 b/linux_amd64/lib/libcrypto.so.3 new file mode 100755 index 0000000..4e95dfa Binary files /dev/null and b/linux_amd64/lib/libcrypto.so.3 differ diff --git a/linux_amd64/lib/libssl.a b/linux_amd64/lib/libssl.a new file mode 100644 index 0000000..30e0d7c Binary files /dev/null and b/linux_amd64/lib/libssl.a differ diff --git a/linux_amd64/lib/libssl.so b/linux_amd64/lib/libssl.so new file mode 120000 index 0000000..7481049 --- /dev/null +++ b/linux_amd64/lib/libssl.so @@ -0,0 +1 @@ +libssl.so.3 \ No newline at end of file diff --git a/linux_amd64/lib/libssl.so.3 b/linux_amd64/lib/libssl.so.3 new file mode 100755 index 0000000..e94432d Binary files /dev/null and b/linux_amd64/lib/libssl.so.3 differ diff --git a/linux_amd64/lib/pkgconfig/libcrypto.pc b/linux_amd64/lib/pkgconfig/libcrypto.pc new file mode 100644 index 0000000..2491fd7 --- /dev/null +++ b/linux_amd64/lib/pkgconfig/libcrypto.pc @@ -0,0 +1,12 @@ +prefix=/root/openssl/build/../out +exec_prefix=${prefix} +libdir=${exec_prefix}/lib +includedir=${prefix}/include +enginesdir=${libdir}/engines-3 + +Name: OpenSSL-libcrypto +Description: OpenSSL cryptography library +Version: 3.0.0-dev +Libs: -L${libdir} -lcrypto +Libs.private: -ldl -pthread +Cflags: -I${includedir} diff --git a/linux_amd64/lib/pkgconfig/libssl.pc b/linux_amd64/lib/pkgconfig/libssl.pc new file mode 100644 index 0000000..82fc75b --- /dev/null +++ b/linux_amd64/lib/pkgconfig/libssl.pc @@ -0,0 +1,11 @@ +prefix=/root/openssl/build/../out +exec_prefix=${prefix} +libdir=${exec_prefix}/lib +includedir=${prefix}/include + +Name: OpenSSL-libssl +Description: Secure Sockets Layer and cryptography libraries +Version: 3.0.0-dev +Requires.private: libcrypto +Libs: -L${libdir} -lssl +Cflags: -I${includedir} diff --git a/linux_amd64/lib/pkgconfig/openssl.pc b/linux_amd64/lib/pkgconfig/openssl.pc new file mode 100644 index 0000000..7fc760a --- /dev/null +++ b/linux_amd64/lib/pkgconfig/openssl.pc @@ -0,0 +1,9 @@ +prefix=/root/openssl/build/../out +exec_prefix=${prefix} +libdir=${exec_prefix}/lib +includedir=${prefix}/include + +Name: OpenSSL +Description: Secure Sockets Layer and cryptography libraries and tools +Version: 3.0.0-dev +Requires: libssl libcrypto diff --git a/linux_amd64/share/doc/openssl/html/man1/CA.pl.html b/linux_amd64/share/doc/openssl/html/man1/CA.pl.html new file mode 100755 index 0000000..a24d59c --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man1/CA.pl.html @@ -0,0 +1,257 @@ + + + + +CA.pl + + + + + + + + + + + +

+

+
+

NAME

+

CA.pl - friendlier interface for OpenSSL certificate programs

+

+

+
+

SYNOPSIS

+

CA.pl +-? | +-h | +-help

+

CA.pl +-newcert | +-newreq | +-newreq-nodes | +-xsign | +-sign | +-signCA | +-signcert | +-crl | +-newca +[-extra-cmd extra-params]

+

CA.pl -pkcs12 [-extra-pkcs12 extra-params] [certname]

+

CA.pl -verify [-extra-verify extra-params] certfile ...

+

CA.pl -revoke [-extra-ca extra-params] certfile [reason]

+

+

+
+

DESCRIPTION

+

The CA.pl script is a perl script that supplies the relevant command line +arguments to the openssl(1) command for some common certificate operations. +It is intended to simplify the process of certificate creation and management +by the use of some simple options.

+

+

+
+

OPTIONS

+
+
?, -h, -help
+ +
+

Prints a usage message.

+
+
-newcert
+ +
+

Creates a new self signed certificate. The private key is written to the file +newkey.pem and the request written to the file newreq.pem. +Invokes openssl-req(1).

+
+
-newreq
+ +
+

Creates a new certificate request. The private key is written to the file +newkey.pem and the request written to the file newreq.pem. +Executes openssl-req(1) under the hood.

+
+
-newreq-nodes
+ +
+

Is like -newreq except that the private key will not be encrypted. +Uses openssl-req(1).

+
+
-newca
+ +
+

Creates a new CA hierarchy for use with the ca program (or the -signcert +and -xsign options). The user is prompted to enter the filename of the CA +certificates (which should also contain the private key) or by hitting ENTER +details of the CA will be prompted for. The relevant files and directories +are created in a directory called demoCA in the current directory. +Uses openssl-req(1) and openssl-ca(1).

+
+
-pkcs12
+ +
+

Create a PKCS#12 file containing the user certificate, private key and CA +certificate. It expects the user certificate and private key to be in the +file newcert.pem and the CA certificate to be in the file demoCA/cacert.pem, +it creates a file newcert.p12. This command can thus be called after the +-sign option. The PKCS#12 file can be imported directly into a browser. +If there is an additional argument on the command line it will be used as the +"friendly name" for the certificate (which is typically displayed in the browser +list box), otherwise the name "My Certificate" is used. +Delegates work to openssl-pkcs12(1).

+
+
-sign, -signcert, -xsign
+ +
+

Calls the openssl-ca(1) command to sign a certificate request. It expects the +request to be in the file newreq.pem. The new certificate is written to the +file newcert.pem except in the case of the -xsign option when it is +written to standard output.

+
+
-signCA
+ +
+

This option is the same as the -signreq option except it uses the +configuration file section v3_ca and so makes the signed request a +valid CA certificate. This is useful when creating intermediate CA from +a root CA. Extra params are passed to openssl-ca(1).

+
+
-signcert
+ +
+

This option is the same as -sign except it expects a self signed certificate +to be present in the file newreq.pem. +Extra params are passed to openssl-x509(1) and openssl-ca(1).

+
+
-crl
+ +
+

Generate a CRL. Executes openssl-ca(1).

+
+
-revoke certfile [reason]
+ +
+

Revoke the certificate contained in the specified certfile. An optional +reason may be specified, and must be one of: unspecified, +keyCompromise, CACompromise, affiliationChanged, superseded, +cessationOfOperation, certificateHold, or removeFromCRL. +Leverages openssl-ca(1).

+
+
-verify
+ +
+

Verifies certificates against the CA certificate for demoCA. If no +certificates are specified on the command line it tries to verify the file +newcert.pem. Invokes openssl-verify(1).

+
+
-extra-req | -extra-ca | -extra-pkcs12 | -extra-x509 | -extra-verify extra-params
+ +
+

For each option extra-cmd, pass extra-params to the openssl(1) +sub-command with the same name as cmd, if that sub-command is invoked. +For example, if openssl-req(1) is invoked, the extra-params given with +-extra-req will be passed to it. +Users should consult openssl(1) command documentation for more information.

+
+
+

+

+
+

EXAMPLES

+

Create a CA hierarchy:

+
+ CA.pl -newca
+

Complete certificate creation example: create a CA, create a request, sign +the request and finally create a PKCS#12 file containing it.

+
+ CA.pl -newca
+ CA.pl -newreq
+ CA.pl -signreq
+ CA.pl -pkcs12 "My Test Certificate"
+

+

+
+

DSA CERTIFICATES

+

Although the CA.pl creates RSA CAs and requests it is still possible to +use it with DSA certificates and requests using the openssl-req(1) command +directly. The following example shows the steps that would typically be taken.

+

Create some DSA parameters:

+
+ openssl dsaparam -out dsap.pem 1024
+

Create a DSA CA certificate and private key:

+
+ openssl req -x509 -newkey dsa:dsap.pem -keyout cacert.pem -out cacert.pem
+

Create the CA directories and files:

+
+ CA.pl -newca
+

enter a filename (for example, cacert.pem) when prompted for the CA file +name.

+

Create a DSA certificate request and private key (a different set of parameters +can optionally be created first):

+
+ openssl req -out newreq.pem -newkey dsa:dsap.pem
+

Sign the request:

+
+ CA.pl -signreq
+

+

+
+

NOTES

+

Most of the filenames mentioned can be modified by editing the CA.pl script.

+

If the demoCA directory already exists then the -newca command will not +overwrite it and will do nothing. This can happen if a previous call using +the -newca option terminated abnormally. To get the correct behaviour +delete the demoCA directory if it already exists.

+

Under some environments it may not be possible to run the CA.pl script +directly (for example Win32) and the default configuration file location may +be wrong. In this case the command:

+
+ perl -S CA.pl
+

can be used and the OPENSSL_CONF environment variable changed to point to +the correct path of the configuration file.

+

The script is intended as a simple front end for the openssl(1) program for +use by a beginner. Its behaviour isn't always what is wanted. For more control +over the behaviour of the certificate commands call the openssl(1) command +directly.

+

+

+
+

SEE ALSO

+

openssl(1), +openssl-x509(1), +openssl-ca(1), +openssl-req(1), +openssl-pkcs12(1), +config(5)

+

+

+
+

COPYRIGHT

+

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

+

Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

+ + + + diff --git a/linux_amd64/share/doc/openssl/html/man1/openssl-asn1parse.html b/linux_amd64/share/doc/openssl/html/man1/openssl-asn1parse.html new file mode 100755 index 0000000..054657a --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man1/openssl-asn1parse.html @@ -0,0 +1,266 @@ + + + + +openssl-asn1parse + + + + + + + + +
+

+ + + +
+
+ + +

+

+
+

NAME

+

openssl-asn1parse - ASN.1 parsing tool

+

+

+
+

SYNOPSIS

+

openssl asn1parse +[-help] +[-inform DER|PEM] +[-in filename] +[-out filename] +[-noout] +[-offset number] +[-length number] +[-i] +[-oid filename] +[-dump] +[-dlimit num] +[-strparse offset] +[-genstr string] +[-genconf file] +[-strictpem] +[-item name]

+

+

+
+

DESCRIPTION

+

This command is a diagnostic utility that can parse ASN.1 structures. +It can also be used to extract data from ASN.1 formatted data.

+

+

+
+

OPTIONS

+
+
-help
+ +
+

Print out a usage message.

+
+
-inform DER|PEM
+ +
+

The input format; the default is PEM. +See openssl(1)/Format Options for details.

+
+
-in filename
+ +
+

The input file, default is standard input.

+
+
-out filename
+ +
+

Output file to place the DER encoded data into. If this +option is not present then no data will be output. This is most useful when +combined with the -strparse option.

+
+
-noout
+ +
+

Don't output the parsed version of the input file.

+
+
-offset number
+ +
+

Starting offset to begin parsing, default is start of file.

+
+
-length number
+ +
+

Number of bytes to parse, default is until end of file.

+
+
-i
+ +
+

Indents the output according to the "depth" of the structures.

+
+
-oid filename
+ +
+

A file containing additional OBJECT IDENTIFIERs (OIDs). The format of this +file is described in the NOTES section below.

+
+
-dump
+ +
+

Dump unknown data in hex format.

+
+
-dlimit num
+ +
+

Like -dump, but only the first num bytes are output.

+
+
-strparse offset
+ +
+

Parse the contents octets of the ASN.1 object starting at offset. This +option can be used multiple times to "drill down" into a nested structure.

+
+
-genstr string, -genconf file
+ +
+

Generate encoded data based on string, file or both using +ASN1_generate_nconf(3) format. If file only is +present then the string is obtained from the default section using the name +asn1. The encoded data is passed through the ASN1 parser and printed out as +though it came from a file, the contents can thus be examined and written to a +file using the -out option.

+
+
-strictpem
+ +
+

If this option is used then -inform will be ignored. Without this option any +data in a PEM format input file will be treated as being base64 encoded and +processed whether it has the normal PEM BEGIN and END markers or not. This +option will ignore any data prior to the start of the BEGIN marker, or after an +END marker in a PEM file.

+
+
-item name
+ +
+

Attempt to decode and print the data as an ASN1_ITEM name. This can be +used to print out the fields of any supported ASN.1 structure if the type is +known.

+
+
+

+

+

Output

+

The output will typically contain lines like this:

+
+  0:d=0  hl=4 l= 681 cons: SEQUENCE
+

.....

+
+  229:d=3  hl=3 l= 141 prim: BIT STRING
+  373:d=2  hl=3 l= 162 cons: cont [ 3 ]
+  376:d=3  hl=3 l= 159 cons: SEQUENCE
+  379:d=4  hl=2 l=  29 cons: SEQUENCE
+  381:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Subject Key Identifier
+  386:d=5  hl=2 l=  22 prim: OCTET STRING
+  410:d=4  hl=2 l= 112 cons: SEQUENCE
+  412:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key Identifier
+  417:d=5  hl=2 l= 105 prim: OCTET STRING
+  524:d=4  hl=2 l=  12 cons: SEQUENCE
+

.....

+

This example is part of a self-signed certificate. Each line starts with the +offset in decimal. d=XX specifies the current depth. The depth is increased +within the scope of any SET or SEQUENCE. hl=XX gives the header length +(tag and length octets) of the current type. l=XX gives the length of +the contents octets.

+

The -i option can be used to make the output more readable.

+

Some knowledge of the ASN.1 structure is needed to interpret the output.

+

In this example the BIT STRING at offset 229 is the certificate public key. +The contents octets of this will contain the public key information. This can +be examined using the option -strparse 229 to yield:

+
+    0:d=0  hl=3 l= 137 cons: SEQUENCE
+    3:d=1  hl=3 l= 129 prim: INTEGER           :E5D21E1F5C8D208EA7A2166C7FAF9F6BDF2059669C60876DDB70840F1A5AAFA59699FE471F379F1DD6A487E7D5409AB6A88D4A9746E24B91D8CF55DB3521015460C8EDE44EE8A4189F7A7BE77D6CD3A9AF2696F486855CF58BF0EDF2B4068058C7A947F52548DDF7E15E96B385F86422BEA9064A3EE9E1158A56E4A6F47E5897
+  135:d=1  hl=2 l=   3 prim: INTEGER           :010001
+

+

+
+

NOTES

+

If an OID is not part of OpenSSL's internal table it will be represented in +numerical form (for example 1.2.3.4). The file passed to the -oid option +allows additional OIDs to be included. Each line consists of three columns, +the first column is the OID in numerical format and should be followed by white +space. The second column is the "short name" which is a single word followed +by white space. The final column is the rest of the line and is the +"long name". Example:

+

1.2.3.4 shortName A long name

+

For any OID with an associated short and long name, this command will display +the long name.

+

+

+
+

EXAMPLES

+

Parse a file:

+
+ openssl asn1parse -in file.pem
+

Parse a DER file:

+
+ openssl asn1parse -inform DER -in file.der
+

Generate a simple UTF8String:

+
+ openssl asn1parse -genstr 'UTF8:Hello World'
+

Generate and write out a UTF8String, don't print parsed output:

+
+ openssl asn1parse -genstr 'UTF8:Hello World' -noout -out utf8.der
+

Generate using a config file:

+
+ openssl asn1parse -genconf asn1.cnf -noout -out asn1.der
+

Example config file:

+
+ asn1=SEQUENCE:seq_sect
+
+ [seq_sect]
+
+ field1=BOOL:TRUE
+ field2=EXP:0, UTF8:some random string
+

+

+
+

BUGS

+

There should be options to change the format of output lines. The output of some +ASN.1 types is not well handled (if at all).

+

+

+
+

SEE ALSO

+

openssl(1), +ASN1_generate_nconf(3)

+

+

+
+

COPYRIGHT

+

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+

Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

+ + + + diff --git a/linux_amd64/share/doc/openssl/html/man1/openssl-ca.html b/linux_amd64/share/doc/openssl/html/man1/openssl-ca.html new file mode 100755 index 0000000..58162e8 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man1/openssl-ca.html @@ -0,0 +1,882 @@ + + + + +openssl-ca + + + + + + + + + + + +

+

+
+

NAME

+

openssl-ca - sample minimal CA application

+

+

+
+

SYNOPSIS

+

openssl ca +[-help] +[-verbose] +[-config filename] +[-name section] +[-gencrl] +[-revoke file] +[-valid file] +[-status serial] +[-updatedb] +[-crl_reason reason] +[-crl_hold instruction] +[-crl_compromise time] +[-crl_CA_compromise time] +[-crldays days] +[-crlhours hours] +[-crlsec seconds] +[-crlexts section] +[-startdate date] +[-enddate date] +[-days arg] +[-md arg] +[-policy arg] +[-keyfile arg] +[-keyform DER|PEM] +[-key arg] +[-passin arg] +[-cert file] +[-selfsign] +[-in file] +[-out file] +[-notext] +[-outdir dir] +[-infiles] +[-spkac file] +[-ss_cert file] +[-preserveDN] +[-noemailDN] +[-batch] +[-msie_hack] +[-extensions section] +[-extfile section] +[-subj arg] +[-utf8] +[-sigopt nm:v] +[-create_serial] +[-rand_serial] +[-multivalue-rdn] +[-sm2-id string] +[-sm2-hex-id hex-string] +[-rand files] +[-writerand file] +[-engine id] +[certreq...]

+

+

+
+

DESCRIPTION

+

This command is a minimal CA application. It can be used +to sign certificate requests in a variety of forms and generate +CRLs. It also maintains a text database of issued certificates +and their status. +When signing certificates, a single certificate request can be specified +with the -in option, or multiple requests can be processed by +specifying a set of certreq files after all options.

+

The options descriptions will be divided into each purpose.

+

+

+
+

OPTIONS

+
+
-help
+ +
+

Print out a usage message.

+
+
-verbose
+ +
+

This prints extra details about the operations being performed.

+
+
-config filename
+ +
+

Specifies the configuration file to use. +Optional; for a description of the default value, +see openssl(1)/COMMAND SUMMARY.

+
+
-name section
+ +
+

Specifies the configuration file section to use (overrides +default_ca in the ca section).

+
+
-in filename
+ +
+

An input filename containing a single certificate request to be +signed by the CA.

+
+
-ss_cert filename
+ +
+

A single self-signed certificate to be signed by the CA.

+
+
-spkac filename
+ +
+

A file containing a single Netscape signed public key and challenge +and additional field values to be signed by the CA. See the SPKAC FORMAT +section for information on the required input and output format.

+
+
-infiles
+ +
+

If present this should be the last option, all subsequent arguments +are taken as the names of files containing certificate requests.

+
+
-out filename
+ +
+

The output file to output certificates to. The default is standard +output. The certificate details will also be printed out to this +file in PEM format (except that -spkac outputs DER format).

+
+
-outdir directory
+ +
+

The directory to output certificates to. The certificate will be +written to a filename consisting of the serial number in hex with +.pem appended.

+
+
-cert
+ +
+

The CA certificate file.

+
+
-keyfile filename
+ +
+

The private key to sign requests with.

+
+
-keyform DER|PEM
+ +
+

The format of the private key file; the default is PEM. +See openssl(1)/Format Options for details.

+
+
-sigopt nm:v
+ +
+

Pass options to the signature algorithm during sign or verify operations. +Names and values of these options are algorithm-specific.

+
+
-key password
+ +
+

The password used to encrypt the private key. Since on some +systems the command line arguments are visible (e.g. Unix with +the ps(1) utility) this option should be used with caution.

+
+
-selfsign
+ +
+

Indicates the issued certificates are to be signed with the key +the certificate requests were signed with (given with -keyfile). +Certificate requests signed with a different key are ignored. If +-spkac, -ss_cert or -gencrl are given, -selfsign is +ignored.

+

A consequence of using -selfsign is that the self-signed +certificate appears among the entries in the certificate database +(see the configuration option database), and uses the same +serial number counter as all other certificates sign with the +self-signed certificate.

+
+
-passin arg
+ +
+

The key password source. For more information about the format of arg +see openssl(1)/Pass Phrase Options.

+
+
-notext
+ +
+

Don't output the text form of a certificate to the output file.

+
+
-startdate date
+ +
+

This allows the start date to be explicitly set. The format of the +date is YYMMDDHHMMSSZ (the same as an ASN1 UTCTime structure), or +YYYYMMDDHHMMSSZ (the same as an ASN1 GeneralizedTime structure). In +both formats, seconds SS and timezone Z must be present.

+
+
-enddate date
+ +
+

This allows the expiry date to be explicitly set. The format of the +date is YYMMDDHHMMSSZ (the same as an ASN1 UTCTime structure), or +YYYYMMDDHHMMSSZ (the same as an ASN1 GeneralizedTime structure). In +both formats, seconds SS and timezone Z must be present.

+
+
-days arg
+ +
+

The number of days to certify the certificate for.

+
+
-md alg
+ +
+

The message digest to use. +Any digest supported by the openssl-dgst(1) command can be used. For signing +algorithms that do not support a digest (i.e. Ed25519 and Ed448) any message +digest that is set is ignored. This option also applies to CRLs.

+
+
-policy arg
+ +
+

This option defines the CA "policy" to use. This is a section in +the configuration file which decides which fields should be mandatory +or match the CA certificate. Check out the POLICY FORMAT section +for more information.

+
+
-msie_hack
+ +
+

This is a deprecated option to make this command work with very old versions +of the IE certificate enrollment control "certenr3". It used UniversalStrings +for almost everything. Since the old control has various security bugs +its use is strongly discouraged.

+
+
-preserveDN
+ +
+

Normally the DN order of a certificate is the same as the order of the +fields in the relevant policy section. When this option is set the order +is the same as the request. This is largely for compatibility with the +older IE enrollment control which would only accept certificates if their +DNs match the order of the request. This is not needed for Xenroll.

+
+
-noemailDN
+ +
+

The DN of a certificate can contain the EMAIL field if present in the +request DN, however it is good policy just having the e-mail set into +the altName extension of the certificate. When this option is set the +EMAIL field is removed from the certificate' subject and set only in +the, eventually present, extensions. The email_in_dn keyword can be +used in the configuration file to enable this behaviour.

+
+
-batch
+ +
+

This sets the batch mode. In this mode no questions will be asked +and all certificates will be certified automatically.

+
+
-extensions section
+ +
+

The section of the configuration file containing certificate extensions +to be added when a certificate is issued (defaults to x509_extensions +unless the -extfile option is used). If no extension section is +present then, a V1 certificate is created. If the extension section +is present (even if it is empty), then a V3 certificate is created. See the +x509v3_config(5) manual page for details of the +extension section format.

+
+
-extfile file
+ +
+

An additional configuration file to read certificate extensions from +(using the default section unless the -extensions option is also +used).

+
+
-subj arg
+ +
+

Supersedes subject name given in the request. +The arg must be formatted as /type0=value0/type1=value1/type2=.... +Keyword characters may be escaped by \ (backslash), and whitespace is +retained. +Empty values are permitted, but the corresponding type will not be included +in the resulting certificate.

+
+
-utf8
+ +
+

This option causes field values to be interpreted as UTF8 strings, by +default they are interpreted as ASCII. This means that the field +values, whether prompted from a terminal or obtained from a +configuration file, must be valid UTF8 strings.

+
+
-create_serial
+ +
+

If reading serial from the text file as specified in the configuration +fails, specifying this option creates a new random serial to be used as next +serial number. +To get random serial numbers, use the -rand_serial flag instead; this +should only be used for simple error-recovery.

+
+
-rand_serial
+ +
+

Generate a large random number to use as the serial number. +This overrides any option or configuration to use a serial number file.

+
+
-multivalue-rdn
+ +
+

This option causes the -subj argument to be interpreted with full +support for multivalued RDNs. Example:

+

/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe

+

If -multi-rdn is not used then the UID value is 123456+CN=John Doe.

+
+
-sm2-id string
+ +
+

Specify the ID string to use when verifying an SM2 certificate. The ID string is +required by the SM2 signature algorithm for signing and verification.

+
+
-sm2-hex-id hex-string
+ +
+

Specify a binary ID string to use when signing or verifying using an SM2 +certificate. The argument for this option is string of hexadecimal digits.

+
+
-rand files, -writerand file
+ +
+

See openssl(1)/Random State Options for details.

+
+
-engine id
+ +
+

See openssl(1)/Engine Options.

+
+
+

+

+
+

CRL OPTIONS

+
+
-gencrl
+ +
+

This option generates a CRL based on information in the index file.

+
+
-crldays num
+ +
+

The number of days before the next CRL is due. That is the days from +now to place in the CRL nextUpdate field.

+
+
-crlhours num
+ +
+

The number of hours before the next CRL is due.

+
+
-crlsec num
+ +
+

The number of seconds before the next CRL is due.

+
+
-revoke filename
+ +
+

A filename containing a certificate to revoke.

+
+
-valid filename
+ +
+

A filename containing a certificate to add a Valid certificate entry.

+
+
-status serial
+ +
+

Displays the revocation status of the certificate with the specified +serial number and exits.

+
+
-updatedb
+ +
+

Updates the database index to purge expired certificates.

+
+
-crl_reason reason
+ +
+

Revocation reason, where reason is one of: unspecified, keyCompromise, +CACompromise, affiliationChanged, superseded, cessationOfOperation, +certificateHold or removeFromCRL. The matching of reason is case +insensitive. Setting any revocation reason will make the CRL v2.

+

In practice removeFromCRL is not particularly useful because it is only used +in delta CRLs which are not currently implemented.

+
+
-crl_hold instruction
+ +
+

This sets the CRL revocation reason code to certificateHold and the hold +instruction to instruction which must be an OID. Although any OID can be +used only holdInstructionNone (the use of which is discouraged by RFC2459) +holdInstructionCallIssuer or holdInstructionReject will normally be used.

+
+
-crl_compromise time
+ +
+

This sets the revocation reason to keyCompromise and the compromise time to +time. time should be in GeneralizedTime format that is YYYYMMDDHHMMSSZ.

+
+
-crl_CA_compromise time
+ +
+

This is the same as crl_compromise except the revocation reason is set to +CACompromise.

+
+
-crlexts section
+ +
+

The section of the configuration file containing CRL extensions to +include. If no CRL extension section is present then a V1 CRL is +created, if the CRL extension section is present (even if it is +empty) then a V2 CRL is created. The CRL extensions specified are +CRL extensions and not CRL entry extensions. It should be noted +that some software (for example Netscape) can't handle V2 CRLs. See +x509v3_config(5) manual page for details of the +extension section format.

+
+
+

+

+
+

CONFIGURATION FILE OPTIONS

+

The section of the configuration file containing options for this command +is found as follows: If the -name command line option is used, +then it names the section to be used. Otherwise the section to +be used must be named in the default_ca option of the ca section +of the configuration file (or in the default section of the +configuration file). Besides default_ca, the following options are +read directly from the ca section: + RANDFILE + preserve + msie_hack +With the exception of RANDFILE, this is probably a bug and may +change in future releases.

+

Many of the configuration file options are identical to command line +options. Where the option is present in the configuration file +and the command line the command line value is used. Where an +option is described as mandatory then it must be present in +the configuration file or the command line equivalent (if +any) used.

+
+
oid_file
+ +
+

This specifies a file containing additional OBJECT IDENTIFIERS. +Each line of the file should consist of the numerical form of the +object identifier followed by white space then the short name followed +by white space and finally the long name.

+
+
oid_section
+ +
+

This specifies a section in the configuration file containing extra +object identifiers. Each line should consist of the short name of the +object identifier followed by = and the numerical form. The short +and long names are the same when this option is used.

+
+
new_certs_dir
+ +
+

The same as the -outdir command line option. It specifies +the directory where new certificates will be placed. Mandatory.

+
+
certificate
+ +
+

The same as -cert. It gives the file containing the CA +certificate. Mandatory.

+
+
private_key
+ +
+

Same as the -keyfile option. The file containing the +CA private key. Mandatory.

+
+
RANDFILE
+ +
+

At startup the specified file is loaded into the random number generator, +and at exit 256 bytes will be written to it. (Note: Using a RANDFILE is +not necessary anymore, see the HISTORY section.

+
+
default_days
+ +
+

The same as the -days option. The number of days to certify +a certificate for.

+
+
default_startdate
+ +
+

The same as the -startdate option. The start date to certify +a certificate for. If not set the current time is used.

+
+
default_enddate
+ +
+

The same as the -enddate option. Either this option or +default_days (or the command line equivalents) must be +present.

+
+
default_crl_hours default_crl_days
+ +
+

The same as the -crlhours and the -crldays options. These +will only be used if neither command line option is present. At +least one of these must be present to generate a CRL.

+
+
default_md
+ +
+

The same as the -md option. Mandatory except where the signing algorithm does +not require a digest (i.e. Ed25519 and Ed448).

+
+
database
+ +
+

The text database file to use. Mandatory. This file must be present +though initially it will be empty.

+
+
unique_subject
+ +
+

If the value yes is given, the valid certificate entries in the +database must have unique subjects. if the value no is given, +several valid certificate entries may have the exact same subject. +The default value is yes, to be compatible with older (pre 0.9.8) +versions of OpenSSL. However, to make CA certificate roll-over easier, +it's recommended to use the value no, especially if combined with +the -selfsign command line option.

+

Note that it is valid in some circumstances for certificates to be created +without any subject. In the case where there are multiple certificates without +subjects this does not count as a duplicate.

+
+
serial
+ +
+

A text file containing the next serial number to use in hex. Mandatory. +This file must be present and contain a valid serial number.

+
+
crlnumber
+ +
+

A text file containing the next CRL number to use in hex. The crl number +will be inserted in the CRLs only if this file exists. If this file is +present, it must contain a valid CRL number.

+
+
x509_extensions
+ +
+

The same as -extensions.

+
+
crl_extensions
+ +
+

The same as -crlexts.

+
+
preserve
+ +
+

The same as -preserveDN

+
+
email_in_dn
+ +
+

The same as -noemailDN. If you want the EMAIL field to be removed +from the DN of the certificate simply set this to 'no'. If not present +the default is to allow for the EMAIL filed in the certificate's DN.

+
+
msie_hack
+ +
+

The same as -msie_hack

+
+
policy
+ +
+

The same as -policy. Mandatory. See the POLICY FORMAT section +for more information.

+
+
name_opt, cert_opt
+ +
+

These options allow the format used to display the certificate details +when asking the user to confirm signing. All the options supported by +the x509 utilities -nameopt and -certopt switches can be used +here, except the no_signame and no_sigdump are permanently set +and cannot be disabled (this is because the certificate signature cannot +be displayed because the certificate has not been signed at this point).

+

For convenience the values ca_default are accepted by both to produce +a reasonable output.

+

If neither option is present the format used in earlier versions of +OpenSSL is used. Use of the old format is strongly discouraged because +it only displays fields mentioned in the policy section, mishandles +multicharacter string types and does not display extensions.

+
+
copy_extensions
+ +
+

Determines how extensions in certificate requests should be handled. +If set to none or this option is not present then extensions are +ignored and not copied to the certificate. If set to copy then any +extensions present in the request that are not already present are copied +to the certificate. If set to copyall then all extensions in the +request are copied to the certificate: if the extension is already present +in the certificate it is deleted first. See the WARNINGS section before +using this option.

+

The main use of this option is to allow a certificate request to supply +values for certain extensions such as subjectAltName.

+
+
+

+

+
+

POLICY FORMAT

+

The policy section consists of a set of variables corresponding to +certificate DN fields. If the value is "match" then the field value +must match the same field in the CA certificate. If the value is +"supplied" then it must be present. If the value is "optional" then +it may be present. Any fields not mentioned in the policy section +are silently deleted, unless the -preserveDN option is set but +this can be regarded more of a quirk than intended behaviour.

+

+

+
+

SPKAC FORMAT

+

The input to the -spkac command line option is a Netscape +signed public key and challenge. This will usually come from +the KEYGEN tag in an HTML form to create a new private key. +It is however possible to create SPKACs using openssl-spkac(1).

+

The file should contain the variable SPKAC set to the value of +the SPKAC and also the required DN components as name value pairs. +If you need to include the same component twice then it can be +preceded by a number and a '.'.

+

When processing SPKAC format, the output is DER if the -out +flag is used, but PEM format if sending to stdout or the -outdir +flag is used.

+

+

+
+

EXAMPLES

+

Note: these examples assume that the directory structure this command +assumes is already set up and the relevant files already exist. This +usually involves creating a CA certificate and private key with +openssl-req(1), a serial number file and an empty index file and +placing them in the relevant directories.

+

To use the sample configuration file below the directories demoCA, +demoCA/private and demoCA/newcerts would be created. The CA +certificate would be copied to demoCA/cacert.pem and its private +key to demoCA/private/cakey.pem. A file demoCA/serial would be +created containing for example "01" and the empty index file +demoCA/index.txt.

+

Sign a certificate request:

+
+ openssl ca -in req.pem -out newcert.pem
+

Sign an SM2 certificate request:

+
+ openssl ca -in sm2.csr -out sm2.crt -md sm3 -sigopt "sm2_id:1234567812345678" -sm2-id "1234567812345678"
+

Sign a certificate request, using CA extensions:

+
+ openssl ca -in req.pem -extensions v3_ca -out newcert.pem
+

Generate a CRL

+
+ openssl ca -gencrl -out crl.pem
+

Sign several requests:

+
+ openssl ca -infiles req1.pem req2.pem req3.pem
+

Certify a Netscape SPKAC:

+
+ openssl ca -spkac spkac.txt
+

A sample SPKAC file (the SPKAC line has been truncated for clarity):

+
+ SPKAC=MIG0MGAwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAn7PDhCeV/xIxUg8V70YRxK2A5
+ CN=Steve Test
+ emailAddress=steve@openssl.org
+ 0.OU=OpenSSL Group
+ 1.OU=Another Group
+

A sample configuration file with the relevant sections for this command:

+
+ [ ca ]
+ default_ca      = CA_default            # The default ca section
+
+ [ CA_default ]
+
+ dir            = ./demoCA              # top dir
+ database       = $dir/index.txt        # index file.
+ new_certs_dir  = $dir/newcerts         # new certs dir
+
+ certificate    = $dir/cacert.pem       # The CA cert
+ serial         = $dir/serial           # serial no file
+ #rand_serial    = yes                  # for random serial#'s
+ private_key    = $dir/private/cakey.pem# CA private key
+
+ default_days   = 365                   # how long to certify for
+ default_crl_days= 30                   # how long before next CRL
+ default_md     = md5                   # md to use
+
+ policy         = policy_any            # default policy
+ email_in_dn    = no                    # Don't add the email into cert DN
+
+ name_opt       = ca_default            # Subject name display option
+ cert_opt       = ca_default            # Certificate display option
+ copy_extensions = none                 # Don't copy extensions from request
+
+ [ policy_any ]
+ countryName            = supplied
+ stateOrProvinceName    = optional
+ organizationName       = optional
+ organizationalUnitName = optional
+ commonName             = supplied
+ emailAddress           = optional
+

+

+
+

FILES

+

Note: the location of all files can change either by compile time options, +configuration file entries, environment variables or command line options. +The values below reflect the default values.

+
+ /usr/local/ssl/lib/openssl.cnf - master configuration file
+ ./demoCA                       - main CA directory
+ ./demoCA/cacert.pem            - CA certificate
+ ./demoCA/private/cakey.pem     - CA private key
+ ./demoCA/serial                - CA serial number file
+ ./demoCA/serial.old            - CA serial number backup file
+ ./demoCA/index.txt             - CA text database file
+ ./demoCA/index.txt.old         - CA text database backup file
+ ./demoCA/certs                 - certificate output file
+

+

+
+

RESTRICTIONS

+

The text database index file is a critical part of the process and +if corrupted it can be difficult to fix. It is theoretically possible +to rebuild the index file from all the issued certificates and a current +CRL: however there is no option to do this.

+

V2 CRL features like delta CRLs are not currently supported.

+

Although several requests can be input and handled at once it is only +possible to include one SPKAC or self-signed certificate.

+

+

+
+

BUGS

+

The use of an in-memory text database can cause problems when large +numbers of certificates are present because, as the name implies +the database has to be kept in memory.

+

This command really needs rewriting or the required functionality +exposed at either a command or interface level so a more friendly utility +(perl script or GUI) can handle things properly. The script +CA.pl helps a little but not very much.

+

Any fields in a request that are not present in a policy are silently +deleted. This does not happen if the -preserveDN option is used. To +enforce the absence of the EMAIL field within the DN, as suggested by +RFCs, regardless the contents of the request' subject the -noemailDN +option can be used. The behaviour should be more friendly and +configurable.

+

Canceling some commands by refusing to certify a certificate can +create an empty file.

+

+

+
+

WARNINGS

+

This command is quirky and at times downright unfriendly.

+

This command was originally meant as an example of how to do +things in a CA. It was not supposed to be used as a full blown CA itself: +nevertheless some people are using it for this purpose.

+

This command command is effectively a single user command: no locking +is done on the various files and attempts to run more than one openssl ca +command on the same database can have unpredictable results.

+

The copy_extensions option should be used with caution. If care is +not taken then it can be a security risk. For example if a certificate +request contains a basicConstraints extension with CA:TRUE and the +copy_extensions value is set to copyall and the user does not spot +this when the certificate is displayed then this will hand the requester +a valid CA certificate.

+

This situation can be avoided by setting copy_extensions to copy +and including basicConstraints with CA:FALSE in the configuration file. +Then if the request contains a basicConstraints extension it will be +ignored.

+

It is advisable to also include values for other extensions such +as keyUsage to prevent a request supplying its own values.

+

Additional restrictions can be placed on the CA certificate itself. +For example if the CA certificate has:

+
+ basicConstraints = CA:TRUE, pathlen:0
+

then even if a certificate is issued with CA:TRUE it will not be valid.

+

+

+
+

HISTORY

+

Since OpenSSL 1.1.1, the program follows RFC5280. Specifically, +certificate validity period (specified by any of -startdate, +-enddate and -days) will be encoded as UTCTime if the dates are +earlier than year 2049 (included), and as GeneralizedTime if the dates +are in year 2050 or later.

+

OpenSSL 1.1.1 introduced a new random generator (CSPRNG) with an improved +seeding mechanism. The new seeding mechanism makes it unnecessary to +define a RANDFILE for saving and restoring randomness. This option is +retained mainly for compatibility reasons.

+

+

+
+

SEE ALSO

+

openssl(1), +openssl-req(1), +openssl-spkac(1), +openssl-x509(1), +CA.pl(1), +config(5), +x509v3_config(5)

+

+

+
+

COPYRIGHT

+

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

+

Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

+ + + + diff --git a/linux_amd64/share/doc/openssl/html/man1/openssl-ciphers.html b/linux_amd64/share/doc/openssl/html/man1/openssl-ciphers.html new file mode 100755 index 0000000..cda10a3 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man1/openssl-ciphers.html @@ -0,0 +1,882 @@ + + + + +openssl-ciphers + + + + + + + + +
+

+ + + +
+
+ + +

+

+
+

NAME

+

openssl-ciphers - SSL cipher display and cipher list tool

+

+

+
+

SYNOPSIS

+

openssl ciphers +[-help] +[-s] +[-v] +[-V] +[-ssl3] +[-tls1] +[-tls1_1] +[-tls1_2] +[-tls1_3] +[-s] +[-psk] +[-srp] +[-stdname] +[-convert name] +[-ciphersuites val] +[cipherlist]

+

+

+
+

DESCRIPTION

+

This command converts textual OpenSSL cipher lists into +ordered SSL cipher preference lists. It can be used as a test tool to +determine the appropriate cipherlist.

+

+

+
+

OPTIONS

+
+
-help
+ +
+

Print a usage message.

+
+
-s
+ +
+

Only list supported ciphers: those consistent with the security level, and +minimum and maximum protocol version. This is closer to the actual cipher list +an application will support.

+

PSK and SRP ciphers are not enabled by default: they require -psk or -srp +to enable them.

+

It also does not change the default list of supported signature algorithms.

+

On a server the list of supported ciphers might also exclude other ciphers +depending on the configured certificates and presence of DH parameters.

+

If this option is not used then all ciphers that match the cipherlist will be +listed.

+
+
-psk
+ +
+

When combined with -s includes cipher suites which require PSK.

+
+
-srp
+ +
+

When combined with -s includes cipher suites which require SRP.

+
+
-v
+ +
+

Verbose output: For each cipher suite, list details as provided by +SSL_CIPHER_description(3).

+
+
-V
+ +
+

Like -v, but include the official cipher suite values in hex.

+
+
-tls1_3, -tls1_2, -tls1_1, -tls1, -ssl3
+ +
+

In combination with the -s option, list the ciphers which could be used if +the specified protocol were negotiated. +Note that not all protocols and flags may be available, depending on how +OpenSSL was built.

+
+
-stdname
+ +
+

Precede each cipher suite by its standard name.

+
+
-convert name
+ +
+

Convert a standard cipher name to its OpenSSL name.

+
+
-ciphersuites val
+ +
+

Sets the list of TLSv1.3 ciphersuites. This list will be combined with any +TLSv1.2 and below ciphersuites that have been configured. The format for this +list is a simple colon (":") separated list of TLSv1.3 ciphersuite names. By +default this value is:

+
+ TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
+
+
cipherlist
+ +
+

A cipher list of TLSv1.2 and below ciphersuites to convert to a cipher +preference list. This list will be combined with any TLSv1.3 ciphersuites that +have been configured. If it is not included then the default cipher list will be +used. The format is described below.

+
+
+

+

+
+

CIPHER LIST FORMAT

+

The cipher list consists of one or more cipher strings separated by colons. +Commas or spaces are also acceptable separators but colons are normally used.

+

The actual cipher string can take several different forms.

+

It can consist of a single cipher suite such as RC4-SHA.

+

It can represent a list of cipher suites containing a certain algorithm, or +cipher suites of a certain type. For example SHA1 represents all ciphers +suites using the digest algorithm SHA1 and SSLv3 represents all SSL v3 +algorithms.

+

Lists of cipher suites can be combined in a single cipher string using the ++ character. This is used as a logical and operation. For example +SHA1+DES represents all cipher suites containing the SHA1 and the DES +algorithms.

+

Each cipher string can be optionally preceded by the characters !, +- or +.

+

If ! is used then the ciphers are permanently deleted from the list. +The ciphers deleted can never reappear in the list even if they are +explicitly stated.

+

If - is used then the ciphers are deleted from the list, but some or +all of the ciphers can be added again by later options.

+

If + is used then the ciphers are moved to the end of the list. This +option doesn't add any new ciphers it just moves matching existing ones.

+

If none of these characters is present then the string is just interpreted +as a list of ciphers to be appended to the current preference list. If the +list includes any ciphers already present they will be ignored: that is they +will not moved to the end of the list.

+

The cipher string @STRENGTH can be used at any point to sort the current +cipher list in order of encryption algorithm key length.

+

The cipher string @SECLEVEL=n can be used at any point to set the security +level to n, which should be a number between zero and five, inclusive. +See SSL_CTX_set_security_level(3) for a description of what each level means.

+

The cipher list can be prefixed with the DEFAULT keyword, which enables +the default cipher list as defined below. Unlike cipher strings, +this prefix may not be combined with other strings using + character. +For example, DEFAULT+DES is not valid.

+

The content of the default list is determined at compile time and normally +corresponds to ALL:!COMPLEMENTOFDEFAULT:!eNULL.

+

+

+
+

CIPHER STRINGS

+

The following is a list of all permitted cipher strings and their meanings.

+
+
COMPLEMENTOFDEFAULT
+ +
+

The ciphers included in ALL, but not enabled by default. Currently +this includes all RC4 and anonymous ciphers. Note that this rule does +not cover eNULL, which is not included by ALL (use COMPLEMENTOFALL if +necessary). Note that RC4 based cipher suites are not built into OpenSSL by +default (see the enable-weak-ssl-ciphers option to Configure).

+
+
ALL
+ +
+

All cipher suites except the eNULL ciphers (which must be explicitly enabled +if needed). +As of OpenSSL 1.0.0, the ALL cipher suites are sensibly ordered by default.

+
+
COMPLEMENTOFALL
+ +
+

The cipher suites not enabled by ALL, currently eNULL.

+
+
HIGH
+ +
+

"High" encryption cipher suites. This currently means those with key lengths +larger than 128 bits, and some cipher suites with 128-bit keys.

+
+
MEDIUM
+ +
+

"Medium" encryption cipher suites, currently some of those using 128 bit +encryption.

+
+
LOW
+ +
+

"Low" encryption cipher suites, currently those using 64 or 56 bit +encryption algorithms but excluding export cipher suites. All these +cipher suites have been removed as of OpenSSL 1.1.0.

+
+
eNULL, NULL
+ +
+

The "NULL" ciphers that is those offering no encryption. Because these offer no +encryption at all and are a security risk they are not enabled via either the +DEFAULT or ALL cipher strings. +Be careful when building cipherlists out of lower-level primitives such as +kRSA or aECDSA as these do overlap with the eNULL ciphers. When in +doubt, include !eNULL in your cipherlist.

+
+
aNULL
+ +
+

The cipher suites offering no authentication. This is currently the anonymous +DH algorithms and anonymous ECDH algorithms. These cipher suites are vulnerable +to "man in the middle" attacks and so their use is discouraged. +These are excluded from the DEFAULT ciphers, but included in the ALL +ciphers. +Be careful when building cipherlists out of lower-level primitives such as +kDHE or AES as these do overlap with the aNULL ciphers. +When in doubt, include !aNULL in your cipherlist.

+
+
kRSA, aRSA, RSA
+ +
+

Cipher suites using RSA key exchange or authentication. RSA is an alias for +kRSA.

+
+
kDHr, kDHd, kDH
+ +
+

Cipher suites using static DH key agreement and DH certificates signed by CAs +with RSA and DSS keys or either respectively. +All these cipher suites have been removed in OpenSSL 1.1.0.

+
+
kDHE, kEDH, DH
+ +
+

Cipher suites using ephemeral DH key agreement, including anonymous cipher +suites.

+
+
DHE, EDH
+ +
+

Cipher suites using authenticated ephemeral DH key agreement.

+
+
ADH
+ +
+

Anonymous DH cipher suites, note that this does not include anonymous Elliptic +Curve DH (ECDH) cipher suites.

+
+
kEECDH, kECDHE, ECDH
+ +
+

Cipher suites using ephemeral ECDH key agreement, including anonymous +cipher suites.

+
+
ECDHE, EECDH
+ +
+

Cipher suites using authenticated ephemeral ECDH key agreement.

+
+
AECDH
+ +
+

Anonymous Elliptic Curve Diffie-Hellman cipher suites.

+
+
aDSS, DSS
+ +
+

Cipher suites using DSS authentication, i.e. the certificates carry DSS keys.

+
+
aDH
+ +
+

Cipher suites effectively using DH authentication, i.e. the certificates carry +DH keys. +All these cipher suites have been removed in OpenSSL 1.1.0.

+
+
aECDSA, ECDSA
+ +
+

Cipher suites using ECDSA authentication, i.e. the certificates carry ECDSA +keys.

+
+
TLSv1.2, TLSv1.0, SSLv3
+ +
+

Lists cipher suites which are only supported in at least TLS v1.2, TLS v1.0 or +SSL v3.0 respectively. +Note: there are no cipher suites specific to TLS v1.1. +Since this is only the minimum version, if, for example, TLSv1.0 is negotiated +then both TLSv1.0 and SSLv3.0 cipher suites are available.

+

Note: these cipher strings do not change the negotiated version of SSL or +TLS, they only affect the list of available cipher suites.

+
+
AES128, AES256, AES
+ +
+

cipher suites using 128 bit AES, 256 bit AES or either 128 or 256 bit AES.

+
+
AESGCM
+ +
+

AES in Galois Counter Mode (GCM): these cipher suites are only supported +in TLS v1.2.

+
+
AESCCM, AESCCM8
+ +
+

AES in Cipher Block Chaining - Message Authentication Mode (CCM): these +cipher suites are only supported in TLS v1.2. AESCCM references CCM +cipher suites using both 16 and 8 octet Integrity Check Value (ICV) +while AESCCM8 only references 8 octet ICV.

+
+
ARIA128, ARIA256, ARIA
+ +
+

Cipher suites using 128 bit ARIA, 256 bit ARIA or either 128 or 256 bit +ARIA.

+
+
CAMELLIA128, CAMELLIA256, CAMELLIA
+ +
+

Cipher suites using 128 bit CAMELLIA, 256 bit CAMELLIA or either 128 or 256 bit +CAMELLIA.

+
+
CHACHA20
+ +
+

Cipher suites using ChaCha20.

+ +
  • 3DES + +

    Cipher suites using triple DES.

    +
    • +
    DES
    + +
    +

    Cipher suites using DES (not triple DES). +All these cipher suites have been removed in OpenSSL 1.1.0.

    +
    +
    RC4
    + +
    +

    Cipher suites using RC4.

    +
    +
    RC2
    + +
    +

    Cipher suites using RC2.

    +
    +
    IDEA
    + +
    +

    Cipher suites using IDEA.

    +
    +
    SEED
    + +
    +

    Cipher suites using SEED.

    +
    +
    MD5
    + +
    +

    Cipher suites using MD5.

    +
    +
    SHA1, SHA
    + +
    +

    Cipher suites using SHA1.

    +
    +
    SHA256, SHA384
    + +
    +

    Cipher suites using SHA256 or SHA384.

    +
    +
    aGOST
    + +
    +

    Cipher suites using GOST R 34.10 (either 2001 or 94) for authentication +(needs an engine supporting GOST algorithms).

    +
    +
    aGOST01
    + +
    +

    Cipher suites using GOST R 34.10-2001 authentication.

    +
    +
    kGOST
    + +
    +

    Cipher suites, using VKO 34.10 key exchange, specified in the RFC 4357.

    +
    +
    GOST94
    + +
    +

    Cipher suites, using HMAC based on GOST R 34.11-94.

    +
    +
    GOST89MAC
    + +
    +

    Cipher suites using GOST 28147-89 MAC instead of HMAC.

    +
    +
    PSK
    + +
    +

    All cipher suites using pre-shared keys (PSK).

    +
    +
    kPSK, kECDHEPSK, kDHEPSK, kRSAPSK
    + +
    +

    Cipher suites using PSK key exchange, ECDHE_PSK, DHE_PSK or RSA_PSK.

    +
    +
    aPSK
    + +
    +

    Cipher suites using PSK authentication (currently all PSK modes apart from +RSA_PSK).

    +
    +
    SUITEB128, SUITEB128ONLY, SUITEB192
    + +
    +

    Enables suite B mode of operation using 128 (permitting 192 bit mode by peer) +128 bit (not permitting 192 bit by peer) or 192 bit level of security +respectively. +If used these cipherstrings should appear first in the cipher +list and anything after them is ignored. +Setting Suite B mode has additional consequences required to comply with +RFC6460. +In particular the supported signature algorithms is reduced to support only +ECDSA and SHA256 or SHA384, only the elliptic curves P-256 and P-384 can be +used and only the two suite B compliant cipher suites +(ECDHE-ECDSA-AES128-GCM-SHA256 and ECDHE-ECDSA-AES256-GCM-SHA384) are +permissible.

    +
    +
    +

    +

    +
    +

    CIPHER SUITE NAMES

    +

    The following lists give the SSL or TLS cipher suites names from the +relevant specification and their OpenSSL equivalents. It should be noted, +that several cipher suite names do not include the authentication used, +e.g. DES-CBC3-SHA. In these cases, RSA authentication is used.

    +

    +

    +

    SSL v3.0 cipher suites

    +
    + SSL_RSA_WITH_NULL_MD5                   NULL-MD5
+ SSL_RSA_WITH_NULL_SHA                   NULL-SHA
+ SSL_RSA_WITH_RC4_128_MD5                RC4-MD5
+ SSL_RSA_WITH_RC4_128_SHA                RC4-SHA
+ SSL_RSA_WITH_IDEA_CBC_SHA               IDEA-CBC-SHA
+ SSL_RSA_WITH_3DES_EDE_CBC_SHA           DES-CBC3-SHA
    +
    + SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA        DH-DSS-DES-CBC3-SHA
+ SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA        DH-RSA-DES-CBC3-SHA
+ SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA       DHE-DSS-DES-CBC3-SHA
+ SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA       DHE-RSA-DES-CBC3-SHA
    +
    + SSL_DH_anon_WITH_RC4_128_MD5            ADH-RC4-MD5
+ SSL_DH_anon_WITH_3DES_EDE_CBC_SHA       ADH-DES-CBC3-SHA
    +
    + SSL_FORTEZZA_KEA_WITH_NULL_SHA          Not implemented.
+ SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA  Not implemented.
+ SSL_FORTEZZA_KEA_WITH_RC4_128_SHA       Not implemented.
    +

    +

    +

    TLS v1.0 cipher suites

    +
    + TLS_RSA_WITH_NULL_MD5                   NULL-MD5
+ TLS_RSA_WITH_NULL_SHA                   NULL-SHA
+ TLS_RSA_WITH_RC4_128_MD5                RC4-MD5
+ TLS_RSA_WITH_RC4_128_SHA                RC4-SHA
+ TLS_RSA_WITH_IDEA_CBC_SHA               IDEA-CBC-SHA
+ TLS_RSA_WITH_3DES_EDE_CBC_SHA           DES-CBC3-SHA
    +
    + TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA        Not implemented.
+ TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA        Not implemented.
+ TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA       DHE-DSS-DES-CBC3-SHA
+ TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA       DHE-RSA-DES-CBC3-SHA
    +
    + TLS_DH_anon_WITH_RC4_128_MD5            ADH-RC4-MD5
+ TLS_DH_anon_WITH_3DES_EDE_CBC_SHA       ADH-DES-CBC3-SHA
    +

    +

    +

    AES cipher suites from RFC3268, extending TLS v1.0

    +
    + TLS_RSA_WITH_AES_128_CBC_SHA            AES128-SHA
+ TLS_RSA_WITH_AES_256_CBC_SHA            AES256-SHA
    +
    + TLS_DH_DSS_WITH_AES_128_CBC_SHA         DH-DSS-AES128-SHA
+ TLS_DH_DSS_WITH_AES_256_CBC_SHA         DH-DSS-AES256-SHA
+ TLS_DH_RSA_WITH_AES_128_CBC_SHA         DH-RSA-AES128-SHA
+ TLS_DH_RSA_WITH_AES_256_CBC_SHA         DH-RSA-AES256-SHA
    +
    + TLS_DHE_DSS_WITH_AES_128_CBC_SHA        DHE-DSS-AES128-SHA
+ TLS_DHE_DSS_WITH_AES_256_CBC_SHA        DHE-DSS-AES256-SHA
+ TLS_DHE_RSA_WITH_AES_128_CBC_SHA        DHE-RSA-AES128-SHA
+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA        DHE-RSA-AES256-SHA
    +
    + TLS_DH_anon_WITH_AES_128_CBC_SHA        ADH-AES128-SHA
+ TLS_DH_anon_WITH_AES_256_CBC_SHA        ADH-AES256-SHA
    +

    +

    +

    Camellia cipher suites from RFC4132, extending TLS v1.0

    +
    + TLS_RSA_WITH_CAMELLIA_128_CBC_SHA      CAMELLIA128-SHA
+ TLS_RSA_WITH_CAMELLIA_256_CBC_SHA      CAMELLIA256-SHA
    +
    + TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA   DH-DSS-CAMELLIA128-SHA
+ TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA   DH-DSS-CAMELLIA256-SHA
+ TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA   DH-RSA-CAMELLIA128-SHA
+ TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA   DH-RSA-CAMELLIA256-SHA
    +
    + TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA  DHE-DSS-CAMELLIA128-SHA
+ TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA  DHE-DSS-CAMELLIA256-SHA
+ TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA  DHE-RSA-CAMELLIA128-SHA
+ TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA  DHE-RSA-CAMELLIA256-SHA
    +
    + TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA  ADH-CAMELLIA128-SHA
+ TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA  ADH-CAMELLIA256-SHA
    +

    +

    +

    SEED cipher suites from RFC4162, extending TLS v1.0

    +
    + TLS_RSA_WITH_SEED_CBC_SHA              SEED-SHA
    +
    + TLS_DH_DSS_WITH_SEED_CBC_SHA           DH-DSS-SEED-SHA
+ TLS_DH_RSA_WITH_SEED_CBC_SHA           DH-RSA-SEED-SHA
    +
    + TLS_DHE_DSS_WITH_SEED_CBC_SHA          DHE-DSS-SEED-SHA
+ TLS_DHE_RSA_WITH_SEED_CBC_SHA          DHE-RSA-SEED-SHA
    +
    + TLS_DH_anon_WITH_SEED_CBC_SHA          ADH-SEED-SHA
    +

    +

    +

    GOST cipher suites from draft-chudov-cryptopro-cptls, extending TLS v1.0

    +

    Note: these ciphers require an engine which including GOST cryptographic +algorithms, such as the gost engine, which isn't part of the OpenSSL +distribution.

    +
    + TLS_GOSTR341094_WITH_28147_CNT_IMIT GOST94-GOST89-GOST89
+ TLS_GOSTR341001_WITH_28147_CNT_IMIT GOST2001-GOST89-GOST89
+ TLS_GOSTR341094_WITH_NULL_GOSTR3411 GOST94-NULL-GOST94
+ TLS_GOSTR341001_WITH_NULL_GOSTR3411 GOST2001-NULL-GOST94
    +

    +

    +

    Additional Export 1024 and other cipher suites

    +

    Note: these ciphers can also be used in SSL v3.

    +
    + TLS_DHE_DSS_WITH_RC4_128_SHA            DHE-DSS-RC4-SHA
    +

    +

    +

    Elliptic curve cipher suites

    +
    + TLS_ECDHE_RSA_WITH_NULL_SHA             ECDHE-RSA-NULL-SHA
+ TLS_ECDHE_RSA_WITH_RC4_128_SHA          ECDHE-RSA-RC4-SHA
+ TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA     ECDHE-RSA-DES-CBC3-SHA
+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA      ECDHE-RSA-AES128-SHA
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA      ECDHE-RSA-AES256-SHA
    +
    + TLS_ECDHE_ECDSA_WITH_NULL_SHA           ECDHE-ECDSA-NULL-SHA
+ TLS_ECDHE_ECDSA_WITH_RC4_128_SHA        ECDHE-ECDSA-RC4-SHA
+ TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA   ECDHE-ECDSA-DES-CBC3-SHA
+ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA    ECDHE-ECDSA-AES128-SHA
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA    ECDHE-ECDSA-AES256-SHA
    +
    + TLS_ECDH_anon_WITH_NULL_SHA             AECDH-NULL-SHA
+ TLS_ECDH_anon_WITH_RC4_128_SHA          AECDH-RC4-SHA
+ TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA     AECDH-DES-CBC3-SHA
+ TLS_ECDH_anon_WITH_AES_128_CBC_SHA      AECDH-AES128-SHA
+ TLS_ECDH_anon_WITH_AES_256_CBC_SHA      AECDH-AES256-SHA
    +

    +

    +

    TLS v1.2 cipher suites

    +
    + TLS_RSA_WITH_NULL_SHA256                  NULL-SHA256
    +
    + TLS_RSA_WITH_AES_128_CBC_SHA256           AES128-SHA256
+ TLS_RSA_WITH_AES_256_CBC_SHA256           AES256-SHA256
+ TLS_RSA_WITH_AES_128_GCM_SHA256           AES128-GCM-SHA256
+ TLS_RSA_WITH_AES_256_GCM_SHA384           AES256-GCM-SHA384
    +
    + TLS_DH_RSA_WITH_AES_128_CBC_SHA256        DH-RSA-AES128-SHA256
+ TLS_DH_RSA_WITH_AES_256_CBC_SHA256        DH-RSA-AES256-SHA256
+ TLS_DH_RSA_WITH_AES_128_GCM_SHA256        DH-RSA-AES128-GCM-SHA256
+ TLS_DH_RSA_WITH_AES_256_GCM_SHA384        DH-RSA-AES256-GCM-SHA384
    +
    + TLS_DH_DSS_WITH_AES_128_CBC_SHA256        DH-DSS-AES128-SHA256
+ TLS_DH_DSS_WITH_AES_256_CBC_SHA256        DH-DSS-AES256-SHA256
+ TLS_DH_DSS_WITH_AES_128_GCM_SHA256        DH-DSS-AES128-GCM-SHA256
+ TLS_DH_DSS_WITH_AES_256_GCM_SHA384        DH-DSS-AES256-GCM-SHA384
    +
    + TLS_DHE_RSA_WITH_AES_128_CBC_SHA256       DHE-RSA-AES128-SHA256
+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA256       DHE-RSA-AES256-SHA256
+ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256       DHE-RSA-AES128-GCM-SHA256
+ TLS_DHE_RSA_WITH_AES_256_GCM_SHA384       DHE-RSA-AES256-GCM-SHA384
    +
    + TLS_DHE_DSS_WITH_AES_128_CBC_SHA256       DHE-DSS-AES128-SHA256
+ TLS_DHE_DSS_WITH_AES_256_CBC_SHA256       DHE-DSS-AES256-SHA256
+ TLS_DHE_DSS_WITH_AES_128_GCM_SHA256       DHE-DSS-AES128-GCM-SHA256
+ TLS_DHE_DSS_WITH_AES_256_GCM_SHA384       DHE-DSS-AES256-GCM-SHA384
    +
    + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256     ECDHE-RSA-AES128-SHA256
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384     ECDHE-RSA-AES256-SHA384
+ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256     ECDHE-RSA-AES128-GCM-SHA256
+ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384     ECDHE-RSA-AES256-GCM-SHA384
    +
    + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256   ECDHE-ECDSA-AES128-SHA256
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384   ECDHE-ECDSA-AES256-SHA384
+ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256   ECDHE-ECDSA-AES128-GCM-SHA256
+ TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDHE-ECDSA-AES256-GCM-SHA384
    +
    + TLS_DH_anon_WITH_AES_128_CBC_SHA256       ADH-AES128-SHA256
+ TLS_DH_anon_WITH_AES_256_CBC_SHA256       ADH-AES256-SHA256
+ TLS_DH_anon_WITH_AES_128_GCM_SHA256       ADH-AES128-GCM-SHA256
+ TLS_DH_anon_WITH_AES_256_GCM_SHA384       ADH-AES256-GCM-SHA384
    +
    + RSA_WITH_AES_128_CCM                      AES128-CCM
+ RSA_WITH_AES_256_CCM                      AES256-CCM
+ DHE_RSA_WITH_AES_128_CCM                  DHE-RSA-AES128-CCM
+ DHE_RSA_WITH_AES_256_CCM                  DHE-RSA-AES256-CCM
+ RSA_WITH_AES_128_CCM_8                    AES128-CCM8
+ RSA_WITH_AES_256_CCM_8                    AES256-CCM8
+ DHE_RSA_WITH_AES_128_CCM_8                DHE-RSA-AES128-CCM8
+ DHE_RSA_WITH_AES_256_CCM_8                DHE-RSA-AES256-CCM8
+ ECDHE_ECDSA_WITH_AES_128_CCM              ECDHE-ECDSA-AES128-CCM
+ ECDHE_ECDSA_WITH_AES_256_CCM              ECDHE-ECDSA-AES256-CCM
+ ECDHE_ECDSA_WITH_AES_128_CCM_8            ECDHE-ECDSA-AES128-CCM8
+ ECDHE_ECDSA_WITH_AES_256_CCM_8            ECDHE-ECDSA-AES256-CCM8
    +

    +

    +

    ARIA cipher suites from RFC6209, extending TLS v1.2

    +

    Note: the CBC modes mentioned in this RFC are not supported.

    +
    + TLS_RSA_WITH_ARIA_128_GCM_SHA256          ARIA128-GCM-SHA256
+ TLS_RSA_WITH_ARIA_256_GCM_SHA384          ARIA256-GCM-SHA384
+ TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256      DHE-RSA-ARIA128-GCM-SHA256
+ TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384      DHE-RSA-ARIA256-GCM-SHA384
+ TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256      DHE-DSS-ARIA128-GCM-SHA256
+ TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384      DHE-DSS-ARIA256-GCM-SHA384
+ TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256  ECDHE-ECDSA-ARIA128-GCM-SHA256
+ TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384  ECDHE-ECDSA-ARIA256-GCM-SHA384
+ TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256    ECDHE-ARIA128-GCM-SHA256
+ TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384    ECDHE-ARIA256-GCM-SHA384
+ TLS_PSK_WITH_ARIA_128_GCM_SHA256          PSK-ARIA128-GCM-SHA256
+ TLS_PSK_WITH_ARIA_256_GCM_SHA384          PSK-ARIA256-GCM-SHA384
+ TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256      DHE-PSK-ARIA128-GCM-SHA256
+ TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384      DHE-PSK-ARIA256-GCM-SHA384
+ TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256      RSA-PSK-ARIA128-GCM-SHA256
+ TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384      RSA-PSK-ARIA256-GCM-SHA384
    +

    +

    +

    Camellia HMAC-Based cipher suites from RFC6367, extending TLS v1.2

    +
    + TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-ECDSA-CAMELLIA128-SHA256
+ TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-ECDSA-CAMELLIA256-SHA384
+ TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256   ECDHE-RSA-CAMELLIA128-SHA256
+ TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384   ECDHE-RSA-CAMELLIA256-SHA384
    +

    +

    +

    Pre-shared keying (PSK) cipher suites

    +
    + PSK_WITH_NULL_SHA                         PSK-NULL-SHA
+ DHE_PSK_WITH_NULL_SHA                     DHE-PSK-NULL-SHA
+ RSA_PSK_WITH_NULL_SHA                     RSA-PSK-NULL-SHA
    +
    + PSK_WITH_RC4_128_SHA                      PSK-RC4-SHA
+ PSK_WITH_3DES_EDE_CBC_SHA                 PSK-3DES-EDE-CBC-SHA
+ PSK_WITH_AES_128_CBC_SHA                  PSK-AES128-CBC-SHA
+ PSK_WITH_AES_256_CBC_SHA                  PSK-AES256-CBC-SHA
    +
    + DHE_PSK_WITH_RC4_128_SHA                  DHE-PSK-RC4-SHA
+ DHE_PSK_WITH_3DES_EDE_CBC_SHA             DHE-PSK-3DES-EDE-CBC-SHA
+ DHE_PSK_WITH_AES_128_CBC_SHA              DHE-PSK-AES128-CBC-SHA
+ DHE_PSK_WITH_AES_256_CBC_SHA              DHE-PSK-AES256-CBC-SHA
    +
    + RSA_PSK_WITH_RC4_128_SHA                  RSA-PSK-RC4-SHA
+ RSA_PSK_WITH_3DES_EDE_CBC_SHA             RSA-PSK-3DES-EDE-CBC-SHA
+ RSA_PSK_WITH_AES_128_CBC_SHA              RSA-PSK-AES128-CBC-SHA
+ RSA_PSK_WITH_AES_256_CBC_SHA              RSA-PSK-AES256-CBC-SHA
    +
    + PSK_WITH_AES_128_GCM_SHA256               PSK-AES128-GCM-SHA256
+ PSK_WITH_AES_256_GCM_SHA384               PSK-AES256-GCM-SHA384
+ DHE_PSK_WITH_AES_128_GCM_SHA256           DHE-PSK-AES128-GCM-SHA256
+ DHE_PSK_WITH_AES_256_GCM_SHA384           DHE-PSK-AES256-GCM-SHA384
+ RSA_PSK_WITH_AES_128_GCM_SHA256           RSA-PSK-AES128-GCM-SHA256
+ RSA_PSK_WITH_AES_256_GCM_SHA384           RSA-PSK-AES256-GCM-SHA384
    +
    + PSK_WITH_AES_128_CBC_SHA256               PSK-AES128-CBC-SHA256
+ PSK_WITH_AES_256_CBC_SHA384               PSK-AES256-CBC-SHA384
+ PSK_WITH_NULL_SHA256                      PSK-NULL-SHA256
+ PSK_WITH_NULL_SHA384                      PSK-NULL-SHA384
+ DHE_PSK_WITH_AES_128_CBC_SHA256           DHE-PSK-AES128-CBC-SHA256
+ DHE_PSK_WITH_AES_256_CBC_SHA384           DHE-PSK-AES256-CBC-SHA384
+ DHE_PSK_WITH_NULL_SHA256                  DHE-PSK-NULL-SHA256
+ DHE_PSK_WITH_NULL_SHA384                  DHE-PSK-NULL-SHA384
+ RSA_PSK_WITH_AES_128_CBC_SHA256           RSA-PSK-AES128-CBC-SHA256
+ RSA_PSK_WITH_AES_256_CBC_SHA384           RSA-PSK-AES256-CBC-SHA384
+ RSA_PSK_WITH_NULL_SHA256                  RSA-PSK-NULL-SHA256
+ RSA_PSK_WITH_NULL_SHA384                  RSA-PSK-NULL-SHA384
+ PSK_WITH_AES_128_GCM_SHA256               PSK-AES128-GCM-SHA256
+ PSK_WITH_AES_256_GCM_SHA384               PSK-AES256-GCM-SHA384
    +
    + ECDHE_PSK_WITH_RC4_128_SHA                ECDHE-PSK-RC4-SHA
+ ECDHE_PSK_WITH_3DES_EDE_CBC_SHA           ECDHE-PSK-3DES-EDE-CBC-SHA
+ ECDHE_PSK_WITH_AES_128_CBC_SHA            ECDHE-PSK-AES128-CBC-SHA
+ ECDHE_PSK_WITH_AES_256_CBC_SHA            ECDHE-PSK-AES256-CBC-SHA
+ ECDHE_PSK_WITH_AES_128_CBC_SHA256         ECDHE-PSK-AES128-CBC-SHA256
+ ECDHE_PSK_WITH_AES_256_CBC_SHA384         ECDHE-PSK-AES256-CBC-SHA384
+ ECDHE_PSK_WITH_NULL_SHA                   ECDHE-PSK-NULL-SHA
+ ECDHE_PSK_WITH_NULL_SHA256                ECDHE-PSK-NULL-SHA256
+ ECDHE_PSK_WITH_NULL_SHA384                ECDHE-PSK-NULL-SHA384
    +
    + PSK_WITH_CAMELLIA_128_CBC_SHA256          PSK-CAMELLIA128-SHA256
+ PSK_WITH_CAMELLIA_256_CBC_SHA384          PSK-CAMELLIA256-SHA384
    +
    + DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256      DHE-PSK-CAMELLIA128-SHA256
+ DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384      DHE-PSK-CAMELLIA256-SHA384
    +
    + RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256      RSA-PSK-CAMELLIA128-SHA256
+ RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384      RSA-PSK-CAMELLIA256-SHA384
    +
    + ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256    ECDHE-PSK-CAMELLIA128-SHA256
+ ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384    ECDHE-PSK-CAMELLIA256-SHA384
    +
    + PSK_WITH_AES_128_CCM                      PSK-AES128-CCM
+ PSK_WITH_AES_256_CCM                      PSK-AES256-CCM
+ DHE_PSK_WITH_AES_128_CCM                  DHE-PSK-AES128-CCM
+ DHE_PSK_WITH_AES_256_CCM                  DHE-PSK-AES256-CCM
+ PSK_WITH_AES_128_CCM_8                    PSK-AES128-CCM8
+ PSK_WITH_AES_256_CCM_8                    PSK-AES256-CCM8
+ DHE_PSK_WITH_AES_128_CCM_8                DHE-PSK-AES128-CCM8
+ DHE_PSK_WITH_AES_256_CCM_8                DHE-PSK-AES256-CCM8
    +

    +

    +

    ChaCha20-Poly1305 cipher suites, extending TLS v1.2

    +
    + TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256      ECDHE-RSA-CHACHA20-POLY1305
+ TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256    ECDHE-ECDSA-CHACHA20-POLY1305
+ TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256        DHE-RSA-CHACHA20-POLY1305
+ TLS_PSK_WITH_CHACHA20_POLY1305_SHA256            PSK-CHACHA20-POLY1305
+ TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256      ECDHE-PSK-CHACHA20-POLY1305
+ TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256        DHE-PSK-CHACHA20-POLY1305
+ TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256        RSA-PSK-CHACHA20-POLY1305
    +

    +

    +

    TLS v1.3 cipher suites

    +
    + TLS_AES_128_GCM_SHA256                     TLS_AES_128_GCM_SHA256
+ TLS_AES_256_GCM_SHA384                     TLS_AES_256_GCM_SHA384
+ TLS_CHACHA20_POLY1305_SHA256               TLS_CHACHA20_POLY1305_SHA256
+ TLS_AES_128_CCM_SHA256                     TLS_AES_128_CCM_SHA256
+ TLS_AES_128_CCM_8_SHA256                   TLS_AES_128_CCM_8_SHA256
    +

    +

    +

    Older names used by OpenSSL

    +

    The following names are accepted by older releases:

    +
    + SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA    EDH-RSA-DES-CBC3-SHA (DHE-RSA-DES-CBC3-SHA)
+ SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA    EDH-DSS-DES-CBC3-SHA (DHE-DSS-DES-CBC3-SHA)
    +

    +

    +
    +

    NOTES

    +

    Some compiled versions of OpenSSL may not include all the ciphers +listed here because some ciphers were excluded at compile time.

    +

    +

    +
    +

    EXAMPLES

    +

    Verbose listing of all OpenSSL ciphers including NULL ciphers:

    +
    + openssl ciphers -v 'ALL:eNULL'
    +

    Include all ciphers except NULL and anonymous DH then sort by +strength:

    +
    + openssl ciphers -v 'ALL:!ADH:@STRENGTH'
    +

    Include all ciphers except ones with no encryption (eNULL) or no +authentication (aNULL):

    +
    + openssl ciphers -v 'ALL:!aNULL'
    +

    Include only 3DES ciphers and then place RSA ciphers last:

    +
    + openssl ciphers -v '3DES:+RSA'
    +

    Include all RC4 ciphers but leave out those without authentication:

    +
    + openssl ciphers -v 'RC4:!COMPLEMENTOFDEFAULT'
    +

    Include all ciphers with RSA authentication but leave out ciphers without +encryption.

    +
    + openssl ciphers -v 'RSA:!COMPLEMENTOFALL'
    +

    Set security level to 2 and display all ciphers consistent with level 2:

    +
    + openssl ciphers -s -v 'ALL:@SECLEVEL=2'
    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +openssl-s_client(1), +openssl-s_server(1), +ssl(7)

    +

    +

    +
    +

    HISTORY

    +

    The -V option was added in OpenSSL 1.0.0.

    +

    The -stdname is only available if OpenSSL is built with tracing enabled +(enable-ssl-trace argument to Configure) before OpenSSL 1.1.1.

    +

    The -convert option was added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man1/openssl-cmds.html b/linux_amd64/share/doc/openssl/html/man1/openssl-cmds.html new file mode 100755 index 0000000..a725019 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man1/openssl-cmds.html @@ -0,0 +1,187 @@ + + + + +openssl-cmds + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    asn1parse, +ca, +ciphers, +cms, +crl, +crl2pkcs7, +dgst, +dhparam, +dsa, +dsaparam, +ec, +ecparam, +enc, +engine, +errstr, +gendsa, +genpkey, +genrsa, +info, +kdf, +mac, +nseq, +ocsp, +passwd, +pkcs12, +pkcs7, +pkcs8, +pkey, +pkeyparam, +pkeyutl, +prime, +rand, +rehash, +req, +rsa, +rsautl, +s_client, +s_server, +s_time, +sess_id, +smime, +speed, +spkac, +srp, +storeutl, +ts, +verify, +version, +x509 +- OpenSSL application commands

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl cmd -help | [-option | -option arg] ... [arg] ...

    +

    +

    +
    +

    DESCRIPTION

    +

    Every cmd listed above is a (sub-)command of the openssl(1) application. +It has its own detailed manual page at openssl-cmd(1). For example, to +view the manual page for the openssl dgst command, type man openssl-dgst.

    +

    +

    +
    +

    OPTIONS

    +

    Among others, every subcommand has a help option.

    +
    +
    -help
    + +
    +

    Print out a usage message for the subcommand.

    +
    +
    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +openssl-asn1parse(1), +openssl-ca(1), +openssl-ciphers(1), +openssl-cms(1), +openssl-crl(1), +openssl-crl2pkcs7(1), +openssl-dgst(1), +openssl-dhparam(1), +openssl-dsa(1), +openssl-dsaparam(1), +openssl-ec(1), +openssl-ecparam(1), +openssl-enc(1), +openssl-engine(1), +openssl-errstr(1), +openssl-gendsa(1), +openssl-genpkey(1), +openssl-genrsa(1), +openssl-info(1), +openssl-kdf(1), +openssl-mac(1), +openssl-nseq(1), +openssl-ocsp(1), +openssl-passwd(1), +openssl-pkcs12(1), +openssl-pkcs7(1), +openssl-pkcs8(1), +openssl-pkey(1), +openssl-pkeyparam(1), +openssl-pkeyutl(1), +openssl-prime(1), +openssl-rand(1), +openssl-rehash(1), +openssl-req(1), +openssl-rsa(1), +openssl-rsautl(1), +openssl-s_client(1), +openssl-s_server(1), +openssl-s_time(1), +openssl-sess_id(1), +openssl-smime(1), +openssl-speed(1), +openssl-spkac(1), +openssl-srp(1), +openssl-storeutl(1), +openssl-ts(1), +openssl-verify(1), +openssl-version(1), +openssl-x509(1),

    +

    +

    +
    +

    HISTORY

    +

    Initially, the manual page entry for the openssl cmd command used +to be available at cmd(1). Later, the alias openssl-cmd(1) was +introduced, which made it easier to group the openssl commands using +the apropos(1) command or the shell's tab completion.

    +

    In order to reduce cluttering of the global manual page namespace, +the manual page entries without the 'openssl-' prefix have been +deprecated in OpenSSL 3.0 and will be removed in OpenSSL 4.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man1/openssl-cms.html b/linux_amd64/share/doc/openssl/html/man1/openssl-cms.html new file mode 100755 index 0000000..a400fe7 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man1/openssl-cms.html @@ -0,0 +1,867 @@ + + + + +openssl-cms + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    openssl-cms - CMS utility

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl cms +[-help] +[-encrypt] +[-decrypt] +[-debug_decrypt] +[-sign] +[-verify] +[-verify_retcode] +[-no_attr_verify] +[-nosigs] +[-no_content_verify] +[-cmsout] +[-resign] +[-cades] +[-data_create] +[-data_out] +[-digest_create] +[-digest_verify] +[-compress] +[-uncompress] +[-EncryptedData_decrypt] +[-EncryptedData_encrypt] +[-sign_receipt] +[-verify_receipt receipt] +[-in filename] +[-out filename] +[-inform DER|PEM|SMIME] +[-outform DER|PEM|SMIME] +[-rctform DER|PEM|SMIME] +[-keyform DER|PEM|ENGINE] +[-stream] +[-indef] +[-noindef] +[-content filename] +[-text] +[-noout] +[-print] +[-md digest] +[-cipher] +[-nointern] +[-noverify] +[-nocerts] +[-noattr] +[-nosmimecap] +[-binary] +[-crlfeol] +[-asciicrlf] +[-nodetach] +[-certfile file] +[-certsout file] +[-signer file] +[-recip file] +[-keyid] +[-receipt_request_all] +[-receipt_request_first] +[-receipt_request_from emailaddress] +[-receipt_request_to emailaddress] +[-receipt_request_print] +[-pwri_password password] +[-secretkey key] +[-secretkeyid id] +[-econtent_type type] +[-inkey file] +[-keyopt name:parameter] +[-passin arg] +[-to addr] +[-from addr] +[-subject subj] +[-allow_proxy_certs] +[-attime timestamp] +[-no_check_time] +[-check_ss_sig] +[-crl_check] +[-crl_check_all] +[-explicit_policy] +[-extended_crl] +[-ignore_critical] +[-inhibit_any] +[-inhibit_map] +[-partial_chain] +[-policy arg] +[-policy_check] +[-policy_print] +[-purpose purpose] +[-suiteB_128] +[-suiteB_128_only] +[-suiteB_192] +[-trusted_first] +[-no_alt_chains] +[-use_deltas] +[-auth_level num] +[-verify_depth num] +[-verify_email email] +[-verify_hostname hostname] +[-verify_ip ip] +[-verify_name name] +[-x509_strict] +[-issuer_checks]

    +

    [-CAfile file] +[-no-CAfile] +[-CApath dir] +[-no-CApath] +[-CAstore uri] +[-no-CAstore] +[-rand files] +[-writerand file] +[-engine id] +[cert.pem ...]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command handles S/MIME v3.1 mail. It can encrypt, decrypt, +sign and verify, compress and uncompress S/MIME messages.

    +

    +

    +
    +

    OPTIONS

    +

    There are fourteen operation options that set the type of operation to be +performed. The meaning of the other options varies according to the operation +type.

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -encrypt
    + +
    +

    Encrypt mail for the given recipient certificates. Input file is the message +to be encrypted. The output file is the encrypted mail in MIME format. The +actual CMS type is <B>EnvelopedData<B>.

    +

    Note that no revocation check is done for the recipient cert, so if that +key has been compromised, others may be able to decrypt the text.

    +
    +
    -decrypt
    + +
    +

    Decrypt mail using the supplied certificate and private key. Expects an +encrypted mail message in MIME format for the input file. The decrypted mail +is written to the output file.

    +
    +
    -debug_decrypt
    + +
    +

    This option sets the CMS_DEBUG_DECRYPT flag. This option should be used +with caution: see the notes section below.

    +
    +
    -sign
    + +
    +

    Sign mail using the supplied certificate and private key. Input file is +the message to be signed. The signed message in MIME format is written +to the output file.

    +
    +
    -verify
    + +
    +

    Verify signed mail. Expects a signed mail message on input and outputs +the signed data. Both clear text and opaque signing is supported.

    +
    +
    -verify_retcode
    + +
    +

    Exit nonzero on verification failure.

    +
    +
    -no_attr_verify
    + +
    +

    Do not verify signed attribute signatures.

    +
    +
    -no_content_verify
    + +
    +

    Do not verify signed content signatures.

    +
    +
    -nosigs
    + +
    +

    Don't verify message signature.

    +
    +
    -cmsout
    + +
    +

    Takes an input message and writes out a PEM encoded CMS structure.

    +
    +
    -resign
    + +
    +

    Resign a message: take an existing message and one or more new signers.

    +
    +
    -cades
    + +
    +

    Add an ESS signing-certificate or ESS signing-certificate-v2 signed-attribute to the SignerInfo, in order to make +the signature comply with the requirements for a CAdES Basic Electronic Signature (CAdES-BES). See the NOTES +section for more details.

    +
    +
    -data_create
    + +
    +

    Create a CMS Data type.

    +
    +
    -data_out
    + +
    +

    Data type and output the content.

    +
    +
    -digest_create
    + +
    +

    Create a CMS DigestedData type.

    +
    +
    -digest_verify
    + +
    +

    Verify a CMS DigestedData type and output the content.

    +
    +
    -compress
    + +
    +

    Create a CMS CompressedData type. OpenSSL must be compiled with zlib +support for this option to work, otherwise it will output an error.

    +
    +
    -uncompress
    + +
    +

    Uncompress a CMS CompressedData type and output the content. OpenSSL must be +compiled with zlib support for this option to work, otherwise it will +output an error.

    +
    +
    -EncryptedData_decrypt
    + +
    +

    Decrypt content using supplied symmetric key and algorithm using a CMS +EncryptedData type and output the content.

    +
    +
    -EncryptedData_encrypt
    + +
    +

    Encrypt content using supplied symmetric key and algorithm using a CMS +EncryptedData type and output the content.

    +
    +
    -sign_receipt
    + +
    +

    Generate and output a signed receipt for the supplied message. The input +message must contain a signed receipt request. Functionality is otherwise +similar to the -sign operation.

    +
    +
    -verify_receipt receipt
    + +
    +

    Verify a signed receipt in filename receipt. The input message must +contain the original receipt request. Functionality is otherwise similar +to the -verify operation.

    +
    +
    -in filename
    + +
    +

    The input message to be encrypted or signed or the message to be decrypted +or verified.

    +
    +
    -out filename
    + +
    +

    The message text that has been decrypted or verified or the output MIME +format message that has been signed or verified.

    +
    +
    -inform DER|PEM|SMIME
    + +
    +

    The input format of the CMS structure (if one is being read); +the default is SMIME. +See openssl(1)/Format Options for details.

    +
    +
    -outform DER|PEM|SMIME
    + +
    +

    The output format of the CMS structure (if one is being written); +the default is SMIME. +See openssl(1)/Format Options for details.

    +
    +
    -keyform DER|PEM|ENGINE
    + +
    +

    The format of the private key file; the default is PEM. +See openssl(1)/Format Options for details.

    +
    +
    -rctform DER|PEM|SMIME
    + +
    +

    The signed receipt format for use with the -receipt_verify; the default +is SMIME. +See openssl(1)/Format Options for details.

    +
    +
    -stream, -indef
    + +
    +

    The -stream and -indef options are equivalent and enable streaming I/O +for encoding operations. This permits single pass processing of data without +the need to hold the entire contents in memory, potentially supporting very +large files. Streaming is automatically set for S/MIME signing with detached +data if the output format is SMIME it is currently off by default for all +other operations.

    +
    +
    -noindef
    + +
    +

    Disable streaming I/O where it would produce and indefinite length constructed +encoding. This option currently has no effect. In future streaming will be +enabled by default on all relevant operations and this option will disable it.

    +
    +
    -content filename
    + +
    +

    This specifies a file containing the detached content, this is only +useful with the -verify command. This is only usable if the CMS +structure is using the detached signature form where the content is +not included. This option will override any content if the input format +is S/MIME and it uses the multipart/signed MIME content type.

    +
    +
    -text
    + +
    +

    This option adds plain text (text/plain) MIME headers to the supplied +message if encrypting or signing. If decrypting or verifying it strips +off text headers: if the decrypted or verified message is not of MIME +type text/plain then an error occurs.

    +
    +
    -noout
    + +
    +

    For the -cmsout operation do not output the parsed CMS structure. This +is useful when combined with the -print option or if the syntax of the CMS +structure is being checked.

    +
    +
    -print
    + +
    +

    For the -cmsout operation print out all fields of the CMS structure. This +is mainly useful for testing purposes.

    +
    +
    -md digest
    + +
    +

    Digest algorithm to use when signing or resigning. If not present then the +default digest algorithm for the signing key will be used (usually SHA1).

    +
    +
    -cipher
    + +
    +

    The encryption algorithm to use. For example triple DES (168 bits) - -des3 +or 256 bit AES - -aes256. Any standard algorithm name (as used by the +EVP_get_cipherbyname() function) can also be used preceded by a dash, for +example -aes-128-cbc. See openssl-enc(1) for a list of ciphers +supported by your version of OpenSSL.

    +

    If not specified triple DES is used. Only used with -encrypt and +-EncryptedData_create commands.

    +
    +
    -nointern
    + +
    +

    When verifying a message normally certificates (if any) included in +the message are searched for the signing certificate. With this option +only the certificates specified in the -certfile option are used. +The supplied certificates can still be used as untrusted CAs however.

    +
    +
    -noverify
    + +
    +

    Do not verify the signers certificate of a signed message.

    +
    +
    -nocerts
    + +
    +

    When signing a message the signer's certificate is normally included +with this option it is excluded. This will reduce the size of the +signed message but the verifier must have a copy of the signers certificate +available locally (passed using the -certfile option for example).

    +
    +
    -noattr
    + +
    +

    Normally when a message is signed a set of attributes are included which +include the signing time and supported symmetric algorithms. With this +option they are not included.

    +
    +
    -nosmimecap
    + +
    +

    Exclude the list of supported algorithms from signed attributes, other options +such as signing time and content type are still included.

    +
    +
    -binary
    + +
    +

    Normally the input message is converted to "canonical" format which is +effectively using CR and LF as end of line: as required by the S/MIME +specification. When this option is present no translation occurs. This +is useful when handling binary data which may not be in MIME format.

    +
    +
    -crlfeol
    + +
    +

    Normally the output file uses a single LF as end of line. When this +option is present CRLF is used instead.

    +
    +
    -asciicrlf
    + +
    +

    When signing use ASCII CRLF format canonicalisation. This strips trailing +whitespace from all lines, deletes trailing blank lines at EOF and sets +the encapsulated content type. This option is normally used with detached +content and an output signature format of DER. This option is not normally +needed when verifying as it is enabled automatically if the encapsulated +content format is detected.

    +
    +
    -nodetach
    + +
    +

    When signing a message use opaque signing: this form is more resistant +to translation by mail relays but it cannot be read by mail agents that +do not support S/MIME. Without this option cleartext signing with +the MIME type multipart/signed is used.

    +
    +
    -certfile file
    + +
    +

    Allows additional certificates to be specified. When signing these will +be included with the message. When verifying these will be searched for +the signers certificates. The certificates should be in PEM format.

    +
    +
    -certsout file
    + +
    +

    Any certificates contained in the message are written to file.

    +
    +
    -signer file
    + +
    +

    A signing certificate when signing or resigning a message, this option can be +used multiple times if more than one signer is required. If a message is being +verified then the signers certificates will be written to this file if the +verification was successful.

    +
    +
    -recip file
    + +
    +

    When decrypting a message this specifies the recipients certificate. The +certificate must match one of the recipients of the message or an error +occurs.

    +

    When encrypting a message this option may be used multiple times to specify +each recipient. This form must be used if customised parameters are +required (for example to specify RSA-OAEP).

    +

    Only certificates carrying RSA, Diffie-Hellman or EC keys are supported by this +option.

    +
    +
    -keyid
    + +
    +

    Use subject key identifier to identify certificates instead of issuer name and +serial number. The supplied certificate must include a subject key +identifier extension. Supported by -sign and -encrypt options.

    +
    +
    -receipt_request_all, -receipt_request_first
    + +
    +

    For -sign option include a signed receipt request. Indicate requests should +be provided by all recipient or first tier recipients (those mailed directly +and not from a mailing list). Ignored it -receipt_request_from is included.

    +
    +
    -receipt_request_from emailaddress
    + +
    +

    For -sign option include a signed receipt request. Add an explicit email +address where receipts should be supplied.

    +
    +
    -receipt_request_to emailaddress
    + +
    +

    Add an explicit email address where signed receipts should be sent to. This +option must but supplied if a signed receipt it requested.

    +
    +
    -receipt_request_print
    + +
    +

    For the -verify operation print out the contents of any signed receipt +requests.

    +
    +
    -pwri_password password
    + +
    +

    Specify password for recipient.

    +
    +
    -secretkey key
    + +
    +

    Specify symmetric key to use. The key must be supplied in hex format and be +consistent with the algorithm used. Supported by the -EncryptedData_encrypt +-EncryptedData_decrypt, -encrypt and -decrypt options. When used +with -encrypt or -decrypt the supplied key is used to wrap or unwrap the +content encryption key using an AES key in the KEKRecipientInfo type.

    +
    +
    -secretkeyid id
    + +
    +

    The key identifier for the supplied symmetric key for KEKRecipientInfo type. +This option must be present if the -secretkey option is used with +-encrypt. With -decrypt operations the id is used to locate the +relevant key if it is not supplied then an attempt is used to decrypt any +KEKRecipientInfo structures.

    +
    +
    -econtent_type type
    + +
    +

    Set the encapsulated content type to type if not supplied the Data type +is used. The type argument can be any valid OID name in either text or +numerical format.

    +
    +
    -inkey file
    + +
    +

    The private key to use when signing or decrypting. This must match the +corresponding certificate. If this option is not specified then the +private key must be included in the certificate file specified with +the -recip or -signer file. When signing this option can be used +multiple times to specify successive keys.

    +
    +
    -keyopt name:parameter
    + +
    +

    For signing and encryption this option can be used multiple times to +set customised parameters for the preceding key or certificate. It can +currently be used to set RSA-PSS for signing, RSA-OAEP for encryption +or to modify default parameters for ECDH.

    +
    +
    -passin arg
    + +
    +

    The private key password source. For more information about the format of arg +see openssl(1)/Pass Phrase Options.

    +
    +
    -to, -from, -subject
    + +
    +

    The relevant mail headers. These are included outside the signed +portion of a message so they may be included manually. If signing +then many S/MIME mail clients check the signers certificate's email +address matches that specified in the From: address.

    +
    +
    -allow_proxy_certs, -attime, -no_check_time, +-check_ss_sig, -crl_check, -crl_check_all, +-explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, +-inhibit_map, -no_alt_chains, -partial_chain, -policy, +-policy_check, -policy_print, -purpose, -suiteB_128, +-suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, +-auth_level, -verify_depth, -verify_email, -verify_hostname, +-verify_ip, -verify_name, -x509_strict -issuer_checks
    + +
    +

    Set various options of certificate chain verification. +See openssl(1)/Verification Options for details.

    +

    Any verification errors cause the command to exit.

    +
    +
    -CAfile file, -no-CAfile, -CApath dir, -no-CApath, +-CAstore uri, -no-CAstore
    + +
    +

    See openssl(1)/Trusted Certificate Options for details.

    +
    +
    -rand files, -writerand file
    + +
    +

    See openssl(1)/Random State Options for details.

    +
    +
    -engine id
    + +
    +

    See openssl(1)/Engine Options.

    +
    +
    cert.pem ...
    + +
    +

    One or more certificates of message recipients: used when encrypting +a message.

    +
    +
    +

    +

    +
    +

    NOTES

    +

    The MIME message must be sent without any blank lines between the +headers and the output. Some mail programs will automatically add +a blank line. Piping the mail directly to sendmail is one way to +achieve the correct format.

    +

    The supplied message to be signed or encrypted must include the +necessary MIME headers or many S/MIME clients won't display it +properly (if at all). You can use the -text option to automatically +add plain text headers.

    +

    A "signed and encrypted" message is one where a signed message is +then encrypted. This can be produced by encrypting an already signed +message: see the examples section.

    +

    This version of the program only allows one signer per message but it +will verify multiple signers on received messages. Some S/MIME clients +choke if a message contains multiple signers. It is possible to sign +messages "in parallel" by signing an already signed message.

    +

    The options -encrypt and -decrypt reflect common usage in S/MIME +clients. Strictly speaking these process CMS enveloped data: CMS +encrypted data is used for other purposes.

    +

    The -resign option uses an existing message digest when adding a new +signer. This means that attributes must be present in at least one existing +signer using the same message digest or this operation will fail.

    +

    The -stream and -indef options enable streaming I/O support. +As a result the encoding is BER using indefinite length constructed encoding +and no longer DER. Streaming is supported for the -encrypt operation and the +-sign operation if the content is not detached.

    +

    Streaming is always used for the -sign operation with detached data but +since the content is no longer part of the CMS structure the encoding +remains DER.

    +

    If the -decrypt option is used without a recipient certificate then an +attempt is made to locate the recipient by trying each potential recipient +in turn using the supplied private key. To thwart the MMA attack +(Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) all recipients are +tried whether they succeed or not and if no recipients match the message +is "decrypted" using a random key which will typically output garbage. +The -debug_decrypt option can be used to disable the MMA attack protection +and return an error if no recipient can be found: this option should be used +with caution. For a fuller description see CMS_decrypt(3)).

    +

    +

    +
    +

    CADES BASIC ELECTRONIC SIGNATURE (CADES-BES)

    +

    A CAdES Basic Electronic Signature (CAdES-BES), as defined in the European Standard ETSI EN 319 122-1 V1.1.1, contains:

    +
      +
    • +

      The signed user data as defined in CMS (RFC 3852);

      +
      • +
    • +

      Content-type of the EncapsulatedContentInfo value being signed;

      +
      • +
    • +

      Message-digest of the eContent OCTET STRING within encapContentInfo being signed;

      +
      • +
    • +

      An ESS signing-certificate or ESS signing-certificate-v2 attribute, as defined in Enhanced Security Services (ESS), RFC 2634 and RFC 5035. +An ESS signing-certificate attribute only allows for the use of SHA-1 as a digest algorithm. +An ESS signing-certificate-v2 attribute allows for the use of any digest algorithm.

      +
      • +
    • +

      The digital signature value computed on the user data and, when present, on the signed attributes.

      +

      Note that currently the -cades option applies only to the -sign operation and is ignored during +the -verify operation, i.e. the signing certification is not checked during the verification process. +This feature might be added in a future version.

      +
      • +
    +

    +

    +
    +

    EXIT CODES

    +
      +
    1. +

      The operation was completely successfully.

      +
      2. +
    2. +

      An error occurred parsing the command options.

      +
      3. +
    3. +

      One of the input files could not be read.

      +
      4. +
    4. +

      An error occurred creating the CMS file or when reading the MIME +message.

      +
      5. +
    5. +

      An error occurred decrypting or verifying the message.

      +
      6. +
    6. +

      The message was verified correctly but an error occurred writing out +the signers certificates.

      +
      7. +
    +

    +

    +
    +

    COMPATIBILITY WITH PKCS#7 FORMAT

    +

    openssl-smime(1) can only process the older PKCS#7 format. +openssl cms supports Cryptographic Message Syntax format. +Use of some features will result in messages which cannot be processed by +applications which only support the older format. These are detailed below.

    +

    The use of the -keyid option with -sign or -encrypt.

    +

    The -outform PEM option uses different headers.

    +

    The -compress option.

    +

    The -secretkey option when used with -encrypt.

    +

    The use of PSS with -sign.

    +

    The use of OAEP or non-RSA keys with -encrypt.

    +

    Additionally the -EncryptedData_create and -data_create type cannot +be processed by the older openssl-smime(1) command.

    +

    +

    +
    +

    EXAMPLES

    +

    Create a cleartext signed message:

    +
    + openssl cms -sign -in message.txt -text -out mail.msg \
+        -signer mycert.pem
    +

    Create an opaque signed message

    +
    + openssl cms -sign -in message.txt -text -out mail.msg -nodetach \
+        -signer mycert.pem
    +

    Create a signed message, include some additional certificates and +read the private key from another file:

    +
    + openssl cms -sign -in in.txt -text -out mail.msg \
+        -signer mycert.pem -inkey mykey.pem -certfile mycerts.pem
    +

    Create a signed message with two signers, use key identifier:

    +
    + openssl cms -sign -in message.txt -text -out mail.msg \
+        -signer mycert.pem -signer othercert.pem -keyid
    +

    Send a signed message under Unix directly to sendmail, including headers:

    +
    + openssl cms -sign -in in.txt -text -signer mycert.pem \
+        -from steve@openssl.org -to someone@somewhere \
+        -subject "Signed message" | sendmail someone@somewhere
    +

    Verify a message and extract the signer's certificate if successful:

    +
    + openssl cms -verify -in mail.msg -signer user.pem -out signedtext.txt
    +

    Send encrypted mail using triple DES:

    +
    + openssl cms -encrypt -in in.txt -from steve@openssl.org \
+        -to someone@somewhere -subject "Encrypted message" \
+        -des3 user.pem -out mail.msg
    +

    Sign and encrypt mail:

    +
    + openssl cms -sign -in ml.txt -signer my.pem -text \
+        | openssl cms -encrypt -out mail.msg \
+        -from steve@openssl.org -to someone@somewhere \
+        -subject "Signed and Encrypted message" -des3 user.pem
    +

    Note: the encryption command does not include the -text option because the +message being encrypted already has MIME headers.

    +

    Decrypt mail:

    +
    + openssl cms -decrypt -in mail.msg -recip mycert.pem -inkey key.pem
    +

    The output from Netscape form signing is a PKCS#7 structure with the +detached signature format. You can use this program to verify the +signature by line wrapping the base64 encoded structure and surrounding +it with:

    +
    + -----BEGIN PKCS7-----
+ -----END PKCS7-----
    +

    and using the command,

    +
    + openssl cms -verify -inform PEM -in signature.pem -content content.txt
    +

    alternatively you can base64 decode the signature and use

    +
    + openssl cms -verify -inform DER -in signature.der -content content.txt
    +

    Create an encrypted message using 128 bit Camellia:

    +
    + openssl cms -encrypt -in plain.txt -camellia128 -out mail.msg cert.pem
    +

    Add a signer to an existing message:

    +
    + openssl cms -resign -in mail.msg -signer newsign.pem -out mail2.msg
    +

    Sign mail using RSA-PSS:

    +
    + openssl cms -sign -in message.txt -text -out mail.msg \
+        -signer mycert.pem -keyopt rsa_padding_mode:pss
    +

    Create encrypted mail using RSA-OAEP:

    +
    + openssl cms -encrypt -in plain.txt -out mail.msg \
+        -recip cert.pem -keyopt rsa_padding_mode:oaep
    +

    Use SHA256 KDF with an ECDH certificate:

    +
    + openssl cms -encrypt -in plain.txt -out mail.msg \
+        -recip ecdhcert.pem -keyopt ecdh_kdf_md:sha256
    +

    +

    +
    +

    BUGS

    +

    The MIME parser isn't very clever: it seems to handle most messages that I've +thrown at it but it may choke on others.

    +

    The code currently will only write out the signer's certificate to a file: if +the signer has a separate encryption certificate this must be manually +extracted. There should be some heuristic that determines the correct +encryption certificate.

    +

    Ideally a database should be maintained of a certificates for each email +address.

    +

    The code doesn't currently take note of the permitted symmetric encryption +algorithms as supplied in the SMIMECapabilities signed attribute. this means the +user has to manually include the correct encryption algorithm. It should store +the list of permitted ciphers in a database and only use those.

    +

    No revocation checking is done on the signer's certificate.

    +

    +

    +
    +

    SEE ALSO

    +

    ossl_store-file(7)

    +

    +

    +
    +

    HISTORY

    +

    The use of multiple -signer options and the -resign command were first +added in OpenSSL 1.0.0.

    +

    The -keyopt option was added in OpenSSL 1.0.2.

    +

    Support for RSA-OAEP and RSA-PSS was added in OpenSSL 1.0.2.

    +

    The use of non-RSA keys with -encrypt and -decrypt +was added in OpenSSL 1.0.2.

    +

    The -no_alt_chains option was added in OpenSSL 1.0.2b.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man1/openssl-crl.html b/linux_amd64/share/doc/openssl/html/man1/openssl-crl.html new file mode 100755 index 0000000..b9f8252 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man1/openssl-crl.html @@ -0,0 +1,226 @@ + + + + +openssl-crl + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    openssl-crl - CRL utility

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl crl +[-help] +[-inform DER|PEM] +[-outform DER|PEM] +[-key filename] +[-keyform DER|PEM|ENGINE] +[-text] +[-in filename] +[-out filename] +[-gendelta filename] +[-badsig] +[-verify] +[-noout] +[-hash] +[-hash_old] +[-fingerprint] +[-crlnumber] +[-issuer] +[-lastupdate] +[-nextupdate] +[-nameopt option] +[-CAfile file] +[-no-CAfile] +[-CApath dir] +[-no-CApath] +[-CAstore uri] +[-no-CAstore]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command processes CRL files in DER or PEM format.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -inform DER|PEM, -outform DER|PEM
    + +
    +

    The input and output formats of the CRL; the default is PEM. +See openssl(1)/Format Options for details.

    +
    +
    -key filename
    + +
    +

    The private key to be used to sign the CRL.

    +
    +
    -keyform DER|PEM|ENGINE
    + +
    +

    The format of the private key file; the default is PEM. +See openssl(1)/Format Options for details.

    +
    +
    -in filename
    + +
    +

    This specifies the input filename to read from or standard input if this +option is not specified.

    +
    +
    -out filename
    + +
    +

    Specifies the output filename to write to or standard output by +default.

    +
    +
    -gendelta filename
    + +
    +

    Output a comparison of the main CRL and the one specified here.

    +
    +
    -badsig
    + +
    +

    Corrupt the signature before writing it; this can be useful +for testing.

    +
    +
    -text
    + +
    +

    Print out the CRL in text form.

    +
    +
    -verify
    + +
    +

    Verify the signature in the CRL.

    +
    +
    -noout
    + +
    +

    Don't output the encoded version of the CRL.

    +
    +
    -fingerprint
    + +
    +

    Output the fingerprint of the CRL.

    +
    +
    -crlnumber
    + +
    +

    Output the number of the CRL.

    +
    +
    -hash
    + +
    +

    Output a hash of the issuer name. This can be use to lookup CRLs in +a directory by issuer name.

    +
    +
    -hash_old
    + +
    +

    Outputs the "hash" of the CRL issuer name using the older algorithm +as used by OpenSSL before version 1.0.0.

    +
    +
    -issuer
    + +
    +

    Output the issuer name.

    +
    +
    -lastupdate
    + +
    +

    Output the lastUpdate field.

    +
    +
    -nextupdate
    + +
    +

    Output the nextUpdate field.

    +
    +
    -nameopt option
    + +
    +

    This specifies how the subject or issuer names are displayed. +See openssl(1)/Name Format Options for details.

    +
    +
    -CAfile file, -no-CAfile, -CApath dir, -no-CApath, +-CAstore uri, -no-CAstore
    + +
    +

    See openssl(1)/Trusted Certificate Options for details.

    +
    +
    +

    +

    +
    +

    EXAMPLES

    +

    Convert a CRL file from PEM to DER:

    +
    + openssl crl -in crl.pem -outform DER -out crl.der
    +

    Output the text form of a DER encoded certificate:

    +
    + openssl crl -in crl.der -inform DER -text -noout
    +

    +

    +
    +

    BUGS

    +

    Ideally it should be possible to create a CRL using appropriate options +and files too.

    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +openssl-crl2pkcs7(1), +openssl-ca(1), +openssl-x509(1), +ossl_store-file(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man1/openssl-crl2pkcs7.html b/linux_amd64/share/doc/openssl/html/man1/openssl-crl2pkcs7.html new file mode 100755 index 0000000..719ed17 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man1/openssl-crl2pkcs7.html @@ -0,0 +1,147 @@ + + + + +openssl-crl2pkcs7 + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    openssl-crl2pkcs7 - Create a PKCS#7 structure from a CRL and certificates

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl crl2pkcs7 +[-help] +[-inform DER|PEM] +[-outform DER|PEM] +[-in filename] +[-out filename] +[-certfile filename] +[-nocrl]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command takes an optional CRL and one or more +certificates and converts them into a PKCS#7 degenerate "certificates +only" structure.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -inform DER|PEM
    + +
    +

    The input format of the CRL; the default is PEM. +See openssl(1)/Format Options for details.

    +
    +
    -outform DER|PEM
    + +
    +

    The output format of the PKCS#7 object; the default is PEM. +See openssl(1)/Format Options for details.

    +
    +
    -in filename
    + +
    +

    This specifies the input filename to read a CRL from or standard input if this +option is not specified.

    +
    +
    -out filename
    + +
    +

    Specifies the output filename to write the PKCS#7 structure to or standard +output by default.

    +
    +
    -certfile filename
    + +
    +

    Specifies a filename containing one or more certificates in PEM format. +All certificates in the file will be added to the PKCS#7 structure. This +option can be used more than once to read certificates form multiple +files.

    +
    +
    -nocrl
    + +
    +

    Normally a CRL is included in the output file. With this option no CRL is +included in the output file and a CRL is not read from the input file.

    +
    +
    +

    +

    +
    +

    EXAMPLES

    +

    Create a PKCS#7 structure from a certificate and CRL:

    +
    + openssl crl2pkcs7 -in crl.pem -certfile cert.pem -out p7.pem
    +

    Creates a PKCS#7 structure in DER format with no CRL from several +different certificates:

    +
    + openssl crl2pkcs7 -nocrl -certfile newcert.pem
+        -certfile demoCA/cacert.pem -outform DER -out p7.der
    +

    +

    +
    +

    NOTES

    +

    The output file is a PKCS#7 signed data structure containing no signers and +just certificates and an optional CRL.

    +

    This command can be used to send certificates and CAs to Netscape as part of +the certificate enrollment process. This involves sending the DER encoded output +as MIME type application/x-x509-user-cert.

    +

    The PEM encoded form with the header and footer lines removed can be used to +install user certificates and CAs in MSIE using the Xenroll control.

    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +openssl-pkcs7(1)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man1/openssl-dgst.html b/linux_amd64/share/doc/openssl/html/man1/openssl-dgst.html new file mode 100755 index 0000000..681a8a9 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man1/openssl-dgst.html @@ -0,0 +1,309 @@ + + + + +openssl-dgst + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    openssl-dgst - perform digest operations

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl dgst|digest +[-digest] +[-help] +[-c] +[-d] +[-debug] +[-list] +[-hex] +[-binary] +[-r] +[-out filename] +[-sign filename] +[-keyform DER|PEM|P12|ENGINE] +[-passin arg] +[-verify filename] +[-prverify filename] +[-signature filename] +[-sigopt nm:v] +[-hmac key] +[-mac alg] +[-macopt nm:v] +[-fips-fingerprint] +[-engine id] +[-engine_impl id] +[-rand files] +[-writerand file] +[file ...]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command output the message digest of a supplied file or files +in hexadecimal, and also generates and verifies digital +signatures using message digests.

    +

    The generic name, openssl dgst, may be used with an option specifying the +algorithm to be used. +The default digest is sha256. +A supported digest name may also be used as the sub-command name. +To see the list of supported algorithms, use openssl list -digest-commands

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -digest
    + +
    +

    Specifies name of a supported digest to be used. To see the list of +supported digests, use the command list --digest-commands.

    +
    +
    -c
    + +
    +

    Print out the digest in two digit groups separated by colons, only relevant if +the -hex option is given as well.

    +
    +
    -d, -debug
    + +
    +

    Print out BIO debugging information.

    +
    +
    -list
    + +
    +

    Prints out a list of supported message digests.

    +
    +
    -hex
    + +
    +

    Digest is to be output as a hex dump. This is the default case for a "normal" +digest as opposed to a digital signature. See NOTES below for digital +signatures using -hex.

    +
    +
    -binary
    + +
    +

    Output the digest or signature in binary form.

    +
    +
    -r
    + +
    +

    Output the digest in the "coreutils" format, including newlines. +Used by programs like sha1sum(1).

    +
    +
    -out filename
    + +
    +

    Filename to output to, or standard output by default.

    +
    +
    -sign filename
    + +
    +

    Digitally sign the digest using the private key in "filename". Note this option +does not support Ed25519 or Ed448 private keys. Use the openssl-pkeyutl(1) +command instead for this.

    +
    +
    -keyform DER|PEM|P12|ENGINE
    + +
    +

    The format of the key to sign with; the default is PEM. +See openssl(1)/Format Options for details.

    +
    +
    -sigopt nm:v
    + +
    +

    Pass options to the signature algorithm during sign or verify operations. +Names and values of these options are algorithm-specific.

    +
    +
    -passin arg
    + +
    +

    The private key password source. For more information about the format of arg +see openssl(1)/Pass Phrase Options.

    +
    +
    -verify filename
    + +
    +

    Verify the signature using the public key in "filename". +The output is either "Verification OK" or "Verification Failure".

    +
    +
    -prverify filename
    + +
    +

    Verify the signature using the private key in "filename".

    +
    +
    -signature filename
    + +
    +

    The actual signature to verify.

    +
    +
    -hmac key
    + +
    +

    Create a hashed MAC using "key".

    +

    The openssl-mac(1) command should be preferred to using this command line +option.

    +
    +
    -mac alg
    + +
    +

    Create MAC (keyed Message Authentication Code). The most popular MAC +algorithm is HMAC (hash-based MAC), but there are other MAC algorithms +which are not based on hash, for instance gost-mac algorithm, +supported by the gost engine. MAC keys and other options should be set +via -macopt parameter.

    +

    The openssl-mac(1) command should be preferred to using this command line +option.

    +
    +
    -macopt nm:v
    + +
    +

    Passes options to MAC algorithm, specified by -mac key. +Following options are supported by both by HMAC and gost-mac:

    +
    +
    key:string
    + +
    +

    Specifies MAC key as alphanumeric string (use if key contain printable +characters only). String length must conform to any restrictions of +the MAC algorithm for example exactly 32 chars for gost-mac.

    +
    +
    hexkey:string
    + +
    +

    Specifies MAC key in hexadecimal form (two hex digits per byte). +Key length must conform to any restrictions of the MAC algorithm +for example exactly 32 chars for gost-mac.

    +
    +
    +

    The openssl-mac(1) command should be preferred to using this command line +option.

    +
    +
    -fips-fingerprint
    + +
    +

    Compute HMAC using a specific key for certain OpenSSL-FIPS operations.

    +
    +
    -rand files, -writerand file
    + +
    +

    See openssl(1)/Random State Options for details.

    +
    +
    -engine id
    + +
    +

    See openssl(1)/Engine Options. +The engine is not used for digests unless the -engine_impl option is +used or it is configured to do so, see config(5)/Engine Configuration Module.

    +
    +
    -engine_impl id
    + +
    +

    When used with the -engine option, it specifies to also use +engine id for digest operations.

    +
    +
    file ...
    + +
    +

    File or files to digest. If no files are specified then standard input is +used.

    +
    +
    +

    +

    +
    +

    EXAMPLES

    +

    To create a hex-encoded message digest of a file: + openssl dgst -md5 -hex file.txt

    +

    To sign a file using SHA-256 with binary file output: + openssl dgst -sha256 -sign privatekey.pem -out signature.sign file.txt

    +

    To verify a signature: + openssl dgst -sha256 -verify publickey.pem \ + -signature signature.sign \ + file.txt

    +

    +

    +
    +

    NOTES

    +

    The digest mechanisms that are available will depend on the options +used when building OpenSSL. +The openssl list -digest-commands command can be used to list them.

    +

    New or agile applications should use probably use SHA-256. Other digests, +particularly SHA-1 and MD5, are still widely used for interoperating +with existing formats and protocols.

    +

    When signing a file, this command will automatically determine the algorithm +(RSA, ECC, etc) to use for signing based on the private key's ASN.1 info. +When verifying signatures, it only handles the RSA, DSA, or ECDSA signature +itself, not the related data to identify the signer and algorithm used in +formats such as x.509, CMS, and S/MIME.

    +

    A source of random numbers is required for certain signing algorithms, in +particular ECDSA and DSA.

    +

    The signing and verify options should only be used if a single file is +being signed or verified.

    +

    Hex signatures cannot be verified using openssl. Instead, use "xxd -r" +or similar program to transform the hex signature into a binary signature +prior to verification.

    +

    The openssl-mac(1) command is preferred over the -hmac, -mac and +-macopt command line options.

    +

    +

    +
    +

    SEE ALSO

    +

    openssl-mac(1)

    +

    +

    +
    +

    HISTORY

    +

    The default digest was changed from MD5 to SHA256 in OpenSSL 1.1.0. +The FIPS-related options were removed in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man1/openssl-dhparam.html b/linux_amd64/share/doc/openssl/html/man1/openssl-dhparam.html new file mode 100755 index 0000000..32e462d --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man1/openssl-dhparam.html @@ -0,0 +1,199 @@ + + + + +openssl-dhparam + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    openssl-dhparam - DH parameter manipulation and generation

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl dhparam +[-help] +[-inform DER|PEM] +[-outform DER|PEM] +[-in filename] +[-out filename] +[-dsaparam] +[-check] +[-noout] +[-text] +[-C] +[-2] +[-3] +[-5] +[-engine id] +[-rand files] +[-writerand file] +[numbits]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command has been deprecated. +The openssl-pkeyparam(1) command should be used instead.

    +

    This command is used to manipulate DH parameter files.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -inform DER|PEM, -outform DER|PEM
    + +
    +

    The input format and output format; the default is PEM. +The object is compatible with the PKCS#3 DHparameter structure. +See openssl(1)/Format Options for details.

    +
    +
    -in filename
    + +
    +

    This specifies the input filename to read parameters from or standard input if +this option is not specified.

    +
    +
    -out filename
    + +
    +

    This specifies the output filename parameters to. Standard output is used +if this option is not present. The output filename should not be the same +as the input filename.

    +
    +
    -dsaparam
    + +
    +

    If this option is used, DSA rather than DH parameters are read or created; +they are converted to DH format. Otherwise, "strong" primes (such +that (p-1)/2 is also prime) will be used for DH parameter generation.

    +

    DH parameter generation with the -dsaparam option is much faster, +and the recommended exponent length is shorter, which makes DH key +exchange more efficient. Beware that with such DSA-style DH +parameters, a fresh DH key should be created for each use to +avoid small-subgroup attacks that may be possible otherwise.

    +
    +
    -check
    + +
    +

    Performs numerous checks to see if the supplied parameters are valid and +displays a warning if not.

    +
    +
    -2, -3, -5
    + +
    +

    The generator to use, either 2, 3 or 5. If present then the +input file is ignored and parameters are generated instead. If not +present but numbits is present, parameters are generated with the +default generator 2.

    +
    +
    numbits
    + +
    +

    This option specifies that a parameter set should be generated of size +numbits. It must be the last option. If this option is present then +the input file is ignored and parameters are generated instead. If +this option is not present but a generator (-2, -3 or -5) is +present, parameters are generated with a default length of 2048 bits. +The minimim length is 512 bits. The maximum length is 10000 bits.

    +
    +
    -noout
    + +
    +

    This option inhibits the output of the encoded version of the parameters.

    +
    +
    -text
    + +
    +

    This option prints out the DH parameters in human readable form.

    +
    +
    -C
    + +
    +

    This option converts the parameters into C code. The parameters can then +be loaded by calling the get_dhNNNN() function.

    +
    +
    -engine id
    + +
    +

    See openssl(1)/Engine Options.

    +
    +
    -rand files, -writerand file
    + +
    +

    See openssl(1)/Random State Options for details.

    +
    +
    +

    +

    +
    +

    NOTES

    +

    This command replaces the dh and gendh commands of previous +releases.

    +

    OpenSSL currently only supports the older PKCS#3 DH, not the newer X9.42 +DH.

    +

    This command manipulates DH parameters not keys.

    +

    +

    +
    +

    BUGS

    +

    There should be a way to generate and manipulate DH keys.

    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +openssl-pkeyparam(1), +openssl-dsaparam(1)

    +

    +

    +
    +

    HISTORY

    +

    This command was deprecated in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man1/openssl-dsa.html b/linux_amd64/share/doc/openssl/html/man1/openssl-dsa.html new file mode 100755 index 0000000..5199ef7 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man1/openssl-dsa.html @@ -0,0 +1,213 @@ + + + + +openssl-dsa + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    openssl-dsa - DSA key processing

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl dsa +[-help] +[-inform DER|PEM] +[-outform DER|PEM] +[-in filename] +[-passin arg] +[-out filename] +[-passout arg] +[-aes128] +[-aes192] +[-aes256] +[-aria128] +[-aria192] +[-aria256] +[-camellia128] +[-camellia192] +[-camellia256] +[-des] +[-des3] +[-idea] +[-text] +[-noout] +[-modulus] +[-pubin] +[-pubout] +[-engine id]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command has been deprecated. +The openssl-pkey(1) command should be used instead.

    +

    This command processes DSA keys. They can be converted between various +forms and their components printed out. Note This command uses the +traditional SSLeay compatible format for private key encryption: newer +applications should use the more secure PKCS#8 format using the pkcs8

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -inform DER|PEM, -outform DER|PEM
    + +
    +

    The input and formats; the default is PEM. +See openssl(1)/Format Options for details.

    +

    Private keys are a sequence of ASN.1 INTEGERS: the version (zero), p, +q, g, and the public and and private key components. Public keys +are a SubjectPublicKeyInfo structure with the DSA type.

    +

    The PEM format also accepts PKCS#8 data.

    +
    +
    -in filename
    + +
    +

    This specifies the input filename to read a key from or standard input if this +option is not specified. If the key is encrypted a pass phrase will be +prompted for.

    +
    +
    -out filename
    + +
    +

    This specifies the output filename to write a key to or standard output by +is not specified. If any encryption options are set then a pass phrase will be +prompted for. The output filename should not be the same as the input +filename.

    +
    +
    -passin arg, -passout arg
    + +
    +

    The password source for the input and output file. +For more information about the format of arg +see openssl(1)/Pass Phrase Options.

    +
    +
    -aes128, -aes192, -aes256, -aria128, -aria192, -aria256, -camellia128, -camellia192, -camellia256, -des, -des3, -idea
    + +
    +

    These options encrypt the private key with the specified +cipher before outputting it. A pass phrase is prompted for. +If none of these options is specified the key is written in plain text. This +means that this command can be used to remove the pass phrase from a key +by not giving any encryption option is given, or to add or change the pass +phrase by setting them. +These options can only be used with PEM format output files.

    +
    +
    -text
    + +
    +

    Prints out the public, private key components and parameters.

    +
    +
    -noout
    + +
    +

    This option prevents output of the encoded version of the key.

    +
    +
    -modulus
    + +
    +

    This option prints out the value of the public key component of the key.

    +
    +
    -pubin
    + +
    +

    By default, a private key is read from the input file. With this option a +public key is read instead.

    +
    +
    -pubout
    + +
    +

    By default, a private key is output. With this option a public +key will be output instead. This option is automatically set if the input is +a public key.

    +
    +
    -engine id
    + +
    +

    See openssl(1)/Engine Options.

    +
    +
    +

    +

    +
    +

    EXAMPLES

    +

    Examples equivalent to these can be found in the documentation for the +non-deprecated openssl-pkey(1) command.

    +

    To remove the pass phrase on a DSA private key:

    +
    + openssl dsa -in key.pem -out keyout.pem
    +

    To encrypt a private key using triple DES:

    +
    + openssl dsa -in key.pem -des3 -out keyout.pem
    +

    To convert a private key from PEM to DER format:

    +
    + openssl dsa -in key.pem -outform DER -out keyout.der
    +

    To print out the components of a private key to standard output:

    +
    + openssl dsa -in key.pem -text -noout
    +

    To just output the public part of a private key:

    +
    + openssl dsa -in key.pem -pubout -out pubkey.pem
    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +openssl-pkey(1), +openssl-dsaparam(1), +openssl-gendsa(1), +openssl-rsa(1), +openssl-genrsa(1)

    +

    +

    +
    +

    HISTORY

    +

    This command was deprecated in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man1/openssl-dsaparam.html b/linux_amd64/share/doc/openssl/html/man1/openssl-dsaparam.html new file mode 100755 index 0000000..28c6765 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man1/openssl-dsaparam.html @@ -0,0 +1,169 @@ + + + + +openssl-dsaparam + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    openssl-dsaparam - DSA parameter manipulation and generation

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl dsaparam +[-help] +[-inform DER|PEM] +[-outform DER|PEM] +[-in filename] +[-out filename] +[-noout] +[-text] +[-C] +[-genkey] +[-verbose] +[-rand files] +[-writerand file] +[-engine id] +[numbits]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command has been deprecated. +The openssl-pkeyparam(1) command should be used instead.

    +

    This command is used to manipulate or generate DSA parameter files.

    +

    DSA parameter generation can be a slow process and as a result the same set of +DSA parameters is often used to generate several distinct keys.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -inform DER|PEM, -outform DER|PEM
    + +
    +

    The input and formats; the default is PEM. +See openssl(1)/Format Options for details.

    +

    Parameters are a sequence of ASN.1 INTEGERs: p, q, and g. +This is compatible with RFC 2459 DSS-Parms structure.

    +
    +
    -in filename
    + +
    +

    This specifies the input filename to read parameters from or standard input if +this option is not specified. If the numbits parameter is included then +this option will be ignored.

    +
    +
    -out filename
    + +
    +

    This specifies the output filename parameters to. Standard output is used +if this option is not present. The output filename should not be the same +as the input filename.

    +
    +
    -noout
    + +
    +

    This option inhibits the output of the encoded version of the parameters.

    +
    +
    -text
    + +
    +

    This option prints out the DSA parameters in human readable form.

    +
    +
    -C
    + +
    +

    This option converts the parameters into C code. The parameters can then +be loaded by calling the get_dsaXXX() function.

    +
    +
    -genkey
    + +
    +

    This option will generate a DSA either using the specified or generated +parameters.

    +
    +
    -verbose
    + +
    +

    Print extra details about the operations being performed.

    +
    +
    -rand files, -writerand file
    + +
    +

    See openssl(1)/Random State Options for details.

    +
    +
    -engine id
    + +
    +

    See openssl(1)/Engine Options.

    +
    +
    numbits
    + +
    +

    This option specifies that a parameter set should be generated of size +numbits. It must be the last option. If this option is included then +the input file (if any) is ignored.

    +
    +
    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +openssl-pkeyparam(1), +openssl-gendsa(1), +openssl-dsa(1), +openssl-genrsa(1), +openssl-rsa(1)

    +

    +

    +
    +

    HISTORY

    +

    This command was deprecated in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man1/openssl-ec.html b/linux_amd64/share/doc/openssl/html/man1/openssl-ec.html new file mode 100755 index 0000000..5b1dbb8 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man1/openssl-ec.html @@ -0,0 +1,237 @@ + + + + +openssl-ec + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    openssl-ec - EC key processing

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl ec +[-help] +[-inform DER|PEM] +[-outform DER|PEM] +[-in filename] +[-passin arg] +[-out filename] +[-passout arg] +[-des] +[-des3] +[-idea] +[-text] +[-noout] +[-param_out] +[-pubin] +[-pubout] +[-conv_form arg] +[-param_enc arg] +[-no_public] +[-check] +[-engine id]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command has been deprecated. +The openssl-pkey(1) command should be used instead.

    +

    The openssl-ec(1) command processes EC keys. They can be converted between +various forms and their components printed out. Note OpenSSL uses the +private key format specified in 'SEC 1: Elliptic Curve Cryptography' +(http://www.secg.org/). To convert an OpenSSL EC private key into the +PKCS#8 private key format use the openssl-pkcs8(1) command.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -inform DER|PEM, -outform DER|PEM
    + +
    +

    The input and formats; the default is PEM. +See openssl(1)/Format Options for details.

    +

    Private keys are an SEC1 private key or PKCS#8 format. +Public keys are a SubjectPublicKeyInfo as specified in IETF RFC 3280.

    +
    +
    -in filename
    + +
    +

    This specifies the input filename to read a key from or standard input if this +option is not specified. If the key is encrypted a pass phrase will be +prompted for.

    +
    +
    -out filename
    + +
    +

    This specifies the output filename to write a key to or standard output by +is not specified. If any encryption options are set then a pass phrase will be +prompted for. The output filename should not be the same as the input +filename.

    +
    +
    -passin arg, -passout arg
    + +
    +

    The password source for the input and output file. +For more information about the format of arg +see openssl(1)/Pass Phrase Options.

    +
    +
    -des|-des3|-idea
    + +
    +

    These options encrypt the private key with the DES, triple DES, IDEA or +any other cipher supported by OpenSSL before outputting it. A pass phrase is +prompted for. +If none of these options is specified the key is written in plain text. This +means that using this command to read in an encrypted key with no +encryption option can be used to remove the pass phrase from a key, or by +setting the encryption options it can be use to add or change the pass phrase. +These options can only be used with PEM format output files.

    +
    +
    -text
    + +
    +

    Prints out the public, private key components and parameters.

    +
    +
    -noout
    + +
    +

    This option prevents output of the encoded version of the key.

    +
    +
    -pubin
    + +
    +

    By default, a private key is read from the input file. With this option a +public key is read instead.

    +
    +
    -pubout
    + +
    +

    By default a private key is output. With this option a public +key will be output instead. This option is automatically set if the input is +a public key.

    +
    +
    -conv_form arg
    + +
    +

    This specifies how the points on the elliptic curve are converted +into octet strings. Possible values are: compressed (the default +value), uncompressed and hybrid. For more information regarding +the point conversion forms please read the X9.62 standard. +Note Due to patent issues the compressed option is disabled +by default for binary curves and can be enabled by defining +the preprocessor macro OPENSSL_EC_BIN_PT_COMP at compile time.

    +
    +
    -param_enc arg
    + +
    +

    This specifies how the elliptic curve parameters are encoded. +Possible value are: named_curve, i.e. the ec parameters are +specified by an OID, or explicit where the ec parameters are +explicitly given (see RFC 3279 for the definition of the +EC parameters structures). The default value is named_curve. +Note the implicitlyCA alternative, as specified in RFC 3279, +is currently not implemented in OpenSSL.

    +
    +
    -no_public
    + +
    +

    This option omits the public key components from the private key output.

    +
    +
    -check
    + +
    +

    This option checks the consistency of an EC private or public key.

    +
    +
    -engine id
    + +
    +

    See openssl(1)/Engine Options.

    +
    +
    +

    +

    +
    +

    EXAMPLES

    +

    Examples equivalent to these can be found in the documentation for the +non-deprecated openssl-pkey(1) command.

    +

    To encrypt a private key using triple DES:

    +
    + openssl ec -in key.pem -des3 -out keyout.pem
    +

    To convert a private key from PEM to DER format:

    +
    + openssl ec -in key.pem -outform DER -out keyout.der
    +

    To print out the components of a private key to standard output:

    +
    + openssl ec -in key.pem -text -noout
    +

    To just output the public part of a private key:

    +
    + openssl ec -in key.pem -pubout -out pubkey.pem
    +

    To change the parameters encoding to explicit:

    +
    + openssl ec -in key.pem -param_enc explicit -out keyout.pem
    +

    To change the point conversion form to compressed:

    +
    + openssl ec -in key.pem -conv_form compressed -out keyout.pem
    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +openssl-pkey(1), +openssl-ecparam(1), +openssl-dsa(1), +openssl-rsa(1)

    +

    +

    +
    +

    HISTORY

    +

    This command was deprecated in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2003-2020 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man1/openssl-ecparam.html b/linux_amd64/share/doc/openssl/html/man1/openssl-ecparam.html new file mode 100755 index 0000000..4ad0c41 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man1/openssl-ecparam.html @@ -0,0 +1,234 @@ + + + + +openssl-ecparam + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    openssl-ecparam - EC parameter manipulation and generation

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl ecparam +[-help] +[-inform DER|PEM] +[-outform DER|PEM] +[-in filename] +[-out filename] +[-noout] +[-text] +[-C] +[-check] +[-check_named] +[-name arg] +[-list_curves] +[-conv_form arg] +[-param_enc arg] +[-no_seed] +[-genkey] +[-engine id] +[-rand files] +[-writerand file]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command has been deprecated. +The openssl-genpkey(1) and openssl-pkeyparam(1) commands +should be used instead.

    +

    This command is used to manipulate or generate EC parameter files.

    +

    OpenSSL is currently not able to generate new groups and therefore +this command can only create EC parameters from known (named) curves.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -inform DER|PEM, -outform DER|PEM
    + +
    +

    The input and formats; the default is PEM. +See openssl(1)/Format Options for details.

    +

    Parameters are encoded as EcpkParameters as specified in IETF RFC 3279.

    +
    +
    -in filename
    + +
    +

    This specifies the input filename to read parameters from or standard input if +this option is not specified.

    +
    +
    -out filename
    + +
    +

    This specifies the output filename parameters to. Standard output is used +if this option is not present. The output filename should not be the same +as the input filename.

    +
    +
    -noout
    + +
    +

    This option inhibits the output of the encoded version of the parameters.

    +
    +
    -text
    + +
    +

    This option prints out the EC parameters in human readable form.

    +
    +
    -C
    + +
    +

    This option converts the EC parameters into C code. The parameters can then +be loaded by calling the get_ec_group_XXX() function.

    +
    +
    -check
    + +
    +

    Validate the elliptic curve parameters.

    +
    +
    -check_named
    + +
    +

    Validate the elliptic name curve parameters by checking if the curve parameters +match any built-in curves.

    +
    +
    -name arg
    + +
    +

    Use the EC parameters with the specified 'short' name. Use -list_curves +to get a list of all currently implemented EC parameters.

    +
    +
    -list_curves
    + +
    +

    Print out a list of all currently implemented EC parameters names and exit.

    +
    +
    -conv_form arg
    + +
    +

    This specifies how the points on the elliptic curve are converted +into octet strings. Possible values are: compressed, uncompressed (the +default value) and hybrid. For more information regarding +the point conversion forms please read the X9.62 standard. +Note Due to patent issues the compressed option is disabled +by default for binary curves and can be enabled by defining +the preprocessor macro OPENSSL_EC_BIN_PT_COMP at compile time.

    +
    +
    -param_enc arg
    + +
    +

    This specifies how the elliptic curve parameters are encoded. +Possible value are: named_curve, i.e. the ec parameters are +specified by an OID, or explicit where the ec parameters are +explicitly given (see RFC 3279 for the definition of the +EC parameters structures). The default value is named_curve. +Note the implicitlyCA alternative, as specified in RFC 3279, +is currently not implemented in OpenSSL.

    +
    +
    -no_seed
    + +
    +

    This option inhibits that the 'seed' for the parameter generation +is included in the ECParameters structure (see RFC 3279).

    +
    +
    -genkey
    + +
    +

    This option will generate an EC private key using the specified parameters.

    +
    +
    -engine id
    + +
    +

    See openssl(1)/Engine Options.

    +
    +
    -rand files, -writerand file
    + +
    +

    See openssl(1)/Random State Options for details.

    +
    +
    +

    +

    +
    +

    EXAMPLES

    +

    Examples equivalent to these can be found in the documentation for the +non-deprecated openssl-genpkey(1) and openssl-pkeyparam(1) commands.

    +

    To create EC parameters with the group 'prime192v1':

    +
    +  openssl ecparam -out ec_param.pem -name prime192v1
    +

    To create EC parameters with explicit parameters:

    +
    +  openssl ecparam -out ec_param.pem -name prime192v1 -param_enc explicit
    +

    To validate given EC parameters:

    +
    +  openssl ecparam -in ec_param.pem -check
    +

    To create EC parameters and a private key:

    +
    +  openssl ecparam -out ec_key.pem -name prime192v1 -genkey
    +

    To change the point encoding to 'compressed':

    +
    +  openssl ecparam -in ec_in.pem -out ec_out.pem -conv_form compressed
    +

    To print out the EC parameters to standard output:

    +
    +  openssl ecparam -in ec_param.pem -noout -text
    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +openssl-pkeyparam(1), +openssl-genpkey(1), +openssl-ec(1), +openssl-dsaparam(1)

    +

    +

    +
    +

    HISTORY

    +

    This command was deprecated in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2003-2020 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man1/openssl-enc.html b/linux_amd64/share/doc/openssl/html/man1/openssl-enc.html new file mode 100755 index 0000000..72cbc1b --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man1/openssl-enc.html @@ -0,0 +1,492 @@ + + + + +openssl-enc + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    openssl-enc - symmetric cipher routines

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl enc|cipher +[-cipher] +[-help] +[-list] +[-ciphers] +[-in filename] +[-out filename] +[-pass arg] +[-e] +[-d] +[-a] +[-base64] +[-A] +[-k password] +[-kfile filename] +[-K key] +[-iv IV] +[-S salt] +[-salt] +[-nosalt] +[-z] +[-md digest] +[-iter count] +[-pbkdf2] +[-p] +[-P] +[-bufsize number] +[-nopad] +[-v] +[-debug] +[-none] +[-engine id] +[-rand files] +[-writerand file]

    +

    openssl cipher [...]

    +

    +

    +
    +

    DESCRIPTION

    +

    The symmetric cipher commands allow data to be encrypted or decrypted +using various block and stream ciphers using keys based on passwords +or explicitly provided. Base64 encoding or decoding can also be performed +either by itself or in addition to the encryption or decryption.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -list
    + +
    +

    List all supported ciphers.

    +
    +
    -ciphers
    + +
    +

    Alias of -list to display all supported ciphers.

    +
    +
    -in filename
    + +
    +

    The input filename, standard input by default.

    +
    +
    -out filename
    + +
    +

    The output filename, standard output by default.

    +
    +
    -pass arg
    + +
    +

    The password source. For more information about the format of arg +see openssl(1)/Pass Phrase Options.

    +
    +
    -e
    + +
    +

    Encrypt the input data: this is the default.

    +
    +
    -d
    + +
    +

    Decrypt the input data.

    +
    +
    -a
    + +
    +

    Base64 process the data. This means that if encryption is taking place +the data is base64 encoded after encryption. If decryption is set then +the input data is base64 decoded before being decrypted.

    +
    +
    -base64
    + +
    +

    Same as -a

    +
    +
    -A
    + +
    +

    If the -a option is set then base64 process the data on one line.

    +
    +
    -k password
    + +
    +

    The password to derive the key from. This is for compatibility with previous +versions of OpenSSL. Superseded by the -pass argument.

    +
    +
    -kfile filename
    + +
    +

    Read the password to derive the key from the first line of filename. +This is for compatibility with previous versions of OpenSSL. Superseded by +the -pass argument.

    +
    +
    -md digest
    + +
    +

    Use the specified digest to create the key from the passphrase. +The default algorithm is sha-256.

    +
    +
    -iter count
    + +
    +

    Use a given number of iterations on the password in deriving the encryption key. +High values increase the time required to brute-force the resulting file. +This option enables the use of PBKDF2 algorithm to derive the key.

    +
    +
    -pbkdf2
    + +
    +

    Use PBKDF2 algorithm with default iteration count unless otherwise specified.

    +
    +
    -nosalt
    + +
    +

    Don't use a salt in the key derivation routines. This option SHOULD NOT be +used except for test purposes or compatibility with ancient versions of +OpenSSL.

    +
    +
    -salt
    + +
    +

    Use salt (randomly generated or provide with -S option) when +encrypting, this is the default.

    +
    +
    -S salt
    + +
    +

    The actual salt to use: this must be represented as a string of hex digits.

    +
    +
    -K key
    + +
    +

    The actual key to use: this must be represented as a string comprised only +of hex digits. If only the key is specified, the IV must additionally specified +using the -iv option. When both a key and a password are specified, the +key given with the -K option will be used and the IV generated from the +password will be taken. It does not make much sense to specify both key +and password.

    +
    +
    -iv IV
    + +
    +

    The actual IV to use: this must be represented as a string comprised only +of hex digits. When only the key is specified using the -K option, the +IV must explicitly be defined. When a password is being specified using +one of the other options, the IV is generated from this password.

    +
    +
    -p
    + +
    +

    Print out the key and IV used.

    +
    +
    -P
    + +
    +

    Print out the key and IV used then immediately exit: don't do any encryption +or decryption.

    +
    +
    -bufsize number
    + +
    +

    Set the buffer size for I/O.

    +
    +
    -nopad
    + +
    +

    Disable standard block padding.

    +
    +
    -v
    + +
    +

    Verbose print; display some statistics about I/O and buffer sizes.

    +
    +
    -debug
    + +
    +

    Debug the BIOs used for I/O.

    +
    +
    -z
    + +
    +

    Compress or decompress clear text using zlib before encryption or after +decryption. This option exists only if OpenSSL with compiled with zlib +or zlib-dynamic option.

    +
    +
    -none
    + +
    +

    Use NULL cipher (no encryption or decryption of input).

    +
    +
    -rand files, -writerand file
    + +
    +

    See openssl(1)/Random State Options for details.

    +
    +
    -engine id
    + +
    +

    See openssl(1)/Engine Options.

    +
    +
    +

    +

    +
    +

    NOTES

    +

    The program can be called either as openssl cipher or +openssl enc -cipher. The first form doesn't work with +engine-provided ciphers, because this form is processed before the +configuration file is read and any ENGINEs loaded. +Use the openssl-list(1) command to get a list of supported ciphers.

    +

    Engines which provide entirely new encryption algorithms (such as the ccgost +engine which provides gost89 algorithm) should be configured in the +configuration file. Engines specified on the command line using -engine +option can only be used for hardware-assisted implementations of +ciphers which are supported by the OpenSSL core or another engine specified +in the configuration file.

    +

    When the enc command lists supported ciphers, ciphers provided by engines, +specified in the configuration files are listed too.

    +

    A password will be prompted for to derive the key and IV if necessary.

    +

    The -salt option should ALWAYS be used if the key is being derived +from a password unless you want compatibility with previous versions of +OpenSSL.

    +

    Without the -salt option it is possible to perform efficient dictionary +attacks on the password and to attack stream cipher encrypted data. The reason +for this is that without the salt the same password always generates the same +encryption key. When the salt is being used the first eight bytes of the +encrypted data are reserved for the salt: it is generated at random when +encrypting a file and read from the encrypted file when it is decrypted.

    +

    Some of the ciphers do not have large keys and others have security +implications if not used correctly. A beginner is advised to just use +a strong block cipher, such as AES, in CBC mode.

    +

    All the block ciphers normally use PKCS#5 padding, also known as standard +block padding. This allows a rudimentary integrity or password check to +be performed. However since the chance of random data passing the test +is better than 1 in 256 it isn't a very good test.

    +

    If padding is disabled then the input data must be a multiple of the cipher +block length.

    +

    All RC2 ciphers have the same key and effective key length.

    +

    Blowfish and RC5 algorithms use a 128 bit key.

    +

    +

    +
    +

    SUPPORTED CIPHERS

    +

    Note that some of these ciphers can be disabled at compile time +and some are available only if an appropriate engine is configured +in the configuration file. The output when invoking this command +with the -ciphers option (that is openssl enc -ciphers) is +a list of ciphers, supported by your version of OpenSSL, including +ones provided by configured engines.

    +

    This command does not support authenticated encryption modes +like CCM and GCM, and will not support such modes in the future. +This is due to having to begin streaming output (e.g., to standard output +when -out is not used) before the authentication tag could be validated. +When this command is used in a pipeline, the receiving end will not be +able to roll back upon authentication failure. The AEAD modes currently in +common use also suffer from catastrophic failure of confidentiality and/or +integrity upon reuse of key/iv/nonce, and since openssl enc places the +entire burden of key/iv/nonce management upon the user, the risk of +exposing AEAD modes is too great to allow. These key/iv/nonce +management issues also affect other modes currently exposed in this command, +but the failure modes are less extreme in these cases, and the +functionality cannot be removed with a stable release branch. +For bulk encryption of data, whether using authenticated encryption +modes or other modes, openssl-cms(1) is recommended, as it provides a +standard data format and performs the needed key/iv/nonce management.

    +
    + base64             Base 64
    +
    + bf-cbc             Blowfish in CBC mode
+ bf                 Alias for bf-cbc
+ blowfish           Alias for bf-cbc
+ bf-cfb             Blowfish in CFB mode
+ bf-ecb             Blowfish in ECB mode
+ bf-ofb             Blowfish in OFB mode
    +
    + cast-cbc           CAST in CBC mode
+ cast               Alias for cast-cbc
+ cast5-cbc          CAST5 in CBC mode
+ cast5-cfb          CAST5 in CFB mode
+ cast5-ecb          CAST5 in ECB mode
+ cast5-ofb          CAST5 in OFB mode
    +
    + chacha20           ChaCha20 algorithm
    +
    + des-cbc            DES in CBC mode
+ des                Alias for des-cbc
+ des-cfb            DES in CFB mode
+ des-ofb            DES in OFB mode
+ des-ecb            DES in ECB mode
    +
    + des-ede-cbc        Two key triple DES EDE in CBC mode
+ des-ede            Two key triple DES EDE in ECB mode
+ des-ede-cfb        Two key triple DES EDE in CFB mode
+ des-ede-ofb        Two key triple DES EDE in OFB mode
    +
    + des-ede3-cbc       Three key triple DES EDE in CBC mode
+ des-ede3           Three key triple DES EDE in ECB mode
+ des3               Alias for des-ede3-cbc
+ des-ede3-cfb       Three key triple DES EDE CFB mode
+ des-ede3-ofb       Three key triple DES EDE in OFB mode
    +
    + desx               DESX algorithm.
    +
    + gost89             GOST 28147-89 in CFB mode (provided by ccgost engine)
+ gost89-cnt        `GOST 28147-89 in CNT mode (provided by ccgost engine)
    +
    + idea-cbc           IDEA algorithm in CBC mode
+ idea               same as idea-cbc
+ idea-cfb           IDEA in CFB mode
+ idea-ecb           IDEA in ECB mode
+ idea-ofb           IDEA in OFB mode
    +
    + rc2-cbc            128 bit RC2 in CBC mode
+ rc2                Alias for rc2-cbc
+ rc2-cfb            128 bit RC2 in CFB mode
+ rc2-ecb            128 bit RC2 in ECB mode
+ rc2-ofb            128 bit RC2 in OFB mode
+ rc2-64-cbc         64 bit RC2 in CBC mode
+ rc2-40-cbc         40 bit RC2 in CBC mode
    +
    + rc4                128 bit RC4
+ rc4-64             64 bit RC4
+ rc4-40             40 bit RC4
    +
    + rc5-cbc            RC5 cipher in CBC mode
+ rc5                Alias for rc5-cbc
+ rc5-cfb            RC5 cipher in CFB mode
+ rc5-ecb            RC5 cipher in ECB mode
+ rc5-ofb            RC5 cipher in OFB mode
    +
    + seed-cbc           SEED cipher in CBC mode
+ seed               Alias for seed-cbc
+ seed-cfb           SEED cipher in CFB mode
+ seed-ecb           SEED cipher in ECB mode
+ seed-ofb           SEED cipher in OFB mode
    +
    + sm4-cbc            SM4 cipher in CBC mode
+ sm4                Alias for sm4-cbc
+ sm4-cfb            SM4 cipher in CFB mode
+ sm4-ctr            SM4 cipher in CTR mode
+ sm4-ecb            SM4 cipher in ECB mode
+ sm4-ofb            SM4 cipher in OFB mode
    +
    + aes-[128|192|256]-cbc  128/192/256 bit AES in CBC mode
+ aes[128|192|256]       Alias for aes-[128|192|256]-cbc
+ aes-[128|192|256]-cfb  128/192/256 bit AES in 128 bit CFB mode
+ aes-[128|192|256]-cfb1 128/192/256 bit AES in 1 bit CFB mode
+ aes-[128|192|256]-cfb8 128/192/256 bit AES in 8 bit CFB mode
+ aes-[128|192|256]-ctr  128/192/256 bit AES in CTR mode
+ aes-[128|192|256]-ecb  128/192/256 bit AES in ECB mode
+ aes-[128|192|256]-ofb  128/192/256 bit AES in OFB mode
    +
    + aria-[128|192|256]-cbc  128/192/256 bit ARIA in CBC mode
+ aria[128|192|256]       Alias for aria-[128|192|256]-cbc
+ aria-[128|192|256]-cfb  128/192/256 bit ARIA in 128 bit CFB mode
+ aria-[128|192|256]-cfb1 128/192/256 bit ARIA in 1 bit CFB mode
+ aria-[128|192|256]-cfb8 128/192/256 bit ARIA in 8 bit CFB mode
+ aria-[128|192|256]-ctr  128/192/256 bit ARIA in CTR mode
+ aria-[128|192|256]-ecb  128/192/256 bit ARIA in ECB mode
+ aria-[128|192|256]-ofb  128/192/256 bit ARIA in OFB mode
    +
    + camellia-[128|192|256]-cbc  128/192/256 bit Camellia in CBC mode
+ camellia[128|192|256]       Alias for camellia-[128|192|256]-cbc
+ camellia-[128|192|256]-cfb  128/192/256 bit Camellia in 128 bit CFB mode
+ camellia-[128|192|256]-cfb1 128/192/256 bit Camellia in 1 bit CFB mode
+ camellia-[128|192|256]-cfb8 128/192/256 bit Camellia in 8 bit CFB mode
+ camellia-[128|192|256]-ctr  128/192/256 bit Camellia in CTR mode
+ camellia-[128|192|256]-ecb  128/192/256 bit Camellia in ECB mode
+ camellia-[128|192|256]-ofb  128/192/256 bit Camellia in OFB mode
    +

    +

    +
    +

    EXAMPLES

    +

    Just base64 encode a binary file:

    +
    + openssl base64 -in file.bin -out file.b64
    +

    Decode the same file

    +
    + openssl base64 -d -in file.b64 -out file.bin
    +

    Encrypt a file using AES-128 using a prompted password +and PBKDF2 key derivation:

    +
    + openssl enc -aes128 -pbkdf2 -in file.txt -out file.aes128
    +

    Decrypt a file using a supplied password:

    +
    + openssl enc -aes128 -pbkdf2 -d -in file.aes128 -out file.txt \
+    -pass pass:<password>
    +

    Encrypt a file then base64 encode it (so it can be sent via mail for example) +using AES-256 in CTR mode and PBKDF2 key derivation:

    +
    + openssl enc -aes-256-ctr -pbkdf2 -a -in file.txt -out file.aes256
    +

    Base64 decode a file then decrypt it using a password supplied in a file:

    +
    + openssl enc -aes-256-ctr -pbkdf2 -d -a -in file.aes256 -out file.txt \
+    -pass file:<passfile>;
    +

    +

    +
    +

    BUGS

    +

    The -A option when used with large files doesn't work properly.

    +

    The openssl enc command only supports a fixed number of algorithms with +certain parameters. So if, for example, you want to use RC2 with a +76 bit key or RC4 with an 84 bit key you can't use this program.

    +

    +

    +
    +

    HISTORY

    +

    The default digest was changed from MD5 to SHA256 in OpenSSL 1.1.0.

    +

    The -list option was added in OpenSSL 1.1.1e.

    +

    The -ciphers option was deprecated in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man1/openssl-engine.html b/linux_amd64/share/doc/openssl/html/man1/openssl-engine.html new file mode 100755 index 0000000..d613295 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man1/openssl-engine.html @@ -0,0 +1,168 @@ + + + + +openssl-engine + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    openssl-engine - load and query engines

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl engine +[-help] +[-v] +[-vv] +[-vvv] +[-vvvv] +[-c] +[-t] +[-tt] +[-pre command] ... +[-post command] ... +[engine ...]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command is used to query the status and capabilities +of the specified engines. +Engines may be specified before and after all other command-line flags. +Only those specified are queried.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Display an option summary.

    +
    +
    -v -vv -vvv -vvvv
    + +
    +

    Provides information about each specified engine. The first flag lists +all the possible run-time control commands; the second adds a +description of each command; the third adds the input flags, and the +final option adds the internal input flags.

    +
    +
    -c
    + +
    +

    Lists the capabilities of each engine.

    +
    +
    -t
    + +
    +

    Tests if each specified engine is available, and displays the answer.

    +
    +
    -tt
    + +
    +

    Displays an error trace for any unavailable engine.

    +
    +
    -pre command
    + +
    -post command
    + +
    +

    Command-line configuration of engines. +The -pre command is given to the engine before it is loaded and +the -post command is given after the engine is loaded. +The command is of the form cmd:val where cmd is the command, +and val is the value for the command. +See the example below.

    +

    These two options are cumulative, so they may be given more than once in the +same command.

    +
    +
    +

    +

    +
    +

    EXAMPLES

    +

    To list all the commands available to a dynamic engine:

    +
    + $ openssl engine -t -tt -vvvv dynamic
+ (dynamic) Dynamic engine loading support
+      [ unavailable ]
+      SO_PATH: Specifies the path to the new ENGINE shared library
+           (input flags): STRING
+      NO_VCHECK: Specifies to continue even if version checking fails (boolean)
+           (input flags): NUMERIC
+      ID: Specifies an ENGINE id name for loading
+           (input flags): STRING
+      LIST_ADD: Whether to add a loaded ENGINE to the internal list (0=no,1=yes,2=mandatory)
+           (input flags): NUMERIC
+      DIR_LOAD: Specifies whether to load from 'DIR_ADD' directories (0=no,1=yes,2=mandatory)
+           (input flags): NUMERIC
+      DIR_ADD: Adds a directory from which ENGINEs can be loaded
+           (input flags): STRING
+      LOAD: Load up the ENGINE specified by other settings
+           (input flags): NO_INPUT
    +

    To list the capabilities of the rsax engine:

    +
    + $ openssl engine -c
+ (rsax) RSAX engine support
+  [RSA]
+ (dynamic) Dynamic engine loading support
    +

    +

    +
    +

    ENVIRONMENT

    +
    +
    OPENSSL_ENGINES
    + +
    +

    The path to the engines directory.

    +
    +
    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +config(5)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man1/openssl-errstr.html b/linux_amd64/share/doc/openssl/html/man1/openssl-errstr.html new file mode 100755 index 0000000..25f6b19 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man1/openssl-errstr.html @@ -0,0 +1,87 @@ + + + + +openssl-errstr + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    openssl-errstr - lookup error codes

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl errstr +[-help] +error_code...

    +

    +

    +
    +

    DESCRIPTION

    +

    Sometimes an application will not load error message texts and only +numerical forms will be available. This command can be +used to display the meaning of the hex code. The hex code is the hex digits +after the second colon.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Display a usage message.

    +
    +
    +

    +

    +
    +

    EXAMPLES

    +

    The error code:

    +
    + 27594:error:2006D080:lib(32)::reason(128)::107:
    +

    can be displayed with:

    +
    + openssl errstr 2006D080
    +

    to produce the error message:

    +
    + error:2006D080:BIO routines::no such file
    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2004-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man1/openssl-fipsinstall.html b/linux_amd64/share/doc/openssl/html/man1/openssl-fipsinstall.html new file mode 100755 index 0000000..da3959c --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man1/openssl-fipsinstall.html @@ -0,0 +1,217 @@ + + + + +openssl-fipsinstall + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    openssl-fipsinstall - perform FIPS configuration installation

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl fipsinstall +[-help] +[-in configfilename] +[-out configfilename] +[-module modulefilename] +[-provider_name providername] +[-section_name sectionname] +[-verify] +[-mac_name macname] +[-macopt nm:v] +[-noout] +[-corrupt_desc selftest_description] +[-corrupt_type selftest_type]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command is used to generate a FIPS module configuration file. +The generated configuration file consists of:

    +
    +
    - A mac of the FIPS module file.
    + +
    - A status indicator that indicates if the known answer Self Tests (KAT's) +have successfully run.
    + +
    +

    This configuration file can be used each time a FIPS module is loaded +in order to pass data to the FIPS modules self tests. The FIPS module always +verifies the modules MAC, but only needs to run the KATS once during install.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print a usage message.

    +
    +
    -module filename
    + +
    +

    Filename of a fips module to perform an integrity check on.

    +
    +
    -out configfilename
    + +
    +

    Filename to output the configuration data to, or standard output by default.

    +
    +
    -in configfilename
    + +
    +

    Input filename to load configuration data from. Used with the '-verify' option. +Standard input is used if the filename is '-'.

    +
    +
    -verify
    + +
    +

    Verify that the input configuration file contains the correct information

    +
    +
    -provider_name providername
    + +
    +

    Name of the provider inside the configuration file.

    +
    +
    -section_name sectionname
    + +
    +

    Name of the section inside the configuration file.

    +
    +
    -mac_name name
    + +
    +

    Specifies the name of a supported MAC algorithm which will be used. +To see the list of supported MAC's use the command +openssl list -mac-algorithms. The default is HMAC.

    +
    +
    -macopt nm:v
    + +
    +

    Passes options to the MAC algorithm. +A comprehensive list of controls can be found in the EVP_MAC implementation +documentation. +Common control strings used for fipsinstall are:

    +
    +
    key:string
    + +
    +

    Specifies the MAC key as an alphanumeric string (use if the key contains +printable characters only). +The string length must conform to any restrictions of the MAC algorithm. +A key must be specified for every MAC algorithm.

    +
    +
    hexkey:string
    + +
    +

    Specifies the MAC key in hexadecimal form (two hex digits per byte). +The key length must conform to any restrictions of the MAC algorithm. +A key must be specified for every MAC algorithm.

    +
    +
    digest:string
    + +
    +

    Used by HMAC as an alphanumeric string (use if the key contains printable +characters only). +The string length must conform to any restrictions of the MAC algorithm. +To see the list of supported digests, use the command +openssl list -digest-commands.

    +
    +
    +
    +
    -noout
    + +
    +

    Disable logging of the self tests.

    +
    +
    -corrupt_desc selftest_description
    + +
    -corrupt_type selftest_type
    + +
    +

    The corrupt options can be used to test failure of one or more self test(s) by +name. +Either option or both may be used to select the self test(s) to corrupt. +Refer to the entries for "st-desc" and "st-type" in OSSL_PROVIDER-FIPS(7) for +values that can be used.

    +
    +
    +

    +

    +
    +

    EXAMPLES

    +

    Calculate the mac of a FIPS module fips.so and run a FIPS self test +for the module, and save the fips.conf configuration file:

    +
    + openssl fipsinstall -module ./fips.so -out fips.conf -provider_name fips \
+         -section_name fipsinstall -mac_name HMAC -macopt digest:SHA256 \
+         -macopt hexkey:000102030405060708090A0B0C0D0E0F10111213
    +

    Verify that the configuration file fips.conf contains the correct info:

    +
    + openssl fipsinstall -module ./fips.so -in fips.conf  -provider_name fips \
+          -section_name fips_install -mac_name HMAC -macopt digest:SHA256 \
+          -macopt hexkey:000102030405060708090A0B0C0D0E0F10111213 -verify
    +

    Corrupt any self tests which have the description 'SHA1':

    +
    + openssl fipsinstall -module ./fips.so -out fips.conf -provider_name fips \
+         -section_name fipsinstall -mac_name HMAC -macopt digest:SHA256 \
+         -macopt hexkey:000102030405060708090A0B0C0D0E0F10111213 \
+         -corrupt_desc', 'SHA1'
    +

    +

    +
    +

    NOTES

    +

    The MAC mechanisms that are available will depend on the options +used when building OpenSSL. +The command openssl list -mac-algorithms command can be used to list them.

    +

    +

    +
    +

    SEE ALSO

    +

    fips_config(5), +OSSL_PROVIDER-FIPS(7), +EVP_MAC(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man1/openssl-gendsa.html b/linux_amd64/share/doc/openssl/html/man1/openssl-gendsa.html new file mode 100755 index 0000000..b31743c --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man1/openssl-gendsa.html @@ -0,0 +1,156 @@ + + + + +openssl-gendsa + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    openssl-gendsa - generate a DSA private key from a set of parameters

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl gendsa +[-help] +[-out filename] +[-passout arg] +[-aes128] +[-aes192] +[-aes256] +[-aria128] +[-aria192] +[-aria256] +[-camellia128] +[-camellia192] +[-camellia256] +[-des] +[-des3] +[-idea] +[-verbose] +[-rand files] +[-writerand file] +[-engine id] +[paramfile]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command has been deprecated. +The openssl-genpkey(1) command should be used instead.

    +

    This command generates a DSA private key from a DSA parameter file +(which will be typically generated by the openssl-dsaparam(1) command).

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -out filename
    + +
    +

    Output the key to the specified file. If this argument is not specified then +standard output is used.

    +
    +
    -passout arg
    + +
    +

    The passphrase used for the output file. +See openssl(1)/Pass Phrase Options.

    +
    +
    -aes128, -aes192, -aes256, -aria128, -aria192, -aria256, -camellia128, -camellia192, -camellia256, -des, -des3, -idea
    + +
    +

    These options encrypt the private key with specified +cipher before outputting it. A pass phrase is prompted for. +If none of these options is specified no encryption is used.

    +
    +
    -verbose
    + +
    +

    Print extra details about the operations being performed.

    +
    +
    -rand files, -writerand file
    + +
    +

    See openssl(1)/Random State Options for details.

    +
    +
    -engine id
    + +
    +

    See openssl(1)/Engine Options.

    +
    +
    paramfile
    + +
    +

    The DSA parameter file to use. The parameters in this file determine +the size of the private key. DSA parameters can be generated and +examined using the openssl-dsaparam(1) command.

    +
    +
    +

    +

    +
    +

    NOTES

    +

    DSA key generation is little more than random number generation so it is +much quicker that RSA key generation for example.

    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +openssl-genpkey(1), +openssl-dsaparam(1), +openssl-dsa(1), +openssl-genrsa(1), +openssl-rsa(1)

    +

    +

    +
    +

    HISTORY

    +

    This command was deprecated in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man1/openssl-genpkey.html b/linux_amd64/share/doc/openssl/html/man1/openssl-genpkey.html new file mode 100755 index 0000000..6ef589c --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man1/openssl-genpkey.html @@ -0,0 +1,394 @@ + + + + +openssl-genpkey + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    openssl-genpkey - generate a private key

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl genpkey +[-help] +[-out filename] +[-outform DER|PEM] +[-pass arg] +[-cipher] +[-paramfile file] +[-algorithm alg] +[-pkeyopt opt:value] +[-genparam] +[-text] +[-engine id]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command generates a private key.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -out filename
    + +
    +

    Output the key to the specified file. If this argument is not specified then +standard output is used.

    +
    +
    -outform DER|PEM
    + +
    +

    The output format; the default is PEM. +See openssl(1)/Format Options for details.

    +
    +
    -pass arg
    + +
    +

    The output file password source. For more information about the format of arg +see openssl(1)/Pass Phrase Options.

    +
    +
    -cipher
    + +
    +

    This option encrypts the private key with the supplied cipher. Any algorithm +name accepted by EVP_get_cipherbyname() is acceptable such as des3.

    +
    +
    -algorithm alg
    + +
    +

    Public key algorithm to use such as RSA, DSA or DH. If used this option must +precede any -pkeyopt options. The options -paramfile and -algorithm +are mutually exclusive. Engines may add algorithms in addition to the standard +built-in ones.

    +

    Valid built-in algorithm names for private key generation are RSA, RSA-PSS, EC, +X25519, X448, ED25519 and ED448.

    +

    Valid built-in algorithm names for parameter generation (see the -genparam +option) are DH, DSA and EC.

    +

    Note that the algorithm name X9.42 DH may be used as a synonym for the DH +algorithm. These are identical and do not indicate the type of parameters that +will be generated. Use the dh_paramgen_type option to indicate whether PKCS#3 +or X9.42 DH parameters are required. See DH Parameter Generation Options +below for more details.

    +
    +
    -pkeyopt opt:value
    + +
    +

    Set the public key algorithm option opt to value. The precise set of +options supported depends on the public key algorithm used and its +implementation. See KEY GENERATION OPTIONS and +PARAMETER GENERATION OPTIONS below for more details.

    +
    +
    -genparam
    + +
    +

    Generate a set of parameters instead of a private key. If used this option must +precede any -algorithm, -paramfile or -pkeyopt options.

    +
    +
    -paramfile filename
    + +
    +

    Some public key algorithms generate a private key based on a set of parameters. +They can be supplied using this option. If this option is used the public key +algorithm used is determined by the parameters. If used this option must +precede any -pkeyopt options. The options -paramfile and -algorithm +are mutually exclusive.

    +
    +
    -text
    + +
    +

    Print an (unencrypted) text representation of private and public keys and +parameters along with the PEM or DER structure.

    +
    +
    -engine id
    + +
    +

    See openssl(1)/Engine Options.

    +
    +
    +

    +

    +
    +

    KEY GENERATION OPTIONS

    +

    The options supported by each algorithm and indeed each implementation of an +algorithm can vary. The options for the OpenSSL implementations are detailed +below. There are no key generation options defined for the X25519, X448, ED25519 +or ED448 algorithms.

    +

    +

    +

    RSA Key Generation Options

    +
    +
    rsa_keygen_bits:numbits
    + +
    +

    The number of bits in the generated key. If not specified 2048 is used.

    +
    +
    rsa_keygen_primes:numprimes
    + +
    +

    The number of primes in the generated key. If not specified 2 is used.

    +
    +
    rsa_keygen_pubexp:value
    + +
    +

    The RSA public exponent value. This can be a large decimal or +hexadecimal value if preceded by 0x. Default value is 65537.

    +
    +
    +

    +

    +

    RSA-PSS Key Generation Options

    +

    Note: by default an RSA-PSS key has no parameter restrictions.

    +
    +
    rsa_keygen_bits:numbits, rsa_keygen_primes:numprimes, +rsa_keygen_pubexp:value
    + +
    +

    These options have the same meaning as the RSA algorithm.

    +
    +
    rsa_pss_keygen_md:digest
    + +
    +

    If set the key is restricted and can only use digest for signing.

    +
    +
    rsa_pss_keygen_mgf1_md:digest
    + +
    +

    If set the key is restricted and can only use digest as it's MGF1 +parameter.

    +
    +
    rsa_pss_keygen_saltlen:len
    + +
    +

    If set the key is restricted and len specifies the minimum salt length.

    +
    +
    +

    +

    +

    EC Key Generation Options

    +

    The EC key generation options can also be used for parameter generation.

    +
    +
    ec_paramgen_curve:curve
    + +
    +

    The EC curve to use. OpenSSL supports NIST curve names such as "P-256".

    +
    +
    ec_param_enc:encoding
    + +
    +

    The encoding to use for parameters. The encoding parameter must be either +named_curve or explicit. The default value is named_curve.

    +
    +
    +

    +

    +
    +

    PARAMETER GENERATION OPTIONS

    +

    The options supported by each algorithm and indeed each implementation of an +algorithm can vary. The options for the OpenSSL implementations are detailed +below.

    +

    +

    +

    DSA Parameter Generation Options

    +
    +
    dsa_paramgen_bits:numbits
    + +
    +

    The number of bits in the generated prime. If not specified 2048 is used.

    +
    +
    dsa_paramgen_q_bits:numbits
    + +
    +

    The number of bits in the q parameter. Must be one of 160, 224 or 256. If not +specified 224 is used.

    +
    +
    dsa_paramgen_md:digest
    + +
    +

    The digest to use during parameter generation. Must be one of sha1, sha224 +or sha256. If set, then the number of bits in q will match the output size +of the specified digest and the dsa_paramgen_q_bits parameter will be +ignored. If not set, then a digest will be used that gives an output matching +the number of bits in q, i.e. sha1 if q length is 160, sha224 if it 224 +or sha256 if it is 256.

    +
    +
    +

    +

    +

    DH Parameter Generation Options

    +
    +
    dh_paramgen_prime_len:numbits
    + +
    +

    The number of bits in the prime parameter p. The default is 2048.

    +
    +
    dh_paramgen_subprime_len:numbits
    + +
    +

    The number of bits in the sub prime parameter q. The default is 256 if the +prime is at least 2048 bits long or 160 otherwise. Only relevant if used in +conjunction with the dh_paramgen_type option to generate X9.42 DH parameters.

    +
    +
    dh_paramgen_generator:value
    + +
    +

    The value to use for the generator g. The default is 2.

    +
    +
    dh_paramgen_type:value
    + +
    +

    The type of DH parameters to generate. Use 0 for PKCS#3 DH and 1 for X9.42 DH. +The default is 0.

    +
    +
    dh_rfc5114:num
    + +
    +

    If this option is set, then the appropriate RFC5114 parameters are used +instead of generating new parameters. The value num can be one of +1, 2 or 3 corresponding to RFC5114 DH parameters consisting of +1024 bit group with 160 bit subgroup, 2048 bit group with 224 bit subgroup +and 2048 bit group with 256 bit subgroup as mentioned in RFC5114 sections +2.1, 2.2 and 2.3 respectively. If present this overrides all other DH parameter +options.

    +
    +
    +

    +

    +

    EC Parameter Generation Options

    +

    The EC parameter generation options are the same as for key generation. See +EC Key Generation Options above.

    +

    +

    +
    +

    NOTES

    +

    The use of the genpkey program is encouraged over the algorithm specific +utilities because additional algorithm options and ENGINE provided algorithms +can be used.

    +

    +

    +
    +

    EXAMPLES

    +

    Generate an RSA private key using default parameters:

    +
    + openssl genpkey -algorithm RSA -out key.pem
    +

    Encrypt output private key using 128 bit AES and the passphrase "hello":

    +
    + openssl genpkey -algorithm RSA -out key.pem -aes-128-cbc -pass pass:hello
    +

    Generate a 2048 bit RSA key using 3 as the public exponent:

    +
    + openssl genpkey -algorithm RSA -out key.pem \
+     -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:3
    +

    Generate 2048 bit DSA parameters:

    +
    + openssl genpkey -genparam -algorithm DSA -out dsap.pem \
+     -pkeyopt dsa_paramgen_bits:2048
    +

    Generate DSA key from parameters:

    +
    + openssl genpkey -paramfile dsap.pem -out dsakey.pem
    +

    Generate 2048 bit DH parameters:

    +
    + openssl genpkey -genparam -algorithm DH -out dhp.pem \
+     -pkeyopt dh_paramgen_prime_len:2048
    +

    Generate 2048 bit X9.42 DH parameters:

    +
    + openssl genpkey -genparam -algorithm DH -out dhpx.pem \
+     -pkeyopt dh_paramgen_prime_len:2048 \
+     -pkeyopt dh_paramgen_type:1
    +

    Output RFC5114 2048 bit DH parameters with 224 bit subgroup:

    +
    + openssl genpkey -genparam -algorithm DH -out dhp.pem -pkeyopt dh_rfc5114:2
    +

    Generate DH key from parameters:

    +
    + openssl genpkey -paramfile dhp.pem -out dhkey.pem
    +

    Generate EC parameters:

    +
    + openssl genpkey -genparam -algorithm EC -out ecp.pem \
+        -pkeyopt ec_paramgen_curve:secp384r1 \
+        -pkeyopt ec_param_enc:named_curve
    +

    Generate EC key from parameters:

    +
    + openssl genpkey -paramfile ecp.pem -out eckey.pem
    +

    Generate EC key directly:

    +
    + openssl genpkey -algorithm EC -out eckey.pem \
+        -pkeyopt ec_paramgen_curve:P-384 \
+        -pkeyopt ec_param_enc:named_curve
    +

    Generate an X25519 private key:

    +
    + openssl genpkey -algorithm X25519 -out xkey.pem
    +

    Generate an ED448 private key:

    +
    + openssl genpkey -algorithm ED448 -out xkey.pem
    +

    +

    +
    +

    HISTORY

    +

    The ability to use NIST curve names, and to generate an EC key directly, +were added in OpenSSL 1.0.2. +The ability to generate X25519 keys was added in OpenSSL 1.1.0. +The ability to generate X448, ED25519 and ED448 keys was added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man1/openssl-genrsa.html b/linux_amd64/share/doc/openssl/html/man1/openssl-genrsa.html new file mode 100755 index 0000000..d5df5c6 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man1/openssl-genrsa.html @@ -0,0 +1,177 @@ + + + + +openssl-genrsa + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    openssl-genrsa - generate an RSA private key

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl genrsa +[-help] +[-out filename] +[-passout arg] +[-aes128] +[-aes192] +[-aes256] +[-aria128] +[-aria192] +[-aria256] +[-camellia128] +[-camellia192] +[-camellia256] +[-des] +[-des3] +[-idea] +[-F4] +[-f4] +[-3] +[-primes num] +[-verbose] +[-rand files] +[-writerand file] +[-engine id] +[numbits]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command has been deprecated. +The openssl-genpkey(1) command should be used instead.

    +

    This command generates an RSA private key.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -out filename
    + +
    +

    Output the key to the specified file. If this argument is not specified then +standard output is used.

    +
    +
    -passout arg
    + +
    +

    The output file password source. For more information about the format +see openssl(1)/Pass Phrase Options.

    +
    +
    -aes128, -aes192, -aes256, -aria128, -aria192, -aria256, -camellia128, -camellia192, -camellia256, -des, -des3, -idea
    + +
    +

    These options encrypt the private key with specified +cipher before outputting it. If none of these options is +specified no encryption is used. If encryption is used a pass phrase is prompted +for if it is not supplied via the -passout argument.

    +
    +
    -F4, -f4, -3
    + +
    +

    The public exponent to use, either 65537 or 3. The default is 65537.

    +
    +
    -primes num
    + +
    +

    Specify the number of primes to use while generating the RSA key. The num +parameter must be a positive integer that is greater than 1 and less than 16. +If num is greater than 2, then the generated key is called a 'multi-prime' +RSA key, which is defined in RFC 8017.

    +
    +
    -verbose
    + +
    +

    Print extra details about the operations being performed.

    +
    +
    -rand files, -writerand file
    + +
    +

    See openssl(1)/Random State Options for details.

    +
    +
    -engine id
    + +
    +

    See openssl(1)/Engine Options.

    +
    +
    numbits
    + +
    +

    The size of the private key to generate in bits. This must be the last option +specified. The default is 2048 and values less than 512 are not allowed.

    +
    +
    +

    +

    +
    +

    NOTES

    +

    RSA private key generation essentially involves the generation of two or more +prime numbers. When generating a private key various symbols will be output to +indicate the progress of the generation. A . represents each number which +has passed an initial sieve test, + means a number has passed a single +round of the Miller-Rabin primality test, * means the current prime starts +a regenerating progress due to some failed tests. A newline means that the number +has passed all the prime tests (the actual number depends on the key size).

    +

    Because key generation is a random process the time taken to generate a key +may vary somewhat. But in general, more primes lead to less generation time +of a key.

    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +openssl-genpkey(1), +openssl-gendsa(1)

    +

    +

    +
    +

    HISTORY

    +

    This command was deprecated in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man1/openssl-info.html b/linux_amd64/share/doc/openssl/html/man1/openssl-info.html new file mode 100755 index 0000000..1550ee5 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man1/openssl-info.html @@ -0,0 +1,133 @@ + + + + +openssl-info + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    openssl-info - print OpenSSL built-in information

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl info +[-help] +[-configdir] +[-enginesdir] +[-modulesdir ] +[-dsoext] +[-dirnamesep] +[-listsep] +[-seeds] +[-cpusettings]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command is used to print out information about OpenSSL. +The information is written exactly as it is with no extra text, which +makes useful for scripts.

    +

    As a consequence, only one item may be chosen for each run of this +command.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -configdir
    + +
    +

    Outputs the default directory for OpenSSL configuration files.

    +
    +
    -enginesdir
    + +
    +

    Outputs the default directory for OpenSSL engine modules.

    +
    +
    -modulesdir
    + +
    +

    Outputs the default directory for OpenSSL dynamically loadable modules +other than engine modules.

    +
    +
    -dsoext
    + +
    +

    Outputs the DSO extension OpenSSL uses.

    +
    +
    -dirnamesep
    + +
    +

    Outputs the separator character between a directory specification and +a filename. +Note that on some operating systems, this is not the same as the +separator between directory elements.

    +
    +
    -listsep
    + +
    +

    Outputs the OpenSSL list separator character. +This is typically used to construct $PATH (%PATH% on Windows) +style lists.

    +
    +
    -seeds
    + +
    +

    Outputs the randomness seed sources.

    +
    +
    -cpusettings
    + +
    +

    Outputs the OpenSSL CPU settings info.

    +
    +
    +

    +

    +
    +

    HISTORY

    +

    This command was added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man1/openssl-kdf.html b/linux_amd64/share/doc/openssl/html/man1/openssl-kdf.html new file mode 100755 index 0000000..bd8a73b --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man1/openssl-kdf.html @@ -0,0 +1,214 @@ + + + + +openssl-kdf + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    openssl-kdf - perform Key Derivation Function operations

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl kdf +[-help] +[-kdfopt nm:v] +[-keylen num] +[-out filename] +[-binary] +kdf_name

    +

    +

    +
    +

    DESCRIPTION

    +

    The key derivation functions generate a derived key from either a secret or +password.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print a usage message.

    +
    +
    -keylen num
    + +
    +

    The output size of the derived key. This field is required.

    +
    +
    -out filename
    + +
    +

    Filename to output to, or standard output by default.

    +
    +
    -binary
    + +
    +

    Output the derived key in binary form. Uses hexadecimal text format if not specified.

    +
    +
    -kdfopt nm:v
    + +
    +

    Passes options to the KDF algorithm. +A comprehensive list of parameters can be found in the EVP_KDF_CTX +implementation documentation. +Common parameter names used by EVP_KDF_CTX_set_params() are:

    +
    +
    key:string
    + +
    +

    Specifies the secret key as an alphanumeric string (use if the key contains +printable characters only). +The string length must conform to any restrictions of the KDF algorithm. +A key must be specified for most KDF algorithms.

    +
    +
    hexkey:string
    + +
    +

    Specifies the secret key in hexadecimal form (two hex digits per byte). +The key length must conform to any restrictions of the KDF algorithm. +A key must be specified for most KDF algorithms.

    +
    +
    pass:string
    + +
    +

    Specifies the password as an alphanumeric string (use if the password contains +printable characters only). +The password must be specified for PBKDF2 and scrypt.

    +
    +
    hexpass:string
    + +
    +

    Specifies the password in hexadecimal form (two hex digits per byte). +The password must be specified for PBKDF2 and scrypt.

    +
    +
    digest:string
    + +
    +

    Specifies the name of a digest as an alphanumeric string. +To see the list of supported digests, use the command list -digest-commands.

    +
    +
    +
    +
    kdf_name
    + +
    +

    Specifies the name of a supported KDF algorithm which will be used. +The supported algorithms names include TLS1-PRF, HKDF, SSKDF, PBKDF2, +SSHKDF, X942KDF, X963KDF and SCRYPT.

    +
    +
    +

    +

    +
    +

    EXAMPLES

    +

    Use TLS1-PRF to create a hex-encoded derived key from a secret key and seed:

    +
    +    openssl kdf -keylen 16 -kdfopt digest:SHA2-256 -kdfopt key:secret \
+                -kdfopt seed:seed TLS1-PRF
    +

    Use HKDF to create a hex-encoded derived key from a secret key, salt and info:

    +
    +    openssl kdf -keylen 10 -kdfopt digest:SHA2-256 -kdfopt key:secret \
+                -kdfopt salt:salt -kdfopt info:label HKDF
    +

    Use SSKDF with KMAC to create a hex-encoded derived key from a secret key, salt and info:

    +
    +    openssl kdf -keylen 64 -kdfopt mac:KMAC-128 -kdfopt maclen:20 \
+                -kdfopt hexkey:b74a149a161545 -kdfopt hexinfo:348a37a2 \
+                -kdfopt hexsalt:3638271ccd68a2 SSKDF
    +

    Use SSKDF with HMAC to create a hex-encoded derived key from a secret key, salt and info:

    +
    +    openssl kdf -keylen 16 -kdfopt mac:HMAC -kdfopt digest:SHA2-256 \
+                -kdfopt hexkey:b74a149a -kdfopt hexinfo:348a37a2 \
+                -kdfopt hexsalt:3638271c SSKDF
    +

    Use SSKDF with Hash to create a hex-encoded derived key from a secret key, salt and info:

    +
    +    openssl kdf -keylen 14 -kdfopt digest:SHA2-256 \
+                -kdfopt hexkey:6dbdc23f045488 \
+                -kdfopt hexinfo:a1b2c3d4 SSKDF
    +

    Use SSHKDF to create a hex-encoded derived key from a secret key, hash and session_id:

    +
    +    openssl kdf -keylen 16 -kdfopt digest:SHA2-256 \
+                -kdfopt hexkey:0102030405 \
+                -kdfopt hexxcghash:06090A \
+                -kdfopt hexsession_id:01020304 \
+                -kdfopt type:A SSHKDF
    +

    Use PBKDF2 to create a hex-encoded derived key from a password and salt:

    +
    +    openssl kdf -keylen 32 -kdfopt digest:SHA256 -kdfopt pass:password \
+                -kdfopt salt:salt -kdfopt iter:2 PBKDF2
    +

    Use scrypt to create a hex-encoded derived key from a password and salt:

    +
    +    openssl kdf -keylen 64 -kdfopt pass:password -kdfopt salt:NaCl \
+                -kdfopt N:1024 -kdfopt r:8 -kdfopt p:16 \
+                -kdfopt maxmem_bytes:10485760 SCRYPT
    +

    +

    +
    +

    NOTES

    +

    The KDF mechanisms that are available will depend on the options +used when building OpenSSL.

    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +openssl-pkeyutl(1), +EVP_KDF(3), +EVP_KDF-SCRYPT(7), +EVP_KDF-TLS1_PRF(7), +EVP_KDF-PBKDF2(7), +EVP_KDF-HKDF(7), +EVP_KDF-SS(7), +EVP_KDF-SSHKDF(7), +EVP_KDF-X942(7), +EVP_KDF-X963(7)

    +

    +

    +
    +

    HISTORY

    +

    Added in OpenSSL 3.0

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man1/openssl-list.html b/linux_amd64/share/doc/openssl/html/man1/openssl-list.html new file mode 100755 index 0000000..aa5a2f3 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man1/openssl-list.html @@ -0,0 +1,191 @@ + + + + +openssl-list + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    openssl-list - list algorithms and features

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl list +[-help] +[-verbose] +[-1] +[-commands] +[-digest-commands] +[-digest-algorithms] +[-kdf-algorithms] +[-mac-algorithms] +[-cipher-commands] +[-cipher-algorithms] +[-public-key-algorithms] +[-public-key-methods] +[-engines] +[-disabled] +[-objects] +[-options command]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command is used to generate list of algorithms or disabled +features.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Display a usage message.

    +
    +
    -verbose
    + +
    +

    Displays extra information. +The options below where verbosity applies say a bit more about what that means.

    +
    +
    -1
    + +
    +

    List the commands, digest-commands, or cipher-commands in a single column. +If used, this option must be given first.

    +
    +
    -commands
    + +
    +

    Display a list of standard commands.

    +
    +
    -digest-commands
    + +
    +

    Display a list of message digest commands, which are typically used +as input to the openssl-dgst(1) or openssl-speed(1) commands.

    +
    +
    -cipher-commands
    + +
    +

    Display a list of cipher commands, which are typically used as input +to the openssl-dgst(1) or openssl-speed(1) commands.

    +
    +
    -digest-algorithms, -kdf-algorithms, -mac-algorithms, +-cipher-algorithms
    + +
    +

    Display a list of cipher, digest, kdf and mac algorithms. +See Display of algorithm names for a description of how names are +displayed.

    +

    In verbose mode, the algorithms provided by a provider will get additional +information on what parameters each implementation supports.

    +
    +
    -public-key-algorithms
    + +
    +

    Display a list of public key algorithms, with each algorithm as +a block of multiple lines, all but the first are indented.

    +
    +
    -public-key-methods
    + +
    +

    Display a list of public key method OIDs.

    +
    +
    -engines
    + +
    +

    Display a list of loaded engines.

    +
    +
    -disabled
    + +
    +

    Display a list of disabled features, those that were compiled out +of the installation.

    +
    +
    -objects
    + +
    +

    Display a list of built in objects, i.e. OIDs with names. They're listed in the +format described in config(5)/ASN1 Object Configuration Module.

    +
    +
    -options command
    + +
    +

    Output a two-column list of the options accepted by the specified command. +The first is the option name, and the second is a one-character indication +of what type of parameter it takes, if any. +This is an internal option, used for checking that the documentation +is complete.

    +
    +
    +

    +

    +

    Display of algorithm names

    +

    Algorithm names may be displayed in one of two manners:

    +
    +
    Legacy implementations
    + +
    +

    Legacy implementations will simply display the main name of the +algorithm on a line of its own, or in the form <foo bar>> to show +that foo is an alias for the main name, bar

    +
    +
    Provided implementations
    + +
    +

    Implementations from a provider are displayed like this if the +implementation is labeled with a single name:

    +
    + foo @ bar
    +

    or like this if it's labeled with multiple names:

    +
    + { foo1, foo2 } @bar
    +

    In both cases, bar is the name of the provider.

    +
    +
    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man1/openssl-mac.html b/linux_amd64/share/doc/openssl/html/man1/openssl-mac.html new file mode 100755 index 0000000..d5aba3b --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man1/openssl-mac.html @@ -0,0 +1,208 @@ + + + + +openssl-mac + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    openssl-mac - perform Message Authentication Code operations

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl mac +[-help] +[-macopt] +[-in filename] +[-out filename] +[-binary] +mac_name

    +

    +

    +
    +

    DESCRIPTION

    +

    The message authentication code functions output the MAC of a supplied input +file.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print a usage message.

    +
    +
    -in filename
    + +
    +

    Input filename to calculate a MAC for, or standard input by default. +Standard input is used if the filename is '-'. +Files are expected to be in binary format, standard input uses hexadecimal text +format.

    +
    +
    -out filename
    + +
    +

    Filename to output to, or standard output by default.

    +
    +
    -binary
    + +
    +

    Output the MAC in binary form. Uses hexadecimal text format if not specified.

    +
    +
    -macopt nm:v
    + +
    +

    Passes options to the MAC algorithm. +A comprehensive list of controls can be found in the EVP_MAC implementation +documentation. +Common parameter names used by EVP_MAC_CTX_get_params() are:

    +
    +
    key:string
    + +
    +

    Specifies the MAC key as an alphanumeric string (use if the key contains +printable characters only). +The string length must conform to any restrictions of the MAC algorithm. +A key must be specified for every MAC algorithm.

    +
    +
    hexkey:string
    + +
    +

    Specifies the MAC key in hexadecimal form (two hex digits per byte). +The key length must conform to any restrictions of the MAC algorithm. +A key must be specified for every MAC algorithm.

    +
    +
    digest:string
    + +
    +

    Used by HMAC as an alphanumeric string (use if the key contains printable +characters only). +The string length must conform to any restrictions of the MAC algorithm. +To see the list of supported digests, use openssl list -digest-commands.

    +
    +
    cipher:string
    + +
    +

    Used by CMAC and GMAC to specify the cipher algorithm. +For CMAC it must be one of AES-128-CBC, AES-192-CBC, AES-256-CBC or +DES-EDE3-CBC. +For GMAC it should be a GCM mode cipher e.g. AES-128-GCM.

    +
    +
    iv:string
    + +
    +

    Used by GMAC to specify an IV as an alphanumeric string (use if the IV contains +printable characters only).

    +
    +
    hexiv:string
    + +
    +

    Used by GMAC to specify an IV in hexadecimal form (two hex digits per byte).

    +
    +
    size:int
    + +
    +

    Used by KMAC128 or KMAC256 to specify an output length. +The default sizes are 32 or 64 bytes respectively.

    +
    +
    custom:string
    + +
    +

    Used by KMAC128 or KMAC256 to specify a customization string. +The default is the empty string "".

    +
    +
    +
    +
    mac_name
    + +
    +

    Specifies the name of a supported MAC algorithm which will be used. +To see the list of supported MAC's use the command opensssl list +-mac-algorithms.

    +
    +
    +

    +

    +
    +

    EXAMPLES

    +

    To create a hex-encoded HMAC-SHA1 MAC of a file and write to stdout: \ + openssl mac -macopt digest:SHA1 \ + -macopt hexkey:000102030405060708090A0B0C0D0E0F10111213 \ + -in msg.bin HMAC

    +

    To create a SipHash MAC from a file with a binary file output: \ + openssl mac -macopt hexkey:000102030405060708090A0B0C0D0E0F \ + -in msg.bin -out out.bin -binary SipHash

    +

    To create a hex-encoded CMAC-AES-128-CBC MAC from a file:\ + openssl mac -macopt cipher:AES-128-CBC \ + -macopt hexkey:77A77FAF290C1FA30C683DF16BA7A77B \ + -in msg.bin CMAC

    +

    To create a hex-encoded KMAC128 MAC from a file with a Customisation String +'Tag' and output length of 16: \ + openssl mac -macopt custom:Tag -macopt hexkey:40414243444546 \ + -macopt size:16 -in msg.bin KMAC128

    +

    To create a hex-encoded GMAC-AES-128-GCM with a IV from a file: \ + openssl mac -macopt cipher:AES-128-GCM -macopt hexiv:E0E00F19FED7BA0136A797F3 \ + -macopt hexkey:77A77FAF290C1FA30C683DF16BA7A77B -in msg.bin GMAC

    +

    +

    +
    +

    NOTES

    +

    The MAC mechanisms that are available will depend on the options +used when building OpenSSL. +Use openssl list -mac-algorithms to list them.

    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +EVP_MAC(3), +EVP_MAC-CMAC(7), +EVP_MAC-GMAC(7), +EVP_MAC-HMAC(7), +EVP_MAC-KMAC(7), +EVP_MAC-Siphash(7), +EVP_MAC-Poly1305(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man1/openssl-nseq.html b/linux_amd64/share/doc/openssl/html/man1/openssl-nseq.html new file mode 100755 index 0000000..91ef163 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man1/openssl-nseq.html @@ -0,0 +1,109 @@ + + + + +openssl-nseq + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    openssl-nseq - create or examine a Netscape certificate sequence

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl nseq +[-help] +[-in filename] +[-out filename] +[-toseq]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command takes a file containing a Netscape certificate +sequence and prints out the certificates contained in it or takes a +file of certificates and converts it into a Netscape certificate +sequence.

    +

    A Netscape certificate sequence is an old Netscape-specific format that +can be sometimes be sent to browsers as an alternative to the standard PKCS#7 +format when several certificates are sent to the browser, for example during +certificate enrollment. It was also used by Netscape certificate server.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -in filename
    + +
    +

    This specifies the input filename to read or standard input if this +option is not specified.

    +
    +
    -out filename
    + +
    +

    Specifies the output filename or standard output by default.

    +
    +
    -toseq
    + +
    +

    Normally a Netscape certificate sequence will be input and the output +is the certificates contained in it. With the -toseq option the +situation is reversed: a Netscape certificate sequence is created from +a file of certificates.

    +
    +
    +

    +

    +
    +

    EXAMPLES

    +

    Output the certificates in a Netscape certificate sequence

    +
    + openssl nseq -in nseq.pem -out certs.pem
    +

    Create a Netscape certificate sequence

    +
    + openssl nseq -in certs.pem -toseq -out nseq.pem
    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man1/openssl-ocsp.html b/linux_amd64/share/doc/openssl/html/man1/openssl-ocsp.html new file mode 100755 index 0000000..6162483 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man1/openssl-ocsp.html @@ -0,0 +1,605 @@ + + + + +openssl-ocsp + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    openssl-ocsp - Online Certificate Status Protocol utility

    +

    +

    +
    +

    SYNOPSIS

    +

    +

    +

    OCSP Client

    +

    openssl ocsp +[-help] +[-out file] +[-issuer file] +[-cert file] +[-serial n] +[-signer file] +[-signkey file] +[-sign_other file] +[-nonce] +[-no_nonce] +[-req_text] +[-resp_text] +[-text] +[-no_certs] +[-reqout file] +[-respout file] +[-reqin file] +[-respin file] +[-url URL] +[-host host:port] +[-header] +[-timeout seconds] +[-path] +[-VAfile file] +[-validity_period n] +[-status_age n] +[-noverify] +[-verify_other file] +[-trust_other] +[-no_intern] +[-no_signature_verify] +[-no_cert_verify] +[-no_chain] +[-no_cert_checks] +[-no_explicit] +[-port num] +[-ignore_err]

    +

    +

    +

    OCSP Server

    +

    openssl ocsp +[-index file] +[-CA file] +[-rsigner file] +[-rkey file] +[-passin arg] +[-rother file] +[-rsigopt nm:v] +[-rmd digest] +[-badsig] +[-resp_no_certs] +[-nmin n] +[-ndays n] +[-resp_key_id] +[-nrequest n] +[-multi process-count] +[-rcid digest] +[-digest] +[-CAfile file] +[-no-CAfile] +[-CApath dir] +[-no-CApath] +[-CAstore uri] +[-no-CAstore] +[-allow_proxy_certs] +[-attime timestamp] +[-no_check_time] +[-check_ss_sig] +[-crl_check] +[-crl_check_all] +[-explicit_policy] +[-extended_crl] +[-ignore_critical] +[-inhibit_any] +[-inhibit_map] +[-partial_chain] +[-policy arg] +[-policy_check] +[-policy_print] +[-purpose purpose] +[-suiteB_128] +[-suiteB_128_only] +[-suiteB_192] +[-trusted_first] +[-no_alt_chains] +[-use_deltas] +[-auth_level num] +[-verify_depth num] +[-verify_email email] +[-verify_hostname hostname] +[-verify_ip ip] +[-verify_name name] +[-x509_strict] +[-issuer_checks]

    +

    +

    +
    +

    DESCRIPTION

    +

    The Online Certificate Status Protocol (OCSP) enables applications to +determine the (revocation) state of an identified certificate (RFC 2560).

    +

    This command performs many common OCSP tasks. It can be used +to print out requests and responses, create requests and send queries +to an OCSP responder and behave like a mini OCSP server itself.

    +

    +

    +
    +

    OPTIONS

    +

    This command operates as either a client or a server. +The options are described below, divided into those two modes.

    +

    +

    +

    OCSP Client Options

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -out filename
    + +
    +

    specify output filename, default is standard output.

    +
    +
    -issuer filename
    + +
    +

    This specifies the current issuer certificate. This option can be used +multiple times. The certificate specified in filename must be in +PEM format. This option MUST come before any -cert options.

    +
    +
    -cert filename
    + +
    +

    Add the certificate filename to the request. The issuer certificate +is taken from the previous -issuer option, or an error occurs if no +issuer certificate is specified.

    +
    +
    -serial num
    + +
    +

    Same as the -cert option except the certificate with serial number +num is added to the request. The serial number is interpreted as a +decimal integer unless preceded by 0x. Negative integers can also +be specified by preceding the value by a - sign.

    +
    +
    -signer filename, -signkey filename
    + +
    +

    Sign the OCSP request using the certificate specified in the -signer +option and the private key specified by the -signkey option. If +the -signkey option is not present then the private key is read +from the same file as the certificate. If neither option is specified then +the OCSP request is not signed.

    +
    +
    -sign_other filename
    + +
    +

    Additional certificates to include in the signed request.

    +
    +
    -nonce, -no_nonce
    + +
    +

    Add an OCSP nonce extension to a request or disable OCSP nonce addition. +Normally if an OCSP request is input using the -reqin option no +nonce is added: using the -nonce option will force addition of a nonce. +If an OCSP request is being created (using -cert and -serial options) +a nonce is automatically added specifying -no_nonce overrides this.

    +
    +
    -req_text, -resp_text, -text
    + +
    +

    Print out the text form of the OCSP request, response or both respectively.

    +
    +
    -reqout file, -respout file
    + +
    +

    Write out the DER encoded certificate request or response to file.

    +
    +
    -reqin file, -respin file
    + +
    +

    Read OCSP request or response file from file. These option are ignored +if OCSP request or response creation is implied by other options (for example +with -serial, -cert and -host options).

    +
    +
    -url responder_url
    + +
    +

    Specify the responder URL. Both HTTP and HTTPS (SSL/TLS) URLs can be specified.

    +
    +
    -host hostname:port, -path pathname
    + +
    +

    If the -host option is present then the OCSP request is sent to the host +hostname on port port. The -path option specifies the HTTP pathname +to use or "/" by default. This is equivalent to specifying -url with scheme +http:// and the given hostname, port, and pathname.

    +
    +
    -header name=value
    + +
    +

    Adds the header name with the specified value to the OCSP request +that is sent to the responder. +This may be repeated.

    +
    +
    -timeout seconds
    + +
    +

    Connection timeout to the OCSP responder in seconds. +On POSIX systems, when running as an OCSP responder, this option also limits +the time that the responder is willing to wait for the client request. +This time is measured from the time the responder accepts the connection until +the complete request is received.

    +
    +
    -verify_other file
    + +
    +

    File containing additional certificates to search when attempting to locate +the OCSP response signing certificate. Some responders omit the actual signer's +certificate from the response: this option can be used to supply the necessary +certificate in such cases.

    +
    +
    -trust_other
    + +
    +

    The certificates specified by the -verify_other option should be explicitly +trusted and no additional checks will be performed on them. This is useful +when the complete responder certificate chain is not available or trusting a +root CA is not appropriate.

    +
    +
    -VAfile file
    + +
    +

    File containing explicitly trusted responder certificates. Equivalent to the +-verify_other and -trust_other options.

    +
    +
    -noverify
    + +
    +

    Don't attempt to verify the OCSP response signature or the nonce +values. This option will normally only be used for debugging since it +disables all verification of the responders certificate.

    +
    +
    -no_intern
    + +
    +

    Ignore certificates contained in the OCSP response when searching for the +signers certificate. With this option the signers certificate must be specified +with either the -verify_other or -VAfile options.

    +
    +
    -no_signature_verify
    + +
    +

    Don't check the signature on the OCSP response. Since this option +tolerates invalid signatures on OCSP responses it will normally only be +used for testing purposes.

    +
    +
    -no_cert_verify
    + +
    +

    Don't verify the OCSP response signers certificate at all. Since this +option allows the OCSP response to be signed by any certificate it should +only be used for testing purposes.

    +
    +
    -no_chain
    + +
    +

    Do not use certificates in the response as additional untrusted CA +certificates.

    +
    +
    -no_explicit
    + +
    +

    Do not explicitly trust the root CA if it is set to be trusted for OCSP signing.

    +
    +
    -no_cert_checks
    + +
    +

    Don't perform any additional checks on the OCSP response signers certificate. +That is do not make any checks to see if the signers certificate is authorised +to provide the necessary status information: as a result this option should +only be used for testing purposes.

    +
    +
    -validity_period nsec, -status_age age
    + +
    +

    These options specify the range of times, in seconds, which will be tolerated +in an OCSP response. Each certificate status response includes a notBefore +time and an optional notAfter time. The current time should fall between +these two values, but the interval between the two times may be only a few +seconds. In practice the OCSP responder and clients clocks may not be precisely +synchronised and so such a check may fail. To avoid this the +-validity_period option can be used to specify an acceptable error range in +seconds, the default value is 5 minutes.

    +

    If the notAfter time is omitted from a response then this means that new +status information is immediately available. In this case the age of the +notBefore field is checked to see it is not older than age seconds old. +By default this additional check is not performed.

    +
    +
    -rcid digest
    + +
    +

    This option sets the digest algorithm to use for certificate identification +in the OCSP response. Any digest supported by the openssl-dgst(1) command can +be used. The default is the same digest algorithm used in the request.

    +
    +
    -digest
    + +
    +

    This option sets digest algorithm to use for certificate identification in the +OCSP request. Any digest supported by the OpenSSL dgst command can be used. +The default is SHA-1. This option may be used multiple times to specify the +digest used by subsequent certificate identifiers.

    +
    +
    -CAfile file, -no-CAfile, -CApath dir, -no-CApath, +-CAstore uri, -no-CAstore
    + +
    +

    See openssl(1)/Trusted Certificate Options for details.

    +
    +
    -allow_proxy_certs, -attime, -no_check_time, +-check_ss_sig, -crl_check, -crl_check_all, +-explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, +-inhibit_map, -no_alt_chains, -partial_chain, -policy, +-policy_check, -policy_print, -purpose, -suiteB_128, +-suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, +-auth_level, -verify_depth, -verify_email, -verify_hostname, +-verify_ip, -verify_name, -x509_strict -issuer_checks
    + +
    +

    Set various options of certificate chain verification. +See openssl(1)/Verification Options for details.

    +
    +
    +

    +

    +

    OCSP Server Options

    +
    +
    -index indexfile
    + +
    +

    The indexfile parameter is the name of a text index file in ca +format containing certificate revocation information.

    +

    If the -index option is specified then this command switches to +responder mode, otherwise it is in client mode. The request(s) the responder +processes can be either specified on the command line (using -issuer +and -serial options), supplied in a file (using the -reqin option) +or via external OCSP clients (if -port or -url is specified).

    +

    If the -index option is present then the -CA and -rsigner options +must also be present.

    +
    +
    -CA file
    + +
    +

    CA certificate corresponding to the revocation information in the index +file given with -index.

    +
    +
    -rsigner file
    + +
    +

    The certificate to sign OCSP responses with.

    +
    +
    -rkey file
    + +
    +

    The private key to sign OCSP responses with: if not present the file +specified in the -rsigner option is used.

    +
    +
    -passin arg
    + +
    +

    The private key password source. For more information about the format of arg +see openssl(1)/Pass Phrase Options.

    +
    +
    -rother file
    + +
    +

    Additional certificates to include in the OCSP response.

    +
    +
    -rsigopt nm:v
    + +
    +

    Pass options to the signature algorithm when signing OCSP responses. +Names and values of these options are algorithm-specific.

    +
    +
    -rmd digest
    + +
    +

    The digest to use when signing the response.

    +
    +
    -badsig
    + +
    +

    Corrupt the response signature before writing it; this can be useful +for testing.

    +
    +
    -resp_no_certs
    + +
    +

    Don't include any certificates in the OCSP response.

    +
    +
    -resp_key_id
    + +
    +

    Identify the signer certificate using the key ID, default is to use the +subject name.

    +
    +
    -port portnum
    + +
    +

    Port to listen for OCSP requests on. The port may also be specified +using the url option.

    +
    +
    -ignore_err
    + +
    +

    Ignore malformed requests or responses: When acting as an OCSP client, retry if +a malformed response is received. When acting as an OCSP responder, continue +running instead of terminating upon receiving a malformed request.

    +
    +
    -nrequest number
    + +
    +

    The OCSP server will exit after receiving number requests, default unlimited.

    +
    +
    -multi process-count
    + +
    +

    Run the specified number of OCSP responder child processes, with the parent +process respawning child processes as needed. +Child processes will detect changes in the CA index file and automatically +reload it. +When running as a responder -timeout option is recommended to limit the time +each child is willing to wait for the client's OCSP response. +This option is available on POSIX systems (that support the fork() and other +required unix system-calls).

    +
    +
    -nmin minutes, -ndays days
    + +
    +

    Number of minutes or days when fresh revocation information is available: +used in the nextUpdate field. If neither option is present then the +nextUpdate field is omitted meaning fresh revocation information is +immediately available.

    +
    +
    +

    +

    +
    +

    OCSP RESPONSE VERIFICATION

    +

    OCSP Response follows the rules specified in RFC2560.

    +

    Initially the OCSP responder certificate is located and the signature on +the OCSP request checked using the responder certificate's public key.

    +

    Then a normal certificate verify is performed on the OCSP responder certificate +building up a certificate chain in the process. The locations of the trusted +certificates used to build the chain can be specified by the -CAfile, +-CApath or -CAstore options or they will be looked for in the +standard OpenSSL certificates directory.

    +

    If the initial verify fails then the OCSP verify process halts with an +error.

    +

    Otherwise the issuing CA certificate in the request is compared to the OCSP +responder certificate: if there is a match then the OCSP verify succeeds.

    +

    Otherwise the OCSP responder certificate's CA is checked against the issuing +CA certificate in the request. If there is a match and the OCSPSigning +extended key usage is present in the OCSP responder certificate then the +OCSP verify succeeds.

    +

    Otherwise, if -no_explicit is not set the root CA of the OCSP responders +CA is checked to see if it is trusted for OCSP signing. If it is the OCSP +verify succeeds.

    +

    If none of these checks is successful then the OCSP verify fails.

    +

    What this effectively means if that if the OCSP responder certificate is +authorised directly by the CA it is issuing revocation information about +(and it is correctly configured) then verification will succeed.

    +

    If the OCSP responder is a "global responder" which can give details about +multiple CAs and has its own separate certificate chain then its root +CA can be trusted for OCSP signing. For example:

    +
    + openssl x509 -in ocspCA.pem -addtrust OCSPSigning -out trustedCA.pem
    +

    Alternatively the responder certificate itself can be explicitly trusted +with the -VAfile option.

    +

    +

    +
    +

    NOTES

    +

    As noted, most of the verify options are for testing or debugging purposes. +Normally only the -CApath, -CAfile, -CAstore and (if the responder +is a 'global VA') -VAfile options need to be used.

    +

    The OCSP server is only useful for test and demonstration purposes: it is +not really usable as a full OCSP responder. It contains only a very +simple HTTP request handling and can only handle the POST form of OCSP +queries. It also handles requests serially meaning it cannot respond to +new requests until it has processed the current one. The text index file +format of revocation is also inefficient for large quantities of revocation +data.

    +

    It is possible to run this command in responder mode via a CGI +script using the -reqin and -respout options.

    +

    +

    +
    +

    EXAMPLES

    +

    Create an OCSP request and write it to a file:

    +
    + openssl ocsp -issuer issuer.pem -cert c1.pem -cert c2.pem -reqout req.der
    +

    Send a query to an OCSP responder with URL http://ocsp.myhost.com/ save the +response to a file, print it out in text form, and verify the response:

    +
    + openssl ocsp -issuer issuer.pem -cert c1.pem -cert c2.pem \
+     -url http://ocsp.myhost.com/ -resp_text -respout resp.der
    +

    Read in an OCSP response and print out text form:

    +
    + openssl ocsp -respin resp.der -text -noverify
    +

    OCSP server on port 8888 using a standard ca configuration, and a separate +responder certificate. All requests and responses are printed to a file.

    +
    + openssl ocsp -index demoCA/index.txt -port 8888 -rsigner rcert.pem -CA demoCA/cacert.pem
+        -text -out log.txt
    +

    As above but exit after processing one request:

    +
    + openssl ocsp -index demoCA/index.txt -port 8888 -rsigner rcert.pem -CA demoCA/cacert.pem
+     -nrequest 1
    +

    Query status information using an internally generated request:

    +
    + openssl ocsp -index demoCA/index.txt -rsigner rcert.pem -CA demoCA/cacert.pem
+     -issuer demoCA/cacert.pem -serial 1
    +

    Query status information using request read from a file, and write the response +to a second file.

    +
    + openssl ocsp -index demoCA/index.txt -rsigner rcert.pem -CA demoCA/cacert.pem
+     -reqin req.der -respout resp.der
    +

    +

    +
    +

    HISTORY

    +

    The -no_alt_chains option was added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man1/openssl-passwd.html b/linux_amd64/share/doc/openssl/html/man1/openssl-passwd.html new file mode 100755 index 0000000..63624ef --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man1/openssl-passwd.html @@ -0,0 +1,178 @@ + + + + +openssl-passwd + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    openssl-passwd - compute password hashes

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl passwd +[-help] +[-crypt] +[-1] +[-apr1] +[-aixmd5] +[-5] +[-6] +[-salt string] +[-in file] +[-stdin] +[-noverify] +[-quiet] +[-table] +[-reverse] +[-rand files] +[-writerand file] +[password]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command computes the hash of a password typed at +run-time or the hash of each password in a list. The password list is +taken from the named file for option -in, from stdin for +option -stdin, or from the command line, or from the terminal otherwise. +The Unix standard algorithm -crypt and the MD5-based BSD password +algorithm -1, its Apache variant -apr1, and its AIX variant are +available.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -crypt
    + +
    +

    Use the crypt algorithm (default).

    +
    +
    -1
    + +
    +

    Use the MD5 based BSD password algorithm 1.

    +
    +
    -apr1
    + +
    +

    Use the apr1 algorithm (Apache variant of the BSD algorithm).

    +
    +
    -aixmd5
    + +
    +

    Use the AIX MD5 algorithm (AIX variant of the BSD algorithm).

    +
    +
    -5
    + +
    -6
    + +
    +

    Use the SHA256 / SHA512 based algorithms defined by Ulrich Drepper. +See https://www.akkadia.org/drepper/SHA-crypt.txt.

    +
    +
    -salt string
    + +
    +

    Use the specified salt. +When reading a password from the terminal, this implies -noverify.

    +
    +
    -in file
    + +
    +

    Read passwords from file.

    +
    +
    -stdin
    + +
    +

    Read passwords from stdin.

    +
    +
    -noverify
    + +
    +

    Don't verify when reading a password from the terminal.

    +
    +
    -quiet
    + +
    +

    Don't output warnings when passwords given at the command line are truncated.

    +
    +
    -table
    + +
    +

    In the output list, prepend the cleartext password and a TAB character +to each password hash.

    +
    +
    -reverse
    + +
    +

    When the -table option is used, reverse the order of cleartext and hash.

    +
    +
    -rand files, -writerand file
    + +
    +

    See openssl(1)/Random State Options for details.

    +
    +
    +

    +

    +
    +

    EXAMPLES

    +
    +  % openssl passwd -crypt -salt xx password
+  xxj31ZMTZzkVA
    +
    +  % openssl passwd -1 -salt xxxxxxxx password
+  $1$xxxxxxxx$UYCIxa628.9qXjpQCjM4a.
    +
    +  % openssl passwd -apr1 -salt xxxxxxxx password
+  $apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0
    +
    +  % openssl passwd -aixmd5 -salt xxxxxxxx password
+  xxxxxxxx$8Oaipk/GPKhC64w/YVeFD/
    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man1/openssl-pkcs12.html b/linux_amd64/share/doc/openssl/html/man1/openssl-pkcs12.html new file mode 100755 index 0000000..f225c8d --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man1/openssl-pkcs12.html @@ -0,0 +1,458 @@ + + + + +openssl-pkcs12 + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    openssl-pkcs12 - PKCS#12 file utility

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl pkcs12 +[-help] +[-export] +[-chain] +[-inkey file_or_id] +[-certfile filename] +[-name name] +[-caname name] +[-in filename] +[-out filename] +[-noout] +[-nomacver] +[-nocerts] +[-clcerts] +[-cacerts] +[-nokeys] +[-info] +[-des] +[-des3] +[-idea] +[-aes128] +[-aes192] +[-aes256] +[-aria128] +[-aria192] +[-aria256] +[-camellia128] +[-camellia192] +[-camellia256] +[-nodes] +[-iter count] +[-noiter] +[-nomaciter] +[-maciter] +[-nomac] +[-twopass] +[-descert] +[-certpbe cipher] +[-keypbe cipher] +[-macalg digest] +[-keyex] +[-keysig] +[-password arg] +[-passin arg] +[-passout arg] +[-LMK] +[-CSP name] +[-CAfile file] +[-no-CAfile] +[-CApath dir] +[-no-CApath] +[-CAstore uri] +[-no-CAstore] +[-rand files] +[-writerand file] +[-engine id]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command allows PKCS#12 files (sometimes referred to as +PFX files) to be created and parsed. PKCS#12 files are used by several +programs including Netscape, MSIE and MS Outlook.

    +

    +

    +
    +

    OPTIONS

    +

    There are a lot of options the meaning of some depends of whether a PKCS#12 file +is being created or parsed. By default a PKCS#12 file is parsed. A PKCS#12 +file can be created by using the -export option (see below).

    +

    +

    +
    +

    PARSING OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -in filename
    + +
    +

    This specifies filename of the PKCS#12 file to be parsed. Standard input is used +by default.

    +
    +
    -out filename
    + +
    +

    The filename to write certificates and private keys to, standard output by +default. They are all written in PEM format.

    +
    +
    -password arg
    + +
    +

    With -export, -password is equivalent to -passout, +otherwise it is equivalent to -passin.

    +
    +
    -noout
    + +
    +

    This option inhibits output of the keys and certificates to the output file +version of the PKCS#12 file.

    +
    +
    -clcerts
    + +
    +

    Only output client certificates (not CA certificates).

    +
    +
    -cacerts
    + +
    +

    Only output CA certificates (not client certificates).

    +
    +
    -nocerts
    + +
    +

    No certificates at all will be output.

    +
    +
    -nokeys
    + +
    +

    No private keys will be output.

    +
    +
    -info
    + +
    +

    Output additional information about the PKCS#12 file structure, algorithms +used and iteration counts.

    +
    +
    -des
    + +
    +

    Use DES to encrypt private keys before outputting.

    +
    +
    -des3
    + +
    +

    Use triple DES to encrypt private keys before outputting, this is the default.

    +
    +
    -idea
    + +
    +

    Use IDEA to encrypt private keys before outputting.

    +
    +
    -aes128, -aes192, -aes256
    + +
    +

    Use AES to encrypt private keys before outputting.

    +
    +
    -aria128, -aria192, -aria256
    + +
    +

    Use ARIA to encrypt private keys before outputting.

    +
    +
    -camellia128, -camellia192, -camellia256
    + +
    +

    Use Camellia to encrypt private keys before outputting.

    +
    +
    -nodes
    + +
    +

    Don't encrypt the private keys at all.

    +
    +
    -nomacver
    + +
    +

    Don't attempt to verify the integrity MAC before reading the file.

    +
    +
    -twopass
    + +
    +

    Prompt for separate integrity and encryption passwords: most software +always assumes these are the same so this option will render such +PKCS#12 files unreadable. Cannot be used in combination with the options +-password, -passin if importing, or -passout if exporting.

    +
    +
    +

    +

    +
    +

    FILE CREATION OPTIONS

    +
    +
    -export
    + +
    +

    This option specifies that a PKCS#12 file will be created rather than +parsed.

    +
    +
    -out filename
    + +
    +

    This specifies filename to write the PKCS#12 file to. Standard output is used +by default.

    +
    +
    -in filename
    + +
    +

    The filename to read certificates and private keys from, standard input by +default. They must all be in PEM format. The order doesn't matter but one +private key and its corresponding certificate should be present. If additional +certificates are present they will also be included in the PKCS#12 file.

    +
    +
    -inkey file_or_id
    + +
    +

    File to read private key from. If not present then a private key must be present +in the input file. +If no engine is used, the argument is taken as a file; if an engine is +specified, the argument is given to the engine as a key identifier.

    +
    +
    -name friendlyname
    + +
    +

    This specifies the "friendly name" for the certificate and private key. This +name is typically displayed in list boxes by software importing the file.

    +
    +
    -certfile filename
    + +
    +

    A filename to read additional certificates from.

    +
    +
    -caname friendlyname
    + +
    +

    This specifies the "friendly name" for other certificates. This option may be +used multiple times to specify names for all certificates in the order they +appear. Netscape ignores friendly names on other certificates whereas MSIE +displays them.

    +
    +
    -passin arg, -passout arg
    + +
    +

    The password source for the input, and for encrypting any private keys that +are output. +For more information about the format of arg +see openssl(1)/Pass Phrase Options.

    +
    +
    -chain
    + +
    +

    If this option is present then an attempt is made to include the entire +certificate chain of the user certificate. The standard CA store is used +for this search. If the search fails it is considered a fatal error.

    +
    +
    -descert
    + +
    +

    Encrypt the certificate using triple DES, this may render the PKCS#12 +file unreadable by some "export grade" software. By default the private +key is encrypted using triple DES and the certificate using 40 bit RC2 +unless RC2 is disabled in which case triple DES is used.

    +
    +
    -keypbe alg, -certpbe alg
    + +
    +

    These options allow the algorithm used to encrypt the private key and +certificates to be selected. Any PKCS#5 v1.5 or PKCS#12 PBE algorithm name +can be used (see NOTES section for more information). If a cipher name +(as output by openssl list -cipher-algorithms) is specified then it +is used with PKCS#5 v2.0. For interoperability reasons it is advisable to only +use PKCS#12 algorithms.

    +
    +
    -keyex|-keysig
    + +
    +

    Specifies that the private key is to be used for key exchange or just signing. +This option is only interpreted by MSIE and similar MS software. Normally +"export grade" software will only allow 512 bit RSA keys to be used for +encryption purposes but arbitrary length keys for signing. The -keysig +option marks the key for signing only. Signing only keys can be used for +S/MIME signing, authenticode (ActiveX control signing) and SSL client +authentication, however due to a bug only MSIE 5.0 and later support +the use of signing only keys for SSL client authentication.

    +
    +
    -macalg digest
    + +
    +

    Specify the MAC digest algorithm. If not included them SHA1 will be used.

    +
    +
    -iter count
    + +
    +

    This option specifies the iteration count for the encryption key and MAC. The +default value is 2048.

    +

    To discourage attacks by using large dictionaries of common passwords the +algorithm that derives keys from passwords can have an iteration count applied +to it: this causes a certain part of the algorithm to be repeated and slows it +down. The MAC is used to check the file integrity but since it will normally +have the same password as the keys and certificates it could also be attacked.

    +
    +
    -nomaciter, -noiter
    + +
    +

    By default both MAC and encryption iteration counts are set to 2048, using +these options the MAC and encryption iteration counts can be set to 1, since +this reduces the file security you should not use these options unless you +really have to. Most software supports both MAC and key iteration counts. +MSIE 4.0 doesn't support MAC iteration counts so it needs the -nomaciter +option.

    +
    +
    -maciter
    + +
    +

    This option is included for compatibility with previous versions, it used +to be needed to use MAC iterations counts but they are now used by default.

    +
    +
    -nomac
    + +
    +

    Don't attempt to provide the MAC integrity.

    +
    +
    -LMK
    + +
    +

    Add the "Local Key Set" identifier to the attributes.

    +
    +
    -CSP name
    + +
    +

    Write name as a Microsoft CSP name.

    +
    +
    -CAfile file, -no-CAfile, -CApath dir, -no-CApath, +-CAstore uri, -no-CAstore
    + +
    +

    See openssl(1)/Trusted Certificate Options for details.

    +
    +
    -rand files, -writerand file
    + +
    +

    See openssl(1)/Random State Options for details.

    +
    +
    -engine id
    + +
    +

    See openssl(1)/Engine Options.

    +
    +
    +

    +

    +
    +

    NOTES

    +

    Although there are a large number of options most of them are very rarely +used. For PKCS#12 file parsing only -in and -out need to be used +for PKCS#12 file creation -export and -name are also used.

    +

    If none of the -clcerts, -cacerts or -nocerts options are present +then all certificates will be output in the order they appear in the input +PKCS#12 files. There is no guarantee that the first certificate present is +the one corresponding to the private key. Certain software which requires +a private key and certificate and assumes the first certificate in the +file is the one corresponding to the private key: this may not always +be the case. Using the -clcerts option will solve this problem by only +outputting the certificate corresponding to the private key. If the CA +certificates are required then they can be output to a separate file using +the -nokeys -cacerts options to just output CA certificates.

    +

    The -keypbe and -certpbe algorithms allow the precise encryption +algorithms for private keys and certificates to be specified. Normally +the defaults are fine but occasionally software can't handle triple DES +encrypted private keys, then the option -keypbe PBE-SHA1-RC2-40 can +be used to reduce the private key encryption to 40 bit RC2. A complete +description of all algorithms is contained in openssl-pkcs8(1).

    +

    Prior 1.1 release passwords containing non-ASCII characters were encoded +in non-compliant manner, which limited interoperability, in first hand +with Windows. But switching to standard-compliant password encoding +poses problem accessing old data protected with broken encoding. For +this reason even legacy encodings is attempted when reading the +data. If you use PKCS#12 files in production application you are advised +to convert the data, because implemented heuristic approach is not +MT-safe, its sole goal is to facilitate the data upgrade with this +command.

    +

    +

    +
    +

    EXAMPLES

    +

    Parse a PKCS#12 file and output it to a file:

    +
    + openssl pkcs12 -in file.p12 -out file.pem
    +

    Output only client certificates to a file:

    +
    + openssl pkcs12 -in file.p12 -clcerts -out file.pem
    +

    Don't encrypt the private key:

    +
    + openssl pkcs12 -in file.p12 -out file.pem -nodes
    +

    Print some info about a PKCS#12 file:

    +
    + openssl pkcs12 -in file.p12 -info -noout
    +

    Create a PKCS#12 file:

    +
    + openssl pkcs12 -export -in file.pem -out file.p12 -name "My Certificate"
    +

    Include some extra certificates:

    +
    + openssl pkcs12 -export -in file.pem -out file.p12 -name "My Certificate" \
+  -certfile othercerts.pem
    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +openssl-pkcs8(1), +ossl_store-file(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man1/openssl-pkcs7.html b/linux_amd64/share/doc/openssl/html/man1/openssl-pkcs7.html new file mode 100755 index 0000000..80a96e4 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man1/openssl-pkcs7.html @@ -0,0 +1,145 @@ + + + + +openssl-pkcs7 + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    openssl-pkcs7 - PKCS#7 utility

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl pkcs7 +[-help] +[-inform DER|PEM] +[-outform DER|PEM] +[-in filename] +[-out filename] +[-print] +[-print_certs] +[-text] +[-noout] +[-engine id]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command processes PKCS#7 files. Note that it only understands PKCS#7 +v 1.5 as specified in IETF RFC 2315. It cannot currently parse CMS as +described in IETF RFC 2630.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -inform DER|PEM, -outform DER|PEM
    + +
    +

    The input and formats; the default is PEM. +See openssl(1)/Format Options for details.

    +

    The data is a PKCS#7 Version 1.5 structure.

    +
    +
    -in filename
    + +
    +

    This specifies the input filename to read from or standard input if this +option is not specified.

    +
    +
    -out filename
    + +
    +

    Specifies the output filename to write to or standard output by +default.

    +
    +
    -print
    + +
    +

    Print out the full PKCS7 object.

    +
    +
    -print_certs
    + +
    +

    Prints out any certificates or CRLs contained in the file. They are +preceded by their subject and issuer names in one line format.

    +
    +
    -text
    + +
    +

    Prints out certificate details in full rather than just subject and +issuer names.

    +
    +
    -noout
    + +
    +

    Don't output the encoded version of the PKCS#7 structure (or certificates +if -print_certs is set).

    +
    +
    -engine id
    + +
    +

    See openssl(1)/Engine Options.

    +
    +
    +

    +

    +
    +

    EXAMPLES

    +

    Convert a PKCS#7 file from PEM to DER:

    +
    + openssl pkcs7 -in file.pem -outform DER -out file.der
    +

    Output all certificates in a file:

    +
    + openssl pkcs7 -in file.pem -print_certs -out certs.pem
    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +openssl-crl2pkcs7(1)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man1/openssl-pkcs8.html b/linux_amd64/share/doc/openssl/html/man1/openssl-pkcs8.html new file mode 100755 index 0000000..3b494e6 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man1/openssl-pkcs8.html @@ -0,0 +1,330 @@ + + + + +openssl-pkcs8 + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    openssl-pkcs8 - PKCS#8 format private key conversion tool

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl pkcs8 +[-help] +[-topk8] +[-inform DER|PEM] +[-outform DER|PEM] +[-in filename] +[-passin arg] +[-out filename] +[-passout arg] +[-iter count] +[-noiter] +[-nocrypt] +[-traditional] +[-v2 alg] +[-v2prf alg] +[-v1 alg] +[-scrypt] +[-scrypt_N N] +[-scrypt_r r] +[-scrypt_p p] +[-rand files] +[-writerand file] +[-engine id]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command processes private keys in PKCS#8 format. It can handle +both unencrypted PKCS#8 PrivateKeyInfo format and EncryptedPrivateKeyInfo +format with a variety of PKCS#5 (v1.5 and v2.0) and PKCS#12 algorithms.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -topk8
    + +
    +

    Normally a PKCS#8 private key is expected on input and a private key will be +written to the output file. With the -topk8 option the situation is +reversed: it reads a private key and writes a PKCS#8 format key.

    +
    +
    -inform DER|PEM, -outform DER|PEM
    + +
    +

    The input and formats; the default is PEM. +See openssl(1)/Format Options for details.

    +

    If a key is being converted from PKCS#8 form (i.e. the -topk8 option is +not used) then the input file must be in PKCS#8 format. An encrypted +key is expected unless -nocrypt is included.

    +

    If -topk8 is not used and PEM mode is set the output file will be an +unencrypted private key in PKCS#8 format. If the -traditional option is +used then a traditional format private key is written instead.

    +

    If -topk8 is not used and DER mode is set the output file will be an +unencrypted private key in traditional DER format.

    +

    If -topk8 is used then any supported private key can be used for the input +file in a format specified by -inform. The output file will be encrypted +PKCS#8 format using the specified encryption parameters unless -nocrypt +is included.

    +
    +
    -traditional
    + +
    +

    When this option is present and -topk8 is not a traditional format private +key is written.

    +
    +
    -in filename
    + +
    +

    This specifies the input filename to read a key from or standard input if this +option is not specified. If the key is encrypted a pass phrase will be +prompted for.

    +
    +
    -passin arg, -passout arg
    + +
    +

    The password source for the input and output file. +For more information about the format of arg +see openssl(1)/Pass Phrase Options.

    +
    +
    -out filename
    + +
    +

    This specifies the output filename to write a key to or standard output by +default. If any encryption options are set then a pass phrase will be +prompted for. The output filename should not be the same as the input +filename.

    +
    +
    -iter count
    + +
    +

    When creating new PKCS#8 containers, use a given number of iterations on +the password in deriving the encryption key for the PKCS#8 output. +High values increase the time required to brute-force a PKCS#8 container.

    +
    +
    -nocrypt
    + +
    +

    PKCS#8 keys generated or input are normally PKCS#8 EncryptedPrivateKeyInfo +structures using an appropriate password based encryption algorithm. With +this option an unencrypted PrivateKeyInfo structure is expected or output. +This option does not encrypt private keys at all and should only be used +when absolutely necessary. Certain software such as some versions of Java +code signing software used unencrypted private keys.

    +
    +
    -v2 alg
    + +
    +

    This option sets the PKCS#5 v2.0 algorithm.

    +

    The alg argument is the encryption algorithm to use, valid values include +aes128, aes256 and des3. If this option isn't specified then aes256 +is used.

    +
    +
    -v2prf alg
    + +
    +

    This option sets the PRF algorithm to use with PKCS#5 v2.0. A typical value +value would be hmacWithSHA256. If this option isn't set then the default +for the cipher is used or hmacWithSHA256 if there is no default.

    +

    Some implementations may not support custom PRF algorithms and may require +the hmacWithSHA1 option to work.

    +
    +
    -v1 alg
    + +
    +

    This option indicates a PKCS#5 v1.5 or PKCS#12 algorithm should be used. Some +older implementations may not support PKCS#5 v2.0 and may require this option. +If not specified PKCS#5 v2.0 form is used.

    +
    +
    -scrypt
    + +
    +

    Uses the scrypt algorithm for private key encryption using default +parameters: currently N=16384, r=8 and p=1 and AES in CBC mode with a 256 bit +key. These parameters can be modified using the -scrypt_N, -scrypt_r, +-scrypt_p and -v2 options.

    +
    +
    -scrypt_N N, -scrypt_r r, -scrypt_p p
    + +
    +

    Sets the scrypt N, r or p parameters.

    +
    +
    -rand files, -writerand file
    + +
    +

    See openssl(1)/Random State Options for details.

    +
    +
    -engine id
    + +
    +

    See openssl(1)/Engine Options.

    +
    +
    +

    +

    +
    +

    NOTES

    +

    By default, when converting a key to PKCS#8 format, PKCS#5 v2.0 using 256 bit +AES with HMAC and SHA256 is used.

    +

    Some older implementations do not support PKCS#5 v2.0 format and require +the older PKCS#5 v1.5 form instead, possibly also requiring insecure weak +encryption algorithms such as 56 bit DES.

    +

    Private keys encrypted using PKCS#5 v2.0 algorithms and high iteration +counts are more secure that those encrypted using the traditional +SSLeay compatible formats. So if additional security is considered +important the keys should be converted.

    +

    It is possible to write out DER encoded encrypted private keys in +PKCS#8 format because the encryption details are included at an ASN1 +level whereas the traditional format includes them at a PEM level.

    +

    +

    +
    +

    PKCS#5 V1.5 AND PKCS#12 ALGORITHMS

    +

    Various algorithms can be used with the -v1 command line option, +including PKCS#5 v1.5 and PKCS#12. These are described in more detail +below.

    +
    +
    PBE-MD2-DES PBE-MD5-DES
    + +
    +

    These algorithms were included in the original PKCS#5 v1.5 specification. +They only offer 56 bits of protection since they both use DES.

    +
    +
    PBE-SHA1-RC2-64, PBE-MD2-RC2-64, PBE-MD5-RC2-64, PBE-SHA1-DES
    + +
    +

    These algorithms are not mentioned in the original PKCS#5 v1.5 specification +but they use the same key derivation algorithm and are supported by some +software. They are mentioned in PKCS#5 v2.0. They use either 64 bit RC2 or +56 bit DES.

    +
    +
    PBE-SHA1-RC4-128, PBE-SHA1-RC4-40, PBE-SHA1-3DES, PBE-SHA1-2DES, PBE-SHA1-RC2-128, PBE-SHA1-RC2-40
    + +
    +

    These algorithms use the PKCS#12 password based encryption algorithm and +allow strong encryption algorithms like triple DES or 128 bit RC2 to be used.

    +
    +
    +

    +

    +
    +

    EXAMPLES

    +

    Convert a private key to PKCS#8 format using default parameters (AES with +256 bit key and hmacWithSHA256):

    +
    + openssl pkcs8 -in key.pem -topk8 -out enckey.pem
    +

    Convert a private key to PKCS#8 unencrypted format:

    +
    + openssl pkcs8 -in key.pem -topk8 -nocrypt -out enckey.pem
    +

    Convert a private key to PKCS#5 v2.0 format using triple DES:

    +
    + openssl pkcs8 -in key.pem -topk8 -v2 des3 -out enckey.pem
    +

    Convert a private key to PKCS#5 v2.0 format using AES with 256 bits in CBC +mode and hmacWithSHA512 PRF:

    +
    + openssl pkcs8 -in key.pem -topk8 -v2 aes-256-cbc -v2prf hmacWithSHA512 -out enckey.pem
    +

    Convert a private key to PKCS#8 using a PKCS#5 1.5 compatible algorithm +(DES):

    +
    + openssl pkcs8 -in key.pem -topk8 -v1 PBE-MD5-DES -out enckey.pem
    +

    Convert a private key to PKCS#8 using a PKCS#12 compatible algorithm +(3DES):

    +
    + openssl pkcs8 -in key.pem -topk8 -out enckey.pem -v1 PBE-SHA1-3DES
    +

    Read a DER unencrypted PKCS#8 format private key:

    +
    + openssl pkcs8 -inform DER -nocrypt -in key.der -out key.pem
    +

    Convert a private key from any PKCS#8 encrypted format to traditional format:

    +
    + openssl pkcs8 -in pk8.pem -traditional -out key.pem
    +

    Convert a private key to PKCS#8 format, encrypting with AES-256 and with +one million iterations of the password:

    +
    + openssl pkcs8 -in key.pem -topk8 -v2 aes-256-cbc -iter 1000000 -out pk8.pem
    +

    +

    +
    +

    STANDARDS

    +

    Test vectors from this PKCS#5 v2.0 implementation were posted to the +pkcs-tng mailing list using triple DES, DES and RC2 with high iteration +counts, several people confirmed that they could decrypt the private +keys produced and Therefore it can be assumed that the PKCS#5 v2.0 +implementation is reasonably accurate at least as far as these +algorithms are concerned.

    +

    The format of PKCS#8 DSA (and other) private keys is not well documented: +it is hidden away in PKCS#11 v2.01, section 11.9. OpenSSL's default DSA +PKCS#8 private key format complies with this standard.

    +

    +

    +
    +

    BUGS

    +

    There should be an option that prints out the encryption algorithm +in use and other details such as the iteration count.

    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +openssl-dsa(1), +openssl-rsa(1), +openssl-genrsa(1), +openssl-gendsa(1)

    +

    +

    +
    +

    HISTORY

    +

    The -iter option was added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man1/openssl-pkey.html b/linux_amd64/share/doc/openssl/html/man1/openssl-pkey.html new file mode 100755 index 0000000..23d61b8 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man1/openssl-pkey.html @@ -0,0 +1,240 @@ + + + + +openssl-pkey + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    openssl-pkey - public or private key processing tool

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl pkey +[-help] +[-inform DER|PEM] +[-outform DER|PEM] +[-in filename] +[-passin arg] +[-out filename] +[-passout arg] +[-traditional] +[-cipher] +[-text] +[-text_pub] +[-noout] +[-pubin] +[-pubout] +[-check] +[-pubcheck] +[-ec_conv_form arg] +[-ec_param_enc arg] +[-engine id]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command processes public or private keys. They can be +converted between various forms and their components printed out.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -inform DER|PEM, -outform DER|PEM
    + +
    +

    The input and formats; the default is PEM. +See openssl(1)/Format Options for details.

    +
    +
    -in filename
    + +
    +

    This specifies the input filename to read a key from or standard input if this +option is not specified. If the key is encrypted a pass phrase will be +prompted for.

    +
    +
    -passin arg, -passout arg
    + +
    +

    The password source for the input and output file. +For more information about the format of arg +see openssl(1)/Pass Phrase Options.

    +
    +
    -out filename
    + +
    +

    This specifies the output filename to write a key to or standard output if this +option is not specified. If any encryption options are set then a pass phrase +will be prompted for. The output filename should not be the same as the input +filename.

    +
    +
    -traditional
    + +
    +

    Normally a private key is written using standard format: this is PKCS#8 form +with the appropriate encryption algorithm (if any). If the -traditional +option is specified then the older "traditional" format is used instead.

    +
    +
    -cipher
    + +
    +

    These options encrypt the private key with the supplied cipher. Any algorithm +name accepted by EVP_get_cipherbyname() is acceptable such as des3.

    +
    +
    -text
    + +
    +

    Prints out the various public or private key components in +plain text in addition to the encoded version.

    +
    +
    -text_pub
    + +
    +

    Print out only public key components even if a private key is being processed.

    +
    +
    -noout
    + +
    +

    Do not output the encoded version of the key.

    +
    +
    -pubin
    + +
    +

    By default a private key is read from the input file: with this +option a public key is read instead.

    +
    +
    -pubout
    + +
    +

    By default a private key is output: with this option a public +key will be output instead. This option is automatically set if +the input is a public key.

    +
    +
    -check
    + +
    +

    This option checks the consistency of a key pair for both public and private +components.

    +
    +
    -pubcheck
    + +
    +

    This option checks the correctness of either a public key or the public component +of a key pair.

    +
    +
    -ec_conv_form arg
    + +
    +

    This option only applies to elliptic curve based public and private keys.

    +

    This specifies how the points on the elliptic curve are converted +into octet strings. Possible values are: compressed (the default +value), uncompressed and hybrid. For more information regarding +the point conversion forms please read the X9.62 standard. +Note Due to patent issues the compressed option is disabled +by default for binary curves and can be enabled by defining +the preprocessor macro OPENSSL_EC_BIN_PT_COMP at compile time.

    +
    +
    -ec_param_enc arg
    + +
    +

    This option only applies to elliptic curve based public and private keys.

    +

    This specifies how the elliptic curve parameters are encoded. +Possible value are: named_curve, i.e. the ec parameters are +specified by an OID, or explicit where the ec parameters are +explicitly given (see RFC 3279 for the definition of the +EC parameters structures). The default value is named_curve. +Note the implicitlyCA alternative, as specified in RFC 3279, +is currently not implemented in OpenSSL.

    +
    +
    -engine id
    + +
    +

    See openssl(1)/Engine Options.

    +
    +
    +

    +

    +
    +

    EXAMPLES

    +

    To remove the pass phrase on a private key:

    +
    + openssl pkey -in key.pem -out keyout.pem
    +

    To encrypt a private key using triple DES:

    +
    + openssl pkey -in key.pem -des3 -out keyout.pem
    +

    To convert a private key from PEM to DER format:

    +
    + openssl pkey -in key.pem -outform DER -out keyout.der
    +

    To print out the components of a private key to standard output:

    +
    + openssl pkey -in key.pem -text -noout
    +

    To print out the public components of a private key to standard output:

    +
    + openssl pkey -in key.pem -text_pub -noout
    +

    To just output the public part of a private key:

    +
    + openssl pkey -in key.pem -pubout -out pubkey.pem
    +

    To change the EC parameters encoding to explicit:

    +
    + openssl pkey -in key.pem -ec_param_enc explicit -out keyout.pem
    +

    To change the EC point conversion form to compressed:

    +
    + openssl pkey -in key.pem -ec_conv_form compressed -out keyout.pem
    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +openssl-genpkey(1), +openssl-rsa(1), +openssl-pkcs8(1), +openssl-dsa(1), +openssl-genrsa(1), +openssl-gendsa(1)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man1/openssl-pkeyparam.html b/linux_amd64/share/doc/openssl/html/man1/openssl-pkeyparam.html new file mode 100755 index 0000000..721e5b4 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man1/openssl-pkeyparam.html @@ -0,0 +1,135 @@ + + + + +openssl-pkeyparam + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    openssl-pkeyparam - public key algorithm parameter processing tool

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl pkeyparam +[-help] +[-in filename] +[-out filename] +[-text] +[-noout] +[-check] +[-engine id]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command processes public key algorithm parameters. +They can be checked for correctness and their components printed out.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -in filename
    + +
    +

    This specifies the input filename to read parameters from or standard input if +this option is not specified.

    +
    +
    -out filename
    + +
    +

    This specifies the output filename to write parameters to or standard output if +this option is not specified.

    +
    +
    -text
    + +
    +

    Prints out the parameters in plain text in addition to the encoded version.

    +
    +
    -noout
    + +
    +

    Do not output the encoded version of the parameters.

    +
    +
    -check
    + +
    +

    This option checks the correctness of parameters.

    +
    +
    -engine id
    + +
    +

    See openssl(1)/Engine Options.

    +
    +
    +

    +

    +
    +

    EXAMPLES

    +

    Print out text version of parameters:

    +
    + openssl pkeyparam -in param.pem -text
    +

    +

    +
    +

    NOTES

    +

    There are no -inform or -outform options for this command because only +PEM format is supported because the key type is determined by the PEM headers.

    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +openssl-genpkey(1), +openssl-rsa(1), +openssl-pkcs8(1), +openssl-dsa(1), +openssl-genrsa(1), +openssl-gendsa(1)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man1/openssl-pkeyutl.html b/linux_amd64/share/doc/openssl/html/man1/openssl-pkeyutl.html new file mode 100755 index 0000000..ca01c54 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man1/openssl-pkeyutl.html @@ -0,0 +1,480 @@ + + + + +openssl-pkeyutl + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    openssl-pkeyutl - public key algorithm utility

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl pkeyutl +[-help] +[-in file] +[-rawin] +[-digest algorithm] +[-out file] +[-sigfile file] +[-inkey file] +[-keyform DER|PEM|ENGINE] +[-passin arg] +[-peerkey file] +[-peerform DER|PEM|ENGINE] +[-pubin] +[-certin] +[-rev] +[-sign] +[-verify] +[-verifyrecover] +[-encrypt] +[-decrypt] +[-derive] +[-kdf algorithm] +[-kdflen length] +[-pkeyopt opt:value] +[-pkeyopt_passin opt[:passarg]] +[-hexdump] +[-asn1parse] +[-engine id] +[-engine_impl] +[-rand files] +[-writerand file]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command can be used to perform low level public key +operations using any supported algorithm.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -in filename
    + +
    +

    This specifies the input filename to read data from or standard input +if this option is not specified.

    +
    +
    -rawin
    + +
    +

    This indicates that the input data is raw data, which is not hashed by any +message digest algorithm. The user can specify a digest algorithm by using +the -digest option. This option can only be used with -sign and +-verify and must be used with the Ed25519 and Ed448 algorithms.

    +
    +
    -digest algorithm
    + +
    +

    This specifies the digest algorithm which is used to hash the input data before +signing or verifying it with the input key. This option could be omitted if the +signature algorithm does not require one (for instance, EdDSA). If this option +is omitted but the signature algorithm requires one, a default value will be +used. For signature algorithms like RSA, DSA and ECDSA, SHA-256 will be the +default digest algorithm. For SM2, it will be SM3. If this option is present, +then the -rawin option must be also specified.

    +
    +
    -out filename
    + +
    +

    Specifies the output filename to write to or standard output by +default.

    +
    +
    -sigfile file
    + +
    +

    Signature file, required for -verify operations only

    +
    +
    -inkey file
    + +
    +

    The input key file, by default it should be a private key.

    +
    +
    -keyform DER|PEM|ENGINE
    + +
    +

    The key format; the default is PEM. +See openssl(1)/Format Options for details.

    +
    +
    -passin arg
    + +
    +

    The input key password source. For more information about the format of arg +see openssl(1)/Pass Phrase Options.

    +
    +
    -peerkey file
    + +
    +

    The peer key file, used by key derivation (agreement) operations.

    +
    +
    -peerform DER|PEM|ENGINE
    + +
    +

    The peer key format; the default is PEM. +See openssl(1)/Format Options for details.

    +
    +
    -pubin
    + +
    +

    The input file is a public key.

    +
    +
    -certin
    + +
    +

    The input is a certificate containing a public key.

    +
    +
    -rev
    + +
    +

    Reverse the order of the input buffer. This is useful for some libraries +(such as CryptoAPI) which represent the buffer in little endian format.

    +
    +
    -sign
    + +
    +

    Sign the input data (which must be a hash) and output the signed result. This +requires a private key.

    +
    +
    -verify
    + +
    +

    Verify the input data (which must be a hash) against the signature file and +indicate if the verification succeeded or failed.

    +
    +
    -verifyrecover
    + +
    +

    Verify the input data (which must be a hash) and output the recovered data.

    +
    +
    -encrypt
    + +
    +

    Encrypt the input data using a public key.

    +
    +
    -decrypt
    + +
    +

    Decrypt the input data using a private key.

    +
    +
    -derive
    + +
    +

    Derive a shared secret using the peer key.

    +
    +
    -kdf algorithm
    + +
    +

    Use key derivation function algorithm. The supported algorithms are +at present TLS1-PRF and HKDF. +Note: additional parameters and the KDF output length will normally have to be +set for this to work. +See EVP_PKEY_CTX_set_hkdf_md(3) and EVP_PKEY_CTX_set_tls1_prf_md(3) +for the supported string parameters of each algorithm.

    +
    +
    -kdflen length
    + +
    +

    Set the output length for KDF.

    +
    +
    -pkeyopt opt:value
    + +
    +

    Public key options specified as opt:value. See NOTES below for more details.

    +
    +
    -pkeyopt_passin opt[:passarg]
    + +
    +

    Allows reading a public key option opt from stdin or a password source. +If only opt is specified, the user will be prompted to enter a password on +stdin. Alternatively, passarg can be specified which can be any value +supported by openssl(1)/Pass phrase options.

    +
    +
    -hexdump
    + +
    +

    hex dump the output data.

    +
    +
    -asn1parse
    + +
    +

    Parse the ASN.1 output data, this is useful when combined with the +-verifyrecover option when an ASN1 structure is signed.

    +
    +
    -engine id
    + +
    +

    See openssl(1)/Engine Options.

    +
    +
    -engine_impl
    + +
    +

    When used with the -engine option, it specifies to also use +engine id for crypto operations.

    +
    +
    -rand files, -writerand file
    + +
    +

    See openssl(1)/Random State Options for details.

    +
    +
    +

    +

    +
    +

    NOTES

    +

    The operations and options supported vary according to the key algorithm +and its implementation. The OpenSSL operations and options are indicated below.

    +

    Unless otherwise mentioned all algorithms support the digest:alg option +which specifies the digest in use for sign, verify and verifyrecover operations. +The value alg should represent a digest name as used in the +EVP_get_digestbyname() function for example sha1. This value is not used to +hash the input data. It is used (by some algorithms) for sanity-checking the +lengths of data passed in and for creating the structures that make up the +signature (e.g. DigestInfo in RSASSA PKCS#1 v1.5 signatures).

    +

    This command does not hash the input data (except where -rawin is used) but +rather it will use the data directly as input to the signature algorithm. +Depending on the key type, signature type, and mode of padding, the maximum +acceptable lengths of input data differ. The signed data can't be longer than +the key modulus with RSA. In case of ECDSA and DSA the data shouldn't be longer +than the field size, otherwise it will be silently truncated to the field size. +In any event the input size must not be larger than the largest supported digest +size.

    +

    In other words, if the value of digest is sha1 the input should be the 20 +bytes long binary encoding of the SHA-1 hash function output.

    +

    +

    +
    +

    RSA ALGORITHM

    +

    The RSA algorithm generally supports the encrypt, decrypt, sign, +verify and verifyrecover operations. However, some padding modes +support only a subset of these operations. The following additional +pkeyopt values are supported:

    +
    +
    rsa_padding_mode:mode
    + +
    +

    This sets the RSA padding mode. Acceptable values for mode are pkcs1 for +PKCS#1 padding, sslv23 for SSLv23 padding, none for no padding, oaep +for OAEP mode, x931 for X9.31 mode and pss for PSS.

    +

    In PKCS#1 padding if the message digest is not set then the supplied data is +signed or verified directly instead of using a DigestInfo structure. If a +digest is set then the a DigestInfo structure is used and its the length +must correspond to the digest type.

    +

    For oaep mode only encryption and decryption is supported.

    +

    For x931 if the digest type is set it is used to format the block data +otherwise the first byte is used to specify the X9.31 digest ID. Sign, +verify and verifyrecover are can be performed in this mode.

    +

    For pss mode only sign and verify are supported and the digest type must be +specified.

    +
    +
    rsa_pss_saltlen:len
    + +
    +

    For pss mode only this option specifies the salt length. Three special +values are supported: digest sets the salt length to the digest length, +max sets the salt length to the maximum permissible value. When verifying +auto causes the salt length to be automatically determined based on the +PSS block structure.

    +
    +
    rsa_mgf1_md:digest
    + +
    +

    For PSS and OAEP padding sets the MGF1 digest. If the MGF1 digest is not +explicitly set in PSS mode then the signing digest is used.

    +
    +
    +

    +

    +
    +

    RSA-PSS ALGORITHM

    +

    The RSA-PSS algorithm is a restricted version of the RSA algorithm which only +supports the sign and verify operations with PSS padding. The following +additional -pkeyopt values are supported:

    +
    +
    rsa_padding_mode:mode, rsa_pss_saltlen:len, +rsa_mgf1_md:digest
    + +
    +

    These have the same meaning as the RSA algorithm with some additional +restrictions. The padding mode can only be set to pss which is the +default value.

    +

    If the key has parameter restrictions than the digest, MGF1 +digest and salt length are set to the values specified in the parameters. +The digest and MG cannot be changed and the salt length cannot be set to a +value less than the minimum restriction.

    +
    +
    +

    +

    +
    +

    DSA ALGORITHM

    +

    The DSA algorithm supports signing and verification operations only. Currently +there are no additional -pkeyopt options other than digest. The SHA1 +digest is assumed by default.

    +

    +

    +
    +

    DH ALGORITHM

    +

    The DH algorithm only supports the derivation operation and no additional +-pkeyopt options.

    +

    +

    +
    +

    EC ALGORITHM

    +

    The EC algorithm supports sign, verify and derive operations. The sign and +verify operations use ECDSA and derive uses ECDH. SHA1 is assumed by default for +the -pkeyopt digest option.

    +

    +

    +
    +

    X25519 AND X448 ALGORITHMS

    +

    The X25519 and X448 algorithms support key derivation only. Currently there are +no additional options.

    +

    +

    +
    +

    ED25519 AND ED448 ALGORITHMS

    +

    These algorithms only support signing and verifying. OpenSSL only implements the +"pure" variants of these algorithms so raw data can be passed directly to them +without hashing them first. The option -rawin must be used with these +algorithms with no -digest specified. Additionally OpenSSL only supports +"oneshot" operation with these algorithms. This means that the entire file to +be signed/verified must be read into memory before processing it. Signing or +Verifying very large files should be avoided. Additionally the size of the file +must be known for this to work. If the size of the file cannot be determined +(for example if the input is stdin) then the sign or verify operation will fail.

    +

    +

    +
    +

    SM2

    +

    The SM2 algorithm supports sign, verify, encrypt and decrypt operations. For +the sign and verify operations, SM2 requires an ID string to be passed in. The +following -pkeyopt value is supported:

    +
    +
    sm2_id:string
    + +
    +

    This sets the ID string used in SM2 sign or verify operations. While verifying +an SM2 signature, the ID string must be the same one used when signing the data. +Otherwise the verification will fail.

    +
    +
    sm2_hex_id:hex_string
    + +
    +

    This sets the ID string used in SM2 sign or verify operations. While verifying +an SM2 signature, the ID string must be the same one used when signing the data. +Otherwise the verification will fail. The ID string provided with this option +should be a valid hexadecimal value.

    +
    +
    +

    +

    +
    +

    EXAMPLES

    +

    Sign some data using a private key:

    +
    + openssl pkeyutl -sign -in file -inkey key.pem -out sig
    +

    Recover the signed data (e.g. if an RSA key is used):

    +
    + openssl pkeyutl -verifyrecover -in sig -inkey key.pem
    +

    Verify the signature (e.g. a DSA key):

    +
    + openssl pkeyutl -verify -in file -sigfile sig -inkey key.pem
    +

    Sign data using a message digest value (this is currently only valid for RSA):

    +
    + openssl pkeyutl -sign -in file -inkey key.pem -out sig -pkeyopt digest:sha256
    +

    Derive a shared secret value:

    +
    + openssl pkeyutl -derive -inkey key.pem -peerkey pubkey.pem -out secret
    +

    Hexdump 48 bytes of TLS1 PRF using digest SHA256 and shared secret and +seed consisting of the single byte 0xFF:

    +
    + openssl pkeyutl -kdf TLS1-PRF -kdflen 48 -pkeyopt md:SHA256 \
+    -pkeyopt hexsecret:ff -pkeyopt hexseed:ff -hexdump
    +

    Derive a key using scrypt where the password is read from command line:

    +
    + openssl pkeyutl -kdf scrypt -kdflen 16 -pkeyopt_passin pass \
+    -pkeyopt hexsalt:aabbcc -pkeyopt N:16384 -pkeyopt r:8 -pkeyopt p:1
    +

    Derive using the same algorithm, but read key from environment variable MYPASS:

    +
    + openssl pkeyutl -kdf scrypt -kdflen 16 -pkeyopt_passin pass:env:MYPASS \
+    -pkeyopt hexsalt:aabbcc -pkeyopt N:16384 -pkeyopt r:8 -pkeyopt p:1
    +

    Sign some data using an SM2(7) private key and a specific ID:

    +
    + openssl pkeyutl -sign -in file -inkey sm2.key -out sig -rawin -digest sm3 \
+    -pkeyopt sm2_id:someid
    +

    Verify some data using an SM2(7) certificate and a specific ID:

    +
    + openssl pkeyutl -verify -certin -in file -inkey sm2.cert -sigfile sig \
+    -rawin -digest sm3 -pkeyopt sm2_id:someid
    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +openssl-genpkey(1), +openssl-pkey(1), +openssl-rsautl(1) +openssl-dgst(1), +openssl-rsa(1), +openssl-genrsa(1), +openssl-kdf(1) +EVP_PKEY_CTX_set_hkdf_md(3), +EVP_PKEY_CTX_set_tls1_prf_md(3),

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man1/openssl-prime.html b/linux_amd64/share/doc/openssl/html/man1/openssl-prime.html new file mode 100755 index 0000000..52ebfef --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man1/openssl-prime.html @@ -0,0 +1,104 @@ + + + + +openssl-prime + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    openssl-prime - compute prime numbers

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl prime +[-help] +[-hex] +[-generate] +[-bits num] +[-safe] +[-checks num] +[number ...]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command checks if the specified numbers are prime.

    +

    If no numbers are given on the command line, the -generate flag should +be used to generate primes according to the requirements specified by the +rest of the flags.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Display an option summary.

    +
    +
    -hex
    + +
    +

    Generate hex output.

    +
    +
    -generate
    + +
    +

    Generate a prime number.

    +
    +
    -bits num
    + +
    +

    Generate a prime with num bits.

    +
    +
    -safe
    + +
    +

    When used with -generate, generates a "safe" prime. If the number +generated is n, then check that (n-1)/2 is also prime.

    +
    +
    -checks num
    + +
    +

    This parameter is ignored.

    +
    +
    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man1/openssl-provider.html b/linux_amd64/share/doc/openssl/html/man1/openssl-provider.html new file mode 100755 index 0000000..67b54de --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man1/openssl-provider.html @@ -0,0 +1,101 @@ + + + + +openssl-provider + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    openssl-provider - load and query providers

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl provider +[-help] +[-v] +[-vv] +[-vvv] +[provider ...]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command is used to query the capabilities of the +specified provider's.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -v -vv -vvv
    + +
    +

    Provides information about each specified provider. +The first flag lists the names of all algorithms each provider +implements; the second lists them by category; the third adds +information on what parameters each of them can handle.

    +
    +
    +

    +

    +
    +

    ENVIRONMENT

    +
    +
    OPENSSL_MODULES
    + +
    +

    The path to the modules directory, where one can expect provider +modules to be located.

    +
    +
    +

    +

    +
    +

    SEE ALSO

    +

    config(5)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man1/openssl-rand.html b/linux_amd64/share/doc/openssl/html/man1/openssl-rand.html new file mode 100755 index 0000000..74ac427 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man1/openssl-rand.html @@ -0,0 +1,109 @@ + + + + +openssl-rand + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    openssl-rand - generate pseudo-random bytes

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl rand +[-help] +[-out file] +[-base64] +[-hex] +[-engine id] +[-rand files] +[-writerand file] +num

    +

    +

    +
    +

    DESCRIPTION

    +

    This command outputs num pseudo-random bytes after seeding +the random number generator once.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -out file
    + +
    +

    Write to file instead of standard output.

    +
    +
    -base64
    + +
    +

    Perform base64 encoding on the output.

    +
    +
    -hex
    + +
    +

    Show the output as a hex string.

    +
    +
    -engine id
    + +
    +

    See openssl(1)/Engine Options.

    +
    +
    -rand files, -writerand file
    + +
    +

    See openssl(1)/Random State Options for details.

    +
    +
    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +RAND_bytes(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man1/openssl-rehash.html b/linux_amd64/share/doc/openssl/html/man1/openssl-rehash.html new file mode 100755 index 0000000..674125e --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man1/openssl-rehash.html @@ -0,0 +1,189 @@ + + + + +openssl-rehash + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    openssl-rehash, c_rehash - Create symbolic links to files named by the hash +values

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl +rehash +[-h] +[-help] +[-old] +[-compat] +[-n] +[-v] +[directory] ...

    +

    c_rehash +[-h] +[-help] +[-old] +[-n] +[-v] +[directory] ...

    +

    +

    +
    +

    DESCRIPTION

    +

    This command is generally equivalent to the external +script c_rehash, +except for minor differences noted below.

    +

    openssl rehash scans directories and calculates a hash value of +each .pem, .crt, .cer, or .crl +file in the specified directory list and creates symbolic links +for each file, where the name of the link is the hash value. +(If the platform does not support symbolic links, a copy is made.) +This command is useful as many programs that use OpenSSL require +directories to be set up like this in order to find certificates.

    +

    If any directories are named on the command line, then those are +processed in turn. If not, then the SSL_CERT_DIR environment variable +is consulted; this should be a colon-separated list of directories, +like the Unix PATH variable. +If that is not set then the default directory (installation-specific +but often /usr/local/ssl/certs) is processed.

    +

    In order for a directory to be processed, the user must have write +permissions on that directory, otherwise an error will be generated.

    +

    The links created are of the form HHHHHHHH.D, where each H +is a hexadecimal character and D is a single decimal digit. +When a directory is processed, all links in it that have a name +in that syntax are first removed, even if they are being used for +some other purpose. +To skip the removal step, use the -n flag. +Hashes for CRL's look similar except the letter r appears after +the period, like this: HHHHHHHH.rD.

    +

    Multiple objects may have the same hash; they will be indicated by +incrementing the D value. Duplicates are found by comparing the +full SHA-1 fingerprint. A warning will be displayed if a duplicate +is found.

    +

    A warning will also be displayed if there are files that +cannot be parsed as either a certificate or a CRL or if +more than one such object appears in the file.

    +

    +

    +

    Script Configuration

    +

    The c_rehash script +uses the openssl program to compute the hashes and +fingerprints. If not found in the user's PATH, then set the +OPENSSL environment variable to the full pathname. +Any program can be used, it will be invoked as follows for either +a certificate or CRL:

    +
    +  $OPENSSL x509 -hash -fingerprint -noout -in FILENAME
+  $OPENSSL crl -hash -fingerprint -noout -in FILENAME
    +

    where FILENAME is the filename. It must output the hash of the +file on the first line, and the fingerprint on the second, +optionally prefixed with some text and an equals sign.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help -h
    + +
    +

    Display a brief usage message.

    +
    +
    -old
    + +
    +

    Use old-style hashing (MD5, as opposed to SHA-1) for generating +links to be used for releases before 1.0.0. +Note that current versions will not use the old style.

    +
    +
    -n
    + +
    +

    Do not remove existing links. +This is needed when keeping new and old-style links in the same directory.

    +
    +
    -compat
    + +
    +

    Generate links for both old-style (MD5) and new-style (SHA1) hashing. +This allows releases before 1.0.0 to use these links along-side newer +releases.

    +
    +
    -v
    + +
    +

    Print messages about old links removed and new links created. +By default, this command only lists each directory as it is processed.

    +
    +
    +

    +

    +
    +

    ENVIRONMENT

    +
    +
    OPENSSL
    + +
    +

    The path to an executable to use to generate hashes and +fingerprints (see above).

    +
    +
    SSL_CERT_DIR
    + +
    +

    Colon separated list of directories to operate on. +Ignored if directories are listed on the command line.

    +
    +
    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +openssl-crl(1), +openssl-x509(1)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man1/openssl-req.html b/linux_amd64/share/doc/openssl/html/man1/openssl-req.html new file mode 100755 index 0000000..6934a09 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man1/openssl-req.html @@ -0,0 +1,749 @@ + + + + +openssl-req + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    openssl-req - PKCS#10 certificate request and certificate generating utility

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl req +[-help] +[-inform DER|PEM] +[-outform DER|PEM] +[-in filename] +[-passin arg] +[-out filename] +[-passout arg] +[-text] +[-pubkey] +[-noout] +[-verify] +[-modulus] +[-new] +[-newkey arg] +[-pkeyopt opt:value] +[-nodes] +[-key filename] +[-keyform DER|PEM] +[-keyout filename] +[-keygen_engine id] +[-digest] +[-config filename] +[-multivalue-rdn] +[-x509] +[-days n] +[-set_serial n] +[-newhdr] +[-addext ext] +[-extensions section] +[-reqexts section] +[-precert] +[-utf8] +[-reqopt] +[-subject] +[-subj arg] +[-sigopt nm:v] +[-batch] +[-verbose] +[-sm2-id string] +[-sm2-hex-id hex-string] +[-nameopt option] +[-rand files] +[-writerand file] +[-engine id]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command primarily creates and processes certificate requests +in PKCS#10 format. It can additionally create self signed certificates +for use as root CAs for example.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -inform DER|PEM, -outform DER|PEM
    + +
    +

    The input and formats; the default is PEM. +See openssl(1)/Format Options for details.

    +

    The data is a PKCS#10 object.

    +
    +
    -in filename
    + +
    +

    This specifies the input filename to read a request from or standard input +if this option is not specified. A request is only read if the creation +options (-new and -newkey) are not specified.

    +
    +
    -sigopt nm:v
    + +
    +

    Pass options to the signature algorithm during sign or verify operations. +Names and values of these options are algorithm-specific.

    +
    +
    -passin arg, -passout arg
    + +
    +

    The password source for the input and output file. +For more information about the format of arg +see openssl(1)/Pass Phrase Options.

    +
    +
    -out filename
    + +
    +

    This specifies the output filename to write to or standard output by +default.

    +
    +
    -text
    + +
    +

    Prints out the certificate request in text form.

    +
    +
    -subject
    + +
    +

    Prints out the request subject (or certificate subject if -x509 is +specified)

    +
    +
    -pubkey
    + +
    +

    Outputs the public key.

    +
    +
    -noout
    + +
    +

    This option prevents output of the encoded version of the request.

    +
    +
    -modulus
    + +
    +

    This option prints out the value of the modulus of the public key +contained in the request.

    +
    +
    -verify
    + +
    +

    Verifies the signature on the request.

    +
    +
    -new
    + +
    +

    This option generates a new certificate request. It will prompt +the user for the relevant field values. The actual fields +prompted for and their maximum and minimum sizes are specified +in the configuration file and any requested extensions.

    +

    If the -key option is not used it will generate a new RSA private +key using information specified in the configuration file.

    +
    +
    -newkey arg
    + +
    +

    This option creates a new certificate request and a new private +key. The argument takes one of several forms.

    +

    rsa:nbits, where +nbits is the number of bits, generates an RSA key nbits +in size. If nbits is omitted, i.e. -newkey rsa specified, +the default key size, specified in the configuration file is used.

    +

    All other algorithms support the -newkey alg:file form, where file +may be an algorithm parameter file, created with openssl genpkey -genparam +or an X.509 certificate for a key with appropriate algorithm.

    +

    param:file generates a key using the parameter file or certificate +file, the algorithm is determined by the parameters. algname:file +use algorithm algname and parameter file file: the two algorithms must +match or an error occurs. algname just uses algorithm algname, and +parameters, if necessary should be specified via -pkeyopt parameter.

    +

    dsa:filename generates a DSA key using the parameters +in the file filename. ec:filename generates EC key (usable both with +ECDSA or ECDH algorithms), gost2001:filename generates GOST R +34.10-2001 key (requires gost engine configured in the configuration +file). If just gost2001 is specified a parameter set should be +specified by -pkeyopt paramset:X

    +
    +
    -pkeyopt opt:value
    + +
    +

    Set the public key algorithm option opt to value. The precise set of +options supported depends on the public key algorithm used and its +implementation. +See openssl-genpkey(1)/KEY GENERATION OPTIONS for more details.

    +
    +
    -key filename
    + +
    +

    This specifies the file to read the private key from. It also +accepts PKCS#8 format private keys for PEM format files.

    +
    +
    -keyform DER|PEM
    + +
    +

    The format of the private key; the default is PEM. +See openssl(1)/Format Options for details.

    +
    +
    -keyout filename
    + +
    +

    This gives the filename to write the newly created private key to. +If this option is not specified then the filename present in the +configuration file is used.

    +
    +
    -nodes
    + +
    +

    If this option is specified then if a private key is created it +will not be encrypted.

    +
    +
    -digest
    + +
    +

    This specifies the message digest to sign the request. +Any digest supported by the OpenSSL dgst command can be used. +This overrides the digest algorithm specified in +the configuration file.

    +

    Some public key algorithms may override this choice. For instance, DSA +signatures always use SHA1, GOST R 34.10 signatures always use +GOST R 34.11-94 (-md_gost94), Ed25519 and Ed448 never use any digest.

    +
    +
    -config filename
    + +
    +

    This allows an alternative configuration file to be specified. +Optional; for a description of the default value, +see openssl(1)/COMMAND SUMMARY.

    +
    +
    -subj arg
    + +
    +

    Sets subject name for new request or supersedes the subject name +when processing a request. +The arg must be formatted as /type0=value0/type1=value1/type2=.... +Keyword characters may be escaped by \ (backslash), and whitespace is retained. +Empty values are permitted, but the corresponding type will not be included +in the request.

    +
    +
    -multivalue-rdn
    + +
    +

    This option causes the -subj argument to be interpreted with full +support for multivalued RDNs. Example:

    +

    /DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe

    +

    If -multi-rdn is not used then the UID value is 123456+CN=John Doe.

    +
    +
    -x509
    + +
    +

    This option outputs a self signed certificate instead of a certificate +request. This is typically used to generate a test certificate or +a self signed root CA. The extensions added to the certificate +(if any) are specified in the configuration file. Unless specified +using the -set_serial option, a large random number will be used for +the serial number.

    +

    If existing request is specified with the -in option, it is converted +to the self signed certificate otherwise new request is created.

    +
    +
    -days n
    + +
    +

    When the -x509 option is being used this specifies the number of +days to certify the certificate for, otherwise it is ignored. n should +be a positive integer. The default is 30 days.

    +
    +
    -set_serial n
    + +
    +

    Serial number to use when outputting a self signed certificate. This +may be specified as a decimal value or a hex value if preceded by 0x.

    +
    +
    -addext ext
    + +
    +

    Add a specific extension to the certificate (if the -x509 option is +present) or certificate request. The argument must have the form of +a key=value pair as it would appear in a config file.

    +

    This option can be given multiple times.

    +
    +
    -extensions section
    + +
    -reqexts section
    + +
    +

    These options specify alternative sections to include certificate +extensions (if the -x509 option is present) or certificate +request extensions. This allows several different sections to +be used in the same configuration file to specify requests for +a variety of purposes.

    +
    +
    -precert
    + +
    +

    A poison extension will be added to the certificate, making it a +"pre-certificate" (see RFC6962). This can be submitted to Certificate +Transparency logs in order to obtain signed certificate timestamps (SCTs). +These SCTs can then be embedded into the pre-certificate as an extension, before +removing the poison and signing the certificate.

    +

    This implies the -new flag.

    +
    +
    -utf8
    + +
    +

    This option causes field values to be interpreted as UTF8 strings, by +default they are interpreted as ASCII. This means that the field +values, whether prompted from a terminal or obtained from a +configuration file, must be valid UTF8 strings.

    +
    +
    -reqopt option
    + +
    +

    Customise the output format used with -text. The option argument can be +a single option or multiple options separated by commas.

    +

    See discussion of the -certopt parameter in the openssl-x509(1) +command.

    +
    +
    -newhdr
    + +
    +

    Adds the word NEW to the PEM file header and footer lines on the outputted +request. Some software (Netscape certificate server) and some CAs need this.

    +
    +
    -batch
    + +
    +

    Non-interactive mode.

    +
    +
    -verbose
    + +
    +

    Print extra details about the operations being performed.

    +
    +
    -keygen_engine id
    + +
    +

    Specifies an engine (by its unique id string) which would be used +for key generation operations.

    +
    +
    -sm2-id
    + +
    +

    Specify the ID string to use when verifying an SM2 certificate request. The ID +string is required by the SM2 signature algorithm for signing and verification.

    +
    +
    -sm2-hex-id
    + +
    +

    Specify a binary ID string to use when verifying an SM2 certificate request. The +argument for this option is string of hexadecimal digits.

    +
    +
    -nameopt option
    + +
    +

    This specifies how the subject or issuer names are displayed. +See openssl(1)/Name Format Options for details.

    +
    +
    -rand files, -writerand file
    + +
    +

    See openssl(1)/Random State Options for details.

    +
    +
    -engine id
    + +
    +

    See openssl(1)/Engine Options.

    +
    +
    +

    +

    +
    +

    CONFIGURATION FILE FORMAT

    +

    The configuration options are specified in the req section of +the configuration file. As with all configuration files if no +value is specified in the specific section (i.e. req) then +the initial unnamed or default section is searched too.

    +

    The options available are described in detail below.

    +
    +
    input_password output_password
    + +
    +

    The passwords for the input private key file (if present) and +the output private key file (if one will be created). The +command line options passin and passout override the +configuration file values.

    +
    +
    default_bits
    + +
    +

    Specifies the default key size in bits.

    +

    This option is used in conjunction with the -new option to generate +a new key. It can be overridden by specifying an explicit key size in +the -newkey option. The smallest accepted key size is 512 bits. If +no key size is specified then 2048 bits is used.

    +
    +
    default_keyfile
    + +
    +

    This is the default filename to write a private key to. If not +specified the key is written to standard output. This can be +overridden by the -keyout option.

    +
    +
    oid_file
    + +
    +

    This specifies a file containing additional OBJECT IDENTIFIERS. +Each line of the file should consist of the numerical form of the +object identifier followed by white space then the short name followed +by white space and finally the long name.

    +
    +
    oid_section
    + +
    +

    This specifies a section in the configuration file containing extra +object identifiers. Each line should consist of the short name of the +object identifier followed by = and the numerical form. The short +and long names are the same when this option is used.

    +
    +
    RANDFILE
    + +
    +

    At startup the specified file is loaded into the random number generator, +and at exit 256 bytes will be written to it. +It is used for private key generation.

    +
    +
    encrypt_key
    + +
    +

    If this is set to no then if a private key is generated it is +not encrypted. This is equivalent to the -nodes command line +option. For compatibility encrypt_rsa_key is an equivalent option.

    +
    +
    default_md
    + +
    +

    This option specifies the digest algorithm to use. Any digest supported by the +OpenSSL dgst command can be used. This option can be overridden on the +command line. Certain signing algorithms (i.e. Ed25519 and Ed448) will ignore +any digest that has been set.

    +
    +
    string_mask
    + +
    +

    This option masks out the use of certain string types in certain +fields. Most users will not need to change this option.

    +

    It can be set to several values default which is also the default +option uses PrintableStrings, T61Strings and BMPStrings if the +pkix value is used then only PrintableStrings and BMPStrings will +be used. This follows the PKIX recommendation in RFC2459. If the +utf8only option is used then only UTF8Strings will be used: this +is the PKIX recommendation in RFC2459 after 2003. Finally the nombstr +option just uses PrintableStrings and T61Strings: certain software has +problems with BMPStrings and UTF8Strings: in particular Netscape.

    +
    +
    req_extensions
    + +
    +

    This specifies the configuration file section containing a list of +extensions to add to the certificate request. It can be overridden +by the -reqexts command line switch. See the +x509v3_config(5) manual page for details of the +extension section format.

    +
    +
    x509_extensions
    + +
    +

    This specifies the configuration file section containing a list of +extensions to add to certificate generated when the -x509 switch +is used. It can be overridden by the -extensions command line switch.

    +
    +
    prompt
    + +
    +

    If set to the value no this disables prompting of certificate fields +and just takes values from the config file directly. It also changes the +expected format of the distinguished_name and attributes sections.

    +
    +
    utf8
    + +
    +

    If set to the value yes then field values to be interpreted as UTF8 +strings, by default they are interpreted as ASCII. This means that +the field values, whether prompted from a terminal or obtained from a +configuration file, must be valid UTF8 strings.

    +
    +
    attributes
    + +
    +

    This specifies the section containing any request attributes: its format +is the same as distinguished_name. Typically these may contain the +challengePassword or unstructuredName types. They are currently ignored +by OpenSSL's request signing utilities but some CAs might want them.

    +
    +
    distinguished_name
    + +
    +

    This specifies the section containing the distinguished name fields to +prompt for when generating a certificate or certificate request. The format +is described in the next section.

    +
    +
    +

    +

    +
    +

    DISTINGUISHED NAME AND ATTRIBUTE SECTION FORMAT

    +

    There are two separate formats for the distinguished name and attribute +sections. If the prompt option is set to no then these sections +just consist of field names and values: for example,

    +
    + CN=My Name
+ OU=My Organization
+ emailAddress=someone@somewhere.org
    +

    This allows external programs (e.g. GUI based) to generate a template file with +all the field names and values and just pass it to this command. An example +of this kind of configuration file is contained in the EXAMPLES section.

    +

    Alternatively if the prompt option is absent or not set to no then the +file contains field prompting information. It consists of lines of the form:

    +
    + fieldName="prompt"
+ fieldName_default="default field value"
+ fieldName_min= 2
+ fieldName_max= 4
    +

    "fieldName" is the field name being used, for example commonName (or CN). +The "prompt" string is used to ask the user to enter the relevant +details. If the user enters nothing then the default value is used if no +default value is present then the field is omitted. A field can +still be omitted if a default value is present if the user just +enters the '.' character.

    +

    The number of characters entered must be between the fieldName_min and +fieldName_max limits: there may be additional restrictions based +on the field being used (for example countryName can only ever be +two characters long and must fit in a PrintableString).

    +

    Some fields (such as organizationName) can be used more than once +in a DN. This presents a problem because configuration files will +not recognize the same name occurring twice. To avoid this problem +if the fieldName contains some characters followed by a full stop +they will be ignored. So for example a second organizationName can +be input by calling it "1.organizationName".

    +

    The actual permitted field names are any object identifier short or +long names. These are compiled into OpenSSL and include the usual +values such as commonName, countryName, localityName, organizationName, +organizationalUnitName, stateOrProvinceName. Additionally emailAddress +is included as well as name, surname, givenName, initials, and dnQualifier.

    +

    Additional object identifiers can be defined with the oid_file or +oid_section options in the configuration file. Any additional fields +will be treated as though they were a DirectoryString.

    +

    +

    +
    +

    EXAMPLES

    +

    Examine and verify certificate request:

    +
    + openssl req -in req.pem -text -verify -noout
    +

    Create a private key and then generate a certificate request from it:

    +
    + openssl genrsa -out key.pem 2048
+ openssl req -new -key key.pem -out req.pem
    +

    The same but just using req:

    +
    + openssl req -newkey rsa:2048 -keyout key.pem -out req.pem
    +

    Generate a self signed root certificate:

    +
    + openssl req -x509 -newkey rsa:2048 -keyout key.pem -out req.pem
    +

    Create an SM2 private key and then generate a certificate request from it:

    +
    + openssl ecparam -genkey -name SM2 -out sm2.key
+ openssl req -new -key sm2.key -out sm2.csr -sm3 -sigopt "sm2_id:1234567812345678"
    +

    Examine and verify an SM2 certificate request:

    +
    + openssl req -verify -in sm2.csr -sm3 -sm2-id 1234567812345678
    +

    Example of a file pointed to by the oid_file option:

    +
    + 1.2.3.4        shortName       A longer Name
+ 1.2.3.6        otherName       Other longer Name
    +

    Example of a section pointed to by oid_section making use of variable +expansion:

    +
    + testoid1=1.2.3.5
+ testoid2=${testoid1}.6
    +

    Sample configuration file prompting for field values:

    +
    + [ req ]
+ default_bits           = 2048
+ default_keyfile        = privkey.pem
+ distinguished_name     = req_distinguished_name
+ attributes             = req_attributes
+ req_extensions         = v3_ca
    +
    + dirstring_type = nobmp
    +
    + [ req_distinguished_name ]
+ countryName                    = Country Name (2 letter code)
+ countryName_default            = AU
+ countryName_min                = 2
+ countryName_max                = 2
    +
    + localityName                   = Locality Name (eg, city)
    +
    + organizationalUnitName         = Organizational Unit Name (eg, section)
    +
    + commonName                     = Common Name (eg, YOUR name)
+ commonName_max                 = 64
    +
    + emailAddress                   = Email Address
+ emailAddress_max               = 40
    +
    + [ req_attributes ]
+ challengePassword              = A challenge password
+ challengePassword_min          = 4
+ challengePassword_max          = 20
    +
    + [ v3_ca ]
    +
    + subjectKeyIdentifier=hash
+ authorityKeyIdentifier=keyid:always,issuer:always
+ basicConstraints = critical, CA:true
    +

    Sample configuration containing all field values:

    +
    + [ req ]
+ default_bits           = 2048
+ default_keyfile        = keyfile.pem
+ distinguished_name     = req_distinguished_name
+ attributes             = req_attributes
+ prompt                 = no
+ output_password        = mypass
    +
    + [ req_distinguished_name ]
+ C                      = GB
+ ST                     = Test State or Province
+ L                      = Test Locality
+ O                      = Organization Name
+ OU                     = Organizational Unit Name
+ CN                     = Common Name
+ emailAddress           = test@email.address
    +
    + [ req_attributes ]
+ challengePassword              = A challenge password
    +

    Example of giving the most common attributes (subject and extensions) +on the command line:

    +
    + openssl req -new -subj "/C=GB/CN=foo" \
+                  -addext "subjectAltName = DNS:foo.co.uk" \
+                  -addext "certificatePolicies = 1.2.3.4" \
+                  -newkey rsa:2048 -keyout key.pem -out req.pem
    +

    +

    +
    +

    NOTES

    +

    The certificate requests generated by Xenroll with MSIE have extensions +added. It includes the keyUsage extension which determines the type of +key (signature only or general purpose) and any additional OIDs entered +by the script in an extendedKeyUsage extension.

    +

    +

    +
    +

    DIAGNOSTICS

    +

    The following messages are frequently asked about:

    +
    +        Using configuration from /some/path/openssl.cnf
+        Unable to load config info
    +

    This is followed some time later by:

    +
    +        unable to find 'distinguished_name' in config
+        problems making Certificate Request
    +

    The first error message is the clue: it can't find the configuration +file! Certain operations (like examining a certificate request) don't +need a configuration file so its use isn't enforced. Generation of +certificates or requests however does need a configuration file. This +could be regarded as a bug.

    +

    Another puzzling message is this:

    +
    +        Attributes:
+            a0:00
    +

    this is displayed when no attributes are present and the request includes +the correct empty SET OF structure (the DER encoding of which is 0xa0 +0x00). If you just see:

    +
    +        Attributes:
    +

    then the SET OF is missing and the encoding is technically invalid (but +it is tolerated). See the description of the command line option -asn1-kludge +for more information.

    +

    +

    +
    +

    BUGS

    +

    OpenSSL's handling of T61Strings (aka TeletexStrings) is broken: it effectively +treats them as ISO-8859-1 (Latin 1), Netscape and MSIE have similar behaviour. +This can cause problems if you need characters that aren't available in +PrintableStrings and you don't want to or can't use BMPStrings.

    +

    As a consequence of the T61String handling the only correct way to represent +accented characters in OpenSSL is to use a BMPString: unfortunately Netscape +currently chokes on these. If you have to use accented characters with Netscape +and MSIE then you currently need to use the invalid T61String form.

    +

    The current prompting is not very friendly. It doesn't allow you to confirm what +you've just entered. Other things like extensions in certificate requests are +statically defined in the configuration file. Some of these: like an email +address in subjectAltName should be input by the user.

    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +openssl-x509(1), +openssl-ca(1), +openssl-genrsa(1), +openssl-gendsa(1), +config(5), +x509v3_config(5)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man1/openssl-rsa.html b/linux_amd64/share/doc/openssl/html/man1/openssl-rsa.html new file mode 100755 index 0000000..75fc12e --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man1/openssl-rsa.html @@ -0,0 +1,240 @@ + + + + +openssl-rsa + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    openssl-rsa - RSA key processing tool

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl rsa +[-help] +[-inform DER|PEM] +[-outform DER|PEM] +[-in filename] +[-passin arg] +[-out filename] +[-passout arg] +[-aes128] +[-aes192] +[-aes256] +[-aria128] +[-aria192] +[-aria256] +[-camellia128] +[-camellia192] +[-camellia256] +[-des] +[-des3] +[-idea] +[-text] +[-noout] +[-modulus] +[-check] +[-pubin] +[-pubout] +[-RSAPublicKey_in] +[-RSAPublicKey_out] +[-engine id]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command has been deprecated. +The openssl-pkey(1) command should be used instead.

    +

    This command processes RSA keys. They can be converted between +various forms and their components printed out. Note this command uses the +traditional SSLeay compatible format for private key encryption: newer +applications should use the more secure PKCS#8 format using the +openssl-pkcs8(1) command.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -inform DER|PEM, -outform DER|PEM
    + +
    +

    The input and formats; the default is PEM. +See openssl(1)/Format Options for details.

    +
    +
    -inform DER|PEM
    + +
    +

    The data is a PKCS#1 RSAPrivateKey or SubjectPublicKey object. +On input, PKCS#8 format private keys are also accepted.

    +
    +
    -in filename
    + +
    +

    This specifies the input filename to read a key from or standard input if this +option is not specified. If the key is encrypted a pass phrase will be +prompted for.

    +
    +
    -passin arg, -passout arg
    + +
    +

    The password source for the input and output file. +For more information about the format of arg +see openssl(1)/Pass Phrase Options.

    +
    +
    -out filename
    + +
    +

    This specifies the output filename to write a key to or standard output if this +option is not specified. If any encryption options are set then a pass phrase +will be prompted for. The output filename should not be the same as the input +filename.

    +
    +
    -aes128, -aes192, -aes256, -aria128, -aria192, -aria256, -camellia128, -camellia192, -camellia256, -des, -des3, -idea
    + +
    +

    These options encrypt the private key with the specified +cipher before outputting it. A pass phrase is prompted for. +If none of these options is specified the key is written in plain text. This +means that this command can be used to remove the pass phrase from a key +by not giving any encryption option is given, or to add or change the pass +phrase by setting them. +These options can only be used with PEM format output files.

    +
    +
    -text
    + +
    +

    Prints out the various public or private key components in +plain text in addition to the encoded version.

    +
    +
    -noout
    + +
    +

    This option prevents output of the encoded version of the key.

    +
    +
    -modulus
    + +
    +

    This option prints out the value of the modulus of the key.

    +
    +
    -check
    + +
    +

    This option checks the consistency of an RSA private key.

    +
    +
    -pubin
    + +
    +

    By default a private key is read from the input file: with this +option a public key is read instead.

    +
    +
    -pubout
    + +
    +

    By default a private key is output: with this option a public +key will be output instead. This option is automatically set if +the input is a public key.

    +
    +
    -RSAPublicKey_in, -RSAPublicKey_out
    + +
    +

    Like -pubin and -pubout except RSAPublicKey format is used instead.

    +
    +
    -engine id
    + +
    +

    See openssl(1)/Engine Options.

    +
    +
    +

    +

    +
    +

    EXAMPLES

    +

    Examples equivalent to these can be found in the documentation for the +non-deprecated openssl-pkey(1) command.

    +

    To remove the pass phrase on an RSA private key:

    +
    + openssl rsa -in key.pem -out keyout.pem
    +

    To encrypt a private key using triple DES:

    +
    + openssl rsa -in key.pem -des3 -out keyout.pem
    +

    To convert a private key from PEM to DER format:

    +
    + openssl rsa -in key.pem -outform DER -out keyout.der
    +

    To print out the components of a private key to standard output:

    +
    + openssl rsa -in key.pem -text -noout
    +

    To just output the public part of a private key:

    +
    + openssl rsa -in key.pem -pubout -out pubkey.pem
    +

    Output the public part of a private key in RSAPublicKey format:

    +
    + openssl rsa -in key.pem -RSAPublicKey_out -out pubkey.pem
    +

    +

    +
    +

    BUGS

    +

    There should be an option that automatically handles .key files, +without having to manually edit them.

    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +openssl-pkey(1), +openssl-pkcs8(1), +openssl-dsa(1), +openssl-genrsa(1), +openssl-gendsa(1)

    +

    +

    +
    +

    HISTORY

    +

    This command was deprecated in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man1/openssl-rsautl.html b/linux_amd64/share/doc/openssl/html/man1/openssl-rsautl.html new file mode 100755 index 0000000..78f2685 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man1/openssl-rsautl.html @@ -0,0 +1,294 @@ + + + + +openssl-rsautl + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    openssl-rsautl - RSA utility

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl rsautl +[-help] +[-in file] +[-passin arg] +[-rev] +[-out file] +[-inkey file] +[-keyform DER|PEM|ENGINE] +[-pubin] +[-certin] +[-sign] +[-verify] +[-encrypt] +[-decrypt] +[-pkcs] +[-x931] +[-oaep] +[-ssl] +[-raw] +[-pkcs] +[-ssl] +[-raw] +[-hexdump] +[-asn1parse] +[-engine id] +[-rand files] +[-writerand file]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command has been deprecated. +The openssl-pkeyutl(1) command should be used instead.

    +

    This command can be used to sign, verify, encrypt and decrypt +data using the RSA algorithm.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -in filename
    + +
    +

    This specifies the input filename to read data from or standard input +if this option is not specified.

    +
    +
    -passin arg
    + +
    +

    The passphrase used in the output file. +See see openssl(1)/Pass Phrase Options.

    +
    +
    -rev
    + +
    +

    Reverse the order of the input.

    +
    +
    -out filename
    + +
    +

    Specifies the output filename to write to or standard output by +default.

    +
    +
    -inkey file
    + +
    +

    The input key file, by default it should be an RSA private key.

    +
    +
    -keyform DER|PEM|ENGINE
    + +
    +

    The key format; the default is PEM. +See openssl(1)/Format Options for details.

    +
    +
    -pubin
    + +
    +

    The input file is an RSA public key.

    +
    +
    -certin
    + +
    +

    The input is a certificate containing an RSA public key.

    +
    +
    -sign
    + +
    +

    Sign the input data and output the signed result. This requires +an RSA private key.

    +
    +
    -verify
    + +
    +

    Verify the input data and output the recovered data.

    +
    +
    -encrypt
    + +
    +

    Encrypt the input data using an RSA public key.

    +
    +
    -decrypt
    + +
    +

    Decrypt the input data using an RSA private key.

    +
    +
    -pkcs, -oaep, -x931 -ssl, -raw
    + +
    +

    The padding to use: PKCS#1 v1.5 (the default), PKCS#1 OAEP, +ANSI X9.31, +special padding used in SSL v2 backwards compatible handshakes, +or no padding, respectively. +For signatures, only -pkcs and -raw can be used.

    +
    +
    -hexdump
    + +
    +

    Hex dump the output data.

    +
    +
    -asn1parse
    + +
    +

    Parse the ASN.1 output data, this is useful when combined with the +-verify option.

    +
    +
    -engine id
    + +
    +

    See openssl(1)/Engine Options.

    +
    +
    -rand files, -writerand file
    + +
    +

    See openssl(1)/Random State Options for details.

    +
    +
    +

    +

    +
    +

    NOTES

    +

    Since this command uses the RSA algorithm directly, it can only be +used to sign or verify small pieces of data.

    +

    +

    +
    +

    EXAMPLES

    +

    Examples equivalent to these can be found in the documentation for the +non-deprecated openssl-pkeyutl(1) command.

    +

    Sign some data using a private key:

    +
    + openssl rsautl -sign -in file -inkey key.pem -out sig
    +

    Recover the signed data

    +
    + openssl rsautl -verify -in sig -inkey key.pem
    +

    Examine the raw signed data:

    +
    + openssl rsautl -verify -in sig -inkey key.pem -raw -hexdump
    +
    + 0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+ 0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+ 0020 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+ 0030 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+ 0040 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+ 0050 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+ 0060 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+ 0070 - ff ff ff ff 00 68 65 6c-6c 6f 20 77 6f 72 6c 64   .....hello world
    +

    The PKCS#1 block formatting is evident from this. If this was done using +encrypt and decrypt the block would have been of type 2 (the second byte) +and random padding data visible instead of the 0xff bytes.

    +

    It is possible to analyse the signature of certificates using this +utility in conjunction with openssl-asn1parse(1). Consider the self signed +example in certs/pca-cert.pem. Running openssl-asn1parse(1) as follows +yields:

    +
    + openssl asn1parse -in pca-cert.pem
    +
    +    0:d=0  hl=4 l= 742 cons: SEQUENCE
+    4:d=1  hl=4 l= 591 cons:  SEQUENCE
+    8:d=2  hl=2 l=   3 cons:   cont [ 0 ]
+   10:d=3  hl=2 l=   1 prim:    INTEGER           :02
+   13:d=2  hl=2 l=   1 prim:   INTEGER           :00
+   16:d=2  hl=2 l=  13 cons:   SEQUENCE
+   18:d=3  hl=2 l=   9 prim:    OBJECT            :md5WithRSAEncryption
+   29:d=3  hl=2 l=   0 prim:    NULL
+   31:d=2  hl=2 l=  92 cons:   SEQUENCE
+   33:d=3  hl=2 l=  11 cons:    SET
+   35:d=4  hl=2 l=   9 cons:     SEQUENCE
+   37:d=5  hl=2 l=   3 prim:      OBJECT            :countryName
+   42:d=5  hl=2 l=   2 prim:      PRINTABLESTRING   :AU
+  ....
+  599:d=1  hl=2 l=  13 cons:  SEQUENCE
+  601:d=2  hl=2 l=   9 prim:   OBJECT            :md5WithRSAEncryption
+  612:d=2  hl=2 l=   0 prim:   NULL
+  614:d=1  hl=3 l= 129 prim:  BIT STRING
    +

    The final BIT STRING contains the actual signature. It can be extracted with:

    +
    + openssl asn1parse -in pca-cert.pem -out sig -noout -strparse 614
    +

    The certificate public key can be extracted with:

    +
    + openssl x509 -in test/testx509.pem -pubkey -noout >pubkey.pem
    +

    The signature can be analysed with:

    +
    + openssl rsautl -in sig -verify -asn1parse -inkey pubkey.pem -pubin
    +
    +    0:d=0  hl=2 l=  32 cons: SEQUENCE
+    2:d=1  hl=2 l=  12 cons:  SEQUENCE
+    4:d=2  hl=2 l=   8 prim:   OBJECT            :md5
+   14:d=2  hl=2 l=   0 prim:   NULL
+   16:d=1  hl=2 l=  16 prim:  OCTET STRING
+      0000 - f3 46 9e aa 1a 4a 73 c9-37 ea 93 00 48 25 08 b5   .F...Js.7...H%..
    +

    This is the parsed version of an ASN1 DigestInfo structure. It can be seen that +the digest used was md5. The actual part of the certificate that was signed can +be extracted with:

    +
    + openssl asn1parse -in pca-cert.pem -out tbs -noout -strparse 4
    +

    and its digest computed with:

    +
    + openssl md5 -c tbs
+ MD5(tbs)= f3:46:9e:aa:1a:4a:73:c9:37:ea:93:00:48:25:08:b5
    +

    which it can be seen agrees with the recovered value above.

    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +openssl-pkeyutl(1), +openssl-dgst(1), +openssl-rsa(1), +openssl-genrsa(1)

    +

    +

    +
    +

    HISTORY

    +

    This command was deprecated in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man1/openssl-s_client.html b/linux_amd64/share/doc/openssl/html/man1/openssl-s_client.html new file mode 100755 index 0000000..bf37ab7 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man1/openssl-s_client.html @@ -0,0 +1,1135 @@ + + + + +openssl-s_client + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    openssl-s_client - SSL/TLS client program

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl s_client +[-help] +[-ssl_config section] +[-connect host:port] +[-host hostname] +[-port port] +[-bind host:port] +[-proxy host:port] +[-proxy_user userid] +[-proxy_pass arg] +[-unix path] +[-4] +[-6] +[-servername name] +[-noservername] +[-verify depth] +[-verify_return_error] +[-verify_quiet] +[-verifyCAfile filename] +[-verifyCApath dir] +[-verifyCAstore uri] +[-cert filename] +[-certform DER|PEM] +[-CRL filename] +[-CRLform DER|PEM] +[-crl_download] +[-key filename] +[-keyform DER|PEM] +[-cert_chain filename] +[-build_chain] +[-pass arg] +[-chainCApath directory] +[-chainCAfile filename] +[-chainCAstore uri] +[-requestCAfile filename] +[-dane_tlsa_domain domain] +[-dane_tlsa_rrdata rrdata] +[-dane_ee_no_namechecks] +[-build_chain] +[-reconnect] +[-showcerts] +[-prexit] +[-debug] +[-trace] +[-nocommands] +[-security_debug] +[-security_debug_verbose] +[-msg] +[-timeout] +[-mtu size] +[-keymatexport label] +[-keymatexportlen len] +[-msgfile filename] +[-nbio_test] +[-state] +[-nbio] +[-crlf] +[-ign_eof] +[-no_ign_eof] +[-psk_identity identity] +[-psk key] +[-psk_session file] +[-quiet] +[-sctp] +[-sctp_label_bug] +[-fallback_scsv] +[-async] +[-maxfraglen len] +[-max_send_frag] +[-split_send_frag] +[-max_pipelines] +[-read_buf] +[-bugs] +[-comp] +[-no_comp] +[-brief] +[-allow_no_dhe_kex] +[-sigalgs sigalglist] +[-curves curvelist] +[-cipher cipherlist] +[-ciphersuites val] +[-serverpref] +[-starttls protocol] +[-name hostname] +[-xmpphost hostname] +[-name hostname] +[-tlsextdebug] +[-no_ticket] +[-sess_out filename] +[-serverinfo types] +[-sess_in filename] +[-serverinfo types] +[-status] +[-alpn protocols] +[-nextprotoneg protocols] +[-ct] +[-noct] +[-ctlogfile] +[-keylogfile file] +[-early_data file] +[-enable_pha] +[-use_srtp value] +[-srpuser value] +[-srppass value] +[-srp_lateuser] +[-srp_moregroups] +[-srp_strength number] +[-nameopt option] +[-no_ssl3] +[-no_tls1] +[-no_tls1_1] +[-no_tls1_2] +[-no_tls1_3] +[-ssl3] +[-tls1] +[-tls1_1] +[-tls1_2] +[-tls1_3] +[-dtls] +[-dtls1] +[-dtls1_2] +[-xkey] infile +[-xcert file] +[-xchain] file +[-xchain_build] file +[-xcertform DER|PEM]> +[-xkeyform DER|PEM]> +[-CAfile file] +[-no-CAfile] +[-CApath dir] +[-no-CApath] +[-CAstore uri] +[-no-CAstore] +[-bugs] +[-no_comp] +[-comp] +[-no_ticket] +[-serverpref] +[-legacy_renegotiation] +[-no_renegotiation] +[-no_resumption_on_reneg] +[-legacy_server_connect] +[-no_legacy_server_connect] +[-allow_no_dhe_kex] +[-prioritize_chacha] +[-strict] +[-sigalgs algs] +[-client_sigalgs algs] +[-groups groups] +[-curves curves] +[-named_curve curve] +[-cipher ciphers] +[-ciphersuites 1.3ciphers] +[-min_protocol minprot] +[-max_protocol maxprot] +[-record_padding padding] +[-debug_broken_protocol] +[-no_middlebox] +[-rand files] +[-writerand file] +[-engine id] +[-ssl_client_engine id] +[-allow_proxy_certs] +[-attime timestamp] +[-no_check_time] +[-check_ss_sig] +[-crl_check] +[-crl_check_all] +[-explicit_policy] +[-extended_crl] +[-ignore_critical] +[-inhibit_any] +[-inhibit_map] +[-partial_chain] +[-policy arg] +[-policy_check] +[-policy_print] +[-purpose purpose] +[-suiteB_128] +[-suiteB_128_only] +[-suiteB_192] +[-trusted_first] +[-no_alt_chains] +[-use_deltas] +[-auth_level num] +[-verify_depth num] +[-verify_email email] +[-verify_hostname hostname] +[-verify_ip ip] +[-verify_name name] +[-x509_strict] +[-issuer_checks]

    +

    [host:port]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command implements a generic SSL/TLS client which +connects to a remote host using SSL/TLS. It is a very useful diagnostic +tool for SSL servers.

    +

    +

    +
    +

    OPTIONS

    +

    In addition to the options below, this command also supports the +common and client only options documented +in the "Supported Command Line Commands" section of the SSL_CONF_cmd(3) +manual page.

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -ssl_config section
    + +
    +

    Use the specified section of the configuration file to configure the SSL_CTX object.

    +
    +
    -connect host:port
    + +
    +

    This specifies the host and optional port to connect to. It is possible to +select the host and port using the optional target positional argument instead. +If neither this nor the target positional argument are specified then an attempt +is made to connect to the local host on port 4433.

    +
    +
    -host hostname
    + +
    +

    Host to connect to; use -connect instead.

    +
    +
    -port port
    + +
    +

    Connect to the specified port; use -connect instead.

    +
    +
    -bind host:port
    + +
    +

    This specifies the host address and or port to bind as the source for the +connection. For Unix-domain sockets the port is ignored and the host is +used as the source socket address.

    +
    +
    -proxy host:port
    + +
    +

    When used with the -connect flag, the program uses the host and port +specified with this flag and issues an HTTP CONNECT command to connect +to the desired server.

    +
    +
    -proxy_user userid
    + +
    +

    When used with the -proxy flag, the program will attempt to authenticate +with the specified proxy using basic (base64) authentication. +NB: Basic authentication is insecure; the credentials are sent to the proxy +in easily reversible base64 encoding before any TLS/SSL session is established. +Therefore these credentials are easily recovered by anyone able to sniff/trace +the network. Use with caution.

    +
    +
    -proxy_pass arg
    + +
    +

    The proxy password source, used with the -proxy_user flag. +For more information about the format of arg +see openssl(1)/Pass Phrase Options.

    +
    +
    -unix path
    + +
    +

    Connect over the specified Unix-domain socket.

    +
    +
    -4
    + +
    +

    Use IPv4 only.

    +
    +
    -6
    + +
    +

    Use IPv6 only.

    +
    +
    -servername name
    + +
    +

    Set the TLS SNI (Server Name Indication) extension in the ClientHello message to +the given value. +If -servername is not provided, the TLS SNI extension will be populated with +the name given to -connect if it follows a DNS name format. If -connect is +not provided either, the SNI is set to "localhost". +This is the default since OpenSSL 1.1.1.

    +

    Even though SNI should normally be a DNS name and not an IP address, if +-servername is provided then that name will be sent, regardless of whether +it is a DNS name or not.

    +

    This option cannot be used in conjunction with -noservername.

    +
    +
    -noservername
    + +
    +

    Suppresses sending of the SNI (Server Name Indication) extension in the +ClientHello message. Cannot be used in conjunction with the -servername or +<-dane_tlsa_domain> options.

    +
    +
    -cert certname
    + +
    +

    The certificate to use, if one is requested by the server. The default is +not to use a certificate.

    +
    +
    -certform format
    + +
    +

    The certificate format to use: DER or PEM. PEM is the default.

    +
    +
    -CRL filename
    + +
    +

    CRL file to use to check the server's certificate.

    +
    +
    -CRLform DER|PEM
    + +
    +

    The CRL format; the default is PEM. +See openssl(1)/Format Options for details.

    +
    +
    -crl_download
    + +
    +

    Download CRL from distribution points in the certificate.

    +
    +
    -key keyfile
    + +
    +

    The private key to use. If not specified then the certificate file will +be used.

    +
    +
    -keyform format
    + +
    +

    The key format; the default is PEM. +See openssl(1)/Format Options for details.

    +
    +
    -cert_chain
    + +
    +

    A file containing trusted certificates to use when attempting to build the +client/server certificate chain related to the certificate specified via the +-cert option.

    +
    +
    -build_chain
    + +
    +

    Specify whether the application should build the certificate chain to be +provided to the server.

    +
    +
    -pass arg
    + +
    +

    the private key password source. For more information about the format of arg +see openssl(1)/Pass phrase options.

    +
    +
    -verify depth
    + +
    +

    The verify depth to use. This specifies the maximum length of the +server certificate chain and turns on server certificate verification. +Currently the verify operation continues after errors so all the problems +with a certificate chain can be seen. As a side effect the connection +will never fail due to a server certificate verify failure.

    +
    +
    -verify_return_error
    + +
    +

    Return verification errors instead of continuing. This will typically +abort the handshake with a fatal error.

    +
    +
    -verify_quiet
    + +
    +

    Limit verify output to only errors.

    +
    +
    -verifyCAfile filename
    + +
    +

    CA file for verifying the server's certificate, in PEM format.

    +
    +
    -verifyCApath dir
    + +
    +

    Use the specified directory as a certificate store path to verify +the server's CA certificate.

    +
    +
    -verifyCAstore uri
    + +
    +

    Use the specified URI as a store URI to verify the server's certificate.

    +
    +
    -chainCApath directory
    + +
    +

    The directory to use for building the chain provided to the server. This +directory must be in "hash format", see openssl-verify(1) for more +information.

    +
    +
    -chainCAfile file
    + +
    +

    A file containing trusted certificates to use when attempting to build the +client certificate chain.

    +
    +
    -chainCAstore uri
    + +
    +

    The URI to use when attempting to build the client certificate chain.

    +
    +
    -requestCAfile file
    + +
    +

    A file containing a list of certificates whose subject names will be sent +to the server in the certificate_authorities extension. Only supported +for TLS 1.3

    +
    +
    -dane_tlsa_domain domain
    + +
    +

    Enable RFC6698/RFC7671 DANE TLSA authentication and specify the +TLSA base domain which becomes the default SNI hint and the primary +reference identifier for hostname checks. This must be used in +combination with at least one instance of the -dane_tlsa_rrdata +option below.

    +

    When DANE authentication succeeds, the diagnostic output will include +the lowest (closest to 0) depth at which a TLSA record authenticated +a chain certificate. When that TLSA record is a "2 1 0" trust +anchor public key that signed (rather than matched) the top-most +certificate of the chain, the result is reported as "TA public key +verified". Otherwise, either the TLSA record "matched TA certificate" +at a positive depth or else "matched EE certificate" at depth 0.

    +
    +
    -dane_tlsa_rrdata rrdata
    + +
    +

    Use one or more times to specify the RRDATA fields of the DANE TLSA +RRset associated with the target service. The rrdata value is +specified in "presentation form", that is four whitespace separated +fields that specify the usage, selector, matching type and associated +data, with the last of these encoded in hexadecimal. Optional +whitespace is ignored in the associated data field. For example:

    +
    +  $ openssl s_client -brief -starttls smtp \
+    -connect smtp.example.com:25 \
+    -dane_tlsa_domain smtp.example.com \
+    -dane_tlsa_rrdata "2 1 1
+      B111DD8A1C2091A89BD4FD60C57F0716CCE50FEEFF8137CDBEE0326E 02CF362B" \
+    -dane_tlsa_rrdata "2 1 1
+      60B87575447DCBA2A36B7D11AC09FB24A9DB406FEE12D2CC90180517 616E8A18"
+  ...
+  Verification: OK
+  Verified peername: smtp.example.com
+  DANE TLSA 2 1 1 ...ee12d2cc90180517616e8a18 matched TA certificate at depth 1
+  ...
    +
    +
    -dane_ee_no_namechecks
    + +
    +

    This disables server name checks when authenticating via DANE-EE(3) TLSA +records. +For some applications, primarily web browsers, it is not safe to disable name +checks due to "unknown key share" attacks, in which a malicious server can +convince a client that a connection to a victim server is instead a secure +connection to the malicious server. +The malicious server may then be able to violate cross-origin scripting +restrictions. +Thus, despite the text of RFC7671, name checks are by default enabled for +DANE-EE(3) TLSA records, and can be disabled in applications where it is safe +to do so. +In particular, SMTP and XMPP clients should set this option as SRV and MX +records already make it possible for a remote domain to redirect client +connections to any server of its choice, and in any case SMTP and XMPP clients +do not execute scripts downloaded from remote servers.

    +
    +
    -reconnect
    + +
    +

    Reconnects to the same server 5 times using the same session ID, this can +be used as a test that session caching is working.

    +
    +
    -showcerts
    + +
    +

    Displays the server certificate list as sent by the server: it only consists of +certificates the server has sent (in the order the server has sent them). It is +not a verified chain.

    +
    +
    -prexit
    + +
    +

    Print session information when the program exits. This will always attempt +to print out information even if the connection fails. Normally information +will only be printed out once if the connection succeeds. This option is useful +because the cipher in use may be renegotiated or the connection may fail +because a client certificate is required or is requested only after an +attempt is made to access a certain URL. Note: the output produced by this +option is not always accurate because a connection might never have been +established.

    +
    +
    -state
    + +
    +

    Prints out the SSL session states.

    +
    +
    -debug
    + +
    +

    Print extensive debugging information including a hex dump of all traffic.

    +
    +
    -nocommands
    + +
    +

    Do not use interactive command letters.

    +
    +
    -security_debug
    + +
    +

    Enable security debug messages.

    +
    +
    -security_debug_verbose
    + +
    +

    Output more security debug output.

    +
    +
    -msg
    + +
    +

    Show protocol messages.

    +
    +
    -timeout
    + +
    +

    Enable send/receive timeout on DTLS connections.

    +
    +
    -mtu size
    + +
    +

    Set MTU of the link layer to the specified size.

    +
    +
    -keymatexport label
    + +
    +

    Export keying material using the specified label.

    +
    +
    -keymatexportlen len
    + +
    +

    Export the specified number of bytes of keying material; default is 20.

    +

    Show all protocol messages with hex dump.

    +
    +
    -trace
    + +
    +

    Show verbose trace output of protocol messages. OpenSSL needs to be compiled +with enable-ssl-trace for this option to work.

    +
    +
    -msgfile filename
    + +
    +

    File to send output of -msg or -trace to, default standard output.

    +
    +
    -nbio_test
    + +
    +

    Tests non-blocking I/O

    +
    +
    -nbio
    + +
    +

    Turns on non-blocking I/O

    +
    +
    -crlf
    + +
    +

    This option translated a line feed from the terminal into CR+LF as required +by some servers.

    +
    +
    -ign_eof
    + +
    +

    Inhibit shutting down the connection when end of file is reached in the +input.

    +
    +
    -quiet
    + +
    +

    Inhibit printing of session and certificate information. This implicitly +turns on -ign_eof as well.

    +
    +
    -no_ign_eof
    + +
    +

    Shut down the connection when end of file is reached in the input. +Can be used to override the implicit -ign_eof after -quiet.

    +
    +
    -psk_identity identity
    + +
    +

    Use the PSK identity identity when using a PSK cipher suite. +The default value is "Client_identity" (without the quotes).

    +
    +
    -psk key
    + +
    +

    Use the PSK key key when using a PSK cipher suite. The key is +given as a hexadecimal number without leading 0x, for example -psk +1a2b3c4d. +This option must be provided in order to use a PSK cipher.

    +
    +
    -psk_session file
    + +
    +

    Use the pem encoded SSL_SESSION data stored in file as the basis of a PSK. +Note that this will only work if TLSv1.3 is negotiated.

    +
    +
    -sctp
    + +
    +

    Use SCTP for the transport protocol instead of UDP in DTLS. Must be used in +conjunction with -dtls, -dtls1 or -dtls1_2. This option is only +available where OpenSSL has support for SCTP enabled.

    +
    +
    -sctp_label_bug
    + +
    +

    Use the incorrect behaviour of older OpenSSL implementations when computing +endpoint-pair shared secrets for DTLS/SCTP. This allows communication with +older broken implementations but breaks interoperability with correct +implementations. Must be used in conjunction with -sctp. This option is only +available where OpenSSL has support for SCTP enabled.

    +
    +
    -fallback_scsv
    + +
    +

    Send TLS_FALLBACK_SCSV in the ClientHello.

    +
    +
    -async
    + +
    +

    Switch on asynchronous mode. Cryptographic operations will be performed +asynchronously. This will only have an effect if an asynchronous capable engine +is also used via the -engine option. For test purposes the dummy async engine +(dasync) can be used (if available).

    +
    +
    -maxfraglen len
    + +
    +

    Enable Maximum Fragment Length Negotiation; allowed values are +512, 1024, 2048, and 4096.

    +
    +
    -max_send_frag int
    + +
    +

    The maximum size of data fragment to send. +See SSL_CTX_set_max_send_fragment(3) for further information.

    +
    +
    -split_send_frag int
    + +
    +

    The size used to split data for encrypt pipelines. If more data is written in +one go than this value then it will be split into multiple pipelines, up to the +maximum number of pipelines defined by max_pipelines. This only has an effect if +a suitable cipher suite has been negotiated, an engine that supports pipelining +has been loaded, and max_pipelines is greater than 1. See +SSL_CTX_set_split_send_fragment(3) for further information.

    +
    +
    -max_pipelines int
    + +
    +

    The maximum number of encrypt/decrypt pipelines to be used. This will only have +an effect if an engine has been loaded that supports pipelining (e.g. the dasync +engine) and a suitable cipher suite has been negotiated. The default value is 1. +See SSL_CTX_set_max_pipelines(3) for further information.

    +
    +
    -read_buf int
    + +
    +

    The default read buffer size to be used for connections. This will only have an +effect if the buffer size is larger than the size that would otherwise be used +and pipelining is in use (see SSL_CTX_set_default_read_buffer_len(3) for +further information).

    +
    +
    -bugs
    + +
    +

    There are several known bugs in SSL and TLS implementations. Adding this +option enables various workarounds.

    +
    +
    -comp
    + +
    +

    Enables support for SSL/TLS compression. +This option was introduced in OpenSSL 1.1.0. +TLS compression is not recommended and is off by default as of +OpenSSL 1.1.0.

    +
    +
    -no_comp
    + +
    +

    Disables support for SSL/TLS compression. +TLS compression is not recommended and is off by default as of +OpenSSL 1.1.0.

    +
    +
    -brief
    + +
    +

    Only provide a brief summary of connection parameters instead of the +normal verbose output.

    +
    +
    -sigalgs sigalglist
    + +
    +

    Specifies the list of signature algorithms that are sent by the client. +The server selects one entry in the list based on its preferences. +For example strings, see SSL_CTX_set1_sigalgs(3)

    +
    +
    -curves curvelist
    + +
    +

    Specifies the list of supported curves to be sent by the client. The curve is +ultimately selected by the server. For a list of all curves, use:

    +
    +    $ openssl ecparam -list_curves
    +
    +
    -cipher cipherlist
    + +
    +

    This allows the TLSv1.2 and below cipher list sent by the client to be modified. +This list will be combined with any TLSv1.3 ciphersuites that have been +configured. Although the server determines which ciphersuite is used it should +take the first supported cipher in the list sent by the client. See +openssl-ciphers(1) for more information.

    +
    +
    -ciphersuites val
    + +
    +

    This allows the TLSv1.3 ciphersuites sent by the client to be modified. This +list will be combined with any TLSv1.2 and below ciphersuites that have been +configured. Although the server determines which cipher suite is used it should +take the first supported cipher in the list sent by the client. See +openssl-ciphers(1) for more information. The format for this list is a simple +colon (":") separated list of TLSv1.3 ciphersuite names.

    +
    +
    -starttls protocol
    + +
    +

    Send the protocol-specific message(s) to switch to TLS for communication. +protocol is a keyword for the intended protocol. Currently, the only +supported keywords are "smtp", "pop3", "imap", "ftp", "xmpp", "xmpp-server", +"irc", "postgres", "mysql", "lmtp", "nntp", "sieve" and "ldap".

    +
    +
    -xmpphost hostname
    + +
    +

    This option, when used with "-starttls xmpp" or "-starttls xmpp-server", +specifies the host for the "to" attribute of the stream element. +If this option is not specified, then the host specified with "-connect" +will be used.

    +

    This option is an alias of the -name option for "xmpp" and "xmpp-server".

    +
    +
    -name hostname
    + +
    +

    This option is used to specify hostname information for various protocols +used with -starttls option. Currently only "xmpp", "xmpp-server", +"smtp" and "lmtp" can utilize this -name option.

    +

    If this option is used with "-starttls xmpp" or "-starttls xmpp-server", +if specifies the host for the "to" attribute of the stream element. If this +option is not specified, then the host specified with "-connect" will be used.

    +

    If this option is used with "-starttls lmtp" or "-starttls smtp", it specifies +the name to use in the "LMTP LHLO" or "SMTP EHLO" message, respectively. If +this option is not specified, then "mail.example.com" will be used.

    +
    +
    -tlsextdebug
    + +
    +

    Print out a hex dump of any TLS extensions received from the server.

    +
    +
    -no_ticket
    + +
    +

    Disable RFC4507bis session ticket support.

    +
    +
    -sess_out filename
    + +
    +

    Output SSL session to filename.

    +
    +
    -sess_in filename
    + +
    +

    Load SSL session from filename. The client will attempt to resume a +connection from this session.

    +
    +
    -serverinfo types
    + +
    +

    A list of comma-separated TLS Extension Types (numbers between 0 and +65535). Each type will be sent as an empty ClientHello TLS Extension. +The server's response (if any) will be encoded and displayed as a PEM +file.

    +
    +
    -status
    + +
    +

    Sends a certificate status request to the server (OCSP stapling). The server +response (if any) is printed out.

    +
    +
    -alpn protocols, -nextprotoneg protocols
    + +
    +

    These flags enable the Enable the Application-Layer Protocol Negotiation +or Next Protocol Negotiation (NPN) extension, respectively. ALPN is the +IETF standard and replaces NPN. +The protocols list is a comma-separated list of protocol names that +the client should advertise support for. The list should contain the most +desirable protocols first. Protocol names are printable ASCII strings, +for example "http/1.1" or "spdy/3". +An empty list of protocols is treated specially and will cause the +client to advertise support for the TLS extension but disconnect just +after receiving ServerHello with a list of server supported protocols. +The flag -nextprotoneg cannot be specified if -tls1_3 is used.

    +
    +
    -ct, -noct
    + +
    +

    Use one of these two options to control whether Certificate Transparency (CT) +is enabled (-ct) or disabled (-noct). +If CT is enabled, signed certificate timestamps (SCTs) will be requested from +the server and reported at handshake completion.

    +

    Enabling CT also enables OCSP stapling, as this is one possible delivery method +for SCTs.

    +
    +
    -ctlogfile
    + +
    +

    A file containing a list of known Certificate Transparency logs. See +SSL_CTX_set_ctlog_list_file(3) for the expected file format.

    +
    +
    -keylogfile file
    + +
    +

    Appends TLS secrets to the specified keylog file such that external programs +(like Wireshark) can decrypt TLS connections.

    +
    +
    -early_data file
    + +
    +

    Reads the contents of the specified file and attempts to send it as early data +to the server. This will only work with resumed sessions that support early +data and when the server accepts the early data.

    +
    +
    -enable_pha
    + +
    +

    For TLSv1.3 only, send the Post-Handshake Authentication extension. This will +happen whether or not a certificate has been provided via -cert.

    +
    +
    -use_srtp value
    + +
    +

    Offer SRTP key management, where value is a colon-separated profile list.

    +
    +
    -srpuser value
    + +
    +

    Set the SRP username to the specified value.

    +
    +
    -srppass value
    + +
    +

    Set the SRP password to the specified value.

    +
    +
    -srp_lateuser
    + +
    +

    SRP username for the second ClientHello message.

    +
    +
    -srp_moregroups
    + +
    +

    Tolerate other than the known g and N values.

    +
    +
    -srp_strength number
    + +
    +

    Set the minimal acceptable length, in bits, for N.

    +
    +
    -no_ssl3, -no_tls1, -no_tls1_1, -no_tls1_2, -no_tls1_3, +-ssl3, -tls1, -tls1_1, -tls1_2, -tls1_3
    + +
    +

    See openssl(1)/TLS Version Options.

    +
    +
    -dtls, -dtls1, -dtls1_2
    + +
    +

    These specify the use of DTLS instead of TLS. +See openssl(1)/TLS Version Options.

    +
    +
    -nameopt option
    + +
    +

    This specifies how the subject or issuer names are displayed. +See openssl(1)/Name Format Options for details.

    +
    +
    xkey infile, -xcert file, -xchain file, +-xchain_build file, -xcertform DER|PEM, +-xkeyform DER|PEM
    + +
    +

    Set extended certificate verification options. +See openssl(1)/Extended Verification Options for details.

    +
    +
    -CAfile file, -no-CAfile, -CApath dir, -no-CApath, +-CAstore uri, -no-CAstore
    + +
    +

    See openssl(1)/Trusted Certificate Options for details.

    +
    +
    -bugs, -comp, -no_comp, -no_ticket, -serverpref, +-legacy_renegotiation, -no_renegotiation, -no_resumption_on_reneg, +-legacy_server_connect, -no_legacy_server_connect, +-allow_no_dhe_kex, -prioritize_chacha, -strict, -sigalgs +algs, -client_sigalgs algs, -groups groups, -curves +curves, -named_curve curve, -cipher ciphers, -ciphersuites +1.3ciphers, -min_protocol minprot, -max_protocol maxprot, +-record_padding padding, -debug_broken_protocol, -no_middlebox
    + +
    +

    See SSL_CONF_cmd(3)/SUPPORTED COMMAND LINE COMMANDS for details.

    +
    +
    -rand files, -writerand file
    + +
    +

    See openssl(1)/Random State Options for details.

    +
    +
    -engine id
    + +
    +

    See openssl(1)/Engine Options.

    +
    +
    -ssl_client_engine id
    + +
    +

    Specify engine to be used for client certificate operations.

    +
    +
    -allow_proxy_certs, -attime, -no_check_time, +-check_ss_sig, -crl_check, -crl_check_all, +-explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, +-inhibit_map, -no_alt_chains, -partial_chain, -policy, +-policy_check, -policy_print, -purpose, -suiteB_128, +-suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, +-auth_level, -verify_depth, -verify_email, -verify_hostname, +-verify_ip, -verify_name, -x509_strict -issuer_checks
    + +
    +

    Set various options of certificate chain verification. +See openssl(1)/Verification Options for details.

    +

    Verification errors are displayed, for debugging, but the command will +proceed unless the -verify_return_error option is used.

    +
    +
    host:port
    + +
    +

    Rather than providing -connect, the target hostname and optional port may +be provided as a single positional argument after all options. If neither this +nor -connect are provided, falls back to attempting to connect to +localhost on port 4433.

    +
    +
    +

    +

    +
    +

    CONNECTED COMMANDS

    +

    If a connection is established with an SSL server then any data received +from the server is displayed and any key presses will be sent to the +server. If end of file is reached then the connection will be closed down. When +used interactively (which means neither -quiet nor -ign_eof have been +given), then certain commands are also recognized which perform special +operations. These commands are a letter which must appear at the start of a +line. They are listed below.

    +
    +
    Q
    + +
    +

    End the current SSL connection and exit.

    +
    +
    R
    + +
    +

    Renegotiate the SSL session (TLSv1.2 and below only).

    +
    +
    k
    + +
    +

    Send a key update message to the server (TLSv1.3 only)

    +
    +
    K
    + +
    +

    Send a key update message to the server and request one back (TLSv1.3 only)

    +
    +
    +

    +

    +
    +

    NOTES

    +

    This command can be used to debug SSL servers. To connect to an SSL HTTP +server the command:

    +
    + openssl s_client -connect servername:443
    +

    would typically be used (https uses port 443). If the connection succeeds +then an HTTP command can be given such as "GET /" to retrieve a web page.

    +

    If the handshake fails then there are several possible causes, if it is +nothing obvious like no client certificate then the -bugs, +-ssl3, -tls1, -no_ssl3, -no_tls1 options can be tried +in case it is a buggy server. In particular you should play with these +options before submitting a bug report to an OpenSSL mailing list.

    +

    A frequent problem when attempting to get client certificates working +is that a web client complains it has no certificates or gives an empty +list to choose from. This is normally because the server is not sending +the clients certificate authority in its "acceptable CA list" when it +requests a certificate. By using this command, the CA list can be viewed +and checked. However some servers only request client authentication +after a specific URL is requested. To obtain the list in this case it +is necessary to use the -prexit option and send an HTTP request +for an appropriate page.

    +

    If a certificate is specified on the command line using the -cert +option it will not be used unless the server specifically requests +a client certificate. Therefor merely including a client certificate +on the command line is no guarantee that the certificate works.

    +

    If there are problems verifying a server certificate then the +-showcerts option can be used to show all the certificates sent by the +server.

    +

    This command is a test tool and is designed to continue the +handshake after any certificate verification errors. As a result it will +accept any certificate chain (trusted or not) sent by the peer. None test +applications should not do this as it makes them vulnerable to a MITM +attack. This behaviour can be changed by with the -verify_return_error +option: any verify errors are then returned aborting the handshake.

    +

    The -bind option may be useful if the server or a firewall requires +connections to come from some particular address and or port.

    +

    +

    +
    +

    BUGS

    +

    Because this program has a lot of options and also because some of the +techniques used are rather old, the C source for this command is rather +hard to read and not a model of how things should be done. +A typical SSL client program would be much simpler.

    +

    The -prexit option is a bit of a hack. We should really report +information whenever a session is renegotiated.

    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +openssl-sess_id(1), +openssl-s_server(1), +openssl-ciphers(1), +SSL_CONF_cmd(3), +SSL_CTX_set_max_send_fragment(3), +SSL_CTX_set_split_send_fragment(3), +SSL_CTX_set_max_pipelines(3), +ossl_store-file(7)

    +

    +

    +
    +

    HISTORY

    +

    The -no_alt_chains option was added in OpenSSL 1.1.0. +The -name option was added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man1/openssl-s_server.html b/linux_amd64/share/doc/openssl/html/man1/openssl-s_server.html new file mode 100755 index 0000000..cb6bfb0 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man1/openssl-s_server.html @@ -0,0 +1,1017 @@ + + + + +openssl-s_server + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    openssl-s_server - SSL/TLS server program

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl s_server +[-help] +[-port +int] +[-accept val] +[-unix val] +[-4] +[-6] +[-unlink] +[-context val] +[-verify int] +[-Verify int] +[-cert infile] +[-naccept +int] +[-serverinfo val] +[-certform DER|PEM] +[-key infile] +[-keyform DER|PEM] +[-pass val] +[-dcert infile] +[-dcertform DER|PEM] +[-dkey infile] +[-dkeyform DER|PEM] +[-dpass val] +[-nbio_test] +[-crlf] +[-debug] +[-msg] +[-msgfile outfile] +[-state] +[-nocert] +[-quiet] +[-no_resume_ephemeral] +[-www] +[-WWW] +[-http_server_binmode] +[-servername] +[-servername_fatal] +[-cert2 infile] +[-key2 infile] +[-tlsextdebug] +[-HTTP] +[-id_prefix val] +[-keymatexport val] +[-keymatexportlen +int] +[-CRLform DER|PEM] +[-CRL infile] +[-crl_download] +[-cert_chain infile] +[-dcert_chain infile] +[-chainCApath dir] +[-verifyCApath dir] +[-chainCAstore uri] +[-verifyCAstore uri] +[-no_cache] +[-ext_cache] +[-verify_return_error] +[-verify_quiet] +[-build_chain] +[-chainCAfile infile] +[-verifyCAfile infile] +[-ign_eof] +[-no_ign_eof] +[-status] +[-status_verbose] +[-status_timeout int] +[-status_url val] +[-status_file infile] +[-trace] +[-security_debug] +[-security_debug_verbose] +[-brief] +[-rev] +[-async] +[-ssl_config val] +[-max_send_frag +int] +[-split_send_frag +int] +[-max_pipelines +int] +[-read_buf +int] +[-bugs] +[-no_comp] +[-comp] +[-no_ticket] +[-serverpref] +[-legacy_renegotiation] +[-no_renegotiation] +[-legacy_server_connect] +[-no_resumption_on_reneg] +[-no_legacy_server_connect] +[-allow_no_dhe_kex] +[-prioritize_chacha] +[-strict] +[-sigalgs val] +[-client_sigalgs val] +[-groups val] +[-curves val] +[-named_curve val] +[-cipher val] +[-ciphersuites val] +[-dhparam infile] +[-record_padding val] +[-debug_broken_protocol] +[-nbio] +[-psk_identity val] +[-psk_hint val] +[-psk val] +[-psk_session file] +[-srpvfile infile] +[-srpuserseed val] +[-timeout] +[-mtu +int] +[-listen] +[-sctp] +[-sctp_label_bug] +[-no_dhe] +[-nextprotoneg val] +[-use_srtp val] +[-alpn val] +[-keylogfile outfile] +[-recv_max_early_data int] +[-max_early_data int] +[-early_data] +[-stateless] +[-anti_replay] +[-no_anti_replay] +[-num_tickets] +[-nameopt option] +[-no_ssl3] +[-no_tls1] +[-no_tls1_1] +[-no_tls1_2] +[-no_tls1_3] +[-ssl3] +[-tls1] +[-tls1_1] +[-tls1_2] +[-tls1_3] +[-dtls] +[-dtls1] +[-dtls1_2] +[-allow_proxy_certs] +[-attime timestamp] +[-no_check_time] +[-check_ss_sig] +[-crl_check] +[-crl_check_all] +[-explicit_policy] +[-extended_crl] +[-ignore_critical] +[-inhibit_any] +[-inhibit_map] +[-partial_chain] +[-policy arg] +[-policy_check] +[-policy_print] +[-purpose purpose] +[-suiteB_128] +[-suiteB_128_only] +[-suiteB_192] +[-trusted_first] +[-no_alt_chains] +[-use_deltas] +[-auth_level num] +[-verify_depth num] +[-verify_email email] +[-verify_hostname hostname] +[-verify_ip ip] +[-verify_name name] +[-x509_strict] +[-issuer_checks]

    +

    [-bugs] +[-no_comp] +[-comp] +[-no_ticket] +[-serverpref] +[-legacy_renegotiation] +[-no_renegotiation] +[-no_resumption_on_reneg] +[-legacy_server_connect] +[-no_legacy_server_connect] +[-allow_no_dhe_kex] +[-prioritize_chacha] +[-strict] +[-sigalgs algs] +[-client_sigalgs algs] +[-groups groups] +[-curves curves] +[-named_curve curve] +[-cipher ciphers] +[-ciphersuites 1.3ciphers] +[-min_protocol minprot] +[-max_protocol maxprot] +[-record_padding padding] +[-debug_broken_protocol] +[-no_middlebox] +[-xkey] infile +[-xcert file] +[-xchain] file +[-xchain_build] file +[-xcertform DER|PEM]> +[-xkeyform DER|PEM]> +[-CAfile file] +[-no-CAfile] +[-CApath dir] +[-no-CApath] +[-CAstore uri] +[-no-CAstore] +[-rand files] +[-writerand file] +[-engine id]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command implements a generic SSL/TLS server which +listens for connections on a given port using SSL/TLS.

    +

    +

    +
    +

    OPTIONS

    +

    In addition to the options below, this command also supports +the common and server only options documented +SSL_CONF_cmd(3)/Supported Command Line Commands

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -port +int
    + +
    +

    The TCP port to listen on for connections. If not specified 4433 is used.

    +
    +
    -accept val
    + +
    +

    The optional TCP host and port to listen on for connections. If not specified, *:4433 is used.

    +
    +
    -unix val
    + +
    +

    Unix domain socket to accept on.

    +
    +
    -4
    + +
    +

    Use IPv4 only.

    +
    +
    -6
    + +
    +

    Use IPv6 only.

    +
    +
    -unlink
    + +
    +

    For -unix, unlink any existing socket first.

    +
    +
    -context val
    + +
    +

    Sets the SSL context id. It can be given any string value. If this option +is not present a default value will be used.

    +
    +
    -verify int, -Verify int
    + +
    +

    The verify depth to use. This specifies the maximum length of the +client certificate chain and makes the server request a certificate from +the client. With the -verify option a certificate is requested but the +client does not have to send one, with the -Verify option the client +must supply a certificate or an error occurs.

    +

    If the cipher suite cannot request a client certificate (for example an +anonymous cipher suite or PSK) this option has no effect.

    +
    +
    -cert infile
    + +
    +

    The certificate to use, most servers cipher suites require the use of a +certificate and some require a certificate with a certain public key type: +for example the DSS cipher suites require a certificate containing a DSS +(DSA) key. If not specified then the filename server.pem will be used.

    +
    +
    -cert_chain
    + +
    +

    A file containing trusted certificates to use when attempting to build the +client/server certificate chain related to the certificate specified via the +-cert option.

    +
    +
    -build_chain
    + +
    +

    Specify whether the application should build the certificate chain to be +provided to the client.

    +
    +
    -naccept +int
    + +
    +

    The server will exit after receiving the specified number of connections, +default unlimited.

    +
    +
    -serverinfo val
    + +
    +

    A file containing one or more blocks of PEM data. Each PEM block +must encode a TLS ServerHello extension (2 bytes type, 2 bytes length, +followed by "length" bytes of extension data). If the client sends +an empty TLS ClientHello extension matching the type, the corresponding +ServerHello extension will be returned.

    +
    +
    -certform DER|PEM, -CRLForm DER|PEM
    + +
    +

    The certificate and CRL format; the default is PEM. +See openssl(1)/Format Options for details.

    +
    +
    -key infile
    + +
    +

    The private key to use. If not specified then the certificate file will +be used.

    +
    +
    -keyform DER|PEM
    + +
    +

    The key format; the default is PEM. +See openssl(1)/Format Options for details.

    +
    +
    -pass val
    + +
    +

    The private key password source. +For more information about the format of val, +see openssl(1)/Pass Phrase Options.

    +
    +
    -dcert infile, -dkey infile
    + +
    +

    Specify an additional certificate and private key, these behave in the +same manner as the -cert and -key options except there is no default +if they are not specified (no additional certificate and key is used). As +noted above some cipher suites require a certificate containing a key of +a certain type. Some cipher suites need a certificate carrying an RSA key +and some a DSS (DSA) key. By using RSA and DSS certificates and keys +a server can support clients which only support RSA or DSS cipher suites +by using an appropriate certificate.

    +
    +
    -dcert_chain
    + +
    +

    A file containing trusted certificates to use when attempting to build the +server certificate chain when a certificate specified via the -dcert option +is in use.

    +
    +
    -dcertform DER|PEM, -dkeyform DER|PEM
    + +
    +

    The format of the certificate and private key; the default is PEM +see openssl(1)/Format Options.

    +
    +
    -dpass val
    + +
    +

    The passphrase for the additional private key. +For more information about the format of val, +see openssl(1)/Pass Phrase Options.

    +
    +
    -nbio_test
    + +
    +

    Tests non blocking I/O.

    +
    +
    -crlf
    + +
    +

    This option translated a line feed from the terminal into CR+LF.

    +
    +
    -debug
    + +
    +

    Print extensive debugging information including a hex dump of all traffic.

    +
    +
    -msg
    + +
    +

    Show all protocol messages with hex dump.

    +
    +
    -msgfile outfile
    + +
    +

    File to send output of -msg or -trace to, default standard output.

    +
    +
    -state
    + +
    +

    Prints the SSL session states.

    +
    +
    -chainCApath dir
    + +
    +

    The directory to use for building the chain provided to the client. This +directory must be in "hash format", see openssl-verify(1) for more +information.

    +
    +
    -chainCAfile file
    + +
    +

    A file containing trusted certificates to use when attempting to build the +server certificate chain.

    +
    +
    -chainCAstore uri
    + +
    +

    The URI to a store to use for building the chain provided to the client. +The URI may indicate a single certificate, as well as a collection of +them. +With URIs in the file: scheme, this acts as -chainCAfile or +-chainCApath, depending on if the URI indicates a directory or a +single file. +See ossl_store-file(7) for more information on the file: scheme.

    +
    +
    -nocert
    + +
    +

    If this option is set then no certificate is used. This restricts the +cipher suites available to the anonymous ones (currently just anonymous +DH).

    +
    +
    -quiet
    + +
    +

    Inhibit printing of session and certificate information.

    +
    +
    -tlsextdebug
    + +
    +

    Print a hex dump of any TLS extensions received from the server.

    +
    +
    -www
    + +
    +

    Sends a status message back to the client when it connects. This includes +information about the ciphers used and various session parameters. +The output is in HTML format so this option can be used with a web browser. +The special URL /renegcert turns on client cert validation, and /reneg +tells the server to request renegotiation. +The -early_data option cannot be used with this option.

    +
    +
    -WWW, -HTTP
    + +
    +

    Emulates a simple web server. Pages will be resolved relative to the +current directory, for example if the URL https://myhost/page.html is +requested the file ./page.html will be sent. +If the -HTTP flag is used, the files are sent directly, and should contain +any HTTP response headers (including status response line). +If the -WWW option is used, +the response headers are generated by the server, and the file extension is +examined to determine the Content-Type header. +Extensions of html, htm, and php are text/html and all others are +text/plain. +In addition, the special URL /stats will return status +information like the -www option. +Neither of these options can be used in conjunction with -early_data.

    +
    +
    -http_server_binmode
    + +
    +

    When acting as web-server (using option -WWW or -HTTP) open files requested +by the client in binary mode.

    +
    +
    -id_prefix val
    + +
    +

    Generate SSL/TLS session IDs prefixed by val. This is mostly useful +for testing any SSL/TLS code (eg. proxies) that wish to deal with multiple +servers, when each of which might be generating a unique range of session +IDs (eg. with a certain prefix).

    +
    +
    -verify_return_error
    + +
    +

    Verification errors normally just print a message but allow the +connection to continue, for debugging purposes. +If this option is used, then verification errors close the connection.

    +
    +
    -status
    + +
    +

    Enables certificate status request support (aka OCSP stapling).

    +
    +
    -status_verbose
    + +
    +

    Enables certificate status request support (aka OCSP stapling) and gives +a verbose printout of the OCSP response.

    +
    +
    -status_timeout int
    + +
    +

    Sets the timeout for OCSP response to int seconds.

    +
    +
    -status_url val
    + +
    +

    Sets a fallback responder URL to use if no responder URL is present in the +server certificate. Without this option an error is returned if the server +certificate does not contain a responder address.

    +
    +
    -status_file infile
    + +
    +

    Overrides any OCSP responder URLs from the certificate and always provides the +OCSP Response stored in the file. The file must be in DER format.

    +
    +
    -trace
    + +
    +

    Show verbose trace output of protocol messages. OpenSSL needs to be compiled +with enable-ssl-trace for this option to work.

    +
    +
    -brief
    + +
    +

    Provide a brief summary of connection parameters instead of the normal verbose +output.

    +
    +
    -rev
    + +
    +

    Simple test server which just reverses the text received from the client +and sends it back to the server. Also sets -brief. Cannot be used in +conjunction with -early_data.

    +
    +
    -async
    + +
    +

    Switch on asynchronous mode. Cryptographic operations will be performed +asynchronously. This will only have an effect if an asynchronous capable engine +is also used via the -engine option. For test purposes the dummy async engine +(dasync) can be used (if available).

    +
    +
    -max_send_frag +int
    + +
    +

    The maximum size of data fragment to send. +See SSL_CTX_set_max_send_fragment(3) for further information.

    +
    +
    -split_send_frag +int
    + +
    +

    The size used to split data for encrypt pipelines. If more data is written in +one go than this value then it will be split into multiple pipelines, up to the +maximum number of pipelines defined by max_pipelines. This only has an effect if +a suitable cipher suite has been negotiated, an engine that supports pipelining +has been loaded, and max_pipelines is greater than 1. See +SSL_CTX_set_split_send_fragment(3) for further information.

    +
    +
    -max_pipelines +int
    + +
    +

    The maximum number of encrypt/decrypt pipelines to be used. This will only have +an effect if an engine has been loaded that supports pipelining (e.g. the dasync +engine) and a suitable cipher suite has been negotiated. The default value is 1. +See SSL_CTX_set_max_pipelines(3) for further information.

    +
    +
    -read_buf +int
    + +
    +

    The default read buffer size to be used for connections. This will only have an +effect if the buffer size is larger than the size that would otherwise be used +and pipelining is in use (see SSL_CTX_set_default_read_buffer_len(3) for +further information).

    +
    +
    -bugs
    + +
    +

    There are several known bugs in SSL and TLS implementations. Adding this +option enables various workarounds.

    +
    +
    -no_comp
    + +
    +

    Disable negotiation of TLS compression. +TLS compression is not recommended and is off by default as of +OpenSSL 1.1.0.

    +
    +
    -comp
    + +
    +

    Enable negotiation of TLS compression. +This option was introduced in OpenSSL 1.1.0. +TLS compression is not recommended and is off by default as of +OpenSSL 1.1.0.

    +
    +
    -no_ticket
    + +
    +

    Disable RFC4507bis session ticket support. This option has no effect if TLSv1.3 +is negotiated. See -num_tickets.

    +
    +
    -num_tickets
    + +
    +

    Control the number of tickets that will be sent to the client after a full +handshake in TLSv1.3. The default number of tickets is 2. This option does not +affect the number of tickets sent after a resumption handshake.

    +
    +
    -serverpref
    + +
    +

    Use the server's cipher preferences, rather than the client's preferences.

    +
    +
    -prioritize_chacha
    + +
    +

    Prioritize ChaCha ciphers when preferred by clients. Requires -serverpref.

    +
    +
    -no_resumption_on_reneg
    + +
    +

    Set the SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION option.

    +
    +
    -client_sigalgs val
    + +
    +

    Signature algorithms to support for client certificate authentication +(colon-separated list).

    +
    +
    -named_curve val
    + +
    +

    Specifies the elliptic curve to use. NOTE: this is single curve, not a list. +For a list of all possible curves, use:

    +
    +    $ openssl ecparam -list_curves
    +
    +
    -cipher val
    + +
    +

    This allows the list of TLSv1.2 and below ciphersuites used by the server to be +modified. This list is combined with any TLSv1.3 ciphersuites that have been +configured. When the client sends a list of supported ciphers the first client +cipher also included in the server list is used. Because the client specifies +the preference order, the order of the server cipherlist is irrelevant. See +openssl-ciphers(1) for more information.

    +
    +
    -ciphersuites val
    + +
    +

    This allows the list of TLSv1.3 ciphersuites used by the server to be modified. +This list is combined with any TLSv1.2 and below ciphersuites that have been +configured. When the client sends a list of supported ciphers the first client +cipher also included in the server list is used. Because the client specifies +the preference order, the order of the server cipherlist is irrelevant. See +openssl-ciphers(1) command for more information. The format for this list is +a simple colon (":") separated list of TLSv1.3 ciphersuite names.

    +
    +
    -dhparam infile
    + +
    +

    The DH parameter file to use. The ephemeral DH cipher suites generate keys +using a set of DH parameters. If not specified then an attempt is made to +load the parameters from the server certificate file. +If this fails then a static set of parameters hard coded into this command +will be used.

    +
    +
    -nbio
    + +
    +

    Turns on non blocking I/O.

    +
    +
    -psk_identity val
    + +
    +

    Expect the client to send PSK identity val when using a PSK +cipher suite, and warn if they do not. By default, the expected PSK +identity is the string "Client_identity".

    +
    +
    -psk_hint val
    + +
    +

    Use the PSK identity hint val when using a PSK cipher suite.

    +
    +
    -psk val
    + +
    +

    Use the PSK key val when using a PSK cipher suite. The key is +given as a hexadecimal number without leading 0x, for example -psk +1a2b3c4d. +This option must be provided in order to use a PSK cipher.

    +
    +
    -psk_session file
    + +
    +

    Use the pem encoded SSL_SESSION data stored in file as the basis of a PSK. +Note that this will only work if TLSv1.3 is negotiated.

    +
    +
    -listen
    + +
    +

    This option can only be used in conjunction with one of the DTLS options above. +With this option, this command will listen on a UDP port for incoming +connections. +Any ClientHellos that arrive will be checked to see if they have a cookie in +them or not. +Any without a cookie will be responded to with a HelloVerifyRequest. +If a ClientHello with a cookie is received then this command will +connect to that peer and complete the handshake.

    +
    +
    -sctp
    + +
    +

    Use SCTP for the transport protocol instead of UDP in DTLS. Must be used in +conjunction with -dtls, -dtls1 or -dtls1_2. This option is only +available where OpenSSL has support for SCTP enabled.

    +
    +
    -sctp_label_bug
    + +
    +

    Use the incorrect behaviour of older OpenSSL implementations when computing +endpoint-pair shared secrets for DTLS/SCTP. This allows communication with +older broken implementations but breaks interoperability with correct +implementations. Must be used in conjunction with -sctp. This option is only +available where OpenSSL has support for SCTP enabled.

    +
    +
    -no_dhe
    + +
    +

    If this option is set then no DH parameters will be loaded effectively +disabling the ephemeral DH cipher suites.

    +
    +
    -alpn val, -nextprotoneg val
    + +
    +

    These flags enable the Enable the Application-Layer Protocol Negotiation +or Next Protocol Negotiation (NPN) extension, respectively. ALPN is the +IETF standard and replaces NPN. +The val list is a comma-separated list of supported protocol +names. The list should contain the most desirable protocols first. +Protocol names are printable ASCII strings, for example "http/1.1" or +"spdy/3". +The flag -nextprotoneg cannot be specified if -tls1_3 is used.

    +
    +
    -keylogfile outfile
    + +
    +

    Appends TLS secrets to the specified keylog file such that external programs +(like Wireshark) can decrypt TLS connections.

    +
    +
    -max_early_data int
    + +
    +

    Change the default maximum early data bytes that are specified for new sessions +and any incoming early data (when used in conjunction with the -early_data +flag). The default value is approximately 16k. The argument must be an integer +greater than or equal to 0.

    +
    +
    -recv_max_early_data int
    + +
    +

    Specify the hard limit on the maximum number of early data bytes that will +be accepted.

    +
    +
    -early_data
    + +
    +

    Accept early data where possible. Cannot be used in conjunction with -www, +-WWW, -HTTP or -rev.

    +
    +
    -stateless
    + +
    +

    Require TLSv1.3 cookies.

    +
    +
    -anti_replay, -no_anti_replay
    + +
    +

    Switches replay protection on or off, respectively. Replay protection is on by +default unless overridden by a configuration file. When it is on, OpenSSL will +automatically detect if a session ticket has been used more than once, TLSv1.3 +has been negotiated, and early data is enabled on the server. A full handshake +is forced if a session ticket is used a second or subsequent time. Any early +data that was sent will be rejected.

    +
    +
    -nameopt option
    + +
    +

    This specifies how the subject or issuer names are displayed. +See openssl(1)/Name Format Options for details.

    +
    +
    -no_ssl3, -no_tls1, -no_tls1_1, -no_tls1_2, -no_tls1_3, +-ssl3, -tls1, -tls1_1, -tls1_2, -tls1_3
    + +
    +

    See openssl(1)/TLS Version Options.

    +
    +
    -dtls, -dtls1, -dtls1_2
    + +
    +

    These specify the use of DTLS instead of TLS. +See openssl(1)/TLS Version Options.

    +
    +
    -bugs, -comp, -no_comp, -no_ticket, -serverpref, +-legacy_renegotiation, -no_renegotiation, -no_resumption_on_reneg, +-legacy_server_connect, -no_legacy_server_connect, +-allow_no_dhe_kex, -prioritize_chacha, -strict, -sigalgs +algs, -client_sigalgs algs, -groups groups, -curves +curves, -named_curve curve, -cipher ciphers, -ciphersuites +1.3ciphers, -min_protocol minprot, -max_protocol maxprot, +-record_padding padding, -debug_broken_protocol, -no_middlebox
    + +
    +

    See SSL_CONF_cmd(3)/SUPPORTED COMMAND LINE COMMANDS for details.

    +
    +
    xkey infile, -xcert file, -xchain file, +-xchain_build file, -xcertform DER|PEM, +-xkeyform DER|PEM
    + +
    +

    Set extended certificate verification options. +See openssl(1)/Extended Verification Options for details.

    +
    +
    -CAfile file, -no-CAfile, -CApath dir, -no-CApath, +-CAstore uri, -no-CAstore
    + +
    +

    See openssl(1)/Trusted Certificate Options for details.

    +
    +
    -rand files, -writerand file
    + +
    +

    See openssl(1)/Random State Options for details.

    +
    +
    -engine id
    + +
    +

    See openssl(1)/Engine Options.

    +
    +
    -allow_proxy_certs, -attime, -no_check_time, +-check_ss_sig, -crl_check, -crl_check_all, +-explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, +-inhibit_map, -no_alt_chains, -partial_chain, -policy, +-policy_check, -policy_print, -purpose, -suiteB_128, +-suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, +-auth_level, -verify_depth, -verify_email, -verify_hostname, +-verify_ip, -verify_name, -x509_strict -issuer_checks
    + +
    +

    Set various options of certificate chain verification. +See openssl(1)/Verification Options for details.

    +

    If the server requests a client certificate, then +verification errors are displayed, for debugging, but the command will +proceed unless the -verify_return_error option is used.

    +
    +
    +

    +

    +
    +

    CONNECTED COMMANDS

    +

    If a connection request is established with an SSL client and neither the +-www nor the -WWW option has been used then normally any data received +from the client is displayed and any key presses will be sent to the client.

    +

    Certain commands are also recognized which perform special operations. These +commands are a letter which must appear at the start of a line. They are listed +below.

    +
    +
    q
    + +
    +

    End the current SSL connection but still accept new connections.

    +
    +
    Q
    + +
    +

    End the current SSL connection and exit.

    +
    +
    r
    + +
    +

    Renegotiate the SSL session (TLSv1.2 and below only).

    +
    +
    R
    + +
    +

    Renegotiate the SSL session and request a client certificate (TLSv1.2 and below +only).

    +
    +
    P
    + +
    +

    Send some plain text down the underlying TCP connection: this should +cause the client to disconnect due to a protocol violation.

    +
    +
    S
    + +
    +

    Print out some session cache status information.

    +
    +
    k
    + +
    +

    Send a key update message to the client (TLSv1.3 only)

    +
    +
    K
    + +
    +

    Send a key update message to the client and request one back (TLSv1.3 only)

    +
    +
    c
    + +
    +

    Send a certificate request to the client (TLSv1.3 only)

    +
    +
    +

    +

    +
    +

    NOTES

    +

    This command can be used to debug SSL clients. To accept connections +from a web browser the command:

    +
    + openssl s_server -accept 443 -www
    +

    can be used for example.

    +

    Although specifying an empty list of CAs when requesting a client certificate +is strictly speaking a protocol violation, some SSL clients interpret this to +mean any CA is acceptable. This is useful for debugging purposes.

    +

    The session parameters can printed out using the openssl-sess_id(1) command.

    +

    +

    +
    +

    BUGS

    +

    Because this program has a lot of options and also because some of the +techniques used are rather old, the C source for this command is rather +hard to read and not a model of how things should be done. +A typical SSL server program would be much simpler.

    +

    The output of common ciphers is wrong: it just gives the list of ciphers that +OpenSSL recognizes and the client supports.

    +

    There should be a way for this command to print out details +of any unknown cipher suites a client says it supports.

    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +openssl-sess_id(1), +openssl-s_client(1), +openssl-ciphers(1), +SSL_CONF_cmd(3), +SSL_CTX_set_max_send_fragment(3), +SSL_CTX_set_split_send_fragment(3), +SSL_CTX_set_max_pipelines(3), +ossl_store-file(7)

    +

    +

    +
    +

    HISTORY

    +

    The -no_alt_chains option was added in OpenSSL 1.1.0.

    +

    The +-allow-no-dhe-kex and -prioritize_chacha options were added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man1/openssl-s_time.html b/linux_amd64/share/doc/openssl/html/man1/openssl-s_time.html new file mode 100755 index 0000000..581c431 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man1/openssl-s_time.html @@ -0,0 +1,257 @@ + + + + +openssl-s_time + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    openssl-s_time - SSL/TLS performance timing program

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl s_time +[-help] +[-connect host:port] +[-www page] +[-cert filename] +[-key filename] +[-reuse] +[-new] +[-verify depth] +[-time seconds] +[-ssl3] +[-tls1] +[-tls1_1] +[-tls1_2] +[-tls1_3] +[-bugs] +[-cipher cipherlist] +[-ciphersuites val] +[-nameopt option] +[-cafile file] +[-CAfile file] +[-no-CAfile] +[-CApath dir] +[-no-CApath] +[-CAstore uri] +[-no-CAstore]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command implements a generic SSL/TLS client which +connects to a remote host using SSL/TLS. It can request a page from the server +and includes the time to transfer the payload data in its timing measurements. +It measures the number of connections within a given timeframe, the amount of +data transferred (if any), and calculates the average time spent for one +connection.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -connect host:port
    + +
    +

    This specifies the host and optional port to connect to.

    +
    +
    -www page
    + +
    +

    This specifies the page to GET from the server. A value of '/' gets the +index.html page. If this parameter is not specified, then this command +will only perform the handshake to establish SSL connections but not transfer +any payload data.

    +
    +
    -cert certname
    + +
    +

    The certificate to use, if one is requested by the server. The default is +not to use a certificate. The file is in PEM format.

    +
    +
    -key keyfile
    + +
    +

    The private key to use. If not specified then the certificate file will +be used. The file is in PEM format.

    +
    +
    -verify depth
    + +
    +

    The verify depth to use. This specifies the maximum length of the +server certificate chain and turns on server certificate verification. +Currently the verify operation continues after errors so all the problems +with a certificate chain can be seen. As a side effect the connection +will never fail due to a server certificate verify failure.

    +
    +
    -new
    + +
    +

    Performs the timing test using a new session ID for each connection. +If neither -new nor -reuse are specified, they are both on by default +and executed in sequence.

    +
    +
    -reuse
    + +
    +

    Performs the timing test using the same session ID; this can be used as a test +that session caching is working. If neither -new nor -reuse are +specified, they are both on by default and executed in sequence.

    +
    +
    -bugs
    + +
    +

    There are several known bugs in SSL and TLS implementations. Adding this +option enables various workarounds.

    +
    +
    -cipher cipherlist
    + +
    +

    This allows the TLSv1.2 and below cipher list sent by the client to be modified. +This list will be combined with any TLSv1.3 ciphersuites that have been +configured. Although the server determines which cipher suite is used it should +take the first supported cipher in the list sent by the client. See +openssl-ciphers(1) for more information.

    +
    +
    -ciphersuites val
    + +
    +

    This allows the TLSv1.3 ciphersuites sent by the client to be modified. This +list will be combined with any TLSv1.2 and below ciphersuites that have been +configured. Although the server determines which cipher suite is used it should +take the first supported cipher in the list sent by the client. See +openssl-ciphers(1) for more information. The format for this list is a +simple colon (":") separated list of TLSv1.3 ciphersuite names.

    +
    +
    -time length
    + +
    +

    Specifies how long (in seconds) this command should establish connections +and optionally transfer payload data from a server. Server and client +performance and the link speed determine how many connections it +can establish.

    +
    +
    -nameopt option
    + +
    +

    This specifies how the subject or issuer names are displayed. +See openssl(1)/Name Format Options for details.

    +
    +
    -CAfile file, -no-CAfile, -CApath dir, -no-CApath, +-CAstore uri, -no-CAstore
    + +
    +

    See openssl(1)/Trusted Certificate Options for details.

    +
    +
    -cafile file
    + +
    +

    This is an obsolete synonym for -CAfile.

    +
    +
    -ssl3, -tls1, -tls1_1, -tls1_2, -tls1_3
    + +
    +

    See openssl(1)/TLS Version Options.

    +
    +
    +

    +

    +
    +

    NOTES

    +

    This command can be used to measure the performance of an SSL connection. +To connect to an SSL HTTP server and get the default page the command

    +
    + openssl s_time -connect servername:443 -www / -CApath yourdir -CAfile yourfile.pem -cipher commoncipher [-ssl3]
    +

    would typically be used (https uses port 443). commoncipher is a cipher to +which both client and server can agree, see the openssl-ciphers(1) command +for details.

    +

    If the handshake fails then there are several possible causes, if it is +nothing obvious like no client certificate then the -bugs and +-ssl3 options can be tried +in case it is a buggy server. In particular you should play with these +options before submitting a bug report to an OpenSSL mailing list.

    +

    A frequent problem when attempting to get client certificates working +is that a web client complains it has no certificates or gives an empty +list to choose from. This is normally because the server is not sending +the clients certificate authority in its "acceptable CA list" when it +requests a certificate. By using openssl-s_client(1) the CA list can be +viewed and checked. However some servers only request client authentication +after a specific URL is requested. To obtain the list in this case it +is necessary to use the -prexit option of openssl-s_client(1) and +send an HTTP request for an appropriate page.

    +

    If a certificate is specified on the command line using the -cert +option it will not be used unless the server specifically requests +a client certificate. Therefor merely including a client certificate +on the command line is no guarantee that the certificate works.

    +

    +

    +
    +

    BUGS

    +

    Because this program does not have all the options of the +openssl-s_client(1) program to turn protocols on and off, you may not +be able to measure the performance of all protocols with all servers.

    +

    The -verify option should really exit if the server verification +fails.

    +

    +

    +
    +

    HISTORY

    +

    The -cafile option was deprecated in OpenSSL 3.0.

    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +openssl-s_client(1), +openssl-s_server(1), +openssl-ciphers(1), +ossl_store-file(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2004-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man1/openssl-sess_id.html b/linux_amd64/share/doc/openssl/html/man1/openssl-sess_id.html new file mode 100755 index 0000000..b5b1099 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man1/openssl-sess_id.html @@ -0,0 +1,213 @@ + + + + +openssl-sess_id + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    openssl-sess_id - SSL/TLS session handling utility

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl sess_id +[-help] +[-inform DER|PEM] +[-outform DER|PEM|NSS] +[-in filename] +[-out filename] +[-text] +[-cert] +[-noout] +[-context ID]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command processes the encoded version of the SSL session +structure and optionally prints out SSL session details (for example +the SSL session master key) in human readable format. Since this is a +diagnostic tool that needs some knowledge of the SSL protocol to use +properly, most users will not need to use it.

    +

    The precise format of the data can vary across OpenSSL versions and +is not documented.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -inform DER|PEM, -outform DER|PEM|NSS
    + +
    +

    The input and output formats; the default is PEM. +See openssl(1)/Format Options for details.

    +

    For NSS output, the session ID and master key are reported in NSS "keylog" +format.

    +
    +
    -in filename
    + +
    +

    This specifies the input filename to read session information from or standard +input by default.

    +
    +
    -out filename
    + +
    +

    This specifies the output filename to write session information to or standard +output if this option is not specified.

    +
    +
    -text
    + +
    +

    Prints out the various public or private key components in +plain text in addition to the encoded version.

    +
    +
    -cert
    + +
    +

    If a certificate is present in the session it will be output using this option, +if the -text option is also present then it will be printed out in text form.

    +
    +
    -noout
    + +
    +

    This option prevents output of the encoded version of the session.

    +
    +
    -context ID
    + +
    +

    This option can set the session id so the output session information uses the +supplied ID. The ID can be any string of characters. This option won't normally +be used.

    +
    +
    +

    +

    +
    +

    OUTPUT

    +

    Typical output:

    +
    + SSL-Session:
+     Protocol  : TLSv1
+     Cipher    : 0016
+     Session-ID: 871E62626C554CE95488823752CBD5F3673A3EF3DCE9C67BD916C809914B40ED
+     Session-ID-ctx: 01000000
+     Master-Key: A7CEFC571974BE02CAC305269DC59F76EA9F0B180CB6642697A68251F2D2BB57E51DBBB4C7885573192AE9AEE220FACD
+     Key-Arg   : None
+     Start Time: 948459261
+     Timeout   : 300 (sec)
+     Verify return code 0 (ok)
    +

    These are described below in more detail.

    +
    +
    Protocol
    + +
    +

    This is the protocol in use TLSv1.3, TLSv1.2, TLSv1.1, TLSv1 or SSLv3.

    +
    +
    Cipher
    + +
    +

    The cipher used this is the actual raw SSL or TLS cipher code, see the SSL +or TLS specifications for more information.

    +
    +
    Session-ID
    + +
    +

    The SSL session ID in hex format.

    +
    +
    Session-ID-ctx
    + +
    +

    The session ID context in hex format.

    +
    +
    Master-Key
    + +
    +

    This is the SSL session master key.

    +
    +
    Start Time
    + +
    +

    This is the session start time represented as an integer in standard +Unix format.

    +
    +
    Timeout
    + +
    +

    The timeout in seconds.

    +
    +
    Verify return code
    + +
    +

    This is the return code when an SSL client certificate is verified.

    +
    +
    +

    +

    +
    +

    NOTES

    +

    Since the SSL session output contains the master key it is +possible to read the contents of an encrypted session using this +information. Therefore appropriate security precautions should be taken if +the information is being output by a "real" application. This is however +strongly discouraged and should only be used for debugging purposes.

    +

    +

    +
    +

    BUGS

    +

    The cipher and start time should be printed out in human readable form.

    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +openssl-ciphers(1), +openssl-s_server(1)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man1/openssl-smime.html b/linux_amd64/share/doc/openssl/html/man1/openssl-smime.html new file mode 100755 index 0000000..344b62b --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man1/openssl-smime.html @@ -0,0 +1,585 @@ + + + + +openssl-smime + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    openssl-smime - S/MIME utility

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl smime +[-help] +[-encrypt] +[-decrypt] +[-sign] +[-resign] +[-verify] +[-pk7out] +[-binary] +[-crlfeol] +[-cipher] +[-in file] +[-certfile file] +[-signer file] +[-nointern] +[-noverify] +[-nochain] +[-nosigs] +[-nocerts] +[-noattr] +[-nodetach] +[-nosmimecap] +[-recip file] +[-inform DER|PEM|SMIME] +[-outform DER|PEM|SMIME] +[-keyform DER|PEM|ENGINE] +[-passin arg] +[-inkey file_or_id] +[-out file] +[-content file] +[-to addr] +[-from ad] +[-subject s] +[-text] +[-indef] +[-noindef] +[-stream] +[-md digest] +[-CAfile file] +[-no-CAfile] +[-CApath dir] +[-no-CApath] +[-CAstore uri] +[-no-CAstore] +[-engine id] +[-rand files] +[-writerand file] +[-allow_proxy_certs] +[-attime timestamp] +[-no_check_time] +[-check_ss_sig] +[-crl_check] +[-crl_check_all] +[-explicit_policy] +[-extended_crl] +[-ignore_critical] +[-inhibit_any] +[-inhibit_map] +[-partial_chain] +[-policy arg] +[-policy_check] +[-policy_print] +[-purpose purpose] +[-suiteB_128] +[-suiteB_128_only] +[-suiteB_192] +[-trusted_first] +[-no_alt_chains] +[-use_deltas] +[-auth_level num] +[-verify_depth num] +[-verify_email email] +[-verify_hostname hostname] +[-verify_ip ip] +[-verify_name name] +[-x509_strict] +[-issuer_checks]

    +

    cert.pem ...

    +

    +

    +
    +

    DESCRIPTION

    +

    This command handles S/MIME mail. It can encrypt, decrypt, sign +and verify S/MIME messages.

    +

    +

    +
    +

    OPTIONS

    +

    There are six operation options that set the type of operation to be performed. +The meaning of the other options varies according to the operation type.

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -encrypt
    + +
    +

    Encrypt mail for the given recipient certificates. Input file is the message +to be encrypted. The output file is the encrypted mail in MIME format.

    +

    Note that no revocation check is done for the recipient cert, so if that +key has been compromised, others may be able to decrypt the text.

    +
    +
    -decrypt
    + +
    +

    Decrypt mail using the supplied certificate and private key. Expects an +encrypted mail message in MIME format for the input file. The decrypted mail +is written to the output file.

    +
    +
    -sign
    + +
    +

    Sign mail using the supplied certificate and private key. Input file is +the message to be signed. The signed message in MIME format is written +to the output file.

    +
    +
    -verify
    + +
    +

    Verify signed mail. Expects a signed mail message on input and outputs +the signed data. Both clear text and opaque signing is supported.

    +
    +
    -pk7out
    + +
    +

    Takes an input message and writes out a PEM encoded PKCS#7 structure.

    +
    +
    -resign
    + +
    +

    Resign a message: take an existing message and one or more new signers.

    +
    +
    -in filename
    + +
    +

    The input message to be encrypted or signed or the MIME message to +be decrypted or verified.

    +
    +
    -out filename
    + +
    +

    The message text that has been decrypted or verified or the output MIME +format message that has been signed or verified.

    +
    +
    -inform DER|PEM|SMIME
    + +
    +

    The input format of the PKCS#7 (S/MIME) structure (if one is being read); +the default is SMIME. +See openssl(1)/Format Options for details.

    +
    +
    -outform DER|PEM|SMIME
    + +
    +

    The output format of the PKCS#7 (S/MIME) structure (if one is being written); +the default is SMIME. +See openssl(1)/Format Options for details.

    +
    +
    -keyform DER|PEM
    + +
    +

    The key format; the default is PEM. +See openssl(1)/Format Options for details.

    +
    +
    -stream, -indef, -noindef
    + +
    +

    The -stream and -indef options are equivalent and enable streaming I/O +for encoding operations. This permits single pass processing of data without +the need to hold the entire contents in memory, potentially supporting very +large files. Streaming is automatically set for S/MIME signing with detached +data if the output format is SMIME it is currently off by default for all +other operations.

    +
    +
    -noindef
    + +
    +

    Disable streaming I/O where it would produce and indefinite length constructed +encoding. This option currently has no effect. In future streaming will be +enabled by default on all relevant operations and this option will disable it.

    +
    +
    -content filename
    + +
    +

    This specifies a file containing the detached content, this is only +useful with the -verify command. This is only usable if the PKCS#7 +structure is using the detached signature form where the content is +not included. This option will override any content if the input format +is S/MIME and it uses the multipart/signed MIME content type.

    +
    +
    -text
    + +
    +

    This option adds plain text (text/plain) MIME headers to the supplied +message if encrypting or signing. If decrypting or verifying it strips +off text headers: if the decrypted or verified message is not of MIME +type text/plain then an error occurs.

    +
    +
    -md digest
    + +
    +

    Digest algorithm to use when signing or resigning. If not present then the +default digest algorithm for the signing key will be used (usually SHA1).

    +
    +
    -cipher
    + +
    +

    The encryption algorithm to use. For example DES (56 bits) - -des, +triple DES (168 bits) - -des3, +EVP_get_cipherbyname() function) can also be used preceded by a dash, for +example -aes-128-cbc. See openssl-enc(1) for list of ciphers +supported by your version of OpenSSL.

    +

    If not specified triple DES is used. Only used with -encrypt.

    +
    +
    -nointern
    + +
    +

    When verifying a message normally certificates (if any) included in +the message are searched for the signing certificate. With this option +only the certificates specified in the -certfile option are used. +The supplied certificates can still be used as untrusted CAs however.

    +
    +
    -noverify
    + +
    +

    Do not verify the signers certificate of a signed message.

    +
    +
    -nochain
    + +
    +

    Do not do chain verification of signers certificates; that is, do not +use the certificates in the signed message as untrusted CAs.

    +
    +
    -nosigs
    + +
    +

    Don't try to verify the signatures on the message.

    +
    +
    -nocerts
    + +
    +

    When signing a message the signer's certificate is normally included +with this option it is excluded. This will reduce the size of the +signed message but the verifier must have a copy of the signers certificate +available locally (passed using the -certfile option for example).

    +
    +
    -noattr
    + +
    +

    Normally when a message is signed a set of attributes are included which +include the signing time and supported symmetric algorithms. With this +option they are not included.

    +
    +
    -nodetach
    + +
    +

    When signing a message use opaque signing. This form is more resistant +to translation by mail relays but it cannot be read by mail agents that +do not support S/MIME. Without this option cleartext signing with +the MIME type multipart/signed is used.

    +
    +
    -nosmimecap
    + +
    +

    When signing a message, do not include the SMIMECapabilities attribute.

    +
    +
    -binary
    + +
    +

    Normally the input message is converted to "canonical" format which is +effectively using CR and LF as end of line: as required by the S/MIME +specification. When this option is present no translation occurs. This +is useful when handling binary data which may not be in MIME format.

    +
    +
    -crlfeol
    + +
    +

    Normally the output file uses a single LF as end of line. When this +option is present CRLF is used instead.

    +
    +
    -certfile file
    + +
    +

    Allows additional certificates to be specified. When signing these will +be included with the message. When verifying these will be searched for +the signers certificates. The certificates should be in PEM format.

    +
    +
    -signer file
    + +
    +

    A signing certificate when signing or resigning a message, this option can be +used multiple times if more than one signer is required. If a message is being +verified then the signers certificates will be written to this file if the +verification was successful.

    +
    +
    -nocerts
    + +
    +

    Don't include signers certificate when signing.

    +
    +
    -noattr
    + +
    +

    Don't include any signed attributes when signing.

    +
    +
    -recip file
    + +
    +

    The recipients certificate when decrypting a message. This certificate +must match one of the recipients of the message or an error occurs.

    +
    +
    -inkey file_or_id
    + +
    +

    The private key to use when signing or decrypting. This must match the +corresponding certificate. If this option is not specified then the +private key must be included in the certificate file specified with +the -recip or -signer file. When signing this option can be used +multiple times to specify successive keys. +If no engine is used, the argument is taken as a file; if an engine is +specified, the argument is given to the engine as a key identifier.

    +
    +
    -passin arg
    + +
    +

    The private key password source. For more information about the format of arg +see openssl(1)/Pass Phrase Options.

    +
    +
    -to, -from, -subject
    + +
    +

    The relevant mail headers. These are included outside the signed +portion of a message so they may be included manually. If signing +then many S/MIME mail clients check the signers certificate's email +address matches that specified in the From: address.

    +
    +
    -allow_proxy_certs, -attime, -no_check_time, +-check_ss_sig, -crl_check, -crl_check_all, +-explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, +-inhibit_map, -no_alt_chains, -partial_chain, -policy, +-policy_check, -policy_print, -purpose, -suiteB_128, +-suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, +-auth_level, -verify_depth, -verify_email, -verify_hostname, +-verify_ip, -verify_name, -x509_strict -issuer_checks
    + +
    +

    Set various options of certificate chain verification. +See openssl(1)/Verification Options for details.

    +

    Any verification errors cause the command to exit.

    +
    +
    -CAfile file, -no-CAfile, -CApath dir, -no-CApath, +-CAstore uri, -no-CAstore
    + +
    +

    See openssl(1)/Trusted Certificate Options for details.

    +
    +
    -engine id
    + +
    +

    See openssl(1)/Engine Options.

    +
    +
    -rand files, -writerand file
    + +
    +

    See openssl(1)/Random State Options for details.

    +
    +
    cert.pem ...
    + +
    +

    One or more certificates of message recipients, used when encrypting +a message.

    +
    +
    +

    +

    +
    +

    NOTES

    +

    The MIME message must be sent without any blank lines between the +headers and the output. Some mail programs will automatically add +a blank line. Piping the mail directly to sendmail is one way to +achieve the correct format.

    +

    The supplied message to be signed or encrypted must include the +necessary MIME headers or many S/MIME clients won't display it +properly (if at all). You can use the -text option to automatically +add plain text headers.

    +

    A "signed and encrypted" message is one where a signed message is +then encrypted. This can be produced by encrypting an already signed +message: see the examples section.

    +

    This version of the program only allows one signer per message but it +will verify multiple signers on received messages. Some S/MIME clients +choke if a message contains multiple signers. It is possible to sign +messages "in parallel" by signing an already signed message.

    +

    The options -encrypt and -decrypt reflect common usage in S/MIME +clients. Strictly speaking these process PKCS#7 enveloped data: PKCS#7 +encrypted data is used for other purposes.

    +

    The -resign option uses an existing message digest when adding a new +signer. This means that attributes must be present in at least one existing +signer using the same message digest or this operation will fail.

    +

    The -stream and -indef options enable streaming I/O support. +As a result the encoding is BER using indefinite length constructed encoding +and no longer DER. Streaming is supported for the -encrypt operation and the +-sign operation if the content is not detached.

    +

    Streaming is always used for the -sign operation with detached data but +since the content is no longer part of the PKCS#7 structure the encoding +remains DER.

    +

    +

    +
    +

    EXIT CODES

    +
      +
    1. +

      The operation was completely successfully.

      +
      2. +
    2. +

      An error occurred parsing the command options.

      +
      3. +
    3. +

      One of the input files could not be read.

      +
      4. +
    4. +

      An error occurred creating the PKCS#7 file or when reading the MIME +message.

      +
      5. +
    5. +

      An error occurred decrypting or verifying the message.

      +
      6. +
    6. +

      The message was verified correctly but an error occurred writing out +the signers certificates.

      +
      7. +
    +

    +

    +
    +

    EXAMPLES

    +

    Create a cleartext signed message:

    +
    + openssl smime -sign -in message.txt -text -out mail.msg \
+        -signer mycert.pem
    +

    Create an opaque signed message:

    +
    + openssl smime -sign -in message.txt -text -out mail.msg -nodetach \
+        -signer mycert.pem
    +

    Create a signed message, include some additional certificates and +read the private key from another file:

    +
    + openssl smime -sign -in in.txt -text -out mail.msg \
+        -signer mycert.pem -inkey mykey.pem -certfile mycerts.pem
    +

    Create a signed message with two signers:

    +
    + openssl smime -sign -in message.txt -text -out mail.msg \
+        -signer mycert.pem -signer othercert.pem
    +

    Send a signed message under Unix directly to sendmail, including headers:

    +
    + openssl smime -sign -in in.txt -text -signer mycert.pem \
+        -from steve@openssl.org -to someone@somewhere \
+        -subject "Signed message" | sendmail someone@somewhere
    +

    Verify a message and extract the signer's certificate if successful:

    +
    + openssl smime -verify -in mail.msg -signer user.pem -out signedtext.txt
    +

    Send encrypted mail using triple DES:

    +
    + openssl smime -encrypt -in in.txt -from steve@openssl.org \
+        -to someone@somewhere -subject "Encrypted message" \
+        -des3 user.pem -out mail.msg
    +

    Sign and encrypt mail:

    +
    + openssl smime -sign -in ml.txt -signer my.pem -text \
+        | openssl smime -encrypt -out mail.msg \
+        -from steve@openssl.org -to someone@somewhere \
+        -subject "Signed and Encrypted message" -des3 user.pem
    +

    Note: the encryption command does not include the -text option because the +message being encrypted already has MIME headers.

    +

    Decrypt mail:

    +
    + openssl smime -decrypt -in mail.msg -recip mycert.pem -inkey key.pem
    +

    The output from Netscape form signing is a PKCS#7 structure with the +detached signature format. You can use this program to verify the +signature by line wrapping the base64 encoded structure and surrounding +it with:

    +
    + -----BEGIN PKCS7-----
+ -----END PKCS7-----
    +

    and using the command:

    +
    + openssl smime -verify -inform PEM -in signature.pem -content content.txt
    +

    Alternatively you can base64 decode the signature and use:

    +
    + openssl smime -verify -inform DER -in signature.der -content content.txt
    +

    Create an encrypted message using 128 bit Camellia:

    +
    + openssl smime -encrypt -in plain.txt -camellia128 -out mail.msg cert.pem
    +

    Add a signer to an existing message:

    +
    + openssl smime -resign -in mail.msg -signer newsign.pem -out mail2.msg
    +

    +

    +
    +

    BUGS

    +

    The MIME parser isn't very clever: it seems to handle most messages that I've +thrown at it but it may choke on others.

    +

    The code currently will only write out the signer's certificate to a file: if +the signer has a separate encryption certificate this must be manually +extracted. There should be some heuristic that determines the correct +encryption certificate.

    +

    Ideally a database should be maintained of a certificates for each email +address.

    +

    The code doesn't currently take note of the permitted symmetric encryption +algorithms as supplied in the SMIMECapabilities signed attribute. This means the +user has to manually include the correct encryption algorithm. It should store +the list of permitted ciphers in a database and only use those.

    +

    No revocation checking is done on the signer's certificate.

    +

    The current code can only handle S/MIME v2 messages, the more complex S/MIME v3 +structures may cause parsing errors.

    +

    +

    +
    +

    SEE ALSO

    +

    ossl_store-file(7)

    +

    +

    +
    +

    HISTORY

    +

    The use of multiple -signer options and the -resign command were first +added in OpenSSL 1.0.0

    +

    The -no_alt_chains option was added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man1/openssl-speed.html b/linux_amd64/share/doc/openssl/html/man1/openssl-speed.html new file mode 100755 index 0000000..341f597 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man1/openssl-speed.html @@ -0,0 +1,173 @@ + + + + +openssl-speed + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    openssl-speed - test library performance

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl speed +[-help] +[-elapsed] +[-evp algo] +[-hmac algo] +[-cmac algo] +[-mb] +[-aead] +[-multi num] +[-async_jobs num] +[-misalign num] +[-decrypt] +[-primes num] +[-seconds num] +[-bytes num] +[-mr] +[-rand files] +[-writerand file] +[-engine id] +[algorithm ...]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command is used to test the performance of cryptographic algorithms. +To see the list of supported algorithms, use openssl list -digest-commands +or openssl list -cipher-commands command. The global CSPRNG is denoted by +the rand algorithm name.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -elapsed
    + +
    +

    When calculating operations- or bytes-per-second, use wall-clock time +instead of CPU user time as divisor. It can be useful when testing speed +of hardware engines.

    +
    +
    -evp algo
    + +
    +

    Use the specified cipher or message digest algorithm via the EVP interface. +If algo is an AEAD cipher, then you can pass -aead to benchmark a +TLS-like sequence. And if algo is a multi-buffer capable cipher, e.g. +aes-128-cbc-hmac-sha1, then -mb will time multi-buffer operation.

    +
    +
    -multi num
    + +
    +

    Run multiple operations in parallel.

    +
    +
    -async_jobs num
    + +
    +

    Enable async mode and start specified number of jobs.

    +
    +
    -misalign num
    + +
    +

    Misalign the buffers by the specified number of bytes.

    +
    +
    -hmac digest
    + +
    +

    Time the HMAC algorithm using the specified message digest.

    +
    +
    -cmac cipher
    + +
    +

    Time the CMAC algorithm using the specified cipher e.g. +openssl speed -cmac aes128.

    +
    +
    -decrypt
    + +
    +

    Time the decryption instead of encryption. Affects only the EVP testing.

    +
    +
    -primes num
    + +
    +

    Generate a num-prime RSA key and use it to run the benchmarks. This option +is only effective if RSA algorithm is specified to test.

    +
    +
    -seconds num
    + +
    +

    Run benchmarks for num seconds.

    +
    +
    -bytes num
    + +
    +

    Run benchmarks on num-byte buffers. Affects ciphers, digests and the CSPRNG.

    +
    +
    -mr
    + +
    +

    Produce the summary in a mechanical, machine-readable, format.

    +
    +
    -rand files, -writerand file
    + +
    +

    See openssl(1)/Random State Options for details.

    +
    +
    -engine id
    + +
    +

    See openssl(1)/Engine Options.

    +
    +
    algorithm ...
    + +
    +

    If any algorithm is given, then those algorithms are tested, otherwise a +pre-compiled grand selection is tested.

    +
    +
    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man1/openssl-spkac.html b/linux_amd64/share/doc/openssl/html/man1/openssl-spkac.html new file mode 100755 index 0000000..1037488 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man1/openssl-spkac.html @@ -0,0 +1,199 @@ + + + + +openssl-spkac + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    openssl-spkac - SPKAC printing and generating utility

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl spkac +[-help] +[-in filename] +[-out filename] +[-key keyfile] +[-keyform DER|PEM|ENGINE] +[-passin arg] +[-challenge string] +[-pubkey] +[-spkac spkacname] +[-spksect section] +[-noout] +[-verify] +[-engine id]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command processes Netscape signed public key and challenge +(SPKAC) files. It can print out their contents, verify the signature and +produce its own SPKACs from a supplied private key.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -in filename
    + +
    +

    This specifies the input filename to read from or standard input if this +option is not specified. Ignored if the -key option is used.

    +
    +
    -out filename
    + +
    +

    Specifies the output filename to write to or standard output by +default.

    +
    +
    -key keyfile
    + +
    +

    Create an SPKAC file using the private key in keyfile. The +-in, -noout, -spksect and -verify options are ignored if +present.

    +
    +
    -keyform DER|PEM|ENGINE
    + +
    +

    The key format; the default is PEM. +See openssl(1)/Format Options for details.

    +
    +
    -passin arg
    + +
    +

    The input file password source. For more information about the format of arg +see openssl(1)/Pass Phrase Options.

    +
    +
    -challenge string
    + +
    +

    Specifies the challenge string if an SPKAC is being created.

    +
    +
    -spkac spkacname
    + +
    +

    Allows an alternative name form the variable containing the +SPKAC. The default is "SPKAC". This option affects both +generated and input SPKAC files.

    +
    +
    -spksect section
    + +
    +

    Allows an alternative name form the section containing the +SPKAC. The default is the default section.

    +
    +
    -noout
    + +
    +

    Don't output the text version of the SPKAC (not used if an +SPKAC is being created).

    +
    +
    -pubkey
    + +
    +

    Output the public key of an SPKAC (not used if an SPKAC is +being created).

    +
    +
    -verify
    + +
    +

    Verifies the digital signature on the supplied SPKAC.

    +
    +
    -engine id
    + +
    +

    See openssl(1)/Engine Options.

    +
    +
    +

    +

    +
    +

    EXAMPLES

    +

    Print out the contents of an SPKAC:

    +
    + openssl spkac -in spkac.cnf
    +

    Verify the signature of an SPKAC:

    +
    + openssl spkac -in spkac.cnf -noout -verify
    +

    Create an SPKAC using the challenge string "hello":

    +
    + openssl spkac -key key.pem -challenge hello -out spkac.cnf
    +

    Example of an SPKAC, (long lines split up for clarity):

    +
    + SPKAC=MIG5MGUwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA\
+ 1cCoq2Wa3Ixs47uI7FPVwHVIPDx5yso105Y6zpozam135a\
+ 8R0CpoRvkkigIyXfcCjiVi5oWk+6FfPaD03uPFoQIDAQAB\
+ FgVoZWxsbzANBgkqhkiG9w0BAQQFAANBAFpQtY/FojdwkJ\
+ h1bEIYuc2EeM2KHTWPEepWYeawvHD0gQ3DngSC75YCWnnD\
+ dq+NQ3F+X4deMx9AaEglZtULwV4=
    +

    +

    +
    +

    NOTES

    +

    A created SPKAC with suitable DN components appended can be fed to +openssl-ca(1).

    +

    SPKACs are typically generated by Netscape when a form is submitted +containing the KEYGEN tag as part of the certificate enrollment +process.

    +

    The challenge string permits a primitive form of proof of possession +of private key. By checking the SPKAC signature and a random challenge +string some guarantee is given that the user knows the private key +corresponding to the public key being certified. This is important in +some applications. Without this it is possible for a previous SPKAC +to be used in a "replay attack".

    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +openssl-ca(1)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man1/openssl-srp.html b/linux_amd64/share/doc/openssl/html/man1/openssl-srp.html new file mode 100755 index 0000000..a0249cc --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man1/openssl-srp.html @@ -0,0 +1,129 @@ + + + + +openssl-srp + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    openssl-srp - maintain SRP password file

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl srp +[-help] +[-verbose] +[-add] +[-modify] +[-delete] +[-list] +[-name section] +[-config file] +[-srpvfile file] +[-gn identifier] +[-userinfo text] +[-passin arg] +[-passout arg] +[-engine id] +[-rand files] +[-writerand file] +[user ...]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command is used to maintain an SRP (secure remote password) file. +At most one of the -add, -modify, -delete, and -list options +can be specified. +These options take zero or more usernames as parameters and perform the +appropriate operation on the SRP file. +For -list, if no user is given then all users are displayed.

    +

    The configuration file to use, and the section within the file, can be +specified with the -config and -name flags, respectively.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Display an option summary.

    +
    +
    -verbose
    + +
    +

    Generate verbose output while processing.

    +
    +
    -srpvfile file
    + +
    +

    If the config file is not specified, +-srpvfile can be used to specify the file to operate on.

    +
    +
    -gn
    + +
    +

    Specifies the g and N values, using one of +the strengths defined in IETF RFC 5054.

    +
    +
    -userinfo
    + +
    +

    specifies additional information to add when +adding or modifying a user.

    +
    +
    -passin arg, -passout arg
    + +
    +

    The password source for the input and output file. +For more information about the format of arg +see openssl(1)/Pass Phrase Options.

    +
    +
    -engine id
    + +
    +

    See openssl(1)/Engine Options.

    +

    [-rand files] +[-writerand file]

    +
    +
    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man1/openssl-storeutl.html b/linux_amd64/share/doc/openssl/html/man1/openssl-storeutl.html new file mode 100755 index 0000000..f84372f --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man1/openssl-storeutl.html @@ -0,0 +1,179 @@ + + + + +openssl-storeutl + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    openssl-storeutl - STORE utility

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl storeutl +[-help] +[-out file] +[-noout] +[-passin arg] +[-text arg] +[-r] +[-certs] +[-keys] +[-crls] +[-subject arg] +[-issuer arg] +[-serial arg] +[-alias arg] +[-fingerprint arg] +[-digest] +[-engine id] +uri ...

    +

    +

    +
    +

    DESCRIPTION

    +

    This command can be used to display the contents (after +decryption as the case may be) fetched from the given URIs.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -out filename
    + +
    +

    specifies the output filename to write to or standard output by +default.

    +
    +
    -noout
    + +
    +

    this option prevents output of the PEM data.

    +
    +
    -passin arg
    + +
    +

    the key password source. For more information about the format of arg +see openssl(1)/Pass Phrase Options.

    +
    +
    -text
    + +
    +

    Prints out the objects in text form, similarly to the -text output from +openssl-x509(1), openssl-pkey(1), etc.

    +
    +
    -r
    + +
    +

    Fetch objects recursively when possible.

    +
    +
    -certs
    + +
    -keys
    + +
    -crls
    + +
    +

    Only select the certificates, keys or CRLs from the given URI. +However, if this URI would return a set of names (URIs), those are always +returned.

    +
    +
    -subject arg
    + +
    +

    Search for an object having the subject name arg. +The arg must be formatted as /type0=value0/type1=value1/type2=.... +Keyword characters may be escaped by \ (backslash), and whitespace is retained. +Empty values are permitted but are ignored for the search. That is, +a search with an empty value will have the same effect as not specifying +the type at all.

    +
    +
    -issuer arg
    + +
    -serial arg
    + +
    +

    Search for an object having the given issuer name and serial number. +These two options must be used together. +The issuer arg must be formatted as /type0=value0/type1=value1/type2=..., +characters may be escaped by \ (backslash), no spaces are skipped. +The serial arg may be specified as a decimal value or a hex value if preceded +by 0x.

    +
    +
    -alias arg
    + +
    +

    Search for an object having the given alias.

    +
    +
    -fingerprint arg
    + +
    +

    Search for an object having the given fingerprint.

    +
    +
    -digest
    + +
    +

    The digest that was used to compute the fingerprint given with -fingerprint.

    +
    +
    -engine id
    + +
    +

    See openssl(1)/Engine Options.

    +
    +
    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1)

    +

    +

    +
    +

    HISTORY

    +

    This command was added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man1/openssl-ts.html b/linux_amd64/share/doc/openssl/html/man1/openssl-ts.html new file mode 100755 index 0000000..a45c2e4 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man1/openssl-ts.html @@ -0,0 +1,753 @@ + + + + +openssl-ts + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    openssl-ts - Time Stamping Authority tool (client/server)

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl ts +-help

    +

    openssl ts +-query +[-config configfile] +[-data file_to_hash] +[-digest digest_bytes] +[-digest] +[-tspolicy object_id] +[-no_nonce] +[-cert] +[-in request.tsq] +[-out request.tsq] +[-text] +[-rand files] +[-writerand file]

    +

    openssl ts +-reply +[-config configfile] +[-section tsa_section] +[-queryfile request.tsq] +[-passin password_src] +[-signer tsa_cert.pem] +[-inkey file_or_id] +[-digest] +[-chain certs_file.pem] +[-tspolicy object_id] +[-in response.tsr] +[-untrusted file] +[-token_in] +[-out response.tsr] +[-token_out] +[-text] +[-engine id]

    +

    openssl ts +-verify +[-data file_to_hash] +[-digest digest_bytes] +[-queryfile request.tsq] +[-in response.tsr] +[-token_in] +[-CAfile file] +[-CApath dir] +[-CAstore uri] +[-allow_proxy_certs] +[-attime timestamp] +[-no_check_time] +[-check_ss_sig] +[-crl_check] +[-crl_check_all] +[-explicit_policy] +[-extended_crl] +[-ignore_critical] +[-inhibit_any] +[-inhibit_map] +[-partial_chain] +[-policy arg] +[-policy_check] +[-policy_print] +[-purpose purpose] +[-suiteB_128] +[-suiteB_128_only] +[-suiteB_192] +[-trusted_first] +[-no_alt_chains] +[-use_deltas] +[-auth_level num] +[-verify_depth num] +[-verify_email email] +[-verify_hostname hostname] +[-verify_ip ip] +[-verify_name name] +[-x509_strict] +[-issuer_checks]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command is a basic Time Stamping Authority (TSA) client and +server application as specified in RFC 3161 (Time-Stamp Protocol, TSP). A +TSA can be part of a PKI deployment and its role is to provide long +term proof of the existence of a certain datum before a particular +time. Here is a brief description of the protocol:

    +
      +
    1. +

      The TSA client computes a one-way hash value for a data file and sends +the hash to the TSA.

      +
      2. +
    2. +

      The TSA attaches the current date and time to the received hash value, +signs them and sends the timestamp token back to the client. By +creating this token the TSA certifies the existence of the original +data file at the time of response generation.

      +
      3. +
    3. +

      The TSA client receives the timestamp token and verifies the +signature on it. It also checks if the token contains the same hash +value that it had sent to the TSA.

      +
      4. +
    +

    There is one DER encoded protocol data unit defined for transporting a time +stamp request to the TSA and one for sending the timestamp response +back to the client. This command has three main functions: +creating a timestamp request based on a data file, +creating a timestamp response based on a request, verifying if a +response corresponds to a particular request or a data file.

    +

    There is no support for sending the requests/responses automatically +over HTTP or TCP yet as suggested in RFC 3161. The users must send the +requests either by ftp or e-mail.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    +

    +

    +

    Timestamp Request generation

    +

    The -query switch can be used for creating and printing a timestamp +request with the following options:

    +
    +
    -config configfile
    + +
    +

    The configuration file to use. +Optional; for a description of the default value, +see openssl(1)/COMMAND SUMMARY.

    +
    +
    -data file_to_hash
    + +
    +

    The data file for which the timestamp request needs to be +created. stdin is the default if neither the -data nor the -digest +parameter is specified. (Optional)

    +
    +
    -digest digest_bytes
    + +
    +

    It is possible to specify the message imprint explicitly without the data +file. The imprint must be specified in a hexadecimal format, two characters +per byte, the bytes optionally separated by colons (e.g. 1A:F6:01:... or +1AF601...). The number of bytes must match the message digest algorithm +in use. (Optional)

    +
    +
    -digest
    + +
    +

    The message digest to apply to the data file. +Any digest supported by the openssl-dgst(1) command can be used. +The default is SHA-256. (Optional)

    +
    +
    -tspolicy object_id
    + +
    +

    The policy that the client expects the TSA to use for creating the +timestamp token. Either the dotted OID notation or OID names defined +in the config file can be used. If no policy is requested the TSA will +use its own default policy. (Optional)

    +
    +
    -no_nonce
    + +
    +

    No nonce is specified in the request if this option is +given. Otherwise a 64 bit long pseudo-random none is +included in the request. It is recommended to use nonce to +protect against replay-attacks. (Optional)

    +
    +
    -cert
    + +
    +

    The TSA is expected to include its signing certificate in the +response. (Optional)

    +
    +
    -in request.tsq
    + +
    +

    This option specifies a previously created timestamp request in DER +format that will be printed into the output file. Useful when you need +to examine the content of a request in human-readable +format. (Optional)

    +
    +
    -out request.tsq
    + +
    +

    Name of the output file to which the request will be written. Default +is stdout. (Optional)

    +
    +
    -text
    + +
    +

    If this option is specified the output is human-readable text format +instead of DER. (Optional)

    +
    +
    -rand files, -writerand file
    + +
    +

    See openssl(1)/Random State Options for details.

    +
    +
    +

    +

    +

    Timestamp Response generation

    +

    A timestamp response (TimeStampResp) consists of a response status +and the timestamp token itself (ContentInfo), if the token generation was +successful. The -reply command is for creating a timestamp +response or timestamp token based on a request and printing the +response/token in human-readable format. If -token_out is not +specified the output is always a timestamp response (TimeStampResp), +otherwise it is a timestamp token (ContentInfo).

    +
    +
    -config configfile
    + +
    +

    The configuration file to use. +Optional; for a description of the default value, +see openssl(1)/COMMAND SUMMARY. +See CONFIGURATION FILE OPTIONS for configurable variables.

    +
    +
    -section tsa_section
    + +
    +

    The name of the config file section containing the settings for the +response generation. If not specified the default TSA section is +used, see CONFIGURATION FILE OPTIONS for details. (Optional)

    +
    +
    -queryfile request.tsq
    + +
    +

    The name of the file containing a DER encoded timestamp request. (Optional)

    +
    +
    -passin password_src
    + +
    +

    Specifies the password source for the private key of the TSA. See +description in openssl(1). (Optional)

    +
    +
    -signer tsa_cert.pem
    + +
    +

    The signer certificate of the TSA in PEM format. The TSA signing +certificate must have exactly one extended key usage assigned to it: +timeStamping. The extended key usage must also be critical, otherwise +the certificate is going to be refused. Overrides the signer_cert +variable of the config file. (Optional)

    +
    +
    -inkey file_or_id
    + +
    +

    The signer private key of the TSA in PEM format. Overrides the +signer_key config file option. (Optional) +If no engine is used, the argument is taken as a file; if an engine is +specified, the argument is given to the engine as a key identifier.

    +
    +
    -digest
    + +
    +

    Signing digest to use. Overrides the signer_digest config file +option. (Mandatory unless specified in the config file)

    +
    +
    -chain certs_file.pem
    + +
    +

    The collection of certificates in PEM format that will all +be included in the response in addition to the signer certificate if +the -cert option was used for the request. This file is supposed to +contain the certificate chain for the signer certificate from its +issuer upwards. The -reply command does not build a certificate +chain automatically. (Optional)

    +
    +
    -tspolicy object_id
    + +
    +

    The default policy to use for the response unless the client +explicitly requires a particular TSA policy. The OID can be specified +either in dotted notation or with its name. Overrides the +default_policy config file option. (Optional)

    +
    +
    -in response.tsr
    + +
    +

    Specifies a previously created timestamp response or timestamp token +(if -token_in is also specified) in DER format that will be written +to the output file. This option does not require a request, it is +useful e.g. when you need to examine the content of a response or +token or you want to extract the timestamp token from a response. If +the input is a token and the output is a timestamp response a default +'granted' status info is added to the token. (Optional)

    +
    +
    -token_in
    + +
    +

    This flag can be used together with the -in option and indicates +that the input is a DER encoded timestamp token (ContentInfo) instead +of a timestamp response (TimeStampResp). (Optional)

    +
    +
    -out response.tsr
    + +
    +

    The response is written to this file. The format and content of the +file depends on other options (see -text, -token_out). The default is +stdout. (Optional)

    +
    +
    -token_out
    + +
    +

    The output is a timestamp token (ContentInfo) instead of timestamp +response (TimeStampResp). (Optional)

    +
    +
    -text
    + +
    +

    If this option is specified the output is human-readable text format +instead of DER. (Optional)

    +
    +
    -engine id
    + +
    +

    See openssl(1)/Engine Options.

    +
    +
    +

    +

    +

    Timestamp Response verification

    +

    The -verify command is for verifying if a timestamp response or time +stamp token is valid and matches a particular timestamp request or +data file. The -verify command does not use the configuration file.

    +
    +
    -data file_to_hash
    + +
    +

    The response or token must be verified against file_to_hash. The file +is hashed with the message digest algorithm specified in the token. +The -digest and -queryfile options must not be specified with this one. +(Optional)

    +
    +
    -digest digest_bytes
    + +
    +

    The response or token must be verified against the message digest specified +with this option. The number of bytes must match the message digest algorithm +specified in the token. The -data and -queryfile options must not be +specified with this one. (Optional)

    +
    +
    -queryfile request.tsq
    + +
    +

    The original timestamp request in DER format. The -data and -digest +options must not be specified with this one. (Optional)

    +
    +
    -in response.tsr
    + +
    +

    The timestamp response that needs to be verified in DER format. (Mandatory)

    +
    +
    -token_in
    + +
    +

    This flag can be used together with the -in option and indicates +that the input is a DER encoded timestamp token (ContentInfo) instead +of a timestamp response (TimeStampResp). (Optional)

    +
    +
    -untrusted cert_file.pem
    + +
    +

    Set of additional untrusted certificates in PEM format which may be +needed when building the certificate chain for the TSA's signing +certificate. This file must contain the TSA signing certificate and +all intermediate CA certificates unless the response includes them. +(Optional)

    +
    +
    -CAfile file, -CApath dir, -CAstore uri
    + +
    +

    See openssl(1)/Trusted Certificate Options for details. +At least one of -CApath, -CAfile or -CAstore must be specified.

    +
    +
    -allow_proxy_certs, -attime, -no_check_time, +-check_ss_sig, -crl_check, -crl_check_all, +-explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, +-inhibit_map, -no_alt_chains, -partial_chain, -policy, +-policy_check, -policy_print, -purpose, -suiteB_128, +-suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, +-auth_level, -verify_depth, -verify_email, -verify_hostname, +-verify_ip, -verify_name, -x509_strict -issuer_checks
    + +
    +

    Set various options of certificate chain verification. +See openssl(1)/Verification Options for details.

    +

    Any verification errors cause the command to exit.

    +
    +
    +

    +

    +
    +

    CONFIGURATION FILE OPTIONS

    +

    The -query and -reply commands make use of a configuration file. +See config(5) +for a general description of the syntax of the config file. The +-query command uses only the symbolic OID names section +and it can work without it. However, the -reply command needs the +config file for its operation.

    +

    When there is a command line switch equivalent of a variable the +switch always overrides the settings in the config file.

    +
    +
    tsa section, default_tsa
    + +
    +

    This is the main section and it specifies the name of another section +that contains all the options for the -reply command. This default +section can be overridden with the -section command line switch. (Optional)

    +
    +
    oid_file
    + +
    +

    This specifies a file containing additional OBJECT IDENTIFIERS. +Each line of the file should consist of the numerical form of the +object identifier followed by white space then the short name followed +by white space and finally the long name. (Optional)

    +
    +
    oid_section
    + +
    +

    This specifies a section in the configuration file containing extra +object identifiers. Each line should consist of the short name of the +object identifier followed by = and the numerical form. The short +and long names are the same when this option is used. (Optional)

    +
    +
    RANDFILE
    + +
    +

    At startup the specified file is loaded into the random number generator, +and at exit 256 bytes will be written to it. (Note: Using a RANDFILE is +not necessary anymore, see the HISTORY section.

    +
    +
    serial
    + +
    +

    The name of the file containing the hexadecimal serial number of the +last timestamp response created. This number is incremented by 1 for +each response. If the file does not exist at the time of response +generation a new file is created with serial number 1. (Mandatory)

    +
    +
    crypto_device
    + +
    +

    Specifies the OpenSSL engine that will be set as the default for +all available algorithms. The default value is built-in, you can specify +any other engines supported by OpenSSL (e.g. use chil for the NCipher HSM). +(Optional)

    +
    +
    signer_cert
    + +
    +

    TSA signing certificate in PEM format. The same as the -signer +command line option. (Optional)

    +
    +
    certs
    + +
    +

    A file containing a set of PEM encoded certificates that need to be +included in the response. The same as the -chain command line +option. (Optional)

    +
    +
    signer_key
    + +
    +

    The private key of the TSA in PEM format. The same as the -inkey +command line option. (Optional)

    +
    +
    signer_digest
    + +
    +

    Signing digest to use. The same as the +-digest command line option. (Mandatory unless specified on the command +line)

    +
    +
    default_policy
    + +
    +

    The default policy to use when the request does not mandate any +policy. The same as the -tspolicy command line option. (Optional)

    +
    +
    other_policies
    + +
    +

    Comma separated list of policies that are also acceptable by the TSA +and used only if the request explicitly specifies one of them. (Optional)

    +
    +
    digests
    + +
    +

    The list of message digest algorithms that the TSA accepts. At least +one algorithm must be specified. (Mandatory)

    +
    +
    accuracy
    + +
    +

    The accuracy of the time source of the TSA in seconds, milliseconds +and microseconds. E.g. secs:1, millisecs:500, microsecs:100. If any of +the components is missing zero is assumed for that field. (Optional)

    +
    +
    clock_precision_digits
    + +
    +

    Specifies the maximum number of digits, which represent the fraction of +seconds, that need to be included in the time field. The trailing zeros +must be removed from the time, so there might actually be fewer digits, +or no fraction of seconds at all. Supported only on UNIX platforms. +The maximum value is 6, default is 0. +(Optional)

    +
    +
    ordering
    + +
    +

    If this option is yes the responses generated by this TSA can always +be ordered, even if the time difference between two responses is less +than the sum of their accuracies. Default is no. (Optional)

    +
    +
    tsa_name
    + +
    +

    Set this option to yes if the subject name of the TSA must be included in +the TSA name field of the response. Default is no. (Optional)

    +
    +
    ess_cert_id_chain
    + +
    +

    The SignedData objects created by the TSA always contain the +certificate identifier of the signing certificate in a signed +attribute (see RFC 2634, Enhanced Security Services). If this option +is set to yes and either the certs variable or the -chain option +is specified then the certificate identifiers of the chain will also +be included in the SigningCertificate signed attribute. If this +variable is set to no, only the signing certificate identifier is +included. Default is no. (Optional)

    +
    +
    ess_cert_id_alg
    + +
    +

    This option specifies the hash function to be used to calculate the TSA's +public key certificate identifier. Default is sha256. (Optional)

    +
    +
    +

    +

    +
    +

    EXAMPLES

    +

    All the examples below presume that OPENSSL_CONF is set to a proper +configuration file, e.g. the example configuration file +openssl/apps/openssl.cnf will do.

    +

    +

    +

    Timestamp Request

    +

    To create a timestamp request for design1.txt with SHA-256 digest, +without nonce and policy, and without requirement for a certificate +in the response:

    +
    +  openssl ts -query -data design1.txt -no_nonce \
+        -out design1.tsq
    +

    To create a similar timestamp request with specifying the message imprint +explicitly:

    +
    +  openssl ts -query -digest b7e5d3f93198b38379852f2c04e78d73abdd0f4b \
+         -no_nonce -out design1.tsq
    +

    To print the content of the previous request in human readable format:

    +
    +  openssl ts -query -in design1.tsq -text
    +

    To create a timestamp request which includes the SHA-512 digest +of design2.txt, requests the signer certificate and nonce, and +specifies a policy id (assuming the tsa_policy1 name is defined in the +OID section of the config file):

    +
    +  openssl ts -query -data design2.txt -sha512 \
+        -tspolicy tsa_policy1 -cert -out design2.tsq
    +

    +

    +

    Timestamp Response

    +

    Before generating a response a signing certificate must be created for +the TSA that contains the timeStamping critical extended key usage extension +without any other key usage extensions. You can add this line to the +user certificate section of the config file to generate a proper certificate;

    +
    +   extendedKeyUsage = critical,timeStamping
    +

    See openssl-req(1), openssl-ca(1), and openssl-x509(1) for +instructions. The examples below assume that cacert.pem contains the +certificate of the CA, tsacert.pem is the signing certificate issued +by cacert.pem and tsakey.pem is the private key of the TSA.

    +

    To create a timestamp response for a request:

    +
    +  openssl ts -reply -queryfile design1.tsq -inkey tsakey.pem \
+        -signer tsacert.pem -out design1.tsr
    +

    If you want to use the settings in the config file you could just write:

    +
    +  openssl ts -reply -queryfile design1.tsq -out design1.tsr
    +

    To print a timestamp reply to stdout in human readable format:

    +
    +  openssl ts -reply -in design1.tsr -text
    +

    To create a timestamp token instead of timestamp response:

    +
    +  openssl ts -reply -queryfile design1.tsq -out design1_token.der -token_out
    +

    To print a timestamp token to stdout in human readable format:

    +
    +  openssl ts -reply -in design1_token.der -token_in -text -token_out
    +

    To extract the timestamp token from a response:

    +
    +  openssl ts -reply -in design1.tsr -out design1_token.der -token_out
    +

    To add 'granted' status info to a timestamp token thereby creating a +valid response:

    +
    +  openssl ts -reply -in design1_token.der -token_in -out design1.tsr
    +

    +

    +

    Timestamp Verification

    +

    To verify a timestamp reply against a request:

    +
    +  openssl ts -verify -queryfile design1.tsq -in design1.tsr \
+        -CAfile cacert.pem -untrusted tsacert.pem
    +

    To verify a timestamp reply that includes the certificate chain:

    +
    +  openssl ts -verify -queryfile design2.tsq -in design2.tsr \
+        -CAfile cacert.pem
    +

    To verify a timestamp token against the original data file: + openssl ts -verify -data design2.txt -in design2.tsr \ + -CAfile cacert.pem

    +

    To verify a timestamp token against a message imprint: + openssl ts -verify -digest b7e5d3f93198b38379852f2c04e78d73abdd0f4b \ + -in design2.tsr -CAfile cacert.pem

    +

    You could also look at the 'test' directory for more examples.

    +

    +

    +
    +

    BUGS

    +
      +
    • +

      No support for timestamps over SMTP, though it is quite easy +to implement an automatic e-mail based TSA with procmail(1) +and perl(1). HTTP server support is provided in the form of +a separate apache module. HTTP client support is provided by +tsget(1). Pure TCP/IP protocol is not supported.

      +
      • +
    • +

      The file containing the last serial number of the TSA is not +locked when being read or written. This is a problem if more than one +instance of openssl(1) is trying to create a timestamp +response at the same time. This is not an issue when using the apache +server module, it does proper locking.

      +
      • +
    • +

      Look for the FIXME word in the source files.

      +
      • +
    • +

      The source code should really be reviewed by somebody else, too.

      +
      • +
    • +

      More testing is needed, I have done only some basic tests (see +test/testtsa).

      +
      • +
    +

    +

    +
    +

    HISTORY

    +

    OpenSSL 1.1.1 introduced a new random generator (CSPRNG) with an improved +seeding mechanism. The new seeding mechanism makes it unnecessary to +define a RANDFILE for saving and restoring randomness. This option is +retained mainly for compatibility reasons.

    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +tsget(1), +openssl-req(1), +openssl-x509(1), +openssl-ca(1), +openssl-genrsa(1), +config(5), +ossl_store-file(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man1/openssl-verify.html b/linux_amd64/share/doc/openssl/html/man1/openssl-verify.html new file mode 100755 index 0000000..6d4c0f4 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man1/openssl-verify.html @@ -0,0 +1,270 @@ + + + + +openssl-verify + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    openssl-verify - Utility to verify certificates

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl verify +[-help] +[-CRLfile file] +[-crl_download] +[-show_chain] +[-sm2-id hexstring] +[-sm2-hex-id hexstring] +[-verbose] +[-trusted file] +[-untrusted file] +[-nameopt option] +[-CAfile file] +[-no-CAfile] +[-CApath dir] +[-no-CApath] +[-CAstore uri] +[-no-CAstore] +[-engine id] +[-allow_proxy_certs] +[-attime timestamp] +[-no_check_time] +[-check_ss_sig] +[-crl_check] +[-crl_check_all] +[-explicit_policy] +[-extended_crl] +[-ignore_critical] +[-inhibit_any] +[-inhibit_map] +[-partial_chain] +[-policy arg] +[-policy_check] +[-policy_print] +[-purpose purpose] +[-suiteB_128] +[-suiteB_128_only] +[-suiteB_192] +[-trusted_first] +[-no_alt_chains] +[-use_deltas] +[-auth_level num] +[-verify_depth num] +[-verify_email email] +[-verify_hostname hostname] +[-verify_ip ip] +[-verify_name name] +[-x509_strict] +[-issuer_checks]

    +

    [--] +[certificate ...]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command verifies certificate chains.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -CAfile file, -no-CAfile, -CApath dir, -no-CApath
    + +
    +

    See openssl(1)/Trusted Certificate Options for more information.

    +
    +
    -CRLfile file
    + +
    +

    The file should contain one or more CRLs in PEM format. +This option can be specified more than once to include CRLs from multiple +files.

    +
    +
    -crl_download
    + +
    +

    Attempt to download CRL information for this certificate.

    +
    +
    -show_chain
    + +
    +

    Display information about the certificate chain that has been built (if +successful). Certificates in the chain that came from the untrusted list will be +flagged as "untrusted".

    +
    +
    -sm2-id hexstring
    + +
    +

    Specify the ID string to use when verifying an SM2 certificate. The ID string is +required by the SM2 signature algorithm for signing and verification.

    +
    +
    -sm2-hex-id hexstring
    + +
    +

    Specify a binary ID string to use when signing or verifying using an SM2 +certificate. The argument for this option is string of hexadecimal digits.

    +
    +
    -verbose
    + +
    +

    Print extra information about the operations being performed.

    +
    +
    -trusted file
    + +
    +

    A file of trusted certificates.

    +
    +
    -untrusted file
    + +
    +

    A file of untrusted certificates.

    +
    +
    -nameopt option
    + +
    +

    This specifies how the subject or issuer names are displayed. +See openssl(1)/Name Format Options for details.

    +
    +
    -engine id
    + +
    +

    See openssl(1)/Engine Options. +To load certificates or CRLs that require engine support, specify the +-engine option before any of the +-trusted, -untrusted or -CRLfile options.

    +
    +
    -CAfile file, -no-CAfile, -CApath dir, -no-CApath, +-CAstore uri, -no-CAstore
    + +
    +

    See openssl(1)/Trusted Certificate Options for details.

    +
    +
    -allow_proxy_certs, -attime, -no_check_time, +-check_ss_sig, -crl_check, -crl_check_all, +-explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, +-inhibit_map, -no_alt_chains, -partial_chain, -policy, +-policy_check, -policy_print, -purpose, -suiteB_128, +-suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, +-auth_level, -verify_depth, -verify_email, -verify_hostname, +-verify_ip, -verify_name, -x509_strict -issuer_checks
    + +
    +

    Set various options of certificate chain verification. +See openssl(1)/Verification Options for details.

    +
    +
    --
    + +
    +

    Indicates the last option. All arguments following this are assumed to be +certificate files. This is useful if the first certificate filename begins +with a -.

    +
    +
    certificate ...
    + +
    +

    One or more certificates to verify. If no certificates are given, +this command will attempt to read a certificate from standard input. +Certificates must be in PEM format. +If a certificate chain has multiple problems, this program tries to +display all of them.

    +
    +
    +

    +

    +
    +

    DIAGNOSTICS

    +

    When a verify operation fails the output messages can be somewhat cryptic. The +general form of the error message is:

    +
    + server.pem: /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
+ error 24 at 1 depth lookup:invalid CA certificate
    +

    The first line contains the name of the certificate being verified followed by +the subject name of the certificate. The second line contains the error number +and the depth. The depth is number of the certificate being verified when a +problem was detected starting with zero for the certificate being verified itself +then 1 for the CA that signed the certificate and so on. Finally a text version +of the error number is presented.

    +

    A list of the error codes and messages can be found in +X509_STORE_CTX_get_error(3); the full list is defined in the header file +<openssl/x509_vfy.h >>.

    +

    This command ignores many errors, in order to allow all the problems with a +certificate chain to be determined.

    +

    +

    +
    +

    BUGS

    +

    Although the issuer checks are a considerable improvement over the old +technique they still suffer from limitations in the underlying X509_LOOKUP +API. One consequence of this is that trusted certificates with matching +subject name must either appear in a file (as specified by the -CAfile +option), a directory (as specified by -CApath), or a store (as specified +by -CAstore). If they occur in more than one location then only the +certificates in the file will be recognised.

    +

    Previous versions of OpenSSL assume certificates with matching subject +name are identical and mishandled them.

    +

    Previous versions of this documentation swapped the meaning of the +X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT and +X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY error codes.

    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +openssl-x509(1), +ossl_store-file(7)

    +

    +

    +
    +

    HISTORY

    +

    The -show_chain option was added in OpenSSL 1.1.0.

    +

    The -sm2-id and -sm2-hex-id options were added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man1/openssl-version.html b/linux_amd64/share/doc/openssl/html/man1/openssl-version.html new file mode 100755 index 0000000..40482b3 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man1/openssl-version.html @@ -0,0 +1,142 @@ + + + + +openssl-version + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    openssl-version - print OpenSSL version information

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl version +[-help] +[-a] +[-v] +[-b] +[-o] +[-f] +[-p] +[-d] +[-e] +[-m] +[-r] +[-c]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command is used to print out version information about OpenSSL.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -a
    + +
    +

    All information, this is the same as setting all the other flags.

    +
    +
    -v
    + +
    +

    The current OpenSSL version.

    +
    +
    -b
    + +
    +

    The date the current version of OpenSSL was built.

    +
    +
    -o
    + +
    +

    Option information: various options set when the library was built.

    +
    +
    -f
    + +
    +

    Compilation flags.

    +
    +
    -p
    + +
    +

    Platform setting.

    +
    +
    -d
    + +
    +

    OPENSSLDIR setting.

    +
    +
    -e
    + +
    +

    ENGINESDIR settings.

    +
    +
    -m
    + +
    +

    MODULESDIR settings.

    +
    +
    -r
    + +
    +

    The random number generator source settings.

    +
    +
    -c
    + +
    +

    The OpenSSL CPU settings info.

    +
    +
    +

    +

    +
    +

    NOTES

    +

    The output of openssl version -a would typically be used when sending +in a bug report.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man1/openssl-x509.html b/linux_amd64/share/doc/openssl/html/man1/openssl-x509.html new file mode 100755 index 0000000..9c59ce5 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man1/openssl-x509.html @@ -0,0 +1,923 @@ + + + + +openssl-x509 + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    openssl-x509 - Certificate display and signing utility

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl x509 +[-help] +[-inform DER|PEM] +[-outform DER|PEM] +[-keyform DER|PEM|ENGINE] +[-CAform DER|PEM] +[-CAkeyform DER|PEM|ENGINE] +[-in filename] +[-out filename] +[-serial] +[-hash] +[-subject_hash] +[-subject_hash_old] +[-issuer_hash] +[-issuer_hash_old] +[-ocspid] +[-subject] +[-issuer] +[-email] +[-ocsp_uri] +[-startdate] +[-enddate] +[-purpose] +[-dates] +[-checkend num] +[-modulus] +[-pubkey] +[-fingerprint] +[-alias] +[-noout] +[-trustout] +[-clrtrust] +[-clrreject] +[-addtrust arg] +[-addreject arg] +[-setalias arg] +[-days arg] +[-set_serial n] +[-signkey arg] +[-badsig] +[-passin arg] +[-x509toreq] +[-req] +[-CA filename] +[-CAkey filename] +[-CAcreateserial] +[-CAserial filename] +[-new] +[-next_serial] +[-nocert] +[-force_pubkey filename] +[-subj arg] +[-text] +[-ext extensions] +[-certopt option] +[-checkhost host] +[-checkemail host] +[-checkip ipaddr] +[-C] +[-digest] +[-clrext] +[-extfile filename] +[-extensions section] +[-sigopt nm:v] +[-preserve_dates] +[-nameopt option] +[-rand files] +[-writerand file] +[-engine id]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command is a multi purpose certificate utility. It can +be used to display certificate information, convert certificates to +various forms, sign certificate requests like a "mini CA" or edit +certificate trust settings.

    +

    Since there are a large number of options they will split up into +various sections.

    +

    +

    +
    +

    OPTIONS

    +

    +

    +

    Input, Output, and General Purpose Options

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -inform DER|PEM, -outform DER|PEM
    + +
    +

    The input and formats; the default is PEM. +See openssl(1)/Format Options for details.

    +

    The input is normally an X.509 certificate, but this can change if other +options such as -req are used.

    +
    +
    -in filename
    + +
    +

    This specifies the input filename to read a certificate from or standard input +if this option is not specified.

    +
    +
    -out filename
    + +
    +

    This specifies the output filename to write to or standard output by +default.

    +
    +
    -digest
    + +
    +

    The digest to use. +This affects any signing or display option that uses a message +digest, such as the -fingerprint, -signkey and -CA options. +Any digest supported by the openssl-dgst(1) command can be used. +If not specified then SHA1 is used with -fingerprint or +the default digest for the signing algorithm is used, typically SHA256.

    +
    +
    -preserve_dates
    + +
    +

    When signing a certificate, preserve the "notBefore" and "notAfter" dates +instead of adjusting them to current time and duration. +Cannot be used with the -days option.

    +

    [-rand files] +[-writerand file]

    +
    +
    -engine id
    + +
    +

    See openssl(1)/Engine Options.

    +
    +
    +

    +

    +

    Display Options

    +

    Note: the -alias and -purpose options are also display options +but are described in the Trust Settings section.

    +
    +
    -text
    + +
    +

    Prints out the certificate in text form. Full details are output including the +public key, signature algorithms, issuer and subject names, serial number +any extensions present and any trust settings.

    +
    +
    -ext extensions
    + +
    +

    Prints out the certificate extensions in text form. Extensions are specified +with a comma separated string, e.g., "subjectAltName,subjectKeyIdentifier". +See the x509v3_config(5) manual page for the extension names.

    +
    +
    -certopt option
    + +
    +

    Customise the output format used with -text. The option argument +can be a single option or multiple options separated by commas. The +-certopt switch may be also be used more than once to set multiple +options. See the Text Options section for more information.

    +
    +
    -checkhost host
    + +
    +

    Check that the certificate matches the specified host.

    +
    +
    -checkemail email
    + +
    +

    Check that the certificate matches the specified email address.

    +
    +
    -checkip ipaddr
    + +
    +

    Check that the certificate matches the specified IP address.

    +
    +
    -noout
    + +
    +

    This option prevents output of the encoded version of the certificate.

    +
    +
    -pubkey
    + +
    +

    Outputs the certificate's SubjectPublicKeyInfo block in PEM format.

    +
    +
    -modulus
    + +
    +

    This option prints out the value of the modulus of the public key +contained in the certificate.

    +
    +
    -serial
    + +
    +

    Outputs the certificate serial number.

    +
    +
    -subject_hash
    + +
    +

    Outputs the "hash" of the certificate subject name. This is used in OpenSSL to +form an index to allow certificates in a directory to be looked up by subject +name.

    +
    +
    -issuer_hash
    + +
    +

    Outputs the "hash" of the certificate issuer name.

    +
    +
    -ocspid
    + +
    +

    Outputs the OCSP hash values for the subject name and public key.

    +
    +
    -hash
    + +
    +

    Synonym for "-subject_hash" for backward compatibility reasons.

    +
    +
    -subject_hash_old
    + +
    +

    Outputs the "hash" of the certificate subject name using the older algorithm +as used by OpenSSL before version 1.0.0.

    +
    +
    -issuer_hash_old
    + +
    +

    Outputs the "hash" of the certificate issuer name using the older algorithm +as used by OpenSSL before version 1.0.0.

    +
    +
    -subject
    + +
    +

    Outputs the subject name.

    +
    +
    -issuer
    + +
    +

    Outputs the issuer name.

    +
    +
    -nameopt option
    + +
    +

    This specifies how the subject or issuer names are displayed. +See openssl(1)/Name Format Options for details.

    +
    +
    -email
    + +
    +

    Outputs the email address(es) if any.

    +
    +
    -ocsp_uri
    + +
    +

    Outputs the OCSP responder address(es) if any.

    +
    +
    -startdate
    + +
    +

    Prints out the start date of the certificate, that is the notBefore date.

    +
    +
    -enddate
    + +
    +

    Prints out the expiry date of the certificate, that is the notAfter date.

    +
    +
    -dates
    + +
    +

    Prints out the start and expiry dates of a certificate.

    +
    +
    -checkend arg
    + +
    +

    Checks if the certificate expires within the next arg seconds and exits +nonzero if yes it will expire or zero if not.

    +
    +
    -fingerprint
    + +
    +

    Calculates and outputs the digest of the DER encoded version of the entire +certificate (see digest options). +This is commonly called a "fingerprint". Because of the nature of message +digests, the fingerprint of a certificate is unique to that certificate and +two certificates with the same fingerprint can be considered to be the same.

    +
    +
    -C
    + +
    +

    This outputs the certificate in the form of a C source file.

    +
    +
    +

    +

    +

    Trust Settings

    +

    A trusted certificate is an ordinary certificate which has several +additional pieces of information attached to it such as the permitted +and prohibited uses of the certificate and an "alias".

    +

    Normally when a certificate is being verified at least one certificate +must be "trusted". By default a trusted certificate must be stored +locally and must be a root CA: any certificate chain ending in this CA +is then usable for any purpose.

    +

    Trust settings currently are only used with a root CA. They allow a finer +control over the purposes the root CA can be used for. For example a CA +may be trusted for SSL client but not SSL server use.

    +

    See the description in openssl-verify(1) for more information +on the meaning of trust settings.

    +

    Future versions of OpenSSL will recognize trust settings on any +certificate: not just root CAs.

    +
    +
    -trustout
    + +
    +

    Output a trusted certificate rather than an ordinary. An ordinary +or trusted certificate can be input but by default an ordinary +certificate is output and any trust settings are discarded. With the +-trustout option a trusted certificate is output. A trusted +certificate is automatically output if any trust settings are modified.

    +
    +
    -setalias arg
    + +
    +

    Sets the alias of the certificate. This will allow the certificate +to be referred to using a nickname for example "Steve's Certificate".

    +
    +
    -alias
    + +
    +

    Outputs the certificate alias, if any.

    +
    +
    -clrtrust
    + +
    +

    Clears all the permitted or trusted uses of the certificate.

    +
    +
    -clrreject
    + +
    +

    Clears all the prohibited or rejected uses of the certificate.

    +
    +
    -addtrust arg
    + +
    +

    Adds a trusted certificate use. +Any object name can be used here but currently only clientAuth (SSL client +use), serverAuth (SSL server use), emailProtection (S/MIME email) and +anyExtendedKeyUsage are used. +As of OpenSSL 1.1.0, the last of these blocks all purposes when rejected or +enables all purposes when trusted. +Other OpenSSL applications may define additional uses.

    +
    +
    -addreject arg
    + +
    +

    Adds a prohibited use. It accepts the same values as the -addtrust +option.

    +
    +
    -purpose
    + +
    +

    This option performs tests on the certificate extensions and outputs +the results. For a more complete description see the +CERTIFICATE EXTENSIONS section.

    +
    +
    +

    +

    +

    Signing Options

    +

    This command can be used to sign certificates and requests: it +can thus behave like a "mini CA".

    +
    +
    -signkey arg
    + +
    +

    This option causes the input file to be self signed using the supplied +private key or engine. The private key's format is specified with the +-keyform option.

    +

    It sets the issuer name to the subject name (i.e., makes it self-issued) +and changes the public key to the supplied value (unless overridden by +-force_pubkey). It sets the validity start date to the current time +and the end date to a value determined by the -days option. +It retains any certificate extensions unless the -clrext option is supplied; +this includes, for example, any existing key identifier extensions.

    +
    +
    -badsig
    + +
    +

    Corrupt the signature before writing it; this can be useful +for testing.

    +
    +
    -sigopt nm:v
    + +
    +

    Pass options to the signature algorithm during sign or verify operations. +Names and values of these options are algorithm-specific.

    +
    +
    -passin arg
    + +
    +

    The key password source. For more information about the format of arg +see openssl(1)/Pass Phrase Options.

    +
    +
    -clrext
    + +
    +

    Delete any extensions from a certificate. This option is used when a +certificate is being created from another certificate (for example with +the -signkey or the -CA options). Normally all extensions are +retained.

    +
    +
    -keyform DER|PEM|ENGINE
    + +
    +

    The key format; the default is PEM. +See openssl(1)/Format Options for details.

    +
    +
    -CAform DER|PEM, -CAkeyform DER|PEM|ENGINE
    + +
    +

    The format for the CA certificate and key; the default is PEM. +See openssl(1)/Format Options for details.

    +
    +
    -days arg
    + +
    +

    Specifies the number of days to make a certificate valid for. The default +is 30 days. Cannot be used with the -preserve_dates option.

    +
    +
    -x509toreq
    + +
    +

    Converts a certificate into a certificate request. The -signkey option +is used to pass the required private key.

    +
    +
    -req
    + +
    +

    By default a certificate is expected on input. With this option a +certificate request is expected instead.

    +
    +
    -set_serial n
    + +
    +

    Specifies the serial number to use. This option can be used with either +the -signkey or -CA options. If used in conjunction with the -CA +option the serial number file (as specified by the -CAserial or +-CAcreateserial options) is not used.

    +

    The serial number can be decimal or hex (if preceded by 0x).

    +
    +
    -CA filename
    + +
    +

    Specifies the CA certificate to be used for signing. When this option is +present, this command behaves like a "mini CA". The input file is signed by +this CA using this option: that is its issuer name is set to the subject name +of the CA and it is digitally signed using the CAs private key.

    +

    This option is normally combined with the -req option. Without the +-req option the input is a certificate which must be self signed.

    +
    +
    -CAkey filename
    + +
    +

    Sets the CA private key to sign a certificate with. If this option is +not specified then it is assumed that the CA private key is present in +the CA certificate file.

    +
    +
    -CAserial filename
    + +
    +

    Sets the CA serial number file to use.

    +

    When the -CA option is used to sign a certificate it uses a serial +number specified in a file. This file consists of one line containing +an even number of hex digits with the serial number to use. After each +use the serial number is incremented and written out to the file again.

    +

    The default filename consists of the CA certificate file base name with +.srl appended. For example if the CA certificate file is called +mycacert.pem it expects to find a serial number file called +mycacert.srl.

    +
    +
    -CAcreateserial
    + +
    +

    With this option the CA serial number file is created if it does not exist: +it will contain the serial number "02" and the certificate being signed will +have the 1 as its serial number. If the -CA option is specified +and the serial number file does not exist a random number is generated; +this is the recommended practice.

    +
    +
    -extfile filename
    + +
    +

    File containing certificate extensions to use. If not specified then +no extensions are added to the certificate.

    +
    +
    -extensions section
    + +
    +

    The section to add certificate extensions from. If this option is not +specified then the extensions should either be contained in the unnamed +(default) section or the default section should contain a variable called +"extensions" which contains the section to use. See the +x509v3_config(5) manual page for details of the +extension section format.

    +
    +
    -new
    + +
    +

    Generate a certificate from scratch, not using an input certificate +or certificate request. So the -in option must not be used in this case. +Instead, the -subj and <-force_pubkey> options need to be given.

    +
    +
    -next_serial
    + +
    +

    Set the serial to be one more than the number in the certificate.

    +
    +
    -nocert
    + +
    +

    Do not generate or output a certificate.

    +
    +
    -force_pubkey filename
    + +
    +

    When a certificate is created set its public key to the key in filename +instead of the key contained in the input or given with the -signkey option.

    +

    This option is useful for creating self-issued certificates that are not +self-signed, for instance when the key cannot be used for signing, such as DH. +It can also be used in conjunction with b<-new> and -subj to directly +generate a certificate containing any desired public key.

    +

    The format of the key file can be specified using the -keyform option.

    +
    +
    -subj arg
    + +
    +

    When a certificate is created set its subject name to the given value. +The arg must be formatted as /type0=value0/type1=value1/type2=.... +Keyword characters may be escaped by \ (backslash), and whitespace is retained. +Empty values are permitted, but the corresponding type will not be included +in the certificate. Giving a single / will lead to an empty sequence of RDNs +(a NULL subject DN).

    +

    Unless the -CA option is given the issuer is set to the same value.

    +

    This option can be used in conjunction with the -force_pubkey option +to create a certificate even without providing an input certificate +or certificate request.

    +
    +
    +

    +

    +

    Text Options

    +

    As well as customising the name output format, it is also possible to +customise the actual fields printed using the certopt options when +the text option is present. The default behaviour is to print all fields.

    +
    +
    compatible
    + +
    +

    Use the old format. This is equivalent to specifying no output options at all.

    +
    +
    no_header
    + +
    +

    Don't print header information: that is the lines saying "Certificate" +and "Data".

    +
    +
    no_version
    + +
    +

    Don't print out the version number.

    +
    +
    no_serial
    + +
    +

    Don't print out the serial number.

    +
    +
    no_signame
    + +
    +

    Don't print out the signature algorithm used.

    +
    +
    no_validity
    + +
    +

    Don't print the validity, that is the notBefore and notAfter fields.

    +
    +
    no_subject
    + +
    +

    Don't print out the subject name.

    +
    +
    no_issuer
    + +
    +

    Don't print out the issuer name.

    +
    +
    no_pubkey
    + +
    +

    Don't print out the public key.

    +
    +
    no_sigdump
    + +
    +

    Don't give a hexadecimal dump of the certificate signature.

    +
    +
    no_aux
    + +
    +

    Don't print out certificate trust information.

    +
    +
    no_extensions
    + +
    +

    Don't print out any X509V3 extensions.

    +
    +
    ext_default
    + +
    +

    Retain default extension behaviour: attempt to print out unsupported +certificate extensions.

    +
    +
    ext_error
    + +
    +

    Print an error message for unsupported certificate extensions.

    +
    +
    ext_parse
    + +
    +

    ASN1 parse unsupported extensions.

    +
    +
    ext_dump
    + +
    +

    Hex dump unsupported extensions.

    +
    +
    ca_default
    + +
    +

    The value used by openssl-ca(1), equivalent to no_issuer, no_pubkey, +no_header, and no_version.

    +
    +
    +

    +

    +
    +

    EXAMPLES

    +

    Note: in these examples the '\' means the example should be all on one +line.

    +

    Display the contents of a certificate:

    +
    + openssl x509 -in cert.pem -noout -text
    +

    Display the "Subject Alternative Name" extension of a certificate:

    +
    + openssl x509 -in cert.pem -noout -ext subjectAltName
    +

    Display more extensions of a certificate:

    +
    + openssl x509 -in cert.pem -noout -ext subjectAltName,nsCertType
    +

    Display the certificate serial number:

    +
    + openssl x509 -in cert.pem -noout -serial
    +

    Display the certificate subject name:

    +
    + openssl x509 -in cert.pem -noout -subject
    +

    Display the certificate subject name in RFC2253 form:

    +
    + openssl x509 -in cert.pem -noout -subject -nameopt RFC2253
    +

    Display the certificate subject name in oneline form on a terminal +supporting UTF8:

    +
    + openssl x509 -in cert.pem -noout -subject -nameopt oneline,-esc_msb
    +

    Display the certificate SHA1 fingerprint:

    +
    + openssl x509 -sha1 -in cert.pem -noout -fingerprint
    +

    Convert a certificate from PEM to DER format:

    +
    + openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER
    +

    Convert a certificate to a certificate request:

    +
    + openssl x509 -x509toreq -in cert.pem -out req.pem -signkey key.pem
    +

    Convert a certificate request into a self signed certificate using +extensions for a CA:

    +
    + openssl x509 -req -in careq.pem -extfile openssl.cnf -extensions v3_ca \
+        -signkey key.pem -out cacert.pem
    +

    Sign a certificate request using the CA certificate above and add user +certificate extensions:

    +
    + openssl x509 -req -in req.pem -extfile openssl.cnf -extensions v3_usr \
+        -CA cacert.pem -CAkey key.pem -CAcreateserial
    +

    Set a certificate to be trusted for SSL client use and change set its alias to +"Steve's Class 1 CA"

    +
    + openssl x509 -in cert.pem -addtrust clientAuth \
+        -setalias "Steve's Class 1 CA" -out trust.pem
    +

    +

    +
    +

    NOTES

    +

    The conversion to UTF8 format used with the name options assumes that +T61Strings use the ISO8859-1 character set. This is wrong but Netscape +and MSIE do this as do many certificates. So although this is incorrect +it is more likely to display the majority of certificates correctly.

    +

    The -email option searches the subject name and the subject alternative +name extension. Only unique email addresses will be printed out: it will +not print the same address more than once.

    +

    +

    +
    +

    CERTIFICATE EXTENSIONS

    +

    The -purpose option checks the certificate extensions and determines +what the certificate can be used for. The actual checks done are rather +complex and include various hacks and workarounds to handle broken +certificates and software.

    +

    The same code is used when verifying untrusted certificates in chains +so this section is useful if a chain is rejected by the verify code.

    +

    The basicConstraints extension CA flag is used to determine whether the +certificate can be used as a CA. If the CA flag is true then it is a CA, +if the CA flag is false then it is not a CA. All CAs should have the +CA flag set to true.

    +

    If the basicConstraints extension is absent then the certificate is +considered to be a "possible CA" other extensions are checked according +to the intended use of the certificate. A warning is given in this case +because the certificate should really not be regarded as a CA: however +it is allowed to be a CA to work around some broken software.

    +

    If the certificate is a V1 certificate (and thus has no extensions) and +it is self signed it is also assumed to be a CA but a warning is again +given: this is to work around the problem of Verisign roots which are V1 +self signed certificates.

    +

    If the keyUsage extension is present then additional restraints are +made on the uses of the certificate. A CA certificate must have the +keyCertSign bit set if the keyUsage extension is present.

    +

    The extended key usage extension places additional restrictions on the +certificate uses. If this extension is present (whether critical or not) +the key can only be used for the purposes specified.

    +

    A complete description of each test is given below. The comments about +basicConstraints and keyUsage and V1 certificates above apply to all +CA certificates.

    +
    +
    SSL Client
    + +
    +

    The extended key usage extension must be absent or include the "web client +authentication" OID. keyUsage must be absent or it must have the +digitalSignature bit set. Netscape certificate type must be absent or it must +have the SSL client bit set.

    +
    +
    SSL Client CA
    + +
    +

    The extended key usage extension must be absent or include the "web client +authentication" OID. Netscape certificate type must be absent or it must have +the SSL CA bit set: this is used as a work around if the basicConstraints +extension is absent.

    +
    +
    SSL Server
    + +
    +

    The extended key usage extension must be absent or include the "web server +authentication" and/or one of the SGC OIDs. keyUsage must be absent or it +must have the digitalSignature, the keyEncipherment set or both bits set. +Netscape certificate type must be absent or have the SSL server bit set.

    +
    +
    SSL Server CA
    + +
    +

    The extended key usage extension must be absent or include the "web server +authentication" and/or one of the SGC OIDs. Netscape certificate type must +be absent or the SSL CA bit must be set: this is used as a work around if the +basicConstraints extension is absent.

    +
    +
    Netscape SSL Server
    + +
    +

    For Netscape SSL clients to connect to an SSL server it must have the +keyEncipherment bit set if the keyUsage extension is present. This isn't +always valid because some cipher suites use the key for digital signing. +Otherwise it is the same as a normal SSL server.

    +
    +
    Common S/MIME Client Tests
    + +
    +

    The extended key usage extension must be absent or include the "email +protection" OID. Netscape certificate type must be absent or should have the +S/MIME bit set. If the S/MIME bit is not set in Netscape certificate type +then the SSL client bit is tolerated as an alternative but a warning is shown: +this is because some Verisign certificates don't set the S/MIME bit.

    +
    +
    S/MIME Signing
    + +
    +

    In addition to the common S/MIME client tests the digitalSignature bit or +the nonRepudiation bit must be set if the keyUsage extension is present.

    +
    +
    S/MIME Encryption
    + +
    +

    In addition to the common S/MIME tests the keyEncipherment bit must be set +if the keyUsage extension is present.

    +
    +
    S/MIME CA
    + +
    +

    The extended key usage extension must be absent or include the "email +protection" OID. Netscape certificate type must be absent or must have the +S/MIME CA bit set: this is used as a work around if the basicConstraints +extension is absent.

    +
    +
    CRL Signing
    + +
    +

    The keyUsage extension must be absent or it must have the CRL signing bit +set.

    +
    +
    CRL Signing CA
    + +
    +

    The normal CA tests apply. Except in this case the basicConstraints extension +must be present.

    +
    +
    +

    +

    +
    +

    BUGS

    +

    Extensions in certificates are not transferred to certificate requests and +vice versa.

    +

    It is possible to produce invalid certificates or requests by specifying the +wrong private key or using inconsistent options in some cases: these should +be checked.

    +

    There should be options to explicitly set such things as start and end +dates rather than an offset from the current time.

    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +openssl-req(1), +openssl-ca(1), +openssl-genrsa(1), +openssl-gendsa(1), +openssl-verify(1), +x509v3_config(5)

    +

    +

    +
    +

    HISTORY

    +

    The hash algorithm used in the -subject_hash and -issuer_hash options +before OpenSSL 1.0.0 was based on the deprecated MD5 algorithm and the encoding +of the distinguished name. In OpenSSL 1.0.0 and later it is based on a canonical +version of the DN using SHA1. This means that any directories using the old +form must have their links rebuilt using openssl-rehash(1) or similar.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man1/openssl.html b/linux_amd64/share/doc/openssl/html/man1/openssl.html new file mode 100755 index 0000000..76005e5 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man1/openssl.html @@ -0,0 +1,1585 @@ + + + + +openssl + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    openssl - OpenSSL command line tool

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl +command +[ options ... ] +[ parameters ... ]

    +

    openssl +list +-standard-commands | +-digest-commands | +-cipher-commands | +-cipher-algorithms | +-digest-algorithms | +-mac-algorithms | +-public-key-algorithms

    +

    openssl no-XXX [ options ]

    +

    +

    +
    +

    DESCRIPTION

    +

    OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL +v2/v3) and Transport Layer Security (TLS v1) network protocols and related +cryptography standards required by them.

    +

    The openssl program is a command line tool for using the various +cryptography functions of OpenSSL's crypto library from the shell. +It can be used for

    +
    + o  Creation and management of private keys, public keys and parameters
+ o  Public key cryptographic operations
+ o  Creation of X.509 certificates, CSRs and CRLs
+ o  Calculation of Message Digests and Message Authentication Codes
+ o  Encryption and Decryption with Ciphers
+ o  SSL/TLS Client and Server Tests
+ o  Handling of S/MIME signed or encrypted mail
+ o  Timestamp requests, generation and verification
    +

    +

    +
    +

    COMMAND SUMMARY

    +

    The openssl program provides a rich variety of commands (command in +the SYNOPSIS above). +Each command can have many options and argument parameters, shown above as +options and parameters.

    +

    Detailed documentation and use cases for most standard subcommands are available +(e.g., openssl-x509(1)).

    +

    Many commands use an external configuration file for some or all of their +arguments and have a -config option to specify that file. +The default name of the file is openssl.cnf in the default certificate +storage area, which can be determined from the openssl-version(1) +command. +The environment variable OPENSSL_CONF can be used to specify +a different location of the file. +See openssl-env(7).

    +

    The list options -standard-commands, -digest-commands, +and -cipher-commands output a list (one entry per line) of the names +of all standard commands, message digest commands, or cipher commands, +respectively, that are available.

    +

    The list parameters -cipher-algorithms, -digest-algorithms, +and -mac-algorithms list all cipher, message digest, and message +authentication code names, one entry per line. Aliases are listed as:

    +
    + from => to
    +

    The list parameter -public-key-algorithms lists all supported public +key algorithms.

    +

    The command no-XXX tests whether a command of the +specified name is available. If no command named XXX exists, it +returns 0 (success) and prints no-XXX; otherwise it returns 1 +and prints XXX. In both cases, the output goes to stdout and +nothing is printed to stderr. Additional command line arguments +are always ignored. Since for each cipher there is a command of the +same name, this provides an easy way for shell scripts to test for the +availability of ciphers in the openssl program. (no-XXX is +not able to detect pseudo-commands such as quit, +list, or no-XXX itself.)

    +

    +

    +

    Standard Commands

    +
    +
    asn1parse
    + +
    +

    Parse an ASN.1 sequence.

    +
    +
    ca
    + +
    +

    Certificate Authority (CA) Management.

    +
    +
    ciphers
    + +
    +

    Cipher Suite Description Determination.

    +
    +
    cms
    + +
    +

    CMS (Cryptographic Message Syntax) utility.

    +
    +
    crl
    + +
    +

    Certificate Revocation List (CRL) Management.

    +
    +
    crl2pkcs7
    + +
    +

    CRL to PKCS#7 Conversion.

    +
    +
    dgst
    + +
    +

    Message Digest calculation. MAC calculations are superseded by +openssl-mac(1).

    +
    +
    dhparam
    + +
    +

    Generation and Management of Diffie-Hellman Parameters. Superseded by +openssl-genpkey(1) and openssl-pkeyparam(1).

    +
    +
    dsa
    + +
    +

    DSA Data Management.

    +
    +
    dsaparam
    + +
    +

    DSA Parameter Generation and Management. Superseded by +openssl-genpkey(1) and openssl-pkeyparam(1).

    +
    +
    ec
    + +
    +

    EC (Elliptic curve) key processing.

    +
    +
    ecparam
    + +
    +

    EC parameter manipulation and generation.

    +
    +
    enc
    + +
    +

    Encryption, decryption, and encoding.

    +
    +
    engine
    + +
    +

    Engine (loadable module) information and manipulation.

    +
    +
    errstr
    + +
    +

    Error Number to Error String Conversion.

    +
    +
    fipsinstall
    + +
    +

    FIPS configuration installation.

    +
    +
    gendsa
    + +
    +

    Generation of DSA Private Key from Parameters. Superseded by +openssl-genpkey(1) and openssl-pkey(1).

    +
    +
    genpkey
    + +
    +

    Generation of Private Key or Parameters.

    +
    +
    genrsa
    + +
    +

    Generation of RSA Private Key. Superseded by openssl-genpkey(1).

    +
    +
    help
    + +
    +

    Display information about a command's options.

    +
    +
    info
    + +
    +

    Display diverse information built into the OpenSSL libraries.

    +
    +
    kdf
    + +
    +

    Key Derivation Functions.

    +
    +
    list
    + +
    +

    List algorithms and features.

    +
    +
    mac
    + +
    +

    Message Authentication Code Calculation.

    +
    +
    nseq
    + +
    +

    Create or examine a Netscape certificate sequence.

    +
    +
    ocsp
    + +
    +

    Online Certificate Status Protocol utility.

    +
    +
    passwd
    + +
    +

    Generation of hashed passwords.

    +
    +
    pkcs12
    + +
    +

    PKCS#12 Data Management.

    +
    +
    pkcs7
    + +
    +

    PKCS#7 Data Management.

    +
    +
    pkcs8
    + +
    +

    PKCS#8 format private key conversion tool.

    +
    +
    pkey
    + +
    +

    Public and private key management.

    +
    +
    pkeyparam
    + +
    +

    Public key algorithm parameter management.

    +
    +
    pkeyutl
    + +
    +

    Public key algorithm cryptographic operation utility.

    +
    +
    prime
    + +
    +

    Compute prime numbers.

    +
    +
    provider
    + +
    +

    Load and query providers.

    +
    +
    rand
    + +
    +

    Generate pseudo-random bytes.

    +
    +
    rehash
    + +
    +

    Create symbolic links to certificate and CRL files named by the hash values.

    +
    +
    req
    + +
    +

    PKCS#10 X.509 Certificate Signing Request (CSR) Management.

    +
    +
    rsa
    + +
    +

    RSA key management.

    +
    +
    rsautl
    + +
    +

    RSA utility for signing, verification, encryption, and decryption. Superseded +by openssl-pkeyutl(1).

    +
    +
    s_client
    + +
    +

    This implements a generic SSL/TLS client which can establish a transparent +connection to a remote server speaking SSL/TLS. It's intended for testing +purposes only and provides only rudimentary interface functionality but +internally uses mostly all functionality of the OpenSSL ssl library.

    +
    +
    s_server
    + +
    +

    This implements a generic SSL/TLS server which accepts connections from remote +clients speaking SSL/TLS. It's intended for testing purposes only and provides +only rudimentary interface functionality but internally uses mostly all +functionality of the OpenSSL ssl library. It provides both an own command +line oriented protocol for testing SSL functions and a simple HTTP response +facility to emulate an SSL/TLS-aware webserver.

    +
    +
    s_time
    + +
    +

    SSL Connection Timer.

    +
    +
    sess_id
    + +
    +

    SSL Session Data Management.

    +
    +
    smime
    + +
    +

    S/MIME mail processing.

    +
    +
    speed
    + +
    +

    Algorithm Speed Measurement.

    +
    +
    spkac
    + +
    +

    SPKAC printing and generating utility.

    +
    +
    srp
    + +
    +

    Maintain SRP password file.

    +
    +
    storeutl
    + +
    +

    Utility to list and display certificates, keys, CRLs, etc.

    +
    +
    ts
    + +
    +

    Time Stamping Authority tool (client/server).

    +
    +
    verify
    + +
    +

    X.509 Certificate Verification.

    +
    +
    version
    + +
    +

    OpenSSL Version Information.

    +
    +
    x509
    + +
    +

    X.509 Certificate Data Management.

    +
    +
    +

    +

    +

    Message Digest Commands

    +
    +
    blake2b512
    + +
    +

    BLAKE2b-512 Digest

    +
    +
    blake2s256
    + +
    +

    BLAKE2s-256 Digest

    +
    +
    md2
    + +
    +

    MD2 Digest

    +
    +
    md4
    + +
    +

    MD4 Digest

    +
    +
    md5
    + +
    +

    MD5 Digest

    +
    +
    mdc2
    + +
    +

    MDC2 Digest

    +
    +
    rmd160
    + +
    +

    RMD-160 Digest

    +
    +
    sha1
    + +
    +

    SHA-1 Digest

    +
    +
    sha224
    + +
    +

    SHA-2 224 Digest

    +
    +
    sha256
    + +
    +

    SHA-2 256 Digest

    +
    +
    sha384
    + +
    +

    SHA-2 384 Digest

    +
    +
    sha512
    + +
    +

    SHA-2 512 Digest

    +
    +
    sha3-224
    + +
    +

    SHA-3 224 Digest

    +
    +
    sha3-256
    + +
    +

    SHA-3 256 Digest

    +
    +
    sha3-384
    + +
    +

    SHA-3 384 Digest

    +
    +
    sha3-512
    + +
    +

    SHA-3 512 Digest

    +
    +
    shake128
    + +
    +

    SHA-3 SHAKE128 Digest

    +
    +
    shake256
    + +
    +

    SHA-3 SHAKE256 Digest

    +
    +
    sm3
    + +
    +

    SM3 Digest

    +
    +
    +

    +

    +

    Encryption, Decryption, and Encoding Commands

    +

    The following aliases provide convenient access to the most used encodings +and ciphers.

    +

    Depending on how OpenSSL was configured and built, not all ciphers listed +here may be present. See openssl-enc(1) for more information.

    +
    +
    aes128, aes-128-cbc, aes-128-cfb, aes-128-ctr, aes-128-ecb, aes-128-ofb
    + +
    +

    AES-128 Cipher

    +
    +
    aes192, aes-192-cbc, aes-192-cfb, aes-192-ctr, aes-192-ecb, aes-192-ofb
    + +
    +

    AES-192 Cipher

    +
    +
    aes256, aes-256-cbc, aes-256-cfb, aes-256-ctr, aes-256-ecb, aes-256-ofb
    + +
    +

    AES-256 Cipher

    +
    +
    aria128, aria-128-cbc, aria-128-cfb, aria-128-ctr, aria-128-ecb, aria-128-ofb
    + +
    +

    Aria-128 Cipher

    +
    +
    aria192, aria-192-cbc, aria-192-cfb, aria-192-ctr, aria-192-ecb, aria-192-ofb
    + +
    +

    Aria-192 Cipher

    +
    +
    aria256, aria-256-cbc, aria-256-cfb, aria-256-ctr, aria-256-ecb, aria-256-ofb
    + +
    +

    Aria-256 Cipher

    +
    +
    base64
    + +
    +

    Base64 Encoding

    +
    +
    bf, bf-cbc, bf-cfb, bf-ecb, bf-ofb
    + +
    +

    Blowfish Cipher

    +
    +
    camellia128, camellia-128-cbc, camellia-128-cfb, camellia-128-ctr, camellia-128-ecb, camellia-128-ofb
    + +
    +

    Camellia-128 Cipher

    +
    +
    camellia192, camellia-192-cbc, camellia-192-cfb, camellia-192-ctr, camellia-192-ecb, camellia-192-ofb
    + +
    +

    Camellia-192 Cipher

    +
    +
    camellia256, camellia-256-cbc, camellia-256-cfb, camellia-256-ctr, camellia-256-ecb, camellia-256-ofb
    + +
    +

    Camellia-256 Cipher

    +
    +
    cast, cast-cbc
    + +
    +

    CAST Cipher

    +
    +
    cast5-cbc, cast5-cfb, cast5-ecb, cast5-ofb
    + +
    +

    CAST5 Cipher

    +
    +
    chacha20
    + +
    +

    Chacha20 Cipher

    +
    +
    des, des-cbc, des-cfb, des-ecb, des-ede, des-ede-cbc, des-ede-cfb, des-ede-ofb, des-ofb
    + +
    +

    DES Cipher

    +
    +
    des3, desx, des-ede3, des-ede3-cbc, des-ede3-cfb, des-ede3-ofb
    + +
    +

    Triple-DES Cipher

    +
    +
    idea, idea-cbc, idea-cfb, idea-ecb, idea-ofb
    + +
    +

    IDEA Cipher

    +
    +
    rc2, rc2-cbc, rc2-cfb, rc2-ecb, rc2-ofb
    + +
    +

    RC2 Cipher

    +
    +
    rc4
    + +
    +

    RC4 Cipher

    +
    +
    rc5, rc5-cbc, rc5-cfb, rc5-ecb, rc5-ofb
    + +
    +

    RC5 Cipher

    +
    +
    seed, seed-cbc, seed-cfb, seed-ecb, seed-ofb
    + +
    +

    SEED Cipher

    +
    +
    sm4, sm4-cbc, sm4-cfb, sm4-ctr, sm4-ecb, sm4-ofb
    + +
    +

    SM4 Cipher

    +
    +
    +

    +

    +
    +

    OPTIONS

    +

    Details of which options are available depend on the specific command. +This section describes some common options with common behavior.

    +

    +

    +

    Common Options

    +
    +
    -help
    + +
    +

    Provides a terse summary of all options. +If an option takes an argument, the "type" of argument is also given.

    +
    +
    --
    + +
    +

    This terminates the list of options. It is mostly useful if any filename +parameters start with a minus sign:

    +
    + openssl verify [flags...] -- -cert1.pem...
    +
    +
    +

    +

    +

    Format Options

    +

    Several OpenSSL commands can take input or generate output in a variety +of formats. The list of acceptable formats, and the default, is +described in each command documentation. The list of formats is +described below. Both uppercase and lowercase are accepted.

    +
    +
    DER
    + +
    +

    A binary format, encoded or parsed according to Distinguished Encoding Rules +(DER) of the ASN.1 data language.

    +
    +
    ENGINE
    + +
    +

    Used to specify that the cryptographic material is in an OpenSSL engine. +An engine must be configured or specified using the -engine option. +In addition, the -input flag can be used to name a specific object in +the engine. +A password, such as the -passin flag often must be specified as well.

    +
    +
    P12
    + +
    +

    A DER-encoded file containing a PKCS#12 object. +It might be necessary to provide a decryption password to retrieve +the private key.

    +
    +
    PEM
    + +
    +

    A text format defined in IETF RFC 1421 and IETF RFC 7468. Briefly, this is +a block of base-64 encoding (defined in IETF RFC 4648), with specific +lines used to mark the start and end:

    +
    + Text before the BEGIN line is ignored.
+ ----- BEGIN object-type -----
+ OT43gQKBgQC/2OHZoko6iRlNOAQ/tMVFNq7fL81GivoQ9F1U0Qr+DH3ZfaH8eIkX
+ xT0ToMPJUzWAn8pZv0snA0um6SIgvkCuxO84OkANCVbttzXImIsL7pFzfcwV/ERK
+ UM6j0ZuSMFOCr/lGPAoOQU0fskidGEHi1/kW+suSr28TqsyYZpwBDQ==
+ ----- END object-type -----
+ Text after the END line is also ignored
    +

    The object-type must match the type of object that is expected. +For example a BEGIN X509 CERTIFICATE will not match if the command +is trying to read a private key. The types supported include:

    +
    + ANY PRIVATE KEY
+ CERTIFICATE
+ CERTIFICATE REQUEST
+ CMS
+ DH PARAMETERS
+ DSA PARAMETERS
+ DSA PUBLIC KEY
+ EC PARAMETERS
+ EC PRIVATE KEY
+ ECDSA PUBLIC KEY
+ ENCRYPTED PRIVATE KEY
+ PARAMETERS
+ PKCS #7 SIGNED DATA
+ PKCS7
+ PRIVATE KEY
+ PUBLIC KEY
+ RSA PRIVATE KEY
+ SSL SESSION PARAMETERS
+ TRUSTED CERTIFICATE
+ X509 CRL
+ X9.42 DH PARAMETERS
    +

    The following legacy object-type's are also supported for compatibility +with earlier releases:

    +
    + DSA PRIVATE KEY
+ NEW CERTIFICATE REQUEST
+ RSA PUBLIC KEY
+ X509 CERTIFICATE
    +
    +
    SMIME
    + +
    +

    An S/MIME object as described in IETF RFC 8551. +Earlier versions were known as CMS and are compatible. +Note that the parsing is simple and might fail to parse some legal data.

    +
    +
    +

    The options to specify the format are as follows. Refer to the individual +manpage to see which options are accepted.

    +
    +
    -inform format, -outform format
    + +
    +

    The format of the input or output streams.

    +
    +
    -keyform format
    + +
    +

    Format of a private key input source.

    +
    +
    -CRLform format
    + +
    +

    Format of a CRL input source.

    +
    +
    +

    +

    +

    Pass Phrase Options

    +

    Several commands accept password arguments, typically using -passin +and -passout for input and output passwords respectively. These allow +the password to be obtained from a variety of sources. Both of these +options take a single argument whose format is described below. If no +password argument is given and a password is required then the user is +prompted to enter one: this will typically be read from the current +terminal with echoing turned off.

    +

    Note that character encoding may be relevant, please see +passphrase-encoding(7).

    +
    +
    pass:password
    + +
    +

    The actual password is password. Since the password is visible +to utilities (like 'ps' under Unix) this form should only be used +where security is not important.

    +
    +
    env:var
    + +
    +

    Obtain the password from the environment variable var. Since +the environment of other processes is visible on certain platforms +(e.g. ps under certain Unix OSes) this option should be used with caution.

    +
    +
    file:pathname
    + +
    +

    The first line of pathname is the password. If the same pathname +argument is supplied to -passin and -passout arguments then the first +line will be used for the input password and the next line for the output +password. pathname need not refer to a regular file: it could for example +refer to a device or named pipe.

    +
    +
    fd:number
    + +
    +

    Read the password from the file descriptor number. This can be used to +send the data via a pipe for example.

    +
    +
    stdin
    + +
    +

    Read the password from standard input.

    +
    +
    +

    +

    +

    Trusted Certificate Options

    +

    Part of validating a certificate includes verifying that the chain of CA's +can be traced up to an existing trusted root. The following options specify +how to list the trusted roots, also known as trust anchors. A collection +of trusted roots is called a trust store.

    +

    Note that OpenSSL does not provide a default set of trust anchors. Many +Linux distributions include a system default and configure OpenSSL to point +to that. Mozilla maintains an influential trust store that can be found at +https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/.

    +
    +
    -CAfile file
    + +
    +

    Load the specified file which contains one or more PEM-format certificates +of CA's that are trusted.

    +
    +
    -no-CAfile
    + +
    +

    Do not load the default file of trusted certificates.

    +
    +
    -CApath dir
    + +
    +

    Use the specified directory as a list of trust certificates. That is, +files should be named with the hash of the X.509 SubjectName of each +certificate. This is so that the library can extract the IssuerName, +hash it, and directly lookup the file to get the issuer certificate. +See openssl-rehash(1) for information on creating this type of directory.

    +
    +
    -no-CApath
    + +
    +

    Do not use the default directory of trusted certificates.

    +
    +
    -CAstore uri
    + +
    +

    Use uri as a store of trusted CA certificates. The URI may +indicate a single certificate, as well as a collection of them. +With URIs in the file: scheme, this acts as -CAfile or +-CApath, depending on if the URI indicates a single file or +directory. +See ossl_store-file(7) for more information on the file: scheme.

    +

    These certificates are also used when building the server certificate +chain (for example with openssl-s_server(1)) or client certificate +chain (for example with openssl-s_time(1)).

    +
    +
    -no-CAstore
    + +
    +

    Do not use the default store.

    +
    +
    +

    +

    +

    Random State Options

    +

    Prior to OpenSSL 3.0, it was common for applications to store information +about the state of the random-number generator in a file that was loaded +at startup and rewritten upon exit. On modern operating systems, this is +generally no longer necessary as OpenSSL will seed itself from the +appropriate CPU flags, device files, and so on. These flags are still +supported for special platforms or circumstances that might require them.

    +

    It is generally an error to use the same seed file more than once and +every use of -rand should be paired with -writerand.

    +
    +
    -rand files
    + +
    +

    A file or files containing random data used to seed the random number +generator. +Multiple files can be specified separated by an OS-dependent character. +The separator is ; for MS-Windows, , for OpenVMS, and : for +all others. Another way to specify multiple files is to repeat this flag +with different filenames.

    +
    +
    -writerand file
    + +
    +

    Writes the seed data to the specified file upon exit. +This file can be used in a subsequent command invocation.

    +
    +
    +

    +

    +

    Extended Verification Options

    +

    Sometimes there may be more than one certificate chain leading to an +end-entity certificate. +This usually happens when a root or intermediate CA signs a certificate +for another a CA in other organization. +Another reason is when a CA might have intermediates that use two different +signature formats, such as a SHA-1 and a SHA-256 digest.

    +

    The following options can be used to provide data that will allow the +OpenSSL command to generate an alternative chain.

    +
    +
    -xchain_build
    + +
    +

    Specify whether the application should build the certificate chain to be +provided to the server for the extra certificates via the -xkey, +-xcert, and -xchain options.

    +
    +
    -xkey infile, -xcert infile, -xchain
    + +
    +

    Specify an extra certificate, private key and certificate chain. These behave +in the same manner as the -cert, -key and -cert_chain options. When +specified, the callback returning the first valid chain will be in use by the +client.

    +
    +
    -xcertform DER|PEM, -xkeyform DER|PEM
    + +
    +

    The input format for the extra certificate and key, respectively. +See openssl(1)/Format Options for details.

    +
    +
    -xchain_build
    + +
    +

    Specify whether the application should build the certificate chain to be +provided to the server for the extra certificates via the -xkey, +-xcert, and -xchain options.

    +
    +
    -xcertform DER|PEM, -xkeyform DER|PEM
    + +
    +

    The input format for the extra certificate and key, respectively. +See openssl(1)/Format Options for details.

    +
    +
    +

    +

    +

    Verification Options

    +

    Many OpenSSL commands verify certificates. The details of how each +command handles errors are documented on the specific command page.

    +

    Verification is a complicated process, consisting of a number of separate +steps that are detailed in the following paragraphs.

    +

    First, a certificate chain is built up starting from the supplied certificate +and ending in a root CA. It is an error if the whole chain cannot be +built up. The chain is built up by looking up the certificate that +signed (or issued) the certificate. It then repeats the process, until +it gets to a certificate that is self-issued.

    +

    The process of looking up the issuer's certificate itself involves a number +of steps. After all certificates whose subject name matches the issuer +name of the current certificate are subject to further tests. The relevant +authority key identifier components of the current certificate (if present) +must match the subject key identifier (if present) and issuer and serial +number of the candidate issuer, in addition the keyUsage extension of the +candidate issuer (if present) must permit certificate signing.

    +

    The lookup first looks in the list of untrusted certificates and if no match +is found the remaining lookups are from the trusted certificates. The root CA +is always looked up in the trusted certificate list: if the certificate to +verify is a root certificate then an exact match must be found in the trusted +list.

    +

    The second step is to check every untrusted certificate's extensions +for consistency with the supplied purpose. If the -purpose option is +not included then no checks are done. The supplied or "leaf" certificate +must have extensions compatible with the supplied purpose and all other +certificates must also be valid CA certificates. The precise extensions +required are described in more detail in +openssl-x509(1)/CERTIFICATE EXTENSIONS.

    +

    The third step is to check the trust settings on the root CA. The root +CA should be trusted for the supplied purpose. For compatibility with +previous versions of OpenSSL, a certificate with no trust settings is +considered to be valid for all purposes.

    +

    The fourth, and final, step is to check the validity of the certificate +chain. The validity period is checked against the system time +and the notBefore and notAfter dates in the certificate. The certificate +signatures are also checked at this point. The -attime flag may be +used to specify a time other than "now."

    +

    If all operations complete successfully then certificate is considered +valid. If any operation fails then the certificate is not valid.

    +

    The details of the processing steps can be fine-tuned with the +following flags.

    +
    +
    -verbose
    + +
    +

    Print extra information about the operations being performed.

    +
    +
    -attime timestamp
    + +
    +

    Perform validation checks using time specified by timestamp and not +current system time. timestamp is the number of seconds since +January 1, 1970 (i.e., the Unix Epoch).

    +
    +
    -no_check_time
    + +
    +

    This option suppresses checking the validity period of certificates and CRLs +against the current time. If option -attime is used to specify +a verification time, the check is not suppressed.

    +
    +
    -x509_strict
    + +
    +

    This disables non-compliant workarounds for broken certificates.

    +
    +
    -ignore_critical
    + +
    +

    Normally if an unhandled critical extension is present which is not +supported by OpenSSL the certificate is rejected (as required by RFC5280). +If this option is set critical extensions are ignored.

    +
    +
    -issuer_checks
    + +
    +

    Ignored.

    +
    +
    -crl_check
    + +
    +

    Checks end entity certificate validity by attempting to look up a valid CRL. +If a valid CRL cannot be found an error occurs.

    +
    +
    -crl_check_all
    + +
    +

    Checks the validity of all certificates in the chain by attempting +to look up valid CRLs.

    +
    +
    -use_deltas
    + +
    +

    Enable support for delta CRLs.

    +
    +
    -extended_crl
    + +
    +

    Enable extended CRL features such as indirect CRLs and alternate CRL +signing keys.

    +
    +
    -suiteB_128_only, -suiteB_128, -suiteB_192
    + +
    +

    Enable the Suite B mode operation at 128 bit Level of Security, 128 bit or +192 bit, or only 192 bit Level of Security respectively. +See RFC6460 for details. In particular the supported signature algorithms are +reduced to support only ECDSA and SHA256 or SHA384 and only the elliptic curves +P-256 and P-384.

    +
    +
    -auth_level level
    + +
    +

    Set the certificate chain authentication security level to level. +The authentication security level determines the acceptable signature and +public key strength when verifying certificate chains. For a certificate +chain to validate, the public keys of all the certificates must meet the +specified security level. The signature algorithm security level is +enforced for all the certificates in the chain except for the chain's +trust anchor, which is either directly trusted or validated by means +other than its signature. See SSL_CTX_set_security_level(3) for the +definitions of the available levels. The default security level is -1, +or "not set". At security level 0 or lower all algorithms are acceptable. +Security level 1 requires at least 80-bit-equivalent security and is broadly +interoperable, though it will, for example, reject MD5 signatures or RSA +keys shorter than 1024 bits.

    +
    +
    -partial_chain
    + +
    +

    Allow verification to succeed even if a complete chain cannot be built to a +self-signed trust-anchor, provided it is possible to construct a chain to a +trusted certificate that might not be self-signed.

    +
    +
    -check_ss_sig
    + +
    +

    Verify the signature on the self-signed root CA. This is disabled by default +because it doesn't add any security.

    +
    +
    -allow_proxy_certs
    + +
    +

    Allow the verification of proxy certificates.

    +
    +
    -trusted_first
    + +
    +

    As of OpenSSL 1.1.0 this option is on by default and cannot be disabled.

    +
    +
    -no_alt_chains
    + +
    +

    As of OpenSSL 1.1.0, since -trusted_first always on, this option has no +effect.

    +
    +
    -trusted file
    + +
    +

    Parse file as a set of one or more certificates in PEM format. +All certificates must be self-signed, unless the +-partial_chain option is specified. +This option implies the -no-CAfile and -no-CApath options and it +cannot be used with either the -CAfile or -CApath options, so +only certificates in the file are trust anchors. +This option may be used multiple times.

    +
    +
    -untrusted file
    + +
    +

    Parse file as a set of one or more certificates in PEM format. +All certificates are untrusted certificates that may be used to +construct a certificate chain from the subject certificate to a trust anchor. +This option may be used multiple times.

    +
    +
    -policy arg
    + +
    +

    Enable policy processing and add arg to the user-initial-policy-set (see +RFC5280). The policy arg can be an object name an OID in numeric form. +This argument can appear more than once.

    +
    +
    -explicit_policy
    + +
    +

    Set policy variable require-explicit-policy (see RFC5280).

    +
    +
    -policy_check
    + +
    +

    Enables certificate policy processing.

    +
    +
    -policy_print
    + +
    +

    Print out diagnostics related to policy processing.

    +
    +
    -inhibit_any
    + +
    +

    Set policy variable inhibit-any-policy (see RFC5280).

    +
    +
    -inhibit_map
    + +
    +

    Set policy variable inhibit-policy-mapping (see RFC5280).

    +
    +
    -purpose purpose
    + +
    +

    The intended use for the certificate. If this option is not specified, this +command will not consider certificate purpose during chain verification. +Currently accepted uses are sslclient, sslserver, nssslserver, +smimesign, smimeencrypt.

    +
    +
    -verify_depth num
    + +
    +

    Limit the certificate chain to num intermediate CA certificates. +A maximal depth chain can have up to num+2 certificates, since neither the +end-entity certificate nor the trust-anchor certificate count against the +-verify_depth limit.

    +
    +
    -verify_email email
    + +
    +

    Verify if email matches the email address in Subject Alternative Name or +the email in the subject Distinguished Name.

    +
    +
    -verify_hostname hostname
    + +
    +

    Verify if hostname matches DNS name in Subject Alternative Name or +Common Name in the subject certificate.

    +
    +
    -verify_ip ip
    + +
    +

    Verify if ip matches the IP address in Subject Alternative Name of +the subject certificate.

    +
    +
    -verify_name name
    + +
    +

    Use default verification policies like trust model and required certificate +policies identified by name. +The trust model determines which auxiliary trust or reject OIDs are applicable +to verifying the given certificate chain. +See the -addtrust and -addreject options for openssl-x509(1). +Supported policy names include: default, pkcs7, smime_sign, +ssl_client, ssl_server. +These mimics the combinations of purpose and trust settings used in SSL, CMS +and S/MIME. +As of OpenSSL 1.1.0, the trust model is inferred from the purpose when not +specified, so the -verify_name options are functionally equivalent to the +corresponding -purpose settings.

    +
    +
    +

    +

    +

    Name Format Options

    +

    OpenSSL provides fine-grain control over how the subject and issuer DN's are +displayed. +This is specified by using the -nameopt option, which takes a +comma-separated list of options from the following set. +An option may be preceded by a minus sign, -, to turn it off. +The default value is oneline. +The first four are the most commonly used.

    +
    +
    compat
    + +
    +

    Display the name using an old format from previous OpenSSL versions.

    +
    +
    RFC2253
    + +
    +

    Display the name using the format defined in RFC 2253. +It is equivalent to esc_2253, esc_ctrl, esc_msb, utf8, +dump_nostr, dump_unknown, dump_der, sep_comma_plus, dn_rev +and sname.

    +
    +
    oneline
    + +
    +

    Display the name in one line, using a format that is more readable +RFC 2253. +It is equivalent to esc_2253, esc_ctrl, esc_msb, utf8, +dump_nostr, dump_der, use_quote, sep_comma_plus_space, +space_eq and sname options.

    +
    +
    multiline
    + +
    +

    Display the name using multiple lines. +It is equivalent to esc_ctrl, esc_msb, sep_multiline, space_eq, +lname and align.

    +
    +
    esc_2253
    + +
    +

    Escape the "special" characters in a field, as required by RFC 2253. +That is, any of the characters ,+"<>;, # at the beginning of +a string and leading or trailing spaces.

    +
    +
    esc_2254
    + +
    +

    Escape the "special" characters in a field as required by RFC 2254 in a field. +That is, the NUL character and and of ()*.

    +
    +
    esc_ctrl
    + +
    +

    Escape non-printable ASCII characters, codes less than 0x20 (space) +or greater than 0x7F (DELETE). They are displayed using RFC 2253 \XX +notation where XX are the two hex digits representing the character value.

    +
    +
    esc_msb
    + +
    +

    Escape any characters with the most significant bit set, that is with +values larger than 127, as described in esc_ctrl.

    +
    +
    use_quote
    + +
    +

    Escapes some characters by surrounding the entire string with quotation +marks, ". +Without this option, individual special characters are preceeded with +a backslash character, \.

    +
    +
    utf8
    + +
    +

    Convert all strings to UTF-8 format first as required by RFC 2253. +If the output device is UTF-8 compatible, then using this option (and +not setting esc_msb) may give the correct display of multibyte +characters. +If this option is not set, then multibyte characters larger than 0xFF +will be output as \UXXXX for 16 bits or \WXXXXXXXX for 32 bits. +In addition, any UTF8Strings will be converted to their character form first.

    +
    +
    ignore_type
    + +
    +

    This option does not attempt to interpret multibyte characters in any +way. That is, the content octets are merely dumped as though one octet +represents each character. This is useful for diagnostic purposes but +will result in rather odd looking output.

    +
    +
    show_type
    + +
    +

    Display the type of the ASN1 character string before the value, +such as BMPSTRING: Hello World.

    +
    +
    dump_der
    + +
    +

    Any fields that would be output in hex format are displayed using +the DER encoding of the field. +If not set, just the content octets are displayed. +Either way, the #XXXX... format of RFC 2253 is used.

    +
    +
    dump_nostr
    + +
    +

    Dump non-character strings, such as ASN.1 OCTET STRING. +If this option is not set, then non character string types will be displayed +as though each content octet represents a single character.

    +
    +
    dump_all
    + +
    +

    Dump all fields. When this used with dump_der, this allows the +DER encoding of the structure to be unambiguously determined.

    +
    +
    dump_unknown
    + +
    +

    Dump any field whose OID is not recognised by OpenSSL.

    +
    +
    sep_comma_plus, sep_comma_plus_space, sep_semi_plus_space, +sep_multiline
    + +
    +

    Specify the field separators. The first word is used between the +Relative Distinguished Names (RDNs) and the second is between +multiple Attribute Value Assertions (AVAs). Multiple AVAs are +very rare and their use is discouraged. +The options ending in "space" additionally place a space after the separator to make it more readable. +The sep_multiline starts each field on its own line, and uses "plus space" +for the AVA separator. +It also indents the fields by four characters. +The default value is sep_comma_plus_space.

    +
    +
    dn_rev
    + +
    +

    Reverse the fields of the DN as required by RFC 2253. +This also reverses the order of multiple AVAs in a field, but this is +permissible as there is no ordering on values.

    +
    +
    nofname, sname, lname, oid
    + +
    +

    Specify how the field name is displayed. +nofname does not display the field at all. +sname uses the "short name" form (CN for commonName for example). +lname uses the long form. +oid represents the OID in numerical form and is useful for +diagnostic purpose.

    +
    +
    align
    + +
    +

    Align field values for a more readable output. Only usable with +sep_multiline.

    +
    +
    space_eq
    + +
    +

    Places spaces round the equal sign, =, character which follows the field +name.

    +
    +
    +

    +

    +

    TLS Version Options

    +

    Several commands use SSL, TLS, or DTLS. By default, the commands use TLS and +clients will offer the lowest and highest protocol version they support, +and servers will pick the highest version that the client offers that is also +supported by the server.

    +

    The options below can be used to limit which protocol versions are used, +and whether TCP (SSL and TLS) or UDP (DTLS) is used. +Note that not all protocols and flags may be available, depending on how +OpenSSL was built.

    +
    +
    -ssl3, -tls1, -tls1_1, -tls1_2, -tls1_3, -no_ssl3, -no_tls1, -no_tls1_1, -no_tls1_2, -no_tls1_3
    + +
    +

    These options require or disable the use of the specified SSL or TLS protocols. +When a specific TLS version is required, only that version will be offered or +accepted. +Only one specific protocol can be given and it cannot be combined with any of +the no_ options.

    +
    +
    -dtls, -dtls1, -dtls1_2
    + +
    +

    These options specify to use DTLS instead of DLTS. +With -dtls, clients will negotiate any supported DTLS protocol version. +Use the -dtls1 or -dtls1_2 options to support only DTLS1.0 or DTLS1.2, +respectively.

    +
    +
    +

    +

    +

    Engine Options

    +
    +
    -engine id
    + +
    +

    Use the engine identified by id and use all the methods it +implements (algorithms, key storage, etc.), unless specified otherwise in +the command-specific documentation or it is configured to do so, as described +in config(5)/Engine Configuration Module.

    +
    +
    +

    +

    +
    +

    ENVIRONMENT

    +

    The OpenSSL library can be take some configuration parameters from the +environment. Some of these variables are listed below. For information +about specific commands, see openssl-engine(1), openssl-provider(1), +openssl-rehash(1), and tsget(1).

    +

    For information about the use of environment variables in configuration, +see config(5)/ENVIRONMENT.

    +

    For information about querying or specifying CPU architecture flags, see +OPENSSL_ia32cap(3), and OPENSSL_s390xcap(3).

    +

    For information about all environment variables used by the OpenSSL libraries, +see openssl-env(7).

    +
    +
    OPENSSL_TRACE=name[,...]
    + +
    +

    Enable tracing output of OpenSSL library, by name. +This output will only make sense if you know OpenSSL internals well. +Also, it might not give you any output at all, depending on how +OpenSSL was built.

    +

    The value is a comma separated list of names, with the following +available:

    +
    +
    TRACE
    + +
    +

    The tracing functionality.

    +
    +
    TLS
    + +
    +

    General SSL/TLS.

    +
    +
    TLS_CIPHER
    + +
    +

    SSL/TLS cipher.

    +
    +
    ENGINE_CONF
    + +
    +

    ENGINE configuration.

    +
    +
    ENGINE_TABLE
    + +
    +

    The function that is used by RSA, DSA (etc) code to select registered +ENGINEs, cache defaults and functional references (etc), will generate +debugging summaries.

    +
    +
    ENGINE_REF_COUNT
    + +
    +

    Reference counts in the ENGINE structure will be monitored with a line +of generated for each change.

    +
    +
    PKCS5V2
    + +
    +

    PKCS#5 v2 keygen.

    +
    +
    PKCS12_KEYGEN
    + +
    +

    PKCS#12 key generation.

    +
    +
    PKCS12_DECRYPT
    + +
    +

    PKCS#12 decryption.

    +
    +
    X509V3_POLICY
    + +
    +

    Generates the complete policy tree at various point during X.509 v3 +policy evaluation.

    +
    +
    BN_CTX
    + +
    +

    BIGNUM context.

    +
    +
    +
    +
    +

    +

    +
    +

    SEE ALSO

    +

    openssl-asn1parse(1), +openssl-ca(1), +openssl-ciphers(1), +openssl-cms(1), +openssl-crl(1), +openssl-crl2pkcs7(1), +openssl-dgst(1), +openssl-dhparam(1), +openssl-dsa(1), +openssl-dsaparam(1), +openssl-ec(1), +openssl-ecparam(1), +openssl-enc(1), +openssl-engine(1), +openssl-errstr(1), +openssl-gendsa(1), +openssl-genpkey(1), +openssl-genrsa(1), +openssl-kdf(1), +openssl-mac(1), +openssl-nseq(1), +openssl-ocsp(1), +openssl-passwd(1), +openssl-pkcs12(1), +openssl-pkcs7(1), +openssl-pkcs8(1), +openssl-pkey(1), +openssl-pkeyparam(1), +openssl-pkeyutl(1), +openssl-prime(1), +openssl-rand(1), +openssl-rehash(1), +openssl-req(1), +openssl-rsa(1), +openssl-rsautl(1), +openssl-s_client(1), +openssl-s_server(1), +openssl-s_time(1), +openssl-sess_id(1), +openssl-smime(1), +openssl-speed(1), +openssl-spkac(1), +openssl-srp(1), +openssl-storeutl(1), +openssl-ts(1), +openssl-verify(1), +openssl-version(1), +openssl-x509(1), +config(5), +crypto(7), +openssl-env(7). +ssl(7), +x509v3_config(5)

    +

    +

    +
    +

    HISTORY

    +

    The list -XXX-algorithms options were added in OpenSSL 1.0.0; +For notes on the availability of other commands, see their individual +manual pages.

    +

    The -issuer_checks option is deprecated as of OpenSSL 1.1.0 and +is silently ignored.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man1/tsget.html b/linux_amd64/share/doc/openssl/html/man1/tsget.html new file mode 100755 index 0000000..714c864 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man1/tsget.html @@ -0,0 +1,242 @@ + + + + +tsget + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    tsget - Time Stamping HTTP/HTTPS client

    +

    +

    +
    +

    SYNOPSIS

    +

    tsget +-h server_url +[-e extension] +[-o output] +[-v] +[-d] +[-k private_key.pem] +[-p key_password] +[-c client_cert.pem] +[-C CA_certs.pem] +[-P CA_path] +[-r files] +[-g EGD_socket] +[request ...]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command can be used for sending a timestamp request, as specified +in RFC 3161, to a timestamp server over HTTP or HTTPS and storing the +timestamp response in a file. It cannot be used for creating the requests +and verifying responses, you have to use openssl-ts(1) to do that. This +command can send several requests to the server without closing the TCP +connection if more than one requests are specified on the command line.

    +

    This command sends the following HTTP request for each timestamp request:

    +
    +        POST url HTTP/1.1
+        User-Agent: OpenTSA tsget.pl/<version>
+        Host: <host>:<port>
+        Pragma: no-cache
+        Content-Type: application/timestamp-query
+        Accept: application/timestamp-reply
+        Content-Length: length of body
    +
    +        ...binary request specified by the user...
    +

    It expects a response of type application/timestamp-reply, which is +written to a file without any interpretation.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -h server_url
    + +
    +

    The URL of the HTTP/HTTPS server listening for timestamp requests.

    +
    +
    -e extension
    + +
    +

    If the -o option is not given this argument specifies the extension of the +output files. The base name of the output file will be the same as those of +the input files. Default extension is .tsr. (Optional)

    +
    +
    -o output
    + +
    +

    This option can be specified only when just one request is sent to the +server. The timestamp response will be written to the given output file. '-' +means standard output. In case of multiple timestamp requests or the absence +of this argument the names of the output files will be derived from the names +of the input files and the default or specified extension argument. (Optional)

    +
    +
    -v
    + +
    +

    The name of the currently processed request is printed on standard +error. (Optional)

    +
    +
    -d
    + +
    +

    Switches on verbose mode for the underlying perl module the WWW::Curl::Easy manpage. +You can see detailed debug messages for the connection. (Optional)

    +
    +
    -k private_key.pem
    + +
    +

    (HTTPS) In case of certificate-based client authentication over HTTPS +private_key.pem must contain the private key of the user. The private key +file can optionally be protected by a passphrase. The -c option must also +be specified. (Optional)

    +
    +
    -p key_password
    + +
    +

    (HTTPS) Specifies the passphrase for the private key specified by the -k +argument. If this option is omitted and the key is passphrase protected, +it will be prompted for. (Optional)

    +
    +
    -c client_cert.pem
    + +
    +

    (HTTPS) In case of certificate-based client authentication over HTTPS +client_cert.pem must contain the X.509 certificate of the user. The -k +option must also be specified. If this option is not specified no +certificate-based client authentication will take place. (Optional)

    +
    +
    -C CA_certs.pem
    + +
    +

    (HTTPS) The trusted CA certificate store. The certificate chain of the peer's +certificate must include one of the CA certificates specified in this file. +Either option -C or option -P must be given in case of HTTPS. (Optional)

    +
    +
    -P CA_path
    + +
    +

    (HTTPS) The path containing the trusted CA certificates to verify the peer's +certificate. The directory must be prepared with openssl-rehash(1). Either +option -C or option -P must be given in case of HTTPS. (Optional)

    +
    +
    -r files
    + +
    +

    See openssl(1)/Random State Options for more information.

    +
    +
    -g EGD_socket
    + +
    +

    The name of an EGD socket to get random data from. (Optional)

    +
    +
    request ...
    + +
    +

    List of files containing RFC 3161 DER-encoded timestamp requests. If no +requests are specified only one request will be sent to the server and it will +be read from the standard input. +(Optional)

    +
    +
    +

    +

    +
    +

    ENVIRONMENT VARIABLES

    +

    The TSGET environment variable can optionally contain default +arguments. The content of this variable is added to the list of command line +arguments.

    +

    +

    +
    +

    EXAMPLES

    +

    The examples below presume that file1.tsq and file2.tsq contain valid +timestamp requests, tsa.opentsa.org listens at port 8080 for HTTP requests +and at port 8443 for HTTPS requests, the TSA service is available at the /tsa +absolute path.

    +

    Get a timestamp response for file1.tsq over HTTP, output is written to +file1.tsr:

    +
    +  tsget -h http://tsa.opentsa.org:8080/tsa file1.tsq
    +

    Get a timestamp response for file1.tsq and file2.tsq over HTTP showing +progress, output is written to file1.reply and file2.reply respectively:

    +
    +  tsget -h http://tsa.opentsa.org:8080/tsa -v -e .reply \
+        file1.tsq file2.tsq
    +

    Create a timestamp request, write it to file3.tsq, send it to the server and +write the response to file3.tsr:

    +
    +  openssl ts -query -data file3.txt -cert | tee file3.tsq \
+        | tsget -h http://tsa.opentsa.org:8080/tsa \
+        -o file3.tsr
    +

    Get a timestamp response for file1.tsq over HTTPS without client +authentication:

    +
    +  tsget -h https://tsa.opentsa.org:8443/tsa \
+        -C cacerts.pem file1.tsq
    +

    Get a timestamp response for file1.tsq over HTTPS with certificate-based +client authentication (it will ask for the passphrase if client_key.pem is +protected):

    +
    +  tsget -h https://tsa.opentsa.org:8443/tsa -C cacerts.pem \
+        -k client_key.pem -c client_cert.pem file1.tsq
    +

    You can shorten the previous command line if you make use of the TSGET +environment variable. The following commands do the same as the previous +example:

    +
    +  TSGET='-h https://tsa.opentsa.org:8443/tsa -C cacerts.pem \
+        -k client_key.pem -c client_cert.pem'
+  export TSGET
+  tsget file1.tsq
    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +openssl-ts(1), +the WWW::Curl::Easy manpage, +https://www.rfc-editor.org/rfc/rfc3161.html

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/ADMISSIONS.html b/linux_amd64/share/doc/openssl/html/man3/ADMISSIONS.html new file mode 100755 index 0000000..f7571e4 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/ADMISSIONS.html @@ -0,0 +1,210 @@ + + + + +ADMISSIONS + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    ADMISSIONS, +ADMISSIONS_get0_admissionAuthority, +ADMISSIONS_get0_namingAuthority, +ADMISSIONS_get0_professionInfos, +ADMISSIONS_set0_admissionAuthority, +ADMISSIONS_set0_namingAuthority, +ADMISSIONS_set0_professionInfos, +ADMISSION_SYNTAX, +ADMISSION_SYNTAX_get0_admissionAuthority, +ADMISSION_SYNTAX_get0_contentsOfAdmissions, +ADMISSION_SYNTAX_set0_admissionAuthority, +ADMISSION_SYNTAX_set0_contentsOfAdmissions, +NAMING_AUTHORITY, +NAMING_AUTHORITY_get0_authorityId, +NAMING_AUTHORITY_get0_authorityURL, +NAMING_AUTHORITY_get0_authorityText, +NAMING_AUTHORITY_set0_authorityId, +NAMING_AUTHORITY_set0_authorityURL, +NAMING_AUTHORITY_set0_authorityText, +PROFESSION_INFO, +PROFESSION_INFOS, +PROFESSION_INFO_get0_addProfessionInfo, +PROFESSION_INFO_get0_namingAuthority, +PROFESSION_INFO_get0_professionItems, +PROFESSION_INFO_get0_professionOIDs, +PROFESSION_INFO_get0_registrationNumber, +PROFESSION_INFO_set0_addProfessionInfo, +PROFESSION_INFO_set0_namingAuthority, +PROFESSION_INFO_set0_professionItems, +PROFESSION_INFO_set0_professionOIDs, +PROFESSION_INFO_set0_registrationNumber +- Accessors and settors for ADMISSION_SYNTAX

    +

    +

    +
    +

    SYNOPSIS

    +
    + typedef struct NamingAuthority_st NAMING_AUTHORITY;
+ typedef struct ProfessionInfo_st PROFESSION_INFO;
+ typedef STACK_OF(PROFESSION_INFO) PROFESSION_INFOS;
+ typedef struct Admissions_st ADMISSIONS;
+ typedef struct AdmissionSyntax_st ADMISSION_SYNTAX;
    +
    + const ASN1_OBJECT *NAMING_AUTHORITY_get0_authorityId(
+     const NAMING_AUTHORITY *n);
+ void NAMING_AUTHORITY_set0_authorityId(NAMING_AUTHORITY *n,
+     ASN1_OBJECT* namingAuthorityId);
+ const ASN1_IA5STRING *NAMING_AUTHORITY_get0_authorityURL(
+     const NAMING_AUTHORITY *n);
+ void NAMING_AUTHORITY_set0_authorityURL(NAMING_AUTHORITY *n,
+     ASN1_IA5STRING* namingAuthorityUrl);
+ const ASN1_STRING *NAMING_AUTHORITY_get0_authorityText(
+     const NAMING_AUTHORITY *n);
+ void NAMING_AUTHORITY_set0_authorityText(NAMING_AUTHORITY *n,
+     ASN1_STRING* namingAuthorityText);
    +
    + const GENERAL_NAME *ADMISSION_SYNTAX_get0_admissionAuthority(
+     const ADMISSION_SYNTAX *as);
+ void ADMISSION_SYNTAX_set0_admissionAuthority(
+     ADMISSION_SYNTAX *as, GENERAL_NAME *aa);
+ const STACK_OF(ADMISSIONS) *ADMISSION_SYNTAX_get0_contentsOfAdmissions(
+     const ADMISSION_SYNTAX *as);
+ void ADMISSION_SYNTAX_set0_contentsOfAdmissions(
+     ADMISSION_SYNTAX *as, STACK_OF(ADMISSIONS) *a);
    +
    + const GENERAL_NAME *ADMISSIONS_get0_admissionAuthority(const ADMISSIONS *a);
+ void ADMISSIONS_set0_admissionAuthority(ADMISSIONS *a, GENERAL_NAME *aa);
+ const NAMING_AUTHORITY *ADMISSIONS_get0_namingAuthority(const ADMISSIONS *a);
+ void ADMISSIONS_set0_namingAuthority(ADMISSIONS *a, NAMING_AUTHORITY *na);
+ const PROFESSION_INFOS *ADMISSIONS_get0_professionInfos(const ADMISSIONS *a);
+ void ADMISSIONS_set0_professionInfos(ADMISSIONS *a, PROFESSION_INFOS *pi);
    +
    + const ASN1_OCTET_STRING *PROFESSION_INFO_get0_addProfessionInfo(
+     const PROFESSION_INFO *pi);
+ void PROFESSION_INFO_set0_addProfessionInfo(
+     PROFESSION_INFO *pi, ASN1_OCTET_STRING *aos);
+ const NAMING_AUTHORITY *PROFESSION_INFO_get0_namingAuthority(
+     const PROFESSION_INFO *pi);
+ void PROFESSION_INFO_set0_namingAuthority(
+     PROFESSION_INFO *pi, NAMING_AUTHORITY *na);
+ const STACK_OF(ASN1_STRING) *PROFESSION_INFO_get0_professionItems(
+     const PROFESSION_INFO *pi);
+ void PROFESSION_INFO_set0_professionItems(
+     PROFESSION_INFO *pi, STACK_OF(ASN1_STRING) *as);
+ const STACK_OF(ASN1_OBJECT) *PROFESSION_INFO_get0_professionOIDs(
+     const PROFESSION_INFO *pi);
+ void PROFESSION_INFO_set0_professionOIDs(
+     PROFESSION_INFO *pi, STACK_OF(ASN1_OBJECT) *po);
+ const ASN1_PRINTABLESTRING *PROFESSION_INFO_get0_registrationNumber(
+     const PROFESSION_INFO *pi);
+ void PROFESSION_INFO_set0_registrationNumber(
+     PROFESSION_INFO *pi, ASN1_PRINTABLESTRING *rn);
    +

    +

    +
    +

    DESCRIPTION

    +

    The PROFESSION_INFOS, ADMISSION_SYNTAX, ADMISSIONS, and +PROFESSION_INFO types are opaque structures representing the +analogous types defined in the Common PKI Specification published +by https://www.t7ev.org. +Knowledge of those structures and their semantics is assumed.

    +

    The conventional routines to convert between DER and the local format +are described in d2i_X509(3). +The conventional routines to allocate and free the types are defined +in X509_dup(3).

    +

    The PROFESSION_INFOS type is a stack of PROFESSION_INFO; see +DEFINE_STACK_OF(3) for details.

    +

    The NAMING_AUTHORITY type has an authority ID and URL, and text fields. +The NAMING_AUTHORITY_get0_authorityId(), +NAMING_AUTHORITY_get0_get0_authorityURL(), and +NAMING_AUTHORITY_get0_get0_authorityText(), functions return pointers +to those values within the object. +The NAMING_AUTHORITY_set0_authorityId(), +NAMING_AUTHORITY_set0_get0_authorityURL(), and +NAMING_AUTHORITY_set0_get0_authorityText(), +functions free any existing value and set the pointer to the specified value.

    +

    The ADMISSION_SYNTAX type has an authority name and a stack of +ADMISSION objects. +The ADMISSION_SYNTAX_get0_admissionAuthority() +and ADMISSION_SYNTAX_get0_contentsOfAdmissions() functions return pointers +to those values within the object. +The +ADMISSION_SYNTAX_set0_admissionAuthority() and +ADMISSION_SYNTAX_set0_contentsOfAdmissions() +functions free any existing value and set the pointer to the specified value.

    +

    The ADMISSION type has an authority name, authority object, and a +stack of PROFESSION_INFO items. +The ADMISSIONS_get0_admissionAuthority(), ADMISSIONS_get0_namingAuthority(), +and ADMISSIONS_get0_professionInfos() +functions return pointers to those values within the object. +The +ADMISSIONS_set0_admissionAuthority(), +ADMISSIONS_set0_namingAuthority(), and +ADMISSIONS_set0_professionInfos() +functions free any existing value and set the pointer to the specified value.

    +

    The PROFESSION_INFO type has a name authority, stacks of +profession Items and OIDs, a registration number, and additional +profession info. +The functions PROFESSION_INFO_get0_addProfessionInfo(), +PROFESSION_INFO_get0_namingAuthority(), PROFESSION_INFO_get0_professionItems(), +PROFESSION_INFO_get0_professionOIDs(), and +PROFESSION_INFO_get0_registrationNumber() +functions return pointers to those values within the object. +The +PROFESSION_INFO_set0_addProfessionInfo(), +PROFESSION_INFO_set0_namingAuthority(), +PROFESSION_INFO_set0_professionItems(), +PROFESSION_INFO_set0_professionOIDs(), and +PROFESSION_INFO_set0_registrationNumber() +functions free any existing value and set the pointer to the specified value.

    +

    +

    +
    +

    RETURN VALUES

    +

    Described above. +Note that all of the get0 functions return a pointer to the internal data +structure and must not be freed.

    +

    +

    +
    +

    SEE ALSO

    +

    X509_dup(3), +d2i_X509(3),

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/ASN1_INTEGER_get_int64.html b/linux_amd64/share/doc/openssl/html/man3/ASN1_INTEGER_get_int64.html new file mode 100755 index 0000000..7b32b38 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/ASN1_INTEGER_get_int64.html @@ -0,0 +1,163 @@ + + + + +ASN1_INTEGER_get_int64 + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    ASN1_INTEGER_get_uint64, ASN1_INTEGER_set_uint64, +ASN1_INTEGER_get_int64, ASN1_INTEGER_get, ASN1_INTEGER_set_int64, ASN1_INTEGER_set, BN_to_ASN1_INTEGER, ASN1_INTEGER_to_BN, ASN1_ENUMERATED_get_int64, ASN1_ENUMERATED_get, ASN1_ENUMERATED_set_int64, ASN1_ENUMERATED_set, BN_to_ASN1_ENUMERATED, ASN1_ENUMERATED_to_BN +- ASN.1 INTEGER and ENUMERATED utilities

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/asn1.h>
    +
    + int ASN1_INTEGER_get_int64(int64_t *pr, const ASN1_INTEGER *a);
+ long ASN1_INTEGER_get(const ASN1_INTEGER *a);
    +
    + int ASN1_INTEGER_set_int64(ASN1_INTEGER *a, int64_t r);
+ int ASN1_INTEGER_set(const ASN1_INTEGER *a, long v);
    +
    + int ASN1_INTEGER_get_uint64(uint64_t *pr, const ASN1_INTEGER *a);
+ int ASN1_INTEGER_set_uint64(ASN1_INTEGER *a, uint64_t r);
    +
    + ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai);
+ BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn);
    +
    + int ASN1_ENUMERATED_get_int64(int64_t *pr, const ASN1_ENUMERATED *a);
+ long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a);
    +
    + int ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *a, int64_t r);
+ int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v);
    +
    + ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai);
+ BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn);
    +

    +

    +
    +

    DESCRIPTION

    +

    These functions convert to and from ASN1_INTEGER and ASN1_ENUMERATED +structures.

    +

    ASN1_INTEGER_get_int64() converts an ASN1_INTEGER into an int64_t type +If successful it returns 1 and sets *pr to the value of a. If it fails +(due to invalid type or the value being too big to fit into an int64_t type) +it returns 0.

    +

    ASN1_INTEGER_get_uint64() is similar to ASN1_INTEGER_get_int64_t() except it +converts to a uint64_t type and an error is returned if the passed integer +is negative.

    +

    ASN1_INTEGER_get() also returns the value of a but it returns 0 if a is +NULL and -1 on error (which is ambiguous because -1 is a legitimate value for +an ASN1_INTEGER). New applications should use ASN1_INTEGER_get_int64() +instead.

    +

    ASN1_INTEGER_set_int64() sets the value of ASN1_INTEGER a to the +int64_t value r.

    +

    ASN1_INTEGER_set_uint64() sets the value of ASN1_INTEGER a to the +uint64_t value r.

    +

    ASN1_INTEGER_set() sets the value of ASN1_INTEGER a to the long value +v.

    +

    BN_to_ASN1_INTEGER() converts BIGNUM bn to an ASN1_INTEGER. If ai +is NULL a new ASN1_INTEGER structure is returned. If ai is not NULL then +the existing structure will be used instead.

    +

    ASN1_INTEGER_to_BN() converts ASN1_INTEGER ai into a BIGNUM. If bn is +NULL a new BIGNUM structure is returned. If bn is not NULL then the +existing structure will be used instead.

    +

    ASN1_ENUMERATED_get_int64(), ASN1_ENUMERATED_set_int64(), +ASN1_ENUMERATED_set(), BN_to_ASN1_ENUMERATED() and ASN1_ENUMERATED_to_BN() +behave in an identical way to their ASN1_INTEGER counterparts except they +operate on an ASN1_ENUMERATED value.

    +

    ASN1_ENUMERATED_get() returns the value of a in a similar way to +ASN1_INTEGER_get() but it returns 0xffffffffL if the value of a will not +fit in a long type. New applications should use ASN1_ENUMERATED_get_int64() +instead.

    +

    +

    +
    +

    NOTES

    +

    In general an ASN1_INTEGER or ASN1_ENUMERATED type can contain an +integer of almost arbitrary size and so cannot always be represented by a C +int64_t type. However in many cases (for example version numbers) they +represent small integers which can be more easily manipulated if converted to +an appropriate C integer type.

    +

    +

    +
    +

    BUGS

    +

    The ambiguous return values of ASN1_INTEGER_get() and ASN1_ENUMERATED_get() +mean these functions should be avoided if possible. They are retained for +compatibility. Normally the ambiguous return values are not legitimate +values for the fields they represent.

    +

    +

    +
    +

    RETURN VALUES

    +

    ASN1_INTEGER_set_int64(), ASN1_INTEGER_set(), ASN1_ENUMERATED_set_int64() and +ASN1_ENUMERATED_set() return 1 for success and 0 for failure. They will only +fail if a memory allocation error occurs.

    +

    ASN1_INTEGER_get_int64() and ASN1_ENUMERATED_get_int64() return 1 for success +and 0 for failure. They will fail if the passed type is incorrect (this will +only happen if there is a programming error) or if the value exceeds the range +of an int64_t type.

    +

    BN_to_ASN1_INTEGER() and BN_to_ASN1_ENUMERATED() return an ASN1_INTEGER or +ASN1_ENUMERATED structure respectively or NULL if an error occurs. They will +only fail due to a memory allocation error.

    +

    ASN1_INTEGER_to_BN() and ASN1_ENUMERATED_to_BN() return a BIGNUM structure +of NULL if an error occurs. They can fail if the passed type is incorrect +(due to programming error) or due to a memory allocation failure.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3)

    +

    +

    +
    +

    HISTORY

    +

    ASN1_INTEGER_set_int64(), ASN1_INTEGER_get_int64(), +ASN1_ENUMERATED_set_int64() and ASN1_ENUMERATED_get_int64() +were added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/ASN1_ITEM_lookup.html b/linux_amd64/share/doc/openssl/html/man3/ASN1_ITEM_lookup.html new file mode 100755 index 0000000..5528ddb --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/ASN1_ITEM_lookup.html @@ -0,0 +1,75 @@ + + + + +ASN1_ITEM_lookup + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    ASN1_ITEM_lookup, ASN1_ITEM_get - lookup ASN.1 structures

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/asn1.h>
    +
    + const ASN1_ITEM *ASN1_ITEM_lookup(const char *name);
+ const ASN1_ITEM *ASN1_ITEM_get(size_t i);
    +

    +

    +
    +

    DESCRIPTION

    +

    ASN1_ITEM_lookup() returns the ASN1_ITEM named name.

    +

    ASN1_ITEM_get() returns the ASN1_ITEM with index i. This function +returns NULL if the index i is out of range.

    +

    +

    +
    +

    RETURN VALUES

    +

    ASN1_ITEM_lookup() and ASN1_ITEM_get() return a valid ASN1_ITEM structure +or NULL if an error occurred.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/ASN1_OBJECT_new.html b/linux_amd64/share/doc/openssl/html/man3/ASN1_OBJECT_new.html new file mode 100755 index 0000000..b1cf988 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/ASN1_OBJECT_new.html @@ -0,0 +1,87 @@ + + + + +ASN1_OBJECT_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    ASN1_OBJECT_new, ASN1_OBJECT_free - object allocation functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/asn1.h>
    +
    + ASN1_OBJECT *ASN1_OBJECT_new(void);
+ void ASN1_OBJECT_free(ASN1_OBJECT *a);
    +

    +

    +
    +

    DESCRIPTION

    +

    The ASN1_OBJECT allocation routines, allocate and free an +ASN1_OBJECT structure, which represents an ASN1 OBJECT IDENTIFIER.

    +

    ASN1_OBJECT_new() allocates and initializes an ASN1_OBJECT structure.

    +

    ASN1_OBJECT_free() frees up the ASN1_OBJECT structure a. +If a is NULL, nothing is done.

    +

    +

    +
    +

    NOTES

    +

    Although ASN1_OBJECT_new() allocates a new ASN1_OBJECT structure it +is almost never used in applications. The ASN1 object utility functions +such as OBJ_nid2obj() are used instead.

    +

    +

    +
    +

    RETURN VALUES

    +

    If the allocation fails, ASN1_OBJECT_new() returns NULL and sets an error +code that can be obtained by ERR_get_error(3). +Otherwise it returns a pointer to the newly allocated structure.

    +

    ASN1_OBJECT_free() returns no value.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), d2i_ASN1_OBJECT(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/ASN1_STRING_TABLE_add.html b/linux_amd64/share/doc/openssl/html/man3/ASN1_STRING_TABLE_add.html new file mode 100755 index 0000000..2a7fa1f --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/ASN1_STRING_TABLE_add.html @@ -0,0 +1,104 @@ + + + + +ASN1_STRING_TABLE_add + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    ASN1_STRING_TABLE, ASN1_STRING_TABLE_add, ASN1_STRING_TABLE_get, +ASN1_STRING_TABLE_cleanup - ASN1_STRING_TABLE manipulation functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/asn1.h>
    +
    + typedef struct asn1_string_table_st ASN1_STRING_TABLE;
    +
    + int ASN1_STRING_TABLE_add(int nid, long minsize, long maxsize,
+                           unsigned long mask, unsigned long flags);
+ ASN1_STRING_TABLE * ASN1_STRING_TABLE_get(int nid);
+ void ASN1_STRING_TABLE_cleanup(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    +

    +

    Types

    +

    ASN1_STRING_TABLE is a table which holds string information +(basically minimum size, maximum size, type and etc) for a NID object.

    +

    +

    +

    Functions

    +

    ASN1_STRING_TABLE_add() adds a new ASN1_STRING_TABLE item into the +local ASN1 string table based on the nid along with other parameters.

    +

    If the item is already in the table, fields of ASN1_STRING_TABLE are +updated (depending on the values of those parameters, e.g., minsize +and maxsize >= 0, mask and flags != 0). If the nid is standard, +a copy of the standard ASN1_STRING_TABLE is created and updated with +other parameters.

    +

    ASN1_STRING_TABLE_get() searches for an ASN1_STRING_TABLE item based +on nid. It will search the local table first, then the standard one.

    +

    ASN1_STRING_TABLE_cleanup() frees all ASN1_STRING_TABLE items added +by ASN1_STRING_TABLE_add().

    +

    +

    +
    +

    RETURN VALUES

    +

    ASN1_STRING_TABLE_add() returns 1 on success, 0 if an error occurred.

    +

    ASN1_STRING_TABLE_get() returns a valid ASN1_STRING_TABLE structure +or NULL if nothing is found.

    +

    ASN1_STRING_TABLE_cleanup() does not return a value.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/ASN1_STRING_length.html b/linux_amd64/share/doc/openssl/html/man3/ASN1_STRING_length.html new file mode 100755 index 0000000..458d81e --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/ASN1_STRING_length.html @@ -0,0 +1,135 @@ + + + + +ASN1_STRING_length + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    ASN1_STRING_dup, ASN1_STRING_cmp, ASN1_STRING_set, ASN1_STRING_length, +ASN1_STRING_type, ASN1_STRING_get0_data, ASN1_STRING_data, +ASN1_STRING_to_UTF8 - ASN1_STRING utility functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/asn1.h>
    +
    + int ASN1_STRING_length(ASN1_STRING *x);
+ const unsigned char * ASN1_STRING_get0_data(const ASN1_STRING *x);
+ unsigned char * ASN1_STRING_data(ASN1_STRING *x);
    +
    + ASN1_STRING * ASN1_STRING_dup(const ASN1_STRING *a);
    +
    + int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b);
    +
    + int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len);
    +
    + int ASN1_STRING_type(const ASN1_STRING *x);
    +
    + int ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in);
    +

    +

    +
    +

    DESCRIPTION

    +

    These functions allow an ASN1_STRING structure to be manipulated.

    +

    ASN1_STRING_length() returns the length of the content of x.

    +

    ASN1_STRING_get0_data() returns an internal pointer to the data of x. +Since this is an internal pointer it should not be freed or +modified in any way.

    +

    ASN1_STRING_data() is similar to ASN1_STRING_get0_data() except the +returned value is not constant. This function is deprecated: +applications should use ASN1_STRING_get0_data() instead.

    +

    ASN1_STRING_dup() returns a copy of the structure a.

    +

    ASN1_STRING_cmp() compares a and b returning 0 if the two +are identical. The string types and content are compared.

    +

    ASN1_STRING_set() sets the data of string str to the buffer +data or length len. The supplied data is copied. If len +is -1 then the length is determined by strlen(data).

    +

    ASN1_STRING_type() returns the type of x, using standard constants +such as V_ASN1_OCTET_STRING.

    +

    ASN1_STRING_to_UTF8() converts the string in to UTF8 format, the +converted data is allocated in a buffer in *out. The length of +out is returned or a negative error code. The buffer *out +should be freed using OPENSSL_free().

    +

    +

    +
    +

    NOTES

    +

    Almost all ASN1 types in OpenSSL are represented as an ASN1_STRING +structure. Other types such as ASN1_OCTET_STRING are simply typedef'ed +to ASN1_STRING and the functions call the ASN1_STRING equivalents. +ASN1_STRING is also used for some CHOICE types which consist +entirely of primitive string types such as DirectoryString and +Time.

    +

    These functions should not be used to examine or modify ASN1_INTEGER +or ASN1_ENUMERATED types: the relevant INTEGER or ENUMERATED +utility functions should be used instead.

    +

    In general it cannot be assumed that the data returned by ASN1_STRING_data() +is null terminated or does not contain embedded nulls. The actual format +of the data will depend on the actual string type itself: for example +for an IA5String the data will be ASCII, for a BMPString two bytes per +character in big endian format, and for an UTF8String it will be in UTF8 format.

    +

    Similar care should be take to ensure the data is in the correct format +when calling ASN1_STRING_set().

    +

    +

    +
    +

    RETURN VALUES

    +

    ASN1_STRING_length() returns the length of the content of x.

    +

    ASN1_STRING_get0_data() and ASN1_STRING_data() return an internal pointer to +the data of x.

    +

    ASN1_STRING_dup() returns a valid ASN1_STRING structure or NULL if an +error occurred.

    +

    ASN1_STRING_cmp() returns an integer greater than, equal to, or less than 0, +according to whether a is greater than, equal to, or less than b.

    +

    ASN1_STRING_set() returns 1 on success or 0 on error.

    +

    ASN1_STRING_type() returns the type of x.

    +

    ASN1_STRING_to_UTF8() returns the number of bytes in output string out or a +negative value if an error occurred.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/ASN1_STRING_new.html b/linux_amd64/share/doc/openssl/html/man3/ASN1_STRING_new.html new file mode 100755 index 0000000..8884c7f --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/ASN1_STRING_new.html @@ -0,0 +1,88 @@ + + + + +ASN1_STRING_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    ASN1_STRING_new, ASN1_STRING_type_new, ASN1_STRING_free - +ASN1_STRING allocation functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/asn1.h>
    +
    + ASN1_STRING * ASN1_STRING_new(void);
+ ASN1_STRING * ASN1_STRING_type_new(int type);
+ void ASN1_STRING_free(ASN1_STRING *a);
    +

    +

    +
    +

    DESCRIPTION

    +

    ASN1_STRING_new() returns an allocated ASN1_STRING structure. Its type +is undefined.

    +

    ASN1_STRING_type_new() returns an allocated ASN1_STRING structure of +type type.

    +

    ASN1_STRING_free() frees up a. +If a is NULL nothing is done.

    +

    +

    +
    +

    NOTES

    +

    Other string types call the ASN1_STRING functions. For example +ASN1_OCTET_STRING_new() calls ASN1_STRING_type(V_ASN1_OCTET_STRING).

    +

    +

    +
    +

    RETURN VALUES

    +

    ASN1_STRING_new() and ASN1_STRING_type_new() return a valid +ASN1_STRING structure or NULL if an error occurred.

    +

    ASN1_STRING_free() does not return a value.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/ASN1_STRING_print_ex.html b/linux_amd64/share/doc/openssl/html/man3/ASN1_STRING_print_ex.html new file mode 100755 index 0000000..d28dbb3 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/ASN1_STRING_print_ex.html @@ -0,0 +1,135 @@ + + + + +ASN1_STRING_print_ex + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    ASN1_tag2str, ASN1_STRING_print_ex, ASN1_STRING_print_ex_fp, ASN1_STRING_print +- ASN1_STRING output routines

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/asn1.h>
    +
    + int ASN1_STRING_print_ex(BIO *out, const ASN1_STRING *str, unsigned long flags);
+ int ASN1_STRING_print_ex_fp(FILE *fp, const ASN1_STRING *str, unsigned long flags);
+ int ASN1_STRING_print(BIO *out, const ASN1_STRING *str);
    +
    + const char *ASN1_tag2str(int tag);
    +

    +

    +
    +

    DESCRIPTION

    +

    These functions output an ASN1_STRING structure. ASN1_STRING is used to +represent all the ASN1 string types.

    +

    ASN1_STRING_print_ex() outputs str to out, the format is determined by +the options flags. ASN1_STRING_print_ex_fp() is identical except it outputs +to fp instead.

    +

    ASN1_STRING_print() prints str to out but using a different format to +ASN1_STRING_print_ex(). It replaces unprintable characters (other than CR, LF) +with '.'.

    +

    ASN1_tag2str() returns a human-readable name of the specified ASN.1 tag.

    +

    +

    +
    +

    NOTES

    +

    ASN1_STRING_print() is a deprecated function which should be avoided; use +ASN1_STRING_print_ex() instead.

    +

    Although there are a large number of options frequently ASN1_STRFLGS_RFC2253 is +suitable, or on UTF8 terminals ASN1_STRFLGS_RFC2253 & ~ASN1_STRFLGS_ESC_MSB.

    +

    The complete set of supported options for flags is listed below.

    +

    Various characters can be escaped. If ASN1_STRFLGS_ESC_2253 is set the characters +determined by RFC2253 are escaped. If ASN1_STRFLGS_ESC_CTRL is set control +characters are escaped. If ASN1_STRFLGS_ESC_MSB is set characters with the +MSB set are escaped: this option should not be used if the terminal correctly +interprets UTF8 sequences.

    +

    Escaping takes several forms.

    +

    If the character being escaped is a 16 bit character then the form "\UXXXX" is used +using exactly four characters for the hex representation. If it is 32 bits then +"\WXXXXXXXX" is used using eight characters of its hex representation. These forms +will only be used if UTF8 conversion is not set (see below).

    +

    Printable characters are normally escaped using the backslash '\' character. If +ASN1_STRFLGS_ESC_QUOTE is set then the whole string is instead surrounded by +double quote characters: this is arguably more readable than the backslash +notation. Other characters use the "\XX" using exactly two characters of the hex +representation.

    +

    If ASN1_STRFLGS_UTF8_CONVERT is set then characters are converted to UTF8 +format first. If the terminal supports the display of UTF8 sequences then this +option will correctly display multi byte characters.

    +

    If ASN1_STRFLGS_IGNORE_TYPE is set then the string type is not interpreted at +all: everything is assumed to be one byte per character. This is primarily for +debugging purposes and can result in confusing output in multi character strings.

    +

    If ASN1_STRFLGS_SHOW_TYPE is set then the string type itself is printed out +before its value (for example "BMPSTRING"), this actually uses ASN1_tag2str().

    +

    The content of a string instead of being interpreted can be "dumped": this just +outputs the value of the string using the form #XXXX using hex format for each +octet.

    +

    If ASN1_STRFLGS_DUMP_ALL is set then any type is dumped.

    +

    Normally non character string types (such as OCTET STRING) are assumed to be +one byte per character, if ASN1_STRFLGS_DUMP_UNKNOWN is set then they will +be dumped instead.

    +

    When a type is dumped normally just the content octets are printed, if +ASN1_STRFLGS_DUMP_DER is set then the complete encoding is dumped +instead (including tag and length octets).

    +

    ASN1_STRFLGS_RFC2253 includes all the flags required by RFC2253. It is +equivalent to: + ASN1_STRFLGS_ESC_2253 | ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB | + ASN1_STRFLGS_UTF8_CONVERT | ASN1_STRFLGS_DUMP_UNKNOWN ASN1_STRFLGS_DUMP_DER

    +

    +

    +
    +

    RETURN VALUES

    +

    ASN1_STRING_print_ex() and ASN1_STRING_print_ex_fp() return the number of +characters written or -1 if an error occurred.

    +

    ASN1_STRING_print() returns 1 on success or 0 on error.

    +

    ASN1_tag2str() returns a human-readable name of the specified ASN.1 tag.

    +

    +

    +
    +

    SEE ALSO

    +

    X509_NAME_print_ex(3), +ASN1_tag2str(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/ASN1_TIME_set.html b/linux_amd64/share/doc/openssl/html/man3/ASN1_TIME_set.html new file mode 100755 index 0000000..22f0e69 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/ASN1_TIME_set.html @@ -0,0 +1,287 @@ + + + + +ASN1_TIME_set + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    ASN1_TIME_set, ASN1_UTCTIME_set, ASN1_GENERALIZEDTIME_set, +ASN1_TIME_adj, ASN1_UTCTIME_adj, ASN1_GENERALIZEDTIME_adj, +ASN1_TIME_check, ASN1_UTCTIME_check, ASN1_GENERALIZEDTIME_check, +ASN1_TIME_set_string, ASN1_UTCTIME_set_string, ASN1_GENERALIZEDTIME_set_string, +ASN1_TIME_set_string_X509, +ASN1_TIME_normalize, +ASN1_TIME_to_tm, +ASN1_TIME_print, ASN1_UTCTIME_print, ASN1_GENERALIZEDTIME_print, +ASN1_TIME_diff, +ASN1_TIME_cmp_time_t, ASN1_UTCTIME_cmp_time_t, +ASN1_TIME_compare, +ASN1_TIME_to_generalizedtime, +ASN1_TIME_dup, ASN1_UTCTIME_dup, ASN1_GENERALIZEDTIME_dup - ASN.1 Time functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t);
+ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t);
+ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
+                                                time_t t);
    +
    + ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t, int offset_day,
+                          long offset_sec);
+ ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
+                                int offset_day, long offset_sec);
+ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s,
+                                                time_t t, int offset_day,
+                                                long offset_sec);
    +
    + int ASN1_TIME_set_string(ASN1_TIME *s, const char *str);
+ int ASN1_TIME_set_string_X509(ASN1_TIME *s, const char *str);
+ int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str);
+ int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s,
+                                     const char *str);
    +
    + int ASN1_TIME_normalize(ASN1_TIME *s);
    +
    + int ASN1_TIME_check(const ASN1_TIME *t);
+ int ASN1_UTCTIME_check(const ASN1_UTCTIME *t);
+ int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *t);
    +
    + int ASN1_TIME_print(BIO *b, const ASN1_TIME *s);
+ int ASN1_UTCTIME_print(BIO *b, const ASN1_UTCTIME *s);
+ int ASN1_GENERALIZEDTIME_print(BIO *b, const ASN1_GENERALIZEDTIME *s);
    +
    + int ASN1_TIME_to_tm(const ASN1_TIME *s, struct tm *tm);
+ int ASN1_TIME_diff(int *pday, int *psec, const ASN1_TIME *from,
+                    const ASN1_TIME *to);
    +
    + int ASN1_TIME_cmp_time_t(const ASN1_TIME *s, time_t t);
+ int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t);
    +
    + int ASN1_TIME_compare(const ASN1_TIME *a, const ASN1_TIME *b);
    +
    + ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t,
+                                                    ASN1_GENERALIZEDTIME **out);
    +
    + ASN1_TIME *ASN1_TIME_dup(const ASN1_TIME *t);
+ ASN1_UTCTIME *ASN1_UTCTIME_dup(const ASN1_UTCTIME *t);
+ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_dup(const ASN1_GENERALIZEDTIME *t);
    +

    +

    +
    +

    DESCRIPTION

    +

    The ASN1_TIME_set(), ASN1_UTCTIME_set() and ASN1_GENERALIZEDTIME_set() +functions set the structure s to the time represented by the time_t +value t. If s is NULL a new time structure is allocated and returned.

    +

    The ASN1_TIME_adj(), ASN1_UTCTIME_adj() and ASN1_GENERALIZEDTIME_adj() +functions set the time structure s to the time represented +by the time offset_day and offset_sec after the time_t value t. +The values of offset_day or offset_sec can be negative to set a +time before t. The offset_sec value can also exceed the number of +seconds in a day. If s is NULL a new structure is allocated +and returned.

    +

    The ASN1_TIME_set_string(), ASN1_UTCTIME_set_string() and +ASN1_GENERALIZEDTIME_set_string() functions set the time structure s +to the time represented by string str which must be in appropriate ASN.1 +time format (for example YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ). If s is NULL +this function performs a format check on str only. The string str +is copied into s.

    +

    ASN1_TIME_set_string_X509() sets ASN1_TIME structure s to the time +represented by string str which must be in appropriate time format +that RFC 5280 requires, which means it only allows YYMMDDHHMMSSZ and +YYYYMMDDHHMMSSZ (leap second is rejected), all other ASN.1 time format +are not allowed. If s is NULL this function performs a format check +on str only.

    +

    The ASN1_TIME_normalize() function converts an ASN1_GENERALIZEDTIME or +ASN1_UTCTIME into a time value that can be used in a certificate. It +should be used after the ASN1_TIME_set_string() functions and before +ASN1_TIME_print() functions to get consistent (i.e. GMT) results.

    +

    The ASN1_TIME_check(), ASN1_UTCTIME_check() and ASN1_GENERALIZEDTIME_check() +functions check the syntax of the time structure s.

    +

    The ASN1_TIME_print(), ASN1_UTCTIME_print() and ASN1_GENERALIZEDTIME_print() +functions print the time structure s to BIO b in human readable +format. It will be of the format MMM DD HH:MM:SS YYYY [GMT], for example +"Feb 3 00:55:52 2015 GMT" it does not include a newline. If the time +structure has invalid format it prints out "Bad time value" and returns +an error. The output for generalized time may include a fractional part +following the second.

    +

    ASN1_TIME_to_tm() converts the time s to the standard tm structure. +If s is NULL, then the current time is converted. The output time is GMT. +The tm_sec, tm_min, tm_hour, tm_mday, tm_wday, tm_yday, +tm_mon and tm_year fields of tm structure are set to proper values, +whereas all other fields are set to 0. If tm is NULL this function performs +a format check on s only. If s is in Generalized format with fractional +seconds, e.g. YYYYMMDDHHMMSS.SSSZ, the fractional seconds will be lost while +converting s to tm structure.

    +

    ASN1_TIME_diff() sets *pday and *psec to the time difference between +from and to. If to represents a time later than from then +one or both (depending on the time difference) of *pday and *psec +will be positive. If to represents a time earlier than from then +one or both of *pday and *psec will be negative. If to and from +represent the same time then *pday and *psec will both be zero. +If both *pday and *psec are nonzero they will always have the same +sign. The value of *psec will always be less than the number of seconds +in a day. If from or to is NULL the current time is used.

    +

    The ASN1_TIME_cmp_time_t() and ASN1_UTCTIME_cmp_time_t() functions compare +the two times represented by the time structure s and the time_t t.

    +

    The ASN1_TIME_compare() function compares the two times represented by the +time structures a and b.

    +

    The ASN1_TIME_to_generalizedtime() function converts an ASN1_TIME to an +ASN1_GENERALIZEDTIME, regardless of year. If either out or +*out are NULL, then a new object is allocated and must be freed after use.

    +

    The ASN1_TIME_dup(), ASN1_UTCTIME_dup() and ASN1_GENERALIZEDTIME_dup() functions +duplicate the time structure t and return the duplicated result +correspondingly.

    +

    +

    +
    +

    NOTES

    +

    The ASN1_TIME structure corresponds to the ASN.1 structure Time +defined in RFC5280 et al. The time setting functions obey the rules outlined +in RFC5280: if the date can be represented by UTCTime it is used, else +GeneralizedTime is used.

    +

    The ASN1_TIME, ASN1_UTCTIME and ASN1_GENERALIZEDTIME structures are +represented as an ASN1_STRING internally and can be freed up using +ASN1_STRING_free().

    +

    The ASN1_TIME structure can represent years from 0000 to 9999 but no attempt +is made to correct ancient calendar changes (for example from Julian to +Gregorian calendars).

    +

    ASN1_UTCTIME is limited to a year range of 1950 through 2049.

    +

    Some applications add offset times directly to a time_t value and pass the +results to ASN1_TIME_set() (or equivalent). This can cause problems as the +time_t value can overflow on some systems resulting in unexpected results. +New applications should use ASN1_TIME_adj() instead and pass the offset value +in the offset_sec and offset_day parameters instead of directly +manipulating a time_t value.

    +

    ASN1_TIME_adj() may change the type from ASN1_GENERALIZEDTIME to +ASN1_UTCTIME, or vice versa, based on the resulting year. +ASN1_GENERALIZEDTIME_adj() and ASN1_UTCTIME_adj() will not modify the type +of the return structure.

    +

    It is recommended that functions starting with ASN1_TIME be used instead of +those starting with ASN1_UTCTIME or ASN1_GENERALIZEDTIME. The functions +starting with ASN1_UTCTIME and ASN1_GENERALIZEDTIME act only on that +specific time format. The functions starting with ASN1_TIME will operate on +either format.

    +

    +

    +
    +

    BUGS

    +

    ASN1_TIME_print(), ASN1_UTCTIME_print() and ASN1_GENERALIZEDTIME_print() +do not print out the timezone: it either prints out "GMT" or nothing. But all +certificates complying with RFC5280 et al use GMT anyway.

    +

    Use the ASN1_TIME_normalize() function to normalize the time value before +printing to get GMT results.

    +

    +

    +
    +

    RETURN VALUES

    +

    ASN1_TIME_set(), ASN1_UTCTIME_set(), ASN1_GENERALIZEDTIME_set(), +ASN1_TIME_adj(), ASN1_UTCTIME_adj() and ASN1_GENERALIZEDTIME_set() return +a pointer to a time structure or NULL if an error occurred.

    +

    ASN1_TIME_set_string(), ASN1_UTCTIME_set_string(), +ASN1_GENERALIZEDTIME_set_string() and ASN1_TIME_set_string_X509() return +1 if the time value is successfully set and 0 otherwise.

    +

    ASN1_TIME_normalize() returns 1 on success, and 0 on error.

    +

    ASN1_TIME_check(), ASN1_UTCTIME_check and ASN1_GENERALIZEDTIME_check() return 1 +if the structure is syntactically correct and 0 otherwise.

    +

    ASN1_TIME_print(), ASN1_UTCTIME_print() and ASN1_GENERALIZEDTIME_print() return +1 if the time is successfully printed out and 0 if an error occurred (I/O error +or invalid time format).

    +

    ASN1_TIME_to_tm() returns 1 if the time is successfully parsed and 0 if an +error occurred (invalid time format).

    +

    ASN1_TIME_diff() returns 1 for success and 0 for failure. It can fail if the +passed-in time structure has invalid syntax, for example.

    +

    ASN1_TIME_cmp_time_t() and ASN1_UTCTIME_cmp_time_t() return -1 if s is +before t, 0 if s equals t, or 1 if s is after t. -2 is returned +on error.

    +

    ASN1_TIME_compare() returns -1 if a is before b, 0 if a equals b, +or 1 if a is after b. -2 is returned on error.

    +

    ASN1_TIME_to_generalizedtime() returns a pointer to the appropriate time +structure on success or NULL if an error occurred.

    +

    ASN1_TIME_dup(), ASN1_UTCTIME_dup() and ASN1_GENERALIZEDTIME_dup() return a +pointer to a time structure or NULL if an error occurred.

    +

    +

    +
    +

    EXAMPLES

    +

    Set a time structure to one hour after the current time and print it out:

    +
    + #include <time.h>
+ #include <openssl/asn1.h>
    +
    + ASN1_TIME *tm;
+ time_t t;
+ BIO *b;
    +
    + t = time(NULL);
+ tm = ASN1_TIME_adj(NULL, t, 0, 60 * 60);
+ b = BIO_new_fp(stdout, BIO_NOCLOSE);
+ ASN1_TIME_print(b, tm);
+ ASN1_STRING_free(tm);
+ BIO_free(b);
    +

    Determine if one time is later or sooner than the current time:

    +
    + int day, sec;
    +
    + if (!ASN1_TIME_diff(&day, &sec, NULL, to))
+     /* Invalid time format */
    +
    + if (day > 0 || sec > 0)
+     printf("Later\n");
+ else if (day < 0 || sec < 0)
+     printf("Sooner\n");
+ else
+     printf("Same\n");
    +

    +

    +
    +

    HISTORY

    +

    The ASN1_TIME_to_tm() function was added in OpenSSL 1.1.1. +The ASN1_TIME_set_string_X509() function was added in OpenSSL 1.1.1. +The ASN1_TIME_normalize() function was added in OpenSSL 1.1.1. +The ASN1_TIME_cmp_time_t() function was added in OpenSSL 1.1.1. +The ASN1_TIME_compare() function was added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/ASN1_TYPE_get.html b/linux_amd64/share/doc/openssl/html/man3/ASN1_TYPE_get.html new file mode 100755 index 0000000..cd120ca --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/ASN1_TYPE_get.html @@ -0,0 +1,125 @@ + + + + +ASN1_TYPE_get + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    ASN1_TYPE_get, ASN1_TYPE_set, ASN1_TYPE_set1, ASN1_TYPE_cmp, ASN1_TYPE_unpack_sequence, ASN1_TYPE_pack_sequence - ASN1_TYPE utility +functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/asn1.h>
    +
    + int ASN1_TYPE_get(const ASN1_TYPE *a);
+ void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);
+ int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value);
+ int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b);
    +
    + void *ASN1_TYPE_unpack_sequence(const ASN1_ITEM *it, const ASN1_TYPE *t);
+ ASN1_TYPE *ASN1_TYPE_pack_sequence(const ASN1_ITEM *it, void *s,
+                                    ASN1_TYPE **t);
    +

    +

    +
    +

    DESCRIPTION

    +

    These functions allow an ASN1_TYPE structure to be manipulated. The +ASN1_TYPE structure can contain any ASN.1 type or constructed type +such as a SEQUENCE: it is effectively equivalent to the ASN.1 ANY type.

    +

    ASN1_TYPE_get() returns the type of a.

    +

    ASN1_TYPE_set() sets the value of a to type and value. This +function uses the pointer value internally so it must not be freed +up after the call.

    +

    ASN1_TYPE_set1() sets the value of a to type a copy of value.

    +

    ASN1_TYPE_cmp() compares ASN.1 types a and b and returns 0 if +they are identical and nonzero otherwise.

    +

    ASN1_TYPE_unpack_sequence() attempts to parse the SEQUENCE present in +t using the ASN.1 structure it. If successful it returns a pointer +to the ASN.1 structure corresponding to it which must be freed by the +caller. If it fails it return NULL.

    +

    ASN1_TYPE_pack_sequence() attempts to encode the ASN.1 structure s +corresponding to it into an ASN1_TYPE. If successful the encoded +ASN1_TYPE is returned. If t and *t are not NULL the encoded type +is written to t overwriting any existing data. If t is not NULL +but *t is NULL the returned ASN1_TYPE is written to *t.

    +

    +

    +
    +

    NOTES

    +

    The type and meaning of the value parameter for ASN1_TYPE_set() and +ASN1_TYPE_set1() is determined by the type parameter. +If type is V_ASN1_NULL value is ignored. If type is +V_ASN1_BOOLEAN +then the boolean is set to TRUE if value is not NULL. If type is +V_ASN1_OBJECT then value is an ASN1_OBJECT structure. Otherwise type +is and ASN1_STRING structure. If type corresponds to a primitive type +(or a string type) then the contents of the ASN1_STRING contain the content +octets of the type. If type corresponds to a constructed type or +a tagged type (V_ASN1_SEQUENCE, V_ASN1_SET or V_ASN1_OTHER) then the +ASN1_STRING contains the entire ASN.1 encoding verbatim (including tag and +length octets).

    +

    ASN1_TYPE_cmp() may not return zero if two types are equivalent but have +different encodings. For example the single content octet of the boolean TRUE +value under BER can have any nonzero encoding but ASN1_TYPE_cmp() will +only return zero if the values are the same.

    +

    If either or both of the parameters passed to ASN1_TYPE_cmp() is NULL the +return value is nonzero. Technically if both parameters are NULL the two +types could be absent OPTIONAL fields and so should match, however passing +NULL values could also indicate a programming error (for example an +unparsable type which returns NULL) for types which do not match. So +applications should handle the case of two absent values separately.

    +

    +

    +
    +

    RETURN VALUES

    +

    ASN1_TYPE_get() returns the type of the ASN1_TYPE argument.

    +

    ASN1_TYPE_set() does not return a value.

    +

    ASN1_TYPE_set1() returns 1 for success and 0 for failure.

    +

    ASN1_TYPE_cmp() returns 0 if the types are identical and nonzero otherwise.

    +

    ASN1_TYPE_unpack_sequence() returns a pointer to an ASN.1 structure or +NULL on failure.

    +

    ASN1_TYPE_pack_sequence() return an ASN1_TYPE structure if it succeeds or +NULL on failure.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/ASN1_generate_nconf.html b/linux_amd64/share/doc/openssl/html/man3/ASN1_generate_nconf.html new file mode 100755 index 0000000..9c8cbcf --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/ASN1_generate_nconf.html @@ -0,0 +1,314 @@ + + + + +ASN1_generate_nconf + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    ASN1_generate_nconf, ASN1_generate_v3 - ASN1 generation functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/asn1.h>
    +
    + ASN1_TYPE *ASN1_generate_nconf(const char *str, CONF *nconf);
+ ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf);
    +

    +

    +
    +

    DESCRIPTION

    +

    These functions generate the ASN1 encoding of a string +in an ASN1_TYPE structure.

    +

    str contains the string to encode nconf or cnf contains +the optional configuration information where additional strings +will be read from. nconf will typically come from a config +file whereas cnf is obtained from an X509V3_CTX structure +which will typically be used by X509 v3 certificate extension +functions. cnf or nconf can be set to NULL if no additional +configuration will be used.

    +

    +

    +
    +

    GENERATION STRING FORMAT

    +

    The actual data encoded is determined by the string str and +the configuration information. The general format of the string +is:

    +
    +
    [modifier,]type[:value]
    + +
    +

    That is zero or more comma separated modifiers followed by a type +followed by an optional colon and a value. The formats of type, +value and modifier are explained below.

    +

    +

    +

    Supported Types

    +

    The supported types are listed below. Unless otherwise specified +only the ASCII format is permissible.

    +
    +
    BOOLEAN, BOOL
    + +
    +

    This encodes a boolean type. The value string is mandatory and +should be TRUE or FALSE. Additionally TRUE, true, Y, +y, YES, yes, FALSE, false, N, n, NO and no +are acceptable.

    +
    +
    NULL
    + +
    +

    Encode the NULL type, the value string must not be present.

    +
    +
    INTEGER, INT
    + +
    +

    Encodes an ASN1 INTEGER type. The value string represents +the value of the integer, it can be prefaced by a minus sign and +is normally interpreted as a decimal value unless the prefix 0x +is included.

    +
    +
    ENUMERATED, ENUM
    + +
    +

    Encodes the ASN1 ENUMERATED type, it is otherwise identical to +INTEGER.

    +
    +
    OBJECT, OID
    + +
    +

    Encodes an ASN1 OBJECT IDENTIFIER, the value string can be +a short name, a long name or numerical format.

    +
    +
    UTCTIME, UTC
    + +
    +

    Encodes an ASN1 UTCTime structure, the value should be in +the format YYMMDDHHMMSSZ.

    +
    +
    GENERALIZEDTIME, GENTIME
    + +
    +

    Encodes an ASN1 GeneralizedTime structure, the value should be in +the format YYYYMMDDHHMMSSZ.

    +
    +
    OCTETSTRING, OCT
    + +
    +

    Encodes an ASN1 OCTET STRING. value represents the contents +of this structure, the format strings ASCII and HEX can be +used to specify the format of value.

    +
    +
    BITSTRING, BITSTR
    + +
    +

    Encodes an ASN1 BIT STRING. value represents the contents +of this structure, the format strings ASCII, HEX and BITLIST +can be used to specify the format of value.

    +

    If the format is anything other than BITLIST the number of unused +bits is set to zero.

    +
    +
    UNIVERSALSTRING, UNIV, IA5, IA5STRING, UTF8, +UTF8String, BMP, BMPSTRING, VISIBLESTRING, +VISIBLE, PRINTABLESTRING, PRINTABLE, T61, +T61STRING, TELETEXSTRING, GeneralString, NUMERICSTRING, +NUMERIC
    + +
    +

    These encode the corresponding string types. value represents the +contents of this structure. The format can be ASCII or UTF8.

    +
    +
    SEQUENCE, SEQ, SET
    + +
    +

    Formats the result as an ASN1 SEQUENCE or SET type. value +should be a section name which will contain the contents. The +field names in the section are ignored and the values are in the +generated string format. If value is absent then an empty SEQUENCE +will be encoded.

    +
    +
    +

    +

    +

    Modifiers

    +

    Modifiers affect the following structure, they can be used to +add EXPLICIT or IMPLICIT tagging, add wrappers or to change +the string format of the final type and value. The supported +formats are documented below.

    +
    +
    EXPLICIT, EXP
    + +
    +

    Add an explicit tag to the following structure. This string +should be followed by a colon and the tag value to use as a +decimal value.

    +

    By following the number with U, A, P or C UNIVERSAL, +APPLICATION, PRIVATE or CONTEXT SPECIFIC tagging can be used, +the default is CONTEXT SPECIFIC.

    +
    +
    IMPLICIT, IMP
    + +
    +

    This is the same as EXPLICIT except IMPLICIT tagging is used +instead.

    +
    +
    OCTWRAP, SEQWRAP, SETWRAP, BITWRAP
    + +
    +

    The following structure is surrounded by an OCTET STRING, a SEQUENCE, +a SET or a BIT STRING respectively. For a BIT STRING the number of unused +bits is set to zero.

    +
    +
    FORMAT
    + +
    +

    This specifies the format of the ultimate value. It should be followed +by a colon and one of the strings ASCII, UTF8, HEX or BITLIST.

    +

    If no format specifier is included then ASCII is used. If UTF8 is +specified then the value string must be a valid UTF8 string. For HEX the +output must be a set of hex digits. BITLIST (which is only valid for a BIT +STRING) is a comma separated list of the indices of the set bits, all other +bits are zero.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    ASN1_generate_nconf() and ASN1_generate_v3() return the encoded +data as an ASN1_TYPE structure or NULL if an error occurred.

    +

    The error codes that can be obtained by ERR_get_error(3).

    +

    +

    +
    +

    EXAMPLES

    +

    A simple IA5String:

    +
    + IA5STRING:Hello World
    +

    An IA5String explicitly tagged:

    +
    + EXPLICIT:0,IA5STRING:Hello World
    +

    An IA5String explicitly tagged using APPLICATION tagging:

    +
    + EXPLICIT:0A,IA5STRING:Hello World
    +

    A BITSTRING with bits 1 and 5 set and all others zero:

    +
    + FORMAT:BITLIST,BITSTRING:1,5
    +

    A more complex example using a config file to produce a +SEQUENCE consisting of a BOOL an OID and a UTF8String:

    +
    + asn1 = SEQUENCE:seq_section
    +
    + [seq_section]
    +
    + field1 = BOOLEAN:TRUE
+ field2 = OID:commonName
+ field3 = UTF8:Third field
    +

    This example produces an RSAPrivateKey structure, this is the +key contained in the file client.pem in all OpenSSL distributions +(note: the field names such as 'coeff' are ignored and are present just +for clarity):

    +
    + asn1=SEQUENCE:private_key
+ [private_key]
+ version=INTEGER:0
    +
    + n=INTEGER:0xBB6FE79432CC6EA2D8F970675A5A87BFBE1AFF0BE63E879F2AFFB93644\
+ D4D2C6D000430DEC66ABF47829E74B8C5108623A1C0EE8BE217B3AD8D36D5EB4FCA1D9
    +
    + e=INTEGER:0x010001
    +
    + d=INTEGER:0x6F05EAD2F27FFAEC84BEC360C4B928FD5F3A9865D0FCAAD291E2A52F4A\
+ F810DC6373278C006A0ABBA27DC8C63BF97F7E666E27C5284D7D3B1FFFE16B7A87B51D
    +
    + p=INTEGER:0xF3929B9435608F8A22C208D86795271D54EBDFB09DDEF539AB083DA912\
+ D4BD57
    +
    + q=INTEGER:0xC50016F89DFF2561347ED1186A46E150E28BF2D0F539A1594BBD7FE467\
+ 46EC4F
    +
    + exp1=INTEGER:0x9E7D4326C924AFC1DEA40B45650134966D6F9DFA3A7F9D698CD4ABEA\
+ 9C0A39B9
    +
    + exp2=INTEGER:0xBA84003BB95355AFB7C50DF140C60513D0BA51D637272E355E397779\
+ E7B2458F
    +
    + coeff=INTEGER:0x30B9E4F2AFA5AC679F920FC83F1F2DF1BAF1779CF989447FABC2F5\
+ 628657053A
    +

    This example is the corresponding public key in a SubjectPublicKeyInfo +structure:

    +
    + # Start with a SEQUENCE
+ asn1=SEQUENCE:pubkeyinfo
    +
    + # pubkeyinfo contains an algorithm identifier and the public key wrapped
+ # in a BIT STRING
+ [pubkeyinfo]
+ algorithm=SEQUENCE:rsa_alg
+ pubkey=BITWRAP,SEQUENCE:rsapubkey
    +
    + # algorithm ID for RSA is just an OID and a NULL
+ [rsa_alg]
+ algorithm=OID:rsaEncryption
+ parameter=NULL
    +
    + # Actual public key: modulus and exponent
+ [rsapubkey]
+ n=INTEGER:0xBB6FE79432CC6EA2D8F970675A5A87BFBE1AFF0BE63E879F2AFFB93644\
+ D4D2C6D000430DEC66ABF47829E74B8C5108623A1C0EE8BE217B3AD8D36D5EB4FCA1D9
    +
    + e=INTEGER:0x010001
    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/ASYNC_WAIT_CTX_new.html b/linux_amd64/share/doc/openssl/html/man3/ASYNC_WAIT_CTX_new.html new file mode 100755 index 0000000..2f26b4a --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/ASYNC_WAIT_CTX_new.html @@ -0,0 +1,252 @@ + + + + +ASYNC_WAIT_CTX_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    ASYNC_WAIT_CTX_new, ASYNC_WAIT_CTX_free, ASYNC_WAIT_CTX_set_wait_fd, +ASYNC_WAIT_CTX_get_fd, ASYNC_WAIT_CTX_get_all_fds, +ASYNC_WAIT_CTX_get_changed_fds, ASYNC_WAIT_CTX_clear_fd, +ASYNC_WAIT_CTX_set_callback, ASYNC_WAIT_CTX_get_callback, +ASYNC_WAIT_CTX_set_status, ASYNC_WAIT_CTX_get_status, ASYNC_callback_fn, +ASYNC_STATUS_UNSUPPORTED, ASYNC_STATUS_ERR, ASYNC_STATUS_OK, +ASYNC_STATUS_EAGAIN +- functions to manage waiting for asynchronous jobs to complete

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/async.h>
    +
    + #define ASYNC_STATUS_UNSUPPORTED    0
+ #define ASYNC_STATUS_ERR            1
+ #define ASYNC_STATUS_OK             2
+ #define ASYNC_STATUS_EAGAIN         3
+ typedef int (*ASYNC_callback_fn)(void *arg);
+ ASYNC_WAIT_CTX *ASYNC_WAIT_CTX_new(void);
+ void ASYNC_WAIT_CTX_free(ASYNC_WAIT_CTX *ctx);
+ int ASYNC_WAIT_CTX_set_wait_fd(ASYNC_WAIT_CTX *ctx, const void *key,
+                                OSSL_ASYNC_FD fd,
+                                void *custom_data,
+                                void (*cleanup)(ASYNC_WAIT_CTX *, const void *,
+                                                OSSL_ASYNC_FD, void *));
+ int ASYNC_WAIT_CTX_get_fd(ASYNC_WAIT_CTX *ctx, const void *key,
+                           OSSL_ASYNC_FD *fd, void **custom_data);
+ int ASYNC_WAIT_CTX_get_all_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *fd,
+                                size_t *numfds);
+ int ASYNC_WAIT_CTX_get_changed_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *addfd,
+                                    size_t *numaddfds, OSSL_ASYNC_FD *delfd,
+                                    size_t *numdelfds);
+ int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key);
+ int ASYNC_WAIT_CTX_set_callback(ASYNC_WAIT_CTX *ctx,
+                                 ASYNC_callback_fn callback,
+                                 void *callback_arg);
+ int ASYNC_WAIT_CTX_get_callback(ASYNC_WAIT_CTX *ctx,
+                                 ASYNC_callback_fn *callback,
+                                 void **callback_arg);
+ int ASYNC_WAIT_CTX_set_status(ASYNC_WAIT_CTX *ctx, int status);
+ int ASYNC_WAIT_CTX_get_status(ASYNC_WAIT_CTX *ctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    For an overview of how asynchronous operations are implemented in OpenSSL see +ASYNC_start_job(3). An ASYNC_WAIT_CTX object represents an asynchronous +"session", i.e. a related set of crypto operations. For example in SSL terms +this would have a one-to-one correspondence with an SSL connection.

    +

    Application code must create an ASYNC_WAIT_CTX using the ASYNC_WAIT_CTX_new() +function prior to calling ASYNC_start_job() (see ASYNC_start_job(3)). When +the job is started it is associated with the ASYNC_WAIT_CTX for the duration +of that job. An ASYNC_WAIT_CTX should only be used for one ASYNC_JOB at +any one time, but can be reused after an ASYNC_JOB has finished for a +subsequent ASYNC_JOB. When the session is complete (e.g. the SSL connection +is closed), application code cleans up with ASYNC_WAIT_CTX_free().

    +

    ASYNC_WAIT_CTXs can have "wait" file descriptors associated with them. +Calling ASYNC_WAIT_CTX_get_all_fds() and passing in a pointer to an +ASYNC_WAIT_CTX in the ctx parameter will return the wait file descriptors +associated with that job in *fd. The number of file descriptors returned will +be stored in *numfds. It is the caller's responsibility to ensure that +sufficient memory has been allocated in *fd to receive all the file +descriptors. Calling ASYNC_WAIT_CTX_get_all_fds() with a NULL fd value will +return no file descriptors but will still populate *numfds. Therefore +application code is typically expected to call this function twice: once to get +the number of fds, and then again when sufficient memory has been allocated. If +only one asynchronous engine is being used then normally this call will only +ever return one fd. If multiple asynchronous engines are being used then more +could be returned.

    +

    The function ASYNC_WAIT_CTX_get_changed_fds() can be used to detect if any fds +have changed since the last call time ASYNC_start_job() returned ASYNC_PAUSE +(or since the ASYNC_WAIT_CTX was created if no ASYNC_PAUSE result has +been received). The numaddfds and numdelfds parameters will be populated +with the number of fds added or deleted respectively. *addfd and *delfd +will be populated with the list of added and deleted fds respectively. Similarly +to ASYNC_WAIT_CTX_get_all_fds() either of these can be NULL, but if they are not +NULL then the caller is responsible for ensuring sufficient memory is allocated.

    +

    Implementors of async aware code (e.g. engines) are encouraged to return a +stable fd for the lifetime of the ASYNC_WAIT_CTX in order to reduce the +"churn" of regularly changing fds - although no guarantees of this are provided +to applications.

    +

    Applications can wait for the file descriptor to be ready for "read" using a +system function call such as select or poll (being ready for "read" indicates +that the job should be resumed). If no file descriptor is made available then an +application will have to periodically "poll" the job by attempting to restart it +to see if it is ready to continue.

    +

    Async aware code (e.g. engines) can get the current ASYNC_WAIT_CTX from the +job via ASYNC_get_wait_ctx(3) and provide a file descriptor to use for +waiting on by calling ASYNC_WAIT_CTX_set_wait_fd(). Typically this would be done +by an engine immediately prior to calling ASYNC_pause_job() and not by end user +code. An existing association with a file descriptor can be obtained using +ASYNC_WAIT_CTX_get_fd() and cleared using ASYNC_WAIT_CTX_clear_fd(). Both of +these functions requires a key value which is unique to the async aware +code. This could be any unique value but a good candidate might be the +ENGINE * for the engine. The custom_data parameter can be any value, and +will be returned in a subsequent call to ASYNC_WAIT_CTX_get_fd(). The +ASYNC_WAIT_CTX_set_wait_fd() function also expects a pointer to a "cleanup" +routine. This can be NULL but if provided will automatically get called when +the ASYNC_WAIT_CTX is freed, and gives the engine the opportunity to close +the fd or any other resources. Note: The "cleanup" routine does not get called +if the fd is cleared directly via a call to ASYNC_WAIT_CTX_clear_fd().

    +

    An example of typical usage might be an async capable engine. User code would +initiate cryptographic operations. The engine would initiate those operations +asynchronously and then call ASYNC_WAIT_CTX_set_wait_fd() followed by +ASYNC_pause_job() to return control to the user code. The user code can then +perform other tasks or wait for the job to be ready by calling "select" or other +similar function on the wait file descriptor. The engine can signal to the user +code that the job should be resumed by making the wait file descriptor +"readable". Once resumed the engine should clear the wake signal on the wait +file descriptor.

    +

    As well as a file descriptor, user code may also be notified via a callback. The +callback and data pointers are stored within the ASYNC_WAIT_CTX along with an +additional status field that can be used for the notification of retries from an +engine. This additional method can be used when the user thinks that a file +descriptor is too costly in terms of CPU cycles or in some context where a file +descriptor is not appropriate.

    +

    ASYNC_WAIT_CTX_set_callback() sets the callback and the callback argument. The +callback will be called to notify user code when an engine completes a +cryptography operation. It is a requirement that the callback function is small +and non-blocking as it will be run in the context of a polling mechanism or an +interrupt.

    +

    ASYNC_WAIT_CTX_get_callback() returns the callback set in the ASYNC_WAIT_CTX +structure.

    +

    ASYNC_WAIT_CTX_set_status() allows an engine to set the current engine status. +The possible status values are the following:

    +
    +
    ASYNC_STATUS_UNSUPPORTED
    + +
    +

    The engine does not support the callback mechanism. This is the default value. +The engine must call ASYNC_WAIT_CTX_set_status() to set the status to some value +other than ASYNC_STATUS_UNSUPPORTED if it intends to enable the callback +mechanism.

    +
    +
    ASYNC_STATUS_ERR
    + +
    +

    The engine has a fatal problem with this request. The user code should clean up +this session.

    +
    +
    ASYNC_STATUS_OK
    + +
    +

    The request has been successfully submitted.

    +
    +
    ASYNC_STATUS_EAGAIN
    + +
    +

    The engine has some problem which will be recovered soon, such as a buffer is +full, so user code should resume the job.

    +
    +
    +

    ASYNC_WAIT_CTX_get_status() allows user code to obtain the current status value. +If the status is any value other than ASYNC_STATUS_OK then the user code +should not expect to receive a callback from the engine even if one has been +set.

    +

    An example of the usage of the callback method might be the following. User +code would initiate cryptographic operations, and the engine code would dispatch +this operation to hardware, and if the dispatch is successful, then the engine +code would call ASYNC_pause_job() to return control to the user code. After +that, user code can perform other tasks. When the hardware completes the +operation, normally it is detected by a polling function or an interrupt, as the +user code set a callback by calling ASYNC_WAIT_CTX_set_callback() previously, +then the registered callback will be called.

    +

    +

    +
    +

    RETURN VALUES

    +

    ASYNC_WAIT_CTX_new() returns a pointer to the newly allocated ASYNC_WAIT_CTX +or NULL on error.

    +

    ASYNC_WAIT_CTX_set_wait_fd, ASYNC_WAIT_CTX_get_fd, ASYNC_WAIT_CTX_get_all_fds, +ASYNC_WAIT_CTX_get_changed_fds, ASYNC_WAIT_CTX_clear_fd, +ASYNC_WAIT_CTX_set_callback, ASYNC_WAIT_CTX_get_callback and +ASYNC_WAIT_CTX_set_status all return 1 on success or 0 on error. +ASYNC_WAIT_CTX_get_status() returns the engine status.

    +

    +

    +
    +

    NOTES

    +

    On Windows platforms the openssl/async.h header is dependent on some +of the types customarily made available by including windows.h. The +application developer is likely to require control over when the latter +is included, commonly as one of the first included headers. Therefore +it is defined as an application developer's responsibility to include +windows.h prior to async.h.

    +

    +

    +
    +

    SEE ALSO

    +

    crypto(7), ASYNC_start_job(3)

    +

    +

    +
    +

    HISTORY

    +

    ASYNC_WAIT_CTX_new(), ASYNC_WAIT_CTX_free(), ASYNC_WAIT_CTX_set_wait_fd(), +ASYNC_WAIT_CTX_get_fd(), ASYNC_WAIT_CTX_get_all_fds(), +ASYNC_WAIT_CTX_get_changed_fds() and ASYNC_WAIT_CTX_clear_fd() +were added in OpenSSL 1.1.0.

    +

    ASYNC_WAIT_CTX_set_callback(), ASYNC_WAIT_CTX_get_callback(), +ASYNC_WAIT_CTX_set_status(), and ASYNC_WAIT_CTX_get_status() +were added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/ASYNC_start_job.html b/linux_amd64/share/doc/openssl/html/man3/ASYNC_start_job.html new file mode 100755 index 0000000..3928bdc --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/ASYNC_start_job.html @@ -0,0 +1,364 @@ + + + + +ASYNC_start_job + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    ASYNC_get_wait_ctx, +ASYNC_init_thread, ASYNC_cleanup_thread, ASYNC_start_job, ASYNC_pause_job, +ASYNC_get_current_job, ASYNC_block_pause, ASYNC_unblock_pause, ASYNC_is_capable +- asynchronous job management functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/async.h>
    +
    + int ASYNC_init_thread(size_t max_size, size_t init_size);
+ void ASYNC_cleanup_thread(void);
    +
    + int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *ctx, int *ret,
+                     int (*func)(void *), void *args, size_t size);
+ int ASYNC_pause_job(void);
    +
    + ASYNC_JOB *ASYNC_get_current_job(void);
+ ASYNC_WAIT_CTX *ASYNC_get_wait_ctx(ASYNC_JOB *job);
+ void ASYNC_block_pause(void);
+ void ASYNC_unblock_pause(void);
    +
    + int ASYNC_is_capable(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    OpenSSL implements asynchronous capabilities through an ASYNC_JOB. This +represents code that can be started and executes until some event occurs. At +that point the code can be paused and control returns to user code until some +subsequent event indicates that the job can be resumed.

    +

    The creation of an ASYNC_JOB is a relatively expensive operation. Therefore, +for efficiency reasons, jobs can be created up front and reused many times. They +are held in a pool until they are needed, at which point they are removed from +the pool, used, and then returned to the pool when the job completes. If the +user application is multi-threaded, then ASYNC_init_thread() may be called for +each thread that will initiate asynchronous jobs. Before +user code exits per-thread resources need to be cleaned up. This will normally +occur automatically (see OPENSSL_init_crypto(3)) but may be explicitly +initiated by using ASYNC_cleanup_thread(). No asynchronous jobs must be +outstanding for the thread when ASYNC_cleanup_thread() is called. Failing to +ensure this will result in memory leaks.

    +

    The max_size argument limits the number of ASYNC_JOBs that will be held in +the pool. If max_size is set to 0 then no upper limit is set. When an +ASYNC_JOB is needed but there are none available in the pool already then one +will be automatically created, as long as the total of ASYNC_JOBs managed by +the pool does not exceed max_size. When the pool is first initialised +init_size ASYNC_JOBs will be created immediately. If ASYNC_init_thread() +is not called before the pool is first used then it will be called automatically +with a max_size of 0 (no upper limit) and an init_size of 0 (no +ASYNC_JOBs created up front).

    +

    An asynchronous job is started by calling the ASYNC_start_job() function. +Initially *job should be NULL. ctx should point to an ASYNC_WAIT_CTX +object created through the ASYNC_WAIT_CTX_new(3) function. ret should +point to a location where the return value of the asynchronous function should +be stored on completion of the job. func represents the function that should +be started asynchronously. The data pointed to by args and of size size +will be copied and then passed as an argument to func when the job starts. +ASYNC_start_job will return one of the following values:

    +
    +
    ASYNC_ERR
    + +
    +

    An error occurred trying to start the job. Check the OpenSSL error queue (e.g. +see ERR_print_errors(3)) for more details.

    +
    +
    ASYNC_NO_JOBS
    + +
    +

    There are no jobs currently available in the pool. This call can be retried +again at a later time.

    +
    +
    ASYNC_PAUSE
    + +
    +

    The job was successfully started but was "paused" before it completed (see +ASYNC_pause_job() below). A handle to the job is placed in *job. Other work +can be performed (if desired) and the job restarted at a later time. To restart +a job call ASYNC_start_job() again passing the job handle in *job. The +func, args and size parameters will be ignored when restarting a job. +When restarting a job ASYNC_start_job() must be called from the same thread +that the job was originally started from.

    +
    +
    ASYNC_FINISH
    + +
    +

    The job completed. *job will be NULL and the return value from func will +be placed in *ret.

    +
    +
    +

    At any one time there can be a maximum of one job actively running per thread +(you can have many that are paused). ASYNC_get_current_job() can be used to get +a pointer to the currently executing ASYNC_JOB. If no job is currently +executing then this will return NULL.

    +

    If executing within the context of a job (i.e. having been called directly or +indirectly by the function "func" passed as an argument to ASYNC_start_job()) +then ASYNC_pause_job() will immediately return control to the calling +application with ASYNC_PAUSE returned from the ASYNC_start_job() call. A +subsequent call to ASYNC_start_job passing in the relevant ASYNC_JOB in the +*job parameter will resume execution from the ASYNC_pause_job() call. If +ASYNC_pause_job() is called whilst not within the context of a job then no +action is taken and ASYNC_pause_job() returns immediately.

    +

    ASYNC_get_wait_ctx() can be used to get a pointer to the ASYNC_WAIT_CTX +for the job. ASYNC_WAIT_CTXs contain two different ways to notify +applications that a job is ready to be resumed. One is a "wait" file +descriptor, and the other is a "callback" mechanism.

    +

    The "wait" file descriptor associated with ASYNC_WAIT_CTX is used for +applications to wait for the file descriptor to be ready for "read" using a +system function call such as select or poll (being ready for "read" indicates +that the job should be resumed). If no file descriptor is made available then +an application will have to periodically "poll" the job by attempting to restart +it to see if it is ready to continue.

    +

    ASYNC_WAIT_CTXs also have a "callback" mechanism to notify applications. The +callback is set by an application, and it will be automatically called when an +engine completes a cryptography operation, so that the application can resume +the paused work flow without polling. An engine could be written to look whether +the callback has been set. If it has then it would use the callback mechanism +in preference to the file descriptor notifications. If a callback is not set +then the engine may use file descriptor based notifications. Please note that +not all engines may support the callback mechanism, so the callback may not be +used even if it has been set. See ASYNC_WAIT_CTX_new() for more details.

    +

    The ASYNC_block_pause() function will prevent the currently active job from +pausing. The block will remain in place until a subsequent call to +ASYNC_unblock_pause(). These functions can be nested, e.g. if you call +ASYNC_block_pause() twice then you must call ASYNC_unblock_pause() twice in +order to re-enable pausing. If these functions are called while there is no +currently active job then they have no effect. This functionality can be useful +to avoid deadlock scenarios. For example during the execution of an ASYNC_JOB +an application acquires a lock. It then calls some cryptographic function which +invokes ASYNC_pause_job(). This returns control back to the code that created +the ASYNC_JOB. If that code then attempts to acquire the same lock before +resuming the original job then a deadlock can occur. By calling +ASYNC_block_pause() immediately after acquiring the lock and +ASYNC_unblock_pause() immediately before releasing it then this situation cannot +occur.

    +

    Some platforms cannot support async operations. The ASYNC_is_capable() function +can be used to detect whether the current platform is async capable or not.

    +

    +

    +
    +

    RETURN VALUES

    +

    ASYNC_init_thread returns 1 on success or 0 otherwise.

    +

    ASYNC_start_job returns one of ASYNC_ERR, ASYNC_NO_JOBS, ASYNC_PAUSE or +ASYNC_FINISH as described above.

    +

    ASYNC_pause_job returns 0 if an error occurred or 1 on success. If called when +not within the context of an ASYNC_JOB then this is counted as success so 1 +is returned.

    +

    ASYNC_get_current_job returns a pointer to the currently executing ASYNC_JOB +or NULL if not within the context of a job.

    +

    ASYNC_get_wait_ctx() returns a pointer to the ASYNC_WAIT_CTX for the job.

    +

    ASYNC_is_capable() returns 1 if the current platform is async capable or 0 +otherwise.

    +

    +

    +
    +

    NOTES

    +

    On Windows platforms the openssl/async.h header is dependent on some +of the types customarily made available by including windows.h. The +application developer is likely to require control over when the latter +is included, commonly as one of the first included headers. Therefore +it is defined as an application developer's responsibility to include +windows.h prior to async.h.

    +

    +

    +
    +

    EXAMPLES

    +

    The following example demonstrates how to use most of the core async APIs:

    +
    + #ifdef _WIN32
+ # include <windows.h>
+ #endif
+ #include <stdio.h>
+ #include <unistd.h>
+ #include <openssl/async.h>
+ #include <openssl/crypto.h>
    +
    + int unique = 0;
    +
    + void cleanup(ASYNC_WAIT_CTX *ctx, const void *key, OSSL_ASYNC_FD r, void *vw)
+ {
+     OSSL_ASYNC_FD *w = (OSSL_ASYNC_FD *)vw;
    +
    +     close(r);
+     close(*w);
+     OPENSSL_free(w);
+ }
    +
    + int jobfunc(void *arg)
+ {
+     ASYNC_JOB *currjob;
+     unsigned char *msg;
+     int pipefds[2] = {0, 0};
+     OSSL_ASYNC_FD *wptr;
+     char buf = 'X';
    +
    +     currjob = ASYNC_get_current_job();
+     if (currjob != NULL) {
+         printf("Executing within a job\n");
+     } else {
+         printf("Not executing within a job - should not happen\n");
+         return 0;
+     }
    +
    +     msg = (unsigned char *)arg;
+     printf("Passed in message is: %s\n", msg);
    +
    +     if (pipe(pipefds) != 0) {
+         printf("Failed to create pipe\n");
+         return 0;
+     }
+     wptr = OPENSSL_malloc(sizeof(OSSL_ASYNC_FD));
+     if (wptr == NULL) {
+         printf("Failed to malloc\n");
+         return 0;
+     }
+     *wptr = pipefds[1];
+     ASYNC_WAIT_CTX_set_wait_fd(ASYNC_get_wait_ctx(currjob), &unique,
+                                pipefds[0], wptr, cleanup);
    +
    +     /*
+      * Normally some external event would cause this to happen at some
+      * later point - but we do it here for demo purposes, i.e.
+      * immediately signalling that the job is ready to be woken up after
+      * we return to main via ASYNC_pause_job().
+      */
+     write(pipefds[1], &buf, 1);
    +
    +     /* Return control back to main */
+     ASYNC_pause_job();
    +
    +     /* Clear the wake signal */
+     read(pipefds[0], &buf, 1);
    +
    +     printf ("Resumed the job after a pause\n");
    +
    +     return 1;
+ }
    +
    + int main(void)
+ {
+     ASYNC_JOB *job = NULL;
+     ASYNC_WAIT_CTX *ctx = NULL;
+     int ret;
+     OSSL_ASYNC_FD waitfd;
+     fd_set waitfdset;
+     size_t numfds;
+     unsigned char msg[13] = "Hello world!";
    +
    +     printf("Starting...\n");
    +
    +     ctx = ASYNC_WAIT_CTX_new();
+     if (ctx == NULL) {
+         printf("Failed to create ASYNC_WAIT_CTX\n");
+         abort();
+     }
    +
    +     for (;;) {
+         switch (ASYNC_start_job(&job, ctx, &ret, jobfunc, msg, sizeof(msg))) {
+         case ASYNC_ERR:
+         case ASYNC_NO_JOBS:
+             printf("An error occurred\n");
+             goto end;
+         case ASYNC_PAUSE:
+             printf("Job was paused\n");
+             break;
+         case ASYNC_FINISH:
+             printf("Job finished with return value %d\n", ret);
+             goto end;
+         }
    +
    +         /* Wait for the job to be woken */
+         printf("Waiting for the job to be woken up\n");
    +
    +         if (!ASYNC_WAIT_CTX_get_all_fds(ctx, NULL, &numfds)
+                 || numfds > 1) {
+             printf("Unexpected number of fds\n");
+             abort();
+         }
+         ASYNC_WAIT_CTX_get_all_fds(ctx, &waitfd, &numfds);
+         FD_ZERO(&waitfdset);
+         FD_SET(waitfd, &waitfdset);
+         select(waitfd + 1, &waitfdset, NULL, NULL, NULL);
+     }
    +
    + end:
+     ASYNC_WAIT_CTX_free(ctx);
+     printf("Finishing\n");
    +
    +     return 0;
+ }
    +

    The expected output from executing the above example program is:

    +
    + Starting...
+ Executing within a job
+ Passed in message is: Hello world!
+ Job was paused
+ Waiting for the job to be woken up
+ Resumed the job after a pause
+ Job finished with return value 1
+ Finishing
    +

    +

    +
    +

    SEE ALSO

    +

    crypto(7), ERR_print_errors(3)

    +

    +

    +
    +

    HISTORY

    +

    ASYNC_init_thread, ASYNC_cleanup_thread, +ASYNC_start_job, ASYNC_pause_job, ASYNC_get_current_job, ASYNC_get_wait_ctx(), +ASYNC_block_pause(), ASYNC_unblock_pause() and ASYNC_is_capable() were first +added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/BF_encrypt.html b/linux_amd64/share/doc/openssl/html/man3/BF_encrypt.html new file mode 100755 index 0000000..8eea641 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/BF_encrypt.html @@ -0,0 +1,161 @@ + + + + +BF_encrypt + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BF_set_key, BF_encrypt, BF_decrypt, BF_ecb_encrypt, BF_cbc_encrypt, +BF_cfb64_encrypt, BF_ofb64_encrypt, BF_options - Blowfish encryption

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/blowfish.h>
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + void BF_set_key(BF_KEY *key, int len, const unsigned char *data);
    +
    + void BF_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                     BF_KEY *key, int enc);
+ void BF_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                     long length, BF_KEY *schedule,
+                     unsigned char *ivec, int enc);
+ void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                       long length, BF_KEY *schedule,
+                       unsigned char *ivec, int *num, int enc);
+ void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                       long length, BF_KEY *schedule,
+                       unsigned char *ivec, int *num);
+ const char *BF_options(void);
    +
    + void BF_encrypt(BF_LONG *data, const BF_KEY *key);
+ void BF_decrypt(BF_LONG *data, const BF_KEY *key);
    +

    +

    +
    +

    DESCRIPTION

    +

    All of the functions described on this page are deprecated. Applications should +instead use EVP_EncryptInit_ex(3), EVP_EncryptUpdate(3) and +EVP_EncryptFinal_ex(3) or the equivalently named decrypt functions.

    +

    This library implements the Blowfish cipher, which was invented and described +by Counterpane (see http://www.counterpane.com/blowfish.html ).

    +

    Blowfish is a block cipher that operates on 64 bit (8 byte) blocks of data. +It uses a variable size key, but typically, 128 bit (16 byte) keys are +considered good for strong encryption. Blowfish can be used in the same +modes as DES (see des_modes(7)). Blowfish is currently one +of the faster block ciphers. It is quite a bit faster than DES, and much +faster than IDEA or RC2.

    +

    Blowfish consists of a key setup phase and the actual encryption or decryption +phase.

    +

    BF_set_key() sets up the BF_KEY key using the len bytes long key +at data.

    +

    BF_ecb_encrypt() is the basic Blowfish encryption and decryption function. +It encrypts or decrypts the first 64 bits of in using the key key, +putting the result in out. enc decides if encryption (BF_ENCRYPT) +or decryption (BF_DECRYPT) shall be performed. The vector pointed at by +in and out must be 64 bits in length, no less. If they are larger, +everything after the first 64 bits is ignored.

    +

    The mode functions BF_cbc_encrypt(), BF_cfb64_encrypt() and BF_ofb64_encrypt() +all operate on variable length data. They all take an initialization vector +ivec which needs to be passed along into the next call of the same function +for the same message. ivec may be initialized with anything, but the +recipient needs to know what it was initialized with, or it won't be able +to decrypt. Some programs and protocols simplify this, like SSH, where +ivec is simply initialized to zero. +BF_cbc_encrypt() operates on data that is a multiple of 8 bytes long, while +BF_cfb64_encrypt() and BF_ofb64_encrypt() are used to encrypt an variable +number of bytes (the amount does not have to be an exact multiple of 8). The +purpose of the latter two is to simulate stream ciphers, and therefore, they +need the parameter num, which is a pointer to an integer where the current +offset in ivec is stored between calls. This integer must be initialized +to zero when ivec is initialized.

    +

    BF_cbc_encrypt() is the Cipher Block Chaining function for Blowfish. It +encrypts or decrypts the 64 bits chunks of in using the key schedule, +putting the result in out. enc decides if encryption (BF_ENCRYPT) or +decryption (BF_DECRYPT) shall be performed. ivec must point at an 8 byte +long initialization vector.

    +

    BF_cfb64_encrypt() is the CFB mode for Blowfish with 64 bit feedback. +It encrypts or decrypts the bytes in in using the key schedule, +putting the result in out. enc decides if encryption (BF_ENCRYPT) +or decryption (BF_DECRYPT) shall be performed. ivec must point at an +8 byte long initialization vector. num must point at an integer which must +be initially zero.

    +

    BF_ofb64_encrypt() is the OFB mode for Blowfish with 64 bit feedback. +It uses the same parameters as BF_cfb64_encrypt(), which must be initialized +the same way.

    +

    BF_encrypt() and BF_decrypt() are the lowest level functions for Blowfish +encryption. They encrypt/decrypt the first 64 bits of the vector pointed by +data, using the key key. These functions should not be used unless you +implement 'modes' of Blowfish. The alternative is to use BF_ecb_encrypt(). +If you still want to use these functions, you should be aware that they take +each 32-bit chunk in host-byte order, which is little-endian on little-endian +platforms and big-endian on big-endian ones.

    +

    +

    +
    +

    RETURN VALUES

    +

    None of the functions presented here return any value.

    +

    +

    +
    +

    NOTE

    +

    Applications should use the higher level functions +EVP_EncryptInit(3) etc. instead of calling these +functions directly.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_EncryptInit(3), +des_modes(7)

    +

    +

    +
    +

    HISTORY

    +

    All of these functions were deprecated in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/BIO_ADDR.html b/linux_amd64/share/doc/openssl/html/man3/BIO_ADDR.html new file mode 100755 index 0000000..d6bd1df --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/BIO_ADDR.html @@ -0,0 +1,153 @@ + + + + +BIO_ADDR + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BIO_ADDR, BIO_ADDR_new, BIO_ADDR_clear, BIO_ADDR_free, BIO_ADDR_rawmake, +BIO_ADDR_family, BIO_ADDR_rawaddress, BIO_ADDR_rawport, +BIO_ADDR_hostname_string, BIO_ADDR_service_string, +BIO_ADDR_path_string - BIO_ADDR routines

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <sys/types.h>
+ #include <openssl/bio.h>
    +
    + typedef union bio_addr_st BIO_ADDR;
    +
    + BIO_ADDR *BIO_ADDR_new(void);
+ void BIO_ADDR_free(BIO_ADDR *);
+ void BIO_ADDR_clear(BIO_ADDR *ap);
+ int BIO_ADDR_rawmake(BIO_ADDR *ap, int family,
+                      const void *where, size_t wherelen, unsigned short port);
+ int BIO_ADDR_family(const BIO_ADDR *ap);
+ int BIO_ADDR_rawaddress(const BIO_ADDR *ap, void *p, size_t *l);
+ unsigned short BIO_ADDR_rawport(const BIO_ADDR *ap);
+ char *BIO_ADDR_hostname_string(const BIO_ADDR *ap, int numeric);
+ char *BIO_ADDR_service_string(const BIO_ADDR *ap, int numeric);
+ char *BIO_ADDR_path_string(const BIO_ADDR *ap);
    +

    +

    +
    +

    DESCRIPTION

    +

    The BIO_ADDR type is a wrapper around all types of socket +addresses that OpenSSL deals with, currently transparently +supporting AF_INET, AF_INET6 and AF_UNIX according to what's +available on the platform at hand.

    +

    BIO_ADDR_new() creates a new unfilled BIO_ADDR, to be used +with routines that will fill it with information, such as +BIO_accept_ex().

    +

    BIO_ADDR_free() frees a BIO_ADDR created with BIO_ADDR_new().

    +

    BIO_ADDR_clear() clears any data held within the provided BIO_ADDR and sets +it back to an uninitialised state.

    +

    BIO_ADDR_rawmake() takes a protocol family, an byte array of +size wherelen with an address in network byte order pointed at +by where and a port number in network byte order in port (except +for the AF_UNIX protocol family, where port is meaningless and +therefore ignored) and populates the given BIO_ADDR with them. +In case this creates a AF_UNIX BIO_ADDR, wherelen is expected +to be the length of the path string (not including the terminating +NUL, such as the result of a call to strlen()). +Read on about the addresses in RAW ADDRESSES below.

    +

    BIO_ADDR_family() returns the protocol family of the given +BIO_ADDR. The possible non-error results are one of the +constants AF_INET, AF_INET6 and AF_UNIX. It will also return AF_UNSPEC if the +BIO_ADDR has not been initialised.

    +

    BIO_ADDR_rawaddress() will write the raw address of the given +BIO_ADDR in the area pointed at by p if p is non-NULL, +and will set *l to be the amount of bytes the raw address +takes up if l is non-NULL. +A technique to only find out the size of the address is a call +with p set to NULL. The raw address will be in network byte +order, most significant byte first. +In case this is a AF_UNIX BIO_ADDR, l gets the length of the +path string (not including the terminating NUL, such as the result of +a call to strlen()). +Read on about the addresses in RAW ADDRESSES below.

    +

    BIO_ADDR_rawport() returns the raw port of the given BIO_ADDR. +The raw port will be in network byte order.

    +

    BIO_ADDR_hostname_string() returns a character string with the +hostname of the given BIO_ADDR. If numeric is 1, the string +will contain the numerical form of the address. This only works for +BIO_ADDR of the protocol families AF_INET and AF_INET6. The +returned string has been allocated on the heap and must be freed +with OPENSSL_free().

    +

    BIO_ADDR_service_string() returns a character string with the +service name of the port of the given BIO_ADDR. If numeric +is 1, the string will contain the port number. This only works +for BIO_ADDR of the protocol families AF_INET and AF_INET6. The +returned string has been allocated on the heap and must be freed +with OPENSSL_free().

    +

    BIO_ADDR_path_string() returns a character string with the path +of the given BIO_ADDR. This only works for BIO_ADDR of the +protocol family AF_UNIX. The returned string has been allocated +on the heap and must be freed with OPENSSL_free().

    +

    +

    +
    +

    RAW ADDRESSES

    +

    Both BIO_ADDR_rawmake() and BIO_ADDR_rawaddress() take a pointer to a +network byte order address of a specific site. Internally, those are +treated as a pointer to struct in_addr (for AF_INET), struct +in6_addr (for AF_INET6) or char * (for AF_UNIX), all +depending on the protocol family the address is for.

    +

    +

    +
    +

    RETURN VALUES

    +

    The string producing functions BIO_ADDR_hostname_string(), +BIO_ADDR_service_string() and BIO_ADDR_path_string() will +return NULL on error and leave an error indication on the +OpenSSL error stack.

    +

    All other functions described here return 0 or NULL when the +information they should return isn't available.

    +

    +

    +
    +

    SEE ALSO

    +

    BIO_connect(3), BIO_s_connect(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/BIO_ADDRINFO.html b/linux_amd64/share/doc/openssl/html/man3/BIO_ADDRINFO.html new file mode 100755 index 0000000..76da541 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/BIO_ADDRINFO.html @@ -0,0 +1,142 @@ + + + + +BIO_ADDRINFO + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BIO_lookup_type, +BIO_ADDRINFO, BIO_ADDRINFO_next, BIO_ADDRINFO_free, +BIO_ADDRINFO_family, BIO_ADDRINFO_socktype, BIO_ADDRINFO_protocol, +BIO_ADDRINFO_address, +BIO_lookup_ex, +BIO_lookup +- BIO_ADDRINFO type and routines

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <sys/types.h>
+ #include <openssl/bio.h>
    +
    + typedef union bio_addrinfo_st BIO_ADDRINFO;
    +
    + enum BIO_lookup_type {
+     BIO_LOOKUP_CLIENT, BIO_LOOKUP_SERVER
+ };
    +
    + int BIO_lookup_ex(const char *host, const char *service, int lookup_type,
+                   int family, int socktype, int protocol, BIO_ADDRINFO **res);
+ int BIO_lookup(const char *node, const char *service,
+                enum BIO_lookup_type lookup_type,
+                int family, int socktype, BIO_ADDRINFO **res);
    +
    + const BIO_ADDRINFO *BIO_ADDRINFO_next(const BIO_ADDRINFO *bai);
+ int BIO_ADDRINFO_family(const BIO_ADDRINFO *bai);
+ int BIO_ADDRINFO_socktype(const BIO_ADDRINFO *bai);
+ int BIO_ADDRINFO_protocol(const BIO_ADDRINFO *bai);
+ const BIO_ADDR *BIO_ADDRINFO_address(const BIO_ADDRINFO *bai);
+ void BIO_ADDRINFO_free(BIO_ADDRINFO *bai);
    +

    +

    +
    +

    DESCRIPTION

    +

    The BIO_ADDRINFO type is a wrapper for address information +types provided on your platform.

    +

    BIO_ADDRINFO normally forms a chain of several that can be +picked at one by one.

    +

    BIO_lookup_ex() looks up a specified host and service, and +uses lookup_type to determine what the default address should +be if host is NULL. family, socktype and protocol are used to +determine what protocol family, socket type and protocol should be used for +the lookup. family can be any of AF_INET, AF_INET6, AF_UNIX and +AF_UNSPEC. socktype can be SOCK_STREAM, SOCK_DGRAM or 0. Specifying 0 +indicates that any type can be used. protocol specifies a protocol such as +IPPROTO_TCP, IPPROTO_UDP or IPPORTO_SCTP. If set to 0 than any protocol can be +used. res points at a pointer to hold the start of a BIO_ADDRINFO +chain.

    +

    For the family AF_UNIX, BIO_lookup_ex() will ignore the service +parameter and expects the node parameter to hold the path to the +socket file.

    +

    BIO_lookup() does the same as BIO_lookup_ex() but does not provide the ability +to select based on the protocol (any protocol may be returned).

    +

    BIO_ADDRINFO_family() returns the family of the given +BIO_ADDRINFO. The result will be one of the constants +AF_INET, AF_INET6 and AF_UNIX.

    +

    BIO_ADDRINFO_socktype() returns the socket type of the given +BIO_ADDRINFO. The result will be one of the constants +SOCK_STREAM and SOCK_DGRAM.

    +

    BIO_ADDRINFO_protocol() returns the protocol id of the given +BIO_ADDRINFO. The result will be one of the constants +IPPROTO_TCP and IPPROTO_UDP.

    +

    BIO_ADDRINFO_address() returns the underlying BIO_ADDR +of the given BIO_ADDRINFO.

    +

    BIO_ADDRINFO_next() returns the next BIO_ADDRINFO in the chain +from the given one.

    +

    BIO_ADDRINFO_free() frees the chain of BIO_ADDRINFO starting +with the given one.

    +

    +

    +
    +

    RETURN VALUES

    +

    BIO_lookup_ex() and BIO_lookup() return 1 on success and 0 when an error +occurred, and will leave an error indication on the OpenSSL error stack in that +case.

    +

    All other functions described here return 0 or NULL when the +information they should return isn't available.

    +

    +

    +
    +

    NOTES

    +

    The BIO_lookup_ex() implementation uses the platform provided getaddrinfo() +function. On Linux it is known that specifying 0 for the protocol will not +return any SCTP based addresses when calling getaddrinfo(). Therefore if an SCTP +address is required then the protocol parameter to BIO_lookup_ex() should be +explicitly set to IPPROTO_SCTP. The same may be true on other platforms.

    +

    +

    +
    +

    HISTORY

    +

    The BIO_lookup_ex() function was added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/BIO_connect.html b/linux_amd64/share/doc/openssl/html/man3/BIO_connect.html new file mode 100755 index 0000000..b6626b0 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/BIO_connect.html @@ -0,0 +1,154 @@ + + + + +BIO_connect + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BIO_socket, BIO_bind, BIO_connect, BIO_listen, BIO_accept_ex, BIO_closesocket - BIO +socket communication setup routines

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bio.h>
    +
    + int BIO_socket(int domain, int socktype, int protocol, int options);
+ int BIO_bind(int sock, const BIO_ADDR *addr, int options);
+ int BIO_connect(int sock, const BIO_ADDR *addr, int options);
+ int BIO_listen(int sock, const BIO_ADDR *addr, int options);
+ int BIO_accept_ex(int accept_sock, BIO_ADDR *peer, int options);
+ int BIO_closesocket(int sock);
    +

    +

    +
    +

    DESCRIPTION

    +

    BIO_socket() creates a socket in the domain domain, of type +socktype and protocol. Socket options are currently unused, +but is present for future use.

    +

    BIO_bind() binds the source address and service to a socket and +may be useful before calling BIO_connect(). The options may include +BIO_SOCK_REUSEADDR, which is described in FLAGS below.

    +

    BIO_connect() connects sock to the address and service given by +addr. Connection options may be zero or any combination of +BIO_SOCK_KEEPALIVE, BIO_SOCK_NONBLOCK and BIO_SOCK_NODELAY. +The flags are described in FLAGS below.

    +

    BIO_listen() has sock start listening on the address and service +given by addr. Connection options may be zero or any +combination of BIO_SOCK_KEEPALIVE, BIO_SOCK_NONBLOCK, +BIO_SOCK_NODELAY, BIO_SOCK_REUSEADDR and BIO_SOCK_V6_ONLY. +The flags are described in FLAGS below.

    +

    BIO_accept_ex() waits for an incoming connections on the given +socket accept_sock. When it gets a connection, the address and +port of the peer gets stored in peer if that one is non-NULL. +Accept options may be zero or BIO_SOCK_NONBLOCK, and is applied +on the accepted socket. The flags are described in FLAGS below.

    +

    BIO_closesocket() closes sock.

    +

    +

    +
    +

    FLAGS

    +
    +
    BIO_SOCK_KEEPALIVE
    + +
    +

    Enables regular sending of keep-alive messages.

    +
    +
    BIO_SOCK_NONBLOCK
    + +
    +

    Sets the socket to non-blocking mode.

    +
    +
    BIO_SOCK_NODELAY
    + +
    +

    Corresponds to TCP_NODELAY, and disables the Nagle algorithm. With +this set, any data will be sent as soon as possible instead of being +buffered until there's enough for the socket to send out in one go.

    +
    +
    BIO_SOCK_REUSEADDR
    + +
    +

    Try to reuse the address and port combination for a recently closed +port.

    +
    +
    BIO_SOCK_V6_ONLY
    + +
    +

    When creating an IPv6 socket, make it only listen for IPv6 addresses +and not IPv4 addresses mapped to IPv6.

    +
    +
    +

    These flags are bit flags, so they are to be combined with the +| operator, for example:

    +
    + BIO_connect(sock, addr, BIO_SOCK_KEEPALIVE | BIO_SOCK_NONBLOCK);
    +

    +

    +
    +

    RETURN VALUES

    +

    BIO_socket() returns the socket number on success or INVALID_SOCKET +(-1) on error. When an error has occurred, the OpenSSL error stack +will hold the error data and errno has the system error.

    +

    BIO_bind(), BIO_connect() and BIO_listen() return 1 on success or 0 on error. +When an error has occurred, the OpenSSL error stack will hold the error +data and errno has the system error.

    +

    BIO_accept_ex() returns the accepted socket on success or +INVALID_SOCKET (-1) on error. When an error has occurred, the +OpenSSL error stack will hold the error data and errno has the system +error.

    +

    +

    +
    +

    SEE ALSO

    +

    BIO_ADDR(3)

    +

    +

    +
    +

    HISTORY

    +

    BIO_gethostname(), BIO_get_port(), BIO_get_host_ip(), +BIO_get_accept_socket() and BIO_accept() were deprecated in OpenSSL 1.1.0. +Use the functions described above instead.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/BIO_ctrl.html b/linux_amd64/share/doc/openssl/html/man3/BIO_ctrl.html new file mode 100755 index 0000000..1966fb5 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/BIO_ctrl.html @@ -0,0 +1,177 @@ + + + + +BIO_ctrl + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BIO_ctrl, BIO_callback_ctrl, BIO_ptr_ctrl, BIO_int_ctrl, BIO_reset, +BIO_seek, BIO_tell, BIO_flush, BIO_eof, BIO_set_close, BIO_get_close, +BIO_pending, BIO_wpending, BIO_ctrl_pending, BIO_ctrl_wpending, +BIO_get_info_callback, BIO_set_info_callback, BIO_info_cb, BIO_get_ktls_send, +BIO_get_ktls_recv +- BIO control operations

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bio.h>
    +
    + typedef int BIO_info_cb(BIO *b, int state, int res);
    +
    + long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg);
+ long BIO_callback_ctrl(BIO *b, int cmd, BIO_info_cb *cb);
+ char *BIO_ptr_ctrl(BIO *bp, int cmd, long larg);
+ long BIO_int_ctrl(BIO *bp, int cmd, long larg, int iarg);
    +
    + int BIO_reset(BIO *b);
+ int BIO_seek(BIO *b, int ofs);
+ int BIO_tell(BIO *b);
+ int BIO_flush(BIO *b);
+ int BIO_eof(BIO *b);
+ int BIO_set_close(BIO *b, long flag);
+ int BIO_get_close(BIO *b);
+ int BIO_pending(BIO *b);
+ int BIO_wpending(BIO *b);
+ size_t BIO_ctrl_pending(BIO *b);
+ size_t BIO_ctrl_wpending(BIO *b);
    +
    + int BIO_get_info_callback(BIO *b, BIO_info_cb **cbp);
+ int BIO_set_info_callback(BIO *b, BIO_info_cb *cb);
    +
    + int BIO_get_ktls_send(BIO *b);
+ int BIO_get_ktls_recv(BIO *b);
    +

    +

    +
    +

    DESCRIPTION

    +

    BIO_ctrl(), BIO_callback_ctrl(), BIO_ptr_ctrl() and BIO_int_ctrl() +are BIO "control" operations taking arguments of various types. +These functions are not normally called directly, various macros +are used instead. The standard macros are described below, macros +specific to a particular type of BIO are described in the specific +BIOs manual page as well as any special features of the standard +calls.

    +

    BIO_reset() typically resets a BIO to some initial state, in the case +of file related BIOs for example it rewinds the file pointer to the +start of the file.

    +

    BIO_seek() resets a file related BIO's (that is file descriptor and +FILE BIOs) file position pointer to ofs bytes from start of file.

    +

    BIO_tell() returns the current file position of a file related BIO.

    +

    BIO_flush() normally writes out any internally buffered data, in some +cases it is used to signal EOF and that no more data will be written.

    +

    BIO_eof() returns 1 if the BIO has read EOF, the precise meaning of +"EOF" varies according to the BIO type.

    +

    BIO_set_close() sets the BIO b close flag to flag. flag can +take the value BIO_CLOSE or BIO_NOCLOSE. Typically BIO_CLOSE is used +in a source/sink BIO to indicate that the underlying I/O stream should +be closed when the BIO is freed.

    +

    BIO_get_close() returns the BIOs close flag.

    +

    BIO_pending(), BIO_ctrl_pending(), BIO_wpending() and BIO_ctrl_wpending() +return the number of pending characters in the BIOs read and write buffers. +Not all BIOs support these calls. BIO_ctrl_pending() and BIO_ctrl_wpending() +return a size_t type and are functions, BIO_pending() and BIO_wpending() are +macros which call BIO_ctrl().

    +

    BIO_get_ktls_send() returns 1 if the BIO is using the Kernel TLS data-path for +sending. Otherwise, it returns zero. +BIO_get_ktls_recv() returns 1 if the BIO is using the Kernel TLS data-path for +receiving. Otherwise, it returns zero.

    +

    +

    +
    +

    RETURN VALUES

    +

    BIO_reset() normally returns 1 for success and 0 or -1 for failure. File +BIOs are an exception, they return 0 for success and -1 for failure.

    +

    BIO_seek() and BIO_tell() both return the current file position on success +and -1 for failure, except file BIOs which for BIO_seek() always return 0 +for success and -1 for failure.

    +

    BIO_flush() returns 1 for success and 0 or -1 for failure.

    +

    BIO_eof() returns 1 if EOF has been reached 0 otherwise.

    +

    BIO_set_close() always returns 1.

    +

    BIO_get_close() returns the close flag value: BIO_CLOSE or BIO_NOCLOSE.

    +

    BIO_pending(), BIO_ctrl_pending(), BIO_wpending() and BIO_ctrl_wpending() +return the amount of pending data.

    +

    BIO_get_ktls_send() returns 1 if the BIO is using the Kernel TLS data-path for +sending. Otherwise, it returns zero. +BIO_get_ktls_recv() returns 1 if the BIO is using the Kernel TLS data-path for +receiving. Otherwise, it returns zero.

    +

    +

    +
    +

    NOTES

    +

    BIO_flush(), because it can write data may return 0 or -1 indicating +that the call should be retried later in a similar manner to BIO_write_ex(). +The BIO_should_retry() call should be used and appropriate action taken +is the call fails.

    +

    The return values of BIO_pending() and BIO_wpending() may not reliably +determine the amount of pending data in all cases. For example in the +case of a file BIO some data may be available in the FILE structures +internal buffers but it is not possible to determine this in a +portably way. For other types of BIO they may not be supported.

    +

    Filter BIOs if they do not internally handle a particular BIO_ctrl() +operation usually pass the operation to the next BIO in the chain. +This often means there is no need to locate the required BIO for +a particular operation, it can be called on a chain and it will +be automatically passed to the relevant BIO. However this can cause +unexpected results: for example no current filter BIOs implement +BIO_seek(), but this may still succeed if the chain ends in a FILE +or file descriptor BIO.

    +

    Source/sink BIOs return an 0 if they do not recognize the BIO_ctrl() +operation.

    +

    +

    +
    +

    BUGS

    +

    Some of the return values are ambiguous and care should be taken. In +particular a return value of 0 can be returned if an operation is not +supported, if an error occurred, if EOF has not been reached and in +the case of BIO_seek() on a file BIO for a successful operation.

    +

    +

    +
    +

    HISTORY

    +

    The BIO_get_ktls_send() and BIO_get_ktls_recv() functions were added in +OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/BIO_f_base64.html b/linux_amd64/share/doc/openssl/html/man3/BIO_f_base64.html new file mode 100755 index 0000000..3529fe8 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/BIO_f_base64.html @@ -0,0 +1,125 @@ + + + + +BIO_f_base64 + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BIO_f_base64 - base64 BIO filter

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bio.h>
+ #include <openssl/evp.h>
    +
    + const BIO_METHOD *BIO_f_base64(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    BIO_f_base64() returns the base64 BIO method. This is a filter +BIO that base64 encodes any data written through it and decodes +any data read through it.

    +

    Base64 BIOs do not support BIO_gets() or BIO_puts().

    +

    BIO_flush() on a base64 BIO that is being written through is +used to signal that no more data is to be encoded: this is used +to flush the final block through the BIO.

    +

    The flag BIO_FLAGS_BASE64_NO_NL can be set with BIO_set_flags() +to encode the data all on one line or expect the data to be all +on one line.

    +

    +

    +
    +

    NOTES

    +

    Because of the format of base64 encoding the end of the encoded +block cannot always be reliably determined.

    +

    +

    +
    +

    RETURN VALUES

    +

    BIO_f_base64() returns the base64 BIO method.

    +

    +

    +
    +

    EXAMPLES

    +

    Base64 encode the string "Hello World\n" and write the result +to standard output:

    +
    + BIO *bio, *b64;
+ char message[] = "Hello World \n";
    +
    + b64 = BIO_new(BIO_f_base64());
+ bio = BIO_new_fp(stdout, BIO_NOCLOSE);
+ BIO_push(b64, bio);
+ BIO_write(b64, message, strlen(message));
+ BIO_flush(b64);
    +
    + BIO_free_all(b64);
    +

    Read Base64 encoded data from standard input and write the decoded +data to standard output:

    +
    + BIO *bio, *b64, *bio_out;
+ char inbuf[512];
+ int inlen;
    +
    + b64 = BIO_new(BIO_f_base64());
+ bio = BIO_new_fp(stdin, BIO_NOCLOSE);
+ bio_out = BIO_new_fp(stdout, BIO_NOCLOSE);
+ BIO_push(b64, bio);
+ while ((inlen = BIO_read(b64, inbuf, 512)) > 0)
+     BIO_write(bio_out, inbuf, inlen);
    +
    + BIO_flush(bio_out);
+ BIO_free_all(b64);
    +

    +

    +
    +

    BUGS

    +

    The ambiguity of EOF in base64 encoded data can cause additional +data following the base64 encoded block to be misinterpreted.

    +

    There should be some way of specifying a test that the BIO can perform +to reliably determine EOF (for example a MIME boundary).

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/BIO_f_buffer.html b/linux_amd64/share/doc/openssl/html/man3/BIO_f_buffer.html new file mode 100755 index 0000000..ce2c0d5 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/BIO_f_buffer.html @@ -0,0 +1,130 @@ + + + + +BIO_f_buffer + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BIO_get_buffer_num_lines, +BIO_set_read_buffer_size, +BIO_set_write_buffer_size, +BIO_set_buffer_size, +BIO_set_buffer_read_data, +BIO_f_buffer +- buffering BIO

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bio.h>
    +
    + const BIO_METHOD *BIO_f_buffer(void);
    +
    + long BIO_get_buffer_num_lines(BIO *b);
+ long BIO_set_read_buffer_size(BIO *b, long size);
+ long BIO_set_write_buffer_size(BIO *b, long size);
+ long BIO_set_buffer_size(BIO *b, long size);
+ long BIO_set_buffer_read_data(BIO *b, void *buf, long num);
    +

    +

    +
    +

    DESCRIPTION

    +

    BIO_f_buffer() returns the buffering BIO method.

    +

    Data written to a buffering BIO is buffered and periodically written +to the next BIO in the chain. Data read from a buffering BIO comes from +an internal buffer which is filled from the next BIO in the chain. +Both BIO_gets() and BIO_puts() are supported.

    +

    Calling BIO_reset() on a buffering BIO clears any buffered data.

    +

    BIO_get_buffer_num_lines() returns the number of lines currently buffered.

    +

    BIO_set_read_buffer_size(), BIO_set_write_buffer_size() and BIO_set_buffer_size() +set the read, write or both read and write buffer sizes to size. The initial +buffer size is DEFAULT_BUFFER_SIZE, currently 4096. Any attempt to reduce the +buffer size below DEFAULT_BUFFER_SIZE is ignored. Any buffered data is cleared +when the buffer is resized.

    +

    BIO_set_buffer_read_data() clears the read buffer and fills it with num +bytes of buf. If num is larger than the current buffer size the buffer +is expanded.

    +

    +

    +
    +

    NOTES

    +

    These functions, other than BIO_f_buffer(), are implemented as macros.

    +

    Buffering BIOs implement BIO_read_ex() and BIO_gets() by using +BIO_read_ex() operations on the next BIO in the chain and storing the +result in an internal buffer, from which bytes are given back to the +caller as appropriate for the call; a BIO_gets() is guaranteed to give +the caller a whole line, and BIO_read_ex() is guaranteed to give the +caller the number of bytes it asks for, unless there's an error or end +of communication is reached in the next BIO. By prepending a +buffering BIO to a chain it is therefore possible to provide +BIO_gets() or exact size BIO_read_ex() functionality if the following +BIOs do not support it.

    +

    Do not add more than one BIO_f_buffer() to a BIO chain. The result of +doing so will force a full read of the size of the internal buffer of +the top BIO_f_buffer(), which is 4 KiB at a minimum.

    +

    Data is only written to the next BIO in the chain when the write buffer fills +or when BIO_flush() is called. It is therefore important to call BIO_flush() +whenever any pending data should be written such as when removing a buffering +BIO using BIO_pop(). BIO_flush() may need to be retried if the ultimate +source/sink BIO is non blocking.

    +

    +

    +
    +

    RETURN VALUES

    +

    BIO_f_buffer() returns the buffering BIO method.

    +

    BIO_get_buffer_num_lines() returns the number of lines buffered (may be 0).

    +

    BIO_set_read_buffer_size(), BIO_set_write_buffer_size() and BIO_set_buffer_size() +return 1 if the buffer was successfully resized or 0 for failure.

    +

    BIO_set_buffer_read_data() returns 1 if the data was set correctly or 0 if +there was an error.

    +

    +

    +
    +

    SEE ALSO

    +

    bio(7), +BIO_reset(3), +BIO_flush(3), +BIO_pop(3), +BIO_ctrl(3).

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/BIO_f_cipher.html b/linux_amd64/share/doc/openssl/html/man3/BIO_f_cipher.html new file mode 100755 index 0000000..9d1ff23 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/BIO_f_cipher.html @@ -0,0 +1,106 @@ + + + + +BIO_f_cipher + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    BIO_f_cipher, BIO_set_cipher, BIO_get_cipher_status, BIO_get_cipher_ctx - cipher BIO filter

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bio.h>
+ #include <openssl/evp.h>
    +
    + const BIO_METHOD *BIO_f_cipher(void);
+ void BIO_set_cipher(BIO *b, const EVP_CIPHER *cipher,
+                     unsigned char *key, unsigned char *iv, int enc);
+ int BIO_get_cipher_status(BIO *b)
+ int BIO_get_cipher_ctx(BIO *b, EVP_CIPHER_CTX **pctx)
    +

    +

    +
    +

    DESCRIPTION

    +

    BIO_f_cipher() returns the cipher BIO method. This is a filter +BIO that encrypts any data written through it, and decrypts any data +read from it. It is a BIO wrapper for the cipher routines +EVP_CipherInit(), EVP_CipherUpdate() and EVP_CipherFinal().

    +

    Cipher BIOs do not support BIO_gets() or BIO_puts().

    +

    BIO_flush() on an encryption BIO that is being written through is +used to signal that no more data is to be encrypted: this is used +to flush and possibly pad the final block through the BIO.

    +

    BIO_set_cipher() sets the cipher of BIO b to cipher using key key +and IV iv. enc should be set to 1 for encryption and zero for +decryption.

    +

    When reading from an encryption BIO the final block is automatically +decrypted and checked when EOF is detected. BIO_get_cipher_status() +is a BIO_ctrl() macro which can be called to determine whether the +decryption operation was successful.

    +

    BIO_get_cipher_ctx() is a BIO_ctrl() macro which retrieves the internal +BIO cipher context. The retrieved context can be used in conjunction +with the standard cipher routines to set it up. This is useful when +BIO_set_cipher() is not flexible enough for the applications needs.

    +

    +

    +
    +

    NOTES

    +

    When encrypting BIO_flush() must be called to flush the final block +through the BIO. If it is not then the final block will fail a subsequent +decrypt.

    +

    When decrypting an error on the final block is signaled by a zero +return value from the read operation. A successful decrypt followed +by EOF will also return zero for the final read. BIO_get_cipher_status() +should be called to determine if the decrypt was successful.

    +

    As always, if BIO_gets() or BIO_puts() support is needed then it can +be achieved by preceding the cipher BIO with a buffering BIO.

    +

    +

    +
    +

    RETURN VALUES

    +

    BIO_f_cipher() returns the cipher BIO method.

    +

    BIO_set_cipher() does not return a value.

    +

    BIO_get_cipher_status() returns 1 for a successful decrypt and 0 +for failure.

    +

    BIO_get_cipher_ctx() currently always returns 1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/BIO_f_md.html b/linux_amd64/share/doc/openssl/html/man3/BIO_f_md.html new file mode 100755 index 0000000..5c6cbd2 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/BIO_f_md.html @@ -0,0 +1,190 @@ + + + + +BIO_f_md + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BIO_f_md, BIO_set_md, BIO_get_md, BIO_get_md_ctx - message digest BIO filter

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bio.h>
+ #include <openssl/evp.h>
    +
    + const BIO_METHOD *BIO_f_md(void);
+ int BIO_set_md(BIO *b, EVP_MD *md);
+ int BIO_get_md(BIO *b, EVP_MD **mdp);
+ int BIO_get_md_ctx(BIO *b, EVP_MD_CTX **mdcp);
    +

    +

    +
    +

    DESCRIPTION

    +

    BIO_f_md() returns the message digest BIO method. This is a filter +BIO that digests any data passed through it, it is a BIO wrapper +for the digest routines EVP_DigestInit(), EVP_DigestUpdate() +and EVP_DigestFinal().

    +

    Any data written or read through a digest BIO using BIO_read_ex() and +BIO_write_ex() is digested.

    +

    BIO_gets(), if its size parameter is large enough finishes the +digest calculation and returns the digest value. BIO_puts() is +not supported.

    +

    BIO_reset() reinitialises a digest BIO.

    +

    BIO_set_md() sets the message digest of BIO b to md: this +must be called to initialize a digest BIO before any data is +passed through it. It is a BIO_ctrl() macro.

    +

    BIO_get_md() places the a pointer to the digest BIOs digest method +in mdp, it is a BIO_ctrl() macro.

    +

    BIO_get_md_ctx() returns the digest BIOs context into mdcp.

    +

    +

    +
    +

    NOTES

    +

    The context returned by BIO_get_md_ctx() can be used in calls +to EVP_DigestFinal() and also the signature routines EVP_SignFinal() +and EVP_VerifyFinal().

    +

    The context returned by BIO_get_md_ctx() is an internal context +structure. Changes made to this context will affect the digest +BIO itself and the context pointer will become invalid when the digest +BIO is freed.

    +

    After the digest has been retrieved from a digest BIO it must be +reinitialized by calling BIO_reset(), or BIO_set_md() before any more +data is passed through it.

    +

    If an application needs to call BIO_gets() or BIO_puts() through +a chain containing digest BIOs then this can be done by prepending +a buffering BIO.

    +

    Calling BIO_get_md_ctx() will return the context and initialize the BIO +state. This allows applications to initialize the context externally +if the standard calls such as BIO_set_md() are not sufficiently flexible.

    +

    +

    +
    +

    RETURN VALUES

    +

    BIO_f_md() returns the digest BIO method.

    +

    BIO_set_md(), BIO_get_md() and BIO_md_ctx() return 1 for success and +0 for failure.

    +

    +

    +
    +

    EXAMPLES

    +

    The following example creates a BIO chain containing an SHA1 and MD5 +digest BIO and passes the string "Hello World" through it. Error +checking has been omitted for clarity.

    +
    + BIO *bio, *mdtmp;
+ char message[] = "Hello World";
    +
    + bio = BIO_new(BIO_s_null());
+ mdtmp = BIO_new(BIO_f_md());
+ BIO_set_md(mdtmp, EVP_sha1());
+ /*
+  * For BIO_push() we want to append the sink BIO and keep a note of
+  * the start of the chain.
+  */
+ bio = BIO_push(mdtmp, bio);
+ mdtmp = BIO_new(BIO_f_md());
+ BIO_set_md(mdtmp, EVP_md5());
+ bio = BIO_push(mdtmp, bio);
+ /* Note: mdtmp can now be discarded */
+ BIO_write(bio, message, strlen(message));
    +

    The next example digests data by reading through a chain instead:

    +
    + BIO *bio, *mdtmp;
+ char buf[1024];
+ int rdlen;
    +
    + bio = BIO_new_file(file, "rb");
+ mdtmp = BIO_new(BIO_f_md());
+ BIO_set_md(mdtmp, EVP_sha1());
+ bio = BIO_push(mdtmp, bio);
+ mdtmp = BIO_new(BIO_f_md());
+ BIO_set_md(mdtmp, EVP_md5());
+ bio = BIO_push(mdtmp, bio);
+ do {
+     rdlen = BIO_read(bio, buf, sizeof(buf));
+     /* Might want to do something with the data here */
+ } while (rdlen > 0);
    +

    This next example retrieves the message digests from a BIO chain and +outputs them. This could be used with the examples above.

    +
    + BIO *mdtmp;
+ unsigned char mdbuf[EVP_MAX_MD_SIZE];
+ int mdlen;
+ int i;
    +
    + mdtmp = bio;   /* Assume bio has previously been set up */
+ do {
+     EVP_MD *md;
    +
    +     mdtmp = BIO_find_type(mdtmp, BIO_TYPE_MD);
+     if (!mdtmp)
+         break;
+     BIO_get_md(mdtmp, &md);
+     printf("%s digest", OBJ_nid2sn(EVP_MD_type(md)));
+     mdlen = BIO_gets(mdtmp, mdbuf, EVP_MAX_MD_SIZE);
+     for (i = 0; i < mdlen; i++) printf(":%02X", mdbuf[i]);
+     printf("\n");
+     mdtmp = BIO_next(mdtmp);
+ } while (mdtmp);
    +
    + BIO_free_all(bio);
    +

    +

    +
    +

    BUGS

    +

    The lack of support for BIO_puts() and the non standard behaviour of +BIO_gets() could be regarded as anomalous. It could be argued that BIO_gets() +and BIO_puts() should be passed to the next BIO in the chain and digest +the data passed through and that digests should be retrieved using a +separate BIO_ctrl() call.

    +

    +

    +
    +

    HISTORY

    +

    Before OpenSSL 1.0.0., the call to BIO_get_md_ctx() would only work if the +BIO was initialized first.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/BIO_f_null.html b/linux_amd64/share/doc/openssl/html/man3/BIO_f_null.html new file mode 100755 index 0000000..d2f58d7 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/BIO_f_null.html @@ -0,0 +1,75 @@ + + + + +BIO_f_null + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    BIO_f_null - null filter

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bio.h>
    +
    + const BIO_METHOD *BIO_f_null(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    BIO_f_null() returns the null filter BIO method. This is a filter BIO +that does nothing.

    +

    All requests to a null filter BIO are passed through to the next BIO in +the chain: this means that a BIO chain containing a null filter BIO +behaves just as though the BIO was not there.

    +

    +

    +
    +

    NOTES

    +

    As may be apparent a null filter BIO is not particularly useful.

    +

    +

    +
    +

    RETURN VALUES

    +

    BIO_f_null() returns the null filter BIO method.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/BIO_f_prefix.html b/linux_amd64/share/doc/openssl/html/man3/BIO_f_prefix.html new file mode 100755 index 0000000..07ef7fe --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/BIO_f_prefix.html @@ -0,0 +1,101 @@ + + + + +BIO_f_prefix + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BIO_f_prefix, BIO_set_prefix, BIO_set_indent, BIO_get_indent +- prefix BIO filter

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bio.h>
    +
    + const BIO_METHOD *BIO_f_prefix(void);
+ long BIO_set_prefix(BIO *b, const char *prefix);
+ long BIO_set_indent(BIO *b, long indent);
+ long BIO_get_indent(BIO *b);
    +

    +

    +
    +

    DESCRIPTION

    +

    BIO_f_cipher() returns the prefix BIO method. This is a filter for +text output, where each line gets automatically prefixed and indented +according to user input.

    +

    The prefix and the indentation are combined. For each line of output +going through this filter, the prefix is output first, then the amount +of additional spaces indicated by the indentation, and then the line +itself.

    +

    By default, there is no prefix, and indentation is set to 0.

    +

    BIO_set_prefix() sets the prefix to be used for future lines of +text, using prefix. prefix may be NULL, signifying that there +should be no prefix. If prefix isn't NULL, this function makes a +copy of it.

    +

    BIO_set_indent() sets the indentation to be used for future lines of +text, using indent. Negative values are not allowed.

    +

    BIO_get_indent() gets the current indentation.

    +

    +

    +
    +

    NOTES

    +

    BIO_set_prefix(), BIO_set_indent() and BIO_get_indent() are +implemented as macros.

    +

    +

    +
    +

    RETURN VALUES

    +

    BIO_f_prefix() returns the prefix BIO method.

    +

    BIO_set_prefix() returns 1 if the prefix was correctly set, or 0 on +failure.

    +

    BIO_set_indent() returns 1 if the prefix was correctly set, or 0 on +failure.

    +

    BIO_get_indent() returns the current indentation.

    +

    +

    +
    +

    SEE ALSO

    +

    bio(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/BIO_f_ssl.html b/linux_amd64/share/doc/openssl/html/man3/BIO_f_ssl.html new file mode 100755 index 0000000..91ee468 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/BIO_f_ssl.html @@ -0,0 +1,322 @@ + + + + +BIO_f_ssl + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BIO_do_handshake, +BIO_f_ssl, BIO_set_ssl, BIO_get_ssl, BIO_set_ssl_mode, +BIO_set_ssl_renegotiate_bytes, +BIO_get_num_renegotiates, BIO_set_ssl_renegotiate_timeout, BIO_new_ssl, +BIO_new_ssl_connect, BIO_new_buffer_ssl_connect, BIO_ssl_copy_session_id, +BIO_ssl_shutdown - SSL BIO

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bio.h>
+ #include <openssl/ssl.h>
    +
    + const BIO_METHOD *BIO_f_ssl(void);
    +
    + long BIO_set_ssl(BIO *b, SSL *ssl, long c);
+ long BIO_get_ssl(BIO *b, SSL **sslp);
+ long BIO_set_ssl_mode(BIO *b, long client);
+ long BIO_set_ssl_renegotiate_bytes(BIO *b, long num);
+ long BIO_set_ssl_renegotiate_timeout(BIO *b, long seconds);
+ long BIO_get_num_renegotiates(BIO *b);
    +
    + BIO *BIO_new_ssl(SSL_CTX *ctx, int client);
+ BIO *BIO_new_ssl_connect(SSL_CTX *ctx);
+ BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx);
+ int BIO_ssl_copy_session_id(BIO *to, BIO *from);
+ void BIO_ssl_shutdown(BIO *bio);
    +
    + long BIO_do_handshake(BIO *b);
    +

    +

    +
    +

    DESCRIPTION

    +

    BIO_f_ssl() returns the SSL BIO method. This is a filter BIO which +is a wrapper round the OpenSSL SSL routines adding a BIO "flavour" to +SSL I/O.

    +

    I/O performed on an SSL BIO communicates using the SSL protocol with +the SSLs read and write BIOs. If an SSL connection is not established +then an attempt is made to establish one on the first I/O call.

    +

    If a BIO is appended to an SSL BIO using BIO_push() it is automatically +used as the SSL BIOs read and write BIOs.

    +

    Calling BIO_reset() on an SSL BIO closes down any current SSL connection +by calling SSL_shutdown(). BIO_reset() is then sent to the next BIO in +the chain: this will typically disconnect the underlying transport. +The SSL BIO is then reset to the initial accept or connect state.

    +

    If the close flag is set when an SSL BIO is freed then the internal +SSL structure is also freed using SSL_free().

    +

    BIO_set_ssl() sets the internal SSL pointer of BIO b to ssl using +the close flag c.

    +

    BIO_get_ssl() retrieves the SSL pointer of BIO b, it can then be +manipulated using the standard SSL library functions.

    +

    BIO_set_ssl_mode() sets the SSL BIO mode to client. If client +is 1 client mode is set. If client is 0 server mode is set.

    +

    BIO_set_ssl_renegotiate_bytes() sets the renegotiate byte count +to num. When set after every num bytes of I/O (read and write) +the SSL session is automatically renegotiated. num must be at +least 512 bytes.

    +

    BIO_set_ssl_renegotiate_timeout() sets the renegotiate timeout to +seconds. When the renegotiate timeout elapses the session is +automatically renegotiated.

    +

    BIO_get_num_renegotiates() returns the total number of session +renegotiations due to I/O or timeout.

    +

    BIO_new_ssl() allocates an SSL BIO using SSL_CTX ctx and using +client mode if client is non zero.

    +

    BIO_new_ssl_connect() creates a new BIO chain consisting of an +SSL BIO (using ctx) followed by a connect BIO.

    +

    BIO_new_buffer_ssl_connect() creates a new BIO chain consisting +of a buffering BIO, an SSL BIO (using ctx) and a connect +BIO.

    +

    BIO_ssl_copy_session_id() copies an SSL session id between +BIO chains from and to. It does this by locating the +SSL BIOs in each chain and calling SSL_copy_session_id() on +the internal SSL pointer.

    +

    BIO_ssl_shutdown() closes down an SSL connection on BIO +chain bio. It does this by locating the SSL BIO in the +chain and calling SSL_shutdown() on its internal SSL +pointer.

    +

    BIO_do_handshake() attempts to complete an SSL handshake on the +supplied BIO and establish the SSL connection. It returns 1 +if the connection was established successfully. A zero or negative +value is returned if the connection could not be established, the +call BIO_should_retry() should be used for non blocking connect BIOs +to determine if the call should be retried. If an SSL connection has +already been established this call has no effect.

    +

    +

    +
    +

    NOTES

    +

    SSL BIOs are exceptional in that if the underlying transport +is non blocking they can still request a retry in exceptional +circumstances. Specifically this will happen if a session +renegotiation takes place during a BIO_read_ex() operation, one +case where this happens is when step up occurs.

    +

    The SSL flag SSL_AUTO_RETRY can be +set to disable this behaviour. That is when this flag is set +an SSL BIO using a blocking transport will never request a +retry.

    +

    Since unknown BIO_ctrl() operations are sent through filter +BIOs the servers name and port can be set using BIO_set_host() +on the BIO returned by BIO_new_ssl_connect() without having +to locate the connect BIO first.

    +

    Applications do not have to call BIO_do_handshake() but may wish +to do so to separate the handshake process from other I/O +processing.

    +

    BIO_set_ssl(), BIO_get_ssl(), BIO_set_ssl_mode(), +BIO_set_ssl_renegotiate_bytes(), BIO_set_ssl_renegotiate_timeout(), +BIO_get_num_renegotiates(), and BIO_do_handshake() are implemented as macros.

    +

    +

    +
    +

    RETURN VALUES

    +

    BIO_f_ssl() returns the SSL BIO_METHOD structure.

    +

    BIO_set_ssl(), BIO_get_ssl(), BIO_set_ssl_mode(), BIO_set_ssl_renegotiate_bytes(), +BIO_set_ssl_renegotiate_timeout() and BIO_get_num_renegotiates() return 1 on +success or a value which is less than or equal to 0 if an error occurred.

    +

    BIO_new_ssl(), BIO_new_ssl_connect() and BIO_new_buffer_ssl_connect() return +a valid BIO structure on success or NULL if an error occurred.

    +

    BIO_ssl_copy_session_id() returns 1 on success or 0 on error.

    +

    BIO_do_handshake() returns 1 if the connection was established successfully. +A zero or negative value is returned if the connection could not be established.

    +

    +

    +
    +

    EXAMPLES

    +

    This SSL/TLS client example attempts to retrieve a page from an +SSL/TLS web server. The I/O routines are identical to those of the +unencrypted example in BIO_s_connect(3).

    +
    + BIO *sbio, *out;
+ int len;
+ char tmpbuf[1024];
+ SSL_CTX *ctx;
+ SSL *ssl;
    +
    + /* XXX Seed the PRNG if needed. */
    +
    + ctx = SSL_CTX_new(TLS_client_method());
    +
    + /* XXX Set verify paths and mode here. */
    +
    + sbio = BIO_new_ssl_connect(ctx);
+ BIO_get_ssl(sbio, &ssl);
+ if (ssl == NULL) {
+     fprintf(stderr, "Can't locate SSL pointer\n");
+     ERR_print_errors_fp(stderr);
+     exit(1);
+ }
    +
    + /* Don't want any retries */
+ SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
    +
    + /* XXX We might want to do other things with ssl here */
    +
    + /* An empty host part means the loopback address */
+ BIO_set_conn_hostname(sbio, ":https");
    +
    + out = BIO_new_fp(stdout, BIO_NOCLOSE);
+ if (BIO_do_connect(sbio) <= 0) {
+     fprintf(stderr, "Error connecting to server\n");
+     ERR_print_errors_fp(stderr);
+     exit(1);
+ }
+ if (BIO_do_handshake(sbio) <= 0) {
+     fprintf(stderr, "Error establishing SSL connection\n");
+     ERR_print_errors_fp(stderr);
+     exit(1);
+ }
    +
    + /* XXX Could examine ssl here to get connection info */
    +
    + BIO_puts(sbio, "GET / HTTP/1.0\n\n");
+ for (;;) {
+     len = BIO_read(sbio, tmpbuf, 1024);
+     if (len <= 0)
+         break;
+     BIO_write(out, tmpbuf, len);
+ }
+ BIO_free_all(sbio);
+ BIO_free(out);
    +

    Here is a simple server example. It makes use of a buffering +BIO to allow lines to be read from the SSL BIO using BIO_gets. +It creates a pseudo web page containing the actual request from +a client and also echoes the request to standard output.

    +
    + BIO *sbio, *bbio, *acpt, *out;
+ int len;
+ char tmpbuf[1024];
+ SSL_CTX *ctx;
+ SSL *ssl;
    +
    + /* XXX Seed the PRNG if needed. */
    +
    + ctx = SSL_CTX_new(TLS_server_method());
+ if (!SSL_CTX_use_certificate_file(ctx, "server.pem", SSL_FILETYPE_PEM)
+         || !SSL_CTX_use_PrivateKey_file(ctx, "server.pem", SSL_FILETYPE_PEM)
+         || !SSL_CTX_check_private_key(ctx)) {
+     fprintf(stderr, "Error setting up SSL_CTX\n");
+     ERR_print_errors_fp(stderr);
+     exit(1);
+ }
    +
    + /* XXX Other things like set verify locations, EDH temp callbacks. */
    +
    + /* New SSL BIO setup as server */
+ sbio = BIO_new_ssl(ctx, 0);
+ BIO_get_ssl(sbio, &ssl);
+ if (ssl == NULL) {
+     fprintf(stderr, "Can't locate SSL pointer\n");
+     ERR_print_errors_fp(stderr);
+     exit(1);
+ }
    +
    + SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
+ bbio = BIO_new(BIO_f_buffer());
+ sbio = BIO_push(bbio, sbio);
+ acpt = BIO_new_accept("4433");
    +
    + /*
+  * By doing this when a new connection is established
+  * we automatically have sbio inserted into it. The
+  * BIO chain is now 'swallowed' by the accept BIO and
+  * will be freed when the accept BIO is freed.
+  */
+ BIO_set_accept_bios(acpt, sbio);
+ out = BIO_new_fp(stdout, BIO_NOCLOSE);
    +
    + /* Setup accept BIO */
+ if (BIO_do_accept(acpt) <= 0) {
+     fprintf(stderr, "Error setting up accept BIO\n");
+     ERR_print_errors_fp(stderr);
+     exit(1);
+ }
    +
    + /* We only want one connection so remove and free accept BIO */
+ sbio = BIO_pop(acpt);
+ BIO_free_all(acpt);
    +
    + if (BIO_do_handshake(sbio) <= 0) {
+     fprintf(stderr, "Error in SSL handshake\n");
+     ERR_print_errors_fp(stderr);
+     exit(1);
+ }
    +
    + BIO_puts(sbio, "HTTP/1.0 200 OK\r\nContent-type: text/plain\r\n\r\n");
+ BIO_puts(sbio, "\r\nConnection Established\r\nRequest headers:\r\n");
+ BIO_puts(sbio, "--------------------------------------------------\r\n");
    +
    + for (;;) {
+     len = BIO_gets(sbio, tmpbuf, 1024);
+     if (len <= 0)
+         break;
+     BIO_write(sbio, tmpbuf, len);
+     BIO_write(out, tmpbuf, len);
+     /* Look for blank line signifying end of headers*/
+     if (tmpbuf[0] == '\r' || tmpbuf[0] == '\n')
+         break;
+ }
    +
    + BIO_puts(sbio, "--------------------------------------------------\r\n");
+ BIO_puts(sbio, "\r\n");
+ BIO_flush(sbio);
+ BIO_free_all(sbio);
    +

    +

    +
    +

    HISTORY

    +

    In OpenSSL before 1.0.0 the BIO_pop() call was handled incorrectly, +the I/O BIO reference count was incorrectly incremented (instead of +decremented) and dissociated with the SSL BIO even if the SSL BIO was not +explicitly being popped (e.g. a pop higher up the chain). Applications which +included workarounds for this bug (e.g. freeing BIOs more than once) should +be modified to handle this fix or they may free up an already freed BIO.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/BIO_find_type.html b/linux_amd64/share/doc/openssl/html/man3/BIO_find_type.html new file mode 100755 index 0000000..fed88bc --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/BIO_find_type.html @@ -0,0 +1,100 @@ + + + + +BIO_find_type + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BIO_find_type, BIO_next, BIO_method_type - BIO chain traversal

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bio.h>
    +
    + BIO *BIO_find_type(BIO *b, int bio_type);
+ BIO *BIO_next(BIO *b);
+ int BIO_method_type(const BIO *b);
    +

    +

    +
    +

    DESCRIPTION

    +

    The BIO_find_type() searches for a BIO of a given type in a chain, starting +at BIO b. If type is a specific type (such as BIO_TYPE_MEM) then a search +is made for a BIO of that type. If type is a general type (such as +BIO_TYPE_SOURCE_SINK) then the next matching BIO of the given general type is +searched for. BIO_find_type() returns the next matching BIO or NULL if none is +found.

    +

    The following general types are defined: +BIO_TYPE_DESCRIPTOR, BIO_TYPE_FILTER, and BIO_TYPE_SOURCE_SINK.

    +

    For a list of the specific types, see the openssl/bio.h header file.

    +

    BIO_next() returns the next BIO in a chain. It can be used to traverse all BIOs +in a chain or used in conjunction with BIO_find_type() to find all BIOs of a +certain type.

    +

    BIO_method_type() returns the type of a BIO.

    +

    +

    +
    +

    RETURN VALUES

    +

    BIO_find_type() returns a matching BIO or NULL for no match.

    +

    BIO_next() returns the next BIO in a chain.

    +

    BIO_method_type() returns the type of the BIO b.

    +

    +

    +
    +

    EXAMPLES

    +

    Traverse a chain looking for digest BIOs:

    +
    + BIO *btmp;
    +
    + btmp = in_bio; /* in_bio is chain to search through */
+ do {
+     btmp = BIO_find_type(btmp, BIO_TYPE_MD);
+     if (btmp == NULL)
+         break; /* Not found */
+     /* btmp is a digest BIO, do something with it ...*/
+     ...
    +
    +     btmp = BIO_next(btmp);
+ } while (btmp);
    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/BIO_get_data.html b/linux_amd64/share/doc/openssl/html/man3/BIO_get_data.html new file mode 100755 index 0000000..668578b --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/BIO_get_data.html @@ -0,0 +1,99 @@ + + + + +BIO_get_data + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BIO_set_data, BIO_get_data, BIO_set_init, BIO_get_init, BIO_set_shutdown, +BIO_get_shutdown - functions for managing BIO state information

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bio.h>
    +
    + void BIO_set_data(BIO *a, void *ptr);
+ void *BIO_get_data(BIO *a);
+ void BIO_set_init(BIO *a, int init);
+ int BIO_get_init(BIO *a);
+ void BIO_set_shutdown(BIO *a, int shut);
+ int BIO_get_shutdown(BIO *a);
    +

    +

    +
    +

    DESCRIPTION

    +

    These functions are mainly useful when implementing a custom BIO.

    +

    The BIO_set_data() function associates the custom data pointed to by ptr with +the BIO. This data can subsequently be retrieved via a call to BIO_get_data(). +This can be used by custom BIOs for storing implementation specific information.

    +

    The BIO_set_init() function sets the value of the BIO's "init" flag to indicate +whether initialisation has been completed for this BIO or not. A nonzero value +indicates that initialisation is complete, whilst zero indicates that it is not. +Often initialisation will complete during initial construction of the BIO. For +some BIOs however, initialisation may not complete until after additional steps +have occurred (for example through calling custom ctrls). The BIO_get_init() +function returns the value of the "init" flag.

    +

    The BIO_set_shutdown() and BIO_get_shutdown() functions set and get the state of +this BIO's shutdown (i.e. BIO_CLOSE) flag. If set then the underlying resource +is also closed when the BIO is freed.

    +

    +

    +
    +

    RETURN VALUES

    +

    BIO_get_data() returns a pointer to the implementation specific custom data +associated with this BIO, or NULL if none has been set.

    +

    BIO_get_init() returns the state of the BIO's init flag.

    +

    BIO_get_shutdown() returns the stat of the BIO's shutdown (i.e. BIO_CLOSE) flag.

    +

    +

    +
    +

    SEE ALSO

    +

    bio(7), BIO_meth_new(3)

    +

    +

    +
    +

    HISTORY

    +

    The functions described here were added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/BIO_get_ex_new_index.html b/linux_amd64/share/doc/openssl/html/man3/BIO_get_ex_new_index.html new file mode 100755 index 0000000..927aebc --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/BIO_get_ex_new_index.html @@ -0,0 +1,124 @@ + + + + +BIO_get_ex_new_index + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BIO_get_ex_new_index, BIO_set_ex_data, BIO_get_ex_data, +BIO_set_app_data, BIO_get_app_data, +DH_get_ex_new_index, DH_set_ex_data, DH_get_ex_data, +DSA_get_ex_new_index, DSA_set_ex_data, DSA_get_ex_data, +ECDH_get_ex_new_index, ECDH_set_ex_data, ECDH_get_ex_data, +EC_KEY_get_ex_new_index, EC_KEY_set_ex_data, EC_KEY_get_ex_data, +ENGINE_get_ex_new_index, ENGINE_set_ex_data, ENGINE_get_ex_data, +RAND_DRBG_set_ex_data, RAND_DRBG_get_ex_data, RAND_DRBG_get_ex_new_index, +RSA_get_ex_new_index, RSA_set_ex_data, RSA_get_ex_data, +RSA_set_app_data, RSA_get_app_data, +SSL_get_ex_new_index, SSL_set_ex_data, SSL_get_ex_data, +SSL_set_app_data, SSL_get_app_data, +SSL_CTX_get_ex_new_index, SSL_CTX_set_ex_data, SSL_CTX_get_ex_data, +SSL_CTX_set_app_data, SSL_CTX_get_app_data, +SSL_SESSION_get_ex_new_index, SSL_SESSION_set_ex_data, SSL_SESSION_get_ex_data, +SSL_SESSION_set_app_data, SSL_SESSION_get_app_data, +UI_get_ex_new_index, UI_set_ex_data, UI_get_ex_data, +UI_set_app_data, UI_get_app_data, +X509_STORE_CTX_get_ex_new_index, X509_STORE_CTX_set_ex_data, X509_STORE_CTX_get_ex_data, +X509_STORE_CTX_set_app_data, X509_STORE_CTX_get_app_data, +X509_STORE_get_ex_new_index, X509_STORE_set_ex_data, X509_STORE_get_ex_data, +X509_get_ex_new_index, X509_set_ex_data, X509_get_ex_data +- application-specific data

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509.h>
    +
    + int TYPE_get_ex_new_index(long argl, void *argp,
+                           CRYPTO_EX_new *new_func,
+                           CRYPTO_EX_dup *dup_func,
+                           CRYPTO_EX_free *free_func);
    +
    + int TYPE_set_ex_data(TYPE *d, int idx, void *arg);
    +
    + void *TYPE_get_ex_data(TYPE *d, int idx);
    +
    + #define TYPE_set_app_data(TYPE *d, void *arg)
+ #define TYPE_get_app_data(TYPE *d)
    +

    +

    +
    +

    DESCRIPTION

    +

    In the description here, TYPE is used a placeholder +for any of the OpenSSL datatypes listed in +CRYPTO_get_ex_new_index(3).

    +

    These functions handle application-specific data for OpenSSL data +structures.

    +

    TYPE_get_new_ex_index() is a macro that calls CRYPTO_get_ex_new_index() +with the correct index value.

    +

    TYPE_set_ex_data() is a function that calls CRYPTO_set_ex_data() with +an offset into the opaque exdata part of the TYPE object.

    +

    TYPE_get_ex_data() is a function that calls CRYPTO_get_ex_data() with +an offset into the opaque exdata part of the TYPE object.

    +

    For compatibility with previous releases, the exdata index of zero is +reserved for "application data." There are two convenience functions for +this. +TYPE_set_app_data() is a macro that invokes TYPE_set_ex_data() with +idx set to zero. +TYPE_get_app_data() is a macro that invokes TYPE_get_ex_data() with +idx set to zero. +Note that these functions are not defined for the RAND_DRBG type because +there are no backward compatibility concerns.

    +

    +

    +
    +

    RETURN VALUES

    +

    TYPE_get_new_ex_index() returns a new index on success or -1 on error.

    +

    TYPE_set_ex_data() returns 1 on success or 0 on error.

    +

    TYPE_get_ex_data() returns the application data or NULL if an error occurred.

    +

    +

    +
    +

    SEE ALSO

    +

    CRYPTO_get_ex_new_index(3).

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/BIO_meth_new.html b/linux_amd64/share/doc/openssl/html/man3/BIO_meth_new.html new file mode 100755 index 0000000..2263809 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/BIO_meth_new.html @@ -0,0 +1,189 @@ + + + + +BIO_meth_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BIO_get_new_index, +BIO_meth_new, BIO_meth_free, BIO_meth_get_read_ex, BIO_meth_set_read_ex, +BIO_meth_get_write_ex, BIO_meth_set_write_ex, BIO_meth_get_write, +BIO_meth_set_write, BIO_meth_get_read, BIO_meth_set_read, BIO_meth_get_puts, +BIO_meth_set_puts, BIO_meth_get_gets, BIO_meth_set_gets, BIO_meth_get_ctrl, +BIO_meth_set_ctrl, BIO_meth_get_create, BIO_meth_set_create, +BIO_meth_get_destroy, BIO_meth_set_destroy, BIO_meth_get_callback_ctrl, +BIO_meth_set_callback_ctrl - Routines to build up BIO methods

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bio.h>
    +
    + int BIO_get_new_index(void);
    +
    + BIO_METHOD *BIO_meth_new(int type, const char *name);
    +
    + void BIO_meth_free(BIO_METHOD *biom);
    +
    + int (*BIO_meth_get_write_ex(const BIO_METHOD *biom))(BIO *, const char *, size_t,
+                                                size_t *);
+ int (*BIO_meth_get_write(const BIO_METHOD *biom))(BIO *, const char *, int);
+ int BIO_meth_set_write_ex(BIO_METHOD *biom,
+                           int (*bwrite)(BIO *, const char *, size_t, size_t *));
+ int BIO_meth_set_write(BIO_METHOD *biom,
+                        int (*write)(BIO *, const char *, int));
    +
    + int (*BIO_meth_get_read_ex(const BIO_METHOD *biom))(BIO *, char *, size_t, size_t *);
+ int (*BIO_meth_get_read(const BIO_METHOD *biom))(BIO *, char *, int);
+ int BIO_meth_set_read_ex(BIO_METHOD *biom,
+                          int (*bread)(BIO *, char *, size_t, size_t *));
+ int BIO_meth_set_read(BIO_METHOD *biom, int (*read)(BIO *, char *, int));
    +
    + int (*BIO_meth_get_puts(const BIO_METHOD *biom))(BIO *, const char *);
+ int BIO_meth_set_puts(BIO_METHOD *biom, int (*puts)(BIO *, const char *));
    +
    + int (*BIO_meth_get_gets(const BIO_METHOD *biom))(BIO *, char *, int);
+ int BIO_meth_set_gets(BIO_METHOD *biom,
+                       int (*gets)(BIO *, char *, int));
    +
    + long (*BIO_meth_get_ctrl(const BIO_METHOD *biom))(BIO *, int, long, void *);
+ int BIO_meth_set_ctrl(BIO_METHOD *biom,
+                       long (*ctrl)(BIO *, int, long, void *));
    +
    + int (*BIO_meth_get_create(const BIO_METHOD *bion))(BIO *);
+ int BIO_meth_set_create(BIO_METHOD *biom, int (*create)(BIO *));
    +
    + int (*BIO_meth_get_destroy(const BIO_METHOD *biom))(BIO *);
+ int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy)(BIO *));
    +
    + long (*BIO_meth_get_callback_ctrl(const BIO_METHOD *biom))(BIO *, int, BIO_info_cb *);
+ int BIO_meth_set_callback_ctrl(BIO_METHOD *biom,
+                                long (*callback_ctrl)(BIO *, int, BIO_info_cb *));
    +

    +

    +
    +

    DESCRIPTION

    +

    The BIO_METHOD type is a structure used for the implementation of new BIO +types. It provides a set of functions used by OpenSSL for the implementation +of the various BIO capabilities. See the bio(7) page for more information.

    +

    BIO_meth_new() creates a new BIO_METHOD structure. It should be given a +unique integer type and a string that represents its name. +Use BIO_get_new_index() to get the value for type.

    +

    The set of +standard OpenSSL provided BIO types is provided in bio.h. Some examples +include BIO_TYPE_BUFFER and BIO_TYPE_CIPHER. Filter BIOs should have a +type which have the "filter" bit set (BIO_TYPE_FILTER). Source/sink BIOs +should have the "source/sink" bit set (BIO_TYPE_SOURCE_SINK). File descriptor +based BIOs (e.g. socket, fd, connect, accept etc) should additionally have the +"descriptor" bit set (BIO_TYPE_DESCRIPTOR). See the BIO_find_type(3) page for +more information.

    +

    BIO_meth_free() destroys a BIO_METHOD structure and frees up any memory +associated with it.

    +

    BIO_meth_get_write_ex() and BIO_meth_set_write_ex() get and set the function +used for writing arbitrary length data to the BIO respectively. This function +will be called in response to the application calling BIO_write_ex() or +BIO_write(). The parameters for the function have the same meaning as for +BIO_write_ex(). Older code may call BIO_meth_get_write() and +BIO_meth_set_write() instead. Applications should not call both +BIO_meth_set_write_ex() and BIO_meth_set_write() or call BIO_meth_get_write() +when the function was set with BIO_meth_set_write_ex().

    +

    BIO_meth_get_read_ex() and BIO_meth_set_read_ex() get and set the function used +for reading arbitrary length data from the BIO respectively. This function will +be called in response to the application calling BIO_read_ex() or BIO_read(). +The parameters for the function have the same meaning as for BIO_read_ex(). +Older code may call BIO_meth_get_read() and BIO_meth_set_read() instead. +Applications should not call both BIO_meth_set_read_ex() and BIO_meth_set_read() +or call BIO_meth_get_read() when the function was set with +BIO_meth_set_read_ex().

    +

    BIO_meth_get_puts() and BIO_meth_set_puts() get and set the function used for +writing a NULL terminated string to the BIO respectively. This function will be +called in response to the application calling BIO_puts(). The parameters for +the function have the same meaning as for BIO_puts().

    +

    BIO_meth_get_gets() and BIO_meth_set_gets() get and set the function typically +used for reading a line of data from the BIO respectively (see the BIO_gets(3) +page for more information). This function will be called in response to the +application calling BIO_gets(). The parameters for the function have the same +meaning as for BIO_gets().

    +

    BIO_meth_get_ctrl() and BIO_meth_set_ctrl() get and set the function used for +processing ctrl messages in the BIO respectively. See the BIO_ctrl(3) page for +more information. This function will be called in response to the application +calling BIO_ctrl(). The parameters for the function have the same meaning as for +BIO_ctrl().

    +

    BIO_meth_get_create() and BIO_meth_set_create() get and set the function used +for creating a new instance of the BIO respectively. This function will be +called in response to the application calling BIO_new() and passing +in a pointer to the current BIO_METHOD. The BIO_new() function will allocate the +memory for the new BIO, and a pointer to this newly allocated structure will +be passed as a parameter to the function.

    +

    BIO_meth_get_destroy() and BIO_meth_set_destroy() get and set the function used +for destroying an instance of a BIO respectively. This function will be +called in response to the application calling BIO_free(). A pointer to the BIO +to be destroyed is passed as a parameter. The destroy function should be used +for BIO specific clean up. The memory for the BIO itself should not be freed by +this function.

    +

    BIO_meth_get_callback_ctrl() and BIO_meth_set_callback_ctrl() get and set the +function used for processing callback ctrl messages in the BIO respectively. See +the BIO_callback_ctrl(3) page for more information. This function will be called +in response to the application calling BIO_callback_ctrl(). The parameters for +the function have the same meaning as for BIO_callback_ctrl().

    +

    +

    +
    +

    RETURN VALUES

    +

    BIO_get_new_index() returns the new BIO type value or -1 if an error occurred.

    +

    BIO_meth_new(int type, const char *name) returns a valid BIO_METHOD or NULL +if an error occurred.

    +

    The BIO_meth_set functions return 1 on success or 0 on error.

    +

    The BIO_meth_get functions return the corresponding function pointers.

    +

    +

    +
    +

    SEE ALSO

    +

    bio(7), BIO_find_type(3), BIO_ctrl(3), BIO_read_ex(3), BIO_new(3)

    +

    +

    +
    +

    HISTORY

    +

    The functions described here were added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/BIO_new.html b/linux_amd64/share/doc/openssl/html/man3/BIO_new.html new file mode 100755 index 0000000..4dff444 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/BIO_new.html @@ -0,0 +1,106 @@ + + + + +BIO_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BIO_new, BIO_up_ref, BIO_free, BIO_vfree, BIO_free_all +- BIO allocation and freeing functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bio.h>
    +
    + BIO *  BIO_new(const BIO_METHOD *type);
+ int    BIO_up_ref(BIO *a);
+ int    BIO_free(BIO *a);
+ void   BIO_vfree(BIO *a);
+ void   BIO_free_all(BIO *a);
    +

    +

    +
    +

    DESCRIPTION

    +

    The BIO_new() function returns a new BIO using method type.

    +

    BIO_up_ref() increments the reference count associated with the BIO object.

    +

    BIO_free() frees up a single BIO, BIO_vfree() also frees up a single BIO +but it does not return a value. +If a is NULL nothing is done. +Calling BIO_free() may also have some effect +on the underlying I/O structure, for example it may close the file being +referred to under certain circumstances. For more details see the individual +BIO_METHOD descriptions.

    +

    BIO_free_all() frees up an entire BIO chain, it does not halt if an error +occurs freeing up an individual BIO in the chain. +If a is NULL nothing is done.

    +

    +

    +
    +

    RETURN VALUES

    +

    BIO_new() returns a newly created BIO or NULL if the call fails.

    +

    BIO_up_ref() and BIO_free() return 1 for success and 0 for failure.

    +

    BIO_free_all() and BIO_vfree() do not return values.

    +

    +

    +
    +

    NOTES

    +

    If BIO_free() is called on a BIO chain it will only free one BIO resulting +in a memory leak.

    +

    Calling BIO_free_all() on a single BIO has the same effect as calling BIO_free() +on it other than the discarded return value.

    +

    +

    +
    +

    HISTORY

    +

    BIO_set() was removed in OpenSSL 1.1.0 as BIO type is now opaque.

    +

    +

    +
    +

    EXAMPLES

    +

    Create a memory BIO:

    +
    + BIO *mem = BIO_new(BIO_s_mem());
    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/BIO_new_CMS.html b/linux_amd64/share/doc/openssl/html/man3/BIO_new_CMS.html new file mode 100755 index 0000000..f150a9f --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/BIO_new_CMS.html @@ -0,0 +1,113 @@ + + + + +BIO_new_CMS + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BIO_new_CMS - CMS streaming filter BIO

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/cms.h>
    +
    + BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms);
    +

    +

    +
    +

    DESCRIPTION

    +

    BIO_new_CMS() returns a streaming filter BIO chain based on cms. The output +of the filter is written to out. Any data written to the chain is +automatically translated to a BER format CMS structure of the appropriate type.

    +

    +

    +
    +

    NOTES

    +

    The chain returned by this function behaves like a standard filter BIO. It +supports non blocking I/O. Content is processed and streamed on the fly and not +all held in memory at once: so it is possible to encode very large structures. +After all content has been written through the chain BIO_flush() must be called +to finalise the structure.

    +

    The CMS_STREAM flag must be included in the corresponding flags +parameter of the cms creation function.

    +

    If an application wishes to write additional data to out BIOs should be +removed from the chain using BIO_pop() and freed with BIO_free() until out +is reached. If no additional data needs to be written BIO_free_all() can be +called to free up the whole chain.

    +

    Any content written through the filter is used verbatim: no canonical +translation is performed.

    +

    It is possible to chain multiple BIOs to, for example, create a triple wrapped +signed, enveloped, signed structure. In this case it is the applications +responsibility to set the inner content type of any outer CMS_ContentInfo +structures.

    +

    Large numbers of small writes through the chain should be avoided as this will +produce an output consisting of lots of OCTET STRING structures. Prepending +a BIO_f_buffer() buffering BIO will prevent this.

    +

    +

    +
    +

    BUGS

    +

    There is currently no corresponding inverse BIO: i.e. one which can decode +a CMS structure on the fly.

    +

    +

    +
    +

    RETURN VALUES

    +

    BIO_new_CMS() returns a BIO chain when successful or NULL if an error +occurred. The error can be obtained from ERR_get_error(3).

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), CMS_sign(3), +CMS_encrypt(3)

    +

    +

    +
    +

    HISTORY

    +

    The BIO_new_CMS() function was added in OpenSSL 1.0.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/BIO_parse_hostserv.html b/linux_amd64/share/doc/openssl/html/man3/BIO_parse_hostserv.html new file mode 100755 index 0000000..82ac841 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/BIO_parse_hostserv.html @@ -0,0 +1,111 @@ + + + + +BIO_parse_hostserv + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BIO_hostserv_priorities, +BIO_parse_hostserv +- utility routines to parse a standard host and service string

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bio.h>
    +
    + enum BIO_hostserv_priorities {
+     BIO_PARSE_PRIO_HOST, BIO_PARSE_PRIO_SERV
+ };
+ int BIO_parse_hostserv(const char *hostserv, char **host, char **service,
+                        enum BIO_hostserv_priorities hostserv_prio);
    +

    +

    +
    +

    DESCRIPTION

    +

    BIO_parse_hostserv() will parse the information given in hostserv, +create strings with the hostname and service name and give those +back via host and service. Those will need to be freed after +they are used. hostserv_prio helps determine if hostserv shall +be interpreted primarily as a hostname or a service name in ambiguous +cases.

    +

    The syntax the BIO_parse_hostserv() recognises is:

    +
    + host + ':' + service
+ host + ':' + '*'
+ host + ':'
+        ':' + service
+ '*'  + ':' + service
+ host
+ service
    +

    The host part can be a name or an IP address. If it's a IPv6 +address, it MUST be enclosed in brackets, such as '[::1]'.

    +

    The service part can be a service name or its port number.

    +

    The returned values will depend on the given hostserv string +and hostserv_prio, as follows:

    +
    + host + ':' + service  => *host = "host", *service = "service"
+ host + ':' + '*'      => *host = "host", *service = NULL
+ host + ':'            => *host = "host", *service = NULL
+        ':' + service  => *host = NULL, *service = "service"
+  '*' + ':' + service  => *host = NULL, *service = "service"
    +
    + in case no ':' is present in the string, the result depends on
+ hostserv_prio, as follows:
    +
    + when hostserv_prio == BIO_PARSE_PRIO_HOST
+ host                 => *host = "host", *service untouched
    +
    + when hostserv_prio == BIO_PARSE_PRIO_SERV
+ service              => *host untouched, *service = "service"
    +

    +

    +
    +

    RETURN VALUES

    +

    BIO_parse_hostserv() returns 1 on success or 0 on error.

    +

    +

    +
    +

    SEE ALSO

    +

    BIO_ADDRINFO(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/BIO_printf.html b/linux_amd64/share/doc/openssl/html/man3/BIO_printf.html new file mode 100755 index 0000000..cd3bd53 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/BIO_printf.html @@ -0,0 +1,82 @@ + + + + +BIO_printf + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    BIO_printf, BIO_vprintf, BIO_snprintf, BIO_vsnprintf +- formatted output to a BIO

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bio.h>
    +
    + int BIO_printf(BIO *bio, const char *format, ...)
+ int BIO_vprintf(BIO *bio, const char *format, va_list args)
    +
    + int BIO_snprintf(char *buf, size_t n, const char *format, ...)
+ int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
    +

    +

    +
    +

    DESCRIPTION

    +

    BIO_printf() is similar to the standard C printf() function, except that +the output is sent to the specified BIO, bio, rather than standard +output. All common format specifiers are supported.

    +

    BIO_vprintf() is similar to the vprintf() function found on many platforms, +the output is sent to the specified BIO, bio, rather than standard +output. All common format specifiers are supported. The argument +list args is a stdarg argument list.

    +

    BIO_snprintf() is for platforms that do not have the common snprintf() +function. It is like sprintf() except that the size parameter, n, +specifies the size of the output buffer.

    +

    BIO_vsnprintf() is to BIO_snprintf() as BIO_vprintf() is to BIO_printf().

    +

    +

    +
    +

    RETURN VALUES

    +

    All functions return the number of bytes written, or -1 on error. +For BIO_snprintf() and BIO_vsnprintf() this includes when the output +buffer is too small.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/BIO_push.html b/linux_amd64/share/doc/openssl/html/man3/BIO_push.html new file mode 100755 index 0000000..0ebe8f8 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/BIO_push.html @@ -0,0 +1,123 @@ + + + + +BIO_push + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BIO_push, BIO_pop, BIO_set_next - add and remove BIOs from a chain

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bio.h>
    +
    + BIO *BIO_push(BIO *b, BIO *append);
+ BIO *BIO_pop(BIO *b);
+ void BIO_set_next(BIO *b, BIO *next);
    +

    +

    +
    +

    DESCRIPTION

    +

    The BIO_push() function appends the BIO append to b, it returns +b.

    +

    BIO_pop() removes the BIO b from a chain and returns the next BIO +in the chain, or NULL if there is no next BIO. The removed BIO then +becomes a single BIO with no association with the original chain, +it can thus be freed or attached to a different chain.

    +

    BIO_set_next() replaces the existing next BIO in a chain with the BIO pointed to +by next. The new chain may include some of the same BIOs from the old chain +or it may be completely different.

    +

    +

    +
    +

    NOTES

    +

    The names of these functions are perhaps a little misleading. BIO_push() +joins two BIO chains whereas BIO_pop() deletes a single BIO from a chain, +the deleted BIO does not need to be at the end of a chain.

    +

    The process of calling BIO_push() and BIO_pop() on a BIO may have additional +consequences (a control call is made to the affected BIOs) any effects will +be noted in the descriptions of individual BIOs.

    +

    +

    +
    +

    RETURN VALUES

    +

    BIO_push() returns the end of the chain, b.

    +

    BIO_pop() returns the next BIO in the chain, or NULL if there is no next +BIO.

    +

    +

    +
    +

    EXAMPLES

    +

    For these examples suppose md1 and md2 are digest BIOs, b64 is +a base64 BIO and f is a file BIO.

    +

    If the call:

    +
    + BIO_push(b64, f);
    +

    is made then the new chain will be b64-f. After making the calls

    +
    + BIO_push(md2, b64);
+ BIO_push(md1, md2);
    +

    the new chain is md1-md2-b64-f. Data written to md1 will be digested +by md1 and md2, base64 encoded and written to f.

    +

    It should be noted that reading causes data to pass in the reverse +direction, that is data is read from f, base64 decoded and digested +by md1 and md2. If the call:

    +
    + BIO_pop(md2);
    +

    The call will return b64 and the new chain will be md1-b64-f data can +be written to md1 as before.

    +

    +

    +
    +

    SEE ALSO

    +

    bio(7)

    +

    +

    +
    +

    HISTORY

    +

    The BIO_set_next() function was added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/BIO_read.html b/linux_amd64/share/doc/openssl/html/man3/BIO_read.html new file mode 100755 index 0000000..9da038e --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/BIO_read.html @@ -0,0 +1,129 @@ + + + + +BIO_read + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BIO_read_ex, BIO_write_ex, BIO_read, BIO_write, BIO_gets, BIO_puts +- BIO I/O functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bio.h>
    +
    + int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes);
+ int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written);
    +
    + int BIO_read(BIO *b, void *data, int dlen);
+ int BIO_gets(BIO *b, char *buf, int size);
+ int BIO_write(BIO *b, const void *data, int dlen);
+ int BIO_puts(BIO *b, const char *buf);
    +

    +

    +
    +

    DESCRIPTION

    +

    BIO_read_ex() attempts to read dlen bytes from BIO b and places the data +in data. If any bytes were successfully read then the number of bytes read is +stored in *readbytes.

    +

    BIO_write_ex() attempts to write dlen bytes from data to BIO b. If +successful then the number of bytes written is stored in *written.

    +

    BIO_read() attempts to read len bytes from BIO b and places +the data in buf.

    +

    BIO_gets() performs the BIOs "gets" operation and places the data +in buf. Usually this operation will attempt to read a line of data +from the BIO of maximum length size-1. There are exceptions to this, +however; for example, BIO_gets() on a digest BIO will calculate and +return the digest and other BIOs may not support BIO_gets() at all. +The returned string is always NUL-terminated and the '\n' is preserved +if present in the input data.

    +

    BIO_write() attempts to write len bytes from buf to BIO b.

    +

    BIO_puts() attempts to write a NUL-terminated string buf to BIO b.

    +

    +

    +
    +

    RETURN VALUES

    +

    BIO_read_ex() and BIO_write_ex() return 1 if data was successfully read or +written, and 0 otherwise.

    +

    All other functions return either the amount of data successfully read or +written (if the return value is positive) or that no data was successfully +read or written if the result is 0 or -1. If the return value is -2 then +the operation is not implemented in the specific BIO type. The trailing +NUL is not included in the length returned by BIO_gets().

    +

    +

    +
    +

    NOTES

    +

    A 0 or -1 return is not necessarily an indication of an error. In +particular when the source/sink is non-blocking or of a certain type +it may merely be an indication that no data is currently available and that +the application should retry the operation later.

    +

    One technique sometimes used with blocking sockets is to use a system call +(such as select(), poll() or equivalent) to determine when data is available +and then call read() to read the data. The equivalent with BIOs (that is call +select() on the underlying I/O structure and then call BIO_read() to +read the data) should not be used because a single call to BIO_read() +can cause several reads (and writes in the case of SSL BIOs) on the underlying +I/O structure and may block as a result. Instead select() (or equivalent) +should be combined with non blocking I/O so successive reads will request +a retry instead of blocking.

    +

    See BIO_should_retry(3) for details of how to +determine the cause of a retry and other I/O issues.

    +

    If the BIO_gets() function is not supported by a BIO then it possible to +work around this by adding a buffering BIO BIO_f_buffer(3) +to the chain.

    +

    +

    +
    +

    SEE ALSO

    +

    BIO_should_retry(3)

    +

    +

    +
    +

    HISTORY

    +

    BIO_gets() on 1.1.0 and older when called on BIO_fd() based BIO does not +keep the '\n' at the end of the line in the buffer.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/BIO_s_accept.html b/linux_amd64/share/doc/openssl/html/man3/BIO_s_accept.html new file mode 100755 index 0000000..214105f --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/BIO_s_accept.html @@ -0,0 +1,249 @@ + + + + +BIO_s_accept + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BIO_s_accept, BIO_set_accept_name, BIO_set_accept_port, BIO_get_accept_name, +BIO_get_accept_port, BIO_new_accept, BIO_set_nbio_accept, BIO_set_accept_bios, +BIO_get_peer_name, BIO_get_peer_port, +BIO_get_accept_ip_family, BIO_set_accept_ip_family, +BIO_set_bind_mode, BIO_get_bind_mode, BIO_do_accept - accept BIO

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bio.h>
    +
    + const BIO_METHOD *BIO_s_accept(void);
    +
    + long BIO_set_accept_name(BIO *b, char *name);
+ char *BIO_get_accept_name(BIO *b);
    +
    + long BIO_set_accept_port(BIO *b, char *port);
+ char *BIO_get_accept_port(BIO *b);
    +
    + BIO *BIO_new_accept(char *host_port);
    +
    + long BIO_set_nbio_accept(BIO *b, int n);
+ long BIO_set_accept_bios(BIO *b, char *bio);
    +
    + char *BIO_get_peer_name(BIO *b);
+ char *BIO_get_peer_port(BIO *b);
+ long BIO_get_accept_ip_family(BIO *b);
+ long BIO_set_accept_ip_family(BIO *b, long family);
    +
    + long BIO_set_bind_mode(BIO *b, long mode);
+ long BIO_get_bind_mode(BIO *b);
    +
    + int BIO_do_accept(BIO *b);
    +

    +

    +
    +

    DESCRIPTION

    +

    BIO_s_accept() returns the accept BIO method. This is a wrapper +round the platform's TCP/IP socket accept routines.

    +

    Using accept BIOs, TCP/IP connections can be accepted and data +transferred using only BIO routines. In this way any platform +specific operations are hidden by the BIO abstraction.

    +

    Read and write operations on an accept BIO will perform I/O +on the underlying connection. If no connection is established +and the port (see below) is set up properly then the BIO +waits for an incoming connection.

    +

    Accept BIOs support BIO_puts() but not BIO_gets().

    +

    If the close flag is set on an accept BIO then any active +connection on that chain is shutdown and the socket closed when +the BIO is freed.

    +

    Calling BIO_reset() on an accept BIO will close any active +connection and reset the BIO into a state where it awaits another +incoming connection.

    +

    BIO_get_fd() and BIO_set_fd() can be called to retrieve or set +the accept socket. See BIO_s_fd(3)

    +

    BIO_set_accept_name() uses the string name to set the accept +name. The name is represented as a string of the form "host:port", +where "host" is the interface to use and "port" is the port. +The host can be "*" or empty which is interpreted as meaning +any interface. If the host is an IPv6 address, it has to be +enclosed in brackets, for example "[::1]:https". "port" has the +same syntax as the port specified in BIO_set_conn_port() for +connect BIOs, that is it can be a numerical port string or a +string to lookup using getservbyname() and a string table.

    +

    BIO_set_accept_port() uses the string port to set the accept +port. "port" has the same syntax as the port specified in +BIO_set_conn_port() for connect BIOs, that is it can be a numerical +port string or a string to lookup using getservbyname() and a string +table.

    +

    BIO_new_accept() combines BIO_new() and BIO_set_accept_name() into +a single call: that is it creates a new accept BIO with port +host_port.

    +

    BIO_set_nbio_accept() sets the accept socket to blocking mode +(the default) if n is 0 or non blocking mode if n is 1.

    +

    BIO_set_accept_bios() can be used to set a chain of BIOs which +will be duplicated and prepended to the chain when an incoming +connection is received. This is useful if, for example, a +buffering or SSL BIO is required for each connection. The +chain of BIOs must not be freed after this call, they will +be automatically freed when the accept BIO is freed.

    +

    BIO_set_bind_mode() and BIO_get_bind_mode() set and retrieve +the current bind mode. If BIO_BIND_NORMAL (the default) is set +then another socket cannot be bound to the same port. If +BIO_BIND_REUSEADDR is set then other sockets can bind to the +same port. If BIO_BIND_REUSEADDR_IF_UNUSED is set then and +attempt is first made to use BIO_BIN_NORMAL, if this fails +and the port is not in use then a second attempt is made +using BIO_BIND_REUSEADDR.

    +

    BIO_do_accept() serves two functions. When it is first +called, after the accept BIO has been setup, it will attempt +to create the accept socket and bind an address to it. Second +and subsequent calls to BIO_do_accept() will await an incoming +connection, or request a retry in non blocking mode.

    +

    +

    +
    +

    NOTES

    +

    When an accept BIO is at the end of a chain it will await an +incoming connection before processing I/O calls. When an accept +BIO is not at then end of a chain it passes I/O calls to the next +BIO in the chain.

    +

    When a connection is established a new socket BIO is created for +the connection and appended to the chain. That is the chain is now +accept->socket. This effectively means that attempting I/O on +an initial accept socket will await an incoming connection then +perform I/O on it.

    +

    If any additional BIOs have been set using BIO_set_accept_bios() +then they are placed between the socket and the accept BIO, +that is the chain will be accept->otherbios->socket.

    +

    If a server wishes to process multiple connections (as is normally +the case) then the accept BIO must be made available for further +incoming connections. This can be done by waiting for a connection and +then calling:

    +
    + connection = BIO_pop(accept);
    +

    After this call connection will contain a BIO for the recently +established connection and accept will now be a single BIO +again which can be used to await further incoming connections. +If no further connections will be accepted the accept can +be freed using BIO_free().

    +

    If only a single connection will be processed it is possible to +perform I/O using the accept BIO itself. This is often undesirable +however because the accept BIO will still accept additional incoming +connections. This can be resolved by using BIO_pop() (see above) +and freeing up the accept BIO after the initial connection.

    +

    If the underlying accept socket is non-blocking and BIO_do_accept() is +called to await an incoming connection it is possible for +BIO_should_io_special() with the reason BIO_RR_ACCEPT. If this happens +then it is an indication that an accept attempt would block: the application +should take appropriate action to wait until the underlying socket has +accepted a connection and retry the call.

    +

    BIO_set_accept_name(), BIO_get_accept_name(), BIO_set_accept_port(), +BIO_get_accept_port(), BIO_set_nbio_accept(), BIO_set_accept_bios(), +BIO_get_peer_name(), BIO_get_peer_port(), +BIO_get_accept_ip_family(), BIO_set_accept_ip_family(), +BIO_set_bind_mode(), BIO_get_bind_mode() and BIO_do_accept() are macros.

    +

    +

    +
    +

    RETURN VALUES

    +

    BIO_do_accept(), +BIO_set_accept_name(), BIO_set_accept_port(), BIO_set_nbio_accept(), +BIO_set_accept_bios(), BIO_set_accept_ip_family(), and BIO_set_bind_mode() +return 1 for success and 0 or -1 for failure.

    +

    BIO_get_accept_name() returns the accept name or NULL on error. +BIO_get_peer_name() returns the peer name or NULL on error.

    +

    BIO_get_accept_port() returns the accept port as a string or NULL on error. +BIO_get_peer_port() returns the peer port as a string or NULL on error. +BIO_get_accept_ip_family() returns the IP family or -1 on error.

    +

    BIO_get_bind_mode() returns the set of BIO_BIND flags, or -1 on failure.

    +

    BIO_new_accept() returns a BIO or NULL on error.

    +

    +

    +
    +

    EXAMPLES

    +

    This example accepts two connections on port 4444, sends messages +down each and finally closes both down.

    +
    + BIO *abio, *cbio, *cbio2;
    +
    + /* First call to BIO_accept() sets up accept BIO */
+ abio = BIO_new_accept("4444");
+ if (BIO_do_accept(abio) <= 0) {
+     fprintf(stderr, "Error setting up accept\n");
+     ERR_print_errors_fp(stderr);
+     exit(1);
+ }
    +
    + /* Wait for incoming connection */
+ if (BIO_do_accept(abio) <= 0) {
+     fprintf(stderr, "Error accepting connection\n");
+     ERR_print_errors_fp(stderr);
+     exit(1);
+ }
+ fprintf(stderr, "Connection 1 established\n");
    +
    + /* Retrieve BIO for connection */
+ cbio = BIO_pop(abio);
+ BIO_puts(cbio, "Connection 1: Sending out Data on initial connection\n");
+ fprintf(stderr, "Sent out data on connection 1\n");
    +
    + /* Wait for another connection */
+ if (BIO_do_accept(abio) <= 0) {
+     fprintf(stderr, "Error accepting connection\n");
+     ERR_print_errors_fp(stderr);
+     exit(1);
+ }
+ fprintf(stderr, "Connection 2 established\n");
    +
    + /* Close accept BIO to refuse further connections */
+ cbio2 = BIO_pop(abio);
+ BIO_free(abio);
+ BIO_puts(cbio2, "Connection 2: Sending out Data on second\n");
+ fprintf(stderr, "Sent out data on connection 2\n");
    +
    + BIO_puts(cbio, "Connection 1: Second connection established\n");
    +
    + /* Close the two established connections */
+ BIO_free(cbio);
+ BIO_free(cbio2);
    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/BIO_s_bio.html b/linux_amd64/share/doc/openssl/html/man3/BIO_s_bio.html new file mode 100755 index 0000000..be47a61 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/BIO_s_bio.html @@ -0,0 +1,222 @@ + + + + +BIO_s_bio + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BIO_s_bio, BIO_make_bio_pair, BIO_destroy_bio_pair, BIO_shutdown_wr, +BIO_set_write_buf_size, BIO_get_write_buf_size, BIO_new_bio_pair, +BIO_get_write_guarantee, BIO_ctrl_get_write_guarantee, BIO_get_read_request, +BIO_ctrl_get_read_request, BIO_ctrl_reset_read_request - BIO pair BIO

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bio.h>
    +
    + const BIO_METHOD *BIO_s_bio(void);
    +
    + int BIO_make_bio_pair(BIO *b1, BIO *b2);
+ int BIO_destroy_bio_pair(BIO *b);
+ int BIO_shutdown_wr(BIO *b);
    +
    + int BIO_set_write_buf_size(BIO *b, long size);
+ size_t BIO_get_write_buf_size(BIO *b, long size);
    +
    + int BIO_new_bio_pair(BIO **bio1, size_t writebuf1, BIO **bio2, size_t writebuf2);
    +
    + int BIO_get_write_guarantee(BIO *b);
+ size_t BIO_ctrl_get_write_guarantee(BIO *b);
+ int BIO_get_read_request(BIO *b);
+ size_t BIO_ctrl_get_read_request(BIO *b);
+ int BIO_ctrl_reset_read_request(BIO *b);
    +

    +

    +
    +

    DESCRIPTION

    +

    BIO_s_bio() returns the method for a BIO pair. A BIO pair is a pair of source/sink +BIOs where data written to either half of the pair is buffered and can be read from +the other half. Both halves must usually by handled by the same application thread +since no locking is done on the internal data structures.

    +

    Since BIO chains typically end in a source/sink BIO it is possible to make this +one half of a BIO pair and have all the data processed by the chain under application +control.

    +

    One typical use of BIO pairs is to place TLS/SSL I/O under application control, this +can be used when the application wishes to use a non standard transport for +TLS/SSL or the normal socket routines are inappropriate.

    +

    Calls to BIO_read_ex() will read data from the buffer or request a retry if no +data is available.

    +

    Calls to BIO_write_ex() will place data in the buffer or request a retry if the +buffer is full.

    +

    The standard calls BIO_ctrl_pending() and BIO_ctrl_wpending() can be used to +determine the amount of pending data in the read or write buffer.

    +

    BIO_reset() clears any data in the write buffer.

    +

    BIO_make_bio_pair() joins two separate BIOs into a connected pair.

    +

    BIO_destroy_pair() destroys the association between two connected BIOs. Freeing +up any half of the pair will automatically destroy the association.

    +

    BIO_shutdown_wr() is used to close down a BIO b. After this call no further +writes on BIO b are allowed (they will return an error). Reads on the other +half of the pair will return any pending data or EOF when all pending data has +been read.

    +

    BIO_set_write_buf_size() sets the write buffer size of BIO b to size. +If the size is not initialized a default value is used. This is currently +17K, sufficient for a maximum size TLS record.

    +

    BIO_get_write_buf_size() returns the size of the write buffer.

    +

    BIO_new_bio_pair() combines the calls to BIO_new(), BIO_make_bio_pair() and +BIO_set_write_buf_size() to create a connected pair of BIOs bio1, bio2 +with write buffer sizes writebuf1 and writebuf2. If either size is +zero then the default size is used. BIO_new_bio_pair() does not check whether +bio1 or bio2 do point to some other BIO, the values are overwritten, +BIO_free() is not called.

    +

    BIO_get_write_guarantee() and BIO_ctrl_get_write_guarantee() return the maximum +length of data that can be currently written to the BIO. Writes larger than this +value will return a value from BIO_write_ex() less than the amount requested or +if the buffer is full request a retry. BIO_ctrl_get_write_guarantee() is a +function whereas BIO_get_write_guarantee() is a macro.

    +

    BIO_get_read_request() and BIO_ctrl_get_read_request() return the +amount of data requested, or the buffer size if it is less, if the +last read attempt at the other half of the BIO pair failed due to an +empty buffer. This can be used to determine how much data should be +written to the BIO so the next read will succeed: this is most useful +in TLS/SSL applications where the amount of data read is usually +meaningful rather than just a buffer size. After a successful read +this call will return zero. It also will return zero once new data +has been written satisfying the read request or part of it. +Note that BIO_get_read_request() never returns an amount larger +than that returned by BIO_get_write_guarantee().

    +

    BIO_ctrl_reset_read_request() can also be used to reset the value returned by +BIO_get_read_request() to zero.

    +

    +

    +
    +

    NOTES

    +

    Both halves of a BIO pair should be freed. That is even if one half is implicit +freed due to a BIO_free_all() or SSL_free() call the other half needs to be freed.

    +

    When used in bidirectional applications (such as TLS/SSL) care should be taken to +flush any data in the write buffer. This can be done by calling BIO_pending() +on the other half of the pair and, if any data is pending, reading it and sending +it to the underlying transport. This must be done before any normal processing +(such as calling select() ) due to a request and BIO_should_read() being true.

    +

    To see why this is important consider a case where a request is sent using +BIO_write_ex() and a response read with BIO_read_ex(), this can occur during an +TLS/SSL handshake for example. BIO_write_ex() will succeed and place data in the +write buffer. BIO_read_ex() will initially fail and BIO_should_read() will be +true. If the application then waits for data to be available on the underlying +transport before flushing the write buffer it will never succeed because the +request was never sent!

    +

    BIO_eof() is true if no data is in the peer BIO and the peer BIO has been +shutdown.

    +

    BIO_make_bio_pair(), BIO_destroy_bio_pair(), BIO_shutdown_wr(), +BIO_set_write_buf_size(), BIO_get_write_buf_size(), +BIO_get_write_guarantee(), and BIO_get_read_request() are implemented +as macros.

    +

    +

    +
    +

    RETURN VALUES

    +

    BIO_new_bio_pair() returns 1 on success, with the new BIOs available in +bio1 and bio2, or 0 on failure, with NULL pointers stored into the +locations for bio1 and bio2. Check the error stack for more information.

    +

    [XXXXX: More return values need to be added here]

    +

    +

    +
    +

    EXAMPLES

    +

    The BIO pair can be used to have full control over the network access of an +application. The application can call select() on the socket as required +without having to go through the SSL-interface.

    +
    + BIO *internal_bio, *network_bio;
    +
    + ...
+ BIO_new_bio_pair(&internal_bio, 0, &network_bio, 0);
+ SSL_set_bio(ssl, internal_bio, internal_bio);
+ SSL_operations(); /* e.g SSL_read and SSL_write */
+ ...
    +
    + application |   TLS-engine
+    |        |
+    +----------> SSL_operations()
+             |     /\    ||
+             |     ||    \/
+             |   BIO-pair (internal_bio)
+             |   BIO-pair (network_bio)
+             |     ||     /\
+             |     \/     ||
+    +-----------< BIO_operations()
+    |        |
+    |        |
+   socket
    +
    +  ...
+  SSL_free(ssl);                /* implicitly frees internal_bio */
+  BIO_free(network_bio);
+  ...
    +

    As the BIO pair will only buffer the data and never directly access the +connection, it behaves non-blocking and will return as soon as the write +buffer is full or the read buffer is drained. Then the application has to +flush the write buffer and/or fill the read buffer.

    +

    Use the BIO_ctrl_pending(), to find out whether data is buffered in the BIO +and must be transferred to the network. Use BIO_ctrl_get_read_request() to +find out, how many bytes must be written into the buffer before the +SSL_operation() can successfully be continued.

    +

    +

    +
    +

    WARNINGS

    +

    As the data is buffered, SSL_operation() may return with an ERROR_SSL_WANT_READ +condition, but there is still data in the write buffer. An application must +not rely on the error value of SSL_operation() but must assure that the +write buffer is always flushed first. Otherwise a deadlock may occur as +the peer might be waiting for the data before being able to continue.

    +

    +

    +
    +

    SEE ALSO

    +

    SSL_set_bio(3), ssl(7), bio(7), +BIO_should_retry(3), BIO_read_ex(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/BIO_s_connect.html b/linux_amd64/share/doc/openssl/html/man3/BIO_s_connect.html new file mode 100755 index 0000000..f5d59bc --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/BIO_s_connect.html @@ -0,0 +1,222 @@ + + + + +BIO_s_connect + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BIO_set_conn_address, BIO_get_conn_address, +BIO_s_connect, BIO_new_connect, BIO_set_conn_hostname, BIO_set_conn_port, +BIO_set_conn_ip_family, BIO_get_conn_ip_family, +BIO_get_conn_hostname, BIO_get_conn_port, +BIO_set_nbio, BIO_do_connect - connect BIO

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bio.h>
    +
    + const BIO_METHOD * BIO_s_connect(void);
    +
    + BIO *BIO_new_connect(char *name);
    +
    + long BIO_set_conn_hostname(BIO *b, char *name);
+ long BIO_set_conn_port(BIO *b, char *port);
+ long BIO_set_conn_address(BIO *b, BIO_ADDR *addr);
+ long BIO_set_conn_ip_family(BIO *b, long family);
+ const char *BIO_get_conn_hostname(BIO *b);
+ const char *BIO_get_conn_port(BIO *b);
+ const BIO_ADDR *BIO_get_conn_address(BIO *b);
+ const long BIO_get_conn_ip_family(BIO *b);
    +
    + long BIO_set_nbio(BIO *b, long n);
    +
    + int BIO_do_connect(BIO *b);
    +

    +

    +
    +

    DESCRIPTION

    +

    BIO_s_connect() returns the connect BIO method. This is a wrapper +round the platform's TCP/IP socket connection routines.

    +

    Using connect BIOs, TCP/IP connections can be made and data +transferred using only BIO routines. In this way any platform +specific operations are hidden by the BIO abstraction.

    +

    Read and write operations on a connect BIO will perform I/O +on the underlying connection. If no connection is established +and the port and hostname (see below) is set up properly then +a connection is established first.

    +

    Connect BIOs support BIO_puts() but not BIO_gets().

    +

    If the close flag is set on a connect BIO then any active +connection is shutdown and the socket closed when the BIO +is freed.

    +

    Calling BIO_reset() on a connect BIO will close any active +connection and reset the BIO into a state where it can connect +to the same host again.

    +

    BIO_get_fd() places the underlying socket in c if it is not NULL, +it also returns the socket . If c is not NULL it should be of +type (int *).

    +

    BIO_set_conn_hostname() uses the string name to set the hostname. +The hostname can be an IP address; if the address is an IPv6 one, it +must be enclosed with brackets. The hostname can also include the +port in the form hostname:port.

    +

    BIO_set_conn_port() sets the port to port. port can be the +numerical form or a string such as "http". A string will be looked +up first using getservbyname() on the host platform but if that +fails a standard table of port names will be used. This internal +list is http, telnet, socks, https, ssl, ftp, and gopher.

    +

    BIO_set_conn_address() sets the address and port information using +a BIO_ADDR(3ssl).

    +

    BIO_set_conn_ip_family() sets the IP family.

    +

    BIO_get_conn_hostname() returns the hostname of the connect BIO or +NULL if the BIO is initialized but no hostname is set. +This return value is an internal pointer which should not be modified.

    +

    BIO_get_conn_port() returns the port as a string. +This return value is an internal pointer which should not be modified.

    +

    BIO_get_conn_address() returns the address information as a BIO_ADDR. +This return value is an internal pointer which should not be modified.

    +

    BIO_get_conn_ip_family() returns the IP family of the connect BIO.

    +

    BIO_set_nbio() sets the non blocking I/O flag to n. If n is +zero then blocking I/O is set. If n is 1 then non blocking I/O +is set. Blocking I/O is the default. The call to BIO_set_nbio() +should be made before the connection is established because +non blocking I/O is set during the connect process.

    +

    BIO_new_connect() combines BIO_new() and BIO_set_conn_hostname() into +a single call: that is it creates a new connect BIO with name.

    +

    BIO_do_connect() attempts to connect the supplied BIO. It returns 1 +if the connection was established successfully. A zero or negative +value is returned if the connection could not be established, the +call BIO_should_retry() should be used for non blocking connect BIOs +to determine if the call should be retried.

    +

    +

    +
    +

    NOTES

    +

    If blocking I/O is set then a non positive return value from any +I/O call is caused by an error condition, although a zero return +will normally mean that the connection was closed.

    +

    If the port name is supplied as part of the hostname then this will +override any value set with BIO_set_conn_port(). This may be undesirable +if the application does not wish to allow connection to arbitrary +ports. This can be avoided by checking for the presence of the ':' +character in the passed hostname and either indicating an error or +truncating the string at that point.

    +

    The values returned by BIO_get_conn_hostname(), BIO_get_conn_address(), +and BIO_get_conn_port() are updated when a connection attempt is made. +Before any connection attempt the values returned are those set by the +application itself.

    +

    Applications do not have to call BIO_do_connect() but may wish to do +so to separate the connection process from other I/O processing.

    +

    If non blocking I/O is set then retries will be requested as appropriate.

    +

    It addition to BIO_should_read() and BIO_should_write() it is also +possible for BIO_should_io_special() to be true during the initial +connection process with the reason BIO_RR_CONNECT. If this is returned +then this is an indication that a connection attempt would block, +the application should then take appropriate action to wait until +the underlying socket has connected and retry the call.

    +

    BIO_set_conn_hostname(), BIO_set_conn_port(), BIO_get_conn_hostname(), +BIO_set_conn_address(), BIO_get_conn_port(), BIO_get_conn_address(), +BIO_set_conn_ip_family(), BIO_get_conn_ip_family(), +BIO_set_nbio(), and BIO_do_connect() are macros.

    +

    +

    +
    +

    RETURN VALUES

    +

    BIO_s_connect() returns the connect BIO method.

    +

    BIO_get_fd() returns the socket or -1 if the BIO has not +been initialized.

    +

    BIO_set_conn_address(), BIO_set_conn_port(), and BIO_set_conn_ip_family() +always return 1.

    +

    BIO_set_conn_hostname() returns 1 on success and 0 on failure.

    +

    BIO_get_conn_address() returns the address information or NULL if none +was set.

    +

    BIO_get_conn_hostname() returns the connected hostname or NULL if +none was set.

    +

    BIO_get_conn_ip_family() returns the address family or -1 if none was set.

    +

    BIO_get_conn_port() returns a string representing the connected +port or NULL if not set.

    +

    BIO_set_nbio() always returns 1.

    +

    BIO_do_connect() returns 1 if the connection was successfully +established and 0 or -1 if the connection failed.

    +

    +

    +
    +

    EXAMPLES

    +

    This is example connects to a webserver on the local host and attempts +to retrieve a page and copy the result to standard output.

    +
    + BIO *cbio, *out;
+ int len;
+ char tmpbuf[1024];
    +
    + cbio = BIO_new_connect("localhost:http");
+ out = BIO_new_fp(stdout, BIO_NOCLOSE);
+ if (BIO_do_connect(cbio) <= 0) {
+     fprintf(stderr, "Error connecting to server\n");
+     ERR_print_errors_fp(stderr);
+     exit(1);
+ }
+ BIO_puts(cbio, "GET / HTTP/1.0\n\n");
+ for (;;) {
+     len = BIO_read(cbio, tmpbuf, 1024);
+     if (len <= 0)
+         break;
+     BIO_write(out, tmpbuf, len);
+ }
+ BIO_free(cbio);
+ BIO_free(out);
    +

    +

    +
    +

    SEE ALSO

    +

    BIO_ADDR(3)

    +

    +

    +
    +

    HISTORY

    +

    BIO_set_conn_int_port(), BIO_get_conn_int_port(), BIO_set_conn_ip(), and BIO_get_conn_ip() +were removed in OpenSSL 1.1.0. +Use BIO_set_conn_address() and BIO_get_conn_address() instead.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/BIO_s_fd.html b/linux_amd64/share/doc/openssl/html/man3/BIO_s_fd.html new file mode 100755 index 0000000..d64e8e6 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/BIO_s_fd.html @@ -0,0 +1,126 @@ + + + + +BIO_s_fd + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BIO_s_fd, BIO_set_fd, BIO_get_fd, BIO_new_fd - file descriptor BIO

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bio.h>
    +
    + const BIO_METHOD *BIO_s_fd(void);
    +
    + int BIO_set_fd(BIO *b, int fd, int c);
+ int BIO_get_fd(BIO *b, int *c);
    +
    + BIO *BIO_new_fd(int fd, int close_flag);
    +

    +

    +
    +

    DESCRIPTION

    +

    BIO_s_fd() returns the file descriptor BIO method. This is a wrapper +round the platforms file descriptor routines such as read() and write().

    +

    BIO_read_ex() and BIO_write_ex() read or write the underlying descriptor. +BIO_puts() is supported but BIO_gets() is not.

    +

    If the close flag is set then close() is called on the underlying +file descriptor when the BIO is freed.

    +

    BIO_reset() attempts to change the file pointer to the start of file +such as by using lseek(fd, 0, 0).

    +

    BIO_seek() sets the file pointer to position ofs from start of file +such as by using lseek(fd, ofs, 0).

    +

    BIO_tell() returns the current file position such as by calling +lseek(fd, 0, 1).

    +

    BIO_set_fd() sets the file descriptor of BIO b to fd and the close +flag to c.

    +

    BIO_get_fd() places the file descriptor in c if it is not NULL, it also +returns the file descriptor.

    +

    BIO_new_fd() returns a file descriptor BIO using fd and close_flag.

    +

    +

    +
    +

    NOTES

    +

    The behaviour of BIO_read_ex() and BIO_write_ex() depends on the behavior of the +platforms read() and write() calls on the descriptor. If the underlying +file descriptor is in a non blocking mode then the BIO will behave in the +manner described in the BIO_read_ex(3) and BIO_should_retry(3) +manual pages.

    +

    File descriptor BIOs should not be used for socket I/O. Use socket BIOs +instead.

    +

    BIO_set_fd() and BIO_get_fd() are implemented as macros.

    +

    +

    +
    +

    RETURN VALUES

    +

    BIO_s_fd() returns the file descriptor BIO method.

    +

    BIO_set_fd() always returns 1.

    +

    BIO_get_fd() returns the file descriptor or -1 if the BIO has not +been initialized.

    +

    BIO_new_fd() returns the newly allocated BIO or NULL is an error +occurred.

    +

    +

    +
    +

    EXAMPLES

    +

    This is a file descriptor BIO version of "Hello World":

    +
    + BIO *out;
    +
    + out = BIO_new_fd(fileno(stdout), BIO_NOCLOSE);
+ BIO_printf(out, "Hello World\n");
+ BIO_free(out);
    +

    +

    +
    +

    SEE ALSO

    +

    BIO_seek(3), BIO_tell(3), +BIO_reset(3), BIO_read_ex(3), +BIO_write_ex(3), BIO_puts(3), +BIO_gets(3), BIO_printf(3), +BIO_set_close(3), BIO_get_close(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/BIO_s_file.html b/linux_amd64/share/doc/openssl/html/man3/BIO_s_file.html new file mode 100755 index 0000000..b06f618 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/BIO_s_file.html @@ -0,0 +1,188 @@ + + + + +BIO_s_file + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BIO_s_file, BIO_new_file, BIO_new_fp, BIO_set_fp, BIO_get_fp, +BIO_read_filename, BIO_write_filename, BIO_append_filename, +BIO_rw_filename - FILE bio

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bio.h>
    +
    + const BIO_METHOD *BIO_s_file(void);
+ BIO *BIO_new_file(const char *filename, const char *mode);
+ BIO *BIO_new_fp(FILE *stream, int flags);
    +
    + BIO_set_fp(BIO *b, FILE *fp, int flags);
+ BIO_get_fp(BIO *b, FILE **fpp);
    +
    + int BIO_read_filename(BIO *b, char *name)
+ int BIO_write_filename(BIO *b, char *name)
+ int BIO_append_filename(BIO *b, char *name)
+ int BIO_rw_filename(BIO *b, char *name)
    +

    +

    +
    +

    DESCRIPTION

    +

    BIO_s_file() returns the BIO file method. As its name implies it +is a wrapper round the stdio FILE structure and it is a +source/sink BIO.

    +

    Calls to BIO_read_ex() and BIO_write_ex() read and write data to the +underlying stream. BIO_gets() and BIO_puts() are supported on file BIOs.

    +

    BIO_flush() on a file BIO calls the fflush() function on the wrapped +stream.

    +

    BIO_reset() attempts to change the file pointer to the start of file +using fseek(stream, 0, 0).

    +

    BIO_seek() sets the file pointer to position ofs from start of file +using fseek(stream, ofs, 0).

    +

    BIO_eof() calls feof().

    +

    Setting the BIO_CLOSE flag calls fclose() on the stream when the BIO +is freed.

    +

    BIO_new_file() creates a new file BIO with mode mode the meaning +of mode is the same as the stdio function fopen(). The BIO_CLOSE +flag is set on the returned BIO.

    +

    BIO_new_fp() creates a file BIO wrapping stream. Flags can be: +BIO_CLOSE, BIO_NOCLOSE (the close flag) BIO_FP_TEXT (sets the underlying +stream to text mode, default is binary: this only has any effect under +Win32).

    +

    BIO_set_fp() sets the fp of a file BIO to fp. flags has the same +meaning as in BIO_new_fp(), it is a macro.

    +

    BIO_get_fp() retrieves the fp of a file BIO, it is a macro.

    +

    BIO_seek() is a macro that sets the position pointer to offset bytes +from the start of file.

    +

    BIO_tell() returns the value of the position pointer.

    +

    BIO_read_filename(), BIO_write_filename(), BIO_append_filename() and +BIO_rw_filename() set the file BIO b to use file name for +reading, writing, append or read write respectively.

    +

    +

    +
    +

    NOTES

    +

    When wrapping stdout, stdin or stderr the underlying stream should not +normally be closed so the BIO_NOCLOSE flag should be set.

    +

    Because the file BIO calls the underlying stdio functions any quirks +in stdio behaviour will be mirrored by the corresponding BIO.

    +

    On Windows BIO_new_files reserves for the filename argument to be +UTF-8 encoded. In other words if you have to make it work in multi- +lingual environment, encode filenames in UTF-8.

    +

    +

    +
    +

    RETURN VALUES

    +

    BIO_s_file() returns the file BIO method.

    +

    BIO_new_file() and BIO_new_fp() return a file BIO or NULL if an error +occurred.

    +

    BIO_set_fp() and BIO_get_fp() return 1 for success or 0 for failure +(although the current implementation never return 0).

    +

    BIO_seek() returns the same value as the underlying fseek() function: +0 for success or -1 for failure.

    +

    BIO_tell() returns the current file position.

    +

    BIO_read_filename(), BIO_write_filename(), BIO_append_filename() and +BIO_rw_filename() return 1 for success or 0 for failure.

    +

    +

    +
    +

    EXAMPLES

    +

    File BIO "hello world":

    +
    + BIO *bio_out;
    +
    + bio_out = BIO_new_fp(stdout, BIO_NOCLOSE);
+ BIO_printf(bio_out, "Hello World\n");
    +

    Alternative technique:

    +
    + BIO *bio_out;
    +
    + bio_out = BIO_new(BIO_s_file());
+ if (bio_out == NULL)
+     /* Error */
+ if (!BIO_set_fp(bio_out, stdout, BIO_NOCLOSE))
+     /* Error */
+ BIO_printf(bio_out, "Hello World\n");
    +

    Write to a file:

    +
    + BIO *out;
    +
    + out = BIO_new_file("filename.txt", "w");
+ if (!out)
+     /* Error */
+ BIO_printf(out, "Hello World\n");
+ BIO_free(out);
    +

    Alternative technique:

    +
    + BIO *out;
    +
    + out = BIO_new(BIO_s_file());
+ if (out == NULL)
+     /* Error */
+ if (!BIO_write_filename(out, "filename.txt"))
+     /* Error */
+ BIO_printf(out, "Hello World\n");
+ BIO_free(out);
    +

    +

    +
    +

    BUGS

    +

    BIO_reset() and BIO_seek() are implemented using fseek() on the underlying +stream. The return value for fseek() is 0 for success or -1 if an error +occurred this differs from other types of BIO which will typically return +1 for success and a non positive value if an error occurred.

    +

    +

    +
    +

    SEE ALSO

    +

    BIO_seek(3), BIO_tell(3), +BIO_reset(3), BIO_flush(3), +BIO_read_ex(3), +BIO_write_ex(3), BIO_puts(3), +BIO_gets(3), BIO_printf(3), +BIO_set_close(3), BIO_get_close(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/BIO_s_mem.html b/linux_amd64/share/doc/openssl/html/man3/BIO_s_mem.html new file mode 100755 index 0000000..023a79c --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/BIO_s_mem.html @@ -0,0 +1,179 @@ + + + + +BIO_s_mem + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BIO_s_secmem, +BIO_s_mem, BIO_set_mem_eof_return, BIO_get_mem_data, BIO_set_mem_buf, +BIO_get_mem_ptr, BIO_new_mem_buf - memory BIO

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bio.h>
    +
    + const BIO_METHOD *BIO_s_mem(void);
+ const BIO_METHOD *BIO_s_secmem(void);
    +
    + BIO_set_mem_eof_return(BIO *b, int v)
+ long BIO_get_mem_data(BIO *b, char **pp)
+ BIO_set_mem_buf(BIO *b, BUF_MEM *bm, int c)
+ BIO_get_mem_ptr(BIO *b, BUF_MEM **pp)
    +
    + BIO *BIO_new_mem_buf(const void *buf, int len);
    +

    +

    +
    +

    DESCRIPTION

    +

    BIO_s_mem() returns the memory BIO method function.

    +

    A memory BIO is a source/sink BIO which uses memory for its I/O. Data +written to a memory BIO is stored in a BUF_MEM structure which is extended +as appropriate to accommodate the stored data.

    +

    BIO_s_secmem() is like BIO_s_mem() except that the secure heap is used +for buffer storage.

    +

    Any data written to a memory BIO can be recalled by reading from it. +Unless the memory BIO is read only any data read from it is deleted from +the BIO.

    +

    Memory BIOs support BIO_gets() and BIO_puts().

    +

    If the BIO_CLOSE flag is set when a memory BIO is freed then the underlying +BUF_MEM structure is also freed.

    +

    Calling BIO_reset() on a read write memory BIO clears any data in it if the +flag BIO_FLAGS_NONCLEAR_RST is not set, otherwise it just restores the read +pointer to the state it was just after the last write was performed and the +data can be read again. On a read only BIO it similarly restores the BIO to +its original state and the read only data can be read again.

    +

    BIO_eof() is true if no data is in the BIO.

    +

    BIO_ctrl_pending() returns the number of bytes currently stored.

    +

    BIO_set_mem_eof_return() sets the behaviour of memory BIO b when it is +empty. If the v is zero then an empty memory BIO will return EOF (that is +it will return zero and BIO_should_retry(b) will be false. If v is non +zero then it will return v when it is empty and it will set the read retry +flag (that is BIO_read_retry(b) is true). To avoid ambiguity with a normal +positive return value v should be set to a negative value, typically -1.

    +

    BIO_get_mem_data() sets *pp to a pointer to the start of the memory BIOs data +and returns the total amount of data available. It is implemented as a macro.

    +

    BIO_set_mem_buf() sets the internal BUF_MEM structure to bm and sets the +close flag to c, that is c should be either BIO_CLOSE or BIO_NOCLOSE. +It is a macro.

    +

    BIO_get_mem_ptr() places the underlying BUF_MEM structure in *pp. It is +a macro.

    +

    BIO_new_mem_buf() creates a memory BIO using len bytes of data at buf, +if len is -1 then the buf is assumed to be nul terminated and its +length is determined by strlen. The BIO is set to a read only state and +as a result cannot be written to. This is useful when some data needs to be +made available from a static area of memory in the form of a BIO. The +supplied data is read directly from the supplied buffer: it is not copied +first, so the supplied area of memory must be unchanged until the BIO is freed.

    +

    +

    +
    +

    NOTES

    +

    Writes to memory BIOs will always succeed if memory is available: that is +their size can grow indefinitely.

    +

    Every write after partial read (not all data in the memory buffer was read) +to a read write memory BIO will have to move the unread data with an internal +copy operation, if a BIO contains a lot of data and it is read in small +chunks intertwined with writes the operation can be very slow. Adding +a buffering BIO to the chain can speed up the process.

    +

    Calling BIO_set_mem_buf() on a BIO created with BIO_new_secmem() will +give undefined results, including perhaps a program crash.

    +

    Switching the memory BIO from read write to read only is not supported and +can give undefined results including a program crash. There are two notable +exceptions to the rule. The first one is to assign a static memory buffer +immediately after BIO creation and set the BIO as read only.

    +

    The other supported sequence is to start with read write BIO then temporarily +switch it to read only and call BIO_reset() on the read only BIO immediately +before switching it back to read write. Before the BIO is freed it must be +switched back to the read write mode.

    +

    Calling BIO_get_mem_ptr() on read only BIO will return a BUF_MEM that +contains only the remaining data to be read. If the close status of the +BIO is set to BIO_NOCLOSE, before freeing the BUF_MEM the data pointer +in it must be set to NULL as the data pointer does not point to an +allocated memory.

    +

    Calling BIO_reset() on a read write memory BIO with BIO_FLAGS_NONCLEAR_RST +flag set can have unexpected outcome when the reads and writes to the +BIO are intertwined. As documented above the BIO will be reset to the +state after the last completed write operation. The effects of reads +preceding that write operation cannot be undone.

    +

    Calling BIO_get_mem_ptr() prior to a BIO_reset() call with +BIO_FLAGS_NONCLEAR_RST set has the same effect as a write operation.

    +

    +

    +
    +

    BUGS

    +

    There should be an option to set the maximum size of a memory BIO.

    +

    +

    +
    +

    RETURN VALUES

    +

    BIO_s_mem() and BIO_s_secmem() return a valid memory BIO_METHOD structure.

    +

    BIO_set_mem_eof_return(), BIO_set_mem_buf() and BIO_get_mem_ptr() +return 1 on success or a value which is less than or equal to 0 if an error occurred.

    +

    BIO_get_mem_data() returns the total number of bytes available on success, +0 if b is NULL, or a negative value in case of other errors.

    +

    BIO_new_mem_buf() returns a valid BIO structure on success or NULL on error.

    +

    +

    +
    +

    EXAMPLES

    +

    Create a memory BIO and write some data to it:

    +
    + BIO *mem = BIO_new(BIO_s_mem());
    +
    + BIO_puts(mem, "Hello World\n");
    +

    Create a read only memory BIO:

    +
    + char data[] = "Hello World";
+ BIO *mem = BIO_new_mem_buf(data, -1);
    +

    Extract the BUF_MEM structure from a memory BIO and then free up the BIO:

    +
    + BUF_MEM *bptr;
    +
    + BIO_get_mem_ptr(mem, &bptr);
+ BIO_set_close(mem, BIO_NOCLOSE); /* So BIO_free() leaves BUF_MEM alone */
+ BIO_free(mem);
    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/BIO_s_null.html b/linux_amd64/share/doc/openssl/html/man3/BIO_s_null.html new file mode 100755 index 0000000..a90b256 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/BIO_s_null.html @@ -0,0 +1,79 @@ + + + + +BIO_s_null + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    BIO_s_null - null data sink

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bio.h>
    +
    + const BIO_METHOD *BIO_s_null(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    BIO_s_null() returns the null sink BIO method. Data written to +the null sink is discarded, reads return EOF.

    +

    +

    +
    +

    NOTES

    +

    A null sink BIO behaves in a similar manner to the Unix /dev/null +device.

    +

    A null bio can be placed on the end of a chain to discard any data +passed through it.

    +

    A null sink is useful if, for example, an application wishes to digest some +data by writing through a digest bio but not send the digested data anywhere. +Since a BIO chain must normally include a source/sink BIO this can be achieved +by adding a null sink BIO to the end of the chain

    +

    +

    +
    +

    RETURN VALUES

    +

    BIO_s_null() returns the null sink BIO method.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/BIO_s_socket.html b/linux_amd64/share/doc/openssl/html/man3/BIO_s_socket.html new file mode 100755 index 0000000..d586758 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/BIO_s_socket.html @@ -0,0 +1,86 @@ + + + + +BIO_s_socket + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    BIO_s_socket, BIO_new_socket - socket BIO

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bio.h>
    +
    + const BIO_METHOD *BIO_s_socket(void);
    +
    + BIO *BIO_new_socket(int sock, int close_flag);
    +

    +

    +
    +

    DESCRIPTION

    +

    BIO_s_socket() returns the socket BIO method. This is a wrapper +round the platform's socket routines.

    +

    BIO_read_ex() and BIO_write_ex() read or write the underlying socket. +BIO_puts() is supported but BIO_gets() is not.

    +

    If the close flag is set then the socket is shut down and closed +when the BIO is freed.

    +

    BIO_new_socket() returns a socket BIO using sock and close_flag.

    +

    +

    +
    +

    NOTES

    +

    Socket BIOs also support any relevant functionality of file descriptor +BIOs.

    +

    The reason for having separate file descriptor and socket BIOs is that on some +platforms sockets are not file descriptors and use distinct I/O routines, +Windows is one such platform. Any code mixing the two will not work on +all platforms.

    +

    +

    +
    +

    RETURN VALUES

    +

    BIO_s_socket() returns the socket BIO method.

    +

    BIO_new_socket() returns the newly allocated BIO or NULL is an error +occurred.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/BIO_set_callback.html b/linux_amd64/share/doc/openssl/html/man3/BIO_set_callback.html new file mode 100755 index 0000000..d524fe2 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/BIO_set_callback.html @@ -0,0 +1,263 @@ + + + + +BIO_set_callback + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BIO_set_callback_ex, BIO_get_callback_ex, BIO_set_callback, BIO_get_callback, +BIO_set_callback_arg, BIO_get_callback_arg, BIO_debug_callback, +BIO_callback_fn_ex, BIO_callback_fn +- BIO callback functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bio.h>
    +
    + typedef long (*BIO_callback_fn_ex)(BIO *b, int oper, const char *argp,
+                                    size_t len, int argi,
+                                    long argl, int ret, size_t *processed);
+ typedef long (*BIO_callback_fn)(BIO *b, int oper, const char *argp, int argi,
+                                 long argl, long ret);
    +
    + void BIO_set_callback_ex(BIO *b, BIO_callback_fn_ex callback);
+ BIO_callback_fn_ex BIO_get_callback_ex(const BIO *b);
    +
    + void BIO_set_callback(BIO *b, BIO_callback_fn cb);
+ BIO_callback_fn BIO_get_callback(BIO *b);
+ void BIO_set_callback_arg(BIO *b, char *arg);
+ char *BIO_get_callback_arg(const BIO *b);
    +
    + long BIO_debug_callback(BIO *bio, int cmd, const char *argp, int argi,
+                         long argl, long ret);
    +

    +

    +
    +

    DESCRIPTION

    +

    BIO_set_callback_ex() and BIO_get_callback_ex() set and retrieve the BIO +callback. The callback is called during most high level BIO operations. It can +be used for debugging purposes to trace operations on a BIO or to modify its +operation.

    +

    BIO_set_callback() and BIO_get_callback() set and retrieve the old format BIO +callback. New code should not use these functions, but they are retained for +backwards compatibility. Any callback set via BIO_set_callback_ex() will get +called in preference to any set by BIO_set_callback().

    +

    BIO_set_callback_arg() and BIO_get_callback_arg() are macros which can be +used to set and retrieve an argument for use in the callback.

    +

    BIO_debug_callback() is a standard debugging callback which prints +out information relating to each BIO operation. If the callback +argument is set it is interpreted as a BIO to send the information +to, otherwise stderr is used.

    +

    BIO_callback_fn_ex is the type of the callback function and BIO_callback_fn +is the type of the old format callback function. The meaning of each argument +is described below:

    +
    +
    b
    + +
    +

    The BIO the callback is attached to is passed in b.

    +
    +
    oper
    + +
    +

    oper is set to the operation being performed. For some operations +the callback is called twice, once before and once after the actual +operation, the latter case has oper or'ed with BIO_CB_RETURN.

    +
    +
    len
    + +
    +

    The length of the data requested to be read or written. This is only useful if +oper is BIO_CB_READ, BIO_CB_WRITE or BIO_CB_GETS.

    +
    +
    argp argi argl
    + +
    +

    The meaning of the arguments argp, argi and argl depends on +the value of oper, that is the operation being performed.

    +
    +
    processed
    + +
    +

    processed is a pointer to a location which will be updated with the amount of +data that was actually read or written. Only used for BIO_CB_READ, BIO_CB_WRITE, +BIO_CB_GETS and BIO_CB_PUTS.

    +
    +
    ret
    + +
    +

    ret is the return value that would be returned to the +application if no callback were present. The actual value returned +is the return value of the callback itself. In the case of callbacks +called before the actual BIO operation 1 is placed in ret, if +the return value is not positive it will be immediately returned to +the application and the BIO operation will not be performed.

    +
    +
    +

    The callback should normally simply return ret when it has +finished processing, unless it specifically wishes to modify the +value returned to the application.

    +

    +

    +
    +

    CALLBACK OPERATIONS

    +

    In the notes below, callback defers to the actual callback +function that is called.

    +
    +
    BIO_free(b)
    + +
    +
    + callback_ex(b, BIO_CB_FREE, NULL, 0, 0, 0L, 1L, NULL)
    +

    or

    +
    + callback(b, BIO_CB_FREE, NULL, 0L, 0L, 1L)
    +

    is called before the free operation.

    +
    +
    BIO_read_ex(b, data, dlen, readbytes)
    + +
    +
    + callback_ex(b, BIO_CB_READ, data, dlen, 0, 0L, 1L, NULL)
    +

    or

    +
    + callback(b, BIO_CB_READ, data, dlen, 0L, 1L)
    +

    is called before the read and

    +
    + callback_ex(b, BIO_CB_READ | BIO_CB_RETURN, data, dlen, 0, 0L, retvalue,
+             &readbytes)
    +

    or

    +
    + callback(b, BIO_CB_READ|BIO_CB_RETURN, data, dlen, 0L, retvalue)
    +

    after.

    +
    +
    BIO_write(b, data, dlen, written)
    + +
    +
    + callback_ex(b, BIO_CB_WRITE, data, dlen, 0, 0L, 1L, NULL)
    +

    or

    +
    + callback(b, BIO_CB_WRITE, datat, dlen, 0L, 1L)
    +

    is called before the write and

    +
    + callback_ex(b, BIO_CB_WRITE | BIO_CB_RETURN, data, dlen, 0, 0L, retvalue,
+             &written)
    +

    or

    +
    + callback(b, BIO_CB_WRITE|BIO_CB_RETURN, data, dlen, 0L, retvalue)
    +

    after.

    +
    +
    BIO_gets(b, buf, size)
    + +
    +
    + callback_ex(b, BIO_CB_GETS, buf, size, 0, 0L, 1, NULL, NULL)
    +

    or

    +
    + callback(b, BIO_CB_GETS, buf, size, 0L, 1L)
    +

    is called before the operation and

    +
    + callback_ex(b, BIO_CB_GETS | BIO_CB_RETURN, buf, size, 0, 0L, retvalue,
+             &readbytes)
    +

    or

    +
    + callback(b, BIO_CB_GETS|BIO_CB_RETURN, buf, size, 0L, retvalue)
    +

    after.

    +
    +
    BIO_puts(b, buf)
    + +
    +
    + callback_ex(b, BIO_CB_PUTS, buf, 0, 0, 0L, 1L, NULL);
    +

    or

    +
    + callback(b, BIO_CB_PUTS, buf, 0, 0L, 1L)
    +

    is called before the operation and

    +
    + callback_ex(b, BIO_CB_PUTS | BIO_CB_RETURN, buf, 0, 0, 0L, retvalue, &written)
    +

    or

    +
    + callback(b, BIO_CB_PUTS|BIO_CB_RETURN, buf, 0, 0L, retvalue)
    +

    after.

    +
    +
    BIO_ctrl(BIO *b, int cmd, long larg, void *parg)
    + +
    +
    + callback_ex(b, BIO_CB_CTRL, parg, 0, cmd, larg, 1L, NULL)
    +

    or

    +
    + callback(b, BIO_CB_CTRL, parg, cmd, larg, 1L)
    +

    is called before the call and

    +
    + callback_ex(b, BIO_CB_CTRL | BIO_CB_RETURN, parg, 0, cmd, larg, ret, NULL)
    +

    or

    +
    + callback(b, BIO_CB_CTRL|BIO_CB_RETURN, parg, cmd, larg, ret)
    +

    after.

    +

    Note: cmd == BIO_CTRL_SET_CALLBACK is special, because parg is not the +argument of type BIO_info_cb itself. In this case parg is a pointer to +the actual call parameter, see BIO_callback_ctrl.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    BIO_get_callback_ex() and BIO_get_callback() return the callback function +previously set by a call to BIO_set_callback_ex() and BIO_set_callback() +respectively.

    +

    BIO_get_callback_arg() returns a char pointer to the value previously set +via a call to BIO_set_callback_arg().

    +

    BIO_debug_callback() returns 1 or ret if it's called after specific BIO +operations.

    +

    +

    +
    +

    EXAMPLES

    +

    The BIO_debug_callback() function is a good example, its source is +in crypto/bio/bio_cb.c

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/BIO_should_retry.html b/linux_amd64/share/doc/openssl/html/man3/BIO_should_retry.html new file mode 100755 index 0000000..4def071 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/BIO_should_retry.html @@ -0,0 +1,172 @@ + + + + +BIO_should_retry + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BIO_should_read, BIO_should_write, +BIO_should_io_special, BIO_retry_type, BIO_should_retry, +BIO_get_retry_BIO, BIO_get_retry_reason, BIO_set_retry_reason - BIO retry +functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bio.h>
    +
    + int BIO_should_read(BIO *b);
+ int BIO_should_write(BIO *b);
+ int BIO_should_io_special(iBIO *b);
+ int BIO_retry_type(BIO *b);
+ int BIO_should_retry(BIO *b);
    +
    + BIO *BIO_get_retry_BIO(BIO *bio, int *reason);
+ int BIO_get_retry_reason(BIO *bio);
+ void BIO_set_retry_reason(BIO *bio, int reason);
    +

    +

    +
    +

    DESCRIPTION

    +

    These functions determine why a BIO is not able to read or write data. +They will typically be called after a failed BIO_read_ex() or BIO_write_ex() +call.

    +

    BIO_should_retry() is true if the call that produced this condition +should then be retried at a later time.

    +

    If BIO_should_retry() is false then the cause is an error condition.

    +

    BIO_should_read() is true if the cause of the condition is that the BIO +has insufficient data to return. Check for readability and/or retry the +last operation.

    +

    BIO_should_write() is true if the cause of the condition is that the BIO +has pending data to write. Check for writability and/or retry the +last operation.

    +

    BIO_should_io_special() is true if some "special" condition, that is a +reason other than reading or writing is the cause of the condition.

    +

    BIO_retry_type() returns a mask of the cause of a retry condition +consisting of the values BIO_FLAGS_READ, BIO_FLAGS_WRITE, +BIO_FLAGS_IO_SPECIAL though current BIO types will only set one of +these.

    +

    BIO_get_retry_BIO() determines the precise reason for the special +condition, it returns the BIO that caused this condition and if +reason is not NULL it contains the reason code. The meaning of +the reason code and the action that should be taken depends on +the type of BIO that resulted in this condition.

    +

    BIO_get_retry_reason() returns the reason for a special condition if +passed the relevant BIO, for example as returned by BIO_get_retry_BIO().

    +

    BIO_set_retry_reason() sets the retry reason for a special condition for a given +BIO. This would usually only be called by BIO implementations.

    +

    +

    +
    +

    NOTES

    +

    BIO_should_read(), BIO_should_write(), BIO_should_io_special(), +BIO_retry_type(), and BIO_should_retry(), are implemented as macros.

    +

    If BIO_should_retry() returns false then the precise "error condition" +depends on the BIO type that caused it and the return code of the BIO +operation. For example if a call to BIO_read_ex() on a socket BIO returns +0 and BIO_should_retry() is false then the cause will be that the +connection closed. A similar condition on a file BIO will mean that it +has reached EOF. Some BIO types may place additional information on +the error queue. For more details see the individual BIO type manual +pages.

    +

    If the underlying I/O structure is in a blocking mode almost all current +BIO types will not request a retry, because the underlying I/O +calls will not. If the application knows that the BIO type will never +signal a retry then it need not call BIO_should_retry() after a failed +BIO I/O call. This is typically done with file BIOs.

    +

    SSL BIOs are the only current exception to this rule: they can request a +retry even if the underlying I/O structure is blocking, if a handshake +occurs during a call to BIO_read(). An application can retry the failed +call immediately or avoid this situation by setting SSL_MODE_AUTO_RETRY +on the underlying SSL structure.

    +

    While an application may retry a failed non blocking call immediately +this is likely to be very inefficient because the call will fail +repeatedly until data can be processed or is available. An application +will normally wait until the necessary condition is satisfied. How +this is done depends on the underlying I/O structure.

    +

    For example if the cause is ultimately a socket and BIO_should_read() +is true then a call to select() may be made to wait until data is +available and then retry the BIO operation. By combining the retry +conditions of several non blocking BIOs in a single select() call +it is possible to service several BIOs in a single thread, though +the performance may be poor if SSL BIOs are present because long delays +can occur during the initial handshake process.

    +

    It is possible for a BIO to block indefinitely if the underlying I/O +structure cannot process or return any data. This depends on the behaviour of +the platforms I/O functions. This is often not desirable: one solution +is to use non blocking I/O and use a timeout on the select() (or +equivalent) call.

    +

    +

    +
    +

    BUGS

    +

    The OpenSSL ASN1 functions cannot gracefully deal with non blocking I/O: +that is they cannot retry after a partial read or write. This is usually +worked around by only passing the relevant data to ASN1 functions when +the entire structure can be read or written.

    +

    +

    +
    +

    RETURN VALUES

    +

    BIO_should_read(), BIO_should_write(), BIO_should_io_special(), and +BIO_should_retry() return either 1 or 0 based on the actual conditions +of the BIO.

    +

    BIO_retry_type() returns a flag combination presenting the cause of a retry +condition or false if there is no retry condition.

    +

    BIO_get_retry_BIO() returns a valid BIO structure.

    +

    BIO_get_retry_reason() returns the reason for a special condition.

    +

    +

    +
    +

    SEE ALSO

    +

    bio(7)

    +

    +

    +
    +

    HISTORY

    +

    The BIO_get_retry_reason() and BIO_set_retry_reason() functions were added in +OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/BIO_socket_wait.html b/linux_amd64/share/doc/openssl/html/man3/BIO_socket_wait.html new file mode 100755 index 0000000..5fb742f --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/BIO_socket_wait.html @@ -0,0 +1,93 @@ + + + + +BIO_socket_wait + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BIO_socket_wait, +BIO_wait, +BIO_connect_retry +- BIO socket utility functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bio.h>
    +
    + #ifndef OPENSSL_NO_SOCK
+ int BIO_socket_wait(int fd, int for_read, time_t max_time);
+ #endif
+ int BIO_wait(BIO *bio, time_t max_time, unsigned int milliseconds);
+ int BIO_connect_retry(BIO *bio, long timeout);
    +

    +

    +
    +

    DESCRIPTION

    +

    BIO_socket_wait() waits on the socket fd for reading if for_read is not 0, +else for writing, at most until max_time. +It succeeds immediately if max_time == 0 (which means no timeout given).

    +

    BIO_wait() waits at most until max_time on the given bio, +which is typically socket-based, +for reading if bio is supposed to read, else for writing. +It succeeds immediately if max_time == 0 (which means no timeout given). +If sockets are not available it succeeds after waiting at most given +milliseconds in order to help avoiding a tight busy loop at the caller.

    +

    BIO_connect_retry() connects via the given bio, retrying BIO_do_connect() +until success or a timeout or error condition is reached. +If the timeout parameter is > 0 this indicates the maximum number of seconds +to wait until the connection is established. A value of 0 enables waiting +indefinitely, while a value < 0 immediately leads to a timeout condition.

    +

    +

    +
    +

    RETURN VALUES

    +

    BIO_socket_wait(), BIO_wait(), and BIO_connect_retry() +return -1 on error, 0 on timeout, and 1 on success.

    +

    +

    +
    +

    HISTORY

    +

    BIO_socket_wait(), BIO_wait(), and BIO_connect_retry() +were added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/BN_BLINDING_new.html b/linux_amd64/share/doc/openssl/html/man3/BN_BLINDING_new.html new file mode 100755 index 0000000..60740f6 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/BN_BLINDING_new.html @@ -0,0 +1,147 @@ + + + + +BN_BLINDING_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BN_BLINDING_new, BN_BLINDING_free, BN_BLINDING_update, BN_BLINDING_convert, +BN_BLINDING_invert, BN_BLINDING_convert_ex, BN_BLINDING_invert_ex, +BN_BLINDING_is_current_thread, BN_BLINDING_set_current_thread, +BN_BLINDING_lock, BN_BLINDING_unlock, BN_BLINDING_get_flags, +BN_BLINDING_set_flags, BN_BLINDING_create_param - blinding related BIGNUM functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bn.h>
    +
    + BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai,
+                              BIGNUM *mod);
+ void BN_BLINDING_free(BN_BLINDING *b);
+ int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx);
+ int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
+ int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
+ int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b,
+                            BN_CTX *ctx);
+ int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b,
+                           BN_CTX *ctx);
+ int BN_BLINDING_is_current_thread(BN_BLINDING *b);
+ void BN_BLINDING_set_current_thread(BN_BLINDING *b);
+ int BN_BLINDING_lock(BN_BLINDING *b);
+ int BN_BLINDING_unlock(BN_BLINDING *b);
+ unsigned long BN_BLINDING_get_flags(const BN_BLINDING *);
+ void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long);
+ BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
+                                       const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
+                                       int (*bn_mod_exp)(BIGNUM *r,
+                                                         const BIGNUM *a,
+                                                         const BIGNUM *p,
+                                                         const BIGNUM *m,
+                                                         BN_CTX *ctx,
+                                                         BN_MONT_CTX *m_ctx),
+                                       BN_MONT_CTX *m_ctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    BN_BLINDING_new() allocates a new BN_BLINDING structure and copies +the A and Ai values into the newly created BN_BLINDING object.

    +

    BN_BLINDING_free() frees the BN_BLINDING structure. +If b is NULL, nothing is done.

    +

    BN_BLINDING_update() updates the BN_BLINDING parameters by squaring +the A and Ai or, after specific number of uses and if the +necessary parameters are set, by re-creating the blinding parameters.

    +

    BN_BLINDING_convert_ex() multiplies n with the blinding factor A. +If r is not NULL a copy the inverse blinding factor Ai will be +returned in r (this is useful if a RSA object is shared among +several threads). BN_BLINDING_invert_ex() multiplies n with the +inverse blinding factor Ai. If r is not NULL it will be used as +the inverse blinding.

    +

    BN_BLINDING_convert() and BN_BLINDING_invert() are wrapper +functions for BN_BLINDING_convert_ex() and BN_BLINDING_invert_ex() +with r set to NULL.

    +

    BN_BLINDING_is_current_thread() returns whether the BN_BLINDING +structure is owned by the current thread. This is to help users +provide proper locking if needed for multi-threaded use.

    +

    BN_BLINDING_set_current_thread() sets the current thread as the +owner of the BN_BLINDING structure.

    +

    BN_BLINDING_lock() locks the BN_BLINDING structure.

    +

    BN_BLINDING_unlock() unlocks the BN_BLINDING structure.

    +

    BN_BLINDING_get_flags() returns the BN_BLINDING flags. Currently +there are two supported flags: BN_BLINDING_NO_UPDATE and +BN_BLINDING_NO_RECREATE. BN_BLINDING_NO_UPDATE inhibits the +automatic update of the BN_BLINDING parameters after each use +and BN_BLINDING_NO_RECREATE inhibits the automatic re-creation +of the BN_BLINDING parameters after a fixed number of uses (currently +32). In newly allocated BN_BLINDING objects no flags are set. +BN_BLINDING_set_flags() sets the BN_BLINDING parameters flags.

    +

    BN_BLINDING_create_param() creates new BN_BLINDING parameters +using the exponent e and the modulus m. bn_mod_exp and +m_ctx can be used to pass special functions for exponentiation +(normally BN_mod_exp_mont() and BN_MONT_CTX).

    +

    +

    +
    +

    RETURN VALUES

    +

    BN_BLINDING_new() returns the newly allocated BN_BLINDING structure +or NULL in case of an error.

    +

    BN_BLINDING_update(), BN_BLINDING_convert(), BN_BLINDING_invert(), +BN_BLINDING_convert_ex() and BN_BLINDING_invert_ex() return 1 on +success and 0 if an error occurred.

    +

    BN_BLINDING_is_current_thread() returns 1 if the current thread owns +the BN_BLINDING object, 0 otherwise.

    +

    BN_BLINDING_set_current_thread() doesn't return anything.

    +

    BN_BLINDING_lock(), BN_BLINDING_unlock() return 1 if the operation +succeeded or 0 on error.

    +

    BN_BLINDING_get_flags() returns the currently set BN_BLINDING flags +(a unsigned long value).

    +

    BN_BLINDING_create_param() returns the newly created BN_BLINDING +parameters or NULL on error.

    +

    +

    +
    +

    HISTORY

    +

    BN_BLINDING_thread_id() was first introduced in OpenSSL 1.0.0, and it +deprecates BN_BLINDING_set_thread_id() and BN_BLINDING_get_thread_id().

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2005-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/BN_CTX_new.html b/linux_amd64/share/doc/openssl/html/man3/BN_CTX_new.html new file mode 100755 index 0000000..db992cd --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/BN_CTX_new.html @@ -0,0 +1,125 @@ + + + + +BN_CTX_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BN_CTX_new_ex, BN_CTX_new, BN_CTX_secure_new_ex, BN_CTX_secure_new, BN_CTX_free +- allocate and free BN_CTX structures

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bn.h>
    +
    + BN_CTX *BN_CTX_new_ex(OPENSSL_CTX *ctx);
+ BN_CTX *BN_CTX_new(void);
    +
    + BN_CTX *BN_CTX_secure_new_ex(OPENSSL_CTX *ctx);
+ BN_CTX *BN_CTX_secure_new(void);
    +
    + void BN_CTX_free(BN_CTX *c);
    +

    +

    +
    +

    DESCRIPTION

    +

    A BN_CTX is a structure that holds BIGNUM temporary variables used by +library functions. Since dynamic memory allocation to create BIGNUMs +is rather expensive when used in conjunction with repeated subroutine +calls, the BN_CTX structure is used.

    +

    BN_CTX_new_ex() allocates and initializes a BN_CTX structure for the given +library context ctx. The <ctx> value may be NULL in which case the default +library context will be used. BN_CTX_new() is the same as BN_CTX_new_ex() except +that the default library context is always used.

    +

    BN_CTX_secure_new_ex() allocates and initializes a BN_CTX structure +but uses the secure heap (see CRYPTO_secure_malloc(3)) to hold the +BIGNUMs for the given library context ctx. The <ctx> value may be NULL in +which case the default library context will be used. BN_CTX_secure_new() is the +same as BN_CTX_secure_new_ex() except that the default library context is always +used.

    +

    BN_CTX_free() frees the components of the BN_CTX and the structure itself. +Since BN_CTX_start() is required in order to obtain BIGNUMs from the +BN_CTX, in most cases BN_CTX_end() must be called before the BN_CTX may +be freed by BN_CTX_free(). If c is NULL, nothing is done.

    +

    A given BN_CTX must only be used by a single thread of execution. No +locking is performed, and the internal pool allocator will not properly handle +multiple threads of execution.

    +

    +

    +
    +

    RETURN VALUES

    +

    BN_CTX_new() and BN_CTX_secure_new() return a pointer to the BN_CTX. +If the allocation fails, +they return NULL and sets an error code that can be obtained by +ERR_get_error(3).

    +

    BN_CTX_free() has no return values.

    +

    +

    +
    +

    REMOVED FUNCTIONALITY

    +
    + void BN_CTX_init(BN_CTX *c);
    +

    BN_CTX_init() is no longer available as of OpenSSL 1.1.0. Applications should +replace use of BN_CTX_init with BN_CTX_new instead:

    +
    + BN_CTX *ctx;
+ ctx = BN_CTX_new();
+ if (!ctx)
+     /* error */
+ ...
+ BN_CTX_free(ctx);
    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), BN_add(3), +BN_CTX_start(3)

    +

    +

    +
    +

    HISTORY

    +

    BN_CTX_init() was removed in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/BN_CTX_start.html b/linux_amd64/share/doc/openssl/html/man3/BN_CTX_start.html new file mode 100755 index 0000000..79b20e8 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/BN_CTX_start.html @@ -0,0 +1,91 @@ + + + + +BN_CTX_start + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BN_CTX_start, BN_CTX_get, BN_CTX_end - use temporary BIGNUM variables

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bn.h>
    +
    + void BN_CTX_start(BN_CTX *ctx);
    +
    + BIGNUM *BN_CTX_get(BN_CTX *ctx);
    +
    + void BN_CTX_end(BN_CTX *ctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    These functions are used to obtain temporary BIGNUM variables from +a BN_CTX (which can been created by using BN_CTX_new(3)) +in order to save the overhead of repeatedly creating and +freeing BIGNUMs in functions that are called from inside a loop.

    +

    A function must call BN_CTX_start() first. Then, BN_CTX_get() may be +called repeatedly to obtain temporary BIGNUMs. All BN_CTX_get() +calls must be made before calling any other functions that use the +ctx as an argument.

    +

    Finally, BN_CTX_end() must be called before returning from the function. +If ctx is NULL, nothing is done. +When BN_CTX_end() is called, the BIGNUM pointers obtained from +BN_CTX_get() become invalid.

    +

    +

    +
    +

    RETURN VALUES

    +

    BN_CTX_start() and BN_CTX_end() return no values.

    +

    BN_CTX_get() returns a pointer to the BIGNUM, or NULL on error. +Once BN_CTX_get() has failed, the subsequent calls will return NULL +as well, so it is sufficient to check the return value of the last +BN_CTX_get() call. In case of an error, an error code is set, which +can be obtained by ERR_get_error(3).

    +

    +

    +
    +

    SEE ALSO

    +

    BN_CTX_new(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/BN_add.html b/linux_amd64/share/doc/openssl/html/man3/BN_add.html new file mode 100755 index 0000000..67891ad --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/BN_add.html @@ -0,0 +1,151 @@ + + + + +BN_add + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BN_add, BN_sub, BN_mul, BN_sqr, BN_div, BN_mod, BN_nnmod, BN_mod_add, +BN_mod_sub, BN_mod_mul, BN_mod_sqr, BN_exp, BN_mod_exp, BN_gcd - +arithmetic operations on BIGNUMs

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bn.h>
    +
    + int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
    +
    + int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
    +
    + int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
    +
    + int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx);
    +
    + int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *a, const BIGNUM *d,
+            BN_CTX *ctx);
    +
    + int BN_mod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
    +
    + int BN_nnmod(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
    +
    + int BN_mod_add(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
+                BN_CTX *ctx);
    +
    + int BN_mod_sub(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
+                BN_CTX *ctx);
    +
    + int BN_mod_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
+                BN_CTX *ctx);
    +
    + int BN_mod_sqr(BIGNUM *r, BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
    +
    + int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx);
    +
    + int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+                const BIGNUM *m, BN_CTX *ctx);
    +
    + int BN_gcd(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    BN_add() adds a and b and places the result in r (r=a+b). +r may be the same BIGNUM as a or b.

    +

    BN_sub() subtracts b from a and places the result in r (r=a-b). +r may be the same BIGNUM as a or b.

    +

    BN_mul() multiplies a and b and places the result in r (r=a*b). +r may be the same BIGNUM as a or b. +For multiplication by powers of 2, use BN_lshift(3).

    +

    BN_sqr() takes the square of a and places the result in r +(r=a^2). r and a may be the same BIGNUM. +This function is faster than BN_mul(r,a,a).

    +

    BN_div() divides a by d and places the result in dv and the +remainder in rem (dv=a/d, rem=a%d). Either of dv and rem may +be NULL, in which case the respective value is not returned. +The result is rounded towards zero; thus if a is negative, the +remainder will be zero or negative. +For division by powers of 2, use BN_rshift(3).

    +

    BN_mod() corresponds to BN_div() with dv set to NULL.

    +

    BN_nnmod() reduces a modulo m and places the non-negative +remainder in r.

    +

    BN_mod_add() adds a to b modulo m and places the non-negative +result in r.

    +

    BN_mod_sub() subtracts b from a modulo m and places the +non-negative result in r.

    +

    BN_mod_mul() multiplies a by b and finds the non-negative +remainder respective to modulus m (r=(a*b) mod m). r may be +the same BIGNUM as a or b. For more efficient algorithms for +repeated computations using the same modulus, see +BN_mod_mul_montgomery(3) and +BN_mod_mul_reciprocal(3).

    +

    BN_mod_sqr() takes the square of a modulo m and places the +result in r.

    +

    BN_exp() raises a to the p-th power and places the result in r +(r=a^p). This function is faster than repeated applications of +BN_mul().

    +

    BN_mod_exp() computes a to the p-th power modulo m (r=a^p % +m). This function uses less time and space than BN_exp(). Do not call this +function when m is even and any of the parameters have the +BN_FLG_CONSTTIME flag set.

    +

    BN_gcd() computes the greatest common divisor of a and b and +places the result in r. r may be the same BIGNUM as a or +b.

    +

    For all functions, ctx is a previously allocated BN_CTX used for +temporary variables; see BN_CTX_new(3).

    +

    Unless noted otherwise, the result BIGNUM must be different from +the arguments.

    +

    +

    +
    +

    RETURN VALUES

    +

    For all functions, 1 is returned for success, 0 on error. The return +value should always be checked (e.g., if (!BN_add(r,a,b)) goto err;). +The error codes can be obtained by ERR_get_error(3).

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), BN_CTX_new(3), +BN_add_word(3), BN_set_bit(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/BN_add_word.html b/linux_amd64/share/doc/openssl/html/man3/BN_add_word.html new file mode 100755 index 0000000..06ac1c8 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/BN_add_word.html @@ -0,0 +1,91 @@ + + + + +BN_add_word + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BN_add_word, BN_sub_word, BN_mul_word, BN_div_word, BN_mod_word - arithmetic +functions on BIGNUMs with integers

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bn.h>
    +
    + int BN_add_word(BIGNUM *a, BN_ULONG w);
    +
    + int BN_sub_word(BIGNUM *a, BN_ULONG w);
    +
    + int BN_mul_word(BIGNUM *a, BN_ULONG w);
    +
    + BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w);
    +
    + BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w);
    +

    +

    +
    +

    DESCRIPTION

    +

    These functions perform arithmetic operations on BIGNUMs with unsigned +integers. They are much more efficient than the normal BIGNUM +arithmetic operations.

    +

    BN_add_word() adds w to a (a+=w).

    +

    BN_sub_word() subtracts w from a (a-=w).

    +

    BN_mul_word() multiplies a and w (a*=w).

    +

    BN_div_word() divides a by w (a/=w) and returns the remainder.

    +

    BN_mod_word() returns the remainder of a divided by w (a%w).

    +

    For BN_div_word() and BN_mod_word(), w must not be 0.

    +

    +

    +
    +

    RETURN VALUES

    +

    BN_add_word(), BN_sub_word() and BN_mul_word() return 1 for success, 0 +on error. The error codes can be obtained by ERR_get_error(3).

    +

    BN_mod_word() and BN_div_word() return a%w on success and +(BN_ULONG)-1 if an error occurred.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), BN_add(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/BN_bn2bin.html b/linux_amd64/share/doc/openssl/html/man3/BN_bn2bin.html new file mode 100755 index 0000000..3c8e58b --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/BN_bn2bin.html @@ -0,0 +1,146 @@ + + + + +BN_bn2bin + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BN_bn2binpad, +BN_bn2bin, BN_bin2bn, BN_bn2lebinpad, BN_lebin2bn, +BN_bn2nativepad, BN_native2bn, BN_bn2hex, BN_bn2dec, BN_hex2bn, BN_dec2bn, +BN_print, BN_print_fp, BN_bn2mpi, BN_mpi2bn - format conversions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bn.h>
    +
    + int BN_bn2bin(const BIGNUM *a, unsigned char *to);
+ int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen);
+ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
    +
    + int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen);
+ BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
    +
    + int BN_bn2nativepad(const BIGNUM *a, unsigned char *to, int tolen);
+ BIGNUM *BN_native2bn(const unsigned char *s, int len, BIGNUM *ret);
    +
    + char *BN_bn2hex(const BIGNUM *a);
+ char *BN_bn2dec(const BIGNUM *a);
+ int BN_hex2bn(BIGNUM **a, const char *str);
+ int BN_dec2bn(BIGNUM **a, const char *str);
    +
    + int BN_print(BIO *fp, const BIGNUM *a);
+ int BN_print_fp(FILE *fp, const BIGNUM *a);
    +
    + int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
+ BIGNUM *BN_mpi2bn(unsigned char *s, int len, BIGNUM *ret);
    +

    +

    +
    +

    DESCRIPTION

    +

    BN_bn2bin() converts the absolute value of a into big-endian form +and stores it at to. to must point to BN_num_bytes(a) bytes of +memory.

    +

    BN_bn2binpad() also converts the absolute value of a into big-endian form +and stores it at to. tolen indicates the length of the output buffer +to. The result is padded with zeros if necessary. If tolen is less than +BN_num_bytes(a) an error is returned.

    +

    BN_bin2bn() converts the positive integer in big-endian form of length +len at s into a BIGNUM and places it in ret. If ret is +NULL, a new BIGNUM is created.

    +

    BN_bn2lebinpad() and BN_lebin2bn() are identical to BN_bn2binpad() and +BN_bin2bn() except the buffer is in little-endian format.

    +

    BN_bn2nativepad() and BN_native2bn() are identical to BN_bn2binpad() and +BN_bin2bn() except the buffer is in native format, i.e. most significant +byte first on big-endian platforms, and least significant byte first on +little-endian platforms.

    +

    BN_bn2hex() and BN_bn2dec() return printable strings containing the +hexadecimal and decimal encoding of a respectively. For negative +numbers, the string is prefaced with a leading '-'. The string must be +freed later using OPENSSL_free().

    +

    BN_hex2bn() takes as many characters as possible from the string str, +including the leading character '-' which means negative, to form a valid +hexadecimal number representation and converts them to a BIGNUM and +stores it in **a. If *a is NULL, a new BIGNUM is created. If +a is NULL, it only computes the length of valid representation. +A "negative zero" is converted to zero. +BN_dec2bn() is the same using the decimal system.

    +

    BN_print() and BN_print_fp() write the hexadecimal encoding of a, +with a leading '-' for negative numbers, to the BIO or FILE +fp.

    +

    BN_bn2mpi() and BN_mpi2bn() convert BIGNUMs from and to a format +that consists of the number's length in bytes represented as a 4-byte +big-endian number, and the number itself in big-endian format, where +the most significant bit signals a negative number (the representation +of numbers with the MSB set is prefixed with null byte).

    +

    BN_bn2mpi() stores the representation of a at to, where to +must be large enough to hold the result. The size can be determined by +calling BN_bn2mpi(a, NULL).

    +

    BN_mpi2bn() converts the len bytes long representation at s to +a BIGNUM and stores it at ret, or in a newly allocated BIGNUM +if ret is NULL.

    +

    +

    +
    +

    RETURN VALUES

    +

    BN_bn2bin() returns the length of the big-endian number placed at to. +BN_bin2bn() returns the BIGNUM, NULL on error.

    +

    BN_bn2binpad() returns the number of bytes written or -1 if the supplied +buffer is too small.

    +

    BN_bn2hex() and BN_bn2dec() return a null-terminated string, or NULL +on error. BN_hex2bn() and BN_dec2bn() return the number of characters +used in parsing, or 0 on error, in which +case no new BIGNUM will be created.

    +

    BN_print_fp() and BN_print() return 1 on success, 0 on write errors.

    +

    BN_bn2mpi() returns the length of the representation. BN_mpi2bn() +returns the BIGNUM, and NULL on error.

    +

    The error codes can be obtained by ERR_get_error(3).

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), BN_zero(3), +ASN1_INTEGER_to_BN(3), +BN_num_bytes(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/BN_cmp.html b/linux_amd64/share/doc/openssl/html/man3/BN_cmp.html new file mode 100755 index 0000000..aab28b7 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/BN_cmp.html @@ -0,0 +1,79 @@ + + + + +BN_cmp + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    BN_cmp, BN_ucmp, BN_is_zero, BN_is_one, BN_is_word, BN_is_odd - BIGNUM comparison and test functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bn.h>
    +
    + int BN_cmp(BIGNUM *a, BIGNUM *b);
+ int BN_ucmp(BIGNUM *a, BIGNUM *b);
    +
    + int BN_is_zero(BIGNUM *a);
+ int BN_is_one(BIGNUM *a);
+ int BN_is_word(BIGNUM *a, BN_ULONG w);
+ int BN_is_odd(BIGNUM *a);
    +

    +

    +
    +

    DESCRIPTION

    +

    BN_cmp() compares the numbers a and b. BN_ucmp() compares their +absolute values.

    +

    BN_is_zero(), BN_is_one() and BN_is_word() test if a equals 0, 1, +or w respectively. BN_is_odd() tests if a is odd.

    +

    BN_is_zero(), BN_is_one(), BN_is_word() and BN_is_odd() are macros.

    +

    +

    +
    +

    RETURN VALUES

    +

    BN_cmp() returns -1 if a < b, 0 if a == b and 1 if +a > b. BN_ucmp() is the same using the absolute values +of a and b.

    +

    BN_is_zero(), BN_is_one() BN_is_word() and BN_is_odd() return 1 if +the condition is true, 0 otherwise.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/BN_copy.html b/linux_amd64/share/doc/openssl/html/man3/BN_copy.html new file mode 100755 index 0000000..78d6b19 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/BN_copy.html @@ -0,0 +1,100 @@ + + + + +BN_copy + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BN_copy, BN_dup, BN_with_flags - copy BIGNUMs

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bn.h>
    +
    + BIGNUM *BN_copy(BIGNUM *to, const BIGNUM *from);
    +
    + BIGNUM *BN_dup(const BIGNUM *from);
    +
    + void BN_with_flags(BIGNUM *dest, const BIGNUM *b, int flags);
    +

    +

    +
    +

    DESCRIPTION

    +

    BN_copy() copies from to to. BN_dup() creates a new BIGNUM +containing the value from.

    +

    BN_with_flags creates a temporary shallow copy of b in dest. It places +significant restrictions on the copied data. Applications that do no adhere to +these restrictions may encounter unexpected side effects or crashes. For that +reason use of this function is discouraged. Any flags provided in flags will +be set in dest in addition to any flags already set in b. For example this +might commonly be used to create a temporary copy of a BIGNUM with the +BN_FLG_CONSTTIME flag set for constant time operations. The temporary copy in +dest will share some internal state with b. For this reason the following +restrictions apply to the use of dest:

    +
      +
    • +

      dest should be a newly allocated BIGNUM obtained via a call to BN_new(). It +should not have been used for other purposes or initialised in any way.

      +
      • +
    • +

      dest must only be used in "read-only" operations, i.e. typically those +functions where the relevant parameter is declared "const".

      +
      • +
    • +

      dest must be used and freed before any further subsequent use of b

      +
      • +
    +

    +

    +
    +

    RETURN VALUES

    +

    BN_copy() returns to on success, NULL on error. BN_dup() returns +the new BIGNUM, and NULL on error. The error codes can be obtained +by ERR_get_error(3).

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/BN_generate_prime.html b/linux_amd64/share/doc/openssl/html/man3/BN_generate_prime.html new file mode 100755 index 0000000..c43fb7f --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/BN_generate_prime.html @@ -0,0 +1,250 @@ + + + + +BN_generate_prime + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BN_generate_prime_ex2, BN_generate_prime_ex, BN_is_prime_ex, BN_check_prime, +BN_is_prime_fasttest_ex, BN_GENCB_call, BN_GENCB_new, BN_GENCB_free, +BN_GENCB_set_old, BN_GENCB_set, BN_GENCB_get_arg, BN_generate_prime, +BN_is_prime, BN_is_prime_fasttest - generate primes and test for primality

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bn.h>
    +
    + int BN_generate_prime_ex2(BIGNUM *ret, int bits, int safe,
+                           const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb,
+                           BN_CTX *ctx);
    +
    + int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add,
+                          const BIGNUM *rem, BN_GENCB *cb);
    +
    + int BN_check_prime(const BIGNUM *p, BN_CTX *ctx, BN_GENCB *cb);
    +
    + int BN_GENCB_call(BN_GENCB *cb, int a, int b);
    +
    + BN_GENCB *BN_GENCB_new(void);
    +
    + void BN_GENCB_free(BN_GENCB *cb);
    +
    + void BN_GENCB_set_old(BN_GENCB *gencb,
+                       void (*callback)(int, int, void *), void *cb_arg);
    +
    + void BN_GENCB_set(BN_GENCB *gencb,
+                   int (*callback)(int, int, BN_GENCB *), void *cb_arg);
    +
    + void *BN_GENCB_get_arg(BN_GENCB *cb);
    +

    Deprecated since OpenSSL 0.9.8, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + BIGNUM *BN_generate_prime(BIGNUM *ret, int num, int safe, BIGNUM *add,
+                           BIGNUM *rem, void (*callback)(int, int, void *),
+                           void *cb_arg);
    +
    + int BN_is_prime(const BIGNUM *p, int nchecks,
+                 void (*callback)(int, int, void *), BN_CTX *ctx, void *cb_arg);
    +
    + int BN_is_prime_fasttest(const BIGNUM *p, int nchecks,
+                          void (*callback)(int, int, void *), BN_CTX *ctx,
+                          void *cb_arg, int do_trial_division);
    +

    Deprecated since OpenSSL 3.0:

    +
    + int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, BN_GENCB *cb);
    +
    + int BN_is_prime_fasttest_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx,
+                             int do_trial_division, BN_GENCB *cb);
    +

    +

    +
    +

    DESCRIPTION

    +

    BN_generate_prime_ex2() generates a pseudo-random prime number of +at least bit length bits using the BN_CTX provided in ctx. The value of +ctx must not be NULL.

    +

    The returned number is probably prime with a negligible error. +The maximum error rate is 2^-128. +It's 2^-287 for a 512 bit prime, 2^-435 for a 1024 bit prime, +2^-648 for a 2048 bit prime, and lower than 2^-882 for primes larger +than 2048 bit.

    +

    If add is NULL the returned prime number will have exact bit +length bits with the top most two bits set.

    +

    If ret is not NULL, it will be used to store the number.

    +

    If cb is not NULL, it is used as follows:

    +
      +
    • +

      BN_GENCB_call(cb, 0, i) is called after generating the i-th +potential prime number.

      +
      • +
    • +

      While the number is being tested for primality, +BN_GENCB_call(cb, 1, j) is called as described below.

      +
      • +
    • +

      When a prime has been found, BN_GENCB_call(cb, 2, i) is called.

      +
      • +
    • +

      The callers of BN_generate_prime_ex() may call BN_GENCB_call(cb, i, j) with +other values as described in their respective man pages; see SEE ALSO.

      +
      • +
    +

    The prime may have to fulfill additional requirements for use in +Diffie-Hellman key exchange:

    +

    If add is not NULL, the prime will fulfill the condition p % add +== rem (p % add == 1 if rem == NULL) in order to suit a given +generator.

    +

    If safe is true, it will be a safe prime (i.e. a prime p so +that (p-1)/2 is also prime). If safe is true, and rem == NULL +the condition will be p % add == 3. +It is recommended that add is a multiple of 4.

    +

    The random generator must be seeded prior to calling BN_generate_prime_ex(). +If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to +external circumstances (see RAND(7)), the operation will fail. +The random number generator configured for the OPENSSL_CTX associated with +ctx will be used.

    +

    BN_generate_prime_ex() is the same as BN_generate_prime_ex2() except that no +ctx parameter is passed. +In this case the random number generator associated with the default OPENSSL_CTX +will be used.

    +

    BN_check_prime(), BN_is_prime_ex(), BN_is_prime_fasttest_ex(), BN_is_prime() +and BN_is_prime_fasttest() test if the number p is prime. +The functions tests until one of the tests shows that p is composite, +or all the tests passed. +If p passes all these tests, it is considered a probable prime.

    +

    The test performed on p are trial division by a number of small primes +and rounds of the of the Miller-Rabin probabilistic primality test.

    +

    The functions do at least 64 rounds of the Miller-Rabin test giving a maximum +false positive rate of 2^-128. +If the size of p is more than 2048 bits, they do at least 128 rounds +giving a maximum false positive rate of 2^-256.

    +

    If nchecks is larger than the minimum above (64 or 128), nchecks +rounds of the Miller-Rabin test will be done.

    +

    If do_trial_division set to 0, the trial division will be skipped. +BN_is_prime_ex() and BN_is_prime() always skip the trial division.

    +

    BN_is_prime_ex(), BN_is_prime_fasttest_ex(), BN_is_prime() +and BN_is_prime_fasttest() are deprecated.

    +

    BN_is_prime_fasttest() and BN_is_prime() behave just like +BN_is_prime_fasttest_ex() and BN_is_prime_ex() respectively, but with the old +style call back.

    +

    ctx is a pre-allocated BN_CTX (to save the overhead of allocating and +freeing the structure in a loop), or NULL.

    +

    If the trial division is done, and no divisors are found and cb +is not NULL, BN_GENCB_call(cb, 1, -1) is called.

    +

    After each round of the Miller-Rabin probabilistic primality test, +if cb is not NULL, BN_GENCB_call(cb, 1, j) is called +with j the iteration (j = 0, 1, ...).

    +

    BN_GENCB_call() calls the callback function held in the BN_GENCB structure +and passes the ints a and b as arguments. There are two types of +BN_GENCB structure that are supported: "new" style and "old" style. New +programs should prefer the "new" style, whilst the "old" style is provided +for backwards compatibility purposes.

    +

    A BN_GENCB structure should be created through a call to BN_GENCB_new(), +and freed through a call to BN_GENCB_free().

    +

    For "new" style callbacks a BN_GENCB structure should be initialised with a +call to BN_GENCB_set(), where gencb is a BN_GENCB *, callback is of +type int (*callback)(int, int, BN_GENCB *) and cb_arg is a void *. +"Old" style callbacks are the same except they are initialised with a call +to BN_GENCB_set_old() and callback is of type +void (*callback)(int, int, void *).

    +

    A callback is invoked through a call to BN_GENCB_call. This will check +the type of the callback and will invoke callback(a, b, gencb) for new +style callbacks or callback(a, b, cb_arg) for old style.

    +

    It is possible to obtain the argument associated with a BN_GENCB structure +(set via a call to BN_GENCB_set or BN_GENCB_set_old) using BN_GENCB_get_arg.

    +

    BN_generate_prime() (deprecated) works in the same way as +BN_generate_prime_ex() but expects an old-style callback function +directly in the callback parameter, and an argument to pass to it in +the cb_arg. BN_is_prime() and BN_is_prime_fasttest() +can similarly be compared to BN_is_prime_ex() and +BN_is_prime_fasttest_ex(), respectively.

    +

    +

    +
    +

    RETURN VALUES

    +

    BN_generate_prime_ex() return 1 on success or 0 on error.

    +

    BN_is_prime_ex(), BN_is_prime_fasttest_ex(), BN_is_prime(), +BN_is_prime_fasttest() and BN_check_prime return 0 if the number is composite, +1 if it is prime with an error probability of less than 0.25^nchecks, and +-1 on error.

    +

    BN_generate_prime() returns the prime number on success, NULL otherwise.

    +

    BN_GENCB_new returns a pointer to a BN_GENCB structure on success, or NULL +otherwise.

    +

    BN_GENCB_get_arg returns the argument previously associated with a BN_GENCB +structure.

    +

    Callback functions should return 1 on success or 0 on error.

    +

    The error codes can be obtained by ERR_get_error(3).

    +

    +

    +
    +

    REMOVED FUNCTIONALITY

    +

    As of OpenSSL 1.1.0 it is no longer possible to create a BN_GENCB structure +directly, as in:

    +
    + BN_GENCB callback;
    +

    Instead applications should create a BN_GENCB structure using BN_GENCB_new:

    +
    + BN_GENCB *callback;
+ callback = BN_GENCB_new();
+ if (!callback)
+     /* error */
+ ...
+ BN_GENCB_free(callback);
    +

    +

    +
    +

    SEE ALSO

    +

    DH_generate_parameters(3), DSA_generate_parameters(3), +RSA_generate_key(3), ERR_get_error(3), RAND_bytes(3), +RAND(7)

    +

    +

    +
    +

    HISTORY

    +

    The BN_GENCB_new(), BN_GENCB_free(), +and BN_GENCB_get_arg() functions were added in OpenSSL 1.1.0.

    +

    BN_check_prime() was added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/BN_mod_inverse.html b/linux_amd64/share/doc/openssl/html/man3/BN_mod_inverse.html new file mode 100755 index 0000000..3844a77 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/BN_mod_inverse.html @@ -0,0 +1,77 @@ + + + + +BN_mod_inverse + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BN_mod_inverse - compute inverse modulo n

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bn.h>
    +
    + BIGNUM *BN_mod_inverse(BIGNUM *r, BIGNUM *a, const BIGNUM *n,
+                        BN_CTX *ctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    BN_mod_inverse() computes the inverse of a modulo n +places the result in r ((a*r)%n==1). If r is NULL, +a new BIGNUM is created.

    +

    ctx is a previously allocated BN_CTX used for temporary +variables. r may be the same BIGNUM as a or n.

    +

    +

    +
    +

    RETURN VALUES

    +

    BN_mod_inverse() returns the BIGNUM containing the inverse, and +NULL on error. The error codes can be obtained by ERR_get_error(3).

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), BN_add(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/BN_mod_mul_montgomery.html b/linux_amd64/share/doc/openssl/html/man3/BN_mod_mul_montgomery.html new file mode 100755 index 0000000..173e96b --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/BN_mod_mul_montgomery.html @@ -0,0 +1,121 @@ + + + + +BN_mod_mul_montgomery + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BN_mod_mul_montgomery, BN_MONT_CTX_new, +BN_MONT_CTX_free, BN_MONT_CTX_set, BN_MONT_CTX_copy, +BN_from_montgomery, BN_to_montgomery - Montgomery multiplication

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bn.h>
    +
    + BN_MONT_CTX *BN_MONT_CTX_new(void);
+ void BN_MONT_CTX_free(BN_MONT_CTX *mont);
    +
    + int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *m, BN_CTX *ctx);
+ BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from);
    +
    + int BN_mod_mul_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *b,
+                           BN_MONT_CTX *mont, BN_CTX *ctx);
    +
    + int BN_from_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont,
+                        BN_CTX *ctx);
    +
    + int BN_to_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont,
+                      BN_CTX *ctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    These functions implement Montgomery multiplication. They are used +automatically when BN_mod_exp(3) is called with suitable input, +but they may be useful when several operations are to be performed +using the same modulus.

    +

    BN_MONT_CTX_new() allocates and initializes a BN_MONT_CTX structure.

    +

    BN_MONT_CTX_set() sets up the mont structure from the modulus m +by precomputing its inverse and a value R.

    +

    BN_MONT_CTX_copy() copies the BN_MONT_CTX from to to.

    +

    BN_MONT_CTX_free() frees the components of the BN_MONT_CTX, and, if +it was created by BN_MONT_CTX_new(), also the structure itself. +If mont is NULL, nothing is done.

    +

    BN_mod_mul_montgomery() computes Mont(a,b):=a*b*R^-1 and places +the result in r.

    +

    BN_from_montgomery() performs the Montgomery reduction r = a*R^-1.

    +

    BN_to_montgomery() computes Mont(a,R^2), i.e. a*R. +Note that a must be non-negative and smaller than the modulus.

    +

    For all functions, ctx is a previously allocated BN_CTX used for +temporary variables.

    +

    +

    +
    +

    RETURN VALUES

    +

    BN_MONT_CTX_new() returns the newly allocated BN_MONT_CTX, and NULL +on error.

    +

    BN_MONT_CTX_free() has no return value.

    +

    For the other functions, 1 is returned for success, 0 on error. +The error codes can be obtained by ERR_get_error(3).

    +

    +

    +
    +

    WARNINGS

    +

    The inputs must be reduced modulo m, otherwise the result will be +outside the expected range.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), BN_add(3), +BN_CTX_new(3)

    +

    +

    +
    +

    HISTORY

    +

    BN_MONT_CTX_init() was removed in OpenSSL 1.1.0

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/BN_mod_mul_reciprocal.html b/linux_amd64/share/doc/openssl/html/man3/BN_mod_mul_reciprocal.html new file mode 100755 index 0000000..fce4e39 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/BN_mod_mul_reciprocal.html @@ -0,0 +1,108 @@ + + + + +BN_mod_mul_reciprocal + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BN_mod_mul_reciprocal, BN_div_recp, BN_RECP_CTX_new, +BN_RECP_CTX_free, BN_RECP_CTX_set - modular multiplication using +reciprocal

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bn.h>
    +
    + BN_RECP_CTX *BN_RECP_CTX_new(void);
+ void BN_RECP_CTX_free(BN_RECP_CTX *recp);
    +
    + int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *m, BN_CTX *ctx);
    +
    + int BN_div_recp(BIGNUM *dv, BIGNUM *rem, BIGNUM *a, BN_RECP_CTX *recp,
+                 BN_CTX *ctx);
    +
    + int BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *a, BIGNUM *b,
+                           BN_RECP_CTX *recp, BN_CTX *ctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    BN_mod_mul_reciprocal() can be used to perform an efficient +BN_mod_mul(3) operation when the operation will be performed +repeatedly with the same modulus. It computes r=(a*b)%m +using recp=1/m, which is set as described below. ctx is a +previously allocated BN_CTX used for temporary variables.

    +

    BN_RECP_CTX_new() allocates and initializes a BN_RECP structure.

    +

    BN_RECP_CTX_free() frees the components of the BN_RECP, and, if it +was created by BN_RECP_CTX_new(), also the structure itself. +If recp is NULL, nothing is done.

    +

    BN_RECP_CTX_set() stores m in recp and sets it up for computing +1/m and shifting it left by BN_num_bits(m)+1 to make it an +integer. The result and the number of bits it was shifted left will +later be stored in recp.

    +

    BN_div_recp() divides a by m using recp. It places the quotient +in dv and the remainder in rem.

    +

    The BN_RECP_CTX structure cannot be shared between threads.

    +

    +

    +
    +

    RETURN VALUES

    +

    BN_RECP_CTX_new() returns the newly allocated BN_RECP_CTX, and NULL +on error.

    +

    BN_RECP_CTX_free() has no return value.

    +

    For the other functions, 1 is returned for success, 0 on error. +The error codes can be obtained by ERR_get_error(3).

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), BN_add(3), +BN_CTX_new(3)

    +

    +

    +
    +

    HISTORY

    +

    BN_RECP_CTX_init() was removed in OpenSSL 1.1.0

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/BN_new.html b/linux_amd64/share/doc/openssl/html/man3/BN_new.html new file mode 100755 index 0000000..0f06556 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/BN_new.html @@ -0,0 +1,100 @@ + + + + +BN_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BN_new, BN_secure_new, BN_clear, BN_free, BN_clear_free - allocate and free BIGNUMs

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bn.h>
    +
    + BIGNUM *BN_new(void);
    +
    + BIGNUM *BN_secure_new(void);
    +
    + void BN_clear(BIGNUM *a);
    +
    + void BN_free(BIGNUM *a);
    +
    + void BN_clear_free(BIGNUM *a);
    +

    +

    +
    +

    DESCRIPTION

    +

    BN_new() allocates and initializes a BIGNUM structure. +BN_secure_new() does the same except that the secure heap +OPENSSL_secure_malloc(3) is used to store the value.

    +

    BN_clear() is used to destroy sensitive data such as keys when they +are no longer needed. It erases the memory used by a and sets it +to the value 0. +If a is NULL, nothing is done.

    +

    BN_free() frees the components of the BIGNUM, and if it was created +by BN_new(), also the structure itself. BN_clear_free() additionally +overwrites the data before the memory is returned to the system. +If a is NULL, nothing is done.

    +

    +

    +
    +

    RETURN VALUES

    +

    BN_new() and BN_secure_new() +return a pointer to the BIGNUM initialised to the value 0. +If the allocation fails, +they return NULL and set an error code that can be obtained +by ERR_get_error(3).

    +

    BN_clear(), BN_free() and BN_clear_free() have no return values.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), OPENSSL_secure_malloc(3)

    +

    +

    +
    +

    HISTORY

    +

    BN_init() was removed in OpenSSL 1.1.0; use BN_new() instead.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/BN_num_bytes.html b/linux_amd64/share/doc/openssl/html/man3/BN_num_bytes.html new file mode 100755 index 0000000..c1b91b3 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/BN_num_bytes.html @@ -0,0 +1,97 @@ + + + + +BN_num_bytes + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BN_num_bits, BN_num_bytes, BN_num_bits_word - get BIGNUM size

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bn.h>
    +
    + int BN_num_bytes(const BIGNUM *a);
    +
    + int BN_num_bits(const BIGNUM *a);
    +
    + int BN_num_bits_word(BN_ULONG w);
    +

    +

    +
    +

    DESCRIPTION

    +

    BN_num_bytes() returns the size of a BIGNUM in bytes.

    +

    BN_num_bits_word() returns the number of significant bits in a word. +If we take 0x00000432 as an example, it returns 11, not 16, not 32. +Basically, except for a zero, it returns floor(log2(w))+1.

    +

    BN_num_bits() returns the number of significant bits in a BIGNUM, +following the same principle as BN_num_bits_word().

    +

    BN_num_bytes() is a macro.

    +

    +

    +
    +

    RETURN VALUES

    +

    The size.

    +

    +

    +
    +

    NOTES

    +

    Some have tried using BN_num_bits() on individual numbers in RSA keys, +DH keys and DSA keys, and found that they don't always come up with +the number of bits they expected (something like 512, 1024, 2048, +...). This is because generating a number with some specific number +of bits doesn't always set the highest bits, thereby making the number +of significant bits a little lower. If you want to know the "key +size" of such a key, either use functions like RSA_size(), DH_size() +and DSA_size(), or use BN_num_bytes() and multiply with 8 (although +there's no real guarantee that will match the "key size", just a lot +more probability).

    +

    +

    +
    +

    SEE ALSO

    +

    DH_size(3), DSA_size(3), +RSA_size(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/BN_rand.html b/linux_amd64/share/doc/openssl/html/man3/BN_rand.html new file mode 100755 index 0000000..985fbbc --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/BN_rand.html @@ -0,0 +1,153 @@ + + + + +BN_rand + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BN_rand_ex, BN_rand, BN_priv_rand_ex, BN_priv_rand, BN_pseudo_rand, +BN_rand_range_ex, BN_rand_range, BN_priv_rand_range_ex, BN_priv_rand_range, +BN_pseudo_rand_range +- generate pseudo-random number

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bn.h>
    +
    + int BN_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, BN_CTX *ctx);
+ int BN_rand(BIGNUM *rnd, int bits, int top, int bottom);
    +
    + int BN_priv_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, BN_CTX *ctx);
+ int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom);
    +
    + int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
    +
    + int BN_rand_range_ex(BIGNUM *rnd, BIGNUM *range, BN_CTX *ctx);
+ int BN_rand_range(BIGNUM *rnd, BIGNUM *range);
    +
    + int BN_priv_rand_range_ex(BIGNUM *rnd, BIGNUM *range, BN_CTX *ctx);
+ int BN_priv_rand_range(BIGNUM *rnd, BIGNUM *range);
    +
    + int BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range);
    +

    +

    +
    +

    DESCRIPTION

    +

    BN_rand_ex() generate a cryptographically strong pseudo-random +number of bits in length and stores it in rnd using the random number +generator for the library context associated with ctx. The parameter ctx +may be NULL in which case the default library context is used. +If bits is less than zero, or too small to +accommodate the requirements specified by the top and bottom +parameters, an error is returned. +The top parameters specifies +requirements on the most significant bit of the generated number. +If it is BN_RAND_TOP_ANY, there is no constraint. +If it is BN_RAND_TOP_ONE, the top bit must be one. +If it is BN_RAND_TOP_TWO, the two most significant bits of +the number will be set to 1, so that the product of two such random +numbers will always have 2*bits length. +If bottom is BN_RAND_BOTTOM_ODD, the number will be odd; if it +is BN_RAND_BOTTOM_ANY it can be odd or even. +If bits is 1 then top cannot also be BN_RAND_FLG_TOPTWO.

    +

    BN_rand() is the same as BN_rand_ex() except that the default library context +is always used.

    +

    BN_rand_range_ex() generates a cryptographically strong pseudo-random +number rnd in the range 0 <= rnd < range using the random number +generator for the library context associated with ctx. The parameter ctx +may be NULL in which case the default library context is used.

    +

    BN_rand_range() is the same as BN_rand_range_ex() except that the default +library context is always used.

    +

    BN_priv_rand_ex(), BN_priv_rand(), BN_priv_rand_rand_ex() and +BN_priv_rand_range() have the same semantics as BN_rand_ex(), BN_rand(), +BN_rand_range_ex() and BN_rand_range() respectively. They are intended to be +used for generating values that should remain private, and mirror the +same difference between RAND_bytes(3) and RAND_priv_bytes(3).

    +

    +

    +
    +

    NOTES

    +

    Always check the error return value of these functions and do not take +randomness for granted: an error occurs if the CSPRNG has not been +seeded with enough randomness to ensure an unpredictable byte sequence.

    +

    +

    +
    +

    RETURN VALUES

    +

    The functions return 1 on success, 0 on error. +The error codes can be obtained by ERR_get_error(3).

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), +RAND_add(3), +RAND_bytes(3), +RAND_priv_bytes(3), +RAND(7), +RAND_DRBG(7)

    +

    +

    +
    +

    HISTORY

    +
      +
    • +

      Starting with OpenSSL release 1.1.0, BN_pseudo_rand() has been identical +to BN_rand() and BN_pseudo_rand_range() has been identical to +BN_rand_range(). +The "pseudo" functions should not be used and may be deprecated in +a future release.

      +
      • +
    • +

      The +BN_priv_rand() and BN_priv_rand_range() functions were added in OpenSSL 1.1.1.

      +
      • +
    • +

      The BN_rand_ex(), BN_priv_rand_ex(), BN_rand_range_ex() and +BN_priv_rand_range_ex() functions were added in OpenSSL 3.0.

      +
      • +
    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/BN_security_bits.html b/linux_amd64/share/doc/openssl/html/man3/BN_security_bits.html new file mode 100755 index 0000000..a2d8afd --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/BN_security_bits.html @@ -0,0 +1,92 @@ + + + + +BN_security_bits + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BN_security_bits - returns bits of security based on given numbers

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bn.h>
    +
    + int BN_security_bits(int L, int N);
    +

    +

    +
    +

    DESCRIPTION

    +

    BN_security_bits() returns the number of bits of security provided by a +specific algorithm and a particular key size. The bits of security is +defined in NIST SP800-57. Currently, BN_security_bits() support two types +of asymmetric algorithms: the FFC (Finite Field Cryptography) and IFC +(Integer Factorization Cryptography). For FFC, e.g., DSA and DH, both +parameters L and N are used to decide the bits of security, where +L is the size of the public key and N is the size of the private +key. For IFC, e.g., RSA, only L is used and it's commonly considered +to be the key size (modulus).

    +

    +

    +
    +

    RETURN VALUES

    +

    Number of security bits.

    +

    +

    +
    +

    NOTES

    +

    ECC (Elliptic Curve Cryptography) is not covered by the BN_security_bits() +function. The symmetric algorithms are not covered neither.

    +

    +

    +
    +

    SEE ALSO

    +

    DH_security_bits(3), DSA_security_bits(3), RSA_security_bits(3)

    +

    +

    +
    +

    HISTORY

    +

    The BN_security_bits() function was added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/BN_set_bit.html b/linux_amd64/share/doc/openssl/html/man3/BN_set_bit.html new file mode 100755 index 0000000..22ed0ba --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/BN_set_bit.html @@ -0,0 +1,99 @@ + + + + +BN_set_bit + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BN_set_bit, BN_clear_bit, BN_is_bit_set, BN_mask_bits, BN_lshift, +BN_lshift1, BN_rshift, BN_rshift1 - bit operations on BIGNUMs

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bn.h>
    +
    + int BN_set_bit(BIGNUM *a, int n);
+ int BN_clear_bit(BIGNUM *a, int n);
    +
    + int BN_is_bit_set(const BIGNUM *a, int n);
    +
    + int BN_mask_bits(BIGNUM *a, int n);
    +
    + int BN_lshift(BIGNUM *r, const BIGNUM *a, int n);
+ int BN_lshift1(BIGNUM *r, BIGNUM *a);
    +
    + int BN_rshift(BIGNUM *r, BIGNUM *a, int n);
+ int BN_rshift1(BIGNUM *r, BIGNUM *a);
    +

    +

    +
    +

    DESCRIPTION

    +

    BN_set_bit() sets bit n in a to 1 (a|=(1<<n)). The +number is expanded if necessary.

    +

    BN_clear_bit() sets bit n in a to 0 (a&=~(1<<n)). An +error occurs if a is shorter than n bits.

    +

    BN_is_bit_set() tests if bit n in a is set.

    +

    BN_mask_bits() truncates a to an n bit number +(a&=~((~0)>>n)). An error occurs if a already is +shorter than n bits.

    +

    BN_lshift() shifts a left by n bits and places the result in +r (r=a*2^n). Note that n must be non-negative. BN_lshift1() shifts +a left by one and places the result in r (r=2*a).

    +

    BN_rshift() shifts a right by n bits and places the result in +r (r=a/2^n). Note that n must be non-negative. BN_rshift1() shifts +a right by one and places the result in r (r=a/2).

    +

    For the shift functions, r and a may be the same variable.

    +

    +

    +
    +

    RETURN VALUES

    +

    BN_is_bit_set() returns 1 if the bit is set, 0 otherwise.

    +

    All other functions return 1 for success, 0 on error. The error codes +can be obtained by ERR_get_error(3).

    +

    +

    +
    +

    SEE ALSO

    +

    BN_num_bytes(3), BN_add(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/BN_swap.html b/linux_amd64/share/doc/openssl/html/man3/BN_swap.html new file mode 100755 index 0000000..798ecc1 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/BN_swap.html @@ -0,0 +1,65 @@ + + + + +BN_swap + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    BN_swap - exchange BIGNUMs

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bn.h>
    +
    + void BN_swap(BIGNUM *a, BIGNUM *b);
    +

    +

    +
    +

    DESCRIPTION

    +

    BN_swap() exchanges the values of a and b.

    +

    +

    +
    +

    RETURN VALUES

    +

    BN_swap() does not return a value.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/BN_zero.html b/linux_amd64/share/doc/openssl/html/man3/BN_zero.html new file mode 100755 index 0000000..65bcee6 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/BN_zero.html @@ -0,0 +1,104 @@ + + + + +BN_zero + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BN_zero, BN_one, BN_value_one, BN_set_word, BN_get_word - BIGNUM assignment +operations

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bn.h>
    +
    + void BN_zero(BIGNUM *a);
+ int BN_one(BIGNUM *a);
    +
    + const BIGNUM *BN_value_one(void);
    +
    + int BN_set_word(BIGNUM *a, BN_ULONG w);
+ unsigned BN_ULONG BN_get_word(BIGNUM *a);
    +

    +

    +
    +

    DESCRIPTION

    +

    BN_ULONG is a macro that will be an unsigned integral type optimized +for the most efficient implementation on the local platform.

    +

    BN_zero(), BN_one() and BN_set_word() set a to the values 0, 1 and +w respectively. BN_zero() and BN_one() are macros.

    +

    BN_value_one() returns a BIGNUM constant of value 1. This constant +is useful for use in comparisons and assignment.

    +

    BN_get_word() returns a, if it can be represented as a BN_ULONG.

    +

    +

    +
    +

    RETURN VALUES

    +

    BN_get_word() returns the value a, or all-bits-set if a cannot +be represented as a single integer.

    +

    BN_one() and BN_set_word() return 1 on success, 0 otherwise. +BN_value_one() returns the constant. +BN_zero() never fails and returns no value.

    +

    +

    +
    +

    BUGS

    +

    If a BIGNUM is equal to the value of all-bits-set, it will collide +with the error condition returned by BN_get_word() which uses that +as an error value.

    +

    BN_ULONG should probably be a typedef.

    +

    +

    +
    +

    SEE ALSO

    +

    BN_bn2bin(3)

    +

    +

    +
    +

    HISTORY

    +

    In OpenSSL 0.9.8, BN_zero() was changed to not return a value; previous +versions returned an int.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/BUF_MEM_new.html b/linux_amd64/share/doc/openssl/html/man3/BUF_MEM_new.html new file mode 100755 index 0000000..fe53a30 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/BUF_MEM_new.html @@ -0,0 +1,106 @@ + + + + +BUF_MEM_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BUF_MEM_new, BUF_MEM_new_ex, BUF_MEM_free, BUF_MEM_grow, +BUF_MEM_grow_clean, BUF_reverse +- simple character array structure

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/buffer.h>
    +
    + BUF_MEM *BUF_MEM_new(void);
    +
    + BUF_MEM *BUF_MEM_new_ex(unsigned long flags);
    +
    + void BUF_MEM_free(BUF_MEM *a);
    +
    + int BUF_MEM_grow(BUF_MEM *str, int len);
+ size_t BUF_MEM_grow_clean(BUF_MEM *str, size_t len);
    +
    + void BUF_reverse(unsigned char *out, const unsigned char *in, size_t size);
    +

    +

    +
    +

    DESCRIPTION

    +

    The buffer library handles simple character arrays. Buffers are used for +various purposes in the library, most notably memory BIOs.

    +

    BUF_MEM_new() allocates a new buffer of zero size.

    +

    BUF_MEM_new_ex() allocates a buffer with the specified flags. +The flag BUF_MEM_FLAG_SECURE specifies that the data pointer +should be allocated on the secure heap; see CRYPTO_secure_malloc(3).

    +

    BUF_MEM_free() frees up an already existing buffer. The data is zeroed +before freeing up in case the buffer contains sensitive data.

    +

    BUF_MEM_grow() changes the size of an already existing buffer to +len. Any data already in the buffer is preserved if it increases in +size.

    +

    BUF_MEM_grow_clean() is similar to BUF_MEM_grow() but it sets any free'd +or additionally-allocated memory to zero.

    +

    BUF_reverse() reverses size bytes at in into out. If in +is NULL, the array is reversed in-place.

    +

    +

    +
    +

    RETURN VALUES

    +

    BUF_MEM_new() returns the buffer or NULL on error.

    +

    BUF_MEM_free() has no return value.

    +

    BUF_MEM_grow() and BUF_MEM_grow_clean() return +zero on error or the new size (i.e., len).

    +

    +

    +
    +

    SEE ALSO

    +

    bio(7), +CRYPTO_secure_malloc(3).

    +

    +

    +
    +

    HISTORY

    +

    The BUF_MEM_new_ex() function was added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/CMS_add0_cert.html b/linux_amd64/share/doc/openssl/html/man3/CMS_add0_cert.html new file mode 100755 index 0000000..b474f87 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/CMS_add0_cert.html @@ -0,0 +1,103 @@ + + + + +CMS_add0_cert + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    CMS_add0_cert, CMS_add1_cert, CMS_get1_certs, CMS_add0_crl, CMS_add1_crl, CMS_get1_crls +- CMS certificate and CRL utility functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/cms.h>
    +
    + int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert);
+ int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert);
+ STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms);
    +
    + int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl);
+ int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl);
+ STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms);
    +

    +

    +
    +

    DESCRIPTION

    +

    CMS_add0_cert() and CMS_add1_cert() add certificate cert to cms. +must be of type signed data or enveloped data.

    +

    CMS_get1_certs() returns all certificates in cms.

    +

    CMS_add0_crl() and CMS_add1_crl() add CRL crl to cms. CMS_get1_crls() +returns any CRLs in cms.

    +

    +

    +
    +

    NOTES

    +

    The CMS_ContentInfo structure cms must be of type signed data or enveloped +data or an error will be returned.

    +

    For signed data certificates and CRLs are added to the certificates and +crls fields of SignedData structure. For enveloped data they are added to +OriginatorInfo.

    +

    As the 0 implies CMS_add0_cert() adds cert internally to cms and it +must not be freed up after the call as opposed to CMS_add1_cert() where cert +must be freed up.

    +

    The same certificate or CRL must not be added to the same cms structure more +than once.

    +

    +

    +
    +

    RETURN VALUES

    +

    CMS_add0_cert(), CMS_add1_cert() and CMS_add0_crl() and CMS_add1_crl() return +1 for success and 0 for failure.

    +

    CMS_get1_certs() and CMS_get1_crls() return the STACK of certificates or CRLs +or NULL if there are none or an error occurs. The only error which will occur +in practice is if the cms type is invalid.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), +CMS_sign(3), +CMS_encrypt(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/CMS_add1_recipient_cert.html b/linux_amd64/share/doc/openssl/html/man3/CMS_add1_recipient_cert.html new file mode 100755 index 0000000..ed09294 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/CMS_add1_recipient_cert.html @@ -0,0 +1,107 @@ + + + + +CMS_add1_recipient_cert + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    CMS_add1_recipient_cert, CMS_add0_recipient_key - add recipients to a CMS enveloped data structure

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/cms.h>
    +
    + CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
+                                            X509 *recip, unsigned int flags);
    +
    + CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
+                                           unsigned char *key, size_t keylen,
+                                           unsigned char *id, size_t idlen,
+                                           ASN1_GENERALIZEDTIME *date,
+                                           ASN1_OBJECT *otherTypeId,
+                                           ASN1_TYPE *otherType);
    +

    +

    +
    +

    DESCRIPTION

    +

    CMS_add1_recipient_cert() adds recipient recip to CMS_ContentInfo enveloped +data structure cms as a KeyTransRecipientInfo structure.

    +

    CMS_add0_recipient_key() adds symmetric key key of length keylen using +wrapping algorithm nid, identifier id of length idlen and optional +values date, otherTypeId and otherType to CMS_ContentInfo enveloped +data structure cms as a KEKRecipientInfo structure.

    +

    The CMS_ContentInfo structure should be obtained from an initial call to +CMS_encrypt() with the flag CMS_PARTIAL set.

    +

    +

    +
    +

    NOTES

    +

    The main purpose of this function is to provide finer control over a CMS +enveloped data structure where the simpler CMS_encrypt() function defaults are +not appropriate. For example if one or more KEKRecipientInfo structures +need to be added. New attributes can also be added using the returned +CMS_RecipientInfo structure and the CMS attribute utility functions.

    +

    OpenSSL will by default identify recipient certificates using issuer name +and serial number. If CMS_USE_KEYID is set it will use the subject key +identifier value instead. An error occurs if all recipient certificates do not +have a subject key identifier extension.

    +

    Currently only AES based key wrapping algorithms are supported for nid, +specifically: NID_id_aes128_wrap, NID_id_aes192_wrap and NID_id_aes256_wrap. +If nid is set to NID_undef then an AES wrap algorithm will be used +consistent with keylen.

    +

    +

    +
    +

    RETURN VALUES

    +

    CMS_add1_recipient_cert() and CMS_add0_recipient_key() return an internal +pointer to the CMS_RecipientInfo structure just added or NULL if an error +occurs.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), CMS_decrypt(3), +CMS_final(3),

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/CMS_add1_signer.html b/linux_amd64/share/doc/openssl/html/man3/CMS_add1_signer.html new file mode 100755 index 0000000..09cc0a0 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/CMS_add1_signer.html @@ -0,0 +1,134 @@ + + + + +CMS_add1_signer + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    CMS_add1_signer, CMS_SignerInfo_sign - add a signer to a CMS_ContentInfo signed data structure

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/cms.h>
    +
    + CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, X509 *signcert,
+                                 EVP_PKEY *pkey, const EVP_MD *md,
+                                 unsigned int flags);
    +
    + int CMS_SignerInfo_sign(CMS_SignerInfo *si);
    +

    +

    +
    +

    DESCRIPTION

    +

    CMS_add1_signer() adds a signer with certificate signcert and private +key pkey using message digest md to CMS_ContentInfo SignedData +structure cms.

    +

    The CMS_ContentInfo structure should be obtained from an initial call to +CMS_sign() with the flag CMS_PARTIAL set or in the case or re-signing a +valid CMS_ContentInfo SignedData structure.

    +

    If the md parameter is NULL then the default digest for the public +key algorithm will be used.

    +

    Unless the CMS_REUSE_DIGEST flag is set the returned CMS_ContentInfo +structure is not complete and must be finalized either by streaming (if +applicable) or a call to CMS_final().

    +

    The CMS_SignerInfo_sign() function will explicitly sign a CMS_SignerInfo +structure, its main use is when CMS_REUSE_DIGEST and CMS_PARTIAL flags +are both set.

    +

    +

    +
    +

    NOTES

    +

    The main purpose of CMS_add1_signer() is to provide finer control +over a CMS signed data structure where the simpler CMS_sign() function defaults +are not appropriate. For example if multiple signers or non default digest +algorithms are needed. New attributes can also be added using the returned +CMS_SignerInfo structure and the CMS attribute utility functions or the +CMS signed receipt request functions.

    +

    Any of the following flags (ored together) can be passed in the flags +parameter.

    +

    If CMS_REUSE_DIGEST is set then an attempt is made to copy the content +digest value from the CMS_ContentInfo structure: to add a signer to an existing +structure. An error occurs if a matching digest value cannot be found to copy. +The returned CMS_ContentInfo structure will be valid and finalized when this +flag is set.

    +

    If CMS_PARTIAL is set in addition to CMS_REUSE_DIGEST then the +CMS_SignerInfo structure will not be finalized so additional attributes +can be added. In this case an explicit call to CMS_SignerInfo_sign() is +needed to finalize it.

    +

    If CMS_NOCERTS is set the signer's certificate will not be included in the +CMS_ContentInfo structure, the signer's certificate must still be supplied in +the signcert parameter though. This can reduce the size of the signature if +the signers certificate can be obtained by other means: for example a +previously signed message.

    +

    The SignedData structure includes several CMS signedAttributes including the +signing time, the CMS content type and the supported list of ciphers in an +SMIMECapabilities attribute. If CMS_NOATTR is set then no signedAttributes +will be used. If CMS_NOSMIMECAP is set then just the SMIMECapabilities are +omitted.

    +

    OpenSSL will by default identify signing certificates using issuer name +and serial number. If CMS_USE_KEYID is set it will use the subject key +identifier value instead. An error occurs if the signing certificate does not +have a subject key identifier extension.

    +

    If present the SMIMECapabilities attribute indicates support for the following +algorithms in preference order: 256 bit AES, Gost R3411-94, Gost 28147-89, 192 +bit AES, 128 bit AES, triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2. +If any of these algorithms is not available then it will not be included: for example the GOST algorithms will not be included if the GOST ENGINE is +not loaded.

    +

    CMS_add1_signer() returns an internal pointer to the CMS_SignerInfo +structure just added, this can be used to set additional attributes +before it is finalized.

    +

    +

    +
    +

    RETURN VALUES

    +

    CMS_add1_signer() returns an internal pointer to the CMS_SignerInfo +structure just added or NULL if an error occurs.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), CMS_sign(3), +CMS_final(3),

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/CMS_compress.html b/linux_amd64/share/doc/openssl/html/man3/CMS_compress.html new file mode 100755 index 0000000..f0fea0a --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/CMS_compress.html @@ -0,0 +1,107 @@ + + + + +CMS_compress + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    CMS_compress - create a CMS CompressedData structure

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/cms.h>
    +
    + CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags);
    +

    +

    +
    +

    DESCRIPTION

    +

    CMS_compress() creates and returns a CMS CompressedData structure. comp_nid +is the compression algorithm to use or NID_undef to use the default +algorithm (zlib compression). in is the content to be compressed. +flags is an optional set of flags.

    +

    The only currently supported compression algorithm is zlib using the NID +NID_zlib_compression.

    +

    If zlib support is not compiled into OpenSSL then CMS_compress() will return +an error.

    +

    If the CMS_TEXT flag is set MIME headers for type text/plain are +prepended to the data.

    +

    Normally the supplied content is translated into MIME canonical format (as +required by the S/MIME specifications) if CMS_BINARY is set no translation +occurs. This option should be used if the supplied data is in binary format +otherwise the translation will corrupt it. If CMS_BINARY is set then +CMS_TEXT is ignored.

    +

    If the CMS_STREAM flag is set a partial CMS_ContentInfo structure is +returned suitable for streaming I/O: no data is read from the BIO in.

    +

    The compressed data is included in the CMS_ContentInfo structure, unless +CMS_DETACHED is set in which case it is omitted. This is rarely used in +practice and is not supported by SMIME_write_CMS().

    +

    If the flag CMS_STREAM is set the returned CMS_ContentInfo structure is +not complete and outputting its contents via a function that does not +properly finalize the CMS_ContentInfo structure will give unpredictable +results.

    +

    Several functions including SMIME_write_CMS(), i2d_CMS_bio_stream(), +PEM_write_bio_CMS_stream() finalize the structure. Alternatively finalization +can be performed by obtaining the streaming ASN1 BIO directly using +BIO_new_CMS().

    +

    Additional compression parameters such as the zlib compression level cannot +currently be set.

    +

    +

    +
    +

    RETURN VALUES

    +

    CMS_compress() returns either a CMS_ContentInfo structure or NULL if an error +occurred. The error can be obtained from ERR_get_error(3).

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), CMS_uncompress(3)

    +

    +

    +
    +

    HISTORY

    +

    The CMS_STREAM flag was added in OpenSSL 1.0.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/CMS_decrypt.html b/linux_amd64/share/doc/openssl/html/man3/CMS_decrypt.html new file mode 100755 index 0000000..684780f --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/CMS_decrypt.html @@ -0,0 +1,117 @@ + + + + +CMS_decrypt + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    CMS_decrypt - decrypt content from a CMS envelopedData structure

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/cms.h>
    +
    + int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
+                 BIO *dcont, BIO *out, unsigned int flags);
    +

    +

    +
    +

    DESCRIPTION

    +

    CMS_decrypt() extracts and decrypts the content from a CMS EnvelopedData +structure. pkey is the private key of the recipient, cert is the +recipient's certificate, out is a BIO to write the content to and +flags is an optional set of flags.

    +

    The dcont parameter is used in the rare case where the encrypted content +is detached. It will normally be set to NULL.

    +

    +

    +
    +

    NOTES

    +

    Although the recipients certificate is not needed to decrypt the data it is +needed to locate the appropriate (of possible several) recipients in the CMS +structure.

    +

    If cert is set to NULL all possible recipients are tried. This case however +is problematic. To thwart the MMA attack (Bleichenbacher's attack on +PKCS #1 v1.5 RSA padding) all recipients are tried whether they succeed or +not. If no recipient succeeds then a random symmetric key is used to decrypt +the content: this will typically output garbage and may (but is not guaranteed +to) ultimately return a padding error only. If CMS_decrypt() just returned an +error when all recipient encrypted keys failed to decrypt an attacker could +use this in a timing attack. If the special flag CMS_DEBUG_DECRYPT is set +then the above behaviour is modified and an error is returned if no +recipient encrypted key can be decrypted without generating a random +content encryption key. Applications should use this flag with +extreme caution especially in automated gateways as it can leave them +open to attack.

    +

    It is possible to determine the correct recipient key by other means (for +example looking them up in a database) and setting them in the CMS structure +in advance using the CMS utility functions such as CMS_set1_pkey(). In this +case both cert and pkey should be set to NULL.

    +

    To process KEKRecipientInfo types CMS_set1_key() or CMS_RecipientInfo_set0_key() +and CMS_RecipientInfo_decrypt() should be called before CMS_decrypt() and +cert and pkey set to NULL.

    +

    The following flags can be passed in the flags parameter.

    +

    If the CMS_TEXT flag is set MIME headers for type text/plain are deleted +from the content. If the content is not of type text/plain then an error is +returned.

    +

    +

    +
    +

    RETURN VALUES

    +

    CMS_decrypt() returns either 1 for success or 0 for failure. +The error can be obtained from ERR_get_error(3)

    +

    +

    +
    +

    BUGS

    +

    The lack of single pass processing and the need to hold all data in memory as +mentioned in CMS_verify() also applies to CMS_decrypt().

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), CMS_encrypt(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/CMS_encrypt.html b/linux_amd64/share/doc/openssl/html/man3/CMS_encrypt.html new file mode 100755 index 0000000..2e7ef5d --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/CMS_encrypt.html @@ -0,0 +1,124 @@ + + + + +CMS_encrypt + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    CMS_encrypt - create a CMS envelopedData structure

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/cms.h>
    +
    + CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
+                              const EVP_CIPHER *cipher, unsigned int flags);
    +

    +

    +
    +

    DESCRIPTION

    +

    CMS_encrypt() creates and returns a CMS EnvelopedData structure. certs +is a list of recipient certificates. in is the content to be encrypted. +cipher is the symmetric cipher to use. flags is an optional set of flags.

    +

    Only certificates carrying RSA, Diffie-Hellman or EC keys are supported by this +function.

    +

    EVP_des_ede3_cbc() (triple DES) is the algorithm of choice for S/MIME use +because most clients will support it.

    +

    The algorithm passed in the cipher parameter must support ASN1 encoding of +its parameters.

    +

    Many browsers implement a "sign and encrypt" option which is simply an S/MIME +envelopedData containing an S/MIME signed message. This can be readily produced +by storing the S/MIME signed message in a memory BIO and passing it to +CMS_encrypt().

    +

    The following flags can be passed in the flags parameter.

    +

    If the CMS_TEXT flag is set MIME headers for type text/plain are +prepended to the data.

    +

    Normally the supplied content is translated into MIME canonical format (as +required by the S/MIME specifications) if CMS_BINARY is set no translation +occurs. This option should be used if the supplied data is in binary format +otherwise the translation will corrupt it. If CMS_BINARY is set then +CMS_TEXT is ignored.

    +

    OpenSSL will by default identify recipient certificates using issuer name +and serial number. If CMS_USE_KEYID is set it will use the subject key +identifier value instead. An error occurs if all recipient certificates do not +have a subject key identifier extension.

    +

    If the CMS_STREAM flag is set a partial CMS_ContentInfo structure is +returned suitable for streaming I/O: no data is read from the BIO in.

    +

    If the CMS_PARTIAL flag is set a partial CMS_ContentInfo structure is +returned to which additional recipients and attributes can be added before +finalization.

    +

    The data being encrypted is included in the CMS_ContentInfo structure, unless +CMS_DETACHED is set in which case it is omitted. This is rarely used in +practice and is not supported by SMIME_write_CMS().

    +

    If the flag CMS_STREAM is set the returned CMS_ContentInfo structure is +not complete and outputting its contents via a function that does not +properly finalize the CMS_ContentInfo structure will give unpredictable +results.

    +

    Several functions including SMIME_write_CMS(), i2d_CMS_bio_stream(), +PEM_write_bio_CMS_stream() finalize the structure. Alternatively finalization +can be performed by obtaining the streaming ASN1 BIO directly using +BIO_new_CMS().

    +

    The recipients specified in certs use a CMS KeyTransRecipientInfo info +structure. KEKRecipientInfo is also supported using the flag CMS_PARTIAL +and CMS_add0_recipient_key().

    +

    The parameter certs may be NULL if CMS_PARTIAL is set and recipients +added later using CMS_add1_recipient_cert() or CMS_add0_recipient_key().

    +

    +

    +
    +

    RETURN VALUES

    +

    CMS_encrypt() returns either a CMS_ContentInfo structure or NULL if an error +occurred. The error can be obtained from ERR_get_error(3).

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), CMS_decrypt(3)

    +

    +

    +
    +

    HISTORY

    +

    The CMS_STREAM flag was first supported in OpenSSL 1.0.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/CMS_final.html b/linux_amd64/share/doc/openssl/html/man3/CMS_final.html new file mode 100755 index 0000000..c2e00c5 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/CMS_final.html @@ -0,0 +1,85 @@ + + + + +CMS_final + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    CMS_final - finalise a CMS_ContentInfo structure

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/cms.h>
    +
    + int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags);
    +

    +

    +
    +

    DESCRIPTION

    +

    CMS_final() finalises the structure cms. Its purpose is to perform any +operations necessary on cms (digest computation for example) and set the +appropriate fields. The parameter data contains the content to be +processed. The dcont parameter contains a BIO to write content to after +processing: this is only used with detached data and will usually be set to +NULL.

    +

    +

    +
    +

    NOTES

    +

    This function will normally be called when the CMS_PARTIAL flag is used. It +should only be used when streaming is not performed because the streaming +I/O functions perform finalisation operations internally.

    +

    +

    +
    +

    RETURN VALUES

    +

    CMS_final() returns 1 for success or 0 for failure.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), CMS_sign(3), +CMS_encrypt(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/CMS_get0_RecipientInfos.html b/linux_amd64/share/doc/openssl/html/man3/CMS_get0_RecipientInfos.html new file mode 100755 index 0000000..e6e30d2 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/CMS_get0_RecipientInfos.html @@ -0,0 +1,164 @@ + + + + +CMS_get0_RecipientInfos + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    CMS_get0_RecipientInfos, CMS_RecipientInfo_type, +CMS_RecipientInfo_ktri_get0_signer_id, CMS_RecipientInfo_ktri_cert_cmp, +CMS_RecipientInfo_set0_pkey, CMS_RecipientInfo_kekri_get0_id, +CMS_RecipientInfo_kekri_id_cmp, CMS_RecipientInfo_set0_key, +CMS_RecipientInfo_decrypt, CMS_RecipientInfo_encrypt +- CMS envelopedData RecipientInfo routines

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/cms.h>
    +
    + STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms);
+ int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
    +
    + int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
+                                           ASN1_OCTET_STRING **keyid,
+                                           X509_NAME **issuer,
+                                           ASN1_INTEGER **sno);
+ int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert);
+ int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey);
    +
    + int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, X509_ALGOR **palg,
+                                     ASN1_OCTET_STRING **pid,
+                                     ASN1_GENERALIZEDTIME **pdate,
+                                     ASN1_OBJECT **potherid,
+                                     ASN1_TYPE **pothertype);
+ int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri,
+                                    const unsigned char *id, size_t idlen);
+ int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri,
+                                unsigned char *key, size_t keylen);
    +
    + int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri);
+ int CMS_RecipientInfo_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri);
    +

    +

    +
    +

    DESCRIPTION

    +

    The function CMS_get0_RecipientInfos() returns all the CMS_RecipientInfo +structures associated with a CMS EnvelopedData structure.

    +

    CMS_RecipientInfo_type() returns the type of CMS_RecipientInfo structure ri. +It will currently return CMS_RECIPINFO_TRANS, CMS_RECIPINFO_AGREE, +CMS_RECIPINFO_KEK, CMS_RECIPINFO_PASS, or CMS_RECIPINFO_OTHER.

    +

    CMS_RecipientInfo_ktri_get0_signer_id() retrieves the certificate recipient +identifier associated with a specific CMS_RecipientInfo structure ri, which +must be of type CMS_RECIPINFO_TRANS. Either the keyidentifier will be set in +keyid or both issuer name and serial number in issuer and sno.

    +

    CMS_RecipientInfo_ktri_cert_cmp() compares the certificate cert against the +CMS_RecipientInfo structure ri, which must be of type CMS_RECIPINFO_TRANS. +It returns zero if the comparison is successful and non zero if not.

    +

    CMS_RecipientInfo_set0_pkey() associates the private key pkey with +the CMS_RecipientInfo structure ri, which must be of type +CMS_RECIPINFO_TRANS.

    +

    CMS_RecipientInfo_kekri_get0_id() retrieves the key information from the +CMS_RecipientInfo structure ri which must be of type CMS_RECIPINFO_KEK. Any +of the remaining parameters can be NULL if the application is not interested in +the value of a field. Where a field is optional and absent NULL will be written +to the corresponding parameter. The keyEncryptionAlgorithm field is written to +palg, the keyIdentifier field is written to pid, the date field if +present is written to pdate, if the other field is present the components +keyAttrId and keyAttr are written to parameters potherid and +pothertype.

    +

    CMS_RecipientInfo_kekri_id_cmp() compares the ID in the id and idlen +parameters against the keyIdentifier CMS_RecipientInfo structure ri, +which must be of type CMS_RECIPINFO_KEK. It returns zero if the comparison is +successful and non zero if not.

    +

    CMS_RecipientInfo_set0_key() associates the symmetric key key of length +keylen with the CMS_RecipientInfo structure ri, which must be of type +CMS_RECIPINFO_KEK.

    +

    CMS_RecipientInfo_decrypt() attempts to decrypt CMS_RecipientInfo structure +ri in structure cms. A key must have been associated with the structure +first.

    +

    CMS_RecipientInfo_encrypt() attempts to encrypt CMS_RecipientInfo structure +ri in structure cms. A key must have been associated with the structure +first and the content encryption key must be available: for example by a +previous call to CMS_RecipientInfo_decrypt().

    +

    +

    +
    +

    NOTES

    +

    The main purpose of these functions is to enable an application to lookup +recipient keys using any appropriate technique when the simpler method +of CMS_decrypt() is not appropriate.

    +

    In typical usage and application will retrieve all CMS_RecipientInfo structures +using CMS_get0_RecipientInfos() and check the type of each using +CMS_RecipientInfo_type(). Depending on the type the CMS_RecipientInfo structure +can be ignored or its key identifier data retrieved using an appropriate +function. Then if the corresponding secret or private key can be obtained by +any appropriate means it can then associated with the structure and +CMS_RecipientInfo_decrypt() called. If successful CMS_decrypt() can be called +with a NULL key to decrypt the enveloped content.

    +

    The CMS_RecipientInfo_encrypt() can be used to add a new recipient to an +existing enveloped data structure. Typically an application will first decrypt +an appropriate CMS_RecipientInfo structure to make the content encrypt key +available, it will then add a new recipient using a function such as +CMS_add1_recipient_cert() and finally encrypt the content encryption key +using CMS_RecipientInfo_encrypt().

    +

    +

    +
    +

    RETURN VALUES

    +

    CMS_get0_RecipientInfos() returns all CMS_RecipientInfo structures, or NULL if +an error occurs.

    +

    CMS_RecipientInfo_ktri_get0_signer_id(), CMS_RecipientInfo_set0_pkey(), +CMS_RecipientInfo_kekri_get0_id(), CMS_RecipientInfo_set0_key() and +CMS_RecipientInfo_decrypt() return 1 for success or 0 if an error occurs. +CMS_RecipientInfo_encrypt() return 1 for success or 0 if an error occurs.

    +

    CMS_RecipientInfo_ktri_cert_cmp() and CMS_RecipientInfo_kekri_cmp() return 0 +for a successful comparison and non zero otherwise.

    +

    Any error can be obtained from ERR_get_error(3).

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), CMS_decrypt(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/CMS_get0_SignerInfos.html b/linux_amd64/share/doc/openssl/html/man3/CMS_get0_SignerInfos.html new file mode 100755 index 0000000..e3691e5 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/CMS_get0_SignerInfos.html @@ -0,0 +1,118 @@ + + + + +CMS_get0_SignerInfos + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    CMS_SignerInfo_set1_signer_cert, +CMS_get0_SignerInfos, CMS_SignerInfo_get0_signer_id, +CMS_SignerInfo_get0_signature, CMS_SignerInfo_cert_cmp +- CMS signedData signer functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/cms.h>
    +
    + STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms);
    +
    + int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, ASN1_OCTET_STRING **keyid,
+                                   X509_NAME **issuer, ASN1_INTEGER **sno);
+ ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si);
+ int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert);
+ void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer);
    +

    +

    +
    +

    DESCRIPTION

    +

    The function CMS_get0_SignerInfos() returns all the CMS_SignerInfo structures +associated with a CMS signedData structure.

    +

    CMS_SignerInfo_get0_signer_id() retrieves the certificate signer identifier +associated with a specific CMS_SignerInfo structure si. Either the +keyidentifier will be set in keyid or both issuer name and serial number +in issuer and sno.

    +

    CMS_SignerInfo_get0_signature() retrieves the signature associated with +si in a pointer to an ASN1_OCTET_STRING structure. This pointer returned +corresponds to the internal signature value if si so it may be read or +modified.

    +

    CMS_SignerInfo_cert_cmp() compares the certificate cert against the signer +identifier si. It returns zero if the comparison is successful and non zero +if not.

    +

    CMS_SignerInfo_set1_signer_cert() sets the signers certificate of si to +signer.

    +

    +

    +
    +

    NOTES

    +

    The main purpose of these functions is to enable an application to lookup +signers certificates using any appropriate technique when the simpler method +of CMS_verify() is not appropriate.

    +

    In typical usage and application will retrieve all CMS_SignerInfo structures +using CMS_get0_SignerInfo() and retrieve the identifier information using +CMS. It will then obtain the signer certificate by some unspecified means +(or return and error if it cannot be found) and set it using +CMS_SignerInfo_set1_signer_cert().

    +

    Once all signer certificates have been set CMS_verify() can be used.

    +

    Although CMS_get0_SignerInfos() can return NULL if an error occurs or if +there are no signers this is not a problem in practice because the only +error which can occur is if the cms structure is not of type signedData +due to application error.

    +

    +

    +
    +

    RETURN VALUES

    +

    CMS_get0_SignerInfos() returns all CMS_SignerInfo structures, or NULL there +are no signers or an error occurs.

    +

    CMS_SignerInfo_get0_signer_id() returns 1 for success and 0 for failure.

    +

    CMS_SignerInfo_cert_cmp() returns 0 for a successful comparison and non +zero otherwise.

    +

    CMS_SignerInfo_set1_signer_cert() does not return a value.

    +

    Any error can be obtained from ERR_get_error(3)

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), CMS_verify(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/CMS_get0_type.html b/linux_amd64/share/doc/openssl/html/man3/CMS_get0_type.html new file mode 100755 index 0000000..f14d8d2 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/CMS_get0_type.html @@ -0,0 +1,115 @@ + + + + +CMS_get0_type + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    CMS_get0_type, CMS_set1_eContentType, CMS_get0_eContentType, CMS_get0_content - get and set CMS content types and content

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/cms.h>
    +
    + const ASN1_OBJECT *CMS_get0_type(const CMS_ContentInfo *cms);
+ int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid);
+ const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms);
+ ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms);
    +

    +

    +
    +

    DESCRIPTION

    +

    CMS_get0_type() returns the content type of a CMS_ContentInfo structure as +an ASN1_OBJECT pointer. An application can then decide how to process the +CMS_ContentInfo structure based on this value.

    +

    CMS_set1_eContentType() sets the embedded content type of a CMS_ContentInfo +structure. It should be called with CMS functions (such as CMS_sign(3), +CMS_encrypt(3)) +with the CMS_PARTIAL +flag and before the structure is finalised, otherwise the results are +undefined.

    +

    ASN1_OBJECT *CMS_get0_eContentType() returns a pointer to the embedded +content type.

    +

    CMS_get0_content() returns a pointer to the ASN1_OCTET_STRING pointer +containing the embedded content.

    +

    +

    +
    +

    NOTES

    +

    As the 0 implies CMS_get0_type(), CMS_get0_eContentType() and +CMS_get0_content() return internal pointers which should not be freed up. +CMS_set1_eContentType() copies the supplied OID and it should be freed up +after use.

    +

    The ASN1_OBJECT values returned can be converted to an integer NID value +using OBJ_obj2nid(). For the currently supported content types the following +values are returned:

    +
    + NID_pkcs7_data
+ NID_pkcs7_signed
+ NID_pkcs7_digest
+ NID_id_smime_ct_compressedData:
+ NID_pkcs7_encrypted
+ NID_pkcs7_enveloped
    +

    The return value of CMS_get0_content() is a pointer to the ASN1_OCTET_STRING +content pointer. That means that for example:

    +
    + ASN1_OCTET_STRING **pconf = CMS_get0_content(cms);
    +

    *pconf could be NULL if there is no embedded content. Applications can +access, modify or create the embedded content in a CMS_ContentInfo structure +using this function. Applications usually will not need to modify the +embedded content as it is normally set by higher level functions.

    +

    +

    +
    +

    RETURN VALUES

    +

    CMS_get0_type() and CMS_get0_eContentType() return an ASN1_OBJECT structure.

    +

    CMS_set1_eContentType() returns 1 for success or 0 if an error occurred. The +error can be obtained from ERR_get_error(3).

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/CMS_get1_ReceiptRequest.html b/linux_amd64/share/doc/openssl/html/man3/CMS_get1_ReceiptRequest.html new file mode 100755 index 0000000..a815a28 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/CMS_get1_ReceiptRequest.html @@ -0,0 +1,111 @@ + + + + +CMS_get1_ReceiptRequest + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    CMS_ReceiptRequest_create0, CMS_add1_ReceiptRequest, CMS_get1_ReceiptRequest, CMS_ReceiptRequest_get0_values - CMS signed receipt request functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/cms.h>
    +
    + CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
+                                                int allorfirst,
+                                                STACK_OF(GENERAL_NAMES) *receiptList,
+                                                STACK_OF(GENERAL_NAMES) *receiptsTo);
+ int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
+ int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr);
+ void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, ASN1_STRING **pcid,
+                                     int *pallorfirst,
+                                     STACK_OF(GENERAL_NAMES) **plist,
+                                     STACK_OF(GENERAL_NAMES) **prto);
    +

    +

    +
    +

    DESCRIPTION

    +

    CMS_ReceiptRequest_create0() creates a signed receipt request structure. The +signedContentIdentifier field is set using id and idlen, or it is set +to 32 bytes of pseudo random data if id is NULL. If receiptList is NULL +the allOrFirstTier option in receiptsFrom is used and set to the value of +the allorfirst parameter. If receiptList is not NULL the receiptList +option in receiptsFrom is used. The receiptsTo parameter specifies the +receiptsTo field value.

    +

    The CMS_add1_ReceiptRequest() function adds a signed receipt request rr +to SignerInfo structure si.

    +

    int CMS_get1_ReceiptRequest() looks for a signed receipt request in si, if +any is found it is decoded and written to prr.

    +

    CMS_ReceiptRequest_get0_values() retrieves the values of a receipt request. +The signedContentIdentifier is copied to pcid. If the allOrFirstTier +option of receiptsFrom is used its value is copied to pallorfirst +otherwise the receiptList field is copied to plist. The receiptsTo +parameter is copied to prto.

    +

    +

    +
    +

    NOTES

    +

    For more details of the meaning of the fields see RFC2634.

    +

    The contents of a signed receipt should only be considered meaningful if the +corresponding CMS_ContentInfo structure can be successfully verified using +CMS_verify().

    +

    +

    +
    +

    RETURN VALUES

    +

    CMS_ReceiptRequest_create0() returns a signed receipt request structure or +NULL if an error occurred.

    +

    CMS_add1_ReceiptRequest() returns 1 for success or 0 if an error occurred.

    +

    CMS_get1_ReceiptRequest() returns 1 is a signed receipt request is found and +decoded. It returns 0 if a signed receipt request is not present and -1 if +it is present but malformed.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), CMS_sign(3), +CMS_sign_receipt(3), CMS_verify(3) +CMS_verify_receipt(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/CMS_sign.html b/linux_amd64/share/doc/openssl/html/man3/CMS_sign.html new file mode 100755 index 0000000..b979827 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/CMS_sign.html @@ -0,0 +1,156 @@ + + + + +CMS_sign + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    CMS_sign - create a CMS SignedData structure

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/cms.h>
    +
    + CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
+                           BIO *data, unsigned int flags);
    +

    +

    +
    +

    DESCRIPTION

    +

    CMS_sign() creates and returns a CMS SignedData structure. signcert is +the certificate to sign with, pkey is the corresponding private key. +certs is an optional additional set of certificates to include in the CMS +structure (for example any intermediate CAs in the chain). Any or all of +these parameters can be NULL, see NOTES below.

    +

    The data to be signed is read from BIO data.

    +

    flags is an optional set of flags.

    +

    +

    +
    +

    NOTES

    +

    Any of the following flags (ored together) can be passed in the flags +parameter.

    +

    Many S/MIME clients expect the signed content to include valid MIME headers. If +the CMS_TEXT flag is set MIME headers for type text/plain are prepended +to the data.

    +

    If CMS_NOCERTS is set the signer's certificate will not be included in the +CMS_ContentInfo structure, the signer's certificate must still be supplied in +the signcert parameter though. This can reduce the size of the signature if +the signers certificate can be obtained by other means: for example a +previously signed message.

    +

    The data being signed is included in the CMS_ContentInfo structure, unless +CMS_DETACHED is set in which case it is omitted. This is used for +CMS_ContentInfo detached signatures which are used in S/MIME plaintext signed +messages for example.

    +

    Normally the supplied content is translated into MIME canonical format (as +required by the S/MIME specifications) if CMS_BINARY is set no translation +occurs. This option should be used if the supplied data is in binary format +otherwise the translation will corrupt it.

    +

    The SignedData structure includes several CMS signedAttributes including the +signing time, the CMS content type and the supported list of ciphers in an +SMIMECapabilities attribute. If CMS_NOATTR is set then no signedAttributes +will be used. If CMS_NOSMIMECAP is set then just the SMIMECapabilities are +omitted.

    +

    If present the SMIMECapabilities attribute indicates support for the following +algorithms in preference order: 256 bit AES, Gost R3411-94, Gost 28147-89, 192 +bit AES, 128 bit AES, triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2. +If any of these algorithms is not available then it will not be included: for example the GOST algorithms will not be included if the GOST ENGINE is +not loaded.

    +

    OpenSSL will by default identify signing certificates using issuer name +and serial number. If CMS_USE_KEYID is set it will use the subject key +identifier value instead. An error occurs if the signing certificate does not +have a subject key identifier extension.

    +

    If the flags CMS_STREAM is set then the returned CMS_ContentInfo +structure is just initialized ready to perform the signing operation. The +signing is however not performed and the data to be signed is not read from +the data parameter. Signing is deferred until after the data has been +written. In this way data can be signed in a single pass.

    +

    If the CMS_PARTIAL flag is set a partial CMS_ContentInfo structure is +output to which additional signers and capabilities can be added before +finalization.

    +

    If the flag CMS_STREAM is set the returned CMS_ContentInfo structure is +not complete and outputting its contents via a function that does not +properly finalize the CMS_ContentInfo structure will give unpredictable +results.

    +

    Several functions including SMIME_write_CMS(), i2d_CMS_bio_stream(), +PEM_write_bio_CMS_stream() finalize the structure. Alternatively finalization +can be performed by obtaining the streaming ASN1 BIO directly using +BIO_new_CMS().

    +

    If a signer is specified it will use the default digest for the signing +algorithm. This is SHA1 for both RSA and DSA keys.

    +

    If signcert and pkey are NULL then a certificates only CMS structure is +output.

    +

    The function CMS_sign() is a basic CMS signing function whose output will be +suitable for many purposes. For finer control of the output format the +certs, signcert and pkey parameters can all be NULL and the +CMS_PARTIAL flag set. Then one or more signers can be added using the +function CMS_sign_add1_signer(), non default digests can be used and custom +attributes added. CMS_final() must then be called to finalize the +structure if streaming is not enabled.

    +

    +

    +
    +

    BUGS

    +

    Some attributes such as counter signatures are not supported.

    +

    +

    +
    +

    RETURN VALUES

    +

    CMS_sign() returns either a valid CMS_ContentInfo structure or NULL if an error +occurred. The error can be obtained from ERR_get_error(3).

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), CMS_verify(3)

    +

    +

    +
    +

    HISTORY

    +

    The CMS_STREAM flag is only supported for detached data in OpenSSL 0.9.8, +it is supported for embedded data in OpenSSL 1.0.0 and later.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/CMS_sign_receipt.html b/linux_amd64/share/doc/openssl/html/man3/CMS_sign_receipt.html new file mode 100755 index 0000000..48710b9 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/CMS_sign_receipt.html @@ -0,0 +1,90 @@ + + + + +CMS_sign_receipt + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    CMS_sign_receipt - create a CMS signed receipt

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/cms.h>
    +
    + CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, X509 *signcert,
+                                   EVP_PKEY *pkey, STACK_OF(X509) *certs,
+                                   unsigned int flags);
    +

    +

    +
    +

    DESCRIPTION

    +

    CMS_sign_receipt() creates and returns a CMS signed receipt structure. si is +the CMS_SignerInfo structure containing the signed receipt request. +signcert is the certificate to sign with, pkey is the corresponding +private key. certs is an optional additional set of certificates to include +in the CMS structure (for example any intermediate CAs in the chain).

    +

    flags is an optional set of flags.

    +

    +

    +
    +

    NOTES

    +

    This functions behaves in a similar way to CMS_sign() except the flag values +CMS_DETACHED, CMS_BINARY, CMS_NOATTR, CMS_TEXT and CMS_STREAM +are not supported since they do not make sense in the context of signed +receipts.

    +

    +

    +
    +

    RETURN VALUES

    +

    CMS_sign_receipt() returns either a valid CMS_ContentInfo structure or NULL if +an error occurred. The error can be obtained from ERR_get_error(3).

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), +CMS_verify_receipt(3), +CMS_sign(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/CMS_uncompress.html b/linux_amd64/share/doc/openssl/html/man3/CMS_uncompress.html new file mode 100755 index 0000000..04cb362 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/CMS_uncompress.html @@ -0,0 +1,96 @@ + + + + +CMS_uncompress + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    CMS_uncompress - uncompress a CMS CompressedData structure

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/cms.h>
    +
    + int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, unsigned int flags);
    +

    +

    +
    +

    DESCRIPTION

    +

    CMS_uncompress() extracts and uncompresses the content from a CMS +CompressedData structure cms. data is a BIO to write the content to and +flags is an optional set of flags.

    +

    The dcont parameter is used in the rare case where the compressed content +is detached. It will normally be set to NULL.

    +

    +

    +
    +

    NOTES

    +

    The only currently supported compression algorithm is zlib: if the structure +indicates the use of any other algorithm an error is returned.

    +

    If zlib support is not compiled into OpenSSL then CMS_uncompress() will always +return an error.

    +

    The following flags can be passed in the flags parameter.

    +

    If the CMS_TEXT flag is set MIME headers for type text/plain are deleted +from the content. If the content is not of type text/plain then an error is +returned.

    +

    +

    +
    +

    RETURN VALUES

    +

    CMS_uncompress() returns either 1 for success or 0 for failure. The error can +be obtained from ERR_get_error(3)

    +

    +

    +
    +

    BUGS

    +

    The lack of single pass processing and the need to hold all data in memory as +mentioned in CMS_verify() also applies to CMS_decompress().

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), CMS_compress(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/CMS_verify.html b/linux_amd64/share/doc/openssl/html/man3/CMS_verify.html new file mode 100755 index 0000000..2e67e51 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/CMS_verify.html @@ -0,0 +1,155 @@ + + + + +CMS_verify + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    CMS_verify, CMS_get0_signers - verify a CMS SignedData structure

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/cms.h>
    +
    + int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, X509_STORE *store,
+                BIO *indata, BIO *out, unsigned int flags);
    +
    + STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms);
    +

    +

    +
    +

    DESCRIPTION

    +

    CMS_verify() verifies a CMS SignedData structure. cms is the CMS_ContentInfo +structure to verify. certs is a set of certificates in which to search for +the signing certificate(s). store is a trusted certificate store used for +chain verification. indata is the detached content if the content is not +present in cms. The content is written to out if it is not NULL.

    +

    flags is an optional set of flags, which can be used to modify the verify +operation.

    +

    CMS_get0_signers() retrieves the signing certificate(s) from cms, it must +be called after a successful CMS_verify() operation.

    +

    +

    +
    +

    VERIFY PROCESS

    +

    Normally the verify process proceeds as follows.

    +

    Initially some sanity checks are performed on cms. The type of cms must +be SignedData. There must be at least one signature on the data and if +the content is detached indata cannot be NULL.

    +

    An attempt is made to locate all the signing certificate(s), first looking in +the certs parameter (if it is not NULL) and then looking in any +certificates contained in the cms structure itself. If any signing +certificate cannot be located the operation fails.

    +

    Each signing certificate is chain verified using the smimesign purpose and +the supplied trusted certificate store. Any internal certificates in the message +are used as untrusted CAs. If CRL checking is enabled in store any internal +CRLs are used in addition to attempting to look them up in store. If any +chain verify fails an error code is returned.

    +

    Finally the signed content is read (and written to out if it is not NULL) +and the signature's checked.

    +

    If all signature's verify correctly then the function is successful.

    +

    Any of the following flags (ored together) can be passed in the flags +parameter to change the default verify behaviour.

    +

    If CMS_NOINTERN is set the certificates in the message itself are not +searched when locating the signing certificate(s). This means that all the +signing certificates must be in the certs parameter.

    +

    If CMS_NOCRL is set and CRL checking is enabled in store then any +CRLs in the message itself are ignored.

    +

    If the CMS_TEXT flag is set MIME headers for type text/plain are deleted +from the content. If the content is not of type text/plain then an error is +returned.

    +

    If CMS_NO_SIGNER_CERT_VERIFY is set the signing certificates are not +verified.

    +

    If CMS_NO_ATTR_VERIFY is set the signed attributes signature is not +verified.

    +

    If CMS_NO_CONTENT_VERIFY is set then the content digest is not checked.

    +

    +

    +
    +

    NOTES

    +

    One application of CMS_NOINTERN is to only accept messages signed by +a small number of certificates. The acceptable certificates would be passed +in the certs parameter. In this case if the signer is not one of the +certificates supplied in certs then the verify will fail because the +signer cannot be found.

    +

    In some cases the standard techniques for looking up and validating +certificates are not appropriate: for example an application may wish to +lookup certificates in a database or perform customised verification. This +can be achieved by setting and verifying the signers certificates manually +using the signed data utility functions.

    +

    Care should be taken when modifying the default verify behaviour, for example +setting CMS_NO_CONTENT_VERIFY will totally disable all content verification +and any modified content will be considered valid. This combination is however +useful if one merely wishes to write the content to out and its validity +is not considered important.

    +

    Chain verification should arguably be performed using the signing time rather +than the current time. However since the signing time is supplied by the +signer it cannot be trusted without additional evidence (such as a trusted +timestamp).

    +

    +

    +
    +

    RETURN VALUES

    +

    CMS_verify() returns 1 for a successful verification and zero if an error +occurred.

    +

    CMS_get0_signers() returns all signers or NULL if an error occurred.

    +

    The error can be obtained from ERR_get_error(3)

    +

    +

    +
    +

    BUGS

    +

    The trusted certificate store is not searched for the signing certificate, +this is primarily due to the inadequacies of the current X509_STORE +functionality.

    +

    The lack of single pass processing means that the signed content must all +be held in memory if it is not detached.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), CMS_sign(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/CMS_verify_receipt.html b/linux_amd64/share/doc/openssl/html/man3/CMS_verify_receipt.html new file mode 100755 index 0000000..3d6207c --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/CMS_verify_receipt.html @@ -0,0 +1,91 @@ + + + + +CMS_verify_receipt + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    CMS_verify_receipt - verify a CMS signed receipt

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/cms.h>
    +
    + int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms,
+                        STACK_OF(X509) *certs, X509_STORE *store,
+                        unsigned int flags);
    +

    +

    +
    +

    DESCRIPTION

    +

    CMS_verify_receipt() verifies a CMS signed receipt. rcms is the signed +receipt to verify. ocms is the original SignedData structure containing the +receipt request. certs is a set of certificates in which to search for the +signing certificate. store is a trusted certificate store (used for chain +verification).

    +

    flags is an optional set of flags, which can be used to modify the verify +operation.

    +

    +

    +
    +

    NOTES

    +

    This functions behaves in a similar way to CMS_verify() except the flag values +CMS_DETACHED, CMS_BINARY, CMS_TEXT and CMS_STREAM are not +supported since they do not make sense in the context of signed receipts.

    +

    +

    +
    +

    RETURN VALUES

    +

    CMS_verify_receipt() returns 1 for a successful verification and zero if an +error occurred.

    +

    The error can be obtained from ERR_get_error(3)

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), +CMS_sign_receipt(3), +CMS_verify(3),

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/CONF_modules_free.html b/linux_amd64/share/doc/openssl/html/man3/CONF_modules_free.html new file mode 100755 index 0000000..5702f2c --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/CONF_modules_free.html @@ -0,0 +1,94 @@ + + + + +CONF_modules_free + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    CONF_modules_free, CONF_modules_finish, CONF_modules_unload - +OpenSSL configuration cleanup functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/conf.h>
    +
    + void CONF_modules_finish(void);
+ void CONF_modules_unload(int all);
    +

    Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + void CONF_modules_free(void)
    +

    +

    +
    +

    DESCRIPTION

    +

    CONF_modules_free() closes down and frees up all memory allocated by all +configuration modules. Normally, in versions of OpenSSL prior to 1.1.0, +applications called +CONF_modules_free() at exit to tidy up any configuration performed.

    +

    CONF_modules_finish() calls each configuration modules finish handler +to free up any configuration that module may have performed.

    +

    CONF_modules_unload() finishes and unloads configuration modules. If +all is set to 0 only modules loaded from DSOs will be unloads. If +all is 1 all modules, including built-in modules will be unloaded.

    +

    +

    +
    +

    RETURN VALUES

    +

    None of the functions return a value.

    +

    +

    +
    +

    SEE ALSO

    +

    config(5), OPENSSL_config(3), +CONF_modules_load_file(3)

    +

    +

    +
    +

    HISTORY

    +

    CONF_modules_free() was deprecated in OpenSSL 1.1.0; do not use it. +For more information see OPENSSL_init_crypto(3).

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/CONF_modules_load_file.html b/linux_amd64/share/doc/openssl/html/man3/CONF_modules_load_file.html new file mode 100755 index 0000000..6556d6c --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/CONF_modules_load_file.html @@ -0,0 +1,172 @@ + + + + +CONF_modules_load_file + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    CONF_modules_load_file, CONF_modules_load - OpenSSL configuration functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/conf.h>
    +
    + int CONF_modules_load_file(const char *filename, const char *appname,
+                            unsigned long flags);
+ int CONF_modules_load(const CONF *cnf, const char *appname,
+                       unsigned long flags);
    +

    +

    +
    +

    DESCRIPTION

    +

    The function CONF_modules_load_file() configures OpenSSL using file +filename and application name appname. If filename is NULL +the standard OpenSSL configuration file is used. If appname is +NULL the standard OpenSSL application name openssl_conf is used. +The behaviour can be customized using flags.

    +

    CONF_modules_load() is identical to CONF_modules_load_file() except it +reads configuration information from cnf.

    +

    +

    +
    +

    NOTES

    +

    The following flags are currently recognized:

    +

    If CONF_MFLAGS_IGNORE_ERRORS is set errors returned by individual +configuration modules are ignored. If not set the first module error is +considered fatal and no further modules are loaded.

    +

    Normally any modules errors will add error information to the error queue. If +CONF_MFLAGS_SILENT is set no error information is added.

    +

    If CONF_MFLAGS_IGNORE_RETURN_CODES is set the function unconditionally +returns success. +This is used by default in OPENSSL_init_crypto(3) to ignore any errors in +the default system-wide configuration file, as having all OpenSSL applications +fail to start when there are potentially minor issues in the file is too risky. +Applications calling CONF_modules_load_file explicitly should not generally +set this flag.

    +

    If CONF_MFLAGS_NO_DSO is set configuration module loading from DSOs is +disabled.

    +

    CONF_MFLAGS_IGNORE_MISSING_FILE if set will make CONF_load_modules_file() +ignore missing configuration files. Normally a missing configuration file +return an error.

    +

    CONF_MFLAGS_DEFAULT_SECTION if set and appname is not NULL will use the +default section pointed to by openssl_conf if appname does not exist.

    +

    By using CONF_modules_load_file() with appropriate flags an application can +customise application configuration to best suit its needs. In some cases the +use of a configuration file is optional and its absence is not an error: in +this case CONF_MFLAGS_IGNORE_MISSING_FILE would be set.

    +

    Errors during configuration may also be handled differently by different +applications. For example in some cases an error may simply print out a warning +message and the application continue. In other cases an application might +consider a configuration file error as fatal and exit immediately.

    +

    Applications can use the CONF_modules_load() function if they wish to load a +configuration file themselves and have finer control over how errors are +treated.

    +

    +

    +
    +

    RETURN VALUES

    +

    These functions return 1 for success and a zero or negative value for +failure. If module errors are not ignored the return code will reflect the +return value of the failing module (this will always be zero or negative).

    +

    +

    +
    +

    EXAMPLES

    +

    Load a configuration file and print out any errors and exit (missing file +considered fatal):

    +
    + if (CONF_modules_load_file(NULL, NULL, 0) <= 0) {
+     fprintf(stderr, "FATAL: error loading configuration file\n");
+     ERR_print_errors_fp(stderr);
+     exit(1);
+ }
    +

    Load default configuration file using the section indicated by "myapp", +tolerate missing files, but exit on other errors:

    +
    + if (CONF_modules_load_file(NULL, "myapp",
+                            CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) {
+     fprintf(stderr, "FATAL: error loading configuration file\n");
+     ERR_print_errors_fp(stderr);
+     exit(1);
+ }
    +

    Load custom configuration file and section, only print warnings on error, +missing configuration file ignored:

    +
    + if (CONF_modules_load_file("/something/app.cnf", "myapp",
+                            CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) {
+     fprintf(stderr, "WARNING: error loading configuration file\n");
+     ERR_print_errors_fp(stderr);
+ }
    +

    Load and parse configuration file manually, custom error handling:

    +
    + FILE *fp;
+ CONF *cnf = NULL;
+ long eline;
    +
    + fp = fopen("/somepath/app.cnf", "r");
+ if (fp == NULL) {
+     fprintf(stderr, "Error opening configuration file\n");
+     /* Other missing configuration file behaviour */
+ } else {
+     cnf = NCONF_new(NULL);
+     if (NCONF_load_fp(cnf, fp, &eline) == 0) {
+         fprintf(stderr, "Error on line %ld of configuration file\n", eline);
+         ERR_print_errors_fp(stderr);
+         /* Other malformed configuration file behaviour */
+     } else if (CONF_modules_load(cnf, "appname", 0) <= 0) {
+         fprintf(stderr, "Error configuring application\n");
+         ERR_print_errors_fp(stderr);
+         /* Other configuration error behaviour */
+     }
+     fclose(fp);
+     NCONF_free(cnf);
+ }
    +

    +

    +
    +

    SEE ALSO

    +

    config(5), OPENSSL_config(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2004-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/CRYPTO_THREAD_run_once.html b/linux_amd64/share/doc/openssl/html/man3/CRYPTO_THREAD_run_once.html new file mode 100755 index 0000000..d8706f0 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/CRYPTO_THREAD_run_once.html @@ -0,0 +1,195 @@ + + + + +CRYPTO_THREAD_run_once + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    CRYPTO_THREAD_run_once, +CRYPTO_THREAD_lock_new, CRYPTO_THREAD_read_lock, CRYPTO_THREAD_write_lock, +CRYPTO_THREAD_unlock, CRYPTO_THREAD_lock_free, +CRYPTO_atomic_add - OpenSSL thread support

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/crypto.h>
    +
    + CRYPTO_ONCE CRYPTO_ONCE_STATIC_INIT;
+ int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void));
    +
    + CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void);
+ int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock);
+ int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock);
+ int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock);
+ void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock);
    +
    + int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock);
    +

    +

    +
    +

    DESCRIPTION

    +

    OpenSSL can be safely used in multi-threaded applications provided that +support for the underlying OS threading API is built-in. Currently, OpenSSL +supports the pthread and Windows APIs. OpenSSL can also be built without +any multi-threading support, for example on platforms that don't provide +any threading support or that provide a threading API that is not yet +supported by OpenSSL.

    +

    The following multi-threading function are provided:

    +
      +
    • +

      CRYPTO_THREAD_run_once() can be used to perform one-time initialization. +The once argument must be a pointer to a static object of type +CRYPTO_ONCE that was statically initialized to the value +CRYPTO_ONCE_STATIC_INIT. +The init argument is a pointer to a function that performs the desired +exactly once initialization. +In particular, this can be used to allocate locks in a thread-safe manner, +which can then be used with the locking functions below.

      +
      • +
    • +

      CRYPTO_THREAD_lock_new() allocates, initializes and returns a new read/write +lock.

      +
      • +
    • +

      CRYPTO_THREAD_read_lock() locks the provided lock for reading.

      +
      • +
    • +

      CRYPTO_THREAD_write_lock() locks the provided lock for writing.

      +
      • +
    • +

      CRYPTO_THREAD_unlock() unlocks the previously locked lock.

      +
      • +
    • +

      CRYPTO_THREAD_lock_free() frees the provided lock.

      +
      • +
    • +

      CRYPTO_atomic_add() atomically adds amount to val and returns the +result of the operation in ret. lock will be locked, unless atomic +operations are supported on the specific platform. Because of this, if a +variable is modified by CRYPTO_atomic_add() then CRYPTO_atomic_add() must +be the only way that the variable is modified.

      +
      • +
    +

    +

    +
    +

    RETURN VALUES

    +

    CRYPTO_THREAD_run_once() returns 1 on success, or 0 on error.

    +

    CRYPTO_THREAD_lock_new() returns the allocated lock, or NULL on error.

    +

    CRYPTO_THREAD_lock_free() returns no value.

    +

    The other functions return 1 on success, or 0 on error.

    +

    +

    +
    +

    NOTES

    +

    On Windows platforms the CRYPTO_THREAD_* types and functions in the +openssl/crypto.h header are dependent on some of the types customarily +made available by including windows.h. The application developer is +likely to require control over when the latter is included, commonly as +one of the first included headers. Therefore it is defined as an +application developer's responsibility to include windows.h prior to +crypto.h where use of CRYPTO_THREAD_* types and functions is required.

    +

    +

    +
    +

    EXAMPLES

    +

    You can find out if OpenSSL was configured with thread support:

    +
    + #include <openssl/opensslconf.h>
+ #if defined(OPENSSL_THREADS)
+     /* thread support enabled */
+ #else
+     /* no thread support */
+ #endif
    +

    This example safely initializes and uses a lock.

    +
    + #ifdef _WIN32
+ # include <windows.h>
+ #endif
+ #include <openssl/crypto.h>
    +
    + static CRYPTO_ONCE once = CRYPTO_ONCE_STATIC_INIT;
+ static CRYPTO_RWLOCK *lock;
    +
    + static void myinit(void)
+ {
+     lock = CRYPTO_THREAD_lock_new();
+ }
    +
    + static int mylock(void)
+ {
+     if (!CRYPTO_THREAD_run_once(&once, void init) || lock == NULL)
+         return 0;
+     return CRYPTO_THREAD_write_lock(lock);
+ }
    +
    + static int myunlock(void)
+ {
+     return CRYPTO_THREAD_unlock(lock);
+ }
    +
    + int serialized(void)
+ {
+     int ret = 0;
    +
    +     if (mylock()) {
+         /* Your code here, do not return without releasing the lock! */
+         ret = ... ;
+     }
+     myunlock();
+     return ret;
+ }
    +

    Finalization of locks is an advanced topic, not covered in this example. +This can only be done at process exit or when a dynamically loaded library is +no longer in use and is unloaded. +The simplest solution is to just "leak" the lock in applications and not +repeatedly load/unload shared libraries that allocate locks.

    +

    +

    +
    +

    SEE ALSO

    +

    crypto(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/CRYPTO_get_ex_new_index.html b/linux_amd64/share/doc/openssl/html/man3/CRYPTO_get_ex_new_index.html new file mode 100755 index 0000000..d60c069 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/CRYPTO_get_ex_new_index.html @@ -0,0 +1,202 @@ + + + + +CRYPTO_get_ex_new_index + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    CRYPTO_EX_new, CRYPTO_EX_free, CRYPTO_EX_dup, +CRYPTO_free_ex_index, CRYPTO_get_ex_new_index, +CRYPTO_alloc_ex_data, CRYPTO_set_ex_data, CRYPTO_get_ex_data, +CRYPTO_free_ex_data, CRYPTO_new_ex_data +- functions supporting application-specific data

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/crypto.h>
    +
    + int CRYPTO_get_ex_new_index(int class_index,
+                             long argl, void *argp,
+                             CRYPTO_EX_new *new_func,
+                             CRYPTO_EX_dup *dup_func,
+                             CRYPTO_EX_free *free_func);
    +
    + typedef void CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+                            int idx, long argl, void *argp);
+ typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+                             int idx, long argl, void *argp);
+ typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
+                           void *from_d, int idx, long argl, void *argp);
    +
    + int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad)
    +
    + int CRYPTO_alloc_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad,
+                          int idx);
    +
    + int CRYPTO_set_ex_data(CRYPTO_EX_DATA *r, int idx, void *arg);
    +
    + void *CRYPTO_get_ex_data(CRYPTO_EX_DATA *r, int idx);
    +
    + void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *r);
    +
    + int CRYPTO_free_ex_index(int class_index, int idx);
    +

    +

    +
    +

    DESCRIPTION

    +

    Several OpenSSL structures can have application-specific data attached to them, +known as "exdata." +The specific structures are:

    +
    +    BIO
+    DH
+    DSA
+    EC_KEY
+    ENGINE
+    RAND_DRBG
+    RSA
+    SSL
+    SSL_CTX
+    SSL_SESSION
+    UI
+    UI_METHOD
+    X509
+    X509_STORE
+    X509_STORE_CTX
    +

    In addition, the APP name is reserved for use by application code.

    +

    Each is identified by an CRYPTO_EX_INDEX_xxx define in the crypto.h +header file. In addition, CRYPTO_EX_INDEX_APP is reserved for +applications to use this facility for their own structures.

    +

    The API described here is used by OpenSSL to manipulate exdata for specific +structures. Since the application data can be anything at all it is passed +and retrieved as a void * type.

    +

    The CRYPTO_EX_DATA type is opaque. To initialize the exdata part of +a structure, call CRYPTO_new_ex_data(). This is only necessary for +CRYPTO_EX_INDEX_APP objects.

    +

    Exdata types are identified by an index, an integer guaranteed to be +unique within structures for the lifetime of the program. Applications +using exdata typically call CRYPTO_get_ex_new_index at startup, and +store the result in a global variable, or write a wrapper function to +provide lazy evaluation. The class_index should be one of the +CRYPTO_EX_INDEX_xxx values. The argl and argp parameters are saved +to be passed to the callbacks but are otherwise not used. In order to +transparently manipulate exdata, three callbacks must be provided. The +semantics of those callbacks are described below.

    +

    When copying or releasing objects with exdata, the callback functions +are called in increasing order of their index value.

    +

    If a dynamic library can be unloaded, it should call CRYPTO_free_ex_index() +when this is done. +This will replace the callbacks with no-ops +so that applications don't crash. Any existing exdata will be leaked.

    +

    To set or get the exdata on an object, the appropriate type-specific +routine must be used. This is because the containing structure is opaque +and the CRYPTO_EX_DATA field is not accessible. In both API's, the +idx parameter should be an already-created index value.

    +

    When setting exdata, the pointer specified with a particular index is saved, +and returned on a subsequent "get" call. If the application is going to +release the data, it must make sure to set a NULL value at the index, +to avoid likely double-free crashes.

    +

    The function CRYPTO_free_ex_data is used to free all exdata attached +to a structure. The appropriate type-specific routine must be used. +The class_index identifies the structure type, the obj is +a pointer to the actual structure, and r is a pointer to the +structure's exdata field.

    +

    +

    +

    Callback Functions

    +

    This section describes how the callback functions are used. Applications +that are defining their own exdata using CYPRTO_EX_INDEX_APP must +call them as described here.

    +

    When a structure is initially allocated (such as RSA_new()) then the +new_func() is called for every defined index. There is no requirement +that the entire parent, or containing, structure has been set up. +The new_func() is typically used only to allocate memory to store the +exdata, and perhaps an "initialized" flag within that memory. +The exdata value may be allocated later on with CRYPTO_alloc_ex_data(), +or may be set by calling CRYPTO_set_ex_data().

    +

    When a structure is free'd (such as SSL_CTX_free()) then the +free_func() is called for every defined index. Again, the state of the +parent structure is not guaranteed. The free_func() may be called with a +NULL pointer.

    +

    Both new_func() and free_func() take the same parameters. +The parent is the pointer to the structure that contains the exdata. +The ptr is the current exdata item; for new_func() this will typically +be NULL. The r parameter is a pointer to the exdata field of the object. +The idx is the index and is the value returned when the callbacks were +initially registered via CRYPTO_get_ex_new_index() and can be used if +the same callback handles different types of exdata.

    +

    dup_func() is called when a structure is being copied. This is only done +for SSL, SSL_SESSION, EC_KEY objects and BIO chains via +BIO_dup_chain(). The to and from parameters +are pointers to the destination and source CRYPTO_EX_DATA structures, +respectively. The from_d parameter needs to be cast to a void **pptr +as the API has currently the wrong signature; that will be changed in a +future version. The *pptr is a pointer to the source exdata. +When the dup_func() returns, the value in *pptr is copied to the +destination ex_data. If the pointer contained in *pptr is not modified +by the dup_func(), then both to and from will point to the same data. +The idx, argl and argp parameters are as described for the other +two callbacks. If the dup_func() returns 0 the whole CRYPTO_dup_ex_data() +will fail.

    +

    +

    +
    +

    RETURN VALUES

    +

    CRYPTO_get_ex_new_index() returns a new index or -1 on failure.

    +

    CRYPTO_free_ex_index(), CRYPTO_alloc_ex_data() and CRYPTO_set_ex_data() +return 1 on success or 0 on failure.

    +

    CRYPTO_get_ex_data() returns the application data or NULL on failure; +note that NULL may be a valid value.

    +

    dup_func() should return 0 for failure and 1 for success.

    +

    +

    +
    +

    HISTORY

    +

    CRYPTO_alloc_ex_data() was added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/CRYPTO_memcmp.html b/linux_amd64/share/doc/openssl/html/man3/CRYPTO_memcmp.html new file mode 100755 index 0000000..5aa296c --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/CRYPTO_memcmp.html @@ -0,0 +1,76 @@ + + + + +CRYPTO_memcmp + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    CRYPTO_memcmp - Constant time memory comparison

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/crypto.h>
    +
    + int CRYPTO_memcmp(const void *a, const void *b, size_t len);
    +

    +

    +
    +

    DESCRIPTION

    +

    The CRYPTO_memcmp function compares the len bytes pointed to by a and b +for equality. +It takes an amount of time dependent on len, but independent of the +contents of the memory regions pointed to by a and b.

    +

    +

    +
    +

    RETURN VALUES

    +

    CRYPTO_memcmp() returns 0 if the memory regions are equal and nonzero +otherwise.

    +

    +

    +
    +

    NOTES

    +

    Unlike memcmp(2), this function cannot be used to order the two memory regions +as the return value when they differ is undefined, other than being nonzero.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/CTLOG_STORE_get0_log_by_id.html b/linux_amd64/share/doc/openssl/html/man3/CTLOG_STORE_get0_log_by_id.html new file mode 100755 index 0000000..9a655ef --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/CTLOG_STORE_get0_log_by_id.html @@ -0,0 +1,87 @@ + + + + +CTLOG_STORE_get0_log_by_id + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    CTLOG_STORE_get0_log_by_id - +Get a Certificate Transparency log from a CTLOG_STORE

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ct.h>
    +
    + const CTLOG *CTLOG_STORE_get0_log_by_id(const CTLOG_STORE *store,
+                                         const uint8_t *log_id,
+                                         size_t log_id_len);
    +

    +

    +
    +

    DESCRIPTION

    +

    A Signed Certificate Timestamp (SCT) identifies the Certificate Transparency +(CT) log that issued it using the log's LogID (see RFC 6962, Section 3.2). +Therefore, it is useful to be able to look up more information about a log +(e.g. its public key) using this LogID.

    +

    CTLOG_STORE_get0_log_by_id() provides a way to do this. It will find a CTLOG +in a CTLOG_STORE that has a given LogID.

    +

    +

    +
    +

    RETURN VALUES

    +

    CTLOG_STORE_get0_log_by_id returns a CTLOG with the given LogID, if it +exists in the given CTLOG_STORE, otherwise it returns NULL.

    +

    +

    +
    +

    SEE ALSO

    +

    ct(7), +CTLOG_STORE_new(3)

    +

    +

    +
    +

    HISTORY

    +

    The CTLOG_STORE_get0_log_by_id() function was added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/CTLOG_STORE_new.html b/linux_amd64/share/doc/openssl/html/man3/CTLOG_STORE_new.html new file mode 100755 index 0000000..04ef05e --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/CTLOG_STORE_new.html @@ -0,0 +1,117 @@ + + + + +CTLOG_STORE_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    CTLOG_STORE_new, CTLOG_STORE_free, +CTLOG_STORE_load_default_file, CTLOG_STORE_load_file - +Create and populate a Certificate Transparency log list

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ct.h>
    +
    + CTLOG_STORE *CTLOG_STORE_new(void);
+ void CTLOG_STORE_free(CTLOG_STORE *store);
    +
    + int CTLOG_STORE_load_default_file(CTLOG_STORE *store);
+ int CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file);
    +

    +

    +
    +

    DESCRIPTION

    +

    A CTLOG_STORE is a container for a list of CTLOGs (Certificate Transparency +logs). The list can be loaded from one or more files and then searched by LogID +(see RFC 6962, Section 3.2, for the definition of a LogID).

    +

    CTLOG_STORE_new() creates an empty list of CT logs. This is then populated +by CTLOG_STORE_load_default_file() or CTLOG_STORE_load_file(). +CTLOG_STORE_load_default_file() loads from the default file, which is named +ct_log_list.cnf in OPENSSLDIR (see the output of openssl-version(1)). +This can be overridden using an environment variable named CTLOG_FILE. +CTLOG_STORE_load_file() loads from a caller-specified file path instead. +Both of these functions append any loaded CT logs to the CTLOG_STORE.

    +

    The expected format of the file is:

    +
    + enabled_logs=foo,bar
    +
    + [foo]
+ description = Log 1
+ key = <base64-encoded DER SubjectPublicKeyInfo here>
    +
    + [bar]
+ description = Log 2
+ key = <base64-encoded DER SubjectPublicKeyInfo here>
    +

    Once a CTLOG_STORE is no longer required, it should be passed to +CTLOG_STORE_free(). This will delete all of the CTLOGs stored within, along +with the CTLOG_STORE itself.

    +

    +

    +
    +

    NOTES

    +

    If there are any invalid CT logs in a file, they are skipped and the remaining +valid logs will still be added to the CTLOG_STORE. A CT log will be considered +invalid if it is missing a "key" or "description" field.

    +

    +

    +
    +

    RETURN VALUES

    +

    Both CTLOG_STORE_load_default_file and CTLOG_STORE_load_file return 1 if +all CT logs in the file are successfully parsed and loaded, 0 otherwise.

    +

    +

    +
    +

    SEE ALSO

    +

    ct(7), +CTLOG_STORE_get0_log_by_id(3), +SSL_CTX_set_ctlog_list_file(3)

    +

    +

    +
    +

    HISTORY

    +

    These functions were added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/CTLOG_new.html b/linux_amd64/share/doc/openssl/html/man3/CTLOG_new.html new file mode 100755 index 0000000..053e799 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/CTLOG_new.html @@ -0,0 +1,105 @@ + + + + +CTLOG_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    CTLOG_new, CTLOG_new_from_base64, CTLOG_free, +CTLOG_get0_name, CTLOG_get0_log_id, CTLOG_get0_public_key - +encapsulates information about a Certificate Transparency log

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ct.h>
    +
    + CTLOG *CTLOG_new(EVP_PKEY *public_key, const char *name);
+ int CTLOG_new_from_base64(CTLOG ** ct_log,
+                           const char *pkey_base64, const char *name);
+ void CTLOG_free(CTLOG *log);
+ const char *CTLOG_get0_name(const CTLOG *log);
+ void CTLOG_get0_log_id(const CTLOG *log, const uint8_t **log_id,
+                        size_t *log_id_len);
+ EVP_PKEY *CTLOG_get0_public_key(const CTLOG *log);
    +

    +

    +
    +

    DESCRIPTION

    +

    CTLOG_new() returns a new CTLOG that represents the Certificate Transparency +(CT) log with the given public key. A name must also be provided that can be +used to help users identify this log. Ownership of the public key is +transferred.

    +

    CTLOG_new_from_base64() also creates a new CTLOG, but takes the public key in +base64-encoded DER form and sets the ct_log pointer to point to the new CTLOG. +The base64 will be decoded and the public key parsed.

    +

    Regardless of whether CTLOG_new() or CTLOG_new_from_base64() is used, it is the +caller's responsibility to pass the CTLOG to CTLOG_free() once it is no longer +needed. This will delete it and, if created by CTLOG_new(), the EVP_PKEY that +was passed to it.

    +

    CTLOG_get0_name() returns the name of the log, as provided when the CTLOG was +created. Ownership of the string remains with the CTLOG.

    +

    CTLOG_get0_log_id() sets *log_id to point to a string containing that log's +LogID (see RFC 6962). It sets *log_id_len to the length of that LogID. For a +v1 CT log, the LogID will be a SHA-256 hash (i.e. 32 bytes long). Ownership of +the string remains with the CTLOG.

    +

    CTLOG_get0_public_key() returns the public key of the CT log. Ownership of the +EVP_PKEY remains with the CTLOG.

    +

    +

    +
    +

    RETURN VALUES

    +

    CTLOG_new() will return NULL if an error occurs.

    +

    CTLOG_new_from_base64() will return 1 on success, 0 otherwise.

    +

    +

    +
    +

    SEE ALSO

    +

    ct(7)

    +

    +

    +
    +

    HISTORY

    +

    These functions were added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/CT_POLICY_EVAL_CTX_new.html b/linux_amd64/share/doc/openssl/html/man3/CT_POLICY_EVAL_CTX_new.html new file mode 100755 index 0000000..665928d --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/CT_POLICY_EVAL_CTX_new.html @@ -0,0 +1,148 @@ + + + + +CT_POLICY_EVAL_CTX_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    CT_POLICY_EVAL_CTX_new, CT_POLICY_EVAL_CTX_free, +CT_POLICY_EVAL_CTX_get0_cert, CT_POLICY_EVAL_CTX_set1_cert, +CT_POLICY_EVAL_CTX_get0_issuer, CT_POLICY_EVAL_CTX_set1_issuer, +CT_POLICY_EVAL_CTX_get0_log_store, CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE, +CT_POLICY_EVAL_CTX_get_time, CT_POLICY_EVAL_CTX_set_time - +Encapsulates the data required to evaluate whether SCTs meet a Certificate Transparency policy

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ct.h>
    +
    + CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void);
+ void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx);
+ X509* CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx);
+ int CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert);
+ X509* CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx);
+ int CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer);
+ const CTLOG_STORE *CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX *ctx);
+ void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx,
+                                                CTLOG_STORE *log_store);
+ uint64_t CT_POLICY_EVAL_CTX_get_time(const CT_POLICY_EVAL_CTX *ctx);
+ void CT_POLICY_EVAL_CTX_set_time(CT_POLICY_EVAL_CTX *ctx, uint64_t time_in_ms);
    +

    +

    +
    +

    DESCRIPTION

    +

    A CT_POLICY_EVAL_CTX is used by functions that evaluate whether Signed +Certificate Timestamps (SCTs) fulfil a Certificate Transparency (CT) policy. +This policy may be, for example, that at least one valid SCT is available. To +determine this, an SCT's timestamp and signature must be verified. +This requires:

    +
      +
    • +

      the public key of the log that issued the SCT

      +
      • +
    • +

      the certificate that the SCT was issued for

      +
      • +
    • +

      the issuer certificate (if the SCT was issued for a pre-certificate)

      +
      • +
    • +

      the current time

      +
      • +
    +

    The above requirements are met using the setters described below.

    +

    CT_POLICY_EVAL_CTX_new() creates an empty policy evaluation context. This +should then be populated using:

    +
      +
    • +

      CT_POLICY_EVAL_CTX_set1_cert() to provide the certificate the SCTs were issued for

      +

      Increments the reference count of the certificate.

      +
      • +
    • +

      CT_POLICY_EVAL_CTX_set1_issuer() to provide the issuer certificate

      +

      Increments the reference count of the certificate.

      +
      • +
    • +

      CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE() to provide a list of logs that are trusted as sources of SCTs

      +

      Holds a pointer to the CTLOG_STORE, so the CTLOG_STORE must outlive the +CT_POLICY_EVAL_CTX.

      +
      • +
    • +

      CT_POLICY_EVAL_CTX_set_time() to set the time SCTs should be compared with to determine if they are valid

      +

      The SCT timestamp will be compared to this time to check whether the SCT was +issued in the future. RFC6962 states that "TLS clients MUST reject SCTs whose +timestamp is in the future". By default, this will be set to 5 minutes in the +future (e.g. (time() + 300) * 1000), to allow for clock drift.

      +

      The time should be in milliseconds since the Unix Epoch.

      +
      • +
    +

    Each setter has a matching getter for accessing the current value.

    +

    When no longer required, the CT_POLICY_EVAL_CTX should be passed to +CT_POLICY_EVAL_CTX_free() to delete it.

    +

    +

    +
    +

    NOTES

    +

    The issuer certificate only needs to be provided if at least one of the SCTs +was issued for a pre-certificate. This will be the case for SCTs embedded in a +certificate (i.e. those in an X.509 extension), but may not be the case for SCTs +found in the TLS SCT extension or OCSP response.

    +

    +

    +
    +

    RETURN VALUES

    +

    CT_POLICY_EVAL_CTX_new() will return NULL if malloc fails.

    +

    +

    +
    +

    SEE ALSO

    +

    ct(7)

    +

    +

    +
    +

    HISTORY

    +

    These functions were added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/DEFINE_STACK_OF.html b/linux_amd64/share/doc/openssl/html/man3/DEFINE_STACK_OF.html new file mode 100755 index 0000000..76f9309 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/DEFINE_STACK_OF.html @@ -0,0 +1,269 @@ + + + + +DEFINE_STACK_OF + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    DEFINE_STACK_OF, DEFINE_STACK_OF_CONST, DEFINE_SPECIAL_STACK_OF, +DEFINE_SPECIAL_STACK_OF_CONST, +sk_TYPE_num, sk_TYPE_value, sk_TYPE_new, sk_TYPE_new_null, +sk_TYPE_reserve, sk_TYPE_free, sk_TYPE_zero, sk_TYPE_delete, +sk_TYPE_delete_ptr, sk_TYPE_push, sk_TYPE_unshift, sk_TYPE_pop, +sk_TYPE_shift, sk_TYPE_pop_free, sk_TYPE_insert, sk_TYPE_set, +sk_TYPE_find, sk_TYPE_find_ex, sk_TYPE_sort, sk_TYPE_is_sorted, +sk_TYPE_dup, sk_TYPE_deep_copy, sk_TYPE_set_cmp_func, sk_TYPE_new_reserve +- stack container

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/safestack.h>
    +
    + STACK_OF(TYPE)
+ DEFINE_STACK_OF(TYPE)
+ DEFINE_STACK_OF_CONST(TYPE)
+ DEFINE_SPECIAL_STACK_OF(FUNCTYPE, TYPE)
+ DEFINE_SPECIAL_STACK_OF_CONST(FUNCTYPE, TYPE)
    +
    + typedef int (*sk_TYPE_compfunc)(const TYPE *const *a, const TYPE *const *b);
+ typedef TYPE * (*sk_TYPE_copyfunc)(const TYPE *a);
+ typedef void (*sk_TYPE_freefunc)(TYPE *a);
    +
    + int sk_TYPE_num(const STACK_OF(TYPE) *sk);
+ TYPE *sk_TYPE_value(const STACK_OF(TYPE) *sk, int idx);
+ STACK_OF(TYPE) *sk_TYPE_new(sk_TYPE_compfunc compare);
+ STACK_OF(TYPE) *sk_TYPE_new_null(void);
+ int sk_TYPE_reserve(STACK_OF(TYPE) *sk, int n);
+ void sk_TYPE_free(const STACK_OF(TYPE) *sk);
+ void sk_TYPE_zero(const STACK_OF(TYPE) *sk);
+ TYPE *sk_TYPE_delete(STACK_OF(TYPE) *sk, int i);
+ TYPE *sk_TYPE_delete_ptr(STACK_OF(TYPE) *sk, TYPE *ptr);
+ int sk_TYPE_push(STACK_OF(TYPE) *sk, const TYPE *ptr);
+ int sk_TYPE_unshift(STACK_OF(TYPE) *sk, const TYPE *ptr);
+ TYPE *sk_TYPE_pop(STACK_OF(TYPE) *sk);
+ TYPE *sk_TYPE_shift(STACK_OF(TYPE) *sk);
+ void sk_TYPE_pop_free(STACK_OF(TYPE) *sk, sk_TYPE_freefunc freefunc);
+ int sk_TYPE_insert(STACK_OF(TYPE) *sk, TYPE *ptr, int idx);
+ TYPE *sk_TYPE_set(STACK_OF(TYPE) *sk, int idx, const TYPE *ptr);
+ int sk_TYPE_find(STACK_OF(TYPE) *sk, TYPE *ptr);
+ int sk_TYPE_find_ex(STACK_OF(TYPE) *sk, TYPE *ptr);
+ void sk_TYPE_sort(const STACK_OF(TYPE) *sk);
+ int sk_TYPE_is_sorted(const STACK_OF(TYPE) *sk);
+ STACK_OF(TYPE) *sk_TYPE_dup(const STACK_OF(TYPE) *sk);
+ STACK_OF(TYPE) *sk_TYPE_deep_copy(const STACK_OF(TYPE) *sk,
+                                   sk_TYPE_copyfunc copyfunc,
+                                   sk_TYPE_freefunc freefunc);
+ sk_TYPE_compfunc (*sk_TYPE_set_cmp_func(STACK_OF(TYPE) *sk,
+                                         sk_TYPE_compfunc compare));
+ STACK_OF(TYPE) *sk_TYPE_new_reserve(sk_TYPE_compfunc compare, int n);
    +

    +

    +
    +

    DESCRIPTION

    +

    Applications can create and use their own stacks by placing any of the macros +described below in a header file. These macros define typesafe inline +functions that wrap around the utility OPENSSL_sk_ API. +In the description here, TYPE is used +as a placeholder for any of the OpenSSL datatypes, such as X509.

    +

    STACK_OF() returns the name for a stack of the specified TYPE. +DEFINE_STACK_OF() creates set of functions for a stack of TYPE. This +will mean that type TYPE is stored in each stack, the type is referenced by +STACK_OF(TYPE) and each function name begins with sk_TYPE_. +For example:

    +
    + TYPE *sk_TYPE_value(STACK_OF(TYPE) *sk, int idx);
    +

    DEFINE_STACK_OF_CONST() is identical to DEFINE_STACK_OF() except +each element is constant. For example:

    +
    + const TYPE *sk_TYPE_value(STACK_OF(TYPE) *sk, int idx);
    +

    DEFINE_SPECIAL_STACK_OF() defines a stack of TYPE but +each function uses FUNCNAME in the function name. For example:

    +
    + TYPE *sk_FUNCNAME_value(STACK_OF(TYPE) *sk, int idx);
    +

    DEFINE_SPECIAL_STACK_OF_CONST() is similar except that each element is +constant:

    +
    + const TYPE *sk_FUNCNAME_value(STACK_OF(TYPE) *sk, int idx);
    +

    sk_TYPE_num() returns the number of elements in sk or -1 if sk is +NULL.

    +

    sk_TYPE_value() returns element idx in sk, where idx starts at +zero. If idx is out of range then NULL is returned.

    +

    sk_TYPE_new() allocates a new empty stack using comparison function +compare. If compare is NULL then no comparison function is used. This +function is equivalent to sk_TYPE_new_reserve(compare, 0).

    +

    sk_TYPE_new_null() allocates a new empty stack with no comparison +function. This function is equivalent to sk_TYPE_new_reserve(NULL, 0).

    +

    sk_TYPE_reserve() allocates additional memory in the sk structure +such that the next n calls to sk_TYPE_insert(), sk_TYPE_push() +or sk_TYPE_unshift() will not fail or cause memory to be allocated +or reallocated. If n is zero, any excess space allocated in the +sk structure is freed. On error sk is unchanged.

    +

    sk_TYPE_new_reserve() allocates a new stack. The new stack will have +additional memory allocated to hold n elements if n is positive. +The next n calls to sk_TYPE_insert(), sk_TYPE_push() or +sk_TYPE_unshift() will not fail or cause memory to be allocated or +reallocated. If n is zero or less than zero, no memory is allocated. +sk_TYPE_new_reserve() also sets the comparison function compare +to the newly created stack. If compare is NULL then no comparison +function is used.

    +

    sk_TYPE_set_cmp_func() sets the comparison function of sk to +compare. The previous comparison function is returned or NULL if there +was no previous comparison function.

    +

    sk_TYPE_free() frees up the sk structure. It does not free up any +elements of sk. After this call sk is no longer valid.

    +

    sk_TYPE_zero() sets the number of elements in sk to zero. It does not +free sk so after this call sk is still valid.

    +

    sk_TYPE_pop_free() frees up all elements of sk and sk itself. The +free function freefunc() is called on each element to free it.

    +

    sk_TYPE_delete() deletes element i from sk. It returns the deleted +element or NULL if i is out of range.

    +

    sk_TYPE_delete_ptr() deletes element matching ptr from sk. It +returns the deleted element or NULL if no element matching ptr was found.

    +

    sk_TYPE_insert() inserts ptr into sk at position idx. Any +existing elements at or after idx are moved downwards. If idx is out +of range the new element is appended to sk. sk_TYPE_insert() either +returns the number of elements in sk after the new element is inserted or +zero if an error (such as memory allocation failure) occurred.

    +

    sk_TYPE_push() appends ptr to sk it is equivalent to:

    +
    + sk_TYPE_insert(sk, ptr, -1);
    +

    sk_TYPE_unshift() inserts ptr at the start of sk it is equivalent +to:

    +
    + sk_TYPE_insert(sk, ptr, 0);
    +

    sk_TYPE_pop() returns and removes the last element from sk.

    +

    sk_TYPE_shift() returns and removes the first element from sk.

    +

    sk_TYPE_set() sets element idx of sk to ptr replacing the current +element. The new element value is returned or NULL if an error occurred: +this will only happen if sk is NULL or idx is out of range.

    +

    sk_TYPE_find() searches sk for the element ptr. In the case +where no comparison function has been specified, the function performs +a linear search for a pointer equal to ptr. The index of the first +matching element is returned or -1 if there is no match. In the case +where a comparison function has been specified, sk is sorted then +sk_TYPE_find() returns the index of a matching element or -1 if there +is no match. Note that, in this case, the matching element returned is +not guaranteed to be the first; the comparison function will usually +compare the values pointed to rather than the pointers themselves and +the order of elements in sk could change.

    +

    sk_TYPE_find_ex() operates like sk_TYPE_find() except when a +comparison function has been specified and no matching element is found. +Instead of returning -1, sk_TYPE_find_ex() returns the index of the +element either before or after the location where ptr would be if it were +present in sk.

    +

    sk_TYPE_sort() sorts sk using the supplied comparison function.

    +

    sk_TYPE_is_sorted() returns 1 if sk is sorted and 0 otherwise.

    +

    sk_TYPE_dup() returns a copy of sk. Note the pointers in the copy +are identical to the original.

    +

    sk_TYPE_deep_copy() returns a new stack where each element has been +copied. Copying is performed by the supplied copyfunc() and freeing by +freefunc(). The function freefunc() is only called if an error occurs.

    +

    +

    +
    +

    NOTES

    +

    Care should be taken when accessing stacks in multi-threaded environments. +Any operation which increases the size of a stack such as sk_TYPE_insert() +or sk_TYPE_push() can "grow" the size of an internal array and cause race +conditions if the same stack is accessed in a different thread. Operations such +as sk_TYPE_find() and sk_TYPE_sort() can also reorder the stack.

    +

    Any comparison function supplied should use a metric suitable +for use in a binary search operation. That is it should return zero, a +positive or negative value if a is equal to, greater than +or less than b respectively.

    +

    Care should be taken when checking the return values of the functions +sk_TYPE_find() and sk_TYPE_find_ex(). They return an index to the +matching element. In particular 0 indicates a matching first element. +A failed search is indicated by a -1 return value.

    +

    STACK_OF(), DEFINE_STACK_OF(), DEFINE_STACK_OF_CONST(), and +DEFINE_SPECIAL_STACK_OF() are implemented as macros.

    +

    The underlying utility OPENSSL_sk_ API should not be used directly. +It defines these functions: OPENSSL_sk_deep_copy(), +OPENSSL_sk_delete(), OPENSSL_sk_delete_ptr(), OPENSSL_sk_dup(), +OPENSSL_sk_find(), OPENSSL_sk_find_ex(), OPENSSL_sk_free(), +OPENSSL_sk_insert(), OPENSSL_sk_is_sorted(), OPENSSL_sk_new(), +OPENSSL_sk_new_null(), OPENSSL_sk_num(), OPENSSL_sk_pop(), +OPENSSL_sk_pop_free(), OPENSSL_sk_push(), OPENSSL_sk_reserve(), +OPENSSL_sk_set(), OPENSSL_sk_set_cmp_func(), OPENSSL_sk_shift(), +OPENSSL_sk_sort(), OPENSSL_sk_unshift(), OPENSSL_sk_value(), +OPENSSL_sk_zero().

    +

    +

    +
    +

    RETURN VALUES

    +

    sk_TYPE_num() returns the number of elements in the stack or -1 if the +passed stack is NULL.

    +

    sk_TYPE_value() returns a pointer to a stack element or NULL if the +index is out of range.

    +

    sk_TYPE_new(), sk_TYPE_new_null() and sk_TYPE_new_reserve() +return an empty stack or NULL if an error occurs.

    +

    sk_TYPE_reserve() returns 1 on successful allocation of the required +memory or 0 on error.

    +

    sk_TYPE_set_cmp_func() returns the old comparison function or NULL if +there was no old comparison function.

    +

    sk_TYPE_free(), sk_TYPE_zero(), sk_TYPE_pop_free() and +sk_TYPE_sort() do not return values.

    +

    sk_TYPE_pop(), sk_TYPE_shift(), sk_TYPE_delete() and +sk_TYPE_delete_ptr() return a pointer to the deleted element or NULL +on error.

    +

    sk_TYPE_insert(), sk_TYPE_push() and sk_TYPE_unshift() return +the total number of elements in the stack and 0 if an error occurred.

    +

    sk_TYPE_set() returns a pointer to the replacement element or NULL on +error.

    +

    sk_TYPE_find() and sk_TYPE_find_ex() return an index to the found +element or -1 on error.

    +

    sk_TYPE_is_sorted() returns 1 if the stack is sorted and 0 if it is +not.

    +

    sk_TYPE_dup() and sk_TYPE_deep_copy() return a pointer to the copy +of the stack.

    +

    +

    +
    +

    HISTORY

    +

    Before OpenSSL 1.1.0, this was implemented via macros and not inline functions +and was not a public API.

    +

    sk_TYPE_reserve() and sk_TYPE_new_reserve() were added in OpenSSL +1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/DES_random_key.html b/linux_amd64/share/doc/openssl/html/man3/DES_random_key.html new file mode 100755 index 0000000..c6220c5 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/DES_random_key.html @@ -0,0 +1,334 @@ + + + + +DES_random_key + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    DES_random_key, DES_set_key, DES_key_sched, DES_set_key_checked, +DES_set_key_unchecked, DES_set_odd_parity, DES_is_weak_key, +DES_ecb_encrypt, DES_ecb2_encrypt, DES_ecb3_encrypt, DES_ncbc_encrypt, +DES_cfb_encrypt, DES_ofb_encrypt, DES_pcbc_encrypt, DES_cfb64_encrypt, +DES_ofb64_encrypt, DES_xcbc_encrypt, DES_ede2_cbc_encrypt, +DES_ede2_cfb64_encrypt, DES_ede2_ofb64_encrypt, DES_ede3_cbc_encrypt, +DES_ede3_cfb64_encrypt, DES_ede3_ofb64_encrypt, +DES_cbc_cksum, DES_quad_cksum, DES_string_to_key, DES_string_to_2keys, +DES_fcrypt, DES_crypt - DES encryption

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/des.h>
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + void DES_random_key(DES_cblock *ret);
    +
    + int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule);
+ int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule);
+ int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule);
+ void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule);
    +
    + void DES_set_odd_parity(DES_cblock *key);
+ int DES_is_weak_key(const_DES_cblock *key);
    +
    + void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output,
+                      DES_key_schedule *ks, int enc);
+ void DES_ecb2_encrypt(const_DES_cblock *input, DES_cblock *output,
+                       DES_key_schedule *ks1, DES_key_schedule *ks2, int enc);
+ void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output,
+                       DES_key_schedule *ks1, DES_key_schedule *ks2,
+                       DES_key_schedule *ks3, int enc);
    +
    + void DES_ncbc_encrypt(const unsigned char *input, unsigned char *output,
+                       long length, DES_key_schedule *schedule, DES_cblock *ivec,
+                       int enc);
+ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out,
+                      int numbits, long length, DES_key_schedule *schedule,
+                      DES_cblock *ivec, int enc);
+ void DES_ofb_encrypt(const unsigned char *in, unsigned char *out,
+                      int numbits, long length, DES_key_schedule *schedule,
+                      DES_cblock *ivec);
+ void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output,
+                       long length, DES_key_schedule *schedule, DES_cblock *ivec,
+                       int enc);
+ void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                        long length, DES_key_schedule *schedule, DES_cblock *ivec,
+                        int *num, int enc);
+ void DES_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                        long length, DES_key_schedule *schedule, DES_cblock *ivec,
+                        int *num);
    +
    + void DES_xcbc_encrypt(const unsigned char *input, unsigned char *output,
+                       long length, DES_key_schedule *schedule, DES_cblock *ivec,
+                       const_DES_cblock *inw, const_DES_cblock *outw, int enc);
    +
    + void DES_ede2_cbc_encrypt(const unsigned char *input, unsigned char *output,
+                           long length, DES_key_schedule *ks1,
+                           DES_key_schedule *ks2, DES_cblock *ivec, int enc);
+ void DES_ede2_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                             long length, DES_key_schedule *ks1,
+                             DES_key_schedule *ks2, DES_cblock *ivec,
+                             int *num, int enc);
+ void DES_ede2_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                             long length, DES_key_schedule *ks1,
+                             DES_key_schedule *ks2, DES_cblock *ivec, int *num);
    +
    + void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output,
+                           long length, DES_key_schedule *ks1,
+                           DES_key_schedule *ks2, DES_key_schedule *ks3,
+                           DES_cblock *ivec, int enc);
+ void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                             long length, DES_key_schedule *ks1,
+                             DES_key_schedule *ks2, DES_key_schedule *ks3,
+                             DES_cblock *ivec, int *num, int enc);
+ void DES_ede3_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                             long length, DES_key_schedule *ks1,
+                             DES_key_schedule *ks2, DES_key_schedule *ks3,
+                             DES_cblock *ivec, int *num);
    +
    + DES_LONG DES_cbc_cksum(const unsigned char *input, DES_cblock *output,
+                        long length, DES_key_schedule *schedule,
+                        const_DES_cblock *ivec);
+ DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[],
+                         long length, int out_count, DES_cblock *seed);
+ void DES_string_to_key(const char *str, DES_cblock *key);
+ void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2);
    +
    + char *DES_fcrypt(const char *buf, const char *salt, char *ret);
+ char *DES_crypt(const char *buf, const char *salt);
    +

    +

    +
    +

    DESCRIPTION

    +

    All of the functions described on this page are deprecated. Applications should +instead use EVP_EncryptInit_ex(3), EVP_EncryptUpdate(3) and +EVP_EncryptFinal_ex(3) or the equivalently named decrypt functions.

    +

    This library contains a fast implementation of the DES encryption +algorithm.

    +

    There are two phases to the use of DES encryption. The first is the +generation of a DES_key_schedule from a key, the second is the +actual encryption. A DES key is of type DES_cblock. This type +consists of 8 bytes with odd parity. The least significant bit in +each byte is the parity bit. The key schedule is an expanded form of +the key; it is used to speed the encryption process.

    +

    DES_random_key() generates a random key. The random generator must be +seeded when calling this function. +If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to +external circumstances (see RAND(7)), the operation will fail. +If the function fails, 0 is returned.

    +

    Before a DES key can be used, it must be converted into the +architecture dependent DES_key_schedule via the +DES_set_key_checked() or DES_set_key_unchecked() function.

    +

    DES_set_key_checked() will check that the key passed is of odd parity +and is not a weak or semi-weak key. If the parity is wrong, then -1 +is returned. If the key is a weak key, then -2 is returned. If an +error is returned, the key schedule is not generated.

    +

    DES_set_key() works like DES_set_key_checked() and remains for +backward compatibility.

    +

    DES_set_odd_parity() sets the parity of the passed key to odd.

    +

    DES_is_weak_key() returns 1 if the passed key is a weak key, 0 if it +is ok.

    +

    The following routines mostly operate on an input and output stream of +DES_cblocks.

    +

    DES_ecb_encrypt() is the basic DES encryption routine that encrypts or +decrypts a single 8-byte DES_cblock in electronic code book +(ECB) mode. It always transforms the input data, pointed to by +input, into the output data, pointed to by the output argument. +If the encrypt argument is nonzero (DES_ENCRYPT), the input +(cleartext) is encrypted in to the output (ciphertext) using the +key_schedule specified by the schedule argument, previously set via +DES_set_key. If encrypt is zero (DES_DECRYPT), the input (now +ciphertext) is decrypted into the output (now cleartext). Input +and output may overlap. DES_ecb_encrypt() does not return a value.

    +

    DES_ecb3_encrypt() encrypts/decrypts the input block by using +three-key Triple-DES encryption in ECB mode. This involves encrypting +the input with ks1, decrypting with the key schedule ks2, and +then encrypting with ks3. This routine greatly reduces the chances +of brute force breaking of DES and has the advantage of if ks1, +ks2 and ks3 are the same, it is equivalent to just encryption +using ECB mode and ks1 as the key.

    +

    The macro DES_ecb2_encrypt() is provided to perform two-key Triple-DES +encryption by using ks1 for the final encryption.

    +

    DES_ncbc_encrypt() encrypts/decrypts using the cipher-block-chaining +(CBC) mode of DES. If the encrypt argument is nonzero, the +routine cipher-block-chain encrypts the cleartext data pointed to by +the input argument into the ciphertext pointed to by the output +argument, using the key schedule provided by the schedule argument, +and initialization vector provided by the ivec argument. If the +length argument is not an integral multiple of eight bytes, the +last block is copied to a temporary area and zero filled. The output +is always an integral multiple of eight bytes.

    +

    DES_xcbc_encrypt() is RSA's DESX mode of DES. It uses inw and +outw to 'whiten' the encryption. inw and outw are secret +(unlike the iv) and are as such, part of the key. So the key is sort +of 24 bytes. This is much better than CBC DES.

    +

    DES_ede3_cbc_encrypt() implements outer triple CBC DES encryption with +three keys. This means that each DES operation inside the CBC mode is +C=E(ks3,D(ks2,E(ks1,M))). This mode is used by SSL.

    +

    The DES_ede2_cbc_encrypt() macro implements two-key Triple-DES by +reusing ks1 for the final encryption. C=E(ks1,D(ks2,E(ks1,M))). +This form of Triple-DES is used by the RSAREF library.

    +

    DES_pcbc_encrypt() encrypts/decrypts using the propagating cipher block +chaining mode used by Kerberos v4. Its parameters are the same as +DES_ncbc_encrypt().

    +

    DES_cfb_encrypt() encrypts/decrypts using cipher feedback mode. This +method takes an array of characters as input and outputs an array of +characters. It does not require any padding to 8 character groups. +Note: the ivec variable is changed and the new changed value needs to +be passed to the next call to this function. Since this function runs +a complete DES ECB encryption per numbits, this function is only +suggested for use when sending a small number of characters.

    +

    DES_cfb64_encrypt() +implements CFB mode of DES with 64-bit feedback. Why is this +useful you ask? Because this routine will allow you to encrypt an +arbitrary number of bytes, without 8 byte padding. Each call to this +routine will encrypt the input bytes to output and then update ivec +and num. num contains 'how far' we are though ivec. If this does +not make much sense, read more about CFB mode of DES.

    +

    DES_ede3_cfb64_encrypt() and DES_ede2_cfb64_encrypt() is the same as +DES_cfb64_encrypt() except that Triple-DES is used.

    +

    DES_ofb_encrypt() encrypts using output feedback mode. This method +takes an array of characters as input and outputs an array of +characters. It does not require any padding to 8 character groups. +Note: the ivec variable is changed and the new changed value needs to +be passed to the next call to this function. Since this function runs +a complete DES ECB encryption per numbits, this function is only +suggested for use when sending a small number of characters.

    +

    DES_ofb64_encrypt() is the same as DES_cfb64_encrypt() using Output +Feed Back mode.

    +

    DES_ede3_ofb64_encrypt() and DES_ede2_ofb64_encrypt() is the same as +DES_ofb64_encrypt(), using Triple-DES.

    +

    The following functions are included in the DES library for +compatibility with the MIT Kerberos library.

    +

    DES_cbc_cksum() produces an 8 byte checksum based on the input stream +(via CBC encryption). The last 4 bytes of the checksum are returned +and the complete 8 bytes are placed in output. This function is +used by Kerberos v4. Other applications should use +EVP_DigestInit(3) etc. instead.

    +

    DES_quad_cksum() is a Kerberos v4 function. It returns a 4 byte +checksum from the input bytes. The algorithm can be iterated over the +input, depending on out_count, 1, 2, 3 or 4 times. If output is +non-NULL, the 8 bytes generated by each pass are written into +output.

    +

    The following are DES-based transformations:

    +

    DES_fcrypt() is a fast version of the Unix crypt(3) function. This +version takes only a small amount of space relative to other fast +crypt() implementations. This is different to the normal crypt() in +that the third parameter is the buffer that the return value is +written into. It needs to be at least 14 bytes long. This function +is thread safe, unlike the normal crypt().

    +

    DES_crypt() is a faster replacement for the normal system crypt(). +This function calls DES_fcrypt() with a static array passed as the +third parameter. This mostly emulates the normal non-thread-safe semantics +of crypt(3). +The salt must be two ASCII characters.

    +

    The values returned by DES_fcrypt() and DES_crypt() are terminated by NUL +character.

    +

    DES_enc_write() writes len bytes to file descriptor fd from +buffer buf. The data is encrypted via pcbc_encrypt (default) +using sched for the key and iv as a starting vector. The actual +data send down fd consists of 4 bytes (in network byte order) +containing the length of the following encrypted data. The encrypted +data then follows, padded with random data out to a multiple of 8 +bytes.

    +

    +

    +
    +

    BUGS

    +

    DES_cbc_encrypt() does not modify ivec; use DES_ncbc_encrypt() +instead.

    +

    DES_cfb_encrypt() and DES_ofb_encrypt() operates on input of 8 bits. +What this means is that if you set numbits to 12, and length to 2, the +first 12 bits will come from the 1st input byte and the low half of +the second input byte. The second 12 bits will have the low 8 bits +taken from the 3rd input byte and the top 4 bits taken from the 4th +input byte. The same holds for output. This function has been +implemented this way because most people will be using a multiple of 8 +and because once you get into pulling bytes input bytes apart things +get ugly!

    +

    DES_string_to_key() is available for backward compatibility with the +MIT library. New applications should use a cryptographic hash function. +The same applies for DES_string_to_2key().

    +

    +

    +
    +

    NOTES

    +

    The des library was written to be source code compatible with +the MIT Kerberos library.

    +

    Applications should use the higher level functions +EVP_EncryptInit(3) etc. instead of calling these +functions directly.

    +

    Single-key DES is insecure due to its short key size. ECB mode is +not suitable for most applications; see des_modes(7).

    +

    +

    +
    +

    RETURN VALUES

    +

    DES_set_key(), DES_key_sched(), DES_set_key_checked() and DES_is_weak_key() +return 0 on success or negative values on error.

    +

    DES_cbc_cksum() and DES_quad_cksum() return 4-byte integer representing the +last 4 bytes of the checksum of the input.

    +

    DES_fcrypt() returns a pointer to the caller-provided buffer and DES_crypt() - +to a static buffer on success; otherwise they return NULL.

    +

    +

    +
    +

    SEE ALSO

    +

    des_modes(7), +EVP_EncryptInit(3)

    +

    +

    +
    +

    HISTORY

    +

    All of these functions were deprecated in OpenSSL 3.0.

    +

    The requirement that the salt parameter to DES_crypt() and DES_fcrypt() +be two ASCII characters was first enforced in +OpenSSL 1.1.0. Previous versions tried to use the letter uppercase A +if both character were not present, and could crash when given non-ASCII +on some platforms.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/DH_generate_key.html b/linux_amd64/share/doc/openssl/html/man3/DH_generate_key.html new file mode 100755 index 0000000..99e3a2f --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/DH_generate_key.html @@ -0,0 +1,100 @@ + + + + +DH_generate_key + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    DH_generate_key, DH_compute_key - perform Diffie-Hellman key exchange

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/dh.h>
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + int DH_generate_key(DH *dh);
    +
    + int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh);
    +

    +

    +
    +

    DESCRIPTION

    +

    Both of the functions described on this page are deprecated. +Applications should instead use EVP_PKEY_derive_init(3) +and EVP_PKEY_derive(3).

    +

    DH_generate_key() performs the first step of a Diffie-Hellman key +exchange by generating private and public DH values. By calling +DH_compute_key(), these are combined with the other party's public +value to compute the shared key.

    +

    DH_generate_key() expects dh to contain the shared parameters +dh->p and dh->g. It generates a random private DH value +unless dh->priv_key is already set, and computes the +corresponding public value dh->pub_key, which can then be +published.

    +

    DH_compute_key() computes the shared secret from the private DH value +in dh and the other party's public value in pub_key and stores +it in key. key must point to DH_size(dh) bytes of memory.

    +

    +

    +
    +

    RETURN VALUES

    +

    DH_generate_key() returns 1 on success, 0 otherwise.

    +

    DH_compute_key() returns the size of the shared secret on success, -1 +on error.

    +

    The error codes can be obtained by ERR_get_error(3).

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_PKEY_derive(3), +DH_new(3), ERR_get_error(3), RAND_bytes(3), DH_size(3)

    +

    +

    +
    +

    HISTORY

    +

    Both of these functions were deprecated in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/DH_generate_parameters.html b/linux_amd64/share/doc/openssl/html/man3/DH_generate_parameters.html new file mode 100755 index 0000000..543284a --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/DH_generate_parameters.html @@ -0,0 +1,203 @@ + + + + +DH_generate_parameters + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    DH_generate_parameters_ex, DH_generate_parameters, +DH_check, DH_check_params, +DH_check_ex, DH_check_params_ex, DH_check_pub_key_ex +- generate and check Diffie-Hellman +parameters

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/dh.h>
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + int DH_generate_parameters_ex(DH *dh, int prime_len, int generator, BN_GENCB *cb);
    +
    + int DH_check(DH *dh, int *codes);
+ int DH_check_params(DH *dh, int *codes);
    +
    + int DH_check_ex(const DH *dh);
+ int DH_check_params_ex(const DH *dh);
+ int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key);
    +

    Deprecated since OpenSSL 0.9.8, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + DH *DH_generate_parameters(int prime_len, int generator,
+                            void (*callback)(int, int, void *), void *cb_arg);
    +

    +

    +
    +

    DESCRIPTION

    +

    All of the functions described on this page are deprecated. +Applications should instead use EVP_PKEY_check(3), +EVP_PKEY_public_check(3), EVP_PKEY_private_check(3) and +EVP_PKEY_param_check(3).

    +

    DH_generate_parameters_ex() generates Diffie-Hellman parameters that can +be shared among a group of users, and stores them in the provided DH +structure. The pseudo-random number generator must be +seeded before calling it. +The parameters generated by DH_generate_parameters_ex() should not be used in +signature schemes.

    +

    prime_len is the length in bits of the safe prime to be generated. +generator is a small number > 1, typically 2 or 5.

    +

    A callback function may be used to provide feedback about the progress +of the key generation. If cb is not NULL, it will be +called as described in BN_generate_prime(3) while a random prime +number is generated, and when a prime has been found, BN_GENCB_call(cb, 3, 0) +is called. See BN_generate_prime_ex(3) for information on +the BN_GENCB_call() function.

    +

    DH_generate_parameters() is similar to DH_generate_prime_ex() but +expects an old-style callback function; see +BN_generate_prime(3) for information on the old-style callback.

    +

    DH_check_params() confirms that the p and g are likely enough to +be valid. +This is a lightweight check, if a more thorough check is needed, use +DH_check(). +The value of *codes is updated with any problems found. +If *codes is zero then no problems were found, otherwise the +following bits may be set:

    +
    +
    DH_CHECK_P_NOT_PRIME
    + +
    +

    The parameter p has been determined to not being an odd prime. +Note that the lack of this bit doesn't guarantee that p is a +prime.

    +
    +
    DH_NOT_SUITABLE_GENERATOR
    + +
    +

    The generator g is not suitable. +Note that the lack of this bit doesn't guarantee that g is +suitable, unless p is known to be a strong prime.

    +
    +
    DH_MODULUS_TOO_SMALL
    + +
    +

    The modulus is too small.

    +
    +
    DH_MODULUS_TOO_LARGE
    + +
    +

    The modulus is too large.

    +
    +
    +

    DH_check() confirms that the Diffie-Hellman parameters dh are valid. The +value of *codes is updated with any problems found. If *codes is zero then +no problems were found, otherwise the following bits may be set:

    +
    +
    DH_CHECK_P_NOT_PRIME
    + +
    +

    The parameter p is not prime.

    +
    +
    DH_CHECK_P_NOT_SAFE_PRIME
    + +
    +

    The parameter p is not a safe prime and no q value is present.

    +
    +
    DH_UNABLE_TO_CHECK_GENERATOR
    + +
    +

    The generator g cannot be checked for suitability.

    +
    +
    DH_NOT_SUITABLE_GENERATOR
    + +
    +

    The generator g is not suitable.

    +
    +
    DH_CHECK_Q_NOT_PRIME
    + +
    +

    The parameter q is not prime.

    +
    +
    DH_CHECK_INVALID_Q_VALUE
    + +
    +

    The parameter q is invalid.

    +
    +
    DH_CHECK_INVALID_J_VALUE
    + +
    +

    The parameter j is invalid.

    +
    +
    +

    DH_check_ex(), DH_check_params() and DH_check_pub_key_ex() are similar to +DH_check() and DH_check_params() respectively, but the error reasons are added +to the thread's error queue instead of provided as return values from the +function.

    +

    +

    +
    +

    RETURN VALUES

    +

    DH_generate_parameters_ex(), DH_check() and DH_check_params() return 1 +if the check could be performed, 0 otherwise.

    +

    DH_generate_parameters() returns a pointer to the DH structure or NULL if +the parameter generation fails.

    +

    DH_check_ex(), DH_check_params() and DH_check_pub_key_ex() return 1 if the +check is successful, 0 for failed.

    +

    The error codes can be obtained by ERR_get_error(3).

    +

    +

    +
    +

    SEE ALSO

    +

    DH_new(3), ERR_get_error(3), RAND_bytes(3), +DH_free(3)

    +

    +

    +
    +

    HISTORY

    +

    All of these functions were deprecated in OpenSSL 3.0.

    +

    DH_generate_parameters() was deprecated in OpenSSL 0.9.8; use +DH_generate_parameters_ex() instead.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/DH_get0_pqg.html b/linux_amd64/share/doc/openssl/html/man3/DH_get0_pqg.html new file mode 100755 index 0000000..90137dd --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/DH_get0_pqg.html @@ -0,0 +1,164 @@ + + + + +DH_get0_pqg + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    DH_get0_pqg, DH_set0_pqg, DH_get0_key, DH_set0_key, +DH_get0_p, DH_get0_q, DH_get0_g, +DH_get0_priv_key, DH_get0_pub_key, +DH_clear_flags, DH_test_flags, DH_set_flags, DH_get0_engine, +DH_get_length, DH_set_length - Routines for getting and setting data in a DH object

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/dh.h>
    +
    + void DH_get0_pqg(const DH *dh,
+                  const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
+ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
+ void DH_get0_key(const DH *dh,
+                  const BIGNUM **pub_key, const BIGNUM **priv_key);
+ int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key);
+ const BIGNUM *DH_get0_p(const DH *dh);
+ const BIGNUM *DH_get0_q(const DH *dh);
+ const BIGNUM *DH_get0_g(const DH *dh);
+ const BIGNUM *DH_get0_priv_key(const DH *dh);
+ const BIGNUM *DH_get0_pub_key(const DH *dh);
+ void DH_clear_flags(DH *dh, int flags);
+ int DH_test_flags(const DH *dh, int flags);
+ void DH_set_flags(DH *dh, int flags);
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + ENGINE *DH_get0_engine(DH *d);
+ long DH_get_length(const DH *dh);
+ int DH_set_length(DH *dh, long length);
    +

    +

    +
    +

    DESCRIPTION

    +

    A DH object contains the parameters p, q and g. Note that the q +parameter is optional. It also contains a public key (pub_key) and +(optionally) a private key (priv_key).

    +

    The p, q and g parameters can be obtained by calling DH_get0_pqg(). +If the parameters have not yet been set then *p, *q and *g will be set +to NULL. Otherwise they are set to pointers to their respective values. These +point directly to the internal representations of the values and therefore +should not be freed directly. +Any of the out parameters p, q, and g can be NULL, in which case no +value will be returned for that parameter.

    +

    The p, q and g values can be set by calling DH_set0_pqg() and passing +the new values for p, q and g as parameters to the function. Calling +this function transfers the memory management of the values to the DH object, +and therefore the values that have been passed in should not be freed directly +after this function has been called. The q parameter may be NULL.

    +

    To get the public and private key values use the DH_get0_key() function. A +pointer to the public key will be stored in *pub_key, and a pointer to the +private key will be stored in *priv_key. Either may be NULL if they have not +been set yet, although if the private key has been set then the public key must +be. The values point to the internal representation of the public key and +private key values. This memory should not be freed directly. +Any of the out parameters pub_key and priv_key can be NULL, in which case +no value will be returned for that parameter.

    +

    The public and private key values can be set using DH_set0_key(). Either +parameter may be NULL, which means the corresponding DH field is left +untouched. As with DH_set0_pqg() this function transfers the memory management +of the key values to the DH object, and therefore they should not be freed +directly after this function has been called.

    +

    Any of the values p, q, g, priv_key, and pub_key can also be +retrieved separately by the corresponding function DH_get0_p(), DH_get0_q(), +DH_get0_g(), DH_get0_priv_key(), and DH_get0_pub_key(), respectively.

    +

    DH_set_flags() sets the flags in the flags parameter on the DH object. +Multiple flags can be passed in one go (bitwise ORed together). Any flags that +are already set are left set. DH_test_flags() tests to see whether the flags +passed in the flags parameter are currently set in the DH object. Multiple +flags can be tested in one go. All flags that are currently set are returned, or +zero if none of the flags are set. DH_clear_flags() clears the specified flags +within the DH object.

    +

    DH_get0_engine() returns a handle to the ENGINE that has been set for this DH +object, or NULL if no such ENGINE has been set. This function is deprecated.

    +

    The DH_get_length() and DH_set_length() functions get and set the optional +length parameter associated with this DH object. If the length is nonzero then +it is used, otherwise it is ignored. The length parameter indicates the +length of the secret exponent (private key) in bits. These functions are +deprecated.

    +

    +

    +
    +

    NOTES

    +

    Values retrieved with DH_get0_key() are owned by the DH object used +in the call and may therefore not be passed to DH_set0_key(). If +needed, duplicate the received value using BN_dup() and pass the +duplicate. The same applies to DH_get0_pqg() and DH_set0_pqg().

    +

    +

    +
    +

    RETURN VALUES

    +

    DH_set0_pqg() and DH_set0_key() return 1 on success or 0 on failure.

    +

    DH_get0_p(), DH_get0_q(), DH_get0_g(), DH_get0_priv_key(), and DH_get0_pub_key() +return the respective value, or NULL if it is unset.

    +

    DH_test_flags() returns the current state of the flags in the DH object.

    +

    DH_get0_engine() returns the ENGINE set for the DH object or NULL if no ENGINE +has been set.

    +

    DH_get_length() returns the length of the secret exponent (private key) in bits, +or zero if no such length has been explicitly set.

    +

    +

    +
    +

    SEE ALSO

    +

    DH_new(3), DH_new(3), DH_generate_parameters(3), DH_generate_key(3), +DH_set_method(3), DH_size(3), DH_meth_new(3)

    +

    +

    +
    +

    HISTORY

    +

    The DH_get0_engine(), DH_get_length() and DH_set_length() functions were +deprecated in OpenSSL 3.0.

    +

    The functions described here were added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/DH_get_1024_160.html b/linux_amd64/share/doc/openssl/html/man3/DH_get_1024_160.html new file mode 100755 index 0000000..af5ff21 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/DH_get_1024_160.html @@ -0,0 +1,107 @@ + + + + +DH_get_1024_160 + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    DH_get_1024_160, +DH_get_2048_224, +DH_get_2048_256, +BN_get0_nist_prime_192, +BN_get0_nist_prime_224, +BN_get0_nist_prime_256, +BN_get0_nist_prime_384, +BN_get0_nist_prime_521, +BN_get_rfc2409_prime_768, +BN_get_rfc2409_prime_1024, +BN_get_rfc3526_prime_1536, +BN_get_rfc3526_prime_2048, +BN_get_rfc3526_prime_3072, +BN_get_rfc3526_prime_4096, +BN_get_rfc3526_prime_6144, +BN_get_rfc3526_prime_8192 +- Create standardized public primes or DH pairs

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/dh.h>
+ DH *DH_get_1024_160(void)
+ DH *DH_get_2048_224(void)
+ DH *DH_get_2048_256(void)
    +
    + const BIGNUM *BN_get0_nist_prime_192(void)
+ const BIGNUM *BN_get0_nist_prime_224(void)
+ const BIGNUM *BN_get0_nist_prime_256(void)
+ const BIGNUM *BN_get0_nist_prime_384(void)
+ const BIGNUM *BN_get0_nist_prime_521(void)
    +
    + BIGNUM *BN_get_rfc2409_prime_768(BIGNUM *bn)
+ BIGNUM *BN_get_rfc2409_prime_1024(BIGNUM *bn)
+ BIGNUM *BN_get_rfc3526_prime_1536(BIGNUM *bn)
+ BIGNUM *BN_get_rfc3526_prime_2048(BIGNUM *bn)
+ BIGNUM *BN_get_rfc3526_prime_3072(BIGNUM *bn)
+ BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *bn)
+ BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn)
+ BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn)
    +

    +

    +
    +

    DESCRIPTION

    +

    DH_get_1024_160(), DH_get_2048_224(), and DH_get_2048_256() each return +a DH object for the IETF RFC 5114 value.

    +

    BN_get0_nist_prime_192(), BN_get0_nist_prime_224(), BN_get0_nist_prime_256(), +BN_get0_nist_prime_384(), and BN_get0_nist_prime_521() functions return +a BIGNUM for the specific NIST prime curve (e.g., P-256).

    +

    BN_get_rfc2409_prime_768(), BN_get_rfc2409_prime_1024(), +BN_get_rfc3526_prime_1536(), BN_get_rfc3526_prime_2048(), +BN_get_rfc3526_prime_3072(), BN_get_rfc3526_prime_4096(), +BN_get_rfc3526_prime_6144(), and BN_get_rfc3526_prime_8192() functions +return a BIGNUM for the specified size from IETF RFC 2409. If bn +is not NULL, the BIGNUM will be set into that location as well.

    +

    +

    +
    +

    RETURN VALUES

    +

    Defined above.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/DH_meth_new.html b/linux_amd64/share/doc/openssl/html/man3/DH_meth_new.html new file mode 100755 index 0000000..bf460bc --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/DH_meth_new.html @@ -0,0 +1,196 @@ + + + + +DH_meth_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    DH_meth_new, DH_meth_free, DH_meth_dup, DH_meth_get0_name, DH_meth_set1_name, +DH_meth_get_flags, DH_meth_set_flags, DH_meth_get0_app_data, +DH_meth_set0_app_data, DH_meth_get_generate_key, DH_meth_set_generate_key, +DH_meth_get_compute_key, DH_meth_set_compute_key, DH_meth_get_bn_mod_exp, +DH_meth_set_bn_mod_exp, DH_meth_get_init, DH_meth_set_init, DH_meth_get_finish, +DH_meth_set_finish, DH_meth_get_generate_params, +DH_meth_set_generate_params - Routines to build up DH methods

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/dh.h>
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + DH_METHOD *DH_meth_new(const char *name, int flags);
    +
    + void DH_meth_free(DH_METHOD *dhm);
    +
    + DH_METHOD *DH_meth_dup(const DH_METHOD *dhm);
    +
    + const char *DH_meth_get0_name(const DH_METHOD *dhm);
+ int DH_meth_set1_name(DH_METHOD *dhm, const char *name);
    +
    + int DH_meth_get_flags(const DH_METHOD *dhm);
+ int DH_meth_set_flags(DH_METHOD *dhm, int flags);
    +
    + void *DH_meth_get0_app_data(const DH_METHOD *dhm);
+ int DH_meth_set0_app_data(DH_METHOD *dhm, void *app_data);
    +
    + int (*DH_meth_get_generate_key(const DH_METHOD *dhm))(DH *);
+ int DH_meth_set_generate_key(DH_METHOD *dhm, int (*generate_key)(DH *));
    +
    + int (*DH_meth_get_compute_key(const DH_METHOD *dhm))
+     (unsigned char *key, const BIGNUM *pub_key, DH *dh);
+ int DH_meth_set_compute_key(DH_METHOD *dhm,
+     int (*compute_key)(unsigned char *key, const BIGNUM *pub_key, DH *dh));
    +
    + int (*DH_meth_get_bn_mod_exp(const DH_METHOD *dhm))
+     (const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+      const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+ int DH_meth_set_bn_mod_exp(DH_METHOD *dhm,
+     int (*bn_mod_exp)(const DH *dh, BIGNUM *r, const BIGNUM *a,
+                       const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+                       BN_MONT_CTX *m_ctx));
    +
    + int (*DH_meth_get_init(const DH_METHOD *dhm))(DH *);
+ int DH_meth_set_init(DH_METHOD *dhm, int (*init)(DH *));
    +
    + int (*DH_meth_get_finish(const DH_METHOD *dhm))(DH *);
+ int DH_meth_set_finish(DH_METHOD *dhm, int (*finish)(DH *));
    +
    + int (*DH_meth_get_generate_params(const DH_METHOD *dhm))
+     (DH *, int, int, BN_GENCB *);
+ int DH_meth_set_generate_params(DH_METHOD *dhm,
+     int (*generate_params)(DH *, int, int, BN_GENCB *));
    +

    +

    +
    +

    DESCRIPTION

    +

    All of the functions described on this page are deprecated. +Applications should instead use the provider APIs.

    +

    The DH_METHOD type is a structure used for the provision of custom DH +implementations. It provides a set of functions used by OpenSSL for the +implementation of the various DH capabilities.

    +

    DH_meth_new() creates a new DH_METHOD structure. It should be given a +unique name and a set of flags. The name should be a NULL terminated +string, which will be duplicated and stored in the DH_METHOD object. It is +the callers responsibility to free the original string. The flags will be used +during the construction of a new DH object based on this DH_METHOD. Any +new DH object will have those flags set by default.

    +

    DH_meth_dup() creates a duplicate copy of the DH_METHOD object passed as a +parameter. This might be useful for creating a new DH_METHOD based on an +existing one, but with some differences.

    +

    DH_meth_free() destroys a DH_METHOD structure and frees up any memory +associated with it.

    +

    DH_meth_get0_name() will return a pointer to the name of this DH_METHOD. This +is a pointer to the internal name string and so should not be freed by the +caller. DH_meth_set1_name() sets the name of the DH_METHOD to name. The +string is duplicated and the copy is stored in the DH_METHOD structure, so the +caller remains responsible for freeing the memory associated with the name.

    +

    DH_meth_get_flags() returns the current value of the flags associated with this +DH_METHOD. DH_meth_set_flags() provides the ability to set these flags.

    +

    The functions DH_meth_get0_app_data() and DH_meth_set0_app_data() provide the +ability to associate implementation specific data with the DH_METHOD. It is +the application's responsibility to free this data before the DH_METHOD is +freed via a call to DH_meth_free().

    +

    DH_meth_get_generate_key() and DH_meth_set_generate_key() get and set the +function used for generating a new DH key pair respectively. This function will +be called in response to the application calling DH_generate_key(). The +parameter for the function has the same meaning as for DH_generate_key().

    +

    DH_meth_get_compute_key() and DH_meth_set_compute_key() get and set the +function used for computing a new DH shared secret respectively. This function +will be called in response to the application calling DH_compute_key(). The +parameters for the function have the same meaning as for DH_compute_key().

    +

    DH_meth_get_bn_mod_exp() and DH_meth_set_bn_mod_exp() get and set the function +used for computing the following value:

    +
    + r = a ^ p mod m
    +

    This function will be called by the default OpenSSL function for +DH_generate_key(). The result is stored in the r parameter. This function +may be NULL unless using the default generate key function, in which case it +must be present.

    +

    DH_meth_get_init() and DH_meth_set_init() get and set the function used +for creating a new DH instance respectively. This function will be +called in response to the application calling DH_new() (if the current default +DH_METHOD is this one) or DH_new_method(). The DH_new() and DH_new_method() +functions will allocate the memory for the new DH object, and a pointer to this +newly allocated structure will be passed as a parameter to the function. This +function may be NULL.

    +

    DH_meth_get_finish() and DH_meth_set_finish() get and set the function used +for destroying an instance of a DH object respectively. This function will be +called in response to the application calling DH_free(). A pointer to the DH +to be destroyed is passed as a parameter. The destroy function should be used +for DH implementation specific clean up. The memory for the DH itself should +not be freed by this function. This function may be NULL.

    +

    DH_meth_get_generate_params() and DH_meth_set_generate_params() get and set the +function used for generating DH parameters respectively. This function will be +called in response to the application calling DH_generate_parameters_ex() (or +DH_generate_parameters()). The parameters for the function have the same +meaning as for DH_generate_parameters_ex(). This function may be NULL.

    +

    +

    +
    +

    RETURN VALUES

    +

    DH_meth_new() and DH_meth_dup() return the newly allocated DH_METHOD object +or NULL on failure.

    +

    DH_meth_get0_name() and DH_meth_get_flags() return the name and flags +associated with the DH_METHOD respectively.

    +

    All other DH_meth_get_*() functions return the appropriate function pointer +that has been set in the DH_METHOD, or NULL if no such pointer has yet been +set.

    +

    DH_meth_set1_name() and all DH_meth_set_*() functions return 1 on success or +0 on failure.

    +

    +

    +
    +

    SEE ALSO

    +

    DH_new(3), DH_new(3), DH_generate_parameters(3), DH_generate_key(3), +DH_set_method(3), DH_size(3), DH_get0_pqg(3)

    +

    +

    +
    +

    HISTORY

    +

    All of these functions were deprecated in OpenSSL 3.0.

    +

    The functions described here were added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/DH_new.html b/linux_amd64/share/doc/openssl/html/man3/DH_new.html new file mode 100755 index 0000000..5e5d46c --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/DH_new.html @@ -0,0 +1,81 @@ + + + + +DH_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    DH_new, DH_free - allocate and free DH objects

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/dh.h>
    +
    + DH* DH_new(void);
    +
    + void DH_free(DH *dh);
    +

    +

    +
    +

    DESCRIPTION

    +

    DH_new() allocates and initializes a DH structure.

    +

    DH_free() frees the DH structure and its components. The values are +erased before the memory is returned to the system. +If dh is NULL nothing is done.

    +

    +

    +
    +

    RETURN VALUES

    +

    If the allocation fails, DH_new() returns NULL and sets an error +code that can be obtained by ERR_get_error(3). Otherwise it returns +a pointer to the newly allocated structure.

    +

    DH_free() returns no value.

    +

    +

    +
    +

    SEE ALSO

    +

    DH_new(3), ERR_get_error(3), +DH_generate_parameters(3), +DH_generate_key(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/DH_new_by_nid.html b/linux_amd64/share/doc/openssl/html/man3/DH_new_by_nid.html new file mode 100755 index 0000000..ad004f0 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/DH_new_by_nid.html @@ -0,0 +1,84 @@ + + + + +DH_new_by_nid + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    DH_new_by_nid, DH_get_nid - get or find DH named parameters

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/dh.h>
+ DH *DH_new_by_nid(int nid);
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + int *DH_get_nid(DH *dh);
    +

    +

    +
    +

    DESCRIPTION

    +

    DH_new_by_nid() creates and returns a DH structure containing named parameters +nid. Currently nid must be NID_ffdhe2048, NID_ffdhe3072, +NID_ffdhe4096, NID_ffdhe6144, NID_ffdhe8192, +NID_modp_1536, NID_modp_2048, NID_modp_3072, +NID_modp_4096, NID_modp_6144 or NID_modp_8192.

    +

    DH_get_nid() determines if the parameters contained in dh match +any named set. It returns the NID corresponding to the matching parameters or +NID_undef if there is no match. This function is deprecated.

    +

    +

    +
    +

    RETURN VALUES

    +

    DH_new_by_nid() returns a set of DH parameters or NULL if an error occurred.

    +

    DH_get_nid() returns the NID of the matching set of parameters or +NID_undef if there is no match.

    +

    +

    +
    +

    HISTORY

    +

    The DH_get_nid() function was deprecated in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/DH_set_method.html b/linux_amd64/share/doc/openssl/html/man3/DH_set_method.html new file mode 100755 index 0000000..2da2b2a --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/DH_set_method.html @@ -0,0 +1,127 @@ + + + + +DH_set_method + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    DH_set_default_method, DH_get_default_method, +DH_set_method, DH_new_method, DH_OpenSSL - select DH method

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/dh.h>
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + void DH_set_default_method(const DH_METHOD *meth);
    +
    + const DH_METHOD *DH_get_default_method(void);
    +
    + int DH_set_method(DH *dh, const DH_METHOD *meth);
    +
    + DH *DH_new_method(ENGINE *engine);
    +
    + const DH_METHOD *DH_OpenSSL(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    All of the functions described on this page are deprecated. +Applications should instead use the provider APIs.

    +

    A DH_METHOD specifies the functions that OpenSSL uses for Diffie-Hellman +operations. By modifying the method, alternative implementations +such as hardware accelerators may be used. IMPORTANT: See the NOTES section for +important information about how these DH API functions are affected by the use +of ENGINE API calls.

    +

    Initially, the default DH_METHOD is the OpenSSL internal implementation, as +returned by DH_OpenSSL().

    +

    DH_set_default_method() makes meth the default method for all DH +structures created later. +NB: This is true only whilst no ENGINE has been set +as a default for DH, so this function is no longer recommended. +This function is not thread-safe and should not be called at the same time +as other OpenSSL functions.

    +

    DH_get_default_method() returns a pointer to the current default DH_METHOD. +However, the meaningfulness of this result is dependent on whether the ENGINE +API is being used, so this function is no longer recommended.

    +

    DH_set_method() selects meth to perform all operations using the key dh. +This will replace the DH_METHOD used by the DH key and if the previous method +was supplied by an ENGINE, the handle to that ENGINE will be released during the +change. It is possible to have DH keys that only work with certain DH_METHOD +implementations (eg. from an ENGINE module that supports embedded +hardware-protected keys), and in such cases attempting to change the DH_METHOD +for the key can have unexpected results.

    +

    DH_new_method() allocates and initializes a DH structure so that engine will +be used for the DH operations. If engine is NULL, the default ENGINE for DH +operations is used, and if no default ENGINE is set, the DH_METHOD controlled by +DH_set_default_method() is used.

    +

    A new DH_METHOD object may be constructed using DH_meth_new() (see +DH_meth_new(3)).

    +

    +

    +
    +

    RETURN VALUES

    +

    DH_OpenSSL() and DH_get_default_method() return pointers to the respective +DH_METHODs.

    +

    DH_set_default_method() returns no value.

    +

    DH_set_method() returns nonzero if the provided meth was successfully set as +the method for dh (including unloading the ENGINE handle if the previous +method was supplied by an ENGINE).

    +

    DH_new_method() returns NULL and sets an error code that can be obtained by +ERR_get_error(3) if the allocation fails. Otherwise it +returns a pointer to the newly allocated structure.

    +

    +

    +
    +

    SEE ALSO

    +

    DH_new(3), DH_new(3), DH_meth_new(3)

    +

    +

    +
    +

    HISTORY

    +

    All of these functions were deprecated in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/DH_size.html b/linux_amd64/share/doc/openssl/html/man3/DH_size.html new file mode 100755 index 0000000..0c995ec --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/DH_size.html @@ -0,0 +1,99 @@ + + + + +DH_size + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    DH_size, DH_bits, DH_security_bits - get Diffie-Hellman prime size and +security bits

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/dh.h>
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + int DH_size(const DH *dh);
    +
    + int DH_bits(const DH *dh);
    +
    + int DH_security_bits(const DH *dh);
    +

    +

    +
    +

    DESCRIPTION

    +

    All of the functions described on this page are deprecated. +Applications should instead use EVP_PKEY_bits(3), +EVP_PKEY_security_bits(3) and EVP_PKEY_size(3).

    +

    DH_size() returns the Diffie-Hellman prime size in bytes. It can be used +to determine how much memory must be allocated for the shared secret +computed by DH_compute_key(3).

    +

    DH_bits() returns the number of significant bits.

    +

    dh and dh->p must not be NULL.

    +

    DH_security_bits() returns the number of security bits of the given dh +key. See BN_security_bits(3).

    +

    +

    +
    +

    RETURN VALUES

    +

    DH_size() returns the prime size of Diffie-Hellman in bytes.

    +

    DH_bits() returns the number of bits in the key.

    +

    DH_security_bits() returns the number of security bits.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_PKEY_bits(3), +DH_new(3), DH_generate_key(3), +BN_num_bits(3)

    +

    +

    +
    +

    HISTORY

    +

    All of these functions were deprecated in OpenSSL 3.0.

    +

    The DH_bits() function was added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/DSA_SIG_new.html b/linux_amd64/share/doc/openssl/html/man3/DSA_SIG_new.html new file mode 100755 index 0000000..1b9e0ee --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/DSA_SIG_new.html @@ -0,0 +1,90 @@ + + + + +DSA_SIG_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    DSA_SIG_get0, DSA_SIG_set0, +DSA_SIG_new, DSA_SIG_free - allocate and free DSA signature objects

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/dsa.h>
    +
    + DSA_SIG *DSA_SIG_new(void);
+ void DSA_SIG_free(DSA_SIG *a);
+ void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
+ int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s);
    +

    +

    +
    +

    DESCRIPTION

    +

    DSA_SIG_new() allocates an empty DSA_SIG structure.

    +

    DSA_SIG_free() frees the DSA_SIG structure and its components. The +values are erased before the memory is returned to the system.

    +

    DSA_SIG_get0() returns internal pointers to the r and s values contained +in sig.

    +

    The r and s values can be set by calling DSA_SIG_set0() and passing the +new values for r and s as parameters to the function. Calling this +function transfers the memory management of the values to the DSA_SIG object, +and therefore the values that have been passed in should not be freed directly +after this function has been called.

    +

    +

    +
    +

    RETURN VALUES

    +

    If the allocation fails, DSA_SIG_new() returns NULL and sets an +error code that can be obtained by +ERR_get_error(3). Otherwise it returns a pointer +to the newly allocated structure.

    +

    DSA_SIG_free() returns no value.

    +

    DSA_SIG_set0() returns 1 on success or 0 on failure.

    +

    +

    +
    +

    SEE ALSO

    +

    DSA_new(3), ERR_get_error(3), +DSA_do_sign(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/DSA_do_sign.html b/linux_amd64/share/doc/openssl/html/man3/DSA_do_sign.html new file mode 100755 index 0000000..d08f6c8 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/DSA_do_sign.html @@ -0,0 +1,87 @@ + + + + +DSA_do_sign + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    DSA_do_sign, DSA_do_verify - raw DSA signature operations

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/dsa.h>
    +
    + DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
    +
    + int DSA_do_verify(const unsigned char *dgst, int dgst_len,
+                   DSA_SIG *sig, DSA *dsa);
    +

    +

    +
    +

    DESCRIPTION

    +

    DSA_do_sign() computes a digital signature on the len byte message +digest dgst using the private key dsa and returns it in a +newly allocated DSA_SIG structure.

    +

    DSA_sign_setup(3) may be used to precompute part +of the signing operation in case signature generation is +time-critical.

    +

    DSA_do_verify() verifies that the signature sig matches a given +message digest dgst of size len. dsa is the signer's public +key.

    +

    +

    +
    +

    RETURN VALUES

    +

    DSA_do_sign() returns the signature, NULL on error. DSA_do_verify() +returns 1 for a valid signature, 0 for an incorrect signature and -1 +on error. The error codes can be obtained by +ERR_get_error(3).

    +

    +

    +
    +

    SEE ALSO

    +

    DSA_new(3), ERR_get_error(3), RAND_bytes(3), +DSA_SIG_new(3), +DSA_sign(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/DSA_dup_DH.html b/linux_amd64/share/doc/openssl/html/man3/DSA_dup_DH.html new file mode 100755 index 0000000..3fdb671 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/DSA_dup_DH.html @@ -0,0 +1,92 @@ + + + + +DSA_dup_DH + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    DSA_dup_DH - create a DH structure out of DSA structure

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/dsa.h>
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + DH *DSA_dup_DH(const DSA *r);
    +

    +

    +
    +

    DESCRIPTION

    +

    The function described on this page is deprecated. There is no direct +replacement, applications should use the EVP_PKEY APIs for Diffie-Hellman +operations.

    +

    DSA_dup_DH() duplicates DSA parameters/keys as DH parameters/keys. q +is lost during that conversion, but the resulting DH parameters +contain its length.

    +

    +

    +
    +

    RETURN VALUES

    +

    DSA_dup_DH() returns the new DH structure, and NULL on error. The +error codes can be obtained by ERR_get_error(3).

    +

    +

    +
    +

    NOTE

    +

    Be careful to avoid small subgroup attacks when using this.

    +

    +

    +
    +

    SEE ALSO

    +

    DH_new(3), DSA_new(3), ERR_get_error(3)

    +

    +

    +
    +

    HISTORY

    +

    This function was deprecated in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/DSA_generate_key.html b/linux_amd64/share/doc/openssl/html/man3/DSA_generate_key.html new file mode 100755 index 0000000..8bcb45f --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/DSA_generate_key.html @@ -0,0 +1,77 @@ + + + + +DSA_generate_key + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    DSA_generate_key - generate DSA key pair

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/dsa.h>
    +
    + int DSA_generate_key(DSA *a);
    +

    +

    +
    +

    DESCRIPTION

    +

    DSA_generate_key() expects a to contain DSA parameters. It generates +a new key pair and stores it in a->pub_key and a->priv_key.

    +

    The random generator must be seeded prior to calling DSA_generate_key(). +If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to +external circumstances (see RAND(7)), the operation will fail.

    +

    +

    +
    +

    RETURN VALUES

    +

    DSA_generate_key() returns 1 on success, 0 otherwise. +The error codes can be obtained by ERR_get_error(3).

    +

    +

    +
    +

    SEE ALSO

    +

    DSA_new(3), ERR_get_error(3), RAND_bytes(3), +DSA_generate_parameters_ex(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/DSA_generate_parameters.html b/linux_amd64/share/doc/openssl/html/man3/DSA_generate_parameters.html new file mode 100755 index 0000000..257d2d4 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/DSA_generate_parameters.html @@ -0,0 +1,151 @@ + + + + +DSA_generate_parameters + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    DSA_generate_parameters_ex, DSA_generate_parameters - generate DSA parameters

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/dsa.h>
    +
    + int DSA_generate_parameters_ex(DSA *dsa, int bits,
+                                const unsigned char *seed, int seed_len,
+                                int *counter_ret, unsigned long *h_ret,
+                                BN_GENCB *cb);
    +

    Deprecated since OpenSSL 0.9.8, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + DSA *DSA_generate_parameters(int bits, unsigned char *seed, int seed_len,
+                              int *counter_ret, unsigned long *h_ret,
+                              void (*callback)(int, int, void *), void *cb_arg);
    +

    +

    +
    +

    DESCRIPTION

    +

    DSA_generate_parameters_ex() generates primes p and q and a generator g +for use in the DSA and stores the result in dsa.

    +

    bits is the length of the prime p to be generated. +For lengths under 2048 bits, the length of q is 160 bits; for lengths +greater than or equal to 2048 bits, the length of q is set to 256 bits.

    +

    If seed is NULL, the primes will be generated at random. +If seed_len is less than the length of q, an error is returned.

    +

    DSA_generate_parameters_ex() places the iteration count in +*counter_ret and a counter used for finding a generator in +*h_ret, unless these are NULL.

    +

    A callback function may be used to provide feedback about the progress +of the key generation. If cb is not NULL, it will be +called as shown below. For information on the BN_GENCB structure and the +BN_GENCB_call function discussed below, refer to +BN_generate_prime(3).

    +

    DSA_generate_prime() is similar to DSA_generate_prime_ex() but +expects an old-style callback function; see +BN_generate_prime(3) for information on the old-style callback.

    +
      +
    • +

      When a candidate for q is generated, BN_GENCB_call(cb, 0, m++) is called +(m is 0 for the first candidate).

      +
      • +
    • +

      When a candidate for q has passed a test by trial division, +BN_GENCB_call(cb, 1, -1) is called. +While a candidate for q is tested by Miller-Rabin primality tests, +BN_GENCB_call(cb, 1, i) is called in the outer loop +(once for each witness that confirms that the candidate may be prime); +i is the loop counter (starting at 0).

      +
      • +
    • +

      When a prime q has been found, BN_GENCB_call(cb, 2, 0) and +BN_GENCB_call(cb, 3, 0) are called.

      +
      • +
    • +

      Before a candidate for p (other than the first) is generated and tested, +BN_GENCB_call(cb, 0, counter) is called.

      +
      • +
    • +

      When a candidate for p has passed the test by trial division, +BN_GENCB_call(cb, 1, -1) is called. +While it is tested by the Miller-Rabin primality test, +BN_GENCB_call(cb, 1, i) is called in the outer loop +(once for each witness that confirms that the candidate may be prime). +i is the loop counter (starting at 0).

      +
      • +
    • +

      When p has been found, BN_GENCB_call(cb, 2, 1) is called.

      +
      • +
    • +

      When the generator has been found, BN_GENCB_call(cb, 3, 1) is called.

      +
      • +
    +

    +

    +
    +

    RETURN VALUES

    +

    DSA_generate_parameters_ex() returns a 1 on success, or 0 otherwise. +The error codes can be obtained by ERR_get_error(3).

    +

    DSA_generate_parameters() returns a pointer to the DSA structure or +NULL if the parameter generation fails.

    +

    +

    +
    +

    BUGS

    +

    Seed lengths greater than 20 are not supported.

    +

    +

    +
    +

    SEE ALSO

    +

    DSA_new(3), ERR_get_error(3), RAND_bytes(3), +DSA_free(3), BN_generate_prime(3)

    +

    +

    +
    +

    HISTORY

    +

    DSA_generate_parameters() was deprecated in OpenSSL 0.9.8; use +DSA_generate_parameters_ex() instead.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/DSA_get0_pqg.html b/linux_amd64/share/doc/openssl/html/man3/DSA_get0_pqg.html new file mode 100755 index 0000000..f1af70b --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/DSA_get0_pqg.html @@ -0,0 +1,146 @@ + + + + +DSA_get0_pqg + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    DSA_get0_pqg, DSA_set0_pqg, DSA_get0_key, DSA_set0_key, +DSA_get0_p, DSA_get0_q, DSA_get0_g, +DSA_get0_pub_key, DSA_get0_priv_key, +DSA_clear_flags, DSA_test_flags, DSA_set_flags, +DSA_get0_engine - Routines for getting and +setting data in a DSA object

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/dsa.h>
    +
    + void DSA_get0_pqg(const DSA *d,
+                   const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
+ int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g);
+ void DSA_get0_key(const DSA *d,
+                   const BIGNUM **pub_key, const BIGNUM **priv_key);
+ int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key);
+ const BIGNUM *DSA_get0_p(const DSA *d);
+ const BIGNUM *DSA_get0_q(const DSA *d);
+ const BIGNUM *DSA_get0_g(const DSA *d);
+ const BIGNUM *DSA_get0_pub_key(const DSA *d);
+ const BIGNUM *DSA_get0_priv_key(const DSA *d);
+ void DSA_clear_flags(DSA *d, int flags);
+ int DSA_test_flags(const DSA *d, int flags);
+ void DSA_set_flags(DSA *d, int flags);
+ ENGINE *DSA_get0_engine(DSA *d);
    +

    +

    +
    +

    DESCRIPTION

    +

    A DSA object contains the parameters p, q and g. It also contains a +public key (pub_key) and (optionally) a private key (priv_key).

    +

    The p, q and g parameters can be obtained by calling DSA_get0_pqg(). +If the parameters have not yet been set then *p, *q and *g will be set +to NULL. Otherwise they are set to pointers to their respective values. These +point directly to the internal representations of the values and therefore +should not be freed directly.

    +

    The p, q and g values can be set by calling DSA_set0_pqg() and passing +the new values for p, q and g as parameters to the function. Calling +this function transfers the memory management of the values to the DSA object, +and therefore the values that have been passed in should not be freed directly +after this function has been called.

    +

    To get the public and private key values use the DSA_get0_key() function. A +pointer to the public key will be stored in *pub_key, and a pointer to the +private key will be stored in *priv_key. Either may be NULL if they have not +been set yet, although if the private key has been set then the public key must +be. The values point to the internal representation of the public key and +private key values. This memory should not be freed directly.

    +

    The public and private key values can be set using DSA_set0_key(). The public +key must be non-NULL the first time this function is called on a given DSA +object. The private key may be NULL. On subsequent calls, either may be NULL, +which means the corresponding DSA field is left untouched. As for DSA_set0_pqg() +this function transfers the memory management of the key values to the DSA +object, and therefore they should not be freed directly after this function has +been called.

    +

    Any of the values p, q, g, priv_key, and pub_key can also be +retrieved separately by the corresponding function DSA_get0_p(), DSA_get0_q(), +DSA_get0_g(), DSA_get0_priv_key(), and DSA_get0_pub_key(), respectively.

    +

    DSA_set_flags() sets the flags in the flags parameter on the DSA object. +Multiple flags can be passed in one go (bitwise ORed together). Any flags that +are already set are left set. DSA_test_flags() tests to see whether the flags +passed in the flags parameter are currently set in the DSA object. Multiple +flags can be tested in one go. All flags that are currently set are returned, or +zero if none of the flags are set. DSA_clear_flags() clears the specified flags +within the DSA object.

    +

    DSA_get0_engine() returns a handle to the ENGINE that has been set for this DSA +object, or NULL if no such ENGINE has been set.

    +

    +

    +
    +

    NOTES

    +

    Values retrieved with DSA_get0_key() are owned by the DSA object used +in the call and may therefore not be passed to DSA_set0_key(). If +needed, duplicate the received value using BN_dup() and pass the +duplicate. The same applies to DSA_get0_pqg() and DSA_set0_pqg().

    +

    +

    +
    +

    RETURN VALUES

    +

    DSA_set0_pqg() and DSA_set0_key() return 1 on success or 0 on failure.

    +

    DSA_test_flags() returns the current state of the flags in the DSA object.

    +

    DSA_get0_engine() returns the ENGINE set for the DSA object or NULL if no ENGINE +has been set.

    +

    +

    +
    +

    SEE ALSO

    +

    DSA_new(3), DSA_new(3), DSA_generate_parameters(3), DSA_generate_key(3), +DSA_dup_DH(3), DSA_do_sign(3), DSA_set_method(3), DSA_SIG_new(3), +DSA_sign(3), DSA_size(3), DSA_meth_new(3)

    +

    +

    +
    +

    HISTORY

    +

    The functions described here were added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/DSA_meth_new.html b/linux_amd64/share/doc/openssl/html/man3/DSA_meth_new.html new file mode 100755 index 0000000..be32521 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/DSA_meth_new.html @@ -0,0 +1,240 @@ + + + + +DSA_meth_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    DSA_meth_new, DSA_meth_free, DSA_meth_dup, DSA_meth_get0_name, +DSA_meth_set1_name, DSA_meth_get_flags, DSA_meth_set_flags, +DSA_meth_get0_app_data, DSA_meth_set0_app_data, DSA_meth_get_sign, +DSA_meth_set_sign, DSA_meth_get_sign_setup, DSA_meth_set_sign_setup, +DSA_meth_get_verify, DSA_meth_set_verify, DSA_meth_get_mod_exp, +DSA_meth_set_mod_exp, DSA_meth_get_bn_mod_exp, DSA_meth_set_bn_mod_exp, +DSA_meth_get_init, DSA_meth_set_init, DSA_meth_get_finish, DSA_meth_set_finish, +DSA_meth_get_paramgen, DSA_meth_set_paramgen, DSA_meth_get_keygen, +DSA_meth_set_keygen - Routines to build up DSA methods

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/dsa.h>
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + DSA_METHOD *DSA_meth_new(const char *name, int flags);
    +
    + void DSA_meth_free(DSA_METHOD *dsam);
    +
    + DSA_METHOD *DSA_meth_dup(const DSA_METHOD *meth);
    +
    + const char *DSA_meth_get0_name(const DSA_METHOD *dsam);
+ int DSA_meth_set1_name(DSA_METHOD *dsam, const char *name);
    +
    + int DSA_meth_get_flags(const DSA_METHOD *dsam);
+ int DSA_meth_set_flags(DSA_METHOD *dsam, int flags);
    +
    + void *DSA_meth_get0_app_data(const DSA_METHOD *dsam);
+ int DSA_meth_set0_app_data(DSA_METHOD *dsam, void *app_data);
    +
    + DSA_SIG *(*DSA_meth_get_sign(const DSA_METHOD *dsam))(const unsigned char *,
+                                                       int, DSA *);
+ int DSA_meth_set_sign(DSA_METHOD *dsam, DSA_SIG *(*sign)(const unsigned char *,
+                                                          int, DSA *));
    +
    + int (*DSA_meth_get_sign_setup(const DSA_METHOD *dsam))(DSA *, BN_CTX *,$
+                                                        BIGNUM **, BIGNUM **);
+ int DSA_meth_set_sign_setup(DSA_METHOD *dsam, int (*sign_setup)(DSA *, BN_CTX *,
+                                                                 BIGNUM **, BIGNUM **));
    +
    + int (*DSA_meth_get_verify(const DSA_METHOD *dsam))(const unsigned char *,
+                                                    int, DSA_SIG *, DSA *);
+ int DSA_meth_set_verify(DSA_METHOD *dsam, int (*verify)(const unsigned char *,
+                                                         int, DSA_SIG *, DSA *));
    +
    + int (*DSA_meth_get_mod_exp(const DSA_METHOD *dsam))(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
+                                                     BIGNUM *p1, BIGNUM *a2, BIGNUM *p2,
+                                                     BIGNUM *m, BN_CTX *ctx,
+                                                     BN_MONT_CTX *in_mont);
+ int DSA_meth_set_mod_exp(DSA_METHOD *dsam, int (*mod_exp)(DSA *dsa, BIGNUM *rr,
+                                                           BIGNUM *a1, BIGNUM *p1,
+                                                           BIGNUM *a2, BIGNUM *p2,
+                                                           BIGNUM *m, BN_CTX *ctx,
+                                                           BN_MONT_CTX *mont));
    +
    + int (*DSA_meth_get_bn_mod_exp(const DSA_METHOD *dsam))(DSA *dsa, BIGNUM *r, BIGNUM *a,
+                                                        const BIGNUM *p, const BIGNUM *m,
+                                                        BN_CTX *ctx, BN_MONT_CTX *mont);
+ int DSA_meth_set_bn_mod_exp(DSA_METHOD *dsam, int (*bn_mod_exp)(DSA *dsa,
+                                                                 BIGNUM *r,
+                                                                 BIGNUM *a,
+                                                                 const BIGNUM *p,
+                                                                 const BIGNUM *m,
+                                                                 BN_CTX *ctx,
+                                                                 BN_MONT_CTX *mont));
    +
    + int (*DSA_meth_get_init(const DSA_METHOD *dsam))(DSA *);
+ int DSA_meth_set_init(DSA_METHOD *dsam, int (*init)(DSA *));
    +
    + int (*DSA_meth_get_finish(const DSA_METHOD *dsam))(DSA *);
+ int DSA_meth_set_finish(DSA_METHOD *dsam, int (*finish)(DSA *));
    +
    + int (*DSA_meth_get_paramgen(const DSA_METHOD *dsam))(DSA *, int,
+                                                      const unsigned char *,
+                                                      int, int *, unsigned long *,
+                                                      BN_GENCB *);
+ int DSA_meth_set_paramgen(DSA_METHOD *dsam,
+                           int (*paramgen)(DSA *, int, const unsigned char *,
+                                           int, int *, unsigned long *, BN_GENCB *));
    +
    + int (*DSA_meth_get_keygen(const DSA_METHOD *dsam))(DSA *);
+ int DSA_meth_set_keygen(DSA_METHOD *dsam, int (*keygen)(DSA *));
    +

    +

    +
    +

    DESCRIPTION

    +

    All of the functions described on this page are deprecated. +Applications and extension implementations should instead use the +OSSL_PROVIDER APIs.

    +

    The DSA_METHOD type is a structure used for the provision of custom DSA +implementations. It provides a set of functions used by OpenSSL for the +implementation of the various DSA capabilities.

    +

    DSA_meth_new() creates a new DSA_METHOD structure. It should be given a +unique name and a set of flags. The name should be a NULL terminated +string, which will be duplicated and stored in the DSA_METHOD object. It is +the callers responsibility to free the original string. The flags will be used +during the construction of a new DSA object based on this DSA_METHOD. Any +new DSA object will have those flags set by default.

    +

    DSA_meth_dup() creates a duplicate copy of the DSA_METHOD object passed as a +parameter. This might be useful for creating a new DSA_METHOD based on an +existing one, but with some differences.

    +

    DSA_meth_free() destroys a DSA_METHOD structure and frees up any memory +associated with it.

    +

    DSA_meth_get0_name() will return a pointer to the name of this DSA_METHOD. This +is a pointer to the internal name string and so should not be freed by the +caller. DSA_meth_set1_name() sets the name of the DSA_METHOD to name. The +string is duplicated and the copy is stored in the DSA_METHOD structure, so the +caller remains responsible for freeing the memory associated with the name.

    +

    DSA_meth_get_flags() returns the current value of the flags associated with this +DSA_METHOD. DSA_meth_set_flags() provides the ability to set these flags.

    +

    The functions DSA_meth_get0_app_data() and DSA_meth_set0_app_data() provide the +ability to associate implementation specific data with the DSA_METHOD. It is +the application's responsibility to free this data before the DSA_METHOD is +freed via a call to DSA_meth_free().

    +

    DSA_meth_get_sign() and DSA_meth_set_sign() get and set the function used for +creating a DSA signature respectively. This function will be +called in response to the application calling DSA_do_sign() (or DSA_sign()). The +parameters for the function have the same meaning as for DSA_do_sign().

    +

    DSA_meth_get_sign_setup() and DSA_meth_set_sign_setup() get and set the function +used for precalculating the DSA signature values k^-1 and r. This function +will be called in response to the application calling DSA_sign_setup(). The +parameters for the function have the same meaning as for DSA_sign_setup().

    +

    DSA_meth_get_verify() and DSA_meth_set_verify() get and set the function used +for verifying a DSA signature respectively. This function will be called in +response to the application calling DSA_do_verify() (or DSA_verify()). The +parameters for the function have the same meaning as for DSA_do_verify().

    +

    DSA_meth_get_mod_exp() and DSA_meth_set_mod_exp() get and set the function used +for computing the following value:

    +
    + rr = a1^p1 * a2^p2 mod m
    +

    This function will be called by the default OpenSSL method during verification +of a DSA signature. The result is stored in the rr parameter. This function +may be NULL.

    +

    DSA_meth_get_bn_mod_exp() and DSA_meth_set_bn_mod_exp() get and set the function +used for computing the following value:

    +
    + r = a ^ p mod m
    +

    This function will be called by the default OpenSSL function for +DSA_sign_setup(). The result is stored in the r parameter. This function +may be NULL.

    +

    DSA_meth_get_init() and DSA_meth_set_init() get and set the function used +for creating a new DSA instance respectively. This function will be +called in response to the application calling DSA_new() (if the current default +DSA_METHOD is this one) or DSA_new_method(). The DSA_new() and DSA_new_method() +functions will allocate the memory for the new DSA object, and a pointer to this +newly allocated structure will be passed as a parameter to the function. This +function may be NULL.

    +

    DSA_meth_get_finish() and DSA_meth_set_finish() get and set the function used +for destroying an instance of a DSA object respectively. This function will be +called in response to the application calling DSA_free(). A pointer to the DSA +to be destroyed is passed as a parameter. The destroy function should be used +for DSA implementation specific clean up. The memory for the DSA itself should +not be freed by this function. This function may be NULL.

    +

    DSA_meth_get_paramgen() and DSA_meth_set_paramgen() get and set the function +used for generating DSA parameters respectively. This function will be called in +response to the application calling DSA_generate_parameters_ex() (or +DSA_generate_parameters()). The parameters for the function have the same +meaning as for DSA_generate_parameters_ex().

    +

    DSA_meth_get_keygen() and DSA_meth_set_keygen() get and set the function +used for generating a new DSA key pair respectively. This function will be +called in response to the application calling DSA_generate_key(). The parameter +for the function has the same meaning as for DSA_generate_key().

    +

    +

    +
    +

    RETURN VALUES

    +

    DSA_meth_new() and DSA_meth_dup() return the newly allocated DSA_METHOD object +or NULL on failure.

    +

    DSA_meth_get0_name() and DSA_meth_get_flags() return the name and flags +associated with the DSA_METHOD respectively.

    +

    All other DSA_meth_get_*() functions return the appropriate function pointer +that has been set in the DSA_METHOD, or NULL if no such pointer has yet been +set.

    +

    DSA_meth_set1_name() and all DSA_meth_set_*() functions return 1 on success or +0 on failure.

    +

    +

    +
    +

    SEE ALSO

    +

    DSA_new(3), DSA_new(3), DSA_generate_parameters(3), DSA_generate_key(3), +DSA_dup_DH(3), DSA_do_sign(3), DSA_set_method(3), DSA_SIG_new(3), +DSA_sign(3), DSA_size(3), DSA_get0_pqg(3)

    +

    +

    +
    +

    HISTORY

    +

    The functions described here were deprecated in OpenSSL 3.0.

    +

    The functions described here were added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/DSA_new.html b/linux_amd64/share/doc/openssl/html/man3/DSA_new.html new file mode 100755 index 0000000..a9574df --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/DSA_new.html @@ -0,0 +1,83 @@ + + + + +DSA_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    DSA_new, DSA_free - allocate and free DSA objects

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/dsa.h>
    +
    + DSA* DSA_new(void);
    +
    + void DSA_free(DSA *dsa);
    +

    +

    +
    +

    DESCRIPTION

    +

    DSA_new() allocates and initializes a DSA structure. It is equivalent to +calling DSA_new_method(NULL).

    +

    DSA_free() frees the DSA structure and its components. The values are +erased before the memory is returned to the system. +If dsa is NULL nothing is done.

    +

    +

    +
    +

    RETURN VALUES

    +

    If the allocation fails, DSA_new() returns NULL and sets an error +code that can be obtained by +ERR_get_error(3). Otherwise it returns a pointer +to the newly allocated structure.

    +

    DSA_free() returns no value.

    +

    +

    +
    +

    SEE ALSO

    +

    DSA_new(3), ERR_get_error(3), +DSA_generate_parameters(3), +DSA_generate_key(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/DSA_set_method.html b/linux_amd64/share/doc/openssl/html/man3/DSA_set_method.html new file mode 100755 index 0000000..49abd5d --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/DSA_set_method.html @@ -0,0 +1,117 @@ + + + + +DSA_set_method + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    DSA_set_default_method, DSA_get_default_method, +DSA_set_method, DSA_new_method, DSA_OpenSSL - select DSA method

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/dsa.h>
    +
    + void DSA_set_default_method(const DSA_METHOD *meth);
    +
    + const DSA_METHOD *DSA_get_default_method(void);
    +
    + int DSA_set_method(DSA *dsa, const DSA_METHOD *meth);
    +
    + DSA *DSA_new_method(ENGINE *engine);
    +
    + DSA_METHOD *DSA_OpenSSL(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    A DSA_METHOD specifies the functions that OpenSSL uses for DSA +operations. By modifying the method, alternative implementations +such as hardware accelerators may be used. IMPORTANT: See the NOTES section for +important information about how these DSA API functions are affected by the use +of ENGINE API calls.

    +

    Initially, the default DSA_METHOD is the OpenSSL internal implementation, +as returned by DSA_OpenSSL().

    +

    DSA_set_default_method() makes meth the default method for all DSA +structures created later. +NB: This is true only whilst no ENGINE has +been set as a default for DSA, so this function is no longer recommended. +This function is not thread-safe and should not be called at the same time +as other OpenSSL functions.

    +

    DSA_get_default_method() returns a pointer to the current default +DSA_METHOD. However, the meaningfulness of this result is dependent on +whether the ENGINE API is being used, so this function is no longer +recommended.

    +

    DSA_set_method() selects meth to perform all operations using the key +rsa. This will replace the DSA_METHOD used by the DSA key and if the +previous method was supplied by an ENGINE, the handle to that ENGINE will +be released during the change. It is possible to have DSA keys that only +work with certain DSA_METHOD implementations (eg. from an ENGINE module +that supports embedded hardware-protected keys), and in such cases +attempting to change the DSA_METHOD for the key can have unexpected +results. See DSA_meth_new(3) for information on constructing custom DSA_METHOD +objects;

    +

    DSA_new_method() allocates and initializes a DSA structure so that engine +will be used for the DSA operations. If engine is NULL, the default engine +for DSA operations is used, and if no default ENGINE is set, the DSA_METHOD +controlled by DSA_set_default_method() is used.

    +

    +

    +
    +

    RETURN VALUES

    +

    DSA_OpenSSL() and DSA_get_default_method() return pointers to the respective +DSA_METHODs.

    +

    DSA_set_default_method() returns no value.

    +

    DSA_set_method() returns nonzero if the provided meth was successfully set as +the method for dsa (including unloading the ENGINE handle if the previous +method was supplied by an ENGINE).

    +

    DSA_new_method() returns NULL and sets an error code that can be +obtained by ERR_get_error(3) if the allocation +fails. Otherwise it returns a pointer to the newly allocated structure.

    +

    +

    +
    +

    SEE ALSO

    +

    DSA_new(3), DSA_new(3), DSA_meth_new(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/DSA_sign.html b/linux_amd64/share/doc/openssl/html/man3/DSA_sign.html new file mode 100755 index 0000000..897bcc1 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/DSA_sign.html @@ -0,0 +1,106 @@ + + + + +DSA_sign + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    DSA_sign, DSA_sign_setup, DSA_verify - DSA signatures

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/dsa.h>
    +
    + int DSA_sign(int type, const unsigned char *dgst, int len,
+              unsigned char *sigret, unsigned int *siglen, DSA *dsa);
    +
    + int DSA_sign_setup(DSA *dsa, BN_CTX *ctx, BIGNUM **kinvp, BIGNUM **rp);
    +
    + int DSA_verify(int type, const unsigned char *dgst, int len,
+                unsigned char *sigbuf, int siglen, DSA *dsa);
    +

    +

    +
    +

    DESCRIPTION

    +

    DSA_sign() computes a digital signature on the len byte message +digest dgst using the private key dsa and places its ASN.1 DER +encoding at sigret. The length of the signature is places in +*siglen. sigret must point to DSA_size(dsa) bytes of memory.

    +

    DSA_sign_setup() is defined only for backward binary compatibility and +should not be used. +Since OpenSSL 1.1.0 the DSA type is opaque and the output of +DSA_sign_setup() cannot be used anyway: calling this function will only +cause overhead, and does not affect the actual signature +(pre-)computation.

    +

    DSA_verify() verifies that the signature sigbuf of size siglen +matches a given message digest dgst of size len. +dsa is the signer's public key.

    +

    The type parameter is ignored.

    +

    The random generator must be seeded when DSA_sign() (or DSA_sign_setup()) +is called. +If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to +external circumstances (see RAND(7)), the operation will fail.

    +

    +

    +
    +

    RETURN VALUES

    +

    DSA_sign() and DSA_sign_setup() return 1 on success, 0 on error. +DSA_verify() returns 1 for a valid signature, 0 for an incorrect +signature and -1 on error. The error codes can be obtained by +ERR_get_error(3).

    +

    +

    +
    +

    CONFORMING TO

    +

    US Federal Information Processing Standard FIPS 186 (Digital Signature +Standard, DSS), ANSI X9.30

    +

    +

    +
    +

    SEE ALSO

    +

    DSA_new(3), ERR_get_error(3), RAND_bytes(3), +DSA_do_sign(3), +RAND(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/DSA_size.html b/linux_amd64/share/doc/openssl/html/man3/DSA_size.html new file mode 100755 index 0000000..b8c4617 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/DSA_size.html @@ -0,0 +1,96 @@ + + + + +DSA_size + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    DSA_size, DSA_bits, DSA_security_bits - get DSA signature size, key bits or security bits

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/dsa.h>
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + int DSA_size(const DSA *dsa);
+ int DSA_bits(const DSA *dsa);
+ int DSA_security_bits(const DSA *dsa);
    +

    +

    +
    +

    DESCRIPTION

    +

    All of the functions described on this page are deprecated. +Applications should instead use EVP_PKEY_bits(3), +EVP_PKEY_security_bits(3) and EVP_PKEY_size(3).

    +

    DSA_size() returns the maximum size of an ASN.1 encoded DSA signature +for key dsa in bytes. It can be used to determine how much memory must +be allocated for a DSA signature.

    +

    dsa->q must not be NULL.

    +

    DSA_bits() returns the number of bits in key dsa: this is the number +of bits in the p parameter.

    +

    DSA_security_bits() returns the number of security bits of the given dsa +key. See BN_security_bits(3).

    +

    +

    +
    +

    RETURN VALUES

    +

    DSA_size() returns the signature size in bytes.

    +

    DSA_bits() returns the number of bits in the key.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_PKEY_bits(3), +EVP_PKEY_security_bits(3), +EVP_PKEY_size(3), +DSA_new(3), DSA_sign(3)

    +

    +

    +
    +

    HISTORY

    +

    All of these functions were deprecated in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/DTLS_get_data_mtu.html b/linux_amd64/share/doc/openssl/html/man3/DTLS_get_data_mtu.html new file mode 100755 index 0000000..e918265 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/DTLS_get_data_mtu.html @@ -0,0 +1,73 @@ + + + + +DTLS_get_data_mtu + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    DTLS_get_data_mtu - Get maximum data payload size

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + size_t DTLS_get_data_mtu(const SSL *ssl);
    +

    +

    +
    +

    DESCRIPTION

    +

    This function obtains the maximum data payload size for the established +DTLS connection ssl, based on the DTLS record MTU and the overhead +of the DTLS record header, encryption and authentication currently in use.

    +

    +

    +
    +

    RETURN VALUES

    +

    Returns the maximum data payload size on success, or 0 on failure.

    +

    +

    +
    +

    HISTORY

    +

    The DTLS_get_data_mtu() function was added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/DTLS_set_timer_cb.html b/linux_amd64/share/doc/openssl/html/man3/DTLS_set_timer_cb.html new file mode 100755 index 0000000..b7022b9 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/DTLS_set_timer_cb.html @@ -0,0 +1,77 @@ + + + + +DTLS_set_timer_cb + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    DTLS_timer_cb, +DTLS_set_timer_cb +- Set callback for controlling DTLS timer duration

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + typedef unsigned int (*DTLS_timer_cb)(SSL *s, unsigned int timer_us);
    +
    + void DTLS_set_timer_cb(SSL *s, DTLS_timer_cb cb);
    +

    +

    +
    +

    DESCRIPTION

    +

    This function sets an optional callback function for controlling the +timeout interval on the DTLS protocol. The callback function will be +called by DTLS for every new DTLS packet that is sent.

    +

    +

    +
    +

    RETURN VALUES

    +

    Returns void.

    +

    +

    +
    +

    HISTORY

    +

    The DTLS_set_timer_cb() function was added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/DTLSv1_listen.html b/linux_amd64/share/doc/openssl/html/man3/DTLSv1_listen.html new file mode 100755 index 0000000..a167a5a --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/DTLSv1_listen.html @@ -0,0 +1,163 @@ + + + + +DTLSv1_listen + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_stateless, +DTLSv1_listen +- Statelessly listen for incoming connections

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_stateless(SSL *s);
+ int DTLSv1_listen(SSL *ssl, BIO_ADDR *peer);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_stateless() statelessly listens for new incoming TLSv1.3 connections. +DTLSv1_listen() statelessly listens for new incoming DTLS connections. If a +ClientHello is received that does not contain a cookie, then they respond with a +request for a new ClientHello that does contain a cookie. If a ClientHello is +received with a cookie that is verified then the function returns in order to +enable the handshake to be completed (for example by using SSL_accept()).

    +

    +

    +
    +

    NOTES

    +

    Some transport protocols (such as UDP) can be susceptible to amplification +attacks. Unlike TCP there is no initial connection setup in UDP that +validates that the client can actually receive messages on its advertised source +address. An attacker could forge its source IP address and then send handshake +initiation messages to the server. The server would then send its response to +the forged source IP. If the response messages are larger than the original +message then the amplification attack has succeeded.

    +

    If DTLS is used over UDP (or any datagram based protocol that does not validate +the source IP) then it is susceptible to this type of attack. TLSv1.3 is +designed to operate over a stream-based transport protocol (such as TCP). +If TCP is being used then there is no need to use SSL_stateless(). However some +stream-based transport protocols (e.g. QUIC) may not validate the source +address. In this case a TLSv1.3 application would be susceptible to this attack.

    +

    As a countermeasure to this issue TLSv1.3 and DTLS include a stateless cookie +mechanism. The idea is that when a client attempts to connect to a server it +sends a ClientHello message. The server responds with a HelloRetryRequest (in +TLSv1.3) or a HelloVerifyRequest (in DTLS) which contains a unique cookie. The +client then resends the ClientHello, but this time includes the cookie in the +message thus proving that the client is capable of receiving messages sent to +that address. All of this can be done by the server without allocating any +state, and thus without consuming expensive resources.

    +

    OpenSSL implements this capability via the SSL_stateless() and DTLSv1_listen() +functions. The ssl parameter should be a newly allocated SSL object with its +read and write BIOs set, in the same way as might be done for a call to +SSL_accept(). Typically, for DTLS, the read BIO will be in an "unconnected" +state and thus capable of receiving messages from any peer.

    +

    When a ClientHello is received that contains a cookie that has been verified, +then these functions will return with the ssl parameter updated into a state +where the handshake can be continued by a call to (for example) SSL_accept(). +Additionally, for DTLSv1_listen(), the BIO_ADDR pointed to by peer will be +filled in with details of the peer that sent the ClientHello. If the underlying +BIO is unable to obtain the BIO_ADDR of the peer (for example because the BIO +does not support this), then *peer will be cleared and the family set to +AF_UNSPEC. Typically user code is expected to "connect" the underlying socket to +the peer and continue the handshake in a connected state.

    +

    Prior to calling DTLSv1_listen() user code must ensure that cookie generation +and verification callbacks have been set up using +SSL_CTX_set_cookie_generate_cb(3) and SSL_CTX_set_cookie_verify_cb(3) +respectively. For SSL_stateless(), SSL_CTX_set_stateless_cookie_generate_cb(3) +and SSL_CTX_set_stateless_cookie_verify_cb(3) must be used instead.

    +

    Since DTLSv1_listen() operates entirely statelessly whilst processing incoming +ClientHellos it is unable to process fragmented messages (since this would +require the allocation of state). An implication of this is that DTLSv1_listen() +only supports ClientHellos that fit inside a single datagram.

    +

    For SSL_stateless() if an entire ClientHello message cannot be read without the +"read" BIO becoming empty then the SSL_stateless() call will fail. It is the +application's responsibility to ensure that data read from the "read" BIO during +a single SSL_stateless() call is all from the same peer.

    +

    SSL_stateless() will fail (with a 0 return value) if some TLS version less than +TLSv1.3 is used.

    +

    Both SSL_stateless() and DTLSv1_listen() will clear the error queue when they +start.

    +

    +

    +
    +

    RETURN VALUES

    +

    For SSL_stateless() a return value of 1 indicates success and the ssl object +will be set up ready to continue the handshake. A return value of 0 or -1 +indicates failure. If the value is 0 then a HelloRetryRequest was sent. A value +of -1 indicates any other error. User code may retry the SSL_stateless() call.

    +

    For DTLSv1_listen() a return value of >= 1 indicates success. The ssl object +will be set up ready to continue the handshake. the peer value will also be +filled in.

    +

    A return value of 0 indicates a non-fatal error. This could (for +example) be because of non-blocking IO, or some invalid message having been +received from a peer. Errors may be placed on the OpenSSL error queue with +further information if appropriate. Typically user code is expected to retry the +call to DTLSv1_listen() in the event of a non-fatal error.

    +

    A return value of <0 indicates a fatal error. This could (for example) be +because of a failure to allocate sufficient memory for the operation.

    +

    For DTLSv1_listen(), prior to OpenSSL 1.1.0, fatal and non-fatal errors both +produce return codes <= 0 (in typical implementations user code treats all +errors as non-fatal), whilst return codes >0 indicate success.

    +

    +

    +
    +

    SEE ALSO

    +

    SSL_CTX_set_cookie_generate_cb(3), SSL_CTX_set_cookie_verify_cb(3), +SSL_CTX_set_stateless_cookie_generate_cb(3), +SSL_CTX_set_stateless_cookie_verify_cb(3), SSL_get_error(3), +SSL_accept(3), ssl(7), bio(7)

    +

    +

    +
    +

    HISTORY

    +

    The SSL_stateless() function was added in OpenSSL 1.1.1.

    +

    The DTLSv1_listen() return codes were clarified in OpenSSL 1.1.0. +The type of "peer" also changed in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/ECDSA_SIG_new.html b/linux_amd64/share/doc/openssl/html/man3/ECDSA_SIG_new.html new file mode 100755 index 0000000..3754540 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/ECDSA_SIG_new.html @@ -0,0 +1,236 @@ + + + + +ECDSA_SIG_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    ECDSA_SIG_get0, ECDSA_SIG_get0_r, ECDSA_SIG_get0_s, ECDSA_SIG_set0, +ECDSA_SIG_new, ECDSA_SIG_free, ECDSA_size, ECDSA_sign, ECDSA_do_sign, +ECDSA_verify, ECDSA_do_verify, ECDSA_sign_setup, ECDSA_sign_ex, +ECDSA_do_sign_ex - low level elliptic curve digital signature algorithm (ECDSA) +functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ecdsa.h>
    +
    + ECDSA_SIG *ECDSA_SIG_new(void);
+ void ECDSA_SIG_free(ECDSA_SIG *sig);
+ void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
+ const BIGNUM *ECDSA_SIG_get0_r(const ECDSA_SIG *sig);
+ const BIGNUM *ECDSA_SIG_get0_s(const ECDSA_SIG *sig);
+ int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s);
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + int ECDSA_size(const EC_KEY *eckey);
    +
    + int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen,
+                unsigned char *sig, unsigned int *siglen, EC_KEY *eckey);
+ ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dgst_len,
+                          EC_KEY *eckey);
    +
    + int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen,
+                  const unsigned char *sig, int siglen, EC_KEY *eckey);
+ int ECDSA_do_verify(const unsigned char *dgst, int dgst_len,
+                     const ECDSA_SIG *sig, EC_KEY* eckey);
    +
    + ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen,
+                             const BIGNUM *kinv, const BIGNUM *rp,
+                             EC_KEY *eckey);
+ int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **rp);
+ int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen,
+                   unsigned char *sig, unsigned int *siglen,
+                   const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey);
    +

    +

    +
    +

    DESCRIPTION

    +

    ECDSA_SIG is an opaque structure consisting of two BIGNUMs for the +r and s value of an ECDSA signature (see X9.62 or FIPS 186-2).

    +

    ECDSA_SIG_new() allocates an empty ECDSA_SIG structure. Note: before +OpenSSL 1.1.0 the: the r and s components were initialised.

    +

    ECDSA_SIG_free() frees the ECDSA_SIG structure sig.

    +

    ECDSA_SIG_get0() returns internal pointers the r and s values contained +in sig and stores them in *pr and *ps, respectively. +The pointer pr or ps can be NULL, in which case the corresponding value +is not returned.

    +

    The values r, s can also be retrieved separately by the corresponding +function ECDSA_SIG_get0_r() and ECDSA_SIG_get0_s(), respectively.

    +

    The r and s values can be set by calling ECDSA_SIG_set0() and passing the +new values for r and s as parameters to the function. Calling this +function transfers the memory management of the values to the ECDSA_SIG object, +and therefore the values that have been passed in should not be freed directly +after this function has been called.

    +

    See i2d_ECDSA_SIG(3) and d2i_ECDSA_SIG(3) for information about encoding +and decoding ECDSA signatures to/from DER.

    +

    All of the functions described below are deprecated. Applications should +use the higher level EVP interface such as EVP_DigestSignInit(3) +or EVP_DigestVerifyInit(3) instead.

    +

    ECDSA_size() returns the maximum length of a DER encoded ECDSA signature +created with the private EC key eckey. To obtain the actual signature +size use EVP_PKEY_sign(3) with a NULL sig parameter.

    +

    ECDSA_sign() computes a digital signature of the dgstlen bytes hash value +dgst using the private EC key eckey. The DER encoded signatures is +stored in sig and its length is returned in sig_len. Note: sig must +point to ECDSA_size(eckey) bytes of memory. The parameter type is currently +ignored. ECDSA_sign() is wrapper function for ECDSA_sign_ex() with kinv +and rp set to NULL.

    +

    ECDSA_do_sign() is similar to ECDSA_sign() except the signature is returned +as a newly allocated ECDSA_SIG structure (or NULL on error). ECDSA_do_sign() +is a wrapper function for ECDSA_do_sign_ex() with kinv and rp set to +NULL.

    +

    ECDSA_verify() verifies that the signature in sig of size siglen is a +valid ECDSA signature of the hash value dgst of size dgstlen using the +public key eckey. The parameter type is ignored.

    +

    ECDSA_do_verify() is similar to ECDSA_verify() except the signature is +presented in the form of a pointer to an ECDSA_SIG structure.

    +

    The remaining functions utilise the internal kinv and r values used +during signature computation. Most applications will never need to call these +and some external ECDSA ENGINE implementations may not support them at all if +either kinv or r is not NULL.

    +

    ECDSA_sign_setup() may be used to precompute parts of the signing operation. +eckey is the private EC key and ctx is a pointer to BN_CTX structure +(or NULL). The precomputed values or returned in kinv and rp and can be +used in a later call to ECDSA_sign_ex() or ECDSA_do_sign_ex().

    +

    ECDSA_sign_ex() computes a digital signature of the dgstlen bytes hash value +dgst using the private EC key eckey and the optional pre-computed values +kinv and rp. The DER encoded signature is stored in sig and its +length is returned in sig_len. Note: sig must point to ECDSA_size(eckey) +bytes of memory. The parameter type is ignored.

    +

    ECDSA_do_sign_ex() is similar to ECDSA_sign_ex() except the signature is +returned as a newly allocated ECDSA_SIG structure (or NULL on error).

    +

    +

    +
    +

    RETURN VALUES

    +

    ECDSA_SIG_new() returns NULL if the allocation fails.

    +

    ECDSA_SIG_set0() returns 1 on success or 0 on failure.

    +

    ECDSA_SIG_get0_r() and ECDSA_SIG_get0_s() return the corresponding value, +or NULL if it is unset.

    +

    ECDSA_size() returns the maximum length signature or 0 on error.

    +

    ECDSA_sign(), ECDSA_sign_ex() and ECDSA_sign_setup() return 1 if successful +or 0 on error.

    +

    ECDSA_do_sign() and ECDSA_do_sign_ex() return a pointer to an allocated +ECDSA_SIG structure or NULL on error.

    +

    ECDSA_verify() and ECDSA_do_verify() return 1 for a valid +signature, 0 for an invalid signature and -1 on error. +The error codes can be obtained by ERR_get_error(3).

    +

    +

    +
    +

    EXAMPLES

    +

    Creating an ECDSA signature of a given SHA-256 hash value using the +named curve prime256v1 (aka P-256).

    +

    First step: create an EC_KEY object (note: this part is not ECDSA +specific)

    +
    + int ret;
+ ECDSA_SIG *sig;
+ EC_KEY *eckey;
    +
    + eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
+ if (eckey == NULL)
+     /* error */
+ if (EC_KEY_generate_key(eckey) == 0)
+     /* error */
    +

    Second step: compute the ECDSA signature of a SHA-256 hash value +using ECDSA_do_sign():

    +
    + sig = ECDSA_do_sign(digest, 32, eckey);
+ if (sig == NULL)
+     /* error */
    +

    or using ECDSA_sign():

    +
    + unsigned char *buffer, *pp;
+ int buf_len;
    +
    + buf_len = ECDSA_size(eckey);
+ buffer = OPENSSL_malloc(buf_len);
+ pp = buffer;
+ if (ECDSA_sign(0, dgst, dgstlen, pp, &buf_len, eckey) == 0)
+     /* error */
    +

    Third step: verify the created ECDSA signature using ECDSA_do_verify():

    +
    + ret = ECDSA_do_verify(digest, 32, sig, eckey);
    +

    or using ECDSA_verify():

    +
    + ret = ECDSA_verify(0, digest, 32, buffer, buf_len, eckey);
    +

    and finally evaluate the return value:

    +
    + if (ret == 1)
+     /* signature ok */
+ else if (ret == 0)
+     /* incorrect signature */
+ else
+     /* error */
    +

    +

    +
    +

    CONFORMING TO

    +

    ANSI X9.62, US Federal Information Processing Standard FIPS 186-2 +(Digital Signature Standard, DSS)

    +

    +

    +
    +

    SEE ALSO

    +

    EC_KEY_new(3), +EVP_DigestSignInit(3), +EVP_DigestVerifyInit(3), +EVP_PKEY_sign(3) +i2d_ECDSA_SIG(3), +d2i_ECDSA_SIG(3)

    +

    +

    +
    +

    HISTORY

    +

    The ECDSA_size(), ECDSA_sign(), ECDSA_do_sign(), ECDSA_verify(), +ECDSA_do_verify(), ECDSA_sign_setup(), ECDSA_sign_ex() and ECDSA_do_sign_ex() +functions were deprecated in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/ECPKParameters_print.html b/linux_amd64/share/doc/openssl/html/man3/ECPKParameters_print.html new file mode 100755 index 0000000..dcabd8e --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/ECPKParameters_print.html @@ -0,0 +1,80 @@ + + + + +ECPKParameters_print + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    ECPKParameters_print, ECPKParameters_print_fp - Functions for decoding and +encoding ASN1 representations of elliptic curve entities

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ec.h>
    +
    + int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off);
+ int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off);
    +

    +

    +
    +

    DESCRIPTION

    +

    The ECPKParameters represent the public parameters for an +EC_GROUP structure, which represents a curve.

    +

    The ECPKParameters_print() and ECPKParameters_print_fp() functions print +a human-readable output of the public parameters of the EC_GROUP to bp +or fp. The output lines are indented by off spaces.

    +

    +

    +
    +

    RETURN VALUES

    +

    ECPKParameters_print() and ECPKParameters_print_fp() +return 1 for success and 0 if an error occurs.

    +

    +

    +
    +

    SEE ALSO

    +

    crypto(7), EC_GROUP_new(3), EC_GROUP_copy(3), +EC_POINT_new(3), EC_POINT_add(3), EC_KEY_new(3), +EC_GFp_simple_method(3),

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2013-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EC_GFp_simple_method.html b/linux_amd64/share/doc/openssl/html/man3/EC_GFp_simple_method.html new file mode 100755 index 0000000..f2615d5 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EC_GFp_simple_method.html @@ -0,0 +1,101 @@ + + + + +EC_GFp_simple_method + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EC_GFp_simple_method, EC_GFp_mont_method, EC_GFp_nist_method, EC_GFp_nistp224_method, EC_GFp_nistp256_method, EC_GFp_nistp521_method, EC_GF2m_simple_method, EC_METHOD_get_field_type - Functions for obtaining EC_METHOD objects

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ec.h>
    +
    + const EC_METHOD *EC_GFp_simple_method(void);
+ const EC_METHOD *EC_GFp_mont_method(void);
+ const EC_METHOD *EC_GFp_nist_method(void);
+ const EC_METHOD *EC_GFp_nistp224_method(void);
+ const EC_METHOD *EC_GFp_nistp256_method(void);
+ const EC_METHOD *EC_GFp_nistp521_method(void);
    +
    + const EC_METHOD *EC_GF2m_simple_method(void);
    +
    + int EC_METHOD_get_field_type(const EC_METHOD *meth);
    +

    +

    +
    +

    DESCRIPTION

    +

    The Elliptic Curve library provides a number of different implementations through a single common interface. +When constructing a curve using EC_GROUP_new (see EC_GROUP_new(3)) an +implementation method must be provided. The functions described here all return a const pointer to an +EC_METHOD structure that can be passed to EC_GROUP_NEW. It is important that the correct implementation +type for the form of curve selected is used.

    +

    For F2^m curves there is only one implementation choice, i.e. EC_GF2_simple_method.

    +

    For Fp curves the lowest common denominator implementation is the EC_GFp_simple_method implementation. All +other implementations are based on this one. EC_GFp_mont_method builds on EC_GFp_simple_method but adds the +use of montgomery multiplication (see BN_mod_mul_montgomery(3)). EC_GFp_nist_method +offers an implementation optimised for use with NIST recommended curves (NIST curves are available through +EC_GROUP_new_by_curve_name as described in EC_GROUP_new(3)).

    +

    The functions EC_GFp_nistp224_method, EC_GFp_nistp256_method and EC_GFp_nistp521_method offer 64 bit +optimised implementations for the NIST P224, P256 and P521 curves respectively. Note, however, that these +implementations are not available on all platforms.

    +

    EC_METHOD_get_field_type identifies what type of field the EC_METHOD structure supports, which will be either +F2^m or Fp. If the field type is Fp then the value NID_X9_62_prime_field is returned. If the field type is +F2^m then the value NID_X9_62_characteristic_two_field is returned. These values are defined in the +obj_mac.h header file.

    +

    +

    +
    +

    RETURN VALUES

    +

    All EC_GFp* functions and EC_GF2m_simple_method always return a const pointer to an EC_METHOD structure.

    +

    EC_METHOD_get_field_type returns an integer that identifies the type of field the EC_METHOD structure supports.

    +

    +

    +
    +

    SEE ALSO

    +

    crypto(7), EC_GROUP_new(3), EC_GROUP_copy(3), +EC_POINT_new(3), EC_POINT_add(3), EC_KEY_new(3), +d2i_ECPKParameters(3), +BN_mod_mul_montgomery(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2013-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EC_GROUP_copy.html b/linux_amd64/share/doc/openssl/html/man3/EC_GROUP_copy.html new file mode 100755 index 0000000..19d2896 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EC_GROUP_copy.html @@ -0,0 +1,243 @@ + + + + +EC_GROUP_copy + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EC_GROUP_get0_order, EC_GROUP_order_bits, EC_GROUP_get0_cofactor, +EC_GROUP_copy, EC_GROUP_dup, EC_GROUP_method_of, EC_GROUP_set_generator, +EC_GROUP_get0_generator, EC_GROUP_get_order, EC_GROUP_get_cofactor, +EC_GROUP_set_curve_name, EC_GROUP_get_curve_name, EC_GROUP_set_asn1_flag, +EC_GROUP_get_asn1_flag, EC_GROUP_set_point_conversion_form, +EC_GROUP_get_point_conversion_form, EC_GROUP_get0_seed, +EC_GROUP_get_seed_len, EC_GROUP_set_seed, EC_GROUP_get_degree, +EC_GROUP_check, EC_GROUP_check_named_curve, +EC_GROUP_check_discriminant, EC_GROUP_cmp, +EC_GROUP_get_basis_type, EC_GROUP_get_trinomial_basis, +EC_GROUP_get_pentanomial_basis, EC_GROUP_get0_field +- Functions for manipulating EC_GROUP objects

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ec.h>
    +
    + int EC_GROUP_copy(EC_GROUP *dst, const EC_GROUP *src);
+ EC_GROUP *EC_GROUP_dup(const EC_GROUP *src);
    +
    + const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group);
    +
    + int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator,
+                            const BIGNUM *order, const BIGNUM *cofactor);
+ const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group);
    +
    + int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx);
+ const BIGNUM *EC_GROUP_get0_order(const EC_GROUP *group);
+ int EC_GROUP_order_bits(const EC_GROUP *group);
+ int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx);
+ const BIGNUM *EC_GROUP_get0_cofactor(const EC_GROUP *group);
+ const BIGNUM *EC_GROUP_get0_field(const EC_GROUP *group);
    +
    + void EC_GROUP_set_curve_name(EC_GROUP *group, int nid);
+ int EC_GROUP_get_curve_name(const EC_GROUP *group);
    +
    + void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag);
+ int EC_GROUP_get_asn1_flag(const EC_GROUP *group);
    +
    + void EC_GROUP_set_point_conversion_form(EC_GROUP *group, point_conversion_form_t form);
+ point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *group);
    +
    + unsigned char *EC_GROUP_get0_seed(const EC_GROUP *x);
+ size_t EC_GROUP_get_seed_len(const EC_GROUP *);
+ size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len);
    +
    + int EC_GROUP_get_degree(const EC_GROUP *group);
    +
    + int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx);
+ int EC_GROUP_check_named_curve(const EC_GROUP *group, int nist_only,
+                                BN_CTX *ctx);
    +
    + int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx);
    +
    + int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx);
    +
    + int EC_GROUP_get_basis_type(const EC_GROUP *);
+ int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k);
+ int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1,
+                                    unsigned int *k2, unsigned int *k3);
    +

    +

    +
    +

    DESCRIPTION

    +

    EC_GROUP_copy() copies the curve src into dst. Both src and dst must use the same EC_METHOD.

    +

    EC_GROUP_dup() creates a new EC_GROUP object and copies the content from src to the newly created +EC_GROUP object.

    +

    EC_GROUP_method_of() obtains the EC_METHOD of group.

    +

    EC_GROUP_set_generator() sets curve parameters that must be agreed by all participants using the curve. These +parameters include the generator, the order and the cofactor. The generator is a well defined point on the +curve chosen for cryptographic operations. Integers used for point multiplications will be between 0 and +n-1 where n is the order. The order multiplied by the cofactor gives the number of points on the curve.

    +

    EC_GROUP_get0_generator() returns the generator for the identified group.

    +

    EC_GROUP_get_order() retrieves the order of group and copies its value into +order. It fails in case group is not fully initialized (i.e., its order +is not set or set to zero).

    +

    EC_GROUP_get_cofactor() retrieves the cofactor of group and copies its value +into cofactor. It fails in case group is not fully initialized or if the +cofactor is not set (or set to zero).

    +

    The functions EC_GROUP_set_curve_name() and EC_GROUP_get_curve_name(), set and get the NID for the curve respectively +(see EC_GROUP_new(3)). If a curve does not have a NID associated with it, then EC_GROUP_get_curve_name +will return NID_undef.

    +

    The asn1_flag value is used to determine whether the curve encoding uses +explicit parameters or a named curve using an ASN1 OID: many applications only +support the latter form. If asn1_flag is OPENSSL_EC_NAMED_CURVE then the +named curve form is used and the parameters must have a corresponding +named curve NID set. If asn1_flags is OPENSSL_EC_EXPLICIT_CURVE the +parameters are explicitly encoded. The functions EC_GROUP_get_asn1_flag() and +EC_GROUP_set_asn1_flag() get and set the status of the asn1_flag for the curve. +Note: OPENSSL_EC_EXPLICIT_CURVE was added in OpenSSL 1.1.0, for +previous versions of OpenSSL the value 0 must be used instead. Before OpenSSL +1.1.0 the default form was to use explicit parameters (meaning that +applications would have to explicitly set the named curve form) in OpenSSL +1.1.0 and later the named curve form is the default.

    +

    The point_conversion_form for a curve controls how EC_POINT data is encoded as ASN1 as defined in X9.62 (ECDSA). +point_conversion_form_t is an enum defined as follows:

    +
    + typedef enum {
+        /** the point is encoded as z||x, where the octet z specifies
+         *   which solution of the quadratic equation y is  */
+        POINT_CONVERSION_COMPRESSED = 2,
+        /** the point is encoded as z||x||y, where z is the octet 0x04  */
+        POINT_CONVERSION_UNCOMPRESSED = 4,
+        /** the point is encoded as z||x||y, where the octet z specifies
+         *  which solution of the quadratic equation y is  */
+        POINT_CONVERSION_HYBRID = 6
+ } point_conversion_form_t;
    +

    For POINT_CONVERSION_UNCOMPRESSED the point is encoded as an octet signifying the UNCOMPRESSED form has been used followed by +the octets for x, followed by the octets for y.

    +

    For any given x co-ordinate for a point on a curve it is possible to derive two possible y values. For +POINT_CONVERSION_COMPRESSED the point is encoded as an octet signifying that the COMPRESSED form has been used AND which of +the two possible solutions for y has been used, followed by the octets for x.

    +

    For POINT_CONVERSION_HYBRID the point is encoded as an octet signifying the HYBRID form has been used AND which of the two +possible solutions for y has been used, followed by the octets for x, followed by the octets for y.

    +

    The functions EC_GROUP_set_point_conversion_form() and EC_GROUP_get_point_conversion_form(), set and get the point_conversion_form +for the curve respectively.

    +

    ANSI X9.62 (ECDSA standard) defines a method of generating the curve parameter b from a random number. This provides advantages +in that a parameter obtained in this way is highly unlikely to be susceptible to special purpose attacks, or have any trapdoors in it. +If the seed is present for a curve then the b parameter was generated in a verifiable fashion using that seed. The OpenSSL EC library +does not use this seed value but does enable you to inspect it using EC_GROUP_get0_seed(). This returns a pointer to a memory block +containing the seed that was used. The length of the memory block can be obtained using EC_GROUP_get_seed_len(). A number of the +built-in curves within the library provide seed values that can be obtained. It is also possible to set a custom seed using +EC_GROUP_set_seed() and passing a pointer to a memory block, along with the length of the seed. Again, the EC library will not use +this seed value, although it will be preserved in any ASN1 based communications.

    +

    EC_GROUP_get_degree() gets the degree of the field. For Fp fields this will be the number of bits in p. For F2^m fields this will be +the value m.

    +

    The function EC_GROUP_check_discriminant() calculates the discriminant for the curve and verifies that it is valid. +For a curve defined over Fp the discriminant is given by the formula 4*a^3 + 27*b^2 whilst for F2^m curves the discriminant is +simply b. In either case for the curve to be valid the discriminant must be non zero.

    +

    The function EC_GROUP_check() performs a number of checks on a curve to verify that it is valid. Checks performed include +verifying that the discriminant is non zero; that a generator has been defined; that the generator is on the curve and has +the correct order.

    +

    The function EC_GROUP_check_named_curve() determines if the group's domain parameters match one of the built-in curves supported by the library. +The curve name is returned as a NID if it matches. If the group's domain parameters have been modified then no match will be found. +If the curve name of the given group is NID_undef (e.g. it has been created by using explicit parameters with no curve name), +then this method can be used to lookup the name of the curve that matches the group domain parameters. The built-in curves contain +aliases, so that multiple NID's can map to the same domain parameters. For such curves it is unspecified which of the aliases will be +returned if the curve name of the given group is NID_undef. +If nist_only is 1 it will only look for NIST approved curves, otherwise it searches all built-in curves. +This function may be passed a BN_CTX object in the ctx parameter. +The ctx parameter may be NULL.

    +

    EC_GROUP_cmp() compares a and b to determine whether they represent the same curve or not.

    +

    The functions EC_GROUP_get_basis_type(), EC_GROUP_get_trinomial_basis() and EC_GROUP_get_pentanomial_basis() should only be called for curves +defined over an F2^m field. Addition and multiplication operations within an F2^m field are performed using an irreducible polynomial +function f(x). This function is either a trinomial of the form:

    +

    f(x) = x^m + x^k + 1 with m > k >= 1

    +

    or a pentanomial of the form:

    +

    f(x) = x^m + x^k3 + x^k2 + x^k1 + 1 with m > k3 > k2 > k1 >= 1

    +

    The function EC_GROUP_get_basis_type() returns a NID identifying whether a trinomial or pentanomial is in use for the field. The +function EC_GROUP_get_trinomial_basis() must only be called where f(x) is of the trinomial form, and returns the value of k. Similarly +the function EC_GROUP_get_pentanomial_basis() must only be called where f(x) is of the pentanomial form, and returns the values of k1, +k2 and k3 respectively.

    +

    +

    +
    +

    RETURN VALUES

    +

    The following functions return 1 on success or 0 on error: EC_GROUP_copy(), EC_GROUP_set_generator(), EC_GROUP_check(), +EC_GROUP_check_discriminant(), EC_GROUP_get_trinomial_basis() and EC_GROUP_get_pentanomial_basis().

    +

    EC_GROUP_dup() returns a pointer to the duplicated curve, or NULL on error.

    +

    EC_GROUP_method_of() returns the EC_METHOD implementation in use for the given curve or NULL on error.

    +

    EC_GROUP_get0_generator() returns the generator for the given curve or NULL on error.

    +

    EC_GROUP_get_order() returns 0 if the order is not set (or set to zero) for +group or if copying into order fails, 1 otherwise.

    +

    EC_GROUP_get_cofactor() returns 0 if the cofactor is not set (or is set to zero) for group or if copying into cofactor fails, 1 otherwise.

    +

    EC_GROUP_get_curve_name() returns the curve name (NID) for group or will return NID_undef if no curve name is associated.

    +

    EC_GROUP_get_asn1_flag() returns the ASN1 flag for the specified group .

    +

    EC_GROUP_get_point_conversion_form() returns the point_conversion_form for group.

    +

    EC_GROUP_get_degree() returns the degree for group or 0 if the operation is not supported by the underlying group implementation.

    +

    EC_GROUP_check_named_curve() returns the nid of the matching named curve, otherwise it returns 0 for no match, or -1 on error.

    +

    EC_GROUP_get0_order() returns an internal pointer to the group order. +EC_GROUP_order_bits() returns the number of bits in the group order. +EC_GROUP_get0_cofactor() returns an internal pointer to the group cofactor. +EC_GROUP_get0_field() returns an internal pointer to the group field. For curves over GF(p), this is the modulus; for curves +over GF(2^m), this is the irreducible polynomial defining the field.

    +

    EC_GROUP_get0_seed() returns a pointer to the seed that was used to generate the parameter b, or NULL if the seed is not +specified. EC_GROUP_get_seed_len() returns the length of the seed or 0 if the seed is not specified.

    +

    EC_GROUP_set_seed() returns the length of the seed that has been set. If the supplied seed is NULL, or the supplied seed length is +0, the return value will be 1. On error 0 is returned.

    +

    EC_GROUP_cmp() returns 0 if the curves are equal, 1 if they are not equal, or -1 on error.

    +

    EC_GROUP_get_basis_type() returns the values NID_X9_62_tpBasis or NID_X9_62_ppBasis (as defined in <openssl/obj_mac.h>) for a +trinomial or pentanomial respectively. Alternatively in the event of an error a 0 is returned.

    +

    +

    +
    +

    SEE ALSO

    +

    crypto(7), EC_GROUP_new(3), +EC_POINT_new(3), EC_POINT_add(3), EC_KEY_new(3), +EC_GFp_simple_method(3), d2i_ECPKParameters(3)

    +

    +

    +
    +

    HISTORY

    +

    The EC_GROUP_check_named_curve() function was added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2013-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EC_GROUP_new.html b/linux_amd64/share/doc/openssl/html/man3/EC_GROUP_new.html new file mode 100755 index 0000000..647a984 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EC_GROUP_new.html @@ -0,0 +1,219 @@ + + + + +EC_GROUP_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EC_GROUP_get_ecparameters, +EC_GROUP_get_ecpkparameters, +EC_GROUP_new_ex, +EC_GROUP_new, +EC_GROUP_new_from_ecparameters, +EC_GROUP_new_from_ecpkparameters, +EC_GROUP_free, +EC_GROUP_clear_free, +EC_GROUP_new_curve_GFp, +EC_GROUP_new_curve_GF2m, +EC_GROUP_new_by_curve_name_ex, +EC_GROUP_new_by_curve_name, +EC_GROUP_set_curve, +EC_GROUP_get_curve, +EC_GROUP_set_curve_GFp, +EC_GROUP_get_curve_GFp, +EC_GROUP_set_curve_GF2m, +EC_GROUP_get_curve_GF2m, +EC_get_builtin_curves - Functions for creating and destroying EC_GROUP +objects

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ec.h>
    +
    + EC_GROUP *EC_GROUP_new_ex(OPENSSL_CTX *libctx, const EC_METHOD *meth);
+ EC_GROUP *EC_GROUP_new(const EC_METHOD *meth);
+ EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params)
+ EC_GROUP *EC_GROUP_new_from_ecpkparameters(const ECPKPARAMETERS *params)
+ void EC_GROUP_free(EC_GROUP *group);
    +
    + EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a,
+                                  const BIGNUM *b, BN_CTX *ctx);
+ EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a,
+                                   const BIGNUM *b, BN_CTX *ctx);
+ EC_GROUP *EC_GROUP_new_by_curve_name_ex(OPENSSL_CTX *libctx, int nid);
+ EC_GROUP *EC_GROUP_new_by_curve_name(int nid);
    +
    + int EC_GROUP_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
+                        const BIGNUM *b, BN_CTX *ctx);
+ int EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b,
+                        BN_CTX *ctx);
+ int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p,
+                            const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
+ int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p,
+                            BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
+ int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p,
+                             const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
+ int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p,
+                             BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
    +
    + ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group, ECPARAMETERS *params)
+ ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group, ECPKPARAMETERS *params)
    +
    + size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems);
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + void EC_GROUP_clear_free(EC_GROUP *group);
    +

    +

    +
    +

    DESCRIPTION

    +

    Within the library there are two forms of elliptic curve that are of interest. +The first form is those defined over the prime field Fp. The elements of Fp are +the integers 0 to p-1, where p is a prime number. This gives us a revised +elliptic curve equation as follows:

    +

    y^2 mod p = x^3 +ax + b mod p

    +

    The second form is those defined over a binary field F2^m where the elements of +the field are integers of length at most m bits. For this form the elliptic +curve equation is modified to:

    +

    y^2 + xy = x^3 + ax^2 + b (where b != 0)

    +

    Operations in a binary field are performed relative to an +irreducible polynomial. All such curves with OpenSSL use a trinomial or a +pentanomial for this parameter.

    +

    A new curve can be constructed by calling EC_GROUP_new_ex(), using the +implementation provided by meth (see EC_GFp_simple_method(3)) and +associated with the library context ctx (see OPENSSL_CTX(3)). +The ctx parameter may be NULL in which case the default library context is +used. +It is then necessary to call EC_GROUP_set_curve() to set the curve parameters. +EC_GROUP_new_from_ecparameters() will create a group from the +specified params and +EC_GROUP_new_from_ecpkparameters() will create a group from the specific PK +params.

    +

    EC_GROUP_new() is the same as EC_GROUP_new_ex() except that the library context +used is always the default library context.

    +

    EC_GROUP_set_curve() sets the curve parameters p, a and b. For a curve +over Fp p is the prime for the field. For a curve over F2^m p represents +the irreducible polynomial - each bit represents a term in the polynomial. +Therefore there will either be three or five bits set dependent on whether the +polynomial is a trinomial or a pentanomial. +In either case, a and b represents the coefficients a and b from the +relevant equation introduced above.

    +

    EC_group_get_curve() obtains the previously set curve parameters.

    +

    EC_GROUP_set_curve_GFp() and EC_GROUP_set_curve_GF2m() are synonyms for +EC_GROUP_set_curve(). They are defined for backwards compatibility only and +should not be used.

    +

    EC_GROUP_get_curve_GFp() and EC_GROUP_get_curve_GF2m() are synonyms for +EC_GROUP_get_curve(). They are defined for backwards compatibility only and +should not be used.

    +

    The functions EC_GROUP_new_curve_GFp() and EC_GROUP_new_curve_GF2m() are +shortcuts for calling EC_GROUP_new() and then the EC_GROUP_set_curve() function. +An appropriate default implementation method will be used.

    +

    Whilst the library can be used to create any curve using the functions described +above, there are also a number of predefined curves that are available. In order +to obtain a list of all of the predefined curves, call the function +EC_get_builtin_curves(). The parameter r should be an array of +EC_builtin_curve structures of size nitems. The function will populate the +r array with information about the built-in curves. If nitems is less than +the total number of curves available, then the first nitems curves will be +returned. Otherwise the total number of curves will be provided. The return +value is the total number of curves available (whether that number has been +populated in r or not). Passing a NULL r, or setting nitems to 0 will +do nothing other than return the total number of curves available. +The EC_builtin_curve structure is defined as follows:

    +
    + typedef struct {
+        int nid;
+        const char *comment;
+        } EC_builtin_curve;
    +

    Each EC_builtin_curve item has a unique integer id (nid), and a human +readable comment string describing the curve.

    +

    In order to construct a built-in curve use the function +EC_GROUP_new_by_curve_name_ex() and provide the nid of the curve to be +constructed and the associated library context to be used in ctx (see +OPENSSL_CTX(3)). The ctx value may be NULL in which case the default +library context is used.

    +

    EC_GROUP_new_by_curve_name() is the same as EC_GROUP_new_by_curve_name_ex() +except that the default library context is always used.

    +

    EC_GROUP_free() frees the memory associated with the EC_GROUP. +If group is NULL nothing is done.

    +

    EC_GROUP_clear_free() is deprecated: it was meant to destroy any sensitive data +held within the EC_GROUP and then free its memory, but since all the data stored +in the EC_GROUP is public anyway, this function is unnecessary. +Its use can be safely replaced with EC_GROUP_free(). +If group is NULL nothing is done.

    +

    +

    +
    +

    RETURN VALUES

    +

    All EC_GROUP_new* functions return a pointer to the newly constructed group, or +NULL on error.

    +

    EC_get_builtin_curves() returns the number of built-in curves that are +available.

    +

    EC_GROUP_set_curve_GFp(), EC_GROUP_get_curve_GFp(), EC_GROUP_set_curve_GF2m(), +EC_GROUP_get_curve_GF2m() return 1 on success or 0 on error.

    +

    +

    +
    +

    SEE ALSO

    +

    crypto(7), EC_GROUP_copy(3), +EC_POINT_new(3), EC_POINT_add(3), EC_KEY_new(3), +EC_GFp_simple_method(3), d2i_ECPKParameters(3), +OPENSSL_CTX(3)

    +

    +

    +
    +

    HISTORY

    +
      +
    • +

      EC_GROUP_new_ex() and EC_GROUP_new_by_curve_name_ex() were added in OpenSSL 3.0.

      +
      • +
    • +

      EC_GROUP_clear_free() was deprecated in OpenSSL 3.0; use EC_GROUP_free() +instead.

      +
      • +
    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EC_KEY_get_enc_flags.html b/linux_amd64/share/doc/openssl/html/man3/EC_KEY_get_enc_flags.html new file mode 100755 index 0000000..a77e62b --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EC_KEY_get_enc_flags.html @@ -0,0 +1,94 @@ + + + + +EC_KEY_get_enc_flags + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EC_KEY_get_enc_flags, EC_KEY_set_enc_flags +- Get and set flags for encoding EC_KEY structures

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ec.h>
    +
    + unsigned int EC_KEY_get_enc_flags(const EC_KEY *key);
+ void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags);
    +

    +

    +
    +

    DESCRIPTION

    +

    The format of the external representation of the public key written by +i2d_ECPrivateKey() (such as whether it is stored in a compressed form or not) is +described by the point_conversion_form. See EC_GROUP_copy(3) +for a description of point_conversion_form.

    +

    When reading a private key encoded without an associated public key (e.g. if +EC_PKEY_NO_PUBKEY has been used - see below), then d2i_ECPrivateKey() generates +the missing public key automatically. Private keys encoded without parameters +(e.g. if EC_PKEY_NO_PARAMETERS has been used - see below) cannot be loaded using +d2i_ECPrivateKey().

    +

    The functions EC_KEY_get_enc_flags() and EC_KEY_set_enc_flags() get and set the +value of the encoding flags for the key. There are two encoding flags +currently defined - EC_PKEY_NO_PARAMETERS and EC_PKEY_NO_PUBKEY. These flags +define the behaviour of how the key is converted into ASN1 in a call to +i2d_ECPrivateKey(). If EC_PKEY_NO_PARAMETERS is set then the public parameters for +the curve are not encoded along with the private key. If EC_PKEY_NO_PUBKEY is +set then the public key is not encoded along with the private key.

    +

    +

    +
    +

    RETURN VALUES

    +

    EC_KEY_get_enc_flags() returns the value of the current encoding flags for the +EC_KEY.

    +

    +

    +
    +

    SEE ALSO

    +

    crypto(7), EC_GROUP_new(3), +EC_GROUP_copy(3), EC_POINT_new(3), +EC_POINT_add(3), +EC_GFp_simple_method(3), +d2i_ECPKParameters(3), +d2i_ECPrivateKey(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EC_KEY_new.html b/linux_amd64/share/doc/openssl/html/man3/EC_KEY_new.html new file mode 100755 index 0000000..cc7d1b6 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EC_KEY_new.html @@ -0,0 +1,215 @@ + + + + +EC_KEY_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EC_KEY_get_method, EC_KEY_set_method, EC_KEY_new_ex, +EC_KEY_new, EC_KEY_get_flags, EC_KEY_set_flags, EC_KEY_clear_flags, +EC_KEY_new_by_curve_name_ex, EC_KEY_new_by_curve_name, EC_KEY_free, EC_KEY_copy, +EC_KEY_dup, EC_KEY_up_ref, EC_KEY_get0_engine, +EC_KEY_get0_group, EC_KEY_set_group, EC_KEY_get0_private_key, +EC_KEY_set_private_key, EC_KEY_get0_public_key, EC_KEY_set_public_key, +EC_KEY_get_conv_form, +EC_KEY_set_conv_form, EC_KEY_set_asn1_flag, EC_KEY_precompute_mult, +EC_KEY_generate_key, EC_KEY_check_key, EC_KEY_set_public_key_affine_coordinates, +EC_KEY_oct2key, EC_KEY_key2buf, EC_KEY_oct2priv, EC_KEY_priv2oct, +EC_KEY_priv2buf - Functions for creating, destroying and manipulating +EC_KEY objects

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ec.h>
    +
    + EC_KEY *EC_KEY_new_ex(OPENSSL_CTX *ctx);
+ EC_KEY *EC_KEY_new(void);
+ int EC_KEY_get_flags(const EC_KEY *key);
+ void EC_KEY_set_flags(EC_KEY *key, int flags);
+ void EC_KEY_clear_flags(EC_KEY *key, int flags);
+ EC_KEY *EC_KEY_new_by_curve_name_ex(OPENSSL_CTX *ctx, int nid);
+ EC_KEY *EC_KEY_new_by_curve_name(int nid);
+ void EC_KEY_free(EC_KEY *key);
+ EC_KEY *EC_KEY_copy(EC_KEY *dst, const EC_KEY *src);
+ EC_KEY *EC_KEY_dup(const EC_KEY *src);
+ int EC_KEY_up_ref(EC_KEY *key);
+ ENGINE *EC_KEY_get0_engine(const EC_KEY *eckey);
+ const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key);
+ int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group);
+ const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key);
+ int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *prv);
+ const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key);
+ int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub);
+ point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key);
+ void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform);
+ void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag);
+ int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx);
+ int EC_KEY_generate_key(EC_KEY *key);
+ int EC_KEY_check_key(const EC_KEY *key);
+ int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, BIGNUM *y);
+ const EC_KEY_METHOD *EC_KEY_get_method(const EC_KEY *key);
+ int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth);
    +
    + int EC_KEY_oct2key(EC_KEY *eckey, const unsigned char *buf, size_t len, BN_CTX *ctx);
+ size_t EC_KEY_key2buf(const EC_KEY *eckey, point_conversion_form_t form,
+                       unsigned char **pbuf, BN_CTX *ctx);
    +
    + int EC_KEY_oct2priv(EC_KEY *eckey, const unsigned char *buf, size_t len);
+ size_t EC_KEY_priv2oct(const EC_KEY *eckey, unsigned char *buf, size_t len);
    +
    + size_t EC_KEY_priv2buf(const EC_KEY *eckey, unsigned char **pbuf);
    +

    +

    +
    +

    DESCRIPTION

    +

    An EC_KEY represents a public key and, optionally, the associated private +key. +A new EC_KEY with no associated curve can be constructed by calling +EC_KEY_new_ex() and specifying the associated library context in ctx +(see OPENSSL_CTX(3)). +The ctx parameter may be NULL in which case the default library context is +used. +The reference count for the newly created EC_KEY is initially +set to 1. +A curve can be associated with the EC_KEY by calling +EC_KEY_set_group().

    +

    EC_KEY_new() is the same as EC_KEY_new_ex() except that the default library +context is always used.

    +

    Alternatively a new EC_KEY can be constructed by calling +EC_KEY_new_by_curve_name_ex() and supplying the nid of the associated curve and +the library context to be used ctx (see OPENSSL_CTX(3)). +The ctx parameter may be NULL in which case the default library context is +used. +See EC_GROUP_new(3) for a description of curve names. +This function simply wraps calls to EC_KEY_new_ex() and +EC_GROUP_new_by_curve_name_ex().

    +

    EC_KEY_new_by_curve_name() is the same as EC_KEY_new_by_curve_name_ex() except +that the default library context is always used.

    +

    Calling EC_KEY_free() decrements the reference count for the EC_KEY object, +and if it has dropped to zero then frees the memory associated with it. If +key is NULL nothing is done.

    +

    EC_KEY_copy() copies the contents of the EC_KEY in src into dest.

    +

    EC_KEY_dup() creates a new EC_KEY object and copies ec_key into it.

    +

    EC_KEY_up_ref() increments the reference count associated with the EC_KEY +object.

    +

    EC_KEY_get0_engine() returns a handle to the ENGINE that has been set for +this EC_KEY object.

    +

    EC_KEY_generate_key() generates a new public and private key for the supplied +eckey object. eckey must have an EC_GROUP object associated with it +before calling this function. The private key is a random integer (0 < priv_key +< order, where order is the order of the EC_GROUP object). The public key is +an EC_POINT on the curve calculated by multiplying the generator for the +curve by the private key.

    +

    EC_KEY_check_key() performs various sanity checks on the EC_KEY object to +confirm that it is valid.

    +

    EC_KEY_set_public_key_affine_coordinates() sets the public key for key based +on its affine co-ordinates; i.e., it constructs an EC_POINT object based on +the supplied x and y values and sets the public key to be this +EC_POINT. It also performs certain sanity checks on the key to confirm +that it is valid.

    +

    The functions EC_KEY_get0_group(), EC_KEY_set_group(), +EC_KEY_get0_private_key(), EC_KEY_set_private_key(), EC_KEY_get0_public_key(), +and EC_KEY_set_public_key() get and set the EC_GROUP object, the private key, +and the EC_POINT public key for the key respectively.

    +

    The functions EC_KEY_get_conv_form() and EC_KEY_set_conv_form() get and set the +point_conversion_form for the key. For a description of +point_conversion_forms please see EC_POINT_new(3).

    +

    EC_KEY_set_flags() sets the flags in the flags parameter on the EC_KEY +object. Any flags that are already set are left set. The flags currently +defined are EC_FLAG_NON_FIPS_ALLOW and EC_FLAG_FIPS_CHECKED. In +addition there is the flag EC_FLAG_COFACTOR_ECDH which is specific to ECDH. +EC_KEY_get_flags() returns the current flags that are set for this EC_KEY. +EC_KEY_clear_flags() clears the flags indicated by the flags parameter; all +other flags are left in their existing state.

    +

    EC_KEY_set_asn1_flag() sets the asn1_flag on the underlying EC_GROUP object +(if set). Refer to EC_GROUP_copy(3) for further information on the +asn1_flag.

    +

    EC_KEY_precompute_mult() stores multiples of the underlying EC_GROUP generator +for faster point multiplication. See also EC_POINT_add(3).

    +

    EC_KEY_oct2key() and EC_KEY_key2buf() are identical to the functions +EC_POINT_oct2point() and EC_KEY_point2buf() except they use the public key +EC_POINT in eckey.

    +

    EC_KEY_oct2priv() and EC_KEY_priv2oct() convert between the private key +component of eckey and octet form. The octet form consists of the content +octets of the privateKey OCTET STRING in an ECPrivateKey ASN.1 structure.

    +

    The function EC_KEY_priv2oct() must be supplied with a buffer long enough to +store the octet form. The return value provides the number of octets stored. +Calling the function with a NULL buffer will not perform the conversion but +will just return the required buffer length.

    +

    The function EC_KEY_priv2buf() allocates a buffer of suitable length and writes +an EC_KEY to it in octet format. The allocated buffer is written to *pbuf +and its length is returned. The caller must free up the allocated buffer with a +call to OPENSSL_free(). Since the allocated buffer value is written to *pbuf +the pbuf parameter MUST NOT be NULL.

    +

    EC_KEY_priv2buf() converts an EC_KEY private key into an allocated buffer.

    +

    +

    +
    +

    RETURN VALUES

    +

    EC_KEY_new_ex(), EC_KEY_new(), EC_KEY_new_by_curve_name() and EC_KEY_dup() +return a pointer to the newly created EC_KEY object, or NULL on error.

    +

    EC_KEY_get_flags() returns the flags associated with the EC_KEY object as an +integer.

    +

    EC_KEY_copy() returns a pointer to the destination key, or NULL on error.

    +

    EC_KEY_get0_engine() returns a pointer to an ENGINE, or NULL if it wasn't set.

    +

    EC_KEY_up_ref(), EC_KEY_set_group(), EC_KEY_set_private_key(), +EC_KEY_set_public_key(), EC_KEY_precompute_mult(), EC_KEY_generate_key(), +EC_KEY_check_key(), EC_KEY_set_public_key_affine_coordinates(), +EC_KEY_oct2key() and EC_KEY_oct2priv() return 1 on success or 0 on error.

    +

    EC_KEY_get0_group() returns the EC_GROUP associated with the EC_KEY.

    +

    EC_KEY_get0_private_key() returns the private key associated with the EC_KEY.

    +

    EC_KEY_get_conv_form() return the point_conversion_form for the EC_KEY.

    +

    EC_KEY_key2buf(), EC_KEY_priv2oct() and EC_KEY_priv2buf() return the length +of the buffer or 0 on error.

    +

    +

    +
    +

    SEE ALSO

    +

    crypto(7), EC_GROUP_new(3), +EC_GROUP_copy(3), EC_POINT_new(3), +EC_POINT_add(3), +EC_GFp_simple_method(3), +d2i_ECPKParameters(3), +OPENSSL_CTX(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2013-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EC_POINT_add.html b/linux_amd64/share/doc/openssl/html/man3/EC_POINT_add.html new file mode 100755 index 0000000..0e7ee17 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EC_POINT_add.html @@ -0,0 +1,109 @@ + + + + +EC_POINT_add + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EC_POINT_add, EC_POINT_dbl, EC_POINT_invert, EC_POINT_is_at_infinity, EC_POINT_is_on_curve, EC_POINT_cmp, EC_POINT_make_affine, EC_POINTs_make_affine, EC_POINTs_mul, EC_POINT_mul, EC_GROUP_precompute_mult, EC_GROUP_have_precompute_mult - Functions for performing mathematical operations and tests on EC_POINT objects

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ec.h>
    +
    + int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
+                  const EC_POINT *b, BN_CTX *ctx);
+ int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx);
+ int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx);
+ int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *p);
+ int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx);
+ int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx);
+ int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx);
+ int EC_POINTs_make_affine(const EC_GROUP *group, size_t num,
+                           EC_POINT *points[], BN_CTX *ctx);
+ int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, size_t num,
+                   const EC_POINT *p[], const BIGNUM *m[], BN_CTX *ctx);
+ int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n,
+                  const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx);
+ int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
+ int EC_GROUP_have_precompute_mult(const EC_GROUP *group);
    +

    +

    +
    +

    DESCRIPTION

    +

    EC_POINT_add adds the two points a and b and places the result in r. Similarly EC_POINT_dbl doubles the point a and places the +result in r. In both cases it is valid for r to be one of a or b.

    +

    EC_POINT_invert calculates the inverse of the supplied point a. The result is placed back in a.

    +

    The function EC_POINT_is_at_infinity tests whether the supplied point is at infinity or not.

    +

    EC_POINT_is_on_curve tests whether the supplied point is on the curve or not.

    +

    EC_POINT_cmp compares the two supplied points and tests whether or not they are equal.

    +

    The functions EC_POINT_make_affine and EC_POINTs_make_affine force the internal representation of the EC_POINT(s) into the affine +co-ordinate system. In the case of EC_POINTs_make_affine the value num provides the number of points in the array points to be +forced.

    +

    EC_POINT_mul is a convenient interface to EC_POINTs_mul: it calculates the value generator * n + q * m and stores the result in r. +The value n may be NULL in which case the result is just q * m (variable point multiplication). Alternatively, both q and m may be NULL, and n non-NULL, in which case the result is just generator * n (fixed point multiplication). +When performing a single fixed or variable point multiplication, the underlying implementation uses a constant time algorithm, when the input scalar (either n or m) is in the range [0, ec_group_order).

    +

    EC_POINTs_mul calculates the value generator * n + q[0] * m[0] + ... + q[num-1] * m[num-1]. As for EC_POINT_mul the value n may be NULL or num may be zero. +When performing a fixed point multiplication (n is non-NULL and num is 0) or a variable point multiplication (n is NULL and num is 1), the underlying implementation uses a constant time algorithm, when the input scalar (either n or m[0]) is in the range [0, ec_group_order).

    +

    The function EC_GROUP_precompute_mult stores multiples of the generator for faster point multiplication, whilst +EC_GROUP_have_precompute_mult tests whether precomputation has already been done. See EC_GROUP_copy(3) for information +about the generator.

    +

    +

    +
    +

    RETURN VALUES

    +

    The following functions return 1 on success or 0 on error: EC_POINT_add, EC_POINT_dbl, EC_POINT_invert, EC_POINT_make_affine, +EC_POINTs_make_affine, EC_POINTs_make_affine, EC_POINT_mul, EC_POINTs_mul and EC_GROUP_precompute_mult.

    +

    EC_POINT_is_at_infinity returns 1 if the point is at infinity, or 0 otherwise.

    +

    EC_POINT_is_on_curve returns 1 if the point is on the curve, 0 if not, or -1 on error.

    +

    EC_POINT_cmp returns 1 if the points are not equal, 0 if they are, or -1 on error.

    +

    EC_GROUP_have_precompute_mult return 1 if a precomputation has been done, or 0 if not.

    +

    +

    +
    +

    SEE ALSO

    +

    crypto(7), EC_GROUP_new(3), EC_GROUP_copy(3), +EC_POINT_new(3), EC_KEY_new(3), +EC_GFp_simple_method(3), d2i_ECPKParameters(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EC_POINT_new.html b/linux_amd64/share/doc/openssl/html/man3/EC_POINT_new.html new file mode 100755 index 0000000..1852787 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EC_POINT_new.html @@ -0,0 +1,262 @@ + + + + +EC_POINT_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EC_POINT_set_Jprojective_coordinates_GFp, +EC_POINT_point2buf, +EC_POINT_new, +EC_POINT_free, +EC_POINT_clear_free, +EC_POINT_copy, +EC_POINT_dup, +EC_POINT_method_of, +EC_POINT_set_to_infinity, +EC_POINT_get_Jprojective_coordinates_GFp, +EC_POINT_set_affine_coordinates, +EC_POINT_get_affine_coordinates, +EC_POINT_set_compressed_coordinates, +EC_POINT_set_affine_coordinates_GFp, +EC_POINT_get_affine_coordinates_GFp, +EC_POINT_set_compressed_coordinates_GFp, +EC_POINT_set_affine_coordinates_GF2m, +EC_POINT_get_affine_coordinates_GF2m, +EC_POINT_set_compressed_coordinates_GF2m, +EC_POINT_point2oct, +EC_POINT_oct2point, +EC_POINT_point2bn, +EC_POINT_bn2point, +EC_POINT_point2hex, +EC_POINT_hex2point +- Functions for creating, destroying and manipulating EC_POINT objects

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ec.h>
    +
    + EC_POINT *EC_POINT_new(const EC_GROUP *group);
+ void EC_POINT_free(EC_POINT *point);
+ void EC_POINT_clear_free(EC_POINT *point);
+ int EC_POINT_copy(EC_POINT *dst, const EC_POINT *src);
+ EC_POINT *EC_POINT_dup(const EC_POINT *src, const EC_GROUP *group);
+ const EC_METHOD *EC_POINT_method_of(const EC_POINT *point);
+ int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point);
+ int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group,
+                                              EC_POINT *p,
+                                              const BIGNUM *x, const BIGNUM *y,
+                                              const BIGNUM *z, BN_CTX *ctx);
+ int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group,
+                                              const EC_POINT *p,
+                                              BIGNUM *x, BIGNUM *y, BIGNUM *z,
+                                              BN_CTX *ctx);
+ int EC_POINT_set_affine_coordinates(const EC_GROUP *group, EC_POINT *p,
+                                     const BIGNUM *x, const BIGNUM *y,
+                                     BN_CTX *ctx);
+ int EC_POINT_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *p,
+                                     BIGNUM *x, BIGNUM *y, BN_CTX *ctx);
+ int EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *p,
+                                         const BIGNUM *x, int y_bit,
+                                         BN_CTX *ctx);
+ int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *p,
+                                         const BIGNUM *x, const BIGNUM *y,
+                                         BN_CTX *ctx);
+ int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group,
+                                         const EC_POINT *p,
+                                         BIGNUM *x, BIGNUM *y, BN_CTX *ctx);
+ int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group,
+                                             EC_POINT *p,
+                                             const BIGNUM *x, int y_bit,
+                                             BN_CTX *ctx);
+ int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p,
+                                          const BIGNUM *x, const BIGNUM *y,
+                                          BN_CTX *ctx);
+ int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group,
+                                          const EC_POINT *p,
+                                          BIGNUM *x, BIGNUM *y, BN_CTX *ctx);
+ int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group,
+                                              EC_POINT *p,
+                                              const BIGNUM *x, int y_bit,
+                                              BN_CTX *ctx);
+ size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *p,
+                           point_conversion_form_t form,
+                           unsigned char *buf, size_t len, BN_CTX *ctx);
+ size_t EC_POINT_point2buf(const EC_GROUP *group, const EC_POINT *point,
+                           point_conversion_form_t form,
+                           unsigned char **pbuf, BN_CTX *ctx);
+ int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *p,
+                        const unsigned char *buf, size_t len, BN_CTX *ctx);
+ BIGNUM *EC_POINT_point2bn(const EC_GROUP *group, const EC_POINT *p,
+                           point_conversion_form_t form, BIGNUM *bn,
+                           BN_CTX *ctx);
+ EC_POINT *EC_POINT_bn2point(const EC_GROUP *group, const BIGNUM *bn,
+                             EC_POINT *p, BN_CTX *ctx);
+ char *EC_POINT_point2hex(const EC_GROUP *group, const EC_POINT *p,
+                          point_conversion_form_t form, BN_CTX *ctx);
+ EC_POINT *EC_POINT_hex2point(const EC_GROUP *group, const char *hex,
+                              EC_POINT *p, BN_CTX *ctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    An EC_POINT structure represents a point on a curve. A new point is +constructed by calling the function EC_POINT_new() and providing the +group object that the point relates to.

    +

    EC_POINT_free() frees the memory associated with the EC_POINT. +if point is NULL nothing is done.

    +

    EC_POINT_clear_free() destroys any sensitive data held within the EC_POINT and +then frees its memory. If point is NULL nothing is done.

    +

    EC_POINT_copy() copies the point src into dst. Both src and dst +must use the same EC_METHOD.

    +

    EC_POINT_dup() creates a new EC_POINT object and copies the content from +src to the newly created EC_POINT object.

    +

    EC_POINT_method_of() obtains the EC_METHOD associated with point.

    +

    A valid point on a curve is the special point at infinity. A point is set to +be at infinity by calling EC_POINT_set_to_infinity().

    +

    The affine co-ordinates for a point describe a point in terms of its x and y +position. The function EC_POINT_set_affine_coordinates() sets the x and y +co-ordinates for the point p defined over the curve given in group. The +function EC_POINT_get_affine_coordinates() sets x and y, either of which +may be NULL, to the corresponding coordinates of p.

    +

    The functions EC_POINT_set_affine_coordinates_GFp() and +EC_POINT_set_affine_coordinates_GF2m() are synonyms for +EC_POINT_set_affine_coordinates(). They are defined for backwards compatibility +only and should not be used.

    +

    The functions EC_POINT_get_affine_coordinates_GFp() and +EC_POINT_get_affine_coordinates_GF2m() are synonyms for +EC_POINT_get_affine_coordinates(). They are defined for backwards compatibility +only and should not be used.

    +

    As well as the affine co-ordinates, a point can alternatively be described in +terms of its Jacobian projective co-ordinates (for Fp curves only). Jacobian +projective co-ordinates are expressed as three values x, y and z. Working in +this co-ordinate system provides more efficient point multiplication +operations. A mapping exists between Jacobian projective co-ordinates and +affine co-ordinates. A Jacobian projective co-ordinate (x, y, z) can be written +as an affine co-ordinate as (x/(z^2), y/(z^3)). Conversion to Jacobian +projective from affine co-ordinates is simple. The co-ordinate (x, y) is mapped +to (x, y, 1). To set or get the projective co-ordinates use +EC_POINT_set_Jprojective_coordinates_GFp() and +EC_POINT_get_Jprojective_coordinates_GFp() respectively.

    +

    Points can also be described in terms of their compressed co-ordinates. For a +point (x, y), for any given value for x such that the point is on the curve +there will only ever be two possible values for y. Therefore a point can be set +using the EC_POINT_set_compressed_coordinates() function where x is the x +co-ordinate and y_bit is a value 0 or 1 to identify which of the two +possible values for y should be used.

    +

    The functions EC_POINT_set_compressed_coordinates_GFp() and +EC_POINT_set_compressed_coordinates_GF2m() are synonyms for +EC_POINT_set_compressed_coordinates(). They are defined for backwards +compatibility only and should not be used.

    +

    In addition EC_POINT can be converted to and from various external +representations. The octet form is the binary encoding of the ECPoint +structure (as defined in RFC5480 and used in certificates and TLS records): +only the content octets are present, the OCTET STRING tag and length are +not included. BIGNUM form is the octet form interpreted as a big endian +integer converted to a BIGNUM structure. Hexadecimal form is the octet +form converted to a NULL terminated character string where each character +is one of the printable values 0-9 or A-F (or a-f).

    +

    The functions EC_POINT_point2oct(), EC_POINT_oct2point(), EC_POINT_point2bn(), +EC_POINT_bn2point(), EC_POINT_point2hex() and EC_POINT_hex2point() convert from +and to EC_POINTs for the formats: octet, BIGNUM and hexadecimal respectively.

    +

    The function EC_POINT_point2oct() encodes the given curve point p as an +octet string into the buffer buf of size len, using the specified +conversion form form. +The encoding conforms with Sec. 2.3.3 of the SECG SEC 1 ("Elliptic Curve +Cryptography") standard. +Similarly the function EC_POINT_oct2point() decodes a curve point into p from +the octet string contained in the given buffer buf of size len, conforming +to Sec. 2.3.4 of the SECG SEC 1 ("Elliptic Curve Cryptography") standard.

    +

    The functions EC_POINT_point2hex() and EC_POINT_point2bn() convert a point p, +respectively, to the hexadecimal or BIGNUM representation of the same +encoding of the function EC_POINT_point2oct(). +Vice versa, similarly to the function EC_POINT_oct2point(), the functions +EC_POINT_hex2point() and EC_POINT_point2bn() decode the hexadecimal or +BIGNUM representation into the EC_POINT p.

    +

    Notice that, according to the standard, the octet string encoding of the point +at infinity for a given curve is fixed to a single octet of value zero and that, +vice versa, a single octet of size zero is decoded as the point at infinity.

    +

    The function EC_POINT_point2oct() must be supplied with a buffer long enough to +store the octet form. The return value provides the number of octets stored. +Calling the function with a NULL buffer will not perform the conversion but +will still return the required buffer length.

    +

    The function EC_POINT_point2buf() allocates a buffer of suitable length and +writes an EC_POINT to it in octet format. The allocated buffer is written to +*pbuf and its length is returned. The caller must free up the allocated +buffer with a call to OPENSSL_free(). Since the allocated buffer value is +written to *pbuf the pbuf parameter MUST NOT be NULL.

    +

    The function EC_POINT_point2hex() will allocate sufficient memory to store the +hexadecimal string. It is the caller's responsibility to free this memory with +a subsequent call to OPENSSL_free().

    +

    +

    +
    +

    RETURN VALUES

    +

    EC_POINT_new() and EC_POINT_dup() return the newly allocated EC_POINT or NULL +on error.

    +

    The following functions return 1 on success or 0 on error: EC_POINT_copy(), +EC_POINT_set_to_infinity(), EC_POINT_set_Jprojective_coordinates_GFp(), +EC_POINT_get_Jprojective_coordinates_GFp(), +EC_POINT_set_affine_coordinates_GFp(), EC_POINT_get_affine_coordinates_GFp(), +EC_POINT_set_compressed_coordinates_GFp(), +EC_POINT_set_affine_coordinates_GF2m(), EC_POINT_get_affine_coordinates_GF2m(), +EC_POINT_set_compressed_coordinates_GF2m() and EC_POINT_oct2point().

    +

    EC_POINT_method_of returns the EC_METHOD associated with the supplied EC_POINT.

    +

    EC_POINT_point2oct() and EC_POINT_point2buf() return the length of the required +buffer or 0 on error.

    +

    EC_POINT_point2bn() returns the pointer to the BIGNUM supplied, or NULL on +error.

    +

    EC_POINT_bn2point() returns the pointer to the EC_POINT supplied, or NULL on +error.

    +

    EC_POINT_point2hex() returns a pointer to the hex string, or NULL on error.

    +

    EC_POINT_hex2point() returns the pointer to the EC_POINT supplied, or NULL on +error.

    +

    +

    +
    +

    SEE ALSO

    +

    crypto(7), EC_GROUP_new(3), EC_GROUP_copy(3), +EC_POINT_add(3), EC_KEY_new(3), +EC_GFp_simple_method(3), d2i_ECPKParameters(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/ENGINE_add.html b/linux_amd64/share/doc/openssl/html/man3/ENGINE_add.html new file mode 100755 index 0000000..49c60f7 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/ENGINE_add.html @@ -0,0 +1,659 @@ + + + + +ENGINE_add + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    ENGINE_get_DH, ENGINE_get_DSA, +ENGINE_by_id, ENGINE_get_cipher_engine, ENGINE_get_default_DH, +ENGINE_get_default_DSA, +ENGINE_get_default_RAND, +ENGINE_get_default_RSA, ENGINE_get_digest_engine, ENGINE_get_first, +ENGINE_get_last, ENGINE_get_next, ENGINE_get_prev, ENGINE_new, +ENGINE_get_ciphers, ENGINE_get_ctrl_function, ENGINE_get_digests, +ENGINE_get_destroy_function, ENGINE_get_finish_function, +ENGINE_get_init_function, ENGINE_get_load_privkey_function, +ENGINE_get_load_pubkey_function, ENGINE_load_private_key, +ENGINE_load_public_key, ENGINE_get_RAND, ENGINE_get_RSA, ENGINE_get_id, +ENGINE_get_name, ENGINE_get_cmd_defns, ENGINE_get_cipher, +ENGINE_get_digest, ENGINE_add, ENGINE_cmd_is_executable, +ENGINE_ctrl, ENGINE_ctrl_cmd, ENGINE_ctrl_cmd_string, +ENGINE_finish, ENGINE_free, ENGINE_get_flags, ENGINE_init, +ENGINE_register_DH, ENGINE_register_DSA, +ENGINE_register_RAND, ENGINE_register_RSA, +ENGINE_register_all_complete, ENGINE_register_ciphers, +ENGINE_register_complete, ENGINE_register_digests, ENGINE_remove, +ENGINE_set_DH, ENGINE_set_DSA, +ENGINE_set_RAND, ENGINE_set_RSA, ENGINE_set_ciphers, +ENGINE_set_cmd_defns, ENGINE_set_ctrl_function, ENGINE_set_default, +ENGINE_set_default_DH, ENGINE_set_default_DSA, +ENGINE_set_default_RAND, ENGINE_set_default_RSA, +ENGINE_set_default_ciphers, ENGINE_set_default_digests, +ENGINE_set_default_string, ENGINE_set_destroy_function, +ENGINE_set_digests, ENGINE_set_finish_function, ENGINE_set_flags, +ENGINE_set_id, ENGINE_set_init_function, ENGINE_set_load_privkey_function, +ENGINE_set_load_pubkey_function, ENGINE_set_name, ENGINE_up_ref, +ENGINE_get_table_flags, ENGINE_cleanup, +ENGINE_load_builtin_engines, ENGINE_register_all_DH, +ENGINE_register_all_DSA, +ENGINE_register_all_RAND, +ENGINE_register_all_RSA, ENGINE_register_all_ciphers, +ENGINE_register_all_digests, ENGINE_set_table_flags, ENGINE_unregister_DH, +ENGINE_unregister_DSA, +ENGINE_unregister_RAND, ENGINE_unregister_RSA, ENGINE_unregister_ciphers, +ENGINE_unregister_digests +- ENGINE cryptographic module support

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/engine.h>
    +
    + ENGINE *ENGINE_get_first(void);
+ ENGINE *ENGINE_get_last(void);
+ ENGINE *ENGINE_get_next(ENGINE *e);
+ ENGINE *ENGINE_get_prev(ENGINE *e);
    +
    + int ENGINE_add(ENGINE *e);
+ int ENGINE_remove(ENGINE *e);
    +
    + ENGINE *ENGINE_by_id(const char *id);
    +
    + int ENGINE_init(ENGINE *e);
+ int ENGINE_finish(ENGINE *e);
    +
    + void ENGINE_load_builtin_engines(void);
    +
    + ENGINE *ENGINE_get_default_RSA(void);
+ ENGINE *ENGINE_get_default_DSA(void);
+ ENGINE *ENGINE_get_default_DH(void);
+ ENGINE *ENGINE_get_default_RAND(void);
+ ENGINE *ENGINE_get_cipher_engine(int nid);
+ ENGINE *ENGINE_get_digest_engine(int nid);
    +
    + int ENGINE_set_default_RSA(ENGINE *e);
+ int ENGINE_set_default_DSA(ENGINE *e);
+ int ENGINE_set_default_DH(ENGINE *e);
+ int ENGINE_set_default_RAND(ENGINE *e);
+ int ENGINE_set_default_ciphers(ENGINE *e);
+ int ENGINE_set_default_digests(ENGINE *e);
+ int ENGINE_set_default_string(ENGINE *e, const char *list);
    +
    + int ENGINE_set_default(ENGINE *e, unsigned int flags);
    +
    + unsigned int ENGINE_get_table_flags(void);
+ void ENGINE_set_table_flags(unsigned int flags);
    +
    + int ENGINE_register_RSA(ENGINE *e);
+ void ENGINE_unregister_RSA(ENGINE *e);
+ void ENGINE_register_all_RSA(void);
+ int ENGINE_register_DSA(ENGINE *e);
+ void ENGINE_unregister_DSA(ENGINE *e);
+ void ENGINE_register_all_DSA(void);
+ int ENGINE_register_DH(ENGINE *e);
+ void ENGINE_unregister_DH(ENGINE *e);
+ void ENGINE_register_all_DH(void);
+ int ENGINE_register_RAND(ENGINE *e);
+ void ENGINE_unregister_RAND(ENGINE *e);
+ void ENGINE_register_all_RAND(void);
+ int ENGINE_register_ciphers(ENGINE *e);
+ void ENGINE_unregister_ciphers(ENGINE *e);
+ void ENGINE_register_all_ciphers(void);
+ int ENGINE_register_digests(ENGINE *e);
+ void ENGINE_unregister_digests(ENGINE *e);
+ void ENGINE_register_all_digests(void);
+ int ENGINE_register_complete(ENGINE *e);
+ int ENGINE_register_all_complete(void);
    +
    + int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
+ int ENGINE_cmd_is_executable(ENGINE *e, int cmd);
+ int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
+                     long i, void *p, void (*f)(void), int cmd_optional);
+ int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
+                            int cmd_optional);
    +
    + ENGINE *ENGINE_new(void);
+ int ENGINE_free(ENGINE *e);
+ int ENGINE_up_ref(ENGINE *e);
    +
    + int ENGINE_set_id(ENGINE *e, const char *id);
+ int ENGINE_set_name(ENGINE *e, const char *name);
+ int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
+ int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
+ int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth);
+ int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth);
+ int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f);
+ int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f);
+ int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f);
+ int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f);
+ int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f);
+ int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f);
+ int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f);
+ int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f);
+ int ENGINE_set_flags(ENGINE *e, int flags);
+ int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns);
    +
    + const char *ENGINE_get_id(const ENGINE *e);
+ const char *ENGINE_get_name(const ENGINE *e);
+ const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e);
+ const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e);
+ const DH_METHOD *ENGINE_get_DH(const ENGINE *e);
+ const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e);
+ ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e);
+ ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e);
+ ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e);
+ ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e);
+ ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e);
+ ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e);
+ ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e);
+ ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e);
+ const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid);
+ const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid);
+ int ENGINE_get_flags(const ENGINE *e);
+ const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e);
    +
    + EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
+                                   UI_METHOD *ui_method, void *callback_data);
+ EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
+                                  UI_METHOD *ui_method, void *callback_data);
    +

    Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + void ENGINE_cleanup(void)
    +

    +

    +
    +

    DESCRIPTION

    +

    These functions create, manipulate, and use cryptographic modules in the +form of ENGINE objects. These objects act as containers for +implementations of cryptographic algorithms, and support a +reference-counted mechanism to allow them to be dynamically loaded in and +out of the running application.

    +

    The cryptographic functionality that can be provided by an ENGINE +implementation includes the following abstractions;

    +
    + RSA_METHOD - for providing alternative RSA implementations
+ DSA_METHOD, DH_METHOD, RAND_METHOD, ECDH_METHOD, ECDSA_METHOD,
+       - similarly for other OpenSSL APIs
+ EVP_CIPHER - potentially multiple cipher algorithms (indexed by 'nid')
+ EVP_DIGEST - potentially multiple hash algorithms (indexed by 'nid')
+ key-loading - loading public and/or private EVP_PKEY keys
    +

    +

    +

    Reference counting and handles

    +

    Due to the modular nature of the ENGINE API, pointers to ENGINEs need to be +treated as handles - ie. not only as pointers, but also as references to +the underlying ENGINE object. Ie. one should obtain a new reference when +making copies of an ENGINE pointer if the copies will be used (and +released) independently.

    +

    ENGINE objects have two levels of reference-counting to match the way in +which the objects are used. At the most basic level, each ENGINE pointer is +inherently a structural reference - a structural reference is required +to use the pointer value at all, as this kind of reference is a guarantee +that the structure can not be deallocated until the reference is released.

    +

    However, a structural reference provides no guarantee that the ENGINE is +initialised and able to use any of its cryptographic +implementations. Indeed it's quite possible that most ENGINEs will not +initialise at all in typical environments, as ENGINEs are typically used to +support specialised hardware. To use an ENGINE's functionality, you need a +functional reference. This kind of reference can be considered a +specialised form of structural reference, because each functional reference +implicitly contains a structural reference as well - however to avoid +difficult-to-find programming bugs, it is recommended to treat the two +kinds of reference independently. If you have a functional reference to an +ENGINE, you have a guarantee that the ENGINE has been initialised and +is ready to perform cryptographic operations, and will remain initialised +until after you have released your reference.

    +

    Structural references

    +

    This basic type of reference is used for instantiating new ENGINEs, +iterating across OpenSSL's internal linked-list of loaded +ENGINEs, reading information about an ENGINE, etc. Essentially a structural +reference is sufficient if you only need to query or manipulate the data of +an ENGINE implementation rather than use its functionality.

    +

    The ENGINE_new() function returns a structural reference to a new (empty) +ENGINE object. There are other ENGINE API functions that return structural +references such as; ENGINE_by_id(), ENGINE_get_first(), ENGINE_get_last(), +ENGINE_get_next(), ENGINE_get_prev(). All structural references should be +released by a corresponding to call to the ENGINE_free() function - the +ENGINE object itself will only actually be cleaned up and deallocated when +the last structural reference is released.

    +

    It should also be noted that many ENGINE API function calls that accept a +structural reference will internally obtain another reference - typically +this happens whenever the supplied ENGINE will be needed by OpenSSL after +the function has returned. Eg. the function to add a new ENGINE to +OpenSSL's internal list is ENGINE_add() - if this function returns success, +then OpenSSL will have stored a new structural reference internally so the +caller is still responsible for freeing their own reference with +ENGINE_free() when they are finished with it. In a similar way, some +functions will automatically release the structural reference passed to it +if part of the function's job is to do so. Eg. the ENGINE_get_next() and +ENGINE_get_prev() functions are used for iterating across the internal +ENGINE list - they will return a new structural reference to the next (or +previous) ENGINE in the list or NULL if at the end (or beginning) of the +list, but in either case the structural reference passed to the function is +released on behalf of the caller.

    +

    To clarify a particular function's handling of references, one should +always consult that function's documentation "man" page, or failing that +the openssl/engine.h header file includes some hints.

    +

    Functional references

    +

    As mentioned, functional references exist when the cryptographic +functionality of an ENGINE is required to be available. A functional +reference can be obtained in one of two ways; from an existing structural +reference to the required ENGINE, or by asking OpenSSL for the default +operational ENGINE for a given cryptographic purpose.

    +

    To obtain a functional reference from an existing structural reference, +call the ENGINE_init() function. This returns zero if the ENGINE was not +already operational and couldn't be successfully initialised (eg. lack of +system drivers, no special hardware attached, etc), otherwise it will +return nonzero to indicate that the ENGINE is now operational and will +have allocated a new functional reference to the ENGINE. All functional +references are released by calling ENGINE_finish() (which removes the +implicit structural reference as well).

    +

    The second way to get a functional reference is by asking OpenSSL for a +default implementation for a given task, eg. by ENGINE_get_default_RSA(), +ENGINE_get_default_cipher_engine(), etc. These are discussed in the next +section, though they are not usually required by application programmers as +they are used automatically when creating and using the relevant +algorithm-specific types in OpenSSL, such as RSA, DSA, EVP_CIPHER_CTX, etc.

    +

    +

    +

    Default implementations

    +

    For each supported abstraction, the ENGINE code maintains an internal table +of state to control which implementations are available for a given +abstraction and which should be used by default. These implementations are +registered in the tables and indexed by an 'nid' value, because +abstractions like EVP_CIPHER and EVP_DIGEST support many distinct +algorithms and modes, and ENGINEs can support arbitrarily many of them. +In the case of other abstractions like RSA, DSA, etc, there is only one +"algorithm" so all implementations implicitly register using the same 'nid' +index.

    +

    When a default ENGINE is requested for a given abstraction/algorithm/mode, (eg. +when calling RSA_new_method(NULL)), a "get_default" call will be made to the +ENGINE subsystem to process the corresponding state table and return a +functional reference to an initialised ENGINE whose implementation should be +used. If no ENGINE should (or can) be used, it will return NULL and the caller +will operate with a NULL ENGINE handle - this usually equates to using the +conventional software implementation. In the latter case, OpenSSL will from +then on behave the way it used to before the ENGINE API existed.

    +

    Each state table has a flag to note whether it has processed this +"get_default" query since the table was last modified, because to process +this question it must iterate across all the registered ENGINEs in the +table trying to initialise each of them in turn, in case one of them is +operational. If it returns a functional reference to an ENGINE, it will +also cache another reference to speed up processing future queries (without +needing to iterate across the table). Likewise, it will cache a NULL +response if no ENGINE was available so that future queries won't repeat the +same iteration unless the state table changes. This behaviour can also be +changed; if the ENGINE_TABLE_FLAG_NOINIT flag is set (using +ENGINE_set_table_flags()), no attempted initialisations will take place, +instead the only way for the state table to return a non-NULL ENGINE to the +"get_default" query will be if one is expressly set in the table. Eg. +ENGINE_set_default_RSA() does the same job as ENGINE_register_RSA() except +that it also sets the state table's cached response for the "get_default" +query. In the case of abstractions like EVP_CIPHER, where implementations are +indexed by 'nid', these flags and cached-responses are distinct for each 'nid' +value.

    +

    +

    +

    Application requirements

    +

    This section will explain the basic things an application programmer should +support to make the most useful elements of the ENGINE functionality +available to the user. The first thing to consider is whether the +programmer wishes to make alternative ENGINE modules available to the +application and user. OpenSSL maintains an internal linked list of +"visible" ENGINEs from which it has to operate - at start-up, this list is +empty and in fact if an application does not call any ENGINE API calls and +it uses static linking against openssl, then the resulting application +binary will not contain any alternative ENGINE code at all. So the first +consideration is whether any/all available ENGINE implementations should be +made visible to OpenSSL - this is controlled by calling the various "load" +functions.

    +

    The fact that ENGINEs are made visible to OpenSSL (and thus are linked into +the program and loaded into memory at run-time) does not mean they are +"registered" or called into use by OpenSSL automatically - that behaviour +is something for the application to control. Some applications +will want to allow the user to specify exactly which ENGINE they want used +if any is to be used at all. Others may prefer to load all support and have +OpenSSL automatically use at run-time any ENGINE that is able to +successfully initialise - ie. to assume that this corresponds to +acceleration hardware attached to the machine or some such thing. There are +probably numerous other ways in which applications may prefer to handle +things, so we will simply illustrate the consequences as they apply to a +couple of simple cases and leave developers to consider these and the +source code to openssl's built-in utilities as guides.

    +

    If no ENGINE API functions are called within an application, then OpenSSL +will not allocate any internal resources. Prior to OpenSSL 1.1.0, however, +if any ENGINEs are loaded, even if not registered or used, it was necessary to +call ENGINE_cleanup() before the program exits.

    +

    Using a specific ENGINE implementation

    +

    Here we'll assume an application has been configured by its user or admin +to want to use the "ACME" ENGINE if it is available in the version of +OpenSSL the application was compiled with. If it is available, it should be +used by default for all RSA, DSA, and symmetric cipher operations, otherwise +OpenSSL should use its built-in software as per usual. The following code +illustrates how to approach this;

    +
    + ENGINE *e;
+ const char *engine_id = "ACME";
+ ENGINE_load_builtin_engines();
+ e = ENGINE_by_id(engine_id);
+ if (!e)
+     /* the engine isn't available */
+     return;
+ if (!ENGINE_init(e)) {
+     /* the engine couldn't initialise, release 'e' */
+     ENGINE_free(e);
+     return;
+ }
+ if (!ENGINE_set_default_RSA(e))
+     /*
+      * This should only happen when 'e' can't initialise, but the previous
+      * statement suggests it did.
+      */
+     abort();
+ ENGINE_set_default_DSA(e);
+ ENGINE_set_default_ciphers(e);
+ /* Release the functional reference from ENGINE_init() */
+ ENGINE_finish(e);
+ /* Release the structural reference from ENGINE_by_id() */
+ ENGINE_free(e);
    +

    Automatically using built-in ENGINE implementations

    +

    Here we'll assume we want to load and register all ENGINE implementations +bundled with OpenSSL, such that for any cryptographic algorithm required by +OpenSSL - if there is an ENGINE that implements it and can be initialised, +it should be used. The following code illustrates how this can work;

    +
    + /* Load all bundled ENGINEs into memory and make them visible */
+ ENGINE_load_builtin_engines();
+ /* Register all of them for every algorithm they collectively implement */
+ ENGINE_register_all_complete();
    +

    That's all that's required. Eg. the next time OpenSSL tries to set up an +RSA key, any bundled ENGINEs that implement RSA_METHOD will be passed to +ENGINE_init() and if any of those succeed, that ENGINE will be set as the +default for RSA use from then on.

    +

    +

    +

    Advanced configuration support

    +

    There is a mechanism supported by the ENGINE framework that allows each +ENGINE implementation to define an arbitrary set of configuration +"commands" and expose them to OpenSSL and any applications based on +OpenSSL. This mechanism is entirely based on the use of name-value pairs +and assumes ASCII input (no unicode or UTF for now!), so it is ideal if +applications want to provide a transparent way for users to provide +arbitrary configuration "directives" directly to such ENGINEs. It is also +possible for the application to dynamically interrogate the loaded ENGINE +implementations for the names, descriptions, and input flags of their +available "control commands", providing a more flexible configuration +scheme. However, if the user is expected to know which ENGINE device he/she +is using (in the case of specialised hardware, this goes without saying) +then applications may not need to concern themselves with discovering the +supported control commands and simply prefer to pass settings into ENGINEs +exactly as they are provided by the user.

    +

    Before illustrating how control commands work, it is worth mentioning what +they are typically used for. Broadly speaking there are two uses for +control commands; the first is to provide the necessary details to the +implementation (which may know nothing at all specific to the host system) +so that it can be initialised for use. This could include the path to any +driver or config files it needs to load, required network addresses, +smart-card identifiers, passwords to initialise protected devices, +logging information, etc etc. This class of commands typically needs to be +passed to an ENGINE before attempting to initialise it, ie. before +calling ENGINE_init(). The other class of commands consist of settings or +operations that tweak certain behaviour or cause certain operations to take +place, and these commands may work either before or after ENGINE_init(), or +in some cases both. ENGINE implementations should provide indications of +this in the descriptions attached to built-in control commands and/or in +external product documentation.

    +

    Issuing control commands to an ENGINE

    +

    Let's illustrate by example; a function for which the caller supplies the +name of the ENGINE it wishes to use, a table of string-pairs for use before +initialisation, and another table for use after initialisation. Note that +the string-pairs used for control commands consist of a command "name" +followed by the command "parameter" - the parameter could be NULL in some +cases but the name can not. This function should initialise the ENGINE +(issuing the "pre" commands beforehand and the "post" commands afterwards) +and set it as the default for everything except RAND and then return a +boolean success or failure.

    +
    + int generic_load_engine_fn(const char *engine_id,
+                            const char **pre_cmds, int pre_num,
+                            const char **post_cmds, int post_num)
+ {
+     ENGINE *e = ENGINE_by_id(engine_id);
+     if (!e) return 0;
+     while (pre_num--) {
+         if (!ENGINE_ctrl_cmd_string(e, pre_cmds[0], pre_cmds[1], 0)) {
+             fprintf(stderr, "Failed command (%s - %s:%s)\n", engine_id,
+                     pre_cmds[0], pre_cmds[1] ? pre_cmds[1] : "(NULL)");
+             ENGINE_free(e);
+             return 0;
+         }
+         pre_cmds += 2;
+     }
+     if (!ENGINE_init(e)) {
+         fprintf(stderr, "Failed initialisation\n");
+         ENGINE_free(e);
+         return 0;
+     }
+     /*
+      * ENGINE_init() returned a functional reference, so free the structural
+      * reference from ENGINE_by_id().
+      */
+     ENGINE_free(e);
+     while (post_num--) {
+         if (!ENGINE_ctrl_cmd_string(e, post_cmds[0], post_cmds[1], 0)) {
+             fprintf(stderr, "Failed command (%s - %s:%s)\n", engine_id,
+                     post_cmds[0], post_cmds[1] ? post_cmds[1] : "(NULL)");
+             ENGINE_finish(e);
+             return 0;
+         }
+         post_cmds += 2;
+     }
+     ENGINE_set_default(e, ENGINE_METHOD_ALL & ~ENGINE_METHOD_RAND);
+     /* Success */
+     return 1;
+ }
    +

    Note that ENGINE_ctrl_cmd_string() accepts a boolean argument that can +relax the semantics of the function - if set nonzero it will only return +failure if the ENGINE supported the given command name but failed while +executing it, if the ENGINE doesn't support the command name it will simply +return success without doing anything. In this case we assume the user is +only supplying commands specific to the given ENGINE so we set this to +FALSE.

    +

    Discovering supported control commands

    +

    It is possible to discover at run-time the names, numerical-ids, descriptions +and input parameters of the control commands supported by an ENGINE using a +structural reference. Note that some control commands are defined by OpenSSL +itself and it will intercept and handle these control commands on behalf of the +ENGINE, ie. the ENGINE's ctrl() handler is not used for the control command. +openssl/engine.h defines an index, ENGINE_CMD_BASE, that all control commands +implemented by ENGINEs should be numbered from. Any command value lower than +this symbol is considered a "generic" command is handled directly by the +OpenSSL core routines.

    +

    It is using these "core" control commands that one can discover the control +commands implemented by a given ENGINE, specifically the commands:

    +
    + ENGINE_HAS_CTRL_FUNCTION
+ ENGINE_CTRL_GET_FIRST_CMD_TYPE
+ ENGINE_CTRL_GET_NEXT_CMD_TYPE
+ ENGINE_CTRL_GET_CMD_FROM_NAME
+ ENGINE_CTRL_GET_NAME_LEN_FROM_CMD
+ ENGINE_CTRL_GET_NAME_FROM_CMD
+ ENGINE_CTRL_GET_DESC_LEN_FROM_CMD
+ ENGINE_CTRL_GET_DESC_FROM_CMD
+ ENGINE_CTRL_GET_CMD_FLAGS
    +

    Whilst these commands are automatically processed by the OpenSSL framework code, +they use various properties exposed by each ENGINE to process these +queries. An ENGINE has 3 properties it exposes that can affect how this behaves; +it can supply a ctrl() handler, it can specify ENGINE_FLAGS_MANUAL_CMD_CTRL in +the ENGINE's flags, and it can expose an array of control command descriptions. +If an ENGINE specifies the ENGINE_FLAGS_MANUAL_CMD_CTRL flag, then it will +simply pass all these "core" control commands directly to the ENGINE's ctrl() +handler (and thus, it must have supplied one), so it is up to the ENGINE to +reply to these "discovery" commands itself. If that flag is not set, then the +OpenSSL framework code will work with the following rules:

    +
    + if no ctrl() handler supplied;
+     ENGINE_HAS_CTRL_FUNCTION returns FALSE (zero),
+     all other commands fail.
+ if a ctrl() handler was supplied but no array of control commands;
+     ENGINE_HAS_CTRL_FUNCTION returns TRUE,
+     all other commands fail.
+ if a ctrl() handler and array of control commands was supplied;
+     ENGINE_HAS_CTRL_FUNCTION returns TRUE,
+     all other commands proceed processing ...
    +

    If the ENGINE's array of control commands is empty then all other commands will +fail, otherwise; ENGINE_CTRL_GET_FIRST_CMD_TYPE returns the identifier of +the first command supported by the ENGINE, ENGINE_GET_NEXT_CMD_TYPE takes the +identifier of a command supported by the ENGINE and returns the next command +identifier or fails if there are no more, ENGINE_CMD_FROM_NAME takes a string +name for a command and returns the corresponding identifier or fails if no such +command name exists, and the remaining commands take a command identifier and +return properties of the corresponding commands. All except +ENGINE_CTRL_GET_FLAGS return the string length of a command name or description, +or populate a supplied character buffer with a copy of the command name or +description. ENGINE_CTRL_GET_FLAGS returns a bitwise-OR'd mask of the following +possible values:

    +
    + ENGINE_CMD_FLAG_NUMERIC
+ ENGINE_CMD_FLAG_STRING
+ ENGINE_CMD_FLAG_NO_INPUT
+ ENGINE_CMD_FLAG_INTERNAL
    +

    If the ENGINE_CMD_FLAG_INTERNAL flag is set, then any other flags are purely +informational to the caller - this flag will prevent the command being usable +for any higher-level ENGINE functions such as ENGINE_ctrl_cmd_string(). +"INTERNAL" commands are not intended to be exposed to text-based configuration +by applications, administrations, users, etc. These can support arbitrary +operations via ENGINE_ctrl(), including passing to and/or from the control +commands data of any arbitrary type. These commands are supported in the +discovery mechanisms simply to allow applications to determine if an ENGINE +supports certain specific commands it might want to use (eg. application "foo" +might query various ENGINEs to see if they implement "FOO_GET_VENDOR_LOGO_GIF" - +and ENGINE could therefore decide whether or not to support this "foo"-specific +extension).

    +

    +

    +
    +

    ENVIRONMENT

    +
    +
    OPENSSL_ENGINES
    + +
    +

    The path to the engines directory. +Ignored in set-user-ID and set-group-ID programs.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    ENGINE_get_first(), ENGINE_get_last(), ENGINE_get_next() and ENGINE_get_prev() +return a valid ENGINE structure or NULL if an error occurred.

    +

    ENGINE_add() and ENGINE_remove() return 1 on success or 0 on error.

    +

    ENGINE_by_id() returns a valid ENGINE structure or NULL if an error occurred.

    +

    ENGINE_init() and ENGINE_finish() return 1 on success or 0 on error.

    +

    All ENGINE_get_default_TYPE() functions, ENGINE_get_cipher_engine() and +ENGINE_get_digest_engine() return a valid ENGINE structure on success or NULL +if an error occurred.

    +

    All ENGINE_set_default_TYPE() functions return 1 on success or 0 on error.

    +

    ENGINE_set_default() returns 1 on success or 0 on error.

    +

    ENGINE_get_table_flags() returns an unsigned integer value representing the +global table flags which are used to control the registration behaviour of +ENGINE implementations.

    +

    All ENGINE_register_TYPE() functions return 1 on success or 0 on error.

    +

    ENGINE_register_complete() and ENGINE_register_all_complete() return 1 on success +or 0 on error.

    +

    ENGINE_ctrl() returns a positive value on success or others on error.

    +

    ENGINE_cmd_is_executable() returns 1 if cmd is executable or 0 otherwise.

    +

    ENGINE_ctrl_cmd() and ENGINE_ctrl_cmd_string() return 1 on success or 0 on error.

    +

    ENGINE_new() returns a valid ENGINE structure on success or NULL if an error +occurred.

    +

    ENGINE_free() returns 1 on success or 0 on error.

    +

    ENGINE_up_ref() returns 1 on success or 0 on error.

    +

    ENGINE_set_id() and ENGINE_set_name() return 1 on success or 0 on error.

    +

    All other ENGINE_set_* functions return 1 on success or 0 on error.

    +

    ENGINE_get_id() and ENGINE_get_name() return a string representing the identifier +and the name of the ENGINE e respectively.

    +

    ENGINE_get_RSA(), ENGINE_get_DSA(), ENGINE_get_DH() and ENGINE_get_RAND() +return corresponding method structures for each algorithms.

    +

    ENGINE_get_destroy_function(), ENGINE_get_init_function(), +ENGINE_get_finish_function(), ENGINE_get_ctrl_function(), +ENGINE_get_load_privkey_function(), ENGINE_get_load_pubkey_function(), +ENGINE_get_ciphers() and ENGINE_get_digests() return corresponding function +pointers of the callbacks.

    +

    ENGINE_get_cipher() returns a valid EVP_CIPHER structure on success or NULL +if an error occurred.

    +

    ENGINE_get_digest() returns a valid EVP_MD structure on success or NULL if an +error occurred.

    +

    ENGINE_get_flags() returns an integer representing the ENGINE flags which are +used to control various behaviours of an ENGINE.

    +

    ENGINE_get_cmd_defns() returns an ENGINE_CMD_DEFN structure or NULL if it's +not set.

    +

    ENGINE_load_private_key() and ENGINE_load_public_key() return a valid EVP_PKEY +structure on success or NULL if an error occurred.

    +

    +

    +
    +

    SEE ALSO

    +

    OPENSSL_init_crypto(3), RSA_new_method(3), DSA_new(3), DH_new(3), +RAND_bytes(3), config(5)

    +

    +

    +
    +

    HISTORY

    +

    ENGINE_cleanup() was deprecated in OpenSSL 1.1.0 by the automatic cleanup +done by OPENSSL_cleanup() +and should not be used.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/ERR_GET_LIB.html b/linux_amd64/share/doc/openssl/html/man3/ERR_GET_LIB.html new file mode 100755 index 0000000..1fdee3a --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/ERR_GET_LIB.html @@ -0,0 +1,101 @@ + + + + +ERR_GET_LIB + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    ERR_GET_LIB, ERR_GET_FUNC, ERR_GET_REASON, ERR_FATAL_ERROR +- get information from error codes

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/err.h>
    +
    + int ERR_GET_LIB(unsigned long e);
    +
    + int ERR_GET_FUNC(unsigned long e);
    +
    + int ERR_GET_REASON(unsigned long e);
    +
    + int ERR_FATAL_ERROR(unsigned long e);
    +

    +

    +
    +

    DESCRIPTION

    +

    The error code returned by ERR_get_error() consists of a library +number, function code and reason code. ERR_GET_LIB(), ERR_GET_FUNC() +and ERR_GET_REASON() can be used to extract these.

    +

    ERR_FATAL_ERROR() indicates whether a given error code is a fatal error.

    +

    The library number and function code describe where the error +occurred, the reason code is the information about what went wrong.

    +

    Each sub-library of OpenSSL has a unique library number; function and +reason codes are unique within each sub-library. Note that different +libraries may use the same value to signal different functions and +reasons.

    +

    ERR_R_... reason codes such as ERR_R_MALLOC_FAILURE are globally +unique. However, when checking for sub-library specific reason codes, +be sure to also compare the library number.

    +

    ERR_GET_LIB(), ERR_GET_FUNC(), ERR_GET_REASON(), and ERR_FATAL_ERROR() +are macros.

    +

    +

    +
    +

    RETURN VALUES

    +

    The library number, function code, reason code, and whether the error +is fatal, respectively. +Starting with OpenSSL 3.0.0, the function code is always set to zero.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3)

    +

    +

    +
    +

    HISTORY

    +

    ERR_GET_LIB(), ERR_GET_FUNC() and ERR_GET_REASON() are available in +all versions of OpenSSL.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/ERR_clear_error.html b/linux_amd64/share/doc/openssl/html/man3/ERR_clear_error.html new file mode 100755 index 0000000..e9edbee --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/ERR_clear_error.html @@ -0,0 +1,71 @@ + + + + +ERR_clear_error + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    ERR_clear_error - clear the error queue

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/err.h>
    +
    + void ERR_clear_error(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    ERR_clear_error() empties the current thread's error queue.

    +

    +

    +
    +

    RETURN VALUES

    +

    ERR_clear_error() has no return value.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/ERR_error_string.html b/linux_amd64/share/doc/openssl/html/man3/ERR_error_string.html new file mode 100755 index 0000000..c7986d2 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/ERR_error_string.html @@ -0,0 +1,111 @@ + + + + +ERR_error_string + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    ERR_error_string, ERR_error_string_n, ERR_lib_error_string, +ERR_func_error_string, ERR_reason_error_string - obtain human-readable +error message

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/err.h>
    +
    + char *ERR_error_string(unsigned long e, char *buf);
+ void ERR_error_string_n(unsigned long e, char *buf, size_t len);
    +
    + const char *ERR_lib_error_string(unsigned long e);
+ const char *ERR_reason_error_string(unsigned long e);
    +

    Deprecated in OpenSSL 3.0:

    +
    + const char *ERR_func_error_string(unsigned long e);
    +

    +

    +
    +

    DESCRIPTION

    +

    ERR_error_string() generates a human-readable string representing the +error code e, and places it at buf. buf must be at least 256 +bytes long. If buf is NULL, the error string is placed in a +static buffer. +Note that this function is not thread-safe and does no checks on the size +of the buffer; use ERR_error_string_n() instead.

    +

    ERR_error_string_n() is a variant of ERR_error_string() that writes +at most len characters (including the terminating 0) +and truncates the string if necessary. +For ERR_error_string_n(), buf may not be NULL.

    +

    The string will have the following format:

    +
    + error:[error code]:[library name]::[reason string]
    +

    error code is an 8 digit hexadecimal number, library name and +reason string are ASCII text.

    +

    ERR_lib_error_string() and ERR_reason_error_string() return the library +name and reason string respectively.

    +

    If there is no text string registered for the given error code, +the error string will contain the numeric code.

    +

    ERR_print_errors(3) can be used to print +all error codes currently in the queue.

    +

    +

    +
    +

    RETURN VALUES

    +

    ERR_error_string() returns a pointer to a static buffer containing the +string if buf == NULL, buf otherwise.

    +

    ERR_lib_error_string() and ERR_reason_error_string() return the strings, +and NULL if none is registered for the error code.

    +

    ERR_func_error_string() returns NULL.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), +ERR_print_errors(3)

    +

    +

    +
    +

    HISTORY

    +

    ERR_func_error_string() became deprecated in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/ERR_get_error.html b/linux_amd64/share/doc/openssl/html/man3/ERR_get_error.html new file mode 100755 index 0000000..2c460ab --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/ERR_get_error.html @@ -0,0 +1,162 @@ + + + + +ERR_get_error + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    ERR_get_error, ERR_peek_error, ERR_peek_last_error, +ERR_get_error_line, ERR_peek_error_line, ERR_peek_last_error_line, +ERR_get_error_func, ERR_peek_error_func, ERR_peek_last_error_func, +ERR_get_error_data, ERR_peek_error_data, ERR_peek_last_error_data, +ERR_get_error_all, ERR_peek_error_all, ERR_peek_last_error_all, +ERR_get_error_line_data, ERR_peek_error_line_data, ERR_peek_last_error_line_data +- obtain error code and data

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/err.h>
    +
    + unsigned long ERR_get_error(void);
+ unsigned long ERR_peek_error(void);
+ unsigned long ERR_peek_last_error(void);
    +
    + unsigned long ERR_get_error_line(const char **file, int *line);
+ unsigned long ERR_peek_error_line(const char **file, int *line);
+ unsigned long ERR_peek_last_error_line(const char **file, int *line);
    +
    + unsigned long ERR_get_error_func(const char **func);
+ unsigned long ERR_peek_error_func(const char **func);
+ unsigned long ERR_peek_last_error_func(const char **func);
    +
    + unsigned long ERR_get_error_data(const char **data, int *flags);
+ unsigned long ERR_peek_error_data(const char **data, int *flags);
+ unsigned long ERR_peek_last_error_data(const char **data, int *flags);
    +
    + unsigned long ERR_get_error_all(const char **file, int *line,
+                                 const char *func,
+                                 const char **data, int *flags);
+ unsigned long ERR_peek_error_all(const char **file, int *line,
+                                  const char *func,
+                                  const char **data, int *flags);
+ unsigned long ERR_peek_last_error_all(const char **file, int *line,
+                                       const char *func,
+                                       const char **data, int *flags);
    +

    Deprecated since OpenSSL 3.0:

    +
    + unsigned long ERR_get_error_line_data(const char **file, int *line,
+                                       const char **data, int *flags);
+ unsigned long ERR_peek_error_line_data(const char **file, int *line,
+                                        const char **data, int *flags);
+ unsigned long ERR_peek_last_error_line_data(const char **file, int *line,
+                                             const char **data, int *flags);
    +

    +

    +
    +

    DESCRIPTION

    +

    ERR_get_error() returns the earliest error code from the thread's error +queue and removes the entry. This function can be called repeatedly +until there are no more error codes to return.

    +

    ERR_peek_error() returns the earliest error code from the thread's +error queue without modifying it.

    +

    ERR_peek_last_error() returns the latest error code from the thread's +error queue without modifying it.

    +

    See ERR_GET_LIB(3) for obtaining further specific information +such as the reason of the error, +and ERR_error_string(3) for human-readable error messages.

    +

    ERR_get_error_line(), ERR_peek_error_line() and +ERR_peek_last_error_line() are the same as ERR_get_error(), +ERR_peek_error() and ERR_peek_last_error(), but on success they +additionally store the filename and line number where +the error occurred in *file and *line, as far as they are not NULL. +An unset filename is indicated as "", i.e., an empty string. +An unset line number is indicated as 0.

    +

    A pointer returned this way by these functions and the ones below +is valid until the respective entry is removed from the error queue.

    +

    ERR_get_error_func(), ERR_peek_error_func() and +ERR_peek_last_error_func() are the same as ERR_get_error(), +ERR_peek_error() and ERR_peek_last_error(), but on success they +additionally store the name of the function where the error occurred +in *func, unless it is NULL. +An unset function name is indicated as "".

    +

    ERR_get_error_data(), ERR_peek_error_data() and +ERR_peek_last_error_data() are the same as ERR_get_error(), +ERR_peek_error() and ERR_peek_last_error(), but on success they +additionally store additional data and flags associated with the error +code in *data and *flags, as far as they are not NULL. +Unset data is indicated as "". +In this case the value given for the flag is irrelevant (and equals 0). +*data contains a string if *flags&ERR_TXT_STRING is true.

    +

    ERR_get_error_all(), ERR_peek_error_all() and +ERR_peek_last_error_all() are combinations of all of the above.

    +

    ERR_get_error_line_data(), ERR_peek_error_line_data() and +ERR_peek_last_error_line_data() are older variants of ERR_get_error_all(), +ERR_peek_error_all() and ERR_peek_last_error_all(), and should no longer +be used.

    +

    An application MUST NOT free the *data pointer (or any other pointers +returned by these functions) with OPENSSL_free() as freeing is handled +automatically by the error library.

    +

    +

    +
    +

    RETURN VALUES

    +

    The error code, or 0 if there is no error in the queue.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_error_string(3), +ERR_GET_LIB(3)

    +

    +

    +
    +

    HISTORY

    +

    ERR_get_error_func(), ERR_peek_error_func(), ERR_peek_last_error_func(), +ERR_get_error_data(), ERR_peek_error_data(), ERR_peek_last_error_data(), +ERR_get_error_all(), ERR_peek_error_all() and ERR_peek_last_error_all() +were added in OpenSSL 3.0.

    +

    ERR_get_error_line_data(), ERR_peek_error_line_data() and +ERR_peek_last_error_line_data() became deprecated in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/ERR_load_crypto_strings.html b/linux_amd64/share/doc/openssl/html/man3/ERR_load_crypto_strings.html new file mode 100755 index 0000000..60f83ef --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/ERR_load_crypto_strings.html @@ -0,0 +1,93 @@ + + + + +ERR_load_crypto_strings + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    ERR_load_crypto_strings, SSL_load_error_strings, ERR_free_strings - +load and free error strings

    +

    +

    +
    +

    SYNOPSIS

    +

    Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + #include <openssl/err.h>
    +
    + void ERR_load_crypto_strings(void);
+ void ERR_free_strings(void);
    +
    + #include <openssl/ssl.h>
    +
    + void SSL_load_error_strings(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    ERR_load_crypto_strings() registers the error strings for all +libcrypto functions. SSL_load_error_strings() does the same, +but also registers the libssl error strings.

    +

    In versions prior to OpenSSL 1.1.0, +ERR_free_strings() releases any resources created by the above functions.

    +

    +

    +
    +

    RETURN VALUES

    +

    ERR_load_crypto_strings(), SSL_load_error_strings() and +ERR_free_strings() return no values.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_error_string(3)

    +

    +

    +
    +

    HISTORY

    +

    The ERR_load_crypto_strings(), SSL_load_error_strings(), and +ERR_free_strings() functions were deprecated in OpenSSL 1.1.0 by +OPENSSL_init_crypto() and OPENSSL_init_ssl() and should not be used.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/ERR_load_strings.html b/linux_amd64/share/doc/openssl/html/man3/ERR_load_strings.html new file mode 100755 index 0000000..0d7ba13 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/ERR_load_strings.html @@ -0,0 +1,91 @@ + + + + +ERR_load_strings + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    ERR_load_strings, ERR_PACK, ERR_get_next_error_library - load +arbitrary error strings

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/err.h>
    +
    + void ERR_load_strings(int lib, ERR_STRING_DATA str[]);
    +
    + int ERR_get_next_error_library(void);
    +
    + unsigned long ERR_PACK(int lib, int func, int reason);
    +

    +

    +
    +

    DESCRIPTION

    +

    ERR_load_strings() registers error strings for library number lib.

    +

    str is an array of error string data:

    +
    + typedef struct ERR_string_data_st
+ {
+     unsigned long error;
+     char *string;
+ } ERR_STRING_DATA;
    +

    The error code is generated from the library number and a function and +reason code: error = ERR_PACK(lib, func, reason). +ERR_PACK() is a macro.

    +

    The last entry in the array is {0,0}.

    +

    ERR_get_next_error_library() can be used to assign library numbers +to user libraries at run time.

    +

    +

    +
    +

    RETURN VALUES

    +

    ERR_load_strings() returns no value. ERR_PACK() return the error code. +ERR_get_next_error_library() returns zero on failure, otherwise a new +library number.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_load_strings(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/ERR_new.html b/linux_amd64/share/doc/openssl/html/man3/ERR_new.html new file mode 100755 index 0000000..2bac936 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/ERR_new.html @@ -0,0 +1,111 @@ + + + + +ERR_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    ERR_new, ERR_set_debug, ERR_set_error, ERR_vset_error +- Error recording building blocks

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/err.h>
    +
    + void ERR_new(void);
+ void ERR_set_debug(const char *file, int line, const char *func);
+ void ERR_set_error(int lib, int reason, const char *fmt, ...);
+ void ERR_vset_error(int lib, int reason, const char *fmt, va_list args);
    +

    +

    +
    +

    DESCRIPTION

    +

    The functions described here are generally not used directly, but +rather through macros such as ERR_raise(3). +They can still be useful for anyone that wants to make their own +macros.

    +

    ERR_new() allocates a new slot in the thread's error queue.

    +

    ERR_set_debug() sets the debug information related to the current +error in the thread's error queue. +The values that can be given are the filename file, line in the +file line and the name of the function func where the error +occurred. +The names must be constant, this function will only save away the +pointers, not copy the strings.

    +

    ERR_set_error() sets the error information, which are the library +number lib and the reason code reason, and additional data as a +format string fmt and an arbitrary number of arguments. +The additional data is processed with BIO_snprintf(3) to form the +additional data string, which is allocated and store in the error +record.

    +

    ERR_vset_error() works like ERR_set_error(), but takes a va_list +argument instead of a variable number of arguments.

    +

    +

    +
    +

    RETURN VALUES

    +

    ERR_new, ERR_set_debug, ERR_set_error and ERR_vset_error +do not return any values.

    +

    +

    +
    +

    NOTES

    +

    The library number is unique to each unit that records errors. +OpenSSL has a number of pre-allocated ones for its own uses, but +others may allocate their own library number dynamically with +ERR_get_next_error_library(3).

    +

    Reason codes are unique within each library, and may have an +associated set of strings as a short description of the reason. +For dynamically allocated library numbers, reason strings are recorded +with ERR_load_strings(3).

    +

    Provider authors are supplied with core versions of these functions, +see provider-base(7).

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_raise(3), ERR_get_next_error_library(3), +ERR_load_strings(3), BIO_snprintf(3), provider-base(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/ERR_print_errors.html b/linux_amd64/share/doc/openssl/html/man3/ERR_print_errors.html new file mode 100755 index 0000000..7559dc8 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/ERR_print_errors.html @@ -0,0 +1,90 @@ + + + + +ERR_print_errors + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    ERR_print_errors, ERR_print_errors_fp, ERR_print_errors_cb +- print error messages

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/err.h>
    +
    + void ERR_print_errors(BIO *bp);
+ void ERR_print_errors_fp(FILE *fp);
+ void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u), void *u)
    +

    +

    +
    +

    DESCRIPTION

    +

    ERR_print_errors() is a convenience function that prints the error +strings for all errors that OpenSSL has recorded to bp, thus +emptying the error queue.

    +

    ERR_print_errors_fp() is the same, except that the output goes to a +FILE.

    +

    ERR_print_errors_cb() is the same, except that the callback function, +cb, is called for each error line with the string, length, and userdata +u as the callback parameters.

    +

    The error strings will have the following format:

    +
    + [pid]:error:[error code]:[library name]:[function name]:[reason string]:[filename]:[line]:[optional text message]
    +

    error code is an 8 digit hexadecimal number. library name, +function name and reason string are ASCII text, as is optional +text message if one was set for the respective error code.

    +

    If there is no text string registered for the given error code, +the error string will contain the numeric code.

    +

    +

    +
    +

    RETURN VALUES

    +

    ERR_print_errors() and ERR_print_errors_fp() return no values.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_error_string(3), +ERR_get_error(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/ERR_put_error.html b/linux_amd64/share/doc/openssl/html/man3/ERR_put_error.html new file mode 100755 index 0000000..3714130 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/ERR_put_error.html @@ -0,0 +1,155 @@ + + + + +ERR_put_error + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    ERR_raise, ERR_raise_data, +ERR_put_error, ERR_add_error_data, ERR_add_error_vdata, +ERR_add_error_txt, ERR_add_error_mem_bio +- record an error

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/err.h>
    +
    + void ERR_raise(int lib, int reason);
+ void ERR_raise_data(int lib, int reason, const char *fmt, ...);
    +
    + void ERR_add_error_data(int num, ...);
+ void ERR_add_error_vdata(int num, va_list arg);
+ void ERR_add_error_txt(const char *sep, const char *txt);
+ void ERR_add_error_mem_bio(const char *sep, BIO *bio);
    +

    Deprecated since OpenSSL 3.0:

    +
    + void ERR_put_error(int lib, int func, int reason, const char *file, int line);
    +

    +

    +
    +

    DESCRIPTION

    +

    ERR_raise() adds a new error to the thread's error queue. The +error occurred in the library lib for the reason given by the +reason code. Furthermore, the name of the file, the line, and name +of the function where the error occurred is saved with the error +record.

    +

    ERR_raise_data() does the same thing as ERR_raise(), but also lets the +caller specify additional information as a format string fmt and an +arbitrary number of values, which are processed with BIO_snprintf(3).

    +

    ERR_put_error() adds an error code to the thread's error queue. It +signals that the error of reason code reason occurred in function +func of library lib, in line number line of file. +This function is usually called by a macro.

    +

    ERR_add_error_data() associates the concatenation of its num string +arguments as additional data with the error code added last. +ERR_add_error_vdata() is similar except the argument is a va_list. +Multiple calls to these functions append to the current top of the error queue. +The total length of the string data per error is limited to 4096 characters.

    +

    ERR_add_error_txt() appends the given text string as additional data to the +last error queue entry, after inserting the optional separator string if it is +not NULL and the top error entry does not yet have additional data. +In case the separator is at the end of the text it is not appended to the data. +The sep argument may be for instance "\n" to insert a line break when needed. +If the associated data would become more than 4096 characters long +(which is the limit given above) +it is split over sufficiently many new copies of the last error queue entry.

    +

    ERR_add_error_mem_bio() is the same as ERR_add_error_txt() except that +the text string is taken from the given memory BIO. +It appends '\0' to the BIO contents if not already NUL-terminated.

    +

    ERR_load_strings(3) can be used to register +error strings so that the application can a generate human-readable +error messages for the error code.

    +

    +

    +

    Reporting errors

    +

    Each sub-library has a specific macro XXXerr() that is used to report +errors. Its first argument is a function code XXX_F_..., the second +argument is a reason code XXX_R_.... Function codes are derived +from the function names; reason codes consist of textual error +descriptions. For example, the function ssl3_read_bytes() reports a +"handshake failure" as follows:

    +
    + SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
    +

    Function and reason codes should consist of uppercase characters, +numbers and underscores only. The error file generation script translates +function codes into function names by looking in the header files +for an appropriate function name, if none is found it just uses +the capitalized form such as "SSL3_READ_BYTES" in the above example.

    +

    The trailing section of a reason code (after the "_R_") is translated +into lowercase and underscores changed to spaces.

    +

    Although a library will normally report errors using its own specific +XXXerr macro, another library's macro can be used. This is normally +only done when a library wants to include ASN1 code which must use +the ASN1err() macro.

    +

    +

    +
    +

    RETURN VALUES

    +

    ERR_raise(), ERR_put_error(), +ERR_add_error_data(), ERR_add_error_vdata() +ERR_add_error_txt(), and ERR_add_error_mem_bio() +return no values.

    +

    +

    +
    +

    NOTES

    +

    ERR_raise() and ERR_put_error() are implemented as macros.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_load_strings(3)

    +

    +

    +
    +

    HISTORY

    +

    ERR_add_error_txt and ERR_add_error_mem_bio were added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/ERR_remove_state.html b/linux_amd64/share/doc/openssl/html/man3/ERR_remove_state.html new file mode 100755 index 0000000..6361e20 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/ERR_remove_state.html @@ -0,0 +1,88 @@ + + + + +ERR_remove_state + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    ERR_remove_thread_state, ERR_remove_state - DEPRECATED

    +

    +

    +
    +

    SYNOPSIS

    +

    Deprecated since OpenSSL 1.0.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + void ERR_remove_state(unsigned long tid);
    +

    Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + void ERR_remove_thread_state(void *tid);
    +

    +

    +
    +

    DESCRIPTION

    +

    ERR_remove_state() frees the error queue associated with the specified +thread, identified by tid. +ERR_remove_thread_state() does the same thing, except the identifier is +an opaque pointer.

    +

    +

    +
    +

    RETURN VALUES

    +

    ERR_remove_state() and ERR_remove_thread_state() return no value.

    +

    +

    +
    +

    SEE ALSO

    +

    LOPENSSL_init_crypto(3)

    +

    +

    +
    +

    HISTORY

    +

    ERR_remove_state() was deprecated in OpenSSL 1.0.0 and +ERR_remove_thread_state() was deprecated in OpenSSL 1.1.0; these functions +and should not be used.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/ERR_set_mark.html b/linux_amd64/share/doc/openssl/html/man3/ERR_set_mark.html new file mode 100755 index 0000000..d71f416 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/ERR_set_mark.html @@ -0,0 +1,72 @@ + + + + +ERR_set_mark + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    ERR_set_mark, ERR_pop_to_mark - set marks and pop errors until mark

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/err.h>
    +
    + int ERR_set_mark(void);
    +
    + int ERR_pop_to_mark(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    ERR_set_mark() sets a mark on the current topmost error record if there +is one.

    +

    ERR_pop_to_mark() will pop the top of the error stack until a mark is found. +The mark is then removed. If there is no mark, the whole stack is removed.

    +

    +

    +
    +

    RETURN VALUES

    +

    ERR_set_mark() returns 0 if the error stack is empty, otherwise 1.

    +

    ERR_pop_to_mark() returns 0 if there was no mark in the error stack, which +implies that the stack became empty, otherwise 1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2003-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_ASYM_CIPHER_free.html b/linux_amd64/share/doc/openssl/html/man3/EVP_ASYM_CIPHER_free.html new file mode 100755 index 0000000..0f7dab7 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_ASYM_CIPHER_free.html @@ -0,0 +1,118 @@ + + + + +EVP_ASYM_CIPHER_free + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_ASYM_CIPHER_fetch, EVP_ASYM_CIPHER_free, EVP_ASYM_CIPHER_up_ref, +EVP_ASYM_CIPHER_number, EVP_ASYM_CIPHER_is_a, EVP_ASYM_CIPHER_provider, +EVP_ASYM_CIPHER_do_all_provided, EVP_ASYM_CIPHER_names_do_all +- Functions to manage EVP_ASYM_CIPHER algorithm objects

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + EVP_ASYM_CIPHER *EVP_ASYM_CIPHER_fetch(OPENSSL_CTX *ctx, const char *algorithm,
+                                        const char *properties);
+ void EVP_ASYM_CIPHER_free(EVP_ASYM_CIPHER *cipher);
+ int EVP_ASYM_CIPHER_up_ref(EVP_ASYM_CIPHER *cipher);
+ int EVP_ASYM_CIPHER_number(const EVP_ASYM_CIPHER *cipher);
+ int EVP_ASYM_CIPHER_is_a(const EVP_ASYM_CIPHER *cipher, const char *name);
+ OSSL_PROVIDER *EVP_ASYM_CIPHER_provider(const EVP_ASYM_CIPHER *cipher);
+ void EVP_ASYM_CIPHER_do_all_provided(OPENSSL_CTX *libctx,
+                                      void (*fn)(EVP_ASYM_CIPHER *cipher,
+                                                 void *arg),
+                                      void *arg);
+ void EVP_ASYM_CIPHER_names_do_all(const EVP_ASYM_CIPHER *cipher,
+                                   void (*fn)(const char *name, void *data),
+                                   void *data);
    +

    +

    +
    +

    DESCRIPTION

    +

    EVP_ASYM_CIPHER_fetch() fetches the implementation for the given +algorithm from any provider offering it, within the criteria given +by the properties and in the scope of the given library context ctx (see +OPENSSL_CTX(3)). The algorithm will be one offering functions for performing +asymmetric cipher related tasks such as asymmetric encryption and decryption. +See provider(7)/Fetching algorithms for further information.

    +

    The returned value must eventually be freed with EVP_ASYM_CIPHER_free().

    +

    EVP_ASYM_CIPHER_free() decrements the reference count for the EVP_ASYM_CIPHER +structure. Typically this structure will have been obtained from an earlier call +to EVP_ASYM_CIPHER_fetch(). If the reference count drops to 0 then the +structure is freed.

    +

    EVP_ASYM_CIPHER_up_ref() increments the reference count for an +EVP_ASYM_CIPHER structure.

    +

    EVP_ASYM_CIPHER_is_a() returns 1 if cipher is an implementation of an +algorithm that's identifiable with name, otherwise 0.

    +

    EVP_ASYM_CIPHER_provider() returns the provider that cipher was fetched from.

    +

    EVP_ASYM_CIPHER_do_all_provided() traverses all EVP_ASYM_CIPHERs implemented by +all activated providers in the given library context libctx, and for each of +the implementations, calls the given function fn with the implementation +method and the given arg as argument.

    +

    EVP_ASYM_CIPHER_number() returns the internal dynamic number assigned to +cipher.

    +

    EVP_ASYM_CIPHER_names_do_all() traverses all names for cipher, and calls +fn with each name and data.

    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_ASYM_CIPHER_fetch() returns a pointer to an EVP_ASYM_CIPHER for success +or NULL for failure.

    +

    EVP_ASYM_CIPHER_up_ref() returns 1 for success or 0 otherwise.

    +

    +

    +
    +

    SEE ALSO

    +

    provider(7)/Fetching algorithms, OSSL_PROVIDER(3)

    +

    +

    +
    +

    HISTORY

    +

    The functions described here were added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_BytesToKey.html b/linux_amd64/share/doc/openssl/html/man3/EVP_BytesToKey.html new file mode 100755 index 0000000..4f0b87c --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_BytesToKey.html @@ -0,0 +1,114 @@ + + + + +EVP_BytesToKey + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_BytesToKey - password based encryption routine

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
+                    const unsigned char *salt,
+                    const unsigned char *data, int datal, int count,
+                    unsigned char *key, unsigned char *iv);
    +

    +

    +
    +

    DESCRIPTION

    +

    EVP_BytesToKey() derives a key and IV from various parameters. type is +the cipher to derive the key and IV for. md is the message digest to use. +The salt parameter is used as a salt in the derivation: it should point to +an 8 byte buffer or NULL if no salt is used. data is a buffer containing +datal bytes which is used to derive the keying data. count is the +iteration count to use. The derived key and IV will be written to key +and iv respectively.

    +

    +

    +
    +

    NOTES

    +

    A typical application of this function is to derive keying material for an +encryption algorithm from a password in the data parameter.

    +

    Increasing the count parameter slows down the algorithm which makes it +harder for an attacker to perform a brute force attack using a large number +of candidate passwords.

    +

    If the total key and IV length is less than the digest length and +MD5 is used then the derivation algorithm is compatible with PKCS#5 v1.5 +otherwise a non standard extension is used to derive the extra data.

    +

    Newer applications should use a more modern algorithm such as PBKDF2 as +defined in PKCS#5v2.1 and provided by PKCS5_PBKDF2_HMAC.

    +

    +

    +
    +

    KEY DERIVATION ALGORITHM

    +

    The key and IV is derived by concatenating D_1, D_2, etc until +enough data is available for the key and IV. D_i is defined as:

    +
    +        D_i = HASH^count(D_(i-1) || data || salt)
    +

    where || denotes concatenation, D_0 is empty, HASH is the digest +algorithm in use, HASH^1(data) is simply HASH(data), HASH^2(data) +is HASH(HASH(data)) and so on.

    +

    The initial bytes are used for the key and the subsequent bytes for +the IV.

    +

    +

    +
    +

    RETURN VALUES

    +

    If data is NULL, then EVP_BytesToKey() returns the number of bytes +needed to store the derived key. +Otherwise, EVP_BytesToKey() returns the size of the derived key in bytes, +or 0 on error.

    +

    +

    +
    +

    SEE ALSO

    +

    evp(7), RAND_bytes(3), +PKCS5_PBKDF2_HMAC(3), +EVP_EncryptInit(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_CIPHER_CTX_get_cipher_data.html b/linux_amd64/share/doc/openssl/html/man3/EVP_CIPHER_CTX_get_cipher_data.html new file mode 100755 index 0000000..cf89172 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_CIPHER_CTX_get_cipher_data.html @@ -0,0 +1,86 @@ + + + + +EVP_CIPHER_CTX_get_cipher_data + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_CIPHER_CTX_get_cipher_data, EVP_CIPHER_CTX_set_cipher_data - Routines to +inspect and modify EVP_CIPHER_CTX objects

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + void *EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx);
+ void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data);
    +

    +

    +
    +

    DESCRIPTION

    +

    The EVP_CIPHER_CTX_get_cipher_data() function returns a pointer to the cipher +data relevant to EVP_CIPHER_CTX. The contents of this data is specific to the +particular implementation of the cipher. For example this data can be used by +engines to store engine specific information. The data is automatically +allocated and freed by OpenSSL, so applications and engines should not normally +free this directly (but see below).

    +

    The EVP_CIPHER_CTX_set_cipher_data() function allows an application or engine to +replace the cipher data with new data. A pointer to any existing cipher data is +returned from this function. If the old data is no longer required then it +should be freed through a call to OPENSSL_free().

    +

    +

    +
    +

    RETURN VALUES

    +

    The EVP_CIPHER_CTX_get_cipher_data() function returns a pointer to the current +cipher data for the EVP_CIPHER_CTX.

    +

    The EVP_CIPHER_CTX_set_cipher_data() function returns a pointer to the old +cipher data for the EVP_CIPHER_CTX.

    +

    +

    +
    +

    HISTORY

    +

    The EVP_CIPHER_CTX_get_cipher_data() and EVP_CIPHER_CTX_set_cipher_data() +functions were added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_CIPHER_meth_new.html b/linux_amd64/share/doc/openssl/html/man3/EVP_CIPHER_meth_new.html new file mode 100755 index 0000000..201ec1f --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_CIPHER_meth_new.html @@ -0,0 +1,283 @@ + + + + +EVP_CIPHER_meth_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_CIPHER_meth_new, EVP_CIPHER_meth_dup, EVP_CIPHER_meth_free, +EVP_CIPHER_meth_set_iv_length, EVP_CIPHER_meth_set_flags, +EVP_CIPHER_meth_set_impl_ctx_size, EVP_CIPHER_meth_set_init, +EVP_CIPHER_meth_set_do_cipher, EVP_CIPHER_meth_set_cleanup, +EVP_CIPHER_meth_set_set_asn1_params, EVP_CIPHER_meth_set_get_asn1_params, +EVP_CIPHER_meth_set_ctrl, EVP_CIPHER_meth_get_init, +EVP_CIPHER_meth_get_do_cipher, EVP_CIPHER_meth_get_cleanup, +EVP_CIPHER_meth_get_set_asn1_params, EVP_CIPHER_meth_get_get_asn1_params, +EVP_CIPHER_meth_get_ctrl +- Routines to build up EVP_CIPHER methods

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len);
+ EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher);
+ void EVP_CIPHER_meth_free(EVP_CIPHER *cipher);
    +
    + int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len);
+ int EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags);
+ int EVP_CIPHER_meth_set_impl_ctx_size(EVP_CIPHER *cipher, int ctx_size);
+ int EVP_CIPHER_meth_set_init(EVP_CIPHER *cipher,
+                              int (*init)(EVP_CIPHER_CTX *ctx,
+                                          const unsigned char *key,
+                                          const unsigned char *iv,
+                                          int enc));
+ int EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher,
+                                   int (*do_cipher)(EVP_CIPHER_CTX *ctx,
+                                                    unsigned char *out,
+                                                    const unsigned char *in,
+                                                    size_t inl));
+ int EVP_CIPHER_meth_set_cleanup(EVP_CIPHER *cipher,
+                                 int (*cleanup)(EVP_CIPHER_CTX *));
+ int EVP_CIPHER_meth_set_set_asn1_params(EVP_CIPHER *cipher,
+                                         int (*set_asn1_parameters)(EVP_CIPHER_CTX *,
+                                                                    ASN1_TYPE *));
+ int EVP_CIPHER_meth_set_get_asn1_params(EVP_CIPHER *cipher,
+                                         int (*get_asn1_parameters)(EVP_CIPHER_CTX *,
+                                                                    ASN1_TYPE *));
+ int EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher,
+                              int (*ctrl)(EVP_CIPHER_CTX *, int type,
+                                          int arg, void *ptr));
    +
    + int (*EVP_CIPHER_meth_get_init(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx,
+                                                           const unsigned char *key,
+                                                           const unsigned char *iv,
+                                                           int enc);
+ int (*EVP_CIPHER_meth_get_do_cipher(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx,
+                                                                unsigned char *out,
+                                                                const unsigned char *in,
+                                                                size_t inl);
+ int (*EVP_CIPHER_meth_get_cleanup(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *);
+ int (*EVP_CIPHER_meth_get_set_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *,
+                                                                      ASN1_TYPE *);
+ int (*EVP_CIPHER_meth_get_get_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *,
+                                                                      ASN1_TYPE *);
+ int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *,
+                                                           int type, int arg,
+                                                           void *ptr);
    +

    +

    +
    +

    DESCRIPTION

    +

    The EVP_CIPHER type is a structure for symmetric cipher method +implementation.

    +

    EVP_CIPHER_meth_new() creates a new EVP_CIPHER structure.

    +

    EVP_CIPHER_meth_dup() creates a copy of cipher.

    +

    EVP_CIPHER_meth_free() destroys a EVP_CIPHER structure.

    +

    EVP_CIPHER_meth_set_iv_length() sets the length of the IV. +This is only needed when the implemented cipher mode requires it.

    +

    EVP_CIPHER_meth_set_flags() sets the flags to describe optional +behaviours in the particular cipher. +With the exception of cipher modes, of which only one may be present, +several flags can be or'd together. +The available flags are:

    +
    +
    EVP_CIPH_STREAM_CIPHER, EVP_CIPH_ECB_MODE EVP_CIPH_CBC_MODE, +EVP_CIPH_CFB_MODE, EVP_CIPH_OFB_MODE, EVP_CIPH_CTR_MODE, EVP_CIPH_GCM_MODE, +EVP_CIPH_CCM_MODE, EVP_CIPH_XTS_MODE, EVP_CIPH_WRAP_MODE, +EVP_CIPH_OCB_MODE, EVP_CIPH_SIV_MODE
    + +
    +

    The cipher mode.

    +
    +
    EVP_CIPH_VARIABLE_LENGTH
    + +
    +

    This cipher is of variable length.

    +
    +
    EVP_CIPH_CUSTOM_IV
    + +
    +

    Storing and initialising the IV is left entirely to the +implementation.

    +
    +
    EVP_CIPH_ALWAYS_CALL_INIT
    + +
    +

    Set this if the implementation's init() function should be called even +if key is NULL.

    +
    +
    EVP_CIPH_CTRL_INIT
    + +
    +

    Set this to have the implementation's ctrl() function called with +command code EVP_CTRL_INIT early in its setup.

    +
    +
    EVP_CIPH_CUSTOM_KEY_LENGTH
    + +
    +

    Checking and setting the key length after creating the EVP_CIPHER +is left to the implementation. +Whenever someone uses EVP_CIPHER_CTX_set_key_length() on a +EVP_CIPHER with this flag set, the implementation's ctrl() function +will be called with the control code EVP_CTRL_SET_KEY_LENGTH and +the key length in arg.

    +
    +
    EVP_CIPH_NO_PADDING
    + +
    +

    Don't use standard block padding.

    +
    +
    EVP_CIPH_RAND_KEY
    + +
    +

    Making a key with random content is left to the implementation. +This is done by calling the implementation's ctrl() function with the +control code EVP_CTRL_RAND_KEY and the pointer to the key memory +storage in ptr.

    +
    +
    EVP_CIPH_CUSTOM_COPY
    + +
    +

    Set this to have the implementation's ctrl() function called with +command code EVP_CTRL_COPY at the end of EVP_CIPHER_CTX_copy(). +The intended use is for further things to deal with after the +implementation specific data block has been copied. +The destination EVP_CIPHER_CTX is passed to the control with the +ptr parameter. +The implementation specific data block is reached with +EVP_CIPHER_CTX_get_cipher_data().

    +
    +
    EVP_CIPH_FLAG_DEFAULT_ASN1
    + +
    +

    Use the default EVP routines to pass IV to and from ASN.1.

    +
    +
    EVP_CIPH_FLAG_LENGTH_BITS
    + +
    +

    Signals that the length of the input buffer for encryption / +decryption is to be understood as the number of bits instead of +bytes for this implementation. +This is only useful for CFB1 ciphers.

    +
    +
    EVP_CIPH_FLAG_CUSTOM_CIPHER
    + +
    +

    This indicates that the implementation takes care of everything, +including padding, buffering and finalization. +The EVP routines will simply give them control and do nothing more.

    +
    +
    EVP_CIPH_FLAG_AEAD_CIPHER
    + +
    +

    This indicates that this is an AEAD cipher implementation.

    +
    +
    EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
    + +
    +

    Allow interleaving of crypto blocks, a particular optimization only applicable +to certain TLS ciphers.

    +
    +
    +

    EVP_CIPHER_meth_set_impl_ctx_size() sets the size of the EVP_CIPHER's +implementation context so that it can be automatically allocated.

    +

    EVP_CIPHER_meth_set_init() sets the cipher init function for +cipher. +The cipher init function is called by EVP_CipherInit(), +EVP_CipherInit_ex(), EVP_EncryptInit(), EVP_EncryptInit_ex(), +EVP_DecryptInit(), EVP_DecryptInit_ex().

    +

    EVP_CIPHER_meth_set_do_cipher() sets the cipher function for +cipher. +The cipher function is called by EVP_CipherUpdate(), +EVP_EncryptUpdate(), EVP_DecryptUpdate(), EVP_CipherFinal(), +EVP_EncryptFinal(), EVP_EncryptFinal_ex(), EVP_DecryptFinal() and +EVP_DecryptFinal_ex().

    +

    EVP_CIPHER_meth_set_cleanup() sets the function for cipher to do +extra cleanup before the method's private data structure is cleaned +out and freed. +Note that the cleanup function is passed a EVP_CIPHER_CTX *, the +private data structure is then available with +EVP_CIPHER_CTX_get_cipher_data(). +This cleanup function is called by EVP_CIPHER_CTX_reset() and +EVP_CIPHER_CTX_free().

    +

    EVP_CIPHER_meth_set_set_asn1_params() sets the function for cipher +to set the AlgorithmIdentifier "parameter" based on the passed cipher. +This function is called by EVP_CIPHER_param_to_asn1(). +EVP_CIPHER_meth_set_get_asn1_params() sets the function for cipher +that sets the cipher parameters based on an ASN.1 AlgorithmIdentifier +"parameter". +Both these functions are needed when there is a need for custom data +(more or other than the cipher IV). +They are called by EVP_CIPHER_param_to_asn1() and +EVP_CIPHER_asn1_to_param() respectively if defined.

    +

    EVP_CIPHER_meth_set_ctrl() sets the control function for cipher.

    +

    EVP_CIPHER_meth_get_init(), EVP_CIPHER_meth_get_do_cipher(), +EVP_CIPHER_meth_get_cleanup(), EVP_CIPHER_meth_get_set_asn1_params(), +EVP_CIPHER_meth_get_get_asn1_params() and EVP_CIPHER_meth_get_ctrl() +are all used to retrieve the method data given with the +EVP_CIPHER_meth_set_*() functions above.

    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_CIPHER_meth_new() and EVP_CIPHER_meth_dup() return a pointer to a +newly created EVP_CIPHER, or NULL on failure. +All EVP_CIPHER_meth_set_*() functions return 1. +All EVP_CIPHER_meth_get_*() functions return pointers to their +respective cipher function.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_EncryptInit(3)

    +

    +

    +
    +

    HISTORY

    +

    The functions described here were added in OpenSSL 1.1.0. +The EVP_CIPHER structure created with these functions became reference +counted in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_DigestInit.html b/linux_amd64/share/doc/openssl/html/man3/EVP_DigestInit.html new file mode 100755 index 0000000..374d0ed --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_DigestInit.html @@ -0,0 +1,715 @@ + + + + +EVP_DigestInit + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_MD_fetch, EVP_MD_up_ref, EVP_MD_free, +EVP_MD_get_params, EVP_MD_gettable_params, +EVP_MD_CTX_new, EVP_MD_CTX_reset, EVP_MD_CTX_free, EVP_MD_CTX_copy, +EVP_MD_CTX_copy_ex, EVP_MD_CTX_ctrl, +EVP_MD_CTX_set_params, EVP_MD_CTX_get_params, +EVP_MD_settable_ctx_params, EVP_MD_gettable_ctx_params, +EVP_MD_CTX_settable_params, EVP_MD_CTX_gettable_params, +EVP_MD_CTX_set_flags, EVP_MD_CTX_clear_flags, EVP_MD_CTX_test_flags, +EVP_Digest, EVP_DigestInit_ex, EVP_DigestInit, EVP_DigestUpdate, +EVP_DigestFinal_ex, EVP_DigestFinalXOF, EVP_DigestFinal, +EVP_MD_is_a, EVP_MD_name, EVP_MD_number, EVP_MD_names_do_all, EVP_MD_provider, +EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, EVP_MD_block_size, EVP_MD_flags, +EVP_MD_CTX_name, +EVP_MD_CTX_md, EVP_MD_CTX_type, EVP_MD_CTX_size, EVP_MD_CTX_block_size, +EVP_MD_CTX_md_data, EVP_MD_CTX_update_fn, EVP_MD_CTX_set_update_fn, +EVP_md_null, +EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj, +EVP_MD_CTX_pkey_ctx, EVP_MD_CTX_set_pkey_ctx, +EVP_MD_do_all_provided +- EVP digest routines

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + EVP_MD *EVP_MD_fetch(OPENSSL_CTX *ctx, const char *algorithm,
+                      const char *properties);
+ int EVP_MD_up_ref(EVP_MD *md);
+ void EVP_MD_free(EVP_MD *md);
+ int EVP_MD_get_params(const EVP_MD *digest, OSSL_PARAM params[]);
+ const OSSL_PARAM *EVP_MD_gettable_params(const EVP_MD *digest);
+ EVP_MD_CTX *EVP_MD_CTX_new(void);
+ int EVP_MD_CTX_reset(EVP_MD_CTX *ctx);
+ void EVP_MD_CTX_free(EVP_MD_CTX *ctx);
+ void EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void* p2);
+ int EVP_MD_CTX_get_params(EVP_MD_CTX *ctx, OSSL_PARAM params[]);
+ int EVP_MD_CTX_set_params(EVP_MD_CTX *ctx, const OSSL_PARAM params[]);
+ const OSSL_PARAM *EVP_MD_settable_ctx_params(const EVP_MD *md);
+ const OSSL_PARAM *EVP_MD_gettable_ctx_params(const EVP_MD *md);
+ const OSSL_PARAM *EVP_MD_CTX_settable_params(EVP_MD_CTX *ctx);
+ const OSSL_PARAM *EVP_MD_CTX_gettable_params(EVP_MD_CTX *ctx);
+ void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags);
+ void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags);
+ int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags);
    +
    + int EVP_Digest(const void *data, size_t count, unsigned char *md,
+                unsigned int *size, const EVP_MD *type, ENGINE *impl);
+ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
+ int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt);
+ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s);
+ int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, size_t len);
    +
    + int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in);
    +
    + int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
+ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s);
    +
    + int EVP_MD_CTX_copy(EVP_MD_CTX *out, EVP_MD_CTX *in);
    +
    + const char *EVP_MD_name(const EVP_MD *md);
+ int EVP_MD_number(const EVP_MD *md);
+ int EVP_MD_is_a(const EVP_MD *md, const char *name);
+ void EVP_MD_names_do_all(const EVP_MD *md,
+                          void (*fn)(const char *name, void *data),
+                          void *data);
+ const OSSL_PROVIDER *EVP_MD_provider(const EVP_MD *md);
+ int EVP_MD_type(const EVP_MD *md);
+ int EVP_MD_pkey_type(const EVP_MD *md);
+ int EVP_MD_size(const EVP_MD *md);
+ int EVP_MD_block_size(const EVP_MD *md);
+ unsigned long EVP_MD_flags(const EVP_MD *md);
    +
    + const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx);
+ const char *EVP_MD_CTX_name(const EVP_MD_CTX *ctx);
+ int EVP_MD_CTX_size(const EVP_MD_CTX *ctx);
+ int EVP_MD_CTX_block_size(const EVP_MD_CTX *ctx);
+ int EVP_MD_CTX_type(const EVP_MD_CTX *ctx);
+ void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx);
+ int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx,
+                                              const void *data, size_t count);
+ void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx,
+                               int (*update)(EVP_MD_CTX *ctx,
+                                             const void *data, size_t count));
    +
    + const EVP_MD *EVP_md_null(void);
    +
    + const EVP_MD *EVP_get_digestbyname(const char *name);
+ const EVP_MD *EVP_get_digestbynid(int type);
+ const EVP_MD *EVP_get_digestbyobj(const ASN1_OBJECT *o);
    +
    + EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx);
+ void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx);
    +
    + void EVP_MD_do_all_provided(OPENSSL_CTX *libctx,
+                             void (*fn)(EVP_MD *mac, void *arg),
+                             void *arg);
    +

    +

    +
    +

    DESCRIPTION

    +

    The EVP digest routines are a high level interface to message digests, +and should be used instead of the digest-specific functions.

    +

    The EVP_MD type is a structure for digest method implementation.

    +
    +
    EVP_MD_fetch()
    + +
    +

    Fetches the digest implementation for the given algorithm from any +provider offering it, within the criteria given by the properties. +See provider(7)/Fetching algorithms for further information.

    +

    The returned value must eventually be freed with EVP_MD_free().

    +

    Fetched EVP_MD structures are reference counted.

    +
    +
    EVP_MD_up_ref()
    + +
    +

    Increments the reference count for an EVP_MD structure.

    +
    +
    EVP_MD_free()
    + +
    +

    Decrements the reference count for the fetched EVP_MD structure. +If the reference count drops to 0 then the structure is freed.

    +
    +
    EVP_MD_CTX_new()
    + +
    +

    Allocates and returns a digest context.

    +
    +
    EVP_MD_CTX_reset()
    + +
    +

    Resets the digest context ctx. This can be used to reuse an already +existing context.

    +
    +
    EVP_MD_CTX_free()
    + +
    +

    Cleans up digest context ctx and frees up the space allocated to it.

    +
    +
    EVP_MD_CTX_ctrl()
    + +
    +

    This is a legacy method. EVP_MD_CTX_set_params() and EVP_MD_CTX_get_params() +is the mechanism that should be used to set and get parameters that are used by +providers. +Performs digest-specific control actions on context ctx. The control command +is indicated in cmd and any additional arguments in p1 and p2. +EVP_MD_CTX_ctrl() must be called after EVP_DigestInit_ex(). Other restrictions +may apply depending on the control type and digest implementation. +See CONTROLS below for more information.

    +
    +
    EVP_MD_get_params()
    + +
    +

    Retrieves the requested list of params from a MD md. +See PARAMETERS below for more information.

    +
    +
    EVP_MD_CTX_get_params()
    + +
    +

    Retrieves the requested list of params from a MD context ctx. +See PARAMETERS below for more information.

    +
    +
    EVP_MD_CTX_set_params()
    + +
    +

    Sets the list of params into a MD context ctx. +See PARAMETERS below for more information.

    +
    +
    EVP_MD_gettable_params(), EVP_MD_gettable_ctx_params(), +EVP_MD_settable_ctx_params(), EVP_MD_CTX_gettable_params(), +EVP_MD_CTX_settable_params()
    + +
    +

    Get a OSSL_PARAM array that describes the retrievable and settable +parameters. EVP_MD_gettable_params() returns parameters that can be used with +EVP_MD_get_params(). EVP_MD_gettable_ctx_params() and +EVP_MD_CTX_gettable_params() return parameters that can be used with +EVP_MD_CTX_get_params(). EVP_MD_settable_ctx_params() and +EVP_MD_CTX_settable_params() return parameters that can be used with +EVP_MD_CTX_set_params(). +See OSSL_PARAM(3) for the use of OSSL_PARAM as parameter descriptor.

    +
    +
    EVP_MD_CTX_set_flags(), EVP_MD_CTX_clear_flags(), EVP_MD_CTX_test_flags()
    + +
    +

    Sets, clears and tests ctx flags. See FLAGS below for more information.

    +
    +
    EVP_Digest()
    + +
    +

    A wrapper around the Digest Init_ex, Update and Final_ex functions. +Hashes count bytes of data at data using a digest type from ENGINE +impl. The digest value is placed in md and its length is written at size +if the pointer is not NULL. At most EVP_MAX_MD_SIZE bytes will be written. +If impl is NULL the default implementation of digest type is used.

    +
    +
    EVP_DigestInit_ex()
    + +
    +

    Sets up digest context ctx to use a digest type. +type is typically supplied by a function such as EVP_sha1(), or a +value explicitly fetched with EVP_MD_fetch().

    +

    If impl is non-NULL, its implementation of the digest type is used if +there is one, and if not, the default implementation is used.

    +
    +
    EVP_DigestUpdate()
    + +
    +

    Hashes cnt bytes of data at d into the digest context ctx. This +function can be called several times on the same ctx to hash additional +data.

    +
    +
    EVP_DigestFinal_ex()
    + +
    +

    Retrieves the digest value from ctx and places it in md. If the s +parameter is not NULL then the number of bytes of data written (i.e. the +length of the digest) will be written to the integer at s, at most +EVP_MAX_MD_SIZE bytes will be written. After calling EVP_DigestFinal_ex() +no additional calls to EVP_DigestUpdate() can be made, but +EVP_DigestInit_ex() can be called to initialize a new digest operation.

    +
    +
    EVP_DigestFinalXOF()
    + +
    +

    Interfaces to extendable-output functions, XOFs, such as SHAKE128 and SHAKE256. +It retrieves the digest value from ctx and places it in len-sized <B>md. +After calling this function no additional calls to EVP_DigestUpdate() can be +made, but EVP_DigestInit_ex() can be called to initialize a new operation.

    +
    +
    EVP_MD_CTX_copy_ex()
    + +
    +

    Can be used to copy the message digest state from in to out. This is +useful if large amounts of data are to be hashed which only differ in the last +few bytes.

    +
    +
    EVP_DigestInit()
    + +
    +

    Behaves in the same way as EVP_DigestInit_ex() except it always uses the +default digest implementation and calls EVP_MD_CTX_reset().

    +
    +
    EVP_DigestFinal()
    + +
    +

    Similar to EVP_DigestFinal_ex() except the digest context ctx is +automatically cleaned up.

    +
    +
    EVP_MD_CTX_copy()
    + +
    +

    Similar to EVP_MD_CTX_copy_ex() except the destination out does not have to +be initialized.

    +
    +
    EVP_MD_is_a()
    + +
    +

    Returns 1 if md is an implementation of an algorithm that's +identifiable with name, otherwise 0.

    +

    If md is a legacy digest (it's the return value from the likes of +EVP_sha256() rather than the result of an EVP_MD_fetch()), only cipher +names registered with the default library context (see +OPENSSL_CTX(3)) will be considered.

    +
    +
    EVP_MD_number()
    + +
    +

    Returns the internal dynamic number assigned to the md. This is +only useful with fetched EVP_MDs.

    +
    +
    EVP_MD_name(), +EVP_MD_CTX_name()
    + +
    +

    Return the name of the given message digest. For fetched message +digests with multiple names, only one of them is returned; it's +recommended to use EVP_MD_names_do_all() instead.

    +
    +
    EVP_MD_names_do_all()
    + +
    +

    Traverses all names for the md, and calls fn with each name and +data. This is only useful with fetched EVP_MDs.

    +
    +
    EVP_MD_provider()
    + +
    +

    Returns an OSSL_PROVIDER pointer to the provider that implements the given +EVP_MD.

    +
    +
    EVP_MD_size(), +EVP_MD_CTX_size()
    + +
    +

    Return the size of the message digest when passed an EVP_MD or an +EVP_MD_CTX structure, i.e. the size of the hash.

    +
    +
    EVP_MD_block_size(), +EVP_MD_CTX_block_size()
    + +
    +

    Return the block size of the message digest when passed an EVP_MD or an +EVP_MD_CTX structure.

    +
    +
    EVP_MD_type(), +EVP_MD_CTX_type()
    + +
    +

    Return the NID of the OBJECT IDENTIFIER representing the given message digest +when passed an EVP_MD structure. For example, EVP_MD_type(EVP_sha1()) +returns NID_sha1. This function is normally used when setting ASN1 OIDs.

    +
    +
    EVP_MD_CTX_md_data()
    + +
    +

    Return the digest method private data for the passed EVP_MD_CTX. +The space is allocated by OpenSSL and has the size originally set with +EVP_MD_meth_set_app_datasize().

    +
    +
    EVP_MD_CTX_md()
    + +
    +

    Returns the EVP_MD structure corresponding to the passed EVP_MD_CTX. This +will be the same EVP_MD object originally passed to EVP_DigestInit_ex() (or +other similar function) when the EVP_MD_CTX was first initialised. Note that +where explicit fetch is in use (see EVP_MD_fetch(3)) the value returned from +this function will not have its reference count incremented and therefore it +should not be used after the EVP_MD_CTX is freed.

    +
    +
    EVP_MD_CTX_set_update_fn()
    + +
    +

    Sets the update function for ctx to update. +This is the function that is called by EVP_DigestUpdate. If not set, the +update function from the EVP_MD type specified at initialization is used.

    +
    +
    EVP_MD_CTX_update_fn()
    + +
    +

    Returns the update function for ctx.

    +
    +
    EVP_MD_flags()
    + +
    +

    Returns the md flags. Note that these are different from the EVP_MD_CTX +ones. See EVP_MD_meth_set_flags(3) for more information.

    +
    +
    EVP_MD_pkey_type()
    + +
    +

    Returns the NID of the public key signing algorithm associated with this +digest. For example EVP_sha1() is associated with RSA so this will return +NID_sha1WithRSAEncryption. Since digests and signature algorithms are no +longer linked this function is only retained for compatibility reasons.

    +
    +
    EVP_md_null()
    + +
    +

    A "null" message digest that does nothing: i.e. the hash it returns is of zero +length.

    +
    +
    EVP_get_digestbyname(), +EVP_get_digestbynid(), +EVP_get_digestbyobj()
    + +
    +

    Returns an EVP_MD structure when passed a digest name, a digest NID or an +ASN1_OBJECT structure respectively.

    +
    +
    EVP_MD_CTX_pkey_ctx()
    + +
    +

    Returns the EVP_PKEY_CTX assigned to ctx. The returned pointer should not +be freed by the caller.

    +
    +
    EVP_MD_CTX_set_pkey_ctx()
    + +
    +

    Assigns an EVP_PKEY_CTX to EVP_MD_CTX. This is usually used to provide +a customized EVP_PKEY_CTX to EVP_DigestSignInit(3) or +EVP_DigestVerifyInit(3). The pctx passed to this function should be freed +by the caller. A NULL pctx pointer is also allowed to clear the EVP_PKEY_CTX +assigned to ctx. In such case, freeing the cleared EVP_PKEY_CTX or not +depends on how the EVP_PKEY_CTX is created.

    +
    +
    EVP_MD_do_all_provided()
    + +
    +

    Traverses all messages digests implemented by all activated providers +in the given library context libctx, and for each of the implementations, +calls the given function fn with the implementation method and the given +arg as argument.

    +
    +
    +

    +

    +
    +

    PARAMETERS

    +

    See OSSL_PARAM(3) for information about passing parameters.

    +

    EVP_MD_CTX_set_params() can be used with the following OSSL_PARAM keys:

    +
    +
    "xoflen" (OSSL_PARAM_DIGEST_KEY_XOFLEN) <unsigned integer>
    + +
    +

    Sets the digest length for extendable output functions. +It is used by the SHAKE algorithm and should not exceed what can be given +using a size_t.

    +
    +
    "pad_type" (OSSL_PARAM_DIGEST_KEY_PAD_TYPE) <integer>
    + +
    +

    Sets the pad type. +It is used by the MDC2 algorithm.

    +
    +
    +

    EVP_MD_CTX_get_params() can be used with the following OSSL_PARAM keys:

    +
    +
    "micalg" (OSSL_PARAM_DIGEST_KEY_MICALG) <UTF8 string>.
    + +
    +

    Gets the digest Message Integrity Check algorithm string. This is used when +creating S/MIME multipart/signed messages, as specified in RFC 3851. +It may be used by external engines or providers.

    +
    +
    +

    +

    +
    +

    CONTROLS

    +

    EVP_MD_CTX_ctrl() can be used to send the following standard controls:

    +
    +
    EVP_MD_CTRL_MICALG
    + +
    +

    Gets the digest Message Integrity Check algorithm string. This is used when +creating S/MIME multipart/signed messages, as specified in RFC 3851. +The string value is written to p2.

    +
    +
    EVP_MD_CTRL_XOF_LEN
    + +
    +

    This control sets the digest length for extendable output functions to p1. +Sending this control directly should not be necessary, the use of +EVP_DigestFinalXOF() is preferred. +Currently used by SHAKE.

    +
    +
    +

    +

    +
    +

    FLAGS

    +

    EVP_MD_CTX_set_flags(), EVP_MD_CTX_clear_flags() and EVP_MD_CTX_test_flags() +can be used the manipulate and test these EVP_MD_CTX flags:

    +
    +
    EVP_MD_CTX_FLAG_ONESHOT
    + +
    +

    This flag instructs the digest to optimize for one update only, if possible.

    +
    +
    EVP_MD_CTX_FLAG_NO_INIT
    + +
    +

    This flag instructs EVP_DigestInit() and similar not to initialise the +implementation specific data.

    +
    +
    EVP_MD_CTX_FLAG_FINALISE
    + +
    +

    Some functions such as EVP_DigestSign only finalise copies of internal +contexts so additional data can be included after the finalisation call. +This is inefficient if this functionality is not required, and can be +disabled with this flag.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +
    +
    EVP_MD_fetch()
    + +
    +

    Returns a pointer to a EVP_MD for success or NULL for failure.

    +
    +
    EVP_MD_up_ref()
    + +
    +

    Returns 1 for success or 0 for failure.

    +
    +
    EVP_DigestInit_ex(), +EVP_DigestUpdate(), +EVP_DigestFinal_ex()
    + +
    +

    Returns 1 for +success and 0 for failure.

    +
    +
    EVP_MD_CTX_ctrl()
    + +
    +

    Returns 1 if successful or 0 for failure.

    +
    +
    EVP_MD_CTX_set_params(), +EVP_MD_CTX_get_params()
    + +
    +

    Returns 1 if successful or 0 for failure.

    +
    +
    EVP_MD_CTX_settable_params(), +EVP_MD_CTX_gettable_params()
    + +
    +

    Return an array of constant OSSL_PARAMs, or NULL if there is none +to get.

    +
    +
    EVP_MD_CTX_copy_ex()
    + +
    +

    Returns 1 if successful or 0 for failure.

    +
    +
    EVP_MD_type(), +EVP_MD_pkey_type()
    + +
    +

    Returns the NID of the corresponding OBJECT IDENTIFIER or NID_undef if none +exists.

    +
    +
    EVP_MD_size(), +EVP_MD_block_size(), +EVP_MD_CTX_size(), +EVP_MD_CTX_block_size()
    + +
    +

    Returns the digest or block size in bytes.

    +
    +
    EVP_md_null()
    + +
    +

    Returns a pointer to the EVP_MD structure of the "null" message digest.

    +
    +
    EVP_get_digestbyname(), +EVP_get_digestbynid(), +EVP_get_digestbyobj()
    + +
    +

    Returns either an EVP_MD structure or NULL if an error occurs.

    +
    +
    EVP_MD_CTX_set_pkey_ctx()
    + +
    +

    This function has no return value.

    +
    +
    +

    +

    +
    +

    NOTES

    +

    The EVP interface to message digests should almost always be used in +preference to the low level interfaces. This is because the code then becomes +transparent to the digest used and much more flexible.

    +

    New applications should use the SHA-2 (such as EVP_sha256(3)) or the SHA-3 +digest algorithms (such as EVP_sha3_512(3)). The other digest algorithms +are still in common use.

    +

    For most applications the impl parameter to EVP_DigestInit_ex() will be +set to NULL to use the default digest implementation.

    +

    The functions EVP_DigestInit(), EVP_DigestFinal() and EVP_MD_CTX_copy() are +obsolete but are retained to maintain compatibility with existing code. New +applications should use EVP_DigestInit_ex(), EVP_DigestFinal_ex() and +EVP_MD_CTX_copy_ex() because they can efficiently reuse a digest context +instead of initializing and cleaning it up on each call and allow non default +implementations of digests to be specified.

    +

    If digest contexts are not cleaned up after use, +memory leaks will occur.

    +

    EVP_MD_CTX_name(), EVP_MD_CTX_size(), EVP_MD_CTX_block_size(), +EVP_MD_CTX_type(), EVP_get_digestbynid() and EVP_get_digestbyobj() are defined +as macros.

    +

    EVP_MD_CTX_ctrl() sends commands to message digests for additional configuration +or control.

    +

    +

    +
    +

    EXAMPLES

    +

    This example digests the data "Test Message\n" and "Hello World\n", using the +digest name passed on the command line.

    +
    + #include <stdio.h>
+ #include <string.h>
+ #include <openssl/evp.h>
    +
    + int main(int argc, char *argv[])
+ {
+     EVP_MD_CTX *mdctx;
+     const EVP_MD *md;
+     char mess1[] = "Test Message\n";
+     char mess2[] = "Hello World\n";
+     unsigned char md_value[EVP_MAX_MD_SIZE];
+     unsigned int md_len, i;
    +
    +     if (argv[1] == NULL) {
+         printf("Usage: mdtest digestname\n");
+         exit(1);
+     }
    +
    +     md = EVP_get_digestbyname(argv[1]);
+     if (md == NULL) {
+         printf("Unknown message digest %s\n", argv[1]);
+         exit(1);
+     }
    +
    +     mdctx = EVP_MD_CTX_new();
+     EVP_DigestInit_ex(mdctx, md, NULL);
+     EVP_DigestUpdate(mdctx, mess1, strlen(mess1));
+     EVP_DigestUpdate(mdctx, mess2, strlen(mess2));
+     EVP_DigestFinal_ex(mdctx, md_value, &md_len);
+     EVP_MD_CTX_free(mdctx);
    +
    +     printf("Digest is: ");
+     for (i = 0; i < md_len; i++)
+         printf("%02x", md_value[i]);
+     printf("\n");
    +
    +     exit(0);
+ }
    +

    +

    +
    +

    SEE ALSO

    +

    EVP_MD_meth_new(3), +openssl-dgst(1), +evp(7), +OSSL_PROVIDER(3), +OSSL_PARAM(3)

    +

    The full list of digest algorithms are provided below.

    +

    EVP_blake2b512(3), +EVP_md2(3), +EVP_md4(3), +EVP_md5(3), +EVP_mdc2(3), +EVP_ripemd160(3), +EVP_sha1(3), +EVP_sha224(3), +EVP_sha3_224(3), +EVP_sm3(3), +EVP_whirlpool(3) +provider(7)/Fetching algorithms

    +

    +

    +
    +

    HISTORY

    +

    The EVP_MD_CTX_create() and EVP_MD_CTX_destroy() functions were renamed to +EVP_MD_CTX_new() and EVP_MD_CTX_free() in OpenSSL 1.1.0, respectively.

    +

    The link between digests and signing algorithms was fixed in OpenSSL 1.0 and +later, so now EVP_sha1() can be used with RSA and DSA.

    +

    The EVP_dss1() function was removed in OpenSSL 1.1.0.

    +

    The EVP_MD_CTX_set_pkey_ctx() function was added in 1.1.1.

    +

    The EVP_MD_fetch(), EVP_MD_free(), EVP_MD_up_ref(), EVP_MD_CTX_set_params() +and EVP_MD_CTX_get_params() functions were added in 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_DigestSignInit.html b/linux_amd64/share/doc/openssl/html/man3/EVP_DigestSignInit.html new file mode 100755 index 0000000..7ff6f4d --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_DigestSignInit.html @@ -0,0 +1,221 @@ + + + + +EVP_DigestSignInit + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_DigestSignInit_ex, EVP_DigestSignInit, EVP_DigestSignUpdate, +EVP_DigestSignFinal, EVP_DigestSign - EVP signing functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+                           const char *mdname, const char *props,
+                           EVP_PKEY *pkey);
+ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+                        const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
+ int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt);
+ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen);
    +
    + int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret,
+                    size_t *siglen, const unsigned char *tbs,
+                    size_t tbslen);
    +

    +

    +
    +

    DESCRIPTION

    +

    The EVP signature routines are a high level interface to digital signatures. +Input data is digested first before the signing takes place.

    +

    EVP_DigestSignInit_ex() sets up signing context ctx to use a digest with the +name mdname and private key pkey. The name of the digest to be used is +passed to the provider of the signature algorithm in use. How that provider +interprets the digest name is provider specific. The provider may implement +that digest directly itself or it may (optionally) choose to fetch it (which +could result in a digest from a different provider being selected). If the +provider supports fetching the digest then it may use the props argument for +the properties to be used during the fetch.

    +

    The pkey algorithm is used to fetch a EVP_SIGNATURE method implicitly, to +be used for the actual signing. See provider(7)/Implicit fetch for +more information about implict fetches.

    +

    The OpenSSL default and legacy providers support fetching digests and can fetch +those digests from any available provider. The OpenSSL fips provider also +supports fetching digests but will only fetch digests that are themselves +implemented inside the fips provider.

    +

    ctx must be created with EVP_MD_CTX_new() before calling this function. If +pctx is not NULL, the EVP_PKEY_CTX of the signing operation will be written +to *pctx: this can be used to set alternative signing options. Note that any +existing value in *pctx is overwritten. The EVP_PKEY_CTX value returned must +not be freed directly by the application if ctx is not assigned an +EVP_PKEY_CTX value before being passed to EVP_DigestSignInit_ex() (which means +the EVP_PKEY_CTX is created inside EVP_DigestSignInit_ex() and it will be freed +automatically when the EVP_MD_CTX is freed).

    +

    The digest mdname may be NULL if the signing algorithm supports it. The +props argument can always be NULL.

    +

    No EVP_PKEY_CTX will be created by EVP_DigestSignInit_ex() if the passed +ctx has already been assigned one via EVP_MD_CTX_set_pkey_ctx(3). See also +SM2(7).

    +

    Only EVP_PKEY types that support signing can be used with these functions. This +includes MAC algorithms where the MAC generation is considered as a form of +"signing". Built-in EVP_PKEY types supported by these functions are CMAC, +Poly1305, DSA, ECDSA, HMAC, RSA, SipHash, Ed25519 and Ed448.

    +

    Not all digests can be used for all key types. The following combinations apply.

    +
    +
    DSA
    + +
    +

    Supports SHA1, SHA224, SHA256, SHA384 and SHA512

    +
    +
    ECDSA
    + +
    +

    Supports SHA1, SHA224, SHA256, SHA384, SHA512 and SM3

    +
    +
    RSA with no padding
    + +
    +

    Supports no digests (the digest type must be NULL)

    +
    +
    RSA with X931 padding
    + +
    +

    Supports SHA1, SHA256, SHA384 and SHA512

    +
    +
    All other RSA padding types
    + +
    +

    Support SHA1, SHA224, SHA256, SHA384, SHA512, MD5, MD5_SHA1, MD2, MD4, MDC2, +SHA3-224, SHA3-256, SHA3-384, SHA3-512

    +
    +
    Ed25519 and Ed448
    + +
    +

    Support no digests (the digest type must be NULL)

    +
    +
    HMAC
    + +
    +

    Supports any digest

    +
    +
    CMAC, Poly1305 and SipHash
    + +
    +

    Will ignore any digest provided.

    +
    +
    +

    If RSA-PSS is used and restrictions apply then the digest must match.

    +

    EVP_DigestSignInit() works in the same way as EVP_DigestSignInit_ex() except +that the mdname parameter will be inferred from the supplied digest type, +and props will be NULL. Where supplied the ENGINE e will be used for the +signing and digest algorithm implementations. e may be NULL.

    +

    EVP_DigestSignUpdate() hashes cnt bytes of data at d into the +signature context ctx. This function can be called several times on the +same ctx to include additional data.

    +

    EVP_DigestSignFinal() signs the data in ctx and places the signature in sig. +If sig is NULL then the maximum size of the output buffer is written to +the siglen parameter. If sig is not NULL then before the call the +siglen parameter should contain the length of the sig buffer. If the +call is successful the signature is written to sig and the amount of data +written to siglen.

    +

    EVP_DigestSign() signs tbslen bytes of data at tbs and places the +signature in sig and its length in siglen in a similar way to +EVP_DigestSignFinal().

    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_DigestSignInit(), EVP_DigestSignUpdate(), EVP_DigestSignFinal() and +EVP_DigestSign() return 1 for success and 0 for failure.

    +

    The error codes can be obtained from ERR_get_error(3).

    +

    +

    +
    +

    NOTES

    +

    The EVP interface to digital signatures should almost always be used in +preference to the low level interfaces. This is because the code then becomes +transparent to the algorithm used and much more flexible.

    +

    EVP_DigestSign() is a one shot operation which signs a single block of data +in one function. For algorithms that support streaming it is equivalent to +calling EVP_DigestSignUpdate() and EVP_DigestSignFinal(). For algorithms which +do not support streaming (e.g. PureEdDSA) it is the only way to sign data.

    +

    In previous versions of OpenSSL there was a link between message digest types +and public key algorithms. This meant that "clone" digests such as EVP_dss1() +needed to be used to sign using SHA1 and DSA. This is no longer necessary and +the use of clone digest is now discouraged.

    +

    For some key types and parameters the random number generator must be seeded. +If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to +external circumstances (see RAND(7)), the operation will fail.

    +

    The call to EVP_DigestSignFinal() internally finalizes a copy of the digest +context. This means that calls to EVP_DigestSignUpdate() and +EVP_DigestSignFinal() can be called later to digest and sign additional data.

    +

    Since only a copy of the digest context is ever finalized, the context must +be cleaned up after use by calling EVP_MD_CTX_free() or a memory leak +will occur.

    +

    The use of EVP_PKEY_size() with these functions is discouraged because some +signature operations may have a signature length which depends on the +parameters set. As a result EVP_PKEY_size() would have to return a value +which indicates the maximum possible signature for any set of parameters.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_DigestVerifyInit(3), +EVP_DigestInit(3), +evp(7), HMAC(3), MD2(3), +MD5(3), MDC2(3), RIPEMD160(3), +SHA1(3), openssl-dgst(1), +RAND(7)

    +

    +

    +
    +

    HISTORY

    +

    EVP_DigestSignInit(), EVP_DigestSignUpdate() and EVP_DigestSignFinal() +were added in OpenSSL 1.0.0.

    +

    EVP_DigestSignInit_ex() was added in OpenSSL 3.0.

    +

    EVP_DigestSignUpdate() was converted from a macro to a function in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_DigestVerifyInit.html b/linux_amd64/share/doc/openssl/html/man3/EVP_DigestVerifyInit.html new file mode 100755 index 0000000..38ec71f --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_DigestVerifyInit.html @@ -0,0 +1,215 @@ + + + + +EVP_DigestVerifyInit + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_DigestVerifyInit_ex, EVP_DigestVerifyInit, EVP_DigestVerifyUpdate, +EVP_DigestVerifyFinal, EVP_DigestVerify - EVP signature verification functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+                             const char *mdname, const char *props,
+                             EVP_PKEY *pkey, EVP_SIGNATURE *signature);
+ int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+                          const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
+ int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt);
+ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
+                           size_t siglen);
+ int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
+                      size_t siglen, const unsigned char *tbs, size_t tbslen);
    +

    +

    +
    +

    DESCRIPTION

    +

    The EVP signature routines are a high level interface to digital signatures. +Input data is digested first before the signature verification takes place.

    +

    EVP_DigestVerifyInit_ex() sets up verification context ctx to use a digest +with the name mdname and public key pkey. The signature algorithm +signature will be used for the actual signature verification which must be +compatible with the public key. The name of the digest to be used is passed to +the provider of the signature algorithm in use. How that provider interprets the +digest name is provider specific. The provider may implement that digest +directly itself or it may (optionally) choose to fetch it (which could result in +a digest from a different provider being selected). If the provider supports +fetching the digest then it may use the props argument for the properties to +be used during the fetch.

    +

    The signature parameter may be NULL in which case a suitable signature +algorithm implementation will be implicitly fetched based on the type of key in +use. See provider(7) for further information about providers and fetching +algorithms.

    +

    The OpenSSL default and legacy providers support fetching digests and can fetch +those digests from any available provider. The OpenSSL fips provider also +supports fetching digests but will only fetch digests that are themselves +implemented inside the fips provider.

    +

    ctx must be created with EVP_MD_CTX_new() before calling this function. If +pctx is not NULL, the EVP_PKEY_CTX of the verification operation will be +written to *pctx: this can be used to set alternative verification options. +Note that any existing value in *pctx is overwritten. The EVP_PKEY_CTX value +returned must not be freed directly by the application if ctx is not assigned +an EVP_PKEY_CTX value before being passed to EVP_DigestVerifyInit_ex() (which +means the EVP_PKEY_CTX is created inside EVP_DigestVerifyInit_ex() and it will +be freed automatically when the EVP_MD_CTX is freed).

    +

    No EVP_PKEY_CTX will be created by EVP_DigestSignInit_ex() if the passed +ctx has already been assigned one via EVP_MD_CTX_set_pkey_ctx(3). See also +SM2(7).

    +

    Not all digests can be used for all key types. The following combinations apply.

    +
    +
    DSA
    + +
    +

    Supports SHA1, SHA224, SHA256, SHA384 and SHA512

    +
    +
    ECDSA
    + +
    +

    Supports SHA1, SHA224, SHA256, SHA384, SHA512 and SM3

    +
    +
    RSA with no padding
    + +
    +

    Supports no digests (the digest type must be NULL)

    +
    +
    RSA with X931 padding
    + +
    +

    Supports SHA1, SHA256, SHA384 and SHA512

    +
    +
    All other RSA padding types
    + +
    +

    Support SHA1, SHA224, SHA256, SHA384, SHA512, MD5, MD5_SHA1, MD2, MD4, MDC2, +SHA3-224, SHA3-256, SHA3-384, SHA3-512

    +
    +
    Ed25519 and Ed448
    + +
    +

    Support no digests (the digest type must be NULL)

    +
    +
    HMAC
    + +
    +

    Supports any digest

    +
    +
    CMAC, Poly1305 and SipHash
    + +
    +

    Will ignore any digest provided.

    +
    +
    +

    If RSA-PSS is used and restrictions apply then the digest must match.

    +

    EVP_DigestVerifyInit() works in the same way as EVP_DigestVerifyInit_ex() except +that the mdname parameter will be inferred from the supplied digest type, +and props will be NULL. Where supplied the ENGINE e will be used for the +signature verification and digest algorithm implementations. e may be NULL.

    +

    EVP_DigestVerifyUpdate() hashes cnt bytes of data at d into the +verification context ctx. This function can be called several times on the +same ctx to include additional data.

    +

    EVP_DigestVerifyFinal() verifies the data in ctx against the signature in +sig of length siglen.

    +

    EVP_DigestVerify() verifies tbslen bytes at tbs against the signature +in sig of length siglen.

    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_DigestVerifyInit() and EVP_DigestVerifyUpdate() return 1 for success and 0 +for failure.

    +

    EVP_DigestVerifyFinal() and EVP_DigestVerify() return 1 for success; any other +value indicates failure. A return value of zero indicates that the signature +did not verify successfully (that is, tbs did not match the original data or +the signature had an invalid form), while other values indicate a more serious +error (and sometimes also indicate an invalid signature form).

    +

    The error codes can be obtained from ERR_get_error(3).

    +

    +

    +
    +

    NOTES

    +

    The EVP interface to digital signatures should almost always be used in +preference to the low level interfaces. This is because the code then becomes +transparent to the algorithm used and much more flexible.

    +

    EVP_DigestVerify() is a one shot operation which verifies a single block of +data in one function. For algorithms that support streaming it is equivalent +to calling EVP_DigestVerifyUpdate() and EVP_DigestVerifyFinal(). For +algorithms which do not support streaming (e.g. PureEdDSA) it is the only way +to verify data.

    +

    In previous versions of OpenSSL there was a link between message digest types +and public key algorithms. This meant that "clone" digests such as EVP_dss1() +needed to be used to sign using SHA1 and DSA. This is no longer necessary and +the use of clone digest is now discouraged.

    +

    For some key types and parameters the random number generator must be seeded. +If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to +external circumstances (see RAND(7)), the operation will fail.

    +

    The call to EVP_DigestVerifyFinal() internally finalizes a copy of the digest +context. This means that EVP_VerifyUpdate() and EVP_VerifyFinal() can +be called later to digest and verify additional data.

    +

    Since only a copy of the digest context is ever finalized, the context must +be cleaned up after use by calling EVP_MD_CTX_free() or a memory leak +will occur.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_DigestSignInit(3), +EVP_DigestInit(3), +evp(7), HMAC(3), MD2(3), +MD5(3), MDC2(3), RIPEMD160(3), +SHA1(3), openssl-dgst(1), +RAND(7)

    +

    +

    +
    +

    HISTORY

    +

    EVP_DigestVerifyInit(), EVP_DigestVerifyUpdate() and EVP_DigestVerifyFinal() +were added in OpenSSL 1.0.0.

    +

    EVP_DigestVerifyInit_ex() was added in OpenSSL 3.0.

    +

    EVP_DigestVerifyUpdate() was converted from a macro to a function in OpenSSL +3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_EncodeInit.html b/linux_amd64/share/doc/openssl/html/man3/EVP_EncodeInit.html new file mode 100755 index 0000000..57733f8 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_EncodeInit.html @@ -0,0 +1,179 @@ + + + + +EVP_EncodeInit + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_ENCODE_CTX_new, EVP_ENCODE_CTX_free, EVP_ENCODE_CTX_copy, +EVP_ENCODE_CTX_num, EVP_EncodeInit, EVP_EncodeUpdate, EVP_EncodeFinal, +EVP_EncodeBlock, EVP_DecodeInit, EVP_DecodeUpdate, EVP_DecodeFinal, +EVP_DecodeBlock - EVP base 64 encode/decode routines

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void);
+ void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx);
+ int EVP_ENCODE_CTX_copy(EVP_ENCODE_CTX *dctx, EVP_ENCODE_CTX *sctx);
+ int EVP_ENCODE_CTX_num(EVP_ENCODE_CTX *ctx);
+ void EVP_EncodeInit(EVP_ENCODE_CTX *ctx);
+ int EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
+                      const unsigned char *in, int inl);
+ void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl);
+ int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n);
    +
    + void EVP_DecodeInit(EVP_ENCODE_CTX *ctx);
+ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
+                      const unsigned char *in, int inl);
+ int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl);
+ int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n);
    +

    +

    +
    +

    DESCRIPTION

    +

    The EVP encode routines provide a high level interface to base 64 encoding and +decoding. Base 64 encoding converts binary data into a printable form that uses +the characters A-Z, a-z, 0-9, "+" and "/" to represent the data. For every 3 +bytes of binary data provided 4 bytes of base 64 encoded data will be produced +plus some occasional newlines (see below). If the input data length is not a +multiple of 3 then the output data will be padded at the end using the "=" +character.

    +

    EVP_ENCODE_CTX_new() allocates, initializes and returns a context to be used for +the encode/decode functions.

    +

    EVP_ENCODE_CTX_free() cleans up an encode/decode context ctx and frees up the +space allocated to it.

    +

    Encoding of binary data is performed in blocks of 48 input bytes (or less for +the final block). For each 48 byte input block encoded 64 bytes of base 64 data +is output plus an additional newline character (i.e. 65 bytes in total). The +final block (which may be less than 48 bytes) will output 4 bytes for every 3 +bytes of input. If the data length is not divisible by 3 then a full 4 bytes is +still output for the final 1 or 2 bytes of input. Similarly a newline character +will also be output.

    +

    EVP_EncodeInit() initialises ctx for the start of a new encoding operation.

    +

    EVP_EncodeUpdate() encode inl bytes of data found in the buffer pointed to by +in. The output is stored in the buffer out and the number of bytes output +is stored in *outl. It is the caller's responsibility to ensure that the +buffer at out is sufficiently large to accommodate the output data. Only full +blocks of data (48 bytes) will be immediately processed and output by this +function. Any remainder is held in the ctx object and will be processed by a +subsequent call to EVP_EncodeUpdate() or EVP_EncodeFinal(). To calculate the +required size of the output buffer add together the value of inl with the +amount of unprocessed data held in ctx and divide the result by 48 (ignore +any remainder). This gives the number of blocks of data that will be processed. +Ensure the output buffer contains 65 bytes of storage for each block, plus an +additional byte for a NUL terminator. EVP_EncodeUpdate() may be called +repeatedly to process large amounts of input data. In the event of an error +EVP_EncodeUpdate() will set *outl to 0 and return 0. On success 1 will be +returned.

    +

    EVP_EncodeFinal() must be called at the end of an encoding operation. It will +process any partial block of data remaining in the ctx object. The output +data will be stored in out and the length of the data written will be stored +in *outl. It is the caller's responsibility to ensure that out is +sufficiently large to accommodate the output data which will never be more than +65 bytes plus an additional NUL terminator (i.e. 66 bytes in total).

    +

    EVP_ENCODE_CTX_copy() can be used to copy a context sctx to a context +dctx. dctx must be initialized before calling this function.

    +

    EVP_ENCODE_CTX_num() will return the number of as yet unprocessed bytes still to +be encoded or decoded that are pending in the ctx object.

    +

    EVP_EncodeBlock() encodes a full block of input data in f and of length +dlen and stores it in t. For every 3 bytes of input provided 4 bytes of +output data will be produced. If dlen is not divisible by 3 then the block is +encoded as a final block of data and the output is padded such that it is always +divisible by 4. Additionally a NUL terminator character will be added. For +example if 16 bytes of input data is provided then 24 bytes of encoded data is +created plus 1 byte for a NUL terminator (i.e. 25 bytes in total). The length of +the data generated without the NUL terminator is returned from the function.

    +

    EVP_DecodeInit() initialises ctx for the start of a new decoding operation.

    +

    EVP_DecodeUpdate() decodes inl characters of data found in the buffer pointed +to by in. The output is stored in the buffer out and the number of bytes +output is stored in *outl. It is the caller's responsibility to ensure that +the buffer at out is sufficiently large to accommodate the output data. This +function will attempt to decode as much data as possible in 4 byte chunks. Any +whitespace, newline or carriage return characters are ignored. Any partial chunk +of unprocessed data (1, 2 or 3 bytes) that remains at the end will be held in +the ctx object and processed by a subsequent call to EVP_DecodeUpdate(). If +any illegal base 64 characters are encountered or if the base 64 padding +character "=" is encountered in the middle of the data then the function returns +-1 to indicate an error. A return value of 0 or 1 indicates successful +processing of the data. A return value of 0 additionally indicates that the last +input data characters processed included the base 64 padding character "=" and +therefore no more non-padding character data is expected to be processed. For +every 4 valid base 64 bytes processed (ignoring whitespace, carriage returns and +line feeds), 3 bytes of binary output data will be produced (or less at the end +of the data where the padding character "=" has been used).

    +

    EVP_DecodeFinal() must be called at the end of a decoding operation. If there +is any unprocessed data still in ctx then the input data must not have been +a multiple of 4 and therefore an error has occurred. The function will return -1 +in this case. Otherwise the function returns 1 on success.

    +

    EVP_DecodeBlock() will decode the block of n characters of base 64 data +contained in f and store the result in t. Any leading whitespace will be +trimmed as will any trailing whitespace, newlines, carriage returns or EOF +characters. After such trimming the length of the data in f must be divisible +by 4. For every 4 input bytes exactly 3 output bytes will be produced. The +output will be padded with 0 bits if necessary to ensure that the output is +always 3 bytes for every 4 input bytes. This function will return the length of +the data decoded or -1 on error.

    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_ENCODE_CTX_new() returns a pointer to the newly allocated EVP_ENCODE_CTX +object or NULL on error.

    +

    EVP_ENCODE_CTX_num() returns the number of bytes pending encoding or decoding in +ctx.

    +

    EVP_EncodeUpdate() returns 0 on error or 1 on success.

    +

    EVP_EncodeBlock() returns the number of bytes encoded excluding the NUL +terminator.

    +

    EVP_DecodeUpdate() returns -1 on error and 0 or 1 on success. If 0 is returned +then no more non-padding base 64 characters are expected.

    +

    EVP_DecodeFinal() returns -1 on error or 1 on success.

    +

    EVP_DecodeBlock() returns the length of the data decoded or -1 on error.

    +

    +

    +
    +

    SEE ALSO

    +

    evp(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_EncryptInit.html b/linux_amd64/share/doc/openssl/html/man3/EVP_EncryptInit.html new file mode 100755 index 0000000..4035870 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_EncryptInit.html @@ -0,0 +1,811 @@ + + + + +EVP_EncryptInit + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_CIPHER_fetch, +EVP_CIPHER_up_ref, +EVP_CIPHER_free, +EVP_CIPHER_CTX_new, +EVP_CIPHER_CTX_reset, +EVP_CIPHER_CTX_free, +EVP_EncryptInit_ex, +EVP_EncryptUpdate, +EVP_EncryptFinal_ex, +EVP_DecryptInit_ex, +EVP_DecryptUpdate, +EVP_DecryptFinal_ex, +EVP_CipherInit_ex, +EVP_CipherUpdate, +EVP_CipherFinal_ex, +EVP_CIPHER_CTX_set_key_length, +EVP_CIPHER_CTX_ctrl, +EVP_EncryptInit, +EVP_EncryptFinal, +EVP_DecryptInit, +EVP_DecryptFinal, +EVP_CipherInit, +EVP_CipherFinal, +EVP_Cipher, +EVP_get_cipherbyname, +EVP_get_cipherbynid, +EVP_get_cipherbyobj, +EVP_CIPHER_is_a, +EVP_CIPHER_name, +EVP_CIPHER_number, +EVP_CIPHER_names_do_all, +EVP_CIPHER_provider, +EVP_CIPHER_nid, +EVP_CIPHER_get_params, +EVP_CIPHER_gettable_params, +EVP_CIPHER_block_size, +EVP_CIPHER_key_length, +EVP_CIPHER_iv_length, +EVP_CIPHER_flags, +EVP_CIPHER_mode, +EVP_CIPHER_type, +EVP_CIPHER_CTX_cipher, +EVP_CIPHER_CTX_name, +EVP_CIPHER_CTX_nid, +EVP_CIPHER_CTX_get_params, +EVP_CIPHER_gettable_ctx_params, +EVP_CIPHER_CTX_set_params, +EVP_CIPHER_settable_ctx_params, +EVP_CIPHER_CTX_block_size, +EVP_CIPHER_CTX_key_length, +EVP_CIPHER_CTX_iv_length, +EVP_CIPHER_CTX_tag_length, +EVP_CIPHER_CTX_get_app_data, +EVP_CIPHER_CTX_set_app_data, +EVP_CIPHER_CTX_type, +EVP_CIPHER_CTX_flags, +EVP_CIPHER_CTX_mode, +EVP_CIPHER_param_to_asn1, +EVP_CIPHER_asn1_to_param, +EVP_CIPHER_CTX_set_padding, +EVP_enc_null, +EVP_CIPHER_do_all_provided +- EVP cipher routines

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + EVP_CIPHER *EVP_CIPHER_fetch(OPENSSL_CTX *ctx, const char *algorithm,
+                              const char *properties);
+ int EVP_CIPHER_up_ref(EVP_CIPHER *cipher);
+ void EVP_CIPHER_free(EVP_CIPHER *cipher);
+ EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void);
+ int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx);
+ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx);
    +
    + int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+                        ENGINE *impl, const unsigned char *key, const unsigned char *iv);
+ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                       int *outl, const unsigned char *in, int inl);
+ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
    +
    + int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+                        ENGINE *impl, const unsigned char *key, const unsigned char *iv);
+ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                       int *outl, const unsigned char *in, int inl);
+ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
    +
    + int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+                       ENGINE *impl, const unsigned char *key, const unsigned char *iv, int enc);
+ int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                      int *outl, const unsigned char *in, int inl);
+ int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
    +
    + int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+                     const unsigned char *key, const unsigned char *iv);
+ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
    +
    + int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+                     const unsigned char *key, const unsigned char *iv);
+ int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
    +
    + int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+                    const unsigned char *key, const unsigned char *iv, int enc);
+ int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
    +
    + int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                const unsigned char *in, unsigned int inl);
    +
    + int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *x, int padding);
+ int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen);
+ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);
+ int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key);
    +
    + const EVP_CIPHER *EVP_get_cipherbyname(const char *name);
+ const EVP_CIPHER *EVP_get_cipherbynid(int nid);
+ const EVP_CIPHER *EVP_get_cipherbyobj(const ASN1_OBJECT *a);
    +
    + int EVP_CIPHER_nid(const EVP_CIPHER *e);
+ int EVP_CIPHER_number(const EVP_CIPHER *e);
+ int EVP_CIPHER_is_a(const EVP_CIPHER *cipher, const char *name);
+ void EVP_CIPHER_names_do_all(const EVP_CIPHER *cipher,
+                              void (*fn)(const char *name, void *data),
+                              void *data);
+ const char *EVP_CIPHER_name(const EVP_CIPHER *cipher);
+ const OSSL_PROVIDER *EVP_CIPHER_provider(const EVP_CIPHER *cipher);
+ int EVP_CIPHER_block_size(const EVP_CIPHER *e);
+ int EVP_CIPHER_key_length(const EVP_CIPHER *e);
+ int EVP_CIPHER_iv_length(const EVP_CIPHER *e);
+ unsigned long EVP_CIPHER_flags(const EVP_CIPHER *e);
+ unsigned long EVP_CIPHER_mode(const EVP_CIPHER *e);
+ int EVP_CIPHER_type(const EVP_CIPHER *ctx);
    +
    + const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx);
+ int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx);
+ const char *EVP_CIPHER_CTX_name(const EVP_CIPHER_CTX *ctx);
    +
    + int EVP_CIPHER_get_params(EVP_CIPHER *cipher, OSSL_PARAM params[]);
+ int EVP_CIPHER_CTX_set_params(EVP_CIPHER_CTX *ctx, const OSSL_PARAM params[]);
+ int EVP_CIPHER_CTX_get_params(EVP_CIPHER_CTX *ctx, OSSL_PARAM params[]);
+ const OSSL_PARAM *EVP_CIPHER_gettable_params(const EVP_CIPHER *cipher);
+ const OSSL_PARAM *EVP_CIPHER_settable_ctx_params(const EVP_CIPHER *cipher);
+ const OSSL_PARAM *EVP_CIPHER_gettable_ctx_params(const EVP_CIPHER *cipher);
+ int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx);
+ int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx);
+ int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx);
+ int EVP_CIPHER_CTX_tag_length(const EVP_CIPHER_CTX *ctx);
+ void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx);
+ void EVP_CIPHER_CTX_set_app_data(const EVP_CIPHER_CTX *ctx, void *data);
+ int EVP_CIPHER_CTX_type(const EVP_CIPHER_CTX *ctx);
+ int EVP_CIPHER_CTX_mode(const EVP_CIPHER_CTX *ctx);
    +
    + int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
    +
    + void EVP_CIPHER_do_all_provided(OPENSSL_CTX *libctx,
+                                 void (*fn)(EVP_CIPHER *cipher, void *arg),
+                                 void *arg);
    +

    +

    +
    +

    DESCRIPTION

    +

    The EVP cipher routines are a high level interface to certain +symmetric ciphers.

    +

    The EVP_CIPHER type is a structure for cipher method implementation.

    +

    EVP_CIPHER_fetch() fetches the cipher implementation for the given +algorithm from any provider offering it, within the criteria given +by the properties. +See provider(7)/Fetching algorithms for further information.

    +

    The returned value must eventually be freed with EVP_CIPHER_free().

    +

    EVP_CIPHER_up_ref() increments the reference count for an EVP_CIPHER +structure.

    +

    EVP_CIPHER_free() decrements the reference count for the EVP_CIPHER +structure. +If the reference count drops to 0 then the structure is freed.

    +

    EVP_CIPHER_CTX_new() creates a cipher context.

    +

    EVP_CIPHER_CTX_free() clears all information from a cipher context +and free up any allocated memory associate with it, including ctx +itself. This function should be called after all operations using a +cipher are complete so sensitive information does not remain in +memory.

    +

    EVP_EncryptInit_ex() sets up cipher context ctx for encryption +with cipher type. type is typically supplied by a function such +as EVP_aes_256_cbc(), or a value explicitly fetched with +EVP_CIPHER_fetch(). If impl is non-NULL, its implementation of the +cipher type is used if there is one, and if not, the default +implementation is used. key is the symmetric key to use +and iv is the IV to use (if necessary), the actual number of bytes +used for the key and IV depends on the cipher. It is possible to set +all parameters to NULL except type in an initial call and supply +the remaining parameters in subsequent calls, all of which have type +set to NULL. This is done when the default cipher parameters are not +appropriate. +For EVP_CIPH_GCM_MODE the IV will be generated internally if it is not +specified.

    +

    EVP_EncryptUpdate() encrypts inl bytes from the buffer in and +writes the encrypted version to out. This function can be called +multiple times to encrypt successive blocks of data. The amount +of data written depends on the block alignment of the encrypted data: +as a result the amount of data written may be anything from zero bytes +to (inl + cipher_block_size - 1) so out should contain sufficient +room. The actual number of bytes written is placed in outl. It also +checks if in and out are partially overlapping, and if they are +0 is returned to indicate failure.

    +

    If padding is enabled (the default) then EVP_EncryptFinal_ex() encrypts +the "final" data, that is any data that remains in a partial block. +It uses standard block padding (aka PKCS padding) as described in +the NOTES section, below. The encrypted +final data is written to out which should have sufficient space for +one cipher block. The number of bytes written is placed in outl. After +this function is called the encryption operation is finished and no further +calls to EVP_EncryptUpdate() should be made.

    +

    If padding is disabled then EVP_EncryptFinal_ex() will not encrypt any more +data and it will return an error if any data remains in a partial block: +that is if the total data length is not a multiple of the block size.

    +

    EVP_DecryptInit_ex(), EVP_DecryptUpdate() and EVP_DecryptFinal_ex() are the +corresponding decryption operations. EVP_DecryptFinal() will return an +error code if padding is enabled and the final block is not correctly +formatted. The parameters and restrictions are identical to the encryption +operations except that if padding is enabled the decrypted data buffer out +passed to EVP_DecryptUpdate() should have sufficient room for +(inl + cipher_block_size) bytes unless the cipher block size is 1 in +which case inl bytes is sufficient.

    +

    EVP_CipherInit_ex(), EVP_CipherUpdate() and EVP_CipherFinal_ex() are +functions that can be used for decryption or encryption. The operation +performed depends on the value of the enc parameter. It should be set +to 1 for encryption, 0 for decryption and -1 to leave the value unchanged +(the actual value of 'enc' being supplied in a previous call).

    +

    EVP_CIPHER_CTX_reset() clears all information from a cipher context +and free up any allocated memory associate with it, except the ctx +itself. This function should be called anytime ctx is to be reused +for another EVP_CipherInit() / EVP_CipherUpdate() / EVP_CipherFinal() +series of calls.

    +

    EVP_EncryptInit(), EVP_DecryptInit() and EVP_CipherInit() behave in a +similar way to EVP_EncryptInit_ex(), EVP_DecryptInit_ex() and +EVP_CipherInit_ex() except they always use the default cipher implementation.

    +

    EVP_EncryptFinal(), EVP_DecryptFinal() and EVP_CipherFinal() are +identical to EVP_EncryptFinal_ex(), EVP_DecryptFinal_ex() and +EVP_CipherFinal_ex(). In previous releases they also cleaned up +the ctx, but this is no longer done and EVP_CIPHER_CTX_clean() +must be called to free any context resources.

    +

    EVP_Cipher() encrypts or decrypts a maximum inl amount of bytes from +in and leaves the result in out. +If the cipher doesn't have the flag EVP_CIPH_FLAG_CUSTOM_CIPHER set, +then inl must be a multiple of EVP_CIPHER_block_size(). If it isn't, +the result is undefined. If the cipher has that flag set, then inl +can be any size. +This function is historic and shouldn't be used in an application, please +consider using EVP_CipherUpdate() and EVP_CipherFinal_ex instead.

    +

    EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj() +return an EVP_CIPHER structure when passed a cipher name, a NID or an +ASN1_OBJECT structure.

    +

    EVP_CIPHER_nid() and EVP_CIPHER_CTX_nid() return the NID of a cipher when +passed an EVP_CIPHER or EVP_CIPHER_CTX structure. The actual NID +value is an internal value which may not have a corresponding OBJECT +IDENTIFIER.

    +

    EVP_CIPHER_CTX_set_padding() enables or disables padding. This +function should be called after the context is set up for encryption +or decryption with EVP_EncryptInit_ex(), EVP_DecryptInit_ex() or +EVP_CipherInit_ex(). By default encryption operations are padded using +standard block padding and the padding is checked and removed when +decrypting. If the pad parameter is zero then no padding is +performed, the total amount of data encrypted or decrypted must then +be a multiple of the block size or an error will occur.

    +

    EVP_CIPHER_get_params() retrieves the requested list of algorithm +params from a cipher.

    +

    EVP_CIPHER_CTX_set_params() Sets the list of operation params into a CIPHER +context ctx.

    +

    EVP_CIPHER_CTX_get_params() retrieves the requested list of operation +params from CIPHER context ctx.

    +

    EVP_CIPHER_gettable_params(), EVP_CIPHER_gettable_ctx_params(), and +EVP_CIPHER_settable_ctx_params() get a constant OSSL_PARAM array +that describes the retrievable and settable parameters, i.e. parameters +that can be used with EVP_CIPHER_get_params(), EVP_CIPHER_CTX_get_params() +and EVP_CIPHER_CTX_set_params(), respectively. +See OSSL_PARAM(3) for the use of OSSL_PARAM as parameter descriptor.

    +

    EVP_CIPHER_key_length() and EVP_CIPHER_CTX_key_length() return the key +length of a cipher when passed an EVP_CIPHER or EVP_CIPHER_CTX +structure. The constant EVP_MAX_KEY_LENGTH is the maximum key length +for all ciphers. Note: although EVP_CIPHER_key_length() is fixed for a +given cipher, the value of EVP_CIPHER_CTX_key_length() may be different +for variable key length ciphers.

    +

    EVP_CIPHER_CTX_set_key_length() sets the key length of the cipher ctx. +If the cipher is a fixed length cipher then attempting to set the key +length to any value other than the fixed value is an error.

    +

    EVP_CIPHER_iv_length() and EVP_CIPHER_CTX_iv_length() return the IV +length of a cipher when passed an EVP_CIPHER or EVP_CIPHER_CTX. +It will return zero if the cipher does not use an IV. The constant +EVP_MAX_IV_LENGTH is the maximum IV length for all ciphers.

    +

    EVP_CIPHER_CTX_tag_length() returns the tag length of a AEAD cipher when passed +a EVP_CIPHER_CTX. It will return zero if the cipher does not support a tag. +It returns a default value if the tag length has not been set.

    +

    EVP_CIPHER_block_size() and EVP_CIPHER_CTX_block_size() return the block +size of a cipher when passed an EVP_CIPHER or EVP_CIPHER_CTX +structure. The constant EVP_MAX_BLOCK_LENGTH is also the maximum block +length for all ciphers.

    +

    EVP_CIPHER_type() and EVP_CIPHER_CTX_type() return the type of the passed +cipher or context. This "type" is the actual NID of the cipher OBJECT +IDENTIFIER as such it ignores the cipher parameters and 40 bit RC2 and +128 bit RC2 have the same NID. If the cipher does not have an object +identifier or does not have ASN1 support this function will return +NID_undef.

    +

    EVP_CIPHER_is_a() returns 1 if cipher is an implementation of an +algorithm that's identifiable with name, otherwise 0. +If cipher is a legacy cipher (it's the return value from the likes +of EVP_aes128() rather than the result of an EVP_CIPHER_fetch()), only +cipher names registered with the default library context (see +OPENSSL_CTX(3)) will be considered.

    +

    EVP_CIPHER_number() returns the internal dynamic number assigned to +the cipher. This is only useful with fetched EVP_CIPHERs.

    +

    EVP_CIPHER_name() and EVP_CIPHER_CTX_name() return the name of the passed +cipher or context. For fetched ciphers with multiple names, only one +of them is returned; it's recommended to use EVP_CIPHER_names_do_all() +instead.

    +

    EVP_CIPHER_names_do_all() traverses all names for the cipher, and +calls fn with each name and data. This is only useful with +fetched EVP_CIPHERs.

    +

    EVP_CIPHER_provider() returns an OSSL_PROVIDER pointer to the provider +that implements the given EVP_CIPHER.

    +

    EVP_CIPHER_CTX_cipher() returns the EVP_CIPHER structure when passed +an EVP_CIPHER_CTX structure.

    +

    EVP_CIPHER_mode() and EVP_CIPHER_CTX_mode() return the block cipher mode: +EVP_CIPH_ECB_MODE, EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE, EVP_CIPH_OFB_MODE, +EVP_CIPH_CTR_MODE, EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE, EVP_CIPH_XTS_MODE, +EVP_CIPH_WRAP_MODE, EVP_CIPH_OCB_MODE or EVP_CIPH_SIV_MODE. If the cipher is a +stream cipher then EVP_CIPH_STREAM_CIPHER is returned.

    +

    EVP_CIPHER_flags() returns any flags associated with the cipher. See +EVP_CIPHER_meth_set_flags() for a list of currently defined flags.

    +

    EVP_CIPHER_param_to_asn1() sets the AlgorithmIdentifier "parameter" based +on the passed cipher. This will typically include any parameters and an +IV. The cipher IV (if any) must be set when this call is made. This call +should be made before the cipher is actually "used" (before any +EVP_EncryptUpdate(), EVP_DecryptUpdate() calls for example). This function +may fail if the cipher does not have any ASN1 support.

    +

    EVP_CIPHER_asn1_to_param() sets the cipher parameters based on an ASN1 +AlgorithmIdentifier "parameter". The precise effect depends on the cipher +In the case of RC2, for example, it will set the IV and effective key length. +This function should be called after the base cipher type is set but before +the key is set. For example EVP_CipherInit() will be called with the IV and +key set to NULL, EVP_CIPHER_asn1_to_param() will be called and finally +EVP_CipherInit() again with all parameters except the key set to NULL. It is +possible for this function to fail if the cipher does not have any ASN1 support +or the parameters cannot be set (for example the RC2 effective key length +is not supported.

    +

    EVP_CIPHER_CTX_ctrl() allows various cipher specific parameters to be determined +and set.

    +

    EVP_CIPHER_CTX_rand_key() generates a random key of the appropriate length +based on the cipher context. The EVP_CIPHER can provide its own random key +generation routine to support keys of a specific form. Key must point to a +buffer at least as big as the value returned by EVP_CIPHER_CTX_key_length().

    +

    EVP_CIPHER_do_all_provided() traverses all ciphers implemented by all activated +providers in the given library context libctx, and for each of the +implementations, calls the given function fn with the implementation method +and the given arg as argument.

    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_CIPHER_fetch() returns a pointer to a EVP_CIPHER for success +and NULL for failure.

    +

    EVP_CIPHER_up_ref() returns 1 for success or 0 otherwise.

    +

    EVP_CIPHER_CTX_new() returns a pointer to a newly created +EVP_CIPHER_CTX for success and NULL for failure.

    +

    EVP_EncryptInit_ex(), EVP_EncryptUpdate() and EVP_EncryptFinal_ex() +return 1 for success and 0 for failure.

    +

    EVP_DecryptInit_ex() and EVP_DecryptUpdate() return 1 for success and 0 for failure. +EVP_DecryptFinal_ex() returns 0 if the decrypt failed or 1 for success.

    +

    EVP_CipherInit_ex() and EVP_CipherUpdate() return 1 for success and 0 for failure. +EVP_CipherFinal_ex() returns 0 for a decryption failure or 1 for success.

    +

    EVP_Cipher() returns the amount of encrypted / decrypted bytes, or -1 +on failure, if the flag EVP_CIPH_FLAG_CUSTOM_CIPHER is set for the +cipher. EVP_Cipher() returns 1 on success or 0 on failure, if the flag +EVP_CIPH_FLAG_CUSTOM_CIPHER is not set for the cipher.

    +

    EVP_CIPHER_CTX_reset() returns 1 for success and 0 for failure.

    +

    EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj() +return an EVP_CIPHER structure or NULL on error.

    +

    EVP_CIPHER_nid() and EVP_CIPHER_CTX_nid() return a NID.

    +

    EVP_CIPHER_block_size() and EVP_CIPHER_CTX_block_size() return the block +size.

    +

    EVP_CIPHER_key_length() and EVP_CIPHER_CTX_key_length() return the key +length.

    +

    EVP_CIPHER_CTX_set_padding() always returns 1.

    +

    EVP_CIPHER_iv_length() and EVP_CIPHER_CTX_iv_length() return the IV +length or zero if the cipher does not use an IV.

    +

    EVP_CIPHER_CTX_tag_length() return the tag length or zero if the cipher does not +use a tag.

    +

    EVP_CIPHER_type() and EVP_CIPHER_CTX_type() return the NID of the cipher's +OBJECT IDENTIFIER or NID_undef if it has no defined OBJECT IDENTIFIER.

    +

    EVP_CIPHER_CTX_cipher() returns an EVP_CIPHER structure.

    +

    EVP_CIPHER_param_to_asn1() and EVP_CIPHER_asn1_to_param() return greater +than zero for success and zero or a negative number on failure.

    +

    EVP_CIPHER_CTX_rand_key() returns 1 for success.

    +

    +

    +
    +

    CIPHER LISTING

    +

    All algorithms have a fixed key length unless otherwise stated.

    +

    Refer to SEE ALSO for the full list of ciphers available through the EVP +interface.

    +
    +
    EVP_enc_null()
    + +
    +

    Null cipher: does nothing.

    +
    +
    +

    +

    +
    +

    AEAD INTERFACE

    +

    The EVP interface for Authenticated Encryption with Associated Data (AEAD) +modes are subtly altered and several additional ctrl operations are supported +depending on the mode specified.

    +

    To specify additional authenticated data (AAD), a call to EVP_CipherUpdate(), +EVP_EncryptUpdate() or EVP_DecryptUpdate() should be made with the output +parameter out set to NULL.

    +

    When decrypting, the return value of EVP_DecryptFinal() or EVP_CipherFinal() +indicates whether the operation was successful. If it does not indicate success, +the authentication operation has failed and any output data MUST NOT be used +as it is corrupted.

    +

    +

    +

    GCM and OCB Modes

    +

    The following ctrls are supported in GCM and OCB modes.

    +
    +
    EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL)
    + +
    +

    Sets the IV length. This call can only be made before specifying an IV. If +not called a default IV length is used.

    +

    For GCM AES and OCB AES the default is 12 (i.e. 96 bits). For OCB mode the +maximum is 15.

    +
    +
    EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag)
    + +
    +

    Writes taglen bytes of the tag value to the buffer indicated by tag. +This call can only be made when encrypting data and after all data has been +processed (e.g. after an EVP_EncryptFinal() call).

    +

    For OCB, taglen must either be 16 or the value previously set via +EVP_CTRL_AEAD_SET_TAG.

    +
    +
    EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag)
    + +
    +

    Sets the expected tag to taglen bytes from tag. +The tag length can only be set before specifying an IV. +taglen must be between 1 and 16 inclusive.

    +

    For GCM, this call is only valid when decrypting data.

    +

    For OCB, this call is valid when decrypting data to set the expected tag, +and before encryption to set the desired tag length.

    +

    In OCB mode, calling this before encryption with tag set to NULL sets the +tag length. If this is not called prior to encryption, a default tag length is +used.

    +

    For OCB AES, the default tag length is 16 (i.e. 128 bits). It is also the +maximum tag length for OCB.

    +
    +
    +

    +

    +

    CCM Mode

    +

    The EVP interface for CCM mode is similar to that of the GCM mode but with a +few additional requirements and different ctrl values.

    +

    For CCM mode, the total plaintext or ciphertext length MUST be passed to +EVP_CipherUpdate(), EVP_EncryptUpdate() or EVP_DecryptUpdate() with the output +and input parameters (in and out) set to NULL and the length passed in +the inl parameter.

    +

    The following ctrls are supported in CCM mode.

    +
    +
    EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag)
    + +
    +

    This call is made to set the expected CCM tag value when decrypting or +the length of the tag (with the tag parameter set to NULL) when encrypting. +The tag length is often referred to as M. If not set a default value is +used (12 for AES). When decrypting, the tag needs to be set before passing +in data to be decrypted, but as in GCM and OCB mode, it can be set after +passing additional authenticated data (see AEAD INTERFACE).

    +
    +
    EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_L, ivlen, NULL)
    + +
    +

    Sets the CCM L value. If not set a default is used (8 for AES).

    +
    +
    EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL)
    + +
    +

    Sets the CCM nonce (IV) length. This call can only be made before specifying an +nonce value. The nonce length is given by 15 - L so it is 7 by default for +AES.

    +
    +
    +

    +

    +

    SIV Mode

    +

    For SIV mode ciphers the behaviour of the EVP interface is subtly +altered and several additional ctrl operations are supported.

    +

    To specify any additional authenticated data (AAD) and/or a Nonce, a call to +EVP_CipherUpdate(), EVP_EncryptUpdate() or EVP_DecryptUpdate() should be made +with the output parameter out set to NULL.

    +

    RFC5297 states that the Nonce is the last piece of AAD before the actual +encrypt/decrypt takes place. The API does not differentiate the Nonce from +other AAD.

    +

    When decrypting the return value of EVP_DecryptFinal() or EVP_CipherFinal() +indicates if the operation was successful. If it does not indicate success +the authentication operation has failed and any output data MUST NOT +be used as it is corrupted.

    +

    The following ctrls are supported in both SIV modes.

    +
    +
    EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag);
    + +
    +

    Writes taglen bytes of the tag value to the buffer indicated by tag. +This call can only be made when encrypting data and after all data has been +processed (e.g. after an EVP_EncryptFinal() call). For SIV mode the taglen must +be 16.

    +
    +
    EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag);
    + +
    +

    Sets the expected tag to taglen bytes from tag. This call is only legal +when decrypting data and must be made before any data is processed (e.g. +before any EVP_DecryptUpdate() call). For SIV mode the taglen must be 16.

    +
    +
    +

    SIV mode makes two passes over the input data, thus, only one call to +EVP_CipherUpdate(), EVP_EncryptUpdate() or EVP_DecryptUpdate() should be made +with out set to a non-NULL value. A call to EVP_Decrypt_Final() or +EVP_CipherFinal() is not required, but will indicate if the update +operation succeeded.

    +

    +

    +

    ChaCha20-Poly1305

    +

    The following ctrls are supported for the ChaCha20-Poly1305 AEAD algorithm.

    +
    +
    EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL)
    + +
    +

    Sets the nonce length. This call can only be made before specifying the nonce. +If not called a default nonce length of 12 (i.e. 96 bits) is used. The maximum +nonce length is 12 bytes (i.e. 96-bits). If a nonce of less than 12 bytes is set +then the nonce is automatically padded with leading 0 bytes to make it 12 bytes +in length.

    +
    +
    EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag)
    + +
    +

    Writes taglen bytes of the tag value to the buffer indicated by tag. +This call can only be made when encrypting data and after all data has been +processed (e.g. after an EVP_EncryptFinal() call).

    +

    taglen specified here must be 16 (POLY1305_BLOCK_SIZE, i.e. 128-bits) or +less.

    +
    +
    EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag)
    + +
    +

    Sets the expected tag to taglen bytes from tag. +The tag length can only be set before specifying an IV. +taglen must be between 1 and 16 (POLY1305_BLOCK_SIZE) inclusive. +This call is only valid when decrypting data.

    +
    +
    +

    +

    +
    +

    NOTES

    +

    Where possible the EVP interface to symmetric ciphers should be used in +preference to the low level interfaces. This is because the code then becomes +transparent to the cipher used and much more flexible. Additionally, the +EVP interface will ensure the use of platform specific cryptographic +acceleration such as AES-NI (the low level interfaces do not provide the +guarantee).

    +

    PKCS padding works by adding n padding bytes of value n to make the total +length of the encrypted data a multiple of the block size. Padding is always +added so if the data is already a multiple of the block size n will equal +the block size. For example if the block size is 8 and 11 bytes are to be +encrypted then 5 padding bytes of value 5 will be added.

    +

    When decrypting the final block is checked to see if it has the correct form.

    +

    Although the decryption operation can produce an error if padding is enabled, +it is not a strong test that the input data or key is correct. A random block +has better than 1 in 256 chance of being of the correct format and problems with +the input data earlier on will not produce a final decrypt error.

    +

    If padding is disabled then the decryption operation will always succeed if +the total amount of data decrypted is a multiple of the block size.

    +

    The functions EVP_EncryptInit(), EVP_EncryptFinal(), EVP_DecryptInit(), +EVP_CipherInit() and EVP_CipherFinal() are obsolete but are retained for +compatibility with existing code. New code should use EVP_EncryptInit_ex(), +EVP_EncryptFinal_ex(), EVP_DecryptInit_ex(), EVP_DecryptFinal_ex(), +EVP_CipherInit_ex() and EVP_CipherFinal_ex() because they can reuse an +existing context without allocating and freeing it up on each call.

    +

    There are some differences between functions EVP_CipherInit() and +EVP_CipherInit_ex(), significant in some circumstances. EVP_CipherInit() fills +the passed context object with zeros. As a consequence, EVP_CipherInit() does +not allow step-by-step initialization of the ctx when the key and iv are +passed in separate calls. It also means that the flags set for the CTX are +removed, and it is especially important for the +EVP_CIPHER_CTX_FLAG_WRAP_ALLOW flag treated specially in +EVP_CipherInit_ex().

    +

    EVP_get_cipherbynid(), and EVP_get_cipherbyobj() are implemented as macros.

    +

    +

    +
    +

    BUGS

    +

    EVP_MAX_KEY_LENGTH and EVP_MAX_IV_LENGTH only refer to the internal +ciphers with default key lengths. If custom ciphers exceed these values the +results are unpredictable. This is because it has become standard practice to +define a generic key as a fixed unsigned char array containing +EVP_MAX_KEY_LENGTH bytes.

    +

    The ASN1 code is incomplete (and sometimes inaccurate) it has only been tested +for certain common S/MIME ciphers (RC2, DES, triple DES) in CBC mode.

    +

    +

    +
    +

    EXAMPLES

    +

    Encrypt a string using IDEA:

    +
    + int do_crypt(char *outfile)
+ {
+     unsigned char outbuf[1024];
+     int outlen, tmplen;
+     /*
+      * Bogus key and IV: we'd normally set these from
+      * another source.
+      */
+     unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15};
+     unsigned char iv[] = {1,2,3,4,5,6,7,8};
+     char intext[] = "Some Crypto Text";
+     EVP_CIPHER_CTX *ctx;
+     FILE *out;
    +
    +     ctx = EVP_CIPHER_CTX_new();
+     EVP_EncryptInit_ex(ctx, EVP_idea_cbc(), NULL, key, iv);
    +
    +     if (!EVP_EncryptUpdate(ctx, outbuf, &outlen, intext, strlen(intext))) {
+         /* Error */
+         EVP_CIPHER_CTX_free(ctx);
+         return 0;
+     }
+     /*
+      * Buffer passed to EVP_EncryptFinal() must be after data just
+      * encrypted to avoid overwriting it.
+      */
+     if (!EVP_EncryptFinal_ex(ctx, outbuf + outlen, &tmplen)) {
+         /* Error */
+         EVP_CIPHER_CTX_free(ctx);
+         return 0;
+     }
+     outlen += tmplen;
+     EVP_CIPHER_CTX_free(ctx);
+     /*
+      * Need binary mode for fopen because encrypted data is
+      * binary data. Also cannot use strlen() on it because
+      * it won't be NUL terminated and may contain embedded
+      * NULs.
+      */
+     out = fopen(outfile, "wb");
+     if (out == NULL) {
+         /* Error */
+         return 0;
+     }
+     fwrite(outbuf, 1, outlen, out);
+     fclose(out);
+     return 1;
+ }
    +

    The ciphertext from the above example can be decrypted using the openssl +utility with the command line (shown on two lines for clarity):

    +
    + openssl idea -d \
+     -K 000102030405060708090A0B0C0D0E0F -iv 0102030405060708 <filename
    +

    General encryption and decryption function example using FILE I/O and AES128 +with a 128-bit key:

    +
    + int do_crypt(FILE *in, FILE *out, int do_encrypt)
+ {
+     /* Allow enough space in output buffer for additional block */
+     unsigned char inbuf[1024], outbuf[1024 + EVP_MAX_BLOCK_LENGTH];
+     int inlen, outlen;
+     EVP_CIPHER_CTX *ctx;
+     /*
+      * Bogus key and IV: we'd normally set these from
+      * another source.
+      */
+     unsigned char key[] = "0123456789abcdeF";
+     unsigned char iv[] = "1234567887654321";
    +
    +     /* Don't set key or IV right away; we want to check lengths */
+     ctx = EVP_CIPHER_CTX_new();
+     EVP_CipherInit_ex(&ctx, EVP_aes_128_cbc(), NULL, NULL, NULL,
+                       do_encrypt);
+     OPENSSL_assert(EVP_CIPHER_CTX_key_length(ctx) == 16);
+     OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) == 16);
    +
    +     /* Now we can set key and IV */
+     EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, do_encrypt);
    +
    +     for (;;) {
+         inlen = fread(inbuf, 1, 1024, in);
+         if (inlen <= 0)
+             break;
+         if (!EVP_CipherUpdate(ctx, outbuf, &outlen, inbuf, inlen)) {
+             /* Error */
+             EVP_CIPHER_CTX_free(ctx);
+             return 0;
+         }
+         fwrite(outbuf, 1, outlen, out);
+     }
+     if (!EVP_CipherFinal_ex(ctx, outbuf, &outlen)) {
+         /* Error */
+         EVP_CIPHER_CTX_free(ctx);
+         return 0;
+     }
+     fwrite(outbuf, 1, outlen, out);
    +
    +     EVP_CIPHER_CTX_free(ctx);
+     return 1;
+ }
    +

    +

    +
    +

    SEE ALSO

    +

    evp(7)

    +

    Supported ciphers are listed in:

    +

    EVP_aes_128_gcm(3), +EVP_aria_128_gcm(3), +EVP_bf_cbc(3), +EVP_camellia_128_ecb(3), +EVP_cast5_cbc(3), +EVP_chacha20(3), +EVP_des_cbc(3), +EVP_desx_cbc(3), +EVP_idea_cbc(3), +EVP_rc2_cbc(3), +EVP_rc4(3), +EVP_rc5_32_12_16_cbc(3), +EVP_seed_cbc(3), +EVP_sm4_cbc(3)

    +

    +

    +
    +

    HISTORY

    +

    Support for OCB mode was added in OpenSSL 1.1.0.

    +

    EVP_CIPHER_CTX was made opaque in OpenSSL 1.1.0. As a result, +EVP_CIPHER_CTX_reset() appeared and EVP_CIPHER_CTX_cleanup() +disappeared. EVP_CIPHER_CTX_init() remains as an alias for +EVP_CIPHER_CTX_reset().

    +

    The EVP_CIPHER_fetch(), EVP_CIPHER_free(), EVP_CIPHER_up_ref(), +EVP_CIPHER_CTX_set_params() and EVP_CIPHER_CTX_get_params() functions +were added in 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_KDF.html b/linux_amd64/share/doc/openssl/html/man3/EVP_KDF.html new file mode 100755 index 0000000..8bbb4c5 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_KDF.html @@ -0,0 +1,299 @@ + + + + +EVP_KDF + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_KDF, EVP_KDF_fetch, EVP_KDF_free, EVP_KDF_up_ref, +EVP_KDF_CTX, EVP_KDF_CTX_new, EVP_KDF_CTX_free, EVP_KDF_CTX_dup, +EVP_KDF_reset, EVP_KDF_derive, +EVP_KDF_size, EVP_KDF_provider, EVP_KDF_CTX_kdf, EVP_KDF_is_a, +EVP_KDF_number, EVP_KDF_names_do_all, +EVP_KDF_CTX_get_params, EVP_KDF_CTX_set_params, EVP_KDF_do_all_provided, +EVP_KDF_get_params, EVP_KDF_gettable_ctx_params, EVP_KDF_settable_ctx_params, +EVP_KDF_gettable_params - EVP KDF routines

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/kdf.h>
    +
    + typedef struct evp_kdf_st EVP_KDF;
+ typedef struct evp_kdf_ctx_st EVP_KDF_CTX;
    +
    + EVP_KDF_CTX *EVP_KDF_CTX_new(const EVP_KDF *kdf);
+ const EVP_KDF *EVP_KDF_CTX_kdf(EVP_KDF_CTX *ctx);
+ void EVP_KDF_CTX_free(EVP_KDF_CTX *ctx);
+ EVP_KDF_CTX *EVP_KDF_CTX_dup(const EVP_KDF_CTX *src);
+ void EVP_KDF_reset(EVP_KDF_CTX *ctx);
+ size_t EVP_KDF_size(EVP_KDF_CTX *ctx);
+ int EVP_KDF_derive(EVP_KDF_CTX *ctx, unsigned char *key, size_t keylen);
+ int EVP_KDF_up_ref(EVP_KDF *kdf);
+ void EVP_KDF_free(EVP_KDF *kdf);
+ EVP_KDF *EVP_KDF_fetch(OPENSSL_CTX *libctx, const char *algorithm,
+                        const char *properties);
+ int EVP_KDF_number(const EVP_KDF *kdf);
+ int EVP_KDF_is_a(const EVP_KDF *kdf, const char *name);
+ const OSSL_PROVIDER *EVP_KDF_provider(const EVP_KDF *kdf);
+ void EVP_KDF_do_all_provided(OPENSSL_CTX *libctx,
+                              void (*fn)(EVP_KDF *kdf, void *arg),
+                              void *arg);
+ void EVP_KDF_names_do_all(const EVP_KDF *kdf,
+                           void (*fn)(const char *name, void *data),
+                           void *data);
+ int EVP_KDF_get_params(EVP_KDF *kdf, OSSL_PARAM params[]);
+ int EVP_KDF_CTX_get_params(EVP_KDF_CTX *ctx, OSSL_PARAM params[]);
+ int EVP_KDF_CTX_set_params(EVP_KDF_CTX *ctx, const OSSL_PARAM params[]);
+ const OSSL_PARAM *EVP_KDF_gettable_params(const EVP_KDF *kdf);
+ const OSSL_PARAM *EVP_KDF_gettable_ctx_params(const EVP_KDF *kdf);
+ const OSSL_PARAM *EVP_KDF_settable_ctx_params(const EVP_KDF *kdf);
+ const OSSL_PROVIDER *EVP_KDF_provider(const EVP_KDF *kdf);
    +

    +

    +
    +

    DESCRIPTION

    +

    The EVP KDF routines are a high level interface to Key Derivation Function +algorithms and should be used instead of algorithm-specific functions.

    +

    After creating a EVP_KDF_CTX for the required algorithm using +EVP_KDF_CTX_new(), inputs to the algorithm are supplied +using calls to EVP_KDF_CTX_set_params() before +calling EVP_KDF_derive() to derive the key.

    +

    +

    +

    Types

    +

    EVP_KDF is a type that holds the implementation of a KDF.

    +

    EVP_KDF_CTX is a context type that holds the algorithm inputs.

    +

    +

    +

    Algorithm implementation fetching

    +

    EVP_KDF_fetch() fetches an implementation of a KDF algorithm, given +a library context libctx and a set of properties. +See provider(7)/Fetching algorithms for further information.

    +

    The returned value must eventually be freed with +EVP_KDF_free(3).

    +

    EVP_KDF_up_ref() increments the reference count of an already fetched +KDF.

    +

    EVP_KDF_free() frees a fetched algorithm. +NULL is a valid parameter, for which this function is a no-op.

    +

    +

    +

    Context manipulation functions

    +

    EVP_KDF_CTX_new() creates a new context for the KDF implementation kdf.

    +

    EVP_KDF_CTX_free() frees up the context ctx. If ctx is NULL, nothing +is done.

    +

    EVP_KDF_CTX_kdf() returns the EVP_KDF associated with the context +ctx.

    +

    +

    +

    Computing functions

    +

    EVP_KDF_reset() resets the context to the default state as if the context +had just been created.

    +

    EVP_KDF_derive() derives keylen bytes of key material and places it in the +key buffer. If the algorithm produces a fixed amount of output then an +error will occur unless the keylen parameter is equal to that output size, +as returned by EVP_KDF_size().

    +

    EVP_KDF_get_params() retrieves details about the implementation +kdf. +The set of parameters given with params determine exactly what +parameters should be retrieved. +Note that a parameter that is unknown in the underlying context is +simply ignored.

    +

    EVP_KDF_CTX_get_params() retrieves chosen parameters, given the +context ctx and its underlying context. +The set of parameters given with params determine exactly what +parameters should be retrieved. +Note that a parameter that is unknown in the underlying context is +simply ignored.

    +

    EVP_KDF_CTX_set_params() passes chosen parameters to the underlying +context, given a context ctx. +The set of parameters given with params determine exactly what +parameters are passed down. +Note that a parameter that is unknown in the underlying context is +simply ignored. +Also, what happens when a needed parameter isn't passed down is +defined by the implementation.

    +

    EVP_KDF_gettable_params(), EVP_KDF_gettable_ctx_params() and +EVP_KDF_settable_ctx_params() get a constant OSSL_PARAM array that +describes the retrievable and settable parameters, i.e. parameters that +can be used with EVP_KDF_get_params(), EVP_KDF_CTX_get_params() +and EVP_KDF_CTX_set_params(), respectively. +See OSSL_PARAM(3) for the use of OSSL_PARAM as parameter descriptor.

    +

    +

    +

    Information functions

    +

    EVP_KDF_size() returns the output size if the algorithm produces a fixed amount +of output and SIZE_MAX otherwise. If an error occurs then 0 is returned. +For some algorithms an error may result if input parameters necessary to +calculate a fixed output size have not yet been supplied.

    +

    EVP_KDF_is_a() returns 1 if kdf is an implementation of an +algorithm that's identifiable with name, otherwise 0.

    +

    EVP_KDF_provider() returns the provider that holds the implementation +of the given kdf.

    +

    EVP_KDF_do_all_provided() traverses all KDF implemented by all activated +providers in the given library context libctx, and for each of the +implementations, calls the given function fn with the implementation method +and the given arg as argument.

    +

    EVP_KDF_number() returns the internal dynamic number assigned to +kdf.

    +

    EVP_KDF_names_do_all() traverses all names for kdf, and calls +fn with each name and data.

    +

    +

    +
    +

    PARAMETERS

    +

    The standard parameter names are:

    +
    +
    "pass" (OSSL_KDF_PARAM_PASSWORD) <octet string>
    + +
    +

    Some KDF implementations require a password. +For those KDF implementations that support it, this parameter sets the password.

    +
    +
    "salt" (OSSL_KDF_PARAM_SALT) <octet string>
    + +
    +

    Some KDF implementations can take a salt. +For those KDF implementations that support it, this parameter sets the salt.

    +

    The default value, if any, is implementation dependent.

    +
    +
    "iter" (OSSL_KDF_PARAM_ITER) <unsigned integer>
    + +
    +

    Some KDF implementations require an iteration count. +For those KDF implementations that support it, this parameter sets the +iteration count.

    +

    The default value, if any, is implementation dependent.

    +
    +
    "properties" (OSSL_KDF_PARAM_PROPERTIES) <UTF8 string>
    + +
    "mac" (OSSL_KDF_PARAM_MAC) <UTF8 string>
    + +
    "digest" (OSSL_KDF_PARAM_DIGEST) <UTF8 string>
    + +
    "cipher" (OSSL_KDF_PARAM_CIPHER) <UTF8 string>
    + +
    +

    For KDF implementations that use an underlying computation MAC, digest or +cipher, these parameters set what the algorithm should be.

    +

    The value is always the name of the intended algorithm, +or the properties.

    +

    Note that not all algorithms may support all possible underlying +implementations.

    +
    +
    "key" (OSSL_KDF_PARAM_KEY) <octet string>
    + +
    +

    Some KDF implementations require a key. +For those KDF implementations that support it, this octet string parameter +sets the key.

    +
    +
    "maclen" (OSSL_KDF_PARAM_MAC_SIZE) <unsigned integer>
    + +
    +

    Used by implementations that use a MAC with a variable output size (KMAC). +For those KDF implementations that support it, this parameter +sets the MAC output size.

    +

    The default value, if any, is implementation dependent. +The length must never exceed what can be given with a size_t.

    +
    +
    "maxmem_bytes" (OSSL_KDF_PARAM_SCRYPT_MAXMEM) <unsigned integer>
    + +
    +

    Memory-hard password-based KDF algorithms, such as scrypt, use an amount of +memory that depends on the load factors provided as input. +For those KDF implementations that support it, this uint64_t parameter sets +an upper limit on the amount of memory that may be consumed while performing +a key derivation. +If this memory usage limit is exceeded because the load factors are chosen +too high, the key derivation will fail.

    +

    The default value is implementation dependent. +The memory size must never exceed what can be given with a size_t.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_KDF_fetch() returns a pointer to a newly fetched EVP_KDF, or +NULL if allocation failed.

    +

    EVP_KDF_provider() returns a pointer to the provider for the KDF, or +NULL on error.

    +

    EVP_KDF_up_ref() returns 1 on success, 0 on error.

    +

    EVP_KDF_CTX_new() returns either the newly allocated +EVP_KDF_CTX structure or NULL if an error occurred.

    +

    EVP_KDF_CTX_free() and EVP_KDF_reset() do not return a value.

    +

    EVP_KDF_size() returns the output size. SIZE_MAX is returned to indicate +that the algorithm produces a variable amount of output; 0 to indicate failure.

    +

    The remaining functions return 1 for success and 0 or a negative value for +failure. In particular, a return value of -2 indicates the operation is not +supported by the KDF algorithm.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_KDF-SCRYPT(7) +EVP_KDF-TLS1_PRF(7) +EVP_KDF-PBKDF2(7) +EVP_KDF-HKDF(7) +EVP_KDF-SS(7) +EVP_KDF-SSHKDF(7) +EVP_KDF-X963(7) +EVP_KDF-X942(7)

    +

    +

    +
    +

    HISTORY

    +

    This functionality was added to OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_KEYEXCH_free.html b/linux_amd64/share/doc/openssl/html/man3/EVP_KEYEXCH_free.html new file mode 100755 index 0000000..d362db1 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_KEYEXCH_free.html @@ -0,0 +1,118 @@ + + + + +EVP_KEYEXCH_free + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_KEYEXCH_fetch, EVP_KEYEXCH_free, EVP_KEYEXCH_up_ref, EVP_KEYEXCH_provider, +EVP_KEYEXCH_is_a, EVP_KEYEXCH_do_all_provided, +EVP_KEYEXCH_number, EVP_KEYEXCH_names_do_all +- Functions to manage EVP_KEYEXCH algorithm objects

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + EVP_KEYEXCH *EVP_KEYEXCH_fetch(OPENSSL_CTX *ctx, const char *algorithm,
+                                const char *properties);
+ void EVP_KEYEXCH_free(EVP_KEYEXCH *exchange);
+ int EVP_KEYEXCH_up_ref(EVP_KEYEXCH *exchange);
+ OSSL_PROVIDER *EVP_KEYEXCH_provider(const EVP_KEYEXCH *exchange);
+ int EVP_KEYEXCH_is_a(const EVP_KEYEXCH *exchange, const char *name);
+ int EVP_KEYEXCH_number(const EVP_KEYEXCH *exchange);
+ void EVP_KEYEXCH_do_all_provided(OPENSSL_CTX *libctx,
+                                  void (*fn)(EVP_KEYEXCH *exchange, void *arg),
+                                  void *arg);
+ void EVP_KEYEXCH_names_do_all(const EVP_KEYEXCH *exchange,
+                               void (*fn)(const char *name, void *data),
+                               void *data);
    +

    +

    +
    +

    DESCRIPTION

    +

    EVP_KEYEXCH_fetch() fetches the key exchange implementation for the given +algorithm from any provider offering it, within the criteria given +by the properties. +See provider(7)/Fetching algorithms for further information.

    +

    The returned value must eventually be freed with EVP_KEYEXCH_free().

    +

    EVP_KEYEXCH_free() decrements the reference count for the EVP_KEYEXCH +structure. Typically this structure will have been obtained from an earlier call +to EVP_KEYEXCH_fetch(). If the reference count drops to 0 then the +structure is freed.

    +

    EVP_KEYEXCH_up_ref() increments the reference count for an EVP_KEYEXCH +structure.

    +

    EVP_KEYEXCH_provider() returns the provider that exchange was fetched from.

    +

    EVP_KEYEXCH_is_a() checks if exchange is an implementation of an +algorithm that's identifiable with name.

    +

    EVP_KEYEXCH_number() returns the internal dynamic number assigned to +the exchange.

    +

    EVP_KEYEXCH_names_do_all() traverses all names for the exchange, and +calls fn with each name and data.

    +

    EVP_KEYEXCH_do_all_provided() traverses all key exchange implementations by +all activated providers in the library context libctx, and for each +of the implementations, calls fn with the implementation method and +data as arguments.

    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_KEYEXCH_fetch() returns a pointer to a EVP_KEYEXCH for success +or NULL for failure.

    +

    EVP_KEYEXCH_up_ref() returns 1 for success or 0 otherwise.

    +

    EVP_KEYEXCH_is_a() returns 1 of exchange was identifiable, +otherwise 0.

    +

    EVP_KEYEXCH_number() returns an integer.

    +

    +

    +
    +

    SEE ALSO

    +

    provider(7)/Fetching algorithms, OSSL_PROVIDER(3)

    +

    +

    +
    +

    HISTORY

    +

    The functions described here were added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_KEYMGMT.html b/linux_amd64/share/doc/openssl/html/man3/EVP_KEYMGMT.html new file mode 100755 index 0000000..f9adc19 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_KEYMGMT.html @@ -0,0 +1,143 @@ + + + + +EVP_KEYMGMT + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_KEYMGMT, +EVP_KEYMGMT_fetch, +EVP_KEYMGMT_up_ref, +EVP_KEYMGMT_free, +EVP_KEYMGMT_provider, +EVP_KEYMGMT_is_a, +EVP_KEYMGMT_number, +EVP_KEYMGMT_do_all_provided, +EVP_KEYMGMT_names_do_all +- EVP key management routines

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + typedef struct evp_keymgmt_st EVP_KEYMGMT;
    +
    + EVP_KEYMGMT *EVP_KEYMGMT_fetch(OPENSSL_CTX *ctx, const char *algorithm,
+                                const char *properties);
+ int EVP_KEYMGMT_up_ref(EVP_KEYMGMT *keymgmt);
+ void EVP_KEYMGMT_free(EVP_KEYMGMT *keymgmt);
+ const OSSL_PROVIDER *EVP_KEYMGMT_provider(const EVP_KEYMGMT *keymgmt);
+ int EVP_KEYMGMT_is_a(const EVP_KEYMGMT *keymgmt, const char *name);
+ int EVP_KEYMGMT_number(const EVP_KEYMGMT *keymgmt);
+ void EVP_KEYMGMT_do_all_provided(OPENSSL_CTX *libctx,
+                                  void (*fn)(EVP_KEYMGMT *keymgmt, void *arg),
+                                  void *arg);
+ void EVP_KEYMGMT_names_do_all(const EVP_KEYMGMT *keymgmt,
+                               void (*fn)(const char *name, void *data),
+                               void *data);
    +

    +

    +
    +

    DESCRIPTION

    +

    EVP_KEYMGMT is a method object that represents key management +implementations for different cryptographic algorithms. +This method object provides functionality to have providers import key +material from the outside, as well as export key material to the +outside. +Most of the functionality can only be used internally and has no +public interface, this object is simply passed into other functions +when needed.

    +

    EVP_KEYMGMT_fetch() looks for an algorithm within the provider that +has been loaded into the OPENSSL_CTX given by ctx, having the +name given by algorithm and the properties given by properties.

    +

    EVP_KEYMGMT_up_ref() increments the reference count for the given +EVP_KEYMGMT keymgmt.

    +

    EVP_KEYMGMT_free() decrements the reference count for the given +EVP_KEYMGMT keymgmt, and when the count reaches zero, frees it.

    +

    EVP_KEYMGMT_provider() returns the provider that has this particular +implementation.

    +

    EVP_KEYMGMT_is_a() checks if keymgmt is an implementation of an +algorithm that's identifiable with name.

    +

    EVP_KEYMGMT_number() returns the internal dynamic number assigned to +the keymgmt.

    +

    EVP_KEYMGMT_names_do_all() traverses all names for the keymgmt, and +calls fn with each name and data.

    +

    EVP_KEYMGMT_do_all_provided() traverses all key keymgmt implementations by +all activated providers in the library context libctx, and for each +of the implementations, calls fn with the implementation method and +data as arguments.

    +

    +

    +
    +

    NOTES

    +

    EVP_KEYMGMT_fetch() may be called implicitly by other fetching +functions, using the same library context and properties. +Any other API that uses keys will typically do this.

    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_KEYMGMT_fetch() returns a pointer to the key management +implementation represented by an EVP_KEYMGMT object, or NULL on +error.

    +

    EVP_KEYMGMT_up_ref() returns 1 on success, or 0 on error.

    +

    EVP_KEYMGMT_free() doesn't return any value.

    +

    EVP_KEYMGMT_provider() returns a pointer to a provider object, or NULL +on error.

    +

    EVP_KEYMGMT_is_a() returns 1 of keymgmt was identifiable, +otherwise 0.

    +

    EVP_KEYMGMT_number() returns an integer.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_MD_fetch(3), OPENSSL_CTX(3)

    +

    +

    +
    +

    HISTORY

    +

    The functions described here were added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_MAC.html b/linux_amd64/share/doc/openssl/html/man3/EVP_MAC.html new file mode 100755 index 0000000..686cfad --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_MAC.html @@ -0,0 +1,415 @@ + + + + +EVP_MAC + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_MAC, EVP_MAC_fetch, EVP_MAC_up_ref, EVP_MAC_free, +EVP_MAC_is_a, EVP_MAC_number, EVP_MAC_names_do_all, +EVP_MAC_provider, EVP_MAC_get_params, EVP_MAC_gettable_params, +EVP_MAC_CTX, EVP_MAC_CTX_new, EVP_MAC_CTX_free, EVP_MAC_CTX_dup, +EVP_MAC_CTX_mac, EVP_MAC_CTX_get_params, EVP_MAC_CTX_set_params, +EVP_MAC_size, EVP_MAC_init, EVP_MAC_update, EVP_MAC_final, +EVP_MAC_gettable_ctx_params, EVP_MAC_settable_ctx_params, +EVP_MAC_do_all_provided - EVP MAC routines

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + typedef struct evp_mac_st EVP_MAC;
+ typedef struct evp_mac_ctx_st EVP_MAC_CTX;
    +
    + EVP_MAC *EVP_MAC_fetch(OPENSSL_CTX *libctx, const char *algorithm,
+                        const char *properties);
+ int EVP_MAC_up_ref(EVP_MAC *mac);
+ void EVP_MAC_free(EVP_MAC *mac);
+ int EVP_MAC_is_a(const EVP_MAC *mac, const char *name);
+ int EVP_MAC_number(const EVP_MAC *mac);
+ void EVP_MAC_names_do_all(const EVP_MAC *mac,
+                           void (*fn)(const char *name, void *data),
+                           void *data);
+ const OSSL_PROVIDER *EVP_MAC_provider(const EVP_MAC *mac);
+ int EVP_MAC_get_params(EVP_MAC *mac, OSSL_PARAM params[]);
    +
    + EVP_MAC_CTX *EVP_MAC_CTX_new(EVP_MAC *mac);
+ void EVP_MAC_CTX_free(EVP_MAC_CTX *ctx);
+ EVP_MAC_CTX *EVP_MAC_CTX_dup(const EVP_MAC_CTX *src);
+ EVP_MAC *EVP_MAC_CTX_mac(EVP_MAC_CTX *ctx);
+ int EVP_MAC_CTX_get_params(EVP_MAC_CTX *ctx, OSSL_PARAM params[]);
+ int EVP_MAC_CTX_set_params(EVP_MAC_CTX *ctx, const OSSL_PARAM params[]);
    +
    + size_t EVP_MAC_size(EVP_MAC_CTX *ctx);
+ int EVP_MAC_init(EVP_MAC_CTX *ctx);
+ int EVP_MAC_update(EVP_MAC_CTX *ctx, const unsigned char *data, size_t datalen);
+ int EVP_MAC_final(EVP_MAC_CTX *ctx,
+                   unsigned char *out, size_t *outl, size_t outsize);
    +
    + const OSSL_PARAM *EVP_MAC_gettable_params(const EVP_MAC *mac);
+ const OSSL_PARAM *EVP_MAC_gettable_ctx_params(const EVP_MAC *mac);
+ const OSSL_PARAM *EVP_MAC_settable_ctx_params(const EVP_MAC *mac);
    +
    + void EVP_MAC_do_all_provided(OPENSSL_CTX *libctx,
+                              void (*fn)(EVP_MAC *mac, void *arg),
+                              void *arg);
    +

    +

    +
    +

    DESCRIPTION

    +

    These types and functions help the application to calculate MACs of +different types and with different underlying algorithms if there are +any.

    +

    MACs are a bit complex insofar that some of them use other algorithms +for actual computation. HMAC uses a digest, and CMAC uses a cipher. +Therefore, there are sometimes two contexts to keep track of, one for +the MAC algorithm itself and one for the underlying computation +algorithm if there is one.

    +

    To make things less ambiguous, this manual talks about a "context" or +"MAC context", which is to denote the MAC level context, and about a +"underlying context", or "computation context", which is to denote the +context for the underlying computation algorithm if there is one.

    +

    +

    +

    Types

    +

    EVP_MAC is a type that holds the implementation of a MAC.

    +

    EVP_MAC_CTX is a context type that holds internal MAC information +as well as a reference to a computation context, for those MACs that +rely on an underlying computation algorithm.

    +

    +

    +

    Algorithm implementation fetching

    +

    EVP_MAC_fetch() fetches an implementation of a MAC algorithm, given +a library context libctx and a set of properties. +See provider(7)/Fetching algorithms for further information.

    +

    The returned value must eventually be freed with +EVP_MAC_free(3).

    +

    EVP_MAC_up_ref() increments the reference count of an already fetched +MAC.

    +

    EVP_MAC_free() frees a fetched algorithm. +NULL is a valid parameter, for which this function is a no-op.

    +

    +

    +

    Context manipulation functions

    +

    EVP_MAC_CTX_new() creates a new context for the MAC type mac. +The created context can then be used with most other functions +described here.

    +

    EVP_MAC_CTX_free() frees the contents of the context, including an +underlying context if there is one, as well as the context itself. +NULL is a valid parameter, for which this function is a no-op.

    +

    EVP_MAC_CTX_dup() duplicates the src context and returns a newly allocated +context.

    +

    EVP_MAC_CTX_mac() returns the EVP_MAC associated with the context +ctx.

    +

    +

    +

    Computing functions

    +

    EVP_MAC_init() sets up the underlying context with information given +through diverse controls. +This should be called before calling EVP_MAC_update() and +EVP_MAC_final().

    +

    EVP_MAC_update() adds datalen bytes from data to the MAC input.

    +

    EVP_MAC_final() does the final computation and stores the result in +the memory pointed at by out of size outsize, and sets the number +of bytes written in *outl at. +If out is NULL or outsize is too small, then no computation +is made. +To figure out what the output length will be and allocate space for it +dynamically, simply call with out being NULL and outl +pointing at a valid location, then allocate space and make a second +call with out pointing at the allocated space.

    +

    EVP_MAC_get_params() retrieves details about the implementation +mac. +The set of parameters given with params determine exactly what +parameters should be retrieved. +Note that a parameter that is unknown in the underlying context is +simply ignored.

    +

    EVP_MAC_CTX_get_params() retrieves chosen parameters, given the +context ctx and its underlying context. +The set of parameters given with params determine exactly what +parameters should be retrieved. +Note that a parameter that is unknown in the underlying context is +simply ignored.

    +

    EVP_MAC_CTX_set_params() passes chosen parameters to the underlying +context, given a context ctx. +The set of parameters given with params determine exactly what +parameters are passed down. +Note that a parameter that is unknown in the underlying context is +simply ignored. +Also, what happens when a needed parameter isn't passed down is +defined by the implementation.

    +

    EVP_MAC_gettable_params(), EVP_MAC_gettable_ctx_params() and +EVP_MAC_settable_ctx_params() get a constant OSSL_PARAM array that +describes the retrievable and settable parameters, i.e. parameters that +can be used with EVP_MAC_get_params(), EVP_MAC_CTX_get_params() +and EVP_MAC_CTX_set_params(), respectively. +See OSSL_PARAM(3) for the use of OSSL_PARAM as parameter descriptor.

    +

    +

    +

    Information functions

    +

    EVP_MAC_size() returns the MAC output size for the given context.

    +

    EVP_MAC_is_a() checks if the given mac is an implementation of an +algorithm that's identifiable with name.

    +

    EVP_MAC_provider() returns the provider that holds the implementation +of the given mac.

    +

    EVP_MAC_do_all_provided() traverses all MAC implemented by all activated +providers in the given library context libctx, and for each of the +implementations, calls the given function fn with the implementation method +and the given arg as argument.

    +

    EVP_MAC_number() returns the internal dynamic number assigned to +mac.

    +

    EVP_MAC_names_do_all() traverses all names for mac, and calls +fn with each name and data.

    +

    +

    +
    +

    PARAMETERS

    +

    Parameters are identified by name as strings, and have an expected +data type and maximum size. +OpenSSL has a set of macros for parameter names it expects to see in +its own MAC implementations. +Here, we show all three, the OpenSSL macro for the parameter name, the +name in string form, and a type description.

    +

    The standard parameter names are:

    +
    +
    "key" (OSSL_MAC_PARAM_KEY) <octet string>
    + +
    +

    Its value is the MAC key as an array of bytes.

    +

    For MACs that use an underlying computation algorithm, the algorithm +must be set first, see parameter names "algorithm" below.

    +
    +
    "iv" (OSSL_MAC_PARAM_IV) <octet string>
    + +
    +

    Some MAC implementations require an IV, this parameter sets the IV.

    +
    +
    "custom" (OSSL_MAC_PARAM_CUSTOM) <octet string>
    + +
    +

    Some MAC implementations (KMAC, BLAKE2) accept a Customization String, +this parameter sets the Customization String. The default value is the +empty string.

    +
    +
    "salt" (OSSL_MAC_PARAM_SALT) <octet string>
    + +
    +

    This option is used by BLAKE2 MAC.

    +
    +
    "xof" (OSSL_MAC_PARAM_XOF) <integer>
    + +
    +

    It's a simple flag, the value 0 or 1 are expected.

    +

    This option is used by KMAC.

    +
    +
    "flags" (OSSL_MAC_PARAM_FLAGS) <integer>
    + +
    +

    These will set the MAC flags to the given numbers. +Some MACs do not support this option.

    +
    +
    "properties" (OSSL_MAC_PARAM_PROPERTIES) <UTF8 string>
    + +
    "digest" (OSSL_MAC_PARAM_DIGEST) <UTF8 string>
    + +
    "cipher" (OSSL_MAC_PARAM_CIPHER) <UTF8 string>
    + +
    +

    For MAC implementations that use an underlying computation cipher or +digest, these parameters set what the algorithm should be.

    +

    The value is always the name of the intended algorithm, +or the properties.

    +

    Note that not all algorithms may support all digests. +HMAC does not support variable output length digests such as SHAKE128 +or SHAKE256.

    +
    +
    "size" (OSSL_MAC_PARAM_SIZE) <unsigned integer>
    + +
    +

    For MAC implementations that support it, set the output size that +EVP_MAC_final() should produce. +The allowed sizes vary between MAC implementations, but must never exceed +what can be given with a size_t.

    +
    +
    +

    All these parameters should be used before the calls to any of +EVP_MAC_init(), EVP_MAC_update() and EVP_MAC_final() for a full +computation. +Anything else may give undefined results.

    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_MAC_fetch() returns a pointer to a newly fetched EVP_MAC, or +NULL if allocation failed.

    +

    EVP_MAC_up_ref() returns 1 on success, 0 on error.

    +

    EVP_MAC_free() returns nothing at all.

    +

    EVP_MAC_is_a() returns 1 if the given method can be identified with +the given name, otherwise 0.

    +

    EVP_MAC_provider() returns a pointer to the provider for the MAC, or +NULL on error.

    +

    EVP_MAC_CTX_new() and EVP_MAC_CTX_dup() return a pointer to a newly +created EVP_MAC_CTX, or NULL if allocation failed.

    +

    EVP_MAC_CTX_free() returns nothing at all.

    +

    EVP_MAC_CTX_get_params() and EVP_MAC_CTX_set_params() return 1 on +success, 0 on error.

    +

    EVP_MAC_init(), EVP_MAC_update(), and EVP_MAC_final() return 1 on success, 0 +on error.

    +

    EVP_MAC_size() returns the expected output size, or 0 if it isn't +set. +If it isn't set, a call to EVP_MAC_init() should get it set.

    +

    EVP_MAC_do_all_provided() returns nothing at all.

    +

    +

    +
    +

    EXAMPLES

    +
    +  #include <stdlib.h>
+  #include <stdio.h>
+  #include <string.h>
+  #include <stdarg.h>
+  #include <unistd.h>
    +
    +  #include <openssl/evp.h>
+  #include <openssl/err.h>
+  #include <openssl/params.h>
    +
    +  int main() {
+      EVP_MAC *mac = EVP_MAC_fetch(NULL, getenv("MY_MAC"), NULL);
+      const char *cipher = getenv("MY_MAC_CIPHER");
+      const char *digest = getenv("MY_MAC_DIGEST");
+      const char *key = getenv("MY_KEY");
+      EVP_MAC_CTX *ctx = NULL;
    +
    +      unsigned char buf[4096];
+      ssize_t read_l;
+      size_t final_l;
    +
    +      size_t i;
    +
    +      OSSL_PARAM params[4];
+      size_t params_n = 0;
    +
    +      if (cipher != NULL)
+          params[params_n++] =
+              OSSL_PARAM_construct_utf8_string("cipher", cipher, 0, NULL);
+      if (digest != NULL)
+          params[params_n++] =
+              OSSL_PARAM_construct_utf8_string("digest", digest, 0, NULL);
+      params[params_n++] =
+          OSSL_PARAM_construct_octet_string("key", key, strlen(key), NULL);
+      params[params_n] = OSSL_PARAM_construct_end();
    +
    +      if (mac == NULL
+          || key == NULL
+          || (ctx = EVP_MAC_CTX_new(mac)) == NULL
+          || EVP_MAC_CTX_set_params(ctx, params) <= 0)
+          goto err;
    +
    +      if (!EVP_MAC_init(ctx))
+          goto err;
    +
    +      while ( (read_l = read(STDIN_FILENO, buf, sizeof(buf))) > 0) {
+          if (!EVP_MAC_update(ctx, buf, read_l))
+              goto err;
+      }
    +
    +      if (!EVP_MAC_final(ctx, buf, &final_l))
+          goto err;
    +
    +      printf("Result: ");
+      for (i = 0; i < final_l; i++)
+          printf("%02X", buf[i]);
+      printf("\n");
    +
    +      EVP_MAC_CTX_free(ctx);
+      EVP_MAC_free(mac);
+      exit(0);
    +
    +   err:
+      EVP_MAC_CTX_free(ctx);
+      EVP_MAC_free(mac);
+      fprintf(stderr, "Something went wrong\n");
+      ERR_print_errors_fp(stderr);
+      exit (1);
+  }
    +

    A run of this program, called with correct environment variables, can +look like this:

    +
    +  $ MY_MAC=cmac MY_KEY=secret0123456789 MY_MAC_CIPHER=aes-128-cbc \
+    LD_LIBRARY_PATH=. ./foo < foo.c
+  Result: C5C06683CD9DDEF904D754505C560A4E
    +

    (in this example, that program was stored in foo.c and compiled to +./foo)

    +

    +

    +
    +

    SEE ALSO

    +

    property(7) +OSSL_PARAM(3), +EVP_MAC-BLAKE2(7), +EVP_MAC-CMAC(7), +EVP_MAC-GMAC(7), +EVP_MAC-HMAC(7), +EVP_MAC-KMAC(7), +EVP_MAC-Siphash(7), +EVP_MAC-Poly1305(7)

    +

    +

    +
    +

    HISTORY

    +

    These functions were added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_MD_meth_new.html b/linux_amd64/share/doc/openssl/html/man3/EVP_MD_meth_new.html new file mode 100755 index 0000000..1885977 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_MD_meth_new.html @@ -0,0 +1,224 @@ + + + + +EVP_MD_meth_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_MD_meth_new, EVP_MD_meth_dup, EVP_MD_meth_free, +EVP_MD_meth_set_input_blocksize, +EVP_MD_meth_set_result_size, EVP_MD_meth_set_app_datasize, +EVP_MD_meth_set_flags, EVP_MD_meth_set_init, EVP_MD_meth_set_update, +EVP_MD_meth_set_final, EVP_MD_meth_set_copy, EVP_MD_meth_set_cleanup, +EVP_MD_meth_set_ctrl, EVP_MD_meth_get_input_blocksize, +EVP_MD_meth_get_result_size, EVP_MD_meth_get_app_datasize, +EVP_MD_meth_get_flags, EVP_MD_meth_get_init, EVP_MD_meth_get_update, +EVP_MD_meth_get_final, EVP_MD_meth_get_copy, EVP_MD_meth_get_cleanup, +EVP_MD_meth_get_ctrl +- Routines to build up legacy EVP_MD methods

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type);
+ void EVP_MD_meth_free(EVP_MD *md);
+ EVP_MD *EVP_MD_meth_dup(const EVP_MD *md);
    +
    + int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize);
+ int EVP_MD_meth_set_result_size(EVP_MD *md, int resultsize);
+ int EVP_MD_meth_set_app_datasize(EVP_MD *md, int datasize);
+ int EVP_MD_meth_set_flags(EVP_MD *md, unsigned long flags);
+ int EVP_MD_meth_set_init(EVP_MD *md, int (*init)(EVP_MD_CTX *ctx));
+ int EVP_MD_meth_set_update(EVP_MD *md, int (*update)(EVP_MD_CTX *ctx,
+                                                      const void *data,
+                                                      size_t count));
+ int EVP_MD_meth_set_final(EVP_MD *md, int (*final)(EVP_MD_CTX *ctx,
+                                                    unsigned char *md));
+ int EVP_MD_meth_set_copy(EVP_MD *md, int (*copy)(EVP_MD_CTX *to,
+                                                  const EVP_MD_CTX *from));
+ int EVP_MD_meth_set_cleanup(EVP_MD *md, int (*cleanup)(EVP_MD_CTX *ctx));
+ int EVP_MD_meth_set_ctrl(EVP_MD *md, int (*ctrl)(EVP_MD_CTX *ctx, int cmd,
+                                                  int p1, void *p2));
    +
    + int EVP_MD_meth_get_input_blocksize(const EVP_MD *md);
+ int EVP_MD_meth_get_result_size(const EVP_MD *md);
+ int EVP_MD_meth_get_app_datasize(const EVP_MD *md);
+ unsigned long EVP_MD_meth_get_flags(const EVP_MD *md);
+ int (*EVP_MD_meth_get_init(const EVP_MD *md))(EVP_MD_CTX *ctx);
+ int (*EVP_MD_meth_get_update(const EVP_MD *md))(EVP_MD_CTX *ctx,
+                                                 const void *data,
+                                                 size_t count);
+ int (*EVP_MD_meth_get_final(const EVP_MD *md))(EVP_MD_CTX *ctx,
+                                                unsigned char *md);
+ int (*EVP_MD_meth_get_copy(const EVP_MD *md))(EVP_MD_CTX *to,
+                                               const EVP_MD_CTX *from);
+ int (*EVP_MD_meth_get_cleanup(const EVP_MD *md))(EVP_MD_CTX *ctx);
+ int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd,
+                                               int p1, void *p2);
    +

    +

    +
    +

    DESCRIPTION

    +

    The EVP_MD type is a structure for digest method implementation. +It can also have associated public/private key signing and verifying +routines.

    +

    EVP_MD_meth_new() creates a new EVP_MD structure. +These EVP_MD structures are reference counted.

    +

    EVP_MD_meth_dup() creates a copy of md.

    +

    EVP_MD_meth_free() decrements the reference count for the EVP_MD structure. +If the reference count drops to 0 then the structure is freed.

    +

    EVP_MD_meth_set_input_blocksize() sets the internal input block size +for the method md to blocksize bytes.

    +

    EVP_MD_meth_set_result_size() sets the size of the result that the +digest method in md is expected to produce to resultsize bytes.

    +

    The digest method may have its own private data, which OpenSSL will +allocate for it. EVP_MD_meth_set_app_datasize() should be used to +set the size for it to datasize.

    +

    EVP_MD_meth_set_flags() sets the flags to describe optional +behaviours in the particular md. Several flags can be or'd +together. The available flags are:

    +
    +
    EVP_MD_FLAG_ONESHOT
    + +
    +

    This digest method can only handle one block of input.

    +
    +
    EVP_MD_FLAG_XOF
    + +
    +

    This digest method is an extensible-output function (XOF) and supports +the EVP_MD_CTRL_XOF_LEN control.

    +
    +
    EVP_MD_FLAG_DIGALGID_NULL
    + +
    +

    When setting up a DigestAlgorithmIdentifier, this flag will have the +parameter set to NULL by default. Use this for PKCS#1. Note: if +combined with EVP_MD_FLAG_DIGALGID_ABSENT, the latter will override.

    +
    +
    EVP_MD_FLAG_DIGALGID_ABSENT
    + +
    +

    When setting up a DigestAlgorithmIdentifier, this flag will have the +parameter be left absent by default. Note: if combined with +EVP_MD_FLAG_DIGALGID_NULL, the latter will be overridden.

    +
    +
    EVP_MD_FLAG_DIGALGID_CUSTOM
    + +
    +

    Custom DigestAlgorithmIdentifier handling via ctrl, with +EVP_MD_FLAG_DIGALGID_ABSENT as default. Note: if combined with +EVP_MD_FLAG_DIGALGID_NULL, the latter will be overridden. +Currently unused.

    +
    +
    EVP_MD_FLAG_FIPS
    + +
    +

    This digest method is suitable for use in FIPS mode. +Currently unused.

    +
    +
    +

    EVP_MD_meth_set_init() sets the digest init function for md. +The digest init function is called by EVP_Digest(), EVP_DigestInit(), +EVP_DigestInit_ex(), EVP_SignInit, EVP_SignInit_ex(), EVP_VerifyInit() +and EVP_VerifyInit_ex().

    +

    EVP_MD_meth_set_update() sets the digest update function for md. +The digest update function is called by EVP_Digest(), EVP_DigestUpdate() and +EVP_SignUpdate().

    +

    EVP_MD_meth_set_final() sets the digest final function for md. +The digest final function is called by EVP_Digest(), EVP_DigestFinal(), +EVP_DigestFinal_ex(), EVP_SignFinal() and EVP_VerifyFinal().

    +

    EVP_MD_meth_set_copy() sets the function for md to do extra +computations after the method's private data structure has been copied +from one EVP_MD_CTX to another. If all that's needed is to copy +the data, there is no need for this copy function. +Note that the copy function is passed two EVP_MD_CTX *, the private +data structure is then available with EVP_MD_CTX_md_data(). +This copy function is called by EVP_MD_CTX_copy() and +EVP_MD_CTX_copy_ex().

    +

    EVP_MD_meth_set_cleanup() sets the function for md to do extra +cleanup before the method's private data structure is cleaned out and +freed. +Note that the cleanup function is passed a EVP_MD_CTX *, the +private data structure is then available with EVP_MD_CTX_md_data(). +This cleanup function is called by EVP_MD_CTX_reset() and +EVP_MD_CTX_free().

    +

    EVP_MD_meth_set_ctrl() sets the control function for md. +See EVP_MD_CTX_ctrl(3) for the available controls.

    +

    EVP_MD_meth_get_input_blocksize(), EVP_MD_meth_get_result_size(), +EVP_MD_meth_get_app_datasize(), EVP_MD_meth_get_flags(), +EVP_MD_meth_get_init(), EVP_MD_meth_get_update(), +EVP_MD_meth_get_final(), EVP_MD_meth_get_copy(), +EVP_MD_meth_get_cleanup() and EVP_MD_meth_get_ctrl() are all used +to retrieve the method data given with the EVP_MD_meth_set_*() +functions above.

    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_MD_meth_new() and EVP_MD_meth_dup() return a pointer to a newly +created EVP_MD, or NULL on failure. +All EVP_MD_meth_set_*() functions return 1. +EVP_MD_get_input_blocksize(), EVP_MD_meth_get_result_size(), +EVP_MD_meth_get_app_datasize() and EVP_MD_meth_get_flags() return the +indicated sizes or flags. +All other EVP_CIPHER_meth_get_*() functions return pointers to their +respective md function.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_DigestInit(3), EVP_SignInit(3), EVP_VerifyInit(3)

    +

    +

    +
    +

    HISTORY

    +

    The EVP_MD structure was openly available in OpenSSL before version +1.1. +The functions described here were added in OpenSSL 1.1. +The EVP_MD structure created with these functions became reference +counted in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_OpenInit.html b/linux_amd64/share/doc/openssl/html/man3/EVP_OpenInit.html new file mode 100755 index 0000000..b8af13e --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_OpenInit.html @@ -0,0 +1,103 @@ + + + + +EVP_OpenInit + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_OpenInit, EVP_OpenUpdate, EVP_OpenFinal - EVP envelope decryption

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + int EVP_OpenInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char *ek,
+                  int ekl, unsigned char *iv, EVP_PKEY *priv);
+ int EVP_OpenUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                    int *outl, unsigned char *in, int inl);
+ int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
    +

    +

    +
    +

    DESCRIPTION

    +

    The EVP envelope routines are a high level interface to envelope +decryption. They decrypt a public key encrypted symmetric key and +then decrypt data using it.

    +

    EVP_OpenInit() initializes a cipher context ctx for decryption +with cipher type. It decrypts the encrypted symmetric key of length +ekl bytes passed in the ek parameter using the private key priv. +The IV is supplied in the iv parameter.

    +

    EVP_OpenUpdate() and EVP_OpenFinal() have exactly the same properties +as the EVP_DecryptUpdate() and EVP_DecryptFinal() routines, as +documented on the EVP_EncryptInit(3) manual +page.

    +

    +

    +
    +

    NOTES

    +

    It is possible to call EVP_OpenInit() twice in the same way as +EVP_DecryptInit(). The first call should have priv set to NULL +and (after setting any cipher parameters) it should be called again +with type set to NULL.

    +

    If the cipher passed in the type parameter is a variable length +cipher then the key length will be set to the value of the recovered +key length. If the cipher is a fixed length cipher then the recovered +key length must match the fixed cipher length.

    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_OpenInit() returns 0 on error or a non zero integer (actually the +recovered secret key size) if successful.

    +

    EVP_OpenUpdate() returns 1 for success or 0 for failure.

    +

    EVP_OpenFinal() returns 0 if the decrypt failed or 1 for success.

    +

    +

    +
    +

    SEE ALSO

    +

    evp(7), RAND_bytes(3), +EVP_EncryptInit(3), +EVP_SealInit(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_ASN1_METHOD.html b/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_ASN1_METHOD.html new file mode 100755 index 0000000..181bc7c --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_ASN1_METHOD.html @@ -0,0 +1,443 @@ + + + + +EVP_PKEY_ASN1_METHOD + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    EVP_PKEY_ASN1_METHOD, +EVP_PKEY_asn1_new, +EVP_PKEY_asn1_copy, +EVP_PKEY_asn1_free, +EVP_PKEY_asn1_add0, +EVP_PKEY_asn1_add_alias, +EVP_PKEY_asn1_set_public, +EVP_PKEY_asn1_set_private, +EVP_PKEY_asn1_set_param, +EVP_PKEY_asn1_set_free, +EVP_PKEY_asn1_set_ctrl, +EVP_PKEY_asn1_set_item, +EVP_PKEY_asn1_set_siginf, +EVP_PKEY_asn1_set_check, +EVP_PKEY_asn1_set_public_check, +EVP_PKEY_asn1_set_param_check, +EVP_PKEY_asn1_set_security_bits, +EVP_PKEY_asn1_set_set_priv_key, +EVP_PKEY_asn1_set_set_pub_key, +EVP_PKEY_asn1_set_get_priv_key, +EVP_PKEY_asn1_set_get_pub_key, +EVP_PKEY_get0_asn1 +- manipulating and registering EVP_PKEY_ASN1_METHOD structure

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD;
    +
    + EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags,
+                                         const char *pem_str,
+                                         const char *info);
+ void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst,
+                         const EVP_PKEY_ASN1_METHOD *src);
+ void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth);
+ int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth);
+ int EVP_PKEY_asn1_add_alias(int to, int from);
    +
    + void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth,
+                               int (*pub_decode) (EVP_PKEY *pk,
+                                                  X509_PUBKEY *pub),
+                               int (*pub_encode) (X509_PUBKEY *pub,
+                                                  const EVP_PKEY *pk),
+                               int (*pub_cmp) (const EVP_PKEY *a,
+                                               const EVP_PKEY *b),
+                               int (*pub_print) (BIO *out,
+                                                 const EVP_PKEY *pkey,
+                                                 int indent, ASN1_PCTX *pctx),
+                               int (*pkey_size) (const EVP_PKEY *pk),
+                               int (*pkey_bits) (const EVP_PKEY *pk));
+ void EVP_PKEY_asn1_set_private(EVP_PKEY_ASN1_METHOD *ameth,
+                                int (*priv_decode) (EVP_PKEY *pk,
+                                                    const PKCS8_PRIV_KEY_INFO
+                                                    *p8inf),
+                                int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8,
+                                                    const EVP_PKEY *pk),
+                                int (*priv_print) (BIO *out,
+                                                   const EVP_PKEY *pkey,
+                                                   int indent,
+                                                   ASN1_PCTX *pctx));
+ void EVP_PKEY_asn1_set_param(EVP_PKEY_ASN1_METHOD *ameth,
+                              int (*param_decode) (EVP_PKEY *pkey,
+                                                   const unsigned char **pder,
+                                                   int derlen),
+                              int (*param_encode) (const EVP_PKEY *pkey,
+                                                   unsigned char **pder),
+                              int (*param_missing) (const EVP_PKEY *pk),
+                              int (*param_copy) (EVP_PKEY *to,
+                                                 const EVP_PKEY *from),
+                              int (*param_cmp) (const EVP_PKEY *a,
+                                                const EVP_PKEY *b),
+                              int (*param_print) (BIO *out,
+                                                  const EVP_PKEY *pkey,
+                                                  int indent,
+                                                  ASN1_PCTX *pctx));
    +
    + void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth,
+                             void (*pkey_free) (EVP_PKEY *pkey));
+ void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth,
+                             int (*pkey_ctrl) (EVP_PKEY *pkey, int op,
+                                               long arg1, void *arg2));
+ void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth,
+                             int (*item_verify) (EVP_MD_CTX *ctx,
+                                                 const ASN1_ITEM *it,
+                                                 void *asn,
+                                                 X509_ALGOR *a,
+                                                 ASN1_BIT_STRING *sig,
+                                                 EVP_PKEY *pkey),
+                             int (*item_sign) (EVP_MD_CTX *ctx,
+                                               const ASN1_ITEM *it,
+                                               void *asn,
+                                               X509_ALGOR *alg1,
+                                               X509_ALGOR *alg2,
+                                               ASN1_BIT_STRING *sig));
    +
    + void EVP_PKEY_asn1_set_siginf(EVP_PKEY_ASN1_METHOD *ameth,
+                               int (*siginf_set) (X509_SIG_INFO *siginf,
+                                                  const X509_ALGOR *alg,
+                                                  const ASN1_STRING *sig));
    +
    + void EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth,
+                              int (*pkey_check) (const EVP_PKEY *pk));
    +
    + void EVP_PKEY_asn1_set_public_check(EVP_PKEY_ASN1_METHOD *ameth,
+                                     int (*pkey_pub_check) (const EVP_PKEY *pk));
    +
    + void EVP_PKEY_asn1_set_param_check(EVP_PKEY_ASN1_METHOD *ameth,
+                                    int (*pkey_param_check) (const EVP_PKEY *pk));
    +
    + void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth,
+                                      int (*pkey_security_bits) (const EVP_PKEY
+                                                                 *pk));
    +
    + void EVP_PKEY_asn1_set_set_priv_key(EVP_PKEY_ASN1_METHOD *ameth,
+                                     int (*set_priv_key) (EVP_PKEY *pk,
+                                                          const unsigned char
+                                                             *priv,
+                                                          size_t len));
    +
    + void EVP_PKEY_asn1_set_set_pub_key(EVP_PKEY_ASN1_METHOD *ameth,
+                                    int (*set_pub_key) (EVP_PKEY *pk,
+                                                        const unsigned char *pub,
+                                                        size_t len));
    +
    + void EVP_PKEY_asn1_set_get_priv_key(EVP_PKEY_ASN1_METHOD *ameth,
+                                     int (*get_priv_key) (const EVP_PKEY *pk,
+                                                          unsigned char *priv,
+                                                          size_t *len));
    +
    + void EVP_PKEY_asn1_set_get_pub_key(EVP_PKEY_ASN1_METHOD *ameth,
+                                    int (*get_pub_key) (const EVP_PKEY *pk,
+                                                        unsigned char *pub,
+                                                        size_t *len));
    +
    + const EVP_PKEY_ASN1_METHOD *EVP_PKEY_get0_asn1(const EVP_PKEY *pkey);
    +

    +

    +
    +

    DESCRIPTION

    +

    EVP_PKEY_ASN1_METHOD is a structure which holds a set of ASN.1 +conversion, printing and information methods for a specific public key +algorithm.

    +

    There are two places where the EVP_PKEY_ASN1_METHOD objects are +stored: one is a built-in array representing the standard methods for +different algorithms, and the other one is a stack of user-defined +application-specific methods, which can be manipulated by using +EVP_PKEY_asn1_add0(3).

    +

    +

    +

    Methods

    +

    The methods are the underlying implementations of a particular public +key algorithm present by the EVP_PKEY object.

    +
    + int (*pub_decode) (EVP_PKEY *pk, X509_PUBKEY *pub);
+ int (*pub_encode) (X509_PUBKEY *pub, const EVP_PKEY *pk);
+ int (*pub_cmp) (const EVP_PKEY *a, const EVP_PKEY *b);
+ int (*pub_print) (BIO *out, const EVP_PKEY *pkey, int indent,
+                   ASN1_PCTX *pctx);
    +

    The pub_decode() and pub_encode() methods are called to decode / +encode X509_PUBKEY ASN.1 parameters to / from pk. +They MUST return 0 on error, 1 on success. +They're called by X509_PUBKEY_get0(3) and X509_PUBKEY_set(3).

    +

    The pub_cmp() method is called when two public keys are to be +compared. +It MUST return 1 when the keys are equal, 0 otherwise. +It's called by EVP_PKEY_cmp(3).

    +

    The pub_print() method is called to print a public key in humanly +readable text to out, indented indent spaces. +It MUST return 0 on error, 1 on success. +It's called by EVP_PKEY_print_public(3).

    +
    + int (*priv_decode) (EVP_PKEY *pk, const PKCS8_PRIV_KEY_INFO *p8inf);
+ int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk);
+ int (*priv_print) (BIO *out, const EVP_PKEY *pkey, int indent,
+                    ASN1_PCTX *pctx);
    +

    The priv_decode() and priv_encode() methods are called to decode / +encode PKCS8_PRIV_KEY_INFO form private key to / from pk. +They MUST return 0 on error, 1 on success. +They're called by EVP_PKCS82PKEY(3) and EVP_PKEY2PKCS8(3).

    +

    The priv_print() method is called to print a private key in humanly +readable text to out, indented indent spaces. +It MUST return 0 on error, 1 on success. +It's called by EVP_PKEY_print_private(3).

    +
    + int (*pkey_size) (const EVP_PKEY *pk);
+ int (*pkey_bits) (const EVP_PKEY *pk);
+ int (*pkey_security_bits) (const EVP_PKEY *pk);
    +

    The pkey_size() method returns the key size in bytes. +It's called by EVP_PKEY_size(3).

    +

    The pkey_bits() method returns the key size in bits. +It's called by EVP_PKEY_bits(3).

    +
    + int (*param_decode) (EVP_PKEY *pkey,
+                      const unsigned char **pder, int derlen);
+ int (*param_encode) (const EVP_PKEY *pkey, unsigned char **pder);
+ int (*param_missing) (const EVP_PKEY *pk);
+ int (*param_copy) (EVP_PKEY *to, const EVP_PKEY *from);
+ int (*param_cmp) (const EVP_PKEY *a, const EVP_PKEY *b);
+ int (*param_print) (BIO *out, const EVP_PKEY *pkey, int indent,
+                     ASN1_PCTX *pctx);
    +

    The param_decode() and param_encode() methods are called to decode / +encode DER formatted parameters to / from pk. +They MUST return 0 on error, 1 on success. +They're called by PEM_read_bio_Parameters(3) and the file: +OSSL_STORE_LOADER(3).

    +

    The param_missing() method returns 0 if a key parameter is missing, +otherwise 1. +It's called by EVP_PKEY_missing_parameters(3).

    +

    The param_copy() method copies key parameters from from to to. +It MUST return 0 on error, 1 on success. +It's called by EVP_PKEY_copy_parameters(3).

    +

    The param_cmp() method compares the parameters of keys a and b. +It MUST return 1 when the keys are equal, 0 when not equal, or a +negative number on error. +It's called by EVP_PKEY_cmp_parameters(3).

    +

    The param_print() method prints the private key parameters in humanly +readable text to out, indented indent spaces. +It MUST return 0 on error, 1 on success. +It's called by EVP_PKEY_print_params(3).

    +
    + int (*sig_print) (BIO *out,
+                   const X509_ALGOR *sigalg, const ASN1_STRING *sig,
+                   int indent, ASN1_PCTX *pctx);
    +

    The sig_print() method prints a signature in humanly readable text to +out, indented indent spaces. +sigalg contains the exact signature algorithm. +If the signature in sig doesn't correspond to what this method +expects, X509_signature_dump() must be used as a last resort. +It MUST return 0 on error, 1 on success. +It's called by X509_signature_print(3).

    +
    + void (*pkey_free) (EVP_PKEY *pkey);
    +

    The pkey_free() method helps freeing the internals of pkey. +It's called by EVP_PKEY_free(3), EVP_PKEY_set_type(3), +EVP_PKEY_set_type_str(3), and EVP_PKEY_assign(3).

    +
    + int (*pkey_ctrl) (EVP_PKEY *pkey, int op, long arg1, void *arg2);
    +

    The pkey_ctrl() method adds extra algorithm specific control. +It's called by EVP_PKEY_get_default_digest_nid(3), +EVP_PKEY_supports_digest_nid(3), +EVP_PKEY_set1_tls_encodedpoint(3), +EVP_PKEY_get1_tls_encodedpoint(3), PKCS7_SIGNER_INFO_set(3), +PKCS7_RECIP_INFO_set(3), ...

    +
    + int (*old_priv_decode) (EVP_PKEY *pkey,
+                         const unsigned char **pder, int derlen);
+ int (*old_priv_encode) (const EVP_PKEY *pkey, unsigned char **pder);
    +

    The old_priv_decode() and old_priv_encode() methods decode / encode +they private key pkey from / to a DER formatted array. +These are exclusively used to help decoding / encoding older (pre +PKCS#8) PEM formatted encrypted private keys. +old_priv_decode() MUST return 0 on error, 1 on success. +old_priv_encode() MUST the return same kind of values as +i2d_PrivateKey(). +They're called by d2i_PrivateKey(3) and i2d_PrivateKey(3).

    +
    + int (*item_verify) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
+                     X509_ALGOR *a, ASN1_BIT_STRING *sig, EVP_PKEY *pkey);
+ int (*item_sign) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
+                   X509_ALGOR *alg1, X509_ALGOR *alg2,
+                   ASN1_BIT_STRING *sig);
    +

    The item_sign() and item_verify() methods make it possible to have +algorithm specific signatures and verification of them.

    +

    item_sign() MUST return one of:

    +
    +
    <=0
    + +
    +

    error

    + +
  • +

    item_sign() did everything, OpenSSL internals just needs to pass the +signature length back.

    +
    • +
  • +

    item_sign() did nothing, OpenSSL internal standard routines are +expected to continue with the default signature production.

    +
    • +
  • +

    item_sign() set the algorithm identifier algor1 and algor2, +OpenSSL internals should just sign using those algorithms.

    +
    • +
    +

    item_verify() MUST return one of:

    +
    +
    <=0
    + +
    +

    error

    + +
  • +

    item_sign() did everything, OpenSSL internals just needs to pass the +signature length back.

    +
    • +
  • +

    item_sign() did nothing, OpenSSL internal standard routines are +expected to continue with the default signature production.

    +
    • +
    +

    item_verify() and item_sign() are called by ASN1_item_verify(3) and +ASN1_item_sign(3), and by extension, X509_verify(3), +X509_REQ_verify(3), X509_sign(3), X509_REQ_sign(3), ...

    +
    + int (*siginf_set) (X509_SIG_INFO *siginf, const X509_ALGOR *alg,
+                    const ASN1_STRING *sig);
    +

    The siginf_set() method is used to set custom X509_SIG_INFO +parameters. +It MUST return 0 on error, or 1 on success. +It's called as part of X509_check_purpose(3), X509_check_ca(3) +and X509_check_issued(3).

    +
    + int (*pkey_check) (const EVP_PKEY *pk);
+ int (*pkey_public_check) (const EVP_PKEY *pk);
+ int (*pkey_param_check) (const EVP_PKEY *pk);
    +

    The pkey_check(), pkey_public_check() and pkey_param_check() methods are used +to check the validity of pk for key-pair, public component and parameters, +respectively. +They MUST return 0 for an invalid key, or 1 for a valid key. +They are called by EVP_PKEY_check(3), EVP_PKEY_public_check(3) and +EVP_PKEY_param_check(3) respectively.

    +
    + int (*set_priv_key) (EVP_PKEY *pk, const unsigned char *priv, size_t len);
+ int (*set_pub_key) (EVP_PKEY *pk, const unsigned char *pub, size_t len);
    +

    The set_priv_key() and set_pub_key() methods are used to set the raw private and +public key data for an EVP_PKEY. They MUST return 0 on error, or 1 on success. +They are called by EVP_PKEY_new_raw_private_key(3), and +EVP_PKEY_new_raw_public_key(3) respectively.

    +
    + size_t (*dirty) (const EVP_PKEY *pk);
+ void *(*export_to) (const EVP_PKEY *pk, EVP_KEYMGMT *keymgmt);
    +

    dirty_cnt() returns the internal key's dirty count. +This can be used to synchronise different copies of the same keys.

    +

    The export_to() method exports the key material from the given key to +a provider, through the EVP_KEYMGMT(3) interface, if that provider +supports importing key material.

    +

    +

    +

    Functions

    +

    EVP_PKEY_asn1_new() creates and returns a new EVP_PKEY_ASN1_METHOD +object, and associates the given id, flags, pem_str and +info. +id is a NID, pem_str is the PEM type string, info is a +descriptive string. +The following flags are supported:

    +
    + ASN1_PKEY_SIGPARAM_NULL
    +

    If ASN1_PKEY_SIGPARAM_NULL is set, then the signature algorithm +parameters are given the type V_ASN1_NULL by default, otherwise +they will be given the type V_ASN1_UNDEF (i.e. the parameter is +omitted). +See X509_ALGOR_set0(3) for more information.

    +

    EVP_PKEY_asn1_copy() copies an EVP_PKEY_ASN1_METHOD object from +src to dst. +This function is not thread safe, it's recommended to only use this +when initializing the application.

    +

    EVP_PKEY_asn1_free() frees an existing EVP_PKEY_ASN1_METHOD pointed +by ameth.

    +

    EVP_PKEY_asn1_add0() adds ameth to the user defined stack of +methods unless another EVP_PKEY_ASN1_METHOD with the same NID is +already there. +This function is not thread safe, it's recommended to only use this +when initializing the application.

    +

    EVP_PKEY_asn1_add_alias() creates an alias with the NID to for the +EVP_PKEY_ASN1_METHOD with NID from unless another +EVP_PKEY_ASN1_METHOD with the same NID is already added. +This function is not thread safe, it's recommended to only use this +when initializing the application.

    +

    EVP_PKEY_asn1_set_public(), EVP_PKEY_asn1_set_private(), +EVP_PKEY_asn1_set_param(), EVP_PKEY_asn1_set_free(), +EVP_PKEY_asn1_set_ctrl(), EVP_PKEY_asn1_set_item(), +EVP_PKEY_asn1_set_siginf(), EVP_PKEY_asn1_set_check(), +EVP_PKEY_asn1_set_public_check(), EVP_PKEY_asn1_set_param_check(), +EVP_PKEY_asn1_set_security_bits(), EVP_PKEY_asn1_set_set_priv_key(), +EVP_PKEY_asn1_set_set_pub_key(), EVP_PKEY_asn1_set_get_priv_key() and +EVP_PKEY_asn1_set_get_pub_key() set the diverse methods of the given +EVP_PKEY_ASN1_METHOD object.

    +

    EVP_PKEY_get0_asn1() finds the EVP_PKEY_ASN1_METHOD associated +with the key pkey.

    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_PKEY_asn1_new() returns NULL on error, or a pointer to an +EVP_PKEY_ASN1_METHOD object otherwise.

    +

    EVP_PKEY_asn1_add0() and EVP_PKEY_asn1_add_alias() return 0 on error, +or 1 on success.

    +

    EVP_PKEY_get0_asn1() returns NULL on error, or a pointer to a constant +EVP_PKEY_ASN1_METHOD object otherwise.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_CTX_ctrl.html b/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_CTX_ctrl.html new file mode 100755 index 0000000..af3083f --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_CTX_ctrl.html @@ -0,0 +1,630 @@ + + + + +EVP_PKEY_CTX_ctrl + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_PKEY_CTX_get_params, +EVP_PKEY_CTX_gettable_params, +EVP_PKEY_CTX_set_params, +EVP_PKEY_CTX_settable_params, +EVP_PKEY_CTX_ctrl, +EVP_PKEY_CTX_ctrl_str, +EVP_PKEY_CTX_ctrl_uint64, +EVP_PKEY_CTX_md, +EVP_PKEY_CTX_set_signature_md, +EVP_PKEY_CTX_get_signature_md, +EVP_PKEY_CTX_set_mac_key, +EVP_PKEY_CTX_set_rsa_padding, +EVP_PKEY_CTX_get_rsa_padding, +EVP_PKEY_CTX_set_rsa_pss_saltlen, +EVP_PKEY_CTX_get_rsa_pss_saltlen, +EVP_PKEY_CTX_set_rsa_keygen_bits, +EVP_PKEY_CTX_set_rsa_keygen_pubexp, +EVP_PKEY_CTX_set_rsa_keygen_primes, +EVP_PKEY_CTX_set_rsa_mgf1_md_name, +EVP_PKEY_CTX_set_rsa_mgf1_md, +EVP_PKEY_CTX_get_rsa_mgf1_md, +EVP_PKEY_CTX_get_rsa_mgf1_md_name, +EVP_PKEY_CTX_set_rsa_oaep_md_name, +EVP_PKEY_CTX_set_rsa_oaep_md, +EVP_PKEY_CTX_get_rsa_oaep_md, +EVP_PKEY_CTX_get_rsa_oaep_md_name, +EVP_PKEY_CTX_set0_rsa_oaep_label, +EVP_PKEY_CTX_get0_rsa_oaep_label, +EVP_PKEY_CTX_set_dsa_paramgen_bits, +EVP_PKEY_CTX_set_dsa_paramgen_q_bits, +EVP_PKEY_CTX_set_dsa_paramgen_md, +EVP_PKEY_CTX_set_dh_paramgen_prime_len, +EVP_PKEY_CTX_set_dh_paramgen_subprime_len, +EVP_PKEY_CTX_set_dh_paramgen_generator, +EVP_PKEY_CTX_set_dh_paramgen_type, +EVP_PKEY_CTX_set_dh_rfc5114, +EVP_PKEY_CTX_set_dhx_rfc5114, +EVP_PKEY_CTX_set_dh_pad, +EVP_PKEY_CTX_set_dh_nid, +EVP_PKEY_CTX_set_dh_kdf_type, +EVP_PKEY_CTX_get_dh_kdf_type, +EVP_PKEY_CTX_set0_dh_kdf_oid, +EVP_PKEY_CTX_get0_dh_kdf_oid, +EVP_PKEY_CTX_set_dh_kdf_md, +EVP_PKEY_CTX_get_dh_kdf_md, +EVP_PKEY_CTX_set_dh_kdf_outlen, +EVP_PKEY_CTX_get_dh_kdf_outlen, +EVP_PKEY_CTX_set0_dh_kdf_ukm, +EVP_PKEY_CTX_get0_dh_kdf_ukm, +EVP_PKEY_CTX_set_ec_paramgen_curve_nid, +EVP_PKEY_CTX_set_ec_param_enc, +EVP_PKEY_CTX_set_ecdh_cofactor_mode, +EVP_PKEY_CTX_get_ecdh_cofactor_mode, +EVP_PKEY_CTX_set_ecdh_kdf_type, +EVP_PKEY_CTX_get_ecdh_kdf_type, +EVP_PKEY_CTX_set_ecdh_kdf_md, +EVP_PKEY_CTX_get_ecdh_kdf_md, +EVP_PKEY_CTX_set_ecdh_kdf_outlen, +EVP_PKEY_CTX_get_ecdh_kdf_outlen, +EVP_PKEY_CTX_set0_ecdh_kdf_ukm, +EVP_PKEY_CTX_get0_ecdh_kdf_ukm, +EVP_PKEY_CTX_set1_id, EVP_PKEY_CTX_get1_id, EVP_PKEY_CTX_get1_id_len +- algorithm specific control operations

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + int EVP_PKEY_CTX_get_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params);
+ const OSSL_PARAM *EVP_PKEY_CTX_gettable_params(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_CTX_set_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params);
+ const OSSL_PARAM *EVP_PKEY_CTX_settable_params(EVP_PKEY_CTX *ctx);
    +
    + int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype,
+                       int cmd, int p1, void *p2);
+ int EVP_PKEY_CTX_ctrl_uint64(EVP_PKEY_CTX *ctx, int keytype, int optype,
+                              int cmd, uint64_t value);
+ int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
+                           const char *value);
    +
    + int EVP_PKEY_CTX_md(EVP_PKEY_CTX *ctx, int optype, int cmd, const char *md);
    +
    + int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
+ int EVP_PKEY_CTX_get_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD **pmd);
    +
    + int EVP_PKEY_CTX_set_mac_key(EVP_PKEY_CTX *ctx, const unsigned char *key,
+                              int len);
    +
    + #include <openssl/rsa.h>
    +
    + int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int pad);
+ int EVP_PKEY_CTX_get_rsa_padding(EVP_PKEY_CTX *ctx, int *pad);
+ int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int saltlen);
+ int EVP_PKEY_CTX_get_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int *saltlen);
+ int EVP_PKEY_CTX_set_rsa_keygen_bits(EVP_PKEY_CTX *ctx, int mbits);
+ int EVP_PKEY_CTX_set_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *pubexp);
+ int EVP_PKEY_CTX_set_rsa_keygen_primes(EVP_PKEY_CTX *ctx, int primes);
+ int EVP_PKEY_CTX_set_rsa_mgf1_md_name(EVP_PKEY_CTX *ctx, const char *mdname,
+                                     const char *mdprops);
+ int EVP_PKEY_CTX_set_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
+ int EVP_PKEY_CTX_get_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD **md);
+ int EVP_PKEY_CTX_get_rsa_mgf1_md_name(EVP_PKEY_CTX *ctx, char *name,
+                                       size_t namelen);
+ int EVP_PKEY_CTX_set_rsa_oaep_md_name(EVP_PKEY_CTX *ctx, const char *mdname,
+                                       const char *mdprops);
+ int EVP_PKEY_CTX_set_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
+ int EVP_PKEY_CTX_get_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD **md);
+ int EVP_PKEY_CTX_get_rsa_oaep_md_name(EVP_PKEY_CTX *ctx, char *name,
+                                       size_t namelen)
+ int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char *label, int len);
+ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
    +
    + #include <openssl/dsa.h>
    +
    + int EVP_PKEY_CTX_set_dsa_paramgen_bits(EVP_PKEY_CTX *ctx, int nbits);
+ int EVP_PKEY_CTX_set_dsa_paramgen_q_bits(EVP_PKEY_CTX *ctx, int qbits);
+ int EVP_PKEY_CTX_set_dsa_paramgen_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
    +
    + #include <openssl/dh.h>
    +
    + int EVP_PKEY_CTX_set_dh_paramgen_prime_len(EVP_PKEY_CTX *ctx, int len);
+ int EVP_PKEY_CTX_set_dh_paramgen_subprime_len(EVP_PKEY_CTX *ctx, int len);
+ int EVP_PKEY_CTX_set_dh_paramgen_generator(EVP_PKEY_CTX *ctx, int gen);
+ int EVP_PKEY_CTX_set_dh_paramgen_type(EVP_PKEY_CTX *ctx, int type);
+ int EVP_PKEY_CTX_set_dh_pad(EVP_PKEY_CTX *ctx, int pad);
+ int EVP_PKEY_CTX_set_dh_nid(EVP_PKEY_CTX *ctx, int nid);
+ int EVP_PKEY_CTX_set_dh_rfc5114(EVP_PKEY_CTX *ctx, int rfc5114);
+ int EVP_PKEY_CTX_set_dhx_rfc5114(EVP_PKEY_CTX *ctx, int rfc5114);
+ int EVP_PKEY_CTX_set_dh_kdf_type(EVP_PKEY_CTX *ctx, int kdf);
+ int EVP_PKEY_CTX_get_dh_kdf_type(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_CTX_set0_dh_kdf_oid(EVP_PKEY_CTX *ctx, ASN1_OBJECT *oid);
+ int EVP_PKEY_CTX_get0_dh_kdf_oid(EVP_PKEY_CTX *ctx, ASN1_OBJECT **oid);
+ int EVP_PKEY_CTX_set_dh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
+ int EVP_PKEY_CTX_get_dh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD **md);
+ int EVP_PKEY_CTX_set_dh_kdf_outlen(EVP_PKEY_CTX *ctx, int len);
+ int EVP_PKEY_CTX_get_dh_kdf_outlen(EVP_PKEY_CTX *ctx, int *len);
+ int EVP_PKEY_CTX_set0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char *ukm, int len);
+ int EVP_PKEY_CTX_get0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm);
    +
    + #include <openssl/ec.h>
    +
    + int EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx, int nid);
+ int EVP_PKEY_CTX_set_ec_param_enc(EVP_PKEY_CTX *ctx, int param_enc);
+ int EVP_PKEY_CTX_set_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx, int cofactor_mode);
+ int EVP_PKEY_CTX_get_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_CTX_set_ecdh_kdf_type(EVP_PKEY_CTX *ctx, int kdf);
+ int EVP_PKEY_CTX_get_ecdh_kdf_type(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_CTX_set_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
+ int EVP_PKEY_CTX_get_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD **md);
+ int EVP_PKEY_CTX_set_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int len);
+ int EVP_PKEY_CTX_get_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int *len);
+ int EVP_PKEY_CTX_set0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char *ukm, int len);
+ int EVP_PKEY_CTX_get0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm);
    +
    + int EVP_PKEY_CTX_set1_id(EVP_PKEY_CTX *ctx, void *id, size_t id_len);
+ int EVP_PKEY_CTX_get1_id(EVP_PKEY_CTX *ctx, void *id);
+ int EVP_PKEY_CTX_get1_id_len(EVP_PKEY_CTX *ctx, size_t *id_len);
    +

    +

    +
    +

    DESCRIPTION

    +

    The EVP_PKEY_CTX_get_params() and EVP_PKEY_CTX_set_params() functions get and +send arbitrary parameters from and to the algorithm implementation respectively. +Not all parameters may be supported by all providers. +See OSSL_PROVIDER(3) for more information on providers. +See OSSL_PARAM(3) for more information on parameters. +These functions must only be called after the EVP_PKEY_CTX has been initialised +for use in an operation.

    +

    The parameters currently supported by the default provider are:

    +
    +
    "pad" (OSSL_EXCHANGE_PARAM_PAD) <unsigned integer>
    + +
    +

    Sets the DH padding mode. +If OSSL_EXCHANGE_PARAM_PAD is 1 then the shared secret is padded with zeros +up to the size of the DH prime p. +If OSSL_EXCHANGE_PARAM_PAD is zero (the default) then no padding is +performed.

    +
    +
    "digest" (OSSL_SIGNATURE_PARAM_DIGEST) <UTF8 string>
    + +
    +

    Gets and sets the name of the digest algorithm used for the input to the +signature functions.

    +
    +
    "digest-size" (OSSL_SIGNATURE_PARAM_DIGEST_SIZE) <unsigned integer>
    + +
    +

    Gets and sets the output size of the digest algorithm used for the input to the +signature functions. +The length of the "digest-size" parameter should not exceed that of a size_t. +The internal algorithm that supports this parameter is DSA.

    +
    +
    +

    EVP_PKEY_CTX_gettable_params() and EVP_PKEY_CTX_settable_params() gets a +constant OSSL_PARAM array that describes the gettable and +settable parameters for the current algorithm implementation, i.e. parameters +that can be used with EVP_PKEY_CTX_get_params() and EVP_PKEY_CTX_set_params() +respectively. +See OSSL_PARAM(3) for the use of OSSL_PARAM as parameter descriptor. +These functions must only be called after the EVP_PKEY_CTX has been initialised +for use in an operation.

    +

    The function EVP_PKEY_CTX_ctrl() sends a control operation to the context +ctx. The key type used must match keytype if it is not -1. The parameter +optype is a mask indicating which operations the control can be applied to. +The control command is indicated in cmd and any additional arguments in +p1 and p2.

    +

    For cmd = EVP_PKEY_CTRL_SET_MAC_KEY, p1 is the length of the MAC key, +and p2 is the MAC key. This is used by Poly1305, SipHash, HMAC and CMAC.

    +

    Applications will not normally call EVP_PKEY_CTX_ctrl() directly but will +instead call one of the algorithm specific macros below.

    +

    The function EVP_PKEY_CTX_ctrl_uint64() is a wrapper that directly passes a +uint64 value as p2 to EVP_PKEY_CTX_ctrl().

    +

    The function EVP_PKEY_CTX_ctrl_str() allows an application to send an algorithm +specific control operation to a context ctx in string form. This is +intended to be used for options specified on the command line or in text +files. The commands supported are documented in the openssl utility +command line pages for the option -pkeyopt which is supported by the +pkeyutl, genpkey and req commands.

    +

    The function EVP_PKEY_CTX_md() sends a message digest control operation +to the context ctx. The message digest is specified by its name md.

    +

    The EVP_PKEY_CTX_set_signature_md() function sets the message digest type used +in a signature. It can be used in the RSA, DSA and ECDSA algorithms.

    +

    The EVP_PKEY_CTX_get_signature_md() function gets the message digest type used +in a signature. It can be used in the RSA, DSA and ECDSA algorithms.

    +

    All the remaining "functions" are implemented as macros.

    +

    Key generation typically involves setting up parameters to be used and +generating the private and public key data. Some algorithm implementations +allow private key data to be set explicitly using the EVP_PKEY_CTX_set_mac_key() +macro. In this case key generation is simply the process of setting up the +parameters for the key and then setting the raw key data to the value explicitly +provided by that macro. Normally applications would call +EVP_PKEY_new_raw_private_key(3) or similar functions instead of this macro.

    +

    The EVP_PKEY_CTX_set_mac_key() macro can be used with any of the algorithms +supported by the EVP_PKEY_new_raw_private_key(3) function.

    +

    +

    +

    RSA parameters

    +

    The EVP_PKEY_CTX_set_rsa_padding() function sets the RSA padding mode for ctx. +The pad parameter can take the value RSA_PKCS1_PADDING for PKCS#1 +padding, RSA_SSLV23_PADDING for SSLv23 padding, RSA_NO_PADDING for +no padding, RSA_PKCS1_OAEP_PADDING for OAEP padding (encrypt and +decrypt only), RSA_X931_PADDING for X9.31 padding (signature operations +only), RSA_PKCS1_PSS_PADDING (sign and verify only) and +RSA_PKCS1_WITH_TLS_PADDING for TLS RSA ClientKeyExchange message padding +(decryption only).

    +

    Two RSA padding modes behave differently if EVP_PKEY_CTX_set_signature_md() +is used. If this macro is called for PKCS#1 padding the plaintext buffer is +an actual digest value and is encapsulated in a DigestInfo structure according +to PKCS#1 when signing and this structure is expected (and stripped off) when +verifying. If this control is not used with RSA and PKCS#1 padding then the +supplied data is used directly and not encapsulated. In the case of X9.31 +padding for RSA the algorithm identifier byte is added or checked and removed +if this control is called. If it is not called then the first byte of the plaintext +buffer is expected to be the algorithm identifier byte.

    +

    The EVP_PKEY_CTX_get_rsa_padding() function gets the RSA padding mode for ctx.

    +

    The EVP_PKEY_CTX_set_rsa_pss_saltlen() function sets the RSA PSS salt +length to saltlen. As its name implies it is only supported for PSS +padding. If this function is not called then the maximum salt length +is used when signing and auto detection when verifying. Three special +values are supported:

    +
    +
    RSA_PSS_SALTLEN_DIGEST
    + +
    +

    sets the salt length to the digest length.

    +
    +
    RSA_PSS_SALTLEN_MAX
    + +
    +

    sets the salt length to the maximum permissible value.

    +
    +
    RSA_PSS_SALTLEN_AUTO
    + +
    +

    causes the salt length to be automatically determined based on the +PSS block structure when verifying. When signing, it has the same +meaning as RSA_PSS_SALTLEN_MAX.

    +
    +
    +

    The EVP_PKEY_CTX_get_rsa_pss_saltlen() function gets the RSA PSS salt length +for ctx. The padding mode must already have been set to +RSA_PKCS1_PSS_PADDING.

    +

    The EVP_PKEY_CTX_set_rsa_keygen_bits() macro sets the RSA key length for +RSA key generation to bits. If not specified 2048 bits is used.

    +

    The EVP_PKEY_CTX_set_rsa_keygen_pubexp() macro sets the public exponent value +for RSA key generation to pubexp. Currently it should be an odd integer. The +pubexp pointer is used internally by this function so it should not be +modified or freed after the call. If not specified 65537 is used.

    +

    The EVP_PKEY_CTX_set_rsa_keygen_primes() macro sets the number of primes for +RSA key generation to primes. If not specified 2 is used.

    +

    The EVP_PKEY_CTX_set_rsa_mgf1_md_name() function sets the MGF1 digest for RSA +padding schemes to the digest named mdname. If the RSA algorithm +implementation for the selected provider supports it then the digest will be +fetched using the properties mdprops. If not explicitly set the signing +digest is used. The padding mode must have been set to RSA_PKCS1_OAEP_PADDING +or RSA_PKCS1_PSS_PADDING.

    +

    The EVP_PKEY_CTX_set_rsa_mgf1_md() function does the same as +EVP_PKEY_CTX_set_rsa_mgf1_md_name() except that the name of the digest is +inferred from the supplied md and it is not possible to specify any +properties.

    +

    The EVP_PKEY_CTX_get_rsa_mgf1_md_name() function gets the name of the MGF1 +digest algorithm for ctx. If not explicitly set the signing digest is used. +The padding mode must have been set to RSA_PKCS1_OAEP_PADDING or +RSA_PKCS1_PSS_PADDING.

    +

    The EVP_PKEY_CTX_get_rsa_mgf1_md() function does the same as +EVP_PKEY_CTX_get_rsa_mgf1_md_name() except that it returns a pointer to an +EVP_MD object instead. Note that only known, built-in EVP_MD objects will be +returned. The EVP_MD object may be NULL if the digest is not one of these (such +as a digest only implemented in a third party provider).

    +

    The EVP_PKEY_CTX_set_rsa_oaep_md_name() function sets the message digest type +used in RSA OAEP to the digest named mdname. If the RSA algorithm +implementation for the selected provider supports it then the digest will be +fetched using the properties mdprops. The padding mode must have been set to +RSA_PKCS1_OAEP_PADDING.

    +

    The EVP_PKEY_CTX_set_rsa_oaep_md() function does the same as +EVP_PKEY_CTX_set_rsa_oaep_md_name() except that the name of the digest is +inferred from the supplied md and it is not possible to specify any +properties.

    +

    The EVP_PKEY_CTX_get_rsa_oaep_md_name() function gets the message digest +algorithm name used in RSA OAEP and stores it in the buffer name which is of +size namelen. The padding mode must have been set to +RSA_PKCS1_OAEP_PADDING. The buffer should be sufficiently large for any +expected digest algorithm names or the function will fail.

    +

    The EVP_PKEY_CTX_get_rsa_oaep_md() function does the same as +EVP_PKEY_CTX_get_rsa_oaep_md_name() except that it returns a pointer to an +EVP_MD object instead. Note that only known, built-in EVP_MD objects will be +returned. The EVP_MD object may be NULL if the digest is not one of these (such +as a digest only implemented in a third party provider).

    +

    The EVP_PKEY_CTX_set0_rsa_oaep_label() function sets the RSA OAEP label to +label and its length to len. If label is NULL or len is 0, +the label is cleared. The library takes ownership of the label so the +caller should not free the original memory pointed to by label. +The padding mode must have been set to RSA_PKCS1_OAEP_PADDING.

    +

    The EVP_PKEY_CTX_get0_rsa_oaep_label() function gets the RSA OAEP label to +label. The return value is the label length. The padding mode +must have been set to RSA_PKCS1_OAEP_PADDING. The resulting pointer is owned +by the library and should not be freed by the caller.

    +

    RSA_PKCS1_WITH_TLS_PADDING is used when decrypting an RSA encrypted TLS +pre-master secret in a TLS ClientKeyExchange message. It is the same as +RSA_PKCS1_PADDING except that it additionally verifies that the result is the +correct length and the first two bytes are the protocol version initially +requested by the client. If the encrypted content is publicly invalid then the +decryption will fail. However, if the padding checks fail then decryption will +still appear to succeed but a random TLS premaster secret will be returned +instead. This padding mode accepts two parameters which can be set using the +EVP_PKEY_CTX_set_params(3) function. These are +OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION and +OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION, both of which are expected to be +unsigned integers. Normally only the first of these will be set and represents +the TLS protocol version that was first requested by the client (e.g. 0x0303 for +TLSv1.2, 0x0302 for TLSv1.1 etc). Historically some buggy clients would use the +negotiated protocol version instead of the protocol version first requested. If +this behaviour should be tolerated then +OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION should be set to the actual +negotiated protocol version. Otherwise it should be left unset.

    +

    +

    +

    DSA parameters

    +

    The EVP_PKEY_CTX_set_dsa_paramgen_bits() macro sets the number of bits used +for DSA parameter generation to nbits. If not specified, 2048 is used.

    +

    The EVP_PKEY_CTX_set_dsa_paramgen_q_bits() macro sets the number of bits in the +subprime parameter q for DSA parameter generation to qbits. If not +specified, 224 is used. If a digest function is specified below, this parameter +is ignored and instead, the number of bits in q matches the size of the +digest.

    +

    The EVP_PKEY_CTX_set_dsa_paramgen_md() macro sets the digest function used for +DSA parameter generation to md. If not specified, one of SHA-1, SHA-224, or +SHA-256 is selected to match the bit length of q above.

    +

    +

    +

    DH parameters

    +

    The EVP_PKEY_CTX_set_dh_paramgen_prime_len() macro sets the length of the DH +prime parameter p for DH parameter generation. If this macro is not called +then 2048 is used. Only accepts lengths greater than or equal to 256.

    +

    The EVP_PKEY_CTX_set_dh_paramgen_subprime_len() macro sets the length of the DH +optional subprime parameter q for DH parameter generation. The default is +256 if the prime is at least 2048 bits long or 160 otherwise. The DH +paramgen type must have been set to DH_PARAMGEN_TYPE_FIPS_186_2 or +DH_PARAMGEN_TYPE_FIPS_186_4.

    +

    The EVP_PKEY_CTX_set_dh_paramgen_generator() macro sets DH generator to gen +for DH parameter generation. If not specified 2 is used.

    +

    The EVP_PKEY_CTX_set_dh_paramgen_type() macro sets the key type for DH +parameter generation. The supported parameters are:

    +
    +
    DH_PARAMGEN_TYPE_GENERATOR
    + +
    +

    Uses a generator g (PKCS#3 format).

    +
    +
    DH_PARAMGEN_TYPE_FIPS_186_2
    + +
    +

    FIPS186-2 FFC parameter generator (X9.42 DH).

    +
    +
    DH_PARAMGEN_TYPE_FIPS_186_4
    + +
    +

    FIPS186-4 FFC parameter generator.

    +
    +
    +

    The default is DH_PARAMGEN_TYPE_GENERATOR.

    +

    The EVP_PKEY_CTX_set_dh_pad() function sets the DH padding mode. +If pad is 1 the shared secret is padded with zeros up to the size of the DH +prime p. +If pad is zero (the default) then no padding is performed.

    +

    EVP_PKEY_CTX_set_dh_nid() sets the DH parameters to values corresponding to +nid as defined in RFC7919 or RFC3526. The nid parameter must be +NID_ffdhe2048, NID_ffdhe3072, NID_ffdhe4096, NID_ffdhe6144, +NID_ffdhe8192, NID_modp_1536, NID_modp_2048, NID_modp_3072, +NID_modp_4096, NID_modp_6144, NID_modp_8192 or NID_undef to clear +the stored value. This macro can be called during parameter or key generation. +The nid parameter and the rfc5114 parameter are mutually exclusive.

    +

    The EVP_PKEY_CTX_set_dh_rfc5114() and EVP_PKEY_CTX_set_dhx_rfc5114() macros are +synonymous. They set the DH parameters to the values defined in RFC5114. The +rfc5114 parameter must be 1, 2 or 3 corresponding to RFC5114 sections +2.1, 2.2 and 2.3. or 0 to clear the stored value. This macro can be called +during parameter generation. The ctx must have a key type of +EVP_PKEY_DHX. +The rfc5114 parameter and the nid parameter are mutually exclusive.

    +

    +

    +

    DH key derivation function parameters

    +

    Note that all of the following functions require that the ctx parameter has +a private key type of EVP_PKEY_DHX. When using key derivation, the output of +EVP_PKEY_derive() is the output of the KDF instead of the DH shared secret. +The KDF output is typically used as a Key Encryption Key (KEK) that in turn +encrypts a Content Encryption Key (CEK).

    +

    The EVP_PKEY_CTX_set_dh_kdf_type() macro sets the key derivation function type +to kdf for DH key derivation. Possible values are EVP_PKEY_DH_KDF_NONE +and EVP_PKEY_DH_KDF_X9_42 which uses the key derivation specified in RFC2631 +(based on the keying algorithm described in X9.42). When using key derivation, +the kdf_oid, kdf_md and kdf_outlen parameters must also be specified.

    +

    The EVP_PKEY_CTX_get_dh_kdf_type() macro gets the key derivation function type +for ctx used for DH key derivation. Possible values are EVP_PKEY_DH_KDF_NONE +and EVP_PKEY_DH_KDF_X9_42.

    +

    The EVP_PKEY_CTX_set0_dh_kdf_oid() macro sets the key derivation function +object identifier to oid for DH key derivation. This OID should identify +the algorithm to be used with the Content Encryption Key. +The library takes ownership of the object identifier so the caller should not +free the original memory pointed to by oid.

    +

    The EVP_PKEY_CTX_get0_dh_kdf_oid() macro gets the key derivation function oid +for ctx used for DH key derivation. The resulting pointer is owned by the +library and should not be freed by the caller.

    +

    The EVP_PKEY_CTX_set_dh_kdf_md() macro sets the key derivation function +message digest to md for DH key derivation. Note that RFC2631 specifies +that this digest should be SHA1 but OpenSSL tolerates other digests.

    +

    The EVP_PKEY_CTX_get_dh_kdf_md() macro gets the key derivation function +message digest for ctx used for DH key derivation.

    +

    The EVP_PKEY_CTX_set_dh_kdf_outlen() macro sets the key derivation function +output length to len for DH key derivation.

    +

    The EVP_PKEY_CTX_get_dh_kdf_outlen() macro gets the key derivation function +output length for ctx used for DH key derivation.

    +

    The EVP_PKEY_CTX_set0_dh_kdf_ukm() macro sets the user key material to +ukm and its length to len for DH key derivation. This parameter is optional +and corresponds to the partyAInfo field in RFC2631 terms. The specification +requires that it is 512 bits long but this is not enforced by OpenSSL. +The library takes ownership of the user key material so the caller should not +free the original memory pointed to by ukm.

    +

    The EVP_PKEY_CTX_get0_dh_kdf_ukm() macro gets the user key material for ctx. +The return value is the user key material length. The resulting pointer is owned +by the library and should not be freed by the caller.

    +

    +

    +

    EC parameters

    +

    The EVP_PKEY_CTX_set_ec_paramgen_curve_nid() sets the EC curve for EC parameter +generation to nid. For EC parameter generation this macro must be called +or an error occurs because there is no default curve. +This function can also be called to set the curve explicitly when +generating an EC key.

    +

    The EVP_PKEY_CTX_set_ec_param_enc() macro sets the EC parameter encoding to +param_enc when generating EC parameters or an EC key. The encoding can be +OPENSSL_EC_EXPLICIT_CURVE for explicit parameters (the default in versions +of OpenSSL before 1.1.0) or OPENSSL_EC_NAMED_CURVE to use named curve form. +For maximum compatibility the named curve form should be used. Note: the +OPENSSL_EC_NAMED_CURVE value was added in OpenSSL 1.1.0; previous +versions should use 0 instead.

    +

    +

    +

    ECDH parameters

    +

    The EVP_PKEY_CTX_set_ecdh_cofactor_mode() macro sets the cofactor mode to +cofactor_mode for ECDH key derivation. Possible values are 1 to enable +cofactor key derivation, 0 to disable it and -1 to clear the stored cofactor +mode and fallback to the private key cofactor mode.

    +

    The EVP_PKEY_CTX_get_ecdh_cofactor_mode() macro returns the cofactor mode for +ctx used for ECDH key derivation. Possible values are 1 when cofactor key +derivation is enabled and 0 otherwise.

    +

    +

    +

    ECDH key derivation function parameters

    +

    The EVP_PKEY_CTX_set_ecdh_kdf_type() macro sets the key derivation function type +to kdf for ECDH key derivation. Possible values are EVP_PKEY_ECDH_KDF_NONE +and EVP_PKEY_ECDH_KDF_X9_63 which uses the key derivation specified in X9.63. +When using key derivation, the kdf_md and kdf_outlen parameters must +also be specified.

    +

    The EVP_PKEY_CTX_get_ecdh_kdf_type() macro returns the key derivation function +type for ctx used for ECDH key derivation. Possible values are +EVP_PKEY_ECDH_KDF_NONE and EVP_PKEY_ECDH_KDF_X9_63.

    +

    The EVP_PKEY_CTX_set_ecdh_kdf_md() macro sets the key derivation function +message digest to md for ECDH key derivation. Note that X9.63 specifies +that this digest should be SHA1 but OpenSSL tolerates other digests.

    +

    The EVP_PKEY_CTX_get_ecdh_kdf_md() macro gets the key derivation function +message digest for ctx used for ECDH key derivation.

    +

    The EVP_PKEY_CTX_set_ecdh_kdf_outlen() macro sets the key derivation function +output length to len for ECDH key derivation.

    +

    The EVP_PKEY_CTX_get_ecdh_kdf_outlen() macro gets the key derivation function +output length for ctx used for ECDH key derivation.

    +

    The EVP_PKEY_CTX_set0_ecdh_kdf_ukm() macro sets the user key material to ukm +for ECDH key derivation. This parameter is optional and corresponds to the +shared info in X9.63 terms. The library takes ownership of the user key material +so the caller should not free the original memory pointed to by ukm.

    +

    The EVP_PKEY_CTX_get0_ecdh_kdf_ukm() macro gets the user key material for ctx. +The return value is the user key material length. The resulting pointer is owned +by the library and should not be freed by the caller.

    +

    +

    +

    Other parameters

    +

    The EVP_PKEY_CTX_set1_id(), EVP_PKEY_CTX_get1_id() and EVP_PKEY_CTX_get1_id_len() +macros are used to manipulate the special identifier field for specific signature +algorithms such as SM2. The EVP_PKEY_CTX_set1_id() sets an ID pointed by id with +the length id_len to the library. The library takes a copy of the id so that +the caller can safely free the original memory pointed to by id. The +EVP_PKEY_CTX_get1_id_len() macro returns the length of the ID set via a previous +call to EVP_PKEY_CTX_set1_id(). The length is usually used to allocate adequate +memory for further calls to EVP_PKEY_CTX_get1_id(). The EVP_PKEY_CTX_get1_id() +macro returns the previously set ID value to caller in id. The caller should +allocate adequate memory space for the id before calling EVP_PKEY_CTX_get1_id().

    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_PKEY_CTX_set_params() returns 1 for success or 0 otherwise. +EVP_PKEY_CTX_settable_params() returns an OSSL_PARAM array on success or NULL on +error. +It may also return NULL if there are no settable parameters available.

    +

    All other functions and macros described on this page return a positive value +for success and 0 or a negative value for failure. In particular a return value +of -2 indicates the operation is not supported by the public key algorithm.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_PKEY_CTX_new(3), +EVP_PKEY_encrypt(3), +EVP_PKEY_decrypt(3), +EVP_PKEY_sign(3), +EVP_PKEY_verify(3), +EVP_PKEY_verify_recover(3), +EVP_PKEY_derive(3), +EVP_PKEY_keygen(3)

    +

    +

    +
    +

    HISTORY

    +

    EVP_PKEY_CTX_get_signature_md(), EVP_PKEY_CTX_set_signature_md(), +EVP_PKEY_CTX_set_dh_pad(), EVP_PKEY_CTX_set_rsa_padding(), +EVP_PKEY_CTX_get_rsa_padding(), EVP_PKEY_CTX_get_rsa_mgf1_md(), +EVP_PKEY_CTX_set_rsa_mgf1_md(), EVP_PKEY_CTX_set_rsa_oaep_md(), +EVP_PKEY_CTX_get_rsa_oaep_md(), EVP_PKEY_CTX_set0_rsa_oaep_label(), +EVP_PKEY_CTX_get0_rsa_oaep_label(), EVP_PKEY_CTX_set_rsa_pss_saltlen(), +EVP_PKEY_CTX_get_rsa_pss_saltlen(), were macros in OpenSSL 1.1.1 and below. +From OpenSSL 3.0 they are functions.

    +

    EVP_PKEY_CTX_get_rsa_oaep_md_name(), EVP_PKEY_CTX_get_rsa_mgf1_md_name(), +EVP_PKEY_CTX_set_rsa_mgf1_md_name() and EVP_PKEY_CTX_set_rsa_oaep_md_name() were +added in OpenSSL 3.0.

    +

    The EVP_PKEY_CTX_set1_id(), EVP_PKEY_CTX_get1_id() and +EVP_PKEY_CTX_get1_id_len() macros were added in 1.1.1, other functions were +added in OpenSSL 1.0.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_CTX_new.html b/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_CTX_new.html new file mode 100755 index 0000000..a4cf383 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_CTX_new.html @@ -0,0 +1,132 @@ + + + + +EVP_PKEY_CTX_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_PKEY_CTX_new, EVP_PKEY_CTX_new_id, EVP_PKEY_CTX_new_from_name, +EVP_PKEY_CTX_new_from_pkey, EVP_PKEY_CTX_dup, EVP_PKEY_CTX_free +- public key algorithm context functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e);
+ EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e);
+ EVP_PKEY_CTX *EVP_PKEY_CTX_new_from_name(OPENSSL_CTX *libctx,
+                                          const char *name,
+                                          const char *propquery);
+ EVP_PKEY_CTX *EVP_PKEY_CTX_new_from_pkey(OPENSSL_CTX *libctx,
+                                          EVP_PKEY *pkey);
+ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *ctx);
+ void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    The EVP_PKEY_CTX_new() function allocates public key algorithm context using +the pkey key type and ENGINE e.

    +

    The EVP_PKEY_CTX_new_id() function allocates public key algorithm context +using the key type specified by id and ENGINE e.

    +

    The EVP_PKEY_CTX_new_from_name() function allocates a public key algorithm +context using the library context libctx (see OPENSSL_CTX(3)), the +key type specified by name and the property query propquery. None +of the arguments are duplicated, so they must remain unchanged for the +lifetime of the returned EVP_PKEY_CTX or of any of its duplicates.

    +

    The EVP_PKEY_CTX_new_from_pkey() function allocates a public key algorithm +context using the library context libctx (see OPENSSL_CTX(3)) and the +algorithm specified by pkey and the property query propquery. None of the +arguments are duplicated, so they must remain unchanged for the lifetime of the +returned EVP_PKEY_CTX or any of its duplicates.

    +

    EVP_PKEY_CTX_new_id() and EVP_PKEY_CTX_new_from_name() are normally +used when no EVP_PKEY structure is associated with the operations, +for example during parameter generation or key generation for some +algorithms.

    +

    EVP_PKEY_CTX_dup() duplicates the context ctx.

    +

    EVP_PKEY_CTX_free() frees up the context ctx. +If ctx is NULL, nothing is done.

    +

    +

    +
    +

    NOTES

    +
      +
    1. +

      The EVP_PKEY_CTX structure is an opaque public key algorithm context used +by the OpenSSL high level public key API. Contexts MUST NOT be shared between +threads: that is it is not permissible to use the same context simultaneously +in two threads.

      +
      2. +
    2. +

      We mention "key type" in this manual, which is the same +as "algorithm" in most cases, allowing either term to be used +interchangeably. There are algorithms where the key type and the +algorithm of the operations that use the keys are not the same, +such as EC keys being used for ECDSA and ECDH operations.

      +
      3. +
    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_PKEY_CTX_new(), EVP_PKEY_CTX_new_id(), EVP_PKEY_CTX_dup() returns either +the newly allocated EVP_PKEY_CTX structure of NULL if an error occurred.

    +

    EVP_PKEY_CTX_free() does not return a value.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_PKEY_new(3)

    +

    +

    +
    +

    HISTORY

    +

    The EVP_PKEY_CTX_new(), EVP_PKEY_CTX_new_id(), EVP_PKEY_CTX_dup() and +EVP_PKEY_CTX_free() functions were added in OpenSSL 1.0.0.

    +

    The EVP_PKEY_CTX_new_from_name() and EVP_PKEY_CTX_new_from_pkey() functions were +added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_CTX_set1_pbe_pass.html b/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_CTX_set1_pbe_pass.html new file mode 100755 index 0000000..9216111 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_CTX_set1_pbe_pass.html @@ -0,0 +1,94 @@ + + + + +EVP_PKEY_CTX_set1_pbe_pass + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_PKEY_CTX_set1_pbe_pass +- generic KDF support functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/kdf.h>
    +
    + int EVP_PKEY_CTX_set1_pbe_pass(EVP_PKEY_CTX *pctx, unsigned char *pass,
+                                int passlen);
    +

    +

    +
    +

    DESCRIPTION

    +

    These functions are generic support functions for all KDF algorithms.

    +

    EVP_PKEY_CTX_set1_pbe_pass() sets the password to the passlen first +bytes from pass.

    +

    +

    +
    +

    STRING CTRLS

    +

    There is also support for string based control operations via +EVP_PKEY_CTX_ctrl_str(3). +The password can be directly specified using the type parameter +"pass" or given in hex encoding using the "hexpass" parameter.

    +

    +

    +
    +

    NOTES

    +

    All these functions are implemented as macros.

    +

    +

    +
    +

    RETURN VALUES

    +

    All these functions return 1 for success and 0 or a negative value for failure. +In particular a return value of -2 indicates the operation is not supported by +the public key algorithm.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_PKEY_CTX_new(3), +EVP_PKEY_CTX_ctrl_str(3), +EVP_PKEY_derive(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_CTX_set_hkdf_md.html b/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_CTX_set_hkdf_md.html new file mode 100755 index 0000000..072ebf9 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_CTX_set_hkdf_md.html @@ -0,0 +1,200 @@ + + + + +EVP_PKEY_CTX_set_hkdf_md + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_PKEY_CTX_set_hkdf_md, EVP_PKEY_CTX_set1_hkdf_salt, +EVP_PKEY_CTX_set1_hkdf_key, EVP_PKEY_CTX_add1_hkdf_info, +EVP_PKEY_CTX_hkdf_mode - +HMAC-based Extract-and-Expand key derivation algorithm

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/kdf.h>
    +
    + int EVP_PKEY_CTX_hkdf_mode(EVP_PKEY_CTX *pctx, int mode);
    +
    + int EVP_PKEY_CTX_set_hkdf_md(EVP_PKEY_CTX *pctx, const EVP_MD *md);
    +
    + int EVP_PKEY_CTX_set1_hkdf_salt(EVP_PKEY_CTX *pctx, unsigned char *salt,
+                                 int saltlen);
    +
    + int EVP_PKEY_CTX_set1_hkdf_key(EVP_PKEY_CTX *pctx, unsigned char *key,
+                                int keylen);
    +
    + int EVP_PKEY_CTX_add1_hkdf_info(EVP_PKEY_CTX *pctx, unsigned char *info,
+                                 int infolen);
    +

    +

    +
    +

    DESCRIPTION

    +

    The EVP_PKEY_HKDF algorithm implements the HKDF key derivation function. +HKDF follows the "extract-then-expand" paradigm, where the KDF logically +consists of two modules. The first stage takes the input keying material +and "extracts" from it a fixed-length pseudorandom key K. The second stage +"expands" the key K into several additional pseudorandom keys (the output +of the KDF).

    +

    EVP_PKEY_CTX_hkdf_mode() sets the mode for the HKDF operation. There are three +modes that are currently defined:

    +
    +
    EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND
    + +
    +

    This is the default mode. Calling EVP_PKEY_derive(3) on an EVP_PKEY_CTX set +up for HKDF will perform an extract followed by an expand operation in one go. +The derived key returned will be the result after the expand operation. The +intermediate fixed-length pseudorandom key K is not returned.

    +

    In this mode the digest, key, salt and info values must be set before a key is +derived or an error occurs.

    +
    +
    EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY
    + +
    +

    In this mode calling EVP_PKEY_derive(3) will just perform the extract +operation. The value returned will be the intermediate fixed-length pseudorandom +key K.

    +

    The digest, key and salt values must be set before a key is derived or an +error occurs.

    +
    +
    EVP_PKEY_HKDEF_MODE_EXPAND_ONLY
    + +
    +

    In this mode calling EVP_PKEY_derive(3) will just perform the expand +operation. The input key should be set to the intermediate fixed-length +pseudorandom key K returned from a previous extract operation.

    +

    The digest, key and info values must be set before a key is derived or an +error occurs.

    +
    +
    +

    EVP_PKEY_CTX_set_hkdf_md() sets the message digest associated with the HKDF.

    +

    EVP_PKEY_CTX_set1_hkdf_salt() sets the salt to saltlen bytes of the +buffer salt. Any existing value is replaced.

    +

    EVP_PKEY_CTX_set1_hkdf_key() sets the key to keylen bytes of the buffer +key. Any existing value is replaced.

    +

    EVP_PKEY_CTX_add1_hkdf_info() sets the info value to infolen bytes of the +buffer info. If a value is already set, it is appended to the existing +value.

    +

    +

    +
    +

    STRING CTRLS

    +

    HKDF also supports string based control operations via +EVP_PKEY_CTX_ctrl_str(3). +The type parameter "md" uses the supplied value as the name of the digest +algorithm to use. +The type parameter "mode" uses the values "EXTRACT_AND_EXPAND", +"EXTRACT_ONLY" and "EXPAND_ONLY" to determine the mode to use. +The type parameters "salt", "key" and "info" use the supplied value +parameter as a seed, key or info value. +The names "hexsalt", "hexkey" and "hexinfo" are similar except they take a hex +string which is converted to binary.

    +

    +

    +
    +

    NOTES

    +

    All these functions are implemented as macros.

    +

    A context for HKDF can be obtained by calling:

    +
    + EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
    +

    The total length of the info buffer cannot exceed 1024 bytes in length: this +should be more than enough for any normal use of HKDF.

    +

    The output length of an HKDF expand operation is specified via the length +parameter to the EVP_PKEY_derive(3) function. +Since the HKDF output length is variable, passing a NULL buffer as a means +to obtain the requisite length is not meaningful with HKDF in any mode that +performs an expand operation. Instead, the caller must allocate a buffer of the +desired length, and pass that buffer to EVP_PKEY_derive(3) along with (a +pointer initialized to) the desired length. Passing a NULL buffer to obtain +the length is allowed when using EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY.

    +

    Optimised versions of HKDF can be implemented in an ENGINE.

    +

    +

    +
    +

    RETURN VALUES

    +

    All these functions return 1 for success and 0 or a negative value for failure. +In particular a return value of -2 indicates the operation is not supported by +the public key algorithm.

    +

    +

    +
    +

    EXAMPLES

    +

    This example derives 10 bytes using SHA-256 with the secret key "secret", +salt value "salt" and info value "label":

    +
    + EVP_PKEY_CTX *pctx;
+ unsigned char out[10];
+ size_t outlen = sizeof(out);
+ pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
    +
    + if (EVP_PKEY_derive_init(pctx) <= 0)
+     /* Error */
+ if (EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()) <= 0)
+     /* Error */
+ if (EVP_PKEY_CTX_set1_hkdf_salt(pctx, "salt", 4) <= 0)
+     /* Error */
+ if (EVP_PKEY_CTX_set1_hkdf_key(pctx, "secret", 6) <= 0)
+     /* Error */
+ if (EVP_PKEY_CTX_add1_hkdf_info(pctx, "label", 5) <= 0)
+     /* Error */
+ if (EVP_PKEY_derive(pctx, out, &outlen) <= 0)
+     /* Error */
    +

    +

    +
    +

    CONFORMING TO

    +

    RFC 5869

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_PKEY_CTX_new(3), +EVP_PKEY_CTX_ctrl_str(3), +EVP_PKEY_derive(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.html b/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.html new file mode 100755 index 0000000..442ce71 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.html @@ -0,0 +1,133 @@ + + + + +EVP_PKEY_CTX_set_rsa_pss_keygen_md + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_PKEY_CTX_set_rsa_pss_keygen_md, +EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md, +EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen +- EVP_PKEY RSA-PSS algorithm support functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/rsa.h>
    +
    + int EVP_PKEY_CTX_set_rsa_pss_keygen_md(EVP_PKEY_CTX *pctx,
+                                        const EVP_MD *md);
+ int EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(EVP_PKEY_CTX *pctx,
+                                             const EVP_MD *md);
+ int EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(EVP_PKEY_CTX *pctx,
+                                             int saltlen);
    +

    +

    +
    +

    DESCRIPTION

    +

    These are the functions that implement RSA-PSS(7).

    +

    +

    +

    Signing and Verification

    +

    The macro EVP_PKEY_CTX_set_rsa_padding() is supported but an error is +returned if an attempt is made to set the padding mode to anything other +than PSS. It is otherwise similar to the RSA version.

    +

    The EVP_PKEY_CTX_set_rsa_pss_saltlen() macro is used to set the salt length. +If the key has usage restrictions then an error is returned if an attempt is +made to set the salt length below the minimum value. It is otherwise similar +to the RSA operation except detection of the salt length (using +RSA_PSS_SALTLEN_AUTO) is not supported for verification if the key has +usage restrictions.

    +

    The EVP_PKEY_CTX_set_signature_md(3) and EVP_PKEY_CTX_set_rsa_mgf1_md(3) +fuunctions are used to set the digest and MGF1 algorithms respectively. If the +key has usage restrictions then an error is returned if an attempt is made to +set the digest to anything other than the restricted value. Otherwise these are +similar to the RSA versions.

    +

    +

    +

    Key Generation

    +

    As with RSA key generation the EVP_PKEY_CTX_set_rsa_keygen_bits() +and EVP_PKEY_CTX_set_rsa_keygen_pubexp() macros are supported for RSA-PSS: +they have exactly the same meaning as for the RSA algorithm.

    +

    Optional parameter restrictions can be specified when generating a PSS key. +If any restrictions are set (using the macros described below) then all +parameters are restricted. For example, setting a minimum salt length also +restricts the digest and MGF1 algorithms. If any restrictions are in place +then they are reflected in the corresponding parameters of the public key +when (for example) a certificate request is signed.

    +

    EVP_PKEY_CTX_set_rsa_pss_keygen_md() restricts the digest algorithm the +generated key can use to md.

    +

    EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md() restricts the MGF1 algorithm the +generated key can use to md.

    +

    EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen() restricts the minimum salt length +to saltlen.

    +

    +

    +
    +

    NOTES

    +

    A context for the RSA-PSS algorithm can be obtained by calling:

    +
    + EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA_PSS, NULL);
    +

    +

    +
    +

    RETURN VALUES

    +

    All these functions return 1 for success and 0 or a negative value for failure. +In particular a return value of -2 indicates the operation is not supported by +the public key algorithm.

    +

    +

    +
    +

    SEE ALSO

    +

    RSA-PSS(7), +EVP_PKEY_CTX_new(3), +EVP_PKEY_CTX_ctrl_str(3), +EVP_PKEY_derive(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_CTX_set_scrypt_N.html b/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_CTX_set_scrypt_N.html new file mode 100755 index 0000000..7f6c25b --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_CTX_set_scrypt_N.html @@ -0,0 +1,125 @@ + + + + +EVP_PKEY_CTX_set_scrypt_N + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_PKEY_CTX_set1_scrypt_salt, +EVP_PKEY_CTX_set_scrypt_N, +EVP_PKEY_CTX_set_scrypt_r, +EVP_PKEY_CTX_set_scrypt_p, +EVP_PKEY_CTX_set_scrypt_maxmem_bytes +- EVP_PKEY scrypt KDF support functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/kdf.h>
    +
    + int EVP_PKEY_CTX_set1_scrypt_salt(EVP_PKEY_CTX *pctx, unsigned char *salt,
+                                   int saltlen);
    +
    + int EVP_PKEY_CTX_set_scrypt_N(EVP_PKEY_CTX *pctx, uint64_t N);
    +
    + int EVP_PKEY_CTX_set_scrypt_r(EVP_PKEY_CTX *pctx, uint64_t r);
    +
    + int EVP_PKEY_CTX_set_scrypt_p(EVP_PKEY_CTX *pctx, uint64_t p);
    +
    + int EVP_PKEY_CTX_set_scrypt_maxmem_bytes(EVP_PKEY_CTX *pctx,
+                                          uint64_t maxmem);
    +

    +

    +
    +

    DESCRIPTION

    +

    These functions are used to set up the necessary data to use the +scrypt KDF. +For more information on scrypt, see EVP_KDF-SCRYPT(7).

    +

    EVP_PKEY_CTX_set1_scrypt_salt() sets the saltlen bytes long salt +value.

    +

    EVP_PKEY_CTX_set_scrypt_N(), EVP_PKEY_CTX_set_scrypt_r() and +EVP_PKEY_CTX_set_scrypt_p() configure the work factors N, r and p.

    +

    EVP_PKEY_CTX_set_scrypt_maxmem_bytes() sets how much RAM key +derivation may maximally use, given in bytes. +If RAM is exceeded because the load factors are chosen too high, the +key derivation will fail.

    +

    +

    +
    +

    STRING CTRLS

    +

    scrypt also supports string based control operations via +EVP_PKEY_CTX_ctrl_str(3). +Similarly, the salt can either be specified using the type +parameter "salt" or in hex encoding by using the "hexsalt" parameter. +The work factors N, r and p as well as maxmem_bytes can be +set by using the parameters "N", "r", "p" and "maxmem_bytes", +respectively.

    +

    +

    +
    +

    NOTES

    +

    There is a newer generic API for KDFs, EVP_KDF(3), which is +preferred over the EVP_PKEY method.

    +

    The scrypt KDF also uses EVP_PKEY_CTX_set1_pbe_pass() as well as +the value from the string controls "pass" and "hexpass". +See EVP_PKEY_CTX_set1_pbe_pass(3).

    +

    All the functions described here are implemented as macros.

    +

    +

    +
    +

    RETURN VALUES

    +

    All these functions return 1 for success and 0 or a negative value for +failure. +In particular a return value of -2 indicates the operation is not +supported by the public key algorithm.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_KDF(3) +EVP_PKEY_CTX_new(3), +EVP_PKEY_CTX_ctrl_str(3), +EVP_PKEY_derive(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_CTX_set_tls1_prf_md.html b/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_CTX_set_tls1_prf_md.html new file mode 100755 index 0000000..1771392 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_CTX_set_tls1_prf_md.html @@ -0,0 +1,144 @@ + + + + +EVP_PKEY_CTX_set_tls1_prf_md + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_PKEY_CTX_set_tls1_prf_md, +EVP_PKEY_CTX_set1_tls1_prf_secret, EVP_PKEY_CTX_add1_tls1_prf_seed - +TLS PRF key derivation algorithm

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/kdf.h>
    +
    + int EVP_PKEY_CTX_set_tls1_prf_md(EVP_PKEY_CTX *pctx, const EVP_MD *md);
+ int EVP_PKEY_CTX_set1_tls1_prf_secret(EVP_PKEY_CTX *pctx,
+                                       unsigned char *sec, int seclen);
+ int EVP_PKEY_CTX_add1_tls1_prf_seed(EVP_PKEY_CTX *pctx,
+                                     unsigned char *seed, int seedlen);
    +

    +

    +
    +

    DESCRIPTION

    +

    The EVP_PKEY_TLS1_PRF algorithm implements the PRF key derivation function for +TLS. It has no associated private key and only implements key derivation +using EVP_PKEY_derive(3).

    +

    EVP_PKEY_set_tls1_prf_md() sets the message digest associated with the +TLS PRF. EVP_md5_sha1() is treated as a special case which uses the PRF +algorithm using both MD5 and SHA1 as used in TLS 1.0 and 1.1.

    +

    EVP_PKEY_CTX_set_tls1_prf_secret() sets the secret value of the TLS PRF +to seclen bytes of the buffer sec. Any existing secret value is replaced +and any seed is reset.

    +

    EVP_PKEY_CTX_add1_tls1_prf_seed() sets the seed to seedlen bytes of seed. +If a seed is already set it is appended to the existing value.

    +

    +

    +
    +

    STRING CTRLS

    +

    The TLS PRF also supports string based control operations using +EVP_PKEY_CTX_ctrl_str(3). +The type parameter "md" uses the supplied value as the name of the digest +algorithm to use. +The type parameters "secret" and "seed" use the supplied value parameter +as a secret or seed value. +The names "hexsecret" and "hexseed" are similar except they take a hex string +which is converted to binary.

    +

    +

    +
    +

    NOTES

    +

    All these functions are implemented as macros.

    +

    A context for the TLS PRF can be obtained by calling:

    +
    + EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL);
    +

    The digest, secret value and seed must be set before a key is derived or an +error occurs.

    +

    The total length of all seeds cannot exceed 1024 bytes in length: this should +be more than enough for any normal use of the TLS PRF.

    +

    The output length of the PRF is specified by the length parameter in the +EVP_PKEY_derive() function. Since the output length is variable, setting +the buffer to NULL is not meaningful for the TLS PRF.

    +

    Optimised versions of the TLS PRF can be implemented in an ENGINE.

    +

    +

    +
    +

    RETURN VALUES

    +

    All these functions return 1 for success and 0 or a negative value for failure. +In particular a return value of -2 indicates the operation is not supported by +the public key algorithm.

    +

    +

    +
    +

    EXAMPLES

    +

    This example derives 10 bytes using SHA-256 with the secret key "secret" +and seed value "seed":

    +
    + EVP_PKEY_CTX *pctx;
+ unsigned char out[10];
+ size_t outlen = sizeof(out);
    +
    + pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL);
+ if (EVP_PKEY_derive_init(pctx) <= 0)
+     /* Error */
+ if (EVP_PKEY_CTX_set_tls1_prf_md(pctx, EVP_sha256()) <= 0)
+     /* Error */
+ if (EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, "secret", 6) <= 0)
+     /* Error */
+ if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, "seed", 4) <= 0)
+     /* Error */
+ if (EVP_PKEY_derive(pctx, out, &outlen) <= 0)
+     /* Error */
    +

    +

    +
    +

    SEE ALSO

    +

    EVP_PKEY_CTX_new(3), +EVP_PKEY_CTX_ctrl_str(3), +EVP_PKEY_derive(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_asn1_get_count.html b/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_asn1_get_count.html new file mode 100755 index 0000000..c85ccef --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_asn1_get_count.html @@ -0,0 +1,110 @@ + + + + +EVP_PKEY_asn1_get_count + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_PKEY_asn1_find, +EVP_PKEY_asn1_find_str, +EVP_PKEY_asn1_get_count, +EVP_PKEY_asn1_get0, +EVP_PKEY_asn1_get0_info +- enumerate public key ASN.1 methods

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + int EVP_PKEY_asn1_get_count(void);
+ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx);
+ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type);
+ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe,
+                                                    const char *str, int len);
+ int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *pkey_base_id,
+                             int *ppkey_flags, const char **pinfo,
+                             const char **ppem_str,
+                             const EVP_PKEY_ASN1_METHOD *ameth);
    +

    +

    +
    +

    DESCRIPTION

    +

    EVP_PKEY_asn1_count() returns a count of the number of public key +ASN.1 methods available: it includes standard methods and any methods +added by the application.

    +

    EVP_PKEY_asn1_get0() returns the public key ASN.1 method idx. +The value of idx must be between zero and EVP_PKEY_asn1_get_count() +- 1.

    +

    EVP_PKEY_asn1_find() looks up the EVP_PKEY_ASN1_METHOD with NID +type. +If pe isn't NULL, then it will look up an engine implementing a +EVP_PKEY_ASN1_METHOD for the NID type and return that instead, +and also set *pe to point at the engine that implements it.

    +

    EVP_PKEY_asn1_find_str() looks up the EVP_PKEY_ASN1_METHOD with PEM +type string str. +Just like EVP_PKEY_asn1_find(), if pe isn't NULL, then it will +look up an engine implementing a EVP_PKEY_ASN1_METHOD for the NID +type and return that instead, and also set *pe to point at the +engine that implements it.

    +

    EVP_PKEY_asn1_get0_info() returns the public key ID, base public key +ID (both NIDs), any flags, the method description and PEM type string +associated with the public key ASN.1 method *ameth.

    +

    EVP_PKEY_asn1_count(), EVP_PKEY_asn1_get0(), EVP_PKEY_asn1_find() and +EVP_PKEY_asn1_find_str() are not thread safe, but as long as all +EVP_PKEY_ASN1_METHOD objects are added before the application gets +threaded, using them is safe. See EVP_PKEY_asn1_add0(3).

    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_PKEY_asn1_count() returns the number of available public key methods.

    +

    EVP_PKEY_asn1_get0() return a public key method or NULL if idx is +out of range.

    +

    EVP_PKEY_asn1_get0_info() returns 0 on failure, 1 on success.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_PKEY_asn1_new(3), EVP_PKEY_asn1_add0(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_check.html b/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_check.html new file mode 100755 index 0000000..3d061eb --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_check.html @@ -0,0 +1,108 @@ + + + + +EVP_PKEY_check + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_PKEY_check, EVP_PKEY_param_check, EVP_PKEY_public_check, +EVP_PKEY_private_check, EVP_PKEY_pairwise_check +- key and parameter validation functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + int EVP_PKEY_check(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_private_check(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_pairwise_check(EVP_PKEY_CTX *ctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    EVP_PKEY_param_check() validates the parameters component of the key +given by ctx.

    +

    EVP_PKEY_public_check() validates the public component of the key given by ctx.

    +

    EVP_PKEY_private_check() validates the private component of the key given by ctx.

    +

    EVP_PKEY_pairwise_check() validates that the public and private components have +the correct mathematical relationship to each other for the key given by ctx.

    +

    EVP_PKEY_check() validates all components of a key given by ctx.

    +

    +

    +
    +

    NOTES

    +

    Refer to SP800-56A and SP800-56B for rules relating to when these functions +should be called during key establishment. +It is not necessary to call these functions after locally calling an approved key +generation method, but may be required for assurance purposes when receiving +keys from a third party.

    +

    In OpenSSL an EVP_PKEY structure containing a private key also contains the +public key components and parameters (if any). An OpenSSL private key is +equivalent to what some libraries call a "key pair". A private key can be used +in functions which require the use of a public key or parameters.

    +

    +

    +
    +

    RETURN VALUES

    +

    All functions return 1 for success or others for failure. +They return -2 if the operation is not supported for the specific algorithm.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_PKEY_CTX_new(3), +EVP_PKEY_fromdata(3),

    +

    +

    +
    +

    HISTORY

    +

    EVP_PKEY_check(), EVP_PKEY_public_check() and EVP_PKEY_param_check() were added +in OpenSSL 1.1.1.

    +

    EVP_PKEY_private_check() and EVP_PKEY_pairwise_check() were added +in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_cmp.html b/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_cmp.html new file mode 100755 index 0000000..d170a85 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_cmp.html @@ -0,0 +1,106 @@ + + + + +EVP_PKEY_cmp + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_PKEY_copy_parameters, EVP_PKEY_missing_parameters, EVP_PKEY_cmp_parameters, +EVP_PKEY_cmp - public key parameter and comparison functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey);
+ int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from);
    +
    + int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b);
+ int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b);
    +

    +

    +
    +

    DESCRIPTION

    +

    The function EVP_PKEY_missing_parameters() returns 1 if the public key +parameters of pkey are missing and 0 if they are present or the algorithm +doesn't use parameters.

    +

    The function EVP_PKEY_copy_parameters() copies the parameters from key +from to key to. An error is returned if the parameters are missing in +from or present in both from and to and mismatch. If the parameters +in from and to are both present and match this function has no effect.

    +

    The function EVP_PKEY_cmp_parameters() compares the parameters of keys +a and b.

    +

    The function EVP_PKEY_cmp() compares the public key components and parameters +(if present) of keys a and b.

    +

    +

    +
    +

    NOTES

    +

    The main purpose of the functions EVP_PKEY_missing_parameters() and +EVP_PKEY_copy_parameters() is to handle public keys in certificates where the +parameters are sometimes omitted from a public key if they are inherited from +the CA that signed it.

    +

    Since OpenSSL private keys contain public key components too the function +EVP_PKEY_cmp() can also be used to determine if a private key matches +a public key.

    +

    +

    +
    +

    RETURN VALUES

    +

    The function EVP_PKEY_missing_parameters() returns 1 if the public key +parameters of pkey are missing and 0 if they are present or the algorithm +doesn't use parameters.

    +

    These functions EVP_PKEY_copy_parameters() returns 1 for success and 0 for +failure.

    +

    The function EVP_PKEY_cmp_parameters() and EVP_PKEY_cmp() return 1 if the +keys match, 0 if they don't match, -1 if the key types are different and +-2 if the operation is not supported.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_PKEY_CTX_new(3), +EVP_PKEY_keygen(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_decrypt.html b/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_decrypt.html new file mode 100755 index 0000000..e82ced5 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_decrypt.html @@ -0,0 +1,146 @@ + + + + +EVP_PKEY_decrypt + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_PKEY_decrypt_init, EVP_PKEY_decrypt - decrypt using a public key algorithm

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx,
+                      unsigned char *out, size_t *outlen,
+                      const unsigned char *in, size_t inlen);
    +

    +

    +
    +

    DESCRIPTION

    +

    The EVP_PKEY_decrypt_init() function initializes a public key algorithm +context using key pkey for a decryption operation.

    +

    The EVP_PKEY_decrypt() function performs a public key decryption operation +using ctx. The data to be decrypted is specified using the in and +inlen parameters. If out is NULL then the maximum size of the output +buffer is written to the outlen parameter. If out is not NULL then +before the call the outlen parameter should contain the length of the +out buffer, if the call is successful the decrypted data is written to +out and the amount of data written to outlen.

    +

    +

    +
    +

    NOTES

    +

    After the call to EVP_PKEY_decrypt_init() algorithm specific control +operations can be performed to set any appropriate parameters for the +operation.

    +

    The function EVP_PKEY_decrypt() can be called more than once on the same +context if several operations are performed using the same parameters.

    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_PKEY_decrypt_init() and EVP_PKEY_decrypt() return 1 for success and 0 +or a negative value for failure. In particular a return value of -2 +indicates the operation is not supported by the public key algorithm.

    +

    +

    +
    +

    EXAMPLES

    +

    Decrypt data using OAEP (for RSA keys):

    +
    + #include <openssl/evp.h>
+ #include <openssl/rsa.h>
    +
    + EVP_PKEY_CTX *ctx;
+ ENGINE *eng;
+ unsigned char *out, *in;
+ size_t outlen, inlen;
+ EVP_PKEY *key;
    +
    + /*
+  * NB: assumes key, eng, in, inlen are already set up
+  * and that key is an RSA private key
+  */
+ ctx = EVP_PKEY_CTX_new(key, eng);
+ if (!ctx)
+     /* Error occurred */
+ if (EVP_PKEY_decrypt_init(ctx) <= 0)
+     /* Error */
+ if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_OAEP_PADDING) <= 0)
+     /* Error */
    +
    + /* Determine buffer length */
+ if (EVP_PKEY_decrypt(ctx, NULL, &outlen, in, inlen) <= 0)
+     /* Error */
    +
    + out = OPENSSL_malloc(outlen);
    +
    + if (!out)
+     /* malloc failure */
    +
    + if (EVP_PKEY_decrypt(ctx, out, &outlen, in, inlen) <= 0)
+     /* Error */
    +
    + /* Decrypted data is outlen bytes written to buffer out */
    +

    +

    +
    +

    SEE ALSO

    +

    EVP_PKEY_CTX_new(3), +EVP_PKEY_encrypt(3), +EVP_PKEY_sign(3), +EVP_PKEY_verify(3), +EVP_PKEY_verify_recover(3), +EVP_PKEY_derive(3)

    +

    +

    +
    +

    HISTORY

    +

    These functions were added in OpenSSL 1.0.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_derive.html b/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_derive.html new file mode 100755 index 0000000..cd8fa45 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_derive.html @@ -0,0 +1,149 @@ + + + + +EVP_PKEY_derive + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_PKEY_derive_init, EVP_PKEY_derive_set_peer, EVP_PKEY_derive +- derive public key algorithm shared secret

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer);
+ int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
    +

    +

    +
    +

    DESCRIPTION

    +

    EVP_PKEY_derive_init() initializes a public key algorithm context ctx for +shared secret derivation using the algorithm given when the context was created +using EVP_PKEY_CTX_new(3) or variants thereof. The algorithm is used to +fetch a EVP_KEYEXCH method implicitly, see provider(7)/Implicit fetch for +more information about implict fetches.

    +

    EVP_PKEY_derive_set_peer() sets the peer key: this will normally +be a public key.

    +

    EVP_PKEY_derive() derives a shared secret using ctx. +If key is NULL then the maximum size of the output buffer is written to the +keylen parameter. If key is not NULL then before the call the keylen +parameter should contain the length of the key buffer, if the call is +successful the shared secret is written to key and the amount of data +written to keylen.

    +

    +

    +
    +

    NOTES

    +

    After the call to EVP_PKEY_derive_init(), algorithm +specific control operations can be performed to set any appropriate parameters +for the operation.

    +

    The function EVP_PKEY_derive() can be called more than once on the same +context if several operations are performed using the same parameters.

    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_PKEY_derive_init() and EVP_PKEY_derive() return 1 +for success and 0 or a negative value for failure. +In particular a return value of -2 indicates the operation is not supported by +the public key algorithm.

    +

    +

    +
    +

    EXAMPLES

    +

    Derive shared secret (for example DH or EC keys):

    +
    + #include <openssl/evp.h>
+ #include <openssl/rsa.h>
    +
    + EVP_PKEY_CTX *ctx;
+ ENGINE *eng;
+ unsigned char *skey;
+ size_t skeylen;
+ EVP_PKEY *pkey, *peerkey;
+ /* NB: assumes pkey, eng, peerkey have been already set up */
    +
    + ctx = EVP_PKEY_CTX_new(pkey, eng);
+ if (!ctx)
+     /* Error occurred */
+ if (EVP_PKEY_derive_init(ctx) <= 0)
+     /* Error */
+ if (EVP_PKEY_derive_set_peer(ctx, peerkey) <= 0)
+     /* Error */
    +
    + /* Determine buffer length */
+ if (EVP_PKEY_derive(ctx, NULL, &skeylen) <= 0)
+     /* Error */
    +
    + skey = OPENSSL_malloc(skeylen);
    +
    + if (!skey)
+     /* malloc failure */
    +
    + if (EVP_PKEY_derive(ctx, skey, &skeylen) <= 0)
+     /* Error */
    +
    + /* Shared secret is skey bytes written to buffer skey */
    +

    +

    +
    +

    SEE ALSO

    +

    EVP_PKEY_CTX_new(3), +EVP_PKEY_encrypt(3), +EVP_PKEY_decrypt(3), +EVP_PKEY_sign(3), +EVP_PKEY_verify(3), +EVP_PKEY_verify_recover(3), +EVP_KEYEXCH_fetch(3)

    +

    +

    +
    +

    HISTORY

    +

    These functions were added in OpenSSL 1.0.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_encrypt.html b/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_encrypt.html new file mode 100755 index 0000000..9b4097f --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_encrypt.html @@ -0,0 +1,151 @@ + + + + +EVP_PKEY_encrypt + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_PKEY_encrypt_init, EVP_PKEY_encrypt - encrypt using a public key algorithm

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx,
+                      unsigned char *out, size_t *outlen,
+                      const unsigned char *in, size_t inlen);
    +

    +

    +
    +

    DESCRIPTION

    +

    The EVP_PKEY_encrypt_init() function initializes a public key algorithm +context using key pkey for an encryption operation.

    +

    The EVP_PKEY_encrypt() function performs a public key encryption operation +using ctx. The data to be encrypted is specified using the in and +inlen parameters. If out is NULL then the maximum size of the output +buffer is written to the outlen parameter. If out is not NULL then +before the call the outlen parameter should contain the length of the +out buffer, if the call is successful the encrypted data is written to +out and the amount of data written to outlen.

    +

    +

    +
    +

    NOTES

    +

    After the call to EVP_PKEY_encrypt_init() algorithm specific control +operations can be performed to set any appropriate parameters for the +operation.

    +

    The function EVP_PKEY_encrypt() can be called more than once on the same +context if several operations are performed using the same parameters.

    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_PKEY_encrypt_init() and EVP_PKEY_encrypt() return 1 for success and 0 +or a negative value for failure. In particular a return value of -2 +indicates the operation is not supported by the public key algorithm.

    +

    +

    +
    +

    EXAMPLES

    +

    Encrypt data using OAEP (for RSA keys). See also PEM_read_PUBKEY(3) or +d2i_X509(3) for means to load a public key. You may also simply +set 'eng = NULL;' to start with the default OpenSSL RSA implementation:

    +
    + #include <openssl/evp.h>
+ #include <openssl/rsa.h>
+ #include <openssl/engine.h>
    +
    + EVP_PKEY_CTX *ctx;
+ ENGINE *eng;
+ unsigned char *out, *in;
+ size_t outlen, inlen;
+ EVP_PKEY *key;
    +
    + /*
+  * NB: assumes eng, key, in, inlen are already set up,
+  * and that key is an RSA public key
+  */
+ ctx = EVP_PKEY_CTX_new(key, eng);
+ if (!ctx)
+     /* Error occurred */
+ if (EVP_PKEY_encrypt_init(ctx) <= 0)
+     /* Error */
+ if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_OAEP_PADDING) <= 0)
+     /* Error */
    +
    + /* Determine buffer length */
+ if (EVP_PKEY_encrypt(ctx, NULL, &outlen, in, inlen) <= 0)
+     /* Error */
    +
    + out = OPENSSL_malloc(outlen);
    +
    + if (!out)
+     /* malloc failure */
    +
    + if (EVP_PKEY_encrypt(ctx, out, &outlen, in, inlen) <= 0)
+     /* Error */
    +
    + /* Encrypted data is outlen bytes written to buffer out */
    +

    +

    +
    +

    SEE ALSO

    +

    d2i_X509(3), +ENGINE_by_id(3), +EVP_PKEY_CTX_new(3), +EVP_PKEY_decrypt(3), +EVP_PKEY_sign(3), +EVP_PKEY_verify(3), +EVP_PKEY_verify_recover(3), +EVP_PKEY_derive(3)

    +

    +

    +
    +

    HISTORY

    +

    These functions were added in OpenSSL 1.0.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_fromdata.html b/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_fromdata.html new file mode 100755 index 0000000..741cac3 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_fromdata.html @@ -0,0 +1,106 @@ + + + + +EVP_PKEY_fromdata + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_PKEY_param_fromdata_init, EVP_PKEY_key_fromdata_init, EVP_PKEY_fromdata, +EVP_PKEY_param_fromdata_settable, EVP_PKEY_key_fromdata_settable +- functions to create key parameters and keys from user data

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + int EVP_PKEY_param_fromdata_init(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_key_fromdata_init(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_fromdata(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey, OSSL_PARAM params[]);
+ const OSSL_PARAM *EVP_PKEY_param_fromdata_settable(EVP_PKEY_CTX *ctx);
+ const OSSL_PARAM *EVP_PKEY_key_fromdata_settable(EVP_PKEY_CTX *ctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    EVP_PKEY_param_fromdata_init() initializes a public key algorithm context +for creating key parameters from user data.

    +

    EVP_PKEY_key_fromdata_init() initializes a public key algorithm context for +creating a key from user data.

    +

    EVP_PKEY_fromdata() creates key parameters or a key, given data from +params and a context that's been initialized with +EVP_PKEY_param_fromdata_init() or EVP_PKEY_key_fromdata_init(). The result is +written to *ppkey. The parameters that can be used for various types of key +are as described in the "Built-in RSA Import/Export Types" section on the +provider-keymgmt(7) page.

    +

    EVP_PKEY_param_fromdata_settable() and EVP_PKEY_key_fromdata_settable() +get a constant OSSL_PARAM array that describes the settable parameters +that can be used with EVP_PKEY_fromdata(). +See OSSL_PARAM(3) for the use of OSSL_PARAM as parameter descriptor.

    +

    +

    +
    +

    NOTES

    +

    These functions only work with key management methods coming from a +provider.

    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_PKEY_key_fromdata_init(), EVP_PKEY_param_fromdata_init() and +EVP_PKEY_fromdata() return 1 for success and 0 or a negative value for +failure. In particular a return value of -2 indicates the operation is +not supported by the public key algorithm.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_PKEY_CTX_new(3), provider(7)

    +

    +

    +
    +

    HISTORY

    +

    These functions were added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_get_default_digest_nid.html b/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_get_default_digest_nid.html new file mode 100755 index 0000000..5150376 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_get_default_digest_nid.html @@ -0,0 +1,106 @@ + + + + +EVP_PKEY_get_default_digest_nid + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_PKEY_get_default_digest_nid, EVP_PKEY_get_default_digest_name +- get default signature digest

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + int EVP_PKEY_get_default_digest_name(EVP_PKEY *pkey,
+                                      char *mdname, size_t mdname_sz)
+ int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid);
    +

    +

    +
    +

    DESCRIPTION

    +

    EVP_PKEY_get_default_digest_name() fills in the default message digest +name for the public key signature operations associated with key +pkey into mdname, up to at most mdname_sz bytes including the +ending NUL byte.

    +

    EVP_PKEY_get_default_digest_nid() sets pnid to the default message +digest NID for the public key signature operations associated with key +pkey. Note that some signature algorithms (i.e. Ed25519 and Ed448) +do not use a digest during signing. In this case pnid will be set +to NID_undef. This function is only reliable for legacy keys, which +are keys with a EVP_PKEY_ASN1_METHOD; these keys have typically +been loaded from engines, or created with EVP_PKEY_assign_RSA(3) or +similar.

    +

    +

    +
    +

    NOTES

    +

    For all current standard OpenSSL public key algorithms SHA256 is returned.

    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_PKEY_get_default_digest_name() and EVP_PKEY_get_default_digest_nid() +both return 1 if the message digest is advisory (that is other digests +can be used) and 2 if it is mandatory (other digests can not be used). +They return 0 or a negative value for failure. In particular a return +value of -2 indicates the operation is not supported by the public key +algorithm.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_PKEY_CTX_new(3), +EVP_PKEY_sign(3), +EVP_PKEY_supports_digest_nid(3), +EVP_PKEY_verify(3), +EVP_PKEY_verify_recover(3),

    +

    +

    +
    +

    HISTORY

    +

    This function was added in OpenSSL 1.0.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_keygen.html b/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_keygen.html new file mode 100755 index 0000000..a85f863 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_keygen.html @@ -0,0 +1,213 @@ + + + + +EVP_PKEY_keygen + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_PKEY_keygen_init, EVP_PKEY_keygen, EVP_PKEY_paramgen_init, +EVP_PKEY_paramgen, EVP_PKEY_CTX_set_cb, EVP_PKEY_CTX_get_cb, +EVP_PKEY_CTX_get_keygen_info, EVP_PKEY_CTX_set_app_data, +EVP_PKEY_CTX_get_app_data, +EVP_PKEY_gen_cb +- key and parameter generation and check functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
+ int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
    +
    + typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx);
    +
    + void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb);
+ EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx);
    +
    + int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx);
    +
    + void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data);
+ void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    The EVP_PKEY_keygen_init() function initializes a public key algorithm +context using key pkey for a key generation operation.

    +

    The EVP_PKEY_keygen() function performs a key generation operation, the +generated key is written to ppkey.

    +

    The functions EVP_PKEY_paramgen_init() and EVP_PKEY_paramgen() are similar +except parameters are generated.

    +

    The function EVP_PKEY_set_cb() sets the key or parameter generation callback +to cb. The function EVP_PKEY_CTX_get_cb() returns the key or parameter +generation callback.

    +

    The function EVP_PKEY_CTX_get_keygen_info() returns parameters associated +with the generation operation. If idx is -1 the total number of +parameters available is returned. Any non negative value returns the value of +that parameter. EVP_PKEY_CTX_gen_keygen_info() with a non-negative value for +idx should only be called within the generation callback.

    +

    If the callback returns 0 then the key generation operation is aborted and an +error occurs. This might occur during a time consuming operation where +a user clicks on a "cancel" button.

    +

    The functions EVP_PKEY_CTX_set_app_data() and EVP_PKEY_CTX_get_app_data() set +and retrieve an opaque pointer. This can be used to set some application +defined value which can be retrieved in the callback: for example a handle +which is used to update a "progress dialog".

    +

    +

    +
    +

    NOTES

    +

    After the call to EVP_PKEY_keygen_init() or EVP_PKEY_paramgen_init() algorithm +specific control operations can be performed to set any appropriate parameters +for the operation.

    +

    The functions EVP_PKEY_keygen() and EVP_PKEY_paramgen() can be called more than +once on the same context if several operations are performed using the same +parameters.

    +

    The meaning of the parameters passed to the callback will depend on the +algorithm and the specific implementation of the algorithm. Some might not +give any useful information at all during key or parameter generation. Others +might not even call the callback.

    +

    The operation performed by key or parameter generation depends on the algorithm +used. In some cases (e.g. EC with a supplied named curve) the "generation" +option merely sets the appropriate fields in an EVP_PKEY structure.

    +

    In OpenSSL an EVP_PKEY structure containing a private key also contains the +public key components and parameters (if any). An OpenSSL private key is +equivalent to what some libraries call a "key pair". A private key can be used +in functions which require the use of a public key or parameters.

    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_PKEY_keygen_init(), EVP_PKEY_paramgen_init(), EVP_PKEY_keygen() and +EVP_PKEY_paramgen() return 1 for success and 0 or a negative value for failure. +In particular a return value of -2 indicates the operation is not supported by +the public key algorithm.

    +

    +

    +
    +

    EXAMPLES

    +

    Generate a 2048 bit RSA key:

    +
    + #include <openssl/evp.h>
+ #include <openssl/rsa.h>
    +
    + EVP_PKEY_CTX *ctx;
+ EVP_PKEY *pkey = NULL;
    +
    + ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
+ if (!ctx)
+     /* Error occurred */
+ if (EVP_PKEY_keygen_init(ctx) <= 0)
+     /* Error */
+ if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048) <= 0)
+     /* Error */
    +
    + /* Generate key */
+ if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
+     /* Error */
    +

    Generate a key from a set of parameters:

    +
    + #include <openssl/evp.h>
+ #include <openssl/rsa.h>
    +
    + EVP_PKEY_CTX *ctx;
+ ENGINE *eng;
+ EVP_PKEY *pkey = NULL, *param;
    +
    + /* Assumed param, eng are set up already */
+ ctx = EVP_PKEY_CTX_new(param, eng);
+ if (!ctx)
+     /* Error occurred */
+ if (EVP_PKEY_keygen_init(ctx) <= 0)
+     /* Error */
    +
    + /* Generate key */
+ if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
+     /* Error */
    +

    Example of generation callback for OpenSSL public key implementations:

    +
    + /* Application data is a BIO to output status to */
    +
    + EVP_PKEY_CTX_set_app_data(ctx, status_bio);
    +
    + static int genpkey_cb(EVP_PKEY_CTX *ctx)
+ {
+     char c = '*';
+     BIO *b = EVP_PKEY_CTX_get_app_data(ctx);
+     int p = EVP_PKEY_CTX_get_keygen_info(ctx, 0);
    +
    +     if (p == 0)
+         c = '.';
+     if (p == 1)
+         c = '+';
+     if (p == 2)
+         c = '*';
+     if (p == 3)
+         c = '\n';
+     BIO_write(b, &c, 1);
+     (void)BIO_flush(b);
+     return 1;
+ }
    +

    +

    +
    +

    SEE ALSO

    +

    EVP_PKEY_CTX_new(3), +EVP_PKEY_encrypt(3), +EVP_PKEY_decrypt(3), +EVP_PKEY_sign(3), +EVP_PKEY_verify(3), +EVP_PKEY_verify_recover(3), +EVP_PKEY_derive(3)

    +

    +

    +
    +

    HISTORY

    +

    These functions were added in OpenSSL 1.0.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_meth_get_count.html b/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_meth_get_count.html new file mode 100755 index 0000000..3212811 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_meth_get_count.html @@ -0,0 +1,83 @@ + + + + +EVP_PKEY_meth_get_count + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_PKEY_meth_get_count, EVP_PKEY_meth_get0, EVP_PKEY_meth_get0_info - enumerate public key methods

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + size_t EVP_PKEY_meth_get_count(void);
+ const EVP_PKEY_METHOD *EVP_PKEY_meth_get0(size_t idx);
+ void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags,
+                              const EVP_PKEY_METHOD *meth);
    +

    +

    +
    +

    DESCRIPTION

    +

    EVP_PKEY_meth_count() returns a count of the number of public key methods +available: it includes standard methods and any methods added by the +application.

    +

    EVP_PKEY_meth_get0() returns the public key method idx. The value of idx +must be between zero and EVP_PKEY_meth_get_count() - 1.

    +

    EVP_PKEY_meth_get0_info() returns the public key ID (a NID) and any flags +associated with the public key method *meth.

    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_PKEY_meth_count() returns the number of available public key methods.

    +

    EVP_PKEY_meth_get0() return a public key method or NULL if idx is +out of range.

    +

    EVP_PKEY_meth_get0_info() does not return a value.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_PKEY_new(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2002-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_meth_new.html b/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_meth_new.html new file mode 100755 index 0000000..a5f178c --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_meth_new.html @@ -0,0 +1,462 @@ + + + + +EVP_PKEY_meth_new + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    EVP_PKEY_meth_new, EVP_PKEY_meth_free, EVP_PKEY_meth_copy, EVP_PKEY_meth_find, +EVP_PKEY_meth_add0, EVP_PKEY_METHOD, +EVP_PKEY_meth_set_init, EVP_PKEY_meth_set_copy, EVP_PKEY_meth_set_cleanup, +EVP_PKEY_meth_set_paramgen, EVP_PKEY_meth_set_keygen, EVP_PKEY_meth_set_sign, +EVP_PKEY_meth_set_verify, EVP_PKEY_meth_set_verify_recover, EVP_PKEY_meth_set_signctx, +EVP_PKEY_meth_set_verifyctx, EVP_PKEY_meth_set_encrypt, EVP_PKEY_meth_set_decrypt, +EVP_PKEY_meth_set_derive, EVP_PKEY_meth_set_ctrl, +EVP_PKEY_meth_set_digestsign, EVP_PKEY_meth_set_digestverify, +EVP_PKEY_meth_set_check, +EVP_PKEY_meth_set_public_check, EVP_PKEY_meth_set_param_check, +EVP_PKEY_meth_set_digest_custom, +EVP_PKEY_meth_get_init, EVP_PKEY_meth_get_copy, EVP_PKEY_meth_get_cleanup, +EVP_PKEY_meth_get_paramgen, EVP_PKEY_meth_get_keygen, EVP_PKEY_meth_get_sign, +EVP_PKEY_meth_get_verify, EVP_PKEY_meth_get_verify_recover, EVP_PKEY_meth_get_signctx, +EVP_PKEY_meth_get_verifyctx, EVP_PKEY_meth_get_encrypt, EVP_PKEY_meth_get_decrypt, +EVP_PKEY_meth_get_derive, EVP_PKEY_meth_get_ctrl, +EVP_PKEY_meth_get_digestsign, EVP_PKEY_meth_get_digestverify, +EVP_PKEY_meth_get_check, +EVP_PKEY_meth_get_public_check, EVP_PKEY_meth_get_param_check, +EVP_PKEY_meth_get_digest_custom, +EVP_PKEY_meth_remove +- manipulating EVP_PKEY_METHOD structure

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + typedef struct evp_pkey_method_st EVP_PKEY_METHOD;
    +
    + EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags);
+ void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth);
+ void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src);
+ const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type);
+ int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth);
+ int EVP_PKEY_meth_remove(const EVP_PKEY_METHOD *pmeth);
    +
    + void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth,
+                             int (*init) (EVP_PKEY_CTX *ctx));
+ void EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD *pmeth,
+                             int (*copy) (EVP_PKEY_CTX *dst,
+                                          EVP_PKEY_CTX *src));
+ void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD *pmeth,
+                                void (*cleanup) (EVP_PKEY_CTX *ctx));
+ void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD *pmeth,
+                                 int (*paramgen_init) (EVP_PKEY_CTX *ctx),
+                                 int (*paramgen) (EVP_PKEY_CTX *ctx,
+                                                  EVP_PKEY *pkey));
+ void EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD *pmeth,
+                               int (*keygen_init) (EVP_PKEY_CTX *ctx),
+                               int (*keygen) (EVP_PKEY_CTX *ctx,
+                                              EVP_PKEY *pkey));
+ void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth,
+                             int (*sign_init) (EVP_PKEY_CTX *ctx),
+                             int (*sign) (EVP_PKEY_CTX *ctx,
+                                          unsigned char *sig, size_t *siglen,
+                                          const unsigned char *tbs,
+                                          size_t tbslen));
+ void EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD *pmeth,
+                               int (*verify_init) (EVP_PKEY_CTX *ctx),
+                               int (*verify) (EVP_PKEY_CTX *ctx,
+                                              const unsigned char *sig,
+                                              size_t siglen,
+                                              const unsigned char *tbs,
+                                              size_t tbslen));
+ void EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD *pmeth,
+                                       int (*verify_recover_init) (EVP_PKEY_CTX
+                                                                   *ctx),
+                                       int (*verify_recover) (EVP_PKEY_CTX
+                                                              *ctx,
+                                                              unsigned char
+                                                              *sig,
+                                                              size_t *siglen,
+                                                              const unsigned
+                                                              char *tbs,
+                                                              size_t tbslen));
+ void EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD *pmeth,
+                                int (*signctx_init) (EVP_PKEY_CTX *ctx,
+                                                     EVP_MD_CTX *mctx),
+                                int (*signctx) (EVP_PKEY_CTX *ctx,
+                                                unsigned char *sig,
+                                                size_t *siglen,
+                                                EVP_MD_CTX *mctx));
+ void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD *pmeth,
+                                  int (*verifyctx_init) (EVP_PKEY_CTX *ctx,
+                                                         EVP_MD_CTX *mctx),
+                                  int (*verifyctx) (EVP_PKEY_CTX *ctx,
+                                                    const unsigned char *sig,
+                                                    int siglen,
+                                                    EVP_MD_CTX *mctx));
+ void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *pmeth,
+                                int (*encrypt_init) (EVP_PKEY_CTX *ctx),
+                                int (*encryptfn) (EVP_PKEY_CTX *ctx,
+                                                  unsigned char *out,
+                                                  size_t *outlen,
+                                                  const unsigned char *in,
+                                                  size_t inlen));
+ void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *pmeth,
+                                int (*decrypt_init) (EVP_PKEY_CTX *ctx),
+                                int (*decrypt) (EVP_PKEY_CTX *ctx,
+                                                unsigned char *out,
+                                                size_t *outlen,
+                                                const unsigned char *in,
+                                                size_t inlen));
+ void EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD *pmeth,
+                               int (*derive_init) (EVP_PKEY_CTX *ctx),
+                               int (*derive) (EVP_PKEY_CTX *ctx,
+                                              unsigned char *key,
+                                              size_t *keylen));
+ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
+                             int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1,
+                                          void *p2),
+                             int (*ctrl_str) (EVP_PKEY_CTX *ctx,
+                                              const char *type,
+                                              const char *value));
+ void EVP_PKEY_meth_set_digestsign(EVP_PKEY_METHOD *pmeth,
+                                   int (*digestsign) (EVP_MD_CTX *ctx,
+                                                      unsigned char *sig,
+                                                      size_t *siglen,
+                                                      const unsigned char *tbs,
+                                                      size_t tbslen));
+ void EVP_PKEY_meth_set_digestverify(EVP_PKEY_METHOD *pmeth,
+                                     int (*digestverify) (EVP_MD_CTX *ctx,
+                                                          const unsigned char *sig,
+                                                          size_t siglen,
+                                                          const unsigned char *tbs,
+                                                          size_t tbslen));
+ void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth,
+                              int (*check) (EVP_PKEY *pkey));
+ void EVP_PKEY_meth_set_public_check(EVP_PKEY_METHOD *pmeth,
+                                     int (*check) (EVP_PKEY *pkey));
+ void EVP_PKEY_meth_set_param_check(EVP_PKEY_METHOD *pmeth,
+                                    int (*check) (EVP_PKEY *pkey));
+ void EVP_PKEY_meth_set_digest_custom(EVP_PKEY_METHOD *pmeth,
+                                     int (*digest_custom) (EVP_PKEY_CTX *ctx,
+                                                           EVP_MD_CTX *mctx));
    +
    + void EVP_PKEY_meth_get_init(const EVP_PKEY_METHOD *pmeth,
+                             int (**pinit) (EVP_PKEY_CTX *ctx));
+ void EVP_PKEY_meth_get_copy(const EVP_PKEY_METHOD *pmeth,
+                             int (**pcopy) (EVP_PKEY_CTX *dst,
+                                            EVP_PKEY_CTX *src));
+ void EVP_PKEY_meth_get_cleanup(const EVP_PKEY_METHOD *pmeth,
+                                void (**pcleanup) (EVP_PKEY_CTX *ctx));
+ void EVP_PKEY_meth_get_paramgen(const EVP_PKEY_METHOD *pmeth,
+                                 int (**pparamgen_init) (EVP_PKEY_CTX *ctx),
+                                 int (**pparamgen) (EVP_PKEY_CTX *ctx,
+                                                    EVP_PKEY *pkey));
+ void EVP_PKEY_meth_get_keygen(const EVP_PKEY_METHOD *pmeth,
+                               int (**pkeygen_init) (EVP_PKEY_CTX *ctx),
+                               int (**pkeygen) (EVP_PKEY_CTX *ctx,
+                                                EVP_PKEY *pkey));
+ void EVP_PKEY_meth_get_sign(const EVP_PKEY_METHOD *pmeth,
+                             int (**psign_init) (EVP_PKEY_CTX *ctx),
+                             int (**psign) (EVP_PKEY_CTX *ctx,
+                                            unsigned char *sig, size_t *siglen,
+                                            const unsigned char *tbs,
+                                            size_t tbslen));
+ void EVP_PKEY_meth_get_verify(const EVP_PKEY_METHOD *pmeth,
+                               int (**pverify_init) (EVP_PKEY_CTX *ctx),
+                               int (**pverify) (EVP_PKEY_CTX *ctx,
+                                                const unsigned char *sig,
+                                                size_t siglen,
+                                                const unsigned char *tbs,
+                                                size_t tbslen));
+ void EVP_PKEY_meth_get_verify_recover(const EVP_PKEY_METHOD *pmeth,
+                                       int (**pverify_recover_init) (EVP_PKEY_CTX
+                                                                     *ctx),
+                                       int (**pverify_recover) (EVP_PKEY_CTX
+                                                                *ctx,
+                                                                unsigned char
+                                                                *sig,
+                                                                size_t *siglen,
+                                                                const unsigned
+                                                                char *tbs,
+                                                                size_t tbslen));
+ void EVP_PKEY_meth_get_signctx(const EVP_PKEY_METHOD *pmeth,
+                                int (**psignctx_init) (EVP_PKEY_CTX *ctx,
+                                                       EVP_MD_CTX *mctx),
+                                int (**psignctx) (EVP_PKEY_CTX *ctx,
+                                                  unsigned char *sig,
+                                                  size_t *siglen,
+                                                  EVP_MD_CTX *mctx));
+ void EVP_PKEY_meth_get_verifyctx(const EVP_PKEY_METHOD *pmeth,
+                                  int (**pverifyctx_init) (EVP_PKEY_CTX *ctx,
+                                                           EVP_MD_CTX *mctx),
+                                  int (**pverifyctx) (EVP_PKEY_CTX *ctx,
+                                                      const unsigned char *sig,
+                                                      int siglen,
+                                                      EVP_MD_CTX *mctx));
+ void EVP_PKEY_meth_get_encrypt(const EVP_PKEY_METHOD *pmeth,
+                                int (**pencrypt_init) (EVP_PKEY_CTX *ctx),
+                                int (**pencryptfn) (EVP_PKEY_CTX *ctx,
+                                                    unsigned char *out,
+                                                    size_t *outlen,
+                                                    const unsigned char *in,
+                                                    size_t inlen));
+ void EVP_PKEY_meth_get_decrypt(const EVP_PKEY_METHOD *pmeth,
+                                int (**pdecrypt_init) (EVP_PKEY_CTX *ctx),
+                                int (**pdecrypt) (EVP_PKEY_CTX *ctx,
+                                                  unsigned char *out,
+                                                  size_t *outlen,
+                                                  const unsigned char *in,
+                                                  size_t inlen));
+ void EVP_PKEY_meth_get_derive(const EVP_PKEY_METHOD *pmeth,
+                               int (**pderive_init) (EVP_PKEY_CTX *ctx),
+                               int (**pderive) (EVP_PKEY_CTX *ctx,
+                                                unsigned char *key,
+                                                size_t *keylen));
+ void EVP_PKEY_meth_get_ctrl(const EVP_PKEY_METHOD *pmeth,
+                             int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1,
+                                            void *p2),
+                             int (**pctrl_str) (EVP_PKEY_CTX *ctx,
+                                                const char *type,
+                                                const char *value));
+ void EVP_PKEY_meth_get_digestsign(EVP_PKEY_METHOD *pmeth,
+                                   int (**digestsign) (EVP_MD_CTX *ctx,
+                                                       unsigned char *sig,
+                                                       size_t *siglen,
+                                                       const unsigned char *tbs,
+                                                       size_t tbslen));
+ void EVP_PKEY_meth_get_digestverify(EVP_PKEY_METHOD *pmeth,
+                                     int (**digestverify) (EVP_MD_CTX *ctx,
+                                                           const unsigned char *sig,
+                                                           size_t siglen,
+                                                           const unsigned char *tbs,
+                                                           size_t tbslen));
+ void EVP_PKEY_meth_get_check(const EVP_PKEY_METHOD *pmeth,
+                              int (**pcheck) (EVP_PKEY *pkey));
+ void EVP_PKEY_meth_get_public_check(const EVP_PKEY_METHOD *pmeth,
+                                     int (**pcheck) (EVP_PKEY *pkey));
+ void EVP_PKEY_meth_get_param_check(const EVP_PKEY_METHOD *pmeth,
+                                    int (**pcheck) (EVP_PKEY *pkey));
+ void EVP_PKEY_meth_get_digest_custom(EVP_PKEY_METHOD *pmeth,
+                                     int (**pdigest_custom) (EVP_PKEY_CTX *ctx,
+                                                             EVP_MD_CTX *mctx));
    +

    +

    +
    +

    DESCRIPTION

    +

    EVP_PKEY_METHOD is a structure which holds a set of methods for a +specific public key cryptographic algorithm. Those methods are usually +used to perform different jobs, such as generating a key, signing or +verifying, encrypting or decrypting, etc.

    +

    There are two places where the EVP_PKEY_METHOD objects are stored: one +is a built-in static array representing the standard methods for different +algorithms, and the other one is a stack of user-defined application-specific +methods, which can be manipulated by using EVP_PKEY_meth_add0(3).

    +

    The EVP_PKEY_METHOD objects are usually referenced by EVP_PKEY_CTX +objects.

    +

    +

    +

    Methods

    +

    The methods are the underlying implementations of a particular public key +algorithm present by the EVP_PKEY_CTX object.

    +
    + int (*init) (EVP_PKEY_CTX *ctx);
+ int (*copy) (EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src);
+ void (*cleanup) (EVP_PKEY_CTX *ctx);
    +

    The init() method is called to initialize algorithm-specific data when a new +EVP_PKEY_CTX is created. As opposed to init(), the cleanup() method is called +when an EVP_PKEY_CTX is freed. The copy() method is called when an EVP_PKEY_CTX +is being duplicated. Refer to EVP_PKEY_CTX_new(3), EVP_PKEY_CTX_new_id(3), +EVP_PKEY_CTX_free(3) and EVP_PKEY_CTX_dup(3).

    +
    + int (*paramgen_init) (EVP_PKEY_CTX *ctx);
+ int (*paramgen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey);
    +

    The paramgen_init() and paramgen() methods deal with key parameter generation. +They are called by EVP_PKEY_paramgen_init(3) and EVP_PKEY_paramgen(3) to +handle the parameter generation process.

    +
    + int (*keygen_init) (EVP_PKEY_CTX *ctx);
+ int (*keygen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey);
    +

    The keygen_init() and keygen() methods are used to generate the actual key for +the specified algorithm. They are called by EVP_PKEY_keygen_init(3) and +EVP_PKEY_keygen(3).

    +
    + int (*sign_init) (EVP_PKEY_CTX *ctx);
+ int (*sign) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+              const unsigned char *tbs, size_t tbslen);
    +

    The sign_init() and sign() methods are used to generate the signature of a +piece of data using a private key. They are called by EVP_PKEY_sign_init(3) +and EVP_PKEY_sign(3).

    +
    + int (*verify_init) (EVP_PKEY_CTX *ctx);
+ int (*verify) (EVP_PKEY_CTX *ctx,
+                const unsigned char *sig, size_t siglen,
+                const unsigned char *tbs, size_t tbslen);
    +

    The verify_init() and verify() methods are used to verify whether a signature is +valid. They are called by EVP_PKEY_verify_init(3) and EVP_PKEY_verify(3).

    +
    + int (*verify_recover_init) (EVP_PKEY_CTX *ctx);
+ int (*verify_recover) (EVP_PKEY_CTX *ctx,
+                        unsigned char *rout, size_t *routlen,
+                        const unsigned char *sig, size_t siglen);
    +

    The verify_recover_init() and verify_recover() methods are used to verify a +signature and then recover the digest from the signature (for instance, a +signature that was generated by RSA signing algorithm). They are called by +EVP_PKEY_verify_recover_init(3) and EVP_PKEY_verify_recover(3).

    +
    + int (*signctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx);
+ int (*signctx) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+                 EVP_MD_CTX *mctx);
    +

    The signctx_init() and signctx() methods are used to sign a digest present by +a EVP_MD_CTX object. They are called by the EVP_DigestSign functions. See +EVP_DigestSignInit(3) for details.

    +
    + int (*verifyctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx);
+ int (*verifyctx) (EVP_PKEY_CTX *ctx, const unsigned char *sig, int siglen,
+                   EVP_MD_CTX *mctx);
    +

    The verifyctx_init() and verifyctx() methods are used to verify a signature +against the data in a EVP_MD_CTX object. They are called by the various +EVP_DigestVerify functions. See EVP_DigestVerifyInit(3) for details.

    +
    + int (*encrypt_init) (EVP_PKEY_CTX *ctx);
+ int (*encrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
+                 const unsigned char *in, size_t inlen);
    +

    The encrypt_init() and encrypt() methods are used to encrypt a piece of data. +They are called by EVP_PKEY_encrypt_init(3) and EVP_PKEY_encrypt(3).

    +
    + int (*decrypt_init) (EVP_PKEY_CTX *ctx);
+ int (*decrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
+                 const unsigned char *in, size_t inlen);
    +

    The decrypt_init() and decrypt() methods are used to decrypt a piece of data. +They are called by EVP_PKEY_decrypt_init(3) and EVP_PKEY_decrypt(3).

    +
    + int (*derive_init) (EVP_PKEY_CTX *ctx);
+ int (*derive) (EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
    +

    The derive_init() and derive() methods are used to derive the shared secret +from a public key algorithm (for instance, the DH algorithm). They are called by +EVP_PKEY_derive_init(3) and EVP_PKEY_derive(3).

    +
    + int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
+ int (*ctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value);
    +

    The ctrl() and ctrl_str() methods are used to adjust algorithm-specific +settings. See EVP_PKEY_CTX_ctrl(3) and related functions for details.

    +
    + int (*digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
+                    const unsigned char *tbs, size_t tbslen);
+ int (*digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig,
+                      size_t siglen, const unsigned char *tbs,
+                      size_t tbslen);
    +

    The digestsign() and digestverify() methods are used to generate or verify +a signature in a one-shot mode. They could be called by EVP_DigestSign(3) +and EVP_DigestVerify(3).

    +
    + int (*check) (EVP_PKEY *pkey);
+ int (*public_check) (EVP_PKEY *pkey);
+ int (*param_check) (EVP_PKEY *pkey);
    +

    The check(), public_check() and param_check() methods are used to validate a +key-pair, the public component and parameters respectively for a given pkey. +They could be called by EVP_PKEY_check(3), EVP_PKEY_public_check(3) and +EVP_PKEY_param_check(3) respectively.

    +
    + int (*digest_custom) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx);
    +

    The digest_custom() method is used to generate customized digest content before +the real message is passed to functions like EVP_DigestSignUpdate(3) or +EVP_DigestVerifyInit(3). This is usually required by some public key +signature algorithms like SM2 which requires a hashed prefix to the message to +be signed. The digest_custom() function will be called by EVP_DigestSignInit(3) +and EVP_DigestVerifyInit(3).

    +

    +

    +

    Functions

    +

    EVP_PKEY_meth_new() creates and returns a new EVP_PKEY_METHOD object, +and associates the given id and flags. The following flags are +supported:

    +
    + EVP_PKEY_FLAG_AUTOARGLEN
+ EVP_PKEY_FLAG_SIGCTX_CUSTOM
    +

    If an EVP_PKEY_METHOD is set with the EVP_PKEY_FLAG_AUTOARGLEN flag, the +maximum size of the output buffer will be automatically calculated or checked +in corresponding EVP methods by the EVP framework. Thus the implementations of +these methods don't need to care about handling the case of returning output +buffer size by themselves. For details on the output buffer size, refer to +EVP_PKEY_sign(3).

    +

    The EVP_PKEY_FLAG_SIGCTX_CUSTOM is used to indicate the signctx() method +of an EVP_PKEY_METHOD is always called by the EVP framework while doing a +digest signing operation by calling EVP_DigestSignFinal(3).

    +

    EVP_PKEY_meth_free() frees an existing EVP_PKEY_METHOD pointed by +pmeth.

    +

    EVP_PKEY_meth_copy() copies an EVP_PKEY_METHOD object from src +to dst.

    +

    EVP_PKEY_meth_find() finds an EVP_PKEY_METHOD object with the id. +This function first searches through the user-defined method objects and +then the built-in objects.

    +

    EVP_PKEY_meth_add0() adds pmeth to the user defined stack of methods.

    +

    EVP_PKEY_meth_remove() removes an EVP_PKEY_METHOD object added by +EVP_PKEY_meth_add0().

    +

    The EVP_PKEY_meth_set functions set the corresponding fields of +EVP_PKEY_METHOD structure with the arguments passed.

    +

    The EVP_PKEY_meth_get functions get the corresponding fields of +EVP_PKEY_METHOD structure to the arguments provided.

    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_PKEY_meth_new() returns a pointer to a new EVP_PKEY_METHOD +object or returns NULL on error.

    +

    EVP_PKEY_meth_free() and EVP_PKEY_meth_copy() do not return values.

    +

    EVP_PKEY_meth_find() returns a pointer to the found EVP_PKEY_METHOD +object or returns NULL if not found.

    +

    EVP_PKEY_meth_add0() returns 1 if method is added successfully or 0 +if an error occurred.

    +

    EVP_PKEY_meth_remove() returns 1 if method is removed successfully or +0 if an error occurred.

    +

    All EVP_PKEY_meth_set and EVP_PKEY_meth_get functions have no return +values. For the 'get' functions, function pointers are returned by +arguments.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_new.html b/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_new.html new file mode 100755 index 0000000..52edc2c --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_new.html @@ -0,0 +1,165 @@ + + + + +EVP_PKEY_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_PKEY_new, +EVP_PKEY_up_ref, +EVP_PKEY_free, +EVP_PKEY_new_raw_private_key, +EVP_PKEY_new_raw_public_key, +EVP_PKEY_new_CMAC_key, +EVP_PKEY_new_mac_key, +EVP_PKEY_get_raw_private_key, +EVP_PKEY_get_raw_public_key +- public/private key allocation and raw key handling functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + EVP_PKEY *EVP_PKEY_new(void);
+ int EVP_PKEY_up_ref(EVP_PKEY *key);
+ void EVP_PKEY_free(EVP_PKEY *key);
    +
    + EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *e,
+                                        const unsigned char *key, size_t keylen);
+ EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *e,
+                                       const unsigned char *key, size_t keylen);
+ EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv,
+                                 size_t len, const EVP_CIPHER *cipher);
+ EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, const unsigned char *key,
+                                int keylen);
    +
    + int EVP_PKEY_get_raw_private_key(const EVP_PKEY *pkey, unsigned char *priv,
+                                  size_t *len);
+ int EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey, unsigned char *pub,
+                                 size_t *len);
    +

    +

    +
    +

    DESCRIPTION

    +

    The EVP_PKEY_new() function allocates an empty EVP_PKEY structure which is +used by OpenSSL to store public and private keys. The reference count is set to +1.

    +

    EVP_PKEY_up_ref() increments the reference count of key.

    +

    EVP_PKEY_free() decrements the reference count of key and, if the reference +count is zero, frees it up. If key is NULL, nothing is done.

    +

    EVP_PKEY_new_raw_private_key() allocates a new EVP_PKEY. If e is non-NULL +then the new EVP_PKEY structure is associated with the engine e. The +type argument indicates what kind of key this is. The value should be a NID +for a public key algorithm that supports raw private keys, i.e. one of +EVP_PKEY_HMAC, EVP_PKEY_POLY1305, EVP_PKEY_SIPHASH, EVP_PKEY_X25519, +EVP_PKEY_ED25519, EVP_PKEY_X448 or EVP_PKEY_ED448. key points to the +raw private key data for this EVP_PKEY which should be of length keylen. +The length should be appropriate for the type of the key. The public key data +will be automatically derived from the given private key data (if appropriate +for the algorithm type).

    +

    EVP_PKEY_new_raw_public_key() works in the same way as +EVP_PKEY_new_raw_private_key() except that key points to the raw public key +data. The EVP_PKEY structure will be initialised without any private key +information. Algorithm types that support raw public keys are +EVP_PKEY_X25519, EVP_PKEY_ED25519, EVP_PKEY_X448 or EVP_PKEY_ED448.

    +

    EVP_PKEY_new_CMAC_key() works in the same way as EVP_PKEY_new_raw_private_key() +except it is only for the EVP_PKEY_CMAC algorithm type. In addition to the +raw private key data, it also takes a cipher algorithm to be used during +creation of a CMAC in the cipher argument.

    +

    EVP_PKEY_new_mac_key() works in the same way as EVP_PKEY_new_raw_private_key(). +New applications should use EVP_PKEY_new_raw_private_key() instead.

    +

    EVP_PKEY_get_raw_private_key() fills the buffer provided by priv with raw +private key data. The number of bytes written is populated in *len. If the +buffer priv is NULL then *len is populated with the number of bytes +required to hold the key. The calling application is responsible for ensuring +that the buffer is large enough to receive the private key data. This function +only works for algorithms that support raw private keys. Currently this is: +EVP_PKEY_HMAC, EVP_PKEY_POLY1305, EVP_PKEY_SIPHASH, EVP_PKEY_X25519, +EVP_PKEY_ED25519, EVP_PKEY_X448 or EVP_PKEY_ED448.

    +

    EVP_PKEY_get_raw_public_key() fills the buffer provided by pub with raw +public key data. The number of bytes written is populated in *len. If the +buffer pub is NULL then *len is populated with the number of bytes +required to hold the key. The calling application is responsible for ensuring +that the buffer is large enough to receive the public key data. This function +only works for algorithms that support raw public keys. Currently this is: +EVP_PKEY_X25519, EVP_PKEY_ED25519, EVP_PKEY_X448 or EVP_PKEY_ED448.

    +

    +

    +
    +

    NOTES

    +

    The EVP_PKEY structure is used by various OpenSSL functions which require a +general private key without reference to any particular algorithm.

    +

    The structure returned by EVP_PKEY_new() is empty. To add a private or public +key to this empty structure use the appropriate functions described in +EVP_PKEY_set1_RSA(3), EVP_PKEY_set1_DSA(3), EVP_PKEY_set1_DH(3) or +EVP_PKEY_set1_EC_KEY(3).

    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_PKEY_new(), EVP_PKEY_new_raw_private_key(), EVP_PKEY_new_raw_public_key(), +EVP_PKEY_new_CMAC_key() and EVP_PKEY_new_mac_key() return either the newly +allocated EVP_PKEY structure or NULL if an error occurred.

    +

    EVP_PKEY_up_ref(), EVP_PKEY_get_raw_private_key() and +EVP_PKEY_get_raw_public_key() return 1 for success and 0 for failure.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_PKEY_set1_RSA(3), EVP_PKEY_set1_DSA(3), EVP_PKEY_set1_DH(3) or +EVP_PKEY_set1_EC_KEY(3)

    +

    +

    +
    +

    HISTORY

    +

    The +EVP_PKEY_new() and EVP_PKEY_free() functions exist in all versions of OpenSSL.

    +

    The EVP_PKEY_up_ref() function was added in OpenSSL 1.1.0.

    +

    The +EVP_PKEY_new_raw_private_key(), EVP_PKEY_new_raw_public_key(), +EVP_PKEY_new_CMAC_key(), EVP_PKEY_new_raw_private_key() and +EVP_PKEY_get_raw_public_key() functions were added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_print_private.html b/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_print_private.html new file mode 100755 index 0000000..c8fb7ec --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_print_private.html @@ -0,0 +1,100 @@ + + + + +EVP_PKEY_print_private + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_PKEY_print_public, EVP_PKEY_print_private, EVP_PKEY_print_params - public key algorithm printing routines

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey,
+                           int indent, ASN1_PCTX *pctx);
+ int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey,
+                            int indent, ASN1_PCTX *pctx);
+ int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey,
+                           int indent, ASN1_PCTX *pctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    The functions EVP_PKEY_print_public(), EVP_PKEY_print_private() and +EVP_PKEY_print_params() print out the public, private or parameter components +of key pkey respectively. The key is sent to BIO out in human readable +form. The parameter indent indicated how far the printout should be indented.

    +

    The pctx parameter allows the print output to be finely tuned by using +ASN1 printing options. If pctx is set to NULL then default values will +be used.

    +

    +

    +
    +

    NOTES

    +

    Currently no public key algorithms include any options in the pctx parameter.

    +

    If the key does not include all the components indicated by the function then +only those contained in the key will be printed. For example passing a public +key to EVP_PKEY_print_private() will only print the public components.

    +

    +

    +
    +

    RETURN VALUES

    +

    These functions all return 1 for success and 0 or a negative value for failure. +In particular a return value of -2 indicates the operation is not supported by +the public key algorithm.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_PKEY_CTX_new(3), +EVP_PKEY_keygen(3)

    +

    +

    +
    +

    HISTORY

    +

    These functions were added in OpenSSL 1.0.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2006-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_set1_RSA.html b/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_set1_RSA.html new file mode 100755 index 0000000..e40ef51 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_set1_RSA.html @@ -0,0 +1,187 @@ + + + + +EVP_PKEY_set1_RSA + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY, +EVP_PKEY_get1_RSA, EVP_PKEY_get1_DSA, EVP_PKEY_get1_DH, EVP_PKEY_get1_EC_KEY, +EVP_PKEY_get0_RSA, EVP_PKEY_get0_DSA, EVP_PKEY_get0_DH, EVP_PKEY_get0_EC_KEY, +EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH, +EVP_PKEY_assign_EC_KEY, EVP_PKEY_assign_POLY1305, EVP_PKEY_assign_SIPHASH, +EVP_PKEY_get0_hmac, EVP_PKEY_get0_poly1305, EVP_PKEY_get0_siphash, +EVP_PKEY_type, EVP_PKEY_id, EVP_PKEY_base_id, EVP_PKEY_set_alias_type, +EVP_PKEY_set1_engine, EVP_PKEY_get0_engine - EVP_PKEY assignment functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key);
+ int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key);
+ int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key);
+ int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key);
    +
    + RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey);
+ DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey);
+ DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey);
+ EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
    +
    + const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len);
+ const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len);
+ const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len);
+ RSA *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey);
+ DSA *EVP_PKEY_get0_DSA(const EVP_PKEY *pkey);
+ DH *EVP_PKEY_get0_DH(const EVP_PKEY *pkey);
+ EC_KEY *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey);
    +
    + int EVP_PKEY_assign_RSA(EVP_PKEY *pkey, RSA *key);
+ int EVP_PKEY_assign_DSA(EVP_PKEY *pkey, DSA *key);
+ int EVP_PKEY_assign_DH(EVP_PKEY *pkey, DH *key);
+ int EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey, EC_KEY *key);
+ int EVP_PKEY_assign_POLY1305(EVP_PKEY *pkey, ASN1_OCTET_STRING *key);
+ int EVP_PKEY_assign_SIPHASH(EVP_PKEY *pkey, ASN1_OCTET_STRING *key);
    +
    + int EVP_PKEY_id(const EVP_PKEY *pkey);
+ int EVP_PKEY_base_id(const EVP_PKEY *pkey);
+ int EVP_PKEY_type(int type);
+ int EVP_PKEY_set_alias_type(EVP_PKEY *pkey, int type);
    +
    + ENGINE *EVP_PKEY_get0_engine(const EVP_PKEY *pkey);
+ int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *engine);
    +

    +

    +
    +

    DESCRIPTION

    +

    EVP_PKEY_set1_RSA(), EVP_PKEY_set1_DSA(), EVP_PKEY_set1_DH() and +EVP_PKEY_set1_EC_KEY() set the key referenced by pkey to key.

    +

    EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and +EVP_PKEY_get1_EC_KEY() return the referenced key in pkey or +NULL if the key is not of the correct type.

    +

    EVP_PKEY_get0_hmac(), EVP_PKEY_get0_poly1305(), EVP_PKEY_get0_siphash(), +EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(), EVP_PKEY_get0_DH() +and EVP_PKEY_get0_EC_KEY() also return the referenced key in pkey or NULL +if the key is not of the correct type but the reference count of the +returned key is not incremented and so must not be freed up after use.

    +

    EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH(), +EVP_PKEY_assign_EC_KEY(), EVP_PKEY_assign_POLY1305() and +EVP_PKEY_assign_SIPHASH() also set the referenced key to key +however these use the supplied key internally and so key +will be freed when the parent pkey is freed.

    +

    EVP_PKEY_base_id() returns the type of pkey. For example +an RSA key will return EVP_PKEY_RSA.

    +

    EVP_PKEY_id() returns the actual OID associated with pkey. Historically keys +using the same algorithm could use different OIDs. For example an RSA key could +use the OIDs corresponding to the NIDs NID_rsaEncryption (equivalent to +EVP_PKEY_RSA) or NID_rsa (equivalent to EVP_PKEY_RSA2). The use of +alternative non-standard OIDs is now rare so EVP_PKEY_RSA2 et al are not +often seen in practice.

    +

    EVP_PKEY_type() returns the underlying type of the NID type. For example +EVP_PKEY_type(EVP_PKEY_RSA2) will return EVP_PKEY_RSA.

    +

    EVP_PKEY_get0_engine() returns a reference to the ENGINE handling pkey.

    +

    EVP_PKEY_set1_engine() sets the ENGINE handling pkey to engine. It +must be called after the key algorithm and components are set up. +If engine does not include an EVP_PKEY_METHOD for pkey an +error occurs.

    +

    EVP_PKEY_set_alias_type() allows modifying a EVP_PKEY to use a +different set of algorithms than the default.

    +

    +

    +
    +

    NOTES

    +

    In accordance with the OpenSSL naming convention the key obtained +from or assigned to the pkey using the 1 functions must be +freed as well as pkey.

    +

    EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH(), +EVP_PKEY_assign_EC_KEY(), EVP_PKEY_assign_POLY1305() +and EVP_PKEY_assign_SIPHASH() are implemented as macros.

    +

    EVP_PKEY_assign_EC_KEY() looks at the curve name id to determine if +the passed EC_KEY is an SM2(7) key, and will set the EVP_PKEY +type to EVP_PKEY_SM2 in that case, instead of EVP_PKEY_EC.

    +

    It's possible to switch back and forth between the types EVP_PKEY_EC +and EVP_PKEY_SM2 with a call to EVP_PKEY_set_alias_type() on keys +assigned with this macro if it's desirable to do a normal EC +computations with the SM2 curve instead of the special SM2 +computations, and vice versa.

    +

    Most applications wishing to know a key type will simply call +EVP_PKEY_base_id() and will not care about the actual type: +which will be identical in almost all cases.

    +

    Previous versions of this document suggested using EVP_PKEY_type(pkey->type) +to determine the type of a key. Since EVP_PKEY is now opaque this +is no longer possible: the equivalent is EVP_PKEY_base_id(pkey).

    +

    EVP_PKEY_set1_engine() is typically used by an ENGINE returning an HSM +key as part of its routine to load a private key.

    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_PKEY_set1_RSA(), EVP_PKEY_set1_DSA(), EVP_PKEY_set1_DH() and +EVP_PKEY_set1_EC_KEY() return 1 for success or 0 for failure.

    +

    EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and +EVP_PKEY_get1_EC_KEY() return the referenced key or NULL if +an error occurred.

    +

    EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH(), +EVP_PKEY_assign_EC_KEY(), EVP_PKEY_assign_POLY1305() +and EVP_PKEY_assign_SIPHASH() return 1 for success and 0 for failure.

    +

    EVP_PKEY_base_id(), EVP_PKEY_id() and EVP_PKEY_type() return a key +type or NID_undef (equivalently EVP_PKEY_NONE) on error.

    +

    EVP_PKEY_set1_engine() returns 1 for success and 0 for failure.

    +

    EVP_PKEY_set_alias_type() returns 1 for success and 0 for error.

    +

    +

    +
    +

    EXAMPLES

    +

    After loading an ECC key, it is possible to convert it to using SM2 +algorithms with EVP_PKEY_set_alias_type:

    +
    + EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2);
    +

    +

    +
    +

    SEE ALSO

    +

    EVP_PKEY_new(3), SM2(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_sign.html b/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_sign.html new file mode 100755 index 0000000..2895f1d --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_sign.html @@ -0,0 +1,158 @@ + + + + +EVP_PKEY_sign + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_PKEY_sign_init, EVP_PKEY_sign +- sign using a public key algorithm

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_sign(EVP_PKEY_CTX *ctx,
+                   unsigned char *sig, size_t *siglen,
+                   const unsigned char *tbs, size_t tbslen);
    +

    +

    +
    +

    DESCRIPTION

    +

    EVP_PKEY_sign_init() initializes a public key algorithm context ctx for +signing using the algorithm given when the context was created +using EVP_PKEY_CTX_new(3) or variants thereof. The algorithm is used to +fetch a EVP_SIGNATURE method implicitly, see provider(7)/Implicit fetch +for more information about implict fetches.

    +

    The EVP_PKEY_sign() function performs a public key signing operation +using ctx. The data to be signed is specified using the tbs and +tbslen parameters. If sig is NULL then the maximum size of the output +buffer is written to the siglen parameter. If sig is not NULL then +before the call the siglen parameter should contain the length of the +sig buffer, if the call is successful the signature is written to +sig and the amount of data written to siglen.

    +

    +

    +
    +

    NOTES

    +

    EVP_PKEY_sign() does not hash the data to be signed, and therefore is +normally used to sign digests. For signing arbitrary messages, see the +EVP_DigestSignInit(3) and +EVP_SignInit(3) signing interfaces instead.

    +

    After the call to EVP_PKEY_sign_init() algorithm specific control +operations can be performed to set any appropriate parameters for the +operation (see EVP_PKEY_CTX_ctrl(3)).

    +

    The function EVP_PKEY_sign() can be called more than once on the same +context if several operations are performed using the same parameters.

    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_PKEY_sign_init() and EVP_PKEY_sign() return 1 for success and 0 +or a negative value for failure. In particular a return value of -2 +indicates the operation is not supported by the public key algorithm.

    +

    +

    +
    +

    EXAMPLES

    +

    Sign data using RSA with PKCS#1 padding and SHA256 digest:

    +
    + #include <openssl/evp.h>
+ #include <openssl/rsa.h>
    +
    + EVP_PKEY_CTX *ctx;
+ /* md is a SHA-256 digest in this example. */
+ unsigned char *md, *sig;
+ size_t mdlen = 32, siglen;
+ EVP_PKEY *signing_key;
    +
    + /*
+  * NB: assumes signing_key and md are set up before the next
+  * step. signing_key must be an RSA private key and md must
+  * point to the SHA-256 digest to be signed.
+  */
+ ctx = EVP_PKEY_CTX_new(signing_key, NULL /* no engine */);
+ if (!ctx)
+     /* Error occurred */
+ if (EVP_PKEY_sign_init(ctx) <= 0)
+     /* Error */
+ if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
+     /* Error */
+ if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0)
+     /* Error */
    +
    + /* Determine buffer length */
+ if (EVP_PKEY_sign(ctx, NULL, &siglen, md, mdlen) <= 0)
+     /* Error */
    +
    + sig = OPENSSL_malloc(siglen);
    +
    + if (!sig)
+     /* malloc failure */
    +
    + if (EVP_PKEY_sign(ctx, sig, &siglen, md, mdlen) <= 0)
+     /* Error */
    +
    + /* Signature is siglen bytes written to buffer sig */
    +

    +

    +
    +

    SEE ALSO

    +

    EVP_PKEY_CTX_new(3), +EVP_PKEY_CTX_ctrl(3), +EVP_PKEY_encrypt(3), +EVP_PKEY_decrypt(3), +EVP_PKEY_verify(3), +EVP_PKEY_verify_recover(3), +EVP_PKEY_derive(3)

    +

    +

    +
    +

    HISTORY

    +

    These functions were added in OpenSSL 1.0.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_size.html b/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_size.html new file mode 100755 index 0000000..6e99a10 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_size.html @@ -0,0 +1,115 @@ + + + + +EVP_PKEY_size + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_PKEY_size, EVP_PKEY_bits, EVP_PKEY_security_bits +- EVP_PKEY information functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + int EVP_PKEY_size(const EVP_PKEY *pkey);
+ int EVP_PKEY_bits(const EVP_PKEY *pkey);
+ int EVP_PKEY_security_bits(const EVP_PKEY *pkey);
    +

    +

    +
    +

    DESCRIPTION

    +

    EVP_PKEY_size() returns the maximum suitable size for the output +buffers for almost all operations that can be done with pkey. +The primary documented use is with EVP_SignFinal(3) and +EVP_SealInit(3), but it isn't limited there. The returned size is +also large enough for the output buffer of EVP_PKEY_sign(3), +EVP_PKEY_encrypt(3), EVP_PKEY_decrypt(3), EVP_PKEY_derive(3).

    +

    It must be stressed that, unless the documentation for the operation +that's being performed says otherwise, the size returned by +EVP_PKEY_size() is only preliminary and not exact, so the final +contents of the target buffer may be smaller. It is therefore crucial +to take note of the size given back by the function that performs the +operation, such as EVP_PKEY_sign(3) (the siglen argument will +receive that length), to avoid bugs.

    +

    EVP_PKEY_bits() returns the cryptographic length of the cryptosystem +to which the key in pkey belongs, in bits. Note that the definition +of cryptographic length is specific to the key cryptosystem.

    +

    EVP_PKEY_security_bits() returns the number of security bits of the given +pkey, bits of security is defined in NIST SP800-57.

    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_PKEY_size(), EVP_PKEY_bits() and EVP_PKEY_security_bits() return a +positive number, or 0 if this size isn't available.

    +

    +

    +
    +

    NOTES

    +

    Most functions that have an output buffer and are mentioned with +EVP_PKEY_size() have a functionality where you can pass NULL for the +buffer and still pass a pointer to an integer and get the exact size +that this function call delivers in the context that it's called in. +This allows those functions to be called twice, once to find out the +exact buffer size, then allocate the buffer in between, and call that +function again actually output the data. For those functions, it +isn't strictly necessary to call EVP_PKEY_size() to find out the +buffer size, but may be useful in cases where it's desirable to know +the upper limit in advance.

    +

    It should also be especially noted that EVP_PKEY_size() shouldn't be +used to get the output size for EVP_DigestSignFinal(), according to +EVP_DigestSignFinal(3)/NOTES.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_SignFinal(3), +EVP_SealInit(3), +EVP_PKEY_sign(3), +EVP_PKEY_encrypt(3), +EVP_PKEY_decrypt(3), +EVP_PKEY_derive(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_supports_digest_nid.html b/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_supports_digest_nid.html new file mode 100755 index 0000000..c7d4a4e --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_supports_digest_nid.html @@ -0,0 +1,94 @@ + + + + +EVP_PKEY_supports_digest_nid + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_PKEY_supports_digest_nid - indicate support for signature digest

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
+ int EVP_PKEY_supports_digest_nid(EVP_PKEY *pkey, int nid);
    +

    +

    +
    +

    DESCRIPTION

    +

    The EVP_PKEY_supports_digest_nid() function queries whether the message digest +NID nid is supported for public key signature operations associated with key +pkey.

    +

    +

    +
    +

    NOTES

    +

    If the EVP_PKEY implementation does not explicitly support this method, but +EVP_PKEY_get_default_digest_nid(3) returns a mandatory digest result, then +only that mandatory digest will be supported.

    +

    +

    +
    +

    RETURN VALUES

    +

    The EVP_PKEY_supports_digest_nid() function returns 1 if the message digest +algorithm identified by nid can be used for public key signature operations +associated with key pkey and 0 if it cannot be used. It returns a negative +value for failure. In particular a return value of -2 indicates the query +operation is not supported by the public key algorithm.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_PKEY_CTX_new(3), +EVP_PKEY_get_default_digest_nid(3), +EVP_PKEY_sign(3), +EVP_PKEY_verify(3), +EVP_PKEY_verify_recover(3),

    +

    +

    +
    +

    HISTORY

    +

    The EVP_PKEY_supports_digest_nid() function was added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_verify.html b/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_verify.html new file mode 100755 index 0000000..da27073 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_verify.html @@ -0,0 +1,147 @@ + + + + +EVP_PKEY_verify + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_PKEY_verify_init, EVP_PKEY_verify +- signature verification using a public key algorithm

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_verify(EVP_PKEY_CTX *ctx,
+                     const unsigned char *sig, size_t siglen,
+                     const unsigned char *tbs, size_t tbslen);
    +

    +

    +
    +

    DESCRIPTION

    +

    EVP_PKEY_verify_init() initializes a public key algorithm context ctx for +signing using the algorithm given when the context was created +using EVP_PKEY_CTX_new(3) or variants thereof. The algorithm is used to +fetch a EVP_SIGNATURE method implicitly, see provider(7)/Implicit fetch +for more information about implict fetches.

    +

    The EVP_PKEY_verify() function performs a public key verification operation +using ctx. The signature is specified using the sig and +siglen parameters. The verified data (i.e. the data believed originally +signed) is specified using the tbs and tbslen parameters.

    +

    +

    +
    +

    NOTES

    +

    After the call to EVP_PKEY_verify_init() algorithm specific control +operations can be performed to set any appropriate parameters for the +operation.

    +

    The function EVP_PKEY_verify() can be called more than once on the same +context if several operations are performed using the same parameters.

    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_PKEY_verify_init() and EVP_PKEY_verify() return 1 if the verification was +successful and 0 if it failed. Unlike other functions the return value 0 from +EVP_PKEY_verify() only indicates that the signature did not verify +successfully (that is tbs did not match the original data or the signature was +of invalid form) it is not an indication of a more serious error.

    +

    A negative value indicates an error other that signature verification failure. +In particular a return value of -2 indicates the operation is not supported by +the public key algorithm.

    +

    +

    +
    +

    EXAMPLES

    +

    Verify signature using PKCS#1 and SHA256 digest:

    +
    + #include <openssl/evp.h>
+ #include <openssl/rsa.h>
    +
    + EVP_PKEY_CTX *ctx;
+ unsigned char *md, *sig;
+ size_t mdlen, siglen;
+ EVP_PKEY *verify_key;
    +
    + /*
+  * NB: assumes verify_key, sig, siglen md and mdlen are already set up
+  * and that verify_key is an RSA public key
+  */
+ ctx = EVP_PKEY_CTX_new(verify_key, NULL /* no engine */);
+ if (!ctx)
+     /* Error occurred */
+ if (EVP_PKEY_verify_init(ctx) <= 0)
+     /* Error */
+ if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
+     /* Error */
+ if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0)
+     /* Error */
    +
    + /* Perform operation */
+ ret = EVP_PKEY_verify(ctx, sig, siglen, md, mdlen);
    +
    + /*
+  * ret == 1 indicates success, 0 verify failure and < 0 for some
+  * other error.
+  */
    +

    +

    +
    +

    SEE ALSO

    +

    EVP_PKEY_CTX_new(3), +EVP_PKEY_encrypt(3), +EVP_PKEY_decrypt(3), +EVP_PKEY_sign(3), +EVP_PKEY_verify_recover(3), +EVP_PKEY_derive(3)

    +

    +

    +
    +

    HISTORY

    +

    These functions were added in OpenSSL 1.0.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_verify_recover.html b/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_verify_recover.html new file mode 100755 index 0000000..70d84a4 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_PKEY_verify_recover.html @@ -0,0 +1,157 @@ + + + + +EVP_PKEY_verify_recover + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_PKEY_verify_recover_init, EVP_PKEY_verify_recover +- recover signature using a public key algorithm

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx,
+                             unsigned char *rout, size_t *routlen,
+                             const unsigned char *sig, size_t siglen);
    +

    +

    +
    +

    DESCRIPTION

    +

    EVP_PKEY_verify_recover_init() initializes a public key algorithm context +ctx for signing using the algorithm given when the context was created +using EVP_PKEY_CTX_new(3) or variants thereof. The algorithm is used to +fetch a EVP_SIGNATURE method implicitly, see provider(7)/Implicit fetch +for more information about implict fetches.

    +

    The EVP_PKEY_verify_recover() function recovers signed data +using ctx. The signature is specified using the sig and +siglen parameters. If rout is NULL then the maximum size of the output +buffer is written to the routlen parameter. If rout is not NULL then +before the call the routlen parameter should contain the length of the +rout buffer, if the call is successful recovered data is written to +rout and the amount of data written to routlen.

    +

    +

    +
    +

    NOTES

    +

    Normally an application is only interested in whether a signature verification +operation is successful in those cases the EVP_verify() function should be +used.

    +

    Sometimes however it is useful to obtain the data originally signed using a +signing operation. Only certain public key algorithms can recover a signature +in this way (for example RSA in PKCS padding mode).

    +

    After the call to EVP_PKEY_verify_recover_init() algorithm specific control +operations can be performed to set any appropriate parameters for the +operation.

    +

    The function EVP_PKEY_verify_recover() can be called more than once on the same +context if several operations are performed using the same parameters.

    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_PKEY_verify_recover_init() and EVP_PKEY_verify_recover() return 1 for success +and 0 or a negative value for failure. In particular a return value of -2 +indicates the operation is not supported by the public key algorithm.

    +

    +

    +
    +

    EXAMPLES

    +

    Recover digest originally signed using PKCS#1 and SHA256 digest:

    +
    + #include <openssl/evp.h>
+ #include <openssl/rsa.h>
    +
    + EVP_PKEY_CTX *ctx;
+ unsigned char *rout, *sig;
+ size_t routlen, siglen;
+ EVP_PKEY *verify_key;
    +
    + /*
+  * NB: assumes verify_key, sig and siglen are already set up
+  * and that verify_key is an RSA public key
+  */
+ ctx = EVP_PKEY_CTX_new(verify_key, NULL /* no engine */);
+ if (!ctx)
+     /* Error occurred */
+ if (EVP_PKEY_verify_recover_init(ctx) <= 0)
+     /* Error */
+ if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
+     /* Error */
+ if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0)
+     /* Error */
    +
    + /* Determine buffer length */
+ if (EVP_PKEY_verify_recover(ctx, NULL, &routlen, sig, siglen) <= 0)
+     /* Error */
    +
    + rout = OPENSSL_malloc(routlen);
    +
    + if (!rout)
+     /* malloc failure */
    +
    + if (EVP_PKEY_verify_recover(ctx, rout, &routlen, sig, siglen) <= 0)
+     /* Error */
    +
    + /* Recovered data is routlen bytes written to buffer rout */
    +

    +

    +
    +

    SEE ALSO

    +

    EVP_PKEY_CTX_new(3), +EVP_PKEY_encrypt(3), +EVP_PKEY_decrypt(3), +EVP_PKEY_sign(3), +EVP_PKEY_verify(3), +EVP_PKEY_derive(3)

    +

    +

    +
    +

    HISTORY

    +

    These functions were added in OpenSSL 1.0.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_SIGNATURE_free.html b/linux_amd64/share/doc/openssl/html/man3/EVP_SIGNATURE_free.html new file mode 100755 index 0000000..ff6443a --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_SIGNATURE_free.html @@ -0,0 +1,118 @@ + + + + +EVP_SIGNATURE_free + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_SIGNATURE_fetch, EVP_SIGNATURE_free, EVP_SIGNATURE_up_ref, +EVP_SIGNATURE_number, EVP_SIGNATURE_is_a, EVP_SIGNATURE_provider, +EVP_SIGNATURE_do_all_provided, EVP_SIGNATURE_names_do_all +- Functions to manage EVP_SIGNATURE algorithm objects

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + EVP_SIGNATURE *EVP_SIGNATURE_fetch(OPENSSL_CTX *ctx, const char *algorithm,
+                                    const char *properties);
+ void EVP_SIGNATURE_free(EVP_SIGNATURE *signature);
+ int EVP_SIGNATURE_up_ref(EVP_SIGNATURE *signature);
+ int EVP_SIGNATURE_number(const EVP_SIGNATURE *signature);
+ int EVP_SIGNATURE_is_a(const EVP_SIGNATURE *signature, const char *name);
+ OSSL_PROVIDER *EVP_SIGNATURE_provider(const EVP_SIGNATURE *signature);
+ void EVP_SIGNATURE_do_all_provided(OPENSSL_CTX *libctx,
+                                    void (*fn)(EVP_SIGNATURE *signature,
+                                               void *arg),
+                                    void *arg);
+ void EVP_SIGNATURE_names_do_all(const EVP_SIGNATURE *signature,
+                                 void (*fn)(const char *name, void *data),
+                                 void *data);
    +

    +

    +
    +

    DESCRIPTION

    +

    EVP_SIGNATURE_fetch() fetches the implementation for the given +algorithm from any provider offering it, within the criteria given +by the properties. +The algorithm will be one offering functions for performing signature related +tasks such as signing and verifying. +See provider(7)/Fetching algorithms for further information.

    +

    The returned value must eventually be freed with EVP_SIGNATURE_free().

    +

    EVP_SIGNATURE_free() decrements the reference count for the EVP_SIGNATURE +structure. Typically this structure will have been obtained from an earlier call +to EVP_SIGNATURE_fetch(). If the reference count drops to 0 then the +structure is freed.

    +

    EVP_SIGNATURE_up_ref() increments the reference count for an EVP_SIGNATURE +structure.

    +

    EVP_SIGNATURE_is_a() returns 1 if signature is an implementation of an +algorithm that's identifiable with name, otherwise 0.

    +

    EVP_SIGNATURE_provider() returns the provider that signature was fetched from.

    +

    EVP_SIGNATURE_do_all_provided() traverses all SIGNATURE implemented by all +activated roviders in the given library context libctx, and for each of the +implementations, calls the given function fn with the implementation method +and the given arg as argument.

    +

    EVP_SIGNATURE_number() returns the internal dynamic number assigned to +signature.

    +

    EVP_SIGNATURE_names_do_all() traverses all names for signature, and calls +fn with each name and data.

    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_SIGNATURE_fetch() returns a pointer to an EVP_SIGNATURE for success +or NULL for failure.

    +

    EVP_SIGNATURE_up_ref() returns 1 for success or 0 otherwise.

    +

    +

    +
    +

    SEE ALSO

    +

    provider(7)/Fetching algorithms, OSSL_PROVIDER(3)

    +

    +

    +
    +

    HISTORY

    +

    The functions described here were added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_SealInit.html b/linux_amd64/share/doc/openssl/html/man3/EVP_SealInit.html new file mode 100755 index 0000000..b227e88 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_SealInit.html @@ -0,0 +1,123 @@ + + + + +EVP_SealInit + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_SealInit, EVP_SealUpdate, EVP_SealFinal - EVP envelope encryption

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+                  unsigned char **ek, int *ekl, unsigned char *iv,
+                  EVP_PKEY **pubk, int npubk);
+ int EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                    int *outl, unsigned char *in, int inl);
+ int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
    +

    +

    +
    +

    DESCRIPTION

    +

    The EVP envelope routines are a high level interface to envelope +encryption. They generate a random key and IV (if required) then +"envelope" it by using public key encryption. Data can then be +encrypted using this key.

    +

    EVP_SealInit() initializes a cipher context ctx for encryption +with cipher type using a random secret key and IV. type is normally +supplied by a function such as EVP_aes_256_cbc(). The secret key is encrypted +using one or more public keys, this allows the same encrypted data to be +decrypted using any of the corresponding private keys. ek is an array of +buffers where the public key encrypted secret key will be written, each buffer +must contain enough room for the corresponding encrypted key: that is +ek[i] must have room for EVP_PKEY_size(pubk[i]) bytes. The actual +size of each encrypted secret key is written to the array ekl. pubk is +an array of npubk public keys.

    +

    The iv parameter is a buffer where the generated IV is written to. It must +contain enough room for the corresponding cipher's IV, as determined by (for +example) EVP_CIPHER_iv_length(type).

    +

    If the cipher does not require an IV then the iv parameter is ignored +and can be NULL.

    +

    EVP_SealUpdate() and EVP_SealFinal() have exactly the same properties +as the EVP_EncryptUpdate() and EVP_EncryptFinal() routines, as +documented on the EVP_EncryptInit(3) manual +page.

    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_SealInit() returns 0 on error or npubk if successful.

    +

    EVP_SealUpdate() and EVP_SealFinal() return 1 for success and 0 for +failure.

    +

    +

    +
    +

    NOTES

    +

    Because a random secret key is generated the random number generator +must be seeded when EVP_SealInit() is called. +If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to +external circumstances (see RAND(7)), the operation will fail.

    +

    The public key must be RSA because it is the only OpenSSL public key +algorithm that supports key transport.

    +

    Envelope encryption is the usual method of using public key encryption +on large amounts of data, this is because public key encryption is slow +but symmetric encryption is fast. So symmetric encryption is used for +bulk encryption and the small random symmetric key used is transferred +using public key encryption.

    +

    It is possible to call EVP_SealInit() twice in the same way as +EVP_EncryptInit(). The first call should have npubk set to 0 +and (after setting any cipher parameters) it should be called again +with type set to NULL.

    +

    +

    +
    +

    SEE ALSO

    +

    evp(7), RAND_bytes(3), +EVP_EncryptInit(3), +EVP_OpenInit(3), +RAND(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_SignInit.html b/linux_amd64/share/doc/openssl/html/man3/EVP_SignInit.html new file mode 100755 index 0000000..adf88d8 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_SignInit.html @@ -0,0 +1,129 @@ + + + + +EVP_SignInit + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_SignInit, EVP_SignInit_ex, EVP_SignUpdate, EVP_SignFinal +- EVP signing functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + int EVP_SignInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
+ int EVP_SignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
+ int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sig, unsigned int *s, EVP_PKEY *pkey);
    +
    + void EVP_SignInit(EVP_MD_CTX *ctx, const EVP_MD *type);
    +

    +

    +
    +

    DESCRIPTION

    +

    The EVP signature routines are a high level interface to digital +signatures.

    +

    EVP_SignInit_ex() sets up signing context ctx to use digest +type from ENGINE impl. ctx must be created with +EVP_MD_CTX_new() before calling this function.

    +

    EVP_SignUpdate() hashes cnt bytes of data at d into the +signature context ctx. This function can be called several times on the +same ctx to include additional data.

    +

    EVP_SignFinal() signs the data in ctx using the private key pkey and +places the signature in sig. sig must be at least EVP_PKEY_size(pkey) +bytes in size. s is an OUT parameter, and not used as an IN parameter. +The number of bytes of data written (i.e. the length of the signature) +will be written to the integer at s, at most EVP_PKEY_size(pkey) bytes +will be written.

    +

    EVP_SignInit() initializes a signing context ctx to use the default +implementation of digest type.

    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_SignInit_ex(), EVP_SignUpdate() and EVP_SignFinal() return 1 +for success and 0 for failure.

    +

    The error codes can be obtained by ERR_get_error(3).

    +

    +

    +
    +

    NOTES

    +

    The EVP interface to digital signatures should almost always be used in +preference to the low level interfaces. This is because the code then becomes +transparent to the algorithm used and much more flexible.

    +

    When signing with DSA private keys the random number generator must be seeded. +If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to +external circumstances (see RAND(7)), the operation will fail. +This requirement does not hold for RSA signatures.

    +

    The call to EVP_SignFinal() internally finalizes a copy of the digest context. +This means that calls to EVP_SignUpdate() and EVP_SignFinal() can be called +later to digest and sign additional data.

    +

    Since only a copy of the digest context is ever finalized the context must +be cleaned up after use by calling EVP_MD_CTX_free() or a memory leak +will occur.

    +

    +

    +
    +

    BUGS

    +

    Older versions of this documentation wrongly stated that calls to +EVP_SignUpdate() could not be made after calling EVP_SignFinal().

    +

    Since the private key is passed in the call to EVP_SignFinal() any error +relating to the private key (for example an unsuitable key and digest +combination) will not be indicated until after potentially large amounts of +data have been passed through EVP_SignUpdate().

    +

    It is not possible to change the signing parameters using these function.

    +

    The previous two bugs are fixed in the newer EVP_SignDigest*() function.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_PKEY_size(3), EVP_PKEY_bits(3), EVP_PKEY_security_bits(3), +EVP_VerifyInit(3), +EVP_DigestInit(3), +evp(7), HMAC(3), MD2(3), +MD5(3), MDC2(3), RIPEMD160(3), +SHA1(3), openssl-dgst(1)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_VerifyInit.html b/linux_amd64/share/doc/openssl/html/man3/EVP_VerifyInit.html new file mode 100755 index 0000000..9982076 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_VerifyInit.html @@ -0,0 +1,125 @@ + + + + +EVP_VerifyInit + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_VerifyInit_ex, +EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal +- EVP signature verification functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + int EVP_VerifyInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
+ int EVP_VerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
+ int EVP_VerifyFinal(EVP_MD_CTX *ctx, unsigned char *sigbuf, unsigned int siglen,
+                     EVP_PKEY *pkey);
    +
    + int EVP_VerifyInit(EVP_MD_CTX *ctx, const EVP_MD *type);
    +

    +

    +
    +

    DESCRIPTION

    +

    The EVP signature verification routines are a high level interface to digital +signatures.

    +

    EVP_VerifyInit_ex() sets up verification context ctx to use digest +type from ENGINE impl. ctx must be created by calling +EVP_MD_CTX_new() before calling this function.

    +

    EVP_VerifyUpdate() hashes cnt bytes of data at d into the +verification context ctx. This function can be called several times on the +same ctx to include additional data.

    +

    EVP_VerifyFinal() verifies the data in ctx using the public key pkey +and against the siglen bytes at sigbuf.

    +

    EVP_VerifyInit() initializes verification context ctx to use the default +implementation of digest type.

    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_VerifyInit_ex() and EVP_VerifyUpdate() return 1 for success and 0 for +failure.

    +

    EVP_VerifyFinal() returns 1 for a correct signature, 0 for failure and -1 if some +other error occurred.

    +

    The error codes can be obtained by ERR_get_error(3).

    +

    +

    +
    +

    NOTES

    +

    The EVP interface to digital signatures should almost always be used in +preference to the low level interfaces. This is because the code then becomes +transparent to the algorithm used and much more flexible.

    +

    The call to EVP_VerifyFinal() internally finalizes a copy of the digest context. +This means that calls to EVP_VerifyUpdate() and EVP_VerifyFinal() can be called +later to digest and verify additional data.

    +

    Since only a copy of the digest context is ever finalized the context must +be cleaned up after use by calling EVP_MD_CTX_free() or a memory leak +will occur.

    +

    +

    +
    +

    BUGS

    +

    Older versions of this documentation wrongly stated that calls to +EVP_VerifyUpdate() could not be made after calling EVP_VerifyFinal().

    +

    Since the public key is passed in the call to EVP_SignFinal() any error +relating to the private key (for example an unsuitable key and digest +combination) will not be indicated until after potentially large amounts of +data have been passed through EVP_SignUpdate().

    +

    It is not possible to change the signing parameters using these function.

    +

    The previous two bugs are fixed in the newer EVP_DigestVerify*() function.

    +

    +

    +
    +

    SEE ALSO

    +

    evp(7), +EVP_SignInit(3), +EVP_DigestInit(3), +evp(7), HMAC(3), MD2(3), +MD5(3), MDC2(3), RIPEMD160(3), +SHA1(3), openssl-dgst(1)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_aes_128_gcm.html b/linux_amd64/share/doc/openssl/html/man3/EVP_aes_128_gcm.html new file mode 100755 index 0000000..f04f7ba --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_aes_128_gcm.html @@ -0,0 +1,221 @@ + + + + +EVP_aes_128_gcm + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_aes_128_cbc, +EVP_aes_192_cbc, +EVP_aes_256_cbc, +EVP_aes_128_cfb, +EVP_aes_192_cfb, +EVP_aes_256_cfb, +EVP_aes_128_cfb1, +EVP_aes_192_cfb1, +EVP_aes_256_cfb1, +EVP_aes_128_cfb8, +EVP_aes_192_cfb8, +EVP_aes_256_cfb8, +EVP_aes_128_cfb128, +EVP_aes_192_cfb128, +EVP_aes_256_cfb128, +EVP_aes_128_ctr, +EVP_aes_192_ctr, +EVP_aes_256_ctr, +EVP_aes_128_ecb, +EVP_aes_192_ecb, +EVP_aes_256_ecb, +EVP_aes_128_ofb, +EVP_aes_192_ofb, +EVP_aes_256_ofb, +EVP_aes_128_cbc_hmac_sha1, +EVP_aes_256_cbc_hmac_sha1, +EVP_aes_128_cbc_hmac_sha256, +EVP_aes_256_cbc_hmac_sha256, +EVP_aes_128_ccm, +EVP_aes_192_ccm, +EVP_aes_256_ccm, +EVP_aes_128_gcm, +EVP_aes_192_gcm, +EVP_aes_256_gcm, +EVP_aes_128_ocb, +EVP_aes_192_ocb, +EVP_aes_256_ocb, +EVP_aes_128_wrap, +EVP_aes_192_wrap, +EVP_aes_256_wrap, +EVP_aes_128_wrap_pad, +EVP_aes_192_wrap_pad, +EVP_aes_256_wrap_pad, +EVP_aes_128_xts, +EVP_aes_256_xts +- EVP AES cipher

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + const EVP_CIPHER *EVP_ciphername(void)
    +

    EVP_ciphername is used a placeholder for any of the described cipher +functions, such as EVP_aes_128_cbc.

    +

    +

    +
    +

    DESCRIPTION

    +

    The AES encryption algorithm for EVP.

    +
    +
    EVP_aes_128_cbc(), +EVP_aes_192_cbc(), +EVP_aes_256_cbc(), +EVP_aes_128_cfb(), +EVP_aes_192_cfb(), +EVP_aes_256_cfb(), +EVP_aes_128_cfb1(), +EVP_aes_192_cfb1(), +EVP_aes_256_cfb1(), +EVP_aes_128_cfb8(), +EVP_aes_192_cfb8(), +EVP_aes_256_cfb8(), +EVP_aes_128_cfb128(), +EVP_aes_192_cfb128(), +EVP_aes_256_cfb128(), +EVP_aes_128_ctr(), +EVP_aes_192_ctr(), +EVP_aes_256_ctr(), +EVP_aes_128_ecb(), +EVP_aes_192_ecb(), +EVP_aes_256_ecb(), +EVP_aes_128_ofb(), +EVP_aes_192_ofb(), +EVP_aes_256_ofb()
    + +
    +

    AES for 128, 192 and 256 bit keys in the following modes: CBC, CFB with 128-bit +shift, CFB with 1-bit shift, CFB with 8-bit shift, CTR, ECB, and OFB.

    +
    +
    EVP_aes_128_cbc_hmac_sha1(), +EVP_aes_256_cbc_hmac_sha1()
    + +
    +

    Authenticated encryption with AES in CBC mode using SHA-1 as HMAC, with keys of +128 and 256 bits length respectively. The authentication tag is 160 bits long.

    +

    WARNING: this is not intended for usage outside of TLS and requires calling of +some undocumented ctrl functions. These ciphers do not conform to the EVP AEAD +interface.

    +
    +
    EVP_aes_128_cbc_hmac_sha256(), +EVP_aes_256_cbc_hmac_sha256()
    + +
    +

    Authenticated encryption with AES in CBC mode using SHA256 (SHA-2, 256-bits) as +HMAC, with keys of 128 and 256 bits length respectively. The authentication tag +is 256 bits long.

    +

    WARNING: this is not intended for usage outside of TLS and requires calling of +some undocumented ctrl functions. These ciphers do not conform to the EVP AEAD +interface.

    +
    +
    EVP_aes_128_ccm(), +EVP_aes_192_ccm(), +EVP_aes_256_ccm(), +EVP_aes_128_gcm(), +EVP_aes_192_gcm(), +EVP_aes_256_gcm(), +EVP_aes_128_ocb(), +EVP_aes_192_ocb(), +EVP_aes_256_ocb()
    + +
    +

    AES for 128, 192 and 256 bit keys in CBC-MAC Mode (CCM), Galois Counter Mode +(GCM) and OCB Mode respectively. These ciphers require additional control +operations to function correctly, see the EVP_EncryptInit(3)/AEAD Interface +section for details.

    +
    +
    EVP_aes_128_wrap(), +EVP_aes_192_wrap(), +EVP_aes_256_wrap(), +EVP_aes_128_wrap_pad(), +EVP_aes_128_wrap(), +EVP_aes_192_wrap(), +EVP_aes_256_wrap(), +EVP_aes_192_wrap_pad(), +EVP_aes_128_wrap(), +EVP_aes_192_wrap(), +EVP_aes_256_wrap(), +EVP_aes_256_wrap_pad()
    + +
    +

    AES key wrap with 128, 192 and 256 bit keys, as according to RFC 3394 section +2.2.1 ("wrap") and RFC 5649 section 4.1 ("wrap with padding") respectively.

    +
    +
    EVP_aes_128_xts(), +EVP_aes_256_xts()
    + +
    +

    AES XTS mode (XTS-AES) is standardized in IEEE Std. 1619-2007 and described in NIST +SP 800-38E. The XTS (XEX-based tweaked-codebook mode with ciphertext stealing) +mode was designed by Prof. Phillip Rogaway of University of California, Davis, +intended for encrypting data on a storage device.

    +

    XTS-AES provides confidentiality but not authentication of data. It also +requires a key of double-length for protection of a certain key size. +In particular, XTS-AES-128 (EVP_aes_128_xts) takes input of a 256-bit key to +achieve AES 128-bit security, and XTS-AES-256 (EVP_aes_256_xts) takes input +of a 512-bit key to achieve AES 256-bit security.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    These functions return an EVP_CIPHER structure that contains the +implementation of the symmetric cipher. See EVP_CIPHER_meth_new(3) for +details of the EVP_CIPHER structure.

    +

    +

    +
    +

    SEE ALSO

    +

    evp(7), +EVP_EncryptInit(3), +EVP_CIPHER_meth_new(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_aria_128_gcm.html b/linux_amd64/share/doc/openssl/html/man3/EVP_aria_128_gcm.html new file mode 100755 index 0000000..e4c95e7 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_aria_128_gcm.html @@ -0,0 +1,150 @@ + + + + +EVP_aria_128_gcm + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_aria_128_cbc, +EVP_aria_192_cbc, +EVP_aria_256_cbc, +EVP_aria_128_cfb, +EVP_aria_192_cfb, +EVP_aria_256_cfb, +EVP_aria_128_cfb1, +EVP_aria_192_cfb1, +EVP_aria_256_cfb1, +EVP_aria_128_cfb8, +EVP_aria_192_cfb8, +EVP_aria_256_cfb8, +EVP_aria_128_cfb128, +EVP_aria_192_cfb128, +EVP_aria_256_cfb128, +EVP_aria_128_ctr, +EVP_aria_192_ctr, +EVP_aria_256_ctr, +EVP_aria_128_ecb, +EVP_aria_192_ecb, +EVP_aria_256_ecb, +EVP_aria_128_ofb, +EVP_aria_192_ofb, +EVP_aria_256_ofb, +EVP_aria_128_ccm, +EVP_aria_192_ccm, +EVP_aria_256_ccm, +EVP_aria_128_gcm, +EVP_aria_192_gcm, +EVP_aria_256_gcm, +- EVP ARIA cipher

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + const EVP_CIPHER *EVP_ciphername(void)
    +

    EVP_ciphername is used a placeholder for any of the described cipher +functions, such as EVP_aria_128_cbc.

    +

    +

    +
    +

    DESCRIPTION

    +

    The ARIA encryption algorithm for EVP.

    +
    +
    EVP_aria_128_cbc(), +EVP_aria_192_cbc(), +EVP_aria_256_cbc(), +EVP_aria_128_cfb(), +EVP_aria_192_cfb(), +EVP_aria_256_cfb(), +EVP_aria_128_cfb1(), +EVP_aria_192_cfb1(), +EVP_aria_256_cfb1(), +EVP_aria_128_cfb8(), +EVP_aria_192_cfb8(), +EVP_aria_256_cfb8(), +EVP_aria_128_cfb128(), +EVP_aria_192_cfb128(), +EVP_aria_256_cfb128(), +EVP_aria_128_ctr(), +EVP_aria_192_ctr(), +EVP_aria_256_ctr(), +EVP_aria_128_ecb(), +EVP_aria_192_ecb(), +EVP_aria_256_ecb(), +EVP_aria_128_ofb(), +EVP_aria_192_ofb(), +EVP_aria_256_ofb()
    + +
    +

    ARIA for 128, 192 and 256 bit keys in the following modes: CBC, CFB with +128-bit shift, CFB with 1-bit shift, CFB with 8-bit shift, CTR, ECB and OFB.

    +
    +
    EVP_aria_128_ccm(), +EVP_aria_192_ccm(), +EVP_aria_256_ccm(), +EVP_aria_128_gcm(), +EVP_aria_192_gcm(), +EVP_aria_256_gcm(),
    + +
    +

    ARIA for 128, 192 and 256 bit keys in CBC-MAC Mode (CCM) and Galois Counter +Mode (GCM). These ciphers require additional control operations to function +correctly, see the EVP_EncryptInit(3)/AEAD Interface section for details.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    These functions return an EVP_CIPHER structure that contains the +implementation of the symmetric cipher. See EVP_CIPHER_meth_new(3) for +details of the EVP_CIPHER structure.

    +

    +

    +
    +

    SEE ALSO

    +

    evp(7), +EVP_EncryptInit(3), +EVP_CIPHER_meth_new(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_bf_cbc.html b/linux_amd64/share/doc/openssl/html/man3/EVP_bf_cbc.html new file mode 100755 index 0000000..e4a1b09 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_bf_cbc.html @@ -0,0 +1,96 @@ + + + + +EVP_bf_cbc + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_bf_cbc, +EVP_bf_cfb, +EVP_bf_cfb64, +EVP_bf_ecb, +EVP_bf_ofb +- EVP Blowfish cipher

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + const EVP_CIPHER *EVP_bf_cbc(void)
+ const EVP_CIPHER *EVP_bf_cfb(void)
+ const EVP_CIPHER *EVP_bf_cfb64(void)
+ const EVP_CIPHER *EVP_bf_ecb(void)
+ const EVP_CIPHER *EVP_bf_ofb(void)
    +

    +

    +
    +

    DESCRIPTION

    +

    The Blowfish encryption algorithm for EVP.

    +

    This is a variable key length cipher.

    +
    +
    EVP_bf_cbc(), +EVP_bf_cfb(), +EVP_bf_cfb64(), +EVP_bf_ecb(), +EVP_bf_ofb()
    + +
    +

    Blowfish encryption algorithm in CBC, CFB, ECB and OFB modes respectively.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    These functions return an EVP_CIPHER structure that contains the +implementation of the symmetric cipher. See EVP_CIPHER_meth_new(3) for +details of the EVP_CIPHER structure.

    +

    +

    +
    +

    SEE ALSO

    +

    evp(7), +EVP_EncryptInit(3), +EVP_CIPHER_meth_new(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_blake2b512.html b/linux_amd64/share/doc/openssl/html/man3/EVP_blake2b512.html new file mode 100755 index 0000000..ec85ebb --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_blake2b512.html @@ -0,0 +1,105 @@ + + + + +EVP_blake2b512 + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_blake2b512, +EVP_blake2s256 +- BLAKE2 For EVP

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + const EVP_MD *EVP_blake2b512(void);
+ const EVP_MD *EVP_blake2s256(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    BLAKE2 is an improved version of BLAKE, which was submitted to the NIST SHA-3 +algorithm competition. The BLAKE2s and BLAKE2b algorithms are described in +RFC 7693.

    +
    +
    EVP_blake2s256()
    + +
    +

    The BLAKE2s algorithm that produces a 256-bit output from a given input.

    +
    +
    EVP_blake2b512()
    + +
    +

    The BLAKE2b algorithm that produces a 512-bit output from a given input.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    These functions return a EVP_MD structure that contains the +implementation of the symmetric cipher. See EVP_MD_meth_new(3) for +details of the EVP_MD structure.

    +

    +

    +
    +

    CONFORMING TO

    +

    RFC 7693.

    +

    +

    +
    +

    NOTES

    +

    While the BLAKE2b and BLAKE2s algorithms supports a variable length digest, +this implementation outputs a digest of a fixed length (the maximum length +supported), which is 512-bits for BLAKE2b and 256-bits for BLAKE2s.

    +

    +

    +
    +

    SEE ALSO

    +

    evp(7), +EVP_DigestInit(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_camellia_128_ecb.html b/linux_amd64/share/doc/openssl/html/man3/EVP_camellia_128_ecb.html new file mode 100755 index 0000000..185e3cb --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_camellia_128_ecb.html @@ -0,0 +1,132 @@ + + + + +EVP_camellia_128_ecb + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_camellia_128_cbc, +EVP_camellia_192_cbc, +EVP_camellia_256_cbc, +EVP_camellia_128_cfb, +EVP_camellia_192_cfb, +EVP_camellia_256_cfb, +EVP_camellia_128_cfb1, +EVP_camellia_192_cfb1, +EVP_camellia_256_cfb1, +EVP_camellia_128_cfb8, +EVP_camellia_192_cfb8, +EVP_camellia_256_cfb8, +EVP_camellia_128_cfb128, +EVP_camellia_192_cfb128, +EVP_camellia_256_cfb128, +EVP_camellia_128_ctr, +EVP_camellia_192_ctr, +EVP_camellia_256_ctr, +EVP_camellia_128_ecb, +EVP_camellia_192_ecb, +EVP_camellia_256_ecb, +EVP_camellia_128_ofb, +EVP_camellia_192_ofb, +EVP_camellia_256_ofb +- EVP Camellia cipher

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + const EVP_CIPHER *EVP_ciphername(void)
    +

    EVP_ciphername is used a placeholder for any of the described cipher +functions, such as EVP_camellia_128_cbc.

    +

    +

    +
    +

    DESCRIPTION

    +

    The Camellia encryption algorithm for EVP.

    +
    +
    EVP_camellia_128_cbc(), +EVP_camellia_192_cbc(), +EVP_camellia_256_cbc(), +EVP_camellia_128_cfb(), +EVP_camellia_192_cfb(), +EVP_camellia_256_cfb(), +EVP_camellia_128_cfb1(), +EVP_camellia_192_cfb1(), +EVP_camellia_256_cfb1(), +EVP_camellia_128_cfb8(), +EVP_camellia_192_cfb8(), +EVP_camellia_256_cfb8(), +EVP_camellia_128_cfb128(), +EVP_camellia_192_cfb128(), +EVP_camellia_256_cfb128(), +EVP_camellia_128_ctr(), +EVP_camellia_192_ctr(), +EVP_camellia_256_ctr(), +EVP_camellia_128_ecb(), +EVP_camellia_192_ecb(), +EVP_camellia_256_ecb(), +EVP_camellia_128_ofb(), +EVP_camellia_192_ofb(), +EVP_camellia_256_ofb()
    + +
    +

    Camellia for 128, 192 and 256 bit keys in the following modes: CBC, CFB with +128-bit shift, CFB with 1-bit shift, CFB with 8-bit shift, CTR, ECB and OFB.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    These functions return an EVP_CIPHER structure that contains the +implementation of the symmetric cipher. See EVP_CIPHER_meth_new(3) for +details of the EVP_CIPHER structure.

    +

    +

    +
    +

    SEE ALSO

    +

    evp(7), +EVP_EncryptInit(3), +EVP_CIPHER_meth_new(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_cast5_cbc.html b/linux_amd64/share/doc/openssl/html/man3/EVP_cast5_cbc.html new file mode 100755 index 0000000..ee165f0 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_cast5_cbc.html @@ -0,0 +1,96 @@ + + + + +EVP_cast5_cbc + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_cast5_cbc, +EVP_cast5_cfb, +EVP_cast5_cfb64, +EVP_cast5_ecb, +EVP_cast5_ofb +- EVP CAST cipher

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + const EVP_CIPHER *EVP_cast5_cbc(void)
+ const EVP_CIPHER *EVP_cast5_cfb(void)
+ const EVP_CIPHER *EVP_cast5_cfb64(void)
+ const EVP_CIPHER *EVP_cast5_ecb(void)
+ const EVP_CIPHER *EVP_cast5_ofb(void)
    +

    +

    +
    +

    DESCRIPTION

    +

    The CAST encryption algorithm for EVP.

    +

    This is a variable key length cipher.

    +
    +
    EVP_cast5_cbc(), +EVP_cast5_ecb(), +EVP_cast5_cfb(), +EVP_cast5_cfb64(), +EVP_cast5_ofb()
    + +
    +

    CAST encryption algorithm in CBC, ECB, CFB and OFB modes respectively.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    These functions return an EVP_CIPHER structure that contains the +implementation of the symmetric cipher. See EVP_CIPHER_meth_new(3) for +details of the EVP_CIPHER structure.

    +

    +

    +
    +

    SEE ALSO

    +

    evp(7), +EVP_EncryptInit(3), +EVP_CIPHER_meth_new(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_chacha20.html b/linux_amd64/share/doc/openssl/html/man3/EVP_chacha20.html new file mode 100755 index 0000000..98a9959 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_chacha20.html @@ -0,0 +1,98 @@ + + + + +EVP_chacha20 + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_chacha20, +EVP_chacha20_poly1305 +- EVP ChaCha20 stream cipher

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + const EVP_CIPHER *EVP_chacha20(void)
+ const EVP_CIPHER *EVP_chacha20_poly1305(void)
    +

    +

    +
    +

    DESCRIPTION

    +

    The ChaCha20 stream cipher for EVP.

    +
    +
    EVP_chacha20()
    + +
    +

    The ChaCha20 stream cipher. The key length is 256 bits, the IV is 128 bits long. +The first 32 bits consists of a counter in little-endian order followed by a 96 +bit nonce. For example a nonce of:

    +

    000000000000000000000002

    +

    With an initial counter of 42 (2a in hex) would be expressed as:

    +

    2a000000000000000000000000000002

    +
    +
    EVP_chacha20_poly1305()
    + +
    +

    Authenticated encryption with ChaCha20-Poly1305. Like EVP_chacha20(), the key +is 256 bits and the IV is 96 bits. This supports additional authenticated data +(AAD) and produces a 128-bit authentication tag. See the +EVP_EncryptInit(3)/AEAD Interface section for more information.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    These functions return an EVP_CIPHER structure that contains the +implementation of the symmetric cipher. See EVP_CIPHER_meth_new(3) for +details of the EVP_CIPHER structure.

    +

    +

    +
    +

    SEE ALSO

    +

    evp(7), +EVP_EncryptInit(3), +EVP_CIPHER_meth_new(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_des_cbc.html b/linux_amd64/share/doc/openssl/html/man3/EVP_des_cbc.html new file mode 100755 index 0000000..ee11ea0 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_des_cbc.html @@ -0,0 +1,141 @@ + + + + +EVP_des_cbc + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_des_cbc, +EVP_des_cfb, +EVP_des_cfb1, +EVP_des_cfb8, +EVP_des_cfb64, +EVP_des_ecb, +EVP_des_ofb, +EVP_des_ede, +EVP_des_ede_cbc, +EVP_des_ede_cfb, +EVP_des_ede_cfb64, +EVP_des_ede_ecb, +EVP_des_ede_ofb, +EVP_des_ede3, +EVP_des_ede3_cbc, +EVP_des_ede3_cfb, +EVP_des_ede3_cfb1, +EVP_des_ede3_cfb8, +EVP_des_ede3_cfb64, +EVP_des_ede3_ecb, +EVP_des_ede3_ofb, +EVP_des_ede3_wrap +- EVP DES cipher

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + const EVP_CIPHER *EVP_ciphername(void)
    +

    EVP_ciphername is used a placeholder for any of the described cipher +functions, such as EVP_des_cbc.

    +

    +

    +
    +

    DESCRIPTION

    +

    The DES encryption algorithm for EVP.

    +
    +
    EVP_des_cbc(), +EVP_des_ecb(), +EVP_des_cfb(), +EVP_des_cfb1(), +EVP_des_cfb8(), +EVP_des_cfb64(), +EVP_des_ofb()
    + +
    +

    DES in CBC, ECB, CFB with 64-bit shift, CFB with 1-bit shift, CFB with 8-bit +shift and OFB modes.

    +
    +
    EVP_des_ede(), +EVP_des_ede_cbc(), +EVP_des_ede_cfb(), +EVP_des_ede_cfb64(), +EVP_des_ede_ecb(), +EVP_des_ede_ofb()
    + +
    +

    Two key triple DES in ECB, CBC, CFB with 64-bit shift and OFB modes.

    +
    +
    EVP_des_ede3(), +EVP_des_ede3_cbc(), +EVP_des_ede3_cfb(), +EVP_des_ede3_cfb1(), +EVP_des_ede3_cfb8(), +EVP_des_ede3_cfb64(), +EVP_des_ede3_ecb(), +EVP_des_ede3_ofb()
    + +
    +

    Three-key triple DES in ECB, CBC, CFB with 64-bit shift, CFB with 1-bit shift, +CFB with 8-bit shift and OFB modes.

    +
    +
    EVP_des_ede3_wrap()
    + +
    +

    Triple-DES key wrap according to RFC 3217 Section 3.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    These functions return an EVP_CIPHER structure that contains the +implementation of the symmetric cipher. See EVP_CIPHER_meth_new(3) for +details of the EVP_CIPHER structure.

    +

    +

    +
    +

    SEE ALSO

    +

    evp(7), +EVP_EncryptInit(3), +EVP_CIPHER_meth_new(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_desx_cbc.html b/linux_amd64/share/doc/openssl/html/man3/EVP_desx_cbc.html new file mode 100755 index 0000000..a770216 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_desx_cbc.html @@ -0,0 +1,84 @@ + + + + +EVP_desx_cbc + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_desx_cbc +- EVP DES-X cipher

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + const EVP_CIPHER *EVP_desx_cbc(void)
    +

    +

    +
    +

    DESCRIPTION

    +

    The DES-X encryption algorithm for EVP.

    +

    All modes below use a key length of 128 bits and acts on blocks of 128-bits.

    +
    +
    EVP_desx_cbc()
    + +
    +

    The DES-X algorithm in CBC mode.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    These functions return an EVP_CIPHER structure that contains the +implementation of the symmetric cipher. See EVP_CIPHER_meth_new(3) for +details of the EVP_CIPHER structure.

    +

    +

    +
    +

    SEE ALSO

    +

    evp(7), +EVP_EncryptInit(3), +EVP_CIPHER_meth_new(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_idea_cbc.html b/linux_amd64/share/doc/openssl/html/man3/EVP_idea_cbc.html new file mode 100755 index 0000000..710bc00 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_idea_cbc.html @@ -0,0 +1,95 @@ + + + + +EVP_idea_cbc + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_idea_cbc, +EVP_idea_cfb, +EVP_idea_cfb64, +EVP_idea_ecb, +EVP_idea_ofb +- EVP IDEA cipher

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + const EVP_CIPHER *EVP_idea_cbc(void)
+ const EVP_CIPHER *EVP_idea_cfb(void)
+ const EVP_CIPHER *EVP_idea_cfb64(void)
+ const EVP_CIPHER *EVP_idea_ecb(void)
+ const EVP_CIPHER *EVP_idea_ofb(void)
    +

    +

    +
    +

    DESCRIPTION

    +

    The IDEA encryption algorithm for EVP.

    +
    +
    EVP_idea_cbc(), +EVP_idea_cfb(), +EVP_idea_cfb64(), +EVP_idea_ecb(), +EVP_idea_ofb()
    + +
    +

    The IDEA encryption algorithm in CBC, CFB, ECB and OFB modes respectively.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    These functions return an EVP_CIPHER structure that contains the +implementation of the symmetric cipher. See EVP_CIPHER_meth_new(3) for +details of the EVP_CIPHER structure.

    +

    +

    +
    +

    SEE ALSO

    +

    evp(7), +EVP_EncryptInit(3), +EVP_CIPHER_meth_new(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_md2.html b/linux_amd64/share/doc/openssl/html/man3/EVP_md2.html new file mode 100755 index 0000000..fce5681 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_md2.html @@ -0,0 +1,89 @@ + + + + +EVP_md2 + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_md2 +- MD2 For EVP

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + const EVP_MD *EVP_md2(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    MD2 is a cryptographic hash function standardized in RFC 1319 and designed by +Ronald Rivest.

    +
    +
    EVP_md2()
    + +
    +

    The MD2 algorithm which produces a 128-bit output from a given input.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    These functions return a EVP_MD structure that contains the +implementation of the symmetric cipher. See EVP_MD_meth_new(3) for +details of the EVP_MD structure.

    +

    +

    +
    +

    CONFORMING TO

    +

    IETF RFC 1319.

    +

    +

    +
    +

    SEE ALSO

    +

    evp(7), +EVP_DigestInit(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_md4.html b/linux_amd64/share/doc/openssl/html/man3/EVP_md4.html new file mode 100755 index 0000000..240290b --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_md4.html @@ -0,0 +1,89 @@ + + + + +EVP_md4 + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_md4 +- MD4 For EVP

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + const EVP_MD *EVP_md4(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    MD4 is a cryptographic hash function standardized in RFC 1320 and designed by +Ronald Rivest, first published in 1990.

    +
    +
    EVP_md4()
    + +
    +

    The MD4 algorithm which produces a 128-bit output from a given input.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    These functions return a EVP_MD structure that contains the +implementation of the symmetric cipher. See EVP_MD_meth_new(3) for +details of the EVP_MD structure.

    +

    +

    +
    +

    CONFORMING TO

    +

    IETF RFC 1320.

    +

    +

    +
    +

    SEE ALSO

    +

    evp(7), +EVP_DigestInit(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_md5.html b/linux_amd64/share/doc/openssl/html/man3/EVP_md5.html new file mode 100755 index 0000000..ec6e6c2 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_md5.html @@ -0,0 +1,100 @@ + + + + +EVP_md5 + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_md5, +EVP_md5_sha1 +- MD5 For EVP

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + const EVP_MD *EVP_md5(void);
+ const EVP_MD *EVP_md5_sha1(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    MD5 is a cryptographic hash function standardized in RFC 1321 and designed by +Ronald Rivest.

    +

    The CMU Software Engineering Institute considers MD5 unsuitable for further +use since its security has been severely compromised.

    +
    +
    EVP_md5()
    + +
    +

    The MD5 algorithm which produces a 128-bit output from a given input.

    +
    +
    EVP_md5_sha1()
    + +
    +

    A hash algorithm of SSL v3 that combines MD5 with SHA-1 as described in RFC +6101.

    +

    WARNING: this algorithm is not intended for non-SSL usage.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    These functions return a EVP_MD structure that contains the +implementation of the symmetric cipher. See EVP_MD_meth_new(3) for +details of the EVP_MD structure.

    +

    +

    +
    +

    CONFORMING TO

    +

    IETF RFC 1321.

    +

    +

    +
    +

    SEE ALSO

    +

    evp(7), +EVP_DigestInit(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_mdc2.html b/linux_amd64/share/doc/openssl/html/man3/EVP_mdc2.html new file mode 100755 index 0000000..87e4eb1 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_mdc2.html @@ -0,0 +1,90 @@ + + + + +EVP_mdc2 + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_mdc2 +- MDC-2 For EVP

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + const EVP_MD *EVP_mdc2(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    MDC-2 (Modification Detection Code 2 or Meyer-Schilling) is a cryptographic +hash function based on a block cipher.

    +
    +
    EVP_mdc2()
    + +
    +

    The MDC-2DES algorithm of using MDC-2 with the DES block cipher. It produces a +128-bit output from a given input.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    These functions return a EVP_MD structure that contains the +implementation of the symmetric cipher. See EVP_MD_meth_new(3) for +details of the EVP_MD structure.

    +

    +

    +
    +

    CONFORMING TO

    +

    ISO/IEC 10118-2:2000 Hash-Function 2, with DES as the underlying block cipher.

    +

    +

    +
    +

    SEE ALSO

    +

    evp(7), +EVP_DigestInit(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_rc2_cbc.html b/linux_amd64/share/doc/openssl/html/man3/EVP_rc2_cbc.html new file mode 100755 index 0000000..f16d4c2 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_rc2_cbc.html @@ -0,0 +1,111 @@ + + + + +EVP_rc2_cbc + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_rc2_cbc, +EVP_rc2_cfb, +EVP_rc2_cfb64, +EVP_rc2_ecb, +EVP_rc2_ofb, +EVP_rc2_40_cbc, +EVP_rc2_64_cbc +- EVP RC2 cipher

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + const EVP_CIPHER *EVP_rc2_cbc(void)
+ const EVP_CIPHER *EVP_rc2_cfb(void)
+ const EVP_CIPHER *EVP_rc2_cfb64(void)
+ const EVP_CIPHER *EVP_rc2_ecb(void)
+ const EVP_CIPHER *EVP_rc2_ofb(void)
+ const EVP_CIPHER *EVP_rc2_40_cbc(void)
+ const EVP_CIPHER *EVP_rc2_64_cbc(void)
    +

    +

    +
    +

    DESCRIPTION

    +

    The RC2 encryption algorithm for EVP.

    +
    +
    EVP_rc2_cbc(), +EVP_rc2_cfb(), +EVP_rc2_cfb64(), +EVP_rc2_ecb(), +EVP_rc2_ofb()
    + +
    +

    RC2 encryption algorithm in CBC, CFB, ECB and OFB modes respectively. This is a +variable key length cipher with an additional parameter called "effective key +bits" or "effective key length". By default both are set to 128 bits.

    +
    +
    EVP_rc2_40_cbc(), +EVP_rc2_64_cbc()
    + +
    +

    RC2 algorithm in CBC mode with a default key length and effective key length of +40 and 64 bits.

    +

    WARNING: these functions are obsolete. Their usage should be replaced with the +EVP_rc2_cbc(), EVP_CIPHER_CTX_set_key_length() and EVP_CIPHER_CTX_ctrl() +functions to set the key length and effective key length.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    These functions return an EVP_CIPHER structure that contains the +implementation of the symmetric cipher. See EVP_CIPHER_meth_new(3) for +details of the EVP_CIPHER structure.

    +

    +

    +
    +

    SEE ALSO

    +

    evp(7), +EVP_EncryptInit(3), +EVP_CIPHER_meth_new(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_rc4.html b/linux_amd64/share/doc/openssl/html/man3/EVP_rc4.html new file mode 100755 index 0000000..4b519d4 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_rc4.html @@ -0,0 +1,103 @@ + + + + +EVP_rc4 + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_rc4, +EVP_rc4_40, +EVP_rc4_hmac_md5 +- EVP RC4 stream cipher

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + const EVP_CIPHER *EVP_rc4(void)
+ const EVP_CIPHER *EVP_rc4_40(void)
+ const EVP_CIPHER *EVP_rc4_hmac_md5(void)
    +

    +

    +
    +

    DESCRIPTION

    +

    The RC4 stream cipher for EVP.

    +
    +
    EVP_rc4()
    + +
    +

    RC4 stream cipher. This is a variable key length cipher with a default key +length of 128 bits.

    +
    +
    EVP_rc4_40()
    + +
    +

    RC4 stream cipher with 40 bit key length.

    +

    WARNING: this function is obsolete. Its usage should be replaced with the +EVP_rc4() and the EVP_CIPHER_CTX_set_key_length() functions.

    +
    +
    EVP_rc4_hmac_md5()
    + +
    +

    Authenticated encryption with the RC4 stream cipher with MD5 as HMAC.

    +

    WARNING: this is not intended for usage outside of TLS and requires calling of +some undocumented ctrl functions. These ciphers do not conform to the EVP AEAD +interface.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    These functions return an EVP_CIPHER structure that contains the +implementation of the symmetric cipher. See EVP_CIPHER_meth_new(3) for +details of the EVP_CIPHER structure.

    +

    +

    +
    +

    SEE ALSO

    +

    evp(7), +EVP_EncryptInit(3), +EVP_CIPHER_meth_new(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_rc5_32_12_16_cbc.html b/linux_amd64/share/doc/openssl/html/man3/EVP_rc5_32_12_16_cbc.html new file mode 100755 index 0000000..fd63225 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_rc5_32_12_16_cbc.html @@ -0,0 +1,115 @@ + + + + +EVP_rc5_32_12_16_cbc + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_rc5_32_12_16_cbc, +EVP_rc5_32_12_16_cfb, +EVP_rc5_32_12_16_cfb64, +EVP_rc5_32_12_16_ecb, +EVP_rc5_32_12_16_ofb +- EVP RC5 cipher

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + const EVP_CIPHER *EVP_rc5_32_12_16_cbc(void)
+ const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void)
+ const EVP_CIPHER *EVP_rc5_32_12_16_cfb64(void)
+ const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void)
+ const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void)
    +

    +

    +
    +

    DESCRIPTION

    +

    The RC5 encryption algorithm for EVP.

    +
    +
    EVP_rc5_32_12_16_cbc(), +EVP_rc5_32_12_16_cfb(), +EVP_rc5_32_12_16_cfb64(), +EVP_rc5_32_12_16_ecb(), +EVP_rc5_32_12_16_ofb()
    + +
    +

    RC5 encryption algorithm in CBC, CFB, ECB and OFB modes respectively. This is a +variable key length cipher with an additional "number of rounds" parameter. By +default the key length is set to 128 bits and 12 rounds. Alternative key lengths +can be set using EVP_CIPHER_CTX_set_key_length(3). The maximum key length is +2040 bits.

    +

    The following rc5 specific ctrls are supported (see +EVP_CIPHER_CTX_ctrl(3)).

    +
    +
    EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC5_ROUNDS, rounds, NULL)
    + +
    +

    Sets the number of rounds to rounds. This must be one of RC5_8_ROUNDS, +RC5_12_ROUNDS or RC5_16_ROUNDS.

    +
    +
    EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC5_ROUNDS, 0, &rounds)
    + +
    +

    Stores the number of rounds currently configured in *rounds where *rounds +is an int.

    +
    +
    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    These functions return an EVP_CIPHER structure that contains the +implementation of the symmetric cipher. See EVP_CIPHER_meth_new(3) for +details of the EVP_CIPHER structure.

    +

    +

    +
    +

    SEE ALSO

    +

    evp(7), +EVP_EncryptInit(3), +EVP_CIPHER_meth_new(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_ripemd160.html b/linux_amd64/share/doc/openssl/html/man3/EVP_ripemd160.html new file mode 100755 index 0000000..1a77784 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_ripemd160.html @@ -0,0 +1,89 @@ + + + + +EVP_ripemd160 + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_ripemd160 +- RIPEMD160 For EVP

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + const EVP_MD *EVP_ripemd160(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    RIPEMD-160 is a cryptographic hash function first published in 1996 belonging +to the RIPEMD family (RACE Integrity Primitives Evaluation Message Digest).

    +
    +
    EVP_ripemd160()
    + +
    +

    The RIPEMD-160 algorithm which produces a 160-bit output from a given input.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    These functions return a EVP_MD structure that contains the +implementation of the symmetric cipher. See EVP_MD_meth_new(3) for +details of the EVP_MD structure.

    +

    +

    +
    +

    CONFORMING TO

    +

    ISO/IEC 10118-3:2016 Dedicated Hash-Function 1 (RIPEMD-160).

    +

    +

    +
    +

    SEE ALSO

    +

    evp(7), +EVP_DigestInit(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_seed_cbc.html b/linux_amd64/share/doc/openssl/html/man3/EVP_seed_cbc.html new file mode 100755 index 0000000..126caa8 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_seed_cbc.html @@ -0,0 +1,96 @@ + + + + +EVP_seed_cbc + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_seed_cbc, +EVP_seed_cfb, +EVP_seed_cfb128, +EVP_seed_ecb, +EVP_seed_ofb +- EVP SEED cipher

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + const EVP_CIPHER *EVP_seed_cbc(void)
+ const EVP_CIPHER *EVP_seed_cfb(void)
+ const EVP_CIPHER *EVP_seed_cfb128(void)
+ const EVP_CIPHER *EVP_seed_ecb(void)
+ const EVP_CIPHER *EVP_seed_ofb(void)
    +

    +

    +
    +

    DESCRIPTION

    +

    The SEED encryption algorithm for EVP.

    +

    All modes below use a key length of 128 bits and acts on blocks of 128-bits.

    +
    +
    EVP_seed_cbc(), +EVP_seed_cfb(), +EVP_seed_cfb128(), +EVP_seed_ecb(), +EVP_seed_ofb()
    + +
    +

    The SEED encryption algorithm in CBC, CFB, ECB and OFB modes respectively.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    These functions return an EVP_CIPHER structure that contains the +implementation of the symmetric cipher. See EVP_CIPHER_meth_new(3) for +details of the EVP_CIPHER structure.

    +

    +

    +
    +

    SEE ALSO

    +

    evp(7), +EVP_EncryptInit(3), +EVP_CIPHER_meth_new(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_set_default_properties.html b/linux_amd64/share/doc/openssl/html/man3/EVP_set_default_properties.html new file mode 100755 index 0000000..8ccb3d1 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_set_default_properties.html @@ -0,0 +1,85 @@ + + + + +EVP_set_default_properties + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_set_default_properties +- Set default properties for future algorithm fetches

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + int EVP_set_default_properties(OPENSSL_CTX *libctx, const char *propq);
    +

    +

    +
    +

    DESCRIPTION

    +

    EVP_set_default_properties() sets the default properties for all +future EVP algorithm fetches, implicit as well as explicit.

    +

    EVP_set_default_properties stores the properties given with the string +propq among the EVP data that's been stored in the library context +given with libctx (NULL signifies the default library context).

    +

    Any previous default property for the specified library context will +be dropped.

    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_set_default_properties() returns 1 on success, or 0 on failure. +The latter adds an error on the error stack.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_MD_fetch(3)

    +

    +

    +
    +

    HISTORY

    +

    The functions described here were added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_sha1.html b/linux_amd64/share/doc/openssl/html/man3/EVP_sha1.html new file mode 100755 index 0000000..f8a3746 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_sha1.html @@ -0,0 +1,90 @@ + + + + +EVP_sha1 + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_sha1 +- SHA-1 For EVP

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + const EVP_MD *EVP_sha1(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    SHA-1 (Secure Hash Algorithm 1) is a cryptographic hash function standardized +in NIST FIPS 180-4. The algorithm was designed by the United States National +Security Agency and initially published in 1995.

    +
    +
    EVP_sha1()
    + +
    +

    The SHA-1 algorithm which produces a 160-bit output from a given input.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    These functions return a EVP_MD structure that contains the +implementation of the symmetric cipher. See EVP_MD_meth_new(3) for +details of the EVP_MD structure.

    +

    +

    +
    +

    CONFORMING TO

    +

    NIST FIPS 180-4.

    +

    +

    +
    +

    SEE ALSO

    +

    evp(7), +EVP_DigestInit(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_sha224.html b/linux_amd64/share/doc/openssl/html/man3/EVP_sha224.html new file mode 100755 index 0000000..e0648cd --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_sha224.html @@ -0,0 +1,109 @@ + + + + +EVP_sha224 + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_sha224, +EVP_sha256, +EVP_sha512_224, +EVP_sha512_256, +EVP_sha384, +EVP_sha512 +- SHA-2 For EVP

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + const EVP_MD *EVP_sha224(void);
+ const EVP_MD *EVP_sha256(void);
+ const EVP_MD *EVP_sha512_224(void);
+ const EVP_MD *EVP_sha512_256(void);
+ const EVP_MD *EVP_sha384(void);
+ const EVP_MD *EVP_sha512(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    SHA-2 (Secure Hash Algorithm 2) is a family of cryptographic hash functions +standardized in NIST FIPS 180-4, first published in 2001.

    +
    +
    EVP_sha224(), +EVP_sha256(), +EVP_sha512_224, +EVP_sha512_256, +EVP_sha384(), +EVP_sha512()
    + +
    +

    The SHA-2 SHA-224, SHA-256, SHA-512/224, SHA512/256, SHA-384 and SHA-512 +algorithms, which generate 224, 256, 224, 256, 384 and 512 bits +respectively of output from a given input.

    +

    The two algorithms: SHA-512/224 and SHA512/256 are truncated forms of the +SHA-512 algorithm. They are distinct from SHA-224 and SHA-256 even though +their outputs are of the same size.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    These functions return a EVP_MD structure that contains the +implementation of the symmetric cipher. See EVP_MD_meth_new(3) for +details of the EVP_MD structure.

    +

    +

    +
    +

    CONFORMING TO

    +

    NIST FIPS 180-4.

    +

    +

    +
    +

    SEE ALSO

    +

    evp(7), +EVP_DigestInit(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_sha3_224.html b/linux_amd64/share/doc/openssl/html/man3/EVP_sha3_224.html new file mode 100755 index 0000000..8f8807f --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_sha3_224.html @@ -0,0 +1,115 @@ + + + + +EVP_sha3_224 + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_sha3_224, +EVP_sha3_256, +EVP_sha3_384, +EVP_sha3_512, +EVP_shake128, +EVP_shake256 +- SHA-3 For EVP

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + const EVP_MD *EVP_sha3_224(void);
+ const EVP_MD *EVP_sha3_256(void);
+ const EVP_MD *EVP_sha3_384(void);
+ const EVP_MD *EVP_sha3_512(void);
    +
    + const EVP_MD *EVP_shake128(void);
+ const EVP_MD *EVP_shake256(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    SHA-3 (Secure Hash Algorithm 3) is a family of cryptographic hash functions +standardized in NIST FIPS 202, first published in 2015. It is based on the +Keccak algorithm.

    +
    +
    EVP_sha3_224(), +EVP_sha3_256(), +EVP_sha3_384(), +EVP_sha3_512()
    + +
    +

    The SHA-3 SHA-3-224, SHA-3-256, SHA-3-384, and SHA-3-512 algorithms +respectively. They produce 224, 256, 384 and 512 bits of output from a given +input.

    +
    +
    EVP_shake128(), +EVP_shake256()
    + +
    +

    The SHAKE-128 and SHAKE-256 Extendable Output Functions (XOF) that can generate +a variable hash length.

    +

    Specifically, EVP_shake128 provides an overall security of 128 bits, while +EVP_shake256 provides that of 256 bits.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    These functions return a EVP_MD structure that contains the +implementation of the symmetric cipher. See EVP_MD_meth_new(3) for +details of the EVP_MD structure.

    +

    +

    +
    +

    CONFORMING TO

    +

    NIST FIPS 202.

    +

    +

    +
    +

    SEE ALSO

    +

    evp(7), +EVP_DigestInit(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_sm3.html b/linux_amd64/share/doc/openssl/html/man3/EVP_sm3.html new file mode 100755 index 0000000..b34e265 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_sm3.html @@ -0,0 +1,90 @@ + + + + +EVP_sm3 + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_sm3 +- SM3 for EVP

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + const EVP_MD *EVP_sm3(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    SM3 is a cryptographic hash function with a 256-bit output, defined in GB/T +32905-2016.

    +
    +
    EVP_sm3()
    + +
    +

    The SM3 hash function.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    These functions return a EVP_MD structure that contains the +implementation of the symmetric cipher. See EVP_MD_meth_new(3) for +details of the EVP_MD structure.

    +

    +

    +
    +

    CONFORMING TO

    +

    GB/T 32905-2016 and GM/T 0004-2012.

    +

    +

    +
    +

    SEE ALSO

    +

    evp(7), +EVP_DigestInit(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017 Ribose Inc. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_sm4_cbc.html b/linux_amd64/share/doc/openssl/html/man3/EVP_sm4_cbc.html new file mode 100755 index 0000000..315f431 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_sm4_cbc.html @@ -0,0 +1,101 @@ + + + + +EVP_sm4_cbc + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_sm4_cbc, +EVP_sm4_ecb, +EVP_sm4_cfb, +EVP_sm4_cfb128, +EVP_sm4_ofb, +EVP_sm4_ctr +- EVP SM4 cipher

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + const EVP_CIPHER *EVP_sm4_cbc(void);
+ const EVP_CIPHER *EVP_sm4_ecb(void);
+ const EVP_CIPHER *EVP_sm4_cfb(void);
+ const EVP_CIPHER *EVP_sm4_cfb128(void);
+ const EVP_CIPHER *EVP_sm4_ofb(void);
+ const EVP_CIPHER *EVP_sm4_ctr(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    The SM4 blockcipher (GB/T 32907-2016) for EVP.

    +

    All modes below use a key length of 128 bits and acts on blocks of 128 bits.

    +
    +
    EVP_sm4_cbc(), +EVP_sm4_ecb(), +EVP_sm4_cfb(), +EVP_sm4_cfb128(), +EVP_sm4_ofb(), +EVP_sm4_ctr()
    + +
    +

    The SM4 blockcipher with a 128-bit key in CBC, ECB, CFB, OFB and CTR modes +respectively.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    These functions return a EVP_CIPHER structure that contains the +implementation of the symmetric cipher. See EVP_CIPHER_meth_new(3) for +details of the EVP_CIPHER structure.

    +

    +

    +
    +

    SEE ALSO

    +

    evp(7), +EVP_EncryptInit(3), +EVP_CIPHER_meth_new(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017 Ribose Inc. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/EVP_whirlpool.html b/linux_amd64/share/doc/openssl/html/man3/EVP_whirlpool.html new file mode 100755 index 0000000..aa3a8f6 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/EVP_whirlpool.html @@ -0,0 +1,90 @@ + + + + +EVP_whirlpool + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_whirlpool +- WHIRLPOOL For EVP

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + const EVP_MD *EVP_whirlpool(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    WHIRLPOOL is a cryptographic hash function standardized in ISO/IEC 10118-3:2004 +designed by Vincent Rijmen and Paulo S. L. M. Barreto.

    +
    +
    EVP_whirlpool()
    + +
    +

    The WHIRLPOOL algorithm that produces a message digest of 512-bits from a given +input.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    These functions return a EVP_MD structure that contains the +implementation of the symmetric cipher. See EVP_MD_meth_new(3) for +details of the EVP_MD structure.

    +

    +

    +
    +

    CONFORMING TO

    +

    ISO/IEC 10118-3:2004.

    +

    +

    +
    +

    SEE ALSO

    +

    evp(7), +EVP_DigestInit(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/HMAC.html b/linux_amd64/share/doc/openssl/html/man3/HMAC.html new file mode 100755 index 0000000..3d16d7f --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/HMAC.html @@ -0,0 +1,183 @@ + + + + +HMAC + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    HMAC, +HMAC_CTX_new, +HMAC_CTX_reset, +HMAC_CTX_free, +HMAC_Init, +HMAC_Init_ex, +HMAC_Update, +HMAC_Final, +HMAC_CTX_copy, +HMAC_CTX_set_flags, +HMAC_CTX_get_md, +HMAC_size +- HMAC message authentication code

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/hmac.h>
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + unsigned char *HMAC(const EVP_MD *evp_md, const void *key,
+                     int key_len, const unsigned char *d, int n,
+                     unsigned char *md, unsigned int *md_len);
    +
    + HMAC_CTX *HMAC_CTX_new(void);
+ int HMAC_CTX_reset(HMAC_CTX *ctx);
    +
    + int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len,
+                  const EVP_MD *md, ENGINE *impl);
+ int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len);
+ int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
    +
    + void HMAC_CTX_free(HMAC_CTX *ctx);
    +
    + int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx);
+ void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags);
+ const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx);
    +
    + size_t HMAC_size(const HMAC_CTX *e);
    +

    Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + int HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len,
+               const EVP_MD *md);
    +

    +

    +
    +

    DESCRIPTION

    +

    All of the functions described on this page are deprecated. Applications should +instead use EVP_MAC_CTX_new(3), EVP_MAC_CTX_free(3), EVP_MAC_init(3), +EVP_MAC_update(3) and EVP_MAC_final(3).

    +

    HMAC is a MAC (message authentication code), i.e. a keyed hash +function used for message authentication, which is based on a hash +function.

    +

    HMAC() computes the message authentication code of the n bytes at +d using the hash function evp_md and the key key which is +key_len bytes long.

    +

    It places the result in md (which must have space for the output of +the hash function, which is no more than EVP_MAX_MD_SIZE bytes). +If md is NULL, the digest is placed in a static array. The size of +the output is placed in md_len, unless it is NULL. Note: passing a NULL +value for md to use the static array is not thread safe.

    +

    evp_md is a message digest such as EVP_sha1(), EVP_ripemd160() etc. HMAC does +not support variable output length digests such as EVP_shake128() and +EVP_shake256().

    +

    HMAC_CTX_new() creates a new HMAC_CTX in heap memory.

    +

    HMAC_CTX_reset() clears an existing HMAC_CTX and associated +resources, making it suitable for new computations as if it was newly +created with HMAC_CTX_new().

    +

    HMAC_CTX_free() erases the key and other data from the HMAC_CTX, +releases any associated resources and finally frees the HMAC_CTX +itself.

    +

    The following functions may be used if the message is not completely +stored in memory:

    +

    HMAC_Init_ex() initializes or reuses a HMAC_CTX structure to use the hash +function evp_md and key key. If both are NULL, or if key is NULL +and evp_md is the same as the previous call, then the +existing key is +reused. ctx must have been created with HMAC_CTX_new() before the first use +of an HMAC_CTX in this function.

    +

    If HMAC_Init_ex() is called with key NULL and evp_md is not the +same as the previous digest used by ctx then an error is returned +because reuse of an existing key with a different digest is not supported.

    +

    HMAC_Init() initializes a HMAC_CTX structure to use the hash +function evp_md and the key key which is key_len bytes +long.

    +

    HMAC_Update() can be called repeatedly with chunks of the message to +be authenticated (len bytes at data).

    +

    HMAC_Final() places the message authentication code in md, which +must have space for the hash function output.

    +

    HMAC_CTX_copy() copies all of the internal state from sctx into dctx.

    +

    HMAC_CTX_set_flags() applies the specified flags to the internal EVP_MD_CTXs. +These flags have the same meaning as for EVP_MD_CTX_set_flags(3).

    +

    HMAC_CTX_get_md() returns the EVP_MD that has previously been set for the +supplied HMAC_CTX.

    +

    HMAC_size() returns the length in bytes of the underlying hash function output.

    +

    +

    +
    +

    RETURN VALUES

    +

    HMAC() returns a pointer to the message authentication code or NULL if +an error occurred.

    +

    HMAC_CTX_new() returns a pointer to a new HMAC_CTX on success or +NULL if an error occurred.

    +

    HMAC_CTX_reset(), HMAC_Init_ex(), HMAC_Update(), HMAC_Final() and +HMAC_CTX_copy() return 1 for success or 0 if an error occurred.

    +

    HMAC_CTX_get_md() return the EVP_MD previously set for the supplied HMAC_CTX or +NULL if no EVP_MD has been set.

    +

    HMAC_size() returns the length in bytes of the underlying hash function output +or zero on error.

    +

    +

    +
    +

    CONFORMING TO

    +

    RFC 2104

    +

    +

    +
    +

    SEE ALSO

    +

    SHA1(3), evp(7)

    +

    +

    +
    +

    HISTORY

    +

    All of these functions were deprecated in OpenSSL 3.0.

    +

    HMAC_CTX_init() was replaced with HMAC_CTX_reset() in OpenSSL 1.1.0.

    +

    HMAC_CTX_cleanup() existed in OpenSSL before version 1.1.0.

    +

    HMAC_CTX_new(), HMAC_CTX_free() and HMAC_CTX_get_md() are new in OpenSSL 1.1.0.

    +

    HMAC_Init_ex(), HMAC_Update() and HMAC_Final() did not return values in +OpenSSL before version 1.0.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/MD5.html b/linux_amd64/share/doc/openssl/html/man3/MD5.html new file mode 100755 index 0000000..6dcf326 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/MD5.html @@ -0,0 +1,144 @@ + + + + +MD5 + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    MD2, MD4, MD5, MD2_Init, MD2_Update, MD2_Final, MD4_Init, MD4_Update, +MD4_Final, MD5_Init, MD5_Update, MD5_Final - MD2, MD4, and MD5 hash functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/md2.h>
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + unsigned char *MD2(const unsigned char *d, unsigned long n, unsigned char *md);
    +
    + int MD2_Init(MD2_CTX *c);
+ int MD2_Update(MD2_CTX *c, const unsigned char *data, unsigned long len);
+ int MD2_Final(unsigned char *md, MD2_CTX *c);
    +
    + #include <openssl/md4.h>
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + unsigned char *MD4(const unsigned char *d, unsigned long n, unsigned char *md);
    +
    + int MD4_Init(MD4_CTX *c);
+ int MD4_Update(MD4_CTX *c, const void *data, unsigned long len);
+ int MD4_Final(unsigned char *md, MD4_CTX *c);
    +
    + #include <openssl/md5.h>
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + unsigned char *MD5(const unsigned char *d, unsigned long n, unsigned char *md);
    +
    + int MD5_Init(MD5_CTX *c);
+ int MD5_Update(MD5_CTX *c, const void *data, unsigned long len);
+ int MD5_Final(unsigned char *md, MD5_CTX *c);
    +

    +

    +
    +

    DESCRIPTION

    +

    All of the functions described on this page are deprecated. +Applications should instead use EVP_DigestInit_ex(3), EVP_DigestUpdate(3) +and EVP_DigestFinal_ex(3).

    +

    MD2, MD4, and MD5 are cryptographic hash functions with a 128 bit output.

    +

    MD2(), MD4(), and MD5() compute the MD2, MD4, and MD5 message digest +of the n bytes at d and place it in md (which must have space +for MD2_DIGEST_LENGTH == MD4_DIGEST_LENGTH == MD5_DIGEST_LENGTH == 16 +bytes of output). If md is NULL, the digest is placed in a static +array.

    +

    The following functions may be used if the message is not completely +stored in memory:

    +

    MD2_Init() initializes a MD2_CTX structure.

    +

    MD2_Update() can be called repeatedly with chunks of the message to +be hashed (len bytes at data).

    +

    MD2_Final() places the message digest in md, which must have space +for MD2_DIGEST_LENGTH == 16 bytes of output, and erases the MD2_CTX.

    +

    MD4_Init(), MD4_Update(), MD4_Final(), MD5_Init(), MD5_Update(), and +MD5_Final() are analogous using an MD4_CTX and MD5_CTX structure.

    +

    Applications should use the higher level functions +EVP_DigestInit(3) +etc. instead of calling the hash functions directly.

    +

    +

    +
    +

    NOTE

    +

    MD2, MD4, and MD5 are recommended only for compatibility with existing +applications. In new applications, SHA-1 or RIPEMD-160 should be +preferred.

    +

    +

    +
    +

    RETURN VALUES

    +

    MD2(), MD4(), and MD5() return pointers to the hash value.

    +

    MD2_Init(), MD2_Update(), MD2_Final(), MD4_Init(), MD4_Update(), +MD4_Final(), MD5_Init(), MD5_Update(), and MD5_Final() return 1 for +success, 0 otherwise.

    +

    +

    +
    +

    CONFORMING TO

    +

    RFC 1319, RFC 1320, RFC 1321

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_DigestInit(3)

    +

    +

    +
    +

    HISTORY

    +

    All of these functions were deprecated in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/MDC2_Init.html b/linux_amd64/share/doc/openssl/html/man3/MDC2_Init.html new file mode 100755 index 0000000..31692e6 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/MDC2_Init.html @@ -0,0 +1,112 @@ + + + + +MDC2_Init + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    MDC2, MDC2_Init, MDC2_Update, MDC2_Final - MDC2 hash function

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/mdc2.h>
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + unsigned char *MDC2(const unsigned char *d, unsigned long n,
+                     unsigned char *md);
    +
    + int MDC2_Init(MDC2_CTX *c);
+ int MDC2_Update(MDC2_CTX *c, const unsigned char *data,
+                 unsigned long len);
+ int MDC2_Final(unsigned char *md, MDC2_CTX *c);
    +

    +

    +
    +

    DESCRIPTION

    +

    All of the functions described on this page are deprecated. +Applications should instead use EVP_DigestInit_ex(3), EVP_DigestUpdate(3) +and EVP_DigestFinal_ex(3).

    +

    MDC2 is a method to construct hash functions with 128 bit output from +block ciphers. These functions are an implementation of MDC2 with +DES.

    +

    MDC2() computes the MDC2 message digest of the n +bytes at d and places it in md (which must have space for +MDC2_DIGEST_LENGTH == 16 bytes of output). If md is NULL, the digest +is placed in a static array.

    +

    The following functions may be used if the message is not completely +stored in memory:

    +

    MDC2_Init() initializes a MDC2_CTX structure.

    +

    MDC2_Update() can be called repeatedly with chunks of the message to +be hashed (len bytes at data).

    +

    MDC2_Final() places the message digest in md, which must have space +for MDC2_DIGEST_LENGTH == 16 bytes of output, and erases the MDC2_CTX.

    +

    Applications should use the higher level functions +EVP_DigestInit(3) etc. instead of calling the +hash functions directly.

    +

    +

    +
    +

    RETURN VALUES

    +

    MDC2() returns a pointer to the hash value.

    +

    MDC2_Init(), MDC2_Update() and MDC2_Final() return 1 for success, 0 otherwise.

    +

    +

    +
    +

    CONFORMING TO

    +

    ISO/IEC 10118-2:2000 Hash-Function 2, with DES as the underlying block cipher.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_DigestInit(3)

    +

    +

    +
    +

    HISTORY

    +

    All of these functions were deprecated in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/OBJ_nid2obj.html b/linux_amd64/share/doc/openssl/html/man3/OBJ_nid2obj.html new file mode 100755 index 0000000..ab300c5 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/OBJ_nid2obj.html @@ -0,0 +1,211 @@ + + + + +OBJ_nid2obj + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    i2t_ASN1_OBJECT, +OBJ_length, OBJ_get0_data, OBJ_nid2obj, OBJ_nid2ln, +OBJ_nid2sn, OBJ_obj2nid, OBJ_txt2nid, OBJ_ln2nid, OBJ_sn2nid, OBJ_cmp, +OBJ_dup, OBJ_txt2obj, OBJ_obj2txt, OBJ_create, OBJ_cleanup +- ASN1 object utility functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/objects.h>
    +
    + ASN1_OBJECT *OBJ_nid2obj(int n);
+ const char *OBJ_nid2ln(int n);
+ const char *OBJ_nid2sn(int n);
    +
    + int OBJ_obj2nid(const ASN1_OBJECT *o);
+ int OBJ_ln2nid(const char *ln);
+ int OBJ_sn2nid(const char *sn);
    +
    + int OBJ_txt2nid(const char *s);
    +
    + ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name);
+ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name);
    +
    + int i2t_ASN1_OBJECT(char *buf, int buf_len, const ASN1_OBJECT *a);
    +
    + int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b);
+ ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o);
    +
    + int OBJ_create(const char *oid, const char *sn, const char *ln);
    +
    + size_t OBJ_length(const ASN1_OBJECT *obj);
+ const unsigned char *OBJ_get0_data(const ASN1_OBJECT *obj);
    +

    Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + void OBJ_cleanup(void)
    +

    +

    +
    +

    DESCRIPTION

    +

    The ASN1 object utility functions process ASN1_OBJECT structures which are +a representation of the ASN1 OBJECT IDENTIFIER (OID) type. +For convenience, OIDs are usually represented in source code as numeric +identifiers, or NIDs. OpenSSL has an internal table of OIDs that +are generated when the library is built, and their corresponding NIDs +are available as defined constants. For the functions below, application +code should treat all returned values -- OIDs, NIDs, or names -- as +constants.

    +

    OBJ_nid2obj(), OBJ_nid2ln() and OBJ_nid2sn() convert the NID n to +an ASN1_OBJECT structure, its long name and its short name respectively, +or NULL if an error occurred.

    +

    OBJ_obj2nid(), OBJ_ln2nid(), OBJ_sn2nid() return the corresponding NID +for the object o, the long name <ln> or the short name <sn> respectively +or NID_undef if an error occurred.

    +

    OBJ_txt2nid() returns NID corresponding to text string <s>. s can be +a long name, a short name or the numerical representation of an object.

    +

    OBJ_txt2obj() converts the text string s into an ASN1_OBJECT structure. +If no_name is 0 then long names and short names will be interpreted +as well as numerical forms. If no_name is 1 only the numerical form +is acceptable.

    +

    OBJ_obj2txt() converts the ASN1_OBJECT a into a textual representation. +The representation is written as a null terminated string to buf +at most buf_len bytes are written, truncating the result if necessary. +The total amount of space required is returned. If no_name is 0 then +if the object has a long or short name then that will be used, otherwise +the numerical form will be used. If no_name is 1 then the numerical +form will always be used.

    +

    i2t_ASN1_OBJECT() is the same as OBJ_obj2txt() with the no_name set to zero.

    +

    OBJ_cmp() compares a to b. If the two are identical 0 is returned.

    +

    OBJ_dup() returns a copy of o.

    +

    OBJ_create() adds a new object to the internal table. oid is the +numerical form of the object, sn the short name and ln the +long name. A new NID is returned for the created object in case of +success and NID_undef in case of failure.

    +

    OBJ_length() returns the size of the content octets of obj.

    +

    OBJ_get0_data() returns a pointer to the content octets of obj. +The returned pointer is an internal pointer which must not be freed.

    +

    OBJ_cleanup() releases any resources allocated by creating new objects.

    +

    +

    +
    +

    NOTES

    +

    Objects in OpenSSL can have a short name, a long name and a numerical +identifier (NID) associated with them. A standard set of objects is +represented in an internal table. The appropriate values are defined +in the header file objects.h.

    +

    For example the OID for commonName has the following definitions:

    +
    + #define SN_commonName                   "CN"
+ #define LN_commonName                   "commonName"
+ #define NID_commonName                  13
    +

    New objects can be added by calling OBJ_create().

    +

    Table objects have certain advantages over other objects: for example +their NIDs can be used in a C language switch statement. They are +also static constant structures which are shared: that is there +is only a single constant structure for each table object.

    +

    Objects which are not in the table have the NID value NID_undef.

    +

    Objects do not need to be in the internal tables to be processed, +the functions OBJ_txt2obj() and OBJ_obj2txt() can process the numerical +form of an OID.

    +

    Some objects are used to represent algorithms which do not have a +corresponding ASN.1 OBJECT IDENTIFIER encoding (for example no OID currently +exists for a particular algorithm). As a result they cannot be encoded or +decoded as part of ASN.1 structures. Applications can determine if there +is a corresponding OBJECT IDENTIFIER by checking OBJ_length() is not zero.

    +

    These functions cannot return const because an ASN1_OBJECT can +represent both an internal, constant, OID and a dynamically-created one. +The latter cannot be constant because it needs to be freed after use.

    +

    +

    +
    +

    RETURN VALUES

    +

    OBJ_nid2obj() returns an ASN1_OBJECT structure or NULL is an +error occurred.

    +

    OBJ_nid2ln() and OBJ_nid2sn() returns a valid string or NULL +on error.

    +

    OBJ_obj2nid(), OBJ_ln2nid(), OBJ_sn2nid() and OBJ_txt2nid() return +a NID or NID_undef on error.

    +

    +

    +
    +

    EXAMPLES

    +

    Create an object for commonName:

    +
    + ASN1_OBJECT *o = OBJ_nid2obj(NID_commonName);
    +

    Check if an object is commonName

    +
    + if (OBJ_obj2nid(obj) == NID_commonName)
+     /* Do something */
    +

    Create a new NID and initialize an object from it:

    +
    + int new_nid = OBJ_create("1.2.3.4", "NewOID", "New Object Identifier");
+ ASN1_OBJECT *obj = OBJ_nid2obj(new_nid);
    +

    Create a new object directly:

    +
    + obj = OBJ_txt2obj("1.2.3.4", 1);
    +

    +

    +
    +

    BUGS

    +

    OBJ_obj2txt() is awkward and messy to use: it doesn't follow the +convention of other OpenSSL functions where the buffer can be set +to NULL to determine the amount of data that should be written. +Instead buf must point to a valid buffer and buf_len should +be set to a positive value. A buffer length of 80 should be more +than enough to handle any OID encountered in practice.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3)

    +

    +

    +
    +

    HISTORY

    +

    OBJ_cleanup() was deprecated in OpenSSL 1.1.0 by OPENSSL_init_crypto(3) +and should not be used.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/OCSP_REQUEST_new.html b/linux_amd64/share/doc/openssl/html/man3/OCSP_REQUEST_new.html new file mode 100755 index 0000000..150b15d --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/OCSP_REQUEST_new.html @@ -0,0 +1,148 @@ + + + + +OCSP_REQUEST_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OCSP_REQUEST_new, OCSP_REQUEST_free, OCSP_request_add0_id, OCSP_request_sign, +OCSP_request_add1_cert, OCSP_request_onereq_count, +OCSP_request_onereq_get0 - OCSP request functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ocsp.h>
    +
    + OCSP_REQUEST *OCSP_REQUEST_new(void);
+ void OCSP_REQUEST_free(OCSP_REQUEST *req);
    +
    + OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid);
    +
    + int OCSP_request_sign(OCSP_REQUEST *req,
+                       X509 *signer, EVP_PKEY *key, const EVP_MD *dgst,
+                       STACK_OF(X509) *certs, unsigned long flags);
    +
    + int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert);
    +
    + int OCSP_request_onereq_count(OCSP_REQUEST *req);
+ OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i);
    +

    +

    +
    +

    DESCRIPTION

    +

    OCSP_REQUEST_new() allocates and returns an empty OCSP_REQUEST structure.

    +

    OCSP_REQUEST_free() frees up the request structure req.

    +

    OCSP_request_add0_id() adds certificate ID cid to req. It returns +the OCSP_ONEREQ structure added so an application can add additional +extensions to the request. The id parameter MUST NOT be freed up after +the operation.

    +

    OCSP_request_sign() signs OCSP request req using certificate +signer, private key key, digest dgst and additional certificates +certs. If the flags option OCSP_NOCERTS is set then no certificates +will be included in the request.

    +

    OCSP_request_add1_cert() adds certificate cert to request req. The +application is responsible for freeing up cert after use.

    +

    OCSP_request_onereq_count() returns the total number of OCSP_ONEREQ +structures in req.

    +

    OCSP_request_onereq_get0() returns an internal pointer to the OCSP_ONEREQ +contained in req of index i. The index value i runs from 0 to +OCSP_request_onereq_count(req) - 1.

    +

    +

    +
    +

    RETURN VALUES

    +

    OCSP_REQUEST_new() returns an empty OCSP_REQUEST structure or NULL if +an error occurred.

    +

    OCSP_request_add0_id() returns the OCSP_ONEREQ structure containing cid +or NULL if an error occurred.

    +

    OCSP_request_sign() and OCSP_request_add1_cert() return 1 for success and 0 +for failure.

    +

    OCSP_request_onereq_count() returns the total number of OCSP_ONEREQ +structures in req.

    +

    OCSP_request_onereq_get0() returns a pointer to an OCSP_ONEREQ structure +or NULL if the index value is out or range.

    +

    +

    +
    +

    NOTES

    +

    An OCSP request structure contains one or more OCSP_ONEREQ structures +corresponding to each certificate.

    +

    OCSP_request_onereq_count() and OCSP_request_onereq_get0() are mainly used by +OCSP responders.

    +

    +

    +
    +

    EXAMPLES

    +

    Create an OCSP_REQUEST structure for certificate cert with issuer +issuer:

    +
    + OCSP_REQUEST *req;
+ OCSP_ID *cid;
    +
    + req = OCSP_REQUEST_new();
+ if (req == NULL)
+    /* error */
+ cid = OCSP_cert_to_id(EVP_sha1(), cert, issuer);
+ if (cid == NULL)
+    /* error */
    +
    + if (OCSP_REQUEST_add0_id(req, cid) == NULL)
+    /* error */
    +
    + /* Do something with req, e.g. query responder */
    +
    + OCSP_REQUEST_free(req);
    +

    +

    +
    +

    SEE ALSO

    +

    crypto(7), +OCSP_cert_to_id(3), +OCSP_request_add1_nonce(3), +OCSP_resp_find_status(3), +OCSP_response_status(3), +OCSP_sendreq_new(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/OCSP_cert_to_id.html b/linux_amd64/share/doc/openssl/html/man3/OCSP_cert_to_id.html new file mode 100755 index 0000000..f409827 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/OCSP_cert_to_id.html @@ -0,0 +1,118 @@ + + + + +OCSP_cert_to_id + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OCSP_cert_to_id, OCSP_cert_id_new, OCSP_CERTID_free, OCSP_id_issuer_cmp, +OCSP_id_cmp, OCSP_id_get0_info - OCSP certificate ID utility functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ocsp.h>
    +
    + OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst,
+                              X509 *subject, X509 *issuer);
    +
    + OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
+                               X509_NAME *issuerName,
+                               ASN1_BIT_STRING *issuerKey,
+                               ASN1_INTEGER *serialNumber);
    +
    + void OCSP_CERTID_free(OCSP_CERTID *id);
    +
    + int OCSP_id_issuer_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b);
+ int OCSP_id_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b);
    +
    + int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd,
+                       ASN1_OCTET_STRING **pikeyHash,
+                       ASN1_INTEGER **pserial, OCSP_CERTID *cid);
    +

    +

    +
    +

    DESCRIPTION

    +

    OCSP_cert_to_id() creates and returns a new OCSP_CERTID structure using +message digest dgst for certificate subject with issuer issuer. If +dgst is NULL then SHA1 is used.

    +

    OCSP_cert_id_new() creates and returns a new OCSP_CERTID using dgst and +issuer name issuerName, issuer key hash issuerKey and serial number +serialNumber.

    +

    OCSP_CERTID_free() frees up id.

    +

    OCSP_id_cmp() compares OCSP_CERTID a and b.

    +

    OCSP_id_issuer_cmp() compares only the issuer name of OCSP_CERTID a and b.

    +

    OCSP_id_get0_info() returns the issuer name hash, hash OID, issuer key hash and +serial number contained in cid. If any of the values are not required the +corresponding parameter can be set to NULL.

    +

    +

    +
    +

    RETURN VALUES

    +

    OCSP_cert_to_id() and OCSP_cert_id_new() return either a pointer to a valid +OCSP_CERTID structure or NULL if an error occurred.

    +

    OCSP_id_cmp() and OCSP_id_issuer_cmp() returns zero for a match and nonzero +otherwise.

    +

    OCSP_CERTID_free() does not return a value.

    +

    OCSP_id_get0_info() returns 1 for success and 0 for failure.

    +

    +

    +
    +

    NOTES

    +

    OCSP clients will typically only use OCSP_cert_to_id() or OCSP_cert_id_new(): +the other functions are used by responder applications.

    +

    The values returned by OCSP_id_get0_info() are internal pointers and MUST +NOT be freed up by an application: they will be freed when the corresponding +OCSP_CERTID structure is freed.

    +

    +

    +
    +

    SEE ALSO

    +

    crypto(7), +OCSP_request_add1_nonce(3), +OCSP_REQUEST_new(3), +OCSP_resp_find_status(3), +OCSP_response_status(3), +OCSP_sendreq_new(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/OCSP_request_add1_nonce.html b/linux_amd64/share/doc/openssl/html/man3/OCSP_request_add1_nonce.html new file mode 100755 index 0000000..a284059 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/OCSP_request_add1_nonce.html @@ -0,0 +1,114 @@ + + + + +OCSP_request_add1_nonce + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OCSP_request_add1_nonce, OCSP_basic_add1_nonce, OCSP_check_nonce, OCSP_copy_nonce - OCSP nonce functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ocsp.h>
    +
    + int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len);
+ int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len);
+ int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req);
+ int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *resp);
    +

    +

    +
    +

    DESCRIPTION

    +

    OCSP_request_add1_nonce() adds a nonce of value val and length len to +OCSP request req. If val is NULL a random nonce is used. If len +is zero or negative a default length will be used (currently 16 bytes).

    +

    OCSP_basic_add1_nonce() is identical to OCSP_request_add1_nonce() except +it adds a nonce to OCSP basic response resp.

    +

    OCSP_check_nonce() compares the nonce value in req and resp.

    +

    OCSP_copy_nonce() copies any nonce value present in req to resp.

    +

    +

    +
    +

    RETURN VALUES

    +

    OCSP_request_add1_nonce() and OCSP_basic_add1_nonce() return 1 for success +and 0 for failure.

    +

    OCSP_copy_nonce() returns 1 if a nonce was successfully copied, 2 if no nonce +was present in req and 0 if an error occurred.

    +

    OCSP_check_nonce() returns the result of the nonce comparison between req +and resp. The return value indicates the result of the comparison. If +nonces are present and equal 1 is returned. If the nonces are absent 2 is +returned. If a nonce is present in the response only 3 is returned. If nonces +are present and unequal 0 is returned. If the nonce is present in the request +only then -1 is returned.

    +

    +

    +
    +

    NOTES

    +

    For most purposes the nonce value in a request is set to a random value so +the val parameter in OCSP_request_add1_nonce() is usually NULL.

    +

    An OCSP nonce is typically added to an OCSP request to thwart replay attacks +by checking the same nonce value appears in the response.

    +

    Some responders may include a nonce in all responses even if one is not +supplied.

    +

    Some responders cache OCSP responses and do not sign each response for +performance reasons. As a result they do not support nonces.

    +

    The return values of OCSP_check_nonce() can be checked to cover each case. A +positive return value effectively indicates success: nonces are both present +and match, both absent or present in the response only. A nonzero return +additionally covers the case where the nonce is present in the request only: +this will happen if the responder doesn't support nonces. A zero return value +indicates present and mismatched nonces: this should be treated as an error +condition.

    +

    +

    +
    +

    SEE ALSO

    +

    crypto(7), +OCSP_cert_to_id(3), +OCSP_REQUEST_new(3), +OCSP_resp_find_status(3), +OCSP_response_status(3), +OCSP_sendreq_new(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/OCSP_resp_find_status.html b/linux_amd64/share/doc/openssl/html/man3/OCSP_resp_find_status.html new file mode 100755 index 0000000..d3fcf2d --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/OCSP_resp_find_status.html @@ -0,0 +1,217 @@ + + + + +OCSP_resp_find_status + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OCSP_resp_get0_certs, +OCSP_resp_get0_signer, +OCSP_resp_get0_id, +OCSP_resp_get1_id, +OCSP_resp_get0_produced_at, +OCSP_resp_get0_signature, +OCSP_resp_get0_tbs_sigalg, +OCSP_resp_get0_respdata, +OCSP_resp_find_status, OCSP_resp_count, OCSP_resp_get0, OCSP_resp_find, +OCSP_single_get0_status, OCSP_check_validity, +OCSP_basic_verify +- OCSP response utility functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ocsp.h>
    +
    + int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status,
+                           int *reason,
+                           ASN1_GENERALIZEDTIME **revtime,
+                           ASN1_GENERALIZEDTIME **thisupd,
+                           ASN1_GENERALIZEDTIME **nextupd);
    +
    + int OCSP_resp_count(OCSP_BASICRESP *bs);
+ OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx);
+ int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last);
+ int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason,
+                             ASN1_GENERALIZEDTIME **revtime,
+                             ASN1_GENERALIZEDTIME **thisupd,
+                             ASN1_GENERALIZEDTIME **nextupd);
    +
    + const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at(
+                             const OCSP_BASICRESP* single);
    +
    + const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs);
+ const X509_ALGOR *OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *bs);
+ const OCSP_RESPDATA *OCSP_resp_get0_respdata(const OCSP_BASICRESP *bs);
+ const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs);
    +
    + int OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer,
+                           STACK_OF(X509) *extra_certs);
    +
    + int OCSP_resp_get0_id(const OCSP_BASICRESP *bs,
+                       const ASN1_OCTET_STRING **pid,
+                       const X509_NAME **pname);
+ int OCSP_resp_get1_id(const OCSP_BASICRESP *bs,
+                       ASN1_OCTET_STRING **pid,
+                       X509_NAME **pname);
    +
    + int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd,
+                         ASN1_GENERALIZEDTIME *nextupd,
+                         long sec, long maxsec);
    +
    + int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
+                      X509_STORE *st, unsigned long flags);
    +

    +

    +
    +

    DESCRIPTION

    +

    OCSP_resp_find_status() searches bs for an OCSP response for id. If it is +successful the fields of the response are returned in *status, *reason, +*revtime, *thisupd and *nextupd. The *status value will be one of +V_OCSP_CERTSTATUS_GOOD, V_OCSP_CERTSTATUS_REVOKED or +V_OCSP_CERTSTATUS_UNKNOWN. The *reason and *revtime fields are only +set if the status is V_OCSP_CERTSTATUS_REVOKED. If set the *reason field +will be set to the revocation reason which will be one of +OCSP_REVOKED_STATUS_NOSTATUS, OCSP_REVOKED_STATUS_UNSPECIFIED, +OCSP_REVOKED_STATUS_KEYCOMPROMISE, OCSP_REVOKED_STATUS_CACOMPROMISE, +OCSP_REVOKED_STATUS_AFFILIATIONCHANGED, OCSP_REVOKED_STATUS_SUPERSEDED, +OCSP_REVOKED_STATUS_CESSATIONOFOPERATION, +OCSP_REVOKED_STATUS_CERTIFICATEHOLD or OCSP_REVOKED_STATUS_REMOVEFROMCRL.

    +

    OCSP_resp_count() returns the number of OCSP_SINGLERESP structures in bs.

    +

    OCSP_resp_get0() returns the OCSP_SINGLERESP structure in bs +corresponding to index idx. Where idx runs from 0 to +OCSP_resp_count(bs) - 1.

    +

    OCSP_resp_find() searches bs for id and returns the index of the first +matching entry after last or starting from the beginning if last is -1.

    +

    OCSP_single_get0_status() extracts the fields of single in *reason, +*revtime, *thisupd and *nextupd.

    +

    OCSP_resp_get0_produced_at() extracts the producedAt field from the +single response bs.

    +

    OCSP_resp_get0_signature() returns the signature from bs.

    +

    OCSP_resp_get0_tbs_sigalg() returns the signatureAlgorithm from bs.

    +

    OCSP_resp_get0_respdata() returns the tbsResponseData from bs.

    +

    OCSP_resp_get0_certs() returns any certificates included in bs.

    +

    OCSP_resp_get0_signer() attempts to retrieve the certificate that directly +signed bs. The OCSP protocol does not require that this certificate +is included in the certs field of the response, so additional certificates +can be supplied in extra_certs if the certificates that may have +signed the response are known via some out-of-band mechanism.

    +

    OCSP_resp_get0_id() gets the responder id of bs. If the responder ID is +a name then <*pname> is set to the name and *pid is set to NULL. If the +responder ID is by key ID then *pid is set to the key ID and *pname +is set to NULL. OCSP_resp_get1_id() leaves ownership of *pid and *pname +with the caller, who is responsible for freeing them. Both functions return 1 +in case of success and 0 in case of failure. If OCSP_resp_get1_id() returns 0, +no freeing of the results is necessary.

    +

    OCSP_check_validity() checks the validity of thisupd and nextupd values +which will be typically obtained from OCSP_resp_find_status() or +OCSP_single_get0_status(). If sec is nonzero it indicates how many seconds +leeway should be allowed in the check. If maxsec is positive it indicates +the maximum age of thisupd in seconds.

    +

    OCSP_basic_verify() checks that the basic response message bs is correctly +signed and that the signer certificate can be validated. It takes st as +the trusted store and certs as a set of untrusted intermediate certificates. +The function first tries to find the signer certificate of the response +in <certs>. It also searches the certificates the responder may have included +in bs unless the flags contain OCSP_NOINTERN. +It fails if the signer certificate cannot be found. +Next, the function checks the signature of bs and fails on error +unless the flags contain OCSP_NOSIGS. Then the function already returns +success if the flags contain OCSP_NOVERIFY or if the signer certificate +was found in certs and the flags contain OCSP_TRUSTOTHER. +Otherwise the function continues by validating the signer certificate. +To this end, all certificates in cert and in bs are considered as +untrusted certificates for the construction of the validation path for the +signer certificate unless the OCSP_NOCHAIN flag is set. After successful path +validation the function returns success if the OCSP_NOCHECKS flag is set. +Otherwise it verifies that the signer certificate meets the OCSP issuer +criteria including potential delegation. If this does not succeed and the +flags do not contain OCSP_NOEXPLICIT the function checks for explicit +trust for OCSP signing in the root CA certificate.

    +

    +

    +
    +

    RETURN VALUES

    +

    OCSP_resp_find_status() returns 1 if id is found in bs and 0 otherwise.

    +

    OCSP_resp_count() returns the total number of OCSP_SINGLERESP fields in +bs.

    +

    OCSP_resp_get0() returns a pointer to an OCSP_SINGLERESP structure or +NULL if idx is out of range.

    +

    OCSP_resp_find() returns the index of id in bs (which may be 0) or -1 if +id was not found.

    +

    OCSP_single_get0_status() returns the status of single or -1 if an error +occurred.

    +

    OCSP_resp_get0_signer() returns 1 if the signing certificate was located, +or 0 on error.

    +

    OCSP_basic_verify() returns 1 on success, 0 on error, or -1 on fatal error such +as malloc failure.

    +

    +

    +
    +

    NOTES

    +

    Applications will typically call OCSP_resp_find_status() using the certificate +ID of interest and then check its validity using OCSP_check_validity(). They +can then take appropriate action based on the status of the certificate.

    +

    An OCSP response for a certificate contains thisUpdate and nextUpdate +fields. Normally the current time should be between these two values. To +account for clock skew the maxsec field can be set to nonzero in +OCSP_check_validity(). Some responders do not set the nextUpdate field, this +would otherwise mean an ancient response would be considered valid: the +maxsec parameter to OCSP_check_validity() can be used to limit the permitted +age of responses.

    +

    The values written to *revtime, *thisupd and *nextupd by +OCSP_resp_find_status() and OCSP_single_get0_status() are internal pointers +which MUST NOT be freed up by the calling application. Any or all of these +parameters can be set to NULL if their value is not required.

    +

    +

    +
    +

    SEE ALSO

    +

    crypto(7), +OCSP_cert_to_id(3), +OCSP_request_add1_nonce(3), +OCSP_REQUEST_new(3), +OCSP_response_status(3), +OCSP_sendreq_new(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/OCSP_response_status.html b/linux_amd64/share/doc/openssl/html/man3/OCSP_response_status.html new file mode 100755 index 0000000..333abcf --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/OCSP_response_status.html @@ -0,0 +1,144 @@ + + + + +OCSP_response_status + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OCSP_response_status, OCSP_response_get1_basic, OCSP_response_create, +OCSP_RESPONSE_free, OCSP_RESPID_set_by_name, +OCSP_RESPID_set_by_key, OCSP_RESPID_match, +OCSP_basic_sign, OCSP_basic_sign_ctx - OCSP response functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ocsp.h>
    +
    + int OCSP_response_status(OCSP_RESPONSE *resp);
+ OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp);
+ OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs);
+ void OCSP_RESPONSE_free(OCSP_RESPONSE *resp);
    +
    + int OCSP_RESPID_set_by_name(OCSP_RESPID *respid, X509 *cert);
+ int OCSP_RESPID_set_by_key(OCSP_RESPID *respid, X509 *cert);
+ int OCSP_RESPID_match(OCSP_RESPID *respid, X509 *cert);
    +
    + int OCSP_basic_sign(OCSP_BASICRESP *brsp, X509 *signer, EVP_PKEY *key,
+                     const EVP_MD *dgst, STACK_OF(X509) *certs,
+                     unsigned long flags);
+ int OCSP_basic_sign_ctx(OCSP_BASICRESP *brsp, X509 *signer, EVP_MD_CTX *ctx,
+                         STACK_OF(X509) *certs, unsigned long flags);
    +

    +

    +
    +

    DESCRIPTION

    +

    OCSP_response_status() returns the OCSP response status of resp. It returns +one of the values: OCSP_RESPONSE_STATUS_SUCCESSFUL, +OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, +OCSP_RESPONSE_STATUS_INTERNALERROR, OCSP_RESPONSE_STATUS_TRYLATER +OCSP_RESPONSE_STATUS_SIGREQUIRED, or OCSP_RESPONSE_STATUS_UNAUTHORIZED.

    +

    OCSP_response_get1_basic() decodes and returns the OCSP_BASICRESP structure +contained in resp.

    +

    OCSP_response_create() creates and returns an OCSP_RESPONSE structure for +status and optionally including basic response bs.

    +

    OCSP_RESPONSE_free() frees up OCSP response resp.

    +

    OCSP_RESPID_set_by_name() sets the name of the OCSP_RESPID to be the same as the +subject name in the supplied X509 certificate cert for the OCSP responder.

    +

    OCSP_RESPID_set_by_key() sets the key of the OCSP_RESPID to be the same as the +key in the supplied X509 certificate cert for the OCSP responder. The key is +stored as a SHA1 hash.

    +

    Note that an OCSP_RESPID can only have one of the name, or the key set. Calling +OCSP_RESPID_set_by_name() or OCSP_RESPID_set_by_key() will clear any existing +setting.

    +

    OCSP_RESPID_match() tests whether the OCSP_RESPID given in respid matches +with the X509 certificate cert.

    +

    OCSP_basic_sign() signs OCSP response brsp using certificate signer, private key +key, digest dgst and additional certificates certs. If the flags option +OCSP_NOCERTS is set then no certificates will be included in the response. If the +flags option OCSP_RESPID_KEY is set then the responder is identified by key ID +rather than by name. OCSP_basic_sign_ctx() also signs OCSP response brsp but +uses the parameters contained in digest context ctx.

    +

    +

    +
    +

    RETURN VALUES

    +

    OCSP_RESPONSE_status() returns a status value.

    +

    OCSP_response_get1_basic() returns an OCSP_BASICRESP structure pointer or +NULL if an error occurred.

    +

    OCSP_response_create() returns an OCSP_RESPONSE structure pointer or NULL +if an error occurred.

    +

    OCSP_RESPONSE_free() does not return a value.

    +

    OCSP_RESPID_set_by_name(), OCSP_RESPID_set_by_key(), OCSP_basic_sign(), and +OCSP_basic_sign_ctx() return 1 on success or 0 +on failure.

    +

    OCSP_RESPID_match() returns 1 if the OCSP_RESPID and the X509 certificate match +or 0 otherwise.

    +

    +

    +
    +

    NOTES

    +

    OCSP_response_get1_basic() is only called if the status of a response is +OCSP_RESPONSE_STATUS_SUCCESSFUL.

    +

    +

    +
    +

    SEE ALSO

    +

    crypto(7) +OCSP_cert_to_id(3) +OCSP_request_add1_nonce(3) +OCSP_REQUEST_new(3) +OCSP_resp_find_status(3) +OCSP_sendreq_new(3) +OCSP_RESPID_new(3) +OCSP_RESPID_free(3)

    +

    +

    +
    +

    HISTORY

    +

    The OCSP_RESPID_set_by_name(), OCSP_RESPID_set_by_key() and OCSP_RESPID_match() +functions were added in OpenSSL 1.1.0a.

    +

    The OCSP_basic_sign_ctx() function was added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/OCSP_sendreq_new.html b/linux_amd64/share/doc/openssl/html/man3/OCSP_sendreq_new.html new file mode 100755 index 0000000..f7b1259 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/OCSP_sendreq_new.html @@ -0,0 +1,141 @@ + + + + +OCSP_sendreq_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OCSP_sendreq_new, OCSP_sendreq_nbio, OCSP_REQ_CTX_free, +OCSP_set_max_response_length, OCSP_REQ_CTX_add1_header, +OCSP_REQ_CTX_set1_req, OCSP_sendreq_bio - OCSP responder query functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ocsp.h>
    +
    + OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path,
+                                OCSP_REQUEST *req, int maxline);
    +
    + int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx);
    +
    + void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx);
    +
    + void OCSP_set_max_response_length(OCSP_REQ_CTX *rctx,
+                                   unsigned long len);
    +
    + int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx,
+                              const char *name, const char *value);
    +
    + int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, const OCSP_REQUEST *req);
    +
    + OCSP_RESPONSE *OCSP_sendreq_bio(BIO *io, const char *path, OCSP_REQUEST *req);
    +

    +

    +
    +

    DESCRIPTION

    +

    The function OCSP_sendreq_new() returns an OCSP_CTX structure using the +responder io, the URL path path, the OCSP request req and with a +response header maximum line length of maxline. If maxline is zero a +default value of 4k is used. The OCSP request req may be set to NULL +and provided later if required.

    +

    OCSP_sendreq_nbio() performs I/O on the OCSP request context rctx. +When the operation is complete it returns the response in *presp.

    +

    OCSP_REQ_CTX_free() frees up the OCSP context rctx.

    +

    OCSP_set_max_response_length() sets the maximum response length +for rctx to len. If the response exceeds this length an error occurs. +If not set a default value of 100k is used.

    +

    OCSP_REQ_CTX_add1_header() adds header name with value value to the +context rctx. It can be called more than once to add multiple headers. +It MUST be called before any calls to OCSP_sendreq_nbio(). The req +parameter in the initial to OCSP_sendreq_new() call MUST be set to NULL if +additional headers are set.

    +

    OCSP_REQ_CTX_set1_req() sets the OCSP request in rctx to req. This +function should be called after any calls to OCSP_REQ_CTX_add1_header().

    +

    OCSP_sendreq_bio() performs an OCSP request using the responder io, the URL +path path, the OCSP request req and with a response header maximum line +length 4k. It waits indefinitely on a response.

    +

    +

    +
    +

    RETURN VALUES

    +

    OCSP_sendreq_new() returns a valid OCSP_REQ_CTX structure or NULL +if an error occurred.

    +

    OCSP_sendreq_nbio(), OCSP_REQ_CTX_add1_header() and OCSP_REQ_CTX_set1_req() +return 1 for success and 0 for failure.

    +

    OCSP_sendreq_bio() returns the OCSP_RESPONSE structure sent by the +responder or NULL if an error occurred.

    +

    OCSP_REQ_CTX_free() and OCSP_set_max_response_length() +do not return values.

    +

    +

    +
    +

    NOTES

    +

    These functions only perform a minimal HTTP query to a responder. If an +application wishes to support more advanced features it should use an +alternative more complete HTTP library.

    +

    Currently only HTTP POST queries to responders are supported.

    +

    The arguments to OCSP_sendreq_new() correspond to the components of the URL. +For example if the responder URL is http://ocsp.com/ocspreq the BIO +io should be connected to host ocsp.com on port 80 and path +should be set to "/ocspreq"

    +

    The headers added with OCSP_REQ_CTX_add1_header() are of the form +"name: value" or just "name" if value is NULL. So to add +a Host header for ocsp.com you would call:

    +
    + OCSP_REQ_CTX_add1_header(ctx, "Host", "ocsp.com");
    +

    OCSP_sendreq_bio() does not support timeout nor setting extra headers. +It is retained for compatibility. +Better use OCSP_sendreq_nbio() instead.

    +

    +

    +
    +

    SEE ALSO

    +

    crypto(7), +OCSP_cert_to_id(3), +OCSP_request_add1_nonce(3), +OCSP_REQUEST_new(3), +OCSP_resp_find_status(3), +OCSP_response_status(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/OPENSSL_Applink.html b/linux_amd64/share/doc/openssl/html/man3/OPENSSL_Applink.html new file mode 100755 index 0000000..79ed517 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/OPENSSL_Applink.html @@ -0,0 +1,70 @@ + + + + +OPENSSL_Applink + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    OPENSSL_Applink - glue between OpenSSL BIO and Win32 compiler run-time

    +

    +

    +
    +

    SYNOPSIS

    +
    + __declspec(dllexport) void **OPENSSL_Applink();
    +

    +

    +
    +

    DESCRIPTION

    +

    OPENSSL_Applink is application-side interface which provides a glue +between OpenSSL BIO layer and Win32 compiler run-time environment. +Even though it appears at application side, it's essentially OpenSSL +private interface. For this reason application developers are not +expected to implement it, but to compile provided module with +compiler of their choice and link it into the target application. +The referred module is available as applink.c, located alongside +the public header files (only on the platforms where applicable).

    +

    +

    +
    +

    RETURN VALUES

    +

    Not available.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/OPENSSL_CTX.html b/linux_amd64/share/doc/openssl/html/man3/OPENSSL_CTX.html new file mode 100755 index 0000000..3d136aa --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/OPENSSL_CTX.html @@ -0,0 +1,86 @@ + + + + +OPENSSL_CTX + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OPENSSL_CTX, OPENSSL_CTX_new, OPENSSL_CTX_free - OpenSSL library context

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/crypto.h>
    +
    + typedef struct openssl_ctx_st OPENSSL_CTX;
    +
    + OPENSSL_CTX *OPENSSL_CTX_new(void);
+ void OPENSSL_CTX_free(OPENSSL_CTX *ctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    OPENSSL_CTX is an internal OpenSSL library context type. +Applications may allocate their own, but may also use NULL to use +the internal default context with functions that take a OPENSSL_CTX +argument.

    +

    OPENSSL_CTX_new() creates a new OpenSSL library context. +When a non default library context is in use care should be taken with +multi-threaded applications to properly clean up thread local resources before +the OPENSSL_CTX is freed. +See OPENSSL_thread_stop_ex(3) for more information.

    +

    OPENSSL_CTX_free() frees the given ctx.

    +

    +

    +
    +

    RETURN VALUES

    +

    OPENSSL_CTX_new() return a library context pointer on success, or +NULL on error.

    +

    OPENSSL_CTX_free() doesn't return any value.

    +

    +

    +
    +

    HISTORY

    +

    OPENSSL_CTX, OPENSSL_CTX_new() and OPENSSL_CTX_free() +were added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/OPENSSL_FILE.html b/linux_amd64/share/doc/openssl/html/man3/OPENSSL_FILE.html new file mode 100755 index 0000000..71d1c7c --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/OPENSSL_FILE.html @@ -0,0 +1,93 @@ + + + + +OPENSSL_FILE + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OPENSSL_FILE, OPENSSL_LINE, OPENSSL_FUNC, +OPENSSL_MSTR, OPENSSL_MSTR_HELPER +- generic C programming utility macros

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/macros.h>
    +
    + #define OPENSSL_FILE /* typically: __FILE__ */
+ #define OPENSSL_LINE /* typically: __LINE__ */
+ #define OPENSSL_FUNC /* typically: __func__ */
    +
    + #define OPENSSL_MSTR_HELPER(x) #x
+ #define OPENSSL_MSTR(x) OPENSSL_MSTR_HELPER(x)
    +

    +

    +
    +

    DESCRIPTION

    +

    The macros OPENSSL_FILE and OPENSSL_LINE +typically yield the current filename and line number during C compilation. +When OPENSSL_NO_FILENAMES is defined they yield "" and 0, respectively.

    +

    The macro OPENSSL_FUNC attempts to yield the name of the C function +currently being compiled, as far as language and compiler versions allow. +Otherwise, it yields "(unknown function)".

    +

    The macro OPENSSL_MSTR yields the expansion of the macro given as argument, +which is useful for concatenation with string constants. +The macro OPENSSL_MSTR_HELPER is an auxiliary macro for this purpose.

    +

    +

    +
    +

    RETURN VALUES

    +

    see above

    +

    +

    +
    +

    SEE ALSO

    +

    crypto(7)

    +

    +

    +
    +

    HISTORY

    +

    OPENSSL_FUNC, OPENSSL_MSTR, and OPENSSL_MSTR_HELPER +were added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/OPENSSL_LH_COMPFUNC.html b/linux_amd64/share/doc/openssl/html/man3/OPENSSL_LH_COMPFUNC.html new file mode 100755 index 0000000..2463491 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/OPENSSL_LH_COMPFUNC.html @@ -0,0 +1,265 @@ + + + + +OPENSSL_LH_COMPFUNC + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    LHASH, DECLARE_LHASH_OF, +OPENSSL_LH_COMPFUNC, OPENSSL_LH_HASHFUNC, OPENSSL_LH_DOALL_FUNC, +LHASH_DOALL_ARG_FN_TYPE, +IMPLEMENT_LHASH_HASH_FN, IMPLEMENT_LHASH_COMP_FN, +lh_TYPE_new, lh_TYPE_free, lh_TYPE_flush, +lh_TYPE_insert, lh_TYPE_delete, lh_TYPE_retrieve, +lh_TYPE_doall, lh_TYPE_doall_arg, lh_TYPE_error - dynamic hash table

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/lhash.h>
    +
    + DECLARE_LHASH_OF(TYPE);
    +
    + LHASH *lh_TYPE_new(OPENSSL_LH_HASHFUNC hash, OPENSSL_LH_COMPFUNC compare);
+ void lh_TYPE_free(LHASH_OF(TYPE) *table);
+ void lh_TYPE_flush(LHASH_OF(TYPE) *table);
    +
    + TYPE *lh_TYPE_insert(LHASH_OF(TYPE) *table, TYPE *data);
+ TYPE *lh_TYPE_delete(LHASH_OF(TYPE) *table, TYPE *data);
+ TYPE *lh_retrieve(LHASH_OF(TYPE) *table, TYPE *data);
    +
    + void lh_TYPE_doall(LHASH_OF(TYPE) *table, OPENSSL_LH_DOALL_FUNC func);
+ void lh_TYPE_doall_arg(LHASH_OF(TYPE) *table, OPENSSL_LH_DOALL_FUNCARG func,
+                        TYPE *arg);
    +
    + int lh_TYPE_error(LHASH_OF(TYPE) *table);
    +
    + typedef int (*OPENSSL_LH_COMPFUNC)(const void *, const void *);
+ typedef unsigned long (*OPENSSL_LH_HASHFUNC)(const void *);
+ typedef void (*OPENSSL_LH_DOALL_FUNC)(const void *);
+ typedef void (*LHASH_DOALL_ARG_FN_TYPE)(const void *, const void *);
    +

    +

    +
    +

    DESCRIPTION

    +

    This library implements type-checked dynamic hash tables. The hash +table entries can be arbitrary structures. Usually they consist of key +and value fields. In the description here, TYPE is used a placeholder +for any of the OpenSSL datatypes, such as SSL_SESSION.

    +

    lh_TYPE_new() creates a new LHASH_OF(TYPE) structure to store +arbitrary data entries, and specifies the 'hash' and 'compare' +callbacks to be used in organising the table's entries. The hash +callback takes a pointer to a table entry as its argument and returns +an unsigned long hash value for its key field. The hash value is +normally truncated to a power of 2, so make sure that your hash +function returns well mixed low order bits. The compare callback +takes two arguments (pointers to two hash table entries), and returns +0 if their keys are equal, nonzero otherwise.

    +

    If your hash table +will contain items of some particular type and the hash and +compare callbacks hash/compare these types, then the +IMPLEMENT_LHASH_HASH_FN and IMPLEMENT_LHASH_COMP_FN macros can be +used to create callback wrappers of the prototypes required by +lh_TYPE_new() as shown in this example:

    +
    + /*
+  * Implement the hash and compare functions; "stuff" can be any word.
+  */
+ static unsigned long stuff_hash(const TYPE *a)
+ {
+     ...
+ }
+ static int stuff_cmp(const TYPE *a, const TYPE *b)
+ {
+     ...
+ }
    +
    + /*
+  * Implement the wrapper functions.
+  */
+ static IMPLEMENT_LHASH_HASH_FN(stuff, TYPE)
+ static IMPLEMENT_LHASH_COMP_FN(stuff, TYPE)
    +

    If the type is going to be used in several places, the following macros +can be used in a common header file to declare the function wrappers:

    +
    + DECLARE_LHASH_HASH_FN(stuff, TYPE)
+ DECLARE_LHASH_COMP_FN(stuff, TYPE)
    +

    Then a hash table of TYPE objects can be created using this:

    +
    + LHASH_OF(TYPE) *htable;
    +
    + htable = B<lh_I<TYPE>_new>(LHASH_HASH_FN(stuff), LHASH_COMP_FN(stuff));
    +

    lh_TYPE_free() frees the LHASH_OF(TYPE) structure +table. Allocated hash table entries will not be freed; consider +using lh_TYPE_doall() to deallocate any remaining entries in the +hash table (see below).

    +

    lh_TYPE_flush() empties the LHASH_OF(TYPE) structure table. New +entries can be added to the flushed table. Allocated hash table entries +will not be freed; consider using lh_TYPE_doall() to deallocate any +remaining entries in the hash table (see below).

    +

    lh_TYPE_insert() inserts the structure pointed to by data into +table. If there already is an entry with the same key, the old +value is replaced. Note that lh_TYPE_insert() stores pointers, the +data are not copied.

    +

    lh_TYPE_delete() deletes an entry from table.

    +

    lh_TYPE_retrieve() looks up an entry in table. Normally, data +is a structure with the key field(s) set; the function will return a +pointer to a fully populated structure.

    +

    lh_TYPE_doall() will, for every entry in the hash table, call +func with the data item as its parameter. +For example:

    +
    + /* Cleans up resources belonging to 'a' (this is implemented elsewhere) */
+ void TYPE_cleanup_doall(TYPE *a);
    +
    + /* Implement a prototype-compatible wrapper for "TYPE_cleanup" */
+ IMPLEMENT_LHASH_DOALL_FN(TYPE_cleanup, TYPE)
    +
    + /* Call "TYPE_cleanup" against all items in a hash table. */
+ lh_TYPE_doall(hashtable, LHASH_DOALL_FN(TYPE_cleanup));
    +
    + /* Then the hash table itself can be deallocated */
+ lh_TYPE_free(hashtable);
    +

    When doing this, be careful if you delete entries from the hash table +in your callbacks: the table may decrease in size, moving the item +that you are currently on down lower in the hash table - this could +cause some entries to be skipped during the iteration. The second +best solution to this problem is to set hash->down_load=0 before +you start (which will stop the hash table ever decreasing in size). +The best solution is probably to avoid deleting items from the hash +table inside a "doall" callback!

    +

    lh_TYPE_doall_arg() is the same as lh_TYPE_doall() except that +func will be called with arg as the second argument and func +should be of type LHASH_DOALL_ARG_FN(TYPE) (a callback prototype +that is passed both the table entry and an extra argument). As with +lh_doall(), you can instead choose to declare your callback with a +prototype matching the types you are dealing with and use the +declare/implement macros to create compatible wrappers that cast +variables before calling your type-specific callbacks. An example of +this is demonstrated here (printing all hash table entries to a BIO +that is provided by the caller):

    +
    + /* Prints item 'a' to 'output_bio' (this is implemented elsewhere) */
+ void TYPE_print_doall_arg(const TYPE *a, BIO *output_bio);
    +
    + /* Implement a prototype-compatible wrapper for "TYPE_print" */
+ static IMPLEMENT_LHASH_DOALL_ARG_FN(TYPE, const TYPE, BIO)
    +
    + /* Print out the entire hashtable to a particular BIO */
+ lh_TYPE_doall_arg(hashtable, LHASH_DOALL_ARG_FN(TYPE_print), BIO,
+                   logging_bio);
    +

    lh_TYPE_error() can be used to determine if an error occurred in the last +operation.

    +

    +

    +
    +

    RETURN VALUES

    +

    lh_TYPE_new() returns NULL on error, otherwise a pointer to the new +LHASH structure.

    +

    When a hash table entry is replaced, lh_TYPE_insert() returns the value +being replaced. NULL is returned on normal operation and on error.

    +

    lh_TYPE_delete() returns the entry being deleted. NULL is returned if +there is no such value in the hash table.

    +

    lh_TYPE_retrieve() returns the hash table entry if it has been found, +NULL otherwise.

    +

    lh_TYPE_error() returns 1 if an error occurred in the last operation, 0 +otherwise. It's meaningful only after non-retrieve operations.

    +

    lh_TYPE_free(), lh_TYPE_flush(), lh_TYPE_doall() and +lh_TYPE_doall_arg() return no values.

    +

    +

    +
    +

    NOTE

    +

    The LHASH code is not thread safe. All updating operations, as well as +lh_TYPE_error() call must be performed under a write lock. All retrieve +operations should be performed under a read lock, unless accurate +usage statistics are desired. In which case, a write lock should be used +for retrieve operations as well. For output of the usage statistics, +using the functions from OPENSSL_LH_stats(3), a read lock suffices.

    +

    The LHASH code regards table entries as constant data. As such, it +internally represents lh_insert()'d items with a "const void *" +pointer type. This is why callbacks such as those used by lh_doall() +and lh_doall_arg() declare their prototypes with "const", even for the +parameters that pass back the table items' data pointers - for +consistency, user-provided data is "const" at all times as far as the +LHASH code is concerned. However, as callers are themselves providing +these pointers, they can choose whether they too should be treating +all such parameters as constant.

    +

    As an example, a hash table may be maintained by code that, for +reasons of encapsulation, has only "const" access to the data being +indexed in the hash table (ie. it is returned as "const" from +elsewhere in their code) - in this case the LHASH prototypes are +appropriate as-is. Conversely, if the caller is responsible for the +life-time of the data in question, then they may well wish to make +modifications to table item passed back in the lh_doall() or +lh_doall_arg() callbacks (see the "TYPE_cleanup" example above). If +so, the caller can either cast the "const" away (if they're providing +the raw callbacks themselves) or use the macros to declare/implement +the wrapper functions without "const" types.

    +

    Callers that only have "const" access to data they're indexing in a +table, yet declare callbacks without constant types (or cast the +"const" away themselves), are therefore creating their own risks/bugs +without being encouraged to do so by the API. On a related note, +those auditing code should pay special attention to any instances of +DECLARE/IMPLEMENT_LHASH_DOALL_[ARG_]_FN macros that provide types +without any "const" qualifiers.

    +

    +

    +
    +

    BUGS

    +

    lh_TYPE_insert() returns NULL both for success and error.

    +

    +

    +
    +

    SEE ALSO

    +

    OPENSSL_LH_stats(3)

    +

    +

    +
    +

    HISTORY

    +

    In OpenSSL 1.0.0, the lhash interface was revamped for better +type checking.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/OPENSSL_LH_stats.html b/linux_amd64/share/doc/openssl/html/man3/OPENSSL_LH_stats.html new file mode 100755 index 0000000..9d06eb5 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/OPENSSL_LH_stats.html @@ -0,0 +1,103 @@ + + + + +OPENSSL_LH_stats + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OPENSSL_LH_stats, OPENSSL_LH_node_stats, OPENSSL_LH_node_usage_stats, +OPENSSL_LH_stats_bio, +OPENSSL_LH_node_stats_bio, OPENSSL_LH_node_usage_stats_bio - LHASH statistics

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/lhash.h>
    +
    + void OPENSSL_LH_stats(LHASH *table, FILE *out);
+ void OPENSSL_LH_node_stats(LHASH *table, FILE *out);
+ void OPENSSL_LH_node_usage_stats(LHASH *table, FILE *out);
    +
    + void OPENSSL_LH_stats_bio(LHASH *table, BIO *out);
+ void OPENSSL_LH_node_stats_bio(LHASH *table, BIO *out);
+ void OPENSSL_LH_node_usage_stats_bio(LHASH *table, BIO *out);
    +

    +

    +
    +

    DESCRIPTION

    +

    The LHASH structure records statistics about most aspects of +accessing the hash table.

    +

    OPENSSL_LH_stats() prints out statistics on the size of the hash table, how +many entries are in it, and the number and result of calls to the +routines in this library.

    +

    OPENSSL_LH_node_stats() prints the number of entries for each 'bucket' in the +hash table.

    +

    OPENSSL_LH_node_usage_stats() prints out a short summary of the state of the +hash table. It prints the 'load' and the 'actual load'. The load is +the average number of data items per 'bucket' in the hash table. The +'actual load' is the average number of items per 'bucket', but only +for buckets which contain entries. So the 'actual load' is the +average number of searches that will need to find an item in the hash +table, while the 'load' is the average number that will be done to +record a miss.

    +

    OPENSSL_LH_stats_bio(), OPENSSL_LH_node_stats_bio() and OPENSSL_LH_node_usage_stats_bio() +are the same as the above, except that the output goes to a BIO.

    +

    +

    +
    +

    RETURN VALUES

    +

    These functions do not return values.

    +

    +

    +
    +

    NOTE

    +

    These calls should be made under a read lock. Refer to +OPENSSL_LH_COMPFUNC(3)/NOTE for more details about the locks required +when using the LHASH data structure.

    +

    +

    +
    +

    SEE ALSO

    +

    bio(7), OPENSSL_LH_COMPFUNC(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/OPENSSL_config.html b/linux_amd64/share/doc/openssl/html/man3/OPENSSL_config.html new file mode 100755 index 0000000..081814b --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/OPENSSL_config.html @@ -0,0 +1,126 @@ + + + + +OPENSSL_config + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OPENSSL_config, OPENSSL_no_config - simple OpenSSL configuration functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/conf.h>
    +

    Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + void OPENSSL_config(const char *appname);
+ void OPENSSL_no_config(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    OPENSSL_config() configures OpenSSL using the standard openssl.cnf and +reads from the application section appname. If appname is NULL then +the default section, openssl_conf, will be used. +Errors are silently ignored. +Multiple calls have no effect.

    +

    OPENSSL_no_config() disables configuration. If called before OPENSSL_config() +no configuration takes place.

    +

    If the application is built with OPENSSL_LOAD_CONF defined, then a +call to OpenSSL_add_all_algorithms() will implicitly call OPENSSL_config() +first.

    +

    +

    +
    +

    NOTES

    +

    The OPENSSL_config() function is designed to be a very simple "call it and +forget it" function. +It is however much better than nothing. Applications which need finer +control over their configuration functionality should use the configuration +functions such as CONF_modules_load() directly. This function is deprecated +and its use should be avoided. +Applications should instead call CONF_modules_load() during +initialization (that is before starting any threads).

    +

    There are several reasons why calling the OpenSSL configuration routines is +advisable. For example, to load dynamic ENGINEs from shared libraries (DSOs). +However very few applications currently support the control interface and so +very few can load and use dynamic ENGINEs. Equally in future more sophisticated +ENGINEs will require certain control operations to customize them. If an +application calls OPENSSL_config() it doesn't need to know or care about +ENGINE control operations because they can be performed by editing a +configuration file.

    +

    +

    +
    +

    ENVIRONMENT

    +
    +
    OPENSSL_CONF
    + +
    +

    The path to the config file. +Ignored in set-user-ID and set-group-ID programs.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    Neither OPENSSL_config() nor OPENSSL_no_config() return a value.

    +

    +

    +
    +

    SEE ALSO

    +

    config(5), +CONF_modules_load_file(3)

    +

    +

    +
    +

    HISTORY

    +

    The OPENSSL_no_config() and OPENSSL_config() functions were +deprecated in OpenSSL 1.1.0 by OPENSSL_init_crypto().

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/OPENSSL_fork_prepare.html b/linux_amd64/share/doc/openssl/html/man3/OPENSSL_fork_prepare.html new file mode 100755 index 0000000..3c7bd2c --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/OPENSSL_fork_prepare.html @@ -0,0 +1,100 @@ + + + + +OPENSSL_fork_prepare + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OPENSSL_fork_prepare, +OPENSSL_fork_parent, +OPENSSL_fork_child +- OpenSSL fork handlers

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/crypto.h>
    +
    + void OPENSSL_fork_prepare(void);
+ void OPENSSL_fork_parent(void);
+ void OPENSSL_fork_child(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    OpenSSL has state that should be reset when a process forks. For example, +the entropy pool used to generate random numbers (and therefore encryption +keys) should not be shared across multiple programs. +The OPENSSL_fork_prepare(), OPENSSL_fork_parent(), and OPENSSL_fork_child() +functions are used to reset this internal state.

    +

    Platforms without fork(2) will probably not need to use these functions. +Platforms with fork(2) but without pthread_atfork(3) will probably need +to call them manually, as described in the following paragraph. Platforms +such as Linux that have both functions will normally not need to call these +functions as the OpenSSL library will do so automatically.

    +

    OPENSSL_init_crypto(3) will register these functions with the appropriate +handler, when the OPENSSL_INIT_ATFORK flag is used. For other +applications, these functions can be called directly. They should be used +according to the calling sequence described by the pthread_atfork(3) +documentation, which is summarized here. OPENSSL_fork_prepare() should +be called before a fork() is done. After the fork() returns, the parent +process should call OPENSSL_fork_parent() and the child process should +call OPENSSL_fork_child().

    +

    +

    +
    +

    RETURN VALUES

    +

    OPENSSL_fork_prepare(), OPENSSL_fork_parent() and OPENSSL_fork_child() do not +return values.

    +

    +

    +
    +

    SEE ALSO

    +

    OPENSSL_init_crypto(3)

    +

    +

    +
    +

    HISTORY

    +

    These functions were added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/OPENSSL_hexchar2int.html b/linux_amd64/share/doc/openssl/html/man3/OPENSSL_hexchar2int.html new file mode 100755 index 0000000..1e9bd77 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/OPENSSL_hexchar2int.html @@ -0,0 +1,103 @@ + + + + +OPENSSL_hexchar2int + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    OPENSSL_hexchar2int, +OPENSSL_hexstr2buf_ex, OPENSSL_hexstr2buf, +OPENSSL_buf2hexstr_ex, OPENSSL_buf2hexstr +- Hex encoding and decoding functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/crypto.h>
    +
    + int OPENSSL_hexchar2int(unsigned char c);
+ int OPENSSL_hexstr2buf_ex(unsigned char *buf, size_t buf_n, long *buflen,
+                           const char *str);
+ unsigned char *OPENSSL_hexstr2buf(const char *str, long *len);
+ int OPENSSL_buf2hexstr_ex(char *str, size_t str_n, size_t *strlen,
+                           const unsigned char *buf, long buflen);
+ char *OPENSSL_buf2hexstr(const unsigned char *buf, long buflen);
    +

    +

    +
    +

    DESCRIPTION

    +

    OPENSSL_hexchar2int() converts a hexadecimal character to its numeric +equivalent.

    +

    OPENSSL_hexstr2buf_ex() decodes the hex string str and places the +resulting string of bytes in the given buf. +buf_n gives the size of the buffer. +If buflen is not NULL, it is filled in with the result length. +To find out how large the result will be, call this function with NULL +for buf. +Colons between two-character hex "bytes" are accepted and ignored. +An odd number of hex digits is an error.

    +

    OPENSSL_hexstr2buf() does the same thing as OPENSSL_hexstr2buf_ex(), +but allocates the space for the result, and returns the result. +The memory is allocated by calling OPENSSL_malloc() and should be +released by calling OPENSSL_free().

    +

    OPENSSL_buf2hexstr_ex() encodes the contents of the given buf with +length buflen and places the resulting hexadecimal character string +in the given str. +str_n gives the size of the of the string buffer. +If strlen is not NULL, it is filled in with the result length. +To find out how large the result will be, call this function with NULL +for str.

    +

    OPENSSL_buf2hexstr() does the same thing as OPENSSL_buf2hexstr_ex(), +but allocates the space for the result, and returns the result. +The memory is allocated by calling OPENSSL_malloc() and should be +released by calling OPENSSL_free().

    +

    +

    +
    +

    RETURN VALUES

    +

    OPENSSL_hexchar2int returns the value of a decoded hex character, +or -1 on error.

    +

    OPENSSL_buf2hexstr() and OPENSSL_hexstr2buf() +return a pointer to allocated memory, or NULL on error.

    +

    OPENSSL_buf2hexstr_ex() and OPENSSL_hexstr2buf_ex() return 1 on +success, or 0 on error.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/OPENSSL_ia32cap.html b/linux_amd64/share/doc/openssl/html/man3/OPENSSL_ia32cap.html new file mode 100755 index 0000000..9508fb0 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/OPENSSL_ia32cap.html @@ -0,0 +1,194 @@ + + + + +OPENSSL_ia32cap + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    OPENSSL_ia32cap - the x86[_64] processor capabilities vector

    +

    +

    +
    +

    SYNOPSIS

    +
    + env OPENSSL_ia32cap=... <application>
    +

    +

    +
    +

    DESCRIPTION

    +

    OpenSSL supports a range of x86[_64] instruction set extensions. These +extensions are denoted by individual bits in capability vector returned +by processor in EDX:ECX register pair after executing CPUID instruction +with EAX=1 input value (see Intel Application Note #241618). This vector +is copied to memory upon toolkit initialization and used to choose +between different code paths to provide optimal performance across wide +range of processors. For the moment of this writing following bits are +significant:

    +
    +
    bit #4 denoting presence of Time-Stamp Counter.
    + +
    bit #19 denoting availability of CLFLUSH instruction;
    + +
    bit #20, reserved by Intel, is used to choose among RC4 code paths;
    + +
    bit #23 denoting MMX support;
    + +
    bit #24, FXSR bit, denoting availability of XMM registers;
    + +
    bit #25 denoting SSE support;
    + +
    bit #26 denoting SSE2 support;
    + +
    bit #28 denoting Hyperthreading, which is used to distinguish +cores with shared cache;
    + +
    bit #30, reserved by Intel, denotes specifically Intel CPUs;
    + +
    bit #33 denoting availability of PCLMULQDQ instruction;
    + +
    bit #41 denoting SSSE3, Supplemental SSE3, support;
    + +
    bit #43 denoting AMD XOP support (forced to zero on non-AMD CPUs);
    + +
    bit #54 denoting availability of MOVBE instruction;
    + +
    bit #57 denoting AES-NI instruction set extension;
    + +
    bit #58, XSAVE bit, lack of which in combination with MOVBE is used +to identify Atom Silvermont core;
    + +
    bit #59, OSXSAVE bit, denoting availability of YMM registers;
    + +
    bit #60 denoting AVX extension;
    + +
    bit #62 denoting availability of RDRAND instruction;
    + +
    +

    For example, in 32-bit application context clearing bit #26 at run-time +disables high-performance SSE2 code present in the crypto library, while +clearing bit #24 disables SSE2 code operating on 128-bit XMM register +bank. You might have to do the latter if target OpenSSL application is +executed on SSE2 capable CPU, but under control of OS that does not +enable XMM registers. Historically address of the capability vector copy +was exposed to application through OPENSSL_ia32cap_loc(), but not +anymore. Now the only way to affect the capability detection is to set +OPENSSL_ia32cap environment variable prior target application start. To +give a specific example, on Intel P4 processor +env OPENSSL_ia32cap=0x16980010 apps/openssl, or better yet +env OPENSSL_ia32cap=~0x1000000 apps/openssl would achieve the desired +effect. Alternatively you can reconfigure the toolkit with no-sse2 +option and recompile.

    +

    Less intuitive is clearing bit #28, or ~0x10000000 in the "environment +variable" terms. The truth is that it's not copied from CPUID output +verbatim, but is adjusted to reflect whether or not the data cache is +actually shared between logical cores. This in turn affects the decision +on whether or not expensive countermeasures against cache-timing attacks +are applied, most notably in AES assembler module.

    +

    The capability vector is further extended with EBX value returned by +CPUID with EAX=7 and ECX=0 as input. Following bits are significant:

    +
    +
    bit #64+3 denoting availability of BMI1 instructions, e.g. ANDN;
    + +
    bit #64+5 denoting availability of AVX2 instructions;
    + +
    bit #64+8 denoting availability of BMI2 instructions, e.g. MULX +and RORX;
    + +
    bit #64+16 denoting availability of AVX512F extension;
    + +
    bit #64+18 denoting availability of RDSEED instruction;
    + +
    bit #64+19 denoting availability of ADCX and ADOX instructions;
    + +
    bit #64+21 denoting availability of VPMADD52[LH]UQ instructions, +a.k.a. AVX512IFMA extension;
    + +
    bit #64+29 denoting availability of SHA extension;
    + +
    bit #64+30 denoting availability of AVX512BW extension;
    + +
    bit #64+31 denoting availability of AVX512VL extension;
    + +
    bit #64+41 denoting availability of VAES extension;
    + +
    bit #64+42 denoting availability of VPCLMULQDQ extension;
    + +
    +

    To control this extended capability word use : as delimiter when +setting up OPENSSL_ia32cap environment variable. For example assigning +:~0x20 would disable AVX2 code paths, and :0 - all post-AVX +extensions.

    +

    It should be noted that whether or not some of the most "fancy" +extension code paths are actually assembled depends on current assembler +version. Base minimum of AES-NI/PCLMULQDQ, SSSE3 and SHA extension code +paths are always assembled. Apart from that, minimum assembler version +requirements are summarized in below table:

    +
    +   Extension   | GNU as | nasm   | llvm
+   ------------+--------+--------+--------
+   AVX         | 2.19   | 2.09   | 3.0
+   AVX2        | 2.22   | 2.10   | 3.1
+   ADCX/ADOX   | 2.23   | 2.10   | 3.3
+   AVX512      | 2.25   | 2.11.8 | see NOTES
+   AVX512IFMA  | 2.26   | 2.11.8 | see NOTES
+   VAES        | 2.30   | 2.13.3 |
    +

    +

    +
    +

    NOTES

    +

    Even though AVX512 support was implemented in llvm 3.6, compilation of +assembly modules apparently requires explicit -march flag. But then +compiler generates processor-specific code, which in turn contradicts +the mere idea of run-time switch execution facilitated by the variable +in question. Till the limitation is lifted, it's possible to work around +the problem by making build procedure use following script:

    +
    +   #!/bin/sh
+   exec clang -no-integrated-as "$@"
    +

    instead of real clang. In which case it doesn't matter which clang +version is used, as it is GNU assembler version that will be checked.

    +

    +

    +
    +

    RETURN VALUES

    +

    Not available.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/OPENSSL_init_crypto.html b/linux_amd64/share/doc/openssl/html/man3/OPENSSL_init_crypto.html new file mode 100755 index 0000000..d9c6277 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/OPENSSL_init_crypto.html @@ -0,0 +1,335 @@ + + + + +OPENSSL_init_crypto + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OPENSSL_INIT_new, OPENSSL_INIT_set_config_filename, +OPENSSL_INIT_set_config_appname, OPENSSL_INIT_set_config_file_flags, +OPENSSL_INIT_free, OPENSSL_init_crypto, OPENSSL_cleanup, OPENSSL_atexit, +OPENSSL_thread_stop_ex, OPENSSL_thread_stop - OpenSSL initialisation +and deinitialisation functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/crypto.h>
    +
    + void OPENSSL_cleanup(void);
+ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
+ int OPENSSL_atexit(void (*handler)(void));
+ void OPENSSL_thread_stop_ex(OPENSSL_CTX *ctx);
+ void OPENSSL_thread_stop(void);
    +
    + OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void);
+ int OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *init,
+                                      const char* filename);
+ int OPENSSL_INIT_set_config_file_flags(OPENSSL_INIT_SETTINGS *init,
+                                        unsigned long flags);
+ int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *init,
+                                     const char* name);
+ void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *init);
    +

    +

    +
    +

    DESCRIPTION

    +

    During normal operation OpenSSL (libcrypto) will allocate various resources at +start up that must, subsequently, be freed on close down of the library. +Additionally some resources are allocated on a per thread basis (if the +application is multi-threaded), and these resources must be freed prior to the +thread closing.

    +

    As of version 1.1.0 OpenSSL will automatically allocate all resources that it +needs so no explicit initialisation is required. Similarly it will also +automatically deinitialise as required.

    +

    However, there may be situations when explicit initialisation is desirable or +needed, for example when some non-default initialisation is required. The +function OPENSSL_init_crypto() can be used for this purpose for +libcrypto (see also OPENSSL_init_ssl(3) for the libssl +equivalent).

    +

    Numerous internal OpenSSL functions call OPENSSL_init_crypto(). +Therefore, in order to perform non-default initialisation, +OPENSSL_init_crypto() MUST be called by application code prior to +any other OpenSSL function calls.

    +

    The opts parameter specifies which aspects of libcrypto should be +initialised. Valid options are:

    +
    +
    OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS
    + +
    +

    Suppress automatic loading of the libcrypto error strings. This option is +not a default option. Once selected subsequent calls to +OPENSSL_init_crypto() with the option +OPENSSL_INIT_LOAD_CRYPTO_STRINGS will be ignored.

    +
    +
    OPENSSL_INIT_LOAD_CRYPTO_STRINGS
    + +
    +

    Automatic loading of the libcrypto error strings. With this option the +library will automatically load the libcrypto error strings. +This option is a default option. Once selected subsequent calls to +OPENSSL_init_crypto() with the option +OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS will be ignored.

    +
    +
    OPENSSL_INIT_ADD_ALL_CIPHERS
    + +
    +

    With this option the library will automatically load and make available all +libcrypto ciphers. This option is a default option. Once selected subsequent +calls to OPENSSL_init_crypto() with the option +OPENSSL_INIT_NO_ADD_ALL_CIPHERS will be ignored.

    +
    +
    OPENSSL_INIT_ADD_ALL_DIGESTS
    + +
    +

    With this option the library will automatically load and make available all +libcrypto digests. This option is a default option. Once selected subsequent +calls to OPENSSL_init_crypto() with the option +OPENSSL_INIT_NO_ADD_ALL_CIPHERS will be ignored.

    +
    +
    OPENSSL_INIT_NO_ADD_ALL_CIPHERS
    + +
    +

    With this option the library will suppress automatic loading of libcrypto +ciphers. This option is not a default option. Once selected subsequent +calls to OPENSSL_init_crypto() with the option +OPENSSL_INIT_ADD_ALL_CIPHERS will be ignored.

    +
    +
    OPENSSL_INIT_NO_ADD_ALL_DIGESTS
    + +
    +

    With this option the library will suppress automatic loading of libcrypto +digests. This option is not a default option. Once selected subsequent +calls to OPENSSL_init_crypto() with the option +OPENSSL_INIT_ADD_ALL_DIGESTS will be ignored.

    +
    +
    OPENSSL_INIT_LOAD_CONFIG
    + +
    +

    With this option an OpenSSL configuration file will be automatically loaded and +used by calling OPENSSL_config(). This is a default option. +Note that in OpenSSL 1.1.1 this was the default for libssl but not for +libcrypto (see OPENSSL_init_ssl(3) for further details about libssl +initialisation). +In OpenSSL 1.1.0 this was a non-default option for both libssl and libcrypto. +See the description of OPENSSL_INIT_new(), below.

    +
    +
    OPENSSL_INIT_NO_LOAD_CONFIG
    + +
    +

    With this option the loading of OpenSSL configuration files will be suppressed. +It is the equivalent of calling OPENSSL_no_config(). This is not a default +option.

    +
    +
    OPENSSL_INIT_ASYNC
    + +
    +

    With this option the library with automatically initialise the libcrypto async +sub-library (see ASYNC_start_job(3)). This is a default option.

    +
    +
    OPENSSL_INIT_ENGINE_RDRAND
    + +
    +

    With this option the library will automatically load and initialise the +RDRAND engine (if available). This not a default option.

    +
    +
    OPENSSL_INIT_ENGINE_DYNAMIC
    + +
    +

    With this option the library will automatically load and initialise the +dynamic engine. This not a default option.

    +
    +
    OPENSSL_INIT_ENGINE_OPENSSL
    + +
    +

    With this option the library will automatically load and initialise the +openssl engine. This not a default option.

    +
    +
    OPENSSL_INIT_ENGINE_CRYPTODEV
    + +
    +

    With this option the library will automatically load and initialise the +cryptodev engine (if available). This not a default option.

    +
    +
    OPENSSL_INIT_ENGINE_CAPI
    + +
    +

    With this option the library will automatically load and initialise the +CAPI engine (if available). This not a default option.

    +
    +
    OPENSSL_INIT_ENGINE_PADLOCK
    + +
    +

    With this option the library will automatically load and initialise the +padlock engine (if available). This not a default option.

    +
    +
    OPENSSL_INIT_ENGINE_AFALG
    + +
    +

    With this option the library will automatically load and initialise the +AFALG engine. This not a default option.

    +
    +
    OPENSSL_INIT_ENGINE_ALL_BUILTIN
    + +
    +

    With this option the library will automatically load and initialise all the +built in engines listed above with the exception of the openssl and afalg +engines. This not a default option.

    +
    +
    OPENSSL_INIT_ATFORK
    + +
    +

    With this option the library will register its fork handlers. +See OPENSSL_fork_prepare(3) for details.

    +
    +
    OPENSSL_INIT_NO_ATEXIT
    + +
    +

    By default OpenSSL will attempt to clean itself up when the process exits via an +"atexit" handler. Using this option suppresses that behaviour. This means that +the application will have to clean up OpenSSL explicitly using +OPENSSL_cleanup().

    +
    +
    +

    Multiple options may be combined together in a single call to +OPENSSL_init_crypto(). For example:

    +
    + OPENSSL_init_crypto(OPENSSL_INIT_NO_ADD_ALL_CIPHERS
+                     | OPENSSL_INIT_NO_ADD_ALL_DIGESTS, NULL);
    +

    The OPENSSL_cleanup() function deinitialises OpenSSL (both libcrypto +and libssl). All resources allocated by OpenSSL are freed. Typically there +should be no need to call this function directly as it is initiated +automatically on application exit. This is done via the standard C library +atexit() function. In the event that the application will close in a manner +that will not call the registered atexit() handlers then the application should +call OPENSSL_cleanup() directly. Developers of libraries using OpenSSL +are discouraged from calling this function and should instead, typically, rely +on auto-deinitialisation. This is to avoid error conditions where both an +application and a library it depends on both use OpenSSL, and the library +deinitialises it before the application has finished using it.

    +

    Once OPENSSL_cleanup() has been called the library cannot be reinitialised. +Attempts to call OPENSSL_init_crypto() will fail and an ERR_R_INIT_FAIL error +will be added to the error stack. Note that because initialisation has failed +OpenSSL error strings will not be available, only an error code. This code can +be put through the openssl errstr command line application to produce a human +readable error (see openssl-errstr(1)).

    +

    The OPENSSL_atexit() function enables the registration of a +function to be called during OPENSSL_cleanup(). Stop handlers are +called after deinitialisation of resources local to a thread, but before other +process wide resources are freed. In the event that multiple stop handlers are +registered, no guarantees are made about the order of execution.

    +

    The OPENSSL_thread_stop_ex() function deallocates resources associated +with the current thread for the given OPENSSL_CTX ctx. The ctx parameter +can be NULL in which case the default OPENSSL_CTX is used.

    +

    Typically, this function will be called automatically by the library when +the thread exits as long as the OPENSSL_CTX has not been freed before the thread +exits. If OPENSSL_CTX_free() is called OPENSSL_thread_stop_ex will be called +automatically for the current thread (but not any other threads that may have +used this OPENSSL_CTX).

    +

    OPENSSL_thread_stop_ex should be called on all threads that will exit after the +OPENSSL_CTX is freed. +Typically this is not necessary for the default OPENSSL_CTX (because all +resources are cleaned up on library exit) except if thread local resources +should be freed before library exit, or under the circumstances described in +the NOTES section below.

    +

    OPENSSL_thread_stop() is the same as OPENSSL_thread_stop_ex() except that the +default OPENSSL_CTX is always used.

    +

    The OPENSSL_INIT_LOAD_CONFIG flag will load a configuration file, as with +CONF_modules_load_file(3) with NULL filename and application name and the +CONF_MFLAGS_IGNORE_MISSING_FILE, CONF_MFLAGS_IGNORE_RETURN_CODES and +CONF_MFLAGS_DEFAULT_SECTION flags. +The filename, application name, and flags can be customized by providing a +non-null OPENSSL_INIT_SETTINGS object. +The object can be allocated via OPENSSL_INIT_new(). +The OPENSSL_INIT_set_config_filename() function can be used to specify a +non-default filename, which is copied and need not refer to persistent storage. +Similarly, OPENSSL_INIT_set_config_appname() can be used to specify a +non-default application name. +Finally, OPENSSL_INIT_set_file_flags can be used to specify non-default flags. +If the CONF_MFLAGS_IGNORE_RETURN_CODES flag is not included, any errors in +the configuration file will cause an error return from OPENSSL_init_crypto +or indirectly OPENSSL_init_ssl(3). +The object can be released with OPENSSL_INIT_free() when done.

    +

    +

    +
    +

    NOTES

    +

    Resources local to a thread are deallocated automatically when the thread exits +(e.g. in a pthreads environment, when pthread_exit() is called). On Windows +platforms this is done in response to a DLL_THREAD_DETACH message being sent to +the libcrypto32.dll entry point. Some windows functions may cause threads to exit +without sending this message (for example ExitProcess()). If the application +uses such functions, then the application must free up OpenSSL resources +directly via a call to OPENSSL_thread_stop() on each thread. Similarly this +message will also not be sent if OpenSSL is linked statically, and therefore +applications using static linking should also call OPENSSL_thread_stop() on each +thread. Additionally if OpenSSL is loaded dynamically via LoadLibrary() and the +threads are not destroyed until after FreeLibrary() is called then each thread +should call OPENSSL_thread_stop() prior to the FreeLibrary() call.

    +

    On Linux/Unix where OpenSSL has been loaded via dlopen() and the application is +multi-threaded and if dlclose() is subsequently called prior to the threads +being destroyed then OpenSSL will not be able to deallocate resources associated +with those threads. The application should either call OPENSSL_thread_stop() on +each thread prior to the dlclose() call, or alternatively the original dlopen() +call should use the RTLD_NODELETE flag (where available on the platform).

    +

    +

    +
    +

    RETURN VALUES

    +

    The functions OPENSSL_init_crypto, OPENSSL_atexit() and +OPENSSL_INIT_set_config_appname() return 1 on success or 0 on error.

    +

    +

    +
    +

    SEE ALSO

    +

    OPENSSL_init_ssl(3)

    +

    +

    +
    +

    HISTORY

    +

    The OPENSSL_init_crypto(), OPENSSL_cleanup(), OPENSSL_atexit(), +OPENSSL_thread_stop(), OPENSSL_INIT_new(), OPENSSL_INIT_set_config_appname() +and OPENSSL_INIT_free() functions were added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/OPENSSL_init_ssl.html b/linux_amd64/share/doc/openssl/html/man3/OPENSSL_init_ssl.html new file mode 100755 index 0000000..df977fe --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/OPENSSL_init_ssl.html @@ -0,0 +1,118 @@ + + + + +OPENSSL_init_ssl + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OPENSSL_init_ssl - OpenSSL (libssl and libcrypto) initialisation

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
    +

    +

    +
    +

    DESCRIPTION

    +

    During normal operation OpenSSL (libssl and libcrypto) will allocate various +resources at start up that must, subsequently, be freed on close down of the +library. Additionally some resources are allocated on a per thread basis (if the +application is multi-threaded), and these resources must be freed prior to the +thread closing.

    +

    As of version 1.1.0 OpenSSL will automatically allocate all resources that it +needs so no explicit initialisation is required. Similarly it will also +automatically deinitialise as required.

    +

    However, there may be situations when explicit initialisation is desirable or +needed, for example when some non-default initialisation is required. The +function OPENSSL_init_ssl() can be used for this purpose. Calling +this function will explicitly initialise BOTH libcrypto and libssl. To +explicitly initialise ONLY libcrypto see the +OPENSSL_init_crypto(3) function.

    +

    Numerous internal OpenSSL functions call OPENSSL_init_ssl(). +Therefore, in order to perform non-default initialisation, +OPENSSL_init_ssl() MUST be called by application code prior to +any other OpenSSL function calls.

    +

    The opts parameter specifies which aspects of libssl and libcrypto should be +initialised. Valid options for libcrypto are described on the +OPENSSL_init_crypto(3) page. In addition to any libcrypto +specific option the following libssl options can also be used:

    +
    +
    OPENSSL_INIT_NO_LOAD_SSL_STRINGS
    + +
    +

    Suppress automatic loading of the libssl error strings. This option is +not a default option. Once selected subsequent calls to +OPENSSL_init_ssl() with the option +OPENSSL_INIT_LOAD_SSL_STRINGS will be ignored.

    +
    +
    OPENSSL_INIT_LOAD_SSL_STRINGS
    + +
    +

    Automatic loading of the libssl error strings. This option is a +default option. Once selected subsequent calls to +OPENSSL_init_ssl() with the option +OPENSSL_INIT_LOAD_SSL_STRINGS will be ignored.

    +
    +
    +

    OPENSSL_init_ssl() takes a settings parameter which can be used to +set parameter values. See OPENSSL_init_crypto(3) for details.

    +

    +

    +
    +

    RETURN VALUES

    +

    The function OPENSSL_init_ssl() returns 1 on success or 0 on error.

    +

    +

    +
    +

    SEE ALSO

    +

    OPENSSL_init_crypto(3)

    +

    +

    +
    +

    HISTORY

    +

    The OPENSSL_init_ssl() function was added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/OPENSSL_instrument_bus.html b/linux_amd64/share/doc/openssl/html/man3/OPENSSL_instrument_bus.html new file mode 100755 index 0000000..56156ce --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/OPENSSL_instrument_bus.html @@ -0,0 +1,85 @@ + + + + +OPENSSL_instrument_bus + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    OPENSSL_instrument_bus, OPENSSL_instrument_bus2 - instrument references to memory bus

    +

    +

    +
    +

    SYNOPSIS

    +
    + #ifdef OPENSSL_CPUID_OBJ
+ size_t OPENSSL_instrument_bus(int *vector, size_t num);
+ size_t OPENSSL_instrument_bus2(int *vector, size_t num, size_t max);
+ #endif
    +

    +

    +
    +

    DESCRIPTION

    +

    It was empirically found that timings of references to primary memory +are subject to irregular, apparently non-deterministic variations. The +subroutines in question instrument these references for purposes of +gathering randomness for random number generator. In order to make it +bus-bound a 'flush cache line' instruction is used between probes. In +addition probes are added to vector elements in atomic or +interlocked manner, which should contribute additional noise on +multi-processor systems. This also means that vector[num] should be +zeroed upon invocation (if you want to retrieve actual probe values).

    +

    OPENSSL_instrument_bus() performs num probes and records the number of +oscillator cycles every probe took.

    +

    OPENSSL_instrument_bus2() on the other hand accumulates consecutive +probes with the same value, i.e. in a way it records duration of +periods when probe values appeared deterministic. The subroutine +performs at most max probes in attempt to fill the vector[num], +with max value of 0 meaning "as many as it takes."

    +

    +

    +
    +

    RETURN VALUES

    +

    Return value of 0 indicates that CPU is not capable of performing the +benchmark, either because oscillator counter or 'flush cache line' is +not available on current platform. For reference, on x86 'flush cache +line' was introduced with the SSE2 extensions.

    +

    Otherwise number of recorded values is returned.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/OPENSSL_load_builtin_modules.html b/linux_amd64/share/doc/openssl/html/man3/OPENSSL_load_builtin_modules.html new file mode 100755 index 0000000..6762d5f --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/OPENSSL_load_builtin_modules.html @@ -0,0 +1,91 @@ + + + + +OPENSSL_load_builtin_modules + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OPENSSL_load_builtin_modules, ASN1_add_oid_module, ENGINE_add_conf_module - add standard configuration modules

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/conf.h>
    +
    + void OPENSSL_load_builtin_modules(void);
+ void ASN1_add_oid_module(void);
+ void ENGINE_add_conf_module(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    The function OPENSSL_load_builtin_modules() adds all the standard OpenSSL +configuration modules to the internal list. They can then be used by the +OpenSSL configuration code.

    +

    ASN1_add_oid_module() adds just the ASN1 OBJECT module.

    +

    ENGINE_add_conf_module() adds just the ENGINE configuration module.

    +

    +

    +
    +

    NOTES

    +

    If the simple configuration function OPENSSL_config() is called then +OPENSSL_load_builtin_modules() is called automatically.

    +

    Applications which use the configuration functions directly will need to +call OPENSSL_load_builtin_modules() themselves before any other +configuration code.

    +

    Applications should call OPENSSL_load_builtin_modules() to load all +configuration modules instead of adding modules selectively: otherwise +functionality may be missing from the application if an when new +modules are added.

    +

    +

    +
    +

    RETURN VALUES

    +

    None of the functions return a value.

    +

    +

    +
    +

    SEE ALSO

    +

    config(5), OPENSSL_config(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/OPENSSL_malloc.html b/linux_amd64/share/doc/openssl/html/man3/OPENSSL_malloc.html new file mode 100755 index 0000000..aa1b625 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/OPENSSL_malloc.html @@ -0,0 +1,226 @@ + + + + +OPENSSL_malloc + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OPENSSL_malloc_init, +OPENSSL_malloc, OPENSSL_zalloc, OPENSSL_realloc, OPENSSL_free, +OPENSSL_clear_realloc, OPENSSL_clear_free, OPENSSL_cleanse, +CRYPTO_malloc, CRYPTO_zalloc, CRYPTO_realloc, CRYPTO_free, +OPENSSL_strdup, OPENSSL_strndup, +OPENSSL_memdup, OPENSSL_strlcpy, OPENSSL_strlcat, +CRYPTO_strdup, CRYPTO_strndup, +OPENSSL_mem_debug_push, OPENSSL_mem_debug_pop, +CRYPTO_mem_debug_push, CRYPTO_mem_debug_pop, +CRYPTO_clear_realloc, CRYPTO_clear_free, +CRYPTO_malloc_fn, CRYPTO_realloc_fn, CRYPTO_free_fn, +CRYPTO_get_mem_functions, CRYPTO_set_mem_functions, +CRYPTO_get_alloc_counts, +CRYPTO_set_mem_debug, CRYPTO_mem_ctrl, +CRYPTO_mem_leaks, CRYPTO_mem_leaks_fp, CRYPTO_mem_leaks_cb, +OPENSSL_MALLOC_FAILURES, +OPENSSL_MALLOC_FD +- Memory allocation functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/crypto.h>
    +
    + int OPENSSL_malloc_init(void);
    +
    + void *OPENSSL_malloc(size_t num);
+ void *OPENSSL_zalloc(size_t num);
+ void *OPENSSL_realloc(void *addr, size_t num);
+ void OPENSSL_free(void *addr);
+ char *OPENSSL_strdup(const char *str);
+ char *OPENSSL_strndup(const char *str, size_t s);
+ size_t OPENSSL_strlcat(char *dst, const char *src, size_t size);
+ size_t OPENSSL_strlcpy(char *dst, const char *src, size_t size);
+ void *OPENSSL_memdup(void *data, size_t s);
+ void *OPENSSL_clear_realloc(void *p, size_t old_len, size_t num);
+ void OPENSSL_clear_free(void *str, size_t num);
+ void OPENSSL_cleanse(void *ptr, size_t len);
    +
    + void *CRYPTO_malloc(size_t num, const char *file, int line);
+ void *CRYPTO_zalloc(size_t num, const char *file, int line);
+ void *CRYPTO_realloc(void *p, size_t num, const char *file, int line);
+ void CRYPTO_free(void *str, const char *, int);
+ char *CRYPTO_strdup(const char *p, const char *file, int line);
+ char *CRYPTO_strndup(const char *p, size_t num, const char *file, int line);
+ void *CRYPTO_clear_realloc(void *p, size_t old_len, size_t num,
+                            const char *file, int line);
+ void CRYPTO_clear_free(void *str, size_t num, const char *, int)
    +
    + typedef void *(*CRYPTO_malloc_fn)(size_t num, const char *file, int line);
+ typedef void *(*CRYPTO_realloc_fn)(void *addr, size_t num, const char *file,
+                                    int line);
+ typedef void (*CRYPTO_free_fn)(void *addr, const char *file, int line);
+ void CRYPTO_get_mem_functions(CRYPTO_malloc_fn *malloc_fn,
+                               CRYPTO_realloc_fn *realloc_fn,
+                               CRYPTO_free_fn *free_fn);
+ int CRYPTO_set_mem_functions(CRYPTO_malloc_fn malloc_fn,
+                              CRYPTO_realloc_fn realloc_fn,
+                              CRYPTO_free_fn free_fn);
    +
    + void CRYPTO_get_alloc_counts(int *mcount, int *rcount, int *fcount);
    +
    + env OPENSSL_MALLOC_FAILURES=... <application>
+ env OPENSSL_MALLOC_FD=... <application>
    +

    Deprecated:

    +
    + int CRYPTO_mem_leaks(BIO *b);
+ int CRYPTO_mem_leaks_fp(FILE *fp);
+ int CRYPTO_mem_leaks_cb(int (*cb)(const char *str, size_t len, void *u),
+                         void *u);
    +
    + int CRYPTO_set_mem_debug(int onoff)
+ int CRYPTO_mem_ctrl(int mode);
+ int OPENSSL_mem_debug_push(const char *info)
+ int OPENSSL_mem_debug_pop(void);
+ int CRYPTO_mem_debug_push(const char *info, const char *file, int line);
+ int CRYPTO_mem_debug_pop(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    OpenSSL memory allocation is handled by the OPENSSL_xxx API. These are +generally macro's that add the standard C __FILE__ and __LINE__ +parameters and call a lower-level CRYPTO_xxx API. +Some functions do not add those parameters, but exist for consistency.

    +

    OPENSSL_malloc_init() does nothing and does not need to be called. It is +included for compatibility with older versions of OpenSSL.

    +

    OPENSSL_malloc(), OPENSSL_realloc(), and OPENSSL_free() are like the +C malloc(), realloc(), and free() functions. +OPENSSL_zalloc() calls memset() to zero the memory before returning.

    +

    OPENSSL_clear_realloc() and OPENSSL_clear_free() should be used +when the buffer at addr holds sensitive information. +The old buffer is filled with zero's by calling OPENSSL_cleanse() +before ultimately calling OPENSSL_free().

    +

    OPENSSL_cleanse() fills ptr of size len with a string of 0's. +Use OPENSSL_cleanse() with care if the memory is a mapping of a file. +If the storage controller uses write compression, then its possible +that sensitive tail bytes will survive zeroization because the block of +zeros will be compressed. If the storage controller uses wear leveling, +then the old sensitive data will not be overwritten; rather, a block of +0's will be written at a new physical location.

    +

    OPENSSL_strdup(), OPENSSL_strndup() and OPENSSL_memdup() are like the +equivalent C functions, except that memory is allocated by calling the +OPENSSL_malloc() and should be released by calling OPENSSL_free().

    +

    OPENSSL_strlcpy(), +OPENSSL_strlcat() and OPENSSL_strnlen() are equivalents of the common C +library functions and are provided for portability.

    +

    If no allocations have been done, it is possible to "swap out" the default +implementations for OPENSSL_malloc(), OPENSSL_realloc() and OPENSSL_free() +and replace them with alternate versions. +CRYPTO_get_mem_functions() function fills in the given arguments with the +function pointers for the current implementations. +With CRYPTO_set_mem_functions(), you can specify a different set of functions. +If any of malloc_fn, realloc_fn, or free_fn are NULL, then +the function is not changed. +While it's permitted to swap out only a few and not all the functions +with CRYPTO_set_mem_functions(), it's recommended to swap them all out +at once.

    +

    If the library is built with the crypto-mdebug option, then one +function, CRYPTO_get_alloc_counts(), and two additional environment +variables, OPENSSL_MALLOC_FAILURES and OPENSSL_MALLOC_FD, +are available.

    +

    The function CRYPTO_get_alloc_counts() fills in the number of times +each of CRYPTO_malloc(), CRYPTO_realloc(), and CRYPTO_free() have been +called, into the values pointed to by mcount, rcount, and fcount, +respectively. If a pointer is NULL, then the corresponding count is not stored.

    +

    The variable +OPENSSL_MALLOC_FAILURES controls how often allocations should fail. +It is a set of fields separated by semicolons, which each field is a count +(defaulting to zero) and an optional atsign and percentage (defaulting +to 100). If the count is zero, then it lasts forever. For example, +100;@25 or 100@0;0@25 means the first 100 allocations pass, then all +other allocations (until the program exits or crashes) have a 25% chance of +failing.

    +

    If the variable OPENSSL_MALLOC_FD is parsed as a positive integer, then +it is taken as an open file descriptor, and a record of all allocations is +written to that descriptor. If an allocation will fail, and the platform +supports it, then a backtrace will be written to the descriptor. This can +be useful because a malloc may fail but not be checked, and problems will +only occur later. The following example in classic shell syntax shows how +to use this (will not work on all platforms):

    +
    +  OPENSSL_MALLOC_FAILURES='200;@10'
+  export OPENSSL_MALLOC_FAILURES
+  OPENSSL_MALLOC_FD=3
+  export OPENSSL_MALLOC_FD
+  ...app invocation... 3>/tmp/log$$
    +

    +

    +
    +

    RETURN VALUES

    +

    OPENSSL_malloc_init(), OPENSSL_free(), OPENSSL_clear_free() +CRYPTO_free(), CRYPTO_clear_free() and CRYPTO_get_mem_functions() +return no value.

    +

    OPENSSL_malloc(), OPENSSL_zalloc(), OPENSSL_realloc(), +OPENSSL_clear_realloc(), +CRYPTO_malloc(), CRYPTO_zalloc(), CRYPTO_realloc(), +CRYPTO_clear_realloc(), +OPENSSL_strdup(), and OPENSSL_strndup() +return a pointer to allocated memory or NULL on error.

    +

    CRYPTO_set_mem_functions() returns 1 on success or 0 on failure (almost +always because allocations have already happened).

    +

    CRYPTO_mem_leaks(), CRYPTO_mem_leaks_fp(), CRYPTO_mem_leaks_cb(), +CRYPTO_set_mem_debug(), and CRYPTO_mem_ctrl() are deprecated and return -1. +OPENSSL_mem_debug_push(), OPENSSL_mem_debug_pop(), +CRYPTO_mem_debug_push(), and CRYPTO_mem_debug_pop() +are deprecated and return 0.

    +

    +

    +
    +

    HISTORY

    +

    OPENSSL_mem_debug_push(), OPENSSL_mem_debug_pop(), +CRYPTO_mem_debug_push(), CRYPTO_mem_debug_pop(), +CRYPTO_mem_leaks(), CRYPTO_mem_leaks_fp(), +CRYPTO_mem_leaks_cb(), CRYPTO_set_mem_debug(), CRYPTO_mem_ctrl() +were deprecated in OpenSSL 3.0. +The memory-leak checking has been deprecated in OpenSSL 3.0 in favor of +clang's memory and leak sanitizer.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/OPENSSL_s390xcap.html b/linux_amd64/share/doc/openssl/html/man3/OPENSSL_s390xcap.html new file mode 100755 index 0000000..6e6bae2 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/OPENSSL_s390xcap.html @@ -0,0 +1,232 @@ + + + + +OPENSSL_s390xcap + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OPENSSL_s390xcap - the IBM z processor capabilities vector

    +

    +

    +
    +

    SYNOPSIS

    +
    + env OPENSSL_s390xcap=... <application>
    +

    +

    +
    +

    DESCRIPTION

    +

    libcrypto supports z/Architecture instruction set extensions. These +extensions are denoted by individual bits in the capabilities vector. +When libcrypto is initialized, the bits returned by the STFLE instruction +and by the QUERY functions are stored in the vector.

    +

    To change the set of instructions available to an application, you can +set the OPENSSL_s390xcap environment variable before you start the +application. After initialization, the capability vector is ANDed bitwise +with a mask which is derived from the environment variable.

    +

    The environment variable is a semicolon-separated list of tokens which is +processed from left to right (whitespace is ignored):

    +
    + OPENSSL_s390xcap="<tok1>;<tok2>;..."
    +

    There are three types of tokens:

    +
    +
    <string>
    + +
    +

    The name of a processor generation. A bit in the environment variable's +mask is set to one if and only if the specified processor generation +implements the corresponding instruction set extension. Possible values +are z900, z990, z9, z10, z196, zEC12, z13, z14 +and z15.

    +
    +
    <string>:<mask>:<mask>
    + +
    +

    The name of an instruction followed by two 64-bit masks. The part of the +environment variable's mask corresponding to the specified instruction is +set to the specified 128-bit mask. Possible values are kimd, klmd, +km, kmc, kmac, kmctr, kmo, kmf, prno, kma, pcc +and kdsa.

    +
    +
    stfle:<mask>:<mask>:<mask>
    + +
    +

    Store-facility-list-extended (stfle) followed by three 64-bit masks. The +part of the environment variable's mask corresponding to the stfle +instruction is set to the specified 192-bit mask.

    +
    +
    +

    The 64-bit masks are specified in hexadecimal notation. The 0x prefix is +optional. Prefix a mask with a tilde, ~, to denote a bitwise NOT operation.

    +

    The following is a list of significant bits for each instruction. Colon +rows separate the individual 64-bit masks. The bit numbers in the first +column are consistent with [1], that is, 0 denotes the leftmost bit and +the numbering is continuous across 64-bit mask boundaries.

    +
    +      Bit     Mask     Facility/Function
    +
    + stfle:
+      # 17    1<<46    message-security assist
+      # 25    1<<38    store-clock-fast facility
+      :
+      # 76    1<<51    message-security assist extension 3
+      # 77    1<<50    message-security assist extension 4
+      :
+      #129    1<<62    vector facility
+      #134    1<<57    vector packed decimal facility
+      #135    1<<56    vector enhancements facility 1
+      #146    1<<45    message-security assist extension 8
+      #155    1<<36    message-security assist extension 9
    +
    + kimd :
+      #  1    1<<62    KIMD-SHA-1
+      #  2    1<<61    KIMD-SHA-256
+      #  3    1<<60    KIMD-SHA-512
+      # 32    1<<31    KIMD-SHA3-224
+      # 33    1<<30    KIMD-SHA3-256
+      # 34    1<<29    KIMD-SHA3-384
+      # 35    1<<28    KIMD-SHA3-512
+      # 36    1<<27    KIMD-SHAKE-128
+      # 37    1<<26    KIMD-SHAKE-256
+      :
+      # 65    1<<62    KIMD-GHASH
    +
    + klmd :
+      # 32    1<<31    KLMD-SHA3-224
+      # 33    1<<30    KLMD-SHA3-256
+      # 34    1<<29    KLMD-SHA3-384
+      # 35    1<<28    KLMD-SHA3-512
+      # 36    1<<27    KLMD-SHAKE-128
+      # 37    1<<26    KLMD-SHAKE-256
+      :
    +
    + km   :
+      # 18    1<<45    KM-AES-128
+      # 19    1<<44    KM-AES-192
+      # 20    1<<43    KM-AES-256
+      # 50    1<<13    KM-XTS-AES-128
+      # 52    1<<11    KM-XTS-AES-256
+      :
    +
    + kmc  :
+      # 18    1<<45    KMC-AES-128
+      # 19    1<<44    KMC-AES-192
+      # 20    1<<43    KMC-AES-256
+      :
    +
    + kmac :
+      # 18    1<<45    KMAC-AES-128
+      # 19    1<<44    KMAC-AES-192
+      # 20    1<<43    KMAC-AES-256
+      :
    +
    + kmctr:
+      :
    +
    + kmo  :
+      # 18    1<<45    KMO-AES-128
+      # 19    1<<44    KMO-AES-192
+      # 20    1<<43    KMO-AES-256
+      :
    +
    + kmf  :
+      # 18    1<<45    KMF-AES-128
+      # 19    1<<44    KMF-AES-192
+      # 20    1<<43    KMF-AES-256
+      :
    +
    + prno :
+      :
    +
    + kma  :
+      # 18    1<<45    KMA-GCM-AES-128
+      # 19    1<<44    KMA-GCM-AES-192
+      # 20    1<<43    KMA-GCM-AES-256
+      :
    +
    + pcc  :
+      :
+      # 64    1<<63    PCC-Scalar-Multiply-P256
+      # 65    1<<62    PCC-Scalar-Multiply-P384
+      # 66    1<<61    PCC-Scalar-Multiply-P521
+      # 72    1<<55    PCC-Scalar-Multiply-Ed25519
+      # 73    1<<54    PCC-Scalar-Multiply-Ed448
+      # 80    1<<47    PCC-Scalar-Multiply-X25519
+      # 81    1<<46    PCC-Scalar-Multiply-X448
    +
    + kdsa :
+      #  1    1<<62    KDSA-ECDSA-Verify-P256
+      #  2    1<<61    KDSA-ECDSA-Verify-P384
+      #  3    1<<60    KDSA-ECDSA-Verify-P521
+      #  9    1<<54    KDSA-ECDSA-Sign-P256
+      # 10    1<<53    KDSA-ECDSA-Sign-P384
+      # 11    1<<52    KDSA-ECDSA-Sign-P521
+      # 32    1<<31    KDSA-EdDSA-Verify-Ed25519
+      # 36    1<<27    KDSA-EdDSA-Verify-Ed448
+      # 40    1<<23    KDSA-EdDSA-Sign-Ed25519
+      # 44    1<<19    KDSA-EdDSA-Sign-Ed448
+      :
    +

    +

    +
    +

    RETURN VALUES

    +

    Not available.

    +

    +

    +
    +

    EXAMPLES

    +

    Disables all instruction set extensions which the z196 processor does not implement:

    +
    + OPENSSL_s390xcap="z196"
    +

    Disables the vector facility:

    +
    + OPENSSL_s390xcap="stfle:~0:~0:~0x4000000000000000"
    +

    Disables the KM-XTS-AES and and the KIMD-SHAKE function codes:

    +
    + OPENSSL_s390xcap="km:~0x2800:~0;kimd:~0xc000000:~0"
    +

    +

    +
    +

    SEE ALSO

    +

    [1] z/Architecture Principles of Operation, SA22-7832-12

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/OPENSSL_secure_malloc.html b/linux_amd64/share/doc/openssl/html/man3/OPENSSL_secure_malloc.html new file mode 100755 index 0000000..26bbe55 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/OPENSSL_secure_malloc.html @@ -0,0 +1,165 @@ + + + + +OPENSSL_secure_malloc + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    CRYPTO_secure_malloc_init, CRYPTO_secure_malloc_initialized, +CRYPTO_secure_malloc_done, OPENSSL_secure_malloc, CRYPTO_secure_malloc, +OPENSSL_secure_zalloc, CRYPTO_secure_zalloc, OPENSSL_secure_free, +CRYPTO_secure_free, OPENSSL_secure_clear_free, +CRYPTO_secure_clear_free, OPENSSL_secure_actual_size, +CRYPTO_secure_allocated, +CRYPTO_secure_used - secure heap storage

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/crypto.h>
    +
    + int CRYPTO_secure_malloc_init(size_t size, size_t minsize);
    +
    + int CRYPTO_secure_malloc_initialized();
    +
    + int CRYPTO_secure_malloc_done();
    +
    + void *OPENSSL_secure_malloc(size_t num);
+ void *CRYPTO_secure_malloc(size_t num, const char *file, int line);
    +
    + void *OPENSSL_secure_zalloc(size_t num);
+ void *CRYPTO_secure_zalloc(size_t num, const char *file, int line);
    +
    + void OPENSSL_secure_free(void* ptr);
+ void CRYPTO_secure_free(void *ptr, const char *, int);
    +
    + void OPENSSL_secure_clear_free(void* ptr, size_t num);
+ void CRYPTO_secure_clear_free(void *ptr, size_t num, const char *, int);
    +
    + size_t OPENSSL_secure_actual_size(const void *ptr);
    +
    + int CRYPTO_secure_allocated(const void *ptr);
+ size_t CRYPTO_secure_used();
    +

    +

    +
    +

    DESCRIPTION

    +

    In order to help protect applications (particularly long-running servers) +from pointer overruns or underruns that could return arbitrary data from +the program's dynamic memory area, where keys and other sensitive +information might be stored, OpenSSL supports the concept of a "secure heap." +The level and type of security guarantees depend on the operating system. +It is a good idea to review the code and see if it addresses your +threat model and concerns.

    +

    If a secure heap is used, then private key BIGNUM values are stored there. +This protects long-term storage of private keys, but will not necessarily +put all intermediate values and computations there.

    +

    CRYPTO_secure_malloc_init() creates the secure heap, with the specified +size in bytes. The minsize parameter is the minimum size to +allocate from the heap or zero to use a reasonable default value. +Both size and, if specified, minsize must be a power of two and +minsize should generally be small, for example 16 or 32. +minsize must be less than a quarter of size in any case.

    +

    CRYPTO_secure_malloc_initialized() indicates whether or not the secure +heap as been initialized and is available.

    +

    CRYPTO_secure_malloc_done() releases the heap and makes the memory unavailable +to the process if all secure memory has been freed. +It can take noticeably long to complete.

    +

    OPENSSL_secure_malloc() allocates num bytes from the heap. +If CRYPTO_secure_malloc_init() is not called, this is equivalent to +calling OPENSSL_malloc(). +It is a macro that expands to +CRYPTO_secure_malloc() and adds the __FILE__ and __LINE__ parameters.

    +

    OPENSSL_secure_zalloc() and CRYPTO_secure_zalloc() are like +OPENSSL_secure_malloc() and CRYPTO_secure_malloc(), respectively, +except that they call memset() to zero the memory before returning.

    +

    OPENSSL_secure_free() releases the memory at ptr back to the heap. +It must be called with a value previously obtained from +OPENSSL_secure_malloc(). +If CRYPTO_secure_malloc_init() is not called, this is equivalent to +calling OPENSSL_free(). +It exists for consistency with OPENSSL_secure_malloc() , and +is a macro that expands to CRYPTO_secure_free() and adds the __FILE__ +and __LINE__ parameters..

    +

    OPENSSL_secure_clear_free() is similar to OPENSSL_secure_free() except +that it has an additional num parameter which is used to clear +the memory if it was not allocated from the secure heap. +If CRYPTO_secure_malloc_init() is not called, this is equivalent to +calling OPENSSL_clear_free().

    +

    OPENSSL_secure_actual_size() tells the actual size allocated to the +pointer; implementations may allocate more space than initially +requested, in order to "round up" and reduce secure heap fragmentation.

    +

    OPENSSL_secure_allocated() tells if a pointer is allocated in the secure heap.

    +

    CRYPTO_secure_used() returns the number of bytes allocated in the +secure heap.

    +

    +

    +
    +

    RETURN VALUES

    +

    CRYPTO_secure_malloc_init() returns 0 on failure, 1 if successful, +and 2 if successful but the heap could not be protected by memory +mapping.

    +

    CRYPTO_secure_malloc_initialized() returns 1 if the secure heap is +available (that is, if CRYPTO_secure_malloc_init() has been called, +but CRYPTO_secure_malloc_done() has not been called or failed) or 0 if not.

    +

    OPENSSL_secure_malloc() and OPENSSL_secure_zalloc() return a pointer into +the secure heap of the requested size, or NULL if memory could not be +allocated.

    +

    CRYPTO_secure_allocated() returns 1 if the pointer is in the secure heap, or 0 if not.

    +

    CRYPTO_secure_malloc_done() returns 1 if the secure memory area is released, or 0 if not.

    +

    OPENSSL_secure_free() and OPENSSL_secure_clear_free() return no values.

    +

    +

    +
    +

    SEE ALSO

    +

    OPENSSL_malloc(3), +BN_new(3)

    +

    +

    +
    +

    HISTORY

    +

    The OPENSSL_secure_clear_free() function was added in OpenSSL 1.1.0g.

    +

    The second argument to CRYPTO_secure_malloc_init() was changed from an int to +a size_t in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/OSSL_CMP_CTX_new.html b/linux_amd64/share/doc/openssl/html/man3/OSSL_CMP_CTX_new.html new file mode 100755 index 0000000..aeb36cc --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/OSSL_CMP_CTX_new.html @@ -0,0 +1,664 @@ + + + + +OSSL_CMP_CTX_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OSSL_CMP_CTX_new, +OSSL_CMP_CTX_free, +OSSL_CMP_CTX_reinit, +OSSL_CMP_CTX_set_option, +OSSL_CMP_CTX_get_option, +OSSL_CMP_CTX_set_log_cb, +OSSL_CMP_CTX_set_log_verbosity, +OSSL_CMP_CTX_print_errors, +OSSL_CMP_CTX_set1_serverPath, +OSSL_CMP_CTX_set1_serverName, +OSSL_CMP_CTX_set_serverPort, +OSSL_CMP_CTX_set1_proxyName, +OSSL_CMP_CTX_set_proxyPort, +OSSL_CMP_DEFAULT_PORT, +OSSL_CMP_CTX_set_http_cb, +OSSL_CMP_CTX_set_http_cb_arg, +OSSL_CMP_CTX_get_http_cb_arg, +OSSL_cmp_transfer_cb_t, +OSSL_CMP_CTX_set_transfer_cb, +OSSL_CMP_CTX_set_transfer_cb_arg, +OSSL_CMP_CTX_get_transfer_cb_arg, +OSSL_CMP_CTX_set1_srvCert, +OSSL_CMP_CTX_set1_expected_sender, +OSSL_CMP_CTX_set0_trustedStore, +OSSL_CMP_CTX_get0_trustedStore, +OSSL_CMP_CTX_set1_untrusted_certs, +OSSL_CMP_CTX_get0_untrusted_certs, +OSSL_CMP_CTX_set1_clCert, +OSSL_CMP_CTX_set1_pkey, +OSSL_CMP_CTX_set1_referenceValue, +OSSL_CMP_CTX_set1_secretValue, +OSSL_CMP_CTX_set1_recipient, +OSSL_CMP_CTX_push0_geninfo_ITAV, +OSSL_CMP_CTX_set1_extraCertsOut, +OSSL_CMP_CTX_set0_newPkey, +OSSL_CMP_CTX_get0_newPkey, +OSSL_CMP_CTX_set1_issuer, +OSSL_CMP_CTX_set1_subjectName, +OSSL_CMP_CTX_push1_subjectAltName, +OSSL_CMP_CTX_set0_reqExtensions, +OSSL_CMP_CTX_reqExtensions_have_SAN, +OSSL_CMP_CTX_push0_policy, +OSSL_CMP_CTX_set1_oldCert, +OSSL_CMP_CTX_set1_p10CSR, +OSSL_CMP_CTX_push0_genm_ITAV, +OSSL_cmp_certConf_cb_t, +OSSL_CMP_CTX_set_certConf_cb, +OSSL_CMP_CTX_set_certConf_cb_arg, +OSSL_CMP_CTX_get_certConf_cb_arg, +OSSL_CMP_CTX_get_status, +OSSL_CMP_CTX_get0_statusString, +OSSL_CMP_CTX_get_failInfoCode, +OSSL_CMP_CTX_get0_newCert, +OSSL_CMP_CTX_get1_caPubs, +OSSL_CMP_CTX_get1_extraCertsIn, +OSSL_CMP_CTX_set1_transactionID, +OSSL_CMP_CTX_set1_senderNonce +- functions for managing the CMP client context data structure

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/cmp.h>
    +
    + OSSL_CMP_CTX *OSSL_CMP_CTX_new(void);
+ void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx);
+ int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx);
+ int OSSL_CMP_CTX_set_option(OSSL_CMP_CTX *ctx, int opt, int val);
+ int OSSL_CMP_CTX_get_option(const OSSL_CMP_CTX *ctx, int opt);
    +
    + /* logging and error reporting: */
+ int OSSL_CMP_CTX_set_log_cb(OSSL_CMP_CTX *ctx, OSSL_cmp_log_cb_t cb);
+ #define OSSL_CMP_CTX_set_log_verbosity(ctx, level)
+ void OSSL_CMP_CTX_print_errors(OSSL_CMP_CTX *ctx);
    +
    + /* message transfer: */
+ int OSSL_CMP_CTX_set1_serverPath(OSSL_CMP_CTX *ctx, const char *path);
+ int OSSL_CMP_CTX_set1_serverName(OSSL_CMP_CTX *ctx, const char *name);
+ int OSSL_CMP_CTX_set_serverPort(OSSL_CMP_CTX *ctx, int port);
+ int OSSL_CMP_CTX_set1_proxyName(OSSL_CMP_CTX *ctx, const char *name);
+ int OSSL_CMP_CTX_set_proxyPort(OSSL_CMP_CTX *ctx, int port);
+ #define OSSL_CMP_DEFAULT_PORT 80
+ int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, HTTP_bio_cb_t cb);
+ int OSSL_CMP_CTX_set_http_cb_arg(OSSL_CMP_CTX *ctx, void *arg);
+ void *OSSL_CMP_CTX_get_http_cb_arg(const OSSL_CMP_CTX *ctx);
+ typedef OSSL_CMP_MSG *(*OSSL_cmp_transfer_cb_t)(OSSL_CMP_CTX *ctx,
+                                                 const OSSL_CMP_MSG *req);
+ int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX *ctx,
+                                  OSSL_cmp_transfer_cb_t cb);
+ int OSSL_CMP_CTX_set_transfer_cb_arg(OSSL_CMP_CTX *ctx, void *arg);
+ void *OSSL_CMP_CTX_get_transfer_cb_arg(const OSSL_CMP_CTX *ctx);
    +
    + /* server authentication: */
+ int OSSL_CMP_CTX_set1_srvCert(OSSL_CMP_CTX *ctx, X509 *cert);
+ int OSSL_CMP_CTX_set1_expected_sender(OSSL_CMP_CTX *ctx,
+                                      const X509_NAME *name);
+ int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX *ctx, X509_STORE *store);
+ X509_STORE *OSSL_CMP_CTX_get0_trustedStore(const OSSL_CMP_CTX *ctx);
+ int OSSL_CMP_CTX_set1_untrusted_certs(OSSL_CMP_CTX *ctx,
+                                       STACK_OF(X509) *certs);
+ STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted_certs(const OSSL_CMP_CTX *ctx);
    +
    + /* client authentication: */
+ int OSSL_CMP_CTX_set1_clCert(OSSL_CMP_CTX *ctx, X509 *cert);
+ int OSSL_CMP_CTX_set1_pkey(OSSL_CMP_CTX *ctx, EVP_PKEY *pkey);
+ int OSSL_CMP_CTX_set1_referenceValue(OSSL_CMP_CTX *ctx,
+                                      const unsigned char *ref, int len);
+ int OSSL_CMP_CTX_set1_secretValue(OSSL_CMP_CTX *ctx, const unsigned char *sec,
+                                   const int len);
    +
    + /* CMP message header and extra certificates: */
+ int OSSL_CMP_CTX_set1_recipient(OSSL_CMP_CTX *ctx, const X509_NAME *name);
+ int OSSL_CMP_CTX_push0_geninfo_ITAV(OSSL_CMP_CTX *ctx, OSSL_CMP_ITAV *itav);
+ int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx,
+                                     STACK_OF(X509) *extraCertsOut);
    +
    + /* certificate template: */
+ int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey);
+ EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv);
+ int OSSL_CMP_CTX_set1_issuer(OSSL_CMP_CTX *ctx, const X509_NAME *name);
+ int OSSL_CMP_CTX_set1_subjectName(OSSL_CMP_CTX *ctx, const X509_NAME *name);
+ int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx,
+                                       const GENERAL_NAME *name);
+ int OSSL_CMP_CTX_set0_reqExtensions(OSSL_CMP_CTX *ctx, X509_EXTENSIONS *exts);
+ int OSSL_CMP_CTX_reqExtensions_have_SAN(OSSL_CMP_CTX *ctx);
+ int OSSL_CMP_CTX_push0_policy(OSSL_CMP_CTX *ctx, POLICYINFO *pinfo);
+ int OSSL_CMP_CTX_set1_oldCert(OSSL_CMP_CTX *ctx, X509 *cert);
+ int OSSL_CMP_CTX_set1_p10CSR(OSSL_CMP_CTX *ctx, const X509_REQ *csr);
    +
    + /* misc body contents: */
+ int OSSL_CMP_CTX_push0_genm_ITAV(OSSL_CMP_CTX *ctx, OSSL_CMP_ITAV *itav);
    +
    + /* certificate confirmation: */
+ typedef int (*OSSL_cmp_certConf_cb_t)(OSSL_CMP_CTX *ctx, X509 *cert,
+                                       int fail_info, const char **txt);
+ int OSSL_CMP_CTX_set_certConf_cb(OSSL_CMP_CTX *ctx, OSSL_cmp_certConf_cb_t cb);
+ int OSSL_CMP_CTX_set_certConf_cb_arg(OSSL_CMP_CTX *ctx, void *arg);
+ void *OSSL_CMP_CTX_get_certConf_cb_arg(const OSSL_CMP_CTX *ctx);
    +
    + /* result fetching: */
+ int OSSL_CMP_CTX_get_status(const OSSL_CMP_CTX *ctx);
+ OSSL_CMP_PKIFREETEXT *OSSL_CMP_CTX_get0_statusString(const OSSL_CMP_CTX *ctx);
+ int OSSL_CMP_CTX_get_failInfoCode(const OSSL_CMP_CTX *ctx);
    +
    + X509 *OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX *ctx);
+ STACK_OF(X509) *OSSL_CMP_CTX_get1_caPubs(const OSSL_CMP_CTX *ctx);
+ STACK_OF(X509) *OSSL_CMP_CTX_get1_extraCertsIn(const OSSL_CMP_CTX *ctx);
    +
    + /* for test purposes only: */
+ int OSSL_CMP_CTX_set1_transactionID(OSSL_CMP_CTX *ctx,
+                                     const ASN1_OCTET_STRING *id);
+ int OSSL_CMP_CTX_set1_senderNonce(OSSL_CMP_CTX *ctx,
+                                   const ASN1_OCTET_STRING *nonce);
    +

    +

    +
    +

    DESCRIPTION

    +

    This is the context API for using CMP (Certificate Management Protocol) with +OpenSSL.

    +

    OSSL_CMP_CTX_new() allocates and initializes an OSSL_CMP_CTX structure to +default values, e.g., proof-of-possession method is set to POPOSigningKey.

    +

    OSSL_CMP_CTX_free() deallocates an OSSL_CMP_CTX structure.

    +

    OSSL_CMP_CTX_reinit() prepares the given ctx for a further transaction by +clearing the internal CMP transaction (aka session) status, PKIStatusInfo, +and any previous results (newCert, caPubs, and extraCertsIn) +from the last executed transaction. +All other field values (i.e., CMP options) are retained for potential re-use.

    +

    OSSL_CMP_CTX_set_option() sets the given value for the given option +(e.g., OSSL_CMP_OPT_IMPLICITCONFIRM) in the given OSSL_CMP_CTX structure.

    +

    The following options can be set:

    +
    +
    OSSL_CMP_OPT_LOG_VERBOSITY
    + +
    +
    +        The level of severity needed for actually outputting log messages
+        due to errors, warnings, general info, debugging, etc.
+        Default is OSSL_CMP_LOG_INFO. See also L<OSSL_CMP_log_open(3)>.
    +
    +
    OSSL_CMP_OPT_MSGTIMEOUT
    + +
    +
    +        Number of seconds (or 0 for infinite) a CMP message round trip is
+        allowed to take before a timeout error is returned. Default is 120.
    +
    +
    OSSL_CMP_OPT_TOTALTIMEOUT
    + +
    +
    +        Maximum total number of seconds an enrollment (including polling)
+        may take. Default is 0 (infinite).
    +
    +
    OSSL_CMP_OPT_VALIDITYDAYS
    + +
    +
    +        Number of days new certificates are asked to be valid for.
    +
    +
    OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT
    + +
    +
    +        Do not take default Subject Alternative Names
+        from the reference certificate.
    +
    +
    OSSL_CMP_OPT_SUBJECTALTNAME_CRITICAL
    + +
    +
    +        Demand that the given Subject Alternative Names are flagged as critical.
    +
    +
    OSSL_CMP_OPT_POLICIES_CRITICAL
    + +
    +
    +        Demand that the given policies are flagged as critical.
    +
    +
    OSSL_CMP_OPT_POPOMETHOD
    + +
    +
    +        Select the proof of possession method to use. Possible values are:
    +
    +            OSSL_CRMF_POPO_NONE       - ProofOfPossession field omitted
+            OSSL_CRMF_POPO_RAVERIFIED - assert that the RA has already
+                                        verified the PoPo
+            OSSL_CRMF_POPO_SIGNATURE  - sign a value with private key,
+                                        which is the default.
+            OSSL_CRMF_POPO_KEYENC     - decrypt the encrypted certificate
+                                        ("indirect method")
    +
    +        Note that a signature-based POPO can only be produced if a private key
+        is provided as the newPkey or client pkey component of the CMP context.
    +
    +
    OSSL_CMP_OPT_DIGEST_ALGNID
    + +
    +
    +        The digest algorithm NID to be used in RFC 4210's MSG_SIG_ALG,
+        if applicable used for message protection and Proof-of-Possession.
+        Default is SHA256.
    +
    +    OSSL_CMP_OPT_OWF_ALGNID
+        The digest algorithm NID to be used as one-way function (OWF)
+        in RFC 4210's MSG_MAC_ALG, if applicable used for message protection.
+        Default is SHA256.
    +
    +    OSSL_CMP_OPT_MAC_ALGNID
+        The MAC algorithm NID to be used in RFC 4210's MSG_MAC_ALG,
+        if applicable used for message protection. 
+        Default is HMAC-SHA1 as per RFC 4210.
    +
    +
    OSSL_CMP_OPT_REVOCATION_REASON
    + +
    +
    +        The reason code to be included in a Revocation Request (RR);
+        values: 0..10 (RFC 5210, 5.3.1) or -1 for none, which is the default.
    +
    +
    OSSL_CMP_OPT_IMPLICITCONFIRM
    + +
    +
    +        Request server to enable implicit confirm mode, where the client
+        does not need to send confirmation upon receiving the
+        certificate. If the server does not enable implicit confirmation
+        in the return message, then confirmation is sent anyway.
    +
    +
    OSSL_CMP_OPT_DISABLECONFIRM
    + +
    +
    +        Do not confirm enrolled certificates, to cope with broken servers
+        not supporting implicit confirmation correctly.
+B<WARNING:> This setting leads to unspecified behavior and it is meant
+exclusively to allow interoperability with server implementations violating
+RFC 4210.
    +
    +
    OSSL_CMP_OPT_UNPROTECTED_SEND
    + +
    +
    +        Send messages without CMP-level protection.
    +
    +
    OSSL_CMP_OPT_UNPROTECTED_ERRORS
    + +
    +
    +        Accept unprotected error responses which are either explicitly
+        unprotected or where protection verification failed. Applies to regular
+        error messages as well as certificate responses (IP/CP/KUP) and
+        revocation responses (RP) with rejection.
+B<WARNING:> This setting leads to unspecified behavior and it is meant
+exclusively to allow interoperability with server implementations violating
+RFC 4210.
    +
    +
    OSSL_CMP_OPT_IGNORE_KEYUSAGE
    + +
    +
    +        Ignore key usage restrictions in signer certificate when
+        validating signature-based protection in received CMP messages.
+        Else, 'digitalSignature' must be allowed by CMP signer certificates.
    +
    +
    OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR
    + +
    +
    +        Allow retrieving a trust anchor from extraCerts and using that
+        to validate the certificate chain of an IP message.
    +
    +
    +

    OSSL_CMP_CTX_get_option() reads the current value of the given option +(e.g., OSSL_CMP_OPT_IMPLICITCONFIRM) from the given OSSL_CMP_CTX structure.

    +

    OSSL_CMP_CTX_set_log_cb() sets in ctx the callback function cb +for handling error queue entries and logging messages. +When cb is NULL errors are printed to STDERR (if available, else ignored) +any log messages are ignored. +Alternatively, OSSL_CMP_log_open(3) may be used to direct logging to STDOUT.

    +

    OSSL_CMP_CTX_set_log_verbosity() is a macro setting the +OSSL_CMP_OPT_LOG_VERBOSITY context option to the given level.

    +

    OSSL_CMP_CTX_print_errors() outputs any entries in the OpenSSL error queue. +It is similar to ERR_print_errors_cb() but uses the CMP log callback function +if set in the ctx for uniformity with CMP logging if given. Otherwise it uses +ERR_print_errors(3) to print to STDERR (unless OPENSSL_NO_STDIO is defined).

    +

    OSSL_CMP_CTX_set1_serverPath() sets the HTTP path of the CMP server on the host.

    +

    OSSL_CMP_CTX_set1_serverName() sets the given server Address (as IP or name) +in the given OSSL_CMP_CTX structure.

    +

    OSSL_CMP_CTX_set_serverPort() sets the port of the CMP server to connect to. +Port defaults to OSSL_CMP_DEFAULT_PORT = 80 if not set explicitly.

    +

    OSSL_CMP_CTX_set1_proxyName() sets the hostname of the HTTP proxy to be used +for connecting to the CA server.

    +

    OSSL_CMP_CTX_set_proxyPort() sets the port of the HTTP proxy. +Port defaults to OSSL_CMP_DEFAULT_PORT = 80 if not set explicitly.

    +

    OSSL_CMP_CTX_set_http_cb() sets the optional BIO connect/disconnect callback +function, which has the prototype

    +
    + typedef BIO *(*HTTP_bio_cb_t) (BIO *bio, void *ctx, int connect, int detail);
    +

    The callback may modify the BIO bio provided by OSSL_CMP_MSG_http_perform(), +whereby it may make use of a custom defined argument ctx +stored in the OSSL_CMP_CTX by means of OSSL_CMP_CTX_set_http_cb_arg(). +During connection establishment, just after calling BIO_connect_retry(), +the function is invoked with the connect argument being 1 and the detail +argument being 1 if HTTPS is requested, i.e., SSL/TLS should be enabled. On +disconnect connect is 0 and detail is 1 in case no error occurred, else 0. +For instance, on connect the function may prepend a TLS BIO to implement HTTPS; +after disconnect it may do some diagnostic output and/or specific cleanup. +The function should return NULL to indicate failure. +After disconnect the modified BIO will be deallocated using BIO_free_all().

    +

    OSSL_CMP_CTX_set_http_cb_arg() sets an argument, respectively a pointer to +a structure containing arguments, +optionally to be used by the http connect/disconnect callback function. +arg is not consumed, and it must therefore explicitly be freed when not +needed any more. arg may be NULL to clear the entry.

    +

    OSSL_CMP_CTX_get_http_cb_arg() gets the argument, respectively the pointer to a +structure containing arguments, previously set by +OSSL_CMP_CTX_set_http_cb_arg() or NULL if unset.

    +

    OSSL_CMP_CTX_set_transfer_cb() sets the message transfer callback function, +which has the type

    +
    + typedef OSSL_CMP_MSG *(*OSSL_cmp_transfer_cb_t) (OSSL_CMP_CTX *ctx,
+                                                  const OSSL_CMP_MSG *req);
    +

    Returns 1 on success, 0 on error.

    +

    Default is NULL, which implies the use of OSSL_CMP_MSG_http_perform(3). +The callback should send the CMP request message it obtains via the req +parameter and on success return the response. +The transfer callback may make use of a custom defined argument stored in +the ctx by means of OSSL_CMP_CTX_set_transfer_cb_arg(), which may be retrieved +again through OSSL_CMP_CTX_get_transfer_cb_arg().

    +

    OSSL_CMP_CTX_set_transfer_cb_arg() sets an argument, respectively a pointer to a +structure containing arguments, optionally to be used by the transfer callback. +arg is not consumed, and it must therefore explicitly be freed when not +needed any more. arg may be NULL to clear the entry.

    +

    OSSL_CMP_CTX_get_transfer_cb_arg() gets the argument, respectively the pointer +to a structure containing arguments, previously set by +OSSL_CMP_CTX_set_transfer_cb_arg() or NULL if unset.

    +

    OSSL_CMP_CTX_set1_srvCert() pins the server certificate to be directly trusted +(even if it is expired) for verifying response messages. +The cert pointer is not consumed. It may be NULL to clear the entry.

    +

    OSSL_CMP_CTX_set1_expected_sender() sets the Distinguished Name (DN) expected to +be given in the sender response for messages protected with MSG_SIG_ALG. This +may be used to enforce that during validation of received messages the given DN +matches the sender field of the PKIMessage header, which in turn is used to +identify the server certificate. +This can be used to ensure that only a particular entity is accepted to act as +CMP server, and attackers are not able to use arbitrary certificates of a +trusted PKI hierarchy to fraudulently pose as server. +This defaults to the subject DN of the certificate set via +OSSL_CMP_CTX_set1_srvCert(), if any.

    +

    OSSL_CMP_CTX_set0_trustedStore() sets the X509_STORE type certificate store +containing trusted (root) CA certificates. The certificate store may also hold +CRLs and a certificate verification callback function used for CMP server +authentication. Any already existing store entry is freed. When given a NULL +parameter the entry is cleared.

    +

    OSSL_CMP_CTX_get0_trustedStore() returns a pointer to the certificate store +containing trusted root CA certificates, which may be empty if unset.

    +

    OSSL_CMP_CTX_set1_untrusted_certs() takes over a list of certificates containing +non-trusted intermediate certs used for path construction in authentication +of the CMP server and potentially others (TLS server, newly enrolled cert). +The reference counts of those certificates handled successfully are increased.

    +

    OSSL_CMP_CTX_get0_untrusted_certs(OSSL_CMP_CTX *ctx) returns a pointer to the +list of untrusted certs, which my be empty if unset.

    +

    OSSL_CMP_CTX_set1_clCert() sets the client certificate in the given +OSSL_CMP_CTX structure. The client certificate will then be used by the +functions to set the "sender" field for outgoing messages and it will be +included in the extraCerts field.

    +

    OSSL_CMP_CTX_set1_pkey() sets the private key corresponding to the client +certificate set with OSSL_CMP_CTX_set1_clCert() in the given CMP context. +Used to create the protection in case of MSG_SIG_ALG.

    +

    OSSL_CMP_CTX_set1_referenceValue() sets the given referenceValue in the given +ctx or clears it if the ref argument is NULL.

    +

    OSSL_CMP_CTX_set1_secretValue() sets the sec with the length len in the +given ctx or clears it if the sec argument is NULL.

    +

    OSSL_CMP_CTX_set1_recipient() sets the recipient name that will be used in the +PKIHeader of a request message, i.e. the X509 name of the (CA) server. +Setting is overruled by subject of srvCert if set. +If neither srvCert nor recipient are set, the recipient of the PKI message is +determined in the following order: issuer, issuer of old cert (oldCert), +issuer of client cert (clCert), else NULL-DN. +When a response is received, its sender must match the recipient of the request.

    +

    OSSL_CMP_CTX_push0_geninfo_ITAV() adds itav to the stack in the ctx to be +added to the GeneralInfo field of the CMP PKIMessage header of a request +message sent with this context. Consumes the pointer to itav.

    +

    OSSL_CMP_CTX_set1_extraCertsOut() sets the stack of extraCerts that will be +sent to remote.

    +

    OSSL_CMP_CTX_set0_newPkey() can be used to explicitly set the given EVP_PKEY +structure as the private or public key to be certified in the CMP context. +The priv parameter must be 0 if and only if the given key is a public key.

    +

    OSSL_CMP_CTX_get0_newPkey() gives the key to use for certificate enrollment +dependent on fields of the CMP context structure: +the newPkey (which may be a private or public key) if present, +else the public key in the p10CSR if present, else the client private key. +If the priv parameter is not 0 and the selected key does not have a +private component then NULL is returned.

    +

    OSSL_CMP_CTX_set1_issuer() sets the name of the intended issuer that +will be set in the CertTemplate, i.e., the X509 name of the CA server.

    +

    OSSL_CMP_CTX_set1_subjectName() sets the subject DN that will be used in +the CertTemplate structure when requesting a new cert. For Key Update Requests +(KUR), it defaults to the subject DN of the reference certificate, +see OSSL_CMP_CTX_set1_oldCert(). This default is used for Initialization +Requests (IR) and Certification Requests (CR) only if no SANs are set.

    +

    If clCert is not set (e.g. in case of IR with MSG_MAC_ALG), the subject DN +is also used as sender of the PKI message.

    +

    OSSL_CMP_CTX_push1_subjectAltName() adds the given X509 name to the list of +alternate names on the certificate template request. This cannot be used if +any Subject Alternative Name extension is set via +OSSL_CMP_CTX_set0_reqExtensions(). +By default, unless OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT has been set, +the Subject Alternative Names are copied from the reference certificate, +see OSSL_CMP_CTX_set1_oldCert().

    +

    If set and the subject DN is not set with OSSL_CMP_CTX_set1_subjectName(), then +the certificate template of an IR and CR will not be filled with the default +subject DN from the reference certificate (see OSSL_CMP_CTX_set1_oldCert(). +If a subject DN is desired it needs to be set explicitly with +OSSL_CMP_CTX_set1_subjectName().

    +

    OSSL_CMP_CTX_set0_reqExtensions() sets the X.509v3 extensions to be used in +IR/CR/KUR.

    +

    OSSL_CMP_CTX_reqExtensions_have_SAN() returns 1 if the context contains +a Subject Alternative Name extension, else 0 or -1 on error.

    +

    OSSL_CMP_CTX_push0_policy() adds the certificate policy info object +to the X509_EXTENSIONS of the requested certificate template.

    +

    OSSL_CMP_CTX_set1_oldCert() sets the old certificate to be updated in +Key Update Requests (KUR) or to be revoked in Revocation Requests (RR). +It must be given for RR, else it defaults to clCert. +The reference certificate determined in this way, if any, is also used for +deriving default subject DN and Subject Alternative Names for IR, CR, and KUR. +Its issuer, if any, is used as default recipient in the CMP message header.

    +

    OSSL_CMP_CTX_set1_p10CSR() sets the PKCS#10 CSR to be used in P10CR.

    +

    OSSL_CMP_CTX_push0_genm_ITAV() adds itav to the stack in the ctx which +will be the body of a General Message sent with this context. +Consumes the pointer to itav.

    +

    OSSL_CMP_CTX_set_certConf_cb() sets the callback used for evaluating the newly +enrolled certificate before the library sends, depending on its result, +a positive or negative certConf message to the server. The callback has type

    +
    + typedef int (*OSSL_cmp_certConf_cb_t) (OSSL_CMP_CTX *ctx, X509 *cert,
+                                        int fail_info, const char **txt);
    +

    and should inspect the certificate it obtains via the cert parameter and may +overrule the pre-decision given in the fail_info and *txt parameters. +If it accepts the certificate it must return 0, indicating success. Else it must +return a bit field reflecting PKIFailureInfo with at least one failure bit and +may set the *txt output parameter to point to a string constant with more +detail. The transfer callback may make use of a custom defined argument stored +in the ctx by means of OSSL_CMP_CTX_set_certConf_cb_arg(), which may be +retrieved again through OSSL_CMP_CTX_get_certConf_cb_arg(). +Typically, the callback will check at least that the certificate can be verified +using a set of trusted certificates. +It also could compare the subject DN and other fields of the newly +enrolled certificate with the certificate template of the request.

    +

    OSSL_CMP_CTX_set_certConf_cb_arg() sets an argument, respectively a pointer to a +structure containing arguments, optionally to be used by the certConf callback. +arg is not consumed, and it must therefore explicitly be freed when not +needed any more. arg may be NULL to clear the entry.

    +

    OSSL_CMP_CTX_get_certConf_cb_arg() gets the argument, respectively the pointer +to a structure containing arguments, previously set by +OSSL_CMP_CTX_set_certConf_cb_arg(), or NULL if unset.

    +

    OSSL_CMP_CTX_get_status() returns the PKIstatus from the last received +CertRepMessage or Revocation Response or error message, or -1 if unset.

    +

    OSSL_CMP_CTX_get0_statusString() returns the statusString from the last received +CertRepMessage or Revocation Response or error message, or NULL if unset.

    +

    OSSL_CMP_CTX_get_failInfoCode() returns the error code from the failInfo field +of the last received CertRepMessage or Revocation Response or error message. +This is a bit field and the flags for it are specified in the header file +<openssl/cmp.h >>. +The flags start with OSSL_CMP_CTX_FAILINFO, for example: +OSSL_CMP_CTX_FAILINFO_badAlg. Returns -1 if the failInfoCode field is unset.

    +

    OSSL_CMP_CTX_get0_newCert() returns the pointer to the newly obtained +certificate in case it is available, else NULL.

    +

    OSSL_CMP_CTX_get1_caPubs() returns a pointer to a duplicate of the stack of +X.509 certificates received in the caPubs field of last received certificate +response message IP/CP/KUP.

    +

    OSSL_CMP_CTX_get1_extraCertsIn() returns a pointer to a duplicate of the stack +of X.509 certificates received in the last received non-empty extraCerts field. +Returns an empty stack if no extraCerts have been received in the current +transaction.

    +

    OSSL_CMP_CTX_set1_transactionID() sets the given transaction ID in the given +OSSL_CMP_CTX structure.

    +

    OSSL_CMP_CTX_set1_senderNonce() stores the last sent sender nonce in +the ctx. This will be used to validate the recipNonce in incoming messages.

    +

    +

    +
    +

    NOTES

    +

    CMP is defined in RFC 4210 (and CRMF in RFC 4211).

    +

    +

    +
    +

    RETURN VALUES

    +

    OSSL_CMP_CTX_free() and OSSL_CMP_CTX_print_errors() do not return anything.

    +

    OSSL_CMP_CTX_new(), +OSSL_CMP_CTX_get_http_cb_arg(), +OSSL_CMP_CTX_get_transfer_cb_arg(), +OSSL_CMP_CTX_get0_trustedStore(), +OSSL_CMP_CTX_get0_untrusted_certs(), +OSSL_CMP_CTX_get0_newPkey(), +OSSL_CMP_CTX_get_certConf_cb_arg(), +OSSL_CMP_CTX_get0_statusString(), +OSSL_CMP_CTX_get0_newCert(), +OSSL_CMP_CTX_get1_caPubs(), and +OSSL_CMP_CTX_get1_extraCertsIn() +return the intended pointer value as described above or NULL on error.

    +

    OSSL_CMP_CTX_get_option(), +OSSL_CMP_CTX_reqExtensions_have_SAN(), +OSSL_CMP_CTX_get_status(), and +OSSL_CMP_CTX_get_failInfoCode() +return the intended value as described above or -1 on error.

    +

    All other functions return 1 on success, 0 on error.

    +

    +

    +
    +

    EXAMPLES

    +

    The following code does an Initialization Request:

    +
    +        cmp_ctx = OSSL_CMP_CTX_new();
+        OSSL_CMP_CTX_set1_serverName(cmp_ctx, opt_serverName);
+        OSSL_CMP_CTX_set1_referenceValue(cmp_ctx, ref, ref_len);
+        OSSL_CMP_CTX_set1_secretValue(cmp_ctx, sec, sec_len);
+        OSSL_CMP_CTX_set0_newPkey(cmp_ctx, new_pkey, 1);
+        OSSL_CMP_CTX_set1_caCert(cmp_ctx, ca_cert);
    +
    +        initialClCert = OSSL_CMP_exec_IR_ses(cmp_ctx);
    +

    The following code does an Initialization Request using an +external identity certificate (RFC 4210, Appendix E.7):

    +
    +        cmp_ctx = OSSL_CMP_CTX_new();
+        OSSL_CMP_CTX_set1_serverName(cmp_ctx, sname);
+        OSSL_CMP_CTX_set1_clCert(cmp_ctx, cl_cert);
+        OSSL_CMP_CTX_set1_pkey(cmp_ctx, pkey);
+        OSSL_CMP_CTX_set0_newPkey(cmp_ctx, new_pkey, 1);
+        OSSL_CMP_CTX_set1_caCert(cmp_ctx, ca_cert);
    +
    +        initialClCert = OSSL_CMP_exec_IR_ses(cmp_ctx);
    +

    Here externalCert is an X509 certificate granted to the EE by another CA +which is trusted by the current CA the code will connect to.

    +

    The following code does a Key Update Request:

    +
    +        cmp_ctx = OSSL_CMP_CTX_new();
+        OSSL_CMP_CTX_set1_serverName(cmp_ctx, sname);
+        OSSL_CMP_CTX_set1_pkey(cmp_ctx, pkey);
+        OSSL_CMP_CTX_set0_newPkey(cmp_ctx, new_pkey, 1);
+        OSSL_CMP_CTX_set1_clCert(cmp_ctx, cl_cert);
+        OSSL_CMP_CTX_set1_caCert(cmp_ctx, ca_cert);
    +
    +        updatedClCert = OSSL_CMP_exec_KUR_ses(cmp_ctx);
    +

    The following code (which omits error handling) sends a General Message +including, as an example, the id-it-signKeyPairTypes OID and prints info on +the General Response contents.

    +
    +    cmp_ctx = OSSL_CMP_CTX_new();
+    OSSL_CMP_CTX_set1_serverName(cmp_ctx, sname);
+    OSSL_CMP_CTX_set1_referenceValue(cmp_ctx, ref, ref_len);
+    OSSL_CMP_CTX_set1_secretValue(cmp_ctx, sec, sec_len);
    +
    +    ASN1_OBJECT *type = OBJ_txt2obj("1.3.6.1.5.5.7.4.2", 1);
+    OSSL_CMP_ITAV *itav = OSSL_CMP_ITAV_new(type, NULL);
+    OSSL_CMP_CTX_push0_genm_ITAV(cmp_ctx, itav);
    +
    +    STACK_OF(OSSL_CMP_ITAV) *itavs;
+    itavs = OSSL_CMP_exec_GENM_ses(cmp_ctx);
+    print_itavs(itavs);
+    sk_OSSL_CMP_ITAV_pop_free(itavs, OSSL_CMP_ITAV_free);
    +

    +

    +
    +

    SEE ALSO

    +

    OSSL_CMP_exec_IR_ses(3), OSSL_CMP_exec_KUR_ses(3), +OSSL_CMP_exec_GENM_ses(3)

    +

    +

    +
    +

    HISTORY

    +

    The OpenSSL CMP support was added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/OSSL_CMP_CTX_snprint_PKIStatus.html b/linux_amd64/share/doc/openssl/html/man3/OSSL_CMP_CTX_snprint_PKIStatus.html new file mode 100755 index 0000000..086aae4 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/OSSL_CMP_CTX_snprint_PKIStatus.html @@ -0,0 +1,84 @@ + + + + +OSSL_CMP_CTX_snprint_PKIStatus + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OSSL_CMP_CTX_snprint_PKIStatus +- function(s) for managing the CMP PKIStatus

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/cmp.h>
    +
    + char *OSSL_CMP_CTX_snprint_PKIStatus(OSSL_CMP_CTX *ctx, char *buf, int bufsize);
    +

    +

    +
    +

    DESCRIPTION

    +

    This is the PKIStatus API for using CMP (Certificate Management Protocol) with +OpenSSL.

    +

    OSSL_CMP_CTX_snprint_PKIStatus() takes the PKIStatusInfo components contained +in the given CMP context and places a human-readable string created from them +in the given buffer, with the given maximal length. +On success it returns a copy of the buffer pointer containing the string.

    +

    +

    +
    +

    NOTES

    +

    CMP is defined in RFC 4210 (and CRMF in RFC 4211).

    +

    +

    +
    +

    RETURN VALUES

    +

    OSSL_CMP_CTX_snprint_PKIStatus() +returns the intended pointer value as described above or NULL on error.

    +

    +

    +
    +

    HISTORY

    +

    The OpenSSL CMP support was added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/OSSL_CMP_HDR_get0_transactionID.html b/linux_amd64/share/doc/openssl/html/man3/OSSL_CMP_HDR_get0_transactionID.html new file mode 100755 index 0000000..9a01779 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/OSSL_CMP_HDR_get0_transactionID.html @@ -0,0 +1,85 @@ + + + + +OSSL_CMP_HDR_get0_transactionID + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OSSL_CMP_HDR_get0_transactionID, +OSSL_CMP_HDR_get0_recipNonce +- functions manipulating CMP message headers

    +

    +

    +
    +

    SYNOPSIS

    +
    +  #include <openssl/cmp.h>
    +
    +  ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_transactionID(const
+                                                     OSSL_CMP_PKIHEADER *hdr);
+  ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_recipNonce(const
+                                                  OSSL_CMP_PKIHEADER *hdr);
    +

    +

    +
    +

    DESCRIPTION

    +

    OSSL_CMP_HDR_get0_transactionID returns the transaction ID of the given +PKIHeader.

    +

    OSSL_CMP_HDR_get0_recipNonce returns the recipient nonce of the given PKIHeader.

    +

    +

    +
    +

    NOTES

    +

    CMP is defined in RFC 4210.

    +

    +

    +
    +

    RETURN VALUES

    +

    The functions return the intended pointer value as described above +or NULL if the respective entry does not exist and on error.

    +

    +

    +
    +

    HISTORY

    +

    The OpenSSL CMP support was added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/OSSL_CMP_ITAV_set0.html b/linux_amd64/share/doc/openssl/html/man3/OSSL_CMP_ITAV_set0.html new file mode 100755 index 0000000..e8a9233 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/OSSL_CMP_ITAV_set0.html @@ -0,0 +1,145 @@ + + + + +OSSL_CMP_ITAV_set0 + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OSSL_CMP_ITAV_create, +OSSL_CMP_ITAV_set0, +OSSL_CMP_ITAV_get0_type, +OSSL_CMP_ITAV_get0_value, +OSSL_CMP_ITAV_push0_stack_item +- OSSL_CMP_ITAV utility functions

    +

    +

    +
    +

    SYNOPSIS

    +
    +  #include <openssl/cmp.h>
+  OSSL_CMP_ITAV *OSSL_CMP_ITAV_create(ASN1_OBJECT *type, ASN1_TYPE *value);
+  void OSSL_CMP_ITAV_set0(OSSL_CMP_ITAV *itav, ASN1_OBJECT *type,
+                          ASN1_TYPE *value);
+  ASN1_OBJECT *OSSL_CMP_ITAV_get0_type(const OSSL_CMP_ITAV *itav);
+  ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav);
    +
    +  int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p,
+                                     OSSL_CMP_ITAV *itav);
    +

    +

    +
    +

    DESCRIPTION

    +

    Certificate Management Protocol (CMP, RFC 4210) extension to OpenSSL

    +

    ITAV is short for InfoTypeAndValue. This type is defined in RFC 4210 +section 5.3.19 and Appendix F. It is used at various places in CMP messages, +e.g., in the generalInfo PKIHeader field, to hold a key-value pair.

    +

    OSSL_CMP_ITAV_create() creates a new OSSL_CMP_ITAV structure and fills it in. +It combines OSSL_CMP_ITAV_new() and OSSL_CMP_ITAV_set0.

    +

    OSSL_CMP_ITAV_set0() sets the itav with an infoType of type and an +infoValue of value. This function uses the pointers type and value +internally, so they must not be freed up after the call.

    +

    OSSL_CMP_ITAV_get0_type() returns a direct pointer to the infoType in the +itav.

    +

    OSSL_CMP_ITAV_get0_value() returns a direct pointer to the infoValue in +the itav as generic ASN1_TYPE*.

    +

    OSSL_CMP_ITAV_push0_stack_item() pushes itav to the stack pointed to +by *itav_sk_p. It creates a new stack if *itav_sk_p points to NULL.

    +

    +

    +
    +

    NOTES

    +

    CMP is defined in RFC 4210 (and CRMF in RFC 4211).

    +

    +

    +
    +

    RETURN VALUES

    +

    OSSL_CMP_ITAV_create() returns a pointer to the ITAV structure on success, +or NULL on error.

    +

    OSSL_CMP_ITAV_set0() does not return a value.

    +

    OSSL_CMP_ITAV_get0_type() and OSSL_CMP_ITAV_get0_value() +return the respective pointer or NULL if their input is NULL.

    +

    OSSL_CMP_ITAV_push0_stack_item() returns 1 on success, 0 on error.

    +

    +

    +
    +

    EXAMPLES

    +

    The following code creates and sets a structure representing a generic +InfoTypeAndValue sequence, using an OID created from text as type, and an +integer as value. Afterwards, it is pushed to the OSSL_CMP_CTX to be later +included in the requests' PKIHeader's genInfo field.

    +
    +    ASN1_OBJECT *type = OBJ_txt2obj("1.2.3.4.5", 1);
+    if (type == NULL) ...
    +
    +    ASN1_INTEGER *asn1int = ASN1_INTEGER_new();
+    if (asn1int == NULL || !ASN1_INTEGER_set(asn1int, 12345)) ...
    +
    +    ASN1_TYPE *val = ASN1_TYPE_new();
+    if (val == NULL) ...
+    ASN1_TYPE_set(val, V_ASN1_INTEGER, asn1int);
    +
    +    OSSL_CMP_ITAV *itav = OSSL_CMP_ITAV_create(type, val);
+    if (itav == NULL) ...
    +
    +    OSSL_CMP_CTX *ctx = OSSL_CMP_CTX_new();
+    if (ctx == NULL || !OSSL_CMP_CTX_geninfo_push0_ITAV(ctx, itav)) {
+        OSSL_CMP_ITAV_free(itav); /* also frees type and val */
+        goto err;
+    }
    +
    +    ...
    +
    +    OSSL_CMP_CTX_free(ctx); /* also frees itav */
    +

    +

    +
    +

    SEE ALSO

    +

    OSSL_CMP_CTX_new(3), OSSL_CMP_CTX_free(3), ASN1_TYPE_set(3)

    +

    +

    +
    +

    HISTORY

    +

    The OpenSSL CMP support was added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/OSSL_CMP_MSG_get0_header.html b/linux_amd64/share/doc/openssl/html/man3/OSSL_CMP_MSG_get0_header.html new file mode 100755 index 0000000..936669c --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/OSSL_CMP_MSG_get0_header.html @@ -0,0 +1,79 @@ + + + + +OSSL_CMP_MSG_get0_header + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OSSL_CMP_MSG_get0_header +- function(s) manipulating CMP messages

    +

    +

    +
    +

    SYNOPSIS

    +
    +  #include <openssl/cmp.h>
    +
    +  OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg);
    +

    +

    +
    +

    DESCRIPTION

    +

    OSSL_CMP_MSG_get0_header returns the header of the given CMP message.

    +

    +

    +
    +

    NOTES

    +

    CMP is defined in RFC 4210.

    +

    +

    +
    +

    RETURN VALUES

    +

    CMP_MSG_get0_header() returns the intended pointer value as described above +or NULL if the respective entry does not exist and on error.

    +

    +

    +
    +

    HISTORY

    +

    The OpenSSL CMP support was added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/OSSL_CMP_log_open.html b/linux_amd64/share/doc/openssl/html/man3/OSSL_CMP_log_open.html new file mode 100755 index 0000000..2f982da --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/OSSL_CMP_log_open.html @@ -0,0 +1,148 @@ + + + + +OSSL_CMP_log_open + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OSSL_CMP_log_open, +OSSL_CMP_log_close, +OSSL_CMP_severity, +OSSL_CMP_LOG_EMERG, +OSSL_CMP_LOG_ALERT, +OSSL_CMP_LOG_CRIT, +OSSL_CMP_LOG_ERR, +OSSL_CMP_LOG_WARNING, +OSSL_CMP_LOG_NOTICE, +OSSL_CMP_LOG_INFO, +OSSL_CMP_LOG_DEBUG, +OSSL_cmp_log_cb_t, +OSSL_CMP_print_to_bio, +OSSL_CMP_print_errors_cb +- functions for logging and error reporting

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/cmp_util.h>
    +
    + int  OSSL_CMP_log_open(void);
+ void OSSL_CMP_log_close(void);
    +
    + /* severity level declarations resemble those from syslog.h */
+ typedef int OSSL_CMP_severity;
+ #define OSSL_CMP_LOG_EMERG   0
+ #define OSSL_CMP_LOG_ALERT   1
+ #define OSSL_CMP_LOG_CRIT    2
+ #define OSSL_CMP_LOG_ERR     3
+ #define OSSL_CMP_LOG_WARNING 4
+ #define OSSL_CMP_LOG_NOTICE  5
+ #define OSSL_CMP_LOG_INFO    6
+ #define OSSL_CMP_LOG_DEBUG   7
    +
    + typedef int (*OSSL_cmp_log_cb_t)(const char *component,
+                                  const char *file, int line,
+                                  OSSL_CMP_severity level, const char *msg);
+ int OSSL_CMP_print_to_bio(BIO *bio, const char *component, const char *file,
+                           int line, OSSL_CMP_severity level, const char *msg);
+ void OSSL_CMP_print_errors_cb(OSSL_cmp_log_cb_t log_fn);
    +

    +

    +
    +

    DESCRIPTION

    +

    The logging and error reporting facility described here contains +convenience functions for CMP-specific logging, +including a string prefix mirroring the severity levels of syslog.h, +and enhancements of the error queue mechanism needed for large diagnostic +messages produced by the CMP library in case of certificate validation failures.

    +

    When an interesting activity is performed or an error occurs, some detail +should be provided for user information, debugging, and auditing purposes. +A CMP application can obtain this information by providing a callback function +with the following type:

    +
    + typedef int (*OSSL_cmp_log_cb_t)(const char *component,
+                                  const char *file, int line,
+                                  OSSL_CMP_severity level, const char *msg);
    +

    The parameters may provide +some component info (which may be a module name and/or function name) or NULL, +a file pathname or NULL, +a line number or 0 indicating the source code location, +a severity level, and +a message string describing the nature of the event, terminated by '\n'.

    +

    Even when an activity is successful some warnings may be useful and some degree +of auditing may be required. Therefore the logging facility supports a severity +level and the callback function has a level parameter indicating such a +level, such that error, warning, info, debug, etc. can be treated differently. +The callback is activated only when the severity level is sufficient according +to the current level of verbosity, which by default is OSSL_CMP_LOG_INFO.

    +

    The callback function may itself do non-trivial tasks like writing to +a log file or remote stream, which in turn may fail. +Therefore the function should return 1 on success and 0 on failure.

    +

    OSSL_CMP_log_open() initializes the CMP-specific logging facility to output +everything to STDOUT. It fails if the integrated tracing is disabled or STDIO +is not available. It may be called during application startup. +Alternatively, OSSL_CMP_CTX_set_log_cb(3) can be used for more flexibility. +As long as neither if the two is used any logging output is ignored.

    +

    OSSL_CMP_log_close() may be called when all activities are finished to flush +any pending CMP-specific log output and deallocate related resources. +It may be called multiple times. It does get called at OpenSSL stutdown.

    +

    OSSL_CMP_print_to_bio() prints the given component info, filename, line number, +severity level, and log message or error queue message to the given bio. +component usually is a function or module name. +If it is NULL, empty, or "(unknown function)" then "CMP" is used as fallback.

    +

    OSSL_CMP_print_errors_cb() outputs any entries in the OpenSSL error queue. +It is similar to ERR_print_errors_cb() but uses the CMP log callback function +log_fn for uniformity with CMP logging if not NULL. Otherwise it prints to +STDERR using OSSL_CMP_print_to_bio(3) (unless OPENSSL_NO_STDIO is defined).

    +

    +

    +
    +

    RETURN VALUES

    +

    OSSL_CMP_log_close() and OSSL_CMP_print_errors_cb() do not return anything.

    +

    All other functions return 1 on success, 0 on error.

    +

    +

    +
    +

    HISTORY

    +

    The OpenSSL CMP support was added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/OSSL_CMP_validate_msg.html b/linux_amd64/share/doc/openssl/html/man3/OSSL_CMP_validate_msg.html new file mode 100755 index 0000000..467f54d --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/OSSL_CMP_validate_msg.html @@ -0,0 +1,121 @@ + + + + +OSSL_CMP_validate_msg + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OSSL_CMP_validate_msg, +OSSL_CMP_validate_cert_path +- functions for verifying CMP message protection

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/cmp.h>
+ int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg);
+ int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX *ctx,
+                                 X509_STORE *trusted_store, X509 *cert);
    +

    +

    +
    +

    DESCRIPTION

    +

    This is the API for validating the protection of CMP messages, +which includes validating CMP message sender certificates and their paths +while optionally checking the revocation status of the certificates(s).

    +

    OSSL_CMP_validate_msg() validates the protection of the given msg +using either password-based mac (PBM) or a signature algorithm.

    +

    In case of signature algorithm, the certificate to use for the signature check +is preferably the one provided by a call to OSSL_CMP_CTX_set1_srvCert(3). +If no such sender cert has been pinned then candidate sender certificates are +taken from the list of certificates received in the msg extraCerts, then any +certificates provided before via OSSL_CMP_CTX_set1_untrusted_certs(3), and +then all trusted certificates provided via OSSL_CMP_CTX_set0_trustedStore(3), +where a candidate is acceptable only if has not expired, its subject DN matches +the msg sender DN (as far as present), and its subject key identifier +is present and matches the senderKID (as far as the latter present). +Each acceptable cert is tried in the given order to see if the message +signature check succeeds and the cert and its path can be verified +using any trust store set via OSSL_CMP_CTX_set0_trustedStore(3).

    +

    If the option OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR was set by calling +OSSL_CMP_CTX_set_option(3), for an Initialization Response (IP) message +any self-issued certificate from the msg extraCerts field may also be used +as trust anchor for the path verification of an acceptable cert if it can be +used also to validate the issued certificate returned in the IP message. This is +according to TS 33.310 [Network Domain Security (NDS); Authentication Framework +(AF)] document specified by the The 3rd Generation Partnership Project (3GPP).

    +

    Any cert that has been found as described above is cached and tried first when +validating the signatures of subsequent messages in the same transaction.

    +

    After successful validation of PBM-based protection of a certificate response +the certificates in the caPubs field (if any) are added to the trusted +certificates provided via OSSL_CMP_CTX_set0_trustedStore(3), such that +they are available for validating subsequent messages in the same context. +Those could apply to any Polling Response (pollRep), error, or PKI Confirmation +(PKIConf) messages following in the same or future transactions.

    +

    OSSL_CMP_validate_cert_path() attempts to validate the given certificate and its +path using the given store of trusted certs (possibly including CRLs and a cert +verification callback) and non-trusted intermediate certs from the ctx.

    +

    +

    +
    +

    NOTES

    +

    CMP is defined in RFC 4210 (and CRMF in RFC 4211).

    +

    +

    +
    +

    RETURN VALUES

    +

    OSSL_CMP_validate_msg() and OSSL_CMP_validate_cert_path() +return 1 on success, 0 on error or validation failed.

    +

    +

    +
    +

    SEE ALSO

    +

    OSSL_CMP_CTX_new(3), OSSL_CMP_exec_IR_ses(3)

    +

    +

    +
    +

    HISTORY

    +

    The OpenSSL CMP support was added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/OSSL_CRMF_MSG_get0_tmpl.html b/linux_amd64/share/doc/openssl/html/man3/OSSL_CRMF_MSG_get0_tmpl.html new file mode 100755 index 0000000..2b382b0 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/OSSL_CRMF_MSG_get0_tmpl.html @@ -0,0 +1,111 @@ + + + + +OSSL_CRMF_MSG_get0_tmpl + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OSSL_CRMF_MSG_get0_tmpl, +OSSL_CRMF_CERTTEMPLATE_get0_serialNumber, +OSSL_CRMF_CERTTEMPLATE_get0_issuer, +OSSL_CRMF_CERTID_get0_serialNumber, +OSSL_CRMF_CERTID_get0_issuer, +OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert, +OSSL_CRMF_MSG_get_certReqId +- functions reading from CRMF CertReqMsg structures

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/crmf.h>
    +
    + OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm);
+ ASN1_INTEGER
+     *OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(OSSL_CRMF_CERTTEMPLATE *tmpl);
+ X509_NAME *OSSL_CRMF_CERTTEMPLATE_get0_issuer(OSSL_CRMF_CERTTEMPLATE *tmpl);
    +
    + ASN1_INTEGER *OSSL_CRMF_CERTID_get0_serialNumber(const OSSL_CRMF_CERTID *cid);
+ X509_NAME *OSSL_CRMF_CERTID_get0_issuer(const OSSL_CRMF_CERTID *cid);
    +
    + X509 *OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert(OSSL_CRMF_ENCRYPTEDVALUE *ecert,
+                                             EVP_PKEY *pkey);
    +
    + int OSSL_CRMF_MSG_get_certReqId(OSSL_CRMF_MSG *crm);
    +

    +

    +
    +

    DESCRIPTION

    +

    OSSL_CRMF_MSG_get0_tmpl() retrieves the certificate template of crm.

    +

    OSSL_CRMF_CERTTEMPLATE_get0_serialNumber() retrieves the serialNumber of the +given certificate template tmpl.

    +

    OSSL_CRMF_CERTTEMPLATE_get0_issuer() retrieves the issuer name of the +given certificate template tmpl.

    +

    OSSL_CRMF_CERTID_get0_serialNumber retrieves the serialNumber +of the given CertId cid.

    +

    OSSL_CRMF_CERTID_get0_issuer retrieves the issuer name +of the given CertId cid, which must be of ASN.1 type GEN_DIRNAME.

    +

    OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert() decrypts the certificate in the given +encryptedValue ecert, using the private key pkey. +This is needed for the indirect PoP method as in RFC 4210 section 5.2.8.2. +The function returns the decrypted certificate as a copy, leaving its ownership +with the caller, who is responsible for freeing it.

    +

    OSSL_CRMF_MSG_get_certReqId() retrieves the certReqId of crm.

    +

    +

    +
    +

    RETURN VALUES

    +

    OSSL_CRMF_MSG_get_certReqId() returns the certificate request ID as a +non-negative integer or -1 on error.

    +

    All other functions return a pointer with the intended result or NULL on error.

    +

    +

    +
    +

    SEE ALSO

    +

    RFC 4211

    +

    +

    +
    +

    HISTORY

    +

    The OpenSSL CRMF support was added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.html b/linux_amd64/share/doc/openssl/html/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.html new file mode 100755 index 0000000..0225e50 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.html @@ -0,0 +1,142 @@ + + + + +OSSL_CRMF_MSG_set1_regCtrl_regToken + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OSSL_CRMF_MSG_set1_regCtrl_regToken, +OSSL_CRMF_MSG_set1_regCtrl_authenticator, +OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo, +OSSL_CRMF_MSG_set0_SinglePubInfo, +OSSL_CRMF_MSG_set_PKIPublicationInfo_action, +OSSL_CRMF_MSG_set1_regCtrl_pkiPublicationInfo, +OSSL_CRMF_MSG_set1_regCtrl_protocolEncrKey, +OSSL_CRMF_MSG_set1_regCtrl_oldCertID, +OSSL_CRMF_CERTID_gen +- functions setting CRMF Registration Controls

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/crmf.h>
    +
    + int OSSL_CRMF_MSG_set1_regCtrl_regToken(OSSL_CRMF_MSG *msg,
+                                         const ASN1_UTF8STRING *tok);
+ int OSSL_CRMF_MSG_set1_regCtrl_authenticator(OSSL_CRMF_MSG *msg,
+                                              const ASN1_UTF8STRING *auth);
+ int OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo(
+                                  OSSL_CRMF_PKIPUBLICATIONINFO *pi,
+                                  OSSL_CRMF_SINGLEPUBINFO *spi);
+ int OSSL_CRMF_MSG_set0_SinglePubInfo(OSSL_CRMF_SINGLEPUBINFO *spi,
+                                      int method, GENERAL_NAME *nm);
+ int OSSL_CRMF_MSG_set_PKIPublicationInfo_action(
+                                  OSSL_CRMF_PKIPUBLICATIONINFO *pi, int action);
+ int OSSL_CRMF_MSG_set1_regCtrl_pkiPublicationInfo(OSSL_CRMF_MSG *msg,
+                                        const OSSL_CRMF_PKIPUBLICATIONINFO *pi);
+ int OSSL_CRMF_MSG_set1_regCtrl_protocolEncrKey(OSSL_CRMF_MSG *msg,
+                                                const X509_PUBKEY *pubkey);
+ int OSSL_CRMF_MSG_set1_regCtrl_oldCertID(OSSL_CRMF_MSG *msg,
+                                          const OSSL_CRMF_CERTID *cid);
+ OSSL_CRMF_CERTID *OSSL_CRMF_CERTID_gen(const X509_NAME *issuer,
+                                        const ASN1_INTEGER *serial);
    +

    +

    +
    +

    DESCRIPTION

    +

    OSSL_CRMF_MSG_set1_regCtrl_regToken() sets the regToken control in the given +msg copying the given tok as value. See RFC 4211, section 6.1.

    +

    OSSL_CRMF_MSG_set1_regCtrl_authenticator() sets the authenticator control in +the given msg copying the given auth as value. See RFC 4211, section 6.2.

    +

    OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo() pushes the given spi +to si. Consumes the spi pointer.

    +

    OSSL_CRMF_MSG_set0_SinglePubInfo() sets in the given SinglePubInfo spi +the method and publication location, in the form of a GeneralName, nm. +The publication location is optional, and therefore nm may be NULL. +The function consumes the nm pointer if present. +Available methods are: + # define OSSL_CRMF_PUB_METHOD_DONTCARE 0 + # define OSSL_CRMF_PUB_METHOD_X500 1 + # define OSSL_CRMF_PUB_METHOD_WEB 2 + # define OSSL_CRMF_PUB_METHOD_LDAP 3

    +

    OSSL_CRMF_MSG_set_PKIPublicationInfo_action() sets the action in the given pi +using the given action as value. See RFC 4211, section 6.3. +Available actions are: + # define OSSL_CRMF_PUB_ACTION_DONTPUBLISH 0 + # define OSSL_CRMF_PUB_ACTION_PLEASEPUBLISH 1

    +

    OSSL_CRMF_MSG_set1_regCtrl_pkiPublicationInfo() sets the pkiPublicationInfo +control in the given msg copying the given tok as value. See RFC 4211, +section 6.3.

    +

    OSSL_CRMF_MSG_set1_regCtrl_protocolEncrKey() sets the protocolEncrKey control in +the given msg copying the given pubkey as value. See RFC 4211 section 6.6.

    +

    OSSL_CRMF_MSG_set1_regCtrl_oldCertID() sets the oldCertID control in the given +msg copying the given cid as value. See RFC 4211, section 6.5.

    +

    OSSL_CRMF_CERTID_gen produces an OSSL_CRMF_CERTID_gen structure copying the +given issuer name and serial number.

    +

    +

    +
    +

    RETURN VALUES

    +

    OSSL_CRMF_CERTID_gen returns a pointer to the resulting structure +or NULL on error.

    +

    All other functions return 1 on success, 0 on error.

    +

    +

    +
    +

    NOTES

    +

    A function OSSL_CRMF_MSG_set1_regCtrl_pkiArchiveOptions() for setting an +Archive Options Control is not yet implemented due to missing features to +create the needed OSSL_CRMF_PKIARCHIVEOPTINS content.

    +

    +

    +
    +

    SEE ALSO

    +

    RFC 4211

    +

    +

    +
    +

    HISTORY

    +

    The OpenSSL CRMF support was added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.html b/linux_amd64/share/doc/openssl/html/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.html new file mode 100755 index 0000000..7bc0d9f --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.html @@ -0,0 +1,93 @@ + + + + +OSSL_CRMF_MSG_set1_regInfo_certReq + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OSSL_CRMF_MSG_set1_regInfo_utf8Pairs, +OSSL_CRMF_MSG_set1_regInfo_certReq +- functions setting CRMF Registration Info

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/crmf.h>
    +
    + int OSSL_CRMF_MSG_set1_regInfo_utf8Pairs(OSSL_CRMF_MSG *msg,
+                                          const ASN1_UTF8STRING *utf8pairs);
+ int OSSL_CRMF_MSG_set1_regInfo_certReq(OSSL_CRMF_MSG *msg,
+                                        const OSSL_CRMF_CERTREQUEST *cr);
    +

    +

    +
    +

    DESCRIPTION

    +

    OSSL_CRMF_MSG_set1_regInfo_utf8Pairs() adds a copy of the given utf8pairs +value as utf8Pairs regInfo to the given msg. See RFC 4211 section 7.1.

    +

    OSSL_CRMF_MSG_set1_regInfo_certReq() adds a copy of the given cr value +as certReq regInfo to the given msg. See RFC 4211 section 7.2.

    +

    +

    +
    +

    RETURN VALUES

    +

    All functions return 1 on success, 0 on error.

    +

    +

    +
    +

    NOTES

    +

    Calling these functions multiple times adds multiple instances of the respective +control to the regInfo structure of the given msg. While RFC 4211 expects +multiple utf8Pairs in one regInfo structure, it does not allow multiple certReq.

    +

    +

    +
    +

    SEE ALSO

    +

    RFC 4211

    +

    +

    +
    +

    HISTORY

    +

    The OpenSSL CRMF support was added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/OSSL_CRMF_MSG_set_validity.html b/linux_amd64/share/doc/openssl/html/man3/OSSL_CRMF_MSG_set_validity.html new file mode 100755 index 0000000..06f113a --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/OSSL_CRMF_MSG_set_validity.html @@ -0,0 +1,143 @@ + + + + +OSSL_CRMF_MSG_set_validity + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OSSL_CRMF_MSG_set_validity, +OSSL_CRMF_MSG_set_certReqId, +OSSL_CRMF_CERTTEMPLATE_fill, +OSSL_CRMF_MSG_set0_extensions, +OSSL_CRMF_MSG_push0_extension, +OSSL_CRMF_MSG_create_popo, +OSSL_CRMF_MSGS_verify_popo +- functions populating and verifying CRMF CertReqMsg structures

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/crmf.h>
    +
    + int OSSL_CRMF_MSG_set_validity(OSSL_CRMF_MSG *crm, time_t from, time_t to);
    +
    + int OSSL_CRMF_MSG_set_certReqId(OSSL_CRMF_MSG *crm, int rid);
    +
    + int OSSL_CRMF_CERTTEMPLATE_fill(OSSL_CRMF_CERTTEMPLATE *tmpl,
+                                 EVP_PKEY *pubkey,
+                                 const X509_NAME *subject,
+                                 const X509_NAME *issuer,
+                                 const ASN1_INTEGER *serial);
    +
    + int OSSL_CRMF_MSG_set0_extensions(OSSL_CRMF_MSG *crm, X509_EXTENSIONS *exts);
    +
    + int OSSL_CRMF_MSG_push0_extension(OSSL_CRMF_MSG *crm, X509_EXTENSION *ext);
    +
    + int OSSL_CRMF_MSG_create_popo(OSSL_CRMF_MSG *crm, EVP_PKEY *pkey,
+                               int dgst, int ppmtd);
    +
    + int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs,
+                                int rid, int acceptRAVerified);
    +

    +

    +
    +

    DESCRIPTION

    +

    OSSL_CRMF_MSG_set_validity() sets from as notBefore and to as notAfter +as the validity in the certTemplate of crm.

    +

    OSSL_CRMF_MSG_set_certReqId() sets rid as the certReqId of crm.

    +

    OSSL_CRMF_CERTTEMPLATE_fill() sets those fields of the certTemplate tmpl +for which non-NULL values are provided: pubkey, subject, issuer, +and/or serial. +On success the reference counter of the pubkey (if given) is incremented, +while the subject, issuer, and serial structures (if given) are copied.

    +

    OSSL_CRMF_MSG_set0_extensions() sets exts as the extensions in the +certTemplate of crm. Frees any pre-existing ones and consumes exts.

    +

    OSSL_CRMF_MSG_push0_extension() pushes the X509 extension ext to the +extensions in the certTemplate of crm. Consumes ext.

    +

    OSSL_CRMF_MSG_create_popo() creates and sets the Proof-of-Possession (POPO) +according to the method ppmtd in crm. +In case the method is OSSL_CRMF_POPO_SIGNATURE the POPO is calculated +using the private pkey and the digest algorithm NID dgst.

    +

    ppmtd can be one of the following:

    + +

    OSSL_CRMF_MSGS_verify_popo verifies the Proof-of-Possession of the request with +the given rid in the list of reqs. Optionally accepts RAVerified.

    +

    +

    +
    +

    RETURN VALUES

    +

    All functions return 1 on success, 0 on error.

    +

    +

    +
    +

    SEE ALSO

    +

    RFC 4211

    +

    +

    +
    +

    HISTORY

    +

    The OpenSSL CRMF support was added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/OSSL_CRMF_pbmp_new.html b/linux_amd64/share/doc/openssl/html/man3/OSSL_CRMF_pbmp_new.html new file mode 100755 index 0000000..c091ddf --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/OSSL_CRMF_pbmp_new.html @@ -0,0 +1,122 @@ + + + + +OSSL_CRMF_pbmp_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OSSL_CRMF_pbm_new, +OSSL_CRMF_pbmp_new +- functions for producing Password-Based MAC (PBM)

    +

    +

    +
    +

    SYNOPSIS

    +
    +  #include <openssl/crmf.h>
    +
    +  int OSSL_CRMF_pbm_new(const OSSL_CRMF_PBMPARAMETER *pbmp,
+                        const unsigned char *msg, size_t msglen,
+                        const unsigned char *sec, size_t seclen,
+                        unsigned char **mac, size_t *maclen);
    +
    +  OSSL_CRMF_PBMPARAMETER *OSSL_CRMF_pbmp_new(size_t saltlen, int owfnid,
+                                             int itercnt, int macnid);
    +

    +

    +
    +

    DESCRIPTION

    +

    OSSL_CRMF_pbm_new() generates a PBM (Password-Based MAC) based on given PBM +parameters pbmp, message msg, and secret sec, along with the respective +lengths msglen and seclen. On success writes the address of the newly +allocated MAC via the mac reference parameter and writes the length via the +maclen reference parameter unless it its NULL.

    +

    The iteration count must be at least 100, as stipulated by RFC 4211, and is +limited to at most 100000 to avoid DoS through manipulated or otherwise +malformed input.

    +

    OSSL_CRMF_pbmp_new() initializes and returns a new PBMParameter +structure with a new random salt of given length saltlen, OWF (one-way +function) NID owfnid, iteration count itercnt, and MAC NID macnid.

    +

    +

    +
    +

    NOTES

    +

    The algorithms for the OWF (one-way function) and for the MAC (message +authentication code) may be any with a NID defined in openssl/objects.h. +As specified by RFC 4210, these should include NID_hmac_sha1.

    +

    RFC 4210 recommends that the salt SHOULD be at least 8 bytes (64 bits) long.

    +

    +

    +
    +

    RETURN VALUES

    +

    OSSL_CRMF_pbm_new() returns 1 on success, 0 on error.

    +

    OSSL_CRMF_pbmp_new() returns a new and initialized OSSL_CRMF_PBMPARAMETER +structure, or NULL on error.

    +

    +

    +
    +

    EXAMPLES

    +
    + OSSL_CRMF_PBMPARAMETER *pbm = NULL;
+ unsigned char *msg = "Hello";
+ unsigned char *sec = "SeCrEt";
+ unsigned char *mac = NULL;
+ size_t maclen;
    +
    + if ((pbm = OSSL_CRMF_pbmp_new(16, NID_sha256, 500, NID_hmac_sha1) == NULL))
+     goto err;
+ if (!OSSL_CRMF_pbm_new(pbm, msg, 5, sec, 6, &mac, &maclen))
+     goto err;
    +

    +

    +
    +

    SEE ALSO

    +

    RFC 4211 section 4.4

    +

    +

    +
    +

    HISTORY

    +

    The OpenSSL CRMF support was added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/OSSL_HTTP_transfer.html b/linux_amd64/share/doc/openssl/html/man3/OSSL_HTTP_transfer.html new file mode 100755 index 0000000..a423971 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/OSSL_HTTP_transfer.html @@ -0,0 +1,231 @@ + + + + +OSSL_HTTP_transfer + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OSSL_HTTP_get, +OSSL_HTTP_get_asn1, +OSSL_HTTP_post_asn1, +OSSL_HTTP_transfer, +OSSL_HTTP_bio_cb_t, +OSSL_HTTP_proxy_connect, +OSSL_HTTP_parse_url +- http client functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/http.h>
    +
    + typedef BIO *(*OSSL_HTTP_bio_cb_t)(BIO *bio, void *arg,
+                                    int connect, int detail);
+ BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *proxy_port,
+                    BIO *bio, BIO *rbio,
+                    OSSL_HTTP_bio_cb_t bio_update_fn, void *arg,
+                    const STACK_OF(CONF_VALUE) *headers,
+                    int maxline, unsigned long max_resp_len, int timeout,
+                    const char *expected_content_type, int expect_asn1);
+ ASN1_VALUE *OSSL_HTTP_get_asn1(const char *url,
+                                const char *proxy, const char *proxy_port,
+                                BIO *bio, BIO *rbio,
+                                OSSL_HTTP_bio_cb_t bio_update_fn, void *arg,
+                                const STACK_OF(CONF_VALUE) *headers,
+                                int maxline, unsigned long max_resp_len,
+                                int timeout, const char *expected_content_type,
+                                const ASN1_ITEM *it);
+ ASN1_VALUE *OSSL_HTTP_post_asn1(const char *server, const char *port,
+                                 const char *path, int use_ssl,
+                                 const char *proxy, const char *proxy_port,
+                                 BIO *bio, BIO *rbio,
+                                 OSSL_HTTP_bio_cb_t bio_update_fn, void *arg,
+                                 const STACK_OF(CONF_VALUE) *headers,
+                                 const char *content_type,
+                                 ASN1_VALUE *req, const ASN1_ITEM *req_it,
+                                 int maxline, unsigned long max_resp_len,
+                                 int timeout, const char *expected_ct,
+                                 const ASN1_ITEM *rsp_it);
+ BIO *OSSL_HTTP_transfer(const char *server, const char *port, const char *path,
+                         int use_ssl, const char *proxy, const char *proxy_port,
+                         BIO *bio, BIO *rbio,
+                         OSSL_HTTP_bio_cb_t bio_update_fn, void *arg,
+                         const STACK_OF(CONF_VALUE) *headers,
+                         const char *content_type, BIO *req_mem,
+                         int maxline, unsigned long max_resp_len, int timeout,
+                         const char *expected_ct, int expect_asn1,
+                         char **redirection_url);
+ int OSSL_HTTP_proxy_connect(BIO *bio, const char *server, const char *port,
+                             const char *proxyuser, const char *proxypass,
+                             int timeout, BIO *bio_err, const char *prog);
+ int OSSL_HTTP_parse_url(const char *url, char **phost, char **pport,
+                         char **ppath, int *pssl);
    +

    +

    +
    +

    DESCRIPTION

    +

    OSSL_HTTP_get() uses HTTP GET to obtain data (of any type) from the given url +and returns it as a memory BIO.

    +

    OSSL_HTTP_get_asn1() uses HTTP GET to obtain an ASN.1-encoded value +(e.g., an X.509 certificate) with the expected structure specified by it +(e.g., ASN1_ITEM_rptr(X509)) from the given url +and returns it on success as a pointer to ASN1_VALUE.

    +

    OSSL_HTTP_post_asn1() uses the HTTP POST method to send a request req +with the ASN.1 structure defined in req_it and the given content_type to +the given server and optional port and path, which defaults to "/". +If use_ssl is nonzero a TLS connection is requested and the bio_update_fn +parameter, described below, must be provided. +The optional list headers may contain additional custom HTTP header lines. +The expected structure of the response is specified by rsp_it. +On success it returns the response as a pointer to ASN1_VALUE.

    +

    OSSL_HTTP_transfer() exchanges an HTTP request and response with +the given server and optional port and path, which defaults to "/". +If use_ssl is nonzero a TLS connection is requested and the bio_update_fn +parameter, described below, must be provided. +If req_mem is NULL it uses the HTTP GET method, else it uses HTTP POST to +send a request with the contents of the memory BIO and optional content_type. +The optional list headers may contain additional custom HTTP header lines. +If req_mem is NULL (i.e., the HTTP method is GET) and redirection_url +is not NULL the latter pointer is used to provide any new location that +the server may return with HTTP code 301 (MOVED_PERMANENTLY) or 302 (FOUND). +In this case the caller is responsible for deallocating this URL with +OPENSSL_free(3).

    +

    The above functions have the following parameters in common.

    +

    If the proxy parameter is not NULL the HTTP client functions connect +via the given proxy and the optionally given proxy_port. +Proxying plain HTTP is supported directly, +while using a proxy for HTTPS connections requires a suitable callback function +such as OSSL_HTTP_proxy_connect(), described below.

    +

    Typically the bio and rbio parameters are NULL and the client creates a +network BIO internally for connecting to the given server and port (optionally +via a proxy and its port), and uses it for exchanging the request and response. +If bio is given and rbio is NULL then the client uses this BIO instead. +If both bio and rbio are given (which may be memory BIOs for instance) +then no explicit connection is attempted, +bio is used for writing the request, and rbio for reading the response. +As soon as the client has flushed bio the server must be ready to provide +a response or indicate a waiting condition via rbio.

    +

    The maxline parameter specifies the response header maximum line length, +where 0 indicates the default value, which currently is 4k. +The max_resp_len parameter specifies the maximum response length, +where 0 indicates the default value, which currently is 100k.

    +

    An ASN.1-encoded response is expected by OSSL_HTTP_get_asn1() and +OSSL_HTTP_post_asn1(), while for OSSL_HTTP_get() or OSSL_HTTP_transfer() +this is only the case if the expect_asn1 parameter is nonzero. +If the response header contains one or more Content-Length header lines and/or +an ASN.1-encoded response is expected, which should include a total length, +the length indications received are checked for consistency +and for not exceeding the maximum response length.

    +

    If the parameter expected_content_type (or expected_ct, respectively) +is not NULL then the HTTP client checks that the given content type string +is included in the HTTP header of the response and returns an error if not.

    +

    If the timeout parameter is > 0 this indicates the maximum number of seconds +to wait until the transfer is complete. +A value of 0 enables waiting indefinitely, +while a value < 0 immediately leads to a timeout condition.

    +

    The optional parameter bio_update_fn with its optional argument arg may +be used to modify the connection BIO used by the HTTP client (and cannot be +used when both bio and rbio are given). +bio_update_fn is a BIO connect/disconnect callback function with prototype

    +
    + BIO *(*OSSL_HTTP_bio_cb_t)(BIO *bio, void *arg, int connect, int detail)
    +

    The callback may modify the HTTP BIO provided in the bio argument, +whereby it may make use of a custom defined argument arg, +which may for instance refer to an SSL_CTX structure. +During connection establishment, just after calling BIO_connect_retry(), +the function is invoked with the connect argument being 1 and the detail +argument being 1 if HTTPS is requested, i.e., SSL/TLS should be enabled. +On disconnect connect is 0 and detail is 1 if no error occurred, else 0. +For instance, on connect the function may prepend a TLS BIO to implement HTTPS; +after disconnect it may do some diagnostic output and/or specific cleanup. +The function should return NULL to indicate failure. +Here is a simple example that supports TLS connections (but not via a proxy):

    +
    + BIO *http_tls_cb(BIO *hbio, void *arg, int connect, int detail)
+ {
+     SSL_CTX *ctx = (SSL_CTX *)arg;
    +
    +     if (connect && detail) { /* connecting with TLS */
+         BIO *sbio = BIO_new_ssl(ctx, 1);
+         hbio = sbio != NULL ? BIO_push(sbio, hbio) : NULL;
+     } else if (!connect && !detail) { /* disconnecting after error */
+         /* optionally add diagnostics here */
+     }
+     return hbio;
+ }
    +

    After disconnect the modified BIO will be deallocated using BIO_free_all().

    +

    OSSL_HTTP_proxy_connect() may be used by an above BIO connect callback function +to set up an SSL/TLS connection via an HTTP proxy. +It promotes the given BIO bio representing a connection +pre-established with a TLS proxy using the HTTP CONNECT method, +optionally using proxy client credentials proxyuser and proxypass, +to connect with TLS protection ultimately to server and port. +The timeout parameter is used as described above. +Since this function is typically called by appplications such as +openssl-s_client(1) it uses the bio_err and prog parameters (unless +NULL) to print additional diagnostic information in a user-oriented way.

    +

    OSSL_HTTP_parse_url() parses its input string url as a URL and splits it up +into host, port and path components and a flag whether it begins with 'https'. +The host component may be a DNS name or an IPv4 or an IPv6 address. +The port component is optional and defaults to "443" for HTTPS, else "80". +The path component is also optional and defaults to "/". +As far as the result pointer arguments are not NULL it assigns via +them copies of the respective string components. +The strings returned this way must be deallocated by the caller using +OPENSSL_free(3) unless they are NULL, which is their default value on error.

    +

    +

    +
    +

    RETURN VALUES

    +

    OSSL_HTTP_get(), OSSL_HTTP_get_asn1(), OSSL_HTTP_post_asn1(), and +OSSL_HTTP_transfer() return on success the data received via HTTP, else NULL. +Error conditions include connection/transfer timeout, parse errors, etc.

    +

    OSSL_HTTP_proxy_connect() and OSSL_HTTP_parse_url() +return 1 on success, 0 on error.

    +

    +

    +
    +

    HISTORY

    +

    OSSL_HTTP_get(), OSSL_HTTP_get_asn1(), OSSL_HTTP_post_asn1(), +OSSL_HTTP_proxy_connect(), and OSSL_HTTP_parse_url() were added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/OSSL_PARAM.html b/linux_amd64/share/doc/openssl/html/man3/OSSL_PARAM.html new file mode 100755 index 0000000..5b0fd60 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/OSSL_PARAM.html @@ -0,0 +1,363 @@ + + + + +OSSL_PARAM + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OSSL_PARAM - a structure to pass or request object parameters

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/core.h>
    +
    + typedef struct ossl_param_st OSSL_PARAM;
+ struct ossl_param_st {
+     const char *key;             /* the name of the parameter */
+     unsigned char data_type;     /* declare what kind of content is in data */
+     void *data;                  /* value being passed in or out */
+     size_t data_size;            /* data size */
+     size_t return_size;          /* returned size */
+ };
    +

    +

    +
    +

    DESCRIPTION

    +

    OSSL_PARAM is a type that allows passing arbitrary data for some +object between two parties that have no or very little shared +knowledge about their respective internal structures for that object.

    +

    A typical usage example could be an application that wants to set some +parameters for an object, or wants to find out some parameters of an +object.

    +

    Arrays of this type can be used for the following purposes:

    +
      +
    • Setting parameters for some object + +

      The caller sets up the OSSL_PARAM array and calls some function +(the setter) that has intimate knowledge about the object that can +take the data from the OSSL_PARAM array and assign them in a +suitable form for the internal structure of the object.

      +
      • +
    • Request parameters of some object + +

      The caller (the requestor) sets up the OSSL_PARAM array and +calls some function (the responder) that has intimate knowledge +about the object, which can take the internal data of the object and +copy (possibly convert) that to the memory prepared by the +requestor and pointed at with the OSSL_PARAM data.

      +
      • +
    • Request parameter descriptors + +

      The caller gets an array of constant OSSL_PARAM, which describe +available parameters and some of their properties; name, data type and +expected data size. +For a detailed description of each field for this use, see the field +descriptions below.

      +

      The caller may then use the information from this descriptor array to +build up its own OSSL_PARAM array to pass down to a setter or +responder.

      +
      • +
    +

    Normally, the order of the an OSSL_PARAM array is not relevant. +However, if the responder can handle multiple elements with the +same key, those elements must be handled in the order they are in.

    +

    +

    +

    OSSL_PARAM fields

    +
    +
    key
    + +
    +

    The identity of the parameter in the form of a string.

    +
    +
    data_type
    + +
    +

    The data_type is a value that describes the type and organization of +the data. +See Supported types below for a description of the types.

    +
    +
    data
    + +
    data_size
    + +
    +

    data is a pointer to the memory where the parameter data is (when +setting parameters) or shall (when requesting parameters) be stored, +and data_size is its size in bytes. +The organization of the data depends on the parameter type and flag.

    +

    When requesting parameters, it's acceptable for data to be NULL. +This can be used by the requestor to figure out dynamically exactly +how much buffer space is needed to store the parameter data. +In this case, data_size is ignored.

    +

    When the OSSL_PARAM is used as a parameter descriptor, data +should be ignored. +If data_size is zero, it means that an arbitrary data size is +accepted, otherwise it specifies the maximum size allowed.

    +
    +
    return_size
    + +
    +

    When an array of OSSL_PARAM is used to request data, the +responder must set this field to indicate size of the parameter +data, including padding as the case may be. +In case the data_size is an unsuitable size for the data, the +responder must still set this field to indicate the minimum data +size required. +(further notes on this in NOTES below).

    +

    When the OSSL_PARAM is used as a parameter descriptor, +return_size should be ignored.

    +
    +
    +

    NOTE:

    +

    The key names and associated types are defined by the entity that +offers these parameters, i.e. names for parameters provided by the +OpenSSL libraries are defined by the libraries, and names for +parameters provided by providers are defined by those providers, +except for the pointer form of strings (see data type descriptions +below). +Entities that want to set or request parameters need to know what +those keys are and of what type, any functionality between those two +entities should remain oblivious and just pass the OSSL_PARAM array +along.

    +

    +

    +

    Supported types

    +

    The data_type field can be one of the following types:

    +
    +
    OSSL_PARAM_INTEGER
    + +
    OSSL_PARAM_UNSIGNED_INTEGER
    + +
    +

    The parameter data is an integer (signed or unsigned) of arbitrary +length, organized in native form, i.e. most significant byte first on +Big-Endian systems, and least significant byte first on Little-Endian +systems.

    +
    +
    OSSL_PARAM_REAL
    + +
    +

    The parameter data is a floating point value in native form.

    +
    +
    OSSL_PARAM_UTF8_STRING
    + +
    +

    The parameter data is a printable string.

    +
    +
    OSSL_PARAM_OCTET_STRING
    + +
    +

    The parameter data is an arbitrary string of bytes.

    +
    +
    OSSL_PARAM_UTF8_PTR
    + +
    +

    The parameter data is a pointer to a printable string.

    +

    The difference between this and OSSL_PARAM_UTF8_STRING is that data +doesn't point directly at the data, but to a pointer that points to the data.

    +

    This is used to indicate that constant data is or will be passed, +and there is therefore no need to copy the data that is passed, just +the pointer to it.

    +

    data_size must be set to the size of the data, not the size of the +pointer to the data. +If this is used in a parameter request, +data_size is not relevant. However, the responder will set +return_size to the size of the data.

    +

    Note that the use of this type is fragile and can only be safely +used for data that remains constant and in a constant location for a +long enough duration (such as the life-time of the entity that +offers these parameters).

    +
    +
    OSSL_PARAM_OCTET_PTR
    + +
    +

    The parameter data is a pointer to an arbitrary string of bytes.

    +

    The difference between this and OSSL_PARAM_OCTET_STRING is that +data doesn't point directly at the data, but to a pointer that +points to the data.

    +

    This is used to indicate that constant data is or will be passed, and +there is therefore no need to copy the data that is passed, just the +pointer to it.

    +

    data_size must be set to the size of the data, not the size of the +pointer to the data. +If this is used in a parameter request, +data_size is not relevant. However, the responder will set +return_size to the size of the data.

    +

    Note that the use of this type is fragile and can only be safely +used for data that remains constant and in a constant location for a +long enough duration (such as the life-time of the entity that +offers these parameters).

    +
    +
    +

    +

    +
    +

    NOTES

    +

    Both when setting and requesting parameters, the functions that are +called will have to decide what is and what is not an error. +The recommended behaviour is:

    +
      +
    • +

      Keys that a setter or responder doesn't recognise should simply +be ignored. +That in itself isn't an error.

      +
      • +
    • +

      If the keys that a called setter recognises form a consistent +enough set of data, that call should succeed.

      +
      • +
    • +

      Apart from the return_size, a responder must never change the fields +of an OSSL_PARAM. +To return a value, it should change the contents of the memory that +data points at.

      +
      • +
    • +

      If the data type for a key that it's associated with is incorrect, +the called function may return an error.

      +

      The called function may also try to convert the data to a suitable +form (for example, it's plausible to pass a large number as an octet +string, so even though a given key is defined as an +OSSL_PARAM_UNSIGNED_INTEGER, is plausible to pass the value as an +OSSL_PARAM_OCTET_STRING), but this is in no way mandatory.

      +
      • +
    • +

      If a responder finds that some data sizes are too small for the +requested data, it must set return_size for each such +OSSL_PARAM item to the minimum required size, and eventually return +an error.

      +
      • +
    • +

      For the integer type parameters (OSSL_PARAM_UNSIGNED_INTEGER and +OSSL_PARAM_INTEGER), a responder may choose to return an error +if the data_size isn't a suitable size (even if data_size is +bigger than needed). If the responder finds the size suitable, it +must fill all data_size bytes and ensure correct padding for the +native endianness, and set return_size to the same value as +data_size.

      +
      • +
    +

    +

    +
    +

    EXAMPLES

    +

    A couple of examples to just show how OSSL_PARAM arrays could be +set up.

    +

    +

    +

    Example 1

    +

    This example is for setting parameters on some object:

    +
    +    #include <openssl/core.h>
    +
    +    const char *foo = "some string";
+    size_t foo_l = strlen(foo) + 1;
+    const char bar[] = "some other string";
+    OSSL_PARAM set[] = {
+        { "foo", OSSL_PARAM_UTF8_STRING_PTR, &foo, foo_l, 0 },
+        { "bar", OSSL_PARAM_UTF8_STRING, &bar, sizeof(bar), 0 },
+        { NULL, 0, NULL, 0, NULL }
+    };
    +

    +

    +

    Example 2

    +

    This example is for requesting parameters on some object:

    +
    +    const char *foo = NULL;
+    size_t foo_l;
+    char bar[1024];
+    size_t bar_l;
+    OSSL_PARAM request[] = {
+        { "foo", OSSL_PARAM_UTF8_STRING_PTR, &foo, 0 /*irrelevant*/, 0 },
+        { "bar", OSSL_PARAM_UTF8_STRING, &bar, sizeof(bar), 0 },
+        { NULL, 0, NULL, 0, NULL }
+    };
    +

    A responder that receives this array (as params in this example) +could fill in the parameters like this:

    +
    +    /* OSSL_PARAM *params */
    +
    +    int i;
    +
    +    for (i = 0; params[i].key != NULL; i++) {
+        if (strcmp(params[i].key, "foo") == 0) {
+            *(char **)params[i].data = "foo value";
+            params[i].return_size = 10; /* size of "foo value" */
+        } else if (strcmp(params[i].key, "bar") == 0) {
+            memcpy(params[i].data, "bar value", 10);
+            params[i].return_size = 10; /* size of "bar value" */
+        }
+        /* Ignore stuff we don't know */
+    }
    +

    +

    +
    +

    SEE ALSO

    +

    openssl-core.h(7), OSSL_PARAM_get_int(3)

    +

    +

    +
    +

    HISTORY

    +

    OSSL_PARAM was added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/OSSL_PARAM_allocate_from_text.html b/linux_amd64/share/doc/openssl/html/man3/OSSL_PARAM_allocate_from_text.html new file mode 100755 index 0000000..48e4ed9 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/OSSL_PARAM_allocate_from_text.html @@ -0,0 +1,194 @@ + + + + +OSSL_PARAM_allocate_from_text + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OSSL_PARAM_allocate_from_text +- OSSL_PARAM construction utilities

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/params.h>
    +
    + int OSSL_PARAM_allocate_from_text(OSSL_PARAM *to,
+                                   const OSSL_PARAM *paramdefs,
+                                   const char *key, const char *value,
+                                   size_t value_n,
+                                   int *found);
    +

    +

    +
    +

    DESCRIPTION

    +

    With OpenSSL before version 3.0, parameters were passed down to or +retrieved from algorithm implementations via control functions. +Some of these control functions existed in variants that took string +parameters, for example EVP_PKEY_CTX_ctrl_str(3).

    +

    OpenSSL 3.0 introduces a new mechanism to do the same thing with an +array of parameters that contain name, value, value type and value +size (see OSSL_PARAM(3) for more information).

    +

    OSSL_PARAM_allocate_from_text() takes a control key, value and +value size value_n, and given a parameter descriptor array +paramdefs, it converts the value to something suitable for +OSSL_PARAM(3) and stores that in the buffer buf, and modifies +the parameter to to match. +buf_n, if not NULL, will be assigned the number of bytes used in +buf. +If buf is NULL, only buf_n will be modified, everything else is +left untouched, allowing a caller to find out how large the buffer +should be. +buf needs to be correctly aligned for the type of the OSSL_PARAM +key. +If <found> is not NULL, it is set to 1 if the parameter can be located and +to 0 otherwise.

    +

    The caller must remember to free the data of to when it's not +useful any more.

    +

    For parameters having the type OSSL_PARAM_INTEGER, +OSSL_PARAM_UNSIGNED_INTEGER, or OSSL_PARAM_OCTET_STRING, both +functions will interpret the value differently if the key starts +with "hex". +In that case, the value is decoded first, and the result will be used +as parameter value.

    +

    +

    +
    +

    RETURN VALUES

    +

    OSSL_PARAM_allocate_from_text() returns 1 on success, and 0 on error.

    +

    +

    +
    +

    NOTES

    +

    The parameter descriptor array comes from functions dedicated to +return them. +The following OSSL_PARAM attributes are used:

    +
    +
    key
    + +
    data
    + +
    data_size
    + +
    +

    All other attributes are ignored.

    +

    The data_size attribute can be zero, meaning that the parameter it +describes expects arbitrary length data.

    +

    +

    +
    +

    EXAMPLES

    +

    Code that looked like this:

    +
    +  int mac_ctrl_string(EVP_PKEY_CTX *ctx, const char *value)
+  {
+      int rv;
+      char *stmp, *vtmp = NULL;
    +
    +      stmp = OPENSSL_strdup(value);
+      if (stmp == NULL)
+          return -1;
+      vtmp = strchr(stmp, ':');
+      if (vtmp != NULL)
+          *vtmp++ = '\0';
+      rv = EVP_MAC_ctrl_str(ctx, stmp, vtmp);
+      OPENSSL_free(stmp);
+      return rv;
+  }
    +
    +  ...
    +
    +  for (i = 0; i < sk_OPENSSL_STRING_num(macopts); i++) {
+      char *macopt = sk_OPENSSL_STRING_value(macopts, i);
    +
    +      if (pkey_ctrl_string(mac_ctx, macopt) <= 0) {
+          BIO_printf(bio_err,
+                     "MAC parameter error \"%s\"\n", macopt);
+          ERR_print_errors(bio_err);
+          goto mac_end;
+      }
+  }
    +

    Can be written like this instead:

    +
    +  OSSL_PARAM *params =
+      OPENSSL_zalloc(sizeof(*params)
+                     * (sk_OPENSSL_STRING_num(opts) + 1));
+  const OSSL_PARAM *paramdefs = EVP_MAC_settable_ctx_params(mac);
+  size_t params_n;
+  char *opt = "<unknown>";
    +
    +  for (params_n = 0; params_n < (size_t)sk_OPENSSL_STRING_num(opts);
+       params_n++) {
+      char *stmp, *vtmp = NULL;
    +
    +      opt = sk_OPENSSL_STRING_value(opts, (int)params_n);
+      if ((stmp = OPENSSL_strdup(opt)) == NULL
+              || (vtmp = strchr(stmp, ':')) == NULL)
+          goto err;
    +
    +      *vtmp++ = '\0';
+      if (!OSSL_PARAM_allocate_from_text(&params[params_n],
+                                         paramdefs, stmp,
+                                         vtmp, strlen(vtmp), NULL))
+          goto err;
+  }
+  params[params_n] = OSSL_PARAM_construct_end();
+  if (!EVP_MAC_CTX_set_params(ctx, params))
+      goto err;
+  while (params_n-- > 0)
+      OPENSSL_free(params[params_n].data);
+  OPENSSL_free(params);
+  /* ... */
+  return;
    +
    + err:
+  BIO_printf(bio_err, "MAC parameter error '%s'\n", opt);
+  ERR_print_errors(bio_err);
    +

    +

    +
    +

    SEE ALSO

    +

    OSSL_PARAM(3), OSSL_PARAM_int(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/OSSL_PARAM_int.html b/linux_amd64/share/doc/openssl/html/man3/OSSL_PARAM_int.html new file mode 100755 index 0000000..0a5d75e --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/OSSL_PARAM_int.html @@ -0,0 +1,353 @@ + + + + +OSSL_PARAM_int + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OSSL_PARAM_double, OSSL_PARAM_int, OSSL_PARAM_int32, OSSL_PARAM_int64, +OSSL_PARAM_long, OSSL_PARAM_size_t, OSSL_PARAM_uint, OSSL_PARAM_uint32, +OSSL_PARAM_uint64, OSSL_PARAM_ulong, OSSL_PARAM_BN, OSSL_PARAM_utf8_string, +OSSL_PARAM_octet_string, OSSL_PARAM_utf8_ptr, OSSL_PARAM_octet_ptr, +OSSL_PARAM_END, +OSSL_PARAM_construct_double, OSSL_PARAM_construct_int, +OSSL_PARAM_construct_int32, OSSL_PARAM_construct_int64, +OSSL_PARAM_construct_long, OSSL_PARAM_construct_size_t, +OSSL_PARAM_construct_uint, OSSL_PARAM_construct_uint32, +OSSL_PARAM_construct_uint64, OSSL_PARAM_construct_ulong, +OSSL_PARAM_construct_BN, OSSL_PARAM_construct_utf8_string, +OSSL_PARAM_construct_utf8_ptr, OSSL_PARAM_construct_octet_string, +OSSL_PARAM_construct_octet_ptr, OSSL_PARAM_construct_end, +OSSL_PARAM_locate, OSSL_PARAM_locate_const, +OSSL_PARAM_get_double, OSSL_PARAM_get_int, OSSL_PARAM_get_int32, +OSSL_PARAM_get_int64, OSSL_PARAM_get_long, OSSL_PARAM_get_size_t, +OSSL_PARAM_get_uint, OSSL_PARAM_get_uint32, OSSL_PARAM_get_uint64, +OSSL_PARAM_get_ulong, OSSL_PARAM_get_BN, OSSL_PARAM_get_utf8_string, +OSSL_PARAM_get_octet_string, OSSL_PARAM_get_utf8_ptr, +OSSL_PARAM_get_octet_ptr, +OSSL_PARAM_set_double, OSSL_PARAM_set_int, OSSL_PARAM_set_int32, +OSSL_PARAM_set_int64, OSSL_PARAM_set_long, OSSL_PARAM_set_size_t, +OSSL_PARAM_set_uint, OSSL_PARAM_set_uint32, OSSL_PARAM_set_uint64, +OSSL_PARAM_set_ulong, OSSL_PARAM_set_BN, OSSL_PARAM_set_utf8_string, +OSSL_PARAM_set_octet_string, OSSL_PARAM_set_utf8_ptr, +OSSL_PARAM_set_octet_ptr +- OSSL_PARAM helpers

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/params.h>
    +
    + /*
+  * TYPE in function names is one of:
+  * double, int, int32, int64, long, size_t, uint, uint32, uint64, ulong
+  * Corresponding TYPE in function arguments is one of:
+  * double, int, int32_t, int64_t, long, size_t, unsigned int, uint32_t,
+  * uint64_t, unsigned long
+  */
    +
    + #define OSSL_PARAM_TYPE(key, address)
+ #define OSSL_PARAM_BN(key, address, size)
+ #define OSSL_PARAM_utf8_string(key, address, size)
+ #define OSSL_PARAM_octet_string(key, address, size)
+ #define OSSL_PARAM_utf8_ptr(key, address, size)
+ #define OSSL_PARAM_octet_ptr(key, address, size)
+ #define OSSL_PARAM_END
    +
    + OSSL_PARAM OSSL_PARAM_construct_TYPE(const char *key, TYPE *buf);
+ OSSL_PARAM OSSL_PARAM_construct_BN(const char *key, unsigned char *buf,
+                                    size_t bsize);
+ OSSL_PARAM OSSL_PARAM_construct_utf8_string(const char *key, char *buf,
+                                             size_t bsize);
+ OSSL_PARAM OSSL_PARAM_construct_octet_string(const char *key, void *buf,
+                                              size_t bsize);
+ OSSL_PARAM OSSL_PARAM_construct_utf8_ptr(const char *key, char **buf,
+                                          size_t bsize);
+ OSSL_PARAM OSSL_PARAM_construct_octet_ptr(const char *key, void **buf,
+                                           size_t bsize);
+ OSSL_PARAM OSSL_PARAM_construct_end(void);
    +
    + OSSL_PARAM *OSSL_PARAM_locate(OSSL_PARAM *array, const char *key);
+ const OSSL_PARAM *OSSL_PARAM_locate_const(const OSSL_PARAM *array,
+                                           const char *key);
    +
    + int OSSL_PARAM_get_TYPE(const OSSL_PARAM *p, TYPE *val);
+ int OSSL_PARAM_set_TYPE(OSSL_PARAM *p, TYPE val);
    +
    + int OSSL_PARAM_get_BN(const OSSL_PARAM *p, BIGNUM **val);
+ int OSSL_PARAM_set_BN(OSSL_PARAM *p, const BIGNUM *val);
    +
    + int OSSL_PARAM_get_utf8_string(const OSSL_PARAM *p, char **val,
+                                size_t max_len);
+ int OSSL_PARAM_set_utf8_string(OSSL_PARAM *p, const char *val);
    +
    + int OSSL_PARAM_get_octet_string(const OSSL_PARAM *p, void **val,
+                                 size_t max_len, size_t *used_len);
+ int OSSL_PARAM_set_octet_string(OSSL_PARAM *p, const void *val, size_t len);
    +
    + int OSSL_PARAM_get_utf8_ptr(const OSSL_PARAM *p, const char **val);
+ int OSSL_PARAM_set_utf8_ptr(OSSL_PARAM *p, const char *val);
    +
    + int OSSL_PARAM_get_octet_ptr(const OSSL_PARAM *p, const void **val,
+                              size_t *used_len);
+ int OSSL_PARAM_set_octet_ptr(OSSL_PARAM *p, const void *val,
+                              size_t used_len);
    +

    +

    +
    +

    DESCRIPTION

    +

    A collection of utility functions that simplify and add type safety to the +OSSL_PARAM arrays. The following TYPE names are supported:

    +
      +
    • +

      double

      +
      • +
    • +

      int

      +
      • +
    • +

      int32 (int32_t)

      +
      • +
    • +

      int64 (int64_t)

      +
      • +
    • +

      long int (long)

      +
      • +
    • +

      size_t

      +
      • +
    • +

      uint32 (uint32_t)

      +
      • +
    • +

      uint64 (uint64_t)

      +
      • +
    • +

      unsigned int (uint)

      +
      • +
    • +

      unsigned long int (ulong)

      +
      • +
    +

    OSSL_PARAM_TYPE() are a series of macros designed to assist initialising an +array of OSSL_PARAM structures. +Each of these macros defines a parameter of the specified TYPE with the +provided key and parameter variable address.

    +

    OSSL_PARAM_utf8_string(), OSSL_PARAM_octet_string(), OSSL_PARAM_utf8_ptr(), +OSSL_PARAM_octet_ptr(), OSSL_PARAM_BN() are macros that provide support +for defining UTF8 strings, OCTET strings and big numbers. +A parameter with name key is defined. +The storage for this parameter is at address and is of size bytes.

    +

    OSSL_PARAM_END provides an end of parameter list marker. +This should terminate all OSSL_PARAM arrays.

    +

    OSSL_PARAM_construct_TYPE() are a series of functions that create OSSL_PARAM +records dynamically. +A parameter with name key is created. +The parameter will use storage pointed to by buf and return size of ret.

    +

    OSSL_PARAM_construct_BN() is a function that constructs a large integer +OSSL_PARAM structure. +A parameter with name key, storage buf, size bsize and return +size rsize is created.

    +

    OSSL_PARAM_construct_utf8_string() is a function that constructs a UTF8 +string OSSL_PARAM structure. +A parameter with name key, storage buf and size bsize is created. +If bsize is zero, the string length is determined using strlen(3) + 1 for the +null termination byte. +Generally pass zero for bsize instead of calling strlen(3) yourself.

    +

    OSSL_PARAM_construct_octet_string() is a function that constructs an OCTET +string OSSL_PARAM structure. +A parameter with name key, storage buf and size bsize is created.

    +

    OSSL_PARAM_construct_utf8_ptr() is a function that constructes a UTF string +pointer OSSL_PARAM structure. +A parameter with name key, storage pointer *buf and size bsize +is created.

    +

    OSSL_PARAM_construct_octet_ptr() is a function that constructes an OCTET string +pointer OSSL_PARAM structure. +A parameter with name key, storage pointer *buf and size bsize +is created.

    +

    OSSL_PARAM_construct_end() is a function that constructs the terminating +OSSL_PARAM structure.

    +

    OSSL_PARAM_locate() is a function that searches an array of parameters for +the one matching the key name.

    +

    OSSL_PARAM_locate_const() behaves exactly like OSSL_PARAM_locate() except for +the presence of const for the array argument and its return value.

    +

    OSSL_PARAM_get_TYPE() retrieves a value of type TYPE from the parameter p. +The value is copied to the address val. +Type coercion takes place as discussed in the NOTES section.

    +

    OSSL_PARAM_set_TYPE() stores a value val of type TYPE into the parameter +p. +If the parameter's data field is NULL, then only its return_size field +will be assigned the size the parameter's data buffer should have. +Type coercion takes place as discussed in the NOTES section.

    +

    OSSL_PARAM_get_BN() retrieves a BIGNUM from the parameter pointed to by p. +The BIGNUM referenced by val is updated and is allocated if *val is +NULL.

    +

    OSSL_PARAM_set_BN() stores the BIGNUM val into the parameter p. +If the parameter's data field is NULL, then only its return_size field +will be assigned the size the parameter's data buffer should have.

    +

    OSSL_PARAM_get_utf8_string() retrieves a UTF8 string from the parameter +pointed to by p. +The string is either stored into *val with a length limit of max_len or, +in the case when *val is NULL, memory is allocated for the string and +max_len is ignored. +If memory is allocated by this function, it must be freed by the caller.

    +

    OSSL_PARAM_set_utf8_string() sets a UTF8 string from the parameter pointed to +by p to the value referenced by val. +If the parameter's data field is NULL, then only its return_size field +will be assigned the size the parameter's data buffer should have.

    +

    OSSL_PARAM_get_octet_string() retrieves an OCTET string from the parameter +pointed to by p. +The OCTETs are either stored into *val with a length limit of max_len or, +in the case when *val is NULL, memory is allocated and +max_len is ignored. +If memory is allocated by this function, it must be freed by the caller.

    +

    OSSL_PARAM_set_octet_string() sets an OCTET string from the parameter +pointed to by p to the value referenced by val. +If the parameter's data field is NULL, then only its return_size field +will be assigned the size the parameter's data buffer should have.

    +

    OSSL_PARAM_get_utf8_ptr() retrieves the UTF8 string pointer from the parameter +referenced by p and stores it in *val.

    +

    OSSL_PARAM_set_utf8_ptr() sets the UTF8 string pointer in the parameter +referenced by p to the values val.

    +

    OSSL_PARAM_get_octet_ptr() retrieves the OCTET string pointer from the parameter +referenced by p and stores it in *val. +The length of the OCTET string is stored in *used_len.

    +

    OSSL_PARAM_set_octet_ptr() sets the OCTET string pointer in the parameter +referenced by p to the values val. +The length of the OCTET string is provided by used_len.

    +

    +

    +
    +

    RETURN VALUES

    +

    OSSL_PARAM_construct_TYPE(), OSSL_PARAM_construct_BN(), +OSSL_PARAM_construct_utf8_string(), OSSL_PARAM_construct_octet_string(), +OSSL_PARAM_construct_utf8_ptr() and OSSL_PARAM_construct_octet_ptr() +return a populated OSSL_PARAM structure.

    +

    OSSL_PARAM_locate() and OSSL_PARAM_locate_const() return a pointer to +the matching OSSL_PARAM object. They return NULL on error or when +no object matching key exists in the array.

    +

    All other functions return 1 on success and 0 on failure.

    +

    +

    +
    +

    NOTES

    +

    Native types will be converted as required only if the value is exactly +representable by the target type or parameter. +Apart from that, the functions must be used appropriately for the +expected type of the parameter.

    +

    For OSSL_PARAM_construct_utf8_ptr() and OSSL_PARAM_consstruct_octet_ptr(), +bsize is not relevant if the purpose is to send the OSSL_PARAM array +to a responder, i.e. to get parameter data back. +In that case, bsize can safely be given zero. +See OSSL_PARAM(3)/DESCRIPTION for further information on the +possible purposes.

    +

    +

    +
    +

    EXAMPLES

    +

    Reusing the examples from OSSL_PARAM(3) to just show how +OSSL_PARAM arrays can be handled using the macros and functions +defined herein.

    +

    +

    +

    Example 1

    +

    This example is for setting parameters on some object:

    +
    +    #include <openssl/core.h>
    +
    +    const char *foo = "some string";
+    size_t foo_l = strlen(foo) + 1;
+    const char bar[] = "some other string";
+    const OSSL_PARAM set[] = {
+        OSSL_PARAM_utf8_ptr("foo", foo, foo_l),
+        OSSL_PARAM_utf8_string("bar", bar, sizeof(bar)),
+        OSSL_PARAM_END
+    };
    +

    +

    +

    Example 2

    +

    This example is for requesting parameters on some object, and also +demonstrates that the requestor isn't obligated to request all +available parameters:

    +
    +    const char *foo = NULL;
+    char bar[1024];
+    OSSL_PARAM request[] = {
+        OSSL_PARAM_utf8_ptr("foo", foo, 0),
+        OSSL_PARAM_utf8_string("bar", bar, sizeof(bar)),
+        OSSL_PARAM_END
+    };
    +

    A responder that receives this array (as params in this example) +could fill in the parameters like this:

    +
    +    /* OSSL_PARAM *params */
    +
    +    OSSL_PARAM *p;
    +
    +    if ((p = OSSL_PARAM_locate(params, "foo")) == NULL)
+        OSSL_PARAM_set_utf8_ptr(p, "foo value");
+    if ((p = OSSL_PARAM_locate(params, "bar")) == NULL)
+        OSSL_PARAM_set_utf8_ptr(p, "bar value");
+    if ((p = OSSL_PARAM_locate(params, "cookie")) == NULL)
+        OSSL_PARAM_set_utf8_ptr(p, "cookie value");
    +

    +

    +
    +

    SEE ALSO

    +

    openssl-core.h(7), OSSL_PARAM(3)

    +

    +

    +
    +

    HISTORY

    +

    These APIs were introduced in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/OSSL_PROVIDER.html b/linux_amd64/share/doc/openssl/html/man3/OSSL_PROVIDER.html new file mode 100755 index 0000000..3b6082b --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/OSSL_PROVIDER.html @@ -0,0 +1,158 @@ + + + + +OSSL_PROVIDER + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OSSL_PROVIDER, OSSL_PROVIDER_load, OSSL_PROVIDER_unload, +OSSL_PROVIDER_available, +OSSL_PROVIDER_gettable_params, OSSL_PROVIDER_get_params, +OSSL_PROVIDER_add_builtin, OSSL_PROVIDER_name - provider routines

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/provider.h>
    +
    + typedef struct ossl_provider_st OSSL_PROVIDER;
    +
    + OSSL_PROVIDER *OSSL_PROVIDER_load(OPENSSL_CTX *libctx, const char *name);
+ int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov);
+ int OSSL_PROVIDER_available(OPENSSL_CTX *libctx, const char *name);
    +
    + const OSSL_PARAM *OSSL_PROVIDER_gettable_params(OSSL_PROVIDER *prov);
+ int OSSL_PROVIDER_get_params(OSSL_PROVIDER *prov, OSSL_PARAM params[]);
    +
    + int OSSL_PROVIDER_add_builtin(OPENSSL_CTX *libctx, const char *name,
+                               ossl_provider_init_fn *init_fn);
    +
    + const char *OSSL_PROVIDER_name(const OSSL_PROVIDER *prov);
    +

    +

    +
    +

    DESCRIPTION

    +

    OSSL_PROVIDER is a type that holds internal information about +implementation providers (see provider(7) for information on what a +provider is). +A provider can be built in to the application or the OpenSSL +libraries, or can be a loadable module. +The functions described here handle both forms.

    +

    Some of these functions operate within a library context, please see +OPENSSL_CTX(3) for further details.

    +

    +

    +

    Functions

    +

    OSSL_PROVIDER_add_builtin() is used to add a built in provider to +OSSL_PROVIDER store in the given library context, by associating a +provider name with a provider initialization function. +This name can then be used with OSSL_PROVIDER_load().

    +

    OSSL_PROVIDER_load() loads and initializes a provider. +This may simply initialize a provider that was previously added with +OSSL_PROVIDER_add_builtin() and run its given initialization function, +or load a provider module with the given name and run its provider +entry point, OSSL_provider_init.

    +

    OSSL_PROVIDER_unload() unloads the given provider. +For a provider added with OSSL_PROVIDER_add_builtin(), this simply +runs its teardown function.

    +

    OSSL_PROVIDER_available() checks if a named provider is available +for use.

    +

    OSSL_PROVIDER_gettable_params() is used to get a provider parameter +descriptor set as a constant OSSL_PARAM array. +See OSSL_PARAM(3) for more information.

    +

    OSSL_PROVIDER_get_params() is used to get provider parameter values. +The caller must prepare the OSSL_PARAM array before calling this +function, and the variables acting as buffers for this parameter array +should be filled with data when it returns successfully.

    +

    OSSL_PROVIDER_name() returns the name of the given provider.

    +

    +

    +
    +

    RETURN VALUES

    +

    OSSL_PROVIDER_add() returns 1 on success, or 0 on error.

    +

    OSSL_PROVIDER_load() returns a pointer to a provider object on +success, or NULL on error.

    +

    OSSL_PROVIDER_unload() returns 1 on success, or 0 on error.

    +

    OSSL_PROVIDER_available() returns 1 if the named provider is available, +otherwise 0.

    +

    OSSL_PROVIDER_gettable_params() returns a pointer to an array +of constant OSSL_PARAM, or NULL if none is provided.

    +

    OSSL_PROVIDER_get_params() returns 1 on success, or 0 on error.

    +

    +

    +
    +

    EXAMPLES

    +

    This demonstrates how to load the provider module "foo" and ask for +its build number.

    +
    + OSSL_PROVIDER *prov = NULL;
+ const char *build = NULL;
+ size_t built_l = 0;
+ OSSL_PARAM request[] = {
+     { "build", OSSL_PARAM_UTF8_STRING_PTR, &build, 0, &build_l },
+     { NULL, 0, NULL, 0, NULL }
+ };
    +
    + if ((prov = OSSL_PROVIDER_load(NULL, "foo")) != NULL
+     && OSSL_PROVIDER_get_params(prov, request))
+     printf("Provider 'foo' build %s\n", build);
+ else
+     ERR_print_errors_fp(stderr);
    +

    +

    +
    +

    SEE ALSO

    +

    openssl-core.h(7), OPENSSL_CTX(3), provider(7)

    +

    +

    +
    +

    HISTORY

    +

    The type and functions described here were added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/OSSL_SELF_TEST_set_callback.html b/linux_amd64/share/doc/openssl/html/man3/OSSL_SELF_TEST_set_callback.html new file mode 100755 index 0000000..23c4aee --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/OSSL_SELF_TEST_set_callback.html @@ -0,0 +1,89 @@ + + + + +OSSL_SELF_TEST_set_callback + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OSSL_SELF_TEST_set_callback, +OSSL_SELF_TEST_get_callback - specify a callback for processing self tests

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/self_test.h>
    +
    + void OSSL_SELF_TEST_set_callback(OPENSSL_CTX *ctx, OSSL_CALLBACK *cb, void *cbarg);
+ void OSSL_SELF_TEST_get_callback(OPENSSL_CTX *ctx, OSSL_CALLBACK **cb, void **cbarg);
    +

    +

    +
    +

    DESCRIPTION

    +

    Set or gets the optional application callback (and the callback argument) that +is called during self testing. +The application callback OSSL_CALLBACK is associated with a OPENSSL_CTX. +The application callback function receives information about a running self test, +and may return a result to the calling self test. +See openssl-core.h(7) for further information on the callback.

    +

    +

    +
    +

    RETURN VALUES

    +

    OSSL_SELF_TEST_get_callback() returns the callback and callback argument that +has been set via OSSL_SELF_TEST_set_callback() for the given library context ctx. +These returned parameters will be NULL if OSSL_SELF_TEST_set_callback() has +not been called.

    +

    +

    +
    +

    SEE ALSO

    +

    openssl-core.h(7), +OSSL_PROVIDER-FIPS(7) +OPENSSL_CTX(3)

    +

    +

    +
    +

    HISTORY

    +

    The functions described here were added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/OSSL_SERIALIZER.html b/linux_amd64/share/doc/openssl/html/man3/OSSL_SERIALIZER.html new file mode 100755 index 0000000..c25ed73 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/OSSL_SERIALIZER.html @@ -0,0 +1,153 @@ + + + + +OSSL_SERIALIZER + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OSSL_SERIALIZER, +OSSL_SERIALIZER_fetch, +OSSL_SERIALIZER_up_ref, +OSSL_SERIALIZER_free, +OSSL_SERIALIZER_provider, +OSSL_SERIALIZER_properties, +OSSL_SERIALIZER_is_a, +OSSL_SERIALIZER_number, +OSSL_SERIALIZER_do_all_provided, +OSSL_SERIALIZER_names_do_all +- Serializer method routines

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/serializer.h>
    +
    + typedef struct ossl_serializer_st OSSL_SERIALIZER;
    +
    + OSSL_SERIALIZER *OSSL_SERIALIZER_fetch(OPENSSL_CTX *ctx, const char *name,
+                                        const char *properties);
+ int OSSL_SERIALIZER_up_ref(OSSL_SERIALIZER *serializer);
+ void OSSL_SERIALIZER_free(OSSL_SERIALIZER *serializer);
+ const OSSL_PROVIDER *OSSL_SERIALIZER_provider(const OSSL_SERIALIZER
+                                               *serializer);
+ const char *OSSL_SERIALIZER_properties(const OSSL_SERIALIZER *ser);
+ int OSSL_SERIALIZER_is_a(const OSSL_SERIALIZER *serializer,
+                          const char *name);
+ int OSSL_SERIALIZER_number(const OSSL_SERIALIZER *serializer);
+ void OSSL_SERIALIZER_do_all_provided(OPENSSL_CTX *libctx,
+                                      void (*fn)(OSSL_SERIALIZER *serializer,
+                                                 void *arg),
+                                      void *arg);
+ void OSSL_SERIALIZER_names_do_all(const OSSL_SERIALIZER *serializer,
+                                   void (*fn)(const char *name, void *data),
+                                   void *data);
    +

    +

    +
    +

    DESCRIPTION

    +

    OSSL_SERIALIZER is a method for serializers, which know how to +serialize an object of some kind to a serialized form, such as PEM, +DER, or even human readable text.

    +

    OSSL_SERIALIZER_fetch() looks for an algorithm within the provider that +has been loaded into the OPENSSL_CTX given by ctx, having the +name given by name and the properties given by properties. +The name determines what type of object the fetched serializer +method is expected to be able to serialize, and the properties are +used to determine the expected output type. +For known properties and the values they may have, please have a look +in provider-serializer(7)/Names and properties.

    +

    OSSL_SERIALIZER_up_ref() increments the reference count for the given +serializer.

    +

    OSSL_SERIALIZER_free() decrements the reference count for the given +serializer, and when the count reaches zero, frees it.

    +

    OSSL_SERIALIZER_provider() returns the provider of the given +serializer.

    +

    OSSL_SERIALIZER_provider() returns the property definition associated +with the given serializer.

    +

    OSSL_SERIALIZER_is_a() checks if serializer is an implementation of an +algorithm that's identifiable with name.

    +

    OSSL_SERIALIZER_number() returns the internal dynamic number assigned to +the given serializer.

    +

    OSSL_SERIALIZER_names_do_all() traverses all names for the given +serializer, and calls fn with each name and data.

    +

    OSSL_SERIALIZER_do_all_provided() traverses all serializer +implementations by all activated providers in the library context +libctx, and for each of the implementations, calls fn with the +implementation method and data as arguments.

    +

    +

    +
    +

    NOTES

    +

    OSSL_SERIALIZER_fetch() may be called implicitly by other fetching +functions, using the same library context and properties. +Any other API that uses keys will typically do this.

    +

    +

    +
    +

    RETURN VALUES

    +

    OSSL_SERIALIZER_fetch() returns a pointer to the key management +implementation represented by an OSSL_SERIALIZER object, or NULL on +error.

    +

    OSSL_SERIALIZER_up_ref() returns 1 on success, or 0 on error.

    +

    OSSL_SERIALIZER_free() doesn't return any value.

    +

    OSSL_SERIALIZER_provider() returns a pointer to a provider object, or +NULL on error.

    +

    OSSL_SERIALIZER_properties() returns a pointer to a property +definition string, or NULL on error.

    +

    OSSL_SERIALIZER_is_a() returns 1 of serializer was identifiable, +otherwise 0.

    +

    OSSL_SERIALIZER_number() returns an integer.

    +

    +

    +
    +

    SEE ALSO

    +

    provider(7), OSSL_SERIALIZER_CTX(3), OSSL_SERIALIZER_to_bio(3), +OSSL_SERIALIZER_CTX_new_by_EVP_PKEY(3), OPENSSL_CTX(3)

    +

    +

    +
    +

    HISTORY

    +

    The functions described here were added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/OSSL_SERIALIZER_CTX.html b/linux_amd64/share/doc/openssl/html/man3/OSSL_SERIALIZER_CTX.html new file mode 100755 index 0000000..54141c6 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/OSSL_SERIALIZER_CTX.html @@ -0,0 +1,117 @@ + + + + +OSSL_SERIALIZER_CTX + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OSSL_SERIALIZER_CTX, +OSSL_SERIALIZER_CTX_new, +OSSL_SERIALIZER_CTX_get_serializer, +OSSL_SERIALIZER_settable_ctx_params, +OSSL_SERIALIZER_CTX_set_params, +OSSL_SERIALIZER_CTX_free +- Serializer context routines

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/serializer.h>
    +
    + typedef struct ossl_serializer_ctx_st OSSL_SERIALIZER_CTX;
    +
    + OSSL_SERIALIZER_CTX *OSSL_SERIALIZER_CTX_new(OSSL_SERIALIZER *ser);
+ const OSSL_SERIALIZER *
+ OSSL_SERIALIZER_CTX_get_serializer(OSSL_SERIALIZER_CTX *ctx);
+ const OSSL_PARAM *OSSL_SERIALIZER_settable_ctx_params(OSSL_SERIALIZER *ser);
+ int OSSL_SERIALIZER_CTX_set_params(OSSL_SERIALIZER_CTX *ctx,
+                                    const OSSL_PARAM params[]);
+ void OSSL_SERIALIZER_CTX_free(OSSL_SERIALIZER_CTX *ctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    OSSL_SERIALIZER_CTX is a context with which OSSL_SERIALIZER +operations are performed. The context typically holds values, both +internal and supplied by the application, which are useful for the +implementations supplied by providers.

    +

    OSSL_SERIALIZER_CTX_new() creates a OSSL_SERIALIZER_CTX associated +with the serializer ser. NULL is a valid ser, the context will +be created anyway, it's just not very useful. This is intentional, to +distinguish between errors in allocating the context or assigning it +values on one hand, and the lack of serializer support on the other.

    +

    OSSL_SERIALIZER_CTX_get_serializer() gets the serializer method +currently associated with the context ctx.

    +

    OSSL_SERIALIZER_settable_ctx_params() returns an OSSL_PARAM(3) +array of parameter descriptors.

    +

    OSSL_SERIALIZER_CTX_set_params() attempts to set parameters specified +with an OSSL_PARAM(3) array params. Parameters that the +implementation doesn't recognise should be ignored.

    +

    OSSL_SERIALIZER_CTX_free() frees the given context ctx.

    +

    +

    +
    +

    RETURN VALUES

    +

    OSSL_SERIALIZER_CTX_new() returns a pointer to a +OSSL_SERIALIZER_CTX, or NULL if the context structure couldn't be +allocated.

    +

    OSSL_SERIALIZER_CTX_get_serializer() returns a pointer to the +serializer method associated with ctx. NULL is a valid return +value and signifies that there is no associated serializer method.

    +

    OSSL_SERIALIZER_settable_ctx_params() returns an OSSL_PARAM(3) +array, or NULL if none is available.

    +

    OSSL_SERIALIZER_CTX_set_params() returns 1 if all recognised +parameters were valid, or 0 if one of them was invalid or caused some +other failure in the implementation.

    +

    +

    +
    +

    SEE ALSO

    +

    provider(7), OSSL_SERIALIZER(3)

    +

    +

    +
    +

    HISTORY

    +

    The functions described here were added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.html b/linux_amd64/share/doc/openssl/html/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.html new file mode 100755 index 0000000..608f34b --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.html @@ -0,0 +1,174 @@ + + + + +OSSL_SERIALIZER_CTX_new_by_EVP_PKEY + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OSSL_SERIALIZER_CTX_new_by_EVP_PKEY, +OSSL_SERIALIZER_CTX_set_cipher, +OSSL_SERIALIZER_CTX_set_passphrase, +OSSL_SERIALIZER_CTX_set_passphrase_cb, +OSSL_SERIALIZER_CTX_set_passphrase_ui, +OSSL_SERIALIZER_PUBKEY_TO_PEM_PQ, +OSSL_SERIALIZER_PrivateKey_TO_PEM_PQ, +OSSL_SERIALIZER_Parameters_TO_PEM_PQ, +OSSL_SERIALIZER_PUBKEY_TO_DER_PQ, +OSSL_SERIALIZER_PrivateKey_TO_DER_PQ, +OSSL_SERIALIZER_Parameters_TO_DER_PQ, +OSSL_SERIALIZER_PUBKEY_TO_TEXT_PQ, +OSSL_SERIALIZER_PrivateKey_TO_TEXT_PQ, +OSSL_SERIALIZER_Parameters_TO_TEXT_PQ +- Serializer routines to serialize EVP_PKEYs

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/serializer.h>
    +
    + OSSL_SERIALIZER_CTX *OSSL_SERIALIZER_CTX_new_by_EVP_PKEY(const EVP_PKEY *pkey,
+                                                          const char *propquery);
    +
    + int OSSL_SERIALIZER_CTX_set_cipher(OSSL_SERIALIZER_CTX *ctx,
+                                    const char *cipher_name,
+                                    const char *propquery);
+ int OSSL_SERIALIZER_CTX_set_passphrase(OSSL_SERIALIZER_CTX *ctx,
+                                        const unsigned char *kstr,
+                                        size_t klen);
+ int OSSL_SERIALIZER_CTX_set_passphrase_cb(OSSL_SERIALIZER_CTX *ctx, int enc,
+                                           pem_password_cb *cb, void *cbarg);
+ int OSSL_SERIALIZER_CTX_set_passphrase_ui(OSSL_SERIALIZER_CTX *ctx,
+                                           const UI_METHOD *ui_method,
+                                           void *ui_data);
    +
    + #define OSSL_SERIALIZER_PUBKEY_TO_PEM_PQ "format=pem,type=public"
+ #define OSSL_SERIALIZER_PrivateKey_TO_PEM_PQ "format=pem,type=private"
+ #define OSSL_SERIALIZER_Parameters_TO_PEM_PQ "format=pem,type=parameters"
    +
    + #define OSSL_SERIALIZER_PUBKEY_TO_DER_PQ "format=der,type=public"
+ #define OSSL_SERIALIZER_PrivateKey_TO_DER_PQ "format=der,type=private"
+ #define OSSL_SERIALIZER_Parameters_TO_DER_PQ "format=der,type=parameters"
    +
    + #define OSSL_SERIALIZER_PUBKEY_TO_TEXT_PQ "format=text,type=public"
+ #define OSSL_SERIALIZER_PrivateKey_TO_TEXT_PQ "format=text,type=private"
+ #define OSSL_SERIALIZER_Parameters_TO_TEXT_PQ "format=text,type=parameters"
    +

    +

    +
    +

    DESCRIPTION

    +

    OSSL_SERIALIZER_CTX_new_by_EVP_PKEY() creates a OSSL_SERIALIZER_CTX +with a suitable attached output routine for EVP_PKEYs. It will +search for a serializer implementation that matches the algorithm of +the EVP_PKEY and the property query given with propquery. It +will prefer to find a serializer from the same provider as the key +data of the EVP_PKEY itself, but failing that, it will choose the +first serializer that supplies a generic serializing function.

    +

    If no suitable serializer was found, OSSL_SERIALIZER_CTX_new_by_EVP_PKEY() +still creates a OSSL_SERIALIZER_CTX, but with no associated +serializer (OSSL_SERIALIZER_CTX_get_serializer(3) returns NULL). +This helps the caller distinguish between an error when creating +the OSSL_SERIALIZER_CTX, and the lack the serializer support and +act accordingly.

    +

    OSSL_SERIALIZER_CTX_set_cipher() tells the implementation what cipher +should be used to encrypt serialized keys. The cipher is given by +name cipher_name. The interpretation of that cipher_name is +implementation dependent. The implementation may implement the digest +directly itself or by other implementations, or it may choose to fetch +it. If the implementation supports fetching the cipher, then it may +use propquery as properties to be queried for when fetching. +cipher_name may also be NULL, which will result in unencrypted +serialization.

    +

    OSSL_SERIALIZER_CTX_set_passphrase() gives the implementation a +pass phrase to use when encrypting the serialized private key. +Alternatively, a pass phrase callback may be specified with the +following functions.

    +

    OSSL_SERIALIZER_CTX_set_passphrase_cb() and +OSSL_SERIALIZER_CTX_set_passphrase_ui() sets up a callback method that +the implementation can use to prompt for a pass phrase.

    +

    The macros OSSL_SERIALIZER_PUBKEY_TO_PEM_PQ, +OSSL_SERIALIZER_PrivateKey_TO_PEM_PQ, +OSSL_SERIALIZER_Parameters_TO_PEM_PQ, +OSSL_SERIALIZER_PUBKEY_TO_DER_PQ, +OSSL_SERIALIZER_PrivateKey_TO_DER_PQ, +OSSL_SERIALIZER_Parameters_TO_DER_PQ, +OSSL_SERIALIZER_PUBKEY_TO_TEXT_PQ, +OSSL_SERIALIZER_PrivateKey_TO_TEXT_PQ, +OSSL_SERIALIZER_Parameters_TO_TEXT_PQ are convenience macros with +property queries to serialize the EVP_PKEY as a public key, private +key or parameters to PEM, to DER, or to text.

    +

    +

    +
    +

    RETURN VALUES

    +

    OSSL_SERIALIZER_CTX_new_by_EVP_PKEY() returns a pointer to a +OSSL_SERIALIZER_CTX, or NULL if it couldn't be created.

    +

    OSSL_SERIALIZER_CTX_set_cipher(), +OSSL_SERIALIZER_CTX_set_passphrase(), +OSSL_SERIALIZER_CTX_set_passphrase_cb(), and +OSSL_SERIALIZER_CTX_set_passphrase_ui() all return 1 on success, or 0 +on failure.

    +

    +

    +
    +

    NOTES

    +

    Parts of the function and macro names are made to match already +existing OpenSSL names.

    +

    EVP_PKEY in OSSL_SERIALIZER_CTX_new_by_EVP_PKEY() matches the type +name, thus making for the naming pattern +OSSL_SERIALIZER_CTX_new_by_TYPE() when new types are handled.

    +

    PUBKEY, PrivateKey and Parameters in the macro names match +the TYPE part of of PEM_write_bio_TYPE functions as well +as i2d_TYPE_bio functions.

    +

    +

    +
    +

    SEE ALSO

    +

    provider(7), OSSL_SERIALIZER(3), OSSL_SERIALIZER_CTX(3)

    +

    +

    +
    +

    HISTORY

    +

    The functions described here were added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/OSSL_SERIALIZER_to_bio.html b/linux_amd64/share/doc/openssl/html/man3/OSSL_SERIALIZER_to_bio.html new file mode 100755 index 0000000..75870a9 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/OSSL_SERIALIZER_to_bio.html @@ -0,0 +1,92 @@ + + + + +OSSL_SERIALIZER_to_bio + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OSSL_SERIALIZER_to_bio, +OSSL_SERIALIZER_to_fp +- Serializer file output routines

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/serializer.h>
    +
    + int OSSL_SERIALIZER_to_bio(OSSL_SERIALIZER_CTX *ctx, BIO *out);
+ int OSSL_SERIALIZER_to_fp(OSSL_SERIALIZER_CTX *ctx, FILE *fp);
    +

    Feature availability macros:

    +
    +
    OSSL_SERIALIZER_to_fp() is only available when OPENSSL_NO_STDIO +is undefined.
    + +
    +

    +

    +
    +

    DESCRIPTION

    +

    OSSL_SERIALIZER_to_bio() runs the serialization process for the +context ctx, with the output going to the BIO out. The +application is required to set up the BIO properly, for example to +have it in text or binary mode if that's appropriate.

    +

    OSSL_SERIALIZER_to_fp() does the same thing as OSSL_SERIALIZER_to_bio(), +except that the output is going to the FILE fp.

    +

    +

    +
    +

    RETURN VALUES

    +

    OSSL_SERIALIZER_to_bio() and OSSL_SERIALIZER_to_fp() return 1 on +success, or 0 on failure.

    +

    +

    +
    +

    SEE ALSO

    +

    provider(7), OSSL_SERIALIZER_CTX(3)

    +

    +

    +
    +

    HISTORY

    +

    The functions described here were added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/OSSL_STORE_INFO.html b/linux_amd64/share/doc/openssl/html/man3/OSSL_STORE_INFO.html new file mode 100755 index 0000000..5929cbe --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/OSSL_STORE_INFO.html @@ -0,0 +1,242 @@ + + + + +OSSL_STORE_INFO + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OSSL_STORE_INFO, OSSL_STORE_INFO_get_type, OSSL_STORE_INFO_get0_NAME, +OSSL_STORE_INFO_get0_NAME_description, OSSL_STORE_INFO_get0_PARAMS, +OSSL_STORE_INFO_get0_PKEY, OSSL_STORE_INFO_get0_CERT, OSSL_STORE_INFO_get0_CRL, +OSSL_STORE_INFO_get1_NAME, OSSL_STORE_INFO_get1_NAME_description, +OSSL_STORE_INFO_get1_PARAMS, OSSL_STORE_INFO_get1_PKEY, +OSSL_STORE_INFO_get1_CERT, +OSSL_STORE_INFO_get1_CRL, OSSL_STORE_INFO_type_string, OSSL_STORE_INFO_free, +OSSL_STORE_INFO_new_NAME, OSSL_STORE_INFO_set0_NAME_description, +OSSL_STORE_INFO_new_PARAMS, OSSL_STORE_INFO_new_PKEY, OSSL_STORE_INFO_new_CERT, +OSSL_STORE_INFO_new_CRL - Functions to manipulate OSSL_STORE_INFO objects

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/store.h>
    +
    + typedef struct ossl_store_info_st OSSL_STORE_INFO;
    +
    + int OSSL_STORE_INFO_get_type(const OSSL_STORE_INFO *store_info);
+ const char *OSSL_STORE_INFO_get0_NAME(const OSSL_STORE_INFO *store_info);
+ char *OSSL_STORE_INFO_get1_NAME(const OSSL_STORE_INFO *store_info);
+ const char *OSSL_STORE_INFO_get0_NAME_description(const OSSL_STORE_INFO
+                                                   *store_info);
+ char *OSSL_STORE_INFO_get1_NAME_description(const OSSL_STORE_INFO *store_info);
+ EVP_PKEY *OSSL_STORE_INFO_get0_PARAMS(const OSSL_STORE_INFO *store_info);
+ EVP_PKEY *OSSL_STORE_INFO_get1_PARAMS(const OSSL_STORE_INFO *store_info);
+ EVP_PKEY *OSSL_STORE_INFO_get0_PKEY(const OSSL_STORE_INFO *store_info);
+ EVP_PKEY *OSSL_STORE_INFO_get1_PKEY(const OSSL_STORE_INFO *store_info);
+ X509 *OSSL_STORE_INFO_get0_CERT(const OSSL_STORE_INFO *store_info);
+ X509 *OSSL_STORE_INFO_get1_CERT(const OSSL_STORE_INFO *store_info);
+ X509_CRL *OSSL_STORE_INFO_get0_CRL(const OSSL_STORE_INFO *store_info);
+ X509_CRL *OSSL_STORE_INFO_get1_CRL(const OSSL_STORE_INFO *store_info);
    +
    + const char *OSSL_STORE_INFO_type_string(int type);
    +
    + void OSSL_STORE_INFO_free(OSSL_STORE_INFO *store_info);
    +
    + OSSL_STORE_INFO *OSSL_STORE_INFO_new_NAME(char *name);
+ int OSSL_STORE_INFO_set0_NAME_description(OSSL_STORE_INFO *info, char *desc);
+ OSSL_STORE_INFO *OSSL_STORE_INFO_new_PARAMS(DSA *dsa_params);
+ OSSL_STORE_INFO *OSSL_STORE_INFO_new_PKEY(EVP_PKEY *pkey);
+ OSSL_STORE_INFO *OSSL_STORE_INFO_new_CERT(X509 *x509);
+ OSSL_STORE_INFO *OSSL_STORE_INFO_new_CRL(X509_CRL *crl);
    +

    +

    +
    +

    DESCRIPTION

    +

    These functions are primarily useful for applications to retrieve +supported objects from OSSL_STORE_INFO objects and for scheme specific +loaders to create OSSL_STORE_INFO holders.

    +

    +

    +

    Types

    +

    OSSL_STORE_INFO is an opaque type that's just an intermediary holder for +the objects that have been retrieved by OSSL_STORE_load() and similar +functions. +Supported OpenSSL type object can be extracted using one of +STORE_INFO_get0_TYPE(). +The life time of this extracted object is as long as the life time of +the OSSL_STORE_INFO it was extracted from, so care should be taken not +to free the latter too early. +As an alternative, STORE_INFO_get1_TYPE() extracts a duplicate (or the +same object with its reference count increased), which can be used +after the containing OSSL_STORE_INFO has been freed. +The object returned by STORE_INFO_get1_TYPE() must be freed separately +by the caller. +See SUPPORTED OBJECTS for more information on the types that are +supported.

    +

    +

    +

    Functions

    +

    OSSL_STORE_INFO_get_type() takes a OSSL_STORE_INFO and returns the STORE +type number for the object inside. +STORE_INFO_get_type_string() takes a STORE type number and returns a +short string describing it.

    +

    OSSL_STORE_INFO_get0_NAME(), OSSL_STORE_INFO_get0_NAME_description(), +OSSL_STORE_INFO_get0_PARAMS(), OSSL_STORE_INFO_get0_PKEY(), +OSSL_STORE_INFO_get0_CERT() and OSSL_STORE_INFO_get0_CRL() all take a +OSSL_STORE_INFO and return the held object of the appropriate OpenSSL +type provided that's what's held.

    +

    OSSL_STORE_INFO_get1_NAME(), OSSL_STORE_INFO_get1_NAME_description(), +OSSL_STORE_INFO_get1_PARAMS(), OSSL_STORE_INFO_get1_PKEY(), +OSSL_STORE_INFO_get1_CERT() and OSSL_STORE_INFO_get1_CRL() all take a +OSSL_STORE_INFO and return a duplicate of the held object of the +appropriate OpenSSL type provided that's what's held.

    +

    OSSL_STORE_INFO_free() frees a OSSL_STORE_INFO and its contained type.

    +

    OSSL_STORE_INFO_new_NAME() , OSSL_STORE_INFO_new_PARAMS(), +OSSL_STORE_INFO_new_PKEY(), OSSL_STORE_INFO_new_CERT() and +OSSL_STORE_INFO_new_CRL() create a OSSL_STORE_INFO +object to hold the given input object. +Additionally, for OSSL_STORE_INFO_NAME` objects, +OSSL_STORE_INFO_set0_NAME_description() can be used to add an extra +description. +This description is meant to be human readable and should be used for +information printout.

    +

    +

    +
    +

    SUPPORTED OBJECTS

    +

    Currently supported object types are:

    +
    +
    OSSL_STORE_INFO_NAME
    + +
    +

    A name is exactly that, a name. +It's like a name in a directory, but formatted as a complete URI. +For example, the path in URI file:/foo/bar/ could include a file +named cookie.pem, and in that case, the returned OSSL_STORE_INFO_NAME +object would have the URI file:/foo/bar/cookie.pem, which can be +used by the application to get the objects in that file. +This can be applied to all schemes that can somehow support a listing +of object URIs.

    +

    For file: URIs that are used without the explicit scheme, the +returned name will be the path of each object, so if /foo/bar was +given and that path has the file cookie.pem, the name +/foo/bar/cookie.pem will be returned.

    +

    The returned URI is considered canonical and must be unique and permanent +for the storage where the object (or collection of objects) resides. +Each loader is responsible for ensuring that it only returns canonical +URIs. +However, it's possible that certain schemes allow an object (or collection +thereof) to be reached with alternative URIs; just because one URI is +canonical doesn't mean that other variants can't be used.

    +

    At the discretion of the loader that was used to get these names, an +extra description may be attached as well.

    +
    +
    OSSL_STORE_INFO_PARAMS
    + +
    +

    Key parameters.

    +
    +
    OSSL_STORE_INFO_PKEY
    + +
    +

    A private/public key of some sort.

    +
    +
    OSSL_STORE_INFO_CERT
    + +
    +

    An X.509 certificate.

    +
    +
    OSSL_STORE_INFO_CRL
    + +
    +

    A X.509 certificate revocation list.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    OSSL_STORE_INFO_get_type() returns the STORE type number of the given +OSSL_STORE_INFO. +There is no error value.

    +

    OSSL_STORE_INFO_get0_NAME(), OSSL_STORE_INFO_get0_NAME_description(), +OSSL_STORE_INFO_get0_PARAMS(), OSSL_STORE_INFO_get0_PKEY(), +OSSL_STORE_INFO_get0_CERT() and OSSL_STORE_INFO_get0_CRL() all return +a pointer to the OpenSSL object on success, NULL otherwise.

    +

    OSSL_STORE_INFO_get0_NAME(), OSSL_STORE_INFO_get0_NAME_description(), +OSSL_STORE_INFO_get0_PARAMS(), OSSL_STORE_INFO_get0_PKEY(), +OSSL_STORE_INFO_get0_CERT() and OSSL_STORE_INFO_get0_CRL() all return +a pointer to a duplicate of the OpenSSL object on success, NULL otherwise.

    +

    OSSL_STORE_INFO_type_string() returns a string on success, or NULL on +failure.

    +

    OSSL_STORE_INFO_new_NAME(), OSSL_STORE_INFO_new_PARAMS(), +OSSL_STORE_INFO_new_PKEY(), OSSL_STORE_INFO_new_CERT() and +OSSL_STORE_INFO_new_CRL() return a OSSL_STORE_INFO +pointer on success, or NULL on failure.

    +

    OSSL_STORE_INFO_set0_NAME_description() returns 1 on success, or 0 on +failure.

    +

    +

    +
    +

    SEE ALSO

    +

    ossl_store(7), OSSL_STORE_open(3), OSSL_STORE_register_loader(3)

    +

    +

    +
    +

    HISTORY

    +

    OSSL_STORE_INFO(), OSSL_STORE_INFO_get_type(), OSSL_STORE_INFO_get0_NAME(), +OSSL_STORE_INFO_get0_PARAMS(), OSSL_STORE_INFO_get0_PKEY(), +OSSL_STORE_INFO_get0_CERT(), OSSL_STORE_INFO_get0_CRL(), +OSSL_STORE_INFO_type_string(), OSSL_STORE_INFO_free(), OSSL_STORE_INFO_new_NAME(), +OSSL_STORE_INFO_new_PARAMS(), OSSL_STORE_INFO_new_PKEY(), +OSSL_STORE_INFO_new_CERT() and OSSL_STORE_INFO_new_CRL() +were added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/OSSL_STORE_LOADER.html b/linux_amd64/share/doc/openssl/html/man3/OSSL_STORE_LOADER.html new file mode 100755 index 0000000..d265762 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/OSSL_STORE_LOADER.html @@ -0,0 +1,288 @@ + + + + +OSSL_STORE_LOADER + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    OSSL_STORE_LOADER, OSSL_STORE_LOADER_CTX, OSSL_STORE_LOADER_new, +OSSL_STORE_LOADER_get0_engine, OSSL_STORE_LOADER_get0_scheme, +OSSL_STORE_LOADER_set_open, OSSL_STORE_LOADER_set_ctrl, +OSSL_STORE_LOADER_set_expect, OSSL_STORE_LOADER_set_find, +OSSL_STORE_LOADER_set_load, OSSL_STORE_LOADER_set_eof, +OSSL_STORE_LOADER_set_error, OSSL_STORE_LOADER_set_close, +OSSL_STORE_LOADER_free, OSSL_STORE_register_loader, +OSSL_STORE_unregister_loader, OSSL_STORE_open_fn, OSSL_STORE_ctrl_fn, +OSSL_STORE_expect_fn, OSSL_STORE_find_fn, +OSSL_STORE_load_fn, OSSL_STORE_eof_fn, OSSL_STORE_error_fn, +OSSL_STORE_close_fn - Types and functions to manipulate, register and +unregister STORE loaders for different URI schemes

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/store.h>
    +
    + typedef struct ossl_store_loader_st OSSL_STORE_LOADER;
    +
    + OSSL_STORE_LOADER *OSSL_STORE_LOADER_new(ENGINE *e, const char *scheme);
+ const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER
+                                             *store_loader);
+ const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER
+                                           *store_loader);
    +
    + /* struct ossl_store_loader_ctx_st is defined differently by each loader */
+ typedef struct ossl_store_loader_ctx_st OSSL_STORE_LOADER_CTX;
    +
    + typedef OSSL_STORE_LOADER_CTX *(*OSSL_STORE_open_fn)(const char *uri,
+                                                      const UI_METHOD *ui_method,
+                                                      void *ui_data);
+ int OSSL_STORE_LOADER_set_open(OSSL_STORE_LOADER *store_loader,
+                                OSSL_STORE_open_fn store_open_function);
+ typedef int (*OSSL_STORE_ctrl_fn)(OSSL_STORE_LOADER_CTX *ctx, int cmd,
+                                   va_list args);
+ int OSSL_STORE_LOADER_set_ctrl(OSSL_STORE_LOADER *store_loader,
+                                OSSL_STORE_ctrl_fn store_ctrl_function);
+ typedef int (*OSSL_STORE_expect_fn)(OSSL_STORE_LOADER_CTX *ctx, int expected);
+ int OSSL_STORE_LOADER_set_expect(OSSL_STORE_LOADER *loader,
+                                  OSSL_STORE_expect_fn expect_function);
+ typedef int (*OSSL_STORE_find_fn)(OSSL_STORE_LOADER_CTX *ctx,
+                                   OSSL_STORE_SEARCH *criteria);
+ int OSSL_STORE_LOADER_set_find(OSSL_STORE_LOADER *loader,
+                                OSSL_STORE_find_fn find_function);
+ typedef OSSL_STORE_INFO *(*OSSL_STORE_load_fn)(OSSL_STORE_LOADER_CTX *ctx,
+                                                UI_METHOD *ui_method,
+                                                void *ui_data);
+ int OSSL_STORE_LOADER_set_load(OSSL_STORE_LOADER *store_loader,
+                                OSSL_STORE_load_fn store_load_function);
+ typedef int (*OSSL_STORE_eof_fn)(OSSL_STORE_LOADER_CTX *ctx);
+ int OSSL_STORE_LOADER_set_eof(OSSL_STORE_LOADER *store_loader,
+                               OSSL_STORE_eof_fn store_eof_function);
+ typedef int (*OSSL_STORE_error_fn)(OSSL_STORE_LOADER_CTX *ctx);
+ int OSSL_STORE_LOADER_set_error(OSSL_STORE_LOADER *store_loader,
+                                 OSSL_STORE_error_fn store_error_function);
+ typedef int (*OSSL_STORE_close_fn)(OSSL_STORE_LOADER_CTX *ctx);
+ int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *store_loader,
+                                 OSSL_STORE_close_fn store_close_function);
+ void OSSL_STORE_LOADER_free(OSSL_STORE_LOADER *store_loader);
    +
    + int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader);
+ OSSL_STORE_LOADER *OSSL_STORE_unregister_loader(const char *scheme);
    +

    +

    +
    +

    DESCRIPTION

    +

    These functions help applications and engines to create loaders for +schemes they support.

    +

    +

    +

    Types

    +

    OSSL_STORE_LOADER is the type to hold a loader. +It contains a scheme and the functions needed to implement +OSSL_STORE_open(), OSSL_STORE_load(), OSSL_STORE_eof(), OSSL_STORE_error() and +OSSL_STORE_close() for this scheme.

    +

    OSSL_STORE_LOADER_CTX is a type template, to be defined by each loader +using struct ossl_store_loader_ctx_st { ... }.

    +

    OSSL_STORE_open_fn, OSSL_STORE_ctrl_fn, OSSL_STORE_expect_fn, +OSSL_STORE_find_fn, OSSL_STORE_load_fn, OSSL_STORE_eof_fn, +and OSSL_STORE_close_fn +are the function pointer types used within a STORE loader. +The functions pointed at define the functionality of the given loader.

    +
    +
    OSSL_STORE_open_fn
    + +
    +

    This function takes a URI and is expected to interpret it in the best +manner possible according to the scheme the loader implements, it also +takes a UI_METHOD and associated data, to be used any time +something needs to be prompted for. +Furthermore, this function is expected to initialize what needs to be +initialized, to create a private data store (OSSL_STORE_LOADER_CTX, see +above), and to return it. +If something goes wrong, this function is expected to return NULL.

    +
    +
    OSSL_STORE_ctrl_fn
    + +
    +

    This function takes a OSSL_STORE_LOADER_CTX pointer, a command number +cmd and a va_list args and is used to manipulate loader +specific parameters.

    +

    Loader specific command numbers must begin at OSSL_STORE_C_CUSTOM_START. +Any number below that is reserved for future globally known command +numbers.

    +

    This function is expected to return 1 on success, 0 on error.

    +
    +
    OSSL_STORE_expect_fn
    + +
    +

    This function takes a OSSL_STORE_LOADER_CTX pointer and a OSSL_STORE_INFO +identity expected, and is used to tell the loader what object type is +expected. +expected may be zero to signify that no specific object type is expected.

    +

    This function is expected to return 1 on success, 0 on error.

    +
    +
    OSSL_STORE_find_fn
    + +
    +

    This function takes a OSSL_STORE_LOADER_CTX pointer and a +OSSL_STORE_SEARCH search criterion, and is used to tell the loader what +to search for.

    +

    When called with the loader context being NULL, this function is expected +to return 1 if the loader supports the criterion, otherwise 0.

    +

    When called with the loader context being something other than NULL, this +function is expected to return 1 on success, 0 on error.

    +
    +
    OSSL_STORE_load_fn
    + +
    +

    This function takes a OSSL_STORE_LOADER_CTX pointer and a UI_METHOD +with associated data. +It's expected to load the next available data, mold it into a data +structure that can be wrapped in a OSSL_STORE_INFO using one of the +OSSL_STORE_INFO(3) functions. +If no more data is available or an error occurs, this function is +expected to return NULL. +The OSSL_STORE_eof_fn and OSSL_STORE_error_fn functions must indicate if +it was in fact the end of data or if an error occurred.

    +

    Note that this function retrieves one data item only.

    +
    +
    OSSL_STORE_eof_fn
    + +
    +

    This function takes a OSSL_STORE_LOADER_CTX pointer and is expected to +return 1 to indicate that the end of available data has been reached. +It is otherwise expected to return 0.

    +
    +
    OSSL_STORE_error_fn
    + +
    +

    This function takes a OSSL_STORE_LOADER_CTX pointer and is expected to +return 1 to indicate that an error occurred in a previous call to the +OSSL_STORE_load_fn function. +It is otherwise expected to return 0.

    +
    +
    OSSL_STORE_close_fn
    + +
    +

    This function takes a OSSL_STORE_LOADER_CTX pointer and is expected to +close or shut down what needs to be closed, and finally free the +contents of the OSSL_STORE_LOADER_CTX pointer. +It returns 1 on success and 0 on error.

    +
    +
    +

    +

    +

    Functions

    +

    OSSL_STORE_LOADER_new() creates a new OSSL_STORE_LOADER. +It takes an ENGINE e and a string scheme. +scheme must always be set. +Both e and scheme are used as is and must therefore be alive as +long as the created loader is.

    +

    OSSL_STORE_LOADER_get0_engine() returns the engine of the store_loader. +OSSL_STORE_LOADER_get0_scheme() returns the scheme of the store_loader.

    +

    OSSL_STORE_LOADER_set_open() sets the opener function for the +store_loader.

    +

    OSSL_STORE_LOADER_set_ctrl() sets the control function for the +store_loader.

    +

    OSSL_STORE_LOADER_set_expect() sets the expect function for the +store_loader.

    +

    OSSL_STORE_LOADER_set_load() sets the loader function for the +store_loader.

    +

    OSSL_STORE_LOADER_set_eof() sets the end of file checker function for the +store_loader.

    +

    OSSL_STORE_LOADER_set_close() sets the closing function for the +store_loader.

    +

    OSSL_STORE_LOADER_free() frees the given store_loader.

    +

    OSSL_STORE_register_loader() register the given store_loader and thereby +makes it available for use with OSSL_STORE_open(), OSSL_STORE_load(), +OSSL_STORE_eof() and OSSL_STORE_close().

    +

    OSSL_STORE_unregister_loader() unregister the store loader for the given +scheme.

    +

    +

    +
    +

    NOTES

    +

    The file: scheme has built in support.

    +

    +

    +
    +

    RETURN VALUES

    +

    The functions with the types OSSL_STORE_open_fn, OSSL_STORE_ctrl_fn, +OSSL_STORE_expect_fn, +OSSL_STORE_load_fn, OSSL_STORE_eof_fn and OSSL_STORE_close_fn have the +same return values as OSSL_STORE_open(), OSSL_STORE_ctrl(), OSSL_STORE_expect(), +OSSL_STORE_load(), OSSL_STORE_eof() and OSSL_STORE_close(), respectively.

    +

    OSSL_STORE_LOADER_new() returns a pointer to a OSSL_STORE_LOADER on success, +or NULL on failure.

    +

    OSSL_STORE_LOADER_set_open(), OSSL_STORE_LOADER_set_ctrl(), +OSSL_STORE_LOADER_set_load(), OSSL_STORE_LOADER_set_eof() and +OSSL_STORE_LOADER_set_close() return 1 on success, or 0 on failure.

    +

    OSSL_STORE_register_loader() returns 1 on success, or 0 on failure.

    +

    OSSL_STORE_unregister_loader() returns the unregistered loader on success, +or NULL on failure.

    +

    +

    +
    +

    SEE ALSO

    +

    ossl_store(7), OSSL_STORE_open(3)

    +

    +

    +
    +

    HISTORY

    +

    OSSL_STORE_LOADER(), OSSL_STORE_LOADER_CTX(), OSSL_STORE_LOADER_new(), +OSSL_STORE_LOADER_set0_scheme(), OSSL_STORE_LOADER_set_open(), +OSSL_STORE_LOADER_set_ctrl(), OSSL_STORE_LOADER_set_load(), +OSSL_STORE_LOADER_set_eof(), OSSL_STORE_LOADER_set_close(), +OSSL_STORE_LOADER_free(), OSSL_STORE_register_loader(), +OSSL_STORE_unregister_loader(), OSSL_STORE_open_fn(), OSSL_STORE_ctrl_fn(), +OSSL_STORE_load_fn(), OSSL_STORE_eof_fn() and OSSL_STORE_close_fn() +were added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/OSSL_STORE_SEARCH.html b/linux_amd64/share/doc/openssl/html/man3/OSSL_STORE_SEARCH.html new file mode 100755 index 0000000..d2d3a87 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/OSSL_STORE_SEARCH.html @@ -0,0 +1,234 @@ + + + + +OSSL_STORE_SEARCH + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OSSL_STORE_SEARCH, +OSSL_STORE_SEARCH_by_name, +OSSL_STORE_SEARCH_by_issuer_serial, +OSSL_STORE_SEARCH_by_key_fingerprint, +OSSL_STORE_SEARCH_by_alias, +OSSL_STORE_SEARCH_free, +OSSL_STORE_SEARCH_get_type, +OSSL_STORE_SEARCH_get0_name, +OSSL_STORE_SEARCH_get0_serial, +OSSL_STORE_SEARCH_get0_bytes, +OSSL_STORE_SEARCH_get0_string, +OSSL_STORE_SEARCH_get0_digest +- Type and functions to create OSSL_STORE search criteria

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/store.h>
    +
    + typedef struct ossl_store_search_st OSSL_STORE_SEARCH;
    +
    + OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_name(X509_NAME *name);
+ OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_issuer_serial(X509_NAME *name,
+                                                       const ASN1_INTEGER
+                                                       *serial);
+ OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_key_fingerprint(const EVP_MD *digest,
+                                                         const unsigned char
+                                                         *bytes, int len);
+ OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_alias(const char *alias);
    +
    + void OSSL_STORE_SEARCH_free(OSSL_STORE_SEARCH *search);
    +
    + int OSSL_STORE_SEARCH_get_type(const OSSL_STORE_SEARCH *criterion);
+ X509_NAME *OSSL_STORE_SEARCH_get0_name(OSSL_STORE_SEARCH *criterion);
+ const ASN1_INTEGER *OSSL_STORE_SEARCH_get0_serial(const OSSL_STORE_SEARCH
+                                                   *criterion);
+ const unsigned char *OSSL_STORE_SEARCH_get0_bytes(const OSSL_STORE_SEARCH
+                                                   *criterion, size_t *length);
+ const char *OSSL_STORE_SEARCH_get0_string(const OSSL_STORE_SEARCH *criterion);
+ const EVP_MD *OSSL_STORE_SEARCH_get0_digest(const OSSL_STORE_SEARCH
+                                             *criterion);
    +

    +

    +
    +

    DESCRIPTION

    +

    These functions are used to specify search criteria to help search for specific +objects through other names than just the URI that's given to OSSL_STORE_open(). +For example, this can be useful for an application that has received a URI +and then wants to add on search criteria in a uniform and supported manner.

    +

    +

    +

    Types

    +

    OSSL_STORE_SEARCH is an opaque type that holds the constructed search +criterion, and that can be given to an OSSL_STORE context with +OSSL_STORE_find().

    +

    The calling application owns the allocation of an OSSL_STORE_SEARCH at all +times, and should therefore be careful not to deallocate it before +OSSL_STORE_close() has been called for the OSSL_STORE context it was given +to.

    +

    +

    +

    Application Functions

    +

    OSSL_STORE_SEARCH_by_name(), +OSSL_STORE_SEARCH_by_issuer_serial(), +OSSL_STORE_SEARCH_by_key_fingerprint(), +and OSSL_STORE_SEARCH_by_alias() +are used to create an OSSL_STORE_SEARCH from a subject name, an issuer name +and serial number pair, a key fingerprint, and an alias (for example a friendly +name). +The parameters that are provided are not copied, only referred to in a +criterion, so they must have at least the same life time as the created +OSSL_STORE_SEARCH.

    +

    OSSL_STORE_SEARCH_free() is used to free the OSSL_STORE_SEARCH.

    +

    +

    +

    Loader Functions

    +

    OSSL_STORE_SEARCH_get_type() returns the criterion type for the given +OSSL_STORE_SEARCH.

    +

    OSSL_STORE_SEARCH_get0_name(), OSSL_STORE_SEARCH_get0_serial(), +OSSL_STORE_SEARCH_get0_bytes(), OSSL_STORE_SEARCH_get0_string(), +and OSSL_STORE_SEARCH_get0_digest() +are used to retrieve different data from a OSSL_STORE_SEARCH, as +available for each type. +For more information, see SUPPORTED CRITERION TYPES below.

    +

    +

    +
    +

    SUPPORTED CRITERION TYPES

    +

    Currently supported criterion types are:

    +
    +
    OSSL_STORE_SEARCH_BY_NAME
    + +
    +

    This criterion supports a search by exact match of subject name. +The subject name itself is a X509_NAME pointer. +A criterion of this type is created with OSSL_STORE_SEARCH_by_name(), +and the actual subject name is retrieved with OSSL_STORE_SEARCH_get0_name().

    +
    +
    OSSL_STORE_SEARCH_BY_ISSUER_SERIAL
    + +
    +

    This criterion supports a search by exact match of both issuer name and serial +number. +The issuer name itself is a X509_NAME pointer, and the serial number is +a ASN1_INTEGER pointer. +A criterion of this type is created with OSSL_STORE_SEARCH_by_issuer_serial() +and the actual issuer name and serial number are retrieved with +OSSL_STORE_SEARCH_get0_name() and OSSL_STORE_SEARCH_get0_serial().

    +
    +
    OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT
    + +
    +

    This criterion supports a search by exact match of key fingerprint. +The key fingerprint in itself is a string of bytes and its length, as +well as the algorithm that was used to compute the fingerprint. +The digest may be left unspecified (NULL), and in that case, the +loader has to decide on a default digest and compare fingerprints +accordingly. +A criterion of this type is created with OSSL_STORE_SEARCH_by_key_fingerprint() +and the actual fingerprint and its length can be retrieved with +OSSL_STORE_SEARCH_get0_bytes(). +The digest can be retrieved with OSSL_STORE_SEARCH_get0_digest().

    +
    +
    OSSL_STORE_SEARCH_BY_ALIAS
    + +
    +

    This criterion supports a search by match of an alias of some kind. +The alias in itself is a simple C string. +A criterion of this type is created with OSSL_STORE_SEARCH_by_alias() +and the actual alias is retrieved with OSSL_STORE_SEARCH_get0_string().

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    OSSL_STORE_SEARCH_by_name(), +OSSL_STORE_SEARCH_by_issuer_serial(), +OSSL_STORE_SEARCH_by_key_fingerprint(), +and OSSL_STORE_SEARCH_by_alias() +return a OSSL_STORE_SEARCH pointer on success, or NULL on failure.

    +

    OSSL_STORE_SEARCH_get_type() returns the criterion type of the given +OSSL_STORE_SEARCH. +There is no error value.

    +

    OSSL_STORE_SEARCH_get0_name() returns a X509_NAME pointer on success, +or NULL when the given OSSL_STORE_SEARCH was of a different type.

    +

    OSSL_STORE_SEARCH_get0_serial() returns a ASN1_INTEGER pointer on success, +or NULL when the given OSSL_STORE_SEARCH was of a different type.

    +

    OSSL_STORE_SEARCH_get0_bytes() returns a const unsigned char pointer and +sets *length to the strings length on success, or NULL when the given +OSSL_STORE_SEARCH was of a different type.

    +

    OSSL_STORE_SEARCH_get0_string() returns a const char pointer on success, +or NULL when the given OSSL_STORE_SEARCH was of a different type.

    +

    OSSL_STORE_SEARCH_get0_digest() returns a const EVP_MD pointer. +NULL is a valid value and means that the store loader default will +be used when applicable.

    +

    +

    +
    +

    SEE ALSO

    +

    ossl_store(7), OSSL_STORE_supports_search(3), OSSL_STORE_find(3)

    +

    +

    +
    +

    HISTORY

    +

    OSSL_STORE_SEARCH, +OSSL_STORE_SEARCH_by_name(), +OSSL_STORE_SEARCH_by_issuer_serial(), +OSSL_STORE_SEARCH_by_key_fingerprint(), +OSSL_STORE_SEARCH_by_alias(), +OSSL_STORE_SEARCH_free(), +OSSL_STORE_SEARCH_get_type(), +OSSL_STORE_SEARCH_get0_name(), +OSSL_STORE_SEARCH_get0_serial(), +OSSL_STORE_SEARCH_get0_bytes(), +and OSSL_STORE_SEARCH_get0_string() +were added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/OSSL_STORE_expect.html b/linux_amd64/share/doc/openssl/html/man3/OSSL_STORE_expect.html new file mode 100755 index 0000000..a91b49b --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/OSSL_STORE_expect.html @@ -0,0 +1,114 @@ + + + + +OSSL_STORE_expect + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OSSL_STORE_expect, +OSSL_STORE_supports_search, +OSSL_STORE_find +- Specify what object type is expected

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/store.h>
    +
    + int OSSL_STORE_expect(OSSL_STORE_CTX *ctx, int expected_type);
    +
    + int OSSL_STORE_supports_search(OSSL_STORE_CTX *ctx, int criterion_type);
    +
    + int OSSL_STORE_find(OSSL_STORE_CTX *ctx, OSSL_STORE_SEARCH *search);
    +

    +

    +
    +

    DESCRIPTION

    +

    OSSL_STORE_expect() helps applications filter what OSSL_STORE_load() returns +by specifying a OSSL_STORE_INFO type. +For example, if file:/foo/bar/store.pem contains several different objects +and only the certificates are interesting, the application can simply say +that it expects the type OSSL_STORE_INFO_CERT. +All known object types (see OSSL_STORE_INFO(3)/SUPPORTED OBJECTS) +except for OSSL_STORE_INFO_NAME are supported.

    +

    OSSL_STORE_find() helps applications specify a criterion for a more fine +grained search of objects.

    +

    OSSL_STORE_supports_search() checks if the loader of the given OSSL_STORE +context supports the given search type. +See OSSL_STORE_SEARCH(3)/SUPPORTED CRITERION TYPES for information on the +supported search criterion types.

    +

    OSSL_STORE_expect() and OSSL_STORE_find must be called before the first +OSSL_STORE_load() of a given session, or they will fail.

    +

    +

    +
    +

    NOTES

    +

    If a more elaborate filter is required by the application, a better choice +would be to use a post-processing function. +See OSSL_STORE_open(3) for more information.

    +

    However, some loaders may take advantage of the knowledge of an expected type +to make object retrieval more efficient, so if a single type is expected, this +method is usually preferable.

    +

    +

    +
    +

    RETURN VALUES

    +

    OSSL_STORE_expect() returns 1 on success, or 0 on failure.

    +

    OSSL_STORE_supports_search() returns 1 if the criterion is supported, or 0 +otherwise.

    +

    OSSL_STORE_find() returns 1 on success, or 0 on failure.

    +

    +

    +
    +

    SEE ALSO

    +

    ossl_store(7), OSSL_STORE_INFO(3), OSSL_STORE_SEARCH(3), +OSSL_STORE_load(3)

    +

    +

    +
    +

    HISTORY

    +

    OSSL_STORE_expect(), OSSL_STORE_supports_search() and OSSL_STORE_find() +were added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/OSSL_STORE_open.html b/linux_amd64/share/doc/openssl/html/man3/OSSL_STORE_open.html new file mode 100755 index 0000000..28015fd --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/OSSL_STORE_open.html @@ -0,0 +1,196 @@ + + + + +OSSL_STORE_open + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OSSL_STORE_CTX, OSSL_STORE_post_process_info_fn, OSSL_STORE_open, +OSSL_STORE_ctrl, OSSL_STORE_load, OSSL_STORE_eof, OSSL_STORE_error, +OSSL_STORE_close - Types and functions to read objects from a URI

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/store.h>
    +
    + typedef struct ossl_store_ctx_st OSSL_STORE_CTX;
    +
    + typedef OSSL_STORE_INFO *(*OSSL_STORE_post_process_info_fn)(OSSL_STORE_INFO *,
+                                                             void *);
    +
    + OSSL_STORE_CTX *OSSL_STORE_open(const char *uri, const UI_METHOD *ui_method,
+                                 void *ui_data,
+                                 OSSL_STORE_post_process_info_fn post_process,
+                                 void *post_process_data);
+ int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd, ... /* args */);
+ OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx);
+ int OSSL_STORE_eof(OSSL_STORE_CTX *ctx);
+ int OSSL_STORE_error(OSSL_STORE_CTX *ctx);
+ int OSSL_STORE_close(OSSL_STORE_CTX *ctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    These functions help the application to fetch supported objects (see +OSSL_STORE_INFO(3)/SUPPORTED OBJECTS for information on which those are) +from a given URI (see SUPPORTED SCHEMES for more information on +the supported URI schemes). +The general method to do so is to "open" the URI using OSSL_STORE_open(), +read each available and supported object using OSSL_STORE_load() as long as +OSSL_STORE_eof() hasn't been reached, and finish it off with OSSL_STORE_close().

    +

    The retrieved information is stored in a OSSL_STORE_INFO, which is further +described in OSSL_STORE_INFO(3).

    +

    +

    +

    Types

    +

    OSSL_STORE_CTX is a context variable that holds all the internal +information for OSSL_STORE_open(), OSSL_STORE_load(), OSSL_STORE_eof() and +OSSL_STORE_close() to work together.

    +

    +

    +

    Functions

    +

    OSSL_STORE_open() takes a uri or path uri, password UI method +ui_method with associated data ui_data, and post processing +callback post_process with associated data post_process_data, +opens a channel to the data located at that URI and returns a +OSSL_STORE_CTX with all necessary internal information. +The given ui_method and ui_data_data will be reused by all +functions that use OSSL_STORE_CTX when interaction is needed. +The given post_process and post_process_data will be reused by +OSSL_STORE_load() to manipulate or drop the value to be returned. +The post_process function drops values by returning NULL, which +will cause OSSL_STORE_load() to start its process over with loading +the next object, until post_process returns something other than +NULL, or the end of data is reached as indicated by OSSL_STORE_eof().

    +

    OSSL_STORE_ctrl() takes a OSSL_STORE_CTX, and command number cmd and +more arguments not specified here. +The available loader specific command numbers and arguments they each +take depends on the loader that's used and is documented together with +that loader.

    +

    There are also global controls available:

    +
    +
    OSSL_STORE_C_USE_SECMEM
    + +
    +

    Controls if the loader should attempt to use secure memory for any +allocated OSSL_STORE_INFO and its contents. +This control expects one argument, a pointer to an int that is expected to +have the value 1 (yes) or 0 (no). +Any other value is an error.

    +
    +
    +

    OSSL_STORE_load() takes a OSSL_STORE_CTX, tries to load the next available +object and return it wrapped with OSSL_STORE_INFO.

    +

    OSSL_STORE_eof() takes a OSSL_STORE_CTX and checks if we've reached the end +of data.

    +

    OSSL_STORE_error() takes a OSSL_STORE_CTX and checks if an error occurred in +the last OSSL_STORE_load() call. +Note that it may still be meaningful to try and load more objects, unless +OSSL_STORE_eof() shows that the end of data has been reached.

    +

    OSSL_STORE_close() takes a OSSL_STORE_CTX, closes the channel that was opened +by OSSL_STORE_open() and frees all other information that was stored in the +OSSL_STORE_CTX, as well as the OSSL_STORE_CTX itself.

    +

    +

    +
    +

    SUPPORTED SCHEMES

    +

    The basic supported scheme is file:. +Any other scheme can be added dynamically, using +OSSL_STORE_register_loader().

    +

    +

    +
    +

    NOTES

    +

    A string without a scheme prefix (that is, a non-URI string) is +implicitly interpreted as using the file: scheme.

    +

    There are some tools that can be used together with +OSSL_STORE_open() to determine if any failure is caused by an unparsable +URI, or if it's a different error (such as memory allocation +failures); if the URI was parsable but the scheme unregistered, the +top error will have the reason OSSL_STORE_R_UNREGISTERED_SCHEME.

    +

    These functions make no direct assumption regarding the pass phrase received +from the password callback. +The loaders may make assumptions, however. +For example, the file: scheme loader inherits the assumptions made by +OpenSSL functionality that handles the different file types; this is mostly +relevant for PKCS#12 objects. +See passphrase-encoding(7) for further information.

    +

    +

    +
    +

    RETURN VALUES

    +

    OSSL_STORE_open() returns a pointer to a OSSL_STORE_CTX on success, or +NULL on failure.

    +

    OSSL_STORE_load() returns a pointer to a OSSL_STORE_INFO on success, or +NULL on error or when end of data is reached. +Use OSSL_STORE_error() and OSSL_STORE_eof() to determine the meaning of a +returned NULL.

    +

    OSSL_STORE_eof() returns 1 if the end of data has been reached, otherwise +0.

    +

    OSSL_STORE_error() returns 1 if an error occurred in an OSSL_STORE_load() call, +otherwise 0.

    +

    OSSL_STORE_ctrl() and OSSL_STORE_close() returns 1 on success, or 0 on failure.

    +

    +

    +
    +

    SEE ALSO

    +

    ossl_store(7), OSSL_STORE_INFO(3), OSSL_STORE_register_loader(3), +passphrase-encoding(7)

    +

    +

    +
    +

    HISTORY

    +

    OSSL_STORE_CTX(), OSSL_STORE_post_process_info_fn(), OSSL_STORE_open(), +OSSL_STORE_ctrl(), OSSL_STORE_load(), OSSL_STORE_eof() and OSSL_STORE_close() +were added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/OSSL_trace_enabled.html b/linux_amd64/share/doc/openssl/html/man3/OSSL_trace_enabled.html new file mode 100755 index 0000000..8494680 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/OSSL_trace_enabled.html @@ -0,0 +1,308 @@ + + + + +OSSL_trace_enabled + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    OSSL_trace_enabled, OSSL_trace_begin, OSSL_trace_end, +OSSL_TRACE_BEGIN, OSSL_TRACE_END, OSSL_TRACE_CANCEL, +OSSL_TRACE, OSSL_TRACE1, OSSL_TRACE2, OSSL_TRACE3, OSSL_TRACE4, +OSSL_TRACE5, OSSL_TRACE6, OSSL_TRACE7, OSSL_TRACE8, OSSL_TRACE9, +OSSL_TRACEV, +OSSL_TRACE_ENABLED +- OpenSSL Tracing API

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/trace.h>
    +
    + int OSSL_trace_enabled(int category);
    +
    + BIO *OSSL_trace_begin(int category);
+ void OSSL_trace_end(int category, BIO *channel);
    +
    + /* trace group macros */
+ OSSL_TRACE_BEGIN(category) {
+     ...
+     if (some_error) {
+         /* Leave trace group prematurely in case of an error */
+         OSSL_TRACE_CANCEL(category);
+         goto err;
+     }
+     ...
+ } OSSL_TRACE_END(category);
    +
    + /* one-shot trace macros */
+ OSSL_TRACE1(category, format, arg1)
+ OSSL_TRACE2(category, format, arg1, arg2)
+ ...
+ OSSL_TRACE9(category, format, arg1, ..., arg9)
    +
    + /* check whether a trace category is enabled */
+ if (OSSL_TRACE_ENABLED(category)) {
+     ...
+ }
    +

    +

    +
    +

    DESCRIPTION

    +

    The functions described here are mainly interesting for those who provide +OpenSSL functionality, either in OpenSSL itself or in engine modules +or similar.

    +

    If tracing is enabled (see NOTES below), these functions are used to +generate free text tracing output.

    +

    The tracing output is divided into types which are enabled +individually by the application. +The tracing types are described in detail in +OSSL_trace_set_callback(3)/Trace types. +The fallback type OSSL_TRACE_CATEGORY_ALL should not be used +with the functions described here.

    +

    Tracing for a specific category is enabled if a so called +trace channel is attached to it. A trace channel is simply a +BIO object to which the application can write its trace output.

    +

    The application has two different ways of registering a trace channel, +either by directly providing a BIO object using OSSL_trace_set_channel(), +or by providing a callback routine using OSSL_trace_set_callback(). +The latter is wrapped internally by a dedicated BIO object, so for the +tracing code both channel types are effectively indistinguishable. +We call them a simple trace channel and a callback trace channel, +respectively.

    +

    To produce trace output, it is necessary to obtain a pointer to the +trace channel (i.e., the BIO object) using OSSL_trace_begin(), write +to it using arbitrary BIO output routines, and finally releases the +channel using OSSL_trace_end(). The OSSL_trace_begin()/OSSL_trace_end() +calls surrounding the trace output create a group, which acts as a +critical section (guarded by a mutex) to ensure that the trace output +of different threads does not get mixed up.

    +

    The tracing code normally does not call OSSL_trace_{begin,end}() directly, +but rather uses a set of convenience macros, see the Macros section below.

    +

    +

    +

    Functions

    +

    OSSL_trace_enabled() can be used to check if tracing for the given +category is enabled.

    +

    OSSL_trace_begin() is used to starts a tracing section, and get the +channel for the given category in form of a BIO. +This BIO can only be used for output.

    +

    OSSL_trace_end() is used to end a tracing section.

    +

    Using OSSL_trace_begin() and OSSL_trace_end() to wrap tracing sections +is mandatory. +The result of trying to produce tracing output outside of such +sections is undefined.

    +

    +

    +

    Macros

    +

    There are a number of convenience macros defined, to make tracing +easy and consistent.

    +

    OSSL_TRACE_BEGIN(category) and OSSL_TRACE_END(category) reserve +the BIO trc_out and are used as follows to wrap a trace section:

    +
    + OSSL_TRACE_BEGIN(TLS) {
    +
    +     BIO_fprintf(trc_out, ... );
    +
    + } OSSL_TRACE_END(TLS);
    +

    This will normally expand to:

    +
    + do {
+     BIO *trc_out = OSSL_trace_begin(OSSL_TRACE_CATEGORY_TLS);
+     if (trc_out != NULL) {
+         ...
+         BIO_fprintf(trc_out, ...);
+     }
+     OSSL_trace_end(OSSL_TRACE_CATEGORY_TLS, trc_out);
+ } while (0);
    +

    OSSL_TRACE_CANCEL(category) must be used before returning from or +jumping out of a trace section:

    +
    + OSSL_TRACE_BEGIN(TLS) {
    +
    +     if (some_error) {
+         OSSL_TRACE_CANCEL(TLS);
+         goto err;
+     }
+     BIO_fprintf(trc_out, ... );
    +
    + } OSSL_TRACE_END(TLS);
    +

    This will normally expand to:

    +
    + do {
+     BIO *trc_out = OSSL_trace_begin(OSSL_TRACE_CATEGORY_TLS);
+     if (trc_out != NULL) {
+         if (some_error) {
+             OSSL_trace_end(OSSL_TRACE_CATEGORY_TLS, trc_out);
+             goto err;
+         }
+         BIO_fprintf(trc_out, ... );
+     }
+     OSSL_trace_end(OSSL_TRACE_CATEGORY_TLS, trc_out);
+ } while (0);
    +

    OSSL_TRACE() and OSSL_TRACE1(), OSSL_TRACE2(), ... OSSL_TRACE9() are +so-called one-shot macros:

    +

    The macro call OSSL_TRACE(category, text), produces literal text trace output.

    +

    The macro call OSSL_TRACEn(category, format, arg1, ..., argn) produces +printf-style trace output with n format field arguments (n=1,...,9). +It expands to:

    +
    + OSSL_TRACE_BEGIN(category) {
+     BIO_printf(trc_out, format, arg1, ..., argN)
+ } OSSL_TRACE_END(category)
    +

    Internally, all one-shot macros are implemented using a generic OSSL_TRACEV() +macro, since C90 does not support variadic macros. This helper macro has a rather +weird synopsis and should not be used directly.

    +

    The OSSL_TRACE_ENABLED(category) macro can be used to conditionally execute +some code only if a specific trace category is enabled. +In some situations this is simpler than entering a trace section using +OSSL_TRACE_BEGIN(category) and OSSL_TRACE_END(category). +For example, the code

    +
    + if (OSSL_TRACE_ENABLED(TLS)) {
+     ...
+ }
    +

    expands to

    +
    + if (OSSL_trace_enabled(OSSL_TRACE_CATEGORY_TLS) {
+     ...
+ }
    +

    +

    +
    +

    NOTES

    +

    If producing the trace output requires carrying out auxiliary calculations, +this auxiliary code should be placed inside a conditional block which is +executed only if the trace category is enabled.

    +

    The most natural way to do this is to place the code inside the trace section +itself because it already introduces such a conditional block.

    +
    + OSSL_TRACE_BEGIN(TLS) {
+     int var = do_some_auxiliary_calculation();
    +
    +     BIO_printf(trc_out, "var = %d\n", var);
    +
    + } OSSL_TRACE_END(TLS);
    +

    In some cases it is more advantageous to use a simple conditional group instead +of a trace section. This is the case if calculations and tracing happen in +different locations of the code, or if the calculations are so time consuming +that placing them inside a (critical) trace section would create too much +contention.

    +
    + if (OSSL_TRACE_ENABLED(TLS)) {
+     int var = do_some_auxiliary_calculation();
    +
    +     OSSL_TRACE1("var = %d\n", var);
+ }
    +

    Note however that premature optimization of tracing code is in general futile +and it's better to keep the tracing code as simple as possible. +Because most often the limiting factor for the application's speed is the time +it takes to print the trace output, not to calculate it.

    +

    +

    +

    Configure Tracing

    +

    By default, the OpenSSL library is built with tracing disabled. To +use the tracing functionality documented here, it is therefore +necessary to configure and build OpenSSL with the 'enable-trace' option.

    +

    When the library is built with tracing disabled:

    +
      +
    • +

      The macro OPENSSL_NO_TRACE is defined in openssl/opensslconf.h.

      +
      • +
    • +

      all functions are still present, bu OSSL_trace_enabled() will always +report the categories as disabled, and all other functions will do +nothing.

      +
      • +
    • +

      the convenience macros are defined to produce dead code. +For example, take this example from Macros section above:

      +
      + OSSL_TRACE_BEGIN(TLS) {
      +
      +     if (condition) {
+         OSSL_TRACE_CANCEL(TLS);
+         goto err;
+     }
+     BIO_fprintf(trc_out, ... );
      +
      + } OSSL_TRACE_END(TLS);
      +

      When the tracing API isn't operational, that will expand to:

      +
      + do {
+     BIO *trc_out = NULL;
+     if (0) {
+         if (condition) {
+             ((void)0);
+             goto err;
+         }
+         BIO_fprintf(trc_out, ... );
+     }
+ } while (0);
      +
      • +
    +

    +

    +
    +

    RETURN VALUES

    +

    OSSL_trace_enabled() returns 1 if tracing for the given type is +operational and enabled, otherwise 0.

    +

    OSSL_trace_begin() returns a BIO * if the given type is enabled, +otherwise NULL.

    +

    +

    +
    +

    HISTORY

    +

    The OpenSSL Tracing API was added ino OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/OSSL_trace_get_category_num.html b/linux_amd64/share/doc/openssl/html/man3/OSSL_trace_get_category_num.html new file mode 100755 index 0000000..ad78fea --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/OSSL_trace_get_category_num.html @@ -0,0 +1,79 @@ + + + + +OSSL_trace_get_category_num + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OSSL_trace_get_category_num, OSSL_trace_get_category_name +- OpenSSL tracing information functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/trace.h>
    +
    + int OSSL_trace_get_category_num(const char *name);
+ const char *OSSL_trace_get_category_name(int num);
    +

    +

    +
    +

    DESCRIPTION

    +

    OSSL_trace_get_category_num() gives the category number corresponding +to the given name.

    +

    OSSL_trace_get_category_name() gives the category name corresponding +to the given num.

    +

    +

    +
    +

    RETURN VALUES

    +

    OSSL_trace_get_category_num() returns the category number if the given +name is a recognised category name, otherwise -1.

    +

    OSSL_trace_get_category_name() returns the category name if the given +num is a recognised category number, otherwise NULL.

    +

    +

    +
    +

    HISTORY

    +

    The OpenSSL Tracing API was added ino OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/OSSL_trace_set_channel.html b/linux_amd64/share/doc/openssl/html/man3/OSSL_trace_set_channel.html new file mode 100755 index 0000000..d2113fd --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/OSSL_trace_set_channel.html @@ -0,0 +1,366 @@ + + + + +OSSL_trace_set_channel + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OSSL_trace_set_channel, OSSL_trace_set_prefix, OSSL_trace_set_suffix, +OSSL_trace_set_callback, OSSL_trace_cb - Enabling trace output

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/trace.h>
    +
    + typedef size_t (*OSSL_trace_cb)(const char *buf, size_t cnt,
+                                 int category, int cmd, void *data);
    +
    + void OSSL_trace_set_channel(int category, BIO *bio);
+ void OSSL_trace_set_prefix(int category, const char *prefix);
+ void OSSL_trace_set_suffix(int category, const char *suffix);
+ void OSSL_trace_set_callback(int category, OSSL_trace_cb cb, void  *data);
    +

    +

    +
    +

    DESCRIPTION

    +

    If available (see NOTES below), the application can request +internal trace output. +This output comes in form of free text for humans to read.

    +

    The trace output is divided into categories which can be +enabled individually. +Every category can be enabled individually by attaching a so called +trace channel to it, which in the simplest case is just a BIO object +to which the application can write the tracing output for this category. +Alternatively, the application can provide a tracer callback in order to +get more finegrained trace information. This callback will be wrapped +internally by a dedicated BIO object.

    +

    For the tracing code, both trace channel types are indistinguishable. +These are called a simple trace channel and a callback trace channel, +respectively.

    +

    +

    +

    Functions

    +

    OSSL_trace_set_channel() is used to enable the given trace category +by attaching the BIO bio object as (simple) trace channel.

    +

    OSSL_trace_set_prefix() and OSSL_trace_set_suffix() can be used to add +an extra line for each channel, to be output before and after group of +tracing output. +What constitues an output group is decided by the code that produces +the output. +The lines given here are considered immutable; for more dynamic +tracing prefixes, consider setting a callback with +OSSL_trace_set_callback() instead.

    +

    OSSL_trace_set_callback() is used to enable the given trace +category by giving it the tracer callback cb with the associated +data data, which will simply be passed through to cb whenever +it's called. The callback function is internally wrapped by a +dedicated BIO object, the so called callback trace channel. +This should be used when it's desirable to do form the trace output to +something suitable for application needs where a prefix and suffix +line aren't enough.

    +

    OSSL_trace_set_channel() and OSSL_trace_set_callback() are mutually +exclusive, calling one of them will clear whatever was set by the +previous call.

    +

    Calling OSSL_trace_set_channel() with NULL for channel or +OSSL_trace_set_callback() with NULL for cb disables tracing for +the given category

    +

    +

    +

    Trace callback

    +

    The tracer callback must return a size_t, which must be zero on +error and otherwise return the number of bytes that were output. +It receives a text buffer buf with cnt bytes of text, as well as +the category, a control number cmd, and the data that was +passed to OSSL_trace_set_callback().

    +

    The possible control numbers are:

    +
    +
    OSSL_TRACE_CTRL_BEGIN
    + +
    +

    The callback is called from OSSL_trace_begin(), which gives the +callback the possibility to output a dynamic starting line, or set a +prefix that should be output at the beginning of each line, or +something other.

    +
    +
    OSSL_TRACE_CTRL_WRITE
    + +
    +

    This callback is called whenever data is written to the BIO by some +regular BIO output routine. +An arbitrary number of OSSL_TRACE_CTRL_WRITE callbacks can occur +inside a group marked by a pair of OSSL_TRACE_CTRL_BEGIN and +OSSL_TRACE_CTRL_END calls, but never outside such a group.

    +
    +
    OSSL_TRACE_CTRL_END
    + +
    +

    The callback is called from OSSL_trace_end(), which gives the callback +the possibility to output a dynamic ending line, or reset the line +prefix that was set with OSSL_TRACE_CTRL_BEGIN, or something other.

    +
    +
    +

    +

    +

    Trace categories

    +

    The trace categories are simple numbers available through macros.

    +
    +
    OSSL_TRACE_CATEGORY_TRACE
    + +
    +

    Traces the OpenSSL trace API itself.

    +

    More precisely, this will generate trace output any time a new +trace hook is set.

    +
    +
    OSSL_TRACE_CATEGORY_INIT
    + +
    +

    Traces OpenSSL library initialization and cleanup.

    +

    This needs special care, as OpenSSL will do automatic cleanup after +exit from main(), and any tracing output done during this cleanup +will be lost if the tracing channel or callback were cleaned away +prematurely. +A suggestion is to make such cleanup part of a function that's +registered very early with atexit(3).

    +
    +
    OSSL_TRACE_CATEGORY_TLS
    + +
    +

    Traces the TLS/SSL protocol.

    +
    +
    OSSL_TRACE_CATEGORY_TLS_CIPHER
    + +
    +

    Traces the ciphers used by the TLS/SSL protocol.

    +
    +
    OSSL_TRACE_CATEGORY_ENGINE_CONF
    + +
    +

    Traces the ENGINE configuration.

    +
    +
    OSSL_TRACE_CATEGORY_ENGINE_TABLE
    + +
    +

    Traces the ENGINE algorithm table selection.

    +

    More precisely, engine_table_select(), the function that is used by +RSA, DSA (etc) code to select registered ENGINEs, cache defaults and +functional references (etc), will generate trace summaries.

    +
    +
    OSSL_TRACE_CATEGORY_ENGINE_REF_COUNT
    + +
    +

    Tracds the ENGINE reference counting.

    +

    More precisely, both reference counts in the ENGINE structure will be +monitored with a line of trace output generated for each change.

    +
    +
    OSSL_TRACE_CATEGORY_PKCS5V2
    + +
    +

    Traces PKCS#5 v2 key generation.

    +
    +
    OSSL_TRACE_CATEGORY_PKCS12_KEYGEN
    + +
    +

    Traces PKCS#12 key generation.

    +
    +
    OSSL_TRACE_CATEGORY_PKCS12_DECRYPT
    + +
    +

    Traces PKCS#12 decryption.

    +
    +
    OSSL_TRACE_CATEGORY_X509V3_POLICY
    + +
    +

    Traces X509v3 policy processing.

    +

    More precisely, this generates the complete policy tree at various +point during evaluation.

    +
    +
    OSSL_TRACE_CATEGORY_BN_CTX
    + +
    +

    Traces BIGNUM context operations.

    +
    +
    OSSL_TRACE_CATEGORY_PROVIDER_CONF
    + +
    +

    Traces the OSSL_PROVIDER configuration.

    +
    +
    +

    There is also OSSL_TRACE_CATEGORY_ALL, which works as a fallback +and can be used to get all trace output.

    +

    Note, however, that in this case all trace output will effectively be +associated with the 'ALL' category, which is undesirable if the +application intends to include the category name in the trace output. +In this case it is better to register separate channels for each +trace category instead.

    +

    +

    +
    +

    RETURN VALUES

    +

    OSSL_trace_set_channel(), OSSL_trace_set_prefix(), +OSSL_trace_set_suffix(), and OSSL_trace_set_callback() return 1 on +success, or 0 on failure.

    +

    +

    +
    +

    EXAMPLES

    +

    In all examples below, the trace producing code is assumed to be +the following:

    +
    + int foo = 42;
+ const char bar[] = { 0,  1,  2,  3,  4,  5,  6,  7,
+                      8,  9, 10, 11, 12, 13, 14, 15 };
    +
    + OSSL_TRACE_BEGIN(TLS) {
+     BIO_puts(trc_out, "foo: ");
+     BIO_printf(trc_out, "%d\n", foo);
+     BIO_dump(trc_out, bar, sizeof(bar));
+ } OSSL_TRACE_END(TLS);
    +

    +

    +

    Simple example

    +

    An example with just a channel and constant prefix / suffix.

    +
    + int main(int argc, char *argv[])
+ {
+     BIO *err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+     OSSL_trace_set_channel(OSSL_TRACE_CATEGORY_SSL, err);
+     OSSL_trace_set_prefix(OSSL_TRACE_CATEGORY_SSL, "BEGIN TRACE[TLS]");
+     OSSL_trace_set_suffix(OSSL_TRACE_CATEGORY_SSL, "END TRACE[TLS]");
    +
    +     /* ... work ... */
+ }
    +

    When the trace producing code above is performed, this will be output +on standard error:

    +
    + BEGIN TRACE[TLS]
+ foo: 42
+ 0000 - 00 01 02 03 04 05 06 07-08 09 0a 0b 0c 0d 0e 0f   ................
+ END TRACE[TLS]
    +

    +

    +

    Advanced example

    +

    This example uses the callback, and depends on pthreads functionality.

    +
    + static size_t cb(const char *buf, size_t cnt,
+                 int category, int cmd, void *vdata)
+ {
+     BIO *bio = vdata;
+     const char *label = NULL;
    +
    +     switch (cmd) {
+     case OSSL_TRACE_CTRL_BEGIN:
+         label = "BEGIN";
+         break;
+     case OSSL_TRACE_CTRL_END:
+         label = "END";
+         break;
+     }
    +
    +     if (label != NULL) {
+         union {
+             pthread_t tid;
+             unsigned long ltid;
+         } tid;
    +
    +         tid.tid = pthread_self();
+         BIO_printf(bio, "%s TRACE[%s]:%lx\n",
+                    label, OSSL_trace_get_category_name(category), tid.ltid);
+     }
+     return (size_t)BIO_puts(bio, buf);
+ }
    +
    + int main(int argc, char *argv[])
+ {
+     BIO *err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+     OSSL_trace_set_callback(OSSL_TRACE_CATEGORY_SSL, cb, err);
    +
    +     /* ... work ... */
+ }
    +

    The output is almost the same as for the simple example above.

    +
    + BEGIN TRACE[TLS]:7f9eb0193b80
+ foo: 42
+ 0000 - 00 01 02 03 04 05 06 07-08 09 0a 0b 0c 0d 0e 0f   ................
+ END TRACE[TLS]:7f9eb0193b80
    +

    +

    +
    +

    NOTES

    +

    +

    +

    Configure Tracing

    +

    By default, the OpenSSL library is built with tracing disabled. To +use the tracing functionality documented here, it is therefore +necessary to configure and build OpenSSL with the 'enable-trace' option.

    +

    When the library is built with tracing disabled, the macro +OPENSSL_NO_TRACE is defined in openssl/opensslconf.h and all +functions described here are inoperational, i.e. will do nothing.

    +

    +

    +
    +

    HISTORY

    +

    OSSL_trace_set_channel(), OSSL_trace_set_prefix(), +OSSL_trace_set_suffix(), and OSSL_trace_set_callback() were all added +in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/OpenSSL_add_all_algorithms.html b/linux_amd64/share/doc/openssl/html/man3/OpenSSL_add_all_algorithms.html new file mode 100755 index 0000000..6d32474 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/OpenSSL_add_all_algorithms.html @@ -0,0 +1,97 @@ + + + + +OpenSSL_add_all_algorithms + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OpenSSL_add_all_algorithms, OpenSSL_add_all_ciphers, OpenSSL_add_all_digests, EVP_cleanup - +add algorithms to internal table

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +

    Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + void OpenSSL_add_all_algorithms(void);
+ void OpenSSL_add_all_ciphers(void);
+ void OpenSSL_add_all_digests(void);
    +
    + void EVP_cleanup(void)
    +

    +

    +
    +

    DESCRIPTION

    +

    OpenSSL keeps an internal table of digest algorithms and ciphers. It uses +this table to lookup ciphers via functions such as EVP_get_cipher_byname().

    +

    OpenSSL_add_all_digests() adds all digest algorithms to the table.

    +

    OpenSSL_add_all_algorithms() adds all algorithms to the table (digests and +ciphers).

    +

    OpenSSL_add_all_ciphers() adds all encryption algorithms to the table including +password based encryption algorithms.

    +

    In versions prior to 1.1.0 EVP_cleanup() removed all ciphers and digests from +the table. It no longer has any effect in OpenSSL 1.1.0.

    +

    +

    +
    +

    RETURN VALUES

    +

    None of the functions return a value.

    +

    +

    +
    +

    SEE ALSO

    +

    evp(7), EVP_DigestInit(3), +EVP_EncryptInit(3)

    +

    +

    +
    +

    HISTORY

    +

    The OpenSSL_add_all_algorithms(), OpenSSL_add_all_ciphers(), +OpenSSL_add_all_digests(), and EVP_cleanup(), functions +were deprecated in OpenSSL 1.1.0 by OPENSSL_init_crypto() and should +not be used.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/OpenSSL_version.html b/linux_amd64/share/doc/openssl/html/man3/OpenSSL_version.html new file mode 100755 index 0000000..06f2878 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/OpenSSL_version.html @@ -0,0 +1,309 @@ + + + + +OpenSSL_version + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OPENSSL_VERSION_MAJOR, OPENSSL_VERSION_MINOR, OPENSSL_VERSION_PATCH, +OPENSSL_VERSION_PRE_RELEASE, OPENSSL_VERSION_BUILD_METADATA, +OPENSSL_VERSION_TEXT, +OPENSSL_version_major, OPENSSL_version_minor, OPENSSL_version_patch, +OPENSSL_version_pre_release, OPENSSL_version_build_metadata, OpenSSL_version, +OPENSSL_VERSION_NUMBER, OpenSSL_version_num, OPENSSL_info +- get OpenSSL version number and other information

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/opensslv.h>
    +
    + #define OPENSSL_VERSION_MAJOR  x
+ #define OPENSSL_VERSION_MINOR  y
+ #define OPENSSL_VERSION_PATCH  z
    +
    + /* The definitions here are typical release values */
+ #define OPENSSL_VERSION_PRE_RELEASE ""
+ #define OPENSSL_VERSION_BUILD_METADATA ""
    +
    + #define OPENSSL_VERSION_TEXT "OpenSSL x.y.z xx XXX xxxx"
    +
    + #include <openssl/crypto.h>
    +
    + unsigned int OPENSSL_version_major(void);
+ unsigned int OPENSSL_version_minor(void);
+ unsigned int OPENSSL_version_patch(void);
+ const char *OPENSSL_version_pre_release(void);
+ const char *OPENSSL_version_build_metadata(void);
    +
    + const char *OpenSSL_version(int t);
    +
    + const char *OPENSSL_info(int t);
    +

    Deprecated:

    +
    + /* from openssl/opensslv.h */
+ #define OPENSSL_VERSION_NUMBER 0xnnnnnnnnnL
    +
    + /* from openssl/crypto.h */
+ unsigned long OpenSSL_version_num();
    +

    +

    +
    +

    DESCRIPTION

    +

    +

    +

    Macros

    +

    The three macros OPENSSL_VERSION_MAJOR, OPENSSL_VERSION_MINOR and +OPENSSL_VERSION_PATCH represent the three parts of a version +identifier, MAJOR.MINOR.PATCH.

    +

    The macro OPENSSL_VERSION_PRE_RELEASE is an added bit of text that +indicates that this is a pre-release version, such as "-dev" for an +ongoing development snapshot or "-alpha3" for an alpha release. +The value must be a string.

    +

    The macro OPENSSL_VERSION_BUILD_METADATA is extra information, reserved +for other parties, such as "+fips", or "+vendor.1"). +The OpenSSL project will not touch this macro (will leave it an empty string). +The value must be a string.

    +

    OPENSSL_VERSION_STR is a convenience macro to get the short version +identifier string, "MAJOR.MINOR.PATCH".

    +

    OPENSSL_FULL_VERSION_STR is a convenience macro to get the longer +version identifier string, which combines OPENSSL_VERSION_STR, +OPENSSL_VERSION_PRE_RELEASE and OPENSSL_VERSION_BUILD_METADATA.

    +

    OPENSSL_VERSION_TEXT is a convenience macro to get a full descriptive +version text, which includes OPENSSL_FULL_VERSION_STR and the release +date.

    +

    +

    +

    Functions

    +

    OPENSSL_version_major(), OPENSSL_version_minor(), OPENSSL_version_patch(), +OPENSSL_version_pre_release(), and OPENSSL_version_build_metadata() return +the values of the macros above for the build of the library, respectively.

    +

    OpenSSL_version() returns different strings depending on t:

    +
    +
    OPENSSL_VERSION
    + +
    +

    The value of OPENSSL_VERSION_TEXT

    +
    +
    OPENSSL_VERSION_STRING
    + +
    +

    The value of OPENSSL_VERSION_STR

    +
    +
    OPENSSL_FULL_VERSION_STRING
    + +
    +

    The value of OPENSSL_FULL_VERSION_STR

    +
    +
    OPENSSL_CFLAGS
    + +
    +

    The compiler flags set for the compilation process in the form +compiler: ... if available, or compiler: information not available +otherwise.

    +
    +
    OPENSSL_BUILT_ON
    + +
    +

    The date of the build process in the form built on: ... if available +or built on: date not available otherwise. +The date would not be available in a reproducible build, for example.

    +
    +
    OPENSSL_PLATFORM
    + +
    +

    The "Configure" target of the library build in the form platform: ... +if available, or platform: information not available otherwise.

    +
    +
    OPENSSL_DIR
    + +
    +

    The OPENSSLDIR setting of the library build in the form OPENSSLDIR: "..." +if available, or OPENSSLDIR: N/A otherwise.

    +
    +
    OPENSSL_ENGINES_DIR
    + +
    +

    The ENGINESDIR setting of the library build in the form ENGINESDIR: "..." +if available, or ENGINESDIR: N/A otherwise.

    +
    +
    OPENSSL_MODULES_DIR
    + +
    +

    The MODULESDIR setting of the library build in the form MODULESDIR: "..." +if available, or MODULESDIR: N/A otherwise.

    +
    +
    OPENSSL_CPU_INFO
    + +
    +

    The current OpenSSL cpu settings. +This is the current setting of the cpu capability flags. It is usually +automatically configured but may be set via an environment variable. +The value has the same syntax as the environment variable. +For x86 the string looks like CPUINFO: OPENSSL_ia32cap=0x123:0x456 +or CPUINFO: N/A if not available.

    +
    +
    +

    For an unknown t, the text not available is returned.

    +

    OPENSSL_info() also returns different strings depending on t:

    +
    +
    OPENSSL_INFO_CONFIG_DIR
    + +
    +

    The configured OPENSSLDIR, which is the default location for +OpenSSL configuration files.

    +
    +
    OPENSSL_INFO_ENGINES_DIR
    + +
    +

    The configured ENGINESDIR, which is the default location for +OpenSSL engines.

    +
    +
    OPENSSL_INFO_MODULES_DIR
    + +
    +

    The configured MODULESDIR, which is the default location for +dynamically loadable OpenSSL modules other than engines.

    +
    +
    OPENSSL_INFO_DSO_EXTENSION
    + +
    +

    The configured dynamically loadable module extension.

    +
    +
    OPENSSL_INFO_DIR_FILENAME_SEPARATOR
    + +
    +

    The separator between a directory specification and a filename. +Note that on some operating systems, this is not the same as the +separator between directory elements.

    +
    +
    OPENSSL_INFO_LIST_SEPARATOR
    + +
    +

    The OpenSSL list separator. +This is typically used in strings that are lists of items, such as the +value of the environment variable $PATH on Unix (where the +separator is :) or %PATH% on Windows (where the separator is +;).

    +
    +
    OPENSSL_INFO_CPU_SETTINGS
    + +
    +

    The current OpenSSL cpu settings. +This is the current setting of the cpu capability flags. It is usually +automatically configured but may be set via an environment variable. +The value has the same syntax as the environment variable. +For x86 the string looks like OPENSSL_ia32cap=0x123:0x456.

    +
    +
    +

    For an unknown t, NULL is returned.

    +

    +

    +
    +

    BACKWARD COMPATIBILITY

    +

    For compatibility, some older macros and functions are retained or +synthesised. +They are all considered deprecated.

    +

    +

    +

    Macros

    +

    OPENSSL_VERSION_NUMBER is a combination of the major, minor and +patch version into a single integer 0xMNN00PP0L, where:

    +
    +
    M
    + +
    +

    is the number from OPENSSL_VERSION_MAJOR, in hexadecimal notation

    +
    +
    NN
    + +
    +

    is the number from OPENSSL_VERSION_MINOR, in hexadecimal notation

    +
    +
    PP
    + +
    +

    is the number from OPENSSL_VERSION_PATCH, in hexadecimal notation

    +
    +
    +

    +

    +

    Functions

    +

    OpenSSL_version_num() returns the value of OPENSSL_VERSION_NUMBER.

    +

    +

    +
    +

    RETURN VALUES

    +

    OPENSSL_version_major(), OPENSSL_version_minor() and OPENSSL_version_patch() +return the version number parts as integers.

    +

    OPENSSL_version_pre_release() and OPENSSL_version_build_metadata() return +the values of OPENSSL_VERSION_PRE_RELEASE and +OPENSSL_VERSION_BUILD_METADATA respectively as constant strings. +For any of them that is undefined, the empty string is returned.

    +

    OpenSSL_version() returns constant strings.

    +

    +

    +
    +

    SEE ALSO

    +

    crypto(7)

    +

    +

    +
    +

    HISTORY

    +

    The macros and functions described here were added in OpenSSL 3.0, +with the exception of the BACKWARD COMPATIBILITY ones.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/PEM_bytes_read_bio.html b/linux_amd64/share/doc/openssl/html/man3/PEM_bytes_read_bio.html new file mode 100755 index 0000000..a4e31f7 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/PEM_bytes_read_bio.html @@ -0,0 +1,122 @@ + + + + +PEM_bytes_read_bio + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    PEM_bytes_read_bio, PEM_bytes_read_bio_secmem - read a PEM-encoded data structure from a BIO

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/pem.h>
    +
    + int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm,
+                        const char *name, BIO *bp, pem_password_cb *cb,
+                        void *u);
+ int PEM_bytes_read_bio_secmem(unsigned char **pdata, long *plen, char **pnm,
+                               const char *name, BIO *bp, pem_password_cb *cb,
+                               void *u);
    +

    +

    +
    +

    DESCRIPTION

    +

    PEM_bytes_read_bio() reads PEM-formatted (IETF RFC 1421 and IETF RFC 7468) +data from the BIO +bp for the data type given in name (RSA PRIVATE KEY, CERTIFICATE, +etc.). If multiple PEM-encoded data structures are present in the same +stream, PEM_bytes_read_bio() will skip non-matching data types and +continue reading. Non-PEM data present in the stream may cause an +error.

    +

    The PEM header may indicate that the following data is encrypted; if so, +the data will be decrypted, waiting on user input to supply a passphrase +if needed. The password callback cb and rock u are used to obtain +the decryption passphrase, if applicable.

    +

    Some data types have compatibility aliases, such as a file containing +X509 CERTIFICATE matching a request for the deprecated type CERTIFICATE. +The actual type indicated by the file is returned in *pnm if pnm is +non-NULL. The caller must free the storage pointed to by *pnm.

    +

    The returned data is the DER-encoded form of the requested type, in +*pdata with length *plen. The caller must free the storage pointed +to by *pdata.

    +

    PEM_bytes_read_bio_secmem() is similar to PEM_bytes_read_bio(), but uses +memory from the secure heap for its temporary buffers and the storage +returned in *pdata and *pnm. Accordingly, the caller must use +OPENSSL_secure_free() to free that storage.

    +

    +

    +
    +

    NOTES

    +

    PEM_bytes_read_bio_secmem() only enforces that the secure heap is used for +storage allocated within the PEM processing stack. The BIO stack from +which input is read may also use temporary buffers, which are not necessarily +allocated from the secure heap. In cases where it is desirable to ensure +that the contents of the PEM file only appears in memory from the secure heap, +care is needed in generating the BIO passed as bp. In particular, the +use of BIO_s_file() indicates the use of the operating system stdio +functionality, which includes buffering as a feature; BIO_s_fd() is likely +to be more appropriate in such cases.

    +

    These functions make no assumption regarding the pass phrase received from the +password callback. +It will simply be treated as a byte sequence.

    +

    +

    +
    +

    RETURN VALUES

    +

    PEM_bytes_read_bio() and PEM_bytes_read_bio_secmem() return 1 for success or +0 for failure.

    +

    +

    +
    +

    SEE ALSO

    +

    PEM_read_bio_ex(3), +passphrase-encoding(7)

    +

    +

    +
    +

    HISTORY

    +

    PEM_bytes_read_bio_secmem() was introduced in OpenSSL 1.1.1

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/PEM_read.html b/linux_amd64/share/doc/openssl/html/man3/PEM_read.html new file mode 100755 index 0000000..d6c21e1 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/PEM_read.html @@ -0,0 +1,161 @@ + + + + +PEM_read + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    PEM_write, PEM_write_bio, +PEM_read, PEM_read_bio, PEM_do_header, PEM_get_EVP_CIPHER_INFO +- PEM encoding routines

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/pem.h>
    +
    + int PEM_write(FILE *fp, const char *name, const char *header,
+               const unsigned char *data, long len)
+ int PEM_write_bio(BIO *bp, const char *name, const char *header,
+                   const unsigned char *data, long len)
    +
    + int PEM_read(FILE *fp, char **name, char **header,
+              unsigned char **data, long *len);
+ int PEM_read_bio(BIO *bp, char **name, char **header,
+                  unsigned char **data, long *len);
    +
    + int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cinfo);
+ int PEM_do_header(EVP_CIPHER_INFO *cinfo, unsigned char *data, long *len,
+                   pem_password_cb *cb, void *u);
    +

    +

    +
    +

    DESCRIPTION

    +

    These functions read and write PEM-encoded objects, using the PEM +type name, any additional header information, and the raw +data of length len.

    +

    PEM is the term used for binary content encoding first defined in IETF +RFC 1421. The content is a series of base64-encoded lines, surrounded +by begin/end markers each on their own line. For example:

    +
    + -----BEGIN PRIVATE KEY-----
+ MIICdg....
+ ... bhTQ==
+ -----END PRIVATE KEY-----
    +

    Optional header line(s) may appear after the begin line, and their +existence depends on the type of object being written or read.

    +

    PEM_write() writes to the file fp, while PEM_write_bio() writes to +the BIO bp. The name is the name to use in the marker, the +header is the header value or NULL, and data and len specify +the data and its length.

    +

    The final data buffer is typically an ASN.1 object which can be decoded with +the d2i function appropriate to the type name; see d2i_X509(3) +for examples.

    +

    PEM_read() reads from the file fp, while PEM_read_bio() reads +from the BIO bp. +Both skip any non-PEM data that precedes the start of the next PEM object. +When an object is successfully retrieved, the type name from the "----BEGIN +<type>-----" is returned via the name argument, any encapsulation headers +are returned in header and the base64-decoded content and its length are +returned via data and len respectively. +The name, header and data pointers are allocated via OPENSSL_malloc() +and should be freed by the caller via OPENSSL_free() when no longer needed.

    +

    PEM_get_EVP_CIPHER_INFO() can be used to determine the data returned by +PEM_read() or PEM_read_bio() is encrypted and to retrieve the associated cipher +and IV. +The caller passes a pointer to structure of type EVP_CIPHER_INFO via the +cinfo argument and the header returned via PEM_read() or PEM_read_bio(). +If the call is successful 1 is returned and the cipher and IV are stored at the +address pointed to by cinfo. +When the header is malformed, or not supported or when the cipher is unknown +or some internal error happens 0 is returned. +This function is deprecated, see NOTES below.

    +

    PEM_do_header() can then be used to decrypt the data if the header +indicates encryption. +The cinfo argument is a pointer to the structure initialized by the previous +call to PEM_get_EVP_CIPHER_INFO(). +The data and len arguments are those returned by the previous call to +PEM_read() or PEM_read_bio(). +The cb and u arguments make it possible to override the default password +prompt function as described in PEM_read_PrivateKey(3). +On successful completion the data is decrypted in place, and len is +updated to indicate the plaintext length. +This function is deprecated, see NOTES below.

    +

    If the data is a priori known to not be encrypted, then neither PEM_do_header() +nor PEM_get_EVP_CIPHER_INFO() need be called.

    +

    +

    +
    +

    RETURN VALUES

    +

    PEM_read() and PEM_read_bio() return 1 on success and 0 on failure, the latter +includes the case when no more PEM objects remain in the input file. +To distinguish end of file from more serious errors the caller must peek at the +error stack and check for PEM_R_NO_START_LINE, which indicates that no more +PEM objects were found. See ERR_peek_last_error(3), ERR_GET_REASON(3).

    +

    PEM_get_EVP_CIPHER_INFO() and PEM_do_header() return 1 on success, and 0 on +failure. +The data is likely meaningless if these functions fail.

    +

    +

    +
    +

    NOTES

    +

    The PEM_get_EVP_CIPHER_INFO() and PEM_do_header() functions are deprecated. +This is because the underlying PEM encryption format is obsolete, and should +be avoided. +It uses an encryption format with an OpenSSL-specific key-derivation function, +which employs MD5 with an iteration count of 1! +Instead, private keys should be stored in PKCS#8 form, with a strong PKCS#5 +v2.0 PBE. +See PEM_write_PrivateKey(3) and d2i_PKCS8PrivateKey_bio(3).

    +

    PEM_do_header() makes no assumption regarding the pass phrase received from the +password callback. +It will simply be treated as a byte sequence.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_peek_last_error(3), ERR_GET_LIB(3), +d2i_PKCS8PrivateKey_bio(3), +passphrase-encoding(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/PEM_read_CMS.html b/linux_amd64/share/doc/openssl/html/man3/PEM_read_CMS.html new file mode 100755 index 0000000..1404bcd --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/PEM_read_CMS.html @@ -0,0 +1,142 @@ + + + + +PEM_read_CMS + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    DECLARE_PEM_rw, +PEM_read_CMS, +PEM_read_bio_CMS, +PEM_write_CMS, +PEM_write_bio_CMS, +PEM_write_DHxparams, +PEM_write_bio_DHxparams, +PEM_read_ECPKParameters, +PEM_read_bio_ECPKParameters, +PEM_write_ECPKParameters, +PEM_write_bio_ECPKParameters, +PEM_read_ECPrivateKey, +PEM_write_ECPrivateKey, +PEM_write_bio_ECPrivateKey, +PEM_read_EC_PUBKEY, +PEM_read_bio_EC_PUBKEY, +PEM_write_EC_PUBKEY, +PEM_write_bio_EC_PUBKEY, +PEM_read_NETSCAPE_CERT_SEQUENCE, +PEM_read_bio_NETSCAPE_CERT_SEQUENCE, +PEM_write_NETSCAPE_CERT_SEQUENCE, +PEM_write_bio_NETSCAPE_CERT_SEQUENCE, +PEM_read_PKCS8, +PEM_read_bio_PKCS8, +PEM_write_PKCS8, +PEM_write_bio_PKCS8, +PEM_write_PKCS8_PRIV_KEY_INFO, +PEM_read_bio_PKCS8_PRIV_KEY_INFO, +PEM_read_PKCS8_PRIV_KEY_INFO, +PEM_write_bio_PKCS8_PRIV_KEY_INFO, +PEM_read_SSL_SESSION, +PEM_read_bio_SSL_SESSION, +PEM_write_SSL_SESSION, +PEM_write_bio_SSL_SESSION, +PEM_read_X509_PUBKEY, +PEM_read_bio_X509_PUBKEY, +PEM_write_X509_PUBKEY, +PEM_write_bio_X509_PUBKEY +- PEM object encoding routines

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/pem.h>
    +
    + DECLARE_PEM_rw(name, TYPE)
    +
    + TYPE *PEM_read_TYPE(FILE *fp, TYPE **a, pem_password_cb *cb, void *u);
+ TYPE *PEM_read_bio_TYPE(BIO *bp, TYPE **a, pem_password_cb *cb, void *u);
+ int PEM_write_TYPE(FILE *fp, const TYPE *a);
+ int PEM_write_bio_TYPE(BIO *bp, const TYPE *a);
    +

    +

    +
    +

    DESCRIPTION

    +

    In the description below, TYPE is used +as a placeholder for any of the OpenSSL datatypes, such as X509. +The macro DECLARE_PEM_rw expands to the set of declarations shown in +the next four lines of the synopsis.

    +

    These routines convert between local instances of ASN1 datatypes and +the PEM encoding. For more information on the templates, see +ASN1_ITEM(3). For more information on the lower-level routines used +by the functions here, see PEM_read(3).

    +

    PEM_read_TYPE() reads a PEM-encoded object of TYPE from the file +fp and returns it. The cb and u parameters are as described in +pem_password_cb(3).

    +

    PEM_read_bio_TYPE() is similar to PEM_read_TYPE() but reads from +the BIO bp.

    +

    PEM_write_TYPE() writes the PEM encoding of the object a to the file +fp.

    +

    PEM_write_bio_TYPE() similarly writes to the BIO bp.

    +

    +

    +
    +

    NOTES

    +

    These functions make no assumption regarding the pass phrase received from the +password callback. +It will simply be treated as a byte sequence.

    +

    +

    +
    +

    RETURN VALUES

    +

    PEM_read_TYPE() and PEM_read_bio_TYPE() return a pointer to an +allocated object, which should be released by calling TYPE_free(), or +NULL on error.

    +

    PEM_write_TYPE() and PEM_write_bio_TYPE() return the number of bytes +written or zero on error.

    +

    +

    +
    +

    SEE ALSO

    +

    PEM_read(3), +passphrase-encoding(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/PEM_read_bio_PrivateKey.html b/linux_amd64/share/doc/openssl/html/man3/PEM_read_bio_PrivateKey.html new file mode 100755 index 0000000..00591aa --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/PEM_read_bio_PrivateKey.html @@ -0,0 +1,493 @@ + + + + +PEM_read_bio_PrivateKey + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    pem_password_cb, +PEM_read_bio_PrivateKey, PEM_read_PrivateKey, PEM_write_bio_PrivateKey, +PEM_write_bio_PrivateKey_traditional, PEM_write_PrivateKey, +PEM_write_bio_PKCS8PrivateKey, PEM_write_PKCS8PrivateKey, +PEM_write_bio_PKCS8PrivateKey_nid, PEM_write_PKCS8PrivateKey_nid, +PEM_read_bio_PUBKEY, PEM_read_PUBKEY, PEM_write_bio_PUBKEY, PEM_write_PUBKEY, +PEM_read_bio_RSAPrivateKey, PEM_read_RSAPrivateKey, +PEM_write_bio_RSAPrivateKey, PEM_write_RSAPrivateKey, +PEM_read_bio_RSAPublicKey, PEM_read_RSAPublicKey, PEM_write_bio_RSAPublicKey, +PEM_write_RSAPublicKey, PEM_read_bio_RSA_PUBKEY, PEM_read_RSA_PUBKEY, +PEM_write_bio_RSA_PUBKEY, PEM_write_RSA_PUBKEY, PEM_read_bio_DSAPrivateKey, +PEM_read_DSAPrivateKey, PEM_write_bio_DSAPrivateKey, PEM_write_DSAPrivateKey, +PEM_read_bio_DSA_PUBKEY, PEM_read_DSA_PUBKEY, PEM_write_bio_DSA_PUBKEY, +PEM_write_DSA_PUBKEY, PEM_read_bio_Parameters, PEM_write_bio_Parameters, +PEM_read_bio_DSAparams, PEM_read_DSAparams, +PEM_write_bio_DSAparams, PEM_write_DSAparams, PEM_read_bio_DHparams, +PEM_read_DHparams, PEM_write_bio_DHparams, PEM_write_DHparams, +PEM_read_bio_X509, PEM_read_X509, PEM_write_bio_X509, PEM_write_X509, +PEM_read_bio_X509_AUX, PEM_read_X509_AUX, PEM_write_bio_X509_AUX, +PEM_write_X509_AUX, PEM_read_bio_X509_REQ, PEM_read_X509_REQ, +PEM_write_bio_X509_REQ, PEM_write_X509_REQ, PEM_write_bio_X509_REQ_NEW, +PEM_write_X509_REQ_NEW, PEM_read_bio_X509_CRL, PEM_read_X509_CRL, +PEM_write_bio_X509_CRL, PEM_write_X509_CRL, PEM_read_bio_PKCS7, PEM_read_PKCS7, +PEM_write_bio_PKCS7, PEM_write_PKCS7 - PEM routines

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/pem.h>
    +
    + typedef int pem_password_cb(char *buf, int size, int rwflag, void *u);
    +
    + EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x,
+                                   pem_password_cb *cb, void *u);
+ EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x,
+                               pem_password_cb *cb, void *u);
+ int PEM_write_bio_PrivateKey(BIO *bp, const EVP_PKEY *x, const EVP_CIPHER *enc,
+                              unsigned char *kstr, int klen,
+                              pem_password_cb *cb, void *u);
+ int PEM_write_bio_PrivateKey_traditional(BIO *bp, EVP_PKEY *x,
+                                          const EVP_CIPHER *enc,
+                                          unsigned char *kstr, int klen,
+                                          pem_password_cb *cb, void *u);
+ int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                          unsigned char *kstr, int klen,
+                          pem_password_cb *cb, void *u);
+ int PEM_write_bio_PKCS8PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                                   char *kstr, int klen,
+                                   pem_password_cb *cb, void *u);
+ int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                               char *kstr, int klen,
+                               pem_password_cb *cb, void *u);
+ int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, const EVP_PKEY *x, int nid,
+                                       char *kstr, int klen,
+                                       pem_password_cb *cb, void *u);
+ int PEM_write_PKCS8PrivateKey_nid(FILE *fp, const EVP_PKEY *x, int nid,
+                                   char *kstr, int klen,
+                                   pem_password_cb *cb, void *u);
    +
    + EVP_PKEY *PEM_read_bio_PUBKEY(BIO *bp, EVP_PKEY **x,
+                               pem_password_cb *cb, void *u);
+ EVP_PKEY *PEM_read_PUBKEY(FILE *fp, EVP_PKEY **x,
+                           pem_password_cb *cb, void *u);
+ int PEM_write_bio_PUBKEY(BIO *bp, EVP_PKEY *x);
+ int PEM_write_PUBKEY(FILE *fp, EVP_PKEY *x);
    +
    + RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **x,
+                                 pem_password_cb *cb, void *u);
+ RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **x,
+                             pem_password_cb *cb, void *u);
+ int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc,
+                                 unsigned char *kstr, int klen,
+                                 pem_password_cb *cb, void *u);
+ int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc,
+                             unsigned char *kstr, int klen,
+                             pem_password_cb *cb, void *u);
    +
    + RSA *PEM_read_bio_RSAPublicKey(BIO *bp, RSA **x,
+                                pem_password_cb *cb, void *u);
+ RSA *PEM_read_RSAPublicKey(FILE *fp, RSA **x,
+                            pem_password_cb *cb, void *u);
+ int PEM_write_bio_RSAPublicKey(BIO *bp, RSA *x);
+ int PEM_write_RSAPublicKey(FILE *fp, RSA *x);
    +
    + RSA *PEM_read_bio_RSA_PUBKEY(BIO *bp, RSA **x,
+                              pem_password_cb *cb, void *u);
+ RSA *PEM_read_RSA_PUBKEY(FILE *fp, RSA **x,
+                          pem_password_cb *cb, void *u);
+ int PEM_write_bio_RSA_PUBKEY(BIO *bp, RSA *x);
+ int PEM_write_RSA_PUBKEY(FILE *fp, RSA *x);
    +
    + DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **x,
+                                 pem_password_cb *cb, void *u);
+ DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **x,
+                             pem_password_cb *cb, void *u);
+ int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc,
+                                 unsigned char *kstr, int klen,
+                                 pem_password_cb *cb, void *u);
+ int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc,
+                             unsigned char *kstr, int klen,
+                             pem_password_cb *cb, void *u);
    +
    + DSA *PEM_read_bio_DSA_PUBKEY(BIO *bp, DSA **x,
+                              pem_password_cb *cb, void *u);
+ DSA *PEM_read_DSA_PUBKEY(FILE *fp, DSA **x,
+                          pem_password_cb *cb, void *u);
+ int PEM_write_bio_DSA_PUBKEY(BIO *bp, DSA *x);
+ int PEM_write_DSA_PUBKEY(FILE *fp, DSA *x);
    +
    + EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x);
+ int PEM_write_bio_Parameters(BIO *bp, const EVP_PKEY *x);
    +
    + DSA *PEM_read_bio_DSAparams(BIO *bp, DSA **x, pem_password_cb *cb, void *u);
+ DSA *PEM_read_DSAparams(FILE *fp, DSA **x, pem_password_cb *cb, void *u);
+ int PEM_write_bio_DSAparams(BIO *bp, DSA *x);
+ int PEM_write_DSAparams(FILE *fp, DSA *x);
    +
    + DH *PEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u);
+ DH *PEM_read_DHparams(FILE *fp, DH **x, pem_password_cb *cb, void *u);
+ int PEM_write_bio_DHparams(BIO *bp, DH *x);
+ int PEM_write_DHparams(FILE *fp, DH *x);
    +
    + X509 *PEM_read_bio_X509(BIO *bp, X509 **x, pem_password_cb *cb, void *u);
+ X509 *PEM_read_X509(FILE *fp, X509 **x, pem_password_cb *cb, void *u);
+ int PEM_write_bio_X509(BIO *bp, X509 *x);
+ int PEM_write_X509(FILE *fp, X509 *x);
    +
    + X509 *PEM_read_bio_X509_AUX(BIO *bp, X509 **x, pem_password_cb *cb, void *u);
+ X509 *PEM_read_X509_AUX(FILE *fp, X509 **x, pem_password_cb *cb, void *u);
+ int PEM_write_bio_X509_AUX(BIO *bp, X509 *x);
+ int PEM_write_X509_AUX(FILE *fp, X509 *x);
    +
    + X509_REQ *PEM_read_bio_X509_REQ(BIO *bp, X509_REQ **x,
+                                 pem_password_cb *cb, void *u);
+ X509_REQ *PEM_read_X509_REQ(FILE *fp, X509_REQ **x,
+                             pem_password_cb *cb, void *u);
+ int PEM_write_bio_X509_REQ(BIO *bp, X509_REQ *x);
+ int PEM_write_X509_REQ(FILE *fp, X509_REQ *x);
+ int PEM_write_bio_X509_REQ_NEW(BIO *bp, X509_REQ *x);
+ int PEM_write_X509_REQ_NEW(FILE *fp, X509_REQ *x);
    +
    + X509_CRL *PEM_read_bio_X509_CRL(BIO *bp, X509_CRL **x,
+                                 pem_password_cb *cb, void *u);
+ X509_CRL *PEM_read_X509_CRL(FILE *fp, X509_CRL **x,
+                             pem_password_cb *cb, void *u);
+ int PEM_write_bio_X509_CRL(BIO *bp, X509_CRL *x);
+ int PEM_write_X509_CRL(FILE *fp, X509_CRL *x);
    +
    + PKCS7 *PEM_read_bio_PKCS7(BIO *bp, PKCS7 **x, pem_password_cb *cb, void *u);
+ PKCS7 *PEM_read_PKCS7(FILE *fp, PKCS7 **x, pem_password_cb *cb, void *u);
+ int PEM_write_bio_PKCS7(BIO *bp, PKCS7 *x);
+ int PEM_write_PKCS7(FILE *fp, PKCS7 *x);
    +

    +

    +
    +

    DESCRIPTION

    +

    The PEM functions read or write structures in PEM format. In +this sense PEM format is simply base64 encoded data surrounded +by header lines.

    +

    For more details about the meaning of arguments see the +PEM FUNCTION ARGUMENTS section.

    +

    Each operation has four functions associated with it. For +brevity the term "TYPE functions" will be used below to collectively +refer to the PEM_read_bio_TYPE(), PEM_read_TYPE(), +PEM_write_bio_TYPE(), and PEM_write_TYPE() functions.

    +

    The PrivateKey functions read or write a private key in PEM format using an +EVP_PKEY structure. The write routines use PKCS#8 private key format and are +equivalent to PEM_write_bio_PKCS8PrivateKey().The read functions transparently +handle traditional and PKCS#8 format encrypted and unencrypted keys.

    +

    PEM_write_bio_PrivateKey_traditional() writes out a private key in the +"traditional" format with a simple private key marker and should only +be used for compatibility with legacy programs.

    +

    PEM_write_bio_PKCS8PrivateKey() and PEM_write_PKCS8PrivateKey() write a private +key in an EVP_PKEY structure in PKCS#8 EncryptedPrivateKeyInfo format using +PKCS#5 v2.0 password based encryption algorithms. The cipher argument +specifies the encryption algorithm to use: unlike some other PEM routines the +encryption is applied at the PKCS#8 level and not in the PEM headers. If +cipher is NULL then no encryption is used and a PKCS#8 PrivateKeyInfo +structure is used instead.

    +

    PEM_write_bio_PKCS8PrivateKey_nid() and PEM_write_PKCS8PrivateKey_nid() +also write out a private key as a PKCS#8 EncryptedPrivateKeyInfo however +it uses PKCS#5 v1.5 or PKCS#12 encryption algorithms instead. The algorithm +to use is specified in the nid parameter and should be the NID of the +corresponding OBJECT IDENTIFIER (see NOTES section).

    +

    The PUBKEY functions process a public key using an EVP_PKEY +structure. The public key is encoded as a SubjectPublicKeyInfo +structure.

    +

    The RSAPrivateKey functions process an RSA private key using an +RSA structure. The write routines uses traditional format. The read +routines handles the same formats as the PrivateKey +functions but an error occurs if the private key is not RSA.

    +

    The RSAPublicKey functions process an RSA public key using an +RSA structure. The public key is encoded using a PKCS#1 RSAPublicKey +structure.

    +

    The RSA_PUBKEY functions also process an RSA public key using +an RSA structure. However the public key is encoded using a +SubjectPublicKeyInfo structure and an error occurs if the public +key is not RSA.

    +

    The DSAPrivateKey functions process a DSA private key using a +DSA structure. The write routines uses traditional format. The read +routines handles the same formats as the PrivateKey +functions but an error occurs if the private key is not DSA.

    +

    The DSA_PUBKEY functions process a DSA public key using +a DSA structure. The public key is encoded using a +SubjectPublicKeyInfo structure and an error occurs if the public +key is not DSA.

    +

    The Parameters functions read or write key parameters in PEM format using +an EVP_PKEY structure. The encoding depends on the type of key; for DSA key +parameters, it will be a Dss-Parms structure as defined in RFC2459, and for DH +key parameters, it will be a PKCS#3 DHparameter structure. These functions +only exist for the BIO type.

    +

    The DSAparams functions process DSA parameters using a DSA +structure. The parameters are encoded using a Dss-Parms structure +as defined in RFC2459.

    +

    The DHparams functions process DH parameters using a DH +structure. The parameters are encoded using a PKCS#3 DHparameter +structure.

    +

    The X509 functions process an X509 certificate using an X509 +structure. They will also process a trusted X509 certificate but +any trust settings are discarded.

    +

    The X509_AUX functions process a trusted X509 certificate using +an X509 structure.

    +

    The X509_REQ and X509_REQ_NEW functions process a PKCS#10 +certificate request using an X509_REQ structure. The X509_REQ +write functions use CERTIFICATE REQUEST in the header whereas +the X509_REQ_NEW functions use NEW CERTIFICATE REQUEST +(as required by some CAs). The X509_REQ read functions will +handle either form so there are no X509_REQ_NEW read functions.

    +

    The X509_CRL functions process an X509 CRL using an X509_CRL +structure.

    +

    The PKCS7 functions process a PKCS#7 ContentInfo using a PKCS7 +structure.

    +

    +

    +
    +

    PEM FUNCTION ARGUMENTS

    +

    The PEM functions have many common arguments.

    +

    The bp BIO parameter (if present) specifies the BIO to read from +or write to.

    +

    The fp FILE parameter (if present) specifies the FILE pointer to +read from or write to.

    +

    The PEM read functions all take an argument TYPE **x and return +a TYPE * pointer. Where TYPE is whatever structure the function +uses. If x is NULL then the parameter is ignored. If x is not +NULL but *x is NULL then the structure returned will be written +to *x. If neither x nor *x is NULL then an attempt is made +to reuse the structure at *x (but see BUGS and EXAMPLES sections). +Irrespective of the value of x a pointer to the structure is always +returned (or NULL if an error occurred).

    +

    The PEM functions which write private keys take an enc parameter +which specifies the encryption algorithm to use, encryption is done +at the PEM level. If this parameter is set to NULL then the private +key is written in unencrypted form.

    +

    The cb argument is the callback to use when querying for the pass +phrase used for encrypted PEM structures (normally only private keys).

    +

    For the PEM write routines if the kstr parameter is not NULL then +klen bytes at kstr are used as the passphrase and cb is +ignored.

    +

    If the cb parameters is set to NULL and the u parameter is not +NULL then the u parameter is interpreted as a null terminated string +to use as the passphrase. If both cb and u are NULL then the +default callback routine is used which will typically prompt for the +passphrase on the current terminal with echoing turned off.

    +

    The default passphrase callback is sometimes inappropriate (for example +in a GUI application) so an alternative can be supplied. The callback +routine has the following form:

    +
    + int cb(char *buf, int size, int rwflag, void *u);
    +

    buf is the buffer to write the passphrase to. size is the maximum +length of the passphrase (i.e. the size of buf). rwflag is a flag +which is set to 0 when reading and 1 when writing. A typical routine +will ask the user to verify the passphrase (for example by prompting +for it twice) if rwflag is 1. The u parameter has the same +value as the u parameter passed to the PEM routine. It allows +arbitrary data to be passed to the callback by the application +(for example a window handle in a GUI application). The callback +must return the number of characters in the passphrase or -1 if +an error occurred.

    +

    +

    +
    +

    NOTES

    +

    The old PrivateKey write routines are retained for compatibility. +New applications should write private keys using the +PEM_write_bio_PKCS8PrivateKey() or PEM_write_PKCS8PrivateKey() routines +because they are more secure (they use an iteration count of 2048 whereas +the traditional routines use a count of 1) unless compatibility with older +versions of OpenSSL is important.

    +

    The PrivateKey read routines can be used in all applications because +they handle all formats transparently.

    +

    A frequent cause of problems is attempting to use the PEM routines like +this:

    +
    + X509 *x;
    +
    + PEM_read_bio_X509(bp, &x, 0, NULL);
    +

    this is a bug because an attempt will be made to reuse the data at x +which is an uninitialised pointer.

    +

    These functions make no assumption regarding the pass phrase received from the +password callback. +It will simply be treated as a byte sequence.

    +

    +

    +
    +

    PEM ENCRYPTION FORMAT

    +

    These old PrivateKey routines use a non standard technique for encryption.

    +

    The private key (or other data) takes the following form:

    +
    + -----BEGIN RSA PRIVATE KEY-----
+ Proc-Type: 4,ENCRYPTED
+ DEK-Info: DES-EDE3-CBC,3F17F5316E2BAC89
    +
    + ...base64 encoded data...
+ -----END RSA PRIVATE KEY-----
    +

    The line beginning with Proc-Type contains the version and the +protection on the encapsulated data. The line beginning DEK-Info +contains two comma separated values: the encryption algorithm name as +used by EVP_get_cipherbyname() and an initialization vector used by the +cipher encoded as a set of hexadecimal digits. After those two lines is +the base64-encoded encrypted data.

    +

    The encryption key is derived using EVP_BytesToKey(). The cipher's +initialization vector is passed to EVP_BytesToKey() as the salt +parameter. Internally, PKCS5_SALT_LEN bytes of the salt are used +(regardless of the size of the initialization vector). The user's +password is passed to EVP_BytesToKey() using the data and datal +parameters. Finally, the library uses an iteration count of 1 for +EVP_BytesToKey().

    +

    The key derived by EVP_BytesToKey() along with the original initialization +vector is then used to decrypt the encrypted data. The iv produced by +EVP_BytesToKey() is not utilized or needed, and NULL should be passed to +the function.

    +

    The pseudo code to derive the key would look similar to:

    +
    + EVP_CIPHER* cipher = EVP_des_ede3_cbc();
+ EVP_MD* md = EVP_md5();
    +
    + unsigned int nkey = EVP_CIPHER_key_length(cipher);
+ unsigned int niv = EVP_CIPHER_iv_length(cipher);
+ unsigned char key[nkey];
+ unsigned char iv[niv];
    +
    + memcpy(iv, HexToBin("3F17F5316E2BAC89"), niv);
+ rc = EVP_BytesToKey(cipher, md, iv /*salt*/, pword, plen, 1, key, NULL /*iv*/);
+ if (rc != nkey)
+     /* Error */
    +
    + /* On success, use key and iv to initialize the cipher */
    +

    +

    +
    +

    BUGS

    +

    The PEM read routines in some versions of OpenSSL will not correctly reuse +an existing structure. Therefore the following:

    +
    + PEM_read_bio_X509(bp, &x, 0, NULL);
    +

    where x already contains a valid certificate, may not work, whereas:

    +
    + X509_free(x);
+ x = PEM_read_bio_X509(bp, NULL, 0, NULL);
    +

    is guaranteed to work.

    +

    +

    +
    +

    RETURN VALUES

    +

    The read routines return either a pointer to the structure read or NULL +if an error occurred.

    +

    The write routines return 1 for success or 0 for failure.

    +

    +

    +
    +

    EXAMPLES

    +

    Although the PEM routines take several arguments in almost all applications +most of them are set to 0 or NULL.

    +

    Read a certificate in PEM format from a BIO:

    +
    + X509 *x;
    +
    + x = PEM_read_bio_X509(bp, NULL, 0, NULL);
+ if (x == NULL)
+     /* Error */
    +

    Alternative method:

    +
    + X509 *x = NULL;
    +
    + if (!PEM_read_bio_X509(bp, &x, 0, NULL))
+     /* Error */
    +

    Write a certificate to a BIO:

    +
    + if (!PEM_write_bio_X509(bp, x))
+     /* Error */
    +

    Write a private key (using traditional format) to a BIO using +triple DES encryption, the pass phrase is prompted for:

    +
    + if (!PEM_write_bio_PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, NULL))
+     /* Error */
    +

    Write a private key (using PKCS#8 format) to a BIO using triple +DES encryption, using the pass phrase "hello":

    +
    + if (!PEM_write_bio_PKCS8PrivateKey(bp, key, EVP_des_ede3_cbc(),
+                                    NULL, 0, 0, "hello"))
+     /* Error */
    +

    Read a private key from a BIO using a pass phrase callback:

    +
    + key = PEM_read_bio_PrivateKey(bp, NULL, pass_cb, "My Private Key");
+ if (key == NULL)
+     /* Error */
    +

    Skeleton pass phrase callback:

    +
    + int pass_cb(char *buf, int size, int rwflag, void *u)
+ {
    +
    +     /* We'd probably do something else if 'rwflag' is 1 */
+     printf("Enter pass phrase for \"%s\"\n", (char *)u);
    +
    +     /* get pass phrase, length 'len' into 'tmp' */
+     char *tmp = "hello";
+     if (tmp == NULL) /* An error occurred */
+         return -1;
    +
    +     size_t len = strlen(tmp);
    +
    +     if (len > size)
+         len = size;
+     memcpy(buf, tmp, len);
+     return len;
+ }
    +

    +

    +
    +

    SEE ALSO

    +

    EVP_EncryptInit(3), EVP_BytesToKey(3), +passphrase-encoding(7)

    +

    +

    +
    +

    HISTORY

    +

    The old Netscape certificate sequences were no longer documented +in OpenSSL 1.1.0; applications should use the PKCS7 standard instead +as they will be formally deprecated in a future releases.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/PEM_read_bio_ex.html b/linux_amd64/share/doc/openssl/html/man3/PEM_read_bio_ex.html new file mode 100755 index 0000000..540b2ac --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/PEM_read_bio_ex.html @@ -0,0 +1,106 @@ + + + + +PEM_read_bio_ex + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    PEM_read_bio_ex, PEM_FLAG_SECURE, PEM_FLAG_EAY_COMPATIBLE, +PEM_FLAG_ONLY_B64 - read PEM format files with custom processing

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/pem.h>
    +
    + #define PEM_FLAG_SECURE             0x1
+ #define PEM_FLAG_EAY_COMPATIBLE     0x2
+ #define PEM_FLAG_ONLY_B64           0x4
+ int PEM_read_bio_ex(BIO *in, char **name, char **header,
+                     unsigned char **data, long *len, unsigned int flags);
    +

    +

    +
    +

    DESCRIPTION

    +

    PEM_read_bio_ex() reads in PEM formatted data from an input BIO, outputting +the name of the type of contained data, the header information regarding +the possibly encrypted data, and the binary data payload (after base64 decoding). +It should generally only be used to implement PEM_read_bio_-family functions +for specific data types or other usage, but is exposed to allow greater flexibility +over how processing is performed, if needed.

    +

    If PEM_FLAG_SECURE is set, the intermediate buffers used to read in lines of +input are allocated from the secure heap.

    +

    If PEM_FLAG_EAY_COMPATIBLE is set, a simple algorithm is used to remove whitespace +and control characters from the end of each line, so as to be compatible with +the historical behavior of PEM_read_bio().

    +

    If PEM_FLAG_ONLY_B64 is set, all characters are required to be valid base64 +characters (or newlines); non-base64 characters are treated as end of input.

    +

    If neither PEM_FLAG_EAY_COMPATIBLE or PEM_FLAG_ONLY_B64 is set, control characters +are ignored.

    +

    If both PEM_FLAG_EAY_COMPATIBLE and PEM_FLAG_ONLY_B64 are set, an error is returned; +these options are not compatible with each other.

    +

    +

    +
    +

    NOTES

    +

    The caller must release the storage allocated for *name, *header, and *data. +If PEM_FLAG_SECURE was set, use OPENSSL_secure_free(); otherwise, +OPENSSL_free() is used.

    +

    +

    +
    +

    RETURN VALUES

    +

    PEM_read_bio_ex() returns 1 for success or 0 for failure.

    +

    +

    +
    +

    SEE ALSO

    +

    PEM_bytes_read_bio(3)

    +

    +

    +
    +

    HISTORY

    +

    The PEM_read_bio_ex() function was added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/PEM_write_bio_CMS_stream.html b/linux_amd64/share/doc/openssl/html/man3/PEM_write_bio_CMS_stream.html new file mode 100755 index 0000000..a8799c6 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/PEM_write_bio_CMS_stream.html @@ -0,0 +1,90 @@ + + + + +PEM_write_bio_CMS_stream + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    PEM_write_bio_CMS_stream - output CMS_ContentInfo structure in PEM format

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/cms.h>
    +
    + int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *data, int flags);
    +

    +

    +
    +

    DESCRIPTION

    +

    PEM_write_bio_CMS_stream() outputs a CMS_ContentInfo structure in PEM format.

    +

    It is otherwise identical to the function SMIME_write_CMS().

    +

    +

    +
    +

    NOTES

    +

    This function is effectively a version of the PEM_write_bio_CMS() supporting +streaming.

    +

    +

    +
    +

    RETURN VALUES

    +

    PEM_write_bio_CMS_stream() returns 1 for success or 0 for failure.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), CMS_sign(3), +CMS_verify(3), CMS_encrypt(3) +CMS_decrypt(3), +PEM_write(3), +SMIME_write_CMS(3), +i2d_CMS_bio_stream(3)

    +

    +

    +
    +

    HISTORY

    +

    The PEM_write_bio_CMS_stream() function was added in OpenSSL 1.0.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/PEM_write_bio_PKCS7_stream.html b/linux_amd64/share/doc/openssl/html/man3/PEM_write_bio_PKCS7_stream.html new file mode 100755 index 0000000..d730d93 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/PEM_write_bio_PKCS7_stream.html @@ -0,0 +1,89 @@ + + + + +PEM_write_bio_PKCS7_stream + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    PEM_write_bio_PKCS7_stream - output PKCS7 structure in PEM format

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/pkcs7.h>
    +
    + int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *data, int flags);
    +

    +

    +
    +

    DESCRIPTION

    +

    PEM_write_bio_PKCS7_stream() outputs a PKCS7 structure in PEM format.

    +

    It is otherwise identical to the function SMIME_write_PKCS7().

    +

    +

    +
    +

    NOTES

    +

    This function is effectively a version of the PEM_write_bio_PKCS7() supporting +streaming.

    +

    +

    +
    +

    RETURN VALUES

    +

    PEM_write_bio_PKCS7_stream() returns 1 for success or 0 for failure.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), PKCS7_sign(3), +PKCS7_verify(3), PKCS7_encrypt(3) +PKCS7_decrypt(3), +SMIME_write_PKCS7(3), +i2d_PKCS7_bio_stream(3)

    +

    +

    +
    +

    HISTORY

    +

    The PEM_write_bio_PKCS7_stream() function was added in OpenSSL 1.0.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/PKCS12_SAFEBAG_get0_attrs.html b/linux_amd64/share/doc/openssl/html/man3/PKCS12_SAFEBAG_get0_attrs.html new file mode 100755 index 0000000..44f2028 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/PKCS12_SAFEBAG_get0_attrs.html @@ -0,0 +1,83 @@ + + + + +PKCS12_SAFEBAG_get0_attrs + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    PKCS12_SAFEBAG_get0_attrs, PKCS12_get_attr_gen - Retrieve attributes from a PKCS#12 safeBag

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/pkcs12.h>
    +
    + const STACK_OF(X509_ATTRIBUTE) *PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag);
    +
    + ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs,
+                                int attr_nid)
    +

    +

    +
    +

    DESCRIPTION

    +

    PKCS12_SAFEBAG_get0_attrs() retrieves the stack of X509_ATTRIBUTEs from a +PKCS#12 safeBag. bag is the PKCS12_SAFEBAG to retrieve the attributes from.

    +

    PKCS12_get_attr_gen() retrieves an attribute by NID from a stack of +X509_ATTRIBUTEs. attr_nid is the NID of the attribute to retrieve.

    +

    +

    +
    +

    RETURN VALUES

    +

    PKCS12_SAFEBAG_get0_attrs() returns the stack of X509_ATTRIBUTEs from a +PKCS#12 safeBag, which could be empty.

    +

    PKCS12_get_attr_gen() returns an ASN1_TYPE object containing the attribute, +or NULL if the attribute was either not present or an error occurred.

    +

    PKCS12_get_attr_gen() does not allocate a new attribute. The returned attribute +is still owned by the PKCS12_SAFEBAG in which it resides.

    +

    +

    +
    +

    SEE ALSO

    +

    PKCS12_get_friendlyname(3), +PKCS12_add_friendlyname_asc(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/PKCS12_add_CSPName_asc.html b/linux_amd64/share/doc/openssl/html/man3/PKCS12_add_CSPName_asc.html new file mode 100755 index 0000000..d3df348 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/PKCS12_add_CSPName_asc.html @@ -0,0 +1,72 @@ + + + + +PKCS12_add_CSPName_asc + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    PKCS12_add_CSPName_asc - Add a Microsoft CSP Name attribute to a PKCS#12 safeBag

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/pkcs12.h>
    +
    + int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name, int namelen);
    +

    +

    +
    +

    DESCRIPTION

    +

    PKCS12_add_CSPName_asc() adds an ASCII string representation of the Microsoft CSP Name attribute to a PKCS#12 safeBag.

    +

    bag is the PKCS12_SAFEBAG to add the attribute to.

    +

    +

    +
    +

    RETURN VALUES

    +

    Returns 1 for success or 0 for failure.

    +

    +

    +
    +

    SEE ALSO

    +

    PKCS12_add_friendlyname_asc(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/PKCS12_add_friendlyname_asc.html b/linux_amd64/share/doc/openssl/html/man3/PKCS12_add_friendlyname_asc.html new file mode 100755 index 0000000..0f6515f --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/PKCS12_add_friendlyname_asc.html @@ -0,0 +1,86 @@ + + + + +PKCS12_add_friendlyname_asc + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    PKCS12_add_friendlyname_asc, PKCS12_add_friendlyname_utf8, +PKCS12_add_friendlyname_uni - Functions to add the friendlyname attribute to a +PKCS#12 safeBag

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/pkcs12.h>
    +
    + int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name,
+                                 int namelen);
    +
    + int PKCS12_add_friendlyname_utf8(PKCS12_SAFEBAG *bag, const char *name,
+                                 int namelen);
    +
    + int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag,
+                                 const unsigned char *name, int namelen);
    +

    +

    +
    +

    DESCRIPTION

    +

    PKCS12_add_friendlyname_asc() adds an ASCII string representation of the PKCS#9 +friendlyName attribute to a PKCS#12 safeBag.

    +

    PKCS12_add_friendlyname_utf8() adds a UTF-8 string representation of the PKCS#9 +friendlyName attribute to a PKCS#12 safeBag.

    +

    PKCS12_add_friendlyname_uni() adds a Unicode string representation of the PKCS#9 +friendlyName attribute to a PKCS#12 safeBag.

    +

    bag is the PKCS12_SAFEBAG to add the attribute to.

    +

    +

    +
    +

    RETURN VALUES

    +

    Returns 1 for success or 0 for failure.

    +

    +

    +
    +

    SEE ALSO

    +

    PKCS12_get_friendlyname(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/PKCS12_add_localkeyid.html b/linux_amd64/share/doc/openssl/html/man3/PKCS12_add_localkeyid.html new file mode 100755 index 0000000..08c68bc --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/PKCS12_add_localkeyid.html @@ -0,0 +1,74 @@ + + + + +PKCS12_add_localkeyid + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    PKCS12_add_localkeyid - Add the localKeyId attribute to a PKCS#12 safeBag

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/pkcs12.h>
    +
    + int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, const char *name,
+                           int namelen);
    +

    +

    +
    +

    DESCRIPTION

    +

    PKCS12_add_localkeyid() adds an octet string representation of the PKCS#9 +localKeyId attribute to a PKCS#12 safeBag.

    +

    bag is the PKCS12_SAFEBAG to add the attribute to.

    +

    +

    +
    +

    RETURN VALUES

    +

    Returns 1 for success or 0 for failure.

    +

    +

    +
    +

    SEE ALSO

    +

    PKCS12_add_friendlyname_asc(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/PKCS12_create.html b/linux_amd64/share/doc/openssl/html/man3/PKCS12_create.html new file mode 100755 index 0000000..c60ef5b --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/PKCS12_create.html @@ -0,0 +1,115 @@ + + + + +PKCS12_create + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    PKCS12_create - create a PKCS#12 structure

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/pkcs12.h>
    +
    + PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey,
+                       X509 *cert, STACK_OF(X509) *ca,
+                       int nid_key, int nid_cert, int iter, int mac_iter, int keytype);
    +

    +

    +
    +

    DESCRIPTION

    +

    PKCS12_create() creates a PKCS#12 structure.

    +

    pass is the passphrase to use. name is the friendlyName to use for +the supplied certificate and key. pkey is the private key to include in +the structure and cert its corresponding certificates. ca, if not NULL +is an optional set of certificates to also include in the structure.

    +

    nid_key and nid_cert are the encryption algorithms that should be used +for the key and certificate respectively. The modes +GCM, CCM, XTS, and OCB are unsupported. iter is the encryption algorithm +iteration count to use and mac_iter is the MAC iteration count to use. +keytype is the type of key.

    +

    +

    +
    +

    NOTES

    +

    The parameters nid_key, nid_cert, iter, mac_iter and keytype +can all be set to zero and sensible defaults will be used.

    +

    These defaults are: 40 bit RC2 encryption for certificates, triple DES +encryption for private keys, a key iteration count of PKCS12_DEFAULT_ITER +(currently 2048) and a MAC iteration count of 1.

    +

    The default MAC iteration count is 1 in order to retain compatibility with +old software which did not interpret MAC iteration counts. If such compatibility +is not required then mac_iter should be set to PKCS12_DEFAULT_ITER.

    +

    keytype adds a flag to the store private key. This is a non standard extension +that is only currently interpreted by MSIE. If set to zero the flag is omitted, +if set to KEY_SIG the key can be used for signing only, if set to KEY_EX +it can be used for signing and encryption. This option was useful for old +export grade software which could use signing only keys of arbitrary size but +had restrictions on the permissible sizes of keys which could be used for +encryption.

    +

    If a certificate contains an alias or keyid then this will be +used for the corresponding friendlyName or localKeyID in the +PKCS12 structure.

    +

    Either pkey, cert or both can be NULL to indicate that no key or +certificate is required. In previous versions both had to be present or +a fatal error is returned.

    +

    nid_key or nid_cert can be set to -1 indicating that no encryption +should be used.

    +

    mac_iter can be set to -1 and the MAC will then be omitted entirely.

    +

    PKCS12_create() makes assumptions regarding the encoding of the given pass +phrase. +See passphrase-encoding(7) for more information.

    +

    +

    +
    +

    RETURN VALUES

    +

    PKCS12_create() returns a valid PKCS12 structure or NULL if an error occurred.

    +

    +

    +
    +

    SEE ALSO

    +

    d2i_PKCS12(3), +passphrase-encoding(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/PKCS12_get_friendlyname.html b/linux_amd64/share/doc/openssl/html/man3/PKCS12_get_friendlyname.html new file mode 100755 index 0000000..83c777d --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/PKCS12_get_friendlyname.html @@ -0,0 +1,74 @@ + + + + +PKCS12_get_friendlyname + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    PKCS12_get_friendlyname - Retrieve the friendlyname attribute from a PKCS#12 safeBag

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/pkcs12.h>
    +
    + char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag);
    +

    +

    +
    +

    DESCRIPTION

    +

    PKCS12_get_friendlyname() retrieves a UTF-8 string representation of the PKCS#9 +friendlyName attribute for a PKCS#12 safeBag item.

    +

    bag is the PKCS12_SAFEBAG to retrieve the attribute from.

    +

    +

    +
    +

    RETURN VALUES

    +

    A UTF-8 string, or NULL if the attribute was either not present or an error occurred.

    +

    The returned string is allocated by OpenSSL and should be freed by the user.

    +

    +

    +
    +

    SEE ALSO

    +

    PKCS12_add_friendlyname_asc(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/PKCS12_newpass.html b/linux_amd64/share/doc/openssl/html/man3/PKCS12_newpass.html new file mode 100755 index 0000000..83aca33 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/PKCS12_newpass.html @@ -0,0 +1,148 @@ + + + + +PKCS12_newpass + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    PKCS12_newpass - change the password of a PKCS12 structure

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/pkcs12.h>
    +
    + int PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass);
    +

    +

    +
    +

    DESCRIPTION

    +

    PKCS12_newpass() changes the password of a PKCS12 structure.

    +

    p12 is a pointer to a PKCS12 structure. oldpass is the existing password +and newpass is the new password.

    +

    Each of oldpass and newpass is independently interpreted as a string in +the UTF-8 encoding. If it is not valid UTF-8, it is assumed to be ISO8859-1 +instead.

    +

    In particular, this means that passwords in the locale character set +(or code page on Windows) must potentially be converted to UTF-8 before +use. This may include passwords from local text files, or input from +the terminal or command line. Refer to the documentation of +UI_OpenSSL(3), for example.

    +

    If the PKCS#12 structure does not have a password, then you must use the empty +string "" for oldpass. Using NULL for oldpass will result in a +PKCS12_newpass() failure.

    +

    If the wrong password is used for oldpass then the function will fail, +with a MAC verification error. In rare cases the PKCS12 structure does not +contain a MAC: in this case it will usually fail with a decryption padding +error.

    +

    +

    +
    +

    RETURN VALUES

    +

    PKCS12_newpass() returns 1 on success or 0 on failure. Applications can +retrieve the most recent error from PKCS12_newpass() with ERR_get_error().

    +

    +

    +
    +

    EXAMPLES

    +

    This example loads a PKCS#12 file, changes its password and writes out +the result to a new file.

    +
    + #include <stdio.h>
+ #include <stdlib.h>
+ #include <openssl/pem.h>
+ #include <openssl/err.h>
+ #include <openssl/pkcs12.h>
    +
    + int main(int argc, char **argv)
+ {
+     FILE *fp;
+     PKCS12 *p12;
    +
    +     if (argc != 5) {
+         fprintf(stderr, "Usage: pkread p12file password newpass opfile\n");
+         return 1;
+     }
+     if ((fp = fopen(argv[1], "rb")) == NULL) {
+         fprintf(stderr, "Error opening file %s\n", argv[1]);
+         return 1;
+     }
+     p12 = d2i_PKCS12_fp(fp, NULL);
+     fclose(fp);
+     if (p12 == NULL) {
+         fprintf(stderr, "Error reading PKCS#12 file\n");
+         ERR_print_errors_fp(stderr);
+         return 1;
+     }
+     if (PKCS12_newpass(p12, argv[2], argv[3]) == 0) {
+         fprintf(stderr, "Error changing password\n");
+         ERR_print_errors_fp(stderr);
+         PKCS12_free(p12);
+         return 1;
+     }
+     if ((fp = fopen(argv[4], "wb")) == NULL) {
+         fprintf(stderr, "Error opening file %s\n", argv[4]);
+         PKCS12_free(p12);
+         return 1;
+     }
+     i2d_PKCS12_fp(fp, p12);
+     PKCS12_free(p12);
+     fclose(fp);
+     return 0;
+ }
    +

    +

    +
    +

    BUGS

    +

    The password format is a NULL terminated ASCII string which is converted to +Unicode form internally. As a result some passwords cannot be supplied to +this function.

    +

    +

    +
    +

    SEE ALSO

    +

    PKCS12_create(3), ERR_get_error(3), +passphrase-encoding(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/PKCS12_parse.html b/linux_amd64/share/doc/openssl/html/man3/PKCS12_parse.html new file mode 100755 index 0000000..e0920b2 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/PKCS12_parse.html @@ -0,0 +1,107 @@ + + + + +PKCS12_parse + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    PKCS12_parse - parse a PKCS#12 structure

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/pkcs12.h>
    +
    + int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
+                  STACK_OF(X509) **ca);
    +

    +

    +
    +

    DESCRIPTION

    +

    PKCS12_parse() parses a PKCS12 structure.

    +

    p12 is the PKCS12 structure to parse. pass is the passphrase to use. +If successful the private key will be written to *pkey, the corresponding +certificate to *cert and any additional certificates to *ca.

    +

    +

    +
    +

    NOTES

    +

    The parameters pkey and cert cannot be NULL. ca can be <NULL> in +which case additional certificates will be discarded. *ca can also be a +valid STACK in which case additional certificates are appended to *ca. If +*ca is NULL a new STACK will be allocated.

    +

    The friendlyName and localKeyID attributes (if present) on each +certificate will be stored in the alias and keyid attributes of the +X509 structure.

    +

    The parameter pass is interpreted as a string in the UTF-8 encoding. If it +is not valid UTF-8, then it is assumed to be ISO8859-1 instead.

    +

    In particular, this means that passwords in the locale character set +(or code page on Windows) must potentially be converted to UTF-8 before +use. This may include passwords from local text files, or input from +the terminal or command line. Refer to the documentation of +UI_OpenSSL(3), for example.

    +

    +

    +
    +

    RETURN VALUES

    +

    PKCS12_parse() returns 1 for success and zero if an error occurred.

    +

    The error can be obtained from ERR_get_error(3)

    +

    +

    +
    +

    BUGS

    +

    Only a single private key and corresponding certificate is returned by this +function. More complex PKCS#12 files with multiple private keys will only +return the first match.

    +

    Only friendlyName and localKeyID attributes are currently stored in +certificates. Other attributes are discarded.

    +

    Attributes currently cannot be stored in the private key EVP_PKEY structure.

    +

    +

    +
    +

    SEE ALSO

    +

    d2i_PKCS12(3), +passphrase-encoding(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/PKCS5_PBKDF2_HMAC.html b/linux_amd64/share/doc/openssl/html/man3/PKCS5_PBKDF2_HMAC.html new file mode 100755 index 0000000..0d880eb --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/PKCS5_PBKDF2_HMAC.html @@ -0,0 +1,109 @@ + + + + +PKCS5_PBKDF2_HMAC + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    PKCS5_PBKDF2_HMAC, PKCS5_PBKDF2_HMAC_SHA1 - password based derivation routines with salt and iteration count

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
+                       const unsigned char *salt, int saltlen, int iter,
+                       const EVP_MD *digest,
+                       int keylen, unsigned char *out);
    +
    + int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
+                            const unsigned char *salt, int saltlen, int iter,
+                            int keylen, unsigned char *out);
    +

    +

    +
    +

    DESCRIPTION

    +

    PKCS5_PBKDF2_HMAC() derives a key from a password using a salt and iteration count +as specified in RFC 2898.

    +

    pass is the password used in the derivation of length passlen. pass +is an optional parameter and can be NULL. If passlen is -1, then the +function will calculate the length of pass using strlen().

    +

    salt is the salt used in the derivation of length saltlen. If the +salt is NULL, then saltlen must be 0. The function will not +attempt to calculate the length of the salt because it is not assumed to +be NULL terminated.

    +

    iter is the iteration count and its value should be greater than or +equal to 1. RFC 2898 suggests an iteration count of at least 1000. Any +iter less than 1 is treated as a single iteration.

    +

    digest is the message digest function used in the derivation. Values include +any of the EVP_* message digests. PKCS5_PBKDF2_HMAC_SHA1() calls +PKCS5_PBKDF2_HMAC() with EVP_sha1().

    +

    The derived key will be written to out. The size of the out buffer +is specified via keylen.

    +

    +

    +
    +

    NOTES

    +

    A typical application of this function is to derive keying material for an +encryption algorithm from a password in the pass, a salt in salt, +and an iteration count.

    +

    Increasing the iter parameter slows down the algorithm which makes it +harder for an attacker to perform a brute force attack using a large number +of candidate passwords.

    +

    These functions make no assumption regarding the given password. +It will simply be treated as a byte sequence.

    +

    +

    +
    +

    RETURN VALUES

    +

    PKCS5_PBKDF2_HMAC() and PBKCS5_PBKDF2_HMAC_SHA1() return 1 on success or 0 on error.

    +

    +

    +
    +

    SEE ALSO

    +

    evp(7), RAND_bytes(3), +EVP_BytesToKey(3), +passphrase-encoding(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/PKCS7_decrypt.html b/linux_amd64/share/doc/openssl/html/man3/PKCS7_decrypt.html new file mode 100755 index 0000000..1ee7d7e --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/PKCS7_decrypt.html @@ -0,0 +1,95 @@ + + + + +PKCS7_decrypt + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    PKCS7_decrypt - decrypt content from a PKCS#7 envelopedData structure

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/pkcs7.h>
    +
    + int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags);
    +

    +

    +
    +

    DESCRIPTION

    +

    PKCS7_decrypt() extracts and decrypts the content from a PKCS#7 envelopedData +structure. pkey is the private key of the recipient, cert is the +recipients certificate, data is a BIO to write the content to and +flags is an optional set of flags.

    +

    +

    +
    +

    NOTES

    +

    Although the recipients certificate is not needed to decrypt the data it is needed +to locate the appropriate (of possible several) recipients in the PKCS#7 structure.

    +

    The following flags can be passed in the flags parameter.

    +

    If the PKCS7_TEXT flag is set MIME headers for type text/plain are deleted +from the content. If the content is not of type text/plain then an error is +returned.

    +

    +

    +
    +

    RETURN VALUES

    +

    PKCS7_decrypt() returns either 1 for success or 0 for failure. +The error can be obtained from ERR_get_error(3)

    +

    +

    +
    +

    BUGS

    +

    PKCS7_decrypt() must be passed the correct recipient key and certificate. It would +be better if it could look up the correct key and certificate from a database.

    +

    The lack of single pass processing and need to hold all data in memory as +mentioned in PKCS7_sign() also applies to PKCS7_verify().

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), PKCS7_encrypt(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/PKCS7_encrypt.html b/linux_amd64/share/doc/openssl/html/man3/PKCS7_encrypt.html new file mode 100755 index 0000000..675351d --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/PKCS7_encrypt.html @@ -0,0 +1,113 @@ + + + + +PKCS7_encrypt + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    PKCS7_encrypt - create a PKCS#7 envelopedData structure

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/pkcs7.h>
    +
    + PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
+                      int flags);
    +

    +

    +
    +

    DESCRIPTION

    +

    PKCS7_encrypt() creates and returns a PKCS#7 envelopedData structure. certs +is a list of recipient certificates. in is the content to be encrypted. +cipher is the symmetric cipher to use. flags is an optional set of flags.

    +

    Only RSA keys are supported in PKCS#7 and envelopedData so the recipient +certificates supplied to this function must all contain RSA public keys, though +they do not have to be signed using the RSA algorithm.

    +

    EVP_des_ede3_cbc() (triple DES) is the algorithm of choice for S/MIME use +because most clients will support it.

    +

    Some old "export grade" clients may only support weak encryption using 40 or 64 +bit RC2. These can be used by passing EVP_rc2_40_cbc() and EVP_rc2_64_cbc() +respectively.

    +

    The algorithm passed in the cipher parameter must support ASN1 encoding of +its parameters.

    +

    Many browsers implement a "sign and encrypt" option which is simply an S/MIME +envelopedData containing an S/MIME signed message. This can be readily produced +by storing the S/MIME signed message in a memory BIO and passing it to +PKCS7_encrypt().

    +

    The following flags can be passed in the flags parameter.

    +

    If the PKCS7_TEXT flag is set MIME headers for type text/plain are +prepended to the data.

    +

    Normally the supplied content is translated into MIME canonical format (as +required by the S/MIME specifications) if PKCS7_BINARY is set no translation +occurs. This option should be used if the supplied data is in binary format +otherwise the translation will corrupt it. If PKCS7_BINARY is set then +PKCS7_TEXT is ignored.

    +

    If the PKCS7_STREAM flag is set a partial PKCS7 structure is output +suitable for streaming I/O: no data is read from the BIO in.

    +

    If the flag PKCS7_STREAM is set the returned PKCS7 structure is not +complete and outputting its contents via a function that does not +properly finalize the PKCS7 structure will give unpredictable +results.

    +

    Several functions including SMIME_write_PKCS7(), i2d_PKCS7_bio_stream(), +PEM_write_bio_PKCS7_stream() finalize the structure. Alternatively finalization +can be performed by obtaining the streaming ASN1 BIO directly using +BIO_new_PKCS7().

    +

    +

    +
    +

    RETURN VALUES

    +

    PKCS7_encrypt() returns either a PKCS7 structure or NULL if an error occurred. +The error can be obtained from ERR_get_error(3).

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), PKCS7_decrypt(3)

    +

    +

    +
    +

    HISTORY

    +

    The PKCS7_STREAM flag was added in OpenSSL 1.0.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/PKCS7_sign.html b/linux_amd64/share/doc/openssl/html/man3/PKCS7_sign.html new file mode 100755 index 0000000..d573da6 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/PKCS7_sign.html @@ -0,0 +1,143 @@ + + + + +PKCS7_sign + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    PKCS7_sign - create a PKCS#7 signedData structure

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/pkcs7.h>
    +
    + PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
+                   BIO *data, int flags);
    +

    +

    +
    +

    DESCRIPTION

    +

    PKCS7_sign() creates and returns a PKCS#7 signedData structure. signcert is +the certificate to sign with, pkey is the corresponding private key. +certs is an optional additional set of certificates to include in the PKCS#7 +structure (for example any intermediate CAs in the chain).

    +

    The data to be signed is read from BIO data.

    +

    flags is an optional set of flags.

    +

    Any of the following flags (ored together) can be passed in the flags +parameter.

    +

    Many S/MIME clients expect the signed content to include valid MIME headers. If +the PKCS7_TEXT flag is set MIME headers for type text/plain are prepended +to the data.

    +

    If PKCS7_NOCERTS is set the signer's certificate will not be included in the +PKCS7 structure, the signer's certificate must still be supplied in the +signcert parameter though. This can reduce the size of the signature if the +signers certificate can be obtained by other means: for example a previously +signed message.

    +

    The data being signed is included in the PKCS7 structure, unless +PKCS7_DETACHED is set in which case it is omitted. This is used for PKCS7 +detached signatures which are used in S/MIME plaintext signed messages for +example.

    +

    Normally the supplied content is translated into MIME canonical format (as +required by the S/MIME specifications) if PKCS7_BINARY is set no translation +occurs. This option should be used if the supplied data is in binary format +otherwise the translation will corrupt it.

    +

    The signedData structure includes several PKCS#7 authenticatedAttributes +including the signing time, the PKCS#7 content type and the supported list of +ciphers in an SMIMECapabilities attribute. If PKCS7_NOATTR is set then no +authenticatedAttributes will be used. If PKCS7_NOSMIMECAP is set then just +the SMIMECapabilities are omitted.

    +

    If present the SMIMECapabilities attribute indicates support for the following +algorithms: triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2. If any of +these algorithms is disabled then it will not be included.

    +

    If the flags PKCS7_STREAM is set then the returned PKCS7 structure is +just initialized ready to perform the signing operation. The signing is however +not performed and the data to be signed is not read from the data +parameter. Signing is deferred until after the data has been written. In this +way data can be signed in a single pass.

    +

    If the PKCS7_PARTIAL flag is set a partial PKCS7 structure is output to +which additional signers and capabilities can be added before finalization.

    +

    If the flag PKCS7_STREAM is set the returned PKCS7 structure is not +complete and outputting its contents via a function that does not properly +finalize the PKCS7 structure will give unpredictable results.

    +

    Several functions including SMIME_write_PKCS7(), i2d_PKCS7_bio_stream(), +PEM_write_bio_PKCS7_stream() finalize the structure. Alternatively finalization +can be performed by obtaining the streaming ASN1 BIO directly using +BIO_new_PKCS7().

    +

    If a signer is specified it will use the default digest for the signing +algorithm. This is SHA1 for both RSA and DSA keys.

    +

    The certs, signcert and pkey parameters can all be +NULL if the PKCS7_PARTIAL flag is set. One or more signers can be added +using the function PKCS7_sign_add_signer(). PKCS7_final() must also be +called to finalize the structure if streaming is not enabled. Alternative +signing digests can also be specified using this method.

    +

    If signcert and pkey are NULL then a certificates only +PKCS#7 structure is output.

    +

    In versions of OpenSSL before 1.0.0 the signcert and pkey parameters must +NOT be NULL.

    +

    +

    +
    +

    BUGS

    +

    Some advanced attributes such as counter signatures are not supported.

    +

    +

    +
    +

    RETURN VALUES

    +

    PKCS7_sign() returns either a valid PKCS7 structure or NULL if an error +occurred. The error can be obtained from ERR_get_error(3).

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), PKCS7_verify(3)

    +

    +

    +
    +

    HISTORY

    +

    The PKCS7_PARTIAL flag, and the ability for certs, signcert, +and pkey parameters to be NULL were added in OpenSSL 1.0.0.

    +

    The PKCS7_STREAM flag was added in OpenSSL 1.0.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/PKCS7_sign_add_signer.html b/linux_amd64/share/doc/openssl/html/man3/PKCS7_sign_add_signer.html new file mode 100755 index 0000000..e3796ca --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/PKCS7_sign_add_signer.html @@ -0,0 +1,125 @@ + + + + +PKCS7_sign_add_signer + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    PKCS7_sign_add_signer - add a signer PKCS7 signed data structure

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/pkcs7.h>
    +
    + PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert,
+                                          EVP_PKEY *pkey, const EVP_MD *md, int flags);
    +

    +

    +
    +

    DESCRIPTION

    +

    PKCS7_sign_add_signer() adds a signer with certificate signcert and private +key pkey using message digest md to a PKCS7 signed data structure +p7.

    +

    The PKCS7 structure should be obtained from an initial call to PKCS7_sign() +with the flag PKCS7_PARTIAL set or in the case or re-signing a valid PKCS7 +signed data structure.

    +

    If the md parameter is NULL then the default digest for the public +key algorithm will be used.

    +

    Unless the PKCS7_REUSE_DIGEST flag is set the returned PKCS7 structure +is not complete and must be finalized either by streaming (if applicable) or +a call to PKCS7_final().

    +

    +

    +
    +

    NOTES

    +

    The main purpose of this function is to provide finer control over a PKCS#7 +signed data structure where the simpler PKCS7_sign() function defaults are +not appropriate. For example if multiple signers or non default digest +algorithms are needed.

    +

    Any of the following flags (ored together) can be passed in the flags +parameter.

    +

    If PKCS7_REUSE_DIGEST is set then an attempt is made to copy the content +digest value from the PKCS7 structure: to add a signer to an existing structure. +An error occurs if a matching digest value cannot be found to copy. The +returned PKCS7 structure will be valid and finalized when this flag is set.

    +

    If PKCS7_PARTIAL is set in addition to PKCS7_REUSE_DIGEST then the +PKCS7_SIGNER_INO structure will not be finalized so additional attributes +can be added. In this case an explicit call to PKCS7_SIGNER_INFO_sign() is +needed to finalize it.

    +

    If PKCS7_NOCERTS is set the signer's certificate will not be included in the +PKCS7 structure, the signer's certificate must still be supplied in the +signcert parameter though. This can reduce the size of the signature if the +signers certificate can be obtained by other means: for example a previously +signed message.

    +

    The signedData structure includes several PKCS#7 authenticatedAttributes +including the signing time, the PKCS#7 content type and the supported list of +ciphers in an SMIMECapabilities attribute. If PKCS7_NOATTR is set then no +authenticatedAttributes will be used. If PKCS7_NOSMIMECAP is set then just +the SMIMECapabilities are omitted.

    +

    If present the SMIMECapabilities attribute indicates support for the following +algorithms: triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2. If any of +these algorithms is disabled then it will not be included.

    +

    PKCS7_sign_add_signers() returns an internal pointer to the PKCS7_SIGNER_INFO +structure just added, this can be used to set additional attributes +before it is finalized.

    +

    +

    +
    +

    RETURN VALUES

    +

    PKCS7_sign_add_signers() returns an internal pointer to the PKCS7_SIGNER_INFO +structure just added or NULL if an error occurs.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), PKCS7_sign(3), +PKCS7_final(3),

    +

    +

    +
    +

    HISTORY

    +

    The PPKCS7_sign_add_signer() function was added in OpenSSL 1.0.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/PKCS7_verify.html b/linux_amd64/share/doc/openssl/html/man3/PKCS7_verify.html new file mode 100755 index 0000000..63f56b6 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/PKCS7_verify.html @@ -0,0 +1,154 @@ + + + + +PKCS7_verify + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    PKCS7_verify, PKCS7_get0_signers - verify a PKCS#7 signedData structure

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/pkcs7.h>
    +
    + int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
+                  BIO *indata, BIO *out, int flags);
    +
    + STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags);
    +

    +

    +
    +

    DESCRIPTION

    +

    PKCS7_verify() verifies a PKCS#7 signedData structure. p7 is the PKCS7 +structure to verify. certs is a set of certificates in which to search for +the signer's certificate. store is a trusted certificate store (used for +chain verification). indata is the signed data if the content is not +present in p7 (that is it is detached). The content is written to out +if it is not NULL.

    +

    flags is an optional set of flags, which can be used to modify the verify +operation.

    +

    PKCS7_get0_signers() retrieves the signer's certificates from p7, it does +not check their validity or whether any signatures are valid. The certs +and flags parameters have the same meanings as in PKCS7_verify().

    +

    +

    +
    +

    VERIFY PROCESS

    +

    Normally the verify process proceeds as follows.

    +

    Initially some sanity checks are performed on p7. The type of p7 must +be signedData. There must be at least one signature on the data and if +the content is detached indata cannot be NULL. If the content is +not detached and indata is not NULL, then the structure has both +embedded and external content. To treat this as an error, use the flag +PKCS7_NO_DUAL_CONTENT. +The default behavior allows this, for compatibility with older +versions of OpenSSL.

    +

    An attempt is made to locate all the signer's certificates, first looking in +the certs parameter (if it is not NULL) and then looking in any certificates +contained in the p7 structure itself. If any signer's certificates cannot be +located the operation fails.

    +

    Each signer's certificate is chain verified using the smimesign purpose and +the supplied trusted certificate store. Any internal certificates in the message +are used as untrusted CAs. If any chain verify fails an error code is returned.

    +

    Finally the signed content is read (and written to out is it is not NULL) and +the signature's checked.

    +

    If all signature's verify correctly then the function is successful.

    +

    Any of the following flags (ored together) can be passed in the flags parameter +to change the default verify behaviour. Only the flag PKCS7_NOINTERN is +meaningful to PKCS7_get0_signers().

    +

    If PKCS7_NOINTERN is set the certificates in the message itself are not +searched when locating the signer's certificate. This means that all the signers +certificates must be in the certs parameter.

    +

    If the PKCS7_TEXT flag is set MIME headers for type text/plain are deleted +from the content. If the content is not of type text/plain then an error is +returned.

    +

    If PKCS7_NOVERIFY is set the signer's certificates are not chain verified.

    +

    If PKCS7_NOCHAIN is set then the certificates contained in the message are +not used as untrusted CAs. This means that the whole verify chain (apart from +the signer's certificate) must be contained in the trusted store.

    +

    If PKCS7_NOSIGS is set then the signatures on the data are not checked.

    +

    +

    +
    +

    NOTES

    +

    One application of PKCS7_NOINTERN is to only accept messages signed by +a small number of certificates. The acceptable certificates would be passed +in the certs parameter. In this case if the signer is not one of the +certificates supplied in certs then the verify will fail because the +signer cannot be found.

    +

    Care should be taken when modifying the default verify behaviour, for example +setting PKCS7_NOVERIFY|PKCS7_NOSIGS will totally disable all verification +and any signed message will be considered valid. This combination is however +useful if one merely wishes to write the content to out and its validity +is not considered important.

    +

    Chain verification should arguably be performed using the signing time rather +than the current time. However since the signing time is supplied by the +signer it cannot be trusted without additional evidence (such as a trusted +timestamp).

    +

    +

    +
    +

    RETURN VALUES

    +

    PKCS7_verify() returns one for a successful verification and zero +if an error occurs.

    +

    PKCS7_get0_signers() returns all signers or NULL if an error occurred.

    +

    The error can be obtained from ERR_get_error(3)

    +

    +

    +
    +

    BUGS

    +

    The trusted certificate store is not searched for the signers certificate, +this is primarily due to the inadequacies of the current X509_STORE +functionality.

    +

    The lack of single pass processing and need to hold all data in memory as +mentioned in PKCS7_sign() also applies to PKCS7_verify().

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), PKCS7_sign(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/PKCS8_pkey_add1_attr.html b/linux_amd64/share/doc/openssl/html/man3/PKCS8_pkey_add1_attr.html new file mode 100755 index 0000000..6f2f646 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/PKCS8_pkey_add1_attr.html @@ -0,0 +1,91 @@ + + + + +PKCS8_pkey_add1_attr + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    PKCS8_pkey_get0_attrs, PKCS8_pkey_add1_attr, PKCS8_pkey_add1_attr_by_NID, PKCS8_pkey_add1_attr_by_OBJ - PKCS8 attribute functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509.h>
    +
    + const STACK_OF(X509_ATTRIBUTE) *
+ PKCS8_pkey_get0_attrs(const PKCS8_PRIV_KEY_INFO *p8);
+ int PKCS8_pkey_add1_attr(PKCS8_PRIV_KEY_INFO *p8, X509_ATTRIBUTE *attr);
+ int PKCS8_pkey_add1_attr_by_NID(PKCS8_PRIV_KEY_INFO *p8, int nid, int type,
+                                 const unsigned char *bytes, int len);
+ int PKCS8_pkey_add1_attr_by_OBJ(PKCS8_PRIV_KEY_INFO *p8, const ASN1_OBJECT *obj,
+                                int type, const unsigned char *bytes, int len);
    +

    +

    +
    +

    DESCRIPTION

    +

    PKCS8_pkey_get0_attrs() returns a const STACK of X509_ATTRIBUTE present in +the passed const PKCS8_PRIV_KEY_INFO structure p8.

    +

    PKCS8_pkey_add1_attr() adds a constructed X509_ATTRIBUTE attr to the +existing PKCS8_PRIV_KEY_INFO structure p8.

    +

    PKCS8_pkey_add1_attr_by_NID() and PKCS8_pkey_add1_attr_by_OBJ() construct a new +X509_ATTRIBUTE from the passed arguments and add it to the existing +PKCS8_PRIV_KEY_INFO structure p8.

    +

    +

    +
    +

    RETURN VALUES

    +

    PKCS8_pkey_add1_attr(), PKCS8_pkey_add1_attr_by_NID(), and +PKCS8_pkey_add1_attr_by_OBJ() return 1 for success and 0 for failure.

    +

    +

    +
    +

    NOTES

    +

    STACK of X509_ATTRIBUTE is present in many X509-related structures and some of +them have the corresponding set of similar functions.

    +

    +

    +
    +

    SEE ALSO

    +

    crypto(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/RAND_DRBG_generate.html b/linux_amd64/share/doc/openssl/html/man3/RAND_DRBG_generate.html new file mode 100755 index 0000000..f4f1227 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/RAND_DRBG_generate.html @@ -0,0 +1,124 @@ + + + + +RAND_DRBG_generate + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    RAND_DRBG_generate, +RAND_DRBG_bytes +- generate random bytes using the given drbg instance

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/rand_drbg.h>
    +
    + int RAND_DRBG_generate(RAND_DRBG *drbg,
+                        unsigned char *out, size_t outlen,
+                        int prediction_resistance,
+                        const unsigned char *adin, size_t adinlen);
    +
    + int RAND_DRBG_bytes(RAND_DRBG *drbg,
+                     unsigned char *out, size_t outlen);
    +

    +

    +
    +

    DESCRIPTION

    +

    RAND_DRBG_generate() generates outlen random bytes using the given +DRBG instance drbg and stores them in the buffer at out.

    +

    Before generating the output, the DRBG instance checks whether the maximum +number of generate requests (reseed interval) or the maximum timespan +(reseed time interval) since its last seeding have been reached. +If this is the case, the DRBG reseeds automatically. +Additionally, an immediate reseeding can be requested by setting the +prediction_resistance flag to 1. +Requesting prediction resistance is a relative expensive operation. +See NOTES section for more details.

    +

    The caller can optionally provide additional data to be used for reseeding +by passing a pointer adin to a buffer of length adinlen. +This additional data is mixed into the internal state of the random +generator but does not contribute to the entropy count. +The additional data can be omitted by setting adin to NULL and +adinlen to 0;

    +

    RAND_DRBG_bytes() generates outlen random bytes using the given +DRBG instance drbg and stores them in the buffer at out. +This function is a wrapper around the RAND_DRBG_generate() call, +which collects some additional data from low entropy sources +(e.g., a high resolution timer) and calls +RAND_DRBG_generate(drbg, out, outlen, 0, adin, adinlen).

    +

    +

    +
    +

    RETURN VALUES

    +

    RAND_DRBG_generate() and RAND_DRBG_bytes() return 1 on success, +and 0 on failure.

    +

    +

    +
    +

    NOTES

    +

    The reseed interval and reseed time interval of the drbg are set to +reasonable default values, which in general do not have to be adjusted. +If necessary, they can be changed using RAND_DRBG_set_reseed_interval(3) +and RAND_DRBG_set_reseed_time_interval(3), respectively.

    +

    A request for prediction resistance can only be satisfied by pulling fresh +entropy from a live entropy source (section 5.5.2 of [NIST SP 800-90C]). +It is up to the user to ensure that a live entropy source is configured +and is being used.

    +

    +

    +
    +

    SEE ALSO

    +

    RAND_bytes(3), +RAND_DRBG_set_reseed_interval(3), +RAND_DRBG_set_reseed_time_interval(3), +RAND_DRBG(7)

    +

    +

    +
    +

    HISTORY

    +

    The RAND_DRBG functions were added in OpenSSL 1.1.1.

    +

    Prediction resistance is supported from OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/RAND_DRBG_get0_master.html b/linux_amd64/share/doc/openssl/html/man3/RAND_DRBG_get0_master.html new file mode 100755 index 0000000..ae7997c --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/RAND_DRBG_get0_master.html @@ -0,0 +1,129 @@ + + + + +RAND_DRBG_get0_master + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OPENSSL_CTX_get0_master_drbg, +OPENSSL_CTX_get0_public_drbg, +OPENSSL_CTX_get0_private_drbg, +RAND_DRBG_get0_master, +RAND_DRBG_get0_public, +RAND_DRBG_get0_private +- get access to the global RAND_DRBG instances

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/rand_drbg.h>
    +
    + RAND_DRBG *OPENSSL_CTX_get0_master_drbg(OPENSSL_CTX *ctx);
+ RAND_DRBG *OPENSSL_CTX_get0_public_drbg(OPENSSL_CTX *ctx);
+ RAND_DRBG *OPENSSL_CTX_get0_private_drbg(OPENSSL_CTX *ctx);
+ RAND_DRBG *RAND_DRBG_get0_master(void);
+ RAND_DRBG *RAND_DRBG_get0_public(void);
+ RAND_DRBG *RAND_DRBG_get0_private(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    The default RAND API implementation (RAND_OpenSSL()) utilizes three +shared DRBG instances which are accessed via the RAND API:

    +

    The public and private DRBG are thread-local instances, which are used +by RAND_bytes() and RAND_priv_bytes(), respectively. +The master DRBG is a global instance, which is not intended to be used +directly, but is used internally to reseed the other two instances.

    +

    These functions here provide access to the shared DRBG instances.

    +

    +

    +
    +

    RETURN VALUES

    +

    OPENSSL_CTX_get0_master_drbg() returns a pointer to the master DRBG instance +for the given OPENSSL_CTX ctx.

    +

    OPENSSL_CTX_get0_public_drbg() returns a pointer to the public DRBG instance +for the given OPENSSL_CTX ctx.

    +

    OPENSSL_CTX_get0_private_drbg() returns a pointer to the private DRBG instance +for the given OPENSSL_CTX ctx.

    +

    In all the above cases the ctx parameter can +be NULL in which case the default OPENSSL_CTX is used. RAND_DRBG_get0_master(), +RAND_DRBG_get0_public() and RAND_DRBG_get0_private() are the same as +OPENSSL_CTX_get0_master_drbg(), OPENSSL_CTX_get0_public_drbg() and +OPENSSL_CTX_get0_private_drbg() respectively except that the default OPENSSL_CTX +is always used.

    +

    +

    +
    +

    NOTES

    +

    It is not thread-safe to access the master DRBG instance. +The public and private DRBG instance can be accessed safely, because +they are thread-local. Note however, that changes to these two instances +apply only to the current thread.

    +

    For that reason it is recommended not to change the settings of these +three instances directly. +Instead, an application should change the default settings for new DRBG instances +at initialization time, before creating additional threads.

    +

    During initialization, it is possible to change the reseed interval +and reseed time interval. +It is also possible to exchange the reseeding callbacks entirely.

    +

    +

    +
    +

    SEE ALSO

    +

    RAND_DRBG_set_callbacks(3), +RAND_DRBG_set_reseed_defaults(3), +RAND_DRBG_set_reseed_interval(3), +RAND_DRBG_set_reseed_time_interval(3), +RAND_DRBG_set_callbacks(3), +RAND_DRBG_generate(3), +RAND_DRBG(7)

    +

    +

    +
    +

    HISTORY

    +

    The OPENSSL_CTX_get0_master_drbg(), OPENSSL_CTX_get0_public_drbg() and +OPENSSL_CTX_get0_private_drbg() functions were added in OpenSSL 3.0.

    +

    All other RAND_DRBG functions were added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/RAND_DRBG_new.html b/linux_amd64/share/doc/openssl/html/man3/RAND_DRBG_new.html new file mode 100755 index 0000000..aef452f --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/RAND_DRBG_new.html @@ -0,0 +1,198 @@ + + + + +RAND_DRBG_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    RAND_DRBG_new_ex, +RAND_DRBG_new, +RAND_DRBG_secure_new_ex, +RAND_DRBG_secure_new, +RAND_DRBG_set, +RAND_DRBG_set_defaults, +RAND_DRBG_instantiate, +RAND_DRBG_uninstantiate, +RAND_DRBG_free +- initialize and cleanup a RAND_DRBG instance

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/rand_drbg.h>
    +
    + RAND_DRBG *RAND_DRBG_new_ex(OPENSSL_CTX *ctx,
+                             int type,
+                             unsigned int flags,
+                             RAND_DRBG *parent);
    +
    + RAND_DRBG *RAND_DRBG_new(int type,
+                          unsigned int flags,
+                          RAND_DRBG *parent);
    +
    + RAND_DRBG *RAND_DRBG_secure_new_ex(OPENSSL_CTX *ctx,
+                                    int type,
+                                    unsigned int flags,
+                                    RAND_DRBG *parent);
    +
    + RAND_DRBG *RAND_DRBG_secure_new(int type,
+                                 unsigned int flags,
+                                 RAND_DRBG *parent);
    +
    + int RAND_DRBG_set(RAND_DRBG *drbg,
+                   int type, unsigned int flags);
    +
    + int RAND_DRBG_set_defaults(int type, unsigned int flags);
    +
    + int RAND_DRBG_instantiate(RAND_DRBG *drbg,
+                           const unsigned char *pers, size_t perslen);
    +
    + int RAND_DRBG_uninstantiate(RAND_DRBG *drbg);
    +
    + void RAND_DRBG_free(RAND_DRBG *drbg);
    +

    +

    +
    +

    DESCRIPTION

    +

    RAND_DRBG_new_ex() and RAND_DRBG_secure_new_ex() +create a new DRBG instance of the given type, allocated from the heap resp. +the secure heap, for the given OPENSSL_CTX <ctx> +(using OPENSSL_zalloc() resp. OPENSSL_secure_zalloc()). The <ctx> parameter can +be NULL in which case the default OPENSSL_CTX is used. RAND_DRBG_new() and +RAND_DRBG_secure_new() are the same as RAND_DRBG_new_ex() and +RAND_DRBG_secure_new_ex() except that the default OPENSSL_CTX is always used.

    +

    RAND_DRBG_set() initializes the drbg with the given type and flags.

    +

    RAND_DRBG_set_defaults() sets the default type and flags for new DRBG +instances.

    +

    The DRBG types are AES-CTR, HMAC and HASH so type can be one of the +following values:

    +

    NID_aes_128_ctr, NID_aes_192_ctr, NID_aes_256_ctr, NID_sha1, NID_sha224, +NID_sha256, NID_sha384, NID_sha512, NID_sha512_224, NID_sha512_256, +NID_sha3_224, NID_sha3_256, NID_sha3_384 or NID_sha3_512.

    +

    If this method is not called then the default type is given by NID_aes_256_ctr +and the default flags are zero.

    +

    Before the DRBG can be used to generate random bits, it is necessary to set +its type and to instantiate it.

    +

    The optional flags argument specifies a set of bit flags which can be +joined using the | operator. The supported flags are:

    +
    +
    RAND_DRBG_FLAG_CTR_NO_DF
    + +
    +

    Disables the use of the derivation function ctr_df. For an explanation, +see [NIST SP 800-90A Rev. 1].

    +
    +
    RAND_DRBG_FLAG_HMAC
    + +
    +

    Enables use of HMAC instead of the HASH DRBG.

    +
    +
    RAND_DRBG_FLAG_MASTER
    + +
    RAND_DRBG_FLAG_PUBLIC
    + +
    RAND_DRBG_FLAG_PRIVATE
    + +
    +

    These 3 flags can be used to set the individual DRBG types created. Multiple +calls are required to set the types to different values. If none of these 3 +flags are used, then the same type and flags are used for all 3 DRBGs in the +drbg chain (<master>, <public> and <private>).

    +
    +
    +

    If a parent instance is specified then this will be used instead of +the default entropy source for reseeding the drbg. It is said that the +drbg is chained to its parent. +For more information, see the NOTES section.

    +

    RAND_DRBG_instantiate() +seeds the drbg instance using random input from trusted entropy sources. +Optionally, a personalization string pers of length perslen can be +specified. +To omit the personalization string, set pers=NULL and perslen=0;

    +

    RAND_DRBG_uninstantiate() +clears the internal state of the drbg and puts it back in the +uninstantiated state.

    +

    +

    +
    +

    RETURN VALUES

    +

    RAND_DRBG_new_ex(), RAND_DRBG_new(), RAND_DRBG_secure_new_ex() and +RAND_DRBG_secure_new() return a pointer to a DRBG instance allocated on the +heap, resp. secure heap.

    +

    RAND_DRBG_set(), +RAND_DRBG_instantiate(), and +RAND_DRBG_uninstantiate() +return 1 on success, and 0 on failure.

    +

    RAND_DRBG_free() does not return a value.

    +

    +

    +
    +

    NOTES

    +

    The DRBG design supports chaining, which means that a DRBG instance can +use another parent DRBG instance instead of the default entropy source +to obtain fresh random input for reseeding, provided that parent DRBG +instance was properly instantiated, either from a trusted entropy source, +or from yet another parent DRBG instance. +For a detailed description of the reseeding process, see RAND_DRBG(7).

    +

    The default DRBG type and flags are applied only during creation of a DRBG +instance. +To ensure that they are applied to the global and thread-local DRBG instances +(<master>, resp. <public> and <private>), it is necessary to call +RAND_DRBG_set_defaults() before creating any thread and before calling any +cryptographic routines that obtain random data directly or indirectly.

    +

    +

    +
    +

    SEE ALSO

    +

    OPENSSL_zalloc(3), +OPENSSL_secure_zalloc(3), +RAND_DRBG_generate(3), +RAND_DRBG(7)

    +

    +

    +
    +

    HISTORY

    +

    The RAND_DRBG functions were added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/RAND_DRBG_reseed.html b/linux_amd64/share/doc/openssl/html/man3/RAND_DRBG_reseed.html new file mode 100755 index 0000000..fbe6d80 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/RAND_DRBG_reseed.html @@ -0,0 +1,150 @@ + + + + +RAND_DRBG_reseed + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    RAND_DRBG_reseed, +RAND_DRBG_set_reseed_interval, +RAND_DRBG_set_reseed_time_interval, +RAND_DRBG_set_reseed_defaults +- reseed a RAND_DRBG instance

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/rand_drbg.h>
    +
    + int RAND_DRBG_reseed(RAND_DRBG *drbg,
+                      const unsigned char *adin, size_t adinlen,
+                      int prediction_resistance);
    +
    + int RAND_DRBG_set_reseed_interval(RAND_DRBG *drbg,
+                                   unsigned int interval);
    +
    + int RAND_DRBG_set_reseed_time_interval(RAND_DRBG *drbg,
+                                        time_t interval);
    +
    + int RAND_DRBG_set_reseed_defaults(
+                                   unsigned int master_reseed_interval,
+                                   unsigned int slave_reseed_interval,
+                                   time_t master_reseed_time_interval,
+                                   time_t slave_reseed_time_interval
+                                   );
    +

    +

    +
    +

    DESCRIPTION

    +

    RAND_DRBG_reseed() +reseeds the given drbg, obtaining entropy input from its entropy source +and mixing in the specified additional data provided in the buffer adin +of length adinlen. +The additional data can be omitted by setting adin to NULL and adinlen +to 0. +An immediate reseeding can be requested by setting the +prediction_resistance flag to 1. +Requesting prediction resistance is a relative expensive operation. +See NOTES section for more details.

    +

    RAND_DRBG_set_reseed_interval() +sets the reseed interval of the drbg, which is the maximum allowed number +of generate requests between consecutive reseedings. +If interval > 0, then the drbg will reseed automatically whenever the +number of generate requests since its last seeding exceeds the given reseed +interval. +If interval == 0, then this feature is disabled.

    +

    RAND_DRBG_set_reseed_time_interval() +sets the reseed time interval of the drbg, which is the maximum allowed +number of seconds between consecutive reseedings. +If interval > 0, then the drbg will reseed automatically whenever the +elapsed time since its last reseeding exceeds the given reseed time interval. +If interval == 0, then this feature is disabled.

    +

    RAND_DRBG_set_reseed_defaults() sets the default values for the reseed interval +(master_reseed_interval and slave_reseed_interval) +and the reseed time interval +(master_reseed_time_interval and slave_reseed_tme_interval) +of DRBG instances. +The default values are set independently for master DRBG instances (which don't +have a parent) and slave DRBG instances (which are chained to a parent DRBG).

    +

    +

    +
    +

    RETURN VALUES

    +

    RAND_DRBG_reseed(), +RAND_DRBG_set_reseed_interval(), and +RAND_DRBG_set_reseed_time_interval(), +return 1 on success, 0 on failure.

    +

    +

    +
    +

    NOTES

    +

    The default OpenSSL random generator is already set up for automatic reseeding, +so in general it is not necessary to reseed it explicitly, or to modify +its reseeding thresholds.

    +

    Normally, the entropy input for seeding a DRBG is either obtained from a +trusted os entropy source or from a parent DRBG instance, which was seeded +(directly or indirectly) from a trusted os entropy source. +In exceptional cases it is possible to replace the reseeding mechanism entirely +by providing application defined callbacks using RAND_DRBG_set_callbacks().

    +

    The reseeding default values are applied only during creation of a DRBG instance. +To ensure that they are applied to the global and thread-local DRBG instances +(<master>, resp. <public> and <private>), it is necessary to call +RAND_DRBG_set_reseed_defaults() before creating any thread and before calling any + cryptographic routines that obtain random data directly or indirectly.

    +

    +

    +
    +

    SEE ALSO

    +

    RAND_DRBG_generate(3), +RAND_DRBG_bytes(3), +RAND_DRBG_set_callbacks(3). +RAND_DRBG(7)

    +

    +

    +
    +

    HISTORY

    +

    The RAND_DRBG functions were added in OpenSSL 1.1.1.

    +

    Prediction resistance is supported from OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/RAND_DRBG_set_callbacks.html b/linux_amd64/share/doc/openssl/html/man3/RAND_DRBG_set_callbacks.html new file mode 100755 index 0000000..9cb105e --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/RAND_DRBG_set_callbacks.html @@ -0,0 +1,198 @@ + + + + +RAND_DRBG_set_callbacks + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    RAND_DRBG_set_callbacks, +RAND_DRBG_set_callback_data, +RAND_DRBG_get_callback_data, +RAND_DRBG_get_entropy_fn, +RAND_DRBG_cleanup_entropy_fn, +RAND_DRBG_get_nonce_fn, +RAND_DRBG_cleanup_nonce_fn +- set callbacks for reseeding

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/rand_drbg.h>
    +
    + int RAND_DRBG_set_callbacks(RAND_DRBG *drbg,
+                             RAND_DRBG_get_entropy_fn get_entropy,
+                             RAND_DRBG_cleanup_entropy_fn cleanup_entropy,
+                             RAND_DRBG_get_nonce_fn get_nonce,
+                             RAND_DRBG_cleanup_nonce_fn cleanup_nonce);
    +
    + int RAND_DRBG_set_callback_data(RAND_DRBG *drbg, void *ctx);
    +
    + void *RAND_DRBG_get_callback_data(RAND_DRBG *drbg);
    +

    +

    +

    Callback Functions

    +
    + typedef size_t (*RAND_DRBG_get_entropy_fn)(
+                       RAND_DRBG *drbg,
+                       unsigned char **pout,
+                       int entropy,
+                       size_t min_len, size_t max_len,
+                       int prediction_resistance);
    +
    + typedef void (*RAND_DRBG_cleanup_entropy_fn)(
+                     RAND_DRBG *drbg,
+                     unsigned char *out, size_t outlen);
    +
    + typedef size_t (*RAND_DRBG_get_nonce_fn)(
+                       RAND_DRBG *drbg,
+                       unsigned char **pout,
+                       int entropy,
+                       size_t min_len, size_t max_len);
    +
    + typedef void (*RAND_DRBG_cleanup_nonce_fn)(
+                     RAND_DRBG *drbg,
+                     unsigned char *out, size_t outlen);
    +

    +

    +
    +

    DESCRIPTION

    +

    RAND_DRBG_set_callbacks() sets the callbacks for obtaining fresh entropy and +the nonce when reseeding the given drbg. +The callback functions are implemented and provided by the caller. +Their parameter lists need to match the function prototypes above.

    +

    RAND_DRBG_set_callback_data() can be used to store a pointer to some context +specific data, which can subsequently be retrieved by the entropy and nonce +callbacks using RAND_DRBG_get_callback_data(). +The ownership of the context data remains with the caller, i.e., it is the +caller's responsibility to keep it available as long as it is needed by the +callbacks and free it after use. +For more information about the the callback data see the NOTES section.

    +

    Setting the callbacks or the callback data is allowed only if the DRBG has +not been initialized yet. +Otherwise, the operation will fail. +To change the settings for one of the three shared DRBGs it is necessary to call +RAND_DRBG_uninstantiate() first.

    +

    The get_entropy() callback is called by the drbg when it requests fresh +random input. +It is expected that the callback allocates and fills a random buffer of size +min_len <= size <= max_len (in bytes) which contains at least entropy +bits of randomness. +The prediction_resistance flag indicates whether the reseeding was +triggered by a prediction resistance request.

    +

    The buffer's address is to be returned in *pout and the number of collected +randomness bytes as return value.

    +

    If the callback fails to acquire at least entropy bits of randomness, +it must indicate an error by returning a buffer length of 0.

    +

    If prediction_resistance was requested and the random source of the DRBG +does not satisfy the conditions requested by [NIST SP 800-90C], then +it must also indicate an error by returning a buffer length of 0. +See NOTES section for more details.

    +

    The cleanup_entropy() callback is called from the drbg to to clear and +free the buffer allocated previously by get_entropy(). +The values out and outlen are the random buffer's address and length, +as returned by the get_entropy() callback.

    +

    The get_nonce() and cleanup_nonce() callbacks are used to obtain a nonce +and free it again. A nonce is only required for instantiation (not for reseeding) +and only in the case where the DRBG uses a derivation function. +The callbacks are analogous to get_entropy() and cleanup_entropy(), +except for the missing prediction_resistance flag.

    +

    If the derivation function is disabled, then no nonce is used for instantiation, +and the get_nonce() and cleanup_nonce() callbacks can be omitted by +setting them to NULL.

    +

    +

    +
    +

    RETURN VALUES

    +

    RAND_DRBG_set_callbacks() returns 1 on success, and 0 on failure.

    +

    RAND_DRBG_set_callback_data() returns 1 on success, and 0 on failure.

    +

    RAND_DRBG_get_callback_data() returns the pointer to the callback data, +which is NULL if none has been set previously.

    +

    +

    +
    +

    NOTES

    +

    It is important that cleanup_entropy() and cleanup_nonce() clear the buffer +contents safely before freeing it, in order not to leave sensitive information +about the DRBG's state in memory.

    +

    A request for prediction resistance can only be satisfied by pulling fresh +entropy from a live entropy source (section 5.5.2 of [NIST SP 800-90C]). +It is up to the user to ensure that a live entropy source is configured +and is being used.

    +

    The derivation function is disabled during initialization by calling the +RAND_DRBG_set() function with the RAND_DRBG_FLAG_CTR_NO_DF flag. +For more information on the derivation function and when it can be omitted, +see [NIST SP 800-90A Rev. 1]. Roughly speaking it can be omitted if the random +source has "full entropy", i.e., contains 8 bits of entropy per byte.

    +

    Even if a nonce is required, the get_nonce() and cleanup_nonce() +callbacks can be omitted by setting them to NULL. +In this case the DRBG will automatically request an extra amount of entropy +(using the get_entropy() and cleanup_entropy() callbacks) which it will +utilize for the nonce, following the recommendations of [NIST SP 800-90A Rev. 1], +section 8.6.7.

    +

    The callback data is a rather specialized feature, because in general the +random sources don't (and in fact, they must not) depend on any state provided +by the DRBG. +There are however exceptional cases where this feature is useful, most notably +for implementing known answer tests (KATs) or deterministic signatures like +those specified in RFC6979, which require passing a specified entropy and nonce +for instantiating the DRBG.

    +

    +

    +
    +

    SEE ALSO

    +

    RAND_DRBG_new(3), +RAND_DRBG_reseed(3), +RAND_DRBG(7)

    +

    +

    +
    +

    HISTORY

    +

    The RAND_DRBG functions were added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/RAND_add.html b/linux_amd64/share/doc/openssl/html/man3/RAND_add.html new file mode 100755 index 0000000..9566a20 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/RAND_add.html @@ -0,0 +1,138 @@ + + + + +RAND_add + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    RAND_add, RAND_poll, RAND_seed, RAND_status, RAND_event, RAND_screen, +RAND_keep_random_devices_open +- add randomness to the PRNG or get its status

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/rand.h>
    +
    + int RAND_status(void);
+ int RAND_poll();
    +
    + void RAND_add(const void *buf, int num, double randomness);
+ void RAND_seed(const void *buf, int num);
    +
    + void RAND_keep_random_devices_open(int keep);
    +

    Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam);
+ void RAND_screen(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    These functions can be used to seed the random generator and to check its +seeded state. +In general, manual (re-)seeding of the default OpenSSL random generator +(RAND_OpenSSL(3)) is not necessary (but allowed), since it does (re-)seed +itself automatically using trusted system entropy sources. +This holds unless the default RAND_METHOD has been replaced or OpenSSL was +built with automatic reseeding disabled, see RAND(7) for more details.

    +

    RAND_status() indicates whether or not the random generator has been sufficiently +seeded. If not, functions such as RAND_bytes(3) will fail.

    +

    RAND_poll() uses the system's capabilities to seed the random generator using +random input obtained from polling various trusted entropy sources. +The default choice of the entropy source can be modified at build time, +see RAND(7) for more details.

    +

    RAND_add() mixes the num bytes at buf into the internal state +of the random generator. +This function will not normally be needed, as mentioned above. +The randomness argument is an estimate of how much randomness is +contained in +buf, in bytes, and should be a number between zero and num. +Details about sources of randomness and how to estimate their randomness +can be found in the literature; for example [NIST SP 800-90B]. +The content of buf cannot be recovered from subsequent random generator output. +Applications that intend to save and restore random state in an external file +should consider using RAND_load_file(3) instead.

    +

    NOTE: In FIPS mode, random data provided by the application is not considered to +be a trusted entropy source. It is mixed into the internal state of the RNG as +additional data only and this does not count as a full reseed. +For more details, see RAND_DRBG(7).

    +

    RAND_seed() is equivalent to RAND_add() with randomness set to num.

    +

    RAND_keep_random_devices_open() is used to control file descriptor +usage by the random seed sources. Some seed sources maintain open file +descriptors by default, which allows such sources to operate in a +chroot(2) jail without the associated device nodes being available. When +the keep argument is zero, this call disables the retention of file +descriptors. Conversely, a nonzero argument enables the retention of +file descriptors. This function is usually called during initialization +and it takes effect immediately.

    +

    RAND_event() and RAND_screen() are equivalent to RAND_poll() and exist +for compatibility reasons only. See HISTORY section below.

    +

    +

    +
    +

    RETURN VALUES

    +

    RAND_status() returns 1 if the random generator has been seeded +with enough data, 0 otherwise.

    +

    RAND_poll() returns 1 if it generated seed data, 0 otherwise.

    +

    RAND_event() returns RAND_status().

    +

    The other functions do not return values.

    +

    +

    +
    +

    SEE ALSO

    +

    RAND_bytes(3), +RAND_egd(3), +RAND_load_file(3), +RAND(7) +RAND_DRBG(7)

    +

    +

    +
    +

    HISTORY

    +

    RAND_event() and RAND_screen() were deprecated in OpenSSL 1.1.0 and should +not be used.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/RAND_bytes.html b/linux_amd64/share/doc/openssl/html/man3/RAND_bytes.html new file mode 100755 index 0000000..7fd9820 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/RAND_bytes.html @@ -0,0 +1,129 @@ + + + + +RAND_bytes + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    RAND_bytes, RAND_priv_bytes, RAND_bytes_ex, RAND_priv_bytes_ex, +RAND_pseudo_bytes - generate random data

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/rand.h>
    +
    + int RAND_bytes(unsigned char *buf, int num);
+ int RAND_priv_bytes(unsigned char *buf, int num);
    +
    + int RAND_bytes_ex(OPENSSL_CTX *ctx, unsigned char *buf, int num);
+ int RAND_priv_bytes_ex(OPENSSL_CTX *ctx, unsigned char *buf, int num);
    +

    Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + int RAND_pseudo_bytes(unsigned char *buf, int num);
    +

    +

    +
    +

    DESCRIPTION

    +

    RAND_bytes() puts num cryptographically strong pseudo-random bytes +into buf.

    +

    RAND_priv_bytes() has the same semantics as RAND_bytes(). It is intended to +be used for generating values that should remain private. If using the +default RAND_METHOD, this function uses a separate "private" PRNG +instance so that a compromise of the "public" PRNG instance will not +affect the secrecy of these private values, as described in RAND(7) +and RAND_DRBG(7).

    +

    RAND_bytes_ex() and RAND_priv_bytes_ex() are the same as RAND_bytes() and +RAND_priv_bytes() except that they both take an additional ctx parameter. +The DRBG used for the operation is the public or private DRBG associated with +the specified ctx. The parameter can be NULL, in which case +the default library context is used (see OPENSSL_CTX(3). +If the default RAND_METHOD has been changed then for compatibility reasons the +RAND_METHOD will be used in preference and the DRBG of the library context +ignored.

    +

    +

    +
    +

    NOTES

    +

    Always check the error return value of RAND_bytes() and +RAND_priv_bytes() and do not take randomness for granted: an error occurs +if the CSPRNG has not been seeded with enough randomness to ensure an +unpredictable byte sequence.

    +

    +

    +
    +

    RETURN VALUES

    +

    RAND_bytes() and RAND_priv_bytes() +return 1 on success, -1 if not supported by the current +RAND method, or 0 on other failure. The error code can be +obtained by ERR_get_error(3).

    +

    +

    +
    +

    SEE ALSO

    +

    RAND_add(3), +RAND_bytes(3), +RAND_priv_bytes(3), +ERR_get_error(3), +RAND(7), +RAND_DRBG(7)

    +

    +

    +
    +

    HISTORY

    +
      +
    • +

      RAND_pseudo_bytes() was deprecated in OpenSSL 1.1.0; use RAND_bytes() instead.

      +
      • +
    • +

      The RAND_priv_bytes() function was added in OpenSSL 1.1.1.

      +
      • +
    • +

      The RAND_bytes_ex() and RAND_priv_bytes_ex() functions were added in OpenSSL 3.0

      +
      • +
    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/RAND_cleanup.html b/linux_amd64/share/doc/openssl/html/man3/RAND_cleanup.html new file mode 100755 index 0000000..05eaf9a --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/RAND_cleanup.html @@ -0,0 +1,84 @@ + + + + +RAND_cleanup + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    RAND_cleanup - erase the PRNG state

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/rand.h>
    +

    Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + void RAND_cleanup(void)
    +

    +

    +
    +

    DESCRIPTION

    +

    Prior to OpenSSL 1.1.0, RAND_cleanup() released all resources used by +the PRNG. As of version 1.1.0, it does nothing and should not be called, +since no explicit initialisation or de-initialisation is necessary. See +OPENSSL_init_crypto(3).

    +

    +

    +
    +

    RETURN VALUES

    +

    RAND_cleanup() returns no value.

    +

    +

    +
    +

    SEE ALSO

    +

    RAND(7)

    +

    +

    +
    +

    HISTORY

    +

    RAND_cleanup() was deprecated in OpenSSL 1.1.0; do not use it. +See OPENSSL_init_crypto(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/RAND_egd.html b/linux_amd64/share/doc/openssl/html/man3/RAND_egd.html new file mode 100755 index 0000000..2d1963b --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/RAND_egd.html @@ -0,0 +1,94 @@ + + + + +RAND_egd + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    RAND_egd, RAND_egd_bytes, RAND_query_egd_bytes - query entropy gathering daemon

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/rand.h>
    +
    + int RAND_egd_bytes(const char *path, int num);
+ int RAND_egd(const char *path);
    +
    + int RAND_query_egd_bytes(const char *path, unsigned char *buf, int num);
    +

    +

    +
    +

    DESCRIPTION

    +

    On older platforms without a good source of randomness such as /dev/urandom, +it is possible to query an Entropy Gathering Daemon (EGD) over a local +socket to obtain randomness and seed the OpenSSL RNG. +The protocol used is defined by the EGDs available at +http://egd.sourceforge.net/ or http://prngd.sourceforge.net.

    +

    RAND_egd_bytes() requests num bytes of randomness from an EGD at the +specified socket path, and passes the data it receives into RAND_add(). +RAND_egd() is equivalent to RAND_egd_bytes() with num set to 255.

    +

    RAND_query_egd_bytes() requests num bytes of randomness from an EGD at +the specified socket path, where num must be less than 256. +If buf is NULL, it is equivalent to RAND_egd_bytes(). +If buf is not NULL, then the data is copied to the buffer and +RAND_add() is not called.

    +

    OpenSSL can be configured at build time to try to use the EGD for seeding +automatically.

    +

    +

    +
    +

    RETURN VALUES

    +

    RAND_egd() and RAND_egd_bytes() return the number of bytes read from the +daemon on success, or -1 if the connection failed or the daemon did not +return enough data to fully seed the PRNG.

    +

    RAND_query_egd_bytes() returns the number of bytes read from the daemon on +success, or -1 if the connection failed.

    +

    +

    +
    +

    SEE ALSO

    +

    RAND_add(3), +RAND_bytes(3), +RAND(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/RAND_load_file.html b/linux_amd64/share/doc/openssl/html/man3/RAND_load_file.html new file mode 100755 index 0000000..02fbeeb --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/RAND_load_file.html @@ -0,0 +1,122 @@ + + + + +RAND_load_file + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    RAND_load_file, RAND_write_file, RAND_file_name - PRNG seed file

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/rand.h>
    +
    + int RAND_load_file(const char *filename, long max_bytes);
    +
    + int RAND_write_file(const char *filename);
    +
    + const char *RAND_file_name(char *buf, size_t num);
    +

    +

    +
    +

    DESCRIPTION

    +

    RAND_load_file() reads a number of bytes from file filename and +adds them to the PRNG. If max_bytes is non-negative, +up to max_bytes are read; +if max_bytes is -1, the complete file is read. +Do not load the same file multiple times unless its contents have +been updated by RAND_write_file() between reads. +Also, note that filename should be adequately protected so that an +attacker cannot replace or examine the contents. +If filename is not a regular file, then user is considered to be +responsible for any side effects, e.g. non-anticipated blocking or +capture of controlling terminal.

    +

    RAND_write_file() writes a number of random bytes (currently 128) to +file filename which can be used to initialize the PRNG by calling +RAND_load_file() in a later session.

    +

    RAND_file_name() generates a default path for the random seed +file. buf points to a buffer of size num in which to store the +filename.

    +

    On all systems, if the environment variable RANDFILE is set, its +value will be used as the seed filename. +Otherwise, the file is called .rnd, found in platform dependent locations:

    +
    +
    On Windows (in order of preference)
    + +
    +
    + %HOME%, %USERPROFILE%, %SYSTEMROOT%, C:\
    +
    +
    On VMS
    + +
    +
    + SYS$LOGIN:
    +
    +
    On all other systems
    + +
    +
    + $HOME
    +
    +
    +

    If $HOME (on non-Windows and non-VMS system) is not set either, or +num is too small for the pathname, an error occurs.

    +

    +

    +
    +

    RETURN VALUES

    +

    RAND_load_file() returns the number of bytes read or -1 on error.

    +

    RAND_write_file() returns the number of bytes written, or -1 if the +bytes written were generated without appropriate seeding.

    +

    RAND_file_name() returns a pointer to buf on success, and NULL on +error.

    +

    +

    +
    +

    SEE ALSO

    +

    RAND_add(3), +RAND_bytes(3), +RAND(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/RAND_set_rand_method.html b/linux_amd64/share/doc/openssl/html/man3/RAND_set_rand_method.html new file mode 100755 index 0000000..8f83cfe --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/RAND_set_rand_method.html @@ -0,0 +1,105 @@ + + + + +RAND_set_rand_method + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    RAND_set_rand_method, RAND_get_rand_method, RAND_OpenSSL - select RAND method

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/rand.h>
    +
    + RAND_METHOD *RAND_OpenSSL(void);
    +
    + int RAND_set_rand_method(const RAND_METHOD *meth);
    +
    + const RAND_METHOD *RAND_get_rand_method(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    A RAND_METHOD specifies the functions that OpenSSL uses for random number +generation.

    +

    RAND_OpenSSL() returns the default RAND_METHOD implementation by OpenSSL. +This implementation ensures that the PRNG state is unique for each thread.

    +

    If an ENGINE is loaded that provides the RAND API, however, it will +be used instead of the method returned by RAND_OpenSSL().

    +

    RAND_set_rand_method() makes meth the method for PRNG use. If an +ENGINE was providing the method, it will be released first.

    +

    RAND_get_rand_method() returns a pointer to the current RAND_METHOD.

    +

    +

    +
    +

    THE RAND_METHOD STRUCTURE

    +
    + typedef struct rand_meth_st {
+     void (*seed)(const void *buf, int num);
+     int (*bytes)(unsigned char *buf, int num);
+     void (*cleanup)(void);
+     void (*add)(const void *buf, int num, int randomness);
+     int (*pseudorand)(unsigned char *buf, int num);
+     int (*status)(void);
+ } RAND_METHOD;
    +

    The fields point to functions that are used by, in order, +RAND_seed(), RAND_bytes(), internal RAND cleanup, RAND_add(), RAND_pseudo_rand() +and RAND_status(). +Each pointer may be NULL if the function is not implemented.

    +

    +

    +
    +

    RETURN VALUES

    +

    RAND_set_rand_method() returns 1 on success and 0 on failure. +RAND_get_rand_method() and RAND_OpenSSL() return pointers to the respective +methods.

    +

    +

    +
    +

    SEE ALSO

    +

    RAND_bytes(3), +ENGINE_by_id(3), +RAND(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/RC4_set_key.html b/linux_amd64/share/doc/openssl/html/man3/RC4_set_key.html new file mode 100755 index 0000000..e1aa83f --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/RC4_set_key.html @@ -0,0 +1,111 @@ + + + + +RC4_set_key + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    RC4_set_key, RC4 - RC4 encryption

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/rc4.h>
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
    +
    + void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,
+          unsigned char *outdata);
    +

    +

    +
    +

    DESCRIPTION

    +

    All of the functions described on this page are deprecated. Applications should +instead use EVP_EncryptInit_ex(3), EVP_EncryptUpdate(3) and +EVP_EncryptFinal_ex(3) or the equivalently named decrypt functions.

    +

    This library implements the Alleged RC4 cipher, which is described for +example in Applied Cryptography. It is believed to be compatible +with RC4[TM], a proprietary cipher of RSA Security Inc.

    +

    RC4 is a stream cipher with variable key length. Typically, 128 bit +(16 byte) keys are used for strong encryption, but shorter insecure +key sizes have been widely used due to export restrictions.

    +

    RC4 consists of a key setup phase and the actual encryption or +decryption phase.

    +

    RC4_set_key() sets up the RC4_KEY key using the len bytes long +key at data.

    +

    RC4() encrypts or decrypts the len bytes of data at indata using +key and places the result at outdata. Repeated RC4() calls with +the same key yield a continuous key stream.

    +

    Since RC4 is a stream cipher (the input is XORed with a pseudo-random +key stream to produce the output), decryption uses the same function +calls as encryption.

    +

    +

    +
    +

    RETURN VALUES

    +

    RC4_set_key() and RC4() do not return values.

    +

    +

    +
    +

    NOTE

    +

    Applications should use the higher level functions +EVP_EncryptInit(3) etc. instead of calling these +functions directly.

    +

    It is difficult to securely use stream ciphers. For example, do not perform +multiple encryptions using the same key stream.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_EncryptInit(3)

    +

    +

    +
    +

    HISTORY

    +

    All of these functions were deprecated in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/RIPEMD160_Init.html b/linux_amd64/share/doc/openssl/html/man3/RIPEMD160_Init.html new file mode 100755 index 0000000..9368ff3 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/RIPEMD160_Init.html @@ -0,0 +1,118 @@ + + + + +RIPEMD160_Init + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    RIPEMD160, RIPEMD160_Init, RIPEMD160_Update, RIPEMD160_Final - +RIPEMD-160 hash function

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ripemd.h>
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + unsigned char *RIPEMD160(const unsigned char *d, unsigned long n,
+                          unsigned char *md);
    +
    + int RIPEMD160_Init(RIPEMD160_CTX *c);
+ int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, unsigned long len);
+ int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c);
    +

    +

    +
    +

    DESCRIPTION

    +

    All of the functions described on this page are deprecated. +Applications should instead use EVP_DigestInit_ex(3), EVP_DigestUpdate(3) +and EVP_DigestFinal_ex(3).

    +

    RIPEMD-160 is a cryptographic hash function with a +160 bit output.

    +

    RIPEMD160() computes the RIPEMD-160 message digest of the n +bytes at d and places it in md (which must have space for +RIPEMD160_DIGEST_LENGTH == 20 bytes of output). If md is NULL, the digest +is placed in a static array.

    +

    The following functions may be used if the message is not completely +stored in memory:

    +

    RIPEMD160_Init() initializes a RIPEMD160_CTX structure.

    +

    RIPEMD160_Update() can be called repeatedly with chunks of the message to +be hashed (len bytes at data).

    +

    RIPEMD160_Final() places the message digest in md, which must have +space for RIPEMD160_DIGEST_LENGTH == 20 bytes of output, and erases +the RIPEMD160_CTX.

    +

    +

    +
    +

    RETURN VALUES

    +

    RIPEMD160() returns a pointer to the hash value.

    +

    RIPEMD160_Init(), RIPEMD160_Update() and RIPEMD160_Final() return 1 for +success, 0 otherwise.

    +

    +

    +
    +

    NOTE

    +

    Applications should use the higher level functions +EVP_DigestInit(3) etc. instead of calling these +functions directly.

    +

    +

    +
    +

    CONFORMING TO

    +

    ISO/IEC 10118-3:2016 Dedicated Hash-Function 1 (RIPEMD-160).

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_DigestInit(3)

    +

    +

    +
    +

    HISTORY

    +

    All of these functions were deprecated in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/RSA_blinding_on.html b/linux_amd64/share/doc/openssl/html/man3/RSA_blinding_on.html new file mode 100755 index 0000000..a52bf75 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/RSA_blinding_on.html @@ -0,0 +1,75 @@ + + + + +RSA_blinding_on + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    RSA_blinding_on, RSA_blinding_off - protect the RSA operation from timing attacks

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/rsa.h>
    +
    + int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
    +
    + void RSA_blinding_off(RSA *rsa);
    +

    +

    +
    +

    DESCRIPTION

    +

    RSA is vulnerable to timing attacks. In a setup where attackers can +measure the time of RSA decryption or signature operations, blinding +must be used to protect the RSA operation from that attack.

    +

    RSA_blinding_on() turns blinding on for key rsa and generates a +random blinding factor. ctx is NULL or a pre-allocated and +initialized BN_CTX.

    +

    RSA_blinding_off() turns blinding off and frees the memory used for +the blinding factor.

    +

    +

    +
    +

    RETURN VALUES

    +

    RSA_blinding_on() returns 1 on success, and 0 if an error occurred.

    +

    RSA_blinding_off() returns no value.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/RSA_check_key.html b/linux_amd64/share/doc/openssl/html/man3/RSA_check_key.html new file mode 100755 index 0000000..2860acd --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/RSA_check_key.html @@ -0,0 +1,130 @@ + + + + +RSA_check_key + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    RSA_check_key_ex, RSA_check_key - validate private RSA keys

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/rsa.h>
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + int RSA_check_key_ex(RSA *rsa, BN_GENCB *cb);
    +
    + int RSA_check_key(RSA *rsa);
    +

    +

    +
    +

    DESCRIPTION

    +

    Both of the functions described on this page are deprecated. +Applications should instead use EVP_PKEY_public_check(3), +EVP_PKEY_private_check(3) and EVP_PKEY_pairwise_check(3).

    +

    RSA_check_key_ex() function validates RSA keys. +It checks that p and q are +in fact prime, and that n = p*q.

    +

    It does not work on RSA public keys that have only the modulus +and public exponent elements populated. +It also checks that d*e = 1 mod (p-1*q-1), +and that dmp1, dmq1 and iqmp are set correctly or are NULL. +It performs integrity checks on all +the RSA key material, so the RSA key structure must contain all the private +key data too. +Therefore, it cannot be used with any arbitrary RSA key object, +even if it is otherwise fit for regular RSA operation.

    +

    The cb parameter is a callback that will be invoked in the same +manner as BN_is_prime_ex(3).

    +

    RSA_check_key() is equivalent to RSA_check_key_ex() with a NULL cb.

    +

    +

    +
    +

    RETURN VALUES

    +

    RSA_check_key_ex() and RSA_check_key() +return 1 if rsa is a valid RSA key, and 0 otherwise. +They return -1 if an error occurs while checking the key.

    +

    If the key is invalid or an error occurred, the reason code can be +obtained using ERR_get_error(3).

    +

    +

    +
    +

    NOTES

    +

    Unlike most other RSA functions, this function does not work +transparently with any underlying ENGINE implementation because it uses the +key data in the RSA structure directly. An ENGINE implementation can +override the way key data is stored and handled, and can even provide +support for HSM keys - in which case the RSA structure may contain no +key data at all! If the ENGINE in question is only being used for +acceleration or analysis purposes, then in all likelihood the RSA key data +is complete and untouched, but this can't be assumed in the general case.

    +

    +

    +
    +

    BUGS

    +

    A method of verifying the RSA key using opaque RSA API functions might need +to be considered. Right now RSA_check_key() simply uses the RSA structure +elements directly, bypassing the RSA_METHOD table altogether (and +completely violating encapsulation and object-orientation in the process). +The best fix will probably be to introduce a "check_key()" handler to the +RSA_METHOD function table so that alternative implementations can also +provide their own verifiers.

    +

    +

    +
    +

    SEE ALSO

    +

    BN_is_prime_ex(3), +ERR_get_error(3)

    +

    +

    +
    +

    HISTORY

    +

    All of these functions were deprecated in OpenSSL 3.0.

    +

    RSA_check_key_ex() appeared after OpenSSL 1.0.2.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/RSA_generate_key.html b/linux_amd64/share/doc/openssl/html/man3/RSA_generate_key.html new file mode 100755 index 0000000..c5dcd81 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/RSA_generate_key.html @@ -0,0 +1,145 @@ + + + + +RSA_generate_key + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    RSA_generate_key_ex, RSA_generate_key, +RSA_generate_multi_prime_key - generate RSA key pair

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/rsa.h>
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
+ int RSA_generate_multi_prime_key(RSA *rsa, int bits, int primes, BIGNUM *e, BN_GENCB *cb);
    +

    Deprecated since OpenSSL 0.9.8, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + RSA *RSA_generate_key(int bits, unsigned long e,
+                       void (*callback)(int, int, void *), void *cb_arg);
    +

    +

    +
    +

    DESCRIPTION

    +

    All of the functions described on this page are deprecated. +Applications should instead use EVP_PKEY_keygen_init(3) and +EVP_PKEY_keygen(3).

    +

    RSA_generate_key_ex() generates a 2-prime RSA key pair and stores it in the +RSA structure provided in rsa. The pseudo-random number generator must +be seeded prior to calling RSA_generate_key_ex().

    +

    RSA_generate_multi_prime_key() generates a multi-prime RSA key pair and stores +it in the RSA structure provided in rsa. The number of primes is given by +the primes parameter. The random number generator must be seeded when +calling RSA_generate_multi_prime_key(). +If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to +external circumstances (see RAND(7)), the operation will fail.

    +

    The modulus size will be of length bits, the number of primes to form the +modulus will be primes, and the public exponent will be e. Key sizes +with num < 1024 should be considered insecure. The exponent is an odd +number, typically 3, 17 or 65537.

    +

    In order to maintain adequate security level, the maximum number of permitted +primes depends on modulus bit length:

    +
    +   <1024 | >=1024 | >=4096 | >=8192
+   ------+--------+--------+-------
+     2   |   3    |   4    |   5
    +

    A callback function may be used to provide feedback about the +progress of the key generation. If cb is not NULL, it +will be called as follows using the BN_GENCB_call() function +described on the BN_generate_prime(3) page.

    +

    RSA_generate_key() is similar to RSA_generate_key_ex() but +expects an old-style callback function; see +BN_generate_prime(3) for information on the old-style callback.

    +
      +
    • +

      While a random prime number is generated, it is called as +described in BN_generate_prime(3).

      +
      • +
    • +

      When the n-th randomly generated prime is rejected as not +suitable for the key, BN_GENCB_call(cb, 2, n) is called.

      +
      • +
    • +

      When a random p has been found with p-1 relatively prime to e, +it is called as BN_GENCB_call(cb, 3, 0).

      +
      • +
    +

    The process is then repeated for prime q and other primes (if any) +with BN_GENCB_call(cb, 3, i) where i indicates the i-th prime.

    +

    +

    +
    +

    RETURN VALUES

    +

    RSA_generate_multi_prime_key() returns 1 on success or 0 on error. +RSA_generate_key_ex() returns 1 on success or 0 on error. +The error codes can be obtained by ERR_get_error(3).

    +

    RSA_generate_key() returns a pointer to the RSA structure or +NULL if the key generation fails.

    +

    +

    +
    +

    BUGS

    +

    BN_GENCB_call(cb, 2, x) is used with two different meanings.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), RAND_bytes(3), BN_generate_prime(3), +RAND(7)

    +

    +

    +
    +

    HISTORY

    +

    All of these functions were deprecated in OpenSSL 3.0.

    +

    RSA_generate_key() was deprecated in OpenSSL 0.9.8; use +RSA_generate_key_ex() instead.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/RSA_get0_key.html b/linux_amd64/share/doc/openssl/html/man3/RSA_get0_key.html new file mode 100755 index 0000000..5b91aa6 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/RSA_get0_key.html @@ -0,0 +1,203 @@ + + + + +RSA_get0_key + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    RSA_set0_key, RSA_set0_factors, RSA_set0_crt_params, RSA_get0_key, +RSA_get0_factors, RSA_get0_crt_params, +RSA_get0_n, RSA_get0_e, RSA_get0_d, RSA_get0_p, RSA_get0_q, +RSA_get0_dmp1, RSA_get0_dmq1, RSA_get0_iqmp, RSA_get0_pss_params, +RSA_clear_flags, +RSA_test_flags, RSA_set_flags, RSA_get0_engine, RSA_get_multi_prime_extra_count, +RSA_get0_multi_prime_factors, RSA_get0_multi_prime_crt_params, +RSA_set0_multi_prime_params, RSA_get_version +- Routines for getting and setting data in an RSA object

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/rsa.h>
    +
    + int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
+ int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q);
+ int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp);
+ void RSA_get0_key(const RSA *r,
+                   const BIGNUM **n, const BIGNUM **e, const BIGNUM **d);
+ void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q);
+ void RSA_get0_crt_params(const RSA *r,
+                          const BIGNUM **dmp1, const BIGNUM **dmq1,
+                          const BIGNUM **iqmp);
+ const BIGNUM *RSA_get0_n(const RSA *d);
+ const BIGNUM *RSA_get0_e(const RSA *d);
+ const BIGNUM *RSA_get0_d(const RSA *d);
+ const BIGNUM *RSA_get0_p(const RSA *d);
+ const BIGNUM *RSA_get0_q(const RSA *d);
+ const BIGNUM *RSA_get0_dmp1(const RSA *r);
+ const BIGNUM *RSA_get0_dmq1(const RSA *r);
+ const BIGNUM *RSA_get0_iqmp(const RSA *r);
+ const RSA_PSS_PARAMS *RSA_get0_pss_params(const RSA *r);
+ void RSA_clear_flags(RSA *r, int flags);
+ int RSA_test_flags(const RSA *r, int flags);
+ void RSA_set_flags(RSA *r, int flags);
+ ENGINE *RSA_get0_engine(RSA *r);
+ int RSA_get_multi_prime_extra_count(const RSA *r);
+ int RSA_get0_multi_prime_factors(const RSA *r, const BIGNUM *primes[]);
+ int RSA_get0_multi_prime_crt_params(const RSA *r, const BIGNUM *exps[],
+                                     const BIGNUM *coeffs[]);
+ int RSA_set0_multi_prime_params(RSA *r, BIGNUM *primes[], BIGNUM *exps[],
+                                BIGNUM *coeffs[], int pnum);
+ int RSA_get_version(RSA *r);
    +

    +

    +
    +

    DESCRIPTION

    +

    An RSA object contains the components for the public and private key, +n, e, d, p, q, dmp1, dmq1 and iqmp. n is +the modulus common to both public and private key, e is the public +exponent and d is the private exponent. p, q, dmp1, +dmq1 and iqmp are the factors for the second representation of a +private key (see PKCS#1 section 3 Key Types), where p and q are +the first and second factor of n and dmp1, dmq1 and iqmp +are the exponents and coefficient for CRT calculations.

    +

    For multi-prime RSA (defined in RFC 8017), there are also one or more +'triplet' in an RSA object. A triplet contains three members, r, d +and t. r is the additional prime besides p and q. d and +t are the exponent and coefficient for CRT calculations.

    +

    The n, e and d parameters can be obtained by calling +RSA_get0_key(). If they have not been set yet, then *n, *e and +*d will be set to NULL. Otherwise, they are set to pointers to +their respective values. These point directly to the internal +representations of the values and therefore should not be freed +by the caller.

    +

    The n, e and d parameter values can be set by calling +RSA_set0_key() and passing the new values for n, e and d as +parameters to the function. The values n and e must be non-NULL +the first time this function is called on a given RSA object. The +value d may be NULL. On subsequent calls any of these values may be +NULL which means the corresponding RSA field is left untouched. +Calling this function transfers the memory management of the values to +the RSA object, and therefore the values that have been passed in +should not be freed by the caller after this function has been called.

    +

    In a similar fashion, the p and q parameters can be obtained and +set with RSA_get0_factors() and RSA_set0_factors(), and the dmp1, +dmq1 and iqmp parameters can be obtained and set with +RSA_get0_crt_params() and RSA_set0_crt_params().

    +

    For RSA_get0_key(), RSA_get0_factors(), and RSA_get0_crt_params(), +NULL value BIGNUM ** output parameters are permitted. The functions +ignore NULL parameters but return values for other, non-NULL, parameters.

    +

    For multi-prime RSA, RSA_get0_multi_prime_factors() and RSA_get0_multi_prime_params() +can be used to obtain other primes and related CRT parameters. The +return values are stored in an array of BIGNUM *. RSA_set0_multi_prime_params() +sets a collect of multi-prime 'triplet' members (prime, exponent and coefficient) +into an RSA object.

    +

    Any of the values n, e, d, p, q, dmp1, dmq1, and iqmp can also be +retrieved separately by the corresponding function +RSA_get0_n(), RSA_get0_e(), RSA_get0_d(), RSA_get0_p(), RSA_get0_q(), +RSA_get0_dmp1(), RSA_get0_dmq1(), and RSA_get0_iqmp(), respectively.

    +

    RSA_get0_pss_params() is used to retrieve the RSA-PSS parameters.

    +

    RSA_set_flags() sets the flags in the flags parameter on the RSA +object. Multiple flags can be passed in one go (bitwise ORed together). +Any flags that are already set are left set. RSA_test_flags() tests to +see whether the flags passed in the flags parameter are currently +set in the RSA object. Multiple flags can be tested in one go. All +flags that are currently set are returned, or zero if none of the +flags are set. RSA_clear_flags() clears the specified flags within the +RSA object.

    +

    RSA_get0_engine() returns a handle to the ENGINE that has been set for +this RSA object, or NULL if no such ENGINE has been set.

    +

    RSA_get_version() returns the version of an RSA object r.

    +

    +

    +
    +

    NOTES

    +

    Values retrieved with RSA_get0_key() are owned by the RSA object used +in the call and may therefore not be passed to RSA_set0_key(). If +needed, duplicate the received value using BN_dup() and pass the +duplicate. The same applies to RSA_get0_factors() and RSA_set0_factors() +as well as RSA_get0_crt_params() and RSA_set0_crt_params().

    +

    The caller should obtain the size by calling RSA_get_multi_prime_extra_count() +in advance and allocate sufficient buffer to store the return values before +calling RSA_get0_multi_prime_factors() and RSA_get0_multi_prime_params().

    +

    RSA_set0_multi_prime_params() always clears the original multi-prime +triplets in RSA object r and assign the new set of triplets into it.

    +

    +

    +
    +

    RETURN VALUES

    +

    RSA_set0_key(), RSA_set0_factors(), RSA_set0_crt_params() and +RSA_set0_multi_prime_params() return 1 on success or 0 on failure.

    +

    RSA_get0_n(), RSA_get0_e(), RSA_get0_d(), RSA_get0_p(), RSA_get0_q(), +RSA_get0_dmp1(), RSA_get0_dmq1(), and RSA_get0_iqmp() +return the respective value.

    +

    RSA_get0_pss_params() returns a RSA_PSS_PARAMS pointer, or NULL if +there is none.

    +

    RSA_get0_multi_prime_factors() and RSA_get0_multi_prime_crt_params() return +1 on success or 0 on failure.

    +

    RSA_get_multi_prime_extra_count() returns two less than the number of primes +in use, which is 0 for traditional RSA and the number of extra primes for +multi-prime RSA.

    +

    RSA_get_version() returns RSA_ASN1_VERSION_MULTI for multi-prime RSA and +RSA_ASN1_VERSION_DEFAULT for normal two-prime RSA, as defined in RFC 8017.

    +

    RSA_test_flags() returns the current state of the flags in the RSA object.

    +

    RSA_get0_engine() returns the ENGINE set for the RSA object or NULL if no +ENGINE has been set.

    +

    +

    +
    +

    SEE ALSO

    +

    RSA_new(3), RSA_size(3)

    +

    +

    +
    +

    HISTORY

    +

    The RSA_get0_pss_params() function was added in OpenSSL 1.1.1e.

    +

    The +RSA_get_multi_prime_extra_count(), RSA_get0_multi_prime_factors(), +RSA_get0_multi_prime_crt_params(), RSA_set0_multi_prime_params(), +and RSA_get_version() functions were added in OpenSSL 1.1.1.

    +

    Other functions described here were added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/RSA_meth_new.html b/linux_amd64/share/doc/openssl/html/man3/RSA_meth_new.html new file mode 100755 index 0000000..6cf9a26 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/RSA_meth_new.html @@ -0,0 +1,285 @@ + + + + +RSA_meth_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    RSA_meth_get0_app_data, RSA_meth_set0_app_data, +RSA_meth_new, RSA_meth_free, RSA_meth_dup, RSA_meth_get0_name, +RSA_meth_set1_name, RSA_meth_get_flags, RSA_meth_set_flags, +RSA_meth_get_pub_enc, +RSA_meth_set_pub_enc, RSA_meth_get_pub_dec, RSA_meth_set_pub_dec, +RSA_meth_get_priv_enc, RSA_meth_set_priv_enc, RSA_meth_get_priv_dec, +RSA_meth_set_priv_dec, RSA_meth_get_mod_exp, RSA_meth_set_mod_exp, +RSA_meth_get_bn_mod_exp, RSA_meth_set_bn_mod_exp, RSA_meth_get_init, +RSA_meth_set_init, RSA_meth_get_finish, RSA_meth_set_finish, +RSA_meth_get_sign, RSA_meth_set_sign, RSA_meth_get_verify, +RSA_meth_set_verify, RSA_meth_get_keygen, RSA_meth_set_keygen, +RSA_meth_get_multi_prime_keygen, RSA_meth_set_multi_prime_keygen +- Routines to build up RSA methods

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/rsa.h>
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + RSA_METHOD *RSA_meth_new(const char *name, int flags);
+ void RSA_meth_free(RSA_METHOD *meth);
    +
    + RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth);
    +
    + const char *RSA_meth_get0_name(const RSA_METHOD *meth);
+ int RSA_meth_set1_name(RSA_METHOD *meth, const char *name);
    +
    + int RSA_meth_get_flags(const RSA_METHOD *meth);
+ int RSA_meth_set_flags(RSA_METHOD *meth, int flags);
    +
    + void *RSA_meth_get0_app_data(const RSA_METHOD *meth);
+ int RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data);
    +
    + int (*RSA_meth_get_pub_enc(const RSA_METHOD *meth))(int flen, const unsigned char *from,
+                                                     unsigned char *to, RSA *rsa, int padding);
+ int RSA_meth_set_pub_enc(RSA_METHOD *rsa,
+                          int (*pub_enc)(int flen, const unsigned char *from,
+                                         unsigned char *to, RSA *rsa,
+                                         int padding));
    +
    + int (*RSA_meth_get_pub_dec(const RSA_METHOD *meth))
+     (int flen, const unsigned char *from,
+      unsigned char *to, RSA *rsa, int padding);
+ int RSA_meth_set_pub_dec(RSA_METHOD *rsa,
+                          int (*pub_dec)(int flen, const unsigned char *from,
+                                         unsigned char *to, RSA *rsa,
+                                         int padding));
    +
    + int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth))(int flen, const unsigned char *from,
+                                                      unsigned char *to, RSA *rsa,
+                                                      int padding);
+ int RSA_meth_set_priv_enc(RSA_METHOD *rsa,
+                           int (*priv_enc)(int flen, const unsigned char *from,
+                                           unsigned char *to, RSA *rsa, int padding));
    +
    + int (*RSA_meth_get_priv_dec(const RSA_METHOD *meth))(int flen, const unsigned char *from,
+                                                      unsigned char *to, RSA *rsa,
+                                                      int padding);
+ int RSA_meth_set_priv_dec(RSA_METHOD *rsa,
+                           int (*priv_dec)(int flen, const unsigned char *from,
+                                           unsigned char *to, RSA *rsa, int padding));
    +
    + /* Can be null */
+ int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth))(BIGNUM *r0, const BIGNUM *i,
+                                                     RSA *rsa, BN_CTX *ctx);
+ int RSA_meth_set_mod_exp(RSA_METHOD *rsa,
+                          int (*mod_exp)(BIGNUM *r0, const BIGNUM *i, RSA *rsa,
+                                         BN_CTX *ctx));
    +
    + /* Can be null */
+ int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth))(BIGNUM *r, const BIGNUM *a,
+                                                        const BIGNUM *p, const BIGNUM *m,
+                                                        BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+ int RSA_meth_set_bn_mod_exp(RSA_METHOD *rsa,
+                             int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a,
+                                               const BIGNUM *p, const BIGNUM *m,
+                                               BN_CTX *ctx, BN_MONT_CTX *m_ctx));
    +
    + /* called at new */
+ int (*RSA_meth_get_init(const RSA_METHOD *meth) (RSA *rsa);
+ int RSA_meth_set_init(RSA_METHOD *rsa, int (*init (RSA *rsa));
    +
    + /* called at free */
+ int (*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa);
+ int RSA_meth_set_finish(RSA_METHOD *rsa, int (*finish)(RSA *rsa));
    +
    + int (*RSA_meth_get_sign(const RSA_METHOD *meth))(int type, const unsigned char *m,
+                                                  unsigned int m_length,
+                                                  unsigned char *sigret,
+                                                  unsigned int *siglen, const RSA *rsa);
+ int RSA_meth_set_sign(RSA_METHOD *rsa,
+                       int (*sign)(int type, const unsigned char *m,
+                                   unsigned int m_length, unsigned char *sigret,
+                                   unsigned int *siglen, const RSA *rsa));
    +
    + int (*RSA_meth_get_verify(const RSA_METHOD *meth))(int dtype, const unsigned char *m,
+                                                    unsigned int m_length,
+                                                    const unsigned char *sigbuf,
+                                                    unsigned int siglen, const RSA *rsa);
+ int RSA_meth_set_verify(RSA_METHOD *rsa,
+                         int (*verify)(int dtype, const unsigned char *m,
+                                       unsigned int m_length,
+                                       const unsigned char *sigbuf,
+                                       unsigned int siglen, const RSA *rsa));
    +
    + int (*RSA_meth_get_keygen(const RSA_METHOD *meth))(RSA *rsa, int bits, BIGNUM *e,
+                                                    BN_GENCB *cb);
+ int RSA_meth_set_keygen(RSA_METHOD *rsa,
+                         int (*keygen)(RSA *rsa, int bits, BIGNUM *e,
+                                       BN_GENCB *cb));
    +
    + int (*RSA_meth_get_multi_prime_keygen(const RSA_METHOD *meth))(RSA *rsa, int bits,
+                                                                int primes, BIGNUM *e,
+                                                                BN_GENCB *cb);
    +
    + int RSA_meth_set_multi_prime_keygen(RSA_METHOD *meth,
+                                     int (*keygen) (RSA *rsa, int bits,
+                                                    int primes, BIGNUM *e,
+                                                    BN_GENCB *cb));
    +

    +

    +
    +

    DESCRIPTION

    +

    All of the functions described on this page are deprecated. +Applications should instead use the OSSL_PROVIDER APIs.

    +

    The RSA_METHOD type is a structure used for the provision of custom +RSA implementations. It provides a set of functions used by OpenSSL +for the implementation of the various RSA capabilities.

    +

    RSA_meth_new() creates a new RSA_METHOD structure. It should be +given a unique name and a set of flags. The name should be a +NULL terminated string, which will be duplicated and stored in the +RSA_METHOD object. It is the callers responsibility to free the +original string. The flags will be used during the construction of a +new RSA object based on this RSA_METHOD. Any new RSA object +will have those flags set by default.

    +

    RSA_meth_dup() creates a duplicate copy of the RSA_METHOD object +passed as a parameter. This might be useful for creating a new +RSA_METHOD based on an existing one, but with some differences.

    +

    RSA_meth_free() destroys an RSA_METHOD structure and frees up any +memory associated with it.

    +

    RSA_meth_get0_name() will return a pointer to the name of this +RSA_METHOD. This is a pointer to the internal name string and so +should not be freed by the caller. RSA_meth_set1_name() sets the name +of the RSA_METHOD to name. The string is duplicated and the copy is +stored in the RSA_METHOD structure, so the caller remains responsible +for freeing the memory associated with the name.

    +

    RSA_meth_get_flags() returns the current value of the flags associated +with this RSA_METHOD. RSA_meth_set_flags() provides the ability to set +these flags.

    +

    The functions RSA_meth_get0_app_data() and RSA_meth_set0_app_data() +provide the ability to associate implementation specific data with the +RSA_METHOD. It is the application's responsibility to free this data +before the RSA_METHOD is freed via a call to RSA_meth_free().

    +

    RSA_meth_get_sign() and RSA_meth_set_sign() get and set the function +used for creating an RSA signature respectively. This function will be +called in response to the application calling RSA_sign(). The +parameters for the function have the same meaning as for RSA_sign().

    +

    RSA_meth_get_verify() and RSA_meth_set_verify() get and set the +function used for verifying an RSA signature respectively. This +function will be called in response to the application calling +RSA_verify(). The parameters for the function have the same meaning as +for RSA_verify().

    +

    RSA_meth_get_mod_exp() and RSA_meth_set_mod_exp() get and set the +function used for CRT computations.

    +

    RSA_meth_get_bn_mod_exp() and RSA_meth_set_bn_mod_exp() get and set +the function used for CRT computations, specifically the following +value:

    +
    + r = a ^ p mod m
    +

    Both the mod_exp() and bn_mod_exp() functions are called by the +default OpenSSL method during encryption, decryption, signing and +verification.

    +

    RSA_meth_get_init() and RSA_meth_set_init() get and set the function +used for creating a new RSA instance respectively. This function will +be called in response to the application calling RSA_new() (if the +current default RSA_METHOD is this one) or RSA_new_method(). The +RSA_new() and RSA_new_method() functions will allocate the memory for +the new RSA object, and a pointer to this newly allocated structure +will be passed as a parameter to the function. This function may be +NULL.

    +

    RSA_meth_get_finish() and RSA_meth_set_finish() get and set the +function used for destroying an instance of an RSA object respectively. +This function will be called in response to the application calling +RSA_free(). A pointer to the RSA to be destroyed is passed as a +parameter. The destroy function should be used for RSA implementation +specific clean up. The memory for the RSA itself should not be freed +by this function. This function may be NULL.

    +

    RSA_meth_get_keygen() and RSA_meth_set_keygen() get and set the +function used for generating a new RSA key pair respectively. This +function will be called in response to the application calling +RSA_generate_key_ex(). The parameter for the function has the same +meaning as for RSA_generate_key_ex().

    +

    RSA_meth_get_multi_prime_keygen() and RSA_meth_set_multi_prime_keygen() get +and set the function used for generating a new multi-prime RSA key pair +respectively. This function will be called in response to the application calling +RSA_generate_multi_prime_key(). The parameter for the function has the same +meaning as for RSA_generate_multi_prime_key().

    +

    RSA_meth_get_pub_enc(), RSA_meth_set_pub_enc(), +RSA_meth_get_pub_dec(), RSA_meth_set_pub_dec(), +RSA_meth_get_priv_enc(), RSA_meth_set_priv_enc(), +RSA_meth_get_priv_dec(), RSA_meth_set_priv_dec() get and set the +functions used for public and private key encryption and decryption. +These functions will be called in response to the application calling +RSA_public_encrypt(), RSA_private_decrypt(), RSA_private_encrypt() and +RSA_public_decrypt() and take the same parameters as those.

    +

    +

    +
    +

    RETURN VALUES

    +

    RSA_meth_new() and RSA_meth_dup() return the newly allocated +RSA_METHOD object or NULL on failure.

    +

    RSA_meth_get0_name() and RSA_meth_get_flags() return the name and +flags associated with the RSA_METHOD respectively.

    +

    All other RSA_meth_get_*() functions return the appropriate function +pointer that has been set in the RSA_METHOD, or NULL if no such +pointer has yet been set.

    +

    RSA_meth_set1_name and all RSA_meth_set_*() functions return 1 on +success or 0 on failure.

    +

    +

    +
    +

    SEE ALSO

    +

    RSA_new(3), RSA_generate_key_ex(3), RSA_sign(3), +RSA_set_method(3), RSA_size(3), RSA_get0_key(3), +RSA_generate_multi_prime_key(3)

    +

    +

    +
    +

    HISTORY

    +

    All of these functions were deprecated in OpenSSL 3.0.

    +

    RSA_meth_get_multi_prime_keygen() and RSA_meth_set_multi_prime_keygen() were +added in OpenSSL 1.1.1.

    +

    Other functions described here were added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/RSA_new.html b/linux_amd64/share/doc/openssl/html/man3/RSA_new.html new file mode 100755 index 0000000..3bca460 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/RSA_new.html @@ -0,0 +1,82 @@ + + + + +RSA_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    RSA_new, RSA_free - allocate and free RSA objects

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/rsa.h>
    +
    + RSA *RSA_new(void);
    +
    + void RSA_free(RSA *rsa);
    +

    +

    +
    +

    DESCRIPTION

    +

    RSA_new() allocates and initializes an RSA structure. It is equivalent to +calling RSA_new_method(NULL).

    +

    RSA_free() frees the RSA structure and its components. The key is +erased before the memory is returned to the system. +If rsa is NULL nothing is done.

    +

    +

    +
    +

    RETURN VALUES

    +

    If the allocation fails, RSA_new() returns NULL and sets an error +code that can be obtained by ERR_get_error(3). Otherwise it returns +a pointer to the newly allocated structure.

    +

    RSA_free() returns no value.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), +RSA_generate_key(3), +RSA_new_method(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/RSA_padding_add_PKCS1_type_1.html b/linux_amd64/share/doc/openssl/html/man3/RSA_padding_add_PKCS1_type_1.html new file mode 100755 index 0000000..521f446 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/RSA_padding_add_PKCS1_type_1.html @@ -0,0 +1,206 @@ + + + + +RSA_padding_add_PKCS1_type_1 + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    RSA_padding_add_PKCS1_type_1, RSA_padding_check_PKCS1_type_1, +RSA_padding_add_PKCS1_type_2, RSA_padding_check_PKCS1_type_2, +RSA_padding_add_PKCS1_OAEP, RSA_padding_check_PKCS1_OAEP, +RSA_padding_add_PKCS1_OAEP_mgf1, RSA_padding_check_PKCS1_OAEP_mgf1, +RSA_padding_add_SSLv23, RSA_padding_check_SSLv23, +RSA_padding_add_none, RSA_padding_check_none - asymmetric encryption +padding

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/rsa.h>
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
+                                  const unsigned char *f, int fl);
    +
    + int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
+                                    const unsigned char *f, int fl, int rsa_len);
    +
    + int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
+                                  const unsigned char *f, int fl);
    +
    + int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
+                                    const unsigned char *f, int fl, int rsa_len);
    +
    + int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
+                                const unsigned char *f, int fl,
+                                const unsigned char *p, int pl);
    +
    + int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
+                                  const unsigned char *f, int fl, int rsa_len,
+                                  const unsigned char *p, int pl);
    +
    + int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
+                                     const unsigned char *f, int fl,
+                                     const unsigned char *p, int pl,
+                                     const EVP_MD *md, const EVP_MD *mgf1md);
    +
    + int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
+                                       const unsigned char *f, int fl, int rsa_len,
+                                       const unsigned char *p, int pl,
+                                       const EVP_MD *md, const EVP_MD *mgf1md);
    +
    + int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
+                            const unsigned char *f, int fl);
    +
    + int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
+                              const unsigned char *f, int fl, int rsa_len);
    +
    + int RSA_padding_add_none(unsigned char *to, int tlen,
+                          const unsigned char *f, int fl);
    +
    + int RSA_padding_check_none(unsigned char *to, int tlen,
+                            const unsigned char *f, int fl, int rsa_len);
    +

    +

    +
    +

    DESCRIPTION

    +

    All of the functions described on this page are deprecated. +Applications should instead use the EVP PKEY APIs.

    +

    The RSA_padding_xxx_xxx() functions are called from the RSA encrypt, +decrypt, sign and verify functions. Normally they should not be called +from application programs.

    +

    However, they can also be called directly to implement padding for other +asymmetric ciphers. RSA_padding_add_PKCS1_OAEP() and +RSA_padding_check_PKCS1_OAEP() may be used in an application combined +with RSA_NO_PADDING in order to implement OAEP with an encoding +parameter.

    +

    RSA_padding_add_xxx() encodes fl bytes from f so as to fit into +tlen bytes and stores the result at to. An error occurs if fl +does not meet the size requirements of the encoding method.

    +

    The following encoding methods are implemented:

    +
    +
    PKCS1_type_1
    + +
    +

    PKCS #1 v2.0 EMSA-PKCS1-v1_5 (PKCS #1 v1.5 block type 1); used for signatures

    +
    +
    PKCS1_type_2
    + +
    +

    PKCS #1 v2.0 EME-PKCS1-v1_5 (PKCS #1 v1.5 block type 2)

    +
    +
    PKCS1_OAEP
    + +
    +

    PKCS #1 v2.0 EME-OAEP

    +
    +
    SSLv23
    + +
    +

    PKCS #1 EME-PKCS1-v1_5 with SSL-specific modification

    +
    +
    none
    + +
    +

    simply copy the data

    +
    +
    +

    The random number generator must be seeded prior to calling +RSA_padding_add_xxx(). +If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to +external circumstances (see RAND(7)), the operation will fail.

    +

    RSA_padding_check_xxx() verifies that the fl bytes at f contain +a valid encoding for a rsa_len byte RSA key in the respective +encoding method and stores the recovered data of at most tlen bytes +(for RSA_NO_PADDING: of size tlen) +at to.

    +

    For RSA_padding_xxx_OAEP(), p points to the encoding parameter +of length pl. p may be NULL if pl is 0.

    +

    For RSA_padding_xxx_OAEP_mgf1(), md points to the md hash, +if md is NULL that means md=sha1, and mgf1md points to +the mgf1 hash, if mgf1md is NULL that means mgf1md=md.

    +

    +

    +
    +

    RETURN VALUES

    +

    The RSA_padding_add_xxx() functions return 1 on success, 0 on error. +The RSA_padding_check_xxx() functions return the length of the +recovered data, -1 on error. Error codes can be obtained by calling +ERR_get_error(3).

    +

    +

    +
    +

    WARNINGS

    +

    The result of RSA_padding_check_PKCS1_type_2() is a very sensitive +information which can potentially be used to mount a Bleichenbacher +padding oracle attack. This is an inherent weakness in the PKCS #1 +v1.5 padding design. Prefer PKCS1_OAEP padding. If that is not +possible, the result of RSA_padding_check_PKCS1_type_2() should be +checked in constant time if it matches the expected length of the +plaintext and additionally some application specific consistency +checks on the plaintext need to be performed in constant time. +If the plaintext is rejected it must be kept secret which of the +checks caused the application to reject the message. +Do not remove the zero-padding from the decrypted raw RSA data +which was computed by RSA_private_decrypt() with RSA_NO_PADDING, +as this would create a small timing side channel which could be +used to mount a Bleichenbacher attack against any padding mode +including PKCS1_OAEP.

    +

    +

    +
    +

    SEE ALSO

    +

    RSA_public_encrypt(3), +RSA_private_decrypt(3), +RSA_sign(3), RSA_verify(3), +RAND(7)

    +

    +

    +
    +

    HISTORY

    +

    All of these functions were deprecated in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/RSA_print.html b/linux_amd64/share/doc/openssl/html/man3/RSA_print.html new file mode 100755 index 0000000..fa8f03c --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/RSA_print.html @@ -0,0 +1,109 @@ + + + + +RSA_print + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    RSA_print, RSA_print_fp, +DSAparams_print, DSAparams_print_fp, DSA_print, DSA_print_fp, +DHparams_print, DHparams_print_fp - print cryptographic parameters

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/rsa.h>
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + int RSA_print(BIO *bp, RSA *x, int offset);
+ int RSA_print_fp(FILE *fp, RSA *x, int offset);
    +
    + #include <openssl/dsa.h>
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + int DSAparams_print(BIO *bp, DSA *x);
+ int DSAparams_print_fp(FILE *fp, DSA *x);
+ int DSA_print(BIO *bp, DSA *x, int offset);
+ int DSA_print_fp(FILE *fp, DSA *x, int offset);
    +
    + #include <openssl/dh.h>
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + int DHparams_print(BIO *bp, DH *x);
+ int DHparams_print_fp(FILE *fp, DH *x);
    +

    +

    +
    +

    DESCRIPTION

    +

    All of the functions described on this page are deprecated. +Applications should instead use EVP_PKEY_print_params(3) and +EVP_PKEY_print_private(3).

    +

    A human-readable hexadecimal output of the components of the RSA +key, DSA parameters or key or DH parameters is printed to bp or fp.

    +

    The output lines are indented by offset spaces.

    +

    +

    +
    +

    RETURN VALUES

    +

    These functions return 1 on success, 0 on error.

    +

    +

    +
    +

    SEE ALSO

    +
    + L<EVP_PKEY_print_params(3)>,
+ L<EVP_PKEY_print_private(3)>,
+ L<BN_bn2bin(3)>
    +

    +

    +
    +

    HISTORY

    +

    All of these functions were deprecated in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/RSA_private_encrypt.html b/linux_amd64/share/doc/openssl/html/man3/RSA_private_encrypt.html new file mode 100755 index 0000000..a53b41c --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/RSA_private_encrypt.html @@ -0,0 +1,119 @@ + + + + +RSA_private_encrypt + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    RSA_private_encrypt, RSA_public_decrypt - low level signature operations

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/rsa.h>
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + int RSA_private_encrypt(int flen, unsigned char *from,
+                         unsigned char *to, RSA *rsa, int padding);
    +
    + int RSA_public_decrypt(int flen, unsigned char *from,
+                        unsigned char *to, RSA *rsa, int padding);
    +

    +

    +
    +

    DESCRIPTION

    +

    Both of the functions described on this page are deprecated. +Applications should instead use EVP_PKEY_encrypt_init(3), +EVP_PKEY_encrypt(3), EVP_PKEY_decrypt_init(3) and EVP_PKEY_decrypt(3).

    +

    These functions handle RSA signatures at a low level.

    +

    RSA_private_encrypt() signs the flen bytes at from (usually a +message digest with an algorithm identifier) using the private key +rsa and stores the signature in to. to must point to +RSA_size(rsa) bytes of memory.

    +

    padding denotes one of the following modes:

    +
    +
    RSA_PKCS1_PADDING
    + +
    +

    PKCS #1 v1.5 padding. This function does not handle the +algorithmIdentifier specified in PKCS #1. When generating or +verifying PKCS #1 signatures, RSA_sign(3) and RSA_verify(3) should be +used.

    +
    +
    RSA_NO_PADDING
    + +
    +

    Raw RSA signature. This mode should only be used to implement +cryptographically sound padding modes in the application code. +Signing user data directly with RSA is insecure.

    +
    +
    +

    RSA_public_decrypt() recovers the message digest from the flen +bytes long signature at from using the signer's public key +rsa. to must point to a memory section large enough to hold the +message digest (which is smaller than RSA_size(rsa) - +11). padding is the padding mode that was used to sign the data.

    +

    +

    +
    +

    RETURN VALUES

    +

    RSA_private_encrypt() returns the size of the signature (i.e., +RSA_size(rsa)). RSA_public_decrypt() returns the size of the +recovered message digest.

    +

    On error, -1 is returned; the error codes can be +obtained by ERR_get_error(3).

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), +RSA_sign(3), RSA_verify(3)

    +

    +

    +
    +

    HISTORY

    +

    Both of these functions were deprecated in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/RSA_public_encrypt.html b/linux_amd64/share/doc/openssl/html/man3/RSA_public_encrypt.html new file mode 100755 index 0000000..83d1f97 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/RSA_public_encrypt.html @@ -0,0 +1,160 @@ + + + + +RSA_public_encrypt + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    RSA_public_encrypt, RSA_private_decrypt - RSA public key cryptography

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/rsa.h>
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + int RSA_public_encrypt(int flen, const unsigned char *from,
+                        unsigned char *to, RSA *rsa, int padding);
    +
    + int RSA_private_decrypt(int flen, const unsigned char *from,
+                         unsigned char *to, RSA *rsa, int padding);
    +

    +

    +
    +

    DESCRIPTION

    +

    Both of the functions described on this page are deprecated. +Applications should instead use EVP_PKEY_encrypt_init(3), +EVP_PKEY_encrypt(3), EVP_PKEY_decrypt_init(3) and EVP_PKEY_decrypt(3).

    +

    RSA_public_encrypt() encrypts the flen bytes at from (usually a +session key) using the public key rsa and stores the ciphertext in +to. to must point to RSA_size(rsa) bytes of memory.

    +

    padding denotes one of the following modes:

    +
    +
    RSA_PKCS1_PADDING
    + +
    +

    PKCS #1 v1.5 padding. This currently is the most widely used mode. +However, it is highly recommended to use RSA_PKCS1_OAEP_PADDING in +new applications. SEE WARNING BELOW.

    +
    +
    RSA_PKCS1_OAEP_PADDING
    + +
    +

    EME-OAEP as defined in PKCS #1 v2.0 with SHA-1, MGF1 and an empty +encoding parameter. This mode is recommended for all new applications.

    +
    +
    RSA_SSLV23_PADDING
    + +
    +

    PKCS #1 v1.5 padding with an SSL-specific modification that denotes +that the server is SSL3 capable.

    +
    +
    RSA_NO_PADDING
    + +
    +

    Raw RSA encryption. This mode should only be used to implement +cryptographically sound padding modes in the application code. +Encrypting user data directly with RSA is insecure.

    +
    +
    +

    flen must not be more than RSA_size(rsa) - 11 for the PKCS #1 v1.5 +based padding modes, not more than RSA_size(rsa) - 42 for +RSA_PKCS1_OAEP_PADDING and exactly RSA_size(rsa) for RSA_NO_PADDING. +When a padding mode other than RSA_NO_PADDING is in use, then +RSA_public_encrypt() will include some random bytes into the ciphertext +and therefore the ciphertext will be different each time, even if the +plaintext and the public key are exactly identical. +The returned ciphertext in to will always be zero padded to exactly +RSA_size(rsa) bytes. +to and from may overlap.

    +

    RSA_private_decrypt() decrypts the flen bytes at from using the +private key rsa and stores the plaintext in to. flen should +be equal to RSA_size(rsa) but may be smaller, when leading zero +bytes are in the ciphertext. Those are not important and may be removed, +but RSA_public_encrypt() does not do that. to must point +to a memory section large enough to hold the maximal possible decrypted +data (which is equal to RSA_size(rsa) for RSA_NO_PADDING, +RSA_size(rsa) - 11 for the PKCS #1 v1.5 based padding modes and +RSA_size(rsa) - 42 for RSA_PKCS1_OAEP_PADDING). +padding is the padding mode that was used to encrypt the data. +to and from may overlap.

    +

    +

    +
    +

    RETURN VALUES

    +

    RSA_public_encrypt() returns the size of the encrypted data (i.e., +RSA_size(rsa)). RSA_private_decrypt() returns the size of the +recovered plaintext. A return value of 0 is not an error and +means only that the plaintext was empty.

    +

    On error, -1 is returned; the error codes can be +obtained by ERR_get_error(3).

    +

    +

    +
    +

    WARNINGS

    +

    Decryption failures in the RSA_PKCS1_PADDING mode leak information +which can potentially be used to mount a Bleichenbacher padding oracle +attack. This is an inherent weakness in the PKCS #1 v1.5 padding +design. Prefer RSA_PKCS1_OAEP_PADDING.

    +

    +

    +
    +

    CONFORMING TO

    +

    SSL, PKCS #1 v2.0

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), RAND_bytes(3), +RSA_size(3)

    +

    +

    +
    +

    HISTORY

    +

    Both of these functions were deprecated in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/RSA_set_method.html b/linux_amd64/share/doc/openssl/html/man3/RSA_set_method.html new file mode 100755 index 0000000..fba214f --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/RSA_set_method.html @@ -0,0 +1,224 @@ + + + + +RSA_set_method + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    RSA_set_default_method, RSA_get_default_method, RSA_set_method, +RSA_get_method, RSA_PKCS1_OpenSSL, RSA_flags, +RSA_new_method - select RSA method

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/rsa.h>
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + void RSA_set_default_method(const RSA_METHOD *meth);
    +
    + RSA_METHOD *RSA_get_default_method(void);
    +
    + int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);
    +
    + RSA_METHOD *RSA_get_method(const RSA *rsa);
    +
    + RSA_METHOD *RSA_PKCS1_OpenSSL(void);
    +
    + int RSA_flags(const RSA *rsa);
    +
    + RSA *RSA_new_method(ENGINE *engine);
    +

    +

    +
    +

    DESCRIPTION

    +

    All of the functions described on this page are deprecated. +Applications should instead use the OSSL_PROVIDER APIs.

    +

    An RSA_METHOD specifies the functions that OpenSSL uses for RSA +operations. By modifying the method, alternative implementations such as +hardware accelerators may be used. IMPORTANT: See the NOTES section for +important information about how these RSA API functions are affected by the +use of ENGINE API calls.

    +

    Initially, the default RSA_METHOD is the OpenSSL internal implementation, +as returned by RSA_PKCS1_OpenSSL().

    +

    RSA_set_default_method() makes meth the default method for all RSA +structures created later. +NB: This is true only whilst no ENGINE has +been set as a default for RSA, so this function is no longer recommended. +This function is not thread-safe and should not be called at the same time +as other OpenSSL functions.

    +

    RSA_get_default_method() returns a pointer to the current default +RSA_METHOD. However, the meaningfulness of this result is dependent on +whether the ENGINE API is being used, so this function is no longer +recommended.

    +

    RSA_set_method() selects meth to perform all operations using the key +rsa. This will replace the RSA_METHOD used by the RSA key and if the +previous method was supplied by an ENGINE, the handle to that ENGINE will +be released during the change. It is possible to have RSA keys that only +work with certain RSA_METHOD implementations (eg. from an ENGINE module +that supports embedded hardware-protected keys), and in such cases +attempting to change the RSA_METHOD for the key can have unexpected +results.

    +

    RSA_get_method() returns a pointer to the RSA_METHOD being used by rsa. +This method may or may not be supplied by an ENGINE implementation, but if +it is, the return value can only be guaranteed to be valid as long as the +RSA key itself is valid and does not have its implementation changed by +RSA_set_method().

    +

    RSA_flags() returns the flags that are set for rsa's current +RSA_METHOD. See the BUGS section.

    +

    RSA_new_method() allocates and initializes an RSA structure so that +engine will be used for the RSA operations. If engine is NULL, the +default ENGINE for RSA operations is used, and if no default ENGINE is set, +the RSA_METHOD controlled by RSA_set_default_method() is used.

    +

    RSA_flags() returns the flags that are set for rsa's current method.

    +

    RSA_new_method() allocates and initializes an RSA structure so that +method will be used for the RSA operations. If method is NULL, +the default method is used.

    +

    +

    +
    +

    THE RSA_METHOD STRUCTURE

    +
    + typedef struct rsa_meth_st
+ {
+     /* name of the implementation */
+     const char *name;
    +
    +     /* encrypt */
+     int (*rsa_pub_enc)(int flen, unsigned char *from,
+                        unsigned char *to, RSA *rsa, int padding);
    +
    +     /* verify arbitrary data */
+     int (*rsa_pub_dec)(int flen, unsigned char *from,
+                        unsigned char *to, RSA *rsa, int padding);
    +
    +     /* sign arbitrary data */
+     int (*rsa_priv_enc)(int flen, unsigned char *from,
+                         unsigned char *to, RSA *rsa, int padding);
    +
    +     /* decrypt */
+     int (*rsa_priv_dec)(int flen, unsigned char *from,
+                         unsigned char *to, RSA *rsa, int padding);
    +
    +     /* compute r0 = r0 ^ I mod rsa->n (May be NULL for some implementations) */
+     int (*rsa_mod_exp)(BIGNUM *r0, BIGNUM *I, RSA *rsa);
    +
    +     /* compute r = a ^ p mod m (May be NULL for some implementations) */
+     int (*bn_mod_exp)(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+                       const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
    +
    +     /* called at RSA_new */
+     int (*init)(RSA *rsa);
    +
    +     /* called at RSA_free */
+     int (*finish)(RSA *rsa);
    +
    +     /*
+      * RSA_FLAG_EXT_PKEY        - rsa_mod_exp is called for private key
+      *                            operations, even if p,q,dmp1,dmq1,iqmp
+      *                            are NULL
+      * RSA_METHOD_FLAG_NO_CHECK - don't check pub/private match
+      */
+     int flags;
    +
    +     char *app_data; /* ?? */
    +
    +     int (*rsa_sign)(int type,
+                     const unsigned char *m, unsigned int m_length,
+                     unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
+     int (*rsa_verify)(int dtype,
+                       const unsigned char *m, unsigned int m_length,
+                       const unsigned char *sigbuf, unsigned int siglen,
+                       const RSA *rsa);
+     /* keygen. If NULL built-in RSA key generation will be used */
+     int (*rsa_keygen)(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
    +
    + } RSA_METHOD;
    +

    +

    +
    +

    RETURN VALUES

    +

    RSA_PKCS1_OpenSSL(), RSA_PKCS1_null_method(), RSA_get_default_method() +and RSA_get_method() return pointers to the respective RSA_METHODs.

    +

    RSA_set_default_method() returns no value.

    +

    RSA_set_method() returns a pointer to the old RSA_METHOD implementation +that was replaced. However, this return value should probably be ignored +because if it was supplied by an ENGINE, the pointer could be invalidated +at any time if the ENGINE is unloaded (in fact it could be unloaded as a +result of the RSA_set_method() function releasing its handle to the +ENGINE). For this reason, the return type may be replaced with a void +declaration in a future release.

    +

    RSA_new_method() returns NULL and sets an error code that can be obtained +by ERR_get_error(3) if the allocation fails. Otherwise +it returns a pointer to the newly allocated structure.

    +

    +

    +
    +

    BUGS

    +

    The behaviour of RSA_flags() is a mis-feature that is left as-is for now +to avoid creating compatibility problems. RSA functionality, such as the +encryption functions, are controlled by the flags value in the RSA key +itself, not by the flags value in the RSA_METHOD attached to the RSA key +(which is what this function returns). If the flags element of an RSA key +is changed, the changes will be honoured by RSA functionality but will not +be reflected in the return value of the RSA_flags() function - in effect +RSA_flags() behaves more like an RSA_default_flags() function (which does +not currently exist).

    +

    +

    +
    +

    SEE ALSO

    +

    RSA_new(3)

    +

    +

    +
    +

    HISTORY

    +

    All of these functions were deprecated in OpenSSL 3.0.

    +

    The RSA_null_method(), which was a partial attempt to avoid patent issues, +was replaced to always return NULL in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/RSA_sign.html b/linux_amd64/share/doc/openssl/html/man3/RSA_sign.html new file mode 100755 index 0000000..bf5a040 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/RSA_sign.html @@ -0,0 +1,113 @@ + + + + +RSA_sign + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    RSA_sign, RSA_verify - RSA signatures

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/rsa.h>
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
+              unsigned char *sigret, unsigned int *siglen, RSA *rsa);
    +
    + int RSA_verify(int type, const unsigned char *m, unsigned int m_len,
+                unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
    +

    +

    +
    +

    DESCRIPTION

    +

    All of the functions described on this page are deprecated. +Applications should instead use EVP_PKEY_sign_init(3), EVP_PKEY_sign(3), +EVP_PKEY_verify_init(3) and EVP_PKEY_verify(3).

    +

    RSA_sign() signs the message digest m of size m_len using the +private key rsa using RSASSA-PKCS1-v1_5 as specified in RFC 3447. It +stores the signature in sigret and the signature size in siglen. +sigret must point to RSA_size(rsa) bytes of memory. +Note that PKCS #1 adds meta-data, placing limits on the size of the +key that can be used. +See RSA_private_encrypt(3) for lower-level +operations.

    +

    type denotes the message digest algorithm that was used to generate +m. +If type is NID_md5_sha1, +an SSL signature (MD5 and SHA1 message digests with PKCS #1 padding +and no algorithm identifier) is created.

    +

    RSA_verify() verifies that the signature sigbuf of size siglen +matches a given message digest m of size m_len. type denotes +the message digest algorithm that was used to generate the signature. +rsa is the signer's public key.

    +

    +

    +
    +

    RETURN VALUES

    +

    RSA_sign() returns 1 on success. +RSA_verify() returns 1 on successful verification.

    +

    The error codes can be obtained by ERR_get_error(3).

    +

    +

    +
    +

    CONFORMING TO

    +

    SSL, PKCS #1 v2.0

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), +RSA_private_encrypt(3), +RSA_public_decrypt(3)

    +

    +

    +
    +

    HISTORY

    +

    All of these functions were deprecated in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/RSA_sign_ASN1_OCTET_STRING.html b/linux_amd64/share/doc/openssl/html/man3/RSA_sign_ASN1_OCTET_STRING.html new file mode 100755 index 0000000..aba2d19 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/RSA_sign_ASN1_OCTET_STRING.html @@ -0,0 +1,113 @@ + + + + +RSA_sign_ASN1_OCTET_STRING + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    RSA_sign_ASN1_OCTET_STRING, RSA_verify_ASN1_OCTET_STRING - RSA signatures

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/rsa.h>
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + int RSA_sign_ASN1_OCTET_STRING(int dummy, unsigned char *m,
+                                unsigned int m_len, unsigned char *sigret,
+                                unsigned int *siglen, RSA *rsa);
    +
    + int RSA_verify_ASN1_OCTET_STRING(int dummy, unsigned char *m,
+                                  unsigned int m_len, unsigned char *sigbuf,
+                                  unsigned int siglen, RSA *rsa);
    +

    +

    +
    +

    DESCRIPTION

    +

    All of the functions described on this page are deprecated. +Applications should instead use EVP PKEY APIs.

    +

    RSA_sign_ASN1_OCTET_STRING() signs the octet string m of size +m_len using the private key rsa represented in DER using PKCS #1 +padding. It stores the signature in sigret and the signature size +in siglen. sigret must point to RSA_size(rsa) bytes of +memory.

    +

    dummy is ignored.

    +

    The random number generator must be seeded when calling +RSA_sign_ASN1_OCTET_STRING(). +If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to +external circumstances (see RAND(7)), the operation will fail.

    +

    RSA_verify_ASN1_OCTET_STRING() verifies that the signature sigbuf +of size siglen is the DER representation of a given octet string +m of size m_len. dummy is ignored. rsa is the signer's +public key.

    +

    +

    +
    +

    RETURN VALUES

    +

    RSA_sign_ASN1_OCTET_STRING() returns 1 on success, 0 otherwise. +RSA_verify_ASN1_OCTET_STRING() returns 1 on successful verification, 0 +otherwise.

    +

    The error codes can be obtained by ERR_get_error(3).

    +

    +

    +
    +

    BUGS

    +

    These functions serve no recognizable purpose.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), +RAND_bytes(3), RSA_sign(3), +RSA_verify(3), +RAND(7)

    +

    +

    +
    +

    HISTORY

    +

    All of these functions were deprecated in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/RSA_size.html b/linux_amd64/share/doc/openssl/html/man3/RSA_size.html new file mode 100755 index 0000000..3ad4c58 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/RSA_size.html @@ -0,0 +1,96 @@ + + + + +RSA_size + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    RSA_size, RSA_bits, RSA_security_bits - get RSA modulus size or security bits

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/rsa.h>
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + int RSA_size(const RSA *rsa);
    +
    + int RSA_bits(const RSA *rsa);
    +
    + int RSA_security_bits(const RSA *rsa)
    +

    +

    +
    +

    DESCRIPTION

    +

    All of the functions described on this page are deprecated. +Applications should instead use EVP_PKEY_size(3), EVP_PKEY_bits(3) +and EVP_PKEY_security_bits(3).

    +

    RSA_size() returns the RSA modulus size in bytes. It can be used to +determine how much memory must be allocated for an RSA encrypted +value.

    +

    RSA_bits() returns the number of significant bits.

    +

    rsa and rsa->n must not be NULL.

    +

    RSA_security_bits() returns the number of security bits of the given rsa +key. See BN_security_bits(3).

    +

    +

    +
    +

    RETURN VALUES

    +

    RSA_size() returns the size of modulus in bytes.

    +

    DSA_bits() returns the number of bits in the key.

    +

    RSA_security_bits() returns the number of security bits.

    +

    +

    +
    +

    SEE ALSO

    +

    BN_num_bits(3)

    +

    +

    +
    +

    HISTORY

    +

    All of these functions were deprecated in OpenSSL 3.0.

    +

    The RSA_bits() function was added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SCT_new.html b/linux_amd64/share/doc/openssl/html/man3/SCT_new.html new file mode 100755 index 0000000..57f4f86 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SCT_new.html @@ -0,0 +1,228 @@ + + + + +SCT_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SCT_new, SCT_new_from_base64, SCT_free, SCT_LIST_free, +SCT_get_version, SCT_set_version, +SCT_get_log_entry_type, SCT_set_log_entry_type, +SCT_get0_log_id, SCT_set0_log_id, SCT_set1_log_id, +SCT_get_timestamp, SCT_set_timestamp, +SCT_get_signature_nid, SCT_set_signature_nid, +SCT_get0_signature, SCT_set0_signature, SCT_set1_signature, +SCT_get0_extensions, SCT_set0_extensions, SCT_set1_extensions, +SCT_get_source, SCT_set_source +- A Certificate Transparency Signed Certificate Timestamp

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ct.h>
    +
    + typedef enum {
+     CT_LOG_ENTRY_TYPE_NOT_SET = -1,
+     CT_LOG_ENTRY_TYPE_X509 = 0,
+     CT_LOG_ENTRY_TYPE_PRECERT = 1
+ } ct_log_entry_type_t;
    +
    + typedef enum {
+     SCT_VERSION_NOT_SET = -1,
+     SCT_VERSION_V1 = 0
+ } sct_version_t;
    +
    + typedef enum {
+     SCT_SOURCE_UNKNOWN,
+     SCT_SOURCE_TLS_EXTENSION,
+     SCT_SOURCE_X509V3_EXTENSION,
+     SCT_SOURCE_OCSP_STAPLED_RESPONSE
+ } sct_source_t;
    +
    + SCT *SCT_new(void);
+ SCT *SCT_new_from_base64(unsigned char version,
+                          const char *logid_base64,
+                          ct_log_entry_type_t entry_type,
+                          uint64_t timestamp,
+                          const char *extensions_base64,
+                          const char *signature_base64);
    +
    + void SCT_free(SCT *sct);
+ void SCT_LIST_free(STACK_OF(SCT) *a);
    +
    + sct_version_t SCT_get_version(const SCT *sct);
+ int SCT_set_version(SCT *sct, sct_version_t version);
    +
    + ct_log_entry_type_t SCT_get_log_entry_type(const SCT *sct);
+ int SCT_set_log_entry_type(SCT *sct, ct_log_entry_type_t entry_type);
    +
    + size_t SCT_get0_log_id(const SCT *sct, unsigned char **log_id);
+ int SCT_set0_log_id(SCT *sct, unsigned char *log_id, size_t log_id_len);
+ int SCT_set1_log_id(SCT *sct, const unsigned char *log_id, size_t log_id_len);
    +
    + uint64_t SCT_get_timestamp(const SCT *sct);
+ void SCT_set_timestamp(SCT *sct, uint64_t timestamp);
    +
    + int SCT_get_signature_nid(const SCT *sct);
+ int SCT_set_signature_nid(SCT *sct, int nid);
    +
    + size_t SCT_get0_signature(const SCT *sct, unsigned char **sig);
+ void SCT_set0_signature(SCT *sct, unsigned char *sig, size_t sig_len);
+ int SCT_set1_signature(SCT *sct, const unsigned char *sig, size_t sig_len);
    +
    + size_t SCT_get0_extensions(const SCT *sct, unsigned char **ext);
+ void SCT_set0_extensions(SCT *sct, unsigned char *ext, size_t ext_len);
+ int SCT_set1_extensions(SCT *sct, const unsigned char *ext, size_t ext_len);
    +
    + sct_source_t SCT_get_source(const SCT *sct);
+ int SCT_set_source(SCT *sct, sct_source_t source);
    +

    +

    +
    +

    DESCRIPTION

    +

    Signed Certificate Timestamps (SCTs) are defined by RFC 6962, Section 3.2. +They constitute a promise by a Certificate Transparency (CT) log to publicly +record a certificate. By cryptographically verifying that a log did indeed issue +an SCT, some confidence can be gained that the certificate is publicly known.

    +

    An internal representation of an SCT can be created in one of two ways. +The first option is to create a blank SCT, using SCT_new(), and then populate +it using:

    +
      +
    • +

      SCT_set_version() to set the SCT version.

      +

      Only SCT_VERSION_V1 is currently supported.

      +
      • +
    • +

      SCT_set_log_entry_type() to set the type of certificate the SCT was issued for:

      +

      CT_LOG_ENTRY_TYPE_X509 for a normal certificate. +CT_LOG_ENTRY_TYPE_PRECERT for a pre-certificate.

      +
      • +
    • +

      SCT_set0_log_id() or SCT_set1_log_id() to set the LogID of the CT log that the SCT came from.

      +

      The former takes ownership, whereas the latter makes a copy. +See RFC 6962, Section 3.2 for the definition of LogID.

      +
      • +
    • +

      SCT_set_timestamp() to set the time the SCT was issued (time in milliseconds +since the Unix Epoch).

      +
      • +
    • +

      SCT_set_signature_nid() to set the NID of the signature.

      +
      • +
    • +

      SCT_set0_signature() or SCT_set1_signature() to set the raw signature value.

      +

      The former takes ownership, whereas the latter makes a copy.

      +
      • +
    • +

      SCT_set0_extensions() or SCT_set1_extensions to provide SCT extensions.

      +

      The former takes ownership, whereas the latter makes a copy.

      +
      • +
    +

    Alternatively, the SCT can be pre-populated from the following data using +SCT_new_from_base64():

    +
      +
    • +

      The SCT version (only SCT_VERSION_V1 is currently supported).

      +
      • +
    • +

      The LogID (see RFC 6962, Section 3.2), base64 encoded.

      +
      • +
    • +

      The type of certificate the SCT was issued for: +CT_LOG_ENTRY_TYPE_X509 for a normal certificate. +CT_LOG_ENTRY_TYPE_PRECERT for a pre-certificate.

      +
      • +
    • +

      The time that the SCT was issued (time in milliseconds since the Unix Epoch).

      +
      • +
    • +

      The SCT extensions, base64 encoded.

      +
      • +
    • +

      The SCT signature, base64 encoded.

      +
      • +
    +

    SCT_set_source() can be used to record where the SCT was found +(TLS extension, X.509 certificate extension or OCSP response). This is not +required for verifying the SCT.

    +

    +

    +
    +

    NOTES

    +

    Some of the setters return int, instead of void. These will all return 1 on +success, 0 on failure. They will not make changes on failure.

    +

    All of the setters will reset the validation status of the SCT to +SCT_VALIDATION_STATUS_NOT_SET (see SCT_validate(3)).

    +

    SCT_set_source() will call SCT_set_log_entry_type() if the type of +certificate the SCT was issued for can be inferred from where the SCT was found. +For example, an SCT found in an X.509 extension must have been issued for a pre- +certificate.

    +

    SCT_set_source() will not refuse unknown values.

    +

    +

    +
    +

    RETURN VALUES

    +

    SCT_set_version() returns 1 if the specified version is supported, 0 otherwise.

    +

    SCT_set_log_entry_type() returns 1 if the specified log entry type is supported, 0 otherwise.

    +

    SCT_set0_log_id() and SCT_set1_log_id return 1 if the specified LogID is a +valid SHA-256 hash, 0 otherwise. Additionally, SCT_set1_log_id returns 0 if +malloc fails.

    +

    SCT_set_signature_nid returns 1 if the specified NID is supported, 0 otherwise.

    +

    SCT_set1_extensions and SCT_set1_signature return 1 if the supplied buffer +is copied successfully, 0 otherwise (i.e. if malloc fails).

    +

    SCT_set_source returns 1 on success, 0 otherwise.

    +

    +

    +
    +

    SEE ALSO

    +

    ct(7), +SCT_validate(3), +OBJ_nid2obj(3)

    +

    +

    +
    +

    HISTORY

    +

    These functions were added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SCT_print.html b/linux_amd64/share/doc/openssl/html/man3/SCT_print.html new file mode 100755 index 0000000..89b778c --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SCT_print.html @@ -0,0 +1,94 @@ + + + + +SCT_print + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SCT_print, SCT_LIST_print, SCT_validation_status_string - +Prints Signed Certificate Timestamps in a human-readable way

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ct.h>
    +
    + void SCT_print(const SCT *sct, BIO *out, int indent, const CTLOG_STORE *logs);
+ void SCT_LIST_print(const STACK_OF(SCT) *sct_list, BIO *out, int indent,
+                     const char *separator, const CTLOG_STORE *logs);
+ const char *SCT_validation_status_string(const SCT *sct);
    +

    +

    +
    +

    DESCRIPTION

    +

    SCT_print() prints a single Signed Certificate Timestamp (SCT) to a BIO in +a human-readable format. SCT_LIST_print() prints an entire list of SCTs in a +similar way. A separator can be specified to delimit each SCT in the output.

    +

    The output can be indented by a specified number of spaces. If a CTLOG_STORE +is provided, it will be used to print the description of the CT log that issued +each SCT (if that log is in the CTLOG_STORE). Alternatively, NULL can be passed +as the CTLOG_STORE parameter to disable this feature.

    +

    SCT_validation_status_string() will return the validation status of an SCT as +a human-readable string. Call SCT_validate() or SCT_LIST_validate() +beforehand in order to set the validation status of an SCT first.

    +

    +

    +
    +

    RETURN VALUES

    +

    SCT_validation_status_string() returns a null-terminated string representing +the validation status of an SCT object.

    +

    +

    +
    +

    SEE ALSO

    +

    ct(7), +bio(7), +CTLOG_STORE_new(3), +SCT_validate(3)

    +

    +

    +
    +

    HISTORY

    +

    These functions were added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SCT_validate.html b/linux_amd64/share/doc/openssl/html/man3/SCT_validate.html new file mode 100755 index 0000000..291ca0f --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SCT_validate.html @@ -0,0 +1,131 @@ + + + + +SCT_validate + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SCT_validate, SCT_LIST_validate, SCT_get_validation_status - +checks Signed Certificate Timestamps (SCTs) are valid

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ct.h>
    +
    + typedef enum {
+     SCT_VALIDATION_STATUS_NOT_SET,
+     SCT_VALIDATION_STATUS_UNKNOWN_LOG,
+     SCT_VALIDATION_STATUS_VALID,
+     SCT_VALIDATION_STATUS_INVALID,
+     SCT_VALIDATION_STATUS_UNVERIFIED,
+     SCT_VALIDATION_STATUS_UNKNOWN_VERSION
+ } sct_validation_status_t;
    +
    + int SCT_validate(SCT *sct, const CT_POLICY_EVAL_CTX *ctx);
+ int SCT_LIST_validate(const STACK_OF(SCT) *scts, CT_POLICY_EVAL_CTX *ctx);
+ sct_validation_status_t SCT_get_validation_status(const SCT *sct);
    +

    +

    +
    +

    DESCRIPTION

    +

    SCT_validate() will check that an SCT is valid and verify its signature. +SCT_LIST_validate() performs the same checks on an entire stack of SCTs. +The result of the validation checks can be obtained by passing the SCT to +SCT_get_validation_status().

    +

    A CT_POLICY_EVAL_CTX must be provided that specifies:

    +
      +
    • +

      The certificate the SCT was issued for.

      +

      Failure to provide the certificate will result in the validation status being +SCT_VALIDATION_STATUS_UNVERIFIED.

      +
      • +
    • +

      The issuer of that certificate.

      +

      This is only required if the SCT was issued for a pre-certificate +(see RFC 6962). If it is required but not provided, the validation status will +be SCT_VALIDATION_STATUS_UNVERIFIED.

      +
      • +
    • +

      A CTLOG_STORE that contains the CT log that issued this SCT.

      +

      If the SCT was issued by a log that is not in this CTLOG_STORE, the validation +status will be SCT_VALIDATION_STATUS_UNKNOWN_LOG.

      +
      • +
    +

    If the SCT is of an unsupported version (only v1 is currently supported), the +validation status will be SCT_VALIDATION_STATUS_UNKNOWN_VERSION.

    +

    If the SCT's signature is incorrect, its timestamp is in the future (relative to +the time in CT_POLICY_EVAL_CTX), or if it is otherwise invalid, the validation +status will be SCT_VALIDATION_STATUS_INVALID.

    +

    If all checks pass, the validation status will be SCT_VALIDATION_STATUS_VALID.

    +

    +

    +
    +

    NOTES

    +

    A return value of 0 from SCT_LIST_validate() should not be interpreted as a +failure. At a minimum, only one valid SCT may provide sufficient confidence +that a certificate has been publicly logged.

    +

    +

    +
    +

    RETURN VALUES

    +

    SCT_validate() returns a negative integer if an internal error occurs, 0 if the +SCT fails validation, or 1 if the SCT passes validation.

    +

    SCT_LIST_validate() returns a negative integer if an internal error occurs, 0 +if any of SCTs fails validation, or 1 if they all pass validation.

    +

    SCT_get_validation_status() returns the validation status of the SCT. +If SCT_validate() or SCT_LIST_validate() have not been passed that SCT, the +returned value will be SCT_VALIDATION_STATUS_NOT_SET.

    +

    +

    +
    +

    SEE ALSO

    +

    ct(7)

    +

    +

    +
    +

    HISTORY

    +

    These functions were added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SHA256_Init.html b/linux_amd64/share/doc/openssl/html/man3/SHA256_Init.html new file mode 100755 index 0000000..4cf4759 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SHA256_Init.html @@ -0,0 +1,147 @@ + + + + +SHA256_Init + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SHA1, SHA1_Init, SHA1_Update, SHA1_Final, SHA224, SHA224_Init, SHA224_Update, +SHA224_Final, SHA256, SHA256_Init, SHA256_Update, SHA256_Final, SHA384, +SHA384_Init, SHA384_Update, SHA384_Final, SHA512, SHA512_Init, SHA512_Update, +SHA512_Final - Secure Hash Algorithm

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/sha.h>
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + int SHA1_Init(SHA_CTX *c);
+ int SHA1_Update(SHA_CTX *c, const void *data, size_t len);
+ int SHA1_Final(unsigned char *md, SHA_CTX *c);
+ unsigned char *SHA1(const unsigned char *d, size_t n,
+                     unsigned char *md);
    +
    + int SHA224_Init(SHA256_CTX *c);
+ int SHA224_Update(SHA256_CTX *c, const void *data, size_t len);
+ int SHA224_Final(unsigned char *md, SHA256_CTX *c);
+ unsigned char *SHA224(const unsigned char *d, size_t n,
+                       unsigned char *md);
    +
    + int SHA256_Init(SHA256_CTX *c);
+ int SHA256_Update(SHA256_CTX *c, const void *data, size_t len);
+ int SHA256_Final(unsigned char *md, SHA256_CTX *c);
+ unsigned char *SHA256(const unsigned char *d, size_t n,
+                       unsigned char *md);
    +
    + int SHA384_Init(SHA512_CTX *c);
+ int SHA384_Update(SHA512_CTX *c, const void *data, size_t len);
+ int SHA384_Final(unsigned char *md, SHA512_CTX *c);
+ unsigned char *SHA384(const unsigned char *d, size_t n,
+                       unsigned char *md);
    +
    + int SHA512_Init(SHA512_CTX *c);
+ int SHA512_Update(SHA512_CTX *c, const void *data, size_t len);
+ int SHA512_Final(unsigned char *md, SHA512_CTX *c);
+ unsigned char *SHA512(const unsigned char *d, size_t n,
+                       unsigned char *md);
    +

    +

    +
    +

    DESCRIPTION

    +

    All of the functions described on this page are deprecated. +Applications should instead use EVP_DigestInit_ex(3), EVP_DigestUpdate(3) +and EVP_DigestFinal_ex(3).

    +

    SHA-1 (Secure Hash Algorithm) is a cryptographic hash function with a +160 bit output.

    +

    SHA1() computes the SHA-1 message digest of the n +bytes at d and places it in md (which must have space for +SHA_DIGEST_LENGTH == 20 bytes of output). If md is NULL, the digest +is placed in a static array. Note: setting md to NULL is not thread safe.

    +

    The following functions may be used if the message is not completely +stored in memory:

    +

    SHA1_Init() initializes a SHA_CTX structure.

    +

    SHA1_Update() can be called repeatedly with chunks of the message to +be hashed (len bytes at data).

    +

    SHA1_Final() places the message digest in md, which must have space +for SHA_DIGEST_LENGTH == 20 bytes of output, and erases the SHA_CTX.

    +

    The SHA224, SHA256, SHA384 and SHA512 families of functions operate in the +same way as for the SHA1 functions. Note that SHA224 and SHA256 use a +SHA256_CTX object instead of SHA_CTX. SHA384 and SHA512 use SHA512_CTX. +The buffer md must have space for the output from the SHA variant being used +(defined by SHA224_DIGEST_LENGTH, SHA256_DIGEST_LENGTH, SHA384_DIGEST_LENGTH and +SHA512_DIGEST_LENGTH). Also note that, as for the SHA1() function above, the +SHA224(), SHA256(), SHA384() and SHA512() functions are not thread safe if +md is NULL.

    +

    The predecessor of SHA-1, SHA, is also implemented, but it should be +used only when backward compatibility is required.

    +

    +

    +
    +

    RETURN VALUES

    +

    SHA1(), SHA224(), SHA256(), SHA384() and SHA512() return a pointer to the hash +value.

    +

    SHA1_Init(), SHA1_Update() and SHA1_Final() and equivalent SHA224, SHA256, +SHA384 and SHA512 functions return 1 for success, 0 otherwise.

    +

    +

    +
    +

    CONFORMING TO

    +

    US Federal Information Processing Standard FIPS PUB 180-4 (Secure Hash +Standard), +ANSI X9.30

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_DigestInit(3)

    +

    +

    +
    +

    HISTORY

    +

    All of these functions were deprecated in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SMIME_read_CMS.html b/linux_amd64/share/doc/openssl/html/man3/SMIME_read_CMS.html new file mode 100755 index 0000000..fb6a579 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SMIME_read_CMS.html @@ -0,0 +1,109 @@ + + + + +SMIME_read_CMS + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SMIME_read_CMS - parse S/MIME message

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/cms.h>
    +
    + CMS_ContentInfo *SMIME_read_CMS(BIO *in, BIO **bcont);
    +

    +

    +
    +

    DESCRIPTION

    +

    SMIME_read_CMS() parses a message in S/MIME format.

    +

    in is a BIO to read the message from.

    +

    If cleartext signing is used then the content is saved in a memory bio which is +written to *bcont, otherwise *bcont is set to NULL.

    +

    The parsed CMS_ContentInfo structure is returned or NULL if an +error occurred.

    +

    +

    +
    +

    NOTES

    +

    If *bcont is not NULL then the message is clear text signed. *bcont can +then be passed to CMS_verify() with the CMS_DETACHED flag set.

    +

    Otherwise the type of the returned structure can be determined +using CMS_get0_type().

    +

    To support future functionality if bcont is not NULL *bcont should be +initialized to NULL. For example:

    +
    + BIO *cont = NULL;
+ CMS_ContentInfo *cms;
    +
    + cms = SMIME_read_CMS(in, &cont);
    +

    +

    +
    +

    BUGS

    +

    The MIME parser used by SMIME_read_CMS() is somewhat primitive. While it will +handle most S/MIME messages more complex compound formats may not work.

    +

    The parser assumes that the CMS_ContentInfo structure is always base64 encoded +and will not handle the case where it is in binary format or uses quoted +printable format.

    +

    The use of a memory BIO to hold the signed content limits the size of message +which can be processed due to memory restraints: a streaming single pass option +should be available.

    +

    +

    +
    +

    RETURN VALUES

    +

    SMIME_read_CMS() returns a valid CMS_ContentInfo structure or NULL +if an error occurred. The error can be obtained from ERR_get_error(3).

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), +SMIME_read_CMS(3), CMS_sign(3), +CMS_verify(3), CMS_encrypt(3), +CMS_decrypt(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SMIME_read_PKCS7.html b/linux_amd64/share/doc/openssl/html/man3/SMIME_read_PKCS7.html new file mode 100755 index 0000000..4e052ff --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SMIME_read_PKCS7.html @@ -0,0 +1,112 @@ + + + + +SMIME_read_PKCS7 + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SMIME_read_PKCS7 - parse S/MIME message

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/pkcs7.h>
    +
    + PKCS7 *SMIME_read_PKCS7(BIO *in, BIO **bcont);
    +

    +

    +
    +

    DESCRIPTION

    +

    SMIME_read_PKCS7() parses a message in S/MIME format.

    +

    in is a BIO to read the message from.

    +

    If cleartext signing is used then the content is saved in +a memory bio which is written to *bcont, otherwise +*bcont is set to NULL.

    +

    The parsed PKCS#7 structure is returned or NULL if an +error occurred.

    +

    +

    +
    +

    NOTES

    +

    If *bcont is not NULL then the message is clear text +signed. *bcont can then be passed to PKCS7_verify() with +the PKCS7_DETACHED flag set.

    +

    Otherwise the type of the returned structure can be determined +using PKCS7_type_is_enveloped(), etc.

    +

    To support future functionality if bcont is not NULL +*bcont should be initialized to NULL. For example:

    +
    + BIO *cont = NULL;
+ PKCS7 *p7;
    +
    + p7 = SMIME_read_PKCS7(in, &cont);
    +

    +

    +
    +

    BUGS

    +

    The MIME parser used by SMIME_read_PKCS7() is somewhat primitive. +While it will handle most S/MIME messages more complex compound +formats may not work.

    +

    The parser assumes that the PKCS7 structure is always base64 +encoded and will not handle the case where it is in binary format +or uses quoted printable format.

    +

    The use of a memory BIO to hold the signed content limits the size +of message which can be processed due to memory restraints: a +streaming single pass option should be available.

    +

    +

    +
    +

    RETURN VALUES

    +

    SMIME_read_PKCS7() returns a valid PKCS7 structure or NULL +if an error occurred. The error can be obtained from ERR_get_error(3).

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), +SMIME_read_PKCS7(3), PKCS7_sign(3), +PKCS7_verify(3), PKCS7_encrypt(3) +PKCS7_decrypt(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SMIME_write_CMS.html b/linux_amd64/share/doc/openssl/html/man3/SMIME_write_CMS.html new file mode 100755 index 0000000..ef7bee7 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SMIME_write_CMS.html @@ -0,0 +1,104 @@ + + + + +SMIME_write_CMS + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SMIME_write_CMS - convert CMS structure to S/MIME format

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/cms.h>
    +
    + int SMIME_write_CMS(BIO *out, CMS_ContentInfo *cms, BIO *data, int flags);
    +

    +

    +
    +

    DESCRIPTION

    +

    SMIME_write_CMS() adds the appropriate MIME headers to a CMS +structure to produce an S/MIME message.

    +

    out is the BIO to write the data to. cms is the appropriate +CMS_ContentInfo structure. If streaming is enabled then the content must be +supplied in the data argument. flags is an optional set of flags.

    +

    +

    +
    +

    NOTES

    +

    The following flags can be passed in the flags parameter.

    +

    If CMS_DETACHED is set then cleartext signing will be used, this option only +makes sense for SignedData where CMS_DETACHED is also set when CMS_sign() is +called.

    +

    If the CMS_TEXT flag is set MIME headers for type text/plain are added to +the content, this only makes sense if CMS_DETACHED is also set.

    +

    If the CMS_STREAM flag is set streaming is performed. This flag should only +be set if CMS_STREAM was also set in the previous call to a CMS_ContentInfo +creation function.

    +

    If cleartext signing is being used and CMS_STREAM not set then the data must +be read twice: once to compute the signature in CMS_sign() and once to output +the S/MIME message.

    +

    If streaming is performed the content is output in BER format using indefinite +length constructed encoding except in the case of signed data with detached +content where the content is absent and DER format is used.

    +

    +

    +
    +

    BUGS

    +

    SMIME_write_CMS() always base64 encodes CMS structures, there should be an +option to disable this.

    +

    +

    +
    +

    RETURN VALUES

    +

    SMIME_write_CMS() returns 1 for success or 0 for failure.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), CMS_sign(3), +CMS_verify(3), CMS_encrypt(3) +CMS_decrypt(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SMIME_write_PKCS7.html b/linux_amd64/share/doc/openssl/html/man3/SMIME_write_PKCS7.html new file mode 100755 index 0000000..a43cc65 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SMIME_write_PKCS7.html @@ -0,0 +1,105 @@ + + + + +SMIME_write_PKCS7 + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SMIME_write_PKCS7 - convert PKCS#7 structure to S/MIME format

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/pkcs7.h>
    +
    + int SMIME_write_PKCS7(BIO *out, PKCS7 *p7, BIO *data, int flags);
    +

    +

    +
    +

    DESCRIPTION

    +

    SMIME_write_PKCS7() adds the appropriate MIME headers to a PKCS#7 +structure to produce an S/MIME message.

    +

    out is the BIO to write the data to. p7 is the appropriate PKCS7 +structure. If streaming is enabled then the content must be supplied in the +data argument. flags is an optional set of flags.

    +

    +

    +
    +

    NOTES

    +

    The following flags can be passed in the flags parameter.

    +

    If PKCS7_DETACHED is set then cleartext signing will be used, +this option only makes sense for signedData where PKCS7_DETACHED +is also set when PKCS7_sign() is also called.

    +

    If the PKCS7_TEXT flag is set MIME headers for type text/plain +are added to the content, this only makes sense if PKCS7_DETACHED +is also set.

    +

    If the PKCS7_STREAM flag is set streaming is performed. This flag should +only be set if PKCS7_STREAM was also set in the previous call to +PKCS7_sign() or PKCS7_encrypt().

    +

    If cleartext signing is being used and PKCS7_STREAM not set then +the data must be read twice: once to compute the signature in PKCS7_sign() +and once to output the S/MIME message.

    +

    If streaming is performed the content is output in BER format using indefinite +length constructed encoding except in the case of signed data with detached +content where the content is absent and DER format is used.

    +

    +

    +
    +

    BUGS

    +

    SMIME_write_PKCS7() always base64 encodes PKCS#7 structures, there +should be an option to disable this.

    +

    +

    +
    +

    RETURN VALUES

    +

    SMIME_write_PKCS7() returns 1 for success or 0 for failure.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), PKCS7_sign(3), +PKCS7_verify(3), PKCS7_encrypt(3) +PKCS7_decrypt(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SRP_VBASE_new.html b/linux_amd64/share/doc/openssl/html/man3/SRP_VBASE_new.html new file mode 100755 index 0000000..5094fb3 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SRP_VBASE_new.html @@ -0,0 +1,132 @@ + + + + +SRP_VBASE_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SRP_VBASE_new, +SRP_VBASE_free, +SRP_VBASE_init, +SRP_VBASE_add0_user, +SRP_VBASE_get1_by_user, +SRP_VBASE_get_by_user +- Functions to create and manage a stack of SRP user verifier information

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/srp.h>
    +
    + SRP_VBASE *SRP_VBASE_new(char *seed_key);
+ void SRP_VBASE_free(SRP_VBASE *vb);
    +
    + int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file);
    +
    + int SRP_VBASE_add0_user(SRP_VBASE *vb, SRP_user_pwd *user_pwd);
+ SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username);
+ SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username);
    +

    +

    +
    +

    DESCRIPTION

    +

    The SRP_VBASE_new() function allocates a structure to store server side SRP +verifier information. +If seed_key is not NULL a copy is stored and used to generate dummy parameters +for users that are not found by SRP_VBASE_get1_by_user(). This allows the server +to hide the fact that it doesn't have a verifier for a particular username, +as described in section 2.5.1.3 'Unknown SRP' of RFC 5054. +The seed string should contain random NUL terminated binary data (therefore +the random data should not contain NUL bytes!).

    +

    The SRP_VBASE_free() function frees up the vb structure. +If vb is NULL, nothing is done.

    +

    The SRP_VBASE_init() function parses the information in a verifier file and +populates the vb structure. +The verifier file is a text file containing multiple entries, whose format is: +flag base64(verifier) base64(salt) username gNid userinfo(optional) +where the flag can be 'V' (valid) or 'R' (revoked). +Note that the base64 encoding used here is non-standard so it is recommended +to use openssl-srp(1) to generate this file.

    +

    The SRP_VBASE_add0_user() function adds the user_pwd verifier information +to the vb structure. See SRP_user_pwd_new(3) to create and populate this +record. +The library takes ownership of user_pwd, it should not be freed by the caller.

    +

    The SRP_VBASE_get1_by_user() function returns the password info for the user +whose username matches username. It replaces the deprecated +SRP_VBASE_get_by_user(). +If no matching user is found but a seed_key and default gN parameters have been +set, dummy authentication information is generated from the seed_key, allowing +the server to hide the fact that it doesn't have a verifier for a particular +username. When using SRP as a TLS authentication mechanism, this will cause +the handshake to proceed normally but the first client will be rejected with +a "bad_record_mac" alert, as if the password was incorrect. +If no matching user is found and the seed_key is not set, NULL is returned. +Ownership of the returned pointer is released to the caller, it must be freed +with SRP_user_pwd_free().

    +

    +

    +
    +

    RETURN VALUES

    +

    SRP_VBASE_init() returns SRP_NO_ERROR (0) on success and a positive value +on failure. +The error codes are SRP_ERR_OPEN_FILE if the file could not be opened, +SRP_ERR_VBASE_INCOMPLETE_FILE if the file could not be parsed, +SRP_ERR_MEMORY on memory allocation failure and SRP_ERR_VBASE_BN_LIB +for invalid decoded parameter values.

    +

    SRP_VBASE_add0_user() returns 1 on success and 0 on failure.

    +

    +

    +
    +

    SEE ALSO

    +

    openssl-srp(1), +SRP_create_verifier(3), +SRP_user_pwd_new(3), +SSL_CTX_set_srp_password(3)

    +

    +

    +
    +

    HISTORY

    +

    The SRP_VBASE_add0_user() function was added in OpenSSL 3.0.

    +

    All other functions were added in OpenSSL 1.0.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SRP_create_verifier.html b/linux_amd64/share/doc/openssl/html/man3/SRP_create_verifier.html new file mode 100755 index 0000000..442969e --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SRP_create_verifier.html @@ -0,0 +1,145 @@ + + + + +SRP_create_verifier + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SRP_create_verifier, +SRP_create_verifier_BN, +SRP_check_known_gN_param, +SRP_get_default_gN +- SRP authentication primitives

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/srp.h>
    +
    + char *SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,
+                              BIGNUM **verifier, const BIGNUM *N, const BIGNUM *g);
+ char *SRP_create_verifier(const char *user, const char *pass, char **salt,
+                           char **verifier, const char *N, const char *g);
    +
    + char *SRP_check_known_gN_param(const BIGNUM *g, const BIGNUM *N);
+ SRP_gN *SRP_get_default_gN(const char *id);
    +

    +

    +
    +

    DESCRIPTION

    +

    The SRP_create_verifier_BN() function creates an SRP password verifier from +the supplied parameters as defined in section 2.4 of RFC 5054. +On successful exit *verifier will point to a newly allocated BIGNUM containing +the verifier and (if a salt was not provided) *salt will be populated with a +newly allocated BIGNUM containing a random salt. If *salt is not NULL then +the provided salt is used instead. +The caller is responsible for freeing the allocated *salt and *verifier +BIGNUMS (use BN_free(3)).

    +

    The SRP_create_verifier() function is similar to SRP_create_verifier_BN() but +all numeric parameters are in a non-standard base64 encoding originally designed +for compatibility with libsrp. This is mainly present for historical compatibility +and its use is discouraged. +It is possible to pass NULL as N and an SRP group id as g instead to +load the appropriate gN values (see SRP_get_default_gN()). +If both N and g are NULL the 8192-bit SRP group parameters are used. +The caller is responsible for freeing the allocated *salt and *verifier +(use OPENSSL_free(3)).

    +

    The SRP_check_known_gN_param() function checks that g and N are valid +SRP group parameters from RFC 5054 appendix A.

    +

    The SRP_get_default_gN() function returns the gN parameters for the RFC 5054 id +SRP group size. +The known ids are "1024", "1536", "2048", "3072", "4096", "6144" and "8192".

    +

    +

    +
    +

    RETURN VALUES

    +

    SRP_create_verifier_BN() returns 1 on success and 0 on failure.

    +

    SRP_create_verifier() returns NULL on failure and a non-NULL value on success: +"*" if N is not NULL, the selected group id otherwise. This value should +not be freed.

    +

    SRP_check_known_gN_param() returns the text representation of the group id +(ie. the prime bit size) or NULL if the arguments are not valid SRP group parameters. +This value should not be freed.

    +

    SRP_get_default_gN() returns NULL if id is not a valid group size, +or the 8192-bit group parameters if id is NULL.

    +

    +

    +
    +

    EXAMPLES

    +

    Generate and store a 8192 bit password verifier (error handling +omitted for clarity):

    +
    + #include <openssl/bn.h>
+ #include <openssl/srp.h>
    +
    + const char *username = "username";
+ const char *password = "password";
    +
    + SRP_VBASE *srpData = SRP_VBASE_new(NULL);
    +
    + SRP_gN *gN = SRP_get_default_gN("8192");
    +
    + BIGNUM *salt = NULL, *verifier = NULL;
+ SRP_create_verifier_BN(username, password, &salt, &verifier, gN->N, gN->g);
    +
    + SRP_user_pwd *pwd = SRP_user_pwd_new();
+ SRP_user_pwd_set1_ids(pwd, username, NULL);
+ SRP_user_pwd_set0_sv(pwd, salt, verifier);
+ SRP_user_pwd_set_gN(pwd, gN->g, gN->N);
    +
    + SRP_VBASE_add0_user(srpData, pwd);
    +

    +

    +
    +

    SEE ALSO

    +

    openssl-srp(1), +SRP_VBASE_new(3), +SRP_user_pwd_new(3)

    +

    +

    +
    +

    HISTORY

    +

    These functions were added in OpenSSL 1.0.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SRP_user_pwd_new.html b/linux_amd64/share/doc/openssl/html/man3/SRP_user_pwd_new.html new file mode 100755 index 0000000..1896478 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SRP_user_pwd_new.html @@ -0,0 +1,104 @@ + + + + +SRP_user_pwd_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SRP_user_pwd_new, +SRP_user_pwd_free, +SRP_user_pwd_set1_ids, +SRP_user_pwd_set_gN, +SRP_user_pwd_set0_sv +- Functions to create a record of SRP user verifier information

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/srp.h>
    +
    + SRP_user_pwd *SRP_user_pwd_new(void);
+ void SRP_user_pwd_free(SRP_user_pwd *user_pwd);
    +
    + int SRP_user_pwd_set1_ids(SRP_user_pwd *user_pwd, const char *id, const char *info);
+ void SRP_user_pwd_set_gN(SRP_user_pwd *user_pwd, const BIGNUM *g, const BIGNUM *N);
+ int SRP_user_pwd_set0_sv(SRP_user_pwd *user_pwd, BIGNUM *s, BIGNUM *v);
    +

    +

    +
    +

    DESCRIPTION

    +

    The SRP_user_pwd_new() function allocates a structure to store a user verifier +record.

    +

    The SRP_user_pwd_free() function frees up the user_pwd structure. +If user_pwd is NULL, nothing is done.

    +

    The SRP_user_pwd_set1_ids() function sets the username to id and the optional +user info to info for user_pwd. +The library allocates new copies of id and info, the caller still +owns the original memory.

    +

    The SRP_user_pwd_set0_sv() function sets the user salt to s and the verifier +to v for user_pwd. +The library takes ownership of the values, they should not be freed by the caller.

    +

    The SRP_user_pwd_set_gN() function sets the SRP group parameters for user_pwd. +The memory is not freed by SRP_user_pwd_free(), the caller must make sure it is +freed once it is no longer used.

    +

    +

    +
    +

    RETURN VALUES

    +

    SRP_user_pwd_set1_ids() returns 1 on success and 0 on failure or if id was NULL.

    +

    SRP_user_pwd_set0_sv() returns 1 if both s and v are not NULL, 0 otherwise.

    +

    +

    +
    +

    SEE ALSO

    +

    openssl-srp(1), +SRP_create_verifier(3), +SRP_VBASE_new(3), +SSL_CTX_set_srp_password(3)

    +

    +

    +
    +

    HISTORY

    +

    These functions were made public in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CIPHER_get_name.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CIPHER_get_name.html new file mode 100755 index 0000000..6b96332 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CIPHER_get_name.html @@ -0,0 +1,229 @@ + + + + +SSL_CIPHER_get_name + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CIPHER_get_name, +SSL_CIPHER_standard_name, +OPENSSL_cipher_name, +SSL_CIPHER_get_bits, +SSL_CIPHER_get_version, +SSL_CIPHER_description, +SSL_CIPHER_get_cipher_nid, +SSL_CIPHER_get_digest_nid, +SSL_CIPHER_get_handshake_digest, +SSL_CIPHER_get_kx_nid, +SSL_CIPHER_get_auth_nid, +SSL_CIPHER_is_aead, +SSL_CIPHER_find, +SSL_CIPHER_get_id, +SSL_CIPHER_get_protocol_id +- get SSL_CIPHER properties

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + const char *SSL_CIPHER_get_name(const SSL_CIPHER *cipher);
+ const char *SSL_CIPHER_standard_name(const SSL_CIPHER *cipher);
+ const char *OPENSSL_cipher_name(const char *stdname);
+ int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, int *alg_bits);
+ char *SSL_CIPHER_get_version(const SSL_CIPHER *cipher);
+ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int size);
+ int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c);
+ int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c);
+ const EVP_MD *SSL_CIPHER_get_handshake_digest(const SSL_CIPHER *c);
+ int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c);
+ int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c);
+ int SSL_CIPHER_is_aead(const SSL_CIPHER *c);
+ const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr);
+ uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c);
+ uint32_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *c);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CIPHER_get_name() returns a pointer to the name of cipher. If the +cipher is NULL, it returns "(NONE)".

    +

    SSL_CIPHER_standard_name() returns a pointer to the standard RFC name of +cipher. If the cipher is NULL, it returns "(NONE)". If the cipher +has no standard name, it returns NULL. If cipher was defined in both +SSLv3 and TLS, it returns the TLS name.

    +

    OPENSSL_cipher_name() returns a pointer to the OpenSSL name of stdname. +If the stdname is NULL, or stdname has no corresponding OpenSSL name, +it returns "(NONE)". Where both exist, stdname should be the TLS name rather +than the SSLv3 name.

    +

    SSL_CIPHER_get_bits() returns the number of secret bits used for cipher. +If cipher is NULL, 0 is returned.

    +

    SSL_CIPHER_get_version() returns string which indicates the SSL/TLS protocol +version that first defined the cipher. It returns "(NONE)" if cipher is NULL.

    +

    SSL_CIPHER_get_cipher_nid() returns the cipher NID corresponding to c. +If there is no cipher (e.g. for cipher suites with no encryption) then +NID_undef is returned.

    +

    SSL_CIPHER_get_digest_nid() returns the digest NID corresponding to the MAC +used by c during record encryption/decryption. If there is no digest (e.g. +for AEAD cipher suites) then NID_undef is returned.

    +

    SSL_CIPHER_get_handshake_digest() returns an EVP_MD for the digest used during +the SSL/TLS handshake when using the SSL_CIPHER c. Note that this may be +different to the digest used to calculate the MAC for encrypted records.

    +

    SSL_CIPHER_get_kx_nid() returns the key exchange NID corresponding to the method +used by c. If there is no key exchange, then NID_undef is returned. +If any appropriate key exchange algorithm can be used (as in the case of TLS 1.3 +cipher suites) NID_kx_any is returned. Examples (not comprehensive):

    +
    + NID_kx_rsa
+ NID_kx_ecdhe
+ NID_kx_dhe
+ NID_kx_psk
    +

    SSL_CIPHER_get_auth_nid() returns the authentication NID corresponding to the method +used by c. If there is no authentication, then NID_undef is returned. +If any appropriate authentication algorithm can be used (as in the case of +TLS 1.3 cipher suites) NID_auth_any is returned. Examples (not comprehensive):

    +
    + NID_auth_rsa
+ NID_auth_ecdsa
+ NID_auth_psk
    +

    SSL_CIPHER_is_aead() returns 1 if the cipher c is AEAD (e.g. GCM or +ChaCha20/Poly1305), and 0 if it is not AEAD.

    +

    SSL_CIPHER_find() returns a SSL_CIPHER structure which has the cipher ID stored +in ptr. The ptr parameter is a two element array of char, which stores the +two-byte TLS cipher ID (as allocated by IANA) in network byte order. This parameter +is usually retrieved from a TLS packet by using functions like +SSL_client_hello_get0_ciphers(3). SSL_CIPHER_find() returns NULL if an +error occurs or the indicated cipher is not found.

    +

    SSL_CIPHER_get_id() returns the OpenSSL-specific ID of the given cipher c. That ID is +not the same as the IANA-specific ID.

    +

    SSL_CIPHER_get_protocol_id() returns the two-byte ID used in the TLS protocol of the given +cipher c.

    +

    SSL_CIPHER_description() returns a textual description of the cipher used +into the buffer buf of length len provided. If buf is provided, it +must be at least 128 bytes, otherwise a buffer will be allocated using +OPENSSL_malloc(). If the provided buffer is too small, or the allocation fails, +NULL is returned.

    +

    The string returned by SSL_CIPHER_description() consists of several fields +separated by whitespace:

    +
    +
    <ciphername>
    + +
    +

    Textual representation of the cipher name.

    +
    +
    <protocol version>
    + +
    +

    The minimum protocol version that the ciphersuite supports, such as TLSv1.2. +Note that this is not always the same as the protocol version in which the +ciphersuite was first defined because some ciphersuites are backwards compatible +with earlier protocol versions.

    +
    +
    Kx=<key exchange>
    + +
    +

    Key exchange method such as RSA, ECDHE, etc.

    +
    +
    Au=<authentication>
    + +
    +

    Authentication method such as RSA, None, etc.. None is the +representation of anonymous ciphers.

    +
    +
    Enc=<symmetric encryption method>
    + +
    +

    Encryption method, with number of secret bits, such as AESGCM(128).

    +
    +
    Mac=<message authentication code>
    + +
    +

    Message digest, such as SHA256.

    +
    +
    +

    Some examples for the output of SSL_CIPHER_description():

    +
    + ECDHE-RSA-AES256-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
+ RSA-PSK-AES256-CBC-SHA384 TLSv1.0 Kx=RSAPSK   Au=RSA  Enc=AES(256)  Mac=SHA384
    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CIPHER_get_name(), SSL_CIPHER_standard_name(), OPENSSL_cipher_name(), +SSL_CIPHER_get_version() and SSL_CIPHER_description() return the corresponding +value in a null-terminated string for a specific cipher or "(NONE)" +if the cipher is not found.

    +

    SSL_CIPHER_get_bits() returns a positive integer representing the number of +secret bits or 0 if an error occurred.

    +

    SSL_CIPHER_get_cipher_nid(), SSL_CIPHER_get_digest_nid(), +SSL_CIPHER_get_kx_nid() and SSL_CIPHER_get_auth_nid() return the NID value or +NID_undef if an error occurred.

    +

    SSL_CIPHER_get_handshake_digest() returns a valid EVP_MD structure or NULL +if an error occurred.

    +

    SSL_CIPHER_is_aead() returns 1 if the cipher is AEAD or 0 otherwise.

    +

    SSL_CIPHER_find() returns a valid SSL_CIPHER structure or NULL if an error +occurred.

    +

    SSL_CIPHER_get_id() returns a 4-byte integer representing the OpenSSL-specific ID.

    +

    SSL_CIPHER_get_protocol_id() returns a 2-byte integer representing the TLS +protocol-specific ID.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_get_current_cipher(3), +SSL_get_ciphers(3), openssl-ciphers(1)

    +

    +

    +
    +

    HISTORY

    +

    The SSL_CIPHER_get_version() function was updated to always return the +correct protocol string in OpenSSL 1.1.0.

    +

    The SSL_CIPHER_description() function was changed to return NULL on error, +rather than a fixed string, in OpenSSL 1.1.0.

    +

    The SSL_CIPHER_get_handshake_digest() function was added in OpenSSL 1.1.1.

    +

    The SSL_CIPHER_standard_name() function was globally available in OpenSSL 1.1.1. + Before OpenSSL 1.1.1, tracing (enable-ssl-trace argument to Configure) was +required to enable this function.

    +

    The OPENSSL_cipher_name() function was added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_COMP_add_compression_method.html b/linux_amd64/share/doc/openssl/html/man3/SSL_COMP_add_compression_method.html new file mode 100755 index 0000000..0d2ddb3 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_COMP_add_compression_method.html @@ -0,0 +1,132 @@ + + + + +SSL_COMP_add_compression_method + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_COMP_add_compression_method, SSL_COMP_get_compression_methods, +SSL_COMP_get0_name, SSL_COMP_get_id, SSL_COMP_free_compression_methods +- handle SSL/TLS integrated compression methods

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm);
+ STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
+ const char *SSL_COMP_get0_name(const SSL_COMP *comp);
+ int SSL_COMP_get_id(const SSL_COMP *comp);
    +

    Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + void SSL_COMP_free_compression_methods(void)
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_COMP_add_compression_method() adds the compression method cm with +the identifier id to the list of available compression methods. This +list is globally maintained for all SSL operations within this application. +It cannot be set for specific SSL_CTX or SSL objects.

    +

    SSL_COMP_get_compression_methods() returns a stack of all of the available +compression methods or NULL on error.

    +

    SSL_COMP_get0_name() returns the name of the compression method comp.

    +

    SSL_COMP_get_id() returns the id of the compression method comp.

    +

    SSL_COMP_free_compression_methods() releases any resources acquired to +maintain the internal table of compression methods.

    +

    +

    +
    +

    NOTES

    +

    The TLS standard (or SSLv3) allows the integration of compression methods +into the communication. The TLS RFC does however not specify compression +methods or their corresponding identifiers, so there is currently no compatible +way to integrate compression with unknown peers. It is therefore currently not +recommended to integrate compression into applications. Applications for +non-public use may agree on certain compression methods. Using different +compression methods with the same identifier will lead to connection failure.

    +

    An OpenSSL client speaking a protocol that allows compression (SSLv3, TLSv1) +will unconditionally send the list of all compression methods enabled with +SSL_COMP_add_compression_method() to the server during the handshake. +Unlike the mechanisms to set a cipher list, there is no method available to +restrict the list of compression method on a per connection basis.

    +

    An OpenSSL server will match the identifiers listed by a client against +its own compression methods and will unconditionally activate compression +when a matching identifier is found. There is no way to restrict the list +of compression methods supported on a per connection basis.

    +

    If enabled during compilation, the OpenSSL library will have the +COMP_zlib() compression method available.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_COMP_add_compression_method() may return the following values:

    +
      +
    1. +

      The operation succeeded.

      +
      2. +
    2. +

      The operation failed. Check the error queue to find out the reason.

      +
      3. +
    +

    SSL_COMP_get_compression_methods() returns the stack of compressions methods or +NULL on error.

    +

    SSL_COMP_get0_name() returns the name of the compression method or NULL on error.

    +

    SSL_COMP_get_id() returns the name of the compression method or -1 on error.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7)

    +

    +

    +
    +

    HISTORY

    +

    The SSL_COMP_free_compression_methods() function was deprecated in OpenSSL 1.1.0. +The SSL_COMP_get0_name() and SSL_comp_get_id() functions were added in OpenSSL 1.1.0d.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CONF_CTX_new.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CONF_CTX_new.html new file mode 100755 index 0000000..fc5f29e --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CONF_CTX_new.html @@ -0,0 +1,88 @@ + + + + +SSL_CONF_CTX_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CONF_CTX_new, SSL_CONF_CTX_free - SSL configuration allocation functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + SSL_CONF_CTX *SSL_CONF_CTX_new(void);
+ void SSL_CONF_CTX_free(SSL_CONF_CTX *cctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    The function SSL_CONF_CTX_new() allocates and initialises an SSL_CONF_CTX +structure for use with the SSL_CONF functions.

    +

    The function SSL_CONF_CTX_free() frees up the context cctx. +If cctx is NULL nothing is done.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CONF_CTX_new() returns either the newly allocated SSL_CONF_CTX structure +or NULL if an error occurs.

    +

    SSL_CONF_CTX_free() does not return a value.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_CONF_CTX_set_flags(3), +SSL_CONF_CTX_set_ssl_ctx(3), +SSL_CONF_CTX_set1_prefix(3), +SSL_CONF_cmd(3), +SSL_CONF_cmd_argv(3)

    +

    +

    +
    +

    HISTORY

    +

    These functions were added in OpenSSL 1.0.2.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CONF_CTX_set1_prefix.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CONF_CTX_set1_prefix.html new file mode 100755 index 0000000..2bf6739 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CONF_CTX_set1_prefix.html @@ -0,0 +1,98 @@ + + + + +SSL_CONF_CTX_set1_prefix + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CONF_CTX_set1_prefix - Set configuration context command prefix

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + unsigned int SSL_CONF_CTX_set1_prefix(SSL_CONF_CTX *cctx, const char *prefix);
    +

    +

    +
    +

    DESCRIPTION

    +

    The function SSL_CONF_CTX_set1_prefix() sets the command prefix of cctx +to prefix. If prefix is NULL it is restored to the default value.

    +

    +

    +
    +

    NOTES

    +

    Command prefixes alter the commands recognised by subsequent SSL_CONF_cmd() +calls. For example for files, if the prefix "SSL" is set then command names +such as "SSLProtocol", "SSLOptions" etc. are recognised instead of "Protocol" +and "Options". Similarly for command lines if the prefix is "--ssl-" then +"--ssl-no_tls1_2" is recognised instead of "-no_tls1_2".

    +

    If the SSL_CONF_FLAG_CMDLINE flag is set then prefix checks are case +sensitive and "-" is the default. In the unlikely even an application +explicitly wants to set no prefix it must be explicitly set to "".

    +

    If the SSL_CONF_FLAG_FILE flag is set then prefix checks are case +insensitive and no prefix is the default.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CONF_CTX_set1_prefix() returns 1 for success and 0 for failure.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_CONF_CTX_new(3), +SSL_CONF_CTX_set_flags(3), +SSL_CONF_CTX_set_ssl_ctx(3), +SSL_CONF_cmd(3), +SSL_CONF_cmd_argv(3)

    +

    +

    +
    +

    HISTORY

    +

    These functions were added in OpenSSL 1.0.2.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CONF_CTX_set_flags.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CONF_CTX_set_flags.html new file mode 100755 index 0000000..7d16045 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CONF_CTX_set_flags.html @@ -0,0 +1,127 @@ + + + + +SSL_CONF_CTX_set_flags + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CONF_CTX_set_flags, SSL_CONF_CTX_clear_flags - Set or clear SSL configuration context flags

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + unsigned int SSL_CONF_CTX_set_flags(SSL_CONF_CTX *cctx, unsigned int flags);
+ unsigned int SSL_CONF_CTX_clear_flags(SSL_CONF_CTX *cctx, unsigned int flags);
    +

    +

    +
    +

    DESCRIPTION

    +

    The function SSL_CONF_CTX_set_flags() sets flags in the context cctx.

    +

    The function SSL_CONF_CTX_clear_flags() clears flags in the context cctx.

    +

    +

    +
    +

    NOTES

    +

    The flags set affect how subsequent calls to SSL_CONF_cmd() or +SSL_CONF_argv() behave.

    +

    Currently the following flags values are recognised:

    +
    +
    SSL_CONF_FLAG_CMDLINE, SSL_CONF_FLAG_FILE
    + +
    +

    recognise options intended for command line or configuration file use. At +least one of these flags must be set.

    +
    +
    SSL_CONF_FLAG_CLIENT, SSL_CONF_FLAG_SERVER
    + +
    +

    recognise options intended for use in SSL/TLS clients or servers. One or +both of these flags must be set.

    +
    +
    SSL_CONF_FLAG_CERTIFICATE
    + +
    +

    recognise certificate and private key options.

    +
    +
    SSL_CONF_FLAG_REQUIRE_PRIVATE
    + +
    +

    If this option is set then if a private key is not specified for a certificate +it will attempt to load a private key from the certificate file when +SSL_CONF_CTX_finish() is called. If a key cannot be loaded from the certificate +file an error occurs.

    +
    +
    SSL_CONF_FLAG_SHOW_ERRORS
    + +
    +

    indicate errors relating to unrecognised options or missing arguments in +the error queue. If this option isn't set such errors are only reflected +in the return values of SSL_CONF_set_cmd() or SSL_CONF_set_argv()

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CONF_CTX_set_flags() and SSL_CONF_CTX_clear_flags() returns the new flags +value after setting or clearing flags.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_CONF_CTX_new(3), +SSL_CONF_CTX_set_ssl_ctx(3), +SSL_CONF_CTX_set1_prefix(3), +SSL_CONF_cmd(3), +SSL_CONF_cmd_argv(3)

    +

    +

    +
    +

    HISTORY

    +

    These functions were added in OpenSSL 1.0.2.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CONF_CTX_set_ssl_ctx.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CONF_CTX_set_ssl_ctx.html new file mode 100755 index 0000000..db65ce7 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CONF_CTX_set_ssl_ctx.html @@ -0,0 +1,97 @@ + + + + +SSL_CONF_CTX_set_ssl_ctx + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CONF_CTX_set_ssl_ctx, SSL_CONF_CTX_set_ssl - set context to configure

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + void SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *cctx, SSL_CTX *ctx);
+ void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CONF_CTX_set_ssl_ctx() sets the context associated with cctx to the +SSL_CTX structure ctx. Any previous SSL or SSL_CTX associated with +cctx is cleared. Subsequent calls to SSL_CONF_cmd() will be sent to +ctx.

    +

    SSL_CONF_CTX_set_ssl() sets the context associated with cctx to the +SSL structure ssl. Any previous SSL or SSL_CTX associated with +cctx is cleared. Subsequent calls to SSL_CONF_cmd() will be sent to +ssl.

    +

    +

    +
    +

    NOTES

    +

    The context need not be set or it can be set to NULL in which case only +syntax checking of commands is performed, where possible.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CONF_CTX_set_ssl_ctx() and SSL_CTX_set_ssl() do not return a value.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_CONF_CTX_new(3), +SSL_CONF_CTX_set_flags(3), +SSL_CONF_CTX_set1_prefix(3), +SSL_CONF_cmd(3), +SSL_CONF_cmd_argv(3)

    +

    +

    +
    +

    HISTORY

    +

    These functions were added in OpenSSL 1.0.2.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CONF_cmd.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CONF_cmd.html new file mode 100755 index 0000000..a5a2deb --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CONF_cmd.html @@ -0,0 +1,746 @@ + + + + +SSL_CONF_cmd + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CONF_cmd_value_type, +SSL_CONF_cmd - send configuration command

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_CONF_cmd(SSL_CONF_CTX *ctx, const char *option, const char *value);
+ int SSL_CONF_cmd_value_type(SSL_CONF_CTX *ctx, const char *option);
    +

    +

    +
    +

    DESCRIPTION

    +

    The function SSL_CONF_cmd() performs configuration operation option with +optional parameter value on ctx. Its purpose is to simplify application +configuration of SSL_CTX or SSL structures by providing a common +framework for command line options or configuration files.

    +

    SSL_CONF_cmd_value_type() returns the type of value that option refers to.

    +

    +

    +
    +

    SUPPORTED COMMAND LINE COMMANDS

    +

    Currently supported option names for command lines (i.e. when the +flag SSL_CONF_CMDLINE is set) are listed below. Note: all option names +are case sensitive. Unless otherwise stated commands can be used by +both clients and servers and the value parameter is not used. The default +prefix for command line commands is - and that is reflected below.

    +
    +
    -bugs
    + +
    +

    Various bug workarounds are set, same as setting SSL_OP_ALL.

    +
    +
    -no_comp
    + +
    +

    Disables support for SSL/TLS compression, same as setting +SSL_OP_NO_COMPRESSION. +As of OpenSSL 1.1.0, compression is off by default.

    +
    +
    -comp
    + +
    +

    Enables support for SSL/TLS compression, same as clearing +SSL_OP_NO_COMPRESSION. +This command was introduced in OpenSSL 1.1.0. +As of OpenSSL 1.1.0, compression is off by default.

    +
    +
    -no_ticket
    + +
    +

    Disables support for session tickets, same as setting SSL_OP_NO_TICKET.

    +
    +
    -serverpref
    + +
    +

    Use server and not client preference order when determining which cipher suite, +signature algorithm or elliptic curve to use for an incoming connection. +Equivalent to SSL_OP_CIPHER_SERVER_PREFERENCE. Only used by servers.

    +
    +
    -legacyrenegotiation
    + +
    +

    permits the use of unsafe legacy renegotiation. Equivalent to setting +SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION.

    +
    +
    -no_renegotiation
    + +
    +

    Disables all attempts at renegotiation in TLSv1.2 and earlier, same as setting +SSL_OP_NO_RENEGOTIATION.

    +
    +
    -no_resumption_on_reneg
    + +
    +

    set SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION flag. Only used by servers.

    +
    +
    -legacy_server_connect, -no_legacy_server_connect
    + +
    +

    permits or prohibits the use of unsafe legacy renegotiation for OpenSSL +clients only. Equivalent to setting or clearing SSL_OP_LEGACY_SERVER_CONNECT. +Set by default.

    +
    +
    -prioritize_chacha
    + +
    +

    Prioritize ChaCha ciphers when the client has a ChaCha20 cipher at the top of +its preference list. This usually indicates a client without AES hardware +acceleration (e.g. mobile) is in use. Equivalent to SSL_OP_PRIORITIZE_CHACHA. +Only used by servers. Requires -serverpref.

    +
    +
    -allow_no_dhe_kex
    + +
    +

    In TLSv1.3 allow a non-(ec)dhe based key exchange mode on resumption. This means +that there will be no forward secrecy for the resumed session.

    +
    +
    -strict
    + +
    +

    enables strict mode protocol handling. Equivalent to setting +SSL_CERT_FLAG_TLS_STRICT.

    +
    +
    -sigalgs algs
    + +
    +

    This sets the supported signature algorithms for TLSv1.2 and TLSv1.3. +For clients this value is used directly for the supported signature +algorithms extension. For servers it is used to determine which signature +algorithms to support.

    +

    The algs argument should be a colon separated list of signature +algorithms in order of decreasing preference of the form algorithm+hash +or signature_scheme. algorithm is one of RSA, DSA or ECDSA and +hash is a supported algorithm OID short name such as SHA1, SHA224, +SHA256, SHA384 of SHA512. Note: algorithm and hash names are case +sensitive. signature_scheme is one of the signature schemes defined in +TLSv1.3, specified using the IETF name, e.g., ecdsa_secp256r1_sha256, +ed25519, or rsa_pss_pss_sha256.

    +

    If this option is not set then all signature algorithms supported by the +OpenSSL library are permissible.

    +

    Note: algorithms which specify a PKCS#1 v1.5 signature scheme (either by +using RSA as the algorithm or by using one of the rsa_pkcs1_* +identifiers) are ignored in TLSv1.3 and will not be negotiated.

    +
    +
    -client_sigalgs algs
    + +
    +

    This sets the supported signature algorithms associated with client +authentication for TLSv1.2 and TLSv1.3. For servers the algs is used +in the signature_algorithms field of a CertificateRequest message. +For clients it is used to determine which signature algorithm to use with +the client certificate. If a server does not request a certificate this +option has no effect.

    +

    The syntax of algs is identical to -sigalgs. If not set, then the +value set for -sigalgs will be used instead.

    +
    +
    -groups groups
    + +
    +

    This sets the supported groups. For clients, the groups are sent using +the supported groups extension. For servers, it is used to determine which +group to use. This setting affects groups used for signatures (in TLSv1.2 +and earlier) and key exchange. The first group listed will also be used +for the key_share sent by a client in a TLSv1.3 ClientHello.

    +

    The groups argument is a colon separated list of groups. The group can +be either the NIST name (e.g. P-256), some other commonly used name +where applicable (e.g. X25519, ffdhe2048) or an OpenSSL OID name +(e.g prime256v1). Group names are case sensitive. The list should be +in order of preference with the most preferred group first.

    +

    Currently supported groups for TLSv1.3 are P-256, P-384, P-521, +X25519, X448, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, +ffdhe8192.

    +
    +
    -curves groups
    + +
    +

    This is a synonym for the -groups command.

    +
    +
    -named_curve curve
    + +
    +

    This sets the temporary curve used for ephemeral ECDH modes. Only used +by servers.

    +

    The groups argument is a curve name or the special value auto which +picks an appropriate curve based on client and server preferences. The +curve can be either the NIST name (e.g. P-256) or an OpenSSL OID name +(e.g prime256v1). Curve names are case sensitive.

    +
    +
    -cipher ciphers
    + +
    +

    Sets the TLSv1.2 and below ciphersuite list to ciphers. This list will be +combined with any configured TLSv1.3 ciphersuites. Note: syntax checking +of ciphers is currently not performed unless a SSL or SSL_CTX +structure is associated with ctx.

    +
    +
    -ciphersuites 1.3ciphers
    + +
    +

    Sets the available ciphersuites for TLSv1.3 to value. This is a +colon-separated list of TLSv1.3 ciphersuite names in order of preference. This +list will be combined any configured TLSv1.2 and below ciphersuites. +See openssl-ciphers(1) for more information.

    +
    +
    -min_protocol minprot, -max_protocol maxprot
    + +
    +

    Sets the minimum and maximum supported protocol. Currently supported +protocol values are SSLv3, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3 +for TLS and DTLSv1, DTLSv1.2 for DTLS, and None for no limit. +If either bound is not specified then only the other bound applies, +if specified. To restrict the supported protocol versions use these +commands rather than the deprecated alternative commands below.

    +
    +
    -record_padding padding
    + +
    +

    Attempts to pad TLSv1.3 records so that they are a multiple of padding +in length on send. A padding of 0 or 1 turns off padding. Otherwise, +the padding must be >1 or <=16384.

    +
    +
    -debug_broken_protocol
    + +
    +

    Ignored.

    +
    +
    -no_middlebox
    + +
    +

    Turn off "middlebox compatibility", as described below.

    +
    +
    +

    +

    +

    Additional Options

    +

    The following options are accepted by SSL_CONF_cmd(), but are not +processed by the OpenSSL commands.

    +
    +
    -cert file
    + +
    +

    Attempts to use file as the certificate for the appropriate context. It +currently uses SSL_CTX_use_certificate_chain_file() if an SSL_CTX +structure is set or SSL_use_certificate_file() with filetype PEM if an +SSL structure is set. This option is only supported if certificate +operations are permitted.

    +
    +
    -key file
    + +
    +

    Attempts to use file as the private key for the appropriate context. This +option is only supported if certificate operations are permitted. Note: +if no -key option is set then a private key is not loaded unless the +flag SSL_CONF_FLAG_REQUIRE_PRIVATE is set.

    +
    +
    -dhparam file
    + +
    +

    Attempts to use file as the set of temporary DH parameters for +the appropriate context. This option is only supported if certificate +operations are permitted.

    +
    +
    -no_ssl3, -no_tls1, -no_tls1_1, -no_tls1_2, -no_tls1_3
    + +
    +

    Disables protocol support for SSLv3, TLSv1.0, TLSv1.1, TLSv1.2 or TLSv1.3 by +setting the corresponding options SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, +SSL_OP_NO_TLSv1_1, SSL_OP_NO_TLSv1_2 and SSL_OP_NO_TLSv1_3 +respectively. These options are deprecated, use -min_protocol and +-max_protocol instead.

    +
    +
    -anti_replay, -no_anti_replay
    + +
    +

    Switches replay protection, on or off respectively. With replay protection on, +OpenSSL will automatically detect if a session ticket has been used more than +once, TLSv1.3 has been negotiated, and early data is enabled on the server. A +full handshake is forced if a session ticket is used a second or subsequent +time. Anti-Replay is on by default unless overridden by a configuration file and +is only used by servers. Anti-replay measures are required for compliance with +the TLSv1.3 specification. Some applications may be able to mitigate the replay +risks in other ways and in such cases the built-in OpenSSL functionality is not +required. Switching off anti-replay is equivalent to SSL_OP_NO_ANTI_REPLAY.

    +
    +
    +

    +

    +
    +

    SUPPORTED CONFIGURATION FILE COMMANDS

    +

    Currently supported option names for configuration files (i.e., when the +flag SSL_CONF_FLAG_FILE is set) are listed below. All configuration file +option names are case insensitive so signaturealgorithms is recognised +as well as SignatureAlgorithms. Unless otherwise stated the value names +are also case insensitive.

    +

    Note: the command prefix (if set) alters the recognised option values.

    +
    +
    CipherString
    + +
    +

    Sets the ciphersuite list for TLSv1.2 and below to value. This list will be +combined with any configured TLSv1.3 ciphersuites. Note: syntax +checking of value is currently not performed unless an SSL or SSL_CTX +structure is associated with ctx.

    +
    +
    Ciphersuites
    + +
    +

    Sets the available ciphersuites for TLSv1.3 to value. This is a +colon-separated list of TLSv1.3 ciphersuite names in order of preference. This +list will be combined any configured TLSv1.2 and below ciphersuites. +See openssl-ciphers(1) for more information.

    +
    +
    Certificate
    + +
    +

    Attempts to use the file value as the certificate for the appropriate +context. It currently uses SSL_CTX_use_certificate_chain_file() if an SSL_CTX +structure is set or SSL_use_certificate_file() with filetype PEM if an SSL +structure is set. This option is only supported if certificate operations +are permitted.

    +
    +
    PrivateKey
    + +
    +

    Attempts to use the file value as the private key for the appropriate +context. This option is only supported if certificate operations +are permitted. Note: if no PrivateKey option is set then a private key is +not loaded unless the SSL_CONF_FLAG_REQUIRE_PRIVATE is set.

    +
    +
    ChainCAFile, ChainCAPath, VerifyCAFile, VerifyCAPath
    + +
    +

    These options indicate a file or directory used for building certificate +chains or verifying certificate chains. These options are only supported +if certificate operations are permitted.

    +
    +
    RequestCAFile
    + +
    +

    This option indicates a file containing a set of certificates in PEM form. +The subject names of the certificates are sent to the peer in the +certificate_authorities extension for TLS 1.3 (in ClientHello or +CertificateRequest) or in a certificate request for previous versions or +TLS.

    +
    +
    ServerInfoFile
    + +
    +

    Attempts to use the file value in the "serverinfo" extension using the +function SSL_CTX_use_serverinfo_file.

    +
    +
    DHParameters
    + +
    +

    Attempts to use the file value as the set of temporary DH parameters for +the appropriate context. This option is only supported if certificate +operations are permitted.

    +
    +
    RecordPadding
    + +
    +

    Attempts to pad TLSv1.3 records so that they are a multiple of value in +length on send. A value of 0 or 1 turns off padding. Otherwise, the +value must be >1 or <=16384.

    +
    +
    SignatureAlgorithms
    + +
    +

    This sets the supported signature algorithms for TLSv1.2 and TLSv1.3. +For clients this +value is used directly for the supported signature algorithms extension. For +servers it is used to determine which signature algorithms to support.

    +

    The value argument should be a colon separated list of signature algorithms +in order of decreasing preference of the form algorithm+hash or +signature_scheme. algorithm +is one of RSA, DSA or ECDSA and hash is a supported algorithm +OID short name such as SHA1, SHA224, SHA256, SHA384 of SHA512. +Note: algorithm and hash names are case sensitive. +signature_scheme is one of the signature schemes defined in TLSv1.3, +specified using the IETF name, e.g., ecdsa_secp256r1_sha256, ed25519, +or rsa_pss_pss_sha256.

    +

    If this option is not set then all signature algorithms supported by the +OpenSSL library are permissible.

    +

    Note: algorithms which specify a PKCS#1 v1.5 signature scheme (either by +using RSA as the algorithm or by using one of the rsa_pkcs1_* +identifiers) are ignored in TLSv1.3 and will not be negotiated.

    +
    +
    ClientSignatureAlgorithms
    + +
    +

    This sets the supported signature algorithms associated with client +authentication for TLSv1.2 and TLSv1.3. +For servers the value is used in the +signature_algorithms field of a CertificateRequest message. +For clients it is +used to determine which signature algorithm to use with the client certificate. +If a server does not request a certificate this option has no effect.

    +

    The syntax of value is identical to SignatureAlgorithms. If not set then +the value set for SignatureAlgorithms will be used instead.

    +
    +
    Groups
    + +
    +

    This sets the supported groups. For clients, the groups are +sent using the supported groups extension. For servers, it is used +to determine which group to use. This setting affects groups used for +signatures (in TLSv1.2 and earlier) and key exchange. The first group listed +will also be used for the key_share sent by a client in a TLSv1.3 +ClientHello.

    +

    The value argument is a colon separated list of groups. The group can be +either the NIST name (e.g. P-256), some other commonly used name where +applicable (e.g. X25519, ffdhe2048) or an OpenSSL OID name +(e.g prime256v1). Group names are case sensitive. The list should be in +order of preference with the most preferred group first.

    +

    Currently supported groups for TLSv1.3 are P-256, P-384, P-521, +X25519, X448, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, +ffdhe8192.

    +
    +
    Curves
    + +
    +

    This is a synonym for the "Groups" command.

    +
    +
    MinProtocol
    + +
    +

    This sets the minimum supported SSL, TLS or DTLS version.

    +

    Currently supported protocol values are SSLv3, TLSv1, TLSv1.1, +TLSv1.2, TLSv1.3, DTLSv1 and DTLSv1.2. +The value None will disable the limit.

    +
    +
    MaxProtocol
    + +
    +

    This sets the maximum supported SSL, TLS or DTLS version.

    +

    Currently supported protocol values are SSLv3, TLSv1, TLSv1.1, +TLSv1.2, TLSv1.3, DTLSv1 and DTLSv1.2. +The value None will disable the limit.

    +
    +
    Protocol
    + +
    +

    This can be used to enable or disable certain versions of the SSL, +TLS or DTLS protocol.

    +

    The value argument is a comma separated list of supported protocols +to enable or disable. +If a protocol is preceded by - that version is disabled.

    +

    All protocol versions are enabled by default. +You need to disable at least one protocol version for this setting have any +effect. +Only enabling some protocol versions does not disable the other protocol +versions.

    +

    Currently supported protocol values are SSLv3, TLSv1, TLSv1.1, +TLSv1.2, TLSv1.3, DTLSv1 and DTLSv1.2. +The special value ALL refers to all supported versions.

    +

    This can't enable protocols that are disabled using MinProtocol +or MaxProtocol, but can disable protocols that are still allowed +by them.

    +

    The Protocol command is fragile and deprecated; do not use it. +Use MinProtocol and MaxProtocol instead. +If you do use Protocol, make sure that the resulting range of enabled +protocols has no "holes", e.g. if TLS 1.0 and TLS 1.2 are both enabled, make +sure to also leave TLS 1.1 enabled.

    +
    +
    Options
    + +
    +

    The value argument is a comma separated list of various flags to set. +If a flag string is preceded - it is disabled. +See the SSL_CTX_set_options(3) function for more details of +individual options.

    +

    Each option is listed below. Where an operation is enabled by default +the -flag syntax is needed to disable it.

    +

    SessionTicket: session ticket support, enabled by default. Inverse of +SSL_OP_NO_TICKET: that is -SessionTicket is the same as setting +SSL_OP_NO_TICKET.

    +

    Compression: SSL/TLS compression support, enabled by default. Inverse +of SSL_OP_NO_COMPRESSION.

    +

    EmptyFragments: use empty fragments as a countermeasure against a +SSL 3.0/TLS 1.0 protocol vulnerability affecting CBC ciphers. It +is set by default. Inverse of SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS.

    +

    Bugs: enable various bug workarounds. Same as SSL_OP_ALL.

    +

    DHSingle: enable single use DH keys, set by default. Inverse of +SSL_OP_DH_SINGLE. Only used by servers.

    +

    ECDHSingle: enable single use ECDH keys, set by default. Inverse of +SSL_OP_ECDH_SINGLE. Only used by servers.

    +

    ServerPreference: use server and not client preference order when +determining which cipher suite, signature algorithm or elliptic curve +to use for an incoming connection. Equivalent to +SSL_OP_CIPHER_SERVER_PREFERENCE. Only used by servers.

    +

    PrioritizeChaCha: prioritizes ChaCha ciphers when the client has a +ChaCha20 cipher at the top of its preference list. This usually indicates +a mobile client is in use. Equivalent to SSL_OP_PRIORITIZE_CHACHA. +Only used by servers.

    +

    NoResumptionOnRenegotiation: set +SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION flag. Only used by servers.

    +

    NoRenegotiation: disables all attempts at renegotiation in TLSv1.2 and +earlier, same as setting SSL_OP_NO_RENEGOTIATION.

    +

    UnsafeLegacyRenegotiation: permits the use of unsafe legacy renegotiation. +Equivalent to SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION.

    +

    UnsafeLegacyServerConnect: permits the use of unsafe legacy renegotiation +for OpenSSL clients only. Equivalent to SSL_OP_LEGACY_SERVER_CONNECT. +Set by default.

    +

    EncryptThenMac: use encrypt-then-mac extension, enabled by +default. Inverse of SSL_OP_NO_ENCRYPT_THEN_MAC: that is, +-EncryptThenMac is the same as setting SSL_OP_NO_ENCRYPT_THEN_MAC.

    +

    AllowNoDHEKEX: In TLSv1.3 allow a non-(ec)dhe based key exchange mode on +resumption. This means that there will be no forward secrecy for the resumed +session. Equivalent to SSL_OP_ALLOW_NO_DHE_KEX.

    +

    MiddleboxCompat: If set then dummy Change Cipher Spec (CCS) messages are sent +in TLSv1.3. This has the effect of making TLSv1.3 look more like TLSv1.2 so that +middleboxes that do not understand TLSv1.3 will not drop the connection. This +option is set by default. A future version of OpenSSL may not set this by +default. Equivalent to SSL_OP_ENABLE_MIDDLEBOX_COMPAT.

    +

    AntiReplay: If set then OpenSSL will automatically detect if a session ticket +has been used more than once, TLSv1.3 has been negotiated, and early data is +enabled on the server. A full handshake is forced if a session ticket is used a +second or subsequent time. This option is set by default and is only used by +servers. Anti-replay measures are required to comply with the TLSv1.3 +specification. Some applications may be able to mitigate the replay risks in +other ways and in such cases the built-in OpenSSL functionality is not required. +Disabling anti-replay is equivalent to setting SSL_OP_NO_ANTI_REPLAY.

    +

    ExtendedMasterSecret: use extended master secret extension, enabled by +default. Inverse of SSL_OP_NO_EXTENDED_MASTER_SECRET: that is, +-ExtendedMasterSecret is the same as setting SSL_OP_NO_EXTENDED_MASTER_SECRET.

    +
    +
    VerifyMode
    + +
    +

    The value argument is a comma separated list of flags to set.

    +

    Peer enables peer verification: for clients only.

    +

    Request requests but does not require a certificate from the client. +Servers only.

    +

    Require requests and requires a certificate from the client: an error +occurs if the client does not present a certificate. Servers only.

    +

    Once requests a certificate from a client only on the initial connection: +not when renegotiating. Servers only.

    +

    RequestPostHandshake configures the connection to support requests but does +not require a certificate from the client post-handshake. A certificate will +not be requested during the initial handshake. The server application must +provide a mechanism to request a certificate post-handshake. Servers only. +TLSv1.3 only.

    +

    RequiresPostHandshake configures the connection to support requests and +requires a certificate from the client post-handshake: an error occurs if the +client does not present a certificate. A certificate will not be requested +during the initial handshake. The server application must provide a mechanism +to request a certificate post-handshake. Servers only. TLSv1.3 only.

    +
    +
    ClientCAFile, ClientCAPath
    + +
    +

    A file or directory of certificates in PEM format whose names are used as the +set of acceptable names for client CAs. Servers only. This option is only +supported if certificate operations are permitted.

    +
    +
    +

    +

    +
    +

    SUPPORTED COMMAND TYPES

    +

    The function SSL_CONF_cmd_value_type() currently returns one of the following +types:

    +
    +
    SSL_CONF_TYPE_UNKNOWN
    + +
    +

    The option string is unrecognised, this return value can be use to flag +syntax errors.

    +
    +
    SSL_CONF_TYPE_STRING
    + +
    +

    The value is a string without any specific structure.

    +
    +
    SSL_CONF_TYPE_FILE
    + +
    +

    The value is a filename.

    +
    +
    SSL_CONF_TYPE_DIR
    + +
    +

    The value is a directory name.

    +
    +
    SSL_CONF_TYPE_NONE
    + +
    +

    The value string is not used e.g. a command line option which doesn't take an +argument.

    +
    +
    +

    +

    +
    +

    NOTES

    +

    The order of operations is significant. This can be used to set either defaults +or values which cannot be overridden. For example if an application calls:

    +
    + SSL_CONF_cmd(ctx, "Protocol", "-SSLv3");
+ SSL_CONF_cmd(ctx, userparam, uservalue);
    +

    it will disable SSLv3 support by default but the user can override it. If +however the call sequence is:

    +
    + SSL_CONF_cmd(ctx, userparam, uservalue);
+ SSL_CONF_cmd(ctx, "Protocol", "-SSLv3");
    +

    SSLv3 is always disabled and attempt to override this by the user are +ignored.

    +

    By checking the return code of SSL_CONF_cmd() it is possible to query if a +given option is recognised, this is useful if SSL_CONF_cmd() values are +mixed with additional application specific operations.

    +

    For example an application might call SSL_CONF_cmd() and if it returns +-2 (unrecognised command) continue with processing of application specific +commands.

    +

    Applications can also use SSL_CONF_cmd() to process command lines though the +utility function SSL_CONF_cmd_argv() is normally used instead. One way +to do this is to set the prefix to an appropriate value using +SSL_CONF_CTX_set1_prefix(), pass the current argument to option and the +following argument to value (which may be NULL).

    +

    In this case if the return value is positive then it is used to skip that +number of arguments as they have been processed by SSL_CONF_cmd(). If -2 is +returned then option is not recognised and application specific arguments +can be checked instead. If -3 is returned a required argument is missing +and an error is indicated. If 0 is returned some other error occurred and +this can be reported back to the user.

    +

    The function SSL_CONF_cmd_value_type() can be used by applications to +check for the existence of a command or to perform additional syntax +checking or translation of the command value. For example if the return +value is SSL_CONF_TYPE_FILE an application could translate a relative +pathname to an absolute pathname.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CONF_cmd() returns 1 if the value of option is recognised and value is +NOT used and 2 if both option and value are used. In other words it +returns the number of arguments processed. This is useful when processing +command lines.

    +

    A return value of -2 means option is not recognised.

    +

    A return value of -3 means option is recognised and the command requires a +value but value is NULL.

    +

    A return code of 0 indicates that both option and value are valid but an +error occurred attempting to perform the operation: for example due to an +error in the syntax of value in this case the error queue may provide +additional information.

    +

    +

    +
    +

    EXAMPLES

    +

    Set supported signature algorithms:

    +
    + SSL_CONF_cmd(ctx, "SignatureAlgorithms", "ECDSA+SHA256:RSA+SHA256:DSA+SHA256");
    +

    There are various ways to select the supported protocols.

    +

    This set the minimum protocol version to TLSv1, and so disables SSLv3. +This is the recommended way to disable protocols.

    +
    + SSL_CONF_cmd(ctx, "MinProtocol", "TLSv1");
    +

    The following also disables SSLv3:

    +
    + SSL_CONF_cmd(ctx, "Protocol", "-SSLv3");
    +

    The following will first enable all protocols, and then disable +SSLv3. +If no protocol versions were disabled before this has the same effect as +"-SSLv3", but if some versions were disables this will re-enable them before +disabling SSLv3.

    +
    + SSL_CONF_cmd(ctx, "Protocol", "ALL,-SSLv3");
    +

    Only enable TLSv1.2:

    +
    + SSL_CONF_cmd(ctx, "MinProtocol", "TLSv1.2");
+ SSL_CONF_cmd(ctx, "MaxProtocol", "TLSv1.2");
    +

    This also only enables TLSv1.2:

    +
    + SSL_CONF_cmd(ctx, "Protocol", "-ALL,TLSv1.2");
    +

    Disable TLS session tickets:

    +
    + SSL_CONF_cmd(ctx, "Options", "-SessionTicket");
    +

    Enable compression:

    +
    + SSL_CONF_cmd(ctx, "Options", "Compression");
    +

    Set supported curves to P-256, P-384:

    +
    + SSL_CONF_cmd(ctx, "Curves", "P-256:P-384");
    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_CONF_CTX_new(3), +SSL_CONF_CTX_set_flags(3), +SSL_CONF_CTX_set1_prefix(3), +SSL_CONF_CTX_set_ssl_ctx(3), +SSL_CONF_cmd_argv(3), +SSL_CTX_set_options(3)

    +

    +

    +
    +

    HISTORY

    +

    The SSL_CONF_cmd() function was added in OpenSSL 1.0.2.

    +

    The SSL_OP_NO_SSL2 option doesn't have effect since 1.1.0, but the macro +is retained for backwards compatibility.

    +

    The SSL_CONF_TYPE_NONE was added in OpenSSL 1.1.0. In earlier versions of +OpenSSL passing a command which didn't take an argument would return +SSL_CONF_TYPE_UNKNOWN.

    +

    MinProtocol and MaxProtocol where added in OpenSSL 1.1.0.

    +

    AllowNoDHEKEX and PrioritizeChaCha were added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CONF_cmd_argv.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CONF_cmd_argv.html new file mode 100755 index 0000000..967643b --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CONF_cmd_argv.html @@ -0,0 +1,89 @@ + + + + +SSL_CONF_cmd_argv + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CONF_cmd_argv - SSL configuration command line processing

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_CONF_cmd_argv(SSL_CONF_CTX *cctx, int *pargc, char ***pargv);
    +

    +

    +
    +

    DESCRIPTION

    +

    The function SSL_CONF_cmd_argv() processes at most two command line +arguments from pargv and pargc. The values of pargv and pargc +are updated to reflect the number of command options processed. The pargc +argument can be set to NULL if it is not used.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CONF_cmd_argv() returns the number of command arguments processed: 0, 1, 2 +or a negative error code.

    +

    If -2 is returned then an argument for a command is missing.

    +

    If -1 is returned the command is recognised but couldn't be processed due +to an error: for example a syntax error in the argument.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_CONF_CTX_new(3), +SSL_CONF_CTX_set_flags(3), +SSL_CONF_CTX_set1_prefix(3), +SSL_CONF_CTX_set_ssl_ctx(3), +SSL_CONF_cmd(3)

    +

    +

    +
    +

    HISTORY

    +

    These functions were added in OpenSSL 1.0.2.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_add1_chain_cert.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_add1_chain_cert.html new file mode 100755 index 0000000..08cca29 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_add1_chain_cert.html @@ -0,0 +1,182 @@ + + + + +SSL_CTX_add1_chain_cert + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set0_chain, SSL_CTX_set1_chain, SSL_CTX_add0_chain_cert, +SSL_CTX_add1_chain_cert, SSL_CTX_get0_chain_certs, SSL_CTX_clear_chain_certs, +SSL_set0_chain, SSL_set1_chain, SSL_add0_chain_cert, SSL_add1_chain_cert, +SSL_get0_chain_certs, SSL_clear_chain_certs, SSL_CTX_build_cert_chain, +SSL_build_cert_chain, SSL_CTX_select_current_cert, +SSL_select_current_cert, SSL_CTX_set_current_cert, SSL_set_current_cert - extra +chain certificate processing

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_CTX_set0_chain(SSL_CTX *ctx, STACK_OF(X509) *sk);
+ int SSL_CTX_set1_chain(SSL_CTX *ctx, STACK_OF(X509) *sk);
+ int SSL_CTX_add0_chain_cert(SSL_CTX *ctx, X509 *x509);
+ int SSL_CTX_add1_chain_cert(SSL_CTX *ctx, X509 *x509);
+ int SSL_CTX_get0_chain_certs(SSL_CTX *ctx, STACK_OF(X509) **sk);
+ int SSL_CTX_clear_chain_certs(SSL_CTX *ctx);
    +
    + int SSL_set0_chain(SSL *ssl, STACK_OF(X509) *sk);
+ int SSL_set1_chain(SSL *ssl, STACK_OF(X509) *sk);
+ int SSL_add0_chain_cert(SSL *ssl, X509 *x509);
+ int SSL_add1_chain_cert(SSL *ssl, X509 *x509);
+ int SSL_get0_chain_certs(SSL *ssl, STACK_OF(X509) **sk);
+ int SSL_clear_chain_certs(SSL *ssl);
    +
    + int SSL_CTX_build_cert_chain(SSL_CTX *ctx, flags);
+ int SSL_build_cert_chain(SSL *ssl, flags);
    +
    + int SSL_CTX_select_current_cert(SSL_CTX *ctx, X509 *x509);
+ int SSL_select_current_cert(SSL *ssl, X509 *x509);
+ int SSL_CTX_set_current_cert(SSL_CTX *ctx, long op);
+ int SSL_set_current_cert(SSL *ssl, long op);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set0_chain() and SSL_CTX_set1_chain() set the certificate chain +associated with the current certificate of ctx to sk.

    +

    SSL_CTX_add0_chain_cert() and SSL_CTX_add1_chain_cert() append the single +certificate x509 to the chain associated with the current certificate of +ctx.

    +

    SSL_CTX_get0_chain_certs() retrieves the chain associated with the current +certificate of ctx.

    +

    SSL_CTX_clear_chain_certs() clears any existing chain associated with the +current certificate of ctx. (This is implemented by calling +SSL_CTX_set0_chain() with sk set to NULL).

    +

    SSL_CTX_build_cert_chain() builds the certificate chain for ctx normally +this uses the chain store or the verify store if the chain store is not set. +If the function is successful the built chain will replace any existing chain. +The flags parameter can be set to SSL_BUILD_CHAIN_FLAG_UNTRUSTED to use +existing chain certificates as untrusted CAs, SSL_BUILD_CHAIN_FLAG_NO_ROOT +to omit the root CA from the built chain, SSL_BUILD_CHAIN_FLAG_CHECK to +use all existing chain certificates only to build the chain (effectively +sanity checking and rearranging them if necessary), the flag +SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR ignores any errors during verification: +if flag SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR is also set verification errors +are cleared from the error queue.

    +

    Each of these functions operates on the current end entity +(i.e. server or client) certificate. This is the last certificate loaded or +selected on the corresponding ctx structure.

    +

    SSL_CTX_select_current_cert() selects x509 as the current end entity +certificate, but only if x509 has already been loaded into ctx using a +function such as SSL_CTX_use_certificate().

    +

    SSL_set0_chain(), SSL_set1_chain(), SSL_add0_chain_cert(), +SSL_add1_chain_cert(), SSL_get0_chain_certs(), SSL_clear_chain_certs(), +SSL_build_cert_chain(), SSL_select_current_cert() and SSL_set_current_cert() +are similar except they apply to SSL structure ssl.

    +

    SSL_CTX_set_current_cert() changes the current certificate to a value based +on the op argument. Currently op can be SSL_CERT_SET_FIRST to use +the first valid certificate or SSL_CERT_SET_NEXT to set the next valid +certificate after the current certificate. These two operations can be +used to iterate over all certificates in an SSL_CTX structure.

    +

    SSL_set_current_cert() also supports the option SSL_CERT_SET_SERVER. +If ssl is a server and has sent a certificate to a connected client +this option sets that certificate to the current certificate and returns 1. +If the negotiated cipher suite is anonymous (and thus no certificate will +be sent) 2 is returned and the current certificate is unchanged. If ssl +is not a server or a certificate has not been sent 0 is returned and +the current certificate is unchanged.

    +

    All these functions are implemented as macros. Those containing a 1 +increment the reference count of the supplied certificate or chain so it must +be freed at some point after the operation. Those containing a 0 do +not increment reference counts and the supplied certificate or chain +MUST NOT be freed after the operation.

    +

    +

    +
    +

    NOTES

    +

    The chains associate with an SSL_CTX structure are copied to any SSL +structures when SSL_new() is called. SSL structures will not be affected +by any chains subsequently changed in the parent SSL_CTX.

    +

    One chain can be set for each key type supported by a server. So, for example, +an RSA and a DSA certificate can (and often will) have different chains.

    +

    The functions SSL_CTX_build_cert_chain() and SSL_build_cert_chain() can +be used to check application configuration and to ensure any necessary +subordinate CAs are sent in the correct order. Misconfigured applications +sending incorrect certificate chains often cause problems with peers.

    +

    For example an application can add any set of certificates using +SSL_CTX_use_certificate_chain_file() then call SSL_CTX_build_cert_chain() +with the option SSL_BUILD_CHAIN_FLAG_CHECK to check and reorder them.

    +

    Applications can issue non fatal warnings when checking chains by setting +the flag SSL_BUILD_CHAIN_FLAG_IGNORE_ERRORS and checking the return +value.

    +

    Calling SSL_CTX_build_cert_chain() or SSL_build_cert_chain() is more +efficient than the automatic chain building as it is only performed once. +Automatic chain building is performed on each new session.

    +

    If any certificates are added using these functions no certificates added +using SSL_CTX_add_extra_chain_cert() will be used.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_set_current_cert() with SSL_CERT_SET_SERVER return 1 for success, 2 if +no server certificate is used because the cipher suites is anonymous and 0 +for failure.

    +

    SSL_CTX_build_cert_chain() and SSL_build_cert_chain() return 1 for success +and 0 for failure. If the flag SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR and +a verification error occurs then 2 is returned.

    +

    All other functions return 1 for success and 0 for failure.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_CTX_add_extra_chain_cert(3)

    +

    +

    +
    +

    HISTORY

    +

    These functions were added in OpenSSL 1.0.2.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_add_extra_chain_cert.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_add_extra_chain_cert.html new file mode 100755 index 0000000..b87569c --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_add_extra_chain_cert.html @@ -0,0 +1,129 @@ + + + + +SSL_CTX_add_extra_chain_cert + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_add_extra_chain_cert, +SSL_CTX_get_extra_chain_certs, +SSL_CTX_get_extra_chain_certs_only, +SSL_CTX_clear_extra_chain_certs +- add, get or clear extra chain certificates

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509);
+ long SSL_CTX_get_extra_chain_certs(SSL_CTX *ctx, STACK_OF(X509) **sk);
+ long SSL_CTX_get_extra_chain_certs_only(SSL_CTX *ctx, STACK_OF(X509) **sk);
+ long SSL_CTX_clear_extra_chain_certs(SSL_CTX *ctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_add_extra_chain_cert() adds the certificate x509 to the extra chain +certificates associated with ctx. Several certificates can be added one +after another.

    +

    SSL_CTX_get_extra_chain_certs() retrieves the extra chain certificates +associated with ctx, or the chain associated with the current certificate +of ctx if the extra chain is empty. +The returned stack should not be freed by the caller.

    +

    SSL_CTX_get_extra_chain_certs_only() retrieves the extra chain certificates +associated with ctx. +The returned stack should not be freed by the caller.

    +

    SSL_CTX_clear_extra_chain_certs() clears all extra chain certificates +associated with ctx.

    +

    These functions are implemented as macros.

    +

    +

    +
    +

    NOTES

    +

    When sending a certificate chain, extra chain certificates are sent in order +following the end entity certificate.

    +

    If no chain is specified, the library will try to complete the chain from the +available CA certificates in the trusted CA storage, see +SSL_CTX_load_verify_locations(3).

    +

    The x509 certificate provided to SSL_CTX_add_extra_chain_cert() will be +freed by the library when the SSL_CTX is destroyed. An application +should not free the x509 object.

    +

    +

    +
    +

    RESTRICTIONS

    +

    Only one set of extra chain certificates can be specified per SSL_CTX +structure. Different chains for different certificates (for example if both +RSA and DSA certificates are specified by the same server) or different SSL +structures with the same parent SSL_CTX cannot be specified using this +function. For more flexibility functions such as SSL_add1_chain_cert() should +be used instead.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_add_extra_chain_cert() and SSL_CTX_clear_extra_chain_certs() return +1 on success and 0 for failure. Check out the error stack to find out the +reason for failure.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_CTX_use_certificate(3), +SSL_CTX_set_client_cert_cb(3), +SSL_CTX_load_verify_locations(3) +SSL_CTX_set0_chain(3) +SSL_CTX_set1_chain(3) +SSL_CTX_add0_chain_cert(3) +SSL_CTX_add1_chain_cert(3) +SSL_set0_chain(3) +SSL_set1_chain(3) +SSL_add0_chain_cert(3) +SSL_add1_chain_cert(3) +SSL_CTX_build_cert_chain(3) +SSL_build_cert_chain(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_add_session.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_add_session.html new file mode 100755 index 0000000..7a74d36 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_add_session.html @@ -0,0 +1,109 @@ + + + + +SSL_CTX_add_session + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_add_session, SSL_CTX_remove_session - manipulate session cache

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c);
    +
    + int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_add_session() adds the session c to the context ctx. The +reference count for session c is incremented by 1. If a session with +the same session id already exists, the old session is removed by calling +SSL_SESSION_free(3).

    +

    SSL_CTX_remove_session() removes the session c from the context ctx and +marks it as non-resumable. SSL_SESSION_free(3) is called once for c.

    +

    +

    +
    +

    NOTES

    +

    When adding a new session to the internal session cache, it is examined +whether a session with the same session id already exists. In this case +it is assumed that both sessions are identical. If the same session is +stored in a different SSL_SESSION object, The old session is +removed and replaced by the new session. If the session is actually +identical (the SSL_SESSION object is identical), SSL_CTX_add_session() +is a no-op, and the return value is 0.

    +

    If a server SSL_CTX is configured with the SSL_SESS_CACHE_NO_INTERNAL_STORE +flag then the internal cache will not be populated automatically by new +sessions negotiated by the SSL/TLS implementation, even though the internal +cache will be searched automatically for session-resume requests (the +latter can be suppressed by SSL_SESS_CACHE_NO_INTERNAL_LOOKUP). So the +application can use SSL_CTX_add_session() directly to have full control +over the sessions that can be resumed if desired.

    +

    +

    +
    +

    RETURN VALUES

    +

    The following values are returned by all functions:

    +
      +
    1. +

      The operation failed. In case of the add operation, it was tried to add +the same (identical) session twice. In case of the remove operation, the +session was not found in the cache.

      +
      2. +
    2. +

      The operation succeeded.

      +
      3. +
    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_CTX_set_session_cache_mode(3), +SSL_SESSION_free(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_config.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_config.html new file mode 100755 index 0000000..279bc15 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_config.html @@ -0,0 +1,132 @@ + + + + +SSL_CTX_config + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_config, SSL_config - configure SSL_CTX or SSL structure

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_CTX_config(SSL_CTX *ctx, const char *name);
+ int SSL_config(SSL *s, const char *name);
    +

    +

    +
    +

    DESCRIPTION

    +

    The functions SSL_CTX_config() and SSL_config() configure an SSL_CTX or +SSL structure using the configuration name.

    +

    +

    +
    +

    NOTES

    +

    By calling SSL_CTX_config() or SSL_config() an application can perform many +complex tasks based on the contents of the configuration file: greatly +simplifying application configuration code. A degree of future proofing +can also be achieved: an application can support configuration features +in newer versions of OpenSSL automatically.

    +

    A configuration file must have been previously loaded, for example using +CONF_modules_load_file(). See config(5) for details of the configuration +file syntax.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_config() and SSL_config() return 1 for success or 0 if an error +occurred.

    +

    +

    +
    +

    EXAMPLES

    +

    If the file "config.cnf" contains the following:

    +
    + testapp = test_sect
    +
    + [test_sect]
+ # list of configuration modules
    +
    + ssl_conf = ssl_sect
    +
    + [ssl_sect]
+ server = server_section
    +
    + [server_section]
+ RSA.Certificate = server-rsa.pem
+ ECDSA.Certificate = server-ecdsa.pem
+ Ciphers = ALL:!RC4
    +

    An application could call:

    +
    + if (CONF_modules_load_file("config.cnf", "testapp", 0) <= 0) {
+     fprintf(stderr, "Error processing config file\n");
+     goto err;
+ }
    +
    + ctx = SSL_CTX_new(TLS_server_method());
    +
    + if (SSL_CTX_config(ctx, "server") == 0) {
+     fprintf(stderr, "Error configuring server.\n");
+     goto err;
+ }
    +

    In this example two certificates and the cipher list are configured without +the need for any additional application code.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +config(5), +SSL_CONF_cmd(3), +CONF_modules_load_file(3)

    +

    +

    +
    +

    HISTORY

    +

    The SSL_CTX_config() and SSL_config() functions were added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_ctrl.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_ctrl.html new file mode 100755 index 0000000..db77f68 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_ctrl.html @@ -0,0 +1,80 @@ + + + + +SSL_CTX_ctrl + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_ctrl, SSL_CTX_callback_ctrl, SSL_ctrl, SSL_callback_ctrl - internal handling functions for SSL_CTX and SSL objects

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg);
+ long SSL_CTX_callback_ctrl(SSL_CTX *, int cmd, void (*fp)());
    +
    + long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg);
+ long SSL_callback_ctrl(SSL *, int cmd, void (*fp)());
    +

    +

    +
    +

    DESCRIPTION

    +

    The SSL_*_ctrl() family of functions is used to manipulate settings of +the SSL_CTX and SSL objects. Depending on the command cmd the arguments +larg, parg, or fp are evaluated. These functions should never +be called directly. All functionalities needed are made available via +other functions or macros.

    +

    +

    +
    +

    RETURN VALUES

    +

    The return values of the SSL*_ctrl() functions depend on the command +supplied via the cmd parameter.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_dane_enable.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_dane_enable.html new file mode 100755 index 0000000..f05c3fb --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_dane_enable.html @@ -0,0 +1,408 @@ + + + + +SSL_CTX_dane_enable + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_dane_enable, SSL_CTX_dane_mtype_set, SSL_dane_enable, +SSL_dane_tlsa_add, SSL_get0_dane_authority, SSL_get0_dane_tlsa, +SSL_CTX_dane_set_flags, SSL_CTX_dane_clear_flags, +SSL_dane_set_flags, SSL_dane_clear_flags +- enable DANE TLS authentication of the remote TLS server in the local +TLS client

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_CTX_dane_enable(SSL_CTX *ctx);
+ int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md,
+                            uint8_t mtype, uint8_t ord);
+ int SSL_dane_enable(SSL *s, const char *basedomain);
+ int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector,
+                       uint8_t mtype, unsigned const char *data, size_t dlen);
+ int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki);
+ int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector,
+                        uint8_t *mtype, unsigned const char **data,
+                        size_t *dlen);
+ unsigned long SSL_CTX_dane_set_flags(SSL_CTX *ctx, unsigned long flags);
+ unsigned long SSL_CTX_dane_clear_flags(SSL_CTX *ctx, unsigned long flags);
+ unsigned long SSL_dane_set_flags(SSL *ssl, unsigned long flags);
+ unsigned long SSL_dane_clear_flags(SSL *ssl, unsigned long flags);
    +

    +

    +
    +

    DESCRIPTION

    +

    These functions implement support for DANE TLSA (RFC6698 and RFC7671) +peer authentication.

    +

    SSL_CTX_dane_enable() must be called first to initialize the shared state +required for DANE support. +Individual connections associated with the context can then enable +per-connection DANE support as appropriate. +DANE authentication is implemented in the X509_verify_cert(3) function, and +applications that override X509_verify_cert(3) via +SSL_CTX_set_cert_verify_callback(3) are responsible to authenticate the peer +chain in whatever manner they see fit.

    +

    SSL_CTX_dane_mtype_set() may then be called zero or more times to adjust the +supported digest algorithms. +This must be done before any SSL handles are created for the context.

    +

    The mtype argument specifies a DANE TLSA matching type and the md +argument specifies the associated digest algorithm handle. +The ord argument specifies a strength ordinal. +Algorithms with a larger strength ordinal are considered more secure. +Strength ordinals are used to implement RFC7671 digest algorithm agility. +Specifying a NULL digest algorithm for a matching type disables +support for that matching type. +Matching type Full(0) cannot be modified or disabled.

    +

    By default, matching type SHA2-256(1) (see RFC7218 for definitions +of the DANE TLSA parameter acronyms) is mapped to EVP_sha256() +with a strength ordinal of 1 and matching type SHA2-512(2) +is mapped to EVP_sha512() with a strength ordinal of 2.

    +

    SSL_dane_enable() must be called before the SSL handshake is initiated with +SSL_connect(3) if (and only if) you want to enable DANE for that connection. +(The connection must be associated with a DANE-enabled SSL context). +The basedomain argument specifies the RFC7671 TLSA base domain, +which will be the primary peer reference identifier for certificate +name checks. +Additional server names can be specified via SSL_add1_host(3). +The basedomain is used as the default SNI hint if none has yet been +specified via SSL_set_tlsext_host_name(3).

    +

    SSL_dane_tlsa_add() may then be called one or more times, to load each of the +TLSA records that apply to the remote TLS peer. +(This too must be done prior to the beginning of the SSL handshake). +The arguments specify the fields of the TLSA record. +The data field is provided in binary (wire RDATA) form, not the hexadecimal +ASCII presentation form, with an explicit length passed via dlen. +The library takes a copy of the data buffer contents and the caller may +free the original data buffer when convenient. +A return value of 0 indicates that "unusable" TLSA records (with invalid or +unsupported parameters) were provided. +A negative return value indicates an internal error in processing the record.

    +

    The caller is expected to check the return value of each SSL_dane_tlsa_add() +call and take appropriate action if none are usable or an internal error +is encountered in processing some records.

    +

    If no TLSA records are added successfully, DANE authentication is not enabled, +and authentication will be based on any configured traditional trust-anchors; +authentication success in this case does not mean that the peer was +DANE-authenticated.

    +

    SSL_get0_dane_authority() can be used to get more detailed information about +the matched DANE trust-anchor after successful connection completion. +The return value is negative if DANE verification failed (or was not enabled), +0 if an EE TLSA record directly matched the leaf certificate, or a positive +number indicating the depth at which a TA record matched an issuer certificate. +The complete verified chain can be retrieved via SSL_get0_verified_chain(3). +The return value is an index into this verified chain, rather than the list of +certificates sent by the peer as returned by SSL_get_peer_cert_chain(3).

    +

    If the mcert argument is not NULL and a TLSA record matched a chain +certificate, a pointer to the matching certificate is returned via mcert. +The returned address is a short-term internal reference to the certificate and +must not be freed by the application. +Applications that want to retain access to the certificate can call +X509_up_ref(3) to obtain a long-term reference which must then be freed via +X509_free(3) once no longer needed.

    +

    If no TLSA records directly matched any elements of the certificate chain, but +a DANE-TA(2) SPKI(1) Full(0) record provided the public key that signed an +element of the chain, then that key is returned via mspki argument (if not +NULL). +In this case the return value is the depth of the top-most element of the +validated certificate chain. +As with mcert this is a short-term internal reference, and +EVP_PKEY_up_ref(3) and EVP_PKEY_free(3) can be used to acquire and +release long-term references respectively.

    +

    SSL_get0_dane_tlsa() can be used to retrieve the fields of the TLSA record that +matched the peer certificate chain. +The return value indicates the match depth or failure to match just as with +SSL_get0_dane_authority(). +When the return value is non-negative, the storage pointed to by the usage, +selector, mtype and data parameters is updated to the corresponding +TLSA record fields. +The data field is in binary wire form, and is therefore not NUL-terminated, +its length is returned via the dlen parameter. +If any of these parameters is NULL, the corresponding field is not returned. +The data parameter is set to a short-term internal-copy of the associated +data field and must not be freed by the application. +Applications that need long-term access to this field need to copy the content.

    +

    SSL_CTX_dane_set_flags() and SSL_dane_set_flags() can be used to enable +optional DANE verification features. +SSL_CTX_dane_clear_flags() and SSL_dane_clear_flags() can be used to disable +the same features. +The flags argument is a bit-mask of the features to enable or disable. +The flags set for an SSL_CTX context are copied to each SSL handle +associated with that context at the time the handle is created. +Subsequent changes in the context's flags have no effect on the flags set +for the handle.

    +

    At present, the only available option is DANE_FLAG_NO_DANE_EE_NAMECHECKS +which can be used to disable server name checks when authenticating via +DANE-EE(3) TLSA records. +For some applications, primarily web browsers, it is not safe to disable name +checks due to "unknown key share" attacks, in which a malicious server can +convince a client that a connection to a victim server is instead a secure +connection to the malicious server. +The malicious server may then be able to violate cross-origin scripting +restrictions. +Thus, despite the text of RFC7671, name checks are by default enabled for +DANE-EE(3) TLSA records, and can be disabled in applications where it is safe +to do so. +In particular, SMTP and XMPP clients should set this option as SRV and MX +records already make it possible for a remote domain to redirect client +connections to any server of its choice, and in any case SMTP and XMPP clients +do not execute scripts downloaded from remote servers.

    +

    +

    +
    +

    RETURN VALUES

    +

    The functions SSL_CTX_dane_enable(), SSL_CTX_dane_mtype_set(), +SSL_dane_enable() and SSL_dane_tlsa_add() return a positive value on success. +Negative return values indicate resource problems (out of memory, etc.) in the +SSL library, while a return value of 0 indicates incorrect usage or invalid +input, such as an unsupported TLSA record certificate usage, selector or +matching type. +Invalid input also includes malformed data, either a digest length that does +not match the digest algorithm, or a Full(0) (binary ASN.1 DER form) +certificate or a public key that fails to parse.

    +

    The functions SSL_get0_dane_authority() and SSL_get0_dane_tlsa() return a +negative value when DANE authentication failed or was not enabled, a +non-negative value indicates the chain depth at which the TLSA record matched a +chain certificate, or the depth of the top-most certificate, when the TLSA +record is a full public key that is its signer.

    +

    The functions SSL_CTX_dane_set_flags(), SSL_CTX_dane_clear_flags(), +SSL_dane_set_flags() and SSL_dane_clear_flags() return the flags in effect +before they were called.

    +

    +

    +
    +

    EXAMPLES

    +

    Suppose "smtp.example.com" is the MX host of the domain "example.com", and has +DNSSEC-validated TLSA records. +The calls below will perform DANE authentication and arrange to match either +the MX hostname or the destination domain name in the SMTP server certificate. +Wildcards are supported, but must match the entire label. +The actual name matched in the certificate (which might be a wildcard) is +retrieved, and must be copied by the application if it is to be retained beyond +the lifetime of the SSL connection.

    +
    + SSL_CTX *ctx;
+ SSL *ssl;
+ int (*verify_cb)(int ok, X509_STORE_CTX *sctx) = NULL;
+ int num_usable = 0;
+ const char *nexthop_domain = "example.com";
+ const char *dane_tlsa_domain = "smtp.example.com";
+ uint8_t usage, selector, mtype;
    +
    + if ((ctx = SSL_CTX_new(TLS_client_method())) == NULL)
+     /* error */
+ if (SSL_CTX_dane_enable(ctx) <= 0)
+     /* error */
+ if ((ssl = SSL_new(ctx)) == NULL)
+     /* error */
+ if (SSL_dane_enable(ssl, dane_tlsa_domain) <= 0)
+     /* error */
    +
    + /*
+  * For many applications it is safe to skip DANE-EE(3) namechecks.  Do not
+  * disable the checks unless "unknown key share" attacks pose no risk for
+  * your application.
+  */
+ SSL_dane_set_flags(ssl, DANE_FLAG_NO_DANE_EE_NAMECHECKS);
    +
    + if (!SSL_add1_host(ssl, nexthop_domain))
+     /* error */
+ SSL_set_hostflags(ssl, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
    +
    + for (... each TLSA record ...) {
+     unsigned char *data;
+     size_t len;
+     int ret;
    +
    +     /* set usage, selector, mtype, data, len */
    +
    +     /*
+      * Opportunistic DANE TLS clients support only DANE-TA(2) or DANE-EE(3).
+      * They treat all other certificate usages, and in particular PKIX-TA(0)
+      * and PKIX-EE(1), as unusable.
+      */
+     switch (usage) {
+     default:
+     case 0:     /* PKIX-TA(0) */
+     case 1:     /* PKIX-EE(1) */
+         continue;
+     case 2:     /* DANE-TA(2) */
+     case 3:     /* DANE-EE(3) */
+         break;
+     }
    +
    +     ret = SSL_dane_tlsa_add(ssl, usage, selector, mtype, data, len);
+     /* free data as appropriate */
    +
    +     if (ret < 0)
+         /* handle SSL library internal error */
+     else if (ret == 0)
+         /* handle unusable TLSA record */
+     else
+         ++num_usable;
+ }
    +
    + /*
+  * At this point, the verification mode is still the default SSL_VERIFY_NONE.
+  * Opportunistic DANE clients use unauthenticated TLS when all TLSA records
+  * are unusable, so continue the handshake even if authentication fails.
+  */
+ if (num_usable == 0) {
+     /* Log all records unusable? */
    +
    +     /* Optionally set verify_cb to a suitable non-NULL callback. */
+     SSL_set_verify(ssl, SSL_VERIFY_NONE, verify_cb);
+ } else {
+     /* At least one usable record.  We expect to verify the peer */
    +
    +     /* Optionally set verify_cb to a suitable non-NULL callback. */
    +
    +     /*
+      * Below we elect to fail the handshake when peer verification fails.
+      * Alternatively, use the permissive SSL_VERIFY_NONE verification mode,
+      * complete the handshake, check the verification status, and if not
+      * verified disconnect gracefully at the application layer, especially if
+      * application protocol supports informing the server that authentication
+      * failed.
+      */
+     SSL_set_verify(ssl, SSL_VERIFY_PEER, verify_cb);
+ }
    +
    + /*
+  * Load any saved session for resumption, making sure that the previous
+  * session applied the same security and authentication requirements that
+  * would be expected of a fresh connection.
+  */
    +
    + /* Perform SSL_connect() handshake and handle errors here */
    +
    + if (SSL_session_reused(ssl)) {
+     if (SSL_get_verify_result(ssl) == X509_V_OK) {
+         /*
+          * Resumed session was originally verified, this connection is
+          * authenticated.
+          */
+     } else {
+         /*
+          * Resumed session was not originally verified, this connection is not
+          * authenticated.
+          */
+     }
+ } else if (SSL_get_verify_result(ssl) == X509_V_OK) {
+     const char *peername = SSL_get0_peername(ssl);
+     EVP_PKEY *mspki = NULL;
    +
    +     int depth = SSL_get0_dane_authority(ssl, NULL, &mspki);
+     if (depth >= 0) {
+         (void) SSL_get0_dane_tlsa(ssl, &usage, &selector, &mtype, NULL, NULL);
+         printf("DANE TLSA %d %d %d %s at depth %d\n", usage, selector, mtype,
+                (mspki != NULL) ? "TA public key verified certificate" :
+                depth ? "matched TA certificate" : "matched EE certificate",
+                depth);
+     }
+     if (peername != NULL) {
+         /* Name checks were in scope and matched the peername */
+         printf("Verified peername: %s\n", peername);
+     }
+ } else {
+     /*
+      * Not authenticated, presumably all TLSA rrs unusable, but possibly a
+      * callback suppressed connection termination despite the presence of
+      * usable TLSA RRs none of which matched.  Do whatever is appropriate for
+      * fresh unauthenticated connections.
+      */
+ }
    +

    +

    +
    +

    NOTES

    +

    It is expected that the majority of clients employing DANE TLS will be doing +"opportunistic DANE TLS" in the sense of RFC7672 and RFC7435. +That is, they will use DANE authentication when DNSSEC-validated TLSA records +are published for a given peer, and otherwise will use unauthenticated TLS or +even cleartext.

    +

    Such applications should generally treat any TLSA records published by the peer +with usages PKIX-TA(0) and PKIX-EE(1) as "unusable", and should not include +them among the TLSA records used to authenticate peer connections. +In addition, some TLSA records with supported usages may be "unusable" as a +result of invalid or unsupported parameters.

    +

    When a peer has TLSA records, but none are "usable", an opportunistic +application must avoid cleartext, but cannot authenticate the peer, +and so should generally proceed with an unauthenticated connection. +Opportunistic applications need to note the return value of each +call to SSL_dane_tlsa_add(), and if all return 0 (due to invalid +or unsupported parameters) disable peer authentication by calling +SSL_set_verify(3) with mode equal to SSL_VERIFY_NONE.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_new(3), +SSL_add1_host(3), +SSL_set_hostflags(3), +SSL_set_tlsext_host_name(3), +SSL_set_verify(3), +SSL_CTX_set_cert_verify_callback(3), +SSL_get0_verified_chain(3), +SSL_get_peer_cert_chain(3), +SSL_get_verify_result(3), +SSL_connect(3), +SSL_get0_peername(3), +X509_verify_cert(3), +X509_up_ref(3), +X509_free(3), +EVP_get_digestbyname(3), +EVP_PKEY_up_ref(3), +EVP_PKEY_free(3)

    +

    +

    +
    +

    HISTORY

    +

    These functions were added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_flush_sessions.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_flush_sessions.html new file mode 100755 index 0000000..2732139 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_flush_sessions.html @@ -0,0 +1,94 @@ + + + + +SSL_CTX_flush_sessions + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_flush_sessions - remove expired sessions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_flush_sessions() causes a run through the session cache of +ctx to remove sessions expired at time tm.

    +

    +

    +
    +

    NOTES

    +

    If enabled, the internal session cache will collect all sessions established +up to the specified maximum number (see SSL_CTX_sess_set_cache_size()). +As sessions will not be reused ones they are expired, they should be +removed from the cache to save resources. This can either be done +automatically whenever 255 new sessions were established (see +SSL_CTX_set_session_cache_mode(3)) +or manually by calling SSL_CTX_flush_sessions().

    +

    The parameter tm specifies the time which should be used for the +expiration test, in most cases the actual time given by time(0) +will be used.

    +

    SSL_CTX_flush_sessions() will only check sessions stored in the internal +cache. When a session is found and removed, the remove_session_cb is however +called to synchronize with the external cache (see +SSL_CTX_sess_set_get_cb(3)).

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_flush_sessions() does not return a value.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_CTX_set_session_cache_mode(3), +SSL_CTX_set_timeout(3), +SSL_CTX_sess_set_get_cb(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_free.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_free.html new file mode 100755 index 0000000..ecf4731 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_free.html @@ -0,0 +1,88 @@ + + + + +SSL_CTX_free + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_free - free an allocated SSL_CTX object

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + void SSL_CTX_free(SSL_CTX *ctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_free() decrements the reference count of ctx, and removes the +SSL_CTX object pointed to by ctx and frees up the allocated memory if the reference count has reached 0.

    +

    It also calls the free()ing procedures for indirectly affected items, if +applicable: the session cache, the list of ciphers, the list of Client CAs, +the certificates and keys.

    +

    If ctx is NULL nothing is done.

    +

    +

    +
    +

    WARNINGS

    +

    If a session-remove callback is set (SSL_CTX_sess_set_remove_cb()), this +callback will be called for each session being freed from ctx's +session cache. This implies, that all corresponding sessions from an +external session cache are removed as well. If this is not desired, the user +should explicitly unset the callback by calling +SSL_CTX_sess_set_remove_cb(ctx, NULL) prior to calling SSL_CTX_free().

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_free() does not provide diagnostic information.

    +

    +

    +
    +

    SEE ALSO

    +

    SSL_CTX_new(3), ssl(7), +SSL_CTX_sess_set_get_cb(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_get0_param.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_get0_param.html new file mode 100755 index 0000000..f32f8b6 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_get0_param.html @@ -0,0 +1,106 @@ + + + + +SSL_CTX_get0_param + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_get0_param, SSL_get0_param, SSL_CTX_set1_param, SSL_set1_param - +get and set verification parameters

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx)
+ X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl)
+ int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm)
+ int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_get0_param() and SSL_get0_param() retrieve an internal pointer to +the verification parameters for ctx or ssl respectively. The returned +pointer must not be freed by the calling application.

    +

    SSL_CTX_set1_param() and SSL_set1_param() set the verification parameters +to vpm for ctx or ssl.

    +

    +

    +
    +

    NOTES

    +

    Typically parameters are retrieved from an SSL_CTX or SSL structure +using SSL_CTX_get0_param() or SSL_get0_param() and an application modifies +them to suit its needs: for example to add a hostname check.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_get0_param() and SSL_get0_param() return a pointer to an +X509_VERIFY_PARAM structure.

    +

    SSL_CTX_set1_param() and SSL_set1_param() return 1 for success and 0 +for failure.

    +

    +

    +
    +

    EXAMPLES

    +

    Check hostname matches "www.foo.com" in peer certificate:

    +
    + X509_VERIFY_PARAM *vpm = SSL_get0_param(ssl);
+ X509_VERIFY_PARAM_set1_host(vpm, "www.foo.com", 0);
    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +X509_VERIFY_PARAM_set_flags(3)

    +

    +

    +
    +

    HISTORY

    +

    These functions were added in OpenSSL 1.0.2.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_get_verify_mode.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_get_verify_mode.html new file mode 100755 index 0000000..0911b70 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_get_verify_mode.html @@ -0,0 +1,91 @@ + + + + +SSL_CTX_get_verify_mode + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_get_verify_mode, SSL_get_verify_mode, SSL_CTX_get_verify_depth, SSL_get_verify_depth, SSL_get_verify_callback, SSL_CTX_get_verify_callback - get currently set verification parameters

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_CTX_get_verify_mode(const SSL_CTX *ctx);
+ int SSL_get_verify_mode(const SSL *ssl);
+ int SSL_CTX_get_verify_depth(const SSL_CTX *ctx);
+ int SSL_get_verify_depth(const SSL *ssl);
+ int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *);
+ int (*SSL_get_verify_callback(const SSL *ssl))(int, X509_STORE_CTX *);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_get_verify_mode() returns the verification mode currently set in +ctx.

    +

    SSL_get_verify_mode() returns the verification mode currently set in +ssl.

    +

    SSL_CTX_get_verify_depth() returns the verification depth limit currently set +in ctx. If no limit has been explicitly set, -1 is returned and the +default value will be used.

    +

    SSL_get_verify_depth() returns the verification depth limit currently set +in ssl. If no limit has been explicitly set, -1 is returned and the +default value will be used.

    +

    SSL_CTX_get_verify_callback() returns a function pointer to the verification +callback currently set in ctx. If no callback was explicitly set, the +NULL pointer is returned and the default callback will be used.

    +

    SSL_get_verify_callback() returns a function pointer to the verification +callback currently set in ssl. If no callback was explicitly set, the +NULL pointer is returned and the default callback will be used.

    +

    +

    +
    +

    RETURN VALUES

    +

    See DESCRIPTION

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_CTX_set_verify(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_has_client_custom_ext.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_has_client_custom_ext.html new file mode 100755 index 0000000..efef14a --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_has_client_custom_ext.html @@ -0,0 +1,74 @@ + + + + +SSL_CTX_has_client_custom_ext + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_has_client_custom_ext - check whether a handler exists for a particular +client extension type

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_CTX_has_client_custom_ext(const SSL_CTX *ctx, unsigned int ext_type);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_has_client_custom_ext() checks whether a handler has been set for a +client extension of type ext_type using SSL_CTX_add_client_custom_ext().

    +

    +

    +
    +

    RETURN VALUES

    +

    Returns 1 if a handler has been set, 0 otherwise.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_CTX_add_client_custom_ext(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_load_verify_locations.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_load_verify_locations.html new file mode 100755 index 0000000..24d9b3a --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_load_verify_locations.html @@ -0,0 +1,210 @@ + + + + +SSL_CTX_load_verify_locations + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_load_verify_dir, SSL_CTX_load_verify_file, +SSL_CTX_load_verify_store, SSL_CTX_set_default_verify_paths, +SSL_CTX_set_default_verify_dir, SSL_CTX_set_default_verify_file, +SSL_CTX_set_default_verify_store, SSL_CTX_load_verify_locations +- set default locations for trusted CA certificates

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_CTX_load_verify_dir(SSL_CTX *ctx, const char *CApath);
+ int SSL_CTX_load_verify_file(SSL_CTX *ctx, const char *CAfile);
+ int SSL_CTX_load_verify_store(SSL_CTX *ctx, const char *CAstore);
    +
    + int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
    +
    + int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx);
+ int SSL_CTX_set_default_verify_file(SSL_CTX *ctx);
+ int SSL_CTX_set_default_verify_store(SSL_CTX *ctx);
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
+                                   const char *CApath);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_load_verify_dir(), SSL_CTX_load_verify_file(), +SSL_CTX_load_verify_store() specifies the locations for ctx, at +which CA certificates for verification purposes are located. The +certificates available via CAfile, CApath and CAstore are +trusted.

    +

    SSL_CTX_set_default_verify_paths() specifies that the default locations from +which CA certificates are loaded should be used. There is one default directory, +one default file and one default store. +The default CA certificates directory is called certs in the default OpenSSL +directory, and this is also the default store. +Alternatively the SSL_CERT_DIR environment variable can be defined to +override this location. +The default CA certificates file is called cert.pem in the default +OpenSSL directory. +Alternatively the SSL_CERT_FILE environment variable can be defined to +override this location.

    +

    SSL_CTX_set_default_verify_dir() is similar to +SSL_CTX_set_default_verify_paths() except that just the default directory is +used.

    +

    SSL_CTX_set_default_verify_file() is similar to +SSL_CTX_set_default_verify_paths() except that just the default file is +used.

    +

    SSL_CTX_set_default_verify_store() is similar to +SSL_CTX_set_default_verify_paths() except that just the default store is +used.

    +

    +

    +
    +

    NOTES

    +

    If CAfile is not NULL, it points to a file of CA certificates in PEM +format. The file can contain several CA certificates identified by

    +
    + -----BEGIN CERTIFICATE-----
+ ... (CA certificate in base64 encoding) ...
+ -----END CERTIFICATE-----
    +

    sequences. Before, between, and after the certificates text is allowed +which can be used e.g. for descriptions of the certificates.

    +

    The CAfile is processed on execution of the SSL_CTX_load_verify_locations() +function.

    +

    If CApath is not NULL, it points to a directory containing CA certificates +in PEM format. The files each contain one CA certificate. The files are +looked up by the CA subject name hash value, which must hence be available. +If more than one CA certificate with the same name hash value exist, the +extension must be different (e.g. 9d66eef0.0, 9d66eef0.1 etc). The search +is performed in the ordering of the extension number, regardless of other +properties of the certificates. +Use the c_rehash utility to create the necessary links.

    +

    The certificates in CApath are only looked up when required, e.g. when +building the certificate chain or when actually performing the verification +of a peer certificate.

    +

    When looking up CA certificates, the OpenSSL library will first search the +certificates in CAfile, then those in CApath. Certificate matching +is done based on the subject name, the key identifier (if present), and the +serial number as taken from the certificate to be verified. If these data +do not match, the next certificate will be tried. If a first certificate +matching the parameters is found, the verification process will be performed; +no other certificates for the same parameters will be searched in case of +failure.

    +

    If CAstore is not NULL, it's a URI for to a store, which may +represent a single container or a whole catalogue of containers. +Apart from the CAstore not necessarily being a local file or +directory, it's generally treated the same way as a CApath.

    +

    In server mode, when requesting a client certificate, the server must send +the list of CAs of which it will accept client certificates. This list +is not influenced by the contents of CAfile or CApath and must +explicitly be set using the +SSL_CTX_set_client_CA_list(3) +family of functions.

    +

    When building its own certificate chain, an OpenSSL client/server will +try to fill in missing certificates from CAfile/CApath, if the +certificate chain was not explicitly specified (see +SSL_CTX_add_extra_chain_cert(3), +SSL_CTX_use_certificate(3).

    +

    +

    +
    +

    WARNINGS

    +

    If several CA certificates matching the name, key identifier, and serial +number condition are available, only the first one will be examined. This +may lead to unexpected results if the same CA certificate is available +with different expiration dates. If a "certificate expired" verification +error occurs, no other certificate will be searched. Make sure to not +have expired certificates mixed with valid ones.

    +

    +

    +
    +

    RETURN VALUES

    +

    For SSL_CTX_load_verify_locations the following return values can occur:

    +
      +
    1. +

      The operation failed because CAfile and CApath are NULL or the +processing at one of the locations specified failed. Check the error +stack to find out the reason.

      +
      2. +
    2. +

      The operation succeeded.

      +
      3. +
    +

    SSL_CTX_set_default_verify_paths(), SSL_CTX_set_default_verify_dir() and +SSL_CTX_set_default_verify_file() all return 1 on success or 0 on failure. A +missing default location is still treated as a success.

    +

    +

    +
    +

    EXAMPLES

    +

    Generate a CA certificate file with descriptive text from the CA certificates +ca1.pem ca2.pem ca3.pem:

    +
    + #!/bin/sh
+ rm CAfile.pem
+ for i in ca1.pem ca2.pem ca3.pem ; do
+     openssl x509 -in $i -text >> CAfile.pem
+ done
    +

    Prepare the directory /some/where/certs containing several CA certificates +for use as CApath:

    +
    + cd /some/where/certs
+ c_rehash .
    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_CTX_set_client_CA_list(3), +SSL_get_client_CA_list(3), +SSL_CTX_use_certificate(3), +SSL_CTX_add_extra_chain_cert(3), +SSL_CTX_set_cert_store(3), +SSL_CTX_set_client_CA_list(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_new.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_new.html new file mode 100755 index 0000000..2ba8971 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_new.html @@ -0,0 +1,275 @@ + + + + +SSL_CTX_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    TLSv1_2_method, TLSv1_2_server_method, TLSv1_2_client_method, +SSL_CTX_new, SSL_CTX_new_with_libctx, SSL_CTX_up_ref, SSLv3_method, +SSLv3_server_method, SSLv3_client_method, TLSv1_method, TLSv1_server_method, +TLSv1_client_method, TLSv1_1_method, TLSv1_1_server_method, +TLSv1_1_client_method, TLS_method, TLS_server_method, TLS_client_method, +SSLv23_method, SSLv23_server_method, SSLv23_client_method, DTLS_method, +DTLS_server_method, DTLS_client_method, DTLSv1_method, DTLSv1_server_method, +DTLSv1_client_method, DTLSv1_2_method, DTLSv1_2_server_method, +DTLSv1_2_client_method +- create a new SSL_CTX object as framework for TLS/SSL or DTLS enabled +functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + SSL_CTX *SSL_CTX_new_with_libctx(OPENSSL_CTX *libctx, const char *propq,
+                                  const SSL_METHOD *method);
+ SSL_CTX *SSL_CTX_new(const SSL_METHOD *method);
+ int SSL_CTX_up_ref(SSL_CTX *ctx);
    +
    + const SSL_METHOD *TLS_method(void);
+ const SSL_METHOD *TLS_server_method(void);
+ const SSL_METHOD *TLS_client_method(void);
    +
    + const SSL_METHOD *SSLv23_method(void);
+ const SSL_METHOD *SSLv23_server_method(void);
+ const SSL_METHOD *SSLv23_client_method(void);
    +
    + #ifndef OPENSSL_NO_SSL3_METHOD
+ const SSL_METHOD *SSLv3_method(void);
+ const SSL_METHOD *SSLv3_server_method(void);
+ const SSL_METHOD *SSLv3_client_method(void);
+ #endif
    +
    + #ifndef OPENSSL_NO_TLS1_METHOD
+ const SSL_METHOD *TLSv1_method(void);
+ const SSL_METHOD *TLSv1_server_method(void);
+ const SSL_METHOD *TLSv1_client_method(void);
+ #endif
    +
    + #ifndef OPENSSL_NO_TLS1_1_METHOD
+ const SSL_METHOD *TLSv1_1_method(void);
+ const SSL_METHOD *TLSv1_1_server_method(void);
+ const SSL_METHOD *TLSv1_1_client_method(void);
+ #endif
    +
    + #ifndef OPENSSL_NO_TLS1_2_METHOD
+ const SSL_METHOD *TLSv1_2_method(void);
+ const SSL_METHOD *TLSv1_2_server_method(void);
+ const SSL_METHOD *TLSv1_2_client_method(void);
+ #endif
    +
    + const SSL_METHOD *DTLS_method(void);
+ const SSL_METHOD *DTLS_server_method(void);
+ const SSL_METHOD *DTLS_client_method(void);
    +
    + #ifndef OPENSSL_NO_DTLS1_METHOD
+ const SSL_METHOD *DTLSv1_method(void);
+ const SSL_METHOD *DTLSv1_server_method(void);
+ const SSL_METHOD *DTLSv1_client_method(void);
+ #endif
    +
    + #ifndef OPENSSL_NO_DTLS1_2_METHOD
+ const SSL_METHOD *DTLSv1_2_method(void);
+ const SSL_METHOD *DTLSv1_2_server_method(void);
+ const SSL_METHOD *DTLSv1_2_client_method(void);
+ #endif
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_new_with_libctx() creates a new SSL_CTX object as a framework to +establish TLS/SSL or DTLS enabled connections using the library context +libctx (see OPENSSL_CTX(3)). Any cryptographic algorithms that are used +by any SSL objects created from this SSL_CTX will be fetched from the +libctx using the property query string propq (see +provider(7)/Fetching algorithms. Either or both the libctx or propq +parameters may be NULL.

    +

    SSL_CTX_new() does the same as SSL_CTX_new_with_libctx() except that the default +library context is used and no property query string is specified.

    +

    An SSL_CTX object is reference counted. Creating an SSL_CTX object for the +first time increments the reference count. Freeing the SSL_CTX (using +SSL_CTX_free) decrements it. When the reference count drops to zero, any memory +or resources allocated to the SSL_CTX object are freed. SSL_CTX_up_ref() +increments the reference count for an existing SSL_CTX structure.

    +

    +

    +
    +

    NOTES

    +

    The SSL_CTX object uses method as the connection method. +The methods exist in a generic type (for client and server use), a server only +type, and a client only type. +method can be one of the following types:

    +
    +
    TLS_method(), TLS_server_method(), TLS_client_method()
    + +
    +

    These are the general-purpose version-flexible SSL/TLS methods. +The actual protocol version used will be negotiated to the highest version +mutually supported by the client and the server. +The supported protocols are SSLv3, TLSv1, TLSv1.1, TLSv1.2 and TLSv1.3. +Applications should use these methods, and avoid the version-specific +methods described below, which are deprecated.

    +
    +
    SSLv23_method(), SSLv23_server_method(), SSLv23_client_method()
    + +
    +

    These functions do not exist anymore, they have been renamed to +TLS_method(), TLS_server_method() and TLS_client_method() respectively. +Currently, the old function calls are renamed to the corresponding new +ones by preprocessor macros, to ensure that existing code which uses the +old function names still compiles. However, using the old function names +is deprecated and new code should call the new functions instead.

    +
    +
    TLSv1_2_method(), TLSv1_2_server_method(), TLSv1_2_client_method()
    + +
    +

    A TLS/SSL connection established with these methods will only understand the +TLSv1.2 protocol. These methods are deprecated.

    +
    +
    TLSv1_1_method(), TLSv1_1_server_method(), TLSv1_1_client_method()
    + +
    +

    A TLS/SSL connection established with these methods will only understand the +TLSv1.1 protocol. These methods are deprecated.

    +
    +
    TLSv1_method(), TLSv1_server_method(), TLSv1_client_method()
    + +
    +

    A TLS/SSL connection established with these methods will only understand the +TLSv1 protocol. These methods are deprecated.

    +
    +
    SSLv3_method(), SSLv3_server_method(), SSLv3_client_method()
    + +
    +

    A TLS/SSL connection established with these methods will only understand the +SSLv3 protocol. +The SSLv3 protocol is deprecated and should not be used.

    +
    +
    DTLS_method(), DTLS_server_method(), DTLS_client_method()
    + +
    +

    These are the version-flexible DTLS methods. +Currently supported protocols are DTLS 1.0 and DTLS 1.2.

    +
    +
    DTLSv1_2_method(), DTLSv1_2_server_method(), DTLSv1_2_client_method()
    + +
    +

    These are the version-specific methods for DTLSv1.2. +These methods are deprecated.

    +
    +
    DTLSv1_method(), DTLSv1_server_method(), DTLSv1_client_method()
    + +
    +

    These are the version-specific methods for DTLSv1. +These methods are deprecated.

    +
    +
    +

    SSL_CTX_new() initializes the list of ciphers, the session cache setting, the +callbacks, the keys and certificates and the options to their default values.

    +

    TLS_method(), TLS_server_method(), TLS_client_method(), DTLS_method(), +DTLS_server_method() and DTLS_client_method() are the version-flexible +methods. +All other methods only support one specific protocol version. +Use the version-flexible methods instead of the version specific methods.

    +

    If you want to limit the supported protocols for the version flexible +methods you can use SSL_CTX_set_min_proto_version(3), +SSL_set_min_proto_version(3), SSL_CTX_set_max_proto_version(3) and +SSL_set_max_proto_version(3) functions. +Using these functions it is possible to choose e.g. TLS_server_method() +and be able to negotiate with all possible clients, but to only +allow newer protocols like TLS 1.0, TLS 1.1, TLS 1.2 or TLS 1.3.

    +

    The list of protocols available can also be limited using the +SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1, +SSL_OP_NO_TLSv1_3, SSL_OP_NO_TLSv1_2 and SSL_OP_NO_TLSv1_3 +options of the +SSL_CTX_set_options(3) or SSL_set_options(3) functions, but this approach +is not recommended. Clients should avoid creating "holes" in the set of +protocols they support. When disabling a protocol, make sure that you also +disable either all previous or all subsequent protocol versions. +In clients, when a protocol version is disabled without disabling all +previous protocol versions, the effect is to also disable all subsequent +protocol versions.

    +

    The SSLv3 protocol is deprecated and should generally not be used. +Applications should typically use SSL_CTX_set_min_proto_version(3) to set +the minimum protocol to at least TLS1_VERSION.

    +

    +

    +
    +

    RETURN VALUES

    +

    The following return values can occur:

    +
    +
    NULL
    + +
    +

    The creation of a new SSL_CTX object failed. Check the error stack to find out +the reason.

    +
    +
    Pointer to an SSL_CTX object
    + +
    +

    The return value points to an allocated SSL_CTX object.

    +

    SSL_CTX_up_ref() returns 1 for success and 0 for failure.

    +
    +
    +

    +

    +
    +

    SEE ALSO

    +

    SSL_CTX_set_options(3), SSL_CTX_free(3), SSL_accept(3), +SSL_CTX_set_min_proto_version(3), ssl(7), SSL_set_connect_state(3)

    +

    +

    +
    +

    HISTORY

    +

    Support for SSLv2 and the corresponding SSLv2_method(), +SSLv2_server_method() and SSLv2_client_method() functions where +removed in OpenSSL 1.1.0.

    +

    SSLv23_method(), SSLv23_server_method() and SSLv23_client_method() +were deprecated and the preferred TLS_method(), TLS_server_method() +and TLS_client_method() functions were added in OpenSSL 1.1.0.

    +

    All version-specific methods were deprecated in OpenSSL 1.1.0.

    +

    SSL_CTX_new_with_libctx() was added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_sess_number.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_sess_number.html new file mode 100755 index 0000000..6447ead --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_sess_number.html @@ -0,0 +1,111 @@ + + + + +SSL_CTX_sess_number + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_sess_number, SSL_CTX_sess_connect, SSL_CTX_sess_connect_good, SSL_CTX_sess_connect_renegotiate, SSL_CTX_sess_accept, SSL_CTX_sess_accept_good, SSL_CTX_sess_accept_renegotiate, SSL_CTX_sess_hits, SSL_CTX_sess_cb_hits, SSL_CTX_sess_misses, SSL_CTX_sess_timeouts, SSL_CTX_sess_cache_full - obtain session cache statistics

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + long SSL_CTX_sess_number(SSL_CTX *ctx);
+ long SSL_CTX_sess_connect(SSL_CTX *ctx);
+ long SSL_CTX_sess_connect_good(SSL_CTX *ctx);
+ long SSL_CTX_sess_connect_renegotiate(SSL_CTX *ctx);
+ long SSL_CTX_sess_accept(SSL_CTX *ctx);
+ long SSL_CTX_sess_accept_good(SSL_CTX *ctx);
+ long SSL_CTX_sess_accept_renegotiate(SSL_CTX *ctx);
+ long SSL_CTX_sess_hits(SSL_CTX *ctx);
+ long SSL_CTX_sess_cb_hits(SSL_CTX *ctx);
+ long SSL_CTX_sess_misses(SSL_CTX *ctx);
+ long SSL_CTX_sess_timeouts(SSL_CTX *ctx);
+ long SSL_CTX_sess_cache_full(SSL_CTX *ctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_sess_number() returns the current number of sessions in the internal +session cache.

    +

    SSL_CTX_sess_connect() returns the number of started SSL/TLS handshakes in +client mode.

    +

    SSL_CTX_sess_connect_good() returns the number of successfully established +SSL/TLS sessions in client mode.

    +

    SSL_CTX_sess_connect_renegotiate() returns the number of started renegotiations +in client mode.

    +

    SSL_CTX_sess_accept() returns the number of started SSL/TLS handshakes in +server mode.

    +

    SSL_CTX_sess_accept_good() returns the number of successfully established +SSL/TLS sessions in server mode.

    +

    SSL_CTX_sess_accept_renegotiate() returns the number of started renegotiations +in server mode.

    +

    SSL_CTX_sess_hits() returns the number of successfully reused sessions. +In client mode a session set with SSL_set_session(3) +successfully reused is counted as a hit. In server mode a session successfully +retrieved from internal or external cache is counted as a hit.

    +

    SSL_CTX_sess_cb_hits() returns the number of successfully retrieved sessions +from the external session cache in server mode.

    +

    SSL_CTX_sess_misses() returns the number of sessions proposed by clients +that were not found in the internal session cache in server mode.

    +

    SSL_CTX_sess_timeouts() returns the number of sessions proposed by clients +and either found in the internal or external session cache in server mode, + but that were invalid due to timeout. These sessions are not included in +the SSL_CTX_sess_hits() count.

    +

    SSL_CTX_sess_cache_full() returns the number of sessions that were removed +because the maximum session cache size was exceeded.

    +

    +

    +
    +

    RETURN VALUES

    +

    The functions return the values indicated in the DESCRIPTION section.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_set_session(3), +SSL_CTX_set_session_cache_mode(3) +SSL_CTX_sess_set_cache_size(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_sess_set_cache_size.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_sess_set_cache_size.html new file mode 100755 index 0000000..c3f5e70 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_sess_set_cache_size.html @@ -0,0 +1,97 @@ + + + + +SSL_CTX_sess_set_cache_size + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_sess_set_cache_size, SSL_CTX_sess_get_cache_size - manipulate session cache size

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + long SSL_CTX_sess_set_cache_size(SSL_CTX *ctx, long t);
+ long SSL_CTX_sess_get_cache_size(SSL_CTX *ctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_sess_set_cache_size() sets the size of the internal session cache +of context ctx to t. +This value is a hint and not an absolute; see the notes below.

    +

    SSL_CTX_sess_get_cache_size() returns the currently valid session cache size.

    +

    +

    +
    +

    NOTES

    +

    The internal session cache size is SSL_SESSION_CACHE_MAX_SIZE_DEFAULT, +currently 1024*20, so that up to 20000 sessions can be held. This size +can be modified using the SSL_CTX_sess_set_cache_size() call. A special +case is the size 0, which is used for unlimited size.

    +

    If adding the session makes the cache exceed its size, then unused +sessions are dropped from the end of the cache. +Cache space may also be reclaimed by calling +SSL_CTX_flush_sessions(3) to remove +expired sessions.

    +

    If the size of the session cache is reduced and more sessions are already +in the session cache, old session will be removed at the next time a +session shall be added. This removal is not synchronized with the +expiration of sessions.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_sess_set_cache_size() returns the previously valid size.

    +

    SSL_CTX_sess_get_cache_size() returns the currently valid size.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_CTX_set_session_cache_mode(3), +SSL_CTX_sess_number(3), +SSL_CTX_flush_sessions(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_sess_set_get_cb.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_sess_set_get_cb.html new file mode 100755 index 0000000..5b7e3a6 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_sess_set_get_cb.html @@ -0,0 +1,151 @@ + + + + +SSL_CTX_sess_set_get_cb + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_sess_set_new_cb, SSL_CTX_sess_set_remove_cb, SSL_CTX_sess_set_get_cb, SSL_CTX_sess_get_new_cb, SSL_CTX_sess_get_remove_cb, SSL_CTX_sess_get_get_cb - provide callback functions for server side external session caching

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
+                              int (*new_session_cb)(SSL *, SSL_SESSION *));
+ void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
+                                 void (*remove_session_cb)(SSL_CTX *ctx,
+                                                           SSL_SESSION *));
+ void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
+                              SSL_SESSION (*get_session_cb)(SSL *,
+                                                            const unsigned char *,
+                                                            int, int *));
    +
    + int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl,
+                                              SSL_SESSION *sess);
+ void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx,
+                                                  SSL_SESSION *sess);
+ SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl,
+                                                       const unsigned char *data,
+                                                       int len, int *copy);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_sess_set_new_cb() sets the callback function, which is automatically +called whenever a new session was negotiated.

    +

    SSL_CTX_sess_set_remove_cb() sets the callback function, which is +automatically called whenever a session is removed by the SSL engine, +because it is considered faulty or the session has become obsolete because +of exceeding the timeout value.

    +

    SSL_CTX_sess_set_get_cb() sets the callback function which is called, +whenever a SSL/TLS client proposed to resume a session but the session +could not be found in the internal session cache (see +SSL_CTX_set_session_cache_mode(3)). +(SSL/TLS server only.)

    +

    SSL_CTX_sess_get_new_cb(), SSL_CTX_sess_get_remove_cb(), and +SSL_CTX_sess_get_get_cb() retrieve the function pointers set by the +corresponding set callback functions. If a callback function has not been +set, the NULL pointer is returned.

    +

    +

    +
    +

    NOTES

    +

    In order to allow external session caching, synchronization with the internal +session cache is realized via callback functions. Inside these callback +functions, session can be saved to disk or put into a database using the +d2i_SSL_SESSION(3) interface.

    +

    The new_session_cb() is called whenever a new session has been negotiated and +session caching is enabled (see SSL_CTX_set_session_cache_mode(3)). The +new_session_cb() is passed the ssl connection and the ssl session sess. +Since sessions are reference-counted objects, the reference count on the +session is incremented before the callback, on behalf of the application. If +the callback returns 0, the session will be immediately removed from the +internal cache and the reference count released. If the callback returns 1, +the application retains the reference (for an entry in the +application-maintained "external session cache"), and is responsible for +calling SSL_SESSION_free() when the session reference is no longer in use.

    +

    Note that in TLSv1.3, sessions are established after the main +handshake has completed. The server decides when to send the client the session +information and this may occur some time after the end of the handshake (or not +at all). This means that applications should expect the new_session_cb() +function to be invoked during the handshake (for <= TLSv1.2) or after the +handshake (for TLSv1.3). It is also possible in TLSv1.3 for multiple sessions to +be established with a single connection. In these case the new_session_cb() +function will be invoked multiple times.

    +

    In TLSv1.3 it is recommended that each SSL_SESSION object is only used for +resumption once. One way of enforcing that is for applications to call +SSL_CTX_remove_session(3) after a session has been used.

    +

    The remove_session_cb() is called, whenever the SSL engine removes a session +from the internal cache. This happens when the session is removed because +it is expired or when a connection was not shutdown cleanly. It also happens +for all sessions in the internal session cache when +SSL_CTX_free(3) is called. The remove_session_cb() is passed +the ctx and the ssl session sess. It does not provide any feedback.

    +

    The get_session_cb() is only called on SSL/TLS servers with the session id +proposed by the client. The get_session_cb() is always called, also when +session caching was disabled. The get_session_cb() is passed the +ssl connection, the session id of length length at the memory location +data. With the parameter copy the callback can require the +SSL engine to increment the reference count of the SSL_SESSION object, +Normally the reference count is not incremented and therefore the +session must not be explicitly freed with +SSL_SESSION_free(3).

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_sess_get_new_cb(), SSL_CTX_sess_get_remove_cb() and SSL_CTX_sess_get_get_cb() +return different callback function pointers respectively.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), d2i_SSL_SESSION(3), +SSL_CTX_set_session_cache_mode(3), +SSL_CTX_flush_sessions(3), +SSL_SESSION_free(3), +SSL_CTX_free(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_sessions.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_sessions.html new file mode 100755 index 0000000..4946bfd --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_sessions.html @@ -0,0 +1,86 @@ + + + + +SSL_CTX_sessions + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_sessions - access internal session cache

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_sessions() returns a pointer to the lhash databases containing the +internal session cache for ctx.

    +

    +

    +
    +

    NOTES

    +

    The sessions in the internal session cache are kept in an +LHASH(3) type database. It is possible to directly +access this database e.g. for searching. In parallel, the sessions +form a linked list which is maintained separately from the +LHASH(3) operations, so that the database must not be +modified directly but by using the +SSL_CTX_add_session(3) family of functions.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_sessions() returns a pointer to the lhash of SSL_SESSION.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), LHASH(3), +SSL_CTX_add_session(3), +SSL_CTX_set_session_cache_mode(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set0_CA_list.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set0_CA_list.html new file mode 100755 index 0000000..dc6c430 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set0_CA_list.html @@ -0,0 +1,205 @@ + + + + +SSL_CTX_set0_CA_list + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_client_CA_list, +SSL_set_client_CA_list, +SSL_get_client_CA_list, +SSL_CTX_get_client_CA_list, +SSL_CTX_add_client_CA, +SSL_add_client_CA, +SSL_set0_CA_list, +SSL_CTX_set0_CA_list, +SSL_get0_CA_list, +SSL_CTX_get0_CA_list, +SSL_add1_to_CA_list, +SSL_CTX_add1_to_CA_list, +SSL_get0_peer_CA_list +- get or set CA list

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list);
+ void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list);
+ STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s);
+ STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx);
+ int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *cacert);
+ int SSL_add_client_CA(SSL *ssl, X509 *cacert);
    +
    + void SSL_CTX_set0_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list);
+ void SSL_set0_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list);
+ const STACK_OF(X509_NAME) *SSL_CTX_get0_CA_list(const SSL_CTX *ctx);
+ const STACK_OF(X509_NAME) *SSL_get0_CA_list(const SSL *s);
+ int SSL_CTX_add1_to_CA_list(SSL_CTX *ctx, const X509 *x);
+ int SSL_add1_to_CA_list(SSL *ssl, const X509 *x);
    +
    + const STACK_OF(X509_NAME) *SSL_get0_peer_CA_list(const SSL *s);
    +

    +

    +
    +

    DESCRIPTION

    +

    The functions described here set and manage the list of CA names that are sent +between two communicating peers.

    +

    For TLS versions 1.2 and earlier the list of CA names is only sent from the +server to the client when requesting a client certificate. So any list of CA +names set is never sent from client to server and the list of CA names retrieved +by SSL_get0_peer_CA_list() is always NULL.

    +

    For TLS 1.3 the list of CA names is sent using the certificate_authorities +extension and may be sent by a client (in the ClientHello message) or by +a server (when requesting a certificate).

    +

    In most cases it is not necessary to set CA names on the client side. The list +of CA names that are acceptable to the client will be sent in plaintext to the +server. This has privacy implications and may also have performance implications +if the list is large. This optional capability was introduced as part of TLSv1.3 +and therefore setting CA names on the client side will have no impact if that +protocol version has been disabled. Most servers do not need this and so this +should be avoided unless required.

    +

    The "client CA list" functions below only have an effect when called on the +server side.

    +

    SSL_CTX_set_client_CA_list() sets the list of CAs sent to the client when +requesting a client certificate for ctx. Ownership of list is transferred +to ctx and it should not be freed by the caller.

    +

    SSL_set_client_CA_list() sets the list of CAs sent to the client when +requesting a client certificate for the chosen ssl, overriding the +setting valid for ssl's SSL_CTX object. Ownership of list is transferred +to s and it should not be freed by the caller.

    +

    SSL_CTX_get_client_CA_list() returns the list of client CAs explicitly set for +ctx using SSL_CTX_set_client_CA_list(). The returned list should not be freed +by the caller.

    +

    SSL_get_client_CA_list() returns the list of client CAs explicitly +set for ssl using SSL_set_client_CA_list() or ssl's SSL_CTX object with +SSL_CTX_set_client_CA_list(), when in server mode. In client mode, +SSL_get_client_CA_list returns the list of client CAs sent from the server, if +any. The returned list should not be freed by the caller.

    +

    SSL_CTX_add_client_CA() adds the CA name extracted from cacert to the +list of CAs sent to the client when requesting a client certificate for +ctx.

    +

    SSL_add_client_CA() adds the CA name extracted from cacert to the +list of CAs sent to the client when requesting a client certificate for +the chosen ssl, overriding the setting valid for ssl's SSL_CTX object.

    +

    SSL_get0_peer_CA_list() retrieves the list of CA names (if any) the peer +has sent. This can be called on either the server or the client side. The +returned list should not be freed by the caller.

    +

    The "generic CA list" functions below are very similar to the "client CA +list" functions except that they have an effect on both the server and client +sides. The lists of CA names managed are separate - so you cannot (for example) +set CA names using the "client CA list" functions and then get them using the +"generic CA list" functions. Where a mix of the two types of functions has been +used on the server side then the "client CA list" functions take precedence. +Typically, on the server side, the "client CA list " functions should be used in +preference. As noted above in most cases it is not necessary to set CA names on +the client side.

    +

    SSL_CTX_set0_CA_list() sets the list of CAs to be sent to the peer to +name_list. Ownership of name_list is transferred to ctx and +it should not be freed by the caller.

    +

    SSL_set0_CA_list() sets the list of CAs to be sent to the peer to name_list +overriding any list set in the parent SSL_CTX of s. Ownership of +name_list is transferred to s and it should not be freed by the caller.

    +

    SSL_CTX_get0_CA_list() retrieves any previously set list of CAs set for +ctx. The returned list should not be freed by the caller.

    +

    SSL_get0_CA_list() retrieves any previously set list of CAs set for +s or if none are set the list from the parent SSL_CTX is retrieved. The +returned list should not be freed by the caller.

    +

    SSL_CTX_add1_to_CA_list() appends the CA subject name extracted from x to the +list of CAs sent to peer for ctx.

    +

    SSL_add1_to_CA_list() appends the CA subject name extracted from x to the +list of CAs sent to the peer for s, overriding the setting in the parent +SSL_CTX.

    +

    +

    +
    +

    NOTES

    +

    When a TLS/SSL server requests a client certificate (see +SSL_CTX_set_verify(3)), it sends a list of CAs, for which it will accept +certificates, to the client.

    +

    This list must explicitly be set using SSL_CTX_set_client_CA_list() or +SSL_CTX_set0_CA_list() for ctx and SSL_set_client_CA_list() or +SSL_set0_CA_list() for the specific ssl. The list specified +overrides the previous setting. The CAs listed do not become trusted (list +only contains the names, not the complete certificates); use +SSL_CTX_load_verify_locations(3) to additionally load them for verification.

    +

    If the list of acceptable CAs is compiled in a file, the +SSL_load_client_CA_file(3) function can be used to help to import the +necessary data.

    +

    SSL_CTX_add_client_CA(), SSL_CTX_add1_to_CA_list(), SSL_add_client_CA() and +SSL_add1_to_CA_list() can be used to add additional items the list of CAs. If no +list was specified before using SSL_CTX_set_client_CA_list(), +SSL_CTX_set0_CA_list(), SSL_set_client_CA_list() or SSL_set0_CA_list(), a +new CA list for ctx or ssl (as appropriate) is opened.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_set_client_CA_list(), SSL_set_client_CA_list(), +SSL_CTX_set_client_CA_list(), SSL_set_client_CA_list(), SSL_CTX_set0_CA_list() +and SSL_set0_CA_list() do not return a value.

    +

    SSL_CTX_get_client_CA_list(), SSL_get_client_CA_list(), SSL_CTX_get0_CA_list() +and SSL_get0_CA_list() return a stack of CA names or NULL is no CA names are +set.

    +

    SSL_CTX_add_client_CA(),SSL_add_client_CA(), SSL_CTX_add1_to_CA_list() and +SSL_add1_to_CA_list() return 1 for success and 0 for failure.

    +

    SSL_get0_peer_CA_list() returns a stack of CA names sent by the peer or +NULL or an empty stack if no list was sent.

    +

    +

    +
    +

    EXAMPLES

    +

    Scan all certificates in CAfile and list them as acceptable CAs:

    +
    + SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile));
    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_load_client_CA_file(3), +SSL_CTX_load_verify_locations(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set1_curves.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set1_curves.html new file mode 100755 index 0000000..42c4047 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set1_curves.html @@ -0,0 +1,156 @@ + + + + +SSL_CTX_set1_curves + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set1_groups, SSL_CTX_set1_groups_list, SSL_set1_groups, +SSL_set1_groups_list, SSL_get1_groups, SSL_get_shared_group, +SSL_get_negotiated_group, SSL_CTX_set1_curves, SSL_CTX_set1_curves_list, +SSL_set1_curves, SSL_set1_curves_list, SSL_get1_curves, SSL_get_shared_curve +- EC supported curve functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_CTX_set1_groups(SSL_CTX *ctx, int *glist, int glistlen);
+ int SSL_CTX_set1_groups_list(SSL_CTX *ctx, char *list);
    +
    + int SSL_set1_groups(SSL *ssl, int *glist, int glistlen);
+ int SSL_set1_groups_list(SSL *ssl, char *list);
    +
    + int SSL_get1_groups(SSL *ssl, int *groups);
+ int SSL_get_shared_group(SSL *s, int n);
+ int SSL_get_negotiated_group(SSL *s);
    +
    + int SSL_CTX_set1_curves(SSL_CTX *ctx, int *clist, int clistlen);
+ int SSL_CTX_set1_curves_list(SSL_CTX *ctx, char *list);
    +
    + int SSL_set1_curves(SSL *ssl, int *clist, int clistlen);
+ int SSL_set1_curves_list(SSL *ssl, char *list);
    +
    + int SSL_get1_curves(SSL *ssl, int *curves);
+ int SSL_get_shared_curve(SSL *s, int n);
    +

    +

    +
    +

    DESCRIPTION

    +

    For all of the functions below that set the supported groups there must be at +least one group in the list.

    +

    SSL_CTX_set1_groups() sets the supported groups for ctx to glistlen +groups in the array glist. The array consist of all NIDs of groups in +preference order. For a TLS client the groups are used directly in the +supported groups extension. For a TLS server the groups are used to +determine the set of shared groups. Currently supported groups for +TLSv1.3 are NID_X9_62_prime256v1, NID_secp384r1, NID_secp521r1, +NID_X25519, NID_X448, NID_ffdhe2048, NID_ffdhe3072, +NID_ffdhe4096, NID_ffdhe6144 and NID_ffdhe8192.

    +

    SSL_CTX_set1_groups_list() sets the supported groups for ctx to +string list. The string is a colon separated list of group NIDs or +names, for example "P-521:P-384:P-256:X25519:ffdhe2048". Currently supported +groups for TLSv1.3 are P-256, P-384, P-521, X25519, X448, +ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192.

    +

    SSL_set1_groups() and SSL_set1_groups_list() are similar except they set +supported groups for the SSL structure ssl.

    +

    SSL_get1_groups() returns the set of supported groups sent by a client +in the supported groups extension. It returns the total number of +supported groups. The groups parameter can be NULL to simply +return the number of groups for memory allocation purposes. The +groups array is in the form of a set of group NIDs in preference +order. It can return zero if the client did not send a supported groups +extension.

    +

    SSL_get_shared_group() returns shared group n for a server-side +SSL ssl. If n is -1 then the total number of shared groups is +returned, which may be zero. Other than for diagnostic purposes, +most applications will only be interested in the first shared group +so n is normally set to zero. If the value n is out of range, +NID_undef is returned.

    +

    SSL_get_negotiated_group() returns the negotiated group on a TLSv1.3 connection +for key exchange. This can be called by either client or server.

    +

    All these functions are implemented as macros.

    +

    The curve functions are synonyms for the equivalently named group functions and +are identical in every respect. They exist because, prior to TLS1.3, there was +only the concept of supported curves. In TLS1.3 this was renamed to supported +groups, and extended to include Diffie Hellman groups. The group functions +should be used in preference.

    +

    +

    +
    +

    NOTES

    +

    If an application wishes to make use of several of these functions for +configuration purposes either on a command line or in a file it should +consider using the SSL_CONF interface instead of manually parsing options.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_set1_groups(), SSL_CTX_set1_groups_list(), SSL_set1_groups() and +SSL_set1_groups_list(), return 1 for success and 0 for failure.

    +

    SSL_get1_groups() returns the number of groups, which may be zero.

    +

    SSL_get_shared_group() returns the NID of shared group n or NID_undef if there +is no shared group n; or the total number of shared groups if n +is -1.

    +

    When called on a client ssl, SSL_get_shared_group() has no meaning and +returns -1.

    +

    SSL_get_negotiated_group() returns the NID of the negotiated group on a +TLSv1.3 connection for key exchange. Or it returns NID_undef if no negotiated +group.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_CTX_add_extra_chain_cert(3)

    +

    +

    +
    +

    HISTORY

    +

    The curve functions were added in OpenSSL 1.0.2. The equivalent group +functions were added in OpenSSL 1.1.1. The SSL_get_negotiated_group() function +was added in OpenSSL 3.0.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set1_sigalgs.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set1_sigalgs.html new file mode 100755 index 0000000..26dfc1f --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set1_sigalgs.html @@ -0,0 +1,146 @@ + + + + +SSL_CTX_set1_sigalgs + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set1_sigalgs, SSL_set1_sigalgs, SSL_CTX_set1_sigalgs_list, +SSL_set1_sigalgs_list, SSL_CTX_set1_client_sigalgs, +SSL_set1_client_sigalgs, SSL_CTX_set1_client_sigalgs_list, +SSL_set1_client_sigalgs_list - set supported signature algorithms

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + long SSL_CTX_set1_sigalgs(SSL_CTX *ctx, const int *slist, long slistlen);
+ long SSL_set1_sigalgs(SSL *ssl, const int *slist, long slistlen);
+ long SSL_CTX_set1_sigalgs_list(SSL_CTX *ctx, const char *str);
+ long SSL_set1_sigalgs_list(SSL *ssl, const char *str);
    +
    + long SSL_CTX_set1_client_sigalgs(SSL_CTX *ctx, const int *slist, long slistlen);
+ long SSL_set1_client_sigalgs(SSL *ssl, const int *slist, long slistlen);
+ long SSL_CTX_set1_client_sigalgs_list(SSL_CTX *ctx, const char *str);
+ long SSL_set1_client_sigalgs_list(SSL *ssl, const char *str);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set1_sigalgs() and SSL_set1_sigalgs() set the supported signature +algorithms for ctx or ssl. The array slist of length slistlen +must consist of pairs of NIDs corresponding to digest and public key +algorithms.

    +

    SSL_CTX_set1_sigalgs_list() and SSL_set1_sigalgs_list() set the supported +signature algorithms for ctx or ssl. The str parameter +must be a null terminated string consisting of a colon separated list of +elements, where each element is either a combination of a public key +algorithm and a digest separated by +, or a TLS 1.3-style named +SignatureScheme such as rsa_pss_pss_sha256.

    +

    SSL_CTX_set1_client_sigalgs(), SSL_set1_client_sigalgs(), +SSL_CTX_set1_client_sigalgs_list() and SSL_set1_client_sigalgs_list() set +signature algorithms related to client authentication, otherwise they are +identical to SSL_CTX_set1_sigalgs(), SSL_set1_sigalgs(), +SSL_CTX_set1_sigalgs_list() and SSL_set1_sigalgs_list().

    +

    All these functions are implemented as macros. The signature algorithm +parameter (integer array or string) is not freed: the application should +free it, if necessary.

    +

    +

    +
    +

    NOTES

    +

    If an application wishes to allow the setting of signature algorithms +as one of many user configurable options it should consider using the more +flexible SSL_CONF API instead.

    +

    The signature algorithms set by a client are used directly in the supported +signature algorithm in the client hello message.

    +

    The supported signature algorithms set by a server are not sent to the +client but are used to determine the set of shared signature algorithms +and (if server preferences are set with SSL_OP_CIPHER_SERVER_PREFERENCE) +their order.

    +

    The client authentication signature algorithms set by a server are sent +in a certificate request message if client authentication is enabled, +otherwise they are unused.

    +

    Similarly client authentication signature algorithms set by a client are +used to determined the set of client authentication shared signature +algorithms.

    +

    Signature algorithms will neither be advertised nor used if the security level +prohibits them (for example SHA1 if the security level is 4 or more).

    +

    Currently the NID_md5, NID_sha1, NID_sha224, NID_sha256, NID_sha384 and +NID_sha512 digest NIDs are supported and the public key algorithm NIDs +EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, EVP_PKEY_DSA and EVP_PKEY_EC.

    +

    The short or long name values for digests can be used in a string (for +example "MD5", "SHA1", "SHA224", "SHA256", "SHA384", "SHA512") and +the public key algorithm strings "RSA", "RSA-PSS", "DSA" or "ECDSA".

    +

    The TLS 1.3 signature scheme names (such as "rsa_pss_pss_sha256") can also +be used with the _list forms of the API.

    +

    The use of MD5 as a digest is strongly discouraged due to security weaknesses.

    +

    +

    +
    +

    RETURN VALUES

    +

    All these functions return 1 for success and 0 for failure.

    +

    +

    +
    +

    EXAMPLES

    +

    Set supported signature algorithms to SHA256 with ECDSA and SHA256 with RSA +using an array:

    +
    + const int slist[] = {NID_sha256, EVP_PKEY_EC, NID_sha256, EVP_PKEY_RSA};
    +
    + SSL_CTX_set1_sigalgs(ctx, slist, 4);
    +

    Set supported signature algorithms to SHA256 with ECDSA and SHA256 with RSA +using a string:

    +
    + SSL_CTX_set1_sigalgs_list(ctx, "ECDSA+SHA256:RSA+SHA256");
    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_get_shared_sigalgs(3), +SSL_CONF_CTX_new(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set1_verify_cert_store.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set1_verify_cert_store.html new file mode 100755 index 0000000..8772c14 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set1_verify_cert_store.html @@ -0,0 +1,134 @@ + + + + +SSL_CTX_set1_verify_cert_store + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set0_verify_cert_store, SSL_CTX_set1_verify_cert_store, +SSL_CTX_set0_chain_cert_store, SSL_CTX_set1_chain_cert_store, +SSL_set0_verify_cert_store, SSL_set1_verify_cert_store, +SSL_set0_chain_cert_store, SSL_set1_chain_cert_store - set certificate +verification or chain store

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_CTX_set0_verify_cert_store(SSL_CTX *ctx, X509_STORE *st);
+ int SSL_CTX_set1_verify_cert_store(SSL_CTX *ctx, X509_STORE *st);
+ int SSL_CTX_set0_chain_cert_store(SSL_CTX *ctx, X509_STORE *st);
+ int SSL_CTX_set1_chain_cert_store(SSL_CTX *ctx, X509_STORE *st);
    +
    + int SSL_set0_verify_cert_store(SSL *ctx, X509_STORE *st);
+ int SSL_set1_verify_cert_store(SSL *ctx, X509_STORE *st);
+ int SSL_set0_chain_cert_store(SSL *ctx, X509_STORE *st);
+ int SSL_set1_chain_cert_store(SSL *ctx, X509_STORE *st);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set0_verify_cert_store() and SSL_CTX_set1_verify_cert_store() +set the certificate store used for certificate verification to st.

    +

    SSL_CTX_set0_chain_cert_store() and SSL_CTX_set1_chain_cert_store() +set the certificate store used for certificate chain building to st.

    +

    SSL_set0_verify_cert_store(), SSL_set1_verify_cert_store(), +SSL_set0_chain_cert_store() and SSL_set1_chain_cert_store() are similar +except they apply to SSL structure ssl.

    +

    All these functions are implemented as macros. Those containing a 1 +increment the reference count of the supplied store so it must +be freed at some point after the operation. Those containing a 0 do +not increment reference counts and the supplied store MUST NOT be freed +after the operation.

    +

    +

    +
    +

    NOTES

    +

    The stores pointers associated with an SSL_CTX structure are copied to any SSL +structures when SSL_new() is called. As a result SSL structures will not be +affected if the parent SSL_CTX store pointer is set to a new value.

    +

    The verification store is used to verify the certificate chain sent by the +peer: that is an SSL/TLS client will use the verification store to verify +the server's certificate chain and a SSL/TLS server will use it to verify +any client certificate chain.

    +

    The chain store is used to build the certificate chain.

    +

    If the mode SSL_MODE_NO_AUTO_CHAIN is set or a certificate chain is +configured already (for example using the functions such as +SSL_CTX_add1_chain_cert(3) or +SSL_CTX_add_extra_chain_cert(3)) then +automatic chain building is disabled.

    +

    If the mode SSL_MODE_NO_AUTO_CHAIN is set then automatic chain building +is disabled.

    +

    If the chain or the verification store is not set then the store associated +with the parent SSL_CTX is used instead to retain compatibility with previous +versions of OpenSSL.

    +

    +

    +
    +

    RETURN VALUES

    +

    All these functions return 1 for success and 0 for failure.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_CTX_add_extra_chain_cert(3) +SSL_CTX_set0_chain(3) +SSL_CTX_set1_chain(3) +SSL_CTX_add0_chain_cert(3) +SSL_CTX_add1_chain_cert(3) +SSL_set0_chain(3) +SSL_set1_chain(3) +SSL_add0_chain_cert(3) +SSL_add1_chain_cert(3) +SSL_CTX_build_cert_chain(3) +SSL_build_cert_chain(3)

    +

    +

    +
    +

    HISTORY

    +

    These functions were added in OpenSSL 1.0.2.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_alpn_select_cb.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_alpn_select_cb.html new file mode 100755 index 0000000..0e6c8a6 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_alpn_select_cb.html @@ -0,0 +1,223 @@ + + + + +SSL_CTX_set_alpn_select_cb + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_alpn_protos, SSL_set_alpn_protos, SSL_CTX_set_alpn_select_cb, +SSL_CTX_set_next_proto_select_cb, SSL_CTX_set_next_protos_advertised_cb, +SSL_select_next_proto, SSL_get0_alpn_selected, SSL_get0_next_proto_negotiated +- handle application layer protocol negotiation (ALPN)

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
+                             unsigned int protos_len);
+ int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,
+                         unsigned int protos_len);
+ void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
+                                 int (*cb) (SSL *ssl,
+                                            const unsigned char **out,
+                                            unsigned char *outlen,
+                                            const unsigned char *in,
+                                            unsigned int inlen,
+                                            void *arg), void *arg);
+ void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
+                             unsigned int *len);
    +
    + void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx,
+                                            int (*cb)(SSL *ssl,
+                                                      const unsigned char **out,
+                                                      unsigned int *outlen,
+                                                      void *arg),
+                                            void *arg);
+ void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx,
+                               int (*cb)(SSL *s,
+                                         unsigned char **out,
+                                         unsigned char *outlen,
+                                         const unsigned char *in,
+                                         unsigned int inlen,
+                                         void *arg),
+                               void *arg);
+ int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
+                           const unsigned char *server,
+                           unsigned int server_len,
+                           const unsigned char *client,
+                           unsigned int client_len)
+ void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
+                             unsigned *len);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set_alpn_protos() and SSL_set_alpn_protos() are used by the client to +set the list of protocols available to be negotiated. The protos must be in +protocol-list format, described below. The length of protos is specified in +protos_len.

    +

    SSL_CTX_set_alpn_select_cb() sets the application callback cb used by a +server to select which protocol to use for the incoming connection. When cb +is NULL, ALPN is not used. The arg value is a pointer which is passed to +the application callback.

    +

    cb is the application defined callback. The in, inlen parameters are a +vector in protocol-list format. The value of the out, outlen vector +should be set to the value of a single protocol selected from the in, +inlen vector. The out buffer may point directly into in, or to a +buffer that outlives the handshake. The arg parameter is the pointer set via +SSL_CTX_set_alpn_select_cb().

    +

    SSL_select_next_proto() is a helper function used to select protocols. It +implements the standard protocol selection. It is expected that this function +is called from the application callback cb. The protocol data in server, +server_len and client, client_len must be in the protocol-list format +described below. The first item in the server, server_len list that +matches an item in the client, client_len list is selected, and returned +in out, outlen. The out value will point into either server or +client, so it should be copied immediately. If no match is found, the first +item in client, client_len is returned in out, outlen. This +function can also be used in the NPN callback.

    +

    SSL_CTX_set_next_proto_select_cb() sets a callback cb that is called when a +client needs to select a protocol from the server's provided list, and a +user-defined pointer argument arg which will be passed to this callback. +For the callback itself, out +must be set to point to the selected protocol (which may be within in). +The length of the protocol name must be written into outlen. The +server's advertised protocols are provided in in and inlen. The +callback can assume that in is syntactically valid. The client must +select a protocol. It is fatal to the connection if this callback returns +a value other than SSL_TLSEXT_ERR_OK. The arg parameter is the pointer +set via SSL_CTX_set_next_proto_select_cb().

    +

    SSL_CTX_set_next_protos_advertised_cb() sets a callback cb that is called +when a TLS server needs a list of supported protocols for Next Protocol +Negotiation. The returned list must be in protocol-list format, described +below. The list is +returned by setting out to point to it and outlen to its length. This +memory will not be modified, but the SSL does keep a +reference to it. The callback should return SSL_TLSEXT_ERR_OK if it +wishes to advertise. Otherwise, no such extension will be included in the +ServerHello.

    +

    SSL_get0_alpn_selected() returns a pointer to the selected protocol in data +with length len. It is not NUL-terminated. data is set to NULL and len +is set to 0 if no protocol has been selected. data must not be freed.

    +

    SSL_get0_next_proto_negotiated() sets data and len to point to the +client's requested protocol for this connection. If the client did not +request any protocol or NPN is not enabled, then data is set to NULL and +len to 0. Note that +the client can request any protocol it chooses. The value returned from +this function need not be a member of the list of supported protocols +provided by the callback.

    +

    +

    +
    +

    NOTES

    +

    The protocol-lists must be in wire-format, which is defined as a vector of +non-empty, 8-bit length-prefixed, byte strings. The length-prefix byte is not +included in the length. Each string is limited to 255 bytes. A byte-string +length of 0 is invalid. A truncated byte-string is invalid. The length of the +vector is not in the vector itself, but in a separate variable.

    +

    Example:

    +
    + unsigned char vector[] = {
+     6, 's', 'p', 'd', 'y', '/', '1',
+     8, 'h', 't', 't', 'p', '/', '1', '.', '1'
+ };
+ unsigned int length = sizeof(vector);
    +

    The ALPN callback is executed after the servername callback; as that servername +callback may update the SSL_CTX, and subsequently, the ALPN callback.

    +

    If there is no ALPN proposed in the ClientHello, the ALPN callback is not +invoked.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_set_alpn_protos() and SSL_set_alpn_protos() return 0 on success, and +non-0 on failure. WARNING: these functions reverse the return value convention.

    +

    SSL_select_next_proto() returns one of the following:

    +
    +
    OPENSSL_NPN_NEGOTIATED
    + +
    +

    A match was found and is returned in out, outlen.

    +
    +
    OPENSSL_NPN_NO_OVERLAP
    + +
    +

    No match was found. The first item in client, client_len is returned in +out, outlen.

    +
    +
    +

    The ALPN select callback cb, must return one of the following:

    +
    +
    SSL_TLSEXT_ERR_OK
    + +
    +

    ALPN protocol selected.

    +
    +
    SSL_TLSEXT_ERR_ALERT_FATAL
    + +
    +

    There was no overlap between the client's supplied list and the server +configuration.

    +
    +
    SSL_TLSEXT_ERR_NOACK
    + +
    +

    ALPN protocol not selected, e.g., because no ALPN protocols are configured for +this connection.

    +
    +
    +

    The callback set using SSL_CTX_set_next_proto_select_cb() should return +SSL_TLSEXT_ERR_OK if successful. Any other value is fatal to the connection.

    +

    The callback set using SSL_CTX_set_next_protos_advertised_cb() should return +SSL_TLSEXT_ERR_OK if it wishes to advertise. Otherwise, no such extension +will be included in the ServerHello.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_CTX_set_tlsext_servername_callback(3), +SSL_CTX_set_tlsext_servername_arg(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_cert_cb.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_cert_cb.html new file mode 100755 index 0000000..1478fef --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_cert_cb.html @@ -0,0 +1,115 @@ + + + + +SSL_CTX_set_cert_cb + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_cert_cb, SSL_set_cert_cb - handle certificate callback function

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cert_cb)(SSL *ssl, void *arg),
+                          void *arg);
+ void SSL_set_cert_cb(SSL *s, int (*cert_cb)(SSL *ssl, void *arg), void *arg);
    +
    + int (*cert_cb)(SSL *ssl, void *arg);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set_cert_cb() and SSL_set_cert_cb() sets the cert_cb() callback, +arg value is pointer which is passed to the application callback.

    +

    When cert_cb() is NULL, no callback function is used.

    +

    cert_cb() is the application defined callback. It is called before a +certificate will be used by a client or server. The callback can then inspect +the passed ssl structure and set or clear any appropriate certificates. If +the callback is successful it MUST return 1 even if no certificates have +been set. A zero is returned on error which will abort the handshake with a +fatal internal error alert. A negative return value will suspend the handshake +and the handshake function will return immediately. +SSL_get_error(3) will return SSL_ERROR_WANT_X509_LOOKUP to +indicate, that the handshake was suspended. The next call to the handshake +function will again lead to the call of cert_cb(). It is the job of the +cert_cb() to store information about the state of the last call, +if required to continue.

    +

    +

    +
    +

    NOTES

    +

    An application will typically call SSL_use_certificate() and +SSL_use_PrivateKey() to set the end entity certificate and private key. +It can add intermediate and optionally the root CA certificates using +SSL_add1_chain_cert().

    +

    It might also call SSL_certs_clear() to delete any certificates associated +with the SSL object.

    +

    The certificate callback functionality supersedes the (largely broken) +functionality provided by the old client certificate callback interface. +It is always called even is a certificate is already set so the callback +can modify or delete the existing certificate.

    +

    A more advanced callback might examine the handshake parameters and set +whatever chain is appropriate. For example a legacy client supporting only +TLSv1.0 might receive a certificate chain signed using SHA1 whereas a +TLSv1.2 or later client which advertises support for SHA256 could receive a +chain using SHA256.

    +

    Normal server sanity checks are performed on any certificates set +by the callback. So if an EC chain is set for a curve the client does not +support it will not be used.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_set_cert_cb() and SSL_set_cert_cb() do not return values.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_use_certificate(3), +SSL_add1_chain_cert(3), +SSL_get_client_CA_list(3), +SSL_clear(3), SSL_free(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_cert_store.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_cert_store.html new file mode 100755 index 0000000..90fa55e --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_cert_store.html @@ -0,0 +1,122 @@ + + + + +SSL_CTX_set_cert_store + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_cert_store, SSL_CTX_set1_cert_store, SSL_CTX_get_cert_store - manipulate X509 certificate verification storage

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store);
+ void SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *store);
+ X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set_cert_store() sets/replaces the certificate verification storage +of ctx to/with store. If another X509_STORE object is currently +set in ctx, it will be X509_STORE_free()ed.

    +

    SSL_CTX_set1_cert_store() sets/replaces the certificate verification storage +of ctx to/with store. The store's reference count is incremented. +If another X509_STORE object is currently set in ctx, it will be X509_STORE_free()ed.

    +

    SSL_CTX_get_cert_store() returns a pointer to the current certificate +verification storage.

    +

    +

    +
    +

    NOTES

    +

    In order to verify the certificates presented by the peer, trusted CA +certificates must be accessed. These CA certificates are made available +via lookup methods, handled inside the X509_STORE. From the X509_STORE +the X509_STORE_CTX used when verifying certificates is created.

    +

    Typically the trusted certificate store is handled indirectly via using +SSL_CTX_load_verify_locations(3). +Using the SSL_CTX_set_cert_store() and SSL_CTX_get_cert_store() functions +it is possible to manipulate the X509_STORE object beyond the +SSL_CTX_load_verify_locations(3) +call.

    +

    Currently no detailed documentation on how to use the X509_STORE +object is available. Not all members of the X509_STORE are used when +the verification takes place. So will e.g. the verify_callback() be +overridden with the verify_callback() set via the +SSL_CTX_set_verify(3) family of functions. +This document must therefore be updated when documentation about the +X509_STORE object and its handling becomes available.

    +

    SSL_CTX_set_cert_store() does not increment the store's reference +count, so it should not be used to assign an X509_STORE that is owned +by another SSL_CTX.

    +

    To share X509_STOREs between two SSL_CTXs, use SSL_CTX_get_cert_store() +to get the X509_STORE from the first SSL_CTX, and then use +SSL_CTX_set1_cert_store() to assign to the second SSL_CTX and +increment the reference count of the X509_STORE.

    +

    +

    +
    +

    RESTRICTIONS

    +

    The X509_STORE structure used by an SSL_CTX is used for verifying peer +certificates and building certificate chains, it is also shared by +every child SSL structure. Applications wanting finer control can use +functions such as SSL_CTX_set1_verify_cert_store() instead.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_set_cert_store() does not return diagnostic output.

    +

    SSL_CTX_set1_cert_store() does not return diagnostic output.

    +

    SSL_CTX_get_cert_store() returns the current setting.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_CTX_load_verify_locations(3), +SSL_CTX_set_verify(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_cert_verify_callback.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_cert_verify_callback.html new file mode 100755 index 0000000..c2bf36d --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_cert_verify_callback.html @@ -0,0 +1,119 @@ + + + + +SSL_CTX_set_cert_verify_callback + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_cert_verify_callback - set peer certificate verification procedure

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,
+                                       int (*callback)(X509_STORE_CTX *, void *),
+                                       void *arg);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set_cert_verify_callback() sets the verification callback function for +ctx. SSL objects that are created from ctx inherit the setting valid at +the time when SSL_new(3) is called.

    +

    +

    +
    +

    NOTES

    +

    Whenever a certificate is verified during a SSL/TLS handshake, a verification +function is called. If the application does not explicitly specify a +verification callback function, the built-in verification function is used. +If a verification callback callback is specified via +SSL_CTX_set_cert_verify_callback(), the supplied callback function is called +instead. By setting callback to NULL, the default behaviour is restored.

    +

    When the verification must be performed, callback will be called with +the arguments callback(X509_STORE_CTX *x509_store_ctx, void *arg). The +argument arg is specified by the application when setting callback.

    +

    callback should return 1 to indicate verification success and 0 to +indicate verification failure. If SSL_VERIFY_PEER is set and callback +returns 0, the handshake will fail. As the verification procedure may +allow the connection to continue in the case of failure (by always +returning 1) the verification result must be set in any case using the +error member of x509_store_ctx so that the calling application +will be informed about the detailed result of the verification procedure!

    +

    Within x509_store_ctx, callback has access to the verify_callback +function set using SSL_CTX_set_verify(3).

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_set_cert_verify_callback() does not return a value.

    +

    +

    +
    +

    WARNINGS

    +

    Do not mix the verification callback described in this function with the +verify_callback function called during the verification process. The +latter is set using the SSL_CTX_set_verify(3) +family of functions.

    +

    Providing a complete verification procedure including certificate purpose +settings etc is a complex task. The built-in procedure is quite powerful +and in most cases it should be sufficient to modify its behaviour using +the verify_callback function.

    +

    +

    +
    +

    BUGS

    +

    SSL_CTX_set_cert_verify_callback() does not provide diagnostic information.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_CTX_set_verify(3), +SSL_get_verify_result(3), +SSL_CTX_load_verify_locations(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_cipher_list.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_cipher_list.html new file mode 100755 index 0000000..07b5c4d --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_cipher_list.html @@ -0,0 +1,156 @@ + + + + +SSL_CTX_set_cipher_list + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_cipher_list, +SSL_set_cipher_list, +SSL_CTX_set_ciphersuites, +SSL_set_ciphersuites, +OSSL_default_cipher_list, +OSSL_default_ciphersuites +- choose list of available SSL_CIPHERs

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str);
+ int SSL_set_cipher_list(SSL *ssl, const char *str);
    +
    + int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str);
+ int SSL_set_ciphersuites(SSL *s, const char *str);
    +
    + const char *OSSL_default_cipher_list(void);
+ const char *OSSL_default_ciphersuites(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set_cipher_list() sets the list of available ciphers (TLSv1.2 and below) +for ctx using the control string str. The format of the string is described +in openssl-ciphers(1). The list of ciphers is inherited by all +ssl objects created from ctx. This function does not impact TLSv1.3 +ciphersuites. Use SSL_CTX_set_ciphersuites() to configure those.

    +

    SSL_set_cipher_list() sets the list of ciphers (TLSv1.2 and below) only for +ssl.

    +

    SSL_CTX_set_ciphersuites() is used to configure the available TLSv1.3 +ciphersuites for ctx. This is a simple colon (":") separated list of TLSv1.3 +ciphersuite names in order of preference. Valid TLSv1.3 ciphersuite names are:

    +
    +
    TLS_AES_128_GCM_SHA256
    + +
    TLS_AES_256_GCM_SHA384
    + +
    TLS_CHACHA20_POLY1305_SHA256
    + +
    TLS_AES_128_CCM_SHA256
    + +
    TLS_AES_128_CCM_8_SHA256
    + +
    +

    An empty list is permissible. The default value for the this setting is:

    +

    "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256"

    +

    SSL_set_ciphersuites() is the same as SSL_CTX_set_ciphersuites() except it +configures the ciphersuites for ssl.

    +

    OSSL_default_cipher_list() returns the default cipher string for TLSv1.2 +(and earlier) ciphers. OSSL_default_ciphersuites() returns the default +cipher string for TLSv1.3 ciphersuites.

    +

    +

    +
    +

    NOTES

    +

    The control string str for SSL_CTX_set_cipher_list() and +SSL_set_cipher_list() should be universally usable and not depend +on details of the library configuration (ciphers compiled in). Thus no +syntax checking takes place. Items that are not recognized, because the +corresponding ciphers are not compiled in or because they are mistyped, +are simply ignored. Failure is only flagged if no ciphers could be collected +at all.

    +

    It should be noted, that inclusion of a cipher to be used into the list is +a necessary condition. On the client side, the inclusion into the list is +also sufficient unless the security level excludes it. On the server side, +additional restrictions apply. All ciphers have additional requirements. +ADH ciphers don't need a certificate, but DH-parameters must have been set. +All other ciphers need a corresponding certificate and key.

    +

    A RSA cipher can only be chosen, when a RSA certificate is available. +RSA ciphers using DHE need a certificate and key and additional DH-parameters +(see SSL_CTX_set_tmp_dh_callback(3)).

    +

    A DSA cipher can only be chosen, when a DSA certificate is available. +DSA ciphers always use DH key exchange and therefore need DH-parameters +(see SSL_CTX_set_tmp_dh_callback(3)).

    +

    When these conditions are not met for any cipher in the list (e.g. a +client only supports export RSA ciphers with an asymmetric key length +of 512 bits and the server is not configured to use temporary RSA +keys), the "no shared cipher" (SSL_R_NO_SHARED_CIPHER) error is generated +and the handshake will fail.

    +

    OSSL_default_cipher_list() and OSSL_default_ciphersuites() replace +SSL_DEFAULT_CIPHER_LIST and TLS_DEFAULT_CIPHERSUITES, respectively. The +cipher list defines are deprecated as of 3.0.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_set_cipher_list() and SSL_set_cipher_list() return 1 if any cipher +could be selected and 0 on complete failure.

    +

    SSL_CTX_set_ciphersuites() and SSL_set_ciphersuites() return 1 if the requested +ciphersuite list was configured, and 0 otherwise.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_get_ciphers(3), +SSL_CTX_use_certificate(3), +SSL_CTX_set_tmp_dh_callback(3), +openssl-ciphers(1)

    +

    +

    +
    +

    HISTORY

    +

    OSSL_default_cipher_list() and OSSL_default_ciphersites() are new in 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_client_cert_cb.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_client_cert_cb.html new file mode 100755 index 0000000..3b62e9b --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_client_cert_cb.html @@ -0,0 +1,146 @@ + + + + +SSL_CTX_set_client_cert_cb + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_client_cert_cb, SSL_CTX_get_client_cert_cb - handle client certificate callback function

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx,
+                                 int (*client_cert_cb)(SSL *ssl, X509 **x509,
+                                                       EVP_PKEY **pkey));
+ int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509,
+                                                 EVP_PKEY **pkey);
+ int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set_client_cert_cb() sets the client_cert_cb() callback, that is +called when a client certificate is requested by a server and no certificate +was yet set for the SSL object.

    +

    When client_cert_cb() is NULL, no callback function is used.

    +

    SSL_CTX_get_client_cert_cb() returns a pointer to the currently set callback +function.

    +

    client_cert_cb() is the application defined callback. If it wants to +set a certificate, a certificate/private key combination must be set +using the x509 and pkey arguments and "1" must be returned. The +certificate will be installed into ssl, see the NOTES and BUGS sections. +If no certificate should be set, "0" has to be returned and no certificate +will be sent. A negative return value will suspend the handshake and the +handshake function will return immediately. SSL_get_error(3) +will return SSL_ERROR_WANT_X509_LOOKUP to indicate, that the handshake was +suspended. The next call to the handshake function will again lead to the call +of client_cert_cb(). It is the job of the client_cert_cb() to store information +about the state of the last call, if required to continue.

    +

    +

    +
    +

    NOTES

    +

    During a handshake (or renegotiation) a server may request a certificate +from the client. A client certificate must only be sent, when the server +did send the request.

    +

    When a certificate was set using the +SSL_CTX_use_certificate(3) family of functions, +it will be sent to the server. The TLS standard requires that only a +certificate is sent, if it matches the list of acceptable CAs sent by the +server. This constraint is violated by the default behavior of the OpenSSL +library. Using the callback function it is possible to implement a proper +selection routine or to allow a user interaction to choose the certificate to +be sent.

    +

    If a callback function is defined and no certificate was yet defined for the +SSL object, the callback function will be called. +If the callback function returns a certificate, the OpenSSL library +will try to load the private key and certificate data into the SSL +object using the SSL_use_certificate() and SSL_use_private_key() functions. +Thus it will permanently install the certificate and key for this SSL +object. It will not be reset by calling SSL_clear(3). +If the callback returns no certificate, the OpenSSL library will not send +a certificate.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_get_client_cert_cb() returns function pointer of client_cert_cb() or +NULL if the callback is not set.

    +

    +

    +
    +

    BUGS

    +

    The client_cert_cb() cannot return a complete certificate chain, it can +only return one client certificate. If the chain only has a length of 2, +the root CA certificate may be omitted according to the TLS standard and +thus a standard conforming answer can be sent to the server. For a +longer chain, the client must send the complete chain (with the option +to leave out the root CA certificate). This can only be accomplished by +either adding the intermediate CA certificates into the trusted +certificate store for the SSL_CTX object (resulting in having to add +CA certificates that otherwise maybe would not be trusted), or by adding +the chain certificates using the +SSL_CTX_add_extra_chain_cert(3) +function, which is only available for the SSL_CTX object as a whole and that +therefore probably can only apply for one client certificate, making +the concept of the callback function (to allow the choice from several +certificates) questionable.

    +

    Once the SSL object has been used in conjunction with the callback function, +the certificate will be set for the SSL object and will not be cleared +even when SSL_clear(3) is being called. It is therefore +mandatory to destroy the SSL object using SSL_free(3) +and create a new one to return to the previous state.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_CTX_use_certificate(3), +SSL_CTX_add_extra_chain_cert(3), +SSL_get_client_CA_list(3), +SSL_clear(3), SSL_free(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_client_hello_cb.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_client_hello_cb.html new file mode 100755 index 0000000..9bc31ac --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_client_hello_cb.html @@ -0,0 +1,163 @@ + + + + +SSL_CTX_set_client_hello_cb + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_client_hello_cb, SSL_client_hello_cb_fn, SSL_client_hello_isv2, SSL_client_hello_get0_legacy_version, SSL_client_hello_get0_random, SSL_client_hello_get0_session_id, SSL_client_hello_get0_ciphers, SSL_client_hello_get0_compression_methods, SSL_client_hello_get1_extensions_present, SSL_client_hello_get0_ext - callback functions for early server-side ClientHello processing

    +

    +

    +
    +

    SYNOPSIS

    +
    + typedef int (*SSL_client_hello_cb_fn)(SSL *s, int *al, void *arg);
+ void SSL_CTX_set_client_hello_cb(SSL_CTX *c, SSL_client_hello_cb_fn *f,
+                                  void *arg);
+ int SSL_client_hello_isv2(SSL *s);
+ unsigned int SSL_client_hello_get0_legacy_version(SSL *s);
+ size_t SSL_client_hello_get0_random(SSL *s, const unsigned char **out);
+ size_t SSL_client_hello_get0_session_id(SSL *s, const unsigned char **out);
+ size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out);
+ size_t SSL_client_hello_get0_compression_methods(SSL *s,
+                                                  const unsigned char **out);
+ int SSL_client_hello_get1_extensions_present(SSL *s, int **out,
+                                              size_t *outlen);
+ int SSL_client_hello_get0_ext(SSL *s, int type, const unsigned char **out,
+                               size_t *outlen);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set_client_hello_cb() sets the callback function, which is automatically +called during the early stages of ClientHello processing on the server. +The argument supplied when setting the callback is passed back to the +callback at run time. A callback that returns failure (0) will cause the +connection to terminate, and callbacks returning failure should indicate +what alert value is to be sent in the al parameter. A callback may +also return a negative value to suspend the handshake, and the handshake +function will return immediately. SSL_get_error(3) will return +SSL_ERROR_WANT_CLIENT_HELLO_CB to indicate that the handshake was suspended. +It is the job of the ClientHello callback to store information about the state +of the last call if needed to continue. On the next call into the handshake +function, the ClientHello callback will be called again, and, if it returns +success, normal handshake processing will continue from that point.

    +

    SSL_client_hello_isv2() indicates whether the ClientHello was carried in a +SSLv2 record and is in the SSLv2 format. The SSLv2 format has substantial +differences from the normal SSLv3 format, including using three bytes per +cipher suite, and not allowing extensions. Additionally, the SSLv2 format +'challenge' field is exposed via SSL_client_hello_get0_random(), padded to +SSL3_RANDOM_SIZE bytes with zeros if needed. For SSLv2 format ClientHellos, +SSL_client_hello_get0_compression_methods() returns a dummy list that only includes +the null compression method, since the SSLv2 format does not include a +mechanism by which to negotiate compression.

    +

    SSL_client_hello_get0_random(), SSL_client_hello_get0_session_id(), +SSL_client_hello_get0_ciphers(), and +SSL_client_hello_get0_compression_methods() provide access to the corresponding +ClientHello fields, returning the field length and optionally setting an out +pointer to the octets of that field.

    +

    Similarly, SSL_client_hello_get0_ext() provides access to individual extensions +from the ClientHello on a per-extension basis. For the provided wire +protocol extension type value, the extension value and length are returned +in the output parameters (if present).

    +

    SSL_client_hello_get1_extensions_present() can be used prior to +SSL_client_hello_get0_ext(), to determine which extensions are present in the +ClientHello before querying for them. The out and outlen parameters are +both required, and on success the caller must release the storage allocated for +*out using OPENSSL_free(). The contents of *out is an array of integers +holding the numerical value of the TLS extension types in the order they appear +in the ClientHello. *outlen contains the number of elements in the array. +In situations when the ClientHello has no extensions, the function will return +success with *out set to NULL and *outlen set to 0.

    +

    +

    +
    +

    NOTES

    +

    The ClientHello callback provides a vast window of possibilities for application +code to affect the TLS handshake. A primary use of the callback is to +allow the server to examine the server name indication extension provided +by the client in order to select an appropriate certificate to present, +and make other configuration adjustments relevant to that server name +and its configuration. Such configuration changes can include swapping out +the associated SSL_CTX pointer, modifying the server's list of permitted TLS +versions, changing the server's cipher list in response to the client's +cipher list, etc.

    +

    It is also recommended that applications utilize a ClientHello callback and +not use a servername callback, in order to avoid unexpected behavior that +occurs due to the relative order of processing between things like session +resumption and the historical servername callback.

    +

    The SSL_client_hello_* family of functions may only be called from code executing +within a ClientHello callback.

    +

    +

    +
    +

    RETURN VALUES

    +

    The application's supplied ClientHello callback returns +SSL_CLIENT_HELLO_SUCCESS on success, SSL_CLIENT_HELLO_ERROR on failure, and +SSL_CLIENT_HELLO_RETRY to suspend processing.

    +

    SSL_client_hello_isv2() returns 1 for SSLv2-format ClientHellos and 0 otherwise.

    +

    SSL_client_hello_get0_random(), SSL_client_hello_get0_session_id(), +SSL_client_hello_get0_ciphers(), and +SSL_client_hello_get0_compression_methods() return the length of the +corresponding ClientHello fields. If zero is returned, the output pointer +should not be assumed to be valid.

    +

    SSL_client_hello_get0_ext() returns 1 if the extension of type 'type' is present, and +0 otherwise.

    +

    SSL_client_hello_get1_extensions_present() returns 1 on success and 0 on failure.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_CTX_set_tlsext_servername_callback(3), +SSL_bytes_to_cipher_list(3)

    +

    +

    +
    +

    HISTORY

    +

    The SSL ClientHello callback, SSL_client_hello_isv2(), +SSL_client_hello_get0_random(), SSL_client_hello_get0_session_id(), +SSL_client_hello_get0_ciphers(), SSL_client_hello_get0_compression_methods(), +SSL_client_hello_get0_ext(), and SSL_client_hello_get1_extensions_present() +were added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_ct_validation_callback.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_ct_validation_callback.html new file mode 100755 index 0000000..556af83 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_ct_validation_callback.html @@ -0,0 +1,175 @@ + + + + +SSL_CTX_set_ct_validation_callback + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    ssl_ct_validation_cb, +SSL_enable_ct, SSL_CTX_enable_ct, SSL_disable_ct, SSL_CTX_disable_ct, +SSL_set_ct_validation_callback, SSL_CTX_set_ct_validation_callback, +SSL_ct_is_enabled, SSL_CTX_ct_is_enabled - +control Certificate Transparency policy

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + typedef int (*ssl_ct_validation_cb)(const CT_POLICY_EVAL_CTX *ctx,
+                                    const STACK_OF(SCT) *scts, void *arg);
    +
    + int SSL_enable_ct(SSL *s, int validation_mode);
+ int SSL_CTX_enable_ct(SSL_CTX *ctx, int validation_mode);
+ int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback,
+                                    void *arg);
+ int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx,
+                                        ssl_ct_validation_cb callback,
+                                        void *arg);
+ void SSL_disable_ct(SSL *s);
+ void SSL_CTX_disable_ct(SSL_CTX *ctx);
+ int SSL_ct_is_enabled(const SSL *s);
+ int SSL_CTX_ct_is_enabled(const SSL_CTX *ctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_enable_ct() and SSL_CTX_enable_ct() enable the processing of signed +certificate timestamps (SCTs) either for a given SSL connection or for all +connections that share the given SSL context, respectively. +This is accomplished by setting a built-in CT validation callback. +The behaviour of the callback is determined by the validation_mode argument, +which can be either of SSL_CT_VALIDATION_PERMISSIVE or +SSL_CT_VALIDATION_STRICT as described below.

    +

    If validation_mode is equal to SSL_CT_VALIDATION_STRICT, then in a full +TLS handshake with the verification mode set to SSL_VERIFY_PEER, if the peer +presents no valid SCTs the handshake will be aborted. +If the verification mode is SSL_VERIFY_NONE, the handshake will continue +despite lack of valid SCTs. +However, in that case if the verification status before the built-in callback +was X509_V_OK it will be set to X509_V_ERR_NO_VALID_SCTS after the +callback. +Applications can call SSL_get_verify_result(3) to check the status at +handshake completion, even after session resumption since the verification +status is part of the saved session state. +See SSL_set_verify(3), <SSL_get_verify_result(3)>, SSL_session_reused(3).

    +

    If validation_mode is equal to SSL_CT_VALIDATION_PERMISSIVE, then the +handshake continues, and the verification status is not modified, regardless of +the validation status of any SCTs. +The application can still inspect the validation status of the SCTs at +handshake completion. +Note that with session resumption there will not be any SCTs presented during +the handshake. +Therefore, in applications that delay SCT policy enforcement until after +handshake completion, such delayed SCT checks should only be performed when the +session is not resumed.

    +

    SSL_set_ct_validation_callback() and SSL_CTX_set_ct_validation_callback() +register a custom callback that may implement a different policy than either of +the above. +This callback can examine the peer's SCTs and determine whether they are +sufficient to allow the connection to continue. +The TLS handshake is aborted if the verification mode is not SSL_VERIFY_NONE +and the callback returns a non-positive result.

    +

    An arbitrary callback data argument, arg, can be passed in when setting +the callback. +This will be passed to the callback whenever it is invoked. +Ownership of this context remains with the caller.

    +

    If no callback is set, SCTs will not be requested and Certificate Transparency +validation will not occur.

    +

    No callback will be invoked when the peer presents no certificate, e.g. by +employing an anonymous (aNULL) cipher suite. +In that case the handshake continues as it would had no callback been +requested. +Callbacks are also not invoked when the peer certificate chain is invalid or +validated via DANE-TA(2) or DANE-EE(3) TLSA records which use a private X.509 +PKI, or no X.509 PKI at all, respectively. +Clients that require SCTs are expected to not have enabled any aNULL ciphers +nor to have specified server verification via DANE-TA(2) or DANE-EE(3) TLSA +records.

    +

    SSL_disable_ct() and SSL_CTX_disable_ct() turn off CT processing, whether +enabled via the built-in or the custom callbacks, by setting a NULL callback. +These may be implemented as macros.

    +

    SSL_ct_is_enabled() and SSL_CTX_ct_is_enabled() return 1 if CT processing is +enabled via either SSL_enable_ct() or a non-null custom callback, and 0 +otherwise.

    +

    +

    +
    +

    NOTES

    +

    When SCT processing is enabled, OCSP stapling will be enabled. This is because +one possible source of SCTs is the OCSP response from a server.

    +

    The time returned by SSL_SESSION_get_time() will be used to evaluate whether any +presented SCTs have timestamps that are in the future (and therefore invalid).

    +

    +

    +
    +

    RESTRICTIONS

    +

    Certificate Transparency validation cannot be enabled and so a callback cannot +be set if a custom client extension handler has been registered to handle SCT +extensions (TLSEXT_TYPE_signed_certificate_timestamp).

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_enable_ct(), SSL_CTX_enable_ct(), SSL_CTX_set_ct_validation_callback() and +SSL_set_ct_validation_callback() return 1 if the callback is successfully +set. +They return 0 if an error occurs, e.g. a custom client extension handler has +been setup to handle SCTs.

    +

    SSL_disable_ct() and SSL_CTX_disable_ct() do not return a result.

    +

    SSL_CTX_ct_is_enabled() and SSL_ct_is_enabled() return a 1 if a non-null CT +validation callback is set, or 0 if no callback (or equivalently a NULL +callback) is set.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +<SSL_get_verify_result(3)>, +SSL_session_reused(3), +SSL_set_verify(3), +SSL_CTX_set_verify(3), +SSL_SESSION_get_time(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_ctlog_list_file.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_ctlog_list_file.html new file mode 100755 index 0000000..0923b4d --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_ctlog_list_file.html @@ -0,0 +1,90 @@ + + + + +SSL_CTX_set_ctlog_list_file + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_default_ctlog_list_file, SSL_CTX_set_ctlog_list_file - +load a Certificate Transparency log list from a file

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_CTX_set_default_ctlog_list_file(SSL_CTX *ctx);
+ int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set_default_ctlog_list_file() loads a list of Certificate Transparency +(CT) logs from the default file location, "ct_log_list.cnf", found in the +directory where OpenSSL is installed.

    +

    SSL_CTX_set_ctlog_list_file() loads a list of CT logs from a specific path. +See CTLOG_STORE_new(3) for the file format.

    +

    +

    +
    +

    NOTES

    +

    These functions will not clear the existing CT log list - it will be appended +to. To replace the existing list, use SSL_CTX_set0_ctlog_store(3) first.

    +

    If an error occurs whilst parsing a particular log entry in the file, that log +entry will be skipped.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_set_default_ctlog_list_file() and SSL_CTX_set_ctlog_list_file() +return 1 if the log list is successfully loaded, and 0 if an error occurs. In +the case of an error, the log list may have been partially loaded.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_CTX_set_ct_validation_callback(3), +CTLOG_STORE_new(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_default_passwd_cb.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_default_passwd_cb.html new file mode 100755 index 0000000..6c6ac37 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_default_passwd_cb.html @@ -0,0 +1,149 @@ + + + + +SSL_CTX_set_default_passwd_cb + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_default_passwd_cb, SSL_CTX_set_default_passwd_cb_userdata, +SSL_CTX_get_default_passwd_cb, SSL_CTX_get_default_passwd_cb_userdata, +SSL_set_default_passwd_cb, SSL_set_default_passwd_cb_userdata, +SSL_get_default_passwd_cb, SSL_get_default_passwd_cb_userdata - set or +get passwd callback for encrypted PEM file handling

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb);
+ void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);
+ pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx);
+ void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx);
    +
    + void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb);
+ void SSL_set_default_passwd_cb_userdata(SSL *s, void *u);
+ pem_password_cb *SSL_get_default_passwd_cb(SSL *s);
+ void *SSL_get_default_passwd_cb_userdata(SSL *s);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set_default_passwd_cb() sets the default password callback called +when loading/storing a PEM certificate with encryption.

    +

    SSL_CTX_set_default_passwd_cb_userdata() sets a pointer to userdata, u, +which will be provided to the password callback on invocation.

    +

    SSL_CTX_get_default_passwd_cb() returns a function pointer to the password +callback currently set in ctx. If no callback was explicitly set, the +NULL pointer is returned.

    +

    SSL_CTX_get_default_passwd_cb_userdata() returns a pointer to the userdata +currently set in ctx. If no userdata was explicitly set, the NULL pointer +is returned.

    +

    SSL_set_default_passwd_cb(), SSL_set_default_passwd_cb_userdata(), +SSL_get_default_passwd_cb() and SSL_get_default_passwd_cb_userdata() perform +the same function as their SSL_CTX counterparts, but using an SSL object.

    +

    The password callback, which must be provided by the application, hands back the +password to be used during decryption. +On invocation a pointer to userdata +is provided. The function must store the password into the provided buffer +buf which is of size size. The actual length of the password must +be returned to the calling function. rwflag indicates whether the +callback is used for reading/decryption (rwflag=0) or writing/encryption +(rwflag=1). +For more details, see pem_password_cb(3).

    +

    +

    +
    +

    NOTES

    +

    When loading or storing private keys, a password might be supplied to +protect the private key. The way this password can be supplied may depend +on the application. If only one private key is handled, it can be practical +to have the callback handle the password dialog interactively. If several +keys have to be handled, it can be practical to ask for the password once, +then keep it in memory and use it several times. In the last case, the +password could be stored into the userdata storage and the +callback only returns the password already stored.

    +

    When asking for the password interactively, the callback can use +rwflag to check, whether an item shall be encrypted (rwflag=1). +In this case the password dialog may ask for the same password twice +for comparison in order to catch typos, that would make decryption +impossible.

    +

    Other items in PEM formatting (certificates) can also be encrypted, it is +however not usual, as certificate information is considered public.

    +

    +

    +
    +

    RETURN VALUES

    +

    These functions do not provide diagnostic information.

    +

    +

    +
    +

    EXAMPLES

    +

    The following example returns the password provided as userdata to the +calling function. The password is considered to be a '\0' terminated +string. If the password does not fit into the buffer, the password is +truncated.

    +
    + int my_cb(char *buf, int size, int rwflag, void *u)
+ {
+     strncpy(buf, (char *)u, size);
+     buf[size - 1] = '\0';
+     return strlen(buf);
+ }
    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_CTX_use_certificate(3)

    +

    +

    +
    +

    HISTORY

    +

    SSL_CTX_get_default_passwd_cb(), SSL_CTX_get_default_passwd_cb_userdata(), +SSL_set_default_passwd_cb() and SSL_set_default_passwd_cb_userdata() were +added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_generate_session_id.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_generate_session_id.html new file mode 100755 index 0000000..0898f35 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_generate_session_id.html @@ -0,0 +1,169 @@ + + + + +SSL_CTX_set_generate_session_id + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_generate_session_id, SSL_set_generate_session_id, +SSL_has_matching_session_id, GEN_SESSION_CB +- manipulate generation of SSL session IDs (server only)

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + typedef int (*GEN_SESSION_CB)(SSL *ssl, unsigned char *id,
+                               unsigned int *id_len);
    +
    + int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb);
+ int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB, cb);
+ int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
+                                 unsigned int id_len);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set_generate_session_id() sets the callback function for generating +new session ids for SSL/TLS sessions for ctx to be cb.

    +

    SSL_set_generate_session_id() sets the callback function for generating +new session ids for SSL/TLS sessions for ssl to be cb.

    +

    SSL_has_matching_session_id() checks, whether a session with id id +(of length id_len) is already contained in the internal session cache +of the parent context of ssl.

    +

    +

    +
    +

    NOTES

    +

    When a new session is established between client and server, the server +generates a session id. The session id is an arbitrary sequence of bytes. +The length of the session id is between 1 and 32 bytes. The session id is not +security critical but must be unique for the server. Additionally, the session id is +transmitted in the clear when reusing the session so it must not contain +sensitive information.

    +

    Without a callback being set, an OpenSSL server will generate a unique +session id from pseudo random numbers of the maximum possible length. +Using the callback function, the session id can be changed to contain +additional information like e.g. a host id in order to improve load balancing +or external caching techniques.

    +

    The callback function receives a pointer to the memory location to put +id into and a pointer to the maximum allowed length id_len. The +buffer at location id is only guaranteed to have the size id_len. +The callback is only allowed to generate a shorter id and reduce id_len; +the callback must never increase id_len or write to the location +id exceeding the given limit.

    +

    The location id is filled with 0x00 before the callback is called, so the +callback may only fill part of the possible length and leave id_len +untouched while maintaining reproducibility.

    +

    Since the sessions must be distinguished, session ids must be unique. +Without the callback a random number is used, so that the probability +of generating the same session id is extremely small (2^256 for SSLv3/TLSv1). +In order to assure the uniqueness of the generated session id, the callback must call +SSL_has_matching_session_id() and generate another id if a conflict occurs. +If an id conflict is not resolved, the handshake will fail. +If the application codes e.g. a unique host id, a unique process number, and +a unique sequence number into the session id, uniqueness could easily be +achieved without randomness added (it should however be taken care that +no confidential information is leaked this way). If the application can not +guarantee uniqueness, it is recommended to use the maximum id_len and +fill in the bytes not used to code special information with random data +to avoid collisions.

    +

    SSL_has_matching_session_id() will only query the internal session cache, +not the external one. Since the session id is generated before the +handshake is completed, it is not immediately added to the cache. If +another thread is using the same internal session cache, a race condition +can occur in that another thread generates the same session id. +Collisions can also occur when using an external session cache, since +the external cache is not tested with SSL_has_matching_session_id() +and the same race condition applies.

    +

    The callback must return 0 if it cannot generate a session id for whatever +reason and return 1 on success.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_set_generate_session_id() and SSL_set_generate_session_id() +always return 1.

    +

    SSL_has_matching_session_id() returns 1 if another session with the +same id is already in the cache.

    +

    +

    +
    +

    EXAMPLES

    +

    The callback function listed will generate a session id with the +server id given, and will fill the rest with pseudo random bytes:

    +
    + const char session_id_prefix = "www-18";
    +
    + #define MAX_SESSION_ID_ATTEMPTS 10
+ static int generate_session_id(SSL *ssl, unsigned char *id,
+                                unsigned int *id_len)
+ {
+     unsigned int count = 0;
    +
    +     do {
+         RAND_pseudo_bytes(id, *id_len);
+         /*
+          * Prefix the session_id with the required prefix. NB: If our
+          * prefix is too long, clip it - but there will be worse effects
+          * anyway, eg. the server could only possibly create 1 session
+          * ID (ie. the prefix!) so all future session negotiations will
+          * fail due to conflicts.
+          */
+         memcpy(id, session_id_prefix, strlen(session_id_prefix) < *id_len ?
+                                       strlen(session_id_prefix) : *id_len);
+     } while (SSL_has_matching_session_id(ssl, id, *id_len)
+               && ++count < MAX_SESSION_ID_ATTEMPTS);
+     if (count >= MAX_SESSION_ID_ATTEMPTS)
+         return 0;
+     return 1;
+ }
    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_get_version(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_info_callback.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_info_callback.html new file mode 100755 index 0000000..17f5761 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_info_callback.html @@ -0,0 +1,204 @@ + + + + +SSL_CTX_set_info_callback + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_info_callback, +SSL_CTX_get_info_callback, +SSL_set_info_callback, +SSL_get_info_callback +- handle information callback for SSL connections

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*callback)());
+ void (*SSL_CTX_get_info_callback(const SSL_CTX *ctx))();
    +
    + void SSL_set_info_callback(SSL *ssl, void (*callback)());
+ void (*SSL_get_info_callback(const SSL *ssl))();
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set_info_callback() sets the callback function, that can be used to +obtain state information for SSL objects created from ctx during connection +setup and use. The setting for ctx is overridden from the setting for +a specific SSL object, if specified. +When callback is NULL, no callback function is used.

    +

    SSL_set_info_callback() sets the callback function, that can be used to +obtain state information for ssl during connection setup and use. +When callback is NULL, the callback setting currently valid for +ctx is used.

    +

    SSL_CTX_get_info_callback() returns a pointer to the currently set information +callback function for ctx.

    +

    SSL_get_info_callback() returns a pointer to the currently set information +callback function for ssl.

    +

    +

    +
    +

    NOTES

    +

    When setting up a connection and during use, it is possible to obtain state +information from the SSL/TLS engine. When set, an information callback function +is called whenever a significant event occurs such as: the state changes, +an alert appears, or an error occurs.

    +

    The callback function is called as callback(SSL *ssl, int where, int ret). +The where argument specifies information about where (in which context) +the callback function was called. If ret is 0, an error condition occurred. +If an alert is handled, SSL_CB_ALERT is set and ret specifies the alert +information.

    +

    where is a bit-mask made up of the following bits:

    +
    +
    SSL_CB_LOOP
    + +
    +

    Callback has been called to indicate state change or some other significant +state machine event. This may mean that the callback gets invoked more than once +per state in some situations.

    +
    +
    SSL_CB_EXIT
    + +
    +

    Callback has been called to indicate exit of a handshake function. This will +happen after the end of a handshake, but may happen at other times too such as +on error or when IO might otherwise block and non-blocking is being used.

    +
    +
    SSL_CB_READ
    + +
    +

    Callback has been called during read operation.

    +
    +
    SSL_CB_WRITE
    + +
    +

    Callback has been called during write operation.

    +
    +
    SSL_CB_ALERT
    + +
    +

    Callback has been called due to an alert being sent or received.

    +
    +
    SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ)
    + +
    SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE)
    + +
    SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP)
    + +
    SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT)
    + +
    SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP)
    + +
    SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT)
    + +
    SSL_CB_HANDSHAKE_START
    + +
    +

    Callback has been called because a new handshake is started. It also occurs when +resuming a handshake following a pause to handle early data.

    +
    +
    SSL_CB_HANDSHAKE_DONE
    + +
    +

    Callback has been called because a handshake is finished. It also occurs if the +handshake is paused to allow the exchange of early data.

    +
    +
    +

    The current state information can be obtained using the +SSL_state_string(3) family of functions.

    +

    The ret information can be evaluated using the +SSL_alert_type_string(3) family of functions.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_set_info_callback() does not provide diagnostic information.

    +

    SSL_get_info_callback() returns the current setting.

    +

    +

    +
    +

    EXAMPLES

    +

    The following example callback function prints state strings, information +about alerts being handled and error messages to the bio_err BIO.

    +
    + void apps_ssl_info_callback(SSL *s, int where, int ret)
+ {
+     const char *str;
+     int w = where & ~SSL_ST_MASK;
    +
    +     if (w & SSL_ST_CONNECT)
+         str = "SSL_connect";
+     else if (w & SSL_ST_ACCEPT)
+         str = "SSL_accept";
+     else
+         str = "undefined";
    +
    +     if (where & SSL_CB_LOOP) {
+         BIO_printf(bio_err, "%s:%s\n", str, SSL_state_string_long(s));
+     } else if (where & SSL_CB_ALERT) {
+         str = (where & SSL_CB_READ) ? "read" : "write";
+         BIO_printf(bio_err, "SSL3 alert %s:%s:%s\n", str,
+                    SSL_alert_type_string_long(ret),
+                    SSL_alert_desc_string_long(ret));
+     } else if (where & SSL_CB_EXIT) {
+         if (ret == 0) {
+             BIO_printf(bio_err, "%s:failed in %s\n",
+                        str, SSL_state_string_long(s));
+         } else if (ret < 0) {
+             BIO_printf(bio_err, "%s:error in %s\n",
+                        str, SSL_state_string_long(s));
+         }
+     }
+ }
    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_state_string(3), +SSL_alert_type_string(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_keylog_callback.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_keylog_callback.html new file mode 100755 index 0000000..e06d2fe --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_keylog_callback.html @@ -0,0 +1,87 @@ + + + + +SSL_CTX_set_keylog_callback + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_keylog_callback, SSL_CTX_get_keylog_callback, +SSL_CTX_keylog_cb_func - logging TLS key material

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + typedef void (*SSL_CTX_keylog_cb_func)(const SSL *ssl, const char *line);
    +
    + void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb);
+ SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set_keylog_callback() sets the TLS key logging callback. This callback +is called whenever TLS key material is generated or received, in order to allow +applications to store this keying material for debugging purposes.

    +

    SSL_CTX_get_keylog_callback() retrieves the previously set TLS key logging +callback. If no callback has been set, this will return NULL. When there is no +key logging callback, or if SSL_CTX_set_keylog_callback is called with NULL as +the value of cb, no logging of key material will be done.

    +

    The key logging callback is called with two items: the ssl object associated +with the connection, and line, a string containing the key material in the +format used by NSS for its SSLKEYLOGFILE debugging output. To recreate that +file, the key logging callback should log line, followed by a newline. +line will always be a NULL-terminated string.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_get_keylog_callback() returns a pointer to SSL_CTX_keylog_cb_func or +NULL if the callback is not set.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_max_cert_list.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_max_cert_list.html new file mode 100755 index 0000000..0144b5c --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_max_cert_list.html @@ -0,0 +1,113 @@ + + + + +SSL_CTX_set_max_cert_list + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_max_cert_list, SSL_CTX_get_max_cert_list, SSL_set_max_cert_list, SSL_get_max_cert_list - manipulate allowed size for the peer's certificate chain

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + long SSL_CTX_set_max_cert_list(SSL_CTX *ctx, long size);
+ long SSL_CTX_get_max_cert_list(SSL_CTX *ctx);
    +
    + long SSL_set_max_cert_list(SSL *ssl, long size);
+ long SSL_get_max_cert_list(SSL *ctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set_max_cert_list() sets the maximum size allowed for the peer's +certificate chain for all SSL objects created from ctx to be <size> bytes. +The SSL objects inherit the setting valid for ctx at the time +SSL_new(3) is being called.

    +

    SSL_CTX_get_max_cert_list() returns the currently set maximum size for ctx.

    +

    SSL_set_max_cert_list() sets the maximum size allowed for the peer's +certificate chain for ssl to be <size> bytes. This setting stays valid +until a new value is set.

    +

    SSL_get_max_cert_list() returns the currently set maximum size for ssl.

    +

    +

    +
    +

    NOTES

    +

    During the handshake process, the peer may send a certificate chain. +The TLS/SSL standard does not give any maximum size of the certificate chain. +The OpenSSL library handles incoming data by a dynamically allocated buffer. +In order to prevent this buffer from growing without bounds due to data +received from a faulty or malicious peer, a maximum size for the certificate +chain is set.

    +

    The default value for the maximum certificate chain size is 100kB (30kB +on the 16bit DOS platform). This should be sufficient for usual certificate +chains (OpenSSL's default maximum chain length is 10, see +SSL_CTX_set_verify(3), and certificates +without special extensions have a typical size of 1-2kB).

    +

    For special applications it can be necessary to extend the maximum certificate +chain size allowed to be sent by the peer, see e.g. the work on +"Internet X.509 Public Key Infrastructure Proxy Certificate Profile" +and "TLS Delegation Protocol" at http://www.ietf.org/ and +http://www.globus.org/ .

    +

    Under normal conditions it should never be necessary to set a value smaller +than the default, as the buffer is handled dynamically and only uses the +memory actually required by the data sent by the peer.

    +

    If the maximum certificate chain size allowed is exceeded, the handshake will +fail with a SSL_R_EXCESSIVE_MESSAGE_SIZE error.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_set_max_cert_list() and SSL_set_max_cert_list() return the previously +set value.

    +

    SSL_CTX_get_max_cert_list() and SSL_get_max_cert_list() return the currently +set value.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_new(3), +SSL_CTX_set_verify(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_min_proto_version.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_min_proto_version.html new file mode 100755 index 0000000..bd345e9 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_min_proto_version.html @@ -0,0 +1,112 @@ + + + + +SSL_CTX_set_min_proto_version + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_min_proto_version, SSL_CTX_set_max_proto_version, +SSL_CTX_get_min_proto_version, SSL_CTX_get_max_proto_version, +SSL_set_min_proto_version, SSL_set_max_proto_version, +SSL_get_min_proto_version, SSL_get_max_proto_version - Get and set minimum +and maximum supported protocol version

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, int version);
+ int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, int version);
+ int SSL_CTX_get_min_proto_version(SSL_CTX *ctx);
+ int SSL_CTX_get_max_proto_version(SSL_CTX *ctx);
    +
    + int SSL_set_min_proto_version(SSL *ssl, int version);
+ int SSL_set_max_proto_version(SSL *ssl, int version);
+ int SSL_get_min_proto_version(SSL *ssl);
+ int SSL_get_max_proto_version(SSL *ssl);
    +

    +

    +
    +

    DESCRIPTION

    +

    The functions get or set the minimum and maximum supported protocol versions +for the ctx or ssl. +This works in combination with the options set via +SSL_CTX_set_options(3) that also make it possible to disable +specific protocol versions. +Use these functions instead of disabling specific protocol versions.

    +

    Setting the minimum or maximum version to 0, will enable protocol +versions down to the lowest version, or up to the highest version +supported by the library, respectively.

    +

    Getters return 0 in case ctx or ssl have been configured to +automatically use the lowest or highest version supported by the library.

    +

    Currently supported versions are SSL3_VERSION, TLS1_VERSION, +TLS1_1_VERSION, TLS1_2_VERSION, TLS1_3_VERSION for TLS and +DTLS1_VERSION, DTLS1_2_VERSION for DTLS.

    +

    +

    +
    +

    RETURN VALUES

    +

    These setter functions return 1 on success and 0 on failure. The getter +functions return the configured version or 0 for auto-configuration of +lowest or highest protocol, respectively.

    +

    +

    +
    +

    NOTES

    +

    All these functions are implemented using macros.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_CTX_set_options(3), SSL_CONF_cmd(3)

    +

    +

    +
    +

    HISTORY

    +

    The setter functions were added in OpenSSL 1.1.0. The getter functions +were added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_mode.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_mode.html new file mode 100755 index 0000000..693cc61 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_mode.html @@ -0,0 +1,201 @@ + + + + +SSL_CTX_set_mode + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_mode, SSL_CTX_clear_mode, SSL_set_mode, SSL_clear_mode, SSL_CTX_get_mode, SSL_get_mode - manipulate SSL engine mode

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + long SSL_CTX_set_mode(SSL_CTX *ctx, long mode);
+ long SSL_CTX_clear_mode(SSL_CTX *ctx, long mode);
+ long SSL_set_mode(SSL *ssl, long mode);
+ long SSL_clear_mode(SSL *ssl, long mode);
    +
    + long SSL_CTX_get_mode(SSL_CTX *ctx);
+ long SSL_get_mode(SSL *ssl);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set_mode() adds the mode set via bit-mask in mode to ctx. +Options already set before are not cleared. +SSL_CTX_clear_mode() removes the mode set via bit-mask in mode from ctx.

    +

    SSL_set_mode() adds the mode set via bit-mask in mode to ssl. +Options already set before are not cleared. +SSL_clear_mode() removes the mode set via bit-mask in mode from ssl.

    +

    SSL_CTX_get_mode() returns the mode set for ctx.

    +

    SSL_get_mode() returns the mode set for ssl.

    +

    +

    +
    +

    NOTES

    +

    The following mode changes are available:

    +
    +
    SSL_MODE_ENABLE_PARTIAL_WRITE
    + +
    +

    Allow SSL_write_ex(..., n, &r) to return with 0 < r < n (i.e. report success +when just a single record has been written). This works in a similar way for +SSL_write(). When not set (the default), SSL_write_ex() or SSL_write() will only +report success once the complete chunk was written. Once SSL_write_ex() or +SSL_write() returns successful, r bytes have been written and the next call +to SSL_write_ex() or SSL_write() must only send the n-r bytes left, imitating +the behaviour of write().

    +
    +
    SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER
    + +
    +

    Make it possible to retry SSL_write_ex() or SSL_write() with changed buffer +location (the buffer contents must stay the same). This is not the default to +avoid the misconception that non-blocking SSL_write() behaves like +non-blocking write().

    +
    +
    SSL_MODE_AUTO_RETRY
    + +
    +

    During normal operations, non-application data records might need to be sent or +received that the application is not aware of. +If a non-application data record was processed, +SSL_read_ex(3) and SSL_read(3) can return with a failure and indicate the +need to retry with SSL_ERROR_WANT_READ. +If such a non-application data record was processed, the flag +SSL_MODE_AUTO_RETRY causes it to try to process the next record instead of +returning.

    +

    In a non-blocking environment applications must be prepared to handle +incomplete read/write operations. +Setting SSL_MODE_AUTO_RETRY for a non-blocking BIO will process +non-application data records until either no more data is available or +an application data record has been processed.

    +

    In a blocking environment, applications are not always prepared to +deal with the functions returning intermediate reports such as retry +requests, and setting the SSL_MODE_AUTO_RETRY flag will cause the functions +to only return after successfully processing an application data record or a +failure.

    +

    Turning off SSL_MODE_AUTO_RETRY can be useful with blocking BIOs in case +they are used in combination with something like select() or poll(). +Otherwise the call to SSL_read() or SSL_read_ex() might hang when a +non-application record was sent and no application data was sent.

    +
    +
    SSL_MODE_RELEASE_BUFFERS
    + +
    +

    When we no longer need a read buffer or a write buffer for a given SSL, +then release the memory we were using to hold it. +Using this flag can +save around 34k per idle SSL connection. +This flag has no effect on SSL v2 connections, or on DTLS connections.

    +
    +
    SSL_MODE_SEND_FALLBACK_SCSV
    + +
    +

    Send TLS_FALLBACK_SCSV in the ClientHello. +To be set only by applications that reconnect with a downgraded protocol +version; see draft-ietf-tls-downgrade-scsv-00 for details.

    +

    DO NOT ENABLE THIS if your application attempts a normal handshake. +Only use this in explicit fallback retries, following the guidance +in draft-ietf-tls-downgrade-scsv-00.

    +
    +
    SSL_MODE_ASYNC
    + +
    +

    Enable asynchronous processing. TLS I/O operations may indicate a retry with +SSL_ERROR_WANT_ASYNC with this mode set if an asynchronous capable engine is +used to perform cryptographic operations. See SSL_get_error(3).

    +
    +
    SSL_MODE_NO_KTLS_TX
    + +
    +

    Disable the use of the kernel TLS egress data-path. +By default kernel TLS is enabled if it is supported by the negotiated ciphersuites +and extensions and OpenSSL has been compiled with support for it. +The kernel TLS data-path implements the record layer, +and the crypto algorithm. The kernel will utilize the best hardware +available for crypto. Using the kernel data-path should reduce the memory +footprint of OpenSSL because no buffering is required. Also, the throughput +should improve because data copy is avoided when user data is encrypted into +kernel memory instead of the usual encrypt than copy to kernel.

    +

    Kernel TLS might not support all the features of OpenSSL. For instance, +renegotiation, and setting the maximum fragment size is not possible as of +Linux 4.20.

    +
    +
    SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG
    + +
    +

    Older versions of OpenSSL had a bug in the computation of the label length +used for computing the endpoint-pair shared secret. The bug was that the +terminating zero was included in the length of the label. Setting this option +enables this behaviour to allow interoperability with such broken +implementations. Please note that setting this option breaks interoperability +with correct implementations. This option only applies to DTLS over SCTP.

    +
    +
    +

    All modes are off by default except for SSL_MODE_AUTO_RETRY which is on by +default since 1.1.1.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_set_mode() and SSL_set_mode() return the new mode bit-mask +after adding mode.

    +

    SSL_CTX_get_mode() and SSL_get_mode() return the current bit-mask.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_read_ex(3), SSL_read(3), SSL_write_ex(3) or +SSL_write(3), SSL_get_error(3)

    +

    +

    +
    +

    HISTORY

    +

    SSL_MODE_ASYNC was added in OpenSSL 1.1.0. +SSL_MODE_NO_KTLS_TX was added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_msg_callback.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_msg_callback.html new file mode 100755 index 0000000..66d11f9 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_msg_callback.html @@ -0,0 +1,182 @@ + + + + +SSL_CTX_set_msg_callback + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_msg_callback, +SSL_CTX_set_msg_callback_arg, +SSL_set_msg_callback, +SSL_set_msg_callback_arg +- install callback for observing protocol messages

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + void SSL_CTX_set_msg_callback(SSL_CTX *ctx,
+                               void (*cb)(int write_p, int version,
+                                          int content_type, const void *buf,
+                                          size_t len, SSL *ssl, void *arg));
+ void SSL_CTX_set_msg_callback_arg(SSL_CTX *ctx, void *arg);
    +
    + void SSL_set_msg_callback(SSL *ssl,
+                           void (*cb)(int write_p, int version,
+                                      int content_type, const void *buf,
+                                      size_t len, SSL *ssl, void *arg));
+ void SSL_set_msg_callback_arg(SSL *ssl, void *arg);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set_msg_callback() or SSL_set_msg_callback() can be used to +define a message callback function cb for observing all SSL/TLS +protocol messages (such as handshake messages) that are received or +sent, as well as other events that occur during processing. +SSL_CTX_set_msg_callback_arg() and SSL_set_msg_callback_arg() +can be used to set argument arg to the callback function, which is +available for arbitrary application use.

    +

    SSL_CTX_set_msg_callback() and SSL_CTX_set_msg_callback_arg() specify +default settings that will be copied to new SSL objects by +SSL_new(3). SSL_set_msg_callback() and +SSL_set_msg_callback_arg() modify the actual settings of an SSL +object. Using a NULL pointer for cb disables the message callback.

    +

    When cb is called by the SSL/TLS library the function arguments have the +following meaning:

    +
    +
    write_p
    + +
    +

    This flag is 0 when a protocol message has been received and 1 +when a protocol message has been sent.

    +
    +
    version
    + +
    +

    The protocol version according to which the protocol message is +interpreted by the library such as TLS1_3_VERSION, TLS1_2_VERSION etc. +This is set to 0 for the SSL3_RT_HEADER pseudo content type (see NOTES below).

    +
    +
    content_type
    + +
    +

    This is one of the content type values defined in the protocol specification +(SSL3_RT_CHANGE_CIPHER_SPEC, SSL3_RT_ALERT, SSL3_RT_HANDSHAKE; but never +SSL3_RT_APPLICATION_DATA because the callback will only be called for protocol +messages). Alternatively it may be a "pseudo" content type. These pseudo +content types are used to signal some other event in the processing of data (see +NOTES below).

    +
    +
    buf, len
    + +
    +

    buf points to a buffer containing the protocol message or other data (in the +case of pseudo content types), which consists of len bytes. The buffer is no +longer valid after the callback function has returned.

    +
    +
    ssl
    + +
    +

    The SSL object that received or sent the message.

    +
    +
    arg
    + +
    +

    The user-defined argument optionally defined by +SSL_CTX_set_msg_callback_arg() or SSL_set_msg_callback_arg().

    +
    +
    +

    +

    +
    +

    NOTES

    +

    Protocol messages are passed to the callback function after decryption +and fragment collection where applicable. (Thus record boundaries are +not visible.)

    +

    If processing a received protocol message results in an error, +the callback function may not be called. For example, the callback +function will never see messages that are considered too large to be +processed.

    +

    Due to automatic protocol version negotiation, version is not +necessarily the protocol version used by the sender of the message: If +a TLS 1.0 ClientHello message is received by an SSL 3.0-only server, +version will be SSL3_VERSION.

    +

    Pseudo content type values may be sent at various points during the processing +of data. The following pseudo content types are currently defined:

    +
    +
    SSL3_RT_HEADER
    + +
    +

    Used when a record is sent or received. The buf contains the record header +bytes only.

    +
    +
    SSL3_RT_INNER_CONTENT_TYPE
    + +
    +

    Used when an encrypted TLSv1.3 record is sent or received. In encrypted TLSv1.3 +records the content type in the record header is always +SSL3_RT_APPLICATION_DATA. The real content type for the record is contained in +an "inner" content type. buf contains the encoded "inner" content type byte.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_set_msg_callback(), SSL_CTX_set_msg_callback_arg(), SSL_set_msg_callback() +and SSL_set_msg_callback_arg() do not return values.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_new(3)

    +

    +

    +
    +

    HISTORY

    +

    The pseudo content type SSL3_RT_INNER_CONTENT_TYPE was added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_num_tickets.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_num_tickets.html new file mode 100755 index 0000000..ea8de90 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_num_tickets.html @@ -0,0 +1,107 @@ + + + + +SSL_CTX_set_num_tickets + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_set_num_tickets, +SSL_get_num_tickets, +SSL_CTX_set_num_tickets, +SSL_CTX_get_num_tickets +- control the number of TLSv1.3 session tickets that are issued

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_set_num_tickets(SSL *s, size_t num_tickets);
+ size_t SSL_get_num_tickets(SSL *s);
+ int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets);
+ size_t SSL_CTX_get_num_tickets(SSL_CTX *ctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set_num_tickets() and SSL_set_num_tickets() can be called for a server +application and set the number of TLSv1.3 session tickets that will be sent to +the client after a full handshake. Set the desired value (which could be 0) in +the num_tickets argument. Typically these functions should be called before +the start of the handshake.

    +

    The default number of tickets is 2; the default number of tickets sent following +a resumption handshake is 1 but this cannot be changed using these functions. +The number of tickets following a resumption handshake can be reduced to 0 using +custom session ticket callbacks (see SSL_CTX_set_session_ticket_cb(3)).

    +

    Tickets are also issued on receipt of a post-handshake certificate from the +client following a request by the server using +SSL_verify_client_post_handshake(3). These new tickets will be associated +with the updated client identity (i.e. including their certificate and +verification status). The number of tickets issued will normally be the same as +was used for the initial handshake. If the initial handshake was a full +handshake then SSL_set_num_tickets() can be called again prior to calling +SSL_verify_client_post_handshake() to update the number of tickets that will be +sent.

    +

    SSL_CTX_get_num_tickets() and SSL_get_num_tickets() return the number of +tickets set by a previous call to SSL_CTX_set_num_tickets() or +SSL_set_num_tickets(), or 2 if no such call has been made.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_set_num_tickets() and SSL_set_num_tickets() return 1 on success or 0 on +failure.

    +

    SSL_CTX_get_num_tickets() and SSL_get_num_tickets() return the number of tickets +that have been previously set.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7)

    +

    +

    +
    +

    HISTORY

    +

    These functions were added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_options.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_options.html new file mode 100755 index 0000000..b49a5cf --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_options.html @@ -0,0 +1,419 @@ + + + + +SSL_CTX_set_options + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_options, SSL_set_options, SSL_CTX_clear_options, +SSL_clear_options, SSL_CTX_get_options, SSL_get_options, +SSL_get_secure_renegotiation_support - manipulate SSL options

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + long SSL_CTX_set_options(SSL_CTX *ctx, long options);
+ long SSL_set_options(SSL *ssl, long options);
    +
    + long SSL_CTX_clear_options(SSL_CTX *ctx, long options);
+ long SSL_clear_options(SSL *ssl, long options);
    +
    + long SSL_CTX_get_options(SSL_CTX *ctx);
+ long SSL_get_options(SSL *ssl);
    +
    + long SSL_get_secure_renegotiation_support(SSL *ssl);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set_options() adds the options set via bit-mask in options to ctx. +Options already set before are not cleared!

    +

    SSL_set_options() adds the options set via bit-mask in options to ssl. +Options already set before are not cleared!

    +

    SSL_CTX_clear_options() clears the options set via bit-mask in options +to ctx.

    +

    SSL_clear_options() clears the options set via bit-mask in options to ssl.

    +

    SSL_CTX_get_options() returns the options set for ctx.

    +

    SSL_get_options() returns the options set for ssl.

    +

    SSL_get_secure_renegotiation_support() indicates whether the peer supports +secure renegotiation. +Note, this is implemented via a macro.

    +

    +

    +
    +

    NOTES

    +

    The behaviour of the SSL library can be changed by setting several options. +The options are coded as bit-masks and can be combined by a bitwise or +operation (|).

    +

    SSL_CTX_set_options() and SSL_set_options() affect the (external) +protocol behaviour of the SSL library. The (internal) behaviour of +the API can be changed by using the similar +SSL_CTX_set_mode(3) and SSL_set_mode() functions.

    +

    During a handshake, the option settings of the SSL object are used. When +a new SSL object is created from a context using SSL_new(), the current +option setting is copied. Changes to ctx do not affect already created +SSL objects. SSL_clear() does not affect the settings.

    +

    The following bug workaround options are available:

    +
    +
    SSL_OP_SAFARI_ECDHE_ECDSA_BUG
    + +
    +

    Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X. +OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.

    +
    +
    SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
    + +
    +

    Disables a countermeasure against a SSL 3.0/TLS 1.0 protocol +vulnerability affecting CBC ciphers, which cannot be handled by some +broken SSL implementations. This option has no effect for connections +using other ciphers.

    +
    +
    SSL_OP_TLSEXT_PADDING
    + +
    +

    Adds a padding extension to ensure the ClientHello size is never between +256 and 511 bytes in length. This is needed as a workaround for some +implementations.

    +
    +
    SSL_OP_ALL
    + +
    +

    All of the above bug workarounds plus SSL_OP_LEGACY_SERVER_CONNECT as +mentioned below.

    +
    +
    +

    It is usually safe to use SSL_OP_ALL to enable the bug workaround +options if compatibility with somewhat broken implementations is +desired.

    +

    The following modifying options are available:

    +
    +
    SSL_OP_TLS_ROLLBACK_BUG
    + +
    +

    Disable version rollback attack detection.

    +

    During the client key exchange, the client must send the same information +about acceptable SSL/TLS protocol levels as during the first hello. Some +clients violate this rule by adapting to the server's answer. (Example: +the client sends a SSLv2 hello and accepts up to SSLv3.1=TLSv1, the server +only understands up to SSLv3. In this case the client must still use the +same SSLv3.1=TLSv1 announcement. Some clients step down to SSLv3 with respect +to the server's answer and violate the version rollback protection.)

    +
    +
    SSL_OP_CIPHER_SERVER_PREFERENCE
    + +
    +

    When choosing a cipher, use the server's preferences instead of the client +preferences. When not set, the SSL server will always follow the clients +preferences. When set, the SSL/TLS server will choose following its +own preferences.

    +
    +
    SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1, +SSL_OP_NO_TLSv1_2, SSL_OP_NO_TLSv1_3, SSL_OP_NO_DTLSv1, SSL_OP_NO_DTLSv1_2
    + +
    +

    These options turn off the SSLv3, TLSv1, TLSv1.1, TLSv1.2 or TLSv1.3 protocol +versions with TLS or the DTLSv1, DTLSv1.2 versions with DTLS, +respectively. +As of OpenSSL 1.1.0, these options are deprecated, use +SSL_CTX_set_min_proto_version(3) and +SSL_CTX_set_max_proto_version(3) instead.

    +
    +
    SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
    + +
    +

    When performing renegotiation as a server, always start a new session +(i.e., session resumption requests are only accepted in the initial +handshake). This option is not needed for clients.

    +
    +
    SSL_OP_NO_COMPRESSION
    + +
    +

    Do not use compression even if it is supported.

    +
    +
    SSL_OP_NO_QUERY_MTU
    + +
    +

    Do not query the MTU. Only affects DTLS connections.

    +
    +
    SSL_OP_COOKIE_EXCHANGE
    + +
    +

    Turn on Cookie Exchange as described in RFC4347 Section 4.2.1. Only affects +DTLS connections.

    +
    +
    SSL_OP_NO_TICKET
    + +
    +

    SSL/TLS supports two mechanisms for resuming sessions: session ids and stateless +session tickets.

    +

    When using session ids a copy of the session information is +cached on the server and a unique id is sent to the client. When the client +wishes to resume it provides the unique id so that the server can retrieve the +session information from its cache.

    +

    When using stateless session tickets the server uses a session ticket encryption +key to encrypt the session information. This encrypted data is sent to the +client as a "ticket". When the client wishes to resume it sends the encrypted +data back to the server. The server uses its key to decrypt the data and resume +the session. In this way the server can operate statelessly - no session +information needs to be cached locally.

    +

    The TLSv1.3 protocol only supports tickets and does not directly support session +ids. However OpenSSL allows two modes of ticket operation in TLSv1.3: stateful +and stateless. Stateless tickets work the same way as in TLSv1.2 and below. +Stateful tickets mimic the session id behaviour available in TLSv1.2 and below. +The session information is cached on the server and the session id is wrapped up +in a ticket and sent back to the client. When the client wishes to resume, it +presents a ticket in the same way as for stateless tickets. The server can then +extract the session id from the ticket and retrieve the session information from +its cache.

    +

    By default OpenSSL will use stateless tickets. The SSL_OP_NO_TICKET option will +cause stateless tickets to not be issued. In TLSv1.2 and below this means no +ticket gets sent to the client at all. In TLSv1.3 a stateful ticket will be +sent. This is a server-side option only.

    +

    In TLSv1.3 it is possible to suppress all tickets (stateful and stateless) from +being sent by calling SSL_CTX_set_num_tickets(3) or +SSL_set_num_tickets(3).

    +
    +
    SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
    + +
    +

    Allow legacy insecure renegotiation between OpenSSL and unpatched clients or +servers. See the SECURE RENEGOTIATION section for more details.

    +
    +
    SSL_OP_LEGACY_SERVER_CONNECT
    + +
    +

    Allow legacy insecure renegotiation between OpenSSL and unpatched servers +only: this option is currently set by default. See the +SECURE RENEGOTIATION section for more details.

    +
    +
    SSL_OP_NO_ENCRYPT_THEN_MAC
    + +
    +

    Normally clients and servers will transparently attempt to negotiate the +RFC7366 Encrypt-then-MAC option on TLS and DTLS connection.

    +

    If this option is set, Encrypt-then-MAC is disabled. Clients will not +propose, and servers will not accept the extension.

    +
    +
    SSL_OP_NO_EXTENDED_MASTER_SECRET
    + +
    +

    Normally clients and servers will transparently attempt to negotiate the +RFC7627 Extended Master Secret option on TLS and DTLS connection.

    +

    If this option is set, Extended Master Secret is disabled. Clients will +not propose, and servers will not accept the extension.

    +
    +
    SSL_OP_NO_RENEGOTIATION
    + +
    +

    Disable all renegotiation in TLSv1.2 and earlier. Do not send HelloRequest +messages, and ignore renegotiation requests via ClientHello.

    +
    +
    SSL_OP_ALLOW_NO_DHE_KEX
    + +
    +

    In TLSv1.3 allow a non-(ec)dhe based key exchange mode on resumption. This means +that there will be no forward secrecy for the resumed session.

    +
    +
    SSL_OP_PRIORITIZE_CHACHA
    + +
    +

    When SSL_OP_CIPHER_SERVER_PREFERENCE is set, temporarily reprioritize +ChaCha20-Poly1305 ciphers to the top of the server cipher list if a +ChaCha20-Poly1305 cipher is at the top of the client cipher list. This helps +those clients (e.g. mobile) use ChaCha20-Poly1305 if that cipher is anywhere +in the server cipher list; but still allows other clients to use AES and other +ciphers. Requires SSL_OP_CIPHER_SERVER_PREFERENCE.

    +
    +
    SSL_OP_ENABLE_MIDDLEBOX_COMPAT
    + +
    +

    If set then dummy Change Cipher Spec (CCS) messages are sent in TLSv1.3. This +has the effect of making TLSv1.3 look more like TLSv1.2 so that middleboxes that +do not understand TLSv1.3 will not drop the connection. Regardless of whether +this option is set or not CCS messages received from the peer will always be +ignored in TLSv1.3. This option is set by default. To switch it off use +SSL_clear_options(). A future version of OpenSSL may not set this by default.

    +
    +
    SSL_OP_NO_ANTI_REPLAY
    + +
    +

    By default, when a server is configured for early data (i.e., max_early_data > 0), +OpenSSL will switch on replay protection. See SSL_read_early_data(3) for a +description of the replay protection feature. Anti-replay measures are required +to comply with the TLSv1.3 specification. Some applications may be able to +mitigate the replay risks in other ways and in such cases the built in OpenSSL +functionality is not required. Those applications can turn this feature off by +setting this option. This is a server-side opton only. It is ignored by +clients.

    +
    +
    +

    The following options no longer have any effect but their identifiers are +retained for compatibility purposes:

    +
    +
    SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
    + +
    SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER
    + +
    SSL_OP_SSLEAY_080_CLIENT_DH_BUG
    + +
    SSL_OP_TLS_D5_BUG
    + +
    SSL_OP_TLS_BLOCK_PADDING_BUG
    + +
    SSL_OP_MSIE_SSLV2_RSA_PADDING
    + +
    SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG
    + +
    SSL_OP_MICROSOFT_SESS_ID_BUG
    + +
    SSL_OP_NETSCAPE_CHALLENGE_BUG
    + +
    SSL_OP_PKCS1_CHECK_1
    + +
    SSL_OP_PKCS1_CHECK_2
    + +
    SSL_OP_SINGLE_DH_USE
    + +
    SSL_OP_SINGLE_ECDH_USE
    + +
    SSL_OP_EPHEMERAL_RSA
    + +
    +

    +

    +
    +

    SECURE RENEGOTIATION

    +

    OpenSSL always attempts to use secure renegotiation as +described in RFC5746. This counters the prefix attack described in +CVE-2009-3555 and elsewhere.

    +

    This attack has far reaching consequences which application writers should be +aware of. In the description below an implementation supporting secure +renegotiation is referred to as patched. A server not supporting secure +renegotiation is referred to as unpatched.

    +

    The following sections describe the operations permitted by OpenSSL's secure +renegotiation implementation.

    +

    +

    +

    Patched client and server

    +

    Connections and renegotiation are always permitted by OpenSSL implementations.

    +

    +

    +

    Unpatched client and patched OpenSSL server

    +

    The initial connection succeeds but client renegotiation is denied by the +server with a no_renegotiation warning alert if TLS v1.0 is used or a fatal +handshake_failure alert in SSL v3.0.

    +

    If the patched OpenSSL server attempts to renegotiate a fatal +handshake_failure alert is sent. This is because the server code may be +unaware of the unpatched nature of the client.

    +

    If the option SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION is set then +renegotiation always succeeds.

    +

    +

    +

    Patched OpenSSL client and unpatched server

    +

    If the option SSL_OP_LEGACY_SERVER_CONNECT or +SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION is set then initial connections +and renegotiation between patched OpenSSL clients and unpatched servers +succeeds. If neither option is set then initial connections to unpatched +servers will fail.

    +

    The option SSL_OP_LEGACY_SERVER_CONNECT is currently set by default even +though it has security implications: otherwise it would be impossible to +connect to unpatched servers (i.e. all of them initially) and this is clearly +not acceptable. Renegotiation is permitted because this does not add any +additional security issues: during an attack clients do not see any +renegotiations anyway.

    +

    As more servers become patched the option SSL_OP_LEGACY_SERVER_CONNECT will +not be set by default in a future version of OpenSSL.

    +

    OpenSSL client applications wishing to ensure they can connect to unpatched +servers should always set SSL_OP_LEGACY_SERVER_CONNECT

    +

    OpenSSL client applications that want to ensure they can not connect to +unpatched servers (and thus avoid any security issues) should always clear +SSL_OP_LEGACY_SERVER_CONNECT using SSL_CTX_clear_options() or +SSL_clear_options().

    +

    The difference between the SSL_OP_LEGACY_SERVER_CONNECT and +SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION options is that +SSL_OP_LEGACY_SERVER_CONNECT enables initial connections and secure +renegotiation between OpenSSL clients and unpatched servers only, while +SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION allows initial connections +and renegotiation between OpenSSL and unpatched clients or servers.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_set_options() and SSL_set_options() return the new options bit-mask +after adding options.

    +

    SSL_CTX_clear_options() and SSL_clear_options() return the new options bit-mask +after clearing options.

    +

    SSL_CTX_get_options() and SSL_get_options() return the current bit-mask.

    +

    SSL_get_secure_renegotiation_support() returns 1 is the peer supports +secure renegotiation and 0 if it does not.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_new(3), SSL_clear(3), +SSL_CTX_set_tmp_dh_callback(3), +SSL_CTX_set_min_proto_version(3), +openssl-dhparam(1)

    +

    +

    +
    +

    HISTORY

    +

    The attempt to always try to use secure renegotiation was added in +OpenSSL 0.9.8m.

    +

    The SSL_OP_PRIORITIZE_CHACHA and SSL_OP_NO_RENEGOTIATION options +were added in OpenSSL 1.1.1.

    +

    The SSL_OP_NO_EXTENDED_MASTER_SECRET option was added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_psk_client_callback.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_psk_client_callback.html new file mode 100755 index 0000000..d89352f --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_psk_client_callback.html @@ -0,0 +1,198 @@ + + + + +SSL_CTX_set_psk_client_callback + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_psk_client_cb_func, +SSL_psk_use_session_cb_func, +SSL_CTX_set_psk_client_callback, +SSL_set_psk_client_callback, +SSL_CTX_set_psk_use_session_callback, +SSL_set_psk_use_session_callback +- set PSK client callback

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + typedef int (*SSL_psk_use_session_cb_func)(SSL *ssl, const EVP_MD *md,
+                                            const unsigned char **id,
+                                            size_t *idlen,
+                                            SSL_SESSION **sess);
    +
    + void SSL_CTX_set_psk_use_session_callback(SSL_CTX *ctx,
+                                           SSL_psk_use_session_cb_func cb);
+ void SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb);
    +
    + typedef unsigned int (*SSL_psk_client_cb_func)(SSL *ssl,
+                                                const char *hint,
+                                                char *identity,
+                                                unsigned int max_identity_len,
+                                                unsigned char *psk,
+                                                unsigned int max_psk_len);
    +
    + void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, SSL_psk_client_cb_func cb);
+ void SSL_set_psk_client_callback(SSL *ssl, SSL_psk_client_cb_func cb);
    +

    +

    +
    +

    DESCRIPTION

    +

    A client application wishing to use TLSv1.3 PSKs should use either +SSL_CTX_set_psk_use_session_callback() or SSL_set_psk_use_session_callback() as +appropriate. These functions cannot be used for TLSv1.2 and below PSKs.

    +

    The callback function is given a pointer to the SSL connection in ssl.

    +

    The first time the callback is called for a connection the md parameter is +NULL. In some circumstances the callback will be called a second time. In that +case the server will have specified a ciphersuite to use already and the PSK +must be compatible with the digest for that ciphersuite. The digest will be +given in md. The PSK returned by the callback is allowed to be different +between the first and second time it is called.

    +

    On successful completion the callback must store a pointer to an identifier for +the PSK in *id. The identifier length in bytes should be stored in *idlen. +The memory pointed to by *id remains owned by the application and should +be freed by it as required at any point after the handshake is complete.

    +

    Additionally the callback should store a pointer to an SSL_SESSION object in +*sess. This is used as the basis for the PSK, and should, at a minimum, have +the following fields set:

    +
    +
    The master key
    + +
    +

    This can be set via a call to SSL_SESSION_set1_master_key(3).

    +
    +
    A ciphersuite
    + +
    +

    Only the handshake digest associated with the ciphersuite is relevant for the +PSK (the server may go on to negotiate any ciphersuite which is compatible with +the digest). The application can use any TLSv1.3 ciphersuite. If md is +not NULL the handshake digest for the ciphersuite should be the same. +The ciphersuite can be set via a call to <SSL_SESSION_set_cipher(3)>. The +handshake digest of an SSL_CIPHER object can be checked using +<SSL_CIPHER_get_handshake_digest(3)>.

    +
    +
    The protocol version
    + +
    +

    This can be set via a call to SSL_SESSION_set_protocol_version(3) and should +be TLS1_3_VERSION.

    +
    +
    +

    Additionally the maximum early data value should be set via a call to +SSL_SESSION_set_max_early_data(3) if the PSK will be used for sending early +data.

    +

    Alternatively an SSL_SESSION created from a previous non-PSK handshake may also +be used as the basis for a PSK.

    +

    Ownership of the SSL_SESSION object is passed to the OpenSSL library and so it +should not be freed by the application.

    +

    It is also possible for the callback to succeed but not supply a PSK. In this +case no PSK will be sent to the server but the handshake will continue. To do +this the callback should return successfully and ensure that *sess is +NULL. The contents of *id and *idlen will be ignored.

    +

    A client application wishing to use PSK ciphersuites for TLSv1.2 and below must +provide a different callback function. This function will be called when the +client is sending the ClientKeyExchange message to the server.

    +

    The purpose of the callback function is to select the PSK identity and +the pre-shared key to use during the connection setup phase.

    +

    The callback is set using functions SSL_CTX_set_psk_client_callback() +or SSL_set_psk_client_callback(). The callback function is given the +connection in parameter ssl, a NULL-terminated PSK identity hint +sent by the server in parameter hint, a buffer identity of +length max_identity_len bytes where the resulting +NUL-terminated identity is to be stored, and a buffer psk of +length max_psk_len bytes where the resulting pre-shared key is to +be stored.

    +

    The callback for use in TLSv1.2 will also work in TLSv1.3 although it is +recommended to use SSL_CTX_set_psk_use_session_callback() +or SSL_set_psk_use_session_callback() for this purpose instead. If TLSv1.3 has +been negotiated then OpenSSL will first check to see if a callback has been set +via SSL_CTX_set_psk_use_session_callback() or SSL_set_psk_use_session_callback() +and it will use that in preference. If no such callback is present then it will +check to see if a callback has been set via SSL_CTX_set_psk_client_callback() or +SSL_set_psk_client_callback() and use that. In this case the hint value will +always be NULL and the handshake digest will default to SHA-256 for any returned +PSK.

    +

    +

    +
    +

    NOTES

    +

    Note that parameter hint given to the callback may be NULL.

    +

    A connection established via a TLSv1.3 PSK will appear as if session resumption +has occurred so that SSL_session_reused(3) will return true.

    +

    There are no known security issues with sharing the same PSK between TLSv1.2 (or +below) and TLSv1.3. However the RFC has this note of caution:

    +

    "While there is no known way in which the same PSK might produce related output +in both versions, only limited analysis has been done. Implementations can +ensure safety from cross-protocol related output by not reusing PSKs between +TLS 1.3 and TLS 1.2."

    +

    +

    +
    +

    RETURN VALUES

    +

    Return values from the SSL_psk_client_cb_func callback are interpreted as +follows:

    +

    On success (callback found a PSK identity and a pre-shared key to use) +the length (> 0) of psk in bytes is returned.

    +

    Otherwise or on errors the callback should return 0. In this case +the connection setup fails.

    +

    The SSL_psk_use_session_cb_func callback should return 1 on success or 0 on +failure. In the event of failure the connection setup fails.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_CTX_set_psk_find_session_callback(3), +SSL_set_psk_find_session_callback(3)

    +

    +

    +
    +

    HISTORY

    +

    SSL_CTX_set_psk_use_session_callback() and SSL_set_psk_use_session_callback() +were added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_quiet_shutdown.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_quiet_shutdown.html new file mode 100755 index 0000000..5bbc341 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_quiet_shutdown.html @@ -0,0 +1,105 @@ + + + + +SSL_CTX_set_quiet_shutdown + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_quiet_shutdown, SSL_CTX_get_quiet_shutdown, SSL_set_quiet_shutdown, SSL_get_quiet_shutdown - manipulate shutdown behaviour

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode);
+ int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);
    +
    + void SSL_set_quiet_shutdown(SSL *ssl, int mode);
+ int SSL_get_quiet_shutdown(const SSL *ssl);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set_quiet_shutdown() sets the "quiet shutdown" flag for ctx to be +mode. SSL objects created from ctx inherit the mode valid at the time +SSL_new(3) is called. mode may be 0 or 1.

    +

    SSL_CTX_get_quiet_shutdown() returns the "quiet shutdown" setting of ctx.

    +

    SSL_set_quiet_shutdown() sets the "quiet shutdown" flag for ssl to be +mode. The setting stays valid until ssl is removed with +SSL_free(3) or SSL_set_quiet_shutdown() is called again. +It is not changed when SSL_clear(3) is called. +mode may be 0 or 1.

    +

    SSL_get_quiet_shutdown() returns the "quiet shutdown" setting of ssl.

    +

    +

    +
    +

    NOTES

    +

    Normally when a SSL connection is finished, the parties must send out +close_notify alert messages using SSL_shutdown(3) +for a clean shutdown.

    +

    When setting the "quiet shutdown" flag to 1, SSL_shutdown(3) +will set the internal flags to SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN. +(SSL_shutdown(3) then behaves like +SSL_set_shutdown(3) called with +SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN.) +The session is thus considered to be shutdown, but no close_notify alert +is sent to the peer. This behaviour violates the TLS standard.

    +

    The default is normal shutdown behaviour as described by the TLS standard.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_set_quiet_shutdown() and SSL_set_quiet_shutdown() do not return +diagnostic information.

    +

    SSL_CTX_get_quiet_shutdown() and SSL_get_quiet_shutdown return the current +setting.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_shutdown(3), +SSL_set_shutdown(3), SSL_new(3), +SSL_clear(3), SSL_free(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_read_ahead.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_read_ahead.html new file mode 100755 index 0000000..7141542 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_read_ahead.html @@ -0,0 +1,110 @@ + + + + +SSL_CTX_set_read_ahead + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_read_ahead, SSL_CTX_get_read_ahead, +SSL_set_read_ahead, SSL_get_read_ahead, +SSL_CTX_get_default_read_ahead +- manage whether to read as many input bytes as possible

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + void SSL_set_read_ahead(SSL *s, int yes);
+ int SSL_get_read_ahead(const SSL *s);
    +
    + SSL_CTX_set_read_ahead(SSL_CTX *ctx, int yes);
+ long SSL_CTX_get_read_ahead(SSL_CTX *ctx);
+ long SSL_CTX_get_default_read_ahead(SSL_CTX *ctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set_read_ahead() and SSL_set_read_ahead() set whether we should read as +many input bytes as possible (for non-blocking reads) or not. For example if +x bytes are currently required by OpenSSL, but y bytes are available from +the underlying BIO (where y > x), then OpenSSL will read all y bytes +into its buffer (providing that the buffer is large enough) if reading ahead is +on, or x bytes otherwise. +Setting the parameter yes to 0 turns reading ahead is off, other values turn +it on. +SSL_CTX_set_default_read_ahead() is identical to SSL_CTX_set_read_ahead().

    +

    SSL_CTX_get_read_ahead() and SSL_get_read_ahead() indicate whether reading +ahead has been set or not. +SSL_CTX_get_default_read_ahead() is identical to SSL_CTX_get_read_ahead().

    +

    +

    +
    +

    NOTES

    +

    These functions have no impact when used with DTLS. The return values for +SSL_CTX_get_read_head() and SSL_get_read_ahead() are undefined for DTLS. Setting +read_ahead can impact the behaviour of the SSL_pending() function +(see SSL_pending(3)).

    +

    Since SSL_read() can return SSL_ERROR_WANT_READ for non-application data +records, and SSL_has_pending() can't tell the difference between processed and +unprocessed data, it's recommended that if read ahead is turned on that +SSL_MODE_AUTO_RETRY is not turned off using SSL_CTX_clear_mode(). +That will prevent getting SSL_ERROR_WANT_READ when there is still a complete +record available that hasn't been processed.

    +

    If the application wants to continue to use the underlying transport (e.g. TCP +connection) after the SSL connection is finished using SSL_shutdown() reading +ahead should be turned off. +Otherwise the SSL structure might read data that it shouldn't.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_get_read_ahead() and SSL_CTX_get_read_ahead() return 0 if reading ahead is off, +and non zero otherwise.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_pending(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_record_padding_callback.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_record_padding_callback.html new file mode 100755 index 0000000..fb86a47 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_record_padding_callback.html @@ -0,0 +1,128 @@ + + + + +SSL_CTX_set_record_padding_callback + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_record_padding_callback, +SSL_set_record_padding_callback, +SSL_CTX_set_record_padding_callback_arg, +SSL_set_record_padding_callback_arg, +SSL_CTX_get_record_padding_callback_arg, +SSL_get_record_padding_callback_arg, +SSL_CTX_set_block_padding, +SSL_set_block_padding - install callback to specify TLS 1.3 record padding

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx, size_t (*cb)(SSL *s, int type, size_t len, void *arg));
+ void SSL_set_record_padding_callback(SSL *ssl, size_t (*cb)(SSL *s, int type, size_t len, void *arg));
    +
    + void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg);
+ void *SSL_CTX_get_record_padding_callback_arg(const SSL_CTX *ctx);
    +
    + void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg);
+ void *SSL_get_record_padding_callback_arg(const SSL *ssl);
    +
    + int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size);
+ int SSL_set_block_padding(SSL *ssl, size_t block_size);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set_record_padding_callback() or SSL_set_record_padding_callback() +can be used to assign a callback function cb to specify the padding +for TLS 1.3 records. The value set in ctx is copied to a new SSL by SSL_new().

    +

    SSL_CTX_set_record_padding_callback_arg() and SSL_set_record_padding_callback_arg() +assign a value arg that is passed to the callback when it is invoked. The value +set in ctx is copied to a new SSL by SSL_new().

    +

    SSL_CTX_get_record_padding_callback_arg() and SSL_get_record_padding_callback_arg() +retrieve the arg value that is passed to the callback.

    +

    SSL_CTX_set_block_padding() and SSL_set_block_padding() pads the record to a multiple +of the block_size. A block_size of 0 or 1 disables block padding. The limit of +block_size is SSL3_RT_MAX_PLAIN_LENGTH.

    +

    The callback is invoked for every record before encryption. +The type parameter is the TLS record type that is being processed; may be +one of SSL3_RT_APPLICATION_DATA, SSL3_RT_HANDSHAKE, or SSL3_RT_ALERT. +The len parameter is the current plaintext length of the record before encryption. +The arg parameter is the value set via SSL_CTX_set_record_padding_callback_arg() +or SSL_set_record_padding_callback_arg().

    +

    +

    +
    +

    RETURN VALUES

    +

    The SSL_CTX_get_record_padding_callback_arg() and SSL_get_record_padding_callback_arg() +functions return the arg value assigned in the corresponding set functions.

    +

    The SSL_CTX_set_block_padding() and SSL_set_block_padding() functions return 1 on success +or 0 if block_size is too large.

    +

    The cb returns the number of padding bytes to add to the record. A return of 0 +indicates no padding will be added. A return value that causes the record to +exceed the maximum record size (SSL3_RT_MAX_PLAIN_LENGTH) will pad out to the +maximum record size.

    +

    +

    +
    +

    NOTES

    +

    The default behavior is to add no padding to the record.

    +

    A user-supplied padding callback function will override the behavior set by +SSL_set_block_padding() or SSL_CTX_set_block_padding(). Setting the user-supplied +callback to NULL will restore the configured block padding behavior.

    +

    These functions only apply to TLS 1.3 records being written.

    +

    Padding bytes are not added in constant-time.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_new(3)

    +

    +

    +
    +

    HISTORY

    +

    The record padding API was added for TLS 1.3 support in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_security_level.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_security_level.html new file mode 100755 index 0000000..565ced5 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_security_level.html @@ -0,0 +1,228 @@ + + + + +SSL_CTX_set_security_level + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_security_level, SSL_set_security_level, SSL_CTX_get_security_level, SSL_get_security_level, SSL_CTX_set_security_callback, SSL_set_security_callback, SSL_CTX_get_security_callback, SSL_get_security_callback, SSL_CTX_set0_security_ex_data, SSL_set0_security_ex_data, SSL_CTX_get0_security_ex_data, SSL_get0_security_ex_data - SSL/TLS security framework

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + void SSL_CTX_set_security_level(SSL_CTX *ctx, int level);
+ void SSL_set_security_level(SSL *s, int level);
    +
    + int SSL_CTX_get_security_level(const SSL_CTX *ctx);
+ int SSL_get_security_level(const SSL *s);
    +
    + void SSL_CTX_set_security_callback(SSL_CTX *ctx,
+                                    int (*cb)(SSL *s, SSL_CTX *ctx, int op,
+                                              int bits, int nid,
+                                              void *other, void *ex));
    +
    + void SSL_set_security_callback(SSL *s, int (*cb)(SSL *s, SSL_CTX *ctx, int op,
+                                                  int bits, int nid,
+                                                  void *other, void *ex));
    +
    + int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx))(SSL *s, SSL_CTX *ctx, int op,
+                                                          int bits, int nid, void *other,
+                                                          void *ex);
+ int (*SSL_get_security_callback(const SSL *s))(SSL *s, SSL_CTX *ctx, int op,
+                                                int bits, int nid, void *other,
+                                                void *ex);
    +
    + void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex);
+ void SSL_set0_security_ex_data(SSL *s, void *ex);
    +
    + void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx);
+ void *SSL_get0_security_ex_data(const SSL *s);
    +

    +

    +
    +

    DESCRIPTION

    +

    The functions SSL_CTX_set_security_level() and SSL_set_security_level() set +the security level to level. If not set the library default security level +is used.

    +

    The functions SSL_CTX_get_security_level() and SSL_get_security_level() +retrieve the current security level.

    +

    SSL_CTX_set_security_callback(), SSL_set_security_callback(), +SSL_CTX_get_security_callback() and SSL_get_security_callback() get or set +the security callback associated with ctx or s. If not set a default +security callback is used. The meaning of the parameters and the behaviour +of the default callbacks is described below.

    +

    SSL_CTX_set0_security_ex_data(), SSL_set0_security_ex_data(), +SSL_CTX_get0_security_ex_data() and SSL_get0_security_ex_data() set the +extra data pointer passed to the ex parameter of the callback. This +value is passed to the callback verbatim and can be set to any convenient +application specific value.

    +

    +

    +
    +

    DEFAULT CALLBACK BEHAVIOUR

    +

    If an application doesn't set its own security callback the default +callback is used. It is intended to provide sane defaults. The meaning +of each level is described below.

    +
    +
    Level 0
    + +
    +

    Everything is permitted. This retains compatibility with previous versions of +OpenSSL.

    +
    +
    Level 1
    + +
    +

    The security level corresponds to a minimum of 80 bits of security. Any +parameters offering below 80 bits of security are excluded. As a result RSA, +DSA and DH keys shorter than 1024 bits and ECC keys shorter than 160 bits +are prohibited. All export cipher suites are prohibited since they all offer +less than 80 bits of security. SSL version 2 is prohibited. Any cipher suite +using MD5 for the MAC is also prohibited.

    +
    +
    Level 2
    + +
    +

    Security level set to 112 bits of security. As a result RSA, DSA and DH keys +shorter than 2048 bits and ECC keys shorter than 224 bits are prohibited. +In addition to the level 1 exclusions any cipher suite using RC4 is also +prohibited. SSL version 3 is also not allowed. Compression is disabled.

    +
    +
    Level 3
    + +
    +

    Security level set to 128 bits of security. As a result RSA, DSA and DH keys +shorter than 3072 bits and ECC keys shorter than 256 bits are prohibited. +In addition to the level 2 exclusions cipher suites not offering forward +secrecy are prohibited. TLS versions below 1.1 are not permitted. Session +tickets are disabled.

    +
    +
    Level 4
    + +
    +

    Security level set to 192 bits of security. As a result RSA, DSA and +DH keys shorter than 7680 bits and ECC keys shorter than 384 bits are +prohibited. Cipher suites using SHA1 for the MAC are prohibited. TLS +versions below 1.2 are not permitted.

    +
    +
    Level 5
    + +
    +

    Security level set to 256 bits of security. As a result RSA, DSA and DH keys +shorter than 15360 bits and ECC keys shorter than 512 bits are prohibited.

    +
    +
    +

    +

    +
    +

    APPLICATION DEFINED SECURITY CALLBACKS

    +

    Documentation to be provided.

    +

    +

    +
    +

    NOTES

    +

    WARNING at this time setting the security level higher than 1 for +general internet use is likely to cause considerable interoperability +issues and is not recommended. This is because the SHA1 algorithm +is very widely used in certificates and will be rejected at levels +higher than 1 because it only offers 80 bits of security.

    +

    The default security level can be configured when OpenSSL is compiled by +setting -DOPENSSL_TLS_SECURITY_LEVEL=level. If not set then 1 is used.

    +

    The security framework disables or reject parameters inconsistent with the +set security level. In the past this was difficult as applications had to set +a number of distinct parameters (supported ciphers, supported curves supported +signature algorithms) to achieve this end and some cases (DH parameter size +for example) could not be checked at all.

    +

    By setting an appropriate security level much of this complexity can be +avoided.

    +

    The bits of security limits affect all relevant parameters including +cipher suite encryption algorithms, supported ECC curves, supported +signature algorithms, DH parameter sizes, certificate key sizes and +signature algorithms. This limit applies no matter what other custom +settings an application has set: so if the cipher suite is set to ALL +then only cipher suites consistent with the security level are permissible.

    +

    See SP800-57 for how the security limits are related to individual +algorithms.

    +

    Some security levels require large key sizes for non-ECC public key +algorithms which can severely degrade performance. For example 256 bits +of security requires the use of RSA keys of at least 15360 bits in size.

    +

    Some restrictions can be gracefully handled: for example cipher suites +offering insufficient security are not sent by the client and will not +be selected by the server. Other restrictions such as the peer certificate +key size or the DH parameter size will abort the handshake with a fatal +alert.

    +

    Attempts to set certificates or parameters with insufficient security are +also blocked. For example trying to set a certificate using a 512 bit RSA +key using SSL_CTX_use_certificate() at level 1. Applications which do not +check the return values for errors will misbehave: for example it might +appear that a certificate is not set at all because it had been rejected.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_set_security_level() and SSL_set_security_level() do not return values.

    +

    SSL_CTX_get_security_level() and SSL_get_security_level() return a integer that +represents the security level with SSL_CTX or SSL, respectively.

    +

    SSL_CTX_set_security_callback() and SSL_set_security_callback() do not return +values.

    +

    SSL_CTX_get_security_callback() and SSL_get_security_callback() return the pointer +to the security callback or NULL if the callback is not set.

    +

    SSL_CTX_get0_security_ex_data() and SSL_get0_security_ex_data() return the extra +data pointer or NULL if the ex data is not set.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7)

    +

    +

    +
    +

    HISTORY

    +

    These functions were added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_session_cache_mode.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_session_cache_mode.html new file mode 100755 index 0000000..dc34e8a --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_session_cache_mode.html @@ -0,0 +1,177 @@ + + + + +SSL_CTX_set_session_cache_mode + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_session_cache_mode, SSL_CTX_get_session_cache_mode - enable/disable session caching

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + long SSL_CTX_set_session_cache_mode(SSL_CTX ctx, long mode);
+ long SSL_CTX_get_session_cache_mode(SSL_CTX ctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set_session_cache_mode() enables/disables session caching +by setting the operational mode for ctx to <mode>.

    +

    SSL_CTX_get_session_cache_mode() returns the currently used cache mode.

    +

    +

    +
    +

    NOTES

    +

    The OpenSSL library can store/retrieve SSL/TLS sessions for later reuse. +The sessions can be held in memory for each ctx, if more than one +SSL_CTX object is being maintained, the sessions are unique for each SSL_CTX +object.

    +

    In order to reuse a session, a client must send the session's id to the +server. It can only send exactly one id. The server then either +agrees to reuse the session or it starts a full handshake (to create a new +session).

    +

    A server will look up the session in its internal session storage. If the +session is not found in internal storage or lookups for the internal storage +have been deactivated (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP), the server will try +the external storage if available.

    +

    Since a client may try to reuse a session intended for use in a different +context, the session id context must be set by the server (see +SSL_CTX_set_session_id_context(3)).

    +

    The following session cache modes and modifiers are available:

    +
    +
    SSL_SESS_CACHE_OFF
    + +
    +

    No session caching for client or server takes place.

    +
    +
    SSL_SESS_CACHE_CLIENT
    + +
    +

    Client sessions are added to the session cache. As there is no reliable way +for the OpenSSL library to know whether a session should be reused or which +session to choose (due to the abstract BIO layer the SSL engine does not +have details about the connection), the application must select the session +to be reused by using the SSL_set_session(3) +function. This option is not activated by default.

    +
    +
    SSL_SESS_CACHE_SERVER
    + +
    +

    Server sessions are added to the session cache. When a client proposes a +session to be reused, the server looks for the corresponding session in (first) +the internal session cache (unless SSL_SESS_CACHE_NO_INTERNAL_LOOKUP is set), +then (second) in the external cache if available. If the session is found, the +server will try to reuse the session. This is the default.

    +
    +
    SSL_SESS_CACHE_BOTH
    + +
    +

    Enable both SSL_SESS_CACHE_CLIENT and SSL_SESS_CACHE_SERVER at the same time.

    +
    +
    SSL_SESS_CACHE_NO_AUTO_CLEAR
    + +
    +

    Normally the session cache is checked for expired sessions every +255 connections using the +SSL_CTX_flush_sessions(3) function. Since +this may lead to a delay which cannot be controlled, the automatic +flushing may be disabled and +SSL_CTX_flush_sessions(3) can be called +explicitly by the application.

    +
    +
    SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
    + +
    +

    By setting this flag, session-resume operations in an SSL/TLS server will not +automatically look up sessions in the internal cache, even if sessions are +automatically stored there. If external session caching callbacks are in use, +this flag guarantees that all lookups are directed to the external cache. +As automatic lookup only applies for SSL/TLS servers, the flag has no effect on +clients.

    +
    +
    SSL_SESS_CACHE_NO_INTERNAL_STORE
    + +
    +

    Depending on the presence of SSL_SESS_CACHE_CLIENT and/or SSL_SESS_CACHE_SERVER, +sessions negotiated in an SSL/TLS handshake may be cached for possible reuse. +Normally a new session is added to the internal cache as well as any external +session caching (callback) that is configured for the SSL_CTX. This flag will +prevent sessions being stored in the internal cache (though the application can +add them manually using SSL_CTX_add_session(3)). Note: +in any SSL/TLS servers where external caching is configured, any successful +session lookups in the external cache (ie. for session-resume requests) would +normally be copied into the local cache before processing continues - this flag +prevents these additions to the internal cache as well.

    +
    +
    SSL_SESS_CACHE_NO_INTERNAL
    + +
    +

    Enable both SSL_SESS_CACHE_NO_INTERNAL_LOOKUP and +SSL_SESS_CACHE_NO_INTERNAL_STORE at the same time.

    +
    +
    +

    The default mode is SSL_SESS_CACHE_SERVER.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_set_session_cache_mode() returns the previously set cache mode.

    +

    SSL_CTX_get_session_cache_mode() returns the currently set cache mode.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_set_session(3), +SSL_session_reused(3), +SSL_CTX_add_session(3), +SSL_CTX_sess_number(3), +SSL_CTX_sess_set_cache_size(3), +SSL_CTX_sess_set_get_cb(3), +SSL_CTX_set_session_id_context(3), +SSL_CTX_set_timeout(3), +SSL_CTX_flush_sessions(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_session_id_context.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_session_id_context.html new file mode 100755 index 0000000..c564da5 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_session_id_context.html @@ -0,0 +1,124 @@ + + + + +SSL_CTX_set_session_id_context + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_session_id_context, SSL_set_session_id_context - set context within which session can be reused (server side only)

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
+                                    unsigned int sid_ctx_len);
+ int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
+                                unsigned int sid_ctx_len);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set_session_id_context() sets the context sid_ctx of length +sid_ctx_len within which a session can be reused for the ctx object.

    +

    SSL_set_session_id_context() sets the context sid_ctx of length +sid_ctx_len within which a session can be reused for the ssl object.

    +

    +

    +
    +

    NOTES

    +

    Sessions are generated within a certain context. When exporting/importing +sessions with i2d_SSL_SESSION/d2i_SSL_SESSION it would be possible, +to re-import a session generated from another context (e.g. another +application), which might lead to malfunctions. Therefore each application +must set its own session id context sid_ctx which is used to distinguish +the contexts and is stored in exported sessions. The sid_ctx can be +any kind of binary data with a given length, it is therefore possible +to use e.g. the name of the application and/or the hostname and/or service +name ...

    +

    The session id context becomes part of the session. The session id context +is set by the SSL/TLS server. The SSL_CTX_set_session_id_context() and +SSL_set_session_id_context() functions are therefore only useful on the +server side.

    +

    OpenSSL clients will check the session id context returned by the server +when reusing a session.

    +

    The maximum length of the sid_ctx is limited to +SSL_MAX_SID_CTX_LENGTH.

    +

    +

    +
    +

    WARNINGS

    +

    If the session id context is not set on an SSL/TLS server and client +certificates are used, stored sessions +will not be reused but a fatal error will be flagged and the handshake +will fail.

    +

    If a server returns a different session id context to an OpenSSL client +when reusing a session, an error will be flagged and the handshake will +fail. OpenSSL servers will always return the correct session id context, +as an OpenSSL server checks the session id context itself before reusing +a session as described above.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_set_session_id_context() and SSL_set_session_id_context() +return the following values:

    +
      +
    1. +

      The length sid_ctx_len of the session id context sid_ctx exceeded +the maximum allowed length of SSL_MAX_SID_CTX_LENGTH. The error +is logged to the error stack.

      +
      2. +
    2. +

      The operation succeeded.

      +
      3. +
    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_session_ticket_cb.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_session_ticket_cb.html new file mode 100755 index 0000000..e006e9d --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_session_ticket_cb.html @@ -0,0 +1,223 @@ + + + + +SSL_CTX_set_session_ticket_cb + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_session_ticket_cb, +SSL_SESSION_get0_ticket_appdata, +SSL_SESSION_set1_ticket_appdata, +SSL_CTX_generate_session_ticket_fn, +SSL_CTX_decrypt_session_ticket_fn - manage session ticket application data

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + typedef int (*SSL_CTX_generate_session_ticket_fn)(SSL *s, void *arg);
+ typedef SSL_TICKET_RETURN (*SSL_CTX_decrypt_session_ticket_fn)(SSL *s, SSL_SESSION *ss,
+                                                                const unsigned char *keyname,
+                                                                size_t keyname_len,
+                                                                SSL_TICKET_STATUS status,
+                                                                void *arg);
+ int SSL_CTX_set_session_ticket_cb(SSL_CTX *ctx,
+                                   SSL_CTX_generate_session_ticket_fn gen_cb,
+                                   SSL_CTX_decrypt_session_ticket_fn dec_cb,
+                                   void *arg);
+ int SSL_SESSION_set1_ticket_appdata(SSL_SESSION *ss, const void *data, size_t len);
+ int SSL_SESSION_get0_ticket_appdata(SSL_SESSION *ss, void **data, size_t *len);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set_set_session_ticket_cb() sets the application callbacks gen_cb +and dec_cb that are used by a server to set and get application data stored +with a session, and placed into a session ticket. Either callback function may +be set to NULL. The value of arg is passed to the callbacks.

    +

    gen_cb is the application defined callback invoked when a session ticket is +about to be created. The application can call SSL_SESSION_set1_ticket_appdata() +at this time to add application data to the session ticket. The value of arg +is the same as that given to SSL_CTX_set_session_ticket_cb(). The gen_cb +callback is defined as type SSL_CTX_generate_session_ticket_fn.

    +

    dec_cb is the application defined callback invoked after session ticket +decryption has been attempted and any session ticket application data is +available. If ticket decryption was successful then the ss argument contains +the session data. The keyname and keyname_len arguments identify the key +used to decrypt the session ticket. The status argument is the result of the +ticket decryption. See the NOTES section below for further details. The value +of arg is the same as that given to SSL_CTX_set_session_ticket_cb(). The +dec_cb callback is defined as type SSL_CTX_decrypt_session_ticket_fn.

    +

    SSL_SESSION_set1_ticket_appdata() sets the application data specified by +data and len into ss which is then placed into any generated session +tickets. It can be called at any time before a session ticket is created to +update the data placed into the session ticket. However, given that sessions +and tickets are created by the handshake, the gen_cb is provided to notify +the application that a session ticket is about to be generated.

    +

    SSL_SESSION_get0_ticket_appdata() assigns data to the session ticket +application data and assigns len to the length of the session ticket +application data from ss. The application data can be set via +SSL_SESSION_set1_ticket_appdata() or by a session ticket. NULL will be assigned +to data and 0 will be assigned to len if there is no session ticket +application data. SSL_SESSION_get0_ticket_appdata() can be called any time +after a session has been created. The dec_cb is provided to notify the +application that a session ticket has just been decrypted.

    +

    +

    +
    +

    NOTES

    +

    When the dec_cb callback is invoked, the SSL_SESSION ss has not yet been +assigned to the SSL s. The status indicates the result of the ticket +decryption. The callback must check the status value before performing any +action, as it is called even if ticket decryption fails.

    +

    The keyname and keyname_len arguments to dec_cb may be used to identify +the key that was used to encrypt the session ticket.

    +

    The status argument can be any of these values:

    +
    +
    SSL_TICKET_EMPTY
    + +
    +

    Empty ticket present. No ticket data will be used and a new ticket should be +sent to the client. This only occurs in TLSv1.2 or below. In TLSv1.3 it is not +valid for a client to send an empty ticket.

    +
    +
    SSL_TICKET_NO_DECRYPT
    + +
    +

    The ticket couldn't be decrypted. No ticket data will be used and a new ticket +should be sent to the client.

    +
    +
    SSL_TICKET_SUCCESS
    + +
    +

    A ticket was successfully decrypted, any session ticket application data should +be available. A new ticket should not be sent to the client.

    +
    +
    SSL_TICKET_SUCCESS_RENEW
    + +
    +

    Same as SSL_TICKET_SUCCESS, but a new ticket should be sent to the client.

    +
    +
    +

    The return value can be any of these values:

    +
    +
    SSL_TICKET_RETURN_ABORT
    + +
    +

    The handshake should be aborted, either because of an error or because of some +policy. Note that in TLSv1.3 a client may send more than one ticket in a single +handshake. Therefore just because one ticket is unacceptable it does not mean +that all of them are. For this reason this option should be used with caution.

    +
    +
    SSL_TICKET_RETURN_IGNORE
    + +
    +

    Do not use a ticket (if one was available). Do not send a renewed ticket to the +client.

    +
    +
    SSL_TICKET_RETURN_IGNORE_RENEW
    + +
    +

    Do not use a ticket (if one was available). Send a renewed ticket to the client.

    +

    If the callback does not wish to change the default ticket behaviour then it +should return this value if status is SSL_TICKET_EMPTY or +SSL_TICKET_NO_DECRYPT.

    +
    +
    SSL_TICKET_RETURN_USE
    + +
    +

    Use the ticket. Do not send a renewed ticket to the client. It is an error for +the callback to return this value if status has a value other than +SSL_TICKET_SUCCESS or SSL_TICKET_SUCCESS_RENEW.

    +

    If the callback does not wish to change the default ticket behaviour then it +should return this value if status is SSL_TICKET_SUCCESS.

    +
    +
    SSL_TICKET_RETURN_USE_RENEW
    + +
    +

    Use the ticket. Send a renewed ticket to the client. It is an error for the +callback to return this value if status has a value other than +SSL_TICKET_SUCCESS or SSL_TICKET_SUCCESS_RENEW.

    +

    If the callback does not wish to change the default ticket behaviour then it +should return this value if status is SSL_TICKET_SUCCESS_RENEW.

    +
    +
    +

    If status has the value SSL_TICKET_EMPTY or SSL_TICKET_NO_DECRYPT then +no session data will be available and the callback must not use the ss +argument. If status has the value SSL_TICKET_SUCCESS or +SSL_TICKET_SUCCESS_RENEW then the application can call +SSL_SESSION_get0_ticket_appdata() using the session provided in the ss +argument to retrieve the application data.

    +

    When the gen_cb callback is invoked, the SSL_get_session() function can be +used to retrieve the SSL_SESSION for SSL_SESSION_set1_ticket_appdata().

    +

    By default, in TLSv1.2 and below, a new session ticket is not issued on a +successful resumption and therefore gen_cb will not be called. In TLSv1.3 the +default behaviour is to always issue a new ticket on resumption. In both cases +this behaviour can be changed if a ticket key callback is in use (see +SSL_CTX_set_tlsext_ticket_key_cb(3)).

    +

    +

    +
    +

    RETURN VALUES

    +

    The SSL_CTX_set_session_ticket_cb(), SSL_SESSION_set1_ticket_appdata() and +SSL_SESSION_get0_ticket_appdata() functions return 1 on success and 0 on +failure.

    +

    The gen_cb callback must return 1 to continue the connection. A return of 0 +will terminate the connection with an INTERNAL_ERROR alert.

    +

    The dec_cb callback must return a value as described in NOTES above.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_get_session(3)

    +

    +

    +
    +

    HISTORY

    +

    The SSL_CTX_set_session_ticket_cb(), SSSL_SESSION_set1_ticket_appdata() +and SSL_SESSION_get_ticket_appdata() functions were added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_split_send_fragment.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_split_send_fragment.html new file mode 100755 index 0000000..7fe30f2 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_split_send_fragment.html @@ -0,0 +1,215 @@ + + + + +SSL_CTX_set_split_send_fragment + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_max_send_fragment, SSL_set_max_send_fragment, +SSL_CTX_set_split_send_fragment, SSL_set_split_send_fragment, +SSL_CTX_set_max_pipelines, SSL_set_max_pipelines, +SSL_CTX_set_default_read_buffer_len, SSL_set_default_read_buffer_len, +SSL_CTX_set_tlsext_max_fragment_length, +SSL_set_tlsext_max_fragment_length, +SSL_SESSION_get_max_fragment_length - Control fragment size settings and pipelining operations

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + long SSL_CTX_set_max_send_fragment(SSL_CTX *ctx, long);
+ long SSL_set_max_send_fragment(SSL *ssl, long m);
    +
    + long SSL_CTX_set_max_pipelines(SSL_CTX *ctx, long m);
+ long SSL_set_max_pipelines(SSL_CTX *ssl, long m);
    +
    + long SSL_CTX_set_split_send_fragment(SSL_CTX *ctx, long m);
+ long SSL_set_split_send_fragment(SSL *ssl, long m);
    +
    + void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len);
+ void SSL_set_default_read_buffer_len(SSL *s, size_t len);
    +
    + int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode);
+ int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode);
+ uint8_t SSL_SESSION_get_max_fragment_length(SSL_SESSION *session);
    +

    +

    +
    +

    DESCRIPTION

    +

    Some engines are able to process multiple simultaneous crypto operations. This +capability could be utilised to parallelise the processing of a single +connection. For example a single write can be split into multiple records and +each one encrypted independently and in parallel. Note: this will only work in +TLS1.1+. There is no support in SSLv3, TLSv1.0 or DTLS (any version). This +capability is known as "pipelining" within OpenSSL.

    +

    In order to benefit from the pipelining capability. You need to have an engine +that provides ciphers that support this. The OpenSSL "dasync" engine provides +AES128-SHA based ciphers that have this capability. However these are for +development and test purposes only.

    +

    SSL_CTX_set_max_send_fragment() and SSL_set_max_send_fragment() set the +max_send_fragment parameter for SSL_CTX and SSL objects respectively. This +value restricts the amount of plaintext bytes that will be sent in any one +SSL/TLS record. By default its value is SSL3_RT_MAX_PLAIN_LENGTH (16384). These +functions will only accept a value in the range 512 - SSL3_RT_MAX_PLAIN_LENGTH.

    +

    SSL_CTX_set_max_pipelines() and SSL_set_max_pipelines() set the maximum number +of pipelines that will be used at any one time. This value applies to both +"read" pipelining and "write" pipelining. By default only one pipeline will be +used (i.e. normal non-parallel operation). The number of pipelines set must be +in the range 1 - SSL_MAX_PIPELINES (32). Setting this to a value > 1 will also +automatically turn on "read_ahead" (see SSL_CTX_set_read_ahead(3)). This is +explained further below. OpenSSL will only every use more than one pipeline if +a cipher suite is negotiated that uses a pipeline capable cipher provided by an +engine.

    +

    Pipelining operates slightly differently for reading encrypted data compared to +writing encrypted data. SSL_CTX_set_split_send_fragment() and +SSL_set_split_send_fragment() define how data is split up into pipelines when +writing encrypted data. The number of pipelines used will be determined by the +amount of data provided to the SSL_write_ex() or SSL_write() call divided by +split_send_fragment.

    +

    For example if split_send_fragment is set to 2000 and max_pipelines is 4 +then:

    +

    SSL_write/SSL_write_ex called with 0-2000 bytes == 1 pipeline used

    +

    SSL_write/SSL_write_ex called with 2001-4000 bytes == 2 pipelines used

    +

    SSL_write/SSL_write_ex called with 4001-6000 bytes == 3 pipelines used

    +

    SSL_write/SSL_write_ex called with 6001+ bytes == 4 pipelines used

    +

    split_send_fragment must always be less than or equal to +max_send_fragment. By default it is set to be equal to max_send_fragment. +This will mean that the same number of records will always be created as would +have been created in the non-parallel case, although the data will be +apportioned differently. In the parallel case data will be spread equally +between the pipelines.

    +

    Read pipelining is controlled in a slightly different way than with write +pipelining. While reading we are constrained by the number of records that the +peer (and the network) can provide to us in one go. The more records we can get +in one go the more opportunity we have to parallelise the processing. As noted +above when setting max_pipelines to a value greater than one, read_ahead +is automatically set. The read_ahead parameter causes OpenSSL to attempt to +read as much data into the read buffer as the network can provide and will fit +into the buffer. Without this set data is read into the read buffer one record +at a time. The more data that can be read, the more opportunity there is for +parallelising the processing at the cost of increased memory overhead per +connection. Setting read_ahead can impact the behaviour of the SSL_pending() +function (see SSL_pending(3)).

    +

    The SSL_CTX_set_default_read_buffer_len() and SSL_set_default_read_buffer_len() +functions control the size of the read buffer that will be used. The len +parameter sets the size of the buffer. The value will only be used if it is +greater than the default that would have been used anyway. The normal default +value depends on a number of factors but it will be at least +SSL3_RT_MAX_PLAIN_LENGTH + SSL3_RT_MAX_ENCRYPTED_OVERHEAD (16704) bytes.

    +

    SSL_CTX_set_tlsext_max_fragment_length() sets the default maximum fragment +length negotiation mode via value mode to ctx. +This setting affects only SSL instances created after this function is called. +It affects the client-side as only its side may initiate this extension use.

    +

    SSL_set_tlsext_max_fragment_length() sets the maximum fragment length +negotiation mode via value mode to ssl. +This setting will be used during a handshake when extensions are exchanged +between client and server. +So it only affects SSL sessions created after this function is called. +It affects the client-side as only its side may initiate this extension use.

    +

    SSL_SESSION_get_max_fragment_length() gets the maximum fragment length +negotiated in session.

    +

    +

    +
    +

    RETURN VALUES

    +

    All non-void functions return 1 on success and 0 on failure.

    +

    +

    +
    +

    NOTES

    +

    The Maximum Fragment Length extension support is optional on the server side. +If the server does not support this extension then +SSL_SESSION_get_max_fragment_length() will return: +TLSEXT_max_fragment_length_DISABLED.

    +

    The following modes are available:

    +
    +
    TLSEXT_max_fragment_length_DISABLED
    + +
    +

    Disables Maximum Fragment Length Negotiation (default).

    +
    +
    TLSEXT_max_fragment_length_512
    + +
    +

    Sets Maximum Fragment Length to 512 bytes.

    +
    +
    TLSEXT_max_fragment_length_1024
    + +
    +

    Sets Maximum Fragment Length to 1024.

    +
    +
    TLSEXT_max_fragment_length_2048
    + +
    +

    Sets Maximum Fragment Length to 2048.

    +
    +
    TLSEXT_max_fragment_length_4096
    + +
    +

    Sets Maximum Fragment Length to 4096.

    +
    +
    +

    With the exception of SSL_CTX_set_default_read_buffer_len() +SSL_set_default_read_buffer_len(), SSL_CTX_set_tlsext_max_fragment_length(), +SSL_set_tlsext_max_fragment_length() and SSL_SESSION_get_max_fragment_length() +all these functions are implemented using macros.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_CTX_set_read_ahead(3), SSL_pending(3)

    +

    +

    +
    +

    HISTORY

    +

    The SSL_CTX_set_max_pipelines(), SSL_set_max_pipelines(), +SSL_CTX_set_split_send_fragment(), SSL_set_split_send_fragment(), +SSL_CTX_set_default_read_buffer_len() and SSL_set_default_read_buffer_len() +functions were added in OpenSSL 1.1.0.

    +

    The SSL_CTX_set_tlsext_max_fragment_length(), SSL_set_tlsext_max_fragment_length() +and SSL_SESSION_get_max_fragment_length() functions were added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_srp_password.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_srp_password.html new file mode 100755 index 0000000..0dda921 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_srp_password.html @@ -0,0 +1,241 @@ + + + + +SSL_CTX_set_srp_password + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_srp_username, +SSL_CTX_set_srp_password, +SSL_CTX_set_srp_strength, +SSL_CTX_set_srp_cb_arg, +SSL_CTX_set_srp_username_callback, +SSL_CTX_set_srp_client_pwd_callback, +SSL_CTX_set_srp_verify_param_callback, +SSL_set_srp_server_param, +SSL_set_srp_server_param_pw, +SSL_get_srp_g, +SSL_get_srp_N, +SSL_get_srp_username, +SSL_get_srp_userinfo +- SRP control operations

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_CTX_set_srp_username(SSL_CTX *ctx, char *name);
+ int SSL_CTX_set_srp_password(SSL_CTX *ctx, char *password);
+ int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength);
+ int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg);
+ int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx,
+                                       int (*cb) (SSL *s, int *ad, void *arg));
+ int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx,
+                                         char *(*cb) (SSL *s, void *arg));
+ int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx,
+                                           int (*cb) (SSL *s, void *arg));
    +
    + int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g,
+                              BIGNUM *sa, BIGNUM *v, char *info);
+ int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass,
+                                 const char *grp);
    +
    + BIGNUM *SSL_get_srp_g(SSL *s);
+ BIGNUM *SSL_get_srp_N(SSL *s);
    +
    + char *SSL_get_srp_username(SSL *s);
+ char *SSL_get_srp_userinfo(SSL *s);
    +

    +

    +
    +

    DESCRIPTION

    +

    These functions provide access to SRP (Secure Remote Password) parameters, +an alternate authentication mechanism for TLS. SRP allows the use of user names +and passwords over unencrypted channels without revealing the password to an +eavesdropper. SRP also supplies a shared secret at the end of the authentication +sequence that can be used to generate encryption keys.

    +

    The SRP protocol, version 3 is specified in RFC 2945. SRP version 6 is described +in RFC 5054 with applications to TLS authentication.

    +

    The SSL_CTX_set_srp_username() function sets the SRP username for ctx. This +should be called on the client prior to creating a connection to the server. +The length of name must be shorter or equal to 255 characters.

    +

    The SSL_CTX_set_srp_password() function sets the SRP password for ctx. This +may be called on the client prior to creating a connection to the server. +This overrides the effect of SSL_CTX_set_srp_client_pwd_callback().

    +

    The SSL_CTX_set_srp_strength() function sets the SRP strength for ctx. This +is the minimal length of the SRP prime in bits. If not specified 1024 is used. +If not satisfied by the server key exchange the connection will be rejected.

    +

    The SSL_CTX_set_srp_cb_arg() function sets an extra parameter that will +be passed to all following callbacks as arg.

    +

    The SSL_CTX_set_srp_username_callback() function sets the server side callback +that is invoked when an SRP username is found in a ClientHello. +The callback parameters are the SSL connection s, a writable error flag ad +and the extra argument arg set by SSL_CTX_set_srp_cb_arg(). +This callback should setup the server for the key exchange by calling +SSL_set_srp_server_param() with the appropriate parameters for the received +username. The username can be obtained by calling SSL_get_srp_username(). +See SRP_VBASE_init(3) to parse the verifier file created by openssl-srp(1) or +SRP_create_verifier(3) to generate it. +The callback should return SSL_ERROR_NONE to proceed with the server key exchange, +SSL3_AL_FATAL for a fatal error or any value < 0 for a retryable error. +In the event of a SSL3_AL_FATAL the alert flag given by *al will be sent +back. By default this will be SSL_AD_UNKNOWN_PSK_IDENTITY.

    +

    The SSL_CTX_set_srp_client_pwd_callback() function sets the client password +callback on the client. +The callback parameters are the SSL connection s and the extra argument arg +set by SSL_CTX_set_srp_cb_arg(). +The callback will be called as part of the generation of the client secrets. +It should return the client password in text form or NULL to abort the connection. +The resulting memory will be freed by the library as part of the callback resolution. +This overrides the effect of SSL_CTX_set_srp_password().

    +

    The SSL_CTX_set_srp_verify_param_callback() sets the SRP gN parameter verification +callback on the client. This allows the client to perform custom verification when +receiving the server SRP proposed parameters. +The callback parameters are the SSL connection s and the extra argument arg +set by SSL_CTX_set_srp_cb_arg(). +The callback should return a positive value to accept the server parameters. +Returning 0 or a negative value will abort the connection. The server parameters +can be obtained by calling SSL_get_srp_N() and SSL_get_srp_g(). +Sanity checks are already performed by the library after the handshake +(B % N non zero, check against the strength parameter) and are not necessary. +If no callback is set the g and N parameters will be checked against +known RFC 5054 values.

    +

    The SSL_set_srp_server_param() function sets all SRP parameters for +the connection s. N and g are the SRP group parameters, sa is the +user salt, v the password verifier and info is the optional user info.

    +

    The SSL_set_srp_server_param_pw() function sets all SRP parameters for the +connection s by generating a random salt and a password verifier. +user is the username, pass the password and grp the SRP group parameters +identifier for SRP_get_default_gN(3).

    +

    The SSL_get_srp_g() function returns the SRP group generator for s, or from +the underlying SSL_CTX if it is NULL.

    +

    The SSL_get_srp_N() function returns the SRP prime for s, or from +the underlying SSL_CTX if it is NULL.

    +

    The SSL_get_srp_username() function returns the SRP username for s, or from +the underlying SSL_CTX if it is NULL.

    +

    The SSL_get_srp_userinfo() function returns the SRP user info for s, or from +the underlying SSL_CTX if it is NULL.

    +

    +

    +
    +

    RETURN VALUES

    +

    All SSL_CTX_set_* functions return 1 on success and 0 on failure.

    +

    SSL_set_srp_server_param() returns 1 on success and -1 on failure.

    +

    The SSL_get_SRP_* functions return a pointer to the requested data, the memory +is owned by the library and should not be freed by the caller.

    +

    +

    +
    +

    EXAMPLES

    +

    Setup SRP parameters on the client:

    +
    + #include <openssl/ssl.h>
    +
    + const char *username = "username";
+ const char *password = "password";
    +
    + SSL_CTX *ctx = SSL_CTX_new(TLS_client_method());
+ if (!ctx)
+     /* Error */
+ if (!SSL_CTX_set_srp_username(ctx, username))
+     /* Error */
+ if (!SSL_CTX_set_srp_password(ctx, password))
+     /* Error */
    +

    Setup SRP server with verifier file:

    +
    + #include <openssl/srp.h>
+ #include <openssl/ssl.h>
    +
    + const char *srpvfile = "password.srpv";
    +
    + int srpServerCallback(SSL *s, int *ad, void *arg)
+ {
+     SRP_VBASE *srpData = (SRP_VBASE*) arg;
+     char *username = SSL_get_srp_username(s);
    +
    +     SRP_user_pwd *user_pwd = SRP_VBASE_get1_by_user(srpData, username);
+     if (!user_pwd)
+         /* Error */
+         return SSL3_AL_FATAL;
    +
    +     if (SSL_set_srp_server_param(s, user_pwd->N, user_pwd->g,
+         user_pwd->s, user_pwd->v, user_pwd->info) < 0)
+         /* Error */
    +
    +     SRP_user_pwd_free(user_pwd);
+     return SSL_ERROR_NONE;
+ }
    +
    + SSL_CTX *ctx = SSL_CTX_new(TLS_server_method());
+ if (!ctx)
+     /* Error */
    +
    + /*
+  * seedKey should contain a NUL terminated sequence
+  * of random non NUL bytes
+  */
+ const char *seedKey;
    +
    + SRP_VBASE *srpData = SRP_VBASE_new(seedKey);
+ if (SRP_VBASE_init(srpData, (char*) srpvfile) != SRP_NO_ERROR)
+    /* Error */
    +
    + SSL_CTX_set_srp_cb_arg(ctx, srpData);
+ SSL_CTX_set_srp_username_callback(ctx, srpServerCallback);
    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +openssl-srp(1), +SRP_VBASE_new(3), +SRP_create_verifier(3)

    +

    +

    +
    +

    HISTORY

    +

    These functions were added in OpenSSL 1.0.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_ssl_version.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_ssl_version.html new file mode 100755 index 0000000..1b5f443 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_ssl_version.html @@ -0,0 +1,102 @@ + + + + +SSL_CTX_set_ssl_version + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_ssl_version, SSL_set_ssl_method, SSL_get_ssl_method +- choose a new TLS/SSL method

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *method);
+ int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method);
+ const SSL_METHOD *SSL_get_ssl_method(const SSL *ssl);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set_ssl_version() sets a new default TLS/SSL method for SSL objects +newly created from this ctx. SSL objects already created with +SSL_new(3) are not affected, except when +SSL_clear(3) is being called.

    +

    SSL_set_ssl_method() sets a new TLS/SSL method for a particular ssl +object. It may be reset, when SSL_clear() is called.

    +

    SSL_get_ssl_method() returns a function pointer to the TLS/SSL method +set in ssl.

    +

    +

    +
    +

    NOTES

    +

    The available method choices are described in +SSL_CTX_new(3).

    +

    When SSL_clear(3) is called and no session is connected to +an SSL object, the method of the SSL object is reset to the method currently +set in the corresponding SSL_CTX object.

    +

    +

    +
    +

    RETURN VALUES

    +

    The following return values can occur for SSL_CTX_set_ssl_version() +and SSL_set_ssl_method():

    +
      +
    1. +

      The new choice failed, check the error stack to find out the reason.

      +
      2. +
    2. +

      The operation succeeded.

      +
      3. +
    +

    +

    +
    +

    SEE ALSO

    +

    SSL_CTX_new(3), SSL_new(3), +SSL_clear(3), ssl(7), +SSL_set_connect_state(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_stateless_cookie_generate_cb.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_stateless_cookie_generate_cb.html new file mode 100755 index 0000000..b6eadbc --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_stateless_cookie_generate_cb.html @@ -0,0 +1,132 @@ + + + + +SSL_CTX_set_stateless_cookie_generate_cb + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_stateless_cookie_generate_cb, +SSL_CTX_set_stateless_cookie_verify_cb, +SSL_CTX_set_cookie_generate_cb, +SSL_CTX_set_cookie_verify_cb +- Callback functions for stateless TLS1.3 cookies

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + void SSL_CTX_set_stateless_cookie_generate_cb(
+     SSL_CTX *ctx,
+     int (*gen_stateless_cookie_cb) (SSL *ssl,
+                                     unsigned char *cookie,
+                                     size_t *cookie_len));
+ void SSL_CTX_set_stateless_cookie_verify_cb(
+     SSL_CTX *ctx,
+     int (*verify_stateless_cookie_cb) (SSL *ssl,
+                                        const unsigned char *cookie,
+                                        size_t cookie_len));
    +
    + void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
+                                     int (*app_gen_cookie_cb) (SSL *ssl,
+                                                               unsigned char
+                                                               *cookie,
+                                                               unsigned int
+                                                               *cookie_len));
+ void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
+                                   int (*app_verify_cookie_cb) (SSL *ssl,
+                                                                const unsigned
+                                                                char *cookie,
+                                                                unsigned int
+                                                                cookie_len));
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set_stateless_cookie_generate_cb() sets the callback used by +SSL_stateless(3) to generate the application-controlled portion of the cookie +provided to clients in the HelloRetryRequest transmitted as a response to a +ClientHello with a missing or invalid cookie. gen_stateless_cookie_cb() must +write at most SSL_COOKIE_LENGTH bytes into cookie, and must write the number +of bytes written to cookie_len. If a cookie cannot be generated, a zero +return value can be used to abort the handshake.

    +

    SSL_CTX_set_stateless_cookie_verify_cb() sets the callback used by +SSL_stateless(3) to determine whether the application-controlled portion of a +ClientHello cookie is valid. The cookie data is pointed to by cookie and is of +length cookie_len. A nonzero return value from verify_stateless_cookie_cb() +communicates that the cookie is valid. The integrity of the entire cookie, +including the application-controlled portion, is automatically verified by HMAC +before verify_stateless_cookie_cb() is called.

    +

    SSL_CTX_set_cookie_generate_cb() sets the callback used by DTLSv1_listen(3) +to generate the cookie provided to clients in the HelloVerifyRequest transmitted +as a response to a ClientHello with a missing or invalid cookie. +app_gen_cookie_cb() must write at most DTLS1_COOKIE_LENGTH bytes into +cookie, and must write the number of bytes written to cookie_len. If a +cookie cannot be generated, a zero return value can be used to abort the +handshake.

    +

    SSL_CTX_set_cookie_verify_cb() sets the callback used by DTLSv1_listen(3) to +determine whether the cookie in a ClientHello is valid. The cookie data is +pointed to by cookie and is of length cookie_len. A nonzero return value +from app_verify_cookie_cb() communicates that the cookie is valid. The +integrity of the cookie is not verified by OpenSSL. This is an application +responsibility.

    +

    +

    +
    +

    RETURN VALUES

    +

    Neither function returns a value.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_stateless(3), +DTLSv1_listen(3)

    +

    +

    +
    +

    HISTORY

    +

    SSL_CTX_set_stateless_cookie_generate_cb() and +SSL_CTX_set_stateless_cookie_verify_cb() were added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_timeout.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_timeout.html new file mode 100755 index 0000000..9d64711 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_timeout.html @@ -0,0 +1,101 @@ + + + + +SSL_CTX_set_timeout + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_timeout, SSL_CTX_get_timeout - manipulate timeout values for session caching

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + long SSL_CTX_set_timeout(SSL_CTX *ctx, long t);
+ long SSL_CTX_get_timeout(SSL_CTX *ctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set_timeout() sets the timeout for newly created sessions for +ctx to t. The timeout value t must be given in seconds.

    +

    SSL_CTX_get_timeout() returns the currently set timeout value for ctx.

    +

    +

    +
    +

    NOTES

    +

    Whenever a new session is created, it is assigned a maximum lifetime. This +lifetime is specified by storing the creation time of the session and the +timeout value valid at this time. If the actual time is later than creation +time plus timeout, the session is not reused.

    +

    Due to this realization, all sessions behave according to the timeout value +valid at the time of the session negotiation. Changes of the timeout value +do not affect already established sessions.

    +

    The expiration time of a single session can be modified using the +SSL_SESSION_get_time(3) family of functions.

    +

    Expired sessions are removed from the internal session cache, whenever +SSL_CTX_flush_sessions(3) is called, either +directly by the application or automatically (see +SSL_CTX_set_session_cache_mode(3))

    +

    The default value for session timeout is decided on a per protocol +basis, see SSL_get_default_timeout(3). +All currently supported protocols have the same default timeout value +of 300 seconds.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_set_timeout() returns the previously set timeout value.

    +

    SSL_CTX_get_timeout() returns the currently set timeout value.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_CTX_set_session_cache_mode(3), +SSL_SESSION_get_time(3), +SSL_CTX_flush_sessions(3), +SSL_get_default_timeout(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_tlsext_servername_callback.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_tlsext_servername_callback.html new file mode 100755 index 0000000..28b39e1 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_tlsext_servername_callback.html @@ -0,0 +1,213 @@ + + + + +SSL_CTX_set_tlsext_servername_callback + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_tlsext_servername_callback, SSL_CTX_set_tlsext_servername_arg, +SSL_get_servername_type, SSL_get_servername, +SSL_set_tlsext_host_name - handle server name indication (SNI)

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + long SSL_CTX_set_tlsext_servername_callback(SSL_CTX *ctx,
+                                   int (*cb)(SSL *s, int *al, void *arg));
+ long SSL_CTX_set_tlsext_servername_arg(SSL_CTX *ctx, void *arg);
    +
    + const char *SSL_get_servername(const SSL *s, const int type);
+ int SSL_get_servername_type(const SSL *s);
    +
    + int SSL_set_tlsext_host_name(const SSL *s, const char *name);
    +

    +

    +
    +

    DESCRIPTION

    +

    The functionality provided by the servername callback is mostly superseded by +the ClientHello callback, which can be set using SSL_CTX_set_client_hello_cb(). +However, even where the ClientHello callback is used, the servername callback is +still necessary in order to acknowledge the servername requested by the client.

    +

    SSL_CTX_set_tlsext_servername_callback() sets the application callback cb +used by a server to perform any actions or configuration required based on +the servername extension received in the incoming connection. When cb +is NULL, SNI is not used.

    +

    The servername callback should return one of the following values:

    +
    +
    SSL_TLSEXT_ERR_OK
    + +
    +

    This is used to indicate that the servername requested by the client has been +accepted. Typically a server will call SSL_set_SSL_CTX() in the callback to set +up a different configuration for the selected servername in this case.

    +
    +
    SSL_TLSEXT_ERR_ALERT_FATAL
    + +
    +

    In this case the servername requested by the client is not accepted and the +handshake will be aborted. The value of the alert to be used should be stored in +the location pointed to by the al parameter to the callback. By default this +value is initialised to SSL_AD_UNRECOGNIZED_NAME.

    +
    +
    SSL_TLSEXT_ERR_ALERT_WARNING
    + +
    +

    If this value is returned then the servername is not accepted by the server. +However the handshake will continue and send a warning alert instead. The value +of the alert should be stored in the location pointed to by the al parameter +as for SSL_TLSEXT_ERR_ALERT_FATAL above. Note that TLSv1.3 does not support +warning alerts, so if TLSv1.3 has been negotiated then this return value is +treated the same way as SSL_TLSEXT_ERR_NOACK.

    +
    +
    SSL_TLSEXT_ERR_NOACK
    + +
    +

    This return value indicates that the servername is not accepted by the server. +No alerts are sent and the server will not acknowledge the requested servername.

    +
    +
    +

    SSL_CTX_set_tlsext_servername_arg() sets a context-specific argument to be +passed into the callback (via the arg parameter) for this SSL_CTX.

    +

    The behaviour of SSL_get_servername() depends on a number of different factors. +In particular note that in TLSv1.3 the servername is negotiated in every +handshake. In TLSv1.2 the servername is only negotiated on initial handshakes +and not on resumption handshakes.

    +
    +
    On the client, before the handshake
    + +
    +

    If a servername has been set via a call to SSL_set_tlsext_host_name() then it +will return that servername.

    +

    If one has not been set, but a TLSv1.2 resumption is being attempted and the +session from the original handshake had a servername accepted by the server then +it will return that servername.

    +

    Otherwise it returns NULL.

    +
    +
    On the client, during or after the handshake and a TLSv1.2 (or below) +resumption occurred
    + +
    +

    If the session from the orignal handshake had a servername accepted by the +server then it will return that servername.

    +

    Otherwise it returns the servername set via SSL_set_tlsext_host_name() or NULL +if it was not called.

    +
    +
    On the client, during or after the handshake and a TLSv1.2 (or below) +resumption did not occur
    + +
    +

    It will return the servername set via SSL_set_tlsext_host_name() or NULL if it +was not called.

    +
    +
    On the server, before the handshake
    + +
    +

    The function will always return NULL before the handshake

    +
    +
    On the server, after the servername extension has been processed and a +TLSv1.2 (or below) resumption occurred
    + +
    +

    If a servername was accepted by the server in the original handshake then it +will return that servername, or NULL otherwise.

    +
    +
    On the server, after the servername extension has been processed and a +TLSv1.2 (or below) resumption did not occur
    + +
    +

    The function will return the servername requested by the client in this +handshake or NULL if none was requested.

    +
    +
    +

    Note that the ClientHello callback occurs before a servername extension from the +client is processed. The servername, certificate and ALPN callbacks occur after +a servername extension from the client is processed.

    +

    SSL_get_servername_type() returns the servername type or -1 if no servername +is present. Currently the only supported type (defined in RFC3546) is +TLSEXT_NAMETYPE_host_name.

    +

    SSL_set_tlsext_host_name() sets the server name indication ClientHello extension +to contain the value name. The type of server name indication extension is set +to TLSEXT_NAMETYPE_host_name (defined in RFC3546).

    +

    +

    +
    +

    NOTES

    +

    Several callbacks are executed during ClientHello processing, including +the ClientHello, ALPN, and servername callbacks. The ClientHello callback is +executed first, then the servername callback, followed by the ALPN callback.

    +

    The SSL_set_tlsext_host_name() function should only be called on SSL objects +that will act as clients; otherwise the configured name will be ignored.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_set_tlsext_servername_callback() and +SSL_CTX_set_tlsext_servername_arg() both always return 1 indicating success. +SSL_set_tlsext_host_name() returns 1 on success, 0 in case of error.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_CTX_set_alpn_select_cb(3), +SSL_get0_alpn_selected(3), SSL_CTX_set_client_hello_cb(3)

    +

    +

    +
    +

    HISTORY

    +

    SSL_get_servername() historically provided some unexpected results in certain +corner cases. This has been fixed from OpenSSL 1.1.1e.

    +

    Prior to 1.1.1e, when the client requested a servername in an initial TLSv1.2 +handshake, the server accepted it, and then the client successfully resumed but +set a different explict servername in the second handshake then when called by +the client it returned the servername from the second handshake. This has now +been changed to return the servername requested in the original handshake.

    +

    Also prior to 1.1.1e, if the client sent a servername in the first handshake but +the server did not accept it, and then a second handshake occured where TLSv1.2 +resumption was successful then when called by the server it returned the +servername requested in the original handshake. This has now been changed to +NULL.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_tlsext_status_cb.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_tlsext_status_cb.html new file mode 100755 index 0000000..67cf517 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_tlsext_status_cb.html @@ -0,0 +1,157 @@ + + + + +SSL_CTX_set_tlsext_status_cb + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_tlsext_status_cb, +SSL_CTX_get_tlsext_status_cb, +SSL_CTX_set_tlsext_status_arg, +SSL_CTX_get_tlsext_status_arg, +SSL_CTX_set_tlsext_status_type, +SSL_CTX_get_tlsext_status_type, +SSL_set_tlsext_status_type, +SSL_get_tlsext_status_type, +SSL_get_tlsext_status_ocsp_resp, +SSL_set_tlsext_status_ocsp_resp +- OCSP Certificate Status Request functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/tls1.h>
    +
    + long SSL_CTX_set_tlsext_status_cb(SSL_CTX *ctx, int (*callback)(SSL *, void *));
+ long SSL_CTX_get_tlsext_status_cb(SSL_CTX *ctx, int (**callback)(SSL *, void *));
    +
    + long SSL_CTX_set_tlsext_status_arg(SSL_CTX *ctx, void *arg);
+ long SSL_CTX_get_tlsext_status_arg(SSL_CTX *ctx, void **arg);
    +
    + long SSL_CTX_set_tlsext_status_type(SSL_CTX *ctx, int type);
+ long SSL_CTX_get_tlsext_status_type(SSL_CTX *ctx);
    +
    + long SSL_set_tlsext_status_type(SSL *s, int type);
+ long SSL_get_tlsext_status_type(SSL *s);
    +
    + long SSL_get_tlsext_status_ocsp_resp(ssl, unsigned char **resp);
+ long SSL_set_tlsext_status_ocsp_resp(ssl, unsigned char *resp, int len);
    +

    +

    +
    +

    DESCRIPTION

    +

    A client application may request that a server send back an OCSP status response +(also known as OCSP stapling). To do so the client should call the +SSL_CTX_set_tlsext_status_type() function prior to the creation of any SSL +objects. Alternatively an application can call the SSL_set_tlsext_status_type() +function on an individual SSL object prior to the start of the handshake. +Currently the only supported type is TLSEXT_STATUSTYPE_ocsp. This value +should be passed in the type argument. Calling +SSL_CTX_get_tlsext_status_type() will return the type TLSEXT_STATUSTYPE_ocsp +previously set via SSL_CTX_set_tlsext_status_type() or -1 if not set.

    +

    The client should additionally provide a callback function to decide what to do +with the returned OCSP response by calling SSL_CTX_set_tlsext_status_cb(). The +callback function should determine whether the returned OCSP response is +acceptable or not. The callback will be passed as an argument the value +previously set via a call to SSL_CTX_set_tlsext_status_arg(). Note that the +callback will not be called in the event of a handshake where session resumption +occurs (because there are no Certificates exchanged in such a handshake). +The callback previously set via SSL_CTX_set_tlsext_status_cb() can be retrieved +by calling SSL_CTX_get_tlsext_status_cb(), and the argument by calling +SSL_CTX_get_tlsext_status_arg().

    +

    On the client side SSL_get_tlsext_status_type() can be used to determine whether +the client has previously called SSL_set_tlsext_status_type(). It will return +TLSEXT_STATUSTYPE_ocsp if it has been called or -1 otherwise. On the server +side SSL_get_tlsext_status_type() can be used to determine whether the client +requested OCSP stapling. If the client requested it then this function will +return TLSEXT_STATUSTYPE_ocsp, or -1 otherwise.

    +

    The response returned by the server can be obtained via a call to +SSL_get_tlsext_status_ocsp_resp(). The value *resp will be updated to point +to the OCSP response data and the return value will be the length of that data. +Typically a callback would obtain an OCSP_RESPONSE object from this data via a +call to the d2i_OCSP_RESPONSE() function. If the server has not provided any +response data then *resp will be NULL and the return value from +SSL_get_tlsext_status_ocsp_resp() will be -1.

    +

    A server application must also call the SSL_CTX_set_tlsext_status_cb() function +if it wants to be able to provide clients with OCSP Certificate Status +responses. Typically the server callback would obtain the server certificate +that is being sent back to the client via a call to SSL_get_certificate(); +obtain the OCSP response to be sent back; and then set that response data by +calling SSL_set_tlsext_status_ocsp_resp(). A pointer to the response data should +be provided in the resp argument, and the length of that data should be in +the len argument.

    +

    +

    +
    +

    RETURN VALUES

    +

    The callback when used on the client side should return a negative value on +error; 0 if the response is not acceptable (in which case the handshake will +fail) or a positive value if it is acceptable.

    +

    The callback when used on the server side should return with either +SSL_TLSEXT_ERR_OK (meaning that the OCSP response that has been set should be +returned), SSL_TLSEXT_ERR_NOACK (meaning that an OCSP response should not be +returned) or SSL_TLSEXT_ERR_ALERT_FATAL (meaning that a fatal error has +occurred).

    +

    SSL_CTX_set_tlsext_status_cb(), SSL_CTX_set_tlsext_status_arg(), +SSL_CTX_set_tlsext_status_type(), SSL_set_tlsext_status_type() and +SSL_set_tlsext_status_ocsp_resp() return 0 on error or 1 on success.

    +

    SSL_CTX_get_tlsext_status_type() returns the value previously set by +SSL_CTX_set_tlsext_status_type(), or -1 if not set.

    +

    SSL_get_tlsext_status_ocsp_resp() returns the length of the OCSP response data +or -1 if there is no OCSP response data.

    +

    SSL_get_tlsext_status_type() returns TLSEXT_STATUSTYPE_ocsp on the client +side if SSL_set_tlsext_status_type() was previously called, or on the server +side if the client requested OCSP stapling. Otherwise -1 is returned.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7)

    +

    +

    +
    +

    HISTORY

    +

    The SSL_get_tlsext_status_type(), SSL_CTX_get_tlsext_status_type() +and SSL_CTX_set_tlsext_status_type() functions were added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_tlsext_ticket_key_cb.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_tlsext_ticket_key_cb.html new file mode 100755 index 0000000..93cba2a --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_tlsext_ticket_key_cb.html @@ -0,0 +1,265 @@ + + + + +SSL_CTX_set_tlsext_ticket_key_cb + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_tlsext_ticket_key_evp_cb, +SSL_CTX_set_tlsext_ticket_key_cb +- set a callback for session ticket processing

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/tls1.h>
    +
    + int SSL_CTX_set_tlsext_ticket_key_evp_cb(SSL_CTX sslctx,
+     int (*cb)(SSL *s, unsigned char key_name[16],
+               unsigned char iv[EVP_MAX_IV_LENGTH],
+               EVP_CIPHER_CTX *ctx, EVP_MAC_CTX *hctx, int enc));
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + int SSL_CTX_set_tlsext_ticket_key_cb(SSL_CTX sslctx,
+     int (*cb)(SSL *s, unsigned char key_name[16],
+               unsigned char iv[EVP_MAX_IV_LENGTH],
+               EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc));
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set_tlsext_ticket_key_evp_cb() sets a callback function cb for handling +session tickets for the ssl context sslctx. Session tickets, defined in +RFC5077 provide an enhanced session resumption capability where the server +implementation is not required to maintain per session state. It only applies +to TLS and there is no SSLv3 implementation.

    +

    The callback function cb will be called for every client instigated TLS +session when session ticket extension is presented in the TLS hello +message. It is the responsibility of this function to create or retrieve the +cryptographic parameters and to maintain their state.

    +

    The OpenSSL library uses your callback function to help implement a common TLS +ticket construction state according to RFC5077 Section 4 such that per session +state is unnecessary and a small set of cryptographic variables needs to be +maintained by the callback function implementation.

    +

    In order to reuse a session, a TLS client must send the a session ticket +extension to the server. The client can only send exactly one session ticket. +The server, through the callback function, either agrees to reuse the session +ticket information or it starts a full TLS handshake to create a new session +ticket.

    +

    Before the callback function is started ctx and hctx have been +initialised with EVP_CIPHER_CTX_reset(3) and EVP_MAC_CTX_new(3) +respectively.

    +

    For new sessions tickets, when the client doesn't present a session ticket, or +an attempted retrieval of the ticket failed, or a renew option was indicated, +the callback function will be called with enc equal to 1. The OpenSSL +library expects that the function will set an arbitrary name, initialize +iv, and set the cipher context ctx and the hash context hctx.

    +

    The name is 16 characters long and is used as a key identifier.

    +

    The iv length is the length of the IV of the corresponding cipher. The +maximum IV length is EVP_MAX_IV_LENGTH bytes defined in evp.h.

    +

    The initialization vector iv should be a random value. The cipher context +ctx should use the initialisation vector iv. The cipher context can be +set using EVP_EncryptInit_ex(3). The hmac context and digest can be set using +EVP_MAC_CTX_set_params(3) with the OSSL_MAC_PARAM_KEY and +OSSL_MAC_PARAM_DIGEST parameters respectively.

    +

    When the client presents a session ticket, the callback function with be called +with enc set to 0 indicating that the cb function should retrieve a set +of parameters. In this case name and iv have already been parsed out of +the session ticket. The OpenSSL library expects that the name will be used +to retrieve a cryptographic parameters and that the cryptographic context +ctx will be set with the retrieved parameters and the initialization vector +iv. using a function like EVP_DecryptInit_ex(3). The key material and +digest for hctx need to be set using EVP_MAC_CTX_set_params(3) with the +OSSL_MAC_PARAM_KEY and OSSL_MAC_PARAM_DIGEST parameters respectively.

    +

    If the name is still valid but a renewal of the ticket is required the +callback function should return 2. The library will call the callback again +with an argument of enc equal to 1 to set the new ticket.

    +

    The return value of the cb function is used by OpenSSL to determine what +further processing will occur. The following return values have meaning:

    +
      +
    1. +

      This indicates that the ctx and hctx have been set and the session can +continue on those parameters. Additionally it indicates that the session +ticket is in a renewal period and should be replaced. The OpenSSL library will +call cb again with an enc argument of 1 to set the new ticket (see RFC5077 +3.3 paragraph 2).

      +
      2. +
    2. +

      This indicates that the ctx and hctx have been set and the session can +continue on those parameters.

      +
      3. +
    3. +

      This indicates that it was not possible to set/retrieve a session ticket and +the SSL/TLS session will continue by negotiating a set of cryptographic +parameters or using the alternate SSL/TLS resumption mechanism, session ids.

      +

      If called with enc equal to 0 the library will call the cb again to get +a new set of parameters.

      + +
      less than 0
      + +
      +

      This indicates an error.

      +
      4. +
    +

    The SSL_CTX_set_tlsext_ticket_key_cb() function is identical to +SSL_CTX_set_tlsext_ticket_key_evp_cb() except that it takes a deprecated +HMAC_CTX pointer instead of an EVP_MAC_CTX one. +Before this callback function is started hctx will have been +initialised with EVP_MAC_CTX_new(3) and the digest set with +EVP_MAC_CTX_set_params(3). +The hctx key material can be set using HMAC_Init_ex(3).

    +

    +

    +
    +

    NOTES

    +

    Session resumption shortcuts the TLS so that the client certificate +negotiation don't occur. It makes up for this by storing client certificate +an all other negotiated state information encrypted within the ticket. In a +resumed session the applications will have all this state information available +exactly as if a full negotiation had occurred.

    +

    If an attacker can obtain the key used to encrypt a session ticket, they can +obtain the master secret for any ticket using that key and decrypt any traffic +using that session: even if the cipher suite supports forward secrecy. As +a result applications may wish to use multiple keys and avoid using long term +keys stored in files.

    +

    Applications can use longer keys to maintain a consistent level of security. +For example if a cipher suite uses 256 bit ciphers but only a 128 bit ticket key +the overall security is only 128 bits because breaking the ticket key will +enable an attacker to obtain the session keys.

    +

    +

    +
    +

    RETURN VALUES

    +

    returns 0 to indicate the callback function was set.

    +

    +

    +
    +

    EXAMPLES

    +

    Reference Implementation:

    +
    + SSL_CTX_set_tlsext_ticket_key_evp_cb(SSL, ssl_tlsext_ticket_key_cb);
+ ...
    +
    + static int ssl_tlsext_ticket_key_cb(SSL *s, unsigned char key_name[16],
+                                     unsigned char *iv, EVP_CIPHER_CTX *ctx,
+                                     EVP_MAC_CTX *hctx, int enc)
+ {
+     OSSL_PARAM params[3];
    +
    +     if (enc) { /* create new session */
+         if (RAND_bytes(iv, EVP_MAX_IV_LENGTH) <= 0)
+             return -1; /* insufficient random */
    +
    +         key = currentkey(); /* something that you need to implement */
+         if (key == NULL) {
+             /* current key doesn't exist or isn't valid */
+             key = createkey(); /*
+                                 * Something that you need to implement.
+                                 * createkey needs to initialise a name,
+                                 * an aes_key, a hmac_key and optionally
+                                 * an expire time.
+                                 */
+             if (key == NULL) /* key couldn't be created */
+                 return 0;
+         }
+         memcpy(key_name, key->name, 16);
    +
    +         EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key->aes_key, iv);
    +
    +         params[0] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY,
+                                                       key->hmac_key, 16);
+         params[1] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST,
+                                                      "sha256", 0);
+         params[2] = OSSL_PARAM_construct_end();
+         EVP_MAC_CTX_set_params(hctx, params);
    +
    +         return 1;
    +
    +     } else { /* retrieve session */
+         key = findkey(name);
    +
    +         if (key == NULL || key->expire < now())
+             return 0;
    +
    +         params[0] = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
+                                                       key->hmac_key, 16);
+         params[1] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST,
+                                                      "sha256", 0);
+         params[2] = OSSL_PARAM_construct_end();
+         EVP_MAC_CTX_set_params(hctx, params);
    +
    +         EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key->aes_key, iv);
    +
    +         if (key->expire < now() - RENEW_TIME) {
+             /*
+              * return 2 - This session will get a new ticket even though the
+              * current one is still valid.
+              */
+             return 2;
+         }
+         return 1;
+     }
+ }
    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_set_session(3), +SSL_session_reused(3), +SSL_CTX_add_session(3), +SSL_CTX_sess_number(3), +SSL_CTX_sess_set_get_cb(3), +SSL_CTX_set_session_id_context(3),

    +

    +

    +
    +

    HISTORY

    +

    The SSL_CTX_set_tlsext_ticket_key_cb() function was deprecated in OpenSSL 3.0.

    +

    The SSL_CTX_set_tlsext_ticket_key_evp_cb() function was introduced in +OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_tlsext_use_srtp.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_tlsext_use_srtp.html new file mode 100755 index 0000000..399c1d7 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_tlsext_use_srtp.html @@ -0,0 +1,142 @@ + + + + +SSL_CTX_set_tlsext_use_srtp + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_tlsext_use_srtp, +SSL_set_tlsext_use_srtp, +SSL_get_srtp_profiles, +SSL_get_selected_srtp_profile +- Configure and query SRTP support

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/srtp.h>
    +
    + int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles);
+ int SSL_set_tlsext_use_srtp(SSL *ssl, const char *profiles);
    +
    + STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl);
+ SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s);
    +

    +

    +
    +

    DESCRIPTION

    +

    SRTP is the Secure Real-Time Transport Protocol. OpenSSL implements support for +the "use_srtp" DTLS extension defined in RFC5764. This provides a mechanism for +establishing SRTP keying material, algorithms and parameters using DTLS. This +capability may be used as part of an implementation that conforms to RFC5763. +OpenSSL does not implement SRTP itself or RFC5763. Note that OpenSSL does not +support the use of SRTP Master Key Identifiers (MKIs). Also note that this +extension is only supported in DTLS. Any SRTP configuration will be ignored if a +TLS connection is attempted.

    +

    An OpenSSL client wishing to send the "use_srtp" extension should call +SSL_CTX_set_tlsext_use_srtp() to set its use for all SSL objects subsequently +created from an SSL_CTX. Alternatively a client may call +SSL_set_tlsext_use_srtp() to set its use for an individual SSL object. The +profiles parameters should point to a NUL-terminated, colon delimited list of +SRTP protection profile names.

    +

    The currently supported protection profile names are:

    +
    +
    SRTP_AES128_CM_SHA1_80
    + +
    +

    This corresponds to SRTP_AES128_CM_HMAC_SHA1_80 defined in RFC5764.

    +
    +
    SRTP_AES128_CM_SHA1_32
    + +
    +

    This corresponds to SRTP_AES128_CM_HMAC_SHA1_32 defined in RFC5764.

    +
    +
    SRTP_AEAD_AES_128_GCM
    + +
    +

    This corresponds to the profile of the same name defined in RFC7714.

    +
    +
    SRTP_AEAD_AES_256_GCM
    + +
    +

    This corresponds to the profile of the same name defined in RFC7714.

    +
    +
    +

    Supplying an unrecognised protection profile name will result in an error.

    +

    An OpenSSL server wishing to support the "use_srtp" extension should also call +SSL_CTX_set_tlsext_use_srtp() or SSL_set_tlsext_use_srtp() to indicate the +protection profiles that it is willing to negotiate.

    +

    The currently configured list of protection profiles for either a client or a +server can be obtained by calling SSL_get_srtp_profiles(). This returns a stack +of SRTP_PROTECTION_PROFILE objects. The memory pointed to in the return value of +this function should not be freed by the caller.

    +

    After a handshake has been completed the negotiated SRTP protection profile (if +any) can be obtained (on the client or the server) by calling +SSL_get_selected_srtp_profile(). This function will return NULL if no SRTP +protection profile was negotiated. The memory returned from this function should +not be freed by the caller.

    +

    If an SRTP protection profile has been successfully negotiated then the SRTP +keying material (on both the client and server) should be obtained via a call to +SSL_export_keying_material(3). This call should provide a label value of +"EXTRACTOR-dtls_srtp" and a NULL context value (use_context is 0). The total +length of keying material obtained should be equal to two times the sum of the +master key length and the salt length as defined for the protection profile in +use. This provides the client write master key, the server write master key, the +client write master salt and the server write master salt in that order.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_set_tlsext_use_srtp() and SSL_set_tlsext_use_srtp() return 0 on success +or 1 on error.

    +

    SSL_get_srtp_profiles() returns a stack of SRTP_PROTECTION_PROFILE objects on +success or NULL on error or if no protection profiles have been configured.

    +

    SSL_get_selected_srtp_profile() returns a pointer to an SRTP_PROTECTION_PROFILE +object if one has been negotiated or NULL otherwise.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_export_keying_material(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_tmp_dh_callback.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_tmp_dh_callback.html new file mode 100755 index 0000000..58c9ba6 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_tmp_dh_callback.html @@ -0,0 +1,163 @@ + + + + +SSL_CTX_set_tmp_dh_callback + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh, SSL_set_tmp_dh_callback, SSL_set_tmp_dh - handle DH keys for ephemeral key exchange

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
+                                  DH *(*tmp_dh_callback)(SSL *ssl, int is_export,
+                                                         int keylength));
+ long SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh);
    +
    + void SSL_set_tmp_dh_callback(SSL *ctx,
+                              DH *(*tmp_dh_callback)(SSL *ssl, int is_export,
+                                                     int keylength));
+ long SSL_set_tmp_dh(SSL *ssl, DH *dh)
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set_tmp_dh_callback() sets the callback function for ctx to be +used when a DH parameters are required to tmp_dh_callback. +The callback is inherited by all ssl objects created from ctx.

    +

    SSL_CTX_set_tmp_dh() sets DH parameters to be used to be dh. +The key is inherited by all ssl objects created from ctx.

    +

    SSL_set_tmp_dh_callback() sets the callback only for ssl.

    +

    SSL_set_tmp_dh() sets the parameters only for ssl.

    +

    These functions apply to SSL/TLS servers only.

    +

    +

    +
    +

    NOTES

    +

    When using a cipher with RSA authentication, an ephemeral DH key exchange +can take place. Ciphers with DSA keys always use ephemeral DH keys as well. +In these cases, the session data are negotiated using the +ephemeral/temporary DH key and the key supplied and certified +by the certificate chain is only used for signing. +Anonymous ciphers (without a permanent server key) also use ephemeral DH keys.

    +

    Using ephemeral DH key exchange yields forward secrecy, as the connection +can only be decrypted, when the DH key is known. By generating a temporary +DH key inside the server application that is lost when the application +is left, it becomes impossible for an attacker to decrypt past sessions, +even if he gets hold of the normal (certified) key, as this key was +only used for signing.

    +

    In order to perform a DH key exchange the server must use a DH group +(DH parameters) and generate a DH key. The server will always generate +a new DH key during the negotiation.

    +

    As generating DH parameters is extremely time consuming, an application +should not generate the parameters on the fly but supply the parameters. +DH parameters can be reused, as the actual key is newly generated during +the negotiation. The risk in reusing DH parameters is that an attacker +may specialize on a very often used DH group. Applications should therefore +generate their own DH parameters during the installation process using the +openssl openssl-dhparam(1) application. This application +guarantees that "strong" primes are used.

    +

    Files dh2048.pem, and dh4096.pem in the 'apps' directory of the current +version of the OpenSSL distribution contain the 'SKIP' DH parameters, +which use safe primes and were generated verifiably pseudo-randomly. +These files can be converted into C code using the -C option of the +openssl-dhparam(1) application. Generation of custom DH +parameters during installation should still be preferred to stop an +attacker from specializing on a commonly used group. File dh1024.pem +contains old parameters that must not be used by applications.

    +

    An application may either directly specify the DH parameters or +can supply the DH parameters via a callback function.

    +

    Previous versions of the callback used is_export and keylength +parameters to control parameter generation for export and non-export +cipher suites. Modern servers that do not support export cipher suites +are advised to either use SSL_CTX_set_tmp_dh() or alternatively, use +the callback but ignore keylength and is_export and simply +supply at least 2048-bit parameters in the callback.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_set_tmp_dh_callback() and SSL_set_tmp_dh_callback() do not return +diagnostic output.

    +

    SSL_CTX_set_tmp_dh() and SSL_set_tmp_dh() do return 1 on success and 0 +on failure. Check the error queue to find out the reason of failure.

    +

    +

    +
    +

    EXAMPLES

    +

    Setup DH parameters with a key length of 2048 bits. (Error handling +partly left out.)

    +

    Command-line parameter generation:

    +
    + $ openssl dhparam -out dh_param_2048.pem 2048
    +

    Code for setting up parameters during server initialization:

    +
    + SSL_CTX ctx = SSL_CTX_new();
    +
    + DH *dh_2048 = NULL;
+ FILE *paramfile = fopen("dh_param_2048.pem", "r");
    +
    + if (paramfile) {
+     dh_2048 = PEM_read_DHparams(paramfile, NULL, NULL, NULL);
+     fclose(paramfile);
+ } else {
+     /* Error. */
+ }
+ if (dh_2048 == NULL)
+     /* Error. */
+ if (SSL_CTX_set_tmp_dh(ctx, dh_2048) != 1)
+     /* Error. */
+ ...
    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_CTX_set_cipher_list(3), +SSL_CTX_set_options(3), +openssl-ciphers(1), openssl-dhparam(1)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_tmp_ecdh.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_tmp_ecdh.html new file mode 100755 index 0000000..719fba0 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_tmp_ecdh.html @@ -0,0 +1,85 @@ + + + + +SSL_CTX_set_tmp_ecdh + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_tmp_ecdh, SSL_set_tmp_ecdh, SSL_CTX_set_ecdh_auto, SSL_set_ecdh_auto +- handle ECDH keys for ephemeral key exchange

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + long SSL_CTX_set_tmp_ecdh(SSL_CTX *ctx, const EC_KEY *ecdh);
+ long SSL_set_tmp_ecdh(SSL *ssl, const EC_KEY *ecdh);
    +
    + long SSL_CTX_set_ecdh_auto(SSL_CTX *ctx, int state);
+ long SSL_set_ecdh_auto(SSL *ssl, int state);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set_tmp_ecdh() sets ECDH parameters to be used to be ecdh. +The key is inherited by all ssl objects created from ctx. +This macro is deprecated in favor of SSL_CTX_set1_groups(3).

    +

    SSL_set_tmp_ecdh() sets the parameters only for ssl. +This macro is deprecated in favor of SSL_set1_groups(3).

    +

    SSL_CTX_set_ecdh_auto() and SSL_set_ecdh_auto() are deprecated and +have no effect.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_set_tmp_ecdh() and SSL_set_tmp_ecdh() return 1 on success and 0 +on failure.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_CTX_set1_curves(3), SSL_CTX_set_cipher_list(3), +SSL_CTX_set_options(3), SSL_CTX_set_tmp_dh_callback(3), +openssl-ciphers(1), openssl-ecparam(1)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_verify.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_verify.html new file mode 100755 index 0000000..72ae85a --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_set_verify.html @@ -0,0 +1,383 @@ + + + + +SSL_CTX_set_verify + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_get_ex_data_X509_STORE_CTX_idx, +SSL_CTX_set_verify, SSL_set_verify, +SSL_CTX_set_verify_depth, SSL_set_verify_depth, +SSL_verify_cb, +SSL_verify_client_post_handshake, +SSL_set_post_handshake_auth, +SSL_CTX_set_post_handshake_auth +- set peer certificate verification parameters

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx);
    +
    + void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, SSL_verify_cb verify_callback);
+ void SSL_set_verify(SSL *ssl, int mode, SSL_verify_cb verify_callback);
+ SSL_get_ex_data_X509_STORE_CTX_idx(void);
    +
    + void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth);
+ void SSL_set_verify_depth(SSL *ssl, int depth);
    +
    + int SSL_verify_client_post_handshake(SSL *ssl);
+ void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val);
+ void SSL_set_post_handshake_auth(SSL *ssl, int val);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set_verify() sets the verification flags for ctx to be mode and +specifies the verify_callback function to be used. If no callback function +shall be specified, the NULL pointer can be used for verify_callback.

    +

    SSL_set_verify() sets the verification flags for ssl to be mode and +specifies the verify_callback function to be used. If no callback function +shall be specified, the NULL pointer can be used for verify_callback. In +this case last verify_callback set specifically for this ssl remains. If +no special callback was set before, the default callback for the underlying +ctx is used, that was valid at the time ssl was created with +SSL_new(3). Within the callback function, +SSL_get_ex_data_X509_STORE_CTX_idx can be called to get the data index +of the current SSL object that is doing the verification.

    +

    SSL_CTX_set_verify_depth() sets the maximum depth for the certificate chain +verification that shall be allowed for ctx.

    +

    SSL_set_verify_depth() sets the maximum depth for the certificate chain +verification that shall be allowed for ssl.

    +

    SSL_CTX_set_post_handshake_auth() and SSL_set_post_handshake_auth() enable the +Post-Handshake Authentication extension to be added to the ClientHello such that +post-handshake authentication can be requested by the server. If val is 0 +then the extension is not sent, otherwise it is. By default the extension is not +sent. A certificate callback will need to be set via +SSL_CTX_set_client_cert_cb() if no certificate is provided at initialization.

    +

    SSL_verify_client_post_handshake() causes a CertificateRequest message to be +sent by a server on the given ssl connection. The SSL_VERIFY_PEER flag must +be set; the SSL_VERIFY_POST_HANDSHAKE flag is optional.

    +

    +

    +
    +

    NOTES

    +

    The verification of certificates can be controlled by a set of logically +or'ed mode flags:

    +
    +
    SSL_VERIFY_NONE
    + +
    +

    Server mode: the server will not send a client certificate request to the +client, so the client will not send a certificate.

    +

    Client mode: if not using an anonymous cipher (by default disabled), the +server will send a certificate which will be checked. The result of the +certificate verification process can be checked after the TLS/SSL handshake +using the SSL_get_verify_result(3) function. +The handshake will be continued regardless of the verification result.

    +
    +
    SSL_VERIFY_PEER
    + +
    +

    Server mode: the server sends a client certificate request to the client. +The certificate returned (if any) is checked. If the verification process +fails, the TLS/SSL handshake is +immediately terminated with an alert message containing the reason for +the verification failure. +The behaviour can be controlled by the additional +SSL_VERIFY_FAIL_IF_NO_PEER_CERT, SSL_VERIFY_CLIENT_ONCE and +SSL_VERIFY_POST_HANDSHAKE flags.

    +

    Client mode: the server certificate is verified. If the verification process +fails, the TLS/SSL handshake is +immediately terminated with an alert message containing the reason for +the verification failure. If no server certificate is sent, because an +anonymous cipher is used, SSL_VERIFY_PEER is ignored.

    +
    +
    SSL_VERIFY_FAIL_IF_NO_PEER_CERT
    + +
    +

    Server mode: if the client did not return a certificate, the TLS/SSL +handshake is immediately terminated with a "handshake failure" alert. +This flag must be used together with SSL_VERIFY_PEER.

    +

    Client mode: ignored (see BUGS)

    +
    +
    SSL_VERIFY_CLIENT_ONCE
    + +
    +

    Server mode: only request a client certificate once during the +connection. Do not ask for a client certificate again during +renegotiation or post-authentication if a certificate was requested +during the initial handshake. This flag must be used together with +SSL_VERIFY_PEER.

    +

    Client mode: ignored (see BUGS)

    +
    +
    SSL_VERIFY_POST_HANDSHAKE
    + +
    +

    Server mode: the server will not send a client certificate request +during the initial handshake, but will send the request via +SSL_verify_client_post_handshake(). This allows the SSL_CTX or SSL +to be configured for post-handshake peer verification before the +handshake occurs. This flag must be used together with +SSL_VERIFY_PEER. TLSv1.3 only; no effect on pre-TLSv1.3 connections.

    +

    Client mode: ignored (see BUGS)

    +
    +
    +

    If the mode is SSL_VERIFY_NONE none of the other flags may be set.

    +

    The actual verification procedure is performed either using the built-in +verification procedure or using another application provided verification +function set with +SSL_CTX_set_cert_verify_callback(3). +The following descriptions apply in the case of the built-in procedure. An +application provided procedure also has access to the verify depth information +and the verify_callback() function, but the way this information is used +may be different.

    +

    SSL_CTX_set_verify_depth() and SSL_set_verify_depth() set a limit on the +number of certificates between the end-entity and trust-anchor certificates. +Neither the +end-entity nor the trust-anchor certificates count against depth. If the +certificate chain needed to reach a trusted issuer is longer than depth+2, +X509_V_ERR_CERT_CHAIN_TOO_LONG will be issued. +The depth count is "level 0:peer certificate", "level 1: CA certificate", +"level 2: higher level CA certificate", and so on. Setting the maximum +depth to 2 allows the levels 0, 1, 2 and 3 (0 being the end-entity and 3 the +trust-anchor). +The default depth limit is 100, +allowing for the peer certificate, at most 100 intermediate CA certificates and +a final trust anchor certificate.

    +

    The verify_callback function is used to control the behaviour when the +SSL_VERIFY_PEER flag is set. It must be supplied by the application and +receives two arguments: preverify_ok indicates, whether the verification of +the certificate in question was passed (preverify_ok=1) or not +(preverify_ok=0). x509_ctx is a pointer to the complete context used +for the certificate chain verification.

    +

    The certificate chain is checked starting with the deepest nesting level +(the root CA certificate) and worked upward to the peer's certificate. +At each level signatures and issuer attributes are checked. Whenever +a verification error is found, the error number is stored in x509_ctx +and verify_callback is called with preverify_ok=0. By applying +X509_CTX_store_* functions verify_callback can locate the certificate +in question and perform additional steps (see EXAMPLES). If no error is +found for a certificate, verify_callback is called with preverify_ok=1 +before advancing to the next level.

    +

    The return value of verify_callback controls the strategy of the further +verification process. If verify_callback returns 0, the verification +process is immediately stopped with "verification failed" state. If +SSL_VERIFY_PEER is set, a verification failure alert is sent to the peer and +the TLS/SSL handshake is terminated. If verify_callback returns 1, +the verification process is continued. If verify_callback always returns +1, the TLS/SSL handshake will not be terminated with respect to verification +failures and the connection will be established. The calling process can +however retrieve the error code of the last verification error using +SSL_get_verify_result(3) or by maintaining its +own error storage managed by verify_callback.

    +

    If no verify_callback is specified, the default callback will be used. +Its return value is identical to preverify_ok, so that any verification +failure will lead to a termination of the TLS/SSL handshake with an +alert message, if SSL_VERIFY_PEER is set.

    +

    After calling SSL_set_post_handshake_auth(), the client will need to add a +certificate or certificate callback to its configuration before it can +successfully authenticate. This must be called before SSL_connect().

    +

    SSL_verify_client_post_handshake() requires that verify flags have been +previously set, and that a client sent the post-handshake authentication +extension. When the client returns a certificate the verify callback will be +invoked. A write operation must take place for the Certificate Request to be +sent to the client, this can be done with SSL_do_handshake() or SSL_write_ex(). +Only one certificate request may be outstanding at any time.

    +

    When post-handshake authentication occurs, a refreshed NewSessionTicket +message is sent to the client.

    +

    +

    +
    +

    BUGS

    +

    In client mode, it is not checked whether the SSL_VERIFY_PEER flag +is set, but whether any flags other than SSL_VERIFY_NONE are set. This can +lead to unexpected behaviour if SSL_VERIFY_PEER and other flags are not used as +required.

    +

    +

    +
    +

    RETURN VALUES

    +

    The SSL*_set_verify*() functions do not provide diagnostic information.

    +

    The SSL_verify_client_post_handshake() function returns 1 if the request +succeeded, and 0 if the request failed. The error stack can be examined +to determine the failure reason.

    +

    +

    +
    +

    EXAMPLES

    +

    The following code sequence realizes an example verify_callback function +that will always continue the TLS/SSL handshake regardless of verification +failure, if wished. The callback realizes a verification depth limit with +more informational output.

    +

    All verification errors are printed; information about the certificate chain +is printed on request. +The example is realized for a server that does allow but not require client +certificates.

    +

    The example makes use of the ex_data technique to store application data +into/retrieve application data from the SSL structure +(see CRYPTO_get_ex_new_index(3), +SSL_get_ex_data_X509_STORE_CTX_idx(3)).

    +
    + ...
+ typedef struct {
+   int verbose_mode;
+   int verify_depth;
+   int always_continue;
+ } mydata_t;
+ int mydata_index;
    +
    + ...
+ static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
+ {
+     char    buf[256];
+     X509   *err_cert;
+     int     err, depth;
+     SSL    *ssl;
+     mydata_t *mydata;
    +
    +     err_cert = X509_STORE_CTX_get_current_cert(ctx);
+     err = X509_STORE_CTX_get_error(ctx);
+     depth = X509_STORE_CTX_get_error_depth(ctx);
    +
    +     /*
+      * Retrieve the pointer to the SSL of the connection currently treated
+      * and the application specific data stored into the SSL object.
+      */
+     ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
+     mydata = SSL_get_ex_data(ssl, mydata_index);
    +
    +     X509_NAME_oneline(X509_get_subject_name(err_cert), buf, 256);
    +
    +     /*
+      * Catch a too long certificate chain. The depth limit set using
+      * SSL_CTX_set_verify_depth() is by purpose set to "limit+1" so
+      * that whenever the "depth>verify_depth" condition is met, we
+      * have violated the limit and want to log this error condition.
+      * We must do it here, because the CHAIN_TOO_LONG error would not
+      * be found explicitly; only errors introduced by cutting off the
+      * additional certificates would be logged.
+      */
+     if (depth > mydata->verify_depth) {
+         preverify_ok = 0;
+         err = X509_V_ERR_CERT_CHAIN_TOO_LONG;
+         X509_STORE_CTX_set_error(ctx, err);
+     }
+     if (!preverify_ok) {
+         printf("verify error:num=%d:%s:depth=%d:%s\n", err,
+                X509_verify_cert_error_string(err), depth, buf);
+     } else if (mydata->verbose_mode) {
+         printf("depth=%d:%s\n", depth, buf);
+     }
    +
    +     /*
+      * At this point, err contains the last verification error. We can use
+      * it for something special
+      */
+     if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT)) {
+         X509_NAME_oneline(X509_get_issuer_name(err_cert), buf, 256);
+         printf("issuer= %s\n", buf);
+     }
    +
    +     if (mydata->always_continue)
+         return 1;
+     else
+         return preverify_ok;
+ }
+ ...
    +
    + mydata_t mydata;
    +
    + ...
+ mydata_index = SSL_get_ex_new_index(0, "mydata index", NULL, NULL, NULL);
    +
    + ...
+ SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE,
+                    verify_callback);
    +
    + /*
+  * Let the verify_callback catch the verify_depth error so that we get
+  * an appropriate error in the logfile.
+  */
+ SSL_CTX_set_verify_depth(verify_depth + 1);
    +
    + /*
+  * Set up the SSL specific data into "mydata" and store it into th SSL
+  * structure.
+  */
+ mydata.verify_depth = verify_depth; ...
+ SSL_set_ex_data(ssl, mydata_index, &mydata);
    +
    + ...
+ SSL_accept(ssl);       /* check of success left out for clarity */
+ if (peer = SSL_get_peer_certificate(ssl)) {
+     if (SSL_get_verify_result(ssl) == X509_V_OK) {
+         /* The client sent a certificate which verified OK */
+     }
+ }
    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_new(3), +SSL_CTX_get_verify_mode(3), +SSL_get_verify_result(3), +SSL_CTX_load_verify_locations(3), +SSL_get_peer_certificate(3), +SSL_CTX_set_cert_verify_callback(3), +SSL_get_ex_data_X509_STORE_CTX_idx(3), +SSL_CTX_set_client_cert_cb(3), +CRYPTO_get_ex_new_index(3)

    +

    +

    +
    +

    HISTORY

    +

    The SSL_VERIFY_POST_HANDSHAKE option, and the SSL_verify_client_post_handshake() +and SSL_set_post_handshake_auth() functions were added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_use_certificate.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_use_certificate.html new file mode 100755 index 0000000..7743c39 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_use_certificate.html @@ -0,0 +1,227 @@ + + + + +SSL_CTX_use_certificate + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_use_certificate, SSL_CTX_use_certificate_ASN1, +SSL_CTX_use_certificate_file, SSL_use_certificate, SSL_use_certificate_ASN1, +SSL_use_certificate_file, SSL_CTX_use_certificate_chain_file, +SSL_use_certificate_chain_file, +SSL_CTX_use_PrivateKey, SSL_CTX_use_PrivateKey_ASN1, +SSL_CTX_use_PrivateKey_file, SSL_CTX_use_RSAPrivateKey, +SSL_CTX_use_RSAPrivateKey_ASN1, SSL_CTX_use_RSAPrivateKey_file, +SSL_use_PrivateKey_file, SSL_use_PrivateKey_ASN1, SSL_use_PrivateKey, +SSL_use_RSAPrivateKey, SSL_use_RSAPrivateKey_ASN1, +SSL_use_RSAPrivateKey_file, SSL_CTX_check_private_key, SSL_check_private_key, +SSL_CTX_use_cert_and_key, SSL_use_cert_and_key +- load certificate and key data

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
+ int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d);
+ int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);
+ int SSL_use_certificate(SSL *ssl, X509 *x);
+ int SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len);
+ int SSL_use_certificate_file(SSL *ssl, const char *file, int type);
    +
    + int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file);
+ int SSL_use_certificate_chain_file(SSL *ssl, const char *file);
    +
    + int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
+ int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, unsigned char *d,
+                                 long len);
+ int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);
+ int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
+ int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len);
+ int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);
+ int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
+ int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, unsigned char *d, long len);
+ int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);
+ int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
+ int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
+ int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
    +
    + int SSL_CTX_check_private_key(const SSL_CTX *ctx);
+ int SSL_check_private_key(const SSL *ssl);
    +
    + int SSL_CTX_use_cert_and_key(SSL_CTX *ctx, X509 *x, EVP_PKEY *pkey, STACK_OF(X509) *chain, int override);
+ int SSL_use_cert_and_key(SSL *ssl, X509 *x, EVP_PKEY *pkey, STACK_OF(X509) *chain, int override);
    +

    +

    +
    +

    DESCRIPTION

    +

    These functions load the certificates and private keys into the SSL_CTX +or SSL object, respectively.

    +

    The SSL_CTX_* class of functions loads the certificates and keys into the +SSL_CTX object ctx. The information is passed to SSL objects ssl +created from ctx with SSL_new(3) by copying, so that +changes applied to ctx do not propagate to already existing SSL objects.

    +

    The SSL_* class of functions only loads certificates and keys into a +specific SSL object. The specific information is kept, when +SSL_clear(3) is called for this SSL object.

    +

    SSL_CTX_use_certificate() loads the certificate x into ctx, +SSL_use_certificate() loads x into ssl. The rest of the +certificates needed to form the complete certificate chain can be +specified using the +SSL_CTX_add_extra_chain_cert(3) +function.

    +

    SSL_CTX_use_certificate_ASN1() loads the ASN1 encoded certificate from +the memory location d (with length len) into ctx, +SSL_use_certificate_ASN1() loads the ASN1 encoded certificate into ssl.

    +

    SSL_CTX_use_certificate_file() loads the first certificate stored in file +into ctx. The formatting type of the certificate must be specified +from the known types SSL_FILETYPE_PEM, SSL_FILETYPE_ASN1. +SSL_use_certificate_file() loads the certificate from file into ssl. +See the NOTES section on why SSL_CTX_use_certificate_chain_file() +should be preferred.

    +

    SSL_CTX_use_certificate_chain_file() loads a certificate chain from +file into ctx. The certificates must be in PEM format and must +be sorted starting with the subject's certificate (actual client or server +certificate), followed by intermediate CA certificates if applicable, and +ending at the highest level (root) CA. SSL_use_certificate_chain_file() is +similar except it loads the certificate chain into ssl.

    +

    SSL_CTX_use_PrivateKey() adds pkey as private key to ctx. +SSL_CTX_use_RSAPrivateKey() adds the private key rsa of type RSA +to ctx. SSL_use_PrivateKey() adds pkey as private key to ssl; +SSL_use_RSAPrivateKey() adds rsa as private key of type RSA to ssl. +If a certificate has already been set and the private does not belong +to the certificate an error is returned. To change a certificate, private +key pair the new certificate needs to be set with SSL_use_certificate() +or SSL_CTX_use_certificate() before setting the private key with +SSL_CTX_use_PrivateKey() or SSL_use_PrivateKey().

    +

    SSL_CTX_use_cert_and_key() and SSL_use_cert_and_key() assign the X.509 +certificate x, private key key, and certificate chain onto the +corresponding ssl or ctx. The pkey argument must be the private +key of the X.509 certificate x. If the override argument is 0, then +x, pkey and chain are set only if all were not previously set. +If override is non-0, then the certificate, private key and chain certs +are always set. If pkey is NULL, then the public key of x is used as +the private key. This is intended to be used with hardware (via the ENGINE +interface) that stores the private key securely, such that it cannot be +accessed by OpenSSL. The reference count of the public key is incremented +(twice if there is no private key); it is not copied nor duplicated. This +allows all private key validations checks to succeed without an actual +private key being assigned via SSL_CTX_use_PrivateKey(), etc.

    +

    SSL_CTX_use_PrivateKey_ASN1() adds the private key of type pk +stored at memory location d (length len) to ctx. +SSL_CTX_use_RSAPrivateKey_ASN1() adds the private key of type RSA +stored at memory location d (length len) to ctx. +SSL_use_PrivateKey_ASN1() and SSL_use_RSAPrivateKey_ASN1() add the private +key to ssl.

    +

    SSL_CTX_use_PrivateKey_file() adds the first private key found in +file to ctx. The formatting type of the private key must be specified +from the known types SSL_FILETYPE_PEM, SSL_FILETYPE_ASN1. +SSL_CTX_use_RSAPrivateKey_file() adds the first private RSA key found in +file to ctx. SSL_use_PrivateKey_file() adds the first private key found +in file to ssl; SSL_use_RSAPrivateKey_file() adds the first private +RSA key found to ssl.

    +

    SSL_CTX_check_private_key() checks the consistency of a private key with +the corresponding certificate loaded into ctx. If more than one +key/certificate pair (RSA/DSA) is installed, the last item installed will +be checked. If e.g. the last item was a RSA certificate or key, the RSA +key/certificate pair will be checked. SSL_check_private_key() performs +the same check for ssl. If no key/certificate was explicitly added for +this ssl, the last item added into ctx will be checked.

    +

    +

    +
    +

    NOTES

    +

    The internal certificate store of OpenSSL can hold several private +key/certificate pairs at a time. The certificate used depends on the +cipher selected, see also SSL_CTX_set_cipher_list(3).

    +

    When reading certificates and private keys from file, files of type +SSL_FILETYPE_ASN1 (also known as DER, binary encoding) can only contain +one certificate or private key, consequently +SSL_CTX_use_certificate_chain_file() is only applicable to PEM formatting. +Files of type SSL_FILETYPE_PEM can contain more than one item.

    +

    SSL_CTX_use_certificate_chain_file() adds the first certificate found +in the file to the certificate store. The other certificates are added +to the store of chain certificates using SSL_CTX_add1_chain_cert(3). Note: versions of OpenSSL before 1.0.2 only had a single +certificate chain store for all certificate types, OpenSSL 1.0.2 and later +have a separate chain store for each type. SSL_CTX_use_certificate_chain_file() +should be used instead of the SSL_CTX_use_certificate_file() function in order +to allow the use of complete certificate chains even when no trusted CA +storage is used or when the CA issuing the certificate shall not be added to +the trusted CA storage.

    +

    If additional certificates are needed to complete the chain during the +TLS negotiation, CA certificates are additionally looked up in the +locations of trusted CA certificates, see +SSL_CTX_load_verify_locations(3).

    +

    The private keys loaded from file can be encrypted. In order to successfully +load encrypted keys, a function returning the passphrase must have been +supplied, see +SSL_CTX_set_default_passwd_cb(3). +(Certificate files might be encrypted as well from the technical point +of view, it however does not make sense as the data in the certificate +is considered public anyway.)

    +

    All of the functions to set a new certificate will replace any existing +certificate of the same type that has already been set. Similarly all of the +functions to set a new private key will replace any private key that has already +been set. Applications should call SSL_CTX_check_private_key(3) or +SSL_check_private_key(3) as appropriate after loading a new certificate and +private key to confirm that the certificate and key match.

    +

    +

    +
    +

    RETURN VALUES

    +

    On success, the functions return 1. +Otherwise check out the error stack to find out the reason.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_new(3), SSL_clear(3), +SSL_CTX_load_verify_locations(3), +SSL_CTX_set_default_passwd_cb(3), +SSL_CTX_set_cipher_list(3), +SSL_CTX_set_client_CA_list(3), +SSL_CTX_set_client_cert_cb(3), +SSL_CTX_add_extra_chain_cert(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_use_psk_identity_hint.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_use_psk_identity_hint.html new file mode 100755 index 0000000..e5f212e --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_use_psk_identity_hint.html @@ -0,0 +1,181 @@ + + + + +SSL_CTX_use_psk_identity_hint + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_psk_server_cb_func, +SSL_psk_find_session_cb_func, +SSL_CTX_use_psk_identity_hint, +SSL_use_psk_identity_hint, +SSL_CTX_set_psk_server_callback, +SSL_set_psk_server_callback, +SSL_CTX_set_psk_find_session_callback, +SSL_set_psk_find_session_callback +- set PSK identity hint to use

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + typedef int (*SSL_psk_find_session_cb_func)(SSL *ssl,
+                                             const unsigned char *identity,
+                                             size_t identity_len,
+                                             SSL_SESSION **sess);
    +
    + void SSL_CTX_set_psk_find_session_callback(SSL_CTX *ctx,
+                                            SSL_psk_find_session_cb_func cb);
+ void SSL_set_psk_find_session_callback(SSL *s, SSL_psk_find_session_cb_func cb);
    +
    + typedef unsigned int (*SSL_psk_server_cb_func)(SSL *ssl,
+                                                const char *identity,
+                                                unsigned char *psk,
+                                                unsigned int max_psk_len);
    +
    + int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *hint);
+ int SSL_use_psk_identity_hint(SSL *ssl, const char *hint);
    +
    + void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb);
+ void SSL_set_psk_server_callback(SSL *ssl, SSL_psk_server_cb_func cb);
    +

    +

    +
    +

    DESCRIPTION

    +

    A server application wishing to use TLSv1.3 PSKs should set a callback +using either SSL_CTX_set_psk_find_session_callback() or +SSL_set_psk_find_session_callback() as appropriate.

    +

    The callback function is given a pointer to the SSL connection in ssl and +an identity in identity of length identity_len. The callback function +should identify an SSL_SESSION object that provides the PSK details and store it +in *sess. The SSL_SESSION object should, as a minimum, set the master key, +the ciphersuite and the protocol version. See +SSL_CTX_set_psk_use_session_callback(3) for details.

    +

    It is also possible for the callback to succeed but not supply a PSK. In this +case no PSK will be used but the handshake will continue. To do this the +callback should return successfully and ensure that *sess is +NULL.

    +

    Identity hints are not relevant for TLSv1.3. A server application wishing to use +PSK ciphersuites for TLSv1.2 and below may call SSL_CTX_use_psk_identity_hint() +to set the given NUL-terminated PSK identity hint hint for SSL context +object ctx. SSL_use_psk_identity_hint() sets the given NUL-terminated PSK +identity hint hint for the SSL connection object ssl. If hint is +NULL the current hint from ctx or ssl is deleted.

    +

    In the case where PSK identity hint is NULL, the server does not send the +ServerKeyExchange message to the client.

    +

    A server application wishing to use PSKs for TLSv1.2 and below must provide a +callback function which is called when the server receives the +ClientKeyExchange message from the client. The purpose of the callback function +is to validate the received PSK identity and to fetch the pre-shared key used +during the connection setup phase. The callback is set using the functions +SSL_CTX_set_psk_server_callback() or SSL_set_psk_server_callback(). The callback +function is given the connection in parameter ssl, NUL-terminated PSK +identity sent by the client in parameter identity, and a buffer psk of +length max_psk_len bytes where the pre-shared key is to be stored.

    +

    The callback for use in TLSv1.2 will also work in TLSv1.3 although it is +recommended to use SSL_CTX_set_psk_find_session_callback() +or SSL_set_psk_find_session_callback() for this purpose instead. If TLSv1.3 has +been negotiated then OpenSSL will first check to see if a callback has been set +via SSL_CTX_set_psk_find_session_callback() or SSL_set_psk_find_session_callback() +and it will use that in preference. If no such callback is present then it will +check to see if a callback has been set via SSL_CTX_set_psk_server_callback() or +SSL_set_psk_server_callback() and use that. In this case the handshake digest +will default to SHA-256 for any returned PSK.

    +

    A connection established via a TLSv1.3 PSK will appear as if session resumption +has occurred so that SSL_session_reused(3) will return true.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_use_psk_identity_hint() and SSL_use_psk_identity_hint() return +1 on success, 0 otherwise.

    +

    Return values from the TLSv1.2 and below server callback are interpreted as +follows:

    +
      +
    1. +

      PSK identity was not found. An "unknown_psk_identity" alert message +will be sent and the connection setup fails.

      + +
      >0
      + +
      +

      PSK identity was found and the server callback has provided the PSK +successfully in parameter psk. Return value is the length of +psk in bytes. It is an error to return a value greater than +max_psk_len.

      +

      If the PSK identity was not found but the callback instructs the +protocol to continue anyway, the callback must provide some random +data to psk and return the length of the random data, so the +connection will fail with decryption_error before it will be finished +completely.

      +
      2. +
    +

    The SSL_psk_find_session_cb_func callback should return 1 on success or 0 on +failure. In the event of failure the connection setup fails.

    +

    +

    +
    +

    NOTES

    +

    There are no known security issues with sharing the same PSK between TLSv1.2 (or +below) and TLSv1.3. However the RFC has this note of caution:

    +

    "While there is no known way in which the same PSK might produce related output +in both versions, only limited analysis has been done. Implementations can +ensure safety from cross-protocol related output by not reusing PSKs between +TLS 1.3 and TLS 1.2."

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_CTX_set_psk_use_session_callback(3), +SSL_set_psk_use_session_callback(3)

    +

    +

    +
    +

    HISTORY

    +

    SSL_CTX_set_psk_find_session_callback() and SSL_set_psk_find_session_callback() +were added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_use_serverinfo.html b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_use_serverinfo.html new file mode 100755 index 0000000..2da93e7 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_CTX_use_serverinfo.html @@ -0,0 +1,118 @@ + + + + +SSL_CTX_use_serverinfo + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_use_serverinfo_ex, +SSL_CTX_use_serverinfo, +SSL_CTX_use_serverinfo_file +- use serverinfo extension

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_CTX_use_serverinfo_ex(SSL_CTX *ctx, unsigned int version,
+                               const unsigned char *serverinfo,
+                               size_t serverinfo_length);
    +
    + int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo,
+                            size_t serverinfo_length);
    +
    + int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file);
    +

    +

    +
    +

    DESCRIPTION

    +

    These functions load "serverinfo" TLS extensions into the SSL_CTX. A +"serverinfo" extension is returned in response to an empty ClientHello +Extension.

    +

    SSL_CTX_use_serverinfo_ex() loads one or more serverinfo extensions from +a byte array into ctx. The version parameter specifies the format of the +byte array provided in *serverinfo which is of length serverinfo_length.

    +

    If version is SSL_SERVERINFOV2 then the extensions in the array must +consist of a 4-byte context, a 2-byte Extension Type, a 2-byte length, and then +length bytes of extension_data. The context and type values have the same +meaning as for SSL_CTX_add_custom_ext(3). If serverinfo is being loaded for +extensions to be added to a Certificate message, then the extension will only +be added for the first certificate in the message (which is always the +end-entity certificate).

    +

    If version is SSL_SERVERINFOV1 then the extensions in the array must +consist of a 2-byte Extension Type, a 2-byte length, and then length bytes of +extension_data. The type value has the same meaning as for +SSL_CTX_add_custom_ext(3). The following default context value will be used +in this case:

    +
    + SSL_EXT_TLS1_2_AND_BELOW_ONLY | SSL_EXT_CLIENT_HELLO
+ | SSL_EXT_TLS1_2_SERVER_HELLO | SSL_EXT_IGNORE_ON_RESUMPTION
    +

    SSL_CTX_use_serverinfo() does the same thing as SSL_CTX_use_serverinfo_ex() +except that there is no version parameter so a default version of +SSL_SERVERINFOV1 is used instead.

    +

    SSL_CTX_use_serverinfo_file() loads one or more serverinfo extensions from +file into ctx. The extensions must be in PEM format. Each extension +must be in a format as described above for SSL_CTX_use_serverinfo_ex(). Each +PEM extension name must begin with the phrase "BEGIN SERVERINFOV2 FOR " for +SSL_SERVERINFOV2 data or "BEGIN SERVERINFO FOR " for SSL_SERVERINFOV1 data.

    +

    If more than one certificate (RSA/DSA) is installed using +SSL_CTX_use_certificate(), the serverinfo extension will be loaded into the +last certificate installed. If e.g. the last item was a RSA certificate, the +loaded serverinfo extension data will be loaded for that certificate. To +use the serverinfo extension for multiple certificates, +SSL_CTX_use_serverinfo() needs to be called multiple times, once after +each time a certificate is loaded via a call to SSL_CTX_use_certificate().

    +

    +

    +
    +

    RETURN VALUES

    +

    On success, the functions return 1. +On failure, the functions return 0. Check out the error stack to find out +the reason.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2013-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_SESSION_free.html b/linux_amd64/share/doc/openssl/html/man3/SSL_SESSION_free.html new file mode 100755 index 0000000..429a869 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_SESSION_free.html @@ -0,0 +1,123 @@ + + + + +SSL_SESSION_free + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_SESSION_new, +SSL_SESSION_dup, +SSL_SESSION_up_ref, +SSL_SESSION_free - create, free and manage SSL_SESSION structures

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + SSL_SESSION *SSL_SESSION_new(void);
+ SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src);
+ int SSL_SESSION_up_ref(SSL_SESSION *ses);
+ void SSL_SESSION_free(SSL_SESSION *session);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_SESSION_new() creates a new SSL_SESSION structure and returns a pointer to +it.

    +

    SSL_SESSION_dup() copies the contents of the SSL_SESSION structure in src +and returns a pointer to it.

    +

    SSL_SESSION_up_ref() increments the reference count on the given SSL_SESSION +structure.

    +

    SSL_SESSION_free() decrements the reference count of session and removes +the SSL_SESSION structure pointed to by session and frees up the allocated +memory, if the reference count has reached 0. +If session is NULL nothing is done.

    +

    +

    +
    +

    NOTES

    +

    SSL_SESSION objects are allocated, when a TLS/SSL handshake operation +is successfully completed. Depending on the settings, see +SSL_CTX_set_session_cache_mode(3), +the SSL_SESSION objects are internally referenced by the SSL_CTX and +linked into its session cache. SSL objects may be using the SSL_SESSION object; +as a session may be reused, several SSL objects may be using one SSL_SESSION +object at the same time. It is therefore crucial to keep the reference +count (usage information) correct and not delete a SSL_SESSION object +that is still used, as this may lead to program failures due to +dangling pointers. These failures may also appear delayed, e.g. +when an SSL_SESSION object was completely freed as the reference count +incorrectly became 0, but it is still referenced in the internal +session cache and the cache list is processed during a +SSL_CTX_flush_sessions(3) operation.

    +

    SSL_SESSION_free() must only be called for SSL_SESSION objects, for +which the reference count was explicitly incremented (e.g. +by calling SSL_get1_session(), see SSL_get_session(3)) +or when the SSL_SESSION object was generated outside a TLS handshake +operation, e.g. by using d2i_SSL_SESSION(3). +It must not be called on other SSL_SESSION objects, as this would cause +incorrect reference counts and therefore program failures.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_SESSION_new returns a pointer to the newly allocated SSL_SESSION structure +or NULL on error.

    +

    SSL_SESSION_up_ref returns 1 on success or 0 on error.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_get_session(3), +SSL_CTX_set_session_cache_mode(3), +SSL_CTX_flush_sessions(3), +d2i_SSL_SESSION(3)

    +

    +

    +
    +

    HISTORY

    +

    The SSL_SESSION_dup() function was added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_SESSION_get0_cipher.html b/linux_amd64/share/doc/openssl/html/man3/SSL_SESSION_get0_cipher.html new file mode 100755 index 0000000..c6b867c --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_SESSION_get0_cipher.html @@ -0,0 +1,94 @@ + + + + +SSL_SESSION_get0_cipher + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_SESSION_get0_cipher, +SSL_SESSION_set_cipher +- set and retrieve the SSL cipher associated with a session

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *s);
+ int SSL_SESSION_set_cipher(SSL_SESSION *s, const SSL_CIPHER *cipher);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_SESSION_get0_cipher() retrieves the cipher that was used by the +connection when the session was created, or NULL if it cannot be determined.

    +

    The value returned is a pointer to an object maintained within s and +should not be released.

    +

    SSL_SESSION_set_cipher() can be used to set the ciphersuite associated with the +SSL_SESSION s to cipher. For example, this could be used to set up a +session based PSK (see SSL_CTX_set_psk_use_session_callback(3)).

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_SESSION_get0_cipher() returns the SSL_CIPHER associated with the SSL_SESSION +or NULL if it cannot be determined.

    +

    SSL_SESSION_set_cipher() returns 1 on success or 0 on failure.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +d2i_SSL_SESSION(3), +SSL_SESSION_get_time(3), +SSL_SESSION_get0_hostname(3), +SSL_SESSION_free(3), +SSL_CTX_set_psk_use_session_callback(3)

    +

    +

    +
    +

    HISTORY

    +

    The SSL_SESSION_get0_cipher() function was added in OpenSSL 1.1.0. +The SSL_SESSION_set_cipher() function was added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_SESSION_get0_hostname.html b/linux_amd64/share/doc/openssl/html/man3/SSL_SESSION_get0_hostname.html new file mode 100755 index 0000000..3f91b69 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_SESSION_get0_hostname.html @@ -0,0 +1,110 @@ + + + + +SSL_SESSION_get0_hostname + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_SESSION_get0_hostname, +SSL_SESSION_set1_hostname, +SSL_SESSION_get0_alpn_selected, +SSL_SESSION_set1_alpn_selected +- get and set SNI and ALPN data associated with a session

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s);
+ int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname);
    +
    + void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s,
+                                     const unsigned char **alpn,
+                                     size_t *len);
+ int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s, const unsigned char *alpn,
+                                    size_t len);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_SESSION_get0_hostname() retrieves the SNI value that was sent by the +client when the session was created if it was accepted by the server and TLSv1.2 +or below was negotiated. Otherwise NULL is returned. Note that in TLSv1.3 the +SNI hostname is negotiated with each handshake including resumption handshakes +and is therefore never associated with the session.

    +

    The value returned is a pointer to memory maintained within s and +should not be free'd.

    +

    SSL_SESSION_set1_hostname() sets the SNI value for the hostname to a copy of +the string provided in hostname.

    +

    SSL_SESSION_get0_alpn_selected() retrieves the selected ALPN protocol for this +session and its associated length in bytes. The returned value of *alpn is a +pointer to memory maintained within s and should not be free'd.

    +

    SSL_SESSION_set1_alpn_selected() sets the ALPN protocol for this session to the +value in alpn which should be of length len bytes. A copy of the input +value is made, and the caller retains ownership of the memory pointed to by +alpn.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_SESSION_get0_hostname() returns either a string or NULL based on if there +is the SNI value sent by client.

    +

    SSL_SESSION_set1_hostname() returns 1 on success or 0 on error.

    +

    SSL_SESSION_set1_alpn_selected() returns 1 on success or 0 on error.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +d2i_SSL_SESSION(3), +SSL_SESSION_get_time(3), +SSL_SESSION_free(3)

    +

    +

    +
    +

    HISTORY

    +

    The SSL_SESSION_set1_hostname(), SSL_SESSION_get0_alpn_selected() and +SSL_SESSION_set1_alpn_selected() functions were added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_SESSION_get0_id_context.html b/linux_amd64/share/doc/openssl/html/man3/SSL_SESSION_get0_id_context.html new file mode 100755 index 0000000..dfe0b01 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_SESSION_get0_id_context.html @@ -0,0 +1,92 @@ + + + + +SSL_SESSION_get0_id_context + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_SESSION_get0_id_context, +SSL_SESSION_set1_id_context +- get and set the SSL ID context associated with a session

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s,
+                                                  unsigned int *len)
+ int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx,
+                                unsigned int sid_ctx_len);
    +

    +

    +
    +

    DESCRIPTION

    +

    See SSL_CTX_set_session_id_context(3) for further details on session ID +contexts.

    +

    SSL_SESSION_get0_id_context() returns the ID context associated with +the SSL/TLS session s. The length of the ID context is written to +*len if len is not NULL.

    +

    The value returned is a pointer to an object maintained within s and +should not be released.

    +

    SSL_SESSION_set1_id_context() takes a copy of the provided ID context given in +sid_ctx and associates it with the session s. The length of the ID context +is given by sid_ctx_len which must not exceed SSL_MAX_SID_CTX_LENGTH bytes.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_SESSION_set1_id_context() returns 1 on success or 0 on error.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_set_session_id_context(3)

    +

    +

    +
    +

    HISTORY

    +

    The SSL_SESSION_get0_id_context() function was added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_SESSION_get0_peer.html b/linux_amd64/share/doc/openssl/html/man3/SSL_SESSION_get0_peer.html new file mode 100755 index 0000000..49f3944 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_SESSION_get0_peer.html @@ -0,0 +1,75 @@ + + + + +SSL_SESSION_get0_peer + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_SESSION_get0_peer +- get details about peer's certificate for a session

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + X509 *SSL_SESSION_get0_peer(SSL_SESSION *s);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_SESSION_get0_peer() returns the peer certificate associated with the session +s or NULL if no peer certificate is available. The caller should not free the +returned value (unless X509_up_ref(3) has also been called).

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_SESSION_get0_peer() returns a pointer to the peer certificate or NULL if +no peer certificate is available.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_SESSION_get_compress_id.html b/linux_amd64/share/doc/openssl/html/man3/SSL_SESSION_get_compress_id.html new file mode 100755 index 0000000..93587a2 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_SESSION_get_compress_id.html @@ -0,0 +1,76 @@ + + + + +SSL_SESSION_get_compress_id + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_SESSION_get_compress_id +- get details about the compression associated with a session

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s);
    +

    +

    +
    +

    DESCRIPTION

    +

    If compression has been negotiated for an ssl session then +SSL_SESSION_get_compress_id() will return the id for the compression method or +0 otherwise. The only built-in supported compression method is zlib which has an +id of 1.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_SESSION_get_compress_id() returns the id of the compression method or 0 if +none.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_SESSION_get_protocol_version.html b/linux_amd64/share/doc/openssl/html/man3/SSL_SESSION_get_protocol_version.html new file mode 100755 index 0000000..9f484f8 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_SESSION_get_protocol_version.html @@ -0,0 +1,92 @@ + + + + +SSL_SESSION_get_protocol_version + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_SESSION_get_protocol_version, +SSL_SESSION_set_protocol_version +- get and set the session protocol version

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_SESSION_get_protocol_version(const SSL_SESSION *s);
+ int SSL_SESSION_set_protocol_version(SSL_SESSION *s, int version);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_SESSION_get_protocol_version() returns the protocol version number used +by session s.

    +

    SSL_SESSION_set_protocol_version() sets the protocol version associated with the +SSL_SESSION object s to the value version. This value should be a version +constant such as TLS1_3_VERSION etc. For example, this could be used to set +up a session based PSK (see SSL_CTX_set_psk_use_session_callback(3)).

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_SESSION_get_protocol_version() returns a number indicating the protocol +version used for the session; this number matches the constants e.g. +TLS1_VERSION, TLS1_2_VERSION or TLS1_3_VERSION.

    +

    Note that the SSL_SESSION_get_protocol_version() function +does not perform a null check on the provided session s pointer.

    +

    SSL_SESSION_set_protocol_version() returns 1 on success or 0 on failure.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_CTX_set_psk_use_session_callback(3)

    +

    +

    +
    +

    HISTORY

    +

    The SSL_SESSION_get_protocol_version() function was added in OpenSSL 1.1.0. +The SSL_SESSION_set_protocol_version() function was added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_SESSION_get_time.html b/linux_amd64/share/doc/openssl/html/man3/SSL_SESSION_get_time.html new file mode 100755 index 0000000..cc4e4b9 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_SESSION_get_time.html @@ -0,0 +1,109 @@ + + + + +SSL_SESSION_get_time + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_SESSION_get_time, SSL_SESSION_set_time, SSL_SESSION_get_timeout, +SSL_SESSION_set_timeout, +SSL_get_time, SSL_set_time, SSL_get_timeout, SSL_set_timeout +- retrieve and manipulate session time and timeout settings

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + long SSL_SESSION_get_time(const SSL_SESSION *s);
+ long SSL_SESSION_set_time(SSL_SESSION *s, long tm);
+ long SSL_SESSION_get_timeout(const SSL_SESSION *s);
+ long SSL_SESSION_set_timeout(SSL_SESSION *s, long tm);
    +
    + long SSL_get_time(const SSL_SESSION *s);
+ long SSL_set_time(SSL_SESSION *s, long tm);
+ long SSL_get_timeout(const SSL_SESSION *s);
+ long SSL_set_timeout(SSL_SESSION *s, long tm);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_SESSION_get_time() returns the time at which the session s was +established. The time is given in seconds since the Epoch and therefore +compatible to the time delivered by the time() call.

    +

    SSL_SESSION_set_time() replaces the creation time of the session s with +the chosen value tm.

    +

    SSL_SESSION_get_timeout() returns the timeout value set for session s +in seconds.

    +

    SSL_SESSION_set_timeout() sets the timeout value for session s in seconds +to tm.

    +

    The SSL_get_time(), SSL_set_time(), SSL_get_timeout(), and SSL_set_timeout() +functions are synonyms for the SSL_SESSION_*() counterparts.

    +

    +

    +
    +

    NOTES

    +

    Sessions are expired by examining the creation time and the timeout value. +Both are set at creation time of the session to the actual time and the +default timeout value at creation, respectively, as set by +SSL_CTX_set_timeout(3). +Using these functions it is possible to extend or shorten the lifetime +of the session.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_SESSION_get_time() and SSL_SESSION_get_timeout() return the currently +valid values.

    +

    SSL_SESSION_set_time() and SSL_SESSION_set_timeout() return 1 on success.

    +

    If any of the function is passed the NULL pointer for the session s, +0 is returned.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_CTX_set_timeout(3), +SSL_get_default_timeout(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_SESSION_has_ticket.html b/linux_amd64/share/doc/openssl/html/man3/SSL_SESSION_has_ticket.html new file mode 100755 index 0000000..6b63c6b --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_SESSION_has_ticket.html @@ -0,0 +1,95 @@ + + + + +SSL_SESSION_has_ticket + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_SESSION_get0_ticket, +SSL_SESSION_has_ticket, SSL_SESSION_get_ticket_lifetime_hint +- get details about the ticket associated with a session

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_SESSION_has_ticket(const SSL_SESSION *s);
+ unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s);
+ void SSL_SESSION_get0_ticket(const SSL_SESSION *s, const unsigned char **tick,
+                              size_t *len);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_SESSION_has_ticket() returns 1 if there is a Session Ticket associated with +this session, and 0 otherwise.

    +

    SSL_SESSION_get_ticket_lifetime_hint returns the lifetime hint in seconds +associated with the session ticket.

    +

    SSL_SESSION_get0_ticket obtains a pointer to the ticket associated with a +session. The length of the ticket is written to *len. If tick is non +NULL then a pointer to the ticket is written to *tick. The pointer is only +valid while the connection is in use. The session (and hence the ticket pointer) +may also become invalid as a result of a call to SSL_CTX_flush_sessions().

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_SESSION_has_ticket() returns 1 if session ticket exists or 0 otherwise.

    +

    SSL_SESSION_get_ticket_lifetime_hint() returns the number of seconds.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +d2i_SSL_SESSION(3), +SSL_SESSION_get_time(3), +SSL_SESSION_free(3)

    +

    +

    +
    +

    HISTORY

    +

    The SSL_SESSION_has_ticket(), SSL_SESSION_get_ticket_lifetime_hint() +and SSL_SESSION_get0_ticket() functions were added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_SESSION_is_resumable.html b/linux_amd64/share/doc/openssl/html/man3/SSL_SESSION_is_resumable.html new file mode 100755 index 0000000..315d4c3 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_SESSION_is_resumable.html @@ -0,0 +1,83 @@ + + + + +SSL_SESSION_is_resumable + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_SESSION_is_resumable +- determine whether an SSL_SESSION object can be used for resumption

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_SESSION_is_resumable(const SSL_SESSION *s);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_SESSION_is_resumable() determines whether an SSL_SESSION object can be used +to resume a session or not. Returns 1 if it can or 0 if not. Note that +attempting to resume with a non-resumable session will result in a full +handshake.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_SESSION_is_resumable() returns 1 if the session is resumable or 0 otherwise.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_get_session(3), +SSL_CTX_sess_set_new_cb(3)

    +

    +

    +
    +

    HISTORY

    +

    The SSL_SESSION_is_resumable() function was added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_SESSION_print.html b/linux_amd64/share/doc/openssl/html/man3/SSL_SESSION_print.html new file mode 100755 index 0000000..4c9663a --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_SESSION_print.html @@ -0,0 +1,82 @@ + + + + +SSL_SESSION_print + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_SESSION_print, +SSL_SESSION_print_fp, +SSL_SESSION_print_keylog +- printf information about a session

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses);
+ int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses);
+ int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_SESSION_print() prints summary information about the session provided in +ses to the BIO fp.

    +

    SSL_SESSION_print_fp() does the same as SSL_SESSION_print() except it prints it +to the FILE fp.

    +

    SSL_SESSION_print_keylog() prints session information to the provided BIO <bp> +in NSS keylog format.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_SESSION_print(), SSL_SESSION_print_fp() and SSL_SESSION_print_keylog return +1 on success or 0 on error.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_SESSION_set1_id.html b/linux_amd64/share/doc/openssl/html/man3/SSL_SESSION_set1_id.html new file mode 100755 index 0000000..56acfa9 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_SESSION_set1_id.html @@ -0,0 +1,88 @@ + + + + +SSL_SESSION_set1_id + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_SESSION_get_id, +SSL_SESSION_set1_id +- get and set the SSL session ID

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s,
+                                         unsigned int *len)
+ int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid,
+                         unsigned int sid_len);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_SESSION_get_id() returns a pointer to the internal session id value for the +session s. The length of the id in bytes is stored in *len. The length may +be 0. The caller should not free the returned pointer directly.

    +

    SSL_SESSION_set1_id() sets the session ID for the ssl SSL/TLS session +to sid of length sid_len.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_SESSION_get_id() returns a pointer to the session id value. +SSL_SESSION_set1_id() returns 1 for success and 0 for failure, for example +if the supplied session ID length exceeds SSL_MAX_SSL_SESSION_ID_LENGTH.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7)

    +

    +

    +
    +

    HISTORY

    +

    The SSL_SESSION_set1_id() function was added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_accept.html b/linux_amd64/share/doc/openssl/html/man3/SSL_accept.html new file mode 100755 index 0000000..4e19911 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_accept.html @@ -0,0 +1,116 @@ + + + + +SSL_accept + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_accept - wait for a TLS/SSL client to initiate a TLS/SSL handshake

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_accept(SSL *ssl);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_accept() waits for a TLS/SSL client to initiate the TLS/SSL handshake. +The communication channel must already have been set and assigned to the +ssl by setting an underlying BIO.

    +

    +

    +
    +

    NOTES

    +

    The behaviour of SSL_accept() depends on the underlying BIO.

    +

    If the underlying BIO is blocking, SSL_accept() will only return once the +handshake has been finished or an error occurred.

    +

    If the underlying BIO is non-blocking, SSL_accept() will also return +when the underlying BIO could not satisfy the needs of SSL_accept() +to continue the handshake, indicating the problem by the return value -1. +In this case a call to SSL_get_error() with the +return value of SSL_accept() will yield SSL_ERROR_WANT_READ or +SSL_ERROR_WANT_WRITE. The calling process then must repeat the call after +taking appropriate action to satisfy the needs of SSL_accept(). +The action depends on the underlying BIO. When using a non-blocking socket, +nothing is to be done, but select() can be used to check for the required +condition. When using a buffering BIO, like a BIO pair, data must be written +into or retrieved out of the BIO before being able to continue.

    +

    +

    +
    +

    RETURN VALUES

    +

    The following return values can occur:

    +
      +
    1. +

      The TLS/SSL handshake was not successful but was shut down controlled and +by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the +return value ret to find out the reason.

      +
      2. +
    2. +

      The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been +established.

      + +
      <0
      + +
      +

      The TLS/SSL handshake was not successful because a fatal error occurred either +at the protocol level or a connection failure occurred. The shutdown was +not clean. It can also occur of action is need to continue the operation +for non-blocking BIOs. Call SSL_get_error() with the return value ret +to find out the reason.

      +
      3. +
    +

    +

    +
    +

    SEE ALSO

    +

    SSL_get_error(3), SSL_connect(3), +SSL_shutdown(3), ssl(7), bio(7), +SSL_set_connect_state(3), +SSL_do_handshake(3), +SSL_CTX_new(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_alert_type_string.html b/linux_amd64/share/doc/openssl/html/man3/SSL_alert_type_string.html new file mode 100755 index 0000000..aec8b5c --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_alert_type_string.html @@ -0,0 +1,298 @@ + + + + +SSL_alert_type_string + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_alert_type_string, SSL_alert_type_string_long, SSL_alert_desc_string, SSL_alert_desc_string_long - get textual description of alert information

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + const char *SSL_alert_type_string(int value);
+ const char *SSL_alert_type_string_long(int value);
    +
    + const char *SSL_alert_desc_string(int value);
+ const char *SSL_alert_desc_string_long(int value);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_alert_type_string() returns a one letter string indicating the +type of the alert specified by value.

    +

    SSL_alert_type_string_long() returns a string indicating the type of the alert +specified by value.

    +

    SSL_alert_desc_string() returns a two letter string as a short form +describing the reason of the alert specified by value.

    +

    SSL_alert_desc_string_long() returns a string describing the reason +of the alert specified by value.

    +

    +

    +
    +

    NOTES

    +

    When one side of an SSL/TLS communication wants to inform the peer about +a special situation, it sends an alert. The alert is sent as a special message +and does not influence the normal data stream (unless its contents results +in the communication being canceled).

    +

    A warning alert is sent, when a non-fatal error condition occurs. The +"close notify" alert is sent as a warning alert. Other examples for +non-fatal errors are certificate errors ("certificate expired", +"unsupported certificate"), for which a warning alert may be sent. +(The sending party may however decide to send a fatal error.) The +receiving side may cancel the connection on reception of a warning +alert on it discretion.

    +

    Several alert messages must be sent as fatal alert messages as specified +by the TLS RFC. A fatal alert always leads to a connection abort.

    +

    +

    +
    +

    RETURN VALUES

    +

    The following strings can occur for SSL_alert_type_string() or +SSL_alert_type_string_long():

    +
    +
    "W"/"warning"
    + +
    "F"/"fatal"
    + +
    "U"/"unknown"
    + +
    +

    This indicates that no support is available for this alert type. +Probably value does not contain a correct alert message.

    +
    +
    +

    The following strings can occur for SSL_alert_desc_string() or +SSL_alert_desc_string_long():

    +
    +
    "CN"/"close notify"
    + +
    +

    The connection shall be closed. This is a warning alert.

    +
    +
    "UM"/"unexpected message"
    + +
    +

    An inappropriate message was received. This alert is always fatal +and should never be observed in communication between proper +implementations.

    +
    +
    "BM"/"bad record mac"
    + +
    +

    This alert is returned if a record is received with an incorrect +MAC. This message is always fatal.

    +
    +
    "DF"/"decompression failure"
    + +
    +

    The decompression function received improper input (e.g. data +that would expand to excessive length). This message is always +fatal.

    +
    +
    "HF"/"handshake failure"
    + +
    +

    Reception of a handshake_failure alert message indicates that the +sender was unable to negotiate an acceptable set of security +parameters given the options available. This is a fatal error.

    +
    +
    "NC"/"no certificate"
    + +
    +

    A client, that was asked to send a certificate, does not send a certificate +(SSLv3 only).

    +
    +
    "BC"/"bad certificate"
    + +
    +

    A certificate was corrupt, contained signatures that did not +verify correctly, etc

    +
    +
    "UC"/"unsupported certificate"
    + +
    +

    A certificate was of an unsupported type.

    +
    +
    "CR"/"certificate revoked"
    + +
    +

    A certificate was revoked by its signer.

    +
    +
    "CE"/"certificate expired"
    + +
    +

    A certificate has expired or is not currently valid.

    +
    +
    "CU"/"certificate unknown"
    + +
    +

    Some other (unspecified) issue arose in processing the +certificate, rendering it unacceptable.

    +
    +
    "IP"/"illegal parameter"
    + +
    +

    A field in the handshake was out of range or inconsistent with +other fields. This is always fatal.

    +
    +
    "DC"/"decryption failed"
    + +
    +

    A TLSCiphertext decrypted in an invalid way: either it wasn't an +even multiple of the block length or its padding values, when +checked, weren't correct. This message is always fatal.

    +
    +
    "RO"/"record overflow"
    + +
    +

    A TLSCiphertext record was received which had a length more than +2^14+2048 bytes, or a record decrypted to a TLSCompressed record +with more than 2^14+1024 bytes. This message is always fatal.

    +
    +
    "CA"/"unknown CA"
    + +
    +

    A valid certificate chain or partial chain was received, but the +certificate was not accepted because the CA certificate could not +be located or couldn't be matched with a known, trusted CA. This +message is always fatal.

    +
    +
    "AD"/"access denied"
    + +
    +

    A valid certificate was received, but when access control was +applied, the sender decided not to proceed with negotiation. +This message is always fatal.

    +
    +
    "DE"/"decode error"
    + +
    +

    A message could not be decoded because some field was out of the +specified range or the length of the message was incorrect. This +message is always fatal.

    +
    +
    "CY"/"decrypt error"
    + +
    +

    A handshake cryptographic operation failed, including being +unable to correctly verify a signature, decrypt a key exchange, +or validate a finished message.

    +
    +
    "ER"/"export restriction"
    + +
    +

    A negotiation not in compliance with export restrictions was +detected; for example, attempting to transfer a 1024 bit +ephemeral RSA key for the RSA_EXPORT handshake method. This +message is always fatal.

    +
    +
    "PV"/"protocol version"
    + +
    +

    The protocol version the client has attempted to negotiate is +recognized, but not supported. (For example, old protocol +versions might be avoided for security reasons). This message is +always fatal.

    +
    +
    "IS"/"insufficient security"
    + +
    +

    Returned instead of handshake_failure when a negotiation has +failed specifically because the server requires ciphers more +secure than those supported by the client. This message is always +fatal.

    +
    +
    "IE"/"internal error"
    + +
    +

    An internal error unrelated to the peer or the correctness of the +protocol makes it impossible to continue (such as a memory +allocation failure). This message is always fatal.

    +
    +
    "US"/"user canceled"
    + +
    +

    This handshake is being canceled for some reason unrelated to a +protocol failure. If the user cancels an operation after the +handshake is complete, just closing the connection by sending a +close_notify is more appropriate. This alert should be followed +by a close_notify. This message is generally a warning.

    +
    +
    "NR"/"no renegotiation"
    + +
    +

    Sent by the client in response to a hello request or by the +server in response to a client hello after initial handshaking. +Either of these would normally lead to renegotiation; when that +is not appropriate, the recipient should respond with this alert; +at that point, the original requester can decide whether to +proceed with the connection. One case where this would be +appropriate would be where a server has spawned a process to +satisfy a request; the process might receive security parameters +(key length, authentication, etc.) at startup and it might be +difficult to communicate changes to these parameters after that +point. This message is always a warning.

    +
    +
    "UP"/"unknown PSK identity"
    + +
    +

    Sent by the server to indicate that it does not recognize a PSK +identity or an SRP identity.

    +
    +
    "UK"/"unknown"
    + +
    +

    This indicates that no description is available for this alert type. +Probably value does not contain a correct alert message.

    +
    +
    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_CTX_set_info_callback(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_alloc_buffers.html b/linux_amd64/share/doc/openssl/html/man3/SSL_alloc_buffers.html new file mode 100755 index 0000000..b18a975 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_alloc_buffers.html @@ -0,0 +1,101 @@ + + + + +SSL_alloc_buffers + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_free_buffers, SSL_alloc_buffers - manage SSL structure buffers

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_free_buffers(SSL *ssl);
+ int SSL_alloc_buffers(SSL *ssl);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_free_buffers() frees the read and write buffers of the given ssl. +SSL_alloc_buffers() allocates the read and write buffers of the given ssl.

    +

    The SSL_MODE_RELEASE_BUFFERS mode releases read or write buffers whenever +the buffers have been drained. These functions allow applications to manually +control when buffers are freed and allocated.

    +

    After freeing the buffers, the buffers are automatically reallocated upon a +new read or write. The SSL_alloc_buffers() does not need to be called, but +can be used to make sure the buffers are pre-allocated. This can be used to +avoid allocation during data processing or with CRYPTO_set_mem_functions() +to control where and how buffers are allocated.

    +

    +

    +
    +

    RETURN VALUES

    +

    The following return values can occur:

    +
      +
    1. (Failure) + +

      The SSL_free_buffers() function returns 0 when there is pending data to be +read or written. The SSL_alloc_buffers() function returns 0 when there is +an allocation failure.

      +
      2. +
    2. (Success) + +

      The SSL_free_buffers() function returns 1 if the buffers have been freed. This +value is also returned if the buffers had been freed before calling +SSL_free_buffers(). +The SSL_alloc_buffers() function returns 1 if the buffers have been allocated. +This value is also returned if the buffers had been allocated before calling +SSL_alloc_buffers().

      +
      3. +
    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_free(3), SSL_clear(3), +SSL_new(3), SSL_CTX_set_mode(3), +CRYPTO_set_mem_functions(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_check_chain.html b/linux_amd64/share/doc/openssl/html/man3/SSL_check_chain.html new file mode 100755 index 0000000..7c34064 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_check_chain.html @@ -0,0 +1,119 @@ + + + + +SSL_check_chain + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_check_chain - check certificate chain suitability

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_check_chain() checks whether certificate x, private key pk and +certificate chain chain is suitable for use with the current session +s.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_check_chain() returns a bitmap of flags indicating the validity of the +chain.

    +

    CERT_PKEY_VALID: the chain can be used with the current session. +If this flag is not set then the certificate will never be used even +if the application tries to set it because it is inconsistent with the +peer preferences.

    +

    CERT_PKEY_SIGN: the EE key can be used for signing.

    +

    CERT_PKEY_EE_SIGNATURE: the signature algorithm of the EE certificate is +acceptable.

    +

    CERT_PKEY_CA_SIGNATURE: the signature algorithms of all CA certificates +are acceptable.

    +

    CERT_PKEY_EE_PARAM: the parameters of the end entity certificate are +acceptable (e.g. it is a supported curve).

    +

    CERT_PKEY_CA_PARAM: the parameters of all CA certificates are acceptable.

    +

    CERT_PKEY_EXPLICIT_SIGN: the end entity certificate algorithm +can be used explicitly for signing (i.e. it is mentioned in the signature +algorithms extension).

    +

    CERT_PKEY_ISSUER_NAME: the issuer name is acceptable. This is only +meaningful for client authentication.

    +

    CERT_PKEY_CERT_TYPE: the certificate type is acceptable. Only meaningful +for client authentication.

    +

    CERT_PKEY_SUITEB: chain is suitable for Suite B use.

    +

    +

    +
    +

    NOTES

    +

    SSL_check_chain() must be called in servers after a client hello message or in +clients after a certificate request message. It will typically be called +in the certificate callback.

    +

    An application wishing to support multiple certificate chains may call this +function on each chain in turn: starting with the one it considers the +most secure. It could then use the chain of the first set which returns +suitable flags.

    +

    As a minimum the flag CERT_PKEY_VALID must be set for a chain to be +usable. An application supporting multiple chains with different CA signature +algorithms may also wish to check CERT_PKEY_CA_SIGNATURE too. If no +chain is suitable a server should fall back to the most secure chain which +sets CERT_PKEY_VALID.

    +

    The validity of a chain is determined by checking if it matches a supported +signature algorithm, supported curves and in the case of client authentication +certificate types and issuer names.

    +

    Since the supported signature algorithms extension is only used in TLS 1.2, +TLS 1.3 and DTLS 1.2 the results for earlier versions of TLS and DTLS may not +be very useful. Applications may wish to specify a different "legacy" chain +for earlier versions of TLS or DTLS.

    +

    +

    +
    +

    SEE ALSO

    +

    SSL_CTX_set_cert_cb(3), +ssl(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_clear.html b/linux_amd64/share/doc/openssl/html/man3/SSL_clear.html new file mode 100755 index 0000000..6412b48 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_clear.html @@ -0,0 +1,117 @@ + + + + +SSL_clear + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_clear - reset SSL object to allow another connection

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_clear(SSL *ssl);
    +

    +

    +
    +

    DESCRIPTION

    +

    Reset ssl to allow another connection. All settings (method, ciphers, +BIOs) are kept.

    +

    +

    +
    +

    NOTES

    +

    SSL_clear is used to prepare an SSL object for a new connection. While all +settings are kept, a side effect is the handling of the current SSL session. +If a session is still open, it is considered bad and will be removed +from the session cache, as required by RFC2246. A session is considered open, +if SSL_shutdown(3) was not called for the connection +or at least SSL_set_shutdown(3) was used to +set the SSL_SENT_SHUTDOWN state.

    +

    If a session was closed cleanly, the session object will be kept and all +settings corresponding. This explicitly means, that e.g. the special method +used during the session will be kept for the next handshake. So if the +session was a TLSv1 session, a SSL client object will use a TLSv1 client +method for the next handshake and a SSL server object will use a TLSv1 +server method, even if TLS_*_methods were chosen on startup. This +will might lead to connection failures (see SSL_new(3)) +for a description of the method's properties.

    +

    +

    +
    +

    WARNINGS

    +

    SSL_clear() resets the SSL object to allow for another connection. The +reset operation however keeps several settings of the last sessions +(some of these settings were made automatically during the last +handshake). It only makes sense for a new connection with the exact +same peer that shares these settings, and may fail if that peer +changes its settings between connections. Use the sequence +SSL_get_session(3); +SSL_new(3); +SSL_set_session(3); +SSL_free(3) +instead to avoid such failures +(or simply SSL_free(3); SSL_new(3) +if session reuse is not desired).

    +

    +

    +
    +

    RETURN VALUES

    +

    The following return values can occur:

    +
      +
    1. +

      The SSL_clear() operation could not be performed. Check the error stack to +find out the reason.

      +
      2. +
    2. +

      The SSL_clear() operation was successful.

      +
      3. +
    +

    SSL_new(3), SSL_free(3), +SSL_shutdown(3), SSL_set_shutdown(3), +SSL_CTX_set_options(3), ssl(7), +SSL_CTX_set_client_cert_cb(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_connect.html b/linux_amd64/share/doc/openssl/html/man3/SSL_connect.html new file mode 100755 index 0000000..c5404cb --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_connect.html @@ -0,0 +1,129 @@ + + + + +SSL_connect + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_connect - initiate the TLS/SSL handshake with an TLS/SSL server

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_connect(SSL *ssl);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_connect() initiates the TLS/SSL handshake with a server. The communication +channel must already have been set and assigned to the ssl by setting an +underlying BIO.

    +

    +

    +
    +

    NOTES

    +

    The behaviour of SSL_connect() depends on the underlying BIO.

    +

    If the underlying BIO is blocking, SSL_connect() will only return once the +handshake has been finished or an error occurred.

    +

    If the underlying BIO is non-blocking, SSL_connect() will also return +when the underlying BIO could not satisfy the needs of SSL_connect() +to continue the handshake, indicating the problem by the return value -1. +In this case a call to SSL_get_error() with the +return value of SSL_connect() will yield SSL_ERROR_WANT_READ or +SSL_ERROR_WANT_WRITE. The calling process then must repeat the call after +taking appropriate action to satisfy the needs of SSL_connect(). +The action depends on the underlying BIO. When using a non-blocking socket, +nothing is to be done, but select() can be used to check for the required +condition. When using a buffering BIO, like a BIO pair, data must be written +into or retrieved out of the BIO before being able to continue.

    +

    Many systems implement Nagle's algorithm by default which means that it will +buffer outgoing TCP data if a TCP packet has already been sent for which no +corresponding ACK has been received yet from the peer. This can have performance +impacts after a successful TLSv1.3 handshake or a successful TLSv1.2 (or below) +resumption handshake, because the last peer to communicate in the handshake is +the client. If the client is also the first to send application data (as is +typical for many protocols) then this data could be buffered until an ACK has +been received for the final handshake message.

    +

    The TCP_NODELAY socket option is often available to disable Nagle's +algorithm. If an application opts to disable Nagle's algorithm consideration +should be given to turning it back on again later if appropriate. The helper +function BIO_set_tcp_ndelay() can be used to turn on or off the TCP_NODELAY +option.

    +

    +

    +
    +

    RETURN VALUES

    +

    The following return values can occur:

    +
      +
    1. +

      The TLS/SSL handshake was not successful but was shut down controlled and +by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the +return value ret to find out the reason.

      +
      2. +
    2. +

      The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been +established.

      + +
      <0
      + +
      +

      The TLS/SSL handshake was not successful, because a fatal error occurred either +at the protocol level or a connection failure occurred. The shutdown was +not clean. It can also occur of action is need to continue the operation +for non-blocking BIOs. Call SSL_get_error() with the return value ret +to find out the reason.

      +
      3. +
    +

    +

    +
    +

    SEE ALSO

    +

    SSL_get_error(3), SSL_accept(3), +SSL_shutdown(3), ssl(7), bio(7), +SSL_set_connect_state(3), +SSL_do_handshake(3), +SSL_CTX_new(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_do_handshake.html b/linux_amd64/share/doc/openssl/html/man3/SSL_do_handshake.html new file mode 100755 index 0000000..f356494 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_do_handshake.html @@ -0,0 +1,115 @@ + + + + +SSL_do_handshake + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_do_handshake - perform a TLS/SSL handshake

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_do_handshake(SSL *ssl);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_do_handshake() will wait for a SSL/TLS handshake to take place. If the +connection is in client mode, the handshake will be started. The handshake +routines may have to be explicitly set in advance using either +SSL_set_connect_state(3) or +SSL_set_accept_state(3).

    +

    +

    +
    +

    NOTES

    +

    The behaviour of SSL_do_handshake() depends on the underlying BIO.

    +

    If the underlying BIO is blocking, SSL_do_handshake() will only return +once the handshake has been finished or an error occurred.

    +

    If the underlying BIO is non-blocking, SSL_do_handshake() will also return +when the underlying BIO could not satisfy the needs of SSL_do_handshake() +to continue the handshake. In this case a call to SSL_get_error() with the +return value of SSL_do_handshake() will yield SSL_ERROR_WANT_READ or +SSL_ERROR_WANT_WRITE. The calling process then must repeat the call after +taking appropriate action to satisfy the needs of SSL_do_handshake(). +The action depends on the underlying BIO. When using a non-blocking socket, +nothing is to be done, but select() can be used to check for the required +condition. When using a buffering BIO, like a BIO pair, data must be written +into or retrieved out of the BIO before being able to continue.

    +

    +

    +
    +

    RETURN VALUES

    +

    The following return values can occur:

    +
      +
    1. +

      The TLS/SSL handshake was not successful but was shut down controlled and +by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the +return value ret to find out the reason.

      +
      2. +
    2. +

      The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been +established.

      + +
      <0
      + +
      +

      The TLS/SSL handshake was not successful because a fatal error occurred either +at the protocol level or a connection failure occurred. The shutdown was +not clean. It can also occur of action is need to continue the operation +for non-blocking BIOs. Call SSL_get_error() with the return value ret +to find out the reason.

      +
      3. +
    +

    +

    +
    +

    SEE ALSO

    +

    SSL_get_error(3), SSL_connect(3), +SSL_accept(3), ssl(7), bio(7), +SSL_set_connect_state(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_export_keying_material.html b/linux_amd64/share/doc/openssl/html/man3/SSL_export_keying_material.html new file mode 100755 index 0000000..ac2d77a --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_export_keying_material.html @@ -0,0 +1,123 @@ + + + + +SSL_export_keying_material + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_export_keying_material, +SSL_export_keying_material_early +- obtain keying material for application use

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
+                                const char *label, size_t llen,
+                                const unsigned char *context,
+                                size_t contextlen, int use_context);
    +
    + int SSL_export_keying_material_early(SSL *s, unsigned char *out, size_t olen,
+                                      const char *label, size_t llen,
+                                      const unsigned char *context,
+                                      size_t contextlen);
    +

    +

    +
    +

    DESCRIPTION

    +

    During the creation of a TLS or DTLS connection shared keying material is +established between the two endpoints. The functions +SSL_export_keying_material() and SSL_export_keying_material_early() enable an +application to use some of this keying material for its own purposes in +accordance with RFC5705 (for TLSv1.2 and below) or RFC8446 (for TLSv1.3).

    +

    SSL_export_keying_material() derives keying material using +the exporter_master_secret established in the handshake.

    +

    SSL_export_keying_material_early() is only usable with TLSv1.3, and derives +keying material using the early_exporter_master_secret (as defined in the +TLS 1.3 RFC). For the client, the early_exporter_master_secret is only +available when the client attempts to send 0-RTT data. For the server, it is +only available when the server accepts 0-RTT data.

    +

    An application may need to securely establish the context within which this +keying material will be used. For example this may include identifiers for the +application session, application algorithms or parameters, or the lifetime of +the context. The context value is left to the application but must be the same +on both sides of the communication.

    +

    For a given SSL connection s, olen bytes of data will be written to +out. The application specific context should be supplied in the location +pointed to by context and should be contextlen bytes long. Provision of +a context is optional. If the context should be omitted entirely then +use_context should be set to 0. Otherwise it should be any other value. If +use_context is 0 then the values of context and contextlen are ignored. +Note that in TLSv1.2 and below a zero length context is treated differently from +no context at all, and will result in different keying material being returned. +In TLSv1.3 a zero length context is that same as no context at all and will +result in the same keying material being returned.

    +

    An application specific label should be provided in the location pointed to by +label and should be llen bytes long. Typically this will be a value from +the IANA Exporter Label Registry +(https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#exporter-labels). +Alternatively labels beginning with "EXPERIMENTAL" are permitted by the standard +to be used without registration. TLSv1.3 imposes a maximum label length of +249 bytes.

    +

    Note that this function is only defined for TLSv1.0 and above, and DTLSv1.0 and +above. Attempting to use it in SSLv3 will result in an error.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_export_keying_material() returns 0 or -1 on failure or 1 on success.

    +

    SSL_export_keying_material_early() returns 0 on failure or 1 on success.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7)

    +

    +

    +
    +

    HISTORY

    +

    The SSL_export_keying_material_early() function was added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_extension_supported.html b/linux_amd64/share/doc/openssl/html/man3/SSL_extension_supported.html new file mode 100755 index 0000000..6aae891 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_extension_supported.html @@ -0,0 +1,336 @@ + + + + +SSL_extension_supported + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_extension_supported, +SSL_custom_ext_add_cb_ex, +SSL_custom_ext_free_cb_ex, +SSL_custom_ext_parse_cb_ex, +SSL_CTX_add_custom_ext, +SSL_CTX_add_client_custom_ext, SSL_CTX_add_server_custom_ext, +custom_ext_add_cb, custom_ext_free_cb, custom_ext_parse_cb +- custom TLS extension handling

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + typedef int (*SSL_custom_ext_add_cb_ex)(SSL *s, unsigned int ext_type,
+                                         unsigned int context,
+                                         const unsigned char **out,
+                                         size_t *outlen, X509 *x,
+                                         size_t chainidx, int *al,
+                                         void *add_arg);
    +
    + typedef void (*SSL_custom_ext_free_cb_ex)(SSL *s, unsigned int ext_type,
+                                           unsigned int context,
+                                           const unsigned char *out,
+                                           void *add_arg);
    +
    + typedef int (*SSL_custom_ext_parse_cb_ex)(SSL *s, unsigned int ext_type,
+                                           unsigned int context,
+                                           const unsigned char *in,
+                                           size_t inlen, X509 *x,
+                                           size_t chainidx, int *al,
+                                           void *parse_arg);
    +
    + int SSL_CTX_add_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
+                            unsigned int context,
+                            SSL_custom_ext_add_cb_ex add_cb,
+                            SSL_custom_ext_free_cb_ex free_cb,
+                            void *add_arg,
+                            SSL_custom_ext_parse_cb_ex parse_cb,
+                            void *parse_arg);
    +
    + typedef int (*custom_ext_add_cb)(SSL *s, unsigned int ext_type,
+                                  const unsigned char **out,
+                                  size_t *outlen, int *al,
+                                  void *add_arg);
    +
    + typedef void (*custom_ext_free_cb)(SSL *s, unsigned int ext_type,
+                                    const unsigned char *out,
+                                    void *add_arg);
    +
    + typedef int (*custom_ext_parse_cb)(SSL *s, unsigned int ext_type,
+                                    const unsigned char *in,
+                                    size_t inlen, int *al,
+                                    void *parse_arg);
    +
    + int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
+                                   custom_ext_add_cb add_cb,
+                                   custom_ext_free_cb free_cb, void *add_arg,
+                                   custom_ext_parse_cb parse_cb,
+                                   void *parse_arg);
    +
    + int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
+                                   custom_ext_add_cb add_cb,
+                                   custom_ext_free_cb free_cb, void *add_arg,
+                                   custom_ext_parse_cb parse_cb,
+                                   void *parse_arg);
    +
    + int SSL_extension_supported(unsigned int ext_type);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_add_custom_ext() adds a custom extension for a TLS/DTLS client or server +for all supported protocol versions with extension type ext_type and +callbacks add_cb, free_cb and parse_cb (see the +EXTENSION CALLBACKS section below). The context value determines +which messages and under what conditions the extension will be added/parsed (see +the EXTENSION CONTEXTS section below).

    +

    SSL_CTX_add_client_custom_ext() adds a custom extension for a TLS/DTLS client +with extension type ext_type and callbacks add_cb, free_cb and +parse_cb. This function is similar to SSL_CTX_add_custom_ext() except it only +applies to clients, uses the older style of callbacks, and implicitly sets the +context value to:

    +
    + SSL_EXT_TLS1_2_AND_BELOW_ONLY | SSL_EXT_CLIENT_HELLO
+ | SSL_EXT_TLS1_2_SERVER_HELLO | SSL_EXT_IGNORE_ON_RESUMPTION
    +

    SSL_CTX_add_server_custom_ext() adds a custom extension for a TLS/DTLS server +with extension type ext_type and callbacks add_cb, free_cb and +parse_cb. This function is similar to SSL_CTX_add_custom_ext() except it +only applies to servers, uses the older style of callbacks, and implicitly sets +the context value to the same as for SSL_CTX_add_client_custom_ext() above.

    +

    The ext_type parameter corresponds to the extension_type field of +RFC5246 et al. It is not a NID. In all cases the extension type must not be +handled by OpenSSL internally or an error occurs.

    +

    SSL_extension_supported() returns 1 if the extension ext_type is handled +internally by OpenSSL and 0 otherwise.

    +

    +

    +
    +

    EXTENSION CALLBACKS

    +

    The callback add_cb is called to send custom extension data to be +included in various TLS messages. The ext_type parameter is set to the +extension type which will be added and add_arg to the value set when the +extension handler was added. When using the new style callbacks the context +parameter will indicate which message is currently being constructed e.g. for +the ClientHello it will be set to SSL_EXT_CLIENT_HELLO.

    +

    If the application wishes to include the extension ext_type it should +set *out to the extension data, set *outlen to the length of the +extension data and return 1.

    +

    If the add_cb does not wish to include the extension it must return 0.

    +

    If add_cb returns -1 a fatal handshake error occurs using the TLS +alert value specified in *al.

    +

    When constructing the ClientHello, if add_cb is set to NULL a zero length +extension is added for ext_type. For all other messages if add_cb is set +to NULL then no extension is added.

    +

    When constructing a Certificate message the callback will be called for each +certificate in the message. The x parameter will indicate the +current certificate and the chainidx parameter will indicate the position +of the certificate in the message. The first certificate is always the end +entity certificate and has a chainidx value of 0. The certificates are in the +order that they were received in the Certificate message.

    +

    For all messages except the ServerHello and EncryptedExtensions every +registered add_cb is always called to see if the application wishes to add an +extension (as long as all requirements of the specified context are met).

    +

    For the ServerHello and EncryptedExtension messages every registered add_cb +is called once if and only if the requirements of the specified context are +met and the corresponding extension was received in the ClientHello. That is, if +no corresponding extension was received in the ClientHello then add_cb will +not be called.

    +

    If an extension is added (that is add_cb returns 1) free_cb is called +(if it is set) with the value of out set by the add callback. It can be +used to free up any dynamic extension data set by add_cb. Since out is +constant (to permit use of constant data in add_cb) applications may need to +cast away const to free the data.

    +

    The callback parse_cb receives data for TLS extensions. The callback is only +called if the extension is present and relevant for the context (see +EXTENSION CONTEXTS below).

    +

    The extension data consists of inlen bytes in the buffer in for the +extension ext_type.

    +

    If the message being parsed is a TLSv1.3 compatible Certificate message then +parse_cb will be called for each certificate contained within the message. +The x parameter will indicate the current certificate and the chainidx +parameter will indicate the position of the certificate in the message. The +first certificate is always the end entity certificate and has a chainidx +value of 0.

    +

    If the parse_cb considers the extension data acceptable it must return +1. If it returns 0 or a negative value a fatal handshake error occurs +using the TLS alert value specified in *al.

    +

    The buffer in is a temporary internal buffer which will not be valid after +the callback returns.

    +

    +

    +
    +

    EXTENSION CONTEXTS

    +

    An extension context defines which messages and under which conditions an +extension should be added or expected. The context is built up by performing +a bitwise OR of multiple pre-defined values together. The valid context values +are:

    +
    +
    SSL_EXT_TLS_ONLY
    + +
    +

    The extension is only allowed in TLS

    +
    +
    SSL_EXT_DTLS_ONLY
    + +
    +

    The extension is only allowed in DTLS

    +
    +
    SSL_EXT_TLS_IMPLEMENTATION_ONLY
    + +
    +

    The extension is allowed in DTLS, but there is only a TLS implementation +available (so it is ignored in DTLS).

    +
    +
    SSL_EXT_SSL3_ALLOWED
    + +
    +

    Extensions are not typically defined for SSLv3. Setting this value will allow +the extension in SSLv3. Applications will not typically need to use this.

    +
    +
    SSL_EXT_TLS1_2_AND_BELOW_ONLY
    + +
    +

    The extension is only defined for TLSv1.2/DTLSv1.2 and below. Servers will +ignore this extension if it is present in the ClientHello and TLSv1.3 is +negotiated.

    +
    +
    SSL_EXT_TLS1_3_ONLY
    + +
    +

    The extension is only defined for TLS1.3 and above. Servers will ignore this +extension if it is present in the ClientHello and TLSv1.2 or below is +negotiated.

    +
    +
    SSL_EXT_IGNORE_ON_RESUMPTION
    + +
    +

    The extension will be ignored during parsing if a previous session is being +successfully resumed.

    +
    +
    SSL_EXT_CLIENT_HELLO
    + +
    +

    The extension may be present in the ClientHello message.

    +
    +
    SSL_EXT_TLS1_2_SERVER_HELLO
    + +
    +

    The extension may be present in a TLSv1.2 or below compatible ServerHello +message.

    +
    +
    SSL_EXT_TLS1_3_SERVER_HELLO
    + +
    +

    The extension may be present in a TLSv1.3 compatible ServerHello message.

    +
    +
    SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS
    + +
    +

    The extension may be present in an EncryptedExtensions message.

    +
    +
    SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST
    + +
    +

    The extension may be present in a HelloRetryRequest message.

    +
    +
    SSL_EXT_TLS1_3_CERTIFICATE
    + +
    +

    The extension may be present in a TLSv1.3 compatible Certificate message.

    +
    +
    SSL_EXT_TLS1_3_NEW_SESSION_TICKET
    + +
    +

    The extension may be present in a TLSv1.3 compatible NewSessionTicket message.

    +
    +
    SSL_EXT_TLS1_3_CERTIFICATE_REQUEST
    + +
    +

    The extension may be present in a TLSv1.3 compatible CertificateRequest message.

    +
    +
    +

    The context must include at least one message value (otherwise the extension +will never be used).

    +

    +

    +
    +

    NOTES

    +

    The add_arg and parse_arg parameters can be set to arbitrary values +which will be passed to the corresponding callbacks. They can, for example, +be used to store the extension data received in a convenient structure or +pass the extension data to be added or freed when adding extensions.

    +

    If the same custom extension type is received multiple times a fatal +decode_error alert is sent and the handshake aborts. If a custom extension +is received in a ServerHello/EncryptedExtensions message which was not sent in +the ClientHello a fatal unsupported_extension alert is sent and the +handshake is aborted. The ServerHello/EncryptedExtensions add_cb callback is +only called if the corresponding extension was received in the ClientHello. This +is compliant with the TLS specifications. This behaviour ensures that each +callback is called at most once and that an application can never send +unsolicited extensions.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_add_custom_ext(), SSL_CTX_add_client_custom_ext() and +SSL_CTX_add_server_custom_ext() return 1 for success and 0 for failure. A +failure can occur if an attempt is made to add the same ext_type more than +once, if an attempt is made to use an extension type handled internally by +OpenSSL or if an internal error occurs (for example a memory allocation +failure).

    +

    SSL_extension_supported() returns 1 if the extension ext_type is handled +internally by OpenSSL and 0 otherwise.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7)

    +

    +

    +
    +

    HISTORY

    +

    The SSL_CTX_add_custom_ext() function was added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2014-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_free.html b/linux_amd64/share/doc/openssl/html/man3/SSL_free.html new file mode 100755 index 0000000..e550169 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_free.html @@ -0,0 +1,89 @@ + + + + +SSL_free + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    SSL_free - free an allocated SSL structure

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + void SSL_free(SSL *ssl);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_free() decrements the reference count of ssl, and removes the SSL +structure pointed to by ssl and frees up the allocated memory if the +reference count has reached 0. +If ssl is NULL nothing is done.

    +

    +

    +
    +

    NOTES

    +

    SSL_free() also calls the free()ing procedures for indirectly affected items, if +applicable: the buffering BIO, the read and write BIOs, +cipher lists specially created for this ssl, the SSL_SESSION. +Do not explicitly free these indirectly freed up items before or after +calling SSL_free(), as trying to free things twice may lead to program +failure.

    +

    The ssl session has reference counts from two users: the SSL object, for +which the reference count is removed by SSL_free() and the internal +session cache. If the session is considered bad, because +SSL_shutdown(3) was not called for the connection +and SSL_set_shutdown(3) was not used to set the +SSL_SENT_SHUTDOWN state, the session will also be removed +from the session cache as required by RFC2246.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_free() does not provide diagnostic information.

    +

    SSL_new(3), SSL_clear(3), +SSL_shutdown(3), SSL_set_shutdown(3), +ssl(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_get0_peer_scts.html b/linux_amd64/share/doc/openssl/html/man3/SSL_get0_peer_scts.html new file mode 100755 index 0000000..6b73630 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_get0_peer_scts.html @@ -0,0 +1,84 @@ + + + + +SSL_get0_peer_scts + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_get0_peer_scts - get SCTs received

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_get0_peer_scts() returns the signed certificate timestamps (SCTs) that have +been received. If this is the first time that this function has been called for +a given SSL instance, it will examine the TLS extensions, OCSP response and +the peer's certificate for SCTs. Future calls will return the same SCTs.

    +

    +

    +
    +

    RESTRICTIONS

    +

    If no Certificate Transparency validation callback has been set (using +SSL_CTX_set_ct_validation_callback or SSL_set_ct_validation_callback), +this function is not guaranteed to return all of the SCTs that the peer is +capable of sending.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_get0_peer_scts() returns a list of SCTs found, or NULL if an error occurs.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_CTX_set_ct_validation_callback(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_get_SSL_CTX.html b/linux_amd64/share/doc/openssl/html/man3/SSL_get_SSL_CTX.html new file mode 100755 index 0000000..c5a1316 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_get_SSL_CTX.html @@ -0,0 +1,72 @@ + + + + +SSL_get_SSL_CTX + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_get_SSL_CTX - get the SSL_CTX from which an SSL is created

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_get_SSL_CTX() returns a pointer to the SSL_CTX object, from which +ssl was created with SSL_new(3).

    +

    +

    +
    +

    RETURN VALUES

    +

    The pointer to the SSL_CTX object is returned.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_new(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_get_all_async_fds.html b/linux_amd64/share/doc/openssl/html/man3/SSL_get_all_async_fds.html new file mode 100755 index 0000000..a6eda46 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_get_all_async_fds.html @@ -0,0 +1,125 @@ + + + + +SSL_get_all_async_fds + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_waiting_for_async, +SSL_get_all_async_fds, +SSL_get_changed_async_fds +- manage asynchronous operations

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/async.h>
+ #include <openssl/ssl.h>
    +
    + int SSL_waiting_for_async(SSL *s);
+ int SSL_get_all_async_fds(SSL *s, OSSL_ASYNC_FD *fd, size_t *numfds);
+ int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd, size_t *numaddfds,
+                               OSSL_ASYNC_FD *delfd, size_t *numdelfds);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_waiting_for_async() determines whether an SSL connection is currently +waiting for asynchronous operations to complete (see the SSL_MODE_ASYNC mode +in SSL_CTX_set_mode(3)).

    +

    SSL_get_all_async_fds() returns a list of file descriptor which can be used in a +call to select() or poll() to determine whether the current asynchronous +operation has completed or not. A completed operation will result in data +appearing as "read ready" on the file descriptor (no actual data should be read +from the file descriptor). This function should only be called if the SSL +object is currently waiting for asynchronous work to complete (i.e. +SSL_ERROR_WANT_ASYNC has been received - see SSL_get_error(3)). Typically +the list will only contain one file descriptor. However if multiple asynchronous +capable engines are in use then more than one is possible. The number of file +descriptors returned is stored in *numfds and the file descriptors themselves +are in *fds. The fds parameter may be NULL in which case no file +descriptors are returned but *numfds is still populated. It is the callers +responsibility to ensure sufficient memory is allocated at *fds so typically +this function is called twice (once with a NULL fds parameter and once +without).

    +

    SSL_get_changed_async_fds() returns a list of the asynchronous file descriptors +that have been added and a list that have been deleted since the last +SSL_ERROR_WANT_ASYNC was received (or since the SSL object was created if +no SSL_ERROR_WANT_ASYNC has been received). Similar to SSL_get_all_async_fds() +it is the callers responsibility to ensure that *addfd and *delfd have +sufficient memory allocated, although they may be NULL. The number of added fds +and the number of deleted fds are stored in *numaddfds and *numdelfds +respectively.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_waiting_for_async() will return 1 if the current SSL operation is waiting +for an async operation to complete and 0 otherwise.

    +

    SSL_get_all_async_fds() and SSL_get_changed_async_fds() return 1 on success or +0 on error.

    +

    +

    +
    +

    NOTES

    +

    On Windows platforms the openssl/async.h header is dependent on some +of the types customarily made available by including windows.h. The +application developer is likely to require control over when the latter +is included, commonly as one of the first included headers. Therefore +it is defined as an application developer's responsibility to include +windows.h prior to async.h.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_get_error(3), SSL_CTX_set_mode(3)

    +

    +

    +
    +

    HISTORY

    +

    The SSL_waiting_for_async(), SSL_get_all_async_fds() +and SSL_get_changed_async_fds() functions were added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_get_ciphers.html b/linux_amd64/share/doc/openssl/html/man3/SSL_get_ciphers.html new file mode 100755 index 0000000..2ff63ec --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_get_ciphers.html @@ -0,0 +1,146 @@ + + + + +SSL_get_ciphers + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_get1_supported_ciphers, +SSL_get_client_ciphers, +SSL_get_ciphers, +SSL_CTX_get_ciphers, +SSL_bytes_to_cipher_list, +SSL_get_cipher_list, +SSL_get_shared_ciphers +- get list of available SSL_CIPHERs

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *ssl);
+ STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx);
+ STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s);
+ STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *ssl);
+ int SSL_bytes_to_cipher_list(SSL *s, const unsigned char *bytes, size_t len,
+                              int isv2format, STACK_OF(SSL_CIPHER) **sk,
+                              STACK_OF(SSL_CIPHER) **scsvs);
+ const char *SSL_get_cipher_list(const SSL *ssl, int priority);
+ char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_get_ciphers() returns the stack of available SSL_CIPHERs for ssl, +sorted by preference. If ssl is NULL or no ciphers are available, NULL +is returned.

    +

    SSL_CTX_get_ciphers() returns the stack of available SSL_CIPHERs for ctx.

    +

    SSL_get1_supported_ciphers() returns the stack of enabled SSL_CIPHERs for +ssl as would be sent in a ClientHello (that is, sorted by preference). +The list depends on settings like the cipher list, the supported protocol +versions, the security level, and the enabled signature algorithms. +SRP and PSK ciphers are only enabled if the appropriate callbacks or settings +have been applied. +The list of ciphers that would be sent in a ClientHello can differ from +the list of ciphers that would be acceptable when acting as a server. +For example, additional ciphers may be usable by a server if there is +a gap in the list of supported protocols, and some ciphers may not be +usable by a server if there is not a suitable certificate configured. +If ssl is NULL or no ciphers are available, NULL is returned.

    +

    SSL_get_client_ciphers() returns the stack of available SSL_CIPHERs matching the +list received from the client on ssl. If ssl is NULL, no ciphers are +available, or ssl is not operating in server mode, NULL is returned.

    +

    SSL_bytes_to_cipher_list() treats the supplied len octets in bytes +as a wire-protocol cipher suite specification (in the three-octet-per-cipher +SSLv2 wire format if isv2format is nonzero; otherwise the two-octet +SSLv3/TLS wire format), and parses the cipher suites supported by the library +into the returned stacks of SSL_CIPHER objects sk and Signalling Cipher-Suite +Values scsvs. Unsupported cipher suites are ignored. Returns 1 on success +and 0 on failure.

    +

    SSL_get_cipher_list() returns a pointer to the name of the SSL_CIPHER +listed for ssl with priority. If ssl is NULL, no ciphers are +available, or there are less ciphers than priority available, NULL +is returned.

    +

    SSL_get_shared_ciphers() creates a colon separated and NUL terminated list of +SSL_CIPHER names that are available in both the client and the server. buf is +the buffer that should be populated with the list of names and size is the +size of that buffer. A pointer to buf is returned on success or NULL on +error. If the supplied buffer is not large enough to contain the complete list +of names then a truncated list of names will be returned. Note that just because +a ciphersuite is available (i.e. it is configured in the cipher list) and shared +by both the client and the server it does not mean that it is enabled (see the +description of SSL_get1_supported_ciphers() above). This function will return +available shared ciphersuites whether or not they are enabled. This is a server +side function only and must only be called after the completion of the initial +handshake.

    +

    +

    +
    +

    NOTES

    +

    The details of the ciphers obtained by SSL_get_ciphers(), SSL_CTX_get_ciphers() +SSL_get1_supported_ciphers() and SSL_get_client_ciphers() can be obtained using +the SSL_CIPHER_get_name(3) family of functions.

    +

    Call SSL_get_cipher_list() with priority starting from 0 to obtain the +sorted list of available ciphers, until NULL is returned.

    +

    Note: SSL_get_ciphers(), SSL_CTX_get_ciphers() and SSL_get_client_ciphers() +return a pointer to an internal cipher stack, which will be freed later on when +the SSL or SSL_SESSION object is freed. Therefore, the calling code MUST NOT +free the return value itself.

    +

    The stack returned by SSL_get1_supported_ciphers() should be freed using +sk_SSL_CIPHER_free().

    +

    The stacks returned by SSL_bytes_to_cipher_list() should be freed using +sk_SSL_CIPHER_free().

    +

    +

    +
    +

    RETURN VALUES

    +

    See DESCRIPTION

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_CTX_set_cipher_list(3), +SSL_CIPHER_get_name(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_get_client_random.html b/linux_amd64/share/doc/openssl/html/man3/SSL_get_client_random.html new file mode 100755 index 0000000..8c0835a --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_get_client_random.html @@ -0,0 +1,132 @@ + + + + +SSL_get_client_random + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_get_client_random, +SSL_get_server_random, +SSL_SESSION_get_master_key, +SSL_SESSION_set1_master_key +- get internal TLS/SSL random values and get/set master key

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, size_t outlen);
+ size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen);
+ size_t SSL_SESSION_get_master_key(const SSL_SESSION *session,
+                                   unsigned char *out, size_t outlen);
+ int SSL_SESSION_set1_master_key(SSL_SESSION *sess, const unsigned char *in,
+                                 size_t len);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_get_client_random() extracts the random value sent from the client +to the server during the initial SSL/TLS handshake. It copies as many +bytes as it can of this value into the buffer provided in out, +which must have at least outlen bytes available. It returns the +total number of bytes that were actually copied. If outlen is +zero, SSL_get_client_random() copies nothing, and returns the +total size of the client_random value.

    +

    SSL_get_server_random() behaves the same, but extracts the random value +sent from the server to the client during the initial SSL/TLS handshake.

    +

    SSL_SESSION_get_master_key() behaves the same, but extracts the master +secret used to guarantee the security of the SSL/TLS session. This one +can be dangerous if misused; see NOTES below.

    +

    SSL_SESSION_set1_master_key() sets the master key value associated with the +SSL_SESSION sess. For example, this could be used to set up a session based +PSK (see SSL_CTX_set_psk_use_session_callback(3)). The master key of length +len should be provided at in. The supplied master key is copied by the +function, so the caller is responsible for freeing and cleaning any memory +associated with in. The caller must ensure that the length of the key is +suitable for the ciphersuite associated with the SSL_SESSION.

    +

    +

    +
    +

    NOTES

    +

    You probably shouldn't use these functions.

    +

    These functions expose internal values from the TLS handshake, for +use in low-level protocols. You probably should not use them, unless +you are implementing something that needs access to the internal protocol +details.

    +

    Despite the names of SSL_get_client_random() and SSL_get_server_random(), they +ARE NOT random number generators. Instead, they return the mostly-random values that +were already generated and used in the TLS protocol. Using them +in place of RAND_bytes() would be grossly foolish.

    +

    The security of your TLS session depends on keeping the master key secret: +do not expose it, or any information about it, to anybody. +If you need to calculate another secret value that depends on the master +secret, you should probably use SSL_export_keying_material() instead, and +forget that you ever saw these functions.

    +

    In current versions of the TLS protocols, the length of client_random +(and also server_random) is always SSL3_RANDOM_SIZE bytes. Support for +other outlen arguments to the SSL_get_*_random() functions is provided +in case of the unlikely event that a future version or variant of TLS +uses some other length there.

    +

    Finally, though the "client_random" and "server_random" values are called +"random", many TLS implementations will generate four bytes of those +values based on their view of the current time.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_SESSION_set1_master_key() returns 1 on success or 0 on failure.

    +

    For the other functions, if outlen is greater than 0 then these functions +return the number of bytes actually copied, which will be less than or equal to +outlen. If outlen is 0 then these functions return the maximum number +of bytes they would copy -- that is, the length of the underlying field.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +RAND_bytes(3), +SSL_export_keying_material(3), +SSL_CTX_set_psk_use_session_callback(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_get_current_cipher.html b/linux_amd64/share/doc/openssl/html/man3/SSL_get_current_cipher.html new file mode 100755 index 0000000..dccfe1e --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_get_current_cipher.html @@ -0,0 +1,107 @@ + + + + +SSL_get_current_cipher + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_get_current_cipher, SSL_get_cipher_name, SSL_get_cipher, +SSL_get_cipher_bits, SSL_get_cipher_version, +SSL_get_pending_cipher - get SSL_CIPHER of a connection

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + SSL_CIPHER *SSL_get_current_cipher(const SSL *ssl);
+ SSL_CIPHER *SSL_get_pending_cipher(const SSL *ssl);
    +
    + const char *SSL_get_cipher_name(const SSL *s);
+ const char *SSL_get_cipher(const SSL *s);
+ int SSL_get_cipher_bits(const SSL *s, int *np);
+ const char *SSL_get_cipher_version(const SSL *s);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_get_current_cipher() returns a pointer to an SSL_CIPHER object containing +the description of the actually used cipher of a connection established with +the ssl object. +See SSL_CIPHER_get_name(3) for more details.

    +

    SSL_get_cipher_name() obtains the +name of the currently used cipher. +SSL_get_cipher() is identical to SSL_get_cipher_name(). +SSL_get_cipher_bits() is a +macro to obtain the number of secret/algorithm bits used and +SSL_get_cipher_version() returns the protocol name.

    +

    SSL_get_pending_cipher() returns a pointer to an SSL_CIPHER object containing +the description of the cipher (if any) that has been negotiated for future use +on the connection established with the ssl object, but is not yet in use. +This may be the case during handshake processing, when control flow can be +returned to the application via any of several callback methods. The internal +sequencing of handshake processing and callback invocation is not guaranteed +to be stable from release to release, and at present only the callback set +by SSL_CTX_set_alpn_select_cb() is guaranteed to have a non-NULL return value. +Other callbacks may be added to this list over time.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_get_current_cipher() returns the cipher actually used, or NULL if +no session has been established.

    +

    SSL_get_pending_cipher() returns the cipher to be used at the next change +of cipher suite, or NULL if no such cipher is known.

    +

    +

    +
    +

    NOTES

    +

    SSL_get_cipher, SSL_get_cipher_bits, SSL_get_cipher_version, and +SSL_get_cipher_name are implemented as macros.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_CIPHER_get_name(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_get_default_timeout.html b/linux_amd64/share/doc/openssl/html/man3/SSL_get_default_timeout.html new file mode 100755 index 0000000..b5f9f1f --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_get_default_timeout.html @@ -0,0 +1,88 @@ + + + + +SSL_get_default_timeout + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_get_default_timeout - get default session timeout value

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + long SSL_get_default_timeout(const SSL *ssl);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_get_default_timeout() returns the default timeout value assigned to +SSL_SESSION objects negotiated for the protocol valid for ssl.

    +

    +

    +
    +

    NOTES

    +

    Whenever a new session is negotiated, it is assigned a timeout value, +after which it will not be accepted for session reuse. If the timeout +value was not explicitly set using +SSL_CTX_set_timeout(3), the hardcoded default +timeout for the protocol will be used.

    +

    SSL_get_default_timeout() return this hardcoded value, which is 300 seconds +for all currently supported protocols.

    +

    +

    +
    +

    RETURN VALUES

    +

    See description.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_CTX_set_session_cache_mode(3), +SSL_SESSION_get_time(3), +SSL_CTX_flush_sessions(3), +SSL_get_default_timeout(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_get_error.html b/linux_amd64/share/doc/openssl/html/man3/SSL_get_error.html new file mode 100755 index 0000000..c2c0bb3 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_get_error.html @@ -0,0 +1,214 @@ + + + + +SSL_get_error + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_get_error - obtain result code for TLS/SSL I/O operation

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_get_error(const SSL *ssl, int ret);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_get_error() returns a result code (suitable for the C "switch" +statement) for a preceding call to SSL_connect(), SSL_accept(), SSL_do_handshake(), +SSL_read_ex(), SSL_read(), SSL_peek_ex(), SSL_peek(), SSL_shutdown(), +SSL_write_ex() or SSL_write() on ssl. The value returned by that TLS/SSL I/O +function must be passed to SSL_get_error() in parameter ret.

    +

    In addition to ssl and ret, SSL_get_error() inspects the +current thread's OpenSSL error queue. Thus, SSL_get_error() must be +used in the same thread that performed the TLS/SSL I/O operation, and no +other OpenSSL function calls should appear in between. The current +thread's error queue must be empty before the TLS/SSL I/O operation is +attempted, or SSL_get_error() will not work reliably.

    +

    +

    +
    +

    RETURN VALUES

    +

    The following return values can currently occur:

    +
    +
    SSL_ERROR_NONE
    + +
    +

    The TLS/SSL I/O operation completed. This result code is returned +if and only if ret > 0.

    +
    +
    SSL_ERROR_ZERO_RETURN
    + +
    +

    The TLS/SSL peer has closed the connection for writing by sending the +close_notify alert. +No more data can be read. +Note that SSL_ERROR_ZERO_RETURN does not necessarily +indicate that the underlying transport has been closed.

    +
    +
    SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE
    + +
    +

    The operation did not complete and can be retried later.

    +

    SSL_ERROR_WANT_READ is returned when the last operation was a read +operation from a non-blocking BIO. +It means that not enough data was available at this time to complete the +operation. +If at a later time the underlying BIO has data available for reading the same +function can be called again.

    +

    SSL_read() and SSL_read_ex() can also set SSL_ERROR_WANT_READ when there is +still unprocessed data available at either the SSL or the BIO layer, even +for a blocking BIO. +See SSL_read(3) for more information.

    +

    SSL_ERROR_WANT_WRITE is returned when the last operation was a write +to a non-blocking BIO and it was unable to sent all data to the BIO. +When the BIO is writeable again, the same function can be called again.

    +

    Note that the retry may again lead to an SSL_ERROR_WANT_READ or +SSL_ERROR_WANT_WRITE condition. +There is no fixed upper limit for the number of iterations that +may be necessary until progress becomes visible at application +protocol level.

    +

    It is safe to call SSL_read() or SSL_read_ex() when more data is available +even when the call that set this error was an SSL_write() or SSL_write_ex(). +However if the call was an SSL_write() or SSL_write_ex(), it should be called +again to continue sending the application data.

    +

    For socket BIOs (e.g. when SSL_set_fd() was used), select() or +poll() on the underlying socket can be used to find out when the +TLS/SSL I/O function should be retried.

    +

    Caveat: Any TLS/SSL I/O function can lead to either of +SSL_ERROR_WANT_READ and SSL_ERROR_WANT_WRITE. +In particular, +SSL_read_ex(), SSL_read(), SSL_peek_ex(), or SSL_peek() may want to write data +and SSL_write() or SSL_write_ex() may want to read data. +This is mainly because +TLS/SSL handshakes may occur at any time during the protocol (initiated by +either the client or the server); SSL_read_ex(), SSL_read(), SSL_peek_ex(), +SSL_peek(), SSL_write_ex(), and SSL_write() will handle any pending handshakes.

    +
    +
    SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT
    + +
    +

    The operation did not complete; the same TLS/SSL I/O function should be +called again later. The underlying BIO was not connected yet to the peer +and the call would block in connect()/accept(). The SSL function should be +called again when the connection is established. These messages can only +appear with a BIO_s_connect() or BIO_s_accept() BIO, respectively. +In order to find out, when the connection has been successfully established, +on many platforms select() or poll() for writing on the socket file descriptor +can be used.

    +
    +
    SSL_ERROR_WANT_X509_LOOKUP
    + +
    +

    The operation did not complete because an application callback set by +SSL_CTX_set_client_cert_cb() has asked to be called again. +The TLS/SSL I/O function should be called again later. +Details depend on the application.

    +
    +
    SSL_ERROR_WANT_ASYNC
    + +
    +

    The operation did not complete because an asynchronous engine is still +processing data. This will only occur if the mode has been set to SSL_MODE_ASYNC +using SSL_CTX_set_mode(3) or SSL_set_mode(3) and an asynchronous capable +engine is being used. An application can determine whether the engine has +completed its processing using select() or poll() on the asynchronous wait file +descriptor. This file descriptor is available by calling +SSL_get_all_async_fds(3) or SSL_get_changed_async_fds(3). The TLS/SSL I/O +function should be called again later. The function must be called from the +same thread that the original call was made from.

    +
    +
    SSL_ERROR_WANT_ASYNC_JOB
    + +
    +

    The asynchronous job could not be started because there were no async jobs +available in the pool (see ASYNC_init_thread(3)). This will only occur if the +mode has been set to SSL_MODE_ASYNC using SSL_CTX_set_mode(3) or +SSL_set_mode(3) and a maximum limit has been set on the async job pool +through a call to ASYNC_init_thread(3). The application should retry the +operation after a currently executing asynchronous operation for the current +thread has completed.

    +
    +
    SSL_ERROR_WANT_CLIENT_HELLO_CB
    + +
    +

    The operation did not complete because an application callback set by +SSL_CTX_set_client_hello_cb() has asked to be called again. +The TLS/SSL I/O function should be called again later. +Details depend on the application.

    +
    +
    SSL_ERROR_SYSCALL
    + +
    +

    Some non-recoverable, fatal I/O error occurred. The OpenSSL error queue may +contain more information on the error. For socket I/O on Unix systems, consult +errno for details. If this error occurs then no further I/O operations should +be performed on the connection and SSL_shutdown() must not be called.

    +

    This value can also be returned for other errors, check the error queue for +details.

    +
    +
    SSL_ERROR_SSL
    + +
    +

    A non-recoverable, fatal error in the SSL library occurred, usually a protocol +error. The OpenSSL error queue contains more information on the error. If this +error occurs then no further I/O operations should be performed on the +connection and SSL_shutdown() must not be called.

    +
    +
    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7)

    +

    +

    +
    +

    HISTORY

    +

    The SSL_ERROR_WANT_ASYNC error code was added in OpenSSL 1.1.0. +The SSL_ERROR_WANT_CLIENT_HELLO_CB error code was added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_get_extms_support.html b/linux_amd64/share/doc/openssl/html/man3/SSL_get_extms_support.html new file mode 100755 index 0000000..2d13eb9 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_get_extms_support.html @@ -0,0 +1,76 @@ + + + + +SSL_get_extms_support + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_get_extms_support - extended master secret support

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_get_extms_support(SSL *ssl);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_get_extms_support() indicates whether the current session used extended +master secret.

    +

    This function is implemented as a macro.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_get_extms_support() returns 1 if the current session used extended +master secret, 0 if it did not and -1 if a handshake is currently in +progress i.e. it is not possible to determine if extended master secret +was used.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_get_fd.html b/linux_amd64/share/doc/openssl/html/man3/SSL_get_fd.html new file mode 100755 index 0000000..6aa6313 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_get_fd.html @@ -0,0 +1,90 @@ + + + + +SSL_get_fd + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_get_fd, SSL_get_rfd, SSL_get_wfd - get file descriptor linked to an SSL object

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_get_fd(const SSL *ssl);
+ int SSL_get_rfd(const SSL *ssl);
+ int SSL_get_wfd(const SSL *ssl);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_get_fd() returns the file descriptor which is linked to ssl. +SSL_get_rfd() and SSL_get_wfd() return the file descriptors for the +read or the write channel, which can be different. If the read and the +write channel are different, SSL_get_fd() will return the file descriptor +of the read channel.

    +

    +

    +
    +

    RETURN VALUES

    +

    The following return values can occur:

    +
    +
    -1
    + +
    +

    The operation failed, because the underlying BIO is not of the correct type +(suitable for file descriptors).

    +
    +
    >=0
    + +
    +

    The file descriptor linked to ssl.

    +
    +
    +

    +

    +
    +

    SEE ALSO

    +

    SSL_set_fd(3), ssl(7) , bio(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_get_peer_cert_chain.html b/linux_amd64/share/doc/openssl/html/man3/SSL_get_peer_cert_chain.html new file mode 100755 index 0000000..b2c53ba --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_get_peer_cert_chain.html @@ -0,0 +1,113 @@ + + + + +SSL_get_peer_cert_chain + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_get_peer_cert_chain, SSL_get0_verified_chain - get the X509 certificate +chain of the peer

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *ssl);
+ STACK_OF(X509) *SSL_get0_verified_chain(const SSL *ssl);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_get_peer_cert_chain() returns a pointer to STACK_OF(X509) certificates +forming the certificate chain sent by the peer. If called on the client side, +the stack also contains the peer's certificate; if called on the server +side, the peer's certificate must be obtained separately using +SSL_get_peer_certificate(3). +If the peer did not present a certificate, NULL is returned.

    +

    NB: SSL_get_peer_cert_chain() returns the peer chain as sent by the peer: it +only consists of certificates the peer has sent (in the order the peer +has sent them) it is not a verified chain.

    +

    SSL_get0_verified_chain() returns the verified certificate chain +of the peer including the peer's end entity certificate. It must be called +after a session has been successfully established. If peer verification was +not successful (as indicated by SSL_get_verify_result() not returning +X509_V_OK) the chain may be incomplete or invalid.

    +

    +

    +
    +

    NOTES

    +

    If the session is resumed peers do not send certificates so a NULL pointer +is returned by these functions. Applications can call SSL_session_reused() +to determine whether a session is resumed.

    +

    The reference count of each certificate in the returned STACK_OF(X509) object +is not incremented and the returned stack may be invalidated by renegotiation. +If applications wish to use any certificates in the returned chain +indefinitely they must increase the reference counts using X509_up_ref() or +obtain a copy of the whole chain with X509_chain_up_ref().

    +

    +

    +
    +

    RETURN VALUES

    +

    The following return values can occur:

    +
    +
    NULL
    + +
    +

    No certificate was presented by the peer or no connection was established +or the certificate chain is no longer available when a session is reused.

    +
    +
    Pointer to a STACK_OF(X509)
    + +
    +

    The return value points to the certificate chain presented by the peer.

    +
    +
    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_get_peer_certificate(3), X509_up_ref(3), +X509_chain_up_ref(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_get_peer_certificate.html b/linux_amd64/share/doc/openssl/html/man3/SSL_get_peer_certificate.html new file mode 100755 index 0000000..ab4cd15 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_get_peer_certificate.html @@ -0,0 +1,101 @@ + + + + +SSL_get_peer_certificate + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_get_peer_certificate - get the X509 certificate of the peer

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + X509 *SSL_get_peer_certificate(const SSL *ssl);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_get_peer_certificate() returns a pointer to the X509 certificate the +peer presented. If the peer did not present a certificate, NULL is returned.

    +

    +

    +
    +

    NOTES

    +

    Due to the protocol definition, a TLS/SSL server will always send a +certificate, if present. A client will only send a certificate when +explicitly requested to do so by the server (see +SSL_CTX_set_verify(3)). If an anonymous cipher +is used, no certificates are sent.

    +

    That a certificate is returned does not indicate information about the +verification state, use SSL_get_verify_result(3) +to check the verification state.

    +

    The reference count of the X509 object is incremented by one, so that it +will not be destroyed when the session containing the peer certificate is +freed. The X509 object must be explicitly freed using X509_free().

    +

    +

    +
    +

    RETURN VALUES

    +

    The following return values can occur:

    +
    +
    NULL
    + +
    +

    No certificate was presented by the peer or no connection was established.

    +
    +
    Pointer to an X509 certificate
    + +
    +

    The return value points to the certificate presented by the peer.

    +
    +
    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_get_verify_result(3), +SSL_CTX_set_verify(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_get_peer_signature_nid.html b/linux_amd64/share/doc/openssl/html/man3/SSL_get_peer_signature_nid.html new file mode 100755 index 0000000..dd3f530 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_get_peer_signature_nid.html @@ -0,0 +1,88 @@ + + + + +SSL_get_peer_signature_nid + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_get_peer_signature_nid, SSL_get_peer_signature_type_nid, +SSL_get_signature_nid, SSL_get_signature_type_nid - get TLS message signing +types

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_get_peer_signature_nid(SSL *ssl, int *psig_nid);
+ int SSL_get_peer_signature_type_nid(const SSL *ssl, int *psigtype_nid);
+ int SSL_get_signature_nid(SSL *ssl, int *psig_nid);
+ int SSL_get_signature_type_nid(const SSL *ssl, int *psigtype_nid);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_get_peer_signature_nid() sets *psig_nid to the NID of the digest used +by the peer to sign TLS messages. It is implemented as a macro.

    +

    SSL_get_peer_signature_type_nid() sets *psigtype_nid to the signature +type used by the peer to sign TLS messages. Currently the signature type +is the NID of the public key type used for signing except for PSS signing +where it is EVP_PKEY_RSA_PSS. To differentiate between +rsa_pss_rsae_* and rsa_pss_pss_* signatures, it's necessary to check +the type of public key in the peer's certificate.

    +

    SSL_get_signature_nid() and SSL_get_signature_type_nid() return the equivalent +information for the local end of the connection.

    +

    +

    +
    +

    RETURN VALUES

    +

    These functions return 1 for success and 0 for failure. There are several +possible reasons for failure: the cipher suite has no signature (e.g. it +uses RSA key exchange or is anonymous), the TLS version is below 1.2 or +the functions were called too early, e.g. before the peer signed a message.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_get_peer_certificate(3),

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_get_peer_tmp_key.html b/linux_amd64/share/doc/openssl/html/man3/SSL_get_peer_tmp_key.html new file mode 100755 index 0000000..59bbdcd --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_get_peer_tmp_key.html @@ -0,0 +1,90 @@ + + + + +SSL_get_peer_tmp_key + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_get_peer_tmp_key, SSL_get_server_tmp_key, SSL_get_tmp_key - get information +about temporary keys used during a handshake

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + long SSL_get_peer_tmp_key(SSL *ssl, EVP_PKEY **key);
+ long SSL_get_server_tmp_key(SSL *ssl, EVP_PKEY **key);
+ long SSL_get_tmp_key(SSL *ssl, EVP_PKEY **key);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_get_peer_tmp_key() returns the temporary key provided by the peer and +used during key exchange. For example, if ECDHE is in use, then this represents +the peer's public ECDHE key. On success a pointer to the key is stored in +*key. It is the caller's responsibility to free this key after use using +EVP_PKEY_free(3).

    +

    SSL_get_server_tmp_key() is a backwards compatibility alias for +SSL_get_peer_tmp_key(). +Under that name it worked just on the client side of the connection, its +behaviour on the server end is release-dependent.

    +

    SSL_get_tmp_key() returns the equivalent information for the local +end of the connection.

    +

    +

    +
    +

    RETURN VALUES

    +

    All these functions return 1 on success and 0 otherwise.

    +

    +

    +
    +

    NOTES

    +

    This function is implemented as a macro.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), EVP_PKEY_free(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_get_psk_identity.html b/linux_amd64/share/doc/openssl/html/man3/SSL_get_psk_identity.html new file mode 100755 index 0000000..5ab5eba --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_get_psk_identity.html @@ -0,0 +1,80 @@ + + + + +SSL_get_psk_identity + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_get_psk_identity, SSL_get_psk_identity_hint - get PSK client identity and hint

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + const char *SSL_get_psk_identity_hint(const SSL *ssl);
+ const char *SSL_get_psk_identity(const SSL *ssl);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_get_psk_identity_hint() is used to retrieve the PSK identity hint +used during the connection setup related to SSL object +ssl. Similarly, SSL_get_psk_identity() is used to retrieve the PSK +identity used during the connection setup.

    +

    +

    +
    +

    RETURN VALUES

    +

    If non-NULL, SSL_get_psk_identity_hint() returns the PSK identity +hint and SSL_get_psk_identity() returns the PSK identity. Both are +NULL-terminated. SSL_get_psk_identity_hint() may return NULL if +no PSK identity hint was used during the connection setup.

    +

    Note that the return value is valid only during the lifetime of the +SSL object ssl.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_get_rbio.html b/linux_amd64/share/doc/openssl/html/man3/SSL_get_rbio.html new file mode 100755 index 0000000..4fcba55 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_get_rbio.html @@ -0,0 +1,86 @@ + + + + +SSL_get_rbio + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_get_rbio, SSL_get_wbio - get BIO linked to an SSL object

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + BIO *SSL_get_rbio(SSL *ssl);
+ BIO *SSL_get_wbio(SSL *ssl);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_get_rbio() and SSL_get_wbio() return pointers to the BIOs for the +read or the write channel, which can be different. The reference count +of the BIO is not incremented.

    +

    +

    +
    +

    RETURN VALUES

    +

    The following return values can occur:

    +
    +
    NULL
    + +
    +

    No BIO was connected to the SSL object

    +
    +
    Any other pointer
    + +
    +

    The BIO linked to ssl.

    +
    +
    +

    +

    +
    +

    SEE ALSO

    +

    SSL_set_bio(3), ssl(7) , bio(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_get_session.html b/linux_amd64/share/doc/openssl/html/man3/SSL_get_session.html new file mode 100755 index 0000000..d2c515c --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_get_session.html @@ -0,0 +1,140 @@ + + + + +SSL_get_session + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_get_session, SSL_get0_session, SSL_get1_session - retrieve TLS/SSL session data

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + SSL_SESSION *SSL_get_session(const SSL *ssl);
+ SSL_SESSION *SSL_get0_session(const SSL *ssl);
+ SSL_SESSION *SSL_get1_session(SSL *ssl);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_get_session() returns a pointer to the SSL_SESSION actually used in +ssl. The reference count of the SSL_SESSION is not incremented, so +that the pointer can become invalid by other operations.

    +

    SSL_get0_session() is the same as SSL_get_session().

    +

    SSL_get1_session() is the same as SSL_get_session(), but the reference +count of the SSL_SESSION is incremented by one.

    +

    +

    +
    +

    NOTES

    +

    The ssl session contains all information required to re-establish the +connection without a full handshake for SSL versions up to and including +TLSv1.2. In TLSv1.3 the same is true, but sessions are established after the +main handshake has occurred. The server will send the session information to the +client at a time of its choosing, which may be some while after the initial +connection is established (or never). Calling these functions on the client side +in TLSv1.3 before the session has been established will still return an +SSL_SESSION object but that object cannot be used for resuming the session. See +SSL_SESSION_is_resumable(3) for information on how to determine whether an +SSL_SESSION object can be used for resumption or not.

    +

    Additionally, in TLSv1.3, a server can send multiple messages that establish a +session for a single connection. In that case the above functions will only +return information on the last session that was received.

    +

    The preferred way for applications to obtain a resumable SSL_SESSION object is +to use a new session callback as described in SSL_CTX_sess_set_new_cb(3). +The new session callback is only invoked when a session is actually established, +so this avoids the problem described above where an application obtains an +SSL_SESSION object that cannot be used for resumption in TLSv1.3. It also +enables applications to obtain information about all sessions sent by the +server.

    +

    A session will be automatically removed from the session cache and marked as +non-resumable if the connection is not closed down cleanly, e.g. if a fatal +error occurs on the connection or SSL_shutdown(3) is not called prior to +SSL_free(3).

    +

    In TLSv1.3 it is recommended that each SSL_SESSION object is only used for +resumption once.

    +

    SSL_get0_session() returns a pointer to the actual session. As the +reference counter is not incremented, the pointer is only valid while +the connection is in use. If SSL_clear(3) or +SSL_free(3) is called, the session may be removed completely +(if considered bad), and the pointer obtained will become invalid. Even +if the session is valid, it can be removed at any time due to timeout +during SSL_CTX_flush_sessions(3).

    +

    If the data is to be kept, SSL_get1_session() will increment the reference +count, so that the session will not be implicitly removed by other operations +but stays in memory. In order to remove the session +SSL_SESSION_free(3) must be explicitly called once +to decrement the reference count again.

    +

    SSL_SESSION objects keep internal link information about the session cache +list, when being inserted into one SSL_CTX object's session cache. +One SSL_SESSION object, regardless of its reference count, must therefore +only be used with one SSL_CTX object (and the SSL objects created +from this SSL_CTX object).

    +

    +

    +
    +

    RETURN VALUES

    +

    The following return values can occur:

    +
    +
    NULL
    + +
    +

    There is no session available in ssl.

    +
    +
    Pointer to an SSL_SESSION
    + +
    +

    The return value points to the data of an SSL session.

    +
    +
    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_free(3), +SSL_clear(3), +SSL_SESSION_free(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_get_shared_sigalgs.html b/linux_amd64/share/doc/openssl/html/man3/SSL_get_shared_sigalgs.html new file mode 100755 index 0000000..04e0e4e --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_get_shared_sigalgs.html @@ -0,0 +1,119 @@ + + + + +SSL_get_shared_sigalgs + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_get_shared_sigalgs, SSL_get_sigalgs - get supported signature algorithms

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_get_shared_sigalgs(SSL *s, int idx,
+                            int *psign, int *phash, int *psignhash,
+                            unsigned char *rsig, unsigned char *rhash);
    +
    + int SSL_get_sigalgs(SSL *s, int idx,
+                     int *psign, int *phash, int *psignhash,
+                     unsigned char *rsig, unsigned char *rhash);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_get_shared_sigalgs() returns information about the shared signature +algorithms supported by peer s. The parameter idx indicates the index +of the shared signature algorithm to return starting from zero. The signature +algorithm NID is written to *psign, the hash NID to *phash and the +sign and hash NID to *psignhash. The raw signature and hash values +are written to *rsig and *rhash.

    +

    SSL_get_sigalgs() is similar to SSL_get_shared_sigalgs() except it returns +information about all signature algorithms supported by s in the order +they were sent by the peer.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_get_shared_sigalgs() and SSL_get_sigalgs() return the number of +signature algorithms or 0 if the idx parameter is out of range.

    +

    +

    +
    +

    NOTES

    +

    These functions are typically called for debugging purposes (to report +the peer's preferences) or where an application wants finer control over +certificate selection. Most applications will rely on internal handling +and will not need to call them.

    +

    If an application is only interested in the highest preference shared +signature algorithm it can just set idx to zero.

    +

    Any or all of the parameters psign, phash, psignhash, rsig or +rhash can be set to NULL if the value is not required. By setting +them all to NULL and setting idx to zero the total number of +signature algorithms can be determined: which can be zero.

    +

    These functions must be called after the peer has sent a list of supported +signature algorithms: after a client hello (for servers) or a certificate +request (for clients). They can (for example) be called in the certificate +callback.

    +

    Only TLS 1.2, TLS 1.3 and DTLS 1.2 currently support signature algorithms. +If these +functions are called on an earlier version of TLS or DTLS zero is returned.

    +

    The shared signature algorithms returned by SSL_get_shared_sigalgs() are +ordered according to configuration and peer preferences.

    +

    The raw values correspond to the on the wire form as defined by RFC5246 et al. +The NIDs are OpenSSL equivalents. For example if the peer sent sha256(4) and +rsa(1) then *rhash would be 4, *rsign 1, *phash NID_sha256, *psig +NID_rsaEncryption and *psighash NID_sha256WithRSAEncryption.

    +

    If a signature algorithm is not recognised the corresponding NIDs +will be set to NID_undef. This may be because the value is not supported, +is not an appropriate combination (for example MD5 and DSA) or the +signature algorithm does not use a hash (for example Ed25519).

    +

    +

    +
    +

    SEE ALSO

    +

    SSL_CTX_set_cert_cb(3), +ssl(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_get_verify_result.html b/linux_amd64/share/doc/openssl/html/man3/SSL_get_verify_result.html new file mode 100755 index 0000000..387c206 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_get_verify_result.html @@ -0,0 +1,106 @@ + + + + +SSL_get_verify_result + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_get_verify_result - get result of peer certificate verification

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + long SSL_get_verify_result(const SSL *ssl);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_get_verify_result() returns the result of the verification of the +X509 certificate presented by the peer, if any.

    +

    +

    +
    +

    NOTES

    +

    SSL_get_verify_result() can only return one error code while the verification +of a certificate can fail because of many reasons at the same time. Only +the last verification error that occurred during the processing is available +from SSL_get_verify_result().

    +

    The verification result is part of the established session and is restored +when a session is reused.

    +

    +

    +
    +

    BUGS

    +

    If no peer certificate was presented, the returned result code is +X509_V_OK. This is because no verification error occurred, it does however +not indicate success. SSL_get_verify_result() is only useful in connection +with SSL_get_peer_certificate(3).

    +

    +

    +
    +

    RETURN VALUES

    +

    The following return values can currently occur:

    +
    +
    X509_V_OK
    + +
    +

    The verification succeeded or no peer certificate was presented.

    +
    +
    Any other value
    + +
    +

    Documented in openssl-verify(1).

    +
    +
    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_set_verify_result(3), +SSL_get_peer_certificate(3), +openssl-verify(1)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_get_version.html b/linux_amd64/share/doc/openssl/html/man3/SSL_get_version.html new file mode 100755 index 0000000..1e7e48a --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_get_version.html @@ -0,0 +1,154 @@ + + + + +SSL_get_version + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_client_version, SSL_get_version, SSL_is_dtls, SSL_version - get the +protocol information of a connection

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_client_version(const SSL *s);
    +
    + const char *SSL_get_version(const SSL *ssl);
    +
    + int SSL_is_dtls(const SSL *ssl);
    +
    + int SSL_version(const SSL *s);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_client_version() returns the numeric protocol version advertised by the +client in the legacy_version field of the ClientHello when initiating the +connection. Note that, for TLS, this value will never indicate a version greater +than TLSv1.2 even if TLSv1.3 is subsequently negotiated. SSL_get_version() +returns the name of the protocol used for the connection. SSL_version() returns +the numeric protocol version used for the connection. They should only be called +after the initial handshake has been completed. Prior to that the results +returned from these functions may be unreliable.

    +

    SSL_is_dtls() returns one if the connection is using DTLS, zero if not.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_get_version() returns one of the following strings:

    +
    +
    SSLv3
    + +
    +

    The connection uses the SSLv3 protocol.

    +
    +
    TLSv1
    + +
    +

    The connection uses the TLSv1.0 protocol.

    +
    +
    TLSv1.1
    + +
    +

    The connection uses the TLSv1.1 protocol.

    +
    +
    TLSv1.2
    + +
    +

    The connection uses the TLSv1.2 protocol.

    +
    +
    TLSv1.3
    + +
    +

    The connection uses the TLSv1.3 protocol.

    +
    +
    unknown
    + +
    +

    This indicates an unknown protocol version.

    +
    +
    +

    SSL_version() and SSL_client_version() return an integer which could include any +of the following:

    +
    +
    SSL3_VERSION
    + +
    +

    The connection uses the SSLv3 protocol.

    +
    +
    TLS1_VERSION
    + +
    +

    The connection uses the TLSv1.0 protocol.

    +
    +
    TLS1_1_VERSION
    + +
    +

    The connection uses the TLSv1.1 protocol.

    +
    +
    TLS1_2_VERSION
    + +
    +

    The connection uses the TLSv1.2 protocol.

    +
    +
    TLS1_3_VERSION
    + +
    +

    The connection uses the TLSv1.3 protocol (never returned for +SSL_client_version()).

    +
    +
    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7)

    +

    +

    +
    +

    HISTORY

    +

    The SSL_is_dtls() function was added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_in_init.html b/linux_amd64/share/doc/openssl/html/man3/SSL_in_init.html new file mode 100755 index 0000000..bbe6375 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_in_init.html @@ -0,0 +1,135 @@ + + + + +SSL_in_init + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_in_before, +SSL_in_init, +SSL_is_init_finished, +SSL_in_connect_init, +SSL_in_accept_init, +SSL_get_state +- retrieve information about the handshake state machine

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_in_init(const SSL *s);
+ int SSL_in_before(const SSL *s);
+ int SSL_is_init_finished(const SSL *s);
    +
    + int SSL_in_connect_init(SSL *s);
+ int SSL_in_accept_init(SSL *s);
    +
    + OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_in_init() returns 1 if the SSL/TLS state machine is currently processing or +awaiting handshake messages, or 0 otherwise.

    +

    SSL_in_before() returns 1 if no SSL/TLS handshake has yet been initiated, or 0 +otherwise.

    +

    SSL_is_init_finished() returns 1 if the SSL/TLS connection is in a state where +fully protected application data can be transferred or 0 otherwise.

    +

    Note that in some circumstances (such as when early data is being transferred) +SSL_in_init(), SSL_in_before() and SSL_is_init_finished() can all return 0.

    +

    SSL_in_connect_init() returns 1 if s is acting as a client and SSL_in_init() +would return 1, or 0 otherwise.

    +

    SSL_in_accept_init() returns 1 if s is acting as a server and SSL_in_init() +would return 1, or 0 otherwise.

    +

    SSL_in_connect_init() and SSL_in_accept_init() are implemented as macros.

    +

    SSL_get_state() returns a value indicating the current state of the handshake +state machine. OSSL_HANDSHAKE_STATE is an enumerated type where each value +indicates a discrete state machine state. Note that future versions of OpenSSL +may define more states so applications should expect to receive unrecognised +state values. The naming format is made up of a number of elements as follows:

    +

    protocol_ST_role_message

    +

    protocol is one of TLS or DTLS. DTLS is used where a state is specific to the +DTLS protocol. Otherwise TLS is used.

    +

    role is one of CR, CW, SR or SW to indicate "client reading", +"client writing", "server reading" or "server writing" respectively.

    +

    message is the name of a handshake message that is being or has been sent, or +is being or has been processed.

    +

    Additionally there are some special states that do not conform to the above +format. These are:

    +
    +
    TLS_ST_BEFORE
    + +
    +

    No handshake messages have yet been been sent or received.

    +
    +
    TLS_ST_OK
    + +
    +

    Handshake message sending/processing has completed.

    +
    +
    TLS_ST_EARLY_DATA
    + +
    +

    Early data is being processed

    +
    +
    TLS_ST_PENDING_EARLY_DATA_END
    + +
    +

    Awaiting the end of early data processing

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_in_init(), SSL_in_before(), SSL_is_init_finished(), SSL_in_connect_init() +and SSL_in_accept_init() return values as indicated above.

    +

    SSL_get_state() returns the current handshake state.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_read_early_data(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_key_update.html b/linux_amd64/share/doc/openssl/html/man3/SSL_key_update.html new file mode 100755 index 0000000..289475b --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_key_update.html @@ -0,0 +1,139 @@ + + + + +SSL_key_update + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_key_update, +SSL_get_key_update_type, +SSL_renegotiate, +SSL_renegotiate_abbreviated, +SSL_renegotiate_pending +- initiate and obtain information about updating connection keys

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_key_update(SSL *s, int updatetype);
+ int SSL_get_key_update_type(const SSL *s);
    +
    + int SSL_renegotiate(SSL *s);
+ int SSL_renegotiate_abbreviated(SSL *s);
+ int SSL_renegotiate_pending(const SSL *s);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_key_update() schedules an update of the keys for the current TLS connection. +If the updatetype parameter is set to SSL_KEY_UPDATE_NOT_REQUESTED then +the sending keys for this connection will be updated and the peer will be +informed of the change. If the updatetype parameter is set to +SSL_KEY_UPDATE_REQUESTED then the sending keys for this connection will be +updated and the peer will be informed of the change along with a request for the +peer to additionally update its sending keys. It is an error if updatetype is +set to SSL_KEY_UPDATE_NONE.

    +

    SSL_key_update() must only be called after the initial handshake has been +completed and TLSv1.3 has been negotiated. The key update will not take place +until the next time an IO operation such as SSL_read_ex() or SSL_write_ex() +takes place on the connection. Alternatively SSL_do_handshake() can be called to +force the update to take place immediately.

    +

    SSL_get_key_update_type() can be used to determine whether a key update +operation has been scheduled but not yet performed. The type of the pending key +update operation will be returned if there is one, or SSL_KEY_UPDATE_NONE +otherwise.

    +

    SSL_renegotiate() and SSL_renegotiate_abbreviated() should only be called for +connections that have negotiated TLSv1.2 or less. Calling them on any other +connection will result in an error.

    +

    When called from the client side, SSL_renegotiate() schedules a completely new +handshake over an existing SSL/TLS connection. The next time an IO operation +such as SSL_read_ex() or SSL_write_ex() takes place on the connection a check +will be performed to confirm that it is a suitable time to start a +renegotiation. If so, then it will be initiated immediately. OpenSSL will not +attempt to resume any session associated with the connection in the new +handshake.

    +

    When called from the client side, SSL_renegotiate_abbreviated() works in the +same was as SSL_renegotiate() except that OpenSSL will attempt to resume the +session associated with the current connection in the new handshake.

    +

    When called from the server side, SSL_renegotiate() and +SSL_renegotiate_abbreviated() behave identically. They both schedule a request +for a new handshake to be sent to the client. The next time an IO operation is +performed then the same checks as on the client side are performed and then, if +appropriate, the request is sent. The client may or may not respond with a new +handshake and it may or may not attempt to resume an existing session. If +a new handshake is started then this will be handled transparently by calling +any OpenSSL IO function.

    +

    If an OpenSSL client receives a renegotiation request from a server then again +this will be handled transparently through calling any OpenSSL IO function. For +a TLS connection the client will attempt to resume the current session in the +new handshake. For historical reasons, DTLS clients will not attempt to resume +the session in the new handshake.

    +

    The SSL_renegotiate_pending() function returns 1 if a renegotiation or +renegotiation request has been scheduled but not yet acted on, or 0 otherwise.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_key_update(), SSL_renegotiate() and SSL_renegotiate_abbreviated() return 1 +on success or 0 on error.

    +

    SSL_get_key_update_type() returns the update type of the pending key update +operation or SSL_KEY_UPDATE_NONE if there is none.

    +

    SSL_renegotiate_pending() returns 1 if a renegotiation or renegotiation request +has been scheduled but not yet acted on, or 0 otherwise.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_read_ex(3), +SSL_write_ex(3), +SSL_do_handshake(3)

    +

    +

    +
    +

    HISTORY

    +

    The SSL_key_update() and SSL_get_key_update_type() functions were added in +OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_library_init.html b/linux_amd64/share/doc/openssl/html/man3/SSL_library_init.html new file mode 100755 index 0000000..2ac91b7 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_library_init.html @@ -0,0 +1,99 @@ + + + + +SSL_library_init + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_library_init, OpenSSL_add_ssl_algorithms +- initialize SSL library by registering algorithms

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_library_init(void);
    +
    + int OpenSSL_add_ssl_algorithms(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_library_init() registers the available SSL/TLS ciphers and digests.

    +

    OpenSSL_add_ssl_algorithms() is a synonym for SSL_library_init() and is +implemented as a macro.

    +

    +

    +
    +

    NOTES

    +

    SSL_library_init() must be called before any other action takes place. +SSL_library_init() is not reentrant.

    +

    +

    +
    +

    WARNINGS

    +

    SSL_library_init() adds ciphers and digests used directly and indirectly by +SSL/TLS.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_library_init() always returns "1", so it is safe to discard the return +value.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +RAND_add(3)

    +

    +

    +
    +

    HISTORY

    +

    The SSL_library_init() and OpenSSL_add_ssl_algorithms() functions were +deprecated in OpenSSL 1.1.0 by OPENSSL_init_ssl().

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_load_client_CA_file.html b/linux_amd64/share/doc/openssl/html/man3/SSL_load_client_CA_file.html new file mode 100755 index 0000000..bfb5bce --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_load_client_CA_file.html @@ -0,0 +1,138 @@ + + + + +SSL_load_client_CA_file + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_load_client_CA_file, +SSL_add_file_cert_subjects_to_stack, +SSL_add_dir_cert_subjects_to_stack, +SSL_add_store_cert_subjects_to_stack +- load certificate names

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
    +
    + int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
+                                         const char *file)
+ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
+                                        const char *dir)
+ int SSL_add_store_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
+                                          const char *store)
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_load_client_CA_file() reads certificates from file and returns +a STACK_OF(X509_NAME) with the subject names found.

    +

    SSL_add_file_cert_subjects_to_stack() reads certificates from file, +and adds their subject name to the already existing stack.

    +

    SSL_add_dir_cert_subjects_to_stack() reads certificates from every +file in the directory dir, and adds their subject name to the +already existing stack.

    +

    SSL_add_store_cert_subjects_to_stack() loads certificates from the +store URI, and adds their subject name to the already existing +stack.

    +

    +

    +
    +

    NOTES

    +

    SSL_load_client_CA_file() reads a file of PEM formatted certificates and +extracts the X509_NAMES of the certificates found. While the name suggests +the specific usage as support function for +SSL_CTX_set_client_CA_list(3), +it is not limited to CA certificates.

    +

    +

    +
    +

    RETURN VALUES

    +

    The following return values can occur:

    +
    +
    NULL
    + +
    +

    The operation failed, check out the error stack for the reason.

    +
    +
    Pointer to STACK_OF(X509_NAME)
    + +
    +

    Pointer to the subject names of the successfully read certificates.

    +
    +
    +

    +

    +
    +

    EXAMPLES

    +

    Load names of CAs from file and use it as a client CA list:

    +
    + SSL_CTX *ctx;
+ STACK_OF(X509_NAME) *cert_names;
    +
    + ...
+ cert_names = SSL_load_client_CA_file("/path/to/CAfile.pem");
+ if (cert_names != NULL)
+     SSL_CTX_set_client_CA_list(ctx, cert_names);
+ else
+     /* error */
+ ...
    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +ossl_store(7), +SSL_CTX_set_client_CA_list(3)

    +

    +

    +
    +

    HISTORY

    +

    SSL_add_store_cert_subjects_to_stack() was added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_new.html b/linux_amd64/share/doc/openssl/html/man3/SSL_new.html new file mode 100755 index 0000000..2f05543 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_new.html @@ -0,0 +1,115 @@ + + + + +SSL_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_dup, SSL_new, SSL_up_ref - create an SSL structure for a connection

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + SSL *SSL_dup(SSL *s);
+ SSL *SSL_new(SSL_CTX *ctx);
+ int SSL_up_ref(SSL *s);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_new() creates a new SSL structure which is needed to hold the +data for a TLS/SSL connection. The new structure inherits the settings +of the underlying context ctx: connection method, +options, verification settings, timeout settings. An SSL structure is +reference counted. Creating an SSL structure for the first time increments +the reference count. Freeing it (using SSL_free) decrements it. When the +reference count drops to zero, any memory or resources allocated to the SSL +structure are freed.

    +

    SSL_up_ref() increments the reference count for an +existing SSL structure.

    +

    SSL_dup() duplicates an existing SSL structure into a new allocated one +or just increments the reference count if the connection is active. All +settings are inherited from the original SSL structure. Dynamic data (i.e. +existing connection details) are not copied, the new SSL is set into an +initial accept (server) or connect (client) state.

    +

    SSL_dup() allows applications to configure an SSL handle for use in multiple +SSL connections, and then duplicate it prior to initiating each connection +with the duplicated handle. Use of SSL_dup() avoids the need to repeat +the configuration of the handles for each connection.

    +

    For SSL_dup() to work, the connection MUST be in its initial state and +MUST NOT have not yet have started the SSL handshake. For connections +that are not in their initial state SSL_dup() just increments an internal +reference count and returns the same handle. It may be possible to +use SSL_clear(3) to recycle an SSL handle that is not in its initial +state for re-use, but this is best avoided. Instead, save and restore +the session, if desired, and construct a fresh handle for each connection.

    +

    +

    +
    +

    RETURN VALUES

    +

    The following return values can occur:

    +
    +
    NULL
    + +
    +

    The creation of a new SSL structure failed. Check the error stack to +find out the reason.

    +
    +
    Pointer to an SSL structure
    + +
    +

    The return value points to an allocated SSL structure.

    +

    SSL_up_ref() returns 1 for success and 0 for failure.

    +
    +
    +

    +

    +
    +

    SEE ALSO

    +

    SSL_free(3), SSL_clear(3), +SSL_CTX_set_options(3), +SSL_get_SSL_CTX(3), +ssl(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_pending.html b/linux_amd64/share/doc/openssl/html/man3/SSL_pending.html new file mode 100755 index 0000000..fbb280a --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_pending.html @@ -0,0 +1,105 @@ + + + + +SSL_pending + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_pending, SSL_has_pending - check for readable bytes buffered in an +SSL object

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_pending(const SSL *ssl);
+ int SSL_has_pending(const SSL *s);
    +

    +

    +
    +

    DESCRIPTION

    +

    Data is received in whole blocks known as records from the peer. A whole record +is processed (e.g. decrypted) in one go and is buffered by OpenSSL until it is +read by the application via a call to SSL_read_ex(3) or SSL_read(3).

    +

    SSL_pending() returns the number of bytes which have been processed, buffered +and are available inside ssl for immediate read.

    +

    If the SSL object's read_ahead flag is set (see +SSL_CTX_set_read_ahead(3)), additional protocol bytes (beyond the current +record) may have been read containing more TLS/SSL records. This also applies to +DTLS and pipelining (see SSL_CTX_set_split_send_fragment(3)). These +additional bytes will be buffered by OpenSSL but will remain unprocessed until +they are needed. As these bytes are still in an unprocessed state SSL_pending() +will ignore them. Therefore it is possible for no more bytes to be readable from +the underlying BIO (because OpenSSL has already read them) and for SSL_pending() +to return 0, even though readable application data bytes are available (because +the data is in unprocessed buffered records).

    +

    SSL_has_pending() returns 1 if s has buffered data (whether processed or +unprocessed) and 0 otherwise. Note that it is possible for SSL_has_pending() to +return 1, and then a subsequent call to SSL_read_ex() or SSL_read() to return no +data because the unprocessed buffered data when processed yielded no application +data (for example this can happen during renegotiation). It is also possible in +this scenario for SSL_has_pending() to continue to return 1 even after an +SSL_read_ex() or SSL_read() call because the buffered and unprocessed data is +not yet processable (e.g. because OpenSSL has only received a partial record so +far).

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_pending() returns the number of buffered and processed application data +bytes that are pending and are available for immediate read. SSL_has_pending() +returns 1 if there is buffered record data in the SSL object and 0 otherwise.

    +

    +

    +
    +

    SEE ALSO

    +

    SSL_read_ex(3), SSL_read(3), SSL_CTX_set_read_ahead(3), +SSL_CTX_set_split_send_fragment(3), ssl(7)

    +

    +

    +
    +

    HISTORY

    +

    The SSL_has_pending() function was added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_read.html b/linux_amd64/share/doc/openssl/html/man3/SSL_read.html new file mode 100755 index 0000000..6664936 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_read.html @@ -0,0 +1,183 @@ + + + + +SSL_read + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_read_ex, SSL_read, SSL_peek_ex, SSL_peek +- read bytes from a TLS/SSL connection

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_read_ex(SSL *ssl, void *buf, size_t num, size_t *readbytes);
+ int SSL_read(SSL *ssl, void *buf, int num);
    +
    + int SSL_peek_ex(SSL *ssl, void *buf, size_t num, size_t *readbytes);
+ int SSL_peek(SSL *ssl, void *buf, int num);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_read_ex() and SSL_read() try to read num bytes from the specified ssl +into the buffer buf. On success SSL_read_ex() will store the number of bytes +actually read in *readbytes.

    +

    SSL_peek_ex() and SSL_peek() are identical to SSL_read_ex() and SSL_read() +respectively except no bytes are actually removed from the underlying BIO during +the read, so that a subsequent call to SSL_read_ex() or SSL_read() will yield +at least the same bytes.

    +

    +

    +
    +

    NOTES

    +

    In the paragraphs below a "read function" is defined as one of SSL_read_ex(), +SSL_read(), SSL_peek_ex() or SSL_peek().

    +

    If necessary, a read function will negotiate a TLS/SSL session, if not already +explicitly performed by SSL_connect(3) or SSL_accept(3). If the +peer requests a re-negotiation, it will be performed transparently during +the read function operation. The behaviour of the read functions depends on the +underlying BIO.

    +

    For the transparent negotiation to succeed, the ssl must have been +initialized to client or server mode. This is being done by calling +SSL_set_connect_state(3) or SSL_set_accept_state() before the first +invocation of a read function.

    +

    The read functions work based on the SSL/TLS records. The data are received in +records (with a maximum record size of 16kB). Only when a record has been +completely received, can it be processed (decryption and check of integrity). +Therefore data that was not retrieved at the last read call can still be +buffered inside the SSL layer and will be retrieved on the next read +call. If num is higher than the number of bytes buffered then the read +functions will return with the bytes buffered. If no more bytes are in the +buffer, the read functions will trigger the processing of the next record. +Only when the record has been received and processed completely will the read +functions return reporting success. At most the contents of one record will +be returned. As the size of an SSL/TLS record may exceed the maximum packet size +of the underlying transport (e.g. TCP), it may be necessary to read several +packets from the transport layer before the record is complete and the read call +can succeed.

    +

    If SSL_MODE_AUTO_RETRY has been switched off and a non-application data +record has been processed, the read function can return and set the error to +SSL_ERROR_WANT_READ. +In this case there might still be unprocessed data available in the BIO. +If read ahead was set using SSL_CTX_set_read_ahead(3), there might also still +be unprocessed data available in the SSL. +This behaviour can be controlled using the SSL_CTX_set_mode(3) call.

    +

    If the underlying BIO is blocking, a read function will only return once the +read operation has been finished or an error occurred, except when a +non-application data record has been processed and SSL_MODE_AUTO_RETRY is +not set. +Note that if SSL_MODE_AUTO_RETRY is set and only non-application data is +available the call will hang.

    +

    If the underlying BIO is non-blocking, a read function will also return when +the underlying BIO could not satisfy the needs of the function to continue the +operation. +In this case a call to SSL_get_error(3) with the +return value of the read function will yield SSL_ERROR_WANT_READ or +SSL_ERROR_WANT_WRITE. +As at any time it's possible that non-application data needs to be sent, +a read function can also cause write operations. +The calling process then must repeat the call after taking appropriate action +to satisfy the needs of the read function. +The action depends on the underlying BIO. +When using a non-blocking socket, nothing is to be done, but select() can be +used to check for the required condition. +When using a buffering BIO, like a BIO pair, data must be written into or +retrieved out of the BIO before being able to continue.

    +

    SSL_pending(3) can be used to find out whether there +are buffered bytes available for immediate retrieval. +In this case the read function can be called without blocking or actually +receiving new data from the underlying socket.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_read_ex() and SSL_peek_ex() will return 1 for success or 0 for failure. +Success means that 1 or more application data bytes have been read from the SSL +connection. +Failure means that no bytes could be read from the SSL connection. +Failures can be retryable (e.g. we are waiting for more bytes to +be delivered by the network) or non-retryable (e.g. a fatal network error). +In the event of a failure call SSL_get_error(3) to find out the reason which +indicates whether the call is retryable or not.

    +

    For SSL_read() and SSL_peek() the following return values can occur:

    +
    +
    > 0
    + +
    +

    The read operation was successful. +The return value is the number of bytes actually read from the TLS/SSL +connection.

    +
    +
    <= 0
    + +
    +

    The read operation was not successful, because either the connection was closed, +an error occurred or action must be taken by the calling process. +Call SSL_get_error(3) with the return value ret to find out the reason.

    +

    Old documentation indicated a difference between 0 and -1, and that -1 was +retryable. +You should instead call SSL_get_error() to find out if it's retryable.

    +
    +
    +

    +

    +
    +

    SEE ALSO

    +

    SSL_get_error(3), SSL_write_ex(3), +SSL_CTX_set_mode(3), SSL_CTX_new(3), +SSL_connect(3), SSL_accept(3) +SSL_set_connect_state(3), +SSL_pending(3), +SSL_shutdown(3), SSL_set_shutdown(3), +ssl(7), bio(7)

    +

    +

    +
    +

    HISTORY

    +

    The SSL_read_ex() and SSL_peek_ex() functions were added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_read_early_data.html b/linux_amd64/share/doc/openssl/html/man3/SSL_read_early_data.html new file mode 100755 index 0000000..275c035 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_read_early_data.html @@ -0,0 +1,385 @@ + + + + +SSL_read_early_data + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_set_max_early_data, +SSL_CTX_set_max_early_data, +SSL_get_max_early_data, +SSL_CTX_get_max_early_data, +SSL_set_recv_max_early_data, +SSL_CTX_set_recv_max_early_data, +SSL_get_recv_max_early_data, +SSL_CTX_get_recv_max_early_data, +SSL_SESSION_get_max_early_data, +SSL_SESSION_set_max_early_data, +SSL_write_early_data, +SSL_read_early_data, +SSL_get_early_data_status, +SSL_allow_early_data_cb_fn, +SSL_CTX_set_allow_early_data_cb, +SSL_set_allow_early_data_cb +- functions for sending and receiving early data

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_CTX_set_max_early_data(SSL_CTX *ctx, uint32_t max_early_data);
+ uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx);
+ int SSL_set_max_early_data(SSL *s, uint32_t max_early_data);
+ uint32_t SSL_get_max_early_data(const SSL *s);
    +
    + int SSL_CTX_set_recv_max_early_data(SSL_CTX *ctx, uint32_t recv_max_early_data);
+ uint32_t SSL_CTX_get_recv_max_early_data(const SSL_CTX *ctx);
+ int SSL_set_recv_max_early_data(SSL *s, uint32_t recv_max_early_data);
+ uint32_t SSL_get_recv_max_early_data(const SSL *s);
    +
    + uint32_t SSL_SESSION_get_max_early_data(const SSL_SESSION *s);
+ int SSL_SESSION_set_max_early_data(SSL_SESSION *s, uint32_t max_early_data);
    +
    + int SSL_write_early_data(SSL *s, const void *buf, size_t num, size_t *written);
    +
    + int SSL_read_early_data(SSL *s, void *buf, size_t num, size_t *readbytes);
    +
    + int SSL_get_early_data_status(const SSL *s);
    +
    + typedef int (*SSL_allow_early_data_cb_fn)(SSL *s, void *arg);
    +
    + void SSL_CTX_set_allow_early_data_cb(SSL_CTX *ctx,
+                                      SSL_allow_early_data_cb_fn cb,
+                                      void *arg);
+ void SSL_set_allow_early_data_cb(SSL *s,
+                                  SSL_allow_early_data_cb_fn cb,
+                                  void *arg);
    +

    +

    +
    +

    DESCRIPTION

    +

    These functions are used to send and receive early data where TLSv1.3 has been +negotiated. Early data can be sent by the client immediately after its initial +ClientHello without having to wait for the server to complete the handshake. +Early data can only be sent if a session has previously been established with +the server, and the server is known to support it. Additionally these functions +can be used to send data from the server to the client when the client has not +yet completed the authentication stage of the handshake.

    +

    Early data has weaker security properties than other data sent over an SSL/TLS +connection. In particular the data does not have forward secrecy. There are also +additional considerations around replay attacks (see REPLAY PROTECTION +below). For these reasons extreme care should be exercised when using early +data. For specific details, consult the TLS 1.3 specification.

    +

    When a server receives early data it may opt to immediately respond by sending +application data back to the client. Data sent by the server at this stage is +done before the full handshake has been completed. Specifically the client's +authentication messages have not yet been received, i.e. the client is +unauthenticated at this point and care should be taken when using this +capability.

    +

    A server or client can determine whether the full handshake has been completed +or not by calling SSL_is_init_finished(3).

    +

    On the client side, the function SSL_SESSION_get_max_early_data() can be used to +determine if a session established with a server can be used to send early data. +If the session cannot be used then this function will return 0. Otherwise it +will return the maximum number of early data bytes that can be sent.

    +

    The function SSL_SESSION_set_max_early_data() sets the maximum number of early +data bytes that can be sent for a session. This would typically be used when +creating a PSK session file (see SSL_CTX_set_psk_use_session_callback(3)). If +using a ticket based PSK then this is set automatically to the value provided by +the server.

    +

    A client uses the function SSL_write_early_data() to send early data. This +function is similar to the SSL_write_ex(3) function, but with the following +differences. See SSL_write_ex(3) for information on how to write bytes to +the underlying connection, and how to handle any errors that may arise. This +page describes the differences between SSL_write_early_data() and +SSL_write_ex(3).

    +

    When called by a client, SSL_write_early_data() must be the first IO function +called on a new connection, i.e. it must occur before any calls to +SSL_write_ex(3), SSL_read_ex(3), SSL_connect(3), SSL_do_handshake(3) +or other similar functions. It may be called multiple times to stream data to +the server, but the total number of bytes written must not exceed the value +returned from SSL_SESSION_get_max_early_data(). Once the initial +SSL_write_early_data() call has completed successfully the client may interleave +calls to SSL_read_ex(3) and SSL_read(3) with calls to +SSL_write_early_data() as required.

    +

    If SSL_write_early_data() fails you should call SSL_get_error(3) to determine +the correct course of action, as for SSL_write_ex(3).

    +

    When the client no longer wishes to send any more early data then it should +complete the handshake by calling a function such as SSL_connect(3) or +SSL_do_handshake(3). Alternatively you can call a standard write function +such as SSL_write_ex(3), which will transparently complete the connection and +write the requested data.

    +

    A server may choose to ignore early data that has been sent to it. Once the +connection has been completed you can determine whether the server accepted or +rejected the early data by calling SSL_get_early_data_status(). This will return +SSL_EARLY_DATA_ACCEPTED if the data was accepted, SSL_EARLY_DATA_REJECTED if it +was rejected or SSL_EARLY_DATA_NOT_SENT if no early data was sent. This function +may be called by either the client or the server.

    +

    A server uses the SSL_read_early_data() function to receive early data on a +connection for which early data has been enabled using +SSL_CTX_set_max_early_data() or SSL_set_max_early_data(). As for +SSL_write_early_data(), this must be the first IO function +called on a connection, i.e. it must occur before any calls to +SSL_write_ex(3), SSL_read_ex(3), SSL_accept(3), SSL_do_handshake(3), +or other similar functions.

    +

    SSL_read_early_data() is similar to SSL_read_ex(3) with the following +differences. Refer to SSL_read_ex(3) for full details.

    +

    SSL_read_early_data() may return 3 possible values:

    +
    +
    SSL_READ_EARLY_DATA_ERROR
    + +
    +

    This indicates an IO or some other error occurred. This should be treated in the +same way as a 0 return value from SSL_read_ex(3).

    +
    +
    SSL_READ_EARLY_DATA_SUCCESS
    + +
    +

    This indicates that early data was successfully read. This should be treated in +the same way as a 1 return value from SSL_read_ex(3). You should continue to +call SSL_read_early_data() to read more data.

    +
    +
    SSL_READ_EARLY_DATA_FINISH
    + +
    +

    This indicates that no more early data can be read. It may be returned on the +first call to SSL_read_early_data() if the client has not sent any early data, +or if the early data was rejected.

    +
    +
    +

    Once the initial SSL_read_early_data() call has completed successfully (i.e. it +has returned SSL_READ_EARLY_DATA_SUCCESS or SSL_READ_EARLY_DATA_FINISH) then the +server may choose to write data immediately to the unauthenticated client using +SSL_write_early_data(). If SSL_read_early_data() returned +SSL_READ_EARLY_DATA_FINISH then in some situations (e.g. if the client only +supports TLSv1.2) the handshake may have already been completed and calls +to SSL_write_early_data() are not allowed. Call SSL_is_init_finished(3) to +determine whether the handshake has completed or not. If the handshake is still +in progress then the server may interleave calls to SSL_write_early_data() with +calls to SSL_read_early_data() as required.

    +

    Servers must not call SSL_read_ex(3), SSL_read(3), SSL_write_ex(3) or +SSL_write(3) until SSL_read_early_data() has returned with +SSL_READ_EARLY_DATA_FINISH. Once it has done so the connection to the client +still needs to be completed. Complete the connection by calling a function such +as SSL_accept(3) or SSL_do_handshake(3). Alternatively you can call a +standard read function such as SSL_read_ex(3), which will transparently +complete the connection and read the requested data. Note that it is an error to +attempt to complete the connection before SSL_read_early_data() has returned +SSL_READ_EARLY_DATA_FINISH.

    +

    Only servers may call SSL_read_early_data().

    +

    Calls to SSL_read_early_data() may, in certain circumstances, complete the +connection immediately without further need to call a function such as +SSL_accept(3). This can happen if the client is using a protocol version less +than TLSv1.3. Applications can test for this by calling +SSL_is_init_finished(3). Alternatively, applications may choose to call +SSL_accept(3) anyway. Such a call will successfully return immediately with no +further action taken.

    +

    When a session is created between a server and a client the server will specify +the maximum amount of any early data that it will accept on any future +connection attempt. By default the server does not accept early data; a +server may indicate support for early data by calling +SSL_CTX_set_max_early_data() or +SSL_set_max_early_data() to set it for the whole SSL_CTX or an individual SSL +object respectively. The max_early_data parameter specifies the maximum +amount of early data in bytes that is permitted to be sent on a single +connection. Similarly the SSL_CTX_get_max_early_data() and +SSL_get_max_early_data() functions can be used to obtain the current maximum +early data settings for the SSL_CTX and SSL objects respectively. Generally a +server application will either use both of SSL_read_early_data() and +SSL_CTX_set_max_early_data() (or SSL_set_max_early_data()), or neither of them, +since there is no practical benefit from using only one of them. If the maximum +early data setting for a server is nonzero then replay protection is +automatically enabled (see REPLAY PROTECTION below).

    +

    If the server rejects the early data sent by a client then it will skip over +the data that is sent. The maximum amount of received early data that is skipped +is controlled by the recv_max_early_data setting. If a client sends more than +this then the connection will abort. This value can be set by calling +SSL_CTX_set_recv_max_early_data() or SSL_set_recv_max_early_data(). The current +value for this setting can be obtained by calling +SSL_CTX_get_recv_max_early_data() or SSL_get_recv_max_early_data(). The default +value for this setting is 16,384 bytes.

    +

    The recv_max_early_data value also has an impact on early data that is accepted. +The amount of data that is accepted will always be the lower of the +max_early_data for the session and the recv_max_early_data setting for the +server. If a client sends more data than this then the connection will abort.

    +

    The configured value for max_early_data on a server may change over time as +required. However clients may have tickets containing the previously configured +max_early_data value. The recv_max_early_data should always be equal to or +higher than any recently configured max_early_data value in order to avoid +aborted connections. The recv_max_early_data should never be set to less than +the current configured max_early_data value.

    +

    Some server applications may wish to have more control over whether early data +is accepted or not, for example to mitigate replay risks (see REPLAY PROTECTION +below) or to decline early_data when the server is heavily loaded. The functions +SSL_CTX_set_allow_early_data_cb() and SSL_set_allow_early_data_cb() set a +callback which is called at a point in the handshake immediately before a +decision is made to accept or reject early data. The callback is provided with a +pointer to the user data argument that was provided when the callback was first +set. Returning 1 from the callback will allow early data and returning 0 will +reject it. Note that the OpenSSL library may reject early data for other reasons +in which case this callback will not get called. Notably, the built-in replay +protection feature will still be used even if a callback is present unless it +has been explicitly disabled using the SSL_OP_NO_ANTI_REPLAY option. See +REPLAY PROTECTION below.

    +

    +

    +
    +

    NOTES

    +

    The whole purpose of early data is to enable a client to start sending data to +the server before a full round trip of network traffic has occurred. Application +developers should ensure they consider optimisation of the underlying TCP socket +to obtain a performant solution. For example Nagle's algorithm is commonly used +by operating systems in an attempt to avoid lots of small TCP packets. In many +scenarios this is beneficial for performance, but it does not work well with the +early data solution as implemented in OpenSSL. In Nagle's algorithm the OS will +buffer outgoing TCP data if a TCP packet has already been sent which we have not +yet received an ACK for from the peer. The buffered data will only be +transmitted if enough data to fill an entire TCP packet is accumulated, or if +the ACK is received from the peer. The initial ClientHello will be sent in the +first TCP packet along with any data from the first call to +SSL_write_early_data(). If the amount of data written will exceed the size of a +single TCP packet, or if there are more calls to SSL_write_early_data() then +that additional data will be sent in subsequent TCP packets which will be +buffered by the OS and not sent until an ACK is received for the first packet +containing the ClientHello. This means the early data is not actually +sent until a complete round trip with the server has occurred which defeats the +objective of early data.

    +

    In many operating systems the TCP_NODELAY socket option is available to disable +Nagle's algorithm. If an application opts to disable Nagle's algorithm +consideration should be given to turning it back on again after the handshake is +complete if appropriate.

    +

    In rare circumstances, it may be possible for a client to have a session that +reports a max early data value greater than 0, but where the server does not +support this. For example, this can occur if a server has had its configuration +changed to accept a lower max early data value such as by calling +SSL_CTX_set_recv_max_early_data(). Another example is if a server used to +support TLSv1.3 but was later downgraded to TLSv1.2. Sending early data to such +a server will cause the connection to abort. Clients that encounter an aborted +connection while sending early data may want to retry the connection without +sending early data as this does not happen automatically. A client will have to +establish a new transport layer connection to the server and attempt the SSL/TLS +connection again but without sending early data. Note that it is inadvisable to +retry with a lower maximum protocol version.

    +

    +

    +
    +

    REPLAY PROTECTION

    +

    When early data is in use the TLS protocol provides no security guarantees that +the same early data was not replayed across multiple connections. As a +mitigation for this issue OpenSSL automatically enables replay protection if the +server is configured with a nonzero max early data value. With replay +protection enabled sessions are forced to be single use only. If a client +attempts to reuse a session ticket more than once, then the second and +subsequent attempts will fall back to a full handshake (and any early data that +was submitted will be ignored). Note that single use tickets are enforced even +if a client does not send any early data.

    +

    The replay protection mechanism relies on the internal OpenSSL server session +cache (see SSL_CTX_set_session_cache_mode(3)). When replay protection is +being used the server will operate as if the SSL_OP_NO_TICKET option had been +selected (see SSL_CTX_set_options(3)). Sessions will be added to the cache +whenever a session ticket is issued. When a client attempts to resume the +session, OpenSSL will check for its presence in the internal cache. If it exists +then the resumption is allowed and the session is removed from the cache. If it +does not exist then the resumption is not allowed and a full handshake will +occur.

    +

    Note that some applications may maintain an external cache of sessions (see +SSL_CTX_sess_set_new_cb(3) and similar functions). It is the application's +responsibility to ensure that any sessions in the external cache are also +populated in the internal cache and that once removed from the internal cache +they are similarly removed from the external cache. Failing to do this could +result in an application becoming vulnerable to replay attacks. Note that +OpenSSL will lock the internal cache while a session is removed but that lock is +not held when the remove session callback (see SSL_CTX_sess_set_remove_cb(3)) +is called. This could result in a small amount of time where the session has +been removed from the internal cache but is still available in the external +cache. Applications should be designed with this in mind in order to minimise +the possibility of replay attacks.

    +

    The OpenSSL replay protection does not apply to external Pre Shared Keys (PSKs) +(e.g. see SSL_CTX_set_psk_find_session_callback(3)). Therefore extreme caution +should be applied when combining external PSKs with early data.

    +

    Some applications may mitigate the replay risks in other ways. For those +applications it is possible to turn off the built-in replay protection feature +using the SSL_OP_NO_ANTI_REPLAY option. See SSL_CTX_set_options(3) for +details. Applications can also set a callback to make decisions about accepting +early data or not. See SSL_CTX_set_allow_early_data_cb() above for details.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_write_early_data() returns 1 for success or 0 for failure. In the event of a +failure call SSL_get_error(3) to determine the correct course of action.

    +

    SSL_read_early_data() returns SSL_READ_EARLY_DATA_ERROR for failure, +SSL_READ_EARLY_DATA_SUCCESS for success with more data to read and +SSL_READ_EARLY_DATA_FINISH for success with no more to data be read. In the +event of a failure call SSL_get_error(3) to determine the correct course of +action.

    +

    SSL_get_max_early_data(), SSL_CTX_get_max_early_data() and +SSL_SESSION_get_max_early_data() return the maximum number of early data bytes +that may be sent.

    +

    SSL_set_max_early_data(), SSL_CTX_set_max_early_data() and +SSL_SESSION_set_max_early_data() return 1 for success or 0 for failure.

    +

    SSL_get_early_data_status() returns SSL_EARLY_DATA_ACCEPTED if early data was +accepted by the server, SSL_EARLY_DATA_REJECTED if early data was rejected by +the server, or SSL_EARLY_DATA_NOT_SENT if no early data was sent.

    +

    +

    +
    +

    SEE ALSO

    +

    SSL_get_error(3), +SSL_write_ex(3), +SSL_read_ex(3), +SSL_connect(3), +SSL_accept(3), +SSL_do_handshake(3), +SSL_CTX_set_psk_use_session_callback(3), +ssl(7)

    +

    +

    +
    +

    HISTORY

    +

    All of the functions described above were added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_rstate_string.html b/linux_amd64/share/doc/openssl/html/man3/SSL_rstate_string.html new file mode 100755 index 0000000..6636bef --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_rstate_string.html @@ -0,0 +1,107 @@ + + + + +SSL_rstate_string + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_rstate_string, SSL_rstate_string_long - get textual description of state of an SSL object during read operation

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + const char *SSL_rstate_string(SSL *ssl);
+ const char *SSL_rstate_string_long(SSL *ssl);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_rstate_string() returns a 2 letter string indicating the current read state +of the SSL object ssl.

    +

    SSL_rstate_string_long() returns a string indicating the current read state of +the SSL object ssl.

    +

    +

    +
    +

    NOTES

    +

    When performing a read operation, the SSL/TLS engine must parse the record, +consisting of header and body. When working in a blocking environment, +SSL_rstate_string[_long]() should always return "RD"/"read done".

    +

    This function should only seldom be needed in applications.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_rstate_string() and SSL_rstate_string_long() can return the following +values:

    +
    +
    "RH"/"read header"
    + +
    +

    The header of the record is being evaluated.

    +
    +
    "RB"/"read body"
    + +
    +

    The body of the record is being evaluated.

    +
    +
    "RD"/"read done"
    + +
    +

    The record has been completely processed.

    +
    +
    "unknown"/"unknown"
    + +
    +

    The read state is unknown. This should never happen.

    +
    +
    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_session_reused.html b/linux_amd64/share/doc/openssl/html/man3/SSL_session_reused.html new file mode 100755 index 0000000..b8dcc3d --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_session_reused.html @@ -0,0 +1,89 @@ + + + + +SSL_session_reused + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_session_reused - query whether a reused session was negotiated during handshake

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_session_reused(const SSL *ssl);
    +

    +

    +
    +

    DESCRIPTION

    +

    Query, whether a reused session was negotiated during the handshake.

    +

    +

    +
    +

    NOTES

    +

    During the negotiation, a client can propose to reuse a session. The server +then looks up the session in its cache. If both client and server agree +on the session, it will be reused and a flag is being set that can be +queried by the application.

    +

    +

    +
    +

    RETURN VALUES

    +

    The following return values can occur:

    +
      +
    1. +

      A new session was negotiated.

      +
      2. +
    2. +

      A session was reused.

      +
      3. +
    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_set_session(3), +SSL_CTX_set_session_cache_mode(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_set1_host.html b/linux_amd64/share/doc/openssl/html/man3/SSL_set1_host.html new file mode 100755 index 0000000..d88f51c --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_set1_host.html @@ -0,0 +1,154 @@ + + + + +SSL_set1_host + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_set1_host, SSL_add1_host, SSL_set_hostflags, SSL_get0_peername - +SSL server verification parameters

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_set1_host(SSL *s, const char *hostname);
+ int SSL_add1_host(SSL *s, const char *hostname);
+ void SSL_set_hostflags(SSL *s, unsigned int flags);
+ const char *SSL_get0_peername(SSL *s);
    +

    +

    +
    +

    DESCRIPTION

    +

    These functions configure server hostname checks in the SSL client.

    +

    SSL_set1_host() sets the expected DNS hostname to name clearing +any previously specified hostname. If name is NULL +or the empty string, the list of hostnames is cleared and name +checks are not performed on the peer certificate. When a non-empty +name is specified, certificate verification automatically checks +the peer hostname via X509_check_host(3) with flags as specified +via SSL_set_hostflags(). Clients that enable DANE TLSA authentication +via SSL_dane_enable(3) should leave it to that function to set +the primary reference identifier of the peer, and should not call +SSL_set1_host().

    +

    SSL_add1_host() adds name as an additional reference identifier +that can match the peer's certificate. Any previous names set via +SSL_set1_host() or SSL_add1_host() are retained, no change is made +if name is NULL or empty. When multiple names are configured, +the peer is considered verified when any name matches. This function +is required for DANE TLSA in the presence of service name indirection +via CNAME, MX or SRV records as specified in RFC7671, RFC7672 or +RFC7673.

    +

    SSL_set_hostflags() sets the flags that will be passed to +X509_check_host(3) when name checks are applicable, by default +the flags value is 0. See X509_check_host(3) for the list +of available flags and their meaning.

    +

    SSL_get0_peername() returns the DNS hostname or subject CommonName +from the peer certificate that matched one of the reference +identifiers. When wildcard matching is not disabled, the name +matched in the peer certificate may be a wildcard name. When one +of the reference identifiers configured via SSL_set1_host() or +SSL_add1_host() starts with ".", which indicates a parent domain prefix +rather than a fixed name, the matched peer name may be a sub-domain +of the reference identifier. The returned string is allocated by +the library and is no longer valid once the associated ssl handle +is cleared or freed, or a renegotiation takes place. Applications +must not free the return value.

    +

    SSL clients are advised to use these functions in preference to +explicitly calling X509_check_host(3). Hostname checks may be out +of scope with the RFC7671 DANE-EE(3) certificate usage, and the +internal check will be suppressed as appropriate when DANE is +enabled.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_set1_host() and SSL_add1_host() return 1 for success and 0 for +failure.

    +

    SSL_get0_peername() returns NULL if peername verification is not +applicable (as with RFC7671 DANE-EE(3)), or no trusted peername was +matched. Otherwise, it returns the matched peername. To determine +whether verification succeeded call SSL_get_verify_result(3).

    +

    +

    +
    +

    EXAMPLES

    +

    Suppose "smtp.example.com" is the MX host of the domain "example.com". +The calls below will arrange to match either the MX hostname or the +destination domain name in the SMTP server certificate. Wildcards +are supported, but must match the entire label. The actual name +matched in the certificate (which might be a wildcard) is retrieved, +and must be copied by the application if it is to be retained beyond +the lifetime of the SSL connection.

    +
    + SSL_set_hostflags(ssl, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
+ if (!SSL_set1_host(ssl, "smtp.example.com"))
+     /* error */
+ if (!SSL_add1_host(ssl, "example.com"))
+     /* error */
    +
    + /* XXX: Perform SSL_connect() handshake and handle errors here */
    +
    + if (SSL_get_verify_result(ssl) == X509_V_OK) {
+     const char *peername = SSL_get0_peername(ssl);
    +
    +     if (peername != NULL)
+         /* Name checks were in scope and matched the peername */
+ }
    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +X509_check_host(3), +SSL_get_verify_result(3). +SSL_dane_enable(3).

    +

    +

    +
    +

    HISTORY

    +

    These functions were added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_set_async_callback.html b/linux_amd64/share/doc/openssl/html/man3/SSL_set_async_callback.html new file mode 100755 index 0000000..646e9fa --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_set_async_callback.html @@ -0,0 +1,152 @@ + + + + +SSL_set_async_callback + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_async_callback, +SSL_CTX_set_async_callback_arg, +SSL_set_async_callback, +SSL_set_async_callback_arg, +SSL_get_async_status, +SSL_async_callback_fn +- manage asynchronous operations

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
+ int SSL_CTX_set_async_callback(SSL_CTX *ctx, SSL_async_callback_fn callback);
+ int SSL_CTX_set_async_callback_arg(SSL_CTX *ctx, void *arg);
+ int SSL_set_async_callback(SSL *s, SSL_async_callback_fn callback);
+ int SSL_set_async_callback_arg(SSL *s, void *arg);
+ int SSL_get_async_status(SSL *s, int *status);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set_async_callback() sets an asynchronous callback function. All SSL +objects generated based on this SSL_CTX will get this callback. If an engine +supports the callback mechanism, it will be automatically called if +SSL_MODE_ASYNC has been set and an asynchronous capable engine completes a +cryptography operation to notify the application to resume the paused work flow.

    +

    SSL_CTX_set_async_callback_arg() sets the callback argument.

    +

    SSL_set_async_callback() allows an application to set a callback in an +asynchronous SSL object, so that when an engine completes a cryptography +operation, the callback will be called to notify the application to resume the +paused work flow.

    +

    SSL_set_async_callback_arg() sets an argument for the SSL object when the +above callback is called.

    +

    SSL_get_async_status() returns the engine status. This function facilitates the +communication from the engine to the application. During an SSL session, +cryptographic operations are dispatched to an engine. The engine status is very +useful for an application to know if the operation has been successfully +dispatched. If the engine does not support this additional callback method, +ASYNC_STATUS_UNSUPPORTED will be returned. See ASYNC_WAIT_CTX_set_status() +for a description of all of the status values.

    +

    An example of the above functions would be the following:

    +
      +
    1. +

      Application sets the async callback and callback data on an SSL connection +by calling SSL_set_async_callback().

      +
      2. +
    2. +

      Application sets SSL_MODE_ASYNC and makes an asynchronous SSL call

      +
      3. +
    3. +

      OpenSSL submits the asynchronous request to the engine. If a retry occurs at +this point then the status within the ASYNC_WAIT_CTX would be set and the +async callback function would be called (goto Step 7).

      +
      4. +
    4. +

      The OpenSSL engine pauses the current job and returns, so that the +application can continue processing other connections.

      +
      5. +
    5. +

      At a future point in time (probably via a polling mechanism or via an +interrupt) the engine will become aware that the asynchronous request has +finished processing.

      +
      6. +
    6. +

      The engine will call the application's callback passing the callback data as +a parameter.

      +
      7. +
    7. +

      The callback function should then run. Note: it is a requirement that the +callback function is small and non-blocking as it will be run in the context of +a polling mechanism or an interrupt.

      +
      8. +
    8. +

      It is the application's responsibility via the callback function to schedule +recalling the OpenSSL asynchronous function and to continue processing.

      +
      9. +
    9. +

      The callback function has the option to check the status returned via +SSL_get_async_status() to determine whether a retry happened instead of the +request being submitted, allowing different processing if required.

      +
      10. +
    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_set_async_callback(), SSL_set_async_callback(), +SSL_CTX_set_async_callback_arg(), SSL_CTX_set_async_callback_arg() and +SSL_get_async_status() return 1 on success or 0 on error.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7)

    +

    +

    +
    +

    HISTORY

    +

    SSL_CTX_set_async_callback(), SSL_CTX_set_async_callback_arg(), +SSL_set_async_callback(), SSL_set_async_callback_arg() and +SSL_get_async_status() were first added to OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_set_bio.html b/linux_amd64/share/doc/openssl/html/man3/SSL_set_bio.html new file mode 100755 index 0000000..c9470f3 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_set_bio.html @@ -0,0 +1,141 @@ + + + + +SSL_set_bio + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_set_bio, SSL_set0_rbio, SSL_set0_wbio - connect the SSL object with a BIO

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio);
+ void SSL_set0_rbio(SSL *s, BIO *rbio);
+ void SSL_set0_wbio(SSL *s, BIO *wbio);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_set0_rbio() connects the BIO rbio for the read operations of the ssl +object. The SSL engine inherits the behaviour of rbio. If the BIO is +non-blocking then the ssl object will also have non-blocking behaviour. This +function transfers ownership of rbio to ssl. It will be automatically +freed using BIO_free_all(3) when the ssl is freed. On calling this +function, any existing rbio that was previously set will also be freed via a +call to BIO_free_all(3) (this includes the case where the rbio is set to +the same value as previously).

    +

    SSL_set0_wbio() works in the same as SSL_set0_rbio() except that it connects +the BIO wbio for the write operations of the ssl object. Note that if the +rbio and wbio are the same then SSL_set0_rbio() and SSL_set0_wbio() each take +ownership of one reference. Therefore it may be necessary to increment the +number of references available using BIO_up_ref(3) before calling the set0 +functions.

    +

    SSL_set_bio() is similar to SSL_set0_rbio() and SSL_set0_wbio() except +that it connects both the rbio and the wbio at the same time, and +transfers the ownership of rbio and wbio to ssl according to +the following set of rules:

    +
      +
    • +

      If neither the rbio or wbio have changed from their previous values +then nothing is done.

      +
      • +
    • +

      If the rbio and wbio parameters are different and both are different +to their +previously set values then one reference is consumed for the rbio and one +reference is consumed for the wbio.

      +
      • +
    • +

      If the rbio and wbio parameters are the same and the rbio is not +the same as the previously set value then one reference is consumed.

      +
      • +
    • +

      If the rbio and wbio parameters are the same and the rbio is the +same as the previously set value, then no additional references are consumed.

      +
      • +
    • +

      If the rbio and wbio parameters are different and the rbio is the +same as the +previously set value then one reference is consumed for the wbio and no +references are consumed for the rbio.

      +
      • +
    • +

      If the rbio and wbio parameters are different and the wbio is the +same as the previously set value and the old rbio and wbio values +were the same as each other then one reference is consumed for the rbio +and no references are consumed for the wbio.

      +
      • +
    • +

      If the rbio and wbio parameters are different and the wbio +is the same as the +previously set value and the old rbio and wbio values were different +to each +other then one reference is consumed for the rbio and one reference +is consumed +for the wbio.

      +
      • +
    +

    Because of this complexity, this function should be avoided; +use SSL_set0_rbio() and SSL_set0_wbio() instead.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_set_bio(), SSL_set0_rbio() and SSL_set0_wbio() cannot fail.

    +

    +

    +
    +

    SEE ALSO

    +

    SSL_get_rbio(3), +SSL_connect(3), SSL_accept(3), +SSL_shutdown(3), ssl(7), bio(7)

    +

    +

    +
    +

    HISTORY

    +

    SSL_set0_rbio() and SSL_set0_wbio() were added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_set_connect_state.html b/linux_amd64/share/doc/openssl/html/man3/SSL_set_connect_state.html new file mode 100755 index 0000000..a5972ef --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_set_connect_state.html @@ -0,0 +1,110 @@ + + + + +SSL_set_connect_state + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_set_connect_state, SSL_set_accept_state, SSL_is_server +- functions for manipulating and examining the client or server mode of an SSL object

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + void SSL_set_connect_state(SSL *ssl);
    +
    + void SSL_set_accept_state(SSL *ssl);
    +
    + int SSL_is_server(const SSL *ssl);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_set_connect_state() sets ssl to work in client mode.

    +

    SSL_set_accept_state() sets ssl to work in server mode.

    +

    SSL_is_server() checks if ssl is working in server mode.

    +

    +

    +
    +

    NOTES

    +

    When the SSL_CTX object was created with SSL_CTX_new(3), +it was either assigned a dedicated client method, a dedicated server +method, or a generic method, that can be used for both client and +server connections. (The method might have been changed with +SSL_CTX_set_ssl_version(3) or +SSL_set_ssl_method(3).)

    +

    When beginning a new handshake, the SSL engine must know whether it must +call the connect (client) or accept (server) routines. Even though it may +be clear from the method chosen, whether client or server mode was +requested, the handshake routines must be explicitly set.

    +

    When using the SSL_connect(3) or +SSL_accept(3) routines, the correct handshake +routines are automatically set. When performing a transparent negotiation +using SSL_write_ex(3), SSL_write(3), SSL_read_ex(3), or SSL_read(3), +the handshake routines must be explicitly set in advance using either +SSL_set_connect_state() or SSL_set_accept_state().

    +

    If SSL_is_server() is called before SSL_set_connect_state() or +SSL_set_accept_state() is called (either automatically or explicitly), +the result depends on what method was used when SSL_CTX was created with +SSL_CTX_new(3). If a generic method or a dedicated server method was +passed to SSL_CTX_new(3), SSL_is_server() returns 1; otherwise, it returns 0.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_set_connect_state() and SSL_set_accept_state() do not return diagnostic +information.

    +

    SSL_is_server() returns 1 if ssl is working in server mode or 0 for client mode.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_new(3), SSL_CTX_new(3), +SSL_connect(3), SSL_accept(3), +SSL_write_ex(3), SSL_write(3), SSL_read_ex(3), SSL_read(3), +SSL_do_handshake(3), +SSL_CTX_set_ssl_version(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_set_fd.html b/linux_amd64/share/doc/openssl/html/man3/SSL_set_fd.html new file mode 100755 index 0000000..1539bdf --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_set_fd.html @@ -0,0 +1,93 @@ + + + + +SSL_set_fd + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_set_fd, SSL_set_rfd, SSL_set_wfd - connect the SSL object with a file descriptor

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_set_fd(SSL *ssl, int fd);
+ int SSL_set_rfd(SSL *ssl, int fd);
+ int SSL_set_wfd(SSL *ssl, int fd);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_set_fd() sets the file descriptor fd as the input/output facility +for the TLS/SSL (encrypted) side of ssl. fd will typically be the +socket file descriptor of a network connection.

    +

    When performing the operation, a socket BIO is automatically created to +interface between the ssl and fd. The BIO and hence the SSL engine +inherit the behaviour of fd. If fd is non-blocking, the ssl will +also have non-blocking behaviour.

    +

    If there was already a BIO connected to ssl, BIO_free() will be called +(for both the reading and writing side, if different).

    +

    SSL_set_rfd() and SSL_set_wfd() perform the respective action, but only +for the read channel or the write channel, which can be set independently.

    +

    +

    +
    +

    RETURN VALUES

    +

    The following return values can occur:

    +
      +
    1. +

      The operation failed. Check the error stack to find out why.

      +
      2. +
    2. +

      The operation succeeded.

      +
      3. +
    +

    +

    +
    +

    SEE ALSO

    +

    SSL_get_fd(3), SSL_set_bio(3), +SSL_connect(3), SSL_accept(3), +SSL_shutdown(3), ssl(7) , bio(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_set_session.html b/linux_amd64/share/doc/openssl/html/man3/SSL_set_session.html new file mode 100755 index 0000000..f9dd684 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_set_session.html @@ -0,0 +1,104 @@ + + + + +SSL_set_session + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_set_session - set a TLS/SSL session to be used during TLS/SSL connect

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_set_session(SSL *ssl, SSL_SESSION *session);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_set_session() sets session to be used when the TLS/SSL connection +is to be established. SSL_set_session() is only useful for TLS/SSL clients. +When the session is set, the reference count of session is incremented +by 1. If the session is not reused, the reference count is decremented +again during SSL_connect(). Whether the session was reused can be queried +with the SSL_session_reused(3) call.

    +

    If there is already a session set inside ssl (because it was set with +SSL_set_session() before or because the same ssl was already used for +a connection), SSL_SESSION_free() will be called for that session. If that old +session is still open, it is considered bad and will be removed from the +session cache (if used). A session is considered open, if SSL_shutdown(3) was +not called for the connection (or at least SSL_set_shutdown(3) was used to +set the SSL_SENT_SHUTDOWN state).

    +

    +

    +
    +

    NOTES

    +

    SSL_SESSION objects keep internal link information about the session cache +list, when being inserted into one SSL_CTX object's session cache. +One SSL_SESSION object, regardless of its reference count, must therefore +only be used with one SSL_CTX object (and the SSL objects created +from this SSL_CTX object).

    +

    +

    +
    +

    RETURN VALUES

    +

    The following return values can occur:

    +
      +
    1. +

      The operation failed; check the error stack to find out the reason.

      +
      2. +
    2. +

      The operation succeeded.

      +
      3. +
    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_SESSION_free(3), +SSL_get_session(3), +SSL_session_reused(3), +SSL_CTX_set_session_cache_mode(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_set_shutdown.html b/linux_amd64/share/doc/openssl/html/man3/SSL_set_shutdown.html new file mode 100755 index 0000000..c086a13 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_set_shutdown.html @@ -0,0 +1,114 @@ + + + + +SSL_set_shutdown + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_set_shutdown, SSL_get_shutdown - manipulate shutdown state of an SSL connection

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + void SSL_set_shutdown(SSL *ssl, int mode);
    +
    + int SSL_get_shutdown(const SSL *ssl);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_set_shutdown() sets the shutdown state of ssl to mode.

    +

    SSL_get_shutdown() returns the shutdown mode of ssl.

    +

    +

    +
    +

    NOTES

    +

    The shutdown state of an ssl connection is a bit-mask of:

    +
      +
    1. +

      No shutdown setting, yet.

      + +
      SSL_SENT_SHUTDOWN
      + +
      +

      A close_notify shutdown alert was sent to the peer, the connection is being +considered closed and the session is closed and correct.

      +
      +
      SSL_RECEIVED_SHUTDOWN
      + +
      +

      A shutdown alert was received form the peer, either a normal close_notify +or a fatal error.

      +
      2. +
    +

    SSL_SENT_SHUTDOWN and SSL_RECEIVED_SHUTDOWN can be set at the same time.

    +

    The shutdown state of the connection is used to determine the state of +the ssl session. If the session is still open, when +SSL_clear(3) or SSL_free(3) is called, +it is considered bad and removed according to RFC2246. +The actual condition for a correctly closed session is SSL_SENT_SHUTDOWN +(according to the TLS RFC, it is acceptable to only send the close_notify +alert but to not wait for the peer's answer, when the underlying connection +is closed). +SSL_set_shutdown() can be used to set this state without sending a +close alert to the peer (see SSL_shutdown(3)).

    +

    If a close_notify was received, SSL_RECEIVED_SHUTDOWN will be set, +for setting SSL_SENT_SHUTDOWN the application must however still call +SSL_shutdown(3) or SSL_set_shutdown() itself.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_set_shutdown() does not return diagnostic information.

    +

    SSL_get_shutdown() returns the current setting.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_shutdown(3), +SSL_CTX_set_quiet_shutdown(3), +SSL_clear(3), SSL_free(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_set_verify_result.html b/linux_amd64/share/doc/openssl/html/man3/SSL_set_verify_result.html new file mode 100755 index 0000000..5af773b --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_set_verify_result.html @@ -0,0 +1,85 @@ + + + + +SSL_set_verify_result + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_set_verify_result - override result of peer certificate verification

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + void SSL_set_verify_result(SSL *ssl, long verify_result);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_set_verify_result() sets verify_result of the object ssl to be the +result of the verification of the X509 certificate presented by the peer, +if any.

    +

    +

    +
    +

    NOTES

    +

    SSL_set_verify_result() overrides the verification result. It only changes +the verification result of the ssl object. It does not become part of the +established session, so if the session is to be reused later, the original +value will reappear.

    +

    The valid codes for verify_result are documented in openssl-verify(1).

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_set_verify_result() does not provide a return value.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_get_verify_result(3), +SSL_get_peer_certificate(3), +openssl-verify(1)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_shutdown.html b/linux_amd64/share/doc/openssl/html/man3/SSL_shutdown.html new file mode 100755 index 0000000..a5329ae --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_shutdown.html @@ -0,0 +1,187 @@ + + + + +SSL_shutdown + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_shutdown - shut down a TLS/SSL connection

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_shutdown(SSL *ssl);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_shutdown() shuts down an active TLS/SSL connection. It sends the +close_notify shutdown alert to the peer.

    +

    SSL_shutdown() tries to send the close_notify shutdown alert to the peer. +Whether the operation succeeds or not, the SSL_SENT_SHUTDOWN flag is set and +a currently open session is considered closed and good and will be kept in the +session cache for further reuse.

    +

    Note that SSL_shutdown() must not be called if a previous fatal error has +occurred on a connection i.e. if SSL_get_error() has returned SSL_ERROR_SYSCALL +or SSL_ERROR_SSL.

    +

    The shutdown procedure consists of two steps: sending of the close_notify +shutdown alert, and reception of the peer's close_notify shutdown alert. +The order of those two steps depends on the application.

    +

    It is acceptable for an application to only send its shutdown alert and +then close the underlying connection without waiting for the peer's response. +This way resources can be saved, as the process can already terminate or +serve another connection. +This should only be done when it is known that the other side will not send more +data, otherwise there is a risk of a truncation attack.

    +

    When a client only writes and never reads from the connection, and the server +has sent a session ticket to establish a session, the client might not be able +to resume the session because it did not received and process the session ticket +from the server. +In case the application wants to be able to resume the session, it is recommended to +do a complete shutdown procedure (bidirectional close_notify alerts).

    +

    When the underlying connection shall be used for more communications, the +complete shutdown procedure must be performed, so that the peers stay +synchronized.

    +

    SSL_shutdown() only closes the write direction. +It is not possible to call SSL_write() after calling SSL_shutdown(). +The read direction is closed by the peer.

    +

    The behaviour of SSL_shutdown() additionally depends on the underlying BIO. +If the underlying BIO is blocking, SSL_shutdown() will only return once the +handshake step has been finished or an error occurred.

    +

    If the underlying BIO is non-blocking, SSL_shutdown() will also return +when the underlying BIO could not satisfy the needs of SSL_shutdown() +to continue the handshake. In this case a call to SSL_get_error() with the +return value of SSL_shutdown() will yield SSL_ERROR_WANT_READ or +SSL_ERROR_WANT_WRITE. The calling process then must repeat the call after +taking appropriate action to satisfy the needs of SSL_shutdown(). +The action depends on the underlying BIO. When using a non-blocking socket, +nothing is to be done, but select() can be used to check for the required +condition. When using a buffering BIO, like a BIO pair, data must be written +into or retrieved out of the BIO before being able to continue.

    +

    After SSL_shutdown() returned 0, it is possible to call SSL_shutdown() again +to wait for the peer's close_notify alert. +SSL_shutdown() will return 1 in that case. +However, it is recommended to wait for it using SSL_read() instead.

    +

    SSL_shutdown() can be modified to only set the connection to "shutdown" +state but not actually send the close_notify alert messages, +see SSL_CTX_set_quiet_shutdown(3). +When "quiet shutdown" is enabled, SSL_shutdown() will always succeed +and return 1.

    +

    +

    +

    First to close the connection

    +

    When the application is the first party to send the close_notify +alert, SSL_shutdown() will only send the alert and then set the +SSL_SENT_SHUTDOWN flag (so that the session is considered good and will +be kept in the cache). +If successful, SSL_shutdown() will return 0.

    +

    If a unidirectional shutdown is enough (the underlying connection shall be +closed anyway), this first successful call to SSL_shutdown() is sufficient.

    +

    In order to complete the bidirectional shutdown handshake, the peer needs +to send back a close_notify alert. +The SSL_RECEIVED_SHUTDOWN flag will be set after receiving and processing +it.

    +

    The peer is still allowed to send data after receiving the close_notify +event. +When it is done sending data, it will send the close_notify alert. +SSL_read() should be called until all data is received. +SSL_read() will indicate the end of the peer data by returning <= 0 +and SSL_get_error() returning SSL_ERROR_ZERO_RETURN.

    +

    +

    +

    Peer closes the connection

    +

    If the peer already sent the close_notify alert and it was +already processed implicitly inside another function +(SSL_read(3)), the SSL_RECEIVED_SHUTDOWN flag is set. +SSL_read() will return <= 0 in that case, and SSL_get_error() will return +SSL_ERROR_ZERO_RETURN. +SSL_shutdown() will send the close_notify alert, set the SSL_SENT_SHUTDOWN +flag. +If successful, SSL_shutdown() will return 1.

    +

    Whether SSL_RECEIVED_SHUTDOWN is already set can be checked using the +SSL_get_shutdown() (see also SSL_set_shutdown(3) call.

    +

    +

    +
    +

    RETURN VALUES

    +

    The following return values can occur:

    +
      +
    1. +

      The shutdown is not yet finished: the close_notify was sent but the peer +did not send it back yet. +Call SSL_read() to do a bidirectional shutdown. +The output of SSL_get_error(3) may be misleading, as an +erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred.

      +
      2. +
    2. +

      The shutdown was successfully completed. The close_notify alert was sent +and the peer's close_notify alert was received.

      + +
      <0
      + +
      +

      The shutdown was not successful. +Call SSL_get_error(3) with the return value ret to find out the reason. +It can occur if an action is needed to continue the operation for non-blocking +BIOs.

      +

      It can also occur when not all data was read using SSL_read().

      +
      3. +
    +

    +

    +
    +

    SEE ALSO

    +

    SSL_get_error(3), SSL_connect(3), +SSL_accept(3), SSL_set_shutdown(3), +SSL_CTX_set_quiet_shutdown(3), +SSL_clear(3), SSL_free(3), +ssl(7), bio(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_state_string.html b/linux_amd64/share/doc/openssl/html/man3/SSL_state_string.html new file mode 100755 index 0000000..565e254 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_state_string.html @@ -0,0 +1,90 @@ + + + + +SSL_state_string + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_state_string, SSL_state_string_long - get textual description of state of an SSL object

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + const char *SSL_state_string(const SSL *ssl);
+ const char *SSL_state_string_long(const SSL *ssl);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_state_string() returns a 6 letter string indicating the current state +of the SSL object ssl.

    +

    SSL_state_string_long() returns a string indicating the current state of +the SSL object ssl.

    +

    +

    +
    +

    NOTES

    +

    During its use, an SSL objects passes several states. The state is internally +maintained. Querying the state information is not very informative before +or when a connection has been established. It however can be of significant +interest during the handshake.

    +

    When using non-blocking sockets, the function call performing the handshake +may return with SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE condition, +so that SSL_state_string[_long]() may be called.

    +

    For both blocking or non-blocking sockets, the details state information +can be used within the info_callback function set with the +SSL_set_info_callback() call.

    +

    +

    +
    +

    RETURN VALUES

    +

    Detailed description of possible states to be included later.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_CTX_set_info_callback(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_want.html b/linux_amd64/share/doc/openssl/html/man3/SSL_want.html new file mode 100755 index 0000000..7739d8c --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_want.html @@ -0,0 +1,159 @@ + + + + +SSL_want + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_want, SSL_want_nothing, SSL_want_read, SSL_want_write, SSL_want_x509_lookup, +SSL_want_async, SSL_want_async_job, SSL_want_client_hello_cb - obtain state +information TLS/SSL I/O operation

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_want(const SSL *ssl);
+ int SSL_want_nothing(const SSL *ssl);
+ int SSL_want_read(const SSL *ssl);
+ int SSL_want_write(const SSL *ssl);
+ int SSL_want_x509_lookup(const SSL *ssl);
+ int SSL_want_async(const SSL *ssl);
+ int SSL_want_async_job(const SSL *ssl);
+ int SSL_want_client_hello_cb(const SSL *ssl);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_want() returns state information for the SSL object ssl.

    +

    The other SSL_want_*() calls are shortcuts for the possible states returned +by SSL_want().

    +

    +

    +
    +

    NOTES

    +

    SSL_want() examines the internal state information of the SSL object. Its +return values are similar to that of SSL_get_error(3). +Unlike SSL_get_error(3), which also evaluates the +error queue, the results are obtained by examining an internal state flag +only. The information must therefore only be used for normal operation under +non-blocking I/O. Error conditions are not handled and must be treated +using SSL_get_error(3).

    +

    The result returned by SSL_want() should always be consistent with +the result of SSL_get_error(3).

    +

    +

    +
    +

    RETURN VALUES

    +

    The following return values can currently occur for SSL_want():

    +
    +
    SSL_NOTHING
    + +
    +

    There is no data to be written or to be read.

    +
    +
    SSL_WRITING
    + +
    +

    There are data in the SSL buffer that must be written to the underlying +BIO layer in order to complete the actual SSL_*() operation. +A call to SSL_get_error(3) should return +SSL_ERROR_WANT_WRITE.

    +
    +
    SSL_READING
    + +
    +

    More data must be read from the underlying BIO layer in order to +complete the actual SSL_*() operation. +A call to SSL_get_error(3) should return +SSL_ERROR_WANT_READ.

    +
    +
    SSL_X509_LOOKUP
    + +
    +

    The operation did not complete because an application callback set by +SSL_CTX_set_client_cert_cb() has asked to be called again. +A call to SSL_get_error(3) should return +SSL_ERROR_WANT_X509_LOOKUP.

    +
    +
    SSL_ASYNC_PAUSED
    + +
    +

    An asynchronous operation partially completed and was then paused. See +SSL_get_all_async_fds(3). A call to SSL_get_error(3) should return +SSL_ERROR_WANT_ASYNC.

    +
    +
    SSL_ASYNC_NO_JOBS
    + +
    +

    The asynchronous job could not be started because there were no async jobs +available in the pool (see ASYNC_init_thread(3)). A call to SSL_get_error(3) +should return SSL_ERROR_WANT_ASYNC_JOB.

    +
    +
    SSL_CLIENT_HELLO_CB
    + +
    +

    The operation did not complete because an application callback set by +SSL_CTX_set_client_hello_cb() has asked to be called again. +A call to SSL_get_error(3) should return +SSL_ERROR_WANT_CLIENT_HELLO_CB.

    +
    +
    +

    SSL_want_nothing(), SSL_want_read(), SSL_want_write(), SSL_want_x509_lookup(), +SSL_want_async(), SSL_want_async_job(), and SSL_want_client_hello_cb() return +1, when the corresponding condition is true or 0 otherwise.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_get_error(3)

    +

    +

    +
    +

    HISTORY

    +

    The SSL_want_client_hello_cb() function and the SSL_CLIENT_HELLO_CB return value +were added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/SSL_write.html b/linux_amd64/share/doc/openssl/html/man3/SSL_write.html new file mode 100755 index 0000000..c12b4a8 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/SSL_write.html @@ -0,0 +1,188 @@ + + + + +SSL_write + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_write_ex, SSL_write, SSL_sendfile - write bytes to a TLS/SSL connection

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + ossl_ssize_t SSL_sendfile(SSL *s, int fd, off_t offset, size_t size, int flags);
+ int SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *written);
+ int SSL_write(SSL *ssl, const void *buf, int num);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_write_ex() and SSL_write() write num bytes from the buffer buf into +the specified ssl connection. On success SSL_write_ex() will store the number +of bytes written in *written.

    +

    SSL_sendfile() writes size bytes from offset offset in the file +descriptor fd to the specified SSL connection s. This function provides +efficient zero-copy semantics. SSL_sendfile() is available only when +Kernel TLS is enabled, which can be checked by calling BIO_get_ktls_send(). +It is provided here to allow users to maintain the same interface. +The meaning of flags is platform dependent. +Currently, under Linux it is ignored.

    +

    +

    +
    +

    NOTES

    +

    In the paragraphs below a "write function" is defined as one of either +SSL_write_ex(), or SSL_write().

    +

    If necessary, a write function will negotiate a TLS/SSL session, if not already +explicitly performed by SSL_connect(3) or SSL_accept(3). If the peer +requests a re-negotiation, it will be performed transparently during +the write function operation. The behaviour of the write functions depends on the +underlying BIO.

    +

    For the transparent negotiation to succeed, the ssl must have been +initialized to client or server mode. This is being done by calling +SSL_set_connect_state(3) or SSL_set_accept_state() +before the first call to a write function.

    +

    If the underlying BIO is blocking, the write functions will only return, once +the write operation has been finished or an error occurred.

    +

    If the underlying BIO is non-blocking the write functions will also return +when the underlying BIO could not satisfy the needs of the function to continue +the operation. In this case a call to SSL_get_error(3) with the +return value of the write function will yield SSL_ERROR_WANT_READ +or SSL_ERROR_WANT_WRITE. As at any time a re-negotiation is possible, a +call to a write function can also cause read operations! The calling process +then must repeat the call after taking appropriate action to satisfy the needs +of the write function. The action depends on the underlying BIO. When using a +non-blocking socket, nothing is to be done, but select() can be used to check +for the required condition. When using a buffering BIO, like a BIO pair, data +must be written into or retrieved out of the BIO before being able to continue.

    +

    The write functions will only return with success when the complete contents of +buf of length num has been written. This default behaviour can be changed +with the SSL_MODE_ENABLE_PARTIAL_WRITE option of SSL_CTX_set_mode(3). When +this flag is set the write functions will also return with success when a +partial write has been successfully completed. In this case the write function +operation is considered completed. The bytes are sent and a new write call with +a new buffer (with the already sent bytes removed) must be started. A partial +write is performed with the size of a message block, which is 16kB.

    +

    +

    +
    +

    WARNINGS

    +

    When a write function call has to be repeated because SSL_get_error(3) +returned SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE, it must be repeated +with the same arguments. +The data that was passed might have been partially processed. +When SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER was set using SSL_CTX_set_mode(3) +the pointer can be different, but the data and length should still be the same.

    +

    You should not call SSL_write() with num=0, it will return an error. +SSL_write_ex() can be called with num=0, but will not send application data to +the peer.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_write_ex() will return 1 for success or 0 for failure. Success means that +all requested application data bytes have been written to the SSL connection or, +if SSL_MODE_ENABLE_PARTIAL_WRITE is in use, at least 1 application data byte has +been written to the SSL connection. Failure means that not all the requested +bytes have been written yet (if SSL_MODE_ENABLE_PARTIAL_WRITE is not in use) or +no bytes could be written to the SSL connection (if +SSL_MODE_ENABLE_PARTIAL_WRITE is in use). Failures can be retryable (e.g. the +network write buffer has temporarily filled up) or non-retryable (e.g. a fatal +network error). In the event of a failure call SSL_get_error(3) to find out +the reason which indicates whether the call is retryable or not.

    +

    For SSL_write() the following return values can occur:

    +
    +
    > 0
    + +
    +

    The write operation was successful, the return value is the number of +bytes actually written to the TLS/SSL connection.

    +
    +
    <= 0
    + +
    +

    The write operation was not successful, because either the connection was +closed, an error occurred or action must be taken by the calling process. +Call SSL_get_error() with the return value ret to find out the reason.

    +

    Old documentation indicated a difference between 0 and -1, and that -1 was +retryable. +You should instead call SSL_get_error() to find out if it's retryable.

    +
    +
    +

    For SSL_sendfile(), the following return values can occur:

    +
    +
    >= 0
    + +
    +

    The write operation was successful, the return value is the number +of bytes of the file written to the TLS/SSL connection.

    +
    +
    < 0
    + +
    +

    The write operation was not successful, because either the connection was +closed, an error occurred or action must be taken by the calling process. +Call SSL_get_error() with the return value to find out the reason.

    +
    +
    +

    +

    +
    +

    SEE ALSO

    +

    SSL_get_error(3), SSL_read_ex(3), SSL_read(3) +SSL_CTX_set_mode(3), SSL_CTX_new(3), +SSL_connect(3), SSL_accept(3) +SSL_set_connect_state(3), BIO_ctrl(3), +ssl(7), bio(7)

    +

    +

    +
    +

    HISTORY

    +

    The SSL_write_ex() function was added in OpenSSL 1.1.1. +The SSL_sendfile() function was added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/TS_VERIFY_CTX_set_certs.html b/linux_amd64/share/doc/openssl/html/man3/TS_VERIFY_CTX_set_certs.html new file mode 100755 index 0000000..81fafab --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/TS_VERIFY_CTX_set_certs.html @@ -0,0 +1,91 @@ + + + + +TS_VERIFY_CTX_set_certs + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    TS_VERIFY_CTX_set_certs, TS_VERIFY_CTS_set_certs +- set certificates for TS response verification

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ts.h>
    +
    + STACK_OF(X509) *TS_VERIFY_CTX_set_certs(TS_VERIFY_CTX *ctx,
+                                         STACK_OF(X509) *certs);
+ STACK_OF(X509) *TS_VERIFY_CTS_set_certs(TS_VERIFY_CTX *ctx,
+                                         STACK_OF(X509) *certs);
    +

    +

    +
    +

    DESCRIPTION

    +

    The Time-Stamp Protocol (TSP) is defined by RFC 3161. TSP is a protocol used to +provide long term proof of the existence of a certain datum before a particular +time. TSP defines a Time Stamping Authority (TSA) and an entity who shall make +requests to the TSA. Usually the TSA is denoted as the server side and the +requesting entity is denoted as the client.

    +

    In TSP, when a server is sending a response to a client, the server normally +needs to sign the response data - the TimeStampToken (TST) - with its private +key. Then the client shall verify the received TST by the server's certificate +chain.

    +

    TS_VERIFY_CTX_set_certs() is used to set the server's certificate chain when +verifying a TST. ctx is the verification context created in advance and +certs is a stack of X509 certificates.

    +

    TS_VERIFY_CTS_set_certs() is a misspelled version of TS_VERIFY_CTX_set_certs() +which takes the same parameters and returns the same result.

    +

    +

    +
    +

    RETURN VALUES

    +

    TS_VERIFY_CTX_set_certs() returns the stack of X509 certificates the user +passes in via parameter certs.

    +

    +

    +
    +

    HISTORY

    +

    The spelling of TS_VERIFY_CTX_set_certs() was corrected in OpenSSL 3.0.0. +The misspelled version TS_VERIFY_CTS_set_certs() has been retained for +compatibility reasons, but it is deprecated in OpenSSL 3.0.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/UI_STRING.html b/linux_amd64/share/doc/openssl/html/man3/UI_STRING.html new file mode 100755 index 0000000..0dbf244 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/UI_STRING.html @@ -0,0 +1,166 @@ + + + + +UI_STRING + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    UI_STRING, UI_string_types, UI_get_string_type, +UI_get_input_flags, UI_get0_output_string, +UI_get0_action_string, UI_get0_result_string, UI_get_result_string_length, +UI_get0_test_string, UI_get_result_minsize, +UI_get_result_maxsize, UI_set_result, UI_set_result_ex +- User interface string parsing

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ui.h>
    +
    + typedef struct ui_string_st UI_STRING;
    +
    + enum UI_string_types {
+     UIT_NONE = 0,
+     UIT_PROMPT,                 /* Prompt for a string */
+     UIT_VERIFY,                 /* Prompt for a string and verify */
+     UIT_BOOLEAN,                /* Prompt for a yes/no response */
+     UIT_INFO,                   /* Send info to the user */
+     UIT_ERROR                   /* Send an error message to the user */
+ };
    +
    + enum UI_string_types UI_get_string_type(UI_STRING *uis);
+ int UI_get_input_flags(UI_STRING *uis);
+ const char *UI_get0_output_string(UI_STRING *uis);
+ const char *UI_get0_action_string(UI_STRING *uis);
+ const char *UI_get0_result_string(UI_STRING *uis);
+ int UI_get_result_string_length(UI_STRING *uis);
+ const char *UI_get0_test_string(UI_STRING *uis);
+ int UI_get_result_minsize(UI_STRING *uis);
+ int UI_get_result_maxsize(UI_STRING *uis);
+ int UI_set_result(UI *ui, UI_STRING *uis, const char *result);
+ int UI_set_result_ex(UI *ui, UI_STRING *uis, const char *result, int len);
    +

    +

    +
    +

    DESCRIPTION

    +

    The UI_STRING gets created internally and added to a UI whenever +one of the functions UI_add_input_string(), UI_dup_input_string(), +UI_add_verify_string(), UI_dup_verify_string(), +UI_add_input_boolean(), UI_dup_input_boolean(), UI_add_info_string(), +UI_dup_info_string(), UI_add_error_string() or UI_dup_error_string() +is called. +For a UI_METHOD user, there's no need to know more. +For a UI_METHOD creator, it is of interest to fetch text from these +UI_STRING objects as well as adding results to some of them.

    +

    UI_get_string_type() is used to retrieve the type of the given +UI_STRING.

    +

    UI_get_input_flags() is used to retrieve the flags associated with the +given UI_STRING.

    +

    UI_get0_output_string() is used to retrieve the actual string to +output (prompt, info, error, ...).

    +

    UI_get0_action_string() is used to retrieve the action description +associated with a UIT_BOOLEAN type UI_STRING. +For all other UI_STRING types, NULL is returned. +See UI_add_input_boolean(3).

    +

    UI_get0_result_string() and UI_get_result_string_length() are used to +retrieve the result of a prompt and its length. +This is only useful for UIT_PROMPT and UIT_VERIFY type strings. +For all other UI_STRING types, UI_get0_result_string() returns NULL +and UI_get_result_string_length() returns -1.

    +

    UI_get0_test_string() is used to retrieve the string to compare the +prompt result with. +This is only useful for UIT_VERIFY type strings. +For all other UI_STRING types, NULL is returned.

    +

    UI_get_result_minsize() and UI_get_result_maxsize() are used to +retrieve the minimum and maximum required size of the result. +This is only useful for UIT_PROMPT and UIT_VERIFY type strings. +For all other UI_STRING types, -1 is returned.

    +

    UI_set_result_ex() is used to set the result value of a prompt and its length. +For UIT_PROMPT and UIT_VERIFY type UI strings, this sets the +result retrievable with UI_get0_result_string() by copying the +contents of result if its length fits the minimum and maximum size +requirements. +For UIT_BOOLEAN type UI strings, this sets the first character of +the result retrievable with UI_get0_result_string() to the first +ok_char given with UI_add_input_boolean() or UI_dup_input_boolean() +if the result matched any of them, or the first of the +cancel_chars if the result matched any of them, otherwise it's +set to the NUL char \0. +See UI_add_input_boolean(3) for more information on ok_chars and +cancel_chars.

    +

    UI_set_result() does the same thing as UI_set_result_ex(), but calculates +its length internally. +It expects the string to be terminated with a NUL byte, and is therefore +only useful with normal C strings.

    +

    +

    +
    +

    RETURN VALUES

    +

    UI_get_string_type() returns the UI string type.

    +

    UI_get_input_flags() returns the UI string flags.

    +

    UI_get0_output_string() returns the UI string output string.

    +

    UI_get0_action_string() returns the UI string action description +string for UIT_BOOLEAN type UI strings, NULL for any other type.

    +

    UI_get0_result_string() returns the UI string result buffer for +UIT_PROMPT and UIT_VERIFY type UI strings, NULL for any other +type.

    +

    UI_get_result_string_length() returns the UI string result buffer's +content length for UIT_PROMPT and UIT_VERIFY type UI strings, +-1 for any other type.

    +

    UI_get0_test_string() returns the UI string action description +string for UIT_VERIFY type UI strings, NULL for any other type.

    +

    UI_get_result_minsize() returns the minimum allowed result size for +the UI string for UIT_PROMPT and UIT_VERIFY type strings, +-1 for any other type.

    +

    UI_get_result_maxsize() returns the minimum allowed result size for +the UI string for UIT_PROMPT and UIT_VERIFY type strings, +-1 for any other type.

    +

    UI_set_result() returns 0 on success or when the UI string is of any +type other than UIT_PROMPT, UIT_VERIFY or UIT_BOOLEAN, -1 on +error.

    +

    +

    +
    +

    SEE ALSO

    +

    UI(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/UI_UTIL_read_pw.html b/linux_amd64/share/doc/openssl/html/man3/UI_UTIL_read_pw.html new file mode 100755 index 0000000..d75c962 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/UI_UTIL_read_pw.html @@ -0,0 +1,107 @@ + + + + +UI_UTIL_read_pw + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    UI_UTIL_read_pw_string, UI_UTIL_read_pw, +UI_UTIL_wrap_read_pem_callback - user interface utilities

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ui.h>
    +
    + int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt,
+                            int verify);
+ int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt,
+                     int verify);
+ UI_METHOD *UI_UTIL_wrap_read_pem_callback(pem_password_cb *cb, int rwflag);
    +

    +

    +
    +

    DESCRIPTION

    +

    UI_UTIL_read_pw_string() asks for a passphrase, using prompt as a +prompt, and stores it in buf. +The maximum allowed size is given with length, including the +terminating NUL byte. +If verify is nonzero, the password will be verified as well.

    +

    UI_UTIL_read_pw() does the same as UI_UTIL_read_pw_string(), the +difference is that you can give it an external buffer buff for the +verification passphrase.

    +

    UI_UTIL_wrap_read_pem_callback() can be used to create a temporary +UI_METHOD that wraps a given PEM password callback cb. +rwflag is used to specify if this method will be used for +passphrase entry without (0) or with (1) verification. +When not used any more, the returned method should be freed with +UI_destroy_method().

    +

    +

    +
    +

    NOTES

    +

    UI_UTIL_read_pw_string() and UI_UTIL_read_pw() use default +UI_METHOD. +See UI_get_default_method(3) and friends for more information.

    +

    The result from the UI_METHOD created by +UI_UTIL_wrap_read_pem_callback() will generate password strings in the +encoding that the given password callback generates. +The default password prompting functions (apart from +UI_UTIL_read_pw_string() and UI_UTIL_read_pw(), there is +PEM_def_callback(), EVP_read_pw_string() and EVP_read_pw_string_min()) +all use the default UI_METHOD.

    +

    +

    +
    +

    RETURN VALUES

    +

    UI_UTIL_read_pw_string() and UI_UTIL_read_pw() return 0 on success or a negative +value on error.

    +

    UI_UTIL_wrap_read_pem_callback() returns a valid UI_METHOD structure or NULL +if an error occurred.

    +

    +

    +
    +

    SEE ALSO

    +

    UI_get_default_method(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/UI_create_method.html b/linux_amd64/share/doc/openssl/html/man3/UI_create_method.html new file mode 100755 index 0000000..fff408b --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/UI_create_method.html @@ -0,0 +1,238 @@ + + + + +UI_create_method + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    UI_METHOD, +UI_create_method, UI_destroy_method, UI_method_set_opener, +UI_method_set_writer, UI_method_set_flusher, UI_method_set_reader, +UI_method_set_closer, UI_method_set_data_duplicator, +UI_method_set_prompt_constructor, UI_method_set_ex_data, +UI_method_get_opener, UI_method_get_writer, UI_method_get_flusher, +UI_method_get_reader, UI_method_get_closer, +UI_method_get_data_duplicator, UI_method_get_data_destructor, +UI_method_get_prompt_constructor, UI_method_get_ex_data - user +interface method creation and destruction

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ui.h>
    +
    + typedef struct ui_method_st UI_METHOD;
    +
    + UI_METHOD *UI_create_method(const char *name);
+ void UI_destroy_method(UI_METHOD *ui_method);
+ int UI_method_set_opener(UI_METHOD *method, int (*opener) (UI *ui));
+ int UI_method_set_writer(UI_METHOD *method,
+                          int (*writer) (UI *ui, UI_STRING *uis));
+ int UI_method_set_flusher(UI_METHOD *method, int (*flusher) (UI *ui));
+ int UI_method_set_reader(UI_METHOD *method,
+                          int (*reader) (UI *ui, UI_STRING *uis));
+ int UI_method_set_closer(UI_METHOD *method, int (*closer) (UI *ui));
+ int UI_method_set_data_duplicator(UI_METHOD *method,
+                                   void *(*duplicator) (UI *ui, void *ui_data),
+                                   void (*destructor)(UI *ui, void *ui_data));
+ int UI_method_set_prompt_constructor(UI_METHOD *method,
+                                      char *(*prompt_constructor) (UI *ui,
+                                                                   const char
+                                                                   *object_desc,
+                                                                   const char
+                                                                   *object_name));
+ int UI_method_set_ex_data(UI_METHOD *method, int idx, void *data);
+ int (*UI_method_get_opener(const UI_METHOD *method)) (UI *);
+ int (*UI_method_get_writer(const UI_METHOD *method)) (UI *, UI_STRING *);
+ int (*UI_method_get_flusher(const UI_METHOD *method)) (UI *);
+ int (*UI_method_get_reader(const UI_METHOD *method)) (UI *, UI_STRING *);
+ int (*UI_method_get_closer(const UI_METHOD *method)) (UI *);
+ char *(*UI_method_get_prompt_constructor(const UI_METHOD *method))
+     (UI *, const char *, const char *);
+ void *(*UI_method_get_data_duplicator(const UI_METHOD *method)) (UI *, void *);
+ void (*UI_method_get_data_destructor(const UI_METHOD *method)) (UI *, void *);
+ const void *UI_method_get_ex_data(const UI_METHOD *method, int idx);
    +

    +

    +
    +

    DESCRIPTION

    +

    A method contains a few functions that implement the low level of the +User Interface. +These functions are:

    +
    +
    an opener
    + +
    +

    This function takes a reference to a UI and starts a session, for +example by opening a channel to a tty, or by creating a dialog box.

    +
    +
    a writer
    + +
    +

    This function takes a reference to a UI and a UI String, and writes +the string where appropriate, maybe to the tty, maybe added as a field +label in a dialog box. +Note that this gets fed all strings associated with a UI, one after +the other, so care must be taken which ones it actually uses.

    +
    +
    a flusher
    + +
    +

    This function takes a reference to a UI, and flushes everything that +has been output so far. +For example, if the method builds up a dialog box, this can be used to +actually display it and accepting input ended with a pressed button.

    +
    +
    a reader
    + +
    +

    This function takes a reference to a UI and a UI string and reads off +the given prompt, maybe from the tty, maybe from a field in a dialog +box. +Note that this gets fed all strings associated with a UI, one after +the other, so care must be taken which ones it actually uses.

    +
    +
    a closer
    + +
    +

    This function takes a reference to a UI, and closes the session, maybe +by closing the channel to the tty, maybe by destroying a dialog box.

    +
    +
    +

    All of these functions are expected to return 0 on error, 1 on +success, or -1 on out-off-band events, for example if some prompting +has been cancelled (by pressing Ctrl-C, for example). +Only the flusher or the reader are expected to return -1. +If returned by another of the functions, it's treated as if 0 was +returned.

    +

    Regarding the writer and the reader, don't assume the former should +only write and don't assume the latter should only read. +This depends on the needs of the method.

    +

    For example, a typical tty reader wouldn't write the prompts in the +write, but would rather do so in the reader, because of the sequential +nature of prompting on a tty. +This is how the UI_OpenSSL() method does it.

    +

    In contrast, a method that builds up a dialog box would add all prompt +text in the writer, have all input read in the flusher and store the +results in some temporary buffer, and finally have the reader just +fetch those results.

    +

    The central function that uses these method functions is UI_process(), +and it does it in five steps:

    +
      +
    1. +

      Open the session using the opener function if that one's defined. +If an error occurs, jump to 5.

      +
      2. +
    2. +

      For every UI String associated with the UI, call the writer function +if that one's defined. +If an error occurs, jump to 5.

      +
      3. +
    3. +

      Flush everything using the flusher function if that one's defined. +If an error occurs, jump to 5.

      +
      4. +
    4. +

      For every UI String associated with the UI, call the reader function +if that one's defined. +If an error occurs, jump to 5.

      +
      5. +
    5. +

      Close the session using the closer function if that one's defined.

      +
      6. +
    +

    UI_create_method() creates a new UI method with a given name.

    +

    UI_destroy_method() destroys the given UI method ui_method.

    +

    UI_method_set_opener(), UI_method_set_writer(), +UI_method_set_flusher(), UI_method_set_reader() and +UI_method_set_closer() set the five main method function to the given +function pointer.

    +

    UI_method_set_data_duplicator() sets the user data duplicator and destructor. +See UI_dup_user_data(3).

    +

    UI_method_set_prompt_constructor() sets the prompt constructor. +See UI_construct_prompt(3).

    +

    UI_method_set_ex_data() sets application specific data with a given +EX_DATA index. +See CRYPTO_get_ex_new_index(3) for general information on how to +get that index.

    +

    UI_method_get_opener(), UI_method_get_writer(), +UI_method_get_flusher(), UI_method_get_reader(), +UI_method_get_closer(), UI_method_get_data_duplicator(), +UI_method_get_data_destructor() and UI_method_get_prompt_constructor() +return the different method functions.

    +

    UI_method_get_ex_data() returns the application data previously stored +with UI_method_set_ex_data().

    +

    +

    +
    +

    RETURN VALUES

    +

    UI_create_method() returns a UI_METHOD pointer on success, NULL on +error.

    +

    UI_method_set_opener(), UI_method_set_writer(), +UI_method_set_flusher(), UI_method_set_reader(), +UI_method_set_closer(), UI_method_set_data_duplicator() and +UI_method_set_prompt_constructor() +return 0 on success, -1 if the given method is NULL.

    +

    UI_method_set_ex_data() returns 1 on success and 0 on error (because +CRYPTO_set_ex_data() does so).

    +

    UI_method_get_opener(), UI_method_get_writer(), +UI_method_get_flusher(), UI_method_get_reader(), +UI_method_get_closer(), UI_method_get_data_duplicator(), +UI_method_get_data_destructor() and UI_method_get_prompt_constructor() +return the requested function pointer if it's set in the method, +otherwise NULL.

    +

    UI_method_get_ex_data() returns a pointer to the application specific +data associated with the method.

    +

    +

    +
    +

    SEE ALSO

    +

    UI(3), CRYPTO_get_ex_data(3), UI_STRING(3)

    +

    +

    +
    +

    HISTORY

    +

    The UI_method_set_data_duplicator(), UI_method_get_data_duplicator() +and UI_method_get_data_destructor() functions were added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/UI_new.html b/linux_amd64/share/doc/openssl/html/man3/UI_new.html new file mode 100755 index 0000000..188ed68 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/UI_new.html @@ -0,0 +1,257 @@ + + + + +UI_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    UI, +UI_new, UI_new_method, UI_free, UI_add_input_string, UI_dup_input_string, +UI_add_verify_string, UI_dup_verify_string, UI_add_input_boolean, +UI_dup_input_boolean, UI_add_info_string, UI_dup_info_string, +UI_add_error_string, UI_dup_error_string, UI_construct_prompt, +UI_add_user_data, UI_dup_user_data, UI_get0_user_data, UI_get0_result, +UI_get_result_length, +UI_process, UI_ctrl, UI_set_default_method, UI_get_default_method, +UI_get_method, UI_set_method, UI_OpenSSL, UI_null - user interface

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ui.h>
    +
    + typedef struct ui_st UI;
    +
    + UI *UI_new(void);
+ UI *UI_new_method(const UI_METHOD *method);
+ void UI_free(UI *ui);
    +
    + int UI_add_input_string(UI *ui, const char *prompt, int flags,
+                         char *result_buf, int minsize, int maxsize);
+ int UI_dup_input_string(UI *ui, const char *prompt, int flags,
+                         char *result_buf, int minsize, int maxsize);
+ int UI_add_verify_string(UI *ui, const char *prompt, int flags,
+                          char *result_buf, int minsize, int maxsize,
+                          const char *test_buf);
+ int UI_dup_verify_string(UI *ui, const char *prompt, int flags,
+                          char *result_buf, int minsize, int maxsize,
+                          const char *test_buf);
+ int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc,
+                          const char *ok_chars, const char *cancel_chars,
+                          int flags, char *result_buf);
+ int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc,
+                          const char *ok_chars, const char *cancel_chars,
+                          int flags, char *result_buf);
+ int UI_add_info_string(UI *ui, const char *text);
+ int UI_dup_info_string(UI *ui, const char *text);
+ int UI_add_error_string(UI *ui, const char *text);
+ int UI_dup_error_string(UI *ui, const char *text);
    +
    + char *UI_construct_prompt(UI *ui_method,
+        const char *object_desc, const char *object_name);
    +
    + void *UI_add_user_data(UI *ui, void *user_data);
+ int UI_dup_user_data(UI *ui, void *user_data);
+ void *UI_get0_user_data(UI *ui);
    +
    + const char *UI_get0_result(UI *ui, int i);
+ int UI_get_result_length(UI *ui, int i);
    +
    + int UI_process(UI *ui);
    +
    + int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)());
    +
    + void UI_set_default_method(const UI_METHOD *meth);
+ const UI_METHOD *UI_get_default_method(void);
+ const UI_METHOD *UI_get_method(UI *ui);
+ const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth);
    +
    + UI_METHOD *UI_OpenSSL(void);
+ const UI_METHOD *UI_null(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    UI stands for User Interface, and is general purpose set of routines to +prompt the user for text-based information. Through user-written methods +(see UI_create_method(3)), prompting can be done in any way +imaginable, be it plain text prompting, through dialog boxes or from a +cell phone.

    +

    All the functions work through a context of the type UI. This context +contains all the information needed to prompt correctly as well as a +reference to a UI_METHOD, which is an ordered vector of functions that +carry out the actual prompting.

    +

    The first thing to do is to create a UI with UI_new() or UI_new_method(), +then add information to it with the UI_add or UI_dup functions. Also, +user-defined random data can be passed down to the underlying method +through calls to UI_add_user_data() or UI_dup_user_data(). The default +UI method doesn't care about these data, but other methods might. Finally, +use UI_process() to actually perform the prompting and UI_get0_result() +and UI_get_result_length() to find the result to the prompt and its length.

    +

    A UI can contain more than one prompt, which are performed in the given +sequence. Each prompt gets an index number which is returned by the +UI_add and UI_dup functions, and has to be used to get the corresponding +result with UI_get0_result() and UI_get_result_length().

    +

    UI_process() can be called more than once on the same UI, thereby allowing +a UI to have a long lifetime, but can just as well have a short lifetime.

    +

    The functions are as follows:

    +

    UI_new() creates a new UI using the default UI method. When done with +this UI, it should be freed using UI_free().

    +

    UI_new_method() creates a new UI using the given UI method. When done with +this UI, it should be freed using UI_free().

    +

    UI_OpenSSL() returns the built-in UI method (note: not necessarily the +default one, since the default can be changed. See further on). This +method is the most machine/OS dependent part of OpenSSL and normally +generates the most problems when porting.

    +

    UI_null() returns a UI method that does nothing. Its use is to avoid +getting internal defaults for passed UI_METHOD pointers.

    +

    UI_free() removes a UI from memory, along with all other pieces of memory +that's connected to it, like duplicated input strings, results and others. +If ui is NULL nothing is done.

    +

    UI_add_input_string() and UI_add_verify_string() add a prompt to the UI, +as well as flags and a result buffer and the desired minimum and maximum +sizes of the result, not counting the final NUL character. The given +information is used to prompt for information, for example a password, +and to verify a password (i.e. having the user enter it twice and check +that the same string was entered twice). UI_add_verify_string() takes +and extra argument that should be a pointer to the result buffer of the +input string that it's supposed to verify, or verification will fail.

    +

    UI_add_input_boolean() adds a prompt to the UI that's supposed to be answered +in a boolean way, with a single character for yes and a different character +for no. A set of characters that can be used to cancel the prompt is given +as well. The prompt itself is divided in two, one part being the +descriptive text (given through the prompt argument) and one describing +the possible answers (given through the action_desc argument).

    +

    UI_add_info_string() and UI_add_error_string() add strings that are shown at +the same time as the prompt for extra information or to show an error string. +The difference between the two is only conceptual. With the built-in method, +there's no technical difference between them. Other methods may make a +difference between them, however.

    +

    The flags currently supported are UI_INPUT_FLAG_ECHO, which is relevant for +UI_add_input_string() and will have the users response be echoed (when +prompting for a password, this flag should obviously not be used, and +UI_INPUT_FLAG_DEFAULT_PWD, which means that a default password of some +sort will be used (completely depending on the application and the UI +method).

    +

    UI_dup_input_string(), UI_dup_verify_string(), UI_dup_input_boolean(), +UI_dup_info_string() and UI_dup_error_string() are basically the same +as their UI_add counterparts, except that they make their own copies +of all strings.

    +

    UI_construct_prompt() is a helper function that can be used to create +a prompt from two pieces of information: an description and a name. +The default constructor (if there is none provided by the method used) +creates a string "Enter description for name:". With the +description "pass phrase" and the filename "foo.key", that becomes +"Enter pass phrase for foo.key:". Other methods may create whatever +string and may include encodings that will be processed by the other +method functions.

    +

    UI_add_user_data() adds a user data pointer for the method to use at any +time. The built-in UI method doesn't care about this info. Note that several +calls to this function doesn't add data, it replaces the previous blob +with the one given as argument.

    +

    UI_dup_user_data() duplicates the user data and works as an alternative +to UI_add_user_data() when the user data needs to be preserved for a longer +duration, perhaps even the lifetime of the application. The UI object takes +ownership of this duplicate and will free it whenever it gets replaced or +the UI is destroyed. UI_dup_user_data() returns 0 on success, or -1 on memory +allocation failure or if the method doesn't have a duplicator function.

    +

    UI_get0_user_data() retrieves the data that has last been given to the +UI with UI_add_user_data() or UI_dup_user_data.

    +

    UI_get0_result() returns a pointer to the result buffer associated with +the information indexed by i.

    +

    UI_get_result_length() returns the length of the result buffer associated with +the information indexed by i.

    +

    UI_process() goes through the information given so far, does all the printing +and prompting and returns the final status, which is -2 on out-of-band events +(Interrupt, Cancel, ...), -1 on error and 0 on success.

    +

    UI_ctrl() adds extra control for the application author. For now, it +understands two commands: UI_CTRL_PRINT_ERRORS, which makes UI_process() +print the OpenSSL error stack as part of processing the UI, and +UI_CTRL_IS_REDOABLE, which returns a flag saying if the used UI can +be used again or not.

    +

    UI_set_default_method() changes the default UI method to the one given. +This function is not thread-safe and should not be called at the same time +as other OpenSSL functions.

    +

    UI_get_default_method() returns a pointer to the current default UI method.

    +

    UI_get_method() returns the UI method associated with a given UI.

    +

    UI_set_method() changes the UI method associated with a given UI.

    +

    +

    +
    +

    NOTES

    +

    The resulting strings that the built in method UI_OpenSSL() generate +are assumed to be encoded according to the current locale or (for +Windows) code page. +For applications having different demands, these strings need to be +converted appropriately by the caller. +For Windows, if the OPENSSL_WIN32_UTF8 environment variable is set, +the built-in method UI_OpenSSL() will produce UTF-8 encoded strings +instead.

    +

    +

    +
    +

    RETURN VALUES

    +

    UI_new() and UI_new_method() return a valid UI structure or NULL if an error +occurred.

    +

    UI_add_input_string(), UI_dup_input_string(), UI_add_verify_string(), +UI_dup_verify_string(), UI_add_input_boolean(), UI_dup_input_boolean(), +UI_add_info_string(), UI_dup_info_string(), UI_add_error_string() +and UI_dup_error_string() return a positive number on success or a value which +is less than or equal to 0 otherwise.

    +

    UI_construct_prompt() returns a string or NULL if an error occurred.

    +

    UI_dup_user_data() returns 0 on success or -1 on error.

    +

    UI_get0_result() returns a string or NULL on error.

    +

    UI_get_result_length() returns a positive integer or 0 on success; otherwise it +returns -1 on error.

    +

    UI_process() returns 0 on success or a negative value on error.

    +

    UI_ctrl() returns a mask on success or -1 on error.

    +

    UI_get_default_method(), UI_get_method(), UI_OpenSSL(), UI_null() and +UI_set_method() return either a valid UI_METHOD structure or NULL +respectively.

    +

    +

    +
    +

    HISTORY

    +

    The UI_dup_user_data() function was added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/X509V3_get_d2i.html b/linux_amd64/share/doc/openssl/html/man3/X509V3_get_d2i.html new file mode 100755 index 0000000..2351eb2 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/X509V3_get_d2i.html @@ -0,0 +1,274 @@ + + + + +X509V3_get_d2i + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_get0_extensions, X509_CRL_get0_extensions, X509_REVOKED_get0_extensions, +X509V3_get_d2i, X509V3_add1_i2d, X509V3_EXT_d2i, X509V3_EXT_i2d, +X509_get_ext_d2i, X509_add1_ext_i2d, X509_CRL_get_ext_d2i, +X509_CRL_add1_ext_i2d, X509_REVOKED_get_ext_d2i, +X509_REVOKED_add1_ext_i2d - X509 extension decode and encode functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509v3.h>
    +
    + void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit,
+                      int *idx);
+ int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
+                     int crit, unsigned long flags);
    +
    + void *X509V3_EXT_d2i(X509_EXTENSION *ext);
+ X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext);
    +
    + void *X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx);
+ int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
+                       unsigned long flags);
    +
    + void *X509_CRL_get_ext_d2i(const X509_CRL *crl, int nid, int *crit, int *idx);
+ int X509_CRL_add1_ext_i2d(X509_CRL *crl, int nid, void *value, int crit,
+                           unsigned long flags);
    +
    + void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *r, int nid, int *crit, int *idx);
+ int X509_REVOKED_add1_ext_i2d(X509_REVOKED *r, int nid, void *value, int crit,
+                               unsigned long flags);
    +
    + const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x);
+ const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(const X509_CRL *crl);
+ const STACK_OF(X509_EXTENSION) *X509_REVOKED_get0_extensions(const X509_REVOKED *r);
    +

    +

    +
    +

    DESCRIPTION

    +

    X509V3_get_ext_d2i() looks for an extension with OID nid in the extensions +x and, if found, decodes it. If idx is NULL then only one +occurrence of an extension is permissible otherwise the first extension after +index *idx is returned and *idx updated to the location of the extension. +If crit is not NULL then *crit is set to a status value: -2 if the +extension occurs multiple times (this is only returned if idx is NULL), +-1 if the extension could not be found, 0 if the extension is found and is +not critical and 1 if critical. A pointer to an extension specific structure +or NULL is returned.

    +

    X509V3_add1_i2d() adds extension value to STACK *x (allocating a new +STACK if necessary) using OID nid and criticality crit according +to flags.

    +

    X509V3_EXT_d2i() attempts to decode the ASN.1 data contained in extension +ext and returns a pointer to an extension specific structure or NULL +if the extension could not be decoded (invalid syntax or not supported).

    +

    X509V3_EXT_i2d() encodes the extension specific structure ext +with OID ext_nid and criticality crit.

    +

    X509_get_ext_d2i() and X509_add1_ext_i2d() operate on the extensions of +certificate x, they are otherwise identical to X509V3_get_d2i() and +X509V3_add_i2d().

    +

    X509_CRL_get_ext_d2i() and X509_CRL_add1_ext_i2d() operate on the extensions +of CRL crl, they are otherwise identical to X509V3_get_d2i() and +X509V3_add_i2d().

    +

    X509_REVOKED_get_ext_d2i() and X509_REVOKED_add1_ext_i2d() operate on the +extensions of X509_REVOKED structure r (i.e for CRL entry extensions), +they are otherwise identical to X509V3_get_d2i() and X509V3_add_i2d().

    +

    X509_get0_extensions(), X509_CRL_get0_extensions() and +X509_REVOKED_get0_extensions() return a stack of all the extensions +of a certificate a CRL or a CRL entry respectively.

    +

    +

    +
    +

    NOTES

    +

    In almost all cases an extension can occur at most once and multiple +occurrences is an error. Therefore the idx parameter is usually NULL.

    +

    The flags parameter may be one of the following values.

    +

    X509V3_ADD_DEFAULT appends a new extension only if the extension does +not already exist. An error is returned if the extension does already +exist.

    +

    X509V3_ADD_APPEND appends a new extension, ignoring whether the extension +already exists.

    +

    X509V3_ADD_REPLACE replaces an extension if it exists otherwise appends +a new extension.

    +

    X509V3_ADD_REPLACE_EXISTING replaces an existing extension if it exists +otherwise returns an error.

    +

    X509V3_ADD_KEEP_EXISTING appends a new extension only if the extension does +not already exist. An error is not returned if the extension does already +exist.

    +

    X509V3_ADD_DELETE extension nid is deleted: no new extension is added.

    +

    If X509V3_ADD_SILENT is ored with flags: any error returned will not +be added to the error queue.

    +

    The function X509V3_get_d2i() will return NULL if the extension is not +found, occurs multiple times or cannot be decoded. It is possible to +determine the precise reason by checking the value of *crit.

    +

    +

    +
    +

    SUPPORTED EXTENSIONS

    +

    The following sections contain a list of all supported extensions +including their name and NID.

    +

    +

    +

    PKIX Certificate Extensions

    +

    The following certificate extensions are defined in PKIX standards such as +RFC5280.

    +
    + Basic Constraints                  NID_basic_constraints
+ Key Usage                          NID_key_usage
+ Extended Key Usage                 NID_ext_key_usage
    +
    + Subject Key Identifier             NID_subject_key_identifier
+ Authority Key Identifier           NID_authority_key_identifier
    +
    + Private Key Usage Period           NID_private_key_usage_period
    +
    + Subject Alternative Name           NID_subject_alt_name
+ Issuer Alternative Name            NID_issuer_alt_name
    +
    + Authority Information Access       NID_info_access
+ Subject Information Access         NID_sinfo_access
    +
    + Name Constraints                   NID_name_constraints
    +
    + Certificate Policies               NID_certificate_policies
+ Policy Mappings                    NID_policy_mappings
+ Policy Constraints                 NID_policy_constraints
+ Inhibit Any Policy                 NID_inhibit_any_policy
    +
    + TLS Feature                        NID_tlsfeature
    +

    +

    +

    Netscape Certificate Extensions

    +

    The following are (largely obsolete) Netscape certificate extensions.

    +
    + Netscape Cert Type                 NID_netscape_cert_type
+ Netscape Base Url                  NID_netscape_base_url
+ Netscape Revocation Url            NID_netscape_revocation_url
+ Netscape CA Revocation Url         NID_netscape_ca_revocation_url
+ Netscape Renewal Url               NID_netscape_renewal_url
+ Netscape CA Policy Url             NID_netscape_ca_policy_url
+ Netscape SSL Server Name           NID_netscape_ssl_server_name
+ Netscape Comment                   NID_netscape_comment
    +

    +

    +

    Miscellaneous Certificate Extensions

    +
    + Strong Extranet ID                 NID_sxnet
+ Proxy Certificate Information      NID_proxyCertInfo
    +

    +

    +

    PKIX CRL Extensions

    +

    The following are CRL extensions from PKIX standards such as RFC5280.

    +
    + CRL Number                         NID_crl_number
+ CRL Distribution Points            NID_crl_distribution_points
+ Delta CRL Indicator                NID_delta_crl
+ Freshest CRL                       NID_freshest_crl
+ Invalidity Date                    NID_invalidity_date
+ Issuing Distribution Point         NID_issuing_distribution_point
    +

    The following are CRL entry extensions from PKIX standards such as RFC5280.

    +
    + CRL Reason Code                    NID_crl_reason
+ Certificate Issuer                 NID_certificate_issuer
    +

    +

    +

    OCSP Extensions

    +
    + OCSP Nonce                         NID_id_pkix_OCSP_Nonce
+ OCSP CRL ID                        NID_id_pkix_OCSP_CrlID
+ Acceptable OCSP Responses          NID_id_pkix_OCSP_acceptableResponses
+ OCSP No Check                      NID_id_pkix_OCSP_noCheck
+ OCSP Archive Cutoff                NID_id_pkix_OCSP_archiveCutoff
+ OCSP Service Locator               NID_id_pkix_OCSP_serviceLocator
+ Hold Instruction Code              NID_hold_instruction_code
    +

    +

    +

    Certificate Transparency Extensions

    +

    The following extensions are used by certificate transparency, RFC6962

    +
    + CT Precertificate SCTs             NID_ct_precert_scts
+ CT Certificate SCTs                NID_ct_cert_scts
    +

    +

    +
    +

    RETURN VALUES

    +

    X509V3_EXT_d2i() and *X509V3_get_d2i() return a pointer to an extension +specific structure of NULL if an error occurs.

    +

    X509V3_EXT_i2d() returns a pointer to an X509_EXTENSION structure +or NULL if an error occurs.

    +

    X509V3_add1_i2d() returns 1 if the operation is successful and 0 if it +fails due to a non-fatal error (extension not found, already exists, +cannot be encoded) or -1 due to a fatal error such as a memory allocation +failure.

    +

    X509_get0_extensions(), X509_CRL_get0_extensions() and +X509_REVOKED_get0_extensions() return a stack of extensions. They return +NULL if no extensions are present.

    +

    +

    +
    +

    SEE ALSO

    +

    d2i_X509(3), +ERR_get_error(3), +X509_CRL_get0_by_serial(3), +X509_get0_signature(3), +X509_get_ext_d2i(3), +X509_get_extension_flags(3), +X509_get_pubkey(3), +X509_get_subject_name(3), +X509_get_version(3), +X509_NAME_add_entry_by_txt(3), +X509_NAME_ENTRY_get_object(3), +X509_NAME_get_index_by_NID(3), +X509_NAME_print_ex(3), +X509_new(3), +X509_sign(3), +X509_verify_cert(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/X509_ALGOR_dup.html b/linux_amd64/share/doc/openssl/html/man3/X509_ALGOR_dup.html new file mode 100755 index 0000000..3539cdf --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/X509_ALGOR_dup.html @@ -0,0 +1,88 @@ + + + + +X509_ALGOR_dup + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    X509_ALGOR_dup, X509_ALGOR_set0, X509_ALGOR_get0, X509_ALGOR_set_md, X509_ALGOR_cmp - AlgorithmIdentifier functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509.h>
    +
    + X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *alg);
+ int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval);
+ void X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype,
+                      const void **ppval, const X509_ALGOR *alg);
+ void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md);
+ int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b);
    +

    +

    +
    +

    DESCRIPTION

    +

    X509_ALGOR_dup() returns a copy of alg.

    +

    X509_ALGOR_set0() sets the algorithm OID of alg to aobj and the +associated parameter type to ptype with value pval. If ptype is +V_ASN1_UNDEF the parameter is omitted, otherwise ptype and pval have +the same meaning as the type and value parameters to ASN1_TYPE_set(). +All the supplied parameters are used internally so must NOT be freed after +this call.

    +

    X509_ALGOR_get0() is the inverse of X509_ALGOR_set0(): it returns the +algorithm OID in *paobj and the associated parameter in *pptype +and *ppval from the AlgorithmIdentifier alg.

    +

    X509_ALGOR_set_md() sets the AlgorithmIdentifier alg to appropriate +values for the message digest md.

    +

    X509_ALGOR_cmp() compares a and b and returns 0 if they have identical +encodings and nonzero otherwise.

    +

    +

    +
    +

    RETURN VALUES

    +

    X509_ALGOR_dup() returns a valid X509_ALGOR structure or NULL if an error +occurred.

    +

    X509_ALGOR_set0() returns 1 on success or 0 on error.

    +

    X509_ALGOR_get0() and X509_ALGOR_set_md() return no values.

    +

    X509_ALGOR_cmp() returns 0 if the two parameters have identical encodings and +nonzero otherwise.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/X509_CRL_get0_by_serial.html b/linux_amd64/share/doc/openssl/html/man3/X509_CRL_get0_by_serial.html new file mode 100755 index 0000000..3c89863 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/X509_CRL_get0_by_serial.html @@ -0,0 +1,142 @@ + + + + +X509_CRL_get0_by_serial + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_CRL_get0_by_serial, X509_CRL_get0_by_cert, X509_CRL_get_REVOKED, +X509_REVOKED_get0_serialNumber, X509_REVOKED_get0_revocationDate, +X509_REVOKED_set_serialNumber, X509_REVOKED_set_revocationDate, +X509_CRL_add0_revoked, X509_CRL_sort - CRL revoked entry utility +functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509.h>
    +
    + int X509_CRL_get0_by_serial(X509_CRL *crl,
+                             X509_REVOKED **ret, ASN1_INTEGER *serial);
+ int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x);
    +
    + STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl);
    +
    + const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *r);
+ const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOKED *r);
    +
    + int X509_REVOKED_set_serialNumber(X509_REVOKED *r, ASN1_INTEGER *serial);
+ int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm);
    +
    + int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev);
    +
    + int X509_CRL_sort(X509_CRL *crl);
    +

    +

    +
    +

    DESCRIPTION

    +

    X509_CRL_get0_by_serial() attempts to find a revoked entry in crl for +serial number serial. If it is successful it sets *ret to the internal +pointer of the matching entry, as a result *ret must not be freed up +after the call.

    +

    X509_CRL_get0_by_cert() is similar to X509_get0_by_serial() except it +looks for a revoked entry using the serial number of certificate x.

    +

    X509_CRL_get_REVOKED() returns an internal pointer to a stack of all +revoked entries for crl.

    +

    X509_REVOKED_get0_serialNumber() returns an internal pointer to the +serial number of r.

    +

    X509_REVOKED_get0_revocationDate() returns an internal pointer to the +revocation date of r.

    +

    X509_REVOKED_set_serialNumber() sets the serial number of r to serial. +The supplied serial pointer is not used internally so it should be +freed up after use.

    +

    X509_REVOKED_set_revocationDate() sets the revocation date of r to +tm. The supplied tm pointer is not used internally so it should be +freed up after use.

    +

    X509_CRL_add0_revoked() appends revoked entry rev to CRL crl. The +pointer rev is used internally so it must not be freed up after the call: +it is freed when the parent CRL is freed.

    +

    X509_CRL_sort() sorts the revoked entries of crl into ascending serial +number order.

    +

    +

    +
    +

    NOTES

    +

    Applications can determine the number of revoked entries returned by +X509_CRL_get_revoked() using sk_X509_REVOKED_num() and examine each one +in turn using sk_X509_REVOKED_value().

    +

    +

    +
    +

    RETURN VALUES

    +

    X509_CRL_get0_by_serial() and X509_CRL_get0_by_cert() return 0 for failure, +1 on success except if the revoked entry has the reason removeFromCRL (8), +in which case 2 is returned.

    +

    X509_REVOKED_set_serialNumber(), X509_REVOKED_set_revocationDate(), +X509_CRL_add0_revoked() and X509_CRL_sort() return 1 for success and 0 for +failure.

    +

    X509_REVOKED_get0_serialNumber() returns an ASN1_INTEGER pointer.

    +

    X509_REVOKED_get0_revocationDate() returns an ASN1_TIME value.

    +

    X509_CRL_get_REVOKED() returns a STACK of revoked entries.

    +

    +

    +
    +

    SEE ALSO

    +

    d2i_X509(3), +ERR_get_error(3), +X509_get0_signature(3), +X509_get_ext_d2i(3), +X509_get_extension_flags(3), +X509_get_pubkey(3), +X509_get_subject_name(3), +X509_get_version(3), +X509_NAME_add_entry_by_txt(3), +X509_NAME_ENTRY_get_object(3), +X509_NAME_get_index_by_NID(3), +X509_NAME_print_ex(3), +X509_new(3), +X509_sign(3), +X509V3_get_d2i(3), +X509_verify_cert(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/X509_EXTENSION_set_object.html b/linux_amd64/share/doc/openssl/html/man3/X509_EXTENSION_set_object.html new file mode 100755 index 0000000..e9cd229 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/X509_EXTENSION_set_object.html @@ -0,0 +1,123 @@ + + + + +X509_EXTENSION_set_object + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_EXTENSION_set_object, X509_EXTENSION_set_critical, +X509_EXTENSION_set_data, X509_EXTENSION_create_by_NID, +X509_EXTENSION_create_by_OBJ, X509_EXTENSION_get_object, +X509_EXTENSION_get_critical, X509_EXTENSION_get_data - extension utility +functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + int X509_EXTENSION_set_object(X509_EXTENSION *ex, const ASN1_OBJECT *obj);
+ int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit);
+ int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data);
    +
    + X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex,
+                                              int nid, int crit,
+                                              ASN1_OCTET_STRING *data);
+ X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex,
+                                              const ASN1_OBJECT *obj, int crit,
+                                              ASN1_OCTET_STRING *data);
    +
    + ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex);
+ int X509_EXTENSION_get_critical(const X509_EXTENSION *ex);
+ ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne);
    +

    +

    +
    +

    DESCRIPTION

    +

    X509_EXTENSION_set_object() sets the extension type of ex to obj. The +obj pointer is duplicated internally so obj should be freed up after use.

    +

    X509_EXTENSION_set_critical() sets the criticality of ex to crit. If +crit is zero the extension in non-critical otherwise it is critical.

    +

    X509_EXTENSION_set_data() sets the data in extension ex to data. The +data pointer is duplicated internally.

    +

    X509_EXTENSION_create_by_NID() creates an extension of type nid, +criticality crit using data data. The created extension is returned and +written to *ex reusing or allocating a new extension if necessary so *ex +should either be NULL or a valid X509_EXTENSION structure it must +not be an uninitialised pointer.

    +

    X509_EXTENSION_create_by_OBJ() is identical to X509_EXTENSION_create_by_NID() +except it creates and extension using obj instead of a NID.

    +

    X509_EXTENSION_get_object() returns the extension type of ex as an +ASN1_OBJECT pointer. The returned pointer is an internal value which must +not be freed up.

    +

    X509_EXTENSION_get_critical() returns the criticality of extension ex it +returns 1 for critical and 0 for non-critical.

    +

    X509_EXTENSION_get_data() returns the data of extension ex. The returned +pointer is an internal value which must not be freed up.

    +

    +

    +
    +

    NOTES

    +

    These functions manipulate the contents of an extension directly. Most +applications will want to parse or encode and add an extension: they should +use the extension encode and decode functions instead such as +X509_add1_ext_i2d() and X509_get_ext_d2i().

    +

    The data associated with an extension is the extension encoding in an +ASN1_OCTET_STRING structure.

    +

    +

    +
    +

    RETURN VALUES

    +

    X509_EXTENSION_set_object() X509_EXTENSION_set_critical() and +X509_EXTENSION_set_data() return 1 for success and 0 for failure.

    +

    X509_EXTENSION_create_by_NID() and X509_EXTENSION_create_by_OBJ() return +an X509_EXTENSION pointer or NULL if an error occurs.

    +

    X509_EXTENSION_get_object() returns an ASN1_OBJECT pointer.

    +

    X509_EXTENSION_get_critical() returns 0 for non-critical and 1 for +critical.

    +

    X509_EXTENSION_get_data() returns an ASN1_OCTET_STRING pointer.

    +

    +

    +
    +

    SEE ALSO

    +

    X509V3_get_d2i(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/X509_LOOKUP.html b/linux_amd64/share/doc/openssl/html/man3/X509_LOOKUP.html new file mode 100755 index 0000000..88886fc --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/X509_LOOKUP.html @@ -0,0 +1,220 @@ + + + + +X509_LOOKUP + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_LOOKUP, X509_LOOKUP_TYPE, +X509_LOOKUP_new, X509_LOOKUP_free, X509_LOOKUP_init, +X509_LOOKUP_shutdown, +X509_LOOKUP_set_method_data, X509_LOOKUP_get_method_data, +X509_LOOKUP_ctrl, +X509_LOOKUP_load_file, X509_LOOKUP_add_dir, X509_LOOKUP_add_store, +X509_LOOKUP_load_store, +X509_LOOKUP_get_store, X509_LOOKUP_by_subject, +X509_LOOKUP_by_issuer_serial, X509_LOOKUP_by_fingerprint, +X509_LOOKUP_by_alias +- OpenSSL certificate lookup mechanisms

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509_vfy.h>
    +
    + typedef x509_lookup_st X509_LOOKUP;
    +
    + typedef enum X509_LOOKUP_TYPE;
    +
    + X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method);
+ int X509_LOOKUP_init(X509_LOOKUP *ctx);
+ int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
+ void X509_LOOKUP_free(X509_LOOKUP *ctx);
    +
    + int X509_LOOKUP_set_method_data(X509_LOOKUP *ctx, void *data);
+ void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx);
    +
    + int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
+                      long argl, char **ret);
+ int X509_LOOKUP_load_file(X509_LOOKUP *ctx, char *name, long type);
+ int X509_LOOKUP_add_dir(X509_LOOKUP *ctx, char *name, long type);
+ int X509_LOOKUP_add_store(X509_LOOKUP *ctx, char *uri);
+ int X509_LOOKUP_load_store(X509_LOOKUP *ctx, char *uri);
    +
    + X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx);
    +
    + int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                            X509_NAME *name, X509_OBJECT *ret);
+ int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                                  X509_NAME *name, ASN1_INTEGER *serial,
+                                  X509_OBJECT *ret);
+ int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                                const unsigned char *bytes, int len,
+                                X509_OBJECT *ret);
+ int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                          const char *str, int len, X509_OBJECT *ret);
    +

    +

    +
    +

    DESCRIPTION

    +

    The X509_LOOKUP structure holds the information needed to look up +certificates and CRLs according to an associated X509_LOOKUP_METHOD(3). +Multiple X509_LOOKUP instances can be added to an X509_STORE(3) +to enable lookup in that store.

    +

    X509_LOOKUP_new() creates a new X509_LOOKUP using the given lookup +method. +It can also be created by calling X509_STORE_add_lookup(3), which +will associate a X509_STORE with the lookup mechanism.

    +

    X509_LOOKUP_init() initializes the internal state and resources as +needed by the given X509_LOOKUP to do its work.

    +

    X509_LOOKUP_shutdown() tears down the internal state and resources of +the given X509_LOOKUP.

    +

    X509_LOOKUP_free() destructs the given X509_LOOKUP.

    +

    X509_LOOKUP_set_method_data() and X509_LOOKUP_get_method_data() +associates and retrieves a pointer to application data to and from the +given X509_LOOKUP, respectively.

    +

    X509_LOOKUP_ctrl() is used to set or get additional data to or from a +X509_LOOKUP structure or its associated X509_LOOKUP_METHOD(3). +The arguments of the control command are passed via argc and argl, +its return value via *ret. +The meaning of the arguments depends on the cmd number of the +control command. In general, this function is not called directly, but +wrapped by a macro call, see below. +The control cmds known to OpenSSL are discussed in more depth +in Control Commands.

    +

    X509_LOOKUP_load_file() passes a filename to be loaded immediately +into the associated X509_STORE. +type indicates what type of object is expected. +This can only be used with a lookup using the implementation +X509_LOOKUP_file(3).

    +

    X509_LOOKUP_add_dir() passes a directory specification from which +certificates and CRLs are loaded on demand into the associated +X509_STORE. +type indicates what type of object is expected. +This can only be used with a lookup using the implementation +X509_LOOKUP_hash_dir(3).

    +

    X509_LOOKUP_add_store() passes a URI for a directory-like structure +from which containers with certificates and CRLs are loaded on demand +into the associated X509_STORE. +X509_LOOKUP_load_store() passes a URI for a single container from +which certificates and CRLs are immediately loaded into the associated +X509_STORE. +These functions can only be used with a lookup using the +implementation X509_LOOKUP_store(3).

    +

    X509_LOOKUP_load_file(), X509_LOOKUP_add_dir(), +X509_LOOKUP_add_store(), and X509_LOOKUP_load_store() are implemented +as macros that use X509_LOOKUP_ctrl().

    +

    X509_LOOKUP_by_subject(), X509_LOOKUP_by_issuer_serial(), +X509_LOOKUP_by_fingerprint(), and X509_LOOKUP_by_alias() look up +certificates and CRLs in the X509_STORE(3) associated with the +X509_LOOKUP using different criteria, where the looked up object is +stored in ret. +Some of the underlying X509_LOOKUP_METHODs will also cache objects +matching the criteria in the associated X509_STORE, which makes it +possible to handle cases where the criteria have more than one hit.

    +

    +

    +

    Control Commands

    +

    The X509_LOOKUP_METHODs built into OpenSSL recognise the following +X509_LOOKUP_ctrl() cmds:

    +
    +
    X509_L_FILE_LOAD
    + +
    +

    This is the command that X509_LOOKUP_load_file() uses. +The filename is passed in argc, and the type in argl.

    +
    +
    X509_L_ADD_DIR
    + +
    +

    This is the command that X509_LOOKUP_add_dir() uses. +The directory specification is passed in argc, and the type in +argl.

    +
    +
    X509_L_ADD_STORE
    + +
    +

    This is the command that X509_LOOKUP_add_store() uses. +The URI is passed in argc.

    +
    +
    X509_L_LOAD_STORE
    + +
    +

    This is the command that X509_LOOKUP_load_store() uses. +The URI is passed in argc.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    X509_LOOKUP_new() returns a X509_LOOKUP pointer when successful, +or NULL on error.

    +

    X509_LOOKUP_init() and X509_LOOKUP_shutdown() return 1 on success, or +0 on error.

    +

    X509_LOOKUP_ctrl() returns -1 if the X509_LOOKUP doesn't have an +associated X509_LOOKUP_METHOD, or 1 if the +doesn't have a control function. +Otherwise, it returns what the control function in the +X509_LOOKUP_METHOD returns, which is usually 1 on success and 0 in +error.

    +

    X509_LOOKUP_get_store() returns a X509_STORE pointer if there is +one, otherwise NULL.

    +

    X509_LOOKUP_by_subject(), X509_LOOKUP_by_issuer_serial(), +X509_LOOKUP_by_fingerprint(), and X509_LOOKUP_by_alias() all return 0 +if there is no X509_LOOKUP_METHOD or that method doesn't implement +the corresponding function. +Otherwise, it returns what the corresponding function in the +X509_LOOKUP_METHOD returns, which is usually 1 on success and 0 in +error.

    +

    +

    +
    +

    SEE ALSO

    +

    X509_LOOKUP_METHOD(3), X509_STORE(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/X509_LOOKUP_hash_dir.html b/linux_amd64/share/doc/openssl/html/man3/X509_LOOKUP_hash_dir.html new file mode 100755 index 0000000..ae8719d --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/X509_LOOKUP_hash_dir.html @@ -0,0 +1,187 @@ + + + + +X509_LOOKUP_hash_dir + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_LOOKUP_hash_dir, X509_LOOKUP_file, X509_LOOKUP_store, +X509_load_cert_file, +X509_load_crl_file, +X509_load_cert_crl_file - Default OpenSSL certificate +lookup methods

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509_vfy.h>
    +
    + X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
+ X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
+ X509_LOOKUP_METHOD *X509_LOOKUP_store(void);
    +
    + int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type);
+ int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type);
+ int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type);
    +

    +

    +
    +

    DESCRIPTION

    +

    X509_LOOKUP_hash_dir and X509_LOOKUP_file are two certificate +lookup methods to use with X509_STORE, provided by OpenSSL library.

    +

    Users of the library typically do not need to create instances of these +methods manually, they would be created automatically by +X509_STORE_load_locations(3) or +SSL_CTX_load_verify_locations(3) +functions.

    +

    Internally loading of certificates and CRLs is implemented via functions +X509_load_cert_crl_file, X509_load_cert_file and +X509_load_crl_file. These functions support parameter type, which +can be one of constants FILETYPE_PEM, FILETYPE_ASN1 and +FILETYPE_DEFAULT. They load certificates and/or CRLs from specified +file into memory cache of X509_STORE objects which given ctx +parameter is associated with.

    +

    Functions X509_load_cert_file and +X509_load_crl_file can load both PEM and DER formats depending of +type value. Because DER format cannot contain more than one certificate +or CRL object (while PEM can contain several concatenated PEM objects) +X509_load_cert_crl_file with FILETYPE_ASN1 is equivalent to +X509_load_cert_file.

    +

    Constant FILETYPE_DEFAULT with NULL filename causes these functions +to load default certificate store file (see +X509_STORE_set_default_paths(3).

    +

    Functions return number of objects loaded from file or 0 in case of +error.

    +

    Both methods support adding several certificate locations into one +X509_STORE.

    +

    This page documents certificate store formats used by these methods and +caching policy.

    +

    +

    +

    File Method

    +

    The X509_LOOKUP_file method loads all the certificates or CRLs +present in a file into memory at the time the file is added as a +lookup source.

    +

    File format is ASCII text which contains concatenated PEM certificates +and CRLs.

    +

    This method should be used by applications which work with a small +set of CAs.

    +

    +

    +

    Hashed Directory Method

    +

    X509_LOOKUP_hash_dir is a more advanced method, which loads +certificates and CRLs on demand, and caches them in memory once +they are loaded. As of OpenSSL 1.0.0, it also checks for newer CRLs +upon each lookup, so that newer CRLs are as soon as they appear in +the directory.

    +

    The directory should contain one certificate or CRL per file in PEM format, +with a filename of the form hash.N for a certificate, or +hash.rN for a CRL. +The hash is the value returned by the X509_NAME_hash(3) function applied +to the subject name for certificates or issuer name for CRLs. +The hash can also be obtained via the -hash option of the +openssl-x509(1) or openssl-crl(1) commands.

    +

    The .N or .rN suffix is a sequence number that starts at zero, and is +incremented consecutively for each certificate or CRL with the same hash +value. +Gaps in the sequence numbers are not supported, it is assumed that there are no +more objects with the same hash beyond the first missing number in the +sequence.

    +

    Sequence numbers make it possible for the directory to contain multiple +certificates with same subject name hash value. +For example, it is possible to have in the store several certificates with same +subject or several CRLs with same issuer (and, for example, different validity +period).

    +

    When checking for new CRLs once one CRL for given hash value is +loaded, hash_dir lookup method checks only for certificates with +sequence number greater than that of the already cached CRL.

    +

    Note that the hash algorithm used for subject name hashing changed in OpenSSL +1.0.0, and all certificate stores have to be rehashed when moving from OpenSSL +0.9.8 to 1.0.0.

    +

    OpenSSL includes a openssl-rehash(1) utility which creates symlinks with +hashed names for all files with .pem suffix in a given directory.

    +

    +

    +

    OSSL_STORE Method

    +

    X509_LOOKUP_store is a method that allows access to any store of +certificates and CRLs through any loader supported by +ossl_store(7). +It works with the help of URIs, which can be direct references to +certificates or CRLs, but can also be references to catalogues of such +objects (that behave like directories).

    +

    This method overlaps the File Method and Hashed Directory Method +because of the 'file:' scheme loader. +It does no caching of its own, but can use a caching ossl_store(7) +loader, and therefore depends on the loader's capability.

    +

    +

    +
    +

    RETURN VALUES

    +

    X509_LOOKUP_hash_dir(), X509_LOOKUP_file() and X509_LOOKUP_store() +always return a valid X509_LOOKUP_METHOD structure.

    +

    X509_load_cert_file(), X509_load_crl_file() and X509_load_cert_crl_file() return +the number of loaded objects or 0 on error.

    +

    +

    +
    +

    SEE ALSO

    +

    PEM_read_PrivateKey(3), +X509_STORE_load_locations(3), +X509_store_add_lookup(3), +SSL_CTX_load_verify_locations(3), +X509_LOOKUP_meth_new(3), +ossl_store(7)

    +

    +

    +
    +

    HISTORY

    +

    X509_LOOKUP_store was added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/X509_LOOKUP_meth_new.html b/linux_amd64/share/doc/openssl/html/man3/X509_LOOKUP_meth_new.html new file mode 100755 index 0000000..f7ba051 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/X509_LOOKUP_meth_new.html @@ -0,0 +1,221 @@ + + + + +X509_LOOKUP_meth_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_LOOKUP_METHOD, +X509_LOOKUP_meth_new, X509_LOOKUP_meth_free, X509_LOOKUP_meth_set_new_item, +X509_LOOKUP_meth_get_new_item, X509_LOOKUP_meth_set_free, +X509_LOOKUP_meth_get_free, X509_LOOKUP_meth_set_init, +X509_LOOKUP_meth_get_init, X509_LOOKUP_meth_set_shutdown, +X509_LOOKUP_meth_get_shutdown, +X509_LOOKUP_ctrl_fn, X509_LOOKUP_meth_set_ctrl, X509_LOOKUP_meth_get_ctrl, +X509_LOOKUP_get_by_subject_fn, X509_LOOKUP_meth_set_get_by_subject, +X509_LOOKUP_meth_get_get_by_subject, +X509_LOOKUP_get_by_issuer_serial_fn, X509_LOOKUP_meth_set_get_by_issuer_serial, +X509_LOOKUP_meth_get_get_by_issuer_serial, +X509_LOOKUP_get_by_fingerprint_fn, X509_LOOKUP_meth_set_get_by_fingerprint, +X509_LOOKUP_meth_get_get_by_fingerprint, +X509_LOOKUP_get_by_alias_fn, X509_LOOKUP_meth_set_get_by_alias, +X509_LOOKUP_meth_get_get_by_alias, +X509_OBJECT_set1_X509, X509_OBJECT_set1_X509_CRL +- Routines to build up X509_LOOKUP methods

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509_vfy.h>
    +
    + typedef x509_lookup_method_st X509_LOOKUP_METHOD;
    +
    + X509_LOOKUP_METHOD *X509_LOOKUP_meth_new(const char *name);
+ void X509_LOOKUP_meth_free(X509_LOOKUP_METHOD *method);
    +
    + int X509_LOOKUP_meth_set_new_item(X509_LOOKUP_METHOD *method,
+                                   int (*new_item) (X509_LOOKUP *ctx));
+ int (*X509_LOOKUP_meth_get_new_item(const X509_LOOKUP_METHOD* method))
+     (X509_LOOKUP *ctx);
    +
    + int X509_LOOKUP_meth_set_free(X509_LOOKUP_METHOD *method,
+                               void (*free) (X509_LOOKUP *ctx));
+ void (*X509_LOOKUP_meth_get_free(const X509_LOOKUP_METHOD* method))
+     (X509_LOOKUP *ctx);
    +
    + int X509_LOOKUP_meth_set_init(X509_LOOKUP_METHOD *method,
+                               int (*init) (X509_LOOKUP *ctx));
+ int (*X509_LOOKUP_meth_get_init(const X509_LOOKUP_METHOD* method))
+     (X509_LOOKUP *ctx);
    +
    + int X509_LOOKUP_meth_set_shutdown(X509_LOOKUP_METHOD *method,
+                                   int (*shutdown) (X509_LOOKUP *ctx));
+ int (*X509_LOOKUP_meth_get_shutdown(const X509_LOOKUP_METHOD* method))
+     (X509_LOOKUP *ctx);
    +
    + typedef int (*X509_LOOKUP_ctrl_fn)(X509_LOOKUP *ctx, int cmd, const char *argc,
+                                    long argl, char **ret);
+ int X509_LOOKUP_meth_set_ctrl(X509_LOOKUP_METHOD *method,
+     X509_LOOKUP_ctrl_fn ctrl_fn);
+ X509_LOOKUP_ctrl_fn X509_LOOKUP_meth_get_ctrl(const X509_LOOKUP_METHOD *method);
    +
    + typedef int (*X509_LOOKUP_get_by_subject_fn)(X509_LOOKUP *ctx,
+                                              X509_LOOKUP_TYPE type,
+                                              X509_NAME *name,
+                                              X509_OBJECT *ret);
+ int X509_LOOKUP_meth_set_get_by_subject(X509_LOOKUP_METHOD *method,
+     X509_LOOKUP_get_by_subject_fn fn);
+ X509_LOOKUP_get_by_subject_fn X509_LOOKUP_meth_get_get_by_subject(
+     const X509_LOOKUP_METHOD *method);
    +
    + typedef int (*X509_LOOKUP_get_by_issuer_serial_fn)(X509_LOOKUP *ctx,
+                                                    X509_LOOKUP_TYPE type,
+                                                    X509_NAME *name,
+                                                    ASN1_INTEGER *serial,
+                                                    X509_OBJECT *ret);
+ int X509_LOOKUP_meth_set_get_by_issuer_serial(
+     X509_LOOKUP_METHOD *method, X509_LOOKUP_get_by_issuer_serial_fn fn);
+ X509_LOOKUP_get_by_issuer_serial_fn X509_LOOKUP_meth_get_get_by_issuer_serial(
+     const X509_LOOKUP_METHOD *method);
    +
    + typedef int (*X509_LOOKUP_get_by_fingerprint_fn)(X509_LOOKUP *ctx,
+                                                  X509_LOOKUP_TYPE type,
+                                                  const unsigned char* bytes,
+                                                  int len,
+                                                  X509_OBJECT *ret);
+ int X509_LOOKUP_meth_set_get_by_fingerprint(X509_LOOKUP_METHOD *method,
+     X509_LOOKUP_get_by_fingerprint_fn fn);
+ X509_LOOKUP_get_by_fingerprint_fn X509_LOOKUP_meth_get_get_by_fingerprint(
+     const X509_LOOKUP_METHOD *method);
    +
    + typedef int (*X509_LOOKUP_get_by_alias_fn)(X509_LOOKUP *ctx,
+                                            X509_LOOKUP_TYPE type,
+                                            const char *str,
+                                            int len,
+                                            X509_OBJECT *ret);
+ int X509_LOOKUP_meth_set_get_by_alias(X509_LOOKUP_METHOD *method,
+     X509_LOOKUP_get_by_alias_fn fn);
+ X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias(
+     const X509_LOOKUP_METHOD *method);
    +
    + int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj);
+ int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj);
    +

    +

    +
    +

    DESCRIPTION

    +

    The X509_LOOKUP_METHOD type is a structure used for the implementation of new +X509_LOOKUP types. It provides a set of functions used by OpenSSL for the +implementation of various X509 and X509_CRL lookup capabilities. One instance +of an X509_LOOKUP_METHOD can be associated to many instantiations of an +X509_LOOKUP structure.

    +

    X509_LOOKUP_meth_new() creates a new X509_LOOKUP_METHOD structure. It should +be given a human-readable string containing a brief description of the lookup +method.

    +

    X509_LOOKUP_meth_free() destroys a X509_LOOKUP_METHOD structure.

    +

    X509_LOOKUP_get_new_item() and X509_LOOKUP_set_new_item() get and set the +function that is called when an X509_LOOKUP object is created with +X509_LOOKUP_new(). If an X509_LOOKUP_METHOD requires any per-X509_LOOKUP +specific data, the supplied new_item function should allocate this data and +invoke X509_LOOKUP_set_method_data(3).

    +

    X509_LOOKUP_get_free() and X509_LOOKUP_set_free() get and set the function +that is used to free any method data that was allocated and set from within +new_item function.

    +

    X509_LOOKUP_meth_get_init() and X509_LOOKUP_meth_set_init() get and set the +function that is used to initialize the method data that was set with +X509_LOOKUP_set_method_data(3) as part of the new_item routine.

    +

    X509_LOOKUP_meth_get_shutdown() and X509_LOOKUP_meth_set_shutdown() get and set +the function that is used to shut down the method data whose state was +previously initialized in the init function.

    +

    X509_LOOKUP_meth_get_ctrl() and X509_LOOKUP_meth_set_ctrl() get and set a +function to be used to handle arbitrary control commands issued by +X509_LOOKUP_ctrl(). The control function is given the X509_LOOKUP +ctx, along with the arguments passed by X509_LOOKUP_ctrl. cmd is +an arbitrary integer that defines some operation. argc is a pointer +to an array of characters. argl is an integer. ret, if set, +points to a location where any return data should be written to. How +argc and argl are used depends entirely on the control function.

    +

    X509_LOOKUP_set_get_by_subject(), X509_LOOKUP_set_get_by_issuer_serial(), +X509_LOOKUP_set_get_by_fingerprint(), X509_LOOKUP_set_get_by_alias() set +the functions used to retrieve an X509 or X509_CRL object by the object's +subject, issuer, fingerprint, and alias respectively. These functions are given +the X509_LOOKUP context, the type of the X509_OBJECT being requested, parameters +related to the lookup, and an X509_OBJECT that will receive the requested +object.

    +

    Implementations must add objects they find to the X509_STORE object +using X509_STORE_add_cert() or X509_STORE_add_crl(). This increments +its reference count. However, the X509_STORE_CTX_get_by_subject() +function also increases the reference count which leads to one too +many references being held. Therefore applications should +additionally call X509_free() or X509_CRL_free() to decrement the +reference count again.

    +

    Implementations should also use either X509_OBJECT_set1_X509() or +X509_OBJECT_set1_X509_CRL() to set the result. Note that this also +increments the result's reference count.

    +

    Any method data that was created as a result of the new_item function +set by X509_LOOKUP_meth_set_new_item() can be accessed with +X509_LOOKUP_get_method_data(3). The X509_STORE object that owns the +X509_LOOKUP may be accessed with X509_LOOKUP_get_store(3). Successful +lookups should return 1, and unsuccessful lookups should return 0.

    +

    X509_LOOKUP_get_get_by_subject(), X509_LOOKUP_get_get_by_issuer_serial(), +X509_LOOKUP_get_get_by_fingerprint(), X509_LOOKUP_get_get_by_alias() retrieve +the function set by the corresponding setter.

    +

    +

    +
    +

    RETURN VALUES

    +

    The X509_LOOKUP_meth_set functions return 1 on success or 0 on error.

    +

    The X509_LOOKUP_meth_get functions return the corresponding function +pointers.

    +

    +

    +
    +

    SEE ALSO

    +

    X509_STORE_new(3), SSL_CTX_set_cert_store(3)

    +

    +

    +
    +

    HISTORY

    +

    The functions described here were added in OpenSSL 1.1.0i.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/X509_NAME_ENTRY_get_object.html b/linux_amd64/share/doc/openssl/html/man3/X509_NAME_ENTRY_get_object.html new file mode 100755 index 0000000..3b12034 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/X509_NAME_ENTRY_get_object.html @@ -0,0 +1,126 @@ + + + + +X509_NAME_ENTRY_get_object + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_NAME_ENTRY_get_object, X509_NAME_ENTRY_get_data, +X509_NAME_ENTRY_set_object, X509_NAME_ENTRY_set_data, +X509_NAME_ENTRY_create_by_txt, X509_NAME_ENTRY_create_by_NID, +X509_NAME_ENTRY_create_by_OBJ - X509_NAME_ENTRY utility functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509.h>
    +
    + ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne);
+ ASN1_STRING *X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne);
    +
    + int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, const ASN1_OBJECT *obj);
+ int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
+                              const unsigned char *bytes, int len);
    +
    + X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, const char *field,
+                                                int type, const unsigned char *bytes,
+                                                int len);
+ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
+                                                int type, const unsigned char *bytes,
+                                                int len);
+ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
+                                                const ASN1_OBJECT *obj, int type,
+                                                const unsigned char *bytes, int len);
    +

    +

    +
    +

    DESCRIPTION

    +

    X509_NAME_ENTRY_get_object() retrieves the field name of ne in +and ASN1_OBJECT structure.

    +

    X509_NAME_ENTRY_get_data() retrieves the field value of ne in +and ASN1_STRING structure.

    +

    X509_NAME_ENTRY_set_object() sets the field name of ne to obj.

    +

    X509_NAME_ENTRY_set_data() sets the field value of ne to string type +type and value determined by bytes and len.

    +

    X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_NID() +and X509_NAME_ENTRY_create_by_OBJ() create and return an +X509_NAME_ENTRY structure.

    +

    +

    +
    +

    NOTES

    +

    X509_NAME_ENTRY_get_object() and X509_NAME_ENTRY_get_data() can be +used to examine an X509_NAME_ENTRY function as returned by +X509_NAME_get_entry() for example.

    +

    X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_OBJ(), +X509_NAME_ENTRY_create_by_NID() and X509_NAME_ENTRY_set_data() +are seldom used in practice because X509_NAME_ENTRY structures +are almost always part of X509_NAME structures and the +corresponding X509_NAME functions are typically used to +create and add new entries in a single operation.

    +

    The arguments of these functions support similar options to the similarly +named ones of the corresponding X509_NAME functions such as +X509_NAME_add_entry_by_txt(). So for example type can be set to +MBSTRING_ASC but in the case of X509_set_data() the field name must be +set first so the relevant field information can be looked up internally.

    +

    +

    +
    +

    RETURN VALUES

    +

    X509_NAME_ENTRY_get_object() returns a valid ASN1_OBJECT structure if it is +set or NULL if an error occurred.

    +

    X509_NAME_ENTRY_get_data() returns a valid ASN1_STRING structure if it is set +or NULL if an error occurred.

    +

    X509_NAME_ENTRY_set_object() and X509_NAME_ENTRY_set_data() return 1 on success +or 0 on error.

    +

    X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_NID() and +X509_NAME_ENTRY_create_by_OBJ() return a valid X509_NAME_ENTRY on success or +NULL if an error occurred.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), d2i_X509_NAME(3), +OBJ_nid2obj(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/X509_NAME_add_entry_by_txt.html b/linux_amd64/share/doc/openssl/html/man3/X509_NAME_add_entry_by_txt.html new file mode 100755 index 0000000..21475e1 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/X509_NAME_add_entry_by_txt.html @@ -0,0 +1,159 @@ + + + + +X509_NAME_add_entry_by_txt + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_NAME_add_entry_by_txt, X509_NAME_add_entry_by_OBJ, X509_NAME_add_entry_by_NID, +X509_NAME_add_entry, X509_NAME_delete_entry - X509_NAME modification functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509.h>
    +
    + int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type,
+                                const unsigned char *bytes, int len, int loc, int set);
    +
    + int X509_NAME_add_entry_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int type,
+                                const unsigned char *bytes, int len, int loc, int set);
    +
    + int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type,
+                                const unsigned char *bytes, int len, int loc, int set);
    +
    + int X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *ne, int loc, int set);
    +
    + X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);
    +

    +

    +
    +

    DESCRIPTION

    +

    X509_NAME_add_entry_by_txt(), X509_NAME_add_entry_by_OBJ() and +X509_NAME_add_entry_by_NID() add a field whose name is defined +by a string field, an object obj or a NID nid respectively. +The field value to be added is in bytes of length len. If +len is -1 then the field length is calculated internally using +strlen(bytes).

    +

    The type of field is determined by type which can either be a +definition of the type of bytes (such as MBSTRING_ASC) or a +standard ASN1 type (such as V_ASN1_IA5STRING). The new entry is +added to a position determined by loc and set.

    +

    X509_NAME_add_entry() adds a copy of X509_NAME_ENTRY structure ne +to name. The new entry is added to a position determined by loc +and set. Since a copy of ne is added ne must be freed up after +the call.

    +

    X509_NAME_delete_entry() deletes an entry from name at position +loc. The deleted entry is returned and must be freed up.

    +

    +

    +
    +

    NOTES

    +

    The use of string types such as MBSTRING_ASC or MBSTRING_UTF8 +is strongly recommended for the type parameter. This allows the +internal code to correctly determine the type of the field and to +apply length checks according to the relevant standards. This is +done using ASN1_STRING_set_by_NID().

    +

    If instead an ASN1 type is used no checks are performed and the +supplied data in bytes is used directly.

    +

    In X509_NAME_add_entry_by_txt() the field string represents +the field name using OBJ_txt2obj(field, 0).

    +

    The loc and set parameters determine where a new entry should +be added. For almost all applications loc can be set to -1 and set +to 0. This adds a new entry to the end of name as a single valued +RelativeDistinguishedName (RDN).

    +

    loc actually determines the index where the new entry is inserted: +if it is -1 it is appended.

    +

    set determines how the new type is added. If it is zero a +new RDN is created.

    +

    If set is -1 or 1 it is added to the previous or next RDN +structure respectively. This will then be a multivalued RDN: +since multivalues RDNs are very seldom used set is almost +always set to zero.

    +

    +

    +
    +

    RETURN VALUES

    +

    X509_NAME_add_entry_by_txt(), X509_NAME_add_entry_by_OBJ(), +X509_NAME_add_entry_by_NID() and X509_NAME_add_entry() return 1 for +success of 0 if an error occurred.

    +

    X509_NAME_delete_entry() returns either the deleted X509_NAME_ENTRY +structure of NULL if an error occurred.

    +

    +

    +
    +

    EXAMPLES

    +

    Create an X509_NAME structure:

    +

    "C=UK, O=Disorganized Organization, CN=Joe Bloggs"

    +
    + X509_NAME *nm;
    +
    + nm = X509_NAME_new();
+ if (nm == NULL)
+     /* Some error */
+ if (!X509_NAME_add_entry_by_txt(nm, "C", MBSTRING_ASC,
+                                 "UK", -1, -1, 0))
+     /* Error */
+ if (!X509_NAME_add_entry_by_txt(nm, "O", MBSTRING_ASC,
+                                 "Disorganized Organization", -1, -1, 0))
+     /* Error */
+ if (!X509_NAME_add_entry_by_txt(nm, "CN", MBSTRING_ASC,
+                                 "Joe Bloggs", -1, -1, 0))
+     /* Error */
    +

    +

    +
    +

    BUGS

    +

    type can still be set to V_ASN1_APP_CHOOSE to use a +different algorithm to determine field types. Since this form does +not understand multicharacter types, performs no length checks and +can result in invalid field types its use is strongly discouraged.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), d2i_X509_NAME(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/X509_NAME_get0_der.html b/linux_amd64/share/doc/openssl/html/man3/X509_NAME_get0_der.html new file mode 100755 index 0000000..786459b --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/X509_NAME_get0_der.html @@ -0,0 +1,76 @@ + + + + +X509_NAME_get0_der + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_NAME_get0_der - get X509_NAME DER encoding

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509.h>
    +
    + int X509_NAME_get0_der(X509_NAME *nm, const unsigned char **pder,
+                        size_t *pderlen)
    +

    +

    +
    +

    DESCRIPTION

    +

    The function X509_NAME_get0_der() returns an internal pointer to the +encoding of an X509_NAME structure in *pder and consisting of +*pderlen bytes. It is useful for applications that wish to examine +the encoding of an X509_NAME structure without copying it.

    +

    +

    +
    +

    RETURN VALUES

    +

    The function X509_NAME_get0_der() returns 1 for success and 0 if an error +occurred.

    +

    +

    +
    +

    SEE ALSO

    +

    d2i_X509(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/X509_NAME_get_index_by_NID.html b/linux_amd64/share/doc/openssl/html/man3/X509_NAME_get_index_by_NID.html new file mode 100755 index 0000000..45373f3 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/X509_NAME_get_index_by_NID.html @@ -0,0 +1,153 @@ + + + + +X509_NAME_get_index_by_NID + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_NAME_get_index_by_NID, X509_NAME_get_index_by_OBJ, X509_NAME_get_entry, +X509_NAME_entry_count, X509_NAME_get_text_by_NID, X509_NAME_get_text_by_OBJ - +X509_NAME lookup and enumeration functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509.h>
    +
    + int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos);
+ int X509_NAME_get_index_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int lastpos);
    +
    + int X509_NAME_entry_count(const X509_NAME *name);
+ X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc);
    +
    + int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len);
+ int X509_NAME_get_text_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, char *buf, int len);
    +

    +

    +
    +

    DESCRIPTION

    +

    These functions allow an X509_NAME structure to be examined. The +X509_NAME structure is the same as the Name type defined in +RFC2459 (and elsewhere) and used for example in certificate subject +and issuer names.

    +

    X509_NAME_get_index_by_NID() and X509_NAME_get_index_by_OBJ() retrieve +the next index matching nid or obj after lastpos. lastpos +should initially be set to -1. If there are no more entries -1 is returned. +If nid is invalid (doesn't correspond to a valid OID) then -2 is returned.

    +

    X509_NAME_entry_count() returns the total number of entries in name.

    +

    X509_NAME_get_entry() retrieves the X509_NAME_ENTRY from name +corresponding to index loc. Acceptable values for loc run from +0 to (X509_NAME_entry_count(name) - 1). The value returned is an +internal pointer which must not be freed.

    +

    X509_NAME_get_text_by_NID(), X509_NAME_get_text_by_OBJ() retrieve +the "text" from the first entry in name which matches nid or +obj, if no such entry exists -1 is returned. At most len bytes +will be written and the text written to buf will be null +terminated. The length of the output string written is returned +excluding the terminating null. If buf is <NULL> then the amount +of space needed in buf (excluding the final null) is returned.

    +

    +

    +
    +

    NOTES

    +

    X509_NAME_get_text_by_NID() and X509_NAME_get_text_by_OBJ() should be +considered deprecated because they +have various limitations which make them +of minimal use in practice. They can only find the first matching +entry and will copy the contents of the field verbatim: this can +be highly confusing if the target is a multicharacter string type +like a BMPString or a UTF8String.

    +

    For a more general solution X509_NAME_get_index_by_NID() or +X509_NAME_get_index_by_OBJ() should be used followed by +X509_NAME_get_entry() on any matching indices and then the +various X509_NAME_ENTRY utility functions on the result.

    +

    The list of all relevant NID_* and OBJ_* codes can be found in +the source code header files <openssl/obj_mac.h> and/or +<openssl/objects.h>.

    +

    Applications which could pass invalid NIDs to X509_NAME_get_index_by_NID() +should check for the return value of -2. Alternatively the NID validity +can be determined first by checking OBJ_nid2obj(nid) is not NULL.

    +

    +

    +
    +

    RETURN VALUES

    +

    X509_NAME_get_index_by_NID() and X509_NAME_get_index_by_OBJ() +return the index of the next matching entry or -1 if not found. +X509_NAME_get_index_by_NID() can also return -2 if the supplied +NID is invalid.

    +

    X509_NAME_entry_count() returns the total number of entries.

    +

    X509_NAME_get_entry() returns an X509_NAME pointer to the +requested entry or NULL if the index is invalid.

    +

    +

    +
    +

    EXAMPLES

    +

    Process all entries:

    +
    + int i;
+ X509_NAME_ENTRY *e;
    +
    + for (i = 0; i < X509_NAME_entry_count(nm); i++) {
+     e = X509_NAME_get_entry(nm, i);
+     /* Do something with e */
+ }
    +

    Process all commonName entries:

    +
    + int lastpos = -1;
+ X509_NAME_ENTRY *e;
    +
    + for (;;) {
+     lastpos = X509_NAME_get_index_by_NID(nm, NID_commonName, lastpos);
+     if (lastpos == -1)
+         break;
+     e = X509_NAME_get_entry(nm, lastpos);
+     /* Do something with e */
+ }
    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), d2i_X509_NAME(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/X509_NAME_print_ex.html b/linux_amd64/share/doc/openssl/html/man3/X509_NAME_print_ex.html new file mode 100755 index 0000000..458ccd0 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/X509_NAME_print_ex.html @@ -0,0 +1,140 @@ + + + + +X509_NAME_print_ex + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_NAME_print_ex, X509_NAME_print_ex_fp, X509_NAME_print, +X509_NAME_oneline - X509_NAME printing routines

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509.h>
    +
    + int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent, unsigned long flags);
+ int X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, int indent, unsigned long flags);
+ char *X509_NAME_oneline(const X509_NAME *a, char *buf, int size);
+ int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase);
    +

    +

    +
    +

    DESCRIPTION

    +

    X509_NAME_print_ex() prints a human readable version of nm to BIO out. Each +line (for multiline formats) is indented by indent spaces. The output format +can be extensively customised by use of the flags parameter.

    +

    X509_NAME_print_ex_fp() is identical to X509_NAME_print_ex() except the output is +written to FILE pointer fp.

    +

    X509_NAME_oneline() prints an ASCII version of a to buf. +If buf is NULL then a buffer is dynamically allocated and returned, and +size is ignored. +Otherwise, at most size bytes will be written, including the ending '\0', +and buf is returned.

    +

    X509_NAME_print() prints out name to bp indenting each line by obase +characters. Multiple lines are used if the output (including indent) exceeds +80 characters.

    +

    +

    +
    +

    NOTES

    +

    The functions X509_NAME_oneline() and X509_NAME_print() +produce a non standard output form, they don't handle multi character fields and +have various quirks and inconsistencies. +Their use is strongly discouraged in new applications and they could +be deprecated in a future release.

    +

    Although there are a large number of possible flags for most purposes +XN_FLAG_ONELINE, XN_FLAG_MULTILINE or XN_FLAG_RFC2253 will suffice. +As noted on the ASN1_STRING_print_ex(3) manual page +for UTF8 terminals the ASN1_STRFLGS_ESC_MSB should be unset: so for example +XN_FLAG_ONELINE & ~ASN1_STRFLGS_ESC_MSB would be used.

    +

    The complete set of the flags supported by X509_NAME_print_ex() is listed below.

    +

    Several options can be ored together.

    +

    The options XN_FLAG_SEP_COMMA_PLUS, XN_FLAG_SEP_CPLUS_SPC, +XN_FLAG_SEP_SPLUS_SPC and XN_FLAG_SEP_MULTILINE determine the field separators +to use. Two distinct separators are used between distinct RelativeDistinguishedName +components and separate values in the same RDN for a multi-valued RDN. Multi-valued +RDNs are currently very rare so the second separator will hardly ever be used.

    +

    XN_FLAG_SEP_COMMA_PLUS uses comma and plus as separators. XN_FLAG_SEP_CPLUS_SPC +uses comma and plus with spaces: this is more readable that plain comma and plus. +XN_FLAG_SEP_SPLUS_SPC uses spaced semicolon and plus. XN_FLAG_SEP_MULTILINE uses +spaced newline and plus respectively.

    +

    If XN_FLAG_DN_REV is set the whole DN is printed in reversed order.

    +

    The fields XN_FLAG_FN_SN, XN_FLAG_FN_LN, XN_FLAG_FN_OID, +XN_FLAG_FN_NONE determine how a field name is displayed. It will +use the short name (e.g. CN) the long name (e.g. commonName) always +use OID numerical form (normally OIDs are only used if the field name is not +recognised) and no field name respectively.

    +

    If XN_FLAG_SPC_EQ is set then spaces will be placed around the '=' character +separating field names and values.

    +

    If XN_FLAG_DUMP_UNKNOWN_FIELDS is set then the encoding of unknown fields is +printed instead of the values.

    +

    If XN_FLAG_FN_ALIGN is set then field names are padded to 20 characters: this +is only of use for multiline format.

    +

    Additionally all the options supported by ASN1_STRING_print_ex() can be used to +control how each field value is displayed.

    +

    In addition a number options can be set for commonly used formats.

    +

    XN_FLAG_RFC2253 sets options which produce an output compatible with RFC2253 it +is equivalent to: + ASN1_STRFLGS_RFC2253 | XN_FLAG_SEP_COMMA_PLUS | XN_FLAG_DN_REV | XN_FLAG_FN_SN | XN_FLAG_DUMP_UNKNOWN_FIELDS

    +

    XN_FLAG_ONELINE is a more readable one line format which is the same as: + ASN1_STRFLGS_RFC2253 | ASN1_STRFLGS_ESC_QUOTE | XN_FLAG_SEP_CPLUS_SPC | XN_FLAG_SPC_EQ | XN_FLAG_FN_SN

    +

    XN_FLAG_MULTILINE is a multiline format which is the same as: + ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB | XN_FLAG_SEP_MULTILINE | XN_FLAG_SPC_EQ | XN_FLAG_FN_LN | XN_FLAG_FN_ALIGN

    +

    XN_FLAG_COMPAT uses a format identical to X509_NAME_print(): in fact it calls X509_NAME_print() internally.

    +

    +

    +
    +

    RETURN VALUES

    +

    X509_NAME_oneline() returns a valid string on success or NULL on error.

    +

    X509_NAME_print() returns 1 on success or 0 on error.

    +

    X509_NAME_print_ex() and X509_NAME_print_ex_fp() return 1 on success or 0 on error +if the XN_FLAG_COMPAT is set, which is the same as X509_NAME_print(). Otherwise, +it returns -1 on error or other values on success.

    +

    +

    +
    +

    SEE ALSO

    +

    ASN1_STRING_print_ex(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/X509_PUBKEY_new.html b/linux_amd64/share/doc/openssl/html/man3/X509_PUBKEY_new.html new file mode 100755 index 0000000..4a637eb --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/X509_PUBKEY_new.html @@ -0,0 +1,147 @@ + + + + +X509_PUBKEY_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_PUBKEY_new, X509_PUBKEY_free, X509_PUBKEY_dup, +X509_PUBKEY_set, X509_PUBKEY_get0, X509_PUBKEY_get, +d2i_PUBKEY, i2d_PUBKEY, d2i_PUBKEY_bio, d2i_PUBKEY_fp, +i2d_PUBKEY_fp, i2d_PUBKEY_bio, X509_PUBKEY_set0_param, +X509_PUBKEY_get0_param - SubjectPublicKeyInfo public key functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509.h>
    +
    + X509_PUBKEY *X509_PUBKEY_new(void);
+ void X509_PUBKEY_free(X509_PUBKEY *a);
+ X509_PUBKEY *X509_PUBKEY_dup(const X509_PUBKEY *a);
    +
    + int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey);
+ EVP_PKEY *X509_PUBKEY_get0(X509_PUBKEY *key);
+ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key);
    +
    + EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length);
+ int i2d_PUBKEY(const EVP_PKEY *a, unsigned char **pp);
    +
    + EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
+ EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
    +
    + int i2d_PUBKEY_fp(const FILE *fp, EVP_PKEY *pkey);
+ int i2d_PUBKEY_bio(BIO *bp, const EVP_PKEY *pkey);
    +
    + int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
+                            int ptype, void *pval,
+                            unsigned char *penc, int penclen);
+ int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg,
+                            const unsigned char **pk, int *ppklen,
+                            X509_ALGOR **pa, X509_PUBKEY *pub);
    +

    +

    +
    +

    DESCRIPTION

    +

    The X509_PUBKEY structure represents the ASN.1 SubjectPublicKeyInfo +structure defined in RFC5280 and used in certificates and certificate requests.

    +

    X509_PUBKEY_new() allocates and initializes an X509_PUBKEY structure.

    +

    X509_PUBKEY_free() frees up X509_PUBKEY structure a. If a is NULL +nothing is done.

    +

    X509_PUBKEY_set() sets the public key in *x to the public key contained +in the EVP_PKEY structure pkey. If *x is not NULL any existing +public key structure will be freed.

    +

    X509_PUBKEY_get0() returns the public key contained in key. The returned +value is an internal pointer which MUST NOT be freed after use.

    +

    X509_PUBKEY_get() is similar to X509_PUBKEY_get0() except the reference +count on the returned key is incremented so it MUST be freed using +EVP_PKEY_free() after use.

    +

    d2i_PUBKEY() and i2d_PUBKEY() decode and encode an EVP_PKEY structure +using SubjectPublicKeyInfo format. They otherwise follow the conventions of +other ASN.1 functions such as d2i_X509().

    +

    d2i_PUBKEY_bio(), d2i_PUBKEY_fp(), i2d_PUBKEY_bio() and i2d_PUBKEY_fp() are +similar to d2i_PUBKEY() and i2d_PUBKEY() except they decode or encode using a +BIO or FILE pointer.

    +

    X509_PUBKEY_set0_param() sets the public key parameters of pub. The +OID associated with the algorithm is set to aobj. The type of the +algorithm parameters is set to type using the structure pval. +The encoding of the public key itself is set to the penclen +bytes contained in buffer penc. On success ownership of all the supplied +parameters is passed to pub so they must not be freed after the +call.

    +

    X509_PUBKEY_get0_param() retrieves the public key parameters from pub, +*ppkalg is set to the associated OID and the encoding consists of +*ppklen bytes at *pk, *pa is set to the associated +AlgorithmIdentifier for the public key. If the value of any of these +parameters is not required it can be set to NULL. All of the +retrieved pointers are internal and must not be freed after the +call.

    +

    +

    +
    +

    NOTES

    +

    The X509_PUBKEY functions can be used to encode and decode public keys +in a standard format.

    +

    In many cases applications will not call the X509_PUBKEY functions +directly: they will instead call wrapper functions such as X509_get0_pubkey().

    +

    +

    +
    +

    RETURN VALUES

    +

    If the allocation fails, X509_PUBKEY_new() returns NULL and sets an error +code that can be obtained by ERR_get_error(3).

    +

    Otherwise it returns a pointer to the newly allocated structure.

    +

    X509_PUBKEY_free() does not return a value.

    +

    X509_PUBKEY_get0() and X509_PUBKEY_get() return a pointer to an EVP_PKEY +structure or NULL if an error occurs.

    +

    X509_PUBKEY_set(), X509_PUBKEY_set0_param() and X509_PUBKEY_get0_param() +return 1 for success and 0 if an error occurred.

    +

    +

    +
    +

    SEE ALSO

    +

    d2i_X509(3), +ERR_get_error(3), +X509_get_pubkey(3),

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/X509_SIG_get0.html b/linux_amd64/share/doc/openssl/html/man3/X509_SIG_get0.html new file mode 100755 index 0000000..fa48622 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/X509_SIG_get0.html @@ -0,0 +1,77 @@ + + + + +X509_SIG_get0 + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_SIG_get0, X509_SIG_getm - DigestInfo functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509.h>
    +
    + void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg,
+                    const ASN1_OCTET_STRING **pdigest);
+ void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg,
+                    ASN1_OCTET_STRING **pdigest,
    +

    +

    +
    +

    DESCRIPTION

    +

    X509_SIG_get0() returns pointers to the algorithm identifier and digest +value in sig. X509_SIG_getm() is identical to X509_SIG_get0() +except the pointers returned are not constant and can be modified: +for example to initialise them.

    +

    +

    +
    +

    RETURN VALUES

    +

    X509_SIG_get0() and X509_SIG_getm() return no values.

    +

    +

    +
    +

    SEE ALSO

    +

    d2i_X509(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/X509_STORE_CTX_get_error.html b/linux_amd64/share/doc/openssl/html/man3/X509_STORE_CTX_get_error.html new file mode 100755 index 0000000..bb2183d --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/X509_STORE_CTX_get_error.html @@ -0,0 +1,550 @@ + + + + +X509_STORE_CTX_get_error + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_STORE_CTX_get_error, X509_STORE_CTX_set_error, +X509_STORE_CTX_get_error_depth, X509_STORE_CTX_set_error_depth, +X509_STORE_CTX_get_current_cert, X509_STORE_CTX_set_current_cert, +X509_STORE_CTX_get0_cert, X509_STORE_CTX_get1_chain, +X509_verify_cert_error_string - get or set certificate verification status +information

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509.h>
    +
    + int   X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
+ void  X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s);
+ int   X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
+ void  X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth);
+ X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
+ void  X509_STORE_CTX_set_current_cert(X509_STORE_CTX *ctx, X509 *x);
+ X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx);
    +
    + STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx);
    +
    + const char *X509_verify_cert_error_string(long n);
    +

    +

    +
    +

    DESCRIPTION

    +

    These functions are typically called after X509_verify_cert() has indicated +an error or in a verification callback to determine the nature of an error.

    +

    X509_STORE_CTX_get_error() returns the error code of ctx, see +the ERROR CODES section for a full description of all error codes.

    +

    X509_STORE_CTX_set_error() sets the error code of ctx to s. For example +it might be used in a verification callback to set an error based on additional +checks.

    +

    X509_STORE_CTX_get_error_depth() returns the depth of the error. This is a +non-negative integer representing where in the certificate chain the error +occurred. If it is zero it occurred in the end entity certificate, one if +it is the certificate which signed the end entity certificate and so on.

    +

    X509_STORE_CTX_set_error_depth() sets the error depth. +This can be used in combination with X509_STORE_CTX_set_error() to set the +depth at which an error condition was detected.

    +

    X509_STORE_CTX_get_current_cert() returns the certificate in ctx which +caused the error or NULL if no certificate is relevant.

    +

    X509_STORE_CTX_set_current_cert() sets the certificate x in ctx which +caused the error. +This value is not intended to remain valid for very long, and remains owned by +the caller. +It may be examined by a verification callback invoked to handle each error +encountered during chain verification and is no longer required after such a +callback. +If a callback wishes the save the certificate for use after it returns, it +needs to increment its reference count via X509_up_ref(3). +Once such a saved certificate is no longer needed it can be freed with +X509_free(3).

    +

    X509_STORE_CTX_get0_cert() retrieves an internal pointer to the +certificate being verified by the ctx.

    +

    X509_STORE_CTX_get1_chain() returns a complete validate chain if a previous +call to X509_verify_cert() is successful. If the call to X509_verify_cert() +is not successful the returned chain may be incomplete or invalid. The +returned chain persists after the ctx structure is freed, when it is +no longer needed it should be free up using:

    +
    + sk_X509_pop_free(chain, X509_free);
    +

    X509_verify_cert_error_string() returns a human readable error string for +verification error n.

    +

    +

    +
    +

    RETURN VALUES

    +

    X509_STORE_CTX_get_error() returns X509_V_OK or an error code.

    +

    X509_STORE_CTX_get_error_depth() returns a non-negative error depth.

    +

    X509_STORE_CTX_get_current_cert() returns the certificate which caused the +error or NULL if no certificate is relevant to the error.

    +

    X509_verify_cert_error_string() returns a human readable error string for +verification error n.

    +

    +

    +
    +

    ERROR CODES

    +

    A list of error codes and messages is shown below. Some of the +error codes are defined but currently never returned: these are described as +"unused".

    +
    +
    X509_V_OK: ok
    + +
    +

    The operation was successful.

    +
    +
    X509_V_ERR_UNSPECIFIED: unspecified certificate verification error
    + +
    +

    Unspecified error; should not happen.

    +
    +
    X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certificate
    + +
    +

    The issuer certificate of a locally looked up certificate could not be found. +This normally means the list of trusted certificates is not complete.

    +
    +
    X509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate CRL
    + +
    +

    The CRL of a certificate could not be found.

    +
    +
    X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature
    + +
    +

    The certificate signature could not be decrypted. This means that the actual +signature value could not be determined rather than it not matching the +expected value, this is only meaningful for RSA keys.

    +
    +
    X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt CRL's signature
    + +
    +

    The CRL signature could not be decrypted: this means that the actual signature +value could not be determined rather than it not matching the expected value. +Unused.

    +
    +
    X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: unable to decode issuer public key
    + +
    +

    The public key in the certificate SubjectPublicKeyInfo field could +not be read.

    +
    +
    X509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure
    + +
    +

    The signature of the certificate is invalid.

    +
    +
    X509_V_ERR_CRL_SIGNATURE_FAILURE: CRL signature failure
    + +
    +

    The signature of the certificate is invalid.

    +
    +
    X509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid
    + +
    +

    The certificate is not yet valid: the notBefore date is after the +current time.

    +
    +
    X509_V_ERR_CERT_HAS_EXPIRED: certificate has expired
    + +
    +

    The certificate has expired: that is the notAfter date is before the +current time.

    +
    +
    X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid
    + +
    +

    The CRL is not yet valid.

    +
    +
    X509_V_ERR_CRL_HAS_EXPIRED: CRL has expired
    + +
    +

    The CRL has expired.

    +
    +
    X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field
    + +
    +

    The certificate notBefore field contains an invalid time.

    +
    +
    X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: format error in certificate's notAfter field
    + +
    +

    The certificate notAfter field contains an invalid time.

    +
    +
    X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in CRL's lastUpdate field
    + +
    +

    The CRL lastUpdate field contains an invalid time.

    +
    +
    X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in CRL's nextUpdate field
    + +
    +

    The CRL nextUpdate field contains an invalid time.

    +
    +
    X509_V_ERR_OUT_OF_MEM: out of memory
    + +
    +

    An error occurred trying to allocate memory.

    +
    +
    X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self signed certificate
    + +
    +

    The passed certificate is self-signed and the same certificate cannot be found +in the list of trusted certificates.

    +
    +
    X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain
    + +
    +

    The certificate chain could be built up using the untrusted certificates but +the root could not be found locally.

    +
    +
    X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate
    + +
    +

    The issuer certificate could not be found: this occurs if the issuer certificate +of an untrusted certificate cannot be found.

    +
    +
    X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate
    + +
    +

    No signatures could be verified because the chain contains only one certificate +and it is not self signed.

    +
    +
    X509_V_ERR_CERT_CHAIN_TOO_LONG: certificate chain too long
    + +
    +

    The certificate chain length is greater than the supplied maximum depth. Unused.

    +
    +
    X509_V_ERR_CERT_REVOKED: certificate revoked
    + +
    +

    The certificate has been revoked.

    +
    +
    X509_V_ERR_INVALID_CA: invalid CA certificate
    + +
    +

    A CA certificate is invalid. Either it is not a CA or its extensions are not +consistent with the supplied purpose.

    +
    +
    X509_V_ERR_PATH_LENGTH_EXCEEDED: path length constraint exceeded
    + +
    +

    The basicConstraints path-length parameter has been exceeded.

    +
    +
    X509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose
    + +
    +

    The supplied certificate cannot be used for the specified purpose.

    +
    +
    X509_V_ERR_CERT_UNTRUSTED: certificate not trusted
    + +
    +

    The root CA is not marked as trusted for the specified purpose.

    +
    +
    X509_V_ERR_CERT_REJECTED: certificate rejected
    + +
    +

    The root CA is marked to reject the specified purpose.

    +
    +
    X509_V_ERR_SUBJECT_ISSUER_MISMATCH: subject issuer mismatch
    + +
    +

    The current candidate issuer certificate was rejected because its subject name +did not match the issuer name of the current certificate.

    +
    +
    X509_V_ERR_AKID_SKID_MISMATCH: authority and subject key identifier mismatch
    + +
    +

    The current candidate issuer certificate was rejected because its subject key +identifier was present and did not match the authority key identifier current +certificate. +Not used as of OpenSSL 1.1.0.

    +
    +
    X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: authority and issuer serial number mismatch
    + +
    +

    The current candidate issuer certificate was rejected because its issuer name +and serial number was present and did not match the authority key identifier of +the current certificate. +Not used as of OpenSSL 1.1.0.

    +
    +
    X509_V_ERR_KEYUSAGE_NO_CERTSIGN:key usage does not include certificate signing
    + +
    +

    The current candidate issuer certificate was rejected because its keyUsage +extension does not permit certificate signing. +Not used as of OpenSSL 1.1.0.

    +
    +
    X509_V_ERR_INVALID_EXTENSION: invalid or inconsistent certificate extension
    + +
    +

    A certificate extension had an invalid value (for example an incorrect +encoding) or some value inconsistent with other extensions.

    +
    +
    X509_V_ERR_INVALID_POLICY_EXTENSION: invalid or inconsistent certificate policy extension
    + +
    +

    A certificate policies extension had an invalid value (for example an incorrect +encoding) or some value inconsistent with other extensions. This error only +occurs if policy processing is enabled.

    +
    +
    X509_V_ERR_NO_EXPLICIT_POLICY: no explicit policy
    + +
    +

    The verification flags were set to require and explicit policy but none was +present.

    +
    +
    X509_V_ERR_DIFFERENT_CRL_SCOPE: Different CRL scope
    + +
    +

    The only CRLs that could be found did not match the scope of the certificate.

    +
    +
    X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE: Unsupported extension feature
    + +
    +

    Some feature of a certificate extension is not supported. Unused.

    +
    +
    X509_V_ERR_PERMITTED_VIOLATION: permitted subtree violation
    + +
    +

    A name constraint violation occurred in the permitted subtrees.

    +
    +
    X509_V_ERR_EXCLUDED_VIOLATION: excluded subtree violation
    + +
    +

    A name constraint violation occurred in the excluded subtrees.

    +
    +
    X509_V_ERR_SUBTREE_MINMAX: name constraints minimum and maximum not supported
    + +
    +

    A certificate name constraints extension included a minimum or maximum field: +this is not supported.

    +
    +
    X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: unsupported name constraint type
    + +
    +

    An unsupported name constraint type was encountered. OpenSSL currently only +supports directory name, DNS name, email and URI types.

    +
    +
    X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: unsupported or invalid name constraint syntax
    + +
    +

    The format of the name constraint is not recognised: for example an email +address format of a form not mentioned in RFC3280. This could be caused by +a garbage extension or some new feature not currently supported.

    +
    +
    X509_V_ERR_CRL_PATH_VALIDATION_ERROR: CRL path validation error
    + +
    +

    An error occurred when attempting to verify the CRL path. This error can only +happen if extended CRL checking is enabled.

    +
    +
    X509_V_ERR_APPLICATION_VERIFICATION: application verification failure
    + +
    +

    An application specific error. This will never be returned unless explicitly +set by an application callback.

    +
    +
    X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER: unable to get CRL issuer certificate
    + +
    +

    Unable to get CRL issuer certificate.

    +
    +
    X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION: unhandled critical extension
    + +
    +

    Unhandled critical extension.

    +
    +
    X509_V_ERR_KEYUSAGE_NO_CRL_SIGN: key usage does not include CRL signing
    + +
    +

    Key usage does not include CRL signing.

    +
    +
    X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION: unhandled critical CRL extension
    + +
    +

    Unhandled critical CRL extension.

    +
    +
    X509_V_ERR_INVALID_NON_CA: invalid non-CA certificate (has CA markings)
    + +
    +

    Invalid non-CA certificate has CA markings.

    +
    +
    X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED: proxy path length contraint exceeded
    + +
    +

    Proxy path length constraint exceeded.

    +
    +
    X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE: key usage does not include digital signature
    + +
    +

    Key usage does not include digital signature, and therefore cannot sign +certificates.

    +
    +
    X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED: proxy certificates not allowed, please set the appropriate flag
    + +
    +

    Proxy certificates not allowed unless the -allow_proxy_certs option is used.

    +
    +
    X509_V_ERR_UNNESTED_RESOURCE: RFC 3779 resource not subset of parent's resrouces
    + +
    +

    See RFC 3779 for details.

    +
    +
    X509_V_ERR_UNSUPPORTED_NAME_SYNTAX: unsupported or invalid name syntax
    + +
    +

    Unsupported or invalid name syntax.

    +
    +
    X509_V_ERR_PATH_LOOP: path loop
    + +
    +

    Path loop.

    +
    +
    X509_V_ERR_HOSTNAME_MISMATCH: hostname mismatch
    + +
    +

    Hostname mismatch.

    +
    +
    X509_V_ERR_EMAIL_MISMATCH: email address mismatch
    + +
    +

    Email address mismatch.

    +
    +
    X509_V_ERR_IP_ADDRESS_MISMATCH: IP address mismatch
    + +
    +

    IP address mismatch.

    +
    +
    X509_V_ERR_DANE_NO_MATCH: no matching DANE TLSA records
    + +
    +

    DANE TLSA authentication is enabled, but no TLSA records matched the +certificate chain. +This error is only possible in openssl-s_client(1).

    +
    +
    X509_V_ERR_EE_KEY_TOO_SMALL: EE certificate key too weak
    + +
    +

    EE certificate key too weak.

    +
    +
    X509_ERR_CA_KEY_TOO_SMALL: CA certificate key too weak
    + +
    +

    CA certificate key too weak.

    +
    +
    X509_ERR_CA_MD_TOO_WEAK: CA signature digest algorithm too weak
    + +
    +

    CA signature digest algorithm too weak.

    +
    +
    X509_V_ERR_INVALID_CALL: invalid certificate verification context
    + +
    +

    invalid certificate verification context.

    +
    +
    X509_V_ERR_STORE_LOOKUP: issuer certificate lookup error
    + +
    +

    Issuer certificate lookup error.

    +
    +
    X509_V_ERR_NO_VALID_SCTS: certificate transparency required, but no valid SCTs found
    + +
    +

    Certificate Transparency required, but no valid SCTs found.

    +
    +
    X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION: proxy subject name violation
    + +
    +

    Proxy subject name violation.

    +
    +
    X509_V_ERR_OCSP_VERIFY_NEEDED: OCSP verification needed
    + +
    +

    Returned by the verify callback to indicate an OCSP verification is needed.

    +
    +
    X509_V_ERR_OCSP_VERIFY_FAILED: OCSP verification failed
    + +
    +

    Returned by the verify callback to indicate OCSP verification failed.

    +
    +
    X509_V_ERR_OCSP_CERT_UNKNOWN: OCSP unknown cert
    + +
    +

    Returned by the verify callback to indicate that the certificate is not +recognized by the OCSP responder.

    + +
  • 509_V_ERROR_NO_ISSUER_PUBLI_KEY, issuer certificate doesn't have a public key + +

    The issuer certificate does not have a public key.

    +
    • +
    X509_V_ERROR_SIGNATURE_ALGORITHM_MISMATCH, Subject signature algorithm and issuer public key algoritm mismatch
    + +
    +

    The issuer's public key is not of the type required by the signature in +the subject's certificate.

    +
    +
    +

    +

    +
    +

    NOTES

    +

    The above functions should be used instead of directly referencing the fields +in the X509_VERIFY_CTX structure.

    +

    In versions of OpenSSL before 1.0 the current certificate returned by +X509_STORE_CTX_get_current_cert() was never NULL. Applications should +check the return value before printing out any debugging information relating +to the current certificate.

    +

    If an unrecognised error code is passed to X509_verify_cert_error_string() the +numerical value of the unknown code is returned in a static buffer. This is not +thread safe but will never happen unless an invalid code is passed.

    +

    +

    +
    +

    SEE ALSO

    +

    X509_verify_cert(3), +X509_up_ref(3), +X509_free(3).

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/X509_STORE_CTX_new.html b/linux_amd64/share/doc/openssl/html/man3/X509_STORE_CTX_new.html new file mode 100755 index 0000000..9cf6ede --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/X509_STORE_CTX_new.html @@ -0,0 +1,195 @@ + + + + +X509_STORE_CTX_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_STORE_CTX_new, X509_STORE_CTX_cleanup, X509_STORE_CTX_free, +X509_STORE_CTX_init, X509_STORE_CTX_set0_trusted_stack, X509_STORE_CTX_set_cert, +X509_STORE_CTX_set0_crls, +X509_STORE_CTX_get0_chain, X509_STORE_CTX_set0_verified_chain, +X509_STORE_CTX_get0_param, X509_STORE_CTX_set0_param, +X509_STORE_CTX_get0_untrusted, X509_STORE_CTX_set0_untrusted, +X509_STORE_CTX_get_num_untrusted, +X509_STORE_CTX_set_default, +X509_STORE_CTX_set_verify, +X509_STORE_CTX_verify_fn +- X509_STORE_CTX initialisation

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509_vfy.h>
    +
    + X509_STORE_CTX *X509_STORE_CTX_new(void);
+ void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
+ void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
    +
    + int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
+                         X509 *x509, STACK_OF(X509) *chain);
    +
    + void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
    +
    + void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x);
+ STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx);
+ void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *chain);
+ void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk);
    +
    + X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx);
+ void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param);
+ int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name);
    +
    + STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx);
+ void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
    +
    + int X509_STORE_CTX_get_num_untrusted(X509_STORE_CTX *ctx);
    +
    + typedef int (*X509_STORE_CTX_verify_fn)(X509_STORE_CTX *);
+ void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, X509_STORE_CTX_verify_fn verify);
    +

    +

    +
    +

    DESCRIPTION

    +

    These functions initialise an X509_STORE_CTX structure for subsequent use +by X509_verify_cert().

    +

    X509_STORE_CTX_new() returns a newly initialised X509_STORE_CTX structure.

    +

    X509_STORE_CTX_cleanup() internally cleans up an X509_STORE_CTX structure. +The context can then be reused with an new call to X509_STORE_CTX_init().

    +

    X509_STORE_CTX_free() completely frees up ctx. After this call ctx +is no longer valid. +If ctx is NULL nothing is done.

    +

    X509_STORE_CTX_init() sets up ctx for a subsequent verification operation. +It must be called before each call to X509_verify_cert(), i.e. a ctx is only +good for one call to X509_verify_cert(); if you want to verify a second +certificate with the same ctx then you must call X509_STORE_CTX_cleanup() +and then X509_STORE_CTX_init() again before the second call to +X509_verify_cert(). The trusted certificate store is set to store, the end +entity certificate to be verified is set to x509 and a set of additional +certificates (which will be untrusted but may be used to build the chain) in +chain. Any or all of the store, x509 and chain parameters can be +NULL.

    +

    X509_STORE_CTX_set0_trusted_stack() sets the set of trusted certificates of +ctx to sk. This is an alternative way of specifying trusted certificates +instead of using an X509_STORE.

    +

    X509_STORE_CTX_set_cert() sets the certificate to be verified in ctx to +x.

    +

    X509_STORE_CTX_set0_verified_chain() sets the validated chain used +by ctx to be chain. +Ownership of the chain is transferred to ctx and should not be +free'd by the caller. +X509_STORE_CTX_get0_chain() returns a the internal pointer used by the +ctx that contains the validated chain.

    +

    X509_STORE_CTX_set0_crls() sets a set of CRLs to use to aid certificate +verification to sk. These CRLs will only be used if CRL verification is +enabled in the associated X509_VERIFY_PARAM structure. This might be +used where additional "useful" CRLs are supplied as part of a protocol, +for example in a PKCS#7 structure.

    +

    X509_STORE_CTX_get0_param() retrieves an internal pointer +to the verification parameters associated with ctx.

    +

    X509_STORE_CTX_get0_untrusted() retrieves an internal pointer to the +stack of untrusted certificates associated with ctx.

    +

    X509_STORE_CTX_set0_untrusted() sets the internal point to the stack +of untrusted certificates associated with ctx to sk.

    +

    X509_STORE_CTX_set0_param() sets the internal verification parameter pointer +to param. After this call param should not be used.

    +

    X509_STORE_CTX_set_default() looks up and sets the default verification +method to name. This uses the function X509_VERIFY_PARAM_lookup() to +find an appropriate set of parameters from name.

    +

    X509_STORE_CTX_get_num_untrusted() returns the number of untrusted certificates +that were used in building the chain following a call to X509_verify_cert().

    +

    X509_STORE_CTX_set_verify() provides the capability for overriding the default +verify function. This function is responsible for verifying chain signatures and +expiration times.

    +

    A verify function is defined as an X509_STORE_CTX_verify type which has the +following signature:

    +
    + int (*verify)(X509_STORE_CTX *);
    +

    This function should receive the current X509_STORE_CTX as a parameter and +return 1 on success or 0 on failure.

    +

    +

    +
    +

    NOTES

    +

    The certificates and CRLs in a store are used internally and should not +be freed up until after the associated X509_STORE_CTX is freed.

    +

    +

    +
    +

    BUGS

    +

    The certificates and CRLs in a context are used internally and should not +be freed up until after the associated X509_STORE_CTX is freed. Copies +should be made or reference counts increased instead.

    +

    +

    +
    +

    RETURN VALUES

    +

    X509_STORE_CTX_new() returns an newly allocates context or NULL is an +error occurred.

    +

    X509_STORE_CTX_init() returns 1 for success or 0 if an error occurred.

    +

    X509_STORE_CTX_get0_param() returns a pointer to an X509_VERIFY_PARAM +structure or NULL if an error occurred.

    +

    X509_STORE_CTX_cleanup(), X509_STORE_CTX_free(), +X509_STORE_CTX_set0_trusted_stack(), +X509_STORE_CTX_set_cert(), +X509_STORE_CTX_set0_crls() and X509_STORE_CTX_set0_param() do not return +values.

    +

    X509_STORE_CTX_set_default() returns 1 for success or 0 if an error occurred.

    +

    X509_STORE_CTX_get_num_untrusted() returns the number of untrusted certificates +used.

    +

    +

    +
    +

    SEE ALSO

    +

    X509_verify_cert(3) +X509_VERIFY_PARAM_set_flags(3)

    +

    +

    +
    +

    HISTORY

    +

    The X509_STORE_CTX_set0_crls() function was added in OpenSSL 1.0.0. +The X509_STORE_CTX_get_num_untrusted() function was added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/X509_STORE_CTX_set_verify_cb.html b/linux_amd64/share/doc/openssl/html/man3/X509_STORE_CTX_set_verify_cb.html new file mode 100755 index 0000000..b153188 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/X509_STORE_CTX_set_verify_cb.html @@ -0,0 +1,255 @@ + + + + +X509_STORE_CTX_set_verify_cb + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_STORE_CTX_get_cleanup, +X509_STORE_CTX_get_lookup_crls, +X509_STORE_CTX_get_lookup_certs, +X509_STORE_CTX_get_check_policy, +X509_STORE_CTX_get_cert_crl, +X509_STORE_CTX_get_check_crl, +X509_STORE_CTX_get_get_crl, +X509_STORE_CTX_get_check_revocation, +X509_STORE_CTX_get_check_issued, +X509_STORE_CTX_get_get_issuer, +X509_STORE_CTX_get_verify_cb, +X509_STORE_CTX_set_verify_cb, +X509_STORE_CTX_verify_cb, +X509_STORE_CTX_print_verify_cb +- get and set X509_STORE_CTX components such as verification callback

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509_vfy.h>
    +
    + typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *);
+ int X509_STORE_CTX_print_verify_cb(int ok, X509_STORE_CTX *ctx);
    +
    + X509_STORE_CTX_verify_cb X509_STORE_CTX_get_verify_cb(X509_STORE_CTX *ctx);
    +
    + void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
+                                   X509_STORE_CTX_verify_cb verify_cb);
    +
    + X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(X509_STORE_CTX *ctx);
+ X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(X509_STORE_CTX *ctx);
+ X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(X509_STORE_CTX *ctx);
+ X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(X509_STORE_CTX *ctx);
+ X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(X509_STORE_CTX *ctx);
+ X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(X509_STORE_CTX *ctx);
+ X509_STORE_CTX_check_policy_fn X509_STORE_CTX_get_check_policy(X509_STORE_CTX *ctx);
+ X509_STORE_CTX_lookup_certs_fn X509_STORE_CTX_get_lookup_certs(X509_STORE_CTX *ctx);
+ X509_STORE_CTX_lookup_crls_fn X509_STORE_CTX_get_lookup_crls(X509_STORE_CTX *ctx);
+ X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(X509_STORE_CTX *ctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    X509_STORE_CTX_set_verify_cb() sets the verification callback of ctx to +verify_cb overwriting any existing callback.

    +

    The verification callback can be used to customise the operation of certificate +verification, either by overriding error conditions or logging errors for +debugging purposes.

    +

    However a verification callback is not essential and the default operation +is often sufficient.

    +

    The ok parameter to the callback indicates the value the callback should +return to retain the default behaviour. If it is zero then an error condition +is indicated. If it is 1 then no error occurred. If the flag +X509_V_FLAG_NOTIFY_POLICY is set then ok is set to 2 to indicate the +policy checking is complete.

    +

    The ctx parameter to the callback is the X509_STORE_CTX structure that +is performing the verification operation. A callback can examine this +structure and receive additional information about the error, for example +by calling X509_STORE_CTX_get_current_cert(). Additional application data can +be passed to the callback via the ex_data mechanism.

    +

    X509_STORE_CTX_print_verify_cb() is a verification callback function that, +when a certificate verification has failed, adds an entry to the error queue +with code X509_R_CERTIFICATE_VERIFICATION_FAILED and with diagnostic details, +including the most relevant fields of the target certificate that failed to +verify and, if appropriate, of the available untrusted and trusted certificates.

    +

    X509_STORE_CTX_get_verify_cb() returns the value of the current callback +for the specific ctx.

    +

    X509_STORE_CTX_get_get_issuer(), +X509_STORE_CTX_get_check_issued(), X509_STORE_CTX_get_check_revocation(), +X509_STORE_CTX_get_get_crl(), X509_STORE_CTX_get_check_crl(), +X509_STORE_CTX_get_cert_crl(), X509_STORE_CTX_get_check_policy(), +X509_STORE_CTX_get_lookup_certs(), X509_STORE_CTX_get_lookup_crls() +and X509_STORE_CTX_get_cleanup() return the function pointers cached +from the corresponding X509_STORE, please see +X509_STORE_set_verify(3) for more information.

    +

    +

    +
    +

    WARNINGS

    +

    In general a verification callback should NOT unconditionally return 1 in +all circumstances because this will allow verification to succeed no matter +what the error. This effectively removes all security from the application +because any certificate (including untrusted generated ones) will be +accepted.

    +

    +

    +
    +

    NOTES

    +

    The verification callback can be set and inherited from the parent structure +performing the operation. In some cases (such as S/MIME verification) the +X509_STORE_CTX structure is created and destroyed internally and the +only way to set a custom verification callback is by inheriting it from the +associated X509_STORE.

    +

    +

    +
    +

    RETURN VALUES

    +

    X509_STORE_CTX_set_verify_cb() does not return a value.

    +

    +

    +
    +

    EXAMPLES

    +

    Default callback operation:

    +
    + int verify_callback(int ok, X509_STORE_CTX *ctx) {
+     return ok;
+ }
    +

    Simple example, suppose a certificate in the chain is expired and we wish +to continue after this error:

    +
    + int verify_callback(int ok, X509_STORE_CTX *ctx) {
+     /* Tolerate certificate expiration */
+     if (X509_STORE_CTX_get_error(ctx) == X509_V_ERR_CERT_HAS_EXPIRED)
+         return 1;
+     /* Otherwise don't override */
+     return ok;
+ }
    +

    More complex example, we don't wish to continue after any certificate has +expired just one specific case:

    +
    + int verify_callback(int ok, X509_STORE_CTX *ctx)
+ {
+     int err = X509_STORE_CTX_get_error(ctx);
+     X509 *err_cert = X509_STORE_CTX_get_current_cert(ctx);
    +
    +     if (err == X509_V_ERR_CERT_HAS_EXPIRED) {
+         if (check_is_acceptable_expired_cert(err_cert)
+             return 1;
+     }
+     return ok;
+ }
    +

    Full featured logging callback. In this case the bio_err is assumed to be +a global logging BIO, an alternative would to store a BIO in ctx using +ex_data.

    +
    + int verify_callback(int ok, X509_STORE_CTX *ctx)
+ {
+     X509 *err_cert;
+     int err, depth;
    +
    +     err_cert = X509_STORE_CTX_get_current_cert(ctx);
+     err = X509_STORE_CTX_get_error(ctx);
+     depth = X509_STORE_CTX_get_error_depth(ctx);
    +
    +     BIO_printf(bio_err, "depth=%d ", depth);
+     if (err_cert) {
+         X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert),
+                            0, XN_FLAG_ONELINE);
+         BIO_puts(bio_err, "\n");
+     }
+     else
+         BIO_puts(bio_err, "<no cert>\n");
+     if (!ok)
+         BIO_printf(bio_err, "verify error:num=%d:%s\n", err,
+                    X509_verify_cert_error_string(err));
+     switch (err) {
+     case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
+         BIO_puts(bio_err, "issuer= ");
+         X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert),
+                            0, XN_FLAG_ONELINE);
+         BIO_puts(bio_err, "\n");
+         break;
+     case X509_V_ERR_CERT_NOT_YET_VALID:
+     case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
+         BIO_printf(bio_err, "notBefore=");
+         ASN1_TIME_print(bio_err, X509_get_notBefore(err_cert));
+         BIO_printf(bio_err, "\n");
+         break;
+     case X509_V_ERR_CERT_HAS_EXPIRED:
+     case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
+         BIO_printf(bio_err, "notAfter=");
+         ASN1_TIME_print(bio_err, X509_get_notAfter(err_cert));
+         BIO_printf(bio_err, "\n");
+         break;
+     case X509_V_ERR_NO_EXPLICIT_POLICY:
+         policies_print(bio_err, ctx);
+         break;
+     }
+     if (err == X509_V_OK && ok == 2)
+         /* print out policies */
    +
    +     BIO_printf(bio_err, "verify return:%d\n", ok);
+     return(ok);
+ }
    +

    +

    +
    +

    SEE ALSO

    +

    X509_STORE_CTX_get_error(3) +X509_STORE_set_verify_cb_func(3) +X509_STORE_CTX_get_ex_new_index(3)

    +

    +

    +
    +

    HISTORY

    +

    The +X509_STORE_CTX_get_get_issuer(), +X509_STORE_CTX_get_check_issued(), X509_STORE_CTX_get_check_revocation(), +X509_STORE_CTX_get_get_crl(), X509_STORE_CTX_get_check_crl(), +X509_STORE_CTX_get_cert_crl(), X509_STORE_CTX_get_check_policy(), +X509_STORE_CTX_get_lookup_certs(), X509_STORE_CTX_get_lookup_crls() +and X509_STORE_CTX_get_cleanup() functions were added in OpenSSL 1.1.0.

    +

    X509_STORE_CTX_print_verify_cb() was added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/X509_STORE_add_cert.html b/linux_amd64/share/doc/openssl/html/man3/X509_STORE_add_cert.html new file mode 100755 index 0000000..914bc72 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/X509_STORE_add_cert.html @@ -0,0 +1,161 @@ + + + + +X509_STORE_add_cert + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_STORE, +X509_STORE_add_cert, X509_STORE_add_crl, X509_STORE_set_depth, +X509_STORE_set_flags, X509_STORE_set_purpose, X509_STORE_set_trust, +X509_STORE_add_lookup, +X509_STORE_load_file, X509_STORE_load_path, X509_STORE_load_store, +X509_STORE_set_default_paths, +X509_STORE_load_locations +- X509_STORE manipulation

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509_vfy.h>
    +
    + typedef x509_store_st X509_STORE;
    +
    + int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
+ int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
+ int X509_STORE_set_depth(X509_STORE *store, int depth);
+ int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);
+ int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
+ int X509_STORE_set_trust(X509_STORE *ctx, int trust);
    +
    + X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *store,
+                                    X509_LOOKUP_METHOD *meth);
    +
    + int X509_STORE_set_default_paths(X509_STORE *ctx);
+ int X509_STORE_load_file(X509_STORE *ctx, const char *file);
+ int X509_STORE_load_path(X509_STORE *ctx, const char *dir);
+ int X509_STORE_load_store(X509_STORE *ctx, const char *uri);
    +

    Deprecated:

    +
    + int X509_STORE_load_locations(X509_STORE *ctx,
+                               const char *file, const char *dir);
    +

    +

    +
    +

    DESCRIPTION

    +

    The X509_STORE structure is intended to be a consolidated mechanism for +holding information about X.509 certificates and CRLs, and constructing +and validating chains of certificates terminating in trusted roots. +It admits multiple lookup mechanisms and efficient scaling performance +with large numbers of certificates, and a great deal of flexibility in +how validation and policy checks are performed.

    +

    X509_STORE_new(3) creates an empty X509_STORE structure, which contains +no information about trusted certificates or where such certificates +are located on disk, and is generally not usable. Normally, trusted +certificates will be added to the X509_STORE to prepare it for use, +via mechanisms such as X509_STORE_add_lookup() and X509_LOOKUP_file(), or +PEM_read_bio_X509_AUX() and X509_STORE_add_cert(). CRLs can also be added, +and many behaviors configured as desired.

    +

    Once the X509_STORE is suitably configured, X509_STORE_CTX_new() is +used to instantiate a single-use X509_STORE_CTX for each chain-building +and verification operation. That process includes providing the end-entity +certificate to be verified and an additional set of untrusted certificates +that may be used in chain-building. As such, it is expected that the +certificates included in the X509_STORE are certificates that represent +trusted entities such as root certificate authorities (CAs). +OpenSSL represents these trusted certificates internally as X509 objects +with an associated X509_CERT_AUX, as are produced by +PEM_read_bio_X509_AUX() and similar routines that refer to X509_AUX. +The public interfaces that operate on such trusted certificates still +operate on pointers to X509 objects, though.

    +

    X509_STORE_add_cert() and X509_STORE_add_crl() add the respective object +to the X509_STORE's local storage. Untrusted objects should not be +added in this way. The added object's reference count is incremented by one, +hence the caller retains ownership of the object and needs to free it when it +is no longer needed.

    +

    X509_STORE_set_depth(), X509_STORE_set_flags(), X509_STORE_set_purpose(), +X509_STORE_set_trust(), and X509_STORE_set1_param() set the default values +for the corresponding values used in certificate chain validation. Their +behavior is documented in the corresponding X509_VERIFY_PARAM manual +pages, e.g., X509_VERIFY_PARAM_set_depth(3).

    +

    X509_STORE_add_lookup() finds or creates a X509_LOOKUP(3) with the +X509_LOOKUP_METHOD(3) meth and adds it to the X509_STORE +store. This also associates the X509_STORE with the lookup, so +X509_LOOKUP functions can look up objects in that store.

    +

    X509_STORE_load_file() loads trusted certificate(s) into an +X509_STORE from a given file.

    +

    X509_STORE_load_path() loads trusted certificate(s) into an +X509_STORE from a given directory path. +The certificates in the directory must be in hashed form, as +documented in X509_LOOKUP_hash_dir(3).

    +

    X509_STORE_load_store() loads trusted certificate(s) into an +X509_STORE from a store at a given URI.

    +

    X509_STORE_load_locations() combines X509_STORE_load_file() and +X509_STORE_load_dir() for a given file and/or directory path. +It is permitted to specify just a file, just a directory, or both +paths.

    +

    X509_STORE_set_default_paths() is somewhat misnamed, in that it does not +set what default paths should be used for loading certificates. Instead, +it loads certificates into the X509_STORE from the hardcoded default +paths.

    +

    +

    +
    +

    RETURN VALUES

    +

    X509_STORE_add_cert(), X509_STORE_add_crl(), X509_STORE_set_depth(), +X509_STORE_set_flags(), X509_STORE_set_purpose(), +X509_STORE_set_trust(), X509_STORE_load_file(), +X509_STORE_load_path(), X509_STORE_load_store(), +X509_STORE_load_locations(), and X509_STORE_set_default_paths() return +1 on success or 0 on failure.

    +

    X509_STORE_add_lookup() returns the found or created +X509_LOOKUP(3), or NULL on error.

    +

    +

    +
    +

    SEE ALSO

    +

    X509_LOOKUP_hash_dir(3). +X509_VERIFY_PARAM_set_depth(3). +X509_STORE_new(3), +X509_STORE_get0_param(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/X509_STORE_get0_param.html b/linux_amd64/share/doc/openssl/html/man3/X509_STORE_get0_param.html new file mode 100755 index 0000000..3ec3448 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/X509_STORE_get0_param.html @@ -0,0 +1,98 @@ + + + + +X509_STORE_get0_param + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_STORE_get0_param, X509_STORE_set1_param, +X509_STORE_get0_objects, X509_STORE_get1_all_certs +- X509_STORE setter and getter functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509_vfy.h>
    +
    + X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx);
+ int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm);
+ STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *ctx);
+ STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *st);
    +

    +

    +
    +

    DESCRIPTION

    +

    X509_STORE_set1_param() sets the verification parameters +to pm for ctx.

    +

    X509_STORE_get0_param() retrieves an internal pointer to the verification +parameters for ctx. The returned pointer must not be freed by the +calling application

    +

    X509_STORE_get0_objects() retrieves an internal pointer to the store's +X509 object cache. The cache contains X509 and X509_CRL objects. The +returned pointer must not be freed by the calling application.

    +

    X509_STORE_get1_all_certs() returns a list of all certificates in the store. +The caller is responsible for freeing the returned list.

    +

    +

    +
    +

    RETURN VALUES

    +

    X509_STORE_get0_param() returns a pointer to an +X509_VERIFY_PARAM structure.

    +

    X509_STORE_set1_param() returns 1 for success and 0 for failure.

    +

    X509_STORE_get0_objects() returns a pointer to a stack of X509_OBJECT.

    +

    X509_STORE_get1_all_certs() returns a pointer to a stack of the retrieved +certificates on success, else NULL.

    +

    +

    +
    +

    SEE ALSO

    +

    X509_STORE_new(3)

    +

    +

    +
    +

    HISTORY

    +

    X509_STORE_get0_param and X509_STORE_get0_objects were added in +OpenSSL 1.1.0. +X509_STORE_get1_certs was added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/X509_STORE_new.html b/linux_amd64/share/doc/openssl/html/man3/X509_STORE_new.html new file mode 100755 index 0000000..008bfcd --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/X509_STORE_new.html @@ -0,0 +1,92 @@ + + + + +X509_STORE_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_STORE_new, X509_STORE_up_ref, X509_STORE_free, X509_STORE_lock, +X509_STORE_unlock - X509_STORE allocation, freeing and locking functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509_vfy.h>
    +
    + X509_STORE *X509_STORE_new(void);
+ void X509_STORE_free(X509_STORE *v);
+ int X509_STORE_lock(X509_STORE *v);
+ int X509_STORE_unlock(X509_STORE *v);
+ int X509_STORE_up_ref(X509_STORE *v);
    +

    +

    +
    +

    DESCRIPTION

    +

    The X509_STORE_new() function returns a new X509_STORE.

    +

    X509_STORE_up_ref() increments the reference count associated with the +X509_STORE object.

    +

    X509_STORE_lock() locks the store from modification by other threads, +X509_STORE_unlock() unlocks it.

    +

    X509_STORE_free() frees up a single X509_STORE object.

    +

    +

    +
    +

    RETURN VALUES

    +

    X509_STORE_new() returns a newly created X509_STORE or NULL if the call fails.

    +

    X509_STORE_up_ref(), X509_STORE_lock() and X509_STORE_unlock() return +1 for success and 0 for failure.

    +

    X509_STORE_free() does not return values.

    +

    +

    +
    +

    SEE ALSO

    +

    X509_STORE_set_verify_cb_func(3) +X509_STORE_get0_param(3)

    +

    +

    +
    +

    HISTORY

    +

    The X509_STORE_up_ref(), X509_STORE_lock() and X509_STORE_unlock() +functions were added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/X509_STORE_set_verify_cb_func.html b/linux_amd64/share/doc/openssl/html/man3/X509_STORE_set_verify_cb_func.html new file mode 100755 index 0000000..71413e1 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/X509_STORE_set_verify_cb_func.html @@ -0,0 +1,295 @@ + + + + +X509_STORE_set_verify_cb_func + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_STORE_set_lookup_crls_cb, +X509_STORE_set_verify_func, +X509_STORE_get_cleanup, +X509_STORE_set_cleanup, +X509_STORE_get_lookup_crls, +X509_STORE_set_lookup_crls, +X509_STORE_get_lookup_certs, +X509_STORE_set_lookup_certs, +X509_STORE_get_check_policy, +X509_STORE_set_check_policy, +X509_STORE_get_cert_crl, +X509_STORE_set_cert_crl, +X509_STORE_get_check_crl, +X509_STORE_set_check_crl, +X509_STORE_get_get_crl, +X509_STORE_set_get_crl, +X509_STORE_get_check_revocation, +X509_STORE_set_check_revocation, +X509_STORE_get_check_issued, +X509_STORE_set_check_issued, +X509_STORE_get_get_issuer, +X509_STORE_set_get_issuer, +X509_STORE_CTX_get_verify, +X509_STORE_set_verify, +X509_STORE_get_verify_cb, +X509_STORE_set_verify_cb_func, X509_STORE_set_verify_cb, +X509_STORE_CTX_cert_crl_fn, X509_STORE_CTX_check_crl_fn, +X509_STORE_CTX_check_issued_fn, X509_STORE_CTX_check_policy_fn, +X509_STORE_CTX_check_revocation_fn, X509_STORE_CTX_cleanup_fn, +X509_STORE_CTX_get_crl_fn, X509_STORE_CTX_get_issuer_fn, +X509_STORE_CTX_lookup_certs_fn, X509_STORE_CTX_lookup_crls_fn +- set verification callback

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509_vfy.h>
    +
    + typedef int (*X509_STORE_CTX_get_issuer_fn)(X509 **issuer,
+                                             X509_STORE_CTX *ctx, X509 *x);
+ typedef int (*X509_STORE_CTX_check_issued_fn)(X509_STORE_CTX *ctx,
+                                               X509 *x, X509 *issuer);
+ typedef int (*X509_STORE_CTX_check_revocation_fn)(X509_STORE_CTX *ctx);
+ typedef int (*X509_STORE_CTX_get_crl_fn)(X509_STORE_CTX *ctx,
+                                          X509_CRL **crl, X509 *x);
+ typedef int (*X509_STORE_CTX_check_crl_fn)(X509_STORE_CTX *ctx, X509_CRL *crl);
+ typedef int (*X509_STORE_CTX_cert_crl_fn)(X509_STORE_CTX *ctx,
+                                           X509_CRL *crl, X509 *x);
+ typedef int (*X509_STORE_CTX_check_policy_fn)(X509_STORE_CTX *ctx);
+ typedef STACK_OF(X509) *(*X509_STORE_CTX_lookup_certs_fn)(X509_STORE_CTX *ctx,
+                                                           X509_NAME *nm);
+ typedef STACK_OF(X509_CRL) *(*X509_STORE_CTX_lookup_crls_fn)(X509_STORE_CTX *ctx,
+                                                              X509_NAME *nm);
+ typedef int (*X509_STORE_CTX_cleanup_fn)(X509_STORE_CTX *ctx);
    +
    + void X509_STORE_set_verify_cb(X509_STORE *ctx,
+                               X509_STORE_CTX_verify_cb verify_cb);
+ X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(X509_STORE_CTX *ctx);
    +
    + void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify);
+ X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx);
    +
    + void X509_STORE_set_get_issuer(X509_STORE *ctx,
+                                X509_STORE_CTX_get_issuer_fn get_issuer);
+ X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(X509_STORE_CTX *ctx);
    +
    + void X509_STORE_set_check_issued(X509_STORE *ctx,
+                                  X509_STORE_CTX_check_issued_fn check_issued);
+ X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(X509_STORE_CTX *ctx);
    +
    + void X509_STORE_set_check_revocation(X509_STORE *ctx,
+                                      X509_STORE_CTX_check_revocation_fn check_revocation);
+ X509_STORE_CTX_check_revocation_fn X509_STORE_get_check_revocation(X509_STORE_CTX *ctx);
    +
    + void X509_STORE_set_get_crl(X509_STORE *ctx,
+                             X509_STORE_CTX_get_crl_fn get_crl);
+ X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(X509_STORE_CTX *ctx);
    +
    + void X509_STORE_set_check_crl(X509_STORE *ctx,
+                               X509_STORE_CTX_check_crl_fn check_crl);
+ X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(X509_STORE_CTX *ctx);
    +
    + void X509_STORE_set_cert_crl(X509_STORE *ctx,
+                              X509_STORE_CTX_cert_crl_fn cert_crl);
+ X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(X509_STORE_CTX *ctx);
    +
    + void X509_STORE_set_check_policy(X509_STORE *ctx,
+                                  X509_STORE_CTX_check_policy_fn check_policy);
+ X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(X509_STORE_CTX *ctx);
    +
    + void X509_STORE_set_lookup_certs(X509_STORE *ctx,
+                                  X509_STORE_CTX_lookup_certs_fn lookup_certs);
+ X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(X509_STORE_CTX *ctx);
    +
    + void X509_STORE_set_lookup_crls(X509_STORE *ctx,
+                                 X509_STORE_CTX_lookup_crls_fn lookup_crls);
+ X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(X509_STORE_CTX *ctx);
    +
    + void X509_STORE_set_cleanup(X509_STORE *ctx,
+                             X509_STORE_CTX_cleanup_fn cleanup);
+ X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(X509_STORE_CTX *ctx);
    +
    + /* Aliases */
+ void X509_STORE_set_verify_cb_func(X509_STORE *st,
+                                    X509_STORE_CTX_verify_cb verify_cb);
+ void X509_STORE_set_verify_func(X509_STORE *ctx,
+                                 X509_STORE_CTX_verify_fn verify);
+ void X509_STORE_set_lookup_crls_cb(X509_STORE *ctx,
+                                    X509_STORE_CTX_lookup_crls_fn lookup_crls);
    +

    +

    +
    +

    DESCRIPTION

    +

    X509_STORE_set_verify_cb() sets the verification callback of ctx to +verify_cb overwriting the previous callback. +The callback assigned with this function becomes a default for the one +that can be assigned directly to the corresponding X509_STORE_CTX, +please see X509_STORE_CTX_set_verify_cb(3) for further information.

    +

    X509_STORE_set_verify() sets the final chain verification function for +ctx to verify. +Its purpose is to go through the chain of certificates and check that +all signatures are valid and that the current time is within the +limits of each certificate's first and last validity time. +The final chain verification functions must return 0 on failure and 1 +on success. +If no chain verification function is provided, the internal default +function will be used instead.

    +

    X509_STORE_set_get_issuer() sets the function to get the issuer +certificate that verifies the given certificate x. +When found, the issuer certificate must be assigned to *issuer. +This function must return 0 on failure and 1 on success. +If no function to get the issuer is provided, the internal default +function will be used instead.

    +

    X509_STORE_set_check_issued() sets the function to check that a given +certificate x is issued with the issuer certificate issuer. +This function must return 0 on failure (among others if x hasn't +been issued with issuer) and 1 on success. +If no function to get the issuer is provided, the internal default +function will be used instead.

    +

    X509_STORE_set_check_revocation() sets the revocation checking +function. +Its purpose is to look through the final chain and check the +revocation status for each certificate. +It must return 0 on failure and 1 on success. +If no function to get the issuer is provided, the internal default +function will be used instead.

    +

    X509_STORE_set_get_crl() sets the function to get the crl for a given +certificate x. +When found, the crl must be assigned to *crl. +This function must return 0 on failure and 1 on success. +If no function to get the issuer is provided, the internal default +function will be used instead.

    +

    X509_STORE_set_check_crl() sets the function to check the validity of +the given crl. +This function must return 0 on failure and 1 on success. +If no function to get the issuer is provided, the internal default +function will be used instead.

    +

    X509_STORE_set_cert_crl() sets the function to check the revocation +status of the given certificate x against the given crl. +This function must return 0 on failure and 1 on success. +If no function to get the issuer is provided, the internal default +function will be used instead.

    +

    X509_STORE_set_check_policy() sets the function to check the policies +of all the certificates in the final chain.. +This function must return 0 on failure and 1 on success. +If no function to get the issuer is provided, the internal default +function will be used instead.

    +

    X509_STORE_set_lookup_certs() and X509_STORE_set_lookup_crls() set the +functions to look up all the certs or all the CRLs that match the +given name nm. +These functions return NULL on failure and a pointer to a stack of +certificates (X509) or to a stack of CRLs (X509_CRL) on +success. +If no function to get the issuer is provided, the internal default +function will be used instead.

    +

    X509_STORE_set_cleanup() sets the final cleanup function, which is +called when the context (X509_STORE_CTX) is being torn down. +This function doesn't return any value. +If no function to get the issuer is provided, the internal default +function will be used instead.

    +

    X509_STORE_get_verify_cb(), X509_STORE_CTX_get_verify(), +X509_STORE_get_get_issuer(), X509_STORE_get_check_issued(), +X509_STORE_get_check_revocation(), X509_STORE_get_get_crl(), +X509_STORE_get_check_crl(), X509_STORE_set_verify(), +X509_STORE_set_get_issuer(), X509_STORE_get_cert_crl(), +X509_STORE_get_check_policy(), X509_STORE_get_lookup_certs(), +X509_STORE_get_lookup_crls() and X509_STORE_get_cleanup() all return +the function pointer assigned with X509_STORE_set_check_issued(), +X509_STORE_set_check_revocation(), X509_STORE_set_get_crl(), +X509_STORE_set_check_crl(), X509_STORE_set_cert_crl(), +X509_STORE_set_check_policy(), X509_STORE_set_lookup_certs(), +X509_STORE_set_lookup_crls() and X509_STORE_set_cleanup(), or NULL if +no assignment has been made.

    +

    X509_STORE_set_verify_cb_func(), X509_STORE_set_verify_func() and +X509_STORE_set_lookup_crls_cb() are aliases for +X509_STORE_set_verify_cb(), X509_STORE_set_verify() and +X509_STORE_set_lookup_crls, available as macros for backward +compatibility.

    +

    +

    +
    +

    NOTES

    +

    All the callbacks from a X509_STORE are inherited by the +corresponding X509_STORE_CTX structure when it is initialized. +See X509_STORE_CTX_set_verify_cb(3) for further details.

    +

    +

    +
    +

    BUGS

    +

    The macro version of this function was the only one available before +OpenSSL 1.0.0.

    +

    +

    +
    +

    RETURN VALUES

    +

    The X509_STORE_set_*() functions do not return a value.

    +

    The X509_STORE_get_*() functions return a pointer of the appropriate +function type.

    +

    +

    +
    +

    SEE ALSO

    +

    X509_STORE_CTX_set_verify_cb(3), X509_STORE_CTX_get0_chain(3), +X509_STORE_CTX_verify_cb(3), X509_STORE_CTX_verify_fn(3), +CMS_verify(3)

    +

    +

    +
    +

    HISTORY

    +

    The X509_STORE_set_verify_cb() function was added in OpenSSL 1.0.0.

    +

    The functions +X509_STORE_set_verify_cb(), X509_STORE_get_verify_cb(), +X509_STORE_set_verify(), X509_STORE_CTX_get_verify(), +X509_STORE_set_get_issuer(), X509_STORE_get_get_issuer(), +X509_STORE_set_check_issued(), X509_STORE_get_check_issued(), +X509_STORE_set_check_revocation(), X509_STORE_get_check_revocation(), +X509_STORE_set_get_crl(), X509_STORE_get_get_crl(), +X509_STORE_set_check_crl(), X509_STORE_get_check_crl(), +X509_STORE_set_cert_crl(), X509_STORE_get_cert_crl(), +X509_STORE_set_check_policy(), X509_STORE_get_check_policy(), +X509_STORE_set_lookup_certs(), X509_STORE_get_lookup_certs(), +X509_STORE_set_lookup_crls(), X509_STORE_get_lookup_crls(), +X509_STORE_set_cleanup() and X509_STORE_get_cleanup() +were added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/X509_VERIFY_PARAM_set_flags.html b/linux_amd64/share/doc/openssl/html/man3/X509_VERIFY_PARAM_set_flags.html new file mode 100755 index 0000000..ab2ed3d --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/X509_VERIFY_PARAM_set_flags.html @@ -0,0 +1,386 @@ + + + + +X509_VERIFY_PARAM_set_flags + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags, +X509_VERIFY_PARAM_get_flags, X509_VERIFY_PARAM_set_purpose, +X509_VERIFY_PARAM_get_inh_flags, X509_VERIFY_PARAM_set_inh_flags, +X509_VERIFY_PARAM_set_trust, X509_VERIFY_PARAM_set_depth, +X509_VERIFY_PARAM_get_depth, X509_VERIFY_PARAM_set_auth_level, +X509_VERIFY_PARAM_get_auth_level, X509_VERIFY_PARAM_set_time, +X509_VERIFY_PARAM_get_time, +X509_VERIFY_PARAM_add0_policy, X509_VERIFY_PARAM_set1_policies, +X509_VERIFY_PARAM_set1_host, X509_VERIFY_PARAM_add1_host, +X509_VERIFY_PARAM_set_hostflags, +X509_VERIFY_PARAM_get_hostflags, +X509_VERIFY_PARAM_get0_peername, +X509_VERIFY_PARAM_set1_email, X509_VERIFY_PARAM_set1_ip, +X509_VERIFY_PARAM_set1_ip_asc +- X509 verification parameters

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509_vfy.h>
    +
    + int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param,
+                                 unsigned long flags);
+ int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param,
+                                   unsigned long flags);
+ unsigned long X509_VERIFY_PARAM_get_flags(const X509_VERIFY_PARAM *param);
    +
    + int X509_VERIFY_PARAM_set_inh_flags(X509_VERIFY_PARAM *param,
+                                     uint32_t flags);
+ uint32_t X509_VERIFY_PARAM_get_inh_flags(const X509_VERIFY_PARAM *param);
    +
    + int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose);
+ int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust);
    +
    + void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t);
+ time_t X509_VERIFY_PARAM_get_time(const X509_VERIFY_PARAM *param);
    +
    + int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
+                                   ASN1_OBJECT *policy);
+ int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
+                                     STACK_OF(ASN1_OBJECT) *policies);
    +
    + void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth);
+ int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param);
    +
    + void X509_VERIFY_PARAM_set_auth_level(X509_VERIFY_PARAM *param,
+                                       int auth_level);
+ int X509_VERIFY_PARAM_get_auth_level(const X509_VERIFY_PARAM *param);
    +
    + int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
+                                 const char *name, size_t namelen);
+ int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param,
+                                 const char *name, size_t namelen);
+ void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
+                                      unsigned int flags);
+ unsigned int X509_VERIFY_PARAM_get_hostflags(const X509_VERIFY_PARAM *param);
+ char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param);
+ int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
+                                  const char *email, size_t emaillen);
+ int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param,
+                               const unsigned char *ip, size_t iplen);
+ int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc);
    +

    +

    +
    +

    DESCRIPTION

    +

    These functions manipulate the X509_VERIFY_PARAM structure associated with +a certificate verification operation.

    +

    The X509_VERIFY_PARAM_set_flags() function sets the flags in param by oring +it with flags. See the VERIFICATION FLAGS section for a complete +description of values the flags parameter can take.

    +

    X509_VERIFY_PARAM_get_flags() returns the flags in param.

    +

    X509_VERIFY_PARAM_get_inh_flags() returns the inheritance flags in param +which specifies how verification flags are copied from one structure to +another. X509_VERIFY_PARAM_set_inh_flags() sets the inheritance flags. +See the INHERITANCE FLAGS section for a description of these bits.

    +

    X509_VERIFY_PARAM_clear_flags() clears the flags flags in param.

    +

    X509_VERIFY_PARAM_set_purpose() sets the verification purpose in param +to purpose. This determines the acceptable purpose of the certificate +chain, for example SSL client or SSL server.

    +

    X509_VERIFY_PARAM_set_trust() sets the trust setting in param to +trust.

    +

    X509_VERIFY_PARAM_set_time() sets the verification time in param to +t. Normally the current time is used.

    +

    X509_VERIFY_PARAM_add0_policy() enables policy checking (it is disabled +by default) and adds policy to the acceptable policy set.

    +

    X509_VERIFY_PARAM_set1_policies() enables policy checking (it is disabled +by default) and sets the acceptable policy set to policies. Any existing +policy set is cleared. The policies parameter can be NULL to clear +an existing policy set.

    +

    X509_VERIFY_PARAM_set_depth() sets the maximum verification depth to depth. +That is the maximum number of intermediate CA certificates that can appear in a +chain. +A maximal depth chain contains 2 more certificates than the limit, since +neither the end-entity certificate nor the trust-anchor count against this +limit. +Thus a depth limit of 0 only allows the end-entity certificate to be signed +directly by the trust-anchor, while with a depth limit of 1 there can be one +intermediate CA certificate between the trust-anchor and the end-entity +certificate.

    +

    X509_VERIFY_PARAM_set_auth_level() sets the authentication security level to +auth_level. +The authentication security level determines the acceptable signature and public +key strength when verifying certificate chains. +For a certificate chain to validate, the public keys of all the certificates +must meet the specified security level. +The signature algorithm security level is not enforced for the chain's trust +anchor certificate, which is either directly trusted or validated by means other +than its signature. +See SSL_CTX_set_security_level(3) for the definitions of the available +levels. +The default security level is -1, or "not set". +At security level 0 or lower all algorithms are acceptable. +Security level 1 requires at least 80-bit-equivalent security and is broadly +interoperable, though it will, for example, reject MD5 signatures or RSA keys +shorter than 1024 bits.

    +

    X509_VERIFY_PARAM_set1_host() sets the expected DNS hostname to +name clearing any previously specified hostname. If +name is NULL, or empty the list of hostnames is cleared, and +name checks are not performed on the peer certificate. If name +is NUL-terminated, namelen may be zero, otherwise namelen +must be set to the length of name.

    +

    When a hostname is specified, +certificate verification automatically invokes X509_check_host(3) +with flags equal to the flags argument given to +X509_VERIFY_PARAM_set_hostflags() (default zero). Applications +are strongly advised to use this interface in preference to explicitly +calling X509_check_host(3), hostname checks may be out of scope +with the DANE-EE(3) certificate usage, and the internal check will +be suppressed as appropriate when DANE verification is enabled.

    +

    When the subject CommonName will not be ignored, whether as a result of the +X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT host flag, or because no DNS subject +alternative names are present in the certificate, any DNS name constraints in +issuer certificates apply to the subject CommonName as well as the subject +alternative name extension.

    +

    When the subject CommonName will be ignored, whether as a result of the +X509_CHECK_FLAG_NEVER_CHECK_SUBJECT host flag, or because some DNS subject +alternative names are present in the certificate, DNS name constraints in +issuer certificates will not be applied to the subject DN. +As described in X509_check_host(3) the X509_CHECK_FLAG_NEVER_CHECK_SUBJECT +flag takes precedence over the X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT flag.

    +

    X509_VERIFY_PARAM_get_hostflags() returns any host flags previously set via a +call to X509_VERIFY_PARAM_set_hostflags().

    +

    X509_VERIFY_PARAM_add1_host() adds name as an additional reference +identifier that can match the peer's certificate. Any previous names +set via X509_VERIFY_PARAM_set1_host() or X509_VERIFY_PARAM_add1_host() +are retained, no change is made if name is NULL or empty. When +multiple names are configured, the peer is considered verified when +any name matches.

    +

    X509_VERIFY_PARAM_get0_peername() returns the DNS hostname or subject +CommonName from the peer certificate that matched one of the reference +identifiers. When wildcard matching is not disabled, or when a +reference identifier specifies a parent domain (starts with ".") +rather than a hostname, the peer name may be a wildcard name or a +sub-domain of the reference identifier respectively. The return +string is allocated by the library and is no longer valid once the +associated param argument is freed. Applications must not free +the return value.

    +

    X509_VERIFY_PARAM_set1_email() sets the expected RFC822 email address to +email. If email is NUL-terminated, emaillen may be zero, otherwise +emaillen must be set to the length of email. When an email address +is specified, certificate verification automatically invokes +X509_check_email(3).

    +

    X509_VERIFY_PARAM_set1_ip() sets the expected IP address to ip. +The ip argument is in binary format, in network byte-order and +iplen must be set to 4 for IPv4 and 16 for IPv6. When an IP +address is specified, certificate verification automatically invokes +X509_check_ip(3).

    +

    X509_VERIFY_PARAM_set1_ip_asc() sets the expected IP address to +ipasc. The ipasc argument is a NUL-terminal ASCII string: +dotted decimal quad for IPv4 and colon-separated hexadecimal for +IPv6. The condensed "::" notation is supported for IPv6 addresses.

    +

    +

    +
    +

    RETURN VALUES

    +

    X509_VERIFY_PARAM_set_flags(), X509_VERIFY_PARAM_clear_flags(), +X509_VERIFY_PARAM_set_inh_flags(), +X509_VERIFY_PARAM_set_purpose(), X509_VERIFY_PARAM_set_trust(), +X509_VERIFY_PARAM_add0_policy() X509_VERIFY_PARAM_set1_policies(), +X509_VERIFY_PARAM_set1_host(), X509_VERIFY_PARAM_add1_host(), +X509_VERIFY_PARAM_set1_email(), X509_VERIFY_PARAM_set1_ip() and +X509_VERIFY_PARAM_set1_ip_asc() return 1 for success and 0 for +failure.

    +

    X509_VERIFY_PARAM_get_flags() returns the current verification flags.

    +

    X509_VERIFY_PARAM_get_hostflags() returns any current host flags.

    +

    X509_VERIFY_PARAM_get_inh_flags() returns the current inheritance flags.

    +

    X509_VERIFY_PARAM_set_time() and X509_VERIFY_PARAM_set_depth() do not return +values.

    +

    X509_VERIFY_PARAM_get_depth() returns the current verification depth.

    +

    X509_VERIFY_PARAM_get_auth_level() returns the current authentication security +level.

    +

    +

    +
    +

    VERIFICATION FLAGS

    +

    The verification flags consists of zero or more of the following flags +ored together.

    +

    X509_V_FLAG_CRL_CHECK enables CRL checking for the certificate chain leaf +certificate. An error occurs if a suitable CRL cannot be found.

    +

    X509_V_FLAG_CRL_CHECK_ALL enables CRL checking for the entire certificate +chain.

    +

    X509_V_FLAG_IGNORE_CRITICAL disabled critical extension checking. By default +any unhandled critical extensions in certificates or (if checked) CRLs results +in a fatal error. If this flag is set unhandled critical extensions are +ignored. WARNING setting this option for anything other than debugging +purposes can be a security risk. Finer control over which extensions are +supported can be performed in the verification callback.

    +

    The X509_V_FLAG_X509_STRICT flag disables workarounds for some broken +certificates and makes the verification strictly apply X509 rules.

    +

    X509_V_FLAG_ALLOW_PROXY_CERTS enables proxy certificate verification.

    +

    X509_V_FLAG_POLICY_CHECK enables certificate policy checking, by default +no policy checking is performed. Additional information is sent to the +verification callback relating to policy checking.

    +

    X509_V_FLAG_EXPLICIT_POLICY, X509_V_FLAG_INHIBIT_ANY and +X509_V_FLAG_INHIBIT_MAP set the require explicit policy, inhibit any +policy and inhibit policy mapping flags respectively as defined in +RFC3280. Policy checking is automatically enabled if any of these flags +are set.

    +

    If X509_V_FLAG_NOTIFY_POLICY is set and the policy checking is successful +a special status code is set to the verification callback. This permits it +to examine the valid policy tree and perform additional checks or simply +log it for debugging purposes.

    +

    By default some additional features such as indirect CRLs and CRLs signed by +different keys are disabled. If X509_V_FLAG_EXTENDED_CRL_SUPPORT is set +they are enabled.

    +

    If X509_V_FLAG_USE_DELTAS is set delta CRLs (if present) are used to +determine certificate status. If not set deltas are ignored.

    +

    X509_V_FLAG_CHECK_SS_SIGNATURE enables checking of the root CA self signed +certificate signature. By default this check is disabled because it doesn't +add any additional security but in some cases applications might want to +check the signature anyway. A side effect of not checking the root CA +signature is that disabled or unsupported message digests on the root CA +are not treated as fatal errors.

    +

    When X509_V_FLAG_TRUSTED_FIRST is set, construction of the certificate chain +in X509_verify_cert(3) will search the trust store for issuer certificates +before searching the provided untrusted certificates. +Local issuer certificates are often more likely to satisfy local security +requirements and lead to a locally trusted root. +This is especially important when some certificates in the trust store have +explicit trust settings (see "TRUST SETTINGS" in openssl-x509(1)). +As of OpenSSL 1.1.0 this option is on by default.

    +

    The X509_V_FLAG_NO_ALT_CHAINS flag suppresses checking for alternative +chains. +By default, unless X509_V_FLAG_TRUSTED_FIRST is set, when building a +certificate chain, if the first certificate chain found is not trusted, then +OpenSSL will attempt to replace untrusted certificates supplied by the peer +with certificates from the trust store to see if an alternative chain can be +found that is trusted. +As of OpenSSL 1.1.0, with X509_V_FLAG_TRUSTED_FIRST always set, this option +has no effect.

    +

    The X509_V_FLAG_PARTIAL_CHAIN flag causes intermediate certificates in the +trust store to be treated as trust-anchors, in the same way as the self-signed +root CA certificates. +This makes it possible to trust certificates issued by an intermediate CA +without having to trust its ancestor root CA. +With OpenSSL 1.1.0 and later and <X509_V_FLAG_PARTIAL_CHAIN> set, chain +construction stops as soon as the first certificate from the trust store is +added to the chain, whether that certificate is a self-signed "root" +certificate or a not self-signed intermediate certificate. +Thus, when an intermediate certificate is found in the trust store, the +verified chain passed to callbacks may be shorter than it otherwise would +be without the X509_V_FLAG_PARTIAL_CHAIN flag.

    +

    The X509_V_FLAG_NO_CHECK_TIME flag suppresses checking the validity period +of certificates and CRLs against the current time. If X509_VERIFY_PARAM_set_time() +is used to specify a verification time, the check is not suppressed.

    +

    +

    +
    +

    INHERITANCE FLAGS

    +

    These flags specify how parameters are "inherited" from one structure to +another.

    +

    If X509_VP_FLAG_ONCE is set then the current setting is zeroed +after the next call.

    +

    If X509_VP_FLAG_LOCKED is set then no values are copied. This overrides +all of the following flags.

    +

    If X509_VP_FLAG_DEFAULT is set then anything set in the source is copied +to the destination. Effectively the values in "to" become default values +which will be used only if nothing new is set in "from". This is the +default.

    +

    If X509_VP_FLAG_OVERWRITE is set then all value are copied across whether +they are set or not. Flags is still Ored though.

    +

    If X509_VP_FLAG_RESET_FLAGS is set then the flags value is copied instead +of ORed.

    +

    +

    +
    +

    NOTES

    +

    The above functions should be used to manipulate verification parameters +instead of functions which work in specific structures such as +X509_STORE_CTX_set_flags() which are likely to be deprecated in a future +release.

    +

    +

    +
    +

    BUGS

    +

    Delta CRL checking is currently primitive. Only a single delta can be used and +(partly due to limitations of X509_STORE) constructed CRLs are not +maintained.

    +

    If CRLs checking is enable CRLs are expected to be available in the +corresponding X509_STORE structure. No attempt is made to download +CRLs from the CRL distribution points extension.

    +

    +

    +
    +

    EXAMPLES

    +

    Enable CRL checking when performing certificate verification during SSL +connections associated with an SSL_CTX structure ctx:

    +
    + X509_VERIFY_PARAM *param;
    +
    + param = X509_VERIFY_PARAM_new();
+ X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK);
+ SSL_CTX_set1_param(ctx, param);
+ X509_VERIFY_PARAM_free(param);
    +

    +

    +
    +

    SEE ALSO

    +

    X509_verify_cert(3), +X509_check_host(3), +X509_check_email(3), +X509_check_ip(3), +openssl-x509(1)

    +

    +

    +
    +

    HISTORY

    +

    The X509_V_FLAG_NO_ALT_CHAINS flag was added in OpenSSL 1.1.0. +The flag X509_V_FLAG_CB_ISSUER_CHECK was deprecated in OpenSSL 1.1.0 +and has no effect.

    +

    The X509_VERIFY_PARAM_get_hostflags() function was added in OpenSSL 1.1.0i.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/X509_check_ca.html b/linux_amd64/share/doc/openssl/html/man3/X509_check_ca.html new file mode 100755 index 0000000..8222cbc --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/X509_check_ca.html @@ -0,0 +1,81 @@ + + + + +X509_check_ca + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_check_ca - check if given certificate is CA certificate

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509v3.h>
    +
    + int X509_check_ca(X509 *cert);
    +

    +

    +
    +

    DESCRIPTION

    +

    This function checks if given certificate is CA certificate (can be used +to sign other certificates).

    +

    +

    +
    +

    RETURN VALUES

    +

    Function return 0, if it is not CA certificate, 1 if it is proper X509v3 +CA certificate with basicConstraints extension CA:TRUE, +3, if it is self-signed X509 v1 certificate, 4, if it is certificate with +keyUsage extension with bit keyCertSign set, but without +basicConstraints, and 5 if it has outdated Netscape Certificate Type +extension telling that it is CA certificate.

    +

    Actually, any nonzero value means that this certificate could have been +used to sign other certificates.

    +

    +

    +
    +

    SEE ALSO

    +

    X509_verify_cert(3), +X509_check_issued(3), +X509_check_purpose(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/X509_check_host.html b/linux_amd64/share/doc/openssl/html/man3/X509_check_host.html new file mode 100755 index 0000000..3283cfa --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/X509_check_host.html @@ -0,0 +1,185 @@ + + + + +X509_check_host + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_check_host, X509_check_email, X509_check_ip, X509_check_ip_asc - X.509 certificate matching

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509v3.h>
    +
    + int X509_check_host(X509 *, const char *name, size_t namelen,
+                     unsigned int flags, char **peername);
+ int X509_check_email(X509 *, const char *address, size_t addresslen,
+                      unsigned int flags);
+ int X509_check_ip(X509 *, const unsigned char *address, size_t addresslen,
+                   unsigned int flags);
+ int X509_check_ip_asc(X509 *, const char *address, unsigned int flags);
    +

    +

    +
    +

    DESCRIPTION

    +

    The certificate matching functions are used to check whether a +certificate matches a given hostname, email address, or IP address. +The validity of the certificate and its trust level has to be checked by +other means.

    +

    X509_check_host() checks if the certificate Subject Alternative +Name (SAN) or Subject CommonName (CN) matches the specified host +name, which must be encoded in the preferred name syntax described +in section 3.5 of RFC 1034. By default, wildcards are supported +and they match only in the left-most label; but they may match +part of that label with an explicit prefix or suffix. For example, +by default, the host name "www.example.com" would match a +certificate with a SAN or CN value of "*.example.com", "w*.example.com" +or "*w.example.com".

    +

    Per section 6.4.2 of RFC 6125, name values representing international +domain names must be given in A-label form. The namelen argument +must be the number of characters in the name string or zero in which +case the length is calculated with strlen(name). When name starts +with a dot (e.g ".example.com"), it will be matched by a certificate +valid for any sub-domain of name, (see also +X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS below).

    +

    When the certificate is matched, and peername is not NULL, a +pointer to a copy of the matching SAN or CN from the peer certificate +is stored at the address passed in peername. The application +is responsible for freeing the peername via OPENSSL_free() when it +is no longer needed.

    +

    X509_check_email() checks if the certificate matches the specified +email address. Only the mailbox syntax of RFC 822 is supported, +comments are not allowed, and no attempt is made to normalize quoted +characters. The addresslen argument must be the number of +characters in the address string or zero in which case the length +is calculated with strlen(address).

    +

    X509_check_ip() checks if the certificate matches a specified IPv4 or +IPv6 address. The address array is in binary format, in network +byte order. The length is either 4 (IPv4) or 16 (IPv6). Only +explicitly marked addresses in the certificates are considered; IP +addresses stored in DNS names and Common Names are ignored.

    +

    X509_check_ip_asc() is similar, except that the NUL-terminated +string address is first converted to the internal representation.

    +

    The flags argument is usually 0. It can be the bitwise OR of the +flags:

    +
    +
    X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT,
    + +
    X509_CHECK_FLAG_NEVER_CHECK_SUBJECT,
    + +
    X509_CHECK_FLAG_NO_WILDCARDS,
    + +
    X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS,
    + +
    X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS.
    + +
    X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS.
    + +
    +

    The X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT flag causes the function +to consider the subject DN even if the certificate contains at least +one subject alternative name of the right type (DNS name or email +address as appropriate); the default is to ignore the subject DN +when at least one corresponding subject alternative names is present.

    +

    The X509_CHECK_FLAG_NEVER_CHECK_SUBJECT flag causes the function to never +consider the subject DN even if the certificate contains no subject alternative +names of the right type (DNS name or email address as appropriate); the default +is to use the subject DN when no corresponding subject alternative names are +present. +If both X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT and +X509_CHECK_FLAG_NEVER_CHECK_SUBJECT are specified, the latter takes +precedence and the subject DN is not checked for matching names.

    +

    If set, X509_CHECK_FLAG_NO_WILDCARDS disables wildcard +expansion; this only applies to X509_check_host.

    +

    If set, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS suppresses support +for "*" as wildcard pattern in labels that have a prefix or suffix, +such as: "www*" or "*www"; this only applies to X509_check_host.

    +

    If set, X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS allows a "*" that +constitutes the complete label of a DNS name (e.g. "*.example.com") +to match more than one label in name; this flag only applies +to X509_check_host.

    +

    If set, X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS restricts name +values which start with ".", that would otherwise match any sub-domain +in the peer certificate, to only match direct child sub-domains. +Thus, for instance, with this flag set a name of ".example.com" +would match a peer certificate with a DNS name of "www.example.com", +but would not match a peer certificate with a DNS name of +"www.sub.example.com"; this flag only applies to X509_check_host.

    +

    +

    +
    +

    RETURN VALUES

    +

    The functions return 1 for a successful match, 0 for a failed match +and -1 for an internal error: typically a memory allocation failure +or an ASN.1 decoding error.

    +

    All functions can also return -2 if the input is malformed. For example, +X509_check_host() returns -2 if the provided name contains embedded +NULs.

    +

    +

    +
    +

    NOTES

    +

    Applications are encouraged to use X509_VERIFY_PARAM_set1_host() +rather than explicitly calling X509_check_host(3). Hostname +checks may be out of scope with the DANE-EE(3) certificate usage, +and the internal checks will be suppressed as appropriate when +DANE support is enabled.

    +

    +

    +
    +

    SEE ALSO

    +

    SSL_get_verify_result(3), +X509_VERIFY_PARAM_set1_host(3), +X509_VERIFY_PARAM_add1_host(3), +X509_VERIFY_PARAM_set1_email(3), +X509_VERIFY_PARAM_set1_ip(3), +X509_VERIFY_PARAM_set1_ipasc(3)

    +

    +

    +
    +

    HISTORY

    +

    These functions were added in OpenSSL 1.0.2.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/X509_check_issued.html b/linux_amd64/share/doc/openssl/html/man3/X509_check_issued.html new file mode 100755 index 0000000..3427e1e --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/X509_check_issued.html @@ -0,0 +1,81 @@ + + + + +X509_check_issued + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_check_issued - checks if certificate is issued by another +certificate

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509v3.h>
    +
    + int X509_check_issued(X509 *issuer, X509 *subject);
    +

    +

    +
    +

    DESCRIPTION

    +

    This function checks if certificate subject was issued using CA +certificate issuer. This function takes into account not only +matching of issuer field of subject with subject field of issuer, +but also compares authorityKeyIdentifier extension of subject with +subjectKeyIdentifier of issuer if authorityKeyIdentifier +present in the subject certificate and checks keyUsage field of +issuer.

    +

    +

    +
    +

    RETURN VALUES

    +

    Function return X509_V_OK if certificate subject is issued by +issuer or some X509_V_ERR* constant to indicate an error.

    +

    +

    +
    +

    SEE ALSO

    +

    X509_verify_cert(3), +X509_check_ca(3), +openssl-verify(1)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/X509_check_private_key.html b/linux_amd64/share/doc/openssl/html/man3/X509_check_private_key.html new file mode 100755 index 0000000..d94d99a --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/X509_check_private_key.html @@ -0,0 +1,91 @@ + + + + +X509_check_private_key + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_check_private_key, X509_REQ_check_private_key - check the consistency +of a private key with the public key in an X509 certificate or certificate +request

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509.h>
    +
    + int X509_check_private_key(X509 *x, EVP_PKEY *k);
    +
    + int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k);
    +

    +

    +
    +

    DESCRIPTION

    +

    X509_check_private_key() function checks the consistency of private +key k with the public key in x.

    +

    X509_REQ_check_private_key() is equivalent to X509_check_private_key() +except that x represents a certificate request of structure X509_REQ.

    +

    +

    +
    +

    RETURN VALUES

    +

    X509_check_private_key() and X509_REQ_check_private_key() return 1 if +the keys match each other, and 0 if not.

    +

    If the key is invalid or an error occurred, the reason code can be +obtained using ERR_get_error(3).

    +

    +

    +
    +

    BUGS

    +

    The check_private_key functions don't check if k itself is indeed +a private key or not. It merely compares the public materials (e.g. exponent +and modulus of an RSA key) and/or key parameters (e.g. EC params of an EC key) +of a key pair. So if you pass a public key to these functions in k, it will +return success.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/X509_cmp.html b/linux_amd64/share/doc/openssl/html/man3/X509_cmp.html new file mode 100755 index 0000000..ffc33bc --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/X509_cmp.html @@ -0,0 +1,112 @@ + + + + +X509_cmp + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_cmp, X509_NAME_cmp, +X509_issuer_and_serial_cmp, X509_issuer_name_cmp, X509_subject_name_cmp, +X509_CRL_cmp, X509_CRL_match +- compare X509 certificates and related values

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509.h>
    +
    + int X509_cmp(const X509 *a, const X509 *b);
+ int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b);
+ int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
+ int X509_issuer_name_cmp(const X509 *a, const X509 *b);
+ int X509_subject_name_cmp(const X509 *a, const X509 *b);
+ int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b);
+ int X509_CRL_match(const X509_CRL *a, const X509_CRL *b);
    +

    +

    +
    +

    DESCRIPTION

    +

    This set of functions are used to compare X509 objects, including X509 +certificates, X509 CRL objects and various values in an X509 certificate.

    +

    The X509_cmp() function compares two X509 objects indicated by parameters +a and b. The comparison is based on the memcmp result of the hash +values of two X509 objects and the canonical (DER) encoding values.

    +

    The X509_NAME_cmp() function compares two X509_NAME objects indicated by +parameters a and b. The comparison is based on the memcmp result of +the canonical (DER) encoding values of the two objects. i2d_X509_NAME(3) +has a more detailed description of the DER encoding of the X509_NAME structure.

    +

    The X509_issuer_and_serial_cmp() function compares the serial number and issuer +values in the given X509 objects a and b.

    +

    The X509_issuer_name_cmp(), X509_subject_name_cmp() and X509_CRL_cmp() functions +are effectively wrappers of the X509_NAME_cmp() function. These functions compare +issuer names and subject names of the objects, or issuers of X509_CRL +objects, respectively.

    +

    The X509_CRL_match() function compares two X509_CRL objects. Unlike the +X509_CRL_cmp() function, this function compares the whole CRL content instead +of just the issuer name.

    +

    +

    +
    +

    RETURN VALUES

    +

    Like common memory comparison functions, the X509 comparison functions return +an integer less than, equal to, or greater than zero if object a is found to +be less than, to match, or be greater than object b, respectively.

    +

    X509_NAME_cmp(), X509_issuer_and_serial_cmp(), X509_issuer_name_cmp(), +X509_subject_name_cmp() and X509_CRL_cmp() may return -2 to indicate an error.

    +

    +

    +
    +

    NOTES

    +

    These functions in fact utilize the underlying memcmp of the C library to do +the comparison job. Data to be compared varies from DER encoding data, hash +value or ASN1_STRING. The sign of the comparison can be used to order the +objects but it does not have a special meaning in some cases.

    +

    X509_NAME_cmp() and wrappers utilize the value -2 to indicate errors in some +circumstances, which could cause confusion for the applications.

    +

    +

    +
    +

    SEE ALSO

    +

    i2d_X509_NAME(3), i2d_X509(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/X509_cmp_time.html b/linux_amd64/share/doc/openssl/html/man3/X509_cmp_time.html new file mode 100755 index 0000000..f7ce58c --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/X509_cmp_time.html @@ -0,0 +1,113 @@ + + + + +X509_cmp_time + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_cmp_time, X509_cmp_current_time, X509_cmp_timeframe, +X509_time_adj, X509_time_adj_ex +- X509 time functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + int X509_cmp_time(const ASN1_TIME *asn1_time, time_t *in_tm);
+ int X509_cmp_current_time(const ASN1_TIME *asn1_time);
+ int X509_cmp_timeframe(const X509_VERIFY_PARAM *vpm,
+                        const ASN1_TIME *start, const ASN1_TIME *end);
+ ASN1_TIME *X509_time_adj(ASN1_TIME *asn1_time, long offset_sec, time_t *in_tm);
+ ASN1_TIME *X509_time_adj_ex(ASN1_TIME *asn1_time, int offset_day, long
+                             offset_sec, time_t *in_tm);
    +

    +

    +
    +

    DESCRIPTION

    +

    X509_cmp_time() compares the ASN1_TIME in asn1_time with the time +in <in_tm>.

    +

    X509_cmp_current_time() compares the ASN1_TIME in +asn1_time with the current time, expressed as time_t.

    +

    X509_cmp_timeframe() compares the given time period with the reference time +included in the verification parameters vpm if they are not NULL and contain +X509_V_FLAG_USE_CHECK_TIME; else the current time is used as reference time.

    +

    X509_time_adj_ex() sets the ASN1_TIME structure asn1_time to the time +offset_day and offset_sec after in_tm.

    +

    X509_time_adj() sets the ASN1_TIME structure asn1_time to the time +offset_sec after in_tm. This method can only handle second +offsets up to the capacity of long, so the newer X509_time_adj_ex() +API should be preferred.

    +

    In both methods, if asn1_time is NULL, a new ASN1_TIME structure +is allocated and returned.

    +

    In all methods, if in_tm is NULL, the current time, expressed as +time_t, is used.

    +

    asn1_time must satisfy the ASN1_TIME format mandated by RFC 5280, +i.e., its format must be either YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ.

    +

    +

    +
    +

    BUGS

    +

    Unlike many standard comparison functions, X509_cmp_time() and +X509_cmp_current_time() return 0 on error.

    +

    +

    +
    +

    RETURN VALUES

    +

    X509_cmp_time() and X509_cmp_current_time() return -1 if asn1_time +is earlier than, or equal to, in_tm (resp. current time), and 1 +otherwise. These methods return 0 on error.

    +

    X509_cmp_timeframe() returns 0 if vpm is not NULL and the verification +parameters do not contain X509_V_FLAG_USE_CHECK_TIME +but do contain X509_V_FLAG_NO_CHECK_TIME. Otherwise it returns +1 if the end time is not NULL and the reference time (which has determined as +stated above) is past the end time, -1 if the start time is not NULL and the +reference time is before, else 0 to indicate that the reference time is in range +(implying that the end time is not before the start time if both are present).

    +

    X509_time_adj() and X509_time_adj_ex() return a pointer to the updated +ASN1_TIME structure, and NULL on error.

    +

    +

    +
    +

    HISTORY

    +

    X509_cmp_timeframe() was added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/X509_digest.html b/linux_amd64/share/doc/openssl/html/man3/X509_digest.html new file mode 100755 index 0000000..3661b89 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/X509_digest.html @@ -0,0 +1,103 @@ + + + + +X509_digest + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_digest, X509_CRL_digest, +X509_pubkey_digest, +X509_NAME_digest, +X509_REQ_digest, +PKCS7_ISSUER_AND_SERIAL_digest +- get digest of various objects

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509.h>
    +
    + int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
+                 unsigned int *len);
    +
    + int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, unsigned char *md,
+                     unsigned int *len);
    +
    + int X509_pubkey_digest(const X509 *data, const EVP_MD *type,
+                        unsigned char *md, unsigned int *len);
    +
    + int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type,
+                     unsigned char *md, unsigned int *len);
    +
    + int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type,
+                      unsigned char *md, unsigned int *len);
    +
    + #include <openssl/pkcs7.h>
    +
    + int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,
+                                    const EVP_MD *type, unsigned char *md,
+                                    unsigned int *len);
    +

    +

    +
    +

    DESCRIPTION

    +

    X509_pubkey_digest() returns a digest of the DER representation of the public +key in the specified X509 data object. +All other functions described here return a digest of the DER representation +of their entire data objects.

    +

    The type parameter specifies the digest to +be used, such as EVP_sha1(). The md is a pointer to the buffer where the +digest will be copied and is assumed to be large enough; the constant +EVP_MAX_MD_SIZE is suggested. The len parameter, if not NULL, points +to a place where the digest size will be stored.

    +

    +

    +
    +

    RETURN VALUES

    +

    All functions described here return 1 for success and 0 for failure.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_sha1(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/X509_dup.html b/linux_amd64/share/doc/openssl/html/man3/X509_dup.html new file mode 100755 index 0000000..4148511 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/X509_dup.html @@ -0,0 +1,378 @@ + + + + +X509_dup + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    DECLARE_ASN1_FUNCTIONS, +IMPLEMENT_ASN1_FUNCTIONS, +ASN1_ITEM, +ACCESS_DESCRIPTION_free, +ACCESS_DESCRIPTION_new, +ADMISSIONS_free, +ADMISSIONS_new, +ADMISSION_SYNTAX_free, +ADMISSION_SYNTAX_new, +ASIdOrRange_free, +ASIdOrRange_new, +ASIdentifierChoice_free, +ASIdentifierChoice_new, +ASIdentifiers_free, +ASIdentifiers_new, +ASRange_free, +ASRange_new, +AUTHORITY_INFO_ACCESS_free, +AUTHORITY_INFO_ACCESS_new, +AUTHORITY_KEYID_free, +AUTHORITY_KEYID_new, +BASIC_CONSTRAINTS_free, +BASIC_CONSTRAINTS_new, +CERTIFICATEPOLICIES_free, +CERTIFICATEPOLICIES_new, +CMS_ContentInfo_free, +CMS_ContentInfo_new, +CMS_ContentInfo_print_ctx, +CMS_ReceiptRequest_free, +CMS_ReceiptRequest_new, +CRL_DIST_POINTS_free, +CRL_DIST_POINTS_new, +DIRECTORYSTRING_free, +DIRECTORYSTRING_new, +DISPLAYTEXT_free, +DISPLAYTEXT_new, +DIST_POINT_NAME_free, +DIST_POINT_NAME_new, +DIST_POINT_free, +DIST_POINT_new, +DSAparams_dup, +ECPARAMETERS_free, +ECPARAMETERS_new, +ECPKPARAMETERS_free, +ECPKPARAMETERS_new, +EDIPARTYNAME_free, +EDIPARTYNAME_new, +ESS_CERT_ID_dup, +ESS_CERT_ID_free, +ESS_CERT_ID_new, +ESS_CERT_ID_V2_dup, +ESS_CERT_ID_V2_free, +ESS_CERT_ID_V2_new, +ESS_ISSUER_SERIAL_dup, +ESS_ISSUER_SERIAL_free, +ESS_ISSUER_SERIAL_new, +ESS_SIGNING_CERT_dup, +ESS_SIGNING_CERT_free, +ESS_SIGNING_CERT_new, +ESS_SIGNING_CERT_V2_dup, +ESS_SIGNING_CERT_V2_free, +ESS_SIGNING_CERT_V2_new, +EXTENDED_KEY_USAGE_free, +EXTENDED_KEY_USAGE_new, +GENERAL_NAMES_free, +GENERAL_NAMES_new, +GENERAL_NAME_dup, +GENERAL_NAME_free, +GENERAL_NAME_new, +GENERAL_SUBTREE_free, +GENERAL_SUBTREE_new, +IPAddressChoice_free, +IPAddressChoice_new, +IPAddressFamily_free, +IPAddressFamily_new, +IPAddressOrRange_free, +IPAddressOrRange_new, +IPAddressRange_free, +IPAddressRange_new, +ISSUING_DIST_POINT_free, +ISSUING_DIST_POINT_new, +NAME_CONSTRAINTS_free, +NAME_CONSTRAINTS_new, +NAMING_AUTHORITY_free, +NAMING_AUTHORITY_new, +NETSCAPE_CERT_SEQUENCE_free, +NETSCAPE_CERT_SEQUENCE_new, +NETSCAPE_SPKAC_free, +NETSCAPE_SPKAC_new, +NETSCAPE_SPKI_free, +NETSCAPE_SPKI_new, +NOTICEREF_free, +NOTICEREF_new, +OCSP_BASICRESP_free, +OCSP_BASICRESP_new, +OCSP_CERTID_dup, +OCSP_CERTID_new, +OCSP_CERTSTATUS_free, +OCSP_CERTSTATUS_new, +OCSP_CRLID_free, +OCSP_CRLID_new, +OCSP_ONEREQ_free, +OCSP_ONEREQ_new, +OCSP_REQINFO_free, +OCSP_REQINFO_new, +OCSP_RESPBYTES_free, +OCSP_RESPBYTES_new, +OCSP_RESPDATA_free, +OCSP_RESPDATA_new, +OCSP_RESPID_free, +OCSP_RESPID_new, +OCSP_RESPONSE_new, +OCSP_REVOKEDINFO_free, +OCSP_REVOKEDINFO_new, +OCSP_SERVICELOC_free, +OCSP_SERVICELOC_new, +OCSP_SIGNATURE_free, +OCSP_SIGNATURE_new, +OCSP_SINGLERESP_free, +OCSP_SINGLERESP_new, +OSSL_CMP_ITAV_free, +OSSL_CMP_MSG_it, +OSSL_CMP_MSG_free, +OSSL_CMP_PKIHEADER_free, +OSSL_CMP_PKIHEADER_it, +OSSL_CMP_PKIHEADER_new, +OSSL_CMP_PKISI_free, +OSSL_CMP_PKISI_new, +OSSL_CMP_PKISTATUS_it, +OSSL_CRMF_CERTID_free, +OSSL_CRMF_CERTID_it, +OSSL_CRMF_CERTID_new, +OSSL_CRMF_CERTTEMPLATE_free, +OSSL_CRMF_CERTTEMPLATE_it, +OSSL_CRMF_CERTTEMPLATE_new, +OSSL_CRMF_ENCRYPTEDVALUE_free, +OSSL_CRMF_ENCRYPTEDVALUE_it, +OSSL_CRMF_ENCRYPTEDVALUE_new, +OSSL_CRMF_MSGS_free, +OSSL_CRMF_MSGS_it, +OSSL_CRMF_MSGS_new, +OSSL_CRMF_MSG_free, +OSSL_CRMF_MSG_it, +OSSL_CRMF_MSG_new, +OSSL_CRMF_PBMPARAMETER_free, +OSSL_CRMF_PBMPARAMETER_it, +OSSL_CRMF_PBMPARAMETER_new, +OSSL_CRMF_PKIPUBLICATIONINFO_free, +OSSL_CRMF_PKIPUBLICATIONINFO_it, +OSSL_CRMF_PKIPUBLICATIONINFO_new, +OSSL_CRMF_SINGLEPUBINFO_free, +OSSL_CRMF_SINGLEPUBINFO_it, +OSSL_CRMF_SINGLEPUBINFO_new, +OTHERNAME_free, +OTHERNAME_new, +PBE2PARAM_free, +PBE2PARAM_new, +PBEPARAM_free, +PBEPARAM_new, +PBKDF2PARAM_free, +PBKDF2PARAM_new, +PKCS12_BAGS_free, +PKCS12_BAGS_new, +PKCS12_MAC_DATA_free, +PKCS12_MAC_DATA_new, +PKCS12_SAFEBAG_free, +PKCS12_SAFEBAG_new, +PKCS12_free, +PKCS12_new, +PKCS7_DIGEST_free, +PKCS7_DIGEST_new, +PKCS7_ENCRYPT_free, +PKCS7_ENCRYPT_new, +PKCS7_ENC_CONTENT_free, +PKCS7_ENC_CONTENT_new, +PKCS7_ENVELOPE_free, +PKCS7_ENVELOPE_new, +PKCS7_ISSUER_AND_SERIAL_free, +PKCS7_ISSUER_AND_SERIAL_new, +PKCS7_RECIP_INFO_free, +PKCS7_RECIP_INFO_new, +PKCS7_SIGNED_free, +PKCS7_SIGNED_new, +PKCS7_SIGNER_INFO_free, +PKCS7_SIGNER_INFO_new, +PKCS7_SIGN_ENVELOPE_free, +PKCS7_SIGN_ENVELOPE_new, +PKCS7_dup, +PKCS7_free, +PKCS7_new, +PKCS7_print_ctx, +PKCS8_PRIV_KEY_INFO_free, +PKCS8_PRIV_KEY_INFO_new, +PKEY_USAGE_PERIOD_free, +PKEY_USAGE_PERIOD_new, +POLICYINFO_free, +POLICYINFO_new, +POLICYQUALINFO_free, +POLICYQUALINFO_new, +POLICY_CONSTRAINTS_free, +POLICY_CONSTRAINTS_new, +POLICY_MAPPING_free, +POLICY_MAPPING_new, +PROFESSION_INFOS_free, +PROFESSION_INFOS_new, +PROFESSION_INFO_free, +PROFESSION_INFO_new, +PROXY_CERT_INFO_EXTENSION_free, +PROXY_CERT_INFO_EXTENSION_new, +PROXY_POLICY_free, +PROXY_POLICY_new, +RSAPrivateKey_dup, +RSAPublicKey_dup, +RSA_OAEP_PARAMS_free, +RSA_OAEP_PARAMS_new, +RSA_PSS_PARAMS_free, +RSA_PSS_PARAMS_new, +SCRYPT_PARAMS_free, +SCRYPT_PARAMS_new, +SXNETID_free, +SXNETID_new, +SXNET_free, +SXNET_new, +TLS_FEATURE_free, +TLS_FEATURE_new, +TS_ACCURACY_dup, +TS_ACCURACY_free, +TS_ACCURACY_new, +TS_MSG_IMPRINT_dup, +TS_MSG_IMPRINT_free, +TS_MSG_IMPRINT_new, +TS_REQ_dup, +TS_REQ_free, +TS_REQ_new, +TS_RESP_dup, +TS_RESP_free, +TS_RESP_new, +TS_STATUS_INFO_dup, +TS_STATUS_INFO_free, +TS_STATUS_INFO_new, +TS_TST_INFO_dup, +TS_TST_INFO_free, +TS_TST_INFO_new, +USERNOTICE_free, +USERNOTICE_new, +X509_ALGOR_free, +X509_ALGOR_new, +X509_ATTRIBUTE_dup, +X509_ATTRIBUTE_free, +X509_ATTRIBUTE_new, +X509_CERT_AUX_free, +X509_CERT_AUX_new, +X509_CINF_free, +X509_CINF_new, +X509_CRL_INFO_free, +X509_CRL_INFO_new, +X509_CRL_dup, +X509_CRL_free, +X509_CRL_new, +X509_EXTENSION_dup, +X509_EXTENSION_free, +X509_EXTENSION_new, +X509_NAME_ENTRY_dup, +X509_NAME_ENTRY_free, +X509_NAME_ENTRY_new, +X509_NAME_dup, +X509_NAME_free, +X509_NAME_new, +X509_REQ_INFO_free, +X509_REQ_INFO_new, +X509_REQ_dup, +X509_REQ_free, +X509_REQ_new, +X509_REVOKED_dup, +X509_REVOKED_free, +X509_REVOKED_new, +X509_SIG_free, +X509_SIG_new, +X509_VAL_free, +X509_VAL_new, +X509_dup, +- ASN1 object utilities

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/asn1t.h>
    +
    + DECLARE_ASN1_FUNCTIONS(type)
+ IMPLEMENT_ASN1_FUNCTIONS(stname)
    +
    + typedef struct ASN1_ITEM_st ASN1_ITEM;
    +
    + extern const ASN1_ITEM TYPE_it;
+ TYPE *TYPE_new(void);
+ TYPE *TYPE_dup(const TYPE *a);
+ void TYPE_free(TYPE *a);
+ int TYPE_print_ctx(BIO *out, TYPE *a, int indent, const ASN1_PCTX *pctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    In the description below, TYPE is used +as a placeholder for any of the OpenSSL datatypes, such as X509.

    +

    The OpenSSL ASN1 parsing library templates are like a data-driven bytecode +interpreter. +Every ASN1 object as a global variable, TYPE_it, that describes the item +such as its fields. (On systems which cannot export variables from shared +libraries, the global is instead a function which returns a pointer to a +static variable.

    +

    The macro DECLARE_ASN1_FUNCTIONS() is typically used in header files +to generate the function declarations.

    +

    The macro IMPLEMENT_ASN1_FUNCTIONS() is used once in a source file +to generate the function bodies.

    +

    TYPE_new() allocates an empty object of the indicated type. +The object returned must be released by calling TYPE_free().

    +

    TYPE_dup() copies an existing object, leaving it untouched.

    +

    TYPE_free() releases the object and all pointers and sub-objects +within it.

    +

    TYPE_print_ctx() prints the object a on the specified BIO out. +Each line will be prefixed with indent spaces. +The pctx specifies the printing context and is for internal +use; use NULL to get the default behavior. If a print function is +user-defined, then pass in any pctx down to any nested calls.

    +

    +

    +
    +

    RETURN VALUES

    +

    TYPE_new() and TYPE_dup() return a pointer to the object or NULL on +failure.

    +

    TYPE_print_ctx() returns 1 on success or zero on failure.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/X509_get0_notBefore.html b/linux_amd64/share/doc/openssl/html/man3/X509_get0_notBefore.html new file mode 100755 index 0000000..e08f234 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/X509_get0_notBefore.html @@ -0,0 +1,135 @@ + + + + +X509_get0_notBefore + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_get0_notBefore, X509_getm_notBefore, X509_get0_notAfter, +X509_getm_notAfter, X509_set1_notBefore, X509_set1_notAfter, +X509_CRL_get0_lastUpdate, X509_CRL_get0_nextUpdate, X509_CRL_set1_lastUpdate, +X509_CRL_set1_nextUpdate - get or set certificate or CRL dates

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509.h>
    +
    + const ASN1_TIME *X509_get0_notBefore(const X509 *x);
+ const ASN1_TIME *X509_get0_notAfter(const X509 *x);
    +
    + ASN1_TIME *X509_getm_notBefore(const X509 *x);
+ ASN1_TIME *X509_getm_notAfter(const X509 *x);
    +
    + int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm);
+ int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm);
    +
    + const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl);
+ const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl);
    +
    + int X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm);
+ int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm);
    +

    +

    +
    +

    DESCRIPTION

    +

    X509_get0_notBefore() and X509_get0_notAfter() return the notBefore +and notAfter fields of certificate x respectively. The value +returned is an internal pointer which must not be freed up after +the call.

    +

    X509_getm_notBefore() and X509_getm_notAfter() are similar to +X509_get0_notBefore() and X509_get0_notAfter() except they return +non-constant mutable references to the associated date field of +the certificate.

    +

    X509_set1_notBefore() and X509_set1_notAfter() set the notBefore +and notAfter fields of x to tm. Ownership of the passed +parameter tm is not transferred by these functions so it must +be freed up after the call.

    +

    X509_CRL_get0_lastUpdate() and X509_CRL_get0_nextUpdate() return the +lastUpdate and nextUpdate fields of crl. The value +returned is an internal pointer which must not be freed up after +the call. If the nextUpdate field is absent from crl then +NULL is returned.

    +

    X509_CRL_set1_lastUpdate() and X509_CRL_set1_nextUpdate() set the lastUpdate +and nextUpdate fields of crl to tm. Ownership of the passed parameter +tm is not transferred by these functions so it must be freed up after the +call.

    +

    +

    +
    +

    RETURN VALUES

    +

    X509_get0_notBefore(), X509_get0_notAfter() and X509_CRL_get0_lastUpdate() +return a pointer to an ASN1_TIME structure.

    +

    X509_CRL_get0_lastUpdate() return a pointer to an ASN1_TIME structure +or NULL if the lastUpdate field is absent.

    +

    X509_set1_notBefore(), X509_set1_notAfter(), X509_CRL_set1_lastUpdate() and +X509_CRL_set1_nextUpdate() return 1 for success or 0 for failure.

    +

    +

    +
    +

    SEE ALSO

    +

    d2i_X509(3), +ERR_get_error(3), +X509_CRL_get0_by_serial(3), +X509_get0_signature(3), +X509_get_ext_d2i(3), +X509_get_extension_flags(3), +X509_get_pubkey(3), +X509_get_subject_name(3), +X509_NAME_add_entry_by_txt(3), +X509_NAME_ENTRY_get_object(3), +X509_NAME_get_index_by_NID(3), +X509_NAME_print_ex(3), +X509_new(3), +X509_sign(3), +X509V3_get_d2i(3), +X509_verify_cert(3)

    +

    +

    +
    +

    HISTORY

    +

    These functions are available in all versions of OpenSSL.

    +

    X509_get_notBefore() and X509_get_notAfter() were deprecated in OpenSSL +1.1.0

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/X509_get0_signature.html b/linux_amd64/share/doc/openssl/html/man3/X509_get0_signature.html new file mode 100755 index 0000000..0f90428 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/X509_get0_signature.html @@ -0,0 +1,162 @@ + + + + +X509_get0_signature + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_get0_signature, X509_get_signature_nid, X509_get0_tbs_sigalg, +X509_REQ_get0_signature, X509_REQ_get_signature_nid, X509_CRL_get0_signature, +X509_CRL_get_signature_nid, X509_get_signature_info, X509_SIG_INFO_get, +X509_SIG_INFO_set - signature information

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509.h>
    +
    + void X509_get0_signature(const ASN1_BIT_STRING **psig,
+                          const X509_ALGOR **palg,
+                          const X509 *x);
+ int X509_get_signature_nid(const X509 *x);
+ const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x);
    +
    + void X509_REQ_get0_signature(const X509_REQ *crl,
+                              const ASN1_BIT_STRING **psig,
+                              const X509_ALGOR **palg);
+ int X509_REQ_get_signature_nid(const X509_REQ *crl);
    +
    + void X509_CRL_get0_signature(const X509_CRL *crl,
+                              const ASN1_BIT_STRING **psig,
+                              const X509_ALGOR **palg);
+ int X509_CRL_get_signature_nid(const X509_CRL *crl);
    +
    + int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits,
+                             uint32_t *flags);
    +
    + int X509_SIG_INFO_get(const X509_SIG_INFO *siginf, int *mdnid, int *pknid,
+                      int *secbits, uint32_t *flags);
+ void X509_SIG_INFO_set(X509_SIG_INFO *siginf, int mdnid, int pknid,
+                        int secbits, uint32_t flags);
    +

    +

    +
    +

    DESCRIPTION

    +

    X509_get0_signature() sets *psig to the signature of x and *palg +to the signature algorithm of x. The values returned are internal +pointers which MUST NOT be freed up after the call.

    +

    X509_get0_tbs_sigalg() returns the signature algorithm in the signed +portion of x.

    +

    X509_get_signature_nid() returns the NID corresponding to the signature +algorithm of x.

    +

    X509_REQ_get0_signature(), X509_REQ_get_signature_nid() +X509_CRL_get0_signature() and X509_CRL_get_signature_nid() perform the +same function for certificate requests and CRLs.

    +

    X509_get_signature_info() retrieves information about the signature of +certificate x. The NID of the signing digest is written to *mdnid, +the public key algorithm to *pknid, the effective security bits to +*secbits and flag details to *flags. Any of the parameters can +be set to NULL if the information is not required.

    +

    X509_SIG_INFO_get() and X509_SIG_INFO_set() get and set information +about a signature in an X509_SIG_INFO structure. They are only +used by implementations of algorithms which need to set custom +signature information: most applications will never need to call +them.

    +

    +

    +
    +

    NOTES

    +

    These functions provide lower level access to signatures in certificates +where an application wishes to analyse or generate a signature in a form +where X509_sign() et al is not appropriate (for example a non standard +or unsupported format).

    +

    The security bits returned by X509_get_signature_info() refers to information +available from the certificate signature (such as the signing digest). In some +cases the actual security of the signature is less because the signing +key is less secure: for example a certificate signed using SHA-512 and a +1024 bit RSA key.

    +

    +

    +
    +

    RETURN VALUES

    +

    X509_get_signature_nid(), X509_REQ_get_signature_nid() and +X509_CRL_get_signature_nid() return a NID.

    +

    X509_get0_signature(), X509_REQ_get0_signature() and +X509_CRL_get0_signature() do not return values.

    +

    X509_get_signature_info() returns 1 if the signature information +returned is valid or 0 if the information is not available (e.g. +unknown algorithms or malformed parameters).

    +

    +

    +
    +

    SEE ALSO

    +

    d2i_X509(3), +ERR_get_error(3), +X509_CRL_get0_by_serial(3), +X509_get_ext_d2i(3), +X509_get_extension_flags(3), +X509_get_pubkey(3), +X509_get_subject_name(3), +X509_get_version(3), +X509_NAME_add_entry_by_txt(3), +X509_NAME_ENTRY_get_object(3), +X509_NAME_get_index_by_NID(3), +X509_NAME_print_ex(3), +X509_new(3), +X509_sign(3), +X509V3_get_d2i(3), +X509_verify_cert(3)

    +

    +

    +
    +

    HISTORY

    +

    The +X509_get0_signature() and X509_get_signature_nid() functions were +added in OpenSSL 1.0.2.

    +

    The +X509_REQ_get0_signature(), X509_REQ_get_signature_nid(), +X509_CRL_get0_signature() and X509_CRL_get_signature_nid() were +added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/X509_get0_sm2_id.html b/linux_amd64/share/doc/openssl/html/man3/X509_get0_sm2_id.html new file mode 100755 index 0000000..6e23de4 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/X509_get0_sm2_id.html @@ -0,0 +1,92 @@ + + + + +X509_get0_sm2_id + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_get0_sm2_id, X509_set0_sm2_id, +X509_REQ_get0_sm2_id, X509_REQ_set0_sm2_id +- get or set SM2 ID for certificate operations

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509.h>
    +
    + ASN1_OCTET_STRING *X509_get0_sm2_id(X509 *x);
+ void X509_set0_sm2_id(X509 *x, ASN1_OCTET_STRING *sm2_id);
+ ASN1_OCTET_STRING *X509_REQ_get0_sm2_id(X509_REQ *x);
+ void X509_REQ_set0_sm2_id(X509_REQ *x, ASN1_OCTET_STRING *sm2_id);
    +

    +

    +
    +

    DESCRIPTION

    +

    X509_get0_sm2_id() gets the ID value of an SM2 certificate x by returning an +ASN1_OCTET_STRING object which should not be freed by the caller.

    +

    X509_set0_sm2_id() sets the sm2_id value to an SM2 certificate x. Calling +this function transfers the memory management of the value to the X509 object, +and therefore the value that has been passed in should not be freed by the +caller after this function has been called.

    +

    X509_REQ_get0_sm2_id() and X509_REQ_set0_sm2_id() have the same functionality +as X509_get0_sm2_id() and X509_set0_sm2_id() except that they deal with +X509_REQ objects instead of X509.

    +

    +

    +
    +

    NOTES

    +

    SM2 signature algorithm requires an ID value when generating and verifying a +signature. The functions described in this manual provide the user with the +ability to set and retrieve the SM2 ID value.

    +

    +

    +
    +

    RETURN VALUES

    +

    X509_set0_sm2_id() and X509_REQ_set0_sm2_id() do not return a value.

    +

    +

    +
    +

    SEE ALSO

    +

    X509_verify(3), SM2(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/X509_get0_uids.html b/linux_amd64/share/doc/openssl/html/man3/X509_get0_uids.html new file mode 100755 index 0000000..c652cff --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/X509_get0_uids.html @@ -0,0 +1,96 @@ + + + + +X509_get0_uids + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_get0_uids - get certificate unique identifiers

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509.h>
    +
    + void X509_get0_uids(const X509 *x, const ASN1_BIT_STRING **piuid,
+                     const ASN1_BIT_STRING **psuid);
    +

    +

    +
    +

    DESCRIPTION

    +

    X509_get0_uids() sets *piuid and *psuid to the issuer and subject unique +identifiers of certificate x or NULL if the fields are not present.

    +

    +

    +
    +

    NOTES

    +

    The issuer and subject unique identifier fields are very rarely encountered in +practice outside test cases.

    +

    +

    +
    +

    RETURN VALUES

    +

    X509_get0_uids() does not return a value.

    +

    +

    +
    +

    SEE ALSO

    +

    d2i_X509(3), +ERR_get_error(3), +X509_CRL_get0_by_serial(3), +X509_get0_signature(3), +X509_get_ext_d2i(3), +X509_get_extension_flags(3), +X509_get_pubkey(3), +X509_get_subject_name(3), +X509_get_version(3), +X509_NAME_add_entry_by_txt(3), +X509_NAME_ENTRY_get_object(3), +X509_NAME_get_index_by_NID(3), +X509_NAME_print_ex(3), +X509_new(3), +X509_sign(3), +X509V3_get_d2i(3), +X509_verify_cert(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/X509_get_extension_flags.html b/linux_amd64/share/doc/openssl/html/man3/X509_get_extension_flags.html new file mode 100755 index 0000000..4b566a7 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/X509_get_extension_flags.html @@ -0,0 +1,227 @@ + + + + +X509_get_extension_flags + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_get0_subject_key_id, +X509_get0_authority_key_id, +X509_get0_authority_issuer, +X509_get0_authority_serial, +X509_get_pathlen, +X509_get_extension_flags, +X509_get_key_usage, +X509_get_extended_key_usage, +X509_set_proxy_flag, +X509_set_proxy_pathlen, +X509_get_proxy_pathlen - retrieve certificate extension data

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509v3.h>
    +
    + long X509_get_pathlen(X509 *x);
+ uint32_t X509_get_extension_flags(X509 *x);
+ uint32_t X509_get_key_usage(X509 *x);
+ uint32_t X509_get_extended_key_usage(X509 *x);
+ const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x);
+ const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x);
+ const GENERAL_NAMES *X509_get0_authority_issuer(X509 *x);
+ const ASN1_INTEGER *X509_get0_authority_serial(X509 *x);
+ void X509_set_proxy_flag(X509 *x);
+ void X509_set_proxy_pathlen(int l);
+ long X509_get_proxy_pathlen(X509 *x);
    +

    +

    +
    +

    DESCRIPTION

    +

    These functions retrieve information related to commonly used certificate extensions.

    +

    X509_get_pathlen() retrieves the path length extension from a certificate. +This extension is used to limit the length of a cert chain that may be +issued from that CA.

    +

    X509_get_extension_flags() retrieves general information about a certificate, +it will return one or more of the following flags ored together.

    +
    +
    EXFLAG_V1
    + +
    +

    The certificate is an obsolete version 1 certificate.

    +
    +
    EXFLAG_BCONS
    + +
    +

    The certificate contains a basic constraints extension.

    +
    +
    EXFLAG_CA
    + +
    +

    The certificate contains basic constraints and asserts the CA flag.

    +
    +
    EXFLAG_PROXY
    + +
    +

    The certificate is a valid proxy certificate.

    +
    +
    EXFLAG_SI
    + +
    +

    The certificate is self issued (that is subject and issuer names match).

    +
    +
    EXFLAG_SS
    + +
    +

    The subject and issuer names match and extension values imply it is self +signed.

    +
    +
    EXFLAG_FRESHEST
    + +
    +

    The freshest CRL extension is present in the certificate.

    +
    +
    EXFLAG_CRITICAL
    + +
    +

    The certificate contains an unhandled critical extension.

    +
    +
    EXFLAG_INVALID
    + +
    +

    Some certificate extension values are invalid or inconsistent. The +certificate should be rejected.

    +
    +
    EXFLAG_KUSAGE
    + +
    +

    The certificate contains a key usage extension. The value can be retrieved +using X509_get_key_usage().

    +
    +
    EXFLAG_XKUSAGE
    + +
    +

    The certificate contains an extended key usage extension. The value can be +retrieved using X509_get_extended_key_usage().

    +
    +
    +

    X509_get_key_usage() returns the value of the key usage extension. If key +usage is present will return zero or more of the flags: +KU_DIGITAL_SIGNATURE, KU_NON_REPUDIATION, KU_KEY_ENCIPHERMENT, +KU_DATA_ENCIPHERMENT, KU_KEY_AGREEMENT, KU_KEY_CERT_SIGN, +KU_CRL_SIGN, KU_ENCIPHER_ONLY or KU_DECIPHER_ONLY corresponding to +individual key usage bits. If key usage is absent then UINT32_MAX is +returned.

    +

    X509_get_extended_key_usage() returns the value of the extended key usage +extension. If extended key usage is present it will return zero or more of the +flags: XKU_SSL_SERVER, XKU_SSL_CLIENT, XKU_SMIME, XKU_CODE_SIGN +XKU_OCSP_SIGN, XKU_TIMESTAMP, XKU_DVCS or XKU_ANYEKU. These +correspond to the OIDs id-kp-serverAuth, id-kp-clientAuth, +id-kp-emailProtection, id-kp-codeSigning, id-kp-OCSPSigning, +id-kp-timeStamping, id-kp-dvcs and anyExtendedKeyUsage respectively. +Additionally XKU_SGC is set if either Netscape or Microsoft SGC OIDs are +present.

    +

    X509_get0_subject_key_id() returns an internal pointer to the subject key +identifier of x as an ASN1_OCTET_STRING or NULL if the extension +is not present or cannot be parsed.

    +

    X509_get0_authority_key_id() returns an internal pointer to the authority key +identifier of x as an ASN1_OCTET_STRING or NULL if the extension +is not present or cannot be parsed.

    +

    X509_get0_authority_issuer() returns an internal pointer to the authority +certificate issuer of x as a stack of GENERAL_NAME structures or +NULL if the extension is not present or cannot be parsed.

    +

    X509_get0_authority_serial() returns an internal pointer to the authority +certificate serial number of x as an ASN1_INTEGER or NULL if the +extension is not present or cannot be parsed.

    +

    X509_set_proxy_flag() marks the certificate with the EXFLAG_PROXY flag. +This is for the users who need to mark non-RFC3820 proxy certificates as +such, as OpenSSL only detects RFC3820 compliant ones.

    +

    X509_set_proxy_pathlen() sets the proxy certificate path length for the given +certificate x. This is for the users who need to mark non-RFC3820 proxy +certificates as such, as OpenSSL only detects RFC3820 compliant ones.

    +

    X509_get_proxy_pathlen() returns the proxy certificate path length for the +given certificate x if it is a proxy certificate.

    +

    +

    +
    +

    NOTES

    +

    The value of the flags correspond to extension values which are cached +in the X509 structure. If the flags returned do not provide sufficient +information an application should examine extension values directly +for example using X509_get_ext_d2i().

    +

    If the key usage or extended key usage extension is absent then typically usage +is unrestricted. For this reason X509_get_key_usage() and +X509_get_extended_key_usage() return UINT32_MAX when the corresponding +extension is absent. Applications can additionally check the return value of +X509_get_extension_flags() and take appropriate action is an extension is +absent.

    +

    If X509_get0_subject_key_id() returns NULL then the extension may be +absent or malformed. Applications can determine the precise reason using +X509_get_ext_d2i().

    +

    +

    +
    +

    RETURN VALUES

    +

    X509_get_pathlen() returns the path length value, or -1 if the extension +is not present.

    +

    X509_get_extension_flags(), X509_get_key_usage() and +X509_get_extended_key_usage() return sets of flags corresponding to the +certificate extension values.

    +

    X509_get0_subject_key_id() returns the subject key identifier as a +pointer to an ASN1_OCTET_STRING structure or NULL if the extension +is absent or an error occurred during parsing.

    +

    X509_get_proxy_pathlen() returns the path length value if the given +certificate is a proxy one and has a path length set, and -1 otherwise.

    +

    +

    +
    +

    SEE ALSO

    +

    X509_check_purpose(3)

    +

    +

    +
    +

    HISTORY

    +

    X509_get_pathlen(), X509_set_proxy_flag(), X509_set_proxy_pathlen() and +X509_get_proxy_pathlen() were added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/X509_get_pubkey.html b/linux_amd64/share/doc/openssl/html/man3/X509_get_pubkey.html new file mode 100755 index 0000000..bb14eea --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/X509_get_pubkey.html @@ -0,0 +1,122 @@ + + + + +X509_get_pubkey + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_get_pubkey, X509_get0_pubkey, X509_set_pubkey, X509_get_X509_PUBKEY, +X509_REQ_get_pubkey, X509_REQ_get0_pubkey, X509_REQ_set_pubkey, +X509_REQ_get_X509_PUBKEY - get or set certificate or certificate request +public key

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509.h>
    +
    + EVP_PKEY *X509_get_pubkey(X509 *x);
+ EVP_PKEY *X509_get0_pubkey(const X509 *x);
+ int X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
+ X509_PUBKEY *X509_get_X509_PUBKEY(X509 *x);
    +
    + EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req);
+ EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req);
+ int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
+ X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *x);
    +

    +

    +
    +

    DESCRIPTION

    +

    X509_get_pubkey() attempts to decode the public key for certificate x. If +successful it returns the public key as an EVP_PKEY pointer with its +reference count incremented: this means the returned key must be freed up +after use. X509_get0_pubkey() is similar except it does not increment +the reference count of the returned EVP_PKEY so it must not be freed up +after use.

    +

    X509_get_X509_PUBKEY() returns an internal pointer to the X509_PUBKEY +structure which encodes the certificate of x. The returned value +must not be freed up after use.

    +

    X509_set_pubkey() attempts to set the public key for certificate x to +pkey. The key pkey should be freed up after use.

    +

    X509_REQ_get_pubkey(), X509_REQ_get0_pubkey(), X509_REQ_set_pubkey() and +X509_REQ_get_X509_PUBKEY() are similar but operate on certificate request req.

    +

    +

    +
    +

    NOTES

    +

    The first time a public key is decoded the EVP_PKEY structure is +cached in the certificate or certificate request itself. Subsequent calls +return the cached structure with its reference count incremented to +improve performance.

    +

    +

    +
    +

    RETURN VALUES

    +

    X509_get_pubkey(), X509_get0_pubkey(), X509_get_X509_PUBKEY(), +X509_REQ_get_pubkey() and X509_REQ_get_X509_PUBKEY() return a public key or +NULL if an error occurred.

    +

    X509_set_pubkey() and X509_REQ_set_pubkey() return 1 for success and 0 +for failure.

    +

    +

    +
    +

    SEE ALSO

    +

    d2i_X509(3), +ERR_get_error(3), +X509_CRL_get0_by_serial(3), +X509_get0_signature(3), +X509_get_ext_d2i(3), +X509_get_extension_flags(3), +X509_get_subject_name(3), +X509_get_version(3), +X509_NAME_add_entry_by_txt(3), +X509_NAME_ENTRY_get_object(3), +X509_NAME_get_index_by_NID(3), +X509_NAME_print_ex(3), +X509_new(3), +X509_sign(3), +X509V3_get_d2i(3), +X509_verify_cert(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/X509_get_serialNumber.html b/linux_amd64/share/doc/openssl/html/man3/X509_get_serialNumber.html new file mode 100755 index 0000000..89e9d0d --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/X509_get_serialNumber.html @@ -0,0 +1,108 @@ + + + + +X509_get_serialNumber + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_get_serialNumber, +X509_get0_serialNumber, +X509_set_serialNumber +- get or set certificate serial number

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509.h>
    +
    + ASN1_INTEGER *X509_get_serialNumber(X509 *x);
+ const ASN1_INTEGER *X509_get0_serialNumber(const X509 *x);
+ int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial);
    +

    +

    +
    +

    DESCRIPTION

    +

    X509_get_serialNumber() returns the serial number of certificate x as an +ASN1_INTEGER structure which can be examined or initialised. The value +returned is an internal pointer which MUST NOT be freed up after the call.

    +

    X509_get0_serialNumber() is the same as X509_get_serialNumber() except it +accepts a const parameter and returns a const result.

    +

    X509_set_serialNumber() sets the serial number of certificate x to +serial. A copy of the serial number is used internally so serial should +be freed up after use.

    +

    +

    +
    +

    RETURN VALUES

    +

    X509_get_serialNumber() and X509_get0_serialNumber() return an ASN1_INTEGER +structure.

    +

    X509_set_serialNumber() returns 1 for success and 0 for failure.

    +

    +

    +
    +

    SEE ALSO

    +

    d2i_X509(3), +ERR_get_error(3), +X509_CRL_get0_by_serial(3), +X509_get0_signature(3), +X509_get_ext_d2i(3), +X509_get_extension_flags(3), +X509_get_pubkey(3), +X509_get_subject_name(3), +X509_NAME_add_entry_by_txt(3), +X509_NAME_ENTRY_get_object(3), +X509_NAME_get_index_by_NID(3), +X509_NAME_print_ex(3), +X509_new(3), +X509_sign(3), +X509V3_get_d2i(3), +X509_verify_cert(3)

    +

    +

    +
    +

    HISTORY

    +

    The X509_get_serialNumber() and X509_set_serialNumber() functions are +available in all versions of OpenSSL. +The X509_get0_serialNumber() function was added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/X509_get_subject_name.html b/linux_amd64/share/doc/openssl/html/man3/X509_get_subject_name.html new file mode 100755 index 0000000..c65e614 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/X509_get_subject_name.html @@ -0,0 +1,120 @@ + + + + +X509_get_subject_name + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_get_subject_name, X509_set_subject_name, X509_get_issuer_name, +X509_set_issuer_name, X509_REQ_get_subject_name, X509_REQ_set_subject_name, +X509_CRL_get_issuer, X509_CRL_set_issuer_name - get and set issuer or +subject names

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509.h>
    +
    + X509_NAME *X509_get_subject_name(const X509 *x);
+ int X509_set_subject_name(X509 *x, X509_NAME *name);
    +
    + X509_NAME *X509_get_issuer_name(const X509 *x);
+ int X509_set_issuer_name(X509 *x, X509_NAME *name);
    +
    + X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req);
+ int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name);
    +
    + X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl);
+ int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name);
    +

    +

    +
    +

    DESCRIPTION

    +

    X509_get_subject_name() returns the subject name of certificate x. The +returned value is an internal pointer which MUST NOT be freed.

    +

    X509_set_subject_name() sets the issuer name of certificate x to +name. The name parameter is copied internally and should be freed +up when it is no longer needed.

    +

    X509_get_issuer_name() and X509_set_issuer_name() are identical to +X509_get_subject_name() and X509_set_subject_name() except the get and +set the issuer name of x.

    +

    Similarly X509_REQ_get_subject_name(), X509_REQ_set_subject_name(), +X509_CRL_get_issuer() and X509_CRL_set_issuer_name() get or set the subject +or issuer names of certificate requests of CRLs respectively.

    +

    +

    +
    +

    RETURN VALUES

    +

    X509_get_subject_name(), X509_get_issuer_name(), X509_REQ_get_subject_name() +and X509_CRL_get_issuer() return an X509_NAME pointer.

    +

    X509_set_subject_name(), X509_set_issuer_name(), X509_REQ_set_subject_name() +and X509_CRL_set_issuer_name() return 1 for success and 0 for failure.

    +

    +

    +
    +

    SEE ALSO

    +

    d2i_X509(3), +ERR_get_error(3), d2i_X509(3) +X509_CRL_get0_by_serial(3), +X509_get0_signature(3), +X509_get_ext_d2i(3), +X509_get_extension_flags(3), +X509_get_pubkey(3), +X509_NAME_add_entry_by_txt(3), +X509_NAME_ENTRY_get_object(3), +X509_NAME_get_index_by_NID(3), +X509_NAME_print_ex(3), +X509_new(3), +X509_sign(3), +X509V3_get_d2i(3), +X509_verify_cert(3)

    +

    +

    +
    +

    HISTORY

    +

    X509_REQ_get_subject_name() is a function in OpenSSL 1.1.0 and a macro in +earlier versions.

    +

    X509_CRL_get_issuer() is a function in OpenSSL 1.1.0. It was previously +added in OpenSSL 1.0.0 as a macro.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/X509_get_version.html b/linux_amd64/share/doc/openssl/html/man3/X509_get_version.html new file mode 100755 index 0000000..1aeedfd --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/X509_get_version.html @@ -0,0 +1,121 @@ + + + + +X509_get_version + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_get_version, X509_set_version, X509_REQ_get_version, X509_REQ_set_version, +X509_CRL_get_version, X509_CRL_set_version - get or set certificate, +certificate request or CRL version

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509.h>
    +
    + long X509_get_version(const X509 *x);
+ int X509_set_version(X509 *x, long version);
    +
    + long X509_REQ_get_version(const X509_REQ *req);
+ int X509_REQ_set_version(X509_REQ *x, long version);
    +
    + long X509_CRL_get_version(const X509_CRL *crl);
+ int X509_CRL_set_version(X509_CRL *x, long version);
    +

    +

    +
    +

    DESCRIPTION

    +

    X509_get_version() returns the numerical value of the version field of +certificate x. Note: this is defined by standards (X.509 et al) to be one +less than the certificate version. So a version 3 certificate will return 2 and +a version 1 certificate will return 0.

    +

    X509_set_version() sets the numerical value of the version field of certificate +x to version.

    +

    Similarly X509_REQ_get_version(), X509_REQ_set_version(), +X509_CRL_get_version() and X509_CRL_set_version() get and set the version +number of certificate requests and CRLs.

    +

    +

    +
    +

    NOTES

    +

    The version field of certificates, certificate requests and CRLs has a +DEFAULT value of v1(0) meaning the field should be omitted for version +1. This is handled transparently by these functions.

    +

    +

    +
    +

    RETURN VALUES

    +

    X509_get_version(), X509_REQ_get_version() and X509_CRL_get_version() +return the numerical value of the version field.

    +

    X509_set_version(), X509_REQ_set_version() and X509_CRL_set_version() +return 1 for success and 0 for failure.

    +

    +

    +
    +

    SEE ALSO

    +

    d2i_X509(3), +ERR_get_error(3), +X509_CRL_get0_by_serial(3), +X509_get0_signature(3), +X509_get_ext_d2i(3), +X509_get_extension_flags(3), +X509_get_pubkey(3), +X509_get_subject_name(3), +X509_NAME_add_entry_by_txt(3), +X509_NAME_ENTRY_get_object(3), +X509_NAME_get_index_by_NID(3), +X509_NAME_print_ex(3), +X509_new(3), +X509_sign(3), +X509V3_get_d2i(3), +X509_verify_cert(3)

    +

    +

    +
    +

    HISTORY

    +

    X509_get_version(), X509_REQ_get_version() and X509_CRL_get_version() are +functions in OpenSSL 1.1.0, in previous versions they were macros.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/X509_load_http.html b/linux_amd64/share/doc/openssl/html/man3/X509_load_http.html new file mode 100755 index 0000000..29ae0d4 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/X509_load_http.html @@ -0,0 +1,99 @@ + + + + +X509_load_http + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_load_http, +X509_http_nbio, +X509_CRL_load_http, +X509_CRL_http_nbio +- certificate and CRL loading functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509.h>
    +
    + X509 *X509_load_http(const char *url, BIO *bio, BIO *rbio, int timeout);
+ X509_CRL *X509_CRL_load_http(const char *url, BIO *bio, BIO *rbio, int timeout);
    +
    + #define X509_http_nbio(url)
+ #define X509_CRL_http_nbio(url)
    +

    +

    +
    +

    DESCRIPTION

    +

    X509_load_http() and X509_CRL_load_http() loads a certificate or a CRL, +respectively, in ASN.1 format using HTTP from the given url.

    +

    If bio is given and rbio is NULL then this BIO is used instead of an +interal one for connecting, writing the request, and reading the response. +If both bio and rbio are given (which may be memory BIOs, for instance) +then no explicit connection is attempted, +bio is used for writing the request, and rbio for reading the response.

    +

    If the timeout parameter is > 0 this indicates the maximum number of seconds +to wait until the transfer is complete. +A value of 0 enables waiting indefinitely, +while a value < 0 immediately leads to a timeout condition.

    +

    X509_http_nbio() and X509_CRL_http_nbio() are macros for backward compatibility +that have the same effect as the functions above but with infinite timeout +and without the possiblity to specify custom BIOs.

    +

    +

    +
    +

    RETURN VALUES

    +

    On success the function yield the loaded value, else NULL. +Error conditions include connection/transfer timeout, parse errors, etc.

    +

    +

    +
    +

    SEE ALSO

    +

    OSSL_HTTP_get_asn1(3)

    +

    +

    +
    +

    HISTORY

    +

    X509_load_http() and X509_CRL_load_http() were added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/X509_new.html b/linux_amd64/share/doc/openssl/html/man3/X509_new.html new file mode 100755 index 0000000..55867d0 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/X509_new.html @@ -0,0 +1,115 @@ + + + + +X509_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_chain_up_ref, +X509_new, X509_free, X509_up_ref - X509 certificate ASN1 allocation functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509.h>
    +
    + X509 *X509_new(void);
+ void X509_free(X509 *a);
+ int X509_up_ref(X509 *a);
+ STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *x);
    +

    +

    +
    +

    DESCRIPTION

    +

    The X509 ASN1 allocation routines, allocate and free an +X509 structure, which represents an X509 certificate.

    +

    X509_new() allocates and initializes a X509 structure with reference count +1.

    +

    X509_free() decrements the reference count of X509 structure a and +frees it up if the reference count is zero. If a is NULL nothing is done.

    +

    X509_up_ref() increments the reference count of a.

    +

    X509_chain_up_ref() increases the reference count of all certificates in +chain x and returns a copy of the stack.

    +

    +

    +
    +

    NOTES

    +

    The function X509_up_ref() if useful if a certificate structure is being +used by several different operations each of which will free it up after +use: this avoids the need to duplicate the entire certificate structure.

    +

    The function X509_chain_up_ref() doesn't just up the reference count of +each certificate it also returns a copy of the stack, using sk_X509_dup(), +but it serves a similar purpose: the returned chain persists after the +original has been freed.

    +

    +

    +
    +

    RETURN VALUES

    +

    If the allocation fails, X509_new() returns NULL and sets an error +code that can be obtained by ERR_get_error(3). +Otherwise it returns a pointer to the newly allocated structure.

    +

    X509_up_ref() returns 1 for success and 0 for failure.

    +

    X509_chain_up_ref() returns a copy of the stack or NULL if an error +occurred.

    +

    +

    +
    +

    SEE ALSO

    +

    d2i_X509(3), +ERR_get_error(3), +X509_CRL_get0_by_serial(3), +X509_get0_signature(3), +X509_get_ext_d2i(3), +X509_get_extension_flags(3), +X509_get_pubkey(3), +X509_get_subject_name(3), +X509_get_version(3), +X509_NAME_add_entry_by_txt(3), +X509_NAME_ENTRY_get_object(3), +X509_NAME_get_index_by_NID(3), +X509_NAME_print_ex(3), +X509_sign(3), +X509V3_get_d2i(3), +X509_verify_cert(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/X509_sign.html b/linux_amd64/share/doc/openssl/html/man3/X509_sign.html new file mode 100755 index 0000000..37f822c --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/X509_sign.html @@ -0,0 +1,135 @@ + + + + +X509_sign + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_sign, X509_sign_ctx, X509_verify, X509_REQ_sign, X509_REQ_sign_ctx, +X509_REQ_verify, X509_CRL_sign, X509_CRL_sign_ctx, X509_CRL_verify - +sign or verify certificate, certificate request or CRL signature

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509.h>
    +
    + int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
+ int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx);
+ int X509_verify(X509 *a, EVP_PKEY *r);
    +
    + int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md);
+ int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx);
+ int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r);
    +
    + int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md);
+ int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx);
+ int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r);
    +

    +

    +
    +

    DESCRIPTION

    +

    X509_sign() signs certificate x using private key pkey and message +digest md and sets the signature in x. X509_sign_ctx() also signs +certificate x but uses the parameters contained in digest context ctx.

    +

    X509_verify() verifies the signature of certificate x using public key +pkey. Only the signature is checked: no other checks (such as certificate +chain validity) are performed.

    +

    X509_REQ_sign(), X509_REQ_sign_ctx(), X509_REQ_verify(), +X509_CRL_sign(), X509_CRL_sign_ctx() and X509_CRL_verify() sign and verify +certificate requests and CRLs respectively.

    +

    +

    +
    +

    NOTES

    +

    X509_sign_ctx() is used where the default parameters for the corresponding +public key and digest are not suitable. It can be used to sign keys using +RSA-PSS for example.

    +

    For efficiency reasons and to work around ASN.1 encoding issues the encoding +of the signed portion of a certificate, certificate request and CRL is cached +internally. If the signed portion of the structure is modified the encoding +is not always updated meaning a stale version is sometimes used. This is not +normally a problem because modifying the signed portion will invalidate the +signature and signing will always update the encoding.

    +

    +

    +
    +

    RETURN VALUES

    +

    X509_sign(), X509_sign_ctx(), X509_REQ_sign(), X509_REQ_sign_ctx(), +X509_CRL_sign() and X509_CRL_sign_ctx() return the size of the signature +in bytes for success and zero for failure.

    +

    X509_verify(), X509_REQ_verify() and X509_CRL_verify() return 1 if the +signature is valid and 0 if the signature check fails. If the signature +could not be checked at all because it was invalid or some other error +occurred then -1 is returned.

    +

    +

    +
    +

    SEE ALSO

    +

    d2i_X509(3), +ERR_get_error(3), +X509_CRL_get0_by_serial(3), +X509_get0_signature(3), +X509_get_ext_d2i(3), +X509_get_extension_flags(3), +X509_get_pubkey(3), +X509_get_subject_name(3), +X509_get_version(3), +X509_NAME_add_entry_by_txt(3), +X509_NAME_ENTRY_get_object(3), +X509_NAME_get_index_by_NID(3), +X509_NAME_print_ex(3), +X509_new(3), +X509V3_get_d2i(3), +X509_verify_cert(3)

    +

    +

    +
    +

    HISTORY

    +

    The X509_sign(), X509_REQ_sign() and X509_CRL_sign() functions are +available in all versions of OpenSSL.

    +

    The X509_sign_ctx(), X509_REQ_sign_ctx() +and X509_CRL_sign_ctx() functions were added OpenSSL 1.0.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/X509_verify_cert.html b/linux_amd64/share/doc/openssl/html/man3/X509_verify_cert.html new file mode 100755 index 0000000..7b1ea18 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/X509_verify_cert.html @@ -0,0 +1,95 @@ + + + + +X509_verify_cert + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_verify_cert - discover and verify X509 certificate chain

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509.h>
    +
    + int X509_verify_cert(X509_STORE_CTX *ctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    The X509_verify_cert() function attempts to discover and validate a +certificate chain based on parameters in ctx. A complete description of +the process is contained in the openssl-verify(1) manual page.

    +

    Applications rarely call this function directly but it is used by +OpenSSL internally for certificate validation, in both the S/MIME and +SSL/TLS code.

    +

    A negative return value from X509_verify_cert() can occur if it is invoked +incorrectly, such as with no certificate set in ctx, or when it is called +twice in succession without reinitialising ctx for the second call. +A negative return value can also happen due to internal resource problems or if +a retry operation is requested during internal lookups (which never happens +with standard lookup methods). +Applications must check for <= 0 return value on error.

    +

    +

    +
    +

    RETURN VALUES

    +

    If a complete chain can be built and validated this function returns 1, +otherwise it return zero, in exceptional circumstances it can also +return a negative code.

    +

    If the function fails additional error information can be obtained by +examining ctx using, for example X509_STORE_CTX_get_error().

    +

    +

    +
    +

    BUGS

    +

    This function uses the header <x509.h >> +as opposed to most chain verification +functions which use <x509_vfy.h >>.

    +

    +

    +
    +

    SEE ALSO

    +

    X509_STORE_CTX_get_error(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/X509v3_get_ext_by_NID.html b/linux_amd64/share/doc/openssl/html/man3/X509v3_get_ext_by_NID.html new file mode 100755 index 0000000..9746773 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/X509v3_get_ext_by_NID.html @@ -0,0 +1,168 @@ + + + + +X509v3_get_ext_by_NID + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509v3_get_ext_count, X509v3_get_ext, X509v3_get_ext_by_NID, +X509v3_get_ext_by_OBJ, X509v3_get_ext_by_critical, X509v3_delete_ext, +X509v3_add_ext, X509_get_ext_count, X509_get_ext, +X509_get_ext_by_NID, X509_get_ext_by_OBJ, X509_get_ext_by_critical, +X509_delete_ext, X509_add_ext, X509_CRL_get_ext_count, X509_CRL_get_ext, +X509_CRL_get_ext_by_NID, X509_CRL_get_ext_by_OBJ, X509_CRL_get_ext_by_critical, +X509_CRL_delete_ext, X509_CRL_add_ext, X509_REVOKED_get_ext_count, +X509_REVOKED_get_ext, X509_REVOKED_get_ext_by_NID, X509_REVOKED_get_ext_by_OBJ, +X509_REVOKED_get_ext_by_critical, X509_REVOKED_delete_ext, +X509_REVOKED_add_ext - extension stack utility functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509.h>
    +
    + int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x);
+ X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc);
    +
    + int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x,
+                           int nid, int lastpos);
+ int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x,
+                           const ASN1_OBJECT *obj, int lastpos);
+ int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x,
+                                int crit, int lastpos);
+ X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc);
+ STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
+                                          X509_EXTENSION *ex, int loc);
    +
    + int X509_get_ext_count(const X509 *x);
+ X509_EXTENSION *X509_get_ext(const X509 *x, int loc);
+ int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos);
+ int X509_get_ext_by_OBJ(const X509 *x, const ASN1_OBJECT *obj, int lastpos);
+ int X509_get_ext_by_critical(const X509 *x, int crit, int lastpos);
+ X509_EXTENSION *X509_delete_ext(X509 *x, int loc);
+ int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc);
    +
    + int X509_CRL_get_ext_count(const X509_CRL *x);
+ X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc);
+ int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, int lastpos);
+ int X509_CRL_get_ext_by_OBJ(const X509_CRL *x, const ASN1_OBJECT *obj, int lastpos);
+ int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit, int lastpos);
+ X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc);
+ int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc);
    +
    + int X509_REVOKED_get_ext_count(const X509_REVOKED *x);
+ X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc);
+ int X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid, int lastpos);
+ int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x, const ASN1_OBJECT *obj,
+                                 int lastpos);
+ int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x, int crit, int lastpos);
+ X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc);
+ int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc);
    +

    +

    +
    +

    DESCRIPTION

    +

    X509v3_get_ext_count() retrieves the number of extensions in x.

    +

    X509v3_get_ext() retrieves extension loc from x. The index loc +can take any value from 0 to X509_get_ext_count(x) - 1. The returned +extension is an internal pointer which must not be freed up by the +application.

    +

    X509v3_get_ext_by_NID() and X509v3_get_ext_by_OBJ() look for an extension +with nid or obj from extension stack x. The search starts from the +extension after lastpos or from the beginning if <lastpos> is -1. If +the extension is found its index is returned otherwise -1 is returned.

    +

    X509v3_get_ext_by_critical() is similar to X509v3_get_ext_by_NID() except it +looks for an extension of criticality crit. A zero value for crit +looks for a non-critical extension a nonzero value looks for a critical +extension.

    +

    X509v3_delete_ext() deletes the extension with index loc from x. The +deleted extension is returned and must be freed by the caller. If loc +is in invalid index value NULL is returned.

    +

    X509v3_add_ext() adds extension ex to stack *x at position loc. If +loc is -1 the new extension is added to the end. If *x is NULL +a new stack will be allocated. The passed extension ex is duplicated +internally so it must be freed after use.

    +

    X509_get_ext_count(), X509_get_ext(), X509_get_ext_by_NID(), +X509_get_ext_by_OBJ(), X509_get_ext_by_critical(), X509_delete_ext() +and X509_add_ext() operate on the extensions of certificate x they are +otherwise identical to the X509v3 functions.

    +

    X509_CRL_get_ext_count(), X509_CRL_get_ext(), X509_CRL_get_ext_by_NID(), +X509_CRL_get_ext_by_OBJ(), X509_CRL_get_ext_by_critical(), +X509_CRL_delete_ext() and X509_CRL_add_ext() operate on the extensions of +CRL x they are otherwise identical to the X509v3 functions.

    +

    X509_REVOKED_get_ext_count(), X509_REVOKED_get_ext(), +X509_REVOKED_get_ext_by_NID(), X509_REVOKED_get_ext_by_OBJ(), +X509_REVOKED_get_ext_by_critical(), X509_REVOKED_delete_ext() and +X509_REVOKED_add_ext() operate on the extensions of CRL entry x +they are otherwise identical to the X509v3 functions.

    +

    +

    +
    +

    NOTES

    +

    These functions are used to examine stacks of extensions directly. Many +applications will want to parse or encode and add an extension: they should +use the extension encode and decode functions instead such as +X509_add1_ext_i2d() and X509_get_ext_d2i().

    +

    Extension indices start from zero, so a zero index return value is not an +error. These search functions start from the extension after the lastpos +parameter so it should initially be set to -1, if it is set to zero the +initial extension will not be checked.

    +

    +

    +
    +

    RETURN VALUES

    +

    X509v3_get_ext_count() returns the extension count.

    +

    X509v3_get_ext(), X509v3_delete_ext() and X509_delete_ext() return an +X509_EXTENSION pointer or NULL if an error occurs.

    +

    X509v3_get_ext_by_NID() X509v3_get_ext_by_OBJ() and +X509v3_get_ext_by_critical() return the an extension index or -1 if an +error occurs.

    +

    X509v3_add_ext() returns a stack of extensions or NULL on error.

    +

    X509_add_ext() returns 1 on success and 0 on error.

    +

    +

    +
    +

    SEE ALSO

    +

    X509V3_get_d2i(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/d2i_DHparams.html b/linux_amd64/share/doc/openssl/html/man3/d2i_DHparams.html new file mode 100755 index 0000000..86b365b --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/d2i_DHparams.html @@ -0,0 +1,77 @@ + + + + +d2i_DHparams + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    d2i_DHparams, i2d_DHparams - PKCS#3 DH parameter functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/dh.h>
    +
    + DH *d2i_DHparams(DH **a, unsigned char **pp, long length);
+ int i2d_DHparams(DH *a, unsigned char **pp);
    +

    +

    +
    +

    DESCRIPTION

    +

    These functions decode and encode PKCS#3 DH parameters using the +DHparameter structure described in PKCS#3.

    +

    Otherwise these behave in a similar way to d2i_X509() and i2d_X509() +described in the d2i_X509(3) manual page.

    +

    +

    +
    +

    RETURN VALUES

    +

    d2i_DHparams() returns a valid DH structure or NULL if an error occurred.

    +

    i2d_DHparams() returns the length of encoded data on success or a value which +is less than or equal to 0 on error.

    +

    +

    +
    +

    SEE ALSO

    +

    d2i_X509(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/d2i_PKCS8PrivateKey_bio.html b/linux_amd64/share/doc/openssl/html/man3/d2i_PKCS8PrivateKey_bio.html new file mode 100755 index 0000000..0b26170 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/d2i_PKCS8PrivateKey_bio.html @@ -0,0 +1,109 @@ + + + + +d2i_PKCS8PrivateKey_bio + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    d2i_PKCS8PrivateKey_bio, d2i_PKCS8PrivateKey_fp, +i2d_PKCS8PrivateKey_bio, i2d_PKCS8PrivateKey_fp, +i2d_PKCS8PrivateKey_nid_bio, i2d_PKCS8PrivateKey_nid_fp - PKCS#8 format private key functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u);
+ EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u);
    +
    + int i2d_PKCS8PrivateKey_bio(BIO *bp, const EVP_PKEY *x, const EVP_CIPHER *enc,
+                             char *kstr, int klen,
+                             pem_password_cb *cb, void *u);
    +
    + int i2d_PKCS8PrivateKey_fp(FILE *fp, const EVP_PKEY *x, const EVP_CIPHER *enc,
+                            char *kstr, int klen,
+                            pem_password_cb *cb, void *u);
    +
    + int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, const EVP_PKEY *x, int nid,
+                                 char *kstr, int klen,
+                                 pem_password_cb *cb, void *u);
    +
    + int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, const EVP_PKEY *x, int nid,
+                                char *kstr, int klen,
+                                pem_password_cb *cb, void *u);
    +

    +

    +
    +

    DESCRIPTION

    +

    The PKCS#8 functions encode and decode private keys in PKCS#8 format using both +PKCS#5 v1.5 and PKCS#5 v2.0 password based encryption algorithms.

    +

    Other than the use of DER as opposed to PEM these functions are identical to the +corresponding PEM function as described in PEM_read_PrivateKey(3).

    +

    +

    +
    +

    NOTES

    +

    These functions are currently the only way to store encrypted private keys using DER format.

    +

    Currently all the functions use BIOs or FILE pointers, there are no functions which +work directly on memory: this can be readily worked around by converting the buffers +to memory BIOs, see BIO_s_mem(3) for details.

    +

    These functions make no assumption regarding the pass phrase received from the +password callback. +It will simply be treated as a byte sequence.

    +

    +

    +
    +

    RETURN VALUES

    +

    d2i_PKCS8PrivateKey_bio() and d2i_PKCS8PrivateKey_fp() return a valid EVP_PKEY +structure or NULL if an error occurred.

    +

    i2d_PKCS8PrivateKey_bio(), i2d_PKCS8PrivateKey_fp(), i2d_PKCS8PrivateKey_nid_bio() +and i2d_PKCS8PrivateKey_nid_fp() return 1 on success or 0 on error.

    +

    +

    +
    +

    SEE ALSO

    +

    PEM_read_PrivateKey(3), +passphrase-encoding(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/d2i_PrivateKey.html b/linux_amd64/share/doc/openssl/html/man3/d2i_PrivateKey.html new file mode 100755 index 0000000..4f76e34 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/d2i_PrivateKey.html @@ -0,0 +1,123 @@ + + + + +d2i_PrivateKey + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    d2i_PrivateKey, d2i_PublicKey, d2i_KeyParams, d2i_AutoPrivateKey, +i2d_PrivateKey, i2d_PublicKey, i2d_KeyParams, i2d_KeyParams_bio, +d2i_PrivateKey_bio, d2i_PrivateKey_fp, d2i_KeyParams_bio +- decode and encode functions for reading and saving EVP_PKEY structures

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
+                          long length);
+ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp,
+                         long length);
+ EVP_PKEY *d2i_KeyParams(int type, EVP_PKEY **a, const unsigned char **pp,
+                         long length);
+ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
+                              long length);
    +
    + int i2d_PrivateKey(const EVP_PKEY *a, unsigned char **pp);
+ int i2d_PublicKey(const EVP_PKEY *a, unsigned char **pp);
+ int i2d_KeyParams(const EVP_PKEY *a, unsigned char **pp);
+ int i2d_KeyParams_bio(BIO *bp, const EVP_PKEY *pkey);
    +
    + EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
+ EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a)
+ EVP_PKEY *d2i_KeyParams_bio(int type, EVP_PKEY **a, BIO *in);
    +

    +

    +
    +

    DESCRIPTION

    +

    d2i_PrivateKey() decodes a private key using algorithm type. It attempts to +use any key specific format or PKCS#8 unencrypted PrivateKeyInfo format. The +type parameter should be a public key algorithm constant such as +EVP_PKEY_RSA. An error occurs if the decoded key does not match type. +d2i_PublicKey() does the same for public keys. +d2i_KeyParams() does the same for key parameters.

    +

    d2i_AutoPrivateKey() is similar to d2i_PrivateKey() except it attempts to +automatically detect the private key format.

    +

    i2d_PrivateKey() encodes key. It uses a key specific format or, if none is +defined for that key type, PKCS#8 unencrypted PrivateKeyInfo format. +i2d_PublicKey() does the same for public keys. +i2d_KeyParams() does the same for key parameters. +These functions are similar to the d2i_X509() functions; see d2i_X509(3).

    +

    +

    +
    +

    NOTES

    +

    All these functions use DER format and unencrypted keys. Applications wishing +to encrypt or decrypt private keys should use other functions such as +d2i_PKCS8PrivateKey() instead.

    +

    If the *a is not NULL when calling d2i_PrivateKey() or d2i_AutoPrivateKey() +(i.e. an existing structure is being reused) and the key format is PKCS#8 +then *a will be freed and replaced on a successful call.

    +

    To decode a key with type EVP_PKEY_EC, d2i_PublicKey() requires *a to be +a non-NULL EVP_PKEY structure assigned an EC_KEY structure referencing the proper +EC_GROUP.

    +

    +

    +
    +

    RETURN VALUES

    +

    The d2i_PrivateKey(), d2i_AutoPrivateKey(), d2i_PrivateKey_bio(), d2i_PrivateKey_fp(), +d2i_PublicKey(), d2i_KeyParams() and d2i_KeyParams_bio() functions return a valid +EVP_KEY structure or NULL if an error occurs. The error code can be +obtained by calling ERR_get_error(3).

    +

    i2d_PrivateKey(), i2d_PublicKey(), i2d_KeyParams() i2d_KeyParams_bio() return +the number of bytes successfully encoded or a negative value if an error occurs. +The error code can be obtained by calling ERR_get_error(3).

    +

    +

    +
    +

    SEE ALSO

    +

    crypto(7), +d2i_PKCS8PrivateKey_bio(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/d2i_SSL_SESSION.html b/linux_amd64/share/doc/openssl/html/man3/d2i_SSL_SESSION.html new file mode 100755 index 0000000..da9c0c5 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/d2i_SSL_SESSION.html @@ -0,0 +1,85 @@ + + + + +d2i_SSL_SESSION + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    d2i_SSL_SESSION, i2d_SSL_SESSION - convert SSL_SESSION object from/to ASN1 representation

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
+                              long length);
+ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp);
    +

    +

    +
    +

    DESCRIPTION

    +

    These functions decode and encode an SSL_SESSION object. +For encoding details see d2i_X509(3).

    +

    SSL_SESSION objects keep internal link information about the session cache +list, when being inserted into one SSL_CTX object's session cache. +One SSL_SESSION object, regardless of its reference count, must therefore +only be used with one SSL_CTX object (and the SSL objects created +from this SSL_CTX object).

    +

    +

    +
    +

    RETURN VALUES

    +

    d2i_SSL_SESSION() returns a pointer to the newly allocated SSL_SESSION +object. In case of failure the NULL-pointer is returned and the error message +can be retrieved from the error stack.

    +

    i2d_SSL_SESSION() returns the size of the ASN1 representation in bytes. +When the session is not valid, 0 is returned and no operation is performed.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_SESSION_free(3), +SSL_CTX_sess_set_get_cb(3), +d2i_X509(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/d2i_X509.html b/linux_amd64/share/doc/openssl/html/man3/d2i_X509.html new file mode 100755 index 0000000..2d70d4c --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/d2i_X509.html @@ -0,0 +1,676 @@ + + + + +d2i_X509 + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    d2i_ACCESS_DESCRIPTION, +d2i_ADMISSIONS, +d2i_ADMISSION_SYNTAX, +d2i_ASIdOrRange, +d2i_ASIdentifierChoice, +d2i_ASIdentifiers, +d2i_ASN1_BIT_STRING, +d2i_ASN1_BMPSTRING, +d2i_ASN1_ENUMERATED, +d2i_ASN1_GENERALIZEDTIME, +d2i_ASN1_GENERALSTRING, +d2i_ASN1_IA5STRING, +d2i_ASN1_INTEGER, +d2i_ASN1_NULL, +d2i_ASN1_OBJECT, +d2i_ASN1_OCTET_STRING, +d2i_ASN1_PRINTABLE, +d2i_ASN1_PRINTABLESTRING, +d2i_ASN1_SEQUENCE_ANY, +d2i_ASN1_SET_ANY, +d2i_ASN1_T61STRING, +d2i_ASN1_TIME, +d2i_ASN1_TYPE, +d2i_ASN1_UINTEGER, +d2i_ASN1_UNIVERSALSTRING, +d2i_ASN1_UTCTIME, +d2i_ASN1_UTF8STRING, +d2i_ASN1_VISIBLESTRING, +d2i_ASRange, +d2i_AUTHORITY_INFO_ACCESS, +d2i_AUTHORITY_KEYID, +d2i_BASIC_CONSTRAINTS, +d2i_CERTIFICATEPOLICIES, +d2i_CMS_ContentInfo, +d2i_CMS_ReceiptRequest, +d2i_CMS_bio, +d2i_CRL_DIST_POINTS, +d2i_DHxparams, +d2i_DIRECTORYSTRING, +d2i_DISPLAYTEXT, +d2i_DIST_POINT, +d2i_DIST_POINT_NAME, +d2i_DSAPrivateKey, +d2i_DSAPrivateKey_bio, +d2i_DSAPrivateKey_fp, +d2i_DSAPublicKey, +d2i_DSA_PUBKEY, +d2i_DSA_PUBKEY_bio, +d2i_DSA_PUBKEY_fp, +d2i_DSA_SIG, +d2i_DSAparams, +d2i_ECDSA_SIG, +d2i_ECPKParameters, +d2i_ECParameters, +d2i_ECPrivateKey, +d2i_ECPrivateKey_bio, +d2i_ECPrivateKey_fp, +d2i_EC_PUBKEY, +d2i_EC_PUBKEY_bio, +d2i_EC_PUBKEY_fp, +d2i_EDIPARTYNAME, +d2i_ESS_CERT_ID, +d2i_ESS_CERT_ID_V2, +d2i_ESS_ISSUER_SERIAL, +d2i_ESS_SIGNING_CERT, +d2i_ESS_SIGNING_CERT_V2, +d2i_EXTENDED_KEY_USAGE, +d2i_GENERAL_NAME, +d2i_GENERAL_NAMES, +d2i_IPAddressChoice, +d2i_IPAddressFamily, +d2i_IPAddressOrRange, +d2i_IPAddressRange, +d2i_ISSUING_DIST_POINT, +d2i_NAMING_AUTHORITY, +d2i_NETSCAPE_CERT_SEQUENCE, +d2i_NETSCAPE_SPKAC, +d2i_NETSCAPE_SPKI, +d2i_NOTICEREF, +d2i_OCSP_BASICRESP, +d2i_OCSP_CERTID, +d2i_OCSP_CERTSTATUS, +d2i_OCSP_CRLID, +d2i_OCSP_ONEREQ, +d2i_OCSP_REQINFO, +d2i_OCSP_REQUEST, +d2i_OCSP_RESPBYTES, +d2i_OCSP_RESPDATA, +d2i_OCSP_RESPID, +d2i_OCSP_RESPONSE, +d2i_OCSP_REVOKEDINFO, +d2i_OCSP_SERVICELOC, +d2i_OCSP_SIGNATURE, +d2i_OCSP_SINGLERESP, +d2i_OSSL_CMP_MSG, +d2i_OSSL_CMP_PKIHEADER, +d2i_OSSL_CRMF_CERTID, +d2i_OSSL_CRMF_CERTTEMPLATE, +d2i_OSSL_CRMF_ENCRYPTEDVALUE, +d2i_OSSL_CRMF_MSG, +d2i_OSSL_CRMF_MSGS, +d2i_OSSL_CRMF_PBMPARAMETER, +d2i_OSSL_CRMF_PKIPUBLICATIONINFO, +d2i_OSSL_CRMF_SINGLEPUBINFO, +d2i_OTHERNAME, +d2i_PBE2PARAM, +d2i_PBEPARAM, +d2i_PBKDF2PARAM, +d2i_PKCS12, +d2i_PKCS12_BAGS, +d2i_PKCS12_MAC_DATA, +d2i_PKCS12_SAFEBAG, +d2i_PKCS12_bio, +d2i_PKCS12_fp, +d2i_PKCS7, +d2i_PKCS7_DIGEST, +d2i_PKCS7_ENCRYPT, +d2i_PKCS7_ENC_CONTENT, +d2i_PKCS7_ENVELOPE, +d2i_PKCS7_ISSUER_AND_SERIAL, +d2i_PKCS7_RECIP_INFO, +d2i_PKCS7_SIGNED, +d2i_PKCS7_SIGNER_INFO, +d2i_PKCS7_SIGN_ENVELOPE, +d2i_PKCS7_bio, +d2i_PKCS7_fp, +d2i_PKCS8_PRIV_KEY_INFO, +d2i_PKCS8_PRIV_KEY_INFO_bio, +d2i_PKCS8_PRIV_KEY_INFO_fp, +d2i_PKCS8_bio, +d2i_PKCS8_fp, +d2i_PKEY_USAGE_PERIOD, +d2i_POLICYINFO, +d2i_POLICYQUALINFO, +d2i_PROFESSION_INFO, +d2i_PROXY_CERT_INFO_EXTENSION, +d2i_PROXY_POLICY, +d2i_RSAPrivateKey, +d2i_RSAPrivateKey_bio, +d2i_RSAPrivateKey_fp, +d2i_RSAPublicKey, +d2i_RSAPublicKey_bio, +d2i_RSAPublicKey_fp, +d2i_RSA_OAEP_PARAMS, +d2i_RSA_PSS_PARAMS, +d2i_RSA_PUBKEY, +d2i_RSA_PUBKEY_bio, +d2i_RSA_PUBKEY_fp, +d2i_SCRYPT_PARAMS, +d2i_SCT_LIST, +d2i_SXNET, +d2i_SXNETID, +d2i_TS_ACCURACY, +d2i_TS_MSG_IMPRINT, +d2i_TS_MSG_IMPRINT_bio, +d2i_TS_MSG_IMPRINT_fp, +d2i_TS_REQ, +d2i_TS_REQ_bio, +d2i_TS_REQ_fp, +d2i_TS_RESP, +d2i_TS_RESP_bio, +d2i_TS_RESP_fp, +d2i_TS_STATUS_INFO, +d2i_TS_TST_INFO, +d2i_TS_TST_INFO_bio, +d2i_TS_TST_INFO_fp, +d2i_USERNOTICE, +d2i_X509, +d2i_X509_ALGOR, +d2i_X509_ALGORS, +d2i_X509_ATTRIBUTE, +d2i_X509_CERT_AUX, +d2i_X509_CINF, +d2i_X509_CRL, +d2i_X509_CRL_INFO, +d2i_X509_CRL_bio, +d2i_X509_CRL_fp, +d2i_X509_EXTENSION, +d2i_X509_EXTENSIONS, +d2i_X509_NAME, +d2i_X509_NAME_ENTRY, +d2i_X509_PUBKEY, +d2i_X509_PUBKEY_bio, +d2i_X509_PUBKEY_fp, +d2i_X509_REQ, +d2i_X509_REQ_INFO, +d2i_X509_REQ_bio, +d2i_X509_REQ_fp, +d2i_X509_REVOKED, +d2i_X509_SIG, +d2i_X509_VAL, +i2d_ACCESS_DESCRIPTION, +i2d_ADMISSIONS, +i2d_ADMISSION_SYNTAX, +i2d_ASIdOrRange, +i2d_ASIdentifierChoice, +i2d_ASIdentifiers, +i2d_ASN1_BIT_STRING, +i2d_ASN1_BMPSTRING, +i2d_ASN1_ENUMERATED, +i2d_ASN1_GENERALIZEDTIME, +i2d_ASN1_GENERALSTRING, +i2d_ASN1_IA5STRING, +i2d_ASN1_INTEGER, +i2d_ASN1_NULL, +i2d_ASN1_OBJECT, +i2d_ASN1_OCTET_STRING, +i2d_ASN1_PRINTABLE, +i2d_ASN1_PRINTABLESTRING, +i2d_ASN1_SEQUENCE_ANY, +i2d_ASN1_SET_ANY, +i2d_ASN1_T61STRING, +i2d_ASN1_TIME, +i2d_ASN1_TYPE, +i2d_ASN1_UNIVERSALSTRING, +i2d_ASN1_UTCTIME, +i2d_ASN1_UTF8STRING, +i2d_ASN1_VISIBLESTRING, +i2d_ASN1_bio_stream, +i2d_ASRange, +i2d_AUTHORITY_INFO_ACCESS, +i2d_AUTHORITY_KEYID, +i2d_BASIC_CONSTRAINTS, +i2d_CERTIFICATEPOLICIES, +i2d_CMS_ContentInfo, +i2d_CMS_ReceiptRequest, +i2d_CMS_bio, +i2d_CRL_DIST_POINTS, +i2d_DHxparams, +i2d_DIRECTORYSTRING, +i2d_DISPLAYTEXT, +i2d_DIST_POINT, +i2d_DIST_POINT_NAME, +i2d_DSAPrivateKey, +i2d_DSAPrivateKey_bio, +i2d_DSAPrivateKey_fp, +i2d_DSAPublicKey, +i2d_DSA_PUBKEY, +i2d_DSA_PUBKEY_bio, +i2d_DSA_PUBKEY_fp, +i2d_DSA_SIG, +i2d_DSAparams, +i2d_ECDSA_SIG, +i2d_ECPKParameters, +i2d_ECParameters, +i2d_ECPrivateKey, +i2d_ECPrivateKey_bio, +i2d_ECPrivateKey_fp, +i2d_EC_PUBKEY, +i2d_EC_PUBKEY_bio, +i2d_EC_PUBKEY_fp, +i2d_EDIPARTYNAME, +i2d_ESS_CERT_ID, +i2d_ESS_CERT_ID_V2, +i2d_ESS_ISSUER_SERIAL, +i2d_ESS_SIGNING_CERT, +i2d_ESS_SIGNING_CERT_V2, +i2d_EXTENDED_KEY_USAGE, +i2d_GENERAL_NAME, +i2d_GENERAL_NAMES, +i2d_IPAddressChoice, +i2d_IPAddressFamily, +i2d_IPAddressOrRange, +i2d_IPAddressRange, +i2d_ISSUING_DIST_POINT, +i2d_NAMING_AUTHORITY, +i2d_NETSCAPE_CERT_SEQUENCE, +i2d_NETSCAPE_SPKAC, +i2d_NETSCAPE_SPKI, +i2d_NOTICEREF, +i2d_OCSP_BASICRESP, +i2d_OCSP_CERTID, +i2d_OCSP_CERTSTATUS, +i2d_OCSP_CRLID, +i2d_OCSP_ONEREQ, +i2d_OCSP_REQINFO, +i2d_OCSP_REQUEST, +i2d_OCSP_RESPBYTES, +i2d_OCSP_RESPDATA, +i2d_OCSP_RESPID, +i2d_OCSP_RESPONSE, +i2d_OCSP_REVOKEDINFO, +i2d_OCSP_SERVICELOC, +i2d_OCSP_SIGNATURE, +i2d_OCSP_SINGLERESP, +i2d_OSSL_CMP_MSG, +i2d_OSSL_CMP_PKIHEADER, +i2d_OSSL_CRMF_CERTID, +i2d_OSSL_CRMF_CERTTEMPLATE, +i2d_OSSL_CRMF_ENCRYPTEDVALUE, +i2d_OSSL_CRMF_MSG, +i2d_OSSL_CRMF_MSGS, +i2d_OSSL_CRMF_PBMPARAMETER, +i2d_OSSL_CRMF_PKIPUBLICATIONINFO, +i2d_OSSL_CRMF_SINGLEPUBINFO, +i2d_OTHERNAME, +i2d_PBE2PARAM, +i2d_PBEPARAM, +i2d_PBKDF2PARAM, +i2d_PKCS12, +i2d_PKCS12_BAGS, +i2d_PKCS12_MAC_DATA, +i2d_PKCS12_SAFEBAG, +i2d_PKCS12_bio, +i2d_PKCS12_fp, +i2d_PKCS7, +i2d_PKCS7_DIGEST, +i2d_PKCS7_ENCRYPT, +i2d_PKCS7_ENC_CONTENT, +i2d_PKCS7_ENVELOPE, +i2d_PKCS7_ISSUER_AND_SERIAL, +i2d_PKCS7_NDEF, +i2d_PKCS7_RECIP_INFO, +i2d_PKCS7_SIGNED, +i2d_PKCS7_SIGNER_INFO, +i2d_PKCS7_SIGN_ENVELOPE, +i2d_PKCS7_bio, +i2d_PKCS7_fp, +i2d_PKCS8PrivateKeyInfo_bio, +i2d_PKCS8PrivateKeyInfo_fp, +i2d_PKCS8_PRIV_KEY_INFO, +i2d_PKCS8_PRIV_KEY_INFO_bio, +i2d_PKCS8_PRIV_KEY_INFO_fp, +i2d_PKCS8_bio, +i2d_PKCS8_fp, +i2d_PKEY_USAGE_PERIOD, +i2d_POLICYINFO, +i2d_POLICYQUALINFO, +i2d_PROFESSION_INFO, +i2d_PROXY_CERT_INFO_EXTENSION, +i2d_PROXY_POLICY, +i2d_RSAPrivateKey, +i2d_RSAPrivateKey_bio, +i2d_RSAPrivateKey_fp, +i2d_RSAPublicKey, +i2d_RSAPublicKey_bio, +i2d_RSAPublicKey_fp, +i2d_RSA_OAEP_PARAMS, +i2d_RSA_PSS_PARAMS, +i2d_RSA_PUBKEY, +i2d_RSA_PUBKEY_bio, +i2d_RSA_PUBKEY_fp, +i2d_SCRYPT_PARAMS, +i2d_SCT_LIST, +i2d_SXNET, +i2d_SXNETID, +i2d_TS_ACCURACY, +i2d_TS_MSG_IMPRINT, +i2d_TS_MSG_IMPRINT_bio, +i2d_TS_MSG_IMPRINT_fp, +i2d_TS_REQ, +i2d_TS_REQ_bio, +i2d_TS_REQ_fp, +i2d_TS_RESP, +i2d_TS_RESP_bio, +i2d_TS_RESP_fp, +i2d_TS_STATUS_INFO, +i2d_TS_TST_INFO, +i2d_TS_TST_INFO_bio, +i2d_TS_TST_INFO_fp, +i2d_USERNOTICE, +i2d_X509, +i2d_X509_ALGOR, +i2d_X509_ALGORS, +i2d_X509_ATTRIBUTE, +i2d_X509_CERT_AUX, +i2d_X509_CINF, +i2d_X509_CRL, +i2d_X509_CRL_INFO, +i2d_X509_CRL_bio, +i2d_X509_CRL_fp, +i2d_X509_EXTENSION, +i2d_X509_EXTENSIONS, +i2d_X509_NAME, +i2d_X509_NAME_ENTRY, +i2d_X509_PUBKEY, +i2d_X509_PUBKEY_bio, +i2d_X509_PUBKEY_fp, +i2d_X509_REQ, +i2d_X509_REQ_INFO, +i2d_X509_REQ_bio, +i2d_X509_REQ_fp, +i2d_X509_REVOKED, +i2d_X509_SIG, +i2d_X509_VAL, +- convert objects from/to ASN.1/DER representation

    +

    +

    +
    +

    SYNOPSIS

    +
    + TYPE *d2i_TYPE(TYPE **a, unsigned char **ppin, long length);
+ TYPE *d2i_TYPE_bio(BIO *bp, TYPE **a);
+ TYPE *d2i_TYPE_fp(FILE *fp, TYPE **a);
    +
    + int i2d_TYPE(const TYPE *a, unsigned char **ppout);
+ int i2d_TYPE(TYPE *a, unsigned char **ppout);
+ int i2d_TYPE_fp(FILE *fp, const TYPE *a);
+ int i2d_TYPE_fp(FILE *fp, TYPE *a);
+ int i2d_TYPE_bio(BIO *bp, const TYPE *a);
+ int i2d_TYPE_bio(BIO *bp, TYPE *a);
    +

    +

    +
    +

    DESCRIPTION

    +

    In the description here, TYPE is used a placeholder +for any of the OpenSSL datatypes, such as X509_CRL. +The function parameters ppin and ppout are generally +either both named pp in the headers, or in and out.

    +

    These functions convert OpenSSL objects to and from their ASN.1/DER +encoding. Unlike the C structures which can have pointers to sub-objects +within, the DER is a serialized encoding, suitable for sending over the +network, writing to a file, and so on.

    +

    d2i_TYPE() attempts to decode len bytes at *ppin. If successful a +pointer to the TYPE structure is returned and *ppin is incremented to +the byte following the parsed data. If a is not NULL then a pointer +to the returned structure is also written to *a. If an error occurred +then NULL is returned.

    +

    On a successful return, if *a is not NULL then it is assumed that *a +contains a valid TYPE structure and an attempt is made to reuse it. This +"reuse" capability is present for historical compatibility but its use is +strongly discouraged (see BUGS below, and the discussion in the RETURN +VALUES section).

    +

    d2i_TYPE_bio() is similar to d2i_TYPE() except it attempts +to parse data from BIO bp.

    +

    d2i_TYPE_fp() is similar to d2i_TYPE() except it attempts +to parse data from FILE pointer fp.

    +

    i2d_TYPE() encodes the structure pointed to by a into DER format. +If ppout is not NULL, it writes the DER encoded data to the buffer +at *ppout, and increments it to point after the data just written. +If the return value is negative an error occurred, otherwise it +returns the length of the encoded data.

    +

    If *ppout is NULL memory will be allocated for a buffer and the encoded +data written to it. In this case *ppout is not incremented and it points +to the start of the data just written.

    +

    i2d_TYPE_bio() is similar to i2d_TYPE() except it writes +the encoding of the structure a to BIO bp and it +returns 1 for success and 0 for failure.

    +

    i2d_TYPE_fp() is similar to i2d_TYPE() except it writes +the encoding of the structure a to BIO bp and it +returns 1 for success and 0 for failure.

    +

    These routines do not encrypt private keys and therefore offer no +security; use PEM_write_PrivateKey(3) or similar for writing to files.

    +

    +

    +
    +

    NOTES

    +

    The letters i and d in i2d_TYPE() stand for +"internal" (that is, an internal C structure) and "DER" respectively. +So i2d_TYPE() converts from internal to DER.

    +

    The functions can also understand BER forms.

    +

    The actual TYPE structure passed to i2d_TYPE() must be a valid +populated TYPE structure -- it cannot simply be fed with an +empty structure such as that returned by TYPE_new().

    +

    The encoded data is in binary form and may contain embedded zeros. +Therefore any FILE pointers or BIOs should be opened in binary mode. +Functions such as strlen() will not return the correct length +of the encoded structure.

    +

    The ways that *ppin and *ppout are incremented after the operation +can trap the unwary. See the WARNINGS section for some common +errors. +The reason for this-auto increment behaviour is to reflect a typical +usage of ASN1 functions: after one structure is encoded or decoded +another will be processed after it.

    +

    The following points about the data types might be useful:

    +
    +
    ASN1_OBJECT
    + +
    +

    Represents an ASN1 OBJECT IDENTIFIER.

    +
    +
    DHparams
    + +
    +

    Represents a PKCS#3 DH parameters structure.

    +
    +
    DHxparams
    + +
    +

    Represents an ANSI X9.42 DH parameters structure.

    +
    +
    DSA_PUBKEY
    + +
    +

    Represents a DSA public key using a SubjectPublicKeyInfo structure.

    +
    +
    DSAPublicKey, DSAPrivateKey
    + +
    +

    Use a non-standard OpenSSL format and should be avoided; use DSA_PUBKEY, +PEM_write_PrivateKey(3), or similar instead.

    +
    +
    ECDSA_SIG
    + +
    +

    Represents an ECDSA signature.

    +
    +
    RSAPublicKey
    + +
    +

    Represents a PKCS#1 RSA public key structure.

    +
    +
    X509_ALGOR
    + +
    +

    Represents an AlgorithmIdentifier structure as used in IETF RFC 6960 and +elsewhere.

    +
    +
    X509_Name
    + +
    +

    Represents a Name type as used for subject and issuer names in +IETF RFC 6960 and elsewhere.

    +
    +
    X509_REQ
    + +
    +

    Represents a PKCS#10 certificate request.

    +
    +
    X509_SIG
    + +
    +

    Represents the DigestInfo structure defined in PKCS#1 and PKCS#7.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    d2i_TYPE(), d2i_TYPE_bio() and d2i_TYPE_fp() return a valid +TYPE structure or NULL if an error occurs. If the "reuse" capability has +been used with a valid structure being passed in via a, then the object is +freed in the event of error and *a is set to NULL.

    +

    i2d_TYPE() returns the number of bytes successfully encoded or a negative +value if an error occurs.

    +

    i2d_TYPE_bio() and i2d_TYPE_fp() return 1 for success and 0 if an +error occurs.

    +

    +

    +
    +

    EXAMPLES

    +

    Allocate and encode the DER encoding of an X509 structure:

    +
    + int len;
+ unsigned char *buf;
    +
    + buf = NULL;
+ len = i2d_X509(x, &buf);
+ if (len < 0)
+     /* error */
    +

    Attempt to decode a buffer:

    +
    + X509 *x;
+ unsigned char *buf, *p;
+ int len;
    +
    + /* Set up buf and len to point to the input buffer. */
+ p = buf;
+ x = d2i_X509(NULL, &p, len);
+ if (x == NULL)
+     /* error */
    +

    Alternative technique:

    +
    + X509 *x;
+ unsigned char *buf, *p;
+ int len;
    +
    + /* Set up buf and len to point to the input buffer. */
+ p = buf;
+ x = NULL;
    +
    + if (d2i_X509(&x, &p, len) == NULL)
+     /* error */
    +

    +

    +
    +

    WARNINGS

    +

    Using a temporary variable is mandatory. A common +mistake is to attempt to use a buffer directly as follows:

    +
    + int len;
+ unsigned char *buf;
    +
    + len = i2d_X509(x, NULL);
+ buf = OPENSSL_malloc(len);
+ ...
+ i2d_X509(x, &buf);
+ ...
+ OPENSSL_free(buf);
    +

    This code will result in buf apparently containing garbage because +it was incremented after the call to point after the data just written. +Also buf will no longer contain the pointer allocated by OPENSSL_malloc() +and the subsequent call to OPENSSL_free() is likely to crash.

    +

    Another trap to avoid is misuse of the a argument to d2i_TYPE():

    +
    + X509 *x;
    +
    + if (d2i_X509(&x, &p, len) == NULL)
+     /* error */
    +

    This will probably crash somewhere in d2i_X509(). The reason for this +is that the variable x is uninitialized and an attempt will be made to +interpret its (invalid) value as an X509 structure, typically causing +a segmentation violation. If x is set to NULL first then this will not +happen.

    +

    +

    +
    +

    BUGS

    +

    In some versions of OpenSSL the "reuse" behaviour of d2i_TYPE() when +*a is valid is broken and some parts of the reused structure may +persist if they are not present in the new one. Additionally, in versions of +OpenSSL prior to 1.1.0, when the "reuse" behaviour is used and an error occurs +the behaviour is inconsistent. Some functions behaved as described here, while +some did not free *a on error and did not set *a to NULL.

    +

    As a result of the above issues the "reuse" behaviour is strongly discouraged.

    +

    i2d_TYPE() will not return an error in many versions of OpenSSL, +if mandatory fields are not initialized due to a programming error +then the encoded structure may contain invalid data or omit the +fields entirely and will not be parsed by d2i_TYPE(). This may be +fixed in future so code should not assume that i2d_TYPE() will +always succeed.

    +

    Any function which encodes a structure (i2d_TYPE(), +i2d_TYPE() or i2d_TYPE()) may return a stale encoding if the +structure has been modified after deserialization or previous +serialization. This is because some objects cache the encoding for +efficiency reasons.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/i2d_CMS_bio_stream.html b/linux_amd64/share/doc/openssl/html/man3/i2d_CMS_bio_stream.html new file mode 100755 index 0000000..b353b23 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/i2d_CMS_bio_stream.html @@ -0,0 +1,95 @@ + + + + +i2d_CMS_bio_stream + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    i2d_CMS_bio_stream - output CMS_ContentInfo structure in BER format

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/cms.h>
    +
    + int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *data, int flags);
    +

    +

    +
    +

    DESCRIPTION

    +

    i2d_CMS_bio_stream() outputs a CMS_ContentInfo structure in BER format.

    +

    It is otherwise identical to the function SMIME_write_CMS().

    +

    +

    +
    +

    NOTES

    +

    This function is effectively a version of the i2d_CMS_bio() supporting +streaming.

    +

    +

    +
    +

    BUGS

    +

    The prefix "i2d" is arguably wrong because the function outputs BER format.

    +

    +

    +
    +

    RETURN VALUES

    +

    i2d_CMS_bio_stream() returns 1 for success or 0 for failure.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), CMS_sign(3), +CMS_verify(3), CMS_encrypt(3) +CMS_decrypt(3), +SMIME_write_CMS(3), +PEM_write_bio_CMS_stream(3)

    +

    +

    +
    +

    HISTORY

    +

    The i2d_CMS_bio_stream() function was added in OpenSSL 1.0.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/i2d_PKCS7_bio_stream.html b/linux_amd64/share/doc/openssl/html/man3/i2d_PKCS7_bio_stream.html new file mode 100755 index 0000000..62faed2 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/i2d_PKCS7_bio_stream.html @@ -0,0 +1,95 @@ + + + + +i2d_PKCS7_bio_stream + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    i2d_PKCS7_bio_stream - output PKCS7 structure in BER format

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/pkcs7.h>
    +
    + int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *data, int flags);
    +

    +

    +
    +

    DESCRIPTION

    +

    i2d_PKCS7_bio_stream() outputs a PKCS7 structure in BER format.

    +

    It is otherwise identical to the function SMIME_write_PKCS7().

    +

    +

    +
    +

    NOTES

    +

    This function is effectively a version of the d2i_PKCS7_bio() supporting +streaming.

    +

    +

    +
    +

    BUGS

    +

    The prefix "i2d" is arguably wrong because the function outputs BER format.

    +

    +

    +
    +

    RETURN VALUES

    +

    i2d_PKCS7_bio_stream() returns 1 for success or 0 for failure.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), PKCS7_sign(3), +PKCS7_verify(3), PKCS7_encrypt(3) +PKCS7_decrypt(3), +SMIME_write_PKCS7(3), +PEM_write_bio_PKCS7_stream(3)

    +

    +

    +
    +

    HISTORY

    +

    The i2d_PKCS7_bio_stream() function was added in OpenSSL 1.0.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/i2d_re_X509_tbs.html b/linux_amd64/share/doc/openssl/html/man3/i2d_re_X509_tbs.html new file mode 100755 index 0000000..9b66628 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/i2d_re_X509_tbs.html @@ -0,0 +1,118 @@ + + + + +i2d_re_X509_tbs + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    d2i_X509_AUX, i2d_X509_AUX, +i2d_re_X509_tbs, i2d_re_X509_CRL_tbs, i2d_re_X509_REQ_tbs +- X509 encode and decode functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509.h>
    +
    + X509 *d2i_X509_AUX(X509 **px, const unsigned char **in, long len);
+ int i2d_X509_AUX(X509 *x, unsigned char **out);
+ int i2d_re_X509_tbs(X509 *x, unsigned char **out);
+ int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **pp);
+ int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp);
    +

    +

    +
    +

    DESCRIPTION

    +

    The X509 encode and decode routines encode and parse an +X509 structure, which represents an X509 certificate.

    +

    d2i_X509_AUX() is similar to d2i_X509(3) but the input is expected to +consist of an X509 certificate followed by auxiliary trust information. +This is used by the PEM routines to read "TRUSTED CERTIFICATE" objects. +This function should not be called on untrusted input.

    +

    i2d_X509_AUX() is similar to i2d_X509(3), but the encoded output +contains both the certificate and any auxiliary trust information. +This is used by the PEM routines to write "TRUSTED CERTIFICATE" objects. +Note that this is a non-standard OpenSSL-specific data format.

    +

    i2d_re_X509_tbs() is similar to i2d_X509(3) except it encodes only +the TBSCertificate portion of the certificate. i2d_re_X509_CRL_tbs() +and i2d_re_X509_REQ_tbs() are analogous for CRL and certificate request, +respectively. The "re" in i2d_re_X509_tbs stands for "re-encode", +and ensures that a fresh encoding is generated in case the object has been +modified after creation (see the BUGS section).

    +

    The encoding of the TBSCertificate portion of a certificate is cached +in the X509 structure internally to improve encoding performance +and to ensure certificate signatures are verified correctly in some +certificates with broken (non-DER) encodings.

    +

    If, after modification, the X509 object is re-signed with X509_sign(), +the encoding is automatically renewed. Otherwise, the encoding of the +TBSCertificate portion of the X509 can be manually renewed by calling +i2d_re_X509_tbs().

    +

    +

    +
    +

    RETURN VALUES

    +

    d2i_X509_AUX() returns a valid X509 structure or NULL if an error occurred.

    +

    i2d_X509_AUX() returns the length of encoded data or -1 on error.

    +

    i2d_re_X509_tbs(), i2d_re_X509_CRL_tbs() and i2d_re_X509_REQ_tbs() return the +length of encoded data or 0 on error.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3) +X509_CRL_get0_by_serial(3), +X509_get0_signature(3), +X509_get_ext_d2i(3), +X509_get_extension_flags(3), +X509_get_pubkey(3), +X509_get_subject_name(3), +X509_get_version(3), +X509_NAME_add_entry_by_txt(3), +X509_NAME_ENTRY_get_object(3), +X509_NAME_get_index_by_NID(3), +X509_NAME_print_ex(3), +X509_new(3), +X509_sign(3), +X509V3_get_d2i(3), +X509_verify_cert(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/o2i_SCT_LIST.html b/linux_amd64/share/doc/openssl/html/man3/o2i_SCT_LIST.html new file mode 100755 index 0000000..a442549 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/o2i_SCT_LIST.html @@ -0,0 +1,88 @@ + + + + +o2i_SCT_LIST + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    o2i_SCT_LIST, i2o_SCT_LIST, o2i_SCT, i2o_SCT - +decode and encode Signed Certificate Timestamp lists in TLS wire format

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ct.h>
    +
    + STACK_OF(SCT) *o2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp,
+                             size_t len);
+ int i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp);
+ SCT *o2i_SCT(SCT **psct, const unsigned char **in, size_t len);
+ int i2o_SCT(const SCT *sct, unsigned char **out);
    +

    +

    +
    +

    DESCRIPTION

    +

    The SCT_LIST and SCT functions are very similar to the i2d and d2i family of +functions, except that they convert to and from TLS wire format, as described in +RFC 6962. See d2i_SCT_LIST(3) for more information about how the parameters are +treated and the return values.

    +

    +

    +
    +

    RETURN VALUES

    +

    All of the functions have return values consistent with those stated for +d2i_SCT_LIST(3) and i2d_SCT_LIST(3).

    +

    +

    +
    +

    SEE ALSO

    +

    ct(7), +d2i_SCT_LIST(3), +i2d_SCT_LIST(3)

    +

    +

    +
    +

    HISTORY

    +

    These functions were added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man3/s2i_ASN1_IA5STRING.html b/linux_amd64/share/doc/openssl/html/man3/s2i_ASN1_IA5STRING.html new file mode 100755 index 0000000..bc1233b --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man3/s2i_ASN1_IA5STRING.html @@ -0,0 +1,109 @@ + + + + +s2i_ASN1_IA5STRING + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    i2s_ASN1_IA5STRING, +s2i_ASN1_IA5STRING, +i2s_ASN1_INTEGER, +s2i_ASN1_INTEGER, +i2s_ASN1_OCTET_STRING, +s2i_ASN1_OCTET_STRING, +i2s_ASN1_ENUMERATED, +i2s_ASN1_ENUMERATED_TABLE, +- convert objects from/to ASN.1/string representation

    +

    +

    +
    +

    SYNOPSIS

    +
    + char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5);
+ ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
+                                   X509V3_CTX *ctx, const char *str);
+ char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, const ASN1_INTEGER *a);
+ ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, const char *value);
+ char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
+                            const ASN1_OCTET_STRING *oct);
+ ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
+                                         X509V3_CTX *ctx, const char *str);
+ char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *method, const ASN1_ENUMERATED *a);
+ char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method,
+                                const ASN1_ENUMERATED *e);
    +

    +

    +
    +

    DESCRIPTION

    +

    These functions convert OpenSSL objects to and from their ASN.1/string +representation. This function is used for X509v3 extentions.

    +

    +

    +
    +

    NOTES

    +

    The letters i and s in i2s_ASN1_IA5STRING() stand for +"internal" (that is, an internal C structure) and string respectively. +So i2s_ASN1_IA5STRING() converts from internal to string.

    +

    It is the caller's responsibility to free the returned string. +In the i2s_ASN1_IA5STRING() function the string is copied and +the ownership of the original string remains with the caller.

    +

    +

    +
    +

    RETURN VALUES

    +

    i2s_ASN1_IA5STRING() returns the pointer to a IA5 string +or NULL if an error occurs.

    +

    s2i_ASN1_IA5STRING() return a valid +ASN1_IA5STRING structure or NULL if an error occurs.

    +

    i2s_ASN1_INTEGER() return a valid +string or NULL if an error occurs.

    +

    s2i_ASN1_INTEGER() returns the pointer to a ASN1_INTEGER +structure or NULL if an error occurs.

    +

    i2s_ASN1_OCTET_STRING() returns the pointer to a OCTET_STRING string +or NULL if an error occurs.

    +

    s2i_ASN1_OCTET_STRING() return a valid +ASN1_OCTET_STRING structure or NULL if an error occurs.

    +

    i2s_ASN1_ENUMERATED() return a valid +string or NULL if an error occurs.

    +

    s2i_ASN1_ENUMERATED() returns the pointer to a ASN1_ENUMERATED +structure or NULL if an error occurs.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man5/config.html b/linux_amd64/share/doc/openssl/html/man5/config.html new file mode 100755 index 0000000..5c68d70 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man5/config.html @@ -0,0 +1,583 @@ + + + + +config + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    config - OpenSSL CONF library configuration files

    +

    +

    +
    +

    DESCRIPTION

    +

    The OpenSSL CONF library can be used to read configuration files. +It is used for the OpenSSL master configuration file openssl.cnf +and in a few other places like SPKAC files and certificate extension +files for the x509 utility. OpenSSL applications can also use the +CONF library for their own purposes.

    +

    A configuration file is divided into a number of sections. Each section +starts with a line [section_name] and ends when a new section is +started or end of file is reached. A section name can consist of +alphanumeric characters and underscores. The brackets are required.

    +

    The first section of a configuration file is special and is referred +to as the default section. This section is usually unnamed and spans from the +start of file until the first named section. When a name is being looked up +it is first looked up in a named section (if any) and then the +default section.

    +

    The environment is mapped onto a section called ENV.

    +

    Comments can be included by preceding them with the # character

    +

    Other files can be included using the .include directive followed +by a path. If the path points to a directory all files with +names ending with .cnf or .conf are included from the directory. +Recursive inclusion of directories from files in such directory is not +supported. That means the files in the included directory can also contain +.include directives but only inclusion of regular files is supported +there. The inclusion of directories is not supported on systems without +POSIX IO support.

    +

    It is strongly recommended to use absolute paths with the .include +directive. Relative paths are evaluated based on the application current +working directory so unless the configuration file containing the +.include directive is application specific the inclusion will not +work as expected. The environment variable OPENSSL_CONF_INCLUDE can also be +used to specify the path to prepend to all .include paths.

    +

    There can be optional = character and whitespace characters between +.include directive and the path which can be useful in cases the +configuration file needs to be loaded by old OpenSSL versions which do +not support the .include syntax. They would bail out with error +if the = character is not present but with it they just ignore +the include.

    +

    Pragmas can be specified with the .pragma directive. +See PRAGMAS for more information.

    +

    Each section in a configuration file consists of a number of name and +value pairs of the form name=value

    +

    The name string can contain any alphanumeric characters as well as +a few punctuation symbols such as . , ; and _.

    +

    The value string consists of the string following the = character +until end of line with any leading and trailing white space removed.

    +

    The value string undergoes variable expansion. This can be done by +including the form $var or ${var}: this will substitute the value +of the named variable in the current section. It is also possible to +substitute a value from another section using the syntax $section::name +or ${section::name}. By using the form $ENV::name environment +variables can be substituted. It is also possible to assign values to +environment variables by using the name ENV::name, this will work +if the program looks up environment variables using the CONF library +instead of calling getenv() directly. The value string must not exceed 64k in +length after variable expansion. Otherwise an error will occur.

    +

    It is possible to escape certain characters by using any kind of quote +or the \ character. By making the last character of a line a \ +a value string can be spread across multiple lines. In addition +the sequences \n, \r, \b and \t are recognized.

    +

    All expansion and escape rules as described above that apply to value +also apply to the path of the .include directive.

    +

    +

    +
    +

    PRAGMAS

    +

    Pragmas can be used to change the behavior of the configuration file +parser, among others. Currently supported pragmas are:

    +
    +
    .pragma dollarid:value
    + +
    +

    value can be one of:

    +
    +
    "on" or "true"
    + +
    +

    this signifies that dollar signs are considered an identity character +from this point on and that variable expansion requires the use of +braces or parentheses. In other words, foo$bar will be considered +a name instead of foo followed by the expansion of the variable +bar. +This is suitable for platforms where the dollar sign is commonly used +as part of names.

    +
    +
    "off" or "false"
    + +
    +

    Turns this pragma off, i.e. foo$bar will be interpreted as foo +followed by the expansion of the variable bar.

    +
    +
    +

    By default, this pragma is turned off.

    +
    +
    +

    +

    +
    +

    OPENSSL LIBRARY CONFIGURATION

    +

    Applications can automatically configure certain +aspects of OpenSSL using the master OpenSSL configuration file, or optionally +an alternative configuration file. The openssl utility includes this +functionality: any sub command uses the master OpenSSL configuration file +unless an option is used in the sub command to use an alternative configuration +file.

    +

    To enable library configuration the default section needs to contain an +appropriate line which points to the main configuration section. The default +name is openssl_conf which is used by the openssl utility. Other +applications may use an alternative name such as myapplication_conf. +All library configuration lines appear in the default section at the start +of the configuration file.

    +

    The configuration section should consist of a set of name value pairs which +contain specific module configuration information. The name represents +the name of the configuration module. The meaning of the value is +module specific: it may, for example, represent a further configuration +section containing configuration module specific information. E.g.:

    +
    + # This must be in the default section
+ openssl_conf = openssl_init
    +
    + [openssl_init]
    +
    + oid_section = new_oids
+ engines = engine_section
+ providers = provider_section
    +
    + [new_oids]
    +
    + ... new oids here ...
    +
    + [engine_section]
    +
    + ... engine stuff here ...
    +
    + [provider_section]
    +
    + ... provider stuff here ...
    +

    The features of each configuration module are described below.

    +

    +

    +

    ASN1 Object Configuration Module

    +

    This module has the name oid_section. The value of this variable points +to a section containing name value pairs of OIDs: the name is the OID short +and long name, the value is the numerical form of the OID. Although some of +the openssl utility sub commands already have their own ASN1 OBJECT section +functionality not all do. By using the ASN1 OBJECT configuration module +all the openssl utility sub commands can see the new objects as well +as any compliant applications. For example:

    +
    + [new_oids]
    +
    + some_new_oid = 1.2.3.4
+ some_other_oid = 1.2.3.5
    +

    It is also possible to set the value to the long name followed +by a comma and the numerical OID form. For example:

    +
    + shortName = some object long name, 1.2.3.4
    +

    +

    +

    Engine Configuration Module

    +

    This ENGINE configuration module has the name engines. The value of this +variable points to a section containing further ENGINE configuration +information.

    +

    The section pointed to by engines is a table of engine names (though see +engine_id below) and further sections containing configuration information +specific to each ENGINE.

    +

    Each ENGINE specific section is used to set default algorithms, load +dynamic, perform initialization and send ctrls. The actual operation performed +depends on the command name which is the name of the name value pair. The +currently supported commands are listed below.

    +

    For example:

    +
    + [engine_section]
    +
    + # Configure ENGINE named "foo"
+ foo = foo_section
+ # Configure ENGINE named "bar"
+ bar = bar_section
    +
    + [foo_section]
+ ... foo ENGINE specific commands ...
    +
    + [bar_section]
+ ... "bar" ENGINE specific commands ...
    +

    The command engine_id is used to give the ENGINE name. If used this +command must be first. For example:

    +
    + [engine_section]
+ # This would normally handle an ENGINE named "foo"
+ foo = foo_section
    +
    + [foo_section]
+ # Override default name and use "myfoo" instead.
+ engine_id = myfoo
    +

    The command dynamic_path loads and adds an ENGINE from the given path. It +is equivalent to sending the ctrls SO_PATH with the path argument followed +by LIST_ADD with value 2 and LOAD to the dynamic ENGINE. If this is +not the required behaviour then alternative ctrls can be sent directly +to the dynamic ENGINE using ctrl commands.

    +

    The command init determines whether to initialize the ENGINE. If the value +is 0 the ENGINE will not be initialized, if 1 and attempt it made to +initialized the ENGINE immediately. If the init command is not present +then an attempt will be made to initialize the ENGINE after all commands in +its section have been processed.

    +

    The command default_algorithms sets the default algorithms an ENGINE will +supply using the functions ENGINE_set_default_string().

    +

    If the name matches none of the above command names it is assumed to be a +ctrl command which is sent to the ENGINE. The value of the command is the +argument to the ctrl command. If the value is the string EMPTY then no +value is sent to the command.

    +

    For example:

    +
    + [engine_section]
    +
    + # Configure ENGINE named "foo"
+ foo = foo_section
    +
    + [foo_section]
+ # Load engine from DSO
+ dynamic_path = /some/path/fooengine.so
+ # A foo specific ctrl.
+ some_ctrl = some_value
+ # Another ctrl that doesn't take a value.
+ other_ctrl = EMPTY
+ # Supply all default algorithms
+ default_algorithms = ALL
    +

    +

    +

    Provider Configuration Module

    +

    This provider configuration module has the name providers. The +value of this variable points to a section containing further provider +configuration information.

    +

    The section pointed to by providers is a table of provider names +(though see identity below) and further sections containing +configuration information specific to each provider module.

    +

    Each provider specific section is used to load its module, perform +activation and set parameters to pass to the provider on demand. The +actual operation performed depends on the name of the name value pair. +The currently supported commands are listed below.

    +

    For example:

    +
    + [provider_section]
    +
    + # Configure provider named "foo"
+ foo = foo_section
+ # Configure provider named "bar"
+ bar = bar_section
    +
    + [foo_section]
+ ... "foo" provider specific parameters ...
    +
    + [bar_section]
+ ... "bar" provider specific parameters ...
    +

    The command identity is used to give the provider name. For example:

    +
    + [provider_section]
+ # This would normally handle a provider named "foo"
+ foo = foo_section
    +
    + [foo_section]
+ # Override default name and use "myfoo" instead.
+ identity = myfoo
    +

    The parameter module loads and adds a provider module from the +given module path. That path may be a simple filename, a relative +path or an absolute path.

    +

    The parameter activate determines whether to activate the +provider. The value has no importance, the presence of the parameter +is enough for activation to take place.

    +

    All parameters in the section as well as sub-sections are made +available to the provider.

    +

    +

    +

    EVP Configuration Module

    +

    This module has the name alg_section which points to a section containing +algorithm commands.

    +

    The supported algorithm commands are:

    +
    +
    default_properties
    + +
    +

    The value may be anything that is acceptable as a property query +string for EVP_set_default_properties().

    +
    +
    fips_mode (deprecated)
    + +
    +

    The value is a boolean that can be yes or no. If the value is +yes, this is exactly equivalent to:

    +
    +    default_properties = fips=yes
    +

    If the value is no, nothing happens.

    +
    +
    +

    These two commands should not be used together, as there is no control +over how they affect each other. +The use of fips_mode is strongly discouraged and is only present +for backward compatibility with earlier OpenSSL FIPS modules.

    +

    +

    +

    SSL Configuration Module

    +

    This module has the name ssl_conf which points to a section containing +SSL configurations.

    +

    Each line in the SSL configuration section contains the name of the +configuration and the section containing it.

    +

    Each configuration section consists of command value pairs for SSL_CONF. +Each pair will be passed to a SSL_CTX or SSL structure if it calls +SSL_CTX_config() or SSL_config() with the appropriate configuration name.

    +

    Note: any characters before an initial dot in the configuration section are +ignored so the same command can be used multiple times.

    +

    For example:

    +
    + ssl_conf = ssl_sect
    +
    + [ssl_sect]
    +
    + server = server_section
    +
    + [server_section]
    +
    + RSA.Certificate = server-rsa.pem
+ ECDSA.Certificate = server-ecdsa.pem
+ Ciphers = ALL:!RC4
    +

    The system default configuration with name system_default if present will +be applied during any creation of the SSL_CTX structure.

    +

    Example of a configuration with the system default:

    +
    + ssl_conf = ssl_sect
    +
    + [ssl_sect]
    +
    + system_default = system_default_sect
    +
    + [system_default_sect]
    +
    + MinProtocol = TLSv1.2
    +

    +

    +
    +

    NOTES

    +

    If a configuration file attempts to expand a variable that doesn't exist +then an error is flagged and the file will not load. This can happen +if an attempt is made to expand an environment variable that doesn't +exist. For example in a previous version of OpenSSL the default OpenSSL +master configuration file used the value of HOME which may not be +defined on non Unix systems and would cause an error.

    +

    This can be worked around by including a default section to provide +a default value: then if the environment lookup fails the default value +will be used instead. For this to work properly the default value must +be defined earlier in the configuration file than the expansion. See +the EXAMPLES section for an example of how to do this.

    +

    If the same variable exists in the same section then all but the last +value will be silently ignored. In certain circumstances such as with +DNs the same field may occur multiple times. This is usually worked +around by ignoring any characters before an initial . e.g.

    +
    + 1.OU="My first OU"
+ 2.OU="My Second OU"
    +

    +

    +
    +

    EXAMPLES

    +

    Here is a sample configuration file using some of the features +mentioned above.

    +
    + # This is the default section.
    +
    + HOME=/temp
+ configdir=$ENV::HOME/config
    +
    + [ section_one ]
    +
    + # We are now in section one.
    +
    + # Quotes permit leading and trailing whitespace
+ any = " any variable name "
    +
    + other = A string that can \
+ cover several lines \
+ by including \\ characters
    +
    + message = Hello World\n
    +
    + [ section_two ]
    +
    + greeting = $section_one::message
    +

    This next example shows how to expand environment variables safely.

    +

    Suppose you want a variable called tmpfile to refer to a +temporary filename. The directory it is placed in can determined by +the TEMP or TMP environment variables but they may not be +set to any value at all. If you just include the environment variable +names and the variable doesn't exist then this will cause an error when +an attempt is made to load the configuration file. By making use of the +default section both values can be looked up with TEMP taking +priority and /tmp used if neither is defined:

    +
    + TMP=/tmp
+ # The above value is used if TMP isn't in the environment
+ TEMP=$ENV::TMP
+ # The above value is used if TEMP isn't in the environment
+ tmpfile=${ENV::TEMP}/tmp.filename
    +

    Simple OpenSSL library configuration example to enter FIPS mode:

    +
    + # Default appname: should match "appname" parameter (if any)
+ # supplied to CONF_modules_load_file et al.
+ openssl_conf = openssl_conf_section
    +
    + [openssl_conf_section]
+ # Configuration module list
+ alg_section = evp_sect
    +
    + [evp_sect]
+ # Set to "yes" to enter FIPS mode if supported
+ fips_mode = yes
    +

    Note: in the above example you will get an error in non FIPS capable versions +of OpenSSL.

    +

    Simple OpenSSL library configuration to make TLS 1.3 the system-default +minimum TLS version:

    +
    + # Toplevel section for openssl (including libssl)
+ openssl_conf = default_conf_section
    +
    + [default_conf_section]
+ # We only specify configuration for the "ssl module"
+ ssl_conf = ssl_section
    +
    + [ssl_section]
+ system_default = system_default_section
    +
    + [system_default_section]
+ MinProtocol = TLSv1.3
    +

    More complex OpenSSL library configuration. Add OID and don't enter FIPS mode:

    +
    + # Default appname: should match "appname" parameter (if any)
+ # supplied to CONF_modules_load_file et al.
+ openssl_conf = openssl_conf_section
    +
    + [openssl_conf_section]
+ # Configuration module list
+ alg_section = evp_sect
+ oid_section = new_oids
    +
    + [evp_sect]
+ # This will have no effect as FIPS mode is off by default.
+ # Set to "yes" to enter FIPS mode, if supported
+ fips_mode = no
    +
    + [new_oids]
+ # New OID, just short name
+ newoid1 = 1.2.3.4.1
+ # New OID shortname and long name
+ newoid2 = New OID 2 long name, 1.2.3.4.2
    +

    The above examples can be used with any application supporting library +configuration if "openssl_conf" is modified to match the appropriate "appname".

    +

    For example if the second sample file above is saved to "example.cnf" then +the command line:

    +
    + OPENSSL_CONF=example.cnf openssl asn1parse -genstr OID:1.2.3.4.1
    +

    will output:

    +
    +    0:d=0  hl=2 l=   4 prim: OBJECT            :newoid1
    +

    showing that the OID "newoid1" has been added as "1.2.3.4.1".

    +

    +

    +
    +

    ENVIRONMENT

    +
    +
    OPENSSL_CONF
    + +
    +

    The path to the config file. +Ignored in set-user-ID and set-group-ID programs.

    +
    +
    OPENSSL_ENGINES
    + +
    +

    The path to the engines directory. +Ignored in set-user-ID and set-group-ID programs.

    +
    +
    OPENSSL_MODULES
    + +
    +

    The path to the directory with OpenSSL modules, such as providers. +Ignored in set-user-ID and set-group-ID programs.

    +
    +
    OPENSSL_CONF_INCLUDE
    + +
    +

    The optional path to prepend to all .include paths.

    +
    +
    +

    +

    +
    +

    BUGS

    +

    Currently there is no way to include characters using the octal \nnn +form. Strings are all null terminated so nulls cannot form part of +the value.

    +

    The escaping isn't quite right: if you want to use sequences like \n +you can't use any quote escaping on the same line.

    +

    Files are loaded in a single pass. This means that an variable expansion +will only work if the variables referenced are defined earlier in the +file.

    +

    +

    +
    +

    HISTORY

    +

    An undocumented API, NCONF_WIN32(), used a slightly different set +of parsing rules there were intended to be tailored to +the Microsoft Windows platform. +Specifically, the backslash character was not an escape character and +could be used in pathnames, only the double-quote character was recognized, +and comments began with a semi-colon. +This function was deprecated in OpenSSL 3.0; applications with +configuration files using that syntax will have to be modified.

    +

    +

    +
    +

    SEE ALSO

    +

    openssl-x509(1), openssl-req(1), openssl-ca(1), fips_config(5)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man5/fips_config.html b/linux_amd64/share/doc/openssl/html/man5/fips_config.html new file mode 100755 index 0000000..d4b5b38 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man5/fips_config.html @@ -0,0 +1,101 @@ + + + + +fips_config + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    fips_config - OpenSSL FIPS configuration

    +

    +

    +
    +

    DESCRIPTION

    +

    A separate configuration file containing data related to FIPS 'self tests' is +written to during installation time. +This data is used for 2 purposes when the fips module is loaded:

    +
    +
    - Verify the module's checksum each time the fips module loads.
    + +
    - Run the startup FIPS self test KATS (known answer tests). +This only needs to be run once during installation.
    + +
    +

    The supported options are:

    +
    +
    module-checksum
    + +
    +

    The calculated MAC of the module file

    +
    +
    install-version
    + +
    +

    A version number for the fips install process. Should be 1.

    +
    +
    install-status
    + +
    +

    The install status indicator description that will be verified. +If this field is not present the FIPS self tests will run when the fips module +loads. +This value should only be written to after the FIPS module has +successfully passed its self tests during installation.

    +
    +
    install-checksum
    + +
    +

    The calculated MAC of the install status indicator. +It is initially empty and is written to at the same time as the install_status.

    +
    +
    +

    For example:

    +
    + [fips_install]
    +
    + install-version = 1
+ module-checksum = 41:D0:FA:C2:5D:41:75:CD:7D:C3:90:55:6F:A4:DC
+ install-checksum = FE:10:13:5A:D3:B4:C7:82:1B:1E:17:4C:AC:84:0C
+ install-status = INSTALL_SELF_TEST_KATS_RUN
    +

    +

    +
    +

    SEE ALSO

    +

    config(5)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man5/x509v3_config.html b/linux_amd64/share/doc/openssl/html/man5/x509v3_config.html new file mode 100755 index 0000000..4109003 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man5/x509v3_config.html @@ -0,0 +1,528 @@ + + + + +x509v3_config + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    x509v3_config - X509 V3 certificate extension configuration format

    +

    +

    +
    +

    DESCRIPTION

    +

    Several of the OpenSSL utilities can add extensions to a certificate or +certificate request based on the contents of a configuration file.

    +

    Typically the application will contain an option to point to an extension +section. Each line of the extension section takes the form:

    +
    + extension_name=[critical,] extension_options
    +

    If critical is present then the extension will be critical.

    +

    The format of extension_options depends on the value of extension_name.

    +

    There are four main types of extension: string extensions, multi-valued +extensions, raw and arbitrary extensions.

    +

    String extensions simply have a string which contains either the value itself +or how it is obtained.

    +

    For example:

    +
    + nsComment="This is a Comment"
    +

    Multi-valued extensions have a short form and a long form. The short form +is a list of names and values:

    +
    + basicConstraints=critical,CA:true,pathlen:1
    +

    The long form allows the values to be placed in a separate section:

    +
    + basicConstraints=critical,@bs_section
    +
    + [bs_section]
    +
    + CA=true
+ pathlen=1
    +

    Both forms are equivalent.

    +

    The syntax of raw extensions is governed by the extension code: it can +for example contain data in multiple sections. The correct syntax to +use is defined by the extension code itself: check out the certificate +policies extension for an example.

    +

    If an extension type is unsupported then the arbitrary extension syntax +must be used, see the ARBITRARY EXTENSIONS section for more details.

    +

    +

    +
    +

    STANDARD EXTENSIONS

    +

    The following sections describe each supported extension in detail.

    +

    +

    +

    Basic Constraints

    +

    This is a multi valued extension which indicates whether a certificate is +a CA certificate. The first (mandatory) name is CA followed by TRUE or +FALSE. If CA is TRUE then an optional pathlen name followed by a +non-negative value can be included.

    +

    For example:

    +
    + basicConstraints=CA:TRUE
    +
    + basicConstraints=CA:FALSE
    +
    + basicConstraints=critical,CA:TRUE, pathlen:0
    +

    A CA certificate must include the basicConstraints value with the CA field +set to TRUE. An end user certificate must either set CA to FALSE or exclude the +extension entirely. Some software may require the inclusion of basicConstraints +with CA set to FALSE for end entity certificates.

    +

    The pathlen parameter indicates the maximum number of CAs that can appear +below this one in a chain. So if you have a CA with a pathlen of zero it can +only be used to sign end user certificates and not further CAs.

    +

    +

    +

    Key Usage

    +

    Key usage is a multi valued extension consisting of a list of names of the +permitted key usages.

    +

    The supported names are: digitalSignature, nonRepudiation, keyEncipherment, +dataEncipherment, keyAgreement, keyCertSign, cRLSign, encipherOnly +and decipherOnly.

    +

    Examples:

    +
    + keyUsage=digitalSignature, nonRepudiation
    +
    + keyUsage=critical, keyCertSign
    +

    +

    +

    Extended Key Usage

    +

    This extensions consists of a list of usages indicating purposes for which +the certificate public key can be used for,

    +

    These can either be object short names or the dotted numerical form of OIDs. +While any OID can be used only certain values make sense. In particular the +following PKIX, NS and MS values are meaningful:

    +
    + Value                  Meaning
+ -----                  -------
+ serverAuth             SSL/TLS Web Server Authentication.
+ clientAuth             SSL/TLS Web Client Authentication.
+ codeSigning            Code signing.
+ emailProtection        E-mail Protection (S/MIME).
+ timeStamping           Trusted Timestamping
+ OCSPSigning            OCSP Signing
+ ipsecIKE               ipsec Internet Key Exchange
+ msCodeInd              Microsoft Individual Code Signing (authenticode)
+ msCodeCom              Microsoft Commercial Code Signing (authenticode)
+ msCTLSign              Microsoft Trust List Signing
+ msEFS                  Microsoft Encrypted File System
    +

    Examples:

    +
    + extendedKeyUsage=critical,codeSigning,1.2.3.4
+ extendedKeyUsage=serverAuth,clientAuth
    +

    +

    +

    Subject Key Identifier

    +

    This is really a string extension and can take two possible values. Either +the word hash which will automatically follow the guidelines in RFC3280 +or a hex string giving the extension value to include. The use of the hex +string is strongly discouraged.

    +

    Example:

    +
    + subjectKeyIdentifier=hash
    +

    +

    +

    Authority Key Identifier

    +

    The authority key identifier extension permits two options. keyid and issuer: +both can take the optional value "always".

    +

    If the keyid option is present an attempt is made to copy the subject key +identifier from the parent certificate. If the value "always" is present +then an error is returned if the option fails.

    +

    The issuer option copies the issuer and serial number from the issuer +certificate. This will only be done if the keyid option fails or +is not included unless the "always" flag will always include the value.

    +

    Example:

    +
    + authorityKeyIdentifier=keyid,issuer
    +

    +

    +

    Subject Alternative Name

    +

    The subject alternative name extension allows various literal values to be +included in the configuration file. These include email (an email address) +URI a uniform resource indicator, DNS (a DNS domain name), RID (a +registered ID: OBJECT IDENTIFIER), IP (an IP address), dirName +(a distinguished name) and otherName.

    +

    The email option include a special 'copy' value. This will automatically +include any email addresses contained in the certificate subject name in +the extension.

    +

    The IP address used in the IP options can be in either IPv4 or IPv6 format.

    +

    The value of dirName should point to a section containing the distinguished +name to use as a set of name value pairs. Multi values AVAs can be formed by +prefacing the name with a + character.

    +

    otherName can include arbitrary data associated with an OID: the value +should be the OID followed by a semicolon and the content in standard +ASN1_generate_nconf(3) format.

    +

    Examples:

    +
    + subjectAltName=email:copy,email:my@other.address,URI:http://my.url.here/
+ subjectAltName=IP:192.168.7.1
+ subjectAltName=IP:13::17
+ subjectAltName=email:my@other.address,RID:1.2.3.4
+ subjectAltName=otherName:1.2.3.4;UTF8:some other identifier
    +
    + subjectAltName=dirName:dir_sect
    +
    + [dir_sect]
+ C=UK
+ O=My Organization
+ OU=My Unit
+ CN=My Name
    +

    +

    +

    Issuer Alternative Name

    +

    The issuer alternative name option supports all the literal options of +subject alternative name. It does not support the email:copy option because +that would not make sense. It does support an additional issuer:copy option +that will copy all the subject alternative name values from the issuer +certificate (if possible).

    +

    Example:

    +
    + issuerAltName = issuer:copy
    +

    +

    +

    Authority Info Access

    +

    The authority information access extension gives details about how to access +certain information relating to the CA. Its syntax is accessOID;location +where location has the same syntax as subject alternative name (except +that email:copy is not supported). accessOID can be any valid OID but only +certain values are meaningful, for example OCSP and caIssuers.

    +

    Example:

    +
    + authorityInfoAccess = OCSP;URI:http://ocsp.my.host/
+ authorityInfoAccess = caIssuers;URI:http://my.ca/ca.html
    +

    +

    +

    CRL distribution points

    +

    This is a multi-valued extension whose options can be either in name:value pair +using the same form as subject alternative name or a single value representing +a section name containing all the distribution point fields.

    +

    For a name:value pair a new DistributionPoint with the fullName field set to +the given value both the cRLissuer and reasons fields are omitted in this case.

    +

    In the single option case the section indicated contains values for each +field. In this section:

    +

    If the name is "fullname" the value field should contain the full name +of the distribution point in the same format as subject alternative name.

    +

    If the name is "relativename" then the value field should contain a section +name whose contents represent a DN fragment to be placed in this field.

    +

    The name "CRLIssuer" if present should contain a value for this field in +subject alternative name format.

    +

    If the name is "reasons" the value field should consist of a comma +separated field containing the reasons. Valid reasons are: "keyCompromise", +"CACompromise", "affiliationChanged", "superseded", "cessationOfOperation", +"certificateHold", "privilegeWithdrawn" and "AACompromise".

    +

    Simple examples:

    +
    + crlDistributionPoints=URI:http://myhost.com/myca.crl
+ crlDistributionPoints=URI:http://my.com/my.crl,URI:http://oth.com/my.crl
    +

    Full distribution point example:

    +
    + crlDistributionPoints=crldp1_section
    +
    + [crldp1_section]
    +
    + fullname=URI:http://myhost.com/myca.crl
+ CRLissuer=dirName:issuer_sect
+ reasons=keyCompromise, CACompromise
    +
    + [issuer_sect]
+ C=UK
+ O=Organisation
+ CN=Some Name
    +

    +

    +

    Issuing Distribution Point

    +

    This extension should only appear in CRLs. It is a multi valued extension +whose syntax is similar to the "section" pointed to by the CRL distribution +points extension with a few differences.

    +

    The names "reasons" and "CRLissuer" are not recognized.

    +

    The name "onlysomereasons" is accepted which sets this field. The value is +in the same format as the CRL distribution point "reasons" field.

    +

    The names "onlyuser", "onlyCA", "onlyAA" and "indirectCRL" are also accepted +the values should be a boolean value (TRUE or FALSE) to indicate the value of +the corresponding field.

    +

    Example:

    +
    + issuingDistributionPoint=critical, @idp_section
    +
    + [idp_section]
    +
    + fullname=URI:http://myhost.com/myca.crl
+ indirectCRL=TRUE
+ onlysomereasons=keyCompromise, CACompromise
    +
    + [issuer_sect]
+ C=UK
+ O=Organisation
+ CN=Some Name
    +

    +

    +

    Certificate Policies

    +

    This is a raw extension. All the fields of this extension can be set by +using the appropriate syntax.

    +

    If you follow the PKIX recommendations and just using one OID then you just +include the value of that OID. Multiple OIDs can be set separated by commas, +for example:

    +
    + certificatePolicies= 1.2.4.5, 1.1.3.4
    +

    If you wish to include qualifiers then the policy OID and qualifiers need to +be specified in a separate section: this is done by using the @section syntax +instead of a literal OID value.

    +

    The section referred to must include the policy OID using the name +policyIdentifier, cPSuri qualifiers can be included using the syntax:

    +
    + CPS.nnn=value
    +

    userNotice qualifiers can be set using the syntax:

    +
    + userNotice.nnn=@notice
    +

    The value of the userNotice qualifier is specified in the relevant section. +This section can include explicitText, organization and noticeNumbers +options. explicitText and organization are text strings, noticeNumbers is a +comma separated list of numbers. The organization and noticeNumbers options +(if included) must BOTH be present. If you use the userNotice option with IE5 +then you need the 'ia5org' option at the top level to modify the encoding: +otherwise it will not be interpreted properly.

    +

    Example:

    +
    + certificatePolicies=ia5org,1.2.3.4,1.5.6.7.8,@polsect
    +
    + [polsect]
    +
    + policyIdentifier = 1.3.5.8
+ CPS.1="http://my.host.name/";
+ CPS.2="http://my.your.name/";
+ userNotice.1=@notice
    +
    + [notice]
    +
    + explicitText="Explicit Text Here"
+ organization="Organisation Name"
+ noticeNumbers=1,2,3,4
    +

    The ia5org option changes the type of the organization field. In RFC2459 +it can only be of type DisplayText. In RFC3280 IA5String is also permissible. +Some software (for example some versions of MSIE) may require ia5org.

    +

    ASN1 type of explicitText can be specified by prepending UTF8, +BMP or VISIBLE prefix followed by colon. For example:

    +
    + [notice]
+ explicitText="UTF8:Explicit Text Here"
    +

    +

    +

    Policy Constraints

    +

    This is a multi-valued extension which consisting of the names +requireExplicitPolicy or inhibitPolicyMapping and a non negative integer +value. At least one component must be present.

    +

    Example:

    +
    + policyConstraints = requireExplicitPolicy:3
    +

    +

    +

    Inhibit Any Policy

    +

    This is a string extension whose value must be a non negative integer.

    +

    Example:

    +
    + inhibitAnyPolicy = 2
    +

    +

    +

    Name Constraints

    +

    The name constraints extension is a multi-valued extension. The name should +begin with the word permitted or excluded followed by a ;. The rest of +the name and the value follows the syntax of subjectAltName except email:copy +is not supported and the IP form should consist of an IP addresses and +subnet mask separated by a /.

    +

    Examples:

    +
    + nameConstraints=permitted;IP:192.168.0.0/255.255.0.0
    +
    + nameConstraints=permitted;email:.somedomain.com
    +
    + nameConstraints=excluded;email:.com
    +

    +

    +

    OCSP No Check

    +

    The OCSP No Check extension is a string extension but its value is ignored.

    +

    Example:

    +
    + noCheck = ignored
    +

    +

    +

    TLS Feature (aka Must Staple)

    +

    This is a multi-valued extension consisting of a list of TLS extension +identifiers. Each identifier may be a number (0..65535) or a supported name. +When a TLS client sends a listed extension, the TLS server is expected to +include that extension in its reply.

    +

    The supported names are: status_request and status_request_v2.

    +

    Example:

    +
    + tlsfeature = status_request
    +

    +

    +
    +

    DEPRECATED EXTENSIONS

    +

    The following extensions are non standard, Netscape specific and largely +obsolete. Their use in new applications is discouraged.

    +

    +

    +

    Netscape String extensions

    +

    Netscape Comment (nsComment) is a string extension containing a comment +which will be displayed when the certificate is viewed in some browsers.

    +

    Example:

    +
    + nsComment = "Some Random Comment"
    +

    Other supported extensions in this category are: nsBaseUrl, +nsRevocationUrl, nsCaRevocationUrl, nsRenewalUrl, nsCaPolicyUrl +and nsSslServerName.

    +

    +

    +

    Netscape Certificate Type

    +

    This is a multi-valued extensions which consists of a list of flags to be +included. It was used to indicate the purposes for which a certificate could +be used. The basicConstraints, keyUsage and extended key usage extensions are +now used instead.

    +

    Acceptable values for nsCertType are: client, server, email, +objsign, reserved, sslCA, emailCA, objCA.

    +

    +

    +
    +

    ARBITRARY EXTENSIONS

    +

    If an extension is not supported by the OpenSSL code then it must be encoded +using the arbitrary extension format. It is also possible to use the arbitrary +format for supported extensions. Extreme care should be taken to ensure that +the data is formatted correctly for the given extension type.

    +

    There are two ways to encode arbitrary extensions.

    +

    The first way is to use the word ASN1 followed by the extension content +using the same syntax as ASN1_generate_nconf(3). +For example:

    +
    + 1.2.3.4=critical,ASN1:UTF8String:Some random data
    +
    + 1.2.3.4=ASN1:SEQUENCE:seq_sect
    +
    + [seq_sect]
    +
    + field1 = UTF8:field1
+ field2 = UTF8:field2
    +

    It is also possible to use the word DER to include the raw encoded data in any +extension.

    +
    + 1.2.3.4=critical,DER:01:02:03:04
+ 1.2.3.4=DER:01020304
    +

    The value following DER is a hex dump of the DER encoding of the extension +Any extension can be placed in this form to override the default behaviour. +For example:

    +
    + basicConstraints=critical,DER:00:01:02:03
    +

    +

    +
    +

    WARNINGS

    +

    There is no guarantee that a specific implementation will process a given +extension. It may therefore be sometimes possible to use certificates for +purposes prohibited by their extensions because a specific application does +not recognize or honour the values of the relevant extensions.

    +

    The DER and ASN1 options should be used with caution. It is possible to create +totally invalid extensions if they are not used carefully.

    +

    +

    +
    +

    NOTES

    +

    If an extension is multi-value and a field value must contain a comma the long +form must be used otherwise the comma would be misinterpreted as a field +separator. For example:

    +
    + subjectAltName=URI:ldap://somehost.com/CN=foo,OU=bar
    +

    will produce an error but the equivalent form:

    +
    + subjectAltName=@subject_alt_section
    +
    + [subject_alt_section]
+ subjectAltName=URI:ldap://somehost.com/CN=foo,OU=bar
    +

    is valid.

    +

    Due to the behaviour of the OpenSSL conf library the same field name +can only occur once in a section. This means that:

    +
    + subjectAltName=@alt_section
    +
    + [alt_section]
    +
    + email=steve@here
+ email=steve@there
    +

    will only recognize the last value. This can be worked around by using the form:

    +
    + [alt_section]
    +
    + email.1=steve@here
+ email.2=steve@there
    +

    +

    +
    +

    SEE ALSO

    +

    openssl-req(1), openssl-ca(1), openssl-x509(1), +ASN1_generate_nconf(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man7/EVP_KDF-HKDF.html b/linux_amd64/share/doc/openssl/html/man7/EVP_KDF-HKDF.html new file mode 100755 index 0000000..773c6d7 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man7/EVP_KDF-HKDF.html @@ -0,0 +1,195 @@ + + + + +EVP_KDF-HKDF + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_KDF-HKDF - The HKDF EVP_KDF implementation

    +

    +

    +
    +

    DESCRIPTION

    +

    Support for computing the HKDF KDF through the EVP_KDF API.

    +

    The EVP_KDF-HKDF algorithm implements the HKDF key derivation function. +HKDF follows the "extract-then-expand" paradigm, where the KDF logically +consists of two modules. The first stage takes the input keying material +and "extracts" from it a fixed-length pseudorandom key K. The second stage +"expands" the key K into several additional pseudorandom keys (the output +of the KDF).

    +

    +

    +

    Identity

    +

    "HKDF" is the name for this implementation; it +can be used with the EVP_KDF_fetch() function.

    +

    +

    +

    Supported parameters

    +

    The supported parameters are:

    +
    +
    "properties" (OSSL_KDF_PARAM_PROPERTIES) <UTF8 string>
    + +
    "digest" (OSSL_KDF_PARAM_DIGEST) <UTF8 string>
    + +
    "key" (OSSL_KDF_PARAM_KEY) <octet string>
    + +
    "salt" (OSSL_KDF_PARAM_SALT) <octet string>
    + +
    +

    These parameters work as described in EVP_KDF(3)/PARAMETERS.

    +
    +
    "info" (OSSL_KDF_PARAM_INFO) <octet string>
    + +
    +

    This parameter sets the info value. +The length of the context info buffer cannot exceed 1024 bytes; +this should be more than enough for any normal use of HKDF.

    +
    +
    "mode" (OSSL_KDF_PARAM_MODE) <UTF8 string> or <integer>
    + +
    +

    This parameter sets the mode for the HKDF operation. +There are three modes that are currently defined:

    +
    +
    EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND "EXTRACT_AND_EXPAND"
    + +
    +

    This is the default mode. Calling EVP_KDF_derive(3) on an EVP_KDF_CTX set +up for HKDF will perform an extract followed by an expand operation in one go. +The derived key returned will be the result after the expand operation. The +intermediate fixed-length pseudorandom key K is not returned.

    +

    In this mode the digest, key, salt and info values must be set before a key is +derived otherwise an error will occur.

    +
    +
    EVP_KDF_HKDF_MODE_EXTRACT_ONLY "EXTRACT_ONLY"
    + +
    +

    In this mode calling EVP_KDF_derive(3) will just perform the extract +operation. The value returned will be the intermediate fixed-length pseudorandom +key K. The keylen parameter must match the size of K, which can be looked +up by calling EVP_KDF_size() after setting the mode and digest.

    +

    The digest, key and salt values must be set before a key is derived otherwise +an error will occur.

    +
    +
    EVP_KDF_HKDF_MODE_EXPAND_ONLY "EXPAND_ONLY"
    + +
    +

    In this mode calling EVP_KDF_derive(3) will just perform the expand +operation. The input key should be set to the intermediate fixed-length +pseudorandom key K returned from a previous extract operation.

    +

    The digest, key and info values must be set before a key is derived otherwise +an error will occur.

    +
    +
    +
    +
    +

    +

    +
    +

    NOTES

    +

    A context for HKDF can be obtained by calling:

    +
    + EVP_KDF *kdf = EVP_KDF_fetch(NULL, "HKDF", NULL);
+ EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
    +

    The output length of an HKDF expand operation is specified via the keylen +parameter to the EVP_KDF_derive(3) function. When using +EVP_KDF_HKDF_MODE_EXTRACT_ONLY the keylen parameter must equal the size of +the intermediate fixed-length pseudorandom key otherwise an error will occur. +For that mode, the fixed output size can be looked up by calling EVP_KDF_size() +after setting the mode and digest on the EVP_KDF_CTX.

    +

    +

    +
    +

    EXAMPLES

    +

    This example derives 10 bytes using SHA-256 with the secret key "secret", +salt value "salt" and info value "label":

    +
    + EVP_KDF *kdf;
+ EVP_KDF_CTX *kctx;
+ unsigned char out[10];
+ OSSL_PARAM params[5], *p = params;
    +
    + kdf = EVP_KDF_fetch(NULL, "HKDF", NULL);
+ kctx = EVP_KDF_CTX_new(kdf);
+ EVP_KDF_free(kdf);
    +
    + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
+                                         SN_sha256, strlen(SN_sha256));
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
+                                          "secret", (size_t)6);
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
+                                          "label", (size_t)5);
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
+                                          "salt", (size_t)4);
+ *p = OSSL_PARAM_construct_end();
+ if (EVP_KDF_CTX_set_params(kctx, params) <= 0) {
+     error("EVP_KDF_CTX_set_params");
+ }
+ if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) {
+     error("EVP_KDF_derive");
+ }
    +
    + EVP_KDF_CTX_free(kctx);
    +

    +

    +
    +

    CONFORMING TO

    +

    RFC 5869

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_KDF(3), +EVP_KDF_CTX_new(3), +EVP_KDF_CTX_free(3), +EVP_KDF_size(3), +EVP_KDF_CTX_set_params(3), +EVP_KDF_derive(3), +EVP_KDF(3)/PARAMETERS

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man7/EVP_KDF-KB.html b/linux_amd64/share/doc/openssl/html/man7/EVP_KDF-KB.html new file mode 100755 index 0000000..e2f261e --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man7/EVP_KDF-KB.html @@ -0,0 +1,196 @@ + + + + +EVP_KDF-KB + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_KDF-KB - The Key-Based EVP_KDF implementation

    +

    +

    +
    +

    DESCRIPTION

    +

    The EVP_KDF-KB algorithm implements the Key-Based key derivation function +(KBKDF). KBKDF derives a key from repeated application of a keyed MAC to an +input secret (and other optional values).

    +

    +

    +

    Identity

    +

    "KBKDF" is the name for this implementation; it can be used with the +EVP_KDF_fetch() function.

    +

    +

    +

    Supported parameters

    +

    The supported parameters are:

    +
    +
    "properties" (OSSL_KDF_PARAM_PROPERTIES) <UTF8 string>
    + +
    "mode" (OSSL_KDF_PARAM_MODE) <UTF8 string>
    + +
    "mac" (OSSL_KDF_PARAM_MAC) <UTF8 string>
    + +
    "digest" (OSSL_KDF_PARAM_DIGEST) <UTF8 string>
    + +
    "cipher" (OSSL_KDF_PARAM_DIGEST) <UTF8 string>
    + +
    "key" (OSSL_KDF_PARAM_KEY) <octet string>
    + +
    "salt" (OSSL_KDF_PARAM_SALT) <octet string>
    + +
    "info (OSSL_KDF_PARAM_INFO) <octet string>
    + +
    "seed" (OSSL_KDF_PARAM_SEED) <octet string>
    + +
    +

    The mode parameter determines which flavor of KBKDF to use - currently the +choices are "counter" and "feedback". Counter is the default, and will be +used if unspecified. The seed parameter is unused in counter mode.

    +

    The parameters key, salt, info, and seed correspond to KI, Label, Context, and +IV (respectively) in SP800-108. As in that document, salt, info, and seed are +optional and may be omitted.

    +

    Depending on whether mac is CMAC or HMAC, either digest or cipher is required +(respectively) and the other is unused.

    +

    +

    +
    +

    NOTES

    +

    A context for KBKDF can be obtained by calling:

    +
    + EVP_KDF *kdf = EVP_KDF_fetch(NULL, "KBKDF", NULL);
+ EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
    +

    The output length of an KBKDF is specified via the keylen +parameter to the EVP_KDF_derive(3) function.

    +

    Note that currently OpenSSL only implements counter and feedback modes. Other +variants may be supported in the future.

    +

    +

    +
    +

    EXAMPLES

    +

    This example derives 10 bytes using COUNTER-HMAC-SHA256, with KI "secret", +Label "label", and Context "context".

    +
    + EVP_KDF *kdf;
+ EVP_KDF_CTX *kctx;
+ unsigned char out[10];
+ OSSL_PARAM params[6], *p = params;
    +
    + kdf = EVP_KDF_fetch(NULL, "KBKDF", NULL);
+ kctx = EVP_KDF_CTX_new(kdf);
+ EVP_KDF_free(kdf);
    +
    + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
+                                         "SHA2-256", 0);
+ *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC,
+                                         "HMAC", 0);
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
+                                          "secret", strlen("secret"))
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
+                                          "label", strlen("label"));
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
+                                          "context", strlen("context"));
+ *p = OSSL_PARAM_construct_end();
+ if (EVP_KDF_CTX_set_params(kctx, params) <= 0)
+     error("EVP_KDF_CTX_set_params");
+ else if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0)
+     error("EVP_KDF_derive");
    +
    + EVP_KDF_CTX_free(kctx);
    +

    This example derives 10 bytes using FEEDBACK-CMAC-AES256, with KI "secret", +Label "label", and IV "sixteen bytes iv".

    +
    + EVP_KDF *kdf;
+ EVP_KDF_CTX *kctx;
+ unsigned char out[10];
+ OSSL_PARAM params[8], *p = params;
+ unsigned char *iv = "sixteen bytes iv";
    +
    + kdf = EVP_KDF_fetch(NULL, "KBKDF", NULL);
+ kctx = EVP_KDF_CTX_new(kdf);
+ EVP_KDF_free(kdf);
    +
    + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CIPHER, "AES256", 0);
+ *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC, "CMAC", 0);
+ *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MODE, "FEEDBACK", 0);
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
+                                          "secret", strlen("secret"));
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
+                                          "label", strlen("label"));
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
+                                          "context", strlen("context"));
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED,
+                                          iv, strlen(iv));
+ *p = OSSL_PARAM_construct_end();
+ if (EVP_KDF_CTX_set_params(kctx, params) <= 0)
+     error("EVP_KDF_CTX_set_params");
+ else if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0)
+     error("EVP_KDF_derive");
    +
    + EVP_KDF_CTX_free(kctx);
    +

    +

    +
    +

    CONFORMING TO

    +

    NIST SP800-108, IETF RFC 6803, IETF RFC 8009.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_KDF(3), +EVP_KDF_CTX_free(3), +EVP_KDF_size(3), +EVP_KDF_derive(3), +EVP_KDF(3)/PARAMETERS

    +

    +

    +
    +

    HISTORY

    +

    This functionality was added to OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019 Red Hat, Inc.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man7/EVP_KDF-KRB5KDF.html b/linux_amd64/share/doc/openssl/html/man7/EVP_KDF-KRB5KDF.html new file mode 100755 index 0000000..9c35d00 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man7/EVP_KDF-KRB5KDF.html @@ -0,0 +1,162 @@ + + + + +EVP_KDF-KRB5KDF + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_KDF-KRB5KDF - The RFC3961 Krb5 KDF EVP_KDF implementation

    +

    +

    +
    +

    DESCRIPTION

    +

    Support for computing the KRB5KDF KDF through the EVP_KDF API.

    +

    The EVP_KDF-KRB5KDF algorithm implements the key derivation function defined +in RFC 3961, section 5.1 and is used by Krb5 to derive session keys. +Three inputs are required to perform key derivation: a cipher, (for example +AES-128-CBC), the initial key, and a constant.

    +

    +

    +

    Identity

    +

    "KRB5KDF" is the name for this implementation; +it can be used with the EVP_KDF_fetch() function.

    +

    +

    +

    Supported parameters

    +

    The supported parameters are:

    +
    +
    "properties" (OSSL_KDF_PARAM_PROPERTIES) <UTF8 string>
    + +
    "cipher" (OSSL_KDF_PARAM_CIPHER) <UTF8 string>
    + +
    "key" (OSSL_KDF_PARAM_KEY) <octet string>
    + +
    +

    These parameters work as described in EVP_KDF(3)/PARAMETERS.

    +
    +
    "constant" (OSSL_KDF_PARAM_CONSTANT) <octet string>
    + +
    +

    This parameter sets the constant value for the KDF. +If a value is already set, the contents are replaced.

    +
    +
    +

    +

    +
    +

    NOTES

    +

    A context for KRB5KDF can be obtained by calling:

    +
    + EVP_KDF *kdf = EVP_KDF_fetch(NULL, "KRB5KDF", NULL);
+ EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
    +

    The output length of the KRB5KDF derivation is specified via the keylen +parameter to the EVP_KDF_derive(3) function, and MUST match the key +length for the chosen cipher or an error is returned. Moreover the +constant's length must not exceed the block size of the cipher. +Since the KRB5KDF output length depends on the chosen cipher, calling +EVP_KDF_size(3) to obtain the requisite length returns the correct length +only after the cipher is set. Prior to that EVP_MAX_KEY_LENGTH is returned. +The caller must allocate a buffer of the correct length for the chosen +cipher, and pass that buffer to the EVP_KDF_derive(3) function along +with that length.

    +

    +

    +
    +

    EXAMPLES

    +

    This example derives a key using the AES-128-CBC cipher:

    +
    + EVP_KDF *kdf;
+ EVP_KDF_CTX *kctx;
+ unsigned char key[16] = "01234...";
+ unsigned char constant[] = "I'm a constant";
+ unsigned char out[16];
+ size_t outlen = sizeof(out);
+ OSSL_PARAM params[4], *p = params;
    +
    + kdf = EVP_KDF_fetch(NULL, "KRB5KDF", NULL);
+ kctx = EVP_KDF_CTX_new(kdf);
+ EVP_KDF_free(kdf);
    +
    + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CIPHER,
+                                         SN_aes_128_cbc,
+                                         strlen(SN_aes_128_cbc));
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
+                                          key, (size_t)16);
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_CONSTANT,
+                                          constant, strlen(constant));
+ *p = OSSL_PARAM_construct_end();
+ if (EVP_KDF_set_params(kctx, params) <= 0)
+     /* Error */
    +
    + if (EVP_KDF_derive(kctx, out, outlen) <= 0)
+     /* Error */
    +
    + EVP_KDF_CTX_free(kctx);
    +

    +

    +
    +

    CONFORMING TO

    +

    RFC 3961

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_KDF(3), +EVP_KDF_CTX_free(3), +EVP_KDF_ctrl(3), +EVP_KDF_size(3), +EVP_KDF_derive(3), +EVP_KDF(3)/PARAMETERS

    +

    +

    +
    +

    HISTORY

    +

    This functionality was added to OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man7/EVP_KDF-PBKDF2.html b/linux_amd64/share/doc/openssl/html/man7/EVP_KDF-PBKDF2.html new file mode 100755 index 0000000..48fe946 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man7/EVP_KDF-PBKDF2.html @@ -0,0 +1,141 @@ + + + + +EVP_KDF-PBKDF2 + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_KDF-PBKDF2 - The PBKDF2 EVP_KDF implementation

    +

    +

    +
    +

    DESCRIPTION

    +

    Support for computing the PBKDF2 password-based KDF through the EVP_KDF +API.

    +

    The EVP_KDF-PBKDF2 algorithm implements the PBKDF2 password-based key +derivation function, as described in SP800-132; it derives a key from a password +using a salt and iteration count.

    +

    +

    +

    Identity

    +

    "PBKDF2" is the name for this implementation; it +can be used with the EVP_KDF_fetch() function.

    +

    +

    +

    Supported parameters

    +

    The supported parameters are:

    +
    +
    "pass" (OSSL_KDF_PARAM_PASSWORD) <octet string>
    + +
    "salt" (OSSL_KDF_PARAM_SALT) <octet string>
    + +
    "iter" (OSSL_KDF_PARAM_ITER) <unsigned integer>
    + +
    +

    This parameter has a default value of 2048.

    +
    +
    "properties" (OSSL_KDF_PARAM_PROPERTIES) <UTF8 string>
    + +
    "digest" (OSSL_KDF_PARAM_DIGEST) <UTF8 string>
    + +
    +

    These parameters work as described in EVP_KDF(3)/PARAMETERS.

    +
    +
    "pkcs5" (OSSL_KDF_PARAM_PKCS5) <integer>
    + +
    +

    This parameter can be used to enable or disable SP800-132 compliance checks. +Setting the mode to 0 enables the compliance checks.

    +

    The checks performed are:

    +
    +
    - the iteration count is at least 1000.
    + +
    - the salt length is at least 128 bits.
    + +
    - the derived key length is at least 112 bits.
    + +
    +

    The default provider uses a default mode of 1 for backwards compatibility, +and the fips provider uses a default mode of 0.

    +

    The value string is expected to be a decimal number 0 or 1.

    +
    +
    +

    +

    +
    +

    NOTES

    +

    A typical application of this algorithm is to derive keying material for an +encryption algorithm from a password in the "pass", a salt in "salt", +and an iteration count.

    +

    Increasing the "iter" parameter slows down the algorithm which makes it +harder for an attacker to perform a brute force attack using a large number +of candidate passwords.

    +

    No assumption is made regarding the given password; it is simply treated as a +byte sequence.

    +

    +

    +
    +

    CONFORMING TO

    +

    SP800-132

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_KDF(3), +EVP_KDF_CTX_new(3), +EVP_KDF_CTX_free(3), +EVP_KDF_CTX_set_params(3), +EVP_KDF_derive(3), +EVP_KDF(3)/PARAMETERS

    +

    +

    +
    +

    HISTORY

    +

    This functionality was added to OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man7/EVP_KDF-SCRYPT.html b/linux_amd64/share/doc/openssl/html/man7/EVP_KDF-SCRYPT.html new file mode 100755 index 0000000..0121b07 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man7/EVP_KDF-SCRYPT.html @@ -0,0 +1,182 @@ + + + + +EVP_KDF-SCRYPT + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_KDF-SCRYPT - The scrypt EVP_KDF implementation

    +

    +

    +
    +

    DESCRIPTION

    +

    Support for computing the scrypt password-based KDF through the EVP_KDF +API.

    +

    The EVP_KDF-SCRYPT algorithm implements the scrypt password-based key +derivation function, as described in RFC 7914. It is memory-hard in the sense +that it deliberately requires a significant amount of RAM for efficient +computation. The intention of this is to render brute forcing of passwords on +systems that lack large amounts of main memory (such as GPUs or ASICs) +computationally infeasible.

    +

    scrypt provides three work factors that can be customized: N, r and p. N, which +has to be a positive power of two, is the general work factor and scales CPU +time in an approximately linear fashion. r is the block size of the internally +used hash function and p is the parallelization factor. Both r and p need to be +greater than zero. The amount of RAM that scrypt requires for its computation +is roughly (128 * N * r * p) bytes.

    +

    In the original paper of Colin Percival ("Stronger Key Derivation via +Sequential Memory-Hard Functions", 2009), the suggested values that give a +computation time of less than 5 seconds on a 2.5 GHz Intel Core 2 Duo are N = +2^20 = 1048576, r = 8, p = 1. Consequently, the required amount of memory for +this computation is roughly 1 GiB. On a more recent CPU (Intel i7-5930K at 3.5 +GHz), this computation takes about 3 seconds. When N, r or p are not specified, +they default to 1048576, 8, and 1, respectively. The maximum amount of RAM that +may be used by scrypt defaults to 1025 MiB.

    +

    +

    +

    Identity

    +

    "SCRYPT" is the name for this implementation; it +can be used with the EVP_KDF_fetch() function.

    +

    +

    +

    Supported parameters

    +

    The supported parameters are:

    +
    +
    "pass" (OSSL_KDF_PARAM_PASSWORD) <octet string>
    + +
    "salt" (OSSL_KDF_PARAM_SALT) <octet string>
    + +
    +

    These parameters work as described in EVP_KDF(3)/PARAMETERS.

    +
    +
    "n" (OSSL_KDF_PARAM_SCRYPT_N) <unsigned integer>
    + +
    "r" (OSSL_KDF_PARAM_SCRYPT_R) <unsigned integer>
    + +
    "p" (OSSL_KDF_PARAM_SCRYPT_P) <unsigned integer>
    + +
    +

    These parameters configure the scrypt work factors N, r and p. +N is a parameter of type uint64_t. +Both r and p are parameters of type uint32_t.

    +
    +
    +

    +

    +
    +

    NOTES

    +

    A context for scrypt can be obtained by calling:

    +
    + EVP_KDF *kdf = EVP_KDF_fetch(NULL, "SCRYPT", NULL);
+ EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
    +

    The output length of an scrypt key derivation is specified via the +"keylen" parameter to the EVP_KDF_derive(3) function.

    +

    +

    +
    +

    EXAMPLES

    +

    This example derives a 64-byte long test vector using scrypt with the password +"password", salt "NaCl" and N = 1024, r = 8, p = 16.

    +
    + EVP_KDF *kdf;
+ EVP_KDF_CTX *kctx;
+ unsigned char out[64];
+ OSSL_PARAM params[6], *p = params;
    +
    + kdf = EVP_KDF_fetch(NULL, "SCRYPT", NULL);
+ kctx = EVP_KDF_CTX_new(kdf);
+ EVP_KDF_free(kdf);
    +
    + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD,
+                                          "password", (size_t)8);
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
+                                          "NaCl", (size_t)4);
+ *p++ = OSSL_PARAM_construct_uint64(OSSL_KDF_PARAM_SCRYPT_N, (uint64_t)1024);
+ *p++ = OSSL_PARAM_construct_uint32(OSSL_KDF_PARAM_SCRYPT_R, (uint32_t)8);
+ *p++ = OSSL_PARAM_construct_uint32(OSSL_KDF_PARAM_SCRYPT_P, (uint32_t)16);
+ *p = OSSL_PARAM_construct_end();
+ if (EVP_KDF_CTX_set_params(kctx, params) <= 0) {
+     error("EVP_KDF_CTX_set_params");
+ }
+ if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) {
+     error("EVP_KDF_derive");
+ }
    +
    + {
+     const unsigned char expected[sizeof(out)] = {
+         0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00,
+         0x78, 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe,
+         0x7c, 0x6a, 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30,
+         0xe7, 0x73, 0x76, 0x63, 0x4b, 0x37, 0x31, 0x62,
+         0x2e, 0xaf, 0x30, 0xd9, 0x2e, 0x22, 0xa3, 0x88,
+         0x6f, 0xf1, 0x09, 0x27, 0x9d, 0x98, 0x30, 0xda,
+         0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d,
+         0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40
+     };
    +
    +     assert(!memcmp(out, expected, sizeof(out)));
+ }
    +
    + EVP_KDF_CTX_free(kctx);
    +

    +

    +
    +

    CONFORMING TO

    +

    RFC 7914

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_KDF(3), +EVP_KDF_CTX_new(3), +EVP_KDF_CTX_free(3), +EVP_KDF_CTX_set_params(3), +EVP_KDF_derive(3), +EVP_KDF(3)/PARAMETERS

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man7/EVP_KDF-SS.html b/linux_amd64/share/doc/openssl/html/man7/EVP_KDF-SS.html new file mode 100755 index 0000000..78db11d --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man7/EVP_KDF-SS.html @@ -0,0 +1,239 @@ + + + + +EVP_KDF-SS + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_KDF-SS - The Single Step / One Step EVP_KDF implementation

    +

    +

    +
    +

    DESCRIPTION

    +

    The EVP_KDF-SS algorithm implements the Single Step key derivation function (SSKDF). +SSKDF derives a key using input such as a shared secret key (that was generated +during the execution of a key establishment scheme) and fixedinfo. +SSKDF is also informally referred to as 'Concat KDF'.

    +

    +

    +

    Auxiliary function

    +

    The implementation uses a selectable auxiliary function H, which can be one of:

    +
    +
    H(x) = hash(x, digest=md)
    + +
    H(x) = HMAC_hash(x, key=salt, digest=md)
    + +
    H(x) = KMACxxx(x, key=salt, custom="KDF", outlen=mac_size)
    + +
    +

    Both the HMAC and KMAC implementations set the key using the 'salt' value. +The hash and HMAC also require the digest to be set.

    +

    +

    +

    Identity

    +

    "SSKDF" is the name for this implementation; it +can be used with the EVP_KDF_fetch() function.

    +

    +

    +

    Supported parameters

    +

    The supported parameters are:

    +
    +
    "properties" (OSSL_KDF_PARAM_PROPERTIES) <UTF8 string>
    + +
    "digest" (OSSL_KDF_PARAM_DIGEST) <UTF8 string>
    + +
    "mac" (OSSL_KDF_PARAM_MAC) <UTF8 string>
    + +
    "maclen" (OSSL_KDF_PARAM_MAC_SIZE) <unsigned integer>
    + +
    "salt" (OSSL_KDF_PARAM_SALT) <octet string>
    + +
    +

    These parameters work as described in EVP_KDF(3)/PARAMETERS.

    +
    +
    "key" (EVP_KDF_CTRL_SET_KEY) <octet string>
    + +
    +

    This parameter set the shared secret that is used for key derivation.

    +
    +
    "info" (OSSL_KDF_PARAM_INFO) <octet string>
    + +
    +

    This parameter sets an optional value for fixedinfo, also known as otherinfo.

    +
    +
    +

    +

    +
    +

    NOTES

    +

    A context for SSKDF can be obtained by calling:

    +
    + EVP_KDF *kdf = EVP_KDF_fetch(NULL, "SSKDF", NULL);
+ EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
    +

    The output length of an SSKDF is specified via the keylen +parameter to the EVP_KDF_derive(3) function.

    +

    +

    +
    +

    EXAMPLES

    +

    This example derives 10 bytes using H(x) = SHA-256, with the secret key "secret" +and fixedinfo value "label":

    +
    + EVP_KDF *kdf;
+ EVP_KDF_CTX *kctx;
+ unsigned char out[10];
+ OSSL_PARAM params[4], *p = params;
    +
    + kdf = EVP_KDF_fetch(NULL, "SSKDF", NULL);
+ kctx = EVP_KDF_CTX_new(kdf);
+ EVP_KDF_free(kdf);
    +
    + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
+                                         SN_sha256, strlen(SN_sha256));
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
+                                          "secret", (size_t)6);
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
+                                          "label", (size_t)5);
+ *p = OSSL_PARAM_construct_end();
+ if (EVP_KDF_CTX_set_params(kctx, params) <= 0) {
+     error("EVP_KDF_CTX_set_params");
+ }
+ if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) {
+     error("EVP_KDF_derive");
+ }
    +
    + EVP_KDF_CTX_free(kctx);
    +

    This example derives 10 bytes using H(x) = HMAC(SHA-256), with the secret key "secret", +fixedinfo value "label" and salt "salt":

    +
    + EVP_KDF *kdf;
+ EVP_KDF_CTX *kctx;
+ unsigned char out[10];
+ OSSL_PARAM params[6], *p = params;
    +
    + kdf = EVP_KDF_fetch(NULL, "SSKDF", NULL);
+ kctx = EVP_KDF_CTX_new(kdf);
+ EVP_KDF_free(kdf);
    +
    + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC,
+                                         SN_hmac, strlen(SN_hmac));
+ *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
+                                         SN_sha256, strlen(SN_sha256));
+ *p++ = OSSL_PARAM_construct_octet_string(EVP_KDF_CTRL_SET_KEY,
+                                          "secret", (size_t)6);
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
+                                          "label", (size_t)5);
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
+                                          "salt", (size_t)4);
+ *p = OSSL_PARAM_construct_end();
+ if (EVP_KDF_CTX_set_params(kctx, params) <= 0) {
+     error("EVP_KDF_CTX_set_params");
+ }
+ if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) {
+     error("EVP_KDF_derive");
+ }
    +
    + EVP_KDF_CTX_free(kctx);
    +

    This example derives 10 bytes using H(x) = KMAC128(x,salt,outlen), with the secret key "secret" +fixedinfo value "label", salt of "salt" and KMAC outlen of 20:

    +
    + EVP_KDF *kdf;
+ EVP_KDF_CTX *kctx;
+ unsigned char out[10];
+ OSSL_PARAM params[7], *p = params;
    +
    + kdf = EVP_KDF_fetch(NULL, "SSKDF", NULL);
+ kctx = EVP_KDF_CTX_new(kdf);
+ EVP_KDF_free(kdf);
    +
    + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC,
+                                         SN_kmac128, strlen(SN_kmac128));
+ *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
+                                         SN_sha256, strlen(SN_sha256));
+ *p++ = OSSL_PARAM_construct_octet_string(EVP_KDF_CTRL_SET_KEY,
+                                          "secret", (size_t)6);
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
+                                          "label", (size_t)5);
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
+                                          "salt", (size_t)4);
+ *p++ = OSSL_PARAM_construct_size_t(OSSL_KDF_PARAM_MAC_SIZE, (size_t)20);
+ *p = OSSL_PARAM_construct_end();
+ if (EVP_KDF_CTX_set_params(kctx, params) <= 0) {
+     error("EVP_KDF_CTX_set_params");
+ }
+ if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) {
+     error("EVP_KDF_derive");
+ }
    +
    + EVP_KDF_CTX_free(kctx);
    +

    +

    +
    +

    CONFORMING TO

    +

    NIST SP800-56Cr1.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_KDF(3), +EVP_KDF_CTX_new(3), +EVP_KDF_CTX_free(3), +EVP_KDF_CTX_set_params(3), +EVP_KDF_size(3), +EVP_KDF_derive(3), +EVP_KDF(3)/PARAMETERS

    +

    +

    +
    +

    HISTORY

    +

    This functionality was added to OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. Copyright +(c) 2019, Oracle and/or its affiliates. All rights reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man7/EVP_KDF-SSHKDF.html b/linux_amd64/share/doc/openssl/html/man7/EVP_KDF-SSHKDF.html new file mode 100755 index 0000000..81a601a --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man7/EVP_KDF-SSHKDF.html @@ -0,0 +1,204 @@ + + + + +EVP_KDF-SSHKDF + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_KDF-SSHKDF - The SSHKDF EVP_KDF implementation

    +

    +

    +
    +

    DESCRIPTION

    +

    Support for computing the SSHKDF KDF through the EVP_KDF API.

    +

    The EVP_KDF-SSHKDF algorithm implements the SSHKDF key derivation function. +It is defined in RFC 4253, section 7.2 and is used by SSH to derive IVs, +encryption keys and integrity keys. +Five inputs are required to perform key derivation: The hashing function +(for example SHA256), the Initial Key, the Exchange Hash, the Session ID, +and the derivation key type.

    +

    +

    +

    Identity

    +

    "SSHKDF" is the name for this implementation; it +can be used with the EVP_KDF_fetch() function.

    +

    +

    +

    Supported parameters

    +

    The supported parameters are:

    +
    +
    "properties" (OSSL_KDF_PARAM_PROPERTIES) <UTF8 string>
    + +
    "digest" (OSSL_KDF_PARAM_DIGEST) <UTF8 string>
    + +
    "key" (OSSL_KDF_PARAM_KEY) <octet string>
    + +
    +

    These parameters work as described in EVP_KDF(3)/PARAMETERS.

    +
    +
    "xcghash" (OSSL_KDF_PARAM_SSHKDF_XCGHASH) <octet string>
    + +
    "session_id" (OSSL_KDF_PARAM_SSHKDF_SESSION_ID) <octet string>
    + +
    +

    These parameters set the respective values for the KDF. +If a value is already set, the contents are replaced.

    +
    +
    "type" (OSSL_KDF_PARAM_SSHKDF_TYPE) <integer>
    + +
    +

    This parameter sets the type for the SSHHKDF operation. +There are six supported types:

    +
    +
    EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV
    + +
    +

    The Initial IV from client to server. +A single char of value 65 (ASCII char 'A').

    +
    +
    EVP_KDF_SSHKDF_TYPE_INITIAL_IV_SRV_TO_CLI
    + +
    +

    The Initial IV from server to client +A single char of value 66 (ASCII char 'B').

    +
    +
    EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_CLI_TO_SRV
    + +
    +

    The Encryption Key from client to server +A single char of value 67 (ASCII char 'C').

    +
    +
    EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_SRV_TO_CLI
    + +
    +

    The Encryption Key from server to client +A single char of value 68 (ASCII char 'D').

    +
    +
    EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_CLI_TO_SRV
    + +
    +

    The Integrity Key from client to server +A single char of value 69 (ASCII char 'E').

    +
    +
    EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_SRV_TO_CLI
    + +
    +

    The Integrity Key from client to server +A single char of value 70 (ASCII char 'F').

    +
    +
    +
    +
    +

    +

    +
    +

    NOTES

    +

    A context for SSHKDF can be obtained by calling:

    +
    + EVP_KDF *kdf = EVP_KDF_fetch(NULL, "SSHKDF", NULL);
+ EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
    +

    The output length of the SSHKDF derivation is specified via the keylen +parameter to the EVP_KDF_derive(3) function. +Since the SSHKDF output length is variable, calling EVP_KDF_size(3) +to obtain the requisite length is not meaningful. The caller must +allocate a buffer of the desired length, and pass that buffer to the +EVP_KDF_derive(3) function along with the desired length.

    +

    +

    +
    +

    EXAMPLES

    +

    This example derives an 8 byte IV using SHA-256 with a 1K "key" and appropriate +"xcghash" and "session_id" values:

    +
    + EVP_KDF *kdf;
+ EVP_KDF_CTX *kctx;
+ unsigned char key[1024] = "01234...";
+ unsigned char xcghash[32] = "012345...";
+ unsigned char session_id[32] = "012345...";
+ unsigned char out[8];
+ size_t outlen = sizeof(out);
+ OSSL_PARAM params[6], *p = params;
    +
    + kdf = EVP_KDF_fetch(NULL, "SSHKDF", NULL);
+ kctx = EVP_KDF_CTX_new(kdf);
+ EVP_KDF_free(kdf);
    +
    + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
+                                         SN_sha256, strlen(SN_sha256));
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
+                                          key, (size_t)1024);
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SSHKDF_XCGHASH,
+                                          xcghash, (size_t)32);
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
+                                          session_id, (size_t)32);
+ *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_SSHKDF_TYPE,
+                                 EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV);
+ *p = OSSL_PARAM_construct_end();
+ if (EVP_KDF_CTX_set_params(kctx, params) <= 0)
+     /* Error */
    +
    + if (EVP_KDF_derive(kctx, out, &outlen) <= 0)
+     /* Error */
    +

    +

    +
    +

    CONFORMING TO

    +

    RFC 4253

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_KDF(3), +EVP_KDF_CTX_new(3), +EVP_KDF_CTX_free(3), +EVP_KDF_CTX_set_params(3), +EVP_KDF_size(3), +EVP_KDF_derive(3), +EVP_KDF(3)/PARAMETERS

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man7/EVP_KDF-TLS1_PRF.html b/linux_amd64/share/doc/openssl/html/man7/EVP_KDF-TLS1_PRF.html new file mode 100755 index 0000000..058ff26 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man7/EVP_KDF-TLS1_PRF.html @@ -0,0 +1,154 @@ + + + + +EVP_KDF-TLS1_PRF + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_KDF-TLS1_PRF - The TLS1 PRF EVP_KDF implementation

    +

    +

    +
    +

    DESCRIPTION

    +

    Support for computing the TLS1 PRF through the EVP_KDF API.

    +

    The EVP_KDF-TLS1_PRF algorithm implements the PRF used by TLS versions up to +and including TLS 1.2.

    +

    +

    +

    Identity

    +

    "TLS1-PRF" is the name for this implementation; it +can be used with the EVP_KDF_fetch() function.

    +

    +

    +

    Supported parameters

    +

    The supported parameters are:

    +
    +
    "properties" (OSSL_KDF_PARAM_PROPERTIES) <UTF8 string>
    + +
    "digest" (OSSL_KDF_PARAM_DIGEST) <UTF8 string>
    + +
    +

    These parameters work as described in EVP_KDF(3)/PARAMETERS.

    +

    The OSSL_KDF_PARAM_DIGEST parameter is used to set the message digest +associated with the TLS PRF. +EVP_md5_sha1() is treated as a special case which uses the +PRF algorithm using both MD5 and SHA1 as used in TLS 1.0 and 1.1.

    +
    +
    "secret" (OSSL_KDF_PARAM_SECRET) <octet string>
    + +
    +

    This parameter sets the secret value of the TLS PRF. +Any existing secret value is replaced.

    +
    +
    "seed" (OSSL_KDF_PARAM_SEED) <octet string>
    + +
    +

    This parameter sets the context seed. +The length of the context seed cannot exceed 1024 bytes; +this should be more than enough for any normal use of the TLS PRF.

    +
    +
    +

    +

    +
    +

    NOTES

    +

    A context for the TLS PRF can be obtained by calling:

    +
    + EVP_KDF *kdf = EVP_KDF_fetch(NULL, "TLS1-PRF", NULL);
+ EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
    +

    The digest, secret value and seed must be set before a key is derived otherwise +an error will occur.

    +

    The output length of the PRF is specified by the keylen parameter to the +EVP_KDF_derive() function.

    +

    +

    +
    +

    EXAMPLES

    +

    This example derives 10 bytes using SHA-256 with the secret key "secret" +and seed value "seed":

    +
    + EVP_KDF *kdf;
+ EVP_KDF_CTX *kctx;
+ unsigned char out[10];
+ OSSL_PARAM params[4], *p = params;
    +
    + kdf = EVP_KDF_fetch(NULL, "TLS1-PRF", NULL);
+ kctx = EVP_KDF_CTX_new(kdf);
+ EVP_KDF_free(kdf);
    +
    + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
+                                         SN_sha256, strlen(SN_sha256));
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET,
+                                          "secret", (size_t)6);
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED,
+                                          "seed", (size_t)4);
+ *p = OSSL_PARAM_construct_end();
+ if (EVP_KDF_CTX_set_params(kctx, params) <= 0) {
+     error("EVP_KDF_CTX_set_params");
+ }
+ if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) {
+     error("EVP_KDF_derive");
+ }
+ EVP_KDF_CTX_free(kctx);
    +

    +

    +
    +

    CONFORMING TO

    +

    RFC 2246, RFC 5246 and NIST SP 800-135 r1

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_KDF(3), +EVP_KDF_CTX_new(3), +EVP_KDF_CTX_free(3), +EVP_KDF_CTX_set_params(3), +EVP_KDF_derive(3), +EVP_KDF(3)/PARAMETERS

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man7/EVP_KDF-X942.html b/linux_amd64/share/doc/openssl/html/man7/EVP_KDF-X942.html new file mode 100755 index 0000000..e583276 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man7/EVP_KDF-X942.html @@ -0,0 +1,169 @@ + + + + +EVP_KDF-X942 + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_KDF-X942 - The X9.42-2001 asn1 EVP_KDF implementation

    +

    +

    +
    +

    DESCRIPTION

    +

    The EVP_KDF-X942 algorithm implements the key derivation function (X942KDF). +X942KDF is used by Cryptographic Message Syntax (CMS) for DH KeyAgreement, to +derive a key using input such as a shared secret key and other info. The other +info is DER encoded data that contains a 32 bit counter.

    +

    +

    +

    Identity

    +

    "X942KDF" is the name for this implementation; it +can be used with the EVP_KDF_fetch() function.

    +

    +

    +

    Supported parameters

    +

    The supported parameters are:

    +
    +
    "properties" (OSSL_KDF_PARAM_PROPERTIES) <UTF8 string>
    + +
    "digest" (OSSL_KDF_PARAM_DIGEST) <UTF8 string>
    + +
    +

    These parameters work as described in EVP_KDF(3)/PARAMETERS.

    +
    +
    "key" (OSSL_KDF_PARAM_KEY) <octet string>
    + +
    +

    The shared secret used for key derivation. This parameter sets the secret.

    +
    +
    "ukm" (OSSL_KDF_PARAM_UKM) <octet string>
    + +
    +

    This parameter is an optional random string that is provided +by the sender called "partyAInfo". +In CMS this is the user keying material.

    +
    +
    "cekalg" (OSSL_KDF_PARAM_CEK_ALG) <UTF8 string>
    + +
    +

    This parameter sets the CEK wrapping algorithm name.

    +
    +
    +

    +

    +
    +

    NOTES

    +

    A context for X942KDF can be obtained by calling:

    +
    + EVP_KDF *kdf = EVP_KDF_fetch(NULL, "X942KDF", NULL);
+ EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
    +

    The output length of an X942KDF is specified via the keylen +parameter to the EVP_KDF_derive(3) function.

    +

    +

    +
    +

    EXAMPLES

    +

    This example derives 24 bytes, with the secret key "secret" and a random user +keying material:

    +
    +  EVP_KDF_CTX *kctx;
+  EVP_KDF_CTX *kctx;
+  unsigned char out[192/8];
+  unsignred char ukm[64];
+ OSSL_PARAM params[5], *p = params;
    +
    +  if (RAND_bytes(ukm, sizeof(ukm)) <= 0)
+      error("RAND_bytes");
    +
    + kdf = EVP_KDF_fetch(NULL, "X942KDF", NULL);
+ if (kctx == NULL)
+     error("EVP_KDF_fetch");
+ kctx = EVP_KDF_CTX_new(kdf);
+ if (kctx == NULL)
+     error("EVP_KDF_CTX_new");
+ EVP_KDF_free(kdf);
    +
    + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
+                                         SN_sha256, strlen(SN_sha256));
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET,
+                                          "secret", (size_t)6);
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_UKM, ukm, sizeof(ukm));
+ *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CEK_ALG,
+                                         SN_id_smime_alg_CMS3DESwrap,
+                                         strlen(SN_id_smime_alg_CMS3DESwrap));
+ *p = OSSL_PARAM_construct_end();
+ if (EVP_KDF_CTX_set_params(kctx, params) <= 0)
+     error("EVP_KDF_CTX_set_params");
+ if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0)
+     error("EVP_KDF_derive");
    +
    + EVP_KDF_CTX_free(kctx);
    +

    +

    +
    +

    CONFORMING TO

    +

    RFC 2631

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_KDF(3), +EVP_KDF_CTX_new(3), +EVP_KDF_CTX_free(3), +EVP_KDF_CTX_set_params(3), +EVP_KDF_size(3), +EVP_KDF_derive(3), +EVP_KDF(3)/PARAMETERS

    +

    +

    +
    +

    HISTORY

    +

    This functionality was added to OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man7/EVP_KDF-X963.html b/linux_amd64/share/doc/openssl/html/man7/EVP_KDF-X963.html new file mode 100755 index 0000000..8cd1d99 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man7/EVP_KDF-X963.html @@ -0,0 +1,156 @@ + + + + +EVP_KDF-X963 + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_KDF-X963 - The X9.63-2001 EVP_KDF implementation

    +

    +

    +
    +

    DESCRIPTION

    +

    The EVP_KDF-X963 algorithm implements the key derivation function (X963KDF). +X963KDF is used by Cryptographic Message Syntax (CMS) for EC KeyAgreement, to +derive a key using input such as a shared secret key and shared info.

    +

    +

    +

    Identity

    +

    "X963KDF" is the name for this implementation; it +can be used with the EVP_KDF_fetch() function.

    +

    +

    +

    Supported parameters

    +

    The supported parameters are:

    +
    +
    "properties" (OSSL_KDF_PARAM_PROPERTIES) <UTF8 string>
    + +
    "digest" (OSSL_KDF_PARAM_DIGEST) <UTF8 string>
    + +
    +

    These parameters work as described in EVP_KDF(3)/PARAMETERS.

    +
    +
    "key" (OSSL_KDF_PARAM_KEY) <octet string>
    + +
    +

    The shared secret used for key derivation. +This parameter sets the secret.

    +
    +
    "info" (OSSL_KDF_PARAM_INFO) <octet string>
    + +
    +

    This parameter specifies an optional value for shared info.

    +
    +
    +

    +

    +
    +

    NOTES

    +

    X963KDF is very similar to the SSKDF that uses a digest as the auxiliary function, +X963KDF appends the counter to the secret, whereas SSKDF prepends the counter.

    +

    A context for X963KDF can be obtained by calling:

    +
    + EVP_KDF *kdf = EVP_KDF_fetch(NULL, "X963KDF", NULL);
+ EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
    +

    The output length of an X963KDF is specified via the keylen +parameter to the EVP_KDF_derive(3) function.

    +

    +

    +
    +

    EXAMPLES

    +

    This example derives 10 bytes, with the secret key "secret" and sharedinfo +value "label":

    +
    + EVP_KDF *kdf;
+ EVP_KDF_CTX *kctx;
+ unsigned char out[10];
+ OSSL_PARAM params[4], *p = params;
    +
    + kdf = EVP_KDF_fetch(NULL, "X963KDF", NULL);
+ kctx = EVP_KDF_CTX_new(kdf);
+ EVP_KDF_free(kdf);
    +
    + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
+                                         SN_sha256, strlen(SN_sha256));
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET,
+                                          "secret", (size_t)6);
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
+                                          "label", (size_t)5);
+ *p = OSSL_PARAM_construct_end();
+ if (EVP_KDF_CTX_set_params(kctx, params) <= 0) {
+     error("EVP_KDF_CTX_set_params");
+ }
+ if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) {
+     error("EVP_KDF_derive");
+ }
    +
    + EVP_KDF_CTX_free(kctx);
    +

    +

    +
    +

    CONFORMING TO

    +

    "SEC 1: Elliptic Curve Cryptography"

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_KDF(3), +EVP_KDF_CTX_new(3), +EVP_KDF_CTX_free(3), +EVP_KDF_CTX_set_params(3), +EVP_KDF_size(3), +EVP_KDF_derive(3), +EVP_KDF(3)/PARAMETERS

    +

    +

    +
    +

    HISTORY

    +

    This functionality was added to OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man7/EVP_MAC-BLAKE2.html b/linux_amd64/share/doc/openssl/html/man7/EVP_MAC-BLAKE2.html new file mode 100755 index 0000000..2c3ce20 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man7/EVP_MAC-BLAKE2.html @@ -0,0 +1,119 @@ + + + + +EVP_MAC-BLAKE2 + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    EVP_MAC-BLAKE2, EVP_MAC-BLAKE2BMAC, EVP_MAC-BLAKE2SMAC +- The BLAKE2 EVP_MAC implementations

    +

    +

    +
    +

    DESCRIPTION

    +

    Support for computing BLAKE2 MACs through the EVP_MAC API.

    +

    +

    +

    Identity

    +

    These implementations are identified with one of these names and +properties, to be used with EVP_MAC_fetch():

    +
    +
    "BLAKE2BMAC", "provider=default"
    + +
    "BLAKE2SMAC", "provider=default"
    + +
    +

    +

    +

    Supported parameters

    +

    The general description of these parameters can be found in +EVP_MAC(3)/PARAMETERS.

    +

    All these parameters can be set with EVP_MAC_CTX_set_params(). +Furthermore, the "size" parameter can be retrieved with +EVP_MAC_CTX_get_params(), or with EVP_MAC_size(). +The length of the "size" parameter should not exceed that of a size_t.

    +
    +
    "key" (OSSL_MAC_PARAM_KEY) <octet string>
    + +
    +

    This may be at most 64 bytes for BLAKE2BMAC or 32 for BLAKE2SMAC and +at least 1 byte in both cases.

    +
    +
    "custom" (OSSL_MAC_PARAM_CUSTOM) <octet string>
    + +
    +

    This is an optional value of at most 16 bytes for BLAKE2BMAC or 8 for +BLAKE2SMAC. +It is empty by default.

    +
    +
    "salt" (OSSL_MAC_PARAM_SALT) <octet string>
    + +
    +

    This is an optional value of at most 16 bytes for BLAKE2BMAC or 8 for +BLAKE2SMAC. +It is empty by default.

    +
    +
    "size" (OSSL_MAC_PARAM_SIZE) <unsigned integer>
    + +
    +

    When set, this can be any number between between 1 and 32 for +EVP_MAC_BLAKE2S or 64 for EVP_MAC_BLAKE2B. +It is 32 and 64 respectively by default.

    +
    +
    +

    +

    +
    +

    SEE ALSO

    +

    EVP_MAC_CTX_get_params(3), EVP_MAC_CTX_set_params(3), +EVP_MAC(3)/PARAMETERS, OSSL_PARAM(3)

    +

    +

    +
    +

    HISTORY

    +

    The macros and functions described here were added to OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man7/EVP_MAC-CMAC.html b/linux_amd64/share/doc/openssl/html/man7/EVP_MAC-CMAC.html new file mode 100755 index 0000000..8cae2fc --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man7/EVP_MAC-CMAC.html @@ -0,0 +1,94 @@ + + + + +EVP_MAC-CMAC + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    EVP_MAC-CMAC - The CMAC EVP_MAC implementation

    +

    +

    +
    +

    DESCRIPTION

    +

    Support for computing CMAC MACs through the EVP_MAC API.

    +

    +

    +

    Identity

    +

    This implementation is identified with this name and properties, to be +used with EVP_MAC_fetch():

    +
    +
    "CMAC", "provider=default" or "provider=fips"
    + +
    +

    +

    +

    Supported parameters

    +

    The general description of these parameters can be found in +EVP_MAC(3)/PARAMETERS.

    +

    The following parameter can be set with EVP_MAC_CTX_set_params():

    +
    +
    "key" (OSSL_MAC_PARAM_KEY) <octet string>
    + +
    "cipher" (OSSL_MAC_PARAM_CIPHER) <UTF8 string>
    + +
    "properties" (OSSL_MAC_PARAM_PROPERTIES) <UTF8 string>
    + +
    +

    The following parameters can be retrieved with +EVP_MAC_CTX_get_params():

    +
    +
    "size" (OSSL_MAC_PARAM_SIZE) <unsigned integer>
    + +
    +

    The "size" parameter can also be retrieved with with EVP_MAC_size(). +The length of the "size" parameter is equal to that of an unsigned int.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_MAC_CTX_get_params(3), EVP_MAC_CTX_set_params(3), +EVP_MAC(3)/PARAMETERS, OSSL_PARAM(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man7/EVP_MAC-GMAC.html b/linux_amd64/share/doc/openssl/html/man7/EVP_MAC-GMAC.html new file mode 100755 index 0000000..2f7fe60 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man7/EVP_MAC-GMAC.html @@ -0,0 +1,96 @@ + + + + +EVP_MAC-GMAC + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    EVP_MAC-GMAC - The GMAC EVP_MAC implementation

    +

    +

    +
    +

    DESCRIPTION

    +

    Support for computing GMAC MACs through the EVP_MAC API.

    +

    +

    +

    Identity

    +

    This implementation is identified with this name and properties, to be +used with EVP_MAC_fetch():

    +
    +
    "GMAC", "provider=default" or "provider=fips"
    + +
    +

    +

    +

    Supported parameters

    +

    The general description of these parameters can be found in +EVP_MAC(3)/PARAMETERS.

    +

    The following parameter can be set with EVP_MAC_CTX_set_params():

    +
    +
    "key" (OSSL_MAC_PARAM_KEY) <octet string>
    + +
    "iv" (OSSL_MAC_PARAM_IV) <octet string>
    + +
    "cipher" (OSSL_MAC_PARAM_CIPHER) <UTF8 string>
    + +
    "properties" (OSSL_MAC_PARAM_PROPERTIES) <UTF8 string>
    + +
    +

    The following parameters can be retrieved with +EVP_MAC_CTX_get_params():

    +
    +
    "size" (OSSL_MAC_PARAM_SIZE) <unsigned integer>
    + +
    +

    The "size" parameter can also be retrieved with EVP_MAC_size(). +The length of the "size" parameter is equal to that of an unsigned int.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_MAC_CTX_get_params(3), EVP_MAC_CTX_set_params(3), +EVP_MAC(3)/PARAMETERS, OSSL_PARAM(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man7/EVP_MAC-HMAC.html b/linux_amd64/share/doc/openssl/html/man7/EVP_MAC-HMAC.html new file mode 100755 index 0000000..5029fbd --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man7/EVP_MAC-HMAC.html @@ -0,0 +1,97 @@ + + + + +EVP_MAC-HMAC + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    EVP_MAC-HMAC - The HMAC EVP_MAC implementation

    +

    +

    +
    +

    DESCRIPTION

    +

    Support for computing HMAC MACs through the EVP_MAC API.

    +

    +

    +

    Identity

    +

    This implementation is identified with this name and properties, to be +used with EVP_MAC_fetch():

    +
    +
    "HMAC", "provider=default" or "provider=fips"
    + +
    +

    +

    +

    Supported parameters

    +

    The general description of these parameters can be found in +EVP_MAC(3)/PARAMETERS.

    +

    The following parameter can be set with EVP_MAC_CTX_set_params():

    +
    +
    "key" (OSSL_MAC_PARAM_KEY) <octet string>
    + +
    "flags" (OSSL_MAC_PARAM_FLAGS) <octet string>
    + +
    "digest" (OSSL_MAC_PARAM_DIGEST) <UTF8 string>
    + +
    "properties" (OSSL_MAC_PARAM_PROPERTIES) <UTF8 string>
    + +
    +

    The "flags" parameter is passed directly to HMAC_CTX_set_flags().

    +

    The following parameter can be retrieved with +EVP_MAC_CTX_get_params():

    +
    +
    "size" (OSSL_MAC_PARAM_SIZE) <unsigned integer>
    + +
    +

    The "size" parameter can also be retrieved with EVP_MAC_size(). +The length of the "size" parameter is equal to that of an unsigned int.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_MAC_CTX_get_params(3), EVP_MAC_CTX_set_params(3), +EVP_MAC(3)/PARAMETERS, OSSL_PARAM(3), HMAC(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man7/EVP_MAC-KMAC.html b/linux_amd64/share/doc/openssl/html/man7/EVP_MAC-KMAC.html new file mode 100755 index 0000000..15d86e7 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man7/EVP_MAC-KMAC.html @@ -0,0 +1,97 @@ + + + + +EVP_MAC-KMAC + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    EVP_MAC-KMAC, EVP_MAC-KMAC128, EVP_MAC-KMAC256 +- The KMAC EVP_MAC implementations

    +

    +

    +
    +

    DESCRIPTION

    +

    Support for computing KMAC MACs through the EVP_MAC API.

    +

    +

    +

    Identity

    +

    These implementations are identified with one of these names and +properties, to be used with EVP_MAC_fetch():

    +
    +
    "KMAC-128", "provider=default" or "provider=fips"
    + +
    "KMAC-256", "provider=default" or "provider=fips"
    + +
    +

    +

    +

    Supported parameters

    +

    The general description of these parameters can be found in +EVP_MAC(3)/PARAMETERS.

    +

    All these parameters can be set with EVP_MAC_CTX_set_params(). +Furthermore, the "size" parameter can be retrieved with +EVP_MAC_CTX_get_params(), or with EVP_MAC_size(). +The length of the "size" parameter should not exceed that of a size_t.

    +
    +
    "key" (OSSL_MAC_PARAM_KEY) <octet string>
    + +
    "custom" (OSSL_MAC_PARAM_CUSTOM) <octet string>
    + +
    "size" (OSSL_MAC_PARAM_SIZE) <unsigned integer>
    + +
    "xof" (OSSL_MAC_PARAM_XOF) <integer>
    + +
    +

    The "xof" parameter value is expected to be 1 or 0. Use 1 to enable XOF +mode. If XOF is enabled then the output length that is encoded as part of +the input stream is set to zero.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_MAC_CTX_get_params(3), EVP_MAC_CTX_set_params(3), +EVP_MAC(3)/PARAMETERS, OSSL_PARAM(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man7/EVP_MAC-Poly1305.html b/linux_amd64/share/doc/openssl/html/man7/EVP_MAC-Poly1305.html new file mode 100755 index 0000000..9ba3218 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man7/EVP_MAC-Poly1305.html @@ -0,0 +1,90 @@ + + + + +EVP_MAC-Poly1305 + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    EVP_MAC-Poly1305 - The Poly1305 EVP_MAC implementation

    +

    +

    +
    +

    DESCRIPTION

    +

    Support for computing Poly1305 MACs through the EVP_MAC API.

    +

    +

    +

    Identity

    +

    This implementation is identified with this name and properties, to be +used with EVP_MAC_fetch():

    +
    +
    "POLY1305", "provider=default"
    + +
    +

    +

    +

    Supported parameters

    +

    The general description of these parameters can be found in +EVP_MAC(3)/PARAMETERS.

    +

    The following parameter can be set with EVP_MAC_CTX_set_params():

    +
    +
    "key" (OSSL_MAC_PARAM_KEY) <octet string>
    + +
    +

    The following parameters can be retrieved with +EVP_MAC_CTX_get_params():

    +
    +
    "size" (OSSL_MAC_PARAM_SIZE) <unsigned integer>
    + +
    +

    The "size" parameter can also be retrieved with with EVP_MAC_size(). +The length of the "size" parameter should not exceed that of an unsigned int.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_MAC_CTX_get_params(3), EVP_MAC_CTX_set_params(3), +EVP_MAC(3)/PARAMETERS, OSSL_PARAM(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man7/EVP_MAC-Siphash.html b/linux_amd64/share/doc/openssl/html/man7/EVP_MAC-Siphash.html new file mode 100755 index 0000000..62b7063 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man7/EVP_MAC-Siphash.html @@ -0,0 +1,87 @@ + + + + +EVP_MAC-Siphash + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    EVP_MAC-Siphash - The SipHash EVP_MAC implementation

    +

    +

    +
    +

    DESCRIPTION

    +

    Support for computing SipHash MACs through the EVP_MAC API.

    +

    +

    +

    Identity

    +

    This implementation is identified with this name and properties, to be +used with EVP_MAC_fetch():

    +
    +
    "SIPHASH", "provider=default"
    + +
    +

    +

    +

    Supported parameters

    +

    The general description of these parameters can be found in +EVP_MAC(3)/PARAMETERS.

    +

    All these parameters can be set with EVP_MAC_CTX_set_params(). +Furthermore, the "size" parameter can be retrieved with +EVP_MAC_CTX_get_params(), or with EVP_MAC_size(). +The length of the "size" parameter should not exceed that of a size_t.

    +
    +
    "key" (OSSL_MAC_PARAM_KEY) <octet string>
    + +
    "size" (OSSL_MAC_PARAM_SIZE) <unsigned integer>
    + +
    +

    +

    +
    +

    SEE ALSO

    +

    EVP_MAC_CTX_get_params(3), EVP_MAC_CTX_set_params(3), +EVP_MAC(3)/PARAMETERS, OSSL_PARAM(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man7/Ed25519.html b/linux_amd64/share/doc/openssl/html/man7/Ed25519.html new file mode 100755 index 0000000..6917aba --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man7/Ed25519.html @@ -0,0 +1,116 @@ + + + + +Ed25519 + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    Ed25519, +Ed448 +- EVP_PKEY Ed25519 and Ed448 support

    +

    +

    +
    +

    DESCRIPTION

    +

    The Ed25519 and Ed448 EVP_PKEY implementation supports key generation, +one-shot digest sign and digest verify using PureEdDSA and Ed25519 or Ed448 +(see RFC8032). It has associated private and public key formats compatible with +draft-ietf-curdle-pkix-04.

    +

    No additional parameters can be set during key generation, one-shot signing or +verification. In particular, because PureEdDSA is used, a digest must NOT be +specified when signing or verifying.

    +

    +

    +
    +

    NOTES

    +

    The PureEdDSA algorithm does not support the streaming mechanism +of other signature algorithms using, for example, EVP_DigestUpdate(). +The message to sign or verify must be passed using the one-shot +EVP_DigestSign() and EVP_DigestVerify() functions.

    +

    When calling EVP_DigestSignInit() or EVP_DigestVerifyInit(), the +digest type parameter MUST be set to NULL.

    +

    Applications wishing to sign certificates (or other structures such as +CRLs or certificate requests) using Ed25519 or Ed448 can either use X509_sign() +or X509_sign_ctx() in the usual way.

    +

    A context for the Ed25519 algorithm can be obtained by calling:

    +
    + EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_ED25519, NULL);
    +

    For the Ed448 algorithm a context can be obtained by calling:

    +
    + EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_ED448, NULL);
    +

    Ed25519 or Ed448 private keys can be set directly using +EVP_PKEY_new_raw_private_key(3) or loaded from a PKCS#8 private key file +using PEM_read_bio_PrivateKey(3) (or similar function). Completely new keys +can also be generated (see the example below). Setting a private key also sets +the associated public key.

    +

    Ed25519 or Ed448 public keys can be set directly using +EVP_PKEY_new_raw_public_key(3) or loaded from a SubjectPublicKeyInfo +structure in a PEM file using PEM_read_bio_PUBKEY(3) (or similar function).

    +

    Ed25519 and Ed448 can be tested with the openssl-speed(1) application +since version 1.1.1. +Valid algorithm names are ed25519, ed448 and eddsa. If eddsa is +specified, then both Ed25519 and Ed448 are benchmarked.

    +

    +

    +
    +

    EXAMPLES

    +

    This example generates an ED25519 private key and writes it to standard +output in PEM format:

    +
    + #include <openssl/evp.h>
+ #include <openssl/pem.h>
+ ...
+ EVP_PKEY *pkey = NULL;
+ EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_ED25519, NULL);
+ EVP_PKEY_keygen_init(pctx);
+ EVP_PKEY_keygen(pctx, &pkey);
+ EVP_PKEY_CTX_free(pctx);
+ PEM_write_PrivateKey(stdout, pkey, NULL, NULL, 0, NULL, NULL);
    +

    +

    +
    +

    SEE ALSO

    +

    EVP_PKEY_CTX_new(3), +EVP_PKEY_keygen(3), +EVP_DigestSignInit(3), +EVP_DigestVerifyInit(3),

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man7/OSSL_PROVIDER-FIPS.html b/linux_amd64/share/doc/openssl/html/man7/OSSL_PROVIDER-FIPS.html new file mode 100755 index 0000000..c24f3f9 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man7/OSSL_PROVIDER-FIPS.html @@ -0,0 +1,307 @@ + + + + +OSSL_PROVIDER-FIPS + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OSSL_PROVIDER-FIPS - OPENSSL FIPS provider

    +

    +

    +
    +

    DESCRIPTION

    +

    The OPENSSL FIPS provider is a special provider that conforms to the Federal +Information Processing Standards (FIPS) specified in FIPS 140-2. This 'module' +contains an approved set of cryptographic algorithms that is validated by an +accredited testing laboratory.

    +

    +

    +
    +

    SELF TESTING

    +

    One of the requirements for the FIPS module is self testing. An optional callback +mechanism is available to return information to the user using +OSSL_SELF_TEST_set_callback(3).

    +

    The OPENSSL FIPS module uses the following mechanism to provide information +about the self tests as they run. +This is useful for debugging if a self test is failing. +The callback also allows forcing any self test to fail, in order to check that +it operates correctly on failure.

    +

    The 'args' parameter of OSSL_CALLBACK contains the OPENSSL_CTX associated +with the provider that is triggering the self test. This may be useful if +multiple fips providers are present.

    +

    The OSSL_PARAM names used are:

    +
    +
    "st-phase" (OSSL_PROV_PARAM_SELF_TEST_PHASE) <UTF8 string>
    + +
    +

    Each self test calls the callback 3 times with the following string values +for the phase.

    +
    +
    "Start" (OSSL_SELF_TEST_PHASE_START)
    + +
    +

    This is the initial phase before the self test has run. +This is used for informational purposes only. +The value returned by the callback is ignored.

    +
    +
    "Corrupt" (OSSL_SELF_TEST_PHASE_CORRUPT)
    + +
    +

    The corrupt phase is run after the self test has calculated its known value. +The callback may be used to force the self test to fail by returning a value +of 0 from the callback during this phase. +Returning any other value from the callback causes the self test to run normally.

    +
    +
    "Pass" (OSSL_SELF_TEST_PHASE_PASS)
    + +
    "Fail" (OSSL_SELF_TEST_PHASE_FAIL)
    + +
    +

    The final phase runs after the self test is complete and indicates if a self +test passed or failed. This is used for informational purposes only. +The value returned by the callback is ignored. +"Fail" should normally only be returned if any self test was forced to fail +during the "Corrupt" phase (or if there was an error such as the integrity +check of the module failed).

    +

    Note that all self tests run even if a self test failure occurs.

    +
    +
    +
    +
    "st-type" (OSSL_PROV_PARAM_SELF_TEST_TYPE) <UTF8 string>
    + +
    +

    Used as a category to identify the type of self test being run. +It includes the following string values:

    +
    +
    "Module_Integrity" (OSSL_SELF_TEST_TYPE_MODULE_INTEGRITY)
    + +
    +

    Uses HMAC SHA256 on the module file to validate that the module has not been +modified. The integrity value is compared to a value written to a configuration +file during installation.

    +
    +
    "Install_Integrity" (OSSL_SELF_TEST_TYPE_INSTALL_INTEGRITY)
    + +
    +

    Uses HMAC SHA256 on a fixed string to validate that the installation process +has already been performed and the self test KATS have already been tested, +The integrity value is compared to a value written to a configuration +file after successfully running the self tests during installation.

    +
    +
    "KAT_Cipher" (OSSL_SELF_TEST_TYPE_KAT_CIPHER)
    + +
    +

    Known answer test for a symmetric cipher.

    +
    +
    "KAT_Digest" (OSSL_SELF_TEST_TYPE_KAT_DIGEST)
    + +
    +

    Known answer test for a digest.

    +
    +
    "KAT_Signature" (OSSL_SELF_TEST_TYPE_KAT_SIGNATURE)
    + +
    +

    Known answer test for a signature.

    +
    +
    "KAT_KDF" (OSSL_SELF_TEST_TYPE_KAT_KDF)
    + +
    +

    Known answer test for a key derivation function.

    +
    +
    "KAT_KA" (OSSL_SELF_TEST_TYPE_KAT_KA)
    + +
    +

    Known answer test for key agreement.

    +
    +
    "DRBG" (OSSL_SELF_TEST_TYPE_DRBG)
    + +
    +

    Known answer test for a Deterministic Random Bit Generator.

    +
    +
    "Pairwise_Consistency_Test" (OSSL_SELF_TEST_TYPE_PCT)
    + +
    +

    Conditional test that is run during the generation of key pairs.

    +
    +
    +

    The "Module_Integrity" self test is always run at startup. +The "Install_Integrity" self test is used to check if the self tests have +already been run at installation time. If they have already run then the +self tests are not run on subsequent startups. +All other self test categories are run once at installation time, except for the +"Pairwise_Consistency_Test".

    +

    There is only one instance of the "Module_Integrity" and "Install_Integrity" +self tests. All other self tests may have multiple instances.

    +
    +
    "st-desc" (OSSL_PROV_PARAM_SELF_TEST_DESC) <UTF8 string>
    + +
    +

    Used as a sub category to identify an individual self test. +The following description strings are used.

    +
    +
    "HMAC" (OSSL_SELF_TEST_DESC_INTEGRITY_HMAC)
    + +
    +

    "Module_Integrity" and "Install_Integrity" use this.

    +
    +
    "RSA" (OSSL_SELF_TEST_DESC_PCT_RSA_PKCS1)
    + +
    "ECDSA" (OSSL_SELF_TEST_DESC_PCT_ECDSA)
    + +
    "DSA" (OSSL_SELF_TEST_DESC_PCT_DSA)
    + +
    +

    Key generation tests used with the "Pairwise_Consistency_Test" type.

    +
    +
    "AES_GCM" (OSSL_SELF_TEST_DESC_CIPHER_AES_GCM)
    + +
    "TDES" (OSSL_SELF_TEST_DESC_CIPHER_TDES)
    + +
    +

    Symmetric cipher tests used with the "KAT_Cipher" type.

    +
    +
    "SHA1" (OSSL_SELF_TEST_DESC_MD_SHA1)
    + +
    "SHA2" (OSSL_SELF_TEST_DESC_MD_SHA2)
    + +
    "SHA3" (OSSL_SELF_TEST_DESC_MD_SHA3)
    + +
    +

    Digest tests used with the "KAT_Digest" type.

    +
    +
    "DSA" (OSSL_SELF_TEST_DESC_SIGN_DSA)
    + +
    "RSA" (OSSL_SELF_TEST_DESC_SIGN_RSA)
    + +
    "ECDSA" (OSSL_SELF_TEST_DESC_SIGN_ECDSA)
    + +
    +

    Signature tests used with the "KAT_Signature" type.

    +
    +
    "ECDH" (OSSL_SELF_TEST_DESC_KA_ECDH)
    + +
    "ECDSA" (OSSL_SELF_TEST_DESC_KA_ECDSA)
    + +
    +

    Key agreement tests used with the "KAT_KA" type.

    +
    +
    "HKDF" (OSSL_SELF_TEST_DESC_KDF_HKDF)
    + +
    +

    Key Derivation Function tests used with the "KAT_KDF" type.

    +
    +
    "CTR" (OSSL_SELF_TEST_DESC_DRBG_CTR)
    + +
    "HASH" (OSSL_SELF_TEST_DESC_DRBG_HASH)
    + +
    "HMAC" (OSSL_SELF_TEST_DESC_DRBG_HMAC)
    + +
    +

    DRBG tests used with the "DRBG" type.

    +
    +
    +
    +
    +

    +

    +
    +

    EXAMPLES

    +

    A simple self test callback is shown below for illustrative purposes.

    +
    +  #include <openssl/self_test.h>
    +
    +  static OSSL_CALLBACK self_test_cb;
    +
    +  static int self_test_cb(const OSSL_PARAM params[], void *arg)
+  {
+    int ret = 0;
+    const OSSL_PARAM *p = NULL;
+    const char *phase = NULL, *type = NULL, *desc = NULL;
    +
    +    p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_PHASE);
+    if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING)
+        goto err;
+    phase = (const char *)p->data;
    +
    +    p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_DESC);
+    if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING)
+        goto err;
+    desc = (const char *)p->data;
    +
    +    p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_TYPE);
+    if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING)
+        goto err;
+    type = (const char *)p->data;
    +
    +    /* Do some logging */
+    if (strcmp(phase, OSSL_SELF_TEST_PHASE_START) == 0)
+        BIO_printf(bio_out, "%s : (%s) : ", desc, type);
+    if (strcmp(phase, OSSL_SELF_TEST_PHASE_PASS) == 0
+            || strcmp(phase, OSSL_SELF_TEST_PHASE_FAIL) == 0)
+        BIO_printf(bio_out, "%s\n", phase);
    +
    +    /* Corrupt the SHA1 self test during the 'corrupt' phase by returning 0 */
+    if (strcmp(phase, OSSL_SELF_TEST_PHASE_CORRUPT) == 0
+            && strcmp(desc, OSSL_SELF_TEST_DESC_MD_SHA1) == 0) {
+        BIO_printf(bio_out, "%s %s", phase, desc);
+        return 0;
+    }
+    ret = 1;
+  err:
+    return ret;
+  }
    +

    +

    +
    +

    SEE ALSO

    +

    openssl-fipsinstall(1), +fips_config(5), +OSSL_SELF_TEST_set_callback(3), +OSSL_PARAM(3), +openssl-core.h(7)

    +

    +

    +
    +

    HISTORY

    +

    The type and functions described here were added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man7/RAND.html b/linux_amd64/share/doc/openssl/html/man7/RAND.html new file mode 100755 index 0000000..bc6d71b --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man7/RAND.html @@ -0,0 +1,110 @@ + + + + +RAND + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    RAND +- the OpenSSL random generator

    +

    +

    +
    +

    DESCRIPTION

    +

    Random numbers are a vital part of cryptography, they are needed to provide +unpredictability for tasks like key generation, creating salts, and many more. +Software-based generators must be seeded with external randomness before they +can be used as a cryptographically-secure pseudo-random number generator +(CSPRNG). +The availability of common hardware with special instructions and +modern operating systems, which may use items such as interrupt jitter +and network packet timings, can be reasonable sources of seeding material.

    +

    OpenSSL comes with a default implementation of the RAND API which is based on +the deterministic random bit generator (DRBG) model as described in +[NIST SP 800-90A Rev. 1]. The default random generator will initialize +automatically on first use and will be fully functional without having +to be initialized ('seeded') explicitly. +It seeds and reseeds itself automatically using trusted random sources +provided by the operating system.

    +

    As a normal application developer, you do not have to worry about any details, +just use RAND_bytes(3) to obtain random data. +Having said that, there is one important rule to obey: Always check the error +return value of RAND_bytes(3) and do not take randomness for granted. +Although (re-)seeding is automatic, it can fail because no trusted random source +is available or the trusted source(s) temporarily fail to provide sufficient +random seed material. +In this case the CSPRNG enters an error state and ceases to provide output, +until it is able to recover from the error by reseeding itself. +For more details on reseeding and error recovery, see RAND_DRBG(7).

    +

    For values that should remain secret, you can use RAND_priv_bytes(3) +instead. +This method does not provide 'better' randomness, it uses the same type of CSPRNG. +The intention behind using a dedicated CSPRNG exclusively for private +values is that none of its output should be visible to an attacker (e.g., +used as salt value), in order to reveal as little information as +possible about its internal state, and that a compromise of the "public" +CSPRNG instance will not affect the secrecy of these private values.

    +

    In the rare case where the default implementation does not satisfy your special +requirements, there are two options:

    +
      +
    • +

      Replace the default RAND method by your own RAND method using +RAND_set_rand_method(3).

      +
      • +
    • +

      Modify the default settings of the OpenSSL RAND method by modifying the security +parameters of the underlying DRBG, which is described in detail in RAND_DRBG(7).

      +
      • +
    +

    Changing the default random generator or its default parameters should be necessary +only in exceptional cases and is not recommended, unless you have a profound knowledge +of cryptographic principles and understand the implications of your changes.

    +

    +

    +
    +

    SEE ALSO

    +

    RAND_add(3), +RAND_bytes(3), +RAND_priv_bytes(3), +RAND_get_rand_method(3), +RAND_set_rand_method(3), +RAND_OpenSSL(3), +RAND_DRBG(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man7/RAND_DRBG.html b/linux_amd64/share/doc/openssl/html/man7/RAND_DRBG.html new file mode 100755 index 0000000..3e24b70 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man7/RAND_DRBG.html @@ -0,0 +1,344 @@ + + + + +RAND_DRBG + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    RAND_DRBG - the deterministic random bit generator

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/rand_drbg.h>
    +

    +

    +
    +

    DESCRIPTION

    +

    The default OpenSSL RAND method is based on the RAND_DRBG class, +which implements a deterministic random bit generator (DRBG). +A DRBG is a certain type of cryptographically-secure pseudo-random +number generator (CSPRNG), which is described in +[NIST SP 800-90A Rev. 1].

    +

    While the RAND API is the 'frontend' which is intended to be used by +application developers for obtaining random bytes, the RAND_DRBG API +serves as the 'backend', connecting the former with the operating +systems's entropy sources and providing access to the DRBG's +configuration parameters.

    +

    +

    +

    Disclaimer

    +

    Unless you have very specific requirements for your random generator, +it is in general not necessary to utilize the RAND_DRBG API directly. +The usual way to obtain random bytes is to use RAND_bytes(3) or +RAND_priv_bytes(3), see also RAND(7).

    +

    +

    +

    Typical Use Cases

    +

    Typical examples for such special use cases are the following:

    +
      +
    • +

      You want to use your own private DRBG instances. +Multiple DRBG instances which are accessed only by a single thread provide +additional security (because their internal states are independent) and +better scalability in multithreaded applications (because they don't need +to be locked).

      +
      • +
    • +

      You need to integrate a previously unsupported entropy source.

      +
      • +
    • +

      You need to change the default settings of the standard OpenSSL RAND +implementation to meet specific requirements.

      +
      • +
    +

    +

    +
    +

    CHAINING

    +

    A DRBG instance can be used as the entropy source of another DRBG instance, +provided it has itself access to a valid entropy source. +The DRBG instance which acts as entropy source is called the parent DRBG, +the other instance the child DRBG.

    +

    This is called chaining. A chained DRBG instance is created by passing +a pointer to the parent DRBG as argument to the RAND_DRBG_new() call. +It is possible to create chains of more than two DRBG in a row.

    +

    +

    +
    +

    THE THREE SHARED DRBG INSTANCES

    +

    Currently, there are three shared DRBG instances, +the <master>, <public>, and <private> DRBG. +While the <master> DRBG is a single global instance, the <public> and <private> +DRBG are created per thread and accessed through thread-local storage.

    +

    By default, the functions RAND_bytes(3) and RAND_priv_bytes(3) use +the thread-local <public> and <private> DRBG instance, respectively.

    +

    +

    +

    The <master> DRBG instance

    +

    The <master> DRBG is not used directly by the application, only for reseeding +the two other two DRBG instances. It reseeds itself by obtaining randomness +either from os entropy sources or by consuming randomness which was added +previously by RAND_add(3).

    +

    +

    +

    The <public> DRBG instance

    +

    This instance is used per default by RAND_bytes(3).

    +

    +

    +

    The <private> DRBG instance

    +

    This instance is used per default by RAND_priv_bytes(3)

    +

    +

    +
    +

    LOCKING

    +

    The <master> DRBG is intended to be accessed concurrently for reseeding +by its child DRBG instances. The necessary locking is done internally. +It is not thread-safe to access the <master> DRBG directly via the +RAND_DRBG interface. +The <public> and <private> DRBG are thread-local, i.e. there is an +instance of each per thread. So they can safely be accessed without +locking via the RAND_DRBG interface.

    +

    Pointers to these DRBG instances can be obtained using +RAND_DRBG_get0_master(), +RAND_DRBG_get0_public(), and +RAND_DRBG_get0_private(), respectively. +Note that it is not allowed to store a pointer to one of the thread-local +DRBG instances in a variable or other memory location where it will be +accessed and used by multiple threads.

    +

    All other DRBG instances created by an application don't support locking, +because they are intended to be used by a single thread. +Instead of accessing a single DRBG instance concurrently from different +threads, it is recommended to instantiate a separate DRBG instance per +thread. Using the <master> DRBG as entropy source for multiple DRBG +instances on different threads is thread-safe, because the DRBG instance +will lock the <master> DRBG automatically for obtaining random input.

    +

    +

    +
    +

    THE OVERALL PICTURE

    +

    The following picture gives an overview over how the DRBG instances work +together and are being used.

    +
    +               +--------------------+
+               | os entropy sources |
+               +--------------------+
+                        |
+                        v           +-----------------------------+
+      RAND_add() ==> <master>     <-| shared DRBG (with locking)  |
+                      /   \         +-----------------------------+
+                     /     \              +---------------------------+
+              <public>     <private>   <- | per-thread DRBG instances |
+                 |             |          +---------------------------+
+                 v             v
+               RAND_bytes()   RAND_priv_bytes()
+                    |               ^
+                    |               |
+    +------------------+      +------------------------------------+
+    | general purpose  |      | used for secrets like session keys |
+    | random generator |      | and private keys for certificates  |
+    +------------------+      +------------------------------------+
    +

    The usual way to obtain random bytes is to call RAND_bytes(...) or +RAND_priv_bytes(...). These calls are roughly equivalent to calling +RAND_DRBG_bytes(<public>, ...) and RAND_DRBG_bytes(<private>, ...), +respectively. The method RAND_DRBG_bytes(3) is a convenience method +wrapping the RAND_DRBG_generate(3) function, which serves the actual +request for random data.

    +

    +

    +
    +

    RESEEDING

    +

    A DRBG instance seeds itself automatically, pulling random input from +its entropy source. The entropy source can be either a trusted operating +system entropy source, or another DRBG with access to such a source.

    +

    Automatic reseeding occurs after a predefined number of generate requests. +The selection of the trusted entropy sources is configured at build +time using the --with-rand-seed option. The following sections explain +the reseeding process in more detail.

    +

    +

    +

    Automatic Reseeding

    +

    Before satisfying a generate request (RAND_DRBG_generate(3)), the DRBG +reseeds itself automatically, if one of the following conditions holds:

    +

    - the DRBG was not instantiated (=seeded) yet or has been uninstantiated.

    +

    - the number of generate requests since the last reseeding exceeds a +certain threshold, the so called reseed_interval. +This behaviour can be disabled by setting the reseed_interval to 0.

    +

    - the time elapsed since the last reseeding exceeds a certain time +interval, the so called reseed_time_interval. +This can be disabled by setting the reseed_time_interval to 0.

    +

    - the DRBG is in an error state.

    +

    Note: An error state is entered if the entropy source fails while +the DRBG is seeding or reseeding. +The last case ensures that the DRBG automatically recovers +from the error as soon as the entropy source is available again.

    +

    +

    +

    Manual Reseeding

    +

    In addition to automatic reseeding, the caller can request an immediate +reseeding of the DRBG with fresh entropy by setting the +prediction resistance parameter to 1 when calling RAND_DRBG_generate(3).

    +

    The document [NIST SP 800-90C] describes prediction resistance requests +in detail and imposes strict conditions on the entropy sources that are +approved for providing prediction resistance. +A request for prediction resistance can only be satisfied by pulling fresh +entropy from a live entropy source (section 5.5.2 of [NIST SP 800-90C]). +It is up to the user to ensure that a live entropy source is configured +and is being used.

    +

    For the three shared DRBGs (and only for these) there is another way to +reseed them manually: +If RAND_add(3) is called with a positive randomness argument +(or RAND_seed(3)), then this will immediately reseed the <master> DRBG. +The <public> and <private> DRBG will detect this on their next generate +call and reseed, pulling randomness from <master>.

    +

    The last feature has been added to support the common practice used with +previous OpenSSL versions to call RAND_add() before calling RAND_bytes().

    +

    +

    +

    Entropy Input and Additional Data

    +

    The DRBG distinguishes two different types of random input: entropy, +which comes from a trusted source, and additional input', +which can optionally be added by the user and is considered untrusted. +It is possible to add additional input not only during reseeding, +but also for every generate request. +This is in fact done automatically by RAND_DRBG_bytes(3).

    +

    +

    +

    Configuring the Random Seed Source

    +

    In most cases OpenSSL will automatically choose a suitable seed source +for automatically seeding and reseeding its <master> DRBG. In some cases +however, it will be necessary to explicitly specify a seed source during +configuration, using the --with-rand-seed option. For more information, +see the INSTALL instructions. There are also operating systems where no +seed source is available and automatic reseeding is disabled by default.

    +

    The following two sections describe the reseeding process of the master +DRBG, depending on whether automatic reseeding is available or not.

    +

    +

    +

    Reseeding the master DRBG with automatic seeding enabled

    +

    Calling RAND_poll() or RAND_add() is not necessary, because the DRBG +pulls the necessary entropy from its source automatically. +However, both calls are permitted, and do reseed the RNG.

    +

    RAND_add() can be used to add both kinds of random input, depending on the +value of the randomness argument:

    +
    +
    randomness == 0:
    + +
    +

    The random bytes are mixed as additional input into the current state of +the DRBG. +Mixing in additional input is not considered a full reseeding, hence the +reseed counter is not reset.

    +
    +
    randomness > 0:
    + +
    +

    The random bytes are used as entropy input for a full reseeding +(resp. reinstantiation) if the DRBG is instantiated +(resp. uninstantiated or in an error state). +The number of random bits required for reseeding is determined by the +security strength of the DRBG. Currently it defaults to 256 bits (32 bytes). +It is possible to provide less randomness than required. +In this case the missing randomness will be obtained by pulling random input +from the trusted entropy sources.

    +
    +
    +

    NOTE: Manual reseeding is *not allowed* in FIPS mode, because +[NIST SP-800-90Ar1] mandates that entropy *shall not* be provided by +the consuming application for instantiation (Section 9.1) or +reseeding (Section 9.2). For that reason, the randomness +argument is ignored and the random bytes provided by the RAND_add(3) and +RAND_seed(3) calls are treated as additional data.

    +

    +

    +

    Reseeding the master DRBG with automatic seeding disabled

    +

    Calling RAND_poll() will always fail.

    +

    RAND_add() needs to be called for initial seeding and periodic reseeding. +At least 48 bytes (384 bits) of randomness have to be provided, otherwise +the (re-)seeding of the DRBG will fail. This corresponds to one and a half +times the security strength of the DRBG. The extra half is used for the +nonce during instantiation.

    +

    More precisely, the number of bytes needed for seeding depend on the +security strength of the DRBG, which is set to 256 by default.

    +

    +

    +
    +

    SEE ALSO

    +

    RAND_DRBG_bytes(3), +RAND_DRBG_generate(3), +RAND_DRBG_reseed(3), +RAND_DRBG_get0_master(3), +RAND_DRBG_get0_public(3), +RAND_DRBG_get0_private(3), +RAND_DRBG_set_reseed_interval(3), +RAND_DRBG_set_reseed_time_interval(3), +RAND_DRBG_set_reseed_defaults(3), +RAND(7),

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man7/RSA-PSS.html b/linux_amd64/share/doc/openssl/html/man7/RSA-PSS.html new file mode 100755 index 0000000..d49c474 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man7/RSA-PSS.html @@ -0,0 +1,100 @@ + + + + +RSA-PSS + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    RSA-PSS - EVP_PKEY RSA-PSS algorithm support

    +

    +

    +
    +

    DESCRIPTION

    +

    The RSA-PSS EVP_PKEY implementation is a restricted version of the RSA +algorithm which only supports signing, verification and key generation +using PSS padding modes with optional parameter restrictions.

    +

    It has associated private key and public key formats.

    +

    This algorithm shares several control operations with the RSA algorithm +but with some restrictions described below.

    +

    +

    +

    Signing and Verification

    +

    Signing and verification is similar to the RSA algorithm except the +padding mode is always PSS. If the key in use has parameter restrictions then +the corresponding signature parameters are set to the restrictions: +for example, if the key can only be used with digest SHA256, MGF1 SHA256 +and minimum salt length 32 then the digest, MGF1 digest and salt length +will be set to SHA256, SHA256 and 32 respectively.

    +

    +

    +

    Key Generation

    +

    By default no parameter restrictions are placed on the generated key.

    +

    +

    +
    +

    NOTES

    +

    The public key format is documented in RFC4055.

    +

    The PKCS#8 private key format used for RSA-PSS keys is similar to the RSA +format except it uses the id-RSASSA-PSS OID and the parameters field, if +present, restricts the key parameters in the same way as the public key.

    +

    +

    +
    +

    CONFORMING TO

    +

    RFC 4055

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_PKEY_CTX_set_rsa_pss_keygen_md(3), +EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(3), +EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(3), +EVP_PKEY_CTX_new(3), +EVP_PKEY_CTX_ctrl_str(3), +EVP_PKEY_derive(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man7/SM2.html b/linux_amd64/share/doc/openssl/html/man7/SM2.html new file mode 100755 index 0000000..e95f7cb --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man7/SM2.html @@ -0,0 +1,103 @@ + + + + +SM2 + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    SM2 - Chinese SM2 signature and encryption algorithm support

    +

    +

    +
    +

    DESCRIPTION

    +

    The SM2 algorithm was first defined by the Chinese national standard GM/T +0003-2012 and was later standardized by ISO as ISO/IEC 14888. SM2 is actually +an elliptic curve based algorithm. The current implementation in OpenSSL supports +both signature and encryption schemes via the EVP interface.

    +

    When doing the SM2 signature algorithm, it requires a distinguishing identifier +to form the message prefix which is hashed before the real message is hashed.

    +

    +

    +
    +

    NOTES

    +

    SM2 signatures can be generated by using the 'DigestSign' series of APIs, for +instance, EVP_DigestSignInit(), EVP_DigestSignUpdate() and EVP_DigestSignFinal(). +Ditto for the verification process by calling the 'DigestVerify' series of APIs.

    +

    Before computing an SM2 signature, an EVP_PKEY_CTX needs to be created, +and an SM2 ID must be set for it, like this:

    +
    + EVP_PKEY_CTX_set1_id(pctx, id, id_len);
    +

    Before calling the EVP_DigestSignInit() or EVP_DigestVerifyInit() functions, +that EVP_PKEY_CTX should be assigned to the EVP_MD_CTX, like this:

    +
    + EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
    +

    There is normally no need to pass a pctx parameter to EVP_DigestSignInit() +or EVP_DigestVerifyInit() in such a scenario.

    +

    SM2 can be tested with the openssl-speed(1) application since version 3.0.0. +Currently, the only valid algorithm name is sm2.

    +

    +

    +
    +

    EXAMPLES

    +

    This example demonstrates the calling sequence for using an EVP_PKEY to verify +a message with the SM2 signature algorithm and the SM3 hash algorithm:

    +
    + #include <openssl/evp.h>
    +
    + /* obtain an EVP_PKEY using whatever methods... */
+ mctx = EVP_MD_CTX_new();
+ pctx = EVP_PKEY_CTX_new(pkey, NULL);
+ EVP_PKEY_CTX_set1_id(pctx, id, id_len);
+ EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
+ EVP_DigestVerifyInit(mctx, NULL, EVP_sm3(), NULL, pkey);
+ EVP_DigestVerifyUpdate(mctx, msg, msg_len);
+ EVP_DigestVerifyFinal(mctx, sig, sig_len)
    +

    +

    +
    +

    SEE ALSO

    +

    EVP_PKEY_CTX_new(3), +EVP_DigestSignInit(3), +EVP_DigestVerifyInit(3), +EVP_PKEY_CTX_set1_id(3), +EVP_MD_CTX_set_pkey_ctx(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man7/X25519.html b/linux_amd64/share/doc/openssl/html/man7/X25519.html new file mode 100755 index 0000000..1f3989b --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man7/X25519.html @@ -0,0 +1,104 @@ + + + + +X25519 + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    X25519, +X448 +- EVP_PKEY X25519 and X448 support

    +

    +

    +
    +

    DESCRIPTION

    +

    The X25519 and X448 EVP_PKEY implementation supports key generation and +key derivation using X25519 and X448. It has associated private and public +key formats compatible with draft-ietf-curdle-pkix-03.

    +

    No additional parameters can be set during key generation.

    +

    The peer public key must be set using EVP_PKEY_derive_set_peer() when +performing key derivation.

    +

    +

    +
    +

    NOTES

    +

    A context for the X25519 algorithm can be obtained by calling:

    +
    + EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_X25519, NULL);
    +

    For the X448 algorithm a context can be obtained by calling:

    +
    + EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_X448, NULL);
    +

    X25519 or X448 private keys can be set directly using +EVP_PKEY_new_raw_private_key(3) or loaded from a PKCS#8 private key file +using PEM_read_bio_PrivateKey(3) (or similar function). Completely new keys +can also be generated (see the example below). Setting a private key also sets +the associated public key.

    +

    X25519 or X448 public keys can be set directly using +EVP_PKEY_new_raw_public_key(3) or loaded from a SubjectPublicKeyInfo +structure in a PEM file using PEM_read_bio_PUBKEY(3) (or similar function).

    +

    +

    +
    +

    EXAMPLES

    +

    This example generates an X25519 private key and writes it to standard +output in PEM format:

    +
    + #include <openssl/evp.h>
+ #include <openssl/pem.h>
+ ...
+ EVP_PKEY *pkey = NULL;
+ EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_X25519, NULL);
+ EVP_PKEY_keygen_init(pctx);
+ EVP_PKEY_keygen(pctx, &pkey);
+ EVP_PKEY_CTX_free(pctx);
+ PEM_write_PrivateKey(stdout, pkey, NULL, NULL, 0, NULL, NULL);
    +

    The key derivation example in EVP_PKEY_derive(3) can be used with +X25519 and X448.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_PKEY_CTX_new(3), +EVP_PKEY_keygen(3), +EVP_PKEY_derive(3), +EVP_PKEY_derive_set_peer(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man7/bio.html b/linux_amd64/share/doc/openssl/html/man7/bio.html new file mode 100755 index 0000000..af078f5 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man7/bio.html @@ -0,0 +1,112 @@ + + + + +bio + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    bio - Basic I/O abstraction

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bio.h>
    +

    +

    +
    +

    DESCRIPTION

    +

    A BIO is an I/O abstraction, it hides many of the underlying I/O +details from an application. If an application uses a BIO for its +I/O it can transparently handle SSL connections, unencrypted network +connections and file I/O.

    +

    There are two type of BIO, a source/sink BIO and a filter BIO.

    +

    As its name implies a source/sink BIO is a source and/or sink of data, +examples include a socket BIO and a file BIO.

    +

    A filter BIO takes data from one BIO and passes it through to +another, or the application. The data may be left unmodified (for +example a message digest BIO) or translated (for example an +encryption BIO). The effect of a filter BIO may change according +to the I/O operation it is performing: for example an encryption +BIO will encrypt data if it is being written to and decrypt data +if it is being read from.

    +

    BIOs can be joined together to form a chain (a single BIO is a chain +with one component). A chain normally consist of one source/sink +BIO and one or more filter BIOs. Data read from or written to the +first BIO then traverses the chain to the end (normally a source/sink +BIO).

    +

    Some BIOs (such as memory BIOs) can be used immediately after calling +BIO_new(). Others (such as file BIOs) need some additional initialization, +and frequently a utility function exists to create and initialize such BIOs.

    +

    If BIO_free() is called on a BIO chain it will only free one BIO resulting +in a memory leak.

    +

    Calling BIO_free_all() on a single BIO has the same effect as calling +BIO_free() on it other than the discarded return value.

    +

    Normally the type argument is supplied by a function which returns a +pointer to a BIO_METHOD. There is a naming convention for such functions: +a source/sink BIO typically starts with BIO_s_ and +a filter BIO with BIO_f_.

    +

    +

    +
    +

    EXAMPLES

    +

    Create a memory BIO:

    +
    + BIO *mem = BIO_new(BIO_s_mem());
    +

    +

    +
    +

    SEE ALSO

    +

    BIO_ctrl(3), +BIO_f_base64(3), BIO_f_buffer(3), +BIO_f_cipher(3), BIO_f_md(3), +BIO_f_null(3), BIO_f_ssl(3), +BIO_find_type(3), BIO_new(3), +BIO_new_bio_pair(3), +BIO_push(3), BIO_read_ex(3), +BIO_s_accept(3), BIO_s_bio(3), +BIO_s_connect(3), BIO_s_fd(3), +BIO_s_file(3), BIO_s_mem(3), +BIO_s_null(3), BIO_s_socket(3), +BIO_set_callback(3), +BIO_should_retry(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man7/crypto.html b/linux_amd64/share/doc/openssl/html/man7/crypto.html new file mode 100755 index 0000000..5f2b748 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man7/crypto.html @@ -0,0 +1,94 @@ + + + + +crypto + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    crypto - OpenSSL cryptographic library

    +

    +

    +
    +

    SYNOPSIS

    +

    See the individual manual pages for details.

    +

    +

    +
    +

    DESCRIPTION

    +

    The OpenSSL crypto library (libcrypto) implements a wide range of +cryptographic algorithms used in various Internet standards. The services +provided by this library are used by the OpenSSL implementations of SSL, TLS +and S/MIME, and they have also been used to implement SSH, OpenPGP, and +other cryptographic standards.

    +

    libcrypto consists of a number of sub-libraries that implement the +individual algorithms.

    +

    The functionality includes symmetric encryption, public key +cryptography and key agreement, certificate handling, cryptographic +hash functions, cryptographic pseudo-random number generator, and +various utilities.

    +

    +

    +
    +

    NOTES

    +

    Some of the newer functions follow a naming convention using the numbers +0 and 1. For example the functions:

    +
    + int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev);
+ int X509_add1_trust_object(X509 *x, const ASN1_OBJECT *obj);
    +

    The 0 version uses the supplied structure pointer directly +in the parent and it will be freed up when the parent is freed. +In the above example crl would be freed but rev would not.

    +

    The 1 function uses a copy of the supplied structure pointer +(or in some cases increases its link count) in the parent and +so both (x and obj above) should be freed up.

    +

    +

    +
    +

    RETURN VALUES

    +

    See the individual manual pages for details.

    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), ssl(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man7/ct.html b/linux_amd64/share/doc/openssl/html/man7/ct.html new file mode 100755 index 0000000..cba29a4 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man7/ct.html @@ -0,0 +1,88 @@ + + + + +ct + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    ct - Certificate Transparency

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ct.h>
    +

    +

    +
    +

    DESCRIPTION

    +

    This library implements Certificate Transparency (CT) verification for TLS +clients, as defined in RFC 6962. This verification can provide some confidence +that a certificate has been publicly logged in a set of CT logs.

    +

    By default, these checks are disabled. They can be enabled using +SSL_CTX_enable_ct(3) or SSL_enable_ct(3).

    +

    This library can also be used to parse and examine CT data structures, such as +Signed Certificate Timestamps (SCTs), or to read a list of CT logs. There are +functions for: +- decoding and encoding SCTs in DER and TLS wire format. +- printing SCTs. +- verifying the authenticity of SCTs. +- loading a CT log list from a CONF file.

    +

    +

    +
    +

    SEE ALSO

    +

    d2i_SCT_LIST(3), +CTLOG_STORE_new(3), +CTLOG_STORE_get0_log_by_id(3), +SCT_new(3), +SCT_print(3), +SCT_validate(3), +SCT_validate(3), +CT_POLICY_EVAL_CTX_new(3), +SSL_CTX_set_ct_validation_callback(3)

    +

    +

    +
    +

    HISTORY

    +

    The ct library was added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man7/des_modes.html b/linux_amd64/share/doc/openssl/html/man7/des_modes.html new file mode 100755 index 0000000..b095db4 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man7/des_modes.html @@ -0,0 +1,260 @@ + + + + +des_modes + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    des_modes - the variants of DES and other crypto algorithms of OpenSSL

    +

    +

    +
    +

    DESCRIPTION

    +

    Several crypto algorithms for OpenSSL can be used in a number of modes. Those +are used for using block ciphers in a way similar to stream ciphers, among +other things.

    +

    +

    +
    +

    OVERVIEW

    +

    +

    +

    Electronic Codebook Mode (ECB)

    +

    Normally, this is found as the function algorithm_ecb_encrypt().

    +
      +
    • +

      64 bits are enciphered at a time.

      +
      • +
    • +

      The order of the blocks can be rearranged without detection.

      +
      • +
    • +

      The same plaintext block always produces the same ciphertext block +(for the same key) making it vulnerable to a 'dictionary attack'.

      +
      • +
    • +

      An error will only affect one ciphertext block.

      +
      • +
    +

    +

    +

    Cipher Block Chaining Mode (CBC)

    +

    Normally, this is found as the function algorithm_cbc_encrypt(). +Be aware that des_cbc_encrypt() is not really DES CBC (it does +not update the IV); use des_ncbc_encrypt() instead.

    +
      +
    • +

      a multiple of 64 bits are enciphered at a time.

      +
      • +
    • +

      The CBC mode produces the same ciphertext whenever the same +plaintext is encrypted using the same key and starting variable.

      +
      • +
    • +

      The chaining operation makes the ciphertext blocks dependent on the +current and all preceding plaintext blocks and therefore blocks can not +be rearranged.

      +
      • +
    • +

      The use of different starting variables prevents the same plaintext +enciphering to the same ciphertext.

      +
      • +
    • +

      An error will affect the current and the following ciphertext blocks.

      +
      • +
    +

    +

    +

    Cipher Feedback Mode (CFB)

    +

    Normally, this is found as the function algorithm_cfb_encrypt().

    +
      +
    • +

      a number of bits (j) <= 64 are enciphered at a time.

      +
      • +
    • +

      The CFB mode produces the same ciphertext whenever the same +plaintext is encrypted using the same key and starting variable.

      +
      • +
    • +

      The chaining operation makes the ciphertext variables dependent on the +current and all preceding variables and therefore j-bit variables are +chained together and can not be rearranged.

      +
      • +
    • +

      The use of different starting variables prevents the same plaintext +enciphering to the same ciphertext.

      +
      • +
    • +

      The strength of the CFB mode depends on the size of k (maximal if +j == k). In my implementation this is always the case.

      +
      • +
    • +

      Selection of a small value for j will require more cycles through +the encipherment algorithm per unit of plaintext and thus cause +greater processing overheads.

      +
      • +
    • +

      Only multiples of j bits can be enciphered.

      +
      • +
    • +

      An error will affect the current and the following ciphertext variables.

      +
      • +
    +

    +

    +

    Output Feedback Mode (OFB)

    +

    Normally, this is found as the function algorithm_ofb_encrypt().

    +
      +
    • +

      a number of bits (j) <= 64 are enciphered at a time.

      +
      • +
    • +

      The OFB mode produces the same ciphertext whenever the same +plaintext enciphered using the same key and starting variable. More +over, in the OFB mode the same key stream is produced when the same +key and start variable are used. Consequently, for security reasons +a specific start variable should be used only once for a given key.

      +
      • +
    • +

      The absence of chaining makes the OFB more vulnerable to specific attacks.

      +
      • +
    • +

      The use of different start variables values prevents the same +plaintext enciphering to the same ciphertext, by producing different +key streams.

      +
      • +
    • +

      Selection of a small value for j will require more cycles through +the encipherment algorithm per unit of plaintext and thus cause +greater processing overheads.

      +
      • +
    • +

      Only multiples of j bits can be enciphered.

      +
      • +
    • +

      OFB mode of operation does not extend ciphertext errors in the +resultant plaintext output. Every bit error in the ciphertext causes +only one bit to be in error in the deciphered plaintext.

      +
      • +
    • +

      OFB mode is not self-synchronizing. If the two operation of +encipherment and decipherment get out of synchronism, the system needs +to be re-initialized.

      +
      • +
    • +

      Each re-initialization should use a value of the start variable +different from the start variable values used before with the same +key. The reason for this is that an identical bit stream would be +produced each time from the same parameters. This would be +susceptible to a 'known plaintext' attack.

      +
      • +
    +

    +

    +

    Triple ECB Mode

    +

    Normally, this is found as the function algorithm_ecb3_encrypt().

    +
      +
    • +

      Encrypt with key1, decrypt with key2 and encrypt with key3 again.

      +
      • +
    • +

      As for ECB encryption but increases the key length to 168 bits. +There are theoretic attacks that can be used that make the effective +key length 112 bits, but this attack also requires 2^56 blocks of +memory, not very likely, even for the NSA.

      +
      • +
    • +

      If both keys are the same it is equivalent to encrypting once with +just one key.

      +
      • +
    • +

      If the first and last key are the same, the key length is 112 bits. +There are attacks that could reduce the effective key strength +to only slightly more than 56 bits, but these require a lot of memory.

      +
      • +
    • +

      If all 3 keys are the same, this is effectively the same as normal +ecb mode.

      +
      • +
    +

    +

    +

    Triple CBC Mode

    +

    Normally, this is found as the function algorithm_ede3_cbc_encrypt().

    +
      +
    • +

      Encrypt with key1, decrypt with key2 and then encrypt with key3.

      +
      • +
    • +

      As for CBC encryption but increases the key length to 168 bits with +the same restrictions as for triple ecb mode.

      +
      • +
    +

    +

    +
    +

    NOTES

    +

    This text was been written in large parts by Eric Young in his original +documentation for SSLeay, the predecessor of OpenSSL. In turn, he attributed +it to:

    +
    +        AS 2805.5.2
+        Australian Standard
+        Electronic funds transfer - Requirements for interfaces,
+        Part 5.2: Modes of operation for an n-bit block cipher algorithm
+        Appendix A
    +

    +

    +
    +

    SEE ALSO

    +

    BF_encrypt(3), DES_crypt(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man7/evp.html b/linux_amd64/share/doc/openssl/html/man7/evp.html new file mode 100755 index 0000000..9959345 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man7/evp.html @@ -0,0 +1,138 @@ + + + + +evp + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    evp - high-level cryptographic functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +

    +

    +
    +

    DESCRIPTION

    +

    The EVP library provides a high-level interface to cryptographic +functions.

    +

    The EVP_SealXXX and EVP_OpenXXX +functions provide public key encryption and decryption to implement digital "envelopes".

    +

    The EVP_DigestSignXXX and +EVP_DigestVerifyXXX functions implement +digital signatures and Message Authentication Codes (MACs). Also see the older +EVP_SignXXX and EVP_VerifyXXX +functions.

    +

    Symmetric encryption is available with the EVP_EncryptXXX +functions. The EVP_DigestXXX functions provide message digests.

    +

    The EVP_PKEYXXX functions provide a high level interface to +asymmetric algorithms. To create a new EVP_PKEY see +EVP_PKEY_new(3). EVP_PKEYs can be associated +with a private key of a particular algorithm by using the functions +described on the EVP_PKEY_set1_RSA(3) page, or +new keys can be generated using EVP_PKEY_keygen(3). +EVP_PKEYs can be compared using EVP_PKEY_cmp(3), or printed using +EVP_PKEY_print_private(3).

    +

    The EVP_PKEY functions support the full range of asymmetric algorithm operations:

    +
    +
    For key agreement see EVP_PKEY_derive(3)
    + +
    For signing and verifying see EVP_PKEY_sign(3), +EVP_PKEY_verify(3) and EVP_PKEY_verify_recover(3). +However, note that +these functions do not perform a digest of the data to be signed. Therefore +normally you would use the EVP_DigestSignInit(3) +functions for this purpose.
    + +
    For encryption and decryption see EVP_PKEY_encrypt(3) +and EVP_PKEY_decrypt(3) respectively. However, note that +these functions perform encryption and decryption only. As public key +encryption is an expensive operation, normally you would wrap +an encrypted message in a "digital envelope" using the EVP_SealInit(3) and +EVP_OpenInit(3) functions.
    + +
    +

    The EVP_BytesToKey(3) function provides some limited support for password +based encryption. Careful selection of the parameters will provide a PKCS#5 PBKDF1 compatible +implementation. However, new applications should not typically use this (preferring, for example, +PBKDF2 from PCKS#5).

    +

    The EVP_EncodeXXX and +EVP_DecodeXXX functions implement base 64 encoding +and decoding.

    +

    All the symmetric algorithms (ciphers), digests and asymmetric algorithms +(public key algorithms) can be replaced by ENGINE modules providing alternative +implementations. If ENGINE implementations of ciphers or digests are registered +as defaults, then the various EVP functions will automatically use those +implementations automatically in preference to built in software +implementations. For more information, consult the engine(3) man page.

    +

    Although low level algorithm specific functions exist for many algorithms +their use is discouraged. They cannot be used with an ENGINE and ENGINE +versions of new algorithms cannot be accessed using the low level functions. +Also makes code harder to adapt to new algorithms and some options are not +cleanly supported at the low level and some operations are more efficient +using the high level interface.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_DigestInit(3), +EVP_EncryptInit(3), +EVP_OpenInit(3), +EVP_SealInit(3), +EVP_DigestSignInit(3), +EVP_SignInit(3), +EVP_VerifyInit(3), +EVP_EncodeInit(3), +EVP_PKEY_new(3), +EVP_PKEY_set1_RSA(3), +EVP_PKEY_keygen(3), +EVP_PKEY_print_private(3), +EVP_PKEY_decrypt(3), +EVP_PKEY_encrypt(3), +EVP_PKEY_sign(3), +EVP_PKEY_verify(3), +EVP_PKEY_verify_recover(3), +EVP_PKEY_derive(3), +EVP_BytesToKey(3), +ENGINE_by_id(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man7/openssl-core.h.html b/linux_amd64/share/doc/openssl/html/man7/openssl-core.h.html new file mode 100755 index 0000000..98dc360 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man7/openssl-core.h.html @@ -0,0 +1,160 @@ + + + + +openssl-core.h + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    openssl/core.h - OpenSSL Core types

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/core.h>
    +

    +

    +
    +

    DESCRIPTION

    +

    The <openssl/core.h >> header defines a number of public types that +are used to communicate between the OpenSSL libraries and +implementation providers. +These types are designed to minimise the need for intimate knowledge +of internal structures between the OpenSSL libraries and the providers.

    +

    The types are:

    +
    +
    OSSL_DISPATCH
    + +
    +

    This type is a tuple of function identity and function pointer. +Arrays of this type are passed between the OpenSSL libraries and the +providers to describe what functionality one side provides to the +other. +Arrays of this type must be terminated with a tuple having function +identity zero and function pointer NULL.

    +

    The available function identities and corresponding function +signatures are defined in openssl-core_numbers.h(7).

    +

    Any function identity not recognised by the recipient of this type +will be ignored. +This ensures that providers built with one OpenSSL version in mind +will work together with any other OpenSSL version that supports this +mechanism.

    +
    +
    OSSL_ITEM
    + +
    +

    This type is a tuple of integer and pointer. +It's a generic type used as a generic descriptor, its exact meaning +being defined by how it's used. +Arrays of this type are passed between the OpenSSL libraries and the +providers, and must be terminated with a tuple where the integer is +zero and the pointer NULL.

    +
    +
    OSSL_ALGORITHM
    + +
    +

    This type is a tuple of an algorithm name (string), a property +definition (string) and a dispatch table (array of OSSL_DISPATCH). +Arrays of this type are passed on demand from the providers to the +OpenSSL libraries to describe what algorithms the providers provide +implementations of, and with what properties. +Arrays of this type must be terminated with a tuple having function +identity zero and function pointer NULL.

    +

    The algorithm names and property definitions are defined by the +providers.

    +
    +
    OSSL_PARAM
    + +
    +

    This type is a structure that allows passing arbitrary object data +between two parties that have no or very little shared knowledge about +their respective internal structures for that object. +It's normally passed in arrays, where the array is terminated with an +element where all fields are zero (for non-pointers) or NULL (for +pointers).

    +

    These arrays can be used to set parameters for some object, to request +parameters, and to describe parameters.

    +

    OSSL_PARAM is further described in OSSL_PARAM(3)

    +
    +
    OSSL_CALLBACK
    + +
    +

    This is a function type for a generic feedback callback function:

    +
    +    typedef int (OSSL_CALLBACK)(const OSSL_PARAM params[], void *arg);
    +

    A function that takes a pointer of this type should also take a +pointer to caller data. When calling this callback, the function is +expected to build an OSSL_PARAM array of data it wants or is +expected to pass back, and pass that as params, as well as +the caller data pointer it received, as arg.

    +
    +
    OSSL_PASSPHRASE_CALLBACK
    + +
    +

    This is a function type for a generic pass phrase callback function:

    +
    +    typedef int (OSSL_PASSPHRASE_CALLBACK)(char *pass, size_t pass_size,
+                                           size_t *pass_len,
+                                           const OSSL_PARAM params[],
+                                           void *arg);
    +

    This callback can be used to prompt the user for a passphrase. When +calling it, a buffer to store the pass phrase needs to be given with +pass, and its size with pass_size. The length of the prompted +pass phrase will be given back in *pass_len.

    +

    Additional parameters can be passed with the OSSL_PARAM array +params.

    +

    A function that takes a pointer of this type should also take a +pointer to caller data, which should be passed as arg to this +callback.

    +
    +
    +

    +

    +
    +

    SEE ALSO

    +

    openssl-core_numbers.h(7)

    +

    +

    +
    +

    HISTORY

    +

    The types described here were added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man7/openssl-env.html b/linux_amd64/share/doc/openssl/html/man7/openssl-env.html new file mode 100755 index 0000000..1d14975 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man7/openssl-env.html @@ -0,0 +1,119 @@ + + + + +openssl-env + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    openssl-env - OpenSSL environment variables

    +

    +

    +
    +

    DESCRIPTION

    +

    The OpenSSL libraries use environment variables to override the +compiled-in default paths for various data. +To avoid security risks, the environment is usually not consulted when +the executable is set-user-ID or set-group-ID.

    +
    +
    CTLOG_FILE
    + +
    +

    Specifies the path to a certificate transparency log list. +See CTLOG_STORE_new(3).

    +
    +
    OPENSSL
    + +
    +

    Specifies the path to the openssl executable. Only used by +the rehash script. +See openssl-rehash(1)/Script Configuration.

    +
    +
    OPENSSL_CONF
    + +
    +

    Specifies the path to a configuration file. +See openssl(1) and config(5).

    +
    +
    OPENSSL_ENGINES
    + +
    +

    Specifies the directory from which dynamic engines are loaded. +See openssl-engine(1).

    +
    +
    OPENSSL_MALLOC_FD, OPENSSL_MALLOC_FAILURES
    + +
    +

    If built with debugging, this allows memory allocation to fail. +See OPENSSL_malloc(3).

    +
    +
    OPENSSL_MODULES
    + +
    +

    Specifies the directory from which cryptographic providers are loaded. +See openssl-provider(1).

    +
    +
    OPENSSL_WIN32_UTF8
    + +
    +

    If set, then UI_OpenSSL(3) returns UTF-8 encoded strings, rather than +ones encoded in the current code page, and +the openssl(1) program also transcodes the command-line parameters +from the current code page to UTF-8. +This environment variable is only checked on Microsoft Windows platforms.

    +
    +
    RANDFILE
    + +
    +

    The state file for the random number generator. +This should not be needed in normal use. +See RAND_load_file(3).

    +
    +
    SSL_CERT_DIR, SSL_CERT_FILE
    + +
    +

    Specify the default directory or file containing CA certificates. +See SSL_CTX_load_verify_locations(3).

    +
    +
    TSGET
    + +
    +

    Additional arguments for the tsget(1) command.

    +
    +
    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man7/openssl_user_macros.html b/linux_amd64/share/doc/openssl/html/man7/openssl_user_macros.html new file mode 100755 index 0000000..90e00ca --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man7/openssl_user_macros.html @@ -0,0 +1,126 @@ + + + + +openssl_user_macros + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    openssl_user_macros, OPENSSL_API_COMPAT - User defined macros

    +

    +

    +
    +

    DESCRIPTION

    +

    User defined macros allow the programmer to control certain aspects of +what is exposed by the OpenSSL headers.

    +

    NOTE: to be effective, a user defined macro must be defined +before including any header file that depends on it, either in the +compilation command (cc -DMACRO=value) or by defining the macro in +source before including any headers.

    +

    Other manual pages may refer to this page when declarations depend on +user defined macros.

    +

    +

    +

    The macros

    +
    +
    OPENSSL_API_COMPAT
    + +
    +

    The value is a version number, given in one of the following two forms:

    +
      +
    1. 0xMNNFF000L + +

      This is the form supported for all versions up to 1.1.x, where M +represents the major number, NN represents the minor number, and +FF represents the fix number, as a hexadecimal number. For version +1.1.0, that's 0x10100000L.

      +

      Any version number may be given, but these numbers are +the current known major deprecation points, making them the most +meaningful:

      +
        +
      1. 0x00908000L (version 0.9.8) + +
        2. +
      2. 0x10000000L (version 1.0.0) + +
        3. +
      3. 0x10100000L (version 1.1.0) + +
        4. +
      +

      For convenience, higher numbers are accepted as well, as long as +feasible. For example, 0x60000000L will work as expected. +However, it is recommended to start using the second form instead:

      +
    +
    mmnnpp
    + +
    +

    This form is a simple decimal number calculated with this formula:

    +

    major * 10000 + minor * 100 + patch

    +

    where major, minor and patch are the desired major, +minor and patch components of the version number. For example:

    +
      +
    1. corresponds to version 3.0.0 + +
      2. +
    2. corresponds to version 1.0.2 + +
      3. +
    3. corresponds to version 42.1.1 + +
      4. +
    + + +

    If not set, this macro will default to +30000.

    +
    +
    OPENSSL_NO_DEPRECATED
    + +
    +

    If this macro is defined, all deprecated public symbols in all OpenSSL +versions up to and including the version given by OPENSSL_API_COMPAT +will be hidden.

    +
    +
    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man7/ossl_store-file.html b/linux_amd64/share/doc/openssl/html/man7/ossl_store-file.html new file mode 100755 index 0000000..06e918b --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man7/ossl_store-file.html @@ -0,0 +1,94 @@ + + + + +ossl_store-file + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    ossl_store-file - The store 'file' scheme loader

    +

    +

    +
    +

    SYNOPSIS

    +

    #include <openssl/store.h>

    +

    +

    +
    +

    DESCRIPTION

    +

    Support for the 'file' scheme is built into libcrypto. +Since files come in all kinds of formats and content types, the 'file' +scheme has its own layer of functionality called "file handlers", +which are used to try to decode diverse types of file contents.

    +

    In case a file is formatted as PEM, each called file handler receives +the PEM name (everything following any '-----BEGIN ') as well as +possible PEM headers, together with the decoded PEM body. Since PEM +formatted files can contain more than one object, the file handlers +are called upon for each such object.

    +

    If the file isn't determined to be formatted as PEM, the content is +loaded in raw form in its entirety and passed to the available file +handlers as is, with no PEM name or headers.

    +

    Each file handler is expected to handle PEM and non-PEM content as +appropriate. Some may refuse non-PEM content for the sake of +determinism (for example, there are keys out in the wild that are +represented as an ASN.1 OCTET STRING. In raw form, it's not easily +possible to distinguish those from any other data coming as an ASN.1 +OCTET STRING, so such keys would naturally be accepted as PEM files +only).

    +

    +

    +
    +

    NOTES

    +

    When needed, the 'file' scheme loader will require a pass phrase by +using the UI_METHOD that was passed via OSSL_STORE_open(). +This pass phrase is expected to be UTF-8 encoded, anything else will +give an undefined result. +The files made accessible through this loader are expected to be +standard compliant with regards to pass phrase encoding. +Files that aren't should be re-generated with a correctly encoded pass +phrase. +See passphrase-encoding(7) for more information.

    +

    +

    +
    +

    SEE ALSO

    +

    ossl_store(7), passphrase-encoding(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man7/ossl_store.html b/linux_amd64/share/doc/openssl/html/man7/ossl_store.html new file mode 100755 index 0000000..3b29523 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man7/ossl_store.html @@ -0,0 +1,133 @@ + + + + +ossl_store + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    ossl_store - Store retrieval functions

    +

    +

    +
    +

    SYNOPSIS

    +

    #include <openssl/store.h>

    +

    +

    +
    +

    DESCRIPTION

    +

    +

    +

    General

    +

    A STORE is a layer of functionality to retrieve a number of supported +objects from a repository of any kind, addressable as a filename or +as a URI.

    +

    The functionality supports the pattern "open a channel to the +repository", "loop and retrieve one object at a time", and "finish up +by closing the channel".

    +

    The retrieved objects are returned as a wrapper type OSSL_STORE_INFO, +from which an OpenSSL type can be retrieved.

    +

    +

    +

    URI schemes and loaders

    +

    Support for a URI scheme is called a STORE "loader", and can be added +dynamically from the calling application or from a loadable engine.

    +

    Support for the 'file' scheme is built into libcrypto. +See ossl_store-file(7) for more information.

    +

    +

    +

    UI_METHOD and pass phrases

    +

    The OSS_STORE API does nothing to enforce any specific format or +encoding on the pass phrase that the UI_METHOD provides. However, +the pass phrase is expected to be UTF-8 encoded. The result of any +other encoding is undefined.

    +

    +

    +
    +

    EXAMPLES

    +

    +

    +

    A generic call

    +
    + OSSL_STORE_CTX *ctx = OSSL_STORE_open("file:/foo/bar/data.pem";);
    +
    + /*
+  * OSSL_STORE_eof() simulates file semantics for any repository to signal
+  * that no more data can be expected
+  */
+ while (!OSSL_STORE_eof(ctx)) {
+     OSSL_STORE_INFO *info = OSSL_STORE_load(ctx);
    +
    +     /*
+      * Do whatever is necessary with the OSSL_STORE_INFO,
+      * here just one example
+      */
+     switch (OSSL_STORE_INFO_get_type(info)) {
+     case OSSL_STORE_INFO_X509:
+         /* Print the X.509 certificate text */
+         X509_print_fp(stdout, OSSL_STORE_INFO_get0_CERT(info));
+         /* Print the X.509 certificate PEM output */
+         PEM_write_X509(stdout, OSSL_STORE_INFO_get0_CERT(info));
+         break;
+     }
+ }
    +
    + OSSL_STORE_close(ctx);
    +

    +

    +
    +

    SEE ALSO

    +

    OSSL_STORE_INFO(3), OSSL_STORE_LOADER(3), +OSSL_STORE_open(3), OSSL_STORE_expect(3), +OSSL_STORE_SEARCH(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man7/passphrase-encoding.html b/linux_amd64/share/doc/openssl/html/man7/passphrase-encoding.html new file mode 100755 index 0000000..b5d4a4b --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man7/passphrase-encoding.html @@ -0,0 +1,207 @@ + + + + +passphrase-encoding + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    passphrase-encoding +- How diverse parts of OpenSSL treat pass phrases character encoding

    +

    +

    +
    +

    DESCRIPTION

    +

    In a modern world with all sorts of character encodings, the treatment of pass +phrases has become increasingly complex. +This manual page attempts to give an overview over how this problem is +currently addressed in different parts of the OpenSSL library.

    +

    +

    +

    The general case

    +

    The OpenSSL library doesn't treat pass phrases in any special way as a general +rule, and trusts the application or user to choose a suitable character set +and stick to that throughout the lifetime of affected objects. +This means that for an object that was encrypted using a pass phrase encoded in +ISO-8859-1, that object needs to be decrypted using a pass phrase encoded in +ISO-8859-1. +Using the wrong encoding is expected to cause a decryption failure.

    +

    +

    +

    PKCS#12

    +

    PKCS#12 is a bit different regarding pass phrase encoding. +The standard stipulates that the pass phrase shall be encoded as an ASN.1 +BMPString, which consists of the code points of the basic multilingual plane, +encoded in big endian (UCS-2 BE).

    +

    OpenSSL tries to adapt to this requirements in one of the following manners:

    +
      +
    1. +

      Treats the received pass phrase as UTF-8 encoded and tries to re-encode it to +UTF-16 (which is the same as UCS-2 for characters U+0000 to U+D7FF and U+E000 +to U+FFFF, but becomes an expansion for any other character), or failing that, +proceeds with step 2.

      +
      2. +
    2. +

      Assumes that the pass phrase is encoded in ASCII or ISO-8859-1 and +opportunistically prepends each byte with a zero byte to obtain the UCS-2 +encoding of the characters, which it stores as a BMPString.

      +

      Note that since there is no check of your locale, this may produce UCS-2 / +UTF-16 characters that do not correspond to the original pass phrase characters +for other character sets, such as any ISO-8859-X encoding other than +ISO-8859-1 (or for Windows, CP 1252 with exception for the extra "graphical" +characters in the 0x80-0x9F range).

      +
      3. +
    +

    OpenSSL versions older than 1.1.0 do variant 2 only, and that is the reason why +OpenSSL still does this, to be able to read files produced with older versions.

    +

    It should be noted that this approach isn't entirely fault free.

    +

    A pass phrase encoded in ISO-8859-2 could very well have a sequence such as +0xC3 0xAF (which is the two characters "LATIN CAPITAL LETTER A WITH BREVE" +and "LATIN CAPITAL LETTER Z WITH DOT ABOVE" in ISO-8859-2 encoding), but would +be misinterpreted as the perfectly valid UTF-8 encoded code point U+00EF (LATIN +SMALL LETTER I WITH DIAERESIS) if the pass phrase doesn't contain anything that +would be invalid UTF-8. +A pass phrase that contains this kind of byte sequence will give a different +outcome in OpenSSL 1.1.0 and newer than in OpenSSL older than 1.1.0.

    +
    + 0x00 0xC3 0x00 0xAF                    # OpenSSL older than 1.1.0
+ 0x00 0xEF                              # OpenSSL 1.1.0 and newer
    +

    On the same accord, anything encoded in UTF-8 that was given to OpenSSL older +than 1.1.0 was misinterpreted as ISO-8859-1 sequences.

    +

    +

    +

    OSSL_STORE

    +

    ossl_store(7) acts as a general interface to access all kinds of objects, +potentially protected with a pass phrase, a PIN or something else. +This API stipulates that pass phrases should be UTF-8 encoded, and that any +other pass phrase encoding may give undefined results. +This API relies on the application to ensure UTF-8 encoding, and doesn't check +that this is the case, so what it gets, it will also pass to the underlying +loader.

    +

    +

    +
    +

    RECOMMENDATIONS

    +

    This section assumes that you know what pass phrase was used for encryption, +but that it may have been encoded in a different character encoding than the +one used by your current input method. +For example, the pass phrase may have been used at a time when your default +encoding was ISO-8859-1 (i.e. "naïve" resulting in the byte sequence 0x6E 0x61 +0xEF 0x76 0x65), and you're now in an environment where your default encoding +is UTF-8 (i.e. "naïve" resulting in the byte sequence 0x6E 0x61 0xC3 0xAF 0x76 +0x65). +Whenever it's mentioned that you should use a certain character encoding, it +should be understood that you either change the input method to use the +mentioned encoding when you type in your pass phrase, or use some suitable tool +to convert your pass phrase from your default encoding to the target encoding.

    +

    Also note that the sub-sections below discuss human readable pass phrases. +This is particularly relevant for PKCS#12 objects, where human readable pass +phrases are assumed. +For other objects, it's as legitimate to use any byte sequence (such as a +sequence of bytes from `/dev/urandom` that's been saved away), which makes any +character encoding discussion irrelevant; in such cases, simply use the same +byte sequence as it is.

    +

    +

    +

    Creating new objects

    +

    For creating new pass phrase protected objects, make sure the pass phrase is +encoded using UTF-8. +This is default on most modern Unixes, but may involve an effort on other +platforms. +Specifically for Windows, setting the environment variable +OPENSSL_WIN32_UTF8 will have anything entered on [Windows] console prompt +converted to UTF-8 (command line and separately prompted pass phrases alike).

    +

    +

    +

    Opening existing objects

    +

    For opening pass phrase protected objects where you know what character +encoding was used for the encryption pass phrase, make sure to use the same +encoding again.

    +

    For opening pass phrase protected objects where the character encoding that was +used is unknown, or where the producing application is unknown, try one of the +following:

    +
      +
    1. +

      Try the pass phrase that you have as it is in the character encoding of your +environment. +It's possible that its byte sequence is exactly right.

      +
      2. +
    2. +

      Convert the pass phrase to UTF-8 and try with the result. +Specifically with PKCS#12, this should open up any object that was created +according to the specification.

      +
      3. +
    3. +

      Do a naïve (i.e. purely mathematical) ISO-8859-1 to UTF-8 conversion and try +with the result. +This differs from the previous attempt because ISO-8859-1 maps directly to +U+0000 to U+00FF, which other non-UTF-8 character sets do not.

      +

      This also takes care of the case when a UTF-8 encoded string was used with +OpenSSL older than 1.1.0. +(for example, ï, which is 0xC3 0xAF when encoded in UTF-8, would become 0xC3 +0x83 0xC2 0xAF when re-encoded in the naïve manner. +The conversion to BMPString would then yield 0x00 0xC3 0x00 0xA4 0x00 0x00, the +erroneous/non-compliant encoding used by OpenSSL older than 1.1.0)

      +
      4. +
    +

    +

    +
    +

    SEE ALSO

    +

    evp(7), +ossl_store(7), +EVP_BytesToKey(3), EVP_DecryptInit(3), +PEM_do_header(3), +PKCS12_parse(3), PKCS12_newpass(3), +d2i_PKCS8PrivateKey_bio(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man7/property.html b/linux_amd64/share/doc/openssl/html/man7/property.html new file mode 100755 index 0000000..f9c0fa8 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man7/property.html @@ -0,0 +1,205 @@ + + + + +property + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    property - Properties, a selection mechanism for algorithm implementations

    +

    +

    +
    +

    DESCRIPTION

    +

    As of OpenSSL 3.0, a new method has been introduced to decide which of +multiple implementations of an algorithm will be used. +The method is centered around the concept of properties. +Each implementation defines a number of properties and when an algorithm +is being selected, filters based on these properties can be used to +choose the most appropriate implementation of the algorithm.

    +

    Properties are like variables, they are referenced by name and have a value +assigned.

    +

    +

    +

    Property Names

    +

    Property names fall into two categories: those reserved by the OpenSSL +project and user defined names. +A reserved property name consists of a single C-style identifier +(except for leading underscores not being permitted), which begins +with a letter and can be followed by any number of letters, numbers +and underscores. +Property names are case-insensitive, but OpenSSL will only use lowercase +letters.

    +

    A user defined property name is similar, but it must consist of +two or more C-style identifiers, separated by periods. +The last identifier in the name can be considered the 'true' property +name, which is prefixed by some sort of 'namespace'. +Providers for example could include their name in the prefix and use +property names like

    +
    +  <provider_name>.<property_name>
+  <provider_name>.<algorithm_name>.<property_name>
    +

    +

    +

    Properties

    +

    A property is a name=value pair. +A property definition is a sequence of comma separated properties. +There can be any number of properties in a definition. +For example: "" defines a null property definition; "my.foo=bar" +defines a property named my.foo which has a string value bar and +"iteration.count=3" defines a property named iteration.count which +has a numeric value of 3. +The full syntax for property definitions appears below.

    +

    +

    +

    Implementations

    +

    Each implementation of an algorithm can define any number of +properties. +For example, the default provider defines the property provider=default +for all of its algorithms. +Likewise, OpenSSL's FIPS provider defines provider=fips and the legacy +provider defines provider=legacy for all of their algorithms.

    +

    +

    +

    Queries

    +

    A property query clause is a single conditional test. +For example, "fips=yes", "provider!=default" or "?iteration.count!=3". +The first two represent mandatory clauses, such clauses must match +for any algorithm to even be under consideration. +The third clause represents an optional clause. +Matching such clauses is not a requirement, but any additional optional +match counts in favor of the algorithm. +More details about that in the Lookups section. +A property query is a sequence of comma separated property query clauses. +The full syntax for property queries appears below, but the available syntactic +features are:

    +
      +
    • +

      = is an infix operator providing an equality test.

      +
      • +
    • +

      != is an infix operator providing an inequality test.

      +
      • +
    • +

      ? is a prefix operator that means that the following clause is optional +but preferred.

      +
      • +
    • +

      - is a prefix operator that means any global query clause involving the +following property name should be ignored.

      +
      • +
    • +

      "..." is a quoted string. +The quotes are not included in the body of the string.

      +
      • +
    • +

      '...' is a quoted string. +The quotes are not included in the body of the string.

      +
      • +
    +

    +

    +

    Lookups

    +

    When an algorithm is looked up, a property query is used to determine +the best matching algorithm. +All mandatory query clauses must be present and the implementation +that additionally has the largest number of matching optional query +clauses will be used. +If there is more than one such optimal candidate, the result will be +chosen from amongst those in an indeterminate way. +Ordering of optional clauses is not significant.

    +

    +

    +

    Shortcut

    +

    In order to permit a more concise expression of boolean properties, there +is one short cut: a property name alone (e.g. "my.property") is +exactly equivalent to "my.property=yes" in both definitions and queries.

    +

    +

    +

    Global and Local

    +

    Two levels of property query are supported. +A context based property query that applies to all fetch operations and a local +property query. +Where both the context and local queries include a clause with the same name, +the local clause overrides the context clause.

    +

    It is possible for a local property query to remove a clause in the context +property query by preceding the property name with a '-'. +For example, a context property query that contains "fips=yes" would normally +result in implementations that have "fips=yes".

    +

    However, if the setting of the "fips" property is irrelevant to the +operations being performed, the local property query can include the +clause "-fips". +Note that the local property query could not use "fips=no" because that would +disallow any implementations with "fips=yes" rather than not caring about the +setting.

    +

    +

    +
    +

    SYNTAX

    +

    The lexical syntax in EBNF is given by:

    +
    + Definition     ::= PropertyName ( '=' Value )? 
+                        ( ',' PropertyName ( '=' Value )? )*
+ Query          ::= PropertyQuery ( ',' PropertyQuery )*
+ PropertyQuery  ::= '-' PropertyName
+                  | '?'? ( PropertyName (( '=' | '!=' ) Value)?)
+ Value          ::= NumberLiteral | StringLiteral
+ StringLiteral  ::= QuotedString | UnquotedString
+ QuotedString   ::= '"' [^"]* '"' | "'" [^']* "'"
+ UnquotedString ::= [^{space},]+
+ NumberLiteral  ::= '0' ( [0-7]* | 'x' [0-9A-Fa-f]+ ) | '-'? [1-9] [0-9]+
+ PropertyName   ::= [A-Z] [A-Z0-9_]* ( '.' [A-Z] [A-Z0-9_]* )*
    +

    +

    +
    +

    HISTORY

    +

    Properties were added in OpenSSL 3.0

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man7/provider-asym_cipher.html b/linux_amd64/share/doc/openssl/html/man7/provider-asym_cipher.html new file mode 100755 index 0000000..5e2f166 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man7/provider-asym_cipher.html @@ -0,0 +1,297 @@ + + + + +provider-asym_cipher + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    provider-asym_cipher - The asym_cipher library <-> provider functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/core_numbers.h>
+ #include <openssl/core_names.h>
    +
    + /*
+  * None of these are actual functions, but are displayed like this for
+  * the function signatures for functions that are offered as function
+  * pointers in OSSL_DISPATCH arrays.
+  */
    +
    + /* Context management */
+ void *OP_asym_cipher_newctx(void *provctx);
+ void OP_asym_cipher_freectx(void *ctx);
+ void *OP_asym_cipher_dupctx(void *ctx);
    +
    + /* Encryption */
+ int OP_asym_cipher_encrypt_init(void *ctx, void *provkey);
+ int OP_asym_cipher_encrypt(void *ctx, unsigned char *out, size_t *outlen,
+                            size_t outsize, const unsigned char *in,
+                            size_t inlen);
    +
    + /* Decryption */
+ int OP_asym_cipher_decrypt_init(void *ctx, void *provkey);
+ int OP_asym_cipher_decrypt(void *ctx, unsigned char *out, size_t *outlen,
+                            size_t outsize, const unsigned char *in,
+                            size_t inlen);
    +
    + /* Asymmetric Cipher parameters */
+ int OP_asym_cipher_get_ctx_params(void *ctx, OSSL_PARAM params[]);
+ const OSSL_PARAM *OP_asym_cipher_gettable_ctx_params(void);
+ int OP_asym_cipher_set_ctx_params(void *ctx, const OSSL_PARAM params[]);
+ const OSSL_PARAM *OP_asym_cipher_settable_ctx_params(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    This documentation is primarily aimed at provider authors. See provider(7) +for further information.

    +

    The asymmetric cipher (OSSL_OP_ASYM_CIPHER) operation enables providers to +implement asymmetric cipher algorithms and make them available to applications +via the API functions EVP_PKEY_encrypt(3), +EVP_PKEY_decrypt(3) and +other related functions).

    +

    All "functions" mentioned here are passed as function pointers between +libcrypto and the provider in OSSL_DISPATCH arrays via +OSSL_ALGORITHM arrays that are returned by the provider's +provider_query_operation() function +(see provider-base(7)/Provider Functions).

    +

    All these "functions" have a corresponding function type definition +named OSSL_{name}_fn, and a helper function to retrieve the +function pointer from an OSSL_DISPATCH element named +OSSL_get_{name}. +For example, the "function" OP_asym_cipher_newctx() has these:

    +
    + typedef void *(OSSL_OP_asym_cipher_newctx_fn)(void *provctx);
+ static ossl_inline OSSL_OP_asym_cipher_newctx_fn
+     OSSL_get_OP_asym_cipher_newctx(const OSSL_DISPATCH *opf);
    +

    OSSL_DISPATCH arrays are indexed by numbers that are provided as +macros in openssl-core_numbers.h(7), as follows:

    +
    + OP_asym_cipher_newctx               OSSL_FUNC_ASYM_CIPHER_NEWCTX
+ OP_asym_cipher_freectx              OSSL_FUNC_ASYM_CIPHER_FREECTX
+ OP_asym_cipher_dupctx               OSSL_FUNC_ASYM_CIPHER_DUPCTX
    +
    + OP_asym_cipher_encrypt_init         OSSL_FUNC_ASYM_CIPHER_ENCRYPT_INIT
+ OP_asym_cipher_encrypt              OSSL_FUNC_ASYM_CIPHER_ENCRYPT
    +
    + OP_asym_cipher_decrypt_init         OSSL_FUNC_ASYM_CIPHER_DECRYPT_INIT
+ OP_asym_cipher_decrypt              OSSL_FUNC_ASYM_CIPHER_DECRYPT
    +
    + OP_asym_cipher_get_ctx_params       OSSL_FUNC_ASYM_CIPHER_GET_CTX_PARAMS
+ OP_asym_cipher_gettable_ctx_params  OSSL_FUNC_ASYM_CIPHER_GETTABLE_CTX_PARAMS
+ OP_asym_cipher_set_ctx_params       OSSL_FUNC_ASYM_CIPHER_SET_CTX_PARAMS
+ OP_asym_cipher_settable_ctx_params  OSSL_FUNC_ASYM_CIPHER_SETTABLE_CTX_PARAMS
    +

    An asymmetric cipher algorithm implementation may not implement all of these +functions. +In order to be a consistent set of functions a provider must implement +OP_asym_cipher_newctx and OP_asym_cipher_freectx. +It must also implement both of OP_asym_cipher_encrypt_init and +OP_asym_cipher_encrypt, or both of OP_asym_cipher_decrypt_init and +OP_asym_cipher_decrypt. +OP_asym_cipher_get_ctx_params is optional but if it is present then so must +OP_asym_cipher_gettable_ctx_params. +Similarly, OP_asym_cipher_set_ctx_params is optional but if it is present then +so must OP_asym_cipher_settable_ctx_params.

    +

    An asymmetric cipher algorithm must also implement some mechanism for generating, +loading or importing keys via the key management (OSSL_OP_KEYMGMT) operation. +See provider-keymgmt(7) for further details.

    +

    +

    +

    Context Management Functions

    +

    OP_asym_cipher_newctx() should create and return a pointer to a provider side +structure for holding context information during an asymmetric cipher operation. +A pointer to this context will be passed back in a number of the other +asymmetric cipher operation function calls. +The parameter provctx is the provider context generated during provider +initialisation (see provider(7)).

    +

    OP_asym_cipher_freectx() is passed a pointer to the provider side asymmetric +cipher context in the ctx parameter. +This function should free any resources associated with that context.

    +

    OP_asym_cipher_dupctx() should duplicate the provider side asymmetric cipher +context in the ctx parameter and return the duplicate copy.

    +

    +

    +

    Encryption Functions

    +

    OP_asym_cipher_encrypt_init() initialises a context for an asymmetric encryption +given a provider side asymmetric cipher context in the ctx parameter, and a +pointer to a provider key object in the provkey parameter. +The key object should have been previously generated, loaded or imported into +the provider using the key management (OSSL_OP_KEYMGMT) operation (see +provider-keymgmt(7)>.

    +

    OP_asym_cipher_encrypt() performs the actual encryption itself. +A previously initialised asymmetric cipher context is passed in the ctx +parameter. +The data to be encrypted is pointed to by the in parameter which is inlen +bytes long. +Unless out is NULL, the encrypted data should be written to the location +pointed to by the out parameter and it should not exceed outsize bytes in +length. +The length of the encrypted data should be written to *outlen. +If out is NULL then the maximum length of the encrypted data should be +written to *outlen.

    +

    +

    +

    Decryption Functions

    +

    OP_asym_cipher_decrypt_init() initialises a context for an asymmetric decryption +given a provider side asymmetric cipher context in the ctx parameter, and a +pointer to a provider key object in the provkey parameter. +The key object should have been previously generated, loaded or imported into +the provider using the key management (OSSL_OP_KEYMGMT) operation (see +provider-keymgmt(7)>.

    +

    OP_asym_cipher_decrypt() performs the actual decryption itself. +A previously initialised asymmetric cipher context is passed in the ctx +parameter. +The data to be decrypted is pointed to by the in parameter which is inlen +bytes long. +Unless out is NULL, the decrypted data should be written to the location +pointed to by the out parameter and it should not exceed outsize bytes in +length. +The length of the decrypted data should be written to *outlen. +If out is NULL then the maximum length of the decrypted data should be +written to *outlen.

    +

    +

    +

    Asymmetric Cipher Parameters

    +

    See OSSL_PARAM(3) for further details on the parameters structure used by +the OP_asym_cipher_get_ctx_params() and OP_asym_cipher_set_ctx_params() +functions.

    +

    OP_asym_cipher_get_ctx_params() gets asymmetric cipher parameters associated +with the given provider side asymmetric cipher context ctx and stores them in +params. +OP_asym_cipher_set_ctx_params() sets the asymmetric cipher parameters associated +with the given provider side asymmetric cipher context ctx to params. +Any parameter settings are additional to any that were previously set.

    +

    Parameters currently recognised by built-in asymmetric cipher algorithms are as +follows. +Not all parameters are relevant to, or are understood by all asymmetric cipher +algorithms:

    +
    +
    "pad-mode" (OSSL_ASYM_CIPHER_PARAM_PAD_MODE) <integer>
    + +
    +

    The type of padding to be used. The interpretation of this value will depend +on the algorithm in use. The default provider understands these RSA padding +modes: 1 (RSA_PKCS1_PADDING), 2 (RSA_SSLV23_PADDING), 3 (RSA_NO_PADDING), +4 (RSA_PKCS1_OAEP_PADDING), 5 (RSA_X931_PADDING), 6 (RSA_PKCS1_PSS_PADDING) and +7 (RSA_PKCS1_WITH_TLS_PADDING). See EVP_PKEY_CTX_set_rsa_padding(3) for +further details.

    +
    +
    "digest" (OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST) <UTF8 string>
    + +
    +

    Gets or sets the name of the OAEP digest algorithm used when OAEP padding is in +use.

    +
    +
    "digest-props" (OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS) <UTF8 string>
    + +
    +

    Gets or sets the properties to use when fetching the OAEP digest algorithm.

    +
    +
    "mgf1-digest" (OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST) <UTF8 string>
    + +
    +

    Gets or sets the name of the MGF1 digest algorithm used when OAEP or PSS padding +is in use.

    +
    +
    "mgf1-digest-props" (OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS) <UTF8 string>
    + +
    +

    Gets or sets the properties to use when fetching the MGF1 digest algorithm.

    +
    +
    "oaep-label" (OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL) <octet string>
    + +
    +

    Gets or sets the OAEP label used when OAEP padding is in use.

    +
    +
    "oaep-label-len" (OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL_LEN) <size_t>
    + +
    +

    Gets the length of an OAEP label when OAEP padding is in use.

    +
    +
    "tls-client-version" (OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION) <unsigned integer>
    + +
    +

    The TLS protocol version first requested by the client. See +RSA_PKCS1_WITH_TLS_PADDING on the page EVP_PKEY_CTX_set_rsa_padding(3).

    +
    +
    "tls-negotiated-version" (OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION) <unsigned integer>
    + +
    +

    The negotiated TLS protocol version. See +RSA_PKCS1_WITH_TLS_PADDING on the page EVP_PKEY_CTX_set_rsa_padding(3).

    +
    +
    +

    OP_asym_cipher_gettable_ctx_params() and OP_asym_cipher_settable_ctx_params() +get a constant OSSL_PARAM array that describes the gettable and settable +parameters, i.e. parameters that can be used with OP_asym_cipherget_ctx_params() +and OP_asym_cipher_set_ctx_params() respectively. +See OSSL_PARAM(3) for the use of OSSL_PARAM as parameter descriptor.

    +

    +

    +
    +

    RETURN VALUES

    +

    OP_asym_cipher_newctx() and OP_asym_cipher_dupctx() should return the newly +created provider side asymmetric cipher context, or NULL on failure.

    +

    All other functions should return 1 for success or 0 on error.

    +

    +

    +
    +

    SEE ALSO

    +

    provider(7)

    +

    +

    +
    +

    HISTORY

    +

    The provider ASYM_CIPHER interface was introduced in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man7/provider-base.html b/linux_amd64/share/doc/openssl/html/man7/provider-base.html new file mode 100755 index 0000000..b05a1b6 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man7/provider-base.html @@ -0,0 +1,523 @@ + + + + +provider-base + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    provider-base +- The basic OpenSSL library <-> provider functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/core_numbers.h>
    +
    + /*
+  * None of these are actual functions, but are displayed like this for
+  * the function signatures for functions that are offered as function
+  * pointers in OSSL_DISPATCH arrays.
+  */
    +
    + /* Functions offered by libcrypto to the providers */
+ const OSSL_ITEM *core_gettable_params(const OSSL_PROVIDER *prov);
+ int core_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[]);
+ int core_thread_start(const OSSL_PROVIDER *prov,
+                       OSSL_thread_stop_handler_fn handfn);
+ OPENSSL_CTX *core_get_library_context(const OSSL_PROVIDER *prov);
+ void core_new_error(const OSSL_PROVIDER *prov);
+ void core_set_error_debug(const OSSL_PROVIDER *prov,
+                           const char *file, int line, const char *func);
+ void core_vset_error(const OSSL_PROVIDER *prov,
+                      uint32_t reason, const char *fmt, va_list args);
    +
    + /*
+  * Some OpenSSL functionality is directly offered to providers via
+  * dispatch
+  */
+ void *CRYPTO_malloc(size_t num, const char *file, int line);
+ void *CRYPTO_zalloc(size_t num, const char *file, int line);
+ void *CRYPTO_memdup(const void *str, size_t siz,
+                     const char *file, int line);
+ char *CRYPTO_strdup(const char *str, const char *file, int line);
+ char *CRYPTO_strndup(const char *str, size_t s,
+                      const char *file, int line);
+ void CRYPTO_free(void *ptr, const char *file, int line);
+ void CRYPTO_clear_free(void *ptr, size_t num,
+                        const char *file, int line);
+ void *CRYPTO_realloc(void *addr, size_t num,
+                      const char *file, int line);
+ void *CRYPTO_clear_realloc(void *addr, size_t old_num, size_t num,
+                            const char *file, int line);
+ void *CRYPTO_secure_malloc(size_t num, const char *file, int line);
+ void *CRYPTO_secure_zalloc(size_t num, const char *file, int line);
+ void CRYPTO_secure_free(void *ptr, const char *file, int line);
+ void CRYPTO_secure_clear_free(void *ptr, size_t num,
+                               const char *file, int line);
+ int CRYPTO_secure_allocated(const void *ptr);
+ void OPENSSL_cleanse(void *ptr, size_t len);
+ unsigned char *OPENSSL_hexstr2buf(const char *str, long *len);
    +
    + /* Functions offered by the provider to libcrypto */
+ void provider_teardown(void *provctx);
+ const OSSL_ITEM *provider_gettable_params(void *provctx);
+ int provider_get_params(void *provctx, OSSL_PARAM params[]);
+ const OSSL_ALGORITHM *provider_query_operation(void *provctx,
+                                                int operation_id,
+                                                const int *no_store);
+ const OSSL_ITEM *provider_get_reason_strings(void *provctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    All "functions" mentioned here are passed as function pointers between +libcrypto and the provider in OSSL_DISPATCH arrays, in the call +of the provider initialization function. See provider(7)/Provider +for a description of the initialization function.

    +

    All these "functions" have a corresponding function type definition +named OSSL_{name}_fn, and a helper function to retrieve the +function pointer from a OSSL_DISPATCH element named +OSSL_get_{name}. +For example, the "function" core_gettable_params() has these:

    +
    + typedef OSSL_ITEM *
+     (OSSL_core_gettable_params_fn)(const OSSL_PROVIDER *prov);
+ static ossl_inline OSSL_NAME_core_gettable_params_fn
+     OSSL_get_core_gettable_params(const OSSL_DISPATCH *opf);
    +

    OSSL_DISPATCH arrays are indexed by numbers that are provided as +macros in openssl-core_numbers.h(7), as follows:

    +

    For in (the OSSL_DISPATCH array passed from libcrypto to the +provider):

    +
    + core_gettable_params           OSSL_FUNC_CORE_GETTABLE_PARAMS
+ core_get_params                OSSL_FUNC_CORE_GET_PARAMS
+ core_thread_start              OSSL_FUNC_CORE_THREAD_START
+ core_get_library_context       OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT
+ core_new_error                 OSSL_FUNC_CORE_NEW_ERROR
+ core_set_error_debug           OSSL_FUNC_CORE_SET_ERROR_DEBUG
+ core_set_error                 OSSL_FUNC_CORE_SET_ERROR
+ CRYPTO_malloc                  OSSL_FUNC_CRYPTO_MALLOC
+ CRYPTO_zalloc                  OSSL_FUNC_CRYPTO_ZALLOC
+ CRYPTO_memdup                  OSSL_FUNC_CRYPTO_MEMDUP
+ CRYPTO_strdup                  OSSL_FUNC_CRYPTO_STRDUP
+ CRYPTO_strndup                 OSSL_FUNC_CRYPTO_STRNDUP
+ CRYPTO_free                    OSSL_FUNC_CRYPTO_FREE
+ CRYPTO_clear_free              OSSL_FUNC_CRYPTO_CLEAR_FREE
+ CRYPTO_realloc                 OSSL_FUNC_CRYPTO_REALLOC
+ CRYPTO_clear_realloc           OSSL_FUNC_CRYPTO_CLEAR_REALLOC
+ CRYPTO_secure_malloc           OSSL_FUNC_CRYPTO_SECURE_MALLOC
+ CRYPTO_secure_zalloc           OSSL_FUNC_CRYPTO_SECURE_ZALLOC
+ CRYPTO_secure_free             OSSL_FUNC_CRYPTO_SECURE_FREE
+ CRYPTO_secure_clear_free       OSSL_FUNC_CRYPTO_SECURE_CLEAR_FREE
+ CRYPTO_secure_allocated        OSSL_FUNC_CRYPTO_SECURE_ALLOCATED
+ BIO_new_file                   OSSL_FUNC_BIO_NEW_FILE
+ BIO_new_mem_buf                OSSL_FUNC_BIO_NEW_MEMBUF
+ BIO_read_ex                    OSSL_FUNC_BIO_READ_EX
+ BIO_free                       OSSL_FUNC_BIO_FREE
+ BIO_vprintf                    OSSL_FUNC_BIO_VPRINTF
+ OPENSSL_cleanse                OSSL_FUNC_OPENSSL_CLEANSE
+ OPENSSL_hexstr2buf             OSSL_FUNC_OPENSSL_HEXSTR2BUF
+ OSSL_SELF_TEST_set_callback    OSSL_FUNC_SELF_TEST_CB
    +

    For *out (the OSSL_DISPATCH array passed from the provider to +libcrypto):

    +
    + provider_teardown              OSSL_FUNC_PROVIDER_TEARDOWN
+ provider_gettable_params       OSSL_FUNC_PROVIDER_GETTABLE_PARAMS
+ provider_get_params            OSSL_FUNC_PROVIDER_GET_PARAMS
+ provider_query_operation       OSSL_FUNC_PROVIDER_QUERY_OPERATION
+ provider_get_reason_strings    OSSL_FUNC_PROVIDER_GET_REASON_STRINGS
    +

    +

    +

    Core functions

    +

    core_gettable_params() returns a constant array of descriptor +OSSL_PARAM, for parameters that core_get_params() can handle.

    +

    core_get_params() retrieves prov parameters from the core. +See Core parameters below for a description of currently known +parameters.

    +

    core_get_library_context() retrieves the library context in which the +OSSL_PROVIDER object prov is stored. +This may sometimes be useful if the provider wishes to store a +reference to its context in the same library context.

    +

    core_new_error(), core_set_error_debug() and core_set_error() are +building blocks for reporting an error back to the core, with +reference to the provider object prov.

    +
    +
    core_new_error()
    + +
    +

    allocates a new thread specific error record.

    +

    This corresponds to the OpenSSL function ERR_new(3).

    +
    +
    core_set_error_debug()
    + +
    +

    sets debugging information in the current thread specific error +record. +The debugging information includes the name of the file file, the +line line and the function name func where the error occurred.

    +

    This corresponds to the OpenSSL function ERR_set_debug(3).

    +
    +
    core_set_error()
    + +
    +

    sets the reason for the error, along with any addition data. +The reason is a number defined by the provider and used to index +the reason strings table that's returned by +provider_get_reason_strings(). +The additional data is given as a format string fmt and a set of +arguments args, which are treated in the same manner as with +BIO_vsnprintf(). +file and line may also be passed to indicate exactly where the +error occurred or was reported.

    +

    This corresponds to the OpenSSL function ERR_vset_error(3).

    +
    +
    +

    CRYPTO_malloc(), CRYPTO_zalloc(), CRYPTO_memdup(), CRYPTO_strdup(), +CRYPTO_strndup(), CRYPTO_free(), CRYPTO_clear_free(), +CRYPTO_realloc(), CRYPTO_clear_realloc(), CRYPTO_secure_malloc(), +CRYPTO_secure_zalloc(), CRYPTO_secure_free(), +CRYPTO_secure_clear_free(), CRYPTO_secure_allocated(), +BIO_new_file(), BIO_new_mem_buf(), BIO_read_ex(), BIO_free(), +BIO_vprintf(), OPENSSL_cleanse(), and OPENSSL_hexstr2buf() +correspond exactly to the public functions with the same name. +As a matter of fact, the pointers in the OSSL_DISPATCH array are +direct pointers to those public functions. +OSSL_SELF_TEST_set_callback() is used to set an optional callback that can be +passed into a provider. This may be ignored by a provider.

    +

    +

    +

    Provider functions

    +

    provider_teardown() is called when a provider is shut down and removed +from the core's provider store. +It must free the passed provctx.

    +

    provider_gettable_params() should return a constant array of +descriptor OSSL_PARAM, for parameters that provider_get_params() +can handle.

    +

    provider_get_params() should process the OSSL_PARAM array +params, setting the values of the parameters it understands.

    +

    provider_query_operation() should return a constant OSSL_ALGORITHM +that corresponds to the given operation_id. +It should indicate if the core may store a reference to this array by +setting *no_store to 0 (core may store a reference) or 1 (core may +not store a reference).

    +

    provider_get_reason_strings() should return a constant OSSL_ITEM +array that provides reason strings for reason codes the provider may +use when reporting errors using core_put_error().

    +

    None of these functions are mandatory, but a provider is fairly +useless without at least provider_query_operation(), and +provider_gettable_params() is fairly useless if not accompanied by +provider_get_params().

    +

    +

    +

    Core parameters

    +

    core_get_params() understands the following known parameters:

    +
    +
    "openssl-version"
    + +
    +

    This is a OSSL_PARAM_UTF8_PTR type of parameter, pointing at the +OpenSSL libraries' full version string, i.e. the string expanded from +the macro OPENSSL_VERSION_STR.

    +
    +
    "provider-name"
    + +
    +

    This is a OSSL_PARAM_UTF8_PTR type of parameter, pointing at the +OpenSSL libraries' idea of what the calling provider is called.

    +
    +
    +

    Additionally, provider specific configuration parameters from the +config file are available, in dotted name form. +The dotted name form is a concatenation of section names and final +config command name separated by periods.

    +

    For example, let's say we have the following config example:

    +
    + openssl_conf = openssl_init
    +
    + [openssl_init]
+ providers = providers_sect
    +
    + [providers_sect]
+ foo = foo_sect
    +
    + [foo_sect]
+ activate = 1
+ data1 = 2
+ data2 = str
+ more = foo_more
    +
    + [foo_more]
+ data3 = foo,bar
    +

    The provider will have these additional parameters available:

    +
    +
    "activate"
    + +
    +

    pointing at the string "1"

    +
    +
    "data1"
    + +
    +

    pointing at the string "2"

    +
    +
    "data2"
    + +
    +

    pointing at the string "str"

    +
    +
    "more.data3"
    + +
    +

    pointing at the string "foo,bar"

    +
    +
    +

    For more information on handling parameters, see OSSL_PARAM(3) as +OSSL_PARAM_int(3).

    +

    +

    +
    +

    EXAMPLES

    +

    This is an example of a simple provider made available as a +dynamically loadable module. +It implements the fictitious algorithm FOO for the fictitious +operation BAR.

    +
    + #include <malloc.h>
+ #include <openssl/core.h>
+ #include <openssl/core_numbers.h>
    +
    + /* Errors used in this provider */
+ #define E_MALLOC       1
    +
    + static const OSSL_ITEM reasons[] = {
+     { E_MALLOC, "memory allocation failure" }.
+     { 0, NULL } /* Termination */
+ };
    +
    + /*
+  * To ensure we get the function signature right, forward declare
+  * them using function types provided by openssl/core_numbers.h
+  */
+ OSSL_OP_bar_newctx_fn foo_newctx;
+ OSSL_OP_bar_freectx_fn foo_freectx;
+ OSSL_OP_bar_init_fn foo_init;
+ OSSL_OP_bar_update_fn foo_update;
+ OSSL_OP_bar_final_fn foo_final;
    +
    + OSSL_provider_query_operation_fn p_query;
+ OSSL_provider_get_reason_strings_fn p_reasons;
+ OSSL_provider_teardown_fn p_teardown;
    +
    + OSSL_provider_init_fn OSSL_provider_init;
    +
    + OSSL_core_put_error *c_put_error = NULL;
    +
    + /* Provider context */
+ struct prov_ctx_st {
+     OSSL_PROVIDER *prov;
+ }
    +
    + /* operation context for the algorithm FOO */
+ struct foo_ctx_st {
+     struct prov_ctx_st *provctx;
+     int b;
+ };
    +
    + static void *foo_newctx(void *provctx)
+ {
+     struct foo_ctx_st *fooctx = malloc(sizeof(*fooctx));
    +
    +     if (fooctx != NULL)
+         fooctx->provctx = provctx;
+     else
+         c_put_error(provctx->prov, E_MALLOC, __FILE__, __LINE__);
+     return fooctx;
+ }
    +
    + static void foo_freectx(void *fooctx)
+ {
+     free(fooctx);
+ }
    +
    + static int foo_init(void *vfooctx)
+ {
+     struct foo_ctx_st *fooctx = vfooctx;
    +
    +     fooctx->b = 0x33;
+ }
    +
    + static int foo_update(void *vfooctx, unsigned char *in, size_t inl)
+ {
+     struct foo_ctx_st *fooctx = vfooctx;
    +
    +     /* did you expect something serious? */
+     if (inl == 0)
+         return 1;
+     for (; inl-- > 0; in++)
+         *in ^= fooctx->b;
+     return 1;
+ }
    +
    + static int foo_final(void *vfooctx)
+ {
+     struct foo_ctx_st *fooctx = vfooctx;
    +
    +     fooctx->b = 0x66;
+ }
    +
    + static const OSSL_DISPATCH foo_fns[] = {
+     { OSSL_FUNC_BAR_NEWCTX, (void (*)(void))foo_newctx },
+     { OSSL_FUNC_BAR_FREECTX, (void (*)(void))foo_freectx },
+     { OSSL_FUNC_BAR_INIT, (void (*)(void))foo_init },
+     { OSSL_FUNC_BAR_UPDATE, (void (*)(void))foo_update },
+     { OSSL_FUNC_BAR_FINAL, (void (*)(void))foo_final },
+     { 0, NULL }
+ };
    +
    + static const OSSL_ALGORITHM bars[] = {
+     { "FOO", "provider=chumbawamba", foo_fns },
+     { NULL, NULL, NULL }
+ };
    +
    + static const OSSL_ALGORITHM *p_query(void *provctx, int operation_id,
+                                      int *no_store)
+ {
+     switch (operation_id) {
+     case OSSL_OP_BAR:
+         return bars;
+     }
+     return NULL;
+ }
    +
    + static const OSSL_ITEM *p_reasons(void *provctx)
+ {
+     return reasons;
+ }
    +
    + static void p_teardown(void *provctx)
+ {
+     free(provctx);
+ }
    +
    + static const OSSL_DISPATCH prov_fns[] = {
+     { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))p_teardown },
+     { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))p_query },
+     { OSSL_FUNC_PROVIDER_GET_REASON_STRINGS, (void (*)(void))p_reasons },
+     { 0, NULL }
+ };
    +
    + int OSSL_provider_init(const OSSL_PROVIDER *provider,
+                        const OSSL_DISPATCH *in,
+                        const OSSL_DISPATCH **out,
+                        void **provctx)
+ {
+     struct prov_ctx_st *pctx = NULL;
    +
    +     for (; in->function_id != 0; in++)
+         switch (in->function_id) {
+         case OSSL_FUNC_CORE_PUT_ERROR:
+             c_put_error = OSSL_get_core_put_error(in);
+             break;
+         }
    +
    +     *out = prov_fns;
    +
    +     if ((pctx = malloc(sizeof(*pctx))) == NULL) {
+         /*
+          * ALEA IACTA EST, if the core retrieves the reason table
+          * regardless, that string will be displayed, otherwise not.
+          */
+         c_put_error(provider, E_MALLOC, __FILE__, __LINE__);
+         return 0;
+     }
+     return 1;
+ }
    +

    This relies on a few things existing in openssl/core_numbers.h:

    +
    + #define OSSL_OP_BAR            4711
    +
    + #define OSSL_FUNC_BAR_NEWCTX      1
+ typedef void *(OSSL_OP_bar_newctx_fn)(void *provctx);
+ static ossl_inline OSSL_get_bar_newctx(const OSSL_DISPATCH *opf)
+ { return (OSSL_OP_bar_newctx_fn *)opf->function; }
    +
    + #define OSSL_FUNC_BAR_FREECTX     2
+ typedef void (OSSL_OP_bar_freectx_fn)(void *ctx);
+ static ossl_inline OSSL_get_bar_newctx(const OSSL_DISPATCH *opf)
+ { return (OSSL_OP_bar_freectx_fn *)opf->function; }
    +
    + #define OSSL_FUNC_BAR_INIT        3
+ typedef void *(OSSL_OP_bar_init_fn)(void *ctx);
+ static ossl_inline OSSL_get_bar_init(const OSSL_DISPATCH *opf)
+ { return (OSSL_OP_bar_init_fn *)opf->function; }
    +
    + #define OSSL_FUNC_BAR_UPDATE      4
+ typedef void *(OSSL_OP_bar_update_fn)(void *ctx,
+                                       unsigned char *in, size_t inl);
+ static ossl_inline OSSL_get_bar_update(const OSSL_DISPATCH *opf)
+ { return (OSSL_OP_bar_update_fn *)opf->function; }
    +
    + #define OSSL_FUNC_BAR_FINAL       5
+ typedef void *(OSSL_OP_bar_final_fn)(void *ctx);
+ static ossl_inline OSSL_get_bar_final(const OSSL_DISPATCH *opf)
+ { return (OSSL_OP_bar_final_fn *)opf->function; }
    +

    +

    +
    +

    SEE ALSO

    +

    provider(7)

    +

    +

    +
    +

    HISTORY

    +

    The concept of providers and everything surrounding them was +introduced in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man7/provider-cipher.html b/linux_amd64/share/doc/openssl/html/man7/provider-cipher.html new file mode 100755 index 0000000..a8e3014 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man7/provider-cipher.html @@ -0,0 +1,491 @@ + + + + +provider-cipher + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    provider-cipher - The cipher library <-> provider functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/core_numbers.h>
+ #include <openssl/core_names.h>
    +
    + /*
+  * None of these are actual functions, but are displayed like this for
+  * the function signatures for functions that are offered as function
+  * pointers in OSSL_DISPATCH arrays.
+  */
    +
    + /* Context management */
+ void *OP_cipher_newctx(void *provctx);
+ void OP_cipher_freectx(void *cctx);
+ void *OP_cipher_dupctx(void *cctx);
    +
    + /* Encryption/decryption */
+ int OP_cipher_encrypt_init(void *cctx, const unsigned char *key,
+                            size_t keylen, const unsigned char *iv,
+                            size_t ivlen);
+ int OP_cipher_decrypt_init(void *cctx, const unsigned char *key,
+                            size_t keylen, const unsigned char *iv,
+                            size_t ivlen);
+ int OP_cipher_update(void *cctx, unsigned char *out, size_t *outl,
+                      size_t outsize, const unsigned char *in, size_t inl);
+ int OP_cipher_final(void *cctx, unsigned char *out, size_t *outl,
+                     size_t outsize);
+ int OP_cipher_cipher(void *cctx, unsigned char *out, size_t *outl,
+                      size_t outsize, const unsigned char *in, size_t inl);
    +
    + /* Cipher parameter descriptors */
+ const OSSL_PARAM *OP_cipher_gettable_params(void);
    +
    + /* Cipher operation parameter descriptors */
+ const OSSL_PARAM *OP_cipher_gettable_ctx_params(void);
+ const OSSL_PARAM *OP_cipher_settable_ctx_params(void);
    +
    + /* Cipher parameters */
+ int OP_cipher_get_params(OSSL_PARAM params[]);
    +
    + /* Cipher operation parameters */
+ int OP_cipher_get_ctx_params(void *cctx, OSSL_PARAM params[]);
+ int OP_cipher_set_ctx_params(void *cctx, const OSSL_PARAM params[]);
    +

    +

    +
    +

    DESCRIPTION

    +

    This documentation is primarily aimed at provider authors. See provider(7) +for further information.

    +

    The CIPHER operation enables providers to implement cipher algorithms and make +them available to applications via the API functions EVP_EncryptInit_ex(3), +EVP_EncryptUpdate(3) and EVP_EncryptFinal(3) (as well as the decrypt +equivalents and other related functions).

    +

    All "functions" mentioned here are passed as function pointers between +libcrypto and the provider in OSSL_DISPATCH arrays via +OSSL_ALGORITHM arrays that are returned by the provider's +provider_query_operation() function +(see provider-base(7)/Provider Functions).

    +

    All these "functions" have a corresponding function type definition +named OSSL_{name}_fn, and a helper function to retrieve the +function pointer from an OSSL_DISPATCH element named +OSSL_get_{name}. +For example, the "function" OP_cipher_newctx() has these:

    +
    + typedef void *(OSSL_OP_cipher_newctx_fn)(void *provctx);
+ static ossl_inline OSSL_OP_cipher_newctx_fn
+     OSSL_get_OP_cipher_newctx(const OSSL_DISPATCH *opf);
    +

    OSSL_DISPATCH arrays are indexed by numbers that are provided as +macros in openssl-core_numbers.h(7), as follows:

    +
    + OP_cipher_newctx               OSSL_FUNC_CIPHER_NEWCTX
+ OP_cipher_freectx              OSSL_FUNC_CIPHER_FREECTX
+ OP_cipher_dupctx               OSSL_FUNC_CIPHER_DUPCTX
    +
    + OP_cipher_encrypt_init         OSSL_FUNC_CIPHER_ENCRYPT_INIT
+ OP_cipher_decrypt_init         OSSL_FUNC_CIPHER_DECRYPT_INIT
+ OP_cipher_update               OSSL_FUNC_CIPHER_UPDATE
+ OP_cipher_final                OSSL_FUNC_CIPHER_FINAL
+ OP_cipher_cipher               OSSL_FUNC_CIPHER_CIPHER
    +
    + OP_cipher_get_params           OSSL_FUNC_CIPHER_GET_PARAMS
+ OP_cipher_get_ctx_params       OSSL_FUNC_CIPHER_GET_CTX_PARAMS
+ OP_cipher_set_ctx_params       OSSL_FUNC_CIPHER_SET_CTX_PARAMS
    +
    + OP_cipher_gettable_params      OSSL_FUNC_CIPHER_GETTABLE_PARAMS
+ OP_cipher_gettable_ctx_params  OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS
+ OP_cipher_settable_ctx_params  OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS
    +

    A cipher algorithm implementation may not implement all of these functions. +In order to be a consistent set of functions there must at least be a complete +set of "encrypt" functions, or a complete set of "decrypt" functions, or a +single "cipher" function. +In all cases both the OP_cipher_newctx and OP_cipher_freectx functions must be +present. +All other functions are optional.

    +

    +

    +

    Context Management Functions

    +

    OP_cipher_newctx() should create and return a pointer to a provider side +structure for holding context information during a cipher operation. +A pointer to this context will be passed back in a number of the other cipher +operation function calls. +The parameter provctx is the provider context generated during provider +initialisation (see provider(7)).

    +

    OP_cipher_freectx() is passed a pointer to the provider side cipher context in +the cctx parameter. +This function should free any resources associated with that context.

    +

    OP_cipher_dupctx() should duplicate the provider side cipher context in the +cctx parameter and return the duplicate copy.

    +

    +

    +

    Encryption/Decryption Functions

    +

    OP_cipher_encrypt_init() initialises a cipher operation for encryption given a +newly created provider side cipher context in the cctx parameter. +The key to be used is given in key which is keylen bytes long. +The IV to be used is given in iv which is ivlen bytes long.

    +

    OP_cipher_decrypt_init() is the same as OP_cipher_encrypt_init() except that it +initialises the context for a decryption operation.

    +

    OP_cipher_update() is called to supply data to be encrypted/decrypted as part of +a previously initialised cipher operation. +The cctx parameter contains a pointer to a previously initialised provider +side context. +OP_cipher_update() should encrypt/decrypt inl bytes of data at the location +pointed to by in. +The encrypted data should be stored in out and the amount of data written to +*outl which should not exceed outsize bytes. +OP_cipher_update() may be called multiple times for a single cipher operation. +It is the responsibility of the cipher implementation to handle input lengths +that are not multiples of the block length. +In such cases a cipher implementation will typically cache partial blocks of +input data until a complete block is obtained. +out may be the same location as in but it should not partially overlap. +The same expectations apply to outsize as documented for +EVP_EncryptUpdate(3) and EVP_DecryptUpdate(3).

    +

    OP_cipher_final() completes an encryption or decryption started through previous +OP_cipher_encrypt_init() or OP_cipher_decrypt_init(), and OP_cipher_update() +calls. +The cctx parameter contains a pointer to the provider side context. +Any final encryption/decryption output should be written to out and the +amount of data written to *outl which should not exceed outsize bytes. +The same expectations apply to outsize as documented for +EVP_EncryptFinal(3) and EVP_DecryptFinal(3).

    +

    OP_cipher_cipher() performs encryption/decryption using the provider side cipher +context in the cctx parameter that should have been previously initialised via +a call to OP_cipher_encrypt_init() or OP_cipher_decrypt_init(). +This should call the raw underlying cipher function without any padding. +This will be invoked in the provider as a result of the application calling +EVP_Cipher(3). +The application is responsible for ensuring that the input is a multiple of the +block length. +The data to be encrypted/decrypted will be in in, and it will be inl bytes +in length. +The output from the encryption/decryption should be stored in out and the +amount of data stored should be put in *outl which should be no more than +outsize bytes.

    +

    +

    +

    Cipher Parameters

    +

    See OSSL_PARAM(3) for further details on the parameters structure used by +these functions.

    +

    OP_cipher_get_params() gets details of the algorithm implementation +and stores them in params.

    +

    OP_cipher_set_ctx_params() sets cipher operation parameters for the +provider side cipher context cctx to params. +Any parameter settings are additional to any that were previously set.

    +

    OP_cipher_get_ctx_params() gets cipher operation details details from +the given provider side cipher context cctx and stores them in params.

    +

    OP_cipher_gettable_params(), OP_cipher_gettable_ctx_params(), and +OP_cipher_settable_ctx_params() all return constant OSSL_PARAM arrays +as descriptors of the parameters that OP_cipher_get_params(), +OP_cipher_get_ctx_params(), and OP_cipher_set_ctx_params() can handle, +respectively.

    +

    Parameters currently recognised by built-in ciphers are as follows. Not all +parameters are relevant to, or are understood by all ciphers:

    +
    +
    "padding" (OSSL_CIPHER_PARAM_PADDING) <unsigned integer>
    + +
    +

    Sets the padding mode for the associated cipher ctx. +Setting a value of 1 will turn padding on. +Setting a value of 0 will turn padding off.

    +
    +
    "mode" (OSSL_CIPHER_PARAM_MODE) <unsigned integer>
    + +
    +

    Gets the mode for the associated cipher algorithm. +See EVP_CIPHER_mode(3) for a list of valid modes.

    +
    +
    "blocksize" (OSSL_CIPHER_PARAM_BLOCK_SIZE) <unsigned integer>
    + +
    +

    Gets the block size for the associated cipher algorithm. +The block size should be 1 for stream ciphers. +Note that the block size for a cipher may be different to the block size for +the underlying encryption/decryption primitive. +For example AES in CTR mode has a block size of 1 (because it operates like a +stream cipher), even though AES has a block size of 16. +The length of the "blocksize" parameter should not exceed that of a size_t.

    +
    +
    "flags" (OSSL_CIPHER_PARAM_FLAGS) <unsigned integer>
    + +
    +

    Gets any flags for the associated cipher algorithm. +See EVP_CIPHER_meth_set_flags(3) for a list of currently defined cipher +flags. +The length of the "flags" parameter should equal that of an +unsigned long int.

    +
    +
    "keylen" (OSSL_CIPHER_PARAM_KEYLEN) <unsigned integer>
    + +
    +

    Gets the key length for the associated cipher algorithm. +This can also be used to get or set the key length for the associated cipher +ctx. +The length of the "keylen" parameter should not exceed that of a size_t.

    +
    +
    "ivlen" (OSSL_CIPHER_PARAM_IVLEN) <unsigned integer>
    + +
    +

    Gets the IV length for the associated cipher algorithm. +The length of the "ivlen" parameter should not exceed that of a size_t.

    +
    +
    "iv" (OSSL_CIPHER_PARAM_IV) <octet string OR octet ptr>
    + +
    +

    Gets the IV for the associated cipher ctx.

    +
    +
    "num" (OSSL_CIPHER_PARAM_NUM) <unsigned integer>
    + +
    +

    Gets or sets the cipher specific "num" parameter for the associated cipher ctx. +Built-in ciphers typically use this to track how much of the current underlying +block has been "used" already.

    +
    +
    "tag" (OSSL_CIPHER_PARAM_AEAD_TAG) <octet string>
    + +
    +

    Gets or sets the AEAD tag for the associated cipher ctx. +See EVP_EncryptInit(3)/AEAD Interface.

    +
    +
    "taglen" (OSSL_CIPHER_PARAM_AEAD_TAGLEN) <unsigned integer>
    + +
    +

    Gets the tag length to be used for an AEAD cipher for the associated cipher ctx. +It returns a default value if it has not been set. +The length of the "taglen" parameter should not exceed that of a size_t.

    +
    +
    "tlsaad" (OSSL_CIPHER_PARAM_AEAD_TLS1_AAD) <octet string>
    + +
    +

    Sets TLSv1.2 AAD information for the associated cipher ctx. +TLSv1.2 AAD information is always 13 bytes in length and is as defined for the +"additional_data" field described in section 6.2.3.3 of RFC5246.

    +
    +
    "tlsaadpad" (OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD) <unsigned integer>
    + +
    +

    Gets the length of the tag that will be added to a TLS record for the AEAD +tag for the associated cipher ctx. +The length of the "tlsaadpad" parameter should not exceed that of a size_t.

    +
    +
    "tlsivfixed" (OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED) <octet string>
    + +
    +

    Sets the fixed portion of an IV for an AEAD cipher used in a TLS record +encryption/ decryption for the associated cipher ctx. +TLS record encryption/decryption always occurs "in place" so that the input and +output buffers are always the same memory location. +AEAD IVs in TLSv1.2 consist of an implicit "fixed" part and an explicit part +that varies with every record. +Setting a TLS fixed IV changes a cipher to encrypt/decrypt TLS records. +TLS records are encrypted/decrypted using a single OP_cipher_cipher call per +record. +For a record decryption the first bytes of the input buffer will be the explicit +part of the IV and the final bytes of the input buffer will be the AEAD tag. +The length of the explicit part of the IV and the tag length will depend on the +cipher in use and will be defined in the RFC for the relevant ciphersuite. +In order to allow for "in place" decryption the plaintext output should be +written to the same location in the output buffer that the ciphertext payload +was read from, i.e. immediately after the explicit IV.

    +

    When encrypting a record the first bytes of the input buffer will be empty to +allow space for the explicit IV, as will the final bytes where the tag will +be written. +The length of the input buffer will include the length of the explicit IV, the +payload, and the tag bytes. +The cipher implementation should generate the explicit IV and write it to the +beginning of the output buffer, do "in place" encryption of the payload and +write that to the output buffer, and finally add the tag onto the end of the +output buffer.

    +

    Whether encrypting or decrypting the value written to *outl in the +OP_cipher_cipher call should be the length of the payload excluding the explicit +IV length and the tag length.

    +
    +
    "ivlen" (OSSL_CIPHER_PARAM_AEAD_IVLEN) <unsigned integer>
    + +
    +

    Sets the IV length to be used for an AEAD cipher for the associated cipher ctx. +The length of the "ivlen" parameter should not exceed that of a size_t.

    +
    +
    "mackey" (OSSL_CIPHER_PARAM_AEAD_MAC_KEY) <octet string>
    + +
    +

    Sets the MAC key used by composite AEAD ciphers such as AES-CBC-HMAC-SHA256.

    +
    +
    "randkey" (OSSL_CIPHER_PARAM_RANDOM_KEY) <octet string>
    + +
    +

    Gets a implementation specific randomly generated key for the associated +cipher ctx. This is currently only supported by 3DES (which sets the key to +odd parity).

    +
    +
    "alg_id_param" (OSSL_CIPHER_PARAM_ALG_ID) <octet string>
    + +
    +

    Used to pass the DER encoded AlgorithmIdentifier parameter to or from +the cipher implementation. Functions like EVP_CIPHER_param_to_asn1(3) +and EVP_CIPHER_asn1_to_param(3) use this parameter for any implementation +that has the flag EVP_CIPH_FLAG_CUSTOM_ASN1 set.

    +
    +
    "rounds" (OSSL_CIPHER_PARAM_ROUNDS) <unsigned integer>
    + +
    +

    Sets or gets the number of rounds to be used for a cipher. +This is used by the RC5 cipher.

    +
    +
    "keybits" (OSSL_CIPHER_PARAM_RC2_KEYBITS) <unsigned integer>
    + +
    +

    Gets or sets the effective keybits used for a RC2 cipher. +The length of the "keybits" parameter should not exceed that of a size_t.

    +
    +
    "speed" (OSSL_CIPHER_PARAM_SPEED) <unsigned integer>
    + +
    +

    Sets the speed option for the associated cipher ctx. This is only supported +by AES SIV ciphers which disallow multiple operations by default. +Setting "speed" to 1 allows another encrypt or decrypt operation to be +performed. This is used for performance testing.

    +
    +
    "tlsivgen" (OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN) <octet string>
    + +
    +

    Gets the invocation field generated for encryption. +Can only be called after "tlsivfixed" is set. +This is only used for GCM mode.

    +
    +
    "tlsivinv" (OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV) <octet string>
    + +
    +

    Sets the invocation field used for decryption. +Can only be called after "tlsivfixed" is set. +This is only used for GCM mode.

    +
    +
    "tls1multi_enc" (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC) <octet string>
    + +
    +

    Triggers a multiblock tls1 encrypt operation for a tls1 aware cipher that supports +sending 4 or 8 records in one go. +The cipher performs both the MAC and encrypt stages and constructs the record +headers itself. +"tls1multi_enc" supplies the output buffer for the encrypt operation, +"tls1multi_encin" & "tls1multi_interleave" must also be set in order to supply +values to the encrypt operation.

    +
    +
    "tls1multi_enclen" (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN) <unsigned integer>
    + +
    +

    Get the total length of the record returned from the "tls1multi_enc" operation.

    +
    +
    "tls1multi_interleave" (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE) <unsigned integer>
    + +
    +

    Sets or gets the number of records being sent in one go for a tls1 multiblock +cipher operation (either 4 or 8 records).

    +
    +
    "tls1multi_encin" (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN) <octet string>
    + +
    +

    Supplies the data to encrypt for a tls1 multiblock cipher operation.

    +
    +
    "tls1multi_maxsndfrag" (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT) <unsigned integer>
    + +
    +

    Sets the maximum send fragment size for a tls1 multiblock cipher operation. +It must be set before using "tls1multi_maxbufsz". +The length of the "tls1multi_maxsndfrag" parameter should not exceed that of a size_t.

    +
    +
    "tls1multi_maxbufsz" (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE) <unsigned integer>
    + +
    +

    Gets the maximum record length for a tls1 multiblock cipher operation. +The length of the "tls1multi_maxbufsz" parameter should not exceed that of a size_t.

    +
    +
    "tls1multi_aad" (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD) <octet string>
    + +
    +

    Sets the authenticated additional data used by a tls1 multiblock cipher operation. +The supplied data consists of 13 bytes of record data containing: +Bytes 0-7: The sequence number of the first record +Byte 8: The record type +Byte 9-10: The protocol version +Byte 11-12: Input length (Always 0)

    +

    "tls1multi_interleave" must also be set for this operation.

    +
    +
    "tls1multi_aadpacklen" (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN) <unsigned integer>
    + +
    +

    Gets the result of running the "tls1multi_aad" operation.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    OP_cipher_newctx() and OP_cipher_dupctx() should return the newly created +provider side cipher context, or NULL on failure.

    +

    OP_cipher_encrypt_init(), OP_cipher_decrypt_init(), OP_cipher_update(), +OP_cipher_final(), OP_cipher_cipher(), OP_cipher_get_params(), +OP_cipher_get_ctx_params() and OP_cipher_set_ctx_params() should return 1 for +success or 0 on error.

    +

    OP_cipher_gettable_params(), OP_cipher_gettable_ctx_params() and +OP_cipher_settable_ctx_params() should return a constant OSSL_PARAM +array, or NULL if none is offered.

    +

    +

    +
    +

    SEE ALSO

    +

    provider(7)

    +

    +

    +
    +

    HISTORY

    +

    The provider CIPHER interface was introduced in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man7/provider-digest.html b/linux_amd64/share/doc/openssl/html/man7/provider-digest.html new file mode 100755 index 0000000..e26b7a4 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man7/provider-digest.html @@ -0,0 +1,329 @@ + + + + +provider-digest + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    provider-digest - The digest library <-> provider functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/core_numbers.h>
+ #include <openssl/core_names.h>
    +
    + /*
+  * Digests support the following function signatures in OSSL_DISPATCH arrays.
+  * (The function signatures are not actual functions).
+  */
    +
    + /* Context management */
+ void *OP_digest_newctx(void *provctx);
+ void OP_digest_freectx(void *dctx);
+ void *OP_digest_dupctx(void *dctx);
    +
    + /* Digest generation */
+ int OP_digest_init(void *dctx);
+ int OP_digest_update(void *dctx, const unsigned char *in, size_t inl);
+ int OP_digest_final(void *dctx, unsigned char *out, size_t *outl,
+                     size_t outsz);
+ int OP_digest_digest(void *provctx, const unsigned char *in, size_t inl,
+                      unsigned char *out, size_t *outl, size_t outsz);
    +
    + /* Digest parameter descriptors */
+ const OSSL_PARAM *OP_digest_gettable_params(void);
    +
    + /* Digest operation parameter descriptors */
+ const OSSL_PARAM *OP_digest_gettable_ctx_params(void);
+ const OSSL_PARAM *OP_digest_settable_ctx_params(void);
    +
    + /* Digest parameters */
+ int OP_digest_get_params(OSSL_PARAM params[]);
    +
    + /* Digest operation parameters */
+ int OP_digest_set_ctx_params(void *dctx, const OSSL_PARAM params[]);
+ int OP_digest_get_ctx_params(void *dctx, OSSL_PARAM params[]);
    +

    +

    +
    +

    DESCRIPTION

    +

    This documentation is primarily aimed at provider authors. See provider(7) +for further information.

    +

    The DIGEST operation enables providers to implement digest algorithms and make +them available to applications via the API functions EVP_DigestInit_ex(3), +EVP_DigestUpdate(3) and EVP_DigestFinal(3) (and other related functions).

    +

    All "functions" mentioned here are passed as function pointers between +libcrypto and the provider in OSSL_DISPATCH arrays via +OSSL_ALGORITHM arrays that are returned by the provider's +provider_query_operation() function +(see provider-base(7)/Provider Functions).

    +

    All these "functions" have a corresponding function type definition +named OSSL_{name}_fn, and a helper function to retrieve the +function pointer from an OSSL_DISPATCH element named +OSSL_get_{name}. +For example, the "function" OP_digest_newctx() has these:

    +
    + typedef void *(OSSL_OP_digest_newctx_fn)(void *provctx);
+ static ossl_inline OSSL_OP_digest_newctx_fn
+     OSSL_get_OP_digest_newctx(const OSSL_DISPATCH *opf);
    +

    OSSL_DISPATCH arrays are indexed by numbers that are provided as +macros in openssl-core_numbers.h(7), as follows:

    +
    + OP_digest_newctx               OSSL_FUNC_DIGEST_NEWCTX
+ OP_digest_freectx              OSSL_FUNC_DIGEST_FREECTX
+ OP_digest_dupctx               OSSL_FUNC_DIGEST_DUPCTX
    +
    + OP_digest_init                 OSSL_FUNC_DIGEST_INIT
+ OP_digest_update               OSSL_FUNC_DIGEST_UPDATE
+ OP_digest_final                OSSL_FUNC_DIGEST_FINAL
+ OP_digest_digest               OSSL_FUNC_DIGEST_DIGEST
    +
    + OP_digest_get_params           OSSL_FUNC_DIGEST_GET_PARAMS
+ OP_digest_get_ctx_params       OSSL_FUNC_DIGEST_GET_CTX_PARAMS
+ OP_digest_set_ctx_params       OSSL_FUNC_DIGEST_SET_CTX_PARAMS
    +
    + OP_digest_gettable_params      OSSL_FUNC_DIGEST_GETTABLE_PARAMS
+ OP_digest_gettable_ctx_params  OSSL_FUNC_DIGEST_GETTABLE_CTX_PARAMS
+ OP_digest_settable_ctx_params  OSSL_FUNC_DIGEST_SETTABLE_CTX_PARAMS
    +

    A digest algorithm implementation may not implement all of these functions. +In order to be usable all or none of OP_digest_newctx, OP_digest_freectx, +OP_digest_init, OP_digest_update and OP_digest_final should be implemented. +All other functions are optional.

    +

    +

    +

    Context Management Functions

    +

    OP_digest_newctx() should create and return a pointer to a provider side +structure for holding context information during a digest operation. +A pointer to this context will be passed back in a number of the other digest +operation function calls. +The parameter provctx is the provider context generated during provider +initialisation (see provider(7)).

    +

    OP_digest_freectx() is passed a pointer to the provider side digest context in +the dctx parameter. +This function should free any resources associated with that context.

    +

    OP_digest_dupctx() should duplicate the provider side digest context in the +dctx parameter and return the duplicate copy.

    +

    +

    +

    Digest Generation Functions

    +

    OP_digest_init() initialises a digest operation given a newly created +provider side digest context in the dctx parameter.

    +

    OP_digest_update() is called to supply data to be digested as part of a +previously initialised digest operation. +The dctx parameter contains a pointer to a previously initialised provider +side context. +OP_digest_update() should digest inl bytes of data at the location pointed to +by in. +OP_digest_update() may be called multiple times for a single digest operation.

    +

    OP_digest_final() generates a digest started through previous OP_digest_init() +and OP_digest_update() calls. +The dctx parameter contains a pointer to the provider side context. +The digest should be written to *out and the length of the digest to +*outl. +The digest should not exceed outsz bytes.

    +

    OP_digest_digest() is a "oneshot" digest function. +No provider side digest context is used. +Instead the provider context that was created during provider initialisation is +passed in the provctx parameter (see provider(7)). +inl bytes at in should be digested and the result should be stored at +out. The length of the digest should be stored in *outl which should not +exceed outsz bytes.

    +

    +

    +

    Digest Parameters

    +

    See OSSL_PARAM(3) for further details on the parameters structure used by +these functions.

    +

    OP_digest_get_params() gets details of the algorithm implementation +and stores them in params.

    +

    OP_digest_set_ctx_params() sets digest operation parameters for the +provider side digest context dctx to params. +Any parameter settings are additional to any that were previously set.

    +

    OP_digest_get_ctx_params() gets digest operation details details from +the given provider side digest context dctx and stores them in params.

    +

    OP_digest_gettable_params(), OP_digest_gettable_ctx_params(), and +OP_digest_settable_ctx_params() all return constant OSSL_PARAM arrays +as descriptors of the parameters that OP_digest_get_params(), +OP_digest_get_ctx_params(), and OP_digest_set_ctx_params() can handle, +respectively.

    +

    Parameters currently recognised by built-in digests with this function +are as follows. Not all parameters are relevant to, or are understood +by all digests:

    +
    +
    "blocksize" (OSSL_DIGEST_PARAM_BLOCK_SIZE) <unsigned integer>
    + +
    +

    The digest block size. +The length of the "blocksize" parameter should not exceed that of a size_t.

    +
    +
    "size" (OSSL_DIGEST_PARAM_SIZE) <unsigned integer>
    + +
    +

    The digest output size. +The length of the "size" parameter should not exceed that of a size_t.

    +
    +
    "flags" (OSSL_DIGEST_PARAM_FLAGS) <unsigned integer>
    + +
    +

    Diverse flags that describe exceptional behaviour for the digest:

    +
    +
    EVP_MD_FLAG_ONESHOT
    + +
    +

    This digest method can only handle one block of input.

    +
    +
    EVP_MD_FLAG_XOF
    + +
    +

    This digest method is an extensible-output function (XOF) and supports +setting the OSSL_DIGEST_PARAM_XOFLEN parameter.

    +
    +
    EVP_MD_FLAG_DIGALGID_NULL
    + +
    +

    When setting up a DigestAlgorithmIdentifier, this flag will have the +parameter set to NULL by default. Use this for PKCS#1. Note: if +combined with EVP_MD_FLAG_DIGALGID_ABSENT, the latter will override.

    +
    +
    EVP_MD_FLAG_DIGALGID_ABSENT
    + +
    +

    When setting up a DigestAlgorithmIdentifier, this flag will have the +parameter be left absent by default. Note: if combined with +EVP_MD_FLAG_DIGALGID_NULL, the latter will be overridden.

    +
    +
    EVP_MD_FLAG_DIGALGID_CUSTOM
    + +
    +

    Custom DigestAlgorithmIdentifier handling via ctrl, with +EVP_MD_FLAG_DIGALGID_ABSENT as default. Note: if combined with +EVP_MD_FLAG_DIGALGID_NULL, the latter will be overridden. +Currently unused.

    +
    +
    +

    The length of the "flags" parameter should equal that of an +unsigned long int.

    +
    +
    +

    +

    +

    Digest Context Parameters

    +

    OP_digest_set_ctx_params() sets digest parameters associated with the +given provider side digest context dctx to params. +Any parameter settings are additional to any that were previously set. +See OSSL_PARAM(3) for further details on the parameters structure.

    +

    OP_digest_get_ctx_params() gets details of currently set parameters +values associated with the give provider side digest context dctx +and stores them in params. +See OSSL_PARAM(3) for further details on the parameters structure.

    +

    Parameters currently recognised by built-in digests are as follows. Not all +parameters are relevant to, or are understood by all digests:

    +
    +
    "xoflen" (OSSL_DIGEST_PARAM_XOFLEN) <unsigned integer>
    + +
    +

    Sets the digest length for extendable output functions. +The length of the "xoflen" parameter should not exceed that of a size_t.

    +
    +
    "ssl3-ms" (OSSL_DIGEST_PARAM_SSL3_MS) <octet string>
    + +
    +

    This parameter is set by libssl in order to calculate a signature hash for an +SSLv3 CertificateVerify message as per RFC6101. +It is only set after all handshake messages have already been digested via +OP_digest_update() calls. +The parameter provides the master secret value to be added to the digest. +The digest implementation should calculate the complete digest as per RFC6101 +section 5.6.8. +The next call after setting this parameter will be OP_digest_final(). +This is only relevant for implementations of SHA1 or MD5_SHA1.

    +
    +
    "pad_type" (OSSL_DIGEST_PARAM_PAD_TYPE) <unsigned integer>
    + +
    +

    Sets the pad type to be used. +The only built-in digest that uses this is MDC2. +Normally the final MDC2 block is padded with 0s. +If the pad type is set to 2 then the final block is padded with 0x80 followed by +0s.

    +
    +
    "micalg" (OSSL_DIGEST_PARAM_MICALG) <UTF8 string>
    + +
    +

    Gets the digest Message Integrity Check algorithm string. +This is used when creating S/MIME multipart/signed messages, as specified in +RFC 5751.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    OP_digest_newctx() and OP_digest_dupctx() should return the newly created +provider side digest context, or NULL on failure.

    +

    OP_digest_init(), OP_digest_update(), OP_digest_final(), OP_digest_digest(), +OP_digest_set_params() and OP_digest_get_params() should return 1 for success or +0 on error.

    +

    OP_digest_size() should return the digest size.

    +

    OP_digest_block_size() should return the block size of the underlying digest +algorithm.

    +

    +

    +
    +

    SEE ALSO

    +

    provider(7)

    +

    +

    +
    +

    HISTORY

    +

    The provider DIGEST interface was introduced in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man7/provider-keyexch.html b/linux_amd64/share/doc/openssl/html/man7/provider-keyexch.html new file mode 100755 index 0000000..f62386e --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man7/provider-keyexch.html @@ -0,0 +1,290 @@ + + + + +provider-keyexch + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    provider-keyexch - The keyexch library <-> provider functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/core_numbers.h>
+ #include <openssl/core_names.h>
    +
    + /*
+  * None of these are actual functions, but are displayed like this for
+  * the function signatures for functions that are offered as function
+  * pointers in OSSL_DISPATCH arrays.
+  */
    +
    + /* Context management */
+ void *OP_keyexch_newctx(void *provctx);
+ void OP_keyexch_freectx(void *ctx);
+ void *OP_keyexch_dupctx(void *ctx);
    +
    + /* Shared secret derivation */
+ int OP_keyexch_init(void *ctx, void *provkey);
+ int OP_keyexch_set_peer(void *ctx, void *provkey);
+ int OP_keyexch_derive(void *ctx, unsigned char *secret, size_t *secretlen,
+                       size_t outlen);
    +
    + /* Key Exchange parameters */
+ int OP_keyexch_set_ctx_params(void *ctx, const OSSL_PARAM params[]);
+ const OSSL_PARAM *OP_keyexch_settable_ctx_params(void);
+ int OP_keyexch_get_ctx_params(void *ctx, OSSL_PARAM params[]);
+ const OSSL_PARAM *OP_keyexch_gettable_ctx_params(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    This documentation is primarily aimed at provider authors. See provider(7) +for further information.

    +

    The key exchange (OSSL_OP_KEYEXCH) operation enables providers to implement key +exchange algorithms and make them available to applications via +EVP_PKEY_derive(3) and +other related functions).

    +

    All "functions" mentioned here are passed as function pointers between +libcrypto and the provider in OSSL_DISPATCH arrays via +OSSL_ALGORITHM arrays that are returned by the provider's +provider_query_operation() function +(see provider-base(7)/Provider Functions).

    +

    All these "functions" have a corresponding function type definition +named OSSL_{name}_fn, and a helper function to retrieve the +function pointer from an OSSL_DISPATCH element named +OSSL_get_{name}. +For example, the "function" OP_keyexch_newctx() has these:

    +
    + typedef void *(OSSL_OP_keyexch_newctx_fn)(void *provctx);
+ static ossl_inline OSSL_OP_keyexch_newctx_fn
+     OSSL_get_OP_keyexch_newctx(const OSSL_DISPATCH *opf);
    +

    OSSL_DISPATCH arrays are indexed by numbers that are provided as +macros in openssl-core_numbers.h(7), as follows:

    +
    + OP_keyexch_newctx                OSSL_FUNC_KEYEXCH_NEWCTX
+ OP_keyexch_freectx               OSSL_FUNC_KEYEXCH_FREECTX
+ OP_keyexch_dupctx                OSSL_FUNC_KEYEXCH_DUPCTX
    +
    + OP_keyexch_init                  OSSL_FUNC_KEYEXCH_INIT
+ OP_keyexch_set_peer              OSSL_FUNC_KEYEXCH_SET_PEER
+ OP_keyexch_derive                OSSL_FUNC_KEYEXCH_DERIVE
    +
    + OP_keyexch_set_ctx_params        OSSL_FUNC_KEYEXCH_SET_CTX_PARAMS
+ OP_keyexch_settable_ctx_params   OSSL_FUNC_KEYEXCH_SETTABLE_CTX_PARAMS
+ OP_keyexch_get_ctx_params        OSSL_FUNC_KEYEXCH_GET_CTX_PARAMS
+ OP_keyexch_gettable_ctx_params   OSSL_FUNC_KEYEXCH_GETTABLE_CTX_PARAMS
    +

    A key exchange algorithm implementation may not implement all of these functions. +In order to be a consistent set of functions a provider must implement +OP_keyexch_newctx, OP_keyexch_freectx, OP_keyexch_init and OP_keyexch_derive. +All other functions are optional.

    +

    A key exchange algorithm must also implement some mechanism for generating, +loading or importing keys via the key management (OSSL_OP_KEYMGMT) operation. +See provider-keymgmt(7) for further details.

    +

    +

    +

    Context Management Functions

    +

    OP_keyexch_newctx() should create and return a pointer to a provider side +structure for holding context information during a key exchange operation. +A pointer to this context will be passed back in a number of the other key +exchange operation function calls. +The parameter provctx is the provider context generated during provider +initialisation (see provider(7)).

    +

    OP_keyexch_freectx() is passed a pointer to the provider side key exchange +context in the ctx parameter. +This function should free any resources associated with that context.

    +

    OP_keyexch_dupctx() should duplicate the provider side key exchange context in +the ctx parameter and return the duplicate copy.

    +

    +

    +

    Shared Secret Derivation Functions

    +

    OP_keyexch_init() initialises a key exchange operation given a provider side key +exchange context in the ctx parameter, and a pointer to a provider key object +in the provkey parameter. The key object should have been previously +generated, loaded or imported into the provider using the key management +(OSSL_OP_KEYMGMT) operation (see provider-keymgmt(7)>.

    +

    OP_keyexch_set_peer() is called to supply the peer's public key (in the +provkey parameter) to be used when deriving the shared secret. +It is also passed a previously initialised key exchange context in the ctx +parameter. +The key object should have been previously generated, loaded or imported into +the provider using the key management (OSSL_OP_KEYMGMT) operation (see +provider-keymgmt(7)>.

    +

    OP_keyexch_derive() performs the actual key exchange itself by deriving a shared +secret. +A previously initialised key exchange context is passed in the ctx +parameter. +The derived secret should be written to the location secret which should not +exceed outlen bytes. +The length of the shared secret should be written to *secretlen. +If secret is NULL then the maximum length of the shared secret should be +written to *secretlen.

    +

    +

    +

    Key Exchange Parameters Functions

    +

    OP_keyexch_set_ctx_params() sets key exchange parameters associated with the +given provider side key exchange context ctx to params, +see Key Exchange Parameters. +Any parameter settings are additional to any that were previously set.

    +

    OP_keyexch_get_ctx_params() gets key exchange parameters associated with the +given provider side key exchange context ctx into params, +see Key Exchange Parameters.

    +

    OP_keyexch_settable_ctx_params() yields a constant OSSL_PARAM array that +describes the settable parameters, i.e. parameters that can be used with +OP_signature_set_ctx_params(). +If OP_keyexch_settable_ctx_params() is present, OP_keyexch_set_ctx_params() must +also be present, and vice versa. +Similarly, OP_keyexch_gettable_ctx_params() yields a constant OSSL_PARAM +array that describes the gettable parameters, i.e. parameters that can be +handled by OP_signature_get_ctx_params(). +If OP_keyexch_gettable_ctx_params() is present, OP_keyexch_get_ctx_params() must +also be present, and vice versa. +See OSSL_PARAM(3) for the use of OSSL_PARAM as parameter descriptor.

    +

    Notice that not all settable parameters are also gettable, and vice versa.

    +

    +

    +

    Key Exchange Parameters

    +

    See OSSL_PARAM(3) for further details on the parameters structure used by +the OP_keyexch_set_ctx_params() and OP_keyexch_get_ctx_params() functions.

    +

    Parameters currently recognised by built-in key exchange algorithms are as +follows. +Not all parameters are relevant to, or are understood by all key exchange +algorithms:

    +
    +
    "pad" (OSSL_EXCHANGE_PARAM_PAD) <unsigned integer>
    + +
    +

    Sets the padding mode for the associated key exchange ctx. +Setting a value of 1 will turn padding on. +Setting a vlue of 0 will turn padding off. +If padding is off then the derived shared secret may be smaller than the largest +possible secret size. +If padding is on then the derived shared secret will have its first bytes filled +with 0s where necessary to make the shared secret the same size as the largest +possible secret size.

    +
    +
    "ecdh-cofactor-mode" (OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE) <integer>
    + +
    +

    Sets/gets the ECDH mode of operation for the associated key exchange ctx.

    +

    In the context of an Elliptic Curve Diffie-Hellman key exchange, this parameter +can be used to select between the plain Diffie-Hellman (DH) or Cofactor +Diffie-Hellman (CDH) variants of the key exchange algorithm.

    +

    When setting, the value should be 1, 0 or -1, respectively forcing cofactor mode +on, off, or resetting it to the default for the private key associated with the +given key exchange ctx.

    +

    When getting, the value should be either 1 or 0, respectively signaling if the +cofactor mode is on or off.

    +

    See also provider-keymgmt(7) for the related +OSSL_PKEY_PARAM_USE_COFACTOR_ECDH parameter that can be set on a +per-key basis.

    +
    +
    "kdf-type" (OSSL_EXCHANGE_PARAM_KDF_TYPE) <utf8_string>
    + +
    +

    Sets/gets the Key Derivation Function type to apply within the associated key +exchange ctx.

    +
    +
    "kdf-digest" (OSSL_EXCHANGE_PARAM_KDF_DIGEST) <utf8_string>
    + +
    +

    Sets/gets the Digest algorithm to be used as part of the Key Derivation Function +associated with the given key exchange ctx.

    +
    +
    "kdf-digest-props" (OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS) <utf8_string>
    + +
    +

    Sets properties to be used upon look up of the implementation for the selected +Digest algorithm for the Key Derivation Function associated with the given key +exchange ctx.

    +
    +
    "kdf-outlen" (OSSL_EXCHANGE_PARAM_KDF_OUTLEN) <size_t>
    + +
    +

    Sets/gets the desired size for the output of the chosen Key Derivation Function +associated with the given key exchange ctx.

    +
    +
    "kdf-ukm" (OSSL_EXCHANGE_PARAM_KDF_UKM) <octet_string>
    + +
    +

    Sets/gets User Key Material to be used as part of the selected Key Derivation +Function associated with the given key exchange ctx.

    +
    +
    "kdf-ukm-len" (OSSL_EXCHANGE_PARAM_KDF_UKM_LEN) <size_t>
    + +
    +

    Sets/gets the size of the User Key Material to be used as part of the selected +Key Derivation Function associated with the given key exchange ctx.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    OP_keyexch_newctx() and OP_keyexch_dupctx() should return the newly created +provider side key exchange context, or NULL on failure.

    +

    OP_keyexch_init(), OP_keyexch_set_peer(), OP_keyexch_derive(), +OP_keyexch_set_params(), and OP_keyexch_get_params() should return 1 for success +or 0 on error.

    +

    OP_keyexch_settable_ctx_params() and OP_keyexch_gettable_ctx_params() should +always return a constant OSSL_PARAM array.

    +

    +

    +
    +

    SEE ALSO

    +

    provider(7)

    +

    +

    +
    +

    HISTORY

    +

    The provider KEYEXCH interface was introduced in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man7/provider-keymgmt.html b/linux_amd64/share/doc/openssl/html/man7/provider-keymgmt.html new file mode 100755 index 0000000..5b6952e --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man7/provider-keymgmt.html @@ -0,0 +1,461 @@ + + + + +provider-keymgmt + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    provider-keymgmt - The KEYMGMT library <-> provider functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/core_numbers.h>
    +
    + /*
+  * None of these are actual functions, but are displayed like this for
+  * the function signatures for functions that are offered as function
+  * pointers in OSSL_DISPATCH arrays.
+  */
    +
    + /* Key object (keydata) creation and destruction */
+ void *OP_keymgmt_new(void *provctx);
+ void OP_keymgmt_free(void *keydata);
    +
    + /* Key object information */
+ int OP_keymgmt_get_params(void *keydata, OSSL_PARAM params[]);
+ const OSSL_PARAM *OP_keymgmt_gettable_params(void);
+ int OP_keymgmt_set_params(void *keydata, const OSSL_PARAM params[]);
+ const OSSL_PARAM *OP_keymgmt_settable_params(void);
    +
    + /* Key object content checks */
+ int OP_keymgmt_has(void *keydata, int selection);
+ int OP_keymgmt_match(const void *keydata1, const void *keydata2,
+                      int selection);
    +
    + /* Discovery of supported operations */
+ const char *OP_keymgmt_query_operation_name(int operation_id);
    +
    + /* Key object import and export functions */
+ int OP_keymgmt_import(int selection, void *keydata, const OSSL_PARAM params[]);
+ const OSSL_PARAM *OP_keymgmt_import_types(int selection);
+ int OP_keymgmt_export(int selection, void *keydata,
+                       OSSL_CALLBACK *param_cb, void *cbarg);
+ const OSSL_PARAM *OP_keymgmt_export_types(int selection);
    +
    + /* Key object copy */
+ int OP_keymgmt_copy(void *keydata_to, const void *keydata_from, int selection);
    +
    + /* Key object validation */
+ int OP_keymgmt_validate(void *keydata, int selection);
    +

    +

    +
    +

    DESCRIPTION

    +

    The KEYMGMT operation doesn't have much public visibility in OpenSSL +libraries, it's rather an internal operation that's designed to work +in tandem with operations that use private/public key pairs.

    +

    Because the KEYMGMT operation shares knowledge with the operations it +works with in tandem, they must belong to the same provider. +The OpenSSL libraries will ensure that they do.

    +

    The primary responsibility of the KEYMGMT operation is to hold the +provider side key data for the OpenSSL library EVP_PKEY structure.

    +

    All "functions" mentioned here are passed as function pointers between +libcrypto and the provider in OSSL_DISPATCH arrays via +OSSL_ALGORITHM arrays that are returned by the provider's +provider_query_operation() function +(see provider-base(7)/Provider Functions).

    +

    All these "functions" have a corresponding function type definition +named OSSL_{name}_fn, and a helper function to retrieve the +function pointer from a OSSL_DISPATCH element named +OSSL_get_{name}. +For example, the "function" OP_keymgmt_new() has these:

    +
    + typedef void *(OSSL_OP_keymgmt_new_fn)(void *provctx);
+ static ossl_inline OSSL_OP_keymgmt_new_fn
+     OSSL_get_OP_keymgmt_new(const OSSL_DISPATCH *opf);
    +

    OSSL_DISPATCH arrays are indexed by numbers that are provided as +macros in openssl-core_numbers.h(7), as follows:

    +
    + OP_keymgmt_new                  OSSL_FUNC_KEYMGMT_NEW
+ OP_keymgmt_free                 OSSL_FUNC_KEYMGMT_FREE
    +
    + OP_keymgmt_get_params           OSSL_FUNC_KEYMGMT_GET_PARAMS
+ OP_keymgmt_gettable_params      OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS
+ OP_keymgmt_set_params           OSSL_FUNC_KEYMGMT_SET_PARAMS
+ OP_keymgmt_settable_params      OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS
    +
    + OP_keymgmt_query_operation_name OSSL_FUNC_KEYMGMT_QUERY_OPERATION_NAME
    +
    + OP_keymgmt_has                  OSSL_FUNC_KEYMGMT_HAS
+ OP_keymgmt_validate             OSSL_FUNC_KEYMGMT_VALIDATE
+ OP_keymgmt_match                OSSL_FUNC_KEYMGMT_MATCH
    +
    + OP_keymgmt_import               OSSL_FUNC_KEYMGMT_IMPORT
+ OP_keymgmt_import_types         OSSL_FUNC_KEYMGMT_IMPORT_TYPES
+ OP_keymgmt_export               OSSL_FUNC_KEYMGMT_EXPORT
+ OP_keymgmt_export_types         OSSL_FUNC_KEYMGMT_EXPORT_TYPES
    +
    + OP_keymgmt_copy                 OSSL_FUNC_KEYMGMT_COPY
    +

    +

    +

    Key Objects

    +

    A key object is a collection of data for an asymmetric key, and is +represented as keydata in this manual.

    +

    The exact contents of a key object are defined by the provider, and it +is assumed that different operations in one and the same provider use +the exact same structure to represent this collection of data, so that +for example, a key object that has been created using the KEYMGMT +interface that we document here can be passed as is to other provider +operations, such as OP_signature_sign_init() (see +provider-signature(7)).

    +

    With some of the KEYMGMT functions, it's possible to select a specific +subset of data to handle, governed by the bits in a selection +indicator. The bits are:

    +
    +
    OSSL_KEYMGMT_SELECT_PRIVATE_KEY
    + +
    +

    Indicating that the private key data in a key object should be +considered.

    +
    +
    OSSL_KEYMGMT_SELECT_PUBLIC_KEY
    + +
    +

    Indicating that the public key data in a key object should be +considered.

    +
    +
    OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS
    + +
    +

    Indicating that the domain parameters in a key object should be +considered.

    +
    +
    OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS
    + +
    +

    Indicating that other parameters in a key object should be +considered.

    +

    Other parameters are key parameters that don't fit any other +classification. In other words, this particular selector bit works as +a last resort bit bucket selector.

    +
    +
    +

    Some selector bits have also been combined for easier use:

    +
    +
    OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
    + +
    +

    Indicating that all key object parameters should be considered, +regardless of their more granular classification.

    +

    This is a combination of OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS and +OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS.

    +
    +
    OSSL_KEYMGMT_SELECT_KEYPAIR
    + +
    +

    Indicating that both the whole key pair in a key object should be +considered, i.e. the combination of public and private key.

    +

    This is a combination of OSSL_KEYMGMT_SELECT_PRIVATE_KEY and +OSSL_KEYMGMT_SELECT_PUBLIC_KEY.

    +
    +
    OSSL_KEYMGMT_SELECT_ALL
    + +
    +

    Indicating that everything in a key object should be considered.

    +
    +
    +

    The exact interpretation of those bits or how they combine is left to +each function where you can specify a selector.

    +

    +

    +

    Constructing and Destructing Functions

    +

    OP_keymgmt_new() should create a provider side key object. The +provider context provctx is passed and may be incorporated in the +key object, but that is not mandatory.

    +

    OP_keymgmt_free() should free the passed keydata.

    +

    The constructor and destructor are mandatory, a KEYMGMT implementation +without them will not be accepted.

    +

    +

    +

    Key Object Information Functions

    +

    OP_keymgmt_get_params() should extract information data associated +with the given keydata, see Information Parameters.

    +

    OP_keymgmt_gettable_params() should return a constant array of +descriptor OSSL_PARAM, for parameters that OP_keymgmt_get_params() +can handle.

    +

    If OP_keymgmt_gettable_params() is present, OP_keymgmt_get_params() +must also be present, and vice versa.

    +

    OP_keymgmt_set_params() should update information data associated +with the given keydata, see Information Parameters.

    +

    OP_keymgmt_settable_params() should return a constant array of +descriptor OSSL_PARAM, for parameters that OP_keymgmt_set_params() +can handle.

    +

    If OP_keymgmt_settable_params() is present, OP_keymgmt_set_params() +must also be present, and vice versa.

    +

    +

    +

    Key Object Checking Functions

    +

    OP_keymgmt_query_operation_name() should return the name of the +supported algorithm for the operation operation_id. This is +similar to provider_query_operation() (see provider-base(7)), +but only works as an advisory. If this function is not present, or +returns NULL, the caller is free to assume that there's an algorithm +from the same provider, of the same name as the one used to fetch the +keymgmt and try to use that.

    +

    OP_keymgmt_has() should check whether the given keydata contains the subsets +of data indicated by the selector. A combination of several +selector bits must consider all those subsets, not just one. An +implementation is, however, free to consider an empty subset of data +to still be a valid subset.

    +

    OP_keymgmt_validate() should check if the keydata contains valid +data subsets indicated by selection. Some combined selections of +data subsets may cause validation of the combined data. +For example, the combination of OSSL_KEYMGMT_SELECT_PRIVATE_KEY and +OSSL_KEYMGMT_SELECT_PUBLIC_KEY (or OSSL_KEYMGMT_SELECT_KEYPAIR +for short) is expected to check that the pairwise consistency of +keydata is valid.

    +

    OP_keymgmt_match() should check if the data subset indicated by +selection in keydata1 and keydata2 match. It is assumed that +the caller has ensured that keydata1 and keydata2 are both owned +by the implementation of this function.

    +

    +

    +

    Key Object Import, Export and Copy Functions

    +

    OP_keymgmt_import() should import data indicated by selection into +keydata with values taken from the OSSL_PARAM array params.

    +

    OP_keymgmt_export() should extract values indicated by selection +from keydata, create an OSSL_PARAM array with them and call +param_cb with that array as well as the given cbarg.

    +

    OP_keymgmt_import_types() should return a constant array of descriptor +OSSL_PARAM for data indicated by selection, for parameters that +OP_keymgmt_import() can handle.

    +

    OP_keymgmt_export_types() should return a constant array of descriptor +OSSL_PARAM for data indicated by selection, that the +OP_keymgmt_export() callback can expect to receive.

    +

    OP_keymgmt_copy() should copy data subsets indicated by selection +from keydata_from to keydata_to. It is assumed that the caller +has ensured that keydata_to and keydata_from are both owned by +the implementation of this function.

    +

    +

    +

    Built-in RSA Import/Export Types

    +

    The following Import/Export types are available for the built-in RSA algorithm:

    +
    +
    "n" (OSSL_PKEY_PARAM_RSA_N) <integer>
    + +
    +

    The RSA "n" value.

    +
    +
    "e" (OSSL_PKEY_PARAM_RSA_E) <integer>
    + +
    +

    The RSA "e" value.

    +
    +
    "d" (OSSL_PKEY_PARAM_RSA_D) <integer>
    + +
    +

    The RSA "d" value.

    +
    +
    "rsa-factor" (OSSL_PKEY_PARAM_RSA_FACTOR) <integer>
    + +
    +

    An RSA factor. In 2 prime RSA these are often known as "p" or "q". This value +may be repeated up to 10 times in a single key.

    +
    +
    "rsa-exponent" (OSSL_PKEY_PARAM_RSA_EXPONENT) <integer>
    + +
    +

    An RSA CRT (Chinese Remainder Theorem) exponent. This value may be repeated up +to 10 times in a single key.

    +
    +
    "rsa-coefficient" (OSSL_PKEY_PARAM_RSA_COEFFICIENT) <integer>
    + +
    +

    An RSA CRT (Chinese Remainder Theorem) coefficient. This value may be repeated +up to 9 times in a single key.

    +
    +
    +

    +

    +

    Built-in DSA and Diffie-Hellman Import/Export Types

    +

    The following Import/Export types are available for the built-in DSA and +Diffie-Hellman algorithms:

    +
    +
    "pub" (OSSL_PKEY_PARAM_PUB_KEY) <integer> or <octet string>
    + +
    +

    The public key value.

    +
    +
    "priv" (OSSL_PKEY_PARAM_PRIV_KEY) <integer> or <octet string>
    + +
    +

    The private key value.

    +
    +
    "p" (OSSL_PKEY_PARAM_FFC_P) <integer>
    + +
    +

    A DSA or Diffie-Hellman "p" value.

    +
    +
    "q" (OSSL_PKEY_PARAM_FFC_Q) <integer>
    + +
    +

    A DSA or Diffie-Hellman "q" value.

    +
    +
    "g" (OSSL_PKEY_PARAM_FFC_G) <integer>
    + +
    +

    A DSA or Diffie-Hellman "g" value.

    +
    +
    +

    +

    +

    Built-in X25519, X448, ED25519 and ED448 Import/Export Types

    +

    The following Import/Export types are available for the built-in X25519, X448, +ED25519 and X448 algorithms:

    +
    +
    "pub" (OSSL_PKEY_PARAM_PUB_KEY) <octet string>
    + +
    +

    The public key value.

    +
    +
    "priv" (OSSL_PKEY_PARAM_PRIV_KEY) <octet string>
    + +
    +

    The private key value.

    +
    +
    +

    +

    +

    Information Parameters

    +

    See OSSL_PARAM(3) for further details on the parameters structure.

    +

    Parameters currently recognised by built-in keymgmt algorithms +are as follows. +Not all parameters are relevant to, or are understood by all keymgmt +algorithms:

    +
    +
    "bits" (OSSL_PKEY_PARAM_BITS) <integer>
    + +
    +

    The value should be the cryptographic length of the cryptosystem to +which the key belongs, in bits. The definition of cryptographic +length is specific to the key cryptosystem.

    +
    +
    "max-size" (OSSL_PKEY_PARAM_MAX_SIZE) <integer>
    + +
    +

    The value should be the maximum size that a caller should allocate to +safely store a signature (called sig in provider-signature(7)), +the result of asymmmetric encryption / decryption (out in +provider-asym_cipher(7), a derived secret (secret in +provider-keyexch(7), and similar data).

    +

    Because an EVP_KEYMGMT method is always tightly bound to another method +(signature, asymmetric cipher, key exchange, ...) and must be of the +same provider, this number only needs to be synchronised with the +dimensions handled in the rest of the same provider.

    +
    +
    "security-bits" (OSSL_PKEY_PARAM_SECURITY_BITS) <integer>
    + +
    +

    The value should be the number of security bits of the given key. +Bits of security is defined in SP800-57.

    +
    +
    "use-cofactor-flag" (OSSL_PKEY_PARAM_USE_COFACTOR_FLAG, +OSSL_PKEY_PARAM_USE_COFACTOR_ECDH) <integer>
    + +
    +

    The value should be either 1 or 0, to respectively enable or disable +use of the cofactor in operations using this key.

    +

    In the context of a key that can be used to perform an Elliptic Curve +Diffie-Hellman key exchange, this parameter can be used to mark a requirement +for using the Cofactor Diffie-Hellman (CDH) variant of the key exchange +algorithm.

    +

    See also provider-keyexch(7) for the related +OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE parameter that can be set on a +per-operation basis.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    OP_keymgmt_new() should return a valid reference to the newly created provider +side key object, or NULL on failure.

    +

    OP_keymgmt_import(), OP_keymgmt_export(), OP_keymgmt_get_params() and +OP_keymgmt_set_params() should return 1 for success or 0 on error.

    +

    OP_keymgmt_validate() should return 1 on successful validation, or 0 on +failure.

    +

    OP_keymgmt_has() should return 1 if all the selected data subsets are contained +in the given keydata or 0 otherwise.

    +

    OP_keymgmt_query_operation_name() should return a pointer to a string matching +the requested operation, or NULL if the same name used to fetch the keymgmt +applies.

    +

    OP_keymgmt_gettable_params() and OP_keymgmt_settable_params() +OP_keymgmt_import_types(), OP_keymgmt_export_types() +should +always return a constant OSSL_PARAM array.

    +

    +

    +
    +

    SEE ALSO

    +

    provider(7)

    +

    +

    +
    +

    HISTORY

    +

    The KEYMGMT interface was introduced in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man7/provider-mac.html b/linux_amd64/share/doc/openssl/html/man7/provider-mac.html new file mode 100755 index 0000000..4011f1f --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man7/provider-mac.html @@ -0,0 +1,266 @@ + + + + +provider-mac + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    provider-mac - The mac library <-> provider functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/core_numbers.h>
+ #include <openssl/core_names.h>
    +
    + /*
+  * None of these are actual functions, but are displayed like this for
+  * the function signatures for functions that are offered as function
+  * pointers in OSSL_DISPATCH arrays.
+  */
    +
    + /* Context management */
+ void *OP_mac_newctx(void *provctx);
+ void OP_mac_freectx(void *mctx);
+ void *OP_mac_dupctx(void *src);
    +
    + /* Encryption/decryption */
+ int OP_mac_init(void *mctx);
+ int OP_mac_update(void *mctx, const unsigned char *in, size_t inl);
+ int OP_mac_final(void *mctx, unsigned char *out, size_t *outl, size_t outsize);
    +
    + /* MAC parameter descriptors */
+ const OSSL_PARAM *OP_mac_get_params(void);
+ const OSSL_PARAM *OP_mac_get_ctx_params(void);
+ const OSSL_PARAM *OP_mac_set_ctx_params(void);
    +
    + /* MAC parameters */
+ int OP_mac_get_params(OSSL_PARAM params[]);
+ int OP_mac_get_ctx_params(void *mctx, OSSL_PARAM params[]);
+ int OP_mac_set_ctx_params(void *mctx, const OSSL_PARAM params[]);
    +

    +

    +
    +

    DESCRIPTION

    +

    This documentation is primarily aimed at provider authors. See provider(7) +for further information.

    +

    The MAC operation enables providers to implement mac algorithms and make +them available to applications via the API functions EVP_MAC_init(3), +EVP_MAC_update(3) and EVP_MAC_final(3).

    +

    All "functions" mentioned here are passed as function pointers between +libcrypto and the provider in OSSL_DISPATCH arrays via +OSSL_ALGORITHM arrays that are returned by the provider's +provider_query_operation() function +(see provider-base(7)/Provider Functions).

    +

    All these "functions" have a corresponding function type definition +named OSSL_{name}_fn, and a helper function to retrieve the +function pointer from an OSSL_DISPATCH element named +OSSL_get_{name}. +For example, the "function" OP_mac_newctx() has these:

    +
    + typedef void *(OSSL_OP_mac_newctx_fn)(void *provctx);
+ static ossl_inline OSSL_OP_mac_newctx_fn
+     OSSL_get_OP_mac_newctx(const OSSL_DISPATCH *opf);
    +

    OSSL_DISPATCH arrays are indexed by numbers that are provided as +macros in openssl-core_numbers.h(7), as follows:

    +
    + OP_mac_newctx               OSSL_FUNC_MAC_NEWCTX
+ OP_mac_freectx              OSSL_FUNC_MAC_FREECTX
+ OP_mac_dupctx               OSSL_FUNC_MAC_DUPCTX
    +
    + OP_mac_init                 OSSL_FUNC_MAC_INIT
+ OP_mac_update               OSSL_FUNC_MAC_UPDATE
+ OP_mac_final                OSSL_FUNC_MAC_FINAL
    +
    + OP_mac_get_params           OSSL_FUNC_MAC_GET_PARAMS
+ OP_mac_get_ctx_params       OSSL_FUNC_MAC_GET_CTX_PARAMS
+ OP_mac_set_ctx_params       OSSL_FUNC_MAC_SET_CTX_PARAMS
    +
    + OP_mac_gettable_params      OSSL_FUNC_MAC_GETTABLE_PARAMS
+ OP_mac_gettable_ctx_params  OSSL_FUNC_MAC_GETTABLE_CTX_PARAMS
+ OP_mac_settable_ctx_params  OSSL_FUNC_MAC_SETTABLE_CTX_PARAMS
    +

    A mac algorithm implementation may not implement all of these functions. +In order to be a consistent set of functions, at least the following functions +must be implemented: OP_mac_newctx(), OP_mac_freectx(), OP_mac_init(), +OP_mac_update(), OP_mac_final(). +All other functions are optional.

    +

    +

    +

    Context Management Functions

    +

    OP_mac_newctx() should create and return a pointer to a provider side +structure for holding context information during a mac operation. +A pointer to this context will be passed back in a number of the other mac +operation function calls. +The parameter provctx is the provider context generated during provider +initialisation (see provider(7)).

    +

    OP_mac_freectx() is passed a pointer to the provider side mac context in +the mctx parameter. +If it receives NULL as mctx value, it should not do anything other than +return. +This function should free any resources associated with that context.

    +

    OP_mac_dupctx() should duplicate the provider side mac context in the +mctx parameter and return the duplicate copy.

    +

    +

    +

    Encryption/Decryption Functions

    +

    OP_mac_init() initialises a mac operation given a newly created provider +side mac context in the mctx parameter.

    +

    OP_mac_update() is called to supply data for MAC computation of a previously +initialised mac operation. +The mctx parameter contains a pointer to a previously initialised provider +side context. +OP_mac_update() may be called multiple times for a single mac operation.

    +

    OP_mac_final() completes the MAC computation started through previous +OP_mac_init() and OP_mac_update() calls. +The mctx parameter contains a pointer to the provider side context. +The resulting MAC should be written to out and the amount of data written +to *outl, which should not exceed outsize bytes. +The same expectations apply to outsize as documented for +EVP_MAC_final(3).

    +

    +

    +

    Mac Parameters

    +

    See OSSL_PARAM(3) for further details on the parameters structure used by +these functions.

    +

    OP_mac_get_params() gets details of parameter values associated with the +provider algorithm and stores them in params.

    +

    OP_mac_set_ctx_params() sets mac parameters associated with the given +provider side mac context mctx to params. +Any parameter settings are additional to any that were previously set.

    +

    OP_mac_get_ctx_params() gets details of currently set parameter values +associated with the given provider side mac context mctx and stores them +in params.

    +

    OP_mac_gettable_params(), OP_mac_gettable_ctx_params(), and +OP_mac_settable_ctx_params() all return constant OSSL_PARAM arrays +as descriptors of the parameters that OP_mac_get_params(), +OP_mac_get_ctx_params(), and OP_mac_set_ctx_params() can handle, +respectively.

    +

    Parameters currently recognised by built-in macs are as follows. Not all +parameters are relevant to, or are understood by all macs:

    +
    +
    "key" (OSSL_MAC_PARAM_KEY) <octet string>
    + +
    +

    Sets the key in the associated MAC ctx.

    +
    +
    "iv" (OSSL_MAC_PARAM_IV) <octet string>
    + +
    +

    Sets the IV of the underlying cipher, when applicable.

    +
    +
    "custom" (OSSL_MAC_PARAM_CUSTOM) <UTF8 string>
    + +
    +

    Sets the custom string in the associated MAC ctx.

    +
    +
    "salt" (OSSL_MAC_PARAM_SALT) <octet string>
    + +
    +

    Sets the salt of the underlying cipher, when applicable.

    +
    +
    "xof" (OSSL_MAC_PARAM_BLOCK_XOF) <integer>
    + +
    +

    Sets XOF mode in the associated MAC ctx. +0 means no XOF mode, 1 means XOF mode.

    +
    +
    "flags" (OSSL_MAC_PARAM_FLAGS) <integer>
    + +
    +

    Gets flags associated with the MAC.

    +
    +
    "cipher" (OSSL_MAC_PARAM_CIPHER) <UTF8 string>
    + +
    "digest" (OSSL_MAC_PARAM_DIGEST) <UTF8 string>
    + +
    +

    Sets the name of the underlying cipher or digest to be used. +It must name a suitable algorithm for the MAC that's being used.

    +
    +
    "properties" (OSSL_MAC_PARAM_PROPERTIES) <UTF8 string>
    + +
    +

    Sets the properties to be queried when trying to fetch the underlying algorithm. +This must be given together with the algorithm naming parameter to be +considered valid.

    +
    +
    "size" (OSSL_MAC_PARAM_SIZE) <integer>
    + +
    +

    Can be used to get the resulting MAC size.

    +

    With some MAC algorithms, it can also be used to set the size that the +resulting MAC should have. +Allowable sizes are decided within each implementation.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    OP_mac_newctx() and OP_mac_dupctx() should return the newly created +provider side mac context, or NULL on failure.

    +

    OP_mac_init(), OP_mac_update(), OP_mac_final(), OP_mac_get_params(), +OP_mac_get_ctx_params() and OP_mac_set_ctx_params() should return 1 for +success or 0 on error.

    +

    OP_mac_gettable_params(), OP_mac_gettable_ctx_params() and +OP_mac_settable_ctx_params() should return a constant OSSL_PARAM +array, or NULL if none is offered.

    +

    +

    +
    +

    SEE ALSO

    +

    provider(7)

    +

    +

    +
    +

    HISTORY

    +

    The provider MAC interface was introduced in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man7/provider-serializer.html b/linux_amd64/share/doc/openssl/html/man7/provider-serializer.html new file mode 100755 index 0000000..0d5d770 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man7/provider-serializer.html @@ -0,0 +1,297 @@ + + + + +provider-serializer + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    provider-serializer - The SERIALIZER library <-> provider functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/core_numbers.h>
    +
    + /*
+  * None of these are actual functions, but are displayed like this for
+  * the function signatures for functions that are offered as function
+  * pointers in OSSL_DISPATCH arrays.
+  */
    +
    + /* Functions to construct / destruct / manipulate the serializer context */
+ void *OP_serializer_newctx(void *provctx);
+ void OP_serializer_freectx(void *ctx);
+ int OP_serializer_set_ctx_params(void *ctx, const OSSL_PARAM params[]);
+ const OSSL_PARAM *OP_serializer_settable_ctx_params(void)
    +
    + /* Functions to serialize object data */
+ int OP_serializer_serialize_data(void *ctx, const OSSL_PARAM *data,
+                                  BIO *out,
+                                  OSSL_PASSPHRASE_CALLBACK *cb,
+                                  void *cbarg);
+ int OP_serializer_serialize_object(void *ctx, void *obj, BIO *out,
+                                    OSSL_PASSPHRASE_CALLBACK *cb,
+                                    void *cbarg);
    +

    +

    +
    +

    DESCRIPTION

    +

    The SERIALIZER is a generic method to serialize any set of object data +in OSSL_PARAM(3) array form, or any provider side object into +serialized form, and write it to the given BIO. If the caller wants +to get the serialized stream to memory, it should provide a +BIO_s_membuf(3).

    +

    The serializer doesn't need to know more about the BIO pointer than +being able to pass it to the appropriate BIO upcalls (see +provider-base(7)/Core functions).

    +

    The serialization using the OSSL_PARAM(3) array form allows a +serializer to be used for data that's been exported from another +provider, and thereby allow them to exist independently of each +other.

    +

    The serialization using a provider side object can only be safely used +with provider data coming from the same provider, for example keys +with the KEYMGMT provider.

    +

    All "functions" mentioned here are passed as function pointers between +libcrypto and the provider in OSSL_DISPATCH arrays via +OSSL_ALGORITHM arrays that are returned by the provider's +provider_query_operation() function +(see provider-base(7)/Provider Functions).

    +

    All these "functions" have a corresponding function type definition +named OSSL_{name}_fn, and a helper function to retrieve the +function pointer from a OSSL_DISPATCH element named +OSSL_get_{name}. +For example, the "function" OP_serializer_serialize_data() has these:

    +
    + typedef int
+     (OSSL_OP_serializer_serialize_data_fn)(void *provctx,
+                                            const OSSL_PARAM params[],
+                                            BIO *out);
+ static ossl_inline OSSL_OP_serializer_serialize_data_fn
+     OSSL_get_OP_serializer_serialize_data(const OSSL_DISPATCH *opf);
    +

    OSSL_DISPATCH arrays are indexed by numbers that are provided as +macros in openssl-core_numbers.h(7), as follows:

    +
    + OP_serializer_newctx              OSSL_FUNC_SERIALIZER_NEWCTX
+ OP_serializer_freectx             OSSL_FUNC_SERIALIZER_FREECTX
+ OP_serializer_set_ctx_params      OSSL_FUNC_SERIALIZER_SET_CTX_PARAMS
+ OP_serializer_settable_ctx_params OSSL_FUNC_SERIALIZER_SETTABLE_CTX_PARAMS
    +
    + OP_serializer_serialize_data      OSSL_FUNC_SERIALIZER_SERIALIZE_DATA
+ OP_serializer_serialize_object    OSSL_FUNC_SERIALIZER_SERIALIZE_OBJECT
    +

    +

    +

    Names and properties

    +

    The name of an implementation should match the type of object it +handles. For example, an implementation that serializes an RSA key +should be named accordingly.

    +

    To be able to specify exactly what serialization format and what type +of data a serializer implementation is expected to handle, two +additional properties may be given:

    +
    +
    format
    + +
    +

    This property is used to specify what kind of output format the +implementation produces. Currently known formats are:

    +
    +
    text
    + +
    +

    An implementation with that format property value outputs human +readable text, making that implementation suitable for -text output +in diverse openssl(1) commands.

    +
    +
    pem
    + +
    +

    An implementation with that format property value outputs PEM +formatted data.

    +
    +
    der
    + +
    +

    An implementation with that format property value outputs DER +formatted data.

    +
    +
    +
    +
    type
    + +
    +

    With objects that have multiple purposes, this can be used to specify +the purpose type. The currently known use cases are asymmetric keys +and key parameters, where the type can be one of:

    +
    +
    private
    + +
    +

    An implementation with that format property value outputs a private +key.

    +
    +
    public
    + +
    +

    An implementation with that format property value outputs a public +key.

    +
    +
    parameters
    + +
    +

    An implementation with that format property value outputs key +parameters.

    +
    +
    +
    +
    +

    The possible values of both these properties is open ended. A +provider may very well specify other formats that libcrypto doesn't +know anything about.

    +

    +

    +

    Context functions

    +

    OP_serializer_newctx() returns a context to be used with the rest of +the functions.

    +

    OP_serializer_freectx() frees the given ctx, if it was created by +OP_serializer_newctx().

    +

    OP_serializer_set_ctx_params() sets context data according to +parameters from params that it recognises. Unrecognised parameters +should be ignored.

    +

    OP_serializer_settable_ctx_params() returns a constant OSSL_PARAM +array describing the parameters that OP_serializer_set_ctx_params() +can handle.

    +

    See OSSL_PARAM(3) for further details on the parameters structure used +by OP_serializer_set_ctx_params() and OP_serializer_settable_ctx_params().

    +

    +

    +

    Serializing functions

    +

    OP_serializer_serialize_data() should take an array of OSSL_PARAM, +data, and if it contains the data necessary for the object type +that the implementation handles, it should output the object in +serialized form to the BIO.

    +

    OP_serializer_serialize_object() should take a pointer to an object +that it knows intimately, and output that object in serialized form to +the BIO. The caller must ensure that this function is called +with a pointer that the provider of this function is familiar with. +It is not suitable to use with object pointers coming from other +providers.

    +

    Both serialization functions also take an OSSL_PASSPHRASE_CALLBACK +function pointer along with a pointer to application data cbarg, +which should be used when a pass phrase prompt is needed.

    +

    +

    +

    Serializer parameters

    +

    Parameters currently recognised by built-in serializers are as +follows:

    +
    +
    "cipher" (OSSL_SERIALIZER_PARAM_CIPHER) <UTF8 string>
    + +
    +

    The name of the encryption cipher to be used when generating encrypted +serialization. This is used when serializing private keys, as well as +other objects that need protection.

    +

    If this name is invalid for the serialization implementation, the +implementation should refuse to perform the serialization, i.e. +OP_serializer_serialize_data() and OP_serializer_serialize_object() +should return an error.

    +
    +
    "properties" (OSSL_SERIALIZER_PARAM_PROPERTIES) <UTF8 string>
    + +
    +

    The properties to be queried when trying to fetch the algorithm given +with the "cipher" parameter. +This must be given together with the "cipher" parameter to be +considered valid.

    +

    The serialization implementation isn't obligated to use this value. +However, it is recommended that implementations that do not handle +property strings return an error on receiving this parameter unless +its value NULL or the empty string.

    +
    +
    "passphrase" (OSSL_SERIALIZER_PARAM_PASS) <octet string>
    + +
    +

    A pass phrase provided by the application. When this is given, the +built-in serializers will not attempt to use the passphrase callback.

    +
    +
    +

    Parameters currently recognised by the built-in pass phrase callback:

    +
    +
    "info" (OSSL_PASSPHRASE_PARAM_INFO) <UTF8 string>
    + +
    +

    A string of information that will become part of the pass phrase +prompt. This could be used to give the user information on what kind +of object it's being prompted for.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    OP_serializer_newctx() returns a pointer to a context, or NULL on +failure.

    +

    OP_serializer_set_ctx_params() returns 1, unless a recognised +parameters was invalid or caused an error, for which 0 is returned.

    +

    OP_serializer_settable_ctx_params() returns a pointer to an array of +constant OSSL_PARAM elements.

    +

    OP_serializer_serialize_data() and OP_serializer_serialize_object() +return 1 on success, or 0 on failure.

    +

    +

    +
    +

    SEE ALSO

    +

    provider(7)

    +

    +

    +
    +

    HISTORY

    +

    The SERIALIZER interface was introduced in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man7/provider-signature.html b/linux_amd64/share/doc/openssl/html/man7/provider-signature.html new file mode 100755 index 0000000..c961dd2 --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man7/provider-signature.html @@ -0,0 +1,271 @@ + + + + +provider-signature + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    provider-signature - The signature library <-> provider functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/core_numbers.h>
+ #include <openssl/core_names.h>
    +
    + /*
+  * None of these are actual functions, but are displayed like this for
+  * the function signatures for functions that are offered as function
+  * pointers in OSSL_DISPATCH arrays.
+  */
    +
    + /* Context management */
+ void *OP_signature_newctx(void *provctx);
+ void OP_signature_freectx(void *ctx);
+ void *OP_signature_dupctx(void *ctx);
    +
    + /* Signing */
+ int OP_signature_sign_init(void *ctx, void *provkey);
+ int OP_signature_sign(void *ctx, unsigned char *sig, size_t *siglen,
+                       size_t sigsize, const unsigned char *tbs, size_t tbslen);
    +
    + /* Verifying */
+ int OP_signature_verify_init(void *ctx, void *provkey);
+ int OP_signature_verify(void *ctx, const unsigned char *sig, size_t siglen,
+                         const unsigned char *tbs, size_t tbslen);
    +
    + /* Verify Recover */
+ int OP_signature_verify_recover_init(void *ctx, void *provkey);
+ int OP_signature_verify_recover(void *ctx, unsigned char *rout,
+                                 size_t *routlen, size_t routsize,
+                                 const unsigned char *sig, size_t siglen);
    +
    + /* Signature parameters */
+ int OP_signature_get_ctx_params(void *ctx, OSSL_PARAM params[]);
+ const OSSL_PARAM *OP_signature_gettable_ctx_params(void);
+ int OP_signature_set_ctx_params(void *ctx, const OSSL_PARAM params[]);
+ const OSSL_PARAM *OP_signature_settable_ctx_params(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    This documentation is primarily aimed at provider authors. See provider(7) +for further information.

    +

    The signature (OSSL_OP_SIGNATURE) operation enables providers to implement +signature algorithms and make them available to applications via the API +functions EVP_PKEY_sign(3), +EVP_PKEY_verify(3), +and EVP_PKEY_verify_recover(3) (as well +as other related functions).

    +

    All "functions" mentioned here are passed as function pointers between +libcrypto and the provider in OSSL_DISPATCH arrays via +OSSL_ALGORITHM arrays that are returned by the provider's +provider_query_operation() function +(see provider-base(7)/Provider Functions).

    +

    All these "functions" have a corresponding function type definition +named OSSL_{name}_fn, and a helper function to retrieve the +function pointer from an OSSL_DISPATCH element named +OSSL_get_{name}. +For example, the "function" OP_signature_newctx() has these:

    +
    + typedef void *(OSSL_OP_signature_newctx_fn)(void *provctx);
+ static ossl_inline OSSL_OP_signature_newctx_fn
+     OSSL_get_OP_signature_newctx(const OSSL_DISPATCH *opf);
    +

    OSSL_DISPATCH arrays are indexed by numbers that are provided as +macros in openssl-core_numbers.h(7), as follows:

    +
    + OP_signature_newctx                 OSSL_FUNC_SIGNATURE_NEWCTX
+ OP_signature_freectx                OSSL_FUNC_SIGNATURE_FREECTX
+ OP_signature_dupctx                 OSSL_FUNC_SIGNATURE_DUPCTX
    +
    + OP_signature_sign_init              OSSL_FUNC_SIGNATURE_SIGN_INIT
+ OP_signature_sign                   OSSL_FUNC_SIGNATURE_SIGN
    +
    + OP_signature_verify_init            OSSL_FUNC_SIGNATURE_VERIFY_INIT
+ OP_signature_verify                 OSSL_FUNC_SIGNATURE_VERIFY
    +
    + OP_signature_verify_recover_init    OSSL_FUNC_SIGNATURE_VERIFY_RECOVER_INIT
+ OP_signature_verify_recover         OSSL_FUNC_SIGNATURE_VERIFY_RECOVER
    +
    + OP_signature_get_ctx_params         OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS
+ OP_signature_gettable_ctx_params    OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS
+ OP_signature_set_ctx_params         OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS
+ OP_signature_settable_ctx_params    OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS
    +

    A signature algorithm implementation may not implement all of these functions. +In order to be a consistent set of functions a provider must implement +OP_signature_newctx and OP_signature_freectx. +It must also implement both of OP_signature_sign_init and OP_signature_sign, +or both of OP_signature_verify_init and OP_signature_verify, or both of +OP_signature_verify_recover_init and OP_signature_verify_recover. +All other functions are optional.

    +

    A signature algorithm must also implement some mechanism for generating, +loading or importing keys via the key management (OSSL_OP_KEYMGMT) operation. +See provider-keymgmt(7) for further details.

    +

    +

    +

    Context Management Functions

    +

    OP_signature_newctx() should create and return a pointer to a provider side +structure for holding context information during a signature operation. +A pointer to this context will be passed back in a number of the other signature +operation function calls. +The parameter provctx is the provider context generated during provider +initialisation (see provider(7)).

    +

    OP_signature_freectx() is passed a pointer to the provider side signature +context in the ctx parameter. +This function should free any resources associated with that context.

    +

    OP_signature_dupctx() should duplicate the provider side signature context in +the ctx parameter and return the duplicate copy.

    +

    +

    +

    Signing Functions

    +

    OP_signature_sign_init() initialises a context for signing given a provider side +signature context in the ctx parameter, and a pointer to a provider key object +in the provkey parameter. +The key object should have been previously generated, loaded or imported into +the provider using the key management (OSSL_OP_KEYMGMT) operation (see +provider-keymgmt(7)>.

    +

    OP_signature_sign() performs the actual signing itself. +A previously initialised signature context is passed in the ctx +parameter. +The data to be signed is pointed to be the tbs parameter which is tbslen +bytes long. +Unless sig is NULL, the signature should be written to the location pointed +to by the sig parameter and it should not exceed sigsize bytes in length. +The length of the signature should be written to *siglen. +If sig is NULL then the maximum length of the signature should be written to +*siglen.

    +

    +

    +

    Verify Functions

    +

    OP_signature_verify_init() initialises a context for verifying a signature given +a provider side signature context in the ctx parameter, and a pointer to a +provider key object in the provkey parameter. +The key object should have been previously generated, loaded or imported into +the provider using the key management (OSSL_OP_KEYMGMT) operation (see +provider-keymgmt(7)>.

    +

    OP_signature_verify() performs the actual verification itself. +A previously initialised signature context is passed in the ctx parameter. +The data that the signature covers is pointed to be the tbs parameter which +is tbslen bytes long. +The signature is pointed to by the sig parameter which is siglen bytes +long.

    +

    +

    +

    Verify Recover Functions

    +

    OP_signature_verify_recover_init() initialises a context for recovering the +signed data given a provider side signature context in the ctx parameter, and +a pointer to a provider key object in the provkey parameter. +The key object should have been previously generated, loaded or imported into +the provider using the key management (OSSL_OP_KEYMGMT) operation (see +provider-keymgmt(7)>.

    +

    OP_signature_verify_recover() performs the actual verify recover itself. +A previously initialised signature context is passed in the ctx parameter. +The signature is pointed to by the sig parameter which is siglen bytes +long. +Unless rout is NULL, the recovered data should be written to the location +pointed to by rout which should not exceed routsize bytes in length. +The length of the recovered data should be written to *routlen. +If rout is NULL then the maximum size of the output buffer is written to +the routlen parameter.

    +

    +

    +

    Signature Parameters

    +

    See OSSL_PARAM(3) for further details on the parameters structure used by +the OP_signature_get_ctx_params() and OP_signature_set_ctx_params() functions.

    +

    OP_signature_get_ctx_params() gets signature parameters associated with the +given provider side signature context ctx and stored them in params. +OP_signature_set_ctx_params() sets the signature parameters associated with the +given provider side signature context ctx to params. +Any parameter settings are additional to any that were previously set.

    +

    Parameters currently recognised by built-in signature algorithms are as +follows. +Not all parameters are relevant to, or are understood by all signature +algorithms:

    +
    +
    "digest" (OSSL_SIGNATURE_PARAM_DIGEST) <UTF8 string>
    + +
    +

    Get or sets the name of the digest algorithm used for the input to the signature +functions.

    +
    +
    "digest-size" (OSSL_SIGNATURE_PARAM_DIGEST_SIZE) <unsigned integer>
    + +
    +

    Gets or sets the output size of the digest algorithm used for the input to the +signature functions. +The length of the "digest-size" parameter should not exceed that of a size_t.

    +
    +
    +

    OP_signature_gettable_ctx_params() and OP_signature_settable_ctx_params() get a +constant OSSL_PARAM array that describes the gettable and settable parameters, +i.e. parameters that can be used with OP_signature_get_ctx_params() and +OP_signature_set_ctx_params() respectively. +See OSSL_PARAM(3) for the use of OSSL_PARAM as parameter descriptor.

    +

    +

    +
    +

    RETURN VALUES

    +

    OP_signature_newctx() and OP_signature_dupctx() should return the newly created +provider side signature, or NULL on failure.

    +

    All other functions should return 1 for success or 0 on error.

    +

    +

    +
    +

    SEE ALSO

    +

    provider(7)

    +

    +

    +
    +

    HISTORY

    +

    The provider SIGNATURE interface was introduced in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man7/provider.html b/linux_amd64/share/doc/openssl/html/man7/provider.html new file mode 100755 index 0000000..ba16dfa --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man7/provider.html @@ -0,0 +1,415 @@ + + + + +provider + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    provider - OpenSSL operation implementation providers

    +

    +

    +
    +

    SYNOPSIS

    +

    #include <openssl/provider.h>

    +

    +

    +
    +

    DESCRIPTION

    +

    +

    +

    General

    +

    A provider, in OpenSSL terms, is a unit of code that provides one +or more implementations for various operations for diverse algorithms +that one might want to perform.

    +

    An operation is something one wants to do, such as encryption and +decryption, key derivation, MAC calculation, signing and verification, +etc.

    +

    An algorithm is a named method to perform an operation. +Very often, the algorithms revolve around cryptographic operations, +but may also revolve around other types of operation, such as managing +certain types of objects.

    +

    +

    +

    Provider

    +

    NOTE: This section is mostly interesting for provider authors.

    +

    A provider offers an initialization function, as a set of base +functions in the form of an OSSL_DISPATCH array, and by extension, +a set of OSSL_ALGORITHMs (see openssl-core.h(7)). +It may be a dynamically loadable module, or may be built-in, in +OpenSSL libraries or in the application. +If it's a dynamically loadable module, the initialization function +must be named OSSL_provider_init and must be exported. +If it's built-in, the initialization function may have any name.

    +

    The initialization function must have the following signature:

    +
    + int NAME(const OSSL_PROVIDER *provider,
+          const OSSL_DISPATCH *in, const OSSL_DISPATCH **out,
+          void **provctx);
    +

    provider is the OpenSSL library object for the provider, and works +as a handle for everything the OpenSSL libraries need to know about +the provider. +For the provider itself, it may hold some interesting information, +and is also passed to some of the functions given in the dispatch +array in.

    +

    in is a dispatch array of base functions offered by the OpenSSL +libraries, and the available functions are further described in +provider-base(7).

    +

    *out must be assigned a dispatch array of base functions that the +provider offers to the OpenSSL libraries. +The functions that may be offered are further described in +provider-base(7), and they are the central means of communication +between the OpenSSL libraries and the provider.

    +

    *provctx should be assigned a provider specific context to allow +the provider multiple simultaneous uses. +This pointer will be passed to various operation functions offered by +the provider.

    +

    One of the functions the provider offers to the OpenSSL libraries is +the central mechanism for the OpenSSL libraries to get access to +operation implementations for diverse algorithms. +Its referred to with the number OSSL_FUNC_PROVIDER_QUERY_OPERATION +and has the following signature:

    +
    + const OSSL_ALGORITHM *provider_query_operation(void *provctx,
+                                                int operation_id,
+                                                const int *no_store);
    +

    provctx is the provider specific context that was passed back by +the initialization function.

    +

    operation_id is an operation identity (see Operations below).

    +

    no_store is a flag back to the OpenSSL libraries which, when +nonzero, signifies that the OpenSSL libraries will not store a +reference to the returned data in their internal store of +implementations.

    +

    The returned OSSL_ALGORITHM is the foundation of any OpenSSL +library API that uses providers for their implementation, most +commonly in the fetching type of functions +(see Fetching algorithms below).

    +

    +

    +

    Operations

    +

    NOTE: This section is mostly interesting for provider authors.

    +

    Operations are referred to with numbers, via macros with names +starting with OSSL_OP_.

    +

    With each operation comes a set of defined function types that a +provider may or may not offer, depending on its needs.

    +

    Currently available operations are:

    +
    +
    Digests
    + +
    +

    In the OpenSSL libraries, the corresponding method object is +EVP_MD. +The number for this operation is OSSL_OP_DIGEST. +The functions the provider can offer are described in +provider-digest(7)

    +
    +
    Symmetric ciphers
    + +
    +

    In the OpenSSL libraries, the corresponding method object is +EVP_CIPHER. +The number for this operation is OSSL_OP_CIPHER. +The functions the provider can offer are described in +provider-cipher(7)

    +
    +
    Message Authentication Code (MAC)
    + +
    +

    In the OpenSSL libraries, the corresponding method object is +EVP_MAC. +The number for this operation is OSSL_OP_MAC. +The functions the provider can offer are described in +provider-mac(7)

    +
    +
    Key Derivation Function (KDF)
    + +
    +

    In the OpenSSL libraries, the corresponding method object is +EVP_KDF. +The number for this operation is OSSL_OP_KDF. +The functions the provider can offer are described in +provider-kdf(7)

    +
    +
    Key Exchange
    + +
    +

    In the OpenSSL libraries, the corresponding method object is +EVP_KEYEXCH. +The number for this operation is OSSL_OP_KEYEXCH. +The functions the provider can offer are described in +provider-keyexch(7)

    +
    +
    Serialization
    + +
    +

    In the OpenSSL libraries, the corresponding method object is +OSSL_SERIALIZER. +The number for this operation is OSSL_OP_SERIALIZER. +The functions the provider can offer are described in +provider-serializer(7)

    +
    +
    +

    +

    +

    Fetching algorithms

    +

    +

    +

    Explicit fetch

    +

    NOTE: This section is mostly interesting to OpenSSL users.

    +

    Users of the OpenSSL libraries never query the provider directly for +its diverse implementations and dispatch tables. +Instead, the diverse OpenSSL APIs often have fetching functions that +do the work, and they return an appropriate method object back to the +user. +These functions usually have the name APINAME_fetch, where +APINAME is the name of the API, for example EVP_MD_fetch(3).

    +

    These fetching functions follow a fairly common pattern, where three +arguments are passed:

    +
    +
    The library context
    + +
    +

    See OPENSSL_CTX(3) for a more detailed description. +This may be NULL to signify the default (global) library context, or a +context created by the user. +Only providers loaded in this library context (see +OSSL_PROVIDER_load(3)) will be considered by the fetching +function.

    +
    +
    An identifier
    + +
    +

    This is most commonly an algorithm name (this is the case for all EVP +methods), but may also be called something else.

    +
    +
    A property query string
    + +
    +

    See property(7) for a more detailed description. +This is used to select more exactly which providers will get to offer +an implementation.

    +
    +
    +

    The method object that is fetched can then be used with diverse other +functions that use them, for example EVP_DigestInit_ex(3).

    +

    +

    +

    Implicit fetch

    +

    NOTE: This section is mostly interesting to OpenSSL users.

    +

    OpenSSL has a number of functions that return a method object with no +associated implementation, such as EVP_sha256(3), +EVP_blake2b512(3) or EVP_aes_128_cbc(3), which are present for +compatibility with OpenSSL before version 3.0.

    +

    When they are used with functions like EVP_DigestInit_ex(3) or +EVP_CipherInit_ex(3), the actual implementation to be used is +fetched implicitly using default search criteria.

    +

    Implicit fetching can also occur when a NULL algorithm parameter is +supplied. +In this case an algorithm implementation is implicitly fetched using +default search criteria and an algorithm name that is consistent with +the type of EVP_PKEY being used.

    +

    +

    +

    Algorithm naming

    +

    Algorithm names are case insensitive. Any particular algorithm can have multiple +aliases associated with it. The canonical OpenSSL naming scheme follows this +format:

    +

    ALGNAME[VERSION?][-SUBNAME[VERSION?]?][-SIZE?][-MODE?]

    +

    VERSION is only present if there are multiple versions of an algorithm (e.g. +MD2, MD4, MD5). It may be omitted if there is only one version.

    +

    SUBNAME may be present where multiple algorithms are combined together, +e.g. MD5-SHA1.

    +

    SIZE is only present if multiple versions of an algorithm exist with different +sizes (e.g. AES-128-CBC, AES-256-CBC)

    +

    MODE is only present where applicable.

    +

    Other aliases may exist for example where standards bodies or common practice +use alternative names or names that OpenSSL has used historically.

    +

    +

    +
    +

    OPENSSL PROVIDERS

    +

    OpenSSL comes with a set of providers.

    +

    The algorithms available in each of these providers may vary due to build time +configuration options. The openssl-list(1) command can be used to list the +currently available algorithms.

    +

    The names of the algorithms shown from openssl-list(1) can be used as an +algorithm identifier to the appropriate fetching function.

    +

    +

    +

    Default provider

    +

    The default provider is built in as part of the libcrypto library. +Should it be needed (if other providers are loaded and offer +implementations of the same algorithms), the property "provider=default" +can be used as a search criterion for these implementations. Some +non-cryptographic algorithms (such as serializers for loading keys and +parameters from files) are not FIPS algorithm implementations in themselves but +support algorithms from the FIPS provider and are allowed for use in "FIPS +mode". The property "fips=yes" can be used to select such algorithms.

    +

    +

    +

    FIPS provider

    +

    The FIPS provider is a dynamically loadable module, and must therefore +be loaded explicitly, either in code or through OpenSSL configuration +(see config(5)). +Should it be needed (if other providers are loaded and offer +implementations of the same algorithms), the property "provider=fips" can +be used as a search criterion for these implementations. All algorithm +implementations in the FIPS provider can also be selected with the property +"fips=yes".

    +

    +

    +

    Legacy provider

    +

    The legacy provider is a dynamically loadable module, and must therefore +be loaded explicitly, either in code or through OpenSSL configuration +(see config(5)). +Should it be needed (if other providers are loaded and offer +implementations of the same algorithms), the property "provider=legacy" can be +used as a search criterion for these implementations.

    +

    +

    +
    +

    EXAMPLES

    +

    +

    +

    Fetching

    +

    Fetch any available implementation of SHA2-256 in the default context:

    +
    + EVP_MD *md = EVP_MD_fetch(NULL, "SHA2-256", NULL);
+ ...
+ EVP_MD_meth_free(md);
    +

    Fetch any available implementation of AES-128-CBC in the default context:

    +
    + EVP_CIPHER *cipher = EVP_CIPHER_fetch(NULL, "AES-128-CBC", NULL);
+ ...
+ EVP_CIPHER_meth_free(cipher);
    +

    Fetch an implementation of SHA2-256 from the default provider in the default +context:

    +
    + EVP_MD *md = EVP_MD_fetch(NULL, "SHA2-256", "provider=default");
+ ...
+ EVP_MD_meth_free(md);
    +

    Fetch an implementation of SHA2-256 that is not from the default provider in the +default context:

    +
    + EVP_MD *md = EVP_MD_fetch(NULL, "SHA2-256", "provider!=default");
+ ...
+ EVP_MD_meth_free(md);
    +

    Fetch an implementation of SHA2-256 from the default provider in the specified +context:

    +
    + EVP_MD *md = EVP_MD_fetch(ctx, "SHA2-256", "provider=default");
+ ...
+ EVP_MD_meth_free(md);
    +

    Load the legacy provider into the default context and then fetch an +implementation of WHIRLPOOL from it:

    +
    + /* This only needs to be done once - usually at application start up */
+ OSSL_PROVIDER *legacy = OSSL_PROVIDER_load(NULL, "legacy");
    +
    + EVP_MD *md = EVP_MD_fetch(NULL, "WHIRLPOOL", "provider=legacy");
+ ...
+ EVP_MD_meth_free(md);
    +

    Note that in the above example the property string "provider=legacy" is optional +since, assuming no other providers have been loaded, the only implementation of +the "whirlpool" algorithm is in the "legacy" provider. Also note that the +default provider should be explicitly loaded if it is required in addition to +other providers:

    +
    + /* This only needs to be done once - usually at application start up */
+ OSSL_PROVIDER *legacy = OSSL_PROVIDER_load(NULL, "legacy");
+ OSSL_PROVIDER *default = OSSL_PROVIDER_load(NULL, "default");
    +
    + EVP_MD *md_whirlpool = EVP_MD_fetch(NULL, "whirlpool", NULL);
+ EVP_MD *md_sha256 = EVP_MD_fetch(NULL, "SHA2-256", NULL);
+ ...
+ EVP_MD_meth_free(md_whirlpool);
+ EVP_MD_meth_free(md_sha256);
    +

    +

    +
    +

    SEE ALSO

    +

    EVP_DigestInit_ex(3), EVP_EncryptInit_ex(3), +OPENSSL_CTX(3), +EVP_set_default_properties(3), +EVP_MD_fetch(3), +EVP_CIPHER_fetch(3), +EVP_KEYMGMT_fetch(3), +openssl-core.h(7), +provider-base(7), +provider-digest(7), +provider-cipher(7), +provider-keyexch(7)

    +

    +

    +
    +

    HISTORY

    +

    The concept of providers and everything surrounding them was +introduced in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man7/proxy-certificates.html b/linux_amd64/share/doc/openssl/html/man7/proxy-certificates.html new file mode 100755 index 0000000..257043e --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man7/proxy-certificates.html @@ -0,0 +1,377 @@ + + + + +proxy-certificates + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    proxy-certificates - Proxy certificates in OpenSSL

    +

    +

    +
    +

    DESCRIPTION

    +

    Proxy certificates are defined in RFC 3820. They are used to +extend rights to some other entity (a computer process, typically, or +sometimes to the user itself). This allows the entity to perform +operations on behalf of the owner of the EE (End Entity) certificate.

    +

    The requirements for a valid proxy certificate are:

    +
      +
    • +

      They are issued by an End Entity, either a normal EE certificate, or +another proxy certificate.

      +
      • +
    • +

      They must not have the subjectAltName or issuerAltName +extensions.

      +
      • +
    • +

      They must have the proxyCertInfo extension.

      +
      • +
    • +

      They must have the subject of their issuer, with one commonName +added.

      +
      • +
    +

    +

    +

    Enabling proxy certificate verification

    +

    OpenSSL expects applications that want to use proxy certificates to be +specially aware of them, and make that explicit. This is done by +setting an X509 verification flag:

    +
    +    X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS);
    +

    or

    +
    +    X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_ALLOW_PROXY_CERTS);
    +

    See NOTES for a discussion on this requirement.

    +

    +

    +

    Creating proxy certificates

    +

    Creating proxy certificates can be done using the openssl-x509(1) +command, with some extra extensions:

    +
    +    [ v3_proxy ]
+    # A proxy certificate MUST NEVER be a CA certificate.
+    basicConstraints=CA:FALSE
    +
    +    # Usual authority key ID
+    authorityKeyIdentifier=keyid,issuer:always
    +
    +    # The extension which marks this certificate as a proxy
+    proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:1,policy:text:AB
    +

    It's also possible to specify the proxy extension in a separate section:

    +
    +    proxyCertInfo=critical,@proxy_ext
    +
    +    [ proxy_ext ]
+    language=id-ppl-anyLanguage
+    pathlen=0
+    policy=text:BC
    +

    The policy value has a specific syntax, syntag:string, where the +syntag determines what will be done with the string. The following +syntags are recognised:

    +
    +
    text
    + +
    +

    indicates that the string is a byte sequence, without any encoding:

    +
    +    policy=text:räksmörgås
    +
    +
    hex
    + +
    +

    indicates the string is encoded hexadecimal encoded binary data, with +colons between each byte (every second hex digit):

    +
    +    policy=hex:72:E4:6B:73:6D:F6:72:67:E5:73
    +
    +
    file
    + +
    +

    indicates that the text of the policy should be taken from a file. +The string is then a filename. This is useful for policies that are +large (more than a few lines, e.g. XML documents).

    +
    +
    +

    NOTE: The proxy policy value is what determines the rights granted +to the process during the proxy certificate. It's up to the +application to interpret and combine these policies.

    +

    With a proxy extension, creating a proxy certificate is a matter of +two commands:

    +
    +    openssl req -new -config proxy.cnf \
+        -out proxy.req -keyout proxy.key \
+        -subj "/DC=org/DC=openssl/DC=users/CN=proxy 1"
    +
    +    openssl x509 -req -CAcreateserial -in proxy.req -out proxy.crt \
+        -CA user.crt -CAkey user.key -days 7 \
+        -extfile proxy.cnf -extensions v3_proxy1
    +

    You can also create a proxy certificate using another proxy +certificate as issuer (note: using a different configuration +section for the proxy extensions):

    +
    +    openssl req -new -config proxy.cnf \
+        -out proxy2.req -keyout proxy2.key \
+        -subj "/DC=org/DC=openssl/DC=users/CN=proxy 1/CN=proxy 2"
    +
    +    openssl x509 -req -CAcreateserial -in proxy2.req -out proxy2.crt \
+        -CA proxy.crt -CAkey proxy.key -days 7 \
+        -extfile proxy.cnf -extensions v3_proxy2
    +

    +

    +

    Using proxy certs in applications

    +

    To interpret proxy policies, the application would normally start with +some default rights (perhaps none at all), then compute the resulting +rights by checking the rights against the chain of proxy certificates, +user certificate and CA certificates.

    +

    The complicated part is figuring out how to pass data between your +application and the certificate validation procedure.

    +

    The following ingredients are needed for such processing:

    +
      +
    • +

      a callback function that will be called for every certificate being +validated. The callback is called several times for each certificate, +so you must be careful to do the proxy policy interpretation at the +right time. You also need to fill in the defaults when the EE +certificate is checked.

      +
      • +
    • +

      a data structure that is shared between your application code and the +callback.

      +
      • +
    • +

      a wrapper function that sets it all up.

      +
      • +
    • +

      an ex_data index function that creates an index into the generic +ex_data store that is attached to an X509 validation context.

      +
      • +
    +

    The following skeleton code can be used as a starting point:

    +
    +    #include <string.h>
+    #include <netdb.h>
+    #include <openssl/x509.h>
+    #include <openssl/x509v3.h>
    +
    +    #define total_rights 25
    +
    +    /*
+     * In this example, I will use a view of granted rights as a bit
+     * array, one bit for each possible right.
+     */
+    typedef struct your_rights {
+        unsigned char rights[(total_rights + 7) / 8];
+    } YOUR_RIGHTS;
    +
    +    /*
+     * The following procedure will create an index for the ex_data
+     * store in the X509 validation context the first time it's
+     * called.  Subsequent calls will return the same index.
+     */
+    static int get_proxy_auth_ex_data_idx(X509_STORE_CTX *ctx)
+    {
+        static volatile int idx = -1;
    +
    +        if (idx < 0) {
+            X509_STORE_lock(X509_STORE_CTX_get0_store(ctx));
+            if (idx < 0) {
+                idx = X509_STORE_CTX_get_ex_new_index(0,
+                                                      "for verify callback",
+                                                      NULL,NULL,NULL);
+            }
+            X509_STORE_unlock(X509_STORE_CTX_get0_store(ctx));
+        }
+        return idx;
+    }
    +
    +    /* Callback to be given to the X509 validation procedure.  */
+    static int verify_callback(int ok, X509_STORE_CTX *ctx)
+    {
+        if (ok == 1) {
+            /*
+             * It's REALLY important you keep the proxy policy check
+             * within this section.  It's important to know that when
+             * ok is 1, the certificates are checked from top to
+             * bottom.  You get the CA root first, followed by the
+             * possible chain of intermediate CAs, followed by the EE
+             * certificate, followed by the possible proxy
+             * certificates. 
+             */
+            X509 *xs = X509_STORE_CTX_get_current_cert(ctx);
    +
    +            if (X509_get_extension_flags(xs) & EXFLAG_PROXY) {
+                YOUR_RIGHTS *rights =
+                    (YOUR_RIGHTS *)X509_STORE_CTX_get_ex_data(ctx,
+                        get_proxy_auth_ex_data_idx(ctx));
+                PROXY_CERT_INFO_EXTENSION *pci =
+                    X509_get_ext_d2i(xs, NID_proxyCertInfo, NULL, NULL);
    +
    +                switch (OBJ_obj2nid(pci->proxyPolicy->policyLanguage)) {
+                case NID_Independent:
+                    /*
+                     * Do whatever you need to grant explicit rights
+                     * to this particular proxy certificate, usually
+                     * by pulling them from some database.  If there
+                     * are none to be found, clear all rights (making
+                     * this and any subsequent proxy certificate void
+                     * of any rights). 
+                     */
+                    memset(rights->rights, 0, sizeof(rights->rights));
+                    break;
+                case NID_id_ppl_inheritAll:
+                    /*
+                     * This is basically a NOP, we simply let the
+                     * current rights stand as they are.
+                     */
+                    break;
+                default:
+                    /*
+                     * This is usually the most complex section of
+                     * code.  You really do whatever you want as long
+                     * as you follow RFC 3820.  In the example we use
+                     * here, the simplest thing to do is to build
+                     * another, temporary bit array and fill it with
+                     * the rights granted by the current proxy
+                     * certificate, then use it as a mask on the
+                     * accumulated rights bit array, and voilà, you
+                     * now have a new accumulated rights bit array.
+                     */
+                    {
+                        int i;
+                        YOUR_RIGHTS tmp_rights;
+                        memset(tmp_rights.rights, 0,
+                               sizeof(tmp_rights.rights));
    +
    +                        /*
+                         * process_rights() is supposed to be a
+                         * procedure that takes a string and its
+                         * length, interprets it and sets the bits
+                         * in the YOUR_RIGHTS pointed at by the
+                         * third argument.
+                         */
+                        process_rights((char *) pci->proxyPolicy->policy->data,
+                                       pci->proxyPolicy->policy->length,
+                                       &tmp_rights);
    +
    +                        for(i = 0; i < total_rights / 8; i++)
+                            rights->rights[i] &= tmp_rights.rights[i];
+                    }
+                    break;
+                }
+                PROXY_CERT_INFO_EXTENSION_free(pci);
+            } else if (!(X509_get_extension_flags(xs) & EXFLAG_CA)) {
+                /* We have an EE certificate, let's use it to set default! */
+                YOUR_RIGHTS *rights =
+                    (YOUR_RIGHTS *)X509_STORE_CTX_get_ex_data(ctx,
+                        get_proxy_auth_ex_data_idx(ctx));
    +
    +                /*
+                 * The following procedure finds out what rights the
+                 * owner of the current certificate has, and sets them
+                 * in the YOUR_RIGHTS structure pointed at by the
+                 * second argument.
+                 */
+                set_default_rights(xs, rights);
+            }
+        }
+        return ok;
+    }
    +
    +    static int my_X509_verify_cert(X509_STORE_CTX *ctx,
+                                   YOUR_RIGHTS *needed_rights)
+    {
+        int ok;
+        int (*save_verify_cb)(int ok,X509_STORE_CTX *ctx) =
+            X509_STORE_CTX_get_verify_cb(ctx);
+        YOUR_RIGHTS rights;
    +
    +        X509_STORE_CTX_set_verify_cb(ctx, verify_callback);
+        X509_STORE_CTX_set_ex_data(ctx, get_proxy_auth_ex_data_idx(ctx),
+                                   &rights);
+        X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS);
+        ok = X509_verify_cert(ctx);
    +
    +        if (ok == 1) {
+            ok = check_needed_rights(rights, needed_rights);
+        }
    +
    +        X509_STORE_CTX_set_verify_cb(ctx, save_verify_cb);
    +
    +        return ok;
+    }
    +

    If you use SSL or TLS, you can easily set up a callback to have the +certificates checked properly, using the code above:

    +
    +    SSL_CTX_set_cert_verify_callback(s_ctx, my_X509_verify_cert,
+                                     &needed_rights);
    +

    +

    +
    +

    NOTES

    +

    To this date, it seems that proxy certificates have only been used in +environments that are aware of them, and no one seems to have +investigated how they can be used or misused outside of such an +environment.

    +

    For that reason, OpenSSL requires that applications aware of proxy +certificates must also make that explicit.

    +

    subjectAltName and issuerAltName are forbidden in proxy +certificates, and this is enforced in OpenSSL. The subject must be +the same as the issuer, with one commonName added on.

    +

    +

    +
    +

    SEE ALSO

    +

    X509_STORE_CTX_set_flags(3), +X509_STORE_CTX_set_verify_cb(3), +X509_VERIFY_PARAM_set_flags(3), +SSL_CTX_set_cert_verify_callback(3), +openssl-req(1), openssl-x509(1), +RFC 3820

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man7/ssl.html b/linux_amd64/share/doc/openssl/html/man7/ssl.html new file mode 100755 index 0000000..fa37a3a --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man7/ssl.html @@ -0,0 +1,154 @@ + + + + +ssl + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    ssl - OpenSSL SSL/TLS library

    +

    +

    +
    +

    SYNOPSIS

    +

    See the individual manual pages for details.

    +

    +

    +
    +

    DESCRIPTION

    +

    The OpenSSL ssl library implements several versions of the +Secure Sockets Layer, Transport Layer Security, and Datagram Transport Layer +Security protocols. +This page gives a brief overview of the extensive API and data types +provided by the library.

    +

    An SSL_CTX object is created as a framework to establish +TLS/SSL enabled connections (see SSL_CTX_new(3)). +Various options regarding certificates, algorithms etc. can be set +in this object.

    +

    When a network connection has been created, it can be assigned to an +SSL object. After the SSL object has been created using +SSL_new(3), SSL_set_fd(3) or +SSL_set_bio(3) can be used to associate the network +connection with the object.

    +

    When the TLS/SSL handshake is performed using +SSL_accept(3) or SSL_connect(3) +respectively. +SSL_read_ex(3), SSL_read(3), SSL_write_ex(3) and SSL_write(3) are +used to read and write data on the TLS/SSL connection. +SSL_shutdown(3) can be used to shut down the +TLS/SSL connection.

    +

    +

    +
    +

    DATA STRUCTURES

    +

    Here are some of the main data structures in the library.

    +
    +
    SSL_METHOD (SSL Method)
    + +
    +

    This is a dispatch structure describing the internal ssl library +methods/functions which implement the various protocol versions (SSLv3 +TLSv1, ...). It's needed to create an SSL_CTX.

    +
    +
    SSL_CIPHER (SSL Cipher)
    + +
    +

    This structure holds the algorithm information for a particular cipher which +are a core part of the SSL/TLS protocol. The available ciphers are configured +on a SSL_CTX basis and the actual ones used are then part of the +SSL_SESSION.

    +
    +
    SSL_CTX (SSL Context)
    + +
    +

    This is the global context structure which is created by a server or client +once per program life-time and which holds mainly default values for the +SSL structures which are later created for the connections.

    +
    +
    SSL_SESSION (SSL Session)
    + +
    +

    This is a structure containing the current TLS/SSL session details for a +connection: SSL_CIPHERs, client and server certificates, keys, etc.

    +
    +
    SSL (SSL Connection)
    + +
    +

    This is the main SSL/TLS structure which is created by a server or client per +established connection. This actually is the core structure in the SSL API. +At run-time the application usually deals with this structure which has +links to mostly all other structures.

    +
    +
    +

    +

    +
    +

    HEADER FILES

    +

    Currently the OpenSSL ssl library provides the following C header files +containing the prototypes for the data structures and functions:

    +
    +
    <openssl/ssl.h >>
    + +
    +

    This is the common header file for the SSL/TLS API. Include it into your +program to make the API of the ssl library available. It internally +includes both more private SSL headers and headers from the crypto library. +Whenever you need hard-core details on the internals of the SSL API, look +inside this header file. +This file also includes the others listed below.

    +
    +
    <openssl/ssl2.h >>
    + +
    +

    Unused. Present for backwards compatibility only.

    +
    +
    <openssl/ssl3.h >>
    + +
    +

    This is the sub header file dealing with the SSLv3 protocol only.

    +
    +
    <openssl/tls1.h >>
    + +
    +

    This is the sub header file dealing with the TLSv1 protocol only.

    +
    +
    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/doc/openssl/html/man7/x509.html b/linux_amd64/share/doc/openssl/html/man7/x509.html new file mode 100755 index 0000000..cd28c2d --- /dev/null +++ b/linux_amd64/share/doc/openssl/html/man7/x509.html @@ -0,0 +1,98 @@ + + + + +x509 + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    x509 - X.509 certificate handling

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509.h>
    +

    +

    +
    +

    DESCRIPTION

    +

    An X.509 certificate is a structured grouping of information about +an individual, a device, or anything one can imagine. A X.509 CRL +(certificate revocation list) is a tool to help determine if a +certificate is still valid. The exact definition of those can be +found in the X.509 document from ITU-T, or in RFC3280 from PKIX. +In OpenSSL, the type X509 is used to express such a certificate, and +the type X509_CRL is used to express a CRL.

    +

    A related structure is a certificate request, defined in PKCS#10 from +RSA Security, Inc, also reflected in RFC2896. In OpenSSL, the type +X509_REQ is used to express such a certificate request.

    +

    To handle some complex parts of a certificate, there are the types +X509_NAME (to express a certificate name), X509_ATTRIBUTE (to express +a certificate attributes), X509_EXTENSION (to express a certificate +extension) and a few more.

    +

    Finally, there's the supertype X509_INFO, which can contain a CRL, a +certificate and a corresponding private key.

    +

    X509_XXX, d2i_X509_XXX, and i2d_X509_XXX functions +handle X.509 certificates, with some exceptions, shown below.

    +

    X509_CRL_XXX, d2i_X509_CRL_XXX, and i2d_X509_CRL_XXX +functions handle X.509 CRLs.

    +

    X509_REQ_XXX, d2i_X509_REQ_XXX, and i2d_X509_REQ_XXX +functions handle PKCS#10 certificate requests.

    +

    X509_NAME_XXX functions handle certificate names.

    +

    X509_ATTRIBUTE_XXX functions handle certificate attributes.

    +

    X509_EXTENSION_XXX functions handle certificate extensions.

    +

    +

    +
    +

    SEE ALSO

    +

    X509_NAME_ENTRY_get_object(3), +X509_NAME_add_entry_by_txt(3), +X509_NAME_add_entry_by_NID(3), +X509_NAME_print_ex(3), +X509_NAME_new(3), +d2i_X509(3), +d2i_X509_ALGOR(3), +d2i_X509_CRL(3), +d2i_X509_NAME(3), +d2i_X509_REQ(3), +d2i_X509_SIG(3), +crypto(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2003-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/share/man/man1/CA.pl.1 b/linux_amd64/share/man/man1/CA.pl.1 new file mode 100755 index 0000000..5bbe052 --- /dev/null +++ b/linux_amd64/share/man/man1/CA.pl.1 @@ -0,0 +1,336 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CA.PL 1" +.TH CA.PL 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CA.pl \- friendlier interface for OpenSSL certificate programs +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fB\s-1CA\s0.pl\fR +\&\fB\-?\fR | +\&\fB\-h\fR | +\&\fB\-help\fR +.PP +\&\fB\s-1CA\s0.pl\fR +\&\fB\-newcert\fR | +\&\fB\-newreq\fR | +\&\fB\-newreq\-nodes\fR | +\&\fB\-xsign\fR | +\&\fB\-sign\fR | +\&\fB\-signCA\fR | +\&\fB\-signcert\fR | +\&\fB\-crl\fR | +\&\fB\-newca\fR +[\fB\-extra\-cmd\fR \fIextra-params\fR] +.PP +\&\fB\s-1CA\s0.pl\fR \fB\-pkcs12\fR [\fB\-extra\-pkcs12\fR \fIextra-params\fR] [\fIcertname\fR] +.PP +\&\fB\s-1CA\s0.pl\fR \fB\-verify\fR [\fB\-extra\-verify\fR \fIextra-params\fR] \fIcertfile\fR ... +.PP +\&\fB\s-1CA\s0.pl\fR \fB\-revoke\fR [\fB\-extra\-ca\fR \fIextra-params\fR] \fIcertfile\fR [\fIreason\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1CA\s0.pl\fR script is a perl script that supplies the relevant command line +arguments to the \fIopenssl\fR\|(1) command for some common certificate operations. +It is intended to simplify the process of certificate creation and management +by the use of some simple options. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB?\fR, \fB\-h\fR, \fB\-help\fR" 4 +.IX Item "?, -h, -help" +Prints a usage message. +.IP "\fB\-newcert\fR" 4 +.IX Item "-newcert" +Creates a new self signed certificate. The private key is written to the file +\&\fInewkey.pem\fR and the request written to the file \fInewreq.pem\fR. +Invokes \fIopenssl\-req\fR\|(1). +.IP "\fB\-newreq\fR" 4 +.IX Item "-newreq" +Creates a new certificate request. The private key is written to the file +\&\fInewkey.pem\fR and the request written to the file \fInewreq.pem\fR. +Executes \fIopenssl\-req\fR\|(1) under the hood. +.IP "\fB\-newreq\-nodes\fR" 4 +.IX Item "-newreq-nodes" +Is like \fB\-newreq\fR except that the private key will not be encrypted. +Uses \fIopenssl\-req\fR\|(1). +.IP "\fB\-newca\fR" 4 +.IX Item "-newca" +Creates a new \s-1CA\s0 hierarchy for use with the \fBca\fR program (or the \fB\-signcert\fR +and \fB\-xsign\fR options). The user is prompted to enter the filename of the \s-1CA\s0 +certificates (which should also contain the private key) or by hitting \s-1ENTER\s0 +details of the \s-1CA\s0 will be prompted for. The relevant files and directories +are created in a directory called \fIdemoCA\fR in the current directory. +Uses \fIopenssl\-req\fR\|(1) and \fIopenssl\-ca\fR\|(1). +.IP "\fB\-pkcs12\fR" 4 +.IX Item "-pkcs12" +Create a PKCS#12 file containing the user certificate, private key and \s-1CA\s0 +certificate. It expects the user certificate and private key to be in the +file \fInewcert.pem\fR and the \s-1CA\s0 certificate to be in the file \fIdemoCA/cacert.pem\fR, +it creates a file \fInewcert.p12\fR. This command can thus be called after the +\&\fB\-sign\fR option. The PKCS#12 file can be imported directly into a browser. +If there is an additional argument on the command line it will be used as the +\&\*(L"friendly name\*(R" for the certificate (which is typically displayed in the browser +list box), otherwise the name \*(L"My Certificate\*(R" is used. +Delegates work to \fIopenssl\-pkcs12\fR\|(1). +.IP "\fB\-sign\fR, \fB\-signcert\fR, \fB\-xsign\fR" 4 +.IX Item "-sign, -signcert, -xsign" +Calls the \fIopenssl\-ca\fR\|(1) command to sign a certificate request. It expects the +request to be in the file \fInewreq.pem\fR. The new certificate is written to the +file \fInewcert.pem\fR except in the case of the \fB\-xsign\fR option when it is +written to standard output. +.IP "\fB\-signCA\fR" 4 +.IX Item "-signCA" +This option is the same as the \fB\-signreq\fR option except it uses the +configuration file section \fBv3_ca\fR and so makes the signed request a +valid \s-1CA\s0 certificate. This is useful when creating intermediate \s-1CA\s0 from +a root \s-1CA\s0. Extra params are passed to \fIopenssl\-ca\fR\|(1). +.IP "\fB\-signcert\fR" 4 +.IX Item "-signcert" +This option is the same as \fB\-sign\fR except it expects a self signed certificate +to be present in the file \fInewreq.pem\fR. +Extra params are passed to \fIopenssl\-x509\fR\|(1) and \fIopenssl\-ca\fR\|(1). +.IP "\fB\-crl\fR" 4 +.IX Item "-crl" +Generate a \s-1CRL\s0. Executes \fIopenssl\-ca\fR\|(1). +.IP "\fB\-revoke\fR \fIcertfile\fR [\fIreason\fR]" 4 +.IX Item "-revoke certfile [reason]" +Revoke the certificate contained in the specified \fBcertfile\fR. An optional +reason may be specified, and must be one of: \fBunspecified\fR, +\&\fBkeyCompromise\fR, \fBCACompromise\fR, \fBaffiliationChanged\fR, \fBsuperseded\fR, +\&\fBcessationOfOperation\fR, \fBcertificateHold\fR, or \fBremoveFromCRL\fR. +Leverages \fIopenssl\-ca\fR\|(1). +.IP "\fB\-verify\fR" 4 +.IX Item "-verify" +Verifies certificates against the \s-1CA\s0 certificate for \fIdemoCA\fR. If no +certificates are specified on the command line it tries to verify the file +\&\fInewcert.pem\fR. Invokes \fIopenssl\-verify\fR\|(1). +.IP "\fB\-extra\-req\fR | \fB\-extra\-ca\fR | \fB\-extra\-pkcs12\fR | \fB\-extra\-x509\fR | \fB\-extra\-verify\fR \fIextra-params\fR" 4 +.IX Item "-extra-req | -extra-ca | -extra-pkcs12 | -extra-x509 | -extra-verify extra-params" +For each option \fBextra\-\f(BIcmd\fB\fR, pass \fIextra-params\fR to the \fIopenssl\fR\|(1) +sub-command with the same name as \fIcmd\fR, if that sub-command is invoked. +For example, if \fIopenssl\-req\fR\|(1) is invoked, the \fIextra-params\fR given with +\&\fB\-extra\-req\fR will be passed to it. +Users should consult \fIopenssl\fR\|(1) command documentation for more information. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Create a \s-1CA\s0 hierarchy: +.PP +.Vb 1 +\& CA.pl \-newca +.Ve +.PP +Complete certificate creation example: create a \s-1CA\s0, create a request, sign +the request and finally create a PKCS#12 file containing it. +.PP +.Vb 4 +\& CA.pl \-newca +\& CA.pl \-newreq +\& CA.pl \-signreq +\& CA.pl \-pkcs12 "My Test Certificate" +.Ve +.SH "DSA CERTIFICATES" +.IX Header "DSA CERTIFICATES" +Although the \fB\s-1CA\s0.pl\fR creates \s-1RSA\s0 CAs and requests it is still possible to +use it with \s-1DSA\s0 certificates and requests using the \fIopenssl\-req\fR\|(1) command +directly. The following example shows the steps that would typically be taken. +.PP +Create some \s-1DSA\s0 parameters: +.PP +.Vb 1 +\& openssl dsaparam \-out dsap.pem 1024 +.Ve +.PP +Create a \s-1DSA\s0 \s-1CA\s0 certificate and private key: +.PP +.Vb 1 +\& openssl req \-x509 \-newkey dsa:dsap.pem \-keyout cacert.pem \-out cacert.pem +.Ve +.PP +Create the \s-1CA\s0 directories and files: +.PP +.Vb 1 +\& CA.pl \-newca +.Ve +.PP +enter a filename (for example, \fIcacert.pem\fR) when prompted for the \s-1CA\s0 file +name. +.PP +Create a \s-1DSA\s0 certificate request and private key (a different set of parameters +can optionally be created first): +.PP +.Vb 1 +\& openssl req \-out newreq.pem \-newkey dsa:dsap.pem +.Ve +.PP +Sign the request: +.PP +.Vb 1 +\& CA.pl \-signreq +.Ve +.SH "NOTES" +.IX Header "NOTES" +Most of the filenames mentioned can be modified by editing the \fB\s-1CA\s0.pl\fR script. +.PP +If the demoCA directory already exists then the \fB\-newca\fR command will not +overwrite it and will do nothing. This can happen if a previous call using +the \fB\-newca\fR option terminated abnormally. To get the correct behaviour +delete the demoCA directory if it already exists. +.PP +Under some environments it may not be possible to run the \fB\s-1CA\s0.pl\fR script +directly (for example Win32) and the default configuration file location may +be wrong. In this case the command: +.PP +.Vb 1 +\& perl \-S CA.pl +.Ve +.PP +can be used and the \fB\s-1OPENSSL_CONF\s0\fR environment variable changed to point to +the correct path of the configuration file. +.PP +The script is intended as a simple front end for the \fIopenssl\fR\|(1) program for +use by a beginner. Its behaviour isn't always what is wanted. For more control +over the behaviour of the certificate commands call the \fIopenssl\fR\|(1) command +directly. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIopenssl\-x509\fR\|(1), +\&\fIopenssl\-ca\fR\|(1), +\&\fIopenssl\-req\fR\|(1), +\&\fIopenssl\-pkcs12\fR\|(1), +\&\fIconfig\fR\|(5) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man1/openssl-asn1parse.1 b/linux_amd64/share/man/man1/openssl-asn1parse.1 new file mode 100755 index 0000000..8605a1d --- /dev/null +++ b/linux_amd64/share/man/man1/openssl-asn1parse.1 @@ -0,0 +1,335 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-ASN1PARSE 1" +.TH OPENSSL-ASN1PARSE 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-asn1parse \- ASN.1 parsing tool +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBasn1parse\fR +[\fB\-help\fR] +[\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-in\fR \fIfilename\fR] +[\fB\-out\fR \fIfilename\fR] +[\fB\-noout\fR] +[\fB\-offset\fR \fInumber\fR] +[\fB\-length\fR \fInumber\fR] +[\fB\-i\fR] +[\fB\-oid\fR \fIfilename\fR] +[\fB\-dump\fR] +[\fB\-dlimit\fR \fInum\fR] +[\fB\-strparse\fR \fIoffset\fR] +[\fB\-genstr\fR \fIstring\fR] +[\fB\-genconf\fR \fIfile\fR] +[\fB\-strictpem\fR] +[\fB\-item\fR \fIname\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command is a diagnostic utility that can parse \s-1ASN\s0.1 structures. +It can also be used to extract data from \s-1ASN\s0.1 formatted data. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IX Item "-inform DER|PEM" +The input format; the default is \fB\s-1PEM\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-in\fR \fIfilename\fR" 4 +.IX Item "-in filename" +The input file, default is standard input. +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +Output file to place the \s-1DER\s0 encoded data into. If this +option is not present then no data will be output. This is most useful when +combined with the \fB\-strparse\fR option. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +Don't output the parsed version of the input file. +.IP "\fB\-offset\fR \fInumber\fR" 4 +.IX Item "-offset number" +Starting offset to begin parsing, default is start of file. +.IP "\fB\-length\fR \fInumber\fR" 4 +.IX Item "-length number" +Number of bytes to parse, default is until end of file. +.IP "\fB\-i\fR" 4 +.IX Item "-i" +Indents the output according to the \*(L"depth\*(R" of the structures. +.IP "\fB\-oid\fR \fIfilename\fR" 4 +.IX Item "-oid filename" +A file containing additional \s-1OBJECT\s0 IDENTIFIERs (OIDs). The format of this +file is described in the \s-1NOTES\s0 section below. +.IP "\fB\-dump\fR" 4 +.IX Item "-dump" +Dump unknown data in hex format. +.IP "\fB\-dlimit\fR \fInum\fR" 4 +.IX Item "-dlimit num" +Like \fB\-dump\fR, but only the first \fBnum\fR bytes are output. +.IP "\fB\-strparse\fR \fIoffset\fR" 4 +.IX Item "-strparse offset" +Parse the contents octets of the \s-1ASN\s0.1 object starting at \fBoffset\fR. This +option can be used multiple times to \*(L"drill down\*(R" into a nested structure. +.IP "\fB\-genstr\fR \fIstring\fR, \fB\-genconf\fR \fIfile\fR" 4 +.IX Item "-genstr string, -genconf file" +Generate encoded data based on \fIstring\fR, \fIfile\fR or both using +\&\fIASN1_generate_nconf\fR\|(3) format. If \fIfile\fR only is +present then the string is obtained from the default section using the name +\&\fBasn1\fR. The encoded data is passed through the \s-1ASN1\s0 parser and printed out as +though it came from a file, the contents can thus be examined and written to a +file using the \fB\-out\fR option. +.IP "\fB\-strictpem\fR" 4 +.IX Item "-strictpem" +If this option is used then \fB\-inform\fR will be ignored. Without this option any +data in a \s-1PEM\s0 format input file will be treated as being base64 encoded and +processed whether it has the normal \s-1PEM\s0 \s-1BEGIN\s0 and \s-1END\s0 markers or not. This +option will ignore any data prior to the start of the \s-1BEGIN\s0 marker, or after an +\&\s-1END\s0 marker in a \s-1PEM\s0 file. +.IP "\fB\-item\fR \fIname\fR" 4 +.IX Item "-item name" +Attempt to decode and print the data as an \fB\s-1ASN1_ITEM\s0\fR \fIname\fR. This can be +used to print out the fields of any supported \s-1ASN\s0.1 structure if the type is +known. +.SS "Output" +.IX Subsection "Output" +The output will typically contain lines like this: +.PP +.Vb 1 +\& 0:d=0 hl=4 l= 681 cons: SEQUENCE +.Ve +.PP +\&..... +.PP +.Vb 10 +\& 229:d=3 hl=3 l= 141 prim: BIT STRING +\& 373:d=2 hl=3 l= 162 cons: cont [ 3 ] +\& 376:d=3 hl=3 l= 159 cons: SEQUENCE +\& 379:d=4 hl=2 l= 29 cons: SEQUENCE +\& 381:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier +\& 386:d=5 hl=2 l= 22 prim: OCTET STRING +\& 410:d=4 hl=2 l= 112 cons: SEQUENCE +\& 412:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier +\& 417:d=5 hl=2 l= 105 prim: OCTET STRING +\& 524:d=4 hl=2 l= 12 cons: SEQUENCE +.Ve +.PP +\&..... +.PP +This example is part of a self-signed certificate. Each line starts with the +offset in decimal. \f(CW\*(C`d=XX\*(C'\fR specifies the current depth. The depth is increased +within the scope of any \s-1SET\s0 or \s-1SEQUENCE\s0. \f(CW\*(C`hl=XX\*(C'\fR gives the header length +(tag and length octets) of the current type. \f(CW\*(C`l=XX\*(C'\fR gives the length of +the contents octets. +.PP +The \fB\-i\fR option can be used to make the output more readable. +.PP +Some knowledge of the \s-1ASN\s0.1 structure is needed to interpret the output. +.PP +In this example the \s-1BIT\s0 \s-1STRING\s0 at offset 229 is the certificate public key. +The contents octets of this will contain the public key information. This can +be examined using the option \f(CW\*(C`\-strparse 229\*(C'\fR to yield: +.PP +.Vb 3 +\& 0:d=0 hl=3 l= 137 cons: SEQUENCE +\& 3:d=1 hl=3 l= 129 prim: INTEGER :E5D21E1F5C8D208EA7A2166C7FAF9F6BDF2059669C60876DDB70840F1A5AAFA59699FE471F379F1DD6A487E7D5409AB6A88D4A9746E24B91D8CF55DB3521015460C8EDE44EE8A4189F7A7BE77D6CD3A9AF2696F486855CF58BF0EDF2B4068058C7A947F52548DDF7E15E96B385F86422BEA9064A3EE9E1158A56E4A6F47E5897 +\& 135:d=1 hl=2 l= 3 prim: INTEGER :010001 +.Ve +.SH "NOTES" +.IX Header "NOTES" +If an \s-1OID\s0 is not part of OpenSSL's internal table it will be represented in +numerical form (for example 1.2.3.4). The file passed to the \fB\-oid\fR option +allows additional OIDs to be included. Each line consists of three columns, +the first column is the \s-1OID\s0 in numerical format and should be followed by white +space. The second column is the \*(L"short name\*(R" which is a single word followed +by white space. The final column is the rest of the line and is the +\&\*(L"long name\*(R". Example: +.PP +\&\f(CW\*(C`1.2.3.4 shortName A long name\*(C'\fR +.PP +For any \s-1OID\s0 with an associated short and long name, this command will display +the long name. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Parse a file: +.PP +.Vb 1 +\& openssl asn1parse \-in file.pem +.Ve +.PP +Parse a \s-1DER\s0 file: +.PP +.Vb 1 +\& openssl asn1parse \-inform DER \-in file.der +.Ve +.PP +Generate a simple UTF8String: +.PP +.Vb 1 +\& openssl asn1parse \-genstr \*(AqUTF8:Hello World\*(Aq +.Ve +.PP +Generate and write out a UTF8String, don't print parsed output: +.PP +.Vb 1 +\& openssl asn1parse \-genstr \*(AqUTF8:Hello World\*(Aq \-noout \-out utf8.der +.Ve +.PP +Generate using a config file: +.PP +.Vb 1 +\& openssl asn1parse \-genconf asn1.cnf \-noout \-out asn1.der +.Ve +.PP +Example config file: +.PP +.Vb 1 +\& asn1=SEQUENCE:seq_sect +\& +\& [seq_sect] +\& +\& field1=BOOL:TRUE +\& field2=EXP:0, UTF8:some random string +.Ve +.SH "BUGS" +.IX Header "BUGS" +There should be options to change the format of output lines. The output of some +\&\s-1ASN\s0.1 types is not well handled (if at all). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIASN1_generate_nconf\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man1/openssl-ca.1 b/linux_amd64/share/man/man1/openssl-ca.1 new file mode 100755 index 0000000..9875d67 --- /dev/null +++ b/linux_amd64/share/man/man1/openssl-ca.1 @@ -0,0 +1,837 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-CA 1" +.TH OPENSSL-CA 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-ca \- sample minimal CA application +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBca\fR +[\fB\-help\fR] +[\fB\-verbose\fR] +[\fB\-config\fR \fIfilename\fR] +[\fB\-name\fR \fIsection\fR] +[\fB\-gencrl\fR] +[\fB\-revoke\fR \fIfile\fR] +[\fB\-valid\fR \fIfile\fR] +[\fB\-status\fR \fIserial\fR] +[\fB\-updatedb\fR] +[\fB\-crl_reason\fR \fIreason\fR] +[\fB\-crl_hold\fR \fIinstruction\fR] +[\fB\-crl_compromise\fR \fItime\fR] +[\fB\-crl_CA_compromise\fR \fItime\fR] +[\fB\-crldays\fR \fIdays\fR] +[\fB\-crlhours\fR \fIhours\fR] +[\fB\-crlsec\fR \fIseconds\fR] +[\fB\-crlexts\fR \fIsection\fR] +[\fB\-startdate\fR \fIdate\fR] +[\fB\-enddate\fR \fIdate\fR] +[\fB\-days\fR \fIarg\fR] +[\fB\-md\fR \fIarg\fR] +[\fB\-policy\fR \fIarg\fR] +[\fB\-keyfile\fR \fIarg\fR] +[\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-key\fR \fIarg\fR] +[\fB\-passin\fR \fIarg\fR] +[\fB\-cert\fR \fIfile\fR] +[\fB\-selfsign\fR] +[\fB\-in\fR \fIfile\fR] +[\fB\-out\fR \fIfile\fR] +[\fB\-notext\fR] +[\fB\-outdir\fR \fIdir\fR] +[\fB\-infiles\fR] +[\fB\-spkac\fR \fIfile\fR] +[\fB\-ss_cert\fR \fIfile\fR] +[\fB\-preserveDN\fR] +[\fB\-noemailDN\fR] +[\fB\-batch\fR] +[\fB\-msie_hack\fR] +[\fB\-extensions\fR \fIsection\fR] +[\fB\-extfile\fR \fIsection\fR] +[\fB\-subj\fR \fIarg\fR] +[\fB\-utf8\fR] +[\fB\-sigopt\fR \fInm\fR:\fIv\fR] +[\fB\-create_serial\fR] +[\fB\-rand_serial\fR] +[\fB\-multivalue\-rdn\fR] +[\fB\-sm2\-id\fR \fIstring\fR] +[\fB\-sm2\-hex\-id\fR \fIhex-string\fR] +[\fB\-rand\fR \fIfiles\fR] +[\fB\-writerand\fR \fIfile\fR] +[\fB\-engine\fR \fIid\fR] +[\fIcertreq\fR...] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command is a minimal \s-1CA\s0 application. It can be used +to sign certificate requests in a variety of forms and generate +CRLs. It also maintains a text database of issued certificates +and their status. +When signing certificates, a single certificate request can be specified +with the \fB\-in\fR option, or multiple requests can be processed by +specifying a set of \fBcertreq\fR files after all options. +.PP +The options descriptions will be divided into each purpose. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-verbose\fR" 4 +.IX Item "-verbose" +This prints extra details about the operations being performed. +.IP "\fB\-config\fR \fIfilename\fR" 4 +.IX Item "-config filename" +Specifies the configuration file to use. +Optional; for a description of the default value, +see \*(L"\s-1COMMAND\s0 \s-1SUMMARY\s0\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-name\fR \fIsection\fR" 4 +.IX Item "-name section" +Specifies the configuration file section to use (overrides +\&\fBdefault_ca\fR in the \fBca\fR section). +.IP "\fB\-in\fR \fIfilename\fR" 4 +.IX Item "-in filename" +An input filename containing a single certificate request to be +signed by the \s-1CA\s0. +.IP "\fB\-ss_cert\fR \fIfilename\fR" 4 +.IX Item "-ss_cert filename" +A single self-signed certificate to be signed by the \s-1CA\s0. +.IP "\fB\-spkac\fR \fIfilename\fR" 4 +.IX Item "-spkac filename" +A file containing a single Netscape signed public key and challenge +and additional field values to be signed by the \s-1CA\s0. See the \fB\s-1SPKAC\s0 \s-1FORMAT\s0\fR +section for information on the required input and output format. +.IP "\fB\-infiles\fR" 4 +.IX Item "-infiles" +If present this should be the last option, all subsequent arguments +are taken as the names of files containing certificate requests. +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +The output file to output certificates to. The default is standard +output. The certificate details will also be printed out to this +file in \s-1PEM\s0 format (except that \fB\-spkac\fR outputs \s-1DER\s0 format). +.IP "\fB\-outdir\fR \fIdirectory\fR" 4 +.IX Item "-outdir directory" +The directory to output certificates to. The certificate will be +written to a filename consisting of the serial number in hex with +\&\fI.pem\fR appended. +.IP "\fB\-cert\fR" 4 +.IX Item "-cert" +The \s-1CA\s0 certificate file. +.IP "\fB\-keyfile\fR \fIfilename\fR" 4 +.IX Item "-keyfile filename" +The private key to sign requests with. +.IP "\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IX Item "-keyform DER|PEM" +The format of the private key file; the default is \fB\s-1PEM\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-sigopt\fR \fInm\fR:\fIv\fR" 4 +.IX Item "-sigopt nm:v" +Pass options to the signature algorithm during sign or verify operations. +Names and values of these options are algorithm-specific. +.IP "\fB\-key\fR \fIpassword\fR" 4 +.IX Item "-key password" +The password used to encrypt the private key. Since on some +systems the command line arguments are visible (e.g. Unix with +the \fIps\fR\|(1) utility) this option should be used with caution. +.IP "\fB\-selfsign\fR" 4 +.IX Item "-selfsign" +Indicates the issued certificates are to be signed with the key +the certificate requests were signed with (given with \fB\-keyfile\fR). +Certificate requests signed with a different key are ignored. If +\&\fB\-spkac\fR, \fB\-ss_cert\fR or \fB\-gencrl\fR are given, \fB\-selfsign\fR is +ignored. +.Sp +A consequence of using \fB\-selfsign\fR is that the self-signed +certificate appears among the entries in the certificate database +(see the configuration option \fBdatabase\fR), and uses the same +serial number counter as all other certificates sign with the +self-signed certificate. +.IP "\fB\-passin\fR \fIarg\fR" 4 +.IX Item "-passin arg" +The key password source. For more information about the format of \fBarg\fR +see \*(L"Pass Phrase Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-notext\fR" 4 +.IX Item "-notext" +Don't output the text form of a certificate to the output file. +.IP "\fB\-startdate\fR \fIdate\fR" 4 +.IX Item "-startdate date" +This allows the start date to be explicitly set. The format of the +date is \s-1YYMMDDHHMMSSZ\s0 (the same as an \s-1ASN1\s0 UTCTime structure), or +\&\s-1YYYYMMDDHHMMSSZ\s0 (the same as an \s-1ASN1\s0 GeneralizedTime structure). In +both formats, seconds \s-1SS\s0 and timezone Z must be present. +.IP "\fB\-enddate\fR \fIdate\fR" 4 +.IX Item "-enddate date" +This allows the expiry date to be explicitly set. The format of the +date is \s-1YYMMDDHHMMSSZ\s0 (the same as an \s-1ASN1\s0 UTCTime structure), or +\&\s-1YYYYMMDDHHMMSSZ\s0 (the same as an \s-1ASN1\s0 GeneralizedTime structure). In +both formats, seconds \s-1SS\s0 and timezone Z must be present. +.IP "\fB\-days\fR \fIarg\fR" 4 +.IX Item "-days arg" +The number of days to certify the certificate for. +.IP "\fB\-md\fR \fIalg\fR" 4 +.IX Item "-md alg" +The message digest to use. +Any digest supported by the \fIopenssl\-dgst\fR\|(1) command can be used. For signing +algorithms that do not support a digest (i.e. Ed25519 and Ed448) any message +digest that is set is ignored. This option also applies to CRLs. +.IP "\fB\-policy\fR \fIarg\fR" 4 +.IX Item "-policy arg" +This option defines the \s-1CA\s0 \*(L"policy\*(R" to use. This is a section in +the configuration file which decides which fields should be mandatory +or match the \s-1CA\s0 certificate. Check out the \fB\s-1POLICY\s0 \s-1FORMAT\s0\fR section +for more information. +.IP "\fB\-msie_hack\fR" 4 +.IX Item "-msie_hack" +This is a deprecated option to make this command work with very old versions +of the \s-1IE\s0 certificate enrollment control \*(L"certenr3\*(R". It used UniversalStrings +for almost everything. Since the old control has various security bugs +its use is strongly discouraged. +.IP "\fB\-preserveDN\fR" 4 +.IX Item "-preserveDN" +Normally the \s-1DN\s0 order of a certificate is the same as the order of the +fields in the relevant policy section. When this option is set the order +is the same as the request. This is largely for compatibility with the +older \s-1IE\s0 enrollment control which would only accept certificates if their +DNs match the order of the request. This is not needed for Xenroll. +.IP "\fB\-noemailDN\fR" 4 +.IX Item "-noemailDN" +The \s-1DN\s0 of a certificate can contain the \s-1EMAIL\s0 field if present in the +request \s-1DN\s0, however it is good policy just having the e\-mail set into +the altName extension of the certificate. When this option is set the +\&\s-1EMAIL\s0 field is removed from the certificate' subject and set only in +the, eventually present, extensions. The \fBemail_in_dn\fR keyword can be +used in the configuration file to enable this behaviour. +.IP "\fB\-batch\fR" 4 +.IX Item "-batch" +This sets the batch mode. In this mode no questions will be asked +and all certificates will be certified automatically. +.IP "\fB\-extensions\fR \fIsection\fR" 4 +.IX Item "-extensions section" +The section of the configuration file containing certificate extensions +to be added when a certificate is issued (defaults to \fBx509_extensions\fR +unless the \fB\-extfile\fR option is used). If no extension section is +present then, a V1 certificate is created. If the extension section +is present (even if it is empty), then a V3 certificate is created. See the +\&\fIx509v3_config\fR\|(5) manual page for details of the +extension section format. +.IP "\fB\-extfile\fR \fIfile\fR" 4 +.IX Item "-extfile file" +An additional configuration file to read certificate extensions from +(using the default section unless the \fB\-extensions\fR option is also +used). +.IP "\fB\-subj\fR \fIarg\fR" 4 +.IX Item "-subj arg" +Supersedes subject name given in the request. +The arg must be formatted as \f(CW\*(C`/type0=value0/type1=value1/type2=...\*(C'\fR. +Keyword characters may be escaped by \f(CW\*(C`\e\*(C'\fR (backslash), and whitespace is +retained. +Empty values are permitted, but the corresponding type will not be included +in the resulting certificate. +.IP "\fB\-utf8\fR" 4 +.IX Item "-utf8" +This option causes field values to be interpreted as \s-1UTF8\s0 strings, by +default they are interpreted as \s-1ASCII\s0. This means that the field +values, whether prompted from a terminal or obtained from a +configuration file, must be valid \s-1UTF8\s0 strings. +.IP "\fB\-create_serial\fR" 4 +.IX Item "-create_serial" +If reading serial from the text file as specified in the configuration +fails, specifying this option creates a new random serial to be used as next +serial number. +To get random serial numbers, use the \fB\-rand_serial\fR flag instead; this +should only be used for simple error-recovery. +.IP "\fB\-rand_serial\fR" 4 +.IX Item "-rand_serial" +Generate a large random number to use as the serial number. +This overrides any option or configuration to use a serial number file. +.IP "\fB\-multivalue\-rdn\fR" 4 +.IX Item "-multivalue-rdn" +This option causes the \-subj argument to be interpreted with full +support for multivalued RDNs. Example: +.Sp +\&\f(CW\*(C`/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe\*(C'\fR +.Sp +If \fB\-multi\-rdn\fR is not used then the \s-1UID\s0 value is \f(CW\*(C`123456+CN=John Doe\*(C'\fR. +.IP "\fB\-sm2\-id\fR \fIstring\fR" 4 +.IX Item "-sm2-id string" +Specify the \s-1ID\s0 string to use when verifying an \s-1SM2\s0 certificate. The \s-1ID\s0 string is +required by the \s-1SM2\s0 signature algorithm for signing and verification. +.IP "\fB\-sm2\-hex\-id\fR \fIhex-string\fR" 4 +.IX Item "-sm2-hex-id hex-string" +Specify a binary \s-1ID\s0 string to use when signing or verifying using an \s-1SM2\s0 +certificate. The argument for this option is string of hexadecimal digits. +.IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 +.IX Item "-rand files, -writerand file" +See \*(L"Random State Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +See \*(L"Engine Options\*(R" in \fIopenssl\fR\|(1). +.SH "CRL OPTIONS" +.IX Header "CRL OPTIONS" +.IP "\fB\-gencrl\fR" 4 +.IX Item "-gencrl" +This option generates a \s-1CRL\s0 based on information in the index file. +.IP "\fB\-crldays\fR \fInum\fR" 4 +.IX Item "-crldays num" +The number of days before the next \s-1CRL\s0 is due. That is the days from +now to place in the \s-1CRL\s0 nextUpdate field. +.IP "\fB\-crlhours\fR \fInum\fR" 4 +.IX Item "-crlhours num" +The number of hours before the next \s-1CRL\s0 is due. +.IP "\fB\-crlsec\fR \fInum\fR" 4 +.IX Item "-crlsec num" +The number of seconds before the next \s-1CRL\s0 is due. +.IP "\fB\-revoke\fR \fIfilename\fR" 4 +.IX Item "-revoke filename" +A filename containing a certificate to revoke. +.IP "\fB\-valid\fR \fIfilename\fR" 4 +.IX Item "-valid filename" +A filename containing a certificate to add a Valid certificate entry. +.IP "\fB\-status\fR \fIserial\fR" 4 +.IX Item "-status serial" +Displays the revocation status of the certificate with the specified +serial number and exits. +.IP "\fB\-updatedb\fR" 4 +.IX Item "-updatedb" +Updates the database index to purge expired certificates. +.IP "\fB\-crl_reason\fR \fIreason\fR" 4 +.IX Item "-crl_reason reason" +Revocation reason, where \fIreason\fR is one of: \fBunspecified\fR, \fBkeyCompromise\fR, +\&\fBCACompromise\fR, \fBaffiliationChanged\fR, \fBsuperseded\fR, \fBcessationOfOperation\fR, +\&\fBcertificateHold\fR or \fBremoveFromCRL\fR. The matching of \fIreason\fR is case +insensitive. Setting any revocation reason will make the \s-1CRL\s0 v2. +.Sp +In practice \fBremoveFromCRL\fR is not particularly useful because it is only used +in delta CRLs which are not currently implemented. +.IP "\fB\-crl_hold\fR \fIinstruction\fR" 4 +.IX Item "-crl_hold instruction" +This sets the \s-1CRL\s0 revocation reason code to \fBcertificateHold\fR and the hold +instruction to \fIinstruction\fR which must be an \s-1OID\s0. Although any \s-1OID\s0 can be +used only \fBholdInstructionNone\fR (the use of which is discouraged by \s-1RFC2459\s0) +\&\fBholdInstructionCallIssuer\fR or \fBholdInstructionReject\fR will normally be used. +.IP "\fB\-crl_compromise\fR \fItime\fR" 4 +.IX Item "-crl_compromise time" +This sets the revocation reason to \fBkeyCompromise\fR and the compromise time to +\&\fItime\fR. \fItime\fR should be in GeneralizedTime format that is \fI\s-1YYYYMMDDHHMMSSZ\s0\fR. +.IP "\fB\-crl_CA_compromise\fR \fItime\fR" 4 +.IX Item "-crl_CA_compromise time" +This is the same as \fBcrl_compromise\fR except the revocation reason is set to +\&\fBCACompromise\fR. +.IP "\fB\-crlexts\fR \fIsection\fR" 4 +.IX Item "-crlexts section" +The section of the configuration file containing \s-1CRL\s0 extensions to +include. If no \s-1CRL\s0 extension section is present then a V1 \s-1CRL\s0 is +created, if the \s-1CRL\s0 extension section is present (even if it is +empty) then a V2 \s-1CRL\s0 is created. The \s-1CRL\s0 extensions specified are +\&\s-1CRL\s0 extensions and \fBnot\fR \s-1CRL\s0 entry extensions. It should be noted +that some software (for example Netscape) can't handle V2 CRLs. See +\&\fIx509v3_config\fR\|(5) manual page for details of the +extension section format. +.SH "CONFIGURATION FILE OPTIONS" +.IX Header "CONFIGURATION FILE OPTIONS" +The section of the configuration file containing options for this command +is found as follows: If the \fB\-name\fR command line option is used, +then it names the section to be used. Otherwise the section to +be used must be named in the \fBdefault_ca\fR option of the \fBca\fR section +of the configuration file (or in the default section of the +configuration file). Besides \fBdefault_ca\fR, the following options are +read directly from the \fBca\fR section: + \s-1RANDFILE\s0 + preserve + msie_hack +With the exception of \fB\s-1RANDFILE\s0\fR, this is probably a bug and may +change in future releases. +.PP +Many of the configuration file options are identical to command line +options. Where the option is present in the configuration file +and the command line the command line value is used. Where an +option is described as mandatory then it must be present in +the configuration file or the command line equivalent (if +any) used. +.IP "\fBoid_file\fR" 4 +.IX Item "oid_file" +This specifies a file containing additional \fB\s-1OBJECT\s0 \s-1IDENTIFIERS\s0\fR. +Each line of the file should consist of the numerical form of the +object identifier followed by white space then the short name followed +by white space and finally the long name. +.IP "\fBoid_section\fR" 4 +.IX Item "oid_section" +This specifies a section in the configuration file containing extra +object identifiers. Each line should consist of the short name of the +object identifier followed by \fB=\fR and the numerical form. The short +and long names are the same when this option is used. +.IP "\fBnew_certs_dir\fR" 4 +.IX Item "new_certs_dir" +The same as the \fB\-outdir\fR command line option. It specifies +the directory where new certificates will be placed. Mandatory. +.IP "\fBcertificate\fR" 4 +.IX Item "certificate" +The same as \fB\-cert\fR. It gives the file containing the \s-1CA\s0 +certificate. Mandatory. +.IP "\fBprivate_key\fR" 4 +.IX Item "private_key" +Same as the \fB\-keyfile\fR option. The file containing the +\&\s-1CA\s0 private key. Mandatory. +.IP "\fB\s-1RANDFILE\s0\fR" 4 +.IX Item "RANDFILE" +At startup the specified file is loaded into the random number generator, +and at exit 256 bytes will be written to it. (Note: Using a \s-1RANDFILE\s0 is +not necessary anymore, see the \*(L"\s-1HISTORY\s0\*(R" section. +.IP "\fBdefault_days\fR" 4 +.IX Item "default_days" +The same as the \fB\-days\fR option. The number of days to certify +a certificate for. +.IP "\fBdefault_startdate\fR" 4 +.IX Item "default_startdate" +The same as the \fB\-startdate\fR option. The start date to certify +a certificate for. If not set the current time is used. +.IP "\fBdefault_enddate\fR" 4 +.IX Item "default_enddate" +The same as the \fB\-enddate\fR option. Either this option or +\&\fBdefault_days\fR (or the command line equivalents) must be +present. +.IP "\fBdefault_crl_hours default_crl_days\fR" 4 +.IX Item "default_crl_hours default_crl_days" +The same as the \fB\-crlhours\fR and the \fB\-crldays\fR options. These +will only be used if neither command line option is present. At +least one of these must be present to generate a \s-1CRL\s0. +.IP "\fBdefault_md\fR" 4 +.IX Item "default_md" +The same as the \fB\-md\fR option. Mandatory except where the signing algorithm does +not require a digest (i.e. Ed25519 and Ed448). +.IP "\fBdatabase\fR" 4 +.IX Item "database" +The text database file to use. Mandatory. This file must be present +though initially it will be empty. +.IP "\fBunique_subject\fR" 4 +.IX Item "unique_subject" +If the value \fByes\fR is given, the valid certificate entries in the +database must have unique subjects. if the value \fBno\fR is given, +several valid certificate entries may have the exact same subject. +The default value is \fByes\fR, to be compatible with older (pre 0.9.8) +versions of OpenSSL. However, to make \s-1CA\s0 certificate roll-over easier, +it's recommended to use the value \fBno\fR, especially if combined with +the \fB\-selfsign\fR command line option. +.Sp +Note that it is valid in some circumstances for certificates to be created +without any subject. In the case where there are multiple certificates without +subjects this does not count as a duplicate. +.IP "\fBserial\fR" 4 +.IX Item "serial" +A text file containing the next serial number to use in hex. Mandatory. +This file must be present and contain a valid serial number. +.IP "\fBcrlnumber\fR" 4 +.IX Item "crlnumber" +A text file containing the next \s-1CRL\s0 number to use in hex. The crl number +will be inserted in the CRLs only if this file exists. If this file is +present, it must contain a valid \s-1CRL\s0 number. +.IP "\fBx509_extensions\fR" 4 +.IX Item "x509_extensions" +The same as \fB\-extensions\fR. +.IP "\fBcrl_extensions\fR" 4 +.IX Item "crl_extensions" +The same as \fB\-crlexts\fR. +.IP "\fBpreserve\fR" 4 +.IX Item "preserve" +The same as \fB\-preserveDN\fR +.IP "\fBemail_in_dn\fR" 4 +.IX Item "email_in_dn" +The same as \fB\-noemailDN\fR. If you want the \s-1EMAIL\s0 field to be removed +from the \s-1DN\s0 of the certificate simply set this to 'no'. If not present +the default is to allow for the \s-1EMAIL\s0 filed in the certificate's \s-1DN\s0. +.IP "\fBmsie_hack\fR" 4 +.IX Item "msie_hack" +The same as \fB\-msie_hack\fR +.IP "\fBpolicy\fR" 4 +.IX Item "policy" +The same as \fB\-policy\fR. Mandatory. See the \fB\s-1POLICY\s0 \s-1FORMAT\s0\fR section +for more information. +.IP "\fBname_opt\fR, \fBcert_opt\fR" 4 +.IX Item "name_opt, cert_opt" +These options allow the format used to display the certificate details +when asking the user to confirm signing. All the options supported by +the \fBx509\fR utilities \fB\-nameopt\fR and \fB\-certopt\fR switches can be used +here, except the \fBno_signame\fR and \fBno_sigdump\fR are permanently set +and cannot be disabled (this is because the certificate signature cannot +be displayed because the certificate has not been signed at this point). +.Sp +For convenience the values \fBca_default\fR are accepted by both to produce +a reasonable output. +.Sp +If neither option is present the format used in earlier versions of +OpenSSL is used. Use of the old format is \fBstrongly\fR discouraged because +it only displays fields mentioned in the \fBpolicy\fR section, mishandles +multicharacter string types and does not display extensions. +.IP "\fBcopy_extensions\fR" 4 +.IX Item "copy_extensions" +Determines how extensions in certificate requests should be handled. +If set to \fBnone\fR or this option is not present then extensions are +ignored and not copied to the certificate. If set to \fBcopy\fR then any +extensions present in the request that are not already present are copied +to the certificate. If set to \fBcopyall\fR then all extensions in the +request are copied to the certificate: if the extension is already present +in the certificate it is deleted first. See the \fB\s-1WARNINGS\s0\fR section before +using this option. +.Sp +The main use of this option is to allow a certificate request to supply +values for certain extensions such as subjectAltName. +.SH "POLICY FORMAT" +.IX Header "POLICY FORMAT" +The policy section consists of a set of variables corresponding to +certificate \s-1DN\s0 fields. If the value is \*(L"match\*(R" then the field value +must match the same field in the \s-1CA\s0 certificate. If the value is +\&\*(L"supplied\*(R" then it must be present. If the value is \*(L"optional\*(R" then +it may be present. Any fields not mentioned in the policy section +are silently deleted, unless the \fB\-preserveDN\fR option is set but +this can be regarded more of a quirk than intended behaviour. +.SH "SPKAC FORMAT" +.IX Header "SPKAC FORMAT" +The input to the \fB\-spkac\fR command line option is a Netscape +signed public key and challenge. This will usually come from +the \fB\s-1KEYGEN\s0\fR tag in an \s-1HTML\s0 form to create a new private key. +It is however possible to create SPKACs using \fIopenssl\-spkac\fR\|(1). +.PP +The file should contain the variable \s-1SPKAC\s0 set to the value of +the \s-1SPKAC\s0 and also the required \s-1DN\s0 components as name value pairs. +If you need to include the same component twice then it can be +preceded by a number and a '.'. +.PP +When processing \s-1SPKAC\s0 format, the output is \s-1DER\s0 if the \fB\-out\fR +flag is used, but \s-1PEM\s0 format if sending to stdout or the \fB\-outdir\fR +flag is used. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Note: these examples assume that the directory structure this command +assumes is already set up and the relevant files already exist. This +usually involves creating a \s-1CA\s0 certificate and private key with +\&\fIopenssl\-req\fR\|(1), a serial number file and an empty index file and +placing them in the relevant directories. +.PP +To use the sample configuration file below the directories \fIdemoCA\fR, +\&\fIdemoCA/private\fR and \fIdemoCA/newcerts\fR would be created. The \s-1CA\s0 +certificate would be copied to \fIdemoCA/cacert.pem\fR and its private +key to \fIdemoCA/private/cakey.pem\fR. A file \fIdemoCA/serial\fR would be +created containing for example \*(L"01\*(R" and the empty index file +\&\fIdemoCA/index.txt\fR. +.PP +Sign a certificate request: +.PP +.Vb 1 +\& openssl ca \-in req.pem \-out newcert.pem +.Ve +.PP +Sign an \s-1SM2\s0 certificate request: +.PP +.Vb 1 +\& openssl ca \-in sm2.csr \-out sm2.crt \-md sm3 \-sigopt "sm2_id:1234567812345678" \-sm2\-id "1234567812345678" +.Ve +.PP +Sign a certificate request, using \s-1CA\s0 extensions: +.PP +.Vb 1 +\& openssl ca \-in req.pem \-extensions v3_ca \-out newcert.pem +.Ve +.PP +Generate a \s-1CRL\s0 +.PP +.Vb 1 +\& openssl ca \-gencrl \-out crl.pem +.Ve +.PP +Sign several requests: +.PP +.Vb 1 +\& openssl ca \-infiles req1.pem req2.pem req3.pem +.Ve +.PP +Certify a Netscape \s-1SPKAC:\s0 +.PP +.Vb 1 +\& openssl ca \-spkac spkac.txt +.Ve +.PP +A sample \s-1SPKAC\s0 file (the \s-1SPKAC\s0 line has been truncated for clarity): +.PP +.Vb 5 +\& SPKAC=MIG0MGAwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAn7PDhCeV/xIxUg8V70YRxK2A5 +\& CN=Steve Test +\& emailAddress=steve@openssl.org +\& 0.OU=OpenSSL Group +\& 1.OU=Another Group +.Ve +.PP +A sample configuration file with the relevant sections for this command: +.PP +.Vb 2 +\& [ ca ] +\& default_ca = CA_default # The default ca section +\& +\& [ CA_default ] +\& +\& dir = ./demoCA # top dir +\& database = $dir/index.txt # index file. +\& new_certs_dir = $dir/newcerts # new certs dir +\& +\& certificate = $dir/cacert.pem # The CA cert +\& serial = $dir/serial # serial no file +\& #rand_serial = yes # for random serial#\*(Aqs +\& private_key = $dir/private/cakey.pem# CA private key +\& +\& default_days = 365 # how long to certify for +\& default_crl_days= 30 # how long before next CRL +\& default_md = md5 # md to use +\& +\& policy = policy_any # default policy +\& email_in_dn = no # Don\*(Aqt add the email into cert DN +\& +\& name_opt = ca_default # Subject name display option +\& cert_opt = ca_default # Certificate display option +\& copy_extensions = none # Don\*(Aqt copy extensions from request +\& +\& [ policy_any ] +\& countryName = supplied +\& stateOrProvinceName = optional +\& organizationName = optional +\& organizationalUnitName = optional +\& commonName = supplied +\& emailAddress = optional +.Ve +.SH "FILES" +.IX Header "FILES" +Note: the location of all files can change either by compile time options, +configuration file entries, environment variables or command line options. +The values below reflect the default values. +.PP +.Vb 9 +\& /usr/local/ssl/lib/openssl.cnf \- master configuration file +\& ./demoCA \- main CA directory +\& ./demoCA/cacert.pem \- CA certificate +\& ./demoCA/private/cakey.pem \- CA private key +\& ./demoCA/serial \- CA serial number file +\& ./demoCA/serial.old \- CA serial number backup file +\& ./demoCA/index.txt \- CA text database file +\& ./demoCA/index.txt.old \- CA text database backup file +\& ./demoCA/certs \- certificate output file +.Ve +.SH "RESTRICTIONS" +.IX Header "RESTRICTIONS" +The text database index file is a critical part of the process and +if corrupted it can be difficult to fix. It is theoretically possible +to rebuild the index file from all the issued certificates and a current +\&\s-1CRL:\s0 however there is no option to do this. +.PP +V2 \s-1CRL\s0 features like delta CRLs are not currently supported. +.PP +Although several requests can be input and handled at once it is only +possible to include one \s-1SPKAC\s0 or self-signed certificate. +.SH "BUGS" +.IX Header "BUGS" +The use of an in-memory text database can cause problems when large +numbers of certificates are present because, as the name implies +the database has to be kept in memory. +.PP +This command really needs rewriting or the required functionality +exposed at either a command or interface level so a more friendly utility +(perl script or \s-1GUI\s0) can handle things properly. The script +\&\fB\s-1CA\s0.pl\fR helps a little but not very much. +.PP +Any fields in a request that are not present in a policy are silently +deleted. This does not happen if the \fB\-preserveDN\fR option is used. To +enforce the absence of the \s-1EMAIL\s0 field within the \s-1DN\s0, as suggested by +RFCs, regardless the contents of the request' subject the \fB\-noemailDN\fR +option can be used. The behaviour should be more friendly and +configurable. +.PP +Canceling some commands by refusing to certify a certificate can +create an empty file. +.SH "WARNINGS" +.IX Header "WARNINGS" +This command is quirky and at times downright unfriendly. +.PP +This command was originally meant as an example of how to do +things in a \s-1CA\s0. It was not supposed to be used as a full blown \s-1CA\s0 itself: +nevertheless some people are using it for this purpose. +.PP +This command command is effectively a single user command: no locking +is done on the various files and attempts to run more than one \fBopenssl ca\fR +command on the same database can have unpredictable results. +.PP +The \fBcopy_extensions\fR option should be used with caution. If care is +not taken then it can be a security risk. For example if a certificate +request contains a basicConstraints extension with \s-1CA:TRUE\s0 and the +\&\fBcopy_extensions\fR value is set to \fBcopyall\fR and the user does not spot +this when the certificate is displayed then this will hand the requester +a valid \s-1CA\s0 certificate. +.PP +This situation can be avoided by setting \fBcopy_extensions\fR to \fBcopy\fR +and including basicConstraints with \s-1CA:FALSE\s0 in the configuration file. +Then if the request contains a basicConstraints extension it will be +ignored. +.PP +It is advisable to also include values for other extensions such +as \fBkeyUsage\fR to prevent a request supplying its own values. +.PP +Additional restrictions can be placed on the \s-1CA\s0 certificate itself. +For example if the \s-1CA\s0 certificate has: +.PP +.Vb 1 +\& basicConstraints = CA:TRUE, pathlen:0 +.Ve +.PP +then even if a certificate is issued with \s-1CA:TRUE\s0 it will not be valid. +.SH "HISTORY" +.IX Header "HISTORY" +Since OpenSSL 1.1.1, the program follows \s-1RFC5280\s0. Specifically, +certificate validity period (specified by any of \fB\-startdate\fR, +\&\fB\-enddate\fR and \fB\-days\fR) will be encoded as UTCTime if the dates are +earlier than year 2049 (included), and as GeneralizedTime if the dates +are in year 2050 or later. +.PP +OpenSSL 1.1.1 introduced a new random generator (\s-1CSPRNG\s0) with an improved +seeding mechanism. The new seeding mechanism makes it unnecessary to +define a \s-1RANDFILE\s0 for saving and restoring randomness. This option is +retained mainly for compatibility reasons. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIopenssl\-req\fR\|(1), +\&\fIopenssl\-spkac\fR\|(1), +\&\fIopenssl\-x509\fR\|(1), +\&\s-1\fICA\s0.pl\fR\|(1), +\&\fIconfig\fR\|(5), +\&\fIx509v3_config\fR\|(5) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man1/openssl-ciphers.1 b/linux_amd64/share/man/man1/openssl-ciphers.1 new file mode 100755 index 0000000..0bec55a --- /dev/null +++ b/linux_amd64/share/man/man1/openssl-ciphers.1 @@ -0,0 +1,863 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-CIPHERS 1" +.TH OPENSSL-CIPHERS 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-ciphers \- SSL cipher display and cipher list tool +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBciphers\fR +[\fB\-help\fR] +[\fB\-s\fR] +[\fB\-v\fR] +[\fB\-V\fR] +[\fB\-ssl3\fR] +[\fB\-tls1\fR] +[\fB\-tls1_1\fR] +[\fB\-tls1_2\fR] +[\fB\-tls1_3\fR] +[\fB\-s\fR] +[\fB\-psk\fR] +[\fB\-srp\fR] +[\fB\-stdname\fR] +[\fB\-convert\fR \fIname\fR] +[\fB\-ciphersuites\fR \fIval\fR] +[\fIcipherlist\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command converts textual OpenSSL cipher lists into +ordered \s-1SSL\s0 cipher preference lists. It can be used as a test tool to +determine the appropriate cipherlist. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print a usage message. +.IP "\fB\-s\fR" 4 +.IX Item "-s" +Only list supported ciphers: those consistent with the security level, and +minimum and maximum protocol version. This is closer to the actual cipher list +an application will support. +.Sp +\&\s-1PSK\s0 and \s-1SRP\s0 ciphers are not enabled by default: they require \fB\-psk\fR or \fB\-srp\fR +to enable them. +.Sp +It also does not change the default list of supported signature algorithms. +.Sp +On a server the list of supported ciphers might also exclude other ciphers +depending on the configured certificates and presence of \s-1DH\s0 parameters. +.Sp +If this option is not used then all ciphers that match the cipherlist will be +listed. +.IP "\fB\-psk\fR" 4 +.IX Item "-psk" +When combined with \fB\-s\fR includes cipher suites which require \s-1PSK\s0. +.IP "\fB\-srp\fR" 4 +.IX Item "-srp" +When combined with \fB\-s\fR includes cipher suites which require \s-1SRP\s0. +.IP "\fB\-v\fR" 4 +.IX Item "-v" +Verbose output: For each cipher suite, list details as provided by +\&\fISSL_CIPHER_description\fR\|(3). +.IP "\fB\-V\fR" 4 +.IX Item "-V" +Like \fB\-v\fR, but include the official cipher suite values in hex. +.IP "\fB\-tls1_3\fR, \fB\-tls1_2\fR, \fB\-tls1_1\fR, \fB\-tls1\fR, \fB\-ssl3\fR" 4 +.IX Item "-tls1_3, -tls1_2, -tls1_1, -tls1, -ssl3" +In combination with the \fB\-s\fR option, list the ciphers which could be used if +the specified protocol were negotiated. +Note that not all protocols and flags may be available, depending on how +OpenSSL was built. +.IP "\fB\-stdname\fR" 4 +.IX Item "-stdname" +Precede each cipher suite by its standard name. +.IP "\fB\-convert\fR \fIname\fR" 4 +.IX Item "-convert name" +Convert a standard cipher \fIname\fR to its OpenSSL name. +.IP "\fB\-ciphersuites\fR \fIval\fR" 4 +.IX Item "-ciphersuites val" +Sets the list of TLSv1.3 ciphersuites. This list will be combined with any +TLSv1.2 and below ciphersuites that have been configured. The format for this +list is a simple colon (\*(L":\*(R") separated list of TLSv1.3 ciphersuite names. By +default this value is: +.Sp +.Vb 1 +\& TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 +.Ve +.IP "\fBcipherlist\fR" 4 +.IX Item "cipherlist" +A cipher list of TLSv1.2 and below ciphersuites to convert to a cipher +preference list. This list will be combined with any TLSv1.3 ciphersuites that +have been configured. If it is not included then the default cipher list will be +used. The format is described below. +.SH "CIPHER LIST FORMAT" +.IX Header "CIPHER LIST FORMAT" +The cipher list consists of one or more \fIcipher strings\fR separated by colons. +Commas or spaces are also acceptable separators but colons are normally used. +.PP +The actual cipher string can take several different forms. +.PP +It can consist of a single cipher suite such as \fB\s-1RC4\-SHA\s0\fR. +.PP +It can represent a list of cipher suites containing a certain algorithm, or +cipher suites of a certain type. For example \fB\s-1SHA1\s0\fR represents all ciphers +suites using the digest algorithm \s-1SHA1\s0 and \fBSSLv3\fR represents all \s-1SSL\s0 v3 +algorithms. +.PP +Lists of cipher suites can be combined in a single cipher string using the +\&\fB+\fR character. This is used as a logical \fBand\fR operation. For example +\&\fB\s-1SHA1+DES\s0\fR represents all cipher suites containing the \s-1SHA1\s0 \fBand\fR the \s-1DES\s0 +algorithms. +.PP +Each cipher string can be optionally preceded by the characters \fB!\fR, +\&\fB\-\fR or \fB+\fR. +.PP +If \fB!\fR is used then the ciphers are permanently deleted from the list. +The ciphers deleted can never reappear in the list even if they are +explicitly stated. +.PP +If \fB\-\fR is used then the ciphers are deleted from the list, but some or +all of the ciphers can be added again by later options. +.PP +If \fB+\fR is used then the ciphers are moved to the end of the list. This +option doesn't add any new ciphers it just moves matching existing ones. +.PP +If none of these characters is present then the string is just interpreted +as a list of ciphers to be appended to the current preference list. If the +list includes any ciphers already present they will be ignored: that is they +will not moved to the end of the list. +.PP +The cipher string \fB\f(CB@STRENGTH\fB\fR can be used at any point to sort the current +cipher list in order of encryption algorithm key length. +.PP +The cipher string \fB\f(CB@SECLEVEL\fB\fR=\fIn\fR can be used at any point to set the security +level to \fIn\fR, which should be a number between zero and five, inclusive. +See \fISSL_CTX_set_security_level\fR\|(3) for a description of what each level means. +.PP +The cipher list can be prefixed with the \fB\s-1DEFAULT\s0\fR keyword, which enables +the default cipher list as defined below. Unlike cipher strings, +this prefix may not be combined with other strings using \fB+\fR character. +For example, \fB\s-1DEFAULT+DES\s0\fR is not valid. +.PP +The content of the default list is determined at compile time and normally +corresponds to \fB\s-1ALL:\s0!COMPLEMENTOFDEFAULT:!eNULL\fR. +.SH "CIPHER STRINGS" +.IX Header "CIPHER STRINGS" +The following is a list of all permitted cipher strings and their meanings. +.IP "\fB\s-1COMPLEMENTOFDEFAULT\s0\fR" 4 +.IX Item "COMPLEMENTOFDEFAULT" +The ciphers included in \fB\s-1ALL\s0\fR, but not enabled by default. Currently +this includes all \s-1RC4\s0 and anonymous ciphers. Note that this rule does +not cover \fBeNULL\fR, which is not included by \fB\s-1ALL\s0\fR (use \fB\s-1COMPLEMENTOFALL\s0\fR if +necessary). Note that \s-1RC4\s0 based cipher suites are not built into OpenSSL by +default (see the enable-weak-ssl-ciphers option to Configure). +.IP "\fB\s-1ALL\s0\fR" 4 +.IX Item "ALL" +All cipher suites except the \fBeNULL\fR ciphers (which must be explicitly enabled +if needed). +As of OpenSSL 1.0.0, the \fB\s-1ALL\s0\fR cipher suites are sensibly ordered by default. +.IP "\fB\s-1COMPLEMENTOFALL\s0\fR" 4 +.IX Item "COMPLEMENTOFALL" +The cipher suites not enabled by \fB\s-1ALL\s0\fR, currently \fBeNULL\fR. +.IP "\fB\s-1HIGH\s0\fR" 4 +.IX Item "HIGH" +\&\*(L"High\*(R" encryption cipher suites. This currently means those with key lengths +larger than 128 bits, and some cipher suites with 128\-bit keys. +.IP "\fB\s-1MEDIUM\s0\fR" 4 +.IX Item "MEDIUM" +\&\*(L"Medium\*(R" encryption cipher suites, currently some of those using 128 bit +encryption. +.IP "\fB\s-1LOW\s0\fR" 4 +.IX Item "LOW" +\&\*(L"Low\*(R" encryption cipher suites, currently those using 64 or 56 bit +encryption algorithms but excluding export cipher suites. All these +cipher suites have been removed as of OpenSSL 1.1.0. +.IP "\fBeNULL\fR, \fB\s-1NULL\s0\fR" 4 +.IX Item "eNULL, NULL" +The \*(L"\s-1NULL\s0\*(R" ciphers that is those offering no encryption. Because these offer no +encryption at all and are a security risk they are not enabled via either the +\&\fB\s-1DEFAULT\s0\fR or \fB\s-1ALL\s0\fR cipher strings. +Be careful when building cipherlists out of lower-level primitives such as +\&\fBkRSA\fR or \fBaECDSA\fR as these do overlap with the \fBeNULL\fR ciphers. When in +doubt, include \fB!eNULL\fR in your cipherlist. +.IP "\fBaNULL\fR" 4 +.IX Item "aNULL" +The cipher suites offering no authentication. This is currently the anonymous +\&\s-1DH\s0 algorithms and anonymous \s-1ECDH\s0 algorithms. These cipher suites are vulnerable +to \*(L"man in the middle\*(R" attacks and so their use is discouraged. +These are excluded from the \fB\s-1DEFAULT\s0\fR ciphers, but included in the \fB\s-1ALL\s0\fR +ciphers. +Be careful when building cipherlists out of lower-level primitives such as +\&\fBkDHE\fR or \fB\s-1AES\s0\fR as these do overlap with the \fBaNULL\fR ciphers. +When in doubt, include \fB!aNULL\fR in your cipherlist. +.IP "\fBkRSA\fR, \fBaRSA\fR, \fB\s-1RSA\s0\fR" 4 +.IX Item "kRSA, aRSA, RSA" +Cipher suites using \s-1RSA\s0 key exchange or authentication. \fB\s-1RSA\s0\fR is an alias for +\&\fBkRSA\fR. +.IP "\fBkDHr\fR, \fBkDHd\fR, \fBkDH\fR" 4 +.IX Item "kDHr, kDHd, kDH" +Cipher suites using static \s-1DH\s0 key agreement and \s-1DH\s0 certificates signed by CAs +with \s-1RSA\s0 and \s-1DSS\s0 keys or either respectively. +All these cipher suites have been removed in OpenSSL 1.1.0. +.IP "\fBkDHE\fR, \fBkEDH\fR, \fB\s-1DH\s0\fR" 4 +.IX Item "kDHE, kEDH, DH" +Cipher suites using ephemeral \s-1DH\s0 key agreement, including anonymous cipher +suites. +.IP "\fB\s-1DHE\s0\fR, \fB\s-1EDH\s0\fR" 4 +.IX Item "DHE, EDH" +Cipher suites using authenticated ephemeral \s-1DH\s0 key agreement. +.IP "\fB\s-1ADH\s0\fR" 4 +.IX Item "ADH" +Anonymous \s-1DH\s0 cipher suites, note that this does not include anonymous Elliptic +Curve \s-1DH\s0 (\s-1ECDH\s0) cipher suites. +.IP "\fBkEECDH\fR, \fBkECDHE\fR, \fB\s-1ECDH\s0\fR" 4 +.IX Item "kEECDH, kECDHE, ECDH" +Cipher suites using ephemeral \s-1ECDH\s0 key agreement, including anonymous +cipher suites. +.IP "\fB\s-1ECDHE\s0\fR, \fB\s-1EECDH\s0\fR" 4 +.IX Item "ECDHE, EECDH" +Cipher suites using authenticated ephemeral \s-1ECDH\s0 key agreement. +.IP "\fB\s-1AECDH\s0\fR" 4 +.IX Item "AECDH" +Anonymous Elliptic Curve Diffie-Hellman cipher suites. +.IP "\fBaDSS\fR, \fB\s-1DSS\s0\fR" 4 +.IX Item "aDSS, DSS" +Cipher suites using \s-1DSS\s0 authentication, i.e. the certificates carry \s-1DSS\s0 keys. +.IP "\fBaDH\fR" 4 +.IX Item "aDH" +Cipher suites effectively using \s-1DH\s0 authentication, i.e. the certificates carry +\&\s-1DH\s0 keys. +All these cipher suites have been removed in OpenSSL 1.1.0. +.IP "\fBaECDSA\fR, \fB\s-1ECDSA\s0\fR" 4 +.IX Item "aECDSA, ECDSA" +Cipher suites using \s-1ECDSA\s0 authentication, i.e. the certificates carry \s-1ECDSA\s0 +keys. +.IP "\fBTLSv1.2\fR, \fBTLSv1.0\fR, \fBSSLv3\fR" 4 +.IX Item "TLSv1.2, TLSv1.0, SSLv3" +Lists cipher suites which are only supported in at least \s-1TLS\s0 v1.2, \s-1TLS\s0 v1.0 or +\&\s-1SSL\s0 v3.0 respectively. +Note: there are no cipher suites specific to \s-1TLS\s0 v1.1. +Since this is only the minimum version, if, for example, TLSv1.0 is negotiated +then both TLSv1.0 and SSLv3.0 cipher suites are available. +.Sp +Note: these cipher strings \fBdo not\fR change the negotiated version of \s-1SSL\s0 or +\&\s-1TLS\s0, they only affect the list of available cipher suites. +.IP "\fB\s-1AES128\s0\fR, \fB\s-1AES256\s0\fR, \fB\s-1AES\s0\fR" 4 +.IX Item "AES128, AES256, AES" +cipher suites using 128 bit \s-1AES\s0, 256 bit \s-1AES\s0 or either 128 or 256 bit \s-1AES\s0. +.IP "\fB\s-1AESGCM\s0\fR" 4 +.IX Item "AESGCM" +\&\s-1AES\s0 in Galois Counter Mode (\s-1GCM\s0): these cipher suites are only supported +in \s-1TLS\s0 v1.2. +.IP "\fB\s-1AESCCM\s0\fR, \fB\s-1AESCCM8\s0\fR" 4 +.IX Item "AESCCM, AESCCM8" +\&\s-1AES\s0 in Cipher Block Chaining \- Message Authentication Mode (\s-1CCM\s0): these +cipher suites are only supported in \s-1TLS\s0 v1.2. \fB\s-1AESCCM\s0\fR references \s-1CCM\s0 +cipher suites using both 16 and 8 octet Integrity Check Value (\s-1ICV\s0) +while \fB\s-1AESCCM8\s0\fR only references 8 octet \s-1ICV\s0. +.IP "\fB\s-1ARIA128\s0\fR, \fB\s-1ARIA256\s0\fR, \fB\s-1ARIA\s0\fR" 4 +.IX Item "ARIA128, ARIA256, ARIA" +Cipher suites using 128 bit \s-1ARIA\s0, 256 bit \s-1ARIA\s0 or either 128 or 256 bit +\&\s-1ARIA\s0. +.IP "\fB\s-1CAMELLIA128\s0\fR, \fB\s-1CAMELLIA256\s0\fR, \fB\s-1CAMELLIA\s0\fR" 4 +.IX Item "CAMELLIA128, CAMELLIA256, CAMELLIA" +Cipher suites using 128 bit \s-1CAMELLIA\s0, 256 bit \s-1CAMELLIA\s0 or either 128 or 256 bit +\&\s-1CAMELLIA\s0. +.IP "\fB\s-1CHACHA20\s0\fR" 4 +.IX Item "CHACHA20" +Cipher suites using ChaCha20. +.IP "\fB3DES\fR" 4 +.IX Item "3DES" +Cipher suites using triple \s-1DES\s0. +.IP "\fB\s-1DES\s0\fR" 4 +.IX Item "DES" +Cipher suites using \s-1DES\s0 (not triple \s-1DES\s0). +All these cipher suites have been removed in OpenSSL 1.1.0. +.IP "\fB\s-1RC4\s0\fR" 4 +.IX Item "RC4" +Cipher suites using \s-1RC4\s0. +.IP "\fB\s-1RC2\s0\fR" 4 +.IX Item "RC2" +Cipher suites using \s-1RC2\s0. +.IP "\fB\s-1IDEA\s0\fR" 4 +.IX Item "IDEA" +Cipher suites using \s-1IDEA\s0. +.IP "\fB\s-1SEED\s0\fR" 4 +.IX Item "SEED" +Cipher suites using \s-1SEED\s0. +.IP "\fB\s-1MD5\s0\fR" 4 +.IX Item "MD5" +Cipher suites using \s-1MD5\s0. +.IP "\fB\s-1SHA1\s0\fR, \fB\s-1SHA\s0\fR" 4 +.IX Item "SHA1, SHA" +Cipher suites using \s-1SHA1\s0. +.IP "\fB\s-1SHA256\s0\fR, \fB\s-1SHA384\s0\fR" 4 +.IX Item "SHA256, SHA384" +Cipher suites using \s-1SHA256\s0 or \s-1SHA384\s0. +.IP "\fBaGOST\fR" 4 +.IX Item "aGOST" +Cipher suites using \s-1GOST\s0 R 34.10 (either 2001 or 94) for authentication +(needs an engine supporting \s-1GOST\s0 algorithms). +.IP "\fBaGOST01\fR" 4 +.IX Item "aGOST01" +Cipher suites using \s-1GOST\s0 R 34.10\-2001 authentication. +.IP "\fBkGOST\fR" 4 +.IX Item "kGOST" +Cipher suites, using \s-1VKO\s0 34.10 key exchange, specified in the \s-1RFC\s0 4357. +.IP "\fB\s-1GOST94\s0\fR" 4 +.IX Item "GOST94" +Cipher suites, using \s-1HMAC\s0 based on \s-1GOST\s0 R 34.11\-94. +.IP "\fB\s-1GOST89MAC\s0\fR" 4 +.IX Item "GOST89MAC" +Cipher suites using \s-1GOST\s0 28147\-89 \s-1MAC\s0 \fBinstead of\fR \s-1HMAC\s0. +.IP "\fB\s-1PSK\s0\fR" 4 +.IX Item "PSK" +All cipher suites using pre-shared keys (\s-1PSK\s0). +.IP "\fBkPSK\fR, \fBkECDHEPSK\fR, \fBkDHEPSK\fR, \fBkRSAPSK\fR" 4 +.IX Item "kPSK, kECDHEPSK, kDHEPSK, kRSAPSK" +Cipher suites using \s-1PSK\s0 key exchange, \s-1ECDHE_PSK\s0, \s-1DHE_PSK\s0 or \s-1RSA_PSK\s0. +.IP "\fBaPSK\fR" 4 +.IX Item "aPSK" +Cipher suites using \s-1PSK\s0 authentication (currently all \s-1PSK\s0 modes apart from +\&\s-1RSA_PSK\s0). +.IP "\fB\s-1SUITEB128\s0\fR, \fB\s-1SUITEB128ONLY\s0\fR, \fB\s-1SUITEB192\s0\fR" 4 +.IX Item "SUITEB128, SUITEB128ONLY, SUITEB192" +Enables suite B mode of operation using 128 (permitting 192 bit mode by peer) +128 bit (not permitting 192 bit by peer) or 192 bit level of security +respectively. +If used these cipherstrings should appear first in the cipher +list and anything after them is ignored. +Setting Suite B mode has additional consequences required to comply with +\&\s-1RFC6460\s0. +In particular the supported signature algorithms is reduced to support only +\&\s-1ECDSA\s0 and \s-1SHA256\s0 or \s-1SHA384\s0, only the elliptic curves P\-256 and P\-384 can be +used and only the two suite B compliant cipher suites +(\s-1ECDHE\-ECDSA\-AES128\-GCM\-SHA256\s0 and \s-1ECDHE\-ECDSA\-AES256\-GCM\-SHA384\s0) are +permissible. +.SH "CIPHER SUITE NAMES" +.IX Header "CIPHER SUITE NAMES" +The following lists give the \s-1SSL\s0 or \s-1TLS\s0 cipher suites names from the +relevant specification and their OpenSSL equivalents. It should be noted, +that several cipher suite names do not include the authentication used, +e.g. \s-1DES\-CBC3\-SHA\s0. In these cases, \s-1RSA\s0 authentication is used. +.SS "\s-1SSL\s0 v3.0 cipher suites" +.IX Subsection "SSL v3.0 cipher suites" +.Vb 6 +\& SSL_RSA_WITH_NULL_MD5 NULL\-MD5 +\& SSL_RSA_WITH_NULL_SHA NULL\-SHA +\& SSL_RSA_WITH_RC4_128_MD5 RC4\-MD5 +\& SSL_RSA_WITH_RC4_128_SHA RC4\-SHA +\& SSL_RSA_WITH_IDEA_CBC_SHA IDEA\-CBC\-SHA +\& SSL_RSA_WITH_3DES_EDE_CBC_SHA DES\-CBC3\-SHA +\& +\& SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA DH\-DSS\-DES\-CBC3\-SHA +\& SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA DH\-RSA\-DES\-CBC3\-SHA +\& SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA DHE\-DSS\-DES\-CBC3\-SHA +\& SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA DHE\-RSA\-DES\-CBC3\-SHA +\& +\& SSL_DH_anon_WITH_RC4_128_MD5 ADH\-RC4\-MD5 +\& SSL_DH_anon_WITH_3DES_EDE_CBC_SHA ADH\-DES\-CBC3\-SHA +\& +\& SSL_FORTEZZA_KEA_WITH_NULL_SHA Not implemented. +\& SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA Not implemented. +\& SSL_FORTEZZA_KEA_WITH_RC4_128_SHA Not implemented. +.Ve +.SS "\s-1TLS\s0 v1.0 cipher suites" +.IX Subsection "TLS v1.0 cipher suites" +.Vb 6 +\& TLS_RSA_WITH_NULL_MD5 NULL\-MD5 +\& TLS_RSA_WITH_NULL_SHA NULL\-SHA +\& TLS_RSA_WITH_RC4_128_MD5 RC4\-MD5 +\& TLS_RSA_WITH_RC4_128_SHA RC4\-SHA +\& TLS_RSA_WITH_IDEA_CBC_SHA IDEA\-CBC\-SHA +\& TLS_RSA_WITH_3DES_EDE_CBC_SHA DES\-CBC3\-SHA +\& +\& TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA Not implemented. +\& TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA Not implemented. +\& TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA DHE\-DSS\-DES\-CBC3\-SHA +\& TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA DHE\-RSA\-DES\-CBC3\-SHA +\& +\& TLS_DH_anon_WITH_RC4_128_MD5 ADH\-RC4\-MD5 +\& TLS_DH_anon_WITH_3DES_EDE_CBC_SHA ADH\-DES\-CBC3\-SHA +.Ve +.SS "\s-1AES\s0 cipher suites from \s-1RFC3268\s0, extending \s-1TLS\s0 v1.0" +.IX Subsection "AES cipher suites from RFC3268, extending TLS v1.0" +.Vb 2 +\& TLS_RSA_WITH_AES_128_CBC_SHA AES128\-SHA +\& TLS_RSA_WITH_AES_256_CBC_SHA AES256\-SHA +\& +\& TLS_DH_DSS_WITH_AES_128_CBC_SHA DH\-DSS\-AES128\-SHA +\& TLS_DH_DSS_WITH_AES_256_CBC_SHA DH\-DSS\-AES256\-SHA +\& TLS_DH_RSA_WITH_AES_128_CBC_SHA DH\-RSA\-AES128\-SHA +\& TLS_DH_RSA_WITH_AES_256_CBC_SHA DH\-RSA\-AES256\-SHA +\& +\& TLS_DHE_DSS_WITH_AES_128_CBC_SHA DHE\-DSS\-AES128\-SHA +\& TLS_DHE_DSS_WITH_AES_256_CBC_SHA DHE\-DSS\-AES256\-SHA +\& TLS_DHE_RSA_WITH_AES_128_CBC_SHA DHE\-RSA\-AES128\-SHA +\& TLS_DHE_RSA_WITH_AES_256_CBC_SHA DHE\-RSA\-AES256\-SHA +\& +\& TLS_DH_anon_WITH_AES_128_CBC_SHA ADH\-AES128\-SHA +\& TLS_DH_anon_WITH_AES_256_CBC_SHA ADH\-AES256\-SHA +.Ve +.SS "Camellia cipher suites from \s-1RFC4132\s0, extending \s-1TLS\s0 v1.0" +.IX Subsection "Camellia cipher suites from RFC4132, extending TLS v1.0" +.Vb 2 +\& TLS_RSA_WITH_CAMELLIA_128_CBC_SHA CAMELLIA128\-SHA +\& TLS_RSA_WITH_CAMELLIA_256_CBC_SHA CAMELLIA256\-SHA +\& +\& TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA DH\-DSS\-CAMELLIA128\-SHA +\& TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA DH\-DSS\-CAMELLIA256\-SHA +\& TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA DH\-RSA\-CAMELLIA128\-SHA +\& TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA DH\-RSA\-CAMELLIA256\-SHA +\& +\& TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA DHE\-DSS\-CAMELLIA128\-SHA +\& TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA DHE\-DSS\-CAMELLIA256\-SHA +\& TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA DHE\-RSA\-CAMELLIA128\-SHA +\& TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA DHE\-RSA\-CAMELLIA256\-SHA +\& +\& TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA ADH\-CAMELLIA128\-SHA +\& TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA ADH\-CAMELLIA256\-SHA +.Ve +.SS "\s-1SEED\s0 cipher suites from \s-1RFC4162\s0, extending \s-1TLS\s0 v1.0" +.IX Subsection "SEED cipher suites from RFC4162, extending TLS v1.0" +.Vb 1 +\& TLS_RSA_WITH_SEED_CBC_SHA SEED\-SHA +\& +\& TLS_DH_DSS_WITH_SEED_CBC_SHA DH\-DSS\-SEED\-SHA +\& TLS_DH_RSA_WITH_SEED_CBC_SHA DH\-RSA\-SEED\-SHA +\& +\& TLS_DHE_DSS_WITH_SEED_CBC_SHA DHE\-DSS\-SEED\-SHA +\& TLS_DHE_RSA_WITH_SEED_CBC_SHA DHE\-RSA\-SEED\-SHA +\& +\& TLS_DH_anon_WITH_SEED_CBC_SHA ADH\-SEED\-SHA +.Ve +.SS "\s-1GOST\s0 cipher suites from draft-chudov-cryptopro-cptls, extending \s-1TLS\s0 v1.0" +.IX Subsection "GOST cipher suites from draft-chudov-cryptopro-cptls, extending TLS v1.0" +Note: these ciphers require an engine which including \s-1GOST\s0 cryptographic +algorithms, such as the \fBgost\fR engine, which isn't part of the OpenSSL +distribution. +.PP +.Vb 4 +\& TLS_GOSTR341094_WITH_28147_CNT_IMIT GOST94\-GOST89\-GOST89 +\& TLS_GOSTR341001_WITH_28147_CNT_IMIT GOST2001\-GOST89\-GOST89 +\& TLS_GOSTR341094_WITH_NULL_GOSTR3411 GOST94\-NULL\-GOST94 +\& TLS_GOSTR341001_WITH_NULL_GOSTR3411 GOST2001\-NULL\-GOST94 +.Ve +.SS "Additional Export 1024 and other cipher suites" +.IX Subsection "Additional Export 1024 and other cipher suites" +Note: these ciphers can also be used in \s-1SSL\s0 v3. +.PP +.Vb 1 +\& TLS_DHE_DSS_WITH_RC4_128_SHA DHE\-DSS\-RC4\-SHA +.Ve +.SS "Elliptic curve cipher suites" +.IX Subsection "Elliptic curve cipher suites" +.Vb 5 +\& TLS_ECDHE_RSA_WITH_NULL_SHA ECDHE\-RSA\-NULL\-SHA +\& TLS_ECDHE_RSA_WITH_RC4_128_SHA ECDHE\-RSA\-RC4\-SHA +\& TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA ECDHE\-RSA\-DES\-CBC3\-SHA +\& TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ECDHE\-RSA\-AES128\-SHA +\& TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDHE\-RSA\-AES256\-SHA +\& +\& TLS_ECDHE_ECDSA_WITH_NULL_SHA ECDHE\-ECDSA\-NULL\-SHA +\& TLS_ECDHE_ECDSA_WITH_RC4_128_SHA ECDHE\-ECDSA\-RC4\-SHA +\& TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA ECDHE\-ECDSA\-DES\-CBC3\-SHA +\& TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA ECDHE\-ECDSA\-AES128\-SHA +\& TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA ECDHE\-ECDSA\-AES256\-SHA +\& +\& TLS_ECDH_anon_WITH_NULL_SHA AECDH\-NULL\-SHA +\& TLS_ECDH_anon_WITH_RC4_128_SHA AECDH\-RC4\-SHA +\& TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA AECDH\-DES\-CBC3\-SHA +\& TLS_ECDH_anon_WITH_AES_128_CBC_SHA AECDH\-AES128\-SHA +\& TLS_ECDH_anon_WITH_AES_256_CBC_SHA AECDH\-AES256\-SHA +.Ve +.SS "\s-1TLS\s0 v1.2 cipher suites" +.IX Subsection "TLS v1.2 cipher suites" +.Vb 1 +\& TLS_RSA_WITH_NULL_SHA256 NULL\-SHA256 +\& +\& TLS_RSA_WITH_AES_128_CBC_SHA256 AES128\-SHA256 +\& TLS_RSA_WITH_AES_256_CBC_SHA256 AES256\-SHA256 +\& TLS_RSA_WITH_AES_128_GCM_SHA256 AES128\-GCM\-SHA256 +\& TLS_RSA_WITH_AES_256_GCM_SHA384 AES256\-GCM\-SHA384 +\& +\& TLS_DH_RSA_WITH_AES_128_CBC_SHA256 DH\-RSA\-AES128\-SHA256 +\& TLS_DH_RSA_WITH_AES_256_CBC_SHA256 DH\-RSA\-AES256\-SHA256 +\& TLS_DH_RSA_WITH_AES_128_GCM_SHA256 DH\-RSA\-AES128\-GCM\-SHA256 +\& TLS_DH_RSA_WITH_AES_256_GCM_SHA384 DH\-RSA\-AES256\-GCM\-SHA384 +\& +\& TLS_DH_DSS_WITH_AES_128_CBC_SHA256 DH\-DSS\-AES128\-SHA256 +\& TLS_DH_DSS_WITH_AES_256_CBC_SHA256 DH\-DSS\-AES256\-SHA256 +\& TLS_DH_DSS_WITH_AES_128_GCM_SHA256 DH\-DSS\-AES128\-GCM\-SHA256 +\& TLS_DH_DSS_WITH_AES_256_GCM_SHA384 DH\-DSS\-AES256\-GCM\-SHA384 +\& +\& TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 DHE\-RSA\-AES128\-SHA256 +\& TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 DHE\-RSA\-AES256\-SHA256 +\& TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 DHE\-RSA\-AES128\-GCM\-SHA256 +\& TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DHE\-RSA\-AES256\-GCM\-SHA384 +\& +\& TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 DHE\-DSS\-AES128\-SHA256 +\& TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 DHE\-DSS\-AES256\-SHA256 +\& TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 DHE\-DSS\-AES128\-GCM\-SHA256 +\& TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 DHE\-DSS\-AES256\-GCM\-SHA384 +\& +\& TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDHE\-RSA\-AES128\-SHA256 +\& TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDHE\-RSA\-AES256\-SHA384 +\& TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDHE\-RSA\-AES128\-GCM\-SHA256 +\& TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDHE\-RSA\-AES256\-GCM\-SHA384 +\& +\& TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 ECDHE\-ECDSA\-AES128\-SHA256 +\& TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 ECDHE\-ECDSA\-AES256\-SHA384 +\& TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDHE\-ECDSA\-AES128\-GCM\-SHA256 +\& TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDHE\-ECDSA\-AES256\-GCM\-SHA384 +\& +\& TLS_DH_anon_WITH_AES_128_CBC_SHA256 ADH\-AES128\-SHA256 +\& TLS_DH_anon_WITH_AES_256_CBC_SHA256 ADH\-AES256\-SHA256 +\& TLS_DH_anon_WITH_AES_128_GCM_SHA256 ADH\-AES128\-GCM\-SHA256 +\& TLS_DH_anon_WITH_AES_256_GCM_SHA384 ADH\-AES256\-GCM\-SHA384 +\& +\& RSA_WITH_AES_128_CCM AES128\-CCM +\& RSA_WITH_AES_256_CCM AES256\-CCM +\& DHE_RSA_WITH_AES_128_CCM DHE\-RSA\-AES128\-CCM +\& DHE_RSA_WITH_AES_256_CCM DHE\-RSA\-AES256\-CCM +\& RSA_WITH_AES_128_CCM_8 AES128\-CCM8 +\& RSA_WITH_AES_256_CCM_8 AES256\-CCM8 +\& DHE_RSA_WITH_AES_128_CCM_8 DHE\-RSA\-AES128\-CCM8 +\& DHE_RSA_WITH_AES_256_CCM_8 DHE\-RSA\-AES256\-CCM8 +\& ECDHE_ECDSA_WITH_AES_128_CCM ECDHE\-ECDSA\-AES128\-CCM +\& ECDHE_ECDSA_WITH_AES_256_CCM ECDHE\-ECDSA\-AES256\-CCM +\& ECDHE_ECDSA_WITH_AES_128_CCM_8 ECDHE\-ECDSA\-AES128\-CCM8 +\& ECDHE_ECDSA_WITH_AES_256_CCM_8 ECDHE\-ECDSA\-AES256\-CCM8 +.Ve +.SS "\s-1ARIA\s0 cipher suites from \s-1RFC6209\s0, extending \s-1TLS\s0 v1.2" +.IX Subsection "ARIA cipher suites from RFC6209, extending TLS v1.2" +Note: the \s-1CBC\s0 modes mentioned in this \s-1RFC\s0 are not supported. +.PP +.Vb 10 +\& TLS_RSA_WITH_ARIA_128_GCM_SHA256 ARIA128\-GCM\-SHA256 +\& TLS_RSA_WITH_ARIA_256_GCM_SHA384 ARIA256\-GCM\-SHA384 +\& TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 DHE\-RSA\-ARIA128\-GCM\-SHA256 +\& TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 DHE\-RSA\-ARIA256\-GCM\-SHA384 +\& TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256 DHE\-DSS\-ARIA128\-GCM\-SHA256 +\& TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384 DHE\-DSS\-ARIA256\-GCM\-SHA384 +\& TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 ECDHE\-ECDSA\-ARIA128\-GCM\-SHA256 +\& TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 ECDHE\-ECDSA\-ARIA256\-GCM\-SHA384 +\& TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 ECDHE\-ARIA128\-GCM\-SHA256 +\& TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 ECDHE\-ARIA256\-GCM\-SHA384 +\& TLS_PSK_WITH_ARIA_128_GCM_SHA256 PSK\-ARIA128\-GCM\-SHA256 +\& TLS_PSK_WITH_ARIA_256_GCM_SHA384 PSK\-ARIA256\-GCM\-SHA384 +\& TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 DHE\-PSK\-ARIA128\-GCM\-SHA256 +\& TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 DHE\-PSK\-ARIA256\-GCM\-SHA384 +\& TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 RSA\-PSK\-ARIA128\-GCM\-SHA256 +\& TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 RSA\-PSK\-ARIA256\-GCM\-SHA384 +.Ve +.SS "Camellia HMAC-Based cipher suites from \s-1RFC6367\s0, extending \s-1TLS\s0 v1.2" +.IX Subsection "Camellia HMAC-Based cipher suites from RFC6367, extending TLS v1.2" +.Vb 4 +\& TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 ECDHE\-ECDSA\-CAMELLIA128\-SHA256 +\& TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 ECDHE\-ECDSA\-CAMELLIA256\-SHA384 +\& TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 ECDHE\-RSA\-CAMELLIA128\-SHA256 +\& TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 ECDHE\-RSA\-CAMELLIA256\-SHA384 +.Ve +.SS "Pre-shared keying (\s-1PSK\s0) cipher suites" +.IX Subsection "Pre-shared keying (PSK) cipher suites" +.Vb 3 +\& PSK_WITH_NULL_SHA PSK\-NULL\-SHA +\& DHE_PSK_WITH_NULL_SHA DHE\-PSK\-NULL\-SHA +\& RSA_PSK_WITH_NULL_SHA RSA\-PSK\-NULL\-SHA +\& +\& PSK_WITH_RC4_128_SHA PSK\-RC4\-SHA +\& PSK_WITH_3DES_EDE_CBC_SHA PSK\-3DES\-EDE\-CBC\-SHA +\& PSK_WITH_AES_128_CBC_SHA PSK\-AES128\-CBC\-SHA +\& PSK_WITH_AES_256_CBC_SHA PSK\-AES256\-CBC\-SHA +\& +\& DHE_PSK_WITH_RC4_128_SHA DHE\-PSK\-RC4\-SHA +\& DHE_PSK_WITH_3DES_EDE_CBC_SHA DHE\-PSK\-3DES\-EDE\-CBC\-SHA +\& DHE_PSK_WITH_AES_128_CBC_SHA DHE\-PSK\-AES128\-CBC\-SHA +\& DHE_PSK_WITH_AES_256_CBC_SHA DHE\-PSK\-AES256\-CBC\-SHA +\& +\& RSA_PSK_WITH_RC4_128_SHA RSA\-PSK\-RC4\-SHA +\& RSA_PSK_WITH_3DES_EDE_CBC_SHA RSA\-PSK\-3DES\-EDE\-CBC\-SHA +\& RSA_PSK_WITH_AES_128_CBC_SHA RSA\-PSK\-AES128\-CBC\-SHA +\& RSA_PSK_WITH_AES_256_CBC_SHA RSA\-PSK\-AES256\-CBC\-SHA +\& +\& PSK_WITH_AES_128_GCM_SHA256 PSK\-AES128\-GCM\-SHA256 +\& PSK_WITH_AES_256_GCM_SHA384 PSK\-AES256\-GCM\-SHA384 +\& DHE_PSK_WITH_AES_128_GCM_SHA256 DHE\-PSK\-AES128\-GCM\-SHA256 +\& DHE_PSK_WITH_AES_256_GCM_SHA384 DHE\-PSK\-AES256\-GCM\-SHA384 +\& RSA_PSK_WITH_AES_128_GCM_SHA256 RSA\-PSK\-AES128\-GCM\-SHA256 +\& RSA_PSK_WITH_AES_256_GCM_SHA384 RSA\-PSK\-AES256\-GCM\-SHA384 +\& +\& PSK_WITH_AES_128_CBC_SHA256 PSK\-AES128\-CBC\-SHA256 +\& PSK_WITH_AES_256_CBC_SHA384 PSK\-AES256\-CBC\-SHA384 +\& PSK_WITH_NULL_SHA256 PSK\-NULL\-SHA256 +\& PSK_WITH_NULL_SHA384 PSK\-NULL\-SHA384 +\& DHE_PSK_WITH_AES_128_CBC_SHA256 DHE\-PSK\-AES128\-CBC\-SHA256 +\& DHE_PSK_WITH_AES_256_CBC_SHA384 DHE\-PSK\-AES256\-CBC\-SHA384 +\& DHE_PSK_WITH_NULL_SHA256 DHE\-PSK\-NULL\-SHA256 +\& DHE_PSK_WITH_NULL_SHA384 DHE\-PSK\-NULL\-SHA384 +\& RSA_PSK_WITH_AES_128_CBC_SHA256 RSA\-PSK\-AES128\-CBC\-SHA256 +\& RSA_PSK_WITH_AES_256_CBC_SHA384 RSA\-PSK\-AES256\-CBC\-SHA384 +\& RSA_PSK_WITH_NULL_SHA256 RSA\-PSK\-NULL\-SHA256 +\& RSA_PSK_WITH_NULL_SHA384 RSA\-PSK\-NULL\-SHA384 +\& PSK_WITH_AES_128_GCM_SHA256 PSK\-AES128\-GCM\-SHA256 +\& PSK_WITH_AES_256_GCM_SHA384 PSK\-AES256\-GCM\-SHA384 +\& +\& ECDHE_PSK_WITH_RC4_128_SHA ECDHE\-PSK\-RC4\-SHA +\& ECDHE_PSK_WITH_3DES_EDE_CBC_SHA ECDHE\-PSK\-3DES\-EDE\-CBC\-SHA +\& ECDHE_PSK_WITH_AES_128_CBC_SHA ECDHE\-PSK\-AES128\-CBC\-SHA +\& ECDHE_PSK_WITH_AES_256_CBC_SHA ECDHE\-PSK\-AES256\-CBC\-SHA +\& ECDHE_PSK_WITH_AES_128_CBC_SHA256 ECDHE\-PSK\-AES128\-CBC\-SHA256 +\& ECDHE_PSK_WITH_AES_256_CBC_SHA384 ECDHE\-PSK\-AES256\-CBC\-SHA384 +\& ECDHE_PSK_WITH_NULL_SHA ECDHE\-PSK\-NULL\-SHA +\& ECDHE_PSK_WITH_NULL_SHA256 ECDHE\-PSK\-NULL\-SHA256 +\& ECDHE_PSK_WITH_NULL_SHA384 ECDHE\-PSK\-NULL\-SHA384 +\& +\& PSK_WITH_CAMELLIA_128_CBC_SHA256 PSK\-CAMELLIA128\-SHA256 +\& PSK_WITH_CAMELLIA_256_CBC_SHA384 PSK\-CAMELLIA256\-SHA384 +\& +\& DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 DHE\-PSK\-CAMELLIA128\-SHA256 +\& DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 DHE\-PSK\-CAMELLIA256\-SHA384 +\& +\& RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 RSA\-PSK\-CAMELLIA128\-SHA256 +\& RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 RSA\-PSK\-CAMELLIA256\-SHA384 +\& +\& ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 ECDHE\-PSK\-CAMELLIA128\-SHA256 +\& ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 ECDHE\-PSK\-CAMELLIA256\-SHA384 +\& +\& PSK_WITH_AES_128_CCM PSK\-AES128\-CCM +\& PSK_WITH_AES_256_CCM PSK\-AES256\-CCM +\& DHE_PSK_WITH_AES_128_CCM DHE\-PSK\-AES128\-CCM +\& DHE_PSK_WITH_AES_256_CCM DHE\-PSK\-AES256\-CCM +\& PSK_WITH_AES_128_CCM_8 PSK\-AES128\-CCM8 +\& PSK_WITH_AES_256_CCM_8 PSK\-AES256\-CCM8 +\& DHE_PSK_WITH_AES_128_CCM_8 DHE\-PSK\-AES128\-CCM8 +\& DHE_PSK_WITH_AES_256_CCM_8 DHE\-PSK\-AES256\-CCM8 +.Ve +.SS "ChaCha20\-Poly1305 cipher suites, extending \s-1TLS\s0 v1.2" +.IX Subsection "ChaCha20-Poly1305 cipher suites, extending TLS v1.2" +.Vb 7 +\& TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 ECDHE\-RSA\-CHACHA20\-POLY1305 +\& TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 ECDHE\-ECDSA\-CHACHA20\-POLY1305 +\& TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 DHE\-RSA\-CHACHA20\-POLY1305 +\& TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 PSK\-CHACHA20\-POLY1305 +\& TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 ECDHE\-PSK\-CHACHA20\-POLY1305 +\& TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 DHE\-PSK\-CHACHA20\-POLY1305 +\& TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 RSA\-PSK\-CHACHA20\-POLY1305 +.Ve +.SS "\s-1TLS\s0 v1.3 cipher suites" +.IX Subsection "TLS v1.3 cipher suites" +.Vb 5 +\& TLS_AES_128_GCM_SHA256 TLS_AES_128_GCM_SHA256 +\& TLS_AES_256_GCM_SHA384 TLS_AES_256_GCM_SHA384 +\& TLS_CHACHA20_POLY1305_SHA256 TLS_CHACHA20_POLY1305_SHA256 +\& TLS_AES_128_CCM_SHA256 TLS_AES_128_CCM_SHA256 +\& TLS_AES_128_CCM_8_SHA256 TLS_AES_128_CCM_8_SHA256 +.Ve +.SS "Older names used by OpenSSL" +.IX Subsection "Older names used by OpenSSL" +The following names are accepted by older releases: +.PP +.Vb 2 +\& SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA EDH\-RSA\-DES\-CBC3\-SHA (DHE\-RSA\-DES\-CBC3\-SHA) +\& SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA EDH\-DSS\-DES\-CBC3\-SHA (DHE\-DSS\-DES\-CBC3\-SHA) +.Ve +.SH "NOTES" +.IX Header "NOTES" +Some compiled versions of OpenSSL may not include all the ciphers +listed here because some ciphers were excluded at compile time. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Verbose listing of all OpenSSL ciphers including \s-1NULL\s0 ciphers: +.PP +.Vb 1 +\& openssl ciphers \-v \*(AqALL:eNULL\*(Aq +.Ve +.PP +Include all ciphers except \s-1NULL\s0 and anonymous \s-1DH\s0 then sort by +strength: +.PP +.Vb 1 +\& openssl ciphers \-v \*(AqALL:!ADH:@STRENGTH\*(Aq +.Ve +.PP +Include all ciphers except ones with no encryption (eNULL) or no +authentication (aNULL): +.PP +.Vb 1 +\& openssl ciphers \-v \*(AqALL:!aNULL\*(Aq +.Ve +.PP +Include only 3DES ciphers and then place \s-1RSA\s0 ciphers last: +.PP +.Vb 1 +\& openssl ciphers \-v \*(Aq3DES:+RSA\*(Aq +.Ve +.PP +Include all \s-1RC4\s0 ciphers but leave out those without authentication: +.PP +.Vb 1 +\& openssl ciphers \-v \*(AqRC4:!COMPLEMENTOFDEFAULT\*(Aq +.Ve +.PP +Include all ciphers with \s-1RSA\s0 authentication but leave out ciphers without +encryption. +.PP +.Vb 1 +\& openssl ciphers \-v \*(AqRSA:!COMPLEMENTOFALL\*(Aq +.Ve +.PP +Set security level to 2 and display all ciphers consistent with level 2: +.PP +.Vb 1 +\& openssl ciphers \-s \-v \*(AqALL:@SECLEVEL=2\*(Aq +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIopenssl\-s_client\fR\|(1), +\&\fIopenssl\-s_server\fR\|(1), +\&\fIssl\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \fB\-V\fR option was added in OpenSSL 1.0.0. +.PP +The \fB\-stdname\fR is only available if OpenSSL is built with tracing enabled +(\fBenable-ssl-trace\fR argument to Configure) before OpenSSL 1.1.1. +.PP +The \fB\-convert\fR option was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man1/openssl-cmds.1 b/linux_amd64/share/man/man1/openssl-cmds.1 new file mode 100755 index 0000000..55f3840 --- /dev/null +++ b/linux_amd64/share/man/man1/openssl-cmds.1 @@ -0,0 +1,266 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-CMDS 1" +.TH OPENSSL-CMDS 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +asn1parse, +ca, +ciphers, +cms, +crl, +crl2pkcs7, +dgst, +dhparam, +dsa, +dsaparam, +ec, +ecparam, +enc, +engine, +errstr, +gendsa, +genpkey, +genrsa, +info, +kdf, +mac, +nseq, +ocsp, +passwd, +pkcs12, +pkcs7, +pkcs8, +pkey, +pkeyparam, +pkeyutl, +prime, +rand, +rehash, +req, +rsa, +rsautl, +s_client, +s_server, +s_time, +sess_id, +smime, +speed, +spkac, +srp, +storeutl, +ts, +verify, +version, +x509 +\&\- OpenSSL application commands +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fIcmd\fR \fB\-help\fR | [\fI\-option\fR | \fI\-option\fR \fIarg\fR] ... [\fIarg\fR] ... +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Every \fIcmd\fR listed above is a (sub\-)command of the \fIopenssl\fR\|(1) application. +It has its own detailed manual page at \fBopenssl\-\f(BIcmd\fB\fR(1). For example, to +view the manual page for the \fBopenssl dgst\fR command, type \f(CW\*(C`man openssl\-dgst\*(C'\fR. +.SH "OPTIONS" +.IX Header "OPTIONS" +Among others, every subcommand has a help option. +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message for the subcommand. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIopenssl\-asn1parse\fR\|(1), +\&\fIopenssl\-ca\fR\|(1), +\&\fIopenssl\-ciphers\fR\|(1), +\&\fIopenssl\-cms\fR\|(1), +\&\fIopenssl\-crl\fR\|(1), +\&\fIopenssl\-crl2pkcs7\fR\|(1), +\&\fIopenssl\-dgst\fR\|(1), +\&\fIopenssl\-dhparam\fR\|(1), +\&\fIopenssl\-dsa\fR\|(1), +\&\fIopenssl\-dsaparam\fR\|(1), +\&\fIopenssl\-ec\fR\|(1), +\&\fIopenssl\-ecparam\fR\|(1), +\&\fIopenssl\-enc\fR\|(1), +\&\fIopenssl\-engine\fR\|(1), +\&\fIopenssl\-errstr\fR\|(1), +\&\fIopenssl\-gendsa\fR\|(1), +\&\fIopenssl\-genpkey\fR\|(1), +\&\fIopenssl\-genrsa\fR\|(1), +\&\fIopenssl\-info\fR\|(1), +\&\fIopenssl\-kdf\fR\|(1), +\&\fIopenssl\-mac\fR\|(1), +\&\fIopenssl\-nseq\fR\|(1), +\&\fIopenssl\-ocsp\fR\|(1), +\&\fIopenssl\-passwd\fR\|(1), +\&\fIopenssl\-pkcs12\fR\|(1), +\&\fIopenssl\-pkcs7\fR\|(1), +\&\fIopenssl\-pkcs8\fR\|(1), +\&\fIopenssl\-pkey\fR\|(1), +\&\fIopenssl\-pkeyparam\fR\|(1), +\&\fIopenssl\-pkeyutl\fR\|(1), +\&\fIopenssl\-prime\fR\|(1), +\&\fIopenssl\-rand\fR\|(1), +\&\fIopenssl\-rehash\fR\|(1), +\&\fIopenssl\-req\fR\|(1), +\&\fIopenssl\-rsa\fR\|(1), +\&\fIopenssl\-rsautl\fR\|(1), +\&\fIopenssl\-s_client\fR\|(1), +\&\fIopenssl\-s_server\fR\|(1), +\&\fIopenssl\-s_time\fR\|(1), +\&\fIopenssl\-sess_id\fR\|(1), +\&\fIopenssl\-smime\fR\|(1), +\&\fIopenssl\-speed\fR\|(1), +\&\fIopenssl\-spkac\fR\|(1), +\&\fIopenssl\-srp\fR\|(1), +\&\fIopenssl\-storeutl\fR\|(1), +\&\fIopenssl\-ts\fR\|(1), +\&\fIopenssl\-verify\fR\|(1), +\&\fIopenssl\-version\fR\|(1), +\&\fIopenssl\-x509\fR\|(1), +.SH "HISTORY" +.IX Header "HISTORY" +Initially, the manual page entry for the \f(CW\*(C`openssl \f(CIcmd\f(CW\*(C'\fR command used +to be available at \fIcmd\fR(1). Later, the alias \fBopenssl\-\f(BIcmd\fB\fR(1) was +introduced, which made it easier to group the openssl commands using +the \fIapropos\fR\|(1) command or the shell's tab completion. +.PP +In order to reduce cluttering of the global manual page namespace, +the manual page entries without the 'openssl\-' prefix have been +deprecated in OpenSSL 3.0 and will be removed in OpenSSL 4.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man1/openssl-cms.1 b/linux_amd64/share/man/man1/openssl-cms.1 new file mode 100755 index 0000000..4408e7d --- /dev/null +++ b/linux_amd64/share/man/man1/openssl-cms.1 @@ -0,0 +1,856 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-CMS 1" +.TH OPENSSL-CMS 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-cms \- CMS utility +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBcms\fR +[\fB\-help\fR] +[\fB\-encrypt\fR] +[\fB\-decrypt\fR] +[\fB\-debug_decrypt\fR] +[\fB\-sign\fR] +[\fB\-verify\fR] +[\fB\-verify_retcode\fR] +[\fB\-no_attr_verify\fR] +[\fB\-nosigs\fR] +[\fB\-no_content_verify\fR] +[\fB\-cmsout\fR] +[\fB\-resign\fR] +[\fB\-cades\fR] +[\fB\-data_create\fR] +[\fB\-data_out\fR] +[\fB\-digest_create\fR] +[\fB\-digest_verify\fR] +[\fB\-compress\fR] +[\fB\-uncompress\fR] +[\fB\-EncryptedData_decrypt\fR] +[\fB\-EncryptedData_encrypt\fR] +[\fB\-sign_receipt\fR] +[\fB\-verify_receipt\fR \fIreceipt\fR] +[\fB\-in\fR \fIfilename\fR] +[\fB\-out\fR \fIfilename\fR] +[\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1SMIME\s0\fR] +[\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1SMIME\s0\fR] +[\fB\-rctform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1SMIME\s0\fR] +[\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1ENGINE\s0\fR] +[\fB\-stream\fR] +[\fB\-indef\fR] +[\fB\-noindef\fR] +[\fB\-content\fR \fIfilename\fR] +[\fB\-text\fR] +[\fB\-noout\fR] +[\fB\-print\fR] +[\fB\-md\fR \fIdigest\fR] +[\fB\-\f(BIcipher\fB\fR] +[\fB\-nointern\fR] +[\fB\-noverify\fR] +[\fB\-nocerts\fR] +[\fB\-noattr\fR] +[\fB\-nosmimecap\fR] +[\fB\-binary\fR] +[\fB\-crlfeol\fR] +[\fB\-asciicrlf\fR] +[\fB\-nodetach\fR] +[\fB\-certfile\fR \fIfile\fR] +[\fB\-certsout\fR \fIfile\fR] +[\fB\-signer\fR \fIfile\fR] +[\fB\-recip\fR \fIfile\fR] +[\fB\-keyid\fR] +[\fB\-receipt_request_all\fR] +[\fB\-receipt_request_first\fR] +[\fB\-receipt_request_from\fR \fIemailaddress\fR] +[\fB\-receipt_request_to\fR \fIemailaddress\fR] +[\fB\-receipt_request_print\fR] +[\fB\-pwri_password\fR \fIpassword\fR] +[\fB\-secretkey\fR \fIkey\fR] +[\fB\-secretkeyid\fR \fIid\fR] +[\fB\-econtent_type\fR \fItype\fR] +[\fB\-inkey\fR \fIfile\fR] +[\fB\-keyopt\fR \fIname\fR:\fIparameter\fR] +[\fB\-passin\fR \fIarg\fR] +[\fB\-to\fR \fIaddr\fR] +[\fB\-from\fR \fIaddr\fR] +[\fB\-subject\fR \fIsubj\fR] +[\fB\-allow_proxy_certs\fR] +[\fB\-attime\fR \fItimestamp\fR] +[\fB\-no_check_time\fR] +[\fB\-check_ss_sig\fR] +[\fB\-crl_check\fR] +[\fB\-crl_check_all\fR] +[\fB\-explicit_policy\fR] +[\fB\-extended_crl\fR] +[\fB\-ignore_critical\fR] +[\fB\-inhibit_any\fR] +[\fB\-inhibit_map\fR] +[\fB\-partial_chain\fR] +[\fB\-policy\fR \fIarg\fR] +[\fB\-policy_check\fR] +[\fB\-policy_print\fR] +[\fB\-purpose\fR \fIpurpose\fR] +[\fB\-suiteB_128\fR] +[\fB\-suiteB_128_only\fR] +[\fB\-suiteB_192\fR] +[\fB\-trusted_first\fR] +[\fB\-no_alt_chains\fR] +[\fB\-use_deltas\fR] +[\fB\-auth_level\fR \fInum\fR] +[\fB\-verify_depth\fR \fInum\fR] +[\fB\-verify_email\fR \fIemail\fR] +[\fB\-verify_hostname\fR \fIhostname\fR] +[\fB\-verify_ip\fR \fIip\fR] +[\fB\-verify_name\fR \fIname\fR] +[\fB\-x509_strict\fR] +[\fB\-issuer_checks\fR] +.PP +[\fB\-CAfile\fR \fIfile\fR] +[\fB\-no\-CAfile\fR] +[\fB\-CApath\fR \fIdir\fR] +[\fB\-no\-CApath\fR] +[\fB\-CAstore\fR \fIuri\fR] +[\fB\-no\-CAstore\fR] +[\fB\-rand\fR \fIfiles\fR] +[\fB\-writerand\fR \fIfile\fR] +[\fB\-engine\fR \fIid\fR] +[\fIcert.pem\fR ...] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command handles S/MIME v3.1 mail. It can encrypt, decrypt, +sign and verify, compress and uncompress S/MIME messages. +.SH "OPTIONS" +.IX Header "OPTIONS" +There are fourteen operation options that set the type of operation to be +performed. The meaning of the other options varies according to the operation +type. +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-encrypt\fR" 4 +.IX Item "-encrypt" +Encrypt mail for the given recipient certificates. Input file is the message +to be encrypted. The output file is the encrypted mail in \s-1MIME\s0 format. The +actual \s-1CMS\s0 type is EnvelopedData. +.Sp +Note that no revocation check is done for the recipient cert, so if that +key has been compromised, others may be able to decrypt the text. +.IP "\fB\-decrypt\fR" 4 +.IX Item "-decrypt" +Decrypt mail using the supplied certificate and private key. Expects an +encrypted mail message in \s-1MIME\s0 format for the input file. The decrypted mail +is written to the output file. +.IP "\fB\-debug_decrypt\fR" 4 +.IX Item "-debug_decrypt" +This option sets the \fB\s-1CMS_DEBUG_DECRYPT\s0\fR flag. This option should be used +with caution: see the notes section below. +.IP "\fB\-sign\fR" 4 +.IX Item "-sign" +Sign mail using the supplied certificate and private key. Input file is +the message to be signed. The signed message in \s-1MIME\s0 format is written +to the output file. +.IP "\fB\-verify\fR" 4 +.IX Item "-verify" +Verify signed mail. Expects a signed mail message on input and outputs +the signed data. Both clear text and opaque signing is supported. +.IP "\fB\-verify_retcode\fR" 4 +.IX Item "-verify_retcode" +Exit nonzero on verification failure. +.IP "\fB\-no_attr_verify\fR" 4 +.IX Item "-no_attr_verify" +Do not verify signed attribute signatures. +.IP "\fB\-no_content_verify\fR" 4 +.IX Item "-no_content_verify" +Do not verify signed content signatures. +.IP "\fB\-nosigs\fR" 4 +.IX Item "-nosigs" +Don't verify message signature. +.IP "\fB\-cmsout\fR" 4 +.IX Item "-cmsout" +Takes an input message and writes out a \s-1PEM\s0 encoded \s-1CMS\s0 structure. +.IP "\fB\-resign\fR" 4 +.IX Item "-resign" +Resign a message: take an existing message and one or more new signers. +.IP "\fB\-cades\fR" 4 +.IX Item "-cades" +Add an \s-1ESS\s0 signing-certificate or \s-1ESS\s0 signing\-certificate\-v2 signed-attribute to the SignerInfo, in order to make +the signature comply with the requirements for a CAdES Basic Electronic Signature (CAdES-BES). See the \s-1NOTES\s0 +section for more details. +.IP "\fB\-data_create\fR" 4 +.IX Item "-data_create" +Create a \s-1CMS\s0 \fBData\fR type. +.IP "\fB\-data_out\fR" 4 +.IX Item "-data_out" +\&\fBData\fR type and output the content. +.IP "\fB\-digest_create\fR" 4 +.IX Item "-digest_create" +Create a \s-1CMS\s0 \fBDigestedData\fR type. +.IP "\fB\-digest_verify\fR" 4 +.IX Item "-digest_verify" +Verify a \s-1CMS\s0 \fBDigestedData\fR type and output the content. +.IP "\fB\-compress\fR" 4 +.IX Item "-compress" +Create a \s-1CMS\s0 \fBCompressedData\fR type. OpenSSL must be compiled with \fBzlib\fR +support for this option to work, otherwise it will output an error. +.IP "\fB\-uncompress\fR" 4 +.IX Item "-uncompress" +Uncompress a \s-1CMS\s0 \fBCompressedData\fR type and output the content. OpenSSL must be +compiled with \fBzlib\fR support for this option to work, otherwise it will +output an error. +.IP "\fB\-EncryptedData_decrypt\fR" 4 +.IX Item "-EncryptedData_decrypt" +Decrypt content using supplied symmetric key and algorithm using a \s-1CMS\s0 +\&\fBEncryptedData\fR type and output the content. +.IP "\fB\-EncryptedData_encrypt\fR" 4 +.IX Item "-EncryptedData_encrypt" +Encrypt content using supplied symmetric key and algorithm using a \s-1CMS\s0 +\&\fBEncryptedData\fR type and output the content. +.IP "\fB\-sign_receipt\fR" 4 +.IX Item "-sign_receipt" +Generate and output a signed receipt for the supplied message. The input +message \fBmust\fR contain a signed receipt request. Functionality is otherwise +similar to the \fB\-sign\fR operation. +.IP "\fB\-verify_receipt\fR \fIreceipt\fR" 4 +.IX Item "-verify_receipt receipt" +Verify a signed receipt in filename \fBreceipt\fR. The input message \fBmust\fR +contain the original receipt request. Functionality is otherwise similar +to the \fB\-verify\fR operation. +.IP "\fB\-in\fR \fIfilename\fR" 4 +.IX Item "-in filename" +The input message to be encrypted or signed or the message to be decrypted +or verified. +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +The message text that has been decrypted or verified or the output \s-1MIME\s0 +format message that has been signed or verified. +.IP "\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1SMIME\s0\fR" 4 +.IX Item "-inform DER|PEM|SMIME" +The input format of the \s-1CMS\s0 structure (if one is being read); +the default is \fB\s-1SMIME\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1SMIME\s0\fR" 4 +.IX Item "-outform DER|PEM|SMIME" +The output format of the \s-1CMS\s0 structure (if one is being written); +the default is \fB\s-1SMIME\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1ENGINE\s0\fR" 4 +.IX Item "-keyform DER|PEM|ENGINE" +The format of the private key file; the default is \fB\s-1PEM\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-rctform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1SMIME\s0\fR" 4 +.IX Item "-rctform DER|PEM|SMIME" +The signed receipt format for use with the \fB\-receipt_verify\fR; the default +is \fB\s-1SMIME\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-stream\fR, \fB\-indef\fR" 4 +.IX Item "-stream, -indef" +The \fB\-stream\fR and \fB\-indef\fR options are equivalent and enable streaming I/O +for encoding operations. This permits single pass processing of data without +the need to hold the entire contents in memory, potentially supporting very +large files. Streaming is automatically set for S/MIME signing with detached +data if the output format is \fB\s-1SMIME\s0\fR it is currently off by default for all +other operations. +.IP "\fB\-noindef\fR" 4 +.IX Item "-noindef" +Disable streaming I/O where it would produce and indefinite length constructed +encoding. This option currently has no effect. In future streaming will be +enabled by default on all relevant operations and this option will disable it. +.IP "\fB\-content\fR \fIfilename\fR" 4 +.IX Item "-content filename" +This specifies a file containing the detached content, this is only +useful with the \fB\-verify\fR command. This is only usable if the \s-1CMS\s0 +structure is using the detached signature form where the content is +not included. This option will override any content if the input format +is S/MIME and it uses the multipart/signed \s-1MIME\s0 content type. +.IP "\fB\-text\fR" 4 +.IX Item "-text" +This option adds plain text (text/plain) \s-1MIME\s0 headers to the supplied +message if encrypting or signing. If decrypting or verifying it strips +off text headers: if the decrypted or verified message is not of \s-1MIME\s0 +type text/plain then an error occurs. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +For the \fB\-cmsout\fR operation do not output the parsed \s-1CMS\s0 structure. This +is useful when combined with the \fB\-print\fR option or if the syntax of the \s-1CMS\s0 +structure is being checked. +.IP "\fB\-print\fR" 4 +.IX Item "-print" +For the \fB\-cmsout\fR operation print out all fields of the \s-1CMS\s0 structure. This +is mainly useful for testing purposes. +.IP "\fB\-md\fR \fIdigest\fR" 4 +.IX Item "-md digest" +Digest algorithm to use when signing or resigning. If not present then the +default digest algorithm for the signing key will be used (usually \s-1SHA1\s0). +.IP "\fB\-\f(BIcipher\fB\fR" 4 +.IX Item "-cipher" +The encryption algorithm to use. For example triple \s-1DES\s0 (168 bits) \- \fB\-des3\fR +or 256 bit \s-1AES\s0 \- \fB\-aes256\fR. Any standard algorithm name (as used by the +\&\fIEVP_get_cipherbyname()\fR function) can also be used preceded by a dash, for +example \fB\-aes\-128\-cbc\fR. See \fIopenssl\-enc\fR\|(1) for a list of ciphers +supported by your version of OpenSSL. +.Sp +If not specified triple \s-1DES\s0 is used. Only used with \fB\-encrypt\fR and +\&\fB\-EncryptedData_create\fR commands. +.IP "\fB\-nointern\fR" 4 +.IX Item "-nointern" +When verifying a message normally certificates (if any) included in +the message are searched for the signing certificate. With this option +only the certificates specified in the \fB\-certfile\fR option are used. +The supplied certificates can still be used as untrusted CAs however. +.IP "\fB\-noverify\fR" 4 +.IX Item "-noverify" +Do not verify the signers certificate of a signed message. +.IP "\fB\-nocerts\fR" 4 +.IX Item "-nocerts" +When signing a message the signer's certificate is normally included +with this option it is excluded. This will reduce the size of the +signed message but the verifier must have a copy of the signers certificate +available locally (passed using the \fB\-certfile\fR option for example). +.IP "\fB\-noattr\fR" 4 +.IX Item "-noattr" +Normally when a message is signed a set of attributes are included which +include the signing time and supported symmetric algorithms. With this +option they are not included. +.IP "\fB\-nosmimecap\fR" 4 +.IX Item "-nosmimecap" +Exclude the list of supported algorithms from signed attributes, other options +such as signing time and content type are still included. +.IP "\fB\-binary\fR" 4 +.IX Item "-binary" +Normally the input message is converted to \*(L"canonical\*(R" format which is +effectively using \s-1CR\s0 and \s-1LF\s0 as end of line: as required by the S/MIME +specification. When this option is present no translation occurs. This +is useful when handling binary data which may not be in \s-1MIME\s0 format. +.IP "\fB\-crlfeol\fR" 4 +.IX Item "-crlfeol" +Normally the output file uses a single \fB\s-1LF\s0\fR as end of line. When this +option is present \fB\s-1CRLF\s0\fR is used instead. +.IP "\fB\-asciicrlf\fR" 4 +.IX Item "-asciicrlf" +When signing use \s-1ASCII\s0 \s-1CRLF\s0 format canonicalisation. This strips trailing +whitespace from all lines, deletes trailing blank lines at \s-1EOF\s0 and sets +the encapsulated content type. This option is normally used with detached +content and an output signature format of \s-1DER\s0. This option is not normally +needed when verifying as it is enabled automatically if the encapsulated +content format is detected. +.IP "\fB\-nodetach\fR" 4 +.IX Item "-nodetach" +When signing a message use opaque signing: this form is more resistant +to translation by mail relays but it cannot be read by mail agents that +do not support S/MIME. Without this option cleartext signing with +the \s-1MIME\s0 type multipart/signed is used. +.IP "\fB\-certfile\fR \fIfile\fR" 4 +.IX Item "-certfile file" +Allows additional certificates to be specified. When signing these will +be included with the message. When verifying these will be searched for +the signers certificates. The certificates should be in \s-1PEM\s0 format. +.IP "\fB\-certsout\fR \fIfile\fR" 4 +.IX Item "-certsout file" +Any certificates contained in the message are written to \fIfile\fR. +.IP "\fB\-signer\fR \fIfile\fR" 4 +.IX Item "-signer file" +A signing certificate when signing or resigning a message, this option can be +used multiple times if more than one signer is required. If a message is being +verified then the signers certificates will be written to this file if the +verification was successful. +.IP "\fB\-recip\fR \fIfile\fR" 4 +.IX Item "-recip file" +When decrypting a message this specifies the recipients certificate. The +certificate must match one of the recipients of the message or an error +occurs. +.Sp +When encrypting a message this option may be used multiple times to specify +each recipient. This form \fBmust\fR be used if customised parameters are +required (for example to specify RSA-OAEP). +.Sp +Only certificates carrying \s-1RSA\s0, Diffie-Hellman or \s-1EC\s0 keys are supported by this +option. +.IP "\fB\-keyid\fR" 4 +.IX Item "-keyid" +Use subject key identifier to identify certificates instead of issuer name and +serial number. The supplied certificate \fBmust\fR include a subject key +identifier extension. Supported by \fB\-sign\fR and \fB\-encrypt\fR options. +.IP "\fB\-receipt_request_all\fR, \fB\-receipt_request_first\fR" 4 +.IX Item "-receipt_request_all, -receipt_request_first" +For \fB\-sign\fR option include a signed receipt request. Indicate requests should +be provided by all recipient or first tier recipients (those mailed directly +and not from a mailing list). Ignored it \fB\-receipt_request_from\fR is included. +.IP "\fB\-receipt_request_from\fR \fIemailaddress\fR" 4 +.IX Item "-receipt_request_from emailaddress" +For \fB\-sign\fR option include a signed receipt request. Add an explicit email +address where receipts should be supplied. +.IP "\fB\-receipt_request_to\fR \fIemailaddress\fR" 4 +.IX Item "-receipt_request_to emailaddress" +Add an explicit email address where signed receipts should be sent to. This +option \fBmust\fR but supplied if a signed receipt it requested. +.IP "\fB\-receipt_request_print\fR" 4 +.IX Item "-receipt_request_print" +For the \fB\-verify\fR operation print out the contents of any signed receipt +requests. +.IP "\fB\-pwri_password\fR \fIpassword\fR" 4 +.IX Item "-pwri_password password" +Specify password for recipient. +.IP "\fB\-secretkey\fR \fIkey\fR" 4 +.IX Item "-secretkey key" +Specify symmetric key to use. The key must be supplied in hex format and be +consistent with the algorithm used. Supported by the \fB\-EncryptedData_encrypt\fR +\&\fB\-EncryptedData_decrypt\fR, \fB\-encrypt\fR and \fB\-decrypt\fR options. When used +with \fB\-encrypt\fR or \fB\-decrypt\fR the supplied key is used to wrap or unwrap the +content encryption key using an \s-1AES\s0 key in the \fBKEKRecipientInfo\fR type. +.IP "\fB\-secretkeyid\fR \fIid\fR" 4 +.IX Item "-secretkeyid id" +The key identifier for the supplied symmetric key for \fBKEKRecipientInfo\fR type. +This option \fBmust\fR be present if the \fB\-secretkey\fR option is used with +\&\fB\-encrypt\fR. With \fB\-decrypt\fR operations the \fIid\fR is used to locate the +relevant key if it is not supplied then an attempt is used to decrypt any +\&\fBKEKRecipientInfo\fR structures. +.IP "\fB\-econtent_type\fR \fItype\fR" 4 +.IX Item "-econtent_type type" +Set the encapsulated content type to \fItype\fR if not supplied the \fBData\fR type +is used. The \fItype\fR argument can be any valid \s-1OID\s0 name in either text or +numerical format. +.IP "\fB\-inkey\fR \fIfile\fR" 4 +.IX Item "-inkey file" +The private key to use when signing or decrypting. This must match the +corresponding certificate. If this option is not specified then the +private key must be included in the certificate file specified with +the \fB\-recip\fR or \fB\-signer\fR file. When signing this option can be used +multiple times to specify successive keys. +.IP "\fB\-keyopt\fR \fIname\fR:\fIparameter\fR" 4 +.IX Item "-keyopt name:parameter" +For signing and encryption this option can be used multiple times to +set customised parameters for the preceding key or certificate. It can +currently be used to set RSA-PSS for signing, RSA-OAEP for encryption +or to modify default parameters for \s-1ECDH\s0. +.IP "\fB\-passin\fR \fIarg\fR" 4 +.IX Item "-passin arg" +The private key password source. For more information about the format of \fBarg\fR +see \*(L"Pass Phrase Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-to\fR, \fB\-from\fR, \fB\-subject\fR" 4 +.IX Item "-to, -from, -subject" +The relevant mail headers. These are included outside the signed +portion of a message so they may be included manually. If signing +then many S/MIME mail clients check the signers certificate's email +address matches that specified in the From: address. +.IP "\fB\-allow_proxy_certs\fR, \fB\-attime\fR, \fB\-no_check_time\fR, \fB\-check_ss_sig\fR, \fB\-crl_check\fR, \fB\-crl_check_all\fR, \fB\-explicit_policy\fR, \fB\-extended_crl\fR, \fB\-ignore_critical\fR, \fB\-inhibit_any\fR, \fB\-inhibit_map\fR, \fB\-no_alt_chains\fR, \fB\-partial_chain\fR, \fB\-policy\fR, \fB\-policy_check\fR, \fB\-policy_print\fR, \fB\-purpose\fR, \fB\-suiteB_128\fR, \fB\-suiteB_128_only\fR, \fB\-suiteB_192\fR, \fB\-trusted_first\fR, \fB\-use_deltas\fR, \fB\-auth_level\fR, \fB\-verify_depth\fR, \fB\-verify_email\fR, \fB\-verify_hostname\fR, \fB\-verify_ip\fR, \fB\-verify_name\fR, \fB\-x509_strict\fR \fB\-issuer_checks\fR" 4 +.IX Item "-allow_proxy_certs, -attime, -no_check_time, -check_ss_sig, -crl_check, -crl_check_all, -explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, -inhibit_map, -no_alt_chains, -partial_chain, -policy, -policy_check, -policy_print, -purpose, -suiteB_128, -suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, -auth_level, -verify_depth, -verify_email, -verify_hostname, -verify_ip, -verify_name, -x509_strict -issuer_checks" +Set various options of certificate chain verification. +See \*(L"Verification Options\*(R" in \fIopenssl\fR\|(1) for details. +.Sp +Any verification errors cause the command to exit. +.IP "\fB\-CAfile\fR \fIfile\fR, \fB\-no\-CAfile\fR, \fB\-CApath\fR \fIdir\fR, \fB\-no\-CApath\fR, \fB\-CAstore\fR \fIuri\fR, \fB\-no\-CAstore\fR" 4 +.IX Item "-CAfile file, -no-CAfile, -CApath dir, -no-CApath, -CAstore uri, -no-CAstore" +See \*(L"Trusted Certificate Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 +.IX Item "-rand files, -writerand file" +See \*(L"Random State Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +See \*(L"Engine Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fIcert.pem\fR ..." 4 +.IX Item "cert.pem ..." +One or more certificates of message recipients: used when encrypting +a message. +.SH "NOTES" +.IX Header "NOTES" +The \s-1MIME\s0 message must be sent without any blank lines between the +headers and the output. Some mail programs will automatically add +a blank line. Piping the mail directly to sendmail is one way to +achieve the correct format. +.PP +The supplied message to be signed or encrypted must include the +necessary \s-1MIME\s0 headers or many S/MIME clients won't display it +properly (if at all). You can use the \fB\-text\fR option to automatically +add plain text headers. +.PP +A \*(L"signed and encrypted\*(R" message is one where a signed message is +then encrypted. This can be produced by encrypting an already signed +message: see the examples section. +.PP +This version of the program only allows one signer per message but it +will verify multiple signers on received messages. Some S/MIME clients +choke if a message contains multiple signers. It is possible to sign +messages \*(L"in parallel\*(R" by signing an already signed message. +.PP +The options \fB\-encrypt\fR and \fB\-decrypt\fR reflect common usage in S/MIME +clients. Strictly speaking these process \s-1CMS\s0 enveloped data: \s-1CMS\s0 +encrypted data is used for other purposes. +.PP +The \fB\-resign\fR option uses an existing message digest when adding a new +signer. This means that attributes must be present in at least one existing +signer using the same message digest or this operation will fail. +.PP +The \fB\-stream\fR and \fB\-indef\fR options enable streaming I/O support. +As a result the encoding is \s-1BER\s0 using indefinite length constructed encoding +and no longer \s-1DER\s0. Streaming is supported for the \fB\-encrypt\fR operation and the +\&\fB\-sign\fR operation if the content is not detached. +.PP +Streaming is always used for the \fB\-sign\fR operation with detached data but +since the content is no longer part of the \s-1CMS\s0 structure the encoding +remains \s-1DER\s0. +.PP +If the \fB\-decrypt\fR option is used without a recipient certificate then an +attempt is made to locate the recipient by trying each potential recipient +in turn using the supplied private key. To thwart the \s-1MMA\s0 attack +(Bleichenbacher's attack on \s-1PKCS\s0 #1 v1.5 \s-1RSA\s0 padding) all recipients are +tried whether they succeed or not and if no recipients match the message +is \*(L"decrypted\*(R" using a random key which will typically output garbage. +The \fB\-debug_decrypt\fR option can be used to disable the \s-1MMA\s0 attack protection +and return an error if no recipient can be found: this option should be used +with caution. For a fuller description see \fICMS_decrypt\fR\|(3)). +.SH "CADES BASIC ELECTRONIC SIGNATURE (CADES-BES)" +.IX Header "CADES BASIC ELECTRONIC SIGNATURE (CADES-BES)" +A CAdES Basic Electronic Signature (CAdES-BES), as defined in the European Standard \s-1ETSI\s0 \s-1EN\s0 319 122\-1 V1.1.1, contains: +.IP "\(bu" 4 +The signed user data as defined in \s-1CMS\s0 (\s-1RFC\s0 3852); +.IP "\(bu" 4 +Content-type of the EncapsulatedContentInfo value being signed; +.IP "\(bu" 4 +Message-digest of the eContent \s-1OCTET\s0 \s-1STRING\s0 within encapContentInfo being signed; +.IP "\(bu" 4 +An \s-1ESS\s0 signing-certificate or \s-1ESS\s0 signing\-certificate\-v2 attribute, as defined in Enhanced Security Services (\s-1ESS\s0), \s-1RFC\s0 2634 and \s-1RFC\s0 5035. +An \s-1ESS\s0 signing-certificate attribute only allows for the use of \s-1SHA\-1\s0 as a digest algorithm. +An \s-1ESS\s0 signing\-certificate\-v2 attribute allows for the use of any digest algorithm. +.IP "\(bu" 4 +The digital signature value computed on the user data and, when present, on the signed attributes. +.Sp +Note that currently the \fB\-cades\fR option applies only to the \fB\-sign\fR operation and is ignored during +the \fB\-verify\fR operation, i.e. the signing certification is not checked during the verification process. +This feature might be added in a future version. +.SH "EXIT CODES" +.IX Header "EXIT CODES" +.IP "0" 4 +The operation was completely successfully. +.IP "1" 4 +.IX Item "1" +An error occurred parsing the command options. +.IP "2" 4 +.IX Item "2" +One of the input files could not be read. +.IP "3" 4 +.IX Item "3" +An error occurred creating the \s-1CMS\s0 file or when reading the \s-1MIME\s0 +message. +.IP "4" 4 +.IX Item "4" +An error occurred decrypting or verifying the message. +.IP "5" 4 +.IX Item "5" +The message was verified correctly but an error occurred writing out +the signers certificates. +.SH "COMPATIBILITY WITH PKCS#7 FORMAT" +.IX Header "COMPATIBILITY WITH PKCS#7 FORMAT" +\&\fIopenssl\-smime\fR\|(1) can only process the older \fBPKCS#7\fR format. +\&\fBopenssl cms\fR supports Cryptographic Message Syntax format. +Use of some features will result in messages which cannot be processed by +applications which only support the older format. These are detailed below. +.PP +The use of the \fB\-keyid\fR option with \fB\-sign\fR or \fB\-encrypt\fR. +.PP +The \fB\-outform\fR \fI\s-1PEM\s0\fR option uses different headers. +.PP +The \fB\-compress\fR option. +.PP +The \fB\-secretkey\fR option when used with \fB\-encrypt\fR. +.PP +The use of \s-1PSS\s0 with \fB\-sign\fR. +.PP +The use of \s-1OAEP\s0 or non-RSA keys with \fB\-encrypt\fR. +.PP +Additionally the \fB\-EncryptedData_create\fR and \fB\-data_create\fR type cannot +be processed by the older \fIopenssl\-smime\fR\|(1) command. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Create a cleartext signed message: +.PP +.Vb 2 +\& openssl cms \-sign \-in message.txt \-text \-out mail.msg \e +\& \-signer mycert.pem +.Ve +.PP +Create an opaque signed message +.PP +.Vb 2 +\& openssl cms \-sign \-in message.txt \-text \-out mail.msg \-nodetach \e +\& \-signer mycert.pem +.Ve +.PP +Create a signed message, include some additional certificates and +read the private key from another file: +.PP +.Vb 2 +\& openssl cms \-sign \-in in.txt \-text \-out mail.msg \e +\& \-signer mycert.pem \-inkey mykey.pem \-certfile mycerts.pem +.Ve +.PP +Create a signed message with two signers, use key identifier: +.PP +.Vb 2 +\& openssl cms \-sign \-in message.txt \-text \-out mail.msg \e +\& \-signer mycert.pem \-signer othercert.pem \-keyid +.Ve +.PP +Send a signed message under Unix directly to sendmail, including headers: +.PP +.Vb 3 +\& openssl cms \-sign \-in in.txt \-text \-signer mycert.pem \e +\& \-from steve@openssl.org \-to someone@somewhere \e +\& \-subject "Signed message" | sendmail someone@somewhere +.Ve +.PP +Verify a message and extract the signer's certificate if successful: +.PP +.Vb 1 +\& openssl cms \-verify \-in mail.msg \-signer user.pem \-out signedtext.txt +.Ve +.PP +Send encrypted mail using triple \s-1DES:\s0 +.PP +.Vb 3 +\& openssl cms \-encrypt \-in in.txt \-from steve@openssl.org \e +\& \-to someone@somewhere \-subject "Encrypted message" \e +\& \-des3 user.pem \-out mail.msg +.Ve +.PP +Sign and encrypt mail: +.PP +.Vb 4 +\& openssl cms \-sign \-in ml.txt \-signer my.pem \-text \e +\& | openssl cms \-encrypt \-out mail.msg \e +\& \-from steve@openssl.org \-to someone@somewhere \e +\& \-subject "Signed and Encrypted message" \-des3 user.pem +.Ve +.PP +Note: the encryption command does not include the \fB\-text\fR option because the +message being encrypted already has \s-1MIME\s0 headers. +.PP +Decrypt mail: +.PP +.Vb 1 +\& openssl cms \-decrypt \-in mail.msg \-recip mycert.pem \-inkey key.pem +.Ve +.PP +The output from Netscape form signing is a PKCS#7 structure with the +detached signature format. You can use this program to verify the +signature by line wrapping the base64 encoded structure and surrounding +it with: +.PP +.Vb 2 +\& \-\-\-\-\-BEGIN PKCS7\-\-\-\-\- +\& \-\-\-\-\-END PKCS7\-\-\-\-\- +.Ve +.PP +and using the command, +.PP +.Vb 1 +\& openssl cms \-verify \-inform PEM \-in signature.pem \-content content.txt +.Ve +.PP +alternatively you can base64 decode the signature and use +.PP +.Vb 1 +\& openssl cms \-verify \-inform DER \-in signature.der \-content content.txt +.Ve +.PP +Create an encrypted message using 128 bit Camellia: +.PP +.Vb 1 +\& openssl cms \-encrypt \-in plain.txt \-camellia128 \-out mail.msg cert.pem +.Ve +.PP +Add a signer to an existing message: +.PP +.Vb 1 +\& openssl cms \-resign \-in mail.msg \-signer newsign.pem \-out mail2.msg +.Ve +.PP +Sign mail using RSA-PSS: +.PP +.Vb 2 +\& openssl cms \-sign \-in message.txt \-text \-out mail.msg \e +\& \-signer mycert.pem \-keyopt rsa_padding_mode:pss +.Ve +.PP +Create encrypted mail using RSA-OAEP: +.PP +.Vb 2 +\& openssl cms \-encrypt \-in plain.txt \-out mail.msg \e +\& \-recip cert.pem \-keyopt rsa_padding_mode:oaep +.Ve +.PP +Use \s-1SHA256\s0 \s-1KDF\s0 with an \s-1ECDH\s0 certificate: +.PP +.Vb 2 +\& openssl cms \-encrypt \-in plain.txt \-out mail.msg \e +\& \-recip ecdhcert.pem \-keyopt ecdh_kdf_md:sha256 +.Ve +.SH "BUGS" +.IX Header "BUGS" +The \s-1MIME\s0 parser isn't very clever: it seems to handle most messages that I've +thrown at it but it may choke on others. +.PP +The code currently will only write out the signer's certificate to a file: if +the signer has a separate encryption certificate this must be manually +extracted. There should be some heuristic that determines the correct +encryption certificate. +.PP +Ideally a database should be maintained of a certificates for each email +address. +.PP +The code doesn't currently take note of the permitted symmetric encryption +algorithms as supplied in the SMIMECapabilities signed attribute. this means the +user has to manually include the correct encryption algorithm. It should store +the list of permitted ciphers in a database and only use those. +.PP +No revocation checking is done on the signer's certificate. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIossl_store\-file\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The use of multiple \fB\-signer\fR options and the \fB\-resign\fR command were first +added in OpenSSL 1.0.0. +.PP +The \fB\-keyopt\fR option was added in OpenSSL 1.0.2. +.PP +Support for RSA-OAEP and RSA-PSS was added in OpenSSL 1.0.2. +.PP +The use of non-RSA keys with \fB\-encrypt\fR and \fB\-decrypt\fR +was added in OpenSSL 1.0.2. +.PP +The \-no_alt_chains option was added in OpenSSL 1.0.2b. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man1/openssl-crl.1 b/linux_amd64/share/man/man1/openssl-crl.1 new file mode 100755 index 0000000..cfe34c1 --- /dev/null +++ b/linux_amd64/share/man/man1/openssl-crl.1 @@ -0,0 +1,267 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-CRL 1" +.TH OPENSSL-CRL 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-crl \- CRL utility +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBcrl\fR +[\fB\-help\fR] +[\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-key\fR \fIfilename\fR] +[\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1ENGINE\s0\fR] +[\fB\-text\fR] +[\fB\-in\fR \fIfilename\fR] +[\fB\-out\fR \fIfilename\fR] +[\fB\-gendelta\fR \fIfilename\fR] +[\fB\-badsig\fR] +[\fB\-verify\fR] +[\fB\-noout\fR] +[\fB\-hash\fR] +[\fB\-hash_old\fR] +[\fB\-fingerprint\fR] +[\fB\-crlnumber\fR] +[\fB\-issuer\fR] +[\fB\-lastupdate\fR] +[\fB\-nextupdate\fR] +[\fB\-nameopt\fR \fIoption\fR] +[\fB\-CAfile\fR \fIfile\fR] +[\fB\-no\-CAfile\fR] +[\fB\-CApath\fR \fIdir\fR] +[\fB\-no\-CApath\fR] +[\fB\-CAstore\fR \fIuri\fR] +[\fB\-no\-CAstore\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command processes \s-1CRL\s0 files in \s-1DER\s0 or \s-1PEM\s0 format. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR, \fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IX Item "-inform DER|PEM, -outform DER|PEM" +The input and output formats of the \s-1CRL\s0; the default is \fB\s-1PEM\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-key\fR \fIfilename\fR" 4 +.IX Item "-key filename" +The private key to be used to sign the \s-1CRL\s0. +.IP "\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1ENGINE\s0\fR" 4 +.IX Item "-keyform DER|PEM|ENGINE" +The format of the private key file; the default is \fB\s-1PEM\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-in\fR \fIfilename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read from or standard input if this +option is not specified. +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +Specifies the output filename to write to or standard output by +default. +.IP "\fB\-gendelta\fR \fIfilename\fR" 4 +.IX Item "-gendelta filename" +Output a comparison of the main \s-1CRL\s0 and the one specified here. +.IP "\fB\-badsig\fR" 4 +.IX Item "-badsig" +Corrupt the signature before writing it; this can be useful +for testing. +.IP "\fB\-text\fR" 4 +.IX Item "-text" +Print out the \s-1CRL\s0 in text form. +.IP "\fB\-verify\fR" 4 +.IX Item "-verify" +Verify the signature in the \s-1CRL\s0. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +Don't output the encoded version of the \s-1CRL\s0. +.IP "\fB\-fingerprint\fR" 4 +.IX Item "-fingerprint" +Output the fingerprint of the \s-1CRL\s0. +.IP "\fB\-crlnumber\fR" 4 +.IX Item "-crlnumber" +Output the number of the \s-1CRL\s0. +.IP "\fB\-hash\fR" 4 +.IX Item "-hash" +Output a hash of the issuer name. This can be use to lookup CRLs in +a directory by issuer name. +.IP "\fB\-hash_old\fR" 4 +.IX Item "-hash_old" +Outputs the \*(L"hash\*(R" of the \s-1CRL\s0 issuer name using the older algorithm +as used by OpenSSL before version 1.0.0. +.IP "\fB\-issuer\fR" 4 +.IX Item "-issuer" +Output the issuer name. +.IP "\fB\-lastupdate\fR" 4 +.IX Item "-lastupdate" +Output the lastUpdate field. +.IP "\fB\-nextupdate\fR" 4 +.IX Item "-nextupdate" +Output the nextUpdate field. +.IP "\fB\-nameopt\fR \fIoption\fR" 4 +.IX Item "-nameopt option" +This specifies how the subject or issuer names are displayed. +See \*(L"Name Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-CAfile\fR \fIfile\fR, \fB\-no\-CAfile\fR, \fB\-CApath\fR \fIdir\fR, \fB\-no\-CApath\fR, \fB\-CAstore\fR \fIuri\fR, \fB\-no\-CAstore\fR" 4 +.IX Item "-CAfile file, -no-CAfile, -CApath dir, -no-CApath, -CAstore uri, -no-CAstore" +See \*(L"Trusted Certificate Options\*(R" in \fIopenssl\fR\|(1) for details. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Convert a \s-1CRL\s0 file from \s-1PEM\s0 to \s-1DER:\s0 +.PP +.Vb 1 +\& openssl crl \-in crl.pem \-outform DER \-out crl.der +.Ve +.PP +Output the text form of a \s-1DER\s0 encoded certificate: +.PP +.Vb 1 +\& openssl crl \-in crl.der \-inform DER \-text \-noout +.Ve +.SH "BUGS" +.IX Header "BUGS" +Ideally it should be possible to create a \s-1CRL\s0 using appropriate options +and files too. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIopenssl\-crl2pkcs7\fR\|(1), +\&\fIopenssl\-ca\fR\|(1), +\&\fIopenssl\-x509\fR\|(1), +\&\fIossl_store\-file\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man1/openssl-crl2pkcs7.1 b/linux_amd64/share/man/man1/openssl-crl2pkcs7.1 new file mode 100755 index 0000000..0e609cb --- /dev/null +++ b/linux_amd64/share/man/man1/openssl-crl2pkcs7.1 @@ -0,0 +1,217 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-CRL2PKCS7 1" +.TH OPENSSL-CRL2PKCS7 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-crl2pkcs7 \- Create a PKCS#7 structure from a CRL and certificates +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBcrl2pkcs7\fR +[\fB\-help\fR] +[\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-in\fR \fIfilename\fR] +[\fB\-out\fR \fIfilename\fR] +[\fB\-certfile\fR \fIfilename\fR] +[\fB\-nocrl\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command takes an optional \s-1CRL\s0 and one or more +certificates and converts them into a PKCS#7 degenerate \*(L"certificates +only\*(R" structure. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IX Item "-inform DER|PEM" +The input format of the \s-1CRL\s0; the default is \fB\s-1PEM\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IX Item "-outform DER|PEM" +The output format of the PKCS#7 object; the default is \fB\s-1PEM\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-in\fR \fIfilename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read a \s-1CRL\s0 from or standard input if this +option is not specified. +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +Specifies the output filename to write the PKCS#7 structure to or standard +output by default. +.IP "\fB\-certfile\fR \fIfilename\fR" 4 +.IX Item "-certfile filename" +Specifies a filename containing one or more certificates in \fB\s-1PEM\s0\fR format. +All certificates in the file will be added to the PKCS#7 structure. This +option can be used more than once to read certificates form multiple +files. +.IP "\fB\-nocrl\fR" 4 +.IX Item "-nocrl" +Normally a \s-1CRL\s0 is included in the output file. With this option no \s-1CRL\s0 is +included in the output file and a \s-1CRL\s0 is not read from the input file. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Create a PKCS#7 structure from a certificate and \s-1CRL:\s0 +.PP +.Vb 1 +\& openssl crl2pkcs7 \-in crl.pem \-certfile cert.pem \-out p7.pem +.Ve +.PP +Creates a PKCS#7 structure in \s-1DER\s0 format with no \s-1CRL\s0 from several +different certificates: +.PP +.Vb 2 +\& openssl crl2pkcs7 \-nocrl \-certfile newcert.pem +\& \-certfile demoCA/cacert.pem \-outform DER \-out p7.der +.Ve +.SH "NOTES" +.IX Header "NOTES" +The output file is a PKCS#7 signed data structure containing no signers and +just certificates and an optional \s-1CRL\s0. +.PP +This command can be used to send certificates and CAs to Netscape as part of +the certificate enrollment process. This involves sending the \s-1DER\s0 encoded output +as \s-1MIME\s0 type application/x\-x509\-user\-cert. +.PP +The \fB\s-1PEM\s0\fR encoded form with the header and footer lines removed can be used to +install user certificates and CAs in \s-1MSIE\s0 using the Xenroll control. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIopenssl\-pkcs7\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man1/openssl-dgst.1 b/linux_amd64/share/man/man1/openssl-dgst.1 new file mode 100755 index 0000000..e3d4525 --- /dev/null +++ b/linux_amd64/share/man/man1/openssl-dgst.1 @@ -0,0 +1,345 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-DGST 1" +.TH OPENSSL-DGST 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-dgst \- perform digest operations +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBdgst\fR|\fIdigest\fR +[\fB\-\f(BIdigest\fB\fR] +[\fB\-help\fR] +[\fB\-c\fR] +[\fB\-d\fR] +[\fB\-debug\fR] +[\fB\-list\fR] +[\fB\-hex\fR] +[\fB\-binary\fR] +[\fB\-r\fR] +[\fB\-out\fR \fIfilename\fR] +[\fB\-sign\fR \fIfilename\fR] +[\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fBP12\fR|\fB\s-1ENGINE\s0\fR] +[\fB\-passin\fR \fIarg\fR] +[\fB\-verify\fR \fIfilename\fR] +[\fB\-prverify\fR \fIfilename\fR] +[\fB\-signature\fR \fIfilename\fR] +[\fB\-sigopt\fR \fInm\fR:\fIv\fR] +[\fB\-hmac\fR \fIkey\fR] +[\fB\-mac\fR \fIalg\fR] +[\fB\-macopt\fR \fInm\fR:\fIv\fR] +[\fB\-fips\-fingerprint\fR] +[\fB\-engine\fR \fIid\fR] +[\fB\-engine_impl\fR \fIid\fR] +[\fB\-rand\fR \fIfiles\fR] +[\fB\-writerand\fR \fIfile\fR] +[\fIfile\fR ...] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command output the message digest of a supplied file or files +in hexadecimal, and also generates and verifies digital +signatures using message digests. +.PP +The generic name, \fBopenssl dgst\fR, may be used with an option specifying the +algorithm to be used. +The default digest is \fBsha256\fR. +A supported \fIdigest\fR name may also be used as the sub-command name. +To see the list of supported algorithms, use \f(CW\*(C`openssl list \-digest\-commands\*(C'\fR +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-\f(BIdigest\fB\fR" 4 +.IX Item "-digest" +Specifies name of a supported digest to be used. To see the list of +supported digests, use the command \f(CW\*(C`list \-\-digest\-commands\*(C'\fR. +.IP "\fB\-c\fR" 4 +.IX Item "-c" +Print out the digest in two digit groups separated by colons, only relevant if +the \fB\-hex\fR option is given as well. +.IP "\fB\-d\fR, \fB\-debug\fR" 4 +.IX Item "-d, -debug" +Print out \s-1BIO\s0 debugging information. +.IP "\fB\-list\fR" 4 +.IX Item "-list" +Prints out a list of supported message digests. +.IP "\fB\-hex\fR" 4 +.IX Item "-hex" +Digest is to be output as a hex dump. This is the default case for a \*(L"normal\*(R" +digest as opposed to a digital signature. See \s-1NOTES\s0 below for digital +signatures using \fB\-hex\fR. +.IP "\fB\-binary\fR" 4 +.IX Item "-binary" +Output the digest or signature in binary form. +.IP "\fB\-r\fR" 4 +.IX Item "-r" +Output the digest in the \*(L"coreutils\*(R" format, including newlines. +Used by programs like \fIsha1sum\fR\|(1). +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +Filename to output to, or standard output by default. +.IP "\fB\-sign\fR \fIfilename\fR" 4 +.IX Item "-sign filename" +Digitally sign the digest using the private key in \*(L"filename\*(R". Note this option +does not support Ed25519 or Ed448 private keys. Use the \fIopenssl\-pkeyutl\fR\|(1) +command instead for this. +.IP "\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fBP12\fR|\fB\s-1ENGINE\s0\fR" 4 +.IX Item "-keyform DER|PEM|P12|ENGINE" +The format of the key to sign with; the default is \fB\s-1PEM\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-sigopt\fR \fInm\fR:\fIv\fR" 4 +.IX Item "-sigopt nm:v" +Pass options to the signature algorithm during sign or verify operations. +Names and values of these options are algorithm-specific. +.IP "\fB\-passin\fR \fIarg\fR" 4 +.IX Item "-passin arg" +The private key password source. For more information about the format of \fIarg\fR +see \*(L"Pass Phrase Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-verify\fR \fIfilename\fR" 4 +.IX Item "-verify filename" +Verify the signature using the public key in \*(L"filename\*(R". +The output is either \*(L"Verification \s-1OK\s0\*(R" or \*(L"Verification Failure\*(R". +.IP "\fB\-prverify\fR \fIfilename\fR" 4 +.IX Item "-prverify filename" +Verify the signature using the private key in \*(L"filename\*(R". +.IP "\fB\-signature\fR \fIfilename\fR" 4 +.IX Item "-signature filename" +The actual signature to verify. +.IP "\fB\-hmac\fR \fIkey\fR" 4 +.IX Item "-hmac key" +Create a hashed \s-1MAC\s0 using \*(L"key\*(R". +.Sp +The \fIopenssl\-mac\fR\|(1) command should be preferred to using this command line +option. +.IP "\fB\-mac\fR \fIalg\fR" 4 +.IX Item "-mac alg" +Create \s-1MAC\s0 (keyed Message Authentication Code). The most popular \s-1MAC\s0 +algorithm is \s-1HMAC\s0 (hash-based \s-1MAC\s0), but there are other \s-1MAC\s0 algorithms +which are not based on hash, for instance \fBgost-mac\fR algorithm, +supported by the \fBgost\fR engine. \s-1MAC\s0 keys and other options should be set +via \fB\-macopt\fR parameter. +.Sp +The \fIopenssl\-mac\fR\|(1) command should be preferred to using this command line +option. +.IP "\fB\-macopt\fR \fInm\fR:\fIv\fR" 4 +.IX Item "-macopt nm:v" +Passes options to \s-1MAC\s0 algorithm, specified by \fB\-mac\fR key. +Following options are supported by both by \fB\s-1HMAC\s0\fR and \fBgost-mac\fR: +.RS 4 +.IP "\fBkey\fR:\fIstring\fR" 4 +.IX Item "key:string" +Specifies \s-1MAC\s0 key as alphanumeric string (use if key contain printable +characters only). String length must conform to any restrictions of +the \s-1MAC\s0 algorithm for example exactly 32 chars for gost-mac. +.IP "\fBhexkey\fR:\fIstring\fR" 4 +.IX Item "hexkey:string" +Specifies \s-1MAC\s0 key in hexadecimal form (two hex digits per byte). +Key length must conform to any restrictions of the \s-1MAC\s0 algorithm +for example exactly 32 chars for gost-mac. +.RE +.RS 4 +.Sp +The \fIopenssl\-mac\fR\|(1) command should be preferred to using this command line +option. +.RE +.IP "\fB\-fips\-fingerprint\fR" 4 +.IX Item "-fips-fingerprint" +Compute \s-1HMAC\s0 using a specific key for certain OpenSSL-FIPS operations. +.IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 +.IX Item "-rand files, -writerand file" +See \*(L"Random State Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +See \*(L"Engine Options\*(R" in \fIopenssl\fR\|(1). +The engine is not used for digests unless the \fB\-engine_impl\fR option is +used or it is configured to do so, see \*(L"Engine Configuration Module\*(R" in \fIconfig\fR\|(5). +.IP "\fB\-engine_impl\fR \fIid\fR" 4 +.IX Item "-engine_impl id" +When used with the \fB\-engine\fR option, it specifies to also use +engine \fIid\fR for digest operations. +.IP "\fIfile\fR ..." 4 +.IX Item "file ..." +File or files to digest. If no files are specified then standard input is +used. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +To create a hex-encoded message digest of a file: + openssl dgst \-md5 \-hex file.txt +.PP +To sign a file using \s-1SHA\-256\s0 with binary file output: + openssl dgst \-sha256 \-sign privatekey.pem \-out signature.sign file.txt +.PP +To verify a signature: + openssl dgst \-sha256 \-verify publickey.pem \e + \-signature signature.sign \e + file.txt +.SH "NOTES" +.IX Header "NOTES" +The digest mechanisms that are available will depend on the options +used when building OpenSSL. +The \f(CW\*(C`openssl list \-digest\-commands\*(C'\fR command can be used to list them. +.PP +New or agile applications should use probably use \s-1SHA\-256\s0. Other digests, +particularly \s-1SHA\-1\s0 and \s-1MD5\s0, are still widely used for interoperating +with existing formats and protocols. +.PP +When signing a file, this command will automatically determine the algorithm +(\s-1RSA\s0, \s-1ECC\s0, etc) to use for signing based on the private key's \s-1ASN\s0.1 info. +When verifying signatures, it only handles the \s-1RSA\s0, \s-1DSA\s0, or \s-1ECDSA\s0 signature +itself, not the related data to identify the signer and algorithm used in +formats such as x.509, \s-1CMS\s0, and S/MIME. +.PP +A source of random numbers is required for certain signing algorithms, in +particular \s-1ECDSA\s0 and \s-1DSA\s0. +.PP +The signing and verify options should only be used if a single file is +being signed or verified. +.PP +Hex signatures cannot be verified using \fBopenssl\fR. Instead, use \*(L"xxd \-r\*(R" +or similar program to transform the hex signature into a binary signature +prior to verification. +.PP +The \fIopenssl\-mac\fR\|(1) command is preferred over the \fB\-hmac\fR, \fB\-mac\fR and +\&\fB\-macopt\fR command line options. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\-mac\fR\|(1) +.SH "HISTORY" +.IX Header "HISTORY" +The default digest was changed from \s-1MD5\s0 to \s-1SHA256\s0 in OpenSSL 1.1.0. +The FIPS-related options were removed in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man1/openssl-dhparam.1 b/linux_amd64/share/man/man1/openssl-dhparam.1 new file mode 100755 index 0000000..395a809 --- /dev/null +++ b/linux_amd64/share/man/man1/openssl-dhparam.1 @@ -0,0 +1,251 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-DHPARAM 1" +.TH OPENSSL-DHPARAM 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-dhparam \- DH parameter manipulation and generation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl dhparam\fR +[\fB\-help\fR] +[\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-in\fR \fIfilename\fR] +[\fB\-out\fR \fIfilename\fR] +[\fB\-dsaparam\fR] +[\fB\-check\fR] +[\fB\-noout\fR] +[\fB\-text\fR] +[\fB\-C\fR] +[\fB\-2\fR] +[\fB\-3\fR] +[\fB\-5\fR] +[\fB\-engine\fR \fIid\fR] +[\fB\-rand\fR \fIfiles\fR] +[\fB\-writerand\fR \fIfile\fR] +[\fInumbits\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command has been deprecated. +The \fIopenssl\-pkeyparam\fR\|(1) command should be used instead. +.PP +This command is used to manipulate \s-1DH\s0 parameter files. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR, \fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IX Item "-inform DER|PEM, -outform DER|PEM" +The input format and output format; the default is \fB\s-1PEM\s0\fR. +The object is compatible with the PKCS#3 \fBDHparameter\fR structure. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-in\fR \fIfilename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read parameters from or standard input if +this option is not specified. +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +This specifies the output filename parameters to. Standard output is used +if this option is not present. The output filename should \fBnot\fR be the same +as the input filename. +.IP "\fB\-dsaparam\fR" 4 +.IX Item "-dsaparam" +If this option is used, \s-1DSA\s0 rather than \s-1DH\s0 parameters are read or created; +they are converted to \s-1DH\s0 format. Otherwise, \*(L"strong\*(R" primes (such +that (p\-1)/2 is also prime) will be used for \s-1DH\s0 parameter generation. +.Sp +\&\s-1DH\s0 parameter generation with the \fB\-dsaparam\fR option is much faster, +and the recommended exponent length is shorter, which makes \s-1DH\s0 key +exchange more efficient. Beware that with such DSA-style \s-1DH\s0 +parameters, a fresh \s-1DH\s0 key should be created for each use to +avoid small-subgroup attacks that may be possible otherwise. +.IP "\fB\-check\fR" 4 +.IX Item "-check" +Performs numerous checks to see if the supplied parameters are valid and +displays a warning if not. +.IP "\fB\-2\fR, \fB\-3\fR, \fB\-5\fR" 4 +.IX Item "-2, -3, -5" +The generator to use, either 2, 3 or 5. If present then the +input file is ignored and parameters are generated instead. If not +present but \fInumbits\fR is present, parameters are generated with the +default generator 2. +.IP "\fInumbits\fR" 4 +.IX Item "numbits" +This option specifies that a parameter set should be generated of size +\&\fInumbits\fR. It must be the last option. If this option is present then +the input file is ignored and parameters are generated instead. If +this option is not present but a generator (\fB\-2\fR, \fB\-3\fR or \fB\-5\fR) is +present, parameters are generated with a default length of 2048 bits. +The minimim length is 512 bits. The maximum length is 10000 bits. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +This option inhibits the output of the encoded version of the parameters. +.IP "\fB\-text\fR" 4 +.IX Item "-text" +This option prints out the \s-1DH\s0 parameters in human readable form. +.IP "\fB\-C\fR" 4 +.IX Item "-C" +This option converts the parameters into C code. The parameters can then +be loaded by calling the \fIget_dhNNNN()\fR function. +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +See \*(L"Engine Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 +.IX Item "-rand files, -writerand file" +See \*(L"Random State Options\*(R" in \fIopenssl\fR\|(1) for details. +.SH "NOTES" +.IX Header "NOTES" +This command replaces the \fBdh\fR and \fBgendh\fR commands of previous +releases. +.PP +OpenSSL currently only supports the older PKCS#3 \s-1DH\s0, not the newer X9.42 +\&\s-1DH\s0. +.PP +This command manipulates \s-1DH\s0 parameters not keys. +.SH "BUGS" +.IX Header "BUGS" +There should be a way to generate and manipulate \s-1DH\s0 keys. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIopenssl\-pkeyparam\fR\|(1), +\&\fIopenssl\-dsaparam\fR\|(1) +.SH "HISTORY" +.IX Header "HISTORY" +This command was deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man1/openssl-dsa.1 b/linux_amd64/share/man/man1/openssl-dsa.1 new file mode 100755 index 0000000..3ffabde --- /dev/null +++ b/linux_amd64/share/man/man1/openssl-dsa.1 @@ -0,0 +1,284 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-DSA 1" +.TH OPENSSL-DSA 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-dsa \- DSA key processing +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBdsa\fR +[\fB\-help\fR] +[\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-in\fR \fIfilename\fR] +[\fB\-passin\fR \fIarg\fR] +[\fB\-out\fR \fIfilename\fR] +[\fB\-passout\fR \fIarg\fR] +[\fB\-aes128\fR] +[\fB\-aes192\fR] +[\fB\-aes256\fR] +[\fB\-aria128\fR] +[\fB\-aria192\fR] +[\fB\-aria256\fR] +[\fB\-camellia128\fR] +[\fB\-camellia192\fR] +[\fB\-camellia256\fR] +[\fB\-des\fR] +[\fB\-des3\fR] +[\fB\-idea\fR] +[\fB\-text\fR] +[\fB\-noout\fR] +[\fB\-modulus\fR] +[\fB\-pubin\fR] +[\fB\-pubout\fR] +[\fB\-engine\fR \fIid\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command has been deprecated. +The \fIopenssl\-pkey\fR\|(1) command should be used instead. +.PP +This command processes \s-1DSA\s0 keys. They can be converted between various +forms and their components printed out. \fBNote\fR This command uses the +traditional SSLeay compatible format for private key encryption: newer +applications should use the more secure PKCS#8 format using the \fBpkcs8\fR +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR, \fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IX Item "-inform DER|PEM, -outform DER|PEM" +The input and formats; the default is \fB\s-1PEM\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.Sp +Private keys are a sequence of \fB\s-1ASN\s0.1 \s-1INTEGERS\s0\fR: the version (zero), \fBp\fR, +\&\fBq\fR, \fBg\fR, and the public and and private key components. Public keys +are a \fBSubjectPublicKeyInfo\fR structure with the \fB\s-1DSA\s0\fR type. +.Sp +The \fB\s-1PEM\s0\fR format also accepts PKCS#8 data. +.IP "\fB\-in\fR \fIfilename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read a key from or standard input if this +option is not specified. If the key is encrypted a pass phrase will be +prompted for. +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +This specifies the output filename to write a key to or standard output by +is not specified. If any encryption options are set then a pass phrase will be +prompted for. The output filename should \fBnot\fR be the same as the input +filename. +.IP "\fB\-passin\fR \fIarg\fR, \fB\-passout\fR \fIarg\fR" 4 +.IX Item "-passin arg, -passout arg" +The password source for the input and output file. +For more information about the format of \fBarg\fR +see \*(L"Pass Phrase Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-aes128\fR, \fB\-aes192\fR, \fB\-aes256\fR, \fB\-aria128\fR, \fB\-aria192\fR, \fB\-aria256\fR, \fB\-camellia128\fR, \fB\-camellia192\fR, \fB\-camellia256\fR, \fB\-des\fR, \fB\-des3\fR, \fB\-idea\fR" 4 +.IX Item "-aes128, -aes192, -aes256, -aria128, -aria192, -aria256, -camellia128, -camellia192, -camellia256, -des, -des3, -idea" +These options encrypt the private key with the specified +cipher before outputting it. A pass phrase is prompted for. +If none of these options is specified the key is written in plain text. This +means that this command can be used to remove the pass phrase from a key +by not giving any encryption option is given, or to add or change the pass +phrase by setting them. +These options can only be used with \s-1PEM\s0 format output files. +.IP "\fB\-text\fR" 4 +.IX Item "-text" +Prints out the public, private key components and parameters. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +This option prevents output of the encoded version of the key. +.IP "\fB\-modulus\fR" 4 +.IX Item "-modulus" +This option prints out the value of the public key component of the key. +.IP "\fB\-pubin\fR" 4 +.IX Item "-pubin" +By default, a private key is read from the input file. With this option a +public key is read instead. +.IP "\fB\-pubout\fR" 4 +.IX Item "-pubout" +By default, a private key is output. With this option a public +key will be output instead. This option is automatically set if the input is +a public key. +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +See \*(L"Engine Options\*(R" in \fIopenssl\fR\|(1). +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Examples equivalent to these can be found in the documentation for the +non-deprecated \fIopenssl\-pkey\fR\|(1) command. +.PP +To remove the pass phrase on a \s-1DSA\s0 private key: +.PP +.Vb 1 +\& openssl dsa \-in key.pem \-out keyout.pem +.Ve +.PP +To encrypt a private key using triple \s-1DES:\s0 +.PP +.Vb 1 +\& openssl dsa \-in key.pem \-des3 \-out keyout.pem +.Ve +.PP +To convert a private key from \s-1PEM\s0 to \s-1DER\s0 format: +.PP +.Vb 1 +\& openssl dsa \-in key.pem \-outform DER \-out keyout.der +.Ve +.PP +To print out the components of a private key to standard output: +.PP +.Vb 1 +\& openssl dsa \-in key.pem \-text \-noout +.Ve +.PP +To just output the public part of a private key: +.PP +.Vb 1 +\& openssl dsa \-in key.pem \-pubout \-out pubkey.pem +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIopenssl\-pkey\fR\|(1), +\&\fIopenssl\-dsaparam\fR\|(1), +\&\fIopenssl\-gendsa\fR\|(1), +\&\fIopenssl\-rsa\fR\|(1), +\&\fIopenssl\-genrsa\fR\|(1) +.SH "HISTORY" +.IX Header "HISTORY" +This command was deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man1/openssl-dsaparam.1 b/linux_amd64/share/man/man1/openssl-dsaparam.1 new file mode 100755 index 0000000..8a74344 --- /dev/null +++ b/linux_amd64/share/man/man1/openssl-dsaparam.1 @@ -0,0 +1,228 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-DSAPARAM 1" +.TH OPENSSL-DSAPARAM 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-dsaparam \- DSA parameter manipulation and generation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl dsaparam\fR +[\fB\-help\fR] +[\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-in\fR \fIfilename\fR] +[\fB\-out\fR \fIfilename\fR] +[\fB\-noout\fR] +[\fB\-text\fR] +[\fB\-C\fR] +[\fB\-genkey\fR] +[\fB\-verbose\fR] +[\fB\-rand\fR \fIfiles\fR] +[\fB\-writerand\fR \fIfile\fR] +[\fB\-engine\fR \fIid\fR] +[\fInumbits\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command has been deprecated. +The \fIopenssl\-pkeyparam\fR\|(1) command should be used instead. +.PP +This command is used to manipulate or generate \s-1DSA\s0 parameter files. +.PP +\&\s-1DSA\s0 parameter generation can be a slow process and as a result the same set of +\&\s-1DSA\s0 parameters is often used to generate several distinct keys. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR, \fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IX Item "-inform DER|PEM, -outform DER|PEM" +The input and formats; the default is \fB\s-1PEM\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.Sp +Parameters are a sequence of \fB\s-1ASN\s0.1 \s-1INTEGER\s0\fRs: \fBp\fR, \fBq\fR, and \fBg\fR. +This is compatible with \s-1RFC\s0 2459 \fBDSS-Parms\fR structure. +.IP "\fB\-in\fR \fIfilename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read parameters from or standard input if +this option is not specified. If the \fInumbits\fR parameter is included then +this option will be ignored. +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +This specifies the output filename parameters to. Standard output is used +if this option is not present. The output filename should \fBnot\fR be the same +as the input filename. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +This option inhibits the output of the encoded version of the parameters. +.IP "\fB\-text\fR" 4 +.IX Item "-text" +This option prints out the \s-1DSA\s0 parameters in human readable form. +.IP "\fB\-C\fR" 4 +.IX Item "-C" +This option converts the parameters into C code. The parameters can then +be loaded by calling the \fIget_dsaXXX()\fR function. +.IP "\fB\-genkey\fR" 4 +.IX Item "-genkey" +This option will generate a \s-1DSA\s0 either using the specified or generated +parameters. +.IP "\fB\-verbose\fR" 4 +.IX Item "-verbose" +Print extra details about the operations being performed. +.IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 +.IX Item "-rand files, -writerand file" +See \*(L"Random State Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +See \*(L"Engine Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fInumbits\fR" 4 +.IX Item "numbits" +This option specifies that a parameter set should be generated of size +\&\fInumbits\fR. It must be the last option. If this option is included then +the input file (if any) is ignored. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIopenssl\-pkeyparam\fR\|(1), +\&\fIopenssl\-gendsa\fR\|(1), +\&\fIopenssl\-dsa\fR\|(1), +\&\fIopenssl\-genrsa\fR\|(1), +\&\fIopenssl\-rsa\fR\|(1) +.SH "HISTORY" +.IX Header "HISTORY" +This command was deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man1/openssl-ec.1 b/linux_amd64/share/man/man1/openssl-ec.1 new file mode 100755 index 0000000..4792623 --- /dev/null +++ b/linux_amd64/share/man/man1/openssl-ec.1 @@ -0,0 +1,304 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-EC 1" +.TH OPENSSL-EC 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-ec \- EC key processing +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBec\fR +[\fB\-help\fR] +[\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-in\fR \fIfilename\fR] +[\fB\-passin\fR \fIarg\fR] +[\fB\-out\fR \fIfilename\fR] +[\fB\-passout\fR \fIarg\fR] +[\fB\-des\fR] +[\fB\-des3\fR] +[\fB\-idea\fR] +[\fB\-text\fR] +[\fB\-noout\fR] +[\fB\-param_out\fR] +[\fB\-pubin\fR] +[\fB\-pubout\fR] +[\fB\-conv_form\fR \fIarg\fR] +[\fB\-param_enc\fR \fIarg\fR] +[\fB\-no_public\fR] +[\fB\-check\fR] +[\fB\-engine\fR \fIid\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command has been deprecated. +The \fIopenssl\-pkey\fR\|(1) command should be used instead. +.PP +The \fIopenssl\-ec\fR\|(1) command processes \s-1EC\s0 keys. They can be converted between +various forms and their components printed out. \fBNote\fR OpenSSL uses the +private key format specified in '\s-1SEC\s0 1: Elliptic Curve Cryptography' +(http://www.secg.org/). To convert an OpenSSL \s-1EC\s0 private key into the +PKCS#8 private key format use the \fIopenssl\-pkcs8\fR\|(1) command. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR, \fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IX Item "-inform DER|PEM, -outform DER|PEM" +The input and formats; the default is \fB\s-1PEM\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.Sp +Private keys are an \s-1SEC1\s0 private key or PKCS#8 format. +Public keys are a \fBSubjectPublicKeyInfo\fR as specified in \s-1IETF\s0 \s-1RFC\s0 3280. +.IP "\fB\-in\fR \fIfilename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read a key from or standard input if this +option is not specified. If the key is encrypted a pass phrase will be +prompted for. +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +This specifies the output filename to write a key to or standard output by +is not specified. If any encryption options are set then a pass phrase will be +prompted for. The output filename should \fBnot\fR be the same as the input +filename. +.IP "\fB\-passin\fR \fIarg\fR, \fB\-passout\fR \fIarg\fR" 4 +.IX Item "-passin arg, -passout arg" +The password source for the input and output file. +For more information about the format of \fBarg\fR +see \*(L"Pass Phrase Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-des\fR|\fB\-des3\fR|\fB\-idea\fR" 4 +.IX Item "-des|-des3|-idea" +These options encrypt the private key with the \s-1DES\s0, triple \s-1DES\s0, \s-1IDEA\s0 or +any other cipher supported by OpenSSL before outputting it. A pass phrase is +prompted for. +If none of these options is specified the key is written in plain text. This +means that using this command to read in an encrypted key with no +encryption option can be used to remove the pass phrase from a key, or by +setting the encryption options it can be use to add or change the pass phrase. +These options can only be used with \s-1PEM\s0 format output files. +.IP "\fB\-text\fR" 4 +.IX Item "-text" +Prints out the public, private key components and parameters. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +This option prevents output of the encoded version of the key. +.IP "\fB\-pubin\fR" 4 +.IX Item "-pubin" +By default, a private key is read from the input file. With this option a +public key is read instead. +.IP "\fB\-pubout\fR" 4 +.IX Item "-pubout" +By default a private key is output. With this option a public +key will be output instead. This option is automatically set if the input is +a public key. +.IP "\fB\-conv_form\fR \fIarg\fR" 4 +.IX Item "-conv_form arg" +This specifies how the points on the elliptic curve are converted +into octet strings. Possible values are: \fBcompressed\fR (the default +value), \fBuncompressed\fR and \fBhybrid\fR. For more information regarding +the point conversion forms please read the X9.62 standard. +\&\fBNote\fR Due to patent issues the \fBcompressed\fR option is disabled +by default for binary curves and can be enabled by defining +the preprocessor macro \fB\s-1OPENSSL_EC_BIN_PT_COMP\s0\fR at compile time. +.IP "\fB\-param_enc\fR \fIarg\fR" 4 +.IX Item "-param_enc arg" +This specifies how the elliptic curve parameters are encoded. +Possible value are: \fBnamed_curve\fR, i.e. the ec parameters are +specified by an \s-1OID\s0, or \fBexplicit\fR where the ec parameters are +explicitly given (see \s-1RFC\s0 3279 for the definition of the +\&\s-1EC\s0 parameters structures). The default value is \fBnamed_curve\fR. +\&\fBNote\fR the \fBimplicitlyCA\fR alternative, as specified in \s-1RFC\s0 3279, +is currently not implemented in OpenSSL. +.IP "\fB\-no_public\fR" 4 +.IX Item "-no_public" +This option omits the public key components from the private key output. +.IP "\fB\-check\fR" 4 +.IX Item "-check" +This option checks the consistency of an \s-1EC\s0 private or public key. +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +See \*(L"Engine Options\*(R" in \fIopenssl\fR\|(1). +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Examples equivalent to these can be found in the documentation for the +non-deprecated \fIopenssl\-pkey\fR\|(1) command. +.PP +To encrypt a private key using triple \s-1DES:\s0 +.PP +.Vb 1 +\& openssl ec \-in key.pem \-des3 \-out keyout.pem +.Ve +.PP +To convert a private key from \s-1PEM\s0 to \s-1DER\s0 format: +.PP +.Vb 1 +\& openssl ec \-in key.pem \-outform DER \-out keyout.der +.Ve +.PP +To print out the components of a private key to standard output: +.PP +.Vb 1 +\& openssl ec \-in key.pem \-text \-noout +.Ve +.PP +To just output the public part of a private key: +.PP +.Vb 1 +\& openssl ec \-in key.pem \-pubout \-out pubkey.pem +.Ve +.PP +To change the parameters encoding to \fBexplicit\fR: +.PP +.Vb 1 +\& openssl ec \-in key.pem \-param_enc explicit \-out keyout.pem +.Ve +.PP +To change the point conversion form to \fBcompressed\fR: +.PP +.Vb 1 +\& openssl ec \-in key.pem \-conv_form compressed \-out keyout.pem +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIopenssl\-pkey\fR\|(1), +\&\fIopenssl\-ecparam\fR\|(1), +\&\fIopenssl\-dsa\fR\|(1), +\&\fIopenssl\-rsa\fR\|(1) +.SH "HISTORY" +.IX Header "HISTORY" +This command was deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2003\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man1/openssl-ecparam.1 b/linux_amd64/share/man/man1/openssl-ecparam.1 new file mode 100755 index 0000000..ad16ae7 --- /dev/null +++ b/linux_amd64/share/man/man1/openssl-ecparam.1 @@ -0,0 +1,298 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-ECPARAM 1" +.TH OPENSSL-ECPARAM 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-ecparam \- EC parameter manipulation and generation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl ecparam\fR +[\fB\-help\fR] +[\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-in\fR \fIfilename\fR] +[\fB\-out\fR \fIfilename\fR] +[\fB\-noout\fR] +[\fB\-text\fR] +[\fB\-C\fR] +[\fB\-check\fR] +[\fB\-check_named\fR] +[\fB\-name\fR \fIarg\fR] +[\fB\-list_curves\fR] +[\fB\-conv_form\fR \fIarg\fR] +[\fB\-param_enc\fR \fIarg\fR] +[\fB\-no_seed\fR] +[\fB\-genkey\fR] +[\fB\-engine\fR \fIid\fR] +[\fB\-rand\fR \fIfiles\fR] +[\fB\-writerand\fR \fIfile\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command has been deprecated. +The \fIopenssl\-genpkey\fR\|(1) and \fIopenssl\-pkeyparam\fR\|(1) commands +should be used instead. +.PP +This command is used to manipulate or generate \s-1EC\s0 parameter files. +.PP +OpenSSL is currently not able to generate new groups and therefore +this command can only create \s-1EC\s0 parameters from known (named) curves. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR, \fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IX Item "-inform DER|PEM, -outform DER|PEM" +The input and formats; the default is \fB\s-1PEM\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.Sp +Parameters are encoded as \fBEcpkParameters\fR as specified in \s-1IETF\s0 \s-1RFC\s0 3279. +.IP "\fB\-in\fR \fIfilename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read parameters from or standard input if +this option is not specified. +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +This specifies the output filename parameters to. Standard output is used +if this option is not present. The output filename should \fBnot\fR be the same +as the input filename. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +This option inhibits the output of the encoded version of the parameters. +.IP "\fB\-text\fR" 4 +.IX Item "-text" +This option prints out the \s-1EC\s0 parameters in human readable form. +.IP "\fB\-C\fR" 4 +.IX Item "-C" +This option converts the \s-1EC\s0 parameters into C code. The parameters can then +be loaded by calling the \fIget_ec_group_XXX()\fR function. +.IP "\fB\-check\fR" 4 +.IX Item "-check" +Validate the elliptic curve parameters. +.IP "\fB\-check_named\fR" 4 +.IX Item "-check_named" +Validate the elliptic name curve parameters by checking if the curve parameters +match any built-in curves. +.IP "\fB\-name\fR \fIarg\fR" 4 +.IX Item "-name arg" +Use the \s-1EC\s0 parameters with the specified 'short' name. Use \fB\-list_curves\fR +to get a list of all currently implemented \s-1EC\s0 parameters. +.IP "\fB\-list_curves\fR" 4 +.IX Item "-list_curves" +Print out a list of all currently implemented \s-1EC\s0 parameters names and exit. +.IP "\fB\-conv_form\fR \fIarg\fR" 4 +.IX Item "-conv_form arg" +This specifies how the points on the elliptic curve are converted +into octet strings. Possible values are: \fBcompressed\fR, \fBuncompressed\fR (the +default value) and \fBhybrid\fR. For more information regarding +the point conversion forms please read the X9.62 standard. +\&\fBNote\fR Due to patent issues the \fBcompressed\fR option is disabled +by default for binary curves and can be enabled by defining +the preprocessor macro \fB\s-1OPENSSL_EC_BIN_PT_COMP\s0\fR at compile time. +.IP "\fB\-param_enc\fR \fIarg\fR" 4 +.IX Item "-param_enc arg" +This specifies how the elliptic curve parameters are encoded. +Possible value are: \fBnamed_curve\fR, i.e. the ec parameters are +specified by an \s-1OID\s0, or \fBexplicit\fR where the ec parameters are +explicitly given (see \s-1RFC\s0 3279 for the definition of the +\&\s-1EC\s0 parameters structures). The default value is \fBnamed_curve\fR. +\&\fBNote\fR the \fBimplicitlyCA\fR alternative, as specified in \s-1RFC\s0 3279, +is currently not implemented in OpenSSL. +.IP "\fB\-no_seed\fR" 4 +.IX Item "-no_seed" +This option inhibits that the 'seed' for the parameter generation +is included in the ECParameters structure (see \s-1RFC\s0 3279). +.IP "\fB\-genkey\fR" 4 +.IX Item "-genkey" +This option will generate an \s-1EC\s0 private key using the specified parameters. +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +See \*(L"Engine Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 +.IX Item "-rand files, -writerand file" +See \*(L"Random State Options\*(R" in \fIopenssl\fR\|(1) for details. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Examples equivalent to these can be found in the documentation for the +non-deprecated \fIopenssl\-genpkey\fR\|(1) and \fIopenssl\-pkeyparam\fR\|(1) commands. +.PP +To create \s-1EC\s0 parameters with the group 'prime192v1': +.PP +.Vb 1 +\& openssl ecparam \-out ec_param.pem \-name prime192v1 +.Ve +.PP +To create \s-1EC\s0 parameters with explicit parameters: +.PP +.Vb 1 +\& openssl ecparam \-out ec_param.pem \-name prime192v1 \-param_enc explicit +.Ve +.PP +To validate given \s-1EC\s0 parameters: +.PP +.Vb 1 +\& openssl ecparam \-in ec_param.pem \-check +.Ve +.PP +To create \s-1EC\s0 parameters and a private key: +.PP +.Vb 1 +\& openssl ecparam \-out ec_key.pem \-name prime192v1 \-genkey +.Ve +.PP +To change the point encoding to 'compressed': +.PP +.Vb 1 +\& openssl ecparam \-in ec_in.pem \-out ec_out.pem \-conv_form compressed +.Ve +.PP +To print out the \s-1EC\s0 parameters to standard output: +.PP +.Vb 1 +\& openssl ecparam \-in ec_param.pem \-noout \-text +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIopenssl\-pkeyparam\fR\|(1), +\&\fIopenssl\-genpkey\fR\|(1), +\&\fIopenssl\-ec\fR\|(1), +\&\fIopenssl\-dsaparam\fR\|(1) +.SH "HISTORY" +.IX Header "HISTORY" +This command was deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2003\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man1/openssl-enc.1 b/linux_amd64/share/man/man1/openssl-enc.1 new file mode 100755 index 0000000..4da47e1 --- /dev/null +++ b/linux_amd64/share/man/man1/openssl-enc.1 @@ -0,0 +1,535 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-ENC 1" +.TH OPENSSL-ENC 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-enc \- symmetric cipher routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBenc\fR|\fIcipher\fR +[\fB\-\f(BIcipher\fB\fR] +[\fB\-help\fR] +[\fB\-list\fR] +[\fB\-ciphers\fR] +[\fB\-in\fR \fIfilename\fR] +[\fB\-out\fR \fIfilename\fR] +[\fB\-pass\fR \fIarg\fR] +[\fB\-e\fR] +[\fB\-d\fR] +[\fB\-a\fR] +[\fB\-base64\fR] +[\fB\-A\fR] +[\fB\-k\fR \fIpassword\fR] +[\fB\-kfile\fR \fIfilename\fR] +[\fB\-K\fR \fIkey\fR] +[\fB\-iv\fR \fI\s-1IV\s0\fR] +[\fB\-S\fR \fIsalt\fR] +[\fB\-salt\fR] +[\fB\-nosalt\fR] +[\fB\-z\fR] +[\fB\-md\fR \fIdigest\fR] +[\fB\-iter\fR \fIcount\fR] +[\fB\-pbkdf2\fR] +[\fB\-p\fR] +[\fB\-P\fR] +[\fB\-bufsize\fR \fInumber\fR] +[\fB\-nopad\fR] +[\fB\-v\fR] +[\fB\-debug\fR] +[\fB\-none\fR] +[\fB\-engine\fR \fIid\fR] +[\fB\-rand\fR \fIfiles\fR] +[\fB\-writerand\fR \fIfile\fR] +.PP +\&\fBopenssl\fR \fIcipher\fR [\fB...\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The symmetric cipher commands allow data to be encrypted or decrypted +using various block and stream ciphers using keys based on passwords +or explicitly provided. Base64 encoding or decoding can also be performed +either by itself or in addition to the encryption or decryption. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-list\fR" 4 +.IX Item "-list" +List all supported ciphers. +.IP "\fB\-ciphers\fR" 4 +.IX Item "-ciphers" +Alias of \-list to display all supported ciphers. +.IP "\fB\-in\fR \fIfilename\fR" 4 +.IX Item "-in filename" +The input filename, standard input by default. +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +The output filename, standard output by default. +.IP "\fB\-pass\fR \fIarg\fR" 4 +.IX Item "-pass arg" +The password source. For more information about the format of \fIarg\fR +see \*(L"Pass Phrase Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-e\fR" 4 +.IX Item "-e" +Encrypt the input data: this is the default. +.IP "\fB\-d\fR" 4 +.IX Item "-d" +Decrypt the input data. +.IP "\fB\-a\fR" 4 +.IX Item "-a" +Base64 process the data. This means that if encryption is taking place +the data is base64 encoded after encryption. If decryption is set then +the input data is base64 decoded before being decrypted. +.IP "\fB\-base64\fR" 4 +.IX Item "-base64" +Same as \fB\-a\fR +.IP "\fB\-A\fR" 4 +.IX Item "-A" +If the \fB\-a\fR option is set then base64 process the data on one line. +.IP "\fB\-k\fR \fIpassword\fR" 4 +.IX Item "-k password" +The password to derive the key from. This is for compatibility with previous +versions of OpenSSL. Superseded by the \fB\-pass\fR argument. +.IP "\fB\-kfile\fR \fIfilename\fR" 4 +.IX Item "-kfile filename" +Read the password to derive the key from the first line of \fIfilename\fR. +This is for compatibility with previous versions of OpenSSL. Superseded by +the \fB\-pass\fR argument. +.IP "\fB\-md\fR \fIdigest\fR" 4 +.IX Item "-md digest" +Use the specified digest to create the key from the passphrase. +The default algorithm is sha\-256. +.IP "\fB\-iter\fR \fIcount\fR" 4 +.IX Item "-iter count" +Use a given number of iterations on the password in deriving the encryption key. +High values increase the time required to brute-force the resulting file. +This option enables the use of \s-1PBKDF2\s0 algorithm to derive the key. +.IP "\fB\-pbkdf2\fR" 4 +.IX Item "-pbkdf2" +Use \s-1PBKDF2\s0 algorithm with default iteration count unless otherwise specified. +.IP "\fB\-nosalt\fR" 4 +.IX Item "-nosalt" +Don't use a salt in the key derivation routines. This option \fB\s-1SHOULD\s0 \s-1NOT\s0\fR be +used except for test purposes or compatibility with ancient versions of +OpenSSL. +.IP "\fB\-salt\fR" 4 +.IX Item "-salt" +Use salt (randomly generated or provide with \fB\-S\fR option) when +encrypting, this is the default. +.IP "\fB\-S\fR \fIsalt\fR" 4 +.IX Item "-S salt" +The actual salt to use: this must be represented as a string of hex digits. +.IP "\fB\-K\fR \fIkey\fR" 4 +.IX Item "-K key" +The actual key to use: this must be represented as a string comprised only +of hex digits. If only the key is specified, the \s-1IV\s0 must additionally specified +using the \fB\-iv\fR option. When both a key and a password are specified, the +key given with the \fB\-K\fR option will be used and the \s-1IV\s0 generated from the +password will be taken. It does not make much sense to specify both key +and password. +.IP "\fB\-iv\fR \fI\s-1IV\s0\fR" 4 +.IX Item "-iv IV" +The actual \s-1IV\s0 to use: this must be represented as a string comprised only +of hex digits. When only the key is specified using the \fB\-K\fR option, the +\&\s-1IV\s0 must explicitly be defined. When a password is being specified using +one of the other options, the \s-1IV\s0 is generated from this password. +.IP "\fB\-p\fR" 4 +.IX Item "-p" +Print out the key and \s-1IV\s0 used. +.IP "\fB\-P\fR" 4 +.IX Item "-P" +Print out the key and \s-1IV\s0 used then immediately exit: don't do any encryption +or decryption. +.IP "\fB\-bufsize\fR \fInumber\fR" 4 +.IX Item "-bufsize number" +Set the buffer size for I/O. +.IP "\fB\-nopad\fR" 4 +.IX Item "-nopad" +Disable standard block padding. +.IP "\fB\-v\fR" 4 +.IX Item "-v" +Verbose print; display some statistics about I/O and buffer sizes. +.IP "\fB\-debug\fR" 4 +.IX Item "-debug" +Debug the BIOs used for I/O. +.IP "\fB\-z\fR" 4 +.IX Item "-z" +Compress or decompress clear text using zlib before encryption or after +decryption. This option exists only if OpenSSL with compiled with zlib +or zlib-dynamic option. +.IP "\fB\-none\fR" 4 +.IX Item "-none" +Use \s-1NULL\s0 cipher (no encryption or decryption of input). +.IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 +.IX Item "-rand files, -writerand file" +See \*(L"Random State Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +See \*(L"Engine Options\*(R" in \fIopenssl\fR\|(1). +.SH "NOTES" +.IX Header "NOTES" +The program can be called either as \f(CW\*(C`openssl \f(CIcipher\f(CW\*(C'\fR or +\&\f(CW\*(C`openssl enc \-\f(CIcipher\f(CW\*(C'\fR. The first form doesn't work with +engine-provided ciphers, because this form is processed before the +configuration file is read and any ENGINEs loaded. +Use the \fIopenssl\-list\fR\|(1) command to get a list of supported ciphers. +.PP +Engines which provide entirely new encryption algorithms (such as the ccgost +engine which provides gost89 algorithm) should be configured in the +configuration file. Engines specified on the command line using \fB\-engine\fR +option can only be used for hardware-assisted implementations of +ciphers which are supported by the OpenSSL core or another engine specified +in the configuration file. +.PP +When the enc command lists supported ciphers, ciphers provided by engines, +specified in the configuration files are listed too. +.PP +A password will be prompted for to derive the key and \s-1IV\s0 if necessary. +.PP +The \fB\-salt\fR option should \fB\s-1ALWAYS\s0\fR be used if the key is being derived +from a password unless you want compatibility with previous versions of +OpenSSL. +.PP +Without the \fB\-salt\fR option it is possible to perform efficient dictionary +attacks on the password and to attack stream cipher encrypted data. The reason +for this is that without the salt the same password always generates the same +encryption key. When the salt is being used the first eight bytes of the +encrypted data are reserved for the salt: it is generated at random when +encrypting a file and read from the encrypted file when it is decrypted. +.PP +Some of the ciphers do not have large keys and others have security +implications if not used correctly. A beginner is advised to just use +a strong block cipher, such as \s-1AES\s0, in \s-1CBC\s0 mode. +.PP +All the block ciphers normally use PKCS#5 padding, also known as standard +block padding. This allows a rudimentary integrity or password check to +be performed. However since the chance of random data passing the test +is better than 1 in 256 it isn't a very good test. +.PP +If padding is disabled then the input data must be a multiple of the cipher +block length. +.PP +All \s-1RC2\s0 ciphers have the same key and effective key length. +.PP +Blowfish and \s-1RC5\s0 algorithms use a 128 bit key. +.SH "SUPPORTED CIPHERS" +.IX Header "SUPPORTED CIPHERS" +Note that some of these ciphers can be disabled at compile time +and some are available only if an appropriate engine is configured +in the configuration file. The output when invoking this command +with the \fB\-ciphers\fR option (that is \f(CW\*(C`openssl enc \-ciphers\*(C'\fR) is +a list of ciphers, supported by your version of OpenSSL, including +ones provided by configured engines. +.PP +This command does not support authenticated encryption modes +like \s-1CCM\s0 and \s-1GCM\s0, and will not support such modes in the future. +This is due to having to begin streaming output (e.g., to standard output +when \fB\-out\fR is not used) before the authentication tag could be validated. +When this command is used in a pipeline, the receiving end will not be +able to roll back upon authentication failure. The \s-1AEAD\s0 modes currently in +common use also suffer from catastrophic failure of confidentiality and/or +integrity upon reuse of key/iv/nonce, and since \fBopenssl enc\fR places the +entire burden of key/iv/nonce management upon the user, the risk of +exposing \s-1AEAD\s0 modes is too great to allow. These key/iv/nonce +management issues also affect other modes currently exposed in this command, +but the failure modes are less extreme in these cases, and the +functionality cannot be removed with a stable release branch. +For bulk encryption of data, whether using authenticated encryption +modes or other modes, \fIopenssl\-cms\fR\|(1) is recommended, as it provides a +standard data format and performs the needed key/iv/nonce management. +.PP +.Vb 1 +\& base64 Base 64 +\& +\& bf\-cbc Blowfish in CBC mode +\& bf Alias for bf\-cbc +\& blowfish Alias for bf\-cbc +\& bf\-cfb Blowfish in CFB mode +\& bf\-ecb Blowfish in ECB mode +\& bf\-ofb Blowfish in OFB mode +\& +\& cast\-cbc CAST in CBC mode +\& cast Alias for cast\-cbc +\& cast5\-cbc CAST5 in CBC mode +\& cast5\-cfb CAST5 in CFB mode +\& cast5\-ecb CAST5 in ECB mode +\& cast5\-ofb CAST5 in OFB mode +\& +\& chacha20 ChaCha20 algorithm +\& +\& des\-cbc DES in CBC mode +\& des Alias for des\-cbc +\& des\-cfb DES in CFB mode +\& des\-ofb DES in OFB mode +\& des\-ecb DES in ECB mode +\& +\& des\-ede\-cbc Two key triple DES EDE in CBC mode +\& des\-ede Two key triple DES EDE in ECB mode +\& des\-ede\-cfb Two key triple DES EDE in CFB mode +\& des\-ede\-ofb Two key triple DES EDE in OFB mode +\& +\& des\-ede3\-cbc Three key triple DES EDE in CBC mode +\& des\-ede3 Three key triple DES EDE in ECB mode +\& des3 Alias for des\-ede3\-cbc +\& des\-ede3\-cfb Three key triple DES EDE CFB mode +\& des\-ede3\-ofb Three key triple DES EDE in OFB mode +\& +\& desx DESX algorithm. +\& +\& gost89 GOST 28147\-89 in CFB mode (provided by ccgost engine) +\& gost89\-cnt \`GOST 28147\-89 in CNT mode (provided by ccgost engine) +\& +\& idea\-cbc IDEA algorithm in CBC mode +\& idea same as idea\-cbc +\& idea\-cfb IDEA in CFB mode +\& idea\-ecb IDEA in ECB mode +\& idea\-ofb IDEA in OFB mode +\& +\& rc2\-cbc 128 bit RC2 in CBC mode +\& rc2 Alias for rc2\-cbc +\& rc2\-cfb 128 bit RC2 in CFB mode +\& rc2\-ecb 128 bit RC2 in ECB mode +\& rc2\-ofb 128 bit RC2 in OFB mode +\& rc2\-64\-cbc 64 bit RC2 in CBC mode +\& rc2\-40\-cbc 40 bit RC2 in CBC mode +\& +\& rc4 128 bit RC4 +\& rc4\-64 64 bit RC4 +\& rc4\-40 40 bit RC4 +\& +\& rc5\-cbc RC5 cipher in CBC mode +\& rc5 Alias for rc5\-cbc +\& rc5\-cfb RC5 cipher in CFB mode +\& rc5\-ecb RC5 cipher in ECB mode +\& rc5\-ofb RC5 cipher in OFB mode +\& +\& seed\-cbc SEED cipher in CBC mode +\& seed Alias for seed\-cbc +\& seed\-cfb SEED cipher in CFB mode +\& seed\-ecb SEED cipher in ECB mode +\& seed\-ofb SEED cipher in OFB mode +\& +\& sm4\-cbc SM4 cipher in CBC mode +\& sm4 Alias for sm4\-cbc +\& sm4\-cfb SM4 cipher in CFB mode +\& sm4\-ctr SM4 cipher in CTR mode +\& sm4\-ecb SM4 cipher in ECB mode +\& sm4\-ofb SM4 cipher in OFB mode +\& +\& aes\-[128|192|256]\-cbc 128/192/256 bit AES in CBC mode +\& aes[128|192|256] Alias for aes\-[128|192|256]\-cbc +\& aes\-[128|192|256]\-cfb 128/192/256 bit AES in 128 bit CFB mode +\& aes\-[128|192|256]\-cfb1 128/192/256 bit AES in 1 bit CFB mode +\& aes\-[128|192|256]\-cfb8 128/192/256 bit AES in 8 bit CFB mode +\& aes\-[128|192|256]\-ctr 128/192/256 bit AES in CTR mode +\& aes\-[128|192|256]\-ecb 128/192/256 bit AES in ECB mode +\& aes\-[128|192|256]\-ofb 128/192/256 bit AES in OFB mode +\& +\& aria\-[128|192|256]\-cbc 128/192/256 bit ARIA in CBC mode +\& aria[128|192|256] Alias for aria\-[128|192|256]\-cbc +\& aria\-[128|192|256]\-cfb 128/192/256 bit ARIA in 128 bit CFB mode +\& aria\-[128|192|256]\-cfb1 128/192/256 bit ARIA in 1 bit CFB mode +\& aria\-[128|192|256]\-cfb8 128/192/256 bit ARIA in 8 bit CFB mode +\& aria\-[128|192|256]\-ctr 128/192/256 bit ARIA in CTR mode +\& aria\-[128|192|256]\-ecb 128/192/256 bit ARIA in ECB mode +\& aria\-[128|192|256]\-ofb 128/192/256 bit ARIA in OFB mode +\& +\& camellia\-[128|192|256]\-cbc 128/192/256 bit Camellia in CBC mode +\& camellia[128|192|256] Alias for camellia\-[128|192|256]\-cbc +\& camellia\-[128|192|256]\-cfb 128/192/256 bit Camellia in 128 bit CFB mode +\& camellia\-[128|192|256]\-cfb1 128/192/256 bit Camellia in 1 bit CFB mode +\& camellia\-[128|192|256]\-cfb8 128/192/256 bit Camellia in 8 bit CFB mode +\& camellia\-[128|192|256]\-ctr 128/192/256 bit Camellia in CTR mode +\& camellia\-[128|192|256]\-ecb 128/192/256 bit Camellia in ECB mode +\& camellia\-[128|192|256]\-ofb 128/192/256 bit Camellia in OFB mode +.Ve +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Just base64 encode a binary file: +.PP +.Vb 1 +\& openssl base64 \-in file.bin \-out file.b64 +.Ve +.PP +Decode the same file +.PP +.Vb 1 +\& openssl base64 \-d \-in file.b64 \-out file.bin +.Ve +.PP +Encrypt a file using \s-1AES\-128\s0 using a prompted password +and \s-1PBKDF2\s0 key derivation: +.PP +.Vb 1 +\& openssl enc \-aes128 \-pbkdf2 \-in file.txt \-out file.aes128 +.Ve +.PP +Decrypt a file using a supplied password: +.PP +.Vb 2 +\& openssl enc \-aes128 \-pbkdf2 \-d \-in file.aes128 \-out file.txt \e +\& \-pass pass: +.Ve +.PP +Encrypt a file then base64 encode it (so it can be sent via mail for example) +using \s-1AES\-256\s0 in \s-1CTR\s0 mode and \s-1PBKDF2\s0 key derivation: +.PP +.Vb 1 +\& openssl enc \-aes\-256\-ctr \-pbkdf2 \-a \-in file.txt \-out file.aes256 +.Ve +.PP +Base64 decode a file then decrypt it using a password supplied in a file: +.PP +.Vb 2 +\& openssl enc \-aes\-256\-ctr \-pbkdf2 \-d \-a \-in file.aes256 \-out file.txt \e +\& \-pass file: +.Ve +.SH "BUGS" +.IX Header "BUGS" +The \fB\-A\fR option when used with large files doesn't work properly. +.PP +The \fBopenssl enc\fR command only supports a fixed number of algorithms with +certain parameters. So if, for example, you want to use \s-1RC2\s0 with a +76 bit key or \s-1RC4\s0 with an 84 bit key you can't use this program. +.SH "HISTORY" +.IX Header "HISTORY" +The default digest was changed from \s-1MD5\s0 to \s-1SHA256\s0 in OpenSSL 1.1.0. +.PP +The \fB\-list\fR option was added in OpenSSL 1.1.1e. +.PP +The \fB\-ciphers\fR option was deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man1/openssl-engine.1 b/linux_amd64/share/man/man1/openssl-engine.1 new file mode 100755 index 0000000..55beab9 --- /dev/null +++ b/linux_amd64/share/man/man1/openssl-engine.1 @@ -0,0 +1,237 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-ENGINE 1" +.TH OPENSSL-ENGINE 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-engine \- load and query engines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl engine\fR +[\fB\-help\fR] +[\fB\-v\fR] +[\fB\-vv\fR] +[\fB\-vvv\fR] +[\fB\-vvvv\fR] +[\fB\-c\fR] +[\fB\-t\fR] +[\fB\-tt\fR] +[\fB\-pre\fR \fIcommand\fR] ... +[\fB\-post\fR \fIcommand\fR] ... +[\fIengine\fR ...] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command is used to query the status and capabilities +of the specified \fIengine\fRs. +Engines may be specified before and after all other command-line flags. +Only those specified are queried. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Display an option summary. +.IP "\fB\-v\fR \fB\-vv\fR \fB\-vvv\fR \fB\-vvvv\fR" 4 +.IX Item "-v -vv -vvv -vvvv" +Provides information about each specified engine. The first flag lists +all the possible run-time control commands; the second adds a +description of each command; the third adds the input flags, and the +final option adds the internal input flags. +.IP "\fB\-c\fR" 4 +.IX Item "-c" +Lists the capabilities of each engine. +.IP "\fB\-t\fR" 4 +.IX Item "-t" +Tests if each specified engine is available, and displays the answer. +.IP "\fB\-tt\fR" 4 +.IX Item "-tt" +Displays an error trace for any unavailable engine. +.IP "\fB\-pre\fR \fIcommand\fR" 4 +.IX Item "-pre command" +.PD 0 +.IP "\fB\-post\fR \fIcommand\fR" 4 +.IX Item "-post command" +.PD +Command-line configuration of engines. +The \fB\-pre\fR command is given to the engine before it is loaded and +the \fB\-post\fR command is given after the engine is loaded. +The \fIcommand\fR is of the form \fIcmd\fR:\fIval\fR where \fIcmd\fR is the command, +and \fIval\fR is the value for the command. +See the example below. +.Sp +These two options are cumulative, so they may be given more than once in the +same command. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +To list all the commands available to a dynamic engine: +.PP +.Vb 10 +\& $ openssl engine \-t \-tt \-vvvv dynamic +\& (dynamic) Dynamic engine loading support +\& [ unavailable ] +\& SO_PATH: Specifies the path to the new ENGINE shared library +\& (input flags): STRING +\& NO_VCHECK: Specifies to continue even if version checking fails (boolean) +\& (input flags): NUMERIC +\& ID: Specifies an ENGINE id name for loading +\& (input flags): STRING +\& LIST_ADD: Whether to add a loaded ENGINE to the internal list (0=no,1=yes,2=mandatory) +\& (input flags): NUMERIC +\& DIR_LOAD: Specifies whether to load from \*(AqDIR_ADD\*(Aq directories (0=no,1=yes,2=mandatory) +\& (input flags): NUMERIC +\& DIR_ADD: Adds a directory from which ENGINEs can be loaded +\& (input flags): STRING +\& LOAD: Load up the ENGINE specified by other settings +\& (input flags): NO_INPUT +.Ve +.PP +To list the capabilities of the \fBrsax\fR engine: +.PP +.Vb 4 +\& $ openssl engine \-c +\& (rsax) RSAX engine support +\& [RSA] +\& (dynamic) Dynamic engine loading support +.Ve +.SH "ENVIRONMENT" +.IX Header "ENVIRONMENT" +.IP "\fB\s-1OPENSSL_ENGINES\s0\fR" 4 +.IX Item "OPENSSL_ENGINES" +The path to the engines directory. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIconfig\fR\|(5) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man1/openssl-errstr.1 b/linux_amd64/share/man/man1/openssl-errstr.1 new file mode 100755 index 0000000..1da9f14 --- /dev/null +++ b/linux_amd64/share/man/man1/openssl-errstr.1 @@ -0,0 +1,176 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-ERRSTR 1" +.TH OPENSSL-ERRSTR 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-errstr \- lookup error codes +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl errstr\fR +[\fB\-help\fR] +\&\fIerror_code...\fR +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Sometimes an application will not load error message texts and only +numerical forms will be available. This command can be +used to display the meaning of the hex code. The hex code is the hex digits +after the second colon. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Display a usage message. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The error code: +.PP +.Vb 1 +\& 27594:error:2006D080:lib(32)::reason(128)::107: +.Ve +.PP +can be displayed with: +.PP +.Vb 1 +\& openssl errstr 2006D080 +.Ve +.PP +to produce the error message: +.PP +.Vb 1 +\& error:2006D080:BIO routines::no such file +.Ve +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2004\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man1/openssl-fipsinstall.1 b/linux_amd64/share/man/man1/openssl-fipsinstall.1 new file mode 100755 index 0000000..a75ec5c --- /dev/null +++ b/linux_amd64/share/man/man1/openssl-fipsinstall.1 @@ -0,0 +1,278 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-FIPSINSTALL 1" +.TH OPENSSL-FIPSINSTALL 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-fipsinstall \- perform FIPS configuration installation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl fipsinstall\fR +[\fB\-help\fR] +[\fB\-in\fR \fIconfigfilename\fR] +[\fB\-out\fR \fIconfigfilename\fR] +[\fB\-module\fR \fImodulefilename\fR] +[\fB\-provider_name\fR \fIprovidername\fR] +[\fB\-section_name\fR \fIsectionname\fR] +[\fB\-verify\fR] +[\fB\-mac_name\fR \fImacname\fR] +[\fB\-macopt\fR \fInm\fR:\fIv\fR] +[\fB\-noout\fR] +[\fB\-corrupt_desc\fR \fIselftest_description\fR] +[\fB\-corrupt_type\fR \fIselftest_type\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command is used to generate a \s-1FIPS\s0 module configuration file. +The generated configuration file consists of: +.IP "\- A mac of the \s-1FIPS\s0 module file." 4 +.IX Item "- A mac of the FIPS module file." +.PD 0 +.IP "\- A status indicator that indicates if the known answer Self Tests (\s-1KAT\s0's) have successfully run." 4 +.IX Item "- A status indicator that indicates if the known answer Self Tests (KAT's) have successfully run." +.PD +.PP +This configuration file can be used each time a \s-1FIPS\s0 module is loaded +in order to pass data to the \s-1FIPS\s0 modules self tests. The \s-1FIPS\s0 module always +verifies the modules \s-1MAC\s0, but only needs to run the \s-1KATS\s0 once during install. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print a usage message. +.IP "\fB\-module\fR \fIfilename\fR" 4 +.IX Item "-module filename" +Filename of a fips module to perform an integrity check on. +.IP "\fB\-out\fR \fIconfigfilename\fR" 4 +.IX Item "-out configfilename" +Filename to output the configuration data to, or standard output by default. +.IP "\fB\-in\fR \fIconfigfilename\fR" 4 +.IX Item "-in configfilename" +Input filename to load configuration data from. Used with the '\-verify' option. +Standard input is used if the filename is '\-'. +.IP "\fB\-verify\fR" 4 +.IX Item "-verify" +Verify that the input configuration file contains the correct information +.IP "\fB\-provider_name\fR \fIprovidername\fR" 4 +.IX Item "-provider_name providername" +Name of the provider inside the configuration file. +.IP "\fB\-section_name\fR \fIsectionname\fR" 4 +.IX Item "-section_name sectionname" +Name of the section inside the configuration file. +.IP "\fB\-mac_name\fR \fIname\fR" 4 +.IX Item "-mac_name name" +Specifies the name of a supported \s-1MAC\s0 algorithm which will be used. +To see the list of supported \s-1MAC\s0's use the command +\&\f(CW\*(C`openssl list \-mac\-algorithms\*(C'\fR. The default is \fB\s-1HMAC\s0\fR. +.IP "\fB\-macopt\fR \fInm\fR:\fIv\fR" 4 +.IX Item "-macopt nm:v" +Passes options to the \s-1MAC\s0 algorithm. +A comprehensive list of controls can be found in the \s-1EVP_MAC\s0 implementation +documentation. +Common control strings used for fipsinstall are: +.RS 4 +.IP "\fBkey\fR:\fIstring\fR" 4 +.IX Item "key:string" +Specifies the \s-1MAC\s0 key as an alphanumeric string (use if the key contains +printable characters only). +The string length must conform to any restrictions of the \s-1MAC\s0 algorithm. +A key must be specified for every \s-1MAC\s0 algorithm. +.IP "\fBhexkey\fR:\fIstring\fR" 4 +.IX Item "hexkey:string" +Specifies the \s-1MAC\s0 key in hexadecimal form (two hex digits per byte). +The key length must conform to any restrictions of the \s-1MAC\s0 algorithm. +A key must be specified for every \s-1MAC\s0 algorithm. +.IP "\fBdigest\fR:\fIstring\fR" 4 +.IX Item "digest:string" +Used by \s-1HMAC\s0 as an alphanumeric string (use if the key contains printable +characters only). +The string length must conform to any restrictions of the \s-1MAC\s0 algorithm. +To see the list of supported digests, use the command +\&\f(CW\*(C`openssl list \-digest\-commands\*(C'\fR. +.RE +.RS 4 +.RE +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +Disable logging of the self tests. +.IP "\fB\-corrupt_desc\fR \fIselftest_description\fR" 4 +.IX Item "-corrupt_desc selftest_description" +.PD 0 +.IP "\fB\-corrupt_type\fR \fIselftest_type\fR" 4 +.IX Item "-corrupt_type selftest_type" +.PD +The corrupt options can be used to test failure of one or more self test(s) by +name. +Either option or both may be used to select the self test(s) to corrupt. +Refer to the entries for \*(L"st-desc\*(R" and \*(L"st-type\*(R" in \s-1\fIOSSL_PROVIDER\-FIPS\s0\fR\|(7) for +values that can be used. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Calculate the mac of a \s-1FIPS\s0 module \fIfips.so\fR and run a \s-1FIPS\s0 self test +for the module, and save the \fIfips.conf\fR configuration file: +.PP +.Vb 3 +\& openssl fipsinstall \-module ./fips.so \-out fips.conf \-provider_name fips \e +\& \-section_name fipsinstall \-mac_name HMAC \-macopt digest:SHA256 \e +\& \-macopt hexkey:000102030405060708090A0B0C0D0E0F10111213 +.Ve +.PP +Verify that the configuration file \fIfips.conf\fR contains the correct info: +.PP +.Vb 3 +\& openssl fipsinstall \-module ./fips.so \-in fips.conf \-provider_name fips \e +\& \-section_name fips_install \-mac_name HMAC \-macopt digest:SHA256 \e +\& \-macopt hexkey:000102030405060708090A0B0C0D0E0F10111213 \-verify +.Ve +.PP +Corrupt any self tests which have the description '\s-1SHA1\s0': +.PP +.Vb 4 +\& openssl fipsinstall \-module ./fips.so \-out fips.conf \-provider_name fips \e +\& \-section_name fipsinstall \-mac_name HMAC \-macopt digest:SHA256 \e +\& \-macopt hexkey:000102030405060708090A0B0C0D0E0F10111213 \e +\& \-corrupt_desc\*(Aq, \*(AqSHA1\*(Aq +.Ve +.SH "NOTES" +.IX Header "NOTES" +The \s-1MAC\s0 mechanisms that are available will depend on the options +used when building OpenSSL. +The command \f(CW\*(C`openssl list \-mac\-algorithms\*(C'\fR command can be used to list them. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIfips_config\fR\|(5), +\&\s-1\fIOSSL_PROVIDER\-FIPS\s0\fR\|(7), +\&\s-1\fIEVP_MAC\s0\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man1/openssl-gendsa.1 b/linux_amd64/share/man/man1/openssl-gendsa.1 new file mode 100755 index 0000000..f70013d --- /dev/null +++ b/linux_amd64/share/man/man1/openssl-gendsa.1 @@ -0,0 +1,218 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-GENDSA 1" +.TH OPENSSL-GENDSA 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-gendsa \- generate a DSA private key from a set of parameters +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBgendsa\fR +[\fB\-help\fR] +[\fB\-out\fR \fIfilename\fR] +[\fB\-passout\fR \fIarg\fR] +[\fB\-aes128\fR] +[\fB\-aes192\fR] +[\fB\-aes256\fR] +[\fB\-aria128\fR] +[\fB\-aria192\fR] +[\fB\-aria256\fR] +[\fB\-camellia128\fR] +[\fB\-camellia192\fR] +[\fB\-camellia256\fR] +[\fB\-des\fR] +[\fB\-des3\fR] +[\fB\-idea\fR] +[\fB\-verbose\fR] +[\fB\-rand\fR \fIfiles\fR] +[\fB\-writerand\fR \fIfile\fR] +[\fB\-engine\fR \fIid\fR] +[\fIparamfile\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command has been deprecated. +The \fIopenssl\-genpkey\fR\|(1) command should be used instead. +.PP +This command generates a \s-1DSA\s0 private key from a \s-1DSA\s0 parameter file +(which will be typically generated by the \fIopenssl\-dsaparam\fR\|(1) command). +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +Output the key to the specified file. If this argument is not specified then +standard output is used. +.IP "\fB\-passout\fR \fIarg\fR" 4 +.IX Item "-passout arg" +The passphrase used for the output file. +See \*(L"Pass Phrase Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-aes128\fR, \fB\-aes192\fR, \fB\-aes256\fR, \fB\-aria128\fR, \fB\-aria192\fR, \fB\-aria256\fR, \fB\-camellia128\fR, \fB\-camellia192\fR, \fB\-camellia256\fR, \fB\-des\fR, \fB\-des3\fR, \fB\-idea\fR" 4 +.IX Item "-aes128, -aes192, -aes256, -aria128, -aria192, -aria256, -camellia128, -camellia192, -camellia256, -des, -des3, -idea" +These options encrypt the private key with specified +cipher before outputting it. A pass phrase is prompted for. +If none of these options is specified no encryption is used. +.IP "\fB\-verbose\fR" 4 +.IX Item "-verbose" +Print extra details about the operations being performed. +.IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 +.IX Item "-rand files, -writerand file" +See \*(L"Random State Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +See \*(L"Engine Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fIparamfile\fR" 4 +.IX Item "paramfile" +The \s-1DSA\s0 parameter file to use. The parameters in this file determine +the size of the private key. \s-1DSA\s0 parameters can be generated and +examined using the \fIopenssl\-dsaparam\fR\|(1) command. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1DSA\s0 key generation is little more than random number generation so it is +much quicker that \s-1RSA\s0 key generation for example. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIopenssl\-genpkey\fR\|(1), +\&\fIopenssl\-dsaparam\fR\|(1), +\&\fIopenssl\-dsa\fR\|(1), +\&\fIopenssl\-genrsa\fR\|(1), +\&\fIopenssl\-rsa\fR\|(1) +.SH "HISTORY" +.IX Header "HISTORY" +This command was deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man1/openssl-genpkey.1 b/linux_amd64/share/man/man1/openssl-genpkey.1 new file mode 100755 index 0000000..b0834ed --- /dev/null +++ b/linux_amd64/share/man/man1/openssl-genpkey.1 @@ -0,0 +1,422 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-GENPKEY 1" +.TH OPENSSL-GENPKEY 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-genpkey \- generate a private key +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBgenpkey\fR +[\fB\-help\fR] +[\fB\-out\fR \fIfilename\fR] +[\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-pass\fR \fIarg\fR] +[\fB\-\f(BIcipher\fB\fR] +[\fB\-paramfile\fR \fIfile\fR] +[\fB\-algorithm\fR \fIalg\fR] +[\fB\-pkeyopt\fR \fIopt\fR:\fIvalue\fR] +[\fB\-genparam\fR] +[\fB\-text\fR] +[\fB\-engine\fR \fIid\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command generates a private key. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +Output the key to the specified file. If this argument is not specified then +standard output is used. +.IP "\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IX Item "-outform DER|PEM" +The output format; the default is \fB\s-1PEM\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-pass\fR \fIarg\fR" 4 +.IX Item "-pass arg" +The output file password source. For more information about the format of \fIarg\fR +see \*(L"Pass Phrase Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-\f(BIcipher\fB\fR" 4 +.IX Item "-cipher" +This option encrypts the private key with the supplied cipher. Any algorithm +name accepted by \fIEVP_get_cipherbyname()\fR is acceptable such as \fBdes3\fR. +.IP "\fB\-algorithm\fR \fIalg\fR" 4 +.IX Item "-algorithm alg" +Public key algorithm to use such as \s-1RSA\s0, \s-1DSA\s0 or \s-1DH\s0. If used this option must +precede any \fB\-pkeyopt\fR options. The options \fB\-paramfile\fR and \fB\-algorithm\fR +are mutually exclusive. Engines may add algorithms in addition to the standard +built-in ones. +.Sp +Valid built-in algorithm names for private key generation are \s-1RSA\s0, RSA-PSS, \s-1EC\s0, +X25519, X448, \s-1ED25519\s0 and \s-1ED448\s0. +.Sp +Valid built-in algorithm names for parameter generation (see the \fB\-genparam\fR +option) are \s-1DH\s0, \s-1DSA\s0 and \s-1EC\s0. +.Sp +Note that the algorithm name X9.42 \s-1DH\s0 may be used as a synonym for the \s-1DH\s0 +algorithm. These are identical and do not indicate the type of parameters that +will be generated. Use the \fBdh_paramgen_type\fR option to indicate whether PKCS#3 +or X9.42 \s-1DH\s0 parameters are required. See \*(L"\s-1DH\s0 Parameter Generation Options\*(R" +below for more details. +.IP "\fB\-pkeyopt\fR \fIopt\fR:\fIvalue\fR" 4 +.IX Item "-pkeyopt opt:value" +Set the public key algorithm option \fIopt\fR to \fIvalue\fR. The precise set of +options supported depends on the public key algorithm used and its +implementation. See \*(L"\s-1KEY\s0 \s-1GENERATION\s0 \s-1OPTIONS\s0\*(R" and +\&\*(L"\s-1PARAMETER\s0 \s-1GENERATION\s0 \s-1OPTIONS\s0\*(R" below for more details. +.IP "\fB\-genparam\fR" 4 +.IX Item "-genparam" +Generate a set of parameters instead of a private key. If used this option must +precede any \fB\-algorithm\fR, \fB\-paramfile\fR or \fB\-pkeyopt\fR options. +.IP "\fB\-paramfile\fR \fIfilename\fR" 4 +.IX Item "-paramfile filename" +Some public key algorithms generate a private key based on a set of parameters. +They can be supplied using this option. If this option is used the public key +algorithm used is determined by the parameters. If used this option must +precede any \fB\-pkeyopt\fR options. The options \fB\-paramfile\fR and \fB\-algorithm\fR +are mutually exclusive. +.IP "\fB\-text\fR" 4 +.IX Item "-text" +Print an (unencrypted) text representation of private and public keys and +parameters along with the \s-1PEM\s0 or \s-1DER\s0 structure. +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +See \*(L"Engine Options\*(R" in \fIopenssl\fR\|(1). +.SH "KEY GENERATION OPTIONS" +.IX Header "KEY GENERATION OPTIONS" +The options supported by each algorithm and indeed each implementation of an +algorithm can vary. The options for the OpenSSL implementations are detailed +below. There are no key generation options defined for the X25519, X448, \s-1ED25519\s0 +or \s-1ED448\s0 algorithms. +.SS "\s-1RSA\s0 Key Generation Options" +.IX Subsection "RSA Key Generation Options" +.IP "\fBrsa_keygen_bits:numbits\fR" 4 +.IX Item "rsa_keygen_bits:numbits" +The number of bits in the generated key. If not specified 2048 is used. +.IP "\fBrsa_keygen_primes:numprimes\fR" 4 +.IX Item "rsa_keygen_primes:numprimes" +The number of primes in the generated key. If not specified 2 is used. +.IP "\fBrsa_keygen_pubexp:value\fR" 4 +.IX Item "rsa_keygen_pubexp:value" +The \s-1RSA\s0 public exponent value. This can be a large decimal or +hexadecimal value if preceded by \f(CW\*(C`0x\*(C'\fR. Default value is 65537. +.SS "RSA-PSS Key Generation Options" +.IX Subsection "RSA-PSS Key Generation Options" +Note: by default an \fBRSA-PSS\fR key has no parameter restrictions. +.IP "\fBrsa_keygen_bits\fR:\fInumbits\fR, \fBrsa_keygen_primes\fR:\fInumprimes\fR, \fBrsa_keygen_pubexp\fR:\fIvalue\fR" 4 +.IX Item "rsa_keygen_bits:numbits, rsa_keygen_primes:numprimes, rsa_keygen_pubexp:value" +These options have the same meaning as the \fB\s-1RSA\s0\fR algorithm. +.IP "\fBrsa_pss_keygen_md\fR:\fIdigest\fR" 4 +.IX Item "rsa_pss_keygen_md:digest" +If set the key is restricted and can only use \fIdigest\fR for signing. +.IP "\fBrsa_pss_keygen_mgf1_md\fR:\fIdigest\fR" 4 +.IX Item "rsa_pss_keygen_mgf1_md:digest" +If set the key is restricted and can only use \fIdigest\fR as it's \s-1MGF1\s0 +parameter. +.IP "\fBrsa_pss_keygen_saltlen\fR:\fIlen\fR" 4 +.IX Item "rsa_pss_keygen_saltlen:len" +If set the key is restricted and \fIlen\fR specifies the minimum salt length. +.SS "\s-1EC\s0 Key Generation Options" +.IX Subsection "EC Key Generation Options" +The \s-1EC\s0 key generation options can also be used for parameter generation. +.IP "\fBec_paramgen_curve\fR:\fIcurve\fR" 4 +.IX Item "ec_paramgen_curve:curve" +The \s-1EC\s0 curve to use. OpenSSL supports \s-1NIST\s0 curve names such as \*(L"P\-256\*(R". +.IP "\fBec_param_enc\fR:\fIencoding\fR" 4 +.IX Item "ec_param_enc:encoding" +The encoding to use for parameters. The \fIencoding\fR parameter must be either +\&\fBnamed_curve\fR or \fBexplicit\fR. The default value is \fBnamed_curve\fR. +.SH "PARAMETER GENERATION OPTIONS" +.IX Header "PARAMETER GENERATION OPTIONS" +The options supported by each algorithm and indeed each implementation of an +algorithm can vary. The options for the OpenSSL implementations are detailed +below. +.SS "\s-1DSA\s0 Parameter Generation Options" +.IX Subsection "DSA Parameter Generation Options" +.IP "\fBdsa_paramgen_bits\fR:\fInumbits\fR" 4 +.IX Item "dsa_paramgen_bits:numbits" +The number of bits in the generated prime. If not specified 2048 is used. +.IP "\fBdsa_paramgen_q_bits\fR:\fInumbits\fR" 4 +.IX Item "dsa_paramgen_q_bits:numbits" +The number of bits in the q parameter. Must be one of 160, 224 or 256. If not +specified 224 is used. +.IP "\fBdsa_paramgen_md\fR:\fIdigest\fR" 4 +.IX Item "dsa_paramgen_md:digest" +The digest to use during parameter generation. Must be one of \fBsha1\fR, \fBsha224\fR +or \fBsha256\fR. If set, then the number of bits in \fBq\fR will match the output size +of the specified digest and the \fBdsa_paramgen_q_bits\fR parameter will be +ignored. If not set, then a digest will be used that gives an output matching +the number of bits in \fBq\fR, i.e. \fBsha1\fR if q length is 160, \fBsha224\fR if it 224 +or \fBsha256\fR if it is 256. +.SS "\s-1DH\s0 Parameter Generation Options" +.IX Subsection "DH Parameter Generation Options" +.IP "\fBdh_paramgen_prime_len\fR:\fInumbits\fR" 4 +.IX Item "dh_paramgen_prime_len:numbits" +The number of bits in the prime parameter \fIp\fR. The default is 2048. +.IP "\fBdh_paramgen_subprime_len\fR:\fInumbits\fR" 4 +.IX Item "dh_paramgen_subprime_len:numbits" +The number of bits in the sub prime parameter \fIq\fR. The default is 256 if the +prime is at least 2048 bits long or 160 otherwise. Only relevant if used in +conjunction with the \fBdh_paramgen_type\fR option to generate X9.42 \s-1DH\s0 parameters. +.IP "\fBdh_paramgen_generator\fR:\fIvalue\fR" 4 +.IX Item "dh_paramgen_generator:value" +The value to use for the generator \fIg\fR. The default is 2. +.IP "\fBdh_paramgen_type\fR:\fIvalue\fR" 4 +.IX Item "dh_paramgen_type:value" +The type of \s-1DH\s0 parameters to generate. Use 0 for PKCS#3 \s-1DH\s0 and 1 for X9.42 \s-1DH\s0. +The default is 0. +.IP "\fBdh_rfc5114\fR:\fInum\fR" 4 +.IX Item "dh_rfc5114:num" +If this option is set, then the appropriate \s-1RFC5114\s0 parameters are used +instead of generating new parameters. The value \fInum\fR can be one of +1, 2 or 3 corresponding to \s-1RFC5114\s0 \s-1DH\s0 parameters consisting of +1024 bit group with 160 bit subgroup, 2048 bit group with 224 bit subgroup +and 2048 bit group with 256 bit subgroup as mentioned in \s-1RFC5114\s0 sections +2.1, 2.2 and 2.3 respectively. If present this overrides all other \s-1DH\s0 parameter +options. +.SS "\s-1EC\s0 Parameter Generation Options" +.IX Subsection "EC Parameter Generation Options" +The \s-1EC\s0 parameter generation options are the same as for key generation. See +\&\*(L"\s-1EC\s0 Key Generation Options\*(R" above. +.SH "NOTES" +.IX Header "NOTES" +The use of the genpkey program is encouraged over the algorithm specific +utilities because additional algorithm options and \s-1ENGINE\s0 provided algorithms +can be used. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Generate an \s-1RSA\s0 private key using default parameters: +.PP +.Vb 1 +\& openssl genpkey \-algorithm RSA \-out key.pem +.Ve +.PP +Encrypt output private key using 128 bit \s-1AES\s0 and the passphrase \*(L"hello\*(R": +.PP +.Vb 1 +\& openssl genpkey \-algorithm RSA \-out key.pem \-aes\-128\-cbc \-pass pass:hello +.Ve +.PP +Generate a 2048 bit \s-1RSA\s0 key using 3 as the public exponent: +.PP +.Vb 2 +\& openssl genpkey \-algorithm RSA \-out key.pem \e +\& \-pkeyopt rsa_keygen_bits:2048 \-pkeyopt rsa_keygen_pubexp:3 +.Ve +.PP +Generate 2048 bit \s-1DSA\s0 parameters: +.PP +.Vb 2 +\& openssl genpkey \-genparam \-algorithm DSA \-out dsap.pem \e +\& \-pkeyopt dsa_paramgen_bits:2048 +.Ve +.PP +Generate \s-1DSA\s0 key from parameters: +.PP +.Vb 1 +\& openssl genpkey \-paramfile dsap.pem \-out dsakey.pem +.Ve +.PP +Generate 2048 bit \s-1DH\s0 parameters: +.PP +.Vb 2 +\& openssl genpkey \-genparam \-algorithm DH \-out dhp.pem \e +\& \-pkeyopt dh_paramgen_prime_len:2048 +.Ve +.PP +Generate 2048 bit X9.42 \s-1DH\s0 parameters: +.PP +.Vb 3 +\& openssl genpkey \-genparam \-algorithm DH \-out dhpx.pem \e +\& \-pkeyopt dh_paramgen_prime_len:2048 \e +\& \-pkeyopt dh_paramgen_type:1 +.Ve +.PP +Output \s-1RFC5114\s0 2048 bit \s-1DH\s0 parameters with 224 bit subgroup: +.PP +.Vb 1 +\& openssl genpkey \-genparam \-algorithm DH \-out dhp.pem \-pkeyopt dh_rfc5114:2 +.Ve +.PP +Generate \s-1DH\s0 key from parameters: +.PP +.Vb 1 +\& openssl genpkey \-paramfile dhp.pem \-out dhkey.pem +.Ve +.PP +Generate \s-1EC\s0 parameters: +.PP +.Vb 3 +\& openssl genpkey \-genparam \-algorithm EC \-out ecp.pem \e +\& \-pkeyopt ec_paramgen_curve:secp384r1 \e +\& \-pkeyopt ec_param_enc:named_curve +.Ve +.PP +Generate \s-1EC\s0 key from parameters: +.PP +.Vb 1 +\& openssl genpkey \-paramfile ecp.pem \-out eckey.pem +.Ve +.PP +Generate \s-1EC\s0 key directly: +.PP +.Vb 3 +\& openssl genpkey \-algorithm EC \-out eckey.pem \e +\& \-pkeyopt ec_paramgen_curve:P\-384 \e +\& \-pkeyopt ec_param_enc:named_curve +.Ve +.PP +Generate an X25519 private key: +.PP +.Vb 1 +\& openssl genpkey \-algorithm X25519 \-out xkey.pem +.Ve +.PP +Generate an \s-1ED448\s0 private key: +.PP +.Vb 1 +\& openssl genpkey \-algorithm ED448 \-out xkey.pem +.Ve +.SH "HISTORY" +.IX Header "HISTORY" +The ability to use \s-1NIST\s0 curve names, and to generate an \s-1EC\s0 key directly, +were added in OpenSSL 1.0.2. +The ability to generate X25519 keys was added in OpenSSL 1.1.0. +The ability to generate X448, \s-1ED25519\s0 and \s-1ED448\s0 keys was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man1/openssl-genrsa.1 b/linux_amd64/share/man/man1/openssl-genrsa.1 new file mode 100755 index 0000000..5010f01 --- /dev/null +++ b/linux_amd64/share/man/man1/openssl-genrsa.1 @@ -0,0 +1,236 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-GENRSA 1" +.TH OPENSSL-GENRSA 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-genrsa \- generate an RSA private key +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBgenrsa\fR +[\fB\-help\fR] +[\fB\-out\fR \fIfilename\fR] +[\fB\-passout\fR \fIarg\fR] +[\fB\-aes128\fR] +[\fB\-aes192\fR] +[\fB\-aes256\fR] +[\fB\-aria128\fR] +[\fB\-aria192\fR] +[\fB\-aria256\fR] +[\fB\-camellia128\fR] +[\fB\-camellia192\fR] +[\fB\-camellia256\fR] +[\fB\-des\fR] +[\fB\-des3\fR] +[\fB\-idea\fR] +[\fB\-F4\fR] +[\fB\-f4\fR] +[\fB\-3\fR] +[\fB\-primes\fR \fInum\fR] +[\fB\-verbose\fR] +[\fB\-rand\fR \fIfiles\fR] +[\fB\-writerand\fR \fIfile\fR] +[\fB\-engine\fR \fIid\fR] +[\fBnumbits\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command has been deprecated. +The \fIopenssl\-genpkey\fR\|(1) command should be used instead. +.PP +This command generates an \s-1RSA\s0 private key. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +Output the key to the specified file. If this argument is not specified then +standard output is used. +.IP "\fB\-passout\fR \fIarg\fR" 4 +.IX Item "-passout arg" +The output file password source. For more information about the format +see \*(L"Pass Phrase Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-aes128\fR, \fB\-aes192\fR, \fB\-aes256\fR, \fB\-aria128\fR, \fB\-aria192\fR, \fB\-aria256\fR, \fB\-camellia128\fR, \fB\-camellia192\fR, \fB\-camellia256\fR, \fB\-des\fR, \fB\-des3\fR, \fB\-idea\fR" 4 +.IX Item "-aes128, -aes192, -aes256, -aria128, -aria192, -aria256, -camellia128, -camellia192, -camellia256, -des, -des3, -idea" +These options encrypt the private key with specified +cipher before outputting it. If none of these options is +specified no encryption is used. If encryption is used a pass phrase is prompted +for if it is not supplied via the \fB\-passout\fR argument. +.IP "\fB\-F4\fR, \fB\-f4\fR, \fB\-3\fR" 4 +.IX Item "-F4, -f4, -3" +The public exponent to use, either 65537 or 3. The default is 65537. +.IP "\fB\-primes\fR \fInum\fR" 4 +.IX Item "-primes num" +Specify the number of primes to use while generating the \s-1RSA\s0 key. The \fInum\fR +parameter must be a positive integer that is greater than 1 and less than 16. +If \fInum\fR is greater than 2, then the generated key is called a 'multi\-prime' +\&\s-1RSA\s0 key, which is defined in \s-1RFC\s0 8017. +.IP "\fB\-verbose\fR" 4 +.IX Item "-verbose" +Print extra details about the operations being performed. +.IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 +.IX Item "-rand files, -writerand file" +See \*(L"Random State Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +See \*(L"Engine Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fBnumbits\fR" 4 +.IX Item "numbits" +The size of the private key to generate in bits. This must be the last option +specified. The default is 2048 and values less than 512 are not allowed. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1RSA\s0 private key generation essentially involves the generation of two or more +prime numbers. When generating a private key various symbols will be output to +indicate the progress of the generation. A \fB.\fR represents each number which +has passed an initial sieve test, \fB+\fR means a number has passed a single +round of the Miller-Rabin primality test, \fB*\fR means the current prime starts +a regenerating progress due to some failed tests. A newline means that the number +has passed all the prime tests (the actual number depends on the key size). +.PP +Because key generation is a random process the time taken to generate a key +may vary somewhat. But in general, more primes lead to less generation time +of a key. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIopenssl\-genpkey\fR\|(1), +\&\fIopenssl\-gendsa\fR\|(1) +.SH "HISTORY" +.IX Header "HISTORY" +This command was deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man1/openssl-info.1 b/linux_amd64/share/man/man1/openssl-info.1 new file mode 100755 index 0000000..cf0013d --- /dev/null +++ b/linux_amd64/share/man/man1/openssl-info.1 @@ -0,0 +1,199 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-INFO 1" +.TH OPENSSL-INFO 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-info \- print OpenSSL built\-in information +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl info\fR +[\fB\-help\fR] +[\fB\-configdir\fR] +[\fB\-enginesdir\fR] +[\fB\-modulesdir\fR ] +[\fB\-dsoext\fR] +[\fB\-dirnamesep\fR] +[\fB\-listsep\fR] +[\fB\-seeds\fR] +[\fB\-cpusettings\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command is used to print out information about OpenSSL. +The information is written exactly as it is with no extra text, which +makes useful for scripts. +.PP +As a consequence, only one item may be chosen for each run of this +command. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-configdir\fR" 4 +.IX Item "-configdir" +Outputs the default directory for OpenSSL configuration files. +.IP "\fB\-enginesdir\fR" 4 +.IX Item "-enginesdir" +Outputs the default directory for OpenSSL engine modules. +.IP "\fB\-modulesdir\fR" 4 +.IX Item "-modulesdir" +Outputs the default directory for OpenSSL dynamically loadable modules +other than engine modules. +.IP "\fB\-dsoext\fR" 4 +.IX Item "-dsoext" +Outputs the \s-1DSO\s0 extension OpenSSL uses. +.IP "\fB\-dirnamesep\fR" 4 +.IX Item "-dirnamesep" +Outputs the separator character between a directory specification and +a filename. +Note that on some operating systems, this is not the same as the +separator between directory elements. +.IP "\fB\-listsep\fR" 4 +.IX Item "-listsep" +Outputs the OpenSSL list separator character. +This is typically used to construct \f(CW$PATH\fR (\f(CW\*(C`%PATH%\*(C'\fR on Windows) +style lists. +.IP "\fB\-seeds\fR" 4 +.IX Item "-seeds" +Outputs the randomness seed sources. +.IP "\fB\-cpusettings\fR" 4 +.IX Item "-cpusettings" +Outputs the OpenSSL \s-1CPU\s0 settings info. +.SH "HISTORY" +.IX Header "HISTORY" +This command was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man1/openssl-kdf.1 b/linux_amd64/share/man/man1/openssl-kdf.1 new file mode 100755 index 0000000..dc6a050 --- /dev/null +++ b/linux_amd64/share/man/man1/openssl-kdf.1 @@ -0,0 +1,291 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-KDF 1" +.TH OPENSSL-KDF 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-kdf \- perform Key Derivation Function operations +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl kdf\fR +[\fB\-help\fR] +[\fB\-kdfopt\fR \fInm\fR:\fIv\fR] +[\fB\-keylen\fR \fInum\fR] +[\fB\-out\fR \fIfilename\fR] +[\fB\-binary\fR] +\&\fIkdf_name\fR +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The key derivation functions generate a derived key from either a secret or +password. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print a usage message. +.IP "\fB\-keylen\fR \fInum\fR" 4 +.IX Item "-keylen num" +The output size of the derived key. This field is required. +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +Filename to output to, or standard output by default. +.IP "\fB\-binary\fR" 4 +.IX Item "-binary" +Output the derived key in binary form. Uses hexadecimal text format if not specified. +.IP "\fB\-kdfopt\fR \fInm\fR:\fIv\fR" 4 +.IX Item "-kdfopt nm:v" +Passes options to the \s-1KDF\s0 algorithm. +A comprehensive list of parameters can be found in the \s-1EVP_KDF_CTX\s0 +implementation documentation. +Common parameter names used by \fIEVP_KDF_CTX_set_params()\fR are: +.RS 4 +.IP "\fBkey:\fR\fIstring\fR" 4 +.IX Item "key:string" +Specifies the secret key as an alphanumeric string (use if the key contains +printable characters only). +The string length must conform to any restrictions of the \s-1KDF\s0 algorithm. +A key must be specified for most \s-1KDF\s0 algorithms. +.IP "\fBhexkey:\fR\fIstring\fR" 4 +.IX Item "hexkey:string" +Specifies the secret key in hexadecimal form (two hex digits per byte). +The key length must conform to any restrictions of the \s-1KDF\s0 algorithm. +A key must be specified for most \s-1KDF\s0 algorithms. +.IP "\fBpass:\fR\fIstring\fR" 4 +.IX Item "pass:string" +Specifies the password as an alphanumeric string (use if the password contains +printable characters only). +The password must be specified for \s-1PBKDF2\s0 and scrypt. +.IP "\fBhexpass:\fR\fIstring\fR" 4 +.IX Item "hexpass:string" +Specifies the password in hexadecimal form (two hex digits per byte). +The password must be specified for \s-1PBKDF2\s0 and scrypt. +.IP "\fBdigest:\fR\fIstring\fR" 4 +.IX Item "digest:string" +Specifies the name of a digest as an alphanumeric string. +To see the list of supported digests, use the command \fIlist \-digest\-commands\fR. +.RE +.RS 4 +.RE +.IP "\fIkdf_name\fR" 4 +.IX Item "kdf_name" +Specifies the name of a supported \s-1KDF\s0 algorithm which will be used. +The supported algorithms names include \s-1TLS1\-PRF\s0, \s-1HKDF\s0, \s-1SSKDF\s0, \s-1PBKDF2\s0, +\&\s-1SSHKDF\s0, X942KDF, X963KDF and \s-1SCRYPT\s0. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Use \s-1TLS1\-PRF\s0 to create a hex-encoded derived key from a secret key and seed: +.PP +.Vb 2 +\& openssl kdf \-keylen 16 \-kdfopt digest:SHA2\-256 \-kdfopt key:secret \e +\& \-kdfopt seed:seed TLS1\-PRF +.Ve +.PP +Use \s-1HKDF\s0 to create a hex-encoded derived key from a secret key, salt and info: +.PP +.Vb 2 +\& openssl kdf \-keylen 10 \-kdfopt digest:SHA2\-256 \-kdfopt key:secret \e +\& \-kdfopt salt:salt \-kdfopt info:label HKDF +.Ve +.PP +Use \s-1SSKDF\s0 with \s-1KMAC\s0 to create a hex-encoded derived key from a secret key, salt and info: +.PP +.Vb 3 +\& openssl kdf \-keylen 64 \-kdfopt mac:KMAC\-128 \-kdfopt maclen:20 \e +\& \-kdfopt hexkey:b74a149a161545 \-kdfopt hexinfo:348a37a2 \e +\& \-kdfopt hexsalt:3638271ccd68a2 SSKDF +.Ve +.PP +Use \s-1SSKDF\s0 with \s-1HMAC\s0 to create a hex-encoded derived key from a secret key, salt and info: +.PP +.Vb 3 +\& openssl kdf \-keylen 16 \-kdfopt mac:HMAC \-kdfopt digest:SHA2\-256 \e +\& \-kdfopt hexkey:b74a149a \-kdfopt hexinfo:348a37a2 \e +\& \-kdfopt hexsalt:3638271c SSKDF +.Ve +.PP +Use \s-1SSKDF\s0 with Hash to create a hex-encoded derived key from a secret key, salt and info: +.PP +.Vb 3 +\& openssl kdf \-keylen 14 \-kdfopt digest:SHA2\-256 \e +\& \-kdfopt hexkey:6dbdc23f045488 \e +\& \-kdfopt hexinfo:a1b2c3d4 SSKDF +.Ve +.PP +Use \s-1SSHKDF\s0 to create a hex-encoded derived key from a secret key, hash and session_id: +.PP +.Vb 5 +\& openssl kdf \-keylen 16 \-kdfopt digest:SHA2\-256 \e +\& \-kdfopt hexkey:0102030405 \e +\& \-kdfopt hexxcghash:06090A \e +\& \-kdfopt hexsession_id:01020304 \e +\& \-kdfopt type:A SSHKDF +.Ve +.PP +Use \s-1PBKDF2\s0 to create a hex-encoded derived key from a password and salt: +.PP +.Vb 2 +\& openssl kdf \-keylen 32 \-kdfopt digest:SHA256 \-kdfopt pass:password \e +\& \-kdfopt salt:salt \-kdfopt iter:2 PBKDF2 +.Ve +.PP +Use scrypt to create a hex-encoded derived key from a password and salt: +.PP +.Vb 3 +\& openssl kdf \-keylen 64 \-kdfopt pass:password \-kdfopt salt:NaCl \e +\& \-kdfopt N:1024 \-kdfopt r:8 \-kdfopt p:16 \e +\& \-kdfopt maxmem_bytes:10485760 SCRYPT +.Ve +.SH "NOTES" +.IX Header "NOTES" +The \s-1KDF\s0 mechanisms that are available will depend on the options +used when building OpenSSL. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIopenssl\-pkeyutl\fR\|(1), +\&\s-1\fIEVP_KDF\s0\fR\|(3), +\&\s-1\fIEVP_KDF\-SCRYPT\s0\fR\|(7), +\&\s-1\fIEVP_KDF\-TLS1_PRF\s0\fR\|(7), +\&\s-1\fIEVP_KDF\-PBKDF2\s0\fR\|(7), +\&\s-1\fIEVP_KDF\-HKDF\s0\fR\|(7), +\&\s-1\fIEVP_KDF\-SS\s0\fR\|(7), +\&\s-1\fIEVP_KDF\-SSHKDF\s0\fR\|(7), +\&\s-1\fIEVP_KDF\-X942\s0\fR\|(7), +\&\s-1\fIEVP_KDF\-X963\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +Added in OpenSSL 3.0 +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man1/openssl-list.1 b/linux_amd64/share/man/man1/openssl-list.1 new file mode 100755 index 0000000..fe182d2 --- /dev/null +++ b/linux_amd64/share/man/man1/openssl-list.1 @@ -0,0 +1,245 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-LIST 1" +.TH OPENSSL-LIST 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-list \- list algorithms and features +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl list\fR +[\fB\-help\fR] +[\fB\-verbose\fR] +[\fB\-1\fR] +[\fB\-commands\fR] +[\fB\-digest\-commands\fR] +[\fB\-digest\-algorithms\fR] +[\fB\-kdf\-algorithms\fR] +[\fB\-mac\-algorithms\fR] +[\fB\-cipher\-commands\fR] +[\fB\-cipher\-algorithms\fR] +[\fB\-public\-key\-algorithms\fR] +[\fB\-public\-key\-methods\fR] +[\fB\-engines\fR] +[\fB\-disabled\fR] +[\fB\-objects\fR] +[\fB\-options\fR \fIcommand\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command is used to generate list of algorithms or disabled +features. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Display a usage message. +.IP "\fB\-verbose\fR" 4 +.IX Item "-verbose" +Displays extra information. +The options below where verbosity applies say a bit more about what that means. +.IP "\fB\-1\fR" 4 +.IX Item "-1" +List the commands, digest-commands, or cipher-commands in a single column. +If used, this option must be given first. +.IP "\fB\-commands\fR" 4 +.IX Item "-commands" +Display a list of standard commands. +.IP "\fB\-digest\-commands\fR" 4 +.IX Item "-digest-commands" +Display a list of message digest commands, which are typically used +as input to the \fIopenssl\-dgst\fR\|(1) or \fIopenssl\-speed\fR\|(1) commands. +.IP "\fB\-cipher\-commands\fR" 4 +.IX Item "-cipher-commands" +Display a list of cipher commands, which are typically used as input +to the \fIopenssl\-dgst\fR\|(1) or \fIopenssl\-speed\fR\|(1) commands. +.IP "\fB\-digest\-algorithms\fR, \fB\-kdf\-algorithms\fR, \fB\-mac\-algorithms\fR, \fB\-cipher\-algorithms\fR" 4 +.IX Item "-digest-algorithms, -kdf-algorithms, -mac-algorithms, -cipher-algorithms" +Display a list of cipher, digest, kdf and mac algorithms. +See \*(L"Display of algorithm names\*(R" for a description of how names are +displayed. +.Sp +In verbose mode, the algorithms provided by a provider will get additional +information on what parameters each implementation supports. +.IP "\fB\-public\-key\-algorithms\fR" 4 +.IX Item "-public-key-algorithms" +Display a list of public key algorithms, with each algorithm as +a block of multiple lines, all but the first are indented. +.IP "\fB\-public\-key\-methods\fR" 4 +.IX Item "-public-key-methods" +Display a list of public key method OIDs. +.IP "\fB\-engines\fR" 4 +.IX Item "-engines" +Display a list of loaded engines. +.IP "\fB\-disabled\fR" 4 +.IX Item "-disabled" +Display a list of disabled features, those that were compiled out +of the installation. +.IP "\fB\-objects\fR" 4 +.IX Item "-objects" +Display a list of built in objects, i.e. OIDs with names. They're listed in the +format described in \*(L"\s-1ASN1\s0 Object Configuration Module\*(R" in \fIconfig\fR\|(5). +.IP "\fB\-options\fR \fIcommand\fR" 4 +.IX Item "-options command" +Output a two-column list of the options accepted by the specified \fIcommand\fR. +The first is the option name, and the second is a one-character indication +of what type of parameter it takes, if any. +This is an internal option, used for checking that the documentation +is complete. +.SS "Display of algorithm names" +.IX Subsection "Display of algorithm names" +Algorithm names may be displayed in one of two manners: +.IP "Legacy implementations" 4 +.IX Item "Legacy implementations" +Legacy implementations will simply display the main name of the +algorithm on a line of its own, or in the form \f(CW\*(C`> to show +that \f(CW\*(C`foo\*(C'\fR is an alias for the main name, \f(CW\*(C`bar\*(C'\fR +.IP "Provided implementations" 4 +.IX Item "Provided implementations" +Implementations from a provider are displayed like this if the +implementation is labeled with a single name: +.Sp +.Vb 1 +\& foo @ bar +.Ve +.Sp +or like this if it's labeled with multiple names: +.Sp +.Vb 1 +\& { foo1, foo2 } @bar +.Ve +.Sp +In both cases, \f(CW\*(C`bar\*(C'\fR is the name of the provider. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man1/openssl-mac.1 b/linux_amd64/share/man/man1/openssl-mac.1 new file mode 100755 index 0000000..9d1e597 --- /dev/null +++ b/linux_amd64/share/man/man1/openssl-mac.1 @@ -0,0 +1,263 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-MAC 1" +.TH OPENSSL-MAC 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-mac \- perform Message Authentication Code operations +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl mac\fR +[\fB\-help\fR] +[\fB\-macopt\fR] +[\fB\-in\fR \fIfilename\fR] +[\fB\-out\fR \fIfilename\fR] +[\fB\-binary\fR] +\&\fImac_name\fR +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The message authentication code functions output the \s-1MAC\s0 of a supplied input +file. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print a usage message. +.IP "\fB\-in\fR \fIfilename\fR" 4 +.IX Item "-in filename" +Input filename to calculate a \s-1MAC\s0 for, or standard input by default. +Standard input is used if the filename is '\-'. +Files are expected to be in binary format, standard input uses hexadecimal text +format. +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +Filename to output to, or standard output by default. +.IP "\fB\-binary\fR" 4 +.IX Item "-binary" +Output the \s-1MAC\s0 in binary form. Uses hexadecimal text format if not specified. +.IP "\fB\-macopt\fR \fInm\fR:\fIv\fR" 4 +.IX Item "-macopt nm:v" +Passes options to the \s-1MAC\s0 algorithm. +A comprehensive list of controls can be found in the \s-1EVP_MAC\s0 implementation +documentation. +Common parameter names used by \fIEVP_MAC_CTX_get_params()\fR are: +.RS 4 +.IP "\fBkey:\fR\fIstring\fR" 4 +.IX Item "key:string" +Specifies the \s-1MAC\s0 key as an alphanumeric string (use if the key contains +printable characters only). +The string length must conform to any restrictions of the \s-1MAC\s0 algorithm. +A key must be specified for every \s-1MAC\s0 algorithm. +.IP "\fBhexkey:\fR\fIstring\fR" 4 +.IX Item "hexkey:string" +Specifies the \s-1MAC\s0 key in hexadecimal form (two hex digits per byte). +The key length must conform to any restrictions of the \s-1MAC\s0 algorithm. +A key must be specified for every \s-1MAC\s0 algorithm. +.IP "\fBdigest:\fR\fIstring\fR" 4 +.IX Item "digest:string" +Used by \s-1HMAC\s0 as an alphanumeric string (use if the key contains printable +characters only). +The string length must conform to any restrictions of the \s-1MAC\s0 algorithm. +To see the list of supported digests, use \f(CW\*(C`openssl list \-digest\-commands\*(C'\fR. +.IP "\fBcipher:\fR\fIstring\fR" 4 +.IX Item "cipher:string" +Used by \s-1CMAC\s0 and \s-1GMAC\s0 to specify the cipher algorithm. +For \s-1CMAC\s0 it must be one of \s-1AES\-128\-CBC\s0, \s-1AES\-192\-CBC\s0, \s-1AES\-256\-CBC\s0 or +\&\s-1DES\-EDE3\-CBC\s0. +For \s-1GMAC\s0 it should be a \s-1GCM\s0 mode cipher e.g. \s-1AES\-128\-GCM\s0. +.IP "\fBiv:\fR\fIstring\fR" 4 +.IX Item "iv:string" +Used by \s-1GMAC\s0 to specify an \s-1IV\s0 as an alphanumeric string (use if the \s-1IV\s0 contains +printable characters only). +.IP "\fBhexiv:\fR\fIstring\fR" 4 +.IX Item "hexiv:string" +Used by \s-1GMAC\s0 to specify an \s-1IV\s0 in hexadecimal form (two hex digits per byte). +.IP "\fBsize:\fR\fIint\fR" 4 +.IX Item "size:int" +Used by \s-1KMAC128\s0 or \s-1KMAC256\s0 to specify an output length. +The default sizes are 32 or 64 bytes respectively. +.IP "\fBcustom:\fR\fIstring\fR" 4 +.IX Item "custom:string" +Used by \s-1KMAC128\s0 or \s-1KMAC256\s0 to specify a customization string. +The default is the empty string "". +.RE +.RS 4 +.RE +.IP "\fImac_name\fR" 4 +.IX Item "mac_name" +Specifies the name of a supported \s-1MAC\s0 algorithm which will be used. +To see the list of supported \s-1MAC\s0's use the command \f(CW\*(C`opensssl list +\&\-mac\-algorithms\*(C'\fR. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +To create a hex-encoded \s-1HMAC\-SHA1\s0 \s-1MAC\s0 of a file and write to stdout: \e + openssl mac \-macopt digest:SHA1 \e + \-macopt hexkey:000102030405060708090A0B0C0D0E0F10111213 \e + \-in msg.bin \s-1HMAC\s0 +.PP +To create a SipHash \s-1MAC\s0 from a file with a binary file output: \e + openssl mac \-macopt hexkey:000102030405060708090A0B0C0D0E0F \e + \-in msg.bin \-out out.bin \-binary SipHash +.PP +To create a hex-encoded \s-1CMAC\-AES\-128\-CBC\s0 \s-1MAC\s0 from a file:\e + openssl mac \-macopt cipher:AES\-128\-CBC \e + \-macopt hexkey:77A77FAF290C1FA30C683DF16BA7A77B \e + \-in msg.bin \s-1CMAC\s0 +.PP +To create a hex-encoded \s-1KMAC128\s0 \s-1MAC\s0 from a file with a Customisation String +\&'Tag' and output length of 16: \e + openssl mac \-macopt custom:Tag \-macopt hexkey:40414243444546 \e + \-macopt size:16 \-in msg.bin \s-1KMAC128\s0 +.PP +To create a hex-encoded \s-1GMAC\-AES\-128\-GCM\s0 with a \s-1IV\s0 from a file: \e + openssl mac \-macopt cipher:AES\-128\-GCM \-macopt hexiv:E0E00F19FED7BA0136A797F3 \e + \-macopt hexkey:77A77FAF290C1FA30C683DF16BA7A77B \-in msg.bin \s-1GMAC\s0 +.SH "NOTES" +.IX Header "NOTES" +The \s-1MAC\s0 mechanisms that are available will depend on the options +used when building OpenSSL. +Use \f(CW\*(C`openssl list \-mac\-algorithms\*(C'\fR to list them. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\s-1\fIEVP_MAC\s0\fR\|(3), +\&\s-1\fIEVP_MAC\-CMAC\s0\fR\|(7), +\&\s-1\fIEVP_MAC\-GMAC\s0\fR\|(7), +\&\s-1\fIEVP_MAC\-HMAC\s0\fR\|(7), +\&\s-1\fIEVP_MAC\-KMAC\s0\fR\|(7), +\&\fIEVP_MAC\-Siphash\fR\|(7), +\&\fIEVP_MAC\-Poly1305\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man1/openssl-nseq.1 b/linux_amd64/share/man/man1/openssl-nseq.1 new file mode 100755 index 0000000..e9d4a26 --- /dev/null +++ b/linux_amd64/share/man/man1/openssl-nseq.1 @@ -0,0 +1,190 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-NSEQ 1" +.TH OPENSSL-NSEQ 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-nseq \- create or examine a Netscape certificate sequence +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBnseq\fR +[\fB\-help\fR] +[\fB\-in\fR \fIfilename\fR] +[\fB\-out\fR \fIfilename\fR] +[\fB\-toseq\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command takes a file containing a Netscape certificate +sequence and prints out the certificates contained in it or takes a +file of certificates and converts it into a Netscape certificate +sequence. +.PP +A Netscape certificate sequence is an old Netscape-specific format that +can be sometimes be sent to browsers as an alternative to the standard PKCS#7 +format when several certificates are sent to the browser, for example during +certificate enrollment. It was also used by Netscape certificate server. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-in\fR \fIfilename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read or standard input if this +option is not specified. +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +Specifies the output filename or standard output by default. +.IP "\fB\-toseq\fR" 4 +.IX Item "-toseq" +Normally a Netscape certificate sequence will be input and the output +is the certificates contained in it. With the \fB\-toseq\fR option the +situation is reversed: a Netscape certificate sequence is created from +a file of certificates. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Output the certificates in a Netscape certificate sequence +.PP +.Vb 1 +\& openssl nseq \-in nseq.pem \-out certs.pem +.Ve +.PP +Create a Netscape certificate sequence +.PP +.Vb 1 +\& openssl nseq \-in certs.pem \-toseq \-out nseq.pem +.Ve +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man1/openssl-ocsp.1 b/linux_amd64/share/man/man1/openssl-ocsp.1 new file mode 100755 index 0000000..c405d75 --- /dev/null +++ b/linux_amd64/share/man/man1/openssl-ocsp.1 @@ -0,0 +1,599 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-OCSP 1" +.TH OPENSSL-OCSP 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-ocsp \- Online Certificate Status Protocol utility +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.SS "\s-1OCSP\s0 Client" +.IX Subsection "OCSP Client" +\&\fBopenssl\fR \fBocsp\fR +[\fB\-help\fR] +[\fB\-out\fR \fIfile\fR] +[\fB\-issuer\fR \fIfile\fR] +[\fB\-cert\fR \fIfile\fR] +[\fB\-serial\fR \fIn\fR] +[\fB\-signer\fR \fIfile\fR] +[\fB\-signkey\fR \fIfile\fR] +[\fB\-sign_other\fR \fIfile\fR] +[\fB\-nonce\fR] +[\fB\-no_nonce\fR] +[\fB\-req_text\fR] +[\fB\-resp_text\fR] +[\fB\-text\fR] +[\fB\-no_certs\fR] +[\fB\-reqout\fR \fIfile\fR] +[\fB\-respout\fR \fIfile\fR] +[\fB\-reqin\fR \fIfile\fR] +[\fB\-respin\fR \fIfile\fR] +[\fB\-url\fR \fI\s-1URL\s0\fR] +[\fB\-host\fR \fIhost\fR:\fIport\fR] +[\fB\-header\fR] +[\fB\-timeout\fR \fIseconds\fR] +[\fB\-path\fR] +[\fB\-VAfile\fR \fIfile\fR] +[\fB\-validity_period\fR \fIn\fR] +[\fB\-status_age\fR \fIn\fR] +[\fB\-noverify\fR] +[\fB\-verify_other\fR \fIfile\fR] +[\fB\-trust_other\fR] +[\fB\-no_intern\fR] +[\fB\-no_signature_verify\fR] +[\fB\-no_cert_verify\fR] +[\fB\-no_chain\fR] +[\fB\-no_cert_checks\fR] +[\fB\-no_explicit\fR] +[\fB\-port\fR \fInum\fR] +[\fB\-ignore_err\fR] +.SS "\s-1OCSP\s0 Server" +.IX Subsection "OCSP Server" +\&\fBopenssl\fR \fBocsp\fR +[\fB\-index\fR \fIfile\fR] +[\fB\-CA\fR \fIfile\fR] +[\fB\-rsigner\fR \fIfile\fR] +[\fB\-rkey\fR \fIfile\fR] +[\fB\-passin\fR \fIarg\fR] +[\fB\-rother\fR \fIfile\fR] +[\fB\-rsigopt\fR \fInm\fR:\fIv\fR] +[\fB\-rmd\fR \fIdigest\fR] +[\fB\-badsig\fR] +[\fB\-resp_no_certs\fR] +[\fB\-nmin\fR \fIn\fR] +[\fB\-ndays\fR \fIn\fR] +[\fB\-resp_key_id\fR] +[\fB\-nrequest\fR \fIn\fR] +[\fB\-multi\fR \fIprocess-count\fR] +[\fB\-rcid\fR \fIdigest\fR] +[\fB\-\f(BIdigest\fB\fR] +[\fB\-CAfile\fR \fIfile\fR] +[\fB\-no\-CAfile\fR] +[\fB\-CApath\fR \fIdir\fR] +[\fB\-no\-CApath\fR] +[\fB\-CAstore\fR \fIuri\fR] +[\fB\-no\-CAstore\fR] +[\fB\-allow_proxy_certs\fR] +[\fB\-attime\fR \fItimestamp\fR] +[\fB\-no_check_time\fR] +[\fB\-check_ss_sig\fR] +[\fB\-crl_check\fR] +[\fB\-crl_check_all\fR] +[\fB\-explicit_policy\fR] +[\fB\-extended_crl\fR] +[\fB\-ignore_critical\fR] +[\fB\-inhibit_any\fR] +[\fB\-inhibit_map\fR] +[\fB\-partial_chain\fR] +[\fB\-policy\fR \fIarg\fR] +[\fB\-policy_check\fR] +[\fB\-policy_print\fR] +[\fB\-purpose\fR \fIpurpose\fR] +[\fB\-suiteB_128\fR] +[\fB\-suiteB_128_only\fR] +[\fB\-suiteB_192\fR] +[\fB\-trusted_first\fR] +[\fB\-no_alt_chains\fR] +[\fB\-use_deltas\fR] +[\fB\-auth_level\fR \fInum\fR] +[\fB\-verify_depth\fR \fInum\fR] +[\fB\-verify_email\fR \fIemail\fR] +[\fB\-verify_hostname\fR \fIhostname\fR] +[\fB\-verify_ip\fR \fIip\fR] +[\fB\-verify_name\fR \fIname\fR] +[\fB\-x509_strict\fR] +[\fB\-issuer_checks\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The Online Certificate Status Protocol (\s-1OCSP\s0) enables applications to +determine the (revocation) state of an identified certificate (\s-1RFC\s0 2560). +.PP +This command performs many common \s-1OCSP\s0 tasks. It can be used +to print out requests and responses, create requests and send queries +to an \s-1OCSP\s0 responder and behave like a mini \s-1OCSP\s0 server itself. +.SH "OPTIONS" +.IX Header "OPTIONS" +This command operates as either a client or a server. +The options are described below, divided into those two modes. +.SS "\s-1OCSP\s0 Client Options" +.IX Subsection "OCSP Client Options" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +specify output filename, default is standard output. +.IP "\fB\-issuer\fR \fIfilename\fR" 4 +.IX Item "-issuer filename" +This specifies the current issuer certificate. This option can be used +multiple times. The certificate specified in \fIfilename\fR must be in +\&\s-1PEM\s0 format. This option \fB\s-1MUST\s0\fR come before any \fB\-cert\fR options. +.IP "\fB\-cert\fR \fIfilename\fR" 4 +.IX Item "-cert filename" +Add the certificate \fIfilename\fR to the request. The issuer certificate +is taken from the previous \fB\-issuer\fR option, or an error occurs if no +issuer certificate is specified. +.IP "\fB\-serial\fR \fInum\fR" 4 +.IX Item "-serial num" +Same as the \fB\-cert\fR option except the certificate with serial number +\&\fBnum\fR is added to the request. The serial number is interpreted as a +decimal integer unless preceded by \f(CW\*(C`0x\*(C'\fR. Negative integers can also +be specified by preceding the value by a \f(CW\*(C`\-\*(C'\fR sign. +.IP "\fB\-signer\fR \fIfilename\fR, \fB\-signkey\fR \fIfilename\fR" 4 +.IX Item "-signer filename, -signkey filename" +Sign the \s-1OCSP\s0 request using the certificate specified in the \fB\-signer\fR +option and the private key specified by the \fB\-signkey\fR option. If +the \fB\-signkey\fR option is not present then the private key is read +from the same file as the certificate. If neither option is specified then +the \s-1OCSP\s0 request is not signed. +.IP "\fB\-sign_other\fR \fIfilename\fR" 4 +.IX Item "-sign_other filename" +Additional certificates to include in the signed request. +.IP "\fB\-nonce\fR, \fB\-no_nonce\fR" 4 +.IX Item "-nonce, -no_nonce" +Add an \s-1OCSP\s0 nonce extension to a request or disable \s-1OCSP\s0 nonce addition. +Normally if an \s-1OCSP\s0 request is input using the \fB\-reqin\fR option no +nonce is added: using the \fB\-nonce\fR option will force addition of a nonce. +If an \s-1OCSP\s0 request is being created (using \fB\-cert\fR and \fB\-serial\fR options) +a nonce is automatically added specifying \fB\-no_nonce\fR overrides this. +.IP "\fB\-req_text\fR, \fB\-resp_text\fR, \fB\-text\fR" 4 +.IX Item "-req_text, -resp_text, -text" +Print out the text form of the \s-1OCSP\s0 request, response or both respectively. +.IP "\fB\-reqout\fR \fIfile\fR, \fB\-respout\fR \fIfile\fR" 4 +.IX Item "-reqout file, -respout file" +Write out the \s-1DER\s0 encoded certificate request or response to \fIfile\fR. +.IP "\fB\-reqin\fR \fIfile\fR, \fB\-respin\fR \fIfile\fR" 4 +.IX Item "-reqin file, -respin file" +Read \s-1OCSP\s0 request or response file from \fIfile\fR. These option are ignored +if \s-1OCSP\s0 request or response creation is implied by other options (for example +with \fB\-serial\fR, \fB\-cert\fR and \fB\-host\fR options). +.IP "\fB\-url\fR \fIresponder_url\fR" 4 +.IX Item "-url responder_url" +Specify the responder \s-1URL\s0. Both \s-1HTTP\s0 and \s-1HTTPS\s0 (\s-1SSL/TLS\s0) URLs can be specified. +.IP "\fB\-host\fR \fIhostname\fR:\fIport\fR, \fB\-path\fR \fIpathname\fR" 4 +.IX Item "-host hostname:port, -path pathname" +If the \fB\-host\fR option is present then the \s-1OCSP\s0 request is sent to the host +\&\fIhostname\fR on port \fIport\fR. The \fB\-path\fR option specifies the \s-1HTTP\s0 pathname +to use or \*(L"/\*(R" by default. This is equivalent to specifying \fB\-url\fR with scheme +http:// and the given hostname, port, and pathname. +.IP "\fB\-header\fR \fIname\fR=\fIvalue\fR" 4 +.IX Item "-header name=value" +Adds the header \fIname\fR with the specified \fIvalue\fR to the \s-1OCSP\s0 request +that is sent to the responder. +This may be repeated. +.IP "\fB\-timeout\fR \fIseconds\fR" 4 +.IX Item "-timeout seconds" +Connection timeout to the \s-1OCSP\s0 responder in seconds. +On \s-1POSIX\s0 systems, when running as an \s-1OCSP\s0 responder, this option also limits +the time that the responder is willing to wait for the client request. +This time is measured from the time the responder accepts the connection until +the complete request is received. +.IP "\fB\-verify_other\fR \fIfile\fR" 4 +.IX Item "-verify_other file" +File containing additional certificates to search when attempting to locate +the \s-1OCSP\s0 response signing certificate. Some responders omit the actual signer's +certificate from the response: this option can be used to supply the necessary +certificate in such cases. +.IP "\fB\-trust_other\fR" 4 +.IX Item "-trust_other" +The certificates specified by the \fB\-verify_other\fR option should be explicitly +trusted and no additional checks will be performed on them. This is useful +when the complete responder certificate chain is not available or trusting a +root \s-1CA\s0 is not appropriate. +.IP "\fB\-VAfile\fR \fIfile\fR" 4 +.IX Item "-VAfile file" +File containing explicitly trusted responder certificates. Equivalent to the +\&\fB\-verify_other\fR and \fB\-trust_other\fR options. +.IP "\fB\-noverify\fR" 4 +.IX Item "-noverify" +Don't attempt to verify the \s-1OCSP\s0 response signature or the nonce +values. This option will normally only be used for debugging since it +disables all verification of the responders certificate. +.IP "\fB\-no_intern\fR" 4 +.IX Item "-no_intern" +Ignore certificates contained in the \s-1OCSP\s0 response when searching for the +signers certificate. With this option the signers certificate must be specified +with either the \fB\-verify_other\fR or \fB\-VAfile\fR options. +.IP "\fB\-no_signature_verify\fR" 4 +.IX Item "-no_signature_verify" +Don't check the signature on the \s-1OCSP\s0 response. Since this option +tolerates invalid signatures on \s-1OCSP\s0 responses it will normally only be +used for testing purposes. +.IP "\fB\-no_cert_verify\fR" 4 +.IX Item "-no_cert_verify" +Don't verify the \s-1OCSP\s0 response signers certificate at all. Since this +option allows the \s-1OCSP\s0 response to be signed by any certificate it should +only be used for testing purposes. +.IP "\fB\-no_chain\fR" 4 +.IX Item "-no_chain" +Do not use certificates in the response as additional untrusted \s-1CA\s0 +certificates. +.IP "\fB\-no_explicit\fR" 4 +.IX Item "-no_explicit" +Do not explicitly trust the root \s-1CA\s0 if it is set to be trusted for \s-1OCSP\s0 signing. +.IP "\fB\-no_cert_checks\fR" 4 +.IX Item "-no_cert_checks" +Don't perform any additional checks on the \s-1OCSP\s0 response signers certificate. +That is do not make any checks to see if the signers certificate is authorised +to provide the necessary status information: as a result this option should +only be used for testing purposes. +.IP "\fB\-validity_period\fR \fInsec\fR, \fB\-status_age\fR \fIage\fR" 4 +.IX Item "-validity_period nsec, -status_age age" +These options specify the range of times, in seconds, which will be tolerated +in an \s-1OCSP\s0 response. Each certificate status response includes a \fBnotBefore\fR +time and an optional \fBnotAfter\fR time. The current time should fall between +these two values, but the interval between the two times may be only a few +seconds. In practice the \s-1OCSP\s0 responder and clients clocks may not be precisely +synchronised and so such a check may fail. To avoid this the +\&\fB\-validity_period\fR option can be used to specify an acceptable error range in +seconds, the default value is 5 minutes. +.Sp +If the \fBnotAfter\fR time is omitted from a response then this means that new +status information is immediately available. In this case the age of the +\&\fBnotBefore\fR field is checked to see it is not older than \fIage\fR seconds old. +By default this additional check is not performed. +.IP "\fB\-rcid\fR \fIdigest\fR" 4 +.IX Item "-rcid digest" +This option sets the digest algorithm to use for certificate identification +in the \s-1OCSP\s0 response. Any digest supported by the \fIopenssl\-dgst\fR\|(1) command can +be used. The default is the same digest algorithm used in the request. +.IP "\fB\-\f(BIdigest\fB\fR" 4 +.IX Item "-digest" +This option sets digest algorithm to use for certificate identification in the +\&\s-1OCSP\s0 request. Any digest supported by the OpenSSL \fBdgst\fR command can be used. +The default is \s-1SHA\-1\s0. This option may be used multiple times to specify the +digest used by subsequent certificate identifiers. +.IP "\fB\-CAfile\fR \fIfile\fR, \fB\-no\-CAfile\fR, \fB\-CApath\fR \fIdir\fR, \fB\-no\-CApath\fR, \fB\-CAstore\fR \fIuri\fR, \fB\-no\-CAstore\fR" 4 +.IX Item "-CAfile file, -no-CAfile, -CApath dir, -no-CApath, -CAstore uri, -no-CAstore" +See \*(L"Trusted Certificate Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-allow_proxy_certs\fR, \fB\-attime\fR, \fB\-no_check_time\fR, \fB\-check_ss_sig\fR, \fB\-crl_check\fR, \fB\-crl_check_all\fR, \fB\-explicit_policy\fR, \fB\-extended_crl\fR, \fB\-ignore_critical\fR, \fB\-inhibit_any\fR, \fB\-inhibit_map\fR, \fB\-no_alt_chains\fR, \fB\-partial_chain\fR, \fB\-policy\fR, \fB\-policy_check\fR, \fB\-policy_print\fR, \fB\-purpose\fR, \fB\-suiteB_128\fR, \fB\-suiteB_128_only\fR, \fB\-suiteB_192\fR, \fB\-trusted_first\fR, \fB\-use_deltas\fR, \fB\-auth_level\fR, \fB\-verify_depth\fR, \fB\-verify_email\fR, \fB\-verify_hostname\fR, \fB\-verify_ip\fR, \fB\-verify_name\fR, \fB\-x509_strict\fR \fB\-issuer_checks\fR" 4 +.IX Item "-allow_proxy_certs, -attime, -no_check_time, -check_ss_sig, -crl_check, -crl_check_all, -explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, -inhibit_map, -no_alt_chains, -partial_chain, -policy, -policy_check, -policy_print, -purpose, -suiteB_128, -suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, -auth_level, -verify_depth, -verify_email, -verify_hostname, -verify_ip, -verify_name, -x509_strict -issuer_checks" +Set various options of certificate chain verification. +See \*(L"Verification Options\*(R" in \fIopenssl\fR\|(1) for details. +.SS "\s-1OCSP\s0 Server Options" +.IX Subsection "OCSP Server Options" +.IP "\fB\-index\fR \fIindexfile\fR" 4 +.IX Item "-index indexfile" +The \fIindexfile\fR parameter is the name of a text index file in \fBca\fR +format containing certificate revocation information. +.Sp +If the \fB\-index\fR option is specified then this command switches to +responder mode, otherwise it is in client mode. The request(s) the responder +processes can be either specified on the command line (using \fB\-issuer\fR +and \fB\-serial\fR options), supplied in a file (using the \fB\-reqin\fR option) +or via external \s-1OCSP\s0 clients (if \fB\-port\fR or \fB\-url\fR is specified). +.Sp +If the \fB\-index\fR option is present then the \fB\-CA\fR and \fB\-rsigner\fR options +must also be present. +.IP "\fB\-CA\fR \fIfile\fR" 4 +.IX Item "-CA file" +\&\s-1CA\s0 certificate corresponding to the revocation information in the index +file given with \fB\-index\fR. +.IP "\fB\-rsigner\fR \fIfile\fR" 4 +.IX Item "-rsigner file" +The certificate to sign \s-1OCSP\s0 responses with. +.IP "\fB\-rkey\fR \fIfile\fR" 4 +.IX Item "-rkey file" +The private key to sign \s-1OCSP\s0 responses with: if not present the file +specified in the \fB\-rsigner\fR option is used. +.IP "\fB\-passin\fR \fIarg\fR" 4 +.IX Item "-passin arg" +The private key password source. For more information about the format of \fIarg\fR +see \*(L"Pass Phrase Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-rother\fR \fIfile\fR" 4 +.IX Item "-rother file" +Additional certificates to include in the \s-1OCSP\s0 response. +.IP "\fB\-rsigopt\fR \fInm\fR:\fIv\fR" 4 +.IX Item "-rsigopt nm:v" +Pass options to the signature algorithm when signing \s-1OCSP\s0 responses. +Names and values of these options are algorithm-specific. +.IP "\fB\-rmd\fR \fIdigest\fR" 4 +.IX Item "-rmd digest" +The digest to use when signing the response. +.IP "\fB\-badsig\fR" 4 +.IX Item "-badsig" +Corrupt the response signature before writing it; this can be useful +for testing. +.IP "\fB\-resp_no_certs\fR" 4 +.IX Item "-resp_no_certs" +Don't include any certificates in the \s-1OCSP\s0 response. +.IP "\fB\-resp_key_id\fR" 4 +.IX Item "-resp_key_id" +Identify the signer certificate using the key \s-1ID\s0, default is to use the +subject name. +.IP "\fB\-port\fR \fIportnum\fR" 4 +.IX Item "-port portnum" +Port to listen for \s-1OCSP\s0 requests on. The port may also be specified +using the \fBurl\fR option. +.IP "\fB\-ignore_err\fR" 4 +.IX Item "-ignore_err" +Ignore malformed requests or responses: When acting as an \s-1OCSP\s0 client, retry if +a malformed response is received. When acting as an \s-1OCSP\s0 responder, continue +running instead of terminating upon receiving a malformed request. +.IP "\fB\-nrequest\fR \fInumber\fR" 4 +.IX Item "-nrequest number" +The \s-1OCSP\s0 server will exit after receiving \fInumber\fR requests, default unlimited. +.IP "\fB\-multi\fR \fIprocess-count\fR" 4 +.IX Item "-multi process-count" +Run the specified number of \s-1OCSP\s0 responder child processes, with the parent +process respawning child processes as needed. +Child processes will detect changes in the \s-1CA\s0 index file and automatically +reload it. +When running as a responder \fB\-timeout\fR option is recommended to limit the time +each child is willing to wait for the client's \s-1OCSP\s0 response. +This option is available on \s-1POSIX\s0 systems (that support the \fIfork()\fR and other +required unix system-calls). +.IP "\fB\-nmin\fR \fIminutes\fR, \fB\-ndays\fR \fIdays\fR" 4 +.IX Item "-nmin minutes, -ndays days" +Number of minutes or days when fresh revocation information is available: +used in the \fBnextUpdate\fR field. If neither option is present then the +\&\fBnextUpdate\fR field is omitted meaning fresh revocation information is +immediately available. +.SH "OCSP RESPONSE VERIFICATION" +.IX Header "OCSP RESPONSE VERIFICATION" +\&\s-1OCSP\s0 Response follows the rules specified in \s-1RFC2560\s0. +.PP +Initially the \s-1OCSP\s0 responder certificate is located and the signature on +the \s-1OCSP\s0 request checked using the responder certificate's public key. +.PP +Then a normal certificate verify is performed on the \s-1OCSP\s0 responder certificate +building up a certificate chain in the process. The locations of the trusted +certificates used to build the chain can be specified by the \fB\-CAfile\fR, +\&\fB\-CApath\fR or \fB\-CAstore\fR options or they will be looked for in the +standard OpenSSL certificates directory. +.PP +If the initial verify fails then the \s-1OCSP\s0 verify process halts with an +error. +.PP +Otherwise the issuing \s-1CA\s0 certificate in the request is compared to the \s-1OCSP\s0 +responder certificate: if there is a match then the \s-1OCSP\s0 verify succeeds. +.PP +Otherwise the \s-1OCSP\s0 responder certificate's \s-1CA\s0 is checked against the issuing +\&\s-1CA\s0 certificate in the request. If there is a match and the OCSPSigning +extended key usage is present in the \s-1OCSP\s0 responder certificate then the +\&\s-1OCSP\s0 verify succeeds. +.PP +Otherwise, if \fB\-no_explicit\fR is \fBnot\fR set the root \s-1CA\s0 of the \s-1OCSP\s0 responders +\&\s-1CA\s0 is checked to see if it is trusted for \s-1OCSP\s0 signing. If it is the \s-1OCSP\s0 +verify succeeds. +.PP +If none of these checks is successful then the \s-1OCSP\s0 verify fails. +.PP +What this effectively means if that if the \s-1OCSP\s0 responder certificate is +authorised directly by the \s-1CA\s0 it is issuing revocation information about +(and it is correctly configured) then verification will succeed. +.PP +If the \s-1OCSP\s0 responder is a \*(L"global responder\*(R" which can give details about +multiple CAs and has its own separate certificate chain then its root +\&\s-1CA\s0 can be trusted for \s-1OCSP\s0 signing. For example: +.PP +.Vb 1 +\& openssl x509 \-in ocspCA.pem \-addtrust OCSPSigning \-out trustedCA.pem +.Ve +.PP +Alternatively the responder certificate itself can be explicitly trusted +with the \fB\-VAfile\fR option. +.SH "NOTES" +.IX Header "NOTES" +As noted, most of the verify options are for testing or debugging purposes. +Normally only the \fB\-CApath\fR, \fB\-CAfile\fR, \fB\-CAstore\fR and (if the responder +is a 'global \s-1VA\s0') \fB\-VAfile\fR options need to be used. +.PP +The \s-1OCSP\s0 server is only useful for test and demonstration purposes: it is +not really usable as a full \s-1OCSP\s0 responder. It contains only a very +simple \s-1HTTP\s0 request handling and can only handle the \s-1POST\s0 form of \s-1OCSP\s0 +queries. It also handles requests serially meaning it cannot respond to +new requests until it has processed the current one. The text index file +format of revocation is also inefficient for large quantities of revocation +data. +.PP +It is possible to run this command in responder mode via a \s-1CGI\s0 +script using the \fB\-reqin\fR and \fB\-respout\fR options. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Create an \s-1OCSP\s0 request and write it to a file: +.PP +.Vb 1 +\& openssl ocsp \-issuer issuer.pem \-cert c1.pem \-cert c2.pem \-reqout req.der +.Ve +.PP +Send a query to an \s-1OCSP\s0 responder with \s-1URL\s0 http://ocsp.myhost.com/ save the +response to a file, print it out in text form, and verify the response: +.PP +.Vb 2 +\& openssl ocsp \-issuer issuer.pem \-cert c1.pem \-cert c2.pem \e +\& \-url http://ocsp.myhost.com/ \-resp_text \-respout resp.der +.Ve +.PP +Read in an \s-1OCSP\s0 response and print out text form: +.PP +.Vb 1 +\& openssl ocsp \-respin resp.der \-text \-noverify +.Ve +.PP +\&\s-1OCSP\s0 server on port 8888 using a standard \fBca\fR configuration, and a separate +responder certificate. All requests and responses are printed to a file. +.PP +.Vb 2 +\& openssl ocsp \-index demoCA/index.txt \-port 8888 \-rsigner rcert.pem \-CA demoCA/cacert.pem +\& \-text \-out log.txt +.Ve +.PP +As above but exit after processing one request: +.PP +.Vb 2 +\& openssl ocsp \-index demoCA/index.txt \-port 8888 \-rsigner rcert.pem \-CA demoCA/cacert.pem +\& \-nrequest 1 +.Ve +.PP +Query status information using an internally generated request: +.PP +.Vb 2 +\& openssl ocsp \-index demoCA/index.txt \-rsigner rcert.pem \-CA demoCA/cacert.pem +\& \-issuer demoCA/cacert.pem \-serial 1 +.Ve +.PP +Query status information using request read from a file, and write the response +to a second file. +.PP +.Vb 2 +\& openssl ocsp \-index demoCA/index.txt \-rsigner rcert.pem \-CA demoCA/cacert.pem +\& \-reqin req.der \-respout resp.der +.Ve +.SH "HISTORY" +.IX Header "HISTORY" +The \-no_alt_chains option was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man1/openssl-passwd.1 b/linux_amd64/share/man/man1/openssl-passwd.1 new file mode 100755 index 0000000..47b07ae --- /dev/null +++ b/linux_amd64/share/man/man1/openssl-passwd.1 @@ -0,0 +1,236 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-PASSWD 1" +.TH OPENSSL-PASSWD 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-passwd \- compute password hashes +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl passwd\fR +[\fB\-help\fR] +[\fB\-crypt\fR] +[\fB\-1\fR] +[\fB\-apr1\fR] +[\fB\-aixmd5\fR] +[\fB\-5\fR] +[\fB\-6\fR] +[\fB\-salt\fR \fIstring\fR] +[\fB\-in\fR \fIfile\fR] +[\fB\-stdin\fR] +[\fB\-noverify\fR] +[\fB\-quiet\fR] +[\fB\-table\fR] +[\fB\-reverse\fR] +[\fB\-rand\fR \fIfiles\fR] +[\fB\-writerand\fR \fIfile\fR] +[\fIpassword\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command computes the hash of a password typed at +run-time or the hash of each password in a list. The password list is +taken from the named file for option \fB\-in\fR, from stdin for +option \fB\-stdin\fR, or from the command line, or from the terminal otherwise. +The Unix standard algorithm \fB\-crypt\fR and the MD5\-based \s-1BSD\s0 password +algorithm \fB\-1\fR, its Apache variant \fB\-apr1\fR, and its \s-1AIX\s0 variant are +available. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-crypt\fR" 4 +.IX Item "-crypt" +Use the \fBcrypt\fR algorithm (default). +.IP "\fB\-1\fR" 4 +.IX Item "-1" +Use the \s-1MD5\s0 based \s-1BSD\s0 password algorithm \fB1\fR. +.IP "\fB\-apr1\fR" 4 +.IX Item "-apr1" +Use the \fBapr1\fR algorithm (Apache variant of the \s-1BSD\s0 algorithm). +.IP "\fB\-aixmd5\fR" 4 +.IX Item "-aixmd5" +Use the \fB\s-1AIX\s0 \s-1MD5\s0\fR algorithm (\s-1AIX\s0 variant of the \s-1BSD\s0 algorithm). +.IP "\fB\-5\fR" 4 +.IX Item "-5" +.PD 0 +.IP "\fB\-6\fR" 4 +.IX Item "-6" +.PD +Use the \fB\s-1SHA256\s0\fR / \fB\s-1SHA512\s0\fR based algorithms defined by Ulrich Drepper. +See https://www.akkadia.org/drepper/SHA\-crypt.txt . +.IP "\fB\-salt\fR \fIstring\fR" 4 +.IX Item "-salt string" +Use the specified salt. +When reading a password from the terminal, this implies \fB\-noverify\fR. +.IP "\fB\-in\fR \fIfile\fR" 4 +.IX Item "-in file" +Read passwords from \fIfile\fR. +.IP "\fB\-stdin\fR" 4 +.IX Item "-stdin" +Read passwords from \fBstdin\fR. +.IP "\fB\-noverify\fR" 4 +.IX Item "-noverify" +Don't verify when reading a password from the terminal. +.IP "\fB\-quiet\fR" 4 +.IX Item "-quiet" +Don't output warnings when passwords given at the command line are truncated. +.IP "\fB\-table\fR" 4 +.IX Item "-table" +In the output list, prepend the cleartext password and a \s-1TAB\s0 character +to each password hash. +.IP "\fB\-reverse\fR" 4 +.IX Item "-reverse" +When the \fB\-table\fR option is used, reverse the order of cleartext and hash. +.IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 +.IX Item "-rand files, -writerand file" +See \*(L"Random State Options\*(R" in \fIopenssl\fR\|(1) for details. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +.Vb 2 +\& % openssl passwd \-crypt \-salt xx password +\& xxj31ZMTZzkVA +\& +\& % openssl passwd \-1 \-salt xxxxxxxx password +\& $1$xxxxxxxx$UYCIxa628.9qXjpQCjM4a. +\& +\& % openssl passwd \-apr1 \-salt xxxxxxxx password +\& $apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0 +\& +\& % openssl passwd \-aixmd5 \-salt xxxxxxxx password +\& xxxxxxxx$8Oaipk/GPKhC64w/YVeFD/ +.Ve +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man1/openssl-pkcs12.1 b/linux_amd64/share/man/man1/openssl-pkcs12.1 new file mode 100755 index 0000000..fa5a3d4 --- /dev/null +++ b/linux_amd64/share/man/man1/openssl-pkcs12.1 @@ -0,0 +1,465 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-PKCS12 1" +.TH OPENSSL-PKCS12 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-pkcs12 \- PKCS#12 file utility +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBpkcs12\fR +[\fB\-help\fR] +[\fB\-export\fR] +[\fB\-chain\fR] +[\fB\-inkey\fR \fIfile_or_id\fR] +[\fB\-certfile\fR \fIfilename\fR] +[\fB\-name\fR \fIname\fR] +[\fB\-caname\fR \fIname\fR] +[\fB\-in\fR \fIfilename\fR] +[\fB\-out\fR \fIfilename\fR] +[\fB\-noout\fR] +[\fB\-nomacver\fR] +[\fB\-nocerts\fR] +[\fB\-clcerts\fR] +[\fB\-cacerts\fR] +[\fB\-nokeys\fR] +[\fB\-info\fR] +[\fB\-des\fR] +[\fB\-des3\fR] +[\fB\-idea\fR] +[\fB\-aes128\fR] +[\fB\-aes192\fR] +[\fB\-aes256\fR] +[\fB\-aria128\fR] +[\fB\-aria192\fR] +[\fB\-aria256\fR] +[\fB\-camellia128\fR] +[\fB\-camellia192\fR] +[\fB\-camellia256\fR] +[\fB\-nodes\fR] +[\fB\-iter\fR \fIcount\fR] +[\fB\-noiter\fR] +[\fB\-nomaciter\fR] +[\fB\-maciter\fR] +[\fB\-nomac\fR] +[\fB\-twopass\fR] +[\fB\-descert\fR] +[\fB\-certpbe\fR \fIcipher\fR] +[\fB\-keypbe\fR \fIcipher\fR] +[\fB\-macalg\fR \fIdigest\fR] +[\fB\-keyex\fR] +[\fB\-keysig\fR] +[\fB\-password\fR \fIarg\fR] +[\fB\-passin\fR \fIarg\fR] +[\fB\-passout\fR \fIarg\fR] +[\fB\-LMK\fR] +[\fB\-CSP\fR \fIname\fR] +[\fB\-CAfile\fR \fIfile\fR] +[\fB\-no\-CAfile\fR] +[\fB\-CApath\fR \fIdir\fR] +[\fB\-no\-CApath\fR] +[\fB\-CAstore\fR \fIuri\fR] +[\fB\-no\-CAstore\fR] +[\fB\-rand\fR \fIfiles\fR] +[\fB\-writerand\fR \fIfile\fR] +[\fB\-engine\fR \fIid\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command allows PKCS#12 files (sometimes referred to as +\&\s-1PFX\s0 files) to be created and parsed. PKCS#12 files are used by several +programs including Netscape, \s-1MSIE\s0 and \s-1MS\s0 Outlook. +.SH "OPTIONS" +.IX Header "OPTIONS" +There are a lot of options the meaning of some depends of whether a PKCS#12 file +is being created or parsed. By default a PKCS#12 file is parsed. A PKCS#12 +file can be created by using the \fB\-export\fR option (see below). +.SH "PARSING OPTIONS" +.IX Header "PARSING OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-in\fR \fIfilename\fR" 4 +.IX Item "-in filename" +This specifies filename of the PKCS#12 file to be parsed. Standard input is used +by default. +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +The filename to write certificates and private keys to, standard output by +default. They are all written in \s-1PEM\s0 format. +.IP "\fB\-password\fR \fIarg\fR" 4 +.IX Item "-password arg" +With \fB\-export\fR, \fB\-password\fR is equivalent to \fB\-passout\fR, +otherwise it is equivalent to \fB\-passin\fR. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +This option inhibits output of the keys and certificates to the output file +version of the PKCS#12 file. +.IP "\fB\-clcerts\fR" 4 +.IX Item "-clcerts" +Only output client certificates (not \s-1CA\s0 certificates). +.IP "\fB\-cacerts\fR" 4 +.IX Item "-cacerts" +Only output \s-1CA\s0 certificates (not client certificates). +.IP "\fB\-nocerts\fR" 4 +.IX Item "-nocerts" +No certificates at all will be output. +.IP "\fB\-nokeys\fR" 4 +.IX Item "-nokeys" +No private keys will be output. +.IP "\fB\-info\fR" 4 +.IX Item "-info" +Output additional information about the PKCS#12 file structure, algorithms +used and iteration counts. +.IP "\fB\-des\fR" 4 +.IX Item "-des" +Use \s-1DES\s0 to encrypt private keys before outputting. +.IP "\fB\-des3\fR" 4 +.IX Item "-des3" +Use triple \s-1DES\s0 to encrypt private keys before outputting, this is the default. +.IP "\fB\-idea\fR" 4 +.IX Item "-idea" +Use \s-1IDEA\s0 to encrypt private keys before outputting. +.IP "\fB\-aes128\fR, \fB\-aes192\fR, \fB\-aes256\fR" 4 +.IX Item "-aes128, -aes192, -aes256" +Use \s-1AES\s0 to encrypt private keys before outputting. +.IP "\fB\-aria128\fR, \fB\-aria192\fR, \fB\-aria256\fR" 4 +.IX Item "-aria128, -aria192, -aria256" +Use \s-1ARIA\s0 to encrypt private keys before outputting. +.IP "\fB\-camellia128\fR, \fB\-camellia192\fR, \fB\-camellia256\fR" 4 +.IX Item "-camellia128, -camellia192, -camellia256" +Use Camellia to encrypt private keys before outputting. +.IP "\fB\-nodes\fR" 4 +.IX Item "-nodes" +Don't encrypt the private keys at all. +.IP "\fB\-nomacver\fR" 4 +.IX Item "-nomacver" +Don't attempt to verify the integrity \s-1MAC\s0 before reading the file. +.IP "\fB\-twopass\fR" 4 +.IX Item "-twopass" +Prompt for separate integrity and encryption passwords: most software +always assumes these are the same so this option will render such +PKCS#12 files unreadable. Cannot be used in combination with the options +\&\fB\-password\fR, \fB\-passin\fR if importing, or \fB\-passout\fR if exporting. +.SH "FILE CREATION OPTIONS" +.IX Header "FILE CREATION OPTIONS" +.IP "\fB\-export\fR" 4 +.IX Item "-export" +This option specifies that a PKCS#12 file will be created rather than +parsed. +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +This specifies filename to write the PKCS#12 file to. Standard output is used +by default. +.IP "\fB\-in\fR \fIfilename\fR" 4 +.IX Item "-in filename" +The filename to read certificates and private keys from, standard input by +default. They must all be in \s-1PEM\s0 format. The order doesn't matter but one +private key and its corresponding certificate should be present. If additional +certificates are present they will also be included in the PKCS#12 file. +.IP "\fB\-inkey\fR \fIfile_or_id\fR" 4 +.IX Item "-inkey file_or_id" +File to read private key from. If not present then a private key must be present +in the input file. +If no engine is used, the argument is taken as a file; if an engine is +specified, the argument is given to the engine as a key identifier. +.IP "\fB\-name\fR \fIfriendlyname\fR" 4 +.IX Item "-name friendlyname" +This specifies the \*(L"friendly name\*(R" for the certificate and private key. This +name is typically displayed in list boxes by software importing the file. +.IP "\fB\-certfile\fR \fIfilename\fR" 4 +.IX Item "-certfile filename" +A filename to read additional certificates from. +.IP "\fB\-caname\fR \fIfriendlyname\fR" 4 +.IX Item "-caname friendlyname" +This specifies the \*(L"friendly name\*(R" for other certificates. This option may be +used multiple times to specify names for all certificates in the order they +appear. Netscape ignores friendly names on other certificates whereas \s-1MSIE\s0 +displays them. +.IP "\fB\-passin\fR \fIarg\fR, \fB\-passout\fR \fIarg\fR" 4 +.IX Item "-passin arg, -passout arg" +The password source for the input, and for encrypting any private keys that +are output. +For more information about the format of \fBarg\fR +see \*(L"Pass Phrase Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-chain\fR" 4 +.IX Item "-chain" +If this option is present then an attempt is made to include the entire +certificate chain of the user certificate. The standard \s-1CA\s0 store is used +for this search. If the search fails it is considered a fatal error. +.IP "\fB\-descert\fR" 4 +.IX Item "-descert" +Encrypt the certificate using triple \s-1DES\s0, this may render the PKCS#12 +file unreadable by some \*(L"export grade\*(R" software. By default the private +key is encrypted using triple \s-1DES\s0 and the certificate using 40 bit \s-1RC2\s0 +unless \s-1RC2\s0 is disabled in which case triple \s-1DES\s0 is used. +.IP "\fB\-keypbe\fR \fIalg\fR, \fB\-certpbe\fR \fIalg\fR" 4 +.IX Item "-keypbe alg, -certpbe alg" +These options allow the algorithm used to encrypt the private key and +certificates to be selected. Any PKCS#5 v1.5 or PKCS#12 \s-1PBE\s0 algorithm name +can be used (see \*(L"\s-1NOTES\s0\*(R" section for more information). If a cipher name +(as output by \f(CW\*(C`openssl list \-cipher\-algorithms\*(C'\fR) is specified then it +is used with PKCS#5 v2.0. For interoperability reasons it is advisable to only +use PKCS#12 algorithms. +.IP "\fB\-keyex\fR|\fB\-keysig\fR" 4 +.IX Item "-keyex|-keysig" +Specifies that the private key is to be used for key exchange or just signing. +This option is only interpreted by \s-1MSIE\s0 and similar \s-1MS\s0 software. Normally +\&\*(L"export grade\*(R" software will only allow 512 bit \s-1RSA\s0 keys to be used for +encryption purposes but arbitrary length keys for signing. The \fB\-keysig\fR +option marks the key for signing only. Signing only keys can be used for +S/MIME signing, authenticode (ActiveX control signing) and \s-1SSL\s0 client +authentication, however due to a bug only \s-1MSIE\s0 5.0 and later support +the use of signing only keys for \s-1SSL\s0 client authentication. +.IP "\fB\-macalg\fR \fIdigest\fR" 4 +.IX Item "-macalg digest" +Specify the \s-1MAC\s0 digest algorithm. If not included them \s-1SHA1\s0 will be used. +.IP "\fB\-iter\fR \fIcount\fR" 4 +.IX Item "-iter count" +This option specifies the iteration count for the encryption key and \s-1MAC\s0. The +default value is 2048. +.Sp +To discourage attacks by using large dictionaries of common passwords the +algorithm that derives keys from passwords can have an iteration count applied +to it: this causes a certain part of the algorithm to be repeated and slows it +down. The \s-1MAC\s0 is used to check the file integrity but since it will normally +have the same password as the keys and certificates it could also be attacked. +.IP "\fB\-nomaciter\fR, \fB\-noiter\fR" 4 +.IX Item "-nomaciter, -noiter" +By default both \s-1MAC\s0 and encryption iteration counts are set to 2048, using +these options the \s-1MAC\s0 and encryption iteration counts can be set to 1, since +this reduces the file security you should not use these options unless you +really have to. Most software supports both \s-1MAC\s0 and key iteration counts. +\&\s-1MSIE\s0 4.0 doesn't support \s-1MAC\s0 iteration counts so it needs the \fB\-nomaciter\fR +option. +.IP "\fB\-maciter\fR" 4 +.IX Item "-maciter" +This option is included for compatibility with previous versions, it used +to be needed to use \s-1MAC\s0 iterations counts but they are now used by default. +.IP "\fB\-nomac\fR" 4 +.IX Item "-nomac" +Don't attempt to provide the \s-1MAC\s0 integrity. +.IP "\fB\-LMK\fR" 4 +.IX Item "-LMK" +Add the \*(L"Local Key Set\*(R" identifier to the attributes. +.IP "\fB\-CSP\fR \fIname\fR" 4 +.IX Item "-CSP name" +Write \fIname\fR as a Microsoft \s-1CSP\s0 name. +.IP "\fB\-CAfile\fR \fIfile\fR, \fB\-no\-CAfile\fR, \fB\-CApath\fR \fIdir\fR, \fB\-no\-CApath\fR, \fB\-CAstore\fR \fIuri\fR, \fB\-no\-CAstore\fR" 4 +.IX Item "-CAfile file, -no-CAfile, -CApath dir, -no-CApath, -CAstore uri, -no-CAstore" +See \*(L"Trusted Certificate Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 +.IX Item "-rand files, -writerand file" +See \*(L"Random State Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +See \*(L"Engine Options\*(R" in \fIopenssl\fR\|(1). +.SH "NOTES" +.IX Header "NOTES" +Although there are a large number of options most of them are very rarely +used. For PKCS#12 file parsing only \fB\-in\fR and \fB\-out\fR need to be used +for PKCS#12 file creation \fB\-export\fR and \fB\-name\fR are also used. +.PP +If none of the \fB\-clcerts\fR, \fB\-cacerts\fR or \fB\-nocerts\fR options are present +then all certificates will be output in the order they appear in the input +PKCS#12 files. There is no guarantee that the first certificate present is +the one corresponding to the private key. Certain software which requires +a private key and certificate and assumes the first certificate in the +file is the one corresponding to the private key: this may not always +be the case. Using the \fB\-clcerts\fR option will solve this problem by only +outputting the certificate corresponding to the private key. If the \s-1CA\s0 +certificates are required then they can be output to a separate file using +the \fB\-nokeys\fR \fB\-cacerts\fR options to just output \s-1CA\s0 certificates. +.PP +The \fB\-keypbe\fR and \fB\-certpbe\fR algorithms allow the precise encryption +algorithms for private keys and certificates to be specified. Normally +the defaults are fine but occasionally software can't handle triple \s-1DES\s0 +encrypted private keys, then the option \fB\-keypbe\fR \fI\s-1PBE\-SHA1\-RC2\-40\s0\fR can +be used to reduce the private key encryption to 40 bit \s-1RC2\s0. A complete +description of all algorithms is contained in \fIopenssl\-pkcs8\fR\|(1). +.PP +Prior 1.1 release passwords containing non-ASCII characters were encoded +in non-compliant manner, which limited interoperability, in first hand +with Windows. But switching to standard-compliant password encoding +poses problem accessing old data protected with broken encoding. For +this reason even legacy encodings is attempted when reading the +data. If you use PKCS#12 files in production application you are advised +to convert the data, because implemented heuristic approach is not +MT-safe, its sole goal is to facilitate the data upgrade with this +command. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Parse a PKCS#12 file and output it to a file: +.PP +.Vb 1 +\& openssl pkcs12 \-in file.p12 \-out file.pem +.Ve +.PP +Output only client certificates to a file: +.PP +.Vb 1 +\& openssl pkcs12 \-in file.p12 \-clcerts \-out file.pem +.Ve +.PP +Don't encrypt the private key: +.PP +.Vb 1 +\& openssl pkcs12 \-in file.p12 \-out file.pem \-nodes +.Ve +.PP +Print some info about a PKCS#12 file: +.PP +.Vb 1 +\& openssl pkcs12 \-in file.p12 \-info \-noout +.Ve +.PP +Create a PKCS#12 file: +.PP +.Vb 1 +\& openssl pkcs12 \-export \-in file.pem \-out file.p12 \-name "My Certificate" +.Ve +.PP +Include some extra certificates: +.PP +.Vb 2 +\& openssl pkcs12 \-export \-in file.pem \-out file.p12 \-name "My Certificate" \e +\& \-certfile othercerts.pem +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIopenssl\-pkcs8\fR\|(1), +\&\fIossl_store\-file\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man1/openssl-pkcs7.1 b/linux_amd64/share/man/man1/openssl-pkcs7.1 new file mode 100755 index 0000000..9f9021a --- /dev/null +++ b/linux_amd64/share/man/man1/openssl-pkcs7.1 @@ -0,0 +1,213 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-PKCS7 1" +.TH OPENSSL-PKCS7 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-pkcs7 \- PKCS#7 utility +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBpkcs7\fR +[\fB\-help\fR] +[\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-in\fR \fIfilename\fR] +[\fB\-out\fR \fIfilename\fR] +[\fB\-print\fR] +[\fB\-print_certs\fR] +[\fB\-text\fR] +[\fB\-noout\fR] +[\fB\-engine\fR \fIid\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command processes PKCS#7 files. Note that it only understands PKCS#7 +v 1.5 as specified in \s-1IETF\s0 \s-1RFC\s0 2315. It cannot currently parse \s-1CMS\s0 as +described in \s-1IETF\s0 \s-1RFC\s0 2630. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR, \fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IX Item "-inform DER|PEM, -outform DER|PEM" +The input and formats; the default is \fB\s-1PEM\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.Sp +The data is a PKCS#7 Version 1.5 structure. +.IP "\fB\-in\fR \fIfilename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read from or standard input if this +option is not specified. +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +Specifies the output filename to write to or standard output by +default. +.IP "\fB\-print\fR" 4 +.IX Item "-print" +Print out the full \s-1PKCS7\s0 object. +.IP "\fB\-print_certs\fR" 4 +.IX Item "-print_certs" +Prints out any certificates or CRLs contained in the file. They are +preceded by their subject and issuer names in one line format. +.IP "\fB\-text\fR" 4 +.IX Item "-text" +Prints out certificate details in full rather than just subject and +issuer names. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +Don't output the encoded version of the PKCS#7 structure (or certificates +if \fB\-print_certs\fR is set). +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +See \*(L"Engine Options\*(R" in \fIopenssl\fR\|(1). +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Convert a PKCS#7 file from \s-1PEM\s0 to \s-1DER:\s0 +.PP +.Vb 1 +\& openssl pkcs7 \-in file.pem \-outform DER \-out file.der +.Ve +.PP +Output all certificates in a file: +.PP +.Vb 1 +\& openssl pkcs7 \-in file.pem \-print_certs \-out certs.pem +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIopenssl\-crl2pkcs7\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man1/openssl-pkcs8.1 b/linux_amd64/share/man/man1/openssl-pkcs8.1 new file mode 100755 index 0000000..795a4ec --- /dev/null +++ b/linux_amd64/share/man/man1/openssl-pkcs8.1 @@ -0,0 +1,391 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-PKCS8 1" +.TH OPENSSL-PKCS8 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-pkcs8 \- PKCS#8 format private key conversion tool +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBpkcs8\fR +[\fB\-help\fR] +[\fB\-topk8\fR] +[\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-in\fR \fIfilename\fR] +[\fB\-passin\fR \fIarg\fR] +[\fB\-out\fR \fIfilename\fR] +[\fB\-passout\fR \fIarg\fR] +[\fB\-iter\fR \fIcount\fR] +[\fB\-noiter\fR] +[\fB\-nocrypt\fR] +[\fB\-traditional\fR] +[\fB\-v2\fR \fIalg\fR] +[\fB\-v2prf\fR \fIalg\fR] +[\fB\-v1\fR \fIalg\fR] +[\fB\-scrypt\fR] +[\fB\-scrypt_N\fR \fIN\fR] +[\fB\-scrypt_r\fR \fIr\fR] +[\fB\-scrypt_p\fR \fIp\fR] +[\fB\-rand\fR \fIfiles\fR] +[\fB\-writerand\fR \fIfile\fR] +[\fB\-engine\fR \fIid\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command processes private keys in PKCS#8 format. It can handle +both unencrypted PKCS#8 PrivateKeyInfo format and EncryptedPrivateKeyInfo +format with a variety of PKCS#5 (v1.5 and v2.0) and PKCS#12 algorithms. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-topk8\fR" 4 +.IX Item "-topk8" +Normally a PKCS#8 private key is expected on input and a private key will be +written to the output file. With the \fB\-topk8\fR option the situation is +reversed: it reads a private key and writes a PKCS#8 format key. +.IP "\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR, \fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IX Item "-inform DER|PEM, -outform DER|PEM" +The input and formats; the default is \fB\s-1PEM\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.Sp +If a key is being converted from PKCS#8 form (i.e. the \fB\-topk8\fR option is +not used) then the input file must be in PKCS#8 format. An encrypted +key is expected unless \fB\-nocrypt\fR is included. +.Sp +If \fB\-topk8\fR is not used and \fB\s-1PEM\s0\fR mode is set the output file will be an +unencrypted private key in PKCS#8 format. If the \fB\-traditional\fR option is +used then a traditional format private key is written instead. +.Sp +If \fB\-topk8\fR is not used and \fB\s-1DER\s0\fR mode is set the output file will be an +unencrypted private key in traditional \s-1DER\s0 format. +.Sp +If \fB\-topk8\fR is used then any supported private key can be used for the input +file in a format specified by \fB\-inform\fR. The output file will be encrypted +PKCS#8 format using the specified encryption parameters unless \fB\-nocrypt\fR +is included. +.IP "\fB\-traditional\fR" 4 +.IX Item "-traditional" +When this option is present and \fB\-topk8\fR is not a traditional format private +key is written. +.IP "\fB\-in\fR \fIfilename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read a key from or standard input if this +option is not specified. If the key is encrypted a pass phrase will be +prompted for. +.IP "\fB\-passin\fR \fIarg\fR, \fB\-passout\fR \fIarg\fR" 4 +.IX Item "-passin arg, -passout arg" +The password source for the input and output file. +For more information about the format of \fBarg\fR +see \*(L"Pass Phrase Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +This specifies the output filename to write a key to or standard output by +default. If any encryption options are set then a pass phrase will be +prompted for. The output filename should \fBnot\fR be the same as the input +filename. +.IP "\fB\-iter\fR \fIcount\fR" 4 +.IX Item "-iter count" +When creating new PKCS#8 containers, use a given number of iterations on +the password in deriving the encryption key for the PKCS#8 output. +High values increase the time required to brute-force a PKCS#8 container. +.IP "\fB\-nocrypt\fR" 4 +.IX Item "-nocrypt" +PKCS#8 keys generated or input are normally PKCS#8 EncryptedPrivateKeyInfo +structures using an appropriate password based encryption algorithm. With +this option an unencrypted PrivateKeyInfo structure is expected or output. +This option does not encrypt private keys at all and should only be used +when absolutely necessary. Certain software such as some versions of Java +code signing software used unencrypted private keys. +.IP "\fB\-v2\fR \fIalg\fR" 4 +.IX Item "-v2 alg" +This option sets the PKCS#5 v2.0 algorithm. +.Sp +The \fIalg\fR argument is the encryption algorithm to use, valid values include +\&\fBaes128\fR, \fBaes256\fR and \fBdes3\fR. If this option isn't specified then \fBaes256\fR +is used. +.IP "\fB\-v2prf\fR \fIalg\fR" 4 +.IX Item "-v2prf alg" +This option sets the \s-1PRF\s0 algorithm to use with PKCS#5 v2.0. A typical value +value would be \fBhmacWithSHA256\fR. If this option isn't set then the default +for the cipher is used or \fBhmacWithSHA256\fR if there is no default. +.Sp +Some implementations may not support custom \s-1PRF\s0 algorithms and may require +the \fBhmacWithSHA1\fR option to work. +.IP "\fB\-v1\fR \fIalg\fR" 4 +.IX Item "-v1 alg" +This option indicates a PKCS#5 v1.5 or PKCS#12 algorithm should be used. Some +older implementations may not support PKCS#5 v2.0 and may require this option. +If not specified PKCS#5 v2.0 form is used. +.IP "\fB\-scrypt\fR" 4 +.IX Item "-scrypt" +Uses the \fBscrypt\fR algorithm for private key encryption using default +parameters: currently N=16384, r=8 and p=1 and \s-1AES\s0 in \s-1CBC\s0 mode with a 256 bit +key. These parameters can be modified using the \fB\-scrypt_N\fR, \fB\-scrypt_r\fR, +\&\fB\-scrypt_p\fR and \fB\-v2\fR options. +.IP "\fB\-scrypt_N\fR \fIN\fR, \fB\-scrypt_r\fR \fIr\fR, \fB\-scrypt_p\fR \fIp\fR" 4 +.IX Item "-scrypt_N N, -scrypt_r r, -scrypt_p p" +Sets the scrypt \fIN\fR, \fIr\fR or \fIp\fR parameters. +.IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 +.IX Item "-rand files, -writerand file" +See \*(L"Random State Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +See \*(L"Engine Options\*(R" in \fIopenssl\fR\|(1). +.SH "NOTES" +.IX Header "NOTES" +By default, when converting a key to PKCS#8 format, PKCS#5 v2.0 using 256 bit +\&\s-1AES\s0 with \s-1HMAC\s0 and \s-1SHA256\s0 is used. +.PP +Some older implementations do not support PKCS#5 v2.0 format and require +the older PKCS#5 v1.5 form instead, possibly also requiring insecure weak +encryption algorithms such as 56 bit \s-1DES\s0. +.PP +Private keys encrypted using PKCS#5 v2.0 algorithms and high iteration +counts are more secure that those encrypted using the traditional +SSLeay compatible formats. So if additional security is considered +important the keys should be converted. +.PP +It is possible to write out \s-1DER\s0 encoded encrypted private keys in +PKCS#8 format because the encryption details are included at an \s-1ASN1\s0 +level whereas the traditional format includes them at a \s-1PEM\s0 level. +.SH "PKCS#5 V1.5 AND PKCS#12 ALGORITHMS" +.IX Header "PKCS#5 V1.5 AND PKCS#12 ALGORITHMS" +Various algorithms can be used with the \fB\-v1\fR command line option, +including PKCS#5 v1.5 and PKCS#12. These are described in more detail +below. +.IP "\fB\s-1PBE\-MD2\-DES\s0 \s-1PBE\-MD5\-DES\s0\fR" 4 +.IX Item "PBE-MD2-DES PBE-MD5-DES" +These algorithms were included in the original PKCS#5 v1.5 specification. +They only offer 56 bits of protection since they both use \s-1DES\s0. +.IP "\fB\s-1PBE\-SHA1\-RC2\-64\s0\fR, \fB\s-1PBE\-MD2\-RC2\-64\s0\fR, \fB\s-1PBE\-MD5\-RC2\-64\s0\fR, \fB\s-1PBE\-SHA1\-DES\s0\fR" 4 +.IX Item "PBE-SHA1-RC2-64, PBE-MD2-RC2-64, PBE-MD5-RC2-64, PBE-SHA1-DES" +These algorithms are not mentioned in the original PKCS#5 v1.5 specification +but they use the same key derivation algorithm and are supported by some +software. They are mentioned in PKCS#5 v2.0. They use either 64 bit \s-1RC2\s0 or +56 bit \s-1DES\s0. +.IP "\fB\s-1PBE\-SHA1\-RC4\-128\s0\fR, \fB\s-1PBE\-SHA1\-RC4\-40\s0\fR, \fB\s-1PBE\-SHA1\-3DES\s0\fR, \fB\s-1PBE\-SHA1\-2DES\s0\fR, \fB\s-1PBE\-SHA1\-RC2\-128\s0\fR, \fB\s-1PBE\-SHA1\-RC2\-40\s0\fR" 4 +.IX Item "PBE-SHA1-RC4-128, PBE-SHA1-RC4-40, PBE-SHA1-3DES, PBE-SHA1-2DES, PBE-SHA1-RC2-128, PBE-SHA1-RC2-40" +These algorithms use the PKCS#12 password based encryption algorithm and +allow strong encryption algorithms like triple \s-1DES\s0 or 128 bit \s-1RC2\s0 to be used. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Convert a private key to PKCS#8 format using default parameters (\s-1AES\s0 with +256 bit key and \fBhmacWithSHA256\fR): +.PP +.Vb 1 +\& openssl pkcs8 \-in key.pem \-topk8 \-out enckey.pem +.Ve +.PP +Convert a private key to PKCS#8 unencrypted format: +.PP +.Vb 1 +\& openssl pkcs8 \-in key.pem \-topk8 \-nocrypt \-out enckey.pem +.Ve +.PP +Convert a private key to PKCS#5 v2.0 format using triple \s-1DES:\s0 +.PP +.Vb 1 +\& openssl pkcs8 \-in key.pem \-topk8 \-v2 des3 \-out enckey.pem +.Ve +.PP +Convert a private key to PKCS#5 v2.0 format using \s-1AES\s0 with 256 bits in \s-1CBC\s0 +mode and \fBhmacWithSHA512\fR \s-1PRF:\s0 +.PP +.Vb 1 +\& openssl pkcs8 \-in key.pem \-topk8 \-v2 aes\-256\-cbc \-v2prf hmacWithSHA512 \-out enckey.pem +.Ve +.PP +Convert a private key to PKCS#8 using a PKCS#5 1.5 compatible algorithm +(\s-1DES\s0): +.PP +.Vb 1 +\& openssl pkcs8 \-in key.pem \-topk8 \-v1 PBE\-MD5\-DES \-out enckey.pem +.Ve +.PP +Convert a private key to PKCS#8 using a PKCS#12 compatible algorithm +(3DES): +.PP +.Vb 1 +\& openssl pkcs8 \-in key.pem \-topk8 \-out enckey.pem \-v1 PBE\-SHA1\-3DES +.Ve +.PP +Read a \s-1DER\s0 unencrypted PKCS#8 format private key: +.PP +.Vb 1 +\& openssl pkcs8 \-inform DER \-nocrypt \-in key.der \-out key.pem +.Ve +.PP +Convert a private key from any PKCS#8 encrypted format to traditional format: +.PP +.Vb 1 +\& openssl pkcs8 \-in pk8.pem \-traditional \-out key.pem +.Ve +.PP +Convert a private key to PKCS#8 format, encrypting with \s-1AES\-256\s0 and with +one million iterations of the password: +.PP +.Vb 1 +\& openssl pkcs8 \-in key.pem \-topk8 \-v2 aes\-256\-cbc \-iter 1000000 \-out pk8.pem +.Ve +.SH "STANDARDS" +.IX Header "STANDARDS" +Test vectors from this PKCS#5 v2.0 implementation were posted to the +pkcs-tng mailing list using triple \s-1DES\s0, \s-1DES\s0 and \s-1RC2\s0 with high iteration +counts, several people confirmed that they could decrypt the private +keys produced and Therefore it can be assumed that the PKCS#5 v2.0 +implementation is reasonably accurate at least as far as these +algorithms are concerned. +.PP +The format of PKCS#8 \s-1DSA\s0 (and other) private keys is not well documented: +it is hidden away in PKCS#11 v2.01, section 11.9. OpenSSL's default \s-1DSA\s0 +PKCS#8 private key format complies with this standard. +.SH "BUGS" +.IX Header "BUGS" +There should be an option that prints out the encryption algorithm +in use and other details such as the iteration count. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIopenssl\-dsa\fR\|(1), +\&\fIopenssl\-rsa\fR\|(1), +\&\fIopenssl\-genrsa\fR\|(1), +\&\fIopenssl\-gendsa\fR\|(1) +.SH "HISTORY" +.IX Header "HISTORY" +The \fB\-iter\fR option was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man1/openssl-pkey.1 b/linux_amd64/share/man/man1/openssl-pkey.1 new file mode 100755 index 0000000..7c4bbe0 --- /dev/null +++ b/linux_amd64/share/man/man1/openssl-pkey.1 @@ -0,0 +1,311 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-PKEY 1" +.TH OPENSSL-PKEY 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-pkey \- public or private key processing tool +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBpkey\fR +[\fB\-help\fR] +[\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-in\fR \fIfilename\fR] +[\fB\-passin\fR \fIarg\fR] +[\fB\-out\fR \fIfilename\fR] +[\fB\-passout\fR \fIarg\fR] +[\fB\-traditional\fR] +[\fB\-\f(BIcipher\fB\fR] +[\fB\-text\fR] +[\fB\-text_pub\fR] +[\fB\-noout\fR] +[\fB\-pubin\fR] +[\fB\-pubout\fR] +[\fB\-check\fR] +[\fB\-pubcheck\fR] +[\fB\-ec_conv_form\fR \fIarg\fR] +[\fB\-ec_param_enc\fR \fIarg\fR] +[\fB\-engine\fR \fIid\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command processes public or private keys. They can be +converted between various forms and their components printed out. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR, \fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IX Item "-inform DER|PEM, -outform DER|PEM" +The input and formats; the default is \fB\s-1PEM\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-in\fR \fIfilename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read a key from or standard input if this +option is not specified. If the key is encrypted a pass phrase will be +prompted for. +.IP "\fB\-passin\fR \fIarg\fR, \fB\-passout\fR \fIarg\fR" 4 +.IX Item "-passin arg, -passout arg" +The password source for the input and output file. +For more information about the format of \fBarg\fR +see \*(L"Pass Phrase Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +This specifies the output filename to write a key to or standard output if this +option is not specified. If any encryption options are set then a pass phrase +will be prompted for. The output filename should \fBnot\fR be the same as the input +filename. +.IP "\fB\-traditional\fR" 4 +.IX Item "-traditional" +Normally a private key is written using standard format: this is PKCS#8 form +with the appropriate encryption algorithm (if any). If the \fB\-traditional\fR +option is specified then the older \*(L"traditional\*(R" format is used instead. +.IP "\fB\-\f(BIcipher\fB\fR" 4 +.IX Item "-cipher" +These options encrypt the private key with the supplied cipher. Any algorithm +name accepted by \fIEVP_get_cipherbyname()\fR is acceptable such as \fBdes3\fR. +.IP "\fB\-text\fR" 4 +.IX Item "-text" +Prints out the various public or private key components in +plain text in addition to the encoded version. +.IP "\fB\-text_pub\fR" 4 +.IX Item "-text_pub" +Print out only public key components even if a private key is being processed. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +Do not output the encoded version of the key. +.IP "\fB\-pubin\fR" 4 +.IX Item "-pubin" +By default a private key is read from the input file: with this +option a public key is read instead. +.IP "\fB\-pubout\fR" 4 +.IX Item "-pubout" +By default a private key is output: with this option a public +key will be output instead. This option is automatically set if +the input is a public key. +.IP "\fB\-check\fR" 4 +.IX Item "-check" +This option checks the consistency of a key pair for both public and private +components. +.IP "\fB\-pubcheck\fR" 4 +.IX Item "-pubcheck" +This option checks the correctness of either a public key or the public component +of a key pair. +.IP "\fB\-ec_conv_form\fR \fIarg\fR" 4 +.IX Item "-ec_conv_form arg" +This option only applies to elliptic curve based public and private keys. +.Sp +This specifies how the points on the elliptic curve are converted +into octet strings. Possible values are: \fBcompressed\fR (the default +value), \fBuncompressed\fR and \fBhybrid\fR. For more information regarding +the point conversion forms please read the X9.62 standard. +\&\fBNote\fR Due to patent issues the \fBcompressed\fR option is disabled +by default for binary curves and can be enabled by defining +the preprocessor macro \fB\s-1OPENSSL_EC_BIN_PT_COMP\s0\fR at compile time. +.IP "\fB\-ec_param_enc\fR \fIarg\fR" 4 +.IX Item "-ec_param_enc arg" +This option only applies to elliptic curve based public and private keys. +.Sp +This specifies how the elliptic curve parameters are encoded. +Possible value are: \fBnamed_curve\fR, i.e. the ec parameters are +specified by an \s-1OID\s0, or \fBexplicit\fR where the ec parameters are +explicitly given (see \s-1RFC\s0 3279 for the definition of the +\&\s-1EC\s0 parameters structures). The default value is \fBnamed_curve\fR. +\&\fBNote\fR the \fBimplicitlyCA\fR alternative, as specified in \s-1RFC\s0 3279, +is currently not implemented in OpenSSL. +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +See \*(L"Engine Options\*(R" in \fIopenssl\fR\|(1). +.SH "EXAMPLES" +.IX Header "EXAMPLES" +To remove the pass phrase on a private key: +.PP +.Vb 1 +\& openssl pkey \-in key.pem \-out keyout.pem +.Ve +.PP +To encrypt a private key using triple \s-1DES:\s0 +.PP +.Vb 1 +\& openssl pkey \-in key.pem \-des3 \-out keyout.pem +.Ve +.PP +To convert a private key from \s-1PEM\s0 to \s-1DER\s0 format: +.PP +.Vb 1 +\& openssl pkey \-in key.pem \-outform DER \-out keyout.der +.Ve +.PP +To print out the components of a private key to standard output: +.PP +.Vb 1 +\& openssl pkey \-in key.pem \-text \-noout +.Ve +.PP +To print out the public components of a private key to standard output: +.PP +.Vb 1 +\& openssl pkey \-in key.pem \-text_pub \-noout +.Ve +.PP +To just output the public part of a private key: +.PP +.Vb 1 +\& openssl pkey \-in key.pem \-pubout \-out pubkey.pem +.Ve +.PP +To change the \s-1EC\s0 parameters encoding to \fBexplicit\fR: +.PP +.Vb 1 +\& openssl pkey \-in key.pem \-ec_param_enc explicit \-out keyout.pem +.Ve +.PP +To change the \s-1EC\s0 point conversion form to \fBcompressed\fR: +.PP +.Vb 1 +\& openssl pkey \-in key.pem \-ec_conv_form compressed \-out keyout.pem +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIopenssl\-genpkey\fR\|(1), +\&\fIopenssl\-rsa\fR\|(1), +\&\fIopenssl\-pkcs8\fR\|(1), +\&\fIopenssl\-dsa\fR\|(1), +\&\fIopenssl\-genrsa\fR\|(1), +\&\fIopenssl\-gendsa\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man1/openssl-pkeyparam.1 b/linux_amd64/share/man/man1/openssl-pkeyparam.1 new file mode 100755 index 0000000..6e15c06 --- /dev/null +++ b/linux_amd64/share/man/man1/openssl-pkeyparam.1 @@ -0,0 +1,200 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-PKEYPARAM 1" +.TH OPENSSL-PKEYPARAM 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-pkeyparam \- public key algorithm parameter processing tool +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBpkeyparam\fR +[\fB\-help\fR] +[\fB\-in\fR \fIfilename\fR] +[\fB\-out\fR \fIfilename\fR] +[\fB\-text\fR] +[\fB\-noout\fR] +[\fB\-check\fR] +[\fB\-engine\fR \fIid\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command processes public key algorithm parameters. +They can be checked for correctness and their components printed out. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-in\fR \fIfilename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read parameters from or standard input if +this option is not specified. +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +This specifies the output filename to write parameters to or standard output if +this option is not specified. +.IP "\fB\-text\fR" 4 +.IX Item "-text" +Prints out the parameters in plain text in addition to the encoded version. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +Do not output the encoded version of the parameters. +.IP "\fB\-check\fR" 4 +.IX Item "-check" +This option checks the correctness of parameters. +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +See \*(L"Engine Options\*(R" in \fIopenssl\fR\|(1). +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Print out text version of parameters: +.PP +.Vb 1 +\& openssl pkeyparam \-in param.pem \-text +.Ve +.SH "NOTES" +.IX Header "NOTES" +There are no \fB\-inform\fR or \fB\-outform\fR options for this command because only +\&\s-1PEM\s0 format is supported because the key type is determined by the \s-1PEM\s0 headers. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIopenssl\-genpkey\fR\|(1), +\&\fIopenssl\-rsa\fR\|(1), +\&\fIopenssl\-pkcs8\fR\|(1), +\&\fIopenssl\-dsa\fR\|(1), +\&\fIopenssl\-genrsa\fR\|(1), +\&\fIopenssl\-gendsa\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man1/openssl-pkeyutl.1 b/linux_amd64/share/man/man1/openssl-pkeyutl.1 new file mode 100755 index 0000000..b1eb79a --- /dev/null +++ b/linux_amd64/share/man/man1/openssl-pkeyutl.1 @@ -0,0 +1,493 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-PKEYUTL 1" +.TH OPENSSL-PKEYUTL 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-pkeyutl \- public key algorithm utility +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBpkeyutl\fR +[\fB\-help\fR] +[\fB\-in\fR \fIfile\fR] +[\fB\-rawin\fR] +[\fB\-digest\fR \fIalgorithm\fR] +[\fB\-out\fR \fIfile\fR] +[\fB\-sigfile\fR \fIfile\fR] +[\fB\-inkey\fR \fIfile\fR] +[\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1ENGINE\s0\fR] +[\fB\-passin\fR \fIarg\fR] +[\fB\-peerkey\fR \fIfile\fR] +[\fB\-peerform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1ENGINE\s0\fR] +[\fB\-pubin\fR] +[\fB\-certin\fR] +[\fB\-rev\fR] +[\fB\-sign\fR] +[\fB\-verify\fR] +[\fB\-verifyrecover\fR] +[\fB\-encrypt\fR] +[\fB\-decrypt\fR] +[\fB\-derive\fR] +[\fB\-kdf\fR \fIalgorithm\fR] +[\fB\-kdflen\fR \fIlength\fR] +[\fB\-pkeyopt\fR \fIopt\fR:\fIvalue\fR] +[\fB\-pkeyopt_passin\fR \fIopt\fR[:\fIpassarg\fR]] +[\fB\-hexdump\fR] +[\fB\-asn1parse\fR] +[\fB\-engine\fR \fIid\fR] +[\fB\-engine_impl\fR] +[\fB\-rand\fR \fIfiles\fR] +[\fB\-writerand\fR \fIfile\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command can be used to perform low level public key +operations using any supported algorithm. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-in\fR \fIfilename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read data from or standard input +if this option is not specified. +.IP "\fB\-rawin\fR" 4 +.IX Item "-rawin" +This indicates that the input data is raw data, which is not hashed by any +message digest algorithm. The user can specify a digest algorithm by using +the \fB\-digest\fR option. This option can only be used with \fB\-sign\fR and +\&\fB\-verify\fR and must be used with the Ed25519 and Ed448 algorithms. +.IP "\fB\-digest\fR \fIalgorithm\fR" 4 +.IX Item "-digest algorithm" +This specifies the digest algorithm which is used to hash the input data before +signing or verifying it with the input key. This option could be omitted if the +signature algorithm does not require one (for instance, EdDSA). If this option +is omitted but the signature algorithm requires one, a default value will be +used. For signature algorithms like \s-1RSA\s0, \s-1DSA\s0 and \s-1ECDSA\s0, \s-1SHA\-256\s0 will be the +default digest algorithm. For \s-1SM2\s0, it will be \s-1SM3\s0. If this option is present, +then the \fB\-rawin\fR option must be also specified. +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +Specifies the output filename to write to or standard output by +default. +.IP "\fB\-sigfile\fR \fIfile\fR" 4 +.IX Item "-sigfile file" +Signature file, required for \fB\-verify\fR operations only +.IP "\fB\-inkey\fR \fIfile\fR" 4 +.IX Item "-inkey file" +The input key file, by default it should be a private key. +.IP "\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1ENGINE\s0\fR" 4 +.IX Item "-keyform DER|PEM|ENGINE" +The key format; the default is \fB\s-1PEM\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-passin\fR \fIarg\fR" 4 +.IX Item "-passin arg" +The input key password source. For more information about the format of \fIarg\fR +see \*(L"Pass Phrase Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-peerkey\fR \fIfile\fR" 4 +.IX Item "-peerkey file" +The peer key file, used by key derivation (agreement) operations. +.IP "\fB\-peerform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1ENGINE\s0\fR" 4 +.IX Item "-peerform DER|PEM|ENGINE" +The peer key format; the default is \fB\s-1PEM\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-pubin\fR" 4 +.IX Item "-pubin" +The input file is a public key. +.IP "\fB\-certin\fR" 4 +.IX Item "-certin" +The input is a certificate containing a public key. +.IP "\fB\-rev\fR" 4 +.IX Item "-rev" +Reverse the order of the input buffer. This is useful for some libraries +(such as CryptoAPI) which represent the buffer in little endian format. +.IP "\fB\-sign\fR" 4 +.IX Item "-sign" +Sign the input data (which must be a hash) and output the signed result. This +requires a private key. +.IP "\fB\-verify\fR" 4 +.IX Item "-verify" +Verify the input data (which must be a hash) against the signature file and +indicate if the verification succeeded or failed. +.IP "\fB\-verifyrecover\fR" 4 +.IX Item "-verifyrecover" +Verify the input data (which must be a hash) and output the recovered data. +.IP "\fB\-encrypt\fR" 4 +.IX Item "-encrypt" +Encrypt the input data using a public key. +.IP "\fB\-decrypt\fR" 4 +.IX Item "-decrypt" +Decrypt the input data using a private key. +.IP "\fB\-derive\fR" 4 +.IX Item "-derive" +Derive a shared secret using the peer key. +.IP "\fB\-kdf\fR \fIalgorithm\fR" 4 +.IX Item "-kdf algorithm" +Use key derivation function \fIalgorithm\fR. The supported algorithms are +at present \fB\s-1TLS1\-PRF\s0\fR and \fB\s-1HKDF\s0\fR. +Note: additional parameters and the \s-1KDF\s0 output length will normally have to be +set for this to work. +See \fIEVP_PKEY_CTX_set_hkdf_md\fR\|(3) and \fIEVP_PKEY_CTX_set_tls1_prf_md\fR\|(3) +for the supported string parameters of each algorithm. +.IP "\fB\-kdflen\fR \fIlength\fR" 4 +.IX Item "-kdflen length" +Set the output length for \s-1KDF\s0. +.IP "\fB\-pkeyopt\fR \fIopt\fR:\fIvalue\fR" 4 +.IX Item "-pkeyopt opt:value" +Public key options specified as opt:value. See \s-1NOTES\s0 below for more details. +.IP "\fB\-pkeyopt_passin\fR \fIopt\fR[:\fIpassarg\fR]" 4 +.IX Item "-pkeyopt_passin opt[:passarg]" +Allows reading a public key option \fIopt\fR from stdin or a password source. +If only \fIopt\fR is specified, the user will be prompted to enter a password on +stdin. Alternatively, \fIpassarg\fR can be specified which can be any value +supported by \*(L"Pass phrase options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-hexdump\fR" 4 +.IX Item "-hexdump" +hex dump the output data. +.IP "\fB\-asn1parse\fR" 4 +.IX Item "-asn1parse" +Parse the \s-1ASN\s0.1 output data, this is useful when combined with the +\&\fB\-verifyrecover\fR option when an \s-1ASN1\s0 structure is signed. +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +See \*(L"Engine Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-engine_impl\fR" 4 +.IX Item "-engine_impl" +When used with the \fB\-engine\fR option, it specifies to also use +engine \fIid\fR for crypto operations. +.IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 +.IX Item "-rand files, -writerand file" +See \*(L"Random State Options\*(R" in \fIopenssl\fR\|(1) for details. +.SH "NOTES" +.IX Header "NOTES" +The operations and options supported vary according to the key algorithm +and its implementation. The OpenSSL operations and options are indicated below. +.PP +Unless otherwise mentioned all algorithms support the \fBdigest:\fR\fIalg\fR option +which specifies the digest in use for sign, verify and verifyrecover operations. +The value \fIalg\fR should represent a digest name as used in the +\&\fIEVP_get_digestbyname()\fR function for example \fBsha1\fR. This value is not used to +hash the input data. It is used (by some algorithms) for sanity-checking the +lengths of data passed in and for creating the structures that make up the +signature (e.g. \fBDigestInfo\fR in \s-1RSASSA\s0 PKCS#1 v1.5 signatures). +.PP +This command does not hash the input data (except where \-rawin is used) but +rather it will use the data directly as input to the signature algorithm. +Depending on the key type, signature type, and mode of padding, the maximum +acceptable lengths of input data differ. The signed data can't be longer than +the key modulus with \s-1RSA\s0. In case of \s-1ECDSA\s0 and \s-1DSA\s0 the data shouldn't be longer +than the field size, otherwise it will be silently truncated to the field size. +In any event the input size must not be larger than the largest supported digest +size. +.PP +In other words, if the value of digest is \fBsha1\fR the input should be the 20 +bytes long binary encoding of the \s-1SHA\-1\s0 hash function output. +.SH "RSA ALGORITHM" +.IX Header "RSA ALGORITHM" +The \s-1RSA\s0 algorithm generally supports the encrypt, decrypt, sign, +verify and verifyrecover operations. However, some padding modes +support only a subset of these operations. The following additional +\&\fBpkeyopt\fR values are supported: +.IP "\fBrsa_padding_mode:\fR\fImode\fR" 4 +.IX Item "rsa_padding_mode:mode" +This sets the \s-1RSA\s0 padding mode. Acceptable values for \fImode\fR are \fBpkcs1\fR for +PKCS#1 padding, \fBsslv23\fR for SSLv23 padding, \fBnone\fR for no padding, \fBoaep\fR +for \fB\s-1OAEP\s0\fR mode, \fBx931\fR for X9.31 mode and \fBpss\fR for \s-1PSS\s0. +.Sp +In PKCS#1 padding if the message digest is not set then the supplied data is +signed or verified directly instead of using a \fBDigestInfo\fR structure. If a +digest is set then the a \fBDigestInfo\fR structure is used and its the length +must correspond to the digest type. +.Sp +For \fBoaep\fR mode only encryption and decryption is supported. +.Sp +For \fBx931\fR if the digest type is set it is used to format the block data +otherwise the first byte is used to specify the X9.31 digest \s-1ID\s0. Sign, +verify and verifyrecover are can be performed in this mode. +.Sp +For \fBpss\fR mode only sign and verify are supported and the digest type must be +specified. +.IP "\fBrsa_pss_saltlen:\fR\fIlen\fR" 4 +.IX Item "rsa_pss_saltlen:len" +For \fBpss\fR mode only this option specifies the salt length. Three special +values are supported: \fBdigest\fR sets the salt length to the digest length, +\&\fBmax\fR sets the salt length to the maximum permissible value. When verifying +\&\fBauto\fR causes the salt length to be automatically determined based on the +\&\fB\s-1PSS\s0\fR block structure. +.IP "\fBrsa_mgf1_md:\fR\fIdigest\fR" 4 +.IX Item "rsa_mgf1_md:digest" +For \s-1PSS\s0 and \s-1OAEP\s0 padding sets the \s-1MGF1\s0 digest. If the \s-1MGF1\s0 digest is not +explicitly set in \s-1PSS\s0 mode then the signing digest is used. +.SH "RSA-PSS ALGORITHM" +.IX Header "RSA-PSS ALGORITHM" +The RSA-PSS algorithm is a restricted version of the \s-1RSA\s0 algorithm which only +supports the sign and verify operations with \s-1PSS\s0 padding. The following +additional \fB\-pkeyopt\fR values are supported: +.IP "\fBrsa_padding_mode:\fR\fImode\fR, \fBrsa_pss_saltlen:\fR\fIlen\fR, \fBrsa_mgf1_md:\fR\fIdigest\fR" 4 +.IX Item "rsa_padding_mode:mode, rsa_pss_saltlen:len, rsa_mgf1_md:digest" +These have the same meaning as the \fB\s-1RSA\s0\fR algorithm with some additional +restrictions. The padding mode can only be set to \fBpss\fR which is the +default value. +.Sp +If the key has parameter restrictions than the digest, \s-1MGF1\s0 +digest and salt length are set to the values specified in the parameters. +The digest and \s-1MG\s0 cannot be changed and the salt length cannot be set to a +value less than the minimum restriction. +.SH "DSA ALGORITHM" +.IX Header "DSA ALGORITHM" +The \s-1DSA\s0 algorithm supports signing and verification operations only. Currently +there are no additional \fB\-pkeyopt\fR options other than \fBdigest\fR. The \s-1SHA1\s0 +digest is assumed by default. +.SH "DH ALGORITHM" +.IX Header "DH ALGORITHM" +The \s-1DH\s0 algorithm only supports the derivation operation and no additional +\&\fB\-pkeyopt\fR options. +.SH "EC ALGORITHM" +.IX Header "EC ALGORITHM" +The \s-1EC\s0 algorithm supports sign, verify and derive operations. The sign and +verify operations use \s-1ECDSA\s0 and derive uses \s-1ECDH\s0. \s-1SHA1\s0 is assumed by default for +the \fB\-pkeyopt\fR \fBdigest\fR option. +.SH "X25519 AND X448 ALGORITHMS" +.IX Header "X25519 AND X448 ALGORITHMS" +The X25519 and X448 algorithms support key derivation only. Currently there are +no additional options. +.SH "ED25519 AND ED448 ALGORITHMS" +.IX Header "ED25519 AND ED448 ALGORITHMS" +These algorithms only support signing and verifying. OpenSSL only implements the +\&\*(L"pure\*(R" variants of these algorithms so raw data can be passed directly to them +without hashing them first. The option \fB\-rawin\fR must be used with these +algorithms with no \fB\-digest\fR specified. Additionally OpenSSL only supports +\&\*(L"oneshot\*(R" operation with these algorithms. This means that the entire file to +be signed/verified must be read into memory before processing it. Signing or +Verifying very large files should be avoided. Additionally the size of the file +must be known for this to work. If the size of the file cannot be determined +(for example if the input is stdin) then the sign or verify operation will fail. +.SH "SM2" +.IX Header "SM2" +The \s-1SM2\s0 algorithm supports sign, verify, encrypt and decrypt operations. For +the sign and verify operations, \s-1SM2\s0 requires an \s-1ID\s0 string to be passed in. The +following \fB\-pkeyopt\fR value is supported: +.IP "\fBsm2_id:\fR\fIstring\fR" 4 +.IX Item "sm2_id:string" +This sets the \s-1ID\s0 string used in \s-1SM2\s0 sign or verify operations. While verifying +an \s-1SM2\s0 signature, the \s-1ID\s0 string must be the same one used when signing the data. +Otherwise the verification will fail. +.IP "\fBsm2_hex_id:\fR\fIhex_string\fR" 4 +.IX Item "sm2_hex_id:hex_string" +This sets the \s-1ID\s0 string used in \s-1SM2\s0 sign or verify operations. While verifying +an \s-1SM2\s0 signature, the \s-1ID\s0 string must be the same one used when signing the data. +Otherwise the verification will fail. The \s-1ID\s0 string provided with this option +should be a valid hexadecimal value. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Sign some data using a private key: +.PP +.Vb 1 +\& openssl pkeyutl \-sign \-in file \-inkey key.pem \-out sig +.Ve +.PP +Recover the signed data (e.g. if an \s-1RSA\s0 key is used): +.PP +.Vb 1 +\& openssl pkeyutl \-verifyrecover \-in sig \-inkey key.pem +.Ve +.PP +Verify the signature (e.g. a \s-1DSA\s0 key): +.PP +.Vb 1 +\& openssl pkeyutl \-verify \-in file \-sigfile sig \-inkey key.pem +.Ve +.PP +Sign data using a message digest value (this is currently only valid for \s-1RSA\s0): +.PP +.Vb 1 +\& openssl pkeyutl \-sign \-in file \-inkey key.pem \-out sig \-pkeyopt digest:sha256 +.Ve +.PP +Derive a shared secret value: +.PP +.Vb 1 +\& openssl pkeyutl \-derive \-inkey key.pem \-peerkey pubkey.pem \-out secret +.Ve +.PP +Hexdump 48 bytes of \s-1TLS1\s0 \s-1PRF\s0 using digest \fB\s-1SHA256\s0\fR and shared secret and +seed consisting of the single byte 0xFF: +.PP +.Vb 2 +\& openssl pkeyutl \-kdf TLS1\-PRF \-kdflen 48 \-pkeyopt md:SHA256 \e +\& \-pkeyopt hexsecret:ff \-pkeyopt hexseed:ff \-hexdump +.Ve +.PP +Derive a key using \fBscrypt\fR where the password is read from command line: +.PP +.Vb 2 +\& openssl pkeyutl \-kdf scrypt \-kdflen 16 \-pkeyopt_passin pass \e +\& \-pkeyopt hexsalt:aabbcc \-pkeyopt N:16384 \-pkeyopt r:8 \-pkeyopt p:1 +.Ve +.PP +Derive using the same algorithm, but read key from environment variable \s-1MYPASS:\s0 +.PP +.Vb 2 +\& openssl pkeyutl \-kdf scrypt \-kdflen 16 \-pkeyopt_passin pass:env:MYPASS \e +\& \-pkeyopt hexsalt:aabbcc \-pkeyopt N:16384 \-pkeyopt r:8 \-pkeyopt p:1 +.Ve +.PP +Sign some data using an \s-1\fISM2\s0\fR\|(7) private key and a specific \s-1ID:\s0 +.PP +.Vb 2 +\& openssl pkeyutl \-sign \-in file \-inkey sm2.key \-out sig \-rawin \-digest sm3 \e +\& \-pkeyopt sm2_id:someid +.Ve +.PP +Verify some data using an \s-1\fISM2\s0\fR\|(7) certificate and a specific \s-1ID:\s0 +.PP +.Vb 2 +\& openssl pkeyutl \-verify \-certin \-in file \-inkey sm2.cert \-sigfile sig \e +\& \-rawin \-digest sm3 \-pkeyopt sm2_id:someid +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIopenssl\-genpkey\fR\|(1), +\&\fIopenssl\-pkey\fR\|(1), +\&\fIopenssl\-rsautl\fR\|(1) +\&\fIopenssl\-dgst\fR\|(1), +\&\fIopenssl\-rsa\fR\|(1), +\&\fIopenssl\-genrsa\fR\|(1), +\&\fIopenssl\-kdf\fR\|(1) +\&\fIEVP_PKEY_CTX_set_hkdf_md\fR\|(3), +\&\fIEVP_PKEY_CTX_set_tls1_prf_md\fR\|(3), +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man1/openssl-prime.1 b/linux_amd64/share/man/man1/openssl-prime.1 new file mode 100755 index 0000000..f7daeca --- /dev/null +++ b/linux_amd64/share/man/man1/openssl-prime.1 @@ -0,0 +1,179 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-PRIME 1" +.TH OPENSSL-PRIME 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-prime \- compute prime numbers +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl prime\fR +[\fB\-help\fR] +[\fB\-hex\fR] +[\fB\-generate\fR] +[\fB\-bits\fR \fInum\fR] +[\fB\-safe\fR] +[\fB\-checks\fR \fInum\fR] +[\fInumber\fR ...] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command checks if the specified numbers are prime. +.PP +If no numbers are given on the command line, the \fB\-generate\fR flag should +be used to generate primes according to the requirements specified by the +rest of the flags. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Display an option summary. +.IP "\fB\-hex\fR" 4 +.IX Item "-hex" +Generate hex output. +.IP "\fB\-generate\fR" 4 +.IX Item "-generate" +Generate a prime number. +.IP "\fB\-bits\fR \fInum\fR" 4 +.IX Item "-bits num" +Generate a prime with \fInum\fR bits. +.IP "\fB\-safe\fR" 4 +.IX Item "-safe" +When used with \fB\-generate\fR, generates a \*(L"safe\*(R" prime. If the number +generated is \fIn\fR, then check that \f(CW\*(C`(\f(CIn\f(CW\-1)/2\*(C'\fR is also prime. +.IP "\fB\-checks\fR \fInum\fR" 4 +.IX Item "-checks num" +This parameter is ignored. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man1/openssl-provider.1 b/linux_amd64/share/man/man1/openssl-provider.1 new file mode 100755 index 0000000..7b8e3a9 --- /dev/null +++ b/linux_amd64/share/man/man1/openssl-provider.1 @@ -0,0 +1,173 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-PROVIDER 1" +.TH OPENSSL-PROVIDER 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-provider \- load and query providers +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl provider\fR +[\fB\-help\fR] +[\fB\-v\fR] +[\fB\-vv\fR] +[\fB\-vvv\fR] +[\fIprovider\fR ...] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command is used to query the capabilities of the +specified \fIprovider\fR's. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-v\fR \fB\-vv\fR \fB\-vvv\fR" 4 +.IX Item "-v -vv -vvv" +Provides information about each specified provider. +The first flag lists the names of all algorithms each provider +implements; the second lists them by category; the third adds +information on what parameters each of them can handle. +.SH "ENVIRONMENT" +.IX Header "ENVIRONMENT" +.IP "\fB\s-1OPENSSL_MODULES\s0\fR" 4 +.IX Item "OPENSSL_MODULES" +The path to the modules directory, where one can expect provider +modules to be located. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIconfig\fR\|(5) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man1/openssl-rand.1 b/linux_amd64/share/man/man1/openssl-rand.1 new file mode 100755 index 0000000..09f2ace --- /dev/null +++ b/linux_amd64/share/man/man1/openssl-rand.1 @@ -0,0 +1,180 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-RAND 1" +.TH OPENSSL-RAND 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-rand \- generate pseudo\-random bytes +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl rand\fR +[\fB\-help\fR] +[\fB\-out\fR \fIfile\fR] +[\fB\-base64\fR] +[\fB\-hex\fR] +[\fB\-engine\fR \fIid\fR] +[\fB\-rand\fR \fIfiles\fR] +[\fB\-writerand\fR \fIfile\fR] +\&\fInum\fR +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command outputs \fInum\fR pseudo-random bytes after seeding +the random number generator once. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-out\fR \fIfile\fR" 4 +.IX Item "-out file" +Write to \fIfile\fR instead of standard output. +.IP "\fB\-base64\fR" 4 +.IX Item "-base64" +Perform base64 encoding on the output. +.IP "\fB\-hex\fR" 4 +.IX Item "-hex" +Show the output as a hex string. +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +See \*(L"Engine Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 +.IX Item "-rand files, -writerand file" +See \*(L"Random State Options\*(R" in \fIopenssl\fR\|(1) for details. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIRAND_bytes\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man1/openssl-rehash.1 b/linux_amd64/share/man/man1/openssl-rehash.1 new file mode 100755 index 0000000..02c2537 --- /dev/null +++ b/linux_amd64/share/man/man1/openssl-rehash.1 @@ -0,0 +1,257 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-REHASH 1" +.TH OPENSSL-REHASH 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-rehash, c_rehash \- Create symbolic links to files named by the hash +values +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR +\&\fBrehash\fR +[\fB\-h\fR] +[\fB\-help\fR] +[\fB\-old\fR] +[\fB\-compat\fR] +[\fB\-n\fR] +[\fB\-v\fR] +[\fIdirectory\fR] ... +.PP +\&\fBc_rehash\fR +[\fB\-h\fR] +[\fB\-help\fR] +[\fB\-old\fR] +[\fB\-n\fR] +[\fB\-v\fR] +[\fIdirectory\fR] ... +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command is generally equivalent to the external +script \fBc_rehash\fR, +except for minor differences noted below. +.PP +\&\fBopenssl rehash\fR scans directories and calculates a hash value of +each \fI.pem\fR, \fI.crt\fR, \fI.cer\fR, or \fI.crl\fR +file in the specified directory list and creates symbolic links +for each file, where the name of the link is the hash value. +(If the platform does not support symbolic links, a copy is made.) +This command is useful as many programs that use OpenSSL require +directories to be set up like this in order to find certificates. +.PP +If any directories are named on the command line, then those are +processed in turn. If not, then the \fB\s-1SSL_CERT_DIR\s0\fR environment variable +is consulted; this should be a colon-separated list of directories, +like the Unix \fB\s-1PATH\s0\fR variable. +If that is not set then the default directory (installation-specific +but often \fI/usr/local/ssl/certs\fR) is processed. +.PP +In order for a directory to be processed, the user must have write +permissions on that directory, otherwise an error will be generated. +.PP +The links created are of the form \fI\s-1HHHHHHHH\s0.D\fR, where each \fIH\fR +is a hexadecimal character and \fID\fR is a single decimal digit. +When a directory is processed, all links in it that have a name +in that syntax are first removed, even if they are being used for +some other purpose. +To skip the removal step, use the \fB\-n\fR flag. +Hashes for \s-1CRL\s0's look similar except the letter \fBr\fR appears after +the period, like this: \fI\s-1HHHHHHHH\s0.\fR\fBr\fR\fID\fR. +.PP +Multiple objects may have the same hash; they will be indicated by +incrementing the \fID\fR value. Duplicates are found by comparing the +full \s-1SHA\-1\s0 fingerprint. A warning will be displayed if a duplicate +is found. +.PP +A warning will also be displayed if there are files that +cannot be parsed as either a certificate or a \s-1CRL\s0 or if +more than one such object appears in the file. +.SS "Script Configuration" +.IX Subsection "Script Configuration" +The \fBc_rehash\fR script +uses the \fBopenssl\fR program to compute the hashes and +fingerprints. If not found in the user's \fB\s-1PATH\s0\fR, then set the +\&\fB\s-1OPENSSL\s0\fR environment variable to the full pathname. +Any program can be used, it will be invoked as follows for either +a certificate or \s-1CRL:\s0 +.PP +.Vb 2 +\& $OPENSSL x509 \-hash \-fingerprint \-noout \-in FILENAME +\& $OPENSSL crl \-hash \-fingerprint \-noout \-in FILENAME +.Ve +.PP +where \fI\s-1FILENAME\s0\fR is the filename. It must output the hash of the +file on the first line, and the fingerprint on the second, +optionally prefixed with some text and an equals sign. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR \fB\-h\fR" 4 +.IX Item "-help -h" +Display a brief usage message. +.IP "\fB\-old\fR" 4 +.IX Item "-old" +Use old-style hashing (\s-1MD5\s0, as opposed to \s-1SHA\-1\s0) for generating +links to be used for releases before 1.0.0. +Note that current versions will not use the old style. +.IP "\fB\-n\fR" 4 +.IX Item "-n" +Do not remove existing links. +This is needed when keeping new and old-style links in the same directory. +.IP "\fB\-compat\fR" 4 +.IX Item "-compat" +Generate links for both old-style (\s-1MD5\s0) and new-style (\s-1SHA1\s0) hashing. +This allows releases before 1.0.0 to use these links along-side newer +releases. +.IP "\fB\-v\fR" 4 +.IX Item "-v" +Print messages about old links removed and new links created. +By default, this command only lists each directory as it is processed. +.SH "ENVIRONMENT" +.IX Header "ENVIRONMENT" +.IP "\fB\s-1OPENSSL\s0\fR" 4 +.IX Item "OPENSSL" +The path to an executable to use to generate hashes and +fingerprints (see above). +.IP "\fB\s-1SSL_CERT_DIR\s0\fR" 4 +.IX Item "SSL_CERT_DIR" +Colon separated list of directories to operate on. +Ignored if directories are listed on the command line. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIopenssl\-crl\fR\|(1), +\&\fIopenssl\-x509\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man1/openssl-req.1 b/linux_amd64/share/man/man1/openssl-req.1 new file mode 100755 index 0000000..610ab3e --- /dev/null +++ b/linux_amd64/share/man/man1/openssl-req.1 @@ -0,0 +1,778 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-REQ 1" +.TH OPENSSL-REQ 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-req \- PKCS#10 certificate request and certificate generating utility +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBreq\fR +[\fB\-help\fR] +[\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-in\fR \fIfilename\fR] +[\fB\-passin\fR \fIarg\fR] +[\fB\-out\fR \fIfilename\fR] +[\fB\-passout\fR \fIarg\fR] +[\fB\-text\fR] +[\fB\-pubkey\fR] +[\fB\-noout\fR] +[\fB\-verify\fR] +[\fB\-modulus\fR] +[\fB\-new\fR] +[\fB\-newkey\fR \fIarg\fR] +[\fB\-pkeyopt\fR \fIopt\fR:\fIvalue\fR] +[\fB\-nodes\fR] +[\fB\-key\fR \fIfilename\fR] +[\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-keyout\fR \fIfilename\fR] +[\fB\-keygen_engine\fR \fIid\fR] +[\fB\-\f(BIdigest\fB\fR] +[\fB\-config\fR \fIfilename\fR] +[\fB\-multivalue\-rdn\fR] +[\fB\-x509\fR] +[\fB\-days\fR \fIn\fR] +[\fB\-set_serial\fR \fIn\fR] +[\fB\-newhdr\fR] +[\fB\-addext\fR \fIext\fR] +[\fB\-extensions\fR \fIsection\fR] +[\fB\-reqexts\fR \fIsection\fR] +[\fB\-precert\fR] +[\fB\-utf8\fR] +[\fB\-reqopt\fR] +[\fB\-subject\fR] +[\fB\-subj\fR \fIarg\fR] +[\fB\-sigopt\fR \fInm\fR:\fIv\fR] +[\fB\-batch\fR] +[\fB\-verbose\fR] +[\fB\-sm2\-id\fR \fIstring\fR] +[\fB\-sm2\-hex\-id\fR \fIhex-string\fR] +[\fB\-nameopt\fR \fIoption\fR] +[\fB\-rand\fR \fIfiles\fR] +[\fB\-writerand\fR \fIfile\fR] +[\fB\-engine\fR \fIid\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command primarily creates and processes certificate requests +in PKCS#10 format. It can additionally create self signed certificates +for use as root CAs for example. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR, \fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IX Item "-inform DER|PEM, -outform DER|PEM" +The input and formats; the default is \fB\s-1PEM\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.Sp +The data is a PKCS#10 object. +.IP "\fB\-in\fR \fIfilename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read a request from or standard input +if this option is not specified. A request is only read if the creation +options (\fB\-new\fR and \fB\-newkey\fR) are not specified. +.IP "\fB\-sigopt\fR \fInm\fR:\fIv\fR" 4 +.IX Item "-sigopt nm:v" +Pass options to the signature algorithm during sign or verify operations. +Names and values of these options are algorithm-specific. +.IP "\fB\-passin\fR \fIarg\fR, \fB\-passout\fR \fIarg\fR" 4 +.IX Item "-passin arg, -passout arg" +The password source for the input and output file. +For more information about the format of \fBarg\fR +see \*(L"Pass Phrase Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +This specifies the output filename to write to or standard output by +default. +.IP "\fB\-text\fR" 4 +.IX Item "-text" +Prints out the certificate request in text form. +.IP "\fB\-subject\fR" 4 +.IX Item "-subject" +Prints out the request subject (or certificate subject if \fB\-x509\fR is +specified) +.IP "\fB\-pubkey\fR" 4 +.IX Item "-pubkey" +Outputs the public key. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +This option prevents output of the encoded version of the request. +.IP "\fB\-modulus\fR" 4 +.IX Item "-modulus" +This option prints out the value of the modulus of the public key +contained in the request. +.IP "\fB\-verify\fR" 4 +.IX Item "-verify" +Verifies the signature on the request. +.IP "\fB\-new\fR" 4 +.IX Item "-new" +This option generates a new certificate request. It will prompt +the user for the relevant field values. The actual fields +prompted for and their maximum and minimum sizes are specified +in the configuration file and any requested extensions. +.Sp +If the \fB\-key\fR option is not used it will generate a new \s-1RSA\s0 private +key using information specified in the configuration file. +.IP "\fB\-newkey\fR \fIarg\fR" 4 +.IX Item "-newkey arg" +This option creates a new certificate request and a new private +key. The argument takes one of several forms. +.Sp +\&\fBrsa:\fR\fInbits\fR, where +\&\fInbits\fR is the number of bits, generates an \s-1RSA\s0 key \fInbits\fR +in size. If \fInbits\fR is omitted, i.e. \fB\-newkey\fR \fIrsa\fR specified, +the default key size, specified in the configuration file is used. +.Sp +All other algorithms support the \fB\-newkey\fR \fIalg\fR:\fIfile\fR form, where file +may be an algorithm parameter file, created with \f(CW\*(C`openssl genpkey \-genparam\*(C'\fR +or an X.509 certificate for a key with appropriate algorithm. +.Sp +\&\fBparam:\fR\fIfile\fR generates a key using the parameter file or certificate +\&\fIfile\fR, the algorithm is determined by the parameters. \fIalgname\fR:\fIfile\fR +use algorithm \fIalgname\fR and parameter file \fIfile\fR: the two algorithms must +match or an error occurs. \fIalgname\fR just uses algorithm \fIalgname\fR, and +parameters, if necessary should be specified via \fB\-pkeyopt\fR parameter. +.Sp +\&\fBdsa:\fR\fIfilename\fR generates a \s-1DSA\s0 key using the parameters +in the file \fIfilename\fR. \fBec:\fR\fIfilename\fR generates \s-1EC\s0 key (usable both with +\&\s-1ECDSA\s0 or \s-1ECDH\s0 algorithms), \fBgost2001:\fR\fIfilename\fR generates \s-1GOST\s0 R +34.10\-2001 key (requires \fBgost\fR engine configured in the configuration +file). If just \fBgost2001\fR is specified a parameter set should be +specified by \fB\-pkeyopt\fR \fIparamset:X\fR +.IP "\fB\-pkeyopt\fR \fIopt\fR:\fIvalue\fR" 4 +.IX Item "-pkeyopt opt:value" +Set the public key algorithm option \fIopt\fR to \fIvalue\fR. The precise set of +options supported depends on the public key algorithm used and its +implementation. +See \*(L"\s-1KEY\s0 \s-1GENERATION\s0 \s-1OPTIONS\s0\*(R" in \fIopenssl\-genpkey\fR\|(1) for more details. +.IP "\fB\-key\fR \fIfilename\fR" 4 +.IX Item "-key filename" +This specifies the file to read the private key from. It also +accepts PKCS#8 format private keys for \s-1PEM\s0 format files. +.IP "\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IX Item "-keyform DER|PEM" +The format of the private key; the default is \fB\s-1PEM\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-keyout\fR \fIfilename\fR" 4 +.IX Item "-keyout filename" +This gives the filename to write the newly created private key to. +If this option is not specified then the filename present in the +configuration file is used. +.IP "\fB\-nodes\fR" 4 +.IX Item "-nodes" +If this option is specified then if a private key is created it +will not be encrypted. +.IP "\fB\-\f(BIdigest\fB\fR" 4 +.IX Item "-digest" +This specifies the message digest to sign the request. +Any digest supported by the OpenSSL \fBdgst\fR command can be used. +This overrides the digest algorithm specified in +the configuration file. +.Sp +Some public key algorithms may override this choice. For instance, \s-1DSA\s0 +signatures always use \s-1SHA1\s0, \s-1GOST\s0 R 34.10 signatures always use +\&\s-1GOST\s0 R 34.11\-94 (\fB\-md_gost94\fR), Ed25519 and Ed448 never use any digest. +.IP "\fB\-config\fR \fIfilename\fR" 4 +.IX Item "-config filename" +This allows an alternative configuration file to be specified. +Optional; for a description of the default value, +see \*(L"\s-1COMMAND\s0 \s-1SUMMARY\s0\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-subj\fR \fIarg\fR" 4 +.IX Item "-subj arg" +Sets subject name for new request or supersedes the subject name +when processing a request. +The arg must be formatted as \f(CW\*(C`/type0=value0/type1=value1/type2=...\*(C'\fR. +Keyword characters may be escaped by \e (backslash), and whitespace is retained. +Empty values are permitted, but the corresponding type will not be included +in the request. +.IP "\fB\-multivalue\-rdn\fR" 4 +.IX Item "-multivalue-rdn" +This option causes the \-subj argument to be interpreted with full +support for multivalued RDNs. Example: +.Sp +\&\f(CW\*(C`/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe\*(C'\fR +.Sp +If \-multi\-rdn is not used then the \s-1UID\s0 value is \f(CW\*(C`123456+CN=John Doe\*(C'\fR. +.IP "\fB\-x509\fR" 4 +.IX Item "-x509" +This option outputs a self signed certificate instead of a certificate +request. This is typically used to generate a test certificate or +a self signed root \s-1CA\s0. The extensions added to the certificate +(if any) are specified in the configuration file. Unless specified +using the \fB\-set_serial\fR option, a large random number will be used for +the serial number. +.Sp +If existing request is specified with the \fB\-in\fR option, it is converted +to the self signed certificate otherwise new request is created. +.IP "\fB\-days\fR \fIn\fR" 4 +.IX Item "-days n" +When the \fB\-x509\fR option is being used this specifies the number of +days to certify the certificate for, otherwise it is ignored. \fIn\fR should +be a positive integer. The default is 30 days. +.IP "\fB\-set_serial\fR \fIn\fR" 4 +.IX Item "-set_serial n" +Serial number to use when outputting a self signed certificate. This +may be specified as a decimal value or a hex value if preceded by \f(CW\*(C`0x\*(C'\fR. +.IP "\fB\-addext\fR \fIext\fR" 4 +.IX Item "-addext ext" +Add a specific extension to the certificate (if the \fB\-x509\fR option is +present) or certificate request. The argument must have the form of +a key=value pair as it would appear in a config file. +.Sp +This option can be given multiple times. +.IP "\fB\-extensions\fR \fIsection\fR" 4 +.IX Item "-extensions section" +.PD 0 +.IP "\fB\-reqexts\fR \fIsection\fR" 4 +.IX Item "-reqexts section" +.PD +These options specify alternative sections to include certificate +extensions (if the \fB\-x509\fR option is present) or certificate +request extensions. This allows several different sections to +be used in the same configuration file to specify requests for +a variety of purposes. +.IP "\fB\-precert\fR" 4 +.IX Item "-precert" +A poison extension will be added to the certificate, making it a +\&\*(L"pre-certificate\*(R" (see \s-1RFC6962\s0). This can be submitted to Certificate +Transparency logs in order to obtain signed certificate timestamps (SCTs). +These SCTs can then be embedded into the pre-certificate as an extension, before +removing the poison and signing the certificate. +.Sp +This implies the \fB\-new\fR flag. +.IP "\fB\-utf8\fR" 4 +.IX Item "-utf8" +This option causes field values to be interpreted as \s-1UTF8\s0 strings, by +default they are interpreted as \s-1ASCII\s0. This means that the field +values, whether prompted from a terminal or obtained from a +configuration file, must be valid \s-1UTF8\s0 strings. +.IP "\fB\-reqopt\fR \fIoption\fR" 4 +.IX Item "-reqopt option" +Customise the output format used with \fB\-text\fR. The \fIoption\fR argument can be +a single option or multiple options separated by commas. +.Sp +See discussion of the \fB\-certopt\fR parameter in the \fIopenssl\-x509\fR\|(1) +command. +.IP "\fB\-newhdr\fR" 4 +.IX Item "-newhdr" +Adds the word \fB\s-1NEW\s0\fR to the \s-1PEM\s0 file header and footer lines on the outputted +request. Some software (Netscape certificate server) and some CAs need this. +.IP "\fB\-batch\fR" 4 +.IX Item "-batch" +Non-interactive mode. +.IP "\fB\-verbose\fR" 4 +.IX Item "-verbose" +Print extra details about the operations being performed. +.IP "\fB\-keygen_engine\fR \fIid\fR" 4 +.IX Item "-keygen_engine id" +Specifies an engine (by its unique \fIid\fR string) which would be used +for key generation operations. +.IP "\fB\-sm2\-id\fR" 4 +.IX Item "-sm2-id" +Specify the \s-1ID\s0 string to use when verifying an \s-1SM2\s0 certificate request. The \s-1ID\s0 +string is required by the \s-1SM2\s0 signature algorithm for signing and verification. +.IP "\fB\-sm2\-hex\-id\fR" 4 +.IX Item "-sm2-hex-id" +Specify a binary \s-1ID\s0 string to use when verifying an \s-1SM2\s0 certificate request. The +argument for this option is string of hexadecimal digits. +.IP "\fB\-nameopt\fR \fIoption\fR" 4 +.IX Item "-nameopt option" +This specifies how the subject or issuer names are displayed. +See \*(L"Name Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 +.IX Item "-rand files, -writerand file" +See \*(L"Random State Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +See \*(L"Engine Options\*(R" in \fIopenssl\fR\|(1). +.SH "CONFIGURATION FILE FORMAT" +.IX Header "CONFIGURATION FILE FORMAT" +The configuration options are specified in the \fBreq\fR section of +the configuration file. As with all configuration files if no +value is specified in the specific section (i.e. \fBreq\fR) then +the initial unnamed or \fBdefault\fR section is searched too. +.PP +The options available are described in detail below. +.IP "\fBinput_password output_password\fR" 4 +.IX Item "input_password output_password" +The passwords for the input private key file (if present) and +the output private key file (if one will be created). The +command line options \fBpassin\fR and \fBpassout\fR override the +configuration file values. +.IP "\fBdefault_bits\fR" 4 +.IX Item "default_bits" +Specifies the default key size in bits. +.Sp +This option is used in conjunction with the \fB\-new\fR option to generate +a new key. It can be overridden by specifying an explicit key size in +the \fB\-newkey\fR option. The smallest accepted key size is 512 bits. If +no key size is specified then 2048 bits is used. +.IP "\fBdefault_keyfile\fR" 4 +.IX Item "default_keyfile" +This is the default filename to write a private key to. If not +specified the key is written to standard output. This can be +overridden by the \fB\-keyout\fR option. +.IP "\fBoid_file\fR" 4 +.IX Item "oid_file" +This specifies a file containing additional \fB\s-1OBJECT\s0 \s-1IDENTIFIERS\s0\fR. +Each line of the file should consist of the numerical form of the +object identifier followed by white space then the short name followed +by white space and finally the long name. +.IP "\fBoid_section\fR" 4 +.IX Item "oid_section" +This specifies a section in the configuration file containing extra +object identifiers. Each line should consist of the short name of the +object identifier followed by \fB=\fR and the numerical form. The short +and long names are the same when this option is used. +.IP "\fB\s-1RANDFILE\s0\fR" 4 +.IX Item "RANDFILE" +At startup the specified file is loaded into the random number generator, +and at exit 256 bytes will be written to it. +It is used for private key generation. +.IP "\fBencrypt_key\fR" 4 +.IX Item "encrypt_key" +If this is set to \fBno\fR then if a private key is generated it is +\&\fBnot\fR encrypted. This is equivalent to the \fB\-nodes\fR command line +option. For compatibility \fBencrypt_rsa_key\fR is an equivalent option. +.IP "\fBdefault_md\fR" 4 +.IX Item "default_md" +This option specifies the digest algorithm to use. Any digest supported by the +OpenSSL \fBdgst\fR command can be used. This option can be overridden on the +command line. Certain signing algorithms (i.e. Ed25519 and Ed448) will ignore +any digest that has been set. +.IP "\fBstring_mask\fR" 4 +.IX Item "string_mask" +This option masks out the use of certain string types in certain +fields. Most users will not need to change this option. +.Sp +It can be set to several values \fBdefault\fR which is also the default +option uses PrintableStrings, T61Strings and BMPStrings if the +\&\fBpkix\fR value is used then only PrintableStrings and BMPStrings will +be used. This follows the \s-1PKIX\s0 recommendation in \s-1RFC2459\s0. If the +\&\fButf8only\fR option is used then only UTF8Strings will be used: this +is the \s-1PKIX\s0 recommendation in \s-1RFC2459\s0 after 2003. Finally the \fBnombstr\fR +option just uses PrintableStrings and T61Strings: certain software has +problems with BMPStrings and UTF8Strings: in particular Netscape. +.IP "\fBreq_extensions\fR" 4 +.IX Item "req_extensions" +This specifies the configuration file section containing a list of +extensions to add to the certificate request. It can be overridden +by the \fB\-reqexts\fR command line switch. See the +\&\fIx509v3_config\fR\|(5) manual page for details of the +extension section format. +.IP "\fBx509_extensions\fR" 4 +.IX Item "x509_extensions" +This specifies the configuration file section containing a list of +extensions to add to certificate generated when the \fB\-x509\fR switch +is used. It can be overridden by the \fB\-extensions\fR command line switch. +.IP "\fBprompt\fR" 4 +.IX Item "prompt" +If set to the value \fBno\fR this disables prompting of certificate fields +and just takes values from the config file directly. It also changes the +expected format of the \fBdistinguished_name\fR and \fBattributes\fR sections. +.IP "\fButf8\fR" 4 +.IX Item "utf8" +If set to the value \fByes\fR then field values to be interpreted as \s-1UTF8\s0 +strings, by default they are interpreted as \s-1ASCII\s0. This means that +the field values, whether prompted from a terminal or obtained from a +configuration file, must be valid \s-1UTF8\s0 strings. +.IP "\fBattributes\fR" 4 +.IX Item "attributes" +This specifies the section containing any request attributes: its format +is the same as \fBdistinguished_name\fR. Typically these may contain the +challengePassword or unstructuredName types. They are currently ignored +by OpenSSL's request signing utilities but some CAs might want them. +.IP "\fBdistinguished_name\fR" 4 +.IX Item "distinguished_name" +This specifies the section containing the distinguished name fields to +prompt for when generating a certificate or certificate request. The format +is described in the next section. +.SH "DISTINGUISHED NAME AND ATTRIBUTE SECTION FORMAT" +.IX Header "DISTINGUISHED NAME AND ATTRIBUTE SECTION FORMAT" +There are two separate formats for the distinguished name and attribute +sections. If the \fBprompt\fR option is set to \fBno\fR then these sections +just consist of field names and values: for example, +.PP +.Vb 3 +\& CN=My Name +\& OU=My Organization +\& emailAddress=someone@somewhere.org +.Ve +.PP +This allows external programs (e.g. \s-1GUI\s0 based) to generate a template file with +all the field names and values and just pass it to this command. An example +of this kind of configuration file is contained in the \fB\s-1EXAMPLES\s0\fR section. +.PP +Alternatively if the \fBprompt\fR option is absent or not set to \fBno\fR then the +file contains field prompting information. It consists of lines of the form: +.PP +.Vb 4 +\& fieldName="prompt" +\& fieldName_default="default field value" +\& fieldName_min= 2 +\& fieldName_max= 4 +.Ve +.PP +\&\*(L"fieldName\*(R" is the field name being used, for example commonName (or \s-1CN\s0). +The \*(L"prompt\*(R" string is used to ask the user to enter the relevant +details. If the user enters nothing then the default value is used if no +default value is present then the field is omitted. A field can +still be omitted if a default value is present if the user just +enters the '.' character. +.PP +The number of characters entered must be between the fieldName_min and +fieldName_max limits: there may be additional restrictions based +on the field being used (for example countryName can only ever be +two characters long and must fit in a PrintableString). +.PP +Some fields (such as organizationName) can be used more than once +in a \s-1DN\s0. This presents a problem because configuration files will +not recognize the same name occurring twice. To avoid this problem +if the fieldName contains some characters followed by a full stop +they will be ignored. So for example a second organizationName can +be input by calling it \*(L"1.organizationName\*(R". +.PP +The actual permitted field names are any object identifier short or +long names. These are compiled into OpenSSL and include the usual +values such as commonName, countryName, localityName, organizationName, +organizationalUnitName, stateOrProvinceName. Additionally emailAddress +is included as well as name, surname, givenName, initials, and dnQualifier. +.PP +Additional object identifiers can be defined with the \fBoid_file\fR or +\&\fBoid_section\fR options in the configuration file. Any additional fields +will be treated as though they were a DirectoryString. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Examine and verify certificate request: +.PP +.Vb 1 +\& openssl req \-in req.pem \-text \-verify \-noout +.Ve +.PP +Create a private key and then generate a certificate request from it: +.PP +.Vb 2 +\& openssl genrsa \-out key.pem 2048 +\& openssl req \-new \-key key.pem \-out req.pem +.Ve +.PP +The same but just using req: +.PP +.Vb 1 +\& openssl req \-newkey rsa:2048 \-keyout key.pem \-out req.pem +.Ve +.PP +Generate a self signed root certificate: +.PP +.Vb 1 +\& openssl req \-x509 \-newkey rsa:2048 \-keyout key.pem \-out req.pem +.Ve +.PP +Create an \s-1SM2\s0 private key and then generate a certificate request from it: +.PP +.Vb 2 +\& openssl ecparam \-genkey \-name SM2 \-out sm2.key +\& openssl req \-new \-key sm2.key \-out sm2.csr \-sm3 \-sigopt "sm2_id:1234567812345678" +.Ve +.PP +Examine and verify an \s-1SM2\s0 certificate request: +.PP +.Vb 1 +\& openssl req \-verify \-in sm2.csr \-sm3 \-sm2\-id 1234567812345678 +.Ve +.PP +Example of a file pointed to by the \fBoid_file\fR option: +.PP +.Vb 2 +\& 1.2.3.4 shortName A longer Name +\& 1.2.3.6 otherName Other longer Name +.Ve +.PP +Example of a section pointed to by \fBoid_section\fR making use of variable +expansion: +.PP +.Vb 2 +\& testoid1=1.2.3.5 +\& testoid2=${testoid1}.6 +.Ve +.PP +Sample configuration file prompting for field values: +.PP +.Vb 6 +\& [ req ] +\& default_bits = 2048 +\& default_keyfile = privkey.pem +\& distinguished_name = req_distinguished_name +\& attributes = req_attributes +\& req_extensions = v3_ca +\& +\& dirstring_type = nobmp +\& +\& [ req_distinguished_name ] +\& countryName = Country Name (2 letter code) +\& countryName_default = AU +\& countryName_min = 2 +\& countryName_max = 2 +\& +\& localityName = Locality Name (eg, city) +\& +\& organizationalUnitName = Organizational Unit Name (eg, section) +\& +\& commonName = Common Name (eg, YOUR name) +\& commonName_max = 64 +\& +\& emailAddress = Email Address +\& emailAddress_max = 40 +\& +\& [ req_attributes ] +\& challengePassword = A challenge password +\& challengePassword_min = 4 +\& challengePassword_max = 20 +\& +\& [ v3_ca ] +\& +\& subjectKeyIdentifier=hash +\& authorityKeyIdentifier=keyid:always,issuer:always +\& basicConstraints = critical, CA:true +.Ve +.PP +Sample configuration containing all field values: +.PP +.Vb 7 +\& [ req ] +\& default_bits = 2048 +\& default_keyfile = keyfile.pem +\& distinguished_name = req_distinguished_name +\& attributes = req_attributes +\& prompt = no +\& output_password = mypass +\& +\& [ req_distinguished_name ] +\& C = GB +\& ST = Test State or Province +\& L = Test Locality +\& O = Organization Name +\& OU = Organizational Unit Name +\& CN = Common Name +\& emailAddress = test@email.address +\& +\& [ req_attributes ] +\& challengePassword = A challenge password +.Ve +.PP +Example of giving the most common attributes (subject and extensions) +on the command line: +.PP +.Vb 4 +\& openssl req \-new \-subj "/C=GB/CN=foo" \e +\& \-addext "subjectAltName = DNS:foo.co.uk" \e +\& \-addext "certificatePolicies = 1.2.3.4" \e +\& \-newkey rsa:2048 \-keyout key.pem \-out req.pem +.Ve +.SH "NOTES" +.IX Header "NOTES" +The certificate requests generated by \fBXenroll\fR with \s-1MSIE\s0 have extensions +added. It includes the \fBkeyUsage\fR extension which determines the type of +key (signature only or general purpose) and any additional OIDs entered +by the script in an \fBextendedKeyUsage\fR extension. +.SH "DIAGNOSTICS" +.IX Header "DIAGNOSTICS" +The following messages are frequently asked about: +.PP +.Vb 2 +\& Using configuration from /some/path/openssl.cnf +\& Unable to load config info +.Ve +.PP +This is followed some time later by: +.PP +.Vb 2 +\& unable to find \*(Aqdistinguished_name\*(Aq in config +\& problems making Certificate Request +.Ve +.PP +The first error message is the clue: it can't find the configuration +file! Certain operations (like examining a certificate request) don't +need a configuration file so its use isn't enforced. Generation of +certificates or requests however does need a configuration file. This +could be regarded as a bug. +.PP +Another puzzling message is this: +.PP +.Vb 2 +\& Attributes: +\& a0:00 +.Ve +.PP +this is displayed when no attributes are present and the request includes +the correct empty \fB\s-1SET\s0 \s-1OF\s0\fR structure (the \s-1DER\s0 encoding of which is 0xa0 +0x00). If you just see: +.PP +.Vb 1 +\& Attributes: +.Ve +.PP +then the \fB\s-1SET\s0 \s-1OF\s0\fR is missing and the encoding is technically invalid (but +it is tolerated). See the description of the command line option \fB\-asn1\-kludge\fR +for more information. +.SH "BUGS" +.IX Header "BUGS" +OpenSSL's handling of T61Strings (aka TeletexStrings) is broken: it effectively +treats them as \s-1ISO\-8859\-1\s0 (Latin 1), Netscape and \s-1MSIE\s0 have similar behaviour. +This can cause problems if you need characters that aren't available in +PrintableStrings and you don't want to or can't use BMPStrings. +.PP +As a consequence of the T61String handling the only correct way to represent +accented characters in OpenSSL is to use a BMPString: unfortunately Netscape +currently chokes on these. If you have to use accented characters with Netscape +and \s-1MSIE\s0 then you currently need to use the invalid T61String form. +.PP +The current prompting is not very friendly. It doesn't allow you to confirm what +you've just entered. Other things like extensions in certificate requests are +statically defined in the configuration file. Some of these: like an email +address in subjectAltName should be input by the user. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIopenssl\-x509\fR\|(1), +\&\fIopenssl\-ca\fR\|(1), +\&\fIopenssl\-genrsa\fR\|(1), +\&\fIopenssl\-gendsa\fR\|(1), +\&\fIconfig\fR\|(5), +\&\fIx509v3_config\fR\|(5) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man1/openssl-rsa.1 b/linux_amd64/share/man/man1/openssl-rsa.1 new file mode 100755 index 0000000..cfdbeb4 --- /dev/null +++ b/linux_amd64/share/man/man1/openssl-rsa.1 @@ -0,0 +1,303 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-RSA 1" +.TH OPENSSL-RSA 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-rsa \- RSA key processing tool +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBrsa\fR +[\fB\-help\fR] +[\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-in\fR \fIfilename\fR] +[\fB\-passin\fR \fIarg\fR] +[\fB\-out\fR \fIfilename\fR] +[\fB\-passout\fR \fIarg\fR] +[\fB\-aes128\fR] +[\fB\-aes192\fR] +[\fB\-aes256\fR] +[\fB\-aria128\fR] +[\fB\-aria192\fR] +[\fB\-aria256\fR] +[\fB\-camellia128\fR] +[\fB\-camellia192\fR] +[\fB\-camellia256\fR] +[\fB\-des\fR] +[\fB\-des3\fR] +[\fB\-idea\fR] +[\fB\-text\fR] +[\fB\-noout\fR] +[\fB\-modulus\fR] +[\fB\-check\fR] +[\fB\-pubin\fR] +[\fB\-pubout\fR] +[\fB\-RSAPublicKey_in\fR] +[\fB\-RSAPublicKey_out\fR] +[\fB\-engine\fR \fIid\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command has been deprecated. +The \fIopenssl\-pkey\fR\|(1) command should be used instead. +.PP +This command processes \s-1RSA\s0 keys. They can be converted between +various forms and their components printed out. \fBNote\fR this command uses the +traditional SSLeay compatible format for private key encryption: newer +applications should use the more secure PKCS#8 format using the +\&\fIopenssl\-pkcs8\fR\|(1) command. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR, \fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IX Item "-inform DER|PEM, -outform DER|PEM" +The input and formats; the default is \fB\s-1PEM\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IX Item "-inform DER|PEM" +The data is a PKCS#1 \fBRSAPrivateKey\fR or \fBSubjectPublicKey\fR object. +On input, PKCS#8 format private keys are also accepted. +.IP "\fB\-in\fR \fIfilename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read a key from or standard input if this +option is not specified. If the key is encrypted a pass phrase will be +prompted for. +.IP "\fB\-passin\fR \fIarg\fR, \fB\-passout\fR \fIarg\fR" 4 +.IX Item "-passin arg, -passout arg" +The password source for the input and output file. +For more information about the format of \fBarg\fR +see \*(L"Pass Phrase Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +This specifies the output filename to write a key to or standard output if this +option is not specified. If any encryption options are set then a pass phrase +will be prompted for. The output filename should \fBnot\fR be the same as the input +filename. +.IP "\fB\-aes128\fR, \fB\-aes192\fR, \fB\-aes256\fR, \fB\-aria128\fR, \fB\-aria192\fR, \fB\-aria256\fR, \fB\-camellia128\fR, \fB\-camellia192\fR, \fB\-camellia256\fR, \fB\-des\fR, \fB\-des3\fR, \fB\-idea\fR" 4 +.IX Item "-aes128, -aes192, -aes256, -aria128, -aria192, -aria256, -camellia128, -camellia192, -camellia256, -des, -des3, -idea" +These options encrypt the private key with the specified +cipher before outputting it. A pass phrase is prompted for. +If none of these options is specified the key is written in plain text. This +means that this command can be used to remove the pass phrase from a key +by not giving any encryption option is given, or to add or change the pass +phrase by setting them. +These options can only be used with \s-1PEM\s0 format output files. +.IP "\fB\-text\fR" 4 +.IX Item "-text" +Prints out the various public or private key components in +plain text in addition to the encoded version. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +This option prevents output of the encoded version of the key. +.IP "\fB\-modulus\fR" 4 +.IX Item "-modulus" +This option prints out the value of the modulus of the key. +.IP "\fB\-check\fR" 4 +.IX Item "-check" +This option checks the consistency of an \s-1RSA\s0 private key. +.IP "\fB\-pubin\fR" 4 +.IX Item "-pubin" +By default a private key is read from the input file: with this +option a public key is read instead. +.IP "\fB\-pubout\fR" 4 +.IX Item "-pubout" +By default a private key is output: with this option a public +key will be output instead. This option is automatically set if +the input is a public key. +.IP "\fB\-RSAPublicKey_in\fR, \fB\-RSAPublicKey_out\fR" 4 +.IX Item "-RSAPublicKey_in, -RSAPublicKey_out" +Like \fB\-pubin\fR and \fB\-pubout\fR except \fBRSAPublicKey\fR format is used instead. +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +See \*(L"Engine Options\*(R" in \fIopenssl\fR\|(1). +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Examples equivalent to these can be found in the documentation for the +non-deprecated \fIopenssl\-pkey\fR\|(1) command. +.PP +To remove the pass phrase on an \s-1RSA\s0 private key: +.PP +.Vb 1 +\& openssl rsa \-in key.pem \-out keyout.pem +.Ve +.PP +To encrypt a private key using triple \s-1DES:\s0 +.PP +.Vb 1 +\& openssl rsa \-in key.pem \-des3 \-out keyout.pem +.Ve +.PP +To convert a private key from \s-1PEM\s0 to \s-1DER\s0 format: +.PP +.Vb 1 +\& openssl rsa \-in key.pem \-outform DER \-out keyout.der +.Ve +.PP +To print out the components of a private key to standard output: +.PP +.Vb 1 +\& openssl rsa \-in key.pem \-text \-noout +.Ve +.PP +To just output the public part of a private key: +.PP +.Vb 1 +\& openssl rsa \-in key.pem \-pubout \-out pubkey.pem +.Ve +.PP +Output the public part of a private key in \fBRSAPublicKey\fR format: +.PP +.Vb 1 +\& openssl rsa \-in key.pem \-RSAPublicKey_out \-out pubkey.pem +.Ve +.SH "BUGS" +.IX Header "BUGS" +There should be an option that automatically handles \fI.key\fR files, +without having to manually edit them. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIopenssl\-pkey\fR\|(1), +\&\fIopenssl\-pkcs8\fR\|(1), +\&\fIopenssl\-dsa\fR\|(1), +\&\fIopenssl\-genrsa\fR\|(1), +\&\fIopenssl\-gendsa\fR\|(1) +.SH "HISTORY" +.IX Header "HISTORY" +This command was deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man1/openssl-rsautl.1 b/linux_amd64/share/man/man1/openssl-rsautl.1 new file mode 100755 index 0000000..b98b35b --- /dev/null +++ b/linux_amd64/share/man/man1/openssl-rsautl.1 @@ -0,0 +1,362 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-RSAUTL 1" +.TH OPENSSL-RSAUTL 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-rsautl \- RSA utility +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBrsautl\fR +[\fB\-help\fR] +[\fB\-in\fR \fIfile\fR] +[\fB\-passin\fR \fIarg\fR] +[\fB\-rev\fR] +[\fB\-out\fR \fIfile\fR] +[\fB\-inkey\fR \fIfile\fR] +[\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1ENGINE\s0\fR] +[\fB\-pubin\fR] +[\fB\-certin\fR] +[\fB\-sign\fR] +[\fB\-verify\fR] +[\fB\-encrypt\fR] +[\fB\-decrypt\fR] +[\fB\-pkcs\fR] +[\fB\-x931\fR] +[\fB\-oaep\fR] +[\fB\-ssl\fR] +[\fB\-raw\fR] +[\fB\-pkcs\fR] +[\fB\-ssl\fR] +[\fB\-raw\fR] +[\fB\-hexdump\fR] +[\fB\-asn1parse\fR] +[\fB\-engine\fR \fIid\fR] +[\fB\-rand\fR \fIfiles\fR] +[\fB\-writerand\fR \fIfile\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command has been deprecated. +The \fIopenssl\-pkeyutl\fR\|(1) command should be used instead. +.PP +This command can be used to sign, verify, encrypt and decrypt +data using the \s-1RSA\s0 algorithm. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-in\fR \fIfilename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read data from or standard input +if this option is not specified. +.IP "\fB\-passin\fR \fIarg\fR" 4 +.IX Item "-passin arg" +The passphrase used in the output file. +See see \*(L"Pass Phrase Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-rev\fR" 4 +.IX Item "-rev" +Reverse the order of the input. +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +Specifies the output filename to write to or standard output by +default. +.IP "\fB\-inkey\fR \fIfile\fR" 4 +.IX Item "-inkey file" +The input key file, by default it should be an \s-1RSA\s0 private key. +.IP "\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1ENGINE\s0\fR" 4 +.IX Item "-keyform DER|PEM|ENGINE" +The key format; the default is \fB\s-1PEM\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-pubin\fR" 4 +.IX Item "-pubin" +The input file is an \s-1RSA\s0 public key. +.IP "\fB\-certin\fR" 4 +.IX Item "-certin" +The input is a certificate containing an \s-1RSA\s0 public key. +.IP "\fB\-sign\fR" 4 +.IX Item "-sign" +Sign the input data and output the signed result. This requires +an \s-1RSA\s0 private key. +.IP "\fB\-verify\fR" 4 +.IX Item "-verify" +Verify the input data and output the recovered data. +.IP "\fB\-encrypt\fR" 4 +.IX Item "-encrypt" +Encrypt the input data using an \s-1RSA\s0 public key. +.IP "\fB\-decrypt\fR" 4 +.IX Item "-decrypt" +Decrypt the input data using an \s-1RSA\s0 private key. +.IP "\fB\-pkcs\fR, \fB\-oaep\fR, \fB\-x931\fR \fB\-ssl\fR, \fB\-raw\fR" 4 +.IX Item "-pkcs, -oaep, -x931 -ssl, -raw" +The padding to use: PKCS#1 v1.5 (the default), PKCS#1 \s-1OAEP\s0, +\&\s-1ANSI\s0 X9.31, +special padding used in \s-1SSL\s0 v2 backwards compatible handshakes, +or no padding, respectively. +For signatures, only \fB\-pkcs\fR and \fB\-raw\fR can be used. +.IP "\fB\-hexdump\fR" 4 +.IX Item "-hexdump" +Hex dump the output data. +.IP "\fB\-asn1parse\fR" 4 +.IX Item "-asn1parse" +Parse the \s-1ASN\s0.1 output data, this is useful when combined with the +\&\fB\-verify\fR option. +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +See \*(L"Engine Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 +.IX Item "-rand files, -writerand file" +See \*(L"Random State Options\*(R" in \fIopenssl\fR\|(1) for details. +.SH "NOTES" +.IX Header "NOTES" +Since this command uses the \s-1RSA\s0 algorithm directly, it can only be +used to sign or verify small pieces of data. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Examples equivalent to these can be found in the documentation for the +non-deprecated \fIopenssl\-pkeyutl\fR\|(1) command. +.PP +Sign some data using a private key: +.PP +.Vb 1 +\& openssl rsautl \-sign \-in file \-inkey key.pem \-out sig +.Ve +.PP +Recover the signed data +.PP +.Vb 1 +\& openssl rsautl \-verify \-in sig \-inkey key.pem +.Ve +.PP +Examine the raw signed data: +.PP +.Vb 1 +\& openssl rsautl \-verify \-in sig \-inkey key.pem \-raw \-hexdump +\& +\& 0000 \- 00 01 ff ff ff ff ff ff\-ff ff ff ff ff ff ff ff ................ +\& 0010 \- ff ff ff ff ff ff ff ff\-ff ff ff ff ff ff ff ff ................ +\& 0020 \- ff ff ff ff ff ff ff ff\-ff ff ff ff ff ff ff ff ................ +\& 0030 \- ff ff ff ff ff ff ff ff\-ff ff ff ff ff ff ff ff ................ +\& 0040 \- ff ff ff ff ff ff ff ff\-ff ff ff ff ff ff ff ff ................ +\& 0050 \- ff ff ff ff ff ff ff ff\-ff ff ff ff ff ff ff ff ................ +\& 0060 \- ff ff ff ff ff ff ff ff\-ff ff ff ff ff ff ff ff ................ +\& 0070 \- ff ff ff ff 00 68 65 6c\-6c 6f 20 77 6f 72 6c 64 .....hello world +.Ve +.PP +The PKCS#1 block formatting is evident from this. If this was done using +encrypt and decrypt the block would have been of type 2 (the second byte) +and random padding data visible instead of the 0xff bytes. +.PP +It is possible to analyse the signature of certificates using this +utility in conjunction with \fIopenssl\-asn1parse\fR\|(1). Consider the self signed +example in \fIcerts/pca\-cert.pem\fR. Running \fIopenssl\-asn1parse\fR\|(1) as follows +yields: +.PP +.Vb 1 +\& openssl asn1parse \-in pca\-cert.pem +\& +\& 0:d=0 hl=4 l= 742 cons: SEQUENCE +\& 4:d=1 hl=4 l= 591 cons: SEQUENCE +\& 8:d=2 hl=2 l= 3 cons: cont [ 0 ] +\& 10:d=3 hl=2 l= 1 prim: INTEGER :02 +\& 13:d=2 hl=2 l= 1 prim: INTEGER :00 +\& 16:d=2 hl=2 l= 13 cons: SEQUENCE +\& 18:d=3 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption +\& 29:d=3 hl=2 l= 0 prim: NULL +\& 31:d=2 hl=2 l= 92 cons: SEQUENCE +\& 33:d=3 hl=2 l= 11 cons: SET +\& 35:d=4 hl=2 l= 9 cons: SEQUENCE +\& 37:d=5 hl=2 l= 3 prim: OBJECT :countryName +\& 42:d=5 hl=2 l= 2 prim: PRINTABLESTRING :AU +\& .... +\& 599:d=1 hl=2 l= 13 cons: SEQUENCE +\& 601:d=2 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption +\& 612:d=2 hl=2 l= 0 prim: NULL +\& 614:d=1 hl=3 l= 129 prim: BIT STRING +.Ve +.PP +The final \s-1BIT\s0 \s-1STRING\s0 contains the actual signature. It can be extracted with: +.PP +.Vb 1 +\& openssl asn1parse \-in pca\-cert.pem \-out sig \-noout \-strparse 614 +.Ve +.PP +The certificate public key can be extracted with: +.PP +.Vb 1 +\& openssl x509 \-in test/testx509.pem \-pubkey \-noout >pubkey.pem +.Ve +.PP +The signature can be analysed with: +.PP +.Vb 1 +\& openssl rsautl \-in sig \-verify \-asn1parse \-inkey pubkey.pem \-pubin +\& +\& 0:d=0 hl=2 l= 32 cons: SEQUENCE +\& 2:d=1 hl=2 l= 12 cons: SEQUENCE +\& 4:d=2 hl=2 l= 8 prim: OBJECT :md5 +\& 14:d=2 hl=2 l= 0 prim: NULL +\& 16:d=1 hl=2 l= 16 prim: OCTET STRING +\& 0000 \- f3 46 9e aa 1a 4a 73 c9\-37 ea 93 00 48 25 08 b5 .F...Js.7...H%.. +.Ve +.PP +This is the parsed version of an \s-1ASN1\s0 DigestInfo structure. It can be seen that +the digest used was md5. The actual part of the certificate that was signed can +be extracted with: +.PP +.Vb 1 +\& openssl asn1parse \-in pca\-cert.pem \-out tbs \-noout \-strparse 4 +.Ve +.PP +and its digest computed with: +.PP +.Vb 2 +\& openssl md5 \-c tbs +\& MD5(tbs)= f3:46:9e:aa:1a:4a:73:c9:37:ea:93:00:48:25:08:b5 +.Ve +.PP +which it can be seen agrees with the recovered value above. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIopenssl\-pkeyutl\fR\|(1), +\&\fIopenssl\-dgst\fR\|(1), +\&\fIopenssl\-rsa\fR\|(1), +\&\fIopenssl\-genrsa\fR\|(1) +.SH "HISTORY" +.IX Header "HISTORY" +This command was deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man1/openssl-s_client.1 b/linux_amd64/share/man/man1/openssl-s_client.1 new file mode 100755 index 0000000..65ed2f5 --- /dev/null +++ b/linux_amd64/share/man/man1/openssl-s_client.1 @@ -0,0 +1,982 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-S_CLIENT 1" +.TH OPENSSL-S_CLIENT 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-s_client \- SSL/TLS client program +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBs_client\fR +[\fB\-help\fR] +[\fB\-ssl_config\fR \fIsection\fR] +[\fB\-connect\fR \fIhost:port\fR] +[\fB\-host\fR \fIhostname\fR] +[\fB\-port\fR \fIport\fR] +[\fB\-bind\fR \fIhost:port\fR] +[\fB\-proxy\fR \fIhost:port\fR] +[\fB\-proxy_user\fR \fIuserid\fR] +[\fB\-proxy_pass\fR \fIarg\fR] +[\fB\-unix\fR \fIpath\fR] +[\fB\-4\fR] +[\fB\-6\fR] +[\fB\-servername\fR \fIname\fR] +[\fB\-noservername\fR] +[\fB\-verify\fR \fIdepth\fR] +[\fB\-verify_return_error\fR] +[\fB\-verify_quiet\fR] +[\fB\-verifyCAfile\fR \fIfilename\fR] +[\fB\-verifyCApath\fR \fIdir\fR] +[\fB\-verifyCAstore\fR \fIuri\fR] +[\fB\-cert\fR \fIfilename\fR] +[\fB\-certform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-CRL\fR \fIfilename\fR] +[\fB\-CRLform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-crl_download\fR] +[\fB\-key\fR \fIfilename\fR] +[\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-cert_chain\fR \fIfilename\fR] +[\fB\-build_chain\fR] +[\fB\-pass\fR \fIarg\fR] +[\fB\-chainCApath\fR \fIdirectory\fR] +[\fB\-chainCAfile\fR \fIfilename\fR] +[\fB\-chainCAstore\fR \fIuri\fR] +[\fB\-requestCAfile\fR \fIfilename\fR] +[\fB\-dane_tlsa_domain\fR \fIdomain\fR] +[\fB\-dane_tlsa_rrdata\fR \fIrrdata\fR] +[\fB\-dane_ee_no_namechecks\fR] +[\fB\-build_chain\fR] +[\fB\-reconnect\fR] +[\fB\-showcerts\fR] +[\fB\-prexit\fR] +[\fB\-debug\fR] +[\fB\-trace\fR] +[\fB\-nocommands\fR] +[\fB\-security_debug\fR] +[\fB\-security_debug_verbose\fR] +[\fB\-msg\fR] +[\fB\-timeout\fR] +[\fB\-mtu\fR \fIsize\fR] +[\fB\-keymatexport\fR \fIlabel\fR] +[\fB\-keymatexportlen\fR \fIlen\fR] +[\fB\-msgfile\fR \fIfilename\fR] +[\fB\-nbio_test\fR] +[\fB\-state\fR] +[\fB\-nbio\fR] +[\fB\-crlf\fR] +[\fB\-ign_eof\fR] +[\fB\-no_ign_eof\fR] +[\fB\-psk_identity\fR \fIidentity\fR] +[\fB\-psk\fR \fIkey\fR] +[\fB\-psk_session\fR \fIfile\fR] +[\fB\-quiet\fR] +[\fB\-sctp\fR] +[\fB\-sctp_label_bug\fR] +[\fB\-fallback_scsv\fR] +[\fB\-async\fR] +[\fB\-maxfraglen\fR \fIlen\fR] +[\fB\-max_send_frag\fR] +[\fB\-split_send_frag\fR] +[\fB\-max_pipelines\fR] +[\fB\-read_buf\fR] +[\fB\-bugs\fR] +[\fB\-comp\fR] +[\fB\-no_comp\fR] +[\fB\-brief\fR] +[\fB\-allow_no_dhe_kex\fR] +[\fB\-sigalgs\fR \fIsigalglist\fR] +[\fB\-curves\fR \fIcurvelist\fR] +[\fB\-cipher\fR \fIcipherlist\fR] +[\fB\-ciphersuites\fR \fIval\fR] +[\fB\-serverpref\fR] +[\fB\-starttls\fR \fIprotocol\fR] +[\fB\-name\fR \fIhostname\fR] +[\fB\-xmpphost\fR \fIhostname\fR] +[\fB\-name\fR \fIhostname\fR] +[\fB\-tlsextdebug\fR] +[\fB\-no_ticket\fR] +[\fB\-sess_out\fR \fIfilename\fR] +[\fB\-serverinfo\fR \fItypes\fR] +[\fB\-sess_in\fR \fIfilename\fR] +[\fB\-serverinfo\fR \fItypes\fR] +[\fB\-status\fR] +[\fB\-alpn\fR \fIprotocols\fR] +[\fB\-nextprotoneg\fR \fIprotocols\fR] +[\fB\-ct\fR] +[\fB\-noct\fR] +[\fB\-ctlogfile\fR] +[\fB\-keylogfile\fR \fIfile\fR] +[\fB\-early_data\fR \fIfile\fR] +[\fB\-enable_pha\fR] +[\fB\-use_srtp\fR \fIvalue\fR] +[\fB\-srpuser\fR \fIvalue\fR] +[\fB\-srppass\fR \fIvalue\fR] +[\fB\-srp_lateuser\fR] +[\fB\-srp_moregroups\fR] +[\fB\-srp_strength\fR \fInumber\fR] +[\fB\-nameopt\fR \fIoption\fR] +[\fB\-no_ssl3\fR] +[\fB\-no_tls1\fR] +[\fB\-no_tls1_1\fR] +[\fB\-no_tls1_2\fR] +[\fB\-no_tls1_3\fR] +[\fB\-ssl3\fR] +[\fB\-tls1\fR] +[\fB\-tls1_1\fR] +[\fB\-tls1_2\fR] +[\fB\-tls1_3\fR] +[\fB\-dtls\fR] +[\fB\-dtls1\fR] +[\fB\-dtls1_2\fR] +[\fB\-xkey\fR] \fIinfile\fR +[\fB\-xcert\fR \fIfile\fR] +[\fB\-xchain\fR] \fIfile\fR +[\fB\-xchain_build\fR] \fIfile\fR +[\fB\-xcertform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR]> +[\fB\-xkeyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR]> +[\fB\-CAfile\fR \fIfile\fR] +[\fB\-no\-CAfile\fR] +[\fB\-CApath\fR \fIdir\fR] +[\fB\-no\-CApath\fR] +[\fB\-CAstore\fR \fIuri\fR] +[\fB\-no\-CAstore\fR] +[\fB\-bugs\fR] +[\fB\-no_comp\fR] +[\fB\-comp\fR] +[\fB\-no_ticket\fR] +[\fB\-serverpref\fR] +[\fB\-legacy_renegotiation\fR] +[\fB\-no_renegotiation\fR] +[\fB\-no_resumption_on_reneg\fR] +[\fB\-legacy_server_connect\fR] +[\fB\-no_legacy_server_connect\fR] +[\fB\-allow_no_dhe_kex\fR] +[\fB\-prioritize_chacha\fR] +[\fB\-strict\fR] +[\fB\-sigalgs\fR \fIalgs\fR] +[\fB\-client_sigalgs\fR \fIalgs\fR] +[\fB\-groups\fR \fIgroups\fR] +[\fB\-curves\fR \fIcurves\fR] +[\fB\-named_curve\fR \fIcurve\fR] +[\fB\-cipher\fR \fIciphers\fR] +[\fB\-ciphersuites\fR \fI1.3ciphers\fR] +[\fB\-min_protocol\fR \fIminprot\fR] +[\fB\-max_protocol\fR \fImaxprot\fR] +[\fB\-record_padding\fR \fIpadding\fR] +[\fB\-debug_broken_protocol\fR] +[\fB\-no_middlebox\fR] +[\fB\-rand\fR \fIfiles\fR] +[\fB\-writerand\fR \fIfile\fR] +[\fB\-engine\fR \fIid\fR] +[\fB\-ssl_client_engine\fR \fIid\fR] +[\fB\-allow_proxy_certs\fR] +[\fB\-attime\fR \fItimestamp\fR] +[\fB\-no_check_time\fR] +[\fB\-check_ss_sig\fR] +[\fB\-crl_check\fR] +[\fB\-crl_check_all\fR] +[\fB\-explicit_policy\fR] +[\fB\-extended_crl\fR] +[\fB\-ignore_critical\fR] +[\fB\-inhibit_any\fR] +[\fB\-inhibit_map\fR] +[\fB\-partial_chain\fR] +[\fB\-policy\fR \fIarg\fR] +[\fB\-policy_check\fR] +[\fB\-policy_print\fR] +[\fB\-purpose\fR \fIpurpose\fR] +[\fB\-suiteB_128\fR] +[\fB\-suiteB_128_only\fR] +[\fB\-suiteB_192\fR] +[\fB\-trusted_first\fR] +[\fB\-no_alt_chains\fR] +[\fB\-use_deltas\fR] +[\fB\-auth_level\fR \fInum\fR] +[\fB\-verify_depth\fR \fInum\fR] +[\fB\-verify_email\fR \fIemail\fR] +[\fB\-verify_hostname\fR \fIhostname\fR] +[\fB\-verify_ip\fR \fIip\fR] +[\fB\-verify_name\fR \fIname\fR] +[\fB\-x509_strict\fR] +[\fB\-issuer_checks\fR] +.PP +[\fIhost\fR:\fIport\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command implements a generic \s-1SSL/TLS\s0 client which +connects to a remote host using \s-1SSL/TLS\s0. It is a \fIvery\fR useful diagnostic +tool for \s-1SSL\s0 servers. +.SH "OPTIONS" +.IX Header "OPTIONS" +In addition to the options below, this command also supports the +common and client only options documented +in the \*(L"Supported Command Line Commands\*(R" section of the \fISSL_CONF_cmd\fR\|(3) +manual page. +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-ssl_config\fR \fIsection\fR" 4 +.IX Item "-ssl_config section" +Use the specified section of the configuration file to configure the \fB\s-1SSL_CTX\s0\fR object. +.IP "\fB\-connect\fR \fIhost\fR:\fIport\fR" 4 +.IX Item "-connect host:port" +This specifies the host and optional port to connect to. It is possible to +select the host and port using the optional target positional argument instead. +If neither this nor the target positional argument are specified then an attempt +is made to connect to the local host on port 4433. +.IP "\fB\-host\fR \fIhostname\fR" 4 +.IX Item "-host hostname" +Host to connect to; use \fB\-connect\fR instead. +.IP "\fB\-port\fR \fIport\fR" 4 +.IX Item "-port port" +Connect to the specified port; use \fB\-connect\fR instead. +.IP "\fB\-bind\fR \fIhost:port\fR" 4 +.IX Item "-bind host:port" +This specifies the host address and or port to bind as the source for the +connection. For Unix-domain sockets the port is ignored and the host is +used as the source socket address. +.IP "\fB\-proxy\fR \fIhost:port\fR" 4 +.IX Item "-proxy host:port" +When used with the \fB\-connect\fR flag, the program uses the host and port +specified with this flag and issues an \s-1HTTP\s0 \s-1CONNECT\s0 command to connect +to the desired server. +.IP "\fB\-proxy_user\fR \fIuserid\fR" 4 +.IX Item "-proxy_user userid" +When used with the \fB\-proxy\fR flag, the program will attempt to authenticate +with the specified proxy using basic (base64) authentication. +\&\s-1NB:\s0 Basic authentication is insecure; the credentials are sent to the proxy +in easily reversible base64 encoding before any \s-1TLS/SSL\s0 session is established. +Therefore these credentials are easily recovered by anyone able to sniff/trace +the network. Use with caution. +.IP "\fB\-proxy_pass\fR \fIarg\fR" 4 +.IX Item "-proxy_pass arg" +The proxy password source, used with the \fB\-proxy_user\fR flag. +For more information about the format of \fBarg\fR +see \*(L"Pass Phrase Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-unix\fR \fIpath\fR" 4 +.IX Item "-unix path" +Connect over the specified Unix-domain socket. +.IP "\fB\-4\fR" 4 +.IX Item "-4" +Use IPv4 only. +.IP "\fB\-6\fR" 4 +.IX Item "-6" +Use IPv6 only. +.IP "\fB\-servername\fR \fIname\fR" 4 +.IX Item "-servername name" +Set the \s-1TLS\s0 \s-1SNI\s0 (Server Name Indication) extension in the ClientHello message to +the given value. +If \fB\-servername\fR is not provided, the \s-1TLS\s0 \s-1SNI\s0 extension will be populated with +the name given to \fB\-connect\fR if it follows a \s-1DNS\s0 name format. If \fB\-connect\fR is +not provided either, the \s-1SNI\s0 is set to \*(L"localhost\*(R". +This is the default since OpenSSL 1.1.1. +.Sp +Even though \s-1SNI\s0 should normally be a \s-1DNS\s0 name and not an \s-1IP\s0 address, if +\&\fB\-servername\fR is provided then that name will be sent, regardless of whether +it is a \s-1DNS\s0 name or not. +.Sp +This option cannot be used in conjunction with \fB\-noservername\fR. +.IP "\fB\-noservername\fR" 4 +.IX Item "-noservername" +Suppresses sending of the \s-1SNI\s0 (Server Name Indication) extension in the +ClientHello message. Cannot be used in conjunction with the \fB\-servername\fR or +<\-dane_tlsa_domain> options. +.IP "\fB\-cert\fR \fIcertname\fR" 4 +.IX Item "-cert certname" +The certificate to use, if one is requested by the server. The default is +not to use a certificate. +.IP "\fB\-certform\fR \fIformat\fR" 4 +.IX Item "-certform format" +The certificate format to use: \s-1DER\s0 or \s-1PEM\s0. \s-1PEM\s0 is the default. +.IP "\fB\-CRL\fR \fIfilename\fR" 4 +.IX Item "-CRL filename" +\&\s-1CRL\s0 file to use to check the server's certificate. +.IP "\fB\-CRLform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IX Item "-CRLform DER|PEM" +The \s-1CRL\s0 format; the default is \fB\s-1PEM\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-crl_download\fR" 4 +.IX Item "-crl_download" +Download \s-1CRL\s0 from distribution points in the certificate. +.IP "\fB\-key\fR \fIkeyfile\fR" 4 +.IX Item "-key keyfile" +The private key to use. If not specified then the certificate file will +be used. +.IP "\fB\-keyform\fR \fIformat\fR" 4 +.IX Item "-keyform format" +The key format; the default is \fB\s-1PEM\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-cert_chain\fR" 4 +.IX Item "-cert_chain" +A file containing trusted certificates to use when attempting to build the +client/server certificate chain related to the certificate specified via the +\&\fB\-cert\fR option. +.IP "\fB\-build_chain\fR" 4 +.IX Item "-build_chain" +Specify whether the application should build the certificate chain to be +provided to the server. +.IP "\fB\-pass\fR \fIarg\fR" 4 +.IX Item "-pass arg" +the private key password source. For more information about the format of \fIarg\fR +see \*(L"Pass phrase options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-verify\fR \fIdepth\fR" 4 +.IX Item "-verify depth" +The verify depth to use. This specifies the maximum length of the +server certificate chain and turns on server certificate verification. +Currently the verify operation continues after errors so all the problems +with a certificate chain can be seen. As a side effect the connection +will never fail due to a server certificate verify failure. +.IP "\fB\-verify_return_error\fR" 4 +.IX Item "-verify_return_error" +Return verification errors instead of continuing. This will typically +abort the handshake with a fatal error. +.IP "\fB\-verify_quiet\fR" 4 +.IX Item "-verify_quiet" +Limit verify output to only errors. +.IP "\fB\-verifyCAfile\fR \fIfilename\fR" 4 +.IX Item "-verifyCAfile filename" +\&\s-1CA\s0 file for verifying the server's certificate, in \s-1PEM\s0 format. +.IP "\fB\-verifyCApath\fR \fIdir\fR" 4 +.IX Item "-verifyCApath dir" +Use the specified directory as a certificate store path to verify +the server's \s-1CA\s0 certificate. +.IP "\fB\-verifyCAstore\fR \fIuri\fR" 4 +.IX Item "-verifyCAstore uri" +Use the specified \s-1URI\s0 as a store \s-1URI\s0 to verify the server's certificate. +.IP "\fB\-chainCApath\fR \fIdirectory\fR" 4 +.IX Item "-chainCApath directory" +The directory to use for building the chain provided to the server. This +directory must be in \*(L"hash format\*(R", see \fIopenssl\-verify\fR\|(1) for more +information. +.IP "\fB\-chainCAfile\fR \fIfile\fR" 4 +.IX Item "-chainCAfile file" +A file containing trusted certificates to use when attempting to build the +client certificate chain. +.IP "\fB\-chainCAstore\fR \fIuri\fR" 4 +.IX Item "-chainCAstore uri" +The \s-1URI\s0 to use when attempting to build the client certificate chain. +.IP "\fB\-requestCAfile\fR \fIfile\fR" 4 +.IX Item "-requestCAfile file" +A file containing a list of certificates whose subject names will be sent +to the server in the \fBcertificate_authorities\fR extension. Only supported +for \s-1TLS\s0 1.3 +.IP "\fB\-dane_tlsa_domain\fR \fIdomain\fR" 4 +.IX Item "-dane_tlsa_domain domain" +Enable \s-1RFC6698/RFC7671\s0 \s-1DANE\s0 \s-1TLSA\s0 authentication and specify the +\&\s-1TLSA\s0 base domain which becomes the default \s-1SNI\s0 hint and the primary +reference identifier for hostname checks. This must be used in +combination with at least one instance of the \fB\-dane_tlsa_rrdata\fR +option below. +.Sp +When \s-1DANE\s0 authentication succeeds, the diagnostic output will include +the lowest (closest to 0) depth at which a \s-1TLSA\s0 record authenticated +a chain certificate. When that \s-1TLSA\s0 record is a \*(L"2 1 0\*(R" trust +anchor public key that signed (rather than matched) the top-most +certificate of the chain, the result is reported as \*(L"\s-1TA\s0 public key +verified\*(R". Otherwise, either the \s-1TLSA\s0 record \*(L"matched \s-1TA\s0 certificate\*(R" +at a positive depth or else \*(L"matched \s-1EE\s0 certificate\*(R" at depth 0. +.IP "\fB\-dane_tlsa_rrdata\fR \fIrrdata\fR" 4 +.IX Item "-dane_tlsa_rrdata rrdata" +Use one or more times to specify the \s-1RRDATA\s0 fields of the \s-1DANE\s0 \s-1TLSA\s0 +RRset associated with the target service. The \fIrrdata\fR value is +specified in \*(L"presentation form\*(R", that is four whitespace separated +fields that specify the usage, selector, matching type and associated +data, with the last of these encoded in hexadecimal. Optional +whitespace is ignored in the associated data field. For example: +.Sp +.Vb 12 +\& $ openssl s_client \-brief \-starttls smtp \e +\& \-connect smtp.example.com:25 \e +\& \-dane_tlsa_domain smtp.example.com \e +\& \-dane_tlsa_rrdata "2 1 1 +\& B111DD8A1C2091A89BD4FD60C57F0716CCE50FEEFF8137CDBEE0326E 02CF362B" \e +\& \-dane_tlsa_rrdata "2 1 1 +\& 60B87575447DCBA2A36B7D11AC09FB24A9DB406FEE12D2CC90180517 616E8A18" +\& ... +\& Verification: OK +\& Verified peername: smtp.example.com +\& DANE TLSA 2 1 1 ...ee12d2cc90180517616e8a18 matched TA certificate at depth 1 +\& ... +.Ve +.IP "\fB\-dane_ee_no_namechecks\fR" 4 +.IX Item "-dane_ee_no_namechecks" +This disables server name checks when authenticating via \s-1\fIDANE\-EE\s0\fR\|(3) \s-1TLSA\s0 +records. +For some applications, primarily web browsers, it is not safe to disable name +checks due to \*(L"unknown key share\*(R" attacks, in which a malicious server can +convince a client that a connection to a victim server is instead a secure +connection to the malicious server. +The malicious server may then be able to violate cross-origin scripting +restrictions. +Thus, despite the text of \s-1RFC7671\s0, name checks are by default enabled for +\&\s-1\fIDANE\-EE\s0\fR\|(3) \s-1TLSA\s0 records, and can be disabled in applications where it is safe +to do so. +In particular, \s-1SMTP\s0 and \s-1XMPP\s0 clients should set this option as \s-1SRV\s0 and \s-1MX\s0 +records already make it possible for a remote domain to redirect client +connections to any server of its choice, and in any case \s-1SMTP\s0 and \s-1XMPP\s0 clients +do not execute scripts downloaded from remote servers. +.IP "\fB\-reconnect\fR" 4 +.IX Item "-reconnect" +Reconnects to the same server 5 times using the same session \s-1ID\s0, this can +be used as a test that session caching is working. +.IP "\fB\-showcerts\fR" 4 +.IX Item "-showcerts" +Displays the server certificate list as sent by the server: it only consists of +certificates the server has sent (in the order the server has sent them). It is +\&\fBnot\fR a verified chain. +.IP "\fB\-prexit\fR" 4 +.IX Item "-prexit" +Print session information when the program exits. This will always attempt +to print out information even if the connection fails. Normally information +will only be printed out once if the connection succeeds. This option is useful +because the cipher in use may be renegotiated or the connection may fail +because a client certificate is required or is requested only after an +attempt is made to access a certain \s-1URL\s0. Note: the output produced by this +option is not always accurate because a connection might never have been +established. +.IP "\fB\-state\fR" 4 +.IX Item "-state" +Prints out the \s-1SSL\s0 session states. +.IP "\fB\-debug\fR" 4 +.IX Item "-debug" +Print extensive debugging information including a hex dump of all traffic. +.IP "\fB\-nocommands\fR" 4 +.IX Item "-nocommands" +Do not use interactive command letters. +.IP "\fB\-security_debug\fR" 4 +.IX Item "-security_debug" +Enable security debug messages. +.IP "\fB\-security_debug_verbose\fR" 4 +.IX Item "-security_debug_verbose" +Output more security debug output. +.IP "\fB\-msg\fR" 4 +.IX Item "-msg" +Show protocol messages. +.IP "\fB\-timeout\fR" 4 +.IX Item "-timeout" +Enable send/receive timeout on \s-1DTLS\s0 connections. +.IP "\fB\-mtu\fR \fIsize\fR" 4 +.IX Item "-mtu size" +Set \s-1MTU\s0 of the link layer to the specified size. +.IP "\fB\-keymatexport\fR \fIlabel\fR" 4 +.IX Item "-keymatexport label" +Export keying material using the specified label. +.IP "\fB\-keymatexportlen\fR \fIlen\fR" 4 +.IX Item "-keymatexportlen len" +Export the specified number of bytes of keying material; default is 20. +.Sp +Show all protocol messages with hex dump. +.IP "\fB\-trace\fR" 4 +.IX Item "-trace" +Show verbose trace output of protocol messages. OpenSSL needs to be compiled +with \fBenable-ssl-trace\fR for this option to work. +.IP "\fB\-msgfile\fR \fIfilename\fR" 4 +.IX Item "-msgfile filename" +File to send output of \fB\-msg\fR or \fB\-trace\fR to, default standard output. +.IP "\fB\-nbio_test\fR" 4 +.IX Item "-nbio_test" +Tests non-blocking I/O +.IP "\fB\-nbio\fR" 4 +.IX Item "-nbio" +Turns on non-blocking I/O +.IP "\fB\-crlf\fR" 4 +.IX Item "-crlf" +This option translated a line feed from the terminal into \s-1CR+LF\s0 as required +by some servers. +.IP "\fB\-ign_eof\fR" 4 +.IX Item "-ign_eof" +Inhibit shutting down the connection when end of file is reached in the +input. +.IP "\fB\-quiet\fR" 4 +.IX Item "-quiet" +Inhibit printing of session and certificate information. This implicitly +turns on \fB\-ign_eof\fR as well. +.IP "\fB\-no_ign_eof\fR" 4 +.IX Item "-no_ign_eof" +Shut down the connection when end of file is reached in the input. +Can be used to override the implicit \fB\-ign_eof\fR after \fB\-quiet\fR. +.IP "\fB\-psk_identity\fR \fIidentity\fR" 4 +.IX Item "-psk_identity identity" +Use the \s-1PSK\s0 identity \fIidentity\fR when using a \s-1PSK\s0 cipher suite. +The default value is \*(L"Client_identity\*(R" (without the quotes). +.IP "\fB\-psk\fR \fIkey\fR" 4 +.IX Item "-psk key" +Use the \s-1PSK\s0 key \fIkey\fR when using a \s-1PSK\s0 cipher suite. The key is +given as a hexadecimal number without leading 0x, for example \-psk +1a2b3c4d. +This option must be provided in order to use a \s-1PSK\s0 cipher. +.IP "\fB\-psk_session\fR \fIfile\fR" 4 +.IX Item "-psk_session file" +Use the pem encoded \s-1SSL_SESSION\s0 data stored in \fIfile\fR as the basis of a \s-1PSK\s0. +Note that this will only work if TLSv1.3 is negotiated. +.IP "\fB\-sctp\fR" 4 +.IX Item "-sctp" +Use \s-1SCTP\s0 for the transport protocol instead of \s-1UDP\s0 in \s-1DTLS\s0. Must be used in +conjunction with \fB\-dtls\fR, \fB\-dtls1\fR or \fB\-dtls1_2\fR. This option is only +available where OpenSSL has support for \s-1SCTP\s0 enabled. +.IP "\fB\-sctp_label_bug\fR" 4 +.IX Item "-sctp_label_bug" +Use the incorrect behaviour of older OpenSSL implementations when computing +endpoint-pair shared secrets for \s-1DTLS/SCTP\s0. This allows communication with +older broken implementations but breaks interoperability with correct +implementations. Must be used in conjunction with \fB\-sctp\fR. This option is only +available where OpenSSL has support for \s-1SCTP\s0 enabled. +.IP "\fB\-fallback_scsv\fR" 4 +.IX Item "-fallback_scsv" +Send \s-1TLS_FALLBACK_SCSV\s0 in the ClientHello. +.IP "\fB\-async\fR" 4 +.IX Item "-async" +Switch on asynchronous mode. Cryptographic operations will be performed +asynchronously. This will only have an effect if an asynchronous capable engine +is also used via the \fB\-engine\fR option. For test purposes the dummy async engine +(dasync) can be used (if available). +.IP "\fB\-maxfraglen\fR \fIlen\fR" 4 +.IX Item "-maxfraglen len" +Enable Maximum Fragment Length Negotiation; allowed values are +\&\f(CW512\fR, \f(CW1024\fR, \f(CW2048\fR, and \f(CW4096\fR. +.IP "\fB\-max_send_frag\fR \fIint\fR" 4 +.IX Item "-max_send_frag int" +The maximum size of data fragment to send. +See \fISSL_CTX_set_max_send_fragment\fR\|(3) for further information. +.IP "\fB\-split_send_frag\fR \fIint\fR" 4 +.IX Item "-split_send_frag int" +The size used to split data for encrypt pipelines. If more data is written in +one go than this value then it will be split into multiple pipelines, up to the +maximum number of pipelines defined by max_pipelines. This only has an effect if +a suitable cipher suite has been negotiated, an engine that supports pipelining +has been loaded, and max_pipelines is greater than 1. See +\&\fISSL_CTX_set_split_send_fragment\fR\|(3) for further information. +.IP "\fB\-max_pipelines\fR \fIint\fR" 4 +.IX Item "-max_pipelines int" +The maximum number of encrypt/decrypt pipelines to be used. This will only have +an effect if an engine has been loaded that supports pipelining (e.g. the dasync +engine) and a suitable cipher suite has been negotiated. The default value is 1. +See \fISSL_CTX_set_max_pipelines\fR\|(3) for further information. +.IP "\fB\-read_buf\fR \fIint\fR" 4 +.IX Item "-read_buf int" +The default read buffer size to be used for connections. This will only have an +effect if the buffer size is larger than the size that would otherwise be used +and pipelining is in use (see \fISSL_CTX_set_default_read_buffer_len\fR\|(3) for +further information). +.IP "\fB\-bugs\fR" 4 +.IX Item "-bugs" +There are several known bugs in \s-1SSL\s0 and \s-1TLS\s0 implementations. Adding this +option enables various workarounds. +.IP "\fB\-comp\fR" 4 +.IX Item "-comp" +Enables support for \s-1SSL/TLS\s0 compression. +This option was introduced in OpenSSL 1.1.0. +\&\s-1TLS\s0 compression is not recommended and is off by default as of +OpenSSL 1.1.0. +.IP "\fB\-no_comp\fR" 4 +.IX Item "-no_comp" +Disables support for \s-1SSL/TLS\s0 compression. +\&\s-1TLS\s0 compression is not recommended and is off by default as of +OpenSSL 1.1.0. +.IP "\fB\-brief\fR" 4 +.IX Item "-brief" +Only provide a brief summary of connection parameters instead of the +normal verbose output. +.IP "\fB\-sigalgs\fR \fIsigalglist\fR" 4 +.IX Item "-sigalgs sigalglist" +Specifies the list of signature algorithms that are sent by the client. +The server selects one entry in the list based on its preferences. +For example strings, see \fISSL_CTX_set1_sigalgs\fR\|(3) +.IP "\fB\-curves\fR \fIcurvelist\fR" 4 +.IX Item "-curves curvelist" +Specifies the list of supported curves to be sent by the client. The curve is +ultimately selected by the server. For a list of all curves, use: +.Sp +.Vb 1 +\& $ openssl ecparam \-list_curves +.Ve +.IP "\fB\-cipher\fR \fIcipherlist\fR" 4 +.IX Item "-cipher cipherlist" +This allows the TLSv1.2 and below cipher list sent by the client to be modified. +This list will be combined with any TLSv1.3 ciphersuites that have been +configured. Although the server determines which ciphersuite is used it should +take the first supported cipher in the list sent by the client. See +\&\fIopenssl\-ciphers\fR\|(1) for more information. +.IP "\fB\-ciphersuites\fR \fIval\fR" 4 +.IX Item "-ciphersuites val" +This allows the TLSv1.3 ciphersuites sent by the client to be modified. This +list will be combined with any TLSv1.2 and below ciphersuites that have been +configured. Although the server determines which cipher suite is used it should +take the first supported cipher in the list sent by the client. See +\&\fIopenssl\-ciphers\fR\|(1) for more information. The format for this list is a simple +colon (\*(L":\*(R") separated list of TLSv1.3 ciphersuite names. +.IP "\fB\-starttls\fR \fIprotocol\fR" 4 +.IX Item "-starttls protocol" +Send the protocol-specific message(s) to switch to \s-1TLS\s0 for communication. +\&\fIprotocol\fR is a keyword for the intended protocol. Currently, the only +supported keywords are \*(L"smtp\*(R", \*(L"pop3\*(R", \*(L"imap\*(R", \*(L"ftp\*(R", \*(L"xmpp\*(R", \*(L"xmpp-server\*(R", +\&\*(L"irc\*(R", \*(L"postgres\*(R", \*(L"mysql\*(R", \*(L"lmtp\*(R", \*(L"nntp\*(R", \*(L"sieve\*(R" and \*(L"ldap\*(R". +.IP "\fB\-xmpphost\fR \fIhostname\fR" 4 +.IX Item "-xmpphost hostname" +This option, when used with \*(L"\-starttls xmpp\*(R" or \*(L"\-starttls xmpp-server\*(R", +specifies the host for the \*(L"to\*(R" attribute of the stream element. +If this option is not specified, then the host specified with \*(L"\-connect\*(R" +will be used. +.Sp +This option is an alias of the \fB\-name\fR option for \*(L"xmpp\*(R" and \*(L"xmpp-server\*(R". +.IP "\fB\-name\fR \fIhostname\fR" 4 +.IX Item "-name hostname" +This option is used to specify hostname information for various protocols +used with \fB\-starttls\fR option. Currently only \*(L"xmpp\*(R", \*(L"xmpp-server\*(R", +\&\*(L"smtp\*(R" and \*(L"lmtp\*(R" can utilize this \fB\-name\fR option. +.Sp +If this option is used with \*(L"\-starttls xmpp\*(R" or \*(L"\-starttls xmpp-server\*(R", +if specifies the host for the \*(L"to\*(R" attribute of the stream element. If this +option is not specified, then the host specified with \*(L"\-connect\*(R" will be used. +.Sp +If this option is used with \*(L"\-starttls lmtp\*(R" or \*(L"\-starttls smtp\*(R", it specifies +the name to use in the \*(L"\s-1LMTP\s0 \s-1LHLO\s0\*(R" or \*(L"\s-1SMTP\s0 \s-1EHLO\s0\*(R" message, respectively. If +this option is not specified, then \*(L"mail.example.com\*(R" will be used. +.IP "\fB\-tlsextdebug\fR" 4 +.IX Item "-tlsextdebug" +Print out a hex dump of any \s-1TLS\s0 extensions received from the server. +.IP "\fB\-no_ticket\fR" 4 +.IX Item "-no_ticket" +Disable RFC4507bis session ticket support. +.IP "\fB\-sess_out\fR \fIfilename\fR" 4 +.IX Item "-sess_out filename" +Output \s-1SSL\s0 session to \fIfilename\fR. +.IP "\fB\-sess_in\fR \fIfilename\fR" 4 +.IX Item "-sess_in filename" +Load \s-1SSL\s0 session from \fIfilename\fR. The client will attempt to resume a +connection from this session. +.IP "\fB\-serverinfo\fR \fItypes\fR" 4 +.IX Item "-serverinfo types" +A list of comma-separated \s-1TLS\s0 Extension Types (numbers between 0 and +65535). Each type will be sent as an empty ClientHello \s-1TLS\s0 Extension. +The server's response (if any) will be encoded and displayed as a \s-1PEM\s0 +file. +.IP "\fB\-status\fR" 4 +.IX Item "-status" +Sends a certificate status request to the server (\s-1OCSP\s0 stapling). The server +response (if any) is printed out. +.IP "\fB\-alpn\fR \fIprotocols\fR, \fB\-nextprotoneg\fR \fIprotocols\fR" 4 +.IX Item "-alpn protocols, -nextprotoneg protocols" +These flags enable the Enable the Application-Layer Protocol Negotiation +or Next Protocol Negotiation (\s-1NPN\s0) extension, respectively. \s-1ALPN\s0 is the +\&\s-1IETF\s0 standard and replaces \s-1NPN\s0. +The \fIprotocols\fR list is a comma-separated list of protocol names that +the client should advertise support for. The list should contain the most +desirable protocols first. Protocol names are printable \s-1ASCII\s0 strings, +for example \*(L"http/1.1\*(R" or \*(L"spdy/3\*(R". +An empty list of protocols is treated specially and will cause the +client to advertise support for the \s-1TLS\s0 extension but disconnect just +after receiving ServerHello with a list of server supported protocols. +The flag \fB\-nextprotoneg\fR cannot be specified if \fB\-tls1_3\fR is used. +.IP "\fB\-ct\fR, \fB\-noct\fR" 4 +.IX Item "-ct, -noct" +Use one of these two options to control whether Certificate Transparency (\s-1CT\s0) +is enabled (\fB\-ct\fR) or disabled (\fB\-noct\fR). +If \s-1CT\s0 is enabled, signed certificate timestamps (SCTs) will be requested from +the server and reported at handshake completion. +.Sp +Enabling \s-1CT\s0 also enables \s-1OCSP\s0 stapling, as this is one possible delivery method +for SCTs. +.IP "\fB\-ctlogfile\fR" 4 +.IX Item "-ctlogfile" +A file containing a list of known Certificate Transparency logs. See +\&\fISSL_CTX_set_ctlog_list_file\fR\|(3) for the expected file format. +.IP "\fB\-keylogfile\fR \fIfile\fR" 4 +.IX Item "-keylogfile file" +Appends \s-1TLS\s0 secrets to the specified keylog file such that external programs +(like Wireshark) can decrypt \s-1TLS\s0 connections. +.IP "\fB\-early_data\fR \fIfile\fR" 4 +.IX Item "-early_data file" +Reads the contents of the specified file and attempts to send it as early data +to the server. This will only work with resumed sessions that support early +data and when the server accepts the early data. +.IP "\fB\-enable_pha\fR" 4 +.IX Item "-enable_pha" +For TLSv1.3 only, send the Post-Handshake Authentication extension. This will +happen whether or not a certificate has been provided via \fB\-cert\fR. +.IP "\fB\-use_srtp\fR \fIvalue\fR" 4 +.IX Item "-use_srtp value" +Offer \s-1SRTP\s0 key management, where \fBvalue\fR is a colon-separated profile list. +.IP "\fB\-srpuser\fR \fIvalue\fR" 4 +.IX Item "-srpuser value" +Set the \s-1SRP\s0 username to the specified value. +.IP "\fB\-srppass\fR \fIvalue\fR" 4 +.IX Item "-srppass value" +Set the \s-1SRP\s0 password to the specified value. +.IP "\fB\-srp_lateuser\fR" 4 +.IX Item "-srp_lateuser" +\&\s-1SRP\s0 username for the second ClientHello message. +.IP "\fB\-srp_moregroups\fR" 4 +.IX Item "-srp_moregroups" +Tolerate other than the known \fBg\fR and \fBN\fR values. +.IP "\fB\-srp_strength\fR \fInumber\fR" 4 +.IX Item "-srp_strength number" +Set the minimal acceptable length, in bits, for \fBN\fR. +.IP "\fB\-no_ssl3\fR, \fB\-no_tls1\fR, \fB\-no_tls1_1\fR, \fB\-no_tls1_2\fR, \fB\-no_tls1_3\fR, \fB\-ssl3\fR, \fB\-tls1\fR, \fB\-tls1_1\fR, \fB\-tls1_2\fR, \fB\-tls1_3\fR" 4 +.IX Item "-no_ssl3, -no_tls1, -no_tls1_1, -no_tls1_2, -no_tls1_3, -ssl3, -tls1, -tls1_1, -tls1_2, -tls1_3" +See \*(L"\s-1TLS\s0 Version Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-dtls\fR, \fB\-dtls1\fR, \fB\-dtls1_2\fR" 4 +.IX Item "-dtls, -dtls1, -dtls1_2" +These specify the use of \s-1DTLS\s0 instead of \s-1TLS\s0. +See \*(L"\s-1TLS\s0 Version Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-nameopt\fR \fIoption\fR" 4 +.IX Item "-nameopt option" +This specifies how the subject or issuer names are displayed. +See \*(L"Name Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fBxkey\fR \fIinfile\fR, \fB\-xcert\fR \fIfile\fR, \fB\-xchain\fR \fIfile\fR, \fB\-xchain_build\fR \fIfile\fR, \fB\-xcertform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR, \fB\-xkeyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IX Item "xkey infile, -xcert file, -xchain file, -xchain_build file, -xcertform DER|PEM, -xkeyform DER|PEM" +Set extended certificate verification options. +See \*(L"Extended Verification Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-CAfile\fR \fIfile\fR, \fB\-no\-CAfile\fR, \fB\-CApath\fR \fIdir\fR, \fB\-no\-CApath\fR, \fB\-CAstore\fR \fIuri\fR, \fB\-no\-CAstore\fR" 4 +.IX Item "-CAfile file, -no-CAfile, -CApath dir, -no-CApath, -CAstore uri, -no-CAstore" +See \*(L"Trusted Certificate Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-bugs\fR, \fB\-comp\fR, \fB\-no_comp\fR, \fB\-no_ticket\fR, \fB\-serverpref\fR, \fB\-legacy_renegotiation\fR, \fB\-no_renegotiation\fR, \fB\-no_resumption_on_reneg\fR, \fB\-legacy_server_connect\fR, \fB\-no_legacy_server_connect\fR, \fB\-allow_no_dhe_kex\fR, \fB\-prioritize_chacha\fR, \fB\-strict\fR, \fB\-sigalgs\fR \fIalgs\fR, \fB\-client_sigalgs\fR \fIalgs\fR, \fB\-groups\fR \fIgroups\fR, \fB\-curves\fR \fIcurves\fR, \fB\-named_curve\fR \fIcurve\fR, \fB\-cipher\fR \fIciphers\fR, \fB\-ciphersuites\fR \fI1.3ciphers\fR, \fB\-min_protocol\fR \fIminprot\fR, \fB\-max_protocol\fR \fImaxprot\fR, \fB\-record_padding\fR \fIpadding\fR, \fB\-debug_broken_protocol\fR, \fB\-no_middlebox\fR" 4 +.IX Item "-bugs, -comp, -no_comp, -no_ticket, -serverpref, -legacy_renegotiation, -no_renegotiation, -no_resumption_on_reneg, -legacy_server_connect, -no_legacy_server_connect, -allow_no_dhe_kex, -prioritize_chacha, -strict, -sigalgs algs, -client_sigalgs algs, -groups groups, -curves curves, -named_curve curve, -cipher ciphers, -ciphersuites 1.3ciphers, -min_protocol minprot, -max_protocol maxprot, -record_padding padding, -debug_broken_protocol, -no_middlebox" +See \*(L"\s-1SUPPORTED\s0 \s-1COMMAND\s0 \s-1LINE\s0 \s-1COMMANDS\s0\*(R" in \fISSL_CONF_cmd\fR\|(3) for details. +.IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 +.IX Item "-rand files, -writerand file" +See \*(L"Random State Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +See \*(L"Engine Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-ssl_client_engine\fR \fIid\fR" 4 +.IX Item "-ssl_client_engine id" +Specify engine to be used for client certificate operations. +.IP "\fB\-allow_proxy_certs\fR, \fB\-attime\fR, \fB\-no_check_time\fR, \fB\-check_ss_sig\fR, \fB\-crl_check\fR, \fB\-crl_check_all\fR, \fB\-explicit_policy\fR, \fB\-extended_crl\fR, \fB\-ignore_critical\fR, \fB\-inhibit_any\fR, \fB\-inhibit_map\fR, \fB\-no_alt_chains\fR, \fB\-partial_chain\fR, \fB\-policy\fR, \fB\-policy_check\fR, \fB\-policy_print\fR, \fB\-purpose\fR, \fB\-suiteB_128\fR, \fB\-suiteB_128_only\fR, \fB\-suiteB_192\fR, \fB\-trusted_first\fR, \fB\-use_deltas\fR, \fB\-auth_level\fR, \fB\-verify_depth\fR, \fB\-verify_email\fR, \fB\-verify_hostname\fR, \fB\-verify_ip\fR, \fB\-verify_name\fR, \fB\-x509_strict\fR \fB\-issuer_checks\fR" 4 +.IX Item "-allow_proxy_certs, -attime, -no_check_time, -check_ss_sig, -crl_check, -crl_check_all, -explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, -inhibit_map, -no_alt_chains, -partial_chain, -policy, -policy_check, -policy_print, -purpose, -suiteB_128, -suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, -auth_level, -verify_depth, -verify_email, -verify_hostname, -verify_ip, -verify_name, -x509_strict -issuer_checks" +Set various options of certificate chain verification. +See \*(L"Verification Options\*(R" in \fIopenssl\fR\|(1) for details. +.Sp +Verification errors are displayed, for debugging, but the command will +proceed unless the \fB\-verify_return_error\fR option is used. +.IP "\fIhost\fR:\fIport\fR" 4 +.IX Item "host:port" +Rather than providing \fB\-connect\fR, the target hostname and optional port may +be provided as a single positional argument after all options. If neither this +nor \fB\-connect\fR are provided, falls back to attempting to connect to +\&\fIlocalhost\fR on port \fI4433\fR. +.SH "CONNECTED COMMANDS" +.IX Header "CONNECTED COMMANDS" +If a connection is established with an \s-1SSL\s0 server then any data received +from the server is displayed and any key presses will be sent to the +server. If end of file is reached then the connection will be closed down. When +used interactively (which means neither \fB\-quiet\fR nor \fB\-ign_eof\fR have been +given), then certain commands are also recognized which perform special +operations. These commands are a letter which must appear at the start of a +line. They are listed below. +.IP "\fBQ\fR" 4 +.IX Item "Q" +End the current \s-1SSL\s0 connection and exit. +.IP "\fBR\fR" 4 +.IX Item "R" +Renegotiate the \s-1SSL\s0 session (TLSv1.2 and below only). +.IP "\fBk\fR" 4 +.IX Item "k" +Send a key update message to the server (TLSv1.3 only) +.IP "\fBK\fR" 4 +.IX Item "K" +Send a key update message to the server and request one back (TLSv1.3 only) +.SH "NOTES" +.IX Header "NOTES" +This command can be used to debug \s-1SSL\s0 servers. To connect to an \s-1SSL\s0 \s-1HTTP\s0 +server the command: +.PP +.Vb 1 +\& openssl s_client \-connect servername:443 +.Ve +.PP +would typically be used (https uses port 443). If the connection succeeds +then an \s-1HTTP\s0 command can be given such as \*(L"\s-1GET\s0 /\*(R" to retrieve a web page. +.PP +If the handshake fails then there are several possible causes, if it is +nothing obvious like no client certificate then the \fB\-bugs\fR, +\&\fB\-ssl3\fR, \fB\-tls1\fR, \fB\-no_ssl3\fR, \fB\-no_tls1\fR options can be tried +in case it is a buggy server. In particular you should play with these +options \fBbefore\fR submitting a bug report to an OpenSSL mailing list. +.PP +A frequent problem when attempting to get client certificates working +is that a web client complains it has no certificates or gives an empty +list to choose from. This is normally because the server is not sending +the clients certificate authority in its \*(L"acceptable \s-1CA\s0 list\*(R" when it +requests a certificate. By using this command, the \s-1CA\s0 list can be viewed +and checked. However some servers only request client authentication +after a specific \s-1URL\s0 is requested. To obtain the list in this case it +is necessary to use the \fB\-prexit\fR option and send an \s-1HTTP\s0 request +for an appropriate page. +.PP +If a certificate is specified on the command line using the \fB\-cert\fR +option it will not be used unless the server specifically requests +a client certificate. Therefor merely including a client certificate +on the command line is no guarantee that the certificate works. +.PP +If there are problems verifying a server certificate then the +\&\fB\-showcerts\fR option can be used to show all the certificates sent by the +server. +.PP +This command is a test tool and is designed to continue the +handshake after any certificate verification errors. As a result it will +accept any certificate chain (trusted or not) sent by the peer. None test +applications should \fBnot\fR do this as it makes them vulnerable to a \s-1MITM\s0 +attack. This behaviour can be changed by with the \fB\-verify_return_error\fR +option: any verify errors are then returned aborting the handshake. +.PP +The \fB\-bind\fR option may be useful if the server or a firewall requires +connections to come from some particular address and or port. +.SH "BUGS" +.IX Header "BUGS" +Because this program has a lot of options and also because some of the +techniques used are rather old, the C source for this command is rather +hard to read and not a model of how things should be done. +A typical \s-1SSL\s0 client program would be much simpler. +.PP +The \fB\-prexit\fR option is a bit of a hack. We should really report +information whenever a session is renegotiated. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIopenssl\-sess_id\fR\|(1), +\&\fIopenssl\-s_server\fR\|(1), +\&\fIopenssl\-ciphers\fR\|(1), +\&\fISSL_CONF_cmd\fR\|(3), +\&\fISSL_CTX_set_max_send_fragment\fR\|(3), +\&\fISSL_CTX_set_split_send_fragment\fR\|(3), +\&\fISSL_CTX_set_max_pipelines\fR\|(3), +\&\fIossl_store\-file\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \fB\-no_alt_chains\fR option was added in OpenSSL 1.1.0. +The \fB\-name\fR option was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man1/openssl-s_server.1 b/linux_amd64/share/man/man1/openssl-s_server.1 new file mode 100755 index 0000000..5b531de --- /dev/null +++ b/linux_amd64/share/man/man1/openssl-s_server.1 @@ -0,0 +1,884 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-S_SERVER 1" +.TH OPENSSL-S_SERVER 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-s_server \- SSL/TLS server program +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBs_server\fR +[\fB\-help\fR] +[\fB\-port\fR \fI+int\fR] +[\fB\-accept\fR \fIval\fR] +[\fB\-unix\fR \fIval\fR] +[\fB\-4\fR] +[\fB\-6\fR] +[\fB\-unlink\fR] +[\fB\-context\fR \fIval\fR] +[\fB\-verify\fR \fIint\fR] +[\fB\-Verify\fR \fIint\fR] +[\fB\-cert\fR \fIinfile\fR] +[\fB\-naccept\fR \fI+int\fR] +[\fB\-serverinfo\fR \fIval\fR] +[\fB\-certform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-key\fR \fIinfile\fR] +[\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-pass\fR \fIval\fR] +[\fB\-dcert\fR \fIinfile\fR] +[\fB\-dcertform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-dkey\fR \fIinfile\fR] +[\fB\-dkeyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-dpass\fR \fIval\fR] +[\fB\-nbio_test\fR] +[\fB\-crlf\fR] +[\fB\-debug\fR] +[\fB\-msg\fR] +[\fB\-msgfile\fR \fIoutfile\fR] +[\fB\-state\fR] +[\fB\-nocert\fR] +[\fB\-quiet\fR] +[\fB\-no_resume_ephemeral\fR] +[\fB\-www\fR] +[\fB\-WWW\fR] +[\fB\-http_server_binmode\fR] +[\fB\-servername\fR] +[\fB\-servername_fatal\fR] +[\fB\-cert2\fR \fIinfile\fR] +[\fB\-key2\fR \fIinfile\fR] +[\fB\-tlsextdebug\fR] +[\fB\-HTTP\fR] +[\fB\-id_prefix\fR \fIval\fR] +[\fB\-keymatexport\fR \fIval\fR] +[\fB\-keymatexportlen\fR \fI+int\fR] +[\fB\-CRLform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-CRL\fR \fIinfile\fR] +[\fB\-crl_download\fR] +[\fB\-cert_chain\fR \fIinfile\fR] +[\fB\-dcert_chain\fR \fIinfile\fR] +[\fB\-chainCApath\fR \fIdir\fR] +[\fB\-verifyCApath\fR \fIdir\fR] +[\fB\-chainCAstore\fR \fIuri\fR] +[\fB\-verifyCAstore\fR \fIuri\fR] +[\fB\-no_cache\fR] +[\fB\-ext_cache\fR] +[\fB\-verify_return_error\fR] +[\fB\-verify_quiet\fR] +[\fB\-build_chain\fR] +[\fB\-chainCAfile\fR \fIinfile\fR] +[\fB\-verifyCAfile\fR \fIinfile\fR] +[\fB\-ign_eof\fR] +[\fB\-no_ign_eof\fR] +[\fB\-status\fR] +[\fB\-status_verbose\fR] +[\fB\-status_timeout\fR \fIint\fR] +[\fB\-status_url\fR \fIval\fR] +[\fB\-status_file\fR \fIinfile\fR] +[\fB\-trace\fR] +[\fB\-security_debug\fR] +[\fB\-security_debug_verbose\fR] +[\fB\-brief\fR] +[\fB\-rev\fR] +[\fB\-async\fR] +[\fB\-ssl_config\fR \fIval\fR] +[\fB\-max_send_frag\fR \fI+int\fR] +[\fB\-split_send_frag\fR \fI+int\fR] +[\fB\-max_pipelines\fR \fI+int\fR] +[\fB\-read_buf\fR \fI+int\fR] +[\fB\-bugs\fR] +[\fB\-no_comp\fR] +[\fB\-comp\fR] +[\fB\-no_ticket\fR] +[\fB\-serverpref\fR] +[\fB\-legacy_renegotiation\fR] +[\fB\-no_renegotiation\fR] +[\fB\-legacy_server_connect\fR] +[\fB\-no_resumption_on_reneg\fR] +[\fB\-no_legacy_server_connect\fR] +[\fB\-allow_no_dhe_kex\fR] +[\fB\-prioritize_chacha\fR] +[\fB\-strict\fR] +[\fB\-sigalgs\fR \fIval\fR] +[\fB\-client_sigalgs\fR \fIval\fR] +[\fB\-groups\fR \fIval\fR] +[\fB\-curves\fR \fIval\fR] +[\fB\-named_curve\fR \fIval\fR] +[\fB\-cipher\fR \fIval\fR] +[\fB\-ciphersuites\fR \fIval\fR] +[\fB\-dhparam\fR \fIinfile\fR] +[\fB\-record_padding\fR \fIval\fR] +[\fB\-debug_broken_protocol\fR] +[\fB\-nbio\fR] +[\fB\-psk_identity\fR \fIval\fR] +[\fB\-psk_hint\fR \fIval\fR] +[\fB\-psk\fR \fIval\fR] +[\fB\-psk_session\fR \fIfile\fR] +[\fB\-srpvfile\fR \fIinfile\fR] +[\fB\-srpuserseed\fR \fIval\fR] +[\fB\-timeout\fR] +[\fB\-mtu\fR \fI+int\fR] +[\fB\-listen\fR] +[\fB\-sctp\fR] +[\fB\-sctp_label_bug\fR] +[\fB\-no_dhe\fR] +[\fB\-nextprotoneg\fR \fIval\fR] +[\fB\-use_srtp\fR \fIval\fR] +[\fB\-alpn\fR \fIval\fR] +[\fB\-keylogfile\fR \fIoutfile\fR] +[\fB\-recv_max_early_data\fR \fIint\fR] +[\fB\-max_early_data\fR \fIint\fR] +[\fB\-early_data\fR] +[\fB\-stateless\fR] +[\fB\-anti_replay\fR] +[\fB\-no_anti_replay\fR] +[\fB\-num_tickets\fR] +[\fB\-nameopt\fR \fIoption\fR] +[\fB\-no_ssl3\fR] +[\fB\-no_tls1\fR] +[\fB\-no_tls1_1\fR] +[\fB\-no_tls1_2\fR] +[\fB\-no_tls1_3\fR] +[\fB\-ssl3\fR] +[\fB\-tls1\fR] +[\fB\-tls1_1\fR] +[\fB\-tls1_2\fR] +[\fB\-tls1_3\fR] +[\fB\-dtls\fR] +[\fB\-dtls1\fR] +[\fB\-dtls1_2\fR] +[\fB\-allow_proxy_certs\fR] +[\fB\-attime\fR \fItimestamp\fR] +[\fB\-no_check_time\fR] +[\fB\-check_ss_sig\fR] +[\fB\-crl_check\fR] +[\fB\-crl_check_all\fR] +[\fB\-explicit_policy\fR] +[\fB\-extended_crl\fR] +[\fB\-ignore_critical\fR] +[\fB\-inhibit_any\fR] +[\fB\-inhibit_map\fR] +[\fB\-partial_chain\fR] +[\fB\-policy\fR \fIarg\fR] +[\fB\-policy_check\fR] +[\fB\-policy_print\fR] +[\fB\-purpose\fR \fIpurpose\fR] +[\fB\-suiteB_128\fR] +[\fB\-suiteB_128_only\fR] +[\fB\-suiteB_192\fR] +[\fB\-trusted_first\fR] +[\fB\-no_alt_chains\fR] +[\fB\-use_deltas\fR] +[\fB\-auth_level\fR \fInum\fR] +[\fB\-verify_depth\fR \fInum\fR] +[\fB\-verify_email\fR \fIemail\fR] +[\fB\-verify_hostname\fR \fIhostname\fR] +[\fB\-verify_ip\fR \fIip\fR] +[\fB\-verify_name\fR \fIname\fR] +[\fB\-x509_strict\fR] +[\fB\-issuer_checks\fR] +.PP +[\fB\-bugs\fR] +[\fB\-no_comp\fR] +[\fB\-comp\fR] +[\fB\-no_ticket\fR] +[\fB\-serverpref\fR] +[\fB\-legacy_renegotiation\fR] +[\fB\-no_renegotiation\fR] +[\fB\-no_resumption_on_reneg\fR] +[\fB\-legacy_server_connect\fR] +[\fB\-no_legacy_server_connect\fR] +[\fB\-allow_no_dhe_kex\fR] +[\fB\-prioritize_chacha\fR] +[\fB\-strict\fR] +[\fB\-sigalgs\fR \fIalgs\fR] +[\fB\-client_sigalgs\fR \fIalgs\fR] +[\fB\-groups\fR \fIgroups\fR] +[\fB\-curves\fR \fIcurves\fR] +[\fB\-named_curve\fR \fIcurve\fR] +[\fB\-cipher\fR \fIciphers\fR] +[\fB\-ciphersuites\fR \fI1.3ciphers\fR] +[\fB\-min_protocol\fR \fIminprot\fR] +[\fB\-max_protocol\fR \fImaxprot\fR] +[\fB\-record_padding\fR \fIpadding\fR] +[\fB\-debug_broken_protocol\fR] +[\fB\-no_middlebox\fR] +[\fB\-xkey\fR] \fIinfile\fR +[\fB\-xcert\fR \fIfile\fR] +[\fB\-xchain\fR] \fIfile\fR +[\fB\-xchain_build\fR] \fIfile\fR +[\fB\-xcertform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR]> +[\fB\-xkeyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR]> +[\fB\-CAfile\fR \fIfile\fR] +[\fB\-no\-CAfile\fR] +[\fB\-CApath\fR \fIdir\fR] +[\fB\-no\-CApath\fR] +[\fB\-CAstore\fR \fIuri\fR] +[\fB\-no\-CAstore\fR] +[\fB\-rand\fR \fIfiles\fR] +[\fB\-writerand\fR \fIfile\fR] +[\fB\-engine\fR \fIid\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command implements a generic \s-1SSL/TLS\s0 server which +listens for connections on a given port using \s-1SSL/TLS\s0. +.SH "OPTIONS" +.IX Header "OPTIONS" +In addition to the options below, this command also supports +the common and server only options documented +\&\*(L"Supported Command Line Commands\*(R" in \fISSL_CONF_cmd\fR\|(3) +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-port\fR \fI+int\fR" 4 +.IX Item "-port +int" +The \s-1TCP\s0 port to listen on for connections. If not specified 4433 is used. +.IP "\fB\-accept\fR \fIval\fR" 4 +.IX Item "-accept val" +The optional \s-1TCP\s0 host and port to listen on for connections. If not specified, *:4433 is used. +.IP "\fB\-unix\fR \fIval\fR" 4 +.IX Item "-unix val" +Unix domain socket to accept on. +.IP "\fB\-4\fR" 4 +.IX Item "-4" +Use IPv4 only. +.IP "\fB\-6\fR" 4 +.IX Item "-6" +Use IPv6 only. +.IP "\fB\-unlink\fR" 4 +.IX Item "-unlink" +For \-unix, unlink any existing socket first. +.IP "\fB\-context\fR \fIval\fR" 4 +.IX Item "-context val" +Sets the \s-1SSL\s0 context id. It can be given any string value. If this option +is not present a default value will be used. +.IP "\fB\-verify\fR \fIint\fR, \fB\-Verify\fR \fIint\fR" 4 +.IX Item "-verify int, -Verify int" +The verify depth to use. This specifies the maximum length of the +client certificate chain and makes the server request a certificate from +the client. With the \fB\-verify\fR option a certificate is requested but the +client does not have to send one, with the \fB\-Verify\fR option the client +must supply a certificate or an error occurs. +.Sp +If the cipher suite cannot request a client certificate (for example an +anonymous cipher suite or \s-1PSK\s0) this option has no effect. +.IP "\fB\-cert\fR \fIinfile\fR" 4 +.IX Item "-cert infile" +The certificate to use, most servers cipher suites require the use of a +certificate and some require a certificate with a certain public key type: +for example the \s-1DSS\s0 cipher suites require a certificate containing a \s-1DSS\s0 +(\s-1DSA\s0) key. If not specified then the filename \fIserver.pem\fR will be used. +.IP "\fB\-cert_chain\fR" 4 +.IX Item "-cert_chain" +A file containing trusted certificates to use when attempting to build the +client/server certificate chain related to the certificate specified via the +\&\fB\-cert\fR option. +.IP "\fB\-build_chain\fR" 4 +.IX Item "-build_chain" +Specify whether the application should build the certificate chain to be +provided to the client. +.IP "\fB\-naccept\fR \fI+int\fR" 4 +.IX Item "-naccept +int" +The server will exit after receiving the specified number of connections, +default unlimited. +.IP "\fB\-serverinfo\fR \fIval\fR" 4 +.IX Item "-serverinfo val" +A file containing one or more blocks of \s-1PEM\s0 data. Each \s-1PEM\s0 block +must encode a \s-1TLS\s0 ServerHello extension (2 bytes type, 2 bytes length, +followed by \*(L"length\*(R" bytes of extension data). If the client sends +an empty \s-1TLS\s0 ClientHello extension matching the type, the corresponding +ServerHello extension will be returned. +.IP "\fB\-certform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR, \fB\-CRLForm\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IX Item "-certform DER|PEM, -CRLForm DER|PEM" +The certificate and \s-1CRL\s0 format; the default is \s-1PEM\s0. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-key\fR \fIinfile\fR" 4 +.IX Item "-key infile" +The private key to use. If not specified then the certificate file will +be used. +.IP "\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IX Item "-keyform DER|PEM" +The key format; the default is \fB\s-1PEM\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-pass\fR \fIval\fR" 4 +.IX Item "-pass val" +The private key password source. +For more information about the format of \fIval\fR, +see \*(L"Pass Phrase Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-dcert\fR \fIinfile\fR, \fB\-dkey\fR \fIinfile\fR" 4 +.IX Item "-dcert infile, -dkey infile" +Specify an additional certificate and private key, these behave in the +same manner as the \fB\-cert\fR and \fB\-key\fR options except there is no default +if they are not specified (no additional certificate and key is used). As +noted above some cipher suites require a certificate containing a key of +a certain type. Some cipher suites need a certificate carrying an \s-1RSA\s0 key +and some a \s-1DSS\s0 (\s-1DSA\s0) key. By using \s-1RSA\s0 and \s-1DSS\s0 certificates and keys +a server can support clients which only support \s-1RSA\s0 or \s-1DSS\s0 cipher suites +by using an appropriate certificate. +.IP "\fB\-dcert_chain\fR" 4 +.IX Item "-dcert_chain" +A file containing trusted certificates to use when attempting to build the +server certificate chain when a certificate specified via the \fB\-dcert\fR option +is in use. +.IP "\fB\-dcertform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR, \fB\-dkeyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IX Item "-dcertform DER|PEM, -dkeyform DER|PEM" +The format of the certificate and private key; the default is \fB\s-1PEM\s0\fR +see \*(L"Format Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-dpass\fR \fIval\fR" 4 +.IX Item "-dpass val" +The passphrase for the additional private key. +For more information about the format of \fIval\fR, +see \*(L"Pass Phrase Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-nbio_test\fR" 4 +.IX Item "-nbio_test" +Tests non blocking I/O. +.IP "\fB\-crlf\fR" 4 +.IX Item "-crlf" +This option translated a line feed from the terminal into \s-1CR+LF\s0. +.IP "\fB\-debug\fR" 4 +.IX Item "-debug" +Print extensive debugging information including a hex dump of all traffic. +.IP "\fB\-msg\fR" 4 +.IX Item "-msg" +Show all protocol messages with hex dump. +.IP "\fB\-msgfile\fR \fIoutfile\fR" 4 +.IX Item "-msgfile outfile" +File to send output of \fB\-msg\fR or \fB\-trace\fR to, default standard output. +.IP "\fB\-state\fR" 4 +.IX Item "-state" +Prints the \s-1SSL\s0 session states. +.IP "\fB\-chainCApath\fR \fIdir\fR" 4 +.IX Item "-chainCApath dir" +The directory to use for building the chain provided to the client. This +directory must be in \*(L"hash format\*(R", see \fIopenssl\-verify\fR\|(1) for more +information. +.IP "\fB\-chainCAfile\fR \fIfile\fR" 4 +.IX Item "-chainCAfile file" +A file containing trusted certificates to use when attempting to build the +server certificate chain. +.IP "\fB\-chainCAstore\fR \fIuri\fR" 4 +.IX Item "-chainCAstore uri" +The \s-1URI\s0 to a store to use for building the chain provided to the client. +The \s-1URI\s0 may indicate a single certificate, as well as a collection of +them. +With URIs in the \f(CW\*(C`file:\*(C'\fR scheme, this acts as \fB\-chainCAfile\fR or +\&\fB\-chainCApath\fR, depending on if the \s-1URI\s0 indicates a directory or a +single file. +See \fIossl_store\-file\fR\|(7) for more information on the \f(CW\*(C`file:\*(C'\fR scheme. +.IP "\fB\-nocert\fR" 4 +.IX Item "-nocert" +If this option is set then no certificate is used. This restricts the +cipher suites available to the anonymous ones (currently just anonymous +\&\s-1DH\s0). +.IP "\fB\-quiet\fR" 4 +.IX Item "-quiet" +Inhibit printing of session and certificate information. +.IP "\fB\-tlsextdebug\fR" 4 +.IX Item "-tlsextdebug" +Print a hex dump of any \s-1TLS\s0 extensions received from the server. +.IP "\fB\-www\fR" 4 +.IX Item "-www" +Sends a status message back to the client when it connects. This includes +information about the ciphers used and various session parameters. +The output is in \s-1HTML\s0 format so this option can be used with a web browser. +The special \s-1URL\s0 \f(CW\*(C`/renegcert\*(C'\fR turns on client cert validation, and \f(CW\*(C`/reneg\*(C'\fR +tells the server to request renegotiation. +The \fB\-early_data\fR option cannot be used with this option. +.IP "\fB\-WWW\fR, \fB\-HTTP\fR" 4 +.IX Item "-WWW, -HTTP" +Emulates a simple web server. Pages will be resolved relative to the +current directory, for example if the \s-1URL\s0 \f(CW\*(C`https://myhost/page.html\*(C'\fR is +requested the file \fI./page.html\fR will be sent. +If the \fB\-HTTP\fR flag is used, the files are sent directly, and should contain +any \s-1HTTP\s0 response headers (including status response line). +If the \fB\-WWW\fR option is used, +the response headers are generated by the server, and the file extension is +examined to determine the \fBContent-Type\fR header. +Extensions of \f(CW\*(C`html\*(C'\fR, \f(CW\*(C`htm\*(C'\fR, and \f(CW\*(C`php\*(C'\fR are \f(CW\*(C`text/html\*(C'\fR and all others are +\&\f(CW\*(C`text/plain\*(C'\fR. +In addition, the special \s-1URL\s0 \f(CW\*(C`/stats\*(C'\fR will return status +information like the \fB\-www\fR option. +Neither of these options can be used in conjunction with \fB\-early_data\fR. +.IP "\fB\-http_server_binmode\fR" 4 +.IX Item "-http_server_binmode" +When acting as web-server (using option \fB\-WWW\fR or \fB\-HTTP\fR) open files requested +by the client in binary mode. +.IP "\fB\-id_prefix\fR \fIval\fR" 4 +.IX Item "-id_prefix val" +Generate \s-1SSL/TLS\s0 session IDs prefixed by \fIval\fR. This is mostly useful +for testing any \s-1SSL/TLS\s0 code (eg. proxies) that wish to deal with multiple +servers, when each of which might be generating a unique range of session +IDs (eg. with a certain prefix). +.IP "\fB\-verify_return_error\fR" 4 +.IX Item "-verify_return_error" +Verification errors normally just print a message but allow the +connection to continue, for debugging purposes. +If this option is used, then verification errors close the connection. +.IP "\fB\-status\fR" 4 +.IX Item "-status" +Enables certificate status request support (aka \s-1OCSP\s0 stapling). +.IP "\fB\-status_verbose\fR" 4 +.IX Item "-status_verbose" +Enables certificate status request support (aka \s-1OCSP\s0 stapling) and gives +a verbose printout of the \s-1OCSP\s0 response. +.IP "\fB\-status_timeout\fR \fIint\fR" 4 +.IX Item "-status_timeout int" +Sets the timeout for \s-1OCSP\s0 response to \fIint\fR seconds. +.IP "\fB\-status_url\fR \fIval\fR" 4 +.IX Item "-status_url val" +Sets a fallback responder \s-1URL\s0 to use if no responder \s-1URL\s0 is present in the +server certificate. Without this option an error is returned if the server +certificate does not contain a responder address. +.IP "\fB\-status_file\fR \fIinfile\fR" 4 +.IX Item "-status_file infile" +Overrides any \s-1OCSP\s0 responder URLs from the certificate and always provides the +\&\s-1OCSP\s0 Response stored in the file. The file must be in \s-1DER\s0 format. +.IP "\fB\-trace\fR" 4 +.IX Item "-trace" +Show verbose trace output of protocol messages. OpenSSL needs to be compiled +with \fBenable-ssl-trace\fR for this option to work. +.IP "\fB\-brief\fR" 4 +.IX Item "-brief" +Provide a brief summary of connection parameters instead of the normal verbose +output. +.IP "\fB\-rev\fR" 4 +.IX Item "-rev" +Simple test server which just reverses the text received from the client +and sends it back to the server. Also sets \fB\-brief\fR. Cannot be used in +conjunction with \fB\-early_data\fR. +.IP "\fB\-async\fR" 4 +.IX Item "-async" +Switch on asynchronous mode. Cryptographic operations will be performed +asynchronously. This will only have an effect if an asynchronous capable engine +is also used via the \fB\-engine\fR option. For test purposes the dummy async engine +(dasync) can be used (if available). +.IP "\fB\-max_send_frag\fR \fI+int\fR" 4 +.IX Item "-max_send_frag +int" +The maximum size of data fragment to send. +See \fISSL_CTX_set_max_send_fragment\fR\|(3) for further information. +.IP "\fB\-split_send_frag\fR \fI+int\fR" 4 +.IX Item "-split_send_frag +int" +The size used to split data for encrypt pipelines. If more data is written in +one go than this value then it will be split into multiple pipelines, up to the +maximum number of pipelines defined by max_pipelines. This only has an effect if +a suitable cipher suite has been negotiated, an engine that supports pipelining +has been loaded, and max_pipelines is greater than 1. See +\&\fISSL_CTX_set_split_send_fragment\fR\|(3) for further information. +.IP "\fB\-max_pipelines\fR \fI+int\fR" 4 +.IX Item "-max_pipelines +int" +The maximum number of encrypt/decrypt pipelines to be used. This will only have +an effect if an engine has been loaded that supports pipelining (e.g. the dasync +engine) and a suitable cipher suite has been negotiated. The default value is 1. +See \fISSL_CTX_set_max_pipelines\fR\|(3) for further information. +.IP "\fB\-read_buf\fR \fI+int\fR" 4 +.IX Item "-read_buf +int" +The default read buffer size to be used for connections. This will only have an +effect if the buffer size is larger than the size that would otherwise be used +and pipelining is in use (see \fISSL_CTX_set_default_read_buffer_len\fR\|(3) for +further information). +.IP "\fB\-bugs\fR" 4 +.IX Item "-bugs" +There are several known bugs in \s-1SSL\s0 and \s-1TLS\s0 implementations. Adding this +option enables various workarounds. +.IP "\fB\-no_comp\fR" 4 +.IX Item "-no_comp" +Disable negotiation of \s-1TLS\s0 compression. +\&\s-1TLS\s0 compression is not recommended and is off by default as of +OpenSSL 1.1.0. +.IP "\fB\-comp\fR" 4 +.IX Item "-comp" +Enable negotiation of \s-1TLS\s0 compression. +This option was introduced in OpenSSL 1.1.0. +\&\s-1TLS\s0 compression is not recommended and is off by default as of +OpenSSL 1.1.0. +.IP "\fB\-no_ticket\fR" 4 +.IX Item "-no_ticket" +Disable RFC4507bis session ticket support. This option has no effect if TLSv1.3 +is negotiated. See \fB\-num_tickets\fR. +.IP "\fB\-num_tickets\fR" 4 +.IX Item "-num_tickets" +Control the number of tickets that will be sent to the client after a full +handshake in TLSv1.3. The default number of tickets is 2. This option does not +affect the number of tickets sent after a resumption handshake. +.IP "\fB\-serverpref\fR" 4 +.IX Item "-serverpref" +Use the server's cipher preferences, rather than the client's preferences. +.IP "\fB\-prioritize_chacha\fR" 4 +.IX Item "-prioritize_chacha" +Prioritize ChaCha ciphers when preferred by clients. Requires \fB\-serverpref\fR. +.IP "\fB\-no_resumption_on_reneg\fR" 4 +.IX Item "-no_resumption_on_reneg" +Set the \fB\s-1SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION\s0\fR option. +.IP "\fB\-client_sigalgs\fR \fIval\fR" 4 +.IX Item "-client_sigalgs val" +Signature algorithms to support for client certificate authentication +(colon-separated list). +.IP "\fB\-named_curve\fR \fIval\fR" 4 +.IX Item "-named_curve val" +Specifies the elliptic curve to use. \s-1NOTE:\s0 this is single curve, not a list. +For a list of all possible curves, use: +.Sp +.Vb 1 +\& $ openssl ecparam \-list_curves +.Ve +.IP "\fB\-cipher\fR \fIval\fR" 4 +.IX Item "-cipher val" +This allows the list of TLSv1.2 and below ciphersuites used by the server to be +modified. This list is combined with any TLSv1.3 ciphersuites that have been +configured. When the client sends a list of supported ciphers the first client +cipher also included in the server list is used. Because the client specifies +the preference order, the order of the server cipherlist is irrelevant. See +\&\fIopenssl\-ciphers\fR\|(1) for more information. +.IP "\fB\-ciphersuites\fR \fIval\fR" 4 +.IX Item "-ciphersuites val" +This allows the list of TLSv1.3 ciphersuites used by the server to be modified. +This list is combined with any TLSv1.2 and below ciphersuites that have been +configured. When the client sends a list of supported ciphers the first client +cipher also included in the server list is used. Because the client specifies +the preference order, the order of the server cipherlist is irrelevant. See +\&\fIopenssl\-ciphers\fR\|(1) command for more information. The format for this list is +a simple colon (\*(L":\*(R") separated list of TLSv1.3 ciphersuite names. +.IP "\fB\-dhparam\fR \fIinfile\fR" 4 +.IX Item "-dhparam infile" +The \s-1DH\s0 parameter file to use. The ephemeral \s-1DH\s0 cipher suites generate keys +using a set of \s-1DH\s0 parameters. If not specified then an attempt is made to +load the parameters from the server certificate file. +If this fails then a static set of parameters hard coded into this command +will be used. +.IP "\fB\-nbio\fR" 4 +.IX Item "-nbio" +Turns on non blocking I/O. +.IP "\fB\-psk_identity\fR \fIval\fR" 4 +.IX Item "-psk_identity val" +Expect the client to send \s-1PSK\s0 identity \fIval\fR when using a \s-1PSK\s0 +cipher suite, and warn if they do not. By default, the expected \s-1PSK\s0 +identity is the string \*(L"Client_identity\*(R". +.IP "\fB\-psk_hint\fR \fIval\fR" 4 +.IX Item "-psk_hint val" +Use the \s-1PSK\s0 identity hint \fIval\fR when using a \s-1PSK\s0 cipher suite. +.IP "\fB\-psk\fR \fIval\fR" 4 +.IX Item "-psk val" +Use the \s-1PSK\s0 key \fIval\fR when using a \s-1PSK\s0 cipher suite. The key is +given as a hexadecimal number without leading 0x, for example \-psk +1a2b3c4d. +This option must be provided in order to use a \s-1PSK\s0 cipher. +.IP "\fB\-psk_session\fR \fIfile\fR" 4 +.IX Item "-psk_session file" +Use the pem encoded \s-1SSL_SESSION\s0 data stored in \fIfile\fR as the basis of a \s-1PSK\s0. +Note that this will only work if TLSv1.3 is negotiated. +.IP "\fB\-listen\fR" 4 +.IX Item "-listen" +This option can only be used in conjunction with one of the \s-1DTLS\s0 options above. +With this option, this command will listen on a \s-1UDP\s0 port for incoming +connections. +Any ClientHellos that arrive will be checked to see if they have a cookie in +them or not. +Any without a cookie will be responded to with a HelloVerifyRequest. +If a ClientHello with a cookie is received then this command will +connect to that peer and complete the handshake. +.IP "\fB\-sctp\fR" 4 +.IX Item "-sctp" +Use \s-1SCTP\s0 for the transport protocol instead of \s-1UDP\s0 in \s-1DTLS\s0. Must be used in +conjunction with \fB\-dtls\fR, \fB\-dtls1\fR or \fB\-dtls1_2\fR. This option is only +available where OpenSSL has support for \s-1SCTP\s0 enabled. +.IP "\fB\-sctp_label_bug\fR" 4 +.IX Item "-sctp_label_bug" +Use the incorrect behaviour of older OpenSSL implementations when computing +endpoint-pair shared secrets for \s-1DTLS/SCTP\s0. This allows communication with +older broken implementations but breaks interoperability with correct +implementations. Must be used in conjunction with \fB\-sctp\fR. This option is only +available where OpenSSL has support for \s-1SCTP\s0 enabled. +.IP "\fB\-no_dhe\fR" 4 +.IX Item "-no_dhe" +If this option is set then no \s-1DH\s0 parameters will be loaded effectively +disabling the ephemeral \s-1DH\s0 cipher suites. +.IP "\fB\-alpn\fR \fIval\fR, \fB\-nextprotoneg\fR \fIval\fR" 4 +.IX Item "-alpn val, -nextprotoneg val" +These flags enable the Enable the Application-Layer Protocol Negotiation +or Next Protocol Negotiation (\s-1NPN\s0) extension, respectively. \s-1ALPN\s0 is the +\&\s-1IETF\s0 standard and replaces \s-1NPN\s0. +The \fIval\fR list is a comma-separated list of supported protocol +names. The list should contain the most desirable protocols first. +Protocol names are printable \s-1ASCII\s0 strings, for example \*(L"http/1.1\*(R" or +\&\*(L"spdy/3\*(R". +The flag \fB\-nextprotoneg\fR cannot be specified if \fB\-tls1_3\fR is used. +.IP "\fB\-keylogfile\fR \fIoutfile\fR" 4 +.IX Item "-keylogfile outfile" +Appends \s-1TLS\s0 secrets to the specified keylog file such that external programs +(like Wireshark) can decrypt \s-1TLS\s0 connections. +.IP "\fB\-max_early_data\fR \fIint\fR" 4 +.IX Item "-max_early_data int" +Change the default maximum early data bytes that are specified for new sessions +and any incoming early data (when used in conjunction with the \fB\-early_data\fR +flag). The default value is approximately 16k. The argument must be an integer +greater than or equal to 0. +.IP "\fB\-recv_max_early_data\fR \fIint\fR" 4 +.IX Item "-recv_max_early_data int" +Specify the hard limit on the maximum number of early data bytes that will +be accepted. +.IP "\fB\-early_data\fR" 4 +.IX Item "-early_data" +Accept early data where possible. Cannot be used in conjunction with \fB\-www\fR, +\&\fB\-WWW\fR, \fB\-HTTP\fR or \fB\-rev\fR. +.IP "\fB\-stateless\fR" 4 +.IX Item "-stateless" +Require TLSv1.3 cookies. +.IP "\fB\-anti_replay\fR, \fB\-no_anti_replay\fR" 4 +.IX Item "-anti_replay, -no_anti_replay" +Switches replay protection on or off, respectively. Replay protection is on by +default unless overridden by a configuration file. When it is on, OpenSSL will +automatically detect if a session ticket has been used more than once, TLSv1.3 +has been negotiated, and early data is enabled on the server. A full handshake +is forced if a session ticket is used a second or subsequent time. Any early +data that was sent will be rejected. +.IP "\fB\-nameopt\fR \fIoption\fR" 4 +.IX Item "-nameopt option" +This specifies how the subject or issuer names are displayed. +See \*(L"Name Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-no_ssl3\fR, \fB\-no_tls1\fR, \fB\-no_tls1_1\fR, \fB\-no_tls1_2\fR, \fB\-no_tls1_3\fR, \fB\-ssl3\fR, \fB\-tls1\fR, \fB\-tls1_1\fR, \fB\-tls1_2\fR, \fB\-tls1_3\fR" 4 +.IX Item "-no_ssl3, -no_tls1, -no_tls1_1, -no_tls1_2, -no_tls1_3, -ssl3, -tls1, -tls1_1, -tls1_2, -tls1_3" +See \*(L"\s-1TLS\s0 Version Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-dtls\fR, \fB\-dtls1\fR, \fB\-dtls1_2\fR" 4 +.IX Item "-dtls, -dtls1, -dtls1_2" +These specify the use of \s-1DTLS\s0 instead of \s-1TLS\s0. +See \*(L"\s-1TLS\s0 Version Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-bugs\fR, \fB\-comp\fR, \fB\-no_comp\fR, \fB\-no_ticket\fR, \fB\-serverpref\fR, \fB\-legacy_renegotiation\fR, \fB\-no_renegotiation\fR, \fB\-no_resumption_on_reneg\fR, \fB\-legacy_server_connect\fR, \fB\-no_legacy_server_connect\fR, \fB\-allow_no_dhe_kex\fR, \fB\-prioritize_chacha\fR, \fB\-strict\fR, \fB\-sigalgs\fR \fIalgs\fR, \fB\-client_sigalgs\fR \fIalgs\fR, \fB\-groups\fR \fIgroups\fR, \fB\-curves\fR \fIcurves\fR, \fB\-named_curve\fR \fIcurve\fR, \fB\-cipher\fR \fIciphers\fR, \fB\-ciphersuites\fR \fI1.3ciphers\fR, \fB\-min_protocol\fR \fIminprot\fR, \fB\-max_protocol\fR \fImaxprot\fR, \fB\-record_padding\fR \fIpadding\fR, \fB\-debug_broken_protocol\fR, \fB\-no_middlebox\fR" 4 +.IX Item "-bugs, -comp, -no_comp, -no_ticket, -serverpref, -legacy_renegotiation, -no_renegotiation, -no_resumption_on_reneg, -legacy_server_connect, -no_legacy_server_connect, -allow_no_dhe_kex, -prioritize_chacha, -strict, -sigalgs algs, -client_sigalgs algs, -groups groups, -curves curves, -named_curve curve, -cipher ciphers, -ciphersuites 1.3ciphers, -min_protocol minprot, -max_protocol maxprot, -record_padding padding, -debug_broken_protocol, -no_middlebox" +See \*(L"\s-1SUPPORTED\s0 \s-1COMMAND\s0 \s-1LINE\s0 \s-1COMMANDS\s0\*(R" in \fISSL_CONF_cmd\fR\|(3) for details. +.IP "\fBxkey\fR \fIinfile\fR, \fB\-xcert\fR \fIfile\fR, \fB\-xchain\fR \fIfile\fR, \fB\-xchain_build\fR \fIfile\fR, \fB\-xcertform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR, \fB\-xkeyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IX Item "xkey infile, -xcert file, -xchain file, -xchain_build file, -xcertform DER|PEM, -xkeyform DER|PEM" +Set extended certificate verification options. +See \*(L"Extended Verification Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-CAfile\fR \fIfile\fR, \fB\-no\-CAfile\fR, \fB\-CApath\fR \fIdir\fR, \fB\-no\-CApath\fR, \fB\-CAstore\fR \fIuri\fR, \fB\-no\-CAstore\fR" 4 +.IX Item "-CAfile file, -no-CAfile, -CApath dir, -no-CApath, -CAstore uri, -no-CAstore" +See \*(L"Trusted Certificate Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 +.IX Item "-rand files, -writerand file" +See \*(L"Random State Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +See \*(L"Engine Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-allow_proxy_certs\fR, \fB\-attime\fR, \fB\-no_check_time\fR, \fB\-check_ss_sig\fR, \fB\-crl_check\fR, \fB\-crl_check_all\fR, \fB\-explicit_policy\fR, \fB\-extended_crl\fR, \fB\-ignore_critical\fR, \fB\-inhibit_any\fR, \fB\-inhibit_map\fR, \fB\-no_alt_chains\fR, \fB\-partial_chain\fR, \fB\-policy\fR, \fB\-policy_check\fR, \fB\-policy_print\fR, \fB\-purpose\fR, \fB\-suiteB_128\fR, \fB\-suiteB_128_only\fR, \fB\-suiteB_192\fR, \fB\-trusted_first\fR, \fB\-use_deltas\fR, \fB\-auth_level\fR, \fB\-verify_depth\fR, \fB\-verify_email\fR, \fB\-verify_hostname\fR, \fB\-verify_ip\fR, \fB\-verify_name\fR, \fB\-x509_strict\fR \fB\-issuer_checks\fR" 4 +.IX Item "-allow_proxy_certs, -attime, -no_check_time, -check_ss_sig, -crl_check, -crl_check_all, -explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, -inhibit_map, -no_alt_chains, -partial_chain, -policy, -policy_check, -policy_print, -purpose, -suiteB_128, -suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, -auth_level, -verify_depth, -verify_email, -verify_hostname, -verify_ip, -verify_name, -x509_strict -issuer_checks" +Set various options of certificate chain verification. +See \*(L"Verification Options\*(R" in \fIopenssl\fR\|(1) for details. +.Sp +If the server requests a client certificate, then +verification errors are displayed, for debugging, but the command will +proceed unless the \fB\-verify_return_error\fR option is used. +.SH "CONNECTED COMMANDS" +.IX Header "CONNECTED COMMANDS" +If a connection request is established with an \s-1SSL\s0 client and neither the +\&\fB\-www\fR nor the \fB\-WWW\fR option has been used then normally any data received +from the client is displayed and any key presses will be sent to the client. +.PP +Certain commands are also recognized which perform special operations. These +commands are a letter which must appear at the start of a line. They are listed +below. +.IP "\fBq\fR" 4 +.IX Item "q" +End the current \s-1SSL\s0 connection but still accept new connections. +.IP "\fBQ\fR" 4 +.IX Item "Q" +End the current \s-1SSL\s0 connection and exit. +.IP "\fBr\fR" 4 +.IX Item "r" +Renegotiate the \s-1SSL\s0 session (TLSv1.2 and below only). +.IP "\fBR\fR" 4 +.IX Item "R" +Renegotiate the \s-1SSL\s0 session and request a client certificate (TLSv1.2 and below +only). +.IP "\fBP\fR" 4 +.IX Item "P" +Send some plain text down the underlying \s-1TCP\s0 connection: this should +cause the client to disconnect due to a protocol violation. +.IP "\fBS\fR" 4 +.IX Item "S" +Print out some session cache status information. +.IP "\fBk\fR" 4 +.IX Item "k" +Send a key update message to the client (TLSv1.3 only) +.IP "\fBK\fR" 4 +.IX Item "K" +Send a key update message to the client and request one back (TLSv1.3 only) +.IP "\fBc\fR" 4 +.IX Item "c" +Send a certificate request to the client (TLSv1.3 only) +.SH "NOTES" +.IX Header "NOTES" +This command can be used to debug \s-1SSL\s0 clients. To accept connections +from a web browser the command: +.PP +.Vb 1 +\& openssl s_server \-accept 443 \-www +.Ve +.PP +can be used for example. +.PP +Although specifying an empty list of CAs when requesting a client certificate +is strictly speaking a protocol violation, some \s-1SSL\s0 clients interpret this to +mean any \s-1CA\s0 is acceptable. This is useful for debugging purposes. +.PP +The session parameters can printed out using the \fIopenssl\-sess_id\fR\|(1) command. +.SH "BUGS" +.IX Header "BUGS" +Because this program has a lot of options and also because some of the +techniques used are rather old, the C source for this command is rather +hard to read and not a model of how things should be done. +A typical \s-1SSL\s0 server program would be much simpler. +.PP +The output of common ciphers is wrong: it just gives the list of ciphers that +OpenSSL recognizes and the client supports. +.PP +There should be a way for this command to print out details +of any unknown cipher suites a client says it supports. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIopenssl\-sess_id\fR\|(1), +\&\fIopenssl\-s_client\fR\|(1), +\&\fIopenssl\-ciphers\fR\|(1), +\&\fISSL_CONF_cmd\fR\|(3), +\&\fISSL_CTX_set_max_send_fragment\fR\|(3), +\&\fISSL_CTX_set_split_send_fragment\fR\|(3), +\&\fISSL_CTX_set_max_pipelines\fR\|(3), +\&\fIossl_store\-file\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \-no_alt_chains option was added in OpenSSL 1.1.0. +.PP +The +\&\-allow\-no\-dhe\-kex and \-prioritize_chacha options were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man1/openssl-s_time.1 b/linux_amd64/share/man/man1/openssl-s_time.1 new file mode 100755 index 0000000..cdf8cbe --- /dev/null +++ b/linux_amd64/share/man/man1/openssl-s_time.1 @@ -0,0 +1,305 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-S_TIME 1" +.TH OPENSSL-S_TIME 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-s_time \- SSL/TLS performance timing program +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBs_time\fR +[\fB\-help\fR] +[\fB\-connect\fR \fIhost\fR:\fIport\fR] +[\fB\-www\fR \fIpage\fR] +[\fB\-cert\fR \fIfilename\fR] +[\fB\-key\fR \fIfilename\fR] +[\fB\-reuse\fR] +[\fB\-new\fR] +[\fB\-verify\fR \fIdepth\fR] +[\fB\-time\fR \fIseconds\fR] +[\fB\-ssl3\fR] +[\fB\-tls1\fR] +[\fB\-tls1_1\fR] +[\fB\-tls1_2\fR] +[\fB\-tls1_3\fR] +[\fB\-bugs\fR] +[\fB\-cipher\fR \fIcipherlist\fR] +[\fB\-ciphersuites\fR \fIval\fR] +[\fB\-nameopt\fR \fIoption\fR] +[\fB\-cafile\fR \fIfile\fR] +[\fB\-CAfile\fR \fIfile\fR] +[\fB\-no\-CAfile\fR] +[\fB\-CApath\fR \fIdir\fR] +[\fB\-no\-CApath\fR] +[\fB\-CAstore\fR \fIuri\fR] +[\fB\-no\-CAstore\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command implements a generic \s-1SSL/TLS\s0 client which +connects to a remote host using \s-1SSL/TLS\s0. It can request a page from the server +and includes the time to transfer the payload data in its timing measurements. +It measures the number of connections within a given timeframe, the amount of +data transferred (if any), and calculates the average time spent for one +connection. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-connect\fR \fIhost\fR:\fIport\fR" 4 +.IX Item "-connect host:port" +This specifies the host and optional port to connect to. +.IP "\fB\-www\fR \fIpage\fR" 4 +.IX Item "-www page" +This specifies the page to \s-1GET\s0 from the server. A value of '/' gets the +\&\fIindex.html\fR page. If this parameter is not specified, then this command +will only perform the handshake to establish \s-1SSL\s0 connections but not transfer +any payload data. +.IP "\fB\-cert\fR \fIcertname\fR" 4 +.IX Item "-cert certname" +The certificate to use, if one is requested by the server. The default is +not to use a certificate. The file is in \s-1PEM\s0 format. +.IP "\fB\-key\fR \fIkeyfile\fR" 4 +.IX Item "-key keyfile" +The private key to use. If not specified then the certificate file will +be used. The file is in \s-1PEM\s0 format. +.IP "\fB\-verify\fR \fIdepth\fR" 4 +.IX Item "-verify depth" +The verify depth to use. This specifies the maximum length of the +server certificate chain and turns on server certificate verification. +Currently the verify operation continues after errors so all the problems +with a certificate chain can be seen. As a side effect the connection +will never fail due to a server certificate verify failure. +.IP "\fB\-new\fR" 4 +.IX Item "-new" +Performs the timing test using a new session \s-1ID\s0 for each connection. +If neither \fB\-new\fR nor \fB\-reuse\fR are specified, they are both on by default +and executed in sequence. +.IP "\fB\-reuse\fR" 4 +.IX Item "-reuse" +Performs the timing test using the same session \s-1ID\s0; this can be used as a test +that session caching is working. If neither \fB\-new\fR nor \fB\-reuse\fR are +specified, they are both on by default and executed in sequence. +.IP "\fB\-bugs\fR" 4 +.IX Item "-bugs" +There are several known bugs in \s-1SSL\s0 and \s-1TLS\s0 implementations. Adding this +option enables various workarounds. +.IP "\fB\-cipher\fR \fIcipherlist\fR" 4 +.IX Item "-cipher cipherlist" +This allows the TLSv1.2 and below cipher list sent by the client to be modified. +This list will be combined with any TLSv1.3 ciphersuites that have been +configured. Although the server determines which cipher suite is used it should +take the first supported cipher in the list sent by the client. See +\&\fIopenssl\-ciphers\fR\|(1) for more information. +.IP "\fB\-ciphersuites\fR \fIval\fR" 4 +.IX Item "-ciphersuites val" +This allows the TLSv1.3 ciphersuites sent by the client to be modified. This +list will be combined with any TLSv1.2 and below ciphersuites that have been +configured. Although the server determines which cipher suite is used it should +take the first supported cipher in the list sent by the client. See +\&\fIopenssl\-ciphers\fR\|(1) for more information. The format for this list is a +simple colon (\*(L":\*(R") separated list of TLSv1.3 ciphersuite names. +.IP "\fB\-time\fR \fIlength\fR" 4 +.IX Item "-time length" +Specifies how long (in seconds) this command should establish connections +and optionally transfer payload data from a server. Server and client +performance and the link speed determine how many connections it +can establish. +.IP "\fB\-nameopt\fR \fIoption\fR" 4 +.IX Item "-nameopt option" +This specifies how the subject or issuer names are displayed. +See \*(L"Name Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-CAfile\fR \fIfile\fR, \fB\-no\-CAfile\fR, \fB\-CApath\fR \fIdir\fR, \fB\-no\-CApath\fR, \fB\-CAstore\fR \fIuri\fR, \fB\-no\-CAstore\fR" 4 +.IX Item "-CAfile file, -no-CAfile, -CApath dir, -no-CApath, -CAstore uri, -no-CAstore" +See \*(L"Trusted Certificate Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-cafile\fR \fIfile\fR" 4 +.IX Item "-cafile file" +This is an obsolete synonym for \fB\-CAfile\fR. +.IP "\fB\-ssl3\fR, \fB\-tls1\fR, \fB\-tls1_1\fR, \fB\-tls1_2\fR, \fB\-tls1_3\fR" 4 +.IX Item "-ssl3, -tls1, -tls1_1, -tls1_2, -tls1_3" +See \*(L"\s-1TLS\s0 Version Options\*(R" in \fIopenssl\fR\|(1). +.SH "NOTES" +.IX Header "NOTES" +This command can be used to measure the performance of an \s-1SSL\s0 connection. +To connect to an \s-1SSL\s0 \s-1HTTP\s0 server and get the default page the command +.PP +.Vb 1 +\& openssl s_time \-connect servername:443 \-www / \-CApath yourdir \-CAfile yourfile.pem \-cipher commoncipher [\-ssl3] +.Ve +.PP +would typically be used (https uses port 443). \fIcommoncipher\fR is a cipher to +which both client and server can agree, see the \fIopenssl\-ciphers\fR\|(1) command +for details. +.PP +If the handshake fails then there are several possible causes, if it is +nothing obvious like no client certificate then the \fB\-bugs\fR and +\&\fB\-ssl3\fR options can be tried +in case it is a buggy server. In particular you should play with these +options \fBbefore\fR submitting a bug report to an OpenSSL mailing list. +.PP +A frequent problem when attempting to get client certificates working +is that a web client complains it has no certificates or gives an empty +list to choose from. This is normally because the server is not sending +the clients certificate authority in its \*(L"acceptable \s-1CA\s0 list\*(R" when it +requests a certificate. By using \fIopenssl\-s_client\fR\|(1) the \s-1CA\s0 list can be +viewed and checked. However some servers only request client authentication +after a specific \s-1URL\s0 is requested. To obtain the list in this case it +is necessary to use the \fB\-prexit\fR option of \fIopenssl\-s_client\fR\|(1) and +send an \s-1HTTP\s0 request for an appropriate page. +.PP +If a certificate is specified on the command line using the \fB\-cert\fR +option it will not be used unless the server specifically requests +a client certificate. Therefor merely including a client certificate +on the command line is no guarantee that the certificate works. +.SH "BUGS" +.IX Header "BUGS" +Because this program does not have all the options of the +\&\fIopenssl\-s_client\fR\|(1) program to turn protocols on and off, you may not +be able to measure the performance of all protocols with all servers. +.PP +The \fB\-verify\fR option should really exit if the server verification +fails. +.SH "HISTORY" +.IX Header "HISTORY" +The \fB\-cafile\fR option was deprecated in OpenSSL 3.0. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIopenssl\-s_client\fR\|(1), +\&\fIopenssl\-s_server\fR\|(1), +\&\fIopenssl\-ciphers\fR\|(1), +\&\fIossl_store\-file\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2004\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man1/openssl-sess_id.1 b/linux_amd64/share/man/man1/openssl-sess_id.1 new file mode 100755 index 0000000..dd9d979 --- /dev/null +++ b/linux_amd64/share/man/man1/openssl-sess_id.1 @@ -0,0 +1,258 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-SESS_ID 1" +.TH OPENSSL-SESS_ID 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-sess_id \- SSL/TLS session handling utility +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBsess_id\fR +[\fB\-help\fR] +[\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1NSS\s0\fR] +[\fB\-in\fR \fIfilename\fR] +[\fB\-out\fR \fIfilename\fR] +[\fB\-text\fR] +[\fB\-cert\fR] +[\fB\-noout\fR] +[\fB\-context\fR \fI\s-1ID\s0\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command processes the encoded version of the \s-1SSL\s0 session +structure and optionally prints out \s-1SSL\s0 session details (for example +the \s-1SSL\s0 session master key) in human readable format. Since this is a +diagnostic tool that needs some knowledge of the \s-1SSL\s0 protocol to use +properly, most users will not need to use it. +.PP +The precise format of the data can vary across OpenSSL versions and +is not documented. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR, \fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1NSS\s0\fR" 4 +.IX Item "-inform DER|PEM, -outform DER|PEM|NSS" +The input and output formats; the default is \s-1PEM\s0. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.Sp +For \fB\s-1NSS\s0\fR output, the session \s-1ID\s0 and master key are reported in \s-1NSS\s0 \*(L"keylog\*(R" +format. +.IP "\fB\-in\fR \fIfilename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read session information from or standard +input by default. +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +This specifies the output filename to write session information to or standard +output if this option is not specified. +.IP "\fB\-text\fR" 4 +.IX Item "-text" +Prints out the various public or private key components in +plain text in addition to the encoded version. +.IP "\fB\-cert\fR" 4 +.IX Item "-cert" +If a certificate is present in the session it will be output using this option, +if the \fB\-text\fR option is also present then it will be printed out in text form. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +This option prevents output of the encoded version of the session. +.IP "\fB\-context\fR \fI\s-1ID\s0\fR" 4 +.IX Item "-context ID" +This option can set the session id so the output session information uses the +supplied \s-1ID\s0. The \s-1ID\s0 can be any string of characters. This option won't normally +be used. +.SH "OUTPUT" +.IX Header "OUTPUT" +Typical output: +.PP +.Vb 10 +\& SSL\-Session: +\& Protocol : TLSv1 +\& Cipher : 0016 +\& Session\-ID: 871E62626C554CE95488823752CBD5F3673A3EF3DCE9C67BD916C809914B40ED +\& Session\-ID\-ctx: 01000000 +\& Master\-Key: A7CEFC571974BE02CAC305269DC59F76EA9F0B180CB6642697A68251F2D2BB57E51DBBB4C7885573192AE9AEE220FACD +\& Key\-Arg : None +\& Start Time: 948459261 +\& Timeout : 300 (sec) +\& Verify return code 0 (ok) +.Ve +.PP +These are described below in more detail. +.IP "\fBProtocol\fR" 4 +.IX Item "Protocol" +This is the protocol in use TLSv1.3, TLSv1.2, TLSv1.1, TLSv1 or SSLv3. +.IP "\fBCipher\fR" 4 +.IX Item "Cipher" +The cipher used this is the actual raw \s-1SSL\s0 or \s-1TLS\s0 cipher code, see the \s-1SSL\s0 +or \s-1TLS\s0 specifications for more information. +.IP "\fBSession-ID\fR" 4 +.IX Item "Session-ID" +The \s-1SSL\s0 session \s-1ID\s0 in hex format. +.IP "\fBSession-ID-ctx\fR" 4 +.IX Item "Session-ID-ctx" +The session \s-1ID\s0 context in hex format. +.IP "\fBMaster-Key\fR" 4 +.IX Item "Master-Key" +This is the \s-1SSL\s0 session master key. +.IP "\fBStart Time\fR" 4 +.IX Item "Start Time" +This is the session start time represented as an integer in standard +Unix format. +.IP "\fBTimeout\fR" 4 +.IX Item "Timeout" +The timeout in seconds. +.IP "\fBVerify return code\fR" 4 +.IX Item "Verify return code" +This is the return code when an \s-1SSL\s0 client certificate is verified. +.SH "NOTES" +.IX Header "NOTES" +Since the \s-1SSL\s0 session output contains the master key it is +possible to read the contents of an encrypted session using this +information. Therefore appropriate security precautions should be taken if +the information is being output by a \*(L"real\*(R" application. This is however +strongly discouraged and should only be used for debugging purposes. +.SH "BUGS" +.IX Header "BUGS" +The cipher and start time should be printed out in human readable form. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIopenssl\-ciphers\fR\|(1), +\&\fIopenssl\-s_server\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man1/openssl-smime.1 b/linux_amd64/share/man/man1/openssl-smime.1 new file mode 100755 index 0000000..3af13b2 --- /dev/null +++ b/linux_amd64/share/man/man1/openssl-smime.1 @@ -0,0 +1,619 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-SMIME 1" +.TH OPENSSL-SMIME 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-smime \- S/MIME utility +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBsmime\fR +[\fB\-help\fR] +[\fB\-encrypt\fR] +[\fB\-decrypt\fR] +[\fB\-sign\fR] +[\fB\-resign\fR] +[\fB\-verify\fR] +[\fB\-pk7out\fR] +[\fB\-binary\fR] +[\fB\-crlfeol\fR] +[\fB\-\f(BIcipher\fB\fR] +[\fB\-in\fR \fIfile\fR] +[\fB\-certfile\fR \fIfile\fR] +[\fB\-signer\fR \fIfile\fR] +[\fB\-nointern\fR] +[\fB\-noverify\fR] +[\fB\-nochain\fR] +[\fB\-nosigs\fR] +[\fB\-nocerts\fR] +[\fB\-noattr\fR] +[\fB\-nodetach\fR] +[\fB\-nosmimecap\fR] +[\fB\-recip\fR \fI file\fR] +[\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1SMIME\s0\fR] +[\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1SMIME\s0\fR] +[\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1ENGINE\s0\fR] +[\fB\-passin\fR \fIarg\fR] +[\fB\-inkey\fR \fIfile_or_id\fR] +[\fB\-out\fR \fIfile\fR] +[\fB\-content\fR \fIfile\fR] +[\fB\-to\fR \fIaddr\fR] +[\fB\-from\fR \fIad\fR] +[\fB\-subject\fR \fIs\fR] +[\fB\-text\fR] +[\fB\-indef\fR] +[\fB\-noindef\fR] +[\fB\-stream\fR] +[\fB\-md\fR \fIdigest\fR] +[\fB\-CAfile\fR \fIfile\fR] +[\fB\-no\-CAfile\fR] +[\fB\-CApath\fR \fIdir\fR] +[\fB\-no\-CApath\fR] +[\fB\-CAstore\fR \fIuri\fR] +[\fB\-no\-CAstore\fR] +[\fB\-engine\fR \fIid\fR] +[\fB\-rand\fR \fIfiles\fR] +[\fB\-writerand\fR \fIfile\fR] +[\fB\-allow_proxy_certs\fR] +[\fB\-attime\fR \fItimestamp\fR] +[\fB\-no_check_time\fR] +[\fB\-check_ss_sig\fR] +[\fB\-crl_check\fR] +[\fB\-crl_check_all\fR] +[\fB\-explicit_policy\fR] +[\fB\-extended_crl\fR] +[\fB\-ignore_critical\fR] +[\fB\-inhibit_any\fR] +[\fB\-inhibit_map\fR] +[\fB\-partial_chain\fR] +[\fB\-policy\fR \fIarg\fR] +[\fB\-policy_check\fR] +[\fB\-policy_print\fR] +[\fB\-purpose\fR \fIpurpose\fR] +[\fB\-suiteB_128\fR] +[\fB\-suiteB_128_only\fR] +[\fB\-suiteB_192\fR] +[\fB\-trusted_first\fR] +[\fB\-no_alt_chains\fR] +[\fB\-use_deltas\fR] +[\fB\-auth_level\fR \fInum\fR] +[\fB\-verify_depth\fR \fInum\fR] +[\fB\-verify_email\fR \fIemail\fR] +[\fB\-verify_hostname\fR \fIhostname\fR] +[\fB\-verify_ip\fR \fIip\fR] +[\fB\-verify_name\fR \fIname\fR] +[\fB\-x509_strict\fR] +[\fB\-issuer_checks\fR] +.PP +\&\fIcert.pem\fR ... +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command handles S/MIME mail. It can encrypt, decrypt, sign +and verify S/MIME messages. +.SH "OPTIONS" +.IX Header "OPTIONS" +There are six operation options that set the type of operation to be performed. +The meaning of the other options varies according to the operation type. +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-encrypt\fR" 4 +.IX Item "-encrypt" +Encrypt mail for the given recipient certificates. Input file is the message +to be encrypted. The output file is the encrypted mail in \s-1MIME\s0 format. +.Sp +Note that no revocation check is done for the recipient cert, so if that +key has been compromised, others may be able to decrypt the text. +.IP "\fB\-decrypt\fR" 4 +.IX Item "-decrypt" +Decrypt mail using the supplied certificate and private key. Expects an +encrypted mail message in \s-1MIME\s0 format for the input file. The decrypted mail +is written to the output file. +.IP "\fB\-sign\fR" 4 +.IX Item "-sign" +Sign mail using the supplied certificate and private key. Input file is +the message to be signed. The signed message in \s-1MIME\s0 format is written +to the output file. +.IP "\fB\-verify\fR" 4 +.IX Item "-verify" +Verify signed mail. Expects a signed mail message on input and outputs +the signed data. Both clear text and opaque signing is supported. +.IP "\fB\-pk7out\fR" 4 +.IX Item "-pk7out" +Takes an input message and writes out a \s-1PEM\s0 encoded PKCS#7 structure. +.IP "\fB\-resign\fR" 4 +.IX Item "-resign" +Resign a message: take an existing message and one or more new signers. +.IP "\fB\-in\fR \fIfilename\fR" 4 +.IX Item "-in filename" +The input message to be encrypted or signed or the \s-1MIME\s0 message to +be decrypted or verified. +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +The message text that has been decrypted or verified or the output \s-1MIME\s0 +format message that has been signed or verified. +.IP "\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1SMIME\s0\fR" 4 +.IX Item "-inform DER|PEM|SMIME" +The input format of the PKCS#7 (S/MIME) structure (if one is being read); +the default is \fB\s-1SMIME\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1SMIME\s0\fR" 4 +.IX Item "-outform DER|PEM|SMIME" +The output format of the PKCS#7 (S/MIME) structure (if one is being written); +the default is \fB\s-1SMIME\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IX Item "-keyform DER|PEM" +The key format; the default is \fB\s-1PEM\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-stream\fR, \fB\-indef\fR, \fB\-noindef\fR" 4 +.IX Item "-stream, -indef, -noindef" +The \fB\-stream\fR and \fB\-indef\fR options are equivalent and enable streaming I/O +for encoding operations. This permits single pass processing of data without +the need to hold the entire contents in memory, potentially supporting very +large files. Streaming is automatically set for S/MIME signing with detached +data if the output format is \fB\s-1SMIME\s0\fR it is currently off by default for all +other operations. +.IP "\fB\-noindef\fR" 4 +.IX Item "-noindef" +Disable streaming I/O where it would produce and indefinite length constructed +encoding. This option currently has no effect. In future streaming will be +enabled by default on all relevant operations and this option will disable it. +.IP "\fB\-content\fR \fIfilename\fR" 4 +.IX Item "-content filename" +This specifies a file containing the detached content, this is only +useful with the \fB\-verify\fR command. This is only usable if the PKCS#7 +structure is using the detached signature form where the content is +not included. This option will override any content if the input format +is S/MIME and it uses the multipart/signed \s-1MIME\s0 content type. +.IP "\fB\-text\fR" 4 +.IX Item "-text" +This option adds plain text (text/plain) \s-1MIME\s0 headers to the supplied +message if encrypting or signing. If decrypting or verifying it strips +off text headers: if the decrypted or verified message is not of \s-1MIME\s0 +type text/plain then an error occurs. +.IP "\fB\-md\fR \fIdigest\fR" 4 +.IX Item "-md digest" +Digest algorithm to use when signing or resigning. If not present then the +default digest algorithm for the signing key will be used (usually \s-1SHA1\s0). +.IP "\fB\-\f(BIcipher\fB\fR" 4 +.IX Item "-cipher" +The encryption algorithm to use. For example \s-1DES\s0 (56 bits) \- \fB\-des\fR, +triple \s-1DES\s0 (168 bits) \- \fB\-des3\fR, +\&\fIEVP_get_cipherbyname()\fR function) can also be used preceded by a dash, for +example \fB\-aes\-128\-cbc\fR. See \fIopenssl\-enc\fR\|(1) for list of ciphers +supported by your version of OpenSSL. +.Sp +If not specified triple \s-1DES\s0 is used. Only used with \fB\-encrypt\fR. +.IP "\fB\-nointern\fR" 4 +.IX Item "-nointern" +When verifying a message normally certificates (if any) included in +the message are searched for the signing certificate. With this option +only the certificates specified in the \fB\-certfile\fR option are used. +The supplied certificates can still be used as untrusted CAs however. +.IP "\fB\-noverify\fR" 4 +.IX Item "-noverify" +Do not verify the signers certificate of a signed message. +.IP "\fB\-nochain\fR" 4 +.IX Item "-nochain" +Do not do chain verification of signers certificates; that is, do not +use the certificates in the signed message as untrusted CAs. +.IP "\fB\-nosigs\fR" 4 +.IX Item "-nosigs" +Don't try to verify the signatures on the message. +.IP "\fB\-nocerts\fR" 4 +.IX Item "-nocerts" +When signing a message the signer's certificate is normally included +with this option it is excluded. This will reduce the size of the +signed message but the verifier must have a copy of the signers certificate +available locally (passed using the \fB\-certfile\fR option for example). +.IP "\fB\-noattr\fR" 4 +.IX Item "-noattr" +Normally when a message is signed a set of attributes are included which +include the signing time and supported symmetric algorithms. With this +option they are not included. +.IP "\fB\-nodetach\fR" 4 +.IX Item "-nodetach" +When signing a message use opaque signing. This form is more resistant +to translation by mail relays but it cannot be read by mail agents that +do not support S/MIME. Without this option cleartext signing with +the \s-1MIME\s0 type multipart/signed is used. +.IP "\fB\-nosmimecap\fR" 4 +.IX Item "-nosmimecap" +When signing a message, do not include the \fBSMIMECapabilities\fR attribute. +.IP "\fB\-binary\fR" 4 +.IX Item "-binary" +Normally the input message is converted to \*(L"canonical\*(R" format which is +effectively using \s-1CR\s0 and \s-1LF\s0 as end of line: as required by the S/MIME +specification. When this option is present no translation occurs. This +is useful when handling binary data which may not be in \s-1MIME\s0 format. +.IP "\fB\-crlfeol\fR" 4 +.IX Item "-crlfeol" +Normally the output file uses a single \fB\s-1LF\s0\fR as end of line. When this +option is present \fB\s-1CRLF\s0\fR is used instead. +.IP "\fB\-certfile\fR \fIfile\fR" 4 +.IX Item "-certfile file" +Allows additional certificates to be specified. When signing these will +be included with the message. When verifying these will be searched for +the signers certificates. The certificates should be in \s-1PEM\s0 format. +.IP "\fB\-signer\fR \fIfile\fR" 4 +.IX Item "-signer file" +A signing certificate when signing or resigning a message, this option can be +used multiple times if more than one signer is required. If a message is being +verified then the signers certificates will be written to this file if the +verification was successful. +.IP "\fB\-nocerts\fR" 4 +.IX Item "-nocerts" +Don't include signers certificate when signing. +.IP "\fB\-noattr\fR" 4 +.IX Item "-noattr" +Don't include any signed attributes when signing. +.IP "\fB\-recip\fR \fIfile\fR" 4 +.IX Item "-recip file" +The recipients certificate when decrypting a message. This certificate +must match one of the recipients of the message or an error occurs. +.IP "\fB\-inkey\fR \fIfile_or_id\fR" 4 +.IX Item "-inkey file_or_id" +The private key to use when signing or decrypting. This must match the +corresponding certificate. If this option is not specified then the +private key must be included in the certificate file specified with +the \fB\-recip\fR or \fB\-signer\fR file. When signing this option can be used +multiple times to specify successive keys. +If no engine is used, the argument is taken as a file; if an engine is +specified, the argument is given to the engine as a key identifier. +.IP "\fB\-passin\fR \fIarg\fR" 4 +.IX Item "-passin arg" +The private key password source. For more information about the format of \fIarg\fR +see \*(L"Pass Phrase Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-to\fR, \fB\-from\fR, \fB\-subject\fR" 4 +.IX Item "-to, -from, -subject" +The relevant mail headers. These are included outside the signed +portion of a message so they may be included manually. If signing +then many S/MIME mail clients check the signers certificate's email +address matches that specified in the From: address. +.IP "\fB\-allow_proxy_certs\fR, \fB\-attime\fR, \fB\-no_check_time\fR, \fB\-check_ss_sig\fR, \fB\-crl_check\fR, \fB\-crl_check_all\fR, \fB\-explicit_policy\fR, \fB\-extended_crl\fR, \fB\-ignore_critical\fR, \fB\-inhibit_any\fR, \fB\-inhibit_map\fR, \fB\-no_alt_chains\fR, \fB\-partial_chain\fR, \fB\-policy\fR, \fB\-policy_check\fR, \fB\-policy_print\fR, \fB\-purpose\fR, \fB\-suiteB_128\fR, \fB\-suiteB_128_only\fR, \fB\-suiteB_192\fR, \fB\-trusted_first\fR, \fB\-use_deltas\fR, \fB\-auth_level\fR, \fB\-verify_depth\fR, \fB\-verify_email\fR, \fB\-verify_hostname\fR, \fB\-verify_ip\fR, \fB\-verify_name\fR, \fB\-x509_strict\fR \fB\-issuer_checks\fR" 4 +.IX Item "-allow_proxy_certs, -attime, -no_check_time, -check_ss_sig, -crl_check, -crl_check_all, -explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, -inhibit_map, -no_alt_chains, -partial_chain, -policy, -policy_check, -policy_print, -purpose, -suiteB_128, -suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, -auth_level, -verify_depth, -verify_email, -verify_hostname, -verify_ip, -verify_name, -x509_strict -issuer_checks" +Set various options of certificate chain verification. +See \*(L"Verification Options\*(R" in \fIopenssl\fR\|(1) for details. +.Sp +Any verification errors cause the command to exit. +.IP "\fB\-CAfile\fR \fIfile\fR, \fB\-no\-CAfile\fR, \fB\-CApath\fR \fIdir\fR, \fB\-no\-CApath\fR, \fB\-CAstore\fR \fIuri\fR, \fB\-no\-CAstore\fR" 4 +.IX Item "-CAfile file, -no-CAfile, -CApath dir, -no-CApath, -CAstore uri, -no-CAstore" +See \*(L"Trusted Certificate Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +See \*(L"Engine Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 +.IX Item "-rand files, -writerand file" +See \*(L"Random State Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fIcert.pem\fR ..." 4 +.IX Item "cert.pem ..." +One or more certificates of message recipients, used when encrypting +a message. +.SH "NOTES" +.IX Header "NOTES" +The \s-1MIME\s0 message must be sent without any blank lines between the +headers and the output. Some mail programs will automatically add +a blank line. Piping the mail directly to sendmail is one way to +achieve the correct format. +.PP +The supplied message to be signed or encrypted must include the +necessary \s-1MIME\s0 headers or many S/MIME clients won't display it +properly (if at all). You can use the \fB\-text\fR option to automatically +add plain text headers. +.PP +A \*(L"signed and encrypted\*(R" message is one where a signed message is +then encrypted. This can be produced by encrypting an already signed +message: see the examples section. +.PP +This version of the program only allows one signer per message but it +will verify multiple signers on received messages. Some S/MIME clients +choke if a message contains multiple signers. It is possible to sign +messages \*(L"in parallel\*(R" by signing an already signed message. +.PP +The options \fB\-encrypt\fR and \fB\-decrypt\fR reflect common usage in S/MIME +clients. Strictly speaking these process PKCS#7 enveloped data: PKCS#7 +encrypted data is used for other purposes. +.PP +The \fB\-resign\fR option uses an existing message digest when adding a new +signer. This means that attributes must be present in at least one existing +signer using the same message digest or this operation will fail. +.PP +The \fB\-stream\fR and \fB\-indef\fR options enable streaming I/O support. +As a result the encoding is \s-1BER\s0 using indefinite length constructed encoding +and no longer \s-1DER\s0. Streaming is supported for the \fB\-encrypt\fR operation and the +\&\fB\-sign\fR operation if the content is not detached. +.PP +Streaming is always used for the \fB\-sign\fR operation with detached data but +since the content is no longer part of the PKCS#7 structure the encoding +remains \s-1DER\s0. +.SH "EXIT CODES" +.IX Header "EXIT CODES" +.IP "0" 4 +The operation was completely successfully. +.IP "1" 4 +.IX Item "1" +An error occurred parsing the command options. +.IP "2" 4 +.IX Item "2" +One of the input files could not be read. +.IP "3" 4 +.IX Item "3" +An error occurred creating the PKCS#7 file or when reading the \s-1MIME\s0 +message. +.IP "4" 4 +.IX Item "4" +An error occurred decrypting or verifying the message. +.IP "5" 4 +.IX Item "5" +The message was verified correctly but an error occurred writing out +the signers certificates. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Create a cleartext signed message: +.PP +.Vb 2 +\& openssl smime \-sign \-in message.txt \-text \-out mail.msg \e +\& \-signer mycert.pem +.Ve +.PP +Create an opaque signed message: +.PP +.Vb 2 +\& openssl smime \-sign \-in message.txt \-text \-out mail.msg \-nodetach \e +\& \-signer mycert.pem +.Ve +.PP +Create a signed message, include some additional certificates and +read the private key from another file: +.PP +.Vb 2 +\& openssl smime \-sign \-in in.txt \-text \-out mail.msg \e +\& \-signer mycert.pem \-inkey mykey.pem \-certfile mycerts.pem +.Ve +.PP +Create a signed message with two signers: +.PP +.Vb 2 +\& openssl smime \-sign \-in message.txt \-text \-out mail.msg \e +\& \-signer mycert.pem \-signer othercert.pem +.Ve +.PP +Send a signed message under Unix directly to sendmail, including headers: +.PP +.Vb 3 +\& openssl smime \-sign \-in in.txt \-text \-signer mycert.pem \e +\& \-from steve@openssl.org \-to someone@somewhere \e +\& \-subject "Signed message" | sendmail someone@somewhere +.Ve +.PP +Verify a message and extract the signer's certificate if successful: +.PP +.Vb 1 +\& openssl smime \-verify \-in mail.msg \-signer user.pem \-out signedtext.txt +.Ve +.PP +Send encrypted mail using triple \s-1DES:\s0 +.PP +.Vb 3 +\& openssl smime \-encrypt \-in in.txt \-from steve@openssl.org \e +\& \-to someone@somewhere \-subject "Encrypted message" \e +\& \-des3 user.pem \-out mail.msg +.Ve +.PP +Sign and encrypt mail: +.PP +.Vb 4 +\& openssl smime \-sign \-in ml.txt \-signer my.pem \-text \e +\& | openssl smime \-encrypt \-out mail.msg \e +\& \-from steve@openssl.org \-to someone@somewhere \e +\& \-subject "Signed and Encrypted message" \-des3 user.pem +.Ve +.PP +Note: the encryption command does not include the \fB\-text\fR option because the +message being encrypted already has \s-1MIME\s0 headers. +.PP +Decrypt mail: +.PP +.Vb 1 +\& openssl smime \-decrypt \-in mail.msg \-recip mycert.pem \-inkey key.pem +.Ve +.PP +The output from Netscape form signing is a PKCS#7 structure with the +detached signature format. You can use this program to verify the +signature by line wrapping the base64 encoded structure and surrounding +it with: +.PP +.Vb 2 +\& \-\-\-\-\-BEGIN PKCS7\-\-\-\-\- +\& \-\-\-\-\-END PKCS7\-\-\-\-\- +.Ve +.PP +and using the command: +.PP +.Vb 1 +\& openssl smime \-verify \-inform PEM \-in signature.pem \-content content.txt +.Ve +.PP +Alternatively you can base64 decode the signature and use: +.PP +.Vb 1 +\& openssl smime \-verify \-inform DER \-in signature.der \-content content.txt +.Ve +.PP +Create an encrypted message using 128 bit Camellia: +.PP +.Vb 1 +\& openssl smime \-encrypt \-in plain.txt \-camellia128 \-out mail.msg cert.pem +.Ve +.PP +Add a signer to an existing message: +.PP +.Vb 1 +\& openssl smime \-resign \-in mail.msg \-signer newsign.pem \-out mail2.msg +.Ve +.SH "BUGS" +.IX Header "BUGS" +The \s-1MIME\s0 parser isn't very clever: it seems to handle most messages that I've +thrown at it but it may choke on others. +.PP +The code currently will only write out the signer's certificate to a file: if +the signer has a separate encryption certificate this must be manually +extracted. There should be some heuristic that determines the correct +encryption certificate. +.PP +Ideally a database should be maintained of a certificates for each email +address. +.PP +The code doesn't currently take note of the permitted symmetric encryption +algorithms as supplied in the SMIMECapabilities signed attribute. This means the +user has to manually include the correct encryption algorithm. It should store +the list of permitted ciphers in a database and only use those. +.PP +No revocation checking is done on the signer's certificate. +.PP +The current code can only handle S/MIME v2 messages, the more complex S/MIME v3 +structures may cause parsing errors. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIossl_store\-file\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The use of multiple \fB\-signer\fR options and the \fB\-resign\fR command were first +added in OpenSSL 1.0.0 +.PP +The \-no_alt_chains option was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man1/openssl-speed.1 b/linux_amd64/share/man/man1/openssl-speed.1 new file mode 100755 index 0000000..8cb3d66 --- /dev/null +++ b/linux_amd64/share/man/man1/openssl-speed.1 @@ -0,0 +1,227 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-SPEED 1" +.TH OPENSSL-SPEED 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-speed \- test library performance +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl speed\fR +[\fB\-help\fR] +[\fB\-elapsed\fR] +[\fB\-evp\fR \fIalgo\fR] +[\fB\-hmac\fR \fIalgo\fR] +[\fB\-cmac\fR \fIalgo\fR] +[\fB\-mb\fR] +[\fB\-aead\fR] +[\fB\-multi\fR \fInum\fR] +[\fB\-async_jobs\fR \fInum\fR] +[\fB\-misalign\fR \fInum\fR] +[\fB\-decrypt\fR] +[\fB\-primes\fR \fInum\fR] +[\fB\-seconds\fR \fInum\fR] +[\fB\-bytes\fR \fInum\fR] +[\fB\-mr\fR] +[\fB\-rand\fR \fIfiles\fR] +[\fB\-writerand\fR \fIfile\fR] +[\fB\-engine\fR \fIid\fR] +[\fIalgorithm\fR ...] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command is used to test the performance of cryptographic algorithms. +To see the list of supported algorithms, use \f(CW\*(C`openssl list \-digest\-commands\*(C'\fR +or \f(CW\*(C`openssl list \-cipher\-commands\*(C'\fR command. The global \s-1CSPRNG\s0 is denoted by +the \fBrand\fR algorithm name. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-elapsed\fR" 4 +.IX Item "-elapsed" +When calculating operations\- or bytes-per-second, use wall-clock time +instead of \s-1CPU\s0 user time as divisor. It can be useful when testing speed +of hardware engines. +.IP "\fB\-evp\fR \fIalgo\fR" 4 +.IX Item "-evp algo" +Use the specified cipher or message digest algorithm via the \s-1EVP\s0 interface. +If \fIalgo\fR is an \s-1AEAD\s0 cipher, then you can pass \fB\-aead\fR to benchmark a +TLS-like sequence. And if \fIalgo\fR is a multi-buffer capable cipher, e.g. +aes\-128\-cbc\-hmac\-sha1, then \fB\-mb\fR will time multi-buffer operation. +.IP "\fB\-multi\fR \fInum\fR" 4 +.IX Item "-multi num" +Run multiple operations in parallel. +.IP "\fB\-async_jobs\fR \fInum\fR" 4 +.IX Item "-async_jobs num" +Enable async mode and start specified number of jobs. +.IP "\fB\-misalign\fR \fInum\fR" 4 +.IX Item "-misalign num" +Misalign the buffers by the specified number of bytes. +.IP "\fB\-hmac\fR \fIdigest\fR" 4 +.IX Item "-hmac digest" +Time the \s-1HMAC\s0 algorithm using the specified message digest. +.IP "\fB\-cmac\fR \fIcipher\fR" 4 +.IX Item "-cmac cipher" +Time the \s-1CMAC\s0 algorithm using the specified cipher e.g. +\&\f(CW\*(C`openssl speed \-cmac aes128\*(C'\fR. +.IP "\fB\-decrypt\fR" 4 +.IX Item "-decrypt" +Time the decryption instead of encryption. Affects only the \s-1EVP\s0 testing. +.IP "\fB\-primes\fR \fInum\fR" 4 +.IX Item "-primes num" +Generate a \fInum\fR\-prime \s-1RSA\s0 key and use it to run the benchmarks. This option +is only effective if \s-1RSA\s0 algorithm is specified to test. +.IP "\fB\-seconds\fR \fInum\fR" 4 +.IX Item "-seconds num" +Run benchmarks for \fInum\fR seconds. +.IP "\fB\-bytes\fR \fInum\fR" 4 +.IX Item "-bytes num" +Run benchmarks on \fInum\fR\-byte buffers. Affects ciphers, digests and the \s-1CSPRNG\s0. +.IP "\fB\-mr\fR" 4 +.IX Item "-mr" +Produce the summary in a mechanical, machine-readable, format. +.IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 +.IX Item "-rand files, -writerand file" +See \*(L"Random State Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +See \*(L"Engine Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fIalgorithm\fR ..." 4 +.IX Item "algorithm ..." +If any \fIalgorithm\fR is given, then those algorithms are tested, otherwise a +pre-compiled grand selection is tested. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man1/openssl-spkac.1 b/linux_amd64/share/man/man1/openssl-spkac.1 new file mode 100755 index 0000000..f01af99 --- /dev/null +++ b/linux_amd64/share/man/man1/openssl-spkac.1 @@ -0,0 +1,263 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-SPKAC 1" +.TH OPENSSL-SPKAC 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-spkac \- SPKAC printing and generating utility +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBspkac\fR +[\fB\-help\fR] +[\fB\-in\fR \fIfilename\fR] +[\fB\-out\fR \fIfilename\fR] +[\fB\-key\fR \fIkeyfile\fR] +[\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1ENGINE\s0\fR] +[\fB\-passin\fR \fIarg\fR] +[\fB\-challenge\fR \fIstring\fR] +[\fB\-pubkey\fR] +[\fB\-spkac\fR \fIspkacname\fR] +[\fB\-spksect\fR \fIsection\fR] +[\fB\-noout\fR] +[\fB\-verify\fR] +[\fB\-engine\fR \fIid\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command processes Netscape signed public key and challenge +(\s-1SPKAC\s0) files. It can print out their contents, verify the signature and +produce its own SPKACs from a supplied private key. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-in\fR \fIfilename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read from or standard input if this +option is not specified. Ignored if the \fB\-key\fR option is used. +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +Specifies the output filename to write to or standard output by +default. +.IP "\fB\-key\fR \fIkeyfile\fR" 4 +.IX Item "-key keyfile" +Create an \s-1SPKAC\s0 file using the private key in \fIkeyfile\fR. The +\&\fB\-in\fR, \fB\-noout\fR, \fB\-spksect\fR and \fB\-verify\fR options are ignored if +present. +.IP "\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1ENGINE\s0\fR" 4 +.IX Item "-keyform DER|PEM|ENGINE" +The key format; the default is \fB\s-1PEM\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-passin\fR \fIarg\fR" 4 +.IX Item "-passin arg" +The input file password source. For more information about the format of \fIarg\fR +see \*(L"Pass Phrase Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-challenge\fR \fIstring\fR" 4 +.IX Item "-challenge string" +Specifies the challenge string if an \s-1SPKAC\s0 is being created. +.IP "\fB\-spkac\fR \fIspkacname\fR" 4 +.IX Item "-spkac spkacname" +Allows an alternative name form the variable containing the +\&\s-1SPKAC\s0. The default is \*(L"\s-1SPKAC\s0\*(R". This option affects both +generated and input \s-1SPKAC\s0 files. +.IP "\fB\-spksect\fR \fIsection\fR" 4 +.IX Item "-spksect section" +Allows an alternative name form the section containing the +\&\s-1SPKAC\s0. The default is the default section. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +Don't output the text version of the \s-1SPKAC\s0 (not used if an +\&\s-1SPKAC\s0 is being created). +.IP "\fB\-pubkey\fR" 4 +.IX Item "-pubkey" +Output the public key of an \s-1SPKAC\s0 (not used if an \s-1SPKAC\s0 is +being created). +.IP "\fB\-verify\fR" 4 +.IX Item "-verify" +Verifies the digital signature on the supplied \s-1SPKAC\s0. +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +See \*(L"Engine Options\*(R" in \fIopenssl\fR\|(1). +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Print out the contents of an \s-1SPKAC:\s0 +.PP +.Vb 1 +\& openssl spkac \-in spkac.cnf +.Ve +.PP +Verify the signature of an \s-1SPKAC:\s0 +.PP +.Vb 1 +\& openssl spkac \-in spkac.cnf \-noout \-verify +.Ve +.PP +Create an \s-1SPKAC\s0 using the challenge string \*(L"hello\*(R": +.PP +.Vb 1 +\& openssl spkac \-key key.pem \-challenge hello \-out spkac.cnf +.Ve +.PP +Example of an \s-1SPKAC\s0, (long lines split up for clarity): +.PP +.Vb 6 +\& SPKAC=MIG5MGUwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA\e +\& 1cCoq2Wa3Ixs47uI7FPVwHVIPDx5yso105Y6zpozam135a\e +\& 8R0CpoRvkkigIyXfcCjiVi5oWk+6FfPaD03uPFoQIDAQAB\e +\& FgVoZWxsbzANBgkqhkiG9w0BAQQFAANBAFpQtY/FojdwkJ\e +\& h1bEIYuc2EeM2KHTWPEepWYeawvHD0gQ3DngSC75YCWnnD\e +\& dq+NQ3F+X4deMx9AaEglZtULwV4= +.Ve +.SH "NOTES" +.IX Header "NOTES" +A created \s-1SPKAC\s0 with suitable \s-1DN\s0 components appended can be fed to +\&\fIopenssl\-ca\fR\|(1). +.PP +SPKACs are typically generated by Netscape when a form is submitted +containing the \fB\s-1KEYGEN\s0\fR tag as part of the certificate enrollment +process. +.PP +The challenge string permits a primitive form of proof of possession +of private key. By checking the \s-1SPKAC\s0 signature and a random challenge +string some guarantee is given that the user knows the private key +corresponding to the public key being certified. This is important in +some applications. Without this it is possible for a previous \s-1SPKAC\s0 +to be used in a \*(L"replay attack\*(R". +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIopenssl\-ca\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man1/openssl-srp.1 b/linux_amd64/share/man/man1/openssl-srp.1 new file mode 100755 index 0000000..2115f9d --- /dev/null +++ b/linux_amd64/share/man/man1/openssl-srp.1 @@ -0,0 +1,203 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-SRP 1" +.TH OPENSSL-SRP 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-srp \- maintain SRP password file +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl srp\fR +[\fB\-help\fR] +[\fB\-verbose\fR] +[\fB\-add\fR] +[\fB\-modify\fR] +[\fB\-delete\fR] +[\fB\-list\fR] +[\fB\-name\fR \fIsection\fR] +[\fB\-config\fR \fIfile\fR] +[\fB\-srpvfile\fR \fIfile\fR] +[\fB\-gn\fR \fIidentifier\fR] +[\fB\-userinfo\fR \fItext\fR] +[\fB\-passin\fR \fIarg\fR] +[\fB\-passout\fR \fIarg\fR] +[\fB\-engine\fR \fIid\fR] +[\fB\-rand\fR \fIfiles\fR] +[\fB\-writerand\fR \fIfile\fR] +[\fIuser\fR ...] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command is used to maintain an \s-1SRP\s0 (secure remote password) file. +At most one of the \fB\-add\fR, \fB\-modify\fR, \fB\-delete\fR, and \fB\-list\fR options +can be specified. +These options take zero or more usernames as parameters and perform the +appropriate operation on the \s-1SRP\s0 file. +For \fB\-list\fR, if no \fIuser\fR is given then all users are displayed. +.PP +The configuration file to use, and the section within the file, can be +specified with the \fB\-config\fR and \fB\-name\fR flags, respectively. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Display an option summary. +.IP "\fB\-verbose\fR" 4 +.IX Item "-verbose" +Generate verbose output while processing. +.IP "\fB\-srpvfile\fR \fIfile\fR" 4 +.IX Item "-srpvfile file" +If the config file is not specified, +\&\fB\-srpvfile\fR can be used to specify the file to operate on. +.IP "\fB\-gn\fR" 4 +.IX Item "-gn" +Specifies the \fBg\fR and \fBN\fR values, using one of +the strengths defined in \s-1IETF\s0 \s-1RFC\s0 5054. +.IP "\fB\-userinfo\fR" 4 +.IX Item "-userinfo" +specifies additional information to add when +adding or modifying a user. +.IP "\fB\-passin\fR \fIarg\fR, \fB\-passout\fR \fIarg\fR" 4 +.IX Item "-passin arg, -passout arg" +The password source for the input and output file. +For more information about the format of \fBarg\fR +see \*(L"Pass Phrase Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +See \*(L"Engine Options\*(R" in \fIopenssl\fR\|(1). +.Sp +[\fB\-rand\fR \fIfiles\fR] +[\fB\-writerand\fR \fIfile\fR] +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man1/openssl-storeutl.1 b/linux_amd64/share/man/man1/openssl-storeutl.1 new file mode 100755 index 0000000..1190a3a --- /dev/null +++ b/linux_amd64/share/man/man1/openssl-storeutl.1 @@ -0,0 +1,237 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-STOREUTL 1" +.TH OPENSSL-STOREUTL 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-storeutl \- STORE utility +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBstoreutl\fR +[\fB\-help\fR] +[\fB\-out\fR \fIfile\fR] +[\fB\-noout\fR] +[\fB\-passin\fR \fIarg\fR] +[\fB\-text\fR \fIarg\fR] +[\fB\-r\fR] +[\fB\-certs\fR] +[\fB\-keys\fR] +[\fB\-crls\fR] +[\fB\-subject\fR \fIarg\fR] +[\fB\-issuer\fR \fIarg\fR] +[\fB\-serial\fR \fIarg\fR] +[\fB\-alias\fR \fIarg\fR] +[\fB\-fingerprint\fR \fIarg\fR] +[\fB\-\f(BIdigest\fB\fR] +[\fB\-engine\fR \fIid\fR] +\&\fIuri\fR ... +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command can be used to display the contents (after +decryption as the case may be) fetched from the given URIs. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +specifies the output filename to write to or standard output by +default. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +this option prevents output of the \s-1PEM\s0 data. +.IP "\fB\-passin\fR \fIarg\fR" 4 +.IX Item "-passin arg" +the key password source. For more information about the format of \fIarg\fR +see \*(L"Pass Phrase Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-text\fR" 4 +.IX Item "-text" +Prints out the objects in text form, similarly to the \fB\-text\fR output from +\&\fIopenssl\-x509\fR\|(1), \fIopenssl\-pkey\fR\|(1), etc. +.IP "\fB\-r\fR" 4 +.IX Item "-r" +Fetch objects recursively when possible. +.IP "\fB\-certs\fR" 4 +.IX Item "-certs" +.PD 0 +.IP "\fB\-keys\fR" 4 +.IX Item "-keys" +.IP "\fB\-crls\fR" 4 +.IX Item "-crls" +.PD +Only select the certificates, keys or CRLs from the given \s-1URI\s0. +However, if this \s-1URI\s0 would return a set of names (URIs), those are always +returned. +.IP "\fB\-subject\fR \fIarg\fR" 4 +.IX Item "-subject arg" +Search for an object having the subject name \fIarg\fR. +The arg must be formatted as \f(CW\*(C`/type0=value0/type1=value1/type2=...\*(C'\fR. +Keyword characters may be escaped by \e (backslash), and whitespace is retained. +Empty values are permitted but are ignored for the search. That is, +a search with an empty value will have the same effect as not specifying +the type at all. +.IP "\fB\-issuer\fR \fIarg\fR" 4 +.IX Item "-issuer arg" +.PD 0 +.IP "\fB\-serial\fR \fIarg\fR" 4 +.IX Item "-serial arg" +.PD +Search for an object having the given issuer name and serial number. +These two options \fImust\fR be used together. +The issuer arg must be formatted as \f(CW\*(C`/type0=value0/type1=value1/type2=...\*(C'\fR, +characters may be escaped by \e (backslash), no spaces are skipped. +The serial arg may be specified as a decimal value or a hex value if preceded +by \f(CW\*(C`0x\*(C'\fR. +.IP "\fB\-alias\fR \fIarg\fR" 4 +.IX Item "-alias arg" +Search for an object having the given alias. +.IP "\fB\-fingerprint\fR \fIarg\fR" 4 +.IX Item "-fingerprint arg" +Search for an object having the given fingerprint. +.IP "\fB\-\f(BIdigest\fB\fR" 4 +.IX Item "-digest" +The digest that was used to compute the fingerprint given with \fB\-fingerprint\fR. +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +See \*(L"Engine Options\*(R" in \fIopenssl\fR\|(1). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1) +.SH "HISTORY" +.IX Header "HISTORY" +This command was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man1/openssl-ts.1 b/linux_amd64/share/man/man1/openssl-ts.1 new file mode 100755 index 0000000..755eeee --- /dev/null +++ b/linux_amd64/share/man/man1/openssl-ts.1 @@ -0,0 +1,719 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-TS 1" +.TH OPENSSL-TS 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-ts \- Time Stamping Authority tool (client/server) +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBts\fR +\&\fB\-help\fR +.PP +\&\fBopenssl\fR \fBts\fR +\&\fB\-query\fR +[\fB\-config\fR \fIconfigfile\fR] +[\fB\-data\fR \fIfile_to_hash\fR] +[\fB\-digest\fR \fIdigest_bytes\fR] +[\fB\-\f(BIdigest\fB\fR] +[\fB\-tspolicy\fR \fIobject_id\fR] +[\fB\-no_nonce\fR] +[\fB\-cert\fR] +[\fB\-in\fR \fIrequest.tsq\fR] +[\fB\-out\fR \fIrequest.tsq\fR] +[\fB\-text\fR] +[\fB\-rand\fR \fIfiles\fR] +[\fB\-writerand\fR \fIfile\fR] +.PP +\&\fBopenssl\fR \fBts\fR +\&\fB\-reply\fR +[\fB\-config\fR \fIconfigfile\fR] +[\fB\-section\fR \fItsa_section\fR] +[\fB\-queryfile\fR \fIrequest.tsq\fR] +[\fB\-passin\fR \fIpassword_src\fR] +[\fB\-signer\fR \fItsa_cert.pem\fR] +[\fB\-inkey\fR \fIfile_or_id\fR] +[\fB\-\f(BIdigest\fB\fR] +[\fB\-chain\fR \fIcerts_file.pem\fR] +[\fB\-tspolicy\fR \fIobject_id\fR] +[\fB\-in\fR \fIresponse.tsr\fR] +[\fB\-untrusted\fR \fIfile\fR] +[\fB\-token_in\fR] +[\fB\-out\fR \fIresponse.tsr\fR] +[\fB\-token_out\fR] +[\fB\-text\fR] +[\fB\-engine\fR \fIid\fR] +.PP +\&\fBopenssl\fR \fBts\fR +\&\fB\-verify\fR +[\fB\-data\fR \fIfile_to_hash\fR] +[\fB\-digest\fR \fIdigest_bytes\fR] +[\fB\-queryfile\fR \fIrequest.tsq\fR] +[\fB\-in\fR \fIresponse.tsr\fR] +[\fB\-token_in\fR] +[\fB\-CAfile\fR \fIfile\fR] +[\fB\-CApath\fR \fIdir\fR] +[\fB\-CAstore\fR \fIuri\fR] +[\fB\-allow_proxy_certs\fR] +[\fB\-attime\fR \fItimestamp\fR] +[\fB\-no_check_time\fR] +[\fB\-check_ss_sig\fR] +[\fB\-crl_check\fR] +[\fB\-crl_check_all\fR] +[\fB\-explicit_policy\fR] +[\fB\-extended_crl\fR] +[\fB\-ignore_critical\fR] +[\fB\-inhibit_any\fR] +[\fB\-inhibit_map\fR] +[\fB\-partial_chain\fR] +[\fB\-policy\fR \fIarg\fR] +[\fB\-policy_check\fR] +[\fB\-policy_print\fR] +[\fB\-purpose\fR \fIpurpose\fR] +[\fB\-suiteB_128\fR] +[\fB\-suiteB_128_only\fR] +[\fB\-suiteB_192\fR] +[\fB\-trusted_first\fR] +[\fB\-no_alt_chains\fR] +[\fB\-use_deltas\fR] +[\fB\-auth_level\fR \fInum\fR] +[\fB\-verify_depth\fR \fInum\fR] +[\fB\-verify_email\fR \fIemail\fR] +[\fB\-verify_hostname\fR \fIhostname\fR] +[\fB\-verify_ip\fR \fIip\fR] +[\fB\-verify_name\fR \fIname\fR] +[\fB\-x509_strict\fR] +[\fB\-issuer_checks\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command is a basic Time Stamping Authority (\s-1TSA\s0) client and +server application as specified in \s-1RFC\s0 3161 (Time-Stamp Protocol, \s-1TSP\s0). A +\&\s-1TSA\s0 can be part of a \s-1PKI\s0 deployment and its role is to provide long +term proof of the existence of a certain datum before a particular +time. Here is a brief description of the protocol: +.IP "1." 4 +The \s-1TSA\s0 client computes a one-way hash value for a data file and sends +the hash to the \s-1TSA\s0. +.IP "2." 4 +The \s-1TSA\s0 attaches the current date and time to the received hash value, +signs them and sends the timestamp token back to the client. By +creating this token the \s-1TSA\s0 certifies the existence of the original +data file at the time of response generation. +.IP "3." 4 +The \s-1TSA\s0 client receives the timestamp token and verifies the +signature on it. It also checks if the token contains the same hash +value that it had sent to the \s-1TSA\s0. +.PP +There is one \s-1DER\s0 encoded protocol data unit defined for transporting a time +stamp request to the \s-1TSA\s0 and one for sending the timestamp response +back to the client. This command has three main functions: +creating a timestamp request based on a data file, +creating a timestamp response based on a request, verifying if a +response corresponds to a particular request or a data file. +.PP +There is no support for sending the requests/responses automatically +over \s-1HTTP\s0 or \s-1TCP\s0 yet as suggested in \s-1RFC\s0 3161. The users must send the +requests either by ftp or e\-mail. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.SS "Timestamp Request generation" +.IX Subsection "Timestamp Request generation" +The \fB\-query\fR switch can be used for creating and printing a timestamp +request with the following options: +.IP "\fB\-config\fR \fIconfigfile\fR" 4 +.IX Item "-config configfile" +The configuration file to use. +Optional; for a description of the default value, +see \*(L"\s-1COMMAND\s0 \s-1SUMMARY\s0\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-data\fR \fIfile_to_hash\fR" 4 +.IX Item "-data file_to_hash" +The data file for which the timestamp request needs to be +created. stdin is the default if neither the \fB\-data\fR nor the \fB\-digest\fR +parameter is specified. (Optional) +.IP "\fB\-digest\fR \fIdigest_bytes\fR" 4 +.IX Item "-digest digest_bytes" +It is possible to specify the message imprint explicitly without the data +file. The imprint must be specified in a hexadecimal format, two characters +per byte, the bytes optionally separated by colons (e.g. 1A:F6:01:... or +1AF601...). The number of bytes must match the message digest algorithm +in use. (Optional) +.IP "\fB\-\f(BIdigest\fB\fR" 4 +.IX Item "-digest" +The message digest to apply to the data file. +Any digest supported by the \fIopenssl\-dgst\fR\|(1) command can be used. +The default is \s-1SHA\-256\s0. (Optional) +.IP "\fB\-tspolicy\fR \fIobject_id\fR" 4 +.IX Item "-tspolicy object_id" +The policy that the client expects the \s-1TSA\s0 to use for creating the +timestamp token. Either the dotted \s-1OID\s0 notation or \s-1OID\s0 names defined +in the config file can be used. If no policy is requested the \s-1TSA\s0 will +use its own default policy. (Optional) +.IP "\fB\-no_nonce\fR" 4 +.IX Item "-no_nonce" +No nonce is specified in the request if this option is +given. Otherwise a 64 bit long pseudo-random none is +included in the request. It is recommended to use nonce to +protect against replay-attacks. (Optional) +.IP "\fB\-cert\fR" 4 +.IX Item "-cert" +The \s-1TSA\s0 is expected to include its signing certificate in the +response. (Optional) +.IP "\fB\-in\fR \fIrequest.tsq\fR" 4 +.IX Item "-in request.tsq" +This option specifies a previously created timestamp request in \s-1DER\s0 +format that will be printed into the output file. Useful when you need +to examine the content of a request in human-readable +format. (Optional) +.IP "\fB\-out\fR \fIrequest.tsq\fR" 4 +.IX Item "-out request.tsq" +Name of the output file to which the request will be written. Default +is stdout. (Optional) +.IP "\fB\-text\fR" 4 +.IX Item "-text" +If this option is specified the output is human-readable text format +instead of \s-1DER\s0. (Optional) +.IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 +.IX Item "-rand files, -writerand file" +See \*(L"Random State Options\*(R" in \fIopenssl\fR\|(1) for details. +.SS "Timestamp Response generation" +.IX Subsection "Timestamp Response generation" +A timestamp response (TimeStampResp) consists of a response status +and the timestamp token itself (ContentInfo), if the token generation was +successful. The \fB\-reply\fR command is for creating a timestamp +response or timestamp token based on a request and printing the +response/token in human-readable format. If \fB\-token_out\fR is not +specified the output is always a timestamp response (TimeStampResp), +otherwise it is a timestamp token (ContentInfo). +.IP "\fB\-config\fR \fIconfigfile\fR" 4 +.IX Item "-config configfile" +The configuration file to use. +Optional; for a description of the default value, +see \*(L"\s-1COMMAND\s0 \s-1SUMMARY\s0\*(R" in \fIopenssl\fR\|(1). +See \*(L"\s-1CONFIGURATION\s0 \s-1FILE\s0 \s-1OPTIONS\s0\*(R" for configurable variables. +.IP "\fB\-section\fR \fItsa_section\fR" 4 +.IX Item "-section tsa_section" +The name of the config file section containing the settings for the +response generation. If not specified the default \s-1TSA\s0 section is +used, see \*(L"\s-1CONFIGURATION\s0 \s-1FILE\s0 \s-1OPTIONS\s0\*(R" for details. (Optional) +.IP "\fB\-queryfile\fR \fIrequest.tsq\fR" 4 +.IX Item "-queryfile request.tsq" +The name of the file containing a \s-1DER\s0 encoded timestamp request. (Optional) +.IP "\fB\-passin\fR \fIpassword_src\fR" 4 +.IX Item "-passin password_src" +Specifies the password source for the private key of the \s-1TSA\s0. See +description in \fIopenssl\fR\|(1). (Optional) +.IP "\fB\-signer\fR \fItsa_cert.pem\fR" 4 +.IX Item "-signer tsa_cert.pem" +The signer certificate of the \s-1TSA\s0 in \s-1PEM\s0 format. The \s-1TSA\s0 signing +certificate must have exactly one extended key usage assigned to it: +timeStamping. The extended key usage must also be critical, otherwise +the certificate is going to be refused. Overrides the \fBsigner_cert\fR +variable of the config file. (Optional) +.IP "\fB\-inkey\fR \fIfile_or_id\fR" 4 +.IX Item "-inkey file_or_id" +The signer private key of the \s-1TSA\s0 in \s-1PEM\s0 format. Overrides the +\&\fBsigner_key\fR config file option. (Optional) +If no engine is used, the argument is taken as a file; if an engine is +specified, the argument is given to the engine as a key identifier. +.IP "\fB\-\f(BIdigest\fB\fR" 4 +.IX Item "-digest" +Signing digest to use. Overrides the \fBsigner_digest\fR config file +option. (Mandatory unless specified in the config file) +.IP "\fB\-chain\fR \fIcerts_file.pem\fR" 4 +.IX Item "-chain certs_file.pem" +The collection of certificates in \s-1PEM\s0 format that will all +be included in the response in addition to the signer certificate if +the \fB\-cert\fR option was used for the request. This file is supposed to +contain the certificate chain for the signer certificate from its +issuer upwards. The \fB\-reply\fR command does not build a certificate +chain automatically. (Optional) +.IP "\fB\-tspolicy\fR \fIobject_id\fR" 4 +.IX Item "-tspolicy object_id" +The default policy to use for the response unless the client +explicitly requires a particular \s-1TSA\s0 policy. The \s-1OID\s0 can be specified +either in dotted notation or with its name. Overrides the +\&\fBdefault_policy\fR config file option. (Optional) +.IP "\fB\-in\fR \fIresponse.tsr\fR" 4 +.IX Item "-in response.tsr" +Specifies a previously created timestamp response or timestamp token +(if \fB\-token_in\fR is also specified) in \s-1DER\s0 format that will be written +to the output file. This option does not require a request, it is +useful e.g. when you need to examine the content of a response or +token or you want to extract the timestamp token from a response. If +the input is a token and the output is a timestamp response a default +\&'granted' status info is added to the token. (Optional) +.IP "\fB\-token_in\fR" 4 +.IX Item "-token_in" +This flag can be used together with the \fB\-in\fR option and indicates +that the input is a \s-1DER\s0 encoded timestamp token (ContentInfo) instead +of a timestamp response (TimeStampResp). (Optional) +.IP "\fB\-out\fR \fIresponse.tsr\fR" 4 +.IX Item "-out response.tsr" +The response is written to this file. The format and content of the +file depends on other options (see \fB\-text\fR, \fB\-token_out\fR). The default is +stdout. (Optional) +.IP "\fB\-token_out\fR" 4 +.IX Item "-token_out" +The output is a timestamp token (ContentInfo) instead of timestamp +response (TimeStampResp). (Optional) +.IP "\fB\-text\fR" 4 +.IX Item "-text" +If this option is specified the output is human-readable text format +instead of \s-1DER\s0. (Optional) +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +See \*(L"Engine Options\*(R" in \fIopenssl\fR\|(1). +.SS "Timestamp Response verification" +.IX Subsection "Timestamp Response verification" +The \fB\-verify\fR command is for verifying if a timestamp response or time +stamp token is valid and matches a particular timestamp request or +data file. The \fB\-verify\fR command does not use the configuration file. +.IP "\fB\-data\fR \fIfile_to_hash\fR" 4 +.IX Item "-data file_to_hash" +The response or token must be verified against file_to_hash. The file +is hashed with the message digest algorithm specified in the token. +The \fB\-digest\fR and \fB\-queryfile\fR options must not be specified with this one. +(Optional) +.IP "\fB\-digest\fR \fIdigest_bytes\fR" 4 +.IX Item "-digest digest_bytes" +The response or token must be verified against the message digest specified +with this option. The number of bytes must match the message digest algorithm +specified in the token. The \fB\-data\fR and \fB\-queryfile\fR options must not be +specified with this one. (Optional) +.IP "\fB\-queryfile\fR \fIrequest.tsq\fR" 4 +.IX Item "-queryfile request.tsq" +The original timestamp request in \s-1DER\s0 format. The \fB\-data\fR and \fB\-digest\fR +options must not be specified with this one. (Optional) +.IP "\fB\-in\fR \fIresponse.tsr\fR" 4 +.IX Item "-in response.tsr" +The timestamp response that needs to be verified in \s-1DER\s0 format. (Mandatory) +.IP "\fB\-token_in\fR" 4 +.IX Item "-token_in" +This flag can be used together with the \fB\-in\fR option and indicates +that the input is a \s-1DER\s0 encoded timestamp token (ContentInfo) instead +of a timestamp response (TimeStampResp). (Optional) +.IP "\fB\-untrusted\fR \fIcert_file.pem\fR" 4 +.IX Item "-untrusted cert_file.pem" +Set of additional untrusted certificates in \s-1PEM\s0 format which may be +needed when building the certificate chain for the \s-1TSA\s0's signing +certificate. This file must contain the \s-1TSA\s0 signing certificate and +all intermediate \s-1CA\s0 certificates unless the response includes them. +(Optional) +.IP "\fB\-CAfile\fR \fIfile\fR, \fB\-CApath\fR \fIdir\fR, \fB\-CAstore\fR \fIuri\fR" 4 +.IX Item "-CAfile file, -CApath dir, -CAstore uri" +See \*(L"Trusted Certificate Options\*(R" in \fIopenssl\fR\|(1) for details. +At least one of \fB\-CApath\fR, \fB\-CAfile\fR or \fB\-CAstore\fR must be specified. +.IP "\fB\-allow_proxy_certs\fR, \fB\-attime\fR, \fB\-no_check_time\fR, \fB\-check_ss_sig\fR, \fB\-crl_check\fR, \fB\-crl_check_all\fR, \fB\-explicit_policy\fR, \fB\-extended_crl\fR, \fB\-ignore_critical\fR, \fB\-inhibit_any\fR, \fB\-inhibit_map\fR, \fB\-no_alt_chains\fR, \fB\-partial_chain\fR, \fB\-policy\fR, \fB\-policy_check\fR, \fB\-policy_print\fR, \fB\-purpose\fR, \fB\-suiteB_128\fR, \fB\-suiteB_128_only\fR, \fB\-suiteB_192\fR, \fB\-trusted_first\fR, \fB\-use_deltas\fR, \fB\-auth_level\fR, \fB\-verify_depth\fR, \fB\-verify_email\fR, \fB\-verify_hostname\fR, \fB\-verify_ip\fR, \fB\-verify_name\fR, \fB\-x509_strict\fR \fB\-issuer_checks\fR" 4 +.IX Item "-allow_proxy_certs, -attime, -no_check_time, -check_ss_sig, -crl_check, -crl_check_all, -explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, -inhibit_map, -no_alt_chains, -partial_chain, -policy, -policy_check, -policy_print, -purpose, -suiteB_128, -suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, -auth_level, -verify_depth, -verify_email, -verify_hostname, -verify_ip, -verify_name, -x509_strict -issuer_checks" +Set various options of certificate chain verification. +See \*(L"Verification Options\*(R" in \fIopenssl\fR\|(1) for details. +.Sp +Any verification errors cause the command to exit. +.SH "CONFIGURATION FILE OPTIONS" +.IX Header "CONFIGURATION FILE OPTIONS" +The \fB\-query\fR and \fB\-reply\fR commands make use of a configuration file. +See \fIconfig\fR\|(5) +for a general description of the syntax of the config file. The +\&\fB\-query\fR command uses only the symbolic \s-1OID\s0 names section +and it can work without it. However, the \fB\-reply\fR command needs the +config file for its operation. +.PP +When there is a command line switch equivalent of a variable the +switch always overrides the settings in the config file. +.IP "\fBtsa\fR section, \fBdefault_tsa\fR" 4 +.IX Item "tsa section, default_tsa" +This is the main section and it specifies the name of another section +that contains all the options for the \fB\-reply\fR command. This default +section can be overridden with the \fB\-section\fR command line switch. (Optional) +.IP "\fBoid_file\fR" 4 +.IX Item "oid_file" +This specifies a file containing additional \fB\s-1OBJECT\s0 \s-1IDENTIFIERS\s0\fR. +Each line of the file should consist of the numerical form of the +object identifier followed by white space then the short name followed +by white space and finally the long name. (Optional) +.IP "\fBoid_section\fR" 4 +.IX Item "oid_section" +This specifies a section in the configuration file containing extra +object identifiers. Each line should consist of the short name of the +object identifier followed by \fB=\fR and the numerical form. The short +and long names are the same when this option is used. (Optional) +.IP "\fB\s-1RANDFILE\s0\fR" 4 +.IX Item "RANDFILE" +At startup the specified file is loaded into the random number generator, +and at exit 256 bytes will be written to it. (Note: Using a \s-1RANDFILE\s0 is +not necessary anymore, see the \*(L"\s-1HISTORY\s0\*(R" section. +.IP "\fBserial\fR" 4 +.IX Item "serial" +The name of the file containing the hexadecimal serial number of the +last timestamp response created. This number is incremented by 1 for +each response. If the file does not exist at the time of response +generation a new file is created with serial number 1. (Mandatory) +.IP "\fBcrypto_device\fR" 4 +.IX Item "crypto_device" +Specifies the OpenSSL engine that will be set as the default for +all available algorithms. The default value is built-in, you can specify +any other engines supported by OpenSSL (e.g. use chil for the NCipher \s-1HSM\s0). +(Optional) +.IP "\fBsigner_cert\fR" 4 +.IX Item "signer_cert" +\&\s-1TSA\s0 signing certificate in \s-1PEM\s0 format. The same as the \fB\-signer\fR +command line option. (Optional) +.IP "\fBcerts\fR" 4 +.IX Item "certs" +A file containing a set of \s-1PEM\s0 encoded certificates that need to be +included in the response. The same as the \fB\-chain\fR command line +option. (Optional) +.IP "\fBsigner_key\fR" 4 +.IX Item "signer_key" +The private key of the \s-1TSA\s0 in \s-1PEM\s0 format. The same as the \fB\-inkey\fR +command line option. (Optional) +.IP "\fBsigner_digest\fR" 4 +.IX Item "signer_digest" +Signing digest to use. The same as the +\&\fB\-\f(BIdigest\fB\fR command line option. (Mandatory unless specified on the command +line) +.IP "\fBdefault_policy\fR" 4 +.IX Item "default_policy" +The default policy to use when the request does not mandate any +policy. The same as the \fB\-tspolicy\fR command line option. (Optional) +.IP "\fBother_policies\fR" 4 +.IX Item "other_policies" +Comma separated list of policies that are also acceptable by the \s-1TSA\s0 +and used only if the request explicitly specifies one of them. (Optional) +.IP "\fBdigests\fR" 4 +.IX Item "digests" +The list of message digest algorithms that the \s-1TSA\s0 accepts. At least +one algorithm must be specified. (Mandatory) +.IP "\fBaccuracy\fR" 4 +.IX Item "accuracy" +The accuracy of the time source of the \s-1TSA\s0 in seconds, milliseconds +and microseconds. E.g. secs:1, millisecs:500, microsecs:100. If any of +the components is missing zero is assumed for that field. (Optional) +.IP "\fBclock_precision_digits\fR" 4 +.IX Item "clock_precision_digits" +Specifies the maximum number of digits, which represent the fraction of +seconds, that need to be included in the time field. The trailing zeros +must be removed from the time, so there might actually be fewer digits, +or no fraction of seconds at all. Supported only on \s-1UNIX\s0 platforms. +The maximum value is 6, default is 0. +(Optional) +.IP "\fBordering\fR" 4 +.IX Item "ordering" +If this option is yes the responses generated by this \s-1TSA\s0 can always +be ordered, even if the time difference between two responses is less +than the sum of their accuracies. Default is no. (Optional) +.IP "\fBtsa_name\fR" 4 +.IX Item "tsa_name" +Set this option to yes if the subject name of the \s-1TSA\s0 must be included in +the \s-1TSA\s0 name field of the response. Default is no. (Optional) +.IP "\fBess_cert_id_chain\fR" 4 +.IX Item "ess_cert_id_chain" +The SignedData objects created by the \s-1TSA\s0 always contain the +certificate identifier of the signing certificate in a signed +attribute (see \s-1RFC\s0 2634, Enhanced Security Services). If this option +is set to yes and either the \fBcerts\fR variable or the \fB\-chain\fR option +is specified then the certificate identifiers of the chain will also +be included in the SigningCertificate signed attribute. If this +variable is set to no, only the signing certificate identifier is +included. Default is no. (Optional) +.IP "\fBess_cert_id_alg\fR" 4 +.IX Item "ess_cert_id_alg" +This option specifies the hash function to be used to calculate the \s-1TSA\s0's +public key certificate identifier. Default is sha256. (Optional) +.SH "EXAMPLES" +.IX Header "EXAMPLES" +All the examples below presume that \fB\s-1OPENSSL_CONF\s0\fR is set to a proper +configuration file, e.g. the example configuration file +\&\fIopenssl/apps/openssl.cnf\fR will do. +.SS "Timestamp Request" +.IX Subsection "Timestamp Request" +To create a timestamp request for \fIdesign1.txt\fR with \s-1SHA\-256\s0 digest, +without nonce and policy, and without requirement for a certificate +in the response: +.PP +.Vb 2 +\& openssl ts \-query \-data design1.txt \-no_nonce \e +\& \-out design1.tsq +.Ve +.PP +To create a similar timestamp request with specifying the message imprint +explicitly: +.PP +.Vb 2 +\& openssl ts \-query \-digest b7e5d3f93198b38379852f2c04e78d73abdd0f4b \e +\& \-no_nonce \-out design1.tsq +.Ve +.PP +To print the content of the previous request in human readable format: +.PP +.Vb 1 +\& openssl ts \-query \-in design1.tsq \-text +.Ve +.PP +To create a timestamp request which includes the \s-1SHA\-512\s0 digest +of \fIdesign2.txt\fR, requests the signer certificate and nonce, and +specifies a policy id (assuming the tsa_policy1 name is defined in the +\&\s-1OID\s0 section of the config file): +.PP +.Vb 2 +\& openssl ts \-query \-data design2.txt \-sha512 \e +\& \-tspolicy tsa_policy1 \-cert \-out design2.tsq +.Ve +.SS "Timestamp Response" +.IX Subsection "Timestamp Response" +Before generating a response a signing certificate must be created for +the \s-1TSA\s0 that contains the \fBtimeStamping\fR critical extended key usage extension +without any other key usage extensions. You can add this line to the +user certificate section of the config file to generate a proper certificate; +.PP +.Vb 1 +\& extendedKeyUsage = critical,timeStamping +.Ve +.PP +See \fIopenssl\-req\fR\|(1), \fIopenssl\-ca\fR\|(1), and \fIopenssl\-x509\fR\|(1) for +instructions. The examples below assume that \fIcacert.pem\fR contains the +certificate of the \s-1CA\s0, \fItsacert.pem\fR is the signing certificate issued +by \fIcacert.pem\fR and \fItsakey.pem\fR is the private key of the \s-1TSA\s0. +.PP +To create a timestamp response for a request: +.PP +.Vb 2 +\& openssl ts \-reply \-queryfile design1.tsq \-inkey tsakey.pem \e +\& \-signer tsacert.pem \-out design1.tsr +.Ve +.PP +If you want to use the settings in the config file you could just write: +.PP +.Vb 1 +\& openssl ts \-reply \-queryfile design1.tsq \-out design1.tsr +.Ve +.PP +To print a timestamp reply to stdout in human readable format: +.PP +.Vb 1 +\& openssl ts \-reply \-in design1.tsr \-text +.Ve +.PP +To create a timestamp token instead of timestamp response: +.PP +.Vb 1 +\& openssl ts \-reply \-queryfile design1.tsq \-out design1_token.der \-token_out +.Ve +.PP +To print a timestamp token to stdout in human readable format: +.PP +.Vb 1 +\& openssl ts \-reply \-in design1_token.der \-token_in \-text \-token_out +.Ve +.PP +To extract the timestamp token from a response: +.PP +.Vb 1 +\& openssl ts \-reply \-in design1.tsr \-out design1_token.der \-token_out +.Ve +.PP +To add 'granted' status info to a timestamp token thereby creating a +valid response: +.PP +.Vb 1 +\& openssl ts \-reply \-in design1_token.der \-token_in \-out design1.tsr +.Ve +.SS "Timestamp Verification" +.IX Subsection "Timestamp Verification" +To verify a timestamp reply against a request: +.PP +.Vb 2 +\& openssl ts \-verify \-queryfile design1.tsq \-in design1.tsr \e +\& \-CAfile cacert.pem \-untrusted tsacert.pem +.Ve +.PP +To verify a timestamp reply that includes the certificate chain: +.PP +.Vb 2 +\& openssl ts \-verify \-queryfile design2.tsq \-in design2.tsr \e +\& \-CAfile cacert.pem +.Ve +.PP +To verify a timestamp token against the original data file: + openssl ts \-verify \-data design2.txt \-in design2.tsr \e + \-CAfile cacert.pem +.PP +To verify a timestamp token against a message imprint: + openssl ts \-verify \-digest b7e5d3f93198b38379852f2c04e78d73abdd0f4b \e + \-in design2.tsr \-CAfile cacert.pem +.PP +You could also look at the 'test' directory for more examples. +.SH "BUGS" +.IX Header "BUGS" +.IP "\(bu" 2 +No support for timestamps over \s-1SMTP\s0, though it is quite easy +to implement an automatic e\-mail based \s-1TSA\s0 with \fIprocmail\fR\|(1) +and \fIperl\fR\|(1). \s-1HTTP\s0 server support is provided in the form of +a separate apache module. \s-1HTTP\s0 client support is provided by +\&\fItsget\fR\|(1). Pure \s-1TCP/IP\s0 protocol is not supported. +.IP "\(bu" 2 +The file containing the last serial number of the \s-1TSA\s0 is not +locked when being read or written. This is a problem if more than one +instance of \fIopenssl\fR\|(1) is trying to create a timestamp +response at the same time. This is not an issue when using the apache +server module, it does proper locking. +.IP "\(bu" 2 +Look for the \s-1FIXME\s0 word in the source files. +.IP "\(bu" 2 +The source code should really be reviewed by somebody else, too. +.IP "\(bu" 2 +More testing is needed, I have done only some basic tests (see +test/testtsa). +.SH "HISTORY" +.IX Header "HISTORY" +OpenSSL 1.1.1 introduced a new random generator (\s-1CSPRNG\s0) with an improved +seeding mechanism. The new seeding mechanism makes it unnecessary to +define a \s-1RANDFILE\s0 for saving and restoring randomness. This option is +retained mainly for compatibility reasons. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fItsget\fR\|(1), +\&\fIopenssl\-req\fR\|(1), +\&\fIopenssl\-x509\fR\|(1), +\&\fIopenssl\-ca\fR\|(1), +\&\fIopenssl\-genrsa\fR\|(1), +\&\fIconfig\fR\|(5), +\&\fIossl_store\-file\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man1/openssl-verify.1 b/linux_amd64/share/man/man1/openssl-verify.1 new file mode 100755 index 0000000..74fa28a --- /dev/null +++ b/linux_amd64/share/man/man1/openssl-verify.1 @@ -0,0 +1,313 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-VERIFY 1" +.TH OPENSSL-VERIFY 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-verify \- Utility to verify certificates +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBverify\fR +[\fB\-help\fR] +[\fB\-CRLfile\fR \fIfile\fR] +[\fB\-crl_download\fR] +[\fB\-show_chain\fR] +[\fB\-sm2\-id\fR \fIhexstring\fR] +[\fB\-sm2\-hex\-id\fR \fIhexstring\fR] +[\fB\-verbose\fR] +[\fB\-trusted\fR \fIfile\fR] +[\fB\-untrusted\fR \fIfile\fR] +[\fB\-nameopt\fR \fIoption\fR] +[\fB\-CAfile\fR \fIfile\fR] +[\fB\-no\-CAfile\fR] +[\fB\-CApath\fR \fIdir\fR] +[\fB\-no\-CApath\fR] +[\fB\-CAstore\fR \fIuri\fR] +[\fB\-no\-CAstore\fR] +[\fB\-engine\fR \fIid\fR] +[\fB\-allow_proxy_certs\fR] +[\fB\-attime\fR \fItimestamp\fR] +[\fB\-no_check_time\fR] +[\fB\-check_ss_sig\fR] +[\fB\-crl_check\fR] +[\fB\-crl_check_all\fR] +[\fB\-explicit_policy\fR] +[\fB\-extended_crl\fR] +[\fB\-ignore_critical\fR] +[\fB\-inhibit_any\fR] +[\fB\-inhibit_map\fR] +[\fB\-partial_chain\fR] +[\fB\-policy\fR \fIarg\fR] +[\fB\-policy_check\fR] +[\fB\-policy_print\fR] +[\fB\-purpose\fR \fIpurpose\fR] +[\fB\-suiteB_128\fR] +[\fB\-suiteB_128_only\fR] +[\fB\-suiteB_192\fR] +[\fB\-trusted_first\fR] +[\fB\-no_alt_chains\fR] +[\fB\-use_deltas\fR] +[\fB\-auth_level\fR \fInum\fR] +[\fB\-verify_depth\fR \fInum\fR] +[\fB\-verify_email\fR \fIemail\fR] +[\fB\-verify_hostname\fR \fIhostname\fR] +[\fB\-verify_ip\fR \fIip\fR] +[\fB\-verify_name\fR \fIname\fR] +[\fB\-x509_strict\fR] +[\fB\-issuer_checks\fR] +.PP +[\fB\-\-\fR] +[\fIcertificate\fR ...] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command verifies certificate chains. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-CAfile\fR \fIfile\fR, \fB\-no\-CAfile\fR, \fB\-CApath\fR \fIdir\fR, \fB\-no\-CApath\fR" 4 +.IX Item "-CAfile file, -no-CAfile, -CApath dir, -no-CApath" +See \*(L"Trusted Certificate Options\*(R" in \fIopenssl\fR\|(1) for more information. +.IP "\fB\-CRLfile\fR \fIfile\fR" 4 +.IX Item "-CRLfile file" +The \fIfile\fR should contain one or more CRLs in \s-1PEM\s0 format. +This option can be specified more than once to include CRLs from multiple +\&\fIfile\fRs. +.IP "\fB\-crl_download\fR" 4 +.IX Item "-crl_download" +Attempt to download \s-1CRL\s0 information for this certificate. +.IP "\fB\-show_chain\fR" 4 +.IX Item "-show_chain" +Display information about the certificate chain that has been built (if +successful). Certificates in the chain that came from the untrusted list will be +flagged as \*(L"untrusted\*(R". +.IP "\fB\-sm2\-id\fR \fIhexstring\fR" 4 +.IX Item "-sm2-id hexstring" +Specify the \s-1ID\s0 string to use when verifying an \s-1SM2\s0 certificate. The \s-1ID\s0 string is +required by the \s-1SM2\s0 signature algorithm for signing and verification. +.IP "\fB\-sm2\-hex\-id\fR \fIhexstring\fR" 4 +.IX Item "-sm2-hex-id hexstring" +Specify a binary \s-1ID\s0 string to use when signing or verifying using an \s-1SM2\s0 +certificate. The argument for this option is string of hexadecimal digits. +.IP "\fB\-verbose\fR" 4 +.IX Item "-verbose" +Print extra information about the operations being performed. +.IP "\fB\-trusted\fR \fIfile\fR" 4 +.IX Item "-trusted file" +A file of trusted certificates. +.IP "\fB\-untrusted\fR \fIfile\fR" 4 +.IX Item "-untrusted file" +A file of untrusted certificates. +.IP "\fB\-nameopt\fR \fIoption\fR" 4 +.IX Item "-nameopt option" +This specifies how the subject or issuer names are displayed. +See \*(L"Name Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +See \*(L"Engine Options\*(R" in \fIopenssl\fR\|(1). +To load certificates or CRLs that require engine support, specify the +\&\fB\-engine\fR option before any of the +\&\fB\-trusted\fR, \fB\-untrusted\fR or \fB\-CRLfile\fR options. +.IP "\fB\-CAfile\fR \fIfile\fR, \fB\-no\-CAfile\fR, \fB\-CApath\fR \fIdir\fR, \fB\-no\-CApath\fR, \fB\-CAstore\fR \fIuri\fR, \fB\-no\-CAstore\fR" 4 +.IX Item "-CAfile file, -no-CAfile, -CApath dir, -no-CApath, -CAstore uri, -no-CAstore" +See \*(L"Trusted Certificate Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-allow_proxy_certs\fR, \fB\-attime\fR, \fB\-no_check_time\fR, \fB\-check_ss_sig\fR, \fB\-crl_check\fR, \fB\-crl_check_all\fR, \fB\-explicit_policy\fR, \fB\-extended_crl\fR, \fB\-ignore_critical\fR, \fB\-inhibit_any\fR, \fB\-inhibit_map\fR, \fB\-no_alt_chains\fR, \fB\-partial_chain\fR, \fB\-policy\fR, \fB\-policy_check\fR, \fB\-policy_print\fR, \fB\-purpose\fR, \fB\-suiteB_128\fR, \fB\-suiteB_128_only\fR, \fB\-suiteB_192\fR, \fB\-trusted_first\fR, \fB\-use_deltas\fR, \fB\-auth_level\fR, \fB\-verify_depth\fR, \fB\-verify_email\fR, \fB\-verify_hostname\fR, \fB\-verify_ip\fR, \fB\-verify_name\fR, \fB\-x509_strict\fR \fB\-issuer_checks\fR" 4 +.IX Item "-allow_proxy_certs, -attime, -no_check_time, -check_ss_sig, -crl_check, -crl_check_all, -explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, -inhibit_map, -no_alt_chains, -partial_chain, -policy, -policy_check, -policy_print, -purpose, -suiteB_128, -suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, -auth_level, -verify_depth, -verify_email, -verify_hostname, -verify_ip, -verify_name, -x509_strict -issuer_checks" +Set various options of certificate chain verification. +See \*(L"Verification Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-\-\fR" 4 +.IX Item "--" +Indicates the last option. All arguments following this are assumed to be +certificate files. This is useful if the first certificate filename begins +with a \fB\-\fR. +.IP "\fIcertificate\fR ..." 4 +.IX Item "certificate ..." +One or more certificates to verify. If no certificates are given, +this command will attempt to read a certificate from standard input. +Certificates must be in \s-1PEM\s0 format. +If a certificate chain has multiple problems, this program tries to +display all of them. +.SH "DIAGNOSTICS" +.IX Header "DIAGNOSTICS" +When a verify operation fails the output messages can be somewhat cryptic. The +general form of the error message is: +.PP +.Vb 2 +\& server.pem: /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit) +\& error 24 at 1 depth lookup:invalid CA certificate +.Ve +.PP +The first line contains the name of the certificate being verified followed by +the subject name of the certificate. The second line contains the error number +and the depth. The depth is number of the certificate being verified when a +problem was detected starting with zero for the certificate being verified itself +then 1 for the \s-1CA\s0 that signed the certificate and so on. Finally a text version +of the error number is presented. +.PP +A list of the error codes and messages can be found in +\&\fIX509_STORE_CTX_get_error\fR\|(3); the full list is defined in the header file +\&\fI\fR. +.PP +This command ignores many errors, in order to allow all the problems with a +certificate chain to be determined. +.SH "BUGS" +.IX Header "BUGS" +Although the issuer checks are a considerable improvement over the old +technique they still suffer from limitations in the underlying X509_LOOKUP +\&\s-1API\s0. One consequence of this is that trusted certificates with matching +subject name must either appear in a file (as specified by the \fB\-CAfile\fR +option), a directory (as specified by \fB\-CApath\fR), or a store (as specified +by \fB\-CAstore\fR). If they occur in more than one location then only the +certificates in the file will be recognised. +.PP +Previous versions of OpenSSL assume certificates with matching subject +name are identical and mishandled them. +.PP +Previous versions of this documentation swapped the meaning of the +\&\fBX509_V_ERR_UNABLE_TO_GET_ISSUER_CERT\fR and +\&\fBX509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY\fR error codes. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIopenssl\-x509\fR\|(1), +\&\fIossl_store\-file\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \fB\-show_chain\fR option was added in OpenSSL 1.1.0. +.PP +The \fB\-sm2\-id\fR and \fB\-sm2\-hex\-id\fR options were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man1/openssl-version.1 b/linux_amd64/share/man/man1/openssl-version.1 new file mode 100755 index 0000000..c047a4a --- /dev/null +++ b/linux_amd64/share/man/man1/openssl-version.1 @@ -0,0 +1,201 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-VERSION 1" +.TH OPENSSL-VERSION 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-version \- print OpenSSL version information +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl version\fR +[\fB\-help\fR] +[\fB\-a\fR] +[\fB\-v\fR] +[\fB\-b\fR] +[\fB\-o\fR] +[\fB\-f\fR] +[\fB\-p\fR] +[\fB\-d\fR] +[\fB\-e\fR] +[\fB\-m\fR] +[\fB\-r\fR] +[\fB\-c\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command is used to print out version information about OpenSSL. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-a\fR" 4 +.IX Item "-a" +All information, this is the same as setting all the other flags. +.IP "\fB\-v\fR" 4 +.IX Item "-v" +The current OpenSSL version. +.IP "\fB\-b\fR" 4 +.IX Item "-b" +The date the current version of OpenSSL was built. +.IP "\fB\-o\fR" 4 +.IX Item "-o" +Option information: various options set when the library was built. +.IP "\fB\-f\fR" 4 +.IX Item "-f" +Compilation flags. +.IP "\fB\-p\fR" 4 +.IX Item "-p" +Platform setting. +.IP "\fB\-d\fR" 4 +.IX Item "-d" +\&\s-1OPENSSLDIR\s0 setting. +.IP "\fB\-e\fR" 4 +.IX Item "-e" +\&\s-1ENGINESDIR\s0 settings. +.IP "\fB\-m\fR" 4 +.IX Item "-m" +\&\s-1MODULESDIR\s0 settings. +.IP "\fB\-r\fR" 4 +.IX Item "-r" +The random number generator source settings. +.IP "\fB\-c\fR" 4 +.IX Item "-c" +The OpenSSL \s-1CPU\s0 settings info. +.SH "NOTES" +.IX Header "NOTES" +The output of \f(CW\*(C`openssl version \-a\*(C'\fR would typically be used when sending +in a bug report. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man1/openssl-x509.1 b/linux_amd64/share/man/man1/openssl-x509.1 new file mode 100755 index 0000000..3d879c8 --- /dev/null +++ b/linux_amd64/share/man/man1/openssl-x509.1 @@ -0,0 +1,848 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-X509 1" +.TH OPENSSL-X509 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-x509 \- Certificate display and signing utility +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBx509\fR +[\fB\-help\fR] +[\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1ENGINE\s0\fR] +[\fB\-CAform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-CAkeyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1ENGINE\s0\fR] +[\fB\-in\fR \fIfilename\fR] +[\fB\-out\fR \fIfilename\fR] +[\fB\-serial\fR] +[\fB\-hash\fR] +[\fB\-subject_hash\fR] +[\fB\-subject_hash_old\fR] +[\fB\-issuer_hash\fR] +[\fB\-issuer_hash_old\fR] +[\fB\-ocspid\fR] +[\fB\-subject\fR] +[\fB\-issuer\fR] +[\fB\-email\fR] +[\fB\-ocsp_uri\fR] +[\fB\-startdate\fR] +[\fB\-enddate\fR] +[\fB\-purpose\fR] +[\fB\-dates\fR] +[\fB\-checkend\fR \fInum\fR] +[\fB\-modulus\fR] +[\fB\-pubkey\fR] +[\fB\-fingerprint\fR] +[\fB\-alias\fR] +[\fB\-noout\fR] +[\fB\-trustout\fR] +[\fB\-clrtrust\fR] +[\fB\-clrreject\fR] +[\fB\-addtrust\fR \fIarg\fR] +[\fB\-addreject\fR \fIarg\fR] +[\fB\-setalias\fR \fIarg\fR] +[\fB\-days\fR \fIarg\fR] +[\fB\-set_serial\fR \fIn\fR] +[\fB\-signkey\fR \fIarg\fR] +[\fB\-badsig\fR] +[\fB\-passin\fR \fIarg\fR] +[\fB\-x509toreq\fR] +[\fB\-req\fR] +[\fB\-CA\fR \fIfilename\fR] +[\fB\-CAkey\fR \fIfilename\fR] +[\fB\-CAcreateserial\fR] +[\fB\-CAserial\fR \fIfilename\fR] +[\fB\-new\fR] +[\fB\-next_serial\fR] +[\fB\-nocert\fR] +[\fB\-force_pubkey\fR \fIfilename\fR] +[\fB\-subj\fR \fIarg\fR] +[\fB\-text\fR] +[\fB\-ext\fR \fIextensions\fR] +[\fB\-certopt\fR \fIoption\fR] +[\fB\-checkhost\fR \fIhost\fR] +[\fB\-checkemail\fR \fIhost\fR] +[\fB\-checkip\fR \fIipaddr\fR] +[\fB\-C\fR] +[\fB\-\f(BIdigest\fB\fR] +[\fB\-clrext\fR] +[\fB\-extfile\fR \fIfilename\fR] +[\fB\-extensions\fR \fIsection\fR] +[\fB\-sigopt\fR \fInm\fR:\fIv\fR] +[\fB\-preserve_dates\fR] +[\fB\-nameopt\fR \fIoption\fR] +[\fB\-rand\fR \fIfiles\fR] +[\fB\-writerand\fR \fIfile\fR] +[\fB\-engine\fR \fIid\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command is a multi purpose certificate utility. It can +be used to display certificate information, convert certificates to +various forms, sign certificate requests like a \*(L"mini \s-1CA\s0\*(R" or edit +certificate trust settings. +.PP +Since there are a large number of options they will split up into +various sections. +.SH "OPTIONS" +.IX Header "OPTIONS" +.SS "Input, Output, and General Purpose Options" +.IX Subsection "Input, Output, and General Purpose Options" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR, \fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IX Item "-inform DER|PEM, -outform DER|PEM" +The input and formats; the default is \fB\s-1PEM\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.Sp +The input is normally an X.509 certificate, but this can change if other +options such as \fB\-req\fR are used. +.IP "\fB\-in\fR \fIfilename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read a certificate from or standard input +if this option is not specified. +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +This specifies the output filename to write to or standard output by +default. +.IP "\fB\-\f(BIdigest\fB\fR" 4 +.IX Item "-digest" +The digest to use. +This affects any signing or display option that uses a message +digest, such as the \fB\-fingerprint\fR, \fB\-signkey\fR and \fB\-CA\fR options. +Any digest supported by the \fIopenssl\-dgst\fR\|(1) command can be used. +If not specified then \s-1SHA1\s0 is used with \fB\-fingerprint\fR or +the default digest for the signing algorithm is used, typically \s-1SHA256\s0. +.IP "\fB\-preserve_dates\fR" 4 +.IX Item "-preserve_dates" +When signing a certificate, preserve the \*(L"notBefore\*(R" and \*(L"notAfter\*(R" dates +instead of adjusting them to current time and duration. +Cannot be used with the \fB\-days\fR option. +.Sp +[\fB\-rand\fR \fIfiles\fR] +[\fB\-writerand\fR \fIfile\fR] +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +See \*(L"Engine Options\*(R" in \fIopenssl\fR\|(1). +.SS "Display Options" +.IX Subsection "Display Options" +Note: the \fB\-alias\fR and \fB\-purpose\fR options are also display options +but are described in the \*(L"Trust Settings\*(R" section. +.IP "\fB\-text\fR" 4 +.IX Item "-text" +Prints out the certificate in text form. Full details are output including the +public key, signature algorithms, issuer and subject names, serial number +any extensions present and any trust settings. +.IP "\fB\-ext\fR \fIextensions\fR" 4 +.IX Item "-ext extensions" +Prints out the certificate extensions in text form. Extensions are specified +with a comma separated string, e.g., \*(L"subjectAltName,subjectKeyIdentifier\*(R". +See the \fIx509v3_config\fR\|(5) manual page for the extension names. +.IP "\fB\-certopt\fR \fIoption\fR" 4 +.IX Item "-certopt option" +Customise the output format used with \fB\-text\fR. The \fIoption\fR argument +can be a single option or multiple options separated by commas. The +\&\fB\-certopt\fR switch may be also be used more than once to set multiple +options. See the \*(L"Text Options\*(R" section for more information. +.IP "\fB\-checkhost\fR \fIhost\fR" 4 +.IX Item "-checkhost host" +Check that the certificate matches the specified host. +.IP "\fB\-checkemail\fR \fIemail\fR" 4 +.IX Item "-checkemail email" +Check that the certificate matches the specified email address. +.IP "\fB\-checkip\fR \fIipaddr\fR" 4 +.IX Item "-checkip ipaddr" +Check that the certificate matches the specified \s-1IP\s0 address. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +This option prevents output of the encoded version of the certificate. +.IP "\fB\-pubkey\fR" 4 +.IX Item "-pubkey" +Outputs the certificate's SubjectPublicKeyInfo block in \s-1PEM\s0 format. +.IP "\fB\-modulus\fR" 4 +.IX Item "-modulus" +This option prints out the value of the modulus of the public key +contained in the certificate. +.IP "\fB\-serial\fR" 4 +.IX Item "-serial" +Outputs the certificate serial number. +.IP "\fB\-subject_hash\fR" 4 +.IX Item "-subject_hash" +Outputs the \*(L"hash\*(R" of the certificate subject name. This is used in OpenSSL to +form an index to allow certificates in a directory to be looked up by subject +name. +.IP "\fB\-issuer_hash\fR" 4 +.IX Item "-issuer_hash" +Outputs the \*(L"hash\*(R" of the certificate issuer name. +.IP "\fB\-ocspid\fR" 4 +.IX Item "-ocspid" +Outputs the \s-1OCSP\s0 hash values for the subject name and public key. +.IP "\fB\-hash\fR" 4 +.IX Item "-hash" +Synonym for \*(L"\-subject_hash\*(R" for backward compatibility reasons. +.IP "\fB\-subject_hash_old\fR" 4 +.IX Item "-subject_hash_old" +Outputs the \*(L"hash\*(R" of the certificate subject name using the older algorithm +as used by OpenSSL before version 1.0.0. +.IP "\fB\-issuer_hash_old\fR" 4 +.IX Item "-issuer_hash_old" +Outputs the \*(L"hash\*(R" of the certificate issuer name using the older algorithm +as used by OpenSSL before version 1.0.0. +.IP "\fB\-subject\fR" 4 +.IX Item "-subject" +Outputs the subject name. +.IP "\fB\-issuer\fR" 4 +.IX Item "-issuer" +Outputs the issuer name. +.IP "\fB\-nameopt\fR \fIoption\fR" 4 +.IX Item "-nameopt option" +This specifies how the subject or issuer names are displayed. +See \*(L"Name Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-email\fR" 4 +.IX Item "-email" +Outputs the email address(es) if any. +.IP "\fB\-ocsp_uri\fR" 4 +.IX Item "-ocsp_uri" +Outputs the \s-1OCSP\s0 responder address(es) if any. +.IP "\fB\-startdate\fR" 4 +.IX Item "-startdate" +Prints out the start date of the certificate, that is the notBefore date. +.IP "\fB\-enddate\fR" 4 +.IX Item "-enddate" +Prints out the expiry date of the certificate, that is the notAfter date. +.IP "\fB\-dates\fR" 4 +.IX Item "-dates" +Prints out the start and expiry dates of a certificate. +.IP "\fB\-checkend\fR \fIarg\fR" 4 +.IX Item "-checkend arg" +Checks if the certificate expires within the next \fIarg\fR seconds and exits +nonzero if yes it will expire or zero if not. +.IP "\fB\-fingerprint\fR" 4 +.IX Item "-fingerprint" +Calculates and outputs the digest of the \s-1DER\s0 encoded version of the entire +certificate (see digest options). +This is commonly called a \*(L"fingerprint\*(R". Because of the nature of message +digests, the fingerprint of a certificate is unique to that certificate and +two certificates with the same fingerprint can be considered to be the same. +.IP "\fB\-C\fR" 4 +.IX Item "-C" +This outputs the certificate in the form of a C source file. +.SS "Trust Settings" +.IX Subsection "Trust Settings" +A \fBtrusted certificate\fR is an ordinary certificate which has several +additional pieces of information attached to it such as the permitted +and prohibited uses of the certificate and an \*(L"alias\*(R". +.PP +Normally when a certificate is being verified at least one certificate +must be \*(L"trusted\*(R". By default a trusted certificate must be stored +locally and must be a root \s-1CA:\s0 any certificate chain ending in this \s-1CA\s0 +is then usable for any purpose. +.PP +Trust settings currently are only used with a root \s-1CA\s0. They allow a finer +control over the purposes the root \s-1CA\s0 can be used for. For example a \s-1CA\s0 +may be trusted for \s-1SSL\s0 client but not \s-1SSL\s0 server use. +.PP +See the description in \fIopenssl\-verify\fR\|(1) for more information +on the meaning of trust settings. +.PP +Future versions of OpenSSL will recognize trust settings on any +certificate: not just root CAs. +.IP "\fB\-trustout\fR" 4 +.IX Item "-trustout" +Output a \fBtrusted\fR certificate rather than an ordinary. An ordinary +or trusted certificate can be input but by default an ordinary +certificate is output and any trust settings are discarded. With the +\&\fB\-trustout\fR option a trusted certificate is output. A trusted +certificate is automatically output if any trust settings are modified. +.IP "\fB\-setalias\fR \fIarg\fR" 4 +.IX Item "-setalias arg" +Sets the alias of the certificate. This will allow the certificate +to be referred to using a nickname for example \*(L"Steve's Certificate\*(R". +.IP "\fB\-alias\fR" 4 +.IX Item "-alias" +Outputs the certificate alias, if any. +.IP "\fB\-clrtrust\fR" 4 +.IX Item "-clrtrust" +Clears all the permitted or trusted uses of the certificate. +.IP "\fB\-clrreject\fR" 4 +.IX Item "-clrreject" +Clears all the prohibited or rejected uses of the certificate. +.IP "\fB\-addtrust\fR \fIarg\fR" 4 +.IX Item "-addtrust arg" +Adds a trusted certificate use. +Any object name can be used here but currently only \fBclientAuth\fR (\s-1SSL\s0 client +use), \fBserverAuth\fR (\s-1SSL\s0 server use), \fBemailProtection\fR (S/MIME email) and +\&\fBanyExtendedKeyUsage\fR are used. +As of OpenSSL 1.1.0, the last of these blocks all purposes when rejected or +enables all purposes when trusted. +Other OpenSSL applications may define additional uses. +.IP "\fB\-addreject\fR \fIarg\fR" 4 +.IX Item "-addreject arg" +Adds a prohibited use. It accepts the same values as the \fB\-addtrust\fR +option. +.IP "\fB\-purpose\fR" 4 +.IX Item "-purpose" +This option performs tests on the certificate extensions and outputs +the results. For a more complete description see the +\&\*(L"\s-1CERTIFICATE\s0 \s-1EXTENSIONS\s0\*(R" section. +.SS "Signing Options" +.IX Subsection "Signing Options" +This command can be used to sign certificates and requests: it +can thus behave like a \*(L"mini \s-1CA\s0\*(R". +.IP "\fB\-signkey\fR \fIarg\fR" 4 +.IX Item "-signkey arg" +This option causes the input file to be self signed using the supplied +private key or engine. The private key's format is specified with the +\&\fB\-keyform\fR option. +.Sp +It sets the issuer name to the subject name (i.e., makes it self-issued) +and changes the public key to the supplied value (unless overridden by +\&\fB\-force_pubkey\fR). It sets the validity start date to the current time +and the end date to a value determined by the \fB\-days\fR option. +It retains any certificate extensions unless the \fB\-clrext\fR option is supplied; +this includes, for example, any existing key identifier extensions. +.IP "\fB\-badsig\fR" 4 +.IX Item "-badsig" +Corrupt the signature before writing it; this can be useful +for testing. +.IP "\fB\-sigopt\fR \fInm\fR:\fIv\fR" 4 +.IX Item "-sigopt nm:v" +Pass options to the signature algorithm during sign or verify operations. +Names and values of these options are algorithm-specific. +.IP "\fB\-passin\fR \fIarg\fR" 4 +.IX Item "-passin arg" +The key password source. For more information about the format of \fIarg\fR +see \*(L"Pass Phrase Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-clrext\fR" 4 +.IX Item "-clrext" +Delete any extensions from a certificate. This option is used when a +certificate is being created from another certificate (for example with +the \fB\-signkey\fR or the \fB\-CA\fR options). Normally all extensions are +retained. +.IP "\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1ENGINE\s0\fR" 4 +.IX Item "-keyform DER|PEM|ENGINE" +The key format; the default is \fB\s-1PEM\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-CAform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR, \fB\-CAkeyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1ENGINE\s0\fR" 4 +.IX Item "-CAform DER|PEM, -CAkeyform DER|PEM|ENGINE" +The format for the \s-1CA\s0 certificate and key; the default is \fB\s-1PEM\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-days\fR \fIarg\fR" 4 +.IX Item "-days arg" +Specifies the number of days to make a certificate valid for. The default +is 30 days. Cannot be used with the \fB\-preserve_dates\fR option. +.IP "\fB\-x509toreq\fR" 4 +.IX Item "-x509toreq" +Converts a certificate into a certificate request. The \fB\-signkey\fR option +is used to pass the required private key. +.IP "\fB\-req\fR" 4 +.IX Item "-req" +By default a certificate is expected on input. With this option a +certificate request is expected instead. +.IP "\fB\-set_serial\fR \fIn\fR" 4 +.IX Item "-set_serial n" +Specifies the serial number to use. This option can be used with either +the \fB\-signkey\fR or \fB\-CA\fR options. If used in conjunction with the \fB\-CA\fR +option the serial number file (as specified by the \fB\-CAserial\fR or +\&\fB\-CAcreateserial\fR options) is not used. +.Sp +The serial number can be decimal or hex (if preceded by \f(CW\*(C`0x\*(C'\fR). +.IP "\fB\-CA\fR \fIfilename\fR" 4 +.IX Item "-CA filename" +Specifies the \s-1CA\s0 certificate to be used for signing. When this option is +present, this command behaves like a \*(L"mini \s-1CA\s0\*(R". The input file is signed by +this \s-1CA\s0 using this option: that is its issuer name is set to the subject name +of the \s-1CA\s0 and it is digitally signed using the CAs private key. +.Sp +This option is normally combined with the \fB\-req\fR option. Without the +\&\fB\-req\fR option the input is a certificate which must be self signed. +.IP "\fB\-CAkey\fR \fIfilename\fR" 4 +.IX Item "-CAkey filename" +Sets the \s-1CA\s0 private key to sign a certificate with. If this option is +not specified then it is assumed that the \s-1CA\s0 private key is present in +the \s-1CA\s0 certificate file. +.IP "\fB\-CAserial\fR \fIfilename\fR" 4 +.IX Item "-CAserial filename" +Sets the \s-1CA\s0 serial number file to use. +.Sp +When the \fB\-CA\fR option is used to sign a certificate it uses a serial +number specified in a file. This file consists of one line containing +an even number of hex digits with the serial number to use. After each +use the serial number is incremented and written out to the file again. +.Sp +The default filename consists of the \s-1CA\s0 certificate file base name with +\&\fI.srl\fR appended. For example if the \s-1CA\s0 certificate file is called +\&\fImycacert.pem\fR it expects to find a serial number file called +\&\fImycacert.srl\fR. +.IP "\fB\-CAcreateserial\fR" 4 +.IX Item "-CAcreateserial" +With this option the \s-1CA\s0 serial number file is created if it does not exist: +it will contain the serial number \*(L"02\*(R" and the certificate being signed will +have the 1 as its serial number. If the \fB\-CA\fR option is specified +and the serial number file does not exist a random number is generated; +this is the recommended practice. +.IP "\fB\-extfile\fR \fIfilename\fR" 4 +.IX Item "-extfile filename" +File containing certificate extensions to use. If not specified then +no extensions are added to the certificate. +.IP "\fB\-extensions\fR \fIsection\fR" 4 +.IX Item "-extensions section" +The section to add certificate extensions from. If this option is not +specified then the extensions should either be contained in the unnamed +(default) section or the default section should contain a variable called +\&\*(L"extensions\*(R" which contains the section to use. See the +\&\fIx509v3_config\fR\|(5) manual page for details of the +extension section format. +.IP "\fB\-new\fR" 4 +.IX Item "-new" +Generate a certificate from scratch, not using an input certificate +or certificate request. So the \fB\-in\fR option must not be used in this case. +Instead, the \fB\-subj\fR and <\-force_pubkey> options need to be given. +.IP "\fB\-next_serial\fR" 4 +.IX Item "-next_serial" +Set the serial to be one more than the number in the certificate. +.IP "\fB\-nocert\fR" 4 +.IX Item "-nocert" +Do not generate or output a certificate. +.IP "\fB\-force_pubkey\fR \fIfilename\fR" 4 +.IX Item "-force_pubkey filename" +When a certificate is created set its public key to the key in \fIfilename\fR +instead of the key contained in the input or given with the \fB\-signkey\fR option. +.Sp +This option is useful for creating self-issued certificates that are not +self-signed, for instance when the key cannot be used for signing, such as \s-1DH\s0. +It can also be used in conjunction with b<\-new> and \fB\-subj\fR to directly +generate a certificate containing any desired public key. +.Sp +The format of the key file can be specified using the \fB\-keyform\fR option. +.IP "\fB\-subj\fR \fIarg\fR" 4 +.IX Item "-subj arg" +When a certificate is created set its subject name to the given value. +The arg must be formatted as \f(CW\*(C`/type0=value0/type1=value1/type2=...\*(C'\fR. +Keyword characters may be escaped by \e (backslash), and whitespace is retained. +Empty values are permitted, but the corresponding type will not be included +in the certificate. Giving a single \f(CW\*(C`/\*(C'\fR will lead to an empty sequence of RDNs +(a \s-1NULL\s0 subject \s-1DN\s0). +.Sp +Unless the \fB\-CA\fR option is given the issuer is set to the same value. +.Sp +This option can be used in conjunction with the \fB\-force_pubkey\fR option +to create a certificate even without providing an input certificate +or certificate request. +.SS "Text Options" +.IX Subsection "Text Options" +As well as customising the name output format, it is also possible to +customise the actual fields printed using the \fBcertopt\fR options when +the \fBtext\fR option is present. The default behaviour is to print all fields. +.IP "\fBcompatible\fR" 4 +.IX Item "compatible" +Use the old format. This is equivalent to specifying no output options at all. +.IP "\fBno_header\fR" 4 +.IX Item "no_header" +Don't print header information: that is the lines saying \*(L"Certificate\*(R" +and \*(L"Data\*(R". +.IP "\fBno_version\fR" 4 +.IX Item "no_version" +Don't print out the version number. +.IP "\fBno_serial\fR" 4 +.IX Item "no_serial" +Don't print out the serial number. +.IP "\fBno_signame\fR" 4 +.IX Item "no_signame" +Don't print out the signature algorithm used. +.IP "\fBno_validity\fR" 4 +.IX Item "no_validity" +Don't print the validity, that is the \fBnotBefore\fR and \fBnotAfter\fR fields. +.IP "\fBno_subject\fR" 4 +.IX Item "no_subject" +Don't print out the subject name. +.IP "\fBno_issuer\fR" 4 +.IX Item "no_issuer" +Don't print out the issuer name. +.IP "\fBno_pubkey\fR" 4 +.IX Item "no_pubkey" +Don't print out the public key. +.IP "\fBno_sigdump\fR" 4 +.IX Item "no_sigdump" +Don't give a hexadecimal dump of the certificate signature. +.IP "\fBno_aux\fR" 4 +.IX Item "no_aux" +Don't print out certificate trust information. +.IP "\fBno_extensions\fR" 4 +.IX Item "no_extensions" +Don't print out any X509V3 extensions. +.IP "\fBext_default\fR" 4 +.IX Item "ext_default" +Retain default extension behaviour: attempt to print out unsupported +certificate extensions. +.IP "\fBext_error\fR" 4 +.IX Item "ext_error" +Print an error message for unsupported certificate extensions. +.IP "\fBext_parse\fR" 4 +.IX Item "ext_parse" +\&\s-1ASN1\s0 parse unsupported extensions. +.IP "\fBext_dump\fR" 4 +.IX Item "ext_dump" +Hex dump unsupported extensions. +.IP "\fBca_default\fR" 4 +.IX Item "ca_default" +The value used by \fIopenssl\-ca\fR\|(1), equivalent to \fBno_issuer\fR, \fBno_pubkey\fR, +\&\fBno_header\fR, and \fBno_version\fR. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Note: in these examples the '\e' means the example should be all on one +line. +.PP +Display the contents of a certificate: +.PP +.Vb 1 +\& openssl x509 \-in cert.pem \-noout \-text +.Ve +.PP +Display the \*(L"Subject Alternative Name\*(R" extension of a certificate: +.PP +.Vb 1 +\& openssl x509 \-in cert.pem \-noout \-ext subjectAltName +.Ve +.PP +Display more extensions of a certificate: +.PP +.Vb 1 +\& openssl x509 \-in cert.pem \-noout \-ext subjectAltName,nsCertType +.Ve +.PP +Display the certificate serial number: +.PP +.Vb 1 +\& openssl x509 \-in cert.pem \-noout \-serial +.Ve +.PP +Display the certificate subject name: +.PP +.Vb 1 +\& openssl x509 \-in cert.pem \-noout \-subject +.Ve +.PP +Display the certificate subject name in \s-1RFC2253\s0 form: +.PP +.Vb 1 +\& openssl x509 \-in cert.pem \-noout \-subject \-nameopt RFC2253 +.Ve +.PP +Display the certificate subject name in oneline form on a terminal +supporting \s-1UTF8:\s0 +.PP +.Vb 1 +\& openssl x509 \-in cert.pem \-noout \-subject \-nameopt oneline,\-esc_msb +.Ve +.PP +Display the certificate \s-1SHA1\s0 fingerprint: +.PP +.Vb 1 +\& openssl x509 \-sha1 \-in cert.pem \-noout \-fingerprint +.Ve +.PP +Convert a certificate from \s-1PEM\s0 to \s-1DER\s0 format: +.PP +.Vb 1 +\& openssl x509 \-in cert.pem \-inform PEM \-out cert.der \-outform DER +.Ve +.PP +Convert a certificate to a certificate request: +.PP +.Vb 1 +\& openssl x509 \-x509toreq \-in cert.pem \-out req.pem \-signkey key.pem +.Ve +.PP +Convert a certificate request into a self signed certificate using +extensions for a \s-1CA:\s0 +.PP +.Vb 2 +\& openssl x509 \-req \-in careq.pem \-extfile openssl.cnf \-extensions v3_ca \e +\& \-signkey key.pem \-out cacert.pem +.Ve +.PP +Sign a certificate request using the \s-1CA\s0 certificate above and add user +certificate extensions: +.PP +.Vb 2 +\& openssl x509 \-req \-in req.pem \-extfile openssl.cnf \-extensions v3_usr \e +\& \-CA cacert.pem \-CAkey key.pem \-CAcreateserial +.Ve +.PP +Set a certificate to be trusted for \s-1SSL\s0 client use and change set its alias to +\&\*(L"Steve's Class 1 \s-1CA\s0\*(R" +.PP +.Vb 2 +\& openssl x509 \-in cert.pem \-addtrust clientAuth \e +\& \-setalias "Steve\*(Aqs Class 1 CA" \-out trust.pem +.Ve +.SH "NOTES" +.IX Header "NOTES" +The conversion to \s-1UTF8\s0 format used with the name options assumes that +T61Strings use the \s-1ISO8859\-1\s0 character set. This is wrong but Netscape +and \s-1MSIE\s0 do this as do many certificates. So although this is incorrect +it is more likely to display the majority of certificates correctly. +.PP +The \fB\-email\fR option searches the subject name and the subject alternative +name extension. Only unique email addresses will be printed out: it will +not print the same address more than once. +.SH "CERTIFICATE EXTENSIONS" +.IX Header "CERTIFICATE EXTENSIONS" +The \fB\-purpose\fR option checks the certificate extensions and determines +what the certificate can be used for. The actual checks done are rather +complex and include various hacks and workarounds to handle broken +certificates and software. +.PP +The same code is used when verifying untrusted certificates in chains +so this section is useful if a chain is rejected by the verify code. +.PP +The basicConstraints extension \s-1CA\s0 flag is used to determine whether the +certificate can be used as a \s-1CA\s0. If the \s-1CA\s0 flag is true then it is a \s-1CA\s0, +if the \s-1CA\s0 flag is false then it is not a \s-1CA\s0. \fBAll\fR CAs should have the +\&\s-1CA\s0 flag set to true. +.PP +If the basicConstraints extension is absent then the certificate is +considered to be a \*(L"possible \s-1CA\s0\*(R" other extensions are checked according +to the intended use of the certificate. A warning is given in this case +because the certificate should really not be regarded as a \s-1CA:\s0 however +it is allowed to be a \s-1CA\s0 to work around some broken software. +.PP +If the certificate is a V1 certificate (and thus has no extensions) and +it is self signed it is also assumed to be a \s-1CA\s0 but a warning is again +given: this is to work around the problem of Verisign roots which are V1 +self signed certificates. +.PP +If the keyUsage extension is present then additional restraints are +made on the uses of the certificate. A \s-1CA\s0 certificate \fBmust\fR have the +keyCertSign bit set if the keyUsage extension is present. +.PP +The extended key usage extension places additional restrictions on the +certificate uses. If this extension is present (whether critical or not) +the key can only be used for the purposes specified. +.PP +A complete description of each test is given below. The comments about +basicConstraints and keyUsage and V1 certificates above apply to \fBall\fR +\&\s-1CA\s0 certificates. +.IP "\fB\s-1SSL\s0 Client\fR" 4 +.IX Item "SSL Client" +The extended key usage extension must be absent or include the \*(L"web client +authentication\*(R" \s-1OID\s0. keyUsage must be absent or it must have the +digitalSignature bit set. Netscape certificate type must be absent or it must +have the \s-1SSL\s0 client bit set. +.IP "\fB\s-1SSL\s0 Client \s-1CA\s0\fR" 4 +.IX Item "SSL Client CA" +The extended key usage extension must be absent or include the \*(L"web client +authentication\*(R" \s-1OID\s0. Netscape certificate type must be absent or it must have +the \s-1SSL\s0 \s-1CA\s0 bit set: this is used as a work around if the basicConstraints +extension is absent. +.IP "\fB\s-1SSL\s0 Server\fR" 4 +.IX Item "SSL Server" +The extended key usage extension must be absent or include the \*(L"web server +authentication\*(R" and/or one of the \s-1SGC\s0 OIDs. keyUsage must be absent or it +must have the digitalSignature, the keyEncipherment set or both bits set. +Netscape certificate type must be absent or have the \s-1SSL\s0 server bit set. +.IP "\fB\s-1SSL\s0 Server \s-1CA\s0\fR" 4 +.IX Item "SSL Server CA" +The extended key usage extension must be absent or include the \*(L"web server +authentication\*(R" and/or one of the \s-1SGC\s0 OIDs. Netscape certificate type must +be absent or the \s-1SSL\s0 \s-1CA\s0 bit must be set: this is used as a work around if the +basicConstraints extension is absent. +.IP "\fBNetscape \s-1SSL\s0 Server\fR" 4 +.IX Item "Netscape SSL Server" +For Netscape \s-1SSL\s0 clients to connect to an \s-1SSL\s0 server it must have the +keyEncipherment bit set if the keyUsage extension is present. This isn't +always valid because some cipher suites use the key for digital signing. +Otherwise it is the same as a normal \s-1SSL\s0 server. +.IP "\fBCommon S/MIME Client Tests\fR" 4 +.IX Item "Common S/MIME Client Tests" +The extended key usage extension must be absent or include the \*(L"email +protection\*(R" \s-1OID\s0. Netscape certificate type must be absent or should have the +S/MIME bit set. If the S/MIME bit is not set in Netscape certificate type +then the \s-1SSL\s0 client bit is tolerated as an alternative but a warning is shown: +this is because some Verisign certificates don't set the S/MIME bit. +.IP "\fBS/MIME Signing\fR" 4 +.IX Item "S/MIME Signing" +In addition to the common S/MIME client tests the digitalSignature bit or +the nonRepudiation bit must be set if the keyUsage extension is present. +.IP "\fBS/MIME Encryption\fR" 4 +.IX Item "S/MIME Encryption" +In addition to the common S/MIME tests the keyEncipherment bit must be set +if the keyUsage extension is present. +.IP "\fBS/MIME \s-1CA\s0\fR" 4 +.IX Item "S/MIME CA" +The extended key usage extension must be absent or include the \*(L"email +protection\*(R" \s-1OID\s0. Netscape certificate type must be absent or must have the +S/MIME \s-1CA\s0 bit set: this is used as a work around if the basicConstraints +extension is absent. +.IP "\fB\s-1CRL\s0 Signing\fR" 4 +.IX Item "CRL Signing" +The keyUsage extension must be absent or it must have the \s-1CRL\s0 signing bit +set. +.IP "\fB\s-1CRL\s0 Signing \s-1CA\s0\fR" 4 +.IX Item "CRL Signing CA" +The normal \s-1CA\s0 tests apply. Except in this case the basicConstraints extension +must be present. +.SH "BUGS" +.IX Header "BUGS" +Extensions in certificates are not transferred to certificate requests and +vice versa. +.PP +It is possible to produce invalid certificates or requests by specifying the +wrong private key or using inconsistent options in some cases: these should +be checked. +.PP +There should be options to explicitly set such things as start and end +dates rather than an offset from the current time. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIopenssl\-req\fR\|(1), +\&\fIopenssl\-ca\fR\|(1), +\&\fIopenssl\-genrsa\fR\|(1), +\&\fIopenssl\-gendsa\fR\|(1), +\&\fIopenssl\-verify\fR\|(1), +\&\fIx509v3_config\fR\|(5) +.SH "HISTORY" +.IX Header "HISTORY" +The hash algorithm used in the \fB\-subject_hash\fR and \fB\-issuer_hash\fR options +before OpenSSL 1.0.0 was based on the deprecated \s-1MD5\s0 algorithm and the encoding +of the distinguished name. In OpenSSL 1.0.0 and later it is based on a canonical +version of the \s-1DN\s0 using \s-1SHA1\s0. This means that any directories using the old +form must have their links rebuilt using \fIopenssl\-rehash\fR\|(1) or similar. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man1/openssl.1 b/linux_amd64/share/man/man1/openssl.1 new file mode 100755 index 0000000..20b458e --- /dev/null +++ b/linux_amd64/share/man/man1/openssl.1 @@ -0,0 +1,1265 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL 1" +.TH OPENSSL 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl \- OpenSSL command line tool +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR +\&\fIcommand\fR +[ \fIoptions\fR ... ] +[ \fIparameters\fR ... ] +.PP +\&\fBopenssl\fR +\&\fBlist\fR +\&\fB\-standard\-commands\fR | +\&\fB\-digest\-commands\fR | +\&\fB\-cipher\-commands\fR | +\&\fB\-cipher\-algorithms\fR | +\&\fB\-digest\-algorithms\fR | +\&\fB\-mac\-algorithms\fR | +\&\fB\-public\-key\-algorithms\fR +.PP +\&\fBopenssl\fR \fBno\-\fR\fI\s-1XXX\s0\fR [ \fIoptions\fR ] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (\s-1SSL\s0 +v2/v3) and Transport Layer Security (\s-1TLS\s0 v1) network protocols and related +cryptography standards required by them. +.PP +The \fBopenssl\fR program is a command line tool for using the various +cryptography functions of OpenSSL's \fBcrypto\fR library from the shell. +It can be used for +.PP +.Vb 8 +\& o Creation and management of private keys, public keys and parameters +\& o Public key cryptographic operations +\& o Creation of X.509 certificates, CSRs and CRLs +\& o Calculation of Message Digests and Message Authentication Codes +\& o Encryption and Decryption with Ciphers +\& o SSL/TLS Client and Server Tests +\& o Handling of S/MIME signed or encrypted mail +\& o Timestamp requests, generation and verification +.Ve +.SH "COMMAND SUMMARY" +.IX Header "COMMAND SUMMARY" +The \fBopenssl\fR program provides a rich variety of commands (\fIcommand\fR in +the \*(L"\s-1SYNOPSIS\s0\*(R" above). +Each command can have many options and argument parameters, shown above as +\&\fIoptions\fR and \fIparameters\fR. +.PP +Detailed documentation and use cases for most standard subcommands are available +(e.g., \fIopenssl\-x509\fR\|(1)). +.PP +Many commands use an external configuration file for some or all of their +arguments and have a \fB\-config\fR option to specify that file. +The default name of the file is \fIopenssl.cnf\fR in the default certificate +storage area, which can be determined from the \fIopenssl\-version\fR\|(1) +command. +The environment variable \fB\s-1OPENSSL_CONF\s0\fR can be used to specify +a different location of the file. +See \fIopenssl\-env\fR\|(7). +.PP +The list options \fB\-standard\-commands\fR, \fB\-digest\-commands\fR, +and \fB\-cipher\-commands\fR output a list (one entry per line) of the names +of all standard commands, message digest commands, or cipher commands, +respectively, that are available. +.PP +The list parameters \fB\-cipher\-algorithms\fR, \fB\-digest\-algorithms\fR, +and \fB\-mac\-algorithms\fR list all cipher, message digest, and message +authentication code names, one entry per line. Aliases are listed as: +.PP +.Vb 1 +\& from => to +.Ve +.PP +The list parameter \fB\-public\-key\-algorithms\fR lists all supported public +key algorithms. +.PP +The command \fBno\-\fR\fI\s-1XXX\s0\fR tests whether a command of the +specified name is available. If no command named \fI\s-1XXX\s0\fR exists, it +returns 0 (success) and prints \fBno\-\fR\fI\s-1XXX\s0\fR; otherwise it returns 1 +and prints \fI\s-1XXX\s0\fR. In both cases, the output goes to \fBstdout\fR and +nothing is printed to \fBstderr\fR. Additional command line arguments +are always ignored. Since for each cipher there is a command of the +same name, this provides an easy way for shell scripts to test for the +availability of ciphers in the \fBopenssl\fR program. (\fBno\-\fR\fI\s-1XXX\s0\fR is +not able to detect pseudo-commands such as \fBquit\fR, +\&\fBlist\fR, or \fBno\-\fR\fI\s-1XXX\s0\fR itself.) +.SS "Standard Commands" +.IX Subsection "Standard Commands" +.IP "\fBasn1parse\fR" 4 +.IX Item "asn1parse" +Parse an \s-1ASN\s0.1 sequence. +.IP "\fBca\fR" 4 +.IX Item "ca" +Certificate Authority (\s-1CA\s0) Management. +.IP "\fBciphers\fR" 4 +.IX Item "ciphers" +Cipher Suite Description Determination. +.IP "\fBcms\fR" 4 +.IX Item "cms" +\&\s-1CMS\s0 (Cryptographic Message Syntax) utility. +.IP "\fBcrl\fR" 4 +.IX Item "crl" +Certificate Revocation List (\s-1CRL\s0) Management. +.IP "\fBcrl2pkcs7\fR" 4 +.IX Item "crl2pkcs7" +\&\s-1CRL\s0 to PKCS#7 Conversion. +.IP "\fBdgst\fR" 4 +.IX Item "dgst" +Message Digest calculation. \s-1MAC\s0 calculations are superseded by +\&\fIopenssl\-mac\fR\|(1). +.IP "\fBdhparam\fR" 4 +.IX Item "dhparam" +Generation and Management of Diffie-Hellman Parameters. Superseded by +\&\fIopenssl\-genpkey\fR\|(1) and \fIopenssl\-pkeyparam\fR\|(1). +.IP "\fBdsa\fR" 4 +.IX Item "dsa" +\&\s-1DSA\s0 Data Management. +.IP "\fBdsaparam\fR" 4 +.IX Item "dsaparam" +\&\s-1DSA\s0 Parameter Generation and Management. Superseded by +\&\fIopenssl\-genpkey\fR\|(1) and \fIopenssl\-pkeyparam\fR\|(1). +.IP "\fBec\fR" 4 +.IX Item "ec" +\&\s-1EC\s0 (Elliptic curve) key processing. +.IP "\fBecparam\fR" 4 +.IX Item "ecparam" +\&\s-1EC\s0 parameter manipulation and generation. +.IP "\fBenc\fR" 4 +.IX Item "enc" +Encryption, decryption, and encoding. +.IP "\fBengine\fR" 4 +.IX Item "engine" +Engine (loadable module) information and manipulation. +.IP "\fBerrstr\fR" 4 +.IX Item "errstr" +Error Number to Error String Conversion. +.IP "\fBfipsinstall\fR" 4 +.IX Item "fipsinstall" +\&\s-1FIPS\s0 configuration installation. +.IP "\fBgendsa\fR" 4 +.IX Item "gendsa" +Generation of \s-1DSA\s0 Private Key from Parameters. Superseded by +\&\fIopenssl\-genpkey\fR\|(1) and \fIopenssl\-pkey\fR\|(1). +.IP "\fBgenpkey\fR" 4 +.IX Item "genpkey" +Generation of Private Key or Parameters. +.IP "\fBgenrsa\fR" 4 +.IX Item "genrsa" +Generation of \s-1RSA\s0 Private Key. Superseded by \fIopenssl\-genpkey\fR\|(1). +.IP "\fBhelp\fR" 4 +.IX Item "help" +Display information about a command's options. +.IP "\fBinfo\fR" 4 +.IX Item "info" +Display diverse information built into the OpenSSL libraries. +.IP "\fBkdf\fR" 4 +.IX Item "kdf" +Key Derivation Functions. +.IP "\fBlist\fR" 4 +.IX Item "list" +List algorithms and features. +.IP "\fBmac\fR" 4 +.IX Item "mac" +Message Authentication Code Calculation. +.IP "\fBnseq\fR" 4 +.IX Item "nseq" +Create or examine a Netscape certificate sequence. +.IP "\fBocsp\fR" 4 +.IX Item "ocsp" +Online Certificate Status Protocol utility. +.IP "\fBpasswd\fR" 4 +.IX Item "passwd" +Generation of hashed passwords. +.IP "\fBpkcs12\fR" 4 +.IX Item "pkcs12" +PKCS#12 Data Management. +.IP "\fBpkcs7\fR" 4 +.IX Item "pkcs7" +PKCS#7 Data Management. +.IP "\fBpkcs8\fR" 4 +.IX Item "pkcs8" +PKCS#8 format private key conversion tool. +.IP "\fBpkey\fR" 4 +.IX Item "pkey" +Public and private key management. +.IP "\fBpkeyparam\fR" 4 +.IX Item "pkeyparam" +Public key algorithm parameter management. +.IP "\fBpkeyutl\fR" 4 +.IX Item "pkeyutl" +Public key algorithm cryptographic operation utility. +.IP "\fBprime\fR" 4 +.IX Item "prime" +Compute prime numbers. +.IP "\fBprovider\fR" 4 +.IX Item "provider" +Load and query providers. +.IP "\fBrand\fR" 4 +.IX Item "rand" +Generate pseudo-random bytes. +.IP "\fBrehash\fR" 4 +.IX Item "rehash" +Create symbolic links to certificate and \s-1CRL\s0 files named by the hash values. +.IP "\fBreq\fR" 4 +.IX Item "req" +PKCS#10 X.509 Certificate Signing Request (\s-1CSR\s0) Management. +.IP "\fBrsa\fR" 4 +.IX Item "rsa" +\&\s-1RSA\s0 key management. +.IP "\fBrsautl\fR" 4 +.IX Item "rsautl" +\&\s-1RSA\s0 utility for signing, verification, encryption, and decryption. Superseded +by \fIopenssl\-pkeyutl\fR\|(1). +.IP "\fBs_client\fR" 4 +.IX Item "s_client" +This implements a generic \s-1SSL/TLS\s0 client which can establish a transparent +connection to a remote server speaking \s-1SSL/TLS\s0. It's intended for testing +purposes only and provides only rudimentary interface functionality but +internally uses mostly all functionality of the OpenSSL \fBssl\fR library. +.IP "\fBs_server\fR" 4 +.IX Item "s_server" +This implements a generic \s-1SSL/TLS\s0 server which accepts connections from remote +clients speaking \s-1SSL/TLS\s0. It's intended for testing purposes only and provides +only rudimentary interface functionality but internally uses mostly all +functionality of the OpenSSL \fBssl\fR library. It provides both an own command +line oriented protocol for testing \s-1SSL\s0 functions and a simple \s-1HTTP\s0 response +facility to emulate an SSL/TLS\-aware webserver. +.IP "\fBs_time\fR" 4 +.IX Item "s_time" +\&\s-1SSL\s0 Connection Timer. +.IP "\fBsess_id\fR" 4 +.IX Item "sess_id" +\&\s-1SSL\s0 Session Data Management. +.IP "\fBsmime\fR" 4 +.IX Item "smime" +S/MIME mail processing. +.IP "\fBspeed\fR" 4 +.IX Item "speed" +Algorithm Speed Measurement. +.IP "\fBspkac\fR" 4 +.IX Item "spkac" +\&\s-1SPKAC\s0 printing and generating utility. +.IP "\fBsrp\fR" 4 +.IX Item "srp" +Maintain \s-1SRP\s0 password file. +.IP "\fBstoreutl\fR" 4 +.IX Item "storeutl" +Utility to list and display certificates, keys, CRLs, etc. +.IP "\fBts\fR" 4 +.IX Item "ts" +Time Stamping Authority tool (client/server). +.IP "\fBverify\fR" 4 +.IX Item "verify" +X.509 Certificate Verification. +.IP "\fBversion\fR" 4 +.IX Item "version" +OpenSSL Version Information. +.IP "\fBx509\fR" 4 +.IX Item "x509" +X.509 Certificate Data Management. +.SS "Message Digest Commands" +.IX Subsection "Message Digest Commands" +.IP "\fBblake2b512\fR" 4 +.IX Item "blake2b512" +BLAKE2b\-512 Digest +.IP "\fBblake2s256\fR" 4 +.IX Item "blake2s256" +BLAKE2s\-256 Digest +.IP "\fBmd2\fR" 4 +.IX Item "md2" +\&\s-1MD2\s0 Digest +.IP "\fBmd4\fR" 4 +.IX Item "md4" +\&\s-1MD4\s0 Digest +.IP "\fBmd5\fR" 4 +.IX Item "md5" +\&\s-1MD5\s0 Digest +.IP "\fBmdc2\fR" 4 +.IX Item "mdc2" +\&\s-1MDC2\s0 Digest +.IP "\fBrmd160\fR" 4 +.IX Item "rmd160" +\&\s-1RMD\-160\s0 Digest +.IP "\fBsha1\fR" 4 +.IX Item "sha1" +\&\s-1SHA\-1\s0 Digest +.IP "\fBsha224\fR" 4 +.IX Item "sha224" +\&\s-1SHA\-2\s0 224 Digest +.IP "\fBsha256\fR" 4 +.IX Item "sha256" +\&\s-1SHA\-2\s0 256 Digest +.IP "\fBsha384\fR" 4 +.IX Item "sha384" +\&\s-1SHA\-2\s0 384 Digest +.IP "\fBsha512\fR" 4 +.IX Item "sha512" +\&\s-1SHA\-2\s0 512 Digest +.IP "\fBsha3\-224\fR" 4 +.IX Item "sha3-224" +\&\s-1SHA\-3\s0 224 Digest +.IP "\fBsha3\-256\fR" 4 +.IX Item "sha3-256" +\&\s-1SHA\-3\s0 256 Digest +.IP "\fBsha3\-384\fR" 4 +.IX Item "sha3-384" +\&\s-1SHA\-3\s0 384 Digest +.IP "\fBsha3\-512\fR" 4 +.IX Item "sha3-512" +\&\s-1SHA\-3\s0 512 Digest +.IP "\fBshake128\fR" 4 +.IX Item "shake128" +\&\s-1SHA\-3\s0 \s-1SHAKE128\s0 Digest +.IP "\fBshake256\fR" 4 +.IX Item "shake256" +\&\s-1SHA\-3\s0 \s-1SHAKE256\s0 Digest +.IP "\fBsm3\fR" 4 +.IX Item "sm3" +\&\s-1SM3\s0 Digest +.SS "Encryption, Decryption, and Encoding Commands" +.IX Subsection "Encryption, Decryption, and Encoding Commands" +The following aliases provide convenient access to the most used encodings +and ciphers. +.PP +Depending on how OpenSSL was configured and built, not all ciphers listed +here may be present. See \fIopenssl\-enc\fR\|(1) for more information. +.IP "\fBaes128\fR, \fBaes\-128\-cbc\fR, \fBaes\-128\-cfb\fR, \fBaes\-128\-ctr\fR, \fBaes\-128\-ecb\fR, \fBaes\-128\-ofb\fR" 4 +.IX Item "aes128, aes-128-cbc, aes-128-cfb, aes-128-ctr, aes-128-ecb, aes-128-ofb" +\&\s-1AES\-128\s0 Cipher +.IP "\fBaes192\fR, \fBaes\-192\-cbc\fR, \fBaes\-192\-cfb\fR, \fBaes\-192\-ctr\fR, \fBaes\-192\-ecb\fR, \fBaes\-192\-ofb\fR" 4 +.IX Item "aes192, aes-192-cbc, aes-192-cfb, aes-192-ctr, aes-192-ecb, aes-192-ofb" +\&\s-1AES\-192\s0 Cipher +.IP "\fBaes256\fR, \fBaes\-256\-cbc\fR, \fBaes\-256\-cfb\fR, \fBaes\-256\-ctr\fR, \fBaes\-256\-ecb\fR, \fBaes\-256\-ofb\fR" 4 +.IX Item "aes256, aes-256-cbc, aes-256-cfb, aes-256-ctr, aes-256-ecb, aes-256-ofb" +\&\s-1AES\-256\s0 Cipher +.IP "\fBaria128\fR, \fBaria\-128\-cbc\fR, \fBaria\-128\-cfb\fR, \fBaria\-128\-ctr\fR, \fBaria\-128\-ecb\fR, \fBaria\-128\-ofb\fR" 4 +.IX Item "aria128, aria-128-cbc, aria-128-cfb, aria-128-ctr, aria-128-ecb, aria-128-ofb" +Aria\-128 Cipher +.IP "\fBaria192\fR, \fBaria\-192\-cbc\fR, \fBaria\-192\-cfb\fR, \fBaria\-192\-ctr\fR, \fBaria\-192\-ecb\fR, \fBaria\-192\-ofb\fR" 4 +.IX Item "aria192, aria-192-cbc, aria-192-cfb, aria-192-ctr, aria-192-ecb, aria-192-ofb" +Aria\-192 Cipher +.IP "\fBaria256\fR, \fBaria\-256\-cbc\fR, \fBaria\-256\-cfb\fR, \fBaria\-256\-ctr\fR, \fBaria\-256\-ecb\fR, \fBaria\-256\-ofb\fR" 4 +.IX Item "aria256, aria-256-cbc, aria-256-cfb, aria-256-ctr, aria-256-ecb, aria-256-ofb" +Aria\-256 Cipher +.IP "\fBbase64\fR" 4 +.IX Item "base64" +Base64 Encoding +.IP "\fBbf\fR, \fBbf-cbc\fR, \fBbf-cfb\fR, \fBbf-ecb\fR, \fBbf-ofb\fR" 4 +.IX Item "bf, bf-cbc, bf-cfb, bf-ecb, bf-ofb" +Blowfish Cipher +.IP "\fBcamellia128\fR, \fBcamellia\-128\-cbc\fR, \fBcamellia\-128\-cfb\fR, \fBcamellia\-128\-ctr\fR, \fBcamellia\-128\-ecb\fR, \fBcamellia\-128\-ofb\fR" 4 +.IX Item "camellia128, camellia-128-cbc, camellia-128-cfb, camellia-128-ctr, camellia-128-ecb, camellia-128-ofb" +Camellia\-128 Cipher +.IP "\fBcamellia192\fR, \fBcamellia\-192\-cbc\fR, \fBcamellia\-192\-cfb\fR, \fBcamellia\-192\-ctr\fR, \fBcamellia\-192\-ecb\fR, \fBcamellia\-192\-ofb\fR" 4 +.IX Item "camellia192, camellia-192-cbc, camellia-192-cfb, camellia-192-ctr, camellia-192-ecb, camellia-192-ofb" +Camellia\-192 Cipher +.IP "\fBcamellia256\fR, \fBcamellia\-256\-cbc\fR, \fBcamellia\-256\-cfb\fR, \fBcamellia\-256\-ctr\fR, \fBcamellia\-256\-ecb\fR, \fBcamellia\-256\-ofb\fR" 4 +.IX Item "camellia256, camellia-256-cbc, camellia-256-cfb, camellia-256-ctr, camellia-256-ecb, camellia-256-ofb" +Camellia\-256 Cipher +.IP "\fBcast\fR, \fBcast-cbc\fR" 4 +.IX Item "cast, cast-cbc" +\&\s-1CAST\s0 Cipher +.IP "\fBcast5\-cbc\fR, \fBcast5\-cfb\fR, \fBcast5\-ecb\fR, \fBcast5\-ofb\fR" 4 +.IX Item "cast5-cbc, cast5-cfb, cast5-ecb, cast5-ofb" +\&\s-1CAST5\s0 Cipher +.IP "\fBchacha20\fR" 4 +.IX Item "chacha20" +Chacha20 Cipher +.IP "\fBdes\fR, \fBdes-cbc\fR, \fBdes-cfb\fR, \fBdes-ecb\fR, \fBdes-ede\fR, \fBdes-ede-cbc\fR, \fBdes-ede-cfb\fR, \fBdes-ede-ofb\fR, \fBdes-ofb\fR" 4 +.IX Item "des, des-cbc, des-cfb, des-ecb, des-ede, des-ede-cbc, des-ede-cfb, des-ede-ofb, des-ofb" +\&\s-1DES\s0 Cipher +.IP "\fBdes3\fR, \fBdesx\fR, \fBdes\-ede3\fR, \fBdes\-ede3\-cbc\fR, \fBdes\-ede3\-cfb\fR, \fBdes\-ede3\-ofb\fR" 4 +.IX Item "des3, desx, des-ede3, des-ede3-cbc, des-ede3-cfb, des-ede3-ofb" +Triple-DES Cipher +.IP "\fBidea\fR, \fBidea-cbc\fR, \fBidea-cfb\fR, \fBidea-ecb\fR, \fBidea-ofb\fR" 4 +.IX Item "idea, idea-cbc, idea-cfb, idea-ecb, idea-ofb" +\&\s-1IDEA\s0 Cipher +.IP "\fBrc2\fR, \fBrc2\-cbc\fR, \fBrc2\-cfb\fR, \fBrc2\-ecb\fR, \fBrc2\-ofb\fR" 4 +.IX Item "rc2, rc2-cbc, rc2-cfb, rc2-ecb, rc2-ofb" +\&\s-1RC2\s0 Cipher +.IP "\fBrc4\fR" 4 +.IX Item "rc4" +\&\s-1RC4\s0 Cipher +.IP "\fBrc5\fR, \fBrc5\-cbc\fR, \fBrc5\-cfb\fR, \fBrc5\-ecb\fR, \fBrc5\-ofb\fR" 4 +.IX Item "rc5, rc5-cbc, rc5-cfb, rc5-ecb, rc5-ofb" +\&\s-1RC5\s0 Cipher +.IP "\fBseed\fR, \fBseed-cbc\fR, \fBseed-cfb\fR, \fBseed-ecb\fR, \fBseed-ofb\fR" 4 +.IX Item "seed, seed-cbc, seed-cfb, seed-ecb, seed-ofb" +\&\s-1SEED\s0 Cipher +.IP "\fBsm4\fR, \fBsm4\-cbc\fR, \fBsm4\-cfb\fR, \fBsm4\-ctr\fR, \fBsm4\-ecb\fR, \fBsm4\-ofb\fR" 4 +.IX Item "sm4, sm4-cbc, sm4-cfb, sm4-ctr, sm4-ecb, sm4-ofb" +\&\s-1SM4\s0 Cipher +.SH "OPTIONS" +.IX Header "OPTIONS" +Details of which options are available depend on the specific command. +This section describes some common options with common behavior. +.SS "Common Options" +.IX Subsection "Common Options" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Provides a terse summary of all options. +If an option takes an argument, the \*(L"type\*(R" of argument is also given. +.IP "\fB\-\-\fR" 4 +.IX Item "--" +This terminates the list of options. It is mostly useful if any filename +parameters start with a minus sign: +.Sp +.Vb 1 +\& openssl verify [flags...] \-\- \-cert1.pem... +.Ve +.SS "Format Options" +.IX Subsection "Format Options" +Several OpenSSL commands can take input or generate output in a variety +of formats. The list of acceptable formats, and the default, is +described in each command documentation. The list of formats is +described below. Both uppercase and lowercase are accepted. +.IP "\fB\s-1DER\s0\fR" 4 +.IX Item "DER" +A binary format, encoded or parsed according to Distinguished Encoding Rules +(\s-1DER\s0) of the \s-1ASN\s0.1 data language. +.IP "\fB\s-1ENGINE\s0\fR" 4 +.IX Item "ENGINE" +Used to specify that the cryptographic material is in an OpenSSL \fBengine\fR. +An engine must be configured or specified using the \fB\-engine\fR option. +In addition, the \fB\-input\fR flag can be used to name a specific object in +the engine. +A password, such as the \fB\-passin\fR flag often must be specified as well. +.IP "\fBP12\fR" 4 +.IX Item "P12" +A DER-encoded file containing a PKCS#12 object. +It might be necessary to provide a decryption password to retrieve +the private key. +.IP "\fB\s-1PEM\s0\fR" 4 +.IX Item "PEM" +A text format defined in \s-1IETF\s0 \s-1RFC\s0 1421 and \s-1IETF\s0 \s-1RFC\s0 7468. Briefly, this is +a block of base\-64 encoding (defined in \s-1IETF\s0 \s-1RFC\s0 4648), with specific +lines used to mark the start and end: +.Sp +.Vb 7 +\& Text before the BEGIN line is ignored. +\& \-\-\-\-\- BEGIN object\-type \-\-\-\-\- +\& OT43gQKBgQC/2OHZoko6iRlNOAQ/tMVFNq7fL81GivoQ9F1U0Qr+DH3ZfaH8eIkX +\& xT0ToMPJUzWAn8pZv0snA0um6SIgvkCuxO84OkANCVbttzXImIsL7pFzfcwV/ERK +\& UM6j0ZuSMFOCr/lGPAoOQU0fskidGEHi1/kW+suSr28TqsyYZpwBDQ== +\& \-\-\-\-\- END object\-type \-\-\-\-\- +\& Text after the END line is also ignored +.Ve +.Sp +The \fIobject-type\fR must match the type of object that is expected. +For example a \f(CW\*(C`BEGIN X509 CERTIFICATE\*(C'\fR will not match if the command +is trying to read a private key. The types supported include: +.Sp +.Vb 10 +\& ANY PRIVATE KEY +\& CERTIFICATE +\& CERTIFICATE REQUEST +\& CMS +\& DH PARAMETERS +\& DSA PARAMETERS +\& DSA PUBLIC KEY +\& EC PARAMETERS +\& EC PRIVATE KEY +\& ECDSA PUBLIC KEY +\& ENCRYPTED PRIVATE KEY +\& PARAMETERS +\& PKCS #7 SIGNED DATA +\& PKCS7 +\& PRIVATE KEY +\& PUBLIC KEY +\& RSA PRIVATE KEY +\& SSL SESSION PARAMETERS +\& TRUSTED CERTIFICATE +\& X509 CRL +\& X9.42 DH PARAMETERS +.Ve +.Sp +The following legacy \fIobject-type\fR's are also supported for compatibility +with earlier releases: +.Sp +.Vb 4 +\& DSA PRIVATE KEY +\& NEW CERTIFICATE REQUEST +\& RSA PUBLIC KEY +\& X509 CERTIFICATE +.Ve +.IP "\fB\s-1SMIME\s0\fR" 4 +.IX Item "SMIME" +An S/MIME object as described in \s-1IETF\s0 \s-1RFC\s0 8551. +Earlier versions were known as \s-1CMS\s0 and are compatible. +Note that the parsing is simple and might fail to parse some legal data. +.PP +The options to specify the format are as follows. Refer to the individual +manpage to see which options are accepted. +.IP "\fB\-inform\fR \fIformat\fR, \fB\-outform\fR \fIformat\fR" 4 +.IX Item "-inform format, -outform format" +The format of the input or output streams. +.IP "\fB\-keyform\fR \fIformat\fR" 4 +.IX Item "-keyform format" +Format of a private key input source. +.IP "\fB\-CRLform\fR \fIformat\fR" 4 +.IX Item "-CRLform format" +Format of a \s-1CRL\s0 input source. +.SS "Pass Phrase Options" +.IX Subsection "Pass Phrase Options" +Several commands accept password arguments, typically using \fB\-passin\fR +and \fB\-passout\fR for input and output passwords respectively. These allow +the password to be obtained from a variety of sources. Both of these +options take a single argument whose format is described below. If no +password argument is given and a password is required then the user is +prompted to enter one: this will typically be read from the current +terminal with echoing turned off. +.PP +Note that character encoding may be relevant, please see +\&\fIpassphrase\-encoding\fR\|(7). +.IP "\fBpass:\fR\fIpassword\fR" 4 +.IX Item "pass:password" +The actual password is \fIpassword\fR. Since the password is visible +to utilities (like 'ps' under Unix) this form should only be used +where security is not important. +.IP "\fBenv:\fR\fIvar\fR" 4 +.IX Item "env:var" +Obtain the password from the environment variable \fIvar\fR. Since +the environment of other processes is visible on certain platforms +(e.g. ps under certain Unix OSes) this option should be used with caution. +.IP "\fBfile:\fR\fIpathname\fR" 4 +.IX Item "file:pathname" +The first line of \fIpathname\fR is the password. If the same \fIpathname\fR +argument is supplied to \fB\-passin\fR and \fB\-passout\fR arguments then the first +line will be used for the input password and the next line for the output +password. \fIpathname\fR need not refer to a regular file: it could for example +refer to a device or named pipe. +.IP "\fBfd:\fR\fInumber\fR" 4 +.IX Item "fd:number" +Read the password from the file descriptor \fInumber\fR. This can be used to +send the data via a pipe for example. +.IP "\fBstdin\fR" 4 +.IX Item "stdin" +Read the password from standard input. +.SS "Trusted Certificate Options" +.IX Subsection "Trusted Certificate Options" +Part of validating a certificate includes verifying that the chain of \s-1CA\s0's +can be traced up to an existing trusted root. The following options specify +how to list the trusted roots, also known as trust anchors. A collection +of trusted roots is called a \fItrust store\fR. +.PP +Note that OpenSSL does not provide a default set of trust anchors. Many +Linux distributions include a system default and configure OpenSSL to point +to that. Mozilla maintains an influential trust store that can be found at +https://www.mozilla.org/en\-US/about/governance/policies/security\-group/certs/ . +.IP "\fB\-CAfile\fR \fIfile\fR" 4 +.IX Item "-CAfile file" +Load the specified file which contains one or more PEM-format certificates +of \s-1CA\s0's that are trusted. +.IP "\fB\-no\-CAfile\fR" 4 +.IX Item "-no-CAfile" +Do not load the default file of trusted certificates. +.IP "\fB\-CApath\fR \fIdir\fR" 4 +.IX Item "-CApath dir" +Use the specified directory as a list of trust certificates. That is, +files should be named with the hash of the X.509 SubjectName of each +certificate. This is so that the library can extract the IssuerName, +hash it, and directly lookup the file to get the issuer certificate. +See \fIopenssl\-rehash\fR\|(1) for information on creating this type of directory. +.IP "\fB\-no\-CApath\fR" 4 +.IX Item "-no-CApath" +Do not use the default directory of trusted certificates. +.IP "\fB\-CAstore\fR \fIuri\fR" 4 +.IX Item "-CAstore uri" +Use \fIuri\fR as a store of trusted \s-1CA\s0 certificates. The \s-1URI\s0 may +indicate a single certificate, as well as a collection of them. +With URIs in the \f(CW\*(C`file:\*(C'\fR scheme, this acts as \fB\-CAfile\fR or +\&\fB\-CApath\fR, depending on if the \s-1URI\s0 indicates a single file or +directory. +See \fIossl_store\-file\fR\|(7) for more information on the \f(CW\*(C`file:\*(C'\fR scheme. +.Sp +These certificates are also used when building the server certificate +chain (for example with \fIopenssl\-s_server\fR\|(1)) or client certificate +chain (for example with \fIopenssl\-s_time\fR\|(1)). +.IP "\fB\-no\-CAstore\fR" 4 +.IX Item "-no-CAstore" +Do not use the default store. +.SS "Random State Options" +.IX Subsection "Random State Options" +Prior to OpenSSL 3.0, it was common for applications to store information +about the state of the random-number generator in a file that was loaded +at startup and rewritten upon exit. On modern operating systems, this is +generally no longer necessary as OpenSSL will seed itself from the +appropriate \s-1CPU\s0 flags, device files, and so on. These flags are still +supported for special platforms or circumstances that might require them. +.PP +It is generally an error to use the same seed file more than once and +every use of \fB\-rand\fR should be paired with \fB\-writerand\fR. +.IP "\fB\-rand\fR \fIfiles\fR" 4 +.IX Item "-rand files" +A file or files containing random data used to seed the random number +generator. +Multiple files can be specified separated by an OS-dependent character. +The separator is \f(CW\*(C`;\*(C'\fR for MS-Windows, \f(CW\*(C`,\*(C'\fR for OpenVMS, and \f(CW\*(C`:\*(C'\fR for +all others. Another way to specify multiple files is to repeat this flag +with different filenames. +.IP "\fB\-writerand\fR \fIfile\fR" 4 +.IX Item "-writerand file" +Writes the seed data to the specified \fIfile\fR upon exit. +This file can be used in a subsequent command invocation. +.SS "Extended Verification Options" +.IX Subsection "Extended Verification Options" +Sometimes there may be more than one certificate chain leading to an +end-entity certificate. +This usually happens when a root or intermediate \s-1CA\s0 signs a certificate +for another a \s-1CA\s0 in other organization. +Another reason is when a \s-1CA\s0 might have intermediates that use two different +signature formats, such as a \s-1SHA\-1\s0 and a \s-1SHA\-256\s0 digest. +.PP +The following options can be used to provide data that will allow the +OpenSSL command to generate an alternative chain. +.IP "\fB\-xchain_build\fR" 4 +.IX Item "-xchain_build" +Specify whether the application should build the certificate chain to be +provided to the server for the extra certificates via the \fB\-xkey\fR, +\&\fB\-xcert\fR, and \fB\-xchain\fR options. +.IP "\fB\-xkey\fR \fIinfile\fR, \fB\-xcert\fR \fIinfile\fR, \fB\-xchain\fR" 4 +.IX Item "-xkey infile, -xcert infile, -xchain" +Specify an extra certificate, private key and certificate chain. These behave +in the same manner as the \fB\-cert\fR, \fB\-key\fR and \fB\-cert_chain\fR options. When +specified, the callback returning the first valid chain will be in use by the +client. +.IP "\fB\-xcertform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR, \fB\-xkeyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IX Item "-xcertform DER|PEM, -xkeyform DER|PEM" +The input format for the extra certificate and key, respectively. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-xchain_build\fR" 4 +.IX Item "-xchain_build" +Specify whether the application should build the certificate chain to be +provided to the server for the extra certificates via the \fB\-xkey\fR, +\&\fB\-xcert\fR, and \fB\-xchain\fR options. +.IP "\fB\-xcertform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR, \fB\-xkeyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IX Item "-xcertform DER|PEM, -xkeyform DER|PEM" +The input format for the extra certificate and key, respectively. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.SS "Verification Options" +.IX Subsection "Verification Options" +Many OpenSSL commands verify certificates. The details of how each +command handles errors are documented on the specific command page. +.PP +Verification is a complicated process, consisting of a number of separate +steps that are detailed in the following paragraphs. +.PP +First, a certificate chain is built up starting from the supplied certificate +and ending in a root \s-1CA\s0. It is an error if the whole chain cannot be +built up. The chain is built up by looking up the certificate that +signed (or issued) the certificate. It then repeats the process, until +it gets to a certificate that is self-issued. +.PP +The process of looking up the issuer's certificate itself involves a number +of steps. After all certificates whose subject name matches the issuer +name of the current certificate are subject to further tests. The relevant +authority key identifier components of the current certificate (if present) +must match the subject key identifier (if present) and issuer and serial +number of the candidate issuer, in addition the keyUsage extension of the +candidate issuer (if present) must permit certificate signing. +.PP +The lookup first looks in the list of untrusted certificates and if no match +is found the remaining lookups are from the trusted certificates. The root \s-1CA\s0 +is always looked up in the trusted certificate list: if the certificate to +verify is a root certificate then an exact match must be found in the trusted +list. +.PP +The second step is to check every untrusted certificate's extensions +for consistency with the supplied purpose. If the \fB\-purpose\fR option is +not included then no checks are done. The supplied or \*(L"leaf\*(R" certificate +must have extensions compatible with the supplied purpose and all other +certificates must also be valid \s-1CA\s0 certificates. The precise extensions +required are described in more detail in +\&\*(L"\s-1CERTIFICATE\s0 \s-1EXTENSIONS\s0\*(R" in \fIopenssl\-x509\fR\|(1). +.PP +The third step is to check the trust settings on the root \s-1CA\s0. The root +\&\s-1CA\s0 should be trusted for the supplied purpose. For compatibility with +previous versions of OpenSSL, a certificate with no trust settings is +considered to be valid for all purposes. +.PP +The fourth, and final, step is to check the validity of the certificate +chain. The validity period is checked against the system time +and the \f(CW\*(C`notBefore\*(C'\fR and \f(CW\*(C`notAfter\*(C'\fR dates in the certificate. The certificate +signatures are also checked at this point. The \fB\-attime\fR flag may be +used to specify a time other than \*(L"now.\*(R" +.PP +If all operations complete successfully then certificate is considered +valid. If any operation fails then the certificate is not valid. +.PP +The details of the processing steps can be fine-tuned with the +following flags. +.IP "\fB\-verbose\fR" 4 +.IX Item "-verbose" +Print extra information about the operations being performed. +.IP "\fB\-attime\fR \fItimestamp\fR" 4 +.IX Item "-attime timestamp" +Perform validation checks using time specified by \fItimestamp\fR and not +current system time. \fItimestamp\fR is the number of seconds since +January 1, 1970 (i.e., the Unix Epoch). +.IP "\fB\-no_check_time\fR" 4 +.IX Item "-no_check_time" +This option suppresses checking the validity period of certificates and CRLs +against the current time. If option \fB\-attime\fR is used to specify +a verification time, the check is not suppressed. +.IP "\fB\-x509_strict\fR" 4 +.IX Item "-x509_strict" +This disables non-compliant workarounds for broken certificates. +.IP "\fB\-ignore_critical\fR" 4 +.IX Item "-ignore_critical" +Normally if an unhandled critical extension is present which is not +supported by OpenSSL the certificate is rejected (as required by \s-1RFC5280\s0). +If this option is set critical extensions are ignored. +.IP "\fB\-issuer_checks\fR" 4 +.IX Item "-issuer_checks" +Ignored. +.IP "\fB\-crl_check\fR" 4 +.IX Item "-crl_check" +Checks end entity certificate validity by attempting to look up a valid \s-1CRL\s0. +If a valid \s-1CRL\s0 cannot be found an error occurs. +.IP "\fB\-crl_check_all\fR" 4 +.IX Item "-crl_check_all" +Checks the validity of \fBall\fR certificates in the chain by attempting +to look up valid CRLs. +.IP "\fB\-use_deltas\fR" 4 +.IX Item "-use_deltas" +Enable support for delta CRLs. +.IP "\fB\-extended_crl\fR" 4 +.IX Item "-extended_crl" +Enable extended \s-1CRL\s0 features such as indirect CRLs and alternate \s-1CRL\s0 +signing keys. +.IP "\fB\-suiteB_128_only\fR, \fB\-suiteB_128\fR, \fB\-suiteB_192\fR" 4 +.IX Item "-suiteB_128_only, -suiteB_128, -suiteB_192" +Enable the Suite B mode operation at 128 bit Level of Security, 128 bit or +192 bit, or only 192 bit Level of Security respectively. +See \s-1RFC6460\s0 for details. In particular the supported signature algorithms are +reduced to support only \s-1ECDSA\s0 and \s-1SHA256\s0 or \s-1SHA384\s0 and only the elliptic curves +P\-256 and P\-384. +.IP "\fB\-auth_level\fR \fIlevel\fR" 4 +.IX Item "-auth_level level" +Set the certificate chain authentication security level to \fIlevel\fR. +The authentication security level determines the acceptable signature and +public key strength when verifying certificate chains. For a certificate +chain to validate, the public keys of all the certificates must meet the +specified security \fIlevel\fR. The signature algorithm security level is +enforced for all the certificates in the chain except for the chain's +\&\fItrust anchor\fR, which is either directly trusted or validated by means +other than its signature. See \fISSL_CTX_set_security_level\fR\|(3) for the +definitions of the available levels. The default security level is \-1, +or \*(L"not set\*(R". At security level 0 or lower all algorithms are acceptable. +Security level 1 requires at least 80\-bit\-equivalent security and is broadly +interoperable, though it will, for example, reject \s-1MD5\s0 signatures or \s-1RSA\s0 +keys shorter than 1024 bits. +.IP "\fB\-partial_chain\fR" 4 +.IX Item "-partial_chain" +Allow verification to succeed even if a \fIcomplete\fR chain cannot be built to a +self-signed trust-anchor, provided it is possible to construct a chain to a +trusted certificate that might not be self-signed. +.IP "\fB\-check_ss_sig\fR" 4 +.IX Item "-check_ss_sig" +Verify the signature on the self-signed root \s-1CA\s0. This is disabled by default +because it doesn't add any security. +.IP "\fB\-allow_proxy_certs\fR" 4 +.IX Item "-allow_proxy_certs" +Allow the verification of proxy certificates. +.IP "\fB\-trusted_first\fR" 4 +.IX Item "-trusted_first" +As of OpenSSL 1.1.0 this option is on by default and cannot be disabled. +.IP "\fB\-no_alt_chains\fR" 4 +.IX Item "-no_alt_chains" +As of OpenSSL 1.1.0, since \fB\-trusted_first\fR always on, this option has no +effect. +.IP "\fB\-trusted\fR \fIfile\fR" 4 +.IX Item "-trusted file" +Parse \fIfile\fR as a set of one or more certificates in \s-1PEM\s0 format. +All certificates must be self-signed, unless the +\&\fB\-partial_chain\fR option is specified. +This option implies the \fB\-no\-CAfile\fR and \fB\-no\-CApath\fR options and it +cannot be used with either the \fB\-CAfile\fR or \fB\-CApath\fR options, so +only certificates in the file are trust anchors. +This option may be used multiple times. +.IP "\fB\-untrusted\fR \fIfile\fR" 4 +.IX Item "-untrusted file" +Parse \fIfile\fR as a set of one or more certificates in \s-1PEM\s0 format. +All certificates are untrusted certificates that may be used to +construct a certificate chain from the subject certificate to a trust anchor. +This option may be used multiple times. +.IP "\fB\-policy\fR \fIarg\fR" 4 +.IX Item "-policy arg" +Enable policy processing and add \fIarg\fR to the user-initial-policy-set (see +\&\s-1RFC5280\s0). The policy \fIarg\fR can be an object name an \s-1OID\s0 in numeric form. +This argument can appear more than once. +.IP "\fB\-explicit_policy\fR" 4 +.IX Item "-explicit_policy" +Set policy variable require-explicit-policy (see \s-1RFC5280\s0). +.IP "\fB\-policy_check\fR" 4 +.IX Item "-policy_check" +Enables certificate policy processing. +.IP "\fB\-policy_print\fR" 4 +.IX Item "-policy_print" +Print out diagnostics related to policy processing. +.IP "\fB\-inhibit_any\fR" 4 +.IX Item "-inhibit_any" +Set policy variable inhibit-any-policy (see \s-1RFC5280\s0). +.IP "\fB\-inhibit_map\fR" 4 +.IX Item "-inhibit_map" +Set policy variable inhibit-policy-mapping (see \s-1RFC5280\s0). +.IP "\fB\-purpose\fR \fIpurpose\fR" 4 +.IX Item "-purpose purpose" +The intended use for the certificate. If this option is not specified, this +command will not consider certificate purpose during chain verification. +Currently accepted uses are \fBsslclient\fR, \fBsslserver\fR, \fBnssslserver\fR, +\&\fBsmimesign\fR, \fBsmimeencrypt\fR. +.IP "\fB\-verify_depth\fR \fInum\fR" 4 +.IX Item "-verify_depth num" +Limit the certificate chain to \fInum\fR intermediate \s-1CA\s0 certificates. +A maximal depth chain can have up to \fInum\fR+2 certificates, since neither the +end-entity certificate nor the trust-anchor certificate count against the +\&\fB\-verify_depth\fR limit. +.IP "\fB\-verify_email\fR \fIemail\fR" 4 +.IX Item "-verify_email email" +Verify if \fIemail\fR matches the email address in Subject Alternative Name or +the email in the subject Distinguished Name. +.IP "\fB\-verify_hostname\fR \fIhostname\fR" 4 +.IX Item "-verify_hostname hostname" +Verify if \fIhostname\fR matches \s-1DNS\s0 name in Subject Alternative Name or +Common Name in the subject certificate. +.IP "\fB\-verify_ip\fR \fIip\fR" 4 +.IX Item "-verify_ip ip" +Verify if \fIip\fR matches the \s-1IP\s0 address in Subject Alternative Name of +the subject certificate. +.IP "\fB\-verify_name\fR \fIname\fR" 4 +.IX Item "-verify_name name" +Use default verification policies like trust model and required certificate +policies identified by \fIname\fR. +The trust model determines which auxiliary trust or reject OIDs are applicable +to verifying the given certificate chain. +See the \fB\-addtrust\fR and \fB\-addreject\fR options for \fIopenssl\-x509\fR\|(1). +Supported policy names include: \fBdefault\fR, \fBpkcs7\fR, \fBsmime_sign\fR, +\&\fBssl_client\fR, \fBssl_server\fR. +These mimics the combinations of purpose and trust settings used in \s-1SSL\s0, \s-1CMS\s0 +and S/MIME. +As of OpenSSL 1.1.0, the trust model is inferred from the purpose when not +specified, so the \fB\-verify_name\fR options are functionally equivalent to the +corresponding \fB\-purpose\fR settings. +.SS "Name Format Options" +.IX Subsection "Name Format Options" +OpenSSL provides fine-grain control over how the subject and issuer \s-1DN\s0's are +displayed. +This is specified by using the \fB\-nameopt\fR option, which takes a +comma-separated list of options from the following set. +An option may be preceded by a minus sign, \f(CW\*(C`\-\*(C'\fR, to turn it off. +The default value is \f(CW\*(C`oneline\*(C'\fR. +The first four are the most commonly used. +.IP "\fBcompat\fR" 4 +.IX Item "compat" +Display the name using an old format from previous OpenSSL versions. +.IP "\fB\s-1RFC2253\s0\fR" 4 +.IX Item "RFC2253" +Display the name using the format defined in \s-1RFC\s0 2253. +It is equivalent to \fBesc_2253\fR, \fBesc_ctrl\fR, \fBesc_msb\fR, \fButf8\fR, +\&\fBdump_nostr\fR, \fBdump_unknown\fR, \fBdump_der\fR, \fBsep_comma_plus\fR, \fBdn_rev\fR +and \fBsname\fR. +.IP "\fBoneline\fR" 4 +.IX Item "oneline" +Display the name in one line, using a format that is more readable +\&\s-1RFC\s0 2253. +It is equivalent to \fBesc_2253\fR, \fBesc_ctrl\fR, \fBesc_msb\fR, \fButf8\fR, +\&\fBdump_nostr\fR, \fBdump_der\fR, \fBuse_quote\fR, \fBsep_comma_plus_space\fR, +\&\fBspace_eq\fR and \fBsname\fR options. +.IP "\fBmultiline\fR" 4 +.IX Item "multiline" +Display the name using multiple lines. +It is equivalent to \fBesc_ctrl\fR, \fBesc_msb\fR, \fBsep_multiline\fR, \fBspace_eq\fR, +\&\fBlname\fR and \fBalign\fR. +.IP "\fBesc_2253\fR" 4 +.IX Item "esc_2253" +Escape the \*(L"special\*(R" characters in a field, as required by \s-1RFC\s0 2253. +That is, any of the characters \f(CW\*(C`,+"<>;\*(C'\fR, \f(CW\*(C`#\*(C'\fR at the beginning of +a string and leading or trailing spaces. +.IP "\fBesc_2254\fR" 4 +.IX Item "esc_2254" +Escape the \*(L"special\*(R" characters in a field as required by \s-1RFC\s0 2254 in a field. +That is, the \fB\s-1NUL\s0\fR character and and of \f(CW\*(C`()*\*(C'\fR. +.IP "\fBesc_ctrl\fR" 4 +.IX Item "esc_ctrl" +Escape non-printable \s-1ASCII\s0 characters, codes less than 0x20 (space) +or greater than 0x7F (\s-1DELETE\s0). They are displayed using \s-1RFC\s0 2253 \f(CW\*(C`\eXX\*(C'\fR +notation where \fB\s-1XX\s0\fR are the two hex digits representing the character value. +.IP "\fBesc_msb\fR" 4 +.IX Item "esc_msb" +Escape any characters with the most significant bit set, that is with +values larger than 127, as described in \fBesc_ctrl\fR. +.IP "\fBuse_quote\fR" 4 +.IX Item "use_quote" +Escapes some characters by surrounding the entire string with quotation +marks, \f(CW\*(C`"\*(C'\fR. +Without this option, individual special characters are preceeded with +a backslash character, \f(CW\*(C`\e\*(C'\fR. +.IP "\fButf8\fR" 4 +.IX Item "utf8" +Convert all strings to \s-1UTF\-8\s0 format first as required by \s-1RFC\s0 2253. +If the output device is \s-1UTF\-8\s0 compatible, then using this option (and +not setting \fBesc_msb\fR) may give the correct display of multibyte +characters. +If this option is not set, then multibyte characters larger than 0xFF +will be output as \f(CW\*(C`\eUXXXX\*(C'\fR for 16 bits or \f(CW\*(C`\eWXXXXXXXX\*(C'\fR for 32 bits. +In addition, any UTF8Strings will be converted to their character form first. +.IP "\fBignore_type\fR" 4 +.IX Item "ignore_type" +This option does not attempt to interpret multibyte characters in any +way. That is, the content octets are merely dumped as though one octet +represents each character. This is useful for diagnostic purposes but +will result in rather odd looking output. +.IP "\fBshow_type\fR" 4 +.IX Item "show_type" +Display the type of the \s-1ASN1\s0 character string before the value, +such as \f(CW\*(C`BMPSTRING: Hello World\*(C'\fR. +.IP "\fBdump_der\fR" 4 +.IX Item "dump_der" +Any fields that would be output in hex format are displayed using +the \s-1DER\s0 encoding of the field. +If not set, just the content octets are displayed. +Either way, the \fB#XXXX...\fR format of \s-1RFC\s0 2253 is used. +.IP "\fBdump_nostr\fR" 4 +.IX Item "dump_nostr" +Dump non-character strings, such as \s-1ASN\s0.1 \fB\s-1OCTET\s0 \s-1STRING\s0\fR. +If this option is not set, then non character string types will be displayed +as though each content octet represents a single character. +.IP "\fBdump_all\fR" 4 +.IX Item "dump_all" +Dump all fields. When this used with \fBdump_der\fR, this allows the +\&\s-1DER\s0 encoding of the structure to be unambiguously determined. +.IP "\fBdump_unknown\fR" 4 +.IX Item "dump_unknown" +Dump any field whose \s-1OID\s0 is not recognised by OpenSSL. +.IP "\fBsep_comma_plus\fR, \fBsep_comma_plus_space\fR, \fBsep_semi_plus_space\fR, \fBsep_multiline\fR" 4 +.IX Item "sep_comma_plus, sep_comma_plus_space, sep_semi_plus_space, sep_multiline" +Specify the field separators. The first word is used between the +Relative Distinguished Names (RDNs) and the second is between +multiple Attribute Value Assertions (AVAs). Multiple AVAs are +very rare and their use is discouraged. +The options ending in \*(L"space\*(R" additionally place a space after the separator to make it more readable. +The \fBsep_multiline\fR starts each field on its own line, and uses \*(L"plus space\*(R" +for the \s-1AVA\s0 separator. +It also indents the fields by four characters. +The default value is \fBsep_comma_plus_space\fR. +.IP "\fBdn_rev\fR" 4 +.IX Item "dn_rev" +Reverse the fields of the \s-1DN\s0 as required by \s-1RFC\s0 2253. +This also reverses the order of multiple AVAs in a field, but this is +permissible as there is no ordering on values. +.IP "\fBnofname\fR, \fBsname\fR, \fBlname\fR, \fBoid\fR" 4 +.IX Item "nofname, sname, lname, oid" +Specify how the field name is displayed. +\&\fBnofname\fR does not display the field at all. +\&\fBsname\fR uses the \*(L"short name\*(R" form (\s-1CN\s0 for commonName for example). +\&\fBlname\fR uses the long form. +\&\fBoid\fR represents the \s-1OID\s0 in numerical form and is useful for +diagnostic purpose. +.IP "\fBalign\fR" 4 +.IX Item "align" +Align field values for a more readable output. Only usable with +\&\fBsep_multiline\fR. +.IP "\fBspace_eq\fR" 4 +.IX Item "space_eq" +Places spaces round the equal sign, \f(CW\*(C`=\*(C'\fR, character which follows the field +name. +.SS "\s-1TLS\s0 Version Options" +.IX Subsection "TLS Version Options" +Several commands use \s-1SSL\s0, \s-1TLS\s0, or \s-1DTLS\s0. By default, the commands use \s-1TLS\s0 and +clients will offer the lowest and highest protocol version they support, +and servers will pick the highest version that the client offers that is also +supported by the server. +.PP +The options below can be used to limit which protocol versions are used, +and whether \s-1TCP\s0 (\s-1SSL\s0 and \s-1TLS\s0) or \s-1UDP\s0 (\s-1DTLS\s0) is used. +Note that not all protocols and flags may be available, depending on how +OpenSSL was built. +.IP "\fB\-ssl3\fR, \fB\-tls1\fR, \fB\-tls1_1\fR, \fB\-tls1_2\fR, \fB\-tls1_3\fR, \fB\-no_ssl3\fR, \fB\-no_tls1\fR, \fB\-no_tls1_1\fR, \fB\-no_tls1_2\fR, \fB\-no_tls1_3\fR" 4 +.IX Item "-ssl3, -tls1, -tls1_1, -tls1_2, -tls1_3, -no_ssl3, -no_tls1, -no_tls1_1, -no_tls1_2, -no_tls1_3" +These options require or disable the use of the specified \s-1SSL\s0 or \s-1TLS\s0 protocols. +When a specific \s-1TLS\s0 version is required, only that version will be offered or +accepted. +Only one specific protocol can be given and it cannot be combined with any of +the \fBno_\fR options. +.IP "\fB\-dtls\fR, \fB\-dtls1\fR, \fB\-dtls1_2\fR" 4 +.IX Item "-dtls, -dtls1, -dtls1_2" +These options specify to use \s-1DTLS\s0 instead of \s-1DLTS\s0. +With \fB\-dtls\fR, clients will negotiate any supported \s-1DTLS\s0 protocol version. +Use the \fB\-dtls1\fR or \fB\-dtls1_2\fR options to support only \s-1DTLS1\s0.0 or \s-1DTLS1\s0.2, +respectively. +.SS "Engine Options" +.IX Subsection "Engine Options" +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +Use the engine identified by \fIid\fR and use all the methods it +implements (algorithms, key storage, etc.), unless specified otherwise in +the command-specific documentation or it is configured to do so, as described +in \*(L"Engine Configuration Module\*(R" in \fIconfig\fR\|(5). +.SH "ENVIRONMENT" +.IX Header "ENVIRONMENT" +The OpenSSL library can be take some configuration parameters from the +environment. Some of these variables are listed below. For information +about specific commands, see \fIopenssl\-engine\fR\|(1), \fIopenssl\-provider\fR\|(1), +\&\fIopenssl\-rehash\fR\|(1), and \fItsget\fR\|(1). +.PP +For information about the use of environment variables in configuration, +see \*(L"\s-1ENVIRONMENT\s0\*(R" in \fIconfig\fR\|(5). +.PP +For information about querying or specifying \s-1CPU\s0 architecture flags, see +\&\fIOPENSSL_ia32cap\fR\|(3), and \fIOPENSSL_s390xcap\fR\|(3). +.PP +For information about all environment variables used by the OpenSSL libraries, +see \fIopenssl\-env\fR\|(7). +.IP "\fBOPENSSL_TRACE=\fR\fIname\fR[,...]" 4 +.IX Item "OPENSSL_TRACE=name[,...]" +Enable tracing output of OpenSSL library, by name. +This output will only make sense if you know OpenSSL internals well. +Also, it might not give you any output at all, depending on how +OpenSSL was built. +.Sp +The value is a comma separated list of names, with the following +available: +.RS 4 +.IP "\fB\s-1TRACE\s0\fR" 4 +.IX Item "TRACE" +The tracing functionality. +.IP "\fB\s-1TLS\s0\fR" 4 +.IX Item "TLS" +General \s-1SSL/TLS\s0. +.IP "\fB\s-1TLS_CIPHER\s0\fR" 4 +.IX Item "TLS_CIPHER" +\&\s-1SSL/TLS\s0 cipher. +.IP "\fB\s-1ENGINE_CONF\s0\fR" 4 +.IX Item "ENGINE_CONF" +\&\s-1ENGINE\s0 configuration. +.IP "\fB\s-1ENGINE_TABLE\s0\fR" 4 +.IX Item "ENGINE_TABLE" +The function that is used by \s-1RSA\s0, \s-1DSA\s0 (etc) code to select registered +ENGINEs, cache defaults and functional references (etc), will generate +debugging summaries. +.IP "\fB\s-1ENGINE_REF_COUNT\s0\fR" 4 +.IX Item "ENGINE_REF_COUNT" +Reference counts in the \s-1ENGINE\s0 structure will be monitored with a line +of generated for each change. +.IP "\fB\s-1PKCS5V2\s0\fR" 4 +.IX Item "PKCS5V2" +PKCS#5 v2 keygen. +.IP "\fB\s-1PKCS12_KEYGEN\s0\fR" 4 +.IX Item "PKCS12_KEYGEN" +PKCS#12 key generation. +.IP "\fB\s-1PKCS12_DECRYPT\s0\fR" 4 +.IX Item "PKCS12_DECRYPT" +PKCS#12 decryption. +.IP "\fBX509V3_POLICY\fR" 4 +.IX Item "X509V3_POLICY" +Generates the complete policy tree at various point during X.509 v3 +policy evaluation. +.IP "\fB\s-1BN_CTX\s0\fR" 4 +.IX Item "BN_CTX" +\&\s-1BIGNUM\s0 context. +.RE +.RS 4 +.RE +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\-asn1parse\fR\|(1), +\&\fIopenssl\-ca\fR\|(1), +\&\fIopenssl\-ciphers\fR\|(1), +\&\fIopenssl\-cms\fR\|(1), +\&\fIopenssl\-crl\fR\|(1), +\&\fIopenssl\-crl2pkcs7\fR\|(1), +\&\fIopenssl\-dgst\fR\|(1), +\&\fIopenssl\-dhparam\fR\|(1), +\&\fIopenssl\-dsa\fR\|(1), +\&\fIopenssl\-dsaparam\fR\|(1), +\&\fIopenssl\-ec\fR\|(1), +\&\fIopenssl\-ecparam\fR\|(1), +\&\fIopenssl\-enc\fR\|(1), +\&\fIopenssl\-engine\fR\|(1), +\&\fIopenssl\-errstr\fR\|(1), +\&\fIopenssl\-gendsa\fR\|(1), +\&\fIopenssl\-genpkey\fR\|(1), +\&\fIopenssl\-genrsa\fR\|(1), +\&\fIopenssl\-kdf\fR\|(1), +\&\fIopenssl\-mac\fR\|(1), +\&\fIopenssl\-nseq\fR\|(1), +\&\fIopenssl\-ocsp\fR\|(1), +\&\fIopenssl\-passwd\fR\|(1), +\&\fIopenssl\-pkcs12\fR\|(1), +\&\fIopenssl\-pkcs7\fR\|(1), +\&\fIopenssl\-pkcs8\fR\|(1), +\&\fIopenssl\-pkey\fR\|(1), +\&\fIopenssl\-pkeyparam\fR\|(1), +\&\fIopenssl\-pkeyutl\fR\|(1), +\&\fIopenssl\-prime\fR\|(1), +\&\fIopenssl\-rand\fR\|(1), +\&\fIopenssl\-rehash\fR\|(1), +\&\fIopenssl\-req\fR\|(1), +\&\fIopenssl\-rsa\fR\|(1), +\&\fIopenssl\-rsautl\fR\|(1), +\&\fIopenssl\-s_client\fR\|(1), +\&\fIopenssl\-s_server\fR\|(1), +\&\fIopenssl\-s_time\fR\|(1), +\&\fIopenssl\-sess_id\fR\|(1), +\&\fIopenssl\-smime\fR\|(1), +\&\fIopenssl\-speed\fR\|(1), +\&\fIopenssl\-spkac\fR\|(1), +\&\fIopenssl\-srp\fR\|(1), +\&\fIopenssl\-storeutl\fR\|(1), +\&\fIopenssl\-ts\fR\|(1), +\&\fIopenssl\-verify\fR\|(1), +\&\fIopenssl\-version\fR\|(1), +\&\fIopenssl\-x509\fR\|(1), +\&\fIconfig\fR\|(5), +\&\fIcrypto\fR\|(7), +\&\fIopenssl\-env\fR\|(7). +\&\fIssl\fR\|(7), +\&\fIx509v3_config\fR\|(5) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBlist\fR \-\fI\s-1XXX\s0\fR\fB\-algorithms\fR options were added in OpenSSL 1.0.0; +For notes on the availability of other commands, see their individual +manual pages. +.PP +The \fB\-issuer_checks\fR option is deprecated as of OpenSSL 1.1.0 and +is silently ignored. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man1/tsget.1 b/linux_amd64/share/man/man1/tsget.1 new file mode 100755 index 0000000..5354416 --- /dev/null +++ b/linux_amd64/share/man/man1/tsget.1 @@ -0,0 +1,315 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "TSGET 1" +.TH TSGET 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +tsget \- Time Stamping HTTP/HTTPS client +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBtsget\fR +\&\fB\-h\fR \fIserver_url\fR +[\fB\-e\fR \fIextension\fR] +[\fB\-o\fR \fIoutput\fR] +[\fB\-v\fR] +[\fB\-d\fR] +[\fB\-k\fR \fIprivate_key.pem\fR] +[\fB\-p\fR \fIkey_password\fR] +[\fB\-c\fR \fIclient_cert.pem\fR] +[\fB\-C\fR \fICA_certs.pem\fR] +[\fB\-P\fR \fICA_path\fR] +[\fB\-r\fR \fIfiles\fR] +[\fB\-g\fR \fIEGD_socket\fR] +[\fIrequest\fR ...] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command can be used for sending a timestamp request, as specified +in \s-1RFC\s0 3161, to a timestamp server over \s-1HTTP\s0 or \s-1HTTPS\s0 and storing the +timestamp response in a file. It cannot be used for creating the requests +and verifying responses, you have to use \fIopenssl\-ts\fR\|(1) to do that. This +command can send several requests to the server without closing the \s-1TCP\s0 +connection if more than one requests are specified on the command line. +.PP +This command sends the following \s-1HTTP\s0 request for each timestamp request: +.PP +.Vb 7 +\& POST url HTTP/1.1 +\& User\-Agent: OpenTSA tsget.pl/ +\& Host: : +\& Pragma: no\-cache +\& Content\-Type: application/timestamp\-query +\& Accept: application/timestamp\-reply +\& Content\-Length: length of body +\& +\& ...binary request specified by the user... +.Ve +.PP +It expects a response of type application/timestamp\-reply, which is +written to a file without any interpretation. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-h\fR \fIserver_url\fR" 4 +.IX Item "-h server_url" +The \s-1URL\s0 of the \s-1HTTP/HTTPS\s0 server listening for timestamp requests. +.IP "\fB\-e\fR \fIextension\fR" 4 +.IX Item "-e extension" +If the \fB\-o\fR option is not given this argument specifies the extension of the +output files. The base name of the output file will be the same as those of +the input files. Default extension is \fI.tsr\fR. (Optional) +.IP "\fB\-o\fR \fIoutput\fR" 4 +.IX Item "-o output" +This option can be specified only when just one request is sent to the +server. The timestamp response will be written to the given output file. '\-' +means standard output. In case of multiple timestamp requests or the absence +of this argument the names of the output files will be derived from the names +of the input files and the default or specified extension argument. (Optional) +.IP "\fB\-v\fR" 4 +.IX Item "-v" +The name of the currently processed request is printed on standard +error. (Optional) +.IP "\fB\-d\fR" 4 +.IX Item "-d" +Switches on verbose mode for the underlying perl module WWW::Curl::Easy. +You can see detailed debug messages for the connection. (Optional) +.IP "\fB\-k\fR \fIprivate_key.pem\fR" 4 +.IX Item "-k private_key.pem" +(\s-1HTTPS\s0) In case of certificate-based client authentication over \s-1HTTPS\s0 +\&\fIprivate_key.pem\fR must contain the private key of the user. The private key +file can optionally be protected by a passphrase. The \fB\-c\fR option must also +be specified. (Optional) +.IP "\fB\-p\fR \fIkey_password\fR" 4 +.IX Item "-p key_password" +(\s-1HTTPS\s0) Specifies the passphrase for the private key specified by the \fB\-k\fR +argument. If this option is omitted and the key is passphrase protected, +it will be prompted for. (Optional) +.IP "\fB\-c\fR \fIclient_cert.pem\fR" 4 +.IX Item "-c client_cert.pem" +(\s-1HTTPS\s0) In case of certificate-based client authentication over \s-1HTTPS\s0 +\&\fIclient_cert.pem\fR must contain the X.509 certificate of the user. The \fB\-k\fR +option must also be specified. If this option is not specified no +certificate-based client authentication will take place. (Optional) +.IP "\fB\-C\fR \fICA_certs.pem\fR" 4 +.IX Item "-C CA_certs.pem" +(\s-1HTTPS\s0) The trusted \s-1CA\s0 certificate store. The certificate chain of the peer's +certificate must include one of the \s-1CA\s0 certificates specified in this file. +Either option \fB\-C\fR or option \fB\-P\fR must be given in case of \s-1HTTPS\s0. (Optional) +.IP "\fB\-P\fR \fICA_path\fR" 4 +.IX Item "-P CA_path" +(\s-1HTTPS\s0) The path containing the trusted \s-1CA\s0 certificates to verify the peer's +certificate. The directory must be prepared with \fIopenssl\-rehash\fR\|(1). Either +option \fB\-C\fR or option \fB\-P\fR must be given in case of \s-1HTTPS\s0. (Optional) +.IP "\fB\-r\fR \fIfiles\fR" 4 +.IX Item "-r files" +See \*(L"Random State Options\*(R" in \fIopenssl\fR\|(1) for more information. +.IP "\fB\-g\fR \fIEGD_socket\fR" 4 +.IX Item "-g EGD_socket" +The name of an \s-1EGD\s0 socket to get random data from. (Optional) +.IP "\fIrequest\fR ..." 4 +.IX Item "request ..." +List of files containing \s-1RFC\s0 3161 DER-encoded timestamp requests. If no +requests are specified only one request will be sent to the server and it will +be read from the standard input. +(Optional) +.SH "ENVIRONMENT VARIABLES" +.IX Header "ENVIRONMENT VARIABLES" +The \fB\s-1TSGET\s0\fR environment variable can optionally contain default +arguments. The content of this variable is added to the list of command line +arguments. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The examples below presume that \fIfile1.tsq\fR and \fIfile2.tsq\fR contain valid +timestamp requests, tsa.opentsa.org listens at port 8080 for \s-1HTTP\s0 requests +and at port 8443 for \s-1HTTPS\s0 requests, the \s-1TSA\s0 service is available at the /tsa +absolute path. +.PP +Get a timestamp response for \fIfile1.tsq\fR over \s-1HTTP\s0, output is written to +\&\fIfile1.tsr\fR: +.PP +.Vb 1 +\& tsget \-h http://tsa.opentsa.org:8080/tsa file1.tsq +.Ve +.PP +Get a timestamp response for \fIfile1.tsq\fR and \fIfile2.tsq\fR over \s-1HTTP\s0 showing +progress, output is written to \fIfile1.reply\fR and \fIfile2.reply\fR respectively: +.PP +.Vb 2 +\& tsget \-h http://tsa.opentsa.org:8080/tsa \-v \-e .reply \e +\& file1.tsq file2.tsq +.Ve +.PP +Create a timestamp request, write it to \fIfile3.tsq\fR, send it to the server and +write the response to \fIfile3.tsr\fR: +.PP +.Vb 3 +\& openssl ts \-query \-data file3.txt \-cert | tee file3.tsq \e +\& | tsget \-h http://tsa.opentsa.org:8080/tsa \e +\& \-o file3.tsr +.Ve +.PP +Get a timestamp response for \fIfile1.tsq\fR over \s-1HTTPS\s0 without client +authentication: +.PP +.Vb 2 +\& tsget \-h https://tsa.opentsa.org:8443/tsa \e +\& \-C cacerts.pem file1.tsq +.Ve +.PP +Get a timestamp response for \fIfile1.tsq\fR over \s-1HTTPS\s0 with certificate-based +client authentication (it will ask for the passphrase if \fIclient_key.pem\fR is +protected): +.PP +.Vb 2 +\& tsget \-h https://tsa.opentsa.org:8443/tsa \-C cacerts.pem \e +\& \-k client_key.pem \-c client_cert.pem file1.tsq +.Ve +.PP +You can shorten the previous command line if you make use of the \fB\s-1TSGET\s0\fR +environment variable. The following commands do the same as the previous +example: +.PP +.Vb 4 +\& TSGET=\*(Aq\-h https://tsa.opentsa.org:8443/tsa \-C cacerts.pem \e +\& \-k client_key.pem \-c client_cert.pem\*(Aq +\& export TSGET +\& tsget file1.tsq +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIopenssl\-ts\fR\|(1), +WWW::Curl::Easy, +https://www.rfc\-editor.org/rfc/rfc3161.html +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/ADMISSIONS.3 b/linux_amd64/share/man/man3/ADMISSIONS.3 new file mode 100755 index 0000000..fe4a09f --- /dev/null +++ b/linux_amd64/share/man/man3/ADMISSIONS.3 @@ -0,0 +1,302 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ADMISSIONS 3" +.TH ADMISSIONS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ADMISSIONS, +ADMISSIONS_get0_admissionAuthority, +ADMISSIONS_get0_namingAuthority, +ADMISSIONS_get0_professionInfos, +ADMISSIONS_set0_admissionAuthority, +ADMISSIONS_set0_namingAuthority, +ADMISSIONS_set0_professionInfos, +ADMISSION_SYNTAX, +ADMISSION_SYNTAX_get0_admissionAuthority, +ADMISSION_SYNTAX_get0_contentsOfAdmissions, +ADMISSION_SYNTAX_set0_admissionAuthority, +ADMISSION_SYNTAX_set0_contentsOfAdmissions, +NAMING_AUTHORITY, +NAMING_AUTHORITY_get0_authorityId, +NAMING_AUTHORITY_get0_authorityURL, +NAMING_AUTHORITY_get0_authorityText, +NAMING_AUTHORITY_set0_authorityId, +NAMING_AUTHORITY_set0_authorityURL, +NAMING_AUTHORITY_set0_authorityText, +PROFESSION_INFO, +PROFESSION_INFOS, +PROFESSION_INFO_get0_addProfessionInfo, +PROFESSION_INFO_get0_namingAuthority, +PROFESSION_INFO_get0_professionItems, +PROFESSION_INFO_get0_professionOIDs, +PROFESSION_INFO_get0_registrationNumber, +PROFESSION_INFO_set0_addProfessionInfo, +PROFESSION_INFO_set0_namingAuthority, +PROFESSION_INFO_set0_professionItems, +PROFESSION_INFO_set0_professionOIDs, +PROFESSION_INFO_set0_registrationNumber +\&\- Accessors and settors for ADMISSION_SYNTAX +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 5 +\& typedef struct NamingAuthority_st NAMING_AUTHORITY; +\& typedef struct ProfessionInfo_st PROFESSION_INFO; +\& typedef STACK_OF(PROFESSION_INFO) PROFESSION_INFOS; +\& typedef struct Admissions_st ADMISSIONS; +\& typedef struct AdmissionSyntax_st ADMISSION_SYNTAX; +\& +\& const ASN1_OBJECT *NAMING_AUTHORITY_get0_authorityId( +\& const NAMING_AUTHORITY *n); +\& void NAMING_AUTHORITY_set0_authorityId(NAMING_AUTHORITY *n, +\& ASN1_OBJECT* namingAuthorityId); +\& const ASN1_IA5STRING *NAMING_AUTHORITY_get0_authorityURL( +\& const NAMING_AUTHORITY *n); +\& void NAMING_AUTHORITY_set0_authorityURL(NAMING_AUTHORITY *n, +\& ASN1_IA5STRING* namingAuthorityUrl); +\& const ASN1_STRING *NAMING_AUTHORITY_get0_authorityText( +\& const NAMING_AUTHORITY *n); +\& void NAMING_AUTHORITY_set0_authorityText(NAMING_AUTHORITY *n, +\& ASN1_STRING* namingAuthorityText); +\& +\& const GENERAL_NAME *ADMISSION_SYNTAX_get0_admissionAuthority( +\& const ADMISSION_SYNTAX *as); +\& void ADMISSION_SYNTAX_set0_admissionAuthority( +\& ADMISSION_SYNTAX *as, GENERAL_NAME *aa); +\& const STACK_OF(ADMISSIONS) *ADMISSION_SYNTAX_get0_contentsOfAdmissions( +\& const ADMISSION_SYNTAX *as); +\& void ADMISSION_SYNTAX_set0_contentsOfAdmissions( +\& ADMISSION_SYNTAX *as, STACK_OF(ADMISSIONS) *a); +\& +\& const GENERAL_NAME *ADMISSIONS_get0_admissionAuthority(const ADMISSIONS *a); +\& void ADMISSIONS_set0_admissionAuthority(ADMISSIONS *a, GENERAL_NAME *aa); +\& const NAMING_AUTHORITY *ADMISSIONS_get0_namingAuthority(const ADMISSIONS *a); +\& void ADMISSIONS_set0_namingAuthority(ADMISSIONS *a, NAMING_AUTHORITY *na); +\& const PROFESSION_INFOS *ADMISSIONS_get0_professionInfos(const ADMISSIONS *a); +\& void ADMISSIONS_set0_professionInfos(ADMISSIONS *a, PROFESSION_INFOS *pi); +\& +\& const ASN1_OCTET_STRING *PROFESSION_INFO_get0_addProfessionInfo( +\& const PROFESSION_INFO *pi); +\& void PROFESSION_INFO_set0_addProfessionInfo( +\& PROFESSION_INFO *pi, ASN1_OCTET_STRING *aos); +\& const NAMING_AUTHORITY *PROFESSION_INFO_get0_namingAuthority( +\& const PROFESSION_INFO *pi); +\& void PROFESSION_INFO_set0_namingAuthority( +\& PROFESSION_INFO *pi, NAMING_AUTHORITY *na); +\& const STACK_OF(ASN1_STRING) *PROFESSION_INFO_get0_professionItems( +\& const PROFESSION_INFO *pi); +\& void PROFESSION_INFO_set0_professionItems( +\& PROFESSION_INFO *pi, STACK_OF(ASN1_STRING) *as); +\& const STACK_OF(ASN1_OBJECT) *PROFESSION_INFO_get0_professionOIDs( +\& const PROFESSION_INFO *pi); +\& void PROFESSION_INFO_set0_professionOIDs( +\& PROFESSION_INFO *pi, STACK_OF(ASN1_OBJECT) *po); +\& const ASN1_PRINTABLESTRING *PROFESSION_INFO_get0_registrationNumber( +\& const PROFESSION_INFO *pi); +\& void PROFESSION_INFO_set0_registrationNumber( +\& PROFESSION_INFO *pi, ASN1_PRINTABLESTRING *rn); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1PROFESSION_INFOS\s0\fR, \fB\s-1ADMISSION_SYNTAX\s0\fR, \fB\s-1ADMISSIONS\s0\fR, and +\&\fB\s-1PROFESSION_INFO\s0\fR types are opaque structures representing the +analogous types defined in the Common \s-1PKI\s0 Specification published +by . +Knowledge of those structures and their semantics is assumed. +.PP +The conventional routines to convert between \s-1DER\s0 and the local format +are described in \fId2i_X509\fR\|(3). +The conventional routines to allocate and free the types are defined +in \fIX509_dup\fR\|(3). +.PP +The \fB\s-1PROFESSION_INFOS\s0\fR type is a stack of \fB\s-1PROFESSION_INFO\s0\fR; see +\&\s-1\fIDEFINE_STACK_OF\s0\fR\|(3) for details. +.PP +The \fB\s-1NAMING_AUTHORITY\s0\fR type has an authority \s-1ID\s0 and \s-1URL\s0, and text fields. +The \fINAMING_AUTHORITY_get0_authorityId()\fR, +\&\fINAMING_AUTHORITY_get0_get0_authorityURL()\fR, and +\&\fINAMING_AUTHORITY_get0_get0_authorityText()\fR, functions return pointers +to those values within the object. +The \fINAMING_AUTHORITY_set0_authorityId()\fR, +\&\fINAMING_AUTHORITY_set0_get0_authorityURL()\fR, and +\&\fINAMING_AUTHORITY_set0_get0_authorityText()\fR, +functions free any existing value and set the pointer to the specified value. +.PP +The \fB\s-1ADMISSION_SYNTAX\s0\fR type has an authority name and a stack of +\&\fB\s-1ADMISSION\s0\fR objects. +The \fIADMISSION_SYNTAX_get0_admissionAuthority()\fR +and \fIADMISSION_SYNTAX_get0_contentsOfAdmissions()\fR functions return pointers +to those values within the object. +The +\&\fIADMISSION_SYNTAX_set0_admissionAuthority()\fR and +\&\fIADMISSION_SYNTAX_set0_contentsOfAdmissions()\fR +functions free any existing value and set the pointer to the specified value. +.PP +The \fB\s-1ADMISSION\s0\fR type has an authority name, authority object, and a +stack of \fB\s-1PROFESSION_INFO\s0\fR items. +The \fIADMISSIONS_get0_admissionAuthority()\fR, \fIADMISSIONS_get0_namingAuthority()\fR, +and \fIADMISSIONS_get0_professionInfos()\fR +functions return pointers to those values within the object. +The +\&\fIADMISSIONS_set0_admissionAuthority()\fR, +\&\fIADMISSIONS_set0_namingAuthority()\fR, and +\&\fIADMISSIONS_set0_professionInfos()\fR +functions free any existing value and set the pointer to the specified value. +.PP +The \fB\s-1PROFESSION_INFO\s0\fR type has a name authority, stacks of +profession Items and OIDs, a registration number, and additional +profession info. +The functions \fIPROFESSION_INFO_get0_addProfessionInfo()\fR, +\&\fIPROFESSION_INFO_get0_namingAuthority()\fR, \fIPROFESSION_INFO_get0_professionItems()\fR, +\&\fIPROFESSION_INFO_get0_professionOIDs()\fR, and +\&\fIPROFESSION_INFO_get0_registrationNumber()\fR +functions return pointers to those values within the object. +The +\&\fIPROFESSION_INFO_set0_addProfessionInfo()\fR, +\&\fIPROFESSION_INFO_set0_namingAuthority()\fR, +\&\fIPROFESSION_INFO_set0_professionItems()\fR, +\&\fIPROFESSION_INFO_set0_professionOIDs()\fR, and +\&\fIPROFESSION_INFO_set0_registrationNumber()\fR +functions free any existing value and set the pointer to the specified value. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Described above. +Note that all of the \fIget0\fR functions return a pointer to the internal data +structure and must not be freed. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIX509_dup\fR\|(3), +\&\fId2i_X509\fR\|(3), +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/ASN1_INTEGER_get_int64.3 b/linux_amd64/share/man/man3/ASN1_INTEGER_get_int64.3 new file mode 100755 index 0000000..567ec63 --- /dev/null +++ b/linux_amd64/share/man/man3/ASN1_INTEGER_get_int64.3 @@ -0,0 +1,253 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASN1_INTEGER_GET_INT64 3" +.TH ASN1_INTEGER_GET_INT64 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ASN1_INTEGER_get_uint64, ASN1_INTEGER_set_uint64, +ASN1_INTEGER_get_int64, ASN1_INTEGER_get, ASN1_INTEGER_set_int64, ASN1_INTEGER_set, BN_to_ASN1_INTEGER, ASN1_INTEGER_to_BN, ASN1_ENUMERATED_get_int64, ASN1_ENUMERATED_get, ASN1_ENUMERATED_set_int64, ASN1_ENUMERATED_set, BN_to_ASN1_ENUMERATED, ASN1_ENUMERATED_to_BN +\&\- ASN.1 INTEGER and ENUMERATED utilities +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int ASN1_INTEGER_get_int64(int64_t *pr, const ASN1_INTEGER *a); +\& long ASN1_INTEGER_get(const ASN1_INTEGER *a); +\& +\& int ASN1_INTEGER_set_int64(ASN1_INTEGER *a, int64_t r); +\& int ASN1_INTEGER_set(const ASN1_INTEGER *a, long v); +\& +\& int ASN1_INTEGER_get_uint64(uint64_t *pr, const ASN1_INTEGER *a); +\& int ASN1_INTEGER_set_uint64(ASN1_INTEGER *a, uint64_t r); +\& +\& ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai); +\& BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn); +\& +\& int ASN1_ENUMERATED_get_int64(int64_t *pr, const ASN1_ENUMERATED *a); +\& long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a); +\& +\& int ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *a, int64_t r); +\& int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v); +\& +\& ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai); +\& BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions convert to and from \fB\s-1ASN1_INTEGER\s0\fR and \fB\s-1ASN1_ENUMERATED\s0\fR +structures. +.PP +\&\fIASN1_INTEGER_get_int64()\fR converts an \fB\s-1ASN1_INTEGER\s0\fR into an \fBint64_t\fR type +If successful it returns 1 and sets \fI*pr\fR to the value of \fIa\fR. If it fails +(due to invalid type or the value being too big to fit into an \fBint64_t\fR type) +it returns 0. +.PP +\&\fIASN1_INTEGER_get_uint64()\fR is similar to \fIASN1_INTEGER_get_int64_t()\fR except it +converts to a \fBuint64_t\fR type and an error is returned if the passed integer +is negative. +.PP +\&\fIASN1_INTEGER_get()\fR also returns the value of \fIa\fR but it returns 0 if \fIa\fR is +\&\s-1NULL\s0 and \-1 on error (which is ambiguous because \-1 is a legitimate value for +an \fB\s-1ASN1_INTEGER\s0\fR). New applications should use \fIASN1_INTEGER_get_int64()\fR +instead. +.PP +\&\fIASN1_INTEGER_set_int64()\fR sets the value of \fB\s-1ASN1_INTEGER\s0\fR \fIa\fR to the +\&\fBint64_t\fR value \fIr\fR. +.PP +\&\fIASN1_INTEGER_set_uint64()\fR sets the value of \fB\s-1ASN1_INTEGER\s0\fR \fIa\fR to the +\&\fBuint64_t\fR value \fIr\fR. +.PP +\&\fIASN1_INTEGER_set()\fR sets the value of \fB\s-1ASN1_INTEGER\s0\fR \fIa\fR to the \fIlong\fR value +\&\fIv\fR. +.PP +\&\fIBN_to_ASN1_INTEGER()\fR converts \fB\s-1BIGNUM\s0\fR \fIbn\fR to an \fB\s-1ASN1_INTEGER\s0\fR. If \fIai\fR +is \s-1NULL\s0 a new \fB\s-1ASN1_INTEGER\s0\fR structure is returned. If \fIai\fR is not \s-1NULL\s0 then +the existing structure will be used instead. +.PP +\&\fIASN1_INTEGER_to_BN()\fR converts \s-1ASN1_INTEGER\s0 \fIai\fR into a \fB\s-1BIGNUM\s0\fR. If \fIbn\fR is +\&\s-1NULL\s0 a new \fB\s-1BIGNUM\s0\fR structure is returned. If \fIbn\fR is not \s-1NULL\s0 then the +existing structure will be used instead. +.PP +\&\fIASN1_ENUMERATED_get_int64()\fR, \fIASN1_ENUMERATED_set_int64()\fR, +\&\fIASN1_ENUMERATED_set()\fR, \fIBN_to_ASN1_ENUMERATED()\fR and \fIASN1_ENUMERATED_to_BN()\fR +behave in an identical way to their \s-1ASN1_INTEGER\s0 counterparts except they +operate on an \fB\s-1ASN1_ENUMERATED\s0\fR value. +.PP +\&\fIASN1_ENUMERATED_get()\fR returns the value of \fIa\fR in a similar way to +\&\fIASN1_INTEGER_get()\fR but it returns \fB0xffffffffL\fR if the value of \fIa\fR will not +fit in a long type. New applications should use \fIASN1_ENUMERATED_get_int64()\fR +instead. +.SH "NOTES" +.IX Header "NOTES" +In general an \fB\s-1ASN1_INTEGER\s0\fR or \fB\s-1ASN1_ENUMERATED\s0\fR type can contain an +integer of almost arbitrary size and so cannot always be represented by a C +\&\fBint64_t\fR type. However in many cases (for example version numbers) they +represent small integers which can be more easily manipulated if converted to +an appropriate C integer type. +.SH "BUGS" +.IX Header "BUGS" +The ambiguous return values of \fIASN1_INTEGER_get()\fR and \fIASN1_ENUMERATED_get()\fR +mean these functions should be avoided if possible. They are retained for +compatibility. Normally the ambiguous return values are not legitimate +values for the fields they represent. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIASN1_INTEGER_set_int64()\fR, \fIASN1_INTEGER_set()\fR, \fIASN1_ENUMERATED_set_int64()\fR and +\&\fIASN1_ENUMERATED_set()\fR return 1 for success and 0 for failure. They will only +fail if a memory allocation error occurs. +.PP +\&\fIASN1_INTEGER_get_int64()\fR and \fIASN1_ENUMERATED_get_int64()\fR return 1 for success +and 0 for failure. They will fail if the passed type is incorrect (this will +only happen if there is a programming error) or if the value exceeds the range +of an \fBint64_t\fR type. +.PP +\&\fIBN_to_ASN1_INTEGER()\fR and \fIBN_to_ASN1_ENUMERATED()\fR return an \fB\s-1ASN1_INTEGER\s0\fR or +\&\fB\s-1ASN1_ENUMERATED\s0\fR structure respectively or \s-1NULL\s0 if an error occurs. They will +only fail due to a memory allocation error. +.PP +\&\fIASN1_INTEGER_to_BN()\fR and \fIASN1_ENUMERATED_to_BN()\fR return a \fB\s-1BIGNUM\s0\fR structure +of \s-1NULL\s0 if an error occurs. They can fail if the passed type is incorrect +(due to programming error) or due to a memory allocation failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIASN1_INTEGER_set_int64()\fR, \fIASN1_INTEGER_get_int64()\fR, +\&\fIASN1_ENUMERATED_set_int64()\fR and \fIASN1_ENUMERATED_get_int64()\fR +were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/ASN1_ITEM_lookup.3 b/linux_amd64/share/man/man3/ASN1_ITEM_lookup.3 new file mode 100755 index 0000000..349bd52 --- /dev/null +++ b/linux_amd64/share/man/man3/ASN1_ITEM_lookup.3 @@ -0,0 +1,162 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASN1_ITEM_LOOKUP 3" +.TH ASN1_ITEM_LOOKUP 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ASN1_ITEM_lookup, ASN1_ITEM_get \- lookup ASN.1 structures +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const ASN1_ITEM *ASN1_ITEM_lookup(const char *name); +\& const ASN1_ITEM *ASN1_ITEM_get(size_t i); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIASN1_ITEM_lookup()\fR returns the \fB\s-1ASN1_ITEM\s0\fR named \fIname\fR. +.PP +\&\fIASN1_ITEM_get()\fR returns the \fB\s-1ASN1_ITEM\s0\fR with index \fIi\fR. This function +returns \s-1NULL\s0 if the index \fIi\fR is out of range. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIASN1_ITEM_lookup()\fR and \fIASN1_ITEM_get()\fR return a valid \fB\s-1ASN1_ITEM\s0\fR structure +or \s-1NULL\s0 if an error occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/ASN1_OBJECT_new.3 b/linux_amd64/share/man/man3/ASN1_OBJECT_new.3 new file mode 100755 index 0000000..9558b6a --- /dev/null +++ b/linux_amd64/share/man/man3/ASN1_OBJECT_new.3 @@ -0,0 +1,173 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASN1_OBJECT_NEW 3" +.TH ASN1_OBJECT_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ASN1_OBJECT_new, ASN1_OBJECT_free \- object allocation functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& ASN1_OBJECT *ASN1_OBJECT_new(void); +\& void ASN1_OBJECT_free(ASN1_OBJECT *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1ASN1_OBJECT\s0\fR allocation routines, allocate and free an +\&\fB\s-1ASN1_OBJECT\s0\fR structure, which represents an \s-1ASN1\s0 \s-1OBJECT\s0 \s-1IDENTIFIER\s0. +.PP +\&\fIASN1_OBJECT_new()\fR allocates and initializes an \fB\s-1ASN1_OBJECT\s0\fR structure. +.PP +\&\fIASN1_OBJECT_free()\fR frees up the \fB\s-1ASN1_OBJECT\s0\fR structure \fIa\fR. +If \fIa\fR is \s-1NULL\s0, nothing is done. +.SH "NOTES" +.IX Header "NOTES" +Although \fIASN1_OBJECT_new()\fR allocates a new \fB\s-1ASN1_OBJECT\s0\fR structure it +is almost never used in applications. The \s-1ASN1\s0 object utility functions +such as \fIOBJ_nid2obj()\fR are used instead. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +If the allocation fails, \fIASN1_OBJECT_new()\fR returns \s-1NULL\s0 and sets an error +code that can be obtained by \fIERR_get_error\fR\|(3). +Otherwise it returns a pointer to the newly allocated structure. +.PP +\&\fIASN1_OBJECT_free()\fR returns no value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fId2i_ASN1_OBJECT\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/ASN1_STRING_TABLE_add.3 b/linux_amd64/share/man/man3/ASN1_STRING_TABLE_add.3 new file mode 100755 index 0000000..545b0b1 --- /dev/null +++ b/linux_amd64/share/man/man3/ASN1_STRING_TABLE_add.3 @@ -0,0 +1,187 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASN1_STRING_TABLE_ADD 3" +.TH ASN1_STRING_TABLE_ADD 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ASN1_STRING_TABLE, ASN1_STRING_TABLE_add, ASN1_STRING_TABLE_get, +ASN1_STRING_TABLE_cleanup \- ASN1_STRING_TABLE manipulation functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct asn1_string_table_st ASN1_STRING_TABLE; +\& +\& int ASN1_STRING_TABLE_add(int nid, long minsize, long maxsize, +\& unsigned long mask, unsigned long flags); +\& ASN1_STRING_TABLE * ASN1_STRING_TABLE_get(int nid); +\& void ASN1_STRING_TABLE_cleanup(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +.SS "Types" +.IX Subsection "Types" +\&\fB\s-1ASN1_STRING_TABLE\s0\fR is a table which holds string information +(basically minimum size, maximum size, type and etc) for a \s-1NID\s0 object. +.SS "Functions" +.IX Subsection "Functions" +\&\fIASN1_STRING_TABLE_add()\fR adds a new \fB\s-1ASN1_STRING_TABLE\s0\fR item into the +local \s-1ASN1\s0 string table based on the \fInid\fR along with other parameters. +.PP +If the item is already in the table, fields of \fB\s-1ASN1_STRING_TABLE\s0\fR are +updated (depending on the values of those parameters, e.g., \fIminsize\fR +and \fImaxsize\fR >= 0, \fImask\fR and \fIflags\fR != 0). If the \fInid\fR is standard, +a copy of the standard \fB\s-1ASN1_STRING_TABLE\s0\fR is created and updated with +other parameters. +.PP +\&\fIASN1_STRING_TABLE_get()\fR searches for an \fB\s-1ASN1_STRING_TABLE\s0\fR item based +on \fInid\fR. It will search the local table first, then the standard one. +.PP +\&\fIASN1_STRING_TABLE_cleanup()\fR frees all \fB\s-1ASN1_STRING_TABLE\s0\fR items added +by \fIASN1_STRING_TABLE_add()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIASN1_STRING_TABLE_add()\fR returns 1 on success, 0 if an error occurred. +.PP +\&\fIASN1_STRING_TABLE_get()\fR returns a valid \fB\s-1ASN1_STRING_TABLE\s0\fR structure +or \s-1NULL\s0 if nothing is found. +.PP +\&\fIASN1_STRING_TABLE_cleanup()\fR does not return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/ASN1_STRING_length.3 b/linux_amd64/share/man/man3/ASN1_STRING_length.3 new file mode 100755 index 0000000..3c1f3c8 --- /dev/null +++ b/linux_amd64/share/man/man3/ASN1_STRING_length.3 @@ -0,0 +1,235 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASN1_STRING_LENGTH 3" +.TH ASN1_STRING_LENGTH 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ASN1_STRING_dup, ASN1_STRING_cmp, ASN1_STRING_set, ASN1_STRING_length, +ASN1_STRING_type, ASN1_STRING_get0_data, ASN1_STRING_data, +ASN1_STRING_to_UTF8 \- ASN1_STRING utility functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int ASN1_STRING_length(ASN1_STRING *x); +\& const unsigned char * ASN1_STRING_get0_data(const ASN1_STRING *x); +\& unsigned char * ASN1_STRING_data(ASN1_STRING *x); +\& +\& ASN1_STRING * ASN1_STRING_dup(const ASN1_STRING *a); +\& +\& int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b); +\& +\& int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len); +\& +\& int ASN1_STRING_type(const ASN1_STRING *x); +\& +\& int ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions allow an \fB\s-1ASN1_STRING\s0\fR structure to be manipulated. +.PP +\&\fIASN1_STRING_length()\fR returns the length of the content of \fIx\fR. +.PP +\&\fIASN1_STRING_get0_data()\fR returns an internal pointer to the data of \fIx\fR. +Since this is an internal pointer it should \fBnot\fR be freed or +modified in any way. +.PP +\&\fIASN1_STRING_data()\fR is similar to \fIASN1_STRING_get0_data()\fR except the +returned value is not constant. This function is deprecated: +applications should use \fIASN1_STRING_get0_data()\fR instead. +.PP +\&\fIASN1_STRING_dup()\fR returns a copy of the structure \fIa\fR. +.PP +\&\fIASN1_STRING_cmp()\fR compares \fIa\fR and \fIb\fR returning 0 if the two +are identical. The string types and content are compared. +.PP +\&\fIASN1_STRING_set()\fR sets the data of string \fIstr\fR to the buffer +\&\fIdata\fR or length \fIlen\fR. The supplied data is copied. If \fIlen\fR +is \-1 then the length is determined by strlen(data). +.PP +\&\fIASN1_STRING_type()\fR returns the type of \fIx\fR, using standard constants +such as \fBV_ASN1_OCTET_STRING\fR. +.PP +\&\fIASN1_STRING_to_UTF8()\fR converts the string \fIin\fR to \s-1UTF8\s0 format, the +converted data is allocated in a buffer in \fI*out\fR. The length of +\&\fIout\fR is returned or a negative error code. The buffer \fI*out\fR +should be freed using \fIOPENSSL_free()\fR. +.SH "NOTES" +.IX Header "NOTES" +Almost all \s-1ASN1\s0 types in OpenSSL are represented as an \fB\s-1ASN1_STRING\s0\fR +structure. Other types such as \fB\s-1ASN1_OCTET_STRING\s0\fR are simply typedef'ed +to \fB\s-1ASN1_STRING\s0\fR and the functions call the \fB\s-1ASN1_STRING\s0\fR equivalents. +\&\fB\s-1ASN1_STRING\s0\fR is also used for some \fB\s-1CHOICE\s0\fR types which consist +entirely of primitive string types such as \fBDirectoryString\fR and +\&\fBTime\fR. +.PP +These functions should \fBnot\fR be used to examine or modify \fB\s-1ASN1_INTEGER\s0\fR +or \fB\s-1ASN1_ENUMERATED\s0\fR types: the relevant \fB\s-1INTEGER\s0\fR or \fB\s-1ENUMERATED\s0\fR +utility functions should be used instead. +.PP +In general it cannot be assumed that the data returned by \fIASN1_STRING_data()\fR +is null terminated or does not contain embedded nulls. The actual format +of the data will depend on the actual string type itself: for example +for an IA5String the data will be \s-1ASCII\s0, for a BMPString two bytes per +character in big endian format, and for an UTF8String it will be in \s-1UTF8\s0 format. +.PP +Similar care should be take to ensure the data is in the correct format +when calling \fIASN1_STRING_set()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIASN1_STRING_length()\fR returns the length of the content of \fIx\fR. +.PP +\&\fIASN1_STRING_get0_data()\fR and \fIASN1_STRING_data()\fR return an internal pointer to +the data of \fIx\fR. +.PP +\&\fIASN1_STRING_dup()\fR returns a valid \fB\s-1ASN1_STRING\s0\fR structure or \s-1NULL\s0 if an +error occurred. +.PP +\&\fIASN1_STRING_cmp()\fR returns an integer greater than, equal to, or less than 0, +according to whether \fIa\fR is greater than, equal to, or less than \fIb\fR. +.PP +\&\fIASN1_STRING_set()\fR returns 1 on success or 0 on error. +.PP +\&\fIASN1_STRING_type()\fR returns the type of \fIx\fR. +.PP +\&\fIASN1_STRING_to_UTF8()\fR returns the number of bytes in output string \fIout\fR or a +negative value if an error occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/ASN1_STRING_new.3 b/linux_amd64/share/man/man3/ASN1_STRING_new.3 new file mode 100755 index 0000000..c391206 --- /dev/null +++ b/linux_amd64/share/man/man3/ASN1_STRING_new.3 @@ -0,0 +1,174 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASN1_STRING_NEW 3" +.TH ASN1_STRING_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ASN1_STRING_new, ASN1_STRING_type_new, ASN1_STRING_free \- +ASN1_STRING allocation functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& ASN1_STRING * ASN1_STRING_new(void); +\& ASN1_STRING * ASN1_STRING_type_new(int type); +\& void ASN1_STRING_free(ASN1_STRING *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIASN1_STRING_new()\fR returns an allocated \fB\s-1ASN1_STRING\s0\fR structure. Its type +is undefined. +.PP +\&\fIASN1_STRING_type_new()\fR returns an allocated \fB\s-1ASN1_STRING\s0\fR structure of +type \fItype\fR. +.PP +\&\fIASN1_STRING_free()\fR frees up \fIa\fR. +If \fIa\fR is \s-1NULL\s0 nothing is done. +.SH "NOTES" +.IX Header "NOTES" +Other string types call the \fB\s-1ASN1_STRING\s0\fR functions. For example +\&\fIASN1_OCTET_STRING_new()\fR calls ASN1_STRING_type(V_ASN1_OCTET_STRING). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIASN1_STRING_new()\fR and \fIASN1_STRING_type_new()\fR return a valid +\&\fB\s-1ASN1_STRING\s0\fR structure or \s-1NULL\s0 if an error occurred. +.PP +\&\fIASN1_STRING_free()\fR does not return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/ASN1_STRING_print_ex.3 b/linux_amd64/share/man/man3/ASN1_STRING_print_ex.3 new file mode 100755 index 0000000..a7b9cee --- /dev/null +++ b/linux_amd64/share/man/man3/ASN1_STRING_print_ex.3 @@ -0,0 +1,237 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASN1_STRING_PRINT_EX 3" +.TH ASN1_STRING_PRINT_EX 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ASN1_tag2str, ASN1_STRING_print_ex, ASN1_STRING_print_ex_fp, ASN1_STRING_print +\&\- ASN1_STRING output routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int ASN1_STRING_print_ex(BIO *out, const ASN1_STRING *str, unsigned long flags); +\& int ASN1_STRING_print_ex_fp(FILE *fp, const ASN1_STRING *str, unsigned long flags); +\& int ASN1_STRING_print(BIO *out, const ASN1_STRING *str); +\& +\& const char *ASN1_tag2str(int tag); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions output an \fB\s-1ASN1_STRING\s0\fR structure. \fB\s-1ASN1_STRING\s0\fR is used to +represent all the \s-1ASN1\s0 string types. +.PP +\&\fIASN1_STRING_print_ex()\fR outputs \fIstr\fR to \fIout\fR, the format is determined by +the options \fIflags\fR. \fIASN1_STRING_print_ex_fp()\fR is identical except it outputs +to \fIfp\fR instead. +.PP +\&\fIASN1_STRING_print()\fR prints \fIstr\fR to \fIout\fR but using a different format to +\&\fIASN1_STRING_print_ex()\fR. It replaces unprintable characters (other than \s-1CR\s0, \s-1LF\s0) +with '.'. +.PP +\&\fIASN1_tag2str()\fR returns a human-readable name of the specified \s-1ASN\s0.1 \fItag\fR. +.SH "NOTES" +.IX Header "NOTES" +\&\fIASN1_STRING_print()\fR is a deprecated function which should be avoided; use +\&\fIASN1_STRING_print_ex()\fR instead. +.PP +Although there are a large number of options frequently \fB\s-1ASN1_STRFLGS_RFC2253\s0\fR is +suitable, or on \s-1UTF8\s0 terminals \fB\s-1ASN1_STRFLGS_RFC2253\s0 & ~ASN1_STRFLGS_ESC_MSB\fR. +.PP +The complete set of supported options for \fIflags\fR is listed below. +.PP +Various characters can be escaped. If \fB\s-1ASN1_STRFLGS_ESC_2253\s0\fR is set the characters +determined by \s-1RFC2253\s0 are escaped. If \fB\s-1ASN1_STRFLGS_ESC_CTRL\s0\fR is set control +characters are escaped. If \fB\s-1ASN1_STRFLGS_ESC_MSB\s0\fR is set characters with the +\&\s-1MSB\s0 set are escaped: this option should \fBnot\fR be used if the terminal correctly +interprets \s-1UTF8\s0 sequences. +.PP +Escaping takes several forms. +.PP +If the character being escaped is a 16 bit character then the form \*(L"\eUXXXX\*(R" is used +using exactly four characters for the hex representation. If it is 32 bits then +\&\*(L"\eWXXXXXXXX\*(R" is used using eight characters of its hex representation. These forms +will only be used if \s-1UTF8\s0 conversion is not set (see below). +.PP +Printable characters are normally escaped using the backslash '\e' character. If +\&\fB\s-1ASN1_STRFLGS_ESC_QUOTE\s0\fR is set then the whole string is instead surrounded by +double quote characters: this is arguably more readable than the backslash +notation. Other characters use the \*(L"\eXX\*(R" using exactly two characters of the hex +representation. +.PP +If \fB\s-1ASN1_STRFLGS_UTF8_CONVERT\s0\fR is set then characters are converted to \s-1UTF8\s0 +format first. If the terminal supports the display of \s-1UTF8\s0 sequences then this +option will correctly display multi byte characters. +.PP +If \fB\s-1ASN1_STRFLGS_IGNORE_TYPE\s0\fR is set then the string type is not interpreted at +all: everything is assumed to be one byte per character. This is primarily for +debugging purposes and can result in confusing output in multi character strings. +.PP +If \fB\s-1ASN1_STRFLGS_SHOW_TYPE\s0\fR is set then the string type itself is printed out +before its value (for example \*(L"\s-1BMPSTRING\s0\*(R"), this actually uses \fIASN1_tag2str()\fR. +.PP +The content of a string instead of being interpreted can be \*(L"dumped\*(R": this just +outputs the value of the string using the form #XXXX using hex format for each +octet. +.PP +If \fB\s-1ASN1_STRFLGS_DUMP_ALL\s0\fR is set then any type is dumped. +.PP +Normally non character string types (such as \s-1OCTET\s0 \s-1STRING\s0) are assumed to be +one byte per character, if \fB\s-1ASN1_STRFLGS_DUMP_UNKNOWN\s0\fR is set then they will +be dumped instead. +.PP +When a type is dumped normally just the content octets are printed, if +\&\fB\s-1ASN1_STRFLGS_DUMP_DER\s0\fR is set then the complete encoding is dumped +instead (including tag and length octets). +.PP +\&\fB\s-1ASN1_STRFLGS_RFC2253\s0\fR includes all the flags required by \s-1RFC2253\s0. It is +equivalent to: + \s-1ASN1_STRFLGS_ESC_2253\s0 | \s-1ASN1_STRFLGS_ESC_CTRL\s0 | \s-1ASN1_STRFLGS_ESC_MSB\s0 | + \s-1ASN1_STRFLGS_UTF8_CONVERT\s0 | \s-1ASN1_STRFLGS_DUMP_UNKNOWN\s0 \s-1ASN1_STRFLGS_DUMP_DER\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIASN1_STRING_print_ex()\fR and \fIASN1_STRING_print_ex_fp()\fR return the number of +characters written or \-1 if an error occurred. +.PP +\&\fIASN1_STRING_print()\fR returns 1 on success or 0 on error. +.PP +\&\fIASN1_tag2str()\fR returns a human-readable name of the specified \s-1ASN\s0.1 \fItag\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIX509_NAME_print_ex\fR\|(3), +\&\fIASN1_tag2str\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/ASN1_TIME_set.3 b/linux_amd64/share/man/man3/ASN1_TIME_set.3 new file mode 100755 index 0000000..984e455 --- /dev/null +++ b/linux_amd64/share/man/man3/ASN1_TIME_set.3 @@ -0,0 +1,398 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASN1_TIME_SET 3" +.TH ASN1_TIME_SET 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ASN1_TIME_set, ASN1_UTCTIME_set, ASN1_GENERALIZEDTIME_set, +ASN1_TIME_adj, ASN1_UTCTIME_adj, ASN1_GENERALIZEDTIME_adj, +ASN1_TIME_check, ASN1_UTCTIME_check, ASN1_GENERALIZEDTIME_check, +ASN1_TIME_set_string, ASN1_UTCTIME_set_string, ASN1_GENERALIZEDTIME_set_string, +ASN1_TIME_set_string_X509, +ASN1_TIME_normalize, +ASN1_TIME_to_tm, +ASN1_TIME_print, ASN1_UTCTIME_print, ASN1_GENERALIZEDTIME_print, +ASN1_TIME_diff, +ASN1_TIME_cmp_time_t, ASN1_UTCTIME_cmp_time_t, +ASN1_TIME_compare, +ASN1_TIME_to_generalizedtime, +ASN1_TIME_dup, ASN1_UTCTIME_dup, ASN1_GENERALIZEDTIME_dup \- ASN.1 Time functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 4 +\& ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t); +\& ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t); +\& ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s, +\& time_t t); +\& +\& ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t, int offset_day, +\& long offset_sec); +\& ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, +\& int offset_day, long offset_sec); +\& ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s, +\& time_t t, int offset_day, +\& long offset_sec); +\& +\& int ASN1_TIME_set_string(ASN1_TIME *s, const char *str); +\& int ASN1_TIME_set_string_X509(ASN1_TIME *s, const char *str); +\& int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str); +\& int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, +\& const char *str); +\& +\& int ASN1_TIME_normalize(ASN1_TIME *s); +\& +\& int ASN1_TIME_check(const ASN1_TIME *t); +\& int ASN1_UTCTIME_check(const ASN1_UTCTIME *t); +\& int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *t); +\& +\& int ASN1_TIME_print(BIO *b, const ASN1_TIME *s); +\& int ASN1_UTCTIME_print(BIO *b, const ASN1_UTCTIME *s); +\& int ASN1_GENERALIZEDTIME_print(BIO *b, const ASN1_GENERALIZEDTIME *s); +\& +\& int ASN1_TIME_to_tm(const ASN1_TIME *s, struct tm *tm); +\& int ASN1_TIME_diff(int *pday, int *psec, const ASN1_TIME *from, +\& const ASN1_TIME *to); +\& +\& int ASN1_TIME_cmp_time_t(const ASN1_TIME *s, time_t t); +\& int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t); +\& +\& int ASN1_TIME_compare(const ASN1_TIME *a, const ASN1_TIME *b); +\& +\& ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, +\& ASN1_GENERALIZEDTIME **out); +\& +\& ASN1_TIME *ASN1_TIME_dup(const ASN1_TIME *t); +\& ASN1_UTCTIME *ASN1_UTCTIME_dup(const ASN1_UTCTIME *t); +\& ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_dup(const ASN1_GENERALIZEDTIME *t); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fIASN1_TIME_set()\fR, \fIASN1_UTCTIME_set()\fR and \fIASN1_GENERALIZEDTIME_set()\fR +functions set the structure \fIs\fR to the time represented by the time_t +value \fIt\fR. If \fIs\fR is \s-1NULL\s0 a new time structure is allocated and returned. +.PP +The \fIASN1_TIME_adj()\fR, \fIASN1_UTCTIME_adj()\fR and \fIASN1_GENERALIZEDTIME_adj()\fR +functions set the time structure \fIs\fR to the time represented +by the time \fIoffset_day\fR and \fIoffset_sec\fR after the time_t value \fIt\fR. +The values of \fIoffset_day\fR or \fIoffset_sec\fR can be negative to set a +time before \fIt\fR. The \fIoffset_sec\fR value can also exceed the number of +seconds in a day. If \fIs\fR is \s-1NULL\s0 a new structure is allocated +and returned. +.PP +The \fIASN1_TIME_set_string()\fR, \fIASN1_UTCTIME_set_string()\fR and +\&\fIASN1_GENERALIZEDTIME_set_string()\fR functions set the time structure \fIs\fR +to the time represented by string \fIstr\fR which must be in appropriate \s-1ASN\s0.1 +time format (for example \s-1YYMMDDHHMMSSZ\s0 or \s-1YYYYMMDDHHMMSSZ\s0). If \fIs\fR is \s-1NULL\s0 +this function performs a format check on \fIstr\fR only. The string \fIstr\fR +is copied into \fIs\fR. +.PP +\&\fIASN1_TIME_set_string_X509()\fR sets \fB\s-1ASN1_TIME\s0\fR structure \fIs\fR to the time +represented by string \fIstr\fR which must be in appropriate time format +that \s-1RFC\s0 5280 requires, which means it only allows \s-1YYMMDDHHMMSSZ\s0 and +\&\s-1YYYYMMDDHHMMSSZ\s0 (leap second is rejected), all other \s-1ASN\s0.1 time format +are not allowed. If \fIs\fR is \s-1NULL\s0 this function performs a format check +on \fIstr\fR only. +.PP +The \fIASN1_TIME_normalize()\fR function converts an \fB\s-1ASN1_GENERALIZEDTIME\s0\fR or +\&\fB\s-1ASN1_UTCTIME\s0\fR into a time value that can be used in a certificate. It +should be used after the \fIASN1_TIME_set_string()\fR functions and before +\&\fIASN1_TIME_print()\fR functions to get consistent (i.e. \s-1GMT\s0) results. +.PP +The \fIASN1_TIME_check()\fR, \fIASN1_UTCTIME_check()\fR and \fIASN1_GENERALIZEDTIME_check()\fR +functions check the syntax of the time structure \fIs\fR. +.PP +The \fIASN1_TIME_print()\fR, \fIASN1_UTCTIME_print()\fR and \fIASN1_GENERALIZEDTIME_print()\fR +functions print the time structure \fIs\fR to \s-1BIO\s0 \fIb\fR in human readable +format. It will be of the format \s-1MMM\s0 \s-1DD\s0 \s-1HH:MM:SS\s0 \s-1YYYY\s0 [\s-1GMT\s0], for example +\&\*(L"Feb 3 00:55:52 2015 \s-1GMT\s0\*(R" it does not include a newline. If the time +structure has invalid format it prints out \*(L"Bad time value\*(R" and returns +an error. The output for generalized time may include a fractional part +following the second. +.PP +\&\fIASN1_TIME_to_tm()\fR converts the time \fIs\fR to the standard \fItm\fR structure. +If \fIs\fR is \s-1NULL\s0, then the current time is converted. The output time is \s-1GMT\s0. +The \fItm_sec\fR, \fItm_min\fR, \fItm_hour\fR, \fItm_mday\fR, \fItm_wday\fR, \fItm_yday\fR, +\&\fItm_mon\fR and \fItm_year\fR fields of \fItm\fR structure are set to proper values, +whereas all other fields are set to 0. If \fItm\fR is \s-1NULL\s0 this function performs +a format check on \fIs\fR only. If \fIs\fR is in Generalized format with fractional +seconds, e.g. \s-1YYYYMMDDHHMMSS\s0.SSSZ, the fractional seconds will be lost while +converting \fIs\fR to \fItm\fR structure. +.PP +\&\fIASN1_TIME_diff()\fR sets \fI*pday\fR and \fI*psec\fR to the time difference between +\&\fIfrom\fR and \fIto\fR. If \fIto\fR represents a time later than \fIfrom\fR then +one or both (depending on the time difference) of \fI*pday\fR and \fI*psec\fR +will be positive. If \fIto\fR represents a time earlier than \fIfrom\fR then +one or both of \fI*pday\fR and \fI*psec\fR will be negative. If \fIto\fR and \fIfrom\fR +represent the same time then \fI*pday\fR and \fI*psec\fR will both be zero. +If both \fI*pday\fR and \fI*psec\fR are nonzero they will always have the same +sign. The value of \fI*psec\fR will always be less than the number of seconds +in a day. If \fIfrom\fR or \fIto\fR is \s-1NULL\s0 the current time is used. +.PP +The \fIASN1_TIME_cmp_time_t()\fR and \fIASN1_UTCTIME_cmp_time_t()\fR functions compare +the two times represented by the time structure \fIs\fR and the time_t \fIt\fR. +.PP +The \fIASN1_TIME_compare()\fR function compares the two times represented by the +time structures \fIa\fR and \fIb\fR. +.PP +The \fIASN1_TIME_to_generalizedtime()\fR function converts an \fB\s-1ASN1_TIME\s0\fR to an +\&\fB\s-1ASN1_GENERALIZEDTIME\s0\fR, regardless of year. If either \fIout\fR or +\&\fI*out\fR are \s-1NULL\s0, then a new object is allocated and must be freed after use. +.PP +The \fIASN1_TIME_dup()\fR, \fIASN1_UTCTIME_dup()\fR and \fIASN1_GENERALIZEDTIME_dup()\fR functions +duplicate the time structure \fIt\fR and return the duplicated result +correspondingly. +.SH "NOTES" +.IX Header "NOTES" +The \fB\s-1ASN1_TIME\s0\fR structure corresponds to the \s-1ASN\s0.1 structure \fBTime\fR +defined in \s-1RFC5280\s0 et al. The time setting functions obey the rules outlined +in \s-1RFC5280:\s0 if the date can be represented by UTCTime it is used, else +GeneralizedTime is used. +.PP +The \fB\s-1ASN1_TIME\s0\fR, \fB\s-1ASN1_UTCTIME\s0\fR and \fB\s-1ASN1_GENERALIZEDTIME\s0\fR structures are +represented as an \fB\s-1ASN1_STRING\s0\fR internally and can be freed up using +\&\fIASN1_STRING_free()\fR. +.PP +The \fB\s-1ASN1_TIME\s0\fR structure can represent years from 0000 to 9999 but no attempt +is made to correct ancient calendar changes (for example from Julian to +Gregorian calendars). +.PP +\&\fB\s-1ASN1_UTCTIME\s0\fR is limited to a year range of 1950 through 2049. +.PP +Some applications add offset times directly to a time_t value and pass the +results to \fIASN1_TIME_set()\fR (or equivalent). This can cause problems as the +time_t value can overflow on some systems resulting in unexpected results. +New applications should use \fIASN1_TIME_adj()\fR instead and pass the offset value +in the \fIoffset_sec\fR and \fIoffset_day\fR parameters instead of directly +manipulating a time_t value. +.PP +\&\fIASN1_TIME_adj()\fR may change the type from \fB\s-1ASN1_GENERALIZEDTIME\s0\fR to +\&\fB\s-1ASN1_UTCTIME\s0\fR, or vice versa, based on the resulting year. +\&\fIASN1_GENERALIZEDTIME_adj()\fR and \fIASN1_UTCTIME_adj()\fR will not modify the type +of the return structure. +.PP +It is recommended that functions starting with \fB\s-1ASN1_TIME\s0\fR be used instead of +those starting with \fB\s-1ASN1_UTCTIME\s0\fR or \fB\s-1ASN1_GENERALIZEDTIME\s0\fR. The functions +starting with \fB\s-1ASN1_UTCTIME\s0\fR and \fB\s-1ASN1_GENERALIZEDTIME\s0\fR act only on that +specific time format. The functions starting with \fB\s-1ASN1_TIME\s0\fR will operate on +either format. +.SH "BUGS" +.IX Header "BUGS" +\&\fIASN1_TIME_print()\fR, \fIASN1_UTCTIME_print()\fR and \fIASN1_GENERALIZEDTIME_print()\fR +do not print out the timezone: it either prints out \*(L"\s-1GMT\s0\*(R" or nothing. But all +certificates complying with \s-1RFC5280\s0 et al use \s-1GMT\s0 anyway. +.PP +Use the \fIASN1_TIME_normalize()\fR function to normalize the time value before +printing to get \s-1GMT\s0 results. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIASN1_TIME_set()\fR, \fIASN1_UTCTIME_set()\fR, \fIASN1_GENERALIZEDTIME_set()\fR, +\&\fIASN1_TIME_adj()\fR, \fIASN1_UTCTIME_adj()\fR and \fIASN1_GENERALIZEDTIME_set()\fR return +a pointer to a time structure or \s-1NULL\s0 if an error occurred. +.PP +\&\fIASN1_TIME_set_string()\fR, \fIASN1_UTCTIME_set_string()\fR, +\&\fIASN1_GENERALIZEDTIME_set_string()\fR and \fIASN1_TIME_set_string_X509()\fR return +1 if the time value is successfully set and 0 otherwise. +.PP +\&\fIASN1_TIME_normalize()\fR returns 1 on success, and 0 on error. +.PP +\&\fIASN1_TIME_check()\fR, ASN1_UTCTIME_check and \fIASN1_GENERALIZEDTIME_check()\fR return 1 +if the structure is syntactically correct and 0 otherwise. +.PP +\&\fIASN1_TIME_print()\fR, \fIASN1_UTCTIME_print()\fR and \fIASN1_GENERALIZEDTIME_print()\fR return +1 if the time is successfully printed out and 0 if an error occurred (I/O error +or invalid time format). +.PP +\&\fIASN1_TIME_to_tm()\fR returns 1 if the time is successfully parsed and 0 if an +error occurred (invalid time format). +.PP +\&\fIASN1_TIME_diff()\fR returns 1 for success and 0 for failure. It can fail if the +passed-in time structure has invalid syntax, for example. +.PP +\&\fIASN1_TIME_cmp_time_t()\fR and \fIASN1_UTCTIME_cmp_time_t()\fR return \-1 if \fIs\fR is +before \fIt\fR, 0 if \fIs\fR equals \fIt\fR, or 1 if \fIs\fR is after \fIt\fR. \-2 is returned +on error. +.PP +\&\fIASN1_TIME_compare()\fR returns \-1 if \fIa\fR is before \fIb\fR, 0 if \fIa\fR equals \fIb\fR, +or 1 if \fIa\fR is after \fIb\fR. \-2 is returned on error. +.PP +\&\fIASN1_TIME_to_generalizedtime()\fR returns a pointer to the appropriate time +structure on success or \s-1NULL\s0 if an error occurred. +.PP +\&\fIASN1_TIME_dup()\fR, \fIASN1_UTCTIME_dup()\fR and \fIASN1_GENERALIZEDTIME_dup()\fR return a +pointer to a time structure or \s-1NULL\s0 if an error occurred. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Set a time structure to one hour after the current time and print it out: +.PP +.Vb 2 +\& #include +\& #include +\& +\& ASN1_TIME *tm; +\& time_t t; +\& BIO *b; +\& +\& t = time(NULL); +\& tm = ASN1_TIME_adj(NULL, t, 0, 60 * 60); +\& b = BIO_new_fp(stdout, BIO_NOCLOSE); +\& ASN1_TIME_print(b, tm); +\& ASN1_STRING_free(tm); +\& BIO_free(b); +.Ve +.PP +Determine if one time is later or sooner than the current time: +.PP +.Vb 1 +\& int day, sec; +\& +\& if (!ASN1_TIME_diff(&day, &sec, NULL, to)) +\& /* Invalid time format */ +\& +\& if (day > 0 || sec > 0) +\& printf("Later\en"); +\& else if (day < 0 || sec < 0) +\& printf("Sooner\en"); +\& else +\& printf("Same\en"); +.Ve +.SH "HISTORY" +.IX Header "HISTORY" +The \fIASN1_TIME_to_tm()\fR function was added in OpenSSL 1.1.1. +The \fIASN1_TIME_set_string_X509()\fR function was added in OpenSSL 1.1.1. +The \fIASN1_TIME_normalize()\fR function was added in OpenSSL 1.1.1. +The \fIASN1_TIME_cmp_time_t()\fR function was added in OpenSSL 1.1.1. +The \fIASN1_TIME_compare()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/ASN1_TYPE_get.3 b/linux_amd64/share/man/man3/ASN1_TYPE_get.3 new file mode 100755 index 0000000..feb9ab8 --- /dev/null +++ b/linux_amd64/share/man/man3/ASN1_TYPE_get.3 @@ -0,0 +1,224 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASN1_TYPE_GET 3" +.TH ASN1_TYPE_GET 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ASN1_TYPE_get, ASN1_TYPE_set, ASN1_TYPE_set1, ASN1_TYPE_cmp, ASN1_TYPE_unpack_sequence, ASN1_TYPE_pack_sequence \- ASN1_TYPE utility +functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int ASN1_TYPE_get(const ASN1_TYPE *a); +\& void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value); +\& int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value); +\& int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b); +\& +\& void *ASN1_TYPE_unpack_sequence(const ASN1_ITEM *it, const ASN1_TYPE *t); +\& ASN1_TYPE *ASN1_TYPE_pack_sequence(const ASN1_ITEM *it, void *s, +\& ASN1_TYPE **t); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions allow an \fB\s-1ASN1_TYPE\s0\fR structure to be manipulated. The +\&\fB\s-1ASN1_TYPE\s0\fR structure can contain any \s-1ASN\s0.1 type or constructed type +such as a \s-1SEQUENCE:\s0 it is effectively equivalent to the \s-1ASN\s0.1 \s-1ANY\s0 type. +.PP +\&\fIASN1_TYPE_get()\fR returns the type of \fIa\fR. +.PP +\&\fIASN1_TYPE_set()\fR sets the value of \fIa\fR to \fItype\fR and \fIvalue\fR. This +function uses the pointer \fIvalue\fR internally so it must \fBnot\fR be freed +up after the call. +.PP +\&\fIASN1_TYPE_set1()\fR sets the value of \fIa\fR to \fItype\fR a copy of \fIvalue\fR. +.PP +\&\fIASN1_TYPE_cmp()\fR compares \s-1ASN\s0.1 types \fIa\fR and \fIb\fR and returns 0 if +they are identical and nonzero otherwise. +.PP +\&\fIASN1_TYPE_unpack_sequence()\fR attempts to parse the \s-1SEQUENCE\s0 present in +\&\fIt\fR using the \s-1ASN\s0.1 structure \fIit\fR. If successful it returns a pointer +to the \s-1ASN\s0.1 structure corresponding to \fIit\fR which must be freed by the +caller. If it fails it return \s-1NULL\s0. +.PP +\&\fIASN1_TYPE_pack_sequence()\fR attempts to encode the \s-1ASN\s0.1 structure \fIs\fR +corresponding to \fIit\fR into an \fB\s-1ASN1_TYPE\s0\fR. If successful the encoded +\&\fB\s-1ASN1_TYPE\s0\fR is returned. If \fIt\fR and \fI*t\fR are not \s-1NULL\s0 the encoded type +is written to \fIt\fR overwriting any existing data. If \fIt\fR is not \s-1NULL\s0 +but \fI*t\fR is \s-1NULL\s0 the returned \fB\s-1ASN1_TYPE\s0\fR is written to \fI*t\fR. +.SH "NOTES" +.IX Header "NOTES" +The type and meaning of the \fIvalue\fR parameter for \fIASN1_TYPE_set()\fR and +\&\fIASN1_TYPE_set1()\fR is determined by the \fItype\fR parameter. +If \fItype\fR is \fBV_ASN1_NULL\fR \fIvalue\fR is ignored. If \fItype\fR is +\&\fBV_ASN1_BOOLEAN\fR +then the boolean is set to \s-1TRUE\s0 if \fIvalue\fR is not \s-1NULL\s0. If \fItype\fR is +\&\fBV_ASN1_OBJECT\fR then value is an \fB\s-1ASN1_OBJECT\s0\fR structure. Otherwise \fItype\fR +is and \fB\s-1ASN1_STRING\s0\fR structure. If \fItype\fR corresponds to a primitive type +(or a string type) then the contents of the \fB\s-1ASN1_STRING\s0\fR contain the content +octets of the type. If \fItype\fR corresponds to a constructed type or +a tagged type (\fBV_ASN1_SEQUENCE\fR, \fBV_ASN1_SET\fR or \fBV_ASN1_OTHER\fR) then the +\&\fB\s-1ASN1_STRING\s0\fR contains the entire \s-1ASN\s0.1 encoding verbatim (including tag and +length octets). +.PP +\&\fIASN1_TYPE_cmp()\fR may not return zero if two types are equivalent but have +different encodings. For example the single content octet of the boolean \s-1TRUE\s0 +value under \s-1BER\s0 can have any nonzero encoding but \fIASN1_TYPE_cmp()\fR will +only return zero if the values are the same. +.PP +If either or both of the parameters passed to \fIASN1_TYPE_cmp()\fR is \s-1NULL\s0 the +return value is nonzero. Technically if both parameters are \s-1NULL\s0 the two +types could be absent \s-1OPTIONAL\s0 fields and so should match, however passing +\&\s-1NULL\s0 values could also indicate a programming error (for example an +unparsable type which returns \s-1NULL\s0) for types which do \fBnot\fR match. So +applications should handle the case of two absent values separately. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIASN1_TYPE_get()\fR returns the type of the \fB\s-1ASN1_TYPE\s0\fR argument. +.PP +\&\fIASN1_TYPE_set()\fR does not return a value. +.PP +\&\fIASN1_TYPE_set1()\fR returns 1 for success and 0 for failure. +.PP +\&\fIASN1_TYPE_cmp()\fR returns 0 if the types are identical and nonzero otherwise. +.PP +\&\fIASN1_TYPE_unpack_sequence()\fR returns a pointer to an \s-1ASN\s0.1 structure or +\&\s-1NULL\s0 on failure. +.PP +\&\fIASN1_TYPE_pack_sequence()\fR return an \fB\s-1ASN1_TYPE\s0\fR structure if it succeeds or +\&\s-1NULL\s0 on failure. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/ASN1_generate_nconf.3 b/linux_amd64/share/man/man3/ASN1_generate_nconf.3 new file mode 100755 index 0000000..08eb3f8 --- /dev/null +++ b/linux_amd64/share/man/man3/ASN1_generate_nconf.3 @@ -0,0 +1,372 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASN1_GENERATE_NCONF 3" +.TH ASN1_GENERATE_NCONF 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ASN1_generate_nconf, ASN1_generate_v3 \- ASN1 generation functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& ASN1_TYPE *ASN1_generate_nconf(const char *str, CONF *nconf); +\& ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions generate the \s-1ASN1\s0 encoding of a string +in an \fB\s-1ASN1_TYPE\s0\fR structure. +.PP +\&\fIstr\fR contains the string to encode \fInconf\fR or \fIcnf\fR contains +the optional configuration information where additional strings +will be read from. \fInconf\fR will typically come from a config +file whereas \fIcnf\fR is obtained from an \fBX509V3_CTX\fR structure +which will typically be used by X509 v3 certificate extension +functions. \fIcnf\fR or \fInconf\fR can be set to \s-1NULL\s0 if no additional +configuration will be used. +.SH "GENERATION STRING FORMAT" +.IX Header "GENERATION STRING FORMAT" +The actual data encoded is determined by the string \fIstr\fR and +the configuration information. The general format of the string +is: +.IP "[\fImodifier\fR,]\fItype\fR[:\fIvalue\fR]" 4 +.IX Item "[modifier,]type[:value]" +.PP +That is zero or more comma separated modifiers followed by a type +followed by an optional colon and a value. The formats of \fItype\fR, +\&\fIvalue\fR and \fImodifier\fR are explained below. +.SS "Supported Types" +.IX Subsection "Supported Types" +The supported types are listed below. Unless otherwise specified +only the \fB\s-1ASCII\s0\fR format is permissible. +.IP "\fB\s-1BOOLEAN\s0\fR, \fB\s-1BOOL\s0\fR" 4 +.IX Item "BOOLEAN, BOOL" +This encodes a boolean type. The \fIvalue\fR string is mandatory and +should be \fB\s-1TRUE\s0\fR or \fB\s-1FALSE\s0\fR. Additionally \fB\s-1TRUE\s0\fR, \fBtrue\fR, \fBY\fR, +\&\fBy\fR, \fB\s-1YES\s0\fR, \fByes\fR, \fB\s-1FALSE\s0\fR, \fBfalse\fR, \fBN\fR, \fBn\fR, \fB\s-1NO\s0\fR and \fBno\fR +are acceptable. +.IP "\fB\s-1NULL\s0\fR" 4 +.IX Item "NULL" +Encode the \fB\s-1NULL\s0\fR type, the \fIvalue\fR string must not be present. +.IP "\fB\s-1INTEGER\s0\fR, \fB\s-1INT\s0\fR" 4 +.IX Item "INTEGER, INT" +Encodes an \s-1ASN1\s0 \fB\s-1INTEGER\s0\fR type. The \fIvalue\fR string represents +the value of the integer, it can be prefaced by a minus sign and +is normally interpreted as a decimal value unless the prefix \fB0x\fR +is included. +.IP "\fB\s-1ENUMERATED\s0\fR, \fB\s-1ENUM\s0\fR" 4 +.IX Item "ENUMERATED, ENUM" +Encodes the \s-1ASN1\s0 \fB\s-1ENUMERATED\s0\fR type, it is otherwise identical to +\&\fB\s-1INTEGER\s0\fR. +.IP "\fB\s-1OBJECT\s0\fR, \fB\s-1OID\s0\fR" 4 +.IX Item "OBJECT, OID" +Encodes an \s-1ASN1\s0 \fB\s-1OBJECT\s0 \s-1IDENTIFIER\s0\fR, the \fIvalue\fR string can be +a short name, a long name or numerical format. +.IP "\fB\s-1UTCTIME\s0\fR, \fB\s-1UTC\s0\fR" 4 +.IX Item "UTCTIME, UTC" +Encodes an \s-1ASN1\s0 \fBUTCTime\fR structure, the value should be in +the format \fB\s-1YYMMDDHHMMSSZ\s0\fR. +.IP "\fB\s-1GENERALIZEDTIME\s0\fR, \fB\s-1GENTIME\s0\fR" 4 +.IX Item "GENERALIZEDTIME, GENTIME" +Encodes an \s-1ASN1\s0 \fBGeneralizedTime\fR structure, the value should be in +the format \fB\s-1YYYYMMDDHHMMSSZ\s0\fR. +.IP "\fB\s-1OCTETSTRING\s0\fR, \fB\s-1OCT\s0\fR" 4 +.IX Item "OCTETSTRING, OCT" +Encodes an \s-1ASN1\s0 \fB\s-1OCTET\s0 \s-1STRING\s0\fR. \fIvalue\fR represents the contents +of this structure, the format strings \fB\s-1ASCII\s0\fR and \fB\s-1HEX\s0\fR can be +used to specify the format of \fIvalue\fR. +.IP "\fB\s-1BITSTRING\s0\fR, \fB\s-1BITSTR\s0\fR" 4 +.IX Item "BITSTRING, BITSTR" +Encodes an \s-1ASN1\s0 \fB\s-1BIT\s0 \s-1STRING\s0\fR. \fIvalue\fR represents the contents +of this structure, the format strings \fB\s-1ASCII\s0\fR, \fB\s-1HEX\s0\fR and \fB\s-1BITLIST\s0\fR +can be used to specify the format of \fIvalue\fR. +.Sp +If the format is anything other than \fB\s-1BITLIST\s0\fR the number of unused +bits is set to zero. +.IP "\fB\s-1UNIVERSALSTRING\s0\fR, \fB\s-1UNIV\s0\fR, \fB\s-1IA5\s0\fR, \fB\s-1IA5STRING\s0\fR, \fB\s-1UTF8\s0\fR, \fBUTF8String\fR, \fB\s-1BMP\s0\fR, \fB\s-1BMPSTRING\s0\fR, \fB\s-1VISIBLESTRING\s0\fR, \fB\s-1VISIBLE\s0\fR, \fB\s-1PRINTABLESTRING\s0\fR, \fB\s-1PRINTABLE\s0\fR, \fBT61\fR, \fBT61STRING\fR, \fB\s-1TELETEXSTRING\s0\fR, \fBGeneralString\fR, \fB\s-1NUMERICSTRING\s0\fR, \fB\s-1NUMERIC\s0\fR" 4 +.IX Item "UNIVERSALSTRING, UNIV, IA5, IA5STRING, UTF8, UTF8String, BMP, BMPSTRING, VISIBLESTRING, VISIBLE, PRINTABLESTRING, PRINTABLE, T61, T61STRING, TELETEXSTRING, GeneralString, NUMERICSTRING, NUMERIC" +These encode the corresponding string types. \fIvalue\fR represents the +contents of this structure. The format can be \fB\s-1ASCII\s0\fR or \fB\s-1UTF8\s0\fR. +.IP "\fB\s-1SEQUENCE\s0\fR, \fB\s-1SEQ\s0\fR, \fB\s-1SET\s0\fR" 4 +.IX Item "SEQUENCE, SEQ, SET" +Formats the result as an \s-1ASN1\s0 \fB\s-1SEQUENCE\s0\fR or \fB\s-1SET\s0\fR type. \fIvalue\fR +should be a section name which will contain the contents. The +field names in the section are ignored and the values are in the +generated string format. If \fIvalue\fR is absent then an empty \s-1SEQUENCE\s0 +will be encoded. +.SS "Modifiers" +.IX Subsection "Modifiers" +Modifiers affect the following structure, they can be used to +add \s-1EXPLICIT\s0 or \s-1IMPLICIT\s0 tagging, add wrappers or to change +the string format of the final type and value. The supported +formats are documented below. +.IP "\fB\s-1EXPLICIT\s0\fR, \fB\s-1EXP\s0\fR" 4 +.IX Item "EXPLICIT, EXP" +Add an explicit tag to the following structure. This string +should be followed by a colon and the tag value to use as a +decimal value. +.Sp +By following the number with \fBU\fR, \fBA\fR, \fBP\fR or \fBC\fR \s-1UNIVERSAL\s0, +\&\s-1APPLICATION\s0, \s-1PRIVATE\s0 or \s-1CONTEXT\s0 \s-1SPECIFIC\s0 tagging can be used, +the default is \s-1CONTEXT\s0 \s-1SPECIFIC\s0. +.IP "\fB\s-1IMPLICIT\s0\fR, \fB\s-1IMP\s0\fR" 4 +.IX Item "IMPLICIT, IMP" +This is the same as \fB\s-1EXPLICIT\s0\fR except \s-1IMPLICIT\s0 tagging is used +instead. +.IP "\fB\s-1OCTWRAP\s0\fR, \fB\s-1SEQWRAP\s0\fR, \fB\s-1SETWRAP\s0\fR, \fB\s-1BITWRAP\s0\fR" 4 +.IX Item "OCTWRAP, SEQWRAP, SETWRAP, BITWRAP" +The following structure is surrounded by an \s-1OCTET\s0 \s-1STRING\s0, a \s-1SEQUENCE\s0, +a \s-1SET\s0 or a \s-1BIT\s0 \s-1STRING\s0 respectively. For a \s-1BIT\s0 \s-1STRING\s0 the number of unused +bits is set to zero. +.IP "\fB\s-1FORMAT\s0\fR" 4 +.IX Item "FORMAT" +This specifies the format of the ultimate value. It should be followed +by a colon and one of the strings \fB\s-1ASCII\s0\fR, \fB\s-1UTF8\s0\fR, \fB\s-1HEX\s0\fR or \fB\s-1BITLIST\s0\fR. +.Sp +If no format specifier is included then \fB\s-1ASCII\s0\fR is used. If \fB\s-1UTF8\s0\fR is +specified then the value string must be a valid \fB\s-1UTF8\s0\fR string. For \fB\s-1HEX\s0\fR the +output must be a set of hex digits. \fB\s-1BITLIST\s0\fR (which is only valid for a \s-1BIT\s0 +\&\s-1STRING\s0) is a comma separated list of the indices of the set bits, all other +bits are zero. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIASN1_generate_nconf()\fR and \fIASN1_generate_v3()\fR return the encoded +data as an \fB\s-1ASN1_TYPE\s0\fR structure or \s-1NULL\s0 if an error occurred. +.PP +The error codes that can be obtained by \fIERR_get_error\fR\|(3). +.SH "EXAMPLES" +.IX Header "EXAMPLES" +A simple IA5String: +.PP +.Vb 1 +\& IA5STRING:Hello World +.Ve +.PP +An IA5String explicitly tagged: +.PP +.Vb 1 +\& EXPLICIT:0,IA5STRING:Hello World +.Ve +.PP +An IA5String explicitly tagged using \s-1APPLICATION\s0 tagging: +.PP +.Vb 1 +\& EXPLICIT:0A,IA5STRING:Hello World +.Ve +.PP +A \s-1BITSTRING\s0 with bits 1 and 5 set and all others zero: +.PP +.Vb 1 +\& FORMAT:BITLIST,BITSTRING:1,5 +.Ve +.PP +A more complex example using a config file to produce a +\&\s-1SEQUENCE\s0 consisting of a \s-1BOOL\s0 an \s-1OID\s0 and a UTF8String: +.PP +.Vb 1 +\& asn1 = SEQUENCE:seq_section +\& +\& [seq_section] +\& +\& field1 = BOOLEAN:TRUE +\& field2 = OID:commonName +\& field3 = UTF8:Third field +.Ve +.PP +This example produces an RSAPrivateKey structure, this is the +key contained in the file client.pem in all OpenSSL distributions +(note: the field names such as 'coeff' are ignored and are present just +for clarity): +.PP +.Vb 3 +\& asn1=SEQUENCE:private_key +\& [private_key] +\& version=INTEGER:0 +\& +\& n=INTEGER:0xBB6FE79432CC6EA2D8F970675A5A87BFBE1AFF0BE63E879F2AFFB93644\e +\& D4D2C6D000430DEC66ABF47829E74B8C5108623A1C0EE8BE217B3AD8D36D5EB4FCA1D9 +\& +\& e=INTEGER:0x010001 +\& +\& d=INTEGER:0x6F05EAD2F27FFAEC84BEC360C4B928FD5F3A9865D0FCAAD291E2A52F4A\e +\& F810DC6373278C006A0ABBA27DC8C63BF97F7E666E27C5284D7D3B1FFFE16B7A87B51D +\& +\& p=INTEGER:0xF3929B9435608F8A22C208D86795271D54EBDFB09DDEF539AB083DA912\e +\& D4BD57 +\& +\& q=INTEGER:0xC50016F89DFF2561347ED1186A46E150E28BF2D0F539A1594BBD7FE467\e +\& 46EC4F +\& +\& exp1=INTEGER:0x9E7D4326C924AFC1DEA40B45650134966D6F9DFA3A7F9D698CD4ABEA\e +\& 9C0A39B9 +\& +\& exp2=INTEGER:0xBA84003BB95355AFB7C50DF140C60513D0BA51D637272E355E397779\e +\& E7B2458F +\& +\& coeff=INTEGER:0x30B9E4F2AFA5AC679F920FC83F1F2DF1BAF1779CF989447FABC2F5\e +\& 628657053A +.Ve +.PP +This example is the corresponding public key in a SubjectPublicKeyInfo +structure: +.PP +.Vb 2 +\& # Start with a SEQUENCE +\& asn1=SEQUENCE:pubkeyinfo +\& +\& # pubkeyinfo contains an algorithm identifier and the public key wrapped +\& # in a BIT STRING +\& [pubkeyinfo] +\& algorithm=SEQUENCE:rsa_alg +\& pubkey=BITWRAP,SEQUENCE:rsapubkey +\& +\& # algorithm ID for RSA is just an OID and a NULL +\& [rsa_alg] +\& algorithm=OID:rsaEncryption +\& parameter=NULL +\& +\& # Actual public key: modulus and exponent +\& [rsapubkey] +\& n=INTEGER:0xBB6FE79432CC6EA2D8F970675A5A87BFBE1AFF0BE63E879F2AFFB93644\e +\& D4D2C6D000430DEC66ABF47829E74B8C5108623A1C0EE8BE217B3AD8D36D5EB4FCA1D9 +\& +\& e=INTEGER:0x010001 +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/ASYNC_WAIT_CTX_new.3 b/linux_amd64/share/man/man3/ASYNC_WAIT_CTX_new.3 new file mode 100755 index 0000000..f491df7 --- /dev/null +++ b/linux_amd64/share/man/man3/ASYNC_WAIT_CTX_new.3 @@ -0,0 +1,337 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASYNC_WAIT_CTX_NEW 3" +.TH ASYNC_WAIT_CTX_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ASYNC_WAIT_CTX_new, ASYNC_WAIT_CTX_free, ASYNC_WAIT_CTX_set_wait_fd, +ASYNC_WAIT_CTX_get_fd, ASYNC_WAIT_CTX_get_all_fds, +ASYNC_WAIT_CTX_get_changed_fds, ASYNC_WAIT_CTX_clear_fd, +ASYNC_WAIT_CTX_set_callback, ASYNC_WAIT_CTX_get_callback, +ASYNC_WAIT_CTX_set_status, ASYNC_WAIT_CTX_get_status, ASYNC_callback_fn, +ASYNC_STATUS_UNSUPPORTED, ASYNC_STATUS_ERR, ASYNC_STATUS_OK, +ASYNC_STATUS_EAGAIN +\&\- functions to manage waiting for asynchronous jobs to complete +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& #define ASYNC_STATUS_UNSUPPORTED 0 +\& #define ASYNC_STATUS_ERR 1 +\& #define ASYNC_STATUS_OK 2 +\& #define ASYNC_STATUS_EAGAIN 3 +\& typedef int (*ASYNC_callback_fn)(void *arg); +\& ASYNC_WAIT_CTX *ASYNC_WAIT_CTX_new(void); +\& void ASYNC_WAIT_CTX_free(ASYNC_WAIT_CTX *ctx); +\& int ASYNC_WAIT_CTX_set_wait_fd(ASYNC_WAIT_CTX *ctx, const void *key, +\& OSSL_ASYNC_FD fd, +\& void *custom_data, +\& void (*cleanup)(ASYNC_WAIT_CTX *, const void *, +\& OSSL_ASYNC_FD, void *)); +\& int ASYNC_WAIT_CTX_get_fd(ASYNC_WAIT_CTX *ctx, const void *key, +\& OSSL_ASYNC_FD *fd, void **custom_data); +\& int ASYNC_WAIT_CTX_get_all_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *fd, +\& size_t *numfds); +\& int ASYNC_WAIT_CTX_get_changed_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *addfd, +\& size_t *numaddfds, OSSL_ASYNC_FD *delfd, +\& size_t *numdelfds); +\& int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key); +\& int ASYNC_WAIT_CTX_set_callback(ASYNC_WAIT_CTX *ctx, +\& ASYNC_callback_fn callback, +\& void *callback_arg); +\& int ASYNC_WAIT_CTX_get_callback(ASYNC_WAIT_CTX *ctx, +\& ASYNC_callback_fn *callback, +\& void **callback_arg); +\& int ASYNC_WAIT_CTX_set_status(ASYNC_WAIT_CTX *ctx, int status); +\& int ASYNC_WAIT_CTX_get_status(ASYNC_WAIT_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +For an overview of how asynchronous operations are implemented in OpenSSL see +\&\fIASYNC_start_job\fR\|(3). An \fB\s-1ASYNC_WAIT_CTX\s0\fR object represents an asynchronous +\&\*(L"session\*(R", i.e. a related set of crypto operations. For example in \s-1SSL\s0 terms +this would have a one-to-one correspondence with an \s-1SSL\s0 connection. +.PP +Application code must create an \fB\s-1ASYNC_WAIT_CTX\s0\fR using the \fIASYNC_WAIT_CTX_new()\fR +function prior to calling \fIASYNC_start_job()\fR (see \fIASYNC_start_job\fR\|(3)). When +the job is started it is associated with the \fB\s-1ASYNC_WAIT_CTX\s0\fR for the duration +of that job. An \fB\s-1ASYNC_WAIT_CTX\s0\fR should only be used for one \fB\s-1ASYNC_JOB\s0\fR at +any one time, but can be reused after an \fB\s-1ASYNC_JOB\s0\fR has finished for a +subsequent \fB\s-1ASYNC_JOB\s0\fR. When the session is complete (e.g. the \s-1SSL\s0 connection +is closed), application code cleans up with \fIASYNC_WAIT_CTX_free()\fR. +.PP +\&\fB\s-1ASYNC_WAIT_CTX\s0\fRs can have \*(L"wait\*(R" file descriptors associated with them. +Calling \fIASYNC_WAIT_CTX_get_all_fds()\fR and passing in a pointer to an +\&\fB\s-1ASYNC_WAIT_CTX\s0\fR in the \fIctx\fR parameter will return the wait file descriptors +associated with that job in \fI*fd\fR. The number of file descriptors returned will +be stored in \fI*numfds\fR. It is the caller's responsibility to ensure that +sufficient memory has been allocated in \fI*fd\fR to receive all the file +descriptors. Calling \fIASYNC_WAIT_CTX_get_all_fds()\fR with a \s-1NULL\s0 \fIfd\fR value will +return no file descriptors but will still populate \fI*numfds\fR. Therefore +application code is typically expected to call this function twice: once to get +the number of fds, and then again when sufficient memory has been allocated. If +only one asynchronous engine is being used then normally this call will only +ever return one fd. If multiple asynchronous engines are being used then more +could be returned. +.PP +The function \fIASYNC_WAIT_CTX_get_changed_fds()\fR can be used to detect if any fds +have changed since the last call time \fIASYNC_start_job()\fR returned \fB\s-1ASYNC_PAUSE\s0\fR +(or since the \fB\s-1ASYNC_WAIT_CTX\s0\fR was created if no \fB\s-1ASYNC_PAUSE\s0\fR result has +been received). The \fInumaddfds\fR and \fInumdelfds\fR parameters will be populated +with the number of fds added or deleted respectively. \fI*addfd\fR and \fI*delfd\fR +will be populated with the list of added and deleted fds respectively. Similarly +to \fIASYNC_WAIT_CTX_get_all_fds()\fR either of these can be \s-1NULL\s0, but if they are not +\&\s-1NULL\s0 then the caller is responsible for ensuring sufficient memory is allocated. +.PP +Implementors of async aware code (e.g. engines) are encouraged to return a +stable fd for the lifetime of the \fB\s-1ASYNC_WAIT_CTX\s0\fR in order to reduce the +\&\*(L"churn\*(R" of regularly changing fds \- although no guarantees of this are provided +to applications. +.PP +Applications can wait for the file descriptor to be ready for \*(L"read\*(R" using a +system function call such as select or poll (being ready for \*(L"read\*(R" indicates +that the job should be resumed). If no file descriptor is made available then an +application will have to periodically \*(L"poll\*(R" the job by attempting to restart it +to see if it is ready to continue. +.PP +Async aware code (e.g. engines) can get the current \fB\s-1ASYNC_WAIT_CTX\s0\fR from the +job via \fIASYNC_get_wait_ctx\fR\|(3) and provide a file descriptor to use for +waiting on by calling \fIASYNC_WAIT_CTX_set_wait_fd()\fR. Typically this would be done +by an engine immediately prior to calling \fIASYNC_pause_job()\fR and not by end user +code. An existing association with a file descriptor can be obtained using +\&\fIASYNC_WAIT_CTX_get_fd()\fR and cleared using \fIASYNC_WAIT_CTX_clear_fd()\fR. Both of +these functions requires a \fIkey\fR value which is unique to the async aware +code. This could be any unique value but a good candidate might be the +\&\fB\s-1ENGINE\s0 *\fR for the engine. The \fIcustom_data\fR parameter can be any value, and +will be returned in a subsequent call to \fIASYNC_WAIT_CTX_get_fd()\fR. The +\&\fIASYNC_WAIT_CTX_set_wait_fd()\fR function also expects a pointer to a \*(L"cleanup\*(R" +routine. This can be \s-1NULL\s0 but if provided will automatically get called when +the \fB\s-1ASYNC_WAIT_CTX\s0\fR is freed, and gives the engine the opportunity to close +the fd or any other resources. Note: The \*(L"cleanup\*(R" routine does not get called +if the fd is cleared directly via a call to \fIASYNC_WAIT_CTX_clear_fd()\fR. +.PP +An example of typical usage might be an async capable engine. User code would +initiate cryptographic operations. The engine would initiate those operations +asynchronously and then call \fIASYNC_WAIT_CTX_set_wait_fd()\fR followed by +\&\fIASYNC_pause_job()\fR to return control to the user code. The user code can then +perform other tasks or wait for the job to be ready by calling \*(L"select\*(R" or other +similar function on the wait file descriptor. The engine can signal to the user +code that the job should be resumed by making the wait file descriptor +\&\*(L"readable\*(R". Once resumed the engine should clear the wake signal on the wait +file descriptor. +.PP +As well as a file descriptor, user code may also be notified via a callback. The +callback and data pointers are stored within the \fB\s-1ASYNC_WAIT_CTX\s0\fR along with an +additional status field that can be used for the notification of retries from an +engine. This additional method can be used when the user thinks that a file +descriptor is too costly in terms of \s-1CPU\s0 cycles or in some context where a file +descriptor is not appropriate. +.PP +\&\fIASYNC_WAIT_CTX_set_callback()\fR sets the callback and the callback argument. The +callback will be called to notify user code when an engine completes a +cryptography operation. It is a requirement that the callback function is small +and non-blocking as it will be run in the context of a polling mechanism or an +interrupt. +.PP +\&\fIASYNC_WAIT_CTX_get_callback()\fR returns the callback set in the \fB\s-1ASYNC_WAIT_CTX\s0\fR +structure. +.PP +\&\fIASYNC_WAIT_CTX_set_status()\fR allows an engine to set the current engine status. +The possible status values are the following: +.IP "\fB\s-1ASYNC_STATUS_UNSUPPORTED\s0\fR" 4 +.IX Item "ASYNC_STATUS_UNSUPPORTED" +The engine does not support the callback mechanism. This is the default value. +The engine must call \fIASYNC_WAIT_CTX_set_status()\fR to set the status to some value +other than \fB\s-1ASYNC_STATUS_UNSUPPORTED\s0\fR if it intends to enable the callback +mechanism. +.IP "\fB\s-1ASYNC_STATUS_ERR\s0\fR" 4 +.IX Item "ASYNC_STATUS_ERR" +The engine has a fatal problem with this request. The user code should clean up +this session. +.IP "\fB\s-1ASYNC_STATUS_OK\s0\fR" 4 +.IX Item "ASYNC_STATUS_OK" +The request has been successfully submitted. +.IP "\fB\s-1ASYNC_STATUS_EAGAIN\s0\fR" 4 +.IX Item "ASYNC_STATUS_EAGAIN" +The engine has some problem which will be recovered soon, such as a buffer is +full, so user code should resume the job. +.PP +\&\fIASYNC_WAIT_CTX_get_status()\fR allows user code to obtain the current status value. +If the status is any value other than \fB\s-1ASYNC_STATUS_OK\s0\fR then the user code +should not expect to receive a callback from the engine even if one has been +set. +.PP +An example of the usage of the callback method might be the following. User +code would initiate cryptographic operations, and the engine code would dispatch +this operation to hardware, and if the dispatch is successful, then the engine +code would call \fIASYNC_pause_job()\fR to return control to the user code. After +that, user code can perform other tasks. When the hardware completes the +operation, normally it is detected by a polling function or an interrupt, as the +user code set a callback by calling \fIASYNC_WAIT_CTX_set_callback()\fR previously, +then the registered callback will be called. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIASYNC_WAIT_CTX_new()\fR returns a pointer to the newly allocated \fB\s-1ASYNC_WAIT_CTX\s0\fR +or \s-1NULL\s0 on error. +.PP +ASYNC_WAIT_CTX_set_wait_fd, ASYNC_WAIT_CTX_get_fd, ASYNC_WAIT_CTX_get_all_fds, +ASYNC_WAIT_CTX_get_changed_fds, ASYNC_WAIT_CTX_clear_fd, +ASYNC_WAIT_CTX_set_callback, ASYNC_WAIT_CTX_get_callback and +ASYNC_WAIT_CTX_set_status all return 1 on success or 0 on error. +\&\fIASYNC_WAIT_CTX_get_status()\fR returns the engine status. +.SH "NOTES" +.IX Header "NOTES" +On Windows platforms the openssl/async.h header is dependent on some +of the types customarily made available by including windows.h. The +application developer is likely to require control over when the latter +is included, commonly as one of the first included headers. Therefore +it is defined as an application developer's responsibility to include +windows.h prior to async.h. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIcrypto\fR\|(7), \fIASYNC_start_job\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIASYNC_WAIT_CTX_new()\fR, \fIASYNC_WAIT_CTX_free()\fR, \fIASYNC_WAIT_CTX_set_wait_fd()\fR, +\&\fIASYNC_WAIT_CTX_get_fd()\fR, \fIASYNC_WAIT_CTX_get_all_fds()\fR, +\&\fIASYNC_WAIT_CTX_get_changed_fds()\fR and \fIASYNC_WAIT_CTX_clear_fd()\fR +were added in OpenSSL 1.1.0. +.PP +\&\fIASYNC_WAIT_CTX_set_callback()\fR, \fIASYNC_WAIT_CTX_get_callback()\fR, +\&\fIASYNC_WAIT_CTX_set_status()\fR, and \fIASYNC_WAIT_CTX_get_status()\fR +were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/ASYNC_start_job.3 b/linux_amd64/share/man/man3/ASYNC_start_job.3 new file mode 100755 index 0000000..6e9ee25 --- /dev/null +++ b/linux_amd64/share/man/man3/ASYNC_start_job.3 @@ -0,0 +1,451 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASYNC_START_JOB 3" +.TH ASYNC_START_JOB 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ASYNC_get_wait_ctx, +ASYNC_init_thread, ASYNC_cleanup_thread, ASYNC_start_job, ASYNC_pause_job, +ASYNC_get_current_job, ASYNC_block_pause, ASYNC_unblock_pause, ASYNC_is_capable +\&\- asynchronous job management functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int ASYNC_init_thread(size_t max_size, size_t init_size); +\& void ASYNC_cleanup_thread(void); +\& +\& int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *ctx, int *ret, +\& int (*func)(void *), void *args, size_t size); +\& int ASYNC_pause_job(void); +\& +\& ASYNC_JOB *ASYNC_get_current_job(void); +\& ASYNC_WAIT_CTX *ASYNC_get_wait_ctx(ASYNC_JOB *job); +\& void ASYNC_block_pause(void); +\& void ASYNC_unblock_pause(void); +\& +\& int ASYNC_is_capable(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +OpenSSL implements asynchronous capabilities through an \fB\s-1ASYNC_JOB\s0\fR. This +represents code that can be started and executes until some event occurs. At +that point the code can be paused and control returns to user code until some +subsequent event indicates that the job can be resumed. +.PP +The creation of an \fB\s-1ASYNC_JOB\s0\fR is a relatively expensive operation. Therefore, +for efficiency reasons, jobs can be created up front and reused many times. They +are held in a pool until they are needed, at which point they are removed from +the pool, used, and then returned to the pool when the job completes. If the +user application is multi-threaded, then \fIASYNC_init_thread()\fR may be called for +each thread that will initiate asynchronous jobs. Before +user code exits per-thread resources need to be cleaned up. This will normally +occur automatically (see \fIOPENSSL_init_crypto\fR\|(3)) but may be explicitly +initiated by using \fIASYNC_cleanup_thread()\fR. No asynchronous jobs must be +outstanding for the thread when \fIASYNC_cleanup_thread()\fR is called. Failing to +ensure this will result in memory leaks. +.PP +The \fImax_size\fR argument limits the number of \fB\s-1ASYNC_JOB\s0\fRs that will be held in +the pool. If \fImax_size\fR is set to 0 then no upper limit is set. When an +\&\fB\s-1ASYNC_JOB\s0\fR is needed but there are none available in the pool already then one +will be automatically created, as long as the total of \fB\s-1ASYNC_JOB\s0\fRs managed by +the pool does not exceed \fImax_size\fR. When the pool is first initialised +\&\fIinit_size\fR \fB\s-1ASYNC_JOB\s0\fRs will be created immediately. If \fIASYNC_init_thread()\fR +is not called before the pool is first used then it will be called automatically +with a \fImax_size\fR of 0 (no upper limit) and an \fIinit_size\fR of 0 (no +\&\fB\s-1ASYNC_JOB\s0\fRs created up front). +.PP +An asynchronous job is started by calling the \fIASYNC_start_job()\fR function. +Initially \fI*job\fR should be \s-1NULL\s0. \fIctx\fR should point to an \fB\s-1ASYNC_WAIT_CTX\s0\fR +object created through the \fIASYNC_WAIT_CTX_new\fR\|(3) function. \fIret\fR should +point to a location where the return value of the asynchronous function should +be stored on completion of the job. \fIfunc\fR represents the function that should +be started asynchronously. The data pointed to by \fIargs\fR and of size \fIsize\fR +will be copied and then passed as an argument to \fIfunc\fR when the job starts. +ASYNC_start_job will return one of the following values: +.IP "\fB\s-1ASYNC_ERR\s0\fR" 4 +.IX Item "ASYNC_ERR" +An error occurred trying to start the job. Check the OpenSSL error queue (e.g. +see \fIERR_print_errors\fR\|(3)) for more details. +.IP "\fB\s-1ASYNC_NO_JOBS\s0\fR" 4 +.IX Item "ASYNC_NO_JOBS" +There are no jobs currently available in the pool. This call can be retried +again at a later time. +.IP "\fB\s-1ASYNC_PAUSE\s0\fR" 4 +.IX Item "ASYNC_PAUSE" +The job was successfully started but was \*(L"paused\*(R" before it completed (see +\&\fIASYNC_pause_job()\fR below). A handle to the job is placed in \fI*job\fR. Other work +can be performed (if desired) and the job restarted at a later time. To restart +a job call \fIASYNC_start_job()\fR again passing the job handle in \fI*job\fR. The +\&\fIfunc\fR, \fIargs\fR and \fIsize\fR parameters will be ignored when restarting a job. +When restarting a job \fIASYNC_start_job()\fR \fBmust\fR be called from the same thread +that the job was originally started from. +.IP "\fB\s-1ASYNC_FINISH\s0\fR" 4 +.IX Item "ASYNC_FINISH" +The job completed. \fI*job\fR will be \s-1NULL\s0 and the return value from \fIfunc\fR will +be placed in \fI*ret\fR. +.PP +At any one time there can be a maximum of one job actively running per thread +(you can have many that are paused). \fIASYNC_get_current_job()\fR can be used to get +a pointer to the currently executing \fB\s-1ASYNC_JOB\s0\fR. If no job is currently +executing then this will return \s-1NULL\s0. +.PP +If executing within the context of a job (i.e. having been called directly or +indirectly by the function \*(L"func\*(R" passed as an argument to \fIASYNC_start_job()\fR) +then \fIASYNC_pause_job()\fR will immediately return control to the calling +application with \fB\s-1ASYNC_PAUSE\s0\fR returned from the \fIASYNC_start_job()\fR call. A +subsequent call to ASYNC_start_job passing in the relevant \fB\s-1ASYNC_JOB\s0\fR in the +\&\fI*job\fR parameter will resume execution from the \fIASYNC_pause_job()\fR call. If +\&\fIASYNC_pause_job()\fR is called whilst not within the context of a job then no +action is taken and \fIASYNC_pause_job()\fR returns immediately. +.PP +\&\fIASYNC_get_wait_ctx()\fR can be used to get a pointer to the \fB\s-1ASYNC_WAIT_CTX\s0\fR +for the \fIjob\fR. \fB\s-1ASYNC_WAIT_CTX\s0\fRs contain two different ways to notify +applications that a job is ready to be resumed. One is a \*(L"wait\*(R" file +descriptor, and the other is a \*(L"callback\*(R" mechanism. +.PP +The \*(L"wait\*(R" file descriptor associated with \fB\s-1ASYNC_WAIT_CTX\s0\fR is used for +applications to wait for the file descriptor to be ready for \*(L"read\*(R" using a +system function call such as select or poll (being ready for \*(L"read\*(R" indicates +that the job should be resumed). If no file descriptor is made available then +an application will have to periodically \*(L"poll\*(R" the job by attempting to restart +it to see if it is ready to continue. +.PP +\&\fB\s-1ASYNC_WAIT_CTX\s0\fRs also have a \*(L"callback\*(R" mechanism to notify applications. The +callback is set by an application, and it will be automatically called when an +engine completes a cryptography operation, so that the application can resume +the paused work flow without polling. An engine could be written to look whether +the callback has been set. If it has then it would use the callback mechanism +in preference to the file descriptor notifications. If a callback is not set +then the engine may use file descriptor based notifications. Please note that +not all engines may support the callback mechanism, so the callback may not be +used even if it has been set. See \fIASYNC_WAIT_CTX_new()\fR for more details. +.PP +The \fIASYNC_block_pause()\fR function will prevent the currently active job from +pausing. The block will remain in place until a subsequent call to +\&\fIASYNC_unblock_pause()\fR. These functions can be nested, e.g. if you call +\&\fIASYNC_block_pause()\fR twice then you must call \fIASYNC_unblock_pause()\fR twice in +order to re-enable pausing. If these functions are called while there is no +currently active job then they have no effect. This functionality can be useful +to avoid deadlock scenarios. For example during the execution of an \fB\s-1ASYNC_JOB\s0\fR +an application acquires a lock. It then calls some cryptographic function which +invokes \fIASYNC_pause_job()\fR. This returns control back to the code that created +the \fB\s-1ASYNC_JOB\s0\fR. If that code then attempts to acquire the same lock before +resuming the original job then a deadlock can occur. By calling +\&\fIASYNC_block_pause()\fR immediately after acquiring the lock and +\&\fIASYNC_unblock_pause()\fR immediately before releasing it then this situation cannot +occur. +.PP +Some platforms cannot support async operations. The \fIASYNC_is_capable()\fR function +can be used to detect whether the current platform is async capable or not. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +ASYNC_init_thread returns 1 on success or 0 otherwise. +.PP +ASYNC_start_job returns one of \fB\s-1ASYNC_ERR\s0\fR, \fB\s-1ASYNC_NO_JOBS\s0\fR, \fB\s-1ASYNC_PAUSE\s0\fR or +\&\fB\s-1ASYNC_FINISH\s0\fR as described above. +.PP +ASYNC_pause_job returns 0 if an error occurred or 1 on success. If called when +not within the context of an \fB\s-1ASYNC_JOB\s0\fR then this is counted as success so 1 +is returned. +.PP +ASYNC_get_current_job returns a pointer to the currently executing \fB\s-1ASYNC_JOB\s0\fR +or \s-1NULL\s0 if not within the context of a job. +.PP +\&\fIASYNC_get_wait_ctx()\fR returns a pointer to the \fB\s-1ASYNC_WAIT_CTX\s0\fR for the job. +.PP +\&\fIASYNC_is_capable()\fR returns 1 if the current platform is async capable or 0 +otherwise. +.SH "NOTES" +.IX Header "NOTES" +On Windows platforms the openssl/async.h header is dependent on some +of the types customarily made available by including windows.h. The +application developer is likely to require control over when the latter +is included, commonly as one of the first included headers. Therefore +it is defined as an application developer's responsibility to include +windows.h prior to async.h. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The following example demonstrates how to use most of the core async APIs: +.PP +.Vb 7 +\& #ifdef _WIN32 +\& # include +\& #endif +\& #include +\& #include +\& #include +\& #include +\& +\& int unique = 0; +\& +\& void cleanup(ASYNC_WAIT_CTX *ctx, const void *key, OSSL_ASYNC_FD r, void *vw) +\& { +\& OSSL_ASYNC_FD *w = (OSSL_ASYNC_FD *)vw; +\& +\& close(r); +\& close(*w); +\& OPENSSL_free(w); +\& } +\& +\& int jobfunc(void *arg) +\& { +\& ASYNC_JOB *currjob; +\& unsigned char *msg; +\& int pipefds[2] = {0, 0}; +\& OSSL_ASYNC_FD *wptr; +\& char buf = \*(AqX\*(Aq; +\& +\& currjob = ASYNC_get_current_job(); +\& if (currjob != NULL) { +\& printf("Executing within a job\en"); +\& } else { +\& printf("Not executing within a job \- should not happen\en"); +\& return 0; +\& } +\& +\& msg = (unsigned char *)arg; +\& printf("Passed in message is: %s\en", msg); +\& +\& if (pipe(pipefds) != 0) { +\& printf("Failed to create pipe\en"); +\& return 0; +\& } +\& wptr = OPENSSL_malloc(sizeof(OSSL_ASYNC_FD)); +\& if (wptr == NULL) { +\& printf("Failed to malloc\en"); +\& return 0; +\& } +\& *wptr = pipefds[1]; +\& ASYNC_WAIT_CTX_set_wait_fd(ASYNC_get_wait_ctx(currjob), &unique, +\& pipefds[0], wptr, cleanup); +\& +\& /* +\& * Normally some external event would cause this to happen at some +\& * later point \- but we do it here for demo purposes, i.e. +\& * immediately signalling that the job is ready to be woken up after +\& * we return to main via ASYNC_pause_job(). +\& */ +\& write(pipefds[1], &buf, 1); +\& +\& /* Return control back to main */ +\& ASYNC_pause_job(); +\& +\& /* Clear the wake signal */ +\& read(pipefds[0], &buf, 1); +\& +\& printf ("Resumed the job after a pause\en"); +\& +\& return 1; +\& } +\& +\& int main(void) +\& { +\& ASYNC_JOB *job = NULL; +\& ASYNC_WAIT_CTX *ctx = NULL; +\& int ret; +\& OSSL_ASYNC_FD waitfd; +\& fd_set waitfdset; +\& size_t numfds; +\& unsigned char msg[13] = "Hello world!"; +\& +\& printf("Starting...\en"); +\& +\& ctx = ASYNC_WAIT_CTX_new(); +\& if (ctx == NULL) { +\& printf("Failed to create ASYNC_WAIT_CTX\en"); +\& abort(); +\& } +\& +\& for (;;) { +\& switch (ASYNC_start_job(&job, ctx, &ret, jobfunc, msg, sizeof(msg))) { +\& case ASYNC_ERR: +\& case ASYNC_NO_JOBS: +\& printf("An error occurred\en"); +\& goto end; +\& case ASYNC_PAUSE: +\& printf("Job was paused\en"); +\& break; +\& case ASYNC_FINISH: +\& printf("Job finished with return value %d\en", ret); +\& goto end; +\& } +\& +\& /* Wait for the job to be woken */ +\& printf("Waiting for the job to be woken up\en"); +\& +\& if (!ASYNC_WAIT_CTX_get_all_fds(ctx, NULL, &numfds) +\& || numfds > 1) { +\& printf("Unexpected number of fds\en"); +\& abort(); +\& } +\& ASYNC_WAIT_CTX_get_all_fds(ctx, &waitfd, &numfds); +\& FD_ZERO(&waitfdset); +\& FD_SET(waitfd, &waitfdset); +\& select(waitfd + 1, &waitfdset, NULL, NULL, NULL); +\& } +\& +\& end: +\& ASYNC_WAIT_CTX_free(ctx); +\& printf("Finishing\en"); +\& +\& return 0; +\& } +.Ve +.PP +The expected output from executing the above example program is: +.PP +.Vb 8 +\& Starting... +\& Executing within a job +\& Passed in message is: Hello world! +\& Job was paused +\& Waiting for the job to be woken up +\& Resumed the job after a pause +\& Job finished with return value 1 +\& Finishing +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIcrypto\fR\|(7), \fIERR_print_errors\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +ASYNC_init_thread, ASYNC_cleanup_thread, +ASYNC_start_job, ASYNC_pause_job, ASYNC_get_current_job, \fIASYNC_get_wait_ctx()\fR, +\&\fIASYNC_block_pause()\fR, \fIASYNC_unblock_pause()\fR and \fIASYNC_is_capable()\fR were first +added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/BF_encrypt.3 b/linux_amd64/share/man/man3/BF_encrypt.3 new file mode 100755 index 0000000..3821967 --- /dev/null +++ b/linux_amd64/share/man/man3/BF_encrypt.3 @@ -0,0 +1,254 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BF_ENCRYPT 3" +.TH BF_ENCRYPT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BF_set_key, BF_encrypt, BF_decrypt, BF_ecb_encrypt, BF_cbc_encrypt, +BF_cfb64_encrypt, BF_ofb64_encrypt, BF_options \- Blowfish encryption +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& void BF_set_key(BF_KEY *key, int len, const unsigned char *data); +\& +\& void BF_ecb_encrypt(const unsigned char *in, unsigned char *out, +\& BF_KEY *key, int enc); +\& void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, +\& long length, BF_KEY *schedule, +\& unsigned char *ivec, int enc); +\& void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out, +\& long length, BF_KEY *schedule, +\& unsigned char *ivec, int *num, int enc); +\& void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out, +\& long length, BF_KEY *schedule, +\& unsigned char *ivec, int *num); +\& const char *BF_options(void); +\& +\& void BF_encrypt(BF_LONG *data, const BF_KEY *key); +\& void BF_decrypt(BF_LONG *data, const BF_KEY *key); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. Applications should +instead use \fIEVP_EncryptInit_ex\fR\|(3), \fIEVP_EncryptUpdate\fR\|(3) and +\&\fIEVP_EncryptFinal_ex\fR\|(3) or the equivalently named decrypt functions. +.PP +This library implements the Blowfish cipher, which was invented and described +by Counterpane (see http://www.counterpane.com/blowfish.html ). +.PP +Blowfish is a block cipher that operates on 64 bit (8 byte) blocks of data. +It uses a variable size key, but typically, 128 bit (16 byte) keys are +considered good for strong encryption. Blowfish can be used in the same +modes as \s-1DES\s0 (see \fIdes_modes\fR\|(7)). Blowfish is currently one +of the faster block ciphers. It is quite a bit faster than \s-1DES\s0, and much +faster than \s-1IDEA\s0 or \s-1RC2\s0. +.PP +Blowfish consists of a key setup phase and the actual encryption or decryption +phase. +.PP +\&\fIBF_set_key()\fR sets up the \fB\s-1BF_KEY\s0\fR \fBkey\fR using the \fBlen\fR bytes long key +at \fBdata\fR. +.PP +\&\fIBF_ecb_encrypt()\fR is the basic Blowfish encryption and decryption function. +It encrypts or decrypts the first 64 bits of \fBin\fR using the key \fBkey\fR, +putting the result in \fBout\fR. \fBenc\fR decides if encryption (\fB\s-1BF_ENCRYPT\s0\fR) +or decryption (\fB\s-1BF_DECRYPT\s0\fR) shall be performed. The vector pointed at by +\&\fBin\fR and \fBout\fR must be 64 bits in length, no less. If they are larger, +everything after the first 64 bits is ignored. +.PP +The mode functions \fIBF_cbc_encrypt()\fR, \fIBF_cfb64_encrypt()\fR and \fIBF_ofb64_encrypt()\fR +all operate on variable length data. They all take an initialization vector +\&\fBivec\fR which needs to be passed along into the next call of the same function +for the same message. \fBivec\fR may be initialized with anything, but the +recipient needs to know what it was initialized with, or it won't be able +to decrypt. Some programs and protocols simplify this, like \s-1SSH\s0, where +\&\fBivec\fR is simply initialized to zero. +\&\fIBF_cbc_encrypt()\fR operates on data that is a multiple of 8 bytes long, while +\&\fIBF_cfb64_encrypt()\fR and \fIBF_ofb64_encrypt()\fR are used to encrypt an variable +number of bytes (the amount does not have to be an exact multiple of 8). The +purpose of the latter two is to simulate stream ciphers, and therefore, they +need the parameter \fBnum\fR, which is a pointer to an integer where the current +offset in \fBivec\fR is stored between calls. This integer must be initialized +to zero when \fBivec\fR is initialized. +.PP +\&\fIBF_cbc_encrypt()\fR is the Cipher Block Chaining function for Blowfish. It +encrypts or decrypts the 64 bits chunks of \fBin\fR using the key \fBschedule\fR, +putting the result in \fBout\fR. \fBenc\fR decides if encryption (\s-1BF_ENCRYPT\s0) or +decryption (\s-1BF_DECRYPT\s0) shall be performed. \fBivec\fR must point at an 8 byte +long initialization vector. +.PP +\&\fIBF_cfb64_encrypt()\fR is the \s-1CFB\s0 mode for Blowfish with 64 bit feedback. +It encrypts or decrypts the bytes in \fBin\fR using the key \fBschedule\fR, +putting the result in \fBout\fR. \fBenc\fR decides if encryption (\fB\s-1BF_ENCRYPT\s0\fR) +or decryption (\fB\s-1BF_DECRYPT\s0\fR) shall be performed. \fBivec\fR must point at an +8 byte long initialization vector. \fBnum\fR must point at an integer which must +be initially zero. +.PP +\&\fIBF_ofb64_encrypt()\fR is the \s-1OFB\s0 mode for Blowfish with 64 bit feedback. +It uses the same parameters as \fIBF_cfb64_encrypt()\fR, which must be initialized +the same way. +.PP +\&\fIBF_encrypt()\fR and \fIBF_decrypt()\fR are the lowest level functions for Blowfish +encryption. They encrypt/decrypt the first 64 bits of the vector pointed by +\&\fBdata\fR, using the key \fBkey\fR. These functions should not be used unless you +implement 'modes' of Blowfish. The alternative is to use \fIBF_ecb_encrypt()\fR. +If you still want to use these functions, you should be aware that they take +each 32\-bit chunk in host-byte order, which is little-endian on little-endian +platforms and big-endian on big-endian ones. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +None of the functions presented here return any value. +.SH "NOTE" +.IX Header "NOTE" +Applications should use the higher level functions +\&\fIEVP_EncryptInit\fR\|(3) etc. instead of calling these +functions directly. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_EncryptInit\fR\|(3), +\&\fIdes_modes\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/BIO_ADDR.3 b/linux_amd64/share/man/man3/BIO_ADDR.3 new file mode 100755 index 0000000..393294c --- /dev/null +++ b/linux_amd64/share/man/man3/BIO_ADDR.3 @@ -0,0 +1,247 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_ADDR 3" +.TH BIO_ADDR 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_ADDR, BIO_ADDR_new, BIO_ADDR_clear, BIO_ADDR_free, BIO_ADDR_rawmake, +BIO_ADDR_family, BIO_ADDR_rawaddress, BIO_ADDR_rawport, +BIO_ADDR_hostname_string, BIO_ADDR_service_string, +BIO_ADDR_path_string \- BIO_ADDR routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& #include +\& #include +\& +\& typedef union bio_addr_st BIO_ADDR; +\& +\& BIO_ADDR *BIO_ADDR_new(void); +\& void BIO_ADDR_free(BIO_ADDR *); +\& void BIO_ADDR_clear(BIO_ADDR *ap); +\& int BIO_ADDR_rawmake(BIO_ADDR *ap, int family, +\& const void *where, size_t wherelen, unsigned short port); +\& int BIO_ADDR_family(const BIO_ADDR *ap); +\& int BIO_ADDR_rawaddress(const BIO_ADDR *ap, void *p, size_t *l); +\& unsigned short BIO_ADDR_rawport(const BIO_ADDR *ap); +\& char *BIO_ADDR_hostname_string(const BIO_ADDR *ap, int numeric); +\& char *BIO_ADDR_service_string(const BIO_ADDR *ap, int numeric); +\& char *BIO_ADDR_path_string(const BIO_ADDR *ap); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1BIO_ADDR\s0\fR type is a wrapper around all types of socket +addresses that OpenSSL deals with, currently transparently +supporting \s-1AF_INET\s0, \s-1AF_INET6\s0 and \s-1AF_UNIX\s0 according to what's +available on the platform at hand. +.PP +\&\fIBIO_ADDR_new()\fR creates a new unfilled \fB\s-1BIO_ADDR\s0\fR, to be used +with routines that will fill it with information, such as +\&\fIBIO_accept_ex()\fR. +.PP +\&\fIBIO_ADDR_free()\fR frees a \fB\s-1BIO_ADDR\s0\fR created with \fIBIO_ADDR_new()\fR. +.PP +\&\fIBIO_ADDR_clear()\fR clears any data held within the provided \fB\s-1BIO_ADDR\s0\fR and sets +it back to an uninitialised state. +.PP +\&\fIBIO_ADDR_rawmake()\fR takes a protocol \fBfamily\fR, an byte array of +size \fBwherelen\fR with an address in network byte order pointed at +by \fBwhere\fR and a port number in network byte order in \fBport\fR (except +for the \fB\s-1AF_UNIX\s0\fR protocol family, where \fBport\fR is meaningless and +therefore ignored) and populates the given \fB\s-1BIO_ADDR\s0\fR with them. +In case this creates a \fB\s-1AF_UNIX\s0\fR \fB\s-1BIO_ADDR\s0\fR, \fBwherelen\fR is expected +to be the length of the path string (not including the terminating +\&\s-1NUL\s0, such as the result of a call to \fIstrlen()\fR). +Read on about the addresses in \*(L"\s-1RAW\s0 \s-1ADDRESSES\s0\*(R" below. +.PP +\&\fIBIO_ADDR_family()\fR returns the protocol family of the given +\&\fB\s-1BIO_ADDR\s0\fR. The possible non-error results are one of the +constants \s-1AF_INET\s0, \s-1AF_INET6\s0 and \s-1AF_UNIX\s0. It will also return \s-1AF_UNSPEC\s0 if the +\&\s-1BIO_ADDR\s0 has not been initialised. +.PP +\&\fIBIO_ADDR_rawaddress()\fR will write the raw address of the given +\&\fB\s-1BIO_ADDR\s0\fR in the area pointed at by \fBp\fR if \fBp\fR is non-NULL, +and will set \fB*l\fR to be the amount of bytes the raw address +takes up if \fBl\fR is non-NULL. +A technique to only find out the size of the address is a call +with \fBp\fR set to \fB\s-1NULL\s0\fR. The raw address will be in network byte +order, most significant byte first. +In case this is a \fB\s-1AF_UNIX\s0\fR \fB\s-1BIO_ADDR\s0\fR, \fBl\fR gets the length of the +path string (not including the terminating \s-1NUL\s0, such as the result of +a call to \fIstrlen()\fR). +Read on about the addresses in \*(L"\s-1RAW\s0 \s-1ADDRESSES\s0\*(R" below. +.PP +\&\fIBIO_ADDR_rawport()\fR returns the raw port of the given \fB\s-1BIO_ADDR\s0\fR. +The raw port will be in network byte order. +.PP +\&\fIBIO_ADDR_hostname_string()\fR returns a character string with the +hostname of the given \fB\s-1BIO_ADDR\s0\fR. If \fBnumeric\fR is 1, the string +will contain the numerical form of the address. This only works for +\&\fB\s-1BIO_ADDR\s0\fR of the protocol families \s-1AF_INET\s0 and \s-1AF_INET6\s0. The +returned string has been allocated on the heap and must be freed +with \fIOPENSSL_free()\fR. +.PP +\&\fIBIO_ADDR_service_string()\fR returns a character string with the +service name of the port of the given \fB\s-1BIO_ADDR\s0\fR. If \fBnumeric\fR +is 1, the string will contain the port number. This only works +for \fB\s-1BIO_ADDR\s0\fR of the protocol families \s-1AF_INET\s0 and \s-1AF_INET6\s0. The +returned string has been allocated on the heap and must be freed +with \fIOPENSSL_free()\fR. +.PP +\&\fIBIO_ADDR_path_string()\fR returns a character string with the path +of the given \fB\s-1BIO_ADDR\s0\fR. This only works for \fB\s-1BIO_ADDR\s0\fR of the +protocol family \s-1AF_UNIX\s0. The returned string has been allocated +on the heap and must be freed with \fIOPENSSL_free()\fR. +.SH "RAW ADDRESSES" +.IX Header "RAW ADDRESSES" +Both \fIBIO_ADDR_rawmake()\fR and \fIBIO_ADDR_rawaddress()\fR take a pointer to a +network byte order address of a specific site. Internally, those are +treated as a pointer to \fBstruct in_addr\fR (for \fB\s-1AF_INET\s0\fR), \fBstruct +in6_addr\fR (for \fB\s-1AF_INET6\s0\fR) or \fBchar *\fR (for \fB\s-1AF_UNIX\s0\fR), all +depending on the protocol family the address is for. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The string producing functions \fIBIO_ADDR_hostname_string()\fR, +\&\fIBIO_ADDR_service_string()\fR and \fIBIO_ADDR_path_string()\fR will +return \fB\s-1NULL\s0\fR on error and leave an error indication on the +OpenSSL error stack. +.PP +All other functions described here return 0 or \fB\s-1NULL\s0\fR when the +information they should return isn't available. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIBIO_connect\fR\|(3), \fIBIO_s_connect\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/BIO_ADDRINFO.3 b/linux_amd64/share/man/man3/BIO_ADDRINFO.3 new file mode 100755 index 0000000..6b561b4 --- /dev/null +++ b/linux_amd64/share/man/man3/BIO_ADDRINFO.3 @@ -0,0 +1,236 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_ADDRINFO 3" +.TH BIO_ADDRINFO 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_lookup_type, +BIO_ADDRINFO, BIO_ADDRINFO_next, BIO_ADDRINFO_free, +BIO_ADDRINFO_family, BIO_ADDRINFO_socktype, BIO_ADDRINFO_protocol, +BIO_ADDRINFO_address, +BIO_lookup_ex, +BIO_lookup +\&\- BIO_ADDRINFO type and routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& #include +\& #include +\& +\& typedef union bio_addrinfo_st BIO_ADDRINFO; +\& +\& enum BIO_lookup_type { +\& BIO_LOOKUP_CLIENT, BIO_LOOKUP_SERVER +\& }; +\& +\& int BIO_lookup_ex(const char *host, const char *service, int lookup_type, +\& int family, int socktype, int protocol, BIO_ADDRINFO **res); +\& int BIO_lookup(const char *node, const char *service, +\& enum BIO_lookup_type lookup_type, +\& int family, int socktype, BIO_ADDRINFO **res); +\& +\& const BIO_ADDRINFO *BIO_ADDRINFO_next(const BIO_ADDRINFO *bai); +\& int BIO_ADDRINFO_family(const BIO_ADDRINFO *bai); +\& int BIO_ADDRINFO_socktype(const BIO_ADDRINFO *bai); +\& int BIO_ADDRINFO_protocol(const BIO_ADDRINFO *bai); +\& const BIO_ADDR *BIO_ADDRINFO_address(const BIO_ADDRINFO *bai); +\& void BIO_ADDRINFO_free(BIO_ADDRINFO *bai); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1BIO_ADDRINFO\s0\fR type is a wrapper for address information +types provided on your platform. +.PP +\&\fB\s-1BIO_ADDRINFO\s0\fR normally forms a chain of several that can be +picked at one by one. +.PP +\&\fIBIO_lookup_ex()\fR looks up a specified \fBhost\fR and \fBservice\fR, and +uses \fBlookup_type\fR to determine what the default address should +be if \fBhost\fR is \fB\s-1NULL\s0\fR. \fBfamily\fR, \fBsocktype\fR and \fBprotocol\fR are used to +determine what protocol family, socket type and protocol should be used for +the lookup. \fBfamily\fR can be any of \s-1AF_INET\s0, \s-1AF_INET6\s0, \s-1AF_UNIX\s0 and +\&\s-1AF_UNSPEC\s0. \fBsocktype\fR can be \s-1SOCK_STREAM\s0, \s-1SOCK_DGRAM\s0 or 0. Specifying 0 +indicates that any type can be used. \fBprotocol\fR specifies a protocol such as +\&\s-1IPPROTO_TCP\s0, \s-1IPPROTO_UDP\s0 or \s-1IPPORTO_SCTP\s0. If set to 0 than any protocol can be +used. \fBres\fR points at a pointer to hold the start of a \fB\s-1BIO_ADDRINFO\s0\fR +chain. +.PP +For the family \fB\s-1AF_UNIX\s0\fR, \fIBIO_lookup_ex()\fR will ignore the \fBservice\fR +parameter and expects the \fBnode\fR parameter to hold the path to the +socket file. +.PP +\&\fIBIO_lookup()\fR does the same as \fIBIO_lookup_ex()\fR but does not provide the ability +to select based on the protocol (any protocol may be returned). +.PP +\&\fIBIO_ADDRINFO_family()\fR returns the family of the given +\&\fB\s-1BIO_ADDRINFO\s0\fR. The result will be one of the constants +\&\s-1AF_INET\s0, \s-1AF_INET6\s0 and \s-1AF_UNIX\s0. +.PP +\&\fIBIO_ADDRINFO_socktype()\fR returns the socket type of the given +\&\fB\s-1BIO_ADDRINFO\s0\fR. The result will be one of the constants +\&\s-1SOCK_STREAM\s0 and \s-1SOCK_DGRAM\s0. +.PP +\&\fIBIO_ADDRINFO_protocol()\fR returns the protocol id of the given +\&\fB\s-1BIO_ADDRINFO\s0\fR. The result will be one of the constants +\&\s-1IPPROTO_TCP\s0 and \s-1IPPROTO_UDP\s0. +.PP +\&\fIBIO_ADDRINFO_address()\fR returns the underlying \fB\s-1BIO_ADDR\s0\fR +of the given \fB\s-1BIO_ADDRINFO\s0\fR. +.PP +\&\fIBIO_ADDRINFO_next()\fR returns the next \fB\s-1BIO_ADDRINFO\s0\fR in the chain +from the given one. +.PP +\&\fIBIO_ADDRINFO_free()\fR frees the chain of \fB\s-1BIO_ADDRINFO\s0\fR starting +with the given one. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_lookup_ex()\fR and \fIBIO_lookup()\fR return 1 on success and 0 when an error +occurred, and will leave an error indication on the OpenSSL error stack in that +case. +.PP +All other functions described here return 0 or \fB\s-1NULL\s0\fR when the +information they should return isn't available. +.SH "NOTES" +.IX Header "NOTES" +The \fIBIO_lookup_ex()\fR implementation uses the platform provided \fIgetaddrinfo()\fR +function. On Linux it is known that specifying 0 for the protocol will not +return any \s-1SCTP\s0 based addresses when calling \fIgetaddrinfo()\fR. Therefore if an \s-1SCTP\s0 +address is required then the \fBprotocol\fR parameter to \fIBIO_lookup_ex()\fR should be +explicitly set to \s-1IPPROTO_SCTP\s0. The same may be true on other platforms. +.SH "HISTORY" +.IX Header "HISTORY" +The \fIBIO_lookup_ex()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/BIO_connect.3 b/linux_amd64/share/man/man3/BIO_connect.3 new file mode 100755 index 0000000..6f5f38b --- /dev/null +++ b/linux_amd64/share/man/man3/BIO_connect.3 @@ -0,0 +1,232 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_CONNECT 3" +.TH BIO_CONNECT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_socket, BIO_bind, BIO_connect, BIO_listen, BIO_accept_ex, BIO_closesocket \- BIO +socket communication setup routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BIO_socket(int domain, int socktype, int protocol, int options); +\& int BIO_bind(int sock, const BIO_ADDR *addr, int options); +\& int BIO_connect(int sock, const BIO_ADDR *addr, int options); +\& int BIO_listen(int sock, const BIO_ADDR *addr, int options); +\& int BIO_accept_ex(int accept_sock, BIO_ADDR *peer, int options); +\& int BIO_closesocket(int sock); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBIO_socket()\fR creates a socket in the domain \fBdomain\fR, of type +\&\fBsocktype\fR and \fBprotocol\fR. Socket \fBoptions\fR are currently unused, +but is present for future use. +.PP +\&\fIBIO_bind()\fR binds the source address and service to a socket and +may be useful before calling \fIBIO_connect()\fR. The options may include +\&\fB\s-1BIO_SOCK_REUSEADDR\s0\fR, which is described in \*(L"\s-1FLAGS\s0\*(R" below. +.PP +\&\fIBIO_connect()\fR connects \fBsock\fR to the address and service given by +\&\fBaddr\fR. Connection \fBoptions\fR may be zero or any combination of +\&\fB\s-1BIO_SOCK_KEEPALIVE\s0\fR, \fB\s-1BIO_SOCK_NONBLOCK\s0\fR and \fB\s-1BIO_SOCK_NODELAY\s0\fR. +The flags are described in \*(L"\s-1FLAGS\s0\*(R" below. +.PP +\&\fIBIO_listen()\fR has \fBsock\fR start listening on the address and service +given by \fBaddr\fR. Connection \fBoptions\fR may be zero or any +combination of \fB\s-1BIO_SOCK_KEEPALIVE\s0\fR, \fB\s-1BIO_SOCK_NONBLOCK\s0\fR, +\&\fB\s-1BIO_SOCK_NODELAY\s0\fR, \fB\s-1BIO_SOCK_REUSEADDR\s0\fR and \fB\s-1BIO_SOCK_V6_ONLY\s0\fR. +The flags are described in \*(L"\s-1FLAGS\s0\*(R" below. +.PP +\&\fIBIO_accept_ex()\fR waits for an incoming connections on the given +socket \fBaccept_sock\fR. When it gets a connection, the address and +port of the peer gets stored in \fBpeer\fR if that one is non-NULL. +Accept \fBoptions\fR may be zero or \fB\s-1BIO_SOCK_NONBLOCK\s0\fR, and is applied +on the accepted socket. The flags are described in \*(L"\s-1FLAGS\s0\*(R" below. +.PP +\&\fIBIO_closesocket()\fR closes \fBsock\fR. +.SH "FLAGS" +.IX Header "FLAGS" +.IP "\s-1BIO_SOCK_KEEPALIVE\s0" 4 +.IX Item "BIO_SOCK_KEEPALIVE" +Enables regular sending of keep-alive messages. +.IP "\s-1BIO_SOCK_NONBLOCK\s0" 4 +.IX Item "BIO_SOCK_NONBLOCK" +Sets the socket to non-blocking mode. +.IP "\s-1BIO_SOCK_NODELAY\s0" 4 +.IX Item "BIO_SOCK_NODELAY" +Corresponds to \fB\s-1TCP_NODELAY\s0\fR, and disables the Nagle algorithm. With +this set, any data will be sent as soon as possible instead of being +buffered until there's enough for the socket to send out in one go. +.IP "\s-1BIO_SOCK_REUSEADDR\s0" 4 +.IX Item "BIO_SOCK_REUSEADDR" +Try to reuse the address and port combination for a recently closed +port. +.IP "\s-1BIO_SOCK_V6_ONLY\s0" 4 +.IX Item "BIO_SOCK_V6_ONLY" +When creating an IPv6 socket, make it only listen for IPv6 addresses +and not IPv4 addresses mapped to IPv6. +.PP +These flags are bit flags, so they are to be combined with the +\&\f(CW\*(C`|\*(C'\fR operator, for example: +.PP +.Vb 1 +\& BIO_connect(sock, addr, BIO_SOCK_KEEPALIVE | BIO_SOCK_NONBLOCK); +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_socket()\fR returns the socket number on success or \fB\s-1INVALID_SOCKET\s0\fR +(\-1) on error. When an error has occurred, the OpenSSL error stack +will hold the error data and errno has the system error. +.PP +\&\fIBIO_bind()\fR, \fIBIO_connect()\fR and \fIBIO_listen()\fR return 1 on success or 0 on error. +When an error has occurred, the OpenSSL error stack will hold the error +data and errno has the system error. +.PP +\&\fIBIO_accept_ex()\fR returns the accepted socket on success or +\&\fB\s-1INVALID_SOCKET\s0\fR (\-1) on error. When an error has occurred, the +OpenSSL error stack will hold the error data and errno has the system +error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fIBIO_ADDR\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIBIO_gethostname()\fR, \fIBIO_get_port()\fR, \fIBIO_get_host_ip()\fR, +\&\fIBIO_get_accept_socket()\fR and \fIBIO_accept()\fR were deprecated in OpenSSL 1.1.0. +Use the functions described above instead. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/BIO_ctrl.3 b/linux_amd64/share/man/man3/BIO_ctrl.3 new file mode 100755 index 0000000..e1623c4 --- /dev/null +++ b/linux_amd64/share/man/man3/BIO_ctrl.3 @@ -0,0 +1,276 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_CTRL 3" +.TH BIO_CTRL 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_ctrl, BIO_callback_ctrl, BIO_ptr_ctrl, BIO_int_ctrl, BIO_reset, +BIO_seek, BIO_tell, BIO_flush, BIO_eof, BIO_set_close, BIO_get_close, +BIO_pending, BIO_wpending, BIO_ctrl_pending, BIO_ctrl_wpending, +BIO_get_info_callback, BIO_set_info_callback, BIO_info_cb, BIO_get_ktls_send, +BIO_get_ktls_recv +\&\- BIO control operations +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef int BIO_info_cb(BIO *b, int state, int res); +\& +\& long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg); +\& long BIO_callback_ctrl(BIO *b, int cmd, BIO_info_cb *cb); +\& char *BIO_ptr_ctrl(BIO *bp, int cmd, long larg); +\& long BIO_int_ctrl(BIO *bp, int cmd, long larg, int iarg); +\& +\& int BIO_reset(BIO *b); +\& int BIO_seek(BIO *b, int ofs); +\& int BIO_tell(BIO *b); +\& int BIO_flush(BIO *b); +\& int BIO_eof(BIO *b); +\& int BIO_set_close(BIO *b, long flag); +\& int BIO_get_close(BIO *b); +\& int BIO_pending(BIO *b); +\& int BIO_wpending(BIO *b); +\& size_t BIO_ctrl_pending(BIO *b); +\& size_t BIO_ctrl_wpending(BIO *b); +\& +\& int BIO_get_info_callback(BIO *b, BIO_info_cb **cbp); +\& int BIO_set_info_callback(BIO *b, BIO_info_cb *cb); +\& +\& int BIO_get_ktls_send(BIO *b); +\& int BIO_get_ktls_recv(BIO *b); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBIO_ctrl()\fR, \fIBIO_callback_ctrl()\fR, \fIBIO_ptr_ctrl()\fR and \fIBIO_int_ctrl()\fR +are \s-1BIO\s0 \*(L"control\*(R" operations taking arguments of various types. +These functions are not normally called directly, various macros +are used instead. The standard macros are described below, macros +specific to a particular type of \s-1BIO\s0 are described in the specific +BIOs manual page as well as any special features of the standard +calls. +.PP +\&\fIBIO_reset()\fR typically resets a \s-1BIO\s0 to some initial state, in the case +of file related BIOs for example it rewinds the file pointer to the +start of the file. +.PP +\&\fIBIO_seek()\fR resets a file related \s-1BIO\s0's (that is file descriptor and +\&\s-1FILE\s0 BIOs) file position pointer to \fBofs\fR bytes from start of file. +.PP +\&\fIBIO_tell()\fR returns the current file position of a file related \s-1BIO\s0. +.PP +\&\fIBIO_flush()\fR normally writes out any internally buffered data, in some +cases it is used to signal \s-1EOF\s0 and that no more data will be written. +.PP +\&\fIBIO_eof()\fR returns 1 if the \s-1BIO\s0 has read \s-1EOF\s0, the precise meaning of +\&\*(L"\s-1EOF\s0\*(R" varies according to the \s-1BIO\s0 type. +.PP +\&\fIBIO_set_close()\fR sets the \s-1BIO\s0 \fBb\fR close flag to \fBflag\fR. \fBflag\fR can +take the value \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE\s0. Typically \s-1BIO_CLOSE\s0 is used +in a source/sink \s-1BIO\s0 to indicate that the underlying I/O stream should +be closed when the \s-1BIO\s0 is freed. +.PP +\&\fIBIO_get_close()\fR returns the BIOs close flag. +.PP +\&\fIBIO_pending()\fR, \fIBIO_ctrl_pending()\fR, \fIBIO_wpending()\fR and \fIBIO_ctrl_wpending()\fR +return the number of pending characters in the BIOs read and write buffers. +Not all BIOs support these calls. \fIBIO_ctrl_pending()\fR and \fIBIO_ctrl_wpending()\fR +return a size_t type and are functions, \fIBIO_pending()\fR and \fIBIO_wpending()\fR are +macros which call \fIBIO_ctrl()\fR. +.PP +\&\fIBIO_get_ktls_send()\fR returns 1 if the \s-1BIO\s0 is using the Kernel \s-1TLS\s0 data-path for +sending. Otherwise, it returns zero. +\&\fIBIO_get_ktls_recv()\fR returns 1 if the \s-1BIO\s0 is using the Kernel \s-1TLS\s0 data-path for +receiving. Otherwise, it returns zero. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_reset()\fR normally returns 1 for success and 0 or \-1 for failure. File +BIOs are an exception, they return 0 for success and \-1 for failure. +.PP +\&\fIBIO_seek()\fR and \fIBIO_tell()\fR both return the current file position on success +and \-1 for failure, except file BIOs which for \fIBIO_seek()\fR always return 0 +for success and \-1 for failure. +.PP +\&\fIBIO_flush()\fR returns 1 for success and 0 or \-1 for failure. +.PP +\&\fIBIO_eof()\fR returns 1 if \s-1EOF\s0 has been reached 0 otherwise. +.PP +\&\fIBIO_set_close()\fR always returns 1. +.PP +\&\fIBIO_get_close()\fR returns the close flag value: \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE\s0. +.PP +\&\fIBIO_pending()\fR, \fIBIO_ctrl_pending()\fR, \fIBIO_wpending()\fR and \fIBIO_ctrl_wpending()\fR +return the amount of pending data. +.PP +\&\fIBIO_get_ktls_send()\fR returns 1 if the \s-1BIO\s0 is using the Kernel \s-1TLS\s0 data-path for +sending. Otherwise, it returns zero. +\&\fIBIO_get_ktls_recv()\fR returns 1 if the \s-1BIO\s0 is using the Kernel \s-1TLS\s0 data-path for +receiving. Otherwise, it returns zero. +.SH "NOTES" +.IX Header "NOTES" +\&\fIBIO_flush()\fR, because it can write data may return 0 or \-1 indicating +that the call should be retried later in a similar manner to \fIBIO_write_ex()\fR. +The \fIBIO_should_retry()\fR call should be used and appropriate action taken +is the call fails. +.PP +The return values of \fIBIO_pending()\fR and \fIBIO_wpending()\fR may not reliably +determine the amount of pending data in all cases. For example in the +case of a file \s-1BIO\s0 some data may be available in the \s-1FILE\s0 structures +internal buffers but it is not possible to determine this in a +portably way. For other types of \s-1BIO\s0 they may not be supported. +.PP +Filter BIOs if they do not internally handle a particular \fIBIO_ctrl()\fR +operation usually pass the operation to the next \s-1BIO\s0 in the chain. +This often means there is no need to locate the required \s-1BIO\s0 for +a particular operation, it can be called on a chain and it will +be automatically passed to the relevant \s-1BIO\s0. However this can cause +unexpected results: for example no current filter BIOs implement +\&\fIBIO_seek()\fR, but this may still succeed if the chain ends in a \s-1FILE\s0 +or file descriptor \s-1BIO\s0. +.PP +Source/sink BIOs return an 0 if they do not recognize the \fIBIO_ctrl()\fR +operation. +.SH "BUGS" +.IX Header "BUGS" +Some of the return values are ambiguous and care should be taken. In +particular a return value of 0 can be returned if an operation is not +supported, if an error occurred, if \s-1EOF\s0 has not been reached and in +the case of \fIBIO_seek()\fR on a file \s-1BIO\s0 for a successful operation. +.SH "HISTORY" +.IX Header "HISTORY" +The \fIBIO_get_ktls_send()\fR and \fIBIO_get_ktls_recv()\fR functions were added in +OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/BIO_f_base64.3 b/linux_amd64/share/man/man3/BIO_f_base64.3 new file mode 100755 index 0000000..a273249 --- /dev/null +++ b/linux_amd64/share/man/man3/BIO_f_base64.3 @@ -0,0 +1,214 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_F_BASE64 3" +.TH BIO_F_BASE64 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_f_base64 \- base64 BIO filter +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& #include +\& #include +\& +\& const BIO_METHOD *BIO_f_base64(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBIO_f_base64()\fR returns the base64 \s-1BIO\s0 method. This is a filter +\&\s-1BIO\s0 that base64 encodes any data written through it and decodes +any data read through it. +.PP +Base64 BIOs do not support \fIBIO_gets()\fR or \fIBIO_puts()\fR. +.PP +\&\fIBIO_flush()\fR on a base64 \s-1BIO\s0 that is being written through is +used to signal that no more data is to be encoded: this is used +to flush the final block through the \s-1BIO\s0. +.PP +The flag \s-1BIO_FLAGS_BASE64_NO_NL\s0 can be set with \fIBIO_set_flags()\fR +to encode the data all on one line or expect the data to be all +on one line. +.SH "NOTES" +.IX Header "NOTES" +Because of the format of base64 encoding the end of the encoded +block cannot always be reliably determined. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_f_base64()\fR returns the base64 \s-1BIO\s0 method. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Base64 encode the string \*(L"Hello World\en\*(R" and write the result +to standard output: +.PP +.Vb 2 +\& BIO *bio, *b64; +\& char message[] = "Hello World \en"; +\& +\& b64 = BIO_new(BIO_f_base64()); +\& bio = BIO_new_fp(stdout, BIO_NOCLOSE); +\& BIO_push(b64, bio); +\& BIO_write(b64, message, strlen(message)); +\& BIO_flush(b64); +\& +\& BIO_free_all(b64); +.Ve +.PP +Read Base64 encoded data from standard input and write the decoded +data to standard output: +.PP +.Vb 3 +\& BIO *bio, *b64, *bio_out; +\& char inbuf[512]; +\& int inlen; +\& +\& b64 = BIO_new(BIO_f_base64()); +\& bio = BIO_new_fp(stdin, BIO_NOCLOSE); +\& bio_out = BIO_new_fp(stdout, BIO_NOCLOSE); +\& BIO_push(b64, bio); +\& while ((inlen = BIO_read(b64, inbuf, 512)) > 0) +\& BIO_write(bio_out, inbuf, inlen); +\& +\& BIO_flush(bio_out); +\& BIO_free_all(b64); +.Ve +.SH "BUGS" +.IX Header "BUGS" +The ambiguity of \s-1EOF\s0 in base64 encoded data can cause additional +data following the base64 encoded block to be misinterpreted. +.PP +There should be some way of specifying a test that the \s-1BIO\s0 can perform +to reliably determine \s-1EOF\s0 (for example a \s-1MIME\s0 boundary). +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/BIO_f_buffer.3 b/linux_amd64/share/man/man3/BIO_f_buffer.3 new file mode 100755 index 0000000..a53b1c6 --- /dev/null +++ b/linux_amd64/share/man/man3/BIO_f_buffer.3 @@ -0,0 +1,224 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_F_BUFFER 3" +.TH BIO_F_BUFFER 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_get_buffer_num_lines, +BIO_set_read_buffer_size, +BIO_set_write_buffer_size, +BIO_set_buffer_size, +BIO_set_buffer_read_data, +BIO_f_buffer +\&\- buffering BIO +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const BIO_METHOD *BIO_f_buffer(void); +\& +\& long BIO_get_buffer_num_lines(BIO *b); +\& long BIO_set_read_buffer_size(BIO *b, long size); +\& long BIO_set_write_buffer_size(BIO *b, long size); +\& long BIO_set_buffer_size(BIO *b, long size); +\& long BIO_set_buffer_read_data(BIO *b, void *buf, long num); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBIO_f_buffer()\fR returns the buffering \s-1BIO\s0 method. +.PP +Data written to a buffering \s-1BIO\s0 is buffered and periodically written +to the next \s-1BIO\s0 in the chain. Data read from a buffering \s-1BIO\s0 comes from +an internal buffer which is filled from the next \s-1BIO\s0 in the chain. +Both \fIBIO_gets()\fR and \fIBIO_puts()\fR are supported. +.PP +Calling \fIBIO_reset()\fR on a buffering \s-1BIO\s0 clears any buffered data. +.PP +\&\fIBIO_get_buffer_num_lines()\fR returns the number of lines currently buffered. +.PP +\&\fIBIO_set_read_buffer_size()\fR, \fIBIO_set_write_buffer_size()\fR and \fIBIO_set_buffer_size()\fR +set the read, write or both read and write buffer sizes to \fBsize\fR. The initial +buffer size is \s-1DEFAULT_BUFFER_SIZE\s0, currently 4096. Any attempt to reduce the +buffer size below \s-1DEFAULT_BUFFER_SIZE\s0 is ignored. Any buffered data is cleared +when the buffer is resized. +.PP +\&\fIBIO_set_buffer_read_data()\fR clears the read buffer and fills it with \fBnum\fR +bytes of \fBbuf\fR. If \fBnum\fR is larger than the current buffer size the buffer +is expanded. +.SH "NOTES" +.IX Header "NOTES" +These functions, other than \fIBIO_f_buffer()\fR, are implemented as macros. +.PP +Buffering BIOs implement \fIBIO_read_ex()\fR and \fIBIO_gets()\fR by using +\&\fIBIO_read_ex()\fR operations on the next \s-1BIO\s0 in the chain and storing the +result in an internal buffer, from which bytes are given back to the +caller as appropriate for the call; a \fIBIO_gets()\fR is guaranteed to give +the caller a whole line, and \fIBIO_read_ex()\fR is guaranteed to give the +caller the number of bytes it asks for, unless there's an error or end +of communication is reached in the next \s-1BIO\s0. By prepending a +buffering \s-1BIO\s0 to a chain it is therefore possible to provide +\&\fIBIO_gets()\fR or exact size \fIBIO_read_ex()\fR functionality if the following +BIOs do not support it. +.PP +Do not add more than one \fIBIO_f_buffer()\fR to a \s-1BIO\s0 chain. The result of +doing so will force a full read of the size of the internal buffer of +the top \fIBIO_f_buffer()\fR, which is 4 KiB at a minimum. +.PP +Data is only written to the next \s-1BIO\s0 in the chain when the write buffer fills +or when \fIBIO_flush()\fR is called. It is therefore important to call \fIBIO_flush()\fR +whenever any pending data should be written such as when removing a buffering +\&\s-1BIO\s0 using \fIBIO_pop()\fR. \fIBIO_flush()\fR may need to be retried if the ultimate +source/sink \s-1BIO\s0 is non blocking. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_f_buffer()\fR returns the buffering \s-1BIO\s0 method. +.PP +\&\fIBIO_get_buffer_num_lines()\fR returns the number of lines buffered (may be 0). +.PP +\&\fIBIO_set_read_buffer_size()\fR, \fIBIO_set_write_buffer_size()\fR and \fIBIO_set_buffer_size()\fR +return 1 if the buffer was successfully resized or 0 for failure. +.PP +\&\fIBIO_set_buffer_read_data()\fR returns 1 if the data was set correctly or 0 if +there was an error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIbio\fR\|(7), +\&\fIBIO_reset\fR\|(3), +\&\fIBIO_flush\fR\|(3), +\&\fIBIO_pop\fR\|(3), +\&\fIBIO_ctrl\fR\|(3). +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/BIO_f_cipher.3 b/linux_amd64/share/man/man3/BIO_f_cipher.3 new file mode 100755 index 0000000..fbf9c55 --- /dev/null +++ b/linux_amd64/share/man/man3/BIO_f_cipher.3 @@ -0,0 +1,202 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_F_CIPHER 3" +.TH BIO_F_CIPHER 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_f_cipher, BIO_set_cipher, BIO_get_cipher_status, BIO_get_cipher_ctx \- cipher BIO filter +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& #include +\& #include +\& +\& const BIO_METHOD *BIO_f_cipher(void); +\& void BIO_set_cipher(BIO *b, const EVP_CIPHER *cipher, +\& unsigned char *key, unsigned char *iv, int enc); +\& int BIO_get_cipher_status(BIO *b) +\& int BIO_get_cipher_ctx(BIO *b, EVP_CIPHER_CTX **pctx) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBIO_f_cipher()\fR returns the cipher \s-1BIO\s0 method. This is a filter +\&\s-1BIO\s0 that encrypts any data written through it, and decrypts any data +read from it. It is a \s-1BIO\s0 wrapper for the cipher routines +\&\fIEVP_CipherInit()\fR, \fIEVP_CipherUpdate()\fR and \fIEVP_CipherFinal()\fR. +.PP +Cipher BIOs do not support \fIBIO_gets()\fR or \fIBIO_puts()\fR. +.PP +\&\fIBIO_flush()\fR on an encryption \s-1BIO\s0 that is being written through is +used to signal that no more data is to be encrypted: this is used +to flush and possibly pad the final block through the \s-1BIO\s0. +.PP +\&\fIBIO_set_cipher()\fR sets the cipher of \s-1BIO\s0 \fBb\fR to \fBcipher\fR using key \fBkey\fR +and \s-1IV\s0 \fBiv\fR. \fBenc\fR should be set to 1 for encryption and zero for +decryption. +.PP +When reading from an encryption \s-1BIO\s0 the final block is automatically +decrypted and checked when \s-1EOF\s0 is detected. \fIBIO_get_cipher_status()\fR +is a \fIBIO_ctrl()\fR macro which can be called to determine whether the +decryption operation was successful. +.PP +\&\fIBIO_get_cipher_ctx()\fR is a \fIBIO_ctrl()\fR macro which retrieves the internal +\&\s-1BIO\s0 cipher context. The retrieved context can be used in conjunction +with the standard cipher routines to set it up. This is useful when +\&\fIBIO_set_cipher()\fR is not flexible enough for the applications needs. +.SH "NOTES" +.IX Header "NOTES" +When encrypting \fIBIO_flush()\fR \fBmust\fR be called to flush the final block +through the \s-1BIO\s0. If it is not then the final block will fail a subsequent +decrypt. +.PP +When decrypting an error on the final block is signaled by a zero +return value from the read operation. A successful decrypt followed +by \s-1EOF\s0 will also return zero for the final read. \fIBIO_get_cipher_status()\fR +should be called to determine if the decrypt was successful. +.PP +As always, if \fIBIO_gets()\fR or \fIBIO_puts()\fR support is needed then it can +be achieved by preceding the cipher \s-1BIO\s0 with a buffering \s-1BIO\s0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_f_cipher()\fR returns the cipher \s-1BIO\s0 method. +.PP +\&\fIBIO_set_cipher()\fR does not return a value. +.PP +\&\fIBIO_get_cipher_status()\fR returns 1 for a successful decrypt and 0 +for failure. +.PP +\&\fIBIO_get_cipher_ctx()\fR currently always returns 1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/BIO_f_md.3 b/linux_amd64/share/man/man3/BIO_f_md.3 new file mode 100755 index 0000000..cfd2878 --- /dev/null +++ b/linux_amd64/share/man/man3/BIO_f_md.3 @@ -0,0 +1,286 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_F_MD 3" +.TH BIO_F_MD 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_f_md, BIO_set_md, BIO_get_md, BIO_get_md_ctx \- message digest BIO filter +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& #include +\& #include +\& +\& const BIO_METHOD *BIO_f_md(void); +\& int BIO_set_md(BIO *b, EVP_MD *md); +\& int BIO_get_md(BIO *b, EVP_MD **mdp); +\& int BIO_get_md_ctx(BIO *b, EVP_MD_CTX **mdcp); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBIO_f_md()\fR returns the message digest \s-1BIO\s0 method. This is a filter +\&\s-1BIO\s0 that digests any data passed through it, it is a \s-1BIO\s0 wrapper +for the digest routines \fIEVP_DigestInit()\fR, \fIEVP_DigestUpdate()\fR +and \fIEVP_DigestFinal()\fR. +.PP +Any data written or read through a digest \s-1BIO\s0 using \fIBIO_read_ex()\fR and +\&\fIBIO_write_ex()\fR is digested. +.PP +\&\fIBIO_gets()\fR, if its \fBsize\fR parameter is large enough finishes the +digest calculation and returns the digest value. \fIBIO_puts()\fR is +not supported. +.PP +\&\fIBIO_reset()\fR reinitialises a digest \s-1BIO\s0. +.PP +\&\fIBIO_set_md()\fR sets the message digest of \s-1BIO\s0 \fBb\fR to \fBmd\fR: this +must be called to initialize a digest \s-1BIO\s0 before any data is +passed through it. It is a \fIBIO_ctrl()\fR macro. +.PP +\&\fIBIO_get_md()\fR places the a pointer to the digest BIOs digest method +in \fBmdp\fR, it is a \fIBIO_ctrl()\fR macro. +.PP +\&\fIBIO_get_md_ctx()\fR returns the digest BIOs context into \fBmdcp\fR. +.SH "NOTES" +.IX Header "NOTES" +The context returned by \fIBIO_get_md_ctx()\fR can be used in calls +to \fIEVP_DigestFinal()\fR and also the signature routines \fIEVP_SignFinal()\fR +and \fIEVP_VerifyFinal()\fR. +.PP +The context returned by \fIBIO_get_md_ctx()\fR is an internal context +structure. Changes made to this context will affect the digest +\&\s-1BIO\s0 itself and the context pointer will become invalid when the digest +\&\s-1BIO\s0 is freed. +.PP +After the digest has been retrieved from a digest \s-1BIO\s0 it must be +reinitialized by calling \fIBIO_reset()\fR, or \fIBIO_set_md()\fR before any more +data is passed through it. +.PP +If an application needs to call \fIBIO_gets()\fR or \fIBIO_puts()\fR through +a chain containing digest BIOs then this can be done by prepending +a buffering \s-1BIO\s0. +.PP +Calling \fIBIO_get_md_ctx()\fR will return the context and initialize the \s-1BIO\s0 +state. This allows applications to initialize the context externally +if the standard calls such as \fIBIO_set_md()\fR are not sufficiently flexible. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_f_md()\fR returns the digest \s-1BIO\s0 method. +.PP +\&\fIBIO_set_md()\fR, \fIBIO_get_md()\fR and \fIBIO_md_ctx()\fR return 1 for success and +0 for failure. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The following example creates a \s-1BIO\s0 chain containing an \s-1SHA1\s0 and \s-1MD5\s0 +digest \s-1BIO\s0 and passes the string \*(L"Hello World\*(R" through it. Error +checking has been omitted for clarity. +.PP +.Vb 2 +\& BIO *bio, *mdtmp; +\& char message[] = "Hello World"; +\& +\& bio = BIO_new(BIO_s_null()); +\& mdtmp = BIO_new(BIO_f_md()); +\& BIO_set_md(mdtmp, EVP_sha1()); +\& /* +\& * For BIO_push() we want to append the sink BIO and keep a note of +\& * the start of the chain. +\& */ +\& bio = BIO_push(mdtmp, bio); +\& mdtmp = BIO_new(BIO_f_md()); +\& BIO_set_md(mdtmp, EVP_md5()); +\& bio = BIO_push(mdtmp, bio); +\& /* Note: mdtmp can now be discarded */ +\& BIO_write(bio, message, strlen(message)); +.Ve +.PP +The next example digests data by reading through a chain instead: +.PP +.Vb 3 +\& BIO *bio, *mdtmp; +\& char buf[1024]; +\& int rdlen; +\& +\& bio = BIO_new_file(file, "rb"); +\& mdtmp = BIO_new(BIO_f_md()); +\& BIO_set_md(mdtmp, EVP_sha1()); +\& bio = BIO_push(mdtmp, bio); +\& mdtmp = BIO_new(BIO_f_md()); +\& BIO_set_md(mdtmp, EVP_md5()); +\& bio = BIO_push(mdtmp, bio); +\& do { +\& rdlen = BIO_read(bio, buf, sizeof(buf)); +\& /* Might want to do something with the data here */ +\& } while (rdlen > 0); +.Ve +.PP +This next example retrieves the message digests from a \s-1BIO\s0 chain and +outputs them. This could be used with the examples above. +.PP +.Vb 4 +\& BIO *mdtmp; +\& unsigned char mdbuf[EVP_MAX_MD_SIZE]; +\& int mdlen; +\& int i; +\& +\& mdtmp = bio; /* Assume bio has previously been set up */ +\& do { +\& EVP_MD *md; +\& +\& mdtmp = BIO_find_type(mdtmp, BIO_TYPE_MD); +\& if (!mdtmp) +\& break; +\& BIO_get_md(mdtmp, &md); +\& printf("%s digest", OBJ_nid2sn(EVP_MD_type(md))); +\& mdlen = BIO_gets(mdtmp, mdbuf, EVP_MAX_MD_SIZE); +\& for (i = 0; i < mdlen; i++) printf(":%02X", mdbuf[i]); +\& printf("\en"); +\& mdtmp = BIO_next(mdtmp); +\& } while (mdtmp); +\& +\& BIO_free_all(bio); +.Ve +.SH "BUGS" +.IX Header "BUGS" +The lack of support for \fIBIO_puts()\fR and the non standard behaviour of +\&\fIBIO_gets()\fR could be regarded as anomalous. It could be argued that \fIBIO_gets()\fR +and \fIBIO_puts()\fR should be passed to the next \s-1BIO\s0 in the chain and digest +the data passed through and that digests should be retrieved using a +separate \fIBIO_ctrl()\fR call. +.SH "HISTORY" +.IX Header "HISTORY" +Before OpenSSL 1.0.0., the call to \fIBIO_get_md_ctx()\fR would only work if the +\&\s-1BIO\s0 was initialized first. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/BIO_f_null.3 b/linux_amd64/share/man/man3/BIO_f_null.3 new file mode 100755 index 0000000..996f112 --- /dev/null +++ b/linux_amd64/share/man/man3/BIO_f_null.3 @@ -0,0 +1,162 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_F_NULL 3" +.TH BIO_F_NULL 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_f_null \- null filter +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const BIO_METHOD *BIO_f_null(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBIO_f_null()\fR returns the null filter \s-1BIO\s0 method. This is a filter \s-1BIO\s0 +that does nothing. +.PP +All requests to a null filter \s-1BIO\s0 are passed through to the next \s-1BIO\s0 in +the chain: this means that a \s-1BIO\s0 chain containing a null filter \s-1BIO\s0 +behaves just as though the \s-1BIO\s0 was not there. +.SH "NOTES" +.IX Header "NOTES" +As may be apparent a null filter \s-1BIO\s0 is not particularly useful. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_f_null()\fR returns the null filter \s-1BIO\s0 method. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/BIO_f_prefix.3 b/linux_amd64/share/man/man3/BIO_f_prefix.3 new file mode 100755 index 0000000..5e480dd --- /dev/null +++ b/linux_amd64/share/man/man3/BIO_f_prefix.3 @@ -0,0 +1,192 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_F_PREFIX 3" +.TH BIO_F_PREFIX 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_f_prefix, BIO_set_prefix, BIO_set_indent, BIO_get_indent +\&\- prefix BIO filter +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const BIO_METHOD *BIO_f_prefix(void); +\& long BIO_set_prefix(BIO *b, const char *prefix); +\& long BIO_set_indent(BIO *b, long indent); +\& long BIO_get_indent(BIO *b); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBIO_f_cipher()\fR returns the prefix \s-1BIO\s0 method. This is a filter for +text output, where each line gets automatically prefixed and indented +according to user input. +.PP +The prefix and the indentation are combined. For each line of output +going through this filter, the prefix is output first, then the amount +of additional spaces indicated by the indentation, and then the line +itself. +.PP +By default, there is no prefix, and indentation is set to 0. +.PP +\&\fIBIO_set_prefix()\fR sets the prefix to be used for future lines of +text, using \fIprefix\fR. \fIprefix\fR may be \s-1NULL\s0, signifying that there +should be no prefix. If \fIprefix\fR isn't \s-1NULL\s0, this function makes a +copy of it. +.PP +\&\fIBIO_set_indent()\fR sets the indentation to be used for future lines of +text, using \fIindent\fR. Negative values are not allowed. +.PP +\&\fIBIO_get_indent()\fR gets the current indentation. +.SH "NOTES" +.IX Header "NOTES" +\&\fIBIO_set_prefix()\fR, \fIBIO_set_indent()\fR and \fIBIO_get_indent()\fR are +implemented as macros. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_f_prefix()\fR returns the prefix \s-1BIO\s0 method. +.PP +\&\fIBIO_set_prefix()\fR returns 1 if the prefix was correctly set, or 0 on +failure. +.PP +\&\fIBIO_set_indent()\fR returns 1 if the prefix was correctly set, or 0 on +failure. +.PP +\&\fIBIO_get_indent()\fR returns the current indentation. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIbio\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/BIO_f_ssl.3 b/linux_amd64/share/man/man3/BIO_f_ssl.3 new file mode 100755 index 0000000..5e62cba --- /dev/null +++ b/linux_amd64/share/man/man3/BIO_f_ssl.3 @@ -0,0 +1,431 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_F_SSL 3" +.TH BIO_F_SSL 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_do_handshake, +BIO_f_ssl, BIO_set_ssl, BIO_get_ssl, BIO_set_ssl_mode, +BIO_set_ssl_renegotiate_bytes, +BIO_get_num_renegotiates, BIO_set_ssl_renegotiate_timeout, BIO_new_ssl, +BIO_new_ssl_connect, BIO_new_buffer_ssl_connect, BIO_ssl_copy_session_id, +BIO_ssl_shutdown \- SSL BIO +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& #include +\& #include +\& +\& const BIO_METHOD *BIO_f_ssl(void); +\& +\& long BIO_set_ssl(BIO *b, SSL *ssl, long c); +\& long BIO_get_ssl(BIO *b, SSL **sslp); +\& long BIO_set_ssl_mode(BIO *b, long client); +\& long BIO_set_ssl_renegotiate_bytes(BIO *b, long num); +\& long BIO_set_ssl_renegotiate_timeout(BIO *b, long seconds); +\& long BIO_get_num_renegotiates(BIO *b); +\& +\& BIO *BIO_new_ssl(SSL_CTX *ctx, int client); +\& BIO *BIO_new_ssl_connect(SSL_CTX *ctx); +\& BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx); +\& int BIO_ssl_copy_session_id(BIO *to, BIO *from); +\& void BIO_ssl_shutdown(BIO *bio); +\& +\& long BIO_do_handshake(BIO *b); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBIO_f_ssl()\fR returns the \s-1SSL\s0 \s-1BIO\s0 method. This is a filter \s-1BIO\s0 which +is a wrapper round the OpenSSL \s-1SSL\s0 routines adding a \s-1BIO\s0 \*(L"flavour\*(R" to +\&\s-1SSL\s0 I/O. +.PP +I/O performed on an \s-1SSL\s0 \s-1BIO\s0 communicates using the \s-1SSL\s0 protocol with +the SSLs read and write BIOs. If an \s-1SSL\s0 connection is not established +then an attempt is made to establish one on the first I/O call. +.PP +If a \s-1BIO\s0 is appended to an \s-1SSL\s0 \s-1BIO\s0 using \fIBIO_push()\fR it is automatically +used as the \s-1SSL\s0 BIOs read and write BIOs. +.PP +Calling \fIBIO_reset()\fR on an \s-1SSL\s0 \s-1BIO\s0 closes down any current \s-1SSL\s0 connection +by calling \fISSL_shutdown()\fR. \fIBIO_reset()\fR is then sent to the next \s-1BIO\s0 in +the chain: this will typically disconnect the underlying transport. +The \s-1SSL\s0 \s-1BIO\s0 is then reset to the initial accept or connect state. +.PP +If the close flag is set when an \s-1SSL\s0 \s-1BIO\s0 is freed then the internal +\&\s-1SSL\s0 structure is also freed using \fISSL_free()\fR. +.PP +\&\fIBIO_set_ssl()\fR sets the internal \s-1SSL\s0 pointer of \s-1BIO\s0 \fBb\fR to \fBssl\fR using +the close flag \fBc\fR. +.PP +\&\fIBIO_get_ssl()\fR retrieves the \s-1SSL\s0 pointer of \s-1BIO\s0 \fBb\fR, it can then be +manipulated using the standard \s-1SSL\s0 library functions. +.PP +\&\fIBIO_set_ssl_mode()\fR sets the \s-1SSL\s0 \s-1BIO\s0 mode to \fBclient\fR. If \fBclient\fR +is 1 client mode is set. If \fBclient\fR is 0 server mode is set. +.PP +\&\fIBIO_set_ssl_renegotiate_bytes()\fR sets the renegotiate byte count +to \fBnum\fR. When set after every \fBnum\fR bytes of I/O (read and write) +the \s-1SSL\s0 session is automatically renegotiated. \fBnum\fR must be at +least 512 bytes. +.PP +\&\fIBIO_set_ssl_renegotiate_timeout()\fR sets the renegotiate timeout to +\&\fBseconds\fR. When the renegotiate timeout elapses the session is +automatically renegotiated. +.PP +\&\fIBIO_get_num_renegotiates()\fR returns the total number of session +renegotiations due to I/O or timeout. +.PP +\&\fIBIO_new_ssl()\fR allocates an \s-1SSL\s0 \s-1BIO\s0 using \s-1SSL_CTX\s0 \fBctx\fR and using +client mode if \fBclient\fR is non zero. +.PP +\&\fIBIO_new_ssl_connect()\fR creates a new \s-1BIO\s0 chain consisting of an +\&\s-1SSL\s0 \s-1BIO\s0 (using \fBctx\fR) followed by a connect \s-1BIO\s0. +.PP +\&\fIBIO_new_buffer_ssl_connect()\fR creates a new \s-1BIO\s0 chain consisting +of a buffering \s-1BIO\s0, an \s-1SSL\s0 \s-1BIO\s0 (using \fBctx\fR) and a connect +\&\s-1BIO\s0. +.PP +\&\fIBIO_ssl_copy_session_id()\fR copies an \s-1SSL\s0 session id between +\&\s-1BIO\s0 chains \fBfrom\fR and \fBto\fR. It does this by locating the +\&\s-1SSL\s0 BIOs in each chain and calling \fISSL_copy_session_id()\fR on +the internal \s-1SSL\s0 pointer. +.PP +\&\fIBIO_ssl_shutdown()\fR closes down an \s-1SSL\s0 connection on \s-1BIO\s0 +chain \fBbio\fR. It does this by locating the \s-1SSL\s0 \s-1BIO\s0 in the +chain and calling \fISSL_shutdown()\fR on its internal \s-1SSL\s0 +pointer. +.PP +\&\fIBIO_do_handshake()\fR attempts to complete an \s-1SSL\s0 handshake on the +supplied \s-1BIO\s0 and establish the \s-1SSL\s0 connection. It returns 1 +if the connection was established successfully. A zero or negative +value is returned if the connection could not be established, the +call \fIBIO_should_retry()\fR should be used for non blocking connect BIOs +to determine if the call should be retried. If an \s-1SSL\s0 connection has +already been established this call has no effect. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1SSL\s0 BIOs are exceptional in that if the underlying transport +is non blocking they can still request a retry in exceptional +circumstances. Specifically this will happen if a session +renegotiation takes place during a \fIBIO_read_ex()\fR operation, one +case where this happens is when step up occurs. +.PP +The \s-1SSL\s0 flag \s-1SSL_AUTO_RETRY\s0 can be +set to disable this behaviour. That is when this flag is set +an \s-1SSL\s0 \s-1BIO\s0 using a blocking transport will never request a +retry. +.PP +Since unknown \fIBIO_ctrl()\fR operations are sent through filter +BIOs the servers name and port can be set using \fIBIO_set_host()\fR +on the \s-1BIO\s0 returned by \fIBIO_new_ssl_connect()\fR without having +to locate the connect \s-1BIO\s0 first. +.PP +Applications do not have to call \fIBIO_do_handshake()\fR but may wish +to do so to separate the handshake process from other I/O +processing. +.PP +\&\fIBIO_set_ssl()\fR, \fIBIO_get_ssl()\fR, \fIBIO_set_ssl_mode()\fR, +\&\fIBIO_set_ssl_renegotiate_bytes()\fR, \fIBIO_set_ssl_renegotiate_timeout()\fR, +\&\fIBIO_get_num_renegotiates()\fR, and \fIBIO_do_handshake()\fR are implemented as macros. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_f_ssl()\fR returns the \s-1SSL\s0 \fB\s-1BIO_METHOD\s0\fR structure. +.PP +\&\fIBIO_set_ssl()\fR, \fIBIO_get_ssl()\fR, \fIBIO_set_ssl_mode()\fR, \fIBIO_set_ssl_renegotiate_bytes()\fR, +\&\fIBIO_set_ssl_renegotiate_timeout()\fR and \fIBIO_get_num_renegotiates()\fR return 1 on +success or a value which is less than or equal to 0 if an error occurred. +.PP +\&\fIBIO_new_ssl()\fR, \fIBIO_new_ssl_connect()\fR and \fIBIO_new_buffer_ssl_connect()\fR return +a valid \fB\s-1BIO\s0\fR structure on success or \fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fIBIO_ssl_copy_session_id()\fR returns 1 on success or 0 on error. +.PP +\&\fIBIO_do_handshake()\fR returns 1 if the connection was established successfully. +A zero or negative value is returned if the connection could not be established. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This \s-1SSL/TLS\s0 client example attempts to retrieve a page from an +\&\s-1SSL/TLS\s0 web server. The I/O routines are identical to those of the +unencrypted example in \fIBIO_s_connect\fR\|(3). +.PP +.Vb 5 +\& BIO *sbio, *out; +\& int len; +\& char tmpbuf[1024]; +\& SSL_CTX *ctx; +\& SSL *ssl; +\& +\& /* XXX Seed the PRNG if needed. */ +\& +\& ctx = SSL_CTX_new(TLS_client_method()); +\& +\& /* XXX Set verify paths and mode here. */ +\& +\& sbio = BIO_new_ssl_connect(ctx); +\& BIO_get_ssl(sbio, &ssl); +\& if (ssl == NULL) { +\& fprintf(stderr, "Can\*(Aqt locate SSL pointer\en"); +\& ERR_print_errors_fp(stderr); +\& exit(1); +\& } +\& +\& /* Don\*(Aqt want any retries */ +\& SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); +\& +\& /* XXX We might want to do other things with ssl here */ +\& +\& /* An empty host part means the loopback address */ +\& BIO_set_conn_hostname(sbio, ":https"); +\& +\& out = BIO_new_fp(stdout, BIO_NOCLOSE); +\& if (BIO_do_connect(sbio) <= 0) { +\& fprintf(stderr, "Error connecting to server\en"); +\& ERR_print_errors_fp(stderr); +\& exit(1); +\& } +\& if (BIO_do_handshake(sbio) <= 0) { +\& fprintf(stderr, "Error establishing SSL connection\en"); +\& ERR_print_errors_fp(stderr); +\& exit(1); +\& } +\& +\& /* XXX Could examine ssl here to get connection info */ +\& +\& BIO_puts(sbio, "GET / HTTP/1.0\en\en"); +\& for (;;) { +\& len = BIO_read(sbio, tmpbuf, 1024); +\& if (len <= 0) +\& break; +\& BIO_write(out, tmpbuf, len); +\& } +\& BIO_free_all(sbio); +\& BIO_free(out); +.Ve +.PP +Here is a simple server example. It makes use of a buffering +\&\s-1BIO\s0 to allow lines to be read from the \s-1SSL\s0 \s-1BIO\s0 using BIO_gets. +It creates a pseudo web page containing the actual request from +a client and also echoes the request to standard output. +.PP +.Vb 5 +\& BIO *sbio, *bbio, *acpt, *out; +\& int len; +\& char tmpbuf[1024]; +\& SSL_CTX *ctx; +\& SSL *ssl; +\& +\& /* XXX Seed the PRNG if needed. */ +\& +\& ctx = SSL_CTX_new(TLS_server_method()); +\& if (!SSL_CTX_use_certificate_file(ctx, "server.pem", SSL_FILETYPE_PEM) +\& || !SSL_CTX_use_PrivateKey_file(ctx, "server.pem", SSL_FILETYPE_PEM) +\& || !SSL_CTX_check_private_key(ctx)) { +\& fprintf(stderr, "Error setting up SSL_CTX\en"); +\& ERR_print_errors_fp(stderr); +\& exit(1); +\& } +\& +\& /* XXX Other things like set verify locations, EDH temp callbacks. */ +\& +\& /* New SSL BIO setup as server */ +\& sbio = BIO_new_ssl(ctx, 0); +\& BIO_get_ssl(sbio, &ssl); +\& if (ssl == NULL) { +\& fprintf(stderr, "Can\*(Aqt locate SSL pointer\en"); +\& ERR_print_errors_fp(stderr); +\& exit(1); +\& } +\& +\& SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); +\& bbio = BIO_new(BIO_f_buffer()); +\& sbio = BIO_push(bbio, sbio); +\& acpt = BIO_new_accept("4433"); +\& +\& /* +\& * By doing this when a new connection is established +\& * we automatically have sbio inserted into it. The +\& * BIO chain is now \*(Aqswallowed\*(Aq by the accept BIO and +\& * will be freed when the accept BIO is freed. +\& */ +\& BIO_set_accept_bios(acpt, sbio); +\& out = BIO_new_fp(stdout, BIO_NOCLOSE); +\& +\& /* Setup accept BIO */ +\& if (BIO_do_accept(acpt) <= 0) { +\& fprintf(stderr, "Error setting up accept BIO\en"); +\& ERR_print_errors_fp(stderr); +\& exit(1); +\& } +\& +\& /* We only want one connection so remove and free accept BIO */ +\& sbio = BIO_pop(acpt); +\& BIO_free_all(acpt); +\& +\& if (BIO_do_handshake(sbio) <= 0) { +\& fprintf(stderr, "Error in SSL handshake\en"); +\& ERR_print_errors_fp(stderr); +\& exit(1); +\& } +\& +\& BIO_puts(sbio, "HTTP/1.0 200 OK\er\enContent\-type: text/plain\er\en\er\en"); +\& BIO_puts(sbio, "\er\enConnection Established\er\enRequest headers:\er\en"); +\& BIO_puts(sbio, "\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\er\en"); +\& +\& for (;;) { +\& len = BIO_gets(sbio, tmpbuf, 1024); +\& if (len <= 0) +\& break; +\& BIO_write(sbio, tmpbuf, len); +\& BIO_write(out, tmpbuf, len); +\& /* Look for blank line signifying end of headers*/ +\& if (tmpbuf[0] == \*(Aq\er\*(Aq || tmpbuf[0] == \*(Aq\en\*(Aq) +\& break; +\& } +\& +\& BIO_puts(sbio, "\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\er\en"); +\& BIO_puts(sbio, "\er\en"); +\& BIO_flush(sbio); +\& BIO_free_all(sbio); +.Ve +.SH "HISTORY" +.IX Header "HISTORY" +In OpenSSL before 1.0.0 the \fIBIO_pop()\fR call was handled incorrectly, +the I/O \s-1BIO\s0 reference count was incorrectly incremented (instead of +decremented) and dissociated with the \s-1SSL\s0 \s-1BIO\s0 even if the \s-1SSL\s0 \s-1BIO\s0 was not +explicitly being popped (e.g. a pop higher up the chain). Applications which +included workarounds for this bug (e.g. freeing BIOs more than once) should +be modified to handle this fix or they may free up an already freed \s-1BIO\s0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/BIO_find_type.3 b/linux_amd64/share/man/man3/BIO_find_type.3 new file mode 100755 index 0000000..5090bb6 --- /dev/null +++ b/linux_amd64/share/man/man3/BIO_find_type.3 @@ -0,0 +1,194 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_FIND_TYPE 3" +.TH BIO_FIND_TYPE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_find_type, BIO_next, BIO_method_type \- BIO chain traversal +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& BIO *BIO_find_type(BIO *b, int bio_type); +\& BIO *BIO_next(BIO *b); +\& int BIO_method_type(const BIO *b); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fIBIO_find_type()\fR searches for a \s-1BIO\s0 of a given type in a chain, starting +at \s-1BIO\s0 \fBb\fR. If \fBtype\fR is a specific type (such as \fB\s-1BIO_TYPE_MEM\s0\fR) then a search +is made for a \s-1BIO\s0 of that type. If \fBtype\fR is a general type (such as +\&\fB\s-1BIO_TYPE_SOURCE_SINK\s0\fR) then the next matching \s-1BIO\s0 of the given general type is +searched for. \fIBIO_find_type()\fR returns the next matching \s-1BIO\s0 or \s-1NULL\s0 if none is +found. +.PP +The following general types are defined: +\&\fB\s-1BIO_TYPE_DESCRIPTOR\s0\fR, \fB\s-1BIO_TYPE_FILTER\s0\fR, and \fB\s-1BIO_TYPE_SOURCE_SINK\s0\fR. +.PP +For a list of the specific types, see the \fBopenssl/bio.h\fR header file. +.PP +\&\fIBIO_next()\fR returns the next \s-1BIO\s0 in a chain. It can be used to traverse all BIOs +in a chain or used in conjunction with \fIBIO_find_type()\fR to find all BIOs of a +certain type. +.PP +\&\fIBIO_method_type()\fR returns the type of a \s-1BIO\s0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_find_type()\fR returns a matching \s-1BIO\s0 or \s-1NULL\s0 for no match. +.PP +\&\fIBIO_next()\fR returns the next \s-1BIO\s0 in a chain. +.PP +\&\fIBIO_method_type()\fR returns the type of the \s-1BIO\s0 \fBb\fR. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Traverse a chain looking for digest BIOs: +.PP +.Vb 1 +\& BIO *btmp; +\& +\& btmp = in_bio; /* in_bio is chain to search through */ +\& do { +\& btmp = BIO_find_type(btmp, BIO_TYPE_MD); +\& if (btmp == NULL) +\& break; /* Not found */ +\& /* btmp is a digest BIO, do something with it ...*/ +\& ... +\& +\& btmp = BIO_next(btmp); +\& } while (btmp); +.Ve +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/BIO_get_data.3 b/linux_amd64/share/man/man3/BIO_get_data.3 new file mode 100755 index 0000000..2fd9d74 --- /dev/null +++ b/linux_amd64/share/man/man3/BIO_get_data.3 @@ -0,0 +1,187 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_GET_DATA 3" +.TH BIO_GET_DATA 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_set_data, BIO_get_data, BIO_set_init, BIO_get_init, BIO_set_shutdown, +BIO_get_shutdown \- functions for managing BIO state information +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void BIO_set_data(BIO *a, void *ptr); +\& void *BIO_get_data(BIO *a); +\& void BIO_set_init(BIO *a, int init); +\& int BIO_get_init(BIO *a); +\& void BIO_set_shutdown(BIO *a, int shut); +\& int BIO_get_shutdown(BIO *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions are mainly useful when implementing a custom \s-1BIO\s0. +.PP +The \fIBIO_set_data()\fR function associates the custom data pointed to by \fBptr\fR with +the \s-1BIO\s0. This data can subsequently be retrieved via a call to \fIBIO_get_data()\fR. +This can be used by custom BIOs for storing implementation specific information. +.PP +The \fIBIO_set_init()\fR function sets the value of the \s-1BIO\s0's \*(L"init\*(R" flag to indicate +whether initialisation has been completed for this \s-1BIO\s0 or not. A nonzero value +indicates that initialisation is complete, whilst zero indicates that it is not. +Often initialisation will complete during initial construction of the \s-1BIO\s0. For +some BIOs however, initialisation may not complete until after additional steps +have occurred (for example through calling custom ctrls). The \fIBIO_get_init()\fR +function returns the value of the \*(L"init\*(R" flag. +.PP +The \fIBIO_set_shutdown()\fR and \fIBIO_get_shutdown()\fR functions set and get the state of +this \s-1BIO\s0's shutdown (i.e. \s-1BIO_CLOSE\s0) flag. If set then the underlying resource +is also closed when the \s-1BIO\s0 is freed. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_get_data()\fR returns a pointer to the implementation specific custom data +associated with this \s-1BIO\s0, or \s-1NULL\s0 if none has been set. +.PP +\&\fIBIO_get_init()\fR returns the state of the \s-1BIO\s0's init flag. +.PP +\&\fIBIO_get_shutdown()\fR returns the stat of the \s-1BIO\s0's shutdown (i.e. \s-1BIO_CLOSE\s0) flag. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIbio\fR\|(7), \fIBIO_meth_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/BIO_get_ex_new_index.3 b/linux_amd64/share/man/man3/BIO_get_ex_new_index.3 new file mode 100755 index 0000000..576f4a5 --- /dev/null +++ b/linux_amd64/share/man/man3/BIO_get_ex_new_index.3 @@ -0,0 +1,217 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_GET_EX_NEW_INDEX 3" +.TH BIO_GET_EX_NEW_INDEX 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_get_ex_new_index, BIO_set_ex_data, BIO_get_ex_data, +BIO_set_app_data, BIO_get_app_data, +DH_get_ex_new_index, DH_set_ex_data, DH_get_ex_data, +DSA_get_ex_new_index, DSA_set_ex_data, DSA_get_ex_data, +ECDH_get_ex_new_index, ECDH_set_ex_data, ECDH_get_ex_data, +EC_KEY_get_ex_new_index, EC_KEY_set_ex_data, EC_KEY_get_ex_data, +ENGINE_get_ex_new_index, ENGINE_set_ex_data, ENGINE_get_ex_data, +RAND_DRBG_set_ex_data, RAND_DRBG_get_ex_data, RAND_DRBG_get_ex_new_index, +RSA_get_ex_new_index, RSA_set_ex_data, RSA_get_ex_data, +RSA_set_app_data, RSA_get_app_data, +SSL_get_ex_new_index, SSL_set_ex_data, SSL_get_ex_data, +SSL_set_app_data, SSL_get_app_data, +SSL_CTX_get_ex_new_index, SSL_CTX_set_ex_data, SSL_CTX_get_ex_data, +SSL_CTX_set_app_data, SSL_CTX_get_app_data, +SSL_SESSION_get_ex_new_index, SSL_SESSION_set_ex_data, SSL_SESSION_get_ex_data, +SSL_SESSION_set_app_data, SSL_SESSION_get_app_data, +UI_get_ex_new_index, UI_set_ex_data, UI_get_ex_data, +UI_set_app_data, UI_get_app_data, +X509_STORE_CTX_get_ex_new_index, X509_STORE_CTX_set_ex_data, X509_STORE_CTX_get_ex_data, +X509_STORE_CTX_set_app_data, X509_STORE_CTX_get_app_data, +X509_STORE_get_ex_new_index, X509_STORE_set_ex_data, X509_STORE_get_ex_data, +X509_get_ex_new_index, X509_set_ex_data, X509_get_ex_data +\&\- application\-specific data +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int TYPE_get_ex_new_index(long argl, void *argp, +\& CRYPTO_EX_new *new_func, +\& CRYPTO_EX_dup *dup_func, +\& CRYPTO_EX_free *free_func); +\& +\& int TYPE_set_ex_data(TYPE *d, int idx, void *arg); +\& +\& void *TYPE_get_ex_data(TYPE *d, int idx); +\& +\& #define TYPE_set_app_data(TYPE *d, void *arg) +\& #define TYPE_get_app_data(TYPE *d) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +In the description here, \fI\s-1TYPE\s0\fR is used a placeholder +for any of the OpenSSL datatypes listed in +\&\fICRYPTO_get_ex_new_index\fR\|(3). +.PP +These functions handle application-specific data for OpenSSL data +structures. +.PP +\&\fITYPE_get_new_ex_index()\fR is a macro that calls \fICRYPTO_get_ex_new_index()\fR +with the correct \fBindex\fR value. +.PP +\&\fITYPE_set_ex_data()\fR is a function that calls \fICRYPTO_set_ex_data()\fR with +an offset into the opaque exdata part of the \s-1TYPE\s0 object. +.PP +\&\fITYPE_get_ex_data()\fR is a function that calls \fICRYPTO_get_ex_data()\fR with +an offset into the opaque exdata part of the \s-1TYPE\s0 object. +.PP +For compatibility with previous releases, the exdata index of zero is +reserved for \*(L"application data.\*(R" There are two convenience functions for +this. +\&\fITYPE_set_app_data()\fR is a macro that invokes \fITYPE_set_ex_data()\fR with +\&\fBidx\fR set to zero. +\&\fITYPE_get_app_data()\fR is a macro that invokes \fITYPE_get_ex_data()\fR with +\&\fBidx\fR set to zero. +Note that these functions are not defined for the \fB\s-1RAND_DRBG\s0\fR type because +there are no backward compatibility concerns. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fITYPE_get_new_ex_index()\fR returns a new index on success or \-1 on error. +.PP +\&\fITYPE_set_ex_data()\fR returns 1 on success or 0 on error. +.PP +\&\fITYPE_get_ex_data()\fR returns the application data or \s-1NULL\s0 if an error occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fICRYPTO_get_ex_new_index\fR\|(3). +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/BIO_meth_new.3 b/linux_amd64/share/man/man3/BIO_meth_new.3 new file mode 100755 index 0000000..21787cb --- /dev/null +++ b/linux_amd64/share/man/man3/BIO_meth_new.3 @@ -0,0 +1,286 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_METH_NEW 3" +.TH BIO_METH_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_get_new_index, +BIO_meth_new, BIO_meth_free, BIO_meth_get_read_ex, BIO_meth_set_read_ex, +BIO_meth_get_write_ex, BIO_meth_set_write_ex, BIO_meth_get_write, +BIO_meth_set_write, BIO_meth_get_read, BIO_meth_set_read, BIO_meth_get_puts, +BIO_meth_set_puts, BIO_meth_get_gets, BIO_meth_set_gets, BIO_meth_get_ctrl, +BIO_meth_set_ctrl, BIO_meth_get_create, BIO_meth_set_create, +BIO_meth_get_destroy, BIO_meth_set_destroy, BIO_meth_get_callback_ctrl, +BIO_meth_set_callback_ctrl \- Routines to build up BIO methods +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BIO_get_new_index(void); +\& +\& BIO_METHOD *BIO_meth_new(int type, const char *name); +\& +\& void BIO_meth_free(BIO_METHOD *biom); +\& +\& int (*BIO_meth_get_write_ex(const BIO_METHOD *biom))(BIO *, const char *, size_t, +\& size_t *); +\& int (*BIO_meth_get_write(const BIO_METHOD *biom))(BIO *, const char *, int); +\& int BIO_meth_set_write_ex(BIO_METHOD *biom, +\& int (*bwrite)(BIO *, const char *, size_t, size_t *)); +\& int BIO_meth_set_write(BIO_METHOD *biom, +\& int (*write)(BIO *, const char *, int)); +\& +\& int (*BIO_meth_get_read_ex(const BIO_METHOD *biom))(BIO *, char *, size_t, size_t *); +\& int (*BIO_meth_get_read(const BIO_METHOD *biom))(BIO *, char *, int); +\& int BIO_meth_set_read_ex(BIO_METHOD *biom, +\& int (*bread)(BIO *, char *, size_t, size_t *)); +\& int BIO_meth_set_read(BIO_METHOD *biom, int (*read)(BIO *, char *, int)); +\& +\& int (*BIO_meth_get_puts(const BIO_METHOD *biom))(BIO *, const char *); +\& int BIO_meth_set_puts(BIO_METHOD *biom, int (*puts)(BIO *, const char *)); +\& +\& int (*BIO_meth_get_gets(const BIO_METHOD *biom))(BIO *, char *, int); +\& int BIO_meth_set_gets(BIO_METHOD *biom, +\& int (*gets)(BIO *, char *, int)); +\& +\& long (*BIO_meth_get_ctrl(const BIO_METHOD *biom))(BIO *, int, long, void *); +\& int BIO_meth_set_ctrl(BIO_METHOD *biom, +\& long (*ctrl)(BIO *, int, long, void *)); +\& +\& int (*BIO_meth_get_create(const BIO_METHOD *bion))(BIO *); +\& int BIO_meth_set_create(BIO_METHOD *biom, int (*create)(BIO *)); +\& +\& int (*BIO_meth_get_destroy(const BIO_METHOD *biom))(BIO *); +\& int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy)(BIO *)); +\& +\& long (*BIO_meth_get_callback_ctrl(const BIO_METHOD *biom))(BIO *, int, BIO_info_cb *); +\& int BIO_meth_set_callback_ctrl(BIO_METHOD *biom, +\& long (*callback_ctrl)(BIO *, int, BIO_info_cb *)); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1BIO_METHOD\s0\fR type is a structure used for the implementation of new \s-1BIO\s0 +types. It provides a set of functions used by OpenSSL for the implementation +of the various \s-1BIO\s0 capabilities. See the \fIbio\fR\|(7) page for more information. +.PP +\&\fIBIO_meth_new()\fR creates a new \fB\s-1BIO_METHOD\s0\fR structure. It should be given a +unique integer \fBtype\fR and a string that represents its \fBname\fR. +Use \fIBIO_get_new_index()\fR to get the value for \fBtype\fR. +.PP +The set of +standard OpenSSL provided \s-1BIO\s0 types is provided in \fBbio.h\fR. Some examples +include \fB\s-1BIO_TYPE_BUFFER\s0\fR and \fB\s-1BIO_TYPE_CIPHER\s0\fR. Filter BIOs should have a +type which have the \*(L"filter\*(R" bit set (\fB\s-1BIO_TYPE_FILTER\s0\fR). Source/sink BIOs +should have the \*(L"source/sink\*(R" bit set (\fB\s-1BIO_TYPE_SOURCE_SINK\s0\fR). File descriptor +based BIOs (e.g. socket, fd, connect, accept etc) should additionally have the +\&\*(L"descriptor\*(R" bit set (\fB\s-1BIO_TYPE_DESCRIPTOR\s0\fR). See the \fIBIO_find_type\fR\|(3) page for +more information. +.PP +\&\fIBIO_meth_free()\fR destroys a \fB\s-1BIO_METHOD\s0\fR structure and frees up any memory +associated with it. +.PP +\&\fIBIO_meth_get_write_ex()\fR and \fIBIO_meth_set_write_ex()\fR get and set the function +used for writing arbitrary length data to the \s-1BIO\s0 respectively. This function +will be called in response to the application calling \fIBIO_write_ex()\fR or +\&\fIBIO_write()\fR. The parameters for the function have the same meaning as for +\&\fIBIO_write_ex()\fR. Older code may call \fIBIO_meth_get_write()\fR and +\&\fIBIO_meth_set_write()\fR instead. Applications should not call both +\&\fIBIO_meth_set_write_ex()\fR and \fIBIO_meth_set_write()\fR or call \fIBIO_meth_get_write()\fR +when the function was set with \fIBIO_meth_set_write_ex()\fR. +.PP +\&\fIBIO_meth_get_read_ex()\fR and \fIBIO_meth_set_read_ex()\fR get and set the function used +for reading arbitrary length data from the \s-1BIO\s0 respectively. This function will +be called in response to the application calling \fIBIO_read_ex()\fR or \fIBIO_read()\fR. +The parameters for the function have the same meaning as for \fIBIO_read_ex()\fR. +Older code may call \fIBIO_meth_get_read()\fR and \fIBIO_meth_set_read()\fR instead. +Applications should not call both \fIBIO_meth_set_read_ex()\fR and \fIBIO_meth_set_read()\fR +or call \fIBIO_meth_get_read()\fR when the function was set with +\&\fIBIO_meth_set_read_ex()\fR. +.PP +\&\fIBIO_meth_get_puts()\fR and \fIBIO_meth_set_puts()\fR get and set the function used for +writing a \s-1NULL\s0 terminated string to the \s-1BIO\s0 respectively. This function will be +called in response to the application calling \fIBIO_puts()\fR. The parameters for +the function have the same meaning as for \fIBIO_puts()\fR. +.PP +\&\fIBIO_meth_get_gets()\fR and \fIBIO_meth_set_gets()\fR get and set the function typically +used for reading a line of data from the \s-1BIO\s0 respectively (see the \fIBIO_gets\fR\|(3) +page for more information). This function will be called in response to the +application calling \fIBIO_gets()\fR. The parameters for the function have the same +meaning as for \fIBIO_gets()\fR. +.PP +\&\fIBIO_meth_get_ctrl()\fR and \fIBIO_meth_set_ctrl()\fR get and set the function used for +processing ctrl messages in the \s-1BIO\s0 respectively. See the \fIBIO_ctrl\fR\|(3) page for +more information. This function will be called in response to the application +calling \fIBIO_ctrl()\fR. The parameters for the function have the same meaning as for +\&\fIBIO_ctrl()\fR. +.PP +\&\fIBIO_meth_get_create()\fR and \fIBIO_meth_set_create()\fR get and set the function used +for creating a new instance of the \s-1BIO\s0 respectively. This function will be +called in response to the application calling \fIBIO_new()\fR and passing +in a pointer to the current \s-1BIO_METHOD\s0. The \fIBIO_new()\fR function will allocate the +memory for the new \s-1BIO\s0, and a pointer to this newly allocated structure will +be passed as a parameter to the function. +.PP +\&\fIBIO_meth_get_destroy()\fR and \fIBIO_meth_set_destroy()\fR get and set the function used +for destroying an instance of a \s-1BIO\s0 respectively. This function will be +called in response to the application calling \fIBIO_free()\fR. A pointer to the \s-1BIO\s0 +to be destroyed is passed as a parameter. The destroy function should be used +for \s-1BIO\s0 specific clean up. The memory for the \s-1BIO\s0 itself should not be freed by +this function. +.PP +\&\fIBIO_meth_get_callback_ctrl()\fR and \fIBIO_meth_set_callback_ctrl()\fR get and set the +function used for processing callback ctrl messages in the \s-1BIO\s0 respectively. See +the \fIBIO_callback_ctrl\fR\|(3) page for more information. This function will be called +in response to the application calling \fIBIO_callback_ctrl()\fR. The parameters for +the function have the same meaning as for \fIBIO_callback_ctrl()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_get_new_index()\fR returns the new \s-1BIO\s0 type value or \-1 if an error occurred. +.PP +BIO_meth_new(int type, const char *name) returns a valid \fB\s-1BIO_METHOD\s0\fR or \s-1NULL\s0 +if an error occurred. +.PP +The \fBBIO_meth_set\fR functions return 1 on success or 0 on error. +.PP +The \fBBIO_meth_get\fR functions return the corresponding function pointers. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIbio\fR\|(7), \fIBIO_find_type\fR\|(3), \fIBIO_ctrl\fR\|(3), \fIBIO_read_ex\fR\|(3), \fIBIO_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/BIO_new.3 b/linux_amd64/share/man/man3/BIO_new.3 new file mode 100755 index 0000000..f86f014 --- /dev/null +++ b/linux_amd64/share/man/man3/BIO_new.3 @@ -0,0 +1,194 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_NEW 3" +.TH BIO_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_new, BIO_up_ref, BIO_free, BIO_vfree, BIO_free_all +\&\- BIO allocation and freeing functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& BIO * BIO_new(const BIO_METHOD *type); +\& int BIO_up_ref(BIO *a); +\& int BIO_free(BIO *a); +\& void BIO_vfree(BIO *a); +\& void BIO_free_all(BIO *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fIBIO_new()\fR function returns a new \s-1BIO\s0 using method \fBtype\fR. +.PP +\&\fIBIO_up_ref()\fR increments the reference count associated with the \s-1BIO\s0 object. +.PP +\&\fIBIO_free()\fR frees up a single \s-1BIO\s0, \fIBIO_vfree()\fR also frees up a single \s-1BIO\s0 +but it does not return a value. +If \fBa\fR is \s-1NULL\s0 nothing is done. +Calling \fIBIO_free()\fR may also have some effect +on the underlying I/O structure, for example it may close the file being +referred to under certain circumstances. For more details see the individual +\&\s-1BIO_METHOD\s0 descriptions. +.PP +\&\fIBIO_free_all()\fR frees up an entire \s-1BIO\s0 chain, it does not halt if an error +occurs freeing up an individual \s-1BIO\s0 in the chain. +If \fBa\fR is \s-1NULL\s0 nothing is done. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_new()\fR returns a newly created \s-1BIO\s0 or \s-1NULL\s0 if the call fails. +.PP +\&\fIBIO_up_ref()\fR and \fIBIO_free()\fR return 1 for success and 0 for failure. +.PP +\&\fIBIO_free_all()\fR and \fIBIO_vfree()\fR do not return values. +.SH "NOTES" +.IX Header "NOTES" +If \fIBIO_free()\fR is called on a \s-1BIO\s0 chain it will only free one \s-1BIO\s0 resulting +in a memory leak. +.PP +Calling \fIBIO_free_all()\fR on a single \s-1BIO\s0 has the same effect as calling \fIBIO_free()\fR +on it other than the discarded return value. +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIBIO_set()\fR was removed in OpenSSL 1.1.0 as \s-1BIO\s0 type is now opaque. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Create a memory \s-1BIO:\s0 +.PP +.Vb 1 +\& BIO *mem = BIO_new(BIO_s_mem()); +.Ve +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/BIO_new_CMS.3 b/linux_amd64/share/man/man3/BIO_new_CMS.3 new file mode 100755 index 0000000..c2b3226 --- /dev/null +++ b/linux_amd64/share/man/man3/BIO_new_CMS.3 @@ -0,0 +1,195 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_NEW_CMS 3" +.TH BIO_NEW_CMS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_new_CMS \- CMS streaming filter BIO +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBIO_new_CMS()\fR returns a streaming filter \s-1BIO\s0 chain based on \fBcms\fR. The output +of the filter is written to \fBout\fR. Any data written to the chain is +automatically translated to a \s-1BER\s0 format \s-1CMS\s0 structure of the appropriate type. +.SH "NOTES" +.IX Header "NOTES" +The chain returned by this function behaves like a standard filter \s-1BIO\s0. It +supports non blocking I/O. Content is processed and streamed on the fly and not +all held in memory at once: so it is possible to encode very large structures. +After all content has been written through the chain \fIBIO_flush()\fR must be called +to finalise the structure. +.PP +The \fB\s-1CMS_STREAM\s0\fR flag must be included in the corresponding \fBflags\fR +parameter of the \fBcms\fR creation function. +.PP +If an application wishes to write additional data to \fBout\fR BIOs should be +removed from the chain using \fIBIO_pop()\fR and freed with \fIBIO_free()\fR until \fBout\fR +is reached. If no additional data needs to be written \fIBIO_free_all()\fR can be +called to free up the whole chain. +.PP +Any content written through the filter is used verbatim: no canonical +translation is performed. +.PP +It is possible to chain multiple BIOs to, for example, create a triple wrapped +signed, enveloped, signed structure. In this case it is the applications +responsibility to set the inner content type of any outer CMS_ContentInfo +structures. +.PP +Large numbers of small writes through the chain should be avoided as this will +produce an output consisting of lots of \s-1OCTET\s0 \s-1STRING\s0 structures. Prepending +a \fIBIO_f_buffer()\fR buffering \s-1BIO\s0 will prevent this. +.SH "BUGS" +.IX Header "BUGS" +There is currently no corresponding inverse \s-1BIO:\s0 i.e. one which can decode +a \s-1CMS\s0 structure on the fly. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_new_CMS()\fR returns a \s-1BIO\s0 chain when successful or \s-1NULL\s0 if an error +occurred. The error can be obtained from \fIERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3), +\&\fICMS_encrypt\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fIBIO_new_CMS()\fR function was added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/BIO_parse_hostserv.3 b/linux_amd64/share/man/man3/BIO_parse_hostserv.3 new file mode 100755 index 0000000..70e9192 --- /dev/null +++ b/linux_amd64/share/man/man3/BIO_parse_hostserv.3 @@ -0,0 +1,205 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_PARSE_HOSTSERV 3" +.TH BIO_PARSE_HOSTSERV 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_hostserv_priorities, +BIO_parse_hostserv +\&\- utility routines to parse a standard host and service string +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& enum BIO_hostserv_priorities { +\& BIO_PARSE_PRIO_HOST, BIO_PARSE_PRIO_SERV +\& }; +\& int BIO_parse_hostserv(const char *hostserv, char **host, char **service, +\& enum BIO_hostserv_priorities hostserv_prio); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBIO_parse_hostserv()\fR will parse the information given in \fBhostserv\fR, +create strings with the hostname and service name and give those +back via \fBhost\fR and \fBservice\fR. Those will need to be freed after +they are used. \fBhostserv_prio\fR helps determine if \fBhostserv\fR shall +be interpreted primarily as a hostname or a service name in ambiguous +cases. +.PP +The syntax the \fIBIO_parse_hostserv()\fR recognises is: +.PP +.Vb 7 +\& host + \*(Aq:\*(Aq + service +\& host + \*(Aq:\*(Aq + \*(Aq*\*(Aq +\& host + \*(Aq:\*(Aq +\& \*(Aq:\*(Aq + service +\& \*(Aq*\*(Aq + \*(Aq:\*(Aq + service +\& host +\& service +.Ve +.PP +The host part can be a name or an \s-1IP\s0 address. If it's a IPv6 +address, it \s-1MUST\s0 be enclosed in brackets, such as '[::1]'. +.PP +The service part can be a service name or its port number. +.PP +The returned values will depend on the given \fBhostserv\fR string +and \fBhostserv_prio\fR, as follows: +.PP +.Vb 5 +\& host + \*(Aq:\*(Aq + service => *host = "host", *service = "service" +\& host + \*(Aq:\*(Aq + \*(Aq*\*(Aq => *host = "host", *service = NULL +\& host + \*(Aq:\*(Aq => *host = "host", *service = NULL +\& \*(Aq:\*(Aq + service => *host = NULL, *service = "service" +\& \*(Aq*\*(Aq + \*(Aq:\*(Aq + service => *host = NULL, *service = "service" +\& +\& in case no \*(Aq:\*(Aq is present in the string, the result depends on +\& hostserv_prio, as follows: +\& +\& when hostserv_prio == BIO_PARSE_PRIO_HOST +\& host => *host = "host", *service untouched +\& +\& when hostserv_prio == BIO_PARSE_PRIO_SERV +\& service => *host untouched, *service = "service" +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_parse_hostserv()\fR returns 1 on success or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fIBIO_ADDRINFO\s0\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/BIO_printf.3 b/linux_amd64/share/man/man3/BIO_printf.3 new file mode 100755 index 0000000..0b2aefc --- /dev/null +++ b/linux_amd64/share/man/man3/BIO_printf.3 @@ -0,0 +1,174 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_PRINTF 3" +.TH BIO_PRINTF 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_printf, BIO_vprintf, BIO_snprintf, BIO_vsnprintf +\&\- formatted output to a BIO +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BIO_printf(BIO *bio, const char *format, ...) +\& int BIO_vprintf(BIO *bio, const char *format, va_list args) +\& +\& int BIO_snprintf(char *buf, size_t n, const char *format, ...) +\& int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBIO_printf()\fR is similar to the standard C \fIprintf()\fR function, except that +the output is sent to the specified \s-1BIO\s0, \fBbio\fR, rather than standard +output. All common format specifiers are supported. +.PP +\&\fIBIO_vprintf()\fR is similar to the \fIvprintf()\fR function found on many platforms, +the output is sent to the specified \s-1BIO\s0, \fBbio\fR, rather than standard +output. All common format specifiers are supported. The argument +list \fBargs\fR is a stdarg argument list. +.PP +\&\fIBIO_snprintf()\fR is for platforms that do not have the common \fIsnprintf()\fR +function. It is like \fIsprintf()\fR except that the size parameter, \fBn\fR, +specifies the size of the output buffer. +.PP +\&\fIBIO_vsnprintf()\fR is to \fIBIO_snprintf()\fR as \fIBIO_vprintf()\fR is to \fIBIO_printf()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All functions return the number of bytes written, or \-1 on error. +For \fIBIO_snprintf()\fR and \fIBIO_vsnprintf()\fR this includes when the output +buffer is too small. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/BIO_push.3 b/linux_amd64/share/man/man3/BIO_push.3 new file mode 100755 index 0000000..979b3e9 --- /dev/null +++ b/linux_amd64/share/man/man3/BIO_push.3 @@ -0,0 +1,215 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_PUSH 3" +.TH BIO_PUSH 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_push, BIO_pop, BIO_set_next \- add and remove BIOs from a chain +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& BIO *BIO_push(BIO *b, BIO *append); +\& BIO *BIO_pop(BIO *b); +\& void BIO_set_next(BIO *b, BIO *next); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fIBIO_push()\fR function appends the \s-1BIO\s0 \fBappend\fR to \fBb\fR, it returns +\&\fBb\fR. +.PP +\&\fIBIO_pop()\fR removes the \s-1BIO\s0 \fBb\fR from a chain and returns the next \s-1BIO\s0 +in the chain, or \s-1NULL\s0 if there is no next \s-1BIO\s0. The removed \s-1BIO\s0 then +becomes a single \s-1BIO\s0 with no association with the original chain, +it can thus be freed or attached to a different chain. +.PP +\&\fIBIO_set_next()\fR replaces the existing next \s-1BIO\s0 in a chain with the \s-1BIO\s0 pointed to +by \fBnext\fR. The new chain may include some of the same BIOs from the old chain +or it may be completely different. +.SH "NOTES" +.IX Header "NOTES" +The names of these functions are perhaps a little misleading. \fIBIO_push()\fR +joins two \s-1BIO\s0 chains whereas \fIBIO_pop()\fR deletes a single \s-1BIO\s0 from a chain, +the deleted \s-1BIO\s0 does not need to be at the end of a chain. +.PP +The process of calling \fIBIO_push()\fR and \fIBIO_pop()\fR on a \s-1BIO\s0 may have additional +consequences (a control call is made to the affected BIOs) any effects will +be noted in the descriptions of individual BIOs. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_push()\fR returns the end of the chain, \fBb\fR. +.PP +\&\fIBIO_pop()\fR returns the next \s-1BIO\s0 in the chain, or \s-1NULL\s0 if there is no next +\&\s-1BIO\s0. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +For these examples suppose \fBmd1\fR and \fBmd2\fR are digest BIOs, \fBb64\fR is +a base64 \s-1BIO\s0 and \fBf\fR is a file \s-1BIO\s0. +.PP +If the call: +.PP +.Vb 1 +\& BIO_push(b64, f); +.Ve +.PP +is made then the new chain will be \fBb64\-f\fR. After making the calls +.PP +.Vb 2 +\& BIO_push(md2, b64); +\& BIO_push(md1, md2); +.Ve +.PP +the new chain is \fBmd1\-md2\-b64\-f\fR. Data written to \fBmd1\fR will be digested +by \fBmd1\fR and \fBmd2\fR, \fBbase64\fR encoded and written to \fBf\fR. +.PP +It should be noted that reading causes data to pass in the reverse +direction, that is data is read from \fBf\fR, base64 \fBdecoded\fR and digested +by \fBmd1\fR and \fBmd2\fR. If the call: +.PP +.Vb 1 +\& BIO_pop(md2); +.Ve +.PP +The call will return \fBb64\fR and the new chain will be \fBmd1\-b64\-f\fR data can +be written to \fBmd1\fR as before. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIbio\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \fIBIO_set_next()\fR function was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/BIO_read.3 b/linux_amd64/share/man/man3/BIO_read.3 new file mode 100755 index 0000000..b9a6ad2 --- /dev/null +++ b/linux_amd64/share/man/man3/BIO_read.3 @@ -0,0 +1,218 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_READ 3" +.TH BIO_READ 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_read_ex, BIO_write_ex, BIO_read, BIO_write, BIO_gets, BIO_puts +\&\- BIO I/O functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes); +\& int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written); +\& +\& int BIO_read(BIO *b, void *data, int dlen); +\& int BIO_gets(BIO *b, char *buf, int size); +\& int BIO_write(BIO *b, const void *data, int dlen); +\& int BIO_puts(BIO *b, const char *buf); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBIO_read_ex()\fR attempts to read \fBdlen\fR bytes from \s-1BIO\s0 \fBb\fR and places the data +in \fBdata\fR. If any bytes were successfully read then the number of bytes read is +stored in \fB*readbytes\fR. +.PP +\&\fIBIO_write_ex()\fR attempts to write \fBdlen\fR bytes from \fBdata\fR to \s-1BIO\s0 \fBb\fR. If +successful then the number of bytes written is stored in \fB*written\fR. +.PP +\&\fIBIO_read()\fR attempts to read \fBlen\fR bytes from \s-1BIO\s0 \fBb\fR and places +the data in \fBbuf\fR. +.PP +\&\fIBIO_gets()\fR performs the BIOs \*(L"gets\*(R" operation and places the data +in \fBbuf\fR. Usually this operation will attempt to read a line of data +from the \s-1BIO\s0 of maximum length \fBsize\-1\fR. There are exceptions to this, +however; for example, \fIBIO_gets()\fR on a digest \s-1BIO\s0 will calculate and +return the digest and other BIOs may not support \fIBIO_gets()\fR at all. +The returned string is always NUL-terminated and the '\en' is preserved +if present in the input data. +.PP +\&\fIBIO_write()\fR attempts to write \fBlen\fR bytes from \fBbuf\fR to \s-1BIO\s0 \fBb\fR. +.PP +\&\fIBIO_puts()\fR attempts to write a NUL-terminated string \fBbuf\fR to \s-1BIO\s0 \fBb\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_read_ex()\fR and \fIBIO_write_ex()\fR return 1 if data was successfully read or +written, and 0 otherwise. +.PP +All other functions return either the amount of data successfully read or +written (if the return value is positive) or that no data was successfully +read or written if the result is 0 or \-1. If the return value is \-2 then +the operation is not implemented in the specific \s-1BIO\s0 type. The trailing +\&\s-1NUL\s0 is not included in the length returned by \fIBIO_gets()\fR. +.SH "NOTES" +.IX Header "NOTES" +A 0 or \-1 return is not necessarily an indication of an error. In +particular when the source/sink is non-blocking or of a certain type +it may merely be an indication that no data is currently available and that +the application should retry the operation later. +.PP +One technique sometimes used with blocking sockets is to use a system call +(such as \fIselect()\fR, \fIpoll()\fR or equivalent) to determine when data is available +and then call \fIread()\fR to read the data. The equivalent with BIOs (that is call +\&\fIselect()\fR on the underlying I/O structure and then call \fIBIO_read()\fR to +read the data) should \fBnot\fR be used because a single call to \fIBIO_read()\fR +can cause several reads (and writes in the case of \s-1SSL\s0 BIOs) on the underlying +I/O structure and may block as a result. Instead \fIselect()\fR (or equivalent) +should be combined with non blocking I/O so successive reads will request +a retry instead of blocking. +.PP +See \fIBIO_should_retry\fR\|(3) for details of how to +determine the cause of a retry and other I/O issues. +.PP +If the \fIBIO_gets()\fR function is not supported by a \s-1BIO\s0 then it possible to +work around this by adding a buffering \s-1BIO\s0 \fIBIO_f_buffer\fR\|(3) +to the chain. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIBIO_should_retry\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIBIO_gets()\fR on 1.1.0 and older when called on \fIBIO_fd()\fR based \s-1BIO\s0 does not +keep the '\en' at the end of the line in the buffer. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/BIO_s_accept.3 b/linux_amd64/share/man/man3/BIO_s_accept.3 new file mode 100755 index 0000000..44cbb71 --- /dev/null +++ b/linux_amd64/share/man/man3/BIO_s_accept.3 @@ -0,0 +1,360 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_S_ACCEPT 3" +.TH BIO_S_ACCEPT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_s_accept, BIO_set_accept_name, BIO_set_accept_port, BIO_get_accept_name, +BIO_get_accept_port, BIO_new_accept, BIO_set_nbio_accept, BIO_set_accept_bios, +BIO_get_peer_name, BIO_get_peer_port, +BIO_get_accept_ip_family, BIO_set_accept_ip_family, +BIO_set_bind_mode, BIO_get_bind_mode, BIO_do_accept \- accept BIO +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const BIO_METHOD *BIO_s_accept(void); +\& +\& long BIO_set_accept_name(BIO *b, char *name); +\& char *BIO_get_accept_name(BIO *b); +\& +\& long BIO_set_accept_port(BIO *b, char *port); +\& char *BIO_get_accept_port(BIO *b); +\& +\& BIO *BIO_new_accept(char *host_port); +\& +\& long BIO_set_nbio_accept(BIO *b, int n); +\& long BIO_set_accept_bios(BIO *b, char *bio); +\& +\& char *BIO_get_peer_name(BIO *b); +\& char *BIO_get_peer_port(BIO *b); +\& long BIO_get_accept_ip_family(BIO *b); +\& long BIO_set_accept_ip_family(BIO *b, long family); +\& +\& long BIO_set_bind_mode(BIO *b, long mode); +\& long BIO_get_bind_mode(BIO *b); +\& +\& int BIO_do_accept(BIO *b); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBIO_s_accept()\fR returns the accept \s-1BIO\s0 method. This is a wrapper +round the platform's \s-1TCP/IP\s0 socket accept routines. +.PP +Using accept BIOs, \s-1TCP/IP\s0 connections can be accepted and data +transferred using only \s-1BIO\s0 routines. In this way any platform +specific operations are hidden by the \s-1BIO\s0 abstraction. +.PP +Read and write operations on an accept \s-1BIO\s0 will perform I/O +on the underlying connection. If no connection is established +and the port (see below) is set up properly then the \s-1BIO\s0 +waits for an incoming connection. +.PP +Accept BIOs support \fIBIO_puts()\fR but not \fIBIO_gets()\fR. +.PP +If the close flag is set on an accept \s-1BIO\s0 then any active +connection on that chain is shutdown and the socket closed when +the \s-1BIO\s0 is freed. +.PP +Calling \fIBIO_reset()\fR on an accept \s-1BIO\s0 will close any active +connection and reset the \s-1BIO\s0 into a state where it awaits another +incoming connection. +.PP +\&\fIBIO_get_fd()\fR and \fIBIO_set_fd()\fR can be called to retrieve or set +the accept socket. See \fIBIO_s_fd\fR\|(3) +.PP +\&\fIBIO_set_accept_name()\fR uses the string \fBname\fR to set the accept +name. The name is represented as a string of the form \*(L"host:port\*(R", +where \*(L"host\*(R" is the interface to use and \*(L"port\*(R" is the port. +The host can be \*(L"*\*(R" or empty which is interpreted as meaning +any interface. If the host is an IPv6 address, it has to be +enclosed in brackets, for example \*(L"[::1]:https\*(R". \*(L"port\*(R" has the +same syntax as the port specified in \fIBIO_set_conn_port()\fR for +connect BIOs, that is it can be a numerical port string or a +string to lookup using \fIgetservbyname()\fR and a string table. +.PP +\&\fIBIO_set_accept_port()\fR uses the string \fBport\fR to set the accept +port. \*(L"port\*(R" has the same syntax as the port specified in +\&\fIBIO_set_conn_port()\fR for connect BIOs, that is it can be a numerical +port string or a string to lookup using \fIgetservbyname()\fR and a string +table. +.PP +\&\fIBIO_new_accept()\fR combines \fIBIO_new()\fR and \fIBIO_set_accept_name()\fR into +a single call: that is it creates a new accept \s-1BIO\s0 with port +\&\fBhost_port\fR. +.PP +\&\fIBIO_set_nbio_accept()\fR sets the accept socket to blocking mode +(the default) if \fBn\fR is 0 or non blocking mode if \fBn\fR is 1. +.PP +\&\fIBIO_set_accept_bios()\fR can be used to set a chain of BIOs which +will be duplicated and prepended to the chain when an incoming +connection is received. This is useful if, for example, a +buffering or \s-1SSL\s0 \s-1BIO\s0 is required for each connection. The +chain of BIOs must not be freed after this call, they will +be automatically freed when the accept \s-1BIO\s0 is freed. +.PP +\&\fIBIO_set_bind_mode()\fR and \fIBIO_get_bind_mode()\fR set and retrieve +the current bind mode. If \fB\s-1BIO_BIND_NORMAL\s0\fR (the default) is set +then another socket cannot be bound to the same port. If +\&\fB\s-1BIO_BIND_REUSEADDR\s0\fR is set then other sockets can bind to the +same port. If \fB\s-1BIO_BIND_REUSEADDR_IF_UNUSED\s0\fR is set then and +attempt is first made to use \s-1BIO_BIN_NORMAL\s0, if this fails +and the port is not in use then a second attempt is made +using \fB\s-1BIO_BIND_REUSEADDR\s0\fR. +.PP +\&\fIBIO_do_accept()\fR serves two functions. When it is first +called, after the accept \s-1BIO\s0 has been setup, it will attempt +to create the accept socket and bind an address to it. Second +and subsequent calls to \fIBIO_do_accept()\fR will await an incoming +connection, or request a retry in non blocking mode. +.SH "NOTES" +.IX Header "NOTES" +When an accept \s-1BIO\s0 is at the end of a chain it will await an +incoming connection before processing I/O calls. When an accept +\&\s-1BIO\s0 is not at then end of a chain it passes I/O calls to the next +\&\s-1BIO\s0 in the chain. +.PP +When a connection is established a new socket \s-1BIO\s0 is created for +the connection and appended to the chain. That is the chain is now +accept\->socket. This effectively means that attempting I/O on +an initial accept socket will await an incoming connection then +perform I/O on it. +.PP +If any additional BIOs have been set using \fIBIO_set_accept_bios()\fR +then they are placed between the socket and the accept \s-1BIO\s0, +that is the chain will be accept\->otherbios\->socket. +.PP +If a server wishes to process multiple connections (as is normally +the case) then the accept \s-1BIO\s0 must be made available for further +incoming connections. This can be done by waiting for a connection and +then calling: +.PP +.Vb 1 +\& connection = BIO_pop(accept); +.Ve +.PP +After this call \fBconnection\fR will contain a \s-1BIO\s0 for the recently +established connection and \fBaccept\fR will now be a single \s-1BIO\s0 +again which can be used to await further incoming connections. +If no further connections will be accepted the \fBaccept\fR can +be freed using \fIBIO_free()\fR. +.PP +If only a single connection will be processed it is possible to +perform I/O using the accept \s-1BIO\s0 itself. This is often undesirable +however because the accept \s-1BIO\s0 will still accept additional incoming +connections. This can be resolved by using \fIBIO_pop()\fR (see above) +and freeing up the accept \s-1BIO\s0 after the initial connection. +.PP +If the underlying accept socket is non-blocking and \fIBIO_do_accept()\fR is +called to await an incoming connection it is possible for +\&\fIBIO_should_io_special()\fR with the reason \s-1BIO_RR_ACCEPT\s0. If this happens +then it is an indication that an accept attempt would block: the application +should take appropriate action to wait until the underlying socket has +accepted a connection and retry the call. +.PP +\&\fIBIO_set_accept_name()\fR, \fIBIO_get_accept_name()\fR, \fIBIO_set_accept_port()\fR, +\&\fIBIO_get_accept_port()\fR, \fIBIO_set_nbio_accept()\fR, \fIBIO_set_accept_bios()\fR, +\&\fIBIO_get_peer_name()\fR, \fIBIO_get_peer_port()\fR, +\&\fIBIO_get_accept_ip_family()\fR, \fIBIO_set_accept_ip_family()\fR, +\&\fIBIO_set_bind_mode()\fR, \fIBIO_get_bind_mode()\fR and \fIBIO_do_accept()\fR are macros. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_do_accept()\fR, +\&\fIBIO_set_accept_name()\fR, \fIBIO_set_accept_port()\fR, \fIBIO_set_nbio_accept()\fR, +\&\fIBIO_set_accept_bios()\fR, \fIBIO_set_accept_ip_family()\fR, and \fIBIO_set_bind_mode()\fR +return 1 for success and 0 or \-1 for failure. +.PP +\&\fIBIO_get_accept_name()\fR returns the accept name or \s-1NULL\s0 on error. +\&\fIBIO_get_peer_name()\fR returns the peer name or \s-1NULL\s0 on error. +.PP +\&\fIBIO_get_accept_port()\fR returns the accept port as a string or \s-1NULL\s0 on error. +\&\fIBIO_get_peer_port()\fR returns the peer port as a string or \s-1NULL\s0 on error. +\&\fIBIO_get_accept_ip_family()\fR returns the \s-1IP\s0 family or \-1 on error. +.PP +\&\fIBIO_get_bind_mode()\fR returns the set of \fB\s-1BIO_BIND\s0\fR flags, or \-1 on failure. +.PP +\&\fIBIO_new_accept()\fR returns a \s-1BIO\s0 or \s-1NULL\s0 on error. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This example accepts two connections on port 4444, sends messages +down each and finally closes both down. +.PP +.Vb 1 +\& BIO *abio, *cbio, *cbio2; +\& +\& /* First call to BIO_accept() sets up accept BIO */ +\& abio = BIO_new_accept("4444"); +\& if (BIO_do_accept(abio) <= 0) { +\& fprintf(stderr, "Error setting up accept\en"); +\& ERR_print_errors_fp(stderr); +\& exit(1); +\& } +\& +\& /* Wait for incoming connection */ +\& if (BIO_do_accept(abio) <= 0) { +\& fprintf(stderr, "Error accepting connection\en"); +\& ERR_print_errors_fp(stderr); +\& exit(1); +\& } +\& fprintf(stderr, "Connection 1 established\en"); +\& +\& /* Retrieve BIO for connection */ +\& cbio = BIO_pop(abio); +\& BIO_puts(cbio, "Connection 1: Sending out Data on initial connection\en"); +\& fprintf(stderr, "Sent out data on connection 1\en"); +\& +\& /* Wait for another connection */ +\& if (BIO_do_accept(abio) <= 0) { +\& fprintf(stderr, "Error accepting connection\en"); +\& ERR_print_errors_fp(stderr); +\& exit(1); +\& } +\& fprintf(stderr, "Connection 2 established\en"); +\& +\& /* Close accept BIO to refuse further connections */ +\& cbio2 = BIO_pop(abio); +\& BIO_free(abio); +\& BIO_puts(cbio2, "Connection 2: Sending out Data on second\en"); +\& fprintf(stderr, "Sent out data on connection 2\en"); +\& +\& BIO_puts(cbio, "Connection 1: Second connection established\en"); +\& +\& /* Close the two established connections */ +\& BIO_free(cbio); +\& BIO_free(cbio2); +.Ve +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/BIO_s_bio.3 b/linux_amd64/share/man/man3/BIO_s_bio.3 new file mode 100755 index 0000000..02d3c83 --- /dev/null +++ b/linux_amd64/share/man/man3/BIO_s_bio.3 @@ -0,0 +1,323 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_S_BIO 3" +.TH BIO_S_BIO 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_s_bio, BIO_make_bio_pair, BIO_destroy_bio_pair, BIO_shutdown_wr, +BIO_set_write_buf_size, BIO_get_write_buf_size, BIO_new_bio_pair, +BIO_get_write_guarantee, BIO_ctrl_get_write_guarantee, BIO_get_read_request, +BIO_ctrl_get_read_request, BIO_ctrl_reset_read_request \- BIO pair BIO +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const BIO_METHOD *BIO_s_bio(void); +\& +\& int BIO_make_bio_pair(BIO *b1, BIO *b2); +\& int BIO_destroy_bio_pair(BIO *b); +\& int BIO_shutdown_wr(BIO *b); +\& +\& int BIO_set_write_buf_size(BIO *b, long size); +\& size_t BIO_get_write_buf_size(BIO *b, long size); +\& +\& int BIO_new_bio_pair(BIO **bio1, size_t writebuf1, BIO **bio2, size_t writebuf2); +\& +\& int BIO_get_write_guarantee(BIO *b); +\& size_t BIO_ctrl_get_write_guarantee(BIO *b); +\& int BIO_get_read_request(BIO *b); +\& size_t BIO_ctrl_get_read_request(BIO *b); +\& int BIO_ctrl_reset_read_request(BIO *b); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBIO_s_bio()\fR returns the method for a \s-1BIO\s0 pair. A \s-1BIO\s0 pair is a pair of source/sink +BIOs where data written to either half of the pair is buffered and can be read from +the other half. Both halves must usually by handled by the same application thread +since no locking is done on the internal data structures. +.PP +Since \s-1BIO\s0 chains typically end in a source/sink \s-1BIO\s0 it is possible to make this +one half of a \s-1BIO\s0 pair and have all the data processed by the chain under application +control. +.PP +One typical use of \s-1BIO\s0 pairs is to place \s-1TLS/SSL\s0 I/O under application control, this +can be used when the application wishes to use a non standard transport for +\&\s-1TLS/SSL\s0 or the normal socket routines are inappropriate. +.PP +Calls to \fIBIO_read_ex()\fR will read data from the buffer or request a retry if no +data is available. +.PP +Calls to \fIBIO_write_ex()\fR will place data in the buffer or request a retry if the +buffer is full. +.PP +The standard calls \fIBIO_ctrl_pending()\fR and \fIBIO_ctrl_wpending()\fR can be used to +determine the amount of pending data in the read or write buffer. +.PP +\&\fIBIO_reset()\fR clears any data in the write buffer. +.PP +\&\fIBIO_make_bio_pair()\fR joins two separate BIOs into a connected pair. +.PP +\&\fIBIO_destroy_pair()\fR destroys the association between two connected BIOs. Freeing +up any half of the pair will automatically destroy the association. +.PP +\&\fIBIO_shutdown_wr()\fR is used to close down a \s-1BIO\s0 \fBb\fR. After this call no further +writes on \s-1BIO\s0 \fBb\fR are allowed (they will return an error). Reads on the other +half of the pair will return any pending data or \s-1EOF\s0 when all pending data has +been read. +.PP +\&\fIBIO_set_write_buf_size()\fR sets the write buffer size of \s-1BIO\s0 \fBb\fR to \fBsize\fR. +If the size is not initialized a default value is used. This is currently +17K, sufficient for a maximum size \s-1TLS\s0 record. +.PP +\&\fIBIO_get_write_buf_size()\fR returns the size of the write buffer. +.PP +\&\fIBIO_new_bio_pair()\fR combines the calls to \fIBIO_new()\fR, \fIBIO_make_bio_pair()\fR and +\&\fIBIO_set_write_buf_size()\fR to create a connected pair of BIOs \fBbio1\fR, \fBbio2\fR +with write buffer sizes \fBwritebuf1\fR and \fBwritebuf2\fR. If either size is +zero then the default size is used. \fIBIO_new_bio_pair()\fR does not check whether +\&\fBbio1\fR or \fBbio2\fR do point to some other \s-1BIO\s0, the values are overwritten, +\&\fIBIO_free()\fR is not called. +.PP +\&\fIBIO_get_write_guarantee()\fR and \fIBIO_ctrl_get_write_guarantee()\fR return the maximum +length of data that can be currently written to the \s-1BIO\s0. Writes larger than this +value will return a value from \fIBIO_write_ex()\fR less than the amount requested or +if the buffer is full request a retry. \fIBIO_ctrl_get_write_guarantee()\fR is a +function whereas \fIBIO_get_write_guarantee()\fR is a macro. +.PP +\&\fIBIO_get_read_request()\fR and \fIBIO_ctrl_get_read_request()\fR return the +amount of data requested, or the buffer size if it is less, if the +last read attempt at the other half of the \s-1BIO\s0 pair failed due to an +empty buffer. This can be used to determine how much data should be +written to the \s-1BIO\s0 so the next read will succeed: this is most useful +in \s-1TLS/SSL\s0 applications where the amount of data read is usually +meaningful rather than just a buffer size. After a successful read +this call will return zero. It also will return zero once new data +has been written satisfying the read request or part of it. +Note that \fIBIO_get_read_request()\fR never returns an amount larger +than that returned by \fIBIO_get_write_guarantee()\fR. +.PP +\&\fIBIO_ctrl_reset_read_request()\fR can also be used to reset the value returned by +\&\fIBIO_get_read_request()\fR to zero. +.SH "NOTES" +.IX Header "NOTES" +Both halves of a \s-1BIO\s0 pair should be freed. That is even if one half is implicit +freed due to a \fIBIO_free_all()\fR or \fISSL_free()\fR call the other half needs to be freed. +.PP +When used in bidirectional applications (such as \s-1TLS/SSL\s0) care should be taken to +flush any data in the write buffer. This can be done by calling \fIBIO_pending()\fR +on the other half of the pair and, if any data is pending, reading it and sending +it to the underlying transport. This must be done before any normal processing +(such as calling \fIselect()\fR ) due to a request and \fIBIO_should_read()\fR being true. +.PP +To see why this is important consider a case where a request is sent using +\&\fIBIO_write_ex()\fR and a response read with \fIBIO_read_ex()\fR, this can occur during an +\&\s-1TLS/SSL\s0 handshake for example. \fIBIO_write_ex()\fR will succeed and place data in the +write buffer. \fIBIO_read_ex()\fR will initially fail and \fIBIO_should_read()\fR will be +true. If the application then waits for data to be available on the underlying +transport before flushing the write buffer it will never succeed because the +request was never sent! +.PP +\&\fIBIO_eof()\fR is true if no data is in the peer \s-1BIO\s0 and the peer \s-1BIO\s0 has been +shutdown. +.PP +\&\fIBIO_make_bio_pair()\fR, \fIBIO_destroy_bio_pair()\fR, \fIBIO_shutdown_wr()\fR, +\&\fIBIO_set_write_buf_size()\fR, \fIBIO_get_write_buf_size()\fR, +\&\fIBIO_get_write_guarantee()\fR, and \fIBIO_get_read_request()\fR are implemented +as macros. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_new_bio_pair()\fR returns 1 on success, with the new BIOs available in +\&\fBbio1\fR and \fBbio2\fR, or 0 on failure, with \s-1NULL\s0 pointers stored into the +locations for \fBbio1\fR and \fBbio2\fR. Check the error stack for more information. +.PP +[\s-1XXXXX:\s0 More return values need to be added here] +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The \s-1BIO\s0 pair can be used to have full control over the network access of an +application. The application can call \fIselect()\fR on the socket as required +without having to go through the SSL-interface. +.PP +.Vb 1 +\& BIO *internal_bio, *network_bio; +\& +\& ... +\& BIO_new_bio_pair(&internal_bio, 0, &network_bio, 0); +\& SSL_set_bio(ssl, internal_bio, internal_bio); +\& SSL_operations(); /* e.g SSL_read and SSL_write */ +\& ... +\& +\& application | TLS\-engine +\& | | +\& +\-\-\-\-\-\-\-\-\-\-> SSL_operations() +\& | /\e || +\& | || \e/ +\& | BIO\-pair (internal_bio) +\& | BIO\-pair (network_bio) +\& | || /\e +\& | \e/ || +\& +\-\-\-\-\-\-\-\-\-\-\-< BIO_operations() +\& | | +\& | | +\& socket +\& +\& ... +\& SSL_free(ssl); /* implicitly frees internal_bio */ +\& BIO_free(network_bio); +\& ... +.Ve +.PP +As the \s-1BIO\s0 pair will only buffer the data and never directly access the +connection, it behaves non-blocking and will return as soon as the write +buffer is full or the read buffer is drained. Then the application has to +flush the write buffer and/or fill the read buffer. +.PP +Use the \fIBIO_ctrl_pending()\fR, to find out whether data is buffered in the \s-1BIO\s0 +and must be transferred to the network. Use \fIBIO_ctrl_get_read_request()\fR to +find out, how many bytes must be written into the buffer before the +\&\fISSL_operation()\fR can successfully be continued. +.SH "WARNINGS" +.IX Header "WARNINGS" +As the data is buffered, \fISSL_operation()\fR may return with an \s-1ERROR_SSL_WANT_READ\s0 +condition, but there is still data in the write buffer. An application must +not rely on the error value of \fISSL_operation()\fR but must assure that the +write buffer is always flushed first. Otherwise a deadlock may occur as +the peer might be waiting for the data before being able to continue. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fISSL_set_bio\fR\|(3), \fIssl\fR\|(7), \fIbio\fR\|(7), +\&\fIBIO_should_retry\fR\|(3), \fIBIO_read_ex\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/BIO_s_connect.3 b/linux_amd64/share/man/man3/BIO_s_connect.3 new file mode 100755 index 0000000..0c0dcf5 --- /dev/null +++ b/linux_amd64/share/man/man3/BIO_s_connect.3 @@ -0,0 +1,333 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_S_CONNECT 3" +.TH BIO_S_CONNECT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_set_conn_address, BIO_get_conn_address, +BIO_s_connect, BIO_new_connect, BIO_set_conn_hostname, BIO_set_conn_port, +BIO_set_conn_ip_family, BIO_get_conn_ip_family, +BIO_get_conn_hostname, BIO_get_conn_port, +BIO_set_nbio, BIO_do_connect \- connect BIO +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const BIO_METHOD * BIO_s_connect(void); +\& +\& BIO *BIO_new_connect(char *name); +\& +\& long BIO_set_conn_hostname(BIO *b, char *name); +\& long BIO_set_conn_port(BIO *b, char *port); +\& long BIO_set_conn_address(BIO *b, BIO_ADDR *addr); +\& long BIO_set_conn_ip_family(BIO *b, long family); +\& const char *BIO_get_conn_hostname(BIO *b); +\& const char *BIO_get_conn_port(BIO *b); +\& const BIO_ADDR *BIO_get_conn_address(BIO *b); +\& const long BIO_get_conn_ip_family(BIO *b); +\& +\& long BIO_set_nbio(BIO *b, long n); +\& +\& int BIO_do_connect(BIO *b); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBIO_s_connect()\fR returns the connect \s-1BIO\s0 method. This is a wrapper +round the platform's \s-1TCP/IP\s0 socket connection routines. +.PP +Using connect BIOs, \s-1TCP/IP\s0 connections can be made and data +transferred using only \s-1BIO\s0 routines. In this way any platform +specific operations are hidden by the \s-1BIO\s0 abstraction. +.PP +Read and write operations on a connect \s-1BIO\s0 will perform I/O +on the underlying connection. If no connection is established +and the port and hostname (see below) is set up properly then +a connection is established first. +.PP +Connect BIOs support \fIBIO_puts()\fR but not \fIBIO_gets()\fR. +.PP +If the close flag is set on a connect \s-1BIO\s0 then any active +connection is shutdown and the socket closed when the \s-1BIO\s0 +is freed. +.PP +Calling \fIBIO_reset()\fR on a connect \s-1BIO\s0 will close any active +connection and reset the \s-1BIO\s0 into a state where it can connect +to the same host again. +.PP +\&\fIBIO_get_fd()\fR places the underlying socket in \fBc\fR if it is not \s-1NULL\s0, +it also returns the socket . If \fBc\fR is not \s-1NULL\s0 it should be of +type (int *). +.PP +\&\fIBIO_set_conn_hostname()\fR uses the string \fBname\fR to set the hostname. +The hostname can be an \s-1IP\s0 address; if the address is an IPv6 one, it +must be enclosed with brackets. The hostname can also include the +port in the form hostname:port. +.PP +\&\fIBIO_set_conn_port()\fR sets the port to \fBport\fR. \fBport\fR can be the +numerical form or a string such as \*(L"http\*(R". A string will be looked +up first using \fIgetservbyname()\fR on the host platform but if that +fails a standard table of port names will be used. This internal +list is http, telnet, socks, https, ssl, ftp, and gopher. +.PP +\&\fIBIO_set_conn_address()\fR sets the address and port information using +a \s-1\fIBIO_ADDR\s0\fR\|(3ssl). +.PP +\&\fIBIO_set_conn_ip_family()\fR sets the \s-1IP\s0 family. +.PP +\&\fIBIO_get_conn_hostname()\fR returns the hostname of the connect \s-1BIO\s0 or +\&\s-1NULL\s0 if the \s-1BIO\s0 is initialized but no hostname is set. +This return value is an internal pointer which should not be modified. +.PP +\&\fIBIO_get_conn_port()\fR returns the port as a string. +This return value is an internal pointer which should not be modified. +.PP +\&\fIBIO_get_conn_address()\fR returns the address information as a \s-1BIO_ADDR\s0. +This return value is an internal pointer which should not be modified. +.PP +\&\fIBIO_get_conn_ip_family()\fR returns the \s-1IP\s0 family of the connect \s-1BIO\s0. +.PP +\&\fIBIO_set_nbio()\fR sets the non blocking I/O flag to \fBn\fR. If \fBn\fR is +zero then blocking I/O is set. If \fBn\fR is 1 then non blocking I/O +is set. Blocking I/O is the default. The call to \fIBIO_set_nbio()\fR +should be made before the connection is established because +non blocking I/O is set during the connect process. +.PP +\&\fIBIO_new_connect()\fR combines \fIBIO_new()\fR and \fIBIO_set_conn_hostname()\fR into +a single call: that is it creates a new connect \s-1BIO\s0 with \fBname\fR. +.PP +\&\fIBIO_do_connect()\fR attempts to connect the supplied \s-1BIO\s0. It returns 1 +if the connection was established successfully. A zero or negative +value is returned if the connection could not be established, the +call \fIBIO_should_retry()\fR should be used for non blocking connect BIOs +to determine if the call should be retried. +.SH "NOTES" +.IX Header "NOTES" +If blocking I/O is set then a non positive return value from any +I/O call is caused by an error condition, although a zero return +will normally mean that the connection was closed. +.PP +If the port name is supplied as part of the hostname then this will +override any value set with \fIBIO_set_conn_port()\fR. This may be undesirable +if the application does not wish to allow connection to arbitrary +ports. This can be avoided by checking for the presence of the ':' +character in the passed hostname and either indicating an error or +truncating the string at that point. +.PP +The values returned by \fIBIO_get_conn_hostname()\fR, \fIBIO_get_conn_address()\fR, +and \fIBIO_get_conn_port()\fR are updated when a connection attempt is made. +Before any connection attempt the values returned are those set by the +application itself. +.PP +Applications do not have to call \fIBIO_do_connect()\fR but may wish to do +so to separate the connection process from other I/O processing. +.PP +If non blocking I/O is set then retries will be requested as appropriate. +.PP +It addition to \fIBIO_should_read()\fR and \fIBIO_should_write()\fR it is also +possible for \fIBIO_should_io_special()\fR to be true during the initial +connection process with the reason \s-1BIO_RR_CONNECT\s0. If this is returned +then this is an indication that a connection attempt would block, +the application should then take appropriate action to wait until +the underlying socket has connected and retry the call. +.PP +\&\fIBIO_set_conn_hostname()\fR, \fIBIO_set_conn_port()\fR, \fIBIO_get_conn_hostname()\fR, +\&\fIBIO_set_conn_address()\fR, \fIBIO_get_conn_port()\fR, \fIBIO_get_conn_address()\fR, +\&\fIBIO_set_conn_ip_family()\fR, \fIBIO_get_conn_ip_family()\fR, +\&\fIBIO_set_nbio()\fR, and \fIBIO_do_connect()\fR are macros. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_s_connect()\fR returns the connect \s-1BIO\s0 method. +.PP +\&\fIBIO_get_fd()\fR returns the socket or \-1 if the \s-1BIO\s0 has not +been initialized. +.PP +\&\fIBIO_set_conn_address()\fR, \fIBIO_set_conn_port()\fR, and \fIBIO_set_conn_ip_family()\fR +always return 1. +.PP +\&\fIBIO_set_conn_hostname()\fR returns 1 on success and 0 on failure. +.PP +\&\fIBIO_get_conn_address()\fR returns the address information or \s-1NULL\s0 if none +was set. +.PP +\&\fIBIO_get_conn_hostname()\fR returns the connected hostname or \s-1NULL\s0 if +none was set. +.PP +\&\fIBIO_get_conn_ip_family()\fR returns the address family or \-1 if none was set. +.PP +\&\fIBIO_get_conn_port()\fR returns a string representing the connected +port or \s-1NULL\s0 if not set. +.PP +\&\fIBIO_set_nbio()\fR always returns 1. +.PP +\&\fIBIO_do_connect()\fR returns 1 if the connection was successfully +established and 0 or \-1 if the connection failed. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This is example connects to a webserver on the local host and attempts +to retrieve a page and copy the result to standard output. +.PP +.Vb 3 +\& BIO *cbio, *out; +\& int len; +\& char tmpbuf[1024]; +\& +\& cbio = BIO_new_connect("localhost:http"); +\& out = BIO_new_fp(stdout, BIO_NOCLOSE); +\& if (BIO_do_connect(cbio) <= 0) { +\& fprintf(stderr, "Error connecting to server\en"); +\& ERR_print_errors_fp(stderr); +\& exit(1); +\& } +\& BIO_puts(cbio, "GET / HTTP/1.0\en\en"); +\& for (;;) { +\& len = BIO_read(cbio, tmpbuf, 1024); +\& if (len <= 0) +\& break; +\& BIO_write(out, tmpbuf, len); +\& } +\& BIO_free(cbio); +\& BIO_free(out); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fIBIO_ADDR\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIBIO_set_conn_int_port()\fR, \fIBIO_get_conn_int_port()\fR, \fIBIO_set_conn_ip()\fR, and \fIBIO_get_conn_ip()\fR +were removed in OpenSSL 1.1.0. +Use \fIBIO_set_conn_address()\fR and \fIBIO_get_conn_address()\fR instead. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/BIO_s_fd.3 b/linux_amd64/share/man/man3/BIO_s_fd.3 new file mode 100755 index 0000000..a0b1c2d --- /dev/null +++ b/linux_amd64/share/man/man3/BIO_s_fd.3 @@ -0,0 +1,221 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_S_FD 3" +.TH BIO_S_FD 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_s_fd, BIO_set_fd, BIO_get_fd, BIO_new_fd \- file descriptor BIO +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const BIO_METHOD *BIO_s_fd(void); +\& +\& int BIO_set_fd(BIO *b, int fd, int c); +\& int BIO_get_fd(BIO *b, int *c); +\& +\& BIO *BIO_new_fd(int fd, int close_flag); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBIO_s_fd()\fR returns the file descriptor \s-1BIO\s0 method. This is a wrapper +round the platforms file descriptor routines such as \fIread()\fR and \fIwrite()\fR. +.PP +\&\fIBIO_read_ex()\fR and \fIBIO_write_ex()\fR read or write the underlying descriptor. +\&\fIBIO_puts()\fR is supported but \fIBIO_gets()\fR is not. +.PP +If the close flag is set then \fIclose()\fR is called on the underlying +file descriptor when the \s-1BIO\s0 is freed. +.PP +\&\fIBIO_reset()\fR attempts to change the file pointer to the start of file +such as by using \fBlseek(fd, 0, 0)\fR. +.PP +\&\fIBIO_seek()\fR sets the file pointer to position \fBofs\fR from start of file +such as by using \fBlseek(fd, ofs, 0)\fR. +.PP +\&\fIBIO_tell()\fR returns the current file position such as by calling +\&\fBlseek(fd, 0, 1)\fR. +.PP +\&\fIBIO_set_fd()\fR sets the file descriptor of \s-1BIO\s0 \fBb\fR to \fBfd\fR and the close +flag to \fBc\fR. +.PP +\&\fIBIO_get_fd()\fR places the file descriptor in \fBc\fR if it is not \s-1NULL\s0, it also +returns the file descriptor. +.PP +\&\fIBIO_new_fd()\fR returns a file descriptor \s-1BIO\s0 using \fBfd\fR and \fBclose_flag\fR. +.SH "NOTES" +.IX Header "NOTES" +The behaviour of \fIBIO_read_ex()\fR and \fIBIO_write_ex()\fR depends on the behavior of the +platforms \fIread()\fR and \fIwrite()\fR calls on the descriptor. If the underlying +file descriptor is in a non blocking mode then the \s-1BIO\s0 will behave in the +manner described in the \fIBIO_read_ex\fR\|(3) and \fIBIO_should_retry\fR\|(3) +manual pages. +.PP +File descriptor BIOs should not be used for socket I/O. Use socket BIOs +instead. +.PP +\&\fIBIO_set_fd()\fR and \fIBIO_get_fd()\fR are implemented as macros. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_s_fd()\fR returns the file descriptor \s-1BIO\s0 method. +.PP +\&\fIBIO_set_fd()\fR always returns 1. +.PP +\&\fIBIO_get_fd()\fR returns the file descriptor or \-1 if the \s-1BIO\s0 has not +been initialized. +.PP +\&\fIBIO_new_fd()\fR returns the newly allocated \s-1BIO\s0 or \s-1NULL\s0 is an error +occurred. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This is a file descriptor \s-1BIO\s0 version of \*(L"Hello World\*(R": +.PP +.Vb 1 +\& BIO *out; +\& +\& out = BIO_new_fd(fileno(stdout), BIO_NOCLOSE); +\& BIO_printf(out, "Hello World\en"); +\& BIO_free(out); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIBIO_seek\fR\|(3), \fIBIO_tell\fR\|(3), +\&\fIBIO_reset\fR\|(3), \fIBIO_read_ex\fR\|(3), +\&\fIBIO_write_ex\fR\|(3), \fIBIO_puts\fR\|(3), +\&\fIBIO_gets\fR\|(3), \fIBIO_printf\fR\|(3), +\&\fIBIO_set_close\fR\|(3), \fIBIO_get_close\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/BIO_s_file.3 b/linux_amd64/share/man/man3/BIO_s_file.3 new file mode 100755 index 0000000..f031903 --- /dev/null +++ b/linux_amd64/share/man/man3/BIO_s_file.3 @@ -0,0 +1,296 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_S_FILE 3" +.TH BIO_S_FILE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_s_file, BIO_new_file, BIO_new_fp, BIO_set_fp, BIO_get_fp, +BIO_read_filename, BIO_write_filename, BIO_append_filename, +BIO_rw_filename \- FILE bio +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const BIO_METHOD *BIO_s_file(void); +\& BIO *BIO_new_file(const char *filename, const char *mode); +\& BIO *BIO_new_fp(FILE *stream, int flags); +\& +\& BIO_set_fp(BIO *b, FILE *fp, int flags); +\& BIO_get_fp(BIO *b, FILE **fpp); +\& +\& int BIO_read_filename(BIO *b, char *name) +\& int BIO_write_filename(BIO *b, char *name) +\& int BIO_append_filename(BIO *b, char *name) +\& int BIO_rw_filename(BIO *b, char *name) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBIO_s_file()\fR returns the \s-1BIO\s0 file method. As its name implies it +is a wrapper round the stdio \s-1FILE\s0 structure and it is a +source/sink \s-1BIO\s0. +.PP +Calls to \fIBIO_read_ex()\fR and \fIBIO_write_ex()\fR read and write data to the +underlying stream. \fIBIO_gets()\fR and \fIBIO_puts()\fR are supported on file BIOs. +.PP +\&\fIBIO_flush()\fR on a file \s-1BIO\s0 calls the \fIfflush()\fR function on the wrapped +stream. +.PP +\&\fIBIO_reset()\fR attempts to change the file pointer to the start of file +using fseek(stream, 0, 0). +.PP +\&\fIBIO_seek()\fR sets the file pointer to position \fBofs\fR from start of file +using fseek(stream, ofs, 0). +.PP +\&\fIBIO_eof()\fR calls \fIfeof()\fR. +.PP +Setting the \s-1BIO_CLOSE\s0 flag calls \fIfclose()\fR on the stream when the \s-1BIO\s0 +is freed. +.PP +\&\fIBIO_new_file()\fR creates a new file \s-1BIO\s0 with mode \fBmode\fR the meaning +of \fBmode\fR is the same as the stdio function \fIfopen()\fR. The \s-1BIO_CLOSE\s0 +flag is set on the returned \s-1BIO\s0. +.PP +\&\fIBIO_new_fp()\fR creates a file \s-1BIO\s0 wrapping \fBstream\fR. Flags can be: +\&\s-1BIO_CLOSE\s0, \s-1BIO_NOCLOSE\s0 (the close flag) \s-1BIO_FP_TEXT\s0 (sets the underlying +stream to text mode, default is binary: this only has any effect under +Win32). +.PP +\&\fIBIO_set_fp()\fR sets the fp of a file \s-1BIO\s0 to \fBfp\fR. \fBflags\fR has the same +meaning as in \fIBIO_new_fp()\fR, it is a macro. +.PP +\&\fIBIO_get_fp()\fR retrieves the fp of a file \s-1BIO\s0, it is a macro. +.PP +\&\fIBIO_seek()\fR is a macro that sets the position pointer to \fBoffset\fR bytes +from the start of file. +.PP +\&\fIBIO_tell()\fR returns the value of the position pointer. +.PP +\&\fIBIO_read_filename()\fR, \fIBIO_write_filename()\fR, \fIBIO_append_filename()\fR and +\&\fIBIO_rw_filename()\fR set the file \s-1BIO\s0 \fBb\fR to use file \fBname\fR for +reading, writing, append or read write respectively. +.SH "NOTES" +.IX Header "NOTES" +When wrapping stdout, stdin or stderr the underlying stream should not +normally be closed so the \s-1BIO_NOCLOSE\s0 flag should be set. +.PP +Because the file \s-1BIO\s0 calls the underlying stdio functions any quirks +in stdio behaviour will be mirrored by the corresponding \s-1BIO\s0. +.PP +On Windows BIO_new_files reserves for the filename argument to be +\&\s-1UTF\-8\s0 encoded. In other words if you have to make it work in multi\- +lingual environment, encode filenames in \s-1UTF\-8\s0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_s_file()\fR returns the file \s-1BIO\s0 method. +.PP +\&\fIBIO_new_file()\fR and \fIBIO_new_fp()\fR return a file \s-1BIO\s0 or \s-1NULL\s0 if an error +occurred. +.PP +\&\fIBIO_set_fp()\fR and \fIBIO_get_fp()\fR return 1 for success or 0 for failure +(although the current implementation never return 0). +.PP +\&\fIBIO_seek()\fR returns the same value as the underlying \fIfseek()\fR function: +0 for success or \-1 for failure. +.PP +\&\fIBIO_tell()\fR returns the current file position. +.PP +\&\fIBIO_read_filename()\fR, \fIBIO_write_filename()\fR, \fIBIO_append_filename()\fR and +\&\fIBIO_rw_filename()\fR return 1 for success or 0 for failure. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +File \s-1BIO\s0 \*(L"hello world\*(R": +.PP +.Vb 1 +\& BIO *bio_out; +\& +\& bio_out = BIO_new_fp(stdout, BIO_NOCLOSE); +\& BIO_printf(bio_out, "Hello World\en"); +.Ve +.PP +Alternative technique: +.PP +.Vb 1 +\& BIO *bio_out; +\& +\& bio_out = BIO_new(BIO_s_file()); +\& if (bio_out == NULL) +\& /* Error */ +\& if (!BIO_set_fp(bio_out, stdout, BIO_NOCLOSE)) +\& /* Error */ +\& BIO_printf(bio_out, "Hello World\en"); +.Ve +.PP +Write to a file: +.PP +.Vb 1 +\& BIO *out; +\& +\& out = BIO_new_file("filename.txt", "w"); +\& if (!out) +\& /* Error */ +\& BIO_printf(out, "Hello World\en"); +\& BIO_free(out); +.Ve +.PP +Alternative technique: +.PP +.Vb 1 +\& BIO *out; +\& +\& out = BIO_new(BIO_s_file()); +\& if (out == NULL) +\& /* Error */ +\& if (!BIO_write_filename(out, "filename.txt")) +\& /* Error */ +\& BIO_printf(out, "Hello World\en"); +\& BIO_free(out); +.Ve +.SH "BUGS" +.IX Header "BUGS" +\&\fIBIO_reset()\fR and \fIBIO_seek()\fR are implemented using \fIfseek()\fR on the underlying +stream. The return value for \fIfseek()\fR is 0 for success or \-1 if an error +occurred this differs from other types of \s-1BIO\s0 which will typically return +1 for success and a non positive value if an error occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIBIO_seek\fR\|(3), \fIBIO_tell\fR\|(3), +\&\fIBIO_reset\fR\|(3), \fIBIO_flush\fR\|(3), +\&\fIBIO_read_ex\fR\|(3), +\&\fIBIO_write_ex\fR\|(3), \fIBIO_puts\fR\|(3), +\&\fIBIO_gets\fR\|(3), \fIBIO_printf\fR\|(3), +\&\fIBIO_set_close\fR\|(3), \fIBIO_get_close\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/BIO_s_mem.3 b/linux_amd64/share/man/man3/BIO_s_mem.3 new file mode 100755 index 0000000..e38659e --- /dev/null +++ b/linux_amd64/share/man/man3/BIO_s_mem.3 @@ -0,0 +1,290 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_S_MEM 3" +.TH BIO_S_MEM 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_s_secmem, +BIO_s_mem, BIO_set_mem_eof_return, BIO_get_mem_data, BIO_set_mem_buf, +BIO_get_mem_ptr, BIO_new_mem_buf \- memory BIO +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const BIO_METHOD *BIO_s_mem(void); +\& const BIO_METHOD *BIO_s_secmem(void); +\& +\& BIO_set_mem_eof_return(BIO *b, int v) +\& long BIO_get_mem_data(BIO *b, char **pp) +\& BIO_set_mem_buf(BIO *b, BUF_MEM *bm, int c) +\& BIO_get_mem_ptr(BIO *b, BUF_MEM **pp) +\& +\& BIO *BIO_new_mem_buf(const void *buf, int len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBIO_s_mem()\fR returns the memory \s-1BIO\s0 method function. +.PP +A memory \s-1BIO\s0 is a source/sink \s-1BIO\s0 which uses memory for its I/O. Data +written to a memory \s-1BIO\s0 is stored in a \s-1BUF_MEM\s0 structure which is extended +as appropriate to accommodate the stored data. +.PP +\&\fIBIO_s_secmem()\fR is like \fIBIO_s_mem()\fR except that the secure heap is used +for buffer storage. +.PP +Any data written to a memory \s-1BIO\s0 can be recalled by reading from it. +Unless the memory \s-1BIO\s0 is read only any data read from it is deleted from +the \s-1BIO\s0. +.PP +Memory BIOs support \fIBIO_gets()\fR and \fIBIO_puts()\fR. +.PP +If the \s-1BIO_CLOSE\s0 flag is set when a memory \s-1BIO\s0 is freed then the underlying +\&\s-1BUF_MEM\s0 structure is also freed. +.PP +Calling \fIBIO_reset()\fR on a read write memory \s-1BIO\s0 clears any data in it if the +flag \s-1BIO_FLAGS_NONCLEAR_RST\s0 is not set, otherwise it just restores the read +pointer to the state it was just after the last write was performed and the +data can be read again. On a read only \s-1BIO\s0 it similarly restores the \s-1BIO\s0 to +its original state and the read only data can be read again. +.PP +\&\fIBIO_eof()\fR is true if no data is in the \s-1BIO\s0. +.PP +\&\fIBIO_ctrl_pending()\fR returns the number of bytes currently stored. +.PP +\&\fIBIO_set_mem_eof_return()\fR sets the behaviour of memory \s-1BIO\s0 \fBb\fR when it is +empty. If the \fBv\fR is zero then an empty memory \s-1BIO\s0 will return \s-1EOF\s0 (that is +it will return zero and BIO_should_retry(b) will be false. If \fBv\fR is non +zero then it will return \fBv\fR when it is empty and it will set the read retry +flag (that is BIO_read_retry(b) is true). To avoid ambiguity with a normal +positive return value \fBv\fR should be set to a negative value, typically \-1. +.PP +\&\fIBIO_get_mem_data()\fR sets *\fBpp\fR to a pointer to the start of the memory BIOs data +and returns the total amount of data available. It is implemented as a macro. +.PP +\&\fIBIO_set_mem_buf()\fR sets the internal \s-1BUF_MEM\s0 structure to \fBbm\fR and sets the +close flag to \fBc\fR, that is \fBc\fR should be either \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE\s0. +It is a macro. +.PP +\&\fIBIO_get_mem_ptr()\fR places the underlying \s-1BUF_MEM\s0 structure in *\fBpp\fR. It is +a macro. +.PP +\&\fIBIO_new_mem_buf()\fR creates a memory \s-1BIO\s0 using \fBlen\fR bytes of data at \fBbuf\fR, +if \fBlen\fR is \-1 then the \fBbuf\fR is assumed to be nul terminated and its +length is determined by \fBstrlen\fR. The \s-1BIO\s0 is set to a read only state and +as a result cannot be written to. This is useful when some data needs to be +made available from a static area of memory in the form of a \s-1BIO\s0. The +supplied data is read directly from the supplied buffer: it is \fBnot\fR copied +first, so the supplied area of memory must be unchanged until the \s-1BIO\s0 is freed. +.SH "NOTES" +.IX Header "NOTES" +Writes to memory BIOs will always succeed if memory is available: that is +their size can grow indefinitely. +.PP +Every write after partial read (not all data in the memory buffer was read) +to a read write memory \s-1BIO\s0 will have to move the unread data with an internal +copy operation, if a \s-1BIO\s0 contains a lot of data and it is read in small +chunks intertwined with writes the operation can be very slow. Adding +a buffering \s-1BIO\s0 to the chain can speed up the process. +.PP +Calling \fIBIO_set_mem_buf()\fR on a \s-1BIO\s0 created with \fIBIO_new_secmem()\fR will +give undefined results, including perhaps a program crash. +.PP +Switching the memory \s-1BIO\s0 from read write to read only is not supported and +can give undefined results including a program crash. There are two notable +exceptions to the rule. The first one is to assign a static memory buffer +immediately after \s-1BIO\s0 creation and set the \s-1BIO\s0 as read only. +.PP +The other supported sequence is to start with read write \s-1BIO\s0 then temporarily +switch it to read only and call \fIBIO_reset()\fR on the read only \s-1BIO\s0 immediately +before switching it back to read write. Before the \s-1BIO\s0 is freed it must be +switched back to the read write mode. +.PP +Calling \fIBIO_get_mem_ptr()\fR on read only \s-1BIO\s0 will return a \s-1BUF_MEM\s0 that +contains only the remaining data to be read. If the close status of the +\&\s-1BIO\s0 is set to \s-1BIO_NOCLOSE\s0, before freeing the \s-1BUF_MEM\s0 the data pointer +in it must be set to \s-1NULL\s0 as the data pointer does not point to an +allocated memory. +.PP +Calling \fIBIO_reset()\fR on a read write memory \s-1BIO\s0 with \s-1BIO_FLAGS_NONCLEAR_RST\s0 +flag set can have unexpected outcome when the reads and writes to the +\&\s-1BIO\s0 are intertwined. As documented above the \s-1BIO\s0 will be reset to the +state after the last completed write operation. The effects of reads +preceding that write operation cannot be undone. +.PP +Calling \fIBIO_get_mem_ptr()\fR prior to a \fIBIO_reset()\fR call with +\&\s-1BIO_FLAGS_NONCLEAR_RST\s0 set has the same effect as a write operation. +.SH "BUGS" +.IX Header "BUGS" +There should be an option to set the maximum size of a memory \s-1BIO\s0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_s_mem()\fR and \fIBIO_s_secmem()\fR return a valid memory \fB\s-1BIO_METHOD\s0\fR structure. +.PP +\&\fIBIO_set_mem_eof_return()\fR, \fIBIO_set_mem_buf()\fR and \fIBIO_get_mem_ptr()\fR +return 1 on success or a value which is less than or equal to 0 if an error occurred. +.PP +\&\fIBIO_get_mem_data()\fR returns the total number of bytes available on success, +0 if b is \s-1NULL\s0, or a negative value in case of other errors. +.PP +\&\fIBIO_new_mem_buf()\fR returns a valid \fB\s-1BIO\s0\fR structure on success or \s-1NULL\s0 on error. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Create a memory \s-1BIO\s0 and write some data to it: +.PP +.Vb 1 +\& BIO *mem = BIO_new(BIO_s_mem()); +\& +\& BIO_puts(mem, "Hello World\en"); +.Ve +.PP +Create a read only memory \s-1BIO:\s0 +.PP +.Vb 2 +\& char data[] = "Hello World"; +\& BIO *mem = BIO_new_mem_buf(data, \-1); +.Ve +.PP +Extract the \s-1BUF_MEM\s0 structure from a memory \s-1BIO\s0 and then free up the \s-1BIO:\s0 +.PP +.Vb 1 +\& BUF_MEM *bptr; +\& +\& BIO_get_mem_ptr(mem, &bptr); +\& BIO_set_close(mem, BIO_NOCLOSE); /* So BIO_free() leaves BUF_MEM alone */ +\& BIO_free(mem); +.Ve +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/BIO_s_null.3 b/linux_amd64/share/man/man3/BIO_s_null.3 new file mode 100755 index 0000000..f92a489 --- /dev/null +++ b/linux_amd64/share/man/man3/BIO_s_null.3 @@ -0,0 +1,167 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_S_NULL 3" +.TH BIO_S_NULL 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_s_null \- null data sink +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const BIO_METHOD *BIO_s_null(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBIO_s_null()\fR returns the null sink \s-1BIO\s0 method. Data written to +the null sink is discarded, reads return \s-1EOF\s0. +.SH "NOTES" +.IX Header "NOTES" +A null sink \s-1BIO\s0 behaves in a similar manner to the Unix /dev/null +device. +.PP +A null bio can be placed on the end of a chain to discard any data +passed through it. +.PP +A null sink is useful if, for example, an application wishes to digest some +data by writing through a digest bio but not send the digested data anywhere. +Since a \s-1BIO\s0 chain must normally include a source/sink \s-1BIO\s0 this can be achieved +by adding a null sink \s-1BIO\s0 to the end of the chain +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_s_null()\fR returns the null sink \s-1BIO\s0 method. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/BIO_s_socket.3 b/linux_amd64/share/man/man3/BIO_s_socket.3 new file mode 100755 index 0000000..3a34ae5 --- /dev/null +++ b/linux_amd64/share/man/man3/BIO_s_socket.3 @@ -0,0 +1,177 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_S_SOCKET 3" +.TH BIO_S_SOCKET 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_s_socket, BIO_new_socket \- socket BIO +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const BIO_METHOD *BIO_s_socket(void); +\& +\& BIO *BIO_new_socket(int sock, int close_flag); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBIO_s_socket()\fR returns the socket \s-1BIO\s0 method. This is a wrapper +round the platform's socket routines. +.PP +\&\fIBIO_read_ex()\fR and \fIBIO_write_ex()\fR read or write the underlying socket. +\&\fIBIO_puts()\fR is supported but \fIBIO_gets()\fR is not. +.PP +If the close flag is set then the socket is shut down and closed +when the \s-1BIO\s0 is freed. +.PP +\&\fIBIO_new_socket()\fR returns a socket \s-1BIO\s0 using \fBsock\fR and \fBclose_flag\fR. +.SH "NOTES" +.IX Header "NOTES" +Socket BIOs also support any relevant functionality of file descriptor +BIOs. +.PP +The reason for having separate file descriptor and socket BIOs is that on some +platforms sockets are not file descriptors and use distinct I/O routines, +Windows is one such platform. Any code mixing the two will not work on +all platforms. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_s_socket()\fR returns the socket \s-1BIO\s0 method. +.PP +\&\fIBIO_new_socket()\fR returns the newly allocated \s-1BIO\s0 or \s-1NULL\s0 is an error +occurred. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/BIO_set_callback.3 b/linux_amd64/share/man/man3/BIO_set_callback.3 new file mode 100755 index 0000000..35eccd6 --- /dev/null +++ b/linux_amd64/share/man/man3/BIO_set_callback.3 @@ -0,0 +1,386 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_SET_CALLBACK 3" +.TH BIO_SET_CALLBACK 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_set_callback_ex, BIO_get_callback_ex, BIO_set_callback, BIO_get_callback, +BIO_set_callback_arg, BIO_get_callback_arg, BIO_debug_callback, +BIO_callback_fn_ex, BIO_callback_fn +\&\- BIO callback functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef long (*BIO_callback_fn_ex)(BIO *b, int oper, const char *argp, +\& size_t len, int argi, +\& long argl, int ret, size_t *processed); +\& typedef long (*BIO_callback_fn)(BIO *b, int oper, const char *argp, int argi, +\& long argl, long ret); +\& +\& void BIO_set_callback_ex(BIO *b, BIO_callback_fn_ex callback); +\& BIO_callback_fn_ex BIO_get_callback_ex(const BIO *b); +\& +\& void BIO_set_callback(BIO *b, BIO_callback_fn cb); +\& BIO_callback_fn BIO_get_callback(BIO *b); +\& void BIO_set_callback_arg(BIO *b, char *arg); +\& char *BIO_get_callback_arg(const BIO *b); +\& +\& long BIO_debug_callback(BIO *bio, int cmd, const char *argp, int argi, +\& long argl, long ret); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBIO_set_callback_ex()\fR and \fIBIO_get_callback_ex()\fR set and retrieve the \s-1BIO\s0 +callback. The callback is called during most high level \s-1BIO\s0 operations. It can +be used for debugging purposes to trace operations on a \s-1BIO\s0 or to modify its +operation. +.PP +\&\fIBIO_set_callback()\fR and \fIBIO_get_callback()\fR set and retrieve the old format \s-1BIO\s0 +callback. New code should not use these functions, but they are retained for +backwards compatibility. Any callback set via \fIBIO_set_callback_ex()\fR will get +called in preference to any set by \fIBIO_set_callback()\fR. +.PP +\&\fIBIO_set_callback_arg()\fR and \fIBIO_get_callback_arg()\fR are macros which can be +used to set and retrieve an argument for use in the callback. +.PP +\&\fIBIO_debug_callback()\fR is a standard debugging callback which prints +out information relating to each \s-1BIO\s0 operation. If the callback +argument is set it is interpreted as a \s-1BIO\s0 to send the information +to, otherwise stderr is used. +.PP +BIO_callback_fn_ex is the type of the callback function and BIO_callback_fn +is the type of the old format callback function. The meaning of each argument +is described below: +.IP "\fBb\fR" 4 +.IX Item "b" +The \s-1BIO\s0 the callback is attached to is passed in \fBb\fR. +.IP "\fBoper\fR" 4 +.IX Item "oper" +\&\fBoper\fR is set to the operation being performed. For some operations +the callback is called twice, once before and once after the actual +operation, the latter case has \fBoper\fR or'ed with \s-1BIO_CB_RETURN\s0. +.IP "\fBlen\fR" 4 +.IX Item "len" +The length of the data requested to be read or written. This is only useful if +\&\fBoper\fR is \s-1BIO_CB_READ\s0, \s-1BIO_CB_WRITE\s0 or \s-1BIO_CB_GETS\s0. +.IP "\fBargp\fR \fBargi\fR \fBargl\fR" 4 +.IX Item "argp argi argl" +The meaning of the arguments \fBargp\fR, \fBargi\fR and \fBargl\fR depends on +the value of \fBoper\fR, that is the operation being performed. +.IP "\fBprocessed\fR" 4 +.IX Item "processed" +\&\fBprocessed\fR is a pointer to a location which will be updated with the amount of +data that was actually read or written. Only used for \s-1BIO_CB_READ\s0, \s-1BIO_CB_WRITE\s0, +\&\s-1BIO_CB_GETS\s0 and \s-1BIO_CB_PUTS\s0. +.IP "\fBret\fR" 4 +.IX Item "ret" +\&\fBret\fR is the return value that would be returned to the +application if no callback were present. The actual value returned +is the return value of the callback itself. In the case of callbacks +called before the actual \s-1BIO\s0 operation 1 is placed in \fBret\fR, if +the return value is not positive it will be immediately returned to +the application and the \s-1BIO\s0 operation will not be performed. +.PP +The callback should normally simply return \fBret\fR when it has +finished processing, unless it specifically wishes to modify the +value returned to the application. +.SH "CALLBACK OPERATIONS" +.IX Header "CALLBACK OPERATIONS" +In the notes below, \fBcallback\fR defers to the actual callback +function that is called. +.IP "\fBBIO_free(b)\fR" 4 +.IX Item "BIO_free(b)" +.Vb 1 +\& callback_ex(b, BIO_CB_FREE, NULL, 0, 0, 0L, 1L, NULL) +.Ve +.Sp +or +.Sp +.Vb 1 +\& callback(b, BIO_CB_FREE, NULL, 0L, 0L, 1L) +.Ve +.Sp +is called before the free operation. +.IP "\fBBIO_read_ex(b, data, dlen, readbytes)\fR" 4 +.IX Item "BIO_read_ex(b, data, dlen, readbytes)" +.Vb 1 +\& callback_ex(b, BIO_CB_READ, data, dlen, 0, 0L, 1L, NULL) +.Ve +.Sp +or +.Sp +.Vb 1 +\& callback(b, BIO_CB_READ, data, dlen, 0L, 1L) +.Ve +.Sp +is called before the read and +.Sp +.Vb 2 +\& callback_ex(b, BIO_CB_READ | BIO_CB_RETURN, data, dlen, 0, 0L, retvalue, +\& &readbytes) +.Ve +.Sp +or +.Sp +.Vb 1 +\& callback(b, BIO_CB_READ|BIO_CB_RETURN, data, dlen, 0L, retvalue) +.Ve +.Sp +after. +.IP "\fBBIO_write(b, data, dlen, written)\fR" 4 +.IX Item "BIO_write(b, data, dlen, written)" +.Vb 1 +\& callback_ex(b, BIO_CB_WRITE, data, dlen, 0, 0L, 1L, NULL) +.Ve +.Sp +or +.Sp +.Vb 1 +\& callback(b, BIO_CB_WRITE, datat, dlen, 0L, 1L) +.Ve +.Sp +is called before the write and +.Sp +.Vb 2 +\& callback_ex(b, BIO_CB_WRITE | BIO_CB_RETURN, data, dlen, 0, 0L, retvalue, +\& &written) +.Ve +.Sp +or +.Sp +.Vb 1 +\& callback(b, BIO_CB_WRITE|BIO_CB_RETURN, data, dlen, 0L, retvalue) +.Ve +.Sp +after. +.IP "\fBBIO_gets(b, buf, size)\fR" 4 +.IX Item "BIO_gets(b, buf, size)" +.Vb 1 +\& callback_ex(b, BIO_CB_GETS, buf, size, 0, 0L, 1, NULL, NULL) +.Ve +.Sp +or +.Sp +.Vb 1 +\& callback(b, BIO_CB_GETS, buf, size, 0L, 1L) +.Ve +.Sp +is called before the operation and +.Sp +.Vb 2 +\& callback_ex(b, BIO_CB_GETS | BIO_CB_RETURN, buf, size, 0, 0L, retvalue, +\& &readbytes) +.Ve +.Sp +or +.Sp +.Vb 1 +\& callback(b, BIO_CB_GETS|BIO_CB_RETURN, buf, size, 0L, retvalue) +.Ve +.Sp +after. +.IP "\fBBIO_puts(b, buf)\fR" 4 +.IX Item "BIO_puts(b, buf)" +.Vb 1 +\& callback_ex(b, BIO_CB_PUTS, buf, 0, 0, 0L, 1L, NULL); +.Ve +.Sp +or +.Sp +.Vb 1 +\& callback(b, BIO_CB_PUTS, buf, 0, 0L, 1L) +.Ve +.Sp +is called before the operation and +.Sp +.Vb 1 +\& callback_ex(b, BIO_CB_PUTS | BIO_CB_RETURN, buf, 0, 0, 0L, retvalue, &written) +.Ve +.Sp +or +.Sp +.Vb 1 +\& callback(b, BIO_CB_PUTS|BIO_CB_RETURN, buf, 0, 0L, retvalue) +.Ve +.Sp +after. +.IP "\fBBIO_ctrl(\s-1BIO\s0 *b, int cmd, long larg, void *parg)\fR" 4 +.IX Item "BIO_ctrl(BIO *b, int cmd, long larg, void *parg)" +.Vb 1 +\& callback_ex(b, BIO_CB_CTRL, parg, 0, cmd, larg, 1L, NULL) +.Ve +.Sp +or +.Sp +.Vb 1 +\& callback(b, BIO_CB_CTRL, parg, cmd, larg, 1L) +.Ve +.Sp +is called before the call and +.Sp +.Vb 1 +\& callback_ex(b, BIO_CB_CTRL | BIO_CB_RETURN, parg, 0, cmd, larg, ret, NULL) +.Ve +.Sp +or +.Sp +.Vb 1 +\& callback(b, BIO_CB_CTRL|BIO_CB_RETURN, parg, cmd, larg, ret) +.Ve +.Sp +after. +.Sp +Note: \fBcmd\fR == \fB\s-1BIO_CTRL_SET_CALLBACK\s0\fR is special, because \fBparg\fR is not the +argument of type \fBBIO_info_cb\fR itself. In this case \fBparg\fR is a pointer to +the actual call parameter, see \fBBIO_callback_ctrl\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_get_callback_ex()\fR and \fIBIO_get_callback()\fR return the callback function +previously set by a call to \fIBIO_set_callback_ex()\fR and \fIBIO_set_callback()\fR +respectively. +.PP +\&\fIBIO_get_callback_arg()\fR returns a \fBchar\fR pointer to the value previously set +via a call to \fIBIO_set_callback_arg()\fR. +.PP +\&\fIBIO_debug_callback()\fR returns 1 or \fBret\fR if it's called after specific \s-1BIO\s0 +operations. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The \fIBIO_debug_callback()\fR function is a good example, its source is +in crypto/bio/bio_cb.c +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/BIO_should_retry.3 b/linux_amd64/share/man/man3/BIO_should_retry.3 new file mode 100755 index 0000000..4dc6d12 --- /dev/null +++ b/linux_amd64/share/man/man3/BIO_should_retry.3 @@ -0,0 +1,267 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_SHOULD_RETRY 3" +.TH BIO_SHOULD_RETRY 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_should_read, BIO_should_write, +BIO_should_io_special, BIO_retry_type, BIO_should_retry, +BIO_get_retry_BIO, BIO_get_retry_reason, BIO_set_retry_reason \- BIO retry +functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BIO_should_read(BIO *b); +\& int BIO_should_write(BIO *b); +\& int BIO_should_io_special(iBIO *b); +\& int BIO_retry_type(BIO *b); +\& int BIO_should_retry(BIO *b); +\& +\& BIO *BIO_get_retry_BIO(BIO *bio, int *reason); +\& int BIO_get_retry_reason(BIO *bio); +\& void BIO_set_retry_reason(BIO *bio, int reason); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions determine why a \s-1BIO\s0 is not able to read or write data. +They will typically be called after a failed \fIBIO_read_ex()\fR or \fIBIO_write_ex()\fR +call. +.PP +\&\fIBIO_should_retry()\fR is true if the call that produced this condition +should then be retried at a later time. +.PP +If \fIBIO_should_retry()\fR is false then the cause is an error condition. +.PP +\&\fIBIO_should_read()\fR is true if the cause of the condition is that the \s-1BIO\s0 +has insufficient data to return. Check for readability and/or retry the +last operation. +.PP +\&\fIBIO_should_write()\fR is true if the cause of the condition is that the \s-1BIO\s0 +has pending data to write. Check for writability and/or retry the +last operation. +.PP +\&\fIBIO_should_io_special()\fR is true if some \*(L"special\*(R" condition, that is a +reason other than reading or writing is the cause of the condition. +.PP +\&\fIBIO_retry_type()\fR returns a mask of the cause of a retry condition +consisting of the values \fB\s-1BIO_FLAGS_READ\s0\fR, \fB\s-1BIO_FLAGS_WRITE\s0\fR, +\&\fB\s-1BIO_FLAGS_IO_SPECIAL\s0\fR though current \s-1BIO\s0 types will only set one of +these. +.PP +\&\fIBIO_get_retry_BIO()\fR determines the precise reason for the special +condition, it returns the \s-1BIO\s0 that caused this condition and if +\&\fBreason\fR is not \s-1NULL\s0 it contains the reason code. The meaning of +the reason code and the action that should be taken depends on +the type of \s-1BIO\s0 that resulted in this condition. +.PP +\&\fIBIO_get_retry_reason()\fR returns the reason for a special condition if +passed the relevant \s-1BIO\s0, for example as returned by \fIBIO_get_retry_BIO()\fR. +.PP +\&\fIBIO_set_retry_reason()\fR sets the retry reason for a special condition for a given +\&\s-1BIO\s0. This would usually only be called by \s-1BIO\s0 implementations. +.SH "NOTES" +.IX Header "NOTES" +\&\fIBIO_should_read()\fR, \fIBIO_should_write()\fR, \fIBIO_should_io_special()\fR, +\&\fIBIO_retry_type()\fR, and \fIBIO_should_retry()\fR, are implemented as macros. +.PP +If \fIBIO_should_retry()\fR returns false then the precise \*(L"error condition\*(R" +depends on the \s-1BIO\s0 type that caused it and the return code of the \s-1BIO\s0 +operation. For example if a call to \fIBIO_read_ex()\fR on a socket \s-1BIO\s0 returns +0 and \fIBIO_should_retry()\fR is false then the cause will be that the +connection closed. A similar condition on a file \s-1BIO\s0 will mean that it +has reached \s-1EOF\s0. Some \s-1BIO\s0 types may place additional information on +the error queue. For more details see the individual \s-1BIO\s0 type manual +pages. +.PP +If the underlying I/O structure is in a blocking mode almost all current +\&\s-1BIO\s0 types will not request a retry, because the underlying I/O +calls will not. If the application knows that the \s-1BIO\s0 type will never +signal a retry then it need not call \fIBIO_should_retry()\fR after a failed +\&\s-1BIO\s0 I/O call. This is typically done with file BIOs. +.PP +\&\s-1SSL\s0 BIOs are the only current exception to this rule: they can request a +retry even if the underlying I/O structure is blocking, if a handshake +occurs during a call to \fIBIO_read()\fR. An application can retry the failed +call immediately or avoid this situation by setting \s-1SSL_MODE_AUTO_RETRY\s0 +on the underlying \s-1SSL\s0 structure. +.PP +While an application may retry a failed non blocking call immediately +this is likely to be very inefficient because the call will fail +repeatedly until data can be processed or is available. An application +will normally wait until the necessary condition is satisfied. How +this is done depends on the underlying I/O structure. +.PP +For example if the cause is ultimately a socket and \fIBIO_should_read()\fR +is true then a call to \fIselect()\fR may be made to wait until data is +available and then retry the \s-1BIO\s0 operation. By combining the retry +conditions of several non blocking BIOs in a single \fIselect()\fR call +it is possible to service several BIOs in a single thread, though +the performance may be poor if \s-1SSL\s0 BIOs are present because long delays +can occur during the initial handshake process. +.PP +It is possible for a \s-1BIO\s0 to block indefinitely if the underlying I/O +structure cannot process or return any data. This depends on the behaviour of +the platforms I/O functions. This is often not desirable: one solution +is to use non blocking I/O and use a timeout on the \fIselect()\fR (or +equivalent) call. +.SH "BUGS" +.IX Header "BUGS" +The OpenSSL \s-1ASN1\s0 functions cannot gracefully deal with non blocking I/O: +that is they cannot retry after a partial read or write. This is usually +worked around by only passing the relevant data to \s-1ASN1\s0 functions when +the entire structure can be read or written. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_should_read()\fR, \fIBIO_should_write()\fR, \fIBIO_should_io_special()\fR, and +\&\fIBIO_should_retry()\fR return either 1 or 0 based on the actual conditions +of the \fB\s-1BIO\s0\fR. +.PP +\&\fIBIO_retry_type()\fR returns a flag combination presenting the cause of a retry +condition or false if there is no retry condition. +.PP +\&\fIBIO_get_retry_BIO()\fR returns a valid \fB\s-1BIO\s0\fR structure. +.PP +\&\fIBIO_get_retry_reason()\fR returns the reason for a special condition. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIbio\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \fIBIO_get_retry_reason()\fR and \fIBIO_set_retry_reason()\fR functions were added in +OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/BIO_socket_wait.3 b/linux_amd64/share/man/man3/BIO_socket_wait.3 new file mode 100755 index 0000000..163fe27 --- /dev/null +++ b/linux_amd64/share/man/man3/BIO_socket_wait.3 @@ -0,0 +1,181 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_SOCKET_WAIT 3" +.TH BIO_SOCKET_WAIT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_socket_wait, +BIO_wait, +BIO_connect_retry +\&\- BIO socket utility functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& #ifndef OPENSSL_NO_SOCK +\& int BIO_socket_wait(int fd, int for_read, time_t max_time); +\& #endif +\& int BIO_wait(BIO *bio, time_t max_time, unsigned int milliseconds); +\& int BIO_connect_retry(BIO *bio, long timeout); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBIO_socket_wait()\fR waits on the socket \fBfd\fR for reading if \fBfor_read\fR is not 0, +else for writing, at most until \fBmax_time\fR. +It succeeds immediately if \fBmax_time\fR == 0 (which means no timeout given). +.PP +\&\fIBIO_wait()\fR waits at most until \fBmax_time\fR on the given \fBbio\fR, +which is typically socket-based, +for reading if \fBbio\fR is supposed to read, else for writing. +It succeeds immediately if \fBmax_time\fR == 0 (which means no timeout given). +If sockets are not available it succeeds after waiting at most given +\&\fBmilliseconds\fR in order to help avoiding a tight busy loop at the caller. +.PP +\&\fIBIO_connect_retry()\fR connects via the given \fBbio\fR, retrying \fIBIO_do_connect()\fR +until success or a timeout or error condition is reached. +If the \fBtimeout\fR parameter is > 0 this indicates the maximum number of seconds +to wait until the connection is established. A value of 0 enables waiting +indefinitely, while a value < 0 immediately leads to a timeout condition. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_socket_wait()\fR, \fIBIO_wait()\fR, and \fIBIO_connect_retry()\fR +return \-1 on error, 0 on timeout, and 1 on success. +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIBIO_socket_wait()\fR, \fIBIO_wait()\fR, and \fIBIO_connect_retry()\fR +were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/BN_BLINDING_new.3 b/linux_amd64/share/man/man3/BN_BLINDING_new.3 new file mode 100755 index 0000000..80339fd --- /dev/null +++ b/linux_amd64/share/man/man3/BN_BLINDING_new.3 @@ -0,0 +1,249 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_BLINDING_NEW 3" +.TH BN_BLINDING_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_BLINDING_new, BN_BLINDING_free, BN_BLINDING_update, BN_BLINDING_convert, +BN_BLINDING_invert, BN_BLINDING_convert_ex, BN_BLINDING_invert_ex, +BN_BLINDING_is_current_thread, BN_BLINDING_set_current_thread, +BN_BLINDING_lock, BN_BLINDING_unlock, BN_BLINDING_get_flags, +BN_BLINDING_set_flags, BN_BLINDING_create_param \- blinding related BIGNUM functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, +\& BIGNUM *mod); +\& void BN_BLINDING_free(BN_BLINDING *b); +\& int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx); +\& int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); +\& int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); +\& int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, +\& BN_CTX *ctx); +\& int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, +\& BN_CTX *ctx); +\& int BN_BLINDING_is_current_thread(BN_BLINDING *b); +\& void BN_BLINDING_set_current_thread(BN_BLINDING *b); +\& int BN_BLINDING_lock(BN_BLINDING *b); +\& int BN_BLINDING_unlock(BN_BLINDING *b); +\& unsigned long BN_BLINDING_get_flags(const BN_BLINDING *); +\& void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long); +\& BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, +\& const BIGNUM *e, BIGNUM *m, BN_CTX *ctx, +\& int (*bn_mod_exp)(BIGNUM *r, +\& const BIGNUM *a, +\& const BIGNUM *p, +\& const BIGNUM *m, +\& BN_CTX *ctx, +\& BN_MONT_CTX *m_ctx), +\& BN_MONT_CTX *m_ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBN_BLINDING_new()\fR allocates a new \fB\s-1BN_BLINDING\s0\fR structure and copies +the \fBA\fR and \fBAi\fR values into the newly created \fB\s-1BN_BLINDING\s0\fR object. +.PP +\&\fIBN_BLINDING_free()\fR frees the \fB\s-1BN_BLINDING\s0\fR structure. +If \fBb\fR is \s-1NULL\s0, nothing is done. +.PP +\&\fIBN_BLINDING_update()\fR updates the \fB\s-1BN_BLINDING\s0\fR parameters by squaring +the \fBA\fR and \fBAi\fR or, after specific number of uses and if the +necessary parameters are set, by re-creating the blinding parameters. +.PP +\&\fIBN_BLINDING_convert_ex()\fR multiplies \fBn\fR with the blinding factor \fBA\fR. +If \fBr\fR is not \s-1NULL\s0 a copy the inverse blinding factor \fBAi\fR will be +returned in \fBr\fR (this is useful if a \fB\s-1RSA\s0\fR object is shared among +several threads). \fIBN_BLINDING_invert_ex()\fR multiplies \fBn\fR with the +inverse blinding factor \fBAi\fR. If \fBr\fR is not \s-1NULL\s0 it will be used as +the inverse blinding. +.PP +\&\fIBN_BLINDING_convert()\fR and \fIBN_BLINDING_invert()\fR are wrapper +functions for \fIBN_BLINDING_convert_ex()\fR and \fIBN_BLINDING_invert_ex()\fR +with \fBr\fR set to \s-1NULL\s0. +.PP +\&\fIBN_BLINDING_is_current_thread()\fR returns whether the \fB\s-1BN_BLINDING\s0\fR +structure is owned by the current thread. This is to help users +provide proper locking if needed for multi-threaded use. +.PP +\&\fIBN_BLINDING_set_current_thread()\fR sets the current thread as the +owner of the \fB\s-1BN_BLINDING\s0\fR structure. +.PP +\&\fIBN_BLINDING_lock()\fR locks the \fB\s-1BN_BLINDING\s0\fR structure. +.PP +\&\fIBN_BLINDING_unlock()\fR unlocks the \fB\s-1BN_BLINDING\s0\fR structure. +.PP +\&\fIBN_BLINDING_get_flags()\fR returns the \s-1BN_BLINDING\s0 flags. Currently +there are two supported flags: \fB\s-1BN_BLINDING_NO_UPDATE\s0\fR and +\&\fB\s-1BN_BLINDING_NO_RECREATE\s0\fR. \fB\s-1BN_BLINDING_NO_UPDATE\s0\fR inhibits the +automatic update of the \fB\s-1BN_BLINDING\s0\fR parameters after each use +and \fB\s-1BN_BLINDING_NO_RECREATE\s0\fR inhibits the automatic re-creation +of the \fB\s-1BN_BLINDING\s0\fR parameters after a fixed number of uses (currently +32). In newly allocated \fB\s-1BN_BLINDING\s0\fR objects no flags are set. +\&\fIBN_BLINDING_set_flags()\fR sets the \fB\s-1BN_BLINDING\s0\fR parameters flags. +.PP +\&\fIBN_BLINDING_create_param()\fR creates new \fB\s-1BN_BLINDING\s0\fR parameters +using the exponent \fBe\fR and the modulus \fBm\fR. \fBbn_mod_exp\fR and +\&\fBm_ctx\fR can be used to pass special functions for exponentiation +(normally \fIBN_mod_exp_mont()\fR and \fB\s-1BN_MONT_CTX\s0\fR). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBN_BLINDING_new()\fR returns the newly allocated \fB\s-1BN_BLINDING\s0\fR structure +or \s-1NULL\s0 in case of an error. +.PP +\&\fIBN_BLINDING_update()\fR, \fIBN_BLINDING_convert()\fR, \fIBN_BLINDING_invert()\fR, +\&\fIBN_BLINDING_convert_ex()\fR and \fIBN_BLINDING_invert_ex()\fR return 1 on +success and 0 if an error occurred. +.PP +\&\fIBN_BLINDING_is_current_thread()\fR returns 1 if the current thread owns +the \fB\s-1BN_BLINDING\s0\fR object, 0 otherwise. +.PP +\&\fIBN_BLINDING_set_current_thread()\fR doesn't return anything. +.PP +\&\fIBN_BLINDING_lock()\fR, \fIBN_BLINDING_unlock()\fR return 1 if the operation +succeeded or 0 on error. +.PP +\&\fIBN_BLINDING_get_flags()\fR returns the currently set \fB\s-1BN_BLINDING\s0\fR flags +(a \fBunsigned long\fR value). +.PP +\&\fIBN_BLINDING_create_param()\fR returns the newly created \fB\s-1BN_BLINDING\s0\fR +parameters or \s-1NULL\s0 on error. +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIBN_BLINDING_thread_id()\fR was first introduced in OpenSSL 1.0.0, and it +deprecates \fIBN_BLINDING_set_thread_id()\fR and \fIBN_BLINDING_get_thread_id()\fR. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2005\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/BN_CTX_new.3 b/linux_amd64/share/man/man3/BN_CTX_new.3 new file mode 100755 index 0000000..fd9089f --- /dev/null +++ b/linux_amd64/share/man/man3/BN_CTX_new.3 @@ -0,0 +1,214 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_CTX_NEW 3" +.TH BN_CTX_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_CTX_new_ex, BN_CTX_new, BN_CTX_secure_new_ex, BN_CTX_secure_new, BN_CTX_free +\&\- allocate and free BN_CTX structures +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& BN_CTX *BN_CTX_new_ex(OPENSSL_CTX *ctx); +\& BN_CTX *BN_CTX_new(void); +\& +\& BN_CTX *BN_CTX_secure_new_ex(OPENSSL_CTX *ctx); +\& BN_CTX *BN_CTX_secure_new(void); +\& +\& void BN_CTX_free(BN_CTX *c); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A \fB\s-1BN_CTX\s0\fR is a structure that holds \fB\s-1BIGNUM\s0\fR temporary variables used by +library functions. Since dynamic memory allocation to create \fB\s-1BIGNUM\s0\fRs +is rather expensive when used in conjunction with repeated subroutine +calls, the \fB\s-1BN_CTX\s0\fR structure is used. +.PP +\&\fIBN_CTX_new_ex()\fR allocates and initializes a \fB\s-1BN_CTX\s0\fR structure for the given +library context \fBctx\fR. The value may be \s-1NULL\s0 in which case the default +library context will be used. \fIBN_CTX_new()\fR is the same as \fIBN_CTX_new_ex()\fR except +that the default library context is always used. +.PP +\&\fIBN_CTX_secure_new_ex()\fR allocates and initializes a \fB\s-1BN_CTX\s0\fR structure +but uses the secure heap (see \fICRYPTO_secure_malloc\fR\|(3)) to hold the +\&\fB\s-1BIGNUM\s0\fRs for the given library context \fBctx\fR. The value may be \s-1NULL\s0 in +which case the default library context will be used. \fIBN_CTX_secure_new()\fR is the +same as \fIBN_CTX_secure_new_ex()\fR except that the default library context is always +used. +.PP +\&\fIBN_CTX_free()\fR frees the components of the \fB\s-1BN_CTX\s0\fR and the structure itself. +Since \fIBN_CTX_start()\fR is required in order to obtain \fB\s-1BIGNUM\s0\fRs from the +\&\fB\s-1BN_CTX\s0\fR, in most cases \fIBN_CTX_end()\fR must be called before the \fB\s-1BN_CTX\s0\fR may +be freed by \fIBN_CTX_free()\fR. If \fBc\fR is \s-1NULL\s0, nothing is done. +.PP +A given \fB\s-1BN_CTX\s0\fR must only be used by a single thread of execution. No +locking is performed, and the internal pool allocator will not properly handle +multiple threads of execution. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBN_CTX_new()\fR and \fIBN_CTX_secure_new()\fR return a pointer to the \fB\s-1BN_CTX\s0\fR. +If the allocation fails, +they return \fB\s-1NULL\s0\fR and sets an error code that can be obtained by +\&\fIERR_get_error\fR\|(3). +.PP +\&\fIBN_CTX_free()\fR has no return values. +.SH "REMOVED FUNCTIONALITY" +.IX Header "REMOVED FUNCTIONALITY" +.Vb 1 +\& void BN_CTX_init(BN_CTX *c); +.Ve +.PP +\&\fIBN_CTX_init()\fR is no longer available as of OpenSSL 1.1.0. Applications should +replace use of BN_CTX_init with BN_CTX_new instead: +.PP +.Vb 6 +\& BN_CTX *ctx; +\& ctx = BN_CTX_new(); +\& if (!ctx) +\& /* error */ +\& ... +\& BN_CTX_free(ctx); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fIBN_add\fR\|(3), +\&\fIBN_CTX_start\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIBN_CTX_init()\fR was removed in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/BN_CTX_start.3 b/linux_amd64/share/man/man3/BN_CTX_start.3 new file mode 100755 index 0000000..2ebc28a --- /dev/null +++ b/linux_amd64/share/man/man3/BN_CTX_start.3 @@ -0,0 +1,180 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_CTX_START 3" +.TH BN_CTX_START 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_CTX_start, BN_CTX_get, BN_CTX_end \- use temporary BIGNUM variables +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void BN_CTX_start(BN_CTX *ctx); +\& +\& BIGNUM *BN_CTX_get(BN_CTX *ctx); +\& +\& void BN_CTX_end(BN_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions are used to obtain temporary \fB\s-1BIGNUM\s0\fR variables from +a \fB\s-1BN_CTX\s0\fR (which can been created by using \fIBN_CTX_new\fR\|(3)) +in order to save the overhead of repeatedly creating and +freeing \fB\s-1BIGNUM\s0\fRs in functions that are called from inside a loop. +.PP +A function must call \fIBN_CTX_start()\fR first. Then, \fIBN_CTX_get()\fR may be +called repeatedly to obtain temporary \fB\s-1BIGNUM\s0\fRs. All \fIBN_CTX_get()\fR +calls must be made before calling any other functions that use the +\&\fBctx\fR as an argument. +.PP +Finally, \fIBN_CTX_end()\fR must be called before returning from the function. +If \fBctx\fR is \s-1NULL\s0, nothing is done. +When \fIBN_CTX_end()\fR is called, the \fB\s-1BIGNUM\s0\fR pointers obtained from +\&\fIBN_CTX_get()\fR become invalid. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBN_CTX_start()\fR and \fIBN_CTX_end()\fR return no values. +.PP +\&\fIBN_CTX_get()\fR returns a pointer to the \fB\s-1BIGNUM\s0\fR, or \fB\s-1NULL\s0\fR on error. +Once \fIBN_CTX_get()\fR has failed, the subsequent calls will return \fB\s-1NULL\s0\fR +as well, so it is sufficient to check the return value of the last +\&\fIBN_CTX_get()\fR call. In case of an error, an error code is set, which +can be obtained by \fIERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIBN_CTX_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/BN_add.3 b/linux_amd64/share/man/man3/BN_add.3 new file mode 100755 index 0000000..7214009 --- /dev/null +++ b/linux_amd64/share/man/man3/BN_add.3 @@ -0,0 +1,252 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_ADD 3" +.TH BN_ADD 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_add, BN_sub, BN_mul, BN_sqr, BN_div, BN_mod, BN_nnmod, BN_mod_add, +BN_mod_sub, BN_mod_mul, BN_mod_sqr, BN_exp, BN_mod_exp, BN_gcd \- +arithmetic operations on BIGNUMs +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +\& +\& int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +\& +\& int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); +\& +\& int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx); +\& +\& int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *a, const BIGNUM *d, +\& BN_CTX *ctx); +\& +\& int BN_mod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); +\& +\& int BN_nnmod(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); +\& +\& int BN_mod_add(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m, +\& BN_CTX *ctx); +\& +\& int BN_mod_sub(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m, +\& BN_CTX *ctx); +\& +\& int BN_mod_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m, +\& BN_CTX *ctx); +\& +\& int BN_mod_sqr(BIGNUM *r, BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); +\& +\& int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx); +\& +\& int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, +\& const BIGNUM *m, BN_CTX *ctx); +\& +\& int BN_gcd(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBN_add()\fR adds \fIa\fR and \fIb\fR and places the result in \fIr\fR (\f(CW\*(C`r=a+b\*(C'\fR). +\&\fIr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or \fIb\fR. +.PP +\&\fIBN_sub()\fR subtracts \fIb\fR from \fIa\fR and places the result in \fIr\fR (\f(CW\*(C`r=a\-b\*(C'\fR). +\&\fIr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or \fIb\fR. +.PP +\&\fIBN_mul()\fR multiplies \fIa\fR and \fIb\fR and places the result in \fIr\fR (\f(CW\*(C`r=a*b\*(C'\fR). +\&\fIr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or \fIb\fR. +For multiplication by powers of 2, use \fIBN_lshift\fR\|(3). +.PP +\&\fIBN_sqr()\fR takes the square of \fIa\fR and places the result in \fIr\fR +(\f(CW\*(C`r=a^2\*(C'\fR). \fIr\fR and \fIa\fR may be the same \fB\s-1BIGNUM\s0\fR. +This function is faster than BN_mul(r,a,a). +.PP +\&\fIBN_div()\fR divides \fIa\fR by \fId\fR and places the result in \fIdv\fR and the +remainder in \fIrem\fR (\f(CW\*(C`dv=a/d, rem=a%d\*(C'\fR). Either of \fIdv\fR and \fIrem\fR may +be \fB\s-1NULL\s0\fR, in which case the respective value is not returned. +The result is rounded towards zero; thus if \fIa\fR is negative, the +remainder will be zero or negative. +For division by powers of 2, use \fIBN_rshift\fR\|(3). +.PP +\&\fIBN_mod()\fR corresponds to \fIBN_div()\fR with \fIdv\fR set to \fB\s-1NULL\s0\fR. +.PP +\&\fIBN_nnmod()\fR reduces \fIa\fR modulo \fIm\fR and places the non-negative +remainder in \fIr\fR. +.PP +\&\fIBN_mod_add()\fR adds \fIa\fR to \fIb\fR modulo \fIm\fR and places the non-negative +result in \fIr\fR. +.PP +\&\fIBN_mod_sub()\fR subtracts \fIb\fR from \fIa\fR modulo \fIm\fR and places the +non-negative result in \fIr\fR. +.PP +\&\fIBN_mod_mul()\fR multiplies \fIa\fR by \fIb\fR and finds the non-negative +remainder respective to modulus \fIm\fR (\f(CW\*(C`r=(a*b) mod m\*(C'\fR). \fIr\fR may be +the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or \fIb\fR. For more efficient algorithms for +repeated computations using the same modulus, see +\&\fIBN_mod_mul_montgomery\fR\|(3) and +\&\fIBN_mod_mul_reciprocal\fR\|(3). +.PP +\&\fIBN_mod_sqr()\fR takes the square of \fIa\fR modulo \fBm\fR and places the +result in \fIr\fR. +.PP +\&\fIBN_exp()\fR raises \fIa\fR to the \fIp\fR\-th power and places the result in \fIr\fR +(\f(CW\*(C`r=a^p\*(C'\fR). This function is faster than repeated applications of +\&\fIBN_mul()\fR. +.PP +\&\fIBN_mod_exp()\fR computes \fIa\fR to the \fIp\fR\-th power modulo \fIm\fR (\f(CW\*(C`r=a^p % +m\*(C'\fR). This function uses less time and space than \fIBN_exp()\fR. Do not call this +function when \fBm\fR is even and any of the parameters have the +\&\fB\s-1BN_FLG_CONSTTIME\s0\fR flag set. +.PP +\&\fIBN_gcd()\fR computes the greatest common divisor of \fIa\fR and \fIb\fR and +places the result in \fIr\fR. \fIr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or +\&\fIb\fR. +.PP +For all functions, \fIctx\fR is a previously allocated \fB\s-1BN_CTX\s0\fR used for +temporary variables; see \fIBN_CTX_new\fR\|(3). +.PP +Unless noted otherwise, the result \fB\s-1BIGNUM\s0\fR must be different from +the arguments. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +For all functions, 1 is returned for success, 0 on error. The return +value should always be checked (e.g., \f(CW\*(C`if (!BN_add(r,a,b)) goto err;\*(C'\fR). +The error codes can be obtained by \fIERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fIBN_CTX_new\fR\|(3), +\&\fIBN_add_word\fR\|(3), \fIBN_set_bit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/BN_add_word.3 b/linux_amd64/share/man/man3/BN_add_word.3 new file mode 100755 index 0000000..1309a95 --- /dev/null +++ b/linux_amd64/share/man/man3/BN_add_word.3 @@ -0,0 +1,184 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_ADD_WORD 3" +.TH BN_ADD_WORD 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_add_word, BN_sub_word, BN_mul_word, BN_div_word, BN_mod_word \- arithmetic +functions on BIGNUMs with integers +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BN_add_word(BIGNUM *a, BN_ULONG w); +\& +\& int BN_sub_word(BIGNUM *a, BN_ULONG w); +\& +\& int BN_mul_word(BIGNUM *a, BN_ULONG w); +\& +\& BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w); +\& +\& BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions perform arithmetic operations on BIGNUMs with unsigned +integers. They are much more efficient than the normal \s-1BIGNUM\s0 +arithmetic operations. +.PP +\&\fIBN_add_word()\fR adds \fBw\fR to \fBa\fR (\f(CW\*(C`a+=w\*(C'\fR). +.PP +\&\fIBN_sub_word()\fR subtracts \fBw\fR from \fBa\fR (\f(CW\*(C`a\-=w\*(C'\fR). +.PP +\&\fIBN_mul_word()\fR multiplies \fBa\fR and \fBw\fR (\f(CW\*(C`a*=w\*(C'\fR). +.PP +\&\fIBN_div_word()\fR divides \fBa\fR by \fBw\fR (\f(CW\*(C`a/=w\*(C'\fR) and returns the remainder. +.PP +\&\fIBN_mod_word()\fR returns the remainder of \fBa\fR divided by \fBw\fR (\f(CW\*(C`a%w\*(C'\fR). +.PP +For \fIBN_div_word()\fR and \fIBN_mod_word()\fR, \fBw\fR must not be 0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBN_add_word()\fR, \fIBN_sub_word()\fR and \fIBN_mul_word()\fR return 1 for success, 0 +on error. The error codes can be obtained by \fIERR_get_error\fR\|(3). +.PP +\&\fIBN_mod_word()\fR and \fIBN_div_word()\fR return \fBa\fR%\fBw\fR on success and +\&\fB(\s-1BN_ULONG\s0)\-1\fR if an error occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fIBN_add\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/BN_bn2bin.3 b/linux_amd64/share/man/man3/BN_bn2bin.3 new file mode 100755 index 0000000..6cfda22 --- /dev/null +++ b/linux_amd64/share/man/man3/BN_bn2bin.3 @@ -0,0 +1,247 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_BN2BIN 3" +.TH BN_BN2BIN 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_bn2binpad, +BN_bn2bin, BN_bin2bn, BN_bn2lebinpad, BN_lebin2bn, +BN_bn2nativepad, BN_native2bn, BN_bn2hex, BN_bn2dec, BN_hex2bn, BN_dec2bn, +BN_print, BN_print_fp, BN_bn2mpi, BN_mpi2bn \- format conversions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BN_bn2bin(const BIGNUM *a, unsigned char *to); +\& int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen); +\& BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret); +\& +\& int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen); +\& BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret); +\& +\& int BN_bn2nativepad(const BIGNUM *a, unsigned char *to, int tolen); +\& BIGNUM *BN_native2bn(const unsigned char *s, int len, BIGNUM *ret); +\& +\& char *BN_bn2hex(const BIGNUM *a); +\& char *BN_bn2dec(const BIGNUM *a); +\& int BN_hex2bn(BIGNUM **a, const char *str); +\& int BN_dec2bn(BIGNUM **a, const char *str); +\& +\& int BN_print(BIO *fp, const BIGNUM *a); +\& int BN_print_fp(FILE *fp, const BIGNUM *a); +\& +\& int BN_bn2mpi(const BIGNUM *a, unsigned char *to); +\& BIGNUM *BN_mpi2bn(unsigned char *s, int len, BIGNUM *ret); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBN_bn2bin()\fR converts the absolute value of \fBa\fR into big-endian form +and stores it at \fBto\fR. \fBto\fR must point to BN_num_bytes(\fBa\fR) bytes of +memory. +.PP +\&\fIBN_bn2binpad()\fR also converts the absolute value of \fBa\fR into big-endian form +and stores it at \fBto\fR. \fBtolen\fR indicates the length of the output buffer +\&\fBto\fR. The result is padded with zeros if necessary. If \fBtolen\fR is less than +BN_num_bytes(\fBa\fR) an error is returned. +.PP +\&\fIBN_bin2bn()\fR converts the positive integer in big-endian form of length +\&\fBlen\fR at \fBs\fR into a \fB\s-1BIGNUM\s0\fR and places it in \fBret\fR. If \fBret\fR is +\&\s-1NULL\s0, a new \fB\s-1BIGNUM\s0\fR is created. +.PP +\&\fIBN_bn2lebinpad()\fR and \fIBN_lebin2bn()\fR are identical to \fIBN_bn2binpad()\fR and +\&\fIBN_bin2bn()\fR except the buffer is in little-endian format. +.PP +\&\fIBN_bn2nativepad()\fR and \fIBN_native2bn()\fR are identical to \fIBN_bn2binpad()\fR and +\&\fIBN_bin2bn()\fR except the buffer is in native format, i.e. most significant +byte first on big-endian platforms, and least significant byte first on +little-endian platforms. +.PP +\&\fIBN_bn2hex()\fR and \fIBN_bn2dec()\fR return printable strings containing the +hexadecimal and decimal encoding of \fBa\fR respectively. For negative +numbers, the string is prefaced with a leading '\-'. The string must be +freed later using \fIOPENSSL_free()\fR. +.PP +\&\fIBN_hex2bn()\fR takes as many characters as possible from the string \fBstr\fR, +including the leading character '\-' which means negative, to form a valid +hexadecimal number representation and converts them to a \fB\s-1BIGNUM\s0\fR and +stores it in **\fBa\fR. If *\fBa\fR is \s-1NULL\s0, a new \fB\s-1BIGNUM\s0\fR is created. If +\&\fBa\fR is \s-1NULL\s0, it only computes the length of valid representation. +A \*(L"negative zero\*(R" is converted to zero. +\&\fIBN_dec2bn()\fR is the same using the decimal system. +.PP +\&\fIBN_print()\fR and \fIBN_print_fp()\fR write the hexadecimal encoding of \fBa\fR, +with a leading '\-' for negative numbers, to the \fB\s-1BIO\s0\fR or \fB\s-1FILE\s0\fR +\&\fBfp\fR. +.PP +\&\fIBN_bn2mpi()\fR and \fIBN_mpi2bn()\fR convert \fB\s-1BIGNUM\s0\fRs from and to a format +that consists of the number's length in bytes represented as a 4\-byte +big-endian number, and the number itself in big-endian format, where +the most significant bit signals a negative number (the representation +of numbers with the \s-1MSB\s0 set is prefixed with null byte). +.PP +\&\fIBN_bn2mpi()\fR stores the representation of \fBa\fR at \fBto\fR, where \fBto\fR +must be large enough to hold the result. The size can be determined by +calling BN_bn2mpi(\fBa\fR, \s-1NULL\s0). +.PP +\&\fIBN_mpi2bn()\fR converts the \fBlen\fR bytes long representation at \fBs\fR to +a \fB\s-1BIGNUM\s0\fR and stores it at \fBret\fR, or in a newly allocated \fB\s-1BIGNUM\s0\fR +if \fBret\fR is \s-1NULL\s0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBN_bn2bin()\fR returns the length of the big-endian number placed at \fBto\fR. +\&\fIBN_bin2bn()\fR returns the \fB\s-1BIGNUM\s0\fR, \s-1NULL\s0 on error. +.PP +\&\fIBN_bn2binpad()\fR returns the number of bytes written or \-1 if the supplied +buffer is too small. +.PP +\&\fIBN_bn2hex()\fR and \fIBN_bn2dec()\fR return a null-terminated string, or \s-1NULL\s0 +on error. \fIBN_hex2bn()\fR and \fIBN_dec2bn()\fR return the number of characters +used in parsing, or 0 on error, in which +case no new \fB\s-1BIGNUM\s0\fR will be created. +.PP +\&\fIBN_print_fp()\fR and \fIBN_print()\fR return 1 on success, 0 on write errors. +.PP +\&\fIBN_bn2mpi()\fR returns the length of the representation. \fIBN_mpi2bn()\fR +returns the \fB\s-1BIGNUM\s0\fR, and \s-1NULL\s0 on error. +.PP +The error codes can be obtained by \fIERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fIBN_zero\fR\|(3), +\&\fIASN1_INTEGER_to_BN\fR\|(3), +\&\fIBN_num_bytes\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/BN_cmp.3 b/linux_amd64/share/man/man3/BN_cmp.3 new file mode 100755 index 0000000..11e83a2 --- /dev/null +++ b/linux_amd64/share/man/man3/BN_cmp.3 @@ -0,0 +1,171 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_CMP 3" +.TH BN_CMP 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_cmp, BN_ucmp, BN_is_zero, BN_is_one, BN_is_word, BN_is_odd \- BIGNUM comparison and test functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BN_cmp(BIGNUM *a, BIGNUM *b); +\& int BN_ucmp(BIGNUM *a, BIGNUM *b); +\& +\& int BN_is_zero(BIGNUM *a); +\& int BN_is_one(BIGNUM *a); +\& int BN_is_word(BIGNUM *a, BN_ULONG w); +\& int BN_is_odd(BIGNUM *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBN_cmp()\fR compares the numbers \fBa\fR and \fBb\fR. \fIBN_ucmp()\fR compares their +absolute values. +.PP +\&\fIBN_is_zero()\fR, \fIBN_is_one()\fR and \fIBN_is_word()\fR test if \fBa\fR equals 0, 1, +or \fBw\fR respectively. \fIBN_is_odd()\fR tests if a is odd. +.PP +\&\fIBN_is_zero()\fR, \fIBN_is_one()\fR, \fIBN_is_word()\fR and \fIBN_is_odd()\fR are macros. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBN_cmp()\fR returns \-1 if \fBa\fR < \fBb\fR, 0 if \fBa\fR == \fBb\fR and 1 if +\&\fBa\fR > \fBb\fR. \fIBN_ucmp()\fR is the same using the absolute values +of \fBa\fR and \fBb\fR. +.PP +\&\fIBN_is_zero()\fR, \fIBN_is_one()\fR \fIBN_is_word()\fR and \fIBN_is_odd()\fR return 1 if +the condition is true, 0 otherwise. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/BN_copy.3 b/linux_amd64/share/man/man3/BN_copy.3 new file mode 100755 index 0000000..e7edcab --- /dev/null +++ b/linux_amd64/share/man/man3/BN_copy.3 @@ -0,0 +1,182 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_COPY 3" +.TH BN_COPY 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_copy, BN_dup, BN_with_flags \- copy BIGNUMs +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& BIGNUM *BN_copy(BIGNUM *to, const BIGNUM *from); +\& +\& BIGNUM *BN_dup(const BIGNUM *from); +\& +\& void BN_with_flags(BIGNUM *dest, const BIGNUM *b, int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBN_copy()\fR copies \fBfrom\fR to \fBto\fR. \fIBN_dup()\fR creates a new \fB\s-1BIGNUM\s0\fR +containing the value \fBfrom\fR. +.PP +BN_with_flags creates a \fBtemporary\fR shallow copy of \fBb\fR in \fBdest\fR. It places +significant restrictions on the copied data. Applications that do no adhere to +these restrictions may encounter unexpected side effects or crashes. For that +reason use of this function is discouraged. Any flags provided in \fBflags\fR will +be set in \fBdest\fR in addition to any flags already set in \fBb\fR. For example this +might commonly be used to create a temporary copy of a \s-1BIGNUM\s0 with the +\&\fB\s-1BN_FLG_CONSTTIME\s0\fR flag set for constant time operations. The temporary copy in +\&\fBdest\fR will share some internal state with \fBb\fR. For this reason the following +restrictions apply to the use of \fBdest\fR: +.IP "\(bu" 2 +\&\fBdest\fR should be a newly allocated \s-1BIGNUM\s0 obtained via a call to \fIBN_new()\fR. It +should not have been used for other purposes or initialised in any way. +.IP "\(bu" 2 +\&\fBdest\fR must only be used in \*(L"read-only\*(R" operations, i.e. typically those +functions where the relevant parameter is declared \*(L"const\*(R". +.IP "\(bu" 2 +\&\fBdest\fR must be used and freed before any further subsequent use of \fBb\fR +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBN_copy()\fR returns \fBto\fR on success, \s-1NULL\s0 on error. \fIBN_dup()\fR returns +the new \fB\s-1BIGNUM\s0\fR, and \s-1NULL\s0 on error. The error codes can be obtained +by \fIERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/BN_generate_prime.3 b/linux_amd64/share/man/man3/BN_generate_prime.3 new file mode 100755 index 0000000..1b376c5 --- /dev/null +++ b/linux_amd64/share/man/man3/BN_generate_prime.3 @@ -0,0 +1,367 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_GENERATE_PRIME 3" +.TH BN_GENERATE_PRIME 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_generate_prime_ex2, BN_generate_prime_ex, BN_is_prime_ex, BN_check_prime, +BN_is_prime_fasttest_ex, BN_GENCB_call, BN_GENCB_new, BN_GENCB_free, +BN_GENCB_set_old, BN_GENCB_set, BN_GENCB_get_arg, BN_generate_prime, +BN_is_prime, BN_is_prime_fasttest \- generate primes and test for primality +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BN_generate_prime_ex2(BIGNUM *ret, int bits, int safe, +\& const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb, +\& BN_CTX *ctx); +\& +\& int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add, +\& const BIGNUM *rem, BN_GENCB *cb); +\& +\& int BN_check_prime(const BIGNUM *p, BN_CTX *ctx, BN_GENCB *cb); +\& +\& int BN_GENCB_call(BN_GENCB *cb, int a, int b); +\& +\& BN_GENCB *BN_GENCB_new(void); +\& +\& void BN_GENCB_free(BN_GENCB *cb); +\& +\& void BN_GENCB_set_old(BN_GENCB *gencb, +\& void (*callback)(int, int, void *), void *cb_arg); +\& +\& void BN_GENCB_set(BN_GENCB *gencb, +\& int (*callback)(int, int, BN_GENCB *), void *cb_arg); +\& +\& void *BN_GENCB_get_arg(BN_GENCB *cb); +.Ve +.PP +Deprecated since OpenSSL 0.9.8, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 3 +\& BIGNUM *BN_generate_prime(BIGNUM *ret, int num, int safe, BIGNUM *add, +\& BIGNUM *rem, void (*callback)(int, int, void *), +\& void *cb_arg); +\& +\& int BN_is_prime(const BIGNUM *p, int nchecks, +\& void (*callback)(int, int, void *), BN_CTX *ctx, void *cb_arg); +\& +\& int BN_is_prime_fasttest(const BIGNUM *p, int nchecks, +\& void (*callback)(int, int, void *), BN_CTX *ctx, +\& void *cb_arg, int do_trial_division); +.Ve +.PP +Deprecated since OpenSSL 3.0: +.PP +.Vb 1 +\& int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, BN_GENCB *cb); +\& +\& int BN_is_prime_fasttest_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, +\& int do_trial_division, BN_GENCB *cb); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBN_generate_prime_ex2()\fR generates a pseudo-random prime number of +at least bit length \fBbits\fR using the \s-1BN_CTX\s0 provided in \fBctx\fR. The value of +\&\fBctx\fR must not be \s-1NULL\s0. +.PP +The returned number is probably prime with a negligible error. +The maximum error rate is 2^\-128. +It's 2^\-287 for a 512 bit prime, 2^\-435 for a 1024 bit prime, +2^\-648 for a 2048 bit prime, and lower than 2^\-882 for primes larger +than 2048 bit. +.PP +If \fBadd\fR is \fB\s-1NULL\s0\fR the returned prime number will have exact bit +length \fBbits\fR with the top most two bits set. +.PP +If \fBret\fR is not \fB\s-1NULL\s0\fR, it will be used to store the number. +.PP +If \fBcb\fR is not \fB\s-1NULL\s0\fR, it is used as follows: +.IP "\(bu" 2 +\&\fBBN_GENCB_call(cb, 0, i)\fR is called after generating the i\-th +potential prime number. +.IP "\(bu" 2 +While the number is being tested for primality, +\&\fBBN_GENCB_call(cb, 1, j)\fR is called as described below. +.IP "\(bu" 2 +When a prime has been found, \fBBN_GENCB_call(cb, 2, i)\fR is called. +.IP "\(bu" 2 +The callers of \fIBN_generate_prime_ex()\fR may call \fBBN_GENCB_call(cb, i, j)\fR with +other values as described in their respective man pages; see \*(L"\s-1SEE\s0 \s-1ALSO\s0\*(R". +.PP +The prime may have to fulfill additional requirements for use in +Diffie-Hellman key exchange: +.PP +If \fBadd\fR is not \fB\s-1NULL\s0\fR, the prime will fulfill the condition p % \fBadd\fR +== \fBrem\fR (p % \fBadd\fR == 1 if \fBrem\fR == \fB\s-1NULL\s0\fR) in order to suit a given +generator. +.PP +If \fBsafe\fR is true, it will be a safe prime (i.e. a prime p so +that (p\-1)/2 is also prime). If \fBsafe\fR is true, and \fBrem\fR == \fB\s-1NULL\s0\fR +the condition will be p % \fBadd\fR == 3. +It is recommended that \fBadd\fR is a multiple of 4. +.PP +The random generator must be seeded prior to calling \fIBN_generate_prime_ex()\fR. +If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to +external circumstances (see \s-1\fIRAND\s0\fR\|(7)), the operation will fail. +The random number generator configured for the \s-1OPENSSL_CTX\s0 associated with +\&\fBctx\fR will be used. +.PP +\&\fIBN_generate_prime_ex()\fR is the same as \fIBN_generate_prime_ex2()\fR except that no +\&\fBctx\fR parameter is passed. +In this case the random number generator associated with the default \s-1OPENSSL_CTX\s0 +will be used. +.PP +\&\fIBN_check_prime()\fR, \fIBN_is_prime_ex()\fR, \fIBN_is_prime_fasttest_ex()\fR, \fIBN_is_prime()\fR +and \fIBN_is_prime_fasttest()\fR test if the number \fBp\fR is prime. +The functions tests until one of the tests shows that \fBp\fR is composite, +or all the tests passed. +If \fBp\fR passes all these tests, it is considered a probable prime. +.PP +The test performed on \fBp\fR are trial division by a number of small primes +and rounds of the of the Miller-Rabin probabilistic primality test. +.PP +The functions do at least 64 rounds of the Miller-Rabin test giving a maximum +false positive rate of 2^\-128. +If the size of \fBp\fR is more than 2048 bits, they do at least 128 rounds +giving a maximum false positive rate of 2^\-256. +.PP +If \fBnchecks\fR is larger than the minimum above (64 or 128), \fBnchecks\fR +rounds of the Miller-Rabin test will be done. +.PP +If \fBdo_trial_division\fR set to \fB0\fR, the trial division will be skipped. +\&\fIBN_is_prime_ex()\fR and \fIBN_is_prime()\fR always skip the trial division. +.PP +\&\fIBN_is_prime_ex()\fR, \fIBN_is_prime_fasttest_ex()\fR, \fIBN_is_prime()\fR +and \fIBN_is_prime_fasttest()\fR are deprecated. +.PP +\&\fIBN_is_prime_fasttest()\fR and \fIBN_is_prime()\fR behave just like +\&\fIBN_is_prime_fasttest_ex()\fR and \fIBN_is_prime_ex()\fR respectively, but with the old +style call back. +.PP +\&\fBctx\fR is a pre-allocated \fB\s-1BN_CTX\s0\fR (to save the overhead of allocating and +freeing the structure in a loop), or \fB\s-1NULL\s0\fR. +.PP +If the trial division is done, and no divisors are found and \fBcb\fR +is not \fB\s-1NULL\s0\fR, \fBBN_GENCB_call(cb, 1, \-1)\fR is called. +.PP +After each round of the Miller-Rabin probabilistic primality test, +if \fBcb\fR is not \fB\s-1NULL\s0\fR, \fBBN_GENCB_call(cb, 1, j)\fR is called +with \fBj\fR the iteration (j = 0, 1, ...). +.PP +\&\fIBN_GENCB_call()\fR calls the callback function held in the \fB\s-1BN_GENCB\s0\fR structure +and passes the ints \fBa\fR and \fBb\fR as arguments. There are two types of +\&\fB\s-1BN_GENCB\s0\fR structure that are supported: \*(L"new\*(R" style and \*(L"old\*(R" style. New +programs should prefer the \*(L"new\*(R" style, whilst the \*(L"old\*(R" style is provided +for backwards compatibility purposes. +.PP +A \fB\s-1BN_GENCB\s0\fR structure should be created through a call to \fIBN_GENCB_new()\fR, +and freed through a call to \fIBN_GENCB_free()\fR. +.PP +For \*(L"new\*(R" style callbacks a \s-1BN_GENCB\s0 structure should be initialised with a +call to \fIBN_GENCB_set()\fR, where \fBgencb\fR is a \fB\s-1BN_GENCB\s0 *\fR, \fBcallback\fR is of +type \fBint (*callback)(int, int, \s-1BN_GENCB\s0 *)\fR and \fBcb_arg\fR is a \fBvoid *\fR. +\&\*(L"Old\*(R" style callbacks are the same except they are initialised with a call +to \fIBN_GENCB_set_old()\fR and \fBcallback\fR is of type +\&\fBvoid (*callback)(int, int, void *)\fR. +.PP +A callback is invoked through a call to \fBBN_GENCB_call\fR. This will check +the type of the callback and will invoke \fBcallback(a, b, gencb)\fR for new +style callbacks or \fBcallback(a, b, cb_arg)\fR for old style. +.PP +It is possible to obtain the argument associated with a \s-1BN_GENCB\s0 structure +(set via a call to BN_GENCB_set or BN_GENCB_set_old) using BN_GENCB_get_arg. +.PP +\&\fIBN_generate_prime()\fR (deprecated) works in the same way as +\&\fIBN_generate_prime_ex()\fR but expects an old-style callback function +directly in the \fBcallback\fR parameter, and an argument to pass to it in +the \fBcb_arg\fR. \fIBN_is_prime()\fR and \fIBN_is_prime_fasttest()\fR +can similarly be compared to \fIBN_is_prime_ex()\fR and +\&\fIBN_is_prime_fasttest_ex()\fR, respectively. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBN_generate_prime_ex()\fR return 1 on success or 0 on error. +.PP +\&\fIBN_is_prime_ex()\fR, \fIBN_is_prime_fasttest_ex()\fR, \fIBN_is_prime()\fR, +\&\fIBN_is_prime_fasttest()\fR and BN_check_prime return 0 if the number is composite, +1 if it is prime with an error probability of less than 0.25^\fBnchecks\fR, and +\&\-1 on error. +.PP +\&\fIBN_generate_prime()\fR returns the prime number on success, \fB\s-1NULL\s0\fR otherwise. +.PP +BN_GENCB_new returns a pointer to a \s-1BN_GENCB\s0 structure on success, or \fB\s-1NULL\s0\fR +otherwise. +.PP +BN_GENCB_get_arg returns the argument previously associated with a \s-1BN_GENCB\s0 +structure. +.PP +Callback functions should return 1 on success or 0 on error. +.PP +The error codes can be obtained by \fIERR_get_error\fR\|(3). +.SH "REMOVED FUNCTIONALITY" +.IX Header "REMOVED FUNCTIONALITY" +As of OpenSSL 1.1.0 it is no longer possible to create a \s-1BN_GENCB\s0 structure +directly, as in: +.PP +.Vb 1 +\& BN_GENCB callback; +.Ve +.PP +Instead applications should create a \s-1BN_GENCB\s0 structure using BN_GENCB_new: +.PP +.Vb 6 +\& BN_GENCB *callback; +\& callback = BN_GENCB_new(); +\& if (!callback) +\& /* error */ +\& ... +\& BN_GENCB_free(callback); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIDH_generate_parameters\fR\|(3), \fIDSA_generate_parameters\fR\|(3), +\&\fIRSA_generate_key\fR\|(3), \fIERR_get_error\fR\|(3), \fIRAND_bytes\fR\|(3), +\&\s-1\fIRAND\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \fIBN_GENCB_new()\fR, \fIBN_GENCB_free()\fR, +and \fIBN_GENCB_get_arg()\fR functions were added in OpenSSL 1.1.0. +.PP +\&\fIBN_check_prime()\fR was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/BN_mod_inverse.3 b/linux_amd64/share/man/man3/BN_mod_inverse.3 new file mode 100755 index 0000000..d61c234 --- /dev/null +++ b/linux_amd64/share/man/man3/BN_mod_inverse.3 @@ -0,0 +1,164 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_MOD_INVERSE 3" +.TH BN_MOD_INVERSE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_mod_inverse \- compute inverse modulo n +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& BIGNUM *BN_mod_inverse(BIGNUM *r, BIGNUM *a, const BIGNUM *n, +\& BN_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBN_mod_inverse()\fR computes the inverse of \fBa\fR modulo \fBn\fR +places the result in \fBr\fR (\f(CW\*(C`(a*r)%n==1\*(C'\fR). If \fBr\fR is \s-1NULL\s0, +a new \fB\s-1BIGNUM\s0\fR is created. +.PP +\&\fBctx\fR is a previously allocated \fB\s-1BN_CTX\s0\fR used for temporary +variables. \fBr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fBa\fR or \fBn\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBN_mod_inverse()\fR returns the \fB\s-1BIGNUM\s0\fR containing the inverse, and +\&\s-1NULL\s0 on error. The error codes can be obtained by \fIERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fIBN_add\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/BN_mod_mul_montgomery.3 b/linux_amd64/share/man/man3/BN_mod_mul_montgomery.3 new file mode 100755 index 0000000..d3e88c3 --- /dev/null +++ b/linux_amd64/share/man/man3/BN_mod_mul_montgomery.3 @@ -0,0 +1,211 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_MOD_MUL_MONTGOMERY 3" +.TH BN_MOD_MUL_MONTGOMERY 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_mod_mul_montgomery, BN_MONT_CTX_new, +BN_MONT_CTX_free, BN_MONT_CTX_set, BN_MONT_CTX_copy, +BN_from_montgomery, BN_to_montgomery \- Montgomery multiplication +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& BN_MONT_CTX *BN_MONT_CTX_new(void); +\& void BN_MONT_CTX_free(BN_MONT_CTX *mont); +\& +\& int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *m, BN_CTX *ctx); +\& BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from); +\& +\& int BN_mod_mul_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *b, +\& BN_MONT_CTX *mont, BN_CTX *ctx); +\& +\& int BN_from_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont, +\& BN_CTX *ctx); +\& +\& int BN_to_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont, +\& BN_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions implement Montgomery multiplication. They are used +automatically when \fIBN_mod_exp\fR\|(3) is called with suitable input, +but they may be useful when several operations are to be performed +using the same modulus. +.PP +\&\fIBN_MONT_CTX_new()\fR allocates and initializes a \fB\s-1BN_MONT_CTX\s0\fR structure. +.PP +\&\fIBN_MONT_CTX_set()\fR sets up the \fImont\fR structure from the modulus \fIm\fR +by precomputing its inverse and a value R. +.PP +\&\fIBN_MONT_CTX_copy()\fR copies the \fB\s-1BN_MONT_CTX\s0\fR \fIfrom\fR to \fIto\fR. +.PP +\&\fIBN_MONT_CTX_free()\fR frees the components of the \fB\s-1BN_MONT_CTX\s0\fR, and, if +it was created by \fIBN_MONT_CTX_new()\fR, also the structure itself. +If \fBmont\fR is \s-1NULL\s0, nothing is done. +.PP +\&\fIBN_mod_mul_montgomery()\fR computes Mont(\fIa\fR,\fIb\fR):=\fIa\fR*\fIb\fR*R^\-1 and places +the result in \fIr\fR. +.PP +\&\fIBN_from_montgomery()\fR performs the Montgomery reduction \fIr\fR = \fIa\fR*R^\-1. +.PP +\&\fIBN_to_montgomery()\fR computes Mont(\fIa\fR,R^2), i.e. \fIa\fR*R. +Note that \fIa\fR must be non-negative and smaller than the modulus. +.PP +For all functions, \fIctx\fR is a previously allocated \fB\s-1BN_CTX\s0\fR used for +temporary variables. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBN_MONT_CTX_new()\fR returns the newly allocated \fB\s-1BN_MONT_CTX\s0\fR, and \s-1NULL\s0 +on error. +.PP +\&\fIBN_MONT_CTX_free()\fR has no return value. +.PP +For the other functions, 1 is returned for success, 0 on error. +The error codes can be obtained by \fIERR_get_error\fR\|(3). +.SH "WARNINGS" +.IX Header "WARNINGS" +The inputs must be reduced modulo \fBm\fR, otherwise the result will be +outside the expected range. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fIBN_add\fR\|(3), +\&\fIBN_CTX_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIBN_MONT_CTX_init()\fR was removed in OpenSSL 1.1.0 +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/BN_mod_mul_reciprocal.3 b/linux_amd64/share/man/man3/BN_mod_mul_reciprocal.3 new file mode 100755 index 0000000..1e0666c --- /dev/null +++ b/linux_amd64/share/man/man3/BN_mod_mul_reciprocal.3 @@ -0,0 +1,198 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_MOD_MUL_RECIPROCAL 3" +.TH BN_MOD_MUL_RECIPROCAL 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_mod_mul_reciprocal, BN_div_recp, BN_RECP_CTX_new, +BN_RECP_CTX_free, BN_RECP_CTX_set \- modular multiplication using +reciprocal +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& BN_RECP_CTX *BN_RECP_CTX_new(void); +\& void BN_RECP_CTX_free(BN_RECP_CTX *recp); +\& +\& int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *m, BN_CTX *ctx); +\& +\& int BN_div_recp(BIGNUM *dv, BIGNUM *rem, BIGNUM *a, BN_RECP_CTX *recp, +\& BN_CTX *ctx); +\& +\& int BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *a, BIGNUM *b, +\& BN_RECP_CTX *recp, BN_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBN_mod_mul_reciprocal()\fR can be used to perform an efficient +\&\fIBN_mod_mul\fR\|(3) operation when the operation will be performed +repeatedly with the same modulus. It computes \fBr\fR=(\fBa\fR*\fBb\fR)%\fBm\fR +using \fBrecp\fR=1/\fBm\fR, which is set as described below. \fBctx\fR is a +previously allocated \fB\s-1BN_CTX\s0\fR used for temporary variables. +.PP +\&\fIBN_RECP_CTX_new()\fR allocates and initializes a \fB\s-1BN_RECP\s0\fR structure. +.PP +\&\fIBN_RECP_CTX_free()\fR frees the components of the \fB\s-1BN_RECP\s0\fR, and, if it +was created by \fIBN_RECP_CTX_new()\fR, also the structure itself. +If \fBrecp\fR is \s-1NULL\s0, nothing is done. +.PP +\&\fIBN_RECP_CTX_set()\fR stores \fBm\fR in \fBrecp\fR and sets it up for computing +1/\fBm\fR and shifting it left by BN_num_bits(\fBm\fR)+1 to make it an +integer. The result and the number of bits it was shifted left will +later be stored in \fBrecp\fR. +.PP +\&\fIBN_div_recp()\fR divides \fBa\fR by \fBm\fR using \fBrecp\fR. It places the quotient +in \fBdv\fR and the remainder in \fBrem\fR. +.PP +The \fB\s-1BN_RECP_CTX\s0\fR structure cannot be shared between threads. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBN_RECP_CTX_new()\fR returns the newly allocated \fB\s-1BN_RECP_CTX\s0\fR, and \s-1NULL\s0 +on error. +.PP +\&\fIBN_RECP_CTX_free()\fR has no return value. +.PP +For the other functions, 1 is returned for success, 0 on error. +The error codes can be obtained by \fIERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fIBN_add\fR\|(3), +\&\fIBN_CTX_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIBN_RECP_CTX_init()\fR was removed in OpenSSL 1.1.0 +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/BN_new.3 b/linux_amd64/share/man/man3/BN_new.3 new file mode 100755 index 0000000..7a73963 --- /dev/null +++ b/linux_amd64/share/man/man3/BN_new.3 @@ -0,0 +1,186 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_NEW 3" +.TH BN_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_new, BN_secure_new, BN_clear, BN_free, BN_clear_free \- allocate and free BIGNUMs +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& BIGNUM *BN_new(void); +\& +\& BIGNUM *BN_secure_new(void); +\& +\& void BN_clear(BIGNUM *a); +\& +\& void BN_free(BIGNUM *a); +\& +\& void BN_clear_free(BIGNUM *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBN_new()\fR allocates and initializes a \fB\s-1BIGNUM\s0\fR structure. +\&\fIBN_secure_new()\fR does the same except that the secure heap +\&\fIOPENSSL_secure_malloc\fR\|(3) is used to store the value. +.PP +\&\fIBN_clear()\fR is used to destroy sensitive data such as keys when they +are no longer needed. It erases the memory used by \fBa\fR and sets it +to the value 0. +If \fBa\fR is \s-1NULL\s0, nothing is done. +.PP +\&\fIBN_free()\fR frees the components of the \fB\s-1BIGNUM\s0\fR, and if it was created +by \fIBN_new()\fR, also the structure itself. \fIBN_clear_free()\fR additionally +overwrites the data before the memory is returned to the system. +If \fBa\fR is \s-1NULL\s0, nothing is done. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBN_new()\fR and \fIBN_secure_new()\fR +return a pointer to the \fB\s-1BIGNUM\s0\fR initialised to the value 0. +If the allocation fails, +they return \fB\s-1NULL\s0\fR and set an error code that can be obtained +by \fIERR_get_error\fR\|(3). +.PP +\&\fIBN_clear()\fR, \fIBN_free()\fR and \fIBN_clear_free()\fR have no return values. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fIOPENSSL_secure_malloc\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIBN_init()\fR was removed in OpenSSL 1.1.0; use \fIBN_new()\fR instead. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/BN_num_bytes.3 b/linux_amd64/share/man/man3/BN_num_bytes.3 new file mode 100755 index 0000000..dbee722 --- /dev/null +++ b/linux_amd64/share/man/man3/BN_num_bytes.3 @@ -0,0 +1,183 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_NUM_BYTES 3" +.TH BN_NUM_BYTES 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_num_bits, BN_num_bytes, BN_num_bits_word \- get BIGNUM size +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BN_num_bytes(const BIGNUM *a); +\& +\& int BN_num_bits(const BIGNUM *a); +\& +\& int BN_num_bits_word(BN_ULONG w); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBN_num_bytes()\fR returns the size of a \fB\s-1BIGNUM\s0\fR in bytes. +.PP +\&\fIBN_num_bits_word()\fR returns the number of significant bits in a word. +If we take 0x00000432 as an example, it returns 11, not 16, not 32. +Basically, except for a zero, it returns \fIfloor(log2(w))+1\fR. +.PP +\&\fIBN_num_bits()\fR returns the number of significant bits in a \fB\s-1BIGNUM\s0\fR, +following the same principle as \fIBN_num_bits_word()\fR. +.PP +\&\fIBN_num_bytes()\fR is a macro. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The size. +.SH "NOTES" +.IX Header "NOTES" +Some have tried using \fIBN_num_bits()\fR on individual numbers in \s-1RSA\s0 keys, +\&\s-1DH\s0 keys and \s-1DSA\s0 keys, and found that they don't always come up with +the number of bits they expected (something like 512, 1024, 2048, +\&...). This is because generating a number with some specific number +of bits doesn't always set the highest bits, thereby making the number +of \fIsignificant\fR bits a little lower. If you want to know the \*(L"key +size\*(R" of such a key, either use functions like \fIRSA_size()\fR, \fIDH_size()\fR +and \fIDSA_size()\fR, or use \fIBN_num_bytes()\fR and multiply with 8 (although +there's no real guarantee that will match the \*(L"key size\*(R", just a lot +more probability). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIDH_size\fR\|(3), \fIDSA_size\fR\|(3), +\&\fIRSA_size\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/BN_rand.3 b/linux_amd64/share/man/man3/BN_rand.3 new file mode 100755 index 0000000..7fa4f14 --- /dev/null +++ b/linux_amd64/share/man/man3/BN_rand.3 @@ -0,0 +1,232 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_RAND 3" +.TH BN_RAND 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_rand_ex, BN_rand, BN_priv_rand_ex, BN_priv_rand, BN_pseudo_rand, +BN_rand_range_ex, BN_rand_range, BN_priv_rand_range_ex, BN_priv_rand_range, +BN_pseudo_rand_range +\&\- generate pseudo\-random number +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BN_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, BN_CTX *ctx); +\& int BN_rand(BIGNUM *rnd, int bits, int top, int bottom); +\& +\& int BN_priv_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, BN_CTX *ctx); +\& int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom); +\& +\& int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom); +\& +\& int BN_rand_range_ex(BIGNUM *rnd, BIGNUM *range, BN_CTX *ctx); +\& int BN_rand_range(BIGNUM *rnd, BIGNUM *range); +\& +\& int BN_priv_rand_range_ex(BIGNUM *rnd, BIGNUM *range, BN_CTX *ctx); +\& int BN_priv_rand_range(BIGNUM *rnd, BIGNUM *range); +\& +\& int BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBN_rand_ex()\fR generate a cryptographically strong pseudo-random +number of \fBbits\fR in length and stores it in \fBrnd\fR using the random number +generator for the library context associated with \fBctx\fR. The parameter \fBctx\fR +may be \s-1NULL\s0 in which case the default library context is used. +If \fBbits\fR is less than zero, or too small to +accommodate the requirements specified by the \fBtop\fR and \fBbottom\fR +parameters, an error is returned. +The \fBtop\fR parameters specifies +requirements on the most significant bit of the generated number. +If it is \fB\s-1BN_RAND_TOP_ANY\s0\fR, there is no constraint. +If it is \fB\s-1BN_RAND_TOP_ONE\s0\fR, the top bit must be one. +If it is \fB\s-1BN_RAND_TOP_TWO\s0\fR, the two most significant bits of +the number will be set to 1, so that the product of two such random +numbers will always have 2*\fBbits\fR length. +If \fBbottom\fR is \fB\s-1BN_RAND_BOTTOM_ODD\s0\fR, the number will be odd; if it +is \fB\s-1BN_RAND_BOTTOM_ANY\s0\fR it can be odd or even. +If \fBbits\fR is 1 then \fBtop\fR cannot also be \fB\s-1BN_RAND_FLG_TOPTWO\s0\fR. +.PP +\&\fIBN_rand()\fR is the same as \fIBN_rand_ex()\fR except that the default library context +is always used. +.PP +\&\fIBN_rand_range_ex()\fR generates a cryptographically strong pseudo-random +number \fBrnd\fR in the range 0 <= \fBrnd\fR < \fBrange\fR using the random number +generator for the library context associated with \fBctx\fR. The parameter \fBctx\fR +may be \s-1NULL\s0 in which case the default library context is used. +.PP +\&\fIBN_rand_range()\fR is the same as \fIBN_rand_range_ex()\fR except that the default +library context is always used. +.PP +\&\fIBN_priv_rand_ex()\fR, \fIBN_priv_rand()\fR, \fIBN_priv_rand_rand_ex()\fR and +\&\fIBN_priv_rand_range()\fR have the same semantics as \fIBN_rand_ex()\fR, \fIBN_rand()\fR, +\&\fIBN_rand_range_ex()\fR and \fIBN_rand_range()\fR respectively. They are intended to be +used for generating values that should remain private, and mirror the +same difference between \fIRAND_bytes\fR\|(3) and \fIRAND_priv_bytes\fR\|(3). +.SH "NOTES" +.IX Header "NOTES" +Always check the error return value of these functions and do not take +randomness for granted: an error occurs if the \s-1CSPRNG\s0 has not been +seeded with enough randomness to ensure an unpredictable byte sequence. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The functions return 1 on success, 0 on error. +The error codes can be obtained by \fIERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), +\&\fIRAND_add\fR\|(3), +\&\fIRAND_bytes\fR\|(3), +\&\fIRAND_priv_bytes\fR\|(3), +\&\s-1\fIRAND\s0\fR\|(7), +\&\s-1\fIRAND_DRBG\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +.IP "\(bu" 2 +Starting with OpenSSL release 1.1.0, \fIBN_pseudo_rand()\fR has been identical +to \fIBN_rand()\fR and \fIBN_pseudo_rand_range()\fR has been identical to +\&\fIBN_rand_range()\fR. +The \*(L"pseudo\*(R" functions should not be used and may be deprecated in +a future release. +.IP "\(bu" 2 +The +\&\fIBN_priv_rand()\fR and \fIBN_priv_rand_range()\fR functions were added in OpenSSL 1.1.1. +.IP "\(bu" 2 +The \fIBN_rand_ex()\fR, \fIBN_priv_rand_ex()\fR, \fIBN_rand_range_ex()\fR and +\&\fIBN_priv_rand_range_ex()\fR functions were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/BN_security_bits.3 b/linux_amd64/share/man/man3/BN_security_bits.3 new file mode 100755 index 0000000..7a8e69e --- /dev/null +++ b/linux_amd64/share/man/man3/BN_security_bits.3 @@ -0,0 +1,172 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_SECURITY_BITS 3" +.TH BN_SECURITY_BITS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_security_bits \- returns bits of security based on given numbers +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BN_security_bits(int L, int N); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBN_security_bits()\fR returns the number of bits of security provided by a +specific algorithm and a particular key size. The bits of security is +defined in \s-1NIST\s0 \s-1SP800\-57\s0. Currently, \fIBN_security_bits()\fR support two types +of asymmetric algorithms: the \s-1FFC\s0 (Finite Field Cryptography) and \s-1IFC\s0 +(Integer Factorization Cryptography). For \s-1FFC\s0, e.g., \s-1DSA\s0 and \s-1DH\s0, both +parameters \fBL\fR and \fBN\fR are used to decide the bits of security, where +\&\fBL\fR is the size of the public key and \fBN\fR is the size of the private +key. For \s-1IFC\s0, e.g., \s-1RSA\s0, only \fBL\fR is used and it's commonly considered +to be the key size (modulus). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Number of security bits. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1ECC\s0 (Elliptic Curve Cryptography) is not covered by the \fIBN_security_bits()\fR +function. The symmetric algorithms are not covered neither. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIDH_security_bits\fR\|(3), \fIDSA_security_bits\fR\|(3), \fIRSA_security_bits\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fIBN_security_bits()\fR function was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/BN_set_bit.3 b/linux_amd64/share/man/man3/BN_set_bit.3 new file mode 100755 index 0000000..7d4de8c --- /dev/null +++ b/linux_amd64/share/man/man3/BN_set_bit.3 @@ -0,0 +1,192 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_SET_BIT 3" +.TH BN_SET_BIT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_set_bit, BN_clear_bit, BN_is_bit_set, BN_mask_bits, BN_lshift, +BN_lshift1, BN_rshift, BN_rshift1 \- bit operations on BIGNUMs +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BN_set_bit(BIGNUM *a, int n); +\& int BN_clear_bit(BIGNUM *a, int n); +\& +\& int BN_is_bit_set(const BIGNUM *a, int n); +\& +\& int BN_mask_bits(BIGNUM *a, int n); +\& +\& int BN_lshift(BIGNUM *r, const BIGNUM *a, int n); +\& int BN_lshift1(BIGNUM *r, BIGNUM *a); +\& +\& int BN_rshift(BIGNUM *r, BIGNUM *a, int n); +\& int BN_rshift1(BIGNUM *r, BIGNUM *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBN_set_bit()\fR sets bit \fBn\fR in \fBa\fR to 1 (\f(CW\*(C`a|=(1<>n)\*(C'\fR). An error occurs if \fBa\fR already is +shorter than \fBn\fR bits. +.PP +\&\fIBN_lshift()\fR shifts \fBa\fR left by \fBn\fR bits and places the result in +\&\fBr\fR (\f(CW\*(C`r=a*2^n\*(C'\fR). Note that \fBn\fR must be non-negative. \fIBN_lshift1()\fR shifts +\&\fBa\fR left by one and places the result in \fBr\fR (\f(CW\*(C`r=2*a\*(C'\fR). +.PP +\&\fIBN_rshift()\fR shifts \fBa\fR right by \fBn\fR bits and places the result in +\&\fBr\fR (\f(CW\*(C`r=a/2^n\*(C'\fR). Note that \fBn\fR must be non-negative. \fIBN_rshift1()\fR shifts +\&\fBa\fR right by one and places the result in \fBr\fR (\f(CW\*(C`r=a/2\*(C'\fR). +.PP +For the shift functions, \fBr\fR and \fBa\fR may be the same variable. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBN_is_bit_set()\fR returns 1 if the bit is set, 0 otherwise. +.PP +All other functions return 1 for success, 0 on error. The error codes +can be obtained by \fIERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIBN_num_bytes\fR\|(3), \fIBN_add\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/BN_swap.3 b/linux_amd64/share/man/man3/BN_swap.3 new file mode 100755 index 0000000..7398491 --- /dev/null +++ b/linux_amd64/share/man/man3/BN_swap.3 @@ -0,0 +1,154 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_SWAP 3" +.TH BN_SWAP 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_swap \- exchange BIGNUMs +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void BN_swap(BIGNUM *a, BIGNUM *b); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBN_swap()\fR exchanges the values of \fIa\fR and \fIb\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBN_swap()\fR does not return a value. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/BN_zero.3 b/linux_amd64/share/man/man3/BN_zero.3 new file mode 100755 index 0000000..be22461 --- /dev/null +++ b/linux_amd64/share/man/man3/BN_zero.3 @@ -0,0 +1,189 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_ZERO 3" +.TH BN_ZERO 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_zero, BN_one, BN_value_one, BN_set_word, BN_get_word \- BIGNUM assignment +operations +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void BN_zero(BIGNUM *a); +\& int BN_one(BIGNUM *a); +\& +\& const BIGNUM *BN_value_one(void); +\& +\& int BN_set_word(BIGNUM *a, BN_ULONG w); +\& unsigned BN_ULONG BN_get_word(BIGNUM *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fB\s-1BN_ULONG\s0\fR is a macro that will be an unsigned integral type optimized +for the most efficient implementation on the local platform. +.PP +\&\fIBN_zero()\fR, \fIBN_one()\fR and \fIBN_set_word()\fR set \fBa\fR to the values 0, 1 and +\&\fBw\fR respectively. \fIBN_zero()\fR and \fIBN_one()\fR are macros. +.PP +\&\fIBN_value_one()\fR returns a \fB\s-1BIGNUM\s0\fR constant of value 1. This constant +is useful for use in comparisons and assignment. +.PP +\&\fIBN_get_word()\fR returns \fBa\fR, if it can be represented as a \fB\s-1BN_ULONG\s0\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBN_get_word()\fR returns the value \fBa\fR, or all-bits-set if \fBa\fR cannot +be represented as a single integer. +.PP +\&\fIBN_one()\fR and \fIBN_set_word()\fR return 1 on success, 0 otherwise. +\&\fIBN_value_one()\fR returns the constant. +\&\fIBN_zero()\fR never fails and returns no value. +.SH "BUGS" +.IX Header "BUGS" +If a \fB\s-1BIGNUM\s0\fR is equal to the value of all-bits-set, it will collide +with the error condition returned by \fIBN_get_word()\fR which uses that +as an error value. +.PP +\&\fB\s-1BN_ULONG\s0\fR should probably be a typedef. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIBN_bn2bin\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +In OpenSSL 0.9.8, \fIBN_zero()\fR was changed to not return a value; previous +versions returned an int. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/BUF_MEM_new.3 b/linux_amd64/share/man/man3/BUF_MEM_new.3 new file mode 100755 index 0000000..328d3b5 --- /dev/null +++ b/linux_amd64/share/man/man3/BUF_MEM_new.3 @@ -0,0 +1,197 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BUF_MEM_NEW 3" +.TH BUF_MEM_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BUF_MEM_new, BUF_MEM_new_ex, BUF_MEM_free, BUF_MEM_grow, +BUF_MEM_grow_clean, BUF_reverse +\&\- simple character array structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& BUF_MEM *BUF_MEM_new(void); +\& +\& BUF_MEM *BUF_MEM_new_ex(unsigned long flags); +\& +\& void BUF_MEM_free(BUF_MEM *a); +\& +\& int BUF_MEM_grow(BUF_MEM *str, int len); +\& size_t BUF_MEM_grow_clean(BUF_MEM *str, size_t len); +\& +\& void BUF_reverse(unsigned char *out, const unsigned char *in, size_t size); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The buffer library handles simple character arrays. Buffers are used for +various purposes in the library, most notably memory BIOs. +.PP +\&\fIBUF_MEM_new()\fR allocates a new buffer of zero size. +.PP +\&\fIBUF_MEM_new_ex()\fR allocates a buffer with the specified flags. +The flag \fB\s-1BUF_MEM_FLAG_SECURE\s0\fR specifies that the \fBdata\fR pointer +should be allocated on the secure heap; see \fICRYPTO_secure_malloc\fR\|(3). +.PP +\&\fIBUF_MEM_free()\fR frees up an already existing buffer. The data is zeroed +before freeing up in case the buffer contains sensitive data. +.PP +\&\fIBUF_MEM_grow()\fR changes the size of an already existing buffer to +\&\fBlen\fR. Any data already in the buffer is preserved if it increases in +size. +.PP +\&\fIBUF_MEM_grow_clean()\fR is similar to \fIBUF_MEM_grow()\fR but it sets any free'd +or additionally-allocated memory to zero. +.PP +\&\fIBUF_reverse()\fR reverses \fBsize\fR bytes at \fBin\fR into \fBout\fR. If \fBin\fR +is \s-1NULL\s0, the array is reversed in-place. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBUF_MEM_new()\fR returns the buffer or \s-1NULL\s0 on error. +.PP +\&\fIBUF_MEM_free()\fR has no return value. +.PP +\&\fIBUF_MEM_grow()\fR and \fIBUF_MEM_grow_clean()\fR return +zero on error or the new size (i.e., \fBlen\fR). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIbio\fR\|(7), +\&\fICRYPTO_secure_malloc\fR\|(3). +.SH "HISTORY" +.IX Header "HISTORY" +The \fIBUF_MEM_new_ex()\fR function was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/CMS_add0_cert.3 b/linux_amd64/share/man/man3/CMS_add0_cert.3 new file mode 100755 index 0000000..8d8a17c --- /dev/null +++ b/linux_amd64/share/man/man3/CMS_add0_cert.3 @@ -0,0 +1,192 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_ADD0_CERT 3" +.TH CMS_ADD0_CERT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_add0_cert, CMS_add1_cert, CMS_get1_certs, CMS_add0_crl, CMS_add1_crl, CMS_get1_crls +\&\- CMS certificate and CRL utility functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert); +\& int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert); +\& STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms); +\& +\& int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl); +\& int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl); +\& STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fICMS_add0_cert()\fR and \fICMS_add1_cert()\fR add certificate \fBcert\fR to \fBcms\fR. +must be of type signed data or enveloped data. +.PP +\&\fICMS_get1_certs()\fR returns all certificates in \fBcms\fR. +.PP +\&\fICMS_add0_crl()\fR and \fICMS_add1_crl()\fR add \s-1CRL\s0 \fBcrl\fR to \fBcms\fR. \fICMS_get1_crls()\fR +returns any CRLs in \fBcms\fR. +.SH "NOTES" +.IX Header "NOTES" +The CMS_ContentInfo structure \fBcms\fR must be of type signed data or enveloped +data or an error will be returned. +.PP +For signed data certificates and CRLs are added to the \fBcertificates\fR and +\&\fBcrls\fR fields of SignedData structure. For enveloped data they are added to +\&\fBOriginatorInfo\fR. +.PP +As the \fB0\fR implies \fICMS_add0_cert()\fR adds \fBcert\fR internally to \fBcms\fR and it +must not be freed up after the call as opposed to \fICMS_add1_cert()\fR where \fBcert\fR +must be freed up. +.PP +The same certificate or \s-1CRL\s0 must not be added to the same cms structure more +than once. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fICMS_add0_cert()\fR, \fICMS_add1_cert()\fR and \fICMS_add0_crl()\fR and \fICMS_add1_crl()\fR return +1 for success and 0 for failure. +.PP +\&\fICMS_get1_certs()\fR and \fICMS_get1_crls()\fR return the \s-1STACK\s0 of certificates or CRLs +or \s-1NULL\s0 if there are none or an error occurs. The only error which will occur +in practice is if the \fBcms\fR type is invalid. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), +\&\fICMS_sign\fR\|(3), +\&\fICMS_encrypt\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/CMS_add1_recipient_cert.3 b/linux_amd64/share/man/man3/CMS_add1_recipient_cert.3 new file mode 100755 index 0000000..cba72ea --- /dev/null +++ b/linux_amd64/share/man/man3/CMS_add1_recipient_cert.3 @@ -0,0 +1,194 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_ADD1_RECIPIENT_CERT 3" +.TH CMS_ADD1_RECIPIENT_CERT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_add1_recipient_cert, CMS_add0_recipient_key \- add recipients to a CMS enveloped data structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, +\& X509 *recip, unsigned int flags); +\& +\& CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid, +\& unsigned char *key, size_t keylen, +\& unsigned char *id, size_t idlen, +\& ASN1_GENERALIZEDTIME *date, +\& ASN1_OBJECT *otherTypeId, +\& ASN1_TYPE *otherType); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fICMS_add1_recipient_cert()\fR adds recipient \fBrecip\fR to CMS_ContentInfo enveloped +data structure \fBcms\fR as a KeyTransRecipientInfo structure. +.PP +\&\fICMS_add0_recipient_key()\fR adds symmetric key \fBkey\fR of length \fBkeylen\fR using +wrapping algorithm \fBnid\fR, identifier \fBid\fR of length \fBidlen\fR and optional +values \fBdate\fR, \fBotherTypeId\fR and \fBotherType\fR to CMS_ContentInfo enveloped +data structure \fBcms\fR as a KEKRecipientInfo structure. +.PP +The CMS_ContentInfo structure should be obtained from an initial call to +\&\fICMS_encrypt()\fR with the flag \fB\s-1CMS_PARTIAL\s0\fR set. +.SH "NOTES" +.IX Header "NOTES" +The main purpose of this function is to provide finer control over a \s-1CMS\s0 +enveloped data structure where the simpler \fICMS_encrypt()\fR function defaults are +not appropriate. For example if one or more KEKRecipientInfo structures +need to be added. New attributes can also be added using the returned +CMS_RecipientInfo structure and the \s-1CMS\s0 attribute utility functions. +.PP +OpenSSL will by default identify recipient certificates using issuer name +and serial number. If \fB\s-1CMS_USE_KEYID\s0\fR is set it will use the subject key +identifier value instead. An error occurs if all recipient certificates do not +have a subject key identifier extension. +.PP +Currently only \s-1AES\s0 based key wrapping algorithms are supported for \fBnid\fR, +specifically: NID_id_aes128_wrap, NID_id_aes192_wrap and NID_id_aes256_wrap. +If \fBnid\fR is set to \fBNID_undef\fR then an \s-1AES\s0 wrap algorithm will be used +consistent with \fBkeylen\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fICMS_add1_recipient_cert()\fR and \fICMS_add0_recipient_key()\fR return an internal +pointer to the CMS_RecipientInfo structure just added or \s-1NULL\s0 if an error +occurs. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fICMS_decrypt\fR\|(3), +\&\fICMS_final\fR\|(3), +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/CMS_add1_signer.3 b/linux_amd64/share/man/man3/CMS_add1_signer.3 new file mode 100755 index 0000000..2ad0b74 --- /dev/null +++ b/linux_amd64/share/man/man3/CMS_add1_signer.3 @@ -0,0 +1,229 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_ADD1_SIGNER 3" +.TH CMS_ADD1_SIGNER 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_add1_signer, CMS_SignerInfo_sign \- add a signer to a CMS_ContentInfo signed data structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, X509 *signcert, +\& EVP_PKEY *pkey, const EVP_MD *md, +\& unsigned int flags); +\& +\& int CMS_SignerInfo_sign(CMS_SignerInfo *si); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fICMS_add1_signer()\fR adds a signer with certificate \fBsigncert\fR and private +key \fBpkey\fR using message digest \fBmd\fR to CMS_ContentInfo SignedData +structure \fBcms\fR. +.PP +The CMS_ContentInfo structure should be obtained from an initial call to +\&\fICMS_sign()\fR with the flag \fB\s-1CMS_PARTIAL\s0\fR set or in the case or re-signing a +valid CMS_ContentInfo SignedData structure. +.PP +If the \fBmd\fR parameter is \fB\s-1NULL\s0\fR then the default digest for the public +key algorithm will be used. +.PP +Unless the \fB\s-1CMS_REUSE_DIGEST\s0\fR flag is set the returned CMS_ContentInfo +structure is not complete and must be finalized either by streaming (if +applicable) or a call to \fICMS_final()\fR. +.PP +The \fICMS_SignerInfo_sign()\fR function will explicitly sign a CMS_SignerInfo +structure, its main use is when \fB\s-1CMS_REUSE_DIGEST\s0\fR and \fB\s-1CMS_PARTIAL\s0\fR flags +are both set. +.SH "NOTES" +.IX Header "NOTES" +The main purpose of \fICMS_add1_signer()\fR is to provide finer control +over a \s-1CMS\s0 signed data structure where the simpler \fICMS_sign()\fR function defaults +are not appropriate. For example if multiple signers or non default digest +algorithms are needed. New attributes can also be added using the returned +CMS_SignerInfo structure and the \s-1CMS\s0 attribute utility functions or the +\&\s-1CMS\s0 signed receipt request functions. +.PP +Any of the following flags (ored together) can be passed in the \fBflags\fR +parameter. +.PP +If \fB\s-1CMS_REUSE_DIGEST\s0\fR is set then an attempt is made to copy the content +digest value from the CMS_ContentInfo structure: to add a signer to an existing +structure. An error occurs if a matching digest value cannot be found to copy. +The returned CMS_ContentInfo structure will be valid and finalized when this +flag is set. +.PP +If \fB\s-1CMS_PARTIAL\s0\fR is set in addition to \fB\s-1CMS_REUSE_DIGEST\s0\fR then the +CMS_SignerInfo structure will not be finalized so additional attributes +can be added. In this case an explicit call to \fICMS_SignerInfo_sign()\fR is +needed to finalize it. +.PP +If \fB\s-1CMS_NOCERTS\s0\fR is set the signer's certificate will not be included in the +CMS_ContentInfo structure, the signer's certificate must still be supplied in +the \fBsigncert\fR parameter though. This can reduce the size of the signature if +the signers certificate can be obtained by other means: for example a +previously signed message. +.PP +The SignedData structure includes several \s-1CMS\s0 signedAttributes including the +signing time, the \s-1CMS\s0 content type and the supported list of ciphers in an +SMIMECapabilities attribute. If \fB\s-1CMS_NOATTR\s0\fR is set then no signedAttributes +will be used. If \fB\s-1CMS_NOSMIMECAP\s0\fR is set then just the SMIMECapabilities are +omitted. +.PP +OpenSSL will by default identify signing certificates using issuer name +and serial number. If \fB\s-1CMS_USE_KEYID\s0\fR is set it will use the subject key +identifier value instead. An error occurs if the signing certificate does not +have a subject key identifier extension. +.PP +If present the SMIMECapabilities attribute indicates support for the following +algorithms in preference order: 256 bit \s-1AES\s0, Gost R3411\-94, Gost 28147\-89, 192 +bit \s-1AES\s0, 128 bit \s-1AES\s0, triple \s-1DES\s0, 128 bit \s-1RC2\s0, 64 bit \s-1RC2\s0, \s-1DES\s0 and 40 bit \s-1RC2\s0. +If any of these algorithms is not available then it will not be included: for example the \s-1GOST\s0 algorithms will not be included if the \s-1GOST\s0 \s-1ENGINE\s0 is +not loaded. +.PP +\&\fICMS_add1_signer()\fR returns an internal pointer to the CMS_SignerInfo +structure just added, this can be used to set additional attributes +before it is finalized. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fICMS_add1_signer()\fR returns an internal pointer to the CMS_SignerInfo +structure just added or \s-1NULL\s0 if an error occurs. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3), +\&\fICMS_final\fR\|(3), +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2014\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/CMS_compress.3 b/linux_amd64/share/man/man3/CMS_compress.3 new file mode 100755 index 0000000..b5fe069 --- /dev/null +++ b/linux_amd64/share/man/man3/CMS_compress.3 @@ -0,0 +1,199 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_COMPRESS 3" +.TH CMS_COMPRESS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_compress \- create a CMS CompressedData structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fICMS_compress()\fR creates and returns a \s-1CMS\s0 CompressedData structure. \fBcomp_nid\fR +is the compression algorithm to use or \fBNID_undef\fR to use the default +algorithm (zlib compression). \fBin\fR is the content to be compressed. +\&\fBflags\fR is an optional set of flags. +.PP +The only currently supported compression algorithm is zlib using the \s-1NID\s0 +NID_zlib_compression. +.PP +If zlib support is not compiled into OpenSSL then \fICMS_compress()\fR will return +an error. +.PP +If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are +prepended to the data. +.PP +Normally the supplied content is translated into \s-1MIME\s0 canonical format (as +required by the S/MIME specifications) if \fB\s-1CMS_BINARY\s0\fR is set no translation +occurs. This option should be used if the supplied data is in binary format +otherwise the translation will corrupt it. If \fB\s-1CMS_BINARY\s0\fR is set then +\&\fB\s-1CMS_TEXT\s0\fR is ignored. +.PP +If the \fB\s-1CMS_STREAM\s0\fR flag is set a partial \fBCMS_ContentInfo\fR structure is +returned suitable for streaming I/O: no data is read from the \s-1BIO\s0 \fBin\fR. +.PP +The compressed data is included in the CMS_ContentInfo structure, unless +\&\fB\s-1CMS_DETACHED\s0\fR is set in which case it is omitted. This is rarely used in +practice and is not supported by \fISMIME_write_CMS()\fR. +.PP +If the flag \fB\s-1CMS_STREAM\s0\fR is set the returned \fBCMS_ContentInfo\fR structure is +\&\fBnot\fR complete and outputting its contents via a function that does not +properly finalize the \fBCMS_ContentInfo\fR structure will give unpredictable +results. +.PP +Several functions including \fISMIME_write_CMS()\fR, \fIi2d_CMS_bio_stream()\fR, +\&\fIPEM_write_bio_CMS_stream()\fR finalize the structure. Alternatively finalization +can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using +\&\fIBIO_new_CMS()\fR. +.PP +Additional compression parameters such as the zlib compression level cannot +currently be set. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fICMS_compress()\fR returns either a CMS_ContentInfo structure or \s-1NULL\s0 if an error +occurred. The error can be obtained from \fIERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fICMS_uncompress\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fB\s-1CMS_STREAM\s0\fR flag was added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/CMS_decrypt.3 b/linux_amd64/share/man/man3/CMS_decrypt.3 new file mode 100755 index 0000000..2b45e06 --- /dev/null +++ b/linux_amd64/share/man/man3/CMS_decrypt.3 @@ -0,0 +1,203 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_DECRYPT 3" +.TH CMS_DECRYPT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_decrypt \- decrypt content from a CMS envelopedData structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert, +\& BIO *dcont, BIO *out, unsigned int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fICMS_decrypt()\fR extracts and decrypts the content from a \s-1CMS\s0 EnvelopedData +structure. \fBpkey\fR is the private key of the recipient, \fBcert\fR is the +recipient's certificate, \fBout\fR is a \s-1BIO\s0 to write the content to and +\&\fBflags\fR is an optional set of flags. +.PP +The \fBdcont\fR parameter is used in the rare case where the encrypted content +is detached. It will normally be set to \s-1NULL\s0. +.SH "NOTES" +.IX Header "NOTES" +Although the recipients certificate is not needed to decrypt the data it is +needed to locate the appropriate (of possible several) recipients in the \s-1CMS\s0 +structure. +.PP +If \fBcert\fR is set to \s-1NULL\s0 all possible recipients are tried. This case however +is problematic. To thwart the \s-1MMA\s0 attack (Bleichenbacher's attack on +\&\s-1PKCS\s0 #1 v1.5 \s-1RSA\s0 padding) all recipients are tried whether they succeed or +not. If no recipient succeeds then a random symmetric key is used to decrypt +the content: this will typically output garbage and may (but is not guaranteed +to) ultimately return a padding error only. If \fICMS_decrypt()\fR just returned an +error when all recipient encrypted keys failed to decrypt an attacker could +use this in a timing attack. If the special flag \fB\s-1CMS_DEBUG_DECRYPT\s0\fR is set +then the above behaviour is modified and an error \fBis\fR returned if no +recipient encrypted key can be decrypted \fBwithout\fR generating a random +content encryption key. Applications should use this flag with +\&\fBextreme caution\fR especially in automated gateways as it can leave them +open to attack. +.PP +It is possible to determine the correct recipient key by other means (for +example looking them up in a database) and setting them in the \s-1CMS\s0 structure +in advance using the \s-1CMS\s0 utility functions such as \fICMS_set1_pkey()\fR. In this +case both \fBcert\fR and \fBpkey\fR should be set to \s-1NULL\s0. +.PP +To process KEKRecipientInfo types \fICMS_set1_key()\fR or \fICMS_RecipientInfo_set0_key()\fR +and \fICMS_RecipientInfo_decrypt()\fR should be called before \fICMS_decrypt()\fR and +\&\fBcert\fR and \fBpkey\fR set to \s-1NULL\s0. +.PP +The following flags can be passed in the \fBflags\fR parameter. +.PP +If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are deleted +from the content. If the content is not of type \fBtext/plain\fR then an error is +returned. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fICMS_decrypt()\fR returns either 1 for success or 0 for failure. +The error can be obtained from \fIERR_get_error\fR\|(3) +.SH "BUGS" +.IX Header "BUGS" +The lack of single pass processing and the need to hold all data in memory as +mentioned in \fICMS_verify()\fR also applies to \fICMS_decrypt()\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fICMS_encrypt\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/CMS_encrypt.3 b/linux_amd64/share/man/man3/CMS_encrypt.3 new file mode 100755 index 0000000..ffdeb88 --- /dev/null +++ b/linux_amd64/share/man/man3/CMS_encrypt.3 @@ -0,0 +1,222 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_ENCRYPT 3" +.TH CMS_ENCRYPT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_encrypt \- create a CMS envelopedData structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in, +\& const EVP_CIPHER *cipher, unsigned int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fICMS_encrypt()\fR creates and returns a \s-1CMS\s0 EnvelopedData structure. \fBcerts\fR +is a list of recipient certificates. \fBin\fR is the content to be encrypted. +\&\fBcipher\fR is the symmetric cipher to use. \fBflags\fR is an optional set of flags. +.PP +Only certificates carrying \s-1RSA\s0, Diffie-Hellman or \s-1EC\s0 keys are supported by this +function. +.PP +\&\fIEVP_des_ede3_cbc()\fR (triple \s-1DES\s0) is the algorithm of choice for S/MIME use +because most clients will support it. +.PP +The algorithm passed in the \fBcipher\fR parameter must support \s-1ASN1\s0 encoding of +its parameters. +.PP +Many browsers implement a \*(L"sign and encrypt\*(R" option which is simply an S/MIME +envelopedData containing an S/MIME signed message. This can be readily produced +by storing the S/MIME signed message in a memory \s-1BIO\s0 and passing it to +\&\fICMS_encrypt()\fR. +.PP +The following flags can be passed in the \fBflags\fR parameter. +.PP +If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are +prepended to the data. +.PP +Normally the supplied content is translated into \s-1MIME\s0 canonical format (as +required by the S/MIME specifications) if \fB\s-1CMS_BINARY\s0\fR is set no translation +occurs. This option should be used if the supplied data is in binary format +otherwise the translation will corrupt it. If \fB\s-1CMS_BINARY\s0\fR is set then +\&\fB\s-1CMS_TEXT\s0\fR is ignored. +.PP +OpenSSL will by default identify recipient certificates using issuer name +and serial number. If \fB\s-1CMS_USE_KEYID\s0\fR is set it will use the subject key +identifier value instead. An error occurs if all recipient certificates do not +have a subject key identifier extension. +.PP +If the \fB\s-1CMS_STREAM\s0\fR flag is set a partial \fBCMS_ContentInfo\fR structure is +returned suitable for streaming I/O: no data is read from the \s-1BIO\s0 \fBin\fR. +.PP +If the \fB\s-1CMS_PARTIAL\s0\fR flag is set a partial \fBCMS_ContentInfo\fR structure is +returned to which additional recipients and attributes can be added before +finalization. +.PP +The data being encrypted is included in the CMS_ContentInfo structure, unless +\&\fB\s-1CMS_DETACHED\s0\fR is set in which case it is omitted. This is rarely used in +practice and is not supported by \fISMIME_write_CMS()\fR. +.PP +If the flag \fB\s-1CMS_STREAM\s0\fR is set the returned \fBCMS_ContentInfo\fR structure is +\&\fBnot\fR complete and outputting its contents via a function that does not +properly finalize the \fBCMS_ContentInfo\fR structure will give unpredictable +results. +.PP +Several functions including \fISMIME_write_CMS()\fR, \fIi2d_CMS_bio_stream()\fR, +\&\fIPEM_write_bio_CMS_stream()\fR finalize the structure. Alternatively finalization +can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using +\&\fIBIO_new_CMS()\fR. +.PP +The recipients specified in \fBcerts\fR use a \s-1CMS\s0 KeyTransRecipientInfo info +structure. KEKRecipientInfo is also supported using the flag \fB\s-1CMS_PARTIAL\s0\fR +and \fICMS_add0_recipient_key()\fR. +.PP +The parameter \fBcerts\fR may be \s-1NULL\s0 if \fB\s-1CMS_PARTIAL\s0\fR is set and recipients +added later using \fICMS_add1_recipient_cert()\fR or \fICMS_add0_recipient_key()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fICMS_encrypt()\fR returns either a CMS_ContentInfo structure or \s-1NULL\s0 if an error +occurred. The error can be obtained from \fIERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fICMS_decrypt\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fB\s-1CMS_STREAM\s0\fR flag was first supported in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/CMS_final.3 b/linux_amd64/share/man/man3/CMS_final.3 new file mode 100755 index 0000000..8b0060f --- /dev/null +++ b/linux_amd64/share/man/man3/CMS_final.3 @@ -0,0 +1,168 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_FINAL 3" +.TH CMS_FINAL 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_final \- finalise a CMS_ContentInfo structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fICMS_final()\fR finalises the structure \fBcms\fR. Its purpose is to perform any +operations necessary on \fBcms\fR (digest computation for example) and set the +appropriate fields. The parameter \fBdata\fR contains the content to be +processed. The \fBdcont\fR parameter contains a \s-1BIO\s0 to write content to after +processing: this is only used with detached data and will usually be set to +\&\s-1NULL\s0. +.SH "NOTES" +.IX Header "NOTES" +This function will normally be called when the \fB\s-1CMS_PARTIAL\s0\fR flag is used. It +should only be used when streaming is not performed because the streaming +I/O functions perform finalisation operations internally. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fICMS_final()\fR returns 1 for success or 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3), +\&\fICMS_encrypt\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/CMS_get0_RecipientInfos.3 b/linux_amd64/share/man/man3/CMS_get0_RecipientInfos.3 new file mode 100755 index 0000000..e72ecaf --- /dev/null +++ b/linux_amd64/share/man/man3/CMS_get0_RecipientInfos.3 @@ -0,0 +1,261 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_GET0_RECIPIENTINFOS 3" +.TH CMS_GET0_RECIPIENTINFOS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_get0_RecipientInfos, CMS_RecipientInfo_type, +CMS_RecipientInfo_ktri_get0_signer_id, CMS_RecipientInfo_ktri_cert_cmp, +CMS_RecipientInfo_set0_pkey, CMS_RecipientInfo_kekri_get0_id, +CMS_RecipientInfo_kekri_id_cmp, CMS_RecipientInfo_set0_key, +CMS_RecipientInfo_decrypt, CMS_RecipientInfo_encrypt +\&\- CMS envelopedData RecipientInfo routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms); +\& int CMS_RecipientInfo_type(CMS_RecipientInfo *ri); +\& +\& int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri, +\& ASN1_OCTET_STRING **keyid, +\& X509_NAME **issuer, +\& ASN1_INTEGER **sno); +\& int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert); +\& int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey); +\& +\& int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, X509_ALGOR **palg, +\& ASN1_OCTET_STRING **pid, +\& ASN1_GENERALIZEDTIME **pdate, +\& ASN1_OBJECT **potherid, +\& ASN1_TYPE **pothertype); +\& int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, +\& const unsigned char *id, size_t idlen); +\& int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, +\& unsigned char *key, size_t keylen); +\& +\& int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri); +\& int CMS_RecipientInfo_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fICMS_get0_RecipientInfos()\fR returns all the CMS_RecipientInfo +structures associated with a \s-1CMS\s0 EnvelopedData structure. +.PP +\&\fICMS_RecipientInfo_type()\fR returns the type of CMS_RecipientInfo structure \fBri\fR. +It will currently return \s-1CMS_RECIPINFO_TRANS\s0, \s-1CMS_RECIPINFO_AGREE\s0, +\&\s-1CMS_RECIPINFO_KEK\s0, \s-1CMS_RECIPINFO_PASS\s0, or \s-1CMS_RECIPINFO_OTHER\s0. +.PP +\&\fICMS_RecipientInfo_ktri_get0_signer_id()\fR retrieves the certificate recipient +identifier associated with a specific CMS_RecipientInfo structure \fBri\fR, which +must be of type \s-1CMS_RECIPINFO_TRANS\s0. Either the keyidentifier will be set in +\&\fBkeyid\fR or \fBboth\fR issuer name and serial number in \fBissuer\fR and \fBsno\fR. +.PP +\&\fICMS_RecipientInfo_ktri_cert_cmp()\fR compares the certificate \fBcert\fR against the +CMS_RecipientInfo structure \fBri\fR, which must be of type \s-1CMS_RECIPINFO_TRANS\s0. +It returns zero if the comparison is successful and non zero if not. +.PP +\&\fICMS_RecipientInfo_set0_pkey()\fR associates the private key \fBpkey\fR with +the CMS_RecipientInfo structure \fBri\fR, which must be of type +\&\s-1CMS_RECIPINFO_TRANS\s0. +.PP +\&\fICMS_RecipientInfo_kekri_get0_id()\fR retrieves the key information from the +CMS_RecipientInfo structure \fBri\fR which must be of type \s-1CMS_RECIPINFO_KEK\s0. Any +of the remaining parameters can be \s-1NULL\s0 if the application is not interested in +the value of a field. Where a field is optional and absent \s-1NULL\s0 will be written +to the corresponding parameter. The keyEncryptionAlgorithm field is written to +\&\fBpalg\fR, the \fBkeyIdentifier\fR field is written to \fBpid\fR, the \fBdate\fR field if +present is written to \fBpdate\fR, if the \fBother\fR field is present the components +\&\fBkeyAttrId\fR and \fBkeyAttr\fR are written to parameters \fBpotherid\fR and +\&\fBpothertype\fR. +.PP +\&\fICMS_RecipientInfo_kekri_id_cmp()\fR compares the \s-1ID\s0 in the \fBid\fR and \fBidlen\fR +parameters against the \fBkeyIdentifier\fR CMS_RecipientInfo structure \fBri\fR, +which must be of type \s-1CMS_RECIPINFO_KEK\s0. It returns zero if the comparison is +successful and non zero if not. +.PP +\&\fICMS_RecipientInfo_set0_key()\fR associates the symmetric key \fBkey\fR of length +\&\fBkeylen\fR with the CMS_RecipientInfo structure \fBri\fR, which must be of type +\&\s-1CMS_RECIPINFO_KEK\s0. +.PP +\&\fICMS_RecipientInfo_decrypt()\fR attempts to decrypt CMS_RecipientInfo structure +\&\fBri\fR in structure \fBcms\fR. A key must have been associated with the structure +first. +.PP +\&\fICMS_RecipientInfo_encrypt()\fR attempts to encrypt CMS_RecipientInfo structure +\&\fBri\fR in structure \fBcms\fR. A key must have been associated with the structure +first and the content encryption key must be available: for example by a +previous call to \fICMS_RecipientInfo_decrypt()\fR. +.SH "NOTES" +.IX Header "NOTES" +The main purpose of these functions is to enable an application to lookup +recipient keys using any appropriate technique when the simpler method +of \fICMS_decrypt()\fR is not appropriate. +.PP +In typical usage and application will retrieve all CMS_RecipientInfo structures +using \fICMS_get0_RecipientInfos()\fR and check the type of each using +\&\fICMS_RecipientInfo_type()\fR. Depending on the type the CMS_RecipientInfo structure +can be ignored or its key identifier data retrieved using an appropriate +function. Then if the corresponding secret or private key can be obtained by +any appropriate means it can then associated with the structure and +\&\fICMS_RecipientInfo_decrypt()\fR called. If successful \fICMS_decrypt()\fR can be called +with a \s-1NULL\s0 key to decrypt the enveloped content. +.PP +The \fICMS_RecipientInfo_encrypt()\fR can be used to add a new recipient to an +existing enveloped data structure. Typically an application will first decrypt +an appropriate CMS_RecipientInfo structure to make the content encrypt key +available, it will then add a new recipient using a function such as +\&\fICMS_add1_recipient_cert()\fR and finally encrypt the content encryption key +using \fICMS_RecipientInfo_encrypt()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fICMS_get0_RecipientInfos()\fR returns all CMS_RecipientInfo structures, or \s-1NULL\s0 if +an error occurs. +.PP +\&\fICMS_RecipientInfo_ktri_get0_signer_id()\fR, \fICMS_RecipientInfo_set0_pkey()\fR, +\&\fICMS_RecipientInfo_kekri_get0_id()\fR, \fICMS_RecipientInfo_set0_key()\fR and +\&\fICMS_RecipientInfo_decrypt()\fR return 1 for success or 0 if an error occurs. +\&\fICMS_RecipientInfo_encrypt()\fR return 1 for success or 0 if an error occurs. +.PP +\&\fICMS_RecipientInfo_ktri_cert_cmp()\fR and \fICMS_RecipientInfo_kekri_cmp()\fR return 0 +for a successful comparison and non zero otherwise. +.PP +Any error can be obtained from \fIERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fICMS_decrypt\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/CMS_get0_SignerInfos.3 b/linux_amd64/share/man/man3/CMS_get0_SignerInfos.3 new file mode 100755 index 0000000..d31b8d5 --- /dev/null +++ b/linux_amd64/share/man/man3/CMS_get0_SignerInfos.3 @@ -0,0 +1,212 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_GET0_SIGNERINFOS 3" +.TH CMS_GET0_SIGNERINFOS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_SignerInfo_set1_signer_cert, +CMS_get0_SignerInfos, CMS_SignerInfo_get0_signer_id, +CMS_SignerInfo_get0_signature, CMS_SignerInfo_cert_cmp +\&\- CMS signedData signer functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms); +\& +\& int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, ASN1_OCTET_STRING **keyid, +\& X509_NAME **issuer, ASN1_INTEGER **sno); +\& ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si); +\& int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert); +\& void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fICMS_get0_SignerInfos()\fR returns all the CMS_SignerInfo structures +associated with a \s-1CMS\s0 signedData structure. +.PP +\&\fICMS_SignerInfo_get0_signer_id()\fR retrieves the certificate signer identifier +associated with a specific CMS_SignerInfo structure \fBsi\fR. Either the +keyidentifier will be set in \fBkeyid\fR or \fBboth\fR issuer name and serial number +in \fBissuer\fR and \fBsno\fR. +.PP +\&\fICMS_SignerInfo_get0_signature()\fR retrieves the signature associated with +\&\fBsi\fR in a pointer to an \s-1ASN1_OCTET_STRING\s0 structure. This pointer returned +corresponds to the internal signature value if \fBsi\fR so it may be read or +modified. +.PP +\&\fICMS_SignerInfo_cert_cmp()\fR compares the certificate \fBcert\fR against the signer +identifier \fBsi\fR. It returns zero if the comparison is successful and non zero +if not. +.PP +\&\fICMS_SignerInfo_set1_signer_cert()\fR sets the signers certificate of \fBsi\fR to +\&\fBsigner\fR. +.SH "NOTES" +.IX Header "NOTES" +The main purpose of these functions is to enable an application to lookup +signers certificates using any appropriate technique when the simpler method +of \fICMS_verify()\fR is not appropriate. +.PP +In typical usage and application will retrieve all CMS_SignerInfo structures +using \fICMS_get0_SignerInfo()\fR and retrieve the identifier information using +\&\s-1CMS\s0. It will then obtain the signer certificate by some unspecified means +(or return and error if it cannot be found) and set it using +\&\fICMS_SignerInfo_set1_signer_cert()\fR. +.PP +Once all signer certificates have been set \fICMS_verify()\fR can be used. +.PP +Although \fICMS_get0_SignerInfos()\fR can return \s-1NULL\s0 if an error occurs \fBor\fR if +there are no signers this is not a problem in practice because the only +error which can occur is if the \fBcms\fR structure is not of type signedData +due to application error. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fICMS_get0_SignerInfos()\fR returns all CMS_SignerInfo structures, or \s-1NULL\s0 there +are no signers or an error occurs. +.PP +\&\fICMS_SignerInfo_get0_signer_id()\fR returns 1 for success and 0 for failure. +.PP +\&\fICMS_SignerInfo_cert_cmp()\fR returns 0 for a successful comparison and non +zero otherwise. +.PP +\&\fICMS_SignerInfo_set1_signer_cert()\fR does not return a value. +.PP +Any error can be obtained from \fIERR_get_error\fR\|(3) +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fICMS_verify\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/CMS_get0_type.3 b/linux_amd64/share/man/man3/CMS_get0_type.3 new file mode 100755 index 0000000..893e685 --- /dev/null +++ b/linux_amd64/share/man/man3/CMS_get0_type.3 @@ -0,0 +1,209 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_GET0_TYPE 3" +.TH CMS_GET0_TYPE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_get0_type, CMS_set1_eContentType, CMS_get0_eContentType, CMS_get0_content \- get and set CMS content types and content +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const ASN1_OBJECT *CMS_get0_type(const CMS_ContentInfo *cms); +\& int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid); +\& const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms); +\& ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fICMS_get0_type()\fR returns the content type of a CMS_ContentInfo structure as +an \s-1ASN1_OBJECT\s0 pointer. An application can then decide how to process the +CMS_ContentInfo structure based on this value. +.PP +\&\fICMS_set1_eContentType()\fR sets the embedded content type of a CMS_ContentInfo +structure. It should be called with \s-1CMS\s0 functions (such as \fICMS_sign\fR\|(3), +\&\fICMS_encrypt\fR\|(3)) +with the \fB\s-1CMS_PARTIAL\s0\fR +flag and \fBbefore\fR the structure is finalised, otherwise the results are +undefined. +.PP +\&\s-1ASN1_OBJECT\s0 *\fICMS_get0_eContentType()\fR returns a pointer to the embedded +content type. +.PP +\&\fICMS_get0_content()\fR returns a pointer to the \fB\s-1ASN1_OCTET_STRING\s0\fR pointer +containing the embedded content. +.SH "NOTES" +.IX Header "NOTES" +As the \fB0\fR implies \fICMS_get0_type()\fR, \fICMS_get0_eContentType()\fR and +\&\fICMS_get0_content()\fR return internal pointers which should \fBnot\fR be freed up. +\&\fICMS_set1_eContentType()\fR copies the supplied \s-1OID\s0 and it \fBshould\fR be freed up +after use. +.PP +The \fB\s-1ASN1_OBJECT\s0\fR values returned can be converted to an integer \fB\s-1NID\s0\fR value +using \fIOBJ_obj2nid()\fR. For the currently supported content types the following +values are returned: +.PP +.Vb 6 +\& NID_pkcs7_data +\& NID_pkcs7_signed +\& NID_pkcs7_digest +\& NID_id_smime_ct_compressedData: +\& NID_pkcs7_encrypted +\& NID_pkcs7_enveloped +.Ve +.PP +The return value of \fICMS_get0_content()\fR is a pointer to the \fB\s-1ASN1_OCTET_STRING\s0\fR +content pointer. That means that for example: +.PP +.Vb 1 +\& ASN1_OCTET_STRING **pconf = CMS_get0_content(cms); +.Ve +.PP +\&\fB*pconf\fR could be \s-1NULL\s0 if there is no embedded content. Applications can +access, modify or create the embedded content in a \fBCMS_ContentInfo\fR structure +using this function. Applications usually will not need to modify the +embedded content as it is normally set by higher level functions. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fICMS_get0_type()\fR and \fICMS_get0_eContentType()\fR return an \s-1ASN1_OBJECT\s0 structure. +.PP +\&\fICMS_set1_eContentType()\fR returns 1 for success or 0 if an error occurred. The +error can be obtained from \fIERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/CMS_get1_ReceiptRequest.3 b/linux_amd64/share/man/man3/CMS_get1_ReceiptRequest.3 new file mode 100755 index 0000000..e2ed414 --- /dev/null +++ b/linux_amd64/share/man/man3/CMS_get1_ReceiptRequest.3 @@ -0,0 +1,200 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_GET1_RECEIPTREQUEST 3" +.TH CMS_GET1_RECEIPTREQUEST 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_ReceiptRequest_create0, CMS_add1_ReceiptRequest, CMS_get1_ReceiptRequest, CMS_ReceiptRequest_get0_values \- CMS signed receipt request functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen, +\& int allorfirst, +\& STACK_OF(GENERAL_NAMES) *receiptList, +\& STACK_OF(GENERAL_NAMES) *receiptsTo); +\& int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr); +\& int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr); +\& void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, ASN1_STRING **pcid, +\& int *pallorfirst, +\& STACK_OF(GENERAL_NAMES) **plist, +\& STACK_OF(GENERAL_NAMES) **prto); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fICMS_ReceiptRequest_create0()\fR creates a signed receipt request structure. The +\&\fBsignedContentIdentifier\fR field is set using \fBid\fR and \fBidlen\fR, or it is set +to 32 bytes of pseudo random data if \fBid\fR is \s-1NULL\s0. If \fBreceiptList\fR is \s-1NULL\s0 +the allOrFirstTier option in \fBreceiptsFrom\fR is used and set to the value of +the \fBallorfirst\fR parameter. If \fBreceiptList\fR is not \s-1NULL\s0 the \fBreceiptList\fR +option in \fBreceiptsFrom\fR is used. The \fBreceiptsTo\fR parameter specifies the +\&\fBreceiptsTo\fR field value. +.PP +The \fICMS_add1_ReceiptRequest()\fR function adds a signed receipt request \fBrr\fR +to SignerInfo structure \fBsi\fR. +.PP +int \fICMS_get1_ReceiptRequest()\fR looks for a signed receipt request in \fBsi\fR, if +any is found it is decoded and written to \fBprr\fR. +.PP +\&\fICMS_ReceiptRequest_get0_values()\fR retrieves the values of a receipt request. +The signedContentIdentifier is copied to \fBpcid\fR. If the \fBallOrFirstTier\fR +option of \fBreceiptsFrom\fR is used its value is copied to \fBpallorfirst\fR +otherwise the \fBreceiptList\fR field is copied to \fBplist\fR. The \fBreceiptsTo\fR +parameter is copied to \fBprto\fR. +.SH "NOTES" +.IX Header "NOTES" +For more details of the meaning of the fields see \s-1RFC2634\s0. +.PP +The contents of a signed receipt should only be considered meaningful if the +corresponding CMS_ContentInfo structure can be successfully verified using +\&\fICMS_verify()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fICMS_ReceiptRequest_create0()\fR returns a signed receipt request structure or +\&\s-1NULL\s0 if an error occurred. +.PP +\&\fICMS_add1_ReceiptRequest()\fR returns 1 for success or 0 if an error occurred. +.PP +\&\fICMS_get1_ReceiptRequest()\fR returns 1 is a signed receipt request is found and +decoded. It returns 0 if a signed receipt request is not present and \-1 if +it is present but malformed. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3), +\&\fICMS_sign_receipt\fR\|(3), \fICMS_verify\fR\|(3) +\&\fICMS_verify_receipt\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/CMS_sign.3 b/linux_amd64/share/man/man3/CMS_sign.3 new file mode 100755 index 0000000..e55b9fb --- /dev/null +++ b/linux_amd64/share/man/man3/CMS_sign.3 @@ -0,0 +1,249 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_SIGN 3" +.TH CMS_SIGN 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_sign \- create a CMS SignedData structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, +\& BIO *data, unsigned int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fICMS_sign()\fR creates and returns a \s-1CMS\s0 SignedData structure. \fBsigncert\fR is +the certificate to sign with, \fBpkey\fR is the corresponding private key. +\&\fBcerts\fR is an optional additional set of certificates to include in the \s-1CMS\s0 +structure (for example any intermediate CAs in the chain). Any or all of +these parameters can be \fB\s-1NULL\s0\fR, see \fB\s-1NOTES\s0\fR below. +.PP +The data to be signed is read from \s-1BIO\s0 \fBdata\fR. +.PP +\&\fBflags\fR is an optional set of flags. +.SH "NOTES" +.IX Header "NOTES" +Any of the following flags (ored together) can be passed in the \fBflags\fR +parameter. +.PP +Many S/MIME clients expect the signed content to include valid \s-1MIME\s0 headers. If +the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are prepended +to the data. +.PP +If \fB\s-1CMS_NOCERTS\s0\fR is set the signer's certificate will not be included in the +CMS_ContentInfo structure, the signer's certificate must still be supplied in +the \fBsigncert\fR parameter though. This can reduce the size of the signature if +the signers certificate can be obtained by other means: for example a +previously signed message. +.PP +The data being signed is included in the CMS_ContentInfo structure, unless +\&\fB\s-1CMS_DETACHED\s0\fR is set in which case it is omitted. This is used for +CMS_ContentInfo detached signatures which are used in S/MIME plaintext signed +messages for example. +.PP +Normally the supplied content is translated into \s-1MIME\s0 canonical format (as +required by the S/MIME specifications) if \fB\s-1CMS_BINARY\s0\fR is set no translation +occurs. This option should be used if the supplied data is in binary format +otherwise the translation will corrupt it. +.PP +The SignedData structure includes several \s-1CMS\s0 signedAttributes including the +signing time, the \s-1CMS\s0 content type and the supported list of ciphers in an +SMIMECapabilities attribute. If \fB\s-1CMS_NOATTR\s0\fR is set then no signedAttributes +will be used. If \fB\s-1CMS_NOSMIMECAP\s0\fR is set then just the SMIMECapabilities are +omitted. +.PP +If present the SMIMECapabilities attribute indicates support for the following +algorithms in preference order: 256 bit \s-1AES\s0, Gost R3411\-94, Gost 28147\-89, 192 +bit \s-1AES\s0, 128 bit \s-1AES\s0, triple \s-1DES\s0, 128 bit \s-1RC2\s0, 64 bit \s-1RC2\s0, \s-1DES\s0 and 40 bit \s-1RC2\s0. +If any of these algorithms is not available then it will not be included: for example the \s-1GOST\s0 algorithms will not be included if the \s-1GOST\s0 \s-1ENGINE\s0 is +not loaded. +.PP +OpenSSL will by default identify signing certificates using issuer name +and serial number. If \fB\s-1CMS_USE_KEYID\s0\fR is set it will use the subject key +identifier value instead. An error occurs if the signing certificate does not +have a subject key identifier extension. +.PP +If the flags \fB\s-1CMS_STREAM\s0\fR is set then the returned \fBCMS_ContentInfo\fR +structure is just initialized ready to perform the signing operation. The +signing is however \fBnot\fR performed and the data to be signed is not read from +the \fBdata\fR parameter. Signing is deferred until after the data has been +written. In this way data can be signed in a single pass. +.PP +If the \fB\s-1CMS_PARTIAL\s0\fR flag is set a partial \fBCMS_ContentInfo\fR structure is +output to which additional signers and capabilities can be added before +finalization. +.PP +If the flag \fB\s-1CMS_STREAM\s0\fR is set the returned \fBCMS_ContentInfo\fR structure is +\&\fBnot\fR complete and outputting its contents via a function that does not +properly finalize the \fBCMS_ContentInfo\fR structure will give unpredictable +results. +.PP +Several functions including \fISMIME_write_CMS()\fR, \fIi2d_CMS_bio_stream()\fR, +\&\fIPEM_write_bio_CMS_stream()\fR finalize the structure. Alternatively finalization +can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using +\&\fIBIO_new_CMS()\fR. +.PP +If a signer is specified it will use the default digest for the signing +algorithm. This is \fB\s-1SHA1\s0\fR for both \s-1RSA\s0 and \s-1DSA\s0 keys. +.PP +If \fBsigncert\fR and \fBpkey\fR are \s-1NULL\s0 then a certificates only \s-1CMS\s0 structure is +output. +.PP +The function \fICMS_sign()\fR is a basic \s-1CMS\s0 signing function whose output will be +suitable for many purposes. For finer control of the output format the +\&\fBcerts\fR, \fBsigncert\fR and \fBpkey\fR parameters can all be \fB\s-1NULL\s0\fR and the +\&\fB\s-1CMS_PARTIAL\s0\fR flag set. Then one or more signers can be added using the +function \fICMS_sign_add1_signer()\fR, non default digests can be used and custom +attributes added. \fICMS_final()\fR must then be called to finalize the +structure if streaming is not enabled. +.SH "BUGS" +.IX Header "BUGS" +Some attributes such as counter signatures are not supported. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fICMS_sign()\fR returns either a valid CMS_ContentInfo structure or \s-1NULL\s0 if an error +occurred. The error can be obtained from \fIERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fICMS_verify\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fB\s-1CMS_STREAM\s0\fR flag is only supported for detached data in OpenSSL 0.9.8, +it is supported for embedded data in OpenSSL 1.0.0 and later. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/CMS_sign_receipt.3 b/linux_amd64/share/man/man3/CMS_sign_receipt.3 new file mode 100755 index 0000000..fe0a05a --- /dev/null +++ b/linux_amd64/share/man/man3/CMS_sign_receipt.3 @@ -0,0 +1,174 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_SIGN_RECEIPT 3" +.TH CMS_SIGN_RECEIPT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_sign_receipt \- create a CMS signed receipt +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, X509 *signcert, +\& EVP_PKEY *pkey, STACK_OF(X509) *certs, +\& unsigned int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fICMS_sign_receipt()\fR creates and returns a \s-1CMS\s0 signed receipt structure. \fBsi\fR is +the \fBCMS_SignerInfo\fR structure containing the signed receipt request. +\&\fBsigncert\fR is the certificate to sign with, \fBpkey\fR is the corresponding +private key. \fBcerts\fR is an optional additional set of certificates to include +in the \s-1CMS\s0 structure (for example any intermediate CAs in the chain). +.PP +\&\fBflags\fR is an optional set of flags. +.SH "NOTES" +.IX Header "NOTES" +This functions behaves in a similar way to \fICMS_sign()\fR except the flag values +\&\fB\s-1CMS_DETACHED\s0\fR, \fB\s-1CMS_BINARY\s0\fR, \fB\s-1CMS_NOATTR\s0\fR, \fB\s-1CMS_TEXT\s0\fR and \fB\s-1CMS_STREAM\s0\fR +are not supported since they do not make sense in the context of signed +receipts. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fICMS_sign_receipt()\fR returns either a valid CMS_ContentInfo structure or \s-1NULL\s0 if +an error occurred. The error can be obtained from \fIERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), +\&\fICMS_verify_receipt\fR\|(3), +\&\fICMS_sign\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/CMS_uncompress.3 b/linux_amd64/share/man/man3/CMS_uncompress.3 new file mode 100755 index 0000000..9555782 --- /dev/null +++ b/linux_amd64/share/man/man3/CMS_uncompress.3 @@ -0,0 +1,180 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_UNCOMPRESS 3" +.TH CMS_UNCOMPRESS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_uncompress \- uncompress a CMS CompressedData structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, unsigned int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fICMS_uncompress()\fR extracts and uncompresses the content from a \s-1CMS\s0 +CompressedData structure \fBcms\fR. \fBdata\fR is a \s-1BIO\s0 to write the content to and +\&\fBflags\fR is an optional set of flags. +.PP +The \fBdcont\fR parameter is used in the rare case where the compressed content +is detached. It will normally be set to \s-1NULL\s0. +.SH "NOTES" +.IX Header "NOTES" +The only currently supported compression algorithm is zlib: if the structure +indicates the use of any other algorithm an error is returned. +.PP +If zlib support is not compiled into OpenSSL then \fICMS_uncompress()\fR will always +return an error. +.PP +The following flags can be passed in the \fBflags\fR parameter. +.PP +If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are deleted +from the content. If the content is not of type \fBtext/plain\fR then an error is +returned. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fICMS_uncompress()\fR returns either 1 for success or 0 for failure. The error can +be obtained from \fIERR_get_error\fR\|(3) +.SH "BUGS" +.IX Header "BUGS" +The lack of single pass processing and the need to hold all data in memory as +mentioned in \fICMS_verify()\fR also applies to \fICMS_decompress()\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fICMS_compress\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/CMS_verify.3 b/linux_amd64/share/man/man3/CMS_verify.3 new file mode 100755 index 0000000..c221515 --- /dev/null +++ b/linux_amd64/share/man/man3/CMS_verify.3 @@ -0,0 +1,252 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_VERIFY 3" +.TH CMS_VERIFY 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_verify, CMS_get0_signers \- verify a CMS SignedData structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, X509_STORE *store, +\& BIO *indata, BIO *out, unsigned int flags); +\& +\& STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fICMS_verify()\fR verifies a \s-1CMS\s0 SignedData structure. \fBcms\fR is the CMS_ContentInfo +structure to verify. \fBcerts\fR is a set of certificates in which to search for +the signing certificate(s). \fBstore\fR is a trusted certificate store used for +chain verification. \fBindata\fR is the detached content if the content is not +present in \fBcms\fR. The content is written to \fBout\fR if it is not \s-1NULL\s0. +.PP +\&\fBflags\fR is an optional set of flags, which can be used to modify the verify +operation. +.PP +\&\fICMS_get0_signers()\fR retrieves the signing certificate(s) from \fBcms\fR, it must +be called after a successful \fICMS_verify()\fR operation. +.SH "VERIFY PROCESS" +.IX Header "VERIFY PROCESS" +Normally the verify process proceeds as follows. +.PP +Initially some sanity checks are performed on \fBcms\fR. The type of \fBcms\fR must +be SignedData. There must be at least one signature on the data and if +the content is detached \fBindata\fR cannot be \fB\s-1NULL\s0\fR. +.PP +An attempt is made to locate all the signing certificate(s), first looking in +the \fBcerts\fR parameter (if it is not \s-1NULL\s0) and then looking in any +certificates contained in the \fBcms\fR structure itself. If any signing +certificate cannot be located the operation fails. +.PP +Each signing certificate is chain verified using the \fBsmimesign\fR purpose and +the supplied trusted certificate store. Any internal certificates in the message +are used as untrusted CAs. If \s-1CRL\s0 checking is enabled in \fBstore\fR any internal +CRLs are used in addition to attempting to look them up in \fBstore\fR. If any +chain verify fails an error code is returned. +.PP +Finally the signed content is read (and written to \fBout\fR if it is not \s-1NULL\s0) +and the signature's checked. +.PP +If all signature's verify correctly then the function is successful. +.PP +Any of the following flags (ored together) can be passed in the \fBflags\fR +parameter to change the default verify behaviour. +.PP +If \fB\s-1CMS_NOINTERN\s0\fR is set the certificates in the message itself are not +searched when locating the signing certificate(s). This means that all the +signing certificates must be in the \fBcerts\fR parameter. +.PP +If \fB\s-1CMS_NOCRL\s0\fR is set and \s-1CRL\s0 checking is enabled in \fBstore\fR then any +CRLs in the message itself are ignored. +.PP +If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are deleted +from the content. If the content is not of type \fBtext/plain\fR then an error is +returned. +.PP +If \fB\s-1CMS_NO_SIGNER_CERT_VERIFY\s0\fR is set the signing certificates are not +verified. +.PP +If \fB\s-1CMS_NO_ATTR_VERIFY\s0\fR is set the signed attributes signature is not +verified. +.PP +If \fB\s-1CMS_NO_CONTENT_VERIFY\s0\fR is set then the content digest is not checked. +.SH "NOTES" +.IX Header "NOTES" +One application of \fB\s-1CMS_NOINTERN\s0\fR is to only accept messages signed by +a small number of certificates. The acceptable certificates would be passed +in the \fBcerts\fR parameter. In this case if the signer is not one of the +certificates supplied in \fBcerts\fR then the verify will fail because the +signer cannot be found. +.PP +In some cases the standard techniques for looking up and validating +certificates are not appropriate: for example an application may wish to +lookup certificates in a database or perform customised verification. This +can be achieved by setting and verifying the signers certificates manually +using the signed data utility functions. +.PP +Care should be taken when modifying the default verify behaviour, for example +setting \fB\s-1CMS_NO_CONTENT_VERIFY\s0\fR will totally disable all content verification +and any modified content will be considered valid. This combination is however +useful if one merely wishes to write the content to \fBout\fR and its validity +is not considered important. +.PP +Chain verification should arguably be performed using the signing time rather +than the current time. However since the signing time is supplied by the +signer it cannot be trusted without additional evidence (such as a trusted +timestamp). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fICMS_verify()\fR returns 1 for a successful verification and zero if an error +occurred. +.PP +\&\fICMS_get0_signers()\fR returns all signers or \s-1NULL\s0 if an error occurred. +.PP +The error can be obtained from \fIERR_get_error\fR\|(3) +.SH "BUGS" +.IX Header "BUGS" +The trusted certificate store is not searched for the signing certificate, +this is primarily due to the inadequacies of the current \fBX509_STORE\fR +functionality. +.PP +The lack of single pass processing means that the signed content must all +be held in memory if it is not detached. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/CMS_verify_receipt.3 b/linux_amd64/share/man/man3/CMS_verify_receipt.3 new file mode 100755 index 0000000..76159b6 --- /dev/null +++ b/linux_amd64/share/man/man3/CMS_verify_receipt.3 @@ -0,0 +1,176 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_VERIFY_RECEIPT 3" +.TH CMS_VERIFY_RECEIPT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_verify_receipt \- verify a CMS signed receipt +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms, +\& STACK_OF(X509) *certs, X509_STORE *store, +\& unsigned int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fICMS_verify_receipt()\fR verifies a \s-1CMS\s0 signed receipt. \fBrcms\fR is the signed +receipt to verify. \fBocms\fR is the original SignedData structure containing the +receipt request. \fBcerts\fR is a set of certificates in which to search for the +signing certificate. \fBstore\fR is a trusted certificate store (used for chain +verification). +.PP +\&\fBflags\fR is an optional set of flags, which can be used to modify the verify +operation. +.SH "NOTES" +.IX Header "NOTES" +This functions behaves in a similar way to \fICMS_verify()\fR except the flag values +\&\fB\s-1CMS_DETACHED\s0\fR, \fB\s-1CMS_BINARY\s0\fR, \fB\s-1CMS_TEXT\s0\fR and \fB\s-1CMS_STREAM\s0\fR are not +supported since they do not make sense in the context of signed receipts. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fICMS_verify_receipt()\fR returns 1 for a successful verification and zero if an +error occurred. +.PP +The error can be obtained from \fIERR_get_error\fR\|(3) +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), +\&\fICMS_sign_receipt\fR\|(3), +\&\fICMS_verify\fR\|(3), +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/CONF_modules_free.3 b/linux_amd64/share/man/man3/CONF_modules_free.3 new file mode 100755 index 0000000..00c585d --- /dev/null +++ b/linux_amd64/share/man/man3/CONF_modules_free.3 @@ -0,0 +1,182 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CONF_MODULES_FREE 3" +.TH CONF_MODULES_FREE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CONF_modules_free, CONF_modules_finish, CONF_modules_unload \- +OpenSSL configuration cleanup functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void CONF_modules_finish(void); +\& void CONF_modules_unload(int all); +.Ve +.PP +Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& void CONF_modules_free(void) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fICONF_modules_free()\fR closes down and frees up all memory allocated by all +configuration modules. Normally, in versions of OpenSSL prior to 1.1.0, +applications called +\&\fICONF_modules_free()\fR at exit to tidy up any configuration performed. +.PP +\&\fICONF_modules_finish()\fR calls each configuration modules \fBfinish\fR handler +to free up any configuration that module may have performed. +.PP +\&\fICONF_modules_unload()\fR finishes and unloads configuration modules. If +\&\fBall\fR is set to \fB0\fR only modules loaded from DSOs will be unloads. If +\&\fBall\fR is \fB1\fR all modules, including built-in modules will be unloaded. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +None of the functions return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIconfig\fR\|(5), \fIOPENSSL_config\fR\|(3), +\&\fICONF_modules_load_file\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fICONF_modules_free()\fR was deprecated in OpenSSL 1.1.0; do not use it. +For more information see \fIOPENSSL_init_crypto\fR\|(3). +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2004\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/CONF_modules_load_file.3 b/linux_amd64/share/man/man3/CONF_modules_load_file.3 new file mode 100755 index 0000000..8d22c63 --- /dev/null +++ b/linux_amd64/share/man/man3/CONF_modules_load_file.3 @@ -0,0 +1,273 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CONF_MODULES_LOAD_FILE 3" +.TH CONF_MODULES_LOAD_FILE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CONF_modules_load_file, CONF_modules_load \- OpenSSL configuration functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int CONF_modules_load_file(const char *filename, const char *appname, +\& unsigned long flags); +\& int CONF_modules_load(const CONF *cnf, const char *appname, +\& unsigned long flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fICONF_modules_load_file()\fR configures OpenSSL using file +\&\fBfilename\fR and application name \fBappname\fR. If \fBfilename\fR is \s-1NULL\s0 +the standard OpenSSL configuration file is used. If \fBappname\fR is +\&\s-1NULL\s0 the standard OpenSSL application name \fBopenssl_conf\fR is used. +The behaviour can be customized using \fBflags\fR. +.PP +\&\fICONF_modules_load()\fR is identical to \fICONF_modules_load_file()\fR except it +reads configuration information from \fBcnf\fR. +.SH "NOTES" +.IX Header "NOTES" +The following \fBflags\fR are currently recognized: +.PP +If \fB\s-1CONF_MFLAGS_IGNORE_ERRORS\s0\fR is set errors returned by individual +configuration modules are ignored. If not set the first module error is +considered fatal and no further modules are loaded. +.PP +Normally any modules errors will add error information to the error queue. If +\&\fB\s-1CONF_MFLAGS_SILENT\s0\fR is set no error information is added. +.PP +If \fB\s-1CONF_MFLAGS_IGNORE_RETURN_CODES\s0\fR is set the function unconditionally +returns success. +This is used by default in \fIOPENSSL_init_crypto\fR\|(3) to ignore any errors in +the default system-wide configuration file, as having all OpenSSL applications +fail to start when there are potentially minor issues in the file is too risky. +Applications calling \fBCONF_modules_load_file\fR explicitly should not generally +set this flag. +.PP +If \fB\s-1CONF_MFLAGS_NO_DSO\s0\fR is set configuration module loading from DSOs is +disabled. +.PP +\&\fB\s-1CONF_MFLAGS_IGNORE_MISSING_FILE\s0\fR if set will make \fICONF_load_modules_file()\fR +ignore missing configuration files. Normally a missing configuration file +return an error. +.PP +\&\fB\s-1CONF_MFLAGS_DEFAULT_SECTION\s0\fR if set and \fBappname\fR is not \s-1NULL\s0 will use the +default section pointed to by \fBopenssl_conf\fR if \fBappname\fR does not exist. +.PP +By using \fICONF_modules_load_file()\fR with appropriate flags an application can +customise application configuration to best suit its needs. In some cases the +use of a configuration file is optional and its absence is not an error: in +this case \fB\s-1CONF_MFLAGS_IGNORE_MISSING_FILE\s0\fR would be set. +.PP +Errors during configuration may also be handled differently by different +applications. For example in some cases an error may simply print out a warning +message and the application continue. In other cases an application might +consider a configuration file error as fatal and exit immediately. +.PP +Applications can use the \fICONF_modules_load()\fR function if they wish to load a +configuration file themselves and have finer control over how errors are +treated. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return 1 for success and a zero or negative value for +failure. If module errors are not ignored the return code will reflect the +return value of the failing module (this will always be zero or negative). +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Load a configuration file and print out any errors and exit (missing file +considered fatal): +.PP +.Vb 5 +\& if (CONF_modules_load_file(NULL, NULL, 0) <= 0) { +\& fprintf(stderr, "FATAL: error loading configuration file\en"); +\& ERR_print_errors_fp(stderr); +\& exit(1); +\& } +.Ve +.PP +Load default configuration file using the section indicated by \*(L"myapp\*(R", +tolerate missing files, but exit on other errors: +.PP +.Vb 6 +\& if (CONF_modules_load_file(NULL, "myapp", +\& CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) { +\& fprintf(stderr, "FATAL: error loading configuration file\en"); +\& ERR_print_errors_fp(stderr); +\& exit(1); +\& } +.Ve +.PP +Load custom configuration file and section, only print warnings on error, +missing configuration file ignored: +.PP +.Vb 5 +\& if (CONF_modules_load_file("/something/app.cnf", "myapp", +\& CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) { +\& fprintf(stderr, "WARNING: error loading configuration file\en"); +\& ERR_print_errors_fp(stderr); +\& } +.Ve +.PP +Load and parse configuration file manually, custom error handling: +.PP +.Vb 3 +\& FILE *fp; +\& CONF *cnf = NULL; +\& long eline; +\& +\& fp = fopen("/somepath/app.cnf", "r"); +\& if (fp == NULL) { +\& fprintf(stderr, "Error opening configuration file\en"); +\& /* Other missing configuration file behaviour */ +\& } else { +\& cnf = NCONF_new(NULL); +\& if (NCONF_load_fp(cnf, fp, &eline) == 0) { +\& fprintf(stderr, "Error on line %ld of configuration file\en", eline); +\& ERR_print_errors_fp(stderr); +\& /* Other malformed configuration file behaviour */ +\& } else if (CONF_modules_load(cnf, "appname", 0) <= 0) { +\& fprintf(stderr, "Error configuring application\en"); +\& ERR_print_errors_fp(stderr); +\& /* Other configuration error behaviour */ +\& } +\& fclose(fp); +\& NCONF_free(cnf); +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIconfig\fR\|(5), \fIOPENSSL_config\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2004\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/CRYPTO_THREAD_run_once.3 b/linux_amd64/share/man/man3/CRYPTO_THREAD_run_once.3 new file mode 100755 index 0000000..72c055a --- /dev/null +++ b/linux_amd64/share/man/man3/CRYPTO_THREAD_run_once.3 @@ -0,0 +1,276 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CRYPTO_THREAD_RUN_ONCE 3" +.TH CRYPTO_THREAD_RUN_ONCE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CRYPTO_THREAD_run_once, +CRYPTO_THREAD_lock_new, CRYPTO_THREAD_read_lock, CRYPTO_THREAD_write_lock, +CRYPTO_THREAD_unlock, CRYPTO_THREAD_lock_free, +CRYPTO_atomic_add \- OpenSSL thread support +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& CRYPTO_ONCE CRYPTO_ONCE_STATIC_INIT; +\& int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void)); +\& +\& CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void); +\& int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock); +\& int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock); +\& int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock); +\& void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock); +\& +\& int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +OpenSSL can be safely used in multi-threaded applications provided that +support for the underlying \s-1OS\s0 threading \s-1API\s0 is built-in. Currently, OpenSSL +supports the pthread and Windows APIs. OpenSSL can also be built without +any multi-threading support, for example on platforms that don't provide +any threading support or that provide a threading \s-1API\s0 that is not yet +supported by OpenSSL. +.PP +The following multi-threading function are provided: +.IP "\(bu" 2 +\&\fICRYPTO_THREAD_run_once()\fR can be used to perform one-time initialization. +The \fBonce\fR argument must be a pointer to a static object of type +\&\fB\s-1CRYPTO_ONCE\s0\fR that was statically initialized to the value +\&\fB\s-1CRYPTO_ONCE_STATIC_INIT\s0\fR. +The \fBinit\fR argument is a pointer to a function that performs the desired +exactly once initialization. +In particular, this can be used to allocate locks in a thread-safe manner, +which can then be used with the locking functions below. +.IP "\(bu" 2 +\&\fICRYPTO_THREAD_lock_new()\fR allocates, initializes and returns a new read/write +lock. +.IP "\(bu" 2 +\&\fICRYPTO_THREAD_read_lock()\fR locks the provided \fBlock\fR for reading. +.IP "\(bu" 2 +\&\fICRYPTO_THREAD_write_lock()\fR locks the provided \fBlock\fR for writing. +.IP "\(bu" 2 +\&\fICRYPTO_THREAD_unlock()\fR unlocks the previously locked \fBlock\fR. +.IP "\(bu" 2 +\&\fICRYPTO_THREAD_lock_free()\fR frees the provided \fBlock\fR. +.IP "\(bu" 2 +\&\fICRYPTO_atomic_add()\fR atomically adds \fBamount\fR to \fBval\fR and returns the +result of the operation in \fBret\fR. \fBlock\fR will be locked, unless atomic +operations are supported on the specific platform. Because of this, if a +variable is modified by \fICRYPTO_atomic_add()\fR then \fICRYPTO_atomic_add()\fR must +be the only way that the variable is modified. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fICRYPTO_THREAD_run_once()\fR returns 1 on success, or 0 on error. +.PP +\&\fICRYPTO_THREAD_lock_new()\fR returns the allocated lock, or \s-1NULL\s0 on error. +.PP +\&\fICRYPTO_THREAD_lock_free()\fR returns no value. +.PP +The other functions return 1 on success, or 0 on error. +.SH "NOTES" +.IX Header "NOTES" +On Windows platforms the CRYPTO_THREAD_* types and functions in the +openssl/crypto.h header are dependent on some of the types customarily +made available by including windows.h. The application developer is +likely to require control over when the latter is included, commonly as +one of the first included headers. Therefore it is defined as an +application developer's responsibility to include windows.h prior to +crypto.h where use of CRYPTO_THREAD_* types and functions is required. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +You can find out if OpenSSL was configured with thread support: +.PP +.Vb 6 +\& #include +\& #if defined(OPENSSL_THREADS) +\& /* thread support enabled */ +\& #else +\& /* no thread support */ +\& #endif +.Ve +.PP +This example safely initializes and uses a lock. +.PP +.Vb 4 +\& #ifdef _WIN32 +\& # include +\& #endif +\& #include +\& +\& static CRYPTO_ONCE once = CRYPTO_ONCE_STATIC_INIT; +\& static CRYPTO_RWLOCK *lock; +\& +\& static void myinit(void) +\& { +\& lock = CRYPTO_THREAD_lock_new(); +\& } +\& +\& static int mylock(void) +\& { +\& if (!CRYPTO_THREAD_run_once(&once, void init) || lock == NULL) +\& return 0; +\& return CRYPTO_THREAD_write_lock(lock); +\& } +\& +\& static int myunlock(void) +\& { +\& return CRYPTO_THREAD_unlock(lock); +\& } +\& +\& int serialized(void) +\& { +\& int ret = 0; +\& +\& if (mylock()) { +\& /* Your code here, do not return without releasing the lock! */ +\& ret = ... ; +\& } +\& myunlock(); +\& return ret; +\& } +.Ve +.PP +Finalization of locks is an advanced topic, not covered in this example. +This can only be done at process exit or when a dynamically loaded library is +no longer in use and is unloaded. +The simplest solution is to just \*(L"leak\*(R" the lock in applications and not +repeatedly load/unload shared libraries that allocate locks. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIcrypto\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/CRYPTO_get_ex_new_index.3 b/linux_amd64/share/man/man3/CRYPTO_get_ex_new_index.3 new file mode 100755 index 0000000..b0ddd75 --- /dev/null +++ b/linux_amd64/share/man/man3/CRYPTO_get_ex_new_index.3 @@ -0,0 +1,301 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CRYPTO_GET_EX_NEW_INDEX 3" +.TH CRYPTO_GET_EX_NEW_INDEX 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CRYPTO_EX_new, CRYPTO_EX_free, CRYPTO_EX_dup, +CRYPTO_free_ex_index, CRYPTO_get_ex_new_index, +CRYPTO_alloc_ex_data, CRYPTO_set_ex_data, CRYPTO_get_ex_data, +CRYPTO_free_ex_data, CRYPTO_new_ex_data +\&\- functions supporting application\-specific data +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int CRYPTO_get_ex_new_index(int class_index, +\& long argl, void *argp, +\& CRYPTO_EX_new *new_func, +\& CRYPTO_EX_dup *dup_func, +\& CRYPTO_EX_free *free_func); +\& +\& typedef void CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad, +\& int idx, long argl, void *argp); +\& typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, +\& int idx, long argl, void *argp); +\& typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, +\& void *from_d, int idx, long argl, void *argp); +\& +\& int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) +\& +\& int CRYPTO_alloc_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad, +\& int idx); +\& +\& int CRYPTO_set_ex_data(CRYPTO_EX_DATA *r, int idx, void *arg); +\& +\& void *CRYPTO_get_ex_data(CRYPTO_EX_DATA *r, int idx); +\& +\& void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *r); +\& +\& int CRYPTO_free_ex_index(int class_index, int idx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Several OpenSSL structures can have application-specific data attached to them, +known as \*(L"exdata.\*(R" +The specific structures are: +.PP +.Vb 10 +\& BIO +\& DH +\& DSA +\& EC_KEY +\& ENGINE +\& RAND_DRBG +\& RSA +\& SSL +\& SSL_CTX +\& SSL_SESSION +\& UI +\& UI_METHOD +\& X509 +\& X509_STORE +\& X509_STORE_CTX +.Ve +.PP +In addition, the \fB\s-1APP\s0\fR name is reserved for use by application code. +.PP +Each is identified by an \fBCRYPTO_EX_INDEX_xxx\fR define in the \fBcrypto.h\fR +header file. In addition, \fB\s-1CRYPTO_EX_INDEX_APP\s0\fR is reserved for +applications to use this facility for their own structures. +.PP +The \s-1API\s0 described here is used by OpenSSL to manipulate exdata for specific +structures. Since the application data can be anything at all it is passed +and retrieved as a \fBvoid *\fR type. +.PP +The \fB\s-1CRYPTO_EX_DATA\s0\fR type is opaque. To initialize the exdata part of +a structure, call \fICRYPTO_new_ex_data()\fR. This is only necessary for +\&\fB\s-1CRYPTO_EX_INDEX_APP\s0\fR objects. +.PP +Exdata types are identified by an \fBindex\fR, an integer guaranteed to be +unique within structures for the lifetime of the program. Applications +using exdata typically call \fBCRYPTO_get_ex_new_index\fR at startup, and +store the result in a global variable, or write a wrapper function to +provide lazy evaluation. The \fBclass_index\fR should be one of the +\&\fBCRYPTO_EX_INDEX_xxx\fR values. The \fBargl\fR and \fBargp\fR parameters are saved +to be passed to the callbacks but are otherwise not used. In order to +transparently manipulate exdata, three callbacks must be provided. The +semantics of those callbacks are described below. +.PP +When copying or releasing objects with exdata, the callback functions +are called in increasing order of their \fBindex\fR value. +.PP +If a dynamic library can be unloaded, it should call \fICRYPTO_free_ex_index()\fR +when this is done. +This will replace the callbacks with no-ops +so that applications don't crash. Any existing exdata will be leaked. +.PP +To set or get the exdata on an object, the appropriate type-specific +routine must be used. This is because the containing structure is opaque +and the \fB\s-1CRYPTO_EX_DATA\s0\fR field is not accessible. In both \s-1API\s0's, the +\&\fBidx\fR parameter should be an already-created index value. +.PP +When setting exdata, the pointer specified with a particular index is saved, +and returned on a subsequent \*(L"get\*(R" call. If the application is going to +release the data, it must make sure to set a \fB\s-1NULL\s0\fR value at the index, +to avoid likely double-free crashes. +.PP +The function \fBCRYPTO_free_ex_data\fR is used to free all exdata attached +to a structure. The appropriate type-specific routine must be used. +The \fBclass_index\fR identifies the structure type, the \fBobj\fR is +a pointer to the actual structure, and \fBr\fR is a pointer to the +structure's exdata field. +.SS "Callback Functions" +.IX Subsection "Callback Functions" +This section describes how the callback functions are used. Applications +that are defining their own exdata using \fB\s-1CYPRTO_EX_INDEX_APP\s0\fR must +call them as described here. +.PP +When a structure is initially allocated (such as \fIRSA_new()\fR) then the +\&\fInew_func()\fR is called for every defined index. There is no requirement +that the entire parent, or containing, structure has been set up. +The \fInew_func()\fR is typically used only to allocate memory to store the +exdata, and perhaps an \*(L"initialized\*(R" flag within that memory. +The exdata value may be allocated later on with \fICRYPTO_alloc_ex_data()\fR, +or may be set by calling \fICRYPTO_set_ex_data()\fR. +.PP +When a structure is free'd (such as \fISSL_CTX_free()\fR) then the +\&\fIfree_func()\fR is called for every defined index. Again, the state of the +parent structure is not guaranteed. The \fIfree_func()\fR may be called with a +\&\s-1NULL\s0 pointer. +.PP +Both \fInew_func()\fR and \fIfree_func()\fR take the same parameters. +The \fBparent\fR is the pointer to the structure that contains the exdata. +The \fBptr\fR is the current exdata item; for \fInew_func()\fR this will typically +be \s-1NULL\s0. The \fBr\fR parameter is a pointer to the exdata field of the object. +The \fBidx\fR is the index and is the value returned when the callbacks were +initially registered via \fICRYPTO_get_ex_new_index()\fR and can be used if +the same callback handles different types of exdata. +.PP +\&\fIdup_func()\fR is called when a structure is being copied. This is only done +for \fB\s-1SSL\s0\fR, \fB\s-1SSL_SESSION\s0\fR, \fB\s-1EC_KEY\s0\fR objects and \fB\s-1BIO\s0\fR chains via +\&\fIBIO_dup_chain()\fR. The \fBto\fR and \fBfrom\fR parameters +are pointers to the destination and source \fB\s-1CRYPTO_EX_DATA\s0\fR structures, +respectively. The \fBfrom_d\fR parameter needs to be cast to a \fBvoid **pptr\fR +as the \s-1API\s0 has currently the wrong signature; that will be changed in a +future version. The \fB*pptr\fR is a pointer to the source exdata. +When the \fIdup_func()\fR returns, the value in \fB*pptr\fR is copied to the +destination ex_data. If the pointer contained in \fB*pptr\fR is not modified +by the \fIdup_func()\fR, then both \fBto\fR and \fBfrom\fR will point to the same data. +The \fBidx\fR, \fBargl\fR and \fBargp\fR parameters are as described for the other +two callbacks. If the \fIdup_func()\fR returns \fB0\fR the whole \fICRYPTO_dup_ex_data()\fR +will fail. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fICRYPTO_get_ex_new_index()\fR returns a new index or \-1 on failure. +.PP +\&\fICRYPTO_free_ex_index()\fR, \fICRYPTO_alloc_ex_data()\fR and \fICRYPTO_set_ex_data()\fR +return 1 on success or 0 on failure. +.PP +\&\fICRYPTO_get_ex_data()\fR returns the application data or \s-1NULL\s0 on failure; +note that \s-1NULL\s0 may be a valid value. +.PP +\&\fIdup_func()\fR should return 0 for failure and 1 for success. +.SH "HISTORY" +.IX Header "HISTORY" +\&\fICRYPTO_alloc_ex_data()\fR was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/CRYPTO_memcmp.3 b/linux_amd64/share/man/man3/CRYPTO_memcmp.3 new file mode 100755 index 0000000..93bf9e6 --- /dev/null +++ b/linux_amd64/share/man/man3/CRYPTO_memcmp.3 @@ -0,0 +1,162 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CRYPTO_MEMCMP 3" +.TH CRYPTO_MEMCMP 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CRYPTO_memcmp \- Constant time memory comparison +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int CRYPTO_memcmp(const void *a, const void *b, size_t len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The CRYPTO_memcmp function compares the \fBlen\fR bytes pointed to by \fBa\fR and \fBb\fR +for equality. +It takes an amount of time dependent on \fBlen\fR, but independent of the +contents of the memory regions pointed to by \fBa\fR and \fBb\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fICRYPTO_memcmp()\fR returns 0 if the memory regions are equal and nonzero +otherwise. +.SH "NOTES" +.IX Header "NOTES" +Unlike \fImemcmp\fR\|(2), this function cannot be used to order the two memory regions +as the return value when they differ is undefined, other than being nonzero. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/CTLOG_STORE_get0_log_by_id.3 b/linux_amd64/share/man/man3/CTLOG_STORE_get0_log_by_id.3 new file mode 100755 index 0000000..465108f --- /dev/null +++ b/linux_amd64/share/man/man3/CTLOG_STORE_get0_log_by_id.3 @@ -0,0 +1,171 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CTLOG_STORE_GET0_LOG_BY_ID 3" +.TH CTLOG_STORE_GET0_LOG_BY_ID 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CTLOG_STORE_get0_log_by_id \- +Get a Certificate Transparency log from a CTLOG_STORE +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const CTLOG *CTLOG_STORE_get0_log_by_id(const CTLOG_STORE *store, +\& const uint8_t *log_id, +\& size_t log_id_len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A Signed Certificate Timestamp (\s-1SCT\s0) identifies the Certificate Transparency +(\s-1CT\s0) log that issued it using the log's LogID (see \s-1RFC\s0 6962, Section 3.2). +Therefore, it is useful to be able to look up more information about a log +(e.g. its public key) using this LogID. +.PP +\&\fICTLOG_STORE_get0_log_by_id()\fR provides a way to do this. It will find a \s-1CTLOG\s0 +in a \s-1CTLOG_STORE\s0 that has a given LogID. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCTLOG_STORE_get0_log_by_id\fR returns a \s-1CTLOG\s0 with the given LogID, if it +exists in the given \s-1CTLOG_STORE\s0, otherwise it returns \s-1NULL\s0. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIct\fR\|(7), +\&\fICTLOG_STORE_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fICTLOG_STORE_get0_log_by_id()\fR function was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/CTLOG_STORE_new.3 b/linux_amd64/share/man/man3/CTLOG_STORE_new.3 new file mode 100755 index 0000000..3cd830e --- /dev/null +++ b/linux_amd64/share/man/man3/CTLOG_STORE_new.3 @@ -0,0 +1,202 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CTLOG_STORE_NEW 3" +.TH CTLOG_STORE_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CTLOG_STORE_new, CTLOG_STORE_free, +CTLOG_STORE_load_default_file, CTLOG_STORE_load_file \- +Create and populate a Certificate Transparency log list +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& CTLOG_STORE *CTLOG_STORE_new(void); +\& void CTLOG_STORE_free(CTLOG_STORE *store); +\& +\& int CTLOG_STORE_load_default_file(CTLOG_STORE *store); +\& int CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A \s-1CTLOG_STORE\s0 is a container for a list of CTLOGs (Certificate Transparency +logs). The list can be loaded from one or more files and then searched by LogID +(see \s-1RFC\s0 6962, Section 3.2, for the definition of a LogID). +.PP +\&\fICTLOG_STORE_new()\fR creates an empty list of \s-1CT\s0 logs. This is then populated +by \fICTLOG_STORE_load_default_file()\fR or \fICTLOG_STORE_load_file()\fR. +\&\fICTLOG_STORE_load_default_file()\fR loads from the default file, which is named +\&\fIct_log_list.cnf\fR in \s-1OPENSSLDIR\s0 (see the output of \fIopenssl\-version\fR\|(1)). +This can be overridden using an environment variable named \fB\s-1CTLOG_FILE\s0\fR. +\&\fICTLOG_STORE_load_file()\fR loads from a caller-specified file path instead. +Both of these functions append any loaded \s-1CT\s0 logs to the \s-1CTLOG_STORE\s0. +.PP +The expected format of the file is: +.PP +.Vb 1 +\& enabled_logs=foo,bar +\& +\& [foo] +\& description = Log 1 +\& key = +\& +\& [bar] +\& description = Log 2 +\& key = +.Ve +.PP +Once a \s-1CTLOG_STORE\s0 is no longer required, it should be passed to +\&\fICTLOG_STORE_free()\fR. This will delete all of the CTLOGs stored within, along +with the \s-1CTLOG_STORE\s0 itself. +.SH "NOTES" +.IX Header "NOTES" +If there are any invalid \s-1CT\s0 logs in a file, they are skipped and the remaining +valid logs will still be added to the \s-1CTLOG_STORE\s0. A \s-1CT\s0 log will be considered +invalid if it is missing a \*(L"key\*(R" or \*(L"description\*(R" field. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Both \fBCTLOG_STORE_load_default_file\fR and \fBCTLOG_STORE_load_file\fR return 1 if +all \s-1CT\s0 logs in the file are successfully parsed and loaded, 0 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIct\fR\|(7), +\&\fICTLOG_STORE_get0_log_by_id\fR\|(3), +\&\fISSL_CTX_set_ctlog_list_file\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/CTLOG_new.3 b/linux_amd64/share/man/man3/CTLOG_new.3 new file mode 100755 index 0000000..bb26811 --- /dev/null +++ b/linux_amd64/share/man/man3/CTLOG_new.3 @@ -0,0 +1,194 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CTLOG_NEW 3" +.TH CTLOG_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CTLOG_new, CTLOG_new_from_base64, CTLOG_free, +CTLOG_get0_name, CTLOG_get0_log_id, CTLOG_get0_public_key \- +encapsulates information about a Certificate Transparency log +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& CTLOG *CTLOG_new(EVP_PKEY *public_key, const char *name); +\& int CTLOG_new_from_base64(CTLOG ** ct_log, +\& const char *pkey_base64, const char *name); +\& void CTLOG_free(CTLOG *log); +\& const char *CTLOG_get0_name(const CTLOG *log); +\& void CTLOG_get0_log_id(const CTLOG *log, const uint8_t **log_id, +\& size_t *log_id_len); +\& EVP_PKEY *CTLOG_get0_public_key(const CTLOG *log); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fICTLOG_new()\fR returns a new \s-1CTLOG\s0 that represents the Certificate Transparency +(\s-1CT\s0) log with the given public key. A name must also be provided that can be +used to help users identify this log. Ownership of the public key is +transferred. +.PP +\&\fICTLOG_new_from_base64()\fR also creates a new \s-1CTLOG\s0, but takes the public key in +base64\-encoded \s-1DER\s0 form and sets the ct_log pointer to point to the new \s-1CTLOG\s0. +The base64 will be decoded and the public key parsed. +.PP +Regardless of whether \fICTLOG_new()\fR or \fICTLOG_new_from_base64()\fR is used, it is the +caller's responsibility to pass the \s-1CTLOG\s0 to \fICTLOG_free()\fR once it is no longer +needed. This will delete it and, if created by \fICTLOG_new()\fR, the \s-1EVP_PKEY\s0 that +was passed to it. +.PP +\&\fICTLOG_get0_name()\fR returns the name of the log, as provided when the \s-1CTLOG\s0 was +created. Ownership of the string remains with the \s-1CTLOG\s0. +.PP +\&\fICTLOG_get0_log_id()\fR sets *log_id to point to a string containing that log's +LogID (see \s-1RFC\s0 6962). It sets *log_id_len to the length of that LogID. For a +v1 \s-1CT\s0 log, the LogID will be a \s-1SHA\-256\s0 hash (i.e. 32 bytes long). Ownership of +the string remains with the \s-1CTLOG\s0. +.PP +\&\fICTLOG_get0_public_key()\fR returns the public key of the \s-1CT\s0 log. Ownership of the +\&\s-1EVP_PKEY\s0 remains with the \s-1CTLOG\s0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fICTLOG_new()\fR will return \s-1NULL\s0 if an error occurs. +.PP +\&\fICTLOG_new_from_base64()\fR will return 1 on success, 0 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIct\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/CT_POLICY_EVAL_CTX_new.3 b/linux_amd64/share/man/man3/CT_POLICY_EVAL_CTX_new.3 new file mode 100755 index 0000000..5a41bb8 --- /dev/null +++ b/linux_amd64/share/man/man3/CT_POLICY_EVAL_CTX_new.3 @@ -0,0 +1,225 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CT_POLICY_EVAL_CTX_NEW 3" +.TH CT_POLICY_EVAL_CTX_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CT_POLICY_EVAL_CTX_new, CT_POLICY_EVAL_CTX_free, +CT_POLICY_EVAL_CTX_get0_cert, CT_POLICY_EVAL_CTX_set1_cert, +CT_POLICY_EVAL_CTX_get0_issuer, CT_POLICY_EVAL_CTX_set1_issuer, +CT_POLICY_EVAL_CTX_get0_log_store, CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE, +CT_POLICY_EVAL_CTX_get_time, CT_POLICY_EVAL_CTX_set_time \- +Encapsulates the data required to evaluate whether SCTs meet a Certificate Transparency policy +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void); +\& void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx); +\& X509* CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx); +\& int CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert); +\& X509* CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx); +\& int CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer); +\& const CTLOG_STORE *CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX *ctx); +\& void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx, +\& CTLOG_STORE *log_store); +\& uint64_t CT_POLICY_EVAL_CTX_get_time(const CT_POLICY_EVAL_CTX *ctx); +\& void CT_POLICY_EVAL_CTX_set_time(CT_POLICY_EVAL_CTX *ctx, uint64_t time_in_ms); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A \fB\s-1CT_POLICY_EVAL_CTX\s0\fR is used by functions that evaluate whether Signed +Certificate Timestamps (SCTs) fulfil a Certificate Transparency (\s-1CT\s0) policy. +This policy may be, for example, that at least one valid \s-1SCT\s0 is available. To +determine this, an \s-1SCT\s0's timestamp and signature must be verified. +This requires: +.IP "\(bu" 2 +the public key of the log that issued the \s-1SCT\s0 +.IP "\(bu" 2 +the certificate that the \s-1SCT\s0 was issued for +.IP "\(bu" 2 +the issuer certificate (if the \s-1SCT\s0 was issued for a pre-certificate) +.IP "\(bu" 2 +the current time +.PP +The above requirements are met using the setters described below. +.PP +\&\fICT_POLICY_EVAL_CTX_new()\fR creates an empty policy evaluation context. This +should then be populated using: +.IP "\(bu" 2 +\&\fICT_POLICY_EVAL_CTX_set1_cert()\fR to provide the certificate the SCTs were issued for +.Sp +Increments the reference count of the certificate. +.IP "\(bu" 2 +\&\fICT_POLICY_EVAL_CTX_set1_issuer()\fR to provide the issuer certificate +.Sp +Increments the reference count of the certificate. +.IP "\(bu" 2 +\&\fICT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE()\fR to provide a list of logs that are trusted as sources of SCTs +.Sp +Holds a pointer to the \s-1CTLOG_STORE\s0, so the \s-1CTLOG_STORE\s0 must outlive the +\&\s-1CT_POLICY_EVAL_CTX\s0. +.IP "\(bu" 2 +\&\fICT_POLICY_EVAL_CTX_set_time()\fR to set the time SCTs should be compared with to determine if they are valid +.Sp +The \s-1SCT\s0 timestamp will be compared to this time to check whether the \s-1SCT\s0 was +issued in the future. \s-1RFC6962\s0 states that \*(L"\s-1TLS\s0 clients \s-1MUST\s0 reject SCTs whose +timestamp is in the future\*(R". By default, this will be set to 5 minutes in the +future (e.g. (\fItime()\fR + 300) * 1000), to allow for clock drift. +.Sp +The time should be in milliseconds since the Unix Epoch. +.PP +Each setter has a matching getter for accessing the current value. +.PP +When no longer required, the \fB\s-1CT_POLICY_EVAL_CTX\s0\fR should be passed to +\&\fICT_POLICY_EVAL_CTX_free()\fR to delete it. +.SH "NOTES" +.IX Header "NOTES" +The issuer certificate only needs to be provided if at least one of the SCTs +was issued for a pre-certificate. This will be the case for SCTs embedded in a +certificate (i.e. those in an X.509 extension), but may not be the case for SCTs +found in the \s-1TLS\s0 \s-1SCT\s0 extension or \s-1OCSP\s0 response. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fICT_POLICY_EVAL_CTX_new()\fR will return \s-1NULL\s0 if malloc fails. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIct\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/DEFINE_STACK_OF.3 b/linux_amd64/share/man/man3/DEFINE_STACK_OF.3 new file mode 100755 index 0000000..3c08e33 --- /dev/null +++ b/linux_amd64/share/man/man3/DEFINE_STACK_OF.3 @@ -0,0 +1,408 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DEFINE_STACK_OF 3" +.TH DEFINE_STACK_OF 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DEFINE_STACK_OF, DEFINE_STACK_OF_CONST, DEFINE_SPECIAL_STACK_OF, +DEFINE_SPECIAL_STACK_OF_CONST, +sk_TYPE_num, sk_TYPE_value, sk_TYPE_new, sk_TYPE_new_null, +sk_TYPE_reserve, sk_TYPE_free, sk_TYPE_zero, sk_TYPE_delete, +sk_TYPE_delete_ptr, sk_TYPE_push, sk_TYPE_unshift, sk_TYPE_pop, +sk_TYPE_shift, sk_TYPE_pop_free, sk_TYPE_insert, sk_TYPE_set, +sk_TYPE_find, sk_TYPE_find_ex, sk_TYPE_sort, sk_TYPE_is_sorted, +sk_TYPE_dup, sk_TYPE_deep_copy, sk_TYPE_set_cmp_func, sk_TYPE_new_reserve +\&\- stack container +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& STACK_OF(TYPE) +\& DEFINE_STACK_OF(TYPE) +\& DEFINE_STACK_OF_CONST(TYPE) +\& DEFINE_SPECIAL_STACK_OF(FUNCTYPE, TYPE) +\& DEFINE_SPECIAL_STACK_OF_CONST(FUNCTYPE, TYPE) +\& +\& typedef int (*sk_TYPE_compfunc)(const TYPE *const *a, const TYPE *const *b); +\& typedef TYPE * (*sk_TYPE_copyfunc)(const TYPE *a); +\& typedef void (*sk_TYPE_freefunc)(TYPE *a); +\& +\& int sk_TYPE_num(const STACK_OF(TYPE) *sk); +\& TYPE *sk_TYPE_value(const STACK_OF(TYPE) *sk, int idx); +\& STACK_OF(TYPE) *sk_TYPE_new(sk_TYPE_compfunc compare); +\& STACK_OF(TYPE) *sk_TYPE_new_null(void); +\& int sk_TYPE_reserve(STACK_OF(TYPE) *sk, int n); +\& void sk_TYPE_free(const STACK_OF(TYPE) *sk); +\& void sk_TYPE_zero(const STACK_OF(TYPE) *sk); +\& TYPE *sk_TYPE_delete(STACK_OF(TYPE) *sk, int i); +\& TYPE *sk_TYPE_delete_ptr(STACK_OF(TYPE) *sk, TYPE *ptr); +\& int sk_TYPE_push(STACK_OF(TYPE) *sk, const TYPE *ptr); +\& int sk_TYPE_unshift(STACK_OF(TYPE) *sk, const TYPE *ptr); +\& TYPE *sk_TYPE_pop(STACK_OF(TYPE) *sk); +\& TYPE *sk_TYPE_shift(STACK_OF(TYPE) *sk); +\& void sk_TYPE_pop_free(STACK_OF(TYPE) *sk, sk_TYPE_freefunc freefunc); +\& int sk_TYPE_insert(STACK_OF(TYPE) *sk, TYPE *ptr, int idx); +\& TYPE *sk_TYPE_set(STACK_OF(TYPE) *sk, int idx, const TYPE *ptr); +\& int sk_TYPE_find(STACK_OF(TYPE) *sk, TYPE *ptr); +\& int sk_TYPE_find_ex(STACK_OF(TYPE) *sk, TYPE *ptr); +\& void sk_TYPE_sort(const STACK_OF(TYPE) *sk); +\& int sk_TYPE_is_sorted(const STACK_OF(TYPE) *sk); +\& STACK_OF(TYPE) *sk_TYPE_dup(const STACK_OF(TYPE) *sk); +\& STACK_OF(TYPE) *sk_TYPE_deep_copy(const STACK_OF(TYPE) *sk, +\& sk_TYPE_copyfunc copyfunc, +\& sk_TYPE_freefunc freefunc); +\& sk_TYPE_compfunc (*sk_TYPE_set_cmp_func(STACK_OF(TYPE) *sk, +\& sk_TYPE_compfunc compare)); +\& STACK_OF(TYPE) *sk_TYPE_new_reserve(sk_TYPE_compfunc compare, int n); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Applications can create and use their own stacks by placing any of the macros +described below in a header file. These macros define typesafe inline +functions that wrap around the utility \fBOPENSSL_sk_\fR \s-1API\s0. +In the description here, \fB\f(BI\s-1TYPE\s0\fB\fR is used +as a placeholder for any of the OpenSSL datatypes, such as \fBX509\fR. +.PP +\&\s-1\fISTACK_OF\s0()\fR returns the name for a stack of the specified \fB\f(BI\s-1TYPE\s0\fB\fR. +\&\s-1\fIDEFINE_STACK_OF\s0()\fR creates set of functions for a stack of \fB\f(BI\s-1TYPE\s0\fB\fR. This +will mean that type \fB\f(BI\s-1TYPE\s0\fB\fR is stored in each stack, the type is referenced by +\&\fB\s-1STACK_OF\s0\fR(\fB\f(BI\s-1TYPE\s0\fB\fR) and each function name begins with \fBsk_\f(BI\s-1TYPE\s0\fB_\fR. +For example: +.PP +.Vb 1 +\& TYPE *sk_TYPE_value(STACK_OF(TYPE) *sk, int idx); +.Ve +.PP +\&\s-1\fIDEFINE_STACK_OF_CONST\s0()\fR is identical to \s-1\fIDEFINE_STACK_OF\s0()\fR except +each element is constant. For example: +.PP +.Vb 1 +\& const TYPE *sk_TYPE_value(STACK_OF(TYPE) *sk, int idx); +.Ve +.PP +\&\s-1\fIDEFINE_SPECIAL_STACK_OF\s0()\fR defines a stack of \fB\f(BI\s-1TYPE\s0\fB\fR but +each function uses \fB\s-1FUNCNAME\s0\fR in the function name. For example: +.PP +.Vb 1 +\& TYPE *sk_FUNCNAME_value(STACK_OF(TYPE) *sk, int idx); +.Ve +.PP +\&\s-1\fIDEFINE_SPECIAL_STACK_OF_CONST\s0()\fR is similar except that each element is +constant: +.PP +.Vb 1 +\& const TYPE *sk_FUNCNAME_value(STACK_OF(TYPE) *sk, int idx); +.Ve +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_num\fR() returns the number of elements in \fIsk\fR or \-1 if \fIsk\fR is +\&\s-1NULL\s0. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_value\fR() returns element \fIidx\fR in \fIsk\fR, where \fIidx\fR starts at +zero. If \fIidx\fR is out of range then \s-1NULL\s0 is returned. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_new\fR() allocates a new empty stack using comparison function +\&\fIcompare\fR. If \fIcompare\fR is \s-1NULL\s0 then no comparison function is used. This +function is equivalent to \fBsk_\f(BI\s-1TYPE\s0\fB_new_reserve\fR(\fIcompare\fR, 0). +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_new_null\fR() allocates a new empty stack with no comparison +function. This function is equivalent to \fBsk_\f(BI\s-1TYPE\s0\fB_new_reserve\fR(\s-1NULL\s0, 0). +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_reserve\fR() allocates additional memory in the \fIsk\fR structure +such that the next \fIn\fR calls to \fBsk_\f(BI\s-1TYPE\s0\fB_insert\fR(), \fBsk_\f(BI\s-1TYPE\s0\fB_push\fR() +or \fBsk_\f(BI\s-1TYPE\s0\fB_unshift\fR() will not fail or cause memory to be allocated +or reallocated. If \fIn\fR is zero, any excess space allocated in the +\&\fIsk\fR structure is freed. On error \fIsk\fR is unchanged. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_new_reserve\fR() allocates a new stack. The new stack will have +additional memory allocated to hold \fIn\fR elements if \fIn\fR is positive. +The next \fIn\fR calls to \fBsk_\f(BI\s-1TYPE\s0\fB_insert\fR(), \fBsk_\f(BI\s-1TYPE\s0\fB_push\fR() or +\&\fBsk_\f(BI\s-1TYPE\s0\fB_unshift\fR() will not fail or cause memory to be allocated or +reallocated. If \fIn\fR is zero or less than zero, no memory is allocated. +\&\fBsk_\f(BI\s-1TYPE\s0\fB_new_reserve\fR() also sets the comparison function \fIcompare\fR +to the newly created stack. If \fIcompare\fR is \s-1NULL\s0 then no comparison +function is used. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_set_cmp_func\fR() sets the comparison function of \fIsk\fR to +\&\fIcompare\fR. The previous comparison function is returned or \s-1NULL\s0 if there +was no previous comparison function. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_free\fR() frees up the \fIsk\fR structure. It does \fInot\fR free up any +elements of \fIsk\fR. After this call \fIsk\fR is no longer valid. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_zero\fR() sets the number of elements in \fIsk\fR to zero. It does not +free \fIsk\fR so after this call \fIsk\fR is still valid. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_pop_free\fR() frees up all elements of \fIsk\fR and \fIsk\fR itself. The +free function \fIfreefunc()\fR is called on each element to free it. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_delete\fR() deletes element \fIi\fR from \fIsk\fR. It returns the deleted +element or \s-1NULL\s0 if \fIi\fR is out of range. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_delete_ptr\fR() deletes element matching \fIptr\fR from \fIsk\fR. It +returns the deleted element or \s-1NULL\s0 if no element matching \fIptr\fR was found. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_insert\fR() inserts \fIptr\fR into \fIsk\fR at position \fIidx\fR. Any +existing elements at or after \fIidx\fR are moved downwards. If \fIidx\fR is out +of range the new element is appended to \fIsk\fR. \fBsk_\f(BI\s-1TYPE\s0\fB_insert\fR() either +returns the number of elements in \fIsk\fR after the new element is inserted or +zero if an error (such as memory allocation failure) occurred. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_push\fR() appends \fIptr\fR to \fIsk\fR it is equivalent to: +.PP +.Vb 1 +\& sk_TYPE_insert(sk, ptr, \-1); +.Ve +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_unshift\fR() inserts \fIptr\fR at the start of \fIsk\fR it is equivalent +to: +.PP +.Vb 1 +\& sk_TYPE_insert(sk, ptr, 0); +.Ve +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_pop\fR() returns and removes the last element from \fIsk\fR. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_shift\fR() returns and removes the first element from \fIsk\fR. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_set\fR() sets element \fIidx\fR of \fIsk\fR to \fIptr\fR replacing the current +element. The new element value is returned or \s-1NULL\s0 if an error occurred: +this will only happen if \fIsk\fR is \s-1NULL\s0 or \fIidx\fR is out of range. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_find\fR() searches \fIsk\fR for the element \fIptr\fR. In the case +where no comparison function has been specified, the function performs +a linear search for a pointer equal to \fIptr\fR. The index of the first +matching element is returned or \fB\-1\fR if there is no match. In the case +where a comparison function has been specified, \fIsk\fR is sorted then +\&\fBsk_\f(BI\s-1TYPE\s0\fB_find\fR() returns the index of a matching element or \fB\-1\fR if there +is no match. Note that, in this case, the matching element returned is +not guaranteed to be the first; the comparison function will usually +compare the values pointed to rather than the pointers themselves and +the order of elements in \fIsk\fR could change. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_find_ex\fR() operates like \fBsk_\f(BI\s-1TYPE\s0\fB_find\fR() except when a +comparison function has been specified and no matching element is found. +Instead of returning \fB\-1\fR, \fBsk_\f(BI\s-1TYPE\s0\fB_find_ex\fR() returns the index of the +element either before or after the location where \fIptr\fR would be if it were +present in \fIsk\fR. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_sort\fR() sorts \fIsk\fR using the supplied comparison function. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_is_sorted\fR() returns \fB1\fR if \fIsk\fR is sorted and \fB0\fR otherwise. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_dup\fR() returns a copy of \fIsk\fR. Note the pointers in the copy +are identical to the original. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_deep_copy\fR() returns a new stack where each element has been +copied. Copying is performed by the supplied \fIcopyfunc()\fR and freeing by +\&\fIfreefunc()\fR. The function \fIfreefunc()\fR is only called if an error occurs. +.SH "NOTES" +.IX Header "NOTES" +Care should be taken when accessing stacks in multi-threaded environments. +Any operation which increases the size of a stack such as \fBsk_\f(BI\s-1TYPE\s0\fB_insert\fR() +or \fBsk_\f(BI\s-1TYPE\s0\fB_push\fR() can \*(L"grow\*(R" the size of an internal array and cause race +conditions if the same stack is accessed in a different thread. Operations such +as \fBsk_\f(BI\s-1TYPE\s0\fB_find\fR() and \fBsk_\f(BI\s-1TYPE\s0\fB_sort\fR() can also reorder the stack. +.PP +Any comparison function supplied should use a metric suitable +for use in a binary search operation. That is it should return zero, a +positive or negative value if \fIa\fR is equal to, greater than +or less than \fIb\fR respectively. +.PP +Care should be taken when checking the return values of the functions +\&\fBsk_\f(BI\s-1TYPE\s0\fB_find\fR() and \fBsk_\f(BI\s-1TYPE\s0\fB_find_ex\fR(). They return an index to the +matching element. In particular \fB0\fR indicates a matching first element. +A failed search is indicated by a \fB\-1\fR return value. +.PP +\&\s-1\fISTACK_OF\s0()\fR, \s-1\fIDEFINE_STACK_OF\s0()\fR, \s-1\fIDEFINE_STACK_OF_CONST\s0()\fR, and +\&\s-1\fIDEFINE_SPECIAL_STACK_OF\s0()\fR are implemented as macros. +.PP +The underlying utility \fBOPENSSL_sk_\fR \s-1API\s0 should not be used directly. +It defines these functions: \fIOPENSSL_sk_deep_copy()\fR, +\&\fIOPENSSL_sk_delete()\fR, \fIOPENSSL_sk_delete_ptr()\fR, \fIOPENSSL_sk_dup()\fR, +\&\fIOPENSSL_sk_find()\fR, \fIOPENSSL_sk_find_ex()\fR, \fIOPENSSL_sk_free()\fR, +\&\fIOPENSSL_sk_insert()\fR, \fIOPENSSL_sk_is_sorted()\fR, \fIOPENSSL_sk_new()\fR, +\&\fIOPENSSL_sk_new_null()\fR, \fIOPENSSL_sk_num()\fR, \fIOPENSSL_sk_pop()\fR, +\&\fIOPENSSL_sk_pop_free()\fR, \fIOPENSSL_sk_push()\fR, \fIOPENSSL_sk_reserve()\fR, +\&\fIOPENSSL_sk_set()\fR, \fIOPENSSL_sk_set_cmp_func()\fR, \fIOPENSSL_sk_shift()\fR, +\&\fIOPENSSL_sk_sort()\fR, \fIOPENSSL_sk_unshift()\fR, \fIOPENSSL_sk_value()\fR, +\&\fIOPENSSL_sk_zero()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBsk_\f(BI\s-1TYPE\s0\fB_num\fR() returns the number of elements in the stack or \fB\-1\fR if the +passed stack is \s-1NULL\s0. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_value\fR() returns a pointer to a stack element or \s-1NULL\s0 if the +index is out of range. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_new\fR(), \fBsk_\f(BI\s-1TYPE\s0\fB_new_null\fR() and \fBsk_\f(BI\s-1TYPE\s0\fB_new_reserve\fR() +return an empty stack or \s-1NULL\s0 if an error occurs. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_reserve\fR() returns \fB1\fR on successful allocation of the required +memory or \fB0\fR on error. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_set_cmp_func\fR() returns the old comparison function or \s-1NULL\s0 if +there was no old comparison function. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_free\fR(), \fBsk_\f(BI\s-1TYPE\s0\fB_zero\fR(), \fBsk_\f(BI\s-1TYPE\s0\fB_pop_free\fR() and +\&\fBsk_\f(BI\s-1TYPE\s0\fB_sort\fR() do not return values. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_pop\fR(), \fBsk_\f(BI\s-1TYPE\s0\fB_shift\fR(), \fBsk_\f(BI\s-1TYPE\s0\fB_delete\fR() and +\&\fBsk_\f(BI\s-1TYPE\s0\fB_delete_ptr\fR() return a pointer to the deleted element or \s-1NULL\s0 +on error. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_insert\fR(), \fBsk_\f(BI\s-1TYPE\s0\fB_push\fR() and \fBsk_\f(BI\s-1TYPE\s0\fB_unshift\fR() return +the total number of elements in the stack and 0 if an error occurred. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_set\fR() returns a pointer to the replacement element or \s-1NULL\s0 on +error. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_find\fR() and \fBsk_\f(BI\s-1TYPE\s0\fB_find_ex\fR() return an index to the found +element or \fB\-1\fR on error. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_is_sorted\fR() returns \fB1\fR if the stack is sorted and \fB0\fR if it is +not. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_dup\fR() and \fBsk_\f(BI\s-1TYPE\s0\fB_deep_copy\fR() return a pointer to the copy +of the stack. +.SH "HISTORY" +.IX Header "HISTORY" +Before OpenSSL 1.1.0, this was implemented via macros and not inline functions +and was not a public \s-1API\s0. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_reserve\fR() and \fBsk_\f(BI\s-1TYPE\s0\fB_new_reserve\fR() were added in OpenSSL +1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/DES_random_key.3 b/linux_amd64/share/man/man3/DES_random_key.3 new file mode 100755 index 0000000..75b67d6 --- /dev/null +++ b/linux_amd64/share/man/man3/DES_random_key.3 @@ -0,0 +1,452 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DES_RANDOM_KEY 3" +.TH DES_RANDOM_KEY 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DES_random_key, DES_set_key, DES_key_sched, DES_set_key_checked, +DES_set_key_unchecked, DES_set_odd_parity, DES_is_weak_key, +DES_ecb_encrypt, DES_ecb2_encrypt, DES_ecb3_encrypt, DES_ncbc_encrypt, +DES_cfb_encrypt, DES_ofb_encrypt, DES_pcbc_encrypt, DES_cfb64_encrypt, +DES_ofb64_encrypt, DES_xcbc_encrypt, DES_ede2_cbc_encrypt, +DES_ede2_cfb64_encrypt, DES_ede2_ofb64_encrypt, DES_ede3_cbc_encrypt, +DES_ede3_cfb64_encrypt, DES_ede3_ofb64_encrypt, +DES_cbc_cksum, DES_quad_cksum, DES_string_to_key, DES_string_to_2keys, +DES_fcrypt, DES_crypt \- DES encryption +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& void DES_random_key(DES_cblock *ret); +\& +\& int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule); +\& int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule); +\& int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule); +\& void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule); +\& +\& void DES_set_odd_parity(DES_cblock *key); +\& int DES_is_weak_key(const_DES_cblock *key); +\& +\& void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output, +\& DES_key_schedule *ks, int enc); +\& void DES_ecb2_encrypt(const_DES_cblock *input, DES_cblock *output, +\& DES_key_schedule *ks1, DES_key_schedule *ks2, int enc); +\& void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output, +\& DES_key_schedule *ks1, DES_key_schedule *ks2, +\& DES_key_schedule *ks3, int enc); +\& +\& void DES_ncbc_encrypt(const unsigned char *input, unsigned char *output, +\& long length, DES_key_schedule *schedule, DES_cblock *ivec, +\& int enc); +\& void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, +\& int numbits, long length, DES_key_schedule *schedule, +\& DES_cblock *ivec, int enc); +\& void DES_ofb_encrypt(const unsigned char *in, unsigned char *out, +\& int numbits, long length, DES_key_schedule *schedule, +\& DES_cblock *ivec); +\& void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output, +\& long length, DES_key_schedule *schedule, DES_cblock *ivec, +\& int enc); +\& void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out, +\& long length, DES_key_schedule *schedule, DES_cblock *ivec, +\& int *num, int enc); +\& void DES_ofb64_encrypt(const unsigned char *in, unsigned char *out, +\& long length, DES_key_schedule *schedule, DES_cblock *ivec, +\& int *num); +\& +\& void DES_xcbc_encrypt(const unsigned char *input, unsigned char *output, +\& long length, DES_key_schedule *schedule, DES_cblock *ivec, +\& const_DES_cblock *inw, const_DES_cblock *outw, int enc); +\& +\& void DES_ede2_cbc_encrypt(const unsigned char *input, unsigned char *output, +\& long length, DES_key_schedule *ks1, +\& DES_key_schedule *ks2, DES_cblock *ivec, int enc); +\& void DES_ede2_cfb64_encrypt(const unsigned char *in, unsigned char *out, +\& long length, DES_key_schedule *ks1, +\& DES_key_schedule *ks2, DES_cblock *ivec, +\& int *num, int enc); +\& void DES_ede2_ofb64_encrypt(const unsigned char *in, unsigned char *out, +\& long length, DES_key_schedule *ks1, +\& DES_key_schedule *ks2, DES_cblock *ivec, int *num); +\& +\& void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output, +\& long length, DES_key_schedule *ks1, +\& DES_key_schedule *ks2, DES_key_schedule *ks3, +\& DES_cblock *ivec, int enc); +\& void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out, +\& long length, DES_key_schedule *ks1, +\& DES_key_schedule *ks2, DES_key_schedule *ks3, +\& DES_cblock *ivec, int *num, int enc); +\& void DES_ede3_ofb64_encrypt(const unsigned char *in, unsigned char *out, +\& long length, DES_key_schedule *ks1, +\& DES_key_schedule *ks2, DES_key_schedule *ks3, +\& DES_cblock *ivec, int *num); +\& +\& DES_LONG DES_cbc_cksum(const unsigned char *input, DES_cblock *output, +\& long length, DES_key_schedule *schedule, +\& const_DES_cblock *ivec); +\& DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[], +\& long length, int out_count, DES_cblock *seed); +\& void DES_string_to_key(const char *str, DES_cblock *key); +\& void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2); +\& +\& char *DES_fcrypt(const char *buf, const char *salt, char *ret); +\& char *DES_crypt(const char *buf, const char *salt); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. Applications should +instead use \fIEVP_EncryptInit_ex\fR\|(3), \fIEVP_EncryptUpdate\fR\|(3) and +\&\fIEVP_EncryptFinal_ex\fR\|(3) or the equivalently named decrypt functions. +.PP +This library contains a fast implementation of the \s-1DES\s0 encryption +algorithm. +.PP +There are two phases to the use of \s-1DES\s0 encryption. The first is the +generation of a \fIDES_key_schedule\fR from a key, the second is the +actual encryption. A \s-1DES\s0 key is of type \fIDES_cblock\fR. This type +consists of 8 bytes with odd parity. The least significant bit in +each byte is the parity bit. The key schedule is an expanded form of +the key; it is used to speed the encryption process. +.PP +\&\fIDES_random_key()\fR generates a random key. The random generator must be +seeded when calling this function. +If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to +external circumstances (see \s-1\fIRAND\s0\fR\|(7)), the operation will fail. +If the function fails, 0 is returned. +.PP +Before a \s-1DES\s0 key can be used, it must be converted into the +architecture dependent \fIDES_key_schedule\fR via the +\&\fIDES_set_key_checked()\fR or \fIDES_set_key_unchecked()\fR function. +.PP +\&\fIDES_set_key_checked()\fR will check that the key passed is of odd parity +and is not a weak or semi-weak key. If the parity is wrong, then \-1 +is returned. If the key is a weak key, then \-2 is returned. If an +error is returned, the key schedule is not generated. +.PP +\&\fIDES_set_key()\fR works like \fIDES_set_key_checked()\fR and remains for +backward compatibility. +.PP +\&\fIDES_set_odd_parity()\fR sets the parity of the passed \fIkey\fR to odd. +.PP +\&\fIDES_is_weak_key()\fR returns 1 if the passed key is a weak key, 0 if it +is ok. +.PP +The following routines mostly operate on an input and output stream of +\&\fIDES_cblock\fRs. +.PP +\&\fIDES_ecb_encrypt()\fR is the basic \s-1DES\s0 encryption routine that encrypts or +decrypts a single 8\-byte \fIDES_cblock\fR in \fIelectronic code book\fR +(\s-1ECB\s0) mode. It always transforms the input data, pointed to by +\&\fIinput\fR, into the output data, pointed to by the \fIoutput\fR argument. +If the \fIencrypt\fR argument is nonzero (\s-1DES_ENCRYPT\s0), the \fIinput\fR +(cleartext) is encrypted in to the \fIoutput\fR (ciphertext) using the +key_schedule specified by the \fIschedule\fR argument, previously set via +\&\fIDES_set_key\fR. If \fIencrypt\fR is zero (\s-1DES_DECRYPT\s0), the \fIinput\fR (now +ciphertext) is decrypted into the \fIoutput\fR (now cleartext). Input +and output may overlap. \fIDES_ecb_encrypt()\fR does not return a value. +.PP +\&\fIDES_ecb3_encrypt()\fR encrypts/decrypts the \fIinput\fR block by using +three-key Triple-DES encryption in \s-1ECB\s0 mode. This involves encrypting +the input with \fIks1\fR, decrypting with the key schedule \fIks2\fR, and +then encrypting with \fIks3\fR. This routine greatly reduces the chances +of brute force breaking of \s-1DES\s0 and has the advantage of if \fIks1\fR, +\&\fIks2\fR and \fIks3\fR are the same, it is equivalent to just encryption +using \s-1ECB\s0 mode and \fIks1\fR as the key. +.PP +The macro \fIDES_ecb2_encrypt()\fR is provided to perform two-key Triple-DES +encryption by using \fIks1\fR for the final encryption. +.PP +\&\fIDES_ncbc_encrypt()\fR encrypts/decrypts using the \fIcipher-block-chaining\fR +(\s-1CBC\s0) mode of \s-1DES\s0. If the \fIencrypt\fR argument is nonzero, the +routine cipher-block-chain encrypts the cleartext data pointed to by +the \fIinput\fR argument into the ciphertext pointed to by the \fIoutput\fR +argument, using the key schedule provided by the \fIschedule\fR argument, +and initialization vector provided by the \fIivec\fR argument. If the +\&\fIlength\fR argument is not an integral multiple of eight bytes, the +last block is copied to a temporary area and zero filled. The output +is always an integral multiple of eight bytes. +.PP +\&\fIDES_xcbc_encrypt()\fR is \s-1RSA\s0's \s-1DESX\s0 mode of \s-1DES\s0. It uses \fIinw\fR and +\&\fIoutw\fR to 'whiten' the encryption. \fIinw\fR and \fIoutw\fR are secret +(unlike the iv) and are as such, part of the key. So the key is sort +of 24 bytes. This is much better than \s-1CBC\s0 \s-1DES\s0. +.PP +\&\fIDES_ede3_cbc_encrypt()\fR implements outer triple \s-1CBC\s0 \s-1DES\s0 encryption with +three keys. This means that each \s-1DES\s0 operation inside the \s-1CBC\s0 mode is +\&\f(CW\*(C`C=E(ks3,D(ks2,E(ks1,M)))\*(C'\fR. This mode is used by \s-1SSL\s0. +.PP +The \fIDES_ede2_cbc_encrypt()\fR macro implements two-key Triple-DES by +reusing \fIks1\fR for the final encryption. \f(CW\*(C`C=E(ks1,D(ks2,E(ks1,M)))\*(C'\fR. +This form of Triple-DES is used by the \s-1RSAREF\s0 library. +.PP +\&\fIDES_pcbc_encrypt()\fR encrypts/decrypts using the propagating cipher block +chaining mode used by Kerberos v4. Its parameters are the same as +\&\fIDES_ncbc_encrypt()\fR. +.PP +\&\fIDES_cfb_encrypt()\fR encrypts/decrypts using cipher feedback mode. This +method takes an array of characters as input and outputs an array of +characters. It does not require any padding to 8 character groups. +Note: the \fIivec\fR variable is changed and the new changed value needs to +be passed to the next call to this function. Since this function runs +a complete \s-1DES\s0 \s-1ECB\s0 encryption per \fInumbits\fR, this function is only +suggested for use when sending a small number of characters. +.PP +\&\fIDES_cfb64_encrypt()\fR +implements \s-1CFB\s0 mode of \s-1DES\s0 with 64\-bit feedback. Why is this +useful you ask? Because this routine will allow you to encrypt an +arbitrary number of bytes, without 8 byte padding. Each call to this +routine will encrypt the input bytes to output and then update ivec +and num. num contains 'how far' we are though ivec. If this does +not make much sense, read more about \s-1CFB\s0 mode of \s-1DES\s0. +.PP +\&\fIDES_ede3_cfb64_encrypt()\fR and \fIDES_ede2_cfb64_encrypt()\fR is the same as +\&\fIDES_cfb64_encrypt()\fR except that Triple-DES is used. +.PP +\&\fIDES_ofb_encrypt()\fR encrypts using output feedback mode. This method +takes an array of characters as input and outputs an array of +characters. It does not require any padding to 8 character groups. +Note: the \fIivec\fR variable is changed and the new changed value needs to +be passed to the next call to this function. Since this function runs +a complete \s-1DES\s0 \s-1ECB\s0 encryption per \fInumbits\fR, this function is only +suggested for use when sending a small number of characters. +.PP +\&\fIDES_ofb64_encrypt()\fR is the same as \fIDES_cfb64_encrypt()\fR using Output +Feed Back mode. +.PP +\&\fIDES_ede3_ofb64_encrypt()\fR and \fIDES_ede2_ofb64_encrypt()\fR is the same as +\&\fIDES_ofb64_encrypt()\fR, using Triple-DES. +.PP +The following functions are included in the \s-1DES\s0 library for +compatibility with the \s-1MIT\s0 Kerberos library. +.PP +\&\fIDES_cbc_cksum()\fR produces an 8 byte checksum based on the input stream +(via \s-1CBC\s0 encryption). The last 4 bytes of the checksum are returned +and the complete 8 bytes are placed in \fIoutput\fR. This function is +used by Kerberos v4. Other applications should use +\&\fIEVP_DigestInit\fR\|(3) etc. instead. +.PP +\&\fIDES_quad_cksum()\fR is a Kerberos v4 function. It returns a 4 byte +checksum from the input bytes. The algorithm can be iterated over the +input, depending on \fIout_count\fR, 1, 2, 3 or 4 times. If \fIoutput\fR is +non-NULL, the 8 bytes generated by each pass are written into +\&\fIoutput\fR. +.PP +The following are DES-based transformations: +.PP +\&\fIDES_fcrypt()\fR is a fast version of the Unix \fIcrypt\fR\|(3) function. This +version takes only a small amount of space relative to other fast +\&\fIcrypt()\fR implementations. This is different to the normal \fIcrypt()\fR in +that the third parameter is the buffer that the return value is +written into. It needs to be at least 14 bytes long. This function +is thread safe, unlike the normal \fIcrypt()\fR. +.PP +\&\fIDES_crypt()\fR is a faster replacement for the normal system \fIcrypt()\fR. +This function calls \fIDES_fcrypt()\fR with a static array passed as the +third parameter. This mostly emulates the normal non-thread-safe semantics +of \fIcrypt\fR\|(3). +The \fBsalt\fR must be two \s-1ASCII\s0 characters. +.PP +The values returned by \fIDES_fcrypt()\fR and \fIDES_crypt()\fR are terminated by \s-1NUL\s0 +character. +.PP +\&\fIDES_enc_write()\fR writes \fIlen\fR bytes to file descriptor \fIfd\fR from +buffer \fIbuf\fR. The data is encrypted via \fIpcbc_encrypt\fR (default) +using \fIsched\fR for the key and \fIiv\fR as a starting vector. The actual +data send down \fIfd\fR consists of 4 bytes (in network byte order) +containing the length of the following encrypted data. The encrypted +data then follows, padded with random data out to a multiple of 8 +bytes. +.SH "BUGS" +.IX Header "BUGS" +\&\fIDES_cbc_encrypt()\fR does not modify \fBivec\fR; use \fIDES_ncbc_encrypt()\fR +instead. +.PP +\&\fIDES_cfb_encrypt()\fR and \fIDES_ofb_encrypt()\fR operates on input of 8 bits. +What this means is that if you set numbits to 12, and length to 2, the +first 12 bits will come from the 1st input byte and the low half of +the second input byte. The second 12 bits will have the low 8 bits +taken from the 3rd input byte and the top 4 bits taken from the 4th +input byte. The same holds for output. This function has been +implemented this way because most people will be using a multiple of 8 +and because once you get into pulling bytes input bytes apart things +get ugly! +.PP +\&\fIDES_string_to_key()\fR is available for backward compatibility with the +\&\s-1MIT\s0 library. New applications should use a cryptographic hash function. +The same applies for \fIDES_string_to_2key()\fR. +.SH "NOTES" +.IX Header "NOTES" +The \fBdes\fR library was written to be source code compatible with +the \s-1MIT\s0 Kerberos library. +.PP +Applications should use the higher level functions +\&\fIEVP_EncryptInit\fR\|(3) etc. instead of calling these +functions directly. +.PP +Single-key \s-1DES\s0 is insecure due to its short key size. \s-1ECB\s0 mode is +not suitable for most applications; see \fIdes_modes\fR\|(7). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIDES_set_key()\fR, \fIDES_key_sched()\fR, \fIDES_set_key_checked()\fR and \fIDES_is_weak_key()\fR +return 0 on success or negative values on error. +.PP +\&\fIDES_cbc_cksum()\fR and \fIDES_quad_cksum()\fR return 4\-byte integer representing the +last 4 bytes of the checksum of the input. +.PP +\&\fIDES_fcrypt()\fR returns a pointer to the caller-provided buffer and \fIDES_crypt()\fR \- +to a static buffer on success; otherwise they return \s-1NULL\s0. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIdes_modes\fR\|(7), +\&\fIEVP_EncryptInit\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. +.PP +The requirement that the \fBsalt\fR parameter to \fIDES_crypt()\fR and \fIDES_fcrypt()\fR +be two \s-1ASCII\s0 characters was first enforced in +OpenSSL 1.1.0. Previous versions tried to use the letter uppercase \fBA\fR +if both character were not present, and could crash when given non-ASCII +on some platforms. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/DH_generate_key.3 b/linux_amd64/share/man/man3/DH_generate_key.3 new file mode 100755 index 0000000..57f2dc1 --- /dev/null +++ b/linux_amd64/share/man/man3/DH_generate_key.3 @@ -0,0 +1,191 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DH_GENERATE_KEY 3" +.TH DH_GENERATE_KEY 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DH_generate_key, DH_compute_key \- perform Diffie\-Hellman key exchange +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& int DH_generate_key(DH *dh); +\& +\& int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Both of the functions described on this page are deprecated. +Applications should instead use \fIEVP_PKEY_derive_init\fR\|(3) +and \fIEVP_PKEY_derive\fR\|(3). +.PP +\&\fIDH_generate_key()\fR performs the first step of a Diffie-Hellman key +exchange by generating private and public \s-1DH\s0 values. By calling +\&\fIDH_compute_key()\fR, these are combined with the other party's public +value to compute the shared key. +.PP +\&\fIDH_generate_key()\fR expects \fBdh\fR to contain the shared parameters +\&\fBdh\->p\fR and \fBdh\->g\fR. It generates a random private \s-1DH\s0 value +unless \fBdh\->priv_key\fR is already set, and computes the +corresponding public value \fBdh\->pub_key\fR, which can then be +published. +.PP +\&\fIDH_compute_key()\fR computes the shared secret from the private \s-1DH\s0 value +in \fBdh\fR and the other party's public value in \fBpub_key\fR and stores +it in \fBkey\fR. \fBkey\fR must point to \fBDH_size(dh)\fR bytes of memory. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIDH_generate_key()\fR returns 1 on success, 0 otherwise. +.PP +\&\fIDH_compute_key()\fR returns the size of the shared secret on success, \-1 +on error. +.PP +The error codes can be obtained by \fIERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_PKEY_derive\fR\|(3), +\&\fIDH_new\fR\|(3), \fIERR_get_error\fR\|(3), \fIRAND_bytes\fR\|(3), \fIDH_size\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +Both of these functions were deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/DH_generate_parameters.3 b/linux_amd64/share/man/man3/DH_generate_parameters.3 new file mode 100755 index 0000000..b7e3753 --- /dev/null +++ b/linux_amd64/share/man/man3/DH_generate_parameters.3 @@ -0,0 +1,277 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DH_GENERATE_PARAMETERS 3" +.TH DH_GENERATE_PARAMETERS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DH_generate_parameters_ex, DH_generate_parameters, +DH_check, DH_check_params, +DH_check_ex, DH_check_params_ex, DH_check_pub_key_ex +\&\- generate and check Diffie\-Hellman +parameters +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& int DH_generate_parameters_ex(DH *dh, int prime_len, int generator, BN_GENCB *cb); +\& +\& int DH_check(DH *dh, int *codes); +\& int DH_check_params(DH *dh, int *codes); +\& +\& int DH_check_ex(const DH *dh); +\& int DH_check_params_ex(const DH *dh); +\& int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key); +.Ve +.PP +Deprecated since OpenSSL 0.9.8, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 2 +\& DH *DH_generate_parameters(int prime_len, int generator, +\& void (*callback)(int, int, void *), void *cb_arg); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. +Applications should instead use \fIEVP_PKEY_check\fR\|(3), +\&\fIEVP_PKEY_public_check\fR\|(3), \fIEVP_PKEY_private_check\fR\|(3) and +\&\fIEVP_PKEY_param_check\fR\|(3). +.PP +\&\fIDH_generate_parameters_ex()\fR generates Diffie-Hellman parameters that can +be shared among a group of users, and stores them in the provided \fB\s-1DH\s0\fR +structure. The pseudo-random number generator must be +seeded before calling it. +The parameters generated by \fIDH_generate_parameters_ex()\fR should not be used in +signature schemes. +.PP +\&\fBprime_len\fR is the length in bits of the safe prime to be generated. +\&\fBgenerator\fR is a small number > 1, typically 2 or 5. +.PP +A callback function may be used to provide feedback about the progress +of the key generation. If \fBcb\fR is not \fB\s-1NULL\s0\fR, it will be +called as described in \fIBN_generate_prime\fR\|(3) while a random prime +number is generated, and when a prime has been found, \fBBN_GENCB_call(cb, 3, 0)\fR +is called. See \fIBN_generate_prime_ex\fR\|(3) for information on +the \fIBN_GENCB_call()\fR function. +.PP +\&\fIDH_generate_parameters()\fR is similar to \fIDH_generate_prime_ex()\fR but +expects an old-style callback function; see +\&\fIBN_generate_prime\fR\|(3) for information on the old-style callback. +.PP +\&\fIDH_check_params()\fR confirms that the \fBp\fR and \fBg\fR are likely enough to +be valid. +This is a lightweight check, if a more thorough check is needed, use +\&\fIDH_check()\fR. +The value of \fB*codes\fR is updated with any problems found. +If \fB*codes\fR is zero then no problems were found, otherwise the +following bits may be set: +.IP "\s-1DH_CHECK_P_NOT_PRIME\s0" 4 +.IX Item "DH_CHECK_P_NOT_PRIME" +The parameter \fBp\fR has been determined to not being an odd prime. +Note that the lack of this bit doesn't guarantee that \fBp\fR is a +prime. +.IP "\s-1DH_NOT_SUITABLE_GENERATOR\s0" 4 +.IX Item "DH_NOT_SUITABLE_GENERATOR" +The generator \fBg\fR is not suitable. +Note that the lack of this bit doesn't guarantee that \fBg\fR is +suitable, unless \fBp\fR is known to be a strong prime. +.IP "\s-1DH_MODULUS_TOO_SMALL\s0" 4 +.IX Item "DH_MODULUS_TOO_SMALL" +The modulus is too small. +.IP "\s-1DH_MODULUS_TOO_LARGE\s0" 4 +.IX Item "DH_MODULUS_TOO_LARGE" +The modulus is too large. +.PP +\&\fIDH_check()\fR confirms that the Diffie-Hellman parameters \fBdh\fR are valid. The +value of \fB*codes\fR is updated with any problems found. If \fB*codes\fR is zero then +no problems were found, otherwise the following bits may be set: +.IP "\s-1DH_CHECK_P_NOT_PRIME\s0" 4 +.IX Item "DH_CHECK_P_NOT_PRIME" +The parameter \fBp\fR is not prime. +.IP "\s-1DH_CHECK_P_NOT_SAFE_PRIME\s0" 4 +.IX Item "DH_CHECK_P_NOT_SAFE_PRIME" +The parameter \fBp\fR is not a safe prime and no \fBq\fR value is present. +.IP "\s-1DH_UNABLE_TO_CHECK_GENERATOR\s0" 4 +.IX Item "DH_UNABLE_TO_CHECK_GENERATOR" +The generator \fBg\fR cannot be checked for suitability. +.IP "\s-1DH_NOT_SUITABLE_GENERATOR\s0" 4 +.IX Item "DH_NOT_SUITABLE_GENERATOR" +The generator \fBg\fR is not suitable. +.IP "\s-1DH_CHECK_Q_NOT_PRIME\s0" 4 +.IX Item "DH_CHECK_Q_NOT_PRIME" +The parameter \fBq\fR is not prime. +.IP "\s-1DH_CHECK_INVALID_Q_VALUE\s0" 4 +.IX Item "DH_CHECK_INVALID_Q_VALUE" +The parameter \fBq\fR is invalid. +.IP "\s-1DH_CHECK_INVALID_J_VALUE\s0" 4 +.IX Item "DH_CHECK_INVALID_J_VALUE" +The parameter \fBj\fR is invalid. +.PP +\&\fIDH_check_ex()\fR, \fIDH_check_params()\fR and \fIDH_check_pub_key_ex()\fR are similar to +\&\fIDH_check()\fR and \fIDH_check_params()\fR respectively, but the error reasons are added +to the thread's error queue instead of provided as return values from the +function. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIDH_generate_parameters_ex()\fR, \fIDH_check()\fR and \fIDH_check_params()\fR return 1 +if the check could be performed, 0 otherwise. +.PP +\&\fIDH_generate_parameters()\fR returns a pointer to the \s-1DH\s0 structure or \s-1NULL\s0 if +the parameter generation fails. +.PP +\&\fIDH_check_ex()\fR, \fIDH_check_params()\fR and \fIDH_check_pub_key_ex()\fR return 1 if the +check is successful, 0 for failed. +.PP +The error codes can be obtained by \fIERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIDH_new\fR\|(3), \fIERR_get_error\fR\|(3), \fIRAND_bytes\fR\|(3), +\&\fIDH_free\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. +.PP +\&\fIDH_generate_parameters()\fR was deprecated in OpenSSL 0.9.8; use +\&\fIDH_generate_parameters_ex()\fR instead. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/DH_get0_pqg.3 b/linux_amd64/share/man/man3/DH_get0_pqg.3 new file mode 100755 index 0000000..26728dd --- /dev/null +++ b/linux_amd64/share/man/man3/DH_get0_pqg.3 @@ -0,0 +1,260 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DH_GET0_PQG 3" +.TH DH_GET0_PQG 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DH_get0_pqg, DH_set0_pqg, DH_get0_key, DH_set0_key, +DH_get0_p, DH_get0_q, DH_get0_g, +DH_get0_priv_key, DH_get0_pub_key, +DH_clear_flags, DH_test_flags, DH_set_flags, DH_get0_engine, +DH_get_length, DH_set_length \- Routines for getting and setting data in a DH object +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void DH_get0_pqg(const DH *dh, +\& const BIGNUM **p, const BIGNUM **q, const BIGNUM **g); +\& int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); +\& void DH_get0_key(const DH *dh, +\& const BIGNUM **pub_key, const BIGNUM **priv_key); +\& int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key); +\& const BIGNUM *DH_get0_p(const DH *dh); +\& const BIGNUM *DH_get0_q(const DH *dh); +\& const BIGNUM *DH_get0_g(const DH *dh); +\& const BIGNUM *DH_get0_priv_key(const DH *dh); +\& const BIGNUM *DH_get0_pub_key(const DH *dh); +\& void DH_clear_flags(DH *dh, int flags); +\& int DH_test_flags(const DH *dh, int flags); +\& void DH_set_flags(DH *dh, int flags); +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 3 +\& ENGINE *DH_get0_engine(DH *d); +\& long DH_get_length(const DH *dh); +\& int DH_set_length(DH *dh, long length); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A \s-1DH\s0 object contains the parameters \fBp\fR, \fBq\fR and \fBg\fR. Note that the \fBq\fR +parameter is optional. It also contains a public key (\fBpub_key\fR) and +(optionally) a private key (\fBpriv_key\fR). +.PP +The \fBp\fR, \fBq\fR and \fBg\fR parameters can be obtained by calling \fIDH_get0_pqg()\fR. +If the parameters have not yet been set then \fB*p\fR, \fB*q\fR and \fB*g\fR will be set +to \s-1NULL\s0. Otherwise they are set to pointers to their respective values. These +point directly to the internal representations of the values and therefore +should not be freed directly. +Any of the out parameters \fBp\fR, \fBq\fR, and \fBg\fR can be \s-1NULL\s0, in which case no +value will be returned for that parameter. +.PP +The \fBp\fR, \fBq\fR and \fBg\fR values can be set by calling \fIDH_set0_pqg()\fR and passing +the new values for \fBp\fR, \fBq\fR and \fBg\fR as parameters to the function. Calling +this function transfers the memory management of the values to the \s-1DH\s0 object, +and therefore the values that have been passed in should not be freed directly +after this function has been called. The \fBq\fR parameter may be \s-1NULL\s0. +.PP +To get the public and private key values use the \fIDH_get0_key()\fR function. A +pointer to the public key will be stored in \fB*pub_key\fR, and a pointer to the +private key will be stored in \fB*priv_key\fR. Either may be \s-1NULL\s0 if they have not +been set yet, although if the private key has been set then the public key must +be. The values point to the internal representation of the public key and +private key values. This memory should not be freed directly. +Any of the out parameters \fBpub_key\fR and \fBpriv_key\fR can be \s-1NULL\s0, in which case +no value will be returned for that parameter. +.PP +The public and private key values can be set using \fIDH_set0_key()\fR. Either +parameter may be \s-1NULL\s0, which means the corresponding \s-1DH\s0 field is left +untouched. As with \fIDH_set0_pqg()\fR this function transfers the memory management +of the key values to the \s-1DH\s0 object, and therefore they should not be freed +directly after this function has been called. +.PP +Any of the values \fBp\fR, \fBq\fR, \fBg\fR, \fBpriv_key\fR, and \fBpub_key\fR can also be +retrieved separately by the corresponding function \fIDH_get0_p()\fR, \fIDH_get0_q()\fR, +\&\fIDH_get0_g()\fR, \fIDH_get0_priv_key()\fR, and \fIDH_get0_pub_key()\fR, respectively. +.PP +\&\fIDH_set_flags()\fR sets the flags in the \fBflags\fR parameter on the \s-1DH\s0 object. +Multiple flags can be passed in one go (bitwise ORed together). Any flags that +are already set are left set. \fIDH_test_flags()\fR tests to see whether the flags +passed in the \fBflags\fR parameter are currently set in the \s-1DH\s0 object. Multiple +flags can be tested in one go. All flags that are currently set are returned, or +zero if none of the flags are set. \fIDH_clear_flags()\fR clears the specified flags +within the \s-1DH\s0 object. +.PP +\&\fIDH_get0_engine()\fR returns a handle to the \s-1ENGINE\s0 that has been set for this \s-1DH\s0 +object, or \s-1NULL\s0 if no such \s-1ENGINE\s0 has been set. This function is deprecated. +.PP +The \fIDH_get_length()\fR and \fIDH_set_length()\fR functions get and set the optional +length parameter associated with this \s-1DH\s0 object. If the length is nonzero then +it is used, otherwise it is ignored. The \fBlength\fR parameter indicates the +length of the secret exponent (private key) in bits. These functions are +deprecated. +.SH "NOTES" +.IX Header "NOTES" +Values retrieved with \fIDH_get0_key()\fR are owned by the \s-1DH\s0 object used +in the call and may therefore \fInot\fR be passed to \fIDH_set0_key()\fR. If +needed, duplicate the received value using \fIBN_dup()\fR and pass the +duplicate. The same applies to \fIDH_get0_pqg()\fR and \fIDH_set0_pqg()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIDH_set0_pqg()\fR and \fIDH_set0_key()\fR return 1 on success or 0 on failure. +.PP +\&\fIDH_get0_p()\fR, \fIDH_get0_q()\fR, \fIDH_get0_g()\fR, \fIDH_get0_priv_key()\fR, and \fIDH_get0_pub_key()\fR +return the respective value, or \s-1NULL\s0 if it is unset. +.PP +\&\fIDH_test_flags()\fR returns the current state of the flags in the \s-1DH\s0 object. +.PP +\&\fIDH_get0_engine()\fR returns the \s-1ENGINE\s0 set for the \s-1DH\s0 object or \s-1NULL\s0 if no \s-1ENGINE\s0 +has been set. +.PP +\&\fIDH_get_length()\fR returns the length of the secret exponent (private key) in bits, +or zero if no such length has been explicitly set. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIDH_new\fR\|(3), \fIDH_new\fR\|(3), \fIDH_generate_parameters\fR\|(3), \fIDH_generate_key\fR\|(3), +\&\fIDH_set_method\fR\|(3), \fIDH_size\fR\|(3), \fIDH_meth_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fIDH_get0_engine()\fR, \fIDH_get_length()\fR and \fIDH_set_length()\fR functions were +deprecated in OpenSSL 3.0. +.PP +The functions described here were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/DH_get_1024_160.3 b/linux_amd64/share/man/man3/DH_get_1024_160.3 new file mode 100755 index 0000000..6654847 --- /dev/null +++ b/linux_amd64/share/man/man3/DH_get_1024_160.3 @@ -0,0 +1,198 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DH_GET_1024_160 3" +.TH DH_GET_1024_160 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DH_get_1024_160, +DH_get_2048_224, +DH_get_2048_256, +BN_get0_nist_prime_192, +BN_get0_nist_prime_224, +BN_get0_nist_prime_256, +BN_get0_nist_prime_384, +BN_get0_nist_prime_521, +BN_get_rfc2409_prime_768, +BN_get_rfc2409_prime_1024, +BN_get_rfc3526_prime_1536, +BN_get_rfc3526_prime_2048, +BN_get_rfc3526_prime_3072, +BN_get_rfc3526_prime_4096, +BN_get_rfc3526_prime_6144, +BN_get_rfc3526_prime_8192 +\&\- Create standardized public primes or DH pairs +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 4 +\& #include +\& DH *DH_get_1024_160(void) +\& DH *DH_get_2048_224(void) +\& DH *DH_get_2048_256(void) +\& +\& const BIGNUM *BN_get0_nist_prime_192(void) +\& const BIGNUM *BN_get0_nist_prime_224(void) +\& const BIGNUM *BN_get0_nist_prime_256(void) +\& const BIGNUM *BN_get0_nist_prime_384(void) +\& const BIGNUM *BN_get0_nist_prime_521(void) +\& +\& BIGNUM *BN_get_rfc2409_prime_768(BIGNUM *bn) +\& BIGNUM *BN_get_rfc2409_prime_1024(BIGNUM *bn) +\& BIGNUM *BN_get_rfc3526_prime_1536(BIGNUM *bn) +\& BIGNUM *BN_get_rfc3526_prime_2048(BIGNUM *bn) +\& BIGNUM *BN_get_rfc3526_prime_3072(BIGNUM *bn) +\& BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *bn) +\& BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn) +\& BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIDH_get_1024_160()\fR, \fIDH_get_2048_224()\fR, and \fIDH_get_2048_256()\fR each return +a \s-1DH\s0 object for the \s-1IETF\s0 \s-1RFC\s0 5114 value. +.PP +\&\fIBN_get0_nist_prime_192()\fR, \fIBN_get0_nist_prime_224()\fR, \fIBN_get0_nist_prime_256()\fR, +\&\fIBN_get0_nist_prime_384()\fR, and \fIBN_get0_nist_prime_521()\fR functions return +a \s-1BIGNUM\s0 for the specific \s-1NIST\s0 prime curve (e.g., P\-256). +.PP +\&\fIBN_get_rfc2409_prime_768()\fR, \fIBN_get_rfc2409_prime_1024()\fR, +\&\fIBN_get_rfc3526_prime_1536()\fR, \fIBN_get_rfc3526_prime_2048()\fR, +\&\fIBN_get_rfc3526_prime_3072()\fR, \fIBN_get_rfc3526_prime_4096()\fR, +\&\fIBN_get_rfc3526_prime_6144()\fR, and \fIBN_get_rfc3526_prime_8192()\fR functions +return a \s-1BIGNUM\s0 for the specified size from \s-1IETF\s0 \s-1RFC\s0 2409. If \fBbn\fR +is not \s-1NULL\s0, the \s-1BIGNUM\s0 will be set into that location as well. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Defined above. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/DH_meth_new.3 b/linux_amd64/share/man/man3/DH_meth_new.3 new file mode 100755 index 0000000..6f2bb09 --- /dev/null +++ b/linux_amd64/share/man/man3/DH_meth_new.3 @@ -0,0 +1,302 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DH_METH_NEW 3" +.TH DH_METH_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DH_meth_new, DH_meth_free, DH_meth_dup, DH_meth_get0_name, DH_meth_set1_name, +DH_meth_get_flags, DH_meth_set_flags, DH_meth_get0_app_data, +DH_meth_set0_app_data, DH_meth_get_generate_key, DH_meth_set_generate_key, +DH_meth_get_compute_key, DH_meth_set_compute_key, DH_meth_get_bn_mod_exp, +DH_meth_set_bn_mod_exp, DH_meth_get_init, DH_meth_set_init, DH_meth_get_finish, +DH_meth_set_finish, DH_meth_get_generate_params, +DH_meth_set_generate_params \- Routines to build up DH methods +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& DH_METHOD *DH_meth_new(const char *name, int flags); +\& +\& void DH_meth_free(DH_METHOD *dhm); +\& +\& DH_METHOD *DH_meth_dup(const DH_METHOD *dhm); +\& +\& const char *DH_meth_get0_name(const DH_METHOD *dhm); +\& int DH_meth_set1_name(DH_METHOD *dhm, const char *name); +\& +\& int DH_meth_get_flags(const DH_METHOD *dhm); +\& int DH_meth_set_flags(DH_METHOD *dhm, int flags); +\& +\& void *DH_meth_get0_app_data(const DH_METHOD *dhm); +\& int DH_meth_set0_app_data(DH_METHOD *dhm, void *app_data); +\& +\& int (*DH_meth_get_generate_key(const DH_METHOD *dhm))(DH *); +\& int DH_meth_set_generate_key(DH_METHOD *dhm, int (*generate_key)(DH *)); +\& +\& int (*DH_meth_get_compute_key(const DH_METHOD *dhm)) +\& (unsigned char *key, const BIGNUM *pub_key, DH *dh); +\& int DH_meth_set_compute_key(DH_METHOD *dhm, +\& int (*compute_key)(unsigned char *key, const BIGNUM *pub_key, DH *dh)); +\& +\& int (*DH_meth_get_bn_mod_exp(const DH_METHOD *dhm)) +\& (const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, +\& const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +\& int DH_meth_set_bn_mod_exp(DH_METHOD *dhm, +\& int (*bn_mod_exp)(const DH *dh, BIGNUM *r, const BIGNUM *a, +\& const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, +\& BN_MONT_CTX *m_ctx)); +\& +\& int (*DH_meth_get_init(const DH_METHOD *dhm))(DH *); +\& int DH_meth_set_init(DH_METHOD *dhm, int (*init)(DH *)); +\& +\& int (*DH_meth_get_finish(const DH_METHOD *dhm))(DH *); +\& int DH_meth_set_finish(DH_METHOD *dhm, int (*finish)(DH *)); +\& +\& int (*DH_meth_get_generate_params(const DH_METHOD *dhm)) +\& (DH *, int, int, BN_GENCB *); +\& int DH_meth_set_generate_params(DH_METHOD *dhm, +\& int (*generate_params)(DH *, int, int, BN_GENCB *)); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. +Applications should instead use the provider APIs. +.PP +The \fB\s-1DH_METHOD\s0\fR type is a structure used for the provision of custom \s-1DH\s0 +implementations. It provides a set of functions used by OpenSSL for the +implementation of the various \s-1DH\s0 capabilities. +.PP +\&\fIDH_meth_new()\fR creates a new \fB\s-1DH_METHOD\s0\fR structure. It should be given a +unique \fBname\fR and a set of \fBflags\fR. The \fBname\fR should be a \s-1NULL\s0 terminated +string, which will be duplicated and stored in the \fB\s-1DH_METHOD\s0\fR object. It is +the callers responsibility to free the original string. The flags will be used +during the construction of a new \fB\s-1DH\s0\fR object based on this \fB\s-1DH_METHOD\s0\fR. Any +new \fB\s-1DH\s0\fR object will have those flags set by default. +.PP +\&\fIDH_meth_dup()\fR creates a duplicate copy of the \fB\s-1DH_METHOD\s0\fR object passed as a +parameter. This might be useful for creating a new \fB\s-1DH_METHOD\s0\fR based on an +existing one, but with some differences. +.PP +\&\fIDH_meth_free()\fR destroys a \fB\s-1DH_METHOD\s0\fR structure and frees up any memory +associated with it. +.PP +\&\fIDH_meth_get0_name()\fR will return a pointer to the name of this \s-1DH_METHOD\s0. This +is a pointer to the internal name string and so should not be freed by the +caller. \fIDH_meth_set1_name()\fR sets the name of the \s-1DH_METHOD\s0 to \fBname\fR. The +string is duplicated and the copy is stored in the \s-1DH_METHOD\s0 structure, so the +caller remains responsible for freeing the memory associated with the name. +.PP +\&\fIDH_meth_get_flags()\fR returns the current value of the flags associated with this +\&\s-1DH_METHOD\s0. \fIDH_meth_set_flags()\fR provides the ability to set these flags. +.PP +The functions \fIDH_meth_get0_app_data()\fR and \fIDH_meth_set0_app_data()\fR provide the +ability to associate implementation specific data with the \s-1DH_METHOD\s0. It is +the application's responsibility to free this data before the \s-1DH_METHOD\s0 is +freed via a call to \fIDH_meth_free()\fR. +.PP +\&\fIDH_meth_get_generate_key()\fR and \fIDH_meth_set_generate_key()\fR get and set the +function used for generating a new \s-1DH\s0 key pair respectively. This function will +be called in response to the application calling \fIDH_generate_key()\fR. The +parameter for the function has the same meaning as for \fIDH_generate_key()\fR. +.PP +\&\fIDH_meth_get_compute_key()\fR and \fIDH_meth_set_compute_key()\fR get and set the +function used for computing a new \s-1DH\s0 shared secret respectively. This function +will be called in response to the application calling \fIDH_compute_key()\fR. The +parameters for the function have the same meaning as for \fIDH_compute_key()\fR. +.PP +\&\fIDH_meth_get_bn_mod_exp()\fR and \fIDH_meth_set_bn_mod_exp()\fR get and set the function +used for computing the following value: +.PP +.Vb 1 +\& r = a ^ p mod m +.Ve +.PP +This function will be called by the default OpenSSL function for +\&\fIDH_generate_key()\fR. The result is stored in the \fBr\fR parameter. This function +may be \s-1NULL\s0 unless using the default generate key function, in which case it +must be present. +.PP +\&\fIDH_meth_get_init()\fR and \fIDH_meth_set_init()\fR get and set the function used +for creating a new \s-1DH\s0 instance respectively. This function will be +called in response to the application calling \fIDH_new()\fR (if the current default +\&\s-1DH_METHOD\s0 is this one) or \fIDH_new_method()\fR. The \fIDH_new()\fR and \fIDH_new_method()\fR +functions will allocate the memory for the new \s-1DH\s0 object, and a pointer to this +newly allocated structure will be passed as a parameter to the function. This +function may be \s-1NULL\s0. +.PP +\&\fIDH_meth_get_finish()\fR and \fIDH_meth_set_finish()\fR get and set the function used +for destroying an instance of a \s-1DH\s0 object respectively. This function will be +called in response to the application calling \fIDH_free()\fR. A pointer to the \s-1DH\s0 +to be destroyed is passed as a parameter. The destroy function should be used +for \s-1DH\s0 implementation specific clean up. The memory for the \s-1DH\s0 itself should +not be freed by this function. This function may be \s-1NULL\s0. +.PP +\&\fIDH_meth_get_generate_params()\fR and \fIDH_meth_set_generate_params()\fR get and set the +function used for generating \s-1DH\s0 parameters respectively. This function will be +called in response to the application calling \fIDH_generate_parameters_ex()\fR (or +\&\fIDH_generate_parameters()\fR). The parameters for the function have the same +meaning as for \fIDH_generate_parameters_ex()\fR. This function may be \s-1NULL\s0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIDH_meth_new()\fR and \fIDH_meth_dup()\fR return the newly allocated \s-1DH_METHOD\s0 object +or \s-1NULL\s0 on failure. +.PP +\&\fIDH_meth_get0_name()\fR and \fIDH_meth_get_flags()\fR return the name and flags +associated with the \s-1DH_METHOD\s0 respectively. +.PP +All other DH_meth_get_*() functions return the appropriate function pointer +that has been set in the \s-1DH_METHOD\s0, or \s-1NULL\s0 if no such pointer has yet been +set. +.PP +\&\fIDH_meth_set1_name()\fR and all DH_meth_set_*() functions return 1 on success or +0 on failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIDH_new\fR\|(3), \fIDH_new\fR\|(3), \fIDH_generate_parameters\fR\|(3), \fIDH_generate_key\fR\|(3), +\&\fIDH_set_method\fR\|(3), \fIDH_size\fR\|(3), \fIDH_get0_pqg\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. +.PP +The functions described here were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/DH_new.3 b/linux_amd64/share/man/man3/DH_new.3 new file mode 100755 index 0000000..e939ec6 --- /dev/null +++ b/linux_amd64/share/man/man3/DH_new.3 @@ -0,0 +1,169 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DH_NEW 3" +.TH DH_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DH_new, DH_free \- allocate and free DH objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& DH* DH_new(void); +\& +\& void DH_free(DH *dh); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIDH_new()\fR allocates and initializes a \fB\s-1DH\s0\fR structure. +.PP +\&\fIDH_free()\fR frees the \fB\s-1DH\s0\fR structure and its components. The values are +erased before the memory is returned to the system. +If \fBdh\fR is \s-1NULL\s0 nothing is done. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +If the allocation fails, \fIDH_new()\fR returns \fB\s-1NULL\s0\fR and sets an error +code that can be obtained by \fIERR_get_error\fR\|(3). Otherwise it returns +a pointer to the newly allocated structure. +.PP +\&\fIDH_free()\fR returns no value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIDH_new\fR\|(3), \fIERR_get_error\fR\|(3), +\&\fIDH_generate_parameters\fR\|(3), +\&\fIDH_generate_key\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/DH_new_by_nid.3 b/linux_amd64/share/man/man3/DH_new_by_nid.3 new file mode 100755 index 0000000..f48cd6b --- /dev/null +++ b/linux_amd64/share/man/man3/DH_new_by_nid.3 @@ -0,0 +1,175 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DH_NEW_BY_NID 3" +.TH DH_NEW_BY_NID 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DH_new_by_nid, DH_get_nid \- get or find DH named parameters +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& #include +\& DH *DH_new_by_nid(int nid); +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& int *DH_get_nid(DH *dh); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIDH_new_by_nid()\fR creates and returns a \s-1DH\s0 structure containing named parameters +\&\fBnid\fR. Currently \fBnid\fR must be \fBNID_ffdhe2048\fR, \fBNID_ffdhe3072\fR, +\&\fBNID_ffdhe4096\fR, \fBNID_ffdhe6144\fR, \fBNID_ffdhe8192\fR, +\&\fBNID_modp_1536\fR, \fBNID_modp_2048\fR, \fBNID_modp_3072\fR, +\&\fBNID_modp_4096\fR, \fBNID_modp_6144\fR or \fBNID_modp_8192\fR. +.PP +\&\fIDH_get_nid()\fR determines if the parameters contained in \fBdh\fR match +any named set. It returns the \s-1NID\s0 corresponding to the matching parameters or +\&\fBNID_undef\fR if there is no match. This function is deprecated. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIDH_new_by_nid()\fR returns a set of \s-1DH\s0 parameters or \fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fIDH_get_nid()\fR returns the \s-1NID\s0 of the matching set of parameters or +\&\fBNID_undef\fR if there is no match. +.SH "HISTORY" +.IX Header "HISTORY" +The \fIDH_get_nid()\fR function was deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/DH_set_method.3 b/linux_amd64/share/man/man3/DH_set_method.3 new file mode 100755 index 0000000..71281b2 --- /dev/null +++ b/linux_amd64/share/man/man3/DH_set_method.3 @@ -0,0 +1,223 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DH_SET_METHOD 3" +.TH DH_SET_METHOD 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DH_set_default_method, DH_get_default_method, +DH_set_method, DH_new_method, DH_OpenSSL \- select DH method +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& void DH_set_default_method(const DH_METHOD *meth); +\& +\& const DH_METHOD *DH_get_default_method(void); +\& +\& int DH_set_method(DH *dh, const DH_METHOD *meth); +\& +\& DH *DH_new_method(ENGINE *engine); +\& +\& const DH_METHOD *DH_OpenSSL(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. +Applications should instead use the provider APIs. +.PP +A \fB\s-1DH_METHOD\s0\fR specifies the functions that OpenSSL uses for Diffie-Hellman +operations. By modifying the method, alternative implementations +such as hardware accelerators may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for +important information about how these \s-1DH\s0 \s-1API\s0 functions are affected by the use +of \fB\s-1ENGINE\s0\fR \s-1API\s0 calls. +.PP +Initially, the default \s-1DH_METHOD\s0 is the OpenSSL internal implementation, as +returned by \fIDH_OpenSSL()\fR. +.PP +\&\fIDH_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1DH\s0 +structures created later. +\&\fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has been set +as a default for \s-1DH\s0, so this function is no longer recommended. +This function is not thread-safe and should not be called at the same time +as other OpenSSL functions. +.PP +\&\fIDH_get_default_method()\fR returns a pointer to the current default \s-1DH_METHOD\s0. +However, the meaningfulness of this result is dependent on whether the \s-1ENGINE\s0 +\&\s-1API\s0 is being used, so this function is no longer recommended. +.PP +\&\fIDH_set_method()\fR selects \fBmeth\fR to perform all operations using the key \fBdh\fR. +This will replace the \s-1DH_METHOD\s0 used by the \s-1DH\s0 key and if the previous method +was supplied by an \s-1ENGINE\s0, the handle to that \s-1ENGINE\s0 will be released during the +change. It is possible to have \s-1DH\s0 keys that only work with certain \s-1DH_METHOD\s0 +implementations (eg. from an \s-1ENGINE\s0 module that supports embedded +hardware-protected keys), and in such cases attempting to change the \s-1DH_METHOD\s0 +for the key can have unexpected results. +.PP +\&\fIDH_new_method()\fR allocates and initializes a \s-1DH\s0 structure so that \fBengine\fR will +be used for the \s-1DH\s0 operations. If \fBengine\fR is \s-1NULL\s0, the default \s-1ENGINE\s0 for \s-1DH\s0 +operations is used, and if no default \s-1ENGINE\s0 is set, the \s-1DH_METHOD\s0 controlled by +\&\fIDH_set_default_method()\fR is used. +.PP +A new \s-1DH_METHOD\s0 object may be constructed using \fIDH_meth_new()\fR (see +\&\fIDH_meth_new\fR\|(3)). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIDH_OpenSSL()\fR and \fIDH_get_default_method()\fR return pointers to the respective +\&\fB\s-1DH_METHOD\s0\fRs. +.PP +\&\fIDH_set_default_method()\fR returns no value. +.PP +\&\fIDH_set_method()\fR returns nonzero if the provided \fBmeth\fR was successfully set as +the method for \fBdh\fR (including unloading the \s-1ENGINE\s0 handle if the previous +method was supplied by an \s-1ENGINE\s0). +.PP +\&\fIDH_new_method()\fR returns \s-1NULL\s0 and sets an error code that can be obtained by +\&\fIERR_get_error\fR\|(3) if the allocation fails. Otherwise it +returns a pointer to the newly allocated structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIDH_new\fR\|(3), \fIDH_new\fR\|(3), \fIDH_meth_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/DH_size.3 b/linux_amd64/share/man/man3/DH_size.3 new file mode 100755 index 0000000..f28ae4c --- /dev/null +++ b/linux_amd64/share/man/man3/DH_size.3 @@ -0,0 +1,192 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DH_SIZE 3" +.TH DH_SIZE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DH_size, DH_bits, DH_security_bits \- get Diffie\-Hellman prime size and +security bits +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& int DH_size(const DH *dh); +\& +\& int DH_bits(const DH *dh); +\& +\& int DH_security_bits(const DH *dh); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. +Applications should instead use \fIEVP_PKEY_bits\fR\|(3), +\&\fIEVP_PKEY_security_bits\fR\|(3) and \fIEVP_PKEY_size\fR\|(3). +.PP +\&\fIDH_size()\fR returns the Diffie-Hellman prime size in bytes. It can be used +to determine how much memory must be allocated for the shared secret +computed by \fIDH_compute_key\fR\|(3). +.PP +\&\fIDH_bits()\fR returns the number of significant bits. +.PP +\&\fBdh\fR and \fBdh\->p\fR must not be \fB\s-1NULL\s0\fR. +.PP +\&\fIDH_security_bits()\fR returns the number of security bits of the given \fBdh\fR +key. See \fIBN_security_bits\fR\|(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIDH_size()\fR returns the prime size of Diffie-Hellman in bytes. +.PP +\&\fIDH_bits()\fR returns the number of bits in the key. +.PP +\&\fIDH_security_bits()\fR returns the number of security bits. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_PKEY_bits\fR\|(3), +\&\fIDH_new\fR\|(3), \fIDH_generate_key\fR\|(3), +\&\fIBN_num_bits\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. +.PP +The \fIDH_bits()\fR function was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/DSA_SIG_new.3 b/linux_amd64/share/man/man3/DSA_SIG_new.3 new file mode 100755 index 0000000..f49206c --- /dev/null +++ b/linux_amd64/share/man/man3/DSA_SIG_new.3 @@ -0,0 +1,181 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DSA_SIG_NEW 3" +.TH DSA_SIG_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DSA_SIG_get0, DSA_SIG_set0, +DSA_SIG_new, DSA_SIG_free \- allocate and free DSA signature objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& DSA_SIG *DSA_SIG_new(void); +\& void DSA_SIG_free(DSA_SIG *a); +\& void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); +\& int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIDSA_SIG_new()\fR allocates an empty \fB\s-1DSA_SIG\s0\fR structure. +.PP +\&\fIDSA_SIG_free()\fR frees the \fB\s-1DSA_SIG\s0\fR structure and its components. The +values are erased before the memory is returned to the system. +.PP +\&\fIDSA_SIG_get0()\fR returns internal pointers to the \fBr\fR and \fBs\fR values contained +in \fBsig\fR. +.PP +The \fBr\fR and \fBs\fR values can be set by calling \fIDSA_SIG_set0()\fR and passing the +new values for \fBr\fR and \fBs\fR as parameters to the function. Calling this +function transfers the memory management of the values to the \s-1DSA_SIG\s0 object, +and therefore the values that have been passed in should not be freed directly +after this function has been called. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +If the allocation fails, \fIDSA_SIG_new()\fR returns \fB\s-1NULL\s0\fR and sets an +error code that can be obtained by +\&\fIERR_get_error\fR\|(3). Otherwise it returns a pointer +to the newly allocated structure. +.PP +\&\fIDSA_SIG_free()\fR returns no value. +.PP +\&\fIDSA_SIG_set0()\fR returns 1 on success or 0 on failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIDSA_new\fR\|(3), \fIERR_get_error\fR\|(3), +\&\fIDSA_do_sign\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/DSA_do_sign.3 b/linux_amd64/share/man/man3/DSA_do_sign.3 new file mode 100755 index 0000000..0a039eb --- /dev/null +++ b/linux_amd64/share/man/man3/DSA_do_sign.3 @@ -0,0 +1,175 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DSA_DO_SIGN 3" +.TH DSA_DO_SIGN 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DSA_do_sign, DSA_do_verify \- raw DSA signature operations +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); +\& +\& int DSA_do_verify(const unsigned char *dgst, int dgst_len, +\& DSA_SIG *sig, DSA *dsa); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIDSA_do_sign()\fR computes a digital signature on the \fBlen\fR byte message +digest \fBdgst\fR using the private key \fBdsa\fR and returns it in a +newly allocated \fB\s-1DSA_SIG\s0\fR structure. +.PP +\&\fIDSA_sign_setup\fR\|(3) may be used to precompute part +of the signing operation in case signature generation is +time-critical. +.PP +\&\fIDSA_do_verify()\fR verifies that the signature \fBsig\fR matches a given +message digest \fBdgst\fR of size \fBlen\fR. \fBdsa\fR is the signer's public +key. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIDSA_do_sign()\fR returns the signature, \s-1NULL\s0 on error. \fIDSA_do_verify()\fR +returns 1 for a valid signature, 0 for an incorrect signature and \-1 +on error. The error codes can be obtained by +\&\fIERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIDSA_new\fR\|(3), \fIERR_get_error\fR\|(3), \fIRAND_bytes\fR\|(3), +\&\fIDSA_SIG_new\fR\|(3), +\&\fIDSA_sign\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/DSA_dup_DH.3 b/linux_amd64/share/man/man3/DSA_dup_DH.3 new file mode 100755 index 0000000..e53793a --- /dev/null +++ b/linux_amd64/share/man/man3/DSA_dup_DH.3 @@ -0,0 +1,176 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DSA_DUP_DH 3" +.TH DSA_DUP_DH 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DSA_dup_DH \- create a DH structure out of DSA structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& DH *DSA_dup_DH(const DSA *r); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function described on this page is deprecated. There is no direct +replacement, applications should use the \s-1EVP_PKEY\s0 APIs for Diffie-Hellman +operations. +.PP +\&\fIDSA_dup_DH()\fR duplicates \s-1DSA\s0 parameters/keys as \s-1DH\s0 parameters/keys. q +is lost during that conversion, but the resulting \s-1DH\s0 parameters +contain its length. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIDSA_dup_DH()\fR returns the new \fB\s-1DH\s0\fR structure, and \s-1NULL\s0 on error. The +error codes can be obtained by \fIERR_get_error\fR\|(3). +.SH "NOTE" +.IX Header "NOTE" +Be careful to avoid small subgroup attacks when using this. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIDH_new\fR\|(3), \fIDSA_new\fR\|(3), \fIERR_get_error\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +This function was deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/DSA_generate_key.3 b/linux_amd64/share/man/man3/DSA_generate_key.3 new file mode 100755 index 0000000..a7f22fe --- /dev/null +++ b/linux_amd64/share/man/man3/DSA_generate_key.3 @@ -0,0 +1,164 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DSA_GENERATE_KEY 3" +.TH DSA_GENERATE_KEY 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DSA_generate_key \- generate DSA key pair +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int DSA_generate_key(DSA *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIDSA_generate_key()\fR expects \fBa\fR to contain \s-1DSA\s0 parameters. It generates +a new key pair and stores it in \fBa\->pub_key\fR and \fBa\->priv_key\fR. +.PP +The random generator must be seeded prior to calling \fIDSA_generate_key()\fR. +If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to +external circumstances (see \s-1\fIRAND\s0\fR\|(7)), the operation will fail. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIDSA_generate_key()\fR returns 1 on success, 0 otherwise. +The error codes can be obtained by \fIERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIDSA_new\fR\|(3), \fIERR_get_error\fR\|(3), \fIRAND_bytes\fR\|(3), +\&\fIDSA_generate_parameters_ex\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/DSA_generate_parameters.3 b/linux_amd64/share/man/man3/DSA_generate_parameters.3 new file mode 100755 index 0000000..517c6b5 --- /dev/null +++ b/linux_amd64/share/man/man3/DSA_generate_parameters.3 @@ -0,0 +1,231 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DSA_GENERATE_PARAMETERS 3" +.TH DSA_GENERATE_PARAMETERS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DSA_generate_parameters_ex, DSA_generate_parameters \- generate DSA parameters +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int DSA_generate_parameters_ex(DSA *dsa, int bits, +\& const unsigned char *seed, int seed_len, +\& int *counter_ret, unsigned long *h_ret, +\& BN_GENCB *cb); +.Ve +.PP +Deprecated since OpenSSL 0.9.8, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 3 +\& DSA *DSA_generate_parameters(int bits, unsigned char *seed, int seed_len, +\& int *counter_ret, unsigned long *h_ret, +\& void (*callback)(int, int, void *), void *cb_arg); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIDSA_generate_parameters_ex()\fR generates primes p and q and a generator g +for use in the \s-1DSA\s0 and stores the result in \fBdsa\fR. +.PP +\&\fBbits\fR is the length of the prime p to be generated. +For lengths under 2048 bits, the length of q is 160 bits; for lengths +greater than or equal to 2048 bits, the length of q is set to 256 bits. +.PP +If \fBseed\fR is \s-1NULL\s0, the primes will be generated at random. +If \fBseed_len\fR is less than the length of q, an error is returned. +.PP +\&\fIDSA_generate_parameters_ex()\fR places the iteration count in +*\fBcounter_ret\fR and a counter used for finding a generator in +*\fBh_ret\fR, unless these are \fB\s-1NULL\s0\fR. +.PP +A callback function may be used to provide feedback about the progress +of the key generation. If \fBcb\fR is not \fB\s-1NULL\s0\fR, it will be +called as shown below. For information on the \s-1BN_GENCB\s0 structure and the +BN_GENCB_call function discussed below, refer to +\&\fIBN_generate_prime\fR\|(3). +.PP +\&\fIDSA_generate_prime()\fR is similar to \fIDSA_generate_prime_ex()\fR but +expects an old-style callback function; see +\&\fIBN_generate_prime\fR\|(3) for information on the old-style callback. +.IP "\(bu" 2 +When a candidate for q is generated, \fBBN_GENCB_call(cb, 0, m++)\fR is called +(m is 0 for the first candidate). +.IP "\(bu" 2 +When a candidate for q has passed a test by trial division, +\&\fBBN_GENCB_call(cb, 1, \-1)\fR is called. +While a candidate for q is tested by Miller-Rabin primality tests, +\&\fBBN_GENCB_call(cb, 1, i)\fR is called in the outer loop +(once for each witness that confirms that the candidate may be prime); +i is the loop counter (starting at 0). +.IP "\(bu" 2 +When a prime q has been found, \fBBN_GENCB_call(cb, 2, 0)\fR and +\&\fBBN_GENCB_call(cb, 3, 0)\fR are called. +.IP "\(bu" 2 +Before a candidate for p (other than the first) is generated and tested, +\&\fBBN_GENCB_call(cb, 0, counter)\fR is called. +.IP "\(bu" 2 +When a candidate for p has passed the test by trial division, +\&\fBBN_GENCB_call(cb, 1, \-1)\fR is called. +While it is tested by the Miller-Rabin primality test, +\&\fBBN_GENCB_call(cb, 1, i)\fR is called in the outer loop +(once for each witness that confirms that the candidate may be prime). +i is the loop counter (starting at 0). +.IP "\(bu" 2 +When p has been found, \fBBN_GENCB_call(cb, 2, 1)\fR is called. +.IP "\(bu" 2 +When the generator has been found, \fBBN_GENCB_call(cb, 3, 1)\fR is called. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIDSA_generate_parameters_ex()\fR returns a 1 on success, or 0 otherwise. +The error codes can be obtained by \fIERR_get_error\fR\|(3). +.PP +\&\fIDSA_generate_parameters()\fR returns a pointer to the \s-1DSA\s0 structure or +\&\fB\s-1NULL\s0\fR if the parameter generation fails. +.SH "BUGS" +.IX Header "BUGS" +Seed lengths greater than 20 are not supported. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIDSA_new\fR\|(3), \fIERR_get_error\fR\|(3), \fIRAND_bytes\fR\|(3), +\&\fIDSA_free\fR\|(3), \fIBN_generate_prime\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIDSA_generate_parameters()\fR was deprecated in OpenSSL 0.9.8; use +\&\fIDSA_generate_parameters_ex()\fR instead. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/DSA_get0_pqg.3 b/linux_amd64/share/man/man3/DSA_get0_pqg.3 new file mode 100755 index 0000000..5861f69 --- /dev/null +++ b/linux_amd64/share/man/man3/DSA_get0_pqg.3 @@ -0,0 +1,235 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DSA_GET0_PQG 3" +.TH DSA_GET0_PQG 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DSA_get0_pqg, DSA_set0_pqg, DSA_get0_key, DSA_set0_key, +DSA_get0_p, DSA_get0_q, DSA_get0_g, +DSA_get0_pub_key, DSA_get0_priv_key, +DSA_clear_flags, DSA_test_flags, DSA_set_flags, +DSA_get0_engine \- Routines for getting and +setting data in a DSA object +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void DSA_get0_pqg(const DSA *d, +\& const BIGNUM **p, const BIGNUM **q, const BIGNUM **g); +\& int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g); +\& void DSA_get0_key(const DSA *d, +\& const BIGNUM **pub_key, const BIGNUM **priv_key); +\& int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key); +\& const BIGNUM *DSA_get0_p(const DSA *d); +\& const BIGNUM *DSA_get0_q(const DSA *d); +\& const BIGNUM *DSA_get0_g(const DSA *d); +\& const BIGNUM *DSA_get0_pub_key(const DSA *d); +\& const BIGNUM *DSA_get0_priv_key(const DSA *d); +\& void DSA_clear_flags(DSA *d, int flags); +\& int DSA_test_flags(const DSA *d, int flags); +\& void DSA_set_flags(DSA *d, int flags); +\& ENGINE *DSA_get0_engine(DSA *d); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A \s-1DSA\s0 object contains the parameters \fBp\fR, \fBq\fR and \fBg\fR. It also contains a +public key (\fBpub_key\fR) and (optionally) a private key (\fBpriv_key\fR). +.PP +The \fBp\fR, \fBq\fR and \fBg\fR parameters can be obtained by calling \fIDSA_get0_pqg()\fR. +If the parameters have not yet been set then \fB*p\fR, \fB*q\fR and \fB*g\fR will be set +to \s-1NULL\s0. Otherwise they are set to pointers to their respective values. These +point directly to the internal representations of the values and therefore +should not be freed directly. +.PP +The \fBp\fR, \fBq\fR and \fBg\fR values can be set by calling \fIDSA_set0_pqg()\fR and passing +the new values for \fBp\fR, \fBq\fR and \fBg\fR as parameters to the function. Calling +this function transfers the memory management of the values to the \s-1DSA\s0 object, +and therefore the values that have been passed in should not be freed directly +after this function has been called. +.PP +To get the public and private key values use the \fIDSA_get0_key()\fR function. A +pointer to the public key will be stored in \fB*pub_key\fR, and a pointer to the +private key will be stored in \fB*priv_key\fR. Either may be \s-1NULL\s0 if they have not +been set yet, although if the private key has been set then the public key must +be. The values point to the internal representation of the public key and +private key values. This memory should not be freed directly. +.PP +The public and private key values can be set using \fIDSA_set0_key()\fR. The public +key must be non-NULL the first time this function is called on a given \s-1DSA\s0 +object. The private key may be \s-1NULL\s0. On subsequent calls, either may be \s-1NULL\s0, +which means the corresponding \s-1DSA\s0 field is left untouched. As for \fIDSA_set0_pqg()\fR +this function transfers the memory management of the key values to the \s-1DSA\s0 +object, and therefore they should not be freed directly after this function has +been called. +.PP +Any of the values \fBp\fR, \fBq\fR, \fBg\fR, \fBpriv_key\fR, and \fBpub_key\fR can also be +retrieved separately by the corresponding function \fIDSA_get0_p()\fR, \fIDSA_get0_q()\fR, +\&\fIDSA_get0_g()\fR, \fIDSA_get0_priv_key()\fR, and \fIDSA_get0_pub_key()\fR, respectively. +.PP +\&\fIDSA_set_flags()\fR sets the flags in the \fBflags\fR parameter on the \s-1DSA\s0 object. +Multiple flags can be passed in one go (bitwise ORed together). Any flags that +are already set are left set. \fIDSA_test_flags()\fR tests to see whether the flags +passed in the \fBflags\fR parameter are currently set in the \s-1DSA\s0 object. Multiple +flags can be tested in one go. All flags that are currently set are returned, or +zero if none of the flags are set. \fIDSA_clear_flags()\fR clears the specified flags +within the \s-1DSA\s0 object. +.PP +\&\fIDSA_get0_engine()\fR returns a handle to the \s-1ENGINE\s0 that has been set for this \s-1DSA\s0 +object, or \s-1NULL\s0 if no such \s-1ENGINE\s0 has been set. +.SH "NOTES" +.IX Header "NOTES" +Values retrieved with \fIDSA_get0_key()\fR are owned by the \s-1DSA\s0 object used +in the call and may therefore \fInot\fR be passed to \fIDSA_set0_key()\fR. If +needed, duplicate the received value using \fIBN_dup()\fR and pass the +duplicate. The same applies to \fIDSA_get0_pqg()\fR and \fIDSA_set0_pqg()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIDSA_set0_pqg()\fR and \fIDSA_set0_key()\fR return 1 on success or 0 on failure. +.PP +\&\fIDSA_test_flags()\fR returns the current state of the flags in the \s-1DSA\s0 object. +.PP +\&\fIDSA_get0_engine()\fR returns the \s-1ENGINE\s0 set for the \s-1DSA\s0 object or \s-1NULL\s0 if no \s-1ENGINE\s0 +has been set. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIDSA_new\fR\|(3), \fIDSA_new\fR\|(3), \fIDSA_generate_parameters\fR\|(3), \fIDSA_generate_key\fR\|(3), +\&\fIDSA_dup_DH\fR\|(3), \fIDSA_do_sign\fR\|(3), \fIDSA_set_method\fR\|(3), \fIDSA_SIG_new\fR\|(3), +\&\fIDSA_sign\fR\|(3), \fIDSA_size\fR\|(3), \fIDSA_meth_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/DSA_meth_new.3 b/linux_amd64/share/man/man3/DSA_meth_new.3 new file mode 100755 index 0000000..ef6b33f --- /dev/null +++ b/linux_amd64/share/man/man3/DSA_meth_new.3 @@ -0,0 +1,352 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DSA_METH_NEW 3" +.TH DSA_METH_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DSA_meth_new, DSA_meth_free, DSA_meth_dup, DSA_meth_get0_name, +DSA_meth_set1_name, DSA_meth_get_flags, DSA_meth_set_flags, +DSA_meth_get0_app_data, DSA_meth_set0_app_data, DSA_meth_get_sign, +DSA_meth_set_sign, DSA_meth_get_sign_setup, DSA_meth_set_sign_setup, +DSA_meth_get_verify, DSA_meth_set_verify, DSA_meth_get_mod_exp, +DSA_meth_set_mod_exp, DSA_meth_get_bn_mod_exp, DSA_meth_set_bn_mod_exp, +DSA_meth_get_init, DSA_meth_set_init, DSA_meth_get_finish, DSA_meth_set_finish, +DSA_meth_get_paramgen, DSA_meth_set_paramgen, DSA_meth_get_keygen, +DSA_meth_set_keygen \- Routines to build up DSA methods +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& DSA_METHOD *DSA_meth_new(const char *name, int flags); +\& +\& void DSA_meth_free(DSA_METHOD *dsam); +\& +\& DSA_METHOD *DSA_meth_dup(const DSA_METHOD *meth); +\& +\& const char *DSA_meth_get0_name(const DSA_METHOD *dsam); +\& int DSA_meth_set1_name(DSA_METHOD *dsam, const char *name); +\& +\& int DSA_meth_get_flags(const DSA_METHOD *dsam); +\& int DSA_meth_set_flags(DSA_METHOD *dsam, int flags); +\& +\& void *DSA_meth_get0_app_data(const DSA_METHOD *dsam); +\& int DSA_meth_set0_app_data(DSA_METHOD *dsam, void *app_data); +\& +\& DSA_SIG *(*DSA_meth_get_sign(const DSA_METHOD *dsam))(const unsigned char *, +\& int, DSA *); +\& int DSA_meth_set_sign(DSA_METHOD *dsam, DSA_SIG *(*sign)(const unsigned char *, +\& int, DSA *)); +\& +\& int (*DSA_meth_get_sign_setup(const DSA_METHOD *dsam))(DSA *, BN_CTX *,$ +\& BIGNUM **, BIGNUM **); +\& int DSA_meth_set_sign_setup(DSA_METHOD *dsam, int (*sign_setup)(DSA *, BN_CTX *, +\& BIGNUM **, BIGNUM **)); +\& +\& int (*DSA_meth_get_verify(const DSA_METHOD *dsam))(const unsigned char *, +\& int, DSA_SIG *, DSA *); +\& int DSA_meth_set_verify(DSA_METHOD *dsam, int (*verify)(const unsigned char *, +\& int, DSA_SIG *, DSA *)); +\& +\& int (*DSA_meth_get_mod_exp(const DSA_METHOD *dsam))(DSA *dsa, BIGNUM *rr, BIGNUM *a1, +\& BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, +\& BIGNUM *m, BN_CTX *ctx, +\& BN_MONT_CTX *in_mont); +\& int DSA_meth_set_mod_exp(DSA_METHOD *dsam, int (*mod_exp)(DSA *dsa, BIGNUM *rr, +\& BIGNUM *a1, BIGNUM *p1, +\& BIGNUM *a2, BIGNUM *p2, +\& BIGNUM *m, BN_CTX *ctx, +\& BN_MONT_CTX *mont)); +\& +\& int (*DSA_meth_get_bn_mod_exp(const DSA_METHOD *dsam))(DSA *dsa, BIGNUM *r, BIGNUM *a, +\& const BIGNUM *p, const BIGNUM *m, +\& BN_CTX *ctx, BN_MONT_CTX *mont); +\& int DSA_meth_set_bn_mod_exp(DSA_METHOD *dsam, int (*bn_mod_exp)(DSA *dsa, +\& BIGNUM *r, +\& BIGNUM *a, +\& const BIGNUM *p, +\& const BIGNUM *m, +\& BN_CTX *ctx, +\& BN_MONT_CTX *mont)); +\& +\& int (*DSA_meth_get_init(const DSA_METHOD *dsam))(DSA *); +\& int DSA_meth_set_init(DSA_METHOD *dsam, int (*init)(DSA *)); +\& +\& int (*DSA_meth_get_finish(const DSA_METHOD *dsam))(DSA *); +\& int DSA_meth_set_finish(DSA_METHOD *dsam, int (*finish)(DSA *)); +\& +\& int (*DSA_meth_get_paramgen(const DSA_METHOD *dsam))(DSA *, int, +\& const unsigned char *, +\& int, int *, unsigned long *, +\& BN_GENCB *); +\& int DSA_meth_set_paramgen(DSA_METHOD *dsam, +\& int (*paramgen)(DSA *, int, const unsigned char *, +\& int, int *, unsigned long *, BN_GENCB *)); +\& +\& int (*DSA_meth_get_keygen(const DSA_METHOD *dsam))(DSA *); +\& int DSA_meth_set_keygen(DSA_METHOD *dsam, int (*keygen)(DSA *)); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. +Applications and extension implementations should instead use the +\&\s-1OSSL_PROVIDER\s0 APIs. +.PP +The \fB\s-1DSA_METHOD\s0\fR type is a structure used for the provision of custom \s-1DSA\s0 +implementations. It provides a set of functions used by OpenSSL for the +implementation of the various \s-1DSA\s0 capabilities. +.PP +\&\fIDSA_meth_new()\fR creates a new \fB\s-1DSA_METHOD\s0\fR structure. It should be given a +unique \fBname\fR and a set of \fBflags\fR. The \fBname\fR should be a \s-1NULL\s0 terminated +string, which will be duplicated and stored in the \fB\s-1DSA_METHOD\s0\fR object. It is +the callers responsibility to free the original string. The flags will be used +during the construction of a new \fB\s-1DSA\s0\fR object based on this \fB\s-1DSA_METHOD\s0\fR. Any +new \fB\s-1DSA\s0\fR object will have those flags set by default. +.PP +\&\fIDSA_meth_dup()\fR creates a duplicate copy of the \fB\s-1DSA_METHOD\s0\fR object passed as a +parameter. This might be useful for creating a new \fB\s-1DSA_METHOD\s0\fR based on an +existing one, but with some differences. +.PP +\&\fIDSA_meth_free()\fR destroys a \fB\s-1DSA_METHOD\s0\fR structure and frees up any memory +associated with it. +.PP +\&\fIDSA_meth_get0_name()\fR will return a pointer to the name of this \s-1DSA_METHOD\s0. This +is a pointer to the internal name string and so should not be freed by the +caller. \fIDSA_meth_set1_name()\fR sets the name of the \s-1DSA_METHOD\s0 to \fBname\fR. The +string is duplicated and the copy is stored in the \s-1DSA_METHOD\s0 structure, so the +caller remains responsible for freeing the memory associated with the name. +.PP +\&\fIDSA_meth_get_flags()\fR returns the current value of the flags associated with this +\&\s-1DSA_METHOD\s0. \fIDSA_meth_set_flags()\fR provides the ability to set these flags. +.PP +The functions \fIDSA_meth_get0_app_data()\fR and \fIDSA_meth_set0_app_data()\fR provide the +ability to associate implementation specific data with the \s-1DSA_METHOD\s0. It is +the application's responsibility to free this data before the \s-1DSA_METHOD\s0 is +freed via a call to \fIDSA_meth_free()\fR. +.PP +\&\fIDSA_meth_get_sign()\fR and \fIDSA_meth_set_sign()\fR get and set the function used for +creating a \s-1DSA\s0 signature respectively. This function will be +called in response to the application calling \fIDSA_do_sign()\fR (or \fIDSA_sign()\fR). The +parameters for the function have the same meaning as for \fIDSA_do_sign()\fR. +.PP +\&\fIDSA_meth_get_sign_setup()\fR and \fIDSA_meth_set_sign_setup()\fR get and set the function +used for precalculating the \s-1DSA\s0 signature values \fBk^\-1\fR and \fBr\fR. This function +will be called in response to the application calling \fIDSA_sign_setup()\fR. The +parameters for the function have the same meaning as for \fIDSA_sign_setup()\fR. +.PP +\&\fIDSA_meth_get_verify()\fR and \fIDSA_meth_set_verify()\fR get and set the function used +for verifying a \s-1DSA\s0 signature respectively. This function will be called in +response to the application calling \fIDSA_do_verify()\fR (or \fIDSA_verify()\fR). The +parameters for the function have the same meaning as for \fIDSA_do_verify()\fR. +.PP +\&\fIDSA_meth_get_mod_exp()\fR and \fIDSA_meth_set_mod_exp()\fR get and set the function used +for computing the following value: +.PP +.Vb 1 +\& rr = a1^p1 * a2^p2 mod m +.Ve +.PP +This function will be called by the default OpenSSL method during verification +of a \s-1DSA\s0 signature. The result is stored in the \fBrr\fR parameter. This function +may be \s-1NULL\s0. +.PP +\&\fIDSA_meth_get_bn_mod_exp()\fR and \fIDSA_meth_set_bn_mod_exp()\fR get and set the function +used for computing the following value: +.PP +.Vb 1 +\& r = a ^ p mod m +.Ve +.PP +This function will be called by the default OpenSSL function for +\&\fIDSA_sign_setup()\fR. The result is stored in the \fBr\fR parameter. This function +may be \s-1NULL\s0. +.PP +\&\fIDSA_meth_get_init()\fR and \fIDSA_meth_set_init()\fR get and set the function used +for creating a new \s-1DSA\s0 instance respectively. This function will be +called in response to the application calling \fIDSA_new()\fR (if the current default +\&\s-1DSA_METHOD\s0 is this one) or \fIDSA_new_method()\fR. The \fIDSA_new()\fR and \fIDSA_new_method()\fR +functions will allocate the memory for the new \s-1DSA\s0 object, and a pointer to this +newly allocated structure will be passed as a parameter to the function. This +function may be \s-1NULL\s0. +.PP +\&\fIDSA_meth_get_finish()\fR and \fIDSA_meth_set_finish()\fR get and set the function used +for destroying an instance of a \s-1DSA\s0 object respectively. This function will be +called in response to the application calling \fIDSA_free()\fR. A pointer to the \s-1DSA\s0 +to be destroyed is passed as a parameter. The destroy function should be used +for \s-1DSA\s0 implementation specific clean up. The memory for the \s-1DSA\s0 itself should +not be freed by this function. This function may be \s-1NULL\s0. +.PP +\&\fIDSA_meth_get_paramgen()\fR and \fIDSA_meth_set_paramgen()\fR get and set the function +used for generating \s-1DSA\s0 parameters respectively. This function will be called in +response to the application calling \fIDSA_generate_parameters_ex()\fR (or +\&\fIDSA_generate_parameters()\fR). The parameters for the function have the same +meaning as for \fIDSA_generate_parameters_ex()\fR. +.PP +\&\fIDSA_meth_get_keygen()\fR and \fIDSA_meth_set_keygen()\fR get and set the function +used for generating a new \s-1DSA\s0 key pair respectively. This function will be +called in response to the application calling \fIDSA_generate_key()\fR. The parameter +for the function has the same meaning as for \fIDSA_generate_key()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIDSA_meth_new()\fR and \fIDSA_meth_dup()\fR return the newly allocated \s-1DSA_METHOD\s0 object +or \s-1NULL\s0 on failure. +.PP +\&\fIDSA_meth_get0_name()\fR and \fIDSA_meth_get_flags()\fR return the name and flags +associated with the \s-1DSA_METHOD\s0 respectively. +.PP +All other DSA_meth_get_*() functions return the appropriate function pointer +that has been set in the \s-1DSA_METHOD\s0, or \s-1NULL\s0 if no such pointer has yet been +set. +.PP +\&\fIDSA_meth_set1_name()\fR and all DSA_meth_set_*() functions return 1 on success or +0 on failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIDSA_new\fR\|(3), \fIDSA_new\fR\|(3), \fIDSA_generate_parameters\fR\|(3), \fIDSA_generate_key\fR\|(3), +\&\fIDSA_dup_DH\fR\|(3), \fIDSA_do_sign\fR\|(3), \fIDSA_set_method\fR\|(3), \fIDSA_SIG_new\fR\|(3), +\&\fIDSA_sign\fR\|(3), \fIDSA_size\fR\|(3), \fIDSA_get0_pqg\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were deprecated in OpenSSL 3.0. +.PP +The functions described here were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/DSA_new.3 b/linux_amd64/share/man/man3/DSA_new.3 new file mode 100755 index 0000000..fa0be1b --- /dev/null +++ b/linux_amd64/share/man/man3/DSA_new.3 @@ -0,0 +1,171 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DSA_NEW 3" +.TH DSA_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DSA_new, DSA_free \- allocate and free DSA objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& DSA* DSA_new(void); +\& +\& void DSA_free(DSA *dsa); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIDSA_new()\fR allocates and initializes a \fB\s-1DSA\s0\fR structure. It is equivalent to +calling DSA_new_method(\s-1NULL\s0). +.PP +\&\fIDSA_free()\fR frees the \fB\s-1DSA\s0\fR structure and its components. The values are +erased before the memory is returned to the system. +If \fBdsa\fR is \s-1NULL\s0 nothing is done. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +If the allocation fails, \fIDSA_new()\fR returns \fB\s-1NULL\s0\fR and sets an error +code that can be obtained by +\&\fIERR_get_error\fR\|(3). Otherwise it returns a pointer +to the newly allocated structure. +.PP +\&\fIDSA_free()\fR returns no value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIDSA_new\fR\|(3), \fIERR_get_error\fR\|(3), +\&\fIDSA_generate_parameters\fR\|(3), +\&\fIDSA_generate_key\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/DSA_set_method.3 b/linux_amd64/share/man/man3/DSA_set_method.3 new file mode 100755 index 0000000..8e74b5d --- /dev/null +++ b/linux_amd64/share/man/man3/DSA_set_method.3 @@ -0,0 +1,211 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DSA_SET_METHOD 3" +.TH DSA_SET_METHOD 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DSA_set_default_method, DSA_get_default_method, +DSA_set_method, DSA_new_method, DSA_OpenSSL \- select DSA method +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void DSA_set_default_method(const DSA_METHOD *meth); +\& +\& const DSA_METHOD *DSA_get_default_method(void); +\& +\& int DSA_set_method(DSA *dsa, const DSA_METHOD *meth); +\& +\& DSA *DSA_new_method(ENGINE *engine); +\& +\& DSA_METHOD *DSA_OpenSSL(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A \fB\s-1DSA_METHOD\s0\fR specifies the functions that OpenSSL uses for \s-1DSA\s0 +operations. By modifying the method, alternative implementations +such as hardware accelerators may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for +important information about how these \s-1DSA\s0 \s-1API\s0 functions are affected by the use +of \fB\s-1ENGINE\s0\fR \s-1API\s0 calls. +.PP +Initially, the default \s-1DSA_METHOD\s0 is the OpenSSL internal implementation, +as returned by \fIDSA_OpenSSL()\fR. +.PP +\&\fIDSA_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1DSA\s0 +structures created later. +\&\fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has +been set as a default for \s-1DSA\s0, so this function is no longer recommended. +This function is not thread-safe and should not be called at the same time +as other OpenSSL functions. +.PP +\&\fIDSA_get_default_method()\fR returns a pointer to the current default +\&\s-1DSA_METHOD\s0. However, the meaningfulness of this result is dependent on +whether the \s-1ENGINE\s0 \s-1API\s0 is being used, so this function is no longer +recommended. +.PP +\&\fIDSA_set_method()\fR selects \fBmeth\fR to perform all operations using the key +\&\fBrsa\fR. This will replace the \s-1DSA_METHOD\s0 used by the \s-1DSA\s0 key and if the +previous method was supplied by an \s-1ENGINE\s0, the handle to that \s-1ENGINE\s0 will +be released during the change. It is possible to have \s-1DSA\s0 keys that only +work with certain \s-1DSA_METHOD\s0 implementations (eg. from an \s-1ENGINE\s0 module +that supports embedded hardware-protected keys), and in such cases +attempting to change the \s-1DSA_METHOD\s0 for the key can have unexpected +results. See \fIDSA_meth_new\fR\|(3) for information on constructing custom \s-1DSA_METHOD\s0 +objects; +.PP +\&\fIDSA_new_method()\fR allocates and initializes a \s-1DSA\s0 structure so that \fBengine\fR +will be used for the \s-1DSA\s0 operations. If \fBengine\fR is \s-1NULL\s0, the default engine +for \s-1DSA\s0 operations is used, and if no default \s-1ENGINE\s0 is set, the \s-1DSA_METHOD\s0 +controlled by \fIDSA_set_default_method()\fR is used. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIDSA_OpenSSL()\fR and \fIDSA_get_default_method()\fR return pointers to the respective +\&\fB\s-1DSA_METHOD\s0\fRs. +.PP +\&\fIDSA_set_default_method()\fR returns no value. +.PP +\&\fIDSA_set_method()\fR returns nonzero if the provided \fBmeth\fR was successfully set as +the method for \fBdsa\fR (including unloading the \s-1ENGINE\s0 handle if the previous +method was supplied by an \s-1ENGINE\s0). +.PP +\&\fIDSA_new_method()\fR returns \s-1NULL\s0 and sets an error code that can be +obtained by \fIERR_get_error\fR\|(3) if the allocation +fails. Otherwise it returns a pointer to the newly allocated structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIDSA_new\fR\|(3), \fIDSA_new\fR\|(3), \fIDSA_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/DSA_sign.3 b/linux_amd64/share/man/man3/DSA_sign.3 new file mode 100755 index 0000000..821ea20 --- /dev/null +++ b/linux_amd64/share/man/man3/DSA_sign.3 @@ -0,0 +1,193 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DSA_SIGN 3" +.TH DSA_SIGN 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DSA_sign, DSA_sign_setup, DSA_verify \- DSA signatures +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int DSA_sign(int type, const unsigned char *dgst, int len, +\& unsigned char *sigret, unsigned int *siglen, DSA *dsa); +\& +\& int DSA_sign_setup(DSA *dsa, BN_CTX *ctx, BIGNUM **kinvp, BIGNUM **rp); +\& +\& int DSA_verify(int type, const unsigned char *dgst, int len, +\& unsigned char *sigbuf, int siglen, DSA *dsa); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIDSA_sign()\fR computes a digital signature on the \fBlen\fR byte message +digest \fBdgst\fR using the private key \fBdsa\fR and places its \s-1ASN\s0.1 \s-1DER\s0 +encoding at \fBsigret\fR. The length of the signature is places in +*\fBsiglen\fR. \fBsigret\fR must point to DSA_size(\fBdsa\fR) bytes of memory. +.PP +\&\fIDSA_sign_setup()\fR is defined only for backward binary compatibility and +should not be used. +Since OpenSSL 1.1.0 the \s-1DSA\s0 type is opaque and the output of +\&\fIDSA_sign_setup()\fR cannot be used anyway: calling this function will only +cause overhead, and does not affect the actual signature +(pre\-)computation. +.PP +\&\fIDSA_verify()\fR verifies that the signature \fBsigbuf\fR of size \fBsiglen\fR +matches a given message digest \fBdgst\fR of size \fBlen\fR. +\&\fBdsa\fR is the signer's public key. +.PP +The \fBtype\fR parameter is ignored. +.PP +The random generator must be seeded when \fIDSA_sign()\fR (or \fIDSA_sign_setup()\fR) +is called. +If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to +external circumstances (see \s-1\fIRAND\s0\fR\|(7)), the operation will fail. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIDSA_sign()\fR and \fIDSA_sign_setup()\fR return 1 on success, 0 on error. +\&\fIDSA_verify()\fR returns 1 for a valid signature, 0 for an incorrect +signature and \-1 on error. The error codes can be obtained by +\&\fIERR_get_error\fR\|(3). +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1US\s0 Federal Information Processing Standard \s-1FIPS\s0 186 (Digital Signature +Standard, \s-1DSS\s0), \s-1ANSI\s0 X9.30 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIDSA_new\fR\|(3), \fIERR_get_error\fR\|(3), \fIRAND_bytes\fR\|(3), +\&\fIDSA_do_sign\fR\|(3), +\&\s-1\fIRAND\s0\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/DSA_size.3 b/linux_amd64/share/man/man3/DSA_size.3 new file mode 100755 index 0000000..2484eb6 --- /dev/null +++ b/linux_amd64/share/man/man3/DSA_size.3 @@ -0,0 +1,187 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DSA_SIZE 3" +.TH DSA_SIZE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DSA_size, DSA_bits, DSA_security_bits \- get DSA signature size, key bits or security bits +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 3 +\& int DSA_size(const DSA *dsa); +\& int DSA_bits(const DSA *dsa); +\& int DSA_security_bits(const DSA *dsa); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. +Applications should instead use \fIEVP_PKEY_bits\fR\|(3), +\&\fIEVP_PKEY_security_bits\fR\|(3) and \fIEVP_PKEY_size\fR\|(3). +.PP +\&\fIDSA_size()\fR returns the maximum size of an \s-1ASN\s0.1 encoded \s-1DSA\s0 signature +for key \fBdsa\fR in bytes. It can be used to determine how much memory must +be allocated for a \s-1DSA\s0 signature. +.PP +\&\fBdsa\->q\fR must not be \fB\s-1NULL\s0\fR. +.PP +\&\fIDSA_bits()\fR returns the number of bits in key \fBdsa\fR: this is the number +of bits in the \fBp\fR parameter. +.PP +\&\fIDSA_security_bits()\fR returns the number of security bits of the given \fBdsa\fR +key. See \fIBN_security_bits\fR\|(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIDSA_size()\fR returns the signature size in bytes. +.PP +\&\fIDSA_bits()\fR returns the number of bits in the key. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_PKEY_bits\fR\|(3), +\&\fIEVP_PKEY_security_bits\fR\|(3), +\&\fIEVP_PKEY_size\fR\|(3), +\&\fIDSA_new\fR\|(3), \fIDSA_sign\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/DTLS_get_data_mtu.3 b/linux_amd64/share/man/man3/DTLS_get_data_mtu.3 new file mode 100755 index 0000000..47cb475 --- /dev/null +++ b/linux_amd64/share/man/man3/DTLS_get_data_mtu.3 @@ -0,0 +1,159 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DTLS_GET_DATA_MTU 3" +.TH DTLS_GET_DATA_MTU 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DTLS_get_data_mtu \- Get maximum data payload size +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& size_t DTLS_get_data_mtu(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This function obtains the maximum data payload size for the established +\&\s-1DTLS\s0 connection \fBssl\fR, based on the \s-1DTLS\s0 record \s-1MTU\s0 and the overhead +of the \s-1DTLS\s0 record header, encryption and authentication currently in use. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Returns the maximum data payload size on success, or 0 on failure. +.SH "HISTORY" +.IX Header "HISTORY" +The \fIDTLS_get_data_mtu()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/DTLS_set_timer_cb.3 b/linux_amd64/share/man/man3/DTLS_set_timer_cb.3 new file mode 100755 index 0000000..df4c0ae --- /dev/null +++ b/linux_amd64/share/man/man3/DTLS_set_timer_cb.3 @@ -0,0 +1,163 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DTLS_SET_TIMER_CB 3" +.TH DTLS_SET_TIMER_CB 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DTLS_timer_cb, +DTLS_set_timer_cb +\&\- Set callback for controlling DTLS timer duration +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef unsigned int (*DTLS_timer_cb)(SSL *s, unsigned int timer_us); +\& +\& void DTLS_set_timer_cb(SSL *s, DTLS_timer_cb cb); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This function sets an optional callback function for controlling the +timeout interval on the \s-1DTLS\s0 protocol. The callback function will be +called by \s-1DTLS\s0 for every new \s-1DTLS\s0 packet that is sent. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Returns void. +.SH "HISTORY" +.IX Header "HISTORY" +The \fIDTLS_set_timer_cb()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/DTLSv1_listen.3 b/linux_amd64/share/man/man3/DTLSv1_listen.3 new file mode 100755 index 0000000..6eb095d --- /dev/null +++ b/linux_amd64/share/man/man3/DTLSv1_listen.3 @@ -0,0 +1,257 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DTLSV1_LISTEN 3" +.TH DTLSV1_LISTEN 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_stateless, +DTLSv1_listen +\&\- Statelessly listen for incoming connections +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_stateless(SSL *s); +\& int DTLSv1_listen(SSL *ssl, BIO_ADDR *peer); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_stateless()\fR statelessly listens for new incoming TLSv1.3 connections. +\&\fIDTLSv1_listen()\fR statelessly listens for new incoming \s-1DTLS\s0 connections. If a +ClientHello is received that does not contain a cookie, then they respond with a +request for a new ClientHello that does contain a cookie. If a ClientHello is +received with a cookie that is verified then the function returns in order to +enable the handshake to be completed (for example by using \fISSL_accept()\fR). +.SH "NOTES" +.IX Header "NOTES" +Some transport protocols (such as \s-1UDP\s0) can be susceptible to amplification +attacks. Unlike \s-1TCP\s0 there is no initial connection setup in \s-1UDP\s0 that +validates that the client can actually receive messages on its advertised source +address. An attacker could forge its source \s-1IP\s0 address and then send handshake +initiation messages to the server. The server would then send its response to +the forged source \s-1IP\s0. If the response messages are larger than the original +message then the amplification attack has succeeded. +.PP +If \s-1DTLS\s0 is used over \s-1UDP\s0 (or any datagram based protocol that does not validate +the source \s-1IP\s0) then it is susceptible to this type of attack. TLSv1.3 is +designed to operate over a stream-based transport protocol (such as \s-1TCP\s0). +If \s-1TCP\s0 is being used then there is no need to use \fISSL_stateless()\fR. However some +stream-based transport protocols (e.g. \s-1QUIC\s0) may not validate the source +address. In this case a TLSv1.3 application would be susceptible to this attack. +.PP +As a countermeasure to this issue TLSv1.3 and \s-1DTLS\s0 include a stateless cookie +mechanism. The idea is that when a client attempts to connect to a server it +sends a ClientHello message. The server responds with a HelloRetryRequest (in +TLSv1.3) or a HelloVerifyRequest (in \s-1DTLS\s0) which contains a unique cookie. The +client then resends the ClientHello, but this time includes the cookie in the +message thus proving that the client is capable of receiving messages sent to +that address. All of this can be done by the server without allocating any +state, and thus without consuming expensive resources. +.PP +OpenSSL implements this capability via the \fISSL_stateless()\fR and \fIDTLSv1_listen()\fR +functions. The \fBssl\fR parameter should be a newly allocated \s-1SSL\s0 object with its +read and write BIOs set, in the same way as might be done for a call to +\&\fISSL_accept()\fR. Typically, for \s-1DTLS\s0, the read \s-1BIO\s0 will be in an \*(L"unconnected\*(R" +state and thus capable of receiving messages from any peer. +.PP +When a ClientHello is received that contains a cookie that has been verified, +then these functions will return with the \fBssl\fR parameter updated into a state +where the handshake can be continued by a call to (for example) \fISSL_accept()\fR. +Additionally, for \fIDTLSv1_listen()\fR, the \fB\s-1BIO_ADDR\s0\fR pointed to by \fBpeer\fR will be +filled in with details of the peer that sent the ClientHello. If the underlying +\&\s-1BIO\s0 is unable to obtain the \fB\s-1BIO_ADDR\s0\fR of the peer (for example because the \s-1BIO\s0 +does not support this), then \fB*peer\fR will be cleared and the family set to +\&\s-1AF_UNSPEC\s0. Typically user code is expected to \*(L"connect\*(R" the underlying socket to +the peer and continue the handshake in a connected state. +.PP +Prior to calling \fIDTLSv1_listen()\fR user code must ensure that cookie generation +and verification callbacks have been set up using +\&\fISSL_CTX_set_cookie_generate_cb\fR\|(3) and \fISSL_CTX_set_cookie_verify_cb\fR\|(3) +respectively. For \fISSL_stateless()\fR, \fISSL_CTX_set_stateless_cookie_generate_cb\fR\|(3) +and \fISSL_CTX_set_stateless_cookie_verify_cb\fR\|(3) must be used instead. +.PP +Since \fIDTLSv1_listen()\fR operates entirely statelessly whilst processing incoming +ClientHellos it is unable to process fragmented messages (since this would +require the allocation of state). An implication of this is that \fIDTLSv1_listen()\fR +\&\fBonly\fR supports ClientHellos that fit inside a single datagram. +.PP +For \fISSL_stateless()\fR if an entire ClientHello message cannot be read without the +\&\*(L"read\*(R" \s-1BIO\s0 becoming empty then the \fISSL_stateless()\fR call will fail. It is the +application's responsibility to ensure that data read from the \*(L"read\*(R" \s-1BIO\s0 during +a single \fISSL_stateless()\fR call is all from the same peer. +.PP +\&\fISSL_stateless()\fR will fail (with a 0 return value) if some \s-1TLS\s0 version less than +TLSv1.3 is used. +.PP +Both \fISSL_stateless()\fR and \fIDTLSv1_listen()\fR will clear the error queue when they +start. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +For \fISSL_stateless()\fR a return value of 1 indicates success and the \fBssl\fR object +will be set up ready to continue the handshake. A return value of 0 or \-1 +indicates failure. If the value is 0 then a HelloRetryRequest was sent. A value +of \-1 indicates any other error. User code may retry the \fISSL_stateless()\fR call. +.PP +For \fIDTLSv1_listen()\fR a return value of >= 1 indicates success. The \fBssl\fR object +will be set up ready to continue the handshake. the \fBpeer\fR value will also be +filled in. +.PP +A return value of 0 indicates a non-fatal error. This could (for +example) be because of non-blocking \s-1IO\s0, or some invalid message having been +received from a peer. Errors may be placed on the OpenSSL error queue with +further information if appropriate. Typically user code is expected to retry the +call to \fIDTLSv1_listen()\fR in the event of a non-fatal error. +.PP +A return value of <0 indicates a fatal error. This could (for example) be +because of a failure to allocate sufficient memory for the operation. +.PP +For \fIDTLSv1_listen()\fR, prior to OpenSSL 1.1.0, fatal and non-fatal errors both +produce return codes <= 0 (in typical implementations user code treats all +errors as non-fatal), whilst return codes >0 indicate success. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fISSL_CTX_set_cookie_generate_cb\fR\|(3), \fISSL_CTX_set_cookie_verify_cb\fR\|(3), +\&\fISSL_CTX_set_stateless_cookie_generate_cb\fR\|(3), +\&\fISSL_CTX_set_stateless_cookie_verify_cb\fR\|(3), \fISSL_get_error\fR\|(3), +\&\fISSL_accept\fR\|(3), \fIssl\fR\|(7), \fIbio\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \fISSL_stateless()\fR function was added in OpenSSL 1.1.1. +.PP +The \fIDTLSv1_listen()\fR return codes were clarified in OpenSSL 1.1.0. +The type of \*(L"peer\*(R" also changed in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/ECDSA_SIG_new.3 b/linux_amd64/share/man/man3/ECDSA_SIG_new.3 new file mode 100755 index 0000000..da5ac91 --- /dev/null +++ b/linux_amd64/share/man/man3/ECDSA_SIG_new.3 @@ -0,0 +1,356 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ECDSA_SIG_NEW 3" +.TH ECDSA_SIG_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ECDSA_SIG_get0, ECDSA_SIG_get0_r, ECDSA_SIG_get0_s, ECDSA_SIG_set0, +ECDSA_SIG_new, ECDSA_SIG_free, ECDSA_size, ECDSA_sign, ECDSA_do_sign, +ECDSA_verify, ECDSA_do_verify, ECDSA_sign_setup, ECDSA_sign_ex, +ECDSA_do_sign_ex \- low level elliptic curve digital signature algorithm (ECDSA) +functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& ECDSA_SIG *ECDSA_SIG_new(void); +\& void ECDSA_SIG_free(ECDSA_SIG *sig); +\& void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); +\& const BIGNUM *ECDSA_SIG_get0_r(const ECDSA_SIG *sig); +\& const BIGNUM *ECDSA_SIG_get0_s(const ECDSA_SIG *sig); +\& int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s); +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& int ECDSA_size(const EC_KEY *eckey); +\& +\& int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen, +\& unsigned char *sig, unsigned int *siglen, EC_KEY *eckey); +\& ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dgst_len, +\& EC_KEY *eckey); +\& +\& int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen, +\& const unsigned char *sig, int siglen, EC_KEY *eckey); +\& int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, +\& const ECDSA_SIG *sig, EC_KEY* eckey); +\& +\& ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen, +\& const BIGNUM *kinv, const BIGNUM *rp, +\& EC_KEY *eckey); +\& int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **rp); +\& int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen, +\& unsigned char *sig, unsigned int *siglen, +\& const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fB\s-1ECDSA_SIG\s0\fR is an opaque structure consisting of two BIGNUMs for the +\&\fBr\fR and \fBs\fR value of an \s-1ECDSA\s0 signature (see X9.62 or \s-1FIPS\s0 186\-2). +.PP +\&\fIECDSA_SIG_new()\fR allocates an empty \fB\s-1ECDSA_SIG\s0\fR structure. Note: before +OpenSSL 1.1.0 the: the \fBr\fR and \fBs\fR components were initialised. +.PP +\&\fIECDSA_SIG_free()\fR frees the \fB\s-1ECDSA_SIG\s0\fR structure \fBsig\fR. +.PP +\&\fIECDSA_SIG_get0()\fR returns internal pointers the \fBr\fR and \fBs\fR values contained +in \fBsig\fR and stores them in \fB*pr\fR and \fB*ps\fR, respectively. +The pointer \fBpr\fR or \fBps\fR can be \s-1NULL\s0, in which case the corresponding value +is not returned. +.PP +The values \fBr\fR, \fBs\fR can also be retrieved separately by the corresponding +function \fIECDSA_SIG_get0_r()\fR and \fIECDSA_SIG_get0_s()\fR, respectively. +.PP +The \fBr\fR and \fBs\fR values can be set by calling \fIECDSA_SIG_set0()\fR and passing the +new values for \fBr\fR and \fBs\fR as parameters to the function. Calling this +function transfers the memory management of the values to the \s-1ECDSA_SIG\s0 object, +and therefore the values that have been passed in should not be freed directly +after this function has been called. +.PP +See \fIi2d_ECDSA_SIG\fR\|(3) and \fId2i_ECDSA_SIG\fR\|(3) for information about encoding +and decoding \s-1ECDSA\s0 signatures to/from \s-1DER\s0. +.PP +All of the functions described below are deprecated. Applications should +use the higher level \fB\s-1EVP\s0\fR interface such as \fIEVP_DigestSignInit\fR\|(3) +or \fIEVP_DigestVerifyInit\fR\|(3) instead. +.PP +\&\fIECDSA_size()\fR returns the maximum length of a \s-1DER\s0 encoded \s-1ECDSA\s0 signature +created with the private \s-1EC\s0 key \fBeckey\fR. To obtain the actual signature +size use \fIEVP_PKEY_sign\fR\|(3) with a \s-1NULL\s0 \fBsig\fR parameter. +.PP +\&\fIECDSA_sign()\fR computes a digital signature of the \fBdgstlen\fR bytes hash value +\&\fBdgst\fR using the private \s-1EC\s0 key \fBeckey\fR. The \s-1DER\s0 encoded signatures is +stored in \fBsig\fR and its length is returned in \fBsig_len\fR. Note: \fBsig\fR must +point to ECDSA_size(eckey) bytes of memory. The parameter \fBtype\fR is currently +ignored. \fIECDSA_sign()\fR is wrapper function for \fIECDSA_sign_ex()\fR with \fBkinv\fR +and \fBrp\fR set to \s-1NULL\s0. +.PP +\&\fIECDSA_do_sign()\fR is similar to \fIECDSA_sign()\fR except the signature is returned +as a newly allocated \fB\s-1ECDSA_SIG\s0\fR structure (or \s-1NULL\s0 on error). \fIECDSA_do_sign()\fR +is a wrapper function for \fIECDSA_do_sign_ex()\fR with \fBkinv\fR and \fBrp\fR set to +\&\s-1NULL\s0. +.PP +\&\fIECDSA_verify()\fR verifies that the signature in \fBsig\fR of size \fBsiglen\fR is a +valid \s-1ECDSA\s0 signature of the hash value \fBdgst\fR of size \fBdgstlen\fR using the +public key \fBeckey\fR. The parameter \fBtype\fR is ignored. +.PP +\&\fIECDSA_do_verify()\fR is similar to \fIECDSA_verify()\fR except the signature is +presented in the form of a pointer to an \fB\s-1ECDSA_SIG\s0\fR structure. +.PP +The remaining functions utilise the internal \fBkinv\fR and \fBr\fR values used +during signature computation. Most applications will never need to call these +and some external \s-1ECDSA\s0 \s-1ENGINE\s0 implementations may not support them at all if +either \fBkinv\fR or \fBr\fR is not \fB\s-1NULL\s0\fR. +.PP +\&\fIECDSA_sign_setup()\fR may be used to precompute parts of the signing operation. +\&\fBeckey\fR is the private \s-1EC\s0 key and \fBctx\fR is a pointer to \fB\s-1BN_CTX\s0\fR structure +(or \s-1NULL\s0). The precomputed values or returned in \fBkinv\fR and \fBrp\fR and can be +used in a later call to \fIECDSA_sign_ex()\fR or \fIECDSA_do_sign_ex()\fR. +.PP +\&\fIECDSA_sign_ex()\fR computes a digital signature of the \fBdgstlen\fR bytes hash value +\&\fBdgst\fR using the private \s-1EC\s0 key \fBeckey\fR and the optional pre-computed values +\&\fBkinv\fR and \fBrp\fR. The \s-1DER\s0 encoded signature is stored in \fBsig\fR and its +length is returned in \fBsig_len\fR. Note: \fBsig\fR must point to ECDSA_size(eckey) +bytes of memory. The parameter \fBtype\fR is ignored. +.PP +\&\fIECDSA_do_sign_ex()\fR is similar to \fIECDSA_sign_ex()\fR except the signature is +returned as a newly allocated \fB\s-1ECDSA_SIG\s0\fR structure (or \s-1NULL\s0 on error). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIECDSA_SIG_new()\fR returns \s-1NULL\s0 if the allocation fails. +.PP +\&\fIECDSA_SIG_set0()\fR returns 1 on success or 0 on failure. +.PP +\&\fIECDSA_SIG_get0_r()\fR and \fIECDSA_SIG_get0_s()\fR return the corresponding value, +or \s-1NULL\s0 if it is unset. +.PP +\&\fIECDSA_size()\fR returns the maximum length signature or 0 on error. +.PP +\&\fIECDSA_sign()\fR, \fIECDSA_sign_ex()\fR and \fIECDSA_sign_setup()\fR return 1 if successful +or 0 on error. +.PP +\&\fIECDSA_do_sign()\fR and \fIECDSA_do_sign_ex()\fR return a pointer to an allocated +\&\fB\s-1ECDSA_SIG\s0\fR structure or \s-1NULL\s0 on error. +.PP +\&\fIECDSA_verify()\fR and \fIECDSA_do_verify()\fR return 1 for a valid +signature, 0 for an invalid signature and \-1 on error. +The error codes can be obtained by \fIERR_get_error\fR\|(3). +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Creating an \s-1ECDSA\s0 signature of a given \s-1SHA\-256\s0 hash value using the +named curve prime256v1 (aka P\-256). +.PP +First step: create an \s-1EC_KEY\s0 object (note: this part is \fBnot\fR \s-1ECDSA\s0 +specific) +.PP +.Vb 3 +\& int ret; +\& ECDSA_SIG *sig; +\& EC_KEY *eckey; +\& +\& eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); +\& if (eckey == NULL) +\& /* error */ +\& if (EC_KEY_generate_key(eckey) == 0) +\& /* error */ +.Ve +.PP +Second step: compute the \s-1ECDSA\s0 signature of a \s-1SHA\-256\s0 hash value +using \fIECDSA_do_sign()\fR: +.PP +.Vb 3 +\& sig = ECDSA_do_sign(digest, 32, eckey); +\& if (sig == NULL) +\& /* error */ +.Ve +.PP +or using \fIECDSA_sign()\fR: +.PP +.Vb 2 +\& unsigned char *buffer, *pp; +\& int buf_len; +\& +\& buf_len = ECDSA_size(eckey); +\& buffer = OPENSSL_malloc(buf_len); +\& pp = buffer; +\& if (ECDSA_sign(0, dgst, dgstlen, pp, &buf_len, eckey) == 0) +\& /* error */ +.Ve +.PP +Third step: verify the created \s-1ECDSA\s0 signature using \fIECDSA_do_verify()\fR: +.PP +.Vb 1 +\& ret = ECDSA_do_verify(digest, 32, sig, eckey); +.Ve +.PP +or using \fIECDSA_verify()\fR: +.PP +.Vb 1 +\& ret = ECDSA_verify(0, digest, 32, buffer, buf_len, eckey); +.Ve +.PP +and finally evaluate the return value: +.PP +.Vb 6 +\& if (ret == 1) +\& /* signature ok */ +\& else if (ret == 0) +\& /* incorrect signature */ +\& else +\& /* error */ +.Ve +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1ANSI\s0 X9.62, \s-1US\s0 Federal Information Processing Standard \s-1FIPS\s0 186\-2 +(Digital Signature Standard, \s-1DSS\s0) +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEC_KEY_new\fR\|(3), +\&\fIEVP_DigestSignInit\fR\|(3), +\&\fIEVP_DigestVerifyInit\fR\|(3), +\&\fIEVP_PKEY_sign\fR\|(3) +\&\fIi2d_ECDSA_SIG\fR\|(3), +\&\fId2i_ECDSA_SIG\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fIECDSA_size()\fR, \fIECDSA_sign()\fR, \fIECDSA_do_sign()\fR, \fIECDSA_verify()\fR, +\&\fIECDSA_do_verify()\fR, \fIECDSA_sign_setup()\fR, \fIECDSA_sign_ex()\fR and \fIECDSA_do_sign_ex()\fR +functions were deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2004\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/ECPKParameters_print.3 b/linux_amd64/share/man/man3/ECPKParameters_print.3 new file mode 100755 index 0000000..b960043 --- /dev/null +++ b/linux_amd64/share/man/man3/ECPKParameters_print.3 @@ -0,0 +1,167 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ECPKPARAMETERS_PRINT 3" +.TH ECPKPARAMETERS_PRINT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ECPKParameters_print, ECPKParameters_print_fp \- Functions for decoding and +encoding ASN1 representations of elliptic curve entities +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off); +\& int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The ECPKParameters represent the public parameters for an +\&\fB\s-1EC_GROUP\s0\fR structure, which represents a curve. +.PP +The \fIECPKParameters_print()\fR and \fIECPKParameters_print_fp()\fR functions print +a human-readable output of the public parameters of the \s-1EC_GROUP\s0 to \fBbp\fR +or \fBfp\fR. The output lines are indented by \fBoff\fR spaces. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIECPKParameters_print()\fR and \fIECPKParameters_print_fp()\fR +return 1 for success and 0 if an error occurs. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIcrypto\fR\|(7), \fIEC_GROUP_new\fR\|(3), \fIEC_GROUP_copy\fR\|(3), +\&\fIEC_POINT_new\fR\|(3), \fIEC_POINT_add\fR\|(3), \fIEC_KEY_new\fR\|(3), +\&\fIEC_GFp_simple_method\fR\|(3), +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2013\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EC_GFp_simple_method.3 b/linux_amd64/share/man/man3/EC_GFp_simple_method.3 new file mode 100755 index 0000000..34bb831 --- /dev/null +++ b/linux_amd64/share/man/man3/EC_GFp_simple_method.3 @@ -0,0 +1,192 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EC_GFP_SIMPLE_METHOD 3" +.TH EC_GFP_SIMPLE_METHOD 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EC_GFp_simple_method, EC_GFp_mont_method, EC_GFp_nist_method, EC_GFp_nistp224_method, EC_GFp_nistp256_method, EC_GFp_nistp521_method, EC_GF2m_simple_method, EC_METHOD_get_field_type \- Functions for obtaining EC_METHOD objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EC_METHOD *EC_GFp_simple_method(void); +\& const EC_METHOD *EC_GFp_mont_method(void); +\& const EC_METHOD *EC_GFp_nist_method(void); +\& const EC_METHOD *EC_GFp_nistp224_method(void); +\& const EC_METHOD *EC_GFp_nistp256_method(void); +\& const EC_METHOD *EC_GFp_nistp521_method(void); +\& +\& const EC_METHOD *EC_GF2m_simple_method(void); +\& +\& int EC_METHOD_get_field_type(const EC_METHOD *meth); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The Elliptic Curve library provides a number of different implementations through a single common interface. +When constructing a curve using EC_GROUP_new (see \fIEC_GROUP_new\fR\|(3)) an +implementation method must be provided. The functions described here all return a const pointer to an +\&\fB\s-1EC_METHOD\s0\fR structure that can be passed to \s-1EC_GROUP_NEW\s0. It is important that the correct implementation +type for the form of curve selected is used. +.PP +For F2^m curves there is only one implementation choice, i.e. EC_GF2_simple_method. +.PP +For Fp curves the lowest common denominator implementation is the EC_GFp_simple_method implementation. All +other implementations are based on this one. EC_GFp_mont_method builds on EC_GFp_simple_method but adds the +use of montgomery multiplication (see \fIBN_mod_mul_montgomery\fR\|(3)). EC_GFp_nist_method +offers an implementation optimised for use with \s-1NIST\s0 recommended curves (\s-1NIST\s0 curves are available through +EC_GROUP_new_by_curve_name as described in \fIEC_GROUP_new\fR\|(3)). +.PP +The functions EC_GFp_nistp224_method, EC_GFp_nistp256_method and EC_GFp_nistp521_method offer 64 bit +optimised implementations for the \s-1NIST\s0 P224, P256 and P521 curves respectively. Note, however, that these +implementations are not available on all platforms. +.PP +EC_METHOD_get_field_type identifies what type of field the \s-1EC_METHOD\s0 structure supports, which will be either +F2^m or Fp. If the field type is Fp then the value \fBNID_X9_62_prime_field\fR is returned. If the field type is +F2^m then the value \fBNID_X9_62_characteristic_two_field\fR is returned. These values are defined in the +obj_mac.h header file. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All EC_GFp* functions and EC_GF2m_simple_method always return a const pointer to an \s-1EC_METHOD\s0 structure. +.PP +EC_METHOD_get_field_type returns an integer that identifies the type of field the \s-1EC_METHOD\s0 structure supports. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIcrypto\fR\|(7), \fIEC_GROUP_new\fR\|(3), \fIEC_GROUP_copy\fR\|(3), +\&\fIEC_POINT_new\fR\|(3), \fIEC_POINT_add\fR\|(3), \fIEC_KEY_new\fR\|(3), +\&\fId2i_ECPKParameters\fR\|(3), +\&\fIBN_mod_mul_montgomery\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2013\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EC_GROUP_copy.3 b/linux_amd64/share/man/man3/EC_GROUP_copy.3 new file mode 100755 index 0000000..fc9881b --- /dev/null +++ b/linux_amd64/share/man/man3/EC_GROUP_copy.3 @@ -0,0 +1,367 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EC_GROUP_COPY 3" +.TH EC_GROUP_COPY 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EC_GROUP_get0_order, EC_GROUP_order_bits, EC_GROUP_get0_cofactor, +EC_GROUP_copy, EC_GROUP_dup, EC_GROUP_method_of, EC_GROUP_set_generator, +EC_GROUP_get0_generator, EC_GROUP_get_order, EC_GROUP_get_cofactor, +EC_GROUP_set_curve_name, EC_GROUP_get_curve_name, EC_GROUP_set_asn1_flag, +EC_GROUP_get_asn1_flag, EC_GROUP_set_point_conversion_form, +EC_GROUP_get_point_conversion_form, EC_GROUP_get0_seed, +EC_GROUP_get_seed_len, EC_GROUP_set_seed, EC_GROUP_get_degree, +EC_GROUP_check, EC_GROUP_check_named_curve, +EC_GROUP_check_discriminant, EC_GROUP_cmp, +EC_GROUP_get_basis_type, EC_GROUP_get_trinomial_basis, +EC_GROUP_get_pentanomial_basis, EC_GROUP_get0_field +\&\- Functions for manipulating EC_GROUP objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EC_GROUP_copy(EC_GROUP *dst, const EC_GROUP *src); +\& EC_GROUP *EC_GROUP_dup(const EC_GROUP *src); +\& +\& const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group); +\& +\& int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, +\& const BIGNUM *order, const BIGNUM *cofactor); +\& const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group); +\& +\& int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx); +\& const BIGNUM *EC_GROUP_get0_order(const EC_GROUP *group); +\& int EC_GROUP_order_bits(const EC_GROUP *group); +\& int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx); +\& const BIGNUM *EC_GROUP_get0_cofactor(const EC_GROUP *group); +\& const BIGNUM *EC_GROUP_get0_field(const EC_GROUP *group); +\& +\& void EC_GROUP_set_curve_name(EC_GROUP *group, int nid); +\& int EC_GROUP_get_curve_name(const EC_GROUP *group); +\& +\& void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag); +\& int EC_GROUP_get_asn1_flag(const EC_GROUP *group); +\& +\& void EC_GROUP_set_point_conversion_form(EC_GROUP *group, point_conversion_form_t form); +\& point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *group); +\& +\& unsigned char *EC_GROUP_get0_seed(const EC_GROUP *x); +\& size_t EC_GROUP_get_seed_len(const EC_GROUP *); +\& size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len); +\& +\& int EC_GROUP_get_degree(const EC_GROUP *group); +\& +\& int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx); +\& int EC_GROUP_check_named_curve(const EC_GROUP *group, int nist_only, +\& BN_CTX *ctx); +\& +\& int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx); +\& +\& int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx); +\& +\& int EC_GROUP_get_basis_type(const EC_GROUP *); +\& int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k); +\& int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1, +\& unsigned int *k2, unsigned int *k3); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIEC_GROUP_copy()\fR copies the curve \fBsrc\fR into \fBdst\fR. Both \fBsrc\fR and \fBdst\fR must use the same \s-1EC_METHOD\s0. +.PP +\&\fIEC_GROUP_dup()\fR creates a new \s-1EC_GROUP\s0 object and copies the content from \fBsrc\fR to the newly created +\&\s-1EC_GROUP\s0 object. +.PP +\&\fIEC_GROUP_method_of()\fR obtains the \s-1EC_METHOD\s0 of \fBgroup\fR. +.PP +\&\fIEC_GROUP_set_generator()\fR sets curve parameters that must be agreed by all participants using the curve. These +parameters include the \fBgenerator\fR, the \fBorder\fR and the \fBcofactor\fR. The \fBgenerator\fR is a well defined point on the +curve chosen for cryptographic operations. Integers used for point multiplications will be between 0 and +n\-1 where n is the \fBorder\fR. The \fBorder\fR multiplied by the \fBcofactor\fR gives the number of points on the curve. +.PP +\&\fIEC_GROUP_get0_generator()\fR returns the generator for the identified \fBgroup\fR. +.PP +\&\fIEC_GROUP_get_order()\fR retrieves the order of \fBgroup\fR and copies its value into +\&\fBorder\fR. It fails in case \fBgroup\fR is not fully initialized (i.e., its order +is not set or set to zero). +.PP +\&\fIEC_GROUP_get_cofactor()\fR retrieves the cofactor of \fBgroup\fR and copies its value +into \fBcofactor\fR. It fails in case \fBgroup\fR is not fully initialized or if the +cofactor is not set (or set to zero). +.PP +The functions \fIEC_GROUP_set_curve_name()\fR and \fIEC_GROUP_get_curve_name()\fR, set and get the \s-1NID\s0 for the curve respectively +(see \fIEC_GROUP_new\fR\|(3)). If a curve does not have a \s-1NID\s0 associated with it, then EC_GROUP_get_curve_name +will return NID_undef. +.PP +The asn1_flag value is used to determine whether the curve encoding uses +explicit parameters or a named curve using an \s-1ASN1\s0 \s-1OID:\s0 many applications only +support the latter form. If asn1_flag is \fB\s-1OPENSSL_EC_NAMED_CURVE\s0\fR then the +named curve form is used and the parameters must have a corresponding +named curve \s-1NID\s0 set. If asn1_flags is \fB\s-1OPENSSL_EC_EXPLICIT_CURVE\s0\fR the +parameters are explicitly encoded. The functions \fIEC_GROUP_get_asn1_flag()\fR and +\&\fIEC_GROUP_set_asn1_flag()\fR get and set the status of the asn1_flag for the curve. +Note: \fB\s-1OPENSSL_EC_EXPLICIT_CURVE\s0\fR was added in OpenSSL 1.1.0, for +previous versions of OpenSSL the value 0 must be used instead. Before OpenSSL +1.1.0 the default form was to use explicit parameters (meaning that +applications would have to explicitly set the named curve form) in OpenSSL +1.1.0 and later the named curve form is the default. +.PP +The point_conversion_form for a curve controls how \s-1EC_POINT\s0 data is encoded as \s-1ASN1\s0 as defined in X9.62 (\s-1ECDSA\s0). +point_conversion_form_t is an enum defined as follows: +.PP +.Vb 10 +\& typedef enum { +\& /** the point is encoded as z||x, where the octet z specifies +\& * which solution of the quadratic equation y is */ +\& POINT_CONVERSION_COMPRESSED = 2, +\& /** the point is encoded as z||x||y, where z is the octet 0x04 */ +\& POINT_CONVERSION_UNCOMPRESSED = 4, +\& /** the point is encoded as z||x||y, where the octet z specifies +\& * which solution of the quadratic equation y is */ +\& POINT_CONVERSION_HYBRID = 6 +\& } point_conversion_form_t; +.Ve +.PP +For \s-1POINT_CONVERSION_UNCOMPRESSED\s0 the point is encoded as an octet signifying the \s-1UNCOMPRESSED\s0 form has been used followed by +the octets for x, followed by the octets for y. +.PP +For any given x co-ordinate for a point on a curve it is possible to derive two possible y values. For +\&\s-1POINT_CONVERSION_COMPRESSED\s0 the point is encoded as an octet signifying that the \s-1COMPRESSED\s0 form has been used \s-1AND\s0 which of +the two possible solutions for y has been used, followed by the octets for x. +.PP +For \s-1POINT_CONVERSION_HYBRID\s0 the point is encoded as an octet signifying the \s-1HYBRID\s0 form has been used \s-1AND\s0 which of the two +possible solutions for y has been used, followed by the octets for x, followed by the octets for y. +.PP +The functions \fIEC_GROUP_set_point_conversion_form()\fR and \fIEC_GROUP_get_point_conversion_form()\fR, set and get the point_conversion_form +for the curve respectively. +.PP +\&\s-1ANSI\s0 X9.62 (\s-1ECDSA\s0 standard) defines a method of generating the curve parameter b from a random number. This provides advantages +in that a parameter obtained in this way is highly unlikely to be susceptible to special purpose attacks, or have any trapdoors in it. +If the seed is present for a curve then the b parameter was generated in a verifiable fashion using that seed. The OpenSSL \s-1EC\s0 library +does not use this seed value but does enable you to inspect it using \fIEC_GROUP_get0_seed()\fR. This returns a pointer to a memory block +containing the seed that was used. The length of the memory block can be obtained using \fIEC_GROUP_get_seed_len()\fR. A number of the +built-in curves within the library provide seed values that can be obtained. It is also possible to set a custom seed using +\&\fIEC_GROUP_set_seed()\fR and passing a pointer to a memory block, along with the length of the seed. Again, the \s-1EC\s0 library will not use +this seed value, although it will be preserved in any \s-1ASN1\s0 based communications. +.PP +\&\fIEC_GROUP_get_degree()\fR gets the degree of the field. For Fp fields this will be the number of bits in p. For F2^m fields this will be +the value m. +.PP +The function \fIEC_GROUP_check_discriminant()\fR calculates the discriminant for the curve and verifies that it is valid. +For a curve defined over Fp the discriminant is given by the formula 4*a^3 + 27*b^2 whilst for F2^m curves the discriminant is +simply b. In either case for the curve to be valid the discriminant must be non zero. +.PP +The function \fIEC_GROUP_check()\fR performs a number of checks on a curve to verify that it is valid. Checks performed include +verifying that the discriminant is non zero; that a generator has been defined; that the generator is on the curve and has +the correct order. +.PP +The function \fIEC_GROUP_check_named_curve()\fR determines if the group's domain parameters match one of the built-in curves supported by the library. +The curve name is returned as a \fB\s-1NID\s0\fR if it matches. If the group's domain parameters have been modified then no match will be found. +If the curve name of the given group is \fBNID_undef\fR (e.g. it has been created by using explicit parameters with no curve name), +then this method can be used to lookup the name of the curve that matches the group domain parameters. The built-in curves contain +aliases, so that multiple \s-1NID\s0's can map to the same domain parameters. For such curves it is unspecified which of the aliases will be +returned if the curve name of the given group is NID_undef. +If \fBnist_only\fR is 1 it will only look for \s-1NIST\s0 approved curves, otherwise it searches all built-in curves. +This function may be passed a \s-1BN_CTX\s0 object in the \fBctx\fR parameter. +The \fBctx\fR parameter may be \s-1NULL\s0. +.PP +\&\fIEC_GROUP_cmp()\fR compares \fBa\fR and \fBb\fR to determine whether they represent the same curve or not. +.PP +The functions \fIEC_GROUP_get_basis_type()\fR, \fIEC_GROUP_get_trinomial_basis()\fR and \fIEC_GROUP_get_pentanomial_basis()\fR should only be called for curves +defined over an F2^m field. Addition and multiplication operations within an F2^m field are performed using an irreducible polynomial +function f(x). This function is either a trinomial of the form: +.PP +f(x) = x^m + x^k + 1 with m > k >= 1 +.PP +or a pentanomial of the form: +.PP +f(x) = x^m + x^k3 + x^k2 + x^k1 + 1 with m > k3 > k2 > k1 >= 1 +.PP +The function \fIEC_GROUP_get_basis_type()\fR returns a \s-1NID\s0 identifying whether a trinomial or pentanomial is in use for the field. The +function \fIEC_GROUP_get_trinomial_basis()\fR must only be called where f(x) is of the trinomial form, and returns the value of \fBk\fR. Similarly +the function \fIEC_GROUP_get_pentanomial_basis()\fR must only be called where f(x) is of the pentanomial form, and returns the values of \fBk1\fR, +\&\fBk2\fR and \fBk3\fR respectively. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following functions return 1 on success or 0 on error: \fIEC_GROUP_copy()\fR, \fIEC_GROUP_set_generator()\fR, \fIEC_GROUP_check()\fR, +\&\fIEC_GROUP_check_discriminant()\fR, \fIEC_GROUP_get_trinomial_basis()\fR and \fIEC_GROUP_get_pentanomial_basis()\fR. +.PP +\&\fIEC_GROUP_dup()\fR returns a pointer to the duplicated curve, or \s-1NULL\s0 on error. +.PP +\&\fIEC_GROUP_method_of()\fR returns the \s-1EC_METHOD\s0 implementation in use for the given curve or \s-1NULL\s0 on error. +.PP +\&\fIEC_GROUP_get0_generator()\fR returns the generator for the given curve or \s-1NULL\s0 on error. +.PP +\&\fIEC_GROUP_get_order()\fR returns 0 if the order is not set (or set to zero) for +\&\fBgroup\fR or if copying into \fBorder\fR fails, 1 otherwise. +.PP +\&\fIEC_GROUP_get_cofactor()\fR returns 0 if the cofactor is not set (or is set to zero) for \fBgroup\fR or if copying into \fBcofactor\fR fails, 1 otherwise. +.PP +\&\fIEC_GROUP_get_curve_name()\fR returns the curve name (\s-1NID\s0) for \fBgroup\fR or will return NID_undef if no curve name is associated. +.PP +\&\fIEC_GROUP_get_asn1_flag()\fR returns the \s-1ASN1\s0 flag for the specified \fBgroup\fR . +.PP +\&\fIEC_GROUP_get_point_conversion_form()\fR returns the point_conversion_form for \fBgroup\fR. +.PP +\&\fIEC_GROUP_get_degree()\fR returns the degree for \fBgroup\fR or 0 if the operation is not supported by the underlying group implementation. +.PP +\&\fIEC_GROUP_check_named_curve()\fR returns the nid of the matching named curve, otherwise it returns 0 for no match, or \-1 on error. +.PP +\&\fIEC_GROUP_get0_order()\fR returns an internal pointer to the group order. +\&\fIEC_GROUP_order_bits()\fR returns the number of bits in the group order. +\&\fIEC_GROUP_get0_cofactor()\fR returns an internal pointer to the group cofactor. +\&\fIEC_GROUP_get0_field()\fR returns an internal pointer to the group field. For curves over \s-1GF\s0(p), this is the modulus; for curves +over \s-1GF\s0(2^m), this is the irreducible polynomial defining the field. +.PP +\&\fIEC_GROUP_get0_seed()\fR returns a pointer to the seed that was used to generate the parameter b, or \s-1NULL\s0 if the seed is not +specified. \fIEC_GROUP_get_seed_len()\fR returns the length of the seed or 0 if the seed is not specified. +.PP +\&\fIEC_GROUP_set_seed()\fR returns the length of the seed that has been set. If the supplied seed is \s-1NULL\s0, or the supplied seed length is +0, the return value will be 1. On error 0 is returned. +.PP +\&\fIEC_GROUP_cmp()\fR returns 0 if the curves are equal, 1 if they are not equal, or \-1 on error. +.PP +\&\fIEC_GROUP_get_basis_type()\fR returns the values NID_X9_62_tpBasis or NID_X9_62_ppBasis (as defined in ) for a +trinomial or pentanomial respectively. Alternatively in the event of an error a 0 is returned. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIcrypto\fR\|(7), \fIEC_GROUP_new\fR\|(3), +\&\fIEC_POINT_new\fR\|(3), \fIEC_POINT_add\fR\|(3), \fIEC_KEY_new\fR\|(3), +\&\fIEC_GFp_simple_method\fR\|(3), \fId2i_ECPKParameters\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fIEC_GROUP_check_named_curve()\fR function was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2013\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EC_GROUP_new.3 b/linux_amd64/share/man/man3/EC_GROUP_new.3 new file mode 100755 index 0000000..4301a5e --- /dev/null +++ b/linux_amd64/share/man/man3/EC_GROUP_new.3 @@ -0,0 +1,322 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EC_GROUP_NEW 3" +.TH EC_GROUP_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EC_GROUP_get_ecparameters, +EC_GROUP_get_ecpkparameters, +EC_GROUP_new_ex, +EC_GROUP_new, +EC_GROUP_new_from_ecparameters, +EC_GROUP_new_from_ecpkparameters, +EC_GROUP_free, +EC_GROUP_clear_free, +EC_GROUP_new_curve_GFp, +EC_GROUP_new_curve_GF2m, +EC_GROUP_new_by_curve_name_ex, +EC_GROUP_new_by_curve_name, +EC_GROUP_set_curve, +EC_GROUP_get_curve, +EC_GROUP_set_curve_GFp, +EC_GROUP_get_curve_GFp, +EC_GROUP_set_curve_GF2m, +EC_GROUP_get_curve_GF2m, +EC_get_builtin_curves \- Functions for creating and destroying EC_GROUP +objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EC_GROUP *EC_GROUP_new_ex(OPENSSL_CTX *libctx, const EC_METHOD *meth); +\& EC_GROUP *EC_GROUP_new(const EC_METHOD *meth); +\& EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params) +\& EC_GROUP *EC_GROUP_new_from_ecpkparameters(const ECPKPARAMETERS *params) +\& void EC_GROUP_free(EC_GROUP *group); +\& +\& EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, +\& const BIGNUM *b, BN_CTX *ctx); +\& EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, +\& const BIGNUM *b, BN_CTX *ctx); +\& EC_GROUP *EC_GROUP_new_by_curve_name_ex(OPENSSL_CTX *libctx, int nid); +\& EC_GROUP *EC_GROUP_new_by_curve_name(int nid); +\& +\& int EC_GROUP_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, +\& const BIGNUM *b, BN_CTX *ctx); +\& int EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, +\& BN_CTX *ctx); +\& int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, +\& const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); +\& int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, +\& BIGNUM *a, BIGNUM *b, BN_CTX *ctx); +\& int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, +\& const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); +\& int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, +\& BIGNUM *a, BIGNUM *b, BN_CTX *ctx); +\& +\& ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group, ECPARAMETERS *params) +\& ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group, ECPKPARAMETERS *params) +\& +\& size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems); +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& void EC_GROUP_clear_free(EC_GROUP *group); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Within the library there are two forms of elliptic curve that are of interest. +The first form is those defined over the prime field Fp. The elements of Fp are +the integers 0 to p\-1, where p is a prime number. This gives us a revised +elliptic curve equation as follows: +.PP +y^2 mod p = x^3 +ax + b mod p +.PP +The second form is those defined over a binary field F2^m where the elements of +the field are integers of length at most m bits. For this form the elliptic +curve equation is modified to: +.PP +y^2 + xy = x^3 + ax^2 + b (where b != 0) +.PP +Operations in a binary field are performed relative to an +\&\fBirreducible polynomial\fR. All such curves with OpenSSL use a trinomial or a +pentanomial for this parameter. +.PP +A new curve can be constructed by calling \fIEC_GROUP_new_ex()\fR, using the +implementation provided by \fBmeth\fR (see \fIEC_GFp_simple_method\fR\|(3)) and +associated with the library context \fBctx\fR (see \s-1\fIOPENSSL_CTX\s0\fR\|(3)). +The \fBctx\fR parameter may be \s-1NULL\s0 in which case the default library context is +used. +It is then necessary to call \fIEC_GROUP_set_curve()\fR to set the curve parameters. +\&\fIEC_GROUP_new_from_ecparameters()\fR will create a group from the +specified \fBparams\fR and +\&\fIEC_GROUP_new_from_ecpkparameters()\fR will create a group from the specific \s-1PK\s0 +\&\fBparams\fR. +.PP +\&\fIEC_GROUP_new()\fR is the same as \fIEC_GROUP_new_ex()\fR except that the library context +used is always the default library context. +.PP +\&\fIEC_GROUP_set_curve()\fR sets the curve parameters \fBp\fR, \fBa\fR and \fBb\fR. For a curve +over Fp \fBp\fR is the prime for the field. For a curve over F2^m \fBp\fR represents +the irreducible polynomial \- each bit represents a term in the polynomial. +Therefore there will either be three or five bits set dependent on whether the +polynomial is a trinomial or a pentanomial. +In either case, \fBa\fR and \fBb\fR represents the coefficients a and b from the +relevant equation introduced above. +.PP +\&\fIEC_group_get_curve()\fR obtains the previously set curve parameters. +.PP +\&\fIEC_GROUP_set_curve_GFp()\fR and \fIEC_GROUP_set_curve_GF2m()\fR are synonyms for +\&\fIEC_GROUP_set_curve()\fR. They are defined for backwards compatibility only and +should not be used. +.PP +\&\fIEC_GROUP_get_curve_GFp()\fR and \fIEC_GROUP_get_curve_GF2m()\fR are synonyms for +\&\fIEC_GROUP_get_curve()\fR. They are defined for backwards compatibility only and +should not be used. +.PP +The functions \fIEC_GROUP_new_curve_GFp()\fR and \fIEC_GROUP_new_curve_GF2m()\fR are +shortcuts for calling \fIEC_GROUP_new()\fR and then the \fIEC_GROUP_set_curve()\fR function. +An appropriate default implementation method will be used. +.PP +Whilst the library can be used to create any curve using the functions described +above, there are also a number of predefined curves that are available. In order +to obtain a list of all of the predefined curves, call the function +\&\fIEC_get_builtin_curves()\fR. The parameter \fBr\fR should be an array of +EC_builtin_curve structures of size \fBnitems\fR. The function will populate the +\&\fBr\fR array with information about the built-in curves. If \fBnitems\fR is less than +the total number of curves available, then the first \fBnitems\fR curves will be +returned. Otherwise the total number of curves will be provided. The return +value is the total number of curves available (whether that number has been +populated in \fBr\fR or not). Passing a \s-1NULL\s0 \fBr\fR, or setting \fBnitems\fR to 0 will +do nothing other than return the total number of curves available. +The EC_builtin_curve structure is defined as follows: +.PP +.Vb 4 +\& typedef struct { +\& int nid; +\& const char *comment; +\& } EC_builtin_curve; +.Ve +.PP +Each EC_builtin_curve item has a unique integer id (\fBnid\fR), and a human +readable comment string describing the curve. +.PP +In order to construct a built-in curve use the function +\&\fIEC_GROUP_new_by_curve_name_ex()\fR and provide the \fBnid\fR of the curve to be +constructed and the associated library context to be used in \fBctx\fR (see +\&\s-1\fIOPENSSL_CTX\s0\fR\|(3)). The \fBctx\fR value may be \s-1NULL\s0 in which case the default +library context is used. +.PP +\&\fIEC_GROUP_new_by_curve_name()\fR is the same as \fIEC_GROUP_new_by_curve_name_ex()\fR +except that the default library context is always used. +.PP +\&\fIEC_GROUP_free()\fR frees the memory associated with the \s-1EC_GROUP\s0. +If \fBgroup\fR is \s-1NULL\s0 nothing is done. +.PP +\&\fIEC_GROUP_clear_free()\fR is deprecated: it was meant to destroy any sensitive data +held within the \s-1EC_GROUP\s0 and then free its memory, but since all the data stored +in the \s-1EC_GROUP\s0 is public anyway, this function is unnecessary. +Its use can be safely replaced with \fIEC_GROUP_free()\fR. +If \fBgroup\fR is \s-1NULL\s0 nothing is done. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All EC_GROUP_new* functions return a pointer to the newly constructed group, or +\&\s-1NULL\s0 on error. +.PP +\&\fIEC_get_builtin_curves()\fR returns the number of built-in curves that are +available. +.PP +\&\fIEC_GROUP_set_curve_GFp()\fR, \fIEC_GROUP_get_curve_GFp()\fR, \fIEC_GROUP_set_curve_GF2m()\fR, +\&\fIEC_GROUP_get_curve_GF2m()\fR return 1 on success or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIcrypto\fR\|(7), \fIEC_GROUP_copy\fR\|(3), +\&\fIEC_POINT_new\fR\|(3), \fIEC_POINT_add\fR\|(3), \fIEC_KEY_new\fR\|(3), +\&\fIEC_GFp_simple_method\fR\|(3), \fId2i_ECPKParameters\fR\|(3), +\&\s-1\fIOPENSSL_CTX\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +.IP "\(bu" 2 +\&\fIEC_GROUP_new_ex()\fR and \fIEC_GROUP_new_by_curve_name_ex()\fR were added in OpenSSL 3.0. +.IP "\(bu" 2 +\&\fIEC_GROUP_clear_free()\fR was deprecated in OpenSSL 3.0; use \fIEC_GROUP_free()\fR +instead. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2013\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EC_KEY_get_enc_flags.3 b/linux_amd64/share/man/man3/EC_KEY_get_enc_flags.3 new file mode 100755 index 0000000..f67ecd0 --- /dev/null +++ b/linux_amd64/share/man/man3/EC_KEY_get_enc_flags.3 @@ -0,0 +1,182 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EC_KEY_GET_ENC_FLAGS 3" +.TH EC_KEY_GET_ENC_FLAGS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EC_KEY_get_enc_flags, EC_KEY_set_enc_flags +\&\- Get and set flags for encoding EC_KEY structures +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& unsigned int EC_KEY_get_enc_flags(const EC_KEY *key); +\& void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The format of the external representation of the public key written by +\&\fIi2d_ECPrivateKey()\fR (such as whether it is stored in a compressed form or not) is +described by the point_conversion_form. See \fIEC_GROUP_copy\fR\|(3) +for a description of point_conversion_form. +.PP +When reading a private key encoded without an associated public key (e.g. if +\&\s-1EC_PKEY_NO_PUBKEY\s0 has been used \- see below), then \fId2i_ECPrivateKey()\fR generates +the missing public key automatically. Private keys encoded without parameters +(e.g. if \s-1EC_PKEY_NO_PARAMETERS\s0 has been used \- see below) cannot be loaded using +\&\fId2i_ECPrivateKey()\fR. +.PP +The functions \fIEC_KEY_get_enc_flags()\fR and \fIEC_KEY_set_enc_flags()\fR get and set the +value of the encoding flags for the \fBkey\fR. There are two encoding flags +currently defined \- \s-1EC_PKEY_NO_PARAMETERS\s0 and \s-1EC_PKEY_NO_PUBKEY\s0. These flags +define the behaviour of how the \fBkey\fR is converted into \s-1ASN1\s0 in a call to +\&\fIi2d_ECPrivateKey()\fR. If \s-1EC_PKEY_NO_PARAMETERS\s0 is set then the public parameters for +the curve are not encoded along with the private key. If \s-1EC_PKEY_NO_PUBKEY\s0 is +set then the public key is not encoded along with the private key. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEC_KEY_get_enc_flags()\fR returns the value of the current encoding flags for the +\&\s-1EC_KEY\s0. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIcrypto\fR\|(7), \fIEC_GROUP_new\fR\|(3), +\&\fIEC_GROUP_copy\fR\|(3), \fIEC_POINT_new\fR\|(3), +\&\fIEC_POINT_add\fR\|(3), +\&\fIEC_GFp_simple_method\fR\|(3), +\&\fId2i_ECPKParameters\fR\|(3), +\&\fId2i_ECPrivateKey\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EC_KEY_new.3 b/linux_amd64/share/man/man3/EC_KEY_new.3 new file mode 100755 index 0000000..720f301 --- /dev/null +++ b/linux_amd64/share/man/man3/EC_KEY_new.3 @@ -0,0 +1,330 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EC_KEY_NEW 3" +.TH EC_KEY_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EC_KEY_get_method, EC_KEY_set_method, EC_KEY_new_ex, +EC_KEY_new, EC_KEY_get_flags, EC_KEY_set_flags, EC_KEY_clear_flags, +EC_KEY_new_by_curve_name_ex, EC_KEY_new_by_curve_name, EC_KEY_free, EC_KEY_copy, +EC_KEY_dup, EC_KEY_up_ref, EC_KEY_get0_engine, +EC_KEY_get0_group, EC_KEY_set_group, EC_KEY_get0_private_key, +EC_KEY_set_private_key, EC_KEY_get0_public_key, EC_KEY_set_public_key, +EC_KEY_get_conv_form, +EC_KEY_set_conv_form, EC_KEY_set_asn1_flag, EC_KEY_precompute_mult, +EC_KEY_generate_key, EC_KEY_check_key, EC_KEY_set_public_key_affine_coordinates, +EC_KEY_oct2key, EC_KEY_key2buf, EC_KEY_oct2priv, EC_KEY_priv2oct, +EC_KEY_priv2buf \- Functions for creating, destroying and manipulating +EC_KEY objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EC_KEY *EC_KEY_new_ex(OPENSSL_CTX *ctx); +\& EC_KEY *EC_KEY_new(void); +\& int EC_KEY_get_flags(const EC_KEY *key); +\& void EC_KEY_set_flags(EC_KEY *key, int flags); +\& void EC_KEY_clear_flags(EC_KEY *key, int flags); +\& EC_KEY *EC_KEY_new_by_curve_name_ex(OPENSSL_CTX *ctx, int nid); +\& EC_KEY *EC_KEY_new_by_curve_name(int nid); +\& void EC_KEY_free(EC_KEY *key); +\& EC_KEY *EC_KEY_copy(EC_KEY *dst, const EC_KEY *src); +\& EC_KEY *EC_KEY_dup(const EC_KEY *src); +\& int EC_KEY_up_ref(EC_KEY *key); +\& ENGINE *EC_KEY_get0_engine(const EC_KEY *eckey); +\& const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key); +\& int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group); +\& const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key); +\& int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *prv); +\& const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key); +\& int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub); +\& point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key); +\& void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform); +\& void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag); +\& int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx); +\& int EC_KEY_generate_key(EC_KEY *key); +\& int EC_KEY_check_key(const EC_KEY *key); +\& int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, BIGNUM *y); +\& const EC_KEY_METHOD *EC_KEY_get_method(const EC_KEY *key); +\& int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth); +\& +\& int EC_KEY_oct2key(EC_KEY *eckey, const unsigned char *buf, size_t len, BN_CTX *ctx); +\& size_t EC_KEY_key2buf(const EC_KEY *eckey, point_conversion_form_t form, +\& unsigned char **pbuf, BN_CTX *ctx); +\& +\& int EC_KEY_oct2priv(EC_KEY *eckey, const unsigned char *buf, size_t len); +\& size_t EC_KEY_priv2oct(const EC_KEY *eckey, unsigned char *buf, size_t len); +\& +\& size_t EC_KEY_priv2buf(const EC_KEY *eckey, unsigned char **pbuf); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +An \s-1EC_KEY\s0 represents a public key and, optionally, the associated private +key. +A new \s-1EC_KEY\s0 with no associated curve can be constructed by calling +\&\fIEC_KEY_new_ex()\fR and specifying the associated library context in \fBctx\fR +(see \s-1\fIOPENSSL_CTX\s0\fR\|(3)). +The \fBctx\fR parameter may be \s-1NULL\s0 in which case the default library context is +used. +The reference count for the newly created \s-1EC_KEY\s0 is initially +set to 1. +A curve can be associated with the \s-1EC_KEY\s0 by calling +\&\fIEC_KEY_set_group()\fR. +.PP +\&\fIEC_KEY_new()\fR is the same as \fIEC_KEY_new_ex()\fR except that the default library +context is always used. +.PP +Alternatively a new \s-1EC_KEY\s0 can be constructed by calling +\&\fIEC_KEY_new_by_curve_name_ex()\fR and supplying the nid of the associated curve and +the library context to be used \fBctx\fR (see \s-1\fIOPENSSL_CTX\s0\fR\|(3)). +The \fBctx\fR parameter may be \s-1NULL\s0 in which case the default library context is +used. +See \fIEC_GROUP_new\fR\|(3) for a description of curve names. +This function simply wraps calls to \fIEC_KEY_new_ex()\fR and +\&\fIEC_GROUP_new_by_curve_name_ex()\fR. +.PP +\&\fIEC_KEY_new_by_curve_name()\fR is the same as \fIEC_KEY_new_by_curve_name_ex()\fR except +that the default library context is always used. +.PP +Calling \fIEC_KEY_free()\fR decrements the reference count for the \s-1EC_KEY\s0 object, +and if it has dropped to zero then frees the memory associated with it. If +\&\fBkey\fR is \s-1NULL\s0 nothing is done. +.PP +\&\fIEC_KEY_copy()\fR copies the contents of the \s-1EC_KEY\s0 in \fBsrc\fR into \fBdest\fR. +.PP +\&\fIEC_KEY_dup()\fR creates a new \s-1EC_KEY\s0 object and copies \fBec_key\fR into it. +.PP +\&\fIEC_KEY_up_ref()\fR increments the reference count associated with the \s-1EC_KEY\s0 +object. +.PP +\&\fIEC_KEY_get0_engine()\fR returns a handle to the \s-1ENGINE\s0 that has been set for +this \s-1EC_KEY\s0 object. +.PP +\&\fIEC_KEY_generate_key()\fR generates a new public and private key for the supplied +\&\fBeckey\fR object. \fBeckey\fR must have an \s-1EC_GROUP\s0 object associated with it +before calling this function. The private key is a random integer (0 < priv_key +< order, where \fIorder\fR is the order of the \s-1EC_GROUP\s0 object). The public key is +an \s-1EC_POINT\s0 on the curve calculated by multiplying the generator for the +curve by the private key. +.PP +\&\fIEC_KEY_check_key()\fR performs various sanity checks on the \s-1EC_KEY\s0 object to +confirm that it is valid. +.PP +\&\fIEC_KEY_set_public_key_affine_coordinates()\fR sets the public key for \fBkey\fR based +on its affine co-ordinates; i.e., it constructs an \s-1EC_POINT\s0 object based on +the supplied \fBx\fR and \fBy\fR values and sets the public key to be this +\&\s-1EC_POINT\s0. It also performs certain sanity checks on the key to confirm +that it is valid. +.PP +The functions \fIEC_KEY_get0_group()\fR, \fIEC_KEY_set_group()\fR, +\&\fIEC_KEY_get0_private_key()\fR, \fIEC_KEY_set_private_key()\fR, \fIEC_KEY_get0_public_key()\fR, +and \fIEC_KEY_set_public_key()\fR get and set the \s-1EC_GROUP\s0 object, the private key, +and the \s-1EC_POINT\s0 public key for the \fBkey\fR respectively. +.PP +The functions \fIEC_KEY_get_conv_form()\fR and \fIEC_KEY_set_conv_form()\fR get and set the +point_conversion_form for the \fBkey\fR. For a description of +point_conversion_forms please see \fIEC_POINT_new\fR\|(3). +.PP +\&\fIEC_KEY_set_flags()\fR sets the flags in the \fBflags\fR parameter on the \s-1EC_KEY\s0 +object. Any flags that are already set are left set. The flags currently +defined are \s-1EC_FLAG_NON_FIPS_ALLOW\s0 and \s-1EC_FLAG_FIPS_CHECKED\s0. In +addition there is the flag \s-1EC_FLAG_COFACTOR_ECDH\s0 which is specific to \s-1ECDH\s0. +\&\fIEC_KEY_get_flags()\fR returns the current flags that are set for this \s-1EC_KEY\s0. +\&\fIEC_KEY_clear_flags()\fR clears the flags indicated by the \fBflags\fR parameter; all +other flags are left in their existing state. +.PP +\&\fIEC_KEY_set_asn1_flag()\fR sets the asn1_flag on the underlying \s-1EC_GROUP\s0 object +(if set). Refer to \fIEC_GROUP_copy\fR\|(3) for further information on the +asn1_flag. +.PP +\&\fIEC_KEY_precompute_mult()\fR stores multiples of the underlying \s-1EC_GROUP\s0 generator +for faster point multiplication. See also \fIEC_POINT_add\fR\|(3). +.PP +\&\fIEC_KEY_oct2key()\fR and \fIEC_KEY_key2buf()\fR are identical to the functions +\&\fIEC_POINT_oct2point()\fR and \fIEC_KEY_point2buf()\fR except they use the public key +\&\s-1EC_POINT\s0 in \fBeckey\fR. +.PP +\&\fIEC_KEY_oct2priv()\fR and \fIEC_KEY_priv2oct()\fR convert between the private key +component of \fBeckey\fR and octet form. The octet form consists of the content +octets of the \fBprivateKey\fR \s-1OCTET\s0 \s-1STRING\s0 in an \fBECPrivateKey\fR \s-1ASN\s0.1 structure. +.PP +The function \fIEC_KEY_priv2oct()\fR must be supplied with a buffer long enough to +store the octet form. The return value provides the number of octets stored. +Calling the function with a \s-1NULL\s0 buffer will not perform the conversion but +will just return the required buffer length. +.PP +The function \fIEC_KEY_priv2buf()\fR allocates a buffer of suitable length and writes +an \s-1EC_KEY\s0 to it in octet format. The allocated buffer is written to \fB*pbuf\fR +and its length is returned. The caller must free up the allocated buffer with a +call to \fIOPENSSL_free()\fR. Since the allocated buffer value is written to \fB*pbuf\fR +the \fBpbuf\fR parameter \fB\s-1MUST\s0 \s-1NOT\s0\fR be \fB\s-1NULL\s0\fR. +.PP +\&\fIEC_KEY_priv2buf()\fR converts an \s-1EC_KEY\s0 private key into an allocated buffer. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEC_KEY_new_ex()\fR, \fIEC_KEY_new()\fR, \fIEC_KEY_new_by_curve_name()\fR and \fIEC_KEY_dup()\fR +return a pointer to the newly created \s-1EC_KEY\s0 object, or \s-1NULL\s0 on error. +.PP +\&\fIEC_KEY_get_flags()\fR returns the flags associated with the \s-1EC_KEY\s0 object as an +integer. +.PP +\&\fIEC_KEY_copy()\fR returns a pointer to the destination key, or \s-1NULL\s0 on error. +.PP +\&\fIEC_KEY_get0_engine()\fR returns a pointer to an \s-1ENGINE\s0, or \s-1NULL\s0 if it wasn't set. +.PP +\&\fIEC_KEY_up_ref()\fR, \fIEC_KEY_set_group()\fR, \fIEC_KEY_set_private_key()\fR, +\&\fIEC_KEY_set_public_key()\fR, \fIEC_KEY_precompute_mult()\fR, \fIEC_KEY_generate_key()\fR, +\&\fIEC_KEY_check_key()\fR, \fIEC_KEY_set_public_key_affine_coordinates()\fR, +\&\fIEC_KEY_oct2key()\fR and \fIEC_KEY_oct2priv()\fR return 1 on success or 0 on error. +.PP +\&\fIEC_KEY_get0_group()\fR returns the \s-1EC_GROUP\s0 associated with the \s-1EC_KEY\s0. +.PP +\&\fIEC_KEY_get0_private_key()\fR returns the private key associated with the \s-1EC_KEY\s0. +.PP +\&\fIEC_KEY_get_conv_form()\fR return the point_conversion_form for the \s-1EC_KEY\s0. +.PP +\&\fIEC_KEY_key2buf()\fR, \fIEC_KEY_priv2oct()\fR and \fIEC_KEY_priv2buf()\fR return the length +of the buffer or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIcrypto\fR\|(7), \fIEC_GROUP_new\fR\|(3), +\&\fIEC_GROUP_copy\fR\|(3), \fIEC_POINT_new\fR\|(3), +\&\fIEC_POINT_add\fR\|(3), +\&\fIEC_GFp_simple_method\fR\|(3), +\&\fId2i_ECPKParameters\fR\|(3), +\&\s-1\fIOPENSSL_CTX\s0\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2013\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EC_POINT_add.3 b/linux_amd64/share/man/man3/EC_POINT_add.3 new file mode 100755 index 0000000..eb0ccdd --- /dev/null +++ b/linux_amd64/share/man/man3/EC_POINT_add.3 @@ -0,0 +1,207 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EC_POINT_ADD 3" +.TH EC_POINT_ADD 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EC_POINT_add, EC_POINT_dbl, EC_POINT_invert, EC_POINT_is_at_infinity, EC_POINT_is_on_curve, EC_POINT_cmp, EC_POINT_make_affine, EC_POINTs_make_affine, EC_POINTs_mul, EC_POINT_mul, EC_GROUP_precompute_mult, EC_GROUP_have_precompute_mult \- Functions for performing mathematical operations and tests on EC_POINT objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, +\& const EC_POINT *b, BN_CTX *ctx); +\& int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx); +\& int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx); +\& int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *p); +\& int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx); +\& int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx); +\& int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx); +\& int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, +\& EC_POINT *points[], BN_CTX *ctx); +\& int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, size_t num, +\& const EC_POINT *p[], const BIGNUM *m[], BN_CTX *ctx); +\& int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, +\& const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx); +\& int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx); +\& int EC_GROUP_have_precompute_mult(const EC_GROUP *group); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +EC_POINT_add adds the two points \fBa\fR and \fBb\fR and places the result in \fBr\fR. Similarly EC_POINT_dbl doubles the point \fBa\fR and places the +result in \fBr\fR. In both cases it is valid for \fBr\fR to be one of \fBa\fR or \fBb\fR. +.PP +EC_POINT_invert calculates the inverse of the supplied point \fBa\fR. The result is placed back in \fBa\fR. +.PP +The function EC_POINT_is_at_infinity tests whether the supplied point is at infinity or not. +.PP +EC_POINT_is_on_curve tests whether the supplied point is on the curve or not. +.PP +EC_POINT_cmp compares the two supplied points and tests whether or not they are equal. +.PP +The functions EC_POINT_make_affine and EC_POINTs_make_affine force the internal representation of the \s-1EC_POINT\s0(s) into the affine +co-ordinate system. In the case of EC_POINTs_make_affine the value \fBnum\fR provides the number of points in the array \fBpoints\fR to be +forced. +.PP +EC_POINT_mul is a convenient interface to EC_POINTs_mul: it calculates the value generator * \fBn\fR + \fBq\fR * \fBm\fR and stores the result in \fBr\fR. +The value \fBn\fR may be \s-1NULL\s0 in which case the result is just \fBq\fR * \fBm\fR (variable point multiplication). Alternatively, both \fBq\fR and \fBm\fR may be \s-1NULL\s0, and \fBn\fR non-NULL, in which case the result is just generator * \fBn\fR (fixed point multiplication). +When performing a single fixed or variable point multiplication, the underlying implementation uses a constant time algorithm, when the input scalar (either \fBn\fR or \fBm\fR) is in the range [0, ec_group_order). +.PP +EC_POINTs_mul calculates the value generator * \fBn\fR + \fBq[0]\fR * \fBm[0]\fR + ... + \fBq[num\-1]\fR * \fBm[num\-1]\fR. As for EC_POINT_mul the value \fBn\fR may be \s-1NULL\s0 or \fBnum\fR may be zero. +When performing a fixed point multiplication (\fBn\fR is non-NULL and \fBnum\fR is 0) or a variable point multiplication (\fBn\fR is \s-1NULL\s0 and \fBnum\fR is 1), the underlying implementation uses a constant time algorithm, when the input scalar (either \fBn\fR or \fBm[0]\fR) is in the range [0, ec_group_order). +.PP +The function EC_GROUP_precompute_mult stores multiples of the generator for faster point multiplication, whilst +EC_GROUP_have_precompute_mult tests whether precomputation has already been done. See \fIEC_GROUP_copy\fR\|(3) for information +about the generator. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following functions return 1 on success or 0 on error: EC_POINT_add, EC_POINT_dbl, EC_POINT_invert, EC_POINT_make_affine, +EC_POINTs_make_affine, EC_POINTs_make_affine, EC_POINT_mul, EC_POINTs_mul and EC_GROUP_precompute_mult. +.PP +EC_POINT_is_at_infinity returns 1 if the point is at infinity, or 0 otherwise. +.PP +EC_POINT_is_on_curve returns 1 if the point is on the curve, 0 if not, or \-1 on error. +.PP +EC_POINT_cmp returns 1 if the points are not equal, 0 if they are, or \-1 on error. +.PP +EC_GROUP_have_precompute_mult return 1 if a precomputation has been done, or 0 if not. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIcrypto\fR\|(7), \fIEC_GROUP_new\fR\|(3), \fIEC_GROUP_copy\fR\|(3), +\&\fIEC_POINT_new\fR\|(3), \fIEC_KEY_new\fR\|(3), +\&\fIEC_GFp_simple_method\fR\|(3), \fId2i_ECPKParameters\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2013\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EC_POINT_new.3 b/linux_amd64/share/man/man3/EC_POINT_new.3 new file mode 100755 index 0000000..c7b0d17 --- /dev/null +++ b/linux_amd64/share/man/man3/EC_POINT_new.3 @@ -0,0 +1,375 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EC_POINT_NEW 3" +.TH EC_POINT_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EC_POINT_set_Jprojective_coordinates_GFp, +EC_POINT_point2buf, +EC_POINT_new, +EC_POINT_free, +EC_POINT_clear_free, +EC_POINT_copy, +EC_POINT_dup, +EC_POINT_method_of, +EC_POINT_set_to_infinity, +EC_POINT_get_Jprojective_coordinates_GFp, +EC_POINT_set_affine_coordinates, +EC_POINT_get_affine_coordinates, +EC_POINT_set_compressed_coordinates, +EC_POINT_set_affine_coordinates_GFp, +EC_POINT_get_affine_coordinates_GFp, +EC_POINT_set_compressed_coordinates_GFp, +EC_POINT_set_affine_coordinates_GF2m, +EC_POINT_get_affine_coordinates_GF2m, +EC_POINT_set_compressed_coordinates_GF2m, +EC_POINT_point2oct, +EC_POINT_oct2point, +EC_POINT_point2bn, +EC_POINT_bn2point, +EC_POINT_point2hex, +EC_POINT_hex2point +\&\- Functions for creating, destroying and manipulating EC_POINT objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EC_POINT *EC_POINT_new(const EC_GROUP *group); +\& void EC_POINT_free(EC_POINT *point); +\& void EC_POINT_clear_free(EC_POINT *point); +\& int EC_POINT_copy(EC_POINT *dst, const EC_POINT *src); +\& EC_POINT *EC_POINT_dup(const EC_POINT *src, const EC_GROUP *group); +\& const EC_METHOD *EC_POINT_method_of(const EC_POINT *point); +\& int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point); +\& int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, +\& EC_POINT *p, +\& const BIGNUM *x, const BIGNUM *y, +\& const BIGNUM *z, BN_CTX *ctx); +\& int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, +\& const EC_POINT *p, +\& BIGNUM *x, BIGNUM *y, BIGNUM *z, +\& BN_CTX *ctx); +\& int EC_POINT_set_affine_coordinates(const EC_GROUP *group, EC_POINT *p, +\& const BIGNUM *x, const BIGNUM *y, +\& BN_CTX *ctx); +\& int EC_POINT_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *p, +\& BIGNUM *x, BIGNUM *y, BN_CTX *ctx); +\& int EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *p, +\& const BIGNUM *x, int y_bit, +\& BN_CTX *ctx); +\& int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *p, +\& const BIGNUM *x, const BIGNUM *y, +\& BN_CTX *ctx); +\& int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, +\& const EC_POINT *p, +\& BIGNUM *x, BIGNUM *y, BN_CTX *ctx); +\& int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, +\& EC_POINT *p, +\& const BIGNUM *x, int y_bit, +\& BN_CTX *ctx); +\& int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p, +\& const BIGNUM *x, const BIGNUM *y, +\& BN_CTX *ctx); +\& int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, +\& const EC_POINT *p, +\& BIGNUM *x, BIGNUM *y, BN_CTX *ctx); +\& int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, +\& EC_POINT *p, +\& const BIGNUM *x, int y_bit, +\& BN_CTX *ctx); +\& size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *p, +\& point_conversion_form_t form, +\& unsigned char *buf, size_t len, BN_CTX *ctx); +\& size_t EC_POINT_point2buf(const EC_GROUP *group, const EC_POINT *point, +\& point_conversion_form_t form, +\& unsigned char **pbuf, BN_CTX *ctx); +\& int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *p, +\& const unsigned char *buf, size_t len, BN_CTX *ctx); +\& BIGNUM *EC_POINT_point2bn(const EC_GROUP *group, const EC_POINT *p, +\& point_conversion_form_t form, BIGNUM *bn, +\& BN_CTX *ctx); +\& EC_POINT *EC_POINT_bn2point(const EC_GROUP *group, const BIGNUM *bn, +\& EC_POINT *p, BN_CTX *ctx); +\& char *EC_POINT_point2hex(const EC_GROUP *group, const EC_POINT *p, +\& point_conversion_form_t form, BN_CTX *ctx); +\& EC_POINT *EC_POINT_hex2point(const EC_GROUP *group, const char *hex, +\& EC_POINT *p, BN_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +An \fB\s-1EC_POINT\s0\fR structure represents a point on a curve. A new point is +constructed by calling the function \fIEC_POINT_new()\fR and providing the +\&\fBgroup\fR object that the point relates to. +.PP +\&\fIEC_POINT_free()\fR frees the memory associated with the \fB\s-1EC_POINT\s0\fR. +if \fBpoint\fR is \s-1NULL\s0 nothing is done. +.PP +\&\fIEC_POINT_clear_free()\fR destroys any sensitive data held within the \s-1EC_POINT\s0 and +then frees its memory. If \fBpoint\fR is \s-1NULL\s0 nothing is done. +.PP +\&\fIEC_POINT_copy()\fR copies the point \fBsrc\fR into \fBdst\fR. Both \fBsrc\fR and \fBdst\fR +must use the same \fB\s-1EC_METHOD\s0\fR. +.PP +\&\fIEC_POINT_dup()\fR creates a new \fB\s-1EC_POINT\s0\fR object and copies the content from +\&\fBsrc\fR to the newly created \fB\s-1EC_POINT\s0\fR object. +.PP +\&\fIEC_POINT_method_of()\fR obtains the \fB\s-1EC_METHOD\s0\fR associated with \fBpoint\fR. +.PP +A valid point on a curve is the special point at infinity. A point is set to +be at infinity by calling \fIEC_POINT_set_to_infinity()\fR. +.PP +The affine co-ordinates for a point describe a point in terms of its x and y +position. The function \fIEC_POINT_set_affine_coordinates()\fR sets the \fBx\fR and \fBy\fR +co-ordinates for the point \fBp\fR defined over the curve given in \fBgroup\fR. The +function \fIEC_POINT_get_affine_coordinates()\fR sets \fBx\fR and \fBy\fR, either of which +may be \s-1NULL\s0, to the corresponding coordinates of \fBp\fR. +.PP +The functions \fIEC_POINT_set_affine_coordinates_GFp()\fR and +\&\fIEC_POINT_set_affine_coordinates_GF2m()\fR are synonyms for +\&\fIEC_POINT_set_affine_coordinates()\fR. They are defined for backwards compatibility +only and should not be used. +.PP +The functions \fIEC_POINT_get_affine_coordinates_GFp()\fR and +\&\fIEC_POINT_get_affine_coordinates_GF2m()\fR are synonyms for +\&\fIEC_POINT_get_affine_coordinates()\fR. They are defined for backwards compatibility +only and should not be used. +.PP +As well as the affine co-ordinates, a point can alternatively be described in +terms of its Jacobian projective co-ordinates (for Fp curves only). Jacobian +projective co-ordinates are expressed as three values x, y and z. Working in +this co-ordinate system provides more efficient point multiplication +operations. A mapping exists between Jacobian projective co-ordinates and +affine co-ordinates. A Jacobian projective co-ordinate (x, y, z) can be written +as an affine co-ordinate as (x/(z^2), y/(z^3)). Conversion to Jacobian +projective from affine co-ordinates is simple. The co-ordinate (x, y) is mapped +to (x, y, 1). To set or get the projective co-ordinates use +\&\fIEC_POINT_set_Jprojective_coordinates_GFp()\fR and +\&\fIEC_POINT_get_Jprojective_coordinates_GFp()\fR respectively. +.PP +Points can also be described in terms of their compressed co-ordinates. For a +point (x, y), for any given value for x such that the point is on the curve +there will only ever be two possible values for y. Therefore a point can be set +using the \fIEC_POINT_set_compressed_coordinates()\fR function where \fBx\fR is the x +co-ordinate and \fBy_bit\fR is a value 0 or 1 to identify which of the two +possible values for y should be used. +.PP +The functions \fIEC_POINT_set_compressed_coordinates_GFp()\fR and +\&\fIEC_POINT_set_compressed_coordinates_GF2m()\fR are synonyms for +\&\fIEC_POINT_set_compressed_coordinates()\fR. They are defined for backwards +compatibility only and should not be used. +.PP +In addition \fB\s-1EC_POINT\s0\fR can be converted to and from various external +representations. The octet form is the binary encoding of the \fBECPoint\fR +structure (as defined in \s-1RFC5480\s0 and used in certificates and \s-1TLS\s0 records): +only the content octets are present, the \fB\s-1OCTET\s0 \s-1STRING\s0\fR tag and length are +not included. \fB\s-1BIGNUM\s0\fR form is the octet form interpreted as a big endian +integer converted to a \fB\s-1BIGNUM\s0\fR structure. Hexadecimal form is the octet +form converted to a \s-1NULL\s0 terminated character string where each character +is one of the printable values 0\-9 or A\-F (or a\-f). +.PP +The functions \fIEC_POINT_point2oct()\fR, \fIEC_POINT_oct2point()\fR, \fIEC_POINT_point2bn()\fR, +\&\fIEC_POINT_bn2point()\fR, \fIEC_POINT_point2hex()\fR and \fIEC_POINT_hex2point()\fR convert from +and to EC_POINTs for the formats: octet, \s-1BIGNUM\s0 and hexadecimal respectively. +.PP +The function \fIEC_POINT_point2oct()\fR encodes the given curve point \fBp\fR as an +octet string into the buffer \fBbuf\fR of size \fBlen\fR, using the specified +conversion form \fBform\fR. +The encoding conforms with Sec. 2.3.3 of the \s-1SECG\s0 \s-1SEC\s0 1 (\*(L"Elliptic Curve +Cryptography\*(R") standard. +Similarly the function \fIEC_POINT_oct2point()\fR decodes a curve point into \fBp\fR from +the octet string contained in the given buffer \fBbuf\fR of size \fBlen\fR, conforming +to Sec. 2.3.4 of the \s-1SECG\s0 \s-1SEC\s0 1 (\*(L"Elliptic Curve Cryptography\*(R") standard. +.PP +The functions \fIEC_POINT_point2hex()\fR and \fIEC_POINT_point2bn()\fR convert a point \fBp\fR, +respectively, to the hexadecimal or \s-1BIGNUM\s0 representation of the same +encoding of the function \fIEC_POINT_point2oct()\fR. +Vice versa, similarly to the function \fIEC_POINT_oct2point()\fR, the functions +\&\fIEC_POINT_hex2point()\fR and \fIEC_POINT_point2bn()\fR decode the hexadecimal or +\&\s-1BIGNUM\s0 representation into the \s-1EC_POINT\s0 \fBp\fR. +.PP +Notice that, according to the standard, the octet string encoding of the point +at infinity for a given curve is fixed to a single octet of value zero and that, +vice versa, a single octet of size zero is decoded as the point at infinity. +.PP +The function \fIEC_POINT_point2oct()\fR must be supplied with a buffer long enough to +store the octet form. The return value provides the number of octets stored. +Calling the function with a \s-1NULL\s0 buffer will not perform the conversion but +will still return the required buffer length. +.PP +The function \fIEC_POINT_point2buf()\fR allocates a buffer of suitable length and +writes an \s-1EC_POINT\s0 to it in octet format. The allocated buffer is written to +\&\fB*pbuf\fR and its length is returned. The caller must free up the allocated +buffer with a call to \fIOPENSSL_free()\fR. Since the allocated buffer value is +written to \fB*pbuf\fR the \fBpbuf\fR parameter \fB\s-1MUST\s0 \s-1NOT\s0\fR be \fB\s-1NULL\s0\fR. +.PP +The function \fIEC_POINT_point2hex()\fR will allocate sufficient memory to store the +hexadecimal string. It is the caller's responsibility to free this memory with +a subsequent call to \fIOPENSSL_free()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEC_POINT_new()\fR and \fIEC_POINT_dup()\fR return the newly allocated \s-1EC_POINT\s0 or \s-1NULL\s0 +on error. +.PP +The following functions return 1 on success or 0 on error: \fIEC_POINT_copy()\fR, +\&\fIEC_POINT_set_to_infinity()\fR, \fIEC_POINT_set_Jprojective_coordinates_GFp()\fR, +\&\fIEC_POINT_get_Jprojective_coordinates_GFp()\fR, +\&\fIEC_POINT_set_affine_coordinates_GFp()\fR, \fIEC_POINT_get_affine_coordinates_GFp()\fR, +\&\fIEC_POINT_set_compressed_coordinates_GFp()\fR, +\&\fIEC_POINT_set_affine_coordinates_GF2m()\fR, \fIEC_POINT_get_affine_coordinates_GF2m()\fR, +\&\fIEC_POINT_set_compressed_coordinates_GF2m()\fR and \fIEC_POINT_oct2point()\fR. +.PP +EC_POINT_method_of returns the \s-1EC_METHOD\s0 associated with the supplied \s-1EC_POINT\s0. +.PP +\&\fIEC_POINT_point2oct()\fR and \fIEC_POINT_point2buf()\fR return the length of the required +buffer or 0 on error. +.PP +\&\fIEC_POINT_point2bn()\fR returns the pointer to the \s-1BIGNUM\s0 supplied, or \s-1NULL\s0 on +error. +.PP +\&\fIEC_POINT_bn2point()\fR returns the pointer to the \s-1EC_POINT\s0 supplied, or \s-1NULL\s0 on +error. +.PP +\&\fIEC_POINT_point2hex()\fR returns a pointer to the hex string, or \s-1NULL\s0 on error. +.PP +\&\fIEC_POINT_hex2point()\fR returns the pointer to the \s-1EC_POINT\s0 supplied, or \s-1NULL\s0 on +error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIcrypto\fR\|(7), \fIEC_GROUP_new\fR\|(3), \fIEC_GROUP_copy\fR\|(3), +\&\fIEC_POINT_add\fR\|(3), \fIEC_KEY_new\fR\|(3), +\&\fIEC_GFp_simple_method\fR\|(3), \fId2i_ECPKParameters\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2013\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/ENGINE_add.3 b/linux_amd64/share/man/man3/ENGINE_add.3 new file mode 100755 index 0000000..1c86381 --- /dev/null +++ b/linux_amd64/share/man/man3/ENGINE_add.3 @@ -0,0 +1,796 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ENGINE_ADD 3" +.TH ENGINE_ADD 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ENGINE_get_DH, ENGINE_get_DSA, +ENGINE_by_id, ENGINE_get_cipher_engine, ENGINE_get_default_DH, +ENGINE_get_default_DSA, +ENGINE_get_default_RAND, +ENGINE_get_default_RSA, ENGINE_get_digest_engine, ENGINE_get_first, +ENGINE_get_last, ENGINE_get_next, ENGINE_get_prev, ENGINE_new, +ENGINE_get_ciphers, ENGINE_get_ctrl_function, ENGINE_get_digests, +ENGINE_get_destroy_function, ENGINE_get_finish_function, +ENGINE_get_init_function, ENGINE_get_load_privkey_function, +ENGINE_get_load_pubkey_function, ENGINE_load_private_key, +ENGINE_load_public_key, ENGINE_get_RAND, ENGINE_get_RSA, ENGINE_get_id, +ENGINE_get_name, ENGINE_get_cmd_defns, ENGINE_get_cipher, +ENGINE_get_digest, ENGINE_add, ENGINE_cmd_is_executable, +ENGINE_ctrl, ENGINE_ctrl_cmd, ENGINE_ctrl_cmd_string, +ENGINE_finish, ENGINE_free, ENGINE_get_flags, ENGINE_init, +ENGINE_register_DH, ENGINE_register_DSA, +ENGINE_register_RAND, ENGINE_register_RSA, +ENGINE_register_all_complete, ENGINE_register_ciphers, +ENGINE_register_complete, ENGINE_register_digests, ENGINE_remove, +ENGINE_set_DH, ENGINE_set_DSA, +ENGINE_set_RAND, ENGINE_set_RSA, ENGINE_set_ciphers, +ENGINE_set_cmd_defns, ENGINE_set_ctrl_function, ENGINE_set_default, +ENGINE_set_default_DH, ENGINE_set_default_DSA, +ENGINE_set_default_RAND, ENGINE_set_default_RSA, +ENGINE_set_default_ciphers, ENGINE_set_default_digests, +ENGINE_set_default_string, ENGINE_set_destroy_function, +ENGINE_set_digests, ENGINE_set_finish_function, ENGINE_set_flags, +ENGINE_set_id, ENGINE_set_init_function, ENGINE_set_load_privkey_function, +ENGINE_set_load_pubkey_function, ENGINE_set_name, ENGINE_up_ref, +ENGINE_get_table_flags, ENGINE_cleanup, +ENGINE_load_builtin_engines, ENGINE_register_all_DH, +ENGINE_register_all_DSA, +ENGINE_register_all_RAND, +ENGINE_register_all_RSA, ENGINE_register_all_ciphers, +ENGINE_register_all_digests, ENGINE_set_table_flags, ENGINE_unregister_DH, +ENGINE_unregister_DSA, +ENGINE_unregister_RAND, ENGINE_unregister_RSA, ENGINE_unregister_ciphers, +ENGINE_unregister_digests +\&\- ENGINE cryptographic module support +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& ENGINE *ENGINE_get_first(void); +\& ENGINE *ENGINE_get_last(void); +\& ENGINE *ENGINE_get_next(ENGINE *e); +\& ENGINE *ENGINE_get_prev(ENGINE *e); +\& +\& int ENGINE_add(ENGINE *e); +\& int ENGINE_remove(ENGINE *e); +\& +\& ENGINE *ENGINE_by_id(const char *id); +\& +\& int ENGINE_init(ENGINE *e); +\& int ENGINE_finish(ENGINE *e); +\& +\& void ENGINE_load_builtin_engines(void); +\& +\& ENGINE *ENGINE_get_default_RSA(void); +\& ENGINE *ENGINE_get_default_DSA(void); +\& ENGINE *ENGINE_get_default_DH(void); +\& ENGINE *ENGINE_get_default_RAND(void); +\& ENGINE *ENGINE_get_cipher_engine(int nid); +\& ENGINE *ENGINE_get_digest_engine(int nid); +\& +\& int ENGINE_set_default_RSA(ENGINE *e); +\& int ENGINE_set_default_DSA(ENGINE *e); +\& int ENGINE_set_default_DH(ENGINE *e); +\& int ENGINE_set_default_RAND(ENGINE *e); +\& int ENGINE_set_default_ciphers(ENGINE *e); +\& int ENGINE_set_default_digests(ENGINE *e); +\& int ENGINE_set_default_string(ENGINE *e, const char *list); +\& +\& int ENGINE_set_default(ENGINE *e, unsigned int flags); +\& +\& unsigned int ENGINE_get_table_flags(void); +\& void ENGINE_set_table_flags(unsigned int flags); +\& +\& int ENGINE_register_RSA(ENGINE *e); +\& void ENGINE_unregister_RSA(ENGINE *e); +\& void ENGINE_register_all_RSA(void); +\& int ENGINE_register_DSA(ENGINE *e); +\& void ENGINE_unregister_DSA(ENGINE *e); +\& void ENGINE_register_all_DSA(void); +\& int ENGINE_register_DH(ENGINE *e); +\& void ENGINE_unregister_DH(ENGINE *e); +\& void ENGINE_register_all_DH(void); +\& int ENGINE_register_RAND(ENGINE *e); +\& void ENGINE_unregister_RAND(ENGINE *e); +\& void ENGINE_register_all_RAND(void); +\& int ENGINE_register_ciphers(ENGINE *e); +\& void ENGINE_unregister_ciphers(ENGINE *e); +\& void ENGINE_register_all_ciphers(void); +\& int ENGINE_register_digests(ENGINE *e); +\& void ENGINE_unregister_digests(ENGINE *e); +\& void ENGINE_register_all_digests(void); +\& int ENGINE_register_complete(ENGINE *e); +\& int ENGINE_register_all_complete(void); +\& +\& int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)); +\& int ENGINE_cmd_is_executable(ENGINE *e, int cmd); +\& int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, +\& long i, void *p, void (*f)(void), int cmd_optional); +\& int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg, +\& int cmd_optional); +\& +\& ENGINE *ENGINE_new(void); +\& int ENGINE_free(ENGINE *e); +\& int ENGINE_up_ref(ENGINE *e); +\& +\& int ENGINE_set_id(ENGINE *e, const char *id); +\& int ENGINE_set_name(ENGINE *e, const char *name); +\& int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth); +\& int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth); +\& int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth); +\& int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth); +\& int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f); +\& int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f); +\& int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f); +\& int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f); +\& int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f); +\& int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f); +\& int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f); +\& int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f); +\& int ENGINE_set_flags(ENGINE *e, int flags); +\& int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns); +\& +\& const char *ENGINE_get_id(const ENGINE *e); +\& const char *ENGINE_get_name(const ENGINE *e); +\& const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e); +\& const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e); +\& const DH_METHOD *ENGINE_get_DH(const ENGINE *e); +\& const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e); +\& ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e); +\& ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e); +\& ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e); +\& ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e); +\& ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e); +\& ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e); +\& ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e); +\& ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e); +\& const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid); +\& const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid); +\& int ENGINE_get_flags(const ENGINE *e); +\& const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e); +\& +\& EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, +\& UI_METHOD *ui_method, void *callback_data); +\& EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id, +\& UI_METHOD *ui_method, void *callback_data); +.Ve +.PP +Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& void ENGINE_cleanup(void) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions create, manipulate, and use cryptographic modules in the +form of \fB\s-1ENGINE\s0\fR objects. These objects act as containers for +implementations of cryptographic algorithms, and support a +reference-counted mechanism to allow them to be dynamically loaded in and +out of the running application. +.PP +The cryptographic functionality that can be provided by an \fB\s-1ENGINE\s0\fR +implementation includes the following abstractions; +.PP +.Vb 6 +\& RSA_METHOD \- for providing alternative RSA implementations +\& DSA_METHOD, DH_METHOD, RAND_METHOD, ECDH_METHOD, ECDSA_METHOD, +\& \- similarly for other OpenSSL APIs +\& EVP_CIPHER \- potentially multiple cipher algorithms (indexed by \*(Aqnid\*(Aq) +\& EVP_DIGEST \- potentially multiple hash algorithms (indexed by \*(Aqnid\*(Aq) +\& key\-loading \- loading public and/or private EVP_PKEY keys +.Ve +.SS "Reference counting and handles" +.IX Subsection "Reference counting and handles" +Due to the modular nature of the \s-1ENGINE\s0 \s-1API\s0, pointers to ENGINEs need to be +treated as handles \- ie. not only as pointers, but also as references to +the underlying \s-1ENGINE\s0 object. Ie. one should obtain a new reference when +making copies of an \s-1ENGINE\s0 pointer if the copies will be used (and +released) independently. +.PP +\&\s-1ENGINE\s0 objects have two levels of reference-counting to match the way in +which the objects are used. At the most basic level, each \s-1ENGINE\s0 pointer is +inherently a \fBstructural\fR reference \- a structural reference is required +to use the pointer value at all, as this kind of reference is a guarantee +that the structure can not be deallocated until the reference is released. +.PP +However, a structural reference provides no guarantee that the \s-1ENGINE\s0 is +initialised and able to use any of its cryptographic +implementations. Indeed it's quite possible that most ENGINEs will not +initialise at all in typical environments, as ENGINEs are typically used to +support specialised hardware. To use an \s-1ENGINE\s0's functionality, you need a +\&\fBfunctional\fR reference. This kind of reference can be considered a +specialised form of structural reference, because each functional reference +implicitly contains a structural reference as well \- however to avoid +difficult-to-find programming bugs, it is recommended to treat the two +kinds of reference independently. If you have a functional reference to an +\&\s-1ENGINE\s0, you have a guarantee that the \s-1ENGINE\s0 has been initialised and +is ready to perform cryptographic operations, and will remain initialised +until after you have released your reference. +.PP +\&\fIStructural references\fR +.PP +This basic type of reference is used for instantiating new ENGINEs, +iterating across OpenSSL's internal linked-list of loaded +ENGINEs, reading information about an \s-1ENGINE\s0, etc. Essentially a structural +reference is sufficient if you only need to query or manipulate the data of +an \s-1ENGINE\s0 implementation rather than use its functionality. +.PP +The \fIENGINE_new()\fR function returns a structural reference to a new (empty) +\&\s-1ENGINE\s0 object. There are other \s-1ENGINE\s0 \s-1API\s0 functions that return structural +references such as; \fIENGINE_by_id()\fR, \fIENGINE_get_first()\fR, \fIENGINE_get_last()\fR, +\&\fIENGINE_get_next()\fR, \fIENGINE_get_prev()\fR. All structural references should be +released by a corresponding to call to the \fIENGINE_free()\fR function \- the +\&\s-1ENGINE\s0 object itself will only actually be cleaned up and deallocated when +the last structural reference is released. +.PP +It should also be noted that many \s-1ENGINE\s0 \s-1API\s0 function calls that accept a +structural reference will internally obtain another reference \- typically +this happens whenever the supplied \s-1ENGINE\s0 will be needed by OpenSSL after +the function has returned. Eg. the function to add a new \s-1ENGINE\s0 to +OpenSSL's internal list is \fIENGINE_add()\fR \- if this function returns success, +then OpenSSL will have stored a new structural reference internally so the +caller is still responsible for freeing their own reference with +\&\fIENGINE_free()\fR when they are finished with it. In a similar way, some +functions will automatically release the structural reference passed to it +if part of the function's job is to do so. Eg. the \fIENGINE_get_next()\fR and +\&\fIENGINE_get_prev()\fR functions are used for iterating across the internal +\&\s-1ENGINE\s0 list \- they will return a new structural reference to the next (or +previous) \s-1ENGINE\s0 in the list or \s-1NULL\s0 if at the end (or beginning) of the +list, but in either case the structural reference passed to the function is +released on behalf of the caller. +.PP +To clarify a particular function's handling of references, one should +always consult that function's documentation \*(L"man\*(R" page, or failing that +the openssl/engine.h header file includes some hints. +.PP +\&\fIFunctional references\fR +.PP +As mentioned, functional references exist when the cryptographic +functionality of an \s-1ENGINE\s0 is required to be available. A functional +reference can be obtained in one of two ways; from an existing structural +reference to the required \s-1ENGINE\s0, or by asking OpenSSL for the default +operational \s-1ENGINE\s0 for a given cryptographic purpose. +.PP +To obtain a functional reference from an existing structural reference, +call the \fIENGINE_init()\fR function. This returns zero if the \s-1ENGINE\s0 was not +already operational and couldn't be successfully initialised (eg. lack of +system drivers, no special hardware attached, etc), otherwise it will +return nonzero to indicate that the \s-1ENGINE\s0 is now operational and will +have allocated a new \fBfunctional\fR reference to the \s-1ENGINE\s0. All functional +references are released by calling \fIENGINE_finish()\fR (which removes the +implicit structural reference as well). +.PP +The second way to get a functional reference is by asking OpenSSL for a +default implementation for a given task, eg. by \fIENGINE_get_default_RSA()\fR, +\&\fIENGINE_get_default_cipher_engine()\fR, etc. These are discussed in the next +section, though they are not usually required by application programmers as +they are used automatically when creating and using the relevant +algorithm-specific types in OpenSSL, such as \s-1RSA\s0, \s-1DSA\s0, \s-1EVP_CIPHER_CTX\s0, etc. +.SS "Default implementations" +.IX Subsection "Default implementations" +For each supported abstraction, the \s-1ENGINE\s0 code maintains an internal table +of state to control which implementations are available for a given +abstraction and which should be used by default. These implementations are +registered in the tables and indexed by an 'nid' value, because +abstractions like \s-1EVP_CIPHER\s0 and \s-1EVP_DIGEST\s0 support many distinct +algorithms and modes, and ENGINEs can support arbitrarily many of them. +In the case of other abstractions like \s-1RSA\s0, \s-1DSA\s0, etc, there is only one +\&\*(L"algorithm\*(R" so all implementations implicitly register using the same 'nid' +index. +.PP +When a default \s-1ENGINE\s0 is requested for a given abstraction/algorithm/mode, (eg. +when calling RSA_new_method(\s-1NULL\s0)), a \*(L"get_default\*(R" call will be made to the +\&\s-1ENGINE\s0 subsystem to process the corresponding state table and return a +functional reference to an initialised \s-1ENGINE\s0 whose implementation should be +used. If no \s-1ENGINE\s0 should (or can) be used, it will return \s-1NULL\s0 and the caller +will operate with a \s-1NULL\s0 \s-1ENGINE\s0 handle \- this usually equates to using the +conventional software implementation. In the latter case, OpenSSL will from +then on behave the way it used to before the \s-1ENGINE\s0 \s-1API\s0 existed. +.PP +Each state table has a flag to note whether it has processed this +\&\*(L"get_default\*(R" query since the table was last modified, because to process +this question it must iterate across all the registered ENGINEs in the +table trying to initialise each of them in turn, in case one of them is +operational. If it returns a functional reference to an \s-1ENGINE\s0, it will +also cache another reference to speed up processing future queries (without +needing to iterate across the table). Likewise, it will cache a \s-1NULL\s0 +response if no \s-1ENGINE\s0 was available so that future queries won't repeat the +same iteration unless the state table changes. This behaviour can also be +changed; if the \s-1ENGINE_TABLE_FLAG_NOINIT\s0 flag is set (using +\&\fIENGINE_set_table_flags()\fR), no attempted initialisations will take place, +instead the only way for the state table to return a non-NULL \s-1ENGINE\s0 to the +\&\*(L"get_default\*(R" query will be if one is expressly set in the table. Eg. +\&\fIENGINE_set_default_RSA()\fR does the same job as \fIENGINE_register_RSA()\fR except +that it also sets the state table's cached response for the \*(L"get_default\*(R" +query. In the case of abstractions like \s-1EVP_CIPHER\s0, where implementations are +indexed by 'nid', these flags and cached-responses are distinct for each 'nid' +value. +.SS "Application requirements" +.IX Subsection "Application requirements" +This section will explain the basic things an application programmer should +support to make the most useful elements of the \s-1ENGINE\s0 functionality +available to the user. The first thing to consider is whether the +programmer wishes to make alternative \s-1ENGINE\s0 modules available to the +application and user. OpenSSL maintains an internal linked list of +\&\*(L"visible\*(R" ENGINEs from which it has to operate \- at start-up, this list is +empty and in fact if an application does not call any \s-1ENGINE\s0 \s-1API\s0 calls and +it uses static linking against openssl, then the resulting application +binary will not contain any alternative \s-1ENGINE\s0 code at all. So the first +consideration is whether any/all available \s-1ENGINE\s0 implementations should be +made visible to OpenSSL \- this is controlled by calling the various \*(L"load\*(R" +functions. +.PP +The fact that ENGINEs are made visible to OpenSSL (and thus are linked into +the program and loaded into memory at run-time) does not mean they are +\&\*(L"registered\*(R" or called into use by OpenSSL automatically \- that behaviour +is something for the application to control. Some applications +will want to allow the user to specify exactly which \s-1ENGINE\s0 they want used +if any is to be used at all. Others may prefer to load all support and have +OpenSSL automatically use at run-time any \s-1ENGINE\s0 that is able to +successfully initialise \- ie. to assume that this corresponds to +acceleration hardware attached to the machine or some such thing. There are +probably numerous other ways in which applications may prefer to handle +things, so we will simply illustrate the consequences as they apply to a +couple of simple cases and leave developers to consider these and the +source code to openssl's built-in utilities as guides. +.PP +If no \s-1ENGINE\s0 \s-1API\s0 functions are called within an application, then OpenSSL +will not allocate any internal resources. Prior to OpenSSL 1.1.0, however, +if any ENGINEs are loaded, even if not registered or used, it was necessary to +call \fIENGINE_cleanup()\fR before the program exits. +.PP +\&\fIUsing a specific \s-1ENGINE\s0 implementation\fR +.PP +Here we'll assume an application has been configured by its user or admin +to want to use the \*(L"\s-1ACME\s0\*(R" \s-1ENGINE\s0 if it is available in the version of +OpenSSL the application was compiled with. If it is available, it should be +used by default for all \s-1RSA\s0, \s-1DSA\s0, and symmetric cipher operations, otherwise +OpenSSL should use its built-in software as per usual. The following code +illustrates how to approach this; +.PP +.Vb 10 +\& ENGINE *e; +\& const char *engine_id = "ACME"; +\& ENGINE_load_builtin_engines(); +\& e = ENGINE_by_id(engine_id); +\& if (!e) +\& /* the engine isn\*(Aqt available */ +\& return; +\& if (!ENGINE_init(e)) { +\& /* the engine couldn\*(Aqt initialise, release \*(Aqe\*(Aq */ +\& ENGINE_free(e); +\& return; +\& } +\& if (!ENGINE_set_default_RSA(e)) +\& /* +\& * This should only happen when \*(Aqe\*(Aq can\*(Aqt initialise, but the previous +\& * statement suggests it did. +\& */ +\& abort(); +\& ENGINE_set_default_DSA(e); +\& ENGINE_set_default_ciphers(e); +\& /* Release the functional reference from ENGINE_init() */ +\& ENGINE_finish(e); +\& /* Release the structural reference from ENGINE_by_id() */ +\& ENGINE_free(e); +.Ve +.PP +\&\fIAutomatically using built-in \s-1ENGINE\s0 implementations\fR +.PP +Here we'll assume we want to load and register all \s-1ENGINE\s0 implementations +bundled with OpenSSL, such that for any cryptographic algorithm required by +OpenSSL \- if there is an \s-1ENGINE\s0 that implements it and can be initialised, +it should be used. The following code illustrates how this can work; +.PP +.Vb 4 +\& /* Load all bundled ENGINEs into memory and make them visible */ +\& ENGINE_load_builtin_engines(); +\& /* Register all of them for every algorithm they collectively implement */ +\& ENGINE_register_all_complete(); +.Ve +.PP +That's all that's required. Eg. the next time OpenSSL tries to set up an +\&\s-1RSA\s0 key, any bundled ENGINEs that implement \s-1RSA_METHOD\s0 will be passed to +\&\fIENGINE_init()\fR and if any of those succeed, that \s-1ENGINE\s0 will be set as the +default for \s-1RSA\s0 use from then on. +.SS "Advanced configuration support" +.IX Subsection "Advanced configuration support" +There is a mechanism supported by the \s-1ENGINE\s0 framework that allows each +\&\s-1ENGINE\s0 implementation to define an arbitrary set of configuration +\&\*(L"commands\*(R" and expose them to OpenSSL and any applications based on +OpenSSL. This mechanism is entirely based on the use of name-value pairs +and assumes \s-1ASCII\s0 input (no unicode or \s-1UTF\s0 for now!), so it is ideal if +applications want to provide a transparent way for users to provide +arbitrary configuration \*(L"directives\*(R" directly to such ENGINEs. It is also +possible for the application to dynamically interrogate the loaded \s-1ENGINE\s0 +implementations for the names, descriptions, and input flags of their +available \*(L"control commands\*(R", providing a more flexible configuration +scheme. However, if the user is expected to know which \s-1ENGINE\s0 device he/she +is using (in the case of specialised hardware, this goes without saying) +then applications may not need to concern themselves with discovering the +supported control commands and simply prefer to pass settings into ENGINEs +exactly as they are provided by the user. +.PP +Before illustrating how control commands work, it is worth mentioning what +they are typically used for. Broadly speaking there are two uses for +control commands; the first is to provide the necessary details to the +implementation (which may know nothing at all specific to the host system) +so that it can be initialised for use. This could include the path to any +driver or config files it needs to load, required network addresses, +smart-card identifiers, passwords to initialise protected devices, +logging information, etc etc. This class of commands typically needs to be +passed to an \s-1ENGINE\s0 \fBbefore\fR attempting to initialise it, ie. before +calling \fIENGINE_init()\fR. The other class of commands consist of settings or +operations that tweak certain behaviour or cause certain operations to take +place, and these commands may work either before or after \fIENGINE_init()\fR, or +in some cases both. \s-1ENGINE\s0 implementations should provide indications of +this in the descriptions attached to built-in control commands and/or in +external product documentation. +.PP +\&\fIIssuing control commands to an \s-1ENGINE\s0\fR +.PP +Let's illustrate by example; a function for which the caller supplies the +name of the \s-1ENGINE\s0 it wishes to use, a table of string-pairs for use before +initialisation, and another table for use after initialisation. Note that +the string-pairs used for control commands consist of a command \*(L"name\*(R" +followed by the command \*(L"parameter\*(R" \- the parameter could be \s-1NULL\s0 in some +cases but the name can not. This function should initialise the \s-1ENGINE\s0 +(issuing the \*(L"pre\*(R" commands beforehand and the \*(L"post\*(R" commands afterwards) +and set it as the default for everything except \s-1RAND\s0 and then return a +boolean success or failure. +.PP +.Vb 10 +\& int generic_load_engine_fn(const char *engine_id, +\& const char **pre_cmds, int pre_num, +\& const char **post_cmds, int post_num) +\& { +\& ENGINE *e = ENGINE_by_id(engine_id); +\& if (!e) return 0; +\& while (pre_num\-\-) { +\& if (!ENGINE_ctrl_cmd_string(e, pre_cmds[0], pre_cmds[1], 0)) { +\& fprintf(stderr, "Failed command (%s \- %s:%s)\en", engine_id, +\& pre_cmds[0], pre_cmds[1] ? pre_cmds[1] : "(NULL)"); +\& ENGINE_free(e); +\& return 0; +\& } +\& pre_cmds += 2; +\& } +\& if (!ENGINE_init(e)) { +\& fprintf(stderr, "Failed initialisation\en"); +\& ENGINE_free(e); +\& return 0; +\& } +\& /* +\& * ENGINE_init() returned a functional reference, so free the structural +\& * reference from ENGINE_by_id(). +\& */ +\& ENGINE_free(e); +\& while (post_num\-\-) { +\& if (!ENGINE_ctrl_cmd_string(e, post_cmds[0], post_cmds[1], 0)) { +\& fprintf(stderr, "Failed command (%s \- %s:%s)\en", engine_id, +\& post_cmds[0], post_cmds[1] ? post_cmds[1] : "(NULL)"); +\& ENGINE_finish(e); +\& return 0; +\& } +\& post_cmds += 2; +\& } +\& ENGINE_set_default(e, ENGINE_METHOD_ALL & ~ENGINE_METHOD_RAND); +\& /* Success */ +\& return 1; +\& } +.Ve +.PP +Note that \fIENGINE_ctrl_cmd_string()\fR accepts a boolean argument that can +relax the semantics of the function \- if set nonzero it will only return +failure if the \s-1ENGINE\s0 supported the given command name but failed while +executing it, if the \s-1ENGINE\s0 doesn't support the command name it will simply +return success without doing anything. In this case we assume the user is +only supplying commands specific to the given \s-1ENGINE\s0 so we set this to +\&\s-1FALSE\s0. +.PP +\&\fIDiscovering supported control commands\fR +.PP +It is possible to discover at run-time the names, numerical-ids, descriptions +and input parameters of the control commands supported by an \s-1ENGINE\s0 using a +structural reference. Note that some control commands are defined by OpenSSL +itself and it will intercept and handle these control commands on behalf of the +\&\s-1ENGINE\s0, ie. the \s-1ENGINE\s0's \fIctrl()\fR handler is not used for the control command. +openssl/engine.h defines an index, \s-1ENGINE_CMD_BASE\s0, that all control commands +implemented by ENGINEs should be numbered from. Any command value lower than +this symbol is considered a \*(L"generic\*(R" command is handled directly by the +OpenSSL core routines. +.PP +It is using these \*(L"core\*(R" control commands that one can discover the control +commands implemented by a given \s-1ENGINE\s0, specifically the commands: +.PP +.Vb 9 +\& ENGINE_HAS_CTRL_FUNCTION +\& ENGINE_CTRL_GET_FIRST_CMD_TYPE +\& ENGINE_CTRL_GET_NEXT_CMD_TYPE +\& ENGINE_CTRL_GET_CMD_FROM_NAME +\& ENGINE_CTRL_GET_NAME_LEN_FROM_CMD +\& ENGINE_CTRL_GET_NAME_FROM_CMD +\& ENGINE_CTRL_GET_DESC_LEN_FROM_CMD +\& ENGINE_CTRL_GET_DESC_FROM_CMD +\& ENGINE_CTRL_GET_CMD_FLAGS +.Ve +.PP +Whilst these commands are automatically processed by the OpenSSL framework code, +they use various properties exposed by each \s-1ENGINE\s0 to process these +queries. An \s-1ENGINE\s0 has 3 properties it exposes that can affect how this behaves; +it can supply a \fIctrl()\fR handler, it can specify \s-1ENGINE_FLAGS_MANUAL_CMD_CTRL\s0 in +the \s-1ENGINE\s0's flags, and it can expose an array of control command descriptions. +If an \s-1ENGINE\s0 specifies the \s-1ENGINE_FLAGS_MANUAL_CMD_CTRL\s0 flag, then it will +simply pass all these \*(L"core\*(R" control commands directly to the \s-1ENGINE\s0's \fIctrl()\fR +handler (and thus, it must have supplied one), so it is up to the \s-1ENGINE\s0 to +reply to these \*(L"discovery\*(R" commands itself. If that flag is not set, then the +OpenSSL framework code will work with the following rules: +.PP +.Vb 9 +\& if no ctrl() handler supplied; +\& ENGINE_HAS_CTRL_FUNCTION returns FALSE (zero), +\& all other commands fail. +\& if a ctrl() handler was supplied but no array of control commands; +\& ENGINE_HAS_CTRL_FUNCTION returns TRUE, +\& all other commands fail. +\& if a ctrl() handler and array of control commands was supplied; +\& ENGINE_HAS_CTRL_FUNCTION returns TRUE, +\& all other commands proceed processing ... +.Ve +.PP +If the \s-1ENGINE\s0's array of control commands is empty then all other commands will +fail, otherwise; \s-1ENGINE_CTRL_GET_FIRST_CMD_TYPE\s0 returns the identifier of +the first command supported by the \s-1ENGINE\s0, \s-1ENGINE_GET_NEXT_CMD_TYPE\s0 takes the +identifier of a command supported by the \s-1ENGINE\s0 and returns the next command +identifier or fails if there are no more, \s-1ENGINE_CMD_FROM_NAME\s0 takes a string +name for a command and returns the corresponding identifier or fails if no such +command name exists, and the remaining commands take a command identifier and +return properties of the corresponding commands. All except +\&\s-1ENGINE_CTRL_GET_FLAGS\s0 return the string length of a command name or description, +or populate a supplied character buffer with a copy of the command name or +description. \s-1ENGINE_CTRL_GET_FLAGS\s0 returns a bitwise-OR'd mask of the following +possible values: +.PP +.Vb 4 +\& ENGINE_CMD_FLAG_NUMERIC +\& ENGINE_CMD_FLAG_STRING +\& ENGINE_CMD_FLAG_NO_INPUT +\& ENGINE_CMD_FLAG_INTERNAL +.Ve +.PP +If the \s-1ENGINE_CMD_FLAG_INTERNAL\s0 flag is set, then any other flags are purely +informational to the caller \- this flag will prevent the command being usable +for any higher-level \s-1ENGINE\s0 functions such as \fIENGINE_ctrl_cmd_string()\fR. +\&\*(L"\s-1INTERNAL\s0\*(R" commands are not intended to be exposed to text-based configuration +by applications, administrations, users, etc. These can support arbitrary +operations via \fIENGINE_ctrl()\fR, including passing to and/or from the control +commands data of any arbitrary type. These commands are supported in the +discovery mechanisms simply to allow applications to determine if an \s-1ENGINE\s0 +supports certain specific commands it might want to use (eg. application \*(L"foo\*(R" +might query various ENGINEs to see if they implement \*(L"\s-1FOO_GET_VENDOR_LOGO_GIF\s0\*(R" \- +and \s-1ENGINE\s0 could therefore decide whether or not to support this \*(L"foo\*(R"\-specific +extension). +.SH "ENVIRONMENT" +.IX Header "ENVIRONMENT" +.IP "\fB\s-1OPENSSL_ENGINES\s0\fR" 4 +.IX Item "OPENSSL_ENGINES" +The path to the engines directory. +Ignored in set-user-ID and set-group-ID programs. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIENGINE_get_first()\fR, \fIENGINE_get_last()\fR, \fIENGINE_get_next()\fR and \fIENGINE_get_prev()\fR +return a valid \fB\s-1ENGINE\s0\fR structure or \s-1NULL\s0 if an error occurred. +.PP +\&\fIENGINE_add()\fR and \fIENGINE_remove()\fR return 1 on success or 0 on error. +.PP +\&\fIENGINE_by_id()\fR returns a valid \fB\s-1ENGINE\s0\fR structure or \s-1NULL\s0 if an error occurred. +.PP +\&\fIENGINE_init()\fR and \fIENGINE_finish()\fR return 1 on success or 0 on error. +.PP +All \fIENGINE_get_default_TYPE()\fR functions, \fIENGINE_get_cipher_engine()\fR and +\&\fIENGINE_get_digest_engine()\fR return a valid \fB\s-1ENGINE\s0\fR structure on success or \s-1NULL\s0 +if an error occurred. +.PP +All \fIENGINE_set_default_TYPE()\fR functions return 1 on success or 0 on error. +.PP +\&\fIENGINE_set_default()\fR returns 1 on success or 0 on error. +.PP +\&\fIENGINE_get_table_flags()\fR returns an unsigned integer value representing the +global table flags which are used to control the registration behaviour of +\&\fB\s-1ENGINE\s0\fR implementations. +.PP +All \fIENGINE_register_TYPE()\fR functions return 1 on success or 0 on error. +.PP +\&\fIENGINE_register_complete()\fR and \fIENGINE_register_all_complete()\fR return 1 on success +or 0 on error. +.PP +\&\fIENGINE_ctrl()\fR returns a positive value on success or others on error. +.PP +\&\fIENGINE_cmd_is_executable()\fR returns 1 if \fBcmd\fR is executable or 0 otherwise. +.PP +\&\fIENGINE_ctrl_cmd()\fR and \fIENGINE_ctrl_cmd_string()\fR return 1 on success or 0 on error. +.PP +\&\fIENGINE_new()\fR returns a valid \fB\s-1ENGINE\s0\fR structure on success or \s-1NULL\s0 if an error +occurred. +.PP +\&\fIENGINE_free()\fR returns 1 on success or 0 on error. +.PP +\&\fIENGINE_up_ref()\fR returns 1 on success or 0 on error. +.PP +\&\fIENGINE_set_id()\fR and \fIENGINE_set_name()\fR return 1 on success or 0 on error. +.PP +All other \fBENGINE_set_*\fR functions return 1 on success or 0 on error. +.PP +\&\fIENGINE_get_id()\fR and \fIENGINE_get_name()\fR return a string representing the identifier +and the name of the \s-1ENGINE\s0 \fBe\fR respectively. +.PP +\&\fIENGINE_get_RSA()\fR, \fIENGINE_get_DSA()\fR, \fIENGINE_get_DH()\fR and \fIENGINE_get_RAND()\fR +return corresponding method structures for each algorithms. +.PP +\&\fIENGINE_get_destroy_function()\fR, \fIENGINE_get_init_function()\fR, +\&\fIENGINE_get_finish_function()\fR, \fIENGINE_get_ctrl_function()\fR, +\&\fIENGINE_get_load_privkey_function()\fR, \fIENGINE_get_load_pubkey_function()\fR, +\&\fIENGINE_get_ciphers()\fR and \fIENGINE_get_digests()\fR return corresponding function +pointers of the callbacks. +.PP +\&\fIENGINE_get_cipher()\fR returns a valid \fB\s-1EVP_CIPHER\s0\fR structure on success or \s-1NULL\s0 +if an error occurred. +.PP +\&\fIENGINE_get_digest()\fR returns a valid \fB\s-1EVP_MD\s0\fR structure on success or \s-1NULL\s0 if an +error occurred. +.PP +\&\fIENGINE_get_flags()\fR returns an integer representing the \s-1ENGINE\s0 flags which are +used to control various behaviours of an \s-1ENGINE\s0. +.PP +\&\fIENGINE_get_cmd_defns()\fR returns an \fB\s-1ENGINE_CMD_DEFN\s0\fR structure or \s-1NULL\s0 if it's +not set. +.PP +\&\fIENGINE_load_private_key()\fR and \fIENGINE_load_public_key()\fR return a valid \fB\s-1EVP_PKEY\s0\fR +structure on success or \s-1NULL\s0 if an error occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIOPENSSL_init_crypto\fR\|(3), \fIRSA_new_method\fR\|(3), \fIDSA_new\fR\|(3), \fIDH_new\fR\|(3), +\&\fIRAND_bytes\fR\|(3), \fIconfig\fR\|(5) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIENGINE_cleanup()\fR was deprecated in OpenSSL 1.1.0 by the automatic cleanup +done by \fIOPENSSL_cleanup()\fR +and should not be used. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/ERR_GET_LIB.3 b/linux_amd64/share/man/man3/ERR_GET_LIB.3 new file mode 100755 index 0000000..719ea1d --- /dev/null +++ b/linux_amd64/share/man/man3/ERR_GET_LIB.3 @@ -0,0 +1,189 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ERR_GET_LIB 3" +.TH ERR_GET_LIB 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ERR_GET_LIB, ERR_GET_FUNC, ERR_GET_REASON, ERR_FATAL_ERROR +\&\- get information from error codes +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int ERR_GET_LIB(unsigned long e); +\& +\& int ERR_GET_FUNC(unsigned long e); +\& +\& int ERR_GET_REASON(unsigned long e); +\& +\& int ERR_FATAL_ERROR(unsigned long e); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The error code returned by \fIERR_get_error()\fR consists of a library +number, function code and reason code. \s-1\fIERR_GET_LIB\s0()\fR, \s-1\fIERR_GET_FUNC\s0()\fR +and \s-1\fIERR_GET_REASON\s0()\fR can be used to extract these. +.PP +\&\s-1\fIERR_FATAL_ERROR\s0()\fR indicates whether a given error code is a fatal error. +.PP +The library number and function code describe where the error +occurred, the reason code is the information about what went wrong. +.PP +Each sub-library of OpenSSL has a unique library number; function and +reason codes are unique within each sub-library. Note that different +libraries may use the same value to signal different functions and +reasons. +.PP +\&\fB\s-1ERR_R_\s0...\fR reason codes such as \fB\s-1ERR_R_MALLOC_FAILURE\s0\fR are globally +unique. However, when checking for sub-library specific reason codes, +be sure to also compare the library number. +.PP +\&\s-1\fIERR_GET_LIB\s0()\fR, \s-1\fIERR_GET_FUNC\s0()\fR, \s-1\fIERR_GET_REASON\s0()\fR, and \s-1\fIERR_FATAL_ERROR\s0()\fR +are macros. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The library number, function code, reason code, and whether the error +is fatal, respectively. +Starting with OpenSSL 3.0.0, the function code is always set to zero. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1\fIERR_GET_LIB\s0()\fR, \s-1\fIERR_GET_FUNC\s0()\fR and \s-1\fIERR_GET_REASON\s0()\fR are available in +all versions of OpenSSL. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/ERR_clear_error.3 b/linux_amd64/share/man/man3/ERR_clear_error.3 new file mode 100755 index 0000000..124bab9 --- /dev/null +++ b/linux_amd64/share/man/man3/ERR_clear_error.3 @@ -0,0 +1,157 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ERR_CLEAR_ERROR 3" +.TH ERR_CLEAR_ERROR 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ERR_clear_error \- clear the error queue +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void ERR_clear_error(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIERR_clear_error()\fR empties the current thread's error queue. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIERR_clear_error()\fR has no return value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/ERR_error_string.3 b/linux_amd64/share/man/man3/ERR_error_string.3 new file mode 100755 index 0000000..7d0182e --- /dev/null +++ b/linux_amd64/share/man/man3/ERR_error_string.3 @@ -0,0 +1,207 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ERR_ERROR_STRING 3" +.TH ERR_ERROR_STRING 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ERR_error_string, ERR_error_string_n, ERR_lib_error_string, +ERR_func_error_string, ERR_reason_error_string \- obtain human\-readable +error message +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& char *ERR_error_string(unsigned long e, char *buf); +\& void ERR_error_string_n(unsigned long e, char *buf, size_t len); +\& +\& const char *ERR_lib_error_string(unsigned long e); +\& const char *ERR_reason_error_string(unsigned long e); +.Ve +.PP +Deprecated in OpenSSL 3.0: +.PP +.Vb 1 +\& const char *ERR_func_error_string(unsigned long e); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIERR_error_string()\fR generates a human-readable string representing the +error code \fIe\fR, and places it at \fIbuf\fR. \fIbuf\fR must be at least 256 +bytes long. If \fIbuf\fR is \fB\s-1NULL\s0\fR, the error string is placed in a +static buffer. +Note that this function is not thread-safe and does no checks on the size +of the buffer; use \fIERR_error_string_n()\fR instead. +.PP +\&\fIERR_error_string_n()\fR is a variant of \fIERR_error_string()\fR that writes +at most \fIlen\fR characters (including the terminating 0) +and truncates the string if necessary. +For \fIERR_error_string_n()\fR, \fIbuf\fR may not be \fB\s-1NULL\s0\fR. +.PP +The string will have the following format: +.PP +.Vb 1 +\& error:[error code]:[library name]::[reason string] +.Ve +.PP +\&\fIerror code\fR is an 8 digit hexadecimal number, \fIlibrary name\fR and +\&\fIreason string\fR are \s-1ASCII\s0 text. +.PP +\&\fIERR_lib_error_string()\fR and \fIERR_reason_error_string()\fR return the library +name and reason string respectively. +.PP +If there is no text string registered for the given error code, +the error string will contain the numeric code. +.PP +\&\fIERR_print_errors\fR\|(3) can be used to print +all error codes currently in the queue. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIERR_error_string()\fR returns a pointer to a static buffer containing the +string if \fIbuf\fR \fB== \s-1NULL\s0\fR, \fIbuf\fR otherwise. +.PP +\&\fIERR_lib_error_string()\fR and \fIERR_reason_error_string()\fR return the strings, +and \fB\s-1NULL\s0\fR if none is registered for the error code. +.PP +\&\fIERR_func_error_string()\fR returns \s-1NULL\s0. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), +\&\fIERR_print_errors\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIERR_func_error_string()\fR became deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/ERR_get_error.3 b/linux_amd64/share/man/man3/ERR_get_error.3 new file mode 100755 index 0000000..b0689c4 --- /dev/null +++ b/linux_amd64/share/man/man3/ERR_get_error.3 @@ -0,0 +1,259 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ERR_GET_ERROR 3" +.TH ERR_GET_ERROR 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ERR_get_error, ERR_peek_error, ERR_peek_last_error, +ERR_get_error_line, ERR_peek_error_line, ERR_peek_last_error_line, +ERR_get_error_func, ERR_peek_error_func, ERR_peek_last_error_func, +ERR_get_error_data, ERR_peek_error_data, ERR_peek_last_error_data, +ERR_get_error_all, ERR_peek_error_all, ERR_peek_last_error_all, +ERR_get_error_line_data, ERR_peek_error_line_data, ERR_peek_last_error_line_data +\&\- obtain error code and data +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& unsigned long ERR_get_error(void); +\& unsigned long ERR_peek_error(void); +\& unsigned long ERR_peek_last_error(void); +\& +\& unsigned long ERR_get_error_line(const char **file, int *line); +\& unsigned long ERR_peek_error_line(const char **file, int *line); +\& unsigned long ERR_peek_last_error_line(const char **file, int *line); +\& +\& unsigned long ERR_get_error_func(const char **func); +\& unsigned long ERR_peek_error_func(const char **func); +\& unsigned long ERR_peek_last_error_func(const char **func); +\& +\& unsigned long ERR_get_error_data(const char **data, int *flags); +\& unsigned long ERR_peek_error_data(const char **data, int *flags); +\& unsigned long ERR_peek_last_error_data(const char **data, int *flags); +\& +\& unsigned long ERR_get_error_all(const char **file, int *line, +\& const char *func, +\& const char **data, int *flags); +\& unsigned long ERR_peek_error_all(const char **file, int *line, +\& const char *func, +\& const char **data, int *flags); +\& unsigned long ERR_peek_last_error_all(const char **file, int *line, +\& const char *func, +\& const char **data, int *flags); +.Ve +.PP +Deprecated since OpenSSL 3.0: +.PP +.Vb 6 +\& unsigned long ERR_get_error_line_data(const char **file, int *line, +\& const char **data, int *flags); +\& unsigned long ERR_peek_error_line_data(const char **file, int *line, +\& const char **data, int *flags); +\& unsigned long ERR_peek_last_error_line_data(const char **file, int *line, +\& const char **data, int *flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIERR_get_error()\fR returns the earliest error code from the thread's error +queue and removes the entry. This function can be called repeatedly +until there are no more error codes to return. +.PP +\&\fIERR_peek_error()\fR returns the earliest error code from the thread's +error queue without modifying it. +.PP +\&\fIERR_peek_last_error()\fR returns the latest error code from the thread's +error queue without modifying it. +.PP +See \s-1\fIERR_GET_LIB\s0\fR\|(3) for obtaining further specific information +such as the reason of the error, +and \fIERR_error_string\fR\|(3) for human-readable error messages. +.PP +\&\fIERR_get_error_line()\fR, \fIERR_peek_error_line()\fR and +\&\fIERR_peek_last_error_line()\fR are the same as \fIERR_get_error()\fR, +\&\fIERR_peek_error()\fR and \fIERR_peek_last_error()\fR, but on success they +additionally store the filename and line number where +the error occurred in *\fBfile\fR and *\fBline\fR, as far as they are not \fB\s-1NULL\s0\fR. +An unset filename is indicated as \fB""\fR, i.e., an empty string. +An unset line number is indicated as \fB0\fR. +.PP +A pointer returned this way by these functions and the ones below +is valid until the respective entry is removed from the error queue. +.PP +\&\fIERR_get_error_func()\fR, \fIERR_peek_error_func()\fR and +\&\fIERR_peek_last_error_func()\fR are the same as \fIERR_get_error()\fR, +\&\fIERR_peek_error()\fR and \fIERR_peek_last_error()\fR, but on success they +additionally store the name of the function where the error occurred +in *\fBfunc\fR, unless it is \fB\s-1NULL\s0\fR. +An unset function name is indicated as \fB""\fR. +.PP +\&\fIERR_get_error_data()\fR, \fIERR_peek_error_data()\fR and +\&\fIERR_peek_last_error_data()\fR are the same as \fIERR_get_error()\fR, +\&\fIERR_peek_error()\fR and \fIERR_peek_last_error()\fR, but on success they +additionally store additional data and flags associated with the error +code in *\fBdata\fR and *\fBflags\fR, as far as they are not \fB\s-1NULL\s0\fR. +Unset data is indicated as \fB""\fR. +In this case the value given for the flag is irrelevant (and equals \fB0\fR). +*\fBdata\fR contains a string if *\fBflags\fR&\fB\s-1ERR_TXT_STRING\s0\fR is true. +.PP +\&\fIERR_get_error_all()\fR, \fIERR_peek_error_all()\fR and +\&\fIERR_peek_last_error_all()\fR are combinations of all of the above. +.PP +\&\fIERR_get_error_line_data()\fR, \fIERR_peek_error_line_data()\fR and +\&\fIERR_peek_last_error_line_data()\fR are older variants of \fIERR_get_error_all()\fR, +\&\fIERR_peek_error_all()\fR and \fIERR_peek_last_error_all()\fR, and should no longer +be used. +.PP +An application \fB\s-1MUST\s0 \s-1NOT\s0\fR free the *\fBdata\fR pointer (or any other pointers +returned by these functions) with \fIOPENSSL_free()\fR as freeing is handled +automatically by the error library. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The error code, or 0 if there is no error in the queue. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_error_string\fR\|(3), +\&\s-1\fIERR_GET_LIB\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIERR_get_error_func()\fR, \fIERR_peek_error_func()\fR, \fIERR_peek_last_error_func()\fR, +\&\fIERR_get_error_data()\fR, \fIERR_peek_error_data()\fR, \fIERR_peek_last_error_data()\fR, +\&\fIERR_get_error_all()\fR, \fIERR_peek_error_all()\fR and \fIERR_peek_last_error_all()\fR +were added in OpenSSL 3.0. +.PP +\&\fIERR_get_error_line_data()\fR, \fIERR_peek_error_line_data()\fR and +\&\fIERR_peek_last_error_line_data()\fR became deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/ERR_load_crypto_strings.3 b/linux_amd64/share/man/man3/ERR_load_crypto_strings.3 new file mode 100755 index 0000000..60d043a --- /dev/null +++ b/linux_amd64/share/man/man3/ERR_load_crypto_strings.3 @@ -0,0 +1,178 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ERR_LOAD_CRYPTO_STRINGS 3" +.TH ERR_LOAD_CRYPTO_STRINGS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ERR_load_crypto_strings, SSL_load_error_strings, ERR_free_strings \- +load and free error strings +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& #include +\& +\& void ERR_load_crypto_strings(void); +\& void ERR_free_strings(void); +\& +\& #include +\& +\& void SSL_load_error_strings(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIERR_load_crypto_strings()\fR registers the error strings for all +\&\fBlibcrypto\fR functions. \fISSL_load_error_strings()\fR does the same, +but also registers the \fBlibssl\fR error strings. +.PP +In versions prior to OpenSSL 1.1.0, +\&\fIERR_free_strings()\fR releases any resources created by the above functions. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIERR_load_crypto_strings()\fR, \fISSL_load_error_strings()\fR and +\&\fIERR_free_strings()\fR return no values. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_error_string\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fIERR_load_crypto_strings()\fR, \fISSL_load_error_strings()\fR, and +\&\fIERR_free_strings()\fR functions were deprecated in OpenSSL 1.1.0 by +\&\fIOPENSSL_init_crypto()\fR and \fIOPENSSL_init_ssl()\fR and should not be used. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/ERR_load_strings.3 b/linux_amd64/share/man/man3/ERR_load_strings.3 new file mode 100755 index 0000000..ab7a4ed --- /dev/null +++ b/linux_amd64/share/man/man3/ERR_load_strings.3 @@ -0,0 +1,183 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ERR_LOAD_STRINGS 3" +.TH ERR_LOAD_STRINGS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ERR_load_strings, ERR_PACK, ERR_get_next_error_library \- load +arbitrary error strings +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void ERR_load_strings(int lib, ERR_STRING_DATA str[]); +\& +\& int ERR_get_next_error_library(void); +\& +\& unsigned long ERR_PACK(int lib, int func, int reason); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIERR_load_strings()\fR registers error strings for library number \fBlib\fR. +.PP +\&\fBstr\fR is an array of error string data: +.PP +.Vb 5 +\& typedef struct ERR_string_data_st +\& { +\& unsigned long error; +\& char *string; +\& } ERR_STRING_DATA; +.Ve +.PP +The error code is generated from the library number and a function and +reason code: \fBerror\fR = \s-1ERR_PACK\s0(\fBlib\fR, \fBfunc\fR, \fBreason\fR). +\&\s-1\fIERR_PACK\s0()\fR is a macro. +.PP +The last entry in the array is {0,0}. +.PP +\&\fIERR_get_next_error_library()\fR can be used to assign library numbers +to user libraries at run time. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIERR_load_strings()\fR returns no value. \s-1\fIERR_PACK\s0()\fR return the error code. +\&\fIERR_get_next_error_library()\fR returns zero on failure, otherwise a new +library number. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_load_strings\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/ERR_new.3 b/linux_amd64/share/man/man3/ERR_new.3 new file mode 100755 index 0000000..0fe3a9c --- /dev/null +++ b/linux_amd64/share/man/man3/ERR_new.3 @@ -0,0 +1,200 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ERR_NEW 3" +.TH ERR_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ERR_new, ERR_set_debug, ERR_set_error, ERR_vset_error +\&\- Error recording building blocks +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void ERR_new(void); +\& void ERR_set_debug(const char *file, int line, const char *func); +\& void ERR_set_error(int lib, int reason, const char *fmt, ...); +\& void ERR_vset_error(int lib, int reason, const char *fmt, va_list args); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The functions described here are generally not used directly, but +rather through macros such as \fIERR_raise\fR\|(3). +They can still be useful for anyone that wants to make their own +macros. +.PP +\&\fIERR_new()\fR allocates a new slot in the thread's error queue. +.PP +\&\fIERR_set_debug()\fR sets the debug information related to the current +error in the thread's error queue. +The values that can be given are the filename \fIfile\fR, line in the +file \fIline\fR and the name of the function \fIfunc\fR where the error +occurred. +The names must be constant, this function will only save away the +pointers, not copy the strings. +.PP +\&\fIERR_set_error()\fR sets the error information, which are the library +number \fIlib\fR and the reason code \fIreason\fR, and additional data as a +format string \fIfmt\fR and an arbitrary number of arguments. +The additional data is processed with \fIBIO_snprintf\fR\|(3) to form the +additional data string, which is allocated and store in the error +record. +.PP +\&\fIERR_vset_error()\fR works like \fIERR_set_error()\fR, but takes a \fBva_list\fR +argument instead of a variable number of arguments. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +ERR_new, ERR_set_debug, ERR_set_error and ERR_vset_error +do not return any values. +.SH "NOTES" +.IX Header "NOTES" +The library number is unique to each unit that records errors. +OpenSSL has a number of pre-allocated ones for its own uses, but +others may allocate their own library number dynamically with +\&\fIERR_get_next_error_library\fR\|(3). +.PP +Reason codes are unique within each library, and may have an +associated set of strings as a short description of the reason. +For dynamically allocated library numbers, reason strings are recorded +with \fIERR_load_strings\fR\|(3). +.PP +Provider authors are supplied with core versions of these functions, +see \fIprovider\-base\fR\|(7). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_raise\fR\|(3), \fIERR_get_next_error_library\fR\|(3), +\&\fIERR_load_strings\fR\|(3), \fIBIO_snprintf\fR\|(3), \fIprovider\-base\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/ERR_print_errors.3 b/linux_amd64/share/man/man3/ERR_print_errors.3 new file mode 100755 index 0000000..044c07c --- /dev/null +++ b/linux_amd64/share/man/man3/ERR_print_errors.3 @@ -0,0 +1,183 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ERR_PRINT_ERRORS 3" +.TH ERR_PRINT_ERRORS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ERR_print_errors, ERR_print_errors_fp, ERR_print_errors_cb +\&\- print error messages +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void ERR_print_errors(BIO *bp); +\& void ERR_print_errors_fp(FILE *fp); +\& void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u), void *u) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIERR_print_errors()\fR is a convenience function that prints the error +strings for all errors that OpenSSL has recorded to \fBbp\fR, thus +emptying the error queue. +.PP +\&\fIERR_print_errors_fp()\fR is the same, except that the output goes to a +\&\fB\s-1FILE\s0\fR. +.PP +\&\fIERR_print_errors_cb()\fR is the same, except that the callback function, +\&\fBcb\fR, is called for each error line with the string, length, and userdata +\&\fBu\fR as the callback parameters. +.PP +The error strings will have the following format: +.PP +.Vb 1 +\& [pid]:error:[error code]:[library name]:[function name]:[reason string]:[filename]:[line]:[optional text message] +.Ve +.PP +\&\fIerror code\fR is an 8 digit hexadecimal number. \fIlibrary name\fR, +\&\fIfunction name\fR and \fIreason string\fR are \s-1ASCII\s0 text, as is \fIoptional +text message\fR if one was set for the respective error code. +.PP +If there is no text string registered for the given error code, +the error string will contain the numeric code. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIERR_print_errors()\fR and \fIERR_print_errors_fp()\fR return no values. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_error_string\fR\|(3), +\&\fIERR_get_error\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/ERR_put_error.3 b/linux_amd64/share/man/man3/ERR_put_error.3 new file mode 100755 index 0000000..a881b34 --- /dev/null +++ b/linux_amd64/share/man/man3/ERR_put_error.3 @@ -0,0 +1,243 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ERR_PUT_ERROR 3" +.TH ERR_PUT_ERROR 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ERR_raise, ERR_raise_data, +ERR_put_error, ERR_add_error_data, ERR_add_error_vdata, +ERR_add_error_txt, ERR_add_error_mem_bio +\&\- record an error +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void ERR_raise(int lib, int reason); +\& void ERR_raise_data(int lib, int reason, const char *fmt, ...); +\& +\& void ERR_add_error_data(int num, ...); +\& void ERR_add_error_vdata(int num, va_list arg); +\& void ERR_add_error_txt(const char *sep, const char *txt); +\& void ERR_add_error_mem_bio(const char *sep, BIO *bio); +.Ve +.PP +Deprecated since OpenSSL 3.0: +.PP +.Vb 1 +\& void ERR_put_error(int lib, int func, int reason, const char *file, int line); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIERR_raise()\fR adds a new error to the thread's error queue. The +error occurred in the library \fBlib\fR for the reason given by the +\&\fBreason\fR code. Furthermore, the name of the file, the line, and name +of the function where the error occurred is saved with the error +record. +.PP +\&\fIERR_raise_data()\fR does the same thing as \fIERR_raise()\fR, but also lets the +caller specify additional information as a format string \fBfmt\fR and an +arbitrary number of values, which are processed with \fIBIO_snprintf\fR\|(3). +.PP +\&\fIERR_put_error()\fR adds an error code to the thread's error queue. It +signals that the error of reason code \fBreason\fR occurred in function +\&\fBfunc\fR of library \fBlib\fR, in line number \fBline\fR of \fBfile\fR. +This function is usually called by a macro. +.PP +\&\fIERR_add_error_data()\fR associates the concatenation of its \fBnum\fR string +arguments as additional data with the error code added last. +\&\fIERR_add_error_vdata()\fR is similar except the argument is a \fBva_list\fR. +Multiple calls to these functions append to the current top of the error queue. +The total length of the string data per error is limited to 4096 characters. +.PP +\&\fIERR_add_error_txt()\fR appends the given text string as additional data to the +last error queue entry, after inserting the optional separator string if it is +not \s-1NULL\s0 and the top error entry does not yet have additional data. +In case the separator is at the end of the text it is not appended to the data. +The \fBsep\fR argument may be for instance \*(L"\en\*(R" to insert a line break when needed. +If the associated data would become more than 4096 characters long +(which is the limit given above) +it is split over sufficiently many new copies of the last error queue entry. +.PP +\&\fIERR_add_error_mem_bio()\fR is the same as \fIERR_add_error_txt()\fR except that +the text string is taken from the given memory \s-1BIO\s0. +It appends '\e0' to the \s-1BIO\s0 contents if not already NUL-terminated. +.PP +\&\fIERR_load_strings\fR\|(3) can be used to register +error strings so that the application can a generate human-readable +error messages for the error code. +.SS "Reporting errors" +.IX Subsection "Reporting errors" +Each sub-library has a specific macro \fIXXXerr()\fR that is used to report +errors. Its first argument is a function code \fB\s-1XXX_F_\s0...\fR, the second +argument is a reason code \fB\s-1XXX_R_\s0...\fR. Function codes are derived +from the function names; reason codes consist of textual error +descriptions. For example, the function \fIssl3_read_bytes()\fR reports a +\&\*(L"handshake failure\*(R" as follows: +.PP +.Vb 1 +\& SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); +.Ve +.PP +Function and reason codes should consist of uppercase characters, +numbers and underscores only. The error file generation script translates +function codes into function names by looking in the header files +for an appropriate function name, if none is found it just uses +the capitalized form such as \*(L"\s-1SSL3_READ_BYTES\s0\*(R" in the above example. +.PP +The trailing section of a reason code (after the \*(L"_R_\*(R") is translated +into lowercase and underscores changed to spaces. +.PP +Although a library will normally report errors using its own specific +XXXerr macro, another library's macro can be used. This is normally +only done when a library wants to include \s-1ASN1\s0 code which must use +the \fIASN1err()\fR macro. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIERR_raise()\fR, \fIERR_put_error()\fR, +\&\fIERR_add_error_data()\fR, \fIERR_add_error_vdata()\fR +\&\fIERR_add_error_txt()\fR, and \fIERR_add_error_mem_bio()\fR +return no values. +.SH "NOTES" +.IX Header "NOTES" +\&\fIERR_raise()\fR and \fIERR_put_error()\fR are implemented as macros. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_load_strings\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBERR_add_error_txt\fR and \fBERR_add_error_mem_bio\fR were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/ERR_remove_state.3 b/linux_amd64/share/man/man3/ERR_remove_state.3 new file mode 100755 index 0000000..fc78aa4 --- /dev/null +++ b/linux_amd64/share/man/man3/ERR_remove_state.3 @@ -0,0 +1,175 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ERR_REMOVE_STATE 3" +.TH ERR_REMOVE_STATE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ERR_remove_thread_state, ERR_remove_state \- DEPRECATED +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +Deprecated since OpenSSL 1.0.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& void ERR_remove_state(unsigned long tid); +.Ve +.PP +Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& void ERR_remove_thread_state(void *tid); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIERR_remove_state()\fR frees the error queue associated with the specified +thread, identified by \fBtid\fR. +\&\fIERR_remove_thread_state()\fR does the same thing, except the identifier is +an opaque pointer. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIERR_remove_state()\fR and \fIERR_remove_thread_state()\fR return no value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +L\fIOPENSSL_init_crypto\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIERR_remove_state()\fR was deprecated in OpenSSL 1.0.0 and +\&\fIERR_remove_thread_state()\fR was deprecated in OpenSSL 1.1.0; these functions +and should not be used. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/ERR_set_mark.3 b/linux_amd64/share/man/man3/ERR_set_mark.3 new file mode 100755 index 0000000..5951618 --- /dev/null +++ b/linux_amd64/share/man/man3/ERR_set_mark.3 @@ -0,0 +1,163 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ERR_SET_MARK 3" +.TH ERR_SET_MARK 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ERR_set_mark, ERR_pop_to_mark \- set marks and pop errors until mark +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int ERR_set_mark(void); +\& +\& int ERR_pop_to_mark(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIERR_set_mark()\fR sets a mark on the current topmost error record if there +is one. +.PP +\&\fIERR_pop_to_mark()\fR will pop the top of the error stack until a mark is found. +The mark is then removed. If there is no mark, the whole stack is removed. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIERR_set_mark()\fR returns 0 if the error stack is empty, otherwise 1. +.PP +\&\fIERR_pop_to_mark()\fR returns 0 if there was no mark in the error stack, which +implies that the stack became empty, otherwise 1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2003\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_ASYM_CIPHER_free.3 b/linux_amd64/share/man/man3/EVP_ASYM_CIPHER_free.3 new file mode 100755 index 0000000..71aa45e --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_ASYM_CIPHER_free.3 @@ -0,0 +1,210 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_ASYM_CIPHER_FREE 3" +.TH EVP_ASYM_CIPHER_FREE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_ASYM_CIPHER_fetch, EVP_ASYM_CIPHER_free, EVP_ASYM_CIPHER_up_ref, +EVP_ASYM_CIPHER_number, EVP_ASYM_CIPHER_is_a, EVP_ASYM_CIPHER_provider, +EVP_ASYM_CIPHER_do_all_provided, EVP_ASYM_CIPHER_names_do_all +\&\- Functions to manage EVP_ASYM_CIPHER algorithm objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EVP_ASYM_CIPHER *EVP_ASYM_CIPHER_fetch(OPENSSL_CTX *ctx, const char *algorithm, +\& const char *properties); +\& void EVP_ASYM_CIPHER_free(EVP_ASYM_CIPHER *cipher); +\& int EVP_ASYM_CIPHER_up_ref(EVP_ASYM_CIPHER *cipher); +\& int EVP_ASYM_CIPHER_number(const EVP_ASYM_CIPHER *cipher); +\& int EVP_ASYM_CIPHER_is_a(const EVP_ASYM_CIPHER *cipher, const char *name); +\& OSSL_PROVIDER *EVP_ASYM_CIPHER_provider(const EVP_ASYM_CIPHER *cipher); +\& void EVP_ASYM_CIPHER_do_all_provided(OPENSSL_CTX *libctx, +\& void (*fn)(EVP_ASYM_CIPHER *cipher, +\& void *arg), +\& void *arg); +\& void EVP_ASYM_CIPHER_names_do_all(const EVP_ASYM_CIPHER *cipher, +\& void (*fn)(const char *name, void *data), +\& void *data); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIEVP_ASYM_CIPHER_fetch()\fR fetches the implementation for the given +\&\fBalgorithm\fR from any provider offering it, within the criteria given +by the \fBproperties\fR and in the scope of the given library context \fBctx\fR (see +\&\s-1\fIOPENSSL_CTX\s0\fR\|(3)). The algorithm will be one offering functions for performing +asymmetric cipher related tasks such as asymmetric encryption and decryption. +See \*(L"Fetching algorithms\*(R" in \fIprovider\fR\|(7) for further information. +.PP +The returned value must eventually be freed with \fIEVP_ASYM_CIPHER_free()\fR. +.PP +\&\fIEVP_ASYM_CIPHER_free()\fR decrements the reference count for the \fB\s-1EVP_ASYM_CIPHER\s0\fR +structure. Typically this structure will have been obtained from an earlier call +to \fIEVP_ASYM_CIPHER_fetch()\fR. If the reference count drops to 0 then the +structure is freed. +.PP +\&\fIEVP_ASYM_CIPHER_up_ref()\fR increments the reference count for an +\&\fB\s-1EVP_ASYM_CIPHER\s0\fR structure. +.PP +\&\fIEVP_ASYM_CIPHER_is_a()\fR returns 1 if \fIcipher\fR is an implementation of an +algorithm that's identifiable with \fIname\fR, otherwise 0. +.PP +\&\fIEVP_ASYM_CIPHER_provider()\fR returns the provider that \fIcipher\fR was fetched from. +.PP +\&\fIEVP_ASYM_CIPHER_do_all_provided()\fR traverses all EVP_ASYM_CIPHERs implemented by +all activated providers in the given library context \fIlibctx\fR, and for each of +the implementations, calls the given function \fIfn\fR with the implementation +method and the given \fIarg\fR as argument. +.PP +\&\fIEVP_ASYM_CIPHER_number()\fR returns the internal dynamic number assigned to +\&\fIcipher\fR. +.PP +\&\fIEVP_ASYM_CIPHER_names_do_all()\fR traverses all names for \fIcipher\fR, and calls +\&\fIfn\fR with each name and \fIdata\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_ASYM_CIPHER_fetch()\fR returns a pointer to an \fB\s-1EVP_ASYM_CIPHER\s0\fR for success +or \fB\s-1NULL\s0\fR for failure. +.PP +\&\fIEVP_ASYM_CIPHER_up_ref()\fR returns 1 for success or 0 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\*(L"Fetching algorithms\*(R" in \fIprovider\fR\|(7), \s-1\fIOSSL_PROVIDER\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_BytesToKey.3 b/linux_amd64/share/man/man3/EVP_BytesToKey.3 new file mode 100755 index 0000000..b3856e9 --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_BytesToKey.3 @@ -0,0 +1,201 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_BYTESTOKEY 3" +.TH EVP_BYTESTOKEY 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_BytesToKey \- password based encryption routine +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, +\& const unsigned char *salt, +\& const unsigned char *data, int datal, int count, +\& unsigned char *key, unsigned char *iv); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIEVP_BytesToKey()\fR derives a key and \s-1IV\s0 from various parameters. \fBtype\fR is +the cipher to derive the key and \s-1IV\s0 for. \fBmd\fR is the message digest to use. +The \fBsalt\fR parameter is used as a salt in the derivation: it should point to +an 8 byte buffer or \s-1NULL\s0 if no salt is used. \fBdata\fR is a buffer containing +\&\fBdatal\fR bytes which is used to derive the keying data. \fBcount\fR is the +iteration count to use. The derived key and \s-1IV\s0 will be written to \fBkey\fR +and \fBiv\fR respectively. +.SH "NOTES" +.IX Header "NOTES" +A typical application of this function is to derive keying material for an +encryption algorithm from a password in the \fBdata\fR parameter. +.PP +Increasing the \fBcount\fR parameter slows down the algorithm which makes it +harder for an attacker to perform a brute force attack using a large number +of candidate passwords. +.PP +If the total key and \s-1IV\s0 length is less than the digest length and +\&\fB\s-1MD5\s0\fR is used then the derivation algorithm is compatible with PKCS#5 v1.5 +otherwise a non standard extension is used to derive the extra data. +.PP +Newer applications should use a more modern algorithm such as \s-1PBKDF2\s0 as +defined in PKCS#5v2.1 and provided by \s-1PKCS5_PBKDF2_HMAC\s0. +.SH "KEY DERIVATION ALGORITHM" +.IX Header "KEY DERIVATION ALGORITHM" +The key and \s-1IV\s0 is derived by concatenating D_1, D_2, etc until +enough data is available for the key and \s-1IV\s0. D_i is defined as: +.PP +.Vb 1 +\& D_i = HASH^count(D_(i\-1) || data || salt) +.Ve +.PP +where || denotes concatenation, D_0 is empty, \s-1HASH\s0 is the digest +algorithm in use, HASH^1(data) is simply \s-1HASH\s0(data), HASH^2(data) +is \s-1HASH\s0(\s-1HASH\s0(data)) and so on. +.PP +The initial bytes are used for the key and the subsequent bytes for +the \s-1IV\s0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +If \fBdata\fR is \s-1NULL\s0, then \fIEVP_BytesToKey()\fR returns the number of bytes +needed to store the derived key. +Otherwise, \fIEVP_BytesToKey()\fR returns the size of the derived key in bytes, +or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIevp\fR\|(7), \fIRAND_bytes\fR\|(3), +\&\s-1\fIPKCS5_PBKDF2_HMAC\s0\fR\|(3), +\&\fIEVP_EncryptInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 b/linux_amd64/share/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 new file mode 100755 index 0000000..f9a243c --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 @@ -0,0 +1,174 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_CIPHER_CTX_GET_CIPHER_DATA 3" +.TH EVP_CIPHER_CTX_GET_CIPHER_DATA 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_CIPHER_CTX_get_cipher_data, EVP_CIPHER_CTX_set_cipher_data \- Routines to +inspect and modify EVP_CIPHER_CTX objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void *EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx); +\& void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fIEVP_CIPHER_CTX_get_cipher_data()\fR function returns a pointer to the cipher +data relevant to \s-1EVP_CIPHER_CTX\s0. The contents of this data is specific to the +particular implementation of the cipher. For example this data can be used by +engines to store engine specific information. The data is automatically +allocated and freed by OpenSSL, so applications and engines should not normally +free this directly (but see below). +.PP +The \fIEVP_CIPHER_CTX_set_cipher_data()\fR function allows an application or engine to +replace the cipher data with new data. A pointer to any existing cipher data is +returned from this function. If the old data is no longer required then it +should be freed through a call to \fIOPENSSL_free()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The \fIEVP_CIPHER_CTX_get_cipher_data()\fR function returns a pointer to the current +cipher data for the \s-1EVP_CIPHER_CTX\s0. +.PP +The \fIEVP_CIPHER_CTX_set_cipher_data()\fR function returns a pointer to the old +cipher data for the \s-1EVP_CIPHER_CTX\s0. +.SH "HISTORY" +.IX Header "HISTORY" +The \fIEVP_CIPHER_CTX_get_cipher_data()\fR and \fIEVP_CIPHER_CTX_set_cipher_data()\fR +functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_CIPHER_meth_new.3 b/linux_amd64/share/man/man3/EVP_CIPHER_meth_new.3 new file mode 100755 index 0000000..b86add2 --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_CIPHER_meth_new.3 @@ -0,0 +1,345 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_CIPHER_METH_NEW 3" +.TH EVP_CIPHER_METH_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_CIPHER_meth_new, EVP_CIPHER_meth_dup, EVP_CIPHER_meth_free, +EVP_CIPHER_meth_set_iv_length, EVP_CIPHER_meth_set_flags, +EVP_CIPHER_meth_set_impl_ctx_size, EVP_CIPHER_meth_set_init, +EVP_CIPHER_meth_set_do_cipher, EVP_CIPHER_meth_set_cleanup, +EVP_CIPHER_meth_set_set_asn1_params, EVP_CIPHER_meth_set_get_asn1_params, +EVP_CIPHER_meth_set_ctrl, EVP_CIPHER_meth_get_init, +EVP_CIPHER_meth_get_do_cipher, EVP_CIPHER_meth_get_cleanup, +EVP_CIPHER_meth_get_set_asn1_params, EVP_CIPHER_meth_get_get_asn1_params, +EVP_CIPHER_meth_get_ctrl +\&\- Routines to build up EVP_CIPHER methods +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len); +\& EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher); +\& void EVP_CIPHER_meth_free(EVP_CIPHER *cipher); +\& +\& int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len); +\& int EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags); +\& int EVP_CIPHER_meth_set_impl_ctx_size(EVP_CIPHER *cipher, int ctx_size); +\& int EVP_CIPHER_meth_set_init(EVP_CIPHER *cipher, +\& int (*init)(EVP_CIPHER_CTX *ctx, +\& const unsigned char *key, +\& const unsigned char *iv, +\& int enc)); +\& int EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher, +\& int (*do_cipher)(EVP_CIPHER_CTX *ctx, +\& unsigned char *out, +\& const unsigned char *in, +\& size_t inl)); +\& int EVP_CIPHER_meth_set_cleanup(EVP_CIPHER *cipher, +\& int (*cleanup)(EVP_CIPHER_CTX *)); +\& int EVP_CIPHER_meth_set_set_asn1_params(EVP_CIPHER *cipher, +\& int (*set_asn1_parameters)(EVP_CIPHER_CTX *, +\& ASN1_TYPE *)); +\& int EVP_CIPHER_meth_set_get_asn1_params(EVP_CIPHER *cipher, +\& int (*get_asn1_parameters)(EVP_CIPHER_CTX *, +\& ASN1_TYPE *)); +\& int EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher, +\& int (*ctrl)(EVP_CIPHER_CTX *, int type, +\& int arg, void *ptr)); +\& +\& int (*EVP_CIPHER_meth_get_init(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx, +\& const unsigned char *key, +\& const unsigned char *iv, +\& int enc); +\& int (*EVP_CIPHER_meth_get_do_cipher(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx, +\& unsigned char *out, +\& const unsigned char *in, +\& size_t inl); +\& int (*EVP_CIPHER_meth_get_cleanup(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *); +\& int (*EVP_CIPHER_meth_get_set_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, +\& ASN1_TYPE *); +\& int (*EVP_CIPHER_meth_get_get_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, +\& ASN1_TYPE *); +\& int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, +\& int type, int arg, +\& void *ptr); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1EVP_CIPHER\s0\fR type is a structure for symmetric cipher method +implementation. +.PP +\&\fIEVP_CIPHER_meth_new()\fR creates a new \fB\s-1EVP_CIPHER\s0\fR structure. +.PP +\&\fIEVP_CIPHER_meth_dup()\fR creates a copy of \fBcipher\fR. +.PP +\&\fIEVP_CIPHER_meth_free()\fR destroys a \fB\s-1EVP_CIPHER\s0\fR structure. +.PP +\&\fIEVP_CIPHER_meth_set_iv_length()\fR sets the length of the \s-1IV\s0. +This is only needed when the implemented cipher mode requires it. +.PP +\&\fIEVP_CIPHER_meth_set_flags()\fR sets the flags to describe optional +behaviours in the particular \fBcipher\fR. +With the exception of cipher modes, of which only one may be present, +several flags can be or'd together. +The available flags are: +.IP "\s-1EVP_CIPH_STREAM_CIPHER\s0, \s-1EVP_CIPH_ECB_MODE\s0 \s-1EVP_CIPH_CBC_MODE\s0, \s-1EVP_CIPH_CFB_MODE\s0, \s-1EVP_CIPH_OFB_MODE\s0, \s-1EVP_CIPH_CTR_MODE\s0, \s-1EVP_CIPH_GCM_MODE\s0, \s-1EVP_CIPH_CCM_MODE\s0, \s-1EVP_CIPH_XTS_MODE\s0, \s-1EVP_CIPH_WRAP_MODE\s0, \s-1EVP_CIPH_OCB_MODE\s0, \s-1EVP_CIPH_SIV_MODE\s0" 4 +.IX Item "EVP_CIPH_STREAM_CIPHER, EVP_CIPH_ECB_MODE EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE, EVP_CIPH_OFB_MODE, EVP_CIPH_CTR_MODE, EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE, EVP_CIPH_XTS_MODE, EVP_CIPH_WRAP_MODE, EVP_CIPH_OCB_MODE, EVP_CIPH_SIV_MODE" +The cipher mode. +.IP "\s-1EVP_CIPH_VARIABLE_LENGTH\s0" 4 +.IX Item "EVP_CIPH_VARIABLE_LENGTH" +This cipher is of variable length. +.IP "\s-1EVP_CIPH_CUSTOM_IV\s0" 4 +.IX Item "EVP_CIPH_CUSTOM_IV" +Storing and initialising the \s-1IV\s0 is left entirely to the +implementation. +.IP "\s-1EVP_CIPH_ALWAYS_CALL_INIT\s0" 4 +.IX Item "EVP_CIPH_ALWAYS_CALL_INIT" +Set this if the implementation's \fIinit()\fR function should be called even +if \fBkey\fR is \fB\s-1NULL\s0\fR. +.IP "\s-1EVP_CIPH_CTRL_INIT\s0" 4 +.IX Item "EVP_CIPH_CTRL_INIT" +Set this to have the implementation's \fIctrl()\fR function called with +command code \fB\s-1EVP_CTRL_INIT\s0\fR early in its setup. +.IP "\s-1EVP_CIPH_CUSTOM_KEY_LENGTH\s0" 4 +.IX Item "EVP_CIPH_CUSTOM_KEY_LENGTH" +Checking and setting the key length after creating the \fB\s-1EVP_CIPHER\s0\fR +is left to the implementation. +Whenever someone uses \fIEVP_CIPHER_CTX_set_key_length()\fR on a +\&\fB\s-1EVP_CIPHER\s0\fR with this flag set, the implementation's \fIctrl()\fR function +will be called with the control code \fB\s-1EVP_CTRL_SET_KEY_LENGTH\s0\fR and +the key length in \fBarg\fR. +.IP "\s-1EVP_CIPH_NO_PADDING\s0" 4 +.IX Item "EVP_CIPH_NO_PADDING" +Don't use standard block padding. +.IP "\s-1EVP_CIPH_RAND_KEY\s0" 4 +.IX Item "EVP_CIPH_RAND_KEY" +Making a key with random content is left to the implementation. +This is done by calling the implementation's \fIctrl()\fR function with the +control code \fB\s-1EVP_CTRL_RAND_KEY\s0\fR and the pointer to the key memory +storage in \fBptr\fR. +.IP "\s-1EVP_CIPH_CUSTOM_COPY\s0" 4 +.IX Item "EVP_CIPH_CUSTOM_COPY" +Set this to have the implementation's \fIctrl()\fR function called with +command code \fB\s-1EVP_CTRL_COPY\s0\fR at the end of \fIEVP_CIPHER_CTX_copy()\fR. +The intended use is for further things to deal with after the +implementation specific data block has been copied. +The destination \fB\s-1EVP_CIPHER_CTX\s0\fR is passed to the control with the +\&\fBptr\fR parameter. +The implementation specific data block is reached with +\&\fIEVP_CIPHER_CTX_get_cipher_data()\fR. +.IP "\s-1EVP_CIPH_FLAG_DEFAULT_ASN1\s0" 4 +.IX Item "EVP_CIPH_FLAG_DEFAULT_ASN1" +Use the default \s-1EVP\s0 routines to pass \s-1IV\s0 to and from \s-1ASN\s0.1. +.IP "\s-1EVP_CIPH_FLAG_LENGTH_BITS\s0" 4 +.IX Item "EVP_CIPH_FLAG_LENGTH_BITS" +Signals that the length of the input buffer for encryption / +decryption is to be understood as the number of bits instead of +bytes for this implementation. +This is only useful for \s-1CFB1\s0 ciphers. +.IP "\s-1EVP_CIPH_FLAG_CUSTOM_CIPHER\s0" 4 +.IX Item "EVP_CIPH_FLAG_CUSTOM_CIPHER" +This indicates that the implementation takes care of everything, +including padding, buffering and finalization. +The \s-1EVP\s0 routines will simply give them control and do nothing more. +.IP "\s-1EVP_CIPH_FLAG_AEAD_CIPHER\s0" 4 +.IX Item "EVP_CIPH_FLAG_AEAD_CIPHER" +This indicates that this is an \s-1AEAD\s0 cipher implementation. +.IP "\s-1EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK\s0" 4 +.IX Item "EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK" +Allow interleaving of crypto blocks, a particular optimization only applicable +to certain \s-1TLS\s0 ciphers. +.PP +\&\fIEVP_CIPHER_meth_set_impl_ctx_size()\fR sets the size of the \s-1EVP_CIPHER\s0's +implementation context so that it can be automatically allocated. +.PP +\&\fIEVP_CIPHER_meth_set_init()\fR sets the cipher init function for +\&\fBcipher\fR. +The cipher init function is called by \fIEVP_CipherInit()\fR, +\&\fIEVP_CipherInit_ex()\fR, \fIEVP_EncryptInit()\fR, \fIEVP_EncryptInit_ex()\fR, +\&\fIEVP_DecryptInit()\fR, \fIEVP_DecryptInit_ex()\fR. +.PP +\&\fIEVP_CIPHER_meth_set_do_cipher()\fR sets the cipher function for +\&\fBcipher\fR. +The cipher function is called by \fIEVP_CipherUpdate()\fR, +\&\fIEVP_EncryptUpdate()\fR, \fIEVP_DecryptUpdate()\fR, \fIEVP_CipherFinal()\fR, +\&\fIEVP_EncryptFinal()\fR, \fIEVP_EncryptFinal_ex()\fR, \fIEVP_DecryptFinal()\fR and +\&\fIEVP_DecryptFinal_ex()\fR. +.PP +\&\fIEVP_CIPHER_meth_set_cleanup()\fR sets the function for \fBcipher\fR to do +extra cleanup before the method's private data structure is cleaned +out and freed. +Note that the cleanup function is passed a \fB\s-1EVP_CIPHER_CTX\s0 *\fR, the +private data structure is then available with +\&\fIEVP_CIPHER_CTX_get_cipher_data()\fR. +This cleanup function is called by \fIEVP_CIPHER_CTX_reset()\fR and +\&\fIEVP_CIPHER_CTX_free()\fR. +.PP +\&\fIEVP_CIPHER_meth_set_set_asn1_params()\fR sets the function for \fBcipher\fR +to set the AlgorithmIdentifier \*(L"parameter\*(R" based on the passed cipher. +This function is called by \fIEVP_CIPHER_param_to_asn1()\fR. +\&\fIEVP_CIPHER_meth_set_get_asn1_params()\fR sets the function for \fBcipher\fR +that sets the cipher parameters based on an \s-1ASN\s0.1 AlgorithmIdentifier +\&\*(L"parameter\*(R". +Both these functions are needed when there is a need for custom data +(more or other than the cipher \s-1IV\s0). +They are called by \fIEVP_CIPHER_param_to_asn1()\fR and +\&\fIEVP_CIPHER_asn1_to_param()\fR respectively if defined. +.PP +\&\fIEVP_CIPHER_meth_set_ctrl()\fR sets the control function for \fBcipher\fR. +.PP +\&\fIEVP_CIPHER_meth_get_init()\fR, \fIEVP_CIPHER_meth_get_do_cipher()\fR, +\&\fIEVP_CIPHER_meth_get_cleanup()\fR, \fIEVP_CIPHER_meth_get_set_asn1_params()\fR, +\&\fIEVP_CIPHER_meth_get_get_asn1_params()\fR and \fIEVP_CIPHER_meth_get_ctrl()\fR +are all used to retrieve the method data given with the +EVP_CIPHER_meth_set_*() functions above. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_CIPHER_meth_new()\fR and \fIEVP_CIPHER_meth_dup()\fR return a pointer to a +newly created \fB\s-1EVP_CIPHER\s0\fR, or \s-1NULL\s0 on failure. +All EVP_CIPHER_meth_set_*() functions return 1. +All EVP_CIPHER_meth_get_*() functions return pointers to their +respective \fBcipher\fR function. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_EncryptInit\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 1.1.0. +The \fB\s-1EVP_CIPHER\s0\fR structure created with these functions became reference +counted in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_DigestInit.3 b/linux_amd64/share/man/man3/EVP_DigestInit.3 new file mode 100755 index 0000000..e58fcdb --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_DigestInit.3 @@ -0,0 +1,657 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_DIGESTINIT 3" +.TH EVP_DIGESTINIT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_MD_fetch, EVP_MD_up_ref, EVP_MD_free, +EVP_MD_get_params, EVP_MD_gettable_params, +EVP_MD_CTX_new, EVP_MD_CTX_reset, EVP_MD_CTX_free, EVP_MD_CTX_copy, +EVP_MD_CTX_copy_ex, EVP_MD_CTX_ctrl, +EVP_MD_CTX_set_params, EVP_MD_CTX_get_params, +EVP_MD_settable_ctx_params, EVP_MD_gettable_ctx_params, +EVP_MD_CTX_settable_params, EVP_MD_CTX_gettable_params, +EVP_MD_CTX_set_flags, EVP_MD_CTX_clear_flags, EVP_MD_CTX_test_flags, +EVP_Digest, EVP_DigestInit_ex, EVP_DigestInit, EVP_DigestUpdate, +EVP_DigestFinal_ex, EVP_DigestFinalXOF, EVP_DigestFinal, +EVP_MD_is_a, EVP_MD_name, EVP_MD_number, EVP_MD_names_do_all, EVP_MD_provider, +EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, EVP_MD_block_size, EVP_MD_flags, +EVP_MD_CTX_name, +EVP_MD_CTX_md, EVP_MD_CTX_type, EVP_MD_CTX_size, EVP_MD_CTX_block_size, +EVP_MD_CTX_md_data, EVP_MD_CTX_update_fn, EVP_MD_CTX_set_update_fn, +EVP_md_null, +EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj, +EVP_MD_CTX_pkey_ctx, EVP_MD_CTX_set_pkey_ctx, +EVP_MD_do_all_provided +\&\- EVP digest routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EVP_MD *EVP_MD_fetch(OPENSSL_CTX *ctx, const char *algorithm, +\& const char *properties); +\& int EVP_MD_up_ref(EVP_MD *md); +\& void EVP_MD_free(EVP_MD *md); +\& int EVP_MD_get_params(const EVP_MD *digest, OSSL_PARAM params[]); +\& const OSSL_PARAM *EVP_MD_gettable_params(const EVP_MD *digest); +\& EVP_MD_CTX *EVP_MD_CTX_new(void); +\& int EVP_MD_CTX_reset(EVP_MD_CTX *ctx); +\& void EVP_MD_CTX_free(EVP_MD_CTX *ctx); +\& void EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void* p2); +\& int EVP_MD_CTX_get_params(EVP_MD_CTX *ctx, OSSL_PARAM params[]); +\& int EVP_MD_CTX_set_params(EVP_MD_CTX *ctx, const OSSL_PARAM params[]); +\& const OSSL_PARAM *EVP_MD_settable_ctx_params(const EVP_MD *md); +\& const OSSL_PARAM *EVP_MD_gettable_ctx_params(const EVP_MD *md); +\& const OSSL_PARAM *EVP_MD_CTX_settable_params(EVP_MD_CTX *ctx); +\& const OSSL_PARAM *EVP_MD_CTX_gettable_params(EVP_MD_CTX *ctx); +\& void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags); +\& void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags); +\& int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags); +\& +\& int EVP_Digest(const void *data, size_t count, unsigned char *md, +\& unsigned int *size, const EVP_MD *type, ENGINE *impl); +\& int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); +\& int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt); +\& int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s); +\& int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, size_t len); +\& +\& int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in); +\& +\& int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); +\& int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s); +\& +\& int EVP_MD_CTX_copy(EVP_MD_CTX *out, EVP_MD_CTX *in); +\& +\& const char *EVP_MD_name(const EVP_MD *md); +\& int EVP_MD_number(const EVP_MD *md); +\& int EVP_MD_is_a(const EVP_MD *md, const char *name); +\& void EVP_MD_names_do_all(const EVP_MD *md, +\& void (*fn)(const char *name, void *data), +\& void *data); +\& const OSSL_PROVIDER *EVP_MD_provider(const EVP_MD *md); +\& int EVP_MD_type(const EVP_MD *md); +\& int EVP_MD_pkey_type(const EVP_MD *md); +\& int EVP_MD_size(const EVP_MD *md); +\& int EVP_MD_block_size(const EVP_MD *md); +\& unsigned long EVP_MD_flags(const EVP_MD *md); +\& +\& const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx); +\& const char *EVP_MD_CTX_name(const EVP_MD_CTX *ctx); +\& int EVP_MD_CTX_size(const EVP_MD_CTX *ctx); +\& int EVP_MD_CTX_block_size(const EVP_MD_CTX *ctx); +\& int EVP_MD_CTX_type(const EVP_MD_CTX *ctx); +\& void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx); +\& int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx, +\& const void *data, size_t count); +\& void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx, +\& int (*update)(EVP_MD_CTX *ctx, +\& const void *data, size_t count)); +\& +\& const EVP_MD *EVP_md_null(void); +\& +\& const EVP_MD *EVP_get_digestbyname(const char *name); +\& const EVP_MD *EVP_get_digestbynid(int type); +\& const EVP_MD *EVP_get_digestbyobj(const ASN1_OBJECT *o); +\& +\& EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx); +\& void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx); +\& +\& void EVP_MD_do_all_provided(OPENSSL_CTX *libctx, +\& void (*fn)(EVP_MD *mac, void *arg), +\& void *arg); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP\s0 digest routines are a high level interface to message digests, +and should be used instead of the digest-specific functions. +.PP +The \fB\s-1EVP_MD\s0\fR type is a structure for digest method implementation. +.IP "\fIEVP_MD_fetch()\fR" 4 +.IX Item "EVP_MD_fetch()" +Fetches the digest implementation for the given \fBalgorithm\fR from any +provider offering it, within the criteria given by the \fBproperties\fR. +See \*(L"Fetching algorithms\*(R" in \fIprovider\fR\|(7) for further information. +.Sp +The returned value must eventually be freed with \fIEVP_MD_free()\fR. +.Sp +Fetched \fB\s-1EVP_MD\s0\fR structures are reference counted. +.IP "\fIEVP_MD_up_ref()\fR" 4 +.IX Item "EVP_MD_up_ref()" +Increments the reference count for an \fB\s-1EVP_MD\s0\fR structure. +.IP "\fIEVP_MD_free()\fR" 4 +.IX Item "EVP_MD_free()" +Decrements the reference count for the fetched \fB\s-1EVP_MD\s0\fR structure. +If the reference count drops to 0 then the structure is freed. +.IP "\fIEVP_MD_CTX_new()\fR" 4 +.IX Item "EVP_MD_CTX_new()" +Allocates and returns a digest context. +.IP "\fIEVP_MD_CTX_reset()\fR" 4 +.IX Item "EVP_MD_CTX_reset()" +Resets the digest context \fBctx\fR. This can be used to reuse an already +existing context. +.IP "\fIEVP_MD_CTX_free()\fR" 4 +.IX Item "EVP_MD_CTX_free()" +Cleans up digest context \fBctx\fR and frees up the space allocated to it. +.IP "\fIEVP_MD_CTX_ctrl()\fR" 4 +.IX Item "EVP_MD_CTX_ctrl()" +This is a legacy method. \fIEVP_MD_CTX_set_params()\fR and \fIEVP_MD_CTX_get_params()\fR +is the mechanism that should be used to set and get parameters that are used by +providers. +Performs digest-specific control actions on context \fBctx\fR. The control command +is indicated in \fBcmd\fR and any additional arguments in \fBp1\fR and \fBp2\fR. +\&\fIEVP_MD_CTX_ctrl()\fR must be called after \fIEVP_DigestInit_ex()\fR. Other restrictions +may apply depending on the control type and digest implementation. +See \*(L"\s-1CONTROLS\s0\*(R" below for more information. +.IP "\fIEVP_MD_get_params()\fR" 4 +.IX Item "EVP_MD_get_params()" +Retrieves the requested list of \fBparams\fR from a \s-1MD\s0 \fBmd\fR. +See \*(L"\s-1PARAMETERS\s0\*(R" below for more information. +.IP "\fIEVP_MD_CTX_get_params()\fR" 4 +.IX Item "EVP_MD_CTX_get_params()" +Retrieves the requested list of \fBparams\fR from a \s-1MD\s0 context \fBctx\fR. +See \*(L"\s-1PARAMETERS\s0\*(R" below for more information. +.IP "\fIEVP_MD_CTX_set_params()\fR" 4 +.IX Item "EVP_MD_CTX_set_params()" +Sets the list of \fBparams\fR into a \s-1MD\s0 context \fBctx\fR. +See \*(L"\s-1PARAMETERS\s0\*(R" below for more information. +.IP "\fIEVP_MD_gettable_params()\fR, \fIEVP_MD_gettable_ctx_params()\fR, \fIEVP_MD_settable_ctx_params()\fR, \fIEVP_MD_CTX_gettable_params()\fR, \fIEVP_MD_CTX_settable_params()\fR" 4 +.IX Item "EVP_MD_gettable_params(), EVP_MD_gettable_ctx_params(), EVP_MD_settable_ctx_params(), EVP_MD_CTX_gettable_params(), EVP_MD_CTX_settable_params()" +Get a \fB\s-1OSSL_PARAM\s0\fR array that describes the retrievable and settable +parameters. \fIEVP_MD_gettable_params()\fR returns parameters that can be used with +\&\fIEVP_MD_get_params()\fR. \fIEVP_MD_gettable_ctx_params()\fR and +\&\fIEVP_MD_CTX_gettable_params()\fR return parameters that can be used with +\&\fIEVP_MD_CTX_get_params()\fR. \fIEVP_MD_settable_ctx_params()\fR and +\&\fIEVP_MD_CTX_settable_params()\fR return parameters that can be used with +\&\fIEVP_MD_CTX_set_params()\fR. +See \s-1\fIOSSL_PARAM\s0\fR\|(3) for the use of \fB\s-1OSSL_PARAM\s0\fR as parameter descriptor. +.IP "\fIEVP_MD_CTX_set_flags()\fR, \fIEVP_MD_CTX_clear_flags()\fR, \fIEVP_MD_CTX_test_flags()\fR" 4 +.IX Item "EVP_MD_CTX_set_flags(), EVP_MD_CTX_clear_flags(), EVP_MD_CTX_test_flags()" +Sets, clears and tests \fBctx\fR flags. See \*(L"\s-1FLAGS\s0\*(R" below for more information. +.IP "\fIEVP_Digest()\fR" 4 +.IX Item "EVP_Digest()" +A wrapper around the Digest Init_ex, Update and Final_ex functions. +Hashes \fBcount\fR bytes of data at \fBdata\fR using a digest \fBtype\fR from \s-1ENGINE\s0 +\&\fBimpl\fR. The digest value is placed in \fBmd\fR and its length is written at \fBsize\fR +if the pointer is not \s-1NULL\s0. At most \fB\s-1EVP_MAX_MD_SIZE\s0\fR bytes will be written. +If \fBimpl\fR is \s-1NULL\s0 the default implementation of digest \fBtype\fR is used. +.IP "\fIEVP_DigestInit_ex()\fR" 4 +.IX Item "EVP_DigestInit_ex()" +Sets up digest context \fBctx\fR to use a digest \fBtype\fR. +\&\fBtype\fR is typically supplied by a function such as \fIEVP_sha1()\fR, or a +value explicitly fetched with \fIEVP_MD_fetch()\fR. +.Sp +If \fBimpl\fR is non-NULL, its implementation of the digest \fBtype\fR is used if +there is one, and if not, the default implementation is used. +.IP "\fIEVP_DigestUpdate()\fR" 4 +.IX Item "EVP_DigestUpdate()" +Hashes \fBcnt\fR bytes of data at \fBd\fR into the digest context \fBctx\fR. This +function can be called several times on the same \fBctx\fR to hash additional +data. +.IP "\fIEVP_DigestFinal_ex()\fR" 4 +.IX Item "EVP_DigestFinal_ex()" +Retrieves the digest value from \fBctx\fR and places it in \fBmd\fR. If the \fBs\fR +parameter is not \s-1NULL\s0 then the number of bytes of data written (i.e. the +length of the digest) will be written to the integer at \fBs\fR, at most +\&\fB\s-1EVP_MAX_MD_SIZE\s0\fR bytes will be written. After calling \fIEVP_DigestFinal_ex()\fR +no additional calls to \fIEVP_DigestUpdate()\fR can be made, but +\&\fIEVP_DigestInit_ex()\fR can be called to initialize a new digest operation. +.IP "\fIEVP_DigestFinalXOF()\fR" 4 +.IX Item "EVP_DigestFinalXOF()" +Interfaces to extendable-output functions, XOFs, such as \s-1SHAKE128\s0 and \s-1SHAKE256\s0. +It retrieves the digest value from \fBctx\fR and places it in \fBlen\fR\-sized md. +After calling this function no additional calls to \fIEVP_DigestUpdate()\fR can be +made, but \fIEVP_DigestInit_ex()\fR can be called to initialize a new operation. +.IP "\fIEVP_MD_CTX_copy_ex()\fR" 4 +.IX Item "EVP_MD_CTX_copy_ex()" +Can be used to copy the message digest state from \fBin\fR to \fBout\fR. This is +useful if large amounts of data are to be hashed which only differ in the last +few bytes. +.IP "\fIEVP_DigestInit()\fR" 4 +.IX Item "EVP_DigestInit()" +Behaves in the same way as \fIEVP_DigestInit_ex()\fR except it always uses the +default digest implementation and calls \fIEVP_MD_CTX_reset()\fR. +.IP "\fIEVP_DigestFinal()\fR" 4 +.IX Item "EVP_DigestFinal()" +Similar to \fIEVP_DigestFinal_ex()\fR except the digest context \fBctx\fR is +automatically cleaned up. +.IP "\fIEVP_MD_CTX_copy()\fR" 4 +.IX Item "EVP_MD_CTX_copy()" +Similar to \fIEVP_MD_CTX_copy_ex()\fR except the destination \fBout\fR does not have to +be initialized. +.IP "\fIEVP_MD_is_a()\fR" 4 +.IX Item "EVP_MD_is_a()" +Returns 1 if \fImd\fR is an implementation of an algorithm that's +identifiable with \fIname\fR, otherwise 0. +.Sp +If \fImd\fR is a legacy digest (it's the return value from the likes of +\&\fIEVP_sha256()\fR rather than the result of an \fIEVP_MD_fetch()\fR), only cipher +names registered with the default library context (see +\&\s-1\fIOPENSSL_CTX\s0\fR\|(3)) will be considered. +.IP "\fIEVP_MD_number()\fR" 4 +.IX Item "EVP_MD_number()" +Returns the internal dynamic number assigned to the \fImd\fR. This is +only useful with fetched \fB\s-1EVP_MD\s0\fRs. +.IP "\fIEVP_MD_name()\fR, \fIEVP_MD_CTX_name()\fR" 4 +.IX Item "EVP_MD_name(), EVP_MD_CTX_name()" +Return the name of the given message digest. For fetched message +digests with multiple names, only one of them is returned; it's +recommended to use \fIEVP_MD_names_do_all()\fR instead. +.IP "\fIEVP_MD_names_do_all()\fR" 4 +.IX Item "EVP_MD_names_do_all()" +Traverses all names for the \fImd\fR, and calls \fIfn\fR with each name and +\&\fIdata\fR. This is only useful with fetched \fB\s-1EVP_MD\s0\fRs. +.IP "\fIEVP_MD_provider()\fR" 4 +.IX Item "EVP_MD_provider()" +Returns an \fB\s-1OSSL_PROVIDER\s0\fR pointer to the provider that implements the given +\&\fB\s-1EVP_MD\s0\fR. +.IP "\fIEVP_MD_size()\fR, \fIEVP_MD_CTX_size()\fR" 4 +.IX Item "EVP_MD_size(), EVP_MD_CTX_size()" +Return the size of the message digest when passed an \fB\s-1EVP_MD\s0\fR or an +\&\fB\s-1EVP_MD_CTX\s0\fR structure, i.e. the size of the hash. +.IP "\fIEVP_MD_block_size()\fR, \fIEVP_MD_CTX_block_size()\fR" 4 +.IX Item "EVP_MD_block_size(), EVP_MD_CTX_block_size()" +Return the block size of the message digest when passed an \fB\s-1EVP_MD\s0\fR or an +\&\fB\s-1EVP_MD_CTX\s0\fR structure. +.IP "\fIEVP_MD_type()\fR, \fIEVP_MD_CTX_type()\fR" 4 +.IX Item "EVP_MD_type(), EVP_MD_CTX_type()" +Return the \s-1NID\s0 of the \s-1OBJECT\s0 \s-1IDENTIFIER\s0 representing the given message digest +when passed an \fB\s-1EVP_MD\s0\fR structure. For example, \f(CW\*(C`EVP_MD_type(EVP_sha1())\*(C'\fR +returns \fBNID_sha1\fR. This function is normally used when setting \s-1ASN1\s0 OIDs. +.IP "\fIEVP_MD_CTX_md_data()\fR" 4 +.IX Item "EVP_MD_CTX_md_data()" +Return the digest method private data for the passed \fB\s-1EVP_MD_CTX\s0\fR. +The space is allocated by OpenSSL and has the size originally set with +\&\fIEVP_MD_meth_set_app_datasize()\fR. +.IP "\fIEVP_MD_CTX_md()\fR" 4 +.IX Item "EVP_MD_CTX_md()" +Returns the \fB\s-1EVP_MD\s0\fR structure corresponding to the passed \fB\s-1EVP_MD_CTX\s0\fR. This +will be the same \fB\s-1EVP_MD\s0\fR object originally passed to \fIEVP_DigestInit_ex()\fR (or +other similar function) when the \s-1EVP_MD_CTX\s0 was first initialised. Note that +where explicit fetch is in use (see \fIEVP_MD_fetch\fR\|(3)) the value returned from +this function will not have its reference count incremented and therefore it +should not be used after the \s-1EVP_MD_CTX\s0 is freed. +.IP "\fIEVP_MD_CTX_set_update_fn()\fR" 4 +.IX Item "EVP_MD_CTX_set_update_fn()" +Sets the update function for \fBctx\fR to \fBupdate\fR. +This is the function that is called by EVP_DigestUpdate. If not set, the +update function from the \fB\s-1EVP_MD\s0\fR type specified at initialization is used. +.IP "\fIEVP_MD_CTX_update_fn()\fR" 4 +.IX Item "EVP_MD_CTX_update_fn()" +Returns the update function for \fBctx\fR. +.IP "\fIEVP_MD_flags()\fR" 4 +.IX Item "EVP_MD_flags()" +Returns the \fBmd\fR flags. Note that these are different from the \fB\s-1EVP_MD_CTX\s0\fR +ones. See \fIEVP_MD_meth_set_flags\fR\|(3) for more information. +.IP "\fIEVP_MD_pkey_type()\fR" 4 +.IX Item "EVP_MD_pkey_type()" +Returns the \s-1NID\s0 of the public key signing algorithm associated with this +digest. For example \fIEVP_sha1()\fR is associated with \s-1RSA\s0 so this will return +\&\fBNID_sha1WithRSAEncryption\fR. Since digests and signature algorithms are no +longer linked this function is only retained for compatibility reasons. +.IP "\fIEVP_md_null()\fR" 4 +.IX Item "EVP_md_null()" +A \*(L"null\*(R" message digest that does nothing: i.e. the hash it returns is of zero +length. +.IP "\fIEVP_get_digestbyname()\fR, \fIEVP_get_digestbynid()\fR, \fIEVP_get_digestbyobj()\fR" 4 +.IX Item "EVP_get_digestbyname(), EVP_get_digestbynid(), EVP_get_digestbyobj()" +Returns an \fB\s-1EVP_MD\s0\fR structure when passed a digest name, a digest \fB\s-1NID\s0\fR or an +\&\fB\s-1ASN1_OBJECT\s0\fR structure respectively. +.IP "\fIEVP_MD_CTX_pkey_ctx()\fR" 4 +.IX Item "EVP_MD_CTX_pkey_ctx()" +Returns the \fB\s-1EVP_PKEY_CTX\s0\fR assigned to \fBctx\fR. The returned pointer should not +be freed by the caller. +.IP "\fIEVP_MD_CTX_set_pkey_ctx()\fR" 4 +.IX Item "EVP_MD_CTX_set_pkey_ctx()" +Assigns an \fB\s-1EVP_PKEY_CTX\s0\fR to \fB\s-1EVP_MD_CTX\s0\fR. This is usually used to provide +a customized \fB\s-1EVP_PKEY_CTX\s0\fR to \fIEVP_DigestSignInit\fR\|(3) or +\&\fIEVP_DigestVerifyInit\fR\|(3). The \fBpctx\fR passed to this function should be freed +by the caller. A \s-1NULL\s0 \fBpctx\fR pointer is also allowed to clear the \fB\s-1EVP_PKEY_CTX\s0\fR +assigned to \fBctx\fR. In such case, freeing the cleared \fB\s-1EVP_PKEY_CTX\s0\fR or not +depends on how the \fB\s-1EVP_PKEY_CTX\s0\fR is created. +.IP "\fIEVP_MD_do_all_provided()\fR" 4 +.IX Item "EVP_MD_do_all_provided()" +Traverses all messages digests implemented by all activated providers +in the given library context \fIlibctx\fR, and for each of the implementations, +calls the given function \fIfn\fR with the implementation method and the given +\&\fIarg\fR as argument. +.SH "PARAMETERS" +.IX Header "PARAMETERS" +See \s-1\fIOSSL_PARAM\s0\fR\|(3) for information about passing parameters. +.PP +\&\fIEVP_MD_CTX_set_params()\fR can be used with the following \s-1OSSL_PARAM\s0 keys: +.ie n .IP """xoflen"" (\fB\s-1OSSL_PARAM_DIGEST_KEY_XOFLEN\s0\fR) " 4 +.el .IP "``xoflen'' (\fB\s-1OSSL_PARAM_DIGEST_KEY_XOFLEN\s0\fR) " 4 +.IX Item "xoflen (OSSL_PARAM_DIGEST_KEY_XOFLEN) " +Sets the digest length for extendable output functions. +It is used by the \s-1SHAKE\s0 algorithm and should not exceed what can be given +using a \fBsize_t\fR. +.ie n .IP """pad_type"" (\fB\s-1OSSL_PARAM_DIGEST_KEY_PAD_TYPE\s0\fR) " 4 +.el .IP "``pad_type'' (\fB\s-1OSSL_PARAM_DIGEST_KEY_PAD_TYPE\s0\fR) " 4 +.IX Item "pad_type (OSSL_PARAM_DIGEST_KEY_PAD_TYPE) " +Sets the pad type. +It is used by the \s-1MDC2\s0 algorithm. +.PP +\&\fIEVP_MD_CTX_get_params()\fR can be used with the following \s-1OSSL_PARAM\s0 keys: +.ie n .IP """micalg"" (\fB\s-1OSSL_PARAM_DIGEST_KEY_MICALG\s0\fR) <\s-1UTF8\s0 string>." 4 +.el .IP "``micalg'' (\fB\s-1OSSL_PARAM_DIGEST_KEY_MICALG\s0\fR) <\s-1UTF8\s0 string>." 4 +.IX Item "micalg (OSSL_PARAM_DIGEST_KEY_MICALG) ." +Gets the digest Message Integrity Check algorithm string. This is used when +creating S/MIME multipart/signed messages, as specified in \s-1RFC\s0 3851. +It may be used by external engines or providers. +.SH "CONTROLS" +.IX Header "CONTROLS" +\&\fIEVP_MD_CTX_ctrl()\fR can be used to send the following standard controls: +.IP "\s-1EVP_MD_CTRL_MICALG\s0" 4 +.IX Item "EVP_MD_CTRL_MICALG" +Gets the digest Message Integrity Check algorithm string. This is used when +creating S/MIME multipart/signed messages, as specified in \s-1RFC\s0 3851. +The string value is written to \fBp2\fR. +.IP "\s-1EVP_MD_CTRL_XOF_LEN\s0" 4 +.IX Item "EVP_MD_CTRL_XOF_LEN" +This control sets the digest length for extendable output functions to \fBp1\fR. +Sending this control directly should not be necessary, the use of +\&\f(CW\*(C`EVP_DigestFinalXOF()\*(C'\fR is preferred. +Currently used by \s-1SHAKE\s0. +.SH "FLAGS" +.IX Header "FLAGS" +\&\fIEVP_MD_CTX_set_flags()\fR, \fIEVP_MD_CTX_clear_flags()\fR and \fIEVP_MD_CTX_test_flags()\fR +can be used the manipulate and test these \fB\s-1EVP_MD_CTX\s0\fR flags: +.IP "\s-1EVP_MD_CTX_FLAG_ONESHOT\s0" 4 +.IX Item "EVP_MD_CTX_FLAG_ONESHOT" +This flag instructs the digest to optimize for one update only, if possible. +.IP "\s-1EVP_MD_CTX_FLAG_NO_INIT\s0" 4 +.IX Item "EVP_MD_CTX_FLAG_NO_INIT" +This flag instructs \fIEVP_DigestInit()\fR and similar not to initialise the +implementation specific data. +.IP "\s-1EVP_MD_CTX_FLAG_FINALISE\s0" 4 +.IX Item "EVP_MD_CTX_FLAG_FINALISE" +Some functions such as EVP_DigestSign only finalise copies of internal +contexts so additional data can be included after the finalisation call. +This is inefficient if this functionality is not required, and can be +disabled with this flag. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +.IP "\fIEVP_MD_fetch()\fR" 4 +.IX Item "EVP_MD_fetch()" +Returns a pointer to a \fB\s-1EVP_MD\s0\fR for success or \s-1NULL\s0 for failure. +.IP "\fIEVP_MD_up_ref()\fR" 4 +.IX Item "EVP_MD_up_ref()" +Returns 1 for success or 0 for failure. +.IP "\fIEVP_DigestInit_ex()\fR, \fIEVP_DigestUpdate()\fR, \fIEVP_DigestFinal_ex()\fR" 4 +.IX Item "EVP_DigestInit_ex(), EVP_DigestUpdate(), EVP_DigestFinal_ex()" +Returns 1 for +success and 0 for failure. +.IP "\fIEVP_MD_CTX_ctrl()\fR" 4 +.IX Item "EVP_MD_CTX_ctrl()" +Returns 1 if successful or 0 for failure. +.IP "\fIEVP_MD_CTX_set_params()\fR, \fIEVP_MD_CTX_get_params()\fR" 4 +.IX Item "EVP_MD_CTX_set_params(), EVP_MD_CTX_get_params()" +Returns 1 if successful or 0 for failure. +.IP "\fIEVP_MD_CTX_settable_params()\fR, \fIEVP_MD_CTX_gettable_params()\fR" 4 +.IX Item "EVP_MD_CTX_settable_params(), EVP_MD_CTX_gettable_params()" +Return an array of constant \fB\s-1OSSL_PARAM\s0\fRs, or \s-1NULL\s0 if there is none +to get. +.IP "\fIEVP_MD_CTX_copy_ex()\fR" 4 +.IX Item "EVP_MD_CTX_copy_ex()" +Returns 1 if successful or 0 for failure. +.IP "\fIEVP_MD_type()\fR, \fIEVP_MD_pkey_type()\fR" 4 +.IX Item "EVP_MD_type(), EVP_MD_pkey_type()" +Returns the \s-1NID\s0 of the corresponding \s-1OBJECT\s0 \s-1IDENTIFIER\s0 or NID_undef if none +exists. +.IP "\fIEVP_MD_size()\fR, \fIEVP_MD_block_size()\fR, \fIEVP_MD_CTX_size()\fR, \fIEVP_MD_CTX_block_size()\fR" 4 +.IX Item "EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size(), EVP_MD_CTX_block_size()" +Returns the digest or block size in bytes. +.IP "\fIEVP_md_null()\fR" 4 +.IX Item "EVP_md_null()" +Returns a pointer to the \fB\s-1EVP_MD\s0\fR structure of the \*(L"null\*(R" message digest. +.IP "\fIEVP_get_digestbyname()\fR, \fIEVP_get_digestbynid()\fR, \fIEVP_get_digestbyobj()\fR" 4 +.IX Item "EVP_get_digestbyname(), EVP_get_digestbynid(), EVP_get_digestbyobj()" +Returns either an \fB\s-1EVP_MD\s0\fR structure or \s-1NULL\s0 if an error occurs. +.IP "\fIEVP_MD_CTX_set_pkey_ctx()\fR" 4 +.IX Item "EVP_MD_CTX_set_pkey_ctx()" +This function has no return value. +.SH "NOTES" +.IX Header "NOTES" +The \fB\s-1EVP\s0\fR interface to message digests should almost always be used in +preference to the low level interfaces. This is because the code then becomes +transparent to the digest used and much more flexible. +.PP +New applications should use the \s-1SHA\-2\s0 (such as \fIEVP_sha256\fR\|(3)) or the \s-1SHA\-3\s0 +digest algorithms (such as \fIEVP_sha3_512\fR\|(3)). The other digest algorithms +are still in common use. +.PP +For most applications the \fBimpl\fR parameter to \fIEVP_DigestInit_ex()\fR will be +set to \s-1NULL\s0 to use the default digest implementation. +.PP +The functions \fIEVP_DigestInit()\fR, \fIEVP_DigestFinal()\fR and \fIEVP_MD_CTX_copy()\fR are +obsolete but are retained to maintain compatibility with existing code. New +applications should use \fIEVP_DigestInit_ex()\fR, \fIEVP_DigestFinal_ex()\fR and +\&\fIEVP_MD_CTX_copy_ex()\fR because they can efficiently reuse a digest context +instead of initializing and cleaning it up on each call and allow non default +implementations of digests to be specified. +.PP +If digest contexts are not cleaned up after use, +memory leaks will occur. +.PP +\&\fIEVP_MD_CTX_name()\fR, \fIEVP_MD_CTX_size()\fR, \fIEVP_MD_CTX_block_size()\fR, +\&\fIEVP_MD_CTX_type()\fR, \fIEVP_get_digestbynid()\fR and \fIEVP_get_digestbyobj()\fR are defined +as macros. +.PP +\&\fIEVP_MD_CTX_ctrl()\fR sends commands to message digests for additional configuration +or control. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This example digests the data \*(L"Test Message\en\*(R" and \*(L"Hello World\en\*(R", using the +digest name passed on the command line. +.PP +.Vb 3 +\& #include +\& #include +\& #include +\& +\& int main(int argc, char *argv[]) +\& { +\& EVP_MD_CTX *mdctx; +\& const EVP_MD *md; +\& char mess1[] = "Test Message\en"; +\& char mess2[] = "Hello World\en"; +\& unsigned char md_value[EVP_MAX_MD_SIZE]; +\& unsigned int md_len, i; +\& +\& if (argv[1] == NULL) { +\& printf("Usage: mdtest digestname\en"); +\& exit(1); +\& } +\& +\& md = EVP_get_digestbyname(argv[1]); +\& if (md == NULL) { +\& printf("Unknown message digest %s\en", argv[1]); +\& exit(1); +\& } +\& +\& mdctx = EVP_MD_CTX_new(); +\& EVP_DigestInit_ex(mdctx, md, NULL); +\& EVP_DigestUpdate(mdctx, mess1, strlen(mess1)); +\& EVP_DigestUpdate(mdctx, mess2, strlen(mess2)); +\& EVP_DigestFinal_ex(mdctx, md_value, &md_len); +\& EVP_MD_CTX_free(mdctx); +\& +\& printf("Digest is: "); +\& for (i = 0; i < md_len; i++) +\& printf("%02x", md_value[i]); +\& printf("\en"); +\& +\& exit(0); +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_MD_meth_new\fR\|(3), +\&\fIopenssl\-dgst\fR\|(1), +\&\fIevp\fR\|(7), +\&\s-1\fIOSSL_PROVIDER\s0\fR\|(3), +\&\s-1\fIOSSL_PARAM\s0\fR\|(3) +.PP +The full list of digest algorithms are provided below. +.PP +\&\fIEVP_blake2b512\fR\|(3), +\&\fIEVP_md2\fR\|(3), +\&\fIEVP_md4\fR\|(3), +\&\fIEVP_md5\fR\|(3), +\&\fIEVP_mdc2\fR\|(3), +\&\fIEVP_ripemd160\fR\|(3), +\&\fIEVP_sha1\fR\|(3), +\&\fIEVP_sha224\fR\|(3), +\&\fIEVP_sha3_224\fR\|(3), +\&\fIEVP_sm3\fR\|(3), +\&\fIEVP_whirlpool\fR\|(3) +\&\*(L"Fetching algorithms\*(R" in \fIprovider\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \fIEVP_MD_CTX_create()\fR and \fIEVP_MD_CTX_destroy()\fR functions were renamed to +\&\fIEVP_MD_CTX_new()\fR and \fIEVP_MD_CTX_free()\fR in OpenSSL 1.1.0, respectively. +.PP +The link between digests and signing algorithms was fixed in OpenSSL 1.0 and +later, so now \fIEVP_sha1()\fR can be used with \s-1RSA\s0 and \s-1DSA\s0. +.PP +The \fIEVP_dss1()\fR function was removed in OpenSSL 1.1.0. +.PP +The \fIEVP_MD_CTX_set_pkey_ctx()\fR function was added in 1.1.1. +.PP +The \fIEVP_MD_fetch()\fR, \fIEVP_MD_free()\fR, \fIEVP_MD_up_ref()\fR, \fIEVP_MD_CTX_set_params()\fR +and \fIEVP_MD_CTX_get_params()\fR functions were added in 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_DigestSignInit.3 b/linux_amd64/share/man/man3/EVP_DigestSignInit.3 new file mode 100755 index 0000000..9b31a1e --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_DigestSignInit.3 @@ -0,0 +1,305 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_DIGESTSIGNINIT 3" +.TH EVP_DIGESTSIGNINIT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_DigestSignInit_ex, EVP_DigestSignInit, EVP_DigestSignUpdate, +EVP_DigestSignFinal, EVP_DigestSign \- EVP signing functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, +\& const char *mdname, const char *props, +\& EVP_PKEY *pkey); +\& int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, +\& const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); +\& int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt); +\& int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen); +\& +\& int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, +\& size_t *siglen, const unsigned char *tbs, +\& size_t tbslen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP\s0 signature routines are a high level interface to digital signatures. +Input data is digested first before the signing takes place. +.PP +\&\fIEVP_DigestSignInit_ex()\fR sets up signing context \fIctx\fR to use a digest with the +name \fImdname\fR and private key \fIpkey\fR. The name of the digest to be used is +passed to the provider of the signature algorithm in use. How that provider +interprets the digest name is provider specific. The provider may implement +that digest directly itself or it may (optionally) choose to fetch it (which +could result in a digest from a different provider being selected). If the +provider supports fetching the digest then it may use the \fIprops\fR argument for +the properties to be used during the fetch. +.PP +The \fIpkey\fR algorithm is used to fetch a \fB\s-1EVP_SIGNATURE\s0\fR method implicitly, to +be used for the actual signing. See \*(L"Implicit fetch\*(R" in \fIprovider\fR\|(7) for +more information about implict fetches. +.PP +The OpenSSL default and legacy providers support fetching digests and can fetch +those digests from any available provider. The OpenSSL fips provider also +supports fetching digests but will only fetch digests that are themselves +implemented inside the fips provider. +.PP +\&\fIctx\fR must be created with \fIEVP_MD_CTX_new()\fR before calling this function. If +\&\fIpctx\fR is not \s-1NULL\s0, the \s-1EVP_PKEY_CTX\s0 of the signing operation will be written +to \fI*pctx\fR: this can be used to set alternative signing options. Note that any +existing value in \fI*pctx\fR is overwritten. The \s-1EVP_PKEY_CTX\s0 value returned must +not be freed directly by the application if \fIctx\fR is not assigned an +\&\s-1EVP_PKEY_CTX\s0 value before being passed to \fIEVP_DigestSignInit_ex()\fR (which means +the \s-1EVP_PKEY_CTX\s0 is created inside \fIEVP_DigestSignInit_ex()\fR and it will be freed +automatically when the \s-1EVP_MD_CTX\s0 is freed). +.PP +The digest \fImdname\fR may be \s-1NULL\s0 if the signing algorithm supports it. The +\&\fIprops\fR argument can always be \s-1NULL\s0. +.PP +No \fB\s-1EVP_PKEY_CTX\s0\fR will be created by \fIEVP_DigestSignInit_ex()\fR if the passed +\&\fIctx\fR has already been assigned one via \fIEVP_MD_CTX_set_pkey_ctx\fR\|(3). See also +\&\s-1\fISM2\s0\fR\|(7). +.PP +Only \s-1EVP_PKEY\s0 types that support signing can be used with these functions. This +includes \s-1MAC\s0 algorithms where the \s-1MAC\s0 generation is considered as a form of +\&\*(L"signing\*(R". Built-in \s-1EVP_PKEY\s0 types supported by these functions are \s-1CMAC\s0, +Poly1305, \s-1DSA\s0, \s-1ECDSA\s0, \s-1HMAC\s0, \s-1RSA\s0, SipHash, Ed25519 and Ed448. +.PP +Not all digests can be used for all key types. The following combinations apply. +.IP "\s-1DSA\s0" 4 +.IX Item "DSA" +Supports \s-1SHA1\s0, \s-1SHA224\s0, \s-1SHA256\s0, \s-1SHA384\s0 and \s-1SHA512\s0 +.IP "\s-1ECDSA\s0" 4 +.IX Item "ECDSA" +Supports \s-1SHA1\s0, \s-1SHA224\s0, \s-1SHA256\s0, \s-1SHA384\s0, \s-1SHA512\s0 and \s-1SM3\s0 +.IP "\s-1RSA\s0 with no padding" 4 +.IX Item "RSA with no padding" +Supports no digests (the digest \fItype\fR must be \s-1NULL\s0) +.IP "\s-1RSA\s0 with X931 padding" 4 +.IX Item "RSA with X931 padding" +Supports \s-1SHA1\s0, \s-1SHA256\s0, \s-1SHA384\s0 and \s-1SHA512\s0 +.IP "All other \s-1RSA\s0 padding types" 4 +.IX Item "All other RSA padding types" +Support \s-1SHA1\s0, \s-1SHA224\s0, \s-1SHA256\s0, \s-1SHA384\s0, \s-1SHA512\s0, \s-1MD5\s0, \s-1MD5_SHA1\s0, \s-1MD2\s0, \s-1MD4\s0, \s-1MDC2\s0, +\&\s-1SHA3\-224\s0, \s-1SHA3\-256\s0, \s-1SHA3\-384\s0, \s-1SHA3\-512\s0 +.IP "Ed25519 and Ed448" 4 +.IX Item "Ed25519 and Ed448" +Support no digests (the digest \fItype\fR must be \s-1NULL\s0) +.IP "\s-1HMAC\s0" 4 +.IX Item "HMAC" +Supports any digest +.IP "\s-1CMAC\s0, Poly1305 and SipHash" 4 +.IX Item "CMAC, Poly1305 and SipHash" +Will ignore any digest provided. +.PP +If RSA-PSS is used and restrictions apply then the digest must match. +.PP +\&\fIEVP_DigestSignInit()\fR works in the same way as \fIEVP_DigestSignInit_ex()\fR except +that the \fImdname\fR parameter will be inferred from the supplied digest \fItype\fR, +and \fIprops\fR will be \s-1NULL\s0. Where supplied the \s-1ENGINE\s0 \fIe\fR will be used for the +signing and digest algorithm implementations. \fIe\fR may be \s-1NULL\s0. +.PP +\&\fIEVP_DigestSignUpdate()\fR hashes \fIcnt\fR bytes of data at \fId\fR into the +signature context \fIctx\fR. This function can be called several times on the +same \fIctx\fR to include additional data. +.PP +\&\fIEVP_DigestSignFinal()\fR signs the data in \fIctx\fR and places the signature in \fIsig\fR. +If \fIsig\fR is \s-1NULL\s0 then the maximum size of the output buffer is written to +the \fIsiglen\fR parameter. If \fIsig\fR is not \s-1NULL\s0 then before the call the +\&\fIsiglen\fR parameter should contain the length of the \fIsig\fR buffer. If the +call is successful the signature is written to \fIsig\fR and the amount of data +written to \fIsiglen\fR. +.PP +\&\fIEVP_DigestSign()\fR signs \fItbslen\fR bytes of data at \fItbs\fR and places the +signature in \fIsig\fR and its length in \fIsiglen\fR in a similar way to +\&\fIEVP_DigestSignFinal()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_DigestSignInit()\fR, \fIEVP_DigestSignUpdate()\fR, \fIEVP_DigestSignFinal()\fR and +\&\fIEVP_DigestSign()\fR return 1 for success and 0 for failure. +.PP +The error codes can be obtained from \fIERR_get_error\fR\|(3). +.SH "NOTES" +.IX Header "NOTES" +The \fB\s-1EVP\s0\fR interface to digital signatures should almost always be used in +preference to the low level interfaces. This is because the code then becomes +transparent to the algorithm used and much more flexible. +.PP +\&\fIEVP_DigestSign()\fR is a one shot operation which signs a single block of data +in one function. For algorithms that support streaming it is equivalent to +calling \fIEVP_DigestSignUpdate()\fR and \fIEVP_DigestSignFinal()\fR. For algorithms which +do not support streaming (e.g. PureEdDSA) it is the only way to sign data. +.PP +In previous versions of OpenSSL there was a link between message digest types +and public key algorithms. This meant that \*(L"clone\*(R" digests such as \fIEVP_dss1()\fR +needed to be used to sign using \s-1SHA1\s0 and \s-1DSA\s0. This is no longer necessary and +the use of clone digest is now discouraged. +.PP +For some key types and parameters the random number generator must be seeded. +If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to +external circumstances (see \s-1\fIRAND\s0\fR\|(7)), the operation will fail. +.PP +The call to \fIEVP_DigestSignFinal()\fR internally finalizes a copy of the digest +context. This means that calls to \fIEVP_DigestSignUpdate()\fR and +\&\fIEVP_DigestSignFinal()\fR can be called later to digest and sign additional data. +.PP +Since only a copy of the digest context is ever finalized, the context must +be cleaned up after use by calling \fIEVP_MD_CTX_free()\fR or a memory leak +will occur. +.PP +The use of \fIEVP_PKEY_size()\fR with these functions is discouraged because some +signature operations may have a signature length which depends on the +parameters set. As a result \fIEVP_PKEY_size()\fR would have to return a value +which indicates the maximum possible signature for any set of parameters. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_DigestVerifyInit\fR\|(3), +\&\fIEVP_DigestInit\fR\|(3), +\&\fIevp\fR\|(7), \s-1\fIHMAC\s0\fR\|(3), \s-1\fIMD2\s0\fR\|(3), +\&\s-1\fIMD5\s0\fR\|(3), \s-1\fIMDC2\s0\fR\|(3), \s-1\fIRIPEMD160\s0\fR\|(3), +\&\s-1\fISHA1\s0\fR\|(3), \fIopenssl\-dgst\fR\|(1), +\&\s-1\fIRAND\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIEVP_DigestSignInit()\fR, \fIEVP_DigestSignUpdate()\fR and \fIEVP_DigestSignFinal()\fR +were added in OpenSSL 1.0.0. +.PP +\&\fIEVP_DigestSignInit_ex()\fR was added in OpenSSL 3.0. +.PP +\&\fIEVP_DigestSignUpdate()\fR was converted from a macro to a function in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_DigestVerifyInit.3 b/linux_amd64/share/man/man3/EVP_DigestVerifyInit.3 new file mode 100755 index 0000000..3dc8e5d --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_DigestVerifyInit.3 @@ -0,0 +1,297 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_DIGESTVERIFYINIT 3" +.TH EVP_DIGESTVERIFYINIT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_DigestVerifyInit_ex, EVP_DigestVerifyInit, EVP_DigestVerifyUpdate, +EVP_DigestVerifyFinal, EVP_DigestVerify \- EVP signature verification functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, +\& const char *mdname, const char *props, +\& EVP_PKEY *pkey, EVP_SIGNATURE *signature); +\& int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, +\& const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); +\& int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt); +\& int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, +\& size_t siglen); +\& int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, +\& size_t siglen, const unsigned char *tbs, size_t tbslen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP\s0 signature routines are a high level interface to digital signatures. +Input data is digested first before the signature verification takes place. +.PP +\&\fIEVP_DigestVerifyInit_ex()\fR sets up verification context \fBctx\fR to use a digest +with the name \fBmdname\fR and public key \fBpkey\fR. The signature algorithm +\&\fBsignature\fR will be used for the actual signature verification which must be +compatible with the public key. The name of the digest to be used is passed to +the provider of the signature algorithm in use. How that provider interprets the +digest name is provider specific. The provider may implement that digest +directly itself or it may (optionally) choose to fetch it (which could result in +a digest from a different provider being selected). If the provider supports +fetching the digest then it may use the \fBprops\fR argument for the properties to +be used during the fetch. +.PP +The \fBsignature\fR parameter may be \s-1NULL\s0 in which case a suitable signature +algorithm implementation will be implicitly fetched based on the type of key in +use. See \fIprovider\fR\|(7) for further information about providers and fetching +algorithms. +.PP +The OpenSSL default and legacy providers support fetching digests and can fetch +those digests from any available provider. The OpenSSL fips provider also +supports fetching digests but will only fetch digests that are themselves +implemented inside the fips provider. +.PP +\&\fBctx\fR must be created with \fIEVP_MD_CTX_new()\fR before calling this function. If +\&\fBpctx\fR is not \s-1NULL\s0, the \s-1EVP_PKEY_CTX\s0 of the verification operation will be +written to \fB*pctx\fR: this can be used to set alternative verification options. +Note that any existing value in \fB*pctx\fR is overwritten. The \s-1EVP_PKEY_CTX\s0 value +returned must not be freed directly by the application if \fBctx\fR is not assigned +an \s-1EVP_PKEY_CTX\s0 value before being passed to \fIEVP_DigestVerifyInit_ex()\fR (which +means the \s-1EVP_PKEY_CTX\s0 is created inside \fIEVP_DigestVerifyInit_ex()\fR and it will +be freed automatically when the \s-1EVP_MD_CTX\s0 is freed). +.PP +No \fB\s-1EVP_PKEY_CTX\s0\fR will be created by \fIEVP_DigestSignInit_ex()\fR if the passed +\&\fBctx\fR has already been assigned one via \fIEVP_MD_CTX_set_pkey_ctx\fR\|(3). See also +\&\s-1\fISM2\s0\fR\|(7). +.PP +Not all digests can be used for all key types. The following combinations apply. +.IP "\s-1DSA\s0" 4 +.IX Item "DSA" +Supports \s-1SHA1\s0, \s-1SHA224\s0, \s-1SHA256\s0, \s-1SHA384\s0 and \s-1SHA512\s0 +.IP "\s-1ECDSA\s0" 4 +.IX Item "ECDSA" +Supports \s-1SHA1\s0, \s-1SHA224\s0, \s-1SHA256\s0, \s-1SHA384\s0, \s-1SHA512\s0 and \s-1SM3\s0 +.IP "\s-1RSA\s0 with no padding" 4 +.IX Item "RSA with no padding" +Supports no digests (the digest \fBtype\fR must be \s-1NULL\s0) +.IP "\s-1RSA\s0 with X931 padding" 4 +.IX Item "RSA with X931 padding" +Supports \s-1SHA1\s0, \s-1SHA256\s0, \s-1SHA384\s0 and \s-1SHA512\s0 +.IP "All other \s-1RSA\s0 padding types" 4 +.IX Item "All other RSA padding types" +Support \s-1SHA1\s0, \s-1SHA224\s0, \s-1SHA256\s0, \s-1SHA384\s0, \s-1SHA512\s0, \s-1MD5\s0, \s-1MD5_SHA1\s0, \s-1MD2\s0, \s-1MD4\s0, \s-1MDC2\s0, +\&\s-1SHA3\-224\s0, \s-1SHA3\-256\s0, \s-1SHA3\-384\s0, \s-1SHA3\-512\s0 +.IP "Ed25519 and Ed448" 4 +.IX Item "Ed25519 and Ed448" +Support no digests (the digest \fBtype\fR must be \s-1NULL\s0) +.IP "\s-1HMAC\s0" 4 +.IX Item "HMAC" +Supports any digest +.IP "\s-1CMAC\s0, Poly1305 and SipHash" 4 +.IX Item "CMAC, Poly1305 and SipHash" +Will ignore any digest provided. +.PP +If RSA-PSS is used and restrictions apply then the digest must match. +.PP +\&\fIEVP_DigestVerifyInit()\fR works in the same way as \fIEVP_DigestVerifyInit_ex()\fR except +that the \fBmdname\fR parameter will be inferred from the supplied digest \fBtype\fR, +and \fBprops\fR will be \s-1NULL\s0. Where supplied the \s-1ENGINE\s0 \fBe\fR will be used for the +signature verification and digest algorithm implementations. \fBe\fR may be \s-1NULL\s0. +.PP +\&\fIEVP_DigestVerifyUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the +verification context \fBctx\fR. This function can be called several times on the +same \fBctx\fR to include additional data. +.PP +\&\fIEVP_DigestVerifyFinal()\fR verifies the data in \fBctx\fR against the signature in +\&\fBsig\fR of length \fBsiglen\fR. +.PP +\&\fIEVP_DigestVerify()\fR verifies \fBtbslen\fR bytes at \fBtbs\fR against the signature +in \fBsig\fR of length \fBsiglen\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_DigestVerifyInit()\fR and \fIEVP_DigestVerifyUpdate()\fR return 1 for success and 0 +for failure. +.PP +\&\fIEVP_DigestVerifyFinal()\fR and \fIEVP_DigestVerify()\fR return 1 for success; any other +value indicates failure. A return value of zero indicates that the signature +did not verify successfully (that is, \fBtbs\fR did not match the original data or +the signature had an invalid form), while other values indicate a more serious +error (and sometimes also indicate an invalid signature form). +.PP +The error codes can be obtained from \fIERR_get_error\fR\|(3). +.SH "NOTES" +.IX Header "NOTES" +The \fB\s-1EVP\s0\fR interface to digital signatures should almost always be used in +preference to the low level interfaces. This is because the code then becomes +transparent to the algorithm used and much more flexible. +.PP +\&\fIEVP_DigestVerify()\fR is a one shot operation which verifies a single block of +data in one function. For algorithms that support streaming it is equivalent +to calling \fIEVP_DigestVerifyUpdate()\fR and \fIEVP_DigestVerifyFinal()\fR. For +algorithms which do not support streaming (e.g. PureEdDSA) it is the only way +to verify data. +.PP +In previous versions of OpenSSL there was a link between message digest types +and public key algorithms. This meant that \*(L"clone\*(R" digests such as \fIEVP_dss1()\fR +needed to be used to sign using \s-1SHA1\s0 and \s-1DSA\s0. This is no longer necessary and +the use of clone digest is now discouraged. +.PP +For some key types and parameters the random number generator must be seeded. +If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to +external circumstances (see \s-1\fIRAND\s0\fR\|(7)), the operation will fail. +.PP +The call to \fIEVP_DigestVerifyFinal()\fR internally finalizes a copy of the digest +context. This means that \fIEVP_VerifyUpdate()\fR and \fIEVP_VerifyFinal()\fR can +be called later to digest and verify additional data. +.PP +Since only a copy of the digest context is ever finalized, the context must +be cleaned up after use by calling \fIEVP_MD_CTX_free()\fR or a memory leak +will occur. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_DigestSignInit\fR\|(3), +\&\fIEVP_DigestInit\fR\|(3), +\&\fIevp\fR\|(7), \s-1\fIHMAC\s0\fR\|(3), \s-1\fIMD2\s0\fR\|(3), +\&\s-1\fIMD5\s0\fR\|(3), \s-1\fIMDC2\s0\fR\|(3), \s-1\fIRIPEMD160\s0\fR\|(3), +\&\s-1\fISHA1\s0\fR\|(3), \fIopenssl\-dgst\fR\|(1), +\&\s-1\fIRAND\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIEVP_DigestVerifyInit()\fR, \fIEVP_DigestVerifyUpdate()\fR and \fIEVP_DigestVerifyFinal()\fR +were added in OpenSSL 1.0.0. +.PP +\&\fIEVP_DigestVerifyInit_ex()\fR was added in OpenSSL 3.0. +.PP +\&\fIEVP_DigestVerifyUpdate()\fR was converted from a macro to a function in OpenSSL +3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_EncodeInit.3 b/linux_amd64/share/man/man3/EVP_EncodeInit.3 new file mode 100755 index 0000000..f5eb6b8 --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_EncodeInit.3 @@ -0,0 +1,284 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_ENCODEINIT 3" +.TH EVP_ENCODEINIT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_ENCODE_CTX_new, EVP_ENCODE_CTX_free, EVP_ENCODE_CTX_copy, +EVP_ENCODE_CTX_num, EVP_EncodeInit, EVP_EncodeUpdate, EVP_EncodeFinal, +EVP_EncodeBlock, EVP_DecodeInit, EVP_DecodeUpdate, EVP_DecodeFinal, +EVP_DecodeBlock \- EVP base 64 encode/decode routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void); +\& void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx); +\& int EVP_ENCODE_CTX_copy(EVP_ENCODE_CTX *dctx, EVP_ENCODE_CTX *sctx); +\& int EVP_ENCODE_CTX_num(EVP_ENCODE_CTX *ctx); +\& void EVP_EncodeInit(EVP_ENCODE_CTX *ctx); +\& int EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, +\& const unsigned char *in, int inl); +\& void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl); +\& int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n); +\& +\& void EVP_DecodeInit(EVP_ENCODE_CTX *ctx); +\& int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, +\& const unsigned char *in, int inl); +\& int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl); +\& int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP\s0 encode routines provide a high level interface to base 64 encoding and +decoding. Base 64 encoding converts binary data into a printable form that uses +the characters A\-Z, a\-z, 0\-9, \*(L"+\*(R" and \*(L"/\*(R" to represent the data. For every 3 +bytes of binary data provided 4 bytes of base 64 encoded data will be produced +plus some occasional newlines (see below). If the input data length is not a +multiple of 3 then the output data will be padded at the end using the \*(L"=\*(R" +character. +.PP +\&\fIEVP_ENCODE_CTX_new()\fR allocates, initializes and returns a context to be used for +the encode/decode functions. +.PP +\&\fIEVP_ENCODE_CTX_free()\fR cleans up an encode/decode context \fBctx\fR and frees up the +space allocated to it. +.PP +Encoding of binary data is performed in blocks of 48 input bytes (or less for +the final block). For each 48 byte input block encoded 64 bytes of base 64 data +is output plus an additional newline character (i.e. 65 bytes in total). The +final block (which may be less than 48 bytes) will output 4 bytes for every 3 +bytes of input. If the data length is not divisible by 3 then a full 4 bytes is +still output for the final 1 or 2 bytes of input. Similarly a newline character +will also be output. +.PP +\&\fIEVP_EncodeInit()\fR initialises \fBctx\fR for the start of a new encoding operation. +.PP +\&\fIEVP_EncodeUpdate()\fR encode \fBinl\fR bytes of data found in the buffer pointed to by +\&\fBin\fR. The output is stored in the buffer \fBout\fR and the number of bytes output +is stored in \fB*outl\fR. It is the caller's responsibility to ensure that the +buffer at \fBout\fR is sufficiently large to accommodate the output data. Only full +blocks of data (48 bytes) will be immediately processed and output by this +function. Any remainder is held in the \fBctx\fR object and will be processed by a +subsequent call to \fIEVP_EncodeUpdate()\fR or \fIEVP_EncodeFinal()\fR. To calculate the +required size of the output buffer add together the value of \fBinl\fR with the +amount of unprocessed data held in \fBctx\fR and divide the result by 48 (ignore +any remainder). This gives the number of blocks of data that will be processed. +Ensure the output buffer contains 65 bytes of storage for each block, plus an +additional byte for a \s-1NUL\s0 terminator. \fIEVP_EncodeUpdate()\fR may be called +repeatedly to process large amounts of input data. In the event of an error +\&\fIEVP_EncodeUpdate()\fR will set \fB*outl\fR to 0 and return 0. On success 1 will be +returned. +.PP +\&\fIEVP_EncodeFinal()\fR must be called at the end of an encoding operation. It will +process any partial block of data remaining in the \fBctx\fR object. The output +data will be stored in \fBout\fR and the length of the data written will be stored +in \fB*outl\fR. It is the caller's responsibility to ensure that \fBout\fR is +sufficiently large to accommodate the output data which will never be more than +65 bytes plus an additional \s-1NUL\s0 terminator (i.e. 66 bytes in total). +.PP +\&\fIEVP_ENCODE_CTX_copy()\fR can be used to copy a context \fBsctx\fR to a context +\&\fBdctx\fR. \fBdctx\fR must be initialized before calling this function. +.PP +\&\fIEVP_ENCODE_CTX_num()\fR will return the number of as yet unprocessed bytes still to +be encoded or decoded that are pending in the \fBctx\fR object. +.PP +\&\fIEVP_EncodeBlock()\fR encodes a full block of input data in \fBf\fR and of length +\&\fBdlen\fR and stores it in \fBt\fR. For every 3 bytes of input provided 4 bytes of +output data will be produced. If \fBdlen\fR is not divisible by 3 then the block is +encoded as a final block of data and the output is padded such that it is always +divisible by 4. Additionally a \s-1NUL\s0 terminator character will be added. For +example if 16 bytes of input data is provided then 24 bytes of encoded data is +created plus 1 byte for a \s-1NUL\s0 terminator (i.e. 25 bytes in total). The length of +the data generated \fIwithout\fR the \s-1NUL\s0 terminator is returned from the function. +.PP +\&\fIEVP_DecodeInit()\fR initialises \fBctx\fR for the start of a new decoding operation. +.PP +\&\fIEVP_DecodeUpdate()\fR decodes \fBinl\fR characters of data found in the buffer pointed +to by \fBin\fR. The output is stored in the buffer \fBout\fR and the number of bytes +output is stored in \fB*outl\fR. It is the caller's responsibility to ensure that +the buffer at \fBout\fR is sufficiently large to accommodate the output data. This +function will attempt to decode as much data as possible in 4 byte chunks. Any +whitespace, newline or carriage return characters are ignored. Any partial chunk +of unprocessed data (1, 2 or 3 bytes) that remains at the end will be held in +the \fBctx\fR object and processed by a subsequent call to \fIEVP_DecodeUpdate()\fR. If +any illegal base 64 characters are encountered or if the base 64 padding +character \*(L"=\*(R" is encountered in the middle of the data then the function returns +\&\-1 to indicate an error. A return value of 0 or 1 indicates successful +processing of the data. A return value of 0 additionally indicates that the last +input data characters processed included the base 64 padding character \*(L"=\*(R" and +therefore no more non-padding character data is expected to be processed. For +every 4 valid base 64 bytes processed (ignoring whitespace, carriage returns and +line feeds), 3 bytes of binary output data will be produced (or less at the end +of the data where the padding character \*(L"=\*(R" has been used). +.PP +\&\fIEVP_DecodeFinal()\fR must be called at the end of a decoding operation. If there +is any unprocessed data still in \fBctx\fR then the input data must not have been +a multiple of 4 and therefore an error has occurred. The function will return \-1 +in this case. Otherwise the function returns 1 on success. +.PP +\&\fIEVP_DecodeBlock()\fR will decode the block of \fBn\fR characters of base 64 data +contained in \fBf\fR and store the result in \fBt\fR. Any leading whitespace will be +trimmed as will any trailing whitespace, newlines, carriage returns or \s-1EOF\s0 +characters. After such trimming the length of the data in \fBf\fR must be divisible +by 4. For every 4 input bytes exactly 3 output bytes will be produced. The +output will be padded with 0 bits if necessary to ensure that the output is +always 3 bytes for every 4 input bytes. This function will return the length of +the data decoded or \-1 on error. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_ENCODE_CTX_new()\fR returns a pointer to the newly allocated \s-1EVP_ENCODE_CTX\s0 +object or \s-1NULL\s0 on error. +.PP +\&\fIEVP_ENCODE_CTX_num()\fR returns the number of bytes pending encoding or decoding in +\&\fBctx\fR. +.PP +\&\fIEVP_EncodeUpdate()\fR returns 0 on error or 1 on success. +.PP +\&\fIEVP_EncodeBlock()\fR returns the number of bytes encoded excluding the \s-1NUL\s0 +terminator. +.PP +\&\fIEVP_DecodeUpdate()\fR returns \-1 on error and 0 or 1 on success. If 0 is returned +then no more non-padding base 64 characters are expected. +.PP +\&\fIEVP_DecodeFinal()\fR returns \-1 on error or 1 on success. +.PP +\&\fIEVP_DecodeBlock()\fR returns the length of the data decoded or \-1 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIevp\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_EncryptInit.3 b/linux_amd64/share/man/man3/EVP_EncryptInit.3 new file mode 100755 index 0000000..0da261e --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_EncryptInit.3 @@ -0,0 +1,931 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_ENCRYPTINIT 3" +.TH EVP_ENCRYPTINIT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_CIPHER_fetch, +EVP_CIPHER_up_ref, +EVP_CIPHER_free, +EVP_CIPHER_CTX_new, +EVP_CIPHER_CTX_reset, +EVP_CIPHER_CTX_free, +EVP_EncryptInit_ex, +EVP_EncryptUpdate, +EVP_EncryptFinal_ex, +EVP_DecryptInit_ex, +EVP_DecryptUpdate, +EVP_DecryptFinal_ex, +EVP_CipherInit_ex, +EVP_CipherUpdate, +EVP_CipherFinal_ex, +EVP_CIPHER_CTX_set_key_length, +EVP_CIPHER_CTX_ctrl, +EVP_EncryptInit, +EVP_EncryptFinal, +EVP_DecryptInit, +EVP_DecryptFinal, +EVP_CipherInit, +EVP_CipherFinal, +EVP_Cipher, +EVP_get_cipherbyname, +EVP_get_cipherbynid, +EVP_get_cipherbyobj, +EVP_CIPHER_is_a, +EVP_CIPHER_name, +EVP_CIPHER_number, +EVP_CIPHER_names_do_all, +EVP_CIPHER_provider, +EVP_CIPHER_nid, +EVP_CIPHER_get_params, +EVP_CIPHER_gettable_params, +EVP_CIPHER_block_size, +EVP_CIPHER_key_length, +EVP_CIPHER_iv_length, +EVP_CIPHER_flags, +EVP_CIPHER_mode, +EVP_CIPHER_type, +EVP_CIPHER_CTX_cipher, +EVP_CIPHER_CTX_name, +EVP_CIPHER_CTX_nid, +EVP_CIPHER_CTX_get_params, +EVP_CIPHER_gettable_ctx_params, +EVP_CIPHER_CTX_set_params, +EVP_CIPHER_settable_ctx_params, +EVP_CIPHER_CTX_block_size, +EVP_CIPHER_CTX_key_length, +EVP_CIPHER_CTX_iv_length, +EVP_CIPHER_CTX_tag_length, +EVP_CIPHER_CTX_get_app_data, +EVP_CIPHER_CTX_set_app_data, +EVP_CIPHER_CTX_type, +EVP_CIPHER_CTX_flags, +EVP_CIPHER_CTX_mode, +EVP_CIPHER_param_to_asn1, +EVP_CIPHER_asn1_to_param, +EVP_CIPHER_CTX_set_padding, +EVP_enc_null, +EVP_CIPHER_do_all_provided +\&\- EVP cipher routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EVP_CIPHER *EVP_CIPHER_fetch(OPENSSL_CTX *ctx, const char *algorithm, +\& const char *properties); +\& int EVP_CIPHER_up_ref(EVP_CIPHER *cipher); +\& void EVP_CIPHER_free(EVP_CIPHER *cipher); +\& EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void); +\& int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx); +\& void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx); +\& +\& int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, +\& ENGINE *impl, const unsigned char *key, const unsigned char *iv); +\& int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, +\& int *outl, const unsigned char *in, int inl); +\& int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); +\& +\& int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, +\& ENGINE *impl, const unsigned char *key, const unsigned char *iv); +\& int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, +\& int *outl, const unsigned char *in, int inl); +\& int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); +\& +\& int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, +\& ENGINE *impl, const unsigned char *key, const unsigned char *iv, int enc); +\& int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, +\& int *outl, const unsigned char *in, int inl); +\& int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); +\& +\& int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, +\& const unsigned char *key, const unsigned char *iv); +\& int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); +\& +\& int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, +\& const unsigned char *key, const unsigned char *iv); +\& int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); +\& +\& int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, +\& const unsigned char *key, const unsigned char *iv, int enc); +\& int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); +\& +\& int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +\& const unsigned char *in, unsigned int inl); +\& +\& int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *x, int padding); +\& int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen); +\& int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); +\& int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key); +\& +\& const EVP_CIPHER *EVP_get_cipherbyname(const char *name); +\& const EVP_CIPHER *EVP_get_cipherbynid(int nid); +\& const EVP_CIPHER *EVP_get_cipherbyobj(const ASN1_OBJECT *a); +\& +\& int EVP_CIPHER_nid(const EVP_CIPHER *e); +\& int EVP_CIPHER_number(const EVP_CIPHER *e); +\& int EVP_CIPHER_is_a(const EVP_CIPHER *cipher, const char *name); +\& void EVP_CIPHER_names_do_all(const EVP_CIPHER *cipher, +\& void (*fn)(const char *name, void *data), +\& void *data); +\& const char *EVP_CIPHER_name(const EVP_CIPHER *cipher); +\& const OSSL_PROVIDER *EVP_CIPHER_provider(const EVP_CIPHER *cipher); +\& int EVP_CIPHER_block_size(const EVP_CIPHER *e); +\& int EVP_CIPHER_key_length(const EVP_CIPHER *e); +\& int EVP_CIPHER_iv_length(const EVP_CIPHER *e); +\& unsigned long EVP_CIPHER_flags(const EVP_CIPHER *e); +\& unsigned long EVP_CIPHER_mode(const EVP_CIPHER *e); +\& int EVP_CIPHER_type(const EVP_CIPHER *ctx); +\& +\& const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx); +\& int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx); +\& const char *EVP_CIPHER_CTX_name(const EVP_CIPHER_CTX *ctx); +\& +\& int EVP_CIPHER_get_params(EVP_CIPHER *cipher, OSSL_PARAM params[]); +\& int EVP_CIPHER_CTX_set_params(EVP_CIPHER_CTX *ctx, const OSSL_PARAM params[]); +\& int EVP_CIPHER_CTX_get_params(EVP_CIPHER_CTX *ctx, OSSL_PARAM params[]); +\& const OSSL_PARAM *EVP_CIPHER_gettable_params(const EVP_CIPHER *cipher); +\& const OSSL_PARAM *EVP_CIPHER_settable_ctx_params(const EVP_CIPHER *cipher); +\& const OSSL_PARAM *EVP_CIPHER_gettable_ctx_params(const EVP_CIPHER *cipher); +\& int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx); +\& int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx); +\& int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx); +\& int EVP_CIPHER_CTX_tag_length(const EVP_CIPHER_CTX *ctx); +\& void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx); +\& void EVP_CIPHER_CTX_set_app_data(const EVP_CIPHER_CTX *ctx, void *data); +\& int EVP_CIPHER_CTX_type(const EVP_CIPHER_CTX *ctx); +\& int EVP_CIPHER_CTX_mode(const EVP_CIPHER_CTX *ctx); +\& +\& int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type); +\& int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type); +\& +\& void EVP_CIPHER_do_all_provided(OPENSSL_CTX *libctx, +\& void (*fn)(EVP_CIPHER *cipher, void *arg), +\& void *arg); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP\s0 cipher routines are a high level interface to certain +symmetric ciphers. +.PP +The \fB\s-1EVP_CIPHER\s0\fR type is a structure for cipher method implementation. +.PP +\&\fIEVP_CIPHER_fetch()\fR fetches the cipher implementation for the given +\&\fBalgorithm\fR from any provider offering it, within the criteria given +by the \fBproperties\fR. +See \*(L"Fetching algorithms\*(R" in \fIprovider\fR\|(7) for further information. +.PP +The returned value must eventually be freed with \fIEVP_CIPHER_free()\fR. +.PP +\&\fIEVP_CIPHER_up_ref()\fR increments the reference count for an \fB\s-1EVP_CIPHER\s0\fR +structure. +.PP +\&\fIEVP_CIPHER_free()\fR decrements the reference count for the \fB\s-1EVP_CIPHER\s0\fR +structure. +If the reference count drops to 0 then the structure is freed. +.PP +\&\fIEVP_CIPHER_CTX_new()\fR creates a cipher context. +.PP +\&\fIEVP_CIPHER_CTX_free()\fR clears all information from a cipher context +and free up any allocated memory associate with it, including \fBctx\fR +itself. This function should be called after all operations using a +cipher are complete so sensitive information does not remain in +memory. +.PP +\&\fIEVP_EncryptInit_ex()\fR sets up cipher context \fBctx\fR for encryption +with cipher \fBtype\fR. \fBtype\fR is typically supplied by a function such +as \fIEVP_aes_256_cbc()\fR, or a value explicitly fetched with +\&\fIEVP_CIPHER_fetch()\fR. If \fBimpl\fR is non-NULL, its implementation of the +cipher \fBtype\fR is used if there is one, and if not, the default +implementation is used. \fBkey\fR is the symmetric key to use +and \fBiv\fR is the \s-1IV\s0 to use (if necessary), the actual number of bytes +used for the key and \s-1IV\s0 depends on the cipher. It is possible to set +all parameters to \s-1NULL\s0 except \fBtype\fR in an initial call and supply +the remaining parameters in subsequent calls, all of which have \fBtype\fR +set to \s-1NULL\s0. This is done when the default cipher parameters are not +appropriate. +For \s-1EVP_CIPH_GCM_MODE\s0 the \s-1IV\s0 will be generated internally if it is not +specified. +.PP +\&\fIEVP_EncryptUpdate()\fR encrypts \fBinl\fR bytes from the buffer \fBin\fR and +writes the encrypted version to \fBout\fR. This function can be called +multiple times to encrypt successive blocks of data. The amount +of data written depends on the block alignment of the encrypted data: +as a result the amount of data written may be anything from zero bytes +to (inl + cipher_block_size \- 1) so \fBout\fR should contain sufficient +room. The actual number of bytes written is placed in \fBoutl\fR. It also +checks if \fBin\fR and \fBout\fR are partially overlapping, and if they are +0 is returned to indicate failure. +.PP +If padding is enabled (the default) then \fIEVP_EncryptFinal_ex()\fR encrypts +the \*(L"final\*(R" data, that is any data that remains in a partial block. +It uses standard block padding (aka \s-1PKCS\s0 padding) as described in +the \s-1NOTES\s0 section, below. The encrypted +final data is written to \fBout\fR which should have sufficient space for +one cipher block. The number of bytes written is placed in \fBoutl\fR. After +this function is called the encryption operation is finished and no further +calls to \fIEVP_EncryptUpdate()\fR should be made. +.PP +If padding is disabled then \fIEVP_EncryptFinal_ex()\fR will not encrypt any more +data and it will return an error if any data remains in a partial block: +that is if the total data length is not a multiple of the block size. +.PP +\&\fIEVP_DecryptInit_ex()\fR, \fIEVP_DecryptUpdate()\fR and \fIEVP_DecryptFinal_ex()\fR are the +corresponding decryption operations. \fIEVP_DecryptFinal()\fR will return an +error code if padding is enabled and the final block is not correctly +formatted. The parameters and restrictions are identical to the encryption +operations except that if padding is enabled the decrypted data buffer \fBout\fR +passed to \fIEVP_DecryptUpdate()\fR should have sufficient room for +(\fBinl\fR + cipher_block_size) bytes unless the cipher block size is 1 in +which case \fBinl\fR bytes is sufficient. +.PP +\&\fIEVP_CipherInit_ex()\fR, \fIEVP_CipherUpdate()\fR and \fIEVP_CipherFinal_ex()\fR are +functions that can be used for decryption or encryption. The operation +performed depends on the value of the \fBenc\fR parameter. It should be set +to 1 for encryption, 0 for decryption and \-1 to leave the value unchanged +(the actual value of 'enc' being supplied in a previous call). +.PP +\&\fIEVP_CIPHER_CTX_reset()\fR clears all information from a cipher context +and free up any allocated memory associate with it, except the \fBctx\fR +itself. This function should be called anytime \fBctx\fR is to be reused +for another \fIEVP_CipherInit()\fR / \fIEVP_CipherUpdate()\fR / \fIEVP_CipherFinal()\fR +series of calls. +.PP +\&\fIEVP_EncryptInit()\fR, \fIEVP_DecryptInit()\fR and \fIEVP_CipherInit()\fR behave in a +similar way to \fIEVP_EncryptInit_ex()\fR, \fIEVP_DecryptInit_ex()\fR and +\&\fIEVP_CipherInit_ex()\fR except they always use the default cipher implementation. +.PP +\&\fIEVP_EncryptFinal()\fR, \fIEVP_DecryptFinal()\fR and \fIEVP_CipherFinal()\fR are +identical to \fIEVP_EncryptFinal_ex()\fR, \fIEVP_DecryptFinal_ex()\fR and +\&\fIEVP_CipherFinal_ex()\fR. In previous releases they also cleaned up +the \fBctx\fR, but this is no longer done and \fIEVP_CIPHER_CTX_clean()\fR +must be called to free any context resources. +.PP +\&\fIEVP_Cipher()\fR encrypts or decrypts a maximum \fIinl\fR amount of bytes from +\&\fIin\fR and leaves the result in \fIout\fR. +If the cipher doesn't have the flag \fB\s-1EVP_CIPH_FLAG_CUSTOM_CIPHER\s0\fR set, +then \fIinl\fR must be a multiple of \fIEVP_CIPHER_block_size()\fR. If it isn't, +the result is undefined. If the cipher has that flag set, then \fIinl\fR +can be any size. +This function is historic and shouldn't be used in an application, please +consider using \fIEVP_CipherUpdate()\fR and EVP_CipherFinal_ex instead. +.PP +\&\fIEVP_get_cipherbyname()\fR, \fIEVP_get_cipherbynid()\fR and \fIEVP_get_cipherbyobj()\fR +return an \s-1EVP_CIPHER\s0 structure when passed a cipher name, a \s-1NID\s0 or an +\&\s-1ASN1_OBJECT\s0 structure. +.PP +\&\fIEVP_CIPHER_nid()\fR and \fIEVP_CIPHER_CTX_nid()\fR return the \s-1NID\s0 of a cipher when +passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR structure. The actual \s-1NID\s0 +value is an internal value which may not have a corresponding \s-1OBJECT\s0 +\&\s-1IDENTIFIER\s0. +.PP +\&\fIEVP_CIPHER_CTX_set_padding()\fR enables or disables padding. This +function should be called after the context is set up for encryption +or decryption with \fIEVP_EncryptInit_ex()\fR, \fIEVP_DecryptInit_ex()\fR or +\&\fIEVP_CipherInit_ex()\fR. By default encryption operations are padded using +standard block padding and the padding is checked and removed when +decrypting. If the \fBpad\fR parameter is zero then no padding is +performed, the total amount of data encrypted or decrypted must then +be a multiple of the block size or an error will occur. +.PP +\&\fIEVP_CIPHER_get_params()\fR retrieves the requested list of algorithm +\&\fBparams\fR from a \fBcipher\fR. +.PP +\&\fIEVP_CIPHER_CTX_set_params()\fR Sets the list of operation \fBparams\fR into a \s-1CIPHER\s0 +context \fBctx\fR. +.PP +\&\fIEVP_CIPHER_CTX_get_params()\fR retrieves the requested list of operation +\&\fBparams\fR from \s-1CIPHER\s0 context \fBctx\fR. +.PP +\&\fIEVP_CIPHER_gettable_params()\fR, \fIEVP_CIPHER_gettable_ctx_params()\fR, and +\&\fIEVP_CIPHER_settable_ctx_params()\fR get a constant \fB\s-1OSSL_PARAM\s0\fR array +that describes the retrievable and settable parameters, i.e. parameters +that can be used with \fIEVP_CIPHER_get_params()\fR, \fIEVP_CIPHER_CTX_get_params()\fR +and \fIEVP_CIPHER_CTX_set_params()\fR, respectively. +See \s-1\fIOSSL_PARAM\s0\fR\|(3) for the use of \fB\s-1OSSL_PARAM\s0\fR as parameter descriptor. +.PP +\&\fIEVP_CIPHER_key_length()\fR and \fIEVP_CIPHER_CTX_key_length()\fR return the key +length of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR +structure. The constant \fB\s-1EVP_MAX_KEY_LENGTH\s0\fR is the maximum key length +for all ciphers. Note: although \fIEVP_CIPHER_key_length()\fR is fixed for a +given cipher, the value of \fIEVP_CIPHER_CTX_key_length()\fR may be different +for variable key length ciphers. +.PP +\&\fIEVP_CIPHER_CTX_set_key_length()\fR sets the key length of the cipher ctx. +If the cipher is a fixed length cipher then attempting to set the key +length to any value other than the fixed value is an error. +.PP +\&\fIEVP_CIPHER_iv_length()\fR and \fIEVP_CIPHER_CTX_iv_length()\fR return the \s-1IV\s0 +length of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR. +It will return zero if the cipher does not use an \s-1IV\s0. The constant +\&\fB\s-1EVP_MAX_IV_LENGTH\s0\fR is the maximum \s-1IV\s0 length for all ciphers. +.PP +\&\fIEVP_CIPHER_CTX_tag_length()\fR returns the tag length of a \s-1AEAD\s0 cipher when passed +a \fB\s-1EVP_CIPHER_CTX\s0\fR. It will return zero if the cipher does not support a tag. +It returns a default value if the tag length has not been set. +.PP +\&\fIEVP_CIPHER_block_size()\fR and \fIEVP_CIPHER_CTX_block_size()\fR return the block +size of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR +structure. The constant \fB\s-1EVP_MAX_BLOCK_LENGTH\s0\fR is also the maximum block +length for all ciphers. +.PP +\&\fIEVP_CIPHER_type()\fR and \fIEVP_CIPHER_CTX_type()\fR return the type of the passed +cipher or context. This \*(L"type\*(R" is the actual \s-1NID\s0 of the cipher \s-1OBJECT\s0 +\&\s-1IDENTIFIER\s0 as such it ignores the cipher parameters and 40 bit \s-1RC2\s0 and +128 bit \s-1RC2\s0 have the same \s-1NID\s0. If the cipher does not have an object +identifier or does not have \s-1ASN1\s0 support this function will return +\&\fBNID_undef\fR. +.PP +\&\fIEVP_CIPHER_is_a()\fR returns 1 if \fIcipher\fR is an implementation of an +algorithm that's identifiable with \fIname\fR, otherwise 0. +If \fIcipher\fR is a legacy cipher (it's the return value from the likes +of \fIEVP_aes128()\fR rather than the result of an \fIEVP_CIPHER_fetch()\fR), only +cipher names registered with the default library context (see +\&\s-1\fIOPENSSL_CTX\s0\fR\|(3)) will be considered. +.PP +\&\fIEVP_CIPHER_number()\fR returns the internal dynamic number assigned to +the \fIcipher\fR. This is only useful with fetched \fB\s-1EVP_CIPHER\s0\fRs. +.PP +\&\fIEVP_CIPHER_name()\fR and \fIEVP_CIPHER_CTX_name()\fR return the name of the passed +cipher or context. For fetched ciphers with multiple names, only one +of them is returned; it's recommended to use \fIEVP_CIPHER_names_do_all()\fR +instead. +.PP +\&\fIEVP_CIPHER_names_do_all()\fR traverses all names for the \fIcipher\fR, and +calls \fIfn\fR with each name and \fIdata\fR. This is only useful with +fetched \fB\s-1EVP_CIPHER\s0\fRs. +.PP +\&\fIEVP_CIPHER_provider()\fR returns an \fB\s-1OSSL_PROVIDER\s0\fR pointer to the provider +that implements the given \fB\s-1EVP_CIPHER\s0\fR. +.PP +\&\fIEVP_CIPHER_CTX_cipher()\fR returns the \fB\s-1EVP_CIPHER\s0\fR structure when passed +an \fB\s-1EVP_CIPHER_CTX\s0\fR structure. +.PP +\&\fIEVP_CIPHER_mode()\fR and \fIEVP_CIPHER_CTX_mode()\fR return the block cipher mode: +\&\s-1EVP_CIPH_ECB_MODE\s0, \s-1EVP_CIPH_CBC_MODE\s0, \s-1EVP_CIPH_CFB_MODE\s0, \s-1EVP_CIPH_OFB_MODE\s0, +\&\s-1EVP_CIPH_CTR_MODE\s0, \s-1EVP_CIPH_GCM_MODE\s0, \s-1EVP_CIPH_CCM_MODE\s0, \s-1EVP_CIPH_XTS_MODE\s0, +\&\s-1EVP_CIPH_WRAP_MODE\s0, \s-1EVP_CIPH_OCB_MODE\s0 or \s-1EVP_CIPH_SIV_MODE\s0. If the cipher is a +stream cipher then \s-1EVP_CIPH_STREAM_CIPHER\s0 is returned. +.PP +\&\fIEVP_CIPHER_flags()\fR returns any flags associated with the cipher. See +\&\fIEVP_CIPHER_meth_set_flags()\fR for a list of currently defined flags. +.PP +\&\fIEVP_CIPHER_param_to_asn1()\fR sets the AlgorithmIdentifier \*(L"parameter\*(R" based +on the passed cipher. This will typically include any parameters and an +\&\s-1IV\s0. The cipher \s-1IV\s0 (if any) must be set when this call is made. This call +should be made before the cipher is actually \*(L"used\*(R" (before any +\&\fIEVP_EncryptUpdate()\fR, \fIEVP_DecryptUpdate()\fR calls for example). This function +may fail if the cipher does not have any \s-1ASN1\s0 support. +.PP +\&\fIEVP_CIPHER_asn1_to_param()\fR sets the cipher parameters based on an \s-1ASN1\s0 +AlgorithmIdentifier \*(L"parameter\*(R". The precise effect depends on the cipher +In the case of \s-1RC2\s0, for example, it will set the \s-1IV\s0 and effective key length. +This function should be called after the base cipher type is set but before +the key is set. For example \fIEVP_CipherInit()\fR will be called with the \s-1IV\s0 and +key set to \s-1NULL\s0, \fIEVP_CIPHER_asn1_to_param()\fR will be called and finally +\&\fIEVP_CipherInit()\fR again with all parameters except the key set to \s-1NULL\s0. It is +possible for this function to fail if the cipher does not have any \s-1ASN1\s0 support +or the parameters cannot be set (for example the \s-1RC2\s0 effective key length +is not supported. +.PP +\&\fIEVP_CIPHER_CTX_ctrl()\fR allows various cipher specific parameters to be determined +and set. +.PP +\&\fIEVP_CIPHER_CTX_rand_key()\fR generates a random key of the appropriate length +based on the cipher context. The \s-1EVP_CIPHER\s0 can provide its own random key +generation routine to support keys of a specific form. \fBKey\fR must point to a +buffer at least as big as the value returned by \fIEVP_CIPHER_CTX_key_length()\fR. +.PP +\&\fIEVP_CIPHER_do_all_provided()\fR traverses all ciphers implemented by all activated +providers in the given library context \fIlibctx\fR, and for each of the +implementations, calls the given function \fIfn\fR with the implementation method +and the given \fIarg\fR as argument. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_CIPHER_fetch()\fR returns a pointer to a \fB\s-1EVP_CIPHER\s0\fR for success +and \fB\s-1NULL\s0\fR for failure. +.PP +\&\fIEVP_CIPHER_up_ref()\fR returns 1 for success or 0 otherwise. +.PP +\&\fIEVP_CIPHER_CTX_new()\fR returns a pointer to a newly created +\&\fB\s-1EVP_CIPHER_CTX\s0\fR for success and \fB\s-1NULL\s0\fR for failure. +.PP +\&\fIEVP_EncryptInit_ex()\fR, \fIEVP_EncryptUpdate()\fR and \fIEVP_EncryptFinal_ex()\fR +return 1 for success and 0 for failure. +.PP +\&\fIEVP_DecryptInit_ex()\fR and \fIEVP_DecryptUpdate()\fR return 1 for success and 0 for failure. +\&\fIEVP_DecryptFinal_ex()\fR returns 0 if the decrypt failed or 1 for success. +.PP +\&\fIEVP_CipherInit_ex()\fR and \fIEVP_CipherUpdate()\fR return 1 for success and 0 for failure. +\&\fIEVP_CipherFinal_ex()\fR returns 0 for a decryption failure or 1 for success. +.PP +\&\fIEVP_Cipher()\fR returns the amount of encrypted / decrypted bytes, or \-1 +on failure, if the flag \fB\s-1EVP_CIPH_FLAG_CUSTOM_CIPHER\s0\fR is set for the +cipher. \fIEVP_Cipher()\fR returns 1 on success or 0 on failure, if the flag +\&\fB\s-1EVP_CIPH_FLAG_CUSTOM_CIPHER\s0\fR is not set for the cipher. +.PP +\&\fIEVP_CIPHER_CTX_reset()\fR returns 1 for success and 0 for failure. +.PP +\&\fIEVP_get_cipherbyname()\fR, \fIEVP_get_cipherbynid()\fR and \fIEVP_get_cipherbyobj()\fR +return an \fB\s-1EVP_CIPHER\s0\fR structure or \s-1NULL\s0 on error. +.PP +\&\fIEVP_CIPHER_nid()\fR and \fIEVP_CIPHER_CTX_nid()\fR return a \s-1NID\s0. +.PP +\&\fIEVP_CIPHER_block_size()\fR and \fIEVP_CIPHER_CTX_block_size()\fR return the block +size. +.PP +\&\fIEVP_CIPHER_key_length()\fR and \fIEVP_CIPHER_CTX_key_length()\fR return the key +length. +.PP +\&\fIEVP_CIPHER_CTX_set_padding()\fR always returns 1. +.PP +\&\fIEVP_CIPHER_iv_length()\fR and \fIEVP_CIPHER_CTX_iv_length()\fR return the \s-1IV\s0 +length or zero if the cipher does not use an \s-1IV\s0. +.PP +\&\fIEVP_CIPHER_CTX_tag_length()\fR return the tag length or zero if the cipher does not +use a tag. +.PP +\&\fIEVP_CIPHER_type()\fR and \fIEVP_CIPHER_CTX_type()\fR return the \s-1NID\s0 of the cipher's +\&\s-1OBJECT\s0 \s-1IDENTIFIER\s0 or NID_undef if it has no defined \s-1OBJECT\s0 \s-1IDENTIFIER\s0. +.PP +\&\fIEVP_CIPHER_CTX_cipher()\fR returns an \fB\s-1EVP_CIPHER\s0\fR structure. +.PP +\&\fIEVP_CIPHER_param_to_asn1()\fR and \fIEVP_CIPHER_asn1_to_param()\fR return greater +than zero for success and zero or a negative number on failure. +.PP +\&\fIEVP_CIPHER_CTX_rand_key()\fR returns 1 for success. +.SH "CIPHER LISTING" +.IX Header "CIPHER LISTING" +All algorithms have a fixed key length unless otherwise stated. +.PP +Refer to \*(L"\s-1SEE\s0 \s-1ALSO\s0\*(R" for the full list of ciphers available through the \s-1EVP\s0 +interface. +.IP "\fIEVP_enc_null()\fR" 4 +.IX Item "EVP_enc_null()" +Null cipher: does nothing. +.SH "AEAD INTERFACE" +.IX Header "AEAD INTERFACE" +The \s-1EVP\s0 interface for Authenticated Encryption with Associated Data (\s-1AEAD\s0) +modes are subtly altered and several additional \fIctrl\fR operations are supported +depending on the mode specified. +.PP +To specify additional authenticated data (\s-1AAD\s0), a call to \fIEVP_CipherUpdate()\fR, +\&\fIEVP_EncryptUpdate()\fR or \fIEVP_DecryptUpdate()\fR should be made with the output +parameter \fBout\fR set to \fB\s-1NULL\s0\fR. +.PP +When decrypting, the return value of \fIEVP_DecryptFinal()\fR or \fIEVP_CipherFinal()\fR +indicates whether the operation was successful. If it does not indicate success, +the authentication operation has failed and any output data \fB\s-1MUST\s0 \s-1NOT\s0\fR be used +as it is corrupted. +.SS "\s-1GCM\s0 and \s-1OCB\s0 Modes" +.IX Subsection "GCM and OCB Modes" +The following \fIctrl\fRs are supported in \s-1GCM\s0 and \s-1OCB\s0 modes. +.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_SET_IVLEN\s0, ivlen, \s-1NULL\s0)" 4 +.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL)" +Sets the \s-1IV\s0 length. This call can only be made before specifying an \s-1IV\s0. If +not called a default \s-1IV\s0 length is used. +.Sp +For \s-1GCM\s0 \s-1AES\s0 and \s-1OCB\s0 \s-1AES\s0 the default is 12 (i.e. 96 bits). For \s-1OCB\s0 mode the +maximum is 15. +.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_GET_TAG\s0, taglen, tag)" 4 +.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag)" +Writes \f(CW\*(C`taglen\*(C'\fR bytes of the tag value to the buffer indicated by \f(CW\*(C`tag\*(C'\fR. +This call can only be made when encrypting data and \fBafter\fR all data has been +processed (e.g. after an \fIEVP_EncryptFinal()\fR call). +.Sp +For \s-1OCB\s0, \f(CW\*(C`taglen\*(C'\fR must either be 16 or the value previously set via +\&\fB\s-1EVP_CTRL_AEAD_SET_TAG\s0\fR. +.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_SET_TAG\s0, taglen, tag)" 4 +.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag)" +Sets the expected tag to \f(CW\*(C`taglen\*(C'\fR bytes from \f(CW\*(C`tag\*(C'\fR. +The tag length can only be set before specifying an \s-1IV\s0. +\&\f(CW\*(C`taglen\*(C'\fR must be between 1 and 16 inclusive. +.Sp +For \s-1GCM\s0, this call is only valid when decrypting data. +.Sp +For \s-1OCB\s0, this call is valid when decrypting data to set the expected tag, +and before encryption to set the desired tag length. +.Sp +In \s-1OCB\s0 mode, calling this before encryption with \f(CW\*(C`tag\*(C'\fR set to \f(CW\*(C`NULL\*(C'\fR sets the +tag length. If this is not called prior to encryption, a default tag length is +used. +.Sp +For \s-1OCB\s0 \s-1AES\s0, the default tag length is 16 (i.e. 128 bits). It is also the +maximum tag length for \s-1OCB\s0. +.SS "\s-1CCM\s0 Mode" +.IX Subsection "CCM Mode" +The \s-1EVP\s0 interface for \s-1CCM\s0 mode is similar to that of the \s-1GCM\s0 mode but with a +few additional requirements and different \fIctrl\fR values. +.PP +For \s-1CCM\s0 mode, the total plaintext or ciphertext length \fB\s-1MUST\s0\fR be passed to +\&\fIEVP_CipherUpdate()\fR, \fIEVP_EncryptUpdate()\fR or \fIEVP_DecryptUpdate()\fR with the output +and input parameters (\fBin\fR and \fBout\fR) set to \fB\s-1NULL\s0\fR and the length passed in +the \fBinl\fR parameter. +.PP +The following \fIctrl\fRs are supported in \s-1CCM\s0 mode. +.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_SET_TAG\s0, taglen, tag)" 4 +.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag)" +This call is made to set the expected \fB\s-1CCM\s0\fR tag value when decrypting or +the length of the tag (with the \f(CW\*(C`tag\*(C'\fR parameter set to \s-1NULL\s0) when encrypting. +The tag length is often referred to as \fBM\fR. If not set a default value is +used (12 for \s-1AES\s0). When decrypting, the tag needs to be set before passing +in data to be decrypted, but as in \s-1GCM\s0 and \s-1OCB\s0 mode, it can be set after +passing additional authenticated data (see \*(L"\s-1AEAD\s0 \s-1INTERFACE\s0\*(R"). +.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_CCM_SET_L\s0, ivlen, \s-1NULL\s0)" 4 +.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_L, ivlen, NULL)" +Sets the \s-1CCM\s0 \fBL\fR value. If not set a default is used (8 for \s-1AES\s0). +.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_SET_IVLEN\s0, ivlen, \s-1NULL\s0)" 4 +.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL)" +Sets the \s-1CCM\s0 nonce (\s-1IV\s0) length. This call can only be made before specifying an +nonce value. The nonce length is given by \fB15 \- L\fR so it is 7 by default for +\&\s-1AES\s0. +.SS "\s-1SIV\s0 Mode" +.IX Subsection "SIV Mode" +For \s-1SIV\s0 mode ciphers the behaviour of the \s-1EVP\s0 interface is subtly +altered and several additional ctrl operations are supported. +.PP +To specify any additional authenticated data (\s-1AAD\s0) and/or a Nonce, a call to +\&\fIEVP_CipherUpdate()\fR, \fIEVP_EncryptUpdate()\fR or \fIEVP_DecryptUpdate()\fR should be made +with the output parameter \fBout\fR set to \fB\s-1NULL\s0\fR. +.PP +\&\s-1RFC5297\s0 states that the Nonce is the last piece of \s-1AAD\s0 before the actual +encrypt/decrypt takes place. The \s-1API\s0 does not differentiate the Nonce from +other \s-1AAD\s0. +.PP +When decrypting the return value of \fIEVP_DecryptFinal()\fR or \fIEVP_CipherFinal()\fR +indicates if the operation was successful. If it does not indicate success +the authentication operation has failed and any output data \fB\s-1MUST\s0 \s-1NOT\s0\fR +be used as it is corrupted. +.PP +The following ctrls are supported in both \s-1SIV\s0 modes. +.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_GET_TAG\s0, taglen, tag);" 4 +.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag);" +Writes \fBtaglen\fR bytes of the tag value to the buffer indicated by \fBtag\fR. +This call can only be made when encrypting data and \fBafter\fR all data has been +processed (e.g. after an \fIEVP_EncryptFinal()\fR call). For \s-1SIV\s0 mode the taglen must +be 16. +.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_SET_TAG\s0, taglen, tag);" 4 +.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag);" +Sets the expected tag to \fBtaglen\fR bytes from \fBtag\fR. This call is only legal +when decrypting data and must be made \fBbefore\fR any data is processed (e.g. +before any \fIEVP_DecryptUpdate()\fR call). For \s-1SIV\s0 mode the taglen must be 16. +.PP +\&\s-1SIV\s0 mode makes two passes over the input data, thus, only one call to +\&\fIEVP_CipherUpdate()\fR, \fIEVP_EncryptUpdate()\fR or \fIEVP_DecryptUpdate()\fR should be made +with \fBout\fR set to a non\-\fB\s-1NULL\s0\fR value. A call to \fIEVP_Decrypt_Final()\fR or +\&\fIEVP_CipherFinal()\fR is not required, but will indicate if the update +operation succeeded. +.SS "ChaCha20\-Poly1305" +.IX Subsection "ChaCha20-Poly1305" +The following \fIctrl\fRs are supported for the ChaCha20\-Poly1305 \s-1AEAD\s0 algorithm. +.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_SET_IVLEN\s0, ivlen, \s-1NULL\s0)" 4 +.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL)" +Sets the nonce length. This call can only be made before specifying the nonce. +If not called a default nonce length of 12 (i.e. 96 bits) is used. The maximum +nonce length is 12 bytes (i.e. 96\-bits). If a nonce of less than 12 bytes is set +then the nonce is automatically padded with leading 0 bytes to make it 12 bytes +in length. +.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_GET_TAG\s0, taglen, tag)" 4 +.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag)" +Writes \f(CW\*(C`taglen\*(C'\fR bytes of the tag value to the buffer indicated by \f(CW\*(C`tag\*(C'\fR. +This call can only be made when encrypting data and \fBafter\fR all data has been +processed (e.g. after an \fIEVP_EncryptFinal()\fR call). +.Sp +\&\f(CW\*(C`taglen\*(C'\fR specified here must be 16 (\fB\s-1POLY1305_BLOCK_SIZE\s0\fR, i.e. 128\-bits) or +less. +.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_SET_TAG\s0, taglen, tag)" 4 +.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag)" +Sets the expected tag to \f(CW\*(C`taglen\*(C'\fR bytes from \f(CW\*(C`tag\*(C'\fR. +The tag length can only be set before specifying an \s-1IV\s0. +\&\f(CW\*(C`taglen\*(C'\fR must be between 1 and 16 (\fB\s-1POLY1305_BLOCK_SIZE\s0\fR) inclusive. +This call is only valid when decrypting data. +.SH "NOTES" +.IX Header "NOTES" +Where possible the \fB\s-1EVP\s0\fR interface to symmetric ciphers should be used in +preference to the low level interfaces. This is because the code then becomes +transparent to the cipher used and much more flexible. Additionally, the +\&\fB\s-1EVP\s0\fR interface will ensure the use of platform specific cryptographic +acceleration such as AES-NI (the low level interfaces do not provide the +guarantee). +.PP +\&\s-1PKCS\s0 padding works by adding \fBn\fR padding bytes of value \fBn\fR to make the total +length of the encrypted data a multiple of the block size. Padding is always +added so if the data is already a multiple of the block size \fBn\fR will equal +the block size. For example if the block size is 8 and 11 bytes are to be +encrypted then 5 padding bytes of value 5 will be added. +.PP +When decrypting the final block is checked to see if it has the correct form. +.PP +Although the decryption operation can produce an error if padding is enabled, +it is not a strong test that the input data or key is correct. A random block +has better than 1 in 256 chance of being of the correct format and problems with +the input data earlier on will not produce a final decrypt error. +.PP +If padding is disabled then the decryption operation will always succeed if +the total amount of data decrypted is a multiple of the block size. +.PP +The functions \fIEVP_EncryptInit()\fR, \fIEVP_EncryptFinal()\fR, \fIEVP_DecryptInit()\fR, +\&\fIEVP_CipherInit()\fR and \fIEVP_CipherFinal()\fR are obsolete but are retained for +compatibility with existing code. New code should use \fIEVP_EncryptInit_ex()\fR, +\&\fIEVP_EncryptFinal_ex()\fR, \fIEVP_DecryptInit_ex()\fR, \fIEVP_DecryptFinal_ex()\fR, +\&\fIEVP_CipherInit_ex()\fR and \fIEVP_CipherFinal_ex()\fR because they can reuse an +existing context without allocating and freeing it up on each call. +.PP +There are some differences between functions \fIEVP_CipherInit()\fR and +\&\fIEVP_CipherInit_ex()\fR, significant in some circumstances. \fIEVP_CipherInit()\fR fills +the passed context object with zeros. As a consequence, \fIEVP_CipherInit()\fR does +not allow step-by-step initialization of the ctx when the \fIkey\fR and \fIiv\fR are +passed in separate calls. It also means that the flags set for the \s-1CTX\s0 are +removed, and it is especially important for the +\&\fB\s-1EVP_CIPHER_CTX_FLAG_WRAP_ALLOW\s0\fR flag treated specially in +\&\fIEVP_CipherInit_ex()\fR. +.PP +\&\fIEVP_get_cipherbynid()\fR, and \fIEVP_get_cipherbyobj()\fR are implemented as macros. +.SH "BUGS" +.IX Header "BUGS" +\&\fB\s-1EVP_MAX_KEY_LENGTH\s0\fR and \fB\s-1EVP_MAX_IV_LENGTH\s0\fR only refer to the internal +ciphers with default key lengths. If custom ciphers exceed these values the +results are unpredictable. This is because it has become standard practice to +define a generic key as a fixed unsigned char array containing +\&\fB\s-1EVP_MAX_KEY_LENGTH\s0\fR bytes. +.PP +The \s-1ASN1\s0 code is incomplete (and sometimes inaccurate) it has only been tested +for certain common S/MIME ciphers (\s-1RC2\s0, \s-1DES\s0, triple \s-1DES\s0) in \s-1CBC\s0 mode. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Encrypt a string using \s-1IDEA:\s0 +.PP +.Vb 10 +\& int do_crypt(char *outfile) +\& { +\& unsigned char outbuf[1024]; +\& int outlen, tmplen; +\& /* +\& * Bogus key and IV: we\*(Aqd normally set these from +\& * another source. +\& */ +\& unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15}; +\& unsigned char iv[] = {1,2,3,4,5,6,7,8}; +\& char intext[] = "Some Crypto Text"; +\& EVP_CIPHER_CTX *ctx; +\& FILE *out; +\& +\& ctx = EVP_CIPHER_CTX_new(); +\& EVP_EncryptInit_ex(ctx, EVP_idea_cbc(), NULL, key, iv); +\& +\& if (!EVP_EncryptUpdate(ctx, outbuf, &outlen, intext, strlen(intext))) { +\& /* Error */ +\& EVP_CIPHER_CTX_free(ctx); +\& return 0; +\& } +\& /* +\& * Buffer passed to EVP_EncryptFinal() must be after data just +\& * encrypted to avoid overwriting it. +\& */ +\& if (!EVP_EncryptFinal_ex(ctx, outbuf + outlen, &tmplen)) { +\& /* Error */ +\& EVP_CIPHER_CTX_free(ctx); +\& return 0; +\& } +\& outlen += tmplen; +\& EVP_CIPHER_CTX_free(ctx); +\& /* +\& * Need binary mode for fopen because encrypted data is +\& * binary data. Also cannot use strlen() on it because +\& * it won\*(Aqt be NUL terminated and may contain embedded +\& * NULs. +\& */ +\& out = fopen(outfile, "wb"); +\& if (out == NULL) { +\& /* Error */ +\& return 0; +\& } +\& fwrite(outbuf, 1, outlen, out); +\& fclose(out); +\& return 1; +\& } +.Ve +.PP +The ciphertext from the above example can be decrypted using the \fBopenssl\fR +utility with the command line (shown on two lines for clarity): +.PP +.Vb 2 +\& openssl idea \-d \e +\& \-K 000102030405060708090A0B0C0D0E0F \-iv 0102030405060708 . diff --git a/linux_amd64/share/man/man3/EVP_KDF.3 b/linux_amd64/share/man/man3/EVP_KDF.3 new file mode 100755 index 0000000..fc34d52 --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_KDF.3 @@ -0,0 +1,390 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_KDF 3" +.TH EVP_KDF 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_KDF, EVP_KDF_fetch, EVP_KDF_free, EVP_KDF_up_ref, +EVP_KDF_CTX, EVP_KDF_CTX_new, EVP_KDF_CTX_free, EVP_KDF_CTX_dup, +EVP_KDF_reset, EVP_KDF_derive, +EVP_KDF_size, EVP_KDF_provider, EVP_KDF_CTX_kdf, EVP_KDF_is_a, +EVP_KDF_number, EVP_KDF_names_do_all, +EVP_KDF_CTX_get_params, EVP_KDF_CTX_set_params, EVP_KDF_do_all_provided, +EVP_KDF_get_params, EVP_KDF_gettable_ctx_params, EVP_KDF_settable_ctx_params, +EVP_KDF_gettable_params \- EVP KDF routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct evp_kdf_st EVP_KDF; +\& typedef struct evp_kdf_ctx_st EVP_KDF_CTX; +\& +\& EVP_KDF_CTX *EVP_KDF_CTX_new(const EVP_KDF *kdf); +\& const EVP_KDF *EVP_KDF_CTX_kdf(EVP_KDF_CTX *ctx); +\& void EVP_KDF_CTX_free(EVP_KDF_CTX *ctx); +\& EVP_KDF_CTX *EVP_KDF_CTX_dup(const EVP_KDF_CTX *src); +\& void EVP_KDF_reset(EVP_KDF_CTX *ctx); +\& size_t EVP_KDF_size(EVP_KDF_CTX *ctx); +\& int EVP_KDF_derive(EVP_KDF_CTX *ctx, unsigned char *key, size_t keylen); +\& int EVP_KDF_up_ref(EVP_KDF *kdf); +\& void EVP_KDF_free(EVP_KDF *kdf); +\& EVP_KDF *EVP_KDF_fetch(OPENSSL_CTX *libctx, const char *algorithm, +\& const char *properties); +\& int EVP_KDF_number(const EVP_KDF *kdf); +\& int EVP_KDF_is_a(const EVP_KDF *kdf, const char *name); +\& const OSSL_PROVIDER *EVP_KDF_provider(const EVP_KDF *kdf); +\& void EVP_KDF_do_all_provided(OPENSSL_CTX *libctx, +\& void (*fn)(EVP_KDF *kdf, void *arg), +\& void *arg); +\& void EVP_KDF_names_do_all(const EVP_KDF *kdf, +\& void (*fn)(const char *name, void *data), +\& void *data); +\& int EVP_KDF_get_params(EVP_KDF *kdf, OSSL_PARAM params[]); +\& int EVP_KDF_CTX_get_params(EVP_KDF_CTX *ctx, OSSL_PARAM params[]); +\& int EVP_KDF_CTX_set_params(EVP_KDF_CTX *ctx, const OSSL_PARAM params[]); +\& const OSSL_PARAM *EVP_KDF_gettable_params(const EVP_KDF *kdf); +\& const OSSL_PARAM *EVP_KDF_gettable_ctx_params(const EVP_KDF *kdf); +\& const OSSL_PARAM *EVP_KDF_settable_ctx_params(const EVP_KDF *kdf); +\& const OSSL_PROVIDER *EVP_KDF_provider(const EVP_KDF *kdf); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP\s0 \s-1KDF\s0 routines are a high level interface to Key Derivation Function +algorithms and should be used instead of algorithm-specific functions. +.PP +After creating a \fB\s-1EVP_KDF_CTX\s0\fR for the required algorithm using +\&\fIEVP_KDF_CTX_new()\fR, inputs to the algorithm are supplied +using calls to \fIEVP_KDF_CTX_set_params()\fR before +calling \fIEVP_KDF_derive()\fR to derive the key. +.SS "Types" +.IX Subsection "Types" +\&\fB\s-1EVP_KDF\s0\fR is a type that holds the implementation of a \s-1KDF\s0. +.PP +\&\fB\s-1EVP_KDF_CTX\s0\fR is a context type that holds the algorithm inputs. +.SS "Algorithm implementation fetching" +.IX Subsection "Algorithm implementation fetching" +\&\fIEVP_KDF_fetch()\fR fetches an implementation of a \s-1KDF\s0 \fIalgorithm\fR, given +a library context \fIlibctx\fR and a set of \fIproperties\fR. +See \*(L"Fetching algorithms\*(R" in \fIprovider\fR\|(7) for further information. +.PP +The returned value must eventually be freed with +\&\fIEVP_KDF_free\fR\|(3). +.PP +\&\fIEVP_KDF_up_ref()\fR increments the reference count of an already fetched +\&\s-1KDF\s0. +.PP +\&\fIEVP_KDF_free()\fR frees a fetched algorithm. +\&\s-1NULL\s0 is a valid parameter, for which this function is a no-op. +.SS "Context manipulation functions" +.IX Subsection "Context manipulation functions" +\&\fIEVP_KDF_CTX_new()\fR creates a new context for the \s-1KDF\s0 implementation \fIkdf\fR. +.PP +\&\fIEVP_KDF_CTX_free()\fR frees up the context \fIctx\fR. If \fIctx\fR is \s-1NULL\s0, nothing +is done. +.PP +\&\fIEVP_KDF_CTX_kdf()\fR returns the \fB\s-1EVP_KDF\s0\fR associated with the context +\&\fIctx\fR. +.SS "Computing functions" +.IX Subsection "Computing functions" +\&\fIEVP_KDF_reset()\fR resets the context to the default state as if the context +had just been created. +.PP +\&\fIEVP_KDF_derive()\fR derives \fIkeylen\fR bytes of key material and places it in the +\&\fIkey\fR buffer. If the algorithm produces a fixed amount of output then an +error will occur unless the \fIkeylen\fR parameter is equal to that output size, +as returned by \fIEVP_KDF_size()\fR. +.PP +\&\fIEVP_KDF_get_params()\fR retrieves details about the implementation +\&\fIkdf\fR. +The set of parameters given with \fIparams\fR determine exactly what +parameters should be retrieved. +Note that a parameter that is unknown in the underlying context is +simply ignored. +.PP +\&\fIEVP_KDF_CTX_get_params()\fR retrieves chosen parameters, given the +context \fIctx\fR and its underlying context. +The set of parameters given with \fIparams\fR determine exactly what +parameters should be retrieved. +Note that a parameter that is unknown in the underlying context is +simply ignored. +.PP +\&\fIEVP_KDF_CTX_set_params()\fR passes chosen parameters to the underlying +context, given a context \fIctx\fR. +The set of parameters given with \fIparams\fR determine exactly what +parameters are passed down. +Note that a parameter that is unknown in the underlying context is +simply ignored. +Also, what happens when a needed parameter isn't passed down is +defined by the implementation. +.PP +\&\fIEVP_KDF_gettable_params()\fR, \fIEVP_KDF_gettable_ctx_params()\fR and +\&\fIEVP_KDF_settable_ctx_params()\fR get a constant \fB\s-1OSSL_PARAM\s0\fR array that +describes the retrievable and settable parameters, i.e. parameters that +can be used with \fIEVP_KDF_get_params()\fR, \fIEVP_KDF_CTX_get_params()\fR +and \fIEVP_KDF_CTX_set_params()\fR, respectively. +See \s-1\fIOSSL_PARAM\s0\fR\|(3) for the use of \fB\s-1OSSL_PARAM\s0\fR as parameter descriptor. +.SS "Information functions" +.IX Subsection "Information functions" +\&\fIEVP_KDF_size()\fR returns the output size if the algorithm produces a fixed amount +of output and \fB\s-1SIZE_MAX\s0\fR otherwise. If an error occurs then 0 is returned. +For some algorithms an error may result if input parameters necessary to +calculate a fixed output size have not yet been supplied. +.PP +\&\fIEVP_KDF_is_a()\fR returns 1 if \fIkdf\fR is an implementation of an +algorithm that's identifiable with \fIname\fR, otherwise 0. +.PP +\&\fIEVP_KDF_provider()\fR returns the provider that holds the implementation +of the given \fIkdf\fR. +.PP +\&\fIEVP_KDF_do_all_provided()\fR traverses all \s-1KDF\s0 implemented by all activated +providers in the given library context \fIlibctx\fR, and for each of the +implementations, calls the given function \fIfn\fR with the implementation method +and the given \fIarg\fR as argument. +.PP +\&\fIEVP_KDF_number()\fR returns the internal dynamic number assigned to +\&\fIkdf\fR. +.PP +\&\fIEVP_KDF_names_do_all()\fR traverses all names for \fIkdf\fR, and calls +\&\fIfn\fR with each name and \fIdata\fR. +.SH "PARAMETERS" +.IX Header "PARAMETERS" +The standard parameter names are: +.ie n .IP """pass"" (\fB\s-1OSSL_KDF_PARAM_PASSWORD\s0\fR) " 4 +.el .IP "``pass'' (\fB\s-1OSSL_KDF_PARAM_PASSWORD\s0\fR) " 4 +.IX Item "pass (OSSL_KDF_PARAM_PASSWORD) " +Some \s-1KDF\s0 implementations require a password. +For those \s-1KDF\s0 implementations that support it, this parameter sets the password. +.ie n .IP """salt"" (\fB\s-1OSSL_KDF_PARAM_SALT\s0\fR) " 4 +.el .IP "``salt'' (\fB\s-1OSSL_KDF_PARAM_SALT\s0\fR) " 4 +.IX Item "salt (OSSL_KDF_PARAM_SALT) " +Some \s-1KDF\s0 implementations can take a salt. +For those \s-1KDF\s0 implementations that support it, this parameter sets the salt. +.Sp +The default value, if any, is implementation dependent. +.ie n .IP """iter"" (\fB\s-1OSSL_KDF_PARAM_ITER\s0\fR) " 4 +.el .IP "``iter'' (\fB\s-1OSSL_KDF_PARAM_ITER\s0\fR) " 4 +.IX Item "iter (OSSL_KDF_PARAM_ITER) " +Some \s-1KDF\s0 implementations require an iteration count. +For those \s-1KDF\s0 implementations that support it, this parameter sets the +iteration count. +.Sp +The default value, if any, is implementation dependent. +.ie n .IP """properties"" (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``properties'' (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "properties (OSSL_KDF_PARAM_PROPERTIES) " +.PD 0 +.ie n .IP """mac"" (\fB\s-1OSSL_KDF_PARAM_MAC\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``mac'' (\fB\s-1OSSL_KDF_PARAM_MAC\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "mac (OSSL_KDF_PARAM_MAC) " +.ie n .IP """digest"" (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``digest'' (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "digest (OSSL_KDF_PARAM_DIGEST) " +.ie n .IP """cipher"" (\fB\s-1OSSL_KDF_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``cipher'' (\fB\s-1OSSL_KDF_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "cipher (OSSL_KDF_PARAM_CIPHER) " +.PD +For \s-1KDF\s0 implementations that use an underlying computation \s-1MAC\s0, digest or +cipher, these parameters set what the algorithm should be. +.Sp +The value is always the name of the intended algorithm, +or the properties. +.Sp +Note that not all algorithms may support all possible underlying +implementations. +.ie n .IP """key"" (\fB\s-1OSSL_KDF_PARAM_KEY\s0\fR) " 4 +.el .IP "``key'' (\fB\s-1OSSL_KDF_PARAM_KEY\s0\fR) " 4 +.IX Item "key (OSSL_KDF_PARAM_KEY) " +Some \s-1KDF\s0 implementations require a key. +For those \s-1KDF\s0 implementations that support it, this octet string parameter +sets the key. +.ie n .IP """maclen"" (\fB\s-1OSSL_KDF_PARAM_MAC_SIZE\s0\fR) " 4 +.el .IP "``maclen'' (\fB\s-1OSSL_KDF_PARAM_MAC_SIZE\s0\fR) " 4 +.IX Item "maclen (OSSL_KDF_PARAM_MAC_SIZE) " +Used by implementations that use a \s-1MAC\s0 with a variable output size (\s-1KMAC\s0). +For those \s-1KDF\s0 implementations that support it, this parameter +sets the \s-1MAC\s0 output size. +.Sp +The default value, if any, is implementation dependent. +The length must never exceed what can be given with a \fBsize_t\fR. +.ie n .IP """maxmem_bytes"" (\fB\s-1OSSL_KDF_PARAM_SCRYPT_MAXMEM\s0\fR) " 4 +.el .IP "``maxmem_bytes'' (\fB\s-1OSSL_KDF_PARAM_SCRYPT_MAXMEM\s0\fR) " 4 +.IX Item "maxmem_bytes (OSSL_KDF_PARAM_SCRYPT_MAXMEM) " +Memory-hard password-based \s-1KDF\s0 algorithms, such as scrypt, use an amount of +memory that depends on the load factors provided as input. +For those \s-1KDF\s0 implementations that support it, this \fBuint64_t\fR parameter sets +an upper limit on the amount of memory that may be consumed while performing +a key derivation. +If this memory usage limit is exceeded because the load factors are chosen +too high, the key derivation will fail. +.Sp +The default value is implementation dependent. +The memory size must never exceed what can be given with a \fBsize_t\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_KDF_fetch()\fR returns a pointer to a newly fetched \fB\s-1EVP_KDF\s0\fR, or +\&\s-1NULL\s0 if allocation failed. +.PP +\&\fIEVP_KDF_provider()\fR returns a pointer to the provider for the \s-1KDF\s0, or +\&\s-1NULL\s0 on error. +.PP +\&\fIEVP_KDF_up_ref()\fR returns 1 on success, 0 on error. +.PP +\&\fIEVP_KDF_CTX_new()\fR returns either the newly allocated +\&\fB\s-1EVP_KDF_CTX\s0\fR structure or \s-1NULL\s0 if an error occurred. +.PP +\&\fIEVP_KDF_CTX_free()\fR and \fIEVP_KDF_reset()\fR do not return a value. +.PP +\&\fIEVP_KDF_size()\fR returns the output size. \fB\s-1SIZE_MAX\s0\fR is returned to indicate +that the algorithm produces a variable amount of output; 0 to indicate failure. +.PP +The remaining functions return 1 for success and 0 or a negative value for +failure. In particular, a return value of \-2 indicates the operation is not +supported by the \s-1KDF\s0 algorithm. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fIEVP_KDF\-SCRYPT\s0\fR\|(7) +\&\s-1\fIEVP_KDF\-TLS1_PRF\s0\fR\|(7) +\&\s-1\fIEVP_KDF\-PBKDF2\s0\fR\|(7) +\&\s-1\fIEVP_KDF\-HKDF\s0\fR\|(7) +\&\s-1\fIEVP_KDF\-SS\s0\fR\|(7) +\&\s-1\fIEVP_KDF\-SSHKDF\s0\fR\|(7) +\&\s-1\fIEVP_KDF\-X963\s0\fR\|(7) +\&\s-1\fIEVP_KDF\-X942\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +This functionality was added to OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_KEYEXCH_free.3 b/linux_amd64/share/man/man3/EVP_KEYEXCH_free.3 new file mode 100755 index 0000000..0f4bca6 --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_KEYEXCH_free.3 @@ -0,0 +1,212 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_KEYEXCH_FREE 3" +.TH EVP_KEYEXCH_FREE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_KEYEXCH_fetch, EVP_KEYEXCH_free, EVP_KEYEXCH_up_ref, EVP_KEYEXCH_provider, +EVP_KEYEXCH_is_a, EVP_KEYEXCH_do_all_provided, +EVP_KEYEXCH_number, EVP_KEYEXCH_names_do_all +\&\- Functions to manage EVP_KEYEXCH algorithm objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EVP_KEYEXCH *EVP_KEYEXCH_fetch(OPENSSL_CTX *ctx, const char *algorithm, +\& const char *properties); +\& void EVP_KEYEXCH_free(EVP_KEYEXCH *exchange); +\& int EVP_KEYEXCH_up_ref(EVP_KEYEXCH *exchange); +\& OSSL_PROVIDER *EVP_KEYEXCH_provider(const EVP_KEYEXCH *exchange); +\& int EVP_KEYEXCH_is_a(const EVP_KEYEXCH *exchange, const char *name); +\& int EVP_KEYEXCH_number(const EVP_KEYEXCH *exchange); +\& void EVP_KEYEXCH_do_all_provided(OPENSSL_CTX *libctx, +\& void (*fn)(EVP_KEYEXCH *exchange, void *arg), +\& void *arg); +\& void EVP_KEYEXCH_names_do_all(const EVP_KEYEXCH *exchange, +\& void (*fn)(const char *name, void *data), +\& void *data); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIEVP_KEYEXCH_fetch()\fR fetches the key exchange implementation for the given +\&\fIalgorithm\fR from any provider offering it, within the criteria given +by the \fIproperties\fR. +See \*(L"Fetching algorithms\*(R" in \fIprovider\fR\|(7) for further information. +.PP +The returned value must eventually be freed with \fIEVP_KEYEXCH_free()\fR. +.PP +\&\fIEVP_KEYEXCH_free()\fR decrements the reference count for the \fB\s-1EVP_KEYEXCH\s0\fR +structure. Typically this structure will have been obtained from an earlier call +to \fIEVP_KEYEXCH_fetch()\fR. If the reference count drops to 0 then the +structure is freed. +.PP +\&\fIEVP_KEYEXCH_up_ref()\fR increments the reference count for an \fB\s-1EVP_KEYEXCH\s0\fR +structure. +.PP +\&\fIEVP_KEYEXCH_provider()\fR returns the provider that \fIexchange\fR was fetched from. +.PP +\&\fIEVP_KEYEXCH_is_a()\fR checks if \fIexchange\fR is an implementation of an +algorithm that's identifiable with \fIname\fR. +.PP +\&\fIEVP_KEYEXCH_number()\fR returns the internal dynamic number assigned to +the \fIexchange\fR. +.PP +\&\fIEVP_KEYEXCH_names_do_all()\fR traverses all names for the \fIexchange\fR, and +calls \fIfn\fR with each name and \fIdata\fR. +.PP +\&\fIEVP_KEYEXCH_do_all_provided()\fR traverses all key exchange implementations by +all activated providers in the library context \fIlibctx\fR, and for each +of the implementations, calls \fIfn\fR with the implementation method and +\&\fIdata\fR as arguments. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_KEYEXCH_fetch()\fR returns a pointer to a \fB\s-1EVP_KEYEXCH\s0\fR for success +or \s-1NULL\s0 for failure. +.PP +\&\fIEVP_KEYEXCH_up_ref()\fR returns 1 for success or 0 otherwise. +.PP +\&\fIEVP_KEYEXCH_is_a()\fR returns 1 of \fIexchange\fR was identifiable, +otherwise 0. +.PP +\&\fIEVP_KEYEXCH_number()\fR returns an integer. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\*(L"Fetching algorithms\*(R" in \fIprovider\fR\|(7), \s-1\fIOSSL_PROVIDER\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_KEYMGMT.3 b/linux_amd64/share/man/man3/EVP_KEYMGMT.3 new file mode 100755 index 0000000..99d337e --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_KEYMGMT.3 @@ -0,0 +1,236 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_KEYMGMT 3" +.TH EVP_KEYMGMT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_KEYMGMT, +EVP_KEYMGMT_fetch, +EVP_KEYMGMT_up_ref, +EVP_KEYMGMT_free, +EVP_KEYMGMT_provider, +EVP_KEYMGMT_is_a, +EVP_KEYMGMT_number, +EVP_KEYMGMT_do_all_provided, +EVP_KEYMGMT_names_do_all +\&\- EVP key management routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct evp_keymgmt_st EVP_KEYMGMT; +\& +\& EVP_KEYMGMT *EVP_KEYMGMT_fetch(OPENSSL_CTX *ctx, const char *algorithm, +\& const char *properties); +\& int EVP_KEYMGMT_up_ref(EVP_KEYMGMT *keymgmt); +\& void EVP_KEYMGMT_free(EVP_KEYMGMT *keymgmt); +\& const OSSL_PROVIDER *EVP_KEYMGMT_provider(const EVP_KEYMGMT *keymgmt); +\& int EVP_KEYMGMT_is_a(const EVP_KEYMGMT *keymgmt, const char *name); +\& int EVP_KEYMGMT_number(const EVP_KEYMGMT *keymgmt); +\& void EVP_KEYMGMT_do_all_provided(OPENSSL_CTX *libctx, +\& void (*fn)(EVP_KEYMGMT *keymgmt, void *arg), +\& void *arg); +\& void EVP_KEYMGMT_names_do_all(const EVP_KEYMGMT *keymgmt, +\& void (*fn)(const char *name, void *data), +\& void *data); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fB\s-1EVP_KEYMGMT\s0\fR is a method object that represents key management +implementations for different cryptographic algorithms. +This method object provides functionality to have providers import key +material from the outside, as well as export key material to the +outside. +Most of the functionality can only be used internally and has no +public interface, this object is simply passed into other functions +when needed. +.PP +\&\fIEVP_KEYMGMT_fetch()\fR looks for an algorithm within the provider that +has been loaded into the \fB\s-1OPENSSL_CTX\s0\fR given by \fIctx\fR, having the +name given by \fIalgorithm\fR and the properties given by \fIproperties\fR. +.PP +\&\fIEVP_KEYMGMT_up_ref()\fR increments the reference count for the given +\&\fB\s-1EVP_KEYMGMT\s0\fR \fIkeymgmt\fR. +.PP +\&\fIEVP_KEYMGMT_free()\fR decrements the reference count for the given +\&\fB\s-1EVP_KEYMGMT\s0\fR \fIkeymgmt\fR, and when the count reaches zero, frees it. +.PP +\&\fIEVP_KEYMGMT_provider()\fR returns the provider that has this particular +implementation. +.PP +\&\fIEVP_KEYMGMT_is_a()\fR checks if \fIkeymgmt\fR is an implementation of an +algorithm that's identifiable with \fIname\fR. +.PP +\&\fIEVP_KEYMGMT_number()\fR returns the internal dynamic number assigned to +the \fIkeymgmt\fR. +.PP +\&\fIEVP_KEYMGMT_names_do_all()\fR traverses all names for the \fIkeymgmt\fR, and +calls \fIfn\fR with each name and \fIdata\fR. +.PP +\&\fIEVP_KEYMGMT_do_all_provided()\fR traverses all key keymgmt implementations by +all activated providers in the library context \fIlibctx\fR, and for each +of the implementations, calls \fIfn\fR with the implementation method and +\&\fIdata\fR as arguments. +.SH "NOTES" +.IX Header "NOTES" +\&\fIEVP_KEYMGMT_fetch()\fR may be called implicitly by other fetching +functions, using the same library context and properties. +Any other \s-1API\s0 that uses keys will typically do this. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_KEYMGMT_fetch()\fR returns a pointer to the key management +implementation represented by an \s-1EVP_KEYMGMT\s0 object, or \s-1NULL\s0 on +error. +.PP +\&\fIEVP_KEYMGMT_up_ref()\fR returns 1 on success, or 0 on error. +.PP +\&\fIEVP_KEYMGMT_free()\fR doesn't return any value. +.PP +\&\fIEVP_KEYMGMT_provider()\fR returns a pointer to a provider object, or \s-1NULL\s0 +on error. +.PP +\&\fIEVP_KEYMGMT_is_a()\fR returns 1 of \fIkeymgmt\fR was identifiable, +otherwise 0. +.PP +\&\fIEVP_KEYMGMT_number()\fR returns an integer. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_MD_fetch\fR\|(3), \s-1\fIOPENSSL_CTX\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_MAC.3 b/linux_amd64/share/man/man3/EVP_MAC.3 new file mode 100755 index 0000000..3d2c7f5 --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_MAC.3 @@ -0,0 +1,513 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_MAC 3" +.TH EVP_MAC 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_MAC, EVP_MAC_fetch, EVP_MAC_up_ref, EVP_MAC_free, +EVP_MAC_is_a, EVP_MAC_number, EVP_MAC_names_do_all, +EVP_MAC_provider, EVP_MAC_get_params, EVP_MAC_gettable_params, +EVP_MAC_CTX, EVP_MAC_CTX_new, EVP_MAC_CTX_free, EVP_MAC_CTX_dup, +EVP_MAC_CTX_mac, EVP_MAC_CTX_get_params, EVP_MAC_CTX_set_params, +EVP_MAC_size, EVP_MAC_init, EVP_MAC_update, EVP_MAC_final, +EVP_MAC_gettable_ctx_params, EVP_MAC_settable_ctx_params, +EVP_MAC_do_all_provided \- EVP MAC routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct evp_mac_st EVP_MAC; +\& typedef struct evp_mac_ctx_st EVP_MAC_CTX; +\& +\& EVP_MAC *EVP_MAC_fetch(OPENSSL_CTX *libctx, const char *algorithm, +\& const char *properties); +\& int EVP_MAC_up_ref(EVP_MAC *mac); +\& void EVP_MAC_free(EVP_MAC *mac); +\& int EVP_MAC_is_a(const EVP_MAC *mac, const char *name); +\& int EVP_MAC_number(const EVP_MAC *mac); +\& void EVP_MAC_names_do_all(const EVP_MAC *mac, +\& void (*fn)(const char *name, void *data), +\& void *data); +\& const OSSL_PROVIDER *EVP_MAC_provider(const EVP_MAC *mac); +\& int EVP_MAC_get_params(EVP_MAC *mac, OSSL_PARAM params[]); +\& +\& EVP_MAC_CTX *EVP_MAC_CTX_new(EVP_MAC *mac); +\& void EVP_MAC_CTX_free(EVP_MAC_CTX *ctx); +\& EVP_MAC_CTX *EVP_MAC_CTX_dup(const EVP_MAC_CTX *src); +\& EVP_MAC *EVP_MAC_CTX_mac(EVP_MAC_CTX *ctx); +\& int EVP_MAC_CTX_get_params(EVP_MAC_CTX *ctx, OSSL_PARAM params[]); +\& int EVP_MAC_CTX_set_params(EVP_MAC_CTX *ctx, const OSSL_PARAM params[]); +\& +\& size_t EVP_MAC_size(EVP_MAC_CTX *ctx); +\& int EVP_MAC_init(EVP_MAC_CTX *ctx); +\& int EVP_MAC_update(EVP_MAC_CTX *ctx, const unsigned char *data, size_t datalen); +\& int EVP_MAC_final(EVP_MAC_CTX *ctx, +\& unsigned char *out, size_t *outl, size_t outsize); +\& +\& const OSSL_PARAM *EVP_MAC_gettable_params(const EVP_MAC *mac); +\& const OSSL_PARAM *EVP_MAC_gettable_ctx_params(const EVP_MAC *mac); +\& const OSSL_PARAM *EVP_MAC_settable_ctx_params(const EVP_MAC *mac); +\& +\& void EVP_MAC_do_all_provided(OPENSSL_CTX *libctx, +\& void (*fn)(EVP_MAC *mac, void *arg), +\& void *arg); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These types and functions help the application to calculate MACs of +different types and with different underlying algorithms if there are +any. +.PP +MACs are a bit complex insofar that some of them use other algorithms +for actual computation. \s-1HMAC\s0 uses a digest, and \s-1CMAC\s0 uses a cipher. +Therefore, there are sometimes two contexts to keep track of, one for +the \s-1MAC\s0 algorithm itself and one for the underlying computation +algorithm if there is one. +.PP +To make things less ambiguous, this manual talks about a \*(L"context\*(R" or +\&\*(L"\s-1MAC\s0 context\*(R", which is to denote the \s-1MAC\s0 level context, and about a +\&\*(L"underlying context\*(R", or \*(L"computation context\*(R", which is to denote the +context for the underlying computation algorithm if there is one. +.SS "Types" +.IX Subsection "Types" +\&\fB\s-1EVP_MAC\s0\fR is a type that holds the implementation of a \s-1MAC\s0. +.PP +\&\fB\s-1EVP_MAC_CTX\s0\fR is a context type that holds internal \s-1MAC\s0 information +as well as a reference to a computation context, for those MACs that +rely on an underlying computation algorithm. +.SS "Algorithm implementation fetching" +.IX Subsection "Algorithm implementation fetching" +\&\fIEVP_MAC_fetch()\fR fetches an implementation of a \s-1MAC\s0 \fIalgorithm\fR, given +a library context \fIlibctx\fR and a set of \fIproperties\fR. +See \*(L"Fetching algorithms\*(R" in \fIprovider\fR\|(7) for further information. +.PP +The returned value must eventually be freed with +\&\fIEVP_MAC_free\fR\|(3). +.PP +\&\fIEVP_MAC_up_ref()\fR increments the reference count of an already fetched +\&\s-1MAC\s0. +.PP +\&\fIEVP_MAC_free()\fR frees a fetched algorithm. +\&\s-1NULL\s0 is a valid parameter, for which this function is a no-op. +.SS "Context manipulation functions" +.IX Subsection "Context manipulation functions" +\&\fIEVP_MAC_CTX_new()\fR creates a new context for the \s-1MAC\s0 type \fImac\fR. +The created context can then be used with most other functions +described here. +.PP +\&\fIEVP_MAC_CTX_free()\fR frees the contents of the context, including an +underlying context if there is one, as well as the context itself. +\&\s-1NULL\s0 is a valid parameter, for which this function is a no-op. +.PP +\&\fIEVP_MAC_CTX_dup()\fR duplicates the \fIsrc\fR context and returns a newly allocated +context. +.PP +\&\fIEVP_MAC_CTX_mac()\fR returns the \fB\s-1EVP_MAC\s0\fR associated with the context +\&\fIctx\fR. +.SS "Computing functions" +.IX Subsection "Computing functions" +\&\fIEVP_MAC_init()\fR sets up the underlying context with information given +through diverse controls. +This should be called before calling \fIEVP_MAC_update()\fR and +\&\fIEVP_MAC_final()\fR. +.PP +\&\fIEVP_MAC_update()\fR adds \fIdatalen\fR bytes from \fIdata\fR to the \s-1MAC\s0 input. +.PP +\&\fIEVP_MAC_final()\fR does the final computation and stores the result in +the memory pointed at by \fIout\fR of size \fIoutsize\fR, and sets the number +of bytes written in \fI*outl\fR at. +If \fIout\fR is \s-1NULL\s0 or \fIoutsize\fR is too small, then no computation +is made. +To figure out what the output length will be and allocate space for it +dynamically, simply call with \fIout\fR being \s-1NULL\s0 and \fIoutl\fR +pointing at a valid location, then allocate space and make a second +call with \fIout\fR pointing at the allocated space. +.PP +\&\fIEVP_MAC_get_params()\fR retrieves details about the implementation +\&\fImac\fR. +The set of parameters given with \fIparams\fR determine exactly what +parameters should be retrieved. +Note that a parameter that is unknown in the underlying context is +simply ignored. +.PP +\&\fIEVP_MAC_CTX_get_params()\fR retrieves chosen parameters, given the +context \fIctx\fR and its underlying context. +The set of parameters given with \fIparams\fR determine exactly what +parameters should be retrieved. +Note that a parameter that is unknown in the underlying context is +simply ignored. +.PP +\&\fIEVP_MAC_CTX_set_params()\fR passes chosen parameters to the underlying +context, given a context \fIctx\fR. +The set of parameters given with \fIparams\fR determine exactly what +parameters are passed down. +Note that a parameter that is unknown in the underlying context is +simply ignored. +Also, what happens when a needed parameter isn't passed down is +defined by the implementation. +.PP +\&\fIEVP_MAC_gettable_params()\fR, \fIEVP_MAC_gettable_ctx_params()\fR and +\&\fIEVP_MAC_settable_ctx_params()\fR get a constant \fB\s-1OSSL_PARAM\s0\fR array that +describes the retrievable and settable parameters, i.e. parameters that +can be used with \fIEVP_MAC_get_params()\fR, \fIEVP_MAC_CTX_get_params()\fR +and \fIEVP_MAC_CTX_set_params()\fR, respectively. +See \s-1\fIOSSL_PARAM\s0\fR\|(3) for the use of \fB\s-1OSSL_PARAM\s0\fR as parameter descriptor. +.SS "Information functions" +.IX Subsection "Information functions" +\&\fIEVP_MAC_size()\fR returns the \s-1MAC\s0 output size for the given context. +.PP +\&\fIEVP_MAC_is_a()\fR checks if the given \fImac\fR is an implementation of an +algorithm that's identifiable with \fIname\fR. +.PP +\&\fIEVP_MAC_provider()\fR returns the provider that holds the implementation +of the given \fImac\fR. +.PP +\&\fIEVP_MAC_do_all_provided()\fR traverses all \s-1MAC\s0 implemented by all activated +providers in the given library context \fIlibctx\fR, and for each of the +implementations, calls the given function \fIfn\fR with the implementation method +and the given \fIarg\fR as argument. +.PP +\&\fIEVP_MAC_number()\fR returns the internal dynamic number assigned to +\&\fImac\fR. +.PP +\&\fIEVP_MAC_names_do_all()\fR traverses all names for \fImac\fR, and calls +\&\fIfn\fR with each name and \fIdata\fR. +.SH "PARAMETERS" +.IX Header "PARAMETERS" +Parameters are identified by name as strings, and have an expected +data type and maximum size. +OpenSSL has a set of macros for parameter names it expects to see in +its own \s-1MAC\s0 implementations. +Here, we show all three, the OpenSSL macro for the parameter name, the +name in string form, and a type description. +.PP +The standard parameter names are: +.ie n .IP """key"" (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) " 4 +.el .IP "``key'' (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) " 4 +.IX Item "key (OSSL_MAC_PARAM_KEY) " +Its value is the \s-1MAC\s0 key as an array of bytes. +.Sp +For MACs that use an underlying computation algorithm, the algorithm +must be set first, see parameter names \*(L"algorithm\*(R" below. +.ie n .IP """iv"" (\fB\s-1OSSL_MAC_PARAM_IV\s0\fR) " 4 +.el .IP "``iv'' (\fB\s-1OSSL_MAC_PARAM_IV\s0\fR) " 4 +.IX Item "iv (OSSL_MAC_PARAM_IV) " +Some \s-1MAC\s0 implementations require an \s-1IV\s0, this parameter sets the \s-1IV\s0. +.ie n .IP """custom"" (\fB\s-1OSSL_MAC_PARAM_CUSTOM\s0\fR) " 4 +.el .IP "``custom'' (\fB\s-1OSSL_MAC_PARAM_CUSTOM\s0\fR) " 4 +.IX Item "custom (OSSL_MAC_PARAM_CUSTOM) " +Some \s-1MAC\s0 implementations (\s-1KMAC\s0, \s-1BLAKE2\s0) accept a Customization String, +this parameter sets the Customization String. The default value is the +empty string. +.ie n .IP """salt"" (\fB\s-1OSSL_MAC_PARAM_SALT\s0\fR) " 4 +.el .IP "``salt'' (\fB\s-1OSSL_MAC_PARAM_SALT\s0\fR) " 4 +.IX Item "salt (OSSL_MAC_PARAM_SALT) " +This option is used by \s-1BLAKE2\s0 \s-1MAC\s0. +.ie n .IP """xof"" (\fB\s-1OSSL_MAC_PARAM_XOF\s0\fR) " 4 +.el .IP "``xof'' (\fB\s-1OSSL_MAC_PARAM_XOF\s0\fR) " 4 +.IX Item "xof (OSSL_MAC_PARAM_XOF) " +It's a simple flag, the value 0 or 1 are expected. +.Sp +This option is used by \s-1KMAC\s0. +.ie n .IP """flags"" (\fB\s-1OSSL_MAC_PARAM_FLAGS\s0\fR) " 4 +.el .IP "``flags'' (\fB\s-1OSSL_MAC_PARAM_FLAGS\s0\fR) " 4 +.IX Item "flags (OSSL_MAC_PARAM_FLAGS) " +These will set the \s-1MAC\s0 flags to the given numbers. +Some MACs do not support this option. +.ie n .IP """properties"" (\fB\s-1OSSL_MAC_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``properties'' (\fB\s-1OSSL_MAC_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "properties (OSSL_MAC_PARAM_PROPERTIES) " +.PD 0 +.ie n .IP """digest"" (\fB\s-1OSSL_MAC_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``digest'' (\fB\s-1OSSL_MAC_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "digest (OSSL_MAC_PARAM_DIGEST) " +.ie n .IP """cipher"" (\fB\s-1OSSL_MAC_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``cipher'' (\fB\s-1OSSL_MAC_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "cipher (OSSL_MAC_PARAM_CIPHER) " +.PD +For \s-1MAC\s0 implementations that use an underlying computation cipher or +digest, these parameters set what the algorithm should be. +.Sp +The value is always the name of the intended algorithm, +or the properties. +.Sp +Note that not all algorithms may support all digests. +\&\s-1HMAC\s0 does not support variable output length digests such as \s-1SHAKE128\s0 +or \s-1SHAKE256\s0. +.ie n .IP """size"" (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) " 4 +.el .IP "``size'' (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) " 4 +.IX Item "size (OSSL_MAC_PARAM_SIZE) " +For \s-1MAC\s0 implementations that support it, set the output size that +\&\fIEVP_MAC_final()\fR should produce. +The allowed sizes vary between \s-1MAC\s0 implementations, but must never exceed +what can be given with a \fBsize_t\fR. +.PP +All these parameters should be used before the calls to any of +\&\fIEVP_MAC_init()\fR, \fIEVP_MAC_update()\fR and \fIEVP_MAC_final()\fR for a full +computation. +Anything else may give undefined results. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_MAC_fetch()\fR returns a pointer to a newly fetched \s-1EVP_MAC\s0, or +\&\s-1NULL\s0 if allocation failed. +.PP +\&\fIEVP_MAC_up_ref()\fR returns 1 on success, 0 on error. +.PP +\&\fIEVP_MAC_free()\fR returns nothing at all. +.PP +\&\fIEVP_MAC_is_a()\fR returns 1 if the given method can be identified with +the given name, otherwise 0. +.PP +\&\fIEVP_MAC_provider()\fR returns a pointer to the provider for the \s-1MAC\s0, or +\&\s-1NULL\s0 on error. +.PP +\&\fIEVP_MAC_CTX_new()\fR and \fIEVP_MAC_CTX_dup()\fR return a pointer to a newly +created \s-1EVP_MAC_CTX\s0, or \s-1NULL\s0 if allocation failed. +.PP +\&\fIEVP_MAC_CTX_free()\fR returns nothing at all. +.PP +\&\fIEVP_MAC_CTX_get_params()\fR and \fIEVP_MAC_CTX_set_params()\fR return 1 on +success, 0 on error. +.PP +\&\fIEVP_MAC_init()\fR, \fIEVP_MAC_update()\fR, and \fIEVP_MAC_final()\fR return 1 on success, 0 +on error. +.PP +\&\fIEVP_MAC_size()\fR returns the expected output size, or 0 if it isn't +set. +If it isn't set, a call to \fIEVP_MAC_init()\fR should get it set. +.PP +\&\fIEVP_MAC_do_all_provided()\fR returns nothing at all. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +.Vb 5 +\& #include +\& #include +\& #include +\& #include +\& #include +\& +\& #include +\& #include +\& #include +\& +\& int main() { +\& EVP_MAC *mac = EVP_MAC_fetch(NULL, getenv("MY_MAC"), NULL); +\& const char *cipher = getenv("MY_MAC_CIPHER"); +\& const char *digest = getenv("MY_MAC_DIGEST"); +\& const char *key = getenv("MY_KEY"); +\& EVP_MAC_CTX *ctx = NULL; +\& +\& unsigned char buf[4096]; +\& ssize_t read_l; +\& size_t final_l; +\& +\& size_t i; +\& +\& OSSL_PARAM params[4]; +\& size_t params_n = 0; +\& +\& if (cipher != NULL) +\& params[params_n++] = +\& OSSL_PARAM_construct_utf8_string("cipher", cipher, 0, NULL); +\& if (digest != NULL) +\& params[params_n++] = +\& OSSL_PARAM_construct_utf8_string("digest", digest, 0, NULL); +\& params[params_n++] = +\& OSSL_PARAM_construct_octet_string("key", key, strlen(key), NULL); +\& params[params_n] = OSSL_PARAM_construct_end(); +\& +\& if (mac == NULL +\& || key == NULL +\& || (ctx = EVP_MAC_CTX_new(mac)) == NULL +\& || EVP_MAC_CTX_set_params(ctx, params) <= 0) +\& goto err; +\& +\& if (!EVP_MAC_init(ctx)) +\& goto err; +\& +\& while ( (read_l = read(STDIN_FILENO, buf, sizeof(buf))) > 0) { +\& if (!EVP_MAC_update(ctx, buf, read_l)) +\& goto err; +\& } +\& +\& if (!EVP_MAC_final(ctx, buf, &final_l)) +\& goto err; +\& +\& printf("Result: "); +\& for (i = 0; i < final_l; i++) +\& printf("%02X", buf[i]); +\& printf("\en"); +\& +\& EVP_MAC_CTX_free(ctx); +\& EVP_MAC_free(mac); +\& exit(0); +\& +\& err: +\& EVP_MAC_CTX_free(ctx); +\& EVP_MAC_free(mac); +\& fprintf(stderr, "Something went wrong\en"); +\& ERR_print_errors_fp(stderr); +\& exit (1); +\& } +.Ve +.PP +A run of this program, called with correct environment variables, can +look like this: +.PP +.Vb 3 +\& $ MY_MAC=cmac MY_KEY=secret0123456789 MY_MAC_CIPHER=aes\-128\-cbc \e +\& LD_LIBRARY_PATH=. ./foo < foo.c +\& Result: C5C06683CD9DDEF904D754505C560A4E +.Ve +.PP +(in this example, that program was stored in \fIfoo.c\fR and compiled to +\&\fI./foo\fR) +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIproperty\fR\|(7) +\&\s-1\fIOSSL_PARAM\s0\fR\|(3), +\&\s-1\fIEVP_MAC\-BLAKE2\s0\fR\|(7), +\&\s-1\fIEVP_MAC\-CMAC\s0\fR\|(7), +\&\s-1\fIEVP_MAC\-GMAC\s0\fR\|(7), +\&\s-1\fIEVP_MAC\-HMAC\s0\fR\|(7), +\&\s-1\fIEVP_MAC\-KMAC\s0\fR\|(7), +\&\fIEVP_MAC\-Siphash\fR\|(7), +\&\fIEVP_MAC\-Poly1305\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_MD_meth_new.3 b/linux_amd64/share/man/man3/EVP_MD_meth_new.3 new file mode 100755 index 0000000..407066a --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_MD_meth_new.3 @@ -0,0 +1,307 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_MD_METH_NEW 3" +.TH EVP_MD_METH_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_MD_meth_new, EVP_MD_meth_dup, EVP_MD_meth_free, +EVP_MD_meth_set_input_blocksize, +EVP_MD_meth_set_result_size, EVP_MD_meth_set_app_datasize, +EVP_MD_meth_set_flags, EVP_MD_meth_set_init, EVP_MD_meth_set_update, +EVP_MD_meth_set_final, EVP_MD_meth_set_copy, EVP_MD_meth_set_cleanup, +EVP_MD_meth_set_ctrl, EVP_MD_meth_get_input_blocksize, +EVP_MD_meth_get_result_size, EVP_MD_meth_get_app_datasize, +EVP_MD_meth_get_flags, EVP_MD_meth_get_init, EVP_MD_meth_get_update, +EVP_MD_meth_get_final, EVP_MD_meth_get_copy, EVP_MD_meth_get_cleanup, +EVP_MD_meth_get_ctrl +\&\- Routines to build up legacy EVP_MD methods +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type); +\& void EVP_MD_meth_free(EVP_MD *md); +\& EVP_MD *EVP_MD_meth_dup(const EVP_MD *md); +\& +\& int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize); +\& int EVP_MD_meth_set_result_size(EVP_MD *md, int resultsize); +\& int EVP_MD_meth_set_app_datasize(EVP_MD *md, int datasize); +\& int EVP_MD_meth_set_flags(EVP_MD *md, unsigned long flags); +\& int EVP_MD_meth_set_init(EVP_MD *md, int (*init)(EVP_MD_CTX *ctx)); +\& int EVP_MD_meth_set_update(EVP_MD *md, int (*update)(EVP_MD_CTX *ctx, +\& const void *data, +\& size_t count)); +\& int EVP_MD_meth_set_final(EVP_MD *md, int (*final)(EVP_MD_CTX *ctx, +\& unsigned char *md)); +\& int EVP_MD_meth_set_copy(EVP_MD *md, int (*copy)(EVP_MD_CTX *to, +\& const EVP_MD_CTX *from)); +\& int EVP_MD_meth_set_cleanup(EVP_MD *md, int (*cleanup)(EVP_MD_CTX *ctx)); +\& int EVP_MD_meth_set_ctrl(EVP_MD *md, int (*ctrl)(EVP_MD_CTX *ctx, int cmd, +\& int p1, void *p2)); +\& +\& int EVP_MD_meth_get_input_blocksize(const EVP_MD *md); +\& int EVP_MD_meth_get_result_size(const EVP_MD *md); +\& int EVP_MD_meth_get_app_datasize(const EVP_MD *md); +\& unsigned long EVP_MD_meth_get_flags(const EVP_MD *md); +\& int (*EVP_MD_meth_get_init(const EVP_MD *md))(EVP_MD_CTX *ctx); +\& int (*EVP_MD_meth_get_update(const EVP_MD *md))(EVP_MD_CTX *ctx, +\& const void *data, +\& size_t count); +\& int (*EVP_MD_meth_get_final(const EVP_MD *md))(EVP_MD_CTX *ctx, +\& unsigned char *md); +\& int (*EVP_MD_meth_get_copy(const EVP_MD *md))(EVP_MD_CTX *to, +\& const EVP_MD_CTX *from); +\& int (*EVP_MD_meth_get_cleanup(const EVP_MD *md))(EVP_MD_CTX *ctx); +\& int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd, +\& int p1, void *p2); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1EVP_MD\s0\fR type is a structure for digest method implementation. +It can also have associated public/private key signing and verifying +routines. +.PP +\&\fIEVP_MD_meth_new()\fR creates a new \fB\s-1EVP_MD\s0\fR structure. +These \fB\s-1EVP_MD\s0\fR structures are reference counted. +.PP +\&\fIEVP_MD_meth_dup()\fR creates a copy of \fBmd\fR. +.PP +\&\fIEVP_MD_meth_free()\fR decrements the reference count for the \fB\s-1EVP_MD\s0\fR structure. +If the reference count drops to 0 then the structure is freed. +.PP +\&\fIEVP_MD_meth_set_input_blocksize()\fR sets the internal input block size +for the method \fBmd\fR to \fBblocksize\fR bytes. +.PP +\&\fIEVP_MD_meth_set_result_size()\fR sets the size of the result that the +digest method in \fBmd\fR is expected to produce to \fBresultsize\fR bytes. +.PP +The digest method may have its own private data, which OpenSSL will +allocate for it. \fIEVP_MD_meth_set_app_datasize()\fR should be used to +set the size for it to \fBdatasize\fR. +.PP +\&\fIEVP_MD_meth_set_flags()\fR sets the flags to describe optional +behaviours in the particular \fBmd\fR. Several flags can be or'd +together. The available flags are: +.IP "\s-1EVP_MD_FLAG_ONESHOT\s0" 4 +.IX Item "EVP_MD_FLAG_ONESHOT" +This digest method can only handle one block of input. +.IP "\s-1EVP_MD_FLAG_XOF\s0" 4 +.IX Item "EVP_MD_FLAG_XOF" +This digest method is an extensible-output function (\s-1XOF\s0) and supports +the \fB\s-1EVP_MD_CTRL_XOF_LEN\s0\fR control. +.IP "\s-1EVP_MD_FLAG_DIGALGID_NULL\s0" 4 +.IX Item "EVP_MD_FLAG_DIGALGID_NULL" +When setting up a DigestAlgorithmIdentifier, this flag will have the +parameter set to \s-1NULL\s0 by default. Use this for PKCS#1. \fINote: if +combined with \s-1EVP_MD_FLAG_DIGALGID_ABSENT\s0, the latter will override.\fR +.IP "\s-1EVP_MD_FLAG_DIGALGID_ABSENT\s0" 4 +.IX Item "EVP_MD_FLAG_DIGALGID_ABSENT" +When setting up a DigestAlgorithmIdentifier, this flag will have the +parameter be left absent by default. \fINote: if combined with +\&\s-1EVP_MD_FLAG_DIGALGID_NULL\s0, the latter will be overridden.\fR +.IP "\s-1EVP_MD_FLAG_DIGALGID_CUSTOM\s0" 4 +.IX Item "EVP_MD_FLAG_DIGALGID_CUSTOM" +Custom DigestAlgorithmIdentifier handling via ctrl, with +\&\fB\s-1EVP_MD_FLAG_DIGALGID_ABSENT\s0\fR as default. \fINote: if combined with +\&\s-1EVP_MD_FLAG_DIGALGID_NULL\s0, the latter will be overridden.\fR +Currently unused. +.IP "\s-1EVP_MD_FLAG_FIPS\s0" 4 +.IX Item "EVP_MD_FLAG_FIPS" +This digest method is suitable for use in \s-1FIPS\s0 mode. +Currently unused. +.PP +\&\fIEVP_MD_meth_set_init()\fR sets the digest init function for \fBmd\fR. +The digest init function is called by \fIEVP_Digest()\fR, \fIEVP_DigestInit()\fR, +\&\fIEVP_DigestInit_ex()\fR, EVP_SignInit, \fIEVP_SignInit_ex()\fR, \fIEVP_VerifyInit()\fR +and \fIEVP_VerifyInit_ex()\fR. +.PP +\&\fIEVP_MD_meth_set_update()\fR sets the digest update function for \fBmd\fR. +The digest update function is called by \fIEVP_Digest()\fR, \fIEVP_DigestUpdate()\fR and +\&\fIEVP_SignUpdate()\fR. +.PP +\&\fIEVP_MD_meth_set_final()\fR sets the digest final function for \fBmd\fR. +The digest final function is called by \fIEVP_Digest()\fR, \fIEVP_DigestFinal()\fR, +\&\fIEVP_DigestFinal_ex()\fR, \fIEVP_SignFinal()\fR and \fIEVP_VerifyFinal()\fR. +.PP +\&\fIEVP_MD_meth_set_copy()\fR sets the function for \fBmd\fR to do extra +computations after the method's private data structure has been copied +from one \fB\s-1EVP_MD_CTX\s0\fR to another. If all that's needed is to copy +the data, there is no need for this copy function. +Note that the copy function is passed two \fB\s-1EVP_MD_CTX\s0 *\fR, the private +data structure is then available with \fIEVP_MD_CTX_md_data()\fR. +This copy function is called by \fIEVP_MD_CTX_copy()\fR and +\&\fIEVP_MD_CTX_copy_ex()\fR. +.PP +\&\fIEVP_MD_meth_set_cleanup()\fR sets the function for \fBmd\fR to do extra +cleanup before the method's private data structure is cleaned out and +freed. +Note that the cleanup function is passed a \fB\s-1EVP_MD_CTX\s0 *\fR, the +private data structure is then available with \fIEVP_MD_CTX_md_data()\fR. +This cleanup function is called by \fIEVP_MD_CTX_reset()\fR and +\&\fIEVP_MD_CTX_free()\fR. +.PP +\&\fIEVP_MD_meth_set_ctrl()\fR sets the control function for \fBmd\fR. +See \fIEVP_MD_CTX_ctrl\fR\|(3) for the available controls. +.PP +\&\fIEVP_MD_meth_get_input_blocksize()\fR, \fIEVP_MD_meth_get_result_size()\fR, +\&\fIEVP_MD_meth_get_app_datasize()\fR, \fIEVP_MD_meth_get_flags()\fR, +\&\fIEVP_MD_meth_get_init()\fR, \fIEVP_MD_meth_get_update()\fR, +\&\fIEVP_MD_meth_get_final()\fR, \fIEVP_MD_meth_get_copy()\fR, +\&\fIEVP_MD_meth_get_cleanup()\fR and \fIEVP_MD_meth_get_ctrl()\fR are all used +to retrieve the method data given with the EVP_MD_meth_set_*() +functions above. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_MD_meth_new()\fR and \fIEVP_MD_meth_dup()\fR return a pointer to a newly +created \fB\s-1EVP_MD\s0\fR, or \s-1NULL\s0 on failure. +All EVP_MD_meth_set_*() functions return 1. +\&\fIEVP_MD_get_input_blocksize()\fR, \fIEVP_MD_meth_get_result_size()\fR, +\&\fIEVP_MD_meth_get_app_datasize()\fR and \fIEVP_MD_meth_get_flags()\fR return the +indicated sizes or flags. +All other EVP_CIPHER_meth_get_*() functions return pointers to their +respective \fBmd\fR function. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_DigestInit\fR\|(3), \fIEVP_SignInit\fR\|(3), \fIEVP_VerifyInit\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fB\s-1EVP_MD\s0\fR structure was openly available in OpenSSL before version +1.1. +The functions described here were added in OpenSSL 1.1. +The \fB\s-1EVP_MD\s0\fR structure created with these functions became reference +counted in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_OpenInit.3 b/linux_amd64/share/man/man3/EVP_OpenInit.3 new file mode 100755 index 0000000..13c67cc --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_OpenInit.3 @@ -0,0 +1,191 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_OPENINIT 3" +.TH EVP_OPENINIT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_OpenInit, EVP_OpenUpdate, EVP_OpenFinal \- EVP envelope decryption +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_OpenInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char *ek, +\& int ekl, unsigned char *iv, EVP_PKEY *priv); +\& int EVP_OpenUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, +\& int *outl, unsigned char *in, int inl); +\& int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP\s0 envelope routines are a high level interface to envelope +decryption. They decrypt a public key encrypted symmetric key and +then decrypt data using it. +.PP +\&\fIEVP_OpenInit()\fR initializes a cipher context \fBctx\fR for decryption +with cipher \fBtype\fR. It decrypts the encrypted symmetric key of length +\&\fBekl\fR bytes passed in the \fBek\fR parameter using the private key \fBpriv\fR. +The \s-1IV\s0 is supplied in the \fBiv\fR parameter. +.PP +\&\fIEVP_OpenUpdate()\fR and \fIEVP_OpenFinal()\fR have exactly the same properties +as the \fIEVP_DecryptUpdate()\fR and \fIEVP_DecryptFinal()\fR routines, as +documented on the \fIEVP_EncryptInit\fR\|(3) manual +page. +.SH "NOTES" +.IX Header "NOTES" +It is possible to call \fIEVP_OpenInit()\fR twice in the same way as +\&\fIEVP_DecryptInit()\fR. The first call should have \fBpriv\fR set to \s-1NULL\s0 +and (after setting any cipher parameters) it should be called again +with \fBtype\fR set to \s-1NULL\s0. +.PP +If the cipher passed in the \fBtype\fR parameter is a variable length +cipher then the key length will be set to the value of the recovered +key length. If the cipher is a fixed length cipher then the recovered +key length must match the fixed cipher length. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_OpenInit()\fR returns 0 on error or a non zero integer (actually the +recovered secret key size) if successful. +.PP +\&\fIEVP_OpenUpdate()\fR returns 1 for success or 0 for failure. +.PP +\&\fIEVP_OpenFinal()\fR returns 0 if the decrypt failed or 1 for success. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIevp\fR\|(7), \fIRAND_bytes\fR\|(3), +\&\fIEVP_EncryptInit\fR\|(3), +\&\fIEVP_SealInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_PKEY_ASN1_METHOD.3 b/linux_amd64/share/man/man3/EVP_PKEY_ASN1_METHOD.3 new file mode 100755 index 0000000..6e8a11b --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_PKEY_ASN1_METHOD.3 @@ -0,0 +1,579 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_ASN1_METHOD 3" +.TH EVP_PKEY_ASN1_METHOD 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_ASN1_METHOD, +EVP_PKEY_asn1_new, +EVP_PKEY_asn1_copy, +EVP_PKEY_asn1_free, +EVP_PKEY_asn1_add0, +EVP_PKEY_asn1_add_alias, +EVP_PKEY_asn1_set_public, +EVP_PKEY_asn1_set_private, +EVP_PKEY_asn1_set_param, +EVP_PKEY_asn1_set_free, +EVP_PKEY_asn1_set_ctrl, +EVP_PKEY_asn1_set_item, +EVP_PKEY_asn1_set_siginf, +EVP_PKEY_asn1_set_check, +EVP_PKEY_asn1_set_public_check, +EVP_PKEY_asn1_set_param_check, +EVP_PKEY_asn1_set_security_bits, +EVP_PKEY_asn1_set_set_priv_key, +EVP_PKEY_asn1_set_set_pub_key, +EVP_PKEY_asn1_set_get_priv_key, +EVP_PKEY_asn1_set_get_pub_key, +EVP_PKEY_get0_asn1 +\&\- manipulating and registering EVP_PKEY_ASN1_METHOD structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD; +\& +\& EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags, +\& const char *pem_str, +\& const char *info); +\& void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst, +\& const EVP_PKEY_ASN1_METHOD *src); +\& void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth); +\& int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth); +\& int EVP_PKEY_asn1_add_alias(int to, int from); +\& +\& void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*pub_decode) (EVP_PKEY *pk, +\& X509_PUBKEY *pub), +\& int (*pub_encode) (X509_PUBKEY *pub, +\& const EVP_PKEY *pk), +\& int (*pub_cmp) (const EVP_PKEY *a, +\& const EVP_PKEY *b), +\& int (*pub_print) (BIO *out, +\& const EVP_PKEY *pkey, +\& int indent, ASN1_PCTX *pctx), +\& int (*pkey_size) (const EVP_PKEY *pk), +\& int (*pkey_bits) (const EVP_PKEY *pk)); +\& void EVP_PKEY_asn1_set_private(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*priv_decode) (EVP_PKEY *pk, +\& const PKCS8_PRIV_KEY_INFO +\& *p8inf), +\& int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8, +\& const EVP_PKEY *pk), +\& int (*priv_print) (BIO *out, +\& const EVP_PKEY *pkey, +\& int indent, +\& ASN1_PCTX *pctx)); +\& void EVP_PKEY_asn1_set_param(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*param_decode) (EVP_PKEY *pkey, +\& const unsigned char **pder, +\& int derlen), +\& int (*param_encode) (const EVP_PKEY *pkey, +\& unsigned char **pder), +\& int (*param_missing) (const EVP_PKEY *pk), +\& int (*param_copy) (EVP_PKEY *to, +\& const EVP_PKEY *from), +\& int (*param_cmp) (const EVP_PKEY *a, +\& const EVP_PKEY *b), +\& int (*param_print) (BIO *out, +\& const EVP_PKEY *pkey, +\& int indent, +\& ASN1_PCTX *pctx)); +\& +\& void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth, +\& void (*pkey_free) (EVP_PKEY *pkey)); +\& void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*pkey_ctrl) (EVP_PKEY *pkey, int op, +\& long arg1, void *arg2)); +\& void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*item_verify) (EVP_MD_CTX *ctx, +\& const ASN1_ITEM *it, +\& void *asn, +\& X509_ALGOR *a, +\& ASN1_BIT_STRING *sig, +\& EVP_PKEY *pkey), +\& int (*item_sign) (EVP_MD_CTX *ctx, +\& const ASN1_ITEM *it, +\& void *asn, +\& X509_ALGOR *alg1, +\& X509_ALGOR *alg2, +\& ASN1_BIT_STRING *sig)); +\& +\& void EVP_PKEY_asn1_set_siginf(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*siginf_set) (X509_SIG_INFO *siginf, +\& const X509_ALGOR *alg, +\& const ASN1_STRING *sig)); +\& +\& void EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*pkey_check) (const EVP_PKEY *pk)); +\& +\& void EVP_PKEY_asn1_set_public_check(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*pkey_pub_check) (const EVP_PKEY *pk)); +\& +\& void EVP_PKEY_asn1_set_param_check(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*pkey_param_check) (const EVP_PKEY *pk)); +\& +\& void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*pkey_security_bits) (const EVP_PKEY +\& *pk)); +\& +\& void EVP_PKEY_asn1_set_set_priv_key(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*set_priv_key) (EVP_PKEY *pk, +\& const unsigned char +\& *priv, +\& size_t len)); +\& +\& void EVP_PKEY_asn1_set_set_pub_key(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*set_pub_key) (EVP_PKEY *pk, +\& const unsigned char *pub, +\& size_t len)); +\& +\& void EVP_PKEY_asn1_set_get_priv_key(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*get_priv_key) (const EVP_PKEY *pk, +\& unsigned char *priv, +\& size_t *len)); +\& +\& void EVP_PKEY_asn1_set_get_pub_key(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*get_pub_key) (const EVP_PKEY *pk, +\& unsigned char *pub, +\& size_t *len)); +\& +\& const EVP_PKEY_ASN1_METHOD *EVP_PKEY_get0_asn1(const EVP_PKEY *pkey); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR is a structure which holds a set of \s-1ASN\s0.1 +conversion, printing and information methods for a specific public key +algorithm. +.PP +There are two places where the \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR objects are +stored: one is a built-in array representing the standard methods for +different algorithms, and the other one is a stack of user-defined +application-specific methods, which can be manipulated by using +\&\fIEVP_PKEY_asn1_add0\fR\|(3). +.SS "Methods" +.IX Subsection "Methods" +The methods are the underlying implementations of a particular public +key algorithm present by the \fB\s-1EVP_PKEY\s0\fR object. +.PP +.Vb 5 +\& int (*pub_decode) (EVP_PKEY *pk, X509_PUBKEY *pub); +\& int (*pub_encode) (X509_PUBKEY *pub, const EVP_PKEY *pk); +\& int (*pub_cmp) (const EVP_PKEY *a, const EVP_PKEY *b); +\& int (*pub_print) (BIO *out, const EVP_PKEY *pkey, int indent, +\& ASN1_PCTX *pctx); +.Ve +.PP +The \fIpub_decode()\fR and \fIpub_encode()\fR methods are called to decode / +encode \fBX509_PUBKEY\fR \s-1ASN\s0.1 parameters to / from \fBpk\fR. +They \s-1MUST\s0 return 0 on error, 1 on success. +They're called by \fIX509_PUBKEY_get0\fR\|(3) and \fIX509_PUBKEY_set\fR\|(3). +.PP +The \fIpub_cmp()\fR method is called when two public keys are to be +compared. +It \s-1MUST\s0 return 1 when the keys are equal, 0 otherwise. +It's called by \fIEVP_PKEY_cmp\fR\|(3). +.PP +The \fIpub_print()\fR method is called to print a public key in humanly +readable text to \fBout\fR, indented \fBindent\fR spaces. +It \s-1MUST\s0 return 0 on error, 1 on success. +It's called by \fIEVP_PKEY_print_public\fR\|(3). +.PP +.Vb 4 +\& int (*priv_decode) (EVP_PKEY *pk, const PKCS8_PRIV_KEY_INFO *p8inf); +\& int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk); +\& int (*priv_print) (BIO *out, const EVP_PKEY *pkey, int indent, +\& ASN1_PCTX *pctx); +.Ve +.PP +The \fIpriv_decode()\fR and \fIpriv_encode()\fR methods are called to decode / +encode \fB\s-1PKCS8_PRIV_KEY_INFO\s0\fR form private key to / from \fBpk\fR. +They \s-1MUST\s0 return 0 on error, 1 on success. +They're called by \s-1\fIEVP_PKCS82PKEY\s0\fR\|(3) and \s-1\fIEVP_PKEY2PKCS8\s0\fR\|(3). +.PP +The \fIpriv_print()\fR method is called to print a private key in humanly +readable text to \fBout\fR, indented \fBindent\fR spaces. +It \s-1MUST\s0 return 0 on error, 1 on success. +It's called by \fIEVP_PKEY_print_private\fR\|(3). +.PP +.Vb 3 +\& int (*pkey_size) (const EVP_PKEY *pk); +\& int (*pkey_bits) (const EVP_PKEY *pk); +\& int (*pkey_security_bits) (const EVP_PKEY *pk); +.Ve +.PP +The \fIpkey_size()\fR method returns the key size in bytes. +It's called by \fIEVP_PKEY_size\fR\|(3). +.PP +The \fIpkey_bits()\fR method returns the key size in bits. +It's called by \fIEVP_PKEY_bits\fR\|(3). +.PP +.Vb 8 +\& int (*param_decode) (EVP_PKEY *pkey, +\& const unsigned char **pder, int derlen); +\& int (*param_encode) (const EVP_PKEY *pkey, unsigned char **pder); +\& int (*param_missing) (const EVP_PKEY *pk); +\& int (*param_copy) (EVP_PKEY *to, const EVP_PKEY *from); +\& int (*param_cmp) (const EVP_PKEY *a, const EVP_PKEY *b); +\& int (*param_print) (BIO *out, const EVP_PKEY *pkey, int indent, +\& ASN1_PCTX *pctx); +.Ve +.PP +The \fIparam_decode()\fR and \fIparam_encode()\fR methods are called to decode / +encode \s-1DER\s0 formatted parameters to / from \fBpk\fR. +They \s-1MUST\s0 return 0 on error, 1 on success. +They're called by \fIPEM_read_bio_Parameters\fR\|(3) and the \fBfile:\fR +\&\s-1\fIOSSL_STORE_LOADER\s0\fR\|(3). +.PP +The \fIparam_missing()\fR method returns 0 if a key parameter is missing, +otherwise 1. +It's called by \fIEVP_PKEY_missing_parameters\fR\|(3). +.PP +The \fIparam_copy()\fR method copies key parameters from \fBfrom\fR to \fBto\fR. +It \s-1MUST\s0 return 0 on error, 1 on success. +It's called by \fIEVP_PKEY_copy_parameters\fR\|(3). +.PP +The \fIparam_cmp()\fR method compares the parameters of keys \fBa\fR and \fBb\fR. +It \s-1MUST\s0 return 1 when the keys are equal, 0 when not equal, or a +negative number on error. +It's called by \fIEVP_PKEY_cmp_parameters\fR\|(3). +.PP +The \fIparam_print()\fR method prints the private key parameters in humanly +readable text to \fBout\fR, indented \fBindent\fR spaces. +It \s-1MUST\s0 return 0 on error, 1 on success. +It's called by \fIEVP_PKEY_print_params\fR\|(3). +.PP +.Vb 3 +\& int (*sig_print) (BIO *out, +\& const X509_ALGOR *sigalg, const ASN1_STRING *sig, +\& int indent, ASN1_PCTX *pctx); +.Ve +.PP +The \fIsig_print()\fR method prints a signature in humanly readable text to +\&\fBout\fR, indented \fBindent\fR spaces. +\&\fBsigalg\fR contains the exact signature algorithm. +If the signature in \fBsig\fR doesn't correspond to what this method +expects, \fIX509_signature_dump()\fR must be used as a last resort. +It \s-1MUST\s0 return 0 on error, 1 on success. +It's called by \fIX509_signature_print\fR\|(3). +.PP +.Vb 1 +\& void (*pkey_free) (EVP_PKEY *pkey); +.Ve +.PP +The \fIpkey_free()\fR method helps freeing the internals of \fBpkey\fR. +It's called by \fIEVP_PKEY_free\fR\|(3), \fIEVP_PKEY_set_type\fR\|(3), +\&\fIEVP_PKEY_set_type_str\fR\|(3), and \fIEVP_PKEY_assign\fR\|(3). +.PP +.Vb 1 +\& int (*pkey_ctrl) (EVP_PKEY *pkey, int op, long arg1, void *arg2); +.Ve +.PP +The \fIpkey_ctrl()\fR method adds extra algorithm specific control. +It's called by \fIEVP_PKEY_get_default_digest_nid\fR\|(3), +\&\fIEVP_PKEY_supports_digest_nid\fR\|(3), +\&\fIEVP_PKEY_set1_tls_encodedpoint\fR\|(3), +\&\fIEVP_PKEY_get1_tls_encodedpoint\fR\|(3), \fIPKCS7_SIGNER_INFO_set\fR\|(3), +\&\fIPKCS7_RECIP_INFO_set\fR\|(3), ... +.PP +.Vb 3 +\& int (*old_priv_decode) (EVP_PKEY *pkey, +\& const unsigned char **pder, int derlen); +\& int (*old_priv_encode) (const EVP_PKEY *pkey, unsigned char **pder); +.Ve +.PP +The \fIold_priv_decode()\fR and \fIold_priv_encode()\fR methods decode / encode +they private key \fBpkey\fR from / to a \s-1DER\s0 formatted array. +These are exclusively used to help decoding / encoding older (pre +PKCS#8) \s-1PEM\s0 formatted encrypted private keys. +\&\fIold_priv_decode()\fR \s-1MUST\s0 return 0 on error, 1 on success. +\&\fIold_priv_encode()\fR \s-1MUST\s0 the return same kind of values as +\&\fIi2d_PrivateKey()\fR. +They're called by \fId2i_PrivateKey\fR\|(3) and \fIi2d_PrivateKey\fR\|(3). +.PP +.Vb 5 +\& int (*item_verify) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, +\& X509_ALGOR *a, ASN1_BIT_STRING *sig, EVP_PKEY *pkey); +\& int (*item_sign) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, +\& X509_ALGOR *alg1, X509_ALGOR *alg2, +\& ASN1_BIT_STRING *sig); +.Ve +.PP +The \fIitem_sign()\fR and \fIitem_verify()\fR methods make it possible to have +algorithm specific signatures and verification of them. +.PP +\&\fIitem_sign()\fR \s-1MUST\s0 return one of: +.IP "<=0" 4 +.IX Item "<=0" +error +.IP "1" 4 +.IX Item "1" +\&\fIitem_sign()\fR did everything, OpenSSL internals just needs to pass the +signature length back. +.IP "2" 4 +.IX Item "2" +\&\fIitem_sign()\fR did nothing, OpenSSL internal standard routines are +expected to continue with the default signature production. +.IP "3" 4 +.IX Item "3" +\&\fIitem_sign()\fR set the algorithm identifier \fBalgor1\fR and \fBalgor2\fR, +OpenSSL internals should just sign using those algorithms. +.PP +\&\fIitem_verify()\fR \s-1MUST\s0 return one of: +.IP "<=0" 4 +.IX Item "<=0" +error +.IP "1" 4 +.IX Item "1" +\&\fIitem_sign()\fR did everything, OpenSSL internals just needs to pass the +signature length back. +.IP "2" 4 +.IX Item "2" +\&\fIitem_sign()\fR did nothing, OpenSSL internal standard routines are +expected to continue with the default signature production. +.PP +\&\fIitem_verify()\fR and \fIitem_sign()\fR are called by \fIASN1_item_verify\fR\|(3) and +\&\fIASN1_item_sign\fR\|(3), and by extension, \fIX509_verify\fR\|(3), +\&\fIX509_REQ_verify\fR\|(3), \fIX509_sign\fR\|(3), \fIX509_REQ_sign\fR\|(3), ... +.PP +.Vb 2 +\& int (*siginf_set) (X509_SIG_INFO *siginf, const X509_ALGOR *alg, +\& const ASN1_STRING *sig); +.Ve +.PP +The \fIsiginf_set()\fR method is used to set custom \fBX509_SIG_INFO\fR +parameters. +It \s-1MUST\s0 return 0 on error, or 1 on success. +It's called as part of \fIX509_check_purpose\fR\|(3), \fIX509_check_ca\fR\|(3) +and \fIX509_check_issued\fR\|(3). +.PP +.Vb 3 +\& int (*pkey_check) (const EVP_PKEY *pk); +\& int (*pkey_public_check) (const EVP_PKEY *pk); +\& int (*pkey_param_check) (const EVP_PKEY *pk); +.Ve +.PP +The \fIpkey_check()\fR, \fIpkey_public_check()\fR and \fIpkey_param_check()\fR methods are used +to check the validity of \fBpk\fR for key-pair, public component and parameters, +respectively. +They \s-1MUST\s0 return 0 for an invalid key, or 1 for a valid key. +They are called by \fIEVP_PKEY_check\fR\|(3), \fIEVP_PKEY_public_check\fR\|(3) and +\&\fIEVP_PKEY_param_check\fR\|(3) respectively. +.PP +.Vb 2 +\& int (*set_priv_key) (EVP_PKEY *pk, const unsigned char *priv, size_t len); +\& int (*set_pub_key) (EVP_PKEY *pk, const unsigned char *pub, size_t len); +.Ve +.PP +The \fIset_priv_key()\fR and \fIset_pub_key()\fR methods are used to set the raw private and +public key data for an \s-1EVP_PKEY\s0. They \s-1MUST\s0 return 0 on error, or 1 on success. +They are called by \fIEVP_PKEY_new_raw_private_key\fR\|(3), and +\&\fIEVP_PKEY_new_raw_public_key\fR\|(3) respectively. +.PP +.Vb 2 +\& size_t (*dirty) (const EVP_PKEY *pk); +\& void *(*export_to) (const EVP_PKEY *pk, EVP_KEYMGMT *keymgmt); +.Ve +.PP +\&\fIdirty_cnt()\fR returns the internal key's dirty count. +This can be used to synchronise different copies of the same keys. +.PP +The \fIexport_to()\fR method exports the key material from the given key to +a provider, through the \s-1\fIEVP_KEYMGMT\s0\fR\|(3) interface, if that provider +supports importing key material. +.SS "Functions" +.IX Subsection "Functions" +\&\fIEVP_PKEY_asn1_new()\fR creates and returns a new \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR +object, and associates the given \fBid\fR, \fBflags\fR, \fBpem_str\fR and +\&\fBinfo\fR. +\&\fBid\fR is a \s-1NID\s0, \fBpem_str\fR is the \s-1PEM\s0 type string, \fBinfo\fR is a +descriptive string. +The following \fBflags\fR are supported: +.PP +.Vb 1 +\& ASN1_PKEY_SIGPARAM_NULL +.Ve +.PP +If \fB\s-1ASN1_PKEY_SIGPARAM_NULL\s0\fR is set, then the signature algorithm +parameters are given the type \fBV_ASN1_NULL\fR by default, otherwise +they will be given the type \fBV_ASN1_UNDEF\fR (i.e. the parameter is +omitted). +See \fIX509_ALGOR_set0\fR\|(3) for more information. +.PP +\&\fIEVP_PKEY_asn1_copy()\fR copies an \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR object from +\&\fBsrc\fR to \fBdst\fR. +This function is not thread safe, it's recommended to only use this +when initializing the application. +.PP +\&\fIEVP_PKEY_asn1_free()\fR frees an existing \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR pointed +by \fBameth\fR. +.PP +\&\fIEVP_PKEY_asn1_add0()\fR adds \fBameth\fR to the user defined stack of +methods unless another \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR with the same \s-1NID\s0 is +already there. +This function is not thread safe, it's recommended to only use this +when initializing the application. +.PP +\&\fIEVP_PKEY_asn1_add_alias()\fR creates an alias with the \s-1NID\s0 \fBto\fR for the +\&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR with \s-1NID\s0 \fBfrom\fR unless another +\&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR with the same \s-1NID\s0 is already added. +This function is not thread safe, it's recommended to only use this +when initializing the application. +.PP +\&\fIEVP_PKEY_asn1_set_public()\fR, \fIEVP_PKEY_asn1_set_private()\fR, +\&\fIEVP_PKEY_asn1_set_param()\fR, \fIEVP_PKEY_asn1_set_free()\fR, +\&\fIEVP_PKEY_asn1_set_ctrl()\fR, \fIEVP_PKEY_asn1_set_item()\fR, +\&\fIEVP_PKEY_asn1_set_siginf()\fR, \fIEVP_PKEY_asn1_set_check()\fR, +\&\fIEVP_PKEY_asn1_set_public_check()\fR, \fIEVP_PKEY_asn1_set_param_check()\fR, +\&\fIEVP_PKEY_asn1_set_security_bits()\fR, \fIEVP_PKEY_asn1_set_set_priv_key()\fR, +\&\fIEVP_PKEY_asn1_set_set_pub_key()\fR, \fIEVP_PKEY_asn1_set_get_priv_key()\fR and +\&\fIEVP_PKEY_asn1_set_get_pub_key()\fR set the diverse methods of the given +\&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR object. +.PP +\&\fIEVP_PKEY_get0_asn1()\fR finds the \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR associated +with the key \fBpkey\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_PKEY_asn1_new()\fR returns \s-1NULL\s0 on error, or a pointer to an +\&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR object otherwise. +.PP +\&\fIEVP_PKEY_asn1_add0()\fR and \fIEVP_PKEY_asn1_add_alias()\fR return 0 on error, +or 1 on success. +.PP +\&\fIEVP_PKEY_get0_asn1()\fR returns \s-1NULL\s0 on error, or a pointer to a constant +\&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR object otherwise. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_PKEY_CTX_ctrl.3 b/linux_amd64/share/man/man3/EVP_PKEY_CTX_ctrl.3 new file mode 100755 index 0000000..4153901 --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_PKEY_CTX_ctrl.3 @@ -0,0 +1,734 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_CTX_CTRL 3" +.TH EVP_PKEY_CTX_CTRL 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_CTX_get_params, +EVP_PKEY_CTX_gettable_params, +EVP_PKEY_CTX_set_params, +EVP_PKEY_CTX_settable_params, +EVP_PKEY_CTX_ctrl, +EVP_PKEY_CTX_ctrl_str, +EVP_PKEY_CTX_ctrl_uint64, +EVP_PKEY_CTX_md, +EVP_PKEY_CTX_set_signature_md, +EVP_PKEY_CTX_get_signature_md, +EVP_PKEY_CTX_set_mac_key, +EVP_PKEY_CTX_set_rsa_padding, +EVP_PKEY_CTX_get_rsa_padding, +EVP_PKEY_CTX_set_rsa_pss_saltlen, +EVP_PKEY_CTX_get_rsa_pss_saltlen, +EVP_PKEY_CTX_set_rsa_keygen_bits, +EVP_PKEY_CTX_set_rsa_keygen_pubexp, +EVP_PKEY_CTX_set_rsa_keygen_primes, +EVP_PKEY_CTX_set_rsa_mgf1_md_name, +EVP_PKEY_CTX_set_rsa_mgf1_md, +EVP_PKEY_CTX_get_rsa_mgf1_md, +EVP_PKEY_CTX_get_rsa_mgf1_md_name, +EVP_PKEY_CTX_set_rsa_oaep_md_name, +EVP_PKEY_CTX_set_rsa_oaep_md, +EVP_PKEY_CTX_get_rsa_oaep_md, +EVP_PKEY_CTX_get_rsa_oaep_md_name, +EVP_PKEY_CTX_set0_rsa_oaep_label, +EVP_PKEY_CTX_get0_rsa_oaep_label, +EVP_PKEY_CTX_set_dsa_paramgen_bits, +EVP_PKEY_CTX_set_dsa_paramgen_q_bits, +EVP_PKEY_CTX_set_dsa_paramgen_md, +EVP_PKEY_CTX_set_dh_paramgen_prime_len, +EVP_PKEY_CTX_set_dh_paramgen_subprime_len, +EVP_PKEY_CTX_set_dh_paramgen_generator, +EVP_PKEY_CTX_set_dh_paramgen_type, +EVP_PKEY_CTX_set_dh_rfc5114, +EVP_PKEY_CTX_set_dhx_rfc5114, +EVP_PKEY_CTX_set_dh_pad, +EVP_PKEY_CTX_set_dh_nid, +EVP_PKEY_CTX_set_dh_kdf_type, +EVP_PKEY_CTX_get_dh_kdf_type, +EVP_PKEY_CTX_set0_dh_kdf_oid, +EVP_PKEY_CTX_get0_dh_kdf_oid, +EVP_PKEY_CTX_set_dh_kdf_md, +EVP_PKEY_CTX_get_dh_kdf_md, +EVP_PKEY_CTX_set_dh_kdf_outlen, +EVP_PKEY_CTX_get_dh_kdf_outlen, +EVP_PKEY_CTX_set0_dh_kdf_ukm, +EVP_PKEY_CTX_get0_dh_kdf_ukm, +EVP_PKEY_CTX_set_ec_paramgen_curve_nid, +EVP_PKEY_CTX_set_ec_param_enc, +EVP_PKEY_CTX_set_ecdh_cofactor_mode, +EVP_PKEY_CTX_get_ecdh_cofactor_mode, +EVP_PKEY_CTX_set_ecdh_kdf_type, +EVP_PKEY_CTX_get_ecdh_kdf_type, +EVP_PKEY_CTX_set_ecdh_kdf_md, +EVP_PKEY_CTX_get_ecdh_kdf_md, +EVP_PKEY_CTX_set_ecdh_kdf_outlen, +EVP_PKEY_CTX_get_ecdh_kdf_outlen, +EVP_PKEY_CTX_set0_ecdh_kdf_ukm, +EVP_PKEY_CTX_get0_ecdh_kdf_ukm, +EVP_PKEY_CTX_set1_id, EVP_PKEY_CTX_get1_id, EVP_PKEY_CTX_get1_id_len +\&\- algorithm specific control operations +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_CTX_get_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params); +\& const OSSL_PARAM *EVP_PKEY_CTX_gettable_params(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_CTX_set_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params); +\& const OSSL_PARAM *EVP_PKEY_CTX_settable_params(EVP_PKEY_CTX *ctx); +\& +\& int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, +\& int cmd, int p1, void *p2); +\& int EVP_PKEY_CTX_ctrl_uint64(EVP_PKEY_CTX *ctx, int keytype, int optype, +\& int cmd, uint64_t value); +\& int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, +\& const char *value); +\& +\& int EVP_PKEY_CTX_md(EVP_PKEY_CTX *ctx, int optype, int cmd, const char *md); +\& +\& int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); +\& int EVP_PKEY_CTX_get_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD **pmd); +\& +\& int EVP_PKEY_CTX_set_mac_key(EVP_PKEY_CTX *ctx, const unsigned char *key, +\& int len); +\& +\& #include +\& +\& int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int pad); +\& int EVP_PKEY_CTX_get_rsa_padding(EVP_PKEY_CTX *ctx, int *pad); +\& int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int saltlen); +\& int EVP_PKEY_CTX_get_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int *saltlen); +\& int EVP_PKEY_CTX_set_rsa_keygen_bits(EVP_PKEY_CTX *ctx, int mbits); +\& int EVP_PKEY_CTX_set_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *pubexp); +\& int EVP_PKEY_CTX_set_rsa_keygen_primes(EVP_PKEY_CTX *ctx, int primes); +\& int EVP_PKEY_CTX_set_rsa_mgf1_md_name(EVP_PKEY_CTX *ctx, const char *mdname, +\& const char *mdprops); +\& int EVP_PKEY_CTX_set_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); +\& int EVP_PKEY_CTX_get_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD **md); +\& int EVP_PKEY_CTX_get_rsa_mgf1_md_name(EVP_PKEY_CTX *ctx, char *name, +\& size_t namelen); +\& int EVP_PKEY_CTX_set_rsa_oaep_md_name(EVP_PKEY_CTX *ctx, const char *mdname, +\& const char *mdprops); +\& int EVP_PKEY_CTX_set_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); +\& int EVP_PKEY_CTX_get_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD **md); +\& int EVP_PKEY_CTX_get_rsa_oaep_md_name(EVP_PKEY_CTX *ctx, char *name, +\& size_t namelen) +\& int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char *label, int len); +\& int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label); +\& +\& #include +\& +\& int EVP_PKEY_CTX_set_dsa_paramgen_bits(EVP_PKEY_CTX *ctx, int nbits); +\& int EVP_PKEY_CTX_set_dsa_paramgen_q_bits(EVP_PKEY_CTX *ctx, int qbits); +\& int EVP_PKEY_CTX_set_dsa_paramgen_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); +\& +\& #include +\& +\& int EVP_PKEY_CTX_set_dh_paramgen_prime_len(EVP_PKEY_CTX *ctx, int len); +\& int EVP_PKEY_CTX_set_dh_paramgen_subprime_len(EVP_PKEY_CTX *ctx, int len); +\& int EVP_PKEY_CTX_set_dh_paramgen_generator(EVP_PKEY_CTX *ctx, int gen); +\& int EVP_PKEY_CTX_set_dh_paramgen_type(EVP_PKEY_CTX *ctx, int type); +\& int EVP_PKEY_CTX_set_dh_pad(EVP_PKEY_CTX *ctx, int pad); +\& int EVP_PKEY_CTX_set_dh_nid(EVP_PKEY_CTX *ctx, int nid); +\& int EVP_PKEY_CTX_set_dh_rfc5114(EVP_PKEY_CTX *ctx, int rfc5114); +\& int EVP_PKEY_CTX_set_dhx_rfc5114(EVP_PKEY_CTX *ctx, int rfc5114); +\& int EVP_PKEY_CTX_set_dh_kdf_type(EVP_PKEY_CTX *ctx, int kdf); +\& int EVP_PKEY_CTX_get_dh_kdf_type(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_CTX_set0_dh_kdf_oid(EVP_PKEY_CTX *ctx, ASN1_OBJECT *oid); +\& int EVP_PKEY_CTX_get0_dh_kdf_oid(EVP_PKEY_CTX *ctx, ASN1_OBJECT **oid); +\& int EVP_PKEY_CTX_set_dh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); +\& int EVP_PKEY_CTX_get_dh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD **md); +\& int EVP_PKEY_CTX_set_dh_kdf_outlen(EVP_PKEY_CTX *ctx, int len); +\& int EVP_PKEY_CTX_get_dh_kdf_outlen(EVP_PKEY_CTX *ctx, int *len); +\& int EVP_PKEY_CTX_set0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char *ukm, int len); +\& int EVP_PKEY_CTX_get0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm); +\& +\& #include +\& +\& int EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx, int nid); +\& int EVP_PKEY_CTX_set_ec_param_enc(EVP_PKEY_CTX *ctx, int param_enc); +\& int EVP_PKEY_CTX_set_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx, int cofactor_mode); +\& int EVP_PKEY_CTX_get_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_CTX_set_ecdh_kdf_type(EVP_PKEY_CTX *ctx, int kdf); +\& int EVP_PKEY_CTX_get_ecdh_kdf_type(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_CTX_set_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); +\& int EVP_PKEY_CTX_get_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD **md); +\& int EVP_PKEY_CTX_set_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int len); +\& int EVP_PKEY_CTX_get_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int *len); +\& int EVP_PKEY_CTX_set0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char *ukm, int len); +\& int EVP_PKEY_CTX_get0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm); +\& +\& int EVP_PKEY_CTX_set1_id(EVP_PKEY_CTX *ctx, void *id, size_t id_len); +\& int EVP_PKEY_CTX_get1_id(EVP_PKEY_CTX *ctx, void *id); +\& int EVP_PKEY_CTX_get1_id_len(EVP_PKEY_CTX *ctx, size_t *id_len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fIEVP_PKEY_CTX_get_params()\fR and \fIEVP_PKEY_CTX_set_params()\fR functions get and +send arbitrary parameters from and to the algorithm implementation respectively. +Not all parameters may be supported by all providers. +See \s-1\fIOSSL_PROVIDER\s0\fR\|(3) for more information on providers. +See \s-1\fIOSSL_PARAM\s0\fR\|(3) for more information on parameters. +These functions must only be called after the \s-1EVP_PKEY_CTX\s0 has been initialised +for use in an operation. +.PP +The parameters currently supported by the default provider are: +.ie n .IP """pad"" (\fB\s-1OSSL_EXCHANGE_PARAM_PAD\s0\fR) " 4 +.el .IP "``pad'' (\fB\s-1OSSL_EXCHANGE_PARAM_PAD\s0\fR) " 4 +.IX Item "pad (OSSL_EXCHANGE_PARAM_PAD) " +Sets the \s-1DH\s0 padding mode. +If \fB\s-1OSSL_EXCHANGE_PARAM_PAD\s0\fR is 1 then the shared secret is padded with zeros +up to the size of the \s-1DH\s0 prime \fIp\fR. +If \fB\s-1OSSL_EXCHANGE_PARAM_PAD\s0\fR is zero (the default) then no padding is +performed. +.ie n .IP """digest"" (\fB\s-1OSSL_SIGNATURE_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``digest'' (\fB\s-1OSSL_SIGNATURE_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "digest (OSSL_SIGNATURE_PARAM_DIGEST) " +Gets and sets the name of the digest algorithm used for the input to the +signature functions. +.ie n .IP """digest-size"" (\fB\s-1OSSL_SIGNATURE_PARAM_DIGEST_SIZE\s0\fR) " 4 +.el .IP "``digest-size'' (\fB\s-1OSSL_SIGNATURE_PARAM_DIGEST_SIZE\s0\fR) " 4 +.IX Item "digest-size (OSSL_SIGNATURE_PARAM_DIGEST_SIZE) " +Gets and sets the output size of the digest algorithm used for the input to the +signature functions. +The length of the \*(L"digest-size\*(R" parameter should not exceed that of a \fBsize_t\fR. +The internal algorithm that supports this parameter is \s-1DSA\s0. +.PP +\&\fIEVP_PKEY_CTX_gettable_params()\fR and \fIEVP_PKEY_CTX_settable_params()\fR gets a +constant \fB\s-1OSSL_PARAM\s0\fR array that describes the gettable and +settable parameters for the current algorithm implementation, i.e. parameters +that can be used with \fIEVP_PKEY_CTX_get_params()\fR and \fIEVP_PKEY_CTX_set_params()\fR +respectively. +See \s-1\fIOSSL_PARAM\s0\fR\|(3) for the use of \fB\s-1OSSL_PARAM\s0\fR as parameter descriptor. +These functions must only be called after the \s-1EVP_PKEY_CTX\s0 has been initialised +for use in an operation. +.PP +The function \fIEVP_PKEY_CTX_ctrl()\fR sends a control operation to the context +\&\fIctx\fR. The key type used must match \fIkeytype\fR if it is not \-1. The parameter +\&\fIoptype\fR is a mask indicating which operations the control can be applied to. +The control command is indicated in \fIcmd\fR and any additional arguments in +\&\fIp1\fR and \fIp2\fR. +.PP +For \fIcmd\fR = \fB\s-1EVP_PKEY_CTRL_SET_MAC_KEY\s0\fR, \fIp1\fR is the length of the \s-1MAC\s0 key, +and \fIp2\fR is the \s-1MAC\s0 key. This is used by Poly1305, SipHash, \s-1HMAC\s0 and \s-1CMAC\s0. +.PP +Applications will not normally call \fIEVP_PKEY_CTX_ctrl()\fR directly but will +instead call one of the algorithm specific macros below. +.PP +The function \fIEVP_PKEY_CTX_ctrl_uint64()\fR is a wrapper that directly passes a +uint64 value as \fIp2\fR to \fIEVP_PKEY_CTX_ctrl()\fR. +.PP +The function \fIEVP_PKEY_CTX_ctrl_str()\fR allows an application to send an algorithm +specific control operation to a context \fIctx\fR in string form. This is +intended to be used for options specified on the command line or in text +files. The commands supported are documented in the openssl utility +command line pages for the option \fI\-pkeyopt\fR which is supported by the +\&\fIpkeyutl\fR, \fIgenpkey\fR and \fIreq\fR commands. +.PP +The function \fIEVP_PKEY_CTX_md()\fR sends a message digest control operation +to the context \fIctx\fR. The message digest is specified by its name \fImd\fR. +.PP +The \fIEVP_PKEY_CTX_set_signature_md()\fR function sets the message digest type used +in a signature. It can be used in the \s-1RSA\s0, \s-1DSA\s0 and \s-1ECDSA\s0 algorithms. +.PP +The \fIEVP_PKEY_CTX_get_signature_md()\fR function gets the message digest type used +in a signature. It can be used in the \s-1RSA\s0, \s-1DSA\s0 and \s-1ECDSA\s0 algorithms. +.PP +All the remaining \*(L"functions\*(R" are implemented as macros. +.PP +Key generation typically involves setting up parameters to be used and +generating the private and public key data. Some algorithm implementations +allow private key data to be set explicitly using the \fIEVP_PKEY_CTX_set_mac_key()\fR +macro. In this case key generation is simply the process of setting up the +parameters for the key and then setting the raw key data to the value explicitly +provided by that macro. Normally applications would call +\&\fIEVP_PKEY_new_raw_private_key\fR\|(3) or similar functions instead of this macro. +.PP +The \fIEVP_PKEY_CTX_set_mac_key()\fR macro can be used with any of the algorithms +supported by the \fIEVP_PKEY_new_raw_private_key\fR\|(3) function. +.SS "\s-1RSA\s0 parameters" +.IX Subsection "RSA parameters" +The \fIEVP_PKEY_CTX_set_rsa_padding()\fR function sets the \s-1RSA\s0 padding mode for \fIctx\fR. +The \fIpad\fR parameter can take the value \fB\s-1RSA_PKCS1_PADDING\s0\fR for PKCS#1 +padding, \fB\s-1RSA_SSLV23_PADDING\s0\fR for SSLv23 padding, \fB\s-1RSA_NO_PADDING\s0\fR for +no padding, \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR for \s-1OAEP\s0 padding (encrypt and +decrypt only), \fB\s-1RSA_X931_PADDING\s0\fR for X9.31 padding (signature operations +only), \fB\s-1RSA_PKCS1_PSS_PADDING\s0\fR (sign and verify only) and +\&\fB\s-1RSA_PKCS1_WITH_TLS_PADDING\s0\fR for \s-1TLS\s0 \s-1RSA\s0 ClientKeyExchange message padding +(decryption only). +.PP +Two \s-1RSA\s0 padding modes behave differently if \fIEVP_PKEY_CTX_set_signature_md()\fR +is used. If this macro is called for PKCS#1 padding the plaintext buffer is +an actual digest value and is encapsulated in a DigestInfo structure according +to PKCS#1 when signing and this structure is expected (and stripped off) when +verifying. If this control is not used with \s-1RSA\s0 and PKCS#1 padding then the +supplied data is used directly and not encapsulated. In the case of X9.31 +padding for \s-1RSA\s0 the algorithm identifier byte is added or checked and removed +if this control is called. If it is not called then the first byte of the plaintext +buffer is expected to be the algorithm identifier byte. +.PP +The \fIEVP_PKEY_CTX_get_rsa_padding()\fR function gets the \s-1RSA\s0 padding mode for \fIctx\fR. +.PP +The \fIEVP_PKEY_CTX_set_rsa_pss_saltlen()\fR function sets the \s-1RSA\s0 \s-1PSS\s0 salt +length to \fIsaltlen\fR. As its name implies it is only supported for \s-1PSS\s0 +padding. If this function is not called then the maximum salt length +is used when signing and auto detection when verifying. Three special +values are supported: +.IP "\fB\s-1RSA_PSS_SALTLEN_DIGEST\s0\fR" 4 +.IX Item "RSA_PSS_SALTLEN_DIGEST" +sets the salt length to the digest length. +.IP "\fB\s-1RSA_PSS_SALTLEN_MAX\s0\fR" 4 +.IX Item "RSA_PSS_SALTLEN_MAX" +sets the salt length to the maximum permissible value. +.IP "\fB\s-1RSA_PSS_SALTLEN_AUTO\s0\fR" 4 +.IX Item "RSA_PSS_SALTLEN_AUTO" +causes the salt length to be automatically determined based on the +\&\fB\s-1PSS\s0\fR block structure when verifying. When signing, it has the same +meaning as \fB\s-1RSA_PSS_SALTLEN_MAX\s0\fR. +.PP +The \fIEVP_PKEY_CTX_get_rsa_pss_saltlen()\fR function gets the \s-1RSA\s0 \s-1PSS\s0 salt length +for \fIctx\fR. The padding mode must already have been set to +\&\fB\s-1RSA_PKCS1_PSS_PADDING\s0\fR. +.PP +The \fIEVP_PKEY_CTX_set_rsa_keygen_bits()\fR macro sets the \s-1RSA\s0 key length for +\&\s-1RSA\s0 key generation to \fIbits\fR. If not specified 2048 bits is used. +.PP +The \fIEVP_PKEY_CTX_set_rsa_keygen_pubexp()\fR macro sets the public exponent value +for \s-1RSA\s0 key generation to \fIpubexp\fR. Currently it should be an odd integer. The +\&\fIpubexp\fR pointer is used internally by this function so it should not be +modified or freed after the call. If not specified 65537 is used. +.PP +The \fIEVP_PKEY_CTX_set_rsa_keygen_primes()\fR macro sets the number of primes for +\&\s-1RSA\s0 key generation to \fIprimes\fR. If not specified 2 is used. +.PP +The \fIEVP_PKEY_CTX_set_rsa_mgf1_md_name()\fR function sets the \s-1MGF1\s0 digest for \s-1RSA\s0 +padding schemes to the digest named \fImdname\fR. If the \s-1RSA\s0 algorithm +implementation for the selected provider supports it then the digest will be +fetched using the properties \fImdprops\fR. If not explicitly set the signing +digest is used. The padding mode must have been set to \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR +or \fB\s-1RSA_PKCS1_PSS_PADDING\s0\fR. +.PP +The \fIEVP_PKEY_CTX_set_rsa_mgf1_md()\fR function does the same as +\&\fIEVP_PKEY_CTX_set_rsa_mgf1_md_name()\fR except that the name of the digest is +inferred from the supplied \fImd\fR and it is not possible to specify any +properties. +.PP +The \fIEVP_PKEY_CTX_get_rsa_mgf1_md_name()\fR function gets the name of the \s-1MGF1\s0 +digest algorithm for \fIctx\fR. If not explicitly set the signing digest is used. +The padding mode must have been set to \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR or +\&\fB\s-1RSA_PKCS1_PSS_PADDING\s0\fR. +.PP +The \fIEVP_PKEY_CTX_get_rsa_mgf1_md()\fR function does the same as +\&\fIEVP_PKEY_CTX_get_rsa_mgf1_md_name()\fR except that it returns a pointer to an +\&\s-1EVP_MD\s0 object instead. Note that only known, built-in \s-1EVP_MD\s0 objects will be +returned. The \s-1EVP_MD\s0 object may be \s-1NULL\s0 if the digest is not one of these (such +as a digest only implemented in a third party provider). +.PP +The \fIEVP_PKEY_CTX_set_rsa_oaep_md_name()\fR function sets the message digest type +used in \s-1RSA\s0 \s-1OAEP\s0 to the digest named \fImdname\fR. If the \s-1RSA\s0 algorithm +implementation for the selected provider supports it then the digest will be +fetched using the properties \fImdprops\fR. The padding mode must have been set to +\&\fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR. +.PP +The \fIEVP_PKEY_CTX_set_rsa_oaep_md()\fR function does the same as +\&\fIEVP_PKEY_CTX_set_rsa_oaep_md_name()\fR except that the name of the digest is +inferred from the supplied \fImd\fR and it is not possible to specify any +properties. +.PP +The \fIEVP_PKEY_CTX_get_rsa_oaep_md_name()\fR function gets the message digest +algorithm name used in \s-1RSA\s0 \s-1OAEP\s0 and stores it in the buffer \fIname\fR which is of +size \fInamelen\fR. The padding mode must have been set to +\&\fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR. The buffer should be sufficiently large for any +expected digest algorithm names or the function will fail. +.PP +The \fIEVP_PKEY_CTX_get_rsa_oaep_md()\fR function does the same as +\&\fIEVP_PKEY_CTX_get_rsa_oaep_md_name()\fR except that it returns a pointer to an +\&\s-1EVP_MD\s0 object instead. Note that only known, built-in \s-1EVP_MD\s0 objects will be +returned. The \s-1EVP_MD\s0 object may be \s-1NULL\s0 if the digest is not one of these (such +as a digest only implemented in a third party provider). +.PP +The \fIEVP_PKEY_CTX_set0_rsa_oaep_label()\fR function sets the \s-1RSA\s0 \s-1OAEP\s0 label to +\&\fIlabel\fR and its length to \fIlen\fR. If \fIlabel\fR is \s-1NULL\s0 or \fIlen\fR is 0, +the label is cleared. The library takes ownership of the label so the +caller should not free the original memory pointed to by \fIlabel\fR. +The padding mode must have been set to \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR. +.PP +The \fIEVP_PKEY_CTX_get0_rsa_oaep_label()\fR function gets the \s-1RSA\s0 \s-1OAEP\s0 label to +\&\fIlabel\fR. The return value is the label length. The padding mode +must have been set to \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR. The resulting pointer is owned +by the library and should not be freed by the caller. +.PP +\&\fB\s-1RSA_PKCS1_WITH_TLS_PADDING\s0\fR is used when decrypting an \s-1RSA\s0 encrypted \s-1TLS\s0 +pre-master secret in a \s-1TLS\s0 ClientKeyExchange message. It is the same as +\&\s-1RSA_PKCS1_PADDING\s0 except that it additionally verifies that the result is the +correct length and the first two bytes are the protocol version initially +requested by the client. If the encrypted content is publicly invalid then the +decryption will fail. However, if the padding checks fail then decryption will +still appear to succeed but a random \s-1TLS\s0 premaster secret will be returned +instead. This padding mode accepts two parameters which can be set using the +\&\fIEVP_PKEY_CTX_set_params\fR\|(3) function. These are +\&\s-1OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION\s0 and +\&\s-1OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION\s0, both of which are expected to be +unsigned integers. Normally only the first of these will be set and represents +the \s-1TLS\s0 protocol version that was first requested by the client (e.g. 0x0303 for +TLSv1.2, 0x0302 for TLSv1.1 etc). Historically some buggy clients would use the +negotiated protocol version instead of the protocol version first requested. If +this behaviour should be tolerated then +\&\s-1OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION\s0 should be set to the actual +negotiated protocol version. Otherwise it should be left unset. +.SS "\s-1DSA\s0 parameters" +.IX Subsection "DSA parameters" +The \fIEVP_PKEY_CTX_set_dsa_paramgen_bits()\fR macro sets the number of bits used +for \s-1DSA\s0 parameter generation to \fInbits\fR. If not specified, 2048 is used. +.PP +The \fIEVP_PKEY_CTX_set_dsa_paramgen_q_bits()\fR macro sets the number of bits in the +subprime parameter \fIq\fR for \s-1DSA\s0 parameter generation to \fIqbits\fR. If not +specified, 224 is used. If a digest function is specified below, this parameter +is ignored and instead, the number of bits in \fIq\fR matches the size of the +digest. +.PP +The \fIEVP_PKEY_CTX_set_dsa_paramgen_md()\fR macro sets the digest function used for +\&\s-1DSA\s0 parameter generation to \fImd\fR. If not specified, one of \s-1SHA\-1\s0, \s-1SHA\-224\s0, or +\&\s-1SHA\-256\s0 is selected to match the bit length of \fIq\fR above. +.SS "\s-1DH\s0 parameters" +.IX Subsection "DH parameters" +The \fIEVP_PKEY_CTX_set_dh_paramgen_prime_len()\fR macro sets the length of the \s-1DH\s0 +prime parameter \fIp\fR for \s-1DH\s0 parameter generation. If this macro is not called +then 2048 is used. Only accepts lengths greater than or equal to 256. +.PP +The \fIEVP_PKEY_CTX_set_dh_paramgen_subprime_len()\fR macro sets the length of the \s-1DH\s0 +optional subprime parameter \fIq\fR for \s-1DH\s0 parameter generation. The default is +256 if the prime is at least 2048 bits long or 160 otherwise. The \s-1DH\s0 +paramgen type must have been set to \fB\s-1DH_PARAMGEN_TYPE_FIPS_186_2\s0\fR or +\&\fB\s-1DH_PARAMGEN_TYPE_FIPS_186_4\s0\fR. +.PP +The \fIEVP_PKEY_CTX_set_dh_paramgen_generator()\fR macro sets \s-1DH\s0 generator to \fIgen\fR +for \s-1DH\s0 parameter generation. If not specified 2 is used. +.PP +The \fIEVP_PKEY_CTX_set_dh_paramgen_type()\fR macro sets the key type for \s-1DH\s0 +parameter generation. The supported parameters are: +.IP "\fB\s-1DH_PARAMGEN_TYPE_GENERATOR\s0\fR" 4 +.IX Item "DH_PARAMGEN_TYPE_GENERATOR" +Uses a generator g (PKCS#3 format). +.IP "\fB\s-1DH_PARAMGEN_TYPE_FIPS_186_2\s0\fR" 4 +.IX Item "DH_PARAMGEN_TYPE_FIPS_186_2" +\&\s-1FIPS186\-2\s0 \s-1FFC\s0 parameter generator (X9.42 \s-1DH\s0). +.IP "\fB\s-1DH_PARAMGEN_TYPE_FIPS_186_4\s0\fR" 4 +.IX Item "DH_PARAMGEN_TYPE_FIPS_186_4" +\&\s-1FIPS186\-4\s0 \s-1FFC\s0 parameter generator. +.PP +The default is \fB\s-1DH_PARAMGEN_TYPE_GENERATOR\s0\fR. +.PP +The \fIEVP_PKEY_CTX_set_dh_pad()\fR function sets the \s-1DH\s0 padding mode. +If \fIpad\fR is 1 the shared secret is padded with zeros up to the size of the \s-1DH\s0 +prime \fIp\fR. +If \fIpad\fR is zero (the default) then no padding is performed. +.PP +\&\fIEVP_PKEY_CTX_set_dh_nid()\fR sets the \s-1DH\s0 parameters to values corresponding to +\&\fInid\fR as defined in \s-1RFC7919\s0 or \s-1RFC3526\s0. The \fInid\fR parameter must be +\&\fBNID_ffdhe2048\fR, \fBNID_ffdhe3072\fR, \fBNID_ffdhe4096\fR, \fBNID_ffdhe6144\fR, +\&\fBNID_ffdhe8192\fR, \fBNID_modp_1536\fR, \fBNID_modp_2048\fR, \fBNID_modp_3072\fR, +\&\fBNID_modp_4096\fR, \fBNID_modp_6144\fR, \fBNID_modp_8192\fR or \fBNID_undef\fR to clear +the stored value. This macro can be called during parameter or key generation. +The nid parameter and the rfc5114 parameter are mutually exclusive. +.PP +The \fIEVP_PKEY_CTX_set_dh_rfc5114()\fR and \fIEVP_PKEY_CTX_set_dhx_rfc5114()\fR macros are +synonymous. They set the \s-1DH\s0 parameters to the values defined in \s-1RFC5114\s0. The +\&\fIrfc5114\fR parameter must be 1, 2 or 3 corresponding to \s-1RFC5114\s0 sections +2.1, 2.2 and 2.3. or 0 to clear the stored value. This macro can be called +during parameter generation. The \fIctx\fR must have a key type of +\&\fB\s-1EVP_PKEY_DHX\s0\fR. +The rfc5114 parameter and the nid parameter are mutually exclusive. +.SS "\s-1DH\s0 key derivation function parameters" +.IX Subsection "DH key derivation function parameters" +Note that all of the following functions require that the \fIctx\fR parameter has +a private key type of \fB\s-1EVP_PKEY_DHX\s0\fR. When using key derivation, the output of +\&\fIEVP_PKEY_derive()\fR is the output of the \s-1KDF\s0 instead of the \s-1DH\s0 shared secret. +The \s-1KDF\s0 output is typically used as a Key Encryption Key (\s-1KEK\s0) that in turn +encrypts a Content Encryption Key (\s-1CEK\s0). +.PP +The \fIEVP_PKEY_CTX_set_dh_kdf_type()\fR macro sets the key derivation function type +to \fIkdf\fR for \s-1DH\s0 key derivation. Possible values are \fB\s-1EVP_PKEY_DH_KDF_NONE\s0\fR +and \fB\s-1EVP_PKEY_DH_KDF_X9_42\s0\fR which uses the key derivation specified in \s-1RFC2631\s0 +(based on the keying algorithm described in X9.42). When using key derivation, +the \fIkdf_oid\fR, \fIkdf_md\fR and \fIkdf_outlen\fR parameters must also be specified. +.PP +The \fIEVP_PKEY_CTX_get_dh_kdf_type()\fR macro gets the key derivation function type +for \fIctx\fR used for \s-1DH\s0 key derivation. Possible values are \fB\s-1EVP_PKEY_DH_KDF_NONE\s0\fR +and \fB\s-1EVP_PKEY_DH_KDF_X9_42\s0\fR. +.PP +The \fIEVP_PKEY_CTX_set0_dh_kdf_oid()\fR macro sets the key derivation function +object identifier to \fIoid\fR for \s-1DH\s0 key derivation. This \s-1OID\s0 should identify +the algorithm to be used with the Content Encryption Key. +The library takes ownership of the object identifier so the caller should not +free the original memory pointed to by \fIoid\fR. +.PP +The \fIEVP_PKEY_CTX_get0_dh_kdf_oid()\fR macro gets the key derivation function oid +for \fIctx\fR used for \s-1DH\s0 key derivation. The resulting pointer is owned by the +library and should not be freed by the caller. +.PP +The \fIEVP_PKEY_CTX_set_dh_kdf_md()\fR macro sets the key derivation function +message digest to \fImd\fR for \s-1DH\s0 key derivation. Note that \s-1RFC2631\s0 specifies +that this digest should be \s-1SHA1\s0 but OpenSSL tolerates other digests. +.PP +The \fIEVP_PKEY_CTX_get_dh_kdf_md()\fR macro gets the key derivation function +message digest for \fIctx\fR used for \s-1DH\s0 key derivation. +.PP +The \fIEVP_PKEY_CTX_set_dh_kdf_outlen()\fR macro sets the key derivation function +output length to \fIlen\fR for \s-1DH\s0 key derivation. +.PP +The \fIEVP_PKEY_CTX_get_dh_kdf_outlen()\fR macro gets the key derivation function +output length for \fIctx\fR used for \s-1DH\s0 key derivation. +.PP +The \fIEVP_PKEY_CTX_set0_dh_kdf_ukm()\fR macro sets the user key material to +\&\fIukm\fR and its length to \fIlen\fR for \s-1DH\s0 key derivation. This parameter is optional +and corresponds to the partyAInfo field in \s-1RFC2631\s0 terms. The specification +requires that it is 512 bits long but this is not enforced by OpenSSL. +The library takes ownership of the user key material so the caller should not +free the original memory pointed to by \fIukm\fR. +.PP +The \fIEVP_PKEY_CTX_get0_dh_kdf_ukm()\fR macro gets the user key material for \fIctx\fR. +The return value is the user key material length. The resulting pointer is owned +by the library and should not be freed by the caller. +.SS "\s-1EC\s0 parameters" +.IX Subsection "EC parameters" +The \fIEVP_PKEY_CTX_set_ec_paramgen_curve_nid()\fR sets the \s-1EC\s0 curve for \s-1EC\s0 parameter +generation to \fInid\fR. For \s-1EC\s0 parameter generation this macro must be called +or an error occurs because there is no default curve. +This function can also be called to set the curve explicitly when +generating an \s-1EC\s0 key. +.PP +The \fIEVP_PKEY_CTX_set_ec_param_enc()\fR macro sets the \s-1EC\s0 parameter encoding to +\&\fIparam_enc\fR when generating \s-1EC\s0 parameters or an \s-1EC\s0 key. The encoding can be +\&\fB\s-1OPENSSL_EC_EXPLICIT_CURVE\s0\fR for explicit parameters (the default in versions +of OpenSSL before 1.1.0) or \fB\s-1OPENSSL_EC_NAMED_CURVE\s0\fR to use named curve form. +For maximum compatibility the named curve form should be used. Note: the +\&\fB\s-1OPENSSL_EC_NAMED_CURVE\s0\fR value was added in OpenSSL 1.1.0; previous +versions should use 0 instead. +.SS "\s-1ECDH\s0 parameters" +.IX Subsection "ECDH parameters" +The \fIEVP_PKEY_CTX_set_ecdh_cofactor_mode()\fR macro sets the cofactor mode to +\&\fIcofactor_mode\fR for \s-1ECDH\s0 key derivation. Possible values are 1 to enable +cofactor key derivation, 0 to disable it and \-1 to clear the stored cofactor +mode and fallback to the private key cofactor mode. +.PP +The \fIEVP_PKEY_CTX_get_ecdh_cofactor_mode()\fR macro returns the cofactor mode for +\&\fIctx\fR used for \s-1ECDH\s0 key derivation. Possible values are 1 when cofactor key +derivation is enabled and 0 otherwise. +.SS "\s-1ECDH\s0 key derivation function parameters" +.IX Subsection "ECDH key derivation function parameters" +The \fIEVP_PKEY_CTX_set_ecdh_kdf_type()\fR macro sets the key derivation function type +to \fIkdf\fR for \s-1ECDH\s0 key derivation. Possible values are \fB\s-1EVP_PKEY_ECDH_KDF_NONE\s0\fR +and \fB\s-1EVP_PKEY_ECDH_KDF_X9_63\s0\fR which uses the key derivation specified in X9.63. +When using key derivation, the \fIkdf_md\fR and \fIkdf_outlen\fR parameters must +also be specified. +.PP +The \fIEVP_PKEY_CTX_get_ecdh_kdf_type()\fR macro returns the key derivation function +type for \fIctx\fR used for \s-1ECDH\s0 key derivation. Possible values are +\&\fB\s-1EVP_PKEY_ECDH_KDF_NONE\s0\fR and \fB\s-1EVP_PKEY_ECDH_KDF_X9_63\s0\fR. +.PP +The \fIEVP_PKEY_CTX_set_ecdh_kdf_md()\fR macro sets the key derivation function +message digest to \fImd\fR for \s-1ECDH\s0 key derivation. Note that X9.63 specifies +that this digest should be \s-1SHA1\s0 but OpenSSL tolerates other digests. +.PP +The \fIEVP_PKEY_CTX_get_ecdh_kdf_md()\fR macro gets the key derivation function +message digest for \fIctx\fR used for \s-1ECDH\s0 key derivation. +.PP +The \fIEVP_PKEY_CTX_set_ecdh_kdf_outlen()\fR macro sets the key derivation function +output length to \fIlen\fR for \s-1ECDH\s0 key derivation. +.PP +The \fIEVP_PKEY_CTX_get_ecdh_kdf_outlen()\fR macro gets the key derivation function +output length for \fIctx\fR used for \s-1ECDH\s0 key derivation. +.PP +The \fIEVP_PKEY_CTX_set0_ecdh_kdf_ukm()\fR macro sets the user key material to \fIukm\fR +for \s-1ECDH\s0 key derivation. This parameter is optional and corresponds to the +shared info in X9.63 terms. The library takes ownership of the user key material +so the caller should not free the original memory pointed to by \fIukm\fR. +.PP +The \fIEVP_PKEY_CTX_get0_ecdh_kdf_ukm()\fR macro gets the user key material for \fIctx\fR. +The return value is the user key material length. The resulting pointer is owned +by the library and should not be freed by the caller. +.SS "Other parameters" +.IX Subsection "Other parameters" +The \fIEVP_PKEY_CTX_set1_id()\fR, \fIEVP_PKEY_CTX_get1_id()\fR and \fIEVP_PKEY_CTX_get1_id_len()\fR +macros are used to manipulate the special identifier field for specific signature +algorithms such as \s-1SM2\s0. The \fIEVP_PKEY_CTX_set1_id()\fR sets an \s-1ID\s0 pointed by \fIid\fR with +the length \fIid_len\fR to the library. The library takes a copy of the id so that +the caller can safely free the original memory pointed to by \fIid\fR. The +\&\fIEVP_PKEY_CTX_get1_id_len()\fR macro returns the length of the \s-1ID\s0 set via a previous +call to \fIEVP_PKEY_CTX_set1_id()\fR. The length is usually used to allocate adequate +memory for further calls to \fIEVP_PKEY_CTX_get1_id()\fR. The \fIEVP_PKEY_CTX_get1_id()\fR +macro returns the previously set \s-1ID\s0 value to caller in \fIid\fR. The caller should +allocate adequate memory space for the \fIid\fR before calling \fIEVP_PKEY_CTX_get1_id()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_PKEY_CTX_set_params()\fR returns 1 for success or 0 otherwise. +\&\fIEVP_PKEY_CTX_settable_params()\fR returns an \s-1OSSL_PARAM\s0 array on success or \s-1NULL\s0 on +error. +It may also return \s-1NULL\s0 if there are no settable parameters available. +.PP +All other functions and macros described on this page return a positive value +for success and 0 or a negative value for failure. In particular a return value +of \-2 indicates the operation is not supported by the public key algorithm. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_PKEY_CTX_new\fR\|(3), +\&\fIEVP_PKEY_encrypt\fR\|(3), +\&\fIEVP_PKEY_decrypt\fR\|(3), +\&\fIEVP_PKEY_sign\fR\|(3), +\&\fIEVP_PKEY_verify\fR\|(3), +\&\fIEVP_PKEY_verify_recover\fR\|(3), +\&\fIEVP_PKEY_derive\fR\|(3), +\&\fIEVP_PKEY_keygen\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIEVP_PKEY_CTX_get_signature_md()\fR, \fIEVP_PKEY_CTX_set_signature_md()\fR, +\&\fIEVP_PKEY_CTX_set_dh_pad()\fR, \fIEVP_PKEY_CTX_set_rsa_padding()\fR, +\&\fIEVP_PKEY_CTX_get_rsa_padding()\fR, \fIEVP_PKEY_CTX_get_rsa_mgf1_md()\fR, +\&\fIEVP_PKEY_CTX_set_rsa_mgf1_md()\fR, \fIEVP_PKEY_CTX_set_rsa_oaep_md()\fR, +\&\fIEVP_PKEY_CTX_get_rsa_oaep_md()\fR, \fIEVP_PKEY_CTX_set0_rsa_oaep_label()\fR, +\&\fIEVP_PKEY_CTX_get0_rsa_oaep_label()\fR, \fIEVP_PKEY_CTX_set_rsa_pss_saltlen()\fR, +\&\fIEVP_PKEY_CTX_get_rsa_pss_saltlen()\fR, were macros in OpenSSL 1.1.1 and below. +From OpenSSL 3.0 they are functions. +.PP +\&\fIEVP_PKEY_CTX_get_rsa_oaep_md_name()\fR, \fIEVP_PKEY_CTX_get_rsa_mgf1_md_name()\fR, +\&\fIEVP_PKEY_CTX_set_rsa_mgf1_md_name()\fR and \fIEVP_PKEY_CTX_set_rsa_oaep_md_name()\fR were +added in OpenSSL 3.0. +.PP +The \fIEVP_PKEY_CTX_set1_id()\fR, \fIEVP_PKEY_CTX_get1_id()\fR and +\&\fIEVP_PKEY_CTX_get1_id_len()\fR macros were added in 1.1.1, other functions were +added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_PKEY_CTX_new.3 b/linux_amd64/share/man/man3/EVP_PKEY_CTX_new.3 new file mode 100755 index 0000000..deea118 --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_PKEY_CTX_new.3 @@ -0,0 +1,216 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_CTX_NEW 3" +.TH EVP_PKEY_CTX_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_CTX_new, EVP_PKEY_CTX_new_id, EVP_PKEY_CTX_new_from_name, +EVP_PKEY_CTX_new_from_pkey, EVP_PKEY_CTX_dup, EVP_PKEY_CTX_free +\&\- public key algorithm context functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e); +\& EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e); +\& EVP_PKEY_CTX *EVP_PKEY_CTX_new_from_name(OPENSSL_CTX *libctx, +\& const char *name, +\& const char *propquery); +\& EVP_PKEY_CTX *EVP_PKEY_CTX_new_from_pkey(OPENSSL_CTX *libctx, +\& EVP_PKEY *pkey); +\& EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *ctx); +\& void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fIEVP_PKEY_CTX_new()\fR function allocates public key algorithm context using +the \fIpkey\fR key type and \s-1ENGINE\s0 \fIe\fR. +.PP +The \fIEVP_PKEY_CTX_new_id()\fR function allocates public key algorithm context +using the key type specified by \fIid\fR and \s-1ENGINE\s0 \fIe\fR. +.PP +The \fIEVP_PKEY_CTX_new_from_name()\fR function allocates a public key algorithm +context using the library context \fIlibctx\fR (see \s-1\fIOPENSSL_CTX\s0\fR\|(3)), the +key type specified by \fIname\fR and the property query \fIpropquery\fR. None +of the arguments are duplicated, so they must remain unchanged for the +lifetime of the returned \fB\s-1EVP_PKEY_CTX\s0\fR or of any of its duplicates. +.PP +The \fIEVP_PKEY_CTX_new_from_pkey()\fR function allocates a public key algorithm +context using the library context \fIlibctx\fR (see \s-1\fIOPENSSL_CTX\s0\fR\|(3)) and the +algorithm specified by \fIpkey\fR and the property query \fIpropquery\fR. None of the +arguments are duplicated, so they must remain unchanged for the lifetime of the +returned \fB\s-1EVP_PKEY_CTX\s0\fR or any of its duplicates. +.PP +\&\fIEVP_PKEY_CTX_new_id()\fR and \fIEVP_PKEY_CTX_new_from_name()\fR are normally +used when no \fB\s-1EVP_PKEY\s0\fR structure is associated with the operations, +for example during parameter generation or key generation for some +algorithms. +.PP +\&\fIEVP_PKEY_CTX_dup()\fR duplicates the context \fIctx\fR. +.PP +\&\fIEVP_PKEY_CTX_free()\fR frees up the context \fIctx\fR. +If \fIctx\fR is \s-1NULL\s0, nothing is done. +.SH "NOTES" +.IX Header "NOTES" +.IP "1." 4 +The \fB\s-1EVP_PKEY_CTX\s0\fR structure is an opaque public key algorithm context used +by the OpenSSL high level public key \s-1API\s0. Contexts \fB\s-1MUST\s0 \s-1NOT\s0\fR be shared between +threads: that is it is not permissible to use the same context simultaneously +in two threads. +.IP "2." 4 +We mention \*(L"key type\*(R" in this manual, which is the same +as \*(L"algorithm\*(R" in most cases, allowing either term to be used +interchangeably. There are algorithms where the \fIkey type\fR and the +\&\fIalgorithm\fR of the operations that use the keys are not the same, +such as \s-1EC\s0 keys being used for \s-1ECDSA\s0 and \s-1ECDH\s0 operations. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_PKEY_CTX_new()\fR, \fIEVP_PKEY_CTX_new_id()\fR, \fIEVP_PKEY_CTX_dup()\fR returns either +the newly allocated \fB\s-1EVP_PKEY_CTX\s0\fR structure of \fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fIEVP_PKEY_CTX_free()\fR does not return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_PKEY_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fIEVP_PKEY_CTX_new()\fR, \fIEVP_PKEY_CTX_new_id()\fR, \fIEVP_PKEY_CTX_dup()\fR and +\&\fIEVP_PKEY_CTX_free()\fR functions were added in OpenSSL 1.0.0. +.PP +The \fIEVP_PKEY_CTX_new_from_name()\fR and \fIEVP_PKEY_CTX_new_from_pkey()\fR functions were +added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 b/linux_amd64/share/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 new file mode 100755 index 0000000..64a5951 --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 @@ -0,0 +1,175 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_CTX_SET1_PBE_PASS 3" +.TH EVP_PKEY_CTX_SET1_PBE_PASS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_CTX_set1_pbe_pass +\&\- generic KDF support functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_CTX_set1_pbe_pass(EVP_PKEY_CTX *pctx, unsigned char *pass, +\& int passlen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions are generic support functions for all \s-1KDF\s0 algorithms. +.PP +\&\fIEVP_PKEY_CTX_set1_pbe_pass()\fR sets the password to the \fBpasslen\fR first +bytes from \fBpass\fR. +.SH "STRING CTRLS" +.IX Header "STRING CTRLS" +There is also support for string based control operations via +\&\fIEVP_PKEY_CTX_ctrl_str\fR\|(3). +The \fBpassword\fR can be directly specified using the \fBtype\fR parameter +\&\*(L"pass\*(R" or given in hex encoding using the \*(L"hexpass\*(R" parameter. +.SH "NOTES" +.IX Header "NOTES" +All these functions are implemented as macros. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All these functions return 1 for success and 0 or a negative value for failure. +In particular a return value of \-2 indicates the operation is not supported by +the public key algorithm. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_PKEY_CTX_new\fR\|(3), +\&\fIEVP_PKEY_CTX_ctrl_str\fR\|(3), +\&\fIEVP_PKEY_derive\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 b/linux_amd64/share/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 new file mode 100755 index 0000000..e2100ad --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 @@ -0,0 +1,282 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_CTX_SET_HKDF_MD 3" +.TH EVP_PKEY_CTX_SET_HKDF_MD 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_CTX_set_hkdf_md, EVP_PKEY_CTX_set1_hkdf_salt, +EVP_PKEY_CTX_set1_hkdf_key, EVP_PKEY_CTX_add1_hkdf_info, +EVP_PKEY_CTX_hkdf_mode \- +HMAC\-based Extract\-and\-Expand key derivation algorithm +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_CTX_hkdf_mode(EVP_PKEY_CTX *pctx, int mode); +\& +\& int EVP_PKEY_CTX_set_hkdf_md(EVP_PKEY_CTX *pctx, const EVP_MD *md); +\& +\& int EVP_PKEY_CTX_set1_hkdf_salt(EVP_PKEY_CTX *pctx, unsigned char *salt, +\& int saltlen); +\& +\& int EVP_PKEY_CTX_set1_hkdf_key(EVP_PKEY_CTX *pctx, unsigned char *key, +\& int keylen); +\& +\& int EVP_PKEY_CTX_add1_hkdf_info(EVP_PKEY_CTX *pctx, unsigned char *info, +\& int infolen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP_PKEY_HKDF\s0 algorithm implements the \s-1HKDF\s0 key derivation function. +\&\s-1HKDF\s0 follows the \*(L"extract-then-expand\*(R" paradigm, where the \s-1KDF\s0 logically +consists of two modules. The first stage takes the input keying material +and \*(L"extracts\*(R" from it a fixed-length pseudorandom key K. The second stage +\&\*(L"expands\*(R" the key K into several additional pseudorandom keys (the output +of the \s-1KDF\s0). +.PP +\&\fIEVP_PKEY_CTX_hkdf_mode()\fR sets the mode for the \s-1HKDF\s0 operation. There are three +modes that are currently defined: +.IP "\s-1EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND\s0" 4 +.IX Item "EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND" +This is the default mode. Calling \fIEVP_PKEY_derive\fR\|(3) on an \s-1EVP_PKEY_CTX\s0 set +up for \s-1HKDF\s0 will perform an extract followed by an expand operation in one go. +The derived key returned will be the result after the expand operation. The +intermediate fixed-length pseudorandom key K is not returned. +.Sp +In this mode the digest, key, salt and info values must be set before a key is +derived or an error occurs. +.IP "\s-1EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY\s0" 4 +.IX Item "EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY" +In this mode calling \fIEVP_PKEY_derive\fR\|(3) will just perform the extract +operation. The value returned will be the intermediate fixed-length pseudorandom +key K. +.Sp +The digest, key and salt values must be set before a key is derived or an +error occurs. +.IP "\s-1EVP_PKEY_HKDEF_MODE_EXPAND_ONLY\s0" 4 +.IX Item "EVP_PKEY_HKDEF_MODE_EXPAND_ONLY" +In this mode calling \fIEVP_PKEY_derive\fR\|(3) will just perform the expand +operation. The input key should be set to the intermediate fixed-length +pseudorandom key K returned from a previous extract operation. +.Sp +The digest, key and info values must be set before a key is derived or an +error occurs. +.PP +\&\fIEVP_PKEY_CTX_set_hkdf_md()\fR sets the message digest associated with the \s-1HKDF\s0. +.PP +\&\fIEVP_PKEY_CTX_set1_hkdf_salt()\fR sets the salt to \fBsaltlen\fR bytes of the +buffer \fBsalt\fR. Any existing value is replaced. +.PP +\&\fIEVP_PKEY_CTX_set1_hkdf_key()\fR sets the key to \fBkeylen\fR bytes of the buffer +\&\fBkey\fR. Any existing value is replaced. +.PP +\&\fIEVP_PKEY_CTX_add1_hkdf_info()\fR sets the info value to \fBinfolen\fR bytes of the +buffer \fBinfo\fR. If a value is already set, it is appended to the existing +value. +.SH "STRING CTRLS" +.IX Header "STRING CTRLS" +\&\s-1HKDF\s0 also supports string based control operations via +\&\fIEVP_PKEY_CTX_ctrl_str\fR\|(3). +The \fBtype\fR parameter \*(L"md\*(R" uses the supplied \fBvalue\fR as the name of the digest +algorithm to use. +The \fBtype\fR parameter \*(L"mode\*(R" uses the values \*(L"\s-1EXTRACT_AND_EXPAND\s0\*(R", +\&\*(L"\s-1EXTRACT_ONLY\s0\*(R" and \*(L"\s-1EXPAND_ONLY\s0\*(R" to determine the mode to use. +The \fBtype\fR parameters \*(L"salt\*(R", \*(L"key\*(R" and \*(L"info\*(R" use the supplied \fBvalue\fR +parameter as a \fBseed\fR, \fBkey\fR or \fBinfo\fR value. +The names \*(L"hexsalt\*(R", \*(L"hexkey\*(R" and \*(L"hexinfo\*(R" are similar except they take a hex +string which is converted to binary. +.SH "NOTES" +.IX Header "NOTES" +All these functions are implemented as macros. +.PP +A context for \s-1HKDF\s0 can be obtained by calling: +.PP +.Vb 1 +\& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL); +.Ve +.PP +The total length of the info buffer cannot exceed 1024 bytes in length: this +should be more than enough for any normal use of \s-1HKDF\s0. +.PP +The output length of an \s-1HKDF\s0 expand operation is specified via the length +parameter to the \fIEVP_PKEY_derive\fR\|(3) function. +Since the \s-1HKDF\s0 output length is variable, passing a \fB\s-1NULL\s0\fR buffer as a means +to obtain the requisite length is not meaningful with \s-1HKDF\s0 in any mode that +performs an expand operation. Instead, the caller must allocate a buffer of the +desired length, and pass that buffer to \fIEVP_PKEY_derive\fR\|(3) along with (a +pointer initialized to) the desired length. Passing a \fB\s-1NULL\s0\fR buffer to obtain +the length is allowed when using \s-1EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY\s0. +.PP +Optimised versions of \s-1HKDF\s0 can be implemented in an \s-1ENGINE\s0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All these functions return 1 for success and 0 or a negative value for failure. +In particular a return value of \-2 indicates the operation is not supported by +the public key algorithm. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This example derives 10 bytes using \s-1SHA\-256\s0 with the secret key \*(L"secret\*(R", +salt value \*(L"salt\*(R" and info value \*(L"label\*(R": +.PP +.Vb 4 +\& EVP_PKEY_CTX *pctx; +\& unsigned char out[10]; +\& size_t outlen = sizeof(out); +\& pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL); +\& +\& if (EVP_PKEY_derive_init(pctx) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set1_hkdf_salt(pctx, "salt", 4) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set1_hkdf_key(pctx, "secret", 6) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_add1_hkdf_info(pctx, "label", 5) <= 0) +\& /* Error */ +\& if (EVP_PKEY_derive(pctx, out, &outlen) <= 0) +\& /* Error */ +.Ve +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1RFC\s0 5869 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_PKEY_CTX_new\fR\|(3), +\&\fIEVP_PKEY_CTX_ctrl_str\fR\|(3), +\&\fIEVP_PKEY_derive\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 b/linux_amd64/share/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 new file mode 100755 index 0000000..491ec2e --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 @@ -0,0 +1,216 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_CTX_SET_RSA_PSS_KEYGEN_MD 3" +.TH EVP_PKEY_CTX_SET_RSA_PSS_KEYGEN_MD 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_CTX_set_rsa_pss_keygen_md, +EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md, +EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen +\&\- EVP_PKEY RSA\-PSS algorithm support functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_CTX_set_rsa_pss_keygen_md(EVP_PKEY_CTX *pctx, +\& const EVP_MD *md); +\& int EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(EVP_PKEY_CTX *pctx, +\& const EVP_MD *md); +\& int EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(EVP_PKEY_CTX *pctx, +\& int saltlen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These are the functions that implement \s-1\fIRSA\-PSS\s0\fR\|(7). +.SS "Signing and Verification" +.IX Subsection "Signing and Verification" +The macro \fIEVP_PKEY_CTX_set_rsa_padding()\fR is supported but an error is +returned if an attempt is made to set the padding mode to anything other +than \fB\s-1PSS\s0\fR. It is otherwise similar to the \fB\s-1RSA\s0\fR version. +.PP +The \fIEVP_PKEY_CTX_set_rsa_pss_saltlen()\fR macro is used to set the salt length. +If the key has usage restrictions then an error is returned if an attempt is +made to set the salt length below the minimum value. It is otherwise similar +to the \fB\s-1RSA\s0\fR operation except detection of the salt length (using +\&\s-1RSA_PSS_SALTLEN_AUTO\s0) is not supported for verification if the key has +usage restrictions. +.PP +The \fIEVP_PKEY_CTX_set_signature_md\fR\|(3) and \fIEVP_PKEY_CTX_set_rsa_mgf1_md\fR\|(3) +fuunctions are used to set the digest and \s-1MGF1\s0 algorithms respectively. If the +key has usage restrictions then an error is returned if an attempt is made to +set the digest to anything other than the restricted value. Otherwise these are +similar to the \fB\s-1RSA\s0\fR versions. +.SS "Key Generation" +.IX Subsection "Key Generation" +As with \s-1RSA\s0 key generation the \fIEVP_PKEY_CTX_set_rsa_keygen_bits()\fR +and \fIEVP_PKEY_CTX_set_rsa_keygen_pubexp()\fR macros are supported for RSA-PSS: +they have exactly the same meaning as for the \s-1RSA\s0 algorithm. +.PP +Optional parameter restrictions can be specified when generating a \s-1PSS\s0 key. +If any restrictions are set (using the macros described below) then \fBall\fR +parameters are restricted. For example, setting a minimum salt length also +restricts the digest and \s-1MGF1\s0 algorithms. If any restrictions are in place +then they are reflected in the corresponding parameters of the public key +when (for example) a certificate request is signed. +.PP +\&\fIEVP_PKEY_CTX_set_rsa_pss_keygen_md()\fR restricts the digest algorithm the +generated key can use to \fBmd\fR. +.PP +\&\fIEVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md()\fR restricts the \s-1MGF1\s0 algorithm the +generated key can use to \fBmd\fR. +.PP +\&\fIEVP_PKEY_CTX_set_rsa_pss_keygen_saltlen()\fR restricts the minimum salt length +to \fBsaltlen\fR. +.SH "NOTES" +.IX Header "NOTES" +A context for the \fBRSA-PSS\fR algorithm can be obtained by calling: +.PP +.Vb 1 +\& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA_PSS, NULL); +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All these functions return 1 for success and 0 or a negative value for failure. +In particular a return value of \-2 indicates the operation is not supported by +the public key algorithm. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fIRSA\-PSS\s0\fR\|(7), +\&\fIEVP_PKEY_CTX_new\fR\|(3), +\&\fIEVP_PKEY_CTX_ctrl_str\fR\|(3), +\&\fIEVP_PKEY_derive\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 b/linux_amd64/share/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 new file mode 100755 index 0000000..618e15d --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 @@ -0,0 +1,210 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_CTX_SET_SCRYPT_N 3" +.TH EVP_PKEY_CTX_SET_SCRYPT_N 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_CTX_set1_scrypt_salt, +EVP_PKEY_CTX_set_scrypt_N, +EVP_PKEY_CTX_set_scrypt_r, +EVP_PKEY_CTX_set_scrypt_p, +EVP_PKEY_CTX_set_scrypt_maxmem_bytes +\&\- EVP_PKEY scrypt KDF support functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_CTX_set1_scrypt_salt(EVP_PKEY_CTX *pctx, unsigned char *salt, +\& int saltlen); +\& +\& int EVP_PKEY_CTX_set_scrypt_N(EVP_PKEY_CTX *pctx, uint64_t N); +\& +\& int EVP_PKEY_CTX_set_scrypt_r(EVP_PKEY_CTX *pctx, uint64_t r); +\& +\& int EVP_PKEY_CTX_set_scrypt_p(EVP_PKEY_CTX *pctx, uint64_t p); +\& +\& int EVP_PKEY_CTX_set_scrypt_maxmem_bytes(EVP_PKEY_CTX *pctx, +\& uint64_t maxmem); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions are used to set up the necessary data to use the +scrypt \s-1KDF\s0. +For more information on scrypt, see \s-1\fIEVP_KDF\-SCRYPT\s0\fR\|(7). +.PP +\&\fIEVP_PKEY_CTX_set1_scrypt_salt()\fR sets the \fBsaltlen\fR bytes long salt +value. +.PP +\&\fIEVP_PKEY_CTX_set_scrypt_N()\fR, \fIEVP_PKEY_CTX_set_scrypt_r()\fR and +\&\fIEVP_PKEY_CTX_set_scrypt_p()\fR configure the work factors N, r and p. +.PP +\&\fIEVP_PKEY_CTX_set_scrypt_maxmem_bytes()\fR sets how much \s-1RAM\s0 key +derivation may maximally use, given in bytes. +If \s-1RAM\s0 is exceeded because the load factors are chosen too high, the +key derivation will fail. +.SH "STRING CTRLS" +.IX Header "STRING CTRLS" +scrypt also supports string based control operations via +\&\fIEVP_PKEY_CTX_ctrl_str\fR\|(3). +Similarly, the \fBsalt\fR can either be specified using the \fBtype\fR +parameter \*(L"salt\*(R" or in hex encoding by using the \*(L"hexsalt\*(R" parameter. +The work factors \fBN\fR, \fBr\fR and \fBp\fR as well as \fBmaxmem_bytes\fR can be +set by using the parameters \*(L"N\*(R", \*(L"r\*(R", \*(L"p\*(R" and \*(L"maxmem_bytes\*(R", +respectively. +.SH "NOTES" +.IX Header "NOTES" +There is a newer generic \s-1API\s0 for KDFs, \s-1\fIEVP_KDF\s0\fR\|(3), which is +preferred over the \s-1EVP_PKEY\s0 method. +.PP +The scrypt \s-1KDF\s0 also uses \fIEVP_PKEY_CTX_set1_pbe_pass()\fR as well as +the value from the string controls \*(L"pass\*(R" and \*(L"hexpass\*(R". +See \fIEVP_PKEY_CTX_set1_pbe_pass\fR\|(3). +.PP +All the functions described here are implemented as macros. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All these functions return 1 for success and 0 or a negative value for +failure. +In particular a return value of \-2 indicates the operation is not +supported by the public key algorithm. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fIEVP_KDF\s0\fR\|(3) +\&\fIEVP_PKEY_CTX_new\fR\|(3), +\&\fIEVP_PKEY_CTX_ctrl_str\fR\|(3), +\&\fIEVP_PKEY_derive\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 b/linux_amd64/share/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 new file mode 100755 index 0000000..8d9c918 --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 @@ -0,0 +1,233 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_CTX_SET_TLS1_PRF_MD 3" +.TH EVP_PKEY_CTX_SET_TLS1_PRF_MD 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_CTX_set_tls1_prf_md, +EVP_PKEY_CTX_set1_tls1_prf_secret, EVP_PKEY_CTX_add1_tls1_prf_seed \- +TLS PRF key derivation algorithm +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_CTX_set_tls1_prf_md(EVP_PKEY_CTX *pctx, const EVP_MD *md); +\& int EVP_PKEY_CTX_set1_tls1_prf_secret(EVP_PKEY_CTX *pctx, +\& unsigned char *sec, int seclen); +\& int EVP_PKEY_CTX_add1_tls1_prf_seed(EVP_PKEY_CTX *pctx, +\& unsigned char *seed, int seedlen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1EVP_PKEY_TLS1_PRF\s0\fR algorithm implements the \s-1PRF\s0 key derivation function for +\&\s-1TLS\s0. It has no associated private key and only implements key derivation +using \fIEVP_PKEY_derive\fR\|(3). +.PP +\&\fIEVP_PKEY_set_tls1_prf_md()\fR sets the message digest associated with the +\&\s-1TLS\s0 \s-1PRF\s0. \fIEVP_md5_sha1()\fR is treated as a special case which uses the \s-1PRF\s0 +algorithm using both \fB\s-1MD5\s0\fR and \fB\s-1SHA1\s0\fR as used in \s-1TLS\s0 1.0 and 1.1. +.PP +\&\fIEVP_PKEY_CTX_set_tls1_prf_secret()\fR sets the secret value of the \s-1TLS\s0 \s-1PRF\s0 +to \fBseclen\fR bytes of the buffer \fBsec\fR. Any existing secret value is replaced +and any seed is reset. +.PP +\&\fIEVP_PKEY_CTX_add1_tls1_prf_seed()\fR sets the seed to \fBseedlen\fR bytes of \fBseed\fR. +If a seed is already set it is appended to the existing value. +.SH "STRING CTRLS" +.IX Header "STRING CTRLS" +The \s-1TLS\s0 \s-1PRF\s0 also supports string based control operations using +\&\fIEVP_PKEY_CTX_ctrl_str\fR\|(3). +The \fBtype\fR parameter \*(L"md\*(R" uses the supplied \fBvalue\fR as the name of the digest +algorithm to use. +The \fBtype\fR parameters \*(L"secret\*(R" and \*(L"seed\*(R" use the supplied \fBvalue\fR parameter +as a secret or seed value. +The names \*(L"hexsecret\*(R" and \*(L"hexseed\*(R" are similar except they take a hex string +which is converted to binary. +.SH "NOTES" +.IX Header "NOTES" +All these functions are implemented as macros. +.PP +A context for the \s-1TLS\s0 \s-1PRF\s0 can be obtained by calling: +.PP +.Vb 1 +\& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL); +.Ve +.PP +The digest, secret value and seed must be set before a key is derived or an +error occurs. +.PP +The total length of all seeds cannot exceed 1024 bytes in length: this should +be more than enough for any normal use of the \s-1TLS\s0 \s-1PRF\s0. +.PP +The output length of the \s-1PRF\s0 is specified by the length parameter in the +\&\fIEVP_PKEY_derive()\fR function. Since the output length is variable, setting +the buffer to \fB\s-1NULL\s0\fR is not meaningful for the \s-1TLS\s0 \s-1PRF\s0. +.PP +Optimised versions of the \s-1TLS\s0 \s-1PRF\s0 can be implemented in an \s-1ENGINE\s0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All these functions return 1 for success and 0 or a negative value for failure. +In particular a return value of \-2 indicates the operation is not supported by +the public key algorithm. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This example derives 10 bytes using \s-1SHA\-256\s0 with the secret key \*(L"secret\*(R" +and seed value \*(L"seed\*(R": +.PP +.Vb 3 +\& EVP_PKEY_CTX *pctx; +\& unsigned char out[10]; +\& size_t outlen = sizeof(out); +\& +\& pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL); +\& if (EVP_PKEY_derive_init(pctx) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set_tls1_prf_md(pctx, EVP_sha256()) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, "secret", 6) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, "seed", 4) <= 0) +\& /* Error */ +\& if (EVP_PKEY_derive(pctx, out, &outlen) <= 0) +\& /* Error */ +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_PKEY_CTX_new\fR\|(3), +\&\fIEVP_PKEY_CTX_ctrl_str\fR\|(3), +\&\fIEVP_PKEY_derive\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_PKEY_asn1_get_count.3 b/linux_amd64/share/man/man3/EVP_PKEY_asn1_get_count.3 new file mode 100755 index 0000000..c3ee916 --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_PKEY_asn1_get_count.3 @@ -0,0 +1,203 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_ASN1_GET_COUNT 3" +.TH EVP_PKEY_ASN1_GET_COUNT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_asn1_find, +EVP_PKEY_asn1_find_str, +EVP_PKEY_asn1_get_count, +EVP_PKEY_asn1_get0, +EVP_PKEY_asn1_get0_info +\&\- enumerate public key ASN.1 methods +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_asn1_get_count(void); +\& const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx); +\& const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type); +\& const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe, +\& const char *str, int len); +\& int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *pkey_base_id, +\& int *ppkey_flags, const char **pinfo, +\& const char **ppem_str, +\& const EVP_PKEY_ASN1_METHOD *ameth); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIEVP_PKEY_asn1_count()\fR returns a count of the number of public key +\&\s-1ASN\s0.1 methods available: it includes standard methods and any methods +added by the application. +.PP +\&\fIEVP_PKEY_asn1_get0()\fR returns the public key \s-1ASN\s0.1 method \fBidx\fR. +The value of \fBidx\fR must be between zero and \fIEVP_PKEY_asn1_get_count()\fR +\&\- 1. +.PP +\&\fIEVP_PKEY_asn1_find()\fR looks up the \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR with \s-1NID\s0 +\&\fBtype\fR. +If \fBpe\fR isn't \fB\s-1NULL\s0\fR, then it will look up an engine implementing a +\&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR for the \s-1NID\s0 \fBtype\fR and return that instead, +and also set \fB*pe\fR to point at the engine that implements it. +.PP +\&\fIEVP_PKEY_asn1_find_str()\fR looks up the \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR with \s-1PEM\s0 +type string \fBstr\fR. +Just like \fIEVP_PKEY_asn1_find()\fR, if \fBpe\fR isn't \fB\s-1NULL\s0\fR, then it will +look up an engine implementing a \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR for the \s-1NID\s0 +\&\fBtype\fR and return that instead, and also set \fB*pe\fR to point at the +engine that implements it. +.PP +\&\fIEVP_PKEY_asn1_get0_info()\fR returns the public key \s-1ID\s0, base public key +\&\s-1ID\s0 (both NIDs), any flags, the method description and \s-1PEM\s0 type string +associated with the public key \s-1ASN\s0.1 method \fB*ameth\fR. +.PP +\&\fIEVP_PKEY_asn1_count()\fR, \fIEVP_PKEY_asn1_get0()\fR, \fIEVP_PKEY_asn1_find()\fR and +\&\fIEVP_PKEY_asn1_find_str()\fR are not thread safe, but as long as all +\&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR objects are added before the application gets +threaded, using them is safe. See \fIEVP_PKEY_asn1_add0\fR\|(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_PKEY_asn1_count()\fR returns the number of available public key methods. +.PP +\&\fIEVP_PKEY_asn1_get0()\fR return a public key method or \fB\s-1NULL\s0\fR if \fBidx\fR is +out of range. +.PP +\&\fIEVP_PKEY_asn1_get0_info()\fR returns 0 on failure, 1 on success. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_PKEY_asn1_new\fR\|(3), \fIEVP_PKEY_asn1_add0\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_PKEY_check.3 b/linux_amd64/share/man/man3/EVP_PKEY_check.3 new file mode 100755 index 0000000..6694f1b --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_PKEY_check.3 @@ -0,0 +1,194 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_CHECK 3" +.TH EVP_PKEY_CHECK 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_check, EVP_PKEY_param_check, EVP_PKEY_public_check, +EVP_PKEY_private_check, EVP_PKEY_pairwise_check +\&\- key and parameter validation functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_check(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_private_check(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_pairwise_check(EVP_PKEY_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIEVP_PKEY_param_check()\fR validates the parameters component of the key +given by \fBctx\fR. +.PP +\&\fIEVP_PKEY_public_check()\fR validates the public component of the key given by \fBctx\fR. +.PP +\&\fIEVP_PKEY_private_check()\fR validates the private component of the key given by \fBctx\fR. +.PP +\&\fIEVP_PKEY_pairwise_check()\fR validates that the public and private components have +the correct mathematical relationship to each other for the key given by \fBctx\fR. +.PP +\&\fIEVP_PKEY_check()\fR validates all components of a key given by \fBctx\fR. +.SH "NOTES" +.IX Header "NOTES" +Refer to \s-1SP800\-56A\s0 and \s-1SP800\-56B\s0 for rules relating to when these functions +should be called during key establishment. +It is not necessary to call these functions after locally calling an approved key +generation method, but may be required for assurance purposes when receiving +keys from a third party. +.PP +In OpenSSL an \s-1EVP_PKEY\s0 structure containing a private key also contains the +public key components and parameters (if any). An OpenSSL private key is +equivalent to what some libraries call a \*(L"key pair\*(R". A private key can be used +in functions which require the use of a public key or parameters. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All functions return 1 for success or others for failure. +They return \-2 if the operation is not supported for the specific algorithm. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_PKEY_CTX_new\fR\|(3), +\&\fIEVP_PKEY_fromdata\fR\|(3), +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIEVP_PKEY_check()\fR, \fIEVP_PKEY_public_check()\fR and \fIEVP_PKEY_param_check()\fR were added +in OpenSSL 1.1.1. +.PP +\&\fIEVP_PKEY_private_check()\fR and \fIEVP_PKEY_pairwise_check()\fR were added +in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_PKEY_cmp.3 b/linux_amd64/share/man/man3/EVP_PKEY_cmp.3 new file mode 100755 index 0000000..7537f56 --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_PKEY_cmp.3 @@ -0,0 +1,195 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_CMP 3" +.TH EVP_PKEY_CMP 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_copy_parameters, EVP_PKEY_missing_parameters, EVP_PKEY_cmp_parameters, +EVP_PKEY_cmp \- public key parameter and comparison functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey); +\& int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from); +\& +\& int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b); +\& int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fIEVP_PKEY_missing_parameters()\fR returns 1 if the public key +parameters of \fBpkey\fR are missing and 0 if they are present or the algorithm +doesn't use parameters. +.PP +The function \fIEVP_PKEY_copy_parameters()\fR copies the parameters from key +\&\fBfrom\fR to key \fBto\fR. An error is returned if the parameters are missing in +\&\fBfrom\fR or present in both \fBfrom\fR and \fBto\fR and mismatch. If the parameters +in \fBfrom\fR and \fBto\fR are both present and match this function has no effect. +.PP +The function \fIEVP_PKEY_cmp_parameters()\fR compares the parameters of keys +\&\fBa\fR and \fBb\fR. +.PP +The function \fIEVP_PKEY_cmp()\fR compares the public key components and parameters +(if present) of keys \fBa\fR and \fBb\fR. +.SH "NOTES" +.IX Header "NOTES" +The main purpose of the functions \fIEVP_PKEY_missing_parameters()\fR and +\&\fIEVP_PKEY_copy_parameters()\fR is to handle public keys in certificates where the +parameters are sometimes omitted from a public key if they are inherited from +the \s-1CA\s0 that signed it. +.PP +Since OpenSSL private keys contain public key components too the function +\&\fIEVP_PKEY_cmp()\fR can also be used to determine if a private key matches +a public key. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The function \fIEVP_PKEY_missing_parameters()\fR returns 1 if the public key +parameters of \fBpkey\fR are missing and 0 if they are present or the algorithm +doesn't use parameters. +.PP +These functions \fIEVP_PKEY_copy_parameters()\fR returns 1 for success and 0 for +failure. +.PP +The function \fIEVP_PKEY_cmp_parameters()\fR and \fIEVP_PKEY_cmp()\fR return 1 if the +keys match, 0 if they don't match, \-1 if the key types are different and +\&\-2 if the operation is not supported. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_PKEY_CTX_new\fR\|(3), +\&\fIEVP_PKEY_keygen\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_PKEY_decrypt.3 b/linux_amd64/share/man/man3/EVP_PKEY_decrypt.3 new file mode 100755 index 0000000..f9a512c --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_PKEY_decrypt.3 @@ -0,0 +1,227 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_DECRYPT 3" +.TH EVP_PKEY_DECRYPT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_decrypt_init, EVP_PKEY_decrypt \- decrypt using a public key algorithm +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, +\& unsigned char *out, size_t *outlen, +\& const unsigned char *in, size_t inlen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fIEVP_PKEY_decrypt_init()\fR function initializes a public key algorithm +context using key \fBpkey\fR for a decryption operation. +.PP +The \fIEVP_PKEY_decrypt()\fR function performs a public key decryption operation +using \fBctx\fR. The data to be decrypted is specified using the \fBin\fR and +\&\fBinlen\fR parameters. If \fBout\fR is \fB\s-1NULL\s0\fR then the maximum size of the output +buffer is written to the \fBoutlen\fR parameter. If \fBout\fR is not \fB\s-1NULL\s0\fR then +before the call the \fBoutlen\fR parameter should contain the length of the +\&\fBout\fR buffer, if the call is successful the decrypted data is written to +\&\fBout\fR and the amount of data written to \fBoutlen\fR. +.SH "NOTES" +.IX Header "NOTES" +After the call to \fIEVP_PKEY_decrypt_init()\fR algorithm specific control +operations can be performed to set any appropriate parameters for the +operation. +.PP +The function \fIEVP_PKEY_decrypt()\fR can be called more than once on the same +context if several operations are performed using the same parameters. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_PKEY_decrypt_init()\fR and \fIEVP_PKEY_decrypt()\fR return 1 for success and 0 +or a negative value for failure. In particular a return value of \-2 +indicates the operation is not supported by the public key algorithm. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Decrypt data using \s-1OAEP\s0 (for \s-1RSA\s0 keys): +.PP +.Vb 2 +\& #include +\& #include +\& +\& EVP_PKEY_CTX *ctx; +\& ENGINE *eng; +\& unsigned char *out, *in; +\& size_t outlen, inlen; +\& EVP_PKEY *key; +\& +\& /* +\& * NB: assumes key, eng, in, inlen are already set up +\& * and that key is an RSA private key +\& */ +\& ctx = EVP_PKEY_CTX_new(key, eng); +\& if (!ctx) +\& /* Error occurred */ +\& if (EVP_PKEY_decrypt_init(ctx) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_OAEP_PADDING) <= 0) +\& /* Error */ +\& +\& /* Determine buffer length */ +\& if (EVP_PKEY_decrypt(ctx, NULL, &outlen, in, inlen) <= 0) +\& /* Error */ +\& +\& out = OPENSSL_malloc(outlen); +\& +\& if (!out) +\& /* malloc failure */ +\& +\& if (EVP_PKEY_decrypt(ctx, out, &outlen, in, inlen) <= 0) +\& /* Error */ +\& +\& /* Decrypted data is outlen bytes written to buffer out */ +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_PKEY_CTX_new\fR\|(3), +\&\fIEVP_PKEY_encrypt\fR\|(3), +\&\fIEVP_PKEY_sign\fR\|(3), +\&\fIEVP_PKEY_verify\fR\|(3), +\&\fIEVP_PKEY_verify_recover\fR\|(3), +\&\fIEVP_PKEY_derive\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_PKEY_derive.3 b/linux_amd64/share/man/man3/EVP_PKEY_derive.3 new file mode 100755 index 0000000..1299f6f --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_PKEY_derive.3 @@ -0,0 +1,231 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_DERIVE 3" +.TH EVP_PKEY_DERIVE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_derive_init, EVP_PKEY_derive_set_peer, EVP_PKEY_derive +\&\- derive public key algorithm shared secret +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer); +\& int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIEVP_PKEY_derive_init()\fR initializes a public key algorithm context \fIctx\fR for +shared secret derivation using the algorithm given when the context was created +using \fIEVP_PKEY_CTX_new\fR\|(3) or variants thereof. The algorithm is used to +fetch a \fB\s-1EVP_KEYEXCH\s0\fR method implicitly, see \*(L"Implicit fetch\*(R" in \fIprovider\fR\|(7) for +more information about implict fetches. +.PP +\&\fIEVP_PKEY_derive_set_peer()\fR sets the peer key: this will normally +be a public key. +.PP +\&\fIEVP_PKEY_derive()\fR derives a shared secret using \fIctx\fR. +If \fIkey\fR is \s-1NULL\s0 then the maximum size of the output buffer is written to the +\&\fIkeylen\fR parameter. If \fIkey\fR is not \s-1NULL\s0 then before the call the \fIkeylen\fR +parameter should contain the length of the \fIkey\fR buffer, if the call is +successful the shared secret is written to \fIkey\fR and the amount of data +written to \fIkeylen\fR. +.SH "NOTES" +.IX Header "NOTES" +After the call to \fIEVP_PKEY_derive_init()\fR, algorithm +specific control operations can be performed to set any appropriate parameters +for the operation. +.PP +The function \fIEVP_PKEY_derive()\fR can be called more than once on the same +context if several operations are performed using the same parameters. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_PKEY_derive_init()\fR and \fIEVP_PKEY_derive()\fR return 1 +for success and 0 or a negative value for failure. +In particular a return value of \-2 indicates the operation is not supported by +the public key algorithm. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Derive shared secret (for example \s-1DH\s0 or \s-1EC\s0 keys): +.PP +.Vb 2 +\& #include +\& #include +\& +\& EVP_PKEY_CTX *ctx; +\& ENGINE *eng; +\& unsigned char *skey; +\& size_t skeylen; +\& EVP_PKEY *pkey, *peerkey; +\& /* NB: assumes pkey, eng, peerkey have been already set up */ +\& +\& ctx = EVP_PKEY_CTX_new(pkey, eng); +\& if (!ctx) +\& /* Error occurred */ +\& if (EVP_PKEY_derive_init(ctx) <= 0) +\& /* Error */ +\& if (EVP_PKEY_derive_set_peer(ctx, peerkey) <= 0) +\& /* Error */ +\& +\& /* Determine buffer length */ +\& if (EVP_PKEY_derive(ctx, NULL, &skeylen) <= 0) +\& /* Error */ +\& +\& skey = OPENSSL_malloc(skeylen); +\& +\& if (!skey) +\& /* malloc failure */ +\& +\& if (EVP_PKEY_derive(ctx, skey, &skeylen) <= 0) +\& /* Error */ +\& +\& /* Shared secret is skey bytes written to buffer skey */ +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_PKEY_CTX_new\fR\|(3), +\&\fIEVP_PKEY_encrypt\fR\|(3), +\&\fIEVP_PKEY_decrypt\fR\|(3), +\&\fIEVP_PKEY_sign\fR\|(3), +\&\fIEVP_PKEY_verify\fR\|(3), +\&\fIEVP_PKEY_verify_recover\fR\|(3), +\&\fIEVP_KEYEXCH_fetch\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_PKEY_encrypt.3 b/linux_amd64/share/man/man3/EVP_PKEY_encrypt.3 new file mode 100755 index 0000000..5dff2d8 --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_PKEY_encrypt.3 @@ -0,0 +1,232 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_ENCRYPT 3" +.TH EVP_PKEY_ENCRYPT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_encrypt_init, EVP_PKEY_encrypt \- encrypt using a public key algorithm +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx, +\& unsigned char *out, size_t *outlen, +\& const unsigned char *in, size_t inlen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fIEVP_PKEY_encrypt_init()\fR function initializes a public key algorithm +context using key \fBpkey\fR for an encryption operation. +.PP +The \fIEVP_PKEY_encrypt()\fR function performs a public key encryption operation +using \fBctx\fR. The data to be encrypted is specified using the \fBin\fR and +\&\fBinlen\fR parameters. If \fBout\fR is \fB\s-1NULL\s0\fR then the maximum size of the output +buffer is written to the \fBoutlen\fR parameter. If \fBout\fR is not \fB\s-1NULL\s0\fR then +before the call the \fBoutlen\fR parameter should contain the length of the +\&\fBout\fR buffer, if the call is successful the encrypted data is written to +\&\fBout\fR and the amount of data written to \fBoutlen\fR. +.SH "NOTES" +.IX Header "NOTES" +After the call to \fIEVP_PKEY_encrypt_init()\fR algorithm specific control +operations can be performed to set any appropriate parameters for the +operation. +.PP +The function \fIEVP_PKEY_encrypt()\fR can be called more than once on the same +context if several operations are performed using the same parameters. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_PKEY_encrypt_init()\fR and \fIEVP_PKEY_encrypt()\fR return 1 for success and 0 +or a negative value for failure. In particular a return value of \-2 +indicates the operation is not supported by the public key algorithm. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Encrypt data using \s-1OAEP\s0 (for \s-1RSA\s0 keys). See also \fIPEM_read_PUBKEY\fR\|(3) or +\&\fId2i_X509\fR\|(3) for means to load a public key. You may also simply +set 'eng = \s-1NULL\s0;' to start with the default OpenSSL \s-1RSA\s0 implementation: +.PP +.Vb 3 +\& #include +\& #include +\& #include +\& +\& EVP_PKEY_CTX *ctx; +\& ENGINE *eng; +\& unsigned char *out, *in; +\& size_t outlen, inlen; +\& EVP_PKEY *key; +\& +\& /* +\& * NB: assumes eng, key, in, inlen are already set up, +\& * and that key is an RSA public key +\& */ +\& ctx = EVP_PKEY_CTX_new(key, eng); +\& if (!ctx) +\& /* Error occurred */ +\& if (EVP_PKEY_encrypt_init(ctx) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_OAEP_PADDING) <= 0) +\& /* Error */ +\& +\& /* Determine buffer length */ +\& if (EVP_PKEY_encrypt(ctx, NULL, &outlen, in, inlen) <= 0) +\& /* Error */ +\& +\& out = OPENSSL_malloc(outlen); +\& +\& if (!out) +\& /* malloc failure */ +\& +\& if (EVP_PKEY_encrypt(ctx, out, &outlen, in, inlen) <= 0) +\& /* Error */ +\& +\& /* Encrypted data is outlen bytes written to buffer out */ +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fId2i_X509\fR\|(3), +\&\fIENGINE_by_id\fR\|(3), +\&\fIEVP_PKEY_CTX_new\fR\|(3), +\&\fIEVP_PKEY_decrypt\fR\|(3), +\&\fIEVP_PKEY_sign\fR\|(3), +\&\fIEVP_PKEY_verify\fR\|(3), +\&\fIEVP_PKEY_verify_recover\fR\|(3), +\&\fIEVP_PKEY_derive\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_PKEY_fromdata.3 b/linux_amd64/share/man/man3/EVP_PKEY_fromdata.3 new file mode 100755 index 0000000..3148666 --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_PKEY_fromdata.3 @@ -0,0 +1,189 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_FROMDATA 3" +.TH EVP_PKEY_FROMDATA 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_param_fromdata_init, EVP_PKEY_key_fromdata_init, EVP_PKEY_fromdata, +EVP_PKEY_param_fromdata_settable, EVP_PKEY_key_fromdata_settable +\&\- functions to create key parameters and keys from user data +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_param_fromdata_init(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_key_fromdata_init(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_fromdata(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey, OSSL_PARAM params[]); +\& const OSSL_PARAM *EVP_PKEY_param_fromdata_settable(EVP_PKEY_CTX *ctx); +\& const OSSL_PARAM *EVP_PKEY_key_fromdata_settable(EVP_PKEY_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIEVP_PKEY_param_fromdata_init()\fR initializes a public key algorithm context +for creating key parameters from user data. +.PP +\&\fIEVP_PKEY_key_fromdata_init()\fR initializes a public key algorithm context for +creating a key from user data. +.PP +\&\fIEVP_PKEY_fromdata()\fR creates key parameters or a key, given data from +\&\fIparams\fR and a context that's been initialized with +\&\fIEVP_PKEY_param_fromdata_init()\fR or \fIEVP_PKEY_key_fromdata_init()\fR. The result is +written to \fI*ppkey\fR. The parameters that can be used for various types of key +are as described in the \*(L"Built-in \s-1RSA\s0 Import/Export Types\*(R" section on the +\&\fIprovider\-keymgmt\fR\|(7) page. +.PP +\&\fIEVP_PKEY_param_fromdata_settable()\fR and \fIEVP_PKEY_key_fromdata_settable()\fR +get a constant \fB\s-1OSSL_PARAM\s0\fR array that describes the settable parameters +that can be used with \fIEVP_PKEY_fromdata()\fR. +See \s-1\fIOSSL_PARAM\s0\fR\|(3) for the use of \fB\s-1OSSL_PARAM\s0\fR as parameter descriptor. +.SH "NOTES" +.IX Header "NOTES" +These functions only work with key management methods coming from a +provider. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_PKEY_key_fromdata_init()\fR, \fIEVP_PKEY_param_fromdata_init()\fR and +\&\fIEVP_PKEY_fromdata()\fR return 1 for success and 0 or a negative value for +failure. In particular a return value of \-2 indicates the operation is +not supported by the public key algorithm. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_PKEY_CTX_new\fR\|(3), \fIprovider\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_PKEY_get_default_digest_nid.3 b/linux_amd64/share/man/man3/EVP_PKEY_get_default_digest_nid.3 new file mode 100755 index 0000000..66f7104 --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_PKEY_get_default_digest_nid.3 @@ -0,0 +1,187 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_GET_DEFAULT_DIGEST_NID 3" +.TH EVP_PKEY_GET_DEFAULT_DIGEST_NID 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_get_default_digest_nid, EVP_PKEY_get_default_digest_name +\&\- get default signature digest +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_get_default_digest_name(EVP_PKEY *pkey, +\& char *mdname, size_t mdname_sz) +\& int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIEVP_PKEY_get_default_digest_name()\fR fills in the default message digest +name for the public key signature operations associated with key +\&\fIpkey\fR into \fImdname\fR, up to at most \fImdname_sz\fR bytes including the +ending \s-1NUL\s0 byte. +.PP +\&\fIEVP_PKEY_get_default_digest_nid()\fR sets \fIpnid\fR to the default message +digest \s-1NID\s0 for the public key signature operations associated with key +\&\fIpkey\fR. Note that some signature algorithms (i.e. Ed25519 and Ed448) +do not use a digest during signing. In this case \fIpnid\fR will be set +to NID_undef. This function is only reliable for legacy keys, which +are keys with a \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR; these keys have typically +been loaded from engines, or created with \fIEVP_PKEY_assign_RSA\fR\|(3) or +similar. +.SH "NOTES" +.IX Header "NOTES" +For all current standard OpenSSL public key algorithms \s-1SHA256\s0 is returned. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_PKEY_get_default_digest_name()\fR and \fIEVP_PKEY_get_default_digest_nid()\fR +both return 1 if the message digest is advisory (that is other digests +can be used) and 2 if it is mandatory (other digests can not be used). +They return 0 or a negative value for failure. In particular a return +value of \-2 indicates the operation is not supported by the public key +algorithm. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_PKEY_CTX_new\fR\|(3), +\&\fIEVP_PKEY_sign\fR\|(3), +\&\fIEVP_PKEY_supports_digest_nid\fR\|(3), +\&\fIEVP_PKEY_verify\fR\|(3), +\&\fIEVP_PKEY_verify_recover\fR\|(3), +.SH "HISTORY" +.IX Header "HISTORY" +This function was added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_PKEY_keygen.3 b/linux_amd64/share/man/man3/EVP_PKEY_keygen.3 new file mode 100755 index 0000000..04d40ea --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_PKEY_keygen.3 @@ -0,0 +1,308 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_KEYGEN 3" +.TH EVP_PKEY_KEYGEN 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_keygen_init, EVP_PKEY_keygen, EVP_PKEY_paramgen_init, +EVP_PKEY_paramgen, EVP_PKEY_CTX_set_cb, EVP_PKEY_CTX_get_cb, +EVP_PKEY_CTX_get_keygen_info, EVP_PKEY_CTX_set_app_data, +EVP_PKEY_CTX_get_app_data, +EVP_PKEY_gen_cb +\&\- key and parameter generation and check functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); +\& int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); +\& +\& typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx); +\& +\& void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb); +\& EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx); +\& +\& int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx); +\& +\& void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data); +\& void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fIEVP_PKEY_keygen_init()\fR function initializes a public key algorithm +context using key \fBpkey\fR for a key generation operation. +.PP +The \fIEVP_PKEY_keygen()\fR function performs a key generation operation, the +generated key is written to \fBppkey\fR. +.PP +The functions \fIEVP_PKEY_paramgen_init()\fR and \fIEVP_PKEY_paramgen()\fR are similar +except parameters are generated. +.PP +The function \fIEVP_PKEY_set_cb()\fR sets the key or parameter generation callback +to \fBcb\fR. The function \fIEVP_PKEY_CTX_get_cb()\fR returns the key or parameter +generation callback. +.PP +The function \fIEVP_PKEY_CTX_get_keygen_info()\fR returns parameters associated +with the generation operation. If \fBidx\fR is \-1 the total number of +parameters available is returned. Any non negative value returns the value of +that parameter. \fIEVP_PKEY_CTX_gen_keygen_info()\fR with a non-negative value for +\&\fBidx\fR should only be called within the generation callback. +.PP +If the callback returns 0 then the key generation operation is aborted and an +error occurs. This might occur during a time consuming operation where +a user clicks on a \*(L"cancel\*(R" button. +.PP +The functions \fIEVP_PKEY_CTX_set_app_data()\fR and \fIEVP_PKEY_CTX_get_app_data()\fR set +and retrieve an opaque pointer. This can be used to set some application +defined value which can be retrieved in the callback: for example a handle +which is used to update a \*(L"progress dialog\*(R". +.SH "NOTES" +.IX Header "NOTES" +After the call to \fIEVP_PKEY_keygen_init()\fR or \fIEVP_PKEY_paramgen_init()\fR algorithm +specific control operations can be performed to set any appropriate parameters +for the operation. +.PP +The functions \fIEVP_PKEY_keygen()\fR and \fIEVP_PKEY_paramgen()\fR can be called more than +once on the same context if several operations are performed using the same +parameters. +.PP +The meaning of the parameters passed to the callback will depend on the +algorithm and the specific implementation of the algorithm. Some might not +give any useful information at all during key or parameter generation. Others +might not even call the callback. +.PP +The operation performed by key or parameter generation depends on the algorithm +used. In some cases (e.g. \s-1EC\s0 with a supplied named curve) the \*(L"generation\*(R" +option merely sets the appropriate fields in an \s-1EVP_PKEY\s0 structure. +.PP +In OpenSSL an \s-1EVP_PKEY\s0 structure containing a private key also contains the +public key components and parameters (if any). An OpenSSL private key is +equivalent to what some libraries call a \*(L"key pair\*(R". A private key can be used +in functions which require the use of a public key or parameters. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_PKEY_keygen_init()\fR, \fIEVP_PKEY_paramgen_init()\fR, \fIEVP_PKEY_keygen()\fR and +\&\fIEVP_PKEY_paramgen()\fR return 1 for success and 0 or a negative value for failure. +In particular a return value of \-2 indicates the operation is not supported by +the public key algorithm. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Generate a 2048 bit \s-1RSA\s0 key: +.PP +.Vb 2 +\& #include +\& #include +\& +\& EVP_PKEY_CTX *ctx; +\& EVP_PKEY *pkey = NULL; +\& +\& ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL); +\& if (!ctx) +\& /* Error occurred */ +\& if (EVP_PKEY_keygen_init(ctx) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048) <= 0) +\& /* Error */ +\& +\& /* Generate key */ +\& if (EVP_PKEY_keygen(ctx, &pkey) <= 0) +\& /* Error */ +.Ve +.PP +Generate a key from a set of parameters: +.PP +.Vb 2 +\& #include +\& #include +\& +\& EVP_PKEY_CTX *ctx; +\& ENGINE *eng; +\& EVP_PKEY *pkey = NULL, *param; +\& +\& /* Assumed param, eng are set up already */ +\& ctx = EVP_PKEY_CTX_new(param, eng); +\& if (!ctx) +\& /* Error occurred */ +\& if (EVP_PKEY_keygen_init(ctx) <= 0) +\& /* Error */ +\& +\& /* Generate key */ +\& if (EVP_PKEY_keygen(ctx, &pkey) <= 0) +\& /* Error */ +.Ve +.PP +Example of generation callback for OpenSSL public key implementations: +.PP +.Vb 1 +\& /* Application data is a BIO to output status to */ +\& +\& EVP_PKEY_CTX_set_app_data(ctx, status_bio); +\& +\& static int genpkey_cb(EVP_PKEY_CTX *ctx) +\& { +\& char c = \*(Aq*\*(Aq; +\& BIO *b = EVP_PKEY_CTX_get_app_data(ctx); +\& int p = EVP_PKEY_CTX_get_keygen_info(ctx, 0); +\& +\& if (p == 0) +\& c = \*(Aq.\*(Aq; +\& if (p == 1) +\& c = \*(Aq+\*(Aq; +\& if (p == 2) +\& c = \*(Aq*\*(Aq; +\& if (p == 3) +\& c = \*(Aq\en\*(Aq; +\& BIO_write(b, &c, 1); +\& (void)BIO_flush(b); +\& return 1; +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_PKEY_CTX_new\fR\|(3), +\&\fIEVP_PKEY_encrypt\fR\|(3), +\&\fIEVP_PKEY_decrypt\fR\|(3), +\&\fIEVP_PKEY_sign\fR\|(3), +\&\fIEVP_PKEY_verify\fR\|(3), +\&\fIEVP_PKEY_verify_recover\fR\|(3), +\&\fIEVP_PKEY_derive\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_PKEY_meth_get_count.3 b/linux_amd64/share/man/man3/EVP_PKEY_meth_get_count.3 new file mode 100755 index 0000000..87e5e2f --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_PKEY_meth_get_count.3 @@ -0,0 +1,173 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_METH_GET_COUNT 3" +.TH EVP_PKEY_METH_GET_COUNT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_meth_get_count, EVP_PKEY_meth_get0, EVP_PKEY_meth_get0_info \- enumerate public key methods +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& size_t EVP_PKEY_meth_get_count(void); +\& const EVP_PKEY_METHOD *EVP_PKEY_meth_get0(size_t idx); +\& void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags, +\& const EVP_PKEY_METHOD *meth); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIEVP_PKEY_meth_count()\fR returns a count of the number of public key methods +available: it includes standard methods and any methods added by the +application. +.PP +\&\fIEVP_PKEY_meth_get0()\fR returns the public key method \fBidx\fR. The value of \fBidx\fR +must be between zero and \fIEVP_PKEY_meth_get_count()\fR \- 1. +.PP +\&\fIEVP_PKEY_meth_get0_info()\fR returns the public key \s-1ID\s0 (a \s-1NID\s0) and any flags +associated with the public key method \fB*meth\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_PKEY_meth_count()\fR returns the number of available public key methods. +.PP +\&\fIEVP_PKEY_meth_get0()\fR return a public key method or \fB\s-1NULL\s0\fR if \fBidx\fR is +out of range. +.PP +\&\fIEVP_PKEY_meth_get0_info()\fR does not return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_PKEY_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_PKEY_meth_new.3 b/linux_amd64/share/man/man3/EVP_PKEY_meth_new.3 new file mode 100755 index 0000000..2eb52f1 --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_PKEY_meth_new.3 @@ -0,0 +1,606 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_METH_NEW 3" +.TH EVP_PKEY_METH_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_meth_new, EVP_PKEY_meth_free, EVP_PKEY_meth_copy, EVP_PKEY_meth_find, +EVP_PKEY_meth_add0, EVP_PKEY_METHOD, +EVP_PKEY_meth_set_init, EVP_PKEY_meth_set_copy, EVP_PKEY_meth_set_cleanup, +EVP_PKEY_meth_set_paramgen, EVP_PKEY_meth_set_keygen, EVP_PKEY_meth_set_sign, +EVP_PKEY_meth_set_verify, EVP_PKEY_meth_set_verify_recover, EVP_PKEY_meth_set_signctx, +EVP_PKEY_meth_set_verifyctx, EVP_PKEY_meth_set_encrypt, EVP_PKEY_meth_set_decrypt, +EVP_PKEY_meth_set_derive, EVP_PKEY_meth_set_ctrl, +EVP_PKEY_meth_set_digestsign, EVP_PKEY_meth_set_digestverify, +EVP_PKEY_meth_set_check, +EVP_PKEY_meth_set_public_check, EVP_PKEY_meth_set_param_check, +EVP_PKEY_meth_set_digest_custom, +EVP_PKEY_meth_get_init, EVP_PKEY_meth_get_copy, EVP_PKEY_meth_get_cleanup, +EVP_PKEY_meth_get_paramgen, EVP_PKEY_meth_get_keygen, EVP_PKEY_meth_get_sign, +EVP_PKEY_meth_get_verify, EVP_PKEY_meth_get_verify_recover, EVP_PKEY_meth_get_signctx, +EVP_PKEY_meth_get_verifyctx, EVP_PKEY_meth_get_encrypt, EVP_PKEY_meth_get_decrypt, +EVP_PKEY_meth_get_derive, EVP_PKEY_meth_get_ctrl, +EVP_PKEY_meth_get_digestsign, EVP_PKEY_meth_get_digestverify, +EVP_PKEY_meth_get_check, +EVP_PKEY_meth_get_public_check, EVP_PKEY_meth_get_param_check, +EVP_PKEY_meth_get_digest_custom, +EVP_PKEY_meth_remove +\&\- manipulating EVP_PKEY_METHOD structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct evp_pkey_method_st EVP_PKEY_METHOD; +\& +\& EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags); +\& void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth); +\& void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src); +\& const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type); +\& int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth); +\& int EVP_PKEY_meth_remove(const EVP_PKEY_METHOD *pmeth); +\& +\& void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth, +\& int (*init) (EVP_PKEY_CTX *ctx)); +\& void EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD *pmeth, +\& int (*copy) (EVP_PKEY_CTX *dst, +\& EVP_PKEY_CTX *src)); +\& void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD *pmeth, +\& void (*cleanup) (EVP_PKEY_CTX *ctx)); +\& void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD *pmeth, +\& int (*paramgen_init) (EVP_PKEY_CTX *ctx), +\& int (*paramgen) (EVP_PKEY_CTX *ctx, +\& EVP_PKEY *pkey)); +\& void EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD *pmeth, +\& int (*keygen_init) (EVP_PKEY_CTX *ctx), +\& int (*keygen) (EVP_PKEY_CTX *ctx, +\& EVP_PKEY *pkey)); +\& void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth, +\& int (*sign_init) (EVP_PKEY_CTX *ctx), +\& int (*sign) (EVP_PKEY_CTX *ctx, +\& unsigned char *sig, size_t *siglen, +\& const unsigned char *tbs, +\& size_t tbslen)); +\& void EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD *pmeth, +\& int (*verify_init) (EVP_PKEY_CTX *ctx), +\& int (*verify) (EVP_PKEY_CTX *ctx, +\& const unsigned char *sig, +\& size_t siglen, +\& const unsigned char *tbs, +\& size_t tbslen)); +\& void EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD *pmeth, +\& int (*verify_recover_init) (EVP_PKEY_CTX +\& *ctx), +\& int (*verify_recover) (EVP_PKEY_CTX +\& *ctx, +\& unsigned char +\& *sig, +\& size_t *siglen, +\& const unsigned +\& char *tbs, +\& size_t tbslen)); +\& void EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD *pmeth, +\& int (*signctx_init) (EVP_PKEY_CTX *ctx, +\& EVP_MD_CTX *mctx), +\& int (*signctx) (EVP_PKEY_CTX *ctx, +\& unsigned char *sig, +\& size_t *siglen, +\& EVP_MD_CTX *mctx)); +\& void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD *pmeth, +\& int (*verifyctx_init) (EVP_PKEY_CTX *ctx, +\& EVP_MD_CTX *mctx), +\& int (*verifyctx) (EVP_PKEY_CTX *ctx, +\& const unsigned char *sig, +\& int siglen, +\& EVP_MD_CTX *mctx)); +\& void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *pmeth, +\& int (*encrypt_init) (EVP_PKEY_CTX *ctx), +\& int (*encryptfn) (EVP_PKEY_CTX *ctx, +\& unsigned char *out, +\& size_t *outlen, +\& const unsigned char *in, +\& size_t inlen)); +\& void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *pmeth, +\& int (*decrypt_init) (EVP_PKEY_CTX *ctx), +\& int (*decrypt) (EVP_PKEY_CTX *ctx, +\& unsigned char *out, +\& size_t *outlen, +\& const unsigned char *in, +\& size_t inlen)); +\& void EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD *pmeth, +\& int (*derive_init) (EVP_PKEY_CTX *ctx), +\& int (*derive) (EVP_PKEY_CTX *ctx, +\& unsigned char *key, +\& size_t *keylen)); +\& void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, +\& int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, +\& void *p2), +\& int (*ctrl_str) (EVP_PKEY_CTX *ctx, +\& const char *type, +\& const char *value)); +\& void EVP_PKEY_meth_set_digestsign(EVP_PKEY_METHOD *pmeth, +\& int (*digestsign) (EVP_MD_CTX *ctx, +\& unsigned char *sig, +\& size_t *siglen, +\& const unsigned char *tbs, +\& size_t tbslen)); +\& void EVP_PKEY_meth_set_digestverify(EVP_PKEY_METHOD *pmeth, +\& int (*digestverify) (EVP_MD_CTX *ctx, +\& const unsigned char *sig, +\& size_t siglen, +\& const unsigned char *tbs, +\& size_t tbslen)); +\& void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth, +\& int (*check) (EVP_PKEY *pkey)); +\& void EVP_PKEY_meth_set_public_check(EVP_PKEY_METHOD *pmeth, +\& int (*check) (EVP_PKEY *pkey)); +\& void EVP_PKEY_meth_set_param_check(EVP_PKEY_METHOD *pmeth, +\& int (*check) (EVP_PKEY *pkey)); +\& void EVP_PKEY_meth_set_digest_custom(EVP_PKEY_METHOD *pmeth, +\& int (*digest_custom) (EVP_PKEY_CTX *ctx, +\& EVP_MD_CTX *mctx)); +\& +\& void EVP_PKEY_meth_get_init(const EVP_PKEY_METHOD *pmeth, +\& int (**pinit) (EVP_PKEY_CTX *ctx)); +\& void EVP_PKEY_meth_get_copy(const EVP_PKEY_METHOD *pmeth, +\& int (**pcopy) (EVP_PKEY_CTX *dst, +\& EVP_PKEY_CTX *src)); +\& void EVP_PKEY_meth_get_cleanup(const EVP_PKEY_METHOD *pmeth, +\& void (**pcleanup) (EVP_PKEY_CTX *ctx)); +\& void EVP_PKEY_meth_get_paramgen(const EVP_PKEY_METHOD *pmeth, +\& int (**pparamgen_init) (EVP_PKEY_CTX *ctx), +\& int (**pparamgen) (EVP_PKEY_CTX *ctx, +\& EVP_PKEY *pkey)); +\& void EVP_PKEY_meth_get_keygen(const EVP_PKEY_METHOD *pmeth, +\& int (**pkeygen_init) (EVP_PKEY_CTX *ctx), +\& int (**pkeygen) (EVP_PKEY_CTX *ctx, +\& EVP_PKEY *pkey)); +\& void EVP_PKEY_meth_get_sign(const EVP_PKEY_METHOD *pmeth, +\& int (**psign_init) (EVP_PKEY_CTX *ctx), +\& int (**psign) (EVP_PKEY_CTX *ctx, +\& unsigned char *sig, size_t *siglen, +\& const unsigned char *tbs, +\& size_t tbslen)); +\& void EVP_PKEY_meth_get_verify(const EVP_PKEY_METHOD *pmeth, +\& int (**pverify_init) (EVP_PKEY_CTX *ctx), +\& int (**pverify) (EVP_PKEY_CTX *ctx, +\& const unsigned char *sig, +\& size_t siglen, +\& const unsigned char *tbs, +\& size_t tbslen)); +\& void EVP_PKEY_meth_get_verify_recover(const EVP_PKEY_METHOD *pmeth, +\& int (**pverify_recover_init) (EVP_PKEY_CTX +\& *ctx), +\& int (**pverify_recover) (EVP_PKEY_CTX +\& *ctx, +\& unsigned char +\& *sig, +\& size_t *siglen, +\& const unsigned +\& char *tbs, +\& size_t tbslen)); +\& void EVP_PKEY_meth_get_signctx(const EVP_PKEY_METHOD *pmeth, +\& int (**psignctx_init) (EVP_PKEY_CTX *ctx, +\& EVP_MD_CTX *mctx), +\& int (**psignctx) (EVP_PKEY_CTX *ctx, +\& unsigned char *sig, +\& size_t *siglen, +\& EVP_MD_CTX *mctx)); +\& void EVP_PKEY_meth_get_verifyctx(const EVP_PKEY_METHOD *pmeth, +\& int (**pverifyctx_init) (EVP_PKEY_CTX *ctx, +\& EVP_MD_CTX *mctx), +\& int (**pverifyctx) (EVP_PKEY_CTX *ctx, +\& const unsigned char *sig, +\& int siglen, +\& EVP_MD_CTX *mctx)); +\& void EVP_PKEY_meth_get_encrypt(const EVP_PKEY_METHOD *pmeth, +\& int (**pencrypt_init) (EVP_PKEY_CTX *ctx), +\& int (**pencryptfn) (EVP_PKEY_CTX *ctx, +\& unsigned char *out, +\& size_t *outlen, +\& const unsigned char *in, +\& size_t inlen)); +\& void EVP_PKEY_meth_get_decrypt(const EVP_PKEY_METHOD *pmeth, +\& int (**pdecrypt_init) (EVP_PKEY_CTX *ctx), +\& int (**pdecrypt) (EVP_PKEY_CTX *ctx, +\& unsigned char *out, +\& size_t *outlen, +\& const unsigned char *in, +\& size_t inlen)); +\& void EVP_PKEY_meth_get_derive(const EVP_PKEY_METHOD *pmeth, +\& int (**pderive_init) (EVP_PKEY_CTX *ctx), +\& int (**pderive) (EVP_PKEY_CTX *ctx, +\& unsigned char *key, +\& size_t *keylen)); +\& void EVP_PKEY_meth_get_ctrl(const EVP_PKEY_METHOD *pmeth, +\& int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1, +\& void *p2), +\& int (**pctrl_str) (EVP_PKEY_CTX *ctx, +\& const char *type, +\& const char *value)); +\& void EVP_PKEY_meth_get_digestsign(EVP_PKEY_METHOD *pmeth, +\& int (**digestsign) (EVP_MD_CTX *ctx, +\& unsigned char *sig, +\& size_t *siglen, +\& const unsigned char *tbs, +\& size_t tbslen)); +\& void EVP_PKEY_meth_get_digestverify(EVP_PKEY_METHOD *pmeth, +\& int (**digestverify) (EVP_MD_CTX *ctx, +\& const unsigned char *sig, +\& size_t siglen, +\& const unsigned char *tbs, +\& size_t tbslen)); +\& void EVP_PKEY_meth_get_check(const EVP_PKEY_METHOD *pmeth, +\& int (**pcheck) (EVP_PKEY *pkey)); +\& void EVP_PKEY_meth_get_public_check(const EVP_PKEY_METHOD *pmeth, +\& int (**pcheck) (EVP_PKEY *pkey)); +\& void EVP_PKEY_meth_get_param_check(const EVP_PKEY_METHOD *pmeth, +\& int (**pcheck) (EVP_PKEY *pkey)); +\& void EVP_PKEY_meth_get_digest_custom(EVP_PKEY_METHOD *pmeth, +\& int (**pdigest_custom) (EVP_PKEY_CTX *ctx, +\& EVP_MD_CTX *mctx)); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fB\s-1EVP_PKEY_METHOD\s0\fR is a structure which holds a set of methods for a +specific public key cryptographic algorithm. Those methods are usually +used to perform different jobs, such as generating a key, signing or +verifying, encrypting or decrypting, etc. +.PP +There are two places where the \fB\s-1EVP_PKEY_METHOD\s0\fR objects are stored: one +is a built-in static array representing the standard methods for different +algorithms, and the other one is a stack of user-defined application-specific +methods, which can be manipulated by using \fIEVP_PKEY_meth_add0\fR\|(3). +.PP +The \fB\s-1EVP_PKEY_METHOD\s0\fR objects are usually referenced by \fB\s-1EVP_PKEY_CTX\s0\fR +objects. +.SS "Methods" +.IX Subsection "Methods" +The methods are the underlying implementations of a particular public key +algorithm present by the \fB\s-1EVP_PKEY_CTX\s0\fR object. +.PP +.Vb 3 +\& int (*init) (EVP_PKEY_CTX *ctx); +\& int (*copy) (EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src); +\& void (*cleanup) (EVP_PKEY_CTX *ctx); +.Ve +.PP +The \fIinit()\fR method is called to initialize algorithm-specific data when a new +\&\fB\s-1EVP_PKEY_CTX\s0\fR is created. As opposed to \fIinit()\fR, the \fIcleanup()\fR method is called +when an \fB\s-1EVP_PKEY_CTX\s0\fR is freed. The \fIcopy()\fR method is called when an \fB\s-1EVP_PKEY_CTX\s0\fR +is being duplicated. Refer to \fIEVP_PKEY_CTX_new\fR\|(3), \fIEVP_PKEY_CTX_new_id\fR\|(3), +\&\fIEVP_PKEY_CTX_free\fR\|(3) and \fIEVP_PKEY_CTX_dup\fR\|(3). +.PP +.Vb 2 +\& int (*paramgen_init) (EVP_PKEY_CTX *ctx); +\& int (*paramgen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); +.Ve +.PP +The \fIparamgen_init()\fR and \fIparamgen()\fR methods deal with key parameter generation. +They are called by \fIEVP_PKEY_paramgen_init\fR\|(3) and \fIEVP_PKEY_paramgen\fR\|(3) to +handle the parameter generation process. +.PP +.Vb 2 +\& int (*keygen_init) (EVP_PKEY_CTX *ctx); +\& int (*keygen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); +.Ve +.PP +The \fIkeygen_init()\fR and \fIkeygen()\fR methods are used to generate the actual key for +the specified algorithm. They are called by \fIEVP_PKEY_keygen_init\fR\|(3) and +\&\fIEVP_PKEY_keygen\fR\|(3). +.PP +.Vb 3 +\& int (*sign_init) (EVP_PKEY_CTX *ctx); +\& int (*sign) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, +\& const unsigned char *tbs, size_t tbslen); +.Ve +.PP +The \fIsign_init()\fR and \fIsign()\fR methods are used to generate the signature of a +piece of data using a private key. They are called by \fIEVP_PKEY_sign_init\fR\|(3) +and \fIEVP_PKEY_sign\fR\|(3). +.PP +.Vb 4 +\& int (*verify_init) (EVP_PKEY_CTX *ctx); +\& int (*verify) (EVP_PKEY_CTX *ctx, +\& const unsigned char *sig, size_t siglen, +\& const unsigned char *tbs, size_t tbslen); +.Ve +.PP +The \fIverify_init()\fR and \fIverify()\fR methods are used to verify whether a signature is +valid. They are called by \fIEVP_PKEY_verify_init\fR\|(3) and \fIEVP_PKEY_verify\fR\|(3). +.PP +.Vb 4 +\& int (*verify_recover_init) (EVP_PKEY_CTX *ctx); +\& int (*verify_recover) (EVP_PKEY_CTX *ctx, +\& unsigned char *rout, size_t *routlen, +\& const unsigned char *sig, size_t siglen); +.Ve +.PP +The \fIverify_recover_init()\fR and \fIverify_recover()\fR methods are used to verify a +signature and then recover the digest from the signature (for instance, a +signature that was generated by \s-1RSA\s0 signing algorithm). They are called by +\&\fIEVP_PKEY_verify_recover_init\fR\|(3) and \fIEVP_PKEY_verify_recover\fR\|(3). +.PP +.Vb 3 +\& int (*signctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); +\& int (*signctx) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, +\& EVP_MD_CTX *mctx); +.Ve +.PP +The \fIsignctx_init()\fR and \fIsignctx()\fR methods are used to sign a digest present by +a \fB\s-1EVP_MD_CTX\s0\fR object. They are called by the EVP_DigestSign functions. See +\&\fIEVP_DigestSignInit\fR\|(3) for details. +.PP +.Vb 3 +\& int (*verifyctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); +\& int (*verifyctx) (EVP_PKEY_CTX *ctx, const unsigned char *sig, int siglen, +\& EVP_MD_CTX *mctx); +.Ve +.PP +The \fIverifyctx_init()\fR and \fIverifyctx()\fR methods are used to verify a signature +against the data in a \fB\s-1EVP_MD_CTX\s0\fR object. They are called by the various +EVP_DigestVerify functions. See \fIEVP_DigestVerifyInit\fR\|(3) for details. +.PP +.Vb 3 +\& int (*encrypt_init) (EVP_PKEY_CTX *ctx); +\& int (*encrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, +\& const unsigned char *in, size_t inlen); +.Ve +.PP +The \fIencrypt_init()\fR and \fIencrypt()\fR methods are used to encrypt a piece of data. +They are called by \fIEVP_PKEY_encrypt_init\fR\|(3) and \fIEVP_PKEY_encrypt\fR\|(3). +.PP +.Vb 3 +\& int (*decrypt_init) (EVP_PKEY_CTX *ctx); +\& int (*decrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, +\& const unsigned char *in, size_t inlen); +.Ve +.PP +The \fIdecrypt_init()\fR and \fIdecrypt()\fR methods are used to decrypt a piece of data. +They are called by \fIEVP_PKEY_decrypt_init\fR\|(3) and \fIEVP_PKEY_decrypt\fR\|(3). +.PP +.Vb 2 +\& int (*derive_init) (EVP_PKEY_CTX *ctx); +\& int (*derive) (EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); +.Ve +.PP +The \fIderive_init()\fR and \fIderive()\fR methods are used to derive the shared secret +from a public key algorithm (for instance, the \s-1DH\s0 algorithm). They are called by +\&\fIEVP_PKEY_derive_init\fR\|(3) and \fIEVP_PKEY_derive\fR\|(3). +.PP +.Vb 2 +\& int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2); +\& int (*ctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value); +.Ve +.PP +The \fIctrl()\fR and \fIctrl_str()\fR methods are used to adjust algorithm-specific +settings. See \fIEVP_PKEY_CTX_ctrl\fR\|(3) and related functions for details. +.PP +.Vb 5 +\& int (*digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, +\& const unsigned char *tbs, size_t tbslen); +\& int (*digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig, +\& size_t siglen, const unsigned char *tbs, +\& size_t tbslen); +.Ve +.PP +The \fIdigestsign()\fR and \fIdigestverify()\fR methods are used to generate or verify +a signature in a one-shot mode. They could be called by \fIEVP_DigestSign\fR\|(3) +and \fIEVP_DigestVerify\fR\|(3). +.PP +.Vb 3 +\& int (*check) (EVP_PKEY *pkey); +\& int (*public_check) (EVP_PKEY *pkey); +\& int (*param_check) (EVP_PKEY *pkey); +.Ve +.PP +The \fIcheck()\fR, \fIpublic_check()\fR and \fIparam_check()\fR methods are used to validate a +key-pair, the public component and parameters respectively for a given \fBpkey\fR. +They could be called by \fIEVP_PKEY_check\fR\|(3), \fIEVP_PKEY_public_check\fR\|(3) and +\&\fIEVP_PKEY_param_check\fR\|(3) respectively. +.PP +.Vb 1 +\& int (*digest_custom) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); +.Ve +.PP +The \fIdigest_custom()\fR method is used to generate customized digest content before +the real message is passed to functions like \fIEVP_DigestSignUpdate\fR\|(3) or +\&\fIEVP_DigestVerifyInit\fR\|(3). This is usually required by some public key +signature algorithms like \s-1SM2\s0 which requires a hashed prefix to the message to +be signed. The \fIdigest_custom()\fR function will be called by \fIEVP_DigestSignInit\fR\|(3) +and \fIEVP_DigestVerifyInit\fR\|(3). +.SS "Functions" +.IX Subsection "Functions" +\&\fIEVP_PKEY_meth_new()\fR creates and returns a new \fB\s-1EVP_PKEY_METHOD\s0\fR object, +and associates the given \fBid\fR and \fBflags\fR. The following flags are +supported: +.PP +.Vb 2 +\& EVP_PKEY_FLAG_AUTOARGLEN +\& EVP_PKEY_FLAG_SIGCTX_CUSTOM +.Ve +.PP +If an \fB\s-1EVP_PKEY_METHOD\s0\fR is set with the \fB\s-1EVP_PKEY_FLAG_AUTOARGLEN\s0\fR flag, the +maximum size of the output buffer will be automatically calculated or checked +in corresponding \s-1EVP\s0 methods by the \s-1EVP\s0 framework. Thus the implementations of +these methods don't need to care about handling the case of returning output +buffer size by themselves. For details on the output buffer size, refer to +\&\fIEVP_PKEY_sign\fR\|(3). +.PP +The \fB\s-1EVP_PKEY_FLAG_SIGCTX_CUSTOM\s0\fR is used to indicate the \fIsignctx()\fR method +of an \fB\s-1EVP_PKEY_METHOD\s0\fR is always called by the \s-1EVP\s0 framework while doing a +digest signing operation by calling \fIEVP_DigestSignFinal\fR\|(3). +.PP +\&\fIEVP_PKEY_meth_free()\fR frees an existing \fB\s-1EVP_PKEY_METHOD\s0\fR pointed by +\&\fBpmeth\fR. +.PP +\&\fIEVP_PKEY_meth_copy()\fR copies an \fB\s-1EVP_PKEY_METHOD\s0\fR object from \fBsrc\fR +to \fBdst\fR. +.PP +\&\fIEVP_PKEY_meth_find()\fR finds an \fB\s-1EVP_PKEY_METHOD\s0\fR object with the \fBid\fR. +This function first searches through the user-defined method objects and +then the built-in objects. +.PP +\&\fIEVP_PKEY_meth_add0()\fR adds \fBpmeth\fR to the user defined stack of methods. +.PP +\&\fIEVP_PKEY_meth_remove()\fR removes an \fB\s-1EVP_PKEY_METHOD\s0\fR object added by +\&\fIEVP_PKEY_meth_add0()\fR. +.PP +The EVP_PKEY_meth_set functions set the corresponding fields of +\&\fB\s-1EVP_PKEY_METHOD\s0\fR structure with the arguments passed. +.PP +The EVP_PKEY_meth_get functions get the corresponding fields of +\&\fB\s-1EVP_PKEY_METHOD\s0\fR structure to the arguments provided. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_PKEY_meth_new()\fR returns a pointer to a new \fB\s-1EVP_PKEY_METHOD\s0\fR +object or returns \s-1NULL\s0 on error. +.PP +\&\fIEVP_PKEY_meth_free()\fR and \fIEVP_PKEY_meth_copy()\fR do not return values. +.PP +\&\fIEVP_PKEY_meth_find()\fR returns a pointer to the found \fB\s-1EVP_PKEY_METHOD\s0\fR +object or returns \s-1NULL\s0 if not found. +.PP +\&\fIEVP_PKEY_meth_add0()\fR returns 1 if method is added successfully or 0 +if an error occurred. +.PP +\&\fIEVP_PKEY_meth_remove()\fR returns 1 if method is removed successfully or +0 if an error occurred. +.PP +All EVP_PKEY_meth_set and EVP_PKEY_meth_get functions have no return +values. For the 'get' functions, function pointers are returned by +arguments. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_PKEY_new.3 b/linux_amd64/share/man/man3/EVP_PKEY_new.3 new file mode 100755 index 0000000..254966e --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_PKEY_new.3 @@ -0,0 +1,257 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_NEW 3" +.TH EVP_PKEY_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_new, +EVP_PKEY_up_ref, +EVP_PKEY_free, +EVP_PKEY_new_raw_private_key, +EVP_PKEY_new_raw_public_key, +EVP_PKEY_new_CMAC_key, +EVP_PKEY_new_mac_key, +EVP_PKEY_get_raw_private_key, +EVP_PKEY_get_raw_public_key +\&\- public/private key allocation and raw key handling functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EVP_PKEY *EVP_PKEY_new(void); +\& int EVP_PKEY_up_ref(EVP_PKEY *key); +\& void EVP_PKEY_free(EVP_PKEY *key); +\& +\& EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *e, +\& const unsigned char *key, size_t keylen); +\& EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *e, +\& const unsigned char *key, size_t keylen); +\& EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv, +\& size_t len, const EVP_CIPHER *cipher); +\& EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, const unsigned char *key, +\& int keylen); +\& +\& int EVP_PKEY_get_raw_private_key(const EVP_PKEY *pkey, unsigned char *priv, +\& size_t *len); +\& int EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey, unsigned char *pub, +\& size_t *len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fIEVP_PKEY_new()\fR function allocates an empty \fB\s-1EVP_PKEY\s0\fR structure which is +used by OpenSSL to store public and private keys. The reference count is set to +\&\fB1\fR. +.PP +\&\fIEVP_PKEY_up_ref()\fR increments the reference count of \fBkey\fR. +.PP +\&\fIEVP_PKEY_free()\fR decrements the reference count of \fBkey\fR and, if the reference +count is zero, frees it up. If \fBkey\fR is \s-1NULL\s0, nothing is done. +.PP +\&\fIEVP_PKEY_new_raw_private_key()\fR allocates a new \fB\s-1EVP_PKEY\s0\fR. If \fBe\fR is non-NULL +then the new \fB\s-1EVP_PKEY\s0\fR structure is associated with the engine \fBe\fR. The +\&\fBtype\fR argument indicates what kind of key this is. The value should be a \s-1NID\s0 +for a public key algorithm that supports raw private keys, i.e. one of +\&\fB\s-1EVP_PKEY_HMAC\s0\fR, \fB\s-1EVP_PKEY_POLY1305\s0\fR, \fB\s-1EVP_PKEY_SIPHASH\s0\fR, \fB\s-1EVP_PKEY_X25519\s0\fR, +\&\fB\s-1EVP_PKEY_ED25519\s0\fR, \fB\s-1EVP_PKEY_X448\s0\fR or \fB\s-1EVP_PKEY_ED448\s0\fR. \fBkey\fR points to the +raw private key data for this \fB\s-1EVP_PKEY\s0\fR which should be of length \fBkeylen\fR. +The length should be appropriate for the type of the key. The public key data +will be automatically derived from the given private key data (if appropriate +for the algorithm type). +.PP +\&\fIEVP_PKEY_new_raw_public_key()\fR works in the same way as +\&\fIEVP_PKEY_new_raw_private_key()\fR except that \fBkey\fR points to the raw public key +data. The \fB\s-1EVP_PKEY\s0\fR structure will be initialised without any private key +information. Algorithm types that support raw public keys are +\&\fB\s-1EVP_PKEY_X25519\s0\fR, \fB\s-1EVP_PKEY_ED25519\s0\fR, \fB\s-1EVP_PKEY_X448\s0\fR or \fB\s-1EVP_PKEY_ED448\s0\fR. +.PP +\&\fIEVP_PKEY_new_CMAC_key()\fR works in the same way as \fIEVP_PKEY_new_raw_private_key()\fR +except it is only for the \fB\s-1EVP_PKEY_CMAC\s0\fR algorithm type. In addition to the +raw private key data, it also takes a cipher algorithm to be used during +creation of a \s-1CMAC\s0 in the \fBcipher\fR argument. +.PP +\&\fIEVP_PKEY_new_mac_key()\fR works in the same way as \fIEVP_PKEY_new_raw_private_key()\fR. +New applications should use \fIEVP_PKEY_new_raw_private_key()\fR instead. +.PP +\&\fIEVP_PKEY_get_raw_private_key()\fR fills the buffer provided by \fBpriv\fR with raw +private key data. The number of bytes written is populated in \fB*len\fR. If the +buffer \fBpriv\fR is \s-1NULL\s0 then \fB*len\fR is populated with the number of bytes +required to hold the key. The calling application is responsible for ensuring +that the buffer is large enough to receive the private key data. This function +only works for algorithms that support raw private keys. Currently this is: +\&\fB\s-1EVP_PKEY_HMAC\s0\fR, \fB\s-1EVP_PKEY_POLY1305\s0\fR, \fB\s-1EVP_PKEY_SIPHASH\s0\fR, \fB\s-1EVP_PKEY_X25519\s0\fR, +\&\fB\s-1EVP_PKEY_ED25519\s0\fR, \fB\s-1EVP_PKEY_X448\s0\fR or \fB\s-1EVP_PKEY_ED448\s0\fR. +.PP +\&\fIEVP_PKEY_get_raw_public_key()\fR fills the buffer provided by \fBpub\fR with raw +public key data. The number of bytes written is populated in \fB*len\fR. If the +buffer \fBpub\fR is \s-1NULL\s0 then \fB*len\fR is populated with the number of bytes +required to hold the key. The calling application is responsible for ensuring +that the buffer is large enough to receive the public key data. This function +only works for algorithms that support raw public keys. Currently this is: +\&\fB\s-1EVP_PKEY_X25519\s0\fR, \fB\s-1EVP_PKEY_ED25519\s0\fR, \fB\s-1EVP_PKEY_X448\s0\fR or \fB\s-1EVP_PKEY_ED448\s0\fR. +.SH "NOTES" +.IX Header "NOTES" +The \fB\s-1EVP_PKEY\s0\fR structure is used by various OpenSSL functions which require a +general private key without reference to any particular algorithm. +.PP +The structure returned by \fIEVP_PKEY_new()\fR is empty. To add a private or public +key to this empty structure use the appropriate functions described in +\&\fIEVP_PKEY_set1_RSA\fR\|(3), \fIEVP_PKEY_set1_DSA\fR\|(3), \fIEVP_PKEY_set1_DH\fR\|(3) or +\&\fIEVP_PKEY_set1_EC_KEY\fR\|(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_PKEY_new()\fR, \fIEVP_PKEY_new_raw_private_key()\fR, \fIEVP_PKEY_new_raw_public_key()\fR, +\&\fIEVP_PKEY_new_CMAC_key()\fR and \fIEVP_PKEY_new_mac_key()\fR return either the newly +allocated \fB\s-1EVP_PKEY\s0\fR structure or \fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fIEVP_PKEY_up_ref()\fR, \fIEVP_PKEY_get_raw_private_key()\fR and +\&\fIEVP_PKEY_get_raw_public_key()\fR return 1 for success and 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_PKEY_set1_RSA\fR\|(3), \fIEVP_PKEY_set1_DSA\fR\|(3), \fIEVP_PKEY_set1_DH\fR\|(3) or +\&\fIEVP_PKEY_set1_EC_KEY\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The +\&\fIEVP_PKEY_new()\fR and \fIEVP_PKEY_free()\fR functions exist in all versions of OpenSSL. +.PP +The \fIEVP_PKEY_up_ref()\fR function was added in OpenSSL 1.1.0. +.PP +The +\&\fIEVP_PKEY_new_raw_private_key()\fR, \fIEVP_PKEY_new_raw_public_key()\fR, +\&\fIEVP_PKEY_new_CMAC_key()\fR, \fIEVP_PKEY_new_raw_private_key()\fR and +\&\fIEVP_PKEY_get_raw_public_key()\fR functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_PKEY_print_private.3 b/linux_amd64/share/man/man3/EVP_PKEY_print_private.3 new file mode 100755 index 0000000..df13c6e --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_PKEY_print_private.3 @@ -0,0 +1,182 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_PRINT_PRIVATE 3" +.TH EVP_PKEY_PRINT_PRIVATE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_print_public, EVP_PKEY_print_private, EVP_PKEY_print_params \- public key algorithm printing routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey, +\& int indent, ASN1_PCTX *pctx); +\& int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey, +\& int indent, ASN1_PCTX *pctx); +\& int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey, +\& int indent, ASN1_PCTX *pctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The functions \fIEVP_PKEY_print_public()\fR, \fIEVP_PKEY_print_private()\fR and +\&\fIEVP_PKEY_print_params()\fR print out the public, private or parameter components +of key \fBpkey\fR respectively. The key is sent to \s-1BIO\s0 \fBout\fR in human readable +form. The parameter \fBindent\fR indicated how far the printout should be indented. +.PP +The \fBpctx\fR parameter allows the print output to be finely tuned by using +\&\s-1ASN1\s0 printing options. If \fBpctx\fR is set to \s-1NULL\s0 then default values will +be used. +.SH "NOTES" +.IX Header "NOTES" +Currently no public key algorithms include any options in the \fBpctx\fR parameter. +.PP +If the key does not include all the components indicated by the function then +only those contained in the key will be printed. For example passing a public +key to \fIEVP_PKEY_print_private()\fR will only print the public components. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions all return 1 for success and 0 or a negative value for failure. +In particular a return value of \-2 indicates the operation is not supported by +the public key algorithm. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_PKEY_CTX_new\fR\|(3), +\&\fIEVP_PKEY_keygen\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_PKEY_set1_RSA.3 b/linux_amd64/share/man/man3/EVP_PKEY_set1_RSA.3 new file mode 100755 index 0000000..e4e1e07 --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_PKEY_set1_RSA.3 @@ -0,0 +1,289 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_SET1_RSA 3" +.TH EVP_PKEY_SET1_RSA 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY, +EVP_PKEY_get1_RSA, EVP_PKEY_get1_DSA, EVP_PKEY_get1_DH, EVP_PKEY_get1_EC_KEY, +EVP_PKEY_get0_RSA, EVP_PKEY_get0_DSA, EVP_PKEY_get0_DH, EVP_PKEY_get0_EC_KEY, +EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH, +EVP_PKEY_assign_EC_KEY, EVP_PKEY_assign_POLY1305, EVP_PKEY_assign_SIPHASH, +EVP_PKEY_get0_hmac, EVP_PKEY_get0_poly1305, EVP_PKEY_get0_siphash, +EVP_PKEY_type, EVP_PKEY_id, EVP_PKEY_base_id, EVP_PKEY_set_alias_type, +EVP_PKEY_set1_engine, EVP_PKEY_get0_engine \- EVP_PKEY assignment functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key); +\& int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key); +\& int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key); +\& int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key); +\& +\& RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey); +\& DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey); +\& DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey); +\& EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey); +\& +\& const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len); +\& const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len); +\& const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len); +\& RSA *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey); +\& DSA *EVP_PKEY_get0_DSA(const EVP_PKEY *pkey); +\& DH *EVP_PKEY_get0_DH(const EVP_PKEY *pkey); +\& EC_KEY *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey); +\& +\& int EVP_PKEY_assign_RSA(EVP_PKEY *pkey, RSA *key); +\& int EVP_PKEY_assign_DSA(EVP_PKEY *pkey, DSA *key); +\& int EVP_PKEY_assign_DH(EVP_PKEY *pkey, DH *key); +\& int EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey, EC_KEY *key); +\& int EVP_PKEY_assign_POLY1305(EVP_PKEY *pkey, ASN1_OCTET_STRING *key); +\& int EVP_PKEY_assign_SIPHASH(EVP_PKEY *pkey, ASN1_OCTET_STRING *key); +\& +\& int EVP_PKEY_id(const EVP_PKEY *pkey); +\& int EVP_PKEY_base_id(const EVP_PKEY *pkey); +\& int EVP_PKEY_type(int type); +\& int EVP_PKEY_set_alias_type(EVP_PKEY *pkey, int type); +\& +\& ENGINE *EVP_PKEY_get0_engine(const EVP_PKEY *pkey); +\& int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *engine); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIEVP_PKEY_set1_RSA()\fR, \fIEVP_PKEY_set1_DSA()\fR, \fIEVP_PKEY_set1_DH()\fR and +\&\fIEVP_PKEY_set1_EC_KEY()\fR set the key referenced by \fBpkey\fR to \fBkey\fR. +.PP +\&\fIEVP_PKEY_get1_RSA()\fR, \fIEVP_PKEY_get1_DSA()\fR, \fIEVP_PKEY_get1_DH()\fR and +\&\fIEVP_PKEY_get1_EC_KEY()\fR return the referenced key in \fBpkey\fR or +\&\fB\s-1NULL\s0\fR if the key is not of the correct type. +.PP +\&\fIEVP_PKEY_get0_hmac()\fR, \fIEVP_PKEY_get0_poly1305()\fR, \fIEVP_PKEY_get0_siphash()\fR, +\&\fIEVP_PKEY_get0_RSA()\fR, \fIEVP_PKEY_get0_DSA()\fR, \fIEVP_PKEY_get0_DH()\fR +and \fIEVP_PKEY_get0_EC_KEY()\fR also return the referenced key in \fBpkey\fR or \fB\s-1NULL\s0\fR +if the key is not of the correct type but the reference count of the +returned key is \fBnot\fR incremented and so must not be freed up after use. +.PP +\&\fIEVP_PKEY_assign_RSA()\fR, \fIEVP_PKEY_assign_DSA()\fR, \fIEVP_PKEY_assign_DH()\fR, +\&\fIEVP_PKEY_assign_EC_KEY()\fR, \fIEVP_PKEY_assign_POLY1305()\fR and +\&\fIEVP_PKEY_assign_SIPHASH()\fR also set the referenced key to \fBkey\fR +however these use the supplied \fBkey\fR internally and so \fBkey\fR +will be freed when the parent \fBpkey\fR is freed. +.PP +\&\fIEVP_PKEY_base_id()\fR returns the type of \fBpkey\fR. For example +an \s-1RSA\s0 key will return \fB\s-1EVP_PKEY_RSA\s0\fR. +.PP +\&\fIEVP_PKEY_id()\fR returns the actual \s-1OID\s0 associated with \fBpkey\fR. Historically keys +using the same algorithm could use different OIDs. For example an \s-1RSA\s0 key could +use the OIDs corresponding to the NIDs \fBNID_rsaEncryption\fR (equivalent to +\&\fB\s-1EVP_PKEY_RSA\s0\fR) or \fBNID_rsa\fR (equivalent to \fB\s-1EVP_PKEY_RSA2\s0\fR). The use of +alternative non-standard OIDs is now rare so \fB\s-1EVP_PKEY_RSA2\s0\fR et al are not +often seen in practice. +.PP +\&\fIEVP_PKEY_type()\fR returns the underlying type of the \s-1NID\s0 \fBtype\fR. For example +EVP_PKEY_type(\s-1EVP_PKEY_RSA2\s0) will return \fB\s-1EVP_PKEY_RSA\s0\fR. +.PP +\&\fIEVP_PKEY_get0_engine()\fR returns a reference to the \s-1ENGINE\s0 handling \fBpkey\fR. +.PP +\&\fIEVP_PKEY_set1_engine()\fR sets the \s-1ENGINE\s0 handling \fBpkey\fR to \fBengine\fR. It +must be called after the key algorithm and components are set up. +If \fBengine\fR does not include an \fB\s-1EVP_PKEY_METHOD\s0\fR for \fBpkey\fR an +error occurs. +.PP +\&\fIEVP_PKEY_set_alias_type()\fR allows modifying a \s-1EVP_PKEY\s0 to use a +different set of algorithms than the default. +.SH "NOTES" +.IX Header "NOTES" +In accordance with the OpenSSL naming convention the key obtained +from or assigned to the \fBpkey\fR using the \fB1\fR functions must be +freed as well as \fBpkey\fR. +.PP +\&\fIEVP_PKEY_assign_RSA()\fR, \fIEVP_PKEY_assign_DSA()\fR, \fIEVP_PKEY_assign_DH()\fR, +\&\fIEVP_PKEY_assign_EC_KEY()\fR, \fIEVP_PKEY_assign_POLY1305()\fR +and \fIEVP_PKEY_assign_SIPHASH()\fR are implemented as macros. +.PP +\&\fIEVP_PKEY_assign_EC_KEY()\fR looks at the curve name id to determine if +the passed \fB\s-1EC_KEY\s0\fR is an \s-1\fISM2\s0\fR\|(7) key, and will set the \fB\s-1EVP_PKEY\s0\fR +type to \fB\s-1EVP_PKEY_SM2\s0\fR in that case, instead of \fB\s-1EVP_PKEY_EC\s0\fR. +.PP +It's possible to switch back and forth between the types \fB\s-1EVP_PKEY_EC\s0\fR +and \fB\s-1EVP_PKEY_SM2\s0\fR with a call to \fIEVP_PKEY_set_alias_type()\fR on keys +assigned with this macro if it's desirable to do a normal \s-1EC\s0 +computations with the \s-1SM2\s0 curve instead of the special \s-1SM2\s0 +computations, and vice versa. +.PP +Most applications wishing to know a key type will simply call +\&\fIEVP_PKEY_base_id()\fR and will not care about the actual type: +which will be identical in almost all cases. +.PP +Previous versions of this document suggested using EVP_PKEY_type(pkey\->type) +to determine the type of a key. Since \fB\s-1EVP_PKEY\s0\fR is now opaque this +is no longer possible: the equivalent is EVP_PKEY_base_id(pkey). +.PP +\&\fIEVP_PKEY_set1_engine()\fR is typically used by an \s-1ENGINE\s0 returning an \s-1HSM\s0 +key as part of its routine to load a private key. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_PKEY_set1_RSA()\fR, \fIEVP_PKEY_set1_DSA()\fR, \fIEVP_PKEY_set1_DH()\fR and +\&\fIEVP_PKEY_set1_EC_KEY()\fR return 1 for success or 0 for failure. +.PP +\&\fIEVP_PKEY_get1_RSA()\fR, \fIEVP_PKEY_get1_DSA()\fR, \fIEVP_PKEY_get1_DH()\fR and +\&\fIEVP_PKEY_get1_EC_KEY()\fR return the referenced key or \fB\s-1NULL\s0\fR if +an error occurred. +.PP +\&\fIEVP_PKEY_assign_RSA()\fR, \fIEVP_PKEY_assign_DSA()\fR, \fIEVP_PKEY_assign_DH()\fR, +\&\fIEVP_PKEY_assign_EC_KEY()\fR, \fIEVP_PKEY_assign_POLY1305()\fR +and \fIEVP_PKEY_assign_SIPHASH()\fR return 1 for success and 0 for failure. +.PP +\&\fIEVP_PKEY_base_id()\fR, \fIEVP_PKEY_id()\fR and \fIEVP_PKEY_type()\fR return a key +type or \fBNID_undef\fR (equivalently \fB\s-1EVP_PKEY_NONE\s0\fR) on error. +.PP +\&\fIEVP_PKEY_set1_engine()\fR returns 1 for success and 0 for failure. +.PP +\&\fIEVP_PKEY_set_alias_type()\fR returns 1 for success and 0 for error. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +After loading an \s-1ECC\s0 key, it is possible to convert it to using \s-1SM2\s0 +algorithms with EVP_PKEY_set_alias_type: +.PP +.Vb 1 +\& EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_PKEY_new\fR\|(3), \s-1\fISM2\s0\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_PKEY_sign.3 b/linux_amd64/share/man/man3/EVP_PKEY_sign.3 new file mode 100755 index 0000000..e86398f --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_PKEY_sign.3 @@ -0,0 +1,240 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_SIGN 3" +.TH EVP_PKEY_SIGN 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_sign_init, EVP_PKEY_sign +\&\- sign using a public key algorithm +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_sign(EVP_PKEY_CTX *ctx, +\& unsigned char *sig, size_t *siglen, +\& const unsigned char *tbs, size_t tbslen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIEVP_PKEY_sign_init()\fR initializes a public key algorithm context \fIctx\fR for +signing using the algorithm given when the context was created +using \fIEVP_PKEY_CTX_new\fR\|(3) or variants thereof. The algorithm is used to +fetch a \fB\s-1EVP_SIGNATURE\s0\fR method implicitly, see \*(L"Implicit fetch\*(R" in \fIprovider\fR\|(7) +for more information about implict fetches. +.PP +The \fIEVP_PKEY_sign()\fR function performs a public key signing operation +using \fIctx\fR. The data to be signed is specified using the \fItbs\fR and +\&\fItbslen\fR parameters. If \fIsig\fR is \s-1NULL\s0 then the maximum size of the output +buffer is written to the \fIsiglen\fR parameter. If \fIsig\fR is not \s-1NULL\s0 then +before the call the \fIsiglen\fR parameter should contain the length of the +\&\fIsig\fR buffer, if the call is successful the signature is written to +\&\fIsig\fR and the amount of data written to \fIsiglen\fR. +.SH "NOTES" +.IX Header "NOTES" +\&\fIEVP_PKEY_sign()\fR does not hash the data to be signed, and therefore is +normally used to sign digests. For signing arbitrary messages, see the +\&\fIEVP_DigestSignInit\fR\|(3) and +\&\fIEVP_SignInit\fR\|(3) signing interfaces instead. +.PP +After the call to \fIEVP_PKEY_sign_init()\fR algorithm specific control +operations can be performed to set any appropriate parameters for the +operation (see \fIEVP_PKEY_CTX_ctrl\fR\|(3)). +.PP +The function \fIEVP_PKEY_sign()\fR can be called more than once on the same +context if several operations are performed using the same parameters. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_PKEY_sign_init()\fR and \fIEVP_PKEY_sign()\fR return 1 for success and 0 +or a negative value for failure. In particular a return value of \-2 +indicates the operation is not supported by the public key algorithm. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Sign data using \s-1RSA\s0 with PKCS#1 padding and \s-1SHA256\s0 digest: +.PP +.Vb 2 +\& #include +\& #include +\& +\& EVP_PKEY_CTX *ctx; +\& /* md is a SHA\-256 digest in this example. */ +\& unsigned char *md, *sig; +\& size_t mdlen = 32, siglen; +\& EVP_PKEY *signing_key; +\& +\& /* +\& * NB: assumes signing_key and md are set up before the next +\& * step. signing_key must be an RSA private key and md must +\& * point to the SHA\-256 digest to be signed. +\& */ +\& ctx = EVP_PKEY_CTX_new(signing_key, NULL /* no engine */); +\& if (!ctx) +\& /* Error occurred */ +\& if (EVP_PKEY_sign_init(ctx) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0) +\& /* Error */ +\& +\& /* Determine buffer length */ +\& if (EVP_PKEY_sign(ctx, NULL, &siglen, md, mdlen) <= 0) +\& /* Error */ +\& +\& sig = OPENSSL_malloc(siglen); +\& +\& if (!sig) +\& /* malloc failure */ +\& +\& if (EVP_PKEY_sign(ctx, sig, &siglen, md, mdlen) <= 0) +\& /* Error */ +\& +\& /* Signature is siglen bytes written to buffer sig */ +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_PKEY_CTX_new\fR\|(3), +\&\fIEVP_PKEY_CTX_ctrl\fR\|(3), +\&\fIEVP_PKEY_encrypt\fR\|(3), +\&\fIEVP_PKEY_decrypt\fR\|(3), +\&\fIEVP_PKEY_verify\fR\|(3), +\&\fIEVP_PKEY_verify_recover\fR\|(3), +\&\fIEVP_PKEY_derive\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_PKEY_size.3 b/linux_amd64/share/man/man3/EVP_PKEY_size.3 new file mode 100755 index 0000000..ac6812e --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_PKEY_size.3 @@ -0,0 +1,202 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_SIZE 3" +.TH EVP_PKEY_SIZE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_size, EVP_PKEY_bits, EVP_PKEY_security_bits +\&\- EVP_PKEY information functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_size(const EVP_PKEY *pkey); +\& int EVP_PKEY_bits(const EVP_PKEY *pkey); +\& int EVP_PKEY_security_bits(const EVP_PKEY *pkey); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIEVP_PKEY_size()\fR returns the maximum suitable size for the output +buffers for almost all operations that can be done with \fIpkey\fR. +The primary documented use is with \fIEVP_SignFinal\fR\|(3) and +\&\fIEVP_SealInit\fR\|(3), but it isn't limited there. The returned size is +also large enough for the output buffer of \fIEVP_PKEY_sign\fR\|(3), +\&\fIEVP_PKEY_encrypt\fR\|(3), \fIEVP_PKEY_decrypt\fR\|(3), \fIEVP_PKEY_derive\fR\|(3). +.PP +It must be stressed that, unless the documentation for the operation +that's being performed says otherwise, the size returned by +\&\fIEVP_PKEY_size()\fR is only preliminary and not exact, so the final +contents of the target buffer may be smaller. It is therefore crucial +to take note of the size given back by the function that performs the +operation, such as \fIEVP_PKEY_sign\fR\|(3) (the \fIsiglen\fR argument will +receive that length), to avoid bugs. +.PP +\&\fIEVP_PKEY_bits()\fR returns the cryptographic length of the cryptosystem +to which the key in \fIpkey\fR belongs, in bits. Note that the definition +of cryptographic length is specific to the key cryptosystem. +.PP +\&\fIEVP_PKEY_security_bits()\fR returns the number of security bits of the given +\&\fIpkey\fR, bits of security is defined in \s-1NIST\s0 \s-1SP800\-57\s0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_PKEY_size()\fR, \fIEVP_PKEY_bits()\fR and \fIEVP_PKEY_security_bits()\fR return a +positive number, or 0 if this size isn't available. +.SH "NOTES" +.IX Header "NOTES" +Most functions that have an output buffer and are mentioned with +\&\fIEVP_PKEY_size()\fR have a functionality where you can pass \s-1NULL\s0 for the +buffer and still pass a pointer to an integer and get the exact size +that this function call delivers in the context that it's called in. +This allows those functions to be called twice, once to find out the +exact buffer size, then allocate the buffer in between, and call that +function again actually output the data. For those functions, it +isn't strictly necessary to call \fIEVP_PKEY_size()\fR to find out the +buffer size, but may be useful in cases where it's desirable to know +the upper limit in advance. +.PP +It should also be especially noted that \fIEVP_PKEY_size()\fR shouldn't be +used to get the output size for \fIEVP_DigestSignFinal()\fR, according to +\&\*(L"\s-1NOTES\s0\*(R" in \fIEVP_DigestSignFinal\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_SignFinal\fR\|(3), +\&\fIEVP_SealInit\fR\|(3), +\&\fIEVP_PKEY_sign\fR\|(3), +\&\fIEVP_PKEY_encrypt\fR\|(3), +\&\fIEVP_PKEY_decrypt\fR\|(3), +\&\fIEVP_PKEY_derive\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_PKEY_supports_digest_nid.3 b/linux_amd64/share/man/man3/EVP_PKEY_supports_digest_nid.3 new file mode 100755 index 0000000..8e1ee2c --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_PKEY_supports_digest_nid.3 @@ -0,0 +1,174 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_SUPPORTS_DIGEST_NID 3" +.TH EVP_PKEY_SUPPORTS_DIGEST_NID 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_supports_digest_nid \- indicate support for signature digest +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& #include +\& int EVP_PKEY_supports_digest_nid(EVP_PKEY *pkey, int nid); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fIEVP_PKEY_supports_digest_nid()\fR function queries whether the message digest +\&\s-1NID\s0 \fBnid\fR is supported for public key signature operations associated with key +\&\fBpkey\fR. +.SH "NOTES" +.IX Header "NOTES" +If the \s-1EVP_PKEY\s0 implementation does not explicitly support this method, but +\&\fIEVP_PKEY_get_default_digest_nid\fR\|(3) returns a mandatory digest result, then +only that mandatory digest will be supported. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The \fIEVP_PKEY_supports_digest_nid()\fR function returns 1 if the message digest +algorithm identified by \fBnid\fR can be used for public key signature operations +associated with key \fBpkey\fR and 0 if it cannot be used. It returns a negative +value for failure. In particular a return value of \-2 indicates the query +operation is not supported by the public key algorithm. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_PKEY_CTX_new\fR\|(3), +\&\fIEVP_PKEY_get_default_digest_nid\fR\|(3), +\&\fIEVP_PKEY_sign\fR\|(3), +\&\fIEVP_PKEY_verify\fR\|(3), +\&\fIEVP_PKEY_verify_recover\fR\|(3), +.SH "HISTORY" +.IX Header "HISTORY" +The \fIEVP_PKEY_supports_digest_nid()\fR function was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_PKEY_verify.3 b/linux_amd64/share/man/man3/EVP_PKEY_verify.3 new file mode 100755 index 0000000..bcca611 --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_PKEY_verify.3 @@ -0,0 +1,229 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_VERIFY 3" +.TH EVP_PKEY_VERIFY 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_verify_init, EVP_PKEY_verify +\&\- signature verification using a public key algorithm +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_verify(EVP_PKEY_CTX *ctx, +\& const unsigned char *sig, size_t siglen, +\& const unsigned char *tbs, size_t tbslen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIEVP_PKEY_verify_init()\fR initializes a public key algorithm context \fIctx\fR for +signing using the algorithm given when the context was created +using \fIEVP_PKEY_CTX_new\fR\|(3) or variants thereof. The algorithm is used to +fetch a \fB\s-1EVP_SIGNATURE\s0\fR method implicitly, see \*(L"Implicit fetch\*(R" in \fIprovider\fR\|(7) +for more information about implict fetches. +.PP +The \fIEVP_PKEY_verify()\fR function performs a public key verification operation +using \fIctx\fR. The signature is specified using the \fIsig\fR and +\&\fIsiglen\fR parameters. The verified data (i.e. the data believed originally +signed) is specified using the \fItbs\fR and \fItbslen\fR parameters. +.SH "NOTES" +.IX Header "NOTES" +After the call to \fIEVP_PKEY_verify_init()\fR algorithm specific control +operations can be performed to set any appropriate parameters for the +operation. +.PP +The function \fIEVP_PKEY_verify()\fR can be called more than once on the same +context if several operations are performed using the same parameters. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_PKEY_verify_init()\fR and \fIEVP_PKEY_verify()\fR return 1 if the verification was +successful and 0 if it failed. Unlike other functions the return value 0 from +\&\fIEVP_PKEY_verify()\fR only indicates that the signature did not verify +successfully (that is tbs did not match the original data or the signature was +of invalid form) it is not an indication of a more serious error. +.PP +A negative value indicates an error other that signature verification failure. +In particular a return value of \-2 indicates the operation is not supported by +the public key algorithm. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Verify signature using PKCS#1 and \s-1SHA256\s0 digest: +.PP +.Vb 2 +\& #include +\& #include +\& +\& EVP_PKEY_CTX *ctx; +\& unsigned char *md, *sig; +\& size_t mdlen, siglen; +\& EVP_PKEY *verify_key; +\& +\& /* +\& * NB: assumes verify_key, sig, siglen md and mdlen are already set up +\& * and that verify_key is an RSA public key +\& */ +\& ctx = EVP_PKEY_CTX_new(verify_key, NULL /* no engine */); +\& if (!ctx) +\& /* Error occurred */ +\& if (EVP_PKEY_verify_init(ctx) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0) +\& /* Error */ +\& +\& /* Perform operation */ +\& ret = EVP_PKEY_verify(ctx, sig, siglen, md, mdlen); +\& +\& /* +\& * ret == 1 indicates success, 0 verify failure and < 0 for some +\& * other error. +\& */ +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_PKEY_CTX_new\fR\|(3), +\&\fIEVP_PKEY_encrypt\fR\|(3), +\&\fIEVP_PKEY_decrypt\fR\|(3), +\&\fIEVP_PKEY_sign\fR\|(3), +\&\fIEVP_PKEY_verify_recover\fR\|(3), +\&\fIEVP_PKEY_derive\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_PKEY_verify_recover.3 b/linux_amd64/share/man/man3/EVP_PKEY_verify_recover.3 new file mode 100755 index 0000000..30395f6 --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_PKEY_verify_recover.3 @@ -0,0 +1,240 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_VERIFY_RECOVER 3" +.TH EVP_PKEY_VERIFY_RECOVER 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_verify_recover_init, EVP_PKEY_verify_recover +\&\- recover signature using a public key algorithm +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx, +\& unsigned char *rout, size_t *routlen, +\& const unsigned char *sig, size_t siglen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIEVP_PKEY_verify_recover_init()\fR initializes a public key algorithm context +\&\fIctx\fR for signing using the algorithm given when the context was created +using \fIEVP_PKEY_CTX_new\fR\|(3) or variants thereof. The algorithm is used to +fetch a \fB\s-1EVP_SIGNATURE\s0\fR method implicitly, see \*(L"Implicit fetch\*(R" in \fIprovider\fR\|(7) +for more information about implict fetches. +.PP +The \fIEVP_PKEY_verify_recover()\fR function recovers signed data +using \fIctx\fR. The signature is specified using the \fIsig\fR and +\&\fIsiglen\fR parameters. If \fIrout\fR is \s-1NULL\s0 then the maximum size of the output +buffer is written to the \fIroutlen\fR parameter. If \fIrout\fR is not \s-1NULL\s0 then +before the call the \fIroutlen\fR parameter should contain the length of the +\&\fIrout\fR buffer, if the call is successful recovered data is written to +\&\fIrout\fR and the amount of data written to \fIroutlen\fR. +.SH "NOTES" +.IX Header "NOTES" +Normally an application is only interested in whether a signature verification +operation is successful in those cases the \fIEVP_verify()\fR function should be +used. +.PP +Sometimes however it is useful to obtain the data originally signed using a +signing operation. Only certain public key algorithms can recover a signature +in this way (for example \s-1RSA\s0 in \s-1PKCS\s0 padding mode). +.PP +After the call to \fIEVP_PKEY_verify_recover_init()\fR algorithm specific control +operations can be performed to set any appropriate parameters for the +operation. +.PP +The function \fIEVP_PKEY_verify_recover()\fR can be called more than once on the same +context if several operations are performed using the same parameters. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_PKEY_verify_recover_init()\fR and \fIEVP_PKEY_verify_recover()\fR return 1 for success +and 0 or a negative value for failure. In particular a return value of \-2 +indicates the operation is not supported by the public key algorithm. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Recover digest originally signed using PKCS#1 and \s-1SHA256\s0 digest: +.PP +.Vb 2 +\& #include +\& #include +\& +\& EVP_PKEY_CTX *ctx; +\& unsigned char *rout, *sig; +\& size_t routlen, siglen; +\& EVP_PKEY *verify_key; +\& +\& /* +\& * NB: assumes verify_key, sig and siglen are already set up +\& * and that verify_key is an RSA public key +\& */ +\& ctx = EVP_PKEY_CTX_new(verify_key, NULL /* no engine */); +\& if (!ctx) +\& /* Error occurred */ +\& if (EVP_PKEY_verify_recover_init(ctx) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0) +\& /* Error */ +\& +\& /* Determine buffer length */ +\& if (EVP_PKEY_verify_recover(ctx, NULL, &routlen, sig, siglen) <= 0) +\& /* Error */ +\& +\& rout = OPENSSL_malloc(routlen); +\& +\& if (!rout) +\& /* malloc failure */ +\& +\& if (EVP_PKEY_verify_recover(ctx, rout, &routlen, sig, siglen) <= 0) +\& /* Error */ +\& +\& /* Recovered data is routlen bytes written to buffer rout */ +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_PKEY_CTX_new\fR\|(3), +\&\fIEVP_PKEY_encrypt\fR\|(3), +\&\fIEVP_PKEY_decrypt\fR\|(3), +\&\fIEVP_PKEY_sign\fR\|(3), +\&\fIEVP_PKEY_verify\fR\|(3), +\&\fIEVP_PKEY_derive\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2013\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_SIGNATURE_free.3 b/linux_amd64/share/man/man3/EVP_SIGNATURE_free.3 new file mode 100755 index 0000000..31f8af7 --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_SIGNATURE_free.3 @@ -0,0 +1,210 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_SIGNATURE_FREE 3" +.TH EVP_SIGNATURE_FREE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_SIGNATURE_fetch, EVP_SIGNATURE_free, EVP_SIGNATURE_up_ref, +EVP_SIGNATURE_number, EVP_SIGNATURE_is_a, EVP_SIGNATURE_provider, +EVP_SIGNATURE_do_all_provided, EVP_SIGNATURE_names_do_all +\&\- Functions to manage EVP_SIGNATURE algorithm objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EVP_SIGNATURE *EVP_SIGNATURE_fetch(OPENSSL_CTX *ctx, const char *algorithm, +\& const char *properties); +\& void EVP_SIGNATURE_free(EVP_SIGNATURE *signature); +\& int EVP_SIGNATURE_up_ref(EVP_SIGNATURE *signature); +\& int EVP_SIGNATURE_number(const EVP_SIGNATURE *signature); +\& int EVP_SIGNATURE_is_a(const EVP_SIGNATURE *signature, const char *name); +\& OSSL_PROVIDER *EVP_SIGNATURE_provider(const EVP_SIGNATURE *signature); +\& void EVP_SIGNATURE_do_all_provided(OPENSSL_CTX *libctx, +\& void (*fn)(EVP_SIGNATURE *signature, +\& void *arg), +\& void *arg); +\& void EVP_SIGNATURE_names_do_all(const EVP_SIGNATURE *signature, +\& void (*fn)(const char *name, void *data), +\& void *data); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIEVP_SIGNATURE_fetch()\fR fetches the implementation for the given +\&\fBalgorithm\fR from any provider offering it, within the criteria given +by the \fBproperties\fR. +The algorithm will be one offering functions for performing signature related +tasks such as signing and verifying. +See \*(L"Fetching algorithms\*(R" in \fIprovider\fR\|(7) for further information. +.PP +The returned value must eventually be freed with \fIEVP_SIGNATURE_free()\fR. +.PP +\&\fIEVP_SIGNATURE_free()\fR decrements the reference count for the \fB\s-1EVP_SIGNATURE\s0\fR +structure. Typically this structure will have been obtained from an earlier call +to \fIEVP_SIGNATURE_fetch()\fR. If the reference count drops to 0 then the +structure is freed. +.PP +\&\fIEVP_SIGNATURE_up_ref()\fR increments the reference count for an \fB\s-1EVP_SIGNATURE\s0\fR +structure. +.PP +\&\fIEVP_SIGNATURE_is_a()\fR returns 1 if \fIsignature\fR is an implementation of an +algorithm that's identifiable with \fIname\fR, otherwise 0. +.PP +\&\fIEVP_SIGNATURE_provider()\fR returns the provider that \fIsignature\fR was fetched from. +.PP +\&\fIEVP_SIGNATURE_do_all_provided()\fR traverses all \s-1SIGNATURE\s0 implemented by all +activated roviders in the given library context \fIlibctx\fR, and for each of the +implementations, calls the given function \fIfn\fR with the implementation method +and the given \fIarg\fR as argument. +.PP +\&\fIEVP_SIGNATURE_number()\fR returns the internal dynamic number assigned to +\&\fIsignature\fR. +.PP +\&\fIEVP_SIGNATURE_names_do_all()\fR traverses all names for \fIsignature\fR, and calls +\&\fIfn\fR with each name and \fIdata\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_SIGNATURE_fetch()\fR returns a pointer to an \fB\s-1EVP_SIGNATURE\s0\fR for success +or \fB\s-1NULL\s0\fR for failure. +.PP +\&\fIEVP_SIGNATURE_up_ref()\fR returns 1 for success or 0 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\*(L"Fetching algorithms\*(R" in \fIprovider\fR\|(7), \s-1\fIOSSL_PROVIDER\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_SealInit.3 b/linux_amd64/share/man/man3/EVP_SealInit.3 new file mode 100755 index 0000000..99d4baf --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_SealInit.3 @@ -0,0 +1,214 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_SEALINIT 3" +.TH EVP_SEALINIT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_SealInit, EVP_SealUpdate, EVP_SealFinal \- EVP envelope encryption +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, +\& unsigned char **ek, int *ekl, unsigned char *iv, +\& EVP_PKEY **pubk, int npubk); +\& int EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, +\& int *outl, unsigned char *in, int inl); +\& int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP\s0 envelope routines are a high level interface to envelope +encryption. They generate a random key and \s-1IV\s0 (if required) then +\&\*(L"envelope\*(R" it by using public key encryption. Data can then be +encrypted using this key. +.PP +\&\fIEVP_SealInit()\fR initializes a cipher context \fBctx\fR for encryption +with cipher \fBtype\fR using a random secret key and \s-1IV\s0. \fBtype\fR is normally +supplied by a function such as \fIEVP_aes_256_cbc()\fR. The secret key is encrypted +using one or more public keys, this allows the same encrypted data to be +decrypted using any of the corresponding private keys. \fBek\fR is an array of +buffers where the public key encrypted secret key will be written, each buffer +must contain enough room for the corresponding encrypted key: that is +\&\fBek[i]\fR must have room for \fBEVP_PKEY_size(pubk[i])\fR bytes. The actual +size of each encrypted secret key is written to the array \fBekl\fR. \fBpubk\fR is +an array of \fBnpubk\fR public keys. +.PP +The \fBiv\fR parameter is a buffer where the generated \s-1IV\s0 is written to. It must +contain enough room for the corresponding cipher's \s-1IV\s0, as determined by (for +example) EVP_CIPHER_iv_length(type). +.PP +If the cipher does not require an \s-1IV\s0 then the \fBiv\fR parameter is ignored +and can be \fB\s-1NULL\s0\fR. +.PP +\&\fIEVP_SealUpdate()\fR and \fIEVP_SealFinal()\fR have exactly the same properties +as the \fIEVP_EncryptUpdate()\fR and \fIEVP_EncryptFinal()\fR routines, as +documented on the \fIEVP_EncryptInit\fR\|(3) manual +page. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_SealInit()\fR returns 0 on error or \fBnpubk\fR if successful. +.PP +\&\fIEVP_SealUpdate()\fR and \fIEVP_SealFinal()\fR return 1 for success and 0 for +failure. +.SH "NOTES" +.IX Header "NOTES" +Because a random secret key is generated the random number generator +must be seeded when \fIEVP_SealInit()\fR is called. +If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to +external circumstances (see \s-1\fIRAND\s0\fR\|(7)), the operation will fail. +.PP +The public key must be \s-1RSA\s0 because it is the only OpenSSL public key +algorithm that supports key transport. +.PP +Envelope encryption is the usual method of using public key encryption +on large amounts of data, this is because public key encryption is slow +but symmetric encryption is fast. So symmetric encryption is used for +bulk encryption and the small random symmetric key used is transferred +using public key encryption. +.PP +It is possible to call \fIEVP_SealInit()\fR twice in the same way as +\&\fIEVP_EncryptInit()\fR. The first call should have \fBnpubk\fR set to 0 +and (after setting any cipher parameters) it should be called again +with \fBtype\fR set to \s-1NULL\s0. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIevp\fR\|(7), \fIRAND_bytes\fR\|(3), +\&\fIEVP_EncryptInit\fR\|(3), +\&\fIEVP_OpenInit\fR\|(3), +\&\s-1\fIRAND\s0\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_SignInit.3 b/linux_amd64/share/man/man3/EVP_SignInit.3 new file mode 100755 index 0000000..6c428ff --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_SignInit.3 @@ -0,0 +1,220 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_SIGNINIT 3" +.TH EVP_SIGNINIT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_SignInit, EVP_SignInit_ex, EVP_SignUpdate, EVP_SignFinal +\&\- EVP signing functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_SignInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); +\& int EVP_SignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); +\& int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sig, unsigned int *s, EVP_PKEY *pkey); +\& +\& void EVP_SignInit(EVP_MD_CTX *ctx, const EVP_MD *type); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP\s0 signature routines are a high level interface to digital +signatures. +.PP +\&\fIEVP_SignInit_ex()\fR sets up signing context \fIctx\fR to use digest +\&\fItype\fR from \fB\s-1ENGINE\s0\fR \fIimpl\fR. \fIctx\fR must be created with +\&\fIEVP_MD_CTX_new()\fR before calling this function. +.PP +\&\fIEVP_SignUpdate()\fR hashes \fIcnt\fR bytes of data at \fId\fR into the +signature context \fIctx\fR. This function can be called several times on the +same \fIctx\fR to include additional data. +.PP +\&\fIEVP_SignFinal()\fR signs the data in \fIctx\fR using the private key \fIpkey\fR and +places the signature in \fIsig\fR. \fIsig\fR must be at least \f(CW\*(C`EVP_PKEY_size(pkey)\*(C'\fR +bytes in size. \fIs\fR is an \s-1OUT\s0 parameter, and not used as an \s-1IN\s0 parameter. +The number of bytes of data written (i.e. the length of the signature) +will be written to the integer at \fIs\fR, at most \f(CW\*(C`EVP_PKEY_size(pkey)\*(C'\fR bytes +will be written. +.PP +\&\fIEVP_SignInit()\fR initializes a signing context \fIctx\fR to use the default +implementation of digest \fItype\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_SignInit_ex()\fR, \fIEVP_SignUpdate()\fR and \fIEVP_SignFinal()\fR return 1 +for success and 0 for failure. +.PP +The error codes can be obtained by \fIERR_get_error\fR\|(3). +.SH "NOTES" +.IX Header "NOTES" +The \fB\s-1EVP\s0\fR interface to digital signatures should almost always be used in +preference to the low level interfaces. This is because the code then becomes +transparent to the algorithm used and much more flexible. +.PP +When signing with \s-1DSA\s0 private keys the random number generator must be seeded. +If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to +external circumstances (see \s-1\fIRAND\s0\fR\|(7)), the operation will fail. +This requirement does not hold for \s-1RSA\s0 signatures. +.PP +The call to \fIEVP_SignFinal()\fR internally finalizes a copy of the digest context. +This means that calls to \fIEVP_SignUpdate()\fR and \fIEVP_SignFinal()\fR can be called +later to digest and sign additional data. +.PP +Since only a copy of the digest context is ever finalized the context must +be cleaned up after use by calling \fIEVP_MD_CTX_free()\fR or a memory leak +will occur. +.SH "BUGS" +.IX Header "BUGS" +Older versions of this documentation wrongly stated that calls to +\&\fIEVP_SignUpdate()\fR could not be made after calling \fIEVP_SignFinal()\fR. +.PP +Since the private key is passed in the call to \fIEVP_SignFinal()\fR any error +relating to the private key (for example an unsuitable key and digest +combination) will not be indicated until after potentially large amounts of +data have been passed through \fIEVP_SignUpdate()\fR. +.PP +It is not possible to change the signing parameters using these function. +.PP +The previous two bugs are fixed in the newer EVP_SignDigest*() function. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_PKEY_size\fR\|(3), \fIEVP_PKEY_bits\fR\|(3), \fIEVP_PKEY_security_bits\fR\|(3), +\&\fIEVP_VerifyInit\fR\|(3), +\&\fIEVP_DigestInit\fR\|(3), +\&\fIevp\fR\|(7), \s-1\fIHMAC\s0\fR\|(3), \s-1\fIMD2\s0\fR\|(3), +\&\s-1\fIMD5\s0\fR\|(3), \s-1\fIMDC2\s0\fR\|(3), \s-1\fIRIPEMD160\s0\fR\|(3), +\&\s-1\fISHA1\s0\fR\|(3), \fIopenssl\-dgst\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_VerifyInit.3 b/linux_amd64/share/man/man3/EVP_VerifyInit.3 new file mode 100755 index 0000000..3f67c0e --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_VerifyInit.3 @@ -0,0 +1,216 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_VERIFYINIT 3" +.TH EVP_VERIFYINIT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_VerifyInit_ex, +EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal +\&\- EVP signature verification functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_VerifyInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); +\& int EVP_VerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); +\& int EVP_VerifyFinal(EVP_MD_CTX *ctx, unsigned char *sigbuf, unsigned int siglen, +\& EVP_PKEY *pkey); +\& +\& int EVP_VerifyInit(EVP_MD_CTX *ctx, const EVP_MD *type); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP\s0 signature verification routines are a high level interface to digital +signatures. +.PP +\&\fIEVP_VerifyInit_ex()\fR sets up verification context \fBctx\fR to use digest +\&\fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be created by calling +\&\fIEVP_MD_CTX_new()\fR before calling this function. +.PP +\&\fIEVP_VerifyUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the +verification context \fBctx\fR. This function can be called several times on the +same \fBctx\fR to include additional data. +.PP +\&\fIEVP_VerifyFinal()\fR verifies the data in \fBctx\fR using the public key \fBpkey\fR +and against the \fBsiglen\fR bytes at \fBsigbuf\fR. +.PP +\&\fIEVP_VerifyInit()\fR initializes verification context \fBctx\fR to use the default +implementation of digest \fBtype\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_VerifyInit_ex()\fR and \fIEVP_VerifyUpdate()\fR return 1 for success and 0 for +failure. +.PP +\&\fIEVP_VerifyFinal()\fR returns 1 for a correct signature, 0 for failure and \-1 if some +other error occurred. +.PP +The error codes can be obtained by \fIERR_get_error\fR\|(3). +.SH "NOTES" +.IX Header "NOTES" +The \fB\s-1EVP\s0\fR interface to digital signatures should almost always be used in +preference to the low level interfaces. This is because the code then becomes +transparent to the algorithm used and much more flexible. +.PP +The call to \fIEVP_VerifyFinal()\fR internally finalizes a copy of the digest context. +This means that calls to \fIEVP_VerifyUpdate()\fR and \fIEVP_VerifyFinal()\fR can be called +later to digest and verify additional data. +.PP +Since only a copy of the digest context is ever finalized the context must +be cleaned up after use by calling \fIEVP_MD_CTX_free()\fR or a memory leak +will occur. +.SH "BUGS" +.IX Header "BUGS" +Older versions of this documentation wrongly stated that calls to +\&\fIEVP_VerifyUpdate()\fR could not be made after calling \fIEVP_VerifyFinal()\fR. +.PP +Since the public key is passed in the call to \fIEVP_SignFinal()\fR any error +relating to the private key (for example an unsuitable key and digest +combination) will not be indicated until after potentially large amounts of +data have been passed through \fIEVP_SignUpdate()\fR. +.PP +It is not possible to change the signing parameters using these function. +.PP +The previous two bugs are fixed in the newer EVP_DigestVerify*() function. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIevp\fR\|(7), +\&\fIEVP_SignInit\fR\|(3), +\&\fIEVP_DigestInit\fR\|(3), +\&\fIevp\fR\|(7), \s-1\fIHMAC\s0\fR\|(3), \s-1\fIMD2\s0\fR\|(3), +\&\s-1\fIMD5\s0\fR\|(3), \s-1\fIMDC2\s0\fR\|(3), \s-1\fIRIPEMD160\s0\fR\|(3), +\&\s-1\fISHA1\s0\fR\|(3), \fIopenssl\-dgst\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_aes_128_gcm.3 b/linux_amd64/share/man/man3/EVP_aes_128_gcm.3 new file mode 100755 index 0000000..5eedb2c --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_aes_128_gcm.3 @@ -0,0 +1,252 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_AES_128_GCM 3" +.TH EVP_AES_128_GCM 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_aes_128_cbc, +EVP_aes_192_cbc, +EVP_aes_256_cbc, +EVP_aes_128_cfb, +EVP_aes_192_cfb, +EVP_aes_256_cfb, +EVP_aes_128_cfb1, +EVP_aes_192_cfb1, +EVP_aes_256_cfb1, +EVP_aes_128_cfb8, +EVP_aes_192_cfb8, +EVP_aes_256_cfb8, +EVP_aes_128_cfb128, +EVP_aes_192_cfb128, +EVP_aes_256_cfb128, +EVP_aes_128_ctr, +EVP_aes_192_ctr, +EVP_aes_256_ctr, +EVP_aes_128_ecb, +EVP_aes_192_ecb, +EVP_aes_256_ecb, +EVP_aes_128_ofb, +EVP_aes_192_ofb, +EVP_aes_256_ofb, +EVP_aes_128_cbc_hmac_sha1, +EVP_aes_256_cbc_hmac_sha1, +EVP_aes_128_cbc_hmac_sha256, +EVP_aes_256_cbc_hmac_sha256, +EVP_aes_128_ccm, +EVP_aes_192_ccm, +EVP_aes_256_ccm, +EVP_aes_128_gcm, +EVP_aes_192_gcm, +EVP_aes_256_gcm, +EVP_aes_128_ocb, +EVP_aes_192_ocb, +EVP_aes_256_ocb, +EVP_aes_128_wrap, +EVP_aes_192_wrap, +EVP_aes_256_wrap, +EVP_aes_128_wrap_pad, +EVP_aes_192_wrap_pad, +EVP_aes_256_wrap_pad, +EVP_aes_128_xts, +EVP_aes_256_xts +\&\- EVP AES cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_ciphername(void) +.Ve +.PP +\&\fIEVP_ciphername\fR is used a placeholder for any of the described cipher +functions, such as \fIEVP_aes_128_cbc\fR. +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1AES\s0 encryption algorithm for \s-1EVP\s0. +.IP "\fIEVP_aes_128_cbc()\fR, \fIEVP_aes_192_cbc()\fR, \fIEVP_aes_256_cbc()\fR, \fIEVP_aes_128_cfb()\fR, \fIEVP_aes_192_cfb()\fR, \fIEVP_aes_256_cfb()\fR, \fIEVP_aes_128_cfb1()\fR, \fIEVP_aes_192_cfb1()\fR, \fIEVP_aes_256_cfb1()\fR, \fIEVP_aes_128_cfb8()\fR, \fIEVP_aes_192_cfb8()\fR, \fIEVP_aes_256_cfb8()\fR, \fIEVP_aes_128_cfb128()\fR, \fIEVP_aes_192_cfb128()\fR, \fIEVP_aes_256_cfb128()\fR, \fIEVP_aes_128_ctr()\fR, \fIEVP_aes_192_ctr()\fR, \fIEVP_aes_256_ctr()\fR, \fIEVP_aes_128_ecb()\fR, \fIEVP_aes_192_ecb()\fR, \fIEVP_aes_256_ecb()\fR, \fIEVP_aes_128_ofb()\fR, \fIEVP_aes_192_ofb()\fR, \fIEVP_aes_256_ofb()\fR" 4 +.IX Item "EVP_aes_128_cbc(), EVP_aes_192_cbc(), EVP_aes_256_cbc(), EVP_aes_128_cfb(), EVP_aes_192_cfb(), EVP_aes_256_cfb(), EVP_aes_128_cfb1(), EVP_aes_192_cfb1(), EVP_aes_256_cfb1(), EVP_aes_128_cfb8(), EVP_aes_192_cfb8(), EVP_aes_256_cfb8(), EVP_aes_128_cfb128(), EVP_aes_192_cfb128(), EVP_aes_256_cfb128(), EVP_aes_128_ctr(), EVP_aes_192_ctr(), EVP_aes_256_ctr(), EVP_aes_128_ecb(), EVP_aes_192_ecb(), EVP_aes_256_ecb(), EVP_aes_128_ofb(), EVP_aes_192_ofb(), EVP_aes_256_ofb()" +\&\s-1AES\s0 for 128, 192 and 256 bit keys in the following modes: \s-1CBC\s0, \s-1CFB\s0 with 128\-bit +shift, \s-1CFB\s0 with 1\-bit shift, \s-1CFB\s0 with 8\-bit shift, \s-1CTR\s0, \s-1ECB\s0, and \s-1OFB\s0. +.IP "\fIEVP_aes_128_cbc_hmac_sha1()\fR, \fIEVP_aes_256_cbc_hmac_sha1()\fR" 4 +.IX Item "EVP_aes_128_cbc_hmac_sha1(), EVP_aes_256_cbc_hmac_sha1()" +Authenticated encryption with \s-1AES\s0 in \s-1CBC\s0 mode using \s-1SHA\-1\s0 as \s-1HMAC\s0, with keys of +128 and 256 bits length respectively. The authentication tag is 160 bits long. +.Sp +\&\s-1WARNING:\s0 this is not intended for usage outside of \s-1TLS\s0 and requires calling of +some undocumented ctrl functions. These ciphers do not conform to the \s-1EVP\s0 \s-1AEAD\s0 +interface. +.IP "\fIEVP_aes_128_cbc_hmac_sha256()\fR, \fIEVP_aes_256_cbc_hmac_sha256()\fR" 4 +.IX Item "EVP_aes_128_cbc_hmac_sha256(), EVP_aes_256_cbc_hmac_sha256()" +Authenticated encryption with \s-1AES\s0 in \s-1CBC\s0 mode using \s-1SHA256\s0 (\s-1SHA\-2\s0, 256\-bits) as +\&\s-1HMAC\s0, with keys of 128 and 256 bits length respectively. The authentication tag +is 256 bits long. +.Sp +\&\s-1WARNING:\s0 this is not intended for usage outside of \s-1TLS\s0 and requires calling of +some undocumented ctrl functions. These ciphers do not conform to the \s-1EVP\s0 \s-1AEAD\s0 +interface. +.IP "\fIEVP_aes_128_ccm()\fR, \fIEVP_aes_192_ccm()\fR, \fIEVP_aes_256_ccm()\fR, \fIEVP_aes_128_gcm()\fR, \fIEVP_aes_192_gcm()\fR, \fIEVP_aes_256_gcm()\fR, \fIEVP_aes_128_ocb()\fR, \fIEVP_aes_192_ocb()\fR, \fIEVP_aes_256_ocb()\fR" 4 +.IX Item "EVP_aes_128_ccm(), EVP_aes_192_ccm(), EVP_aes_256_ccm(), EVP_aes_128_gcm(), EVP_aes_192_gcm(), EVP_aes_256_gcm(), EVP_aes_128_ocb(), EVP_aes_192_ocb(), EVP_aes_256_ocb()" +\&\s-1AES\s0 for 128, 192 and 256 bit keys in CBC-MAC Mode (\s-1CCM\s0), Galois Counter Mode +(\s-1GCM\s0) and \s-1OCB\s0 Mode respectively. These ciphers require additional control +operations to function correctly, see the \*(L"\s-1AEAD\s0 Interface\*(R" in \fIEVP_EncryptInit\fR\|(3) +section for details. +.IP "\fIEVP_aes_128_wrap()\fR, \fIEVP_aes_192_wrap()\fR, \fIEVP_aes_256_wrap()\fR, \fIEVP_aes_128_wrap_pad()\fR, \fIEVP_aes_128_wrap()\fR, \fIEVP_aes_192_wrap()\fR, \fIEVP_aes_256_wrap()\fR, \fIEVP_aes_192_wrap_pad()\fR, \fIEVP_aes_128_wrap()\fR, \fIEVP_aes_192_wrap()\fR, \fIEVP_aes_256_wrap()\fR, \fIEVP_aes_256_wrap_pad()\fR" 4 +.IX Item "EVP_aes_128_wrap(), EVP_aes_192_wrap(), EVP_aes_256_wrap(), EVP_aes_128_wrap_pad(), EVP_aes_128_wrap(), EVP_aes_192_wrap(), EVP_aes_256_wrap(), EVP_aes_192_wrap_pad(), EVP_aes_128_wrap(), EVP_aes_192_wrap(), EVP_aes_256_wrap(), EVP_aes_256_wrap_pad()" +\&\s-1AES\s0 key wrap with 128, 192 and 256 bit keys, as according to \s-1RFC\s0 3394 section +2.2.1 (\*(L"wrap\*(R") and \s-1RFC\s0 5649 section 4.1 (\*(L"wrap with padding\*(R") respectively. +.IP "\fIEVP_aes_128_xts()\fR, \fIEVP_aes_256_xts()\fR" 4 +.IX Item "EVP_aes_128_xts(), EVP_aes_256_xts()" +\&\s-1AES\s0 \s-1XTS\s0 mode (XTS-AES) is standardized in \s-1IEEE\s0 Std. 1619\-2007 and described in \s-1NIST\s0 +\&\s-1SP\s0 800\-38E. The \s-1XTS\s0 (XEX-based tweaked-codebook mode with ciphertext stealing) +mode was designed by Prof. Phillip Rogaway of University of California, Davis, +intended for encrypting data on a storage device. +.Sp +XTS-AES provides confidentiality but not authentication of data. It also +requires a key of double-length for protection of a certain key size. +In particular, \s-1XTS\-AES\-128\s0 (\fBEVP_aes_128_xts\fR) takes input of a 256\-bit key to +achieve \s-1AES\s0 128\-bit security, and \s-1XTS\-AES\-256\s0 (\fBEVP_aes_256_xts\fR) takes input +of a 512\-bit key to achieve \s-1AES\s0 256\-bit security. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fIEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIevp\fR\|(7), +\&\fIEVP_EncryptInit\fR\|(3), +\&\fIEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_aria_128_gcm.3 b/linux_amd64/share/man/man3/EVP_aria_128_gcm.3 new file mode 100755 index 0000000..7ab93a0 --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_aria_128_gcm.3 @@ -0,0 +1,203 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_ARIA_128_GCM 3" +.TH EVP_ARIA_128_GCM 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_aria_128_cbc, +EVP_aria_192_cbc, +EVP_aria_256_cbc, +EVP_aria_128_cfb, +EVP_aria_192_cfb, +EVP_aria_256_cfb, +EVP_aria_128_cfb1, +EVP_aria_192_cfb1, +EVP_aria_256_cfb1, +EVP_aria_128_cfb8, +EVP_aria_192_cfb8, +EVP_aria_256_cfb8, +EVP_aria_128_cfb128, +EVP_aria_192_cfb128, +EVP_aria_256_cfb128, +EVP_aria_128_ctr, +EVP_aria_192_ctr, +EVP_aria_256_ctr, +EVP_aria_128_ecb, +EVP_aria_192_ecb, +EVP_aria_256_ecb, +EVP_aria_128_ofb, +EVP_aria_192_ofb, +EVP_aria_256_ofb, +EVP_aria_128_ccm, +EVP_aria_192_ccm, +EVP_aria_256_ccm, +EVP_aria_128_gcm, +EVP_aria_192_gcm, +EVP_aria_256_gcm, +\&\- EVP ARIA cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_ciphername(void) +.Ve +.PP +\&\fIEVP_ciphername\fR is used a placeholder for any of the described cipher +functions, such as \fIEVP_aria_128_cbc\fR. +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1ARIA\s0 encryption algorithm for \s-1EVP\s0. +.IP "\fIEVP_aria_128_cbc()\fR, \fIEVP_aria_192_cbc()\fR, \fIEVP_aria_256_cbc()\fR, \fIEVP_aria_128_cfb()\fR, \fIEVP_aria_192_cfb()\fR, \fIEVP_aria_256_cfb()\fR, \fIEVP_aria_128_cfb1()\fR, \fIEVP_aria_192_cfb1()\fR, \fIEVP_aria_256_cfb1()\fR, \fIEVP_aria_128_cfb8()\fR, \fIEVP_aria_192_cfb8()\fR, \fIEVP_aria_256_cfb8()\fR, \fIEVP_aria_128_cfb128()\fR, \fIEVP_aria_192_cfb128()\fR, \fIEVP_aria_256_cfb128()\fR, \fIEVP_aria_128_ctr()\fR, \fIEVP_aria_192_ctr()\fR, \fIEVP_aria_256_ctr()\fR, \fIEVP_aria_128_ecb()\fR, \fIEVP_aria_192_ecb()\fR, \fIEVP_aria_256_ecb()\fR, \fIEVP_aria_128_ofb()\fR, \fIEVP_aria_192_ofb()\fR, \fIEVP_aria_256_ofb()\fR" 4 +.IX Item "EVP_aria_128_cbc(), EVP_aria_192_cbc(), EVP_aria_256_cbc(), EVP_aria_128_cfb(), EVP_aria_192_cfb(), EVP_aria_256_cfb(), EVP_aria_128_cfb1(), EVP_aria_192_cfb1(), EVP_aria_256_cfb1(), EVP_aria_128_cfb8(), EVP_aria_192_cfb8(), EVP_aria_256_cfb8(), EVP_aria_128_cfb128(), EVP_aria_192_cfb128(), EVP_aria_256_cfb128(), EVP_aria_128_ctr(), EVP_aria_192_ctr(), EVP_aria_256_ctr(), EVP_aria_128_ecb(), EVP_aria_192_ecb(), EVP_aria_256_ecb(), EVP_aria_128_ofb(), EVP_aria_192_ofb(), EVP_aria_256_ofb()" +\&\s-1ARIA\s0 for 128, 192 and 256 bit keys in the following modes: \s-1CBC\s0, \s-1CFB\s0 with +128\-bit shift, \s-1CFB\s0 with 1\-bit shift, \s-1CFB\s0 with 8\-bit shift, \s-1CTR\s0, \s-1ECB\s0 and \s-1OFB\s0. +.IP "\fIEVP_aria_128_ccm()\fR, \fIEVP_aria_192_ccm()\fR, \fIEVP_aria_256_ccm()\fR, \fIEVP_aria_128_gcm()\fR, \fIEVP_aria_192_gcm()\fR, \fIEVP_aria_256_gcm()\fR," 4 +.IX Item "EVP_aria_128_ccm(), EVP_aria_192_ccm(), EVP_aria_256_ccm(), EVP_aria_128_gcm(), EVP_aria_192_gcm(), EVP_aria_256_gcm()," +\&\s-1ARIA\s0 for 128, 192 and 256 bit keys in CBC-MAC Mode (\s-1CCM\s0) and Galois Counter +Mode (\s-1GCM\s0). These ciphers require additional control operations to function +correctly, see the \*(L"\s-1AEAD\s0 Interface\*(R" in \fIEVP_EncryptInit\fR\|(3) section for details. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fIEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIevp\fR\|(7), +\&\fIEVP_EncryptInit\fR\|(3), +\&\fIEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_bf_cbc.3 b/linux_amd64/share/man/man3/EVP_bf_cbc.3 new file mode 100755 index 0000000..3638f26 --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_bf_cbc.3 @@ -0,0 +1,175 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_BF_CBC 3" +.TH EVP_BF_CBC 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_bf_cbc, +EVP_bf_cfb, +EVP_bf_cfb64, +EVP_bf_ecb, +EVP_bf_ofb +\&\- EVP Blowfish cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_bf_cbc(void) +\& const EVP_CIPHER *EVP_bf_cfb(void) +\& const EVP_CIPHER *EVP_bf_cfb64(void) +\& const EVP_CIPHER *EVP_bf_ecb(void) +\& const EVP_CIPHER *EVP_bf_ofb(void) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The Blowfish encryption algorithm for \s-1EVP\s0. +.PP +This is a variable key length cipher. +.IP "\fIEVP_bf_cbc()\fR, \fIEVP_bf_cfb()\fR, \fIEVP_bf_cfb64()\fR, \fIEVP_bf_ecb()\fR, \fIEVP_bf_ofb()\fR" 4 +.IX Item "EVP_bf_cbc(), EVP_bf_cfb(), EVP_bf_cfb64(), EVP_bf_ecb(), EVP_bf_ofb()" +Blowfish encryption algorithm in \s-1CBC\s0, \s-1CFB\s0, \s-1ECB\s0 and \s-1OFB\s0 modes respectively. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fIEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIevp\fR\|(7), +\&\fIEVP_EncryptInit\fR\|(3), +\&\fIEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_blake2b512.3 b/linux_amd64/share/man/man3/EVP_blake2b512.3 new file mode 100755 index 0000000..ce7a2d9 --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_blake2b512.3 @@ -0,0 +1,179 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_BLAKE2B512 3" +.TH EVP_BLAKE2B512 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_blake2b512, +EVP_blake2s256 +\&\- BLAKE2 For EVP +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_MD *EVP_blake2b512(void); +\& const EVP_MD *EVP_blake2s256(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1BLAKE2\s0 is an improved version of \s-1BLAKE\s0, which was submitted to the \s-1NIST\s0 \s-1SHA\-3\s0 +algorithm competition. The BLAKE2s and BLAKE2b algorithms are described in +\&\s-1RFC\s0 7693. +.IP "\fIEVP_blake2s256()\fR" 4 +.IX Item "EVP_blake2s256()" +The BLAKE2s algorithm that produces a 256\-bit output from a given input. +.IP "\fIEVP_blake2b512()\fR" 4 +.IX Item "EVP_blake2b512()" +The BLAKE2b algorithm that produces a 512\-bit output from a given input. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the +implementation of the symmetric cipher. See \fIEVP_MD_meth_new\fR\|(3) for +details of the \fB\s-1EVP_MD\s0\fR structure. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1RFC\s0 7693. +.SH "NOTES" +.IX Header "NOTES" +While the BLAKE2b and BLAKE2s algorithms supports a variable length digest, +this implementation outputs a digest of a fixed length (the maximum length +supported), which is 512\-bits for BLAKE2b and 256\-bits for BLAKE2s. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIevp\fR\|(7), +\&\fIEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_camellia_128_ecb.3 b/linux_amd64/share/man/man3/EVP_camellia_128_ecb.3 new file mode 100755 index 0000000..978a0ea --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_camellia_128_ecb.3 @@ -0,0 +1,192 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_CAMELLIA_128_ECB 3" +.TH EVP_CAMELLIA_128_ECB 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_camellia_128_cbc, +EVP_camellia_192_cbc, +EVP_camellia_256_cbc, +EVP_camellia_128_cfb, +EVP_camellia_192_cfb, +EVP_camellia_256_cfb, +EVP_camellia_128_cfb1, +EVP_camellia_192_cfb1, +EVP_camellia_256_cfb1, +EVP_camellia_128_cfb8, +EVP_camellia_192_cfb8, +EVP_camellia_256_cfb8, +EVP_camellia_128_cfb128, +EVP_camellia_192_cfb128, +EVP_camellia_256_cfb128, +EVP_camellia_128_ctr, +EVP_camellia_192_ctr, +EVP_camellia_256_ctr, +EVP_camellia_128_ecb, +EVP_camellia_192_ecb, +EVP_camellia_256_ecb, +EVP_camellia_128_ofb, +EVP_camellia_192_ofb, +EVP_camellia_256_ofb +\&\- EVP Camellia cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_ciphername(void) +.Ve +.PP +\&\fIEVP_ciphername\fR is used a placeholder for any of the described cipher +functions, such as \fIEVP_camellia_128_cbc\fR. +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The Camellia encryption algorithm for \s-1EVP\s0. +.IP "\fIEVP_camellia_128_cbc()\fR, \fIEVP_camellia_192_cbc()\fR, \fIEVP_camellia_256_cbc()\fR, \fIEVP_camellia_128_cfb()\fR, \fIEVP_camellia_192_cfb()\fR, \fIEVP_camellia_256_cfb()\fR, \fIEVP_camellia_128_cfb1()\fR, \fIEVP_camellia_192_cfb1()\fR, \fIEVP_camellia_256_cfb1()\fR, \fIEVP_camellia_128_cfb8()\fR, \fIEVP_camellia_192_cfb8()\fR, \fIEVP_camellia_256_cfb8()\fR, \fIEVP_camellia_128_cfb128()\fR, \fIEVP_camellia_192_cfb128()\fR, \fIEVP_camellia_256_cfb128()\fR, \fIEVP_camellia_128_ctr()\fR, \fIEVP_camellia_192_ctr()\fR, \fIEVP_camellia_256_ctr()\fR, \fIEVP_camellia_128_ecb()\fR, \fIEVP_camellia_192_ecb()\fR, \fIEVP_camellia_256_ecb()\fR, \fIEVP_camellia_128_ofb()\fR, \fIEVP_camellia_192_ofb()\fR, \fIEVP_camellia_256_ofb()\fR" 4 +.IX Item "EVP_camellia_128_cbc(), EVP_camellia_192_cbc(), EVP_camellia_256_cbc(), EVP_camellia_128_cfb(), EVP_camellia_192_cfb(), EVP_camellia_256_cfb(), EVP_camellia_128_cfb1(), EVP_camellia_192_cfb1(), EVP_camellia_256_cfb1(), EVP_camellia_128_cfb8(), EVP_camellia_192_cfb8(), EVP_camellia_256_cfb8(), EVP_camellia_128_cfb128(), EVP_camellia_192_cfb128(), EVP_camellia_256_cfb128(), EVP_camellia_128_ctr(), EVP_camellia_192_ctr(), EVP_camellia_256_ctr(), EVP_camellia_128_ecb(), EVP_camellia_192_ecb(), EVP_camellia_256_ecb(), EVP_camellia_128_ofb(), EVP_camellia_192_ofb(), EVP_camellia_256_ofb()" +Camellia for 128, 192 and 256 bit keys in the following modes: \s-1CBC\s0, \s-1CFB\s0 with +128\-bit shift, \s-1CFB\s0 with 1\-bit shift, \s-1CFB\s0 with 8\-bit shift, \s-1CTR\s0, \s-1ECB\s0 and \s-1OFB\s0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fIEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIevp\fR\|(7), +\&\fIEVP_EncryptInit\fR\|(3), +\&\fIEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_cast5_cbc.3 b/linux_amd64/share/man/man3/EVP_cast5_cbc.3 new file mode 100755 index 0000000..a70c0c2 --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_cast5_cbc.3 @@ -0,0 +1,175 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_CAST5_CBC 3" +.TH EVP_CAST5_CBC 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_cast5_cbc, +EVP_cast5_cfb, +EVP_cast5_cfb64, +EVP_cast5_ecb, +EVP_cast5_ofb +\&\- EVP CAST cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_cast5_cbc(void) +\& const EVP_CIPHER *EVP_cast5_cfb(void) +\& const EVP_CIPHER *EVP_cast5_cfb64(void) +\& const EVP_CIPHER *EVP_cast5_ecb(void) +\& const EVP_CIPHER *EVP_cast5_ofb(void) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1CAST\s0 encryption algorithm for \s-1EVP\s0. +.PP +This is a variable key length cipher. +.IP "\fIEVP_cast5_cbc()\fR, \fIEVP_cast5_ecb()\fR, \fIEVP_cast5_cfb()\fR, \fIEVP_cast5_cfb64()\fR, \fIEVP_cast5_ofb()\fR" 4 +.IX Item "EVP_cast5_cbc(), EVP_cast5_ecb(), EVP_cast5_cfb(), EVP_cast5_cfb64(), EVP_cast5_ofb()" +\&\s-1CAST\s0 encryption algorithm in \s-1CBC\s0, \s-1ECB\s0, \s-1CFB\s0 and \s-1OFB\s0 modes respectively. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fIEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIevp\fR\|(7), +\&\fIEVP_EncryptInit\fR\|(3), +\&\fIEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_chacha20.3 b/linux_amd64/share/man/man3/EVP_chacha20.3 new file mode 100755 index 0000000..0b122a9 --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_chacha20.3 @@ -0,0 +1,181 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_CHACHA20 3" +.TH EVP_CHACHA20 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_chacha20, +EVP_chacha20_poly1305 +\&\- EVP ChaCha20 stream cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_chacha20(void) +\& const EVP_CIPHER *EVP_chacha20_poly1305(void) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The ChaCha20 stream cipher for \s-1EVP\s0. +.IP "\fIEVP_chacha20()\fR" 4 +.IX Item "EVP_chacha20()" +The ChaCha20 stream cipher. The key length is 256 bits, the \s-1IV\s0 is 128 bits long. +The first 32 bits consists of a counter in little-endian order followed by a 96 +bit nonce. For example a nonce of: +.Sp +000000000000000000000002 +.Sp +With an initial counter of 42 (2a in hex) would be expressed as: +.Sp +2a000000000000000000000000000002 +.IP "\fIEVP_chacha20_poly1305()\fR" 4 +.IX Item "EVP_chacha20_poly1305()" +Authenticated encryption with ChaCha20\-Poly1305. Like \fIEVP_chacha20()\fR, the key +is 256 bits and the \s-1IV\s0 is 96 bits. This supports additional authenticated data +(\s-1AAD\s0) and produces a 128\-bit authentication tag. See the +\&\*(L"\s-1AEAD\s0 Interface\*(R" in \fIEVP_EncryptInit\fR\|(3) section for more information. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fIEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIevp\fR\|(7), +\&\fIEVP_EncryptInit\fR\|(3), +\&\fIEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_des_cbc.3 b/linux_amd64/share/man/man3/EVP_des_cbc.3 new file mode 100755 index 0000000..a8e7940 --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_des_cbc.3 @@ -0,0 +1,200 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_DES_CBC 3" +.TH EVP_DES_CBC 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_des_cbc, +EVP_des_cfb, +EVP_des_cfb1, +EVP_des_cfb8, +EVP_des_cfb64, +EVP_des_ecb, +EVP_des_ofb, +EVP_des_ede, +EVP_des_ede_cbc, +EVP_des_ede_cfb, +EVP_des_ede_cfb64, +EVP_des_ede_ecb, +EVP_des_ede_ofb, +EVP_des_ede3, +EVP_des_ede3_cbc, +EVP_des_ede3_cfb, +EVP_des_ede3_cfb1, +EVP_des_ede3_cfb8, +EVP_des_ede3_cfb64, +EVP_des_ede3_ecb, +EVP_des_ede3_ofb, +EVP_des_ede3_wrap +\&\- EVP DES cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_ciphername(void) +.Ve +.PP +\&\fIEVP_ciphername\fR is used a placeholder for any of the described cipher +functions, such as \fIEVP_des_cbc\fR. +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1DES\s0 encryption algorithm for \s-1EVP\s0. +.IP "\fIEVP_des_cbc()\fR, \fIEVP_des_ecb()\fR, \fIEVP_des_cfb()\fR, \fIEVP_des_cfb1()\fR, \fIEVP_des_cfb8()\fR, \fIEVP_des_cfb64()\fR, \fIEVP_des_ofb()\fR" 4 +.IX Item "EVP_des_cbc(), EVP_des_ecb(), EVP_des_cfb(), EVP_des_cfb1(), EVP_des_cfb8(), EVP_des_cfb64(), EVP_des_ofb()" +\&\s-1DES\s0 in \s-1CBC\s0, \s-1ECB\s0, \s-1CFB\s0 with 64\-bit shift, \s-1CFB\s0 with 1\-bit shift, \s-1CFB\s0 with 8\-bit +shift and \s-1OFB\s0 modes. +.IP "\fIEVP_des_ede()\fR, \fIEVP_des_ede_cbc()\fR, \fIEVP_des_ede_cfb()\fR, \fIEVP_des_ede_cfb64()\fR, \fIEVP_des_ede_ecb()\fR, \fIEVP_des_ede_ofb()\fR" 4 +.IX Item "EVP_des_ede(), EVP_des_ede_cbc(), EVP_des_ede_cfb(), EVP_des_ede_cfb64(), EVP_des_ede_ecb(), EVP_des_ede_ofb()" +Two key triple \s-1DES\s0 in \s-1ECB\s0, \s-1CBC\s0, \s-1CFB\s0 with 64\-bit shift and \s-1OFB\s0 modes. +.IP "\fIEVP_des_ede3()\fR, \fIEVP_des_ede3_cbc()\fR, \fIEVP_des_ede3_cfb()\fR, \fIEVP_des_ede3_cfb1()\fR, \fIEVP_des_ede3_cfb8()\fR, \fIEVP_des_ede3_cfb64()\fR, \fIEVP_des_ede3_ecb()\fR, \fIEVP_des_ede3_ofb()\fR" 4 +.IX Item "EVP_des_ede3(), EVP_des_ede3_cbc(), EVP_des_ede3_cfb(), EVP_des_ede3_cfb1(), EVP_des_ede3_cfb8(), EVP_des_ede3_cfb64(), EVP_des_ede3_ecb(), EVP_des_ede3_ofb()" +Three-key triple \s-1DES\s0 in \s-1ECB\s0, \s-1CBC\s0, \s-1CFB\s0 with 64\-bit shift, \s-1CFB\s0 with 1\-bit shift, +\&\s-1CFB\s0 with 8\-bit shift and \s-1OFB\s0 modes. +.IP "\fIEVP_des_ede3_wrap()\fR" 4 +.IX Item "EVP_des_ede3_wrap()" +Triple-DES key wrap according to \s-1RFC\s0 3217 Section 3. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fIEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIevp\fR\|(7), +\&\fIEVP_EncryptInit\fR\|(3), +\&\fIEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_desx_cbc.3 b/linux_amd64/share/man/man3/EVP_desx_cbc.3 new file mode 100755 index 0000000..0f1e4e6 --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_desx_cbc.3 @@ -0,0 +1,167 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_DESX_CBC 3" +.TH EVP_DESX_CBC 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_desx_cbc +\&\- EVP DES\-X cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_desx_cbc(void) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The DES-X encryption algorithm for \s-1EVP\s0. +.PP +All modes below use a key length of 128 bits and acts on blocks of 128\-bits. +.IP "\fIEVP_desx_cbc()\fR" 4 +.IX Item "EVP_desx_cbc()" +The DES-X algorithm in \s-1CBC\s0 mode. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fIEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIevp\fR\|(7), +\&\fIEVP_EncryptInit\fR\|(3), +\&\fIEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_idea_cbc.3 b/linux_amd64/share/man/man3/EVP_idea_cbc.3 new file mode 100755 index 0000000..e95243f --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_idea_cbc.3 @@ -0,0 +1,173 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_IDEA_CBC 3" +.TH EVP_IDEA_CBC 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_idea_cbc, +EVP_idea_cfb, +EVP_idea_cfb64, +EVP_idea_ecb, +EVP_idea_ofb +\&\- EVP IDEA cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_idea_cbc(void) +\& const EVP_CIPHER *EVP_idea_cfb(void) +\& const EVP_CIPHER *EVP_idea_cfb64(void) +\& const EVP_CIPHER *EVP_idea_ecb(void) +\& const EVP_CIPHER *EVP_idea_ofb(void) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1IDEA\s0 encryption algorithm for \s-1EVP\s0. +.IP "\fIEVP_idea_cbc()\fR, \fIEVP_idea_cfb()\fR, \fIEVP_idea_cfb64()\fR, \fIEVP_idea_ecb()\fR, \fIEVP_idea_ofb()\fR" 4 +.IX Item "EVP_idea_cbc(), EVP_idea_cfb(), EVP_idea_cfb64(), EVP_idea_ecb(), EVP_idea_ofb()" +The \s-1IDEA\s0 encryption algorithm in \s-1CBC\s0, \s-1CFB\s0, \s-1ECB\s0 and \s-1OFB\s0 modes respectively. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fIEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIevp\fR\|(7), +\&\fIEVP_EncryptInit\fR\|(3), +\&\fIEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_md2.3 b/linux_amd64/share/man/man3/EVP_md2.3 new file mode 100755 index 0000000..e00efcb --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_md2.3 @@ -0,0 +1,168 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_MD2 3" +.TH EVP_MD2 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_md2 +\&\- MD2 For EVP +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_MD *EVP_md2(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1MD2\s0 is a cryptographic hash function standardized in \s-1RFC\s0 1319 and designed by +Ronald Rivest. +.IP "\fIEVP_md2()\fR" 4 +.IX Item "EVP_md2()" +The \s-1MD2\s0 algorithm which produces a 128\-bit output from a given input. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the +implementation of the symmetric cipher. See \fIEVP_MD_meth_new\fR\|(3) for +details of the \fB\s-1EVP_MD\s0\fR structure. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1IETF\s0 \s-1RFC\s0 1319. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIevp\fR\|(7), +\&\fIEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_md4.3 b/linux_amd64/share/man/man3/EVP_md4.3 new file mode 100755 index 0000000..184d1a8 --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_md4.3 @@ -0,0 +1,168 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_MD4 3" +.TH EVP_MD4 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_md4 +\&\- MD4 For EVP +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_MD *EVP_md4(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1MD4\s0 is a cryptographic hash function standardized in \s-1RFC\s0 1320 and designed by +Ronald Rivest, first published in 1990. +.IP "\fIEVP_md4()\fR" 4 +.IX Item "EVP_md4()" +The \s-1MD4\s0 algorithm which produces a 128\-bit output from a given input. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the +implementation of the symmetric cipher. See \fIEVP_MD_meth_new\fR\|(3) for +details of the \fB\s-1EVP_MD\s0\fR structure. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1IETF\s0 \s-1RFC\s0 1320. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIevp\fR\|(7), +\&\fIEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_md5.3 b/linux_amd64/share/man/man3/EVP_md5.3 new file mode 100755 index 0000000..803d642 --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_md5.3 @@ -0,0 +1,179 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_MD5 3" +.TH EVP_MD5 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_md5, +EVP_md5_sha1 +\&\- MD5 For EVP +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_MD *EVP_md5(void); +\& const EVP_MD *EVP_md5_sha1(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1MD5\s0 is a cryptographic hash function standardized in \s-1RFC\s0 1321 and designed by +Ronald Rivest. +.PP +The \s-1CMU\s0 Software Engineering Institute considers \s-1MD5\s0 unsuitable for further +use since its security has been severely compromised. +.IP "\fIEVP_md5()\fR" 4 +.IX Item "EVP_md5()" +The \s-1MD5\s0 algorithm which produces a 128\-bit output from a given input. +.IP "\fIEVP_md5_sha1()\fR" 4 +.IX Item "EVP_md5_sha1()" +A hash algorithm of \s-1SSL\s0 v3 that combines \s-1MD5\s0 with \s-1SHA\-1\s0 as described in \s-1RFC\s0 +6101. +.Sp +\&\s-1WARNING:\s0 this algorithm is not intended for non-SSL usage. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the +implementation of the symmetric cipher. See \fIEVP_MD_meth_new\fR\|(3) for +details of the \fB\s-1EVP_MD\s0\fR structure. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1IETF\s0 \s-1RFC\s0 1321. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIevp\fR\|(7), +\&\fIEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_mdc2.3 b/linux_amd64/share/man/man3/EVP_mdc2.3 new file mode 100755 index 0000000..da65edd --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_mdc2.3 @@ -0,0 +1,169 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_MDC2 3" +.TH EVP_MDC2 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_mdc2 +\&\- MDC\-2 For EVP +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_MD *EVP_mdc2(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1MDC\-2\s0 (Modification Detection Code 2 or Meyer-Schilling) is a cryptographic +hash function based on a block cipher. +.IP "\fIEVP_mdc2()\fR" 4 +.IX Item "EVP_mdc2()" +The \s-1MDC\-2DES\s0 algorithm of using \s-1MDC\-2\s0 with the \s-1DES\s0 block cipher. It produces a +128\-bit output from a given input. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the +implementation of the symmetric cipher. See \fIEVP_MD_meth_new\fR\|(3) for +details of the \fB\s-1EVP_MD\s0\fR structure. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1ISO/IEC\s0 10118\-2:2000 Hash-Function 2, with \s-1DES\s0 as the underlying block cipher. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIevp\fR\|(7), +\&\fIEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_rc2_cbc.3 b/linux_amd64/share/man/man3/EVP_rc2_cbc.3 new file mode 100755 index 0000000..7510d47 --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_rc2_cbc.3 @@ -0,0 +1,187 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_RC2_CBC 3" +.TH EVP_RC2_CBC 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_rc2_cbc, +EVP_rc2_cfb, +EVP_rc2_cfb64, +EVP_rc2_ecb, +EVP_rc2_ofb, +EVP_rc2_40_cbc, +EVP_rc2_64_cbc +\&\- EVP RC2 cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_rc2_cbc(void) +\& const EVP_CIPHER *EVP_rc2_cfb(void) +\& const EVP_CIPHER *EVP_rc2_cfb64(void) +\& const EVP_CIPHER *EVP_rc2_ecb(void) +\& const EVP_CIPHER *EVP_rc2_ofb(void) +\& const EVP_CIPHER *EVP_rc2_40_cbc(void) +\& const EVP_CIPHER *EVP_rc2_64_cbc(void) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1RC2\s0 encryption algorithm for \s-1EVP\s0. +.IP "\fIEVP_rc2_cbc()\fR, \fIEVP_rc2_cfb()\fR, \fIEVP_rc2_cfb64()\fR, \fIEVP_rc2_ecb()\fR, \fIEVP_rc2_ofb()\fR" 4 +.IX Item "EVP_rc2_cbc(), EVP_rc2_cfb(), EVP_rc2_cfb64(), EVP_rc2_ecb(), EVP_rc2_ofb()" +\&\s-1RC2\s0 encryption algorithm in \s-1CBC\s0, \s-1CFB\s0, \s-1ECB\s0 and \s-1OFB\s0 modes respectively. This is a +variable key length cipher with an additional parameter called \*(L"effective key +bits\*(R" or \*(L"effective key length\*(R". By default both are set to 128 bits. +.IP "\fIEVP_rc2_40_cbc()\fR, \fIEVP_rc2_64_cbc()\fR" 4 +.IX Item "EVP_rc2_40_cbc(), EVP_rc2_64_cbc()" +\&\s-1RC2\s0 algorithm in \s-1CBC\s0 mode with a default key length and effective key length of +40 and 64 bits. +.Sp +\&\s-1WARNING:\s0 these functions are obsolete. Their usage should be replaced with the +\&\fIEVP_rc2_cbc()\fR, \fIEVP_CIPHER_CTX_set_key_length()\fR and \fIEVP_CIPHER_CTX_ctrl()\fR +functions to set the key length and effective key length. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fIEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIevp\fR\|(7), +\&\fIEVP_EncryptInit\fR\|(3), +\&\fIEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_rc4.3 b/linux_amd64/share/man/man3/EVP_rc4.3 new file mode 100755 index 0000000..6fde757 --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_rc4.3 @@ -0,0 +1,183 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_RC4 3" +.TH EVP_RC4 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_rc4, +EVP_rc4_40, +EVP_rc4_hmac_md5 +\&\- EVP RC4 stream cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_rc4(void) +\& const EVP_CIPHER *EVP_rc4_40(void) +\& const EVP_CIPHER *EVP_rc4_hmac_md5(void) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1RC4\s0 stream cipher for \s-1EVP\s0. +.IP "\fIEVP_rc4()\fR" 4 +.IX Item "EVP_rc4()" +\&\s-1RC4\s0 stream cipher. This is a variable key length cipher with a default key +length of 128 bits. +.IP "\fIEVP_rc4_40()\fR" 4 +.IX Item "EVP_rc4_40()" +\&\s-1RC4\s0 stream cipher with 40 bit key length. +.Sp +\&\s-1WARNING:\s0 this function is obsolete. Its usage should be replaced with the +\&\fIEVP_rc4()\fR and the \fIEVP_CIPHER_CTX_set_key_length()\fR functions. +.IP "\fIEVP_rc4_hmac_md5()\fR" 4 +.IX Item "EVP_rc4_hmac_md5()" +Authenticated encryption with the \s-1RC4\s0 stream cipher with \s-1MD5\s0 as \s-1HMAC\s0. +.Sp +\&\s-1WARNING:\s0 this is not intended for usage outside of \s-1TLS\s0 and requires calling of +some undocumented ctrl functions. These ciphers do not conform to the \s-1EVP\s0 \s-1AEAD\s0 +interface. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fIEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIevp\fR\|(7), +\&\fIEVP_EncryptInit\fR\|(3), +\&\fIEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_rc5_32_12_16_cbc.3 b/linux_amd64/share/man/man3/EVP_rc5_32_12_16_cbc.3 new file mode 100755 index 0000000..ac387c8 --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_rc5_32_12_16_cbc.3 @@ -0,0 +1,192 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_RC5_32_12_16_CBC 3" +.TH EVP_RC5_32_12_16_CBC 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_rc5_32_12_16_cbc, +EVP_rc5_32_12_16_cfb, +EVP_rc5_32_12_16_cfb64, +EVP_rc5_32_12_16_ecb, +EVP_rc5_32_12_16_ofb +\&\- EVP RC5 cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_rc5_32_12_16_cbc(void) +\& const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void) +\& const EVP_CIPHER *EVP_rc5_32_12_16_cfb64(void) +\& const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void) +\& const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1RC5\s0 encryption algorithm for \s-1EVP\s0. +.IP "\fIEVP_rc5_32_12_16_cbc()\fR, \fIEVP_rc5_32_12_16_cfb()\fR, \fIEVP_rc5_32_12_16_cfb64()\fR, \fIEVP_rc5_32_12_16_ecb()\fR, \fIEVP_rc5_32_12_16_ofb()\fR" 4 +.IX Item "EVP_rc5_32_12_16_cbc(), EVP_rc5_32_12_16_cfb(), EVP_rc5_32_12_16_cfb64(), EVP_rc5_32_12_16_ecb(), EVP_rc5_32_12_16_ofb()" +\&\s-1RC5\s0 encryption algorithm in \s-1CBC\s0, \s-1CFB\s0, \s-1ECB\s0 and \s-1OFB\s0 modes respectively. This is a +variable key length cipher with an additional \*(L"number of rounds\*(R" parameter. By +default the key length is set to 128 bits and 12 rounds. Alternative key lengths +can be set using \fIEVP_CIPHER_CTX_set_key_length\fR\|(3). The maximum key length is +2040 bits. +.Sp +The following rc5 specific \fIctrl\fRs are supported (see +\&\fIEVP_CIPHER_CTX_ctrl\fR\|(3)). +.RS 4 +.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_SET_RC5_ROUNDS\s0, rounds, \s-1NULL\s0)" 4 +.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC5_ROUNDS, rounds, NULL)" +Sets the number of rounds to \fBrounds\fR. This must be one of \s-1RC5_8_ROUNDS\s0, +\&\s-1RC5_12_ROUNDS\s0 or \s-1RC5_16_ROUNDS\s0. +.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_GET_RC5_ROUNDS\s0, 0, &rounds)" 4 +.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC5_ROUNDS, 0, &rounds)" +Stores the number of rounds currently configured in \fB*rounds\fR where \fB*rounds\fR +is an int. +.RE +.RS 4 +.RE +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fIEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIevp\fR\|(7), +\&\fIEVP_EncryptInit\fR\|(3), +\&\fIEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_ripemd160.3 b/linux_amd64/share/man/man3/EVP_ripemd160.3 new file mode 100755 index 0000000..b4a6d82 --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_ripemd160.3 @@ -0,0 +1,168 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_RIPEMD160 3" +.TH EVP_RIPEMD160 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_ripemd160 +\&\- RIPEMD160 For EVP +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_MD *EVP_ripemd160(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1RIPEMD\-160\s0 is a cryptographic hash function first published in 1996 belonging +to the \s-1RIPEMD\s0 family (\s-1RACE\s0 Integrity Primitives Evaluation Message Digest). +.IP "\fIEVP_ripemd160()\fR" 4 +.IX Item "EVP_ripemd160()" +The \s-1RIPEMD\-160\s0 algorithm which produces a 160\-bit output from a given input. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the +implementation of the symmetric cipher. See \fIEVP_MD_meth_new\fR\|(3) for +details of the \fB\s-1EVP_MD\s0\fR structure. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1ISO/IEC\s0 10118\-3:2016 Dedicated Hash-Function 1 (\s-1RIPEMD\-160\s0). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIevp\fR\|(7), +\&\fIEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_seed_cbc.3 b/linux_amd64/share/man/man3/EVP_seed_cbc.3 new file mode 100755 index 0000000..4e8037a --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_seed_cbc.3 @@ -0,0 +1,175 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_SEED_CBC 3" +.TH EVP_SEED_CBC 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_seed_cbc, +EVP_seed_cfb, +EVP_seed_cfb128, +EVP_seed_ecb, +EVP_seed_ofb +\&\- EVP SEED cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_seed_cbc(void) +\& const EVP_CIPHER *EVP_seed_cfb(void) +\& const EVP_CIPHER *EVP_seed_cfb128(void) +\& const EVP_CIPHER *EVP_seed_ecb(void) +\& const EVP_CIPHER *EVP_seed_ofb(void) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1SEED\s0 encryption algorithm for \s-1EVP\s0. +.PP +All modes below use a key length of 128 bits and acts on blocks of 128\-bits. +.IP "\fIEVP_seed_cbc()\fR, \fIEVP_seed_cfb()\fR, \fIEVP_seed_cfb128()\fR, \fIEVP_seed_ecb()\fR, \fIEVP_seed_ofb()\fR" 4 +.IX Item "EVP_seed_cbc(), EVP_seed_cfb(), EVP_seed_cfb128(), EVP_seed_ecb(), EVP_seed_ofb()" +The \s-1SEED\s0 encryption algorithm in \s-1CBC\s0, \s-1CFB\s0, \s-1ECB\s0 and \s-1OFB\s0 modes respectively. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fIEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIevp\fR\|(7), +\&\fIEVP_EncryptInit\fR\|(3), +\&\fIEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_set_default_properties.3 b/linux_amd64/share/man/man3/EVP_set_default_properties.3 new file mode 100755 index 0000000..0679887 --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_set_default_properties.3 @@ -0,0 +1,170 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_SET_DEFAULT_PROPERTIES 3" +.TH EVP_SET_DEFAULT_PROPERTIES 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_set_default_properties +\&\- Set default properties for future algorithm fetches +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_set_default_properties(OPENSSL_CTX *libctx, const char *propq); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIEVP_set_default_properties()\fR sets the default properties for all +future \s-1EVP\s0 algorithm fetches, implicit as well as explicit. +.PP +EVP_set_default_properties stores the properties given with the string +\&\fIpropq\fR among the \s-1EVP\s0 data that's been stored in the library context +given with \fIlibctx\fR (\s-1NULL\s0 signifies the default library context). +.PP +Any previous default property for the specified library context will +be dropped. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_set_default_properties()\fR returns 1 on success, or 0 on failure. +The latter adds an error on the error stack. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_MD_fetch\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_sha1.3 b/linux_amd64/share/man/man3/EVP_sha1.3 new file mode 100755 index 0000000..de2d36d --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_sha1.3 @@ -0,0 +1,169 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_SHA1 3" +.TH EVP_SHA1 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_sha1 +\&\- SHA\-1 For EVP +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_MD *EVP_sha1(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1SHA\-1\s0 (Secure Hash Algorithm 1) is a cryptographic hash function standardized +in \s-1NIST\s0 \s-1FIPS\s0 180\-4. The algorithm was designed by the United States National +Security Agency and initially published in 1995. +.IP "\fIEVP_sha1()\fR" 4 +.IX Item "EVP_sha1()" +The \s-1SHA\-1\s0 algorithm which produces a 160\-bit output from a given input. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the +implementation of the symmetric cipher. See \fIEVP_MD_meth_new\fR\|(3) for +details of the \fB\s-1EVP_MD\s0\fR structure. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1NIST\s0 \s-1FIPS\s0 180\-4. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIevp\fR\|(7), +\&\fIEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_sha224.3 b/linux_amd64/share/man/man3/EVP_sha224.3 new file mode 100755 index 0000000..4e2083f --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_sha224.3 @@ -0,0 +1,184 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_SHA224 3" +.TH EVP_SHA224 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_sha224, +EVP_sha256, +EVP_sha512_224, +EVP_sha512_256, +EVP_sha384, +EVP_sha512 +\&\- SHA\-2 For EVP +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_MD *EVP_sha224(void); +\& const EVP_MD *EVP_sha256(void); +\& const EVP_MD *EVP_sha512_224(void); +\& const EVP_MD *EVP_sha512_256(void); +\& const EVP_MD *EVP_sha384(void); +\& const EVP_MD *EVP_sha512(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1SHA\-2\s0 (Secure Hash Algorithm 2) is a family of cryptographic hash functions +standardized in \s-1NIST\s0 \s-1FIPS\s0 180\-4, first published in 2001. +.IP "\fIEVP_sha224()\fR, \fIEVP_sha256()\fR, EVP_sha512_224, EVP_sha512_256, \fIEVP_sha384()\fR, \fIEVP_sha512()\fR" 4 +.IX Item "EVP_sha224(), EVP_sha256(), EVP_sha512_224, EVP_sha512_256, EVP_sha384(), EVP_sha512()" +The \s-1SHA\-2\s0 \s-1SHA\-224\s0, \s-1SHA\-256\s0, \s-1SHA\-512/224\s0, \s-1SHA512/256\s0, \s-1SHA\-384\s0 and \s-1SHA\-512\s0 +algorithms, which generate 224, 256, 224, 256, 384 and 512 bits +respectively of output from a given input. +.Sp +The two algorithms: \s-1SHA\-512/224\s0 and \s-1SHA512/256\s0 are truncated forms of the +\&\s-1SHA\-512\s0 algorithm. They are distinct from \s-1SHA\-224\s0 and \s-1SHA\-256\s0 even though +their outputs are of the same size. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the +implementation of the symmetric cipher. See \fIEVP_MD_meth_new\fR\|(3) for +details of the \fB\s-1EVP_MD\s0\fR structure. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1NIST\s0 \s-1FIPS\s0 180\-4. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIevp\fR\|(7), +\&\fIEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_sha3_224.3 b/linux_amd64/share/man/man3/EVP_sha3_224.3 new file mode 100755 index 0000000..dde361e --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_sha3_224.3 @@ -0,0 +1,189 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_SHA3_224 3" +.TH EVP_SHA3_224 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_sha3_224, +EVP_sha3_256, +EVP_sha3_384, +EVP_sha3_512, +EVP_shake128, +EVP_shake256 +\&\- SHA\-3 For EVP +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_MD *EVP_sha3_224(void); +\& const EVP_MD *EVP_sha3_256(void); +\& const EVP_MD *EVP_sha3_384(void); +\& const EVP_MD *EVP_sha3_512(void); +\& +\& const EVP_MD *EVP_shake128(void); +\& const EVP_MD *EVP_shake256(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1SHA\-3\s0 (Secure Hash Algorithm 3) is a family of cryptographic hash functions +standardized in \s-1NIST\s0 \s-1FIPS\s0 202, first published in 2015. It is based on the +Keccak algorithm. +.IP "\fIEVP_sha3_224()\fR, \fIEVP_sha3_256()\fR, \fIEVP_sha3_384()\fR, \fIEVP_sha3_512()\fR" 4 +.IX Item "EVP_sha3_224(), EVP_sha3_256(), EVP_sha3_384(), EVP_sha3_512()" +The \s-1SHA\-3\s0 \s-1SHA\-3\-224\s0, \s-1SHA\-3\-256\s0, \s-1SHA\-3\-384\s0, and \s-1SHA\-3\-512\s0 algorithms +respectively. They produce 224, 256, 384 and 512 bits of output from a given +input. +.IP "\fIEVP_shake128()\fR, \fIEVP_shake256()\fR" 4 +.IX Item "EVP_shake128(), EVP_shake256()" +The \s-1SHAKE\-128\s0 and \s-1SHAKE\-256\s0 Extendable Output Functions (\s-1XOF\s0) that can generate +a variable hash length. +.Sp +Specifically, \fBEVP_shake128\fR provides an overall security of 128 bits, while +\&\fBEVP_shake256\fR provides that of 256 bits. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the +implementation of the symmetric cipher. See \fIEVP_MD_meth_new\fR\|(3) for +details of the \fB\s-1EVP_MD\s0\fR structure. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1NIST\s0 \s-1FIPS\s0 202. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIevp\fR\|(7), +\&\fIEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_sm3.3 b/linux_amd64/share/man/man3/EVP_sm3.3 new file mode 100755 index 0000000..5fe265d --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_sm3.3 @@ -0,0 +1,169 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_SM3 3" +.TH EVP_SM3 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_sm3 +\&\- SM3 for EVP +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_MD *EVP_sm3(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1SM3\s0 is a cryptographic hash function with a 256\-bit output, defined in \s-1GB/T\s0 +32905\-2016. +.IP "\fIEVP_sm3()\fR" 4 +.IX Item "EVP_sm3()" +The \s-1SM3\s0 hash function. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the +implementation of the symmetric cipher. See \fIEVP_MD_meth_new\fR\|(3) for +details of the \fB\s-1EVP_MD\s0\fR structure. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1GB/T\s0 32905\-2016 and \s-1GM/T\s0 0004\-2012. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIevp\fR\|(7), +\&\fIEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017 Ribose Inc. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_sm4_cbc.3 b/linux_amd64/share/man/man3/EVP_sm4_cbc.3 new file mode 100755 index 0000000..f135964 --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_sm4_cbc.3 @@ -0,0 +1,179 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_SM4_CBC 3" +.TH EVP_SM4_CBC 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_sm4_cbc, +EVP_sm4_ecb, +EVP_sm4_cfb, +EVP_sm4_cfb128, +EVP_sm4_ofb, +EVP_sm4_ctr +\&\- EVP SM4 cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_sm4_cbc(void); +\& const EVP_CIPHER *EVP_sm4_ecb(void); +\& const EVP_CIPHER *EVP_sm4_cfb(void); +\& const EVP_CIPHER *EVP_sm4_cfb128(void); +\& const EVP_CIPHER *EVP_sm4_ofb(void); +\& const EVP_CIPHER *EVP_sm4_ctr(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1SM4\s0 blockcipher (\s-1GB/T\s0 32907\-2016) for \s-1EVP\s0. +.PP +All modes below use a key length of 128 bits and acts on blocks of 128 bits. +.IP "\fIEVP_sm4_cbc()\fR, \fIEVP_sm4_ecb()\fR, \fIEVP_sm4_cfb()\fR, \fIEVP_sm4_cfb128()\fR, \fIEVP_sm4_ofb()\fR, \fIEVP_sm4_ctr()\fR" 4 +.IX Item "EVP_sm4_cbc(), EVP_sm4_ecb(), EVP_sm4_cfb(), EVP_sm4_cfb128(), EVP_sm4_ofb(), EVP_sm4_ctr()" +The \s-1SM4\s0 blockcipher with a 128\-bit key in \s-1CBC\s0, \s-1ECB\s0, \s-1CFB\s0, \s-1OFB\s0 and \s-1CTR\s0 modes +respectively. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return a \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fIEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIevp\fR\|(7), +\&\fIEVP_EncryptInit\fR\|(3), +\&\fIEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017 Ribose Inc. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/EVP_whirlpool.3 b/linux_amd64/share/man/man3/EVP_whirlpool.3 new file mode 100755 index 0000000..f406fae --- /dev/null +++ b/linux_amd64/share/man/man3/EVP_whirlpool.3 @@ -0,0 +1,169 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_WHIRLPOOL 3" +.TH EVP_WHIRLPOOL 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_whirlpool +\&\- WHIRLPOOL For EVP +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_MD *EVP_whirlpool(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1WHIRLPOOL\s0 is a cryptographic hash function standardized in \s-1ISO/IEC\s0 10118\-3:2004 +designed by Vincent Rijmen and Paulo S. L. M. Barreto. +.IP "\fIEVP_whirlpool()\fR" 4 +.IX Item "EVP_whirlpool()" +The \s-1WHIRLPOOL\s0 algorithm that produces a message digest of 512\-bits from a given +input. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the +implementation of the symmetric cipher. See \fIEVP_MD_meth_new\fR\|(3) for +details of the \fB\s-1EVP_MD\s0\fR structure. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1ISO/IEC\s0 10118\-3:2004. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIevp\fR\|(7), +\&\fIEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/HMAC.3 b/linux_amd64/share/man/man3/HMAC.3 new file mode 100755 index 0000000..64bce32 --- /dev/null +++ b/linux_amd64/share/man/man3/HMAC.3 @@ -0,0 +1,294 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "HMAC 3" +.TH HMAC 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +HMAC, +HMAC_CTX_new, +HMAC_CTX_reset, +HMAC_CTX_free, +HMAC_Init, +HMAC_Init_ex, +HMAC_Update, +HMAC_Final, +HMAC_CTX_copy, +HMAC_CTX_set_flags, +HMAC_CTX_get_md, +HMAC_size +\&\- HMAC message authentication code +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 3 +\& unsigned char *HMAC(const EVP_MD *evp_md, const void *key, +\& int key_len, const unsigned char *d, int n, +\& unsigned char *md, unsigned int *md_len); +\& +\& HMAC_CTX *HMAC_CTX_new(void); +\& int HMAC_CTX_reset(HMAC_CTX *ctx); +\& +\& int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len, +\& const EVP_MD *md, ENGINE *impl); +\& int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len); +\& int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len); +\& +\& void HMAC_CTX_free(HMAC_CTX *ctx); +\& +\& int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx); +\& void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags); +\& const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx); +\& +\& size_t HMAC_size(const HMAC_CTX *e); +.Ve +.PP +Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 2 +\& int HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len, +\& const EVP_MD *md); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. Applications should +instead use \fIEVP_MAC_CTX_new\fR\|(3), \fIEVP_MAC_CTX_free\fR\|(3), \fIEVP_MAC_init\fR\|(3), +\&\fIEVP_MAC_update\fR\|(3) and \fIEVP_MAC_final\fR\|(3). +.PP +\&\s-1HMAC\s0 is a \s-1MAC\s0 (message authentication code), i.e. a keyed hash +function used for message authentication, which is based on a hash +function. +.PP +\&\s-1\fIHMAC\s0()\fR computes the message authentication code of the \fBn\fR bytes at +\&\fBd\fR using the hash function \fBevp_md\fR and the key \fBkey\fR which is +\&\fBkey_len\fR bytes long. +.PP +It places the result in \fBmd\fR (which must have space for the output of +the hash function, which is no more than \fB\s-1EVP_MAX_MD_SIZE\s0\fR bytes). +If \fBmd\fR is \s-1NULL\s0, the digest is placed in a static array. The size of +the output is placed in \fBmd_len\fR, unless it is \fB\s-1NULL\s0\fR. Note: passing a \s-1NULL\s0 +value for \fBmd\fR to use the static array is not thread safe. +.PP +\&\fBevp_md\fR is a message digest such as \fIEVP_sha1()\fR, \fIEVP_ripemd160()\fR etc. \s-1HMAC\s0 does +not support variable output length digests such as \fIEVP_shake128()\fR and +\&\fIEVP_shake256()\fR. +.PP +\&\fIHMAC_CTX_new()\fR creates a new \s-1HMAC_CTX\s0 in heap memory. +.PP +\&\fIHMAC_CTX_reset()\fR clears an existing \fB\s-1HMAC_CTX\s0\fR and associated +resources, making it suitable for new computations as if it was newly +created with \fIHMAC_CTX_new()\fR. +.PP +\&\fIHMAC_CTX_free()\fR erases the key and other data from the \fB\s-1HMAC_CTX\s0\fR, +releases any associated resources and finally frees the \fB\s-1HMAC_CTX\s0\fR +itself. +.PP +The following functions may be used if the message is not completely +stored in memory: +.PP +\&\fIHMAC_Init_ex()\fR initializes or reuses a \fB\s-1HMAC_CTX\s0\fR structure to use the hash +function \fBevp_md\fR and key \fBkey\fR. If both are \s-1NULL\s0, or if \fBkey\fR is \s-1NULL\s0 +and \fBevp_md\fR is the same as the previous call, then the +existing key is +reused. \fBctx\fR must have been created with \fIHMAC_CTX_new()\fR before the first use +of an \fB\s-1HMAC_CTX\s0\fR in this function. +.PP +If \fIHMAC_Init_ex()\fR is called with \fBkey\fR \s-1NULL\s0 and \fBevp_md\fR is not the +same as the previous digest used by \fBctx\fR then an error is returned +because reuse of an existing key with a different digest is not supported. +.PP +\&\fIHMAC_Init()\fR initializes a \fB\s-1HMAC_CTX\s0\fR structure to use the hash +function \fBevp_md\fR and the key \fBkey\fR which is \fBkey_len\fR bytes +long. +.PP +\&\fIHMAC_Update()\fR can be called repeatedly with chunks of the message to +be authenticated (\fBlen\fR bytes at \fBdata\fR). +.PP +\&\fIHMAC_Final()\fR places the message authentication code in \fBmd\fR, which +must have space for the hash function output. +.PP +\&\fIHMAC_CTX_copy()\fR copies all of the internal state from \fBsctx\fR into \fBdctx\fR. +.PP +\&\fIHMAC_CTX_set_flags()\fR applies the specified flags to the internal EVP_MD_CTXs. +These flags have the same meaning as for \fIEVP_MD_CTX_set_flags\fR\|(3). +.PP +\&\fIHMAC_CTX_get_md()\fR returns the \s-1EVP_MD\s0 that has previously been set for the +supplied \s-1HMAC_CTX\s0. +.PP +\&\fIHMAC_size()\fR returns the length in bytes of the underlying hash function output. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\s-1\fIHMAC\s0()\fR returns a pointer to the message authentication code or \s-1NULL\s0 if +an error occurred. +.PP +\&\fIHMAC_CTX_new()\fR returns a pointer to a new \fB\s-1HMAC_CTX\s0\fR on success or +\&\fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fIHMAC_CTX_reset()\fR, \fIHMAC_Init_ex()\fR, \fIHMAC_Update()\fR, \fIHMAC_Final()\fR and +\&\fIHMAC_CTX_copy()\fR return 1 for success or 0 if an error occurred. +.PP +\&\fIHMAC_CTX_get_md()\fR return the \s-1EVP_MD\s0 previously set for the supplied \s-1HMAC_CTX\s0 or +\&\s-1NULL\s0 if no \s-1EVP_MD\s0 has been set. +.PP +\&\fIHMAC_size()\fR returns the length in bytes of the underlying hash function output +or zero on error. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1RFC\s0 2104 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fISHA1\s0\fR\|(3), \fIevp\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. +.PP +\&\fIHMAC_CTX_init()\fR was replaced with \fIHMAC_CTX_reset()\fR in OpenSSL 1.1.0. +.PP +\&\fIHMAC_CTX_cleanup()\fR existed in OpenSSL before version 1.1.0. +.PP +\&\fIHMAC_CTX_new()\fR, \fIHMAC_CTX_free()\fR and \fIHMAC_CTX_get_md()\fR are new in OpenSSL 1.1.0. +.PP +\&\fIHMAC_Init_ex()\fR, \fIHMAC_Update()\fR and \fIHMAC_Final()\fR did not return values in +OpenSSL before version 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/MD5.3 b/linux_amd64/share/man/man3/MD5.3 new file mode 100755 index 0000000..2facb70 --- /dev/null +++ b/linux_amd64/share/man/man3/MD5.3 @@ -0,0 +1,241 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "MD5 3" +.TH MD5 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +MD2, MD4, MD5, MD2_Init, MD2_Update, MD2_Final, MD4_Init, MD4_Update, +MD4_Final, MD5_Init, MD5_Update, MD5_Final \- MD2, MD4, and MD5 hash functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& unsigned char *MD2(const unsigned char *d, unsigned long n, unsigned char *md); +\& +\& int MD2_Init(MD2_CTX *c); +\& int MD2_Update(MD2_CTX *c, const unsigned char *data, unsigned long len); +\& int MD2_Final(unsigned char *md, MD2_CTX *c); +\& +\& +\& #include +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& unsigned char *MD4(const unsigned char *d, unsigned long n, unsigned char *md); +\& +\& int MD4_Init(MD4_CTX *c); +\& int MD4_Update(MD4_CTX *c, const void *data, unsigned long len); +\& int MD4_Final(unsigned char *md, MD4_CTX *c); +\& +\& +\& #include +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& unsigned char *MD5(const unsigned char *d, unsigned long n, unsigned char *md); +\& +\& int MD5_Init(MD5_CTX *c); +\& int MD5_Update(MD5_CTX *c, const void *data, unsigned long len); +\& int MD5_Final(unsigned char *md, MD5_CTX *c); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. +Applications should instead use \fIEVP_DigestInit_ex\fR\|(3), \fIEVP_DigestUpdate\fR\|(3) +and \fIEVP_DigestFinal_ex\fR\|(3). +.PP +\&\s-1MD2\s0, \s-1MD4\s0, and \s-1MD5\s0 are cryptographic hash functions with a 128 bit output. +.PP +\&\s-1\fIMD2\s0()\fR, \s-1\fIMD4\s0()\fR, and \s-1\fIMD5\s0()\fR compute the \s-1MD2\s0, \s-1MD4\s0, and \s-1MD5\s0 message digest +of the \fBn\fR bytes at \fBd\fR and place it in \fBmd\fR (which must have space +for \s-1MD2_DIGEST_LENGTH\s0 == \s-1MD4_DIGEST_LENGTH\s0 == \s-1MD5_DIGEST_LENGTH\s0 == 16 +bytes of output). If \fBmd\fR is \s-1NULL\s0, the digest is placed in a static +array. +.PP +The following functions may be used if the message is not completely +stored in memory: +.PP +\&\fIMD2_Init()\fR initializes a \fB\s-1MD2_CTX\s0\fR structure. +.PP +\&\fIMD2_Update()\fR can be called repeatedly with chunks of the message to +be hashed (\fBlen\fR bytes at \fBdata\fR). +.PP +\&\fIMD2_Final()\fR places the message digest in \fBmd\fR, which must have space +for \s-1MD2_DIGEST_LENGTH\s0 == 16 bytes of output, and erases the \fB\s-1MD2_CTX\s0\fR. +.PP +\&\fIMD4_Init()\fR, \fIMD4_Update()\fR, \fIMD4_Final()\fR, \fIMD5_Init()\fR, \fIMD5_Update()\fR, and +\&\fIMD5_Final()\fR are analogous using an \fB\s-1MD4_CTX\s0\fR and \fB\s-1MD5_CTX\s0\fR structure. +.PP +Applications should use the higher level functions +\&\fIEVP_DigestInit\fR\|(3) +etc. instead of calling the hash functions directly. +.SH "NOTE" +.IX Header "NOTE" +\&\s-1MD2\s0, \s-1MD4\s0, and \s-1MD5\s0 are recommended only for compatibility with existing +applications. In new applications, \s-1SHA\-1\s0 or \s-1RIPEMD\-160\s0 should be +preferred. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\s-1\fIMD2\s0()\fR, \s-1\fIMD4\s0()\fR, and \s-1\fIMD5\s0()\fR return pointers to the hash value. +.PP +\&\fIMD2_Init()\fR, \fIMD2_Update()\fR, \fIMD2_Final()\fR, \fIMD4_Init()\fR, \fIMD4_Update()\fR, +\&\fIMD4_Final()\fR, \fIMD5_Init()\fR, \fIMD5_Update()\fR, and \fIMD5_Final()\fR return 1 for +success, 0 otherwise. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1RFC\s0 1319, \s-1RFC\s0 1320, \s-1RFC\s0 1321 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_DigestInit\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/MDC2_Init.3 b/linux_amd64/share/man/man3/MDC2_Init.3 new file mode 100755 index 0000000..ae51356 --- /dev/null +++ b/linux_amd64/share/man/man3/MDC2_Init.3 @@ -0,0 +1,203 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "MDC2_INIT 3" +.TH MDC2_INIT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +MDC2, MDC2_Init, MDC2_Update, MDC2_Final \- MDC2 hash function +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 2 +\& unsigned char *MDC2(const unsigned char *d, unsigned long n, +\& unsigned char *md); +\& +\& int MDC2_Init(MDC2_CTX *c); +\& int MDC2_Update(MDC2_CTX *c, const unsigned char *data, +\& unsigned long len); +\& int MDC2_Final(unsigned char *md, MDC2_CTX *c); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. +Applications should instead use \fIEVP_DigestInit_ex\fR\|(3), \fIEVP_DigestUpdate\fR\|(3) +and \fIEVP_DigestFinal_ex\fR\|(3). +.PP +\&\s-1MDC2\s0 is a method to construct hash functions with 128 bit output from +block ciphers. These functions are an implementation of \s-1MDC2\s0 with +\&\s-1DES\s0. +.PP +\&\s-1\fIMDC2\s0()\fR computes the \s-1MDC2\s0 message digest of the \fBn\fR +bytes at \fBd\fR and places it in \fBmd\fR (which must have space for +\&\s-1MDC2_DIGEST_LENGTH\s0 == 16 bytes of output). If \fBmd\fR is \s-1NULL\s0, the digest +is placed in a static array. +.PP +The following functions may be used if the message is not completely +stored in memory: +.PP +\&\fIMDC2_Init()\fR initializes a \fB\s-1MDC2_CTX\s0\fR structure. +.PP +\&\fIMDC2_Update()\fR can be called repeatedly with chunks of the message to +be hashed (\fBlen\fR bytes at \fBdata\fR). +.PP +\&\fIMDC2_Final()\fR places the message digest in \fBmd\fR, which must have space +for \s-1MDC2_DIGEST_LENGTH\s0 == 16 bytes of output, and erases the \fB\s-1MDC2_CTX\s0\fR. +.PP +Applications should use the higher level functions +\&\fIEVP_DigestInit\fR\|(3) etc. instead of calling the +hash functions directly. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\s-1\fIMDC2\s0()\fR returns a pointer to the hash value. +.PP +\&\fIMDC2_Init()\fR, \fIMDC2_Update()\fR and \fIMDC2_Final()\fR return 1 for success, 0 otherwise. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1ISO/IEC\s0 10118\-2:2000 Hash-Function 2, with \s-1DES\s0 as the underlying block cipher. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_DigestInit\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/OBJ_nid2obj.3 b/linux_amd64/share/man/man3/OBJ_nid2obj.3 new file mode 100755 index 0000000..1eca971 --- /dev/null +++ b/linux_amd64/share/man/man3/OBJ_nid2obj.3 @@ -0,0 +1,322 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OBJ_NID2OBJ 3" +.TH OBJ_NID2OBJ 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +i2t_ASN1_OBJECT, +OBJ_length, OBJ_get0_data, OBJ_nid2obj, OBJ_nid2ln, +OBJ_nid2sn, OBJ_obj2nid, OBJ_txt2nid, OBJ_ln2nid, OBJ_sn2nid, OBJ_cmp, +OBJ_dup, OBJ_txt2obj, OBJ_obj2txt, OBJ_create, OBJ_cleanup +\&\- ASN1 object utility functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& ASN1_OBJECT *OBJ_nid2obj(int n); +\& const char *OBJ_nid2ln(int n); +\& const char *OBJ_nid2sn(int n); +\& +\& int OBJ_obj2nid(const ASN1_OBJECT *o); +\& int OBJ_ln2nid(const char *ln); +\& int OBJ_sn2nid(const char *sn); +\& +\& int OBJ_txt2nid(const char *s); +\& +\& ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name); +\& int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name); +\& +\& int i2t_ASN1_OBJECT(char *buf, int buf_len, const ASN1_OBJECT *a); +\& +\& int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b); +\& ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o); +\& +\& int OBJ_create(const char *oid, const char *sn, const char *ln); +\& +\& size_t OBJ_length(const ASN1_OBJECT *obj); +\& const unsigned char *OBJ_get0_data(const ASN1_OBJECT *obj); +.Ve +.PP +Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& void OBJ_cleanup(void) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1ASN1\s0 object utility functions process \s-1ASN1_OBJECT\s0 structures which are +a representation of the \s-1ASN1\s0 \s-1OBJECT\s0 \s-1IDENTIFIER\s0 (\s-1OID\s0) type. +For convenience, OIDs are usually represented in source code as numeric +identifiers, or \fB\s-1NID\s0\fRs. OpenSSL has an internal table of OIDs that +are generated when the library is built, and their corresponding NIDs +are available as defined constants. For the functions below, application +code should treat all returned values \*(-- OIDs, NIDs, or names \*(-- as +constants. +.PP +\&\fIOBJ_nid2obj()\fR, \fIOBJ_nid2ln()\fR and \fIOBJ_nid2sn()\fR convert the \s-1NID\s0 \fBn\fR to +an \s-1ASN1_OBJECT\s0 structure, its long name and its short name respectively, +or \fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fIOBJ_obj2nid()\fR, \fIOBJ_ln2nid()\fR, \fIOBJ_sn2nid()\fR return the corresponding \s-1NID\s0 +for the object \fBo\fR, the long name or the short name respectively +or NID_undef if an error occurred. +.PP +\&\fIOBJ_txt2nid()\fR returns \s-1NID\s0 corresponding to text string . \fBs\fR can be +a long name, a short name or the numerical representation of an object. +.PP +\&\fIOBJ_txt2obj()\fR converts the text string \fBs\fR into an \s-1ASN1_OBJECT\s0 structure. +If \fBno_name\fR is 0 then long names and short names will be interpreted +as well as numerical forms. If \fBno_name\fR is 1 only the numerical form +is acceptable. +.PP +\&\fIOBJ_obj2txt()\fR converts the \fB\s-1ASN1_OBJECT\s0\fR \fBa\fR into a textual representation. +The representation is written as a null terminated string to \fBbuf\fR +at most \fBbuf_len\fR bytes are written, truncating the result if necessary. +The total amount of space required is returned. If \fBno_name\fR is 0 then +if the object has a long or short name then that will be used, otherwise +the numerical form will be used. If \fBno_name\fR is 1 then the numerical +form will always be used. +.PP +\&\fIi2t_ASN1_OBJECT()\fR is the same as \fIOBJ_obj2txt()\fR with the \fBno_name\fR set to zero. +.PP +\&\fIOBJ_cmp()\fR compares \fBa\fR to \fBb\fR. If the two are identical 0 is returned. +.PP +\&\fIOBJ_dup()\fR returns a copy of \fBo\fR. +.PP +\&\fIOBJ_create()\fR adds a new object to the internal table. \fBoid\fR is the +numerical form of the object, \fBsn\fR the short name and \fBln\fR the +long name. A new \s-1NID\s0 is returned for the created object in case of +success and NID_undef in case of failure. +.PP +\&\fIOBJ_length()\fR returns the size of the content octets of \fBobj\fR. +.PP +\&\fIOBJ_get0_data()\fR returns a pointer to the content octets of \fBobj\fR. +The returned pointer is an internal pointer which \fBmust not\fR be freed. +.PP +\&\fIOBJ_cleanup()\fR releases any resources allocated by creating new objects. +.SH "NOTES" +.IX Header "NOTES" +Objects in OpenSSL can have a short name, a long name and a numerical +identifier (\s-1NID\s0) associated with them. A standard set of objects is +represented in an internal table. The appropriate values are defined +in the header file \fBobjects.h\fR. +.PP +For example the \s-1OID\s0 for commonName has the following definitions: +.PP +.Vb 3 +\& #define SN_commonName "CN" +\& #define LN_commonName "commonName" +\& #define NID_commonName 13 +.Ve +.PP +New objects can be added by calling \fIOBJ_create()\fR. +.PP +Table objects have certain advantages over other objects: for example +their NIDs can be used in a C language switch statement. They are +also static constant structures which are shared: that is there +is only a single constant structure for each table object. +.PP +Objects which are not in the table have the \s-1NID\s0 value NID_undef. +.PP +Objects do not need to be in the internal tables to be processed, +the functions \fIOBJ_txt2obj()\fR and \fIOBJ_obj2txt()\fR can process the numerical +form of an \s-1OID\s0. +.PP +Some objects are used to represent algorithms which do not have a +corresponding \s-1ASN\s0.1 \s-1OBJECT\s0 \s-1IDENTIFIER\s0 encoding (for example no \s-1OID\s0 currently +exists for a particular algorithm). As a result they \fBcannot\fR be encoded or +decoded as part of \s-1ASN\s0.1 structures. Applications can determine if there +is a corresponding \s-1OBJECT\s0 \s-1IDENTIFIER\s0 by checking \fIOBJ_length()\fR is not zero. +.PP +These functions cannot return \fBconst\fR because an \fB\s-1ASN1_OBJECT\s0\fR can +represent both an internal, constant, \s-1OID\s0 and a dynamically-created one. +The latter cannot be constant because it needs to be freed after use. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOBJ_nid2obj()\fR returns an \fB\s-1ASN1_OBJECT\s0\fR structure or \fB\s-1NULL\s0\fR is an +error occurred. +.PP +\&\fIOBJ_nid2ln()\fR and \fIOBJ_nid2sn()\fR returns a valid string or \fB\s-1NULL\s0\fR +on error. +.PP +\&\fIOBJ_obj2nid()\fR, \fIOBJ_ln2nid()\fR, \fIOBJ_sn2nid()\fR and \fIOBJ_txt2nid()\fR return +a \s-1NID\s0 or \fBNID_undef\fR on error. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Create an object for \fBcommonName\fR: +.PP +.Vb 1 +\& ASN1_OBJECT *o = OBJ_nid2obj(NID_commonName); +.Ve +.PP +Check if an object is \fBcommonName\fR +.PP +.Vb 2 +\& if (OBJ_obj2nid(obj) == NID_commonName) +\& /* Do something */ +.Ve +.PP +Create a new \s-1NID\s0 and initialize an object from it: +.PP +.Vb 2 +\& int new_nid = OBJ_create("1.2.3.4", "NewOID", "New Object Identifier"); +\& ASN1_OBJECT *obj = OBJ_nid2obj(new_nid); +.Ve +.PP +Create a new object directly: +.PP +.Vb 1 +\& obj = OBJ_txt2obj("1.2.3.4", 1); +.Ve +.SH "BUGS" +.IX Header "BUGS" +\&\fIOBJ_obj2txt()\fR is awkward and messy to use: it doesn't follow the +convention of other OpenSSL functions where the buffer can be set +to \fB\s-1NULL\s0\fR to determine the amount of data that should be written. +Instead \fBbuf\fR must point to a valid buffer and \fBbuf_len\fR should +be set to a positive value. A buffer length of 80 should be more +than enough to handle any \s-1OID\s0 encountered in practice. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIOBJ_cleanup()\fR was deprecated in OpenSSL 1.1.0 by \fIOPENSSL_init_crypto\fR\|(3) +and should not be used. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/OCSP_REQUEST_new.3 b/linux_amd64/share/man/man3/OCSP_REQUEST_new.3 new file mode 100755 index 0000000..c21456f --- /dev/null +++ b/linux_amd64/share/man/man3/OCSP_REQUEST_new.3 @@ -0,0 +1,241 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OCSP_REQUEST_NEW 3" +.TH OCSP_REQUEST_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OCSP_REQUEST_new, OCSP_REQUEST_free, OCSP_request_add0_id, OCSP_request_sign, +OCSP_request_add1_cert, OCSP_request_onereq_count, +OCSP_request_onereq_get0 \- OCSP request functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& OCSP_REQUEST *OCSP_REQUEST_new(void); +\& void OCSP_REQUEST_free(OCSP_REQUEST *req); +\& +\& OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid); +\& +\& int OCSP_request_sign(OCSP_REQUEST *req, +\& X509 *signer, EVP_PKEY *key, const EVP_MD *dgst, +\& STACK_OF(X509) *certs, unsigned long flags); +\& +\& int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert); +\& +\& int OCSP_request_onereq_count(OCSP_REQUEST *req); +\& OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIOCSP_REQUEST_new()\fR allocates and returns an empty \fB\s-1OCSP_REQUEST\s0\fR structure. +.PP +\&\fIOCSP_REQUEST_free()\fR frees up the request structure \fBreq\fR. +.PP +\&\fIOCSP_request_add0_id()\fR adds certificate \s-1ID\s0 \fBcid\fR to \fBreq\fR. It returns +the \fB\s-1OCSP_ONEREQ\s0\fR structure added so an application can add additional +extensions to the request. The \fBid\fR parameter \fB\s-1MUST\s0 \s-1NOT\s0\fR be freed up after +the operation. +.PP +\&\fIOCSP_request_sign()\fR signs \s-1OCSP\s0 request \fBreq\fR using certificate +\&\fBsigner\fR, private key \fBkey\fR, digest \fBdgst\fR and additional certificates +\&\fBcerts\fR. If the \fBflags\fR option \fB\s-1OCSP_NOCERTS\s0\fR is set then no certificates +will be included in the request. +.PP +\&\fIOCSP_request_add1_cert()\fR adds certificate \fBcert\fR to request \fBreq\fR. The +application is responsible for freeing up \fBcert\fR after use. +.PP +\&\fIOCSP_request_onereq_count()\fR returns the total number of \fB\s-1OCSP_ONEREQ\s0\fR +structures in \fBreq\fR. +.PP +\&\fIOCSP_request_onereq_get0()\fR returns an internal pointer to the \fB\s-1OCSP_ONEREQ\s0\fR +contained in \fBreq\fR of index \fBi\fR. The index value \fBi\fR runs from 0 to +OCSP_request_onereq_count(req) \- 1. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOCSP_REQUEST_new()\fR returns an empty \fB\s-1OCSP_REQUEST\s0\fR structure or \fB\s-1NULL\s0\fR if +an error occurred. +.PP +\&\fIOCSP_request_add0_id()\fR returns the \fB\s-1OCSP_ONEREQ\s0\fR structure containing \fBcid\fR +or \fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fIOCSP_request_sign()\fR and \fIOCSP_request_add1_cert()\fR return 1 for success and 0 +for failure. +.PP +\&\fIOCSP_request_onereq_count()\fR returns the total number of \fB\s-1OCSP_ONEREQ\s0\fR +structures in \fBreq\fR. +.PP +\&\fIOCSP_request_onereq_get0()\fR returns a pointer to an \fB\s-1OCSP_ONEREQ\s0\fR structure +or \fB\s-1NULL\s0\fR if the index value is out or range. +.SH "NOTES" +.IX Header "NOTES" +An \s-1OCSP\s0 request structure contains one or more \fB\s-1OCSP_ONEREQ\s0\fR structures +corresponding to each certificate. +.PP +\&\fIOCSP_request_onereq_count()\fR and \fIOCSP_request_onereq_get0()\fR are mainly used by +\&\s-1OCSP\s0 responders. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Create an \fB\s-1OCSP_REQUEST\s0\fR structure for certificate \fBcert\fR with issuer +\&\fBissuer\fR: +.PP +.Vb 2 +\& OCSP_REQUEST *req; +\& OCSP_ID *cid; +\& +\& req = OCSP_REQUEST_new(); +\& if (req == NULL) +\& /* error */ +\& cid = OCSP_cert_to_id(EVP_sha1(), cert, issuer); +\& if (cid == NULL) +\& /* error */ +\& +\& if (OCSP_REQUEST_add0_id(req, cid) == NULL) +\& /* error */ +\& +\& /* Do something with req, e.g. query responder */ +\& +\& OCSP_REQUEST_free(req); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIcrypto\fR\|(7), +\&\fIOCSP_cert_to_id\fR\|(3), +\&\fIOCSP_request_add1_nonce\fR\|(3), +\&\fIOCSP_resp_find_status\fR\|(3), +\&\fIOCSP_response_status\fR\|(3), +\&\fIOCSP_sendreq_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/OCSP_cert_to_id.3 b/linux_amd64/share/man/man3/OCSP_cert_to_id.3 new file mode 100755 index 0000000..8122390 --- /dev/null +++ b/linux_amd64/share/man/man3/OCSP_cert_to_id.3 @@ -0,0 +1,210 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OCSP_CERT_TO_ID 3" +.TH OCSP_CERT_TO_ID 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OCSP_cert_to_id, OCSP_cert_id_new, OCSP_CERTID_free, OCSP_id_issuer_cmp, +OCSP_id_cmp, OCSP_id_get0_info \- OCSP certificate ID utility functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, +\& X509 *subject, X509 *issuer); +\& +\& OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, +\& X509_NAME *issuerName, +\& ASN1_BIT_STRING *issuerKey, +\& ASN1_INTEGER *serialNumber); +\& +\& void OCSP_CERTID_free(OCSP_CERTID *id); +\& +\& int OCSP_id_issuer_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b); +\& int OCSP_id_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b); +\& +\& int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd, +\& ASN1_OCTET_STRING **pikeyHash, +\& ASN1_INTEGER **pserial, OCSP_CERTID *cid); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIOCSP_cert_to_id()\fR creates and returns a new \fB\s-1OCSP_CERTID\s0\fR structure using +message digest \fBdgst\fR for certificate \fBsubject\fR with issuer \fBissuer\fR. If +\&\fBdgst\fR is \fB\s-1NULL\s0\fR then \s-1SHA1\s0 is used. +.PP +\&\fIOCSP_cert_id_new()\fR creates and returns a new \fB\s-1OCSP_CERTID\s0\fR using \fBdgst\fR and +issuer name \fBissuerName\fR, issuer key hash \fBissuerKey\fR and serial number +\&\fBserialNumber\fR. +.PP +\&\fIOCSP_CERTID_free()\fR frees up \fBid\fR. +.PP +\&\fIOCSP_id_cmp()\fR compares \fB\s-1OCSP_CERTID\s0\fR \fBa\fR and \fBb\fR. +.PP +\&\fIOCSP_id_issuer_cmp()\fR compares only the issuer name of \fB\s-1OCSP_CERTID\s0\fR \fBa\fR and \fBb\fR. +.PP +\&\fIOCSP_id_get0_info()\fR returns the issuer name hash, hash \s-1OID\s0, issuer key hash and +serial number contained in \fBcid\fR. If any of the values are not required the +corresponding parameter can be set to \fB\s-1NULL\s0\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOCSP_cert_to_id()\fR and \fIOCSP_cert_id_new()\fR return either a pointer to a valid +\&\fB\s-1OCSP_CERTID\s0\fR structure or \fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fIOCSP_id_cmp()\fR and \fIOCSP_id_issuer_cmp()\fR returns zero for a match and nonzero +otherwise. +.PP +\&\fIOCSP_CERTID_free()\fR does not return a value. +.PP +\&\fIOCSP_id_get0_info()\fR returns 1 for success and 0 for failure. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1OCSP\s0 clients will typically only use \fIOCSP_cert_to_id()\fR or \fIOCSP_cert_id_new()\fR: +the other functions are used by responder applications. +.PP +The values returned by \fIOCSP_id_get0_info()\fR are internal pointers and \fB\s-1MUST\s0 +\&\s-1NOT\s0\fR be freed up by an application: they will be freed when the corresponding +\&\fB\s-1OCSP_CERTID\s0\fR structure is freed. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIcrypto\fR\|(7), +\&\fIOCSP_request_add1_nonce\fR\|(3), +\&\fIOCSP_REQUEST_new\fR\|(3), +\&\fIOCSP_resp_find_status\fR\|(3), +\&\fIOCSP_response_status\fR\|(3), +\&\fIOCSP_sendreq_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/OCSP_request_add1_nonce.3 b/linux_amd64/share/man/man3/OCSP_request_add1_nonce.3 new file mode 100755 index 0000000..15a9966 --- /dev/null +++ b/linux_amd64/share/man/man3/OCSP_request_add1_nonce.3 @@ -0,0 +1,206 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OCSP_REQUEST_ADD1_NONCE 3" +.TH OCSP_REQUEST_ADD1_NONCE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OCSP_request_add1_nonce, OCSP_basic_add1_nonce, OCSP_check_nonce, OCSP_copy_nonce \- OCSP nonce functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len); +\& int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len); +\& int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req); +\& int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *resp); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIOCSP_request_add1_nonce()\fR adds a nonce of value \fBval\fR and length \fBlen\fR to +\&\s-1OCSP\s0 request \fBreq\fR. If \fBval\fR is \fB\s-1NULL\s0\fR a random nonce is used. If \fBlen\fR +is zero or negative a default length will be used (currently 16 bytes). +.PP +\&\fIOCSP_basic_add1_nonce()\fR is identical to \fIOCSP_request_add1_nonce()\fR except +it adds a nonce to \s-1OCSP\s0 basic response \fBresp\fR. +.PP +\&\fIOCSP_check_nonce()\fR compares the nonce value in \fBreq\fR and \fBresp\fR. +.PP +\&\fIOCSP_copy_nonce()\fR copies any nonce value present in \fBreq\fR to \fBresp\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOCSP_request_add1_nonce()\fR and \fIOCSP_basic_add1_nonce()\fR return 1 for success +and 0 for failure. +.PP +\&\fIOCSP_copy_nonce()\fR returns 1 if a nonce was successfully copied, 2 if no nonce +was present in \fBreq\fR and 0 if an error occurred. +.PP +\&\fIOCSP_check_nonce()\fR returns the result of the nonce comparison between \fBreq\fR +and \fBresp\fR. The return value indicates the result of the comparison. If +nonces are present and equal 1 is returned. If the nonces are absent 2 is +returned. If a nonce is present in the response only 3 is returned. If nonces +are present and unequal 0 is returned. If the nonce is present in the request +only then \-1 is returned. +.SH "NOTES" +.IX Header "NOTES" +For most purposes the nonce value in a request is set to a random value so +the \fBval\fR parameter in \fIOCSP_request_add1_nonce()\fR is usually \s-1NULL\s0. +.PP +An \s-1OCSP\s0 nonce is typically added to an \s-1OCSP\s0 request to thwart replay attacks +by checking the same nonce value appears in the response. +.PP +Some responders may include a nonce in all responses even if one is not +supplied. +.PP +Some responders cache \s-1OCSP\s0 responses and do not sign each response for +performance reasons. As a result they do not support nonces. +.PP +The return values of \fIOCSP_check_nonce()\fR can be checked to cover each case. A +positive return value effectively indicates success: nonces are both present +and match, both absent or present in the response only. A nonzero return +additionally covers the case where the nonce is present in the request only: +this will happen if the responder doesn't support nonces. A zero return value +indicates present and mismatched nonces: this should be treated as an error +condition. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIcrypto\fR\|(7), +\&\fIOCSP_cert_to_id\fR\|(3), +\&\fIOCSP_REQUEST_new\fR\|(3), +\&\fIOCSP_resp_find_status\fR\|(3), +\&\fIOCSP_response_status\fR\|(3), +\&\fIOCSP_sendreq_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/OCSP_resp_find_status.3 b/linux_amd64/share/man/man3/OCSP_resp_find_status.3 new file mode 100755 index 0000000..1867c87 --- /dev/null +++ b/linux_amd64/share/man/man3/OCSP_resp_find_status.3 @@ -0,0 +1,321 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OCSP_RESP_FIND_STATUS 3" +.TH OCSP_RESP_FIND_STATUS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OCSP_resp_get0_certs, +OCSP_resp_get0_signer, +OCSP_resp_get0_id, +OCSP_resp_get1_id, +OCSP_resp_get0_produced_at, +OCSP_resp_get0_signature, +OCSP_resp_get0_tbs_sigalg, +OCSP_resp_get0_respdata, +OCSP_resp_find_status, OCSP_resp_count, OCSP_resp_get0, OCSP_resp_find, +OCSP_single_get0_status, OCSP_check_validity, +OCSP_basic_verify +\&\- OCSP response utility functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status, +\& int *reason, +\& ASN1_GENERALIZEDTIME **revtime, +\& ASN1_GENERALIZEDTIME **thisupd, +\& ASN1_GENERALIZEDTIME **nextupd); +\& +\& int OCSP_resp_count(OCSP_BASICRESP *bs); +\& OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx); +\& int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last); +\& int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason, +\& ASN1_GENERALIZEDTIME **revtime, +\& ASN1_GENERALIZEDTIME **thisupd, +\& ASN1_GENERALIZEDTIME **nextupd); +\& +\& const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at( +\& const OCSP_BASICRESP* single); +\& +\& const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs); +\& const X509_ALGOR *OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *bs); +\& const OCSP_RESPDATA *OCSP_resp_get0_respdata(const OCSP_BASICRESP *bs); +\& const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs); +\& +\& int OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer, +\& STACK_OF(X509) *extra_certs); +\& +\& int OCSP_resp_get0_id(const OCSP_BASICRESP *bs, +\& const ASN1_OCTET_STRING **pid, +\& const X509_NAME **pname); +\& int OCSP_resp_get1_id(const OCSP_BASICRESP *bs, +\& ASN1_OCTET_STRING **pid, +\& X509_NAME **pname); +\& +\& int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, +\& ASN1_GENERALIZEDTIME *nextupd, +\& long sec, long maxsec); +\& +\& int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, +\& X509_STORE *st, unsigned long flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIOCSP_resp_find_status()\fR searches \fBbs\fR for an \s-1OCSP\s0 response for \fBid\fR. If it is +successful the fields of the response are returned in \fB*status\fR, \fB*reason\fR, +\&\fB*revtime\fR, \fB*thisupd\fR and \fB*nextupd\fR. The \fB*status\fR value will be one of +\&\fBV_OCSP_CERTSTATUS_GOOD\fR, \fBV_OCSP_CERTSTATUS_REVOKED\fR or +\&\fBV_OCSP_CERTSTATUS_UNKNOWN\fR. The \fB*reason\fR and \fB*revtime\fR fields are only +set if the status is \fBV_OCSP_CERTSTATUS_REVOKED\fR. If set the \fB*reason\fR field +will be set to the revocation reason which will be one of +\&\fB\s-1OCSP_REVOKED_STATUS_NOSTATUS\s0\fR, \fB\s-1OCSP_REVOKED_STATUS_UNSPECIFIED\s0\fR, +\&\fB\s-1OCSP_REVOKED_STATUS_KEYCOMPROMISE\s0\fR, \fB\s-1OCSP_REVOKED_STATUS_CACOMPROMISE\s0\fR, +\&\fB\s-1OCSP_REVOKED_STATUS_AFFILIATIONCHANGED\s0\fR, \fB\s-1OCSP_REVOKED_STATUS_SUPERSEDED\s0\fR, +\&\fB\s-1OCSP_REVOKED_STATUS_CESSATIONOFOPERATION\s0\fR, +\&\fB\s-1OCSP_REVOKED_STATUS_CERTIFICATEHOLD\s0\fR or \fB\s-1OCSP_REVOKED_STATUS_REMOVEFROMCRL\s0\fR. +.PP +\&\fIOCSP_resp_count()\fR returns the number of \fB\s-1OCSP_SINGLERESP\s0\fR structures in \fBbs\fR. +.PP +\&\fIOCSP_resp_get0()\fR returns the \fB\s-1OCSP_SINGLERESP\s0\fR structure in \fBbs\fR +corresponding to index \fBidx\fR. Where \fBidx\fR runs from 0 to +OCSP_resp_count(bs) \- 1. +.PP +\&\fIOCSP_resp_find()\fR searches \fBbs\fR for \fBid\fR and returns the index of the first +matching entry after \fBlast\fR or starting from the beginning if \fBlast\fR is \-1. +.PP +\&\fIOCSP_single_get0_status()\fR extracts the fields of \fBsingle\fR in \fB*reason\fR, +\&\fB*revtime\fR, \fB*thisupd\fR and \fB*nextupd\fR. +.PP +\&\fIOCSP_resp_get0_produced_at()\fR extracts the \fBproducedAt\fR field from the +single response \fBbs\fR. +.PP +\&\fIOCSP_resp_get0_signature()\fR returns the signature from \fBbs\fR. +.PP +\&\fIOCSP_resp_get0_tbs_sigalg()\fR returns the \fBsignatureAlgorithm\fR from \fBbs\fR. +.PP +\&\fIOCSP_resp_get0_respdata()\fR returns the \fBtbsResponseData\fR from \fBbs\fR. +.PP +\&\fIOCSP_resp_get0_certs()\fR returns any certificates included in \fBbs\fR. +.PP +\&\fIOCSP_resp_get0_signer()\fR attempts to retrieve the certificate that directly +signed \fBbs\fR. The \s-1OCSP\s0 protocol does not require that this certificate +is included in the \fBcerts\fR field of the response, so additional certificates +can be supplied in \fBextra_certs\fR if the certificates that may have +signed the response are known via some out-of-band mechanism. +.PP +\&\fIOCSP_resp_get0_id()\fR gets the responder id of \fBbs\fR. If the responder \s-1ID\s0 is +a name then <*pname> is set to the name and \fB*pid\fR is set to \s-1NULL\s0. If the +responder \s-1ID\s0 is by key \s-1ID\s0 then \fB*pid\fR is set to the key \s-1ID\s0 and \fB*pname\fR +is set to \s-1NULL\s0. \fIOCSP_resp_get1_id()\fR leaves ownership of \fB*pid\fR and \fB*pname\fR +with the caller, who is responsible for freeing them. Both functions return 1 +in case of success and 0 in case of failure. If \fIOCSP_resp_get1_id()\fR returns 0, +no freeing of the results is necessary. +.PP +\&\fIOCSP_check_validity()\fR checks the validity of \fBthisupd\fR and \fBnextupd\fR values +which will be typically obtained from \fIOCSP_resp_find_status()\fR or +\&\fIOCSP_single_get0_status()\fR. If \fBsec\fR is nonzero it indicates how many seconds +leeway should be allowed in the check. If \fBmaxsec\fR is positive it indicates +the maximum age of \fBthisupd\fR in seconds. +.PP +\&\fIOCSP_basic_verify()\fR checks that the basic response message \fBbs\fR is correctly +signed and that the signer certificate can be validated. It takes \fBst\fR as +the trusted store and \fBcerts\fR as a set of untrusted intermediate certificates. +The function first tries to find the signer certificate of the response +in . It also searches the certificates the responder may have included +in \fBbs\fR unless the \fBflags\fR contain \fB\s-1OCSP_NOINTERN\s0\fR. +It fails if the signer certificate cannot be found. +Next, the function checks the signature of \fBbs\fR and fails on error +unless the \fBflags\fR contain \fB\s-1OCSP_NOSIGS\s0\fR. Then the function already returns +success if the \fBflags\fR contain \fB\s-1OCSP_NOVERIFY\s0\fR or if the signer certificate +was found in \fBcerts\fR and the \fBflags\fR contain \fB\s-1OCSP_TRUSTOTHER\s0\fR. +Otherwise the function continues by validating the signer certificate. +To this end, all certificates in \fBcert\fR and in \fBbs\fR are considered as +untrusted certificates for the construction of the validation path for the +signer certificate unless the \fB\s-1OCSP_NOCHAIN\s0\fR flag is set. After successful path +validation the function returns success if the \fB\s-1OCSP_NOCHECKS\s0\fR flag is set. +Otherwise it verifies that the signer certificate meets the \s-1OCSP\s0 issuer +criteria including potential delegation. If this does not succeed and the +\&\fBflags\fR do not contain \fB\s-1OCSP_NOEXPLICIT\s0\fR the function checks for explicit +trust for \s-1OCSP\s0 signing in the root \s-1CA\s0 certificate. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOCSP_resp_find_status()\fR returns 1 if \fBid\fR is found in \fBbs\fR and 0 otherwise. +.PP +\&\fIOCSP_resp_count()\fR returns the total number of \fB\s-1OCSP_SINGLERESP\s0\fR fields in +\&\fBbs\fR. +.PP +\&\fIOCSP_resp_get0()\fR returns a pointer to an \fB\s-1OCSP_SINGLERESP\s0\fR structure or +\&\fB\s-1NULL\s0\fR if \fBidx\fR is out of range. +.PP +\&\fIOCSP_resp_find()\fR returns the index of \fBid\fR in \fBbs\fR (which may be 0) or \-1 if +\&\fBid\fR was not found. +.PP +\&\fIOCSP_single_get0_status()\fR returns the status of \fBsingle\fR or \-1 if an error +occurred. +.PP +\&\fIOCSP_resp_get0_signer()\fR returns 1 if the signing certificate was located, +or 0 on error. +.PP +\&\fIOCSP_basic_verify()\fR returns 1 on success, 0 on error, or \-1 on fatal error such +as malloc failure. +.SH "NOTES" +.IX Header "NOTES" +Applications will typically call \fIOCSP_resp_find_status()\fR using the certificate +\&\s-1ID\s0 of interest and then check its validity using \fIOCSP_check_validity()\fR. They +can then take appropriate action based on the status of the certificate. +.PP +An \s-1OCSP\s0 response for a certificate contains \fBthisUpdate\fR and \fBnextUpdate\fR +fields. Normally the current time should be between these two values. To +account for clock skew the \fBmaxsec\fR field can be set to nonzero in +\&\fIOCSP_check_validity()\fR. Some responders do not set the \fBnextUpdate\fR field, this +would otherwise mean an ancient response would be considered valid: the +\&\fBmaxsec\fR parameter to \fIOCSP_check_validity()\fR can be used to limit the permitted +age of responses. +.PP +The values written to \fB*revtime\fR, \fB*thisupd\fR and \fB*nextupd\fR by +\&\fIOCSP_resp_find_status()\fR and \fIOCSP_single_get0_status()\fR are internal pointers +which \fB\s-1MUST\s0 \s-1NOT\s0\fR be freed up by the calling application. Any or all of these +parameters can be set to \s-1NULL\s0 if their value is not required. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIcrypto\fR\|(7), +\&\fIOCSP_cert_to_id\fR\|(3), +\&\fIOCSP_request_add1_nonce\fR\|(3), +\&\fIOCSP_REQUEST_new\fR\|(3), +\&\fIOCSP_response_status\fR\|(3), +\&\fIOCSP_sendreq_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/OCSP_response_status.3 b/linux_amd64/share/man/man3/OCSP_response_status.3 new file mode 100755 index 0000000..a6e94ea --- /dev/null +++ b/linux_amd64/share/man/man3/OCSP_response_status.3 @@ -0,0 +1,238 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OCSP_RESPONSE_STATUS 3" +.TH OCSP_RESPONSE_STATUS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OCSP_response_status, OCSP_response_get1_basic, OCSP_response_create, +OCSP_RESPONSE_free, OCSP_RESPID_set_by_name, +OCSP_RESPID_set_by_key, OCSP_RESPID_match, +OCSP_basic_sign, OCSP_basic_sign_ctx \- OCSP response functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int OCSP_response_status(OCSP_RESPONSE *resp); +\& OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp); +\& OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs); +\& void OCSP_RESPONSE_free(OCSP_RESPONSE *resp); +\& +\& int OCSP_RESPID_set_by_name(OCSP_RESPID *respid, X509 *cert); +\& int OCSP_RESPID_set_by_key(OCSP_RESPID *respid, X509 *cert); +\& int OCSP_RESPID_match(OCSP_RESPID *respid, X509 *cert); +\& +\& int OCSP_basic_sign(OCSP_BASICRESP *brsp, X509 *signer, EVP_PKEY *key, +\& const EVP_MD *dgst, STACK_OF(X509) *certs, +\& unsigned long flags); +\& int OCSP_basic_sign_ctx(OCSP_BASICRESP *brsp, X509 *signer, EVP_MD_CTX *ctx, +\& STACK_OF(X509) *certs, unsigned long flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIOCSP_response_status()\fR returns the \s-1OCSP\s0 response status of \fBresp\fR. It returns +one of the values: \fB\s-1OCSP_RESPONSE_STATUS_SUCCESSFUL\s0\fR, +\&\fB\s-1OCSP_RESPONSE_STATUS_MALFORMEDREQUEST\s0\fR, +\&\fB\s-1OCSP_RESPONSE_STATUS_INTERNALERROR\s0\fR, \fB\s-1OCSP_RESPONSE_STATUS_TRYLATER\s0\fR +\&\fB\s-1OCSP_RESPONSE_STATUS_SIGREQUIRED\s0\fR, or \fB\s-1OCSP_RESPONSE_STATUS_UNAUTHORIZED\s0\fR. +.PP +\&\fIOCSP_response_get1_basic()\fR decodes and returns the \fB\s-1OCSP_BASICRESP\s0\fR structure +contained in \fBresp\fR. +.PP +\&\fIOCSP_response_create()\fR creates and returns an \fB\s-1OCSP_RESPONSE\s0\fR structure for +\&\fBstatus\fR and optionally including basic response \fBbs\fR. +.PP +\&\fIOCSP_RESPONSE_free()\fR frees up \s-1OCSP\s0 response \fBresp\fR. +.PP +\&\fIOCSP_RESPID_set_by_name()\fR sets the name of the \s-1OCSP_RESPID\s0 to be the same as the +subject name in the supplied X509 certificate \fBcert\fR for the \s-1OCSP\s0 responder. +.PP +\&\fIOCSP_RESPID_set_by_key()\fR sets the key of the \s-1OCSP_RESPID\s0 to be the same as the +key in the supplied X509 certificate \fBcert\fR for the \s-1OCSP\s0 responder. The key is +stored as a \s-1SHA1\s0 hash. +.PP +Note that an \s-1OCSP_RESPID\s0 can only have one of the name, or the key set. Calling +\&\fIOCSP_RESPID_set_by_name()\fR or \fIOCSP_RESPID_set_by_key()\fR will clear any existing +setting. +.PP +\&\fIOCSP_RESPID_match()\fR tests whether the \s-1OCSP_RESPID\s0 given in \fBrespid\fR matches +with the X509 certificate \fBcert\fR. +.PP +\&\fIOCSP_basic_sign()\fR signs \s-1OCSP\s0 response \fBbrsp\fR using certificate \fBsigner\fR, private key +\&\fBkey\fR, digest \fBdgst\fR and additional certificates \fBcerts\fR. If the \fBflags\fR option +\&\fB\s-1OCSP_NOCERTS\s0\fR is set then no certificates will be included in the response. If the +\&\fBflags\fR option \fB\s-1OCSP_RESPID_KEY\s0\fR is set then the responder is identified by key \s-1ID\s0 +rather than by name. \fIOCSP_basic_sign_ctx()\fR also signs \s-1OCSP\s0 response \fBbrsp\fR but +uses the parameters contained in digest context \fBctx\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOCSP_RESPONSE_status()\fR returns a status value. +.PP +\&\fIOCSP_response_get1_basic()\fR returns an \fB\s-1OCSP_BASICRESP\s0\fR structure pointer or +\&\fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fIOCSP_response_create()\fR returns an \fB\s-1OCSP_RESPONSE\s0\fR structure pointer or \fB\s-1NULL\s0\fR +if an error occurred. +.PP +\&\fIOCSP_RESPONSE_free()\fR does not return a value. +.PP +\&\fIOCSP_RESPID_set_by_name()\fR, \fIOCSP_RESPID_set_by_key()\fR, \fIOCSP_basic_sign()\fR, and +\&\fIOCSP_basic_sign_ctx()\fR return 1 on success or 0 +on failure. +.PP +\&\fIOCSP_RESPID_match()\fR returns 1 if the \s-1OCSP_RESPID\s0 and the X509 certificate match +or 0 otherwise. +.SH "NOTES" +.IX Header "NOTES" +\&\fIOCSP_response_get1_basic()\fR is only called if the status of a response is +\&\fB\s-1OCSP_RESPONSE_STATUS_SUCCESSFUL\s0\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIcrypto\fR\|(7) +\&\fIOCSP_cert_to_id\fR\|(3) +\&\fIOCSP_request_add1_nonce\fR\|(3) +\&\fIOCSP_REQUEST_new\fR\|(3) +\&\fIOCSP_resp_find_status\fR\|(3) +\&\fIOCSP_sendreq_new\fR\|(3) +\&\fIOCSP_RESPID_new\fR\|(3) +\&\fIOCSP_RESPID_free\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fIOCSP_RESPID_set_by_name()\fR, \fIOCSP_RESPID_set_by_key()\fR and \fIOCSP_RESPID_match()\fR +functions were added in OpenSSL 1.1.0a. +.PP +The \fIOCSP_basic_sign_ctx()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/OCSP_sendreq_new.3 b/linux_amd64/share/man/man3/OCSP_sendreq_new.3 new file mode 100755 index 0000000..d15da0a --- /dev/null +++ b/linux_amd64/share/man/man3/OCSP_sendreq_new.3 @@ -0,0 +1,239 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OCSP_SENDREQ_NEW 3" +.TH OCSP_SENDREQ_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OCSP_sendreq_new, OCSP_sendreq_nbio, OCSP_REQ_CTX_free, +OCSP_set_max_response_length, OCSP_REQ_CTX_add1_header, +OCSP_REQ_CTX_set1_req, OCSP_sendreq_bio \- OCSP responder query functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, +\& OCSP_REQUEST *req, int maxline); +\& +\& int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx); +\& +\& void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx); +\& +\& void OCSP_set_max_response_length(OCSP_REQ_CTX *rctx, +\& unsigned long len); +\& +\& int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx, +\& const char *name, const char *value); +\& +\& int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, const OCSP_REQUEST *req); +\& +\& OCSP_RESPONSE *OCSP_sendreq_bio(BIO *io, const char *path, OCSP_REQUEST *req); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fIOCSP_sendreq_new()\fR returns an \fB\s-1OCSP_CTX\s0\fR structure using the +responder \fBio\fR, the \s-1URL\s0 path \fBpath\fR, the \s-1OCSP\s0 request \fBreq\fR and with a +response header maximum line length of \fBmaxline\fR. If \fBmaxline\fR is zero a +default value of 4k is used. The \s-1OCSP\s0 request \fBreq\fR may be set to \fB\s-1NULL\s0\fR +and provided later if required. +.PP +\&\fIOCSP_sendreq_nbio()\fR performs I/O on the \s-1OCSP\s0 request context \fBrctx\fR. +When the operation is complete it returns the response in \fB*presp\fR. +.PP +\&\fIOCSP_REQ_CTX_free()\fR frees up the \s-1OCSP\s0 context \fBrctx\fR. +.PP +\&\fIOCSP_set_max_response_length()\fR sets the maximum response length +for \fBrctx\fR to \fBlen\fR. If the response exceeds this length an error occurs. +If not set a default value of 100k is used. +.PP +\&\fIOCSP_REQ_CTX_add1_header()\fR adds header \fBname\fR with value \fBvalue\fR to the +context \fBrctx\fR. It can be called more than once to add multiple headers. +It \fB\s-1MUST\s0\fR be called before any calls to \fIOCSP_sendreq_nbio()\fR. The \fBreq\fR +parameter in the initial to \fIOCSP_sendreq_new()\fR call \s-1MUST\s0 be set to \fB\s-1NULL\s0\fR if +additional headers are set. +.PP +\&\fIOCSP_REQ_CTX_set1_req()\fR sets the \s-1OCSP\s0 request in \fBrctx\fR to \fBreq\fR. This +function should be called after any calls to \fIOCSP_REQ_CTX_add1_header()\fR. +.PP +\&\fIOCSP_sendreq_bio()\fR performs an \s-1OCSP\s0 request using the responder \fBio\fR, the \s-1URL\s0 +path \fBpath\fR, the \s-1OCSP\s0 request \fBreq\fR and with a response header maximum line +length 4k. It waits indefinitely on a response. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOCSP_sendreq_new()\fR returns a valid \fB\s-1OCSP_REQ_CTX\s0\fR structure or \fB\s-1NULL\s0\fR +if an error occurred. +.PP +\&\fIOCSP_sendreq_nbio()\fR, \fIOCSP_REQ_CTX_add1_header()\fR and \fIOCSP_REQ_CTX_set1_req()\fR +return \fB1\fR for success and \fB0\fR for failure. +.PP +\&\fIOCSP_sendreq_bio()\fR returns the \fB\s-1OCSP_RESPONSE\s0\fR structure sent by the +responder or \fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fIOCSP_REQ_CTX_free()\fR and \fIOCSP_set_max_response_length()\fR +do not return values. +.SH "NOTES" +.IX Header "NOTES" +These functions only perform a minimal \s-1HTTP\s0 query to a responder. If an +application wishes to support more advanced features it should use an +alternative more complete \s-1HTTP\s0 library. +.PP +Currently only \s-1HTTP\s0 \s-1POST\s0 queries to responders are supported. +.PP +The arguments to \fIOCSP_sendreq_new()\fR correspond to the components of the \s-1URL\s0. +For example if the responder \s-1URL\s0 is \fBhttp://ocsp.com/ocspreq\fR the \s-1BIO\s0 +\&\fBio\fR should be connected to host \fBocsp.com\fR on port 80 and \fBpath\fR +should be set to \fB\*(L"/ocspreq\*(R"\fR +.PP +The headers added with \fIOCSP_REQ_CTX_add1_header()\fR are of the form +"\fBname\fR: \fBvalue\fR\*(L" or just \*(R"\fBname\fR" if \fBvalue\fR is \fB\s-1NULL\s0\fR. So to add +a Host header for \fBocsp.com\fR you would call: +.PP +.Vb 1 +\& OCSP_REQ_CTX_add1_header(ctx, "Host", "ocsp.com"); +.Ve +.PP +\&\fIOCSP_sendreq_bio()\fR does not support timeout nor setting extra headers. +It is retained for compatibility. +Better use \fB\f(BIOCSP_sendreq_nbio()\fB\fR instead. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIcrypto\fR\|(7), +\&\fIOCSP_cert_to_id\fR\|(3), +\&\fIOCSP_request_add1_nonce\fR\|(3), +\&\fIOCSP_REQUEST_new\fR\|(3), +\&\fIOCSP_resp_find_status\fR\|(3), +\&\fIOCSP_response_status\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/OPENSSL_Applink.3 b/linux_amd64/share/man/man3/OPENSSL_Applink.3 new file mode 100755 index 0000000..8c65c7a --- /dev/null +++ b/linux_amd64/share/man/man3/OPENSSL_Applink.3 @@ -0,0 +1,159 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_APPLINK 3" +.TH OPENSSL_APPLINK 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_Applink \- glue between OpenSSL BIO and Win32 compiler run\-time +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& _\|_declspec(dllexport) void **OPENSSL_Applink(); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +OPENSSL_Applink is application-side interface which provides a glue +between OpenSSL \s-1BIO\s0 layer and Win32 compiler run-time environment. +Even though it appears at application side, it's essentially OpenSSL +private interface. For this reason application developers are not +expected to implement it, but to compile provided module with +compiler of their choice and link it into the target application. +The referred module is available as \fIapplink.c\fR, located alongside +the public header files (only on the platforms where applicable). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Not available. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2004\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/OPENSSL_CTX.3 b/linux_amd64/share/man/man3/OPENSSL_CTX.3 new file mode 100755 index 0000000..63e7d65 --- /dev/null +++ b/linux_amd64/share/man/man3/OPENSSL_CTX.3 @@ -0,0 +1,175 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_CTX 3" +.TH OPENSSL_CTX 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_CTX, OPENSSL_CTX_new, OPENSSL_CTX_free \- OpenSSL library context +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct openssl_ctx_st OPENSSL_CTX; +\& +\& OPENSSL_CTX *OPENSSL_CTX_new(void); +\& void OPENSSL_CTX_free(OPENSSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\f(CW\*(C`OPENSSL_CTX\*(C'\fR is an internal OpenSSL library context type. +Applications may allocate their own, but may also use \f(CW\*(C`NULL\*(C'\fR to use +the internal default context with functions that take a \f(CW\*(C`OPENSSL_CTX\*(C'\fR +argument. +.PP +\&\fIOPENSSL_CTX_new()\fR creates a new OpenSSL library context. +When a non default library context is in use care should be taken with +multi-threaded applications to properly clean up thread local resources before +the \s-1OPENSSL_CTX\s0 is freed. +See \fIOPENSSL_thread_stop_ex\fR\|(3) for more information. +.PP +\&\fIOPENSSL_CTX_free()\fR frees the given \f(CW\*(C`ctx\*(C'\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOPENSSL_CTX_new()\fR return a library context pointer on success, or +\&\f(CW\*(C`NULL\*(C'\fR on error. +.PP +\&\fIOPENSSL_CTX_free()\fR doesn't return any value. +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1OPENSSL_CTX\s0, \fIOPENSSL_CTX_new()\fR and \fIOPENSSL_CTX_free()\fR +were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/OPENSSL_FILE.3 b/linux_amd64/share/man/man3/OPENSSL_FILE.3 new file mode 100755 index 0000000..fbb6196 --- /dev/null +++ b/linux_amd64/share/man/man3/OPENSSL_FILE.3 @@ -0,0 +1,178 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_FILE 3" +.TH OPENSSL_FILE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_FILE, OPENSSL_LINE, OPENSSL_FUNC, +OPENSSL_MSTR, OPENSSL_MSTR_HELPER +\&\- generic C programming utility macros +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& #define OPENSSL_FILE /* typically: _\|_FILE_\|_ */ +\& #define OPENSSL_LINE /* typically: _\|_LINE_\|_ */ +\& #define OPENSSL_FUNC /* typically: _\|_func_\|_ */ +\& +\& #define OPENSSL_MSTR_HELPER(x) #x +\& #define OPENSSL_MSTR(x) OPENSSL_MSTR_HELPER(x) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The macros \fB\s-1OPENSSL_FILE\s0\fR and \fB\s-1OPENSSL_LINE\s0\fR +typically yield the current filename and line number during C compilation. +When \fB\s-1OPENSSL_NO_FILENAMES\s0\fR is defined they yield \fB""\fR and \fB0\fR, respectively. +.PP +The macro \fB\s-1OPENSSL_FUNC\s0\fR attempts to yield the name of the C function +currently being compiled, as far as language and compiler versions allow. +Otherwise, it yields \*(L"(unknown function)\*(R". +.PP +The macro \fB\s-1OPENSSL_MSTR\s0\fR yields the expansion of the macro given as argument, +which is useful for concatenation with string constants. +The macro \fB\s-1OPENSSL_MSTR_HELPER\s0\fR is an auxiliary macro for this purpose. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +see above +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIcrypto\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fB\s-1OPENSSL_FUNC\s0\fR, \fB\s-1OPENSSL_MSTR\s0\fR, and \fB\s-1OPENSSL_MSTR_HELPER\s0\fR +were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/OPENSSL_LH_COMPFUNC.3 b/linux_amd64/share/man/man3/OPENSSL_LH_COMPFUNC.3 new file mode 100755 index 0000000..09889c1 --- /dev/null +++ b/linux_amd64/share/man/man3/OPENSSL_LH_COMPFUNC.3 @@ -0,0 +1,373 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_LH_COMPFUNC 3" +.TH OPENSSL_LH_COMPFUNC 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +LHASH, DECLARE_LHASH_OF, +OPENSSL_LH_COMPFUNC, OPENSSL_LH_HASHFUNC, OPENSSL_LH_DOALL_FUNC, +LHASH_DOALL_ARG_FN_TYPE, +IMPLEMENT_LHASH_HASH_FN, IMPLEMENT_LHASH_COMP_FN, +lh_TYPE_new, lh_TYPE_free, lh_TYPE_flush, +lh_TYPE_insert, lh_TYPE_delete, lh_TYPE_retrieve, +lh_TYPE_doall, lh_TYPE_doall_arg, lh_TYPE_error \- dynamic hash table +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& DECLARE_LHASH_OF(TYPE); +\& +\& LHASH *lh_TYPE_new(OPENSSL_LH_HASHFUNC hash, OPENSSL_LH_COMPFUNC compare); +\& void lh_TYPE_free(LHASH_OF(TYPE) *table); +\& void lh_TYPE_flush(LHASH_OF(TYPE) *table); +\& +\& TYPE *lh_TYPE_insert(LHASH_OF(TYPE) *table, TYPE *data); +\& TYPE *lh_TYPE_delete(LHASH_OF(TYPE) *table, TYPE *data); +\& TYPE *lh_retrieve(LHASH_OF(TYPE) *table, TYPE *data); +\& +\& void lh_TYPE_doall(LHASH_OF(TYPE) *table, OPENSSL_LH_DOALL_FUNC func); +\& void lh_TYPE_doall_arg(LHASH_OF(TYPE) *table, OPENSSL_LH_DOALL_FUNCARG func, +\& TYPE *arg); +\& +\& int lh_TYPE_error(LHASH_OF(TYPE) *table); +\& +\& typedef int (*OPENSSL_LH_COMPFUNC)(const void *, const void *); +\& typedef unsigned long (*OPENSSL_LH_HASHFUNC)(const void *); +\& typedef void (*OPENSSL_LH_DOALL_FUNC)(const void *); +\& typedef void (*LHASH_DOALL_ARG_FN_TYPE)(const void *, const void *); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This library implements type-checked dynamic hash tables. The hash +table entries can be arbitrary structures. Usually they consist of key +and value fields. In the description here, \fB\f(BI\s-1TYPE\s0\fB\fR is used a placeholder +for any of the OpenSSL datatypes, such as \fI\s-1SSL_SESSION\s0\fR. +.PP +\&\fBlh_\f(BI\s-1TYPE\s0\fB_new\fR() creates a new \fB\s-1LHASH_OF\s0\fR(\fB\f(BI\s-1TYPE\s0\fB\fR) structure to store +arbitrary data entries, and specifies the 'hash' and 'compare' +callbacks to be used in organising the table's entries. The \fIhash\fR +callback takes a pointer to a table entry as its argument and returns +an unsigned long hash value for its key field. The hash value is +normally truncated to a power of 2, so make sure that your hash +function returns well mixed low order bits. The \fIcompare\fR callback +takes two arguments (pointers to two hash table entries), and returns +0 if their keys are equal, nonzero otherwise. +.PP +If your hash table +will contain items of some particular type and the \fIhash\fR and +\&\fIcompare\fR callbacks hash/compare these types, then the +\&\fB\s-1IMPLEMENT_LHASH_HASH_FN\s0\fR and \fB\s-1IMPLEMENT_LHASH_COMP_FN\s0\fR macros can be +used to create callback wrappers of the prototypes required by +\&\fBlh_\f(BI\s-1TYPE\s0\fB_new\fR() as shown in this example: +.PP +.Vb 11 +\& /* +\& * Implement the hash and compare functions; "stuff" can be any word. +\& */ +\& static unsigned long stuff_hash(const TYPE *a) +\& { +\& ... +\& } +\& static int stuff_cmp(const TYPE *a, const TYPE *b) +\& { +\& ... +\& } +\& +\& /* +\& * Implement the wrapper functions. +\& */ +\& static IMPLEMENT_LHASH_HASH_FN(stuff, TYPE) +\& static IMPLEMENT_LHASH_COMP_FN(stuff, TYPE) +.Ve +.PP +If the type is going to be used in several places, the following macros +can be used in a common header file to declare the function wrappers: +.PP +.Vb 2 +\& DECLARE_LHASH_HASH_FN(stuff, TYPE) +\& DECLARE_LHASH_COMP_FN(stuff, TYPE) +.Ve +.PP +Then a hash table of \fB\f(BI\s-1TYPE\s0\fB\fR objects can be created using this: +.PP +.Vb 1 +\& LHASH_OF(TYPE) *htable; +\& +\& htable = B_new>(LHASH_HASH_FN(stuff), LHASH_COMP_FN(stuff)); +.Ve +.PP +\&\fBlh_\f(BI\s-1TYPE\s0\fB_free\fR() frees the \fB\s-1LHASH_OF\s0\fR(\fB\f(BI\s-1TYPE\s0\fB\fR) structure +\&\fItable\fR. Allocated hash table entries will not be freed; consider +using \fBlh_\f(BI\s-1TYPE\s0\fB_doall\fR() to deallocate any remaining entries in the +hash table (see below). +.PP +\&\fBlh_\f(BI\s-1TYPE\s0\fB_flush\fR() empties the \fB\s-1LHASH_OF\s0\fR(\fB\f(BI\s-1TYPE\s0\fB\fR) structure \fItable\fR. New +entries can be added to the flushed table. Allocated hash table entries +will not be freed; consider using \fBlh_\f(BI\s-1TYPE\s0\fB_doall\fR() to deallocate any +remaining entries in the hash table (see below). +.PP +\&\fBlh_\f(BI\s-1TYPE\s0\fB_insert\fR() inserts the structure pointed to by \fIdata\fR into +\&\fItable\fR. If there already is an entry with the same key, the old +value is replaced. Note that \fBlh_\f(BI\s-1TYPE\s0\fB_insert\fR() stores pointers, the +data are not copied. +.PP +\&\fBlh_\f(BI\s-1TYPE\s0\fB_delete\fR() deletes an entry from \fItable\fR. +.PP +\&\fBlh_\f(BI\s-1TYPE\s0\fB_retrieve\fR() looks up an entry in \fItable\fR. Normally, \fIdata\fR +is a structure with the key field(s) set; the function will return a +pointer to a fully populated structure. +.PP +\&\fBlh_\f(BI\s-1TYPE\s0\fB_doall\fR() will, for every entry in the hash table, call +\&\fIfunc\fR with the data item as its parameter. +For example: +.PP +.Vb 2 +\& /* Cleans up resources belonging to \*(Aqa\*(Aq (this is implemented elsewhere) */ +\& void TYPE_cleanup_doall(TYPE *a); +\& +\& /* Implement a prototype\-compatible wrapper for "TYPE_cleanup" */ +\& IMPLEMENT_LHASH_DOALL_FN(TYPE_cleanup, TYPE) +\& +\& /* Call "TYPE_cleanup" against all items in a hash table. */ +\& lh_TYPE_doall(hashtable, LHASH_DOALL_FN(TYPE_cleanup)); +\& +\& /* Then the hash table itself can be deallocated */ +\& lh_TYPE_free(hashtable); +.Ve +.PP +When doing this, be careful if you delete entries from the hash table +in your callbacks: the table may decrease in size, moving the item +that you are currently on down lower in the hash table \- this could +cause some entries to be skipped during the iteration. The second +best solution to this problem is to set hash\->down_load=0 before +you start (which will stop the hash table ever decreasing in size). +The best solution is probably to avoid deleting items from the hash +table inside a \*(L"doall\*(R" callback! +.PP +\&\fBlh_\f(BI\s-1TYPE\s0\fB_doall_arg\fR() is the same as \fBlh_\f(BI\s-1TYPE\s0\fB_doall\fR() except that +\&\fIfunc\fR will be called with \fIarg\fR as the second argument and \fIfunc\fR +should be of type \fB\s-1LHASH_DOALL_ARG_FN\s0\fR(\fB\f(BI\s-1TYPE\s0\fB\fR) (a callback prototype +that is passed both the table entry and an extra argument). As with +\&\fIlh_doall()\fR, you can instead choose to declare your callback with a +prototype matching the types you are dealing with and use the +declare/implement macros to create compatible wrappers that cast +variables before calling your type-specific callbacks. An example of +this is demonstrated here (printing all hash table entries to a \s-1BIO\s0 +that is provided by the caller): +.PP +.Vb 2 +\& /* Prints item \*(Aqa\*(Aq to \*(Aqoutput_bio\*(Aq (this is implemented elsewhere) */ +\& void TYPE_print_doall_arg(const TYPE *a, BIO *output_bio); +\& +\& /* Implement a prototype\-compatible wrapper for "TYPE_print" */ +\& static IMPLEMENT_LHASH_DOALL_ARG_FN(TYPE, const TYPE, BIO) +\& +\& /* Print out the entire hashtable to a particular BIO */ +\& lh_TYPE_doall_arg(hashtable, LHASH_DOALL_ARG_FN(TYPE_print), BIO, +\& logging_bio); +.Ve +.PP +\&\fBlh_\f(BI\s-1TYPE\s0\fB_error\fR() can be used to determine if an error occurred in the last +operation. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBlh_\f(BI\s-1TYPE\s0\fB_new\fR() returns \s-1NULL\s0 on error, otherwise a pointer to the new +\&\fB\s-1LHASH\s0\fR structure. +.PP +When a hash table entry is replaced, \fBlh_\f(BI\s-1TYPE\s0\fB_insert\fR() returns the value +being replaced. \s-1NULL\s0 is returned on normal operation and on error. +.PP +\&\fBlh_\f(BI\s-1TYPE\s0\fB_delete\fR() returns the entry being deleted. \s-1NULL\s0 is returned if +there is no such value in the hash table. +.PP +\&\fBlh_\f(BI\s-1TYPE\s0\fB_retrieve\fR() returns the hash table entry if it has been found, +\&\s-1NULL\s0 otherwise. +.PP +\&\fBlh_\f(BI\s-1TYPE\s0\fB_error\fR() returns 1 if an error occurred in the last operation, 0 +otherwise. It's meaningful only after non-retrieve operations. +.PP +\&\fBlh_\f(BI\s-1TYPE\s0\fB_free\fR(), \fBlh_\f(BI\s-1TYPE\s0\fB_flush\fR(), \fBlh_\f(BI\s-1TYPE\s0\fB_doall\fR() and +\&\fBlh_\f(BI\s-1TYPE\s0\fB_doall_arg\fR() return no values. +.SH "NOTE" +.IX Header "NOTE" +The \s-1LHASH\s0 code is not thread safe. All updating operations, as well as +\&\fBlh_\f(BI\s-1TYPE\s0\fB_error\fR() call must be performed under a write lock. All retrieve +operations should be performed under a read lock, \fIunless\fR accurate +usage statistics are desired. In which case, a write lock should be used +for retrieve operations as well. For output of the usage statistics, +using the functions from \fIOPENSSL_LH_stats\fR\|(3), a read lock suffices. +.PP +The \s-1LHASH\s0 code regards table entries as constant data. As such, it +internally represents \fIlh_insert()\fR'd items with a \*(L"const void *\*(R" +pointer type. This is why callbacks such as those used by \fIlh_doall()\fR +and \fIlh_doall_arg()\fR declare their prototypes with \*(L"const\*(R", even for the +parameters that pass back the table items' data pointers \- for +consistency, user-provided data is \*(L"const\*(R" at all times as far as the +\&\s-1LHASH\s0 code is concerned. However, as callers are themselves providing +these pointers, they can choose whether they too should be treating +all such parameters as constant. +.PP +As an example, a hash table may be maintained by code that, for +reasons of encapsulation, has only \*(L"const\*(R" access to the data being +indexed in the hash table (ie. it is returned as \*(L"const\*(R" from +elsewhere in their code) \- in this case the \s-1LHASH\s0 prototypes are +appropriate as-is. Conversely, if the caller is responsible for the +life-time of the data in question, then they may well wish to make +modifications to table item passed back in the \fIlh_doall()\fR or +\&\fIlh_doall_arg()\fR callbacks (see the \*(L"TYPE_cleanup\*(R" example above). If +so, the caller can either cast the \*(L"const\*(R" away (if they're providing +the raw callbacks themselves) or use the macros to declare/implement +the wrapper functions without \*(L"const\*(R" types. +.PP +Callers that only have \*(L"const\*(R" access to data they're indexing in a +table, yet declare callbacks without constant types (or cast the +\&\*(L"const\*(R" away themselves), are therefore creating their own risks/bugs +without being encouraged to do so by the \s-1API\s0. On a related note, +those auditing code should pay special attention to any instances of +DECLARE/IMPLEMENT_LHASH_DOALL_[\s-1ARG_\s0]_FN macros that provide types +without any \*(L"const\*(R" qualifiers. +.SH "BUGS" +.IX Header "BUGS" +\&\fBlh_\f(BI\s-1TYPE\s0\fB_insert\fR() returns \s-1NULL\s0 both for success and error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIOPENSSL_LH_stats\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +In OpenSSL 1.0.0, the lhash interface was revamped for better +type checking. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/OPENSSL_LH_stats.3 b/linux_amd64/share/man/man3/OPENSSL_LH_stats.3 new file mode 100755 index 0000000..5b49859 --- /dev/null +++ b/linux_amd64/share/man/man3/OPENSSL_LH_stats.3 @@ -0,0 +1,190 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_LH_STATS 3" +.TH OPENSSL_LH_STATS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_LH_stats, OPENSSL_LH_node_stats, OPENSSL_LH_node_usage_stats, +OPENSSL_LH_stats_bio, +OPENSSL_LH_node_stats_bio, OPENSSL_LH_node_usage_stats_bio \- LHASH statistics +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void OPENSSL_LH_stats(LHASH *table, FILE *out); +\& void OPENSSL_LH_node_stats(LHASH *table, FILE *out); +\& void OPENSSL_LH_node_usage_stats(LHASH *table, FILE *out); +\& +\& void OPENSSL_LH_stats_bio(LHASH *table, BIO *out); +\& void OPENSSL_LH_node_stats_bio(LHASH *table, BIO *out); +\& void OPENSSL_LH_node_usage_stats_bio(LHASH *table, BIO *out); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1LHASH\s0\fR structure records statistics about most aspects of +accessing the hash table. +.PP +\&\fIOPENSSL_LH_stats()\fR prints out statistics on the size of the hash table, how +many entries are in it, and the number and result of calls to the +routines in this library. +.PP +\&\fIOPENSSL_LH_node_stats()\fR prints the number of entries for each 'bucket' in the +hash table. +.PP +\&\fIOPENSSL_LH_node_usage_stats()\fR prints out a short summary of the state of the +hash table. It prints the 'load' and the 'actual load'. The load is +the average number of data items per 'bucket' in the hash table. The +\&'actual load' is the average number of items per 'bucket', but only +for buckets which contain entries. So the 'actual load' is the +average number of searches that will need to find an item in the hash +table, while the 'load' is the average number that will be done to +record a miss. +.PP +\&\fIOPENSSL_LH_stats_bio()\fR, \fIOPENSSL_LH_node_stats_bio()\fR and \fIOPENSSL_LH_node_usage_stats_bio()\fR +are the same as the above, except that the output goes to a \fB\s-1BIO\s0\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions do not return values. +.SH "NOTE" +.IX Header "NOTE" +These calls should be made under a read lock. Refer to +\&\*(L"\s-1NOTE\s0\*(R" in \s-1\fIOPENSSL_LH_COMPFUNC\s0\fR\|(3) for more details about the locks required +when using the \s-1LHASH\s0 data structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIbio\fR\|(7), \s-1\fIOPENSSL_LH_COMPFUNC\s0\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/OPENSSL_config.3 b/linux_amd64/share/man/man3/OPENSSL_config.3 new file mode 100755 index 0000000..658bb2a --- /dev/null +++ b/linux_amd64/share/man/man3/OPENSSL_config.3 @@ -0,0 +1,205 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_CONFIG 3" +.TH OPENSSL_CONFIG 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_config, OPENSSL_no_config \- simple OpenSSL configuration functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.PP +Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 2 +\& void OPENSSL_config(const char *appname); +\& void OPENSSL_no_config(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIOPENSSL_config()\fR configures OpenSSL using the standard \fBopenssl.cnf\fR and +reads from the application section \fBappname\fR. If \fBappname\fR is \s-1NULL\s0 then +the default section, \fBopenssl_conf\fR, will be used. +Errors are silently ignored. +Multiple calls have no effect. +.PP +\&\fIOPENSSL_no_config()\fR disables configuration. If called before \fIOPENSSL_config()\fR +no configuration takes place. +.PP +If the application is built with \fB\s-1OPENSSL_LOAD_CONF\s0\fR defined, then a +call to \fIOpenSSL_add_all_algorithms()\fR will implicitly call \fIOPENSSL_config()\fR +first. +.SH "NOTES" +.IX Header "NOTES" +The \fIOPENSSL_config()\fR function is designed to be a very simple \*(L"call it and +forget it\*(R" function. +It is however \fBmuch\fR better than nothing. Applications which need finer +control over their configuration functionality should use the configuration +functions such as \fICONF_modules_load()\fR directly. This function is deprecated +and its use should be avoided. +Applications should instead call \fICONF_modules_load()\fR during +initialization (that is before starting any threads). +.PP +There are several reasons why calling the OpenSSL configuration routines is +advisable. For example, to load dynamic ENGINEs from shared libraries (DSOs). +However very few applications currently support the control interface and so +very few can load and use dynamic ENGINEs. Equally in future more sophisticated +ENGINEs will require certain control operations to customize them. If an +application calls \fIOPENSSL_config()\fR it doesn't need to know or care about +\&\s-1ENGINE\s0 control operations because they can be performed by editing a +configuration file. +.SH "ENVIRONMENT" +.IX Header "ENVIRONMENT" +.IP "\fB\s-1OPENSSL_CONF\s0\fR" 4 +.IX Item "OPENSSL_CONF" +The path to the config file. +Ignored in set-user-ID and set-group-ID programs. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Neither \fIOPENSSL_config()\fR nor \fIOPENSSL_no_config()\fR return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIconfig\fR\|(5), +\&\fICONF_modules_load_file\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fIOPENSSL_no_config()\fR and \fIOPENSSL_config()\fR functions were +deprecated in OpenSSL 1.1.0 by \fIOPENSSL_init_crypto()\fR. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2004\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/OPENSSL_fork_prepare.3 b/linux_amd64/share/man/man3/OPENSSL_fork_prepare.3 new file mode 100755 index 0000000..8c9df30 --- /dev/null +++ b/linux_amd64/share/man/man3/OPENSSL_fork_prepare.3 @@ -0,0 +1,185 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_FORK_PREPARE 3" +.TH OPENSSL_FORK_PREPARE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_fork_prepare, +OPENSSL_fork_parent, +OPENSSL_fork_child +\&\- OpenSSL fork handlers +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void OPENSSL_fork_prepare(void); +\& void OPENSSL_fork_parent(void); +\& void OPENSSL_fork_child(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +OpenSSL has state that should be reset when a process forks. For example, +the entropy pool used to generate random numbers (and therefore encryption +keys) should not be shared across multiple programs. +The \fIOPENSSL_fork_prepare()\fR, \fIOPENSSL_fork_parent()\fR, and \fIOPENSSL_fork_child()\fR +functions are used to reset this internal state. +.PP +Platforms without \fIfork\fR\|(2) will probably not need to use these functions. +Platforms with \fIfork\fR\|(2) but without \fIpthread_atfork\fR\|(3) will probably need +to call them manually, as described in the following paragraph. Platforms +such as Linux that have both functions will normally not need to call these +functions as the OpenSSL library will do so automatically. +.PP +\&\fIOPENSSL_init_crypto\fR\|(3) will register these functions with the appropriate +handler, when the \fB\s-1OPENSSL_INIT_ATFORK\s0\fR flag is used. For other +applications, these functions can be called directly. They should be used +according to the calling sequence described by the \fIpthread_atfork\fR\|(3) +documentation, which is summarized here. \fIOPENSSL_fork_prepare()\fR should +be called before a \fIfork()\fR is done. After the \fIfork()\fR returns, the parent +process should call \fIOPENSSL_fork_parent()\fR and the child process should +call \fIOPENSSL_fork_child()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOPENSSL_fork_prepare()\fR, \fIOPENSSL_fork_parent()\fR and \fIOPENSSL_fork_child()\fR do not +return values. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIOPENSSL_init_crypto\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/OPENSSL_hexchar2int.3 b/linux_amd64/share/man/man3/OPENSSL_hexchar2int.3 new file mode 100755 index 0000000..5805de2 --- /dev/null +++ b/linux_amd64/share/man/man3/OPENSSL_hexchar2int.3 @@ -0,0 +1,198 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_HEXCHAR2INT 3" +.TH OPENSSL_HEXCHAR2INT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_hexchar2int, +OPENSSL_hexstr2buf_ex, OPENSSL_hexstr2buf, +OPENSSL_buf2hexstr_ex, OPENSSL_buf2hexstr +\&\- Hex encoding and decoding functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int OPENSSL_hexchar2int(unsigned char c); +\& int OPENSSL_hexstr2buf_ex(unsigned char *buf, size_t buf_n, long *buflen, +\& const char *str); +\& unsigned char *OPENSSL_hexstr2buf(const char *str, long *len); +\& int OPENSSL_buf2hexstr_ex(char *str, size_t str_n, size_t *strlen, +\& const unsigned char *buf, long buflen); +\& char *OPENSSL_buf2hexstr(const unsigned char *buf, long buflen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIOPENSSL_hexchar2int()\fR converts a hexadecimal character to its numeric +equivalent. +.PP +\&\fIOPENSSL_hexstr2buf_ex()\fR decodes the hex string \fBstr\fR and places the +resulting string of bytes in the given \fIbuf\fR. +\&\fIbuf_n\fR gives the size of the buffer. +If \fIbuflen\fR is not \s-1NULL\s0, it is filled in with the result length. +To find out how large the result will be, call this function with \s-1NULL\s0 +for \fIbuf\fR. +Colons between two-character hex \*(L"bytes\*(R" are accepted and ignored. +An odd number of hex digits is an error. +.PP +\&\fIOPENSSL_hexstr2buf()\fR does the same thing as \fIOPENSSL_hexstr2buf_ex()\fR, +but allocates the space for the result, and returns the result. +The memory is allocated by calling \fIOPENSSL_malloc()\fR and should be +released by calling \fIOPENSSL_free()\fR. +.PP +\&\fIOPENSSL_buf2hexstr_ex()\fR encodes the contents of the given \fIbuf\fR with +length \fIbuflen\fR and places the resulting hexadecimal character string +in the given \fIstr\fR. +\&\fIstr_n\fR gives the size of the of the string buffer. +If \fIstrlen\fR is not \s-1NULL\s0, it is filled in with the result length. +To find out how large the result will be, call this function with \s-1NULL\s0 +for \fIstr\fR. +.PP +\&\fIOPENSSL_buf2hexstr()\fR does the same thing as \fIOPENSSL_buf2hexstr_ex()\fR, +but allocates the space for the result, and returns the result. +The memory is allocated by calling \fIOPENSSL_malloc()\fR and should be +released by calling \fIOPENSSL_free()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +OPENSSL_hexchar2int returns the value of a decoded hex character, +or \-1 on error. +.PP +\&\fIOPENSSL_buf2hexstr()\fR and \fIOPENSSL_hexstr2buf()\fR +return a pointer to allocated memory, or \s-1NULL\s0 on error. +.PP +\&\fIOPENSSL_buf2hexstr_ex()\fR and \fIOPENSSL_hexstr2buf_ex()\fR return 1 on +success, or 0 on error. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/OPENSSL_ia32cap.3 b/linux_amd64/share/man/man3/OPENSSL_ia32cap.3 new file mode 100755 index 0000000..fdd69e7 --- /dev/null +++ b/linux_amd64/share/man/man3/OPENSSL_ia32cap.3 @@ -0,0 +1,286 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_IA32CAP 3" +.TH OPENSSL_IA32CAP 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_ia32cap \- the x86[_64] processor capabilities vector +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& env OPENSSL_ia32cap=... +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +OpenSSL supports a range of x86[_64] instruction set extensions. These +extensions are denoted by individual bits in capability vector returned +by processor in \s-1EDX:ECX\s0 register pair after executing \s-1CPUID\s0 instruction +with EAX=1 input value (see Intel Application Note #241618). This vector +is copied to memory upon toolkit initialization and used to choose +between different code paths to provide optimal performance across wide +range of processors. For the moment of this writing following bits are +significant: +.IP "bit #4 denoting presence of Time-Stamp Counter." 4 +.IX Item "bit #4 denoting presence of Time-Stamp Counter." +.PD 0 +.IP "bit #19 denoting availability of \s-1CLFLUSH\s0 instruction;" 4 +.IX Item "bit #19 denoting availability of CLFLUSH instruction;" +.IP "bit #20, reserved by Intel, is used to choose among \s-1RC4\s0 code paths;" 4 +.IX Item "bit #20, reserved by Intel, is used to choose among RC4 code paths;" +.IP "bit #23 denoting \s-1MMX\s0 support;" 4 +.IX Item "bit #23 denoting MMX support;" +.IP "bit #24, \s-1FXSR\s0 bit, denoting availability of \s-1XMM\s0 registers;" 4 +.IX Item "bit #24, FXSR bit, denoting availability of XMM registers;" +.IP "bit #25 denoting \s-1SSE\s0 support;" 4 +.IX Item "bit #25 denoting SSE support;" +.IP "bit #26 denoting \s-1SSE2\s0 support;" 4 +.IX Item "bit #26 denoting SSE2 support;" +.IP "bit #28 denoting Hyperthreading, which is used to distinguish cores with shared cache;" 4 +.IX Item "bit #28 denoting Hyperthreading, which is used to distinguish cores with shared cache;" +.IP "bit #30, reserved by Intel, denotes specifically Intel CPUs;" 4 +.IX Item "bit #30, reserved by Intel, denotes specifically Intel CPUs;" +.IP "bit #33 denoting availability of \s-1PCLMULQDQ\s0 instruction;" 4 +.IX Item "bit #33 denoting availability of PCLMULQDQ instruction;" +.IP "bit #41 denoting \s-1SSSE3\s0, Supplemental \s-1SSE3\s0, support;" 4 +.IX Item "bit #41 denoting SSSE3, Supplemental SSE3, support;" +.IP "bit #43 denoting \s-1AMD\s0 \s-1XOP\s0 support (forced to zero on non-AMD CPUs);" 4 +.IX Item "bit #43 denoting AMD XOP support (forced to zero on non-AMD CPUs);" +.IP "bit #54 denoting availability of \s-1MOVBE\s0 instruction;" 4 +.IX Item "bit #54 denoting availability of MOVBE instruction;" +.IP "bit #57 denoting AES-NI instruction set extension;" 4 +.IX Item "bit #57 denoting AES-NI instruction set extension;" +.IP "bit #58, \s-1XSAVE\s0 bit, lack of which in combination with \s-1MOVBE\s0 is used to identify Atom Silvermont core;" 4 +.IX Item "bit #58, XSAVE bit, lack of which in combination with MOVBE is used to identify Atom Silvermont core;" +.IP "bit #59, \s-1OSXSAVE\s0 bit, denoting availability of \s-1YMM\s0 registers;" 4 +.IX Item "bit #59, OSXSAVE bit, denoting availability of YMM registers;" +.IP "bit #60 denoting \s-1AVX\s0 extension;" 4 +.IX Item "bit #60 denoting AVX extension;" +.IP "bit #62 denoting availability of \s-1RDRAND\s0 instruction;" 4 +.IX Item "bit #62 denoting availability of RDRAND instruction;" +.PD +.PP +For example, in 32\-bit application context clearing bit #26 at run-time +disables high-performance \s-1SSE2\s0 code present in the crypto library, while +clearing bit #24 disables \s-1SSE2\s0 code operating on 128\-bit \s-1XMM\s0 register +bank. You might have to do the latter if target OpenSSL application is +executed on \s-1SSE2\s0 capable \s-1CPU\s0, but under control of \s-1OS\s0 that does not +enable \s-1XMM\s0 registers. Historically address of the capability vector copy +was exposed to application through \fIOPENSSL_ia32cap_loc()\fR, but not +anymore. Now the only way to affect the capability detection is to set +\&\fBOPENSSL_ia32cap\fR environment variable prior target application start. To +give a specific example, on Intel P4 processor +\&\f(CW\*(C`env OPENSSL_ia32cap=0x16980010 apps/openssl\*(C'\fR, or better yet +\&\f(CW\*(C`env OPENSSL_ia32cap=~0x1000000 apps/openssl\*(C'\fR would achieve the desired +effect. Alternatively you can reconfigure the toolkit with no\-sse2 +option and recompile. +.PP +Less intuitive is clearing bit #28, or ~0x10000000 in the \*(L"environment +variable\*(R" terms. The truth is that it's not copied from \s-1CPUID\s0 output +verbatim, but is adjusted to reflect whether or not the data cache is +actually shared between logical cores. This in turn affects the decision +on whether or not expensive countermeasures against cache-timing attacks +are applied, most notably in \s-1AES\s0 assembler module. +.PP +The capability vector is further extended with \s-1EBX\s0 value returned by +\&\s-1CPUID\s0 with EAX=7 and ECX=0 as input. Following bits are significant: +.IP "bit #64+3 denoting availability of \s-1BMI1\s0 instructions, e.g. \s-1ANDN\s0;" 4 +.IX Item "bit #64+3 denoting availability of BMI1 instructions, e.g. ANDN;" +.PD 0 +.IP "bit #64+5 denoting availability of \s-1AVX2\s0 instructions;" 4 +.IX Item "bit #64+5 denoting availability of AVX2 instructions;" +.IP "bit #64+8 denoting availability of \s-1BMI2\s0 instructions, e.g. \s-1MULX\s0 and \s-1RORX\s0;" 4 +.IX Item "bit #64+8 denoting availability of BMI2 instructions, e.g. MULX and RORX;" +.IP "bit #64+16 denoting availability of \s-1AVX512F\s0 extension;" 4 +.IX Item "bit #64+16 denoting availability of AVX512F extension;" +.IP "bit #64+18 denoting availability of \s-1RDSEED\s0 instruction;" 4 +.IX Item "bit #64+18 denoting availability of RDSEED instruction;" +.IP "bit #64+19 denoting availability of \s-1ADCX\s0 and \s-1ADOX\s0 instructions;" 4 +.IX Item "bit #64+19 denoting availability of ADCX and ADOX instructions;" +.IP "bit #64+21 denoting availability of VPMADD52[\s-1LH\s0]UQ instructions, a.k.a. \s-1AVX512IFMA\s0 extension;" 4 +.IX Item "bit #64+21 denoting availability of VPMADD52[LH]UQ instructions, a.k.a. AVX512IFMA extension;" +.IP "bit #64+29 denoting availability of \s-1SHA\s0 extension;" 4 +.IX Item "bit #64+29 denoting availability of SHA extension;" +.IP "bit #64+30 denoting availability of \s-1AVX512BW\s0 extension;" 4 +.IX Item "bit #64+30 denoting availability of AVX512BW extension;" +.IP "bit #64+31 denoting availability of \s-1AVX512VL\s0 extension;" 4 +.IX Item "bit #64+31 denoting availability of AVX512VL extension;" +.IP "bit #64+41 denoting availability of \s-1VAES\s0 extension;" 4 +.IX Item "bit #64+41 denoting availability of VAES extension;" +.IP "bit #64+42 denoting availability of \s-1VPCLMULQDQ\s0 extension;" 4 +.IX Item "bit #64+42 denoting availability of VPCLMULQDQ extension;" +.PD +.PP +To control this extended capability word use \f(CW\*(C`:\*(C'\fR as delimiter when +setting up \fBOPENSSL_ia32cap\fR environment variable. For example assigning +\&\f(CW\*(C`:~0x20\*(C'\fR would disable \s-1AVX2\s0 code paths, and \f(CW\*(C`:0\*(C'\fR \- all post-AVX +extensions. +.PP +It should be noted that whether or not some of the most \*(L"fancy\*(R" +extension code paths are actually assembled depends on current assembler +version. Base minimum of \s-1AES\-NI/PCLMULQDQ\s0, \s-1SSSE3\s0 and \s-1SHA\s0 extension code +paths are always assembled. Apart from that, minimum assembler version +requirements are summarized in below table: +.PP +.Vb 8 +\& Extension | GNU as | nasm | llvm +\& \-\-\-\-\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\-\- +\& AVX | 2.19 | 2.09 | 3.0 +\& AVX2 | 2.22 | 2.10 | 3.1 +\& ADCX/ADOX | 2.23 | 2.10 | 3.3 +\& AVX512 | 2.25 | 2.11.8 | see NOTES +\& AVX512IFMA | 2.26 | 2.11.8 | see NOTES +\& VAES | 2.30 | 2.13.3 | +.Ve +.SH "NOTES" +.IX Header "NOTES" +Even though \s-1AVX512\s0 support was implemented in llvm 3.6, compilation of +assembly modules apparently requires explicit \-march flag. But then +compiler generates processor-specific code, which in turn contradicts +the mere idea of run-time switch execution facilitated by the variable +in question. Till the limitation is lifted, it's possible to work around +the problem by making build procedure use following script: +.PP +.Vb 2 +\& #!/bin/sh +\& exec clang \-no\-integrated\-as "$@" +.Ve +.PP +instead of real clang. In which case it doesn't matter which clang +version is used, as it is \s-1GNU\s0 assembler version that will be checked. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Not available. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2004\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/OPENSSL_init_crypto.3 b/linux_amd64/share/man/man3/OPENSSL_init_crypto.3 new file mode 100755 index 0000000..f2b8992 --- /dev/null +++ b/linux_amd64/share/man/man3/OPENSSL_init_crypto.3 @@ -0,0 +1,391 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_INIT_CRYPTO 3" +.TH OPENSSL_INIT_CRYPTO 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_INIT_new, OPENSSL_INIT_set_config_filename, +OPENSSL_INIT_set_config_appname, OPENSSL_INIT_set_config_file_flags, +OPENSSL_INIT_free, OPENSSL_init_crypto, OPENSSL_cleanup, OPENSSL_atexit, +OPENSSL_thread_stop_ex, OPENSSL_thread_stop \- OpenSSL initialisation +and deinitialisation functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void OPENSSL_cleanup(void); +\& int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); +\& int OPENSSL_atexit(void (*handler)(void)); +\& void OPENSSL_thread_stop_ex(OPENSSL_CTX *ctx); +\& void OPENSSL_thread_stop(void); +\& +\& OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void); +\& int OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *init, +\& const char* filename); +\& int OPENSSL_INIT_set_config_file_flags(OPENSSL_INIT_SETTINGS *init, +\& unsigned long flags); +\& int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *init, +\& const char* name); +\& void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *init); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +During normal operation OpenSSL (libcrypto) will allocate various resources at +start up that must, subsequently, be freed on close down of the library. +Additionally some resources are allocated on a per thread basis (if the +application is multi-threaded), and these resources must be freed prior to the +thread closing. +.PP +As of version 1.1.0 OpenSSL will automatically allocate all resources that it +needs so no explicit initialisation is required. Similarly it will also +automatically deinitialise as required. +.PP +However, there may be situations when explicit initialisation is desirable or +needed, for example when some non-default initialisation is required. The +function \fIOPENSSL_init_crypto()\fR can be used for this purpose for +libcrypto (see also \fIOPENSSL_init_ssl\fR\|(3) for the libssl +equivalent). +.PP +Numerous internal OpenSSL functions call \fIOPENSSL_init_crypto()\fR. +Therefore, in order to perform non-default initialisation, +\&\fIOPENSSL_init_crypto()\fR \s-1MUST\s0 be called by application code prior to +any other OpenSSL function calls. +.PP +The \fBopts\fR parameter specifies which aspects of libcrypto should be +initialised. Valid options are: +.IP "\s-1OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS\s0" 4 +.IX Item "OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS" +Suppress automatic loading of the libcrypto error strings. This option is +not a default option. Once selected subsequent calls to +\&\fIOPENSSL_init_crypto()\fR with the option +\&\fB\s-1OPENSSL_INIT_LOAD_CRYPTO_STRINGS\s0\fR will be ignored. +.IP "\s-1OPENSSL_INIT_LOAD_CRYPTO_STRINGS\s0" 4 +.IX Item "OPENSSL_INIT_LOAD_CRYPTO_STRINGS" +Automatic loading of the libcrypto error strings. With this option the +library will automatically load the libcrypto error strings. +This option is a default option. Once selected subsequent calls to +\&\fIOPENSSL_init_crypto()\fR with the option +\&\fB\s-1OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS\s0\fR will be ignored. +.IP "\s-1OPENSSL_INIT_ADD_ALL_CIPHERS\s0" 4 +.IX Item "OPENSSL_INIT_ADD_ALL_CIPHERS" +With this option the library will automatically load and make available all +libcrypto ciphers. This option is a default option. Once selected subsequent +calls to \fIOPENSSL_init_crypto()\fR with the option +\&\fB\s-1OPENSSL_INIT_NO_ADD_ALL_CIPHERS\s0\fR will be ignored. +.IP "\s-1OPENSSL_INIT_ADD_ALL_DIGESTS\s0" 4 +.IX Item "OPENSSL_INIT_ADD_ALL_DIGESTS" +With this option the library will automatically load and make available all +libcrypto digests. This option is a default option. Once selected subsequent +calls to \fIOPENSSL_init_crypto()\fR with the option +\&\fB\s-1OPENSSL_INIT_NO_ADD_ALL_CIPHERS\s0\fR will be ignored. +.IP "\s-1OPENSSL_INIT_NO_ADD_ALL_CIPHERS\s0" 4 +.IX Item "OPENSSL_INIT_NO_ADD_ALL_CIPHERS" +With this option the library will suppress automatic loading of libcrypto +ciphers. This option is not a default option. Once selected subsequent +calls to \fIOPENSSL_init_crypto()\fR with the option +\&\fB\s-1OPENSSL_INIT_ADD_ALL_CIPHERS\s0\fR will be ignored. +.IP "\s-1OPENSSL_INIT_NO_ADD_ALL_DIGESTS\s0" 4 +.IX Item "OPENSSL_INIT_NO_ADD_ALL_DIGESTS" +With this option the library will suppress automatic loading of libcrypto +digests. This option is not a default option. Once selected subsequent +calls to \fIOPENSSL_init_crypto()\fR with the option +\&\fB\s-1OPENSSL_INIT_ADD_ALL_DIGESTS\s0\fR will be ignored. +.IP "\s-1OPENSSL_INIT_LOAD_CONFIG\s0" 4 +.IX Item "OPENSSL_INIT_LOAD_CONFIG" +With this option an OpenSSL configuration file will be automatically loaded and +used by calling \fIOPENSSL_config()\fR. This is a default option. +Note that in OpenSSL 1.1.1 this was the default for libssl but not for +libcrypto (see \fIOPENSSL_init_ssl\fR\|(3) for further details about libssl +initialisation). +In OpenSSL 1.1.0 this was a non-default option for both libssl and libcrypto. +See the description of \fIOPENSSL_INIT_new()\fR, below. +.IP "\s-1OPENSSL_INIT_NO_LOAD_CONFIG\s0" 4 +.IX Item "OPENSSL_INIT_NO_LOAD_CONFIG" +With this option the loading of OpenSSL configuration files will be suppressed. +It is the equivalent of calling \fIOPENSSL_no_config()\fR. This is not a default +option. +.IP "\s-1OPENSSL_INIT_ASYNC\s0" 4 +.IX Item "OPENSSL_INIT_ASYNC" +With this option the library with automatically initialise the libcrypto async +sub-library (see \fIASYNC_start_job\fR\|(3)). This is a default option. +.IP "\s-1OPENSSL_INIT_ENGINE_RDRAND\s0" 4 +.IX Item "OPENSSL_INIT_ENGINE_RDRAND" +With this option the library will automatically load and initialise the +\&\s-1RDRAND\s0 engine (if available). This not a default option. +.IP "\s-1OPENSSL_INIT_ENGINE_DYNAMIC\s0" 4 +.IX Item "OPENSSL_INIT_ENGINE_DYNAMIC" +With this option the library will automatically load and initialise the +dynamic engine. This not a default option. +.IP "\s-1OPENSSL_INIT_ENGINE_OPENSSL\s0" 4 +.IX Item "OPENSSL_INIT_ENGINE_OPENSSL" +With this option the library will automatically load and initialise the +openssl engine. This not a default option. +.IP "\s-1OPENSSL_INIT_ENGINE_CRYPTODEV\s0" 4 +.IX Item "OPENSSL_INIT_ENGINE_CRYPTODEV" +With this option the library will automatically load and initialise the +cryptodev engine (if available). This not a default option. +.IP "\s-1OPENSSL_INIT_ENGINE_CAPI\s0" 4 +.IX Item "OPENSSL_INIT_ENGINE_CAPI" +With this option the library will automatically load and initialise the +\&\s-1CAPI\s0 engine (if available). This not a default option. +.IP "\s-1OPENSSL_INIT_ENGINE_PADLOCK\s0" 4 +.IX Item "OPENSSL_INIT_ENGINE_PADLOCK" +With this option the library will automatically load and initialise the +padlock engine (if available). This not a default option. +.IP "\s-1OPENSSL_INIT_ENGINE_AFALG\s0" 4 +.IX Item "OPENSSL_INIT_ENGINE_AFALG" +With this option the library will automatically load and initialise the +\&\s-1AFALG\s0 engine. This not a default option. +.IP "\s-1OPENSSL_INIT_ENGINE_ALL_BUILTIN\s0" 4 +.IX Item "OPENSSL_INIT_ENGINE_ALL_BUILTIN" +With this option the library will automatically load and initialise all the +built in engines listed above with the exception of the openssl and afalg +engines. This not a default option. +.IP "\s-1OPENSSL_INIT_ATFORK\s0" 4 +.IX Item "OPENSSL_INIT_ATFORK" +With this option the library will register its fork handlers. +See \fIOPENSSL_fork_prepare\fR\|(3) for details. +.IP "\s-1OPENSSL_INIT_NO_ATEXIT\s0" 4 +.IX Item "OPENSSL_INIT_NO_ATEXIT" +By default OpenSSL will attempt to clean itself up when the process exits via an +\&\*(L"atexit\*(R" handler. Using this option suppresses that behaviour. This means that +the application will have to clean up OpenSSL explicitly using +\&\fIOPENSSL_cleanup()\fR. +.PP +Multiple options may be combined together in a single call to +\&\fIOPENSSL_init_crypto()\fR. For example: +.PP +.Vb 2 +\& OPENSSL_init_crypto(OPENSSL_INIT_NO_ADD_ALL_CIPHERS +\& | OPENSSL_INIT_NO_ADD_ALL_DIGESTS, NULL); +.Ve +.PP +The \fIOPENSSL_cleanup()\fR function deinitialises OpenSSL (both libcrypto +and libssl). All resources allocated by OpenSSL are freed. Typically there +should be no need to call this function directly as it is initiated +automatically on application exit. This is done via the standard C library +\&\fIatexit()\fR function. In the event that the application will close in a manner +that will not call the registered \fIatexit()\fR handlers then the application should +call \fIOPENSSL_cleanup()\fR directly. Developers of libraries using OpenSSL +are discouraged from calling this function and should instead, typically, rely +on auto-deinitialisation. This is to avoid error conditions where both an +application and a library it depends on both use OpenSSL, and the library +deinitialises it before the application has finished using it. +.PP +Once \fIOPENSSL_cleanup()\fR has been called the library cannot be reinitialised. +Attempts to call \fIOPENSSL_init_crypto()\fR will fail and an \s-1ERR_R_INIT_FAIL\s0 error +will be added to the error stack. Note that because initialisation has failed +OpenSSL error strings will not be available, only an error code. This code can +be put through the openssl errstr command line application to produce a human +readable error (see \fIopenssl\-errstr\fR\|(1)). +.PP +The \fIOPENSSL_atexit()\fR function enables the registration of a +function to be called during \fIOPENSSL_cleanup()\fR. Stop handlers are +called after deinitialisation of resources local to a thread, but before other +process wide resources are freed. In the event that multiple stop handlers are +registered, no guarantees are made about the order of execution. +.PP +The \fIOPENSSL_thread_stop_ex()\fR function deallocates resources associated +with the current thread for the given \s-1OPENSSL_CTX\s0 \fBctx\fR. The \fBctx\fR parameter +can be \s-1NULL\s0 in which case the default \s-1OPENSSL_CTX\s0 is used. +.PP +Typically, this function will be called automatically by the library when +the thread exits as long as the \s-1OPENSSL_CTX\s0 has not been freed before the thread +exits. If \fIOPENSSL_CTX_free()\fR is called OPENSSL_thread_stop_ex will be called +automatically for the current thread (but not any other threads that may have +used this \s-1OPENSSL_CTX\s0). +.PP +OPENSSL_thread_stop_ex should be called on all threads that will exit after the +\&\s-1OPENSSL_CTX\s0 is freed. +Typically this is not necessary for the default \s-1OPENSSL_CTX\s0 (because all +resources are cleaned up on library exit) except if thread local resources +should be freed before library exit, or under the circumstances described in +the \s-1NOTES\s0 section below. +.PP +\&\fIOPENSSL_thread_stop()\fR is the same as \fIOPENSSL_thread_stop_ex()\fR except that the +default \s-1OPENSSL_CTX\s0 is always used. +.PP +The \fB\s-1OPENSSL_INIT_LOAD_CONFIG\s0\fR flag will load a configuration file, as with +\&\fICONF_modules_load_file\fR\|(3) with \s-1NULL\s0 filename and application name and the +\&\fB\s-1CONF_MFLAGS_IGNORE_MISSING_FILE\s0\fR, \fB\s-1CONF_MFLAGS_IGNORE_RETURN_CODES\s0\fR and +\&\fB\s-1CONF_MFLAGS_DEFAULT_SECTION\s0\fR flags. +The filename, application name, and flags can be customized by providing a +non-null \fB\s-1OPENSSL_INIT_SETTINGS\s0\fR object. +The object can be allocated via \fB\f(BIOPENSSL_INIT_new()\fB\fR. +The \fB\f(BIOPENSSL_INIT_set_config_filename()\fB\fR function can be used to specify a +non-default filename, which is copied and need not refer to persistent storage. +Similarly, \fIOPENSSL_INIT_set_config_appname()\fR can be used to specify a +non-default application name. +Finally, OPENSSL_INIT_set_file_flags can be used to specify non-default flags. +If the \fB\s-1CONF_MFLAGS_IGNORE_RETURN_CODES\s0\fR flag is not included, any errors in +the configuration file will cause an error return from \fBOPENSSL_init_crypto\fR +or indirectly \fIOPENSSL_init_ssl\fR\|(3). +The object can be released with \fIOPENSSL_INIT_free()\fR when done. +.SH "NOTES" +.IX Header "NOTES" +Resources local to a thread are deallocated automatically when the thread exits +(e.g. in a pthreads environment, when \fIpthread_exit()\fR is called). On Windows +platforms this is done in response to a \s-1DLL_THREAD_DETACH\s0 message being sent to +the libcrypto32.dll entry point. Some windows functions may cause threads to exit +without sending this message (for example \fIExitProcess()\fR). If the application +uses such functions, then the application must free up OpenSSL resources +directly via a call to \fIOPENSSL_thread_stop()\fR on each thread. Similarly this +message will also not be sent if OpenSSL is linked statically, and therefore +applications using static linking should also call \fIOPENSSL_thread_stop()\fR on each +thread. Additionally if OpenSSL is loaded dynamically via \fILoadLibrary()\fR and the +threads are not destroyed until after \fIFreeLibrary()\fR is called then each thread +should call \fIOPENSSL_thread_stop()\fR prior to the \fIFreeLibrary()\fR call. +.PP +On Linux/Unix where OpenSSL has been loaded via \fIdlopen()\fR and the application is +multi-threaded and if \fIdlclose()\fR is subsequently called prior to the threads +being destroyed then OpenSSL will not be able to deallocate resources associated +with those threads. The application should either call \fIOPENSSL_thread_stop()\fR on +each thread prior to the \fIdlclose()\fR call, or alternatively the original \fIdlopen()\fR +call should use the \s-1RTLD_NODELETE\s0 flag (where available on the platform). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The functions OPENSSL_init_crypto, \fIOPENSSL_atexit()\fR and +\&\fIOPENSSL_INIT_set_config_appname()\fR return 1 on success or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIOPENSSL_init_ssl\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fIOPENSSL_init_crypto()\fR, \fIOPENSSL_cleanup()\fR, \fIOPENSSL_atexit()\fR, +\&\fIOPENSSL_thread_stop()\fR, \fIOPENSSL_INIT_new()\fR, \fIOPENSSL_INIT_set_config_appname()\fR +and \fIOPENSSL_INIT_free()\fR functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/OPENSSL_init_ssl.3 b/linux_amd64/share/man/man3/OPENSSL_init_ssl.3 new file mode 100755 index 0000000..1a811bb --- /dev/null +++ b/linux_amd64/share/man/man3/OPENSSL_init_ssl.3 @@ -0,0 +1,200 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_INIT_SSL 3" +.TH OPENSSL_INIT_SSL 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_init_ssl \- OpenSSL (libssl and libcrypto) initialisation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +During normal operation OpenSSL (libssl and libcrypto) will allocate various +resources at start up that must, subsequently, be freed on close down of the +library. Additionally some resources are allocated on a per thread basis (if the +application is multi-threaded), and these resources must be freed prior to the +thread closing. +.PP +As of version 1.1.0 OpenSSL will automatically allocate all resources that it +needs so no explicit initialisation is required. Similarly it will also +automatically deinitialise as required. +.PP +However, there may be situations when explicit initialisation is desirable or +needed, for example when some non-default initialisation is required. The +function \fIOPENSSL_init_ssl()\fR can be used for this purpose. Calling +this function will explicitly initialise \s-1BOTH\s0 libcrypto and libssl. To +explicitly initialise \s-1ONLY\s0 libcrypto see the +\&\fIOPENSSL_init_crypto\fR\|(3) function. +.PP +Numerous internal OpenSSL functions call \fIOPENSSL_init_ssl()\fR. +Therefore, in order to perform non-default initialisation, +\&\fIOPENSSL_init_ssl()\fR \s-1MUST\s0 be called by application code prior to +any other OpenSSL function calls. +.PP +The \fBopts\fR parameter specifies which aspects of libssl and libcrypto should be +initialised. Valid options for libcrypto are described on the +\&\fIOPENSSL_init_crypto\fR\|(3) page. In addition to any libcrypto +specific option the following libssl options can also be used: +.IP "\s-1OPENSSL_INIT_NO_LOAD_SSL_STRINGS\s0" 4 +.IX Item "OPENSSL_INIT_NO_LOAD_SSL_STRINGS" +Suppress automatic loading of the libssl error strings. This option is +not a default option. Once selected subsequent calls to +\&\fIOPENSSL_init_ssl()\fR with the option +\&\fB\s-1OPENSSL_INIT_LOAD_SSL_STRINGS\s0\fR will be ignored. +.IP "\s-1OPENSSL_INIT_LOAD_SSL_STRINGS\s0" 4 +.IX Item "OPENSSL_INIT_LOAD_SSL_STRINGS" +Automatic loading of the libssl error strings. This option is a +default option. Once selected subsequent calls to +\&\fIOPENSSL_init_ssl()\fR with the option +\&\fB\s-1OPENSSL_INIT_LOAD_SSL_STRINGS\s0\fR will be ignored. +.PP +\&\fIOPENSSL_init_ssl()\fR takes a \fBsettings\fR parameter which can be used to +set parameter values. See \fIOPENSSL_init_crypto\fR\|(3) for details. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The function \fIOPENSSL_init_ssl()\fR returns 1 on success or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIOPENSSL_init_crypto\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fIOPENSSL_init_ssl()\fR function was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/OPENSSL_instrument_bus.3 b/linux_amd64/share/man/man3/OPENSSL_instrument_bus.3 new file mode 100755 index 0000000..cdf4104 --- /dev/null +++ b/linux_amd64/share/man/man3/OPENSSL_instrument_bus.3 @@ -0,0 +1,177 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_INSTRUMENT_BUS 3" +.TH OPENSSL_INSTRUMENT_BUS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_instrument_bus, OPENSSL_instrument_bus2 \- instrument references to memory bus +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 4 +\& #ifdef OPENSSL_CPUID_OBJ +\& size_t OPENSSL_instrument_bus(int *vector, size_t num); +\& size_t OPENSSL_instrument_bus2(int *vector, size_t num, size_t max); +\& #endif +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +It was empirically found that timings of references to primary memory +are subject to irregular, apparently non-deterministic variations. The +subroutines in question instrument these references for purposes of +gathering randomness for random number generator. In order to make it +bus-bound a 'flush cache line' instruction is used between probes. In +addition probes are added to \fBvector\fR elements in atomic or +interlocked manner, which should contribute additional noise on +multi-processor systems. This also means that \fBvector[num]\fR should be +zeroed upon invocation (if you want to retrieve actual probe values). +.PP +\&\fIOPENSSL_instrument_bus()\fR performs \fBnum\fR probes and records the number of +oscillator cycles every probe took. +.PP +\&\fIOPENSSL_instrument_bus2()\fR on the other hand \fBaccumulates\fR consecutive +probes with the same value, i.e. in a way it records duration of +periods when probe values appeared deterministic. The subroutine +performs at most \fBmax\fR probes in attempt to fill the \fBvector[num]\fR, +with \fBmax\fR value of 0 meaning \*(L"as many as it takes.\*(R" +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Return value of 0 indicates that \s-1CPU\s0 is not capable of performing the +benchmark, either because oscillator counter or 'flush cache line' is +not available on current platform. For reference, on x86 'flush cache +line' was introduced with the \s-1SSE2\s0 extensions. +.PP +Otherwise number of recorded values is returned. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2011\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/OPENSSL_load_builtin_modules.3 b/linux_amd64/share/man/man3/OPENSSL_load_builtin_modules.3 new file mode 100755 index 0000000..df941ba --- /dev/null +++ b/linux_amd64/share/man/man3/OPENSSL_load_builtin_modules.3 @@ -0,0 +1,178 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_LOAD_BUILTIN_MODULES 3" +.TH OPENSSL_LOAD_BUILTIN_MODULES 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_load_builtin_modules, ASN1_add_oid_module, ENGINE_add_conf_module \- add standard configuration modules +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void OPENSSL_load_builtin_modules(void); +\& void ASN1_add_oid_module(void); +\& void ENGINE_add_conf_module(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fIOPENSSL_load_builtin_modules()\fR adds all the standard OpenSSL +configuration modules to the internal list. They can then be used by the +OpenSSL configuration code. +.PP +\&\fIASN1_add_oid_module()\fR adds just the \s-1ASN1\s0 \s-1OBJECT\s0 module. +.PP +\&\fIENGINE_add_conf_module()\fR adds just the \s-1ENGINE\s0 configuration module. +.SH "NOTES" +.IX Header "NOTES" +If the simple configuration function \fIOPENSSL_config()\fR is called then +\&\fIOPENSSL_load_builtin_modules()\fR is called automatically. +.PP +Applications which use the configuration functions directly will need to +call \fIOPENSSL_load_builtin_modules()\fR themselves \fIbefore\fR any other +configuration code. +.PP +Applications should call \fIOPENSSL_load_builtin_modules()\fR to load all +configuration modules instead of adding modules selectively: otherwise +functionality may be missing from the application if an when new +modules are added. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +None of the functions return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIconfig\fR\|(5), \fIOPENSSL_config\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2004\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/OPENSSL_malloc.3 b/linux_amd64/share/man/man3/OPENSSL_malloc.3 new file mode 100755 index 0000000..c4a283f --- /dev/null +++ b/linux_amd64/share/man/man3/OPENSSL_malloc.3 @@ -0,0 +1,331 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_MALLOC 3" +.TH OPENSSL_MALLOC 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_malloc_init, +OPENSSL_malloc, OPENSSL_zalloc, OPENSSL_realloc, OPENSSL_free, +OPENSSL_clear_realloc, OPENSSL_clear_free, OPENSSL_cleanse, +CRYPTO_malloc, CRYPTO_zalloc, CRYPTO_realloc, CRYPTO_free, +OPENSSL_strdup, OPENSSL_strndup, +OPENSSL_memdup, OPENSSL_strlcpy, OPENSSL_strlcat, +CRYPTO_strdup, CRYPTO_strndup, +OPENSSL_mem_debug_push, OPENSSL_mem_debug_pop, +CRYPTO_mem_debug_push, CRYPTO_mem_debug_pop, +CRYPTO_clear_realloc, CRYPTO_clear_free, +CRYPTO_malloc_fn, CRYPTO_realloc_fn, CRYPTO_free_fn, +CRYPTO_get_mem_functions, CRYPTO_set_mem_functions, +CRYPTO_get_alloc_counts, +CRYPTO_set_mem_debug, CRYPTO_mem_ctrl, +CRYPTO_mem_leaks, CRYPTO_mem_leaks_fp, CRYPTO_mem_leaks_cb, +OPENSSL_MALLOC_FAILURES, +OPENSSL_MALLOC_FD +\&\- Memory allocation functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int OPENSSL_malloc_init(void); +\& +\& void *OPENSSL_malloc(size_t num); +\& void *OPENSSL_zalloc(size_t num); +\& void *OPENSSL_realloc(void *addr, size_t num); +\& void OPENSSL_free(void *addr); +\& char *OPENSSL_strdup(const char *str); +\& char *OPENSSL_strndup(const char *str, size_t s); +\& size_t OPENSSL_strlcat(char *dst, const char *src, size_t size); +\& size_t OPENSSL_strlcpy(char *dst, const char *src, size_t size); +\& void *OPENSSL_memdup(void *data, size_t s); +\& void *OPENSSL_clear_realloc(void *p, size_t old_len, size_t num); +\& void OPENSSL_clear_free(void *str, size_t num); +\& void OPENSSL_cleanse(void *ptr, size_t len); +\& +\& void *CRYPTO_malloc(size_t num, const char *file, int line); +\& void *CRYPTO_zalloc(size_t num, const char *file, int line); +\& void *CRYPTO_realloc(void *p, size_t num, const char *file, int line); +\& void CRYPTO_free(void *str, const char *, int); +\& char *CRYPTO_strdup(const char *p, const char *file, int line); +\& char *CRYPTO_strndup(const char *p, size_t num, const char *file, int line); +\& void *CRYPTO_clear_realloc(void *p, size_t old_len, size_t num, +\& const char *file, int line); +\& void CRYPTO_clear_free(void *str, size_t num, const char *, int) +\& +\& typedef void *(*CRYPTO_malloc_fn)(size_t num, const char *file, int line); +\& typedef void *(*CRYPTO_realloc_fn)(void *addr, size_t num, const char *file, +\& int line); +\& typedef void (*CRYPTO_free_fn)(void *addr, const char *file, int line); +\& void CRYPTO_get_mem_functions(CRYPTO_malloc_fn *malloc_fn, +\& CRYPTO_realloc_fn *realloc_fn, +\& CRYPTO_free_fn *free_fn); +\& int CRYPTO_set_mem_functions(CRYPTO_malloc_fn malloc_fn, +\& CRYPTO_realloc_fn realloc_fn, +\& CRYPTO_free_fn free_fn); +\& +\& void CRYPTO_get_alloc_counts(int *mcount, int *rcount, int *fcount); +\& +\& env OPENSSL_MALLOC_FAILURES=... +\& env OPENSSL_MALLOC_FD=... +.Ve +.PP +Deprecated: +.PP +.Vb 4 +\& int CRYPTO_mem_leaks(BIO *b); +\& int CRYPTO_mem_leaks_fp(FILE *fp); +\& int CRYPTO_mem_leaks_cb(int (*cb)(const char *str, size_t len, void *u), +\& void *u); +\& +\& int CRYPTO_set_mem_debug(int onoff) +\& int CRYPTO_mem_ctrl(int mode); +\& int OPENSSL_mem_debug_push(const char *info) +\& int OPENSSL_mem_debug_pop(void); +\& int CRYPTO_mem_debug_push(const char *info, const char *file, int line); +\& int CRYPTO_mem_debug_pop(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +OpenSSL memory allocation is handled by the \fBOPENSSL_xxx\fR \s-1API\s0. These are +generally macro's that add the standard C \fB_\|_FILE_\|_\fR and \fB_\|_LINE_\|_\fR +parameters and call a lower-level \fBCRYPTO_xxx\fR \s-1API\s0. +Some functions do not add those parameters, but exist for consistency. +.PP +\&\fIOPENSSL_malloc_init()\fR does nothing and does not need to be called. It is +included for compatibility with older versions of OpenSSL. +.PP +\&\fIOPENSSL_malloc()\fR, \fIOPENSSL_realloc()\fR, and \fIOPENSSL_free()\fR are like the +C \fImalloc()\fR, \fIrealloc()\fR, and \fIfree()\fR functions. +\&\fIOPENSSL_zalloc()\fR calls \fImemset()\fR to zero the memory before returning. +.PP +\&\fIOPENSSL_clear_realloc()\fR and \fIOPENSSL_clear_free()\fR should be used +when the buffer at \fBaddr\fR holds sensitive information. +The old buffer is filled with zero's by calling \fIOPENSSL_cleanse()\fR +before ultimately calling \fIOPENSSL_free()\fR. +.PP +\&\fIOPENSSL_cleanse()\fR fills \fBptr\fR of size \fBlen\fR with a string of 0's. +Use \fIOPENSSL_cleanse()\fR with care if the memory is a mapping of a file. +If the storage controller uses write compression, then its possible +that sensitive tail bytes will survive zeroization because the block of +zeros will be compressed. If the storage controller uses wear leveling, +then the old sensitive data will not be overwritten; rather, a block of +0's will be written at a new physical location. +.PP +\&\fIOPENSSL_strdup()\fR, \fIOPENSSL_strndup()\fR and \fIOPENSSL_memdup()\fR are like the +equivalent C functions, except that memory is allocated by calling the +\&\fIOPENSSL_malloc()\fR and should be released by calling \fIOPENSSL_free()\fR. +.PP +\&\fIOPENSSL_strlcpy()\fR, +\&\fIOPENSSL_strlcat()\fR and \fIOPENSSL_strnlen()\fR are equivalents of the common C +library functions and are provided for portability. +.PP +If no allocations have been done, it is possible to \*(L"swap out\*(R" the default +implementations for \fIOPENSSL_malloc()\fR, \fIOPENSSL_realloc()\fR and \fIOPENSSL_free()\fR +and replace them with alternate versions. +\&\fICRYPTO_get_mem_functions()\fR function fills in the given arguments with the +function pointers for the current implementations. +With \fICRYPTO_set_mem_functions()\fR, you can specify a different set of functions. +If any of \fBmalloc_fn\fR, \fBrealloc_fn\fR, or \fBfree_fn\fR are \s-1NULL\s0, then +the function is not changed. +While it's permitted to swap out only a few and not all the functions +with \fICRYPTO_set_mem_functions()\fR, it's recommended to swap them all out +at once. +.PP +If the library is built with the \f(CW\*(C`crypto\-mdebug\*(C'\fR option, then one +function, \fICRYPTO_get_alloc_counts()\fR, and two additional environment +variables, \fB\s-1OPENSSL_MALLOC_FAILURES\s0\fR and \fB\s-1OPENSSL_MALLOC_FD\s0\fR, +are available. +.PP +The function \fICRYPTO_get_alloc_counts()\fR fills in the number of times +each of \fICRYPTO_malloc()\fR, \fICRYPTO_realloc()\fR, and \fICRYPTO_free()\fR have been +called, into the values pointed to by \fBmcount\fR, \fBrcount\fR, and \fBfcount\fR, +respectively. If a pointer is \s-1NULL\s0, then the corresponding count is not stored. +.PP +The variable +\&\fB\s-1OPENSSL_MALLOC_FAILURES\s0\fR controls how often allocations should fail. +It is a set of fields separated by semicolons, which each field is a count +(defaulting to zero) and an optional atsign and percentage (defaulting +to 100). If the count is zero, then it lasts forever. For example, +\&\f(CW\*(C`100;@25\*(C'\fR or \f(CW\*(C`100@0;0@25\*(C'\fR means the first 100 allocations pass, then all +other allocations (until the program exits or crashes) have a 25% chance of +failing. +.PP +If the variable \fB\s-1OPENSSL_MALLOC_FD\s0\fR is parsed as a positive integer, then +it is taken as an open file descriptor, and a record of all allocations is +written to that descriptor. If an allocation will fail, and the platform +supports it, then a backtrace will be written to the descriptor. This can +be useful because a malloc may fail but not be checked, and problems will +only occur later. The following example in classic shell syntax shows how +to use this (will not work on all platforms): +.PP +.Vb 5 +\& OPENSSL_MALLOC_FAILURES=\*(Aq200;@10\*(Aq +\& export OPENSSL_MALLOC_FAILURES +\& OPENSSL_MALLOC_FD=3 +\& export OPENSSL_MALLOC_FD +\& ...app invocation... 3>/tmp/log$$ +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOPENSSL_malloc_init()\fR, \fIOPENSSL_free()\fR, \fIOPENSSL_clear_free()\fR +\&\fICRYPTO_free()\fR, \fICRYPTO_clear_free()\fR and \fICRYPTO_get_mem_functions()\fR +return no value. +.PP +\&\fIOPENSSL_malloc()\fR, \fIOPENSSL_zalloc()\fR, \fIOPENSSL_realloc()\fR, +\&\fIOPENSSL_clear_realloc()\fR, +\&\fICRYPTO_malloc()\fR, \fICRYPTO_zalloc()\fR, \fICRYPTO_realloc()\fR, +\&\fICRYPTO_clear_realloc()\fR, +\&\fIOPENSSL_strdup()\fR, and \fIOPENSSL_strndup()\fR +return a pointer to allocated memory or \s-1NULL\s0 on error. +.PP +\&\fICRYPTO_set_mem_functions()\fR returns 1 on success or 0 on failure (almost +always because allocations have already happened). +.PP +\&\fICRYPTO_mem_leaks()\fR, \fICRYPTO_mem_leaks_fp()\fR, \fICRYPTO_mem_leaks_cb()\fR, +\&\fICRYPTO_set_mem_debug()\fR, and \fICRYPTO_mem_ctrl()\fR are deprecated and return \-1. +\&\fIOPENSSL_mem_debug_push()\fR, \fIOPENSSL_mem_debug_pop()\fR, +\&\fICRYPTO_mem_debug_push()\fR, and \fICRYPTO_mem_debug_pop()\fR +are deprecated and return 0. +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIOPENSSL_mem_debug_push()\fR, \fIOPENSSL_mem_debug_pop()\fR, +\&\fICRYPTO_mem_debug_push()\fR, \fICRYPTO_mem_debug_pop()\fR, +\&\fICRYPTO_mem_leaks()\fR, \fICRYPTO_mem_leaks_fp()\fR, +\&\fICRYPTO_mem_leaks_cb()\fR, \fICRYPTO_set_mem_debug()\fR, \fICRYPTO_mem_ctrl()\fR +were deprecated in OpenSSL 3.0. +The memory-leak checking has been deprecated in OpenSSL 3.0 in favor of +clang's memory and leak sanitizer. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/OPENSSL_s390xcap.3 b/linux_amd64/share/man/man3/OPENSSL_s390xcap.3 new file mode 100755 index 0000000..944df3e --- /dev/null +++ b/linux_amd64/share/man/man3/OPENSSL_s390xcap.3 @@ -0,0 +1,324 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_S390XCAP 3" +.TH OPENSSL_S390XCAP 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_s390xcap \- the IBM z processor capabilities vector +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& env OPENSSL_s390xcap=... +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +libcrypto supports z/Architecture instruction set extensions. These +extensions are denoted by individual bits in the capabilities vector. +When libcrypto is initialized, the bits returned by the \s-1STFLE\s0 instruction +and by the \s-1QUERY\s0 functions are stored in the vector. +.PP +To change the set of instructions available to an application, you can +set the \fBOPENSSL_s390xcap\fR environment variable before you start the +application. After initialization, the capability vector is ANDed bitwise +with a mask which is derived from the environment variable. +.PP +The environment variable is a semicolon-separated list of tokens which is +processed from left to right (whitespace is ignored): +.PP +.Vb 1 +\& OPENSSL_s390xcap=";;..." +.Ve +.PP +There are three types of tokens: +.IP "" 4 +.IX Item "" +The name of a processor generation. A bit in the environment variable's +mask is set to one if and only if the specified processor generation +implements the corresponding instruction set extension. Possible values +are \fBz900\fR, \fBz990\fR, \fBz9\fR, \fBz10\fR, \fBz196\fR, \fBzEC12\fR, \fBz13\fR, \fBz14\fR +and \fBz15\fR. +.IP "::" 4 +.IX Item "::" +The name of an instruction followed by two 64\-bit masks. The part of the +environment variable's mask corresponding to the specified instruction is +set to the specified 128\-bit mask. Possible values are \fBkimd\fR, \fBklmd\fR, +\&\fBkm\fR, \fBkmc\fR, \fBkmac\fR, \fBkmctr\fR, \fBkmo\fR, \fBkmf\fR, \fBprno\fR, \fBkma\fR, \fBpcc\fR +and \fBkdsa\fR. +.IP "stfle:::" 4 +.IX Item "stfle:::" +Store-facility-list-extended (stfle) followed by three 64\-bit masks. The +part of the environment variable's mask corresponding to the stfle +instruction is set to the specified 192\-bit mask. +.PP +The 64\-bit masks are specified in hexadecimal notation. The 0x prefix is +optional. Prefix a mask with a tilde, \f(CW\*(C`~\*(C'\fR, to denote a bitwise \s-1NOT\s0 operation. +.PP +The following is a list of significant bits for each instruction. Colon +rows separate the individual 64\-bit masks. The bit numbers in the first +column are consistent with [1], that is, 0 denotes the leftmost bit and +the numbering is continuous across 64\-bit mask boundaries. +.PP +.Vb 1 +\& Bit Mask Facility/Function +\& +\& stfle: +\& # 17 1<<46 message\-security assist +\& # 25 1<<38 store\-clock\-fast facility +\& : +\& # 76 1<<51 message\-security assist extension 3 +\& # 77 1<<50 message\-security assist extension 4 +\& : +\& #129 1<<62 vector facility +\& #134 1<<57 vector packed decimal facility +\& #135 1<<56 vector enhancements facility 1 +\& #146 1<<45 message\-security assist extension 8 +\& #155 1<<36 message\-security assist extension 9 +\& +\& kimd : +\& # 1 1<<62 KIMD\-SHA\-1 +\& # 2 1<<61 KIMD\-SHA\-256 +\& # 3 1<<60 KIMD\-SHA\-512 +\& # 32 1<<31 KIMD\-SHA3\-224 +\& # 33 1<<30 KIMD\-SHA3\-256 +\& # 34 1<<29 KIMD\-SHA3\-384 +\& # 35 1<<28 KIMD\-SHA3\-512 +\& # 36 1<<27 KIMD\-SHAKE\-128 +\& # 37 1<<26 KIMD\-SHAKE\-256 +\& : +\& # 65 1<<62 KIMD\-GHASH +\& +\& klmd : +\& # 32 1<<31 KLMD\-SHA3\-224 +\& # 33 1<<30 KLMD\-SHA3\-256 +\& # 34 1<<29 KLMD\-SHA3\-384 +\& # 35 1<<28 KLMD\-SHA3\-512 +\& # 36 1<<27 KLMD\-SHAKE\-128 +\& # 37 1<<26 KLMD\-SHAKE\-256 +\& : +\& +\& km : +\& # 18 1<<45 KM\-AES\-128 +\& # 19 1<<44 KM\-AES\-192 +\& # 20 1<<43 KM\-AES\-256 +\& # 50 1<<13 KM\-XTS\-AES\-128 +\& # 52 1<<11 KM\-XTS\-AES\-256 +\& : +\& +\& kmc : +\& # 18 1<<45 KMC\-AES\-128 +\& # 19 1<<44 KMC\-AES\-192 +\& # 20 1<<43 KMC\-AES\-256 +\& : +\& +\& kmac : +\& # 18 1<<45 KMAC\-AES\-128 +\& # 19 1<<44 KMAC\-AES\-192 +\& # 20 1<<43 KMAC\-AES\-256 +\& : +\& +\& kmctr: +\& : +\& +\& kmo : +\& # 18 1<<45 KMO\-AES\-128 +\& # 19 1<<44 KMO\-AES\-192 +\& # 20 1<<43 KMO\-AES\-256 +\& : +\& +\& kmf : +\& # 18 1<<45 KMF\-AES\-128 +\& # 19 1<<44 KMF\-AES\-192 +\& # 20 1<<43 KMF\-AES\-256 +\& : +\& +\& prno : +\& : +\& +\& kma : +\& # 18 1<<45 KMA\-GCM\-AES\-128 +\& # 19 1<<44 KMA\-GCM\-AES\-192 +\& # 20 1<<43 KMA\-GCM\-AES\-256 +\& : +\& +\& pcc : +\& : +\& # 64 1<<63 PCC\-Scalar\-Multiply\-P256 +\& # 65 1<<62 PCC\-Scalar\-Multiply\-P384 +\& # 66 1<<61 PCC\-Scalar\-Multiply\-P521 +\& # 72 1<<55 PCC\-Scalar\-Multiply\-Ed25519 +\& # 73 1<<54 PCC\-Scalar\-Multiply\-Ed448 +\& # 80 1<<47 PCC\-Scalar\-Multiply\-X25519 +\& # 81 1<<46 PCC\-Scalar\-Multiply\-X448 +\& +\& kdsa : +\& # 1 1<<62 KDSA\-ECDSA\-Verify\-P256 +\& # 2 1<<61 KDSA\-ECDSA\-Verify\-P384 +\& # 3 1<<60 KDSA\-ECDSA\-Verify\-P521 +\& # 9 1<<54 KDSA\-ECDSA\-Sign\-P256 +\& # 10 1<<53 KDSA\-ECDSA\-Sign\-P384 +\& # 11 1<<52 KDSA\-ECDSA\-Sign\-P521 +\& # 32 1<<31 KDSA\-EdDSA\-Verify\-Ed25519 +\& # 36 1<<27 KDSA\-EdDSA\-Verify\-Ed448 +\& # 40 1<<23 KDSA\-EdDSA\-Sign\-Ed25519 +\& # 44 1<<19 KDSA\-EdDSA\-Sign\-Ed448 +\& : +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Not available. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Disables all instruction set extensions which the z196 processor does not implement: +.PP +.Vb 1 +\& OPENSSL_s390xcap="z196" +.Ve +.PP +Disables the vector facility: +.PP +.Vb 1 +\& OPENSSL_s390xcap="stfle:~0:~0:~0x4000000000000000" +.Ve +.PP +Disables the KM-XTS-AES and and the KIMD-SHAKE function codes: +.PP +.Vb 1 +\& OPENSSL_s390xcap="km:~0x2800:~0;kimd:~0xc000000:~0" +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +[1] z/Architecture Principles of Operation, \s-1SA22\-7832\-12\s0 +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/OPENSSL_secure_malloc.3 b/linux_amd64/share/man/man3/OPENSSL_secure_malloc.3 new file mode 100755 index 0000000..b8be38b --- /dev/null +++ b/linux_amd64/share/man/man3/OPENSSL_secure_malloc.3 @@ -0,0 +1,265 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_SECURE_MALLOC 3" +.TH OPENSSL_SECURE_MALLOC 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CRYPTO_secure_malloc_init, CRYPTO_secure_malloc_initialized, +CRYPTO_secure_malloc_done, OPENSSL_secure_malloc, CRYPTO_secure_malloc, +OPENSSL_secure_zalloc, CRYPTO_secure_zalloc, OPENSSL_secure_free, +CRYPTO_secure_free, OPENSSL_secure_clear_free, +CRYPTO_secure_clear_free, OPENSSL_secure_actual_size, +CRYPTO_secure_allocated, +CRYPTO_secure_used \- secure heap storage +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int CRYPTO_secure_malloc_init(size_t size, size_t minsize); +\& +\& int CRYPTO_secure_malloc_initialized(); +\& +\& int CRYPTO_secure_malloc_done(); +\& +\& void *OPENSSL_secure_malloc(size_t num); +\& void *CRYPTO_secure_malloc(size_t num, const char *file, int line); +\& +\& void *OPENSSL_secure_zalloc(size_t num); +\& void *CRYPTO_secure_zalloc(size_t num, const char *file, int line); +\& +\& void OPENSSL_secure_free(void* ptr); +\& void CRYPTO_secure_free(void *ptr, const char *, int); +\& +\& void OPENSSL_secure_clear_free(void* ptr, size_t num); +\& void CRYPTO_secure_clear_free(void *ptr, size_t num, const char *, int); +\& +\& size_t OPENSSL_secure_actual_size(const void *ptr); +\& +\& int CRYPTO_secure_allocated(const void *ptr); +\& size_t CRYPTO_secure_used(); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +In order to help protect applications (particularly long-running servers) +from pointer overruns or underruns that could return arbitrary data from +the program's dynamic memory area, where keys and other sensitive +information might be stored, OpenSSL supports the concept of a \*(L"secure heap.\*(R" +The level and type of security guarantees depend on the operating system. +It is a good idea to review the code and see if it addresses your +threat model and concerns. +.PP +If a secure heap is used, then private key \fB\s-1BIGNUM\s0\fR values are stored there. +This protects long-term storage of private keys, but will not necessarily +put all intermediate values and computations there. +.PP +\&\fICRYPTO_secure_malloc_init()\fR creates the secure heap, with the specified +\&\f(CW\*(C`size\*(C'\fR in bytes. The \f(CW\*(C`minsize\*(C'\fR parameter is the minimum size to +allocate from the heap or zero to use a reasonable default value. +Both \f(CW\*(C`size\*(C'\fR and, if specified, \f(CW\*(C`minsize\*(C'\fR must be a power of two and +\&\f(CW\*(C`minsize\*(C'\fR should generally be small, for example 16 or 32. +\&\f(CW\*(C`minsize\*(C'\fR must be less than a quarter of \f(CW\*(C`size\*(C'\fR in any case. +.PP +\&\fICRYPTO_secure_malloc_initialized()\fR indicates whether or not the secure +heap as been initialized and is available. +.PP +\&\fICRYPTO_secure_malloc_done()\fR releases the heap and makes the memory unavailable +to the process if all secure memory has been freed. +It can take noticeably long to complete. +.PP +\&\fIOPENSSL_secure_malloc()\fR allocates \f(CW\*(C`num\*(C'\fR bytes from the heap. +If \fICRYPTO_secure_malloc_init()\fR is not called, this is equivalent to +calling \fIOPENSSL_malloc()\fR. +It is a macro that expands to +\&\fICRYPTO_secure_malloc()\fR and adds the \f(CW\*(C`_\|_FILE_\|_\*(C'\fR and \f(CW\*(C`_\|_LINE_\|_\*(C'\fR parameters. +.PP +\&\fIOPENSSL_secure_zalloc()\fR and \fICRYPTO_secure_zalloc()\fR are like +\&\fIOPENSSL_secure_malloc()\fR and \fICRYPTO_secure_malloc()\fR, respectively, +except that they call \fImemset()\fR to zero the memory before returning. +.PP +\&\fIOPENSSL_secure_free()\fR releases the memory at \f(CW\*(C`ptr\*(C'\fR back to the heap. +It must be called with a value previously obtained from +\&\fIOPENSSL_secure_malloc()\fR. +If \fICRYPTO_secure_malloc_init()\fR is not called, this is equivalent to +calling \fIOPENSSL_free()\fR. +It exists for consistency with \fIOPENSSL_secure_malloc()\fR , and +is a macro that expands to \fICRYPTO_secure_free()\fR and adds the \f(CW\*(C`_\|_FILE_\|_\*(C'\fR +and \f(CW\*(C`_\|_LINE_\|_\*(C'\fR parameters.. +.PP +\&\fIOPENSSL_secure_clear_free()\fR is similar to \fIOPENSSL_secure_free()\fR except +that it has an additional \f(CW\*(C`num\*(C'\fR parameter which is used to clear +the memory if it was not allocated from the secure heap. +If \fICRYPTO_secure_malloc_init()\fR is not called, this is equivalent to +calling \fIOPENSSL_clear_free()\fR. +.PP +\&\fIOPENSSL_secure_actual_size()\fR tells the actual size allocated to the +pointer; implementations may allocate more space than initially +requested, in order to \*(L"round up\*(R" and reduce secure heap fragmentation. +.PP +\&\fIOPENSSL_secure_allocated()\fR tells if a pointer is allocated in the secure heap. +.PP +\&\fICRYPTO_secure_used()\fR returns the number of bytes allocated in the +secure heap. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fICRYPTO_secure_malloc_init()\fR returns 0 on failure, 1 if successful, +and 2 if successful but the heap could not be protected by memory +mapping. +.PP +\&\fICRYPTO_secure_malloc_initialized()\fR returns 1 if the secure heap is +available (that is, if \fICRYPTO_secure_malloc_init()\fR has been called, +but \fICRYPTO_secure_malloc_done()\fR has not been called or failed) or 0 if not. +.PP +\&\fIOPENSSL_secure_malloc()\fR and \fIOPENSSL_secure_zalloc()\fR return a pointer into +the secure heap of the requested size, or \f(CW\*(C`NULL\*(C'\fR if memory could not be +allocated. +.PP +\&\fICRYPTO_secure_allocated()\fR returns 1 if the pointer is in the secure heap, or 0 if not. +.PP +\&\fICRYPTO_secure_malloc_done()\fR returns 1 if the secure memory area is released, or 0 if not. +.PP +\&\fIOPENSSL_secure_free()\fR and \fIOPENSSL_secure_clear_free()\fR return no values. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIOPENSSL_malloc\fR\|(3), +\&\fIBN_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fIOPENSSL_secure_clear_free()\fR function was added in OpenSSL 1.1.0g. +.PP +The second argument to \fICRYPTO_secure_malloc_init()\fR was changed from an \fBint\fR to +a \fBsize_t\fR in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/OSSL_CMP_CTX_new.3 b/linux_amd64/share/man/man3/OSSL_CMP_CTX_new.3 new file mode 100755 index 0000000..99549a3 --- /dev/null +++ b/linux_amd64/share/man/man3/OSSL_CMP_CTX_new.3 @@ -0,0 +1,805 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_CMP_CTX_NEW 3" +.TH OSSL_CMP_CTX_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_CMP_CTX_new, +OSSL_CMP_CTX_free, +OSSL_CMP_CTX_reinit, +OSSL_CMP_CTX_set_option, +OSSL_CMP_CTX_get_option, +OSSL_CMP_CTX_set_log_cb, +OSSL_CMP_CTX_set_log_verbosity, +OSSL_CMP_CTX_print_errors, +OSSL_CMP_CTX_set1_serverPath, +OSSL_CMP_CTX_set1_serverName, +OSSL_CMP_CTX_set_serverPort, +OSSL_CMP_CTX_set1_proxyName, +OSSL_CMP_CTX_set_proxyPort, +OSSL_CMP_DEFAULT_PORT, +OSSL_CMP_CTX_set_http_cb, +OSSL_CMP_CTX_set_http_cb_arg, +OSSL_CMP_CTX_get_http_cb_arg, +OSSL_cmp_transfer_cb_t, +OSSL_CMP_CTX_set_transfer_cb, +OSSL_CMP_CTX_set_transfer_cb_arg, +OSSL_CMP_CTX_get_transfer_cb_arg, +OSSL_CMP_CTX_set1_srvCert, +OSSL_CMP_CTX_set1_expected_sender, +OSSL_CMP_CTX_set0_trustedStore, +OSSL_CMP_CTX_get0_trustedStore, +OSSL_CMP_CTX_set1_untrusted_certs, +OSSL_CMP_CTX_get0_untrusted_certs, +OSSL_CMP_CTX_set1_clCert, +OSSL_CMP_CTX_set1_pkey, +OSSL_CMP_CTX_set1_referenceValue, +OSSL_CMP_CTX_set1_secretValue, +OSSL_CMP_CTX_set1_recipient, +OSSL_CMP_CTX_push0_geninfo_ITAV, +OSSL_CMP_CTX_set1_extraCertsOut, +OSSL_CMP_CTX_set0_newPkey, +OSSL_CMP_CTX_get0_newPkey, +OSSL_CMP_CTX_set1_issuer, +OSSL_CMP_CTX_set1_subjectName, +OSSL_CMP_CTX_push1_subjectAltName, +OSSL_CMP_CTX_set0_reqExtensions, +OSSL_CMP_CTX_reqExtensions_have_SAN, +OSSL_CMP_CTX_push0_policy, +OSSL_CMP_CTX_set1_oldCert, +OSSL_CMP_CTX_set1_p10CSR, +OSSL_CMP_CTX_push0_genm_ITAV, +OSSL_cmp_certConf_cb_t, +OSSL_CMP_CTX_set_certConf_cb, +OSSL_CMP_CTX_set_certConf_cb_arg, +OSSL_CMP_CTX_get_certConf_cb_arg, +OSSL_CMP_CTX_get_status, +OSSL_CMP_CTX_get0_statusString, +OSSL_CMP_CTX_get_failInfoCode, +OSSL_CMP_CTX_get0_newCert, +OSSL_CMP_CTX_get1_caPubs, +OSSL_CMP_CTX_get1_extraCertsIn, +OSSL_CMP_CTX_set1_transactionID, +OSSL_CMP_CTX_set1_senderNonce +\&\- functions for managing the CMP client context data structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& OSSL_CMP_CTX *OSSL_CMP_CTX_new(void); +\& void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx); +\& int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx); +\& int OSSL_CMP_CTX_set_option(OSSL_CMP_CTX *ctx, int opt, int val); +\& int OSSL_CMP_CTX_get_option(const OSSL_CMP_CTX *ctx, int opt); +\& +\& /* logging and error reporting: */ +\& int OSSL_CMP_CTX_set_log_cb(OSSL_CMP_CTX *ctx, OSSL_cmp_log_cb_t cb); +\& #define OSSL_CMP_CTX_set_log_verbosity(ctx, level) +\& void OSSL_CMP_CTX_print_errors(OSSL_CMP_CTX *ctx); +\& +\& /* message transfer: */ +\& int OSSL_CMP_CTX_set1_serverPath(OSSL_CMP_CTX *ctx, const char *path); +\& int OSSL_CMP_CTX_set1_serverName(OSSL_CMP_CTX *ctx, const char *name); +\& int OSSL_CMP_CTX_set_serverPort(OSSL_CMP_CTX *ctx, int port); +\& int OSSL_CMP_CTX_set1_proxyName(OSSL_CMP_CTX *ctx, const char *name); +\& int OSSL_CMP_CTX_set_proxyPort(OSSL_CMP_CTX *ctx, int port); +\& #define OSSL_CMP_DEFAULT_PORT 80 +\& int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, HTTP_bio_cb_t cb); +\& int OSSL_CMP_CTX_set_http_cb_arg(OSSL_CMP_CTX *ctx, void *arg); +\& void *OSSL_CMP_CTX_get_http_cb_arg(const OSSL_CMP_CTX *ctx); +\& typedef OSSL_CMP_MSG *(*OSSL_cmp_transfer_cb_t)(OSSL_CMP_CTX *ctx, +\& const OSSL_CMP_MSG *req); +\& int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX *ctx, +\& OSSL_cmp_transfer_cb_t cb); +\& int OSSL_CMP_CTX_set_transfer_cb_arg(OSSL_CMP_CTX *ctx, void *arg); +\& void *OSSL_CMP_CTX_get_transfer_cb_arg(const OSSL_CMP_CTX *ctx); +\& +\& /* server authentication: */ +\& int OSSL_CMP_CTX_set1_srvCert(OSSL_CMP_CTX *ctx, X509 *cert); +\& int OSSL_CMP_CTX_set1_expected_sender(OSSL_CMP_CTX *ctx, +\& const X509_NAME *name); +\& int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX *ctx, X509_STORE *store); +\& X509_STORE *OSSL_CMP_CTX_get0_trustedStore(const OSSL_CMP_CTX *ctx); +\& int OSSL_CMP_CTX_set1_untrusted_certs(OSSL_CMP_CTX *ctx, +\& STACK_OF(X509) *certs); +\& STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted_certs(const OSSL_CMP_CTX *ctx); +\& +\& /* client authentication: */ +\& int OSSL_CMP_CTX_set1_clCert(OSSL_CMP_CTX *ctx, X509 *cert); +\& int OSSL_CMP_CTX_set1_pkey(OSSL_CMP_CTX *ctx, EVP_PKEY *pkey); +\& int OSSL_CMP_CTX_set1_referenceValue(OSSL_CMP_CTX *ctx, +\& const unsigned char *ref, int len); +\& int OSSL_CMP_CTX_set1_secretValue(OSSL_CMP_CTX *ctx, const unsigned char *sec, +\& const int len); +\& +\& /* CMP message header and extra certificates: */ +\& int OSSL_CMP_CTX_set1_recipient(OSSL_CMP_CTX *ctx, const X509_NAME *name); +\& int OSSL_CMP_CTX_push0_geninfo_ITAV(OSSL_CMP_CTX *ctx, OSSL_CMP_ITAV *itav); +\& int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx, +\& STACK_OF(X509) *extraCertsOut); +\& +\& /* certificate template: */ +\& int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey); +\& EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv); +\& int OSSL_CMP_CTX_set1_issuer(OSSL_CMP_CTX *ctx, const X509_NAME *name); +\& int OSSL_CMP_CTX_set1_subjectName(OSSL_CMP_CTX *ctx, const X509_NAME *name); +\& int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx, +\& const GENERAL_NAME *name); +\& int OSSL_CMP_CTX_set0_reqExtensions(OSSL_CMP_CTX *ctx, X509_EXTENSIONS *exts); +\& int OSSL_CMP_CTX_reqExtensions_have_SAN(OSSL_CMP_CTX *ctx); +\& int OSSL_CMP_CTX_push0_policy(OSSL_CMP_CTX *ctx, POLICYINFO *pinfo); +\& int OSSL_CMP_CTX_set1_oldCert(OSSL_CMP_CTX *ctx, X509 *cert); +\& int OSSL_CMP_CTX_set1_p10CSR(OSSL_CMP_CTX *ctx, const X509_REQ *csr); +\& +\& /* misc body contents: */ +\& int OSSL_CMP_CTX_push0_genm_ITAV(OSSL_CMP_CTX *ctx, OSSL_CMP_ITAV *itav); +\& +\& /* certificate confirmation: */ +\& typedef int (*OSSL_cmp_certConf_cb_t)(OSSL_CMP_CTX *ctx, X509 *cert, +\& int fail_info, const char **txt); +\& int OSSL_CMP_CTX_set_certConf_cb(OSSL_CMP_CTX *ctx, OSSL_cmp_certConf_cb_t cb); +\& int OSSL_CMP_CTX_set_certConf_cb_arg(OSSL_CMP_CTX *ctx, void *arg); +\& void *OSSL_CMP_CTX_get_certConf_cb_arg(const OSSL_CMP_CTX *ctx); +\& +\& /* result fetching: */ +\& int OSSL_CMP_CTX_get_status(const OSSL_CMP_CTX *ctx); +\& OSSL_CMP_PKIFREETEXT *OSSL_CMP_CTX_get0_statusString(const OSSL_CMP_CTX *ctx); +\& int OSSL_CMP_CTX_get_failInfoCode(const OSSL_CMP_CTX *ctx); +\& +\& X509 *OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX *ctx); +\& STACK_OF(X509) *OSSL_CMP_CTX_get1_caPubs(const OSSL_CMP_CTX *ctx); +\& STACK_OF(X509) *OSSL_CMP_CTX_get1_extraCertsIn(const OSSL_CMP_CTX *ctx); +\& +\& /* for test purposes only: */ +\& int OSSL_CMP_CTX_set1_transactionID(OSSL_CMP_CTX *ctx, +\& const ASN1_OCTET_STRING *id); +\& int OSSL_CMP_CTX_set1_senderNonce(OSSL_CMP_CTX *ctx, +\& const ASN1_OCTET_STRING *nonce); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This is the context \s-1API\s0 for using \s-1CMP\s0 (Certificate Management Protocol) with +OpenSSL. +.PP +\&\fIOSSL_CMP_CTX_new()\fR allocates and initializes an \s-1OSSL_CMP_CTX\s0 structure to +default values, e.g., proof-of-possession method is set to POPOSigningKey. +.PP +\&\fIOSSL_CMP_CTX_free()\fR deallocates an \s-1OSSL_CMP_CTX\s0 structure. +.PP +\&\fIOSSL_CMP_CTX_reinit()\fR prepares the given \fBctx\fR for a further transaction by +clearing the internal \s-1CMP\s0 transaction (aka session) status, PKIStatusInfo, +and any previous results (newCert, caPubs, and extraCertsIn) +from the last executed transaction. +All other field values (i.e., \s-1CMP\s0 options) are retained for potential re-use. +.PP +\&\fIOSSL_CMP_CTX_set_option()\fR sets the given value for the given option +(e.g., \s-1OSSL_CMP_OPT_IMPLICITCONFIRM\s0) in the given \s-1OSSL_CMP_CTX\s0 structure. +.PP +The following options can be set: +.IP "\fB\s-1OSSL_CMP_OPT_LOG_VERBOSITY\s0\fR" 4 +.IX Item "OSSL_CMP_OPT_LOG_VERBOSITY" +.Vb 3 +\& The level of severity needed for actually outputting log messages +\& due to errors, warnings, general info, debugging, etc. +\& Default is OSSL_CMP_LOG_INFO. See also L. +.Ve +.IP "\fB\s-1OSSL_CMP_OPT_MSGTIMEOUT\s0\fR" 4 +.IX Item "OSSL_CMP_OPT_MSGTIMEOUT" +.Vb 2 +\& Number of seconds (or 0 for infinite) a CMP message round trip is +\& allowed to take before a timeout error is returned. Default is 120. +.Ve +.IP "\fB\s-1OSSL_CMP_OPT_TOTALTIMEOUT\s0\fR" 4 +.IX Item "OSSL_CMP_OPT_TOTALTIMEOUT" +.Vb 2 +\& Maximum total number of seconds an enrollment (including polling) +\& may take. Default is 0 (infinite). +.Ve +.IP "\fB\s-1OSSL_CMP_OPT_VALIDITYDAYS\s0\fR" 4 +.IX Item "OSSL_CMP_OPT_VALIDITYDAYS" +.Vb 1 +\& Number of days new certificates are asked to be valid for. +.Ve +.IP "\fB\s-1OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT\s0\fR" 4 +.IX Item "OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT" +.Vb 2 +\& Do not take default Subject Alternative Names +\& from the reference certificate. +.Ve +.IP "\fB\s-1OSSL_CMP_OPT_SUBJECTALTNAME_CRITICAL\s0\fR" 4 +.IX Item "OSSL_CMP_OPT_SUBJECTALTNAME_CRITICAL" +.Vb 1 +\& Demand that the given Subject Alternative Names are flagged as critical. +.Ve +.IP "\fB\s-1OSSL_CMP_OPT_POLICIES_CRITICAL\s0\fR" 4 +.IX Item "OSSL_CMP_OPT_POLICIES_CRITICAL" +.Vb 1 +\& Demand that the given policies are flagged as critical. +.Ve +.IP "\fB\s-1OSSL_CMP_OPT_POPOMETHOD\s0\fR" 4 +.IX Item "OSSL_CMP_OPT_POPOMETHOD" +.Vb 1 +\& Select the proof of possession method to use. Possible values are: +\& +\& OSSL_CRMF_POPO_NONE \- ProofOfPossession field omitted +\& OSSL_CRMF_POPO_RAVERIFIED \- assert that the RA has already +\& verified the PoPo +\& OSSL_CRMF_POPO_SIGNATURE \- sign a value with private key, +\& which is the default. +\& OSSL_CRMF_POPO_KEYENC \- decrypt the encrypted certificate +\& ("indirect method") +\& +\& Note that a signature\-based POPO can only be produced if a private key +\& is provided as the newPkey or client pkey component of the CMP context. +.Ve +.IP "\fB\s-1OSSL_CMP_OPT_DIGEST_ALGNID\s0\fR" 4 +.IX Item "OSSL_CMP_OPT_DIGEST_ALGNID" +.Vb 3 +\& The digest algorithm NID to be used in RFC 4210\*(Aqs MSG_SIG_ALG, +\& if applicable used for message protection and Proof\-of\-Possession. +\& Default is SHA256. +\& +\& OSSL_CMP_OPT_OWF_ALGNID +\& The digest algorithm NID to be used as one\-way function (OWF) +\& in RFC 4210\*(Aqs MSG_MAC_ALG, if applicable used for message protection. +\& Default is SHA256. +\& +\& OSSL_CMP_OPT_MAC_ALGNID +\& The MAC algorithm NID to be used in RFC 4210\*(Aqs MSG_MAC_ALG, +\& if applicable used for message protection. +\& Default is HMAC\-SHA1 as per RFC 4210. +.Ve +.IP "\fB\s-1OSSL_CMP_OPT_REVOCATION_REASON\s0\fR" 4 +.IX Item "OSSL_CMP_OPT_REVOCATION_REASON" +.Vb 2 +\& The reason code to be included in a Revocation Request (RR); +\& values: 0..10 (RFC 5210, 5.3.1) or \-1 for none, which is the default. +.Ve +.IP "\fB\s-1OSSL_CMP_OPT_IMPLICITCONFIRM\s0\fR" 4 +.IX Item "OSSL_CMP_OPT_IMPLICITCONFIRM" +.Vb 4 +\& Request server to enable implicit confirm mode, where the client +\& does not need to send confirmation upon receiving the +\& certificate. If the server does not enable implicit confirmation +\& in the return message, then confirmation is sent anyway. +.Ve +.IP "\fB\s-1OSSL_CMP_OPT_DISABLECONFIRM\s0\fR" 4 +.IX Item "OSSL_CMP_OPT_DISABLECONFIRM" +.Vb 5 +\& Do not confirm enrolled certificates, to cope with broken servers +\& not supporting implicit confirmation correctly. +\&B This setting leads to unspecified behavior and it is meant +\&exclusively to allow interoperability with server implementations violating +\&RFC 4210. +.Ve +.IP "\fB\s-1OSSL_CMP_OPT_UNPROTECTED_SEND\s0\fR" 4 +.IX Item "OSSL_CMP_OPT_UNPROTECTED_SEND" +.Vb 1 +\& Send messages without CMP\-level protection. +.Ve +.IP "\fB\s-1OSSL_CMP_OPT_UNPROTECTED_ERRORS\s0\fR" 4 +.IX Item "OSSL_CMP_OPT_UNPROTECTED_ERRORS" +.Vb 7 +\& Accept unprotected error responses which are either explicitly +\& unprotected or where protection verification failed. Applies to regular +\& error messages as well as certificate responses (IP/CP/KUP) and +\& revocation responses (RP) with rejection. +\&B This setting leads to unspecified behavior and it is meant +\&exclusively to allow interoperability with server implementations violating +\&RFC 4210. +.Ve +.IP "\fB\s-1OSSL_CMP_OPT_IGNORE_KEYUSAGE\s0\fR" 4 +.IX Item "OSSL_CMP_OPT_IGNORE_KEYUSAGE" +.Vb 3 +\& Ignore key usage restrictions in signer certificate when +\& validating signature\-based protection in received CMP messages. +\& Else, \*(AqdigitalSignature\*(Aq must be allowed by CMP signer certificates. +.Ve +.IP "\fB\s-1OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR\s0\fR" 4 +.IX Item "OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR" +.Vb 2 +\& Allow retrieving a trust anchor from extraCerts and using that +\& to validate the certificate chain of an IP message. +.Ve +.PP +\&\fIOSSL_CMP_CTX_get_option()\fR reads the current value of the given option +(e.g., \s-1OSSL_CMP_OPT_IMPLICITCONFIRM\s0) from the given \s-1OSSL_CMP_CTX\s0 structure. +.PP +\&\fIOSSL_CMP_CTX_set_log_cb()\fR sets in \fBctx\fR the callback function \f(CW\*(C`cb\*(C'\fR +for handling error queue entries and logging messages. +When \f(CW\*(C`cb\*(C'\fR is \s-1NULL\s0 errors are printed to \s-1STDERR\s0 (if available, else ignored) +any log messages are ignored. +Alternatively, \fIOSSL_CMP_log_open\fR\|(3) may be used to direct logging to \s-1STDOUT\s0. +.PP +\&\fIOSSL_CMP_CTX_set_log_verbosity()\fR is a macro setting the +\&\s-1OSSL_CMP_OPT_LOG_VERBOSITY\s0 context option to the given level. +.PP +\&\fIOSSL_CMP_CTX_print_errors()\fR outputs any entries in the OpenSSL error queue. +It is similar to \fB\f(BIERR_print_errors_cb()\fB\fR but uses the \s-1CMP\s0 log callback function +if set in the \f(CW\*(C`ctx\*(C'\fR for uniformity with \s-1CMP\s0 logging if given. Otherwise it uses +\&\fB\f(BIERR_print_errors\fB\|(3)\fR to print to \s-1STDERR\s0 (unless \s-1OPENSSL_NO_STDIO\s0 is defined). +.PP +\&\fIOSSL_CMP_CTX_set1_serverPath()\fR sets the \s-1HTTP\s0 path of the \s-1CMP\s0 server on the host. +.PP +\&\fIOSSL_CMP_CTX_set1_serverName()\fR sets the given server Address (as \s-1IP\s0 or name) +in the given \s-1OSSL_CMP_CTX\s0 structure. +.PP +\&\fIOSSL_CMP_CTX_set_serverPort()\fR sets the port of the \s-1CMP\s0 server to connect to. +Port defaults to \s-1OSSL_CMP_DEFAULT_PORT\s0 = 80 if not set explicitly. +.PP +\&\fIOSSL_CMP_CTX_set1_proxyName()\fR sets the hostname of the \s-1HTTP\s0 proxy to be used +for connecting to the \s-1CA\s0 server. +.PP +\&\fIOSSL_CMP_CTX_set_proxyPort()\fR sets the port of the \s-1HTTP\s0 proxy. +Port defaults to \s-1OSSL_CMP_DEFAULT_PORT\s0 = 80 if not set explicitly. +.PP +\&\fIOSSL_CMP_CTX_set_http_cb()\fR sets the optional \s-1BIO\s0 connect/disconnect callback +function, which has the prototype +.PP +.Vb 1 +\& typedef BIO *(*HTTP_bio_cb_t) (BIO *bio, void *ctx, int connect, int detail); +.Ve +.PP +The callback may modify the \s-1BIO\s0 \fBbio\fR provided by \fIOSSL_CMP_MSG_http_perform()\fR, +whereby it may make use of a custom defined argument \fBctx\fR +stored in the \s-1OSSL_CMP_CTX\s0 by means of \fIOSSL_CMP_CTX_set_http_cb_arg()\fR. +During connection establishment, just after calling \fIBIO_connect_retry()\fR, +the function is invoked with the \fBconnect\fR argument being 1 and the \fBdetail\fR +argument being 1 if \s-1HTTPS\s0 is requested, i.e., \s-1SSL/TLS\s0 should be enabled. On +disconnect \fBconnect\fR is 0 and \fBdetail\fR is 1 in case no error occurred, else 0. +For instance, on connect the function may prepend a \s-1TLS\s0 \s-1BIO\s0 to implement \s-1HTTPS\s0; +after disconnect it may do some diagnostic output and/or specific cleanup. +The function should return \s-1NULL\s0 to indicate failure. +After disconnect the modified \s-1BIO\s0 will be deallocated using \fIBIO_free_all()\fR. +.PP +\&\fIOSSL_CMP_CTX_set_http_cb_arg()\fR sets an argument, respectively a pointer to +a structure containing arguments, +optionally to be used by the http connect/disconnect callback function. +\&\fBarg\fR is not consumed, and it must therefore explicitly be freed when not +needed any more. \fBarg\fR may be \s-1NULL\s0 to clear the entry. +.PP +\&\fIOSSL_CMP_CTX_get_http_cb_arg()\fR gets the argument, respectively the pointer to a +structure containing arguments, previously set by +\&\fIOSSL_CMP_CTX_set_http_cb_arg()\fR or \s-1NULL\s0 if unset. +.PP +\&\fIOSSL_CMP_CTX_set_transfer_cb()\fR sets the message transfer callback function, +which has the type +.PP +.Vb 2 +\& typedef OSSL_CMP_MSG *(*OSSL_cmp_transfer_cb_t) (OSSL_CMP_CTX *ctx, +\& const OSSL_CMP_MSG *req); +.Ve +.PP +Returns 1 on success, 0 on error. +.PP +Default is \s-1NULL\s0, which implies the use of \fIOSSL_CMP_MSG_http_perform\fR\|(3). +The callback should send the \s-1CMP\s0 request message it obtains via the \fBreq\fR +parameter and on success return the response. +The transfer callback may make use of a custom defined argument stored in +the ctx by means of \fIOSSL_CMP_CTX_set_transfer_cb_arg()\fR, which may be retrieved +again through \fIOSSL_CMP_CTX_get_transfer_cb_arg()\fR. +.PP +\&\fIOSSL_CMP_CTX_set_transfer_cb_arg()\fR sets an argument, respectively a pointer to a +structure containing arguments, optionally to be used by the transfer callback. +\&\fBarg\fR is not consumed, and it must therefore explicitly be freed when not +needed any more. \fBarg\fR may be \s-1NULL\s0 to clear the entry. +.PP +\&\fIOSSL_CMP_CTX_get_transfer_cb_arg()\fR gets the argument, respectively the pointer +to a structure containing arguments, previously set by +\&\fIOSSL_CMP_CTX_set_transfer_cb_arg()\fR or \s-1NULL\s0 if unset. +.PP +\&\fIOSSL_CMP_CTX_set1_srvCert()\fR pins the server certificate to be directly trusted +(even if it is expired) for verifying response messages. +The cert pointer is not consumed. It may be \s-1NULL\s0 to clear the entry. +.PP +\&\fIOSSL_CMP_CTX_set1_expected_sender()\fR sets the Distinguished Name (\s-1DN\s0) expected to +be given in the sender response for messages protected with \s-1MSG_SIG_ALG\s0. This +may be used to enforce that during validation of received messages the given \s-1DN\s0 +matches the sender field of the PKIMessage header, which in turn is used to +identify the server certificate. +This can be used to ensure that only a particular entity is accepted to act as +\&\s-1CMP\s0 server, and attackers are not able to use arbitrary certificates of a +trusted \s-1PKI\s0 hierarchy to fraudulently pose as server. +This defaults to the subject \s-1DN\s0 of the certificate set via +\&\fIOSSL_CMP_CTX_set1_srvCert()\fR, if any. +.PP +\&\fIOSSL_CMP_CTX_set0_trustedStore()\fR sets the X509_STORE type certificate store +containing trusted (root) \s-1CA\s0 certificates. The certificate store may also hold +CRLs and a certificate verification callback function used for \s-1CMP\s0 server +authentication. Any already existing store entry is freed. When given a \s-1NULL\s0 +parameter the entry is cleared. +.PP +\&\fIOSSL_CMP_CTX_get0_trustedStore()\fR returns a pointer to the certificate store +containing trusted root \s-1CA\s0 certificates, which may be empty if unset. +.PP +\&\fIOSSL_CMP_CTX_set1_untrusted_certs()\fR takes over a list of certificates containing +non-trusted intermediate certs used for path construction in authentication +of the \s-1CMP\s0 server and potentially others (\s-1TLS\s0 server, newly enrolled cert). +The reference counts of those certificates handled successfully are increased. +.PP +OSSL_CMP_CTX_get0_untrusted_certs(\s-1OSSL_CMP_CTX\s0 *ctx) returns a pointer to the +list of untrusted certs, which my be empty if unset. +.PP +\&\fIOSSL_CMP_CTX_set1_clCert()\fR sets the client certificate in the given +\&\s-1OSSL_CMP_CTX\s0 structure. The client certificate will then be used by the +functions to set the \*(L"sender\*(R" field for outgoing messages and it will be +included in the extraCerts field. +.PP +\&\fIOSSL_CMP_CTX_set1_pkey()\fR sets the private key corresponding to the client +certificate set with \fB\f(BIOSSL_CMP_CTX_set1_clCert()\fB\fR in the given \s-1CMP\s0 context. +Used to create the protection in case of \s-1MSG_SIG_ALG\s0. +.PP +\&\fIOSSL_CMP_CTX_set1_referenceValue()\fR sets the given referenceValue in the given +\&\fBctx\fR or clears it if the \fBref\fR argument is \s-1NULL\s0. +.PP +\&\fIOSSL_CMP_CTX_set1_secretValue()\fR sets the \fBsec\fR with the length \fBlen\fR in the +given \fBctx\fR or clears it if the \fBsec\fR argument is \s-1NULL\s0. +.PP +\&\fIOSSL_CMP_CTX_set1_recipient()\fR sets the recipient name that will be used in the +PKIHeader of a request message, i.e. the X509 name of the (\s-1CA\s0) server. +Setting is overruled by subject of srvCert if set. +If neither srvCert nor recipient are set, the recipient of the \s-1PKI\s0 message is +determined in the following order: issuer, issuer of old cert (oldCert), +issuer of client cert (clCert), else NULL-DN. +When a response is received, its sender must match the recipient of the request. +.PP +\&\fIOSSL_CMP_CTX_push0_geninfo_ITAV()\fR adds \fBitav\fR to the stack in the \fBctx\fR to be +added to the GeneralInfo field of the \s-1CMP\s0 PKIMessage header of a request +message sent with this context. Consumes the pointer to \fBitav\fR. +.PP +\&\fIOSSL_CMP_CTX_set1_extraCertsOut()\fR sets the stack of extraCerts that will be +sent to remote. +.PP +\&\fIOSSL_CMP_CTX_set0_newPkey()\fR can be used to explicitly set the given \s-1EVP_PKEY\s0 +structure as the private or public key to be certified in the \s-1CMP\s0 context. +The \fBpriv\fR parameter must be 0 if and only if the given key is a public key. +.PP +\&\fIOSSL_CMP_CTX_get0_newPkey()\fR gives the key to use for certificate enrollment +dependent on fields of the \s-1CMP\s0 context structure: +the newPkey (which may be a private or public key) if present, +else the public key in the p10CSR if present, else the client private key. +If the \fBpriv\fR parameter is not 0 and the selected key does not have a +private component then \s-1NULL\s0 is returned. +.PP +\&\fIOSSL_CMP_CTX_set1_issuer()\fR sets the name of the intended issuer that +will be set in the CertTemplate, i.e., the X509 name of the \s-1CA\s0 server. +.PP +\&\fIOSSL_CMP_CTX_set1_subjectName()\fR sets the subject \s-1DN\s0 that will be used in +the CertTemplate structure when requesting a new cert. For Key Update Requests +(\s-1KUR\s0), it defaults to the subject \s-1DN\s0 of the reference certificate, +see \fB\f(BIOSSL_CMP_CTX_set1_oldCert()\fB\fR. This default is used for Initialization +Requests (\s-1IR\s0) and Certification Requests (\s-1CR\s0) only if no SANs are set. +.PP +If clCert is not set (e.g. in case of \s-1IR\s0 with \s-1MSG_MAC_ALG\s0), the subject \s-1DN\s0 +is also used as sender of the \s-1PKI\s0 message. +.PP +\&\fIOSSL_CMP_CTX_push1_subjectAltName()\fR adds the given X509 name to the list of +alternate names on the certificate template request. This cannot be used if +any Subject Alternative Name extension is set via +\&\fIOSSL_CMP_CTX_set0_reqExtensions()\fR. +By default, unless \s-1OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT\s0 has been set, +the Subject Alternative Names are copied from the reference certificate, +see \fIOSSL_CMP_CTX_set1_oldCert()\fR. +.PP +If set and the subject \s-1DN\s0 is not set with \fIOSSL_CMP_CTX_set1_subjectName()\fR, then +the certificate template of an \s-1IR\s0 and \s-1CR\s0 will not be filled with the default +subject \s-1DN\s0 from the reference certificate (see \fIOSSL_CMP_CTX_set1_oldCert()\fR. +If a subject \s-1DN\s0 is desired it needs to be set explicitly with +\&\fIOSSL_CMP_CTX_set1_subjectName()\fR. +.PP +\&\fIOSSL_CMP_CTX_set0_reqExtensions()\fR sets the X.509v3 extensions to be used in +\&\s-1IR/CR/KUR\s0. +.PP +\&\fIOSSL_CMP_CTX_reqExtensions_have_SAN()\fR returns 1 if the context contains +a Subject Alternative Name extension, else 0 or \-1 on error. +.PP +\&\fIOSSL_CMP_CTX_push0_policy()\fR adds the certificate policy info object +to the X509_EXTENSIONS of the requested certificate template. +.PP +\&\fIOSSL_CMP_CTX_set1_oldCert()\fR sets the old certificate to be updated in +Key Update Requests (\s-1KUR\s0) or to be revoked in Revocation Requests (\s-1RR\s0). +It must be given for \s-1RR\s0, else it defaults to \fBclCert\fR. +The reference certificate determined in this way, if any, is also used for +deriving default subject \s-1DN\s0 and Subject Alternative Names for \s-1IR\s0, \s-1CR\s0, and \s-1KUR\s0. +Its issuer, if any, is used as default recipient in the \s-1CMP\s0 message header. +.PP +\&\fIOSSL_CMP_CTX_set1_p10CSR()\fR sets the PKCS#10 \s-1CSR\s0 to be used in P10CR. +.PP +\&\fIOSSL_CMP_CTX_push0_genm_ITAV()\fR adds \fBitav\fR to the stack in the \fBctx\fR which +will be the body of a General Message sent with this context. +Consumes the pointer to \fBitav\fR. +.PP +\&\fIOSSL_CMP_CTX_set_certConf_cb()\fR sets the callback used for evaluating the newly +enrolled certificate before the library sends, depending on its result, +a positive or negative certConf message to the server. The callback has type +.PP +.Vb 2 +\& typedef int (*OSSL_cmp_certConf_cb_t) (OSSL_CMP_CTX *ctx, X509 *cert, +\& int fail_info, const char **txt); +.Ve +.PP +and should inspect the certificate it obtains via the \fBcert\fR parameter and may +overrule the pre-decision given in the \fBfail_info\fR and \fB*txt\fR parameters. +If it accepts the certificate it must return 0, indicating success. Else it must +return a bit field reflecting PKIFailureInfo with at least one failure bit and +may set the \fB*txt\fR output parameter to point to a string constant with more +detail. The transfer callback may make use of a custom defined argument stored +in the \fBctx\fR by means of \fIOSSL_CMP_CTX_set_certConf_cb_arg()\fR, which may be +retrieved again through \fIOSSL_CMP_CTX_get_certConf_cb_arg()\fR. +Typically, the callback will check at least that the certificate can be verified +using a set of trusted certificates. +It also could compare the subject \s-1DN\s0 and other fields of the newly +enrolled certificate with the certificate template of the request. +.PP +\&\fIOSSL_CMP_CTX_set_certConf_cb_arg()\fR sets an argument, respectively a pointer to a +structure containing arguments, optionally to be used by the certConf callback. +\&\fBarg\fR is not consumed, and it must therefore explicitly be freed when not +needed any more. \fBarg\fR may be \s-1NULL\s0 to clear the entry. +.PP +\&\fIOSSL_CMP_CTX_get_certConf_cb_arg()\fR gets the argument, respectively the pointer +to a structure containing arguments, previously set by +\&\fIOSSL_CMP_CTX_set_certConf_cb_arg()\fR, or \s-1NULL\s0 if unset. +.PP +\&\fIOSSL_CMP_CTX_get_status()\fR returns the PKIstatus from the last received +CertRepMessage or Revocation Response or error message, or \-1 if unset. +.PP +\&\fIOSSL_CMP_CTX_get0_statusString()\fR returns the statusString from the last received +CertRepMessage or Revocation Response or error message, or \s-1NULL\s0 if unset. +.PP +\&\fIOSSL_CMP_CTX_get_failInfoCode()\fR returns the error code from the failInfo field +of the last received CertRepMessage or Revocation Response or error message. +This is a bit field and the flags for it are specified in the header file +\&\fI\fR. +The flags start with \s-1OSSL_CMP_CTX_FAILINFO\s0, for example: +OSSL_CMP_CTX_FAILINFO_badAlg. Returns \-1 if the failInfoCode field is unset. +.PP +\&\fIOSSL_CMP_CTX_get0_newCert()\fR returns the pointer to the newly obtained +certificate in case it is available, else \s-1NULL\s0. +.PP +\&\fIOSSL_CMP_CTX_get1_caPubs()\fR returns a pointer to a duplicate of the stack of +X.509 certificates received in the caPubs field of last received certificate +response message \s-1IP/CP/KUP\s0. +.PP +\&\fIOSSL_CMP_CTX_get1_extraCertsIn()\fR returns a pointer to a duplicate of the stack +of X.509 certificates received in the last received non-empty extraCerts field. +Returns an empty stack if no extraCerts have been received in the current +transaction. +.PP +\&\fIOSSL_CMP_CTX_set1_transactionID()\fR sets the given transaction \s-1ID\s0 in the given +\&\s-1OSSL_CMP_CTX\s0 structure. +.PP +\&\fIOSSL_CMP_CTX_set1_senderNonce()\fR stores the last sent sender \fBnonce\fR in +the \fBctx\fR. This will be used to validate the recipNonce in incoming messages. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1CMP\s0 is defined in \s-1RFC\s0 4210 (and \s-1CRMF\s0 in \s-1RFC\s0 4211). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOSSL_CMP_CTX_free()\fR and \fIOSSL_CMP_CTX_print_errors()\fR do not return anything. +.PP +\&\fIOSSL_CMP_CTX_new()\fR, +\&\fIOSSL_CMP_CTX_get_http_cb_arg()\fR, +\&\fIOSSL_CMP_CTX_get_transfer_cb_arg()\fR, +\&\fIOSSL_CMP_CTX_get0_trustedStore()\fR, +\&\fIOSSL_CMP_CTX_get0_untrusted_certs()\fR, +\&\fIOSSL_CMP_CTX_get0_newPkey()\fR, +\&\fIOSSL_CMP_CTX_get_certConf_cb_arg()\fR, +\&\fIOSSL_CMP_CTX_get0_statusString()\fR, +\&\fIOSSL_CMP_CTX_get0_newCert()\fR, +\&\fIOSSL_CMP_CTX_get1_caPubs()\fR, and +\&\fIOSSL_CMP_CTX_get1_extraCertsIn()\fR +return the intended pointer value as described above or \s-1NULL\s0 on error. +.PP +\&\fIOSSL_CMP_CTX_get_option()\fR, +\&\fIOSSL_CMP_CTX_reqExtensions_have_SAN()\fR, +\&\fIOSSL_CMP_CTX_get_status()\fR, and +\&\fIOSSL_CMP_CTX_get_failInfoCode()\fR +return the intended value as described above or \-1 on error. +.PP +All other functions return 1 on success, 0 on error. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The following code does an Initialization Request: +.PP +.Vb 6 +\& cmp_ctx = OSSL_CMP_CTX_new(); +\& OSSL_CMP_CTX_set1_serverName(cmp_ctx, opt_serverName); +\& OSSL_CMP_CTX_set1_referenceValue(cmp_ctx, ref, ref_len); +\& OSSL_CMP_CTX_set1_secretValue(cmp_ctx, sec, sec_len); +\& OSSL_CMP_CTX_set0_newPkey(cmp_ctx, new_pkey, 1); +\& OSSL_CMP_CTX_set1_caCert(cmp_ctx, ca_cert); +\& +\& initialClCert = OSSL_CMP_exec_IR_ses(cmp_ctx); +.Ve +.PP +The following code does an Initialization Request using an +external identity certificate (\s-1RFC\s0 4210, Appendix E.7): +.PP +.Vb 6 +\& cmp_ctx = OSSL_CMP_CTX_new(); +\& OSSL_CMP_CTX_set1_serverName(cmp_ctx, sname); +\& OSSL_CMP_CTX_set1_clCert(cmp_ctx, cl_cert); +\& OSSL_CMP_CTX_set1_pkey(cmp_ctx, pkey); +\& OSSL_CMP_CTX_set0_newPkey(cmp_ctx, new_pkey, 1); +\& OSSL_CMP_CTX_set1_caCert(cmp_ctx, ca_cert); +\& +\& initialClCert = OSSL_CMP_exec_IR_ses(cmp_ctx); +.Ve +.PP +Here externalCert is an X509 certificate granted to the \s-1EE\s0 by another \s-1CA\s0 +which is trusted by the current \s-1CA\s0 the code will connect to. +.PP +The following code does a Key Update Request: +.PP +.Vb 6 +\& cmp_ctx = OSSL_CMP_CTX_new(); +\& OSSL_CMP_CTX_set1_serverName(cmp_ctx, sname); +\& OSSL_CMP_CTX_set1_pkey(cmp_ctx, pkey); +\& OSSL_CMP_CTX_set0_newPkey(cmp_ctx, new_pkey, 1); +\& OSSL_CMP_CTX_set1_clCert(cmp_ctx, cl_cert); +\& OSSL_CMP_CTX_set1_caCert(cmp_ctx, ca_cert); +\& +\& updatedClCert = OSSL_CMP_exec_KUR_ses(cmp_ctx); +.Ve +.PP +The following code (which omits error handling) sends a General Message +including, as an example, the id-it-signKeyPairTypes \s-1OID\s0 and prints info on +the General Response contents. +.PP +.Vb 4 +\& cmp_ctx = OSSL_CMP_CTX_new(); +\& OSSL_CMP_CTX_set1_serverName(cmp_ctx, sname); +\& OSSL_CMP_CTX_set1_referenceValue(cmp_ctx, ref, ref_len); +\& OSSL_CMP_CTX_set1_secretValue(cmp_ctx, sec, sec_len); +\& +\& ASN1_OBJECT *type = OBJ_txt2obj("1.3.6.1.5.5.7.4.2", 1); +\& OSSL_CMP_ITAV *itav = OSSL_CMP_ITAV_new(type, NULL); +\& OSSL_CMP_CTX_push0_genm_ITAV(cmp_ctx, itav); +\& +\& STACK_OF(OSSL_CMP_ITAV) *itavs; +\& itavs = OSSL_CMP_exec_GENM_ses(cmp_ctx); +\& print_itavs(itavs); +\& sk_OSSL_CMP_ITAV_pop_free(itavs, OSSL_CMP_ITAV_free); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIOSSL_CMP_exec_IR_ses\fR\|(3), \fIOSSL_CMP_exec_KUR_ses\fR\|(3), +\&\fIOSSL_CMP_exec_GENM_ses\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The OpenSSL \s-1CMP\s0 support was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2007\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/OSSL_CMP_CTX_snprint_PKIStatus.3 b/linux_amd64/share/man/man3/OSSL_CMP_CTX_snprint_PKIStatus.3 new file mode 100755 index 0000000..feedb46 --- /dev/null +++ b/linux_amd64/share/man/man3/OSSL_CMP_CTX_snprint_PKIStatus.3 @@ -0,0 +1,168 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_CMP_CTX_SNPRINT_PKISTATUS 3" +.TH OSSL_CMP_CTX_SNPRINT_PKISTATUS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_CMP_CTX_snprint_PKIStatus +\&\- function(s) for managing the CMP PKIStatus +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& char *OSSL_CMP_CTX_snprint_PKIStatus(OSSL_CMP_CTX *ctx, char *buf, int bufsize); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This is the PKIStatus \s-1API\s0 for using \s-1CMP\s0 (Certificate Management Protocol) with +OpenSSL. +.PP +\&\fIOSSL_CMP_CTX_snprint_PKIStatus()\fR takes the PKIStatusInfo components contained +in the given \s-1CMP\s0 context and places a human-readable string created from them +in the given buffer, with the given maximal length. +On success it returns a copy of the buffer pointer containing the string. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1CMP\s0 is defined in \s-1RFC\s0 4210 (and \s-1CRMF\s0 in \s-1RFC\s0 4211). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOSSL_CMP_CTX_snprint_PKIStatus()\fR +returns the intended pointer value as described above or \s-1NULL\s0 on error. +.SH "HISTORY" +.IX Header "HISTORY" +The OpenSSL \s-1CMP\s0 support was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2007\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/OSSL_CMP_HDR_get0_transactionID.3 b/linux_amd64/share/man/man3/OSSL_CMP_HDR_get0_transactionID.3 new file mode 100755 index 0000000..ebe66d3 --- /dev/null +++ b/linux_amd64/share/man/man3/OSSL_CMP_HDR_get0_transactionID.3 @@ -0,0 +1,169 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_CMP_HDR_GET0_TRANSACTIONID 3" +.TH OSSL_CMP_HDR_GET0_TRANSACTIONID 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_CMP_HDR_get0_transactionID, +OSSL_CMP_HDR_get0_recipNonce +\&\- functions manipulating CMP message headers +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_transactionID(const +\& OSSL_CMP_PKIHEADER *hdr); +\& ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_recipNonce(const +\& OSSL_CMP_PKIHEADER *hdr); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +OSSL_CMP_HDR_get0_transactionID returns the transaction \s-1ID\s0 of the given +PKIHeader. +.PP +OSSL_CMP_HDR_get0_recipNonce returns the recipient nonce of the given PKIHeader. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1CMP\s0 is defined in \s-1RFC\s0 4210. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The functions return the intended pointer value as described above +or \s-1NULL\s0 if the respective entry does not exist and on error. +.SH "HISTORY" +.IX Header "HISTORY" +The OpenSSL \s-1CMP\s0 support was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2007\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/OSSL_CMP_ITAV_set0.3 b/linux_amd64/share/man/man3/OSSL_CMP_ITAV_set0.3 new file mode 100755 index 0000000..7f1f7e9 --- /dev/null +++ b/linux_amd64/share/man/man3/OSSL_CMP_ITAV_set0.3 @@ -0,0 +1,233 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_CMP_ITAV_SET0 3" +.TH OSSL_CMP_ITAV_SET0 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_CMP_ITAV_create, +OSSL_CMP_ITAV_set0, +OSSL_CMP_ITAV_get0_type, +OSSL_CMP_ITAV_get0_value, +OSSL_CMP_ITAV_push0_stack_item +\&\- OSSL_CMP_ITAV utility functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 6 +\& #include +\& OSSL_CMP_ITAV *OSSL_CMP_ITAV_create(ASN1_OBJECT *type, ASN1_TYPE *value); +\& void OSSL_CMP_ITAV_set0(OSSL_CMP_ITAV *itav, ASN1_OBJECT *type, +\& ASN1_TYPE *value); +\& ASN1_OBJECT *OSSL_CMP_ITAV_get0_type(const OSSL_CMP_ITAV *itav); +\& ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav); +\& +\& int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p, +\& OSSL_CMP_ITAV *itav); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Certificate Management Protocol (\s-1CMP\s0, \s-1RFC\s0 4210) extension to OpenSSL +.PP +\&\s-1ITAV\s0 is short for InfoTypeAndValue. This type is defined in \s-1RFC\s0 4210 +section 5.3.19 and Appendix F. It is used at various places in \s-1CMP\s0 messages, +e.g., in the generalInfo PKIHeader field, to hold a key-value pair. +.PP +\&\fIOSSL_CMP_ITAV_create()\fR creates a new \s-1OSSL_CMP_ITAV\s0 structure and fills it in. +It combines \fB\f(BIOSSL_CMP_ITAV_new()\fB\fR and \fBOSSL_CMP_ITAV_set0\fR. +.PP +\&\fIOSSL_CMP_ITAV_set0()\fR sets the \fBitav\fR with an infoType of \fBtype\fR and an +infoValue of \fBvalue\fR. This function uses the pointers \fBtype\fR and \fBvalue\fR +internally, so they must \fBnot\fR be freed up after the call. +.PP +\&\fIOSSL_CMP_ITAV_get0_type()\fR returns a direct pointer to the infoType in the +\&\fBitav\fR. +.PP +\&\fIOSSL_CMP_ITAV_get0_value()\fR returns a direct pointer to the infoValue in +the \fBitav\fR as generic ASN1_TYPE*. +.PP +\&\fIOSSL_CMP_ITAV_push0_stack_item()\fR pushes \fBitav\fR to the stack pointed to +by \fB*itav_sk_p\fR. It creates a new stack if \fB*itav_sk_p\fR points to \s-1NULL\s0. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1CMP\s0 is defined in \s-1RFC\s0 4210 (and \s-1CRMF\s0 in \s-1RFC\s0 4211). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOSSL_CMP_ITAV_create()\fR returns a pointer to the \s-1ITAV\s0 structure on success, +or \s-1NULL\s0 on error. +.PP +\&\fIOSSL_CMP_ITAV_set0()\fR does not return a value. +.PP +\&\fIOSSL_CMP_ITAV_get0_type()\fR and \fIOSSL_CMP_ITAV_get0_value()\fR +return the respective pointer or \s-1NULL\s0 if their input is \s-1NULL\s0. +.PP +\&\fIOSSL_CMP_ITAV_push0_stack_item()\fR returns 1 on success, 0 on error. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The following code creates and sets a structure representing a generic +InfoTypeAndValue sequence, using an \s-1OID\s0 created from text as type, and an +integer as value. Afterwards, it is pushed to the \s-1OSSL_CMP_CTX\s0 to be later +included in the requests' PKIHeader's genInfo field. +.PP +.Vb 2 +\& ASN1_OBJECT *type = OBJ_txt2obj("1.2.3.4.5", 1); +\& if (type == NULL) ... +\& +\& ASN1_INTEGER *asn1int = ASN1_INTEGER_new(); +\& if (asn1int == NULL || !ASN1_INTEGER_set(asn1int, 12345)) ... +\& +\& ASN1_TYPE *val = ASN1_TYPE_new(); +\& if (val == NULL) ... +\& ASN1_TYPE_set(val, V_ASN1_INTEGER, asn1int); +\& +\& OSSL_CMP_ITAV *itav = OSSL_CMP_ITAV_create(type, val); +\& if (itav == NULL) ... +\& +\& OSSL_CMP_CTX *ctx = OSSL_CMP_CTX_new(); +\& if (ctx == NULL || !OSSL_CMP_CTX_geninfo_push0_ITAV(ctx, itav)) { +\& OSSL_CMP_ITAV_free(itav); /* also frees type and val */ +\& goto err; +\& } +\& +\& ... +\& +\& OSSL_CMP_CTX_free(ctx); /* also frees itav */ +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIOSSL_CMP_CTX_new\fR\|(3), \fIOSSL_CMP_CTX_free\fR\|(3), \fIASN1_TYPE_set\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The OpenSSL \s-1CMP\s0 support was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2007\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/OSSL_CMP_MSG_get0_header.3 b/linux_amd64/share/man/man3/OSSL_CMP_MSG_get0_header.3 new file mode 100755 index 0000000..3bc08a0 --- /dev/null +++ b/linux_amd64/share/man/man3/OSSL_CMP_MSG_get0_header.3 @@ -0,0 +1,162 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_CMP_MSG_GET0_HEADER 3" +.TH OSSL_CMP_MSG_GET0_HEADER 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_CMP_MSG_get0_header +\&\- function(s) manipulating CMP messages +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +OSSL_CMP_MSG_get0_header returns the header of the given \s-1CMP\s0 message. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1CMP\s0 is defined in \s-1RFC\s0 4210. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fICMP_MSG_get0_header()\fR returns the intended pointer value as described above +or \s-1NULL\s0 if the respective entry does not exist and on error. +.SH "HISTORY" +.IX Header "HISTORY" +The OpenSSL \s-1CMP\s0 support was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2007\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/OSSL_CMP_log_open.3 b/linux_amd64/share/man/man3/OSSL_CMP_log_open.3 new file mode 100755 index 0000000..0387d25 --- /dev/null +++ b/linux_amd64/share/man/man3/OSSL_CMP_log_open.3 @@ -0,0 +1,245 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_CMP_LOG_OPEN 3" +.TH OSSL_CMP_LOG_OPEN 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_CMP_log_open, +OSSL_CMP_log_close, +OSSL_CMP_severity, +OSSL_CMP_LOG_EMERG, +OSSL_CMP_LOG_ALERT, +OSSL_CMP_LOG_CRIT, +OSSL_CMP_LOG_ERR, +OSSL_CMP_LOG_WARNING, +OSSL_CMP_LOG_NOTICE, +OSSL_CMP_LOG_INFO, +OSSL_CMP_LOG_DEBUG, +OSSL_cmp_log_cb_t, +OSSL_CMP_print_to_bio, +OSSL_CMP_print_errors_cb +\&\- functions for logging and error reporting +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int OSSL_CMP_log_open(void); +\& void OSSL_CMP_log_close(void); +\& +\& /* severity level declarations resemble those from syslog.h */ +\& typedef int OSSL_CMP_severity; +\& #define OSSL_CMP_LOG_EMERG 0 +\& #define OSSL_CMP_LOG_ALERT 1 +\& #define OSSL_CMP_LOG_CRIT 2 +\& #define OSSL_CMP_LOG_ERR 3 +\& #define OSSL_CMP_LOG_WARNING 4 +\& #define OSSL_CMP_LOG_NOTICE 5 +\& #define OSSL_CMP_LOG_INFO 6 +\& #define OSSL_CMP_LOG_DEBUG 7 +\& +\& typedef int (*OSSL_cmp_log_cb_t)(const char *component, +\& const char *file, int line, +\& OSSL_CMP_severity level, const char *msg); +\& int OSSL_CMP_print_to_bio(BIO *bio, const char *component, const char *file, +\& int line, OSSL_CMP_severity level, const char *msg); +\& void OSSL_CMP_print_errors_cb(OSSL_cmp_log_cb_t log_fn); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The logging and error reporting facility described here contains +convenience functions for CMP-specific logging, +including a string prefix mirroring the severity levels of syslog.h, +and enhancements of the error queue mechanism needed for large diagnostic +messages produced by the \s-1CMP\s0 library in case of certificate validation failures. +.PP +When an interesting activity is performed or an error occurs, some detail +should be provided for user information, debugging, and auditing purposes. +A \s-1CMP\s0 application can obtain this information by providing a callback function +with the following type: +.PP +.Vb 3 +\& typedef int (*OSSL_cmp_log_cb_t)(const char *component, +\& const char *file, int line, +\& OSSL_CMP_severity level, const char *msg); +.Ve +.PP +The parameters may provide +some component info (which may be a module name and/or function name) or \s-1NULL\s0, +a file pathname or \s-1NULL\s0, +a line number or 0 indicating the source code location, +a severity level, and +a message string describing the nature of the event, terminated by '\en'. +.PP +Even when an activity is successful some warnings may be useful and some degree +of auditing may be required. Therefore the logging facility supports a severity +level and the callback function has a \fBlevel\fR parameter indicating such a +level, such that error, warning, info, debug, etc. can be treated differently. +The callback is activated only when the severity level is sufficient according +to the current level of verbosity, which by default is \s-1OSSL_CMP_LOG_INFO\s0. +.PP +The callback function may itself do non-trivial tasks like writing to +a log file or remote stream, which in turn may fail. +Therefore the function should return 1 on success and 0 on failure. +.PP +\&\fIOSSL_CMP_log_open()\fR initializes the CMP-specific logging facility to output +everything to \s-1STDOUT\s0. It fails if the integrated tracing is disabled or \s-1STDIO\s0 +is not available. It may be called during application startup. +Alternatively, \fIOSSL_CMP_CTX_set_log_cb\fR\|(3) can be used for more flexibility. +As long as neither if the two is used any logging output is ignored. +.PP +\&\fIOSSL_CMP_log_close()\fR may be called when all activities are finished to flush +any pending CMP-specific log output and deallocate related resources. +It may be called multiple times. It does get called at OpenSSL stutdown. +.PP +\&\fIOSSL_CMP_print_to_bio()\fR prints the given component info, filename, line number, +severity level, and log message or error queue message to the given \fBbio\fR. +\&\fBcomponent\fR usually is a function or module name. +If it is \s-1NULL\s0, empty, or \*(L"(unknown function)\*(R" then \*(L"\s-1CMP\s0\*(R" is used as fallback. +.PP +\&\fIOSSL_CMP_print_errors_cb()\fR outputs any entries in the OpenSSL error queue. +It is similar to \fB\f(BIERR_print_errors_cb()\fB\fR but uses the \s-1CMP\s0 log callback function +\&\f(CW\*(C`log_fn\*(C'\fR for uniformity with \s-1CMP\s0 logging if not \fB\s-1NULL\s0\fR. Otherwise it prints to +\&\s-1STDERR\s0 using \fB\f(BIOSSL_CMP_print_to_bio\fB\|(3)\fR (unless \s-1OPENSSL_NO_STDIO\s0 is defined). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOSSL_CMP_log_close()\fR and \fIOSSL_CMP_print_errors_cb()\fR do not return anything. +.PP +All other functions return 1 on success, 0 on error. +.SH "HISTORY" +.IX Header "HISTORY" +The OpenSSL \s-1CMP\s0 support was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2007\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/OSSL_CMP_validate_msg.3 b/linux_amd64/share/man/man3/OSSL_CMP_validate_msg.3 new file mode 100755 index 0000000..ec527a4 --- /dev/null +++ b/linux_amd64/share/man/man3/OSSL_CMP_validate_msg.3 @@ -0,0 +1,207 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_CMP_VALIDATE_MSG 3" +.TH OSSL_CMP_VALIDATE_MSG 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_CMP_validate_msg, +OSSL_CMP_validate_cert_path +\&\- functions for verifying CMP message protection +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 4 +\& #include +\& int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg); +\& int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX *ctx, +\& X509_STORE *trusted_store, X509 *cert); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This is the \s-1API\s0 for validating the protection of \s-1CMP\s0 messages, +which includes validating \s-1CMP\s0 message sender certificates and their paths +while optionally checking the revocation status of the certificates(s). +.PP +\&\fIOSSL_CMP_validate_msg()\fR validates the protection of the given \f(CW\*(C`msg\*(C'\fR +using either password-based mac (\s-1PBM\s0) or a signature algorithm. +.PP +In case of signature algorithm, the certificate to use for the signature check +is preferably the one provided by a call to \fIOSSL_CMP_CTX_set1_srvCert\fR\|(3). +If no such sender cert has been pinned then candidate sender certificates are +taken from the list of certificates received in the \f(CW\*(C`msg\*(C'\fR extraCerts, then any +certificates provided before via \fIOSSL_CMP_CTX_set1_untrusted_certs\fR\|(3), and +then all trusted certificates provided via \fIOSSL_CMP_CTX_set0_trustedStore\fR\|(3), +where a candidate is acceptable only if has not expired, its subject \s-1DN\s0 matches +the \f(CW\*(C`msg\*(C'\fR sender \s-1DN\s0 (as far as present), and its subject key identifier +is present and matches the senderKID (as far as the latter present). +Each acceptable cert is tried in the given order to see if the message +signature check succeeds and the cert and its path can be verified +using any trust store set via \fIOSSL_CMP_CTX_set0_trustedStore\fR\|(3). +.PP +If the option \s-1OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR\s0 was set by calling +\&\fIOSSL_CMP_CTX_set_option\fR\|(3), for an Initialization Response (\s-1IP\s0) message +any self-issued certificate from the \f(CW\*(C`msg\*(C'\fR extraCerts field may also be used +as trust anchor for the path verification of an acceptable cert if it can be +used also to validate the issued certificate returned in the \s-1IP\s0 message. This is +according to \s-1TS\s0 33.310 [Network Domain Security (\s-1NDS\s0); Authentication Framework +(\s-1AF\s0)] document specified by the The 3rd Generation Partnership Project (3GPP). +.PP +Any cert that has been found as described above is cached and tried first when +validating the signatures of subsequent messages in the same transaction. +.PP +After successful validation of PBM-based protection of a certificate response +the certificates in the caPubs field (if any) are added to the trusted +certificates provided via \fIOSSL_CMP_CTX_set0_trustedStore\fR\|(3), such that +they are available for validating subsequent messages in the same context. +Those could apply to any Polling Response (pollRep), error, or \s-1PKI\s0 Confirmation +(PKIConf) messages following in the same or future transactions. +.PP +\&\fIOSSL_CMP_validate_cert_path()\fR attempts to validate the given certificate and its +path using the given store of trusted certs (possibly including CRLs and a cert +verification callback) and non-trusted intermediate certs from the \fBctx\fR. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1CMP\s0 is defined in \s-1RFC\s0 4210 (and \s-1CRMF\s0 in \s-1RFC\s0 4211). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOSSL_CMP_validate_msg()\fR and \fIOSSL_CMP_validate_cert_path()\fR +return 1 on success, 0 on error or validation failed. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIOSSL_CMP_CTX_new\fR\|(3), \fIOSSL_CMP_exec_IR_ses\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The OpenSSL \s-1CMP\s0 support was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2007\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 b/linux_amd64/share/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 new file mode 100755 index 0000000..03fc014 --- /dev/null +++ b/linux_amd64/share/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 @@ -0,0 +1,201 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_CRMF_MSG_GET0_TMPL 3" +.TH OSSL_CRMF_MSG_GET0_TMPL 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_CRMF_MSG_get0_tmpl, +OSSL_CRMF_CERTTEMPLATE_get0_serialNumber, +OSSL_CRMF_CERTTEMPLATE_get0_issuer, +OSSL_CRMF_CERTID_get0_serialNumber, +OSSL_CRMF_CERTID_get0_issuer, +OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert, +OSSL_CRMF_MSG_get_certReqId +\&\- functions reading from CRMF CertReqMsg structures +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm); +\& ASN1_INTEGER +\& *OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(OSSL_CRMF_CERTTEMPLATE *tmpl); +\& X509_NAME *OSSL_CRMF_CERTTEMPLATE_get0_issuer(OSSL_CRMF_CERTTEMPLATE *tmpl); +\& +\& ASN1_INTEGER *OSSL_CRMF_CERTID_get0_serialNumber(const OSSL_CRMF_CERTID *cid); +\& X509_NAME *OSSL_CRMF_CERTID_get0_issuer(const OSSL_CRMF_CERTID *cid); +\& +\& X509 *OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert(OSSL_CRMF_ENCRYPTEDVALUE *ecert, +\& EVP_PKEY *pkey); +\& +\& int OSSL_CRMF_MSG_get_certReqId(OSSL_CRMF_MSG *crm); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIOSSL_CRMF_MSG_get0_tmpl()\fR retrieves the certificate template of \fBcrm\fR. +.PP +\&\fIOSSL_CRMF_CERTTEMPLATE_get0_serialNumber()\fR retrieves the serialNumber of the +given certificate template \fBtmpl\fR. +.PP +\&\fIOSSL_CRMF_CERTTEMPLATE_get0_issuer()\fR retrieves the issuer name of the +given certificate template \fBtmpl\fR. +.PP +OSSL_CRMF_CERTID_get0_serialNumber retrieves the serialNumber +of the given CertId \fBcid\fR. +.PP +OSSL_CRMF_CERTID_get0_issuer retrieves the issuer name +of the given CertId \fBcid\fR, which must be of \s-1ASN\s0.1 type \s-1GEN_DIRNAME\s0. +.PP +\&\fIOSSL_CRMF_ENCRYPTEDVALUE_get1_encCert()\fR decrypts the certificate in the given +encryptedValue \fBecert\fR, using the private key \fBpkey\fR. +This is needed for the indirect PoP method as in \s-1RFC\s0 4210 section 5.2.8.2. +The function returns the decrypted certificate as a copy, leaving its ownership +with the caller, who is responsible for freeing it. +.PP +\&\fIOSSL_CRMF_MSG_get_certReqId()\fR retrieves the certReqId of \fBcrm\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOSSL_CRMF_MSG_get_certReqId()\fR returns the certificate request \s-1ID\s0 as a +non-negative integer or \-1 on error. +.PP +All other functions return a pointer with the intended result or \s-1NULL\s0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fB\s-1RFC\s0 4211\fR +.SH "HISTORY" +.IX Header "HISTORY" +The OpenSSL \s-1CRMF\s0 support was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2007\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 b/linux_amd64/share/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 new file mode 100755 index 0000000..a208f20 --- /dev/null +++ b/linux_amd64/share/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 @@ -0,0 +1,231 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_CRMF_MSG_SET1_REGCTRL_REGTOKEN 3" +.TH OSSL_CRMF_MSG_SET1_REGCTRL_REGTOKEN 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_CRMF_MSG_set1_regCtrl_regToken, +OSSL_CRMF_MSG_set1_regCtrl_authenticator, +OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo, +OSSL_CRMF_MSG_set0_SinglePubInfo, +OSSL_CRMF_MSG_set_PKIPublicationInfo_action, +OSSL_CRMF_MSG_set1_regCtrl_pkiPublicationInfo, +OSSL_CRMF_MSG_set1_regCtrl_protocolEncrKey, +OSSL_CRMF_MSG_set1_regCtrl_oldCertID, +OSSL_CRMF_CERTID_gen +\&\- functions setting CRMF Registration Controls +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int OSSL_CRMF_MSG_set1_regCtrl_regToken(OSSL_CRMF_MSG *msg, +\& const ASN1_UTF8STRING *tok); +\& int OSSL_CRMF_MSG_set1_regCtrl_authenticator(OSSL_CRMF_MSG *msg, +\& const ASN1_UTF8STRING *auth); +\& int OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo( +\& OSSL_CRMF_PKIPUBLICATIONINFO *pi, +\& OSSL_CRMF_SINGLEPUBINFO *spi); +\& int OSSL_CRMF_MSG_set0_SinglePubInfo(OSSL_CRMF_SINGLEPUBINFO *spi, +\& int method, GENERAL_NAME *nm); +\& int OSSL_CRMF_MSG_set_PKIPublicationInfo_action( +\& OSSL_CRMF_PKIPUBLICATIONINFO *pi, int action); +\& int OSSL_CRMF_MSG_set1_regCtrl_pkiPublicationInfo(OSSL_CRMF_MSG *msg, +\& const OSSL_CRMF_PKIPUBLICATIONINFO *pi); +\& int OSSL_CRMF_MSG_set1_regCtrl_protocolEncrKey(OSSL_CRMF_MSG *msg, +\& const X509_PUBKEY *pubkey); +\& int OSSL_CRMF_MSG_set1_regCtrl_oldCertID(OSSL_CRMF_MSG *msg, +\& const OSSL_CRMF_CERTID *cid); +\& OSSL_CRMF_CERTID *OSSL_CRMF_CERTID_gen(const X509_NAME *issuer, +\& const ASN1_INTEGER *serial); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIOSSL_CRMF_MSG_set1_regCtrl_regToken()\fR sets the regToken control in the given +\&\fBmsg\fR copying the given \fBtok\fR as value. See \s-1RFC\s0 4211, section 6.1. +.PP +\&\fIOSSL_CRMF_MSG_set1_regCtrl_authenticator()\fR sets the authenticator control in +the given \fBmsg\fR copying the given \fBauth\fR as value. See \s-1RFC\s0 4211, section 6.2. +.PP +\&\fIOSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo()\fR pushes the given \fBspi\fR +to \fBsi\fR. Consumes the \fBspi\fR pointer. +.PP +\&\fIOSSL_CRMF_MSG_set0_SinglePubInfo()\fR sets in the given SinglePubInfo \fBspi\fR +the \fBmethod\fR and publication location, in the form of a GeneralName, \fBnm\fR. +The publication location is optional, and therefore \fBnm\fR may be \s-1NULL\s0. +The function consumes the \fBnm\fR pointer if present. +Available methods are: + # define \s-1OSSL_CRMF_PUB_METHOD_DONTCARE\s0 0 + # define \s-1OSSL_CRMF_PUB_METHOD_X500\s0 1 + # define \s-1OSSL_CRMF_PUB_METHOD_WEB\s0 2 + # define \s-1OSSL_CRMF_PUB_METHOD_LDAP\s0 3 +.PP +\&\fIOSSL_CRMF_MSG_set_PKIPublicationInfo_action()\fR sets the action in the given \fBpi\fR +using the given \fBaction\fR as value. See \s-1RFC\s0 4211, section 6.3. +Available actions are: + # define \s-1OSSL_CRMF_PUB_ACTION_DONTPUBLISH\s0 0 + # define \s-1OSSL_CRMF_PUB_ACTION_PLEASEPUBLISH\s0 1 +.PP +\&\fIOSSL_CRMF_MSG_set1_regCtrl_pkiPublicationInfo()\fR sets the pkiPublicationInfo +control in the given \fBmsg\fR copying the given \fBtok\fR as value. See \s-1RFC\s0 4211, +section 6.3. +.PP +\&\fIOSSL_CRMF_MSG_set1_regCtrl_protocolEncrKey()\fR sets the protocolEncrKey control in +the given \fBmsg\fR copying the given \fBpubkey\fR as value. See \s-1RFC\s0 4211 section 6.6. +.PP +\&\fIOSSL_CRMF_MSG_set1_regCtrl_oldCertID()\fR sets the oldCertID control in the given +\&\fBmsg\fR copying the given \fBcid\fR as value. See \s-1RFC\s0 4211, section 6.5. +.PP +OSSL_CRMF_CERTID_gen produces an OSSL_CRMF_CERTID_gen structure copying the +given \fBissuer\fR name and \fBserial\fR number. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +OSSL_CRMF_CERTID_gen returns a pointer to the resulting structure +or \s-1NULL\s0 on error. +.PP +All other functions return 1 on success, 0 on error. +.SH "NOTES" +.IX Header "NOTES" +A function \fIOSSL_CRMF_MSG_set1_regCtrl_pkiArchiveOptions()\fR for setting an +Archive Options Control is not yet implemented due to missing features to +create the needed \s-1OSSL_CRMF_PKIARCHIVEOPTINS\s0 content. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1RFC\s0 4211 +.SH "HISTORY" +.IX Header "HISTORY" +The OpenSSL \s-1CRMF\s0 support was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2007\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 b/linux_amd64/share/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 new file mode 100755 index 0000000..d10d895 --- /dev/null +++ b/linux_amd64/share/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 @@ -0,0 +1,174 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_CRMF_MSG_SET1_REGINFO_CERTREQ 3" +.TH OSSL_CRMF_MSG_SET1_REGINFO_CERTREQ 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_CRMF_MSG_set1_regInfo_utf8Pairs, +OSSL_CRMF_MSG_set1_regInfo_certReq +\&\- functions setting CRMF Registration Info +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int OSSL_CRMF_MSG_set1_regInfo_utf8Pairs(OSSL_CRMF_MSG *msg, +\& const ASN1_UTF8STRING *utf8pairs); +\& int OSSL_CRMF_MSG_set1_regInfo_certReq(OSSL_CRMF_MSG *msg, +\& const OSSL_CRMF_CERTREQUEST *cr); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIOSSL_CRMF_MSG_set1_regInfo_utf8Pairs()\fR adds a copy of the given \fButf8pairs\fR +value as utf8Pairs regInfo to the given \fBmsg\fR. See \s-1RFC\s0 4211 section 7.1. +.PP +\&\fIOSSL_CRMF_MSG_set1_regInfo_certReq()\fR adds a copy of the given \fBcr\fR value +as certReq regInfo to the given \fBmsg\fR. See \s-1RFC\s0 4211 section 7.2. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All functions return 1 on success, 0 on error. +.SH "NOTES" +.IX Header "NOTES" +Calling these functions multiple times adds multiple instances of the respective +control to the regInfo structure of the given \fBmsg\fR. While \s-1RFC\s0 4211 expects +multiple utf8Pairs in one regInfo structure, it does not allow multiple certReq. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1RFC\s0 4211 +.SH "HISTORY" +.IX Header "HISTORY" +The OpenSSL \s-1CRMF\s0 support was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2007\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/OSSL_CRMF_MSG_set_validity.3 b/linux_amd64/share/man/man3/OSSL_CRMF_MSG_set_validity.3 new file mode 100755 index 0000000..a560746 --- /dev/null +++ b/linux_amd64/share/man/man3/OSSL_CRMF_MSG_set_validity.3 @@ -0,0 +1,226 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_CRMF_MSG_SET_VALIDITY 3" +.TH OSSL_CRMF_MSG_SET_VALIDITY 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_CRMF_MSG_set_validity, +OSSL_CRMF_MSG_set_certReqId, +OSSL_CRMF_CERTTEMPLATE_fill, +OSSL_CRMF_MSG_set0_extensions, +OSSL_CRMF_MSG_push0_extension, +OSSL_CRMF_MSG_create_popo, +OSSL_CRMF_MSGS_verify_popo +\&\- functions populating and verifying CRMF CertReqMsg structures +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int OSSL_CRMF_MSG_set_validity(OSSL_CRMF_MSG *crm, time_t from, time_t to); +\& +\& int OSSL_CRMF_MSG_set_certReqId(OSSL_CRMF_MSG *crm, int rid); +\& +\& int OSSL_CRMF_CERTTEMPLATE_fill(OSSL_CRMF_CERTTEMPLATE *tmpl, +\& EVP_PKEY *pubkey, +\& const X509_NAME *subject, +\& const X509_NAME *issuer, +\& const ASN1_INTEGER *serial); +\& +\& int OSSL_CRMF_MSG_set0_extensions(OSSL_CRMF_MSG *crm, X509_EXTENSIONS *exts); +\& +\& int OSSL_CRMF_MSG_push0_extension(OSSL_CRMF_MSG *crm, X509_EXTENSION *ext); +\& +\& int OSSL_CRMF_MSG_create_popo(OSSL_CRMF_MSG *crm, EVP_PKEY *pkey, +\& int dgst, int ppmtd); +\& +\& int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs, +\& int rid, int acceptRAVerified); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIOSSL_CRMF_MSG_set_validity()\fR sets \fBfrom\fR as notBefore and \fBto\fR as notAfter +as the validity in the certTemplate of \fBcrm\fR. +.PP +\&\fIOSSL_CRMF_MSG_set_certReqId()\fR sets \fBrid\fR as the certReqId of \fBcrm\fR. +.PP +\&\fIOSSL_CRMF_CERTTEMPLATE_fill()\fR sets those fields of the certTemplate \fBtmpl\fR +for which non-NULL values are provided: \fBpubkey\fR, \fBsubject\fR, \fBissuer\fR, +and/or \fBserial\fR. +On success the reference counter of the \fBpubkey\fR (if given) is incremented, +while the \fBsubject\fR, \fBissuer\fR, and \fBserial\fR structures (if given) are copied. +.PP +\&\fIOSSL_CRMF_MSG_set0_extensions()\fR sets \fBexts\fR as the extensions in the +certTemplate of \fBcrm\fR. Frees any pre-existing ones and consumes \fBexts\fR. +.PP +\&\fIOSSL_CRMF_MSG_push0_extension()\fR pushes the X509 extension \fBext\fR to the +extensions in the certTemplate of \fBcrm\fR. Consumes \fBext\fR. +.PP +\&\fIOSSL_CRMF_MSG_create_popo()\fR creates and sets the Proof-of-Possession (\s-1POPO\s0) +according to the method \fBppmtd\fR in \fBcrm\fR. +In case the method is \s-1OSSL_CRMF_POPO_SIGNATURE\s0 the \s-1POPO\s0 is calculated +using the private \fBpkey\fR and the digest algorithm \s-1NID\s0 \fBdgst\fR. +.PP +\&\fBppmtd\fR can be one of the following: +.IP "\(bu" 8 +\&\s-1OSSL_CRMF_POPO_NONE\s0 \- \s-1RFC\s0 4211, section 4, \s-1POP\s0 field omitted. +\&\s-1CA/RA\s0 uses out-of-band method to verify \s-1POP\s0. Note that servers may fail in this +case, resulting for instance in \s-1HTTP\s0 error code 500 (Internal error). +.IP "\(bu" 8 +\&\s-1OSSL_CRMF_POPO_RAVERIFIED\s0 \- \s-1RFC\s0 4211, section 4, explicit indication +that the \s-1RA\s0 has already verified the \s-1POP\s0. +.IP "\(bu" 8 +\&\s-1OSSL_CRMF_POPO_SIGNATURE\s0 \- \s-1RFC\s0 4211, section 4.1, only case 3 supported +so far. +.IP "\(bu" 8 +\&\s-1OSSL_CRMF_POPO_KEYENC\s0 \- \s-1RFC\s0 4211, section 4.2, only indirect method +(subsequentMessage/enccert) supported, +challenge-response exchange (challengeResp) not yet supported. +.IP "\(bu" 8 +\&\s-1OSSL_CRMF_POPO_KEYAGREE\s0 \- \s-1RFC\s0 4211, section 4.3, not yet supported. +.PP +OSSL_CRMF_MSGS_verify_popo verifies the Proof-of-Possession of the request with +the given \fBrid\fR in the list of \fBreqs\fR. Optionally accepts RAVerified. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All functions return 1 on success, 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1RFC\s0 4211 +.SH "HISTORY" +.IX Header "HISTORY" +The OpenSSL \s-1CRMF\s0 support was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2007\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/OSSL_CRMF_pbmp_new.3 b/linux_amd64/share/man/man3/OSSL_CRMF_pbmp_new.3 new file mode 100755 index 0000000..9812ec6 --- /dev/null +++ b/linux_amd64/share/man/man3/OSSL_CRMF_pbmp_new.3 @@ -0,0 +1,204 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_CRMF_PBMP_NEW 3" +.TH OSSL_CRMF_PBMP_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_CRMF_pbm_new, +OSSL_CRMF_pbmp_new +\&\- functions for producing Password\-Based MAC (PBM) +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int OSSL_CRMF_pbm_new(const OSSL_CRMF_PBMPARAMETER *pbmp, +\& const unsigned char *msg, size_t msglen, +\& const unsigned char *sec, size_t seclen, +\& unsigned char **mac, size_t *maclen); +\& +\& OSSL_CRMF_PBMPARAMETER *OSSL_CRMF_pbmp_new(size_t saltlen, int owfnid, +\& int itercnt, int macnid); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIOSSL_CRMF_pbm_new()\fR generates a \s-1PBM\s0 (Password-Based \s-1MAC\s0) based on given \s-1PBM\s0 +parameters \fBpbmp\fR, message \fBmsg\fR, and secret \fBsec\fR, along with the respective +lengths \fBmsglen\fR and \fBseclen\fR. On success writes the address of the newly +allocated \s-1MAC\s0 via the \fBmac\fR reference parameter and writes the length via the +\&\fBmaclen\fR reference parameter unless it its \s-1NULL\s0. +.PP +The iteration count must be at least 100, as stipulated by \s-1RFC\s0 4211, and is +limited to at most 100000 to avoid DoS through manipulated or otherwise +malformed input. +.PP +\&\fIOSSL_CRMF_pbmp_new()\fR initializes and returns a new PBMParameter +structure with a new random salt of given length \fBsaltlen\fR, \s-1OWF\s0 (one-way +function) \s-1NID\s0 \fBowfnid\fR, iteration count \fBitercnt\fR, and \s-1MAC\s0 \s-1NID\s0 \fBmacnid\fR. +.SH "NOTES" +.IX Header "NOTES" +The algorithms for the \s-1OWF\s0 (one-way function) and for the \s-1MAC\s0 (message +authentication code) may be any with a \s-1NID\s0 defined in \fBopenssl/objects.h\fR. +As specified by \s-1RFC\s0 4210, these should include NID_hmac_sha1. +.PP +\&\s-1RFC\s0 4210 recommends that the salt \s-1SHOULD\s0 be at least 8 bytes (64 bits) long. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOSSL_CRMF_pbm_new()\fR returns 1 on success, 0 on error. +.PP +\&\fIOSSL_CRMF_pbmp_new()\fR returns a new and initialized \s-1OSSL_CRMF_PBMPARAMETER\s0 +structure, or \s-1NULL\s0 on error. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +.Vb 5 +\& OSSL_CRMF_PBMPARAMETER *pbm = NULL; +\& unsigned char *msg = "Hello"; +\& unsigned char *sec = "SeCrEt"; +\& unsigned char *mac = NULL; +\& size_t maclen; +\& +\& if ((pbm = OSSL_CRMF_pbmp_new(16, NID_sha256, 500, NID_hmac_sha1) == NULL)) +\& goto err; +\& if (!OSSL_CRMF_pbm_new(pbm, msg, 5, sec, 6, &mac, &maclen)) +\& goto err; +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1RFC\s0 4211 section 4.4 +.SH "HISTORY" +.IX Header "HISTORY" +The OpenSSL \s-1CRMF\s0 support was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2007\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/OSSL_HTTP_transfer.3 b/linux_amd64/share/man/man3/OSSL_HTTP_transfer.3 new file mode 100755 index 0000000..9e77f6a --- /dev/null +++ b/linux_amd64/share/man/man3/OSSL_HTTP_transfer.3 @@ -0,0 +1,337 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_HTTP_TRANSFER 3" +.TH OSSL_HTTP_TRANSFER 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_HTTP_get, +OSSL_HTTP_get_asn1, +OSSL_HTTP_post_asn1, +OSSL_HTTP_transfer, +OSSL_HTTP_bio_cb_t, +OSSL_HTTP_proxy_connect, +OSSL_HTTP_parse_url +\&\- http client functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef BIO *(*OSSL_HTTP_bio_cb_t)(BIO *bio, void *arg, +\& int connect, int detail); +\& BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *proxy_port, +\& BIO *bio, BIO *rbio, +\& OSSL_HTTP_bio_cb_t bio_update_fn, void *arg, +\& const STACK_OF(CONF_VALUE) *headers, +\& int maxline, unsigned long max_resp_len, int timeout, +\& const char *expected_content_type, int expect_asn1); +\& ASN1_VALUE *OSSL_HTTP_get_asn1(const char *url, +\& const char *proxy, const char *proxy_port, +\& BIO *bio, BIO *rbio, +\& OSSL_HTTP_bio_cb_t bio_update_fn, void *arg, +\& const STACK_OF(CONF_VALUE) *headers, +\& int maxline, unsigned long max_resp_len, +\& int timeout, const char *expected_content_type, +\& const ASN1_ITEM *it); +\& ASN1_VALUE *OSSL_HTTP_post_asn1(const char *server, const char *port, +\& const char *path, int use_ssl, +\& const char *proxy, const char *proxy_port, +\& BIO *bio, BIO *rbio, +\& OSSL_HTTP_bio_cb_t bio_update_fn, void *arg, +\& const STACK_OF(CONF_VALUE) *headers, +\& const char *content_type, +\& ASN1_VALUE *req, const ASN1_ITEM *req_it, +\& int maxline, unsigned long max_resp_len, +\& int timeout, const char *expected_ct, +\& const ASN1_ITEM *rsp_it); +\& BIO *OSSL_HTTP_transfer(const char *server, const char *port, const char *path, +\& int use_ssl, const char *proxy, const char *proxy_port, +\& BIO *bio, BIO *rbio, +\& OSSL_HTTP_bio_cb_t bio_update_fn, void *arg, +\& const STACK_OF(CONF_VALUE) *headers, +\& const char *content_type, BIO *req_mem, +\& int maxline, unsigned long max_resp_len, int timeout, +\& const char *expected_ct, int expect_asn1, +\& char **redirection_url); +\& int OSSL_HTTP_proxy_connect(BIO *bio, const char *server, const char *port, +\& const char *proxyuser, const char *proxypass, +\& int timeout, BIO *bio_err, const char *prog); +\& int OSSL_HTTP_parse_url(const char *url, char **phost, char **pport, +\& char **ppath, int *pssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIOSSL_HTTP_get()\fR uses \s-1HTTP\s0 \s-1GET\s0 to obtain data (of any type) from the given \fBurl\fR +and returns it as a memory \s-1BIO\s0. +.PP +\&\fIOSSL_HTTP_get_asn1()\fR uses \s-1HTTP\s0 \s-1GET\s0 to obtain an \s-1ASN\s0.1\-encoded value +(e.g., an X.509 certificate) with the expected structure specified by \fBit\fR +(e.g., \fIASN1_ITEM_rptr(X509)\fR) from the given \fBurl\fR +and returns it on success as a pointer to \fI\s-1ASN1_VALUE\s0\fR. +.PP +\&\fIOSSL_HTTP_post_asn1()\fR uses the \s-1HTTP\s0 \s-1POST\s0 method to send a request \fBreq\fR +with the \s-1ASN\s0.1 structure defined in \fBreq_it\fR and the given \fBcontent_type\fR to +the given \fBserver\fR and optional \fBport\fR and \fBpath\fR, which defaults to \*(L"/\*(R". +If \fBuse_ssl\fR is nonzero a \s-1TLS\s0 connection is requested and the \fBbio_update_fn\fR +parameter, described below, must be provided. +The optional list \fBheaders\fR may contain additional custom \s-1HTTP\s0 header lines. +The expected structure of the response is specified by \fBrsp_it\fR. +On success it returns the response as a pointer to \fB\s-1ASN1_VALUE\s0\fR. +.PP +\&\fIOSSL_HTTP_transfer()\fR exchanges an \s-1HTTP\s0 request and response with +the given \fBserver\fR and optional \fBport\fR and \fBpath\fR, which defaults to \*(L"/\*(R". +If \fBuse_ssl\fR is nonzero a \s-1TLS\s0 connection is requested and the \fBbio_update_fn\fR +parameter, described below, must be provided. +If \fBreq_mem\fR is \s-1NULL\s0 it uses the \s-1HTTP\s0 \s-1GET\s0 method, else it uses \s-1HTTP\s0 \s-1POST\s0 to +send a request with the contents of the memory \s-1BIO\s0 and optional \fBcontent_type\fR. +The optional list \fBheaders\fR may contain additional custom \s-1HTTP\s0 header lines. +If \fBreq_mem\fR is \s-1NULL\s0 (i.e., the \s-1HTTP\s0 method is \s-1GET\s0) and \fBredirection_url\fR +is not \s-1NULL\s0 the latter pointer is used to provide any new location that +the server may return with \s-1HTTP\s0 code 301 (\s-1MOVED_PERMANENTLY\s0) or 302 (\s-1FOUND\s0). +In this case the caller is responsible for deallocating this \s-1URL\s0 with +\&\fIOPENSSL_free\fR\|(3). +.PP +The above functions have the following parameters in common. +.PP +If the \fBproxy\fR parameter is not \s-1NULL\s0 the \s-1HTTP\s0 client functions connect +via the given proxy and the optionally given \fBproxy_port\fR. +Proxying plain \s-1HTTP\s0 is supported directly, +while using a proxy for \s-1HTTPS\s0 connections requires a suitable callback function +such as \fIOSSL_HTTP_proxy_connect()\fR, described below. +.PP +Typically the \fBbio\fR and \fBrbio\fR parameters are \s-1NULL\s0 and the client creates a +network \s-1BIO\s0 internally for connecting to the given server and port (optionally +via a proxy and its port), and uses it for exchanging the request and response. +If \fBbio\fR is given and \fBrbio\fR is \s-1NULL\s0 then the client uses this \s-1BIO\s0 instead. +If both \fBbio\fR and \fBrbio\fR are given (which may be memory BIOs for instance) +then no explicit connection is attempted, +\&\fBbio\fR is used for writing the request, and \fBrbio\fR for reading the response. +As soon as the client has flushed \fBbio\fR the server must be ready to provide +a response or indicate a waiting condition via \fBrbio\fR. +.PP +The \fBmaxline\fR parameter specifies the response header maximum line length, +where 0 indicates the default value, which currently is 4k. +The \fBmax_resp_len\fR parameter specifies the maximum response length, +where 0 indicates the default value, which currently is 100k. +.PP +An \s-1ASN\s0.1\-encoded response is expected by \fIOSSL_HTTP_get_asn1()\fR and +\&\fIOSSL_HTTP_post_asn1()\fR, while for \fIOSSL_HTTP_get()\fR or \fIOSSL_HTTP_transfer()\fR +this is only the case if the \fBexpect_asn1\fR parameter is nonzero. +If the response header contains one or more Content-Length header lines and/or +an \s-1ASN\s0.1\-encoded response is expected, which should include a total length, +the length indications received are checked for consistency +and for not exceeding the maximum response length. +.PP +If the parameter \fBexpected_content_type\fR (or \fBexpected_ct\fR, respectively) +is not \s-1NULL\s0 then the \s-1HTTP\s0 client checks that the given content type string +is included in the \s-1HTTP\s0 header of the response and returns an error if not. +.PP +If the \fBtimeout\fR parameter is > 0 this indicates the maximum number of seconds +to wait until the transfer is complete. +A value of 0 enables waiting indefinitely, +while a value < 0 immediately leads to a timeout condition. +.PP +The optional parameter \fBbio_update_fn\fR with its optional argument \fBarg\fR may +be used to modify the connection \s-1BIO\s0 used by the \s-1HTTP\s0 client (and cannot be +used when both \fBbio\fR and \fBrbio\fR are given). +\&\fBbio_update_fn\fR is a \s-1BIO\s0 connect/disconnect callback function with prototype +.PP +.Vb 1 +\& BIO *(*OSSL_HTTP_bio_cb_t)(BIO *bio, void *arg, int connect, int detail) +.Ve +.PP +The callback may modify the \s-1HTTP\s0 \s-1BIO\s0 provided in the \fBbio\fR argument, +whereby it may make use of a custom defined argument \fBarg\fR, +which may for instance refer to an \fI\s-1SSL_CTX\s0\fR structure. +During connection establishment, just after calling \fIBIO_connect_retry()\fR, +the function is invoked with the \fBconnect\fR argument being 1 and the \fBdetail\fR +argument being 1 if \s-1HTTPS\s0 is requested, i.e., \s-1SSL/TLS\s0 should be enabled. +On disconnect \fBconnect\fR is 0 and \fBdetail\fR is 1 if no error occurred, else 0. +For instance, on connect the function may prepend a \s-1TLS\s0 \s-1BIO\s0 to implement \s-1HTTPS\s0; +after disconnect it may do some diagnostic output and/or specific cleanup. +The function should return \s-1NULL\s0 to indicate failure. +Here is a simple example that supports \s-1TLS\s0 connections (but not via a proxy): +.PP +.Vb 3 +\& BIO *http_tls_cb(BIO *hbio, void *arg, int connect, int detail) +\& { +\& SSL_CTX *ctx = (SSL_CTX *)arg; +\& +\& if (connect && detail) { /* connecting with TLS */ +\& BIO *sbio = BIO_new_ssl(ctx, 1); +\& hbio = sbio != NULL ? BIO_push(sbio, hbio) : NULL; +\& } else if (!connect && !detail) { /* disconnecting after error */ +\& /* optionally add diagnostics here */ +\& } +\& return hbio; +\& } +.Ve +.PP +After disconnect the modified \s-1BIO\s0 will be deallocated using \fIBIO_free_all()\fR. +.PP +\&\fIOSSL_HTTP_proxy_connect()\fR may be used by an above \s-1BIO\s0 connect callback function +to set up an \s-1SSL/TLS\s0 connection via an \s-1HTTP\s0 proxy. +It promotes the given \s-1BIO\s0 \fBbio\fR representing a connection +pre-established with a \s-1TLS\s0 proxy using the \s-1HTTP\s0 \s-1CONNECT\s0 method, +optionally using proxy client credentials \fBproxyuser\fR and \fBproxypass\fR, +to connect with \s-1TLS\s0 protection ultimately to \fBserver\fR and \fBport\fR. +The \fBtimeout\fR parameter is used as described above. +Since this function is typically called by appplications such as +\&\fIopenssl\-s_client\fR\|(1) it uses the \fBbio_err\fR and \fBprog\fR parameters (unless +\&\s-1NULL\s0) to print additional diagnostic information in a user-oriented way. +.PP +\&\fIOSSL_HTTP_parse_url()\fR parses its input string \fBurl\fR as a \s-1URL\s0 and splits it up +into host, port and path components and a flag whether it begins with 'https'. +The host component may be a \s-1DNS\s0 name or an IPv4 or an IPv6 address. +The port component is optional and defaults to \*(L"443\*(R" for \s-1HTTPS\s0, else \*(L"80\*(R". +The path component is also optional and defaults to \*(L"/\*(R". +As far as the result pointer arguments are not \s-1NULL\s0 it assigns via +them copies of the respective string components. +The strings returned this way must be deallocated by the caller using +\&\fIOPENSSL_free\fR\|(3) unless they are \s-1NULL\s0, which is their default value on error. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOSSL_HTTP_get()\fR, \fIOSSL_HTTP_get_asn1()\fR, \fIOSSL_HTTP_post_asn1()\fR, and +\&\fIOSSL_HTTP_transfer()\fR return on success the data received via \s-1HTTP\s0, else \s-1NULL\s0. +Error conditions include connection/transfer timeout, parse errors, etc. +.PP +\&\fIOSSL_HTTP_proxy_connect()\fR and \fIOSSL_HTTP_parse_url()\fR +return 1 on success, 0 on error. +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIOSSL_HTTP_get()\fR, \fIOSSL_HTTP_get_asn1()\fR, \fIOSSL_HTTP_post_asn1()\fR, +\&\fIOSSL_HTTP_proxy_connect()\fR, and \fIOSSL_HTTP_parse_url()\fR were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/OSSL_PARAM.3 b/linux_amd64/share/man/man3/OSSL_PARAM.3 new file mode 100755 index 0000000..7b9b133 --- /dev/null +++ b/linux_amd64/share/man/man3/OSSL_PARAM.3 @@ -0,0 +1,421 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_PARAM 3" +.TH OSSL_PARAM 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_PARAM \- a structure to pass or request object parameters +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct ossl_param_st OSSL_PARAM; +\& struct ossl_param_st { +\& const char *key; /* the name of the parameter */ +\& unsigned char data_type; /* declare what kind of content is in data */ +\& void *data; /* value being passed in or out */ +\& size_t data_size; /* data size */ +\& size_t return_size; /* returned size */ +\& }; +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fB\s-1OSSL_PARAM\s0\fR is a type that allows passing arbitrary data for some +object between two parties that have no or very little shared +knowledge about their respective internal structures for that object. +.PP +A typical usage example could be an application that wants to set some +parameters for an object, or wants to find out some parameters of an +object. +.PP +Arrays of this type can be used for the following purposes: +.IP "\(bu" 4 +Setting parameters for some object +.Sp +The caller sets up the \fB\s-1OSSL_PARAM\s0\fR array and calls some function +(the \fIsetter\fR) that has intimate knowledge about the object that can +take the data from the \fB\s-1OSSL_PARAM\s0\fR array and assign them in a +suitable form for the internal structure of the object. +.IP "\(bu" 4 +Request parameters of some object +.Sp +The caller (the \fIrequestor\fR) sets up the \fB\s-1OSSL_PARAM\s0\fR array and +calls some function (the \fIresponder\fR) that has intimate knowledge +about the object, which can take the internal data of the object and +copy (possibly convert) that to the memory prepared by the +\&\fIrequestor\fR and pointed at with the \fB\s-1OSSL_PARAM\s0\fR \fIdata\fR. +.IP "\(bu" 4 +Request parameter descriptors +.Sp +The caller gets an array of constant \fB\s-1OSSL_PARAM\s0\fR, which describe +available parameters and some of their properties; name, data type and +expected data size. +For a detailed description of each field for this use, see the field +descriptions below. +.Sp +The caller may then use the information from this descriptor array to +build up its own \fB\s-1OSSL_PARAM\s0\fR array to pass down to a \fIsetter\fR or +\&\fIresponder\fR. +.PP +Normally, the order of the an \fB\s-1OSSL_PARAM\s0\fR array is not relevant. +However, if the \fIresponder\fR can handle multiple elements with the +same key, those elements must be handled in the order they are in. +.SS "\fB\s-1OSSL_PARAM\s0\fP fields" +.IX Subsection "OSSL_PARAM fields" +.IP "\fIkey\fR" 4 +.IX Item "key" +The identity of the parameter in the form of a string. +.IP "\fIdata_type\fR" 4 +.IX Item "data_type" +The \fIdata_type\fR is a value that describes the type and organization of +the data. +See \*(L"Supported types\*(R" below for a description of the types. +.IP "\fIdata\fR" 4 +.IX Item "data" +.PD 0 +.IP "\fIdata_size\fR" 4 +.IX Item "data_size" +.PD +\&\fIdata\fR is a pointer to the memory where the parameter data is (when +setting parameters) or shall (when requesting parameters) be stored, +and \fIdata_size\fR is its size in bytes. +The organization of the data depends on the parameter type and flag. +.Sp +When \fIrequesting parameters\fR, it's acceptable for \fIdata\fR to be \s-1NULL\s0. +This can be used by the \fIrequestor\fR to figure out dynamically exactly +how much buffer space is needed to store the parameter data. +In this case, \fIdata_size\fR is ignored. +.Sp +When the \fB\s-1OSSL_PARAM\s0\fR is used as a parameter descriptor, \fIdata\fR +should be ignored. +If \fIdata_size\fR is zero, it means that an arbitrary data size is +accepted, otherwise it specifies the maximum size allowed. +.IP "\fIreturn_size\fR" 4 +.IX Item "return_size" +When an array of \fB\s-1OSSL_PARAM\s0\fR is used to request data, the +\&\fIresponder\fR must set this field to indicate size of the parameter +data, including padding as the case may be. +In case the \fIdata_size\fR is an unsuitable size for the data, the +\&\fIresponder\fR must still set this field to indicate the minimum data +size required. +(further notes on this in \*(L"\s-1NOTES\s0\*(R" below). +.Sp +When the \fB\s-1OSSL_PARAM\s0\fR is used as a parameter descriptor, +\&\fIreturn_size\fR should be ignored. +.PP +\&\fB\s-1NOTE:\s0\fR +.PP +The key names and associated types are defined by the entity that +offers these parameters, i.e. names for parameters provided by the +OpenSSL libraries are defined by the libraries, and names for +parameters provided by providers are defined by those providers, +except for the pointer form of strings (see data type descriptions +below). +Entities that want to set or request parameters need to know what +those keys are and of what type, any functionality between those two +entities should remain oblivious and just pass the \fB\s-1OSSL_PARAM\s0\fR array +along. +.SS "Supported types" +.IX Subsection "Supported types" +The \fIdata_type\fR field can be one of the following types: +.IP "\fB\s-1OSSL_PARAM_INTEGER\s0\fR" 4 +.IX Item "OSSL_PARAM_INTEGER" +.PD 0 +.IP "\fB\s-1OSSL_PARAM_UNSIGNED_INTEGER\s0\fR" 4 +.IX Item "OSSL_PARAM_UNSIGNED_INTEGER" +.PD +The parameter data is an integer (signed or unsigned) of arbitrary +length, organized in native form, i.e. most significant byte first on +Big-Endian systems, and least significant byte first on Little-Endian +systems. +.IP "\fB\s-1OSSL_PARAM_REAL\s0\fR" 4 +.IX Item "OSSL_PARAM_REAL" +The parameter data is a floating point value in native form. +.IP "\fB\s-1OSSL_PARAM_UTF8_STRING\s0\fR" 4 +.IX Item "OSSL_PARAM_UTF8_STRING" +The parameter data is a printable string. +.IP "\fB\s-1OSSL_PARAM_OCTET_STRING\s0\fR" 4 +.IX Item "OSSL_PARAM_OCTET_STRING" +The parameter data is an arbitrary string of bytes. +.IP "\fB\s-1OSSL_PARAM_UTF8_PTR\s0\fR" 4 +.IX Item "OSSL_PARAM_UTF8_PTR" +The parameter data is a pointer to a printable string. +.Sp +The difference between this and \fB\s-1OSSL_PARAM_UTF8_STRING\s0\fR is that \fIdata\fR +doesn't point directly at the data, but to a pointer that points to the data. +.Sp +This is used to indicate that constant data is or will be passed, +and there is therefore no need to copy the data that is passed, just +the pointer to it. +.Sp +\&\fIdata_size\fR must be set to the size of the data, not the size of the +pointer to the data. +If this is used in a parameter request, +\&\fIdata_size\fR is not relevant. However, the \fIresponder\fR will set +\&\fIreturn_size\fR to the size of the data. +.Sp +Note that the use of this type is \fBfragile\fR and can only be safely +used for data that remains constant and in a constant location for a +long enough duration (such as the life-time of the entity that +offers these parameters). +.IP "\fB\s-1OSSL_PARAM_OCTET_PTR\s0\fR" 4 +.IX Item "OSSL_PARAM_OCTET_PTR" +The parameter data is a pointer to an arbitrary string of bytes. +.Sp +The difference between this and \fB\s-1OSSL_PARAM_OCTET_STRING\s0\fR is that +\&\fIdata\fR doesn't point directly at the data, but to a pointer that +points to the data. +.Sp +This is used to indicate that constant data is or will be passed, and +there is therefore no need to copy the data that is passed, just the +pointer to it. +.Sp +\&\fIdata_size\fR must be set to the size of the data, not the size of the +pointer to the data. +If this is used in a parameter request, +\&\fIdata_size\fR is not relevant. However, the \fIresponder\fR will set +\&\fIreturn_size\fR to the size of the data. +.Sp +Note that the use of this type is \fBfragile\fR and can only be safely +used for data that remains constant and in a constant location for a +long enough duration (such as the life-time of the entity that +offers these parameters). +.SH "NOTES" +.IX Header "NOTES" +Both when setting and requesting parameters, the functions that are +called will have to decide what is and what is not an error. +The recommended behaviour is: +.IP "\(bu" 4 +Keys that a \fIsetter\fR or \fIresponder\fR doesn't recognise should simply +be ignored. +That in itself isn't an error. +.IP "\(bu" 4 +If the keys that a called \fIsetter\fR recognises form a consistent +enough set of data, that call should succeed. +.IP "\(bu" 4 +Apart from the \fIreturn_size\fR, a \fIresponder\fR must never change the fields +of an \fB\s-1OSSL_PARAM\s0\fR. +To return a value, it should change the contents of the memory that +\&\fIdata\fR points at. +.IP "\(bu" 4 +If the data type for a key that it's associated with is incorrect, +the called function may return an error. +.Sp +The called function may also try to convert the data to a suitable +form (for example, it's plausible to pass a large number as an octet +string, so even though a given key is defined as an +\&\fB\s-1OSSL_PARAM_UNSIGNED_INTEGER\s0\fR, is plausible to pass the value as an +\&\fB\s-1OSSL_PARAM_OCTET_STRING\s0\fR), but this is in no way mandatory. +.IP "\(bu" 4 +If a \fIresponder\fR finds that some data sizes are too small for the +requested data, it must set \fIreturn_size\fR for each such +\&\fB\s-1OSSL_PARAM\s0\fR item to the minimum required size, and eventually return +an error. +.IP "\(bu" 4 +For the integer type parameters (\fB\s-1OSSL_PARAM_UNSIGNED_INTEGER\s0\fR and +\&\fB\s-1OSSL_PARAM_INTEGER\s0\fR), a \fIresponder\fR may choose to return an error +if the \fIdata_size\fR isn't a suitable size (even if \fIdata_size\fR is +bigger than needed). If the \fIresponder\fR finds the size suitable, it +must fill all \fIdata_size\fR bytes and ensure correct padding for the +native endianness, and set \fIreturn_size\fR to the same value as +\&\fIdata_size\fR. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +A couple of examples to just show how \fB\s-1OSSL_PARAM\s0\fR arrays could be +set up. +.PP +\fIExample 1\fR +.IX Subsection "Example 1" +.PP +This example is for setting parameters on some object: +.PP +.Vb 1 +\& #include +\& +\& const char *foo = "some string"; +\& size_t foo_l = strlen(foo) + 1; +\& const char bar[] = "some other string"; +\& OSSL_PARAM set[] = { +\& { "foo", OSSL_PARAM_UTF8_STRING_PTR, &foo, foo_l, 0 }, +\& { "bar", OSSL_PARAM_UTF8_STRING, &bar, sizeof(bar), 0 }, +\& { NULL, 0, NULL, 0, NULL } +\& }; +.Ve +.PP +\fIExample 2\fR +.IX Subsection "Example 2" +.PP +This example is for requesting parameters on some object: +.PP +.Vb 9 +\& const char *foo = NULL; +\& size_t foo_l; +\& char bar[1024]; +\& size_t bar_l; +\& OSSL_PARAM request[] = { +\& { "foo", OSSL_PARAM_UTF8_STRING_PTR, &foo, 0 /*irrelevant*/, 0 }, +\& { "bar", OSSL_PARAM_UTF8_STRING, &bar, sizeof(bar), 0 }, +\& { NULL, 0, NULL, 0, NULL } +\& }; +.Ve +.PP +A \fIresponder\fR that receives this array (as \fIparams\fR in this example) +could fill in the parameters like this: +.PP +.Vb 1 +\& /* OSSL_PARAM *params */ +\& +\& int i; +\& +\& for (i = 0; params[i].key != NULL; i++) { +\& if (strcmp(params[i].key, "foo") == 0) { +\& *(char **)params[i].data = "foo value"; +\& params[i].return_size = 10; /* size of "foo value" */ +\& } else if (strcmp(params[i].key, "bar") == 0) { +\& memcpy(params[i].data, "bar value", 10); +\& params[i].return_size = 10; /* size of "bar value" */ +\& } +\& /* Ignore stuff we don\*(Aqt know */ +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\-core.h\fR\|(7), \fIOSSL_PARAM_get_int\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fB\s-1OSSL_PARAM\s0\fR was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/OSSL_PARAM_allocate_from_text.3 b/linux_amd64/share/man/man3/OSSL_PARAM_allocate_from_text.3 new file mode 100755 index 0000000..b661c20 --- /dev/null +++ b/linux_amd64/share/man/man3/OSSL_PARAM_allocate_from_text.3 @@ -0,0 +1,286 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_PARAM_ALLOCATE_FROM_TEXT 3" +.TH OSSL_PARAM_ALLOCATE_FROM_TEXT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_PARAM_allocate_from_text +\&\- OSSL_PARAM construction utilities +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int OSSL_PARAM_allocate_from_text(OSSL_PARAM *to, +\& const OSSL_PARAM *paramdefs, +\& const char *key, const char *value, +\& size_t value_n, +\& int *found); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +With OpenSSL before version 3.0, parameters were passed down to or +retrieved from algorithm implementations via control functions. +Some of these control functions existed in variants that took string +parameters, for example \fIEVP_PKEY_CTX_ctrl_str\fR\|(3). +.PP +OpenSSL 3.0 introduces a new mechanism to do the same thing with an +array of parameters that contain name, value, value type and value +size (see \s-1\fIOSSL_PARAM\s0\fR\|(3) for more information). +.PP +\&\fIOSSL_PARAM_allocate_from_text()\fR takes a control \fIkey\fR, \fIvalue\fR and +value size \fIvalue_n\fR, and given a parameter descriptor array +\&\fIparamdefs\fR, it converts the value to something suitable for +\&\s-1\fIOSSL_PARAM\s0\fR\|(3) and stores that in the buffer \fIbuf\fR, and modifies +the parameter \fIto\fR to match. +\&\fIbuf_n\fR, if not \s-1NULL\s0, will be assigned the number of bytes used in +\&\fIbuf\fR. +If \fIbuf\fR is \s-1NULL\s0, only \fIbuf_n\fR will be modified, everything else is +left untouched, allowing a caller to find out how large the buffer +should be. +\&\fIbuf\fR needs to be correctly aligned for the type of the \fB\s-1OSSL_PARAM\s0\fR +\&\fIkey\fR. +If is not \s-1NULL\s0, it is set to 1 if the parameter can be located and +to 0 otherwise. +.PP +The caller must remember to free the data of \fIto\fR when it's not +useful any more. +.PP +For parameters having the type \fB\s-1OSSL_PARAM_INTEGER\s0\fR, +\&\fB\s-1OSSL_PARAM_UNSIGNED_INTEGER\s0\fR, or \fB\s-1OSSL_PARAM_OCTET_STRING\s0\fR, both +functions will interpret the \fIvalue\fR differently if the key starts +with \*(L"hex\*(R". +In that case, the value is decoded first, and the result will be used +as parameter value. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOSSL_PARAM_allocate_from_text()\fR returns 1 on success, and 0 on error. +.SH "NOTES" +.IX Header "NOTES" +The parameter descriptor array comes from functions dedicated to +return them. +The following \fB\s-1OSSL_PARAM\s0\fR attributes are used: +.IP "\fIkey\fR" 4 +.IX Item "key" +.PD 0 +.IP "\fIdata\fR" 4 +.IX Item "data" +.IP "\fIdata_size\fR" 4 +.IX Item "data_size" +.PD +.PP +All other attributes are ignored. +.PP +The \fIdata_size\fR attribute can be zero, meaning that the parameter it +describes expects arbitrary length data. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Code that looked like this: +.PP +.Vb 4 +\& int mac_ctrl_string(EVP_PKEY_CTX *ctx, const char *value) +\& { +\& int rv; +\& char *stmp, *vtmp = NULL; +\& +\& stmp = OPENSSL_strdup(value); +\& if (stmp == NULL) +\& return \-1; +\& vtmp = strchr(stmp, \*(Aq:\*(Aq); +\& if (vtmp != NULL) +\& *vtmp++ = \*(Aq\e0\*(Aq; +\& rv = EVP_MAC_ctrl_str(ctx, stmp, vtmp); +\& OPENSSL_free(stmp); +\& return rv; +\& } +\& +\& ... +\& +\& +\& for (i = 0; i < sk_OPENSSL_STRING_num(macopts); i++) { +\& char *macopt = sk_OPENSSL_STRING_value(macopts, i); +\& +\& if (pkey_ctrl_string(mac_ctx, macopt) <= 0) { +\& BIO_printf(bio_err, +\& "MAC parameter error \e"%s\e"\en", macopt); +\& ERR_print_errors(bio_err); +\& goto mac_end; +\& } +\& } +.Ve +.PP +Can be written like this instead: +.PP +.Vb 6 +\& OSSL_PARAM *params = +\& OPENSSL_zalloc(sizeof(*params) +\& * (sk_OPENSSL_STRING_num(opts) + 1)); +\& const OSSL_PARAM *paramdefs = EVP_MAC_settable_ctx_params(mac); +\& size_t params_n; +\& char *opt = ""; +\& +\& for (params_n = 0; params_n < (size_t)sk_OPENSSL_STRING_num(opts); +\& params_n++) { +\& char *stmp, *vtmp = NULL; +\& +\& opt = sk_OPENSSL_STRING_value(opts, (int)params_n); +\& if ((stmp = OPENSSL_strdup(opt)) == NULL +\& || (vtmp = strchr(stmp, \*(Aq:\*(Aq)) == NULL) +\& goto err; +\& +\& *vtmp++ = \*(Aq\e0\*(Aq; +\& if (!OSSL_PARAM_allocate_from_text(¶ms[params_n], +\& paramdefs, stmp, +\& vtmp, strlen(vtmp), NULL)) +\& goto err; +\& } +\& params[params_n] = OSSL_PARAM_construct_end(); +\& if (!EVP_MAC_CTX_set_params(ctx, params)) +\& goto err; +\& while (params_n\-\- > 0) +\& OPENSSL_free(params[params_n].data); +\& OPENSSL_free(params); +\& /* ... */ +\& return; +\& +\& err: +\& BIO_printf(bio_err, "MAC parameter error \*(Aq%s\*(Aq\en", opt); +\& ERR_print_errors(bio_err); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fIOSSL_PARAM\s0\fR\|(3), \fIOSSL_PARAM_int\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/OSSL_PARAM_int.3 b/linux_amd64/share/man/man3/OSSL_PARAM_int.3 new file mode 100755 index 0000000..fbf2564 --- /dev/null +++ b/linux_amd64/share/man/man3/OSSL_PARAM_int.3 @@ -0,0 +1,444 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_PARAM_INT 3" +.TH OSSL_PARAM_INT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_PARAM_double, OSSL_PARAM_int, OSSL_PARAM_int32, OSSL_PARAM_int64, +OSSL_PARAM_long, OSSL_PARAM_size_t, OSSL_PARAM_uint, OSSL_PARAM_uint32, +OSSL_PARAM_uint64, OSSL_PARAM_ulong, OSSL_PARAM_BN, OSSL_PARAM_utf8_string, +OSSL_PARAM_octet_string, OSSL_PARAM_utf8_ptr, OSSL_PARAM_octet_ptr, +OSSL_PARAM_END, +OSSL_PARAM_construct_double, OSSL_PARAM_construct_int, +OSSL_PARAM_construct_int32, OSSL_PARAM_construct_int64, +OSSL_PARAM_construct_long, OSSL_PARAM_construct_size_t, +OSSL_PARAM_construct_uint, OSSL_PARAM_construct_uint32, +OSSL_PARAM_construct_uint64, OSSL_PARAM_construct_ulong, +OSSL_PARAM_construct_BN, OSSL_PARAM_construct_utf8_string, +OSSL_PARAM_construct_utf8_ptr, OSSL_PARAM_construct_octet_string, +OSSL_PARAM_construct_octet_ptr, OSSL_PARAM_construct_end, +OSSL_PARAM_locate, OSSL_PARAM_locate_const, +OSSL_PARAM_get_double, OSSL_PARAM_get_int, OSSL_PARAM_get_int32, +OSSL_PARAM_get_int64, OSSL_PARAM_get_long, OSSL_PARAM_get_size_t, +OSSL_PARAM_get_uint, OSSL_PARAM_get_uint32, OSSL_PARAM_get_uint64, +OSSL_PARAM_get_ulong, OSSL_PARAM_get_BN, OSSL_PARAM_get_utf8_string, +OSSL_PARAM_get_octet_string, OSSL_PARAM_get_utf8_ptr, +OSSL_PARAM_get_octet_ptr, +OSSL_PARAM_set_double, OSSL_PARAM_set_int, OSSL_PARAM_set_int32, +OSSL_PARAM_set_int64, OSSL_PARAM_set_long, OSSL_PARAM_set_size_t, +OSSL_PARAM_set_uint, OSSL_PARAM_set_uint32, OSSL_PARAM_set_uint64, +OSSL_PARAM_set_ulong, OSSL_PARAM_set_BN, OSSL_PARAM_set_utf8_string, +OSSL_PARAM_set_octet_string, OSSL_PARAM_set_utf8_ptr, +OSSL_PARAM_set_octet_ptr +\&\- OSSL_PARAM helpers +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& /* +\& * TYPE in function names is one of: +\& * double, int, int32, int64, long, size_t, uint, uint32, uint64, ulong +\& * Corresponding TYPE in function arguments is one of: +\& * double, int, int32_t, int64_t, long, size_t, unsigned int, uint32_t, +\& * uint64_t, unsigned long +\& */ +\& +\& #define OSSL_PARAM_TYPE(key, address) +\& #define OSSL_PARAM_BN(key, address, size) +\& #define OSSL_PARAM_utf8_string(key, address, size) +\& #define OSSL_PARAM_octet_string(key, address, size) +\& #define OSSL_PARAM_utf8_ptr(key, address, size) +\& #define OSSL_PARAM_octet_ptr(key, address, size) +\& #define OSSL_PARAM_END +\& +\& OSSL_PARAM OSSL_PARAM_construct_TYPE(const char *key, TYPE *buf); +\& OSSL_PARAM OSSL_PARAM_construct_BN(const char *key, unsigned char *buf, +\& size_t bsize); +\& OSSL_PARAM OSSL_PARAM_construct_utf8_string(const char *key, char *buf, +\& size_t bsize); +\& OSSL_PARAM OSSL_PARAM_construct_octet_string(const char *key, void *buf, +\& size_t bsize); +\& OSSL_PARAM OSSL_PARAM_construct_utf8_ptr(const char *key, char **buf, +\& size_t bsize); +\& OSSL_PARAM OSSL_PARAM_construct_octet_ptr(const char *key, void **buf, +\& size_t bsize); +\& OSSL_PARAM OSSL_PARAM_construct_end(void); +\& +\& OSSL_PARAM *OSSL_PARAM_locate(OSSL_PARAM *array, const char *key); +\& const OSSL_PARAM *OSSL_PARAM_locate_const(const OSSL_PARAM *array, +\& const char *key); +\& +\& int OSSL_PARAM_get_TYPE(const OSSL_PARAM *p, TYPE *val); +\& int OSSL_PARAM_set_TYPE(OSSL_PARAM *p, TYPE val); +\& +\& int OSSL_PARAM_get_BN(const OSSL_PARAM *p, BIGNUM **val); +\& int OSSL_PARAM_set_BN(OSSL_PARAM *p, const BIGNUM *val); +\& +\& int OSSL_PARAM_get_utf8_string(const OSSL_PARAM *p, char **val, +\& size_t max_len); +\& int OSSL_PARAM_set_utf8_string(OSSL_PARAM *p, const char *val); +\& +\& int OSSL_PARAM_get_octet_string(const OSSL_PARAM *p, void **val, +\& size_t max_len, size_t *used_len); +\& int OSSL_PARAM_set_octet_string(OSSL_PARAM *p, const void *val, size_t len); +\& +\& int OSSL_PARAM_get_utf8_ptr(const OSSL_PARAM *p, const char **val); +\& int OSSL_PARAM_set_utf8_ptr(OSSL_PARAM *p, const char *val); +\& +\& int OSSL_PARAM_get_octet_ptr(const OSSL_PARAM *p, const void **val, +\& size_t *used_len); +\& int OSSL_PARAM_set_octet_ptr(OSSL_PARAM *p, const void *val, +\& size_t used_len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A collection of utility functions that simplify and add type safety to the +\&\s-1OSSL_PARAM\s0 arrays. The following \fB\s-1TYPE\s0\fR names are supported: +.IP "\(bu" 1 +double +.IP "\(bu" 1 +int +.IP "\(bu" 1 +int32 (int32_t) +.IP "\(bu" 1 +int64 (int64_t) +.IP "\(bu" 1 +long int (long) +.IP "\(bu" 1 +size_t +.IP "\(bu" 1 +uint32 (uint32_t) +.IP "\(bu" 1 +uint64 (uint64_t) +.IP "\(bu" 1 +unsigned int (uint) +.IP "\(bu" 1 +unsigned long int (ulong) +.PP +\&\s-1\fIOSSL_PARAM_TYPE\s0()\fR are a series of macros designed to assist initialising an +array of \s-1OSSL_PARAM\s0 structures. +Each of these macros defines a parameter of the specified \fB\s-1TYPE\s0\fR with the +provided \fBkey\fR and parameter variable \fBaddress\fR. +.PP +\&\fIOSSL_PARAM_utf8_string()\fR, \fIOSSL_PARAM_octet_string()\fR, \fIOSSL_PARAM_utf8_ptr()\fR, +\&\fIOSSL_PARAM_octet_ptr()\fR, \s-1\fIOSSL_PARAM_BN\s0()\fR are macros that provide support +for defining \s-1UTF8\s0 strings, \s-1OCTET\s0 strings and big numbers. +A parameter with name \fBkey\fR is defined. +The storage for this parameter is at \fBaddress\fR and is of \fBsize\fR bytes. +.PP +\&\s-1OSSL_PARAM_END\s0 provides an end of parameter list marker. +This should terminate all \s-1OSSL_PARAM\s0 arrays. +.PP +\&\fIOSSL_PARAM_construct_TYPE()\fR are a series of functions that create \s-1OSSL_PARAM\s0 +records dynamically. +A parameter with name \fBkey\fR is created. +The parameter will use storage pointed to by \fBbuf\fR and return size of \fBret\fR. +.PP +\&\fIOSSL_PARAM_construct_BN()\fR is a function that constructs a large integer +\&\s-1OSSL_PARAM\s0 structure. +A parameter with name \fBkey\fR, storage \fBbuf\fR, size \fBbsize\fR and return +size \fBrsize\fR is created. +.PP +\&\fIOSSL_PARAM_construct_utf8_string()\fR is a function that constructs a \s-1UTF8\s0 +string \s-1OSSL_PARAM\s0 structure. +A parameter with name \fBkey\fR, storage \fBbuf\fR and size \fBbsize\fR is created. +If \fBbsize\fR is zero, the string length is determined using \fIstrlen\fR\|(3) + 1 for the +null termination byte. +Generally pass zero for \fBbsize\fR instead of calling \fIstrlen\fR\|(3) yourself. +.PP +\&\fIOSSL_PARAM_construct_octet_string()\fR is a function that constructs an \s-1OCTET\s0 +string \s-1OSSL_PARAM\s0 structure. +A parameter with name \fBkey\fR, storage \fBbuf\fR and size \fBbsize\fR is created. +.PP +\&\fIOSSL_PARAM_construct_utf8_ptr()\fR is a function that constructes a \s-1UTF\s0 string +pointer \s-1OSSL_PARAM\s0 structure. +A parameter with name \fBkey\fR, storage pointer \fB*buf\fR and size \fBbsize\fR +is created. +.PP +\&\fIOSSL_PARAM_construct_octet_ptr()\fR is a function that constructes an \s-1OCTET\s0 string +pointer \s-1OSSL_PARAM\s0 structure. +A parameter with name \fBkey\fR, storage pointer \fB*buf\fR and size \fBbsize\fR +is created. +.PP +\&\fIOSSL_PARAM_construct_end()\fR is a function that constructs the terminating +\&\s-1OSSL_PARAM\s0 structure. +.PP +\&\fIOSSL_PARAM_locate()\fR is a function that searches an \fBarray\fR of parameters for +the one matching the \fBkey\fR name. +.PP +\&\fIOSSL_PARAM_locate_const()\fR behaves exactly like \fIOSSL_PARAM_locate()\fR except for +the presence of \fIconst\fR for the \fBarray\fR argument and its return value. +.PP +\&\fIOSSL_PARAM_get_TYPE()\fR retrieves a value of type \fB\s-1TYPE\s0\fR from the parameter \fBp\fR. +The value is copied to the address \fBval\fR. +Type coercion takes place as discussed in the \s-1NOTES\s0 section. +.PP +\&\fIOSSL_PARAM_set_TYPE()\fR stores a value \fBval\fR of type \fB\s-1TYPE\s0\fR into the parameter +\&\fBp\fR. +If the parameter's \fIdata\fR field is \s-1NULL\s0, then only its \fIreturn_size\fR field +will be assigned the size the parameter's \fIdata\fR buffer should have. +Type coercion takes place as discussed in the \s-1NOTES\s0 section. +.PP +\&\fIOSSL_PARAM_get_BN()\fR retrieves a \s-1BIGNUM\s0 from the parameter pointed to by \fBp\fR. +The \s-1BIGNUM\s0 referenced by \fBval\fR is updated and is allocated if \fB*val\fR is +\&\fB\s-1NULL\s0\fR. +.PP +\&\fIOSSL_PARAM_set_BN()\fR stores the \s-1BIGNUM\s0 \fBval\fR into the parameter \fBp\fR. +If the parameter's \fIdata\fR field is \s-1NULL\s0, then only its \fIreturn_size\fR field +will be assigned the size the parameter's \fIdata\fR buffer should have. +.PP +\&\fIOSSL_PARAM_get_utf8_string()\fR retrieves a \s-1UTF8\s0 string from the parameter +pointed to by \fBp\fR. +The string is either stored into \fB*val\fR with a length limit of \fBmax_len\fR or, +in the case when \fB*val\fR is \fB\s-1NULL\s0\fR, memory is allocated for the string and +\&\fBmax_len\fR is ignored. +If memory is allocated by this function, it must be freed by the caller. +.PP +\&\fIOSSL_PARAM_set_utf8_string()\fR sets a \s-1UTF8\s0 string from the parameter pointed to +by \fBp\fR to the value referenced by \fBval\fR. +If the parameter's \fIdata\fR field is \s-1NULL\s0, then only its \fIreturn_size\fR field +will be assigned the size the parameter's \fIdata\fR buffer should have. +.PP +\&\fIOSSL_PARAM_get_octet_string()\fR retrieves an \s-1OCTET\s0 string from the parameter +pointed to by \fBp\fR. +The OCTETs are either stored into \fB*val\fR with a length limit of \fBmax_len\fR or, +in the case when \fB*val\fR is \fB\s-1NULL\s0\fR, memory is allocated and +\&\fBmax_len\fR is ignored. +If memory is allocated by this function, it must be freed by the caller. +.PP +\&\fIOSSL_PARAM_set_octet_string()\fR sets an \s-1OCTET\s0 string from the parameter +pointed to by \fBp\fR to the value referenced by \fBval\fR. +If the parameter's \fIdata\fR field is \s-1NULL\s0, then only its \fIreturn_size\fR field +will be assigned the size the parameter's \fIdata\fR buffer should have. +.PP +\&\fIOSSL_PARAM_get_utf8_ptr()\fR retrieves the \s-1UTF8\s0 string pointer from the parameter +referenced by \fBp\fR and stores it in \fB*val\fR. +.PP +\&\fIOSSL_PARAM_set_utf8_ptr()\fR sets the \s-1UTF8\s0 string pointer in the parameter +referenced by \fBp\fR to the values \fBval\fR. +.PP +\&\fIOSSL_PARAM_get_octet_ptr()\fR retrieves the \s-1OCTET\s0 string pointer from the parameter +referenced by \fBp\fR and stores it in \fB*val\fR. +The length of the \s-1OCTET\s0 string is stored in \fB*used_len\fR. +.PP +\&\fIOSSL_PARAM_set_octet_ptr()\fR sets the \s-1OCTET\s0 string pointer in the parameter +referenced by \fBp\fR to the values \fBval\fR. +The length of the \s-1OCTET\s0 string is provided by \fBused_len\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOSSL_PARAM_construct_TYPE()\fR, \fIOSSL_PARAM_construct_BN()\fR, +\&\fIOSSL_PARAM_construct_utf8_string()\fR, \fIOSSL_PARAM_construct_octet_string()\fR, +\&\fIOSSL_PARAM_construct_utf8_ptr()\fR and \fIOSSL_PARAM_construct_octet_ptr()\fR +return a populated \s-1OSSL_PARAM\s0 structure. +.PP +\&\fIOSSL_PARAM_locate()\fR and \fIOSSL_PARAM_locate_const()\fR return a pointer to +the matching \s-1OSSL_PARAM\s0 object. They return \fB\s-1NULL\s0\fR on error or when +no object matching \fBkey\fR exists in the \fBarray\fR. +.PP +All other functions return \fB1\fR on success and \fB0\fR on failure. +.SH "NOTES" +.IX Header "NOTES" +Native types will be converted as required only if the value is exactly +representable by the target type or parameter. +Apart from that, the functions must be used appropriately for the +expected type of the parameter. +.PP +For \fIOSSL_PARAM_construct_utf8_ptr()\fR and \fIOSSL_PARAM_consstruct_octet_ptr()\fR, +\&\fBbsize\fR is not relevant if the purpose is to send the \fB\s-1OSSL_PARAM\s0\fR array +to a \fIresponder\fR, i.e. to get parameter data back. +In that case, \fBbsize\fR can safely be given zero. +See \*(L"\s-1DESCRIPTION\s0\*(R" in \s-1\fIOSSL_PARAM\s0\fR\|(3) for further information on the +possible purposes. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Reusing the examples from \s-1\fIOSSL_PARAM\s0\fR\|(3) to just show how +\&\f(CW\*(C`OSSL_PARAM\*(C'\fR arrays can be handled using the macros and functions +defined herein. +.SS "Example 1" +.IX Subsection "Example 1" +This example is for setting parameters on some object: +.PP +.Vb 1 +\& #include +\& +\& const char *foo = "some string"; +\& size_t foo_l = strlen(foo) + 1; +\& const char bar[] = "some other string"; +\& const OSSL_PARAM set[] = { +\& OSSL_PARAM_utf8_ptr("foo", foo, foo_l), +\& OSSL_PARAM_utf8_string("bar", bar, sizeof(bar)), +\& OSSL_PARAM_END +\& }; +.Ve +.SS "Example 2" +.IX Subsection "Example 2" +This example is for requesting parameters on some object, and also +demonstrates that the requestor isn't obligated to request all +available parameters: +.PP +.Vb 7 +\& const char *foo = NULL; +\& char bar[1024]; +\& OSSL_PARAM request[] = { +\& OSSL_PARAM_utf8_ptr("foo", foo, 0), +\& OSSL_PARAM_utf8_string("bar", bar, sizeof(bar)), +\& OSSL_PARAM_END +\& }; +.Ve +.PP +A \fIresponder\fR that receives this array (as \f(CW\*(C`params\*(C'\fR in this example) +could fill in the parameters like this: +.PP +.Vb 1 +\& /* OSSL_PARAM *params */ +\& +\& OSSL_PARAM *p; +\& +\& if ((p = OSSL_PARAM_locate(params, "foo")) == NULL) +\& OSSL_PARAM_set_utf8_ptr(p, "foo value"); +\& if ((p = OSSL_PARAM_locate(params, "bar")) == NULL) +\& OSSL_PARAM_set_utf8_ptr(p, "bar value"); +\& if ((p = OSSL_PARAM_locate(params, "cookie")) == NULL) +\& OSSL_PARAM_set_utf8_ptr(p, "cookie value"); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\-core.h\fR\|(7), \s-1\fIOSSL_PARAM\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These APIs were introduced in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/OSSL_PROVIDER.3 b/linux_amd64/share/man/man3/OSSL_PROVIDER.3 new file mode 100755 index 0000000..2f5f92c --- /dev/null +++ b/linux_amd64/share/man/man3/OSSL_PROVIDER.3 @@ -0,0 +1,246 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_PROVIDER 3" +.TH OSSL_PROVIDER 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_PROVIDER, OSSL_PROVIDER_load, OSSL_PROVIDER_unload, +OSSL_PROVIDER_available, +OSSL_PROVIDER_gettable_params, OSSL_PROVIDER_get_params, +OSSL_PROVIDER_add_builtin, OSSL_PROVIDER_name \- provider routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct ossl_provider_st OSSL_PROVIDER; +\& +\& OSSL_PROVIDER *OSSL_PROVIDER_load(OPENSSL_CTX *libctx, const char *name); +\& int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov); +\& int OSSL_PROVIDER_available(OPENSSL_CTX *libctx, const char *name); +\& +\& const OSSL_PARAM *OSSL_PROVIDER_gettable_params(OSSL_PROVIDER *prov); +\& int OSSL_PROVIDER_get_params(OSSL_PROVIDER *prov, OSSL_PARAM params[]); +\& +\& int OSSL_PROVIDER_add_builtin(OPENSSL_CTX *libctx, const char *name, +\& ossl_provider_init_fn *init_fn); +\& +\& const char *OSSL_PROVIDER_name(const OSSL_PROVIDER *prov); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fB\s-1OSSL_PROVIDER\s0\fR is a type that holds internal information about +implementation providers (see \fIprovider\fR\|(7) for information on what a +provider is). +A provider can be built in to the application or the OpenSSL +libraries, or can be a loadable module. +The functions described here handle both forms. +.PP +Some of these functions operate within a library context, please see +\&\s-1\fIOPENSSL_CTX\s0\fR\|(3) for further details. +.SS "Functions" +.IX Subsection "Functions" +\&\fIOSSL_PROVIDER_add_builtin()\fR is used to add a built in provider to +\&\fB\s-1OSSL_PROVIDER\s0\fR store in the given library context, by associating a +provider name with a provider initialization function. +This name can then be used with \fIOSSL_PROVIDER_load()\fR. +.PP +\&\fIOSSL_PROVIDER_load()\fR loads and initializes a provider. +This may simply initialize a provider that was previously added with +\&\fIOSSL_PROVIDER_add_builtin()\fR and run its given initialization function, +or load a provider module with the given name and run its provider +entry point, \f(CW\*(C`OSSL_provider_init\*(C'\fR. +.PP +\&\fIOSSL_PROVIDER_unload()\fR unloads the given provider. +For a provider added with \fIOSSL_PROVIDER_add_builtin()\fR, this simply +runs its teardown function. +.PP +\&\fIOSSL_PROVIDER_available()\fR checks if a named provider is available +for use. +.PP +\&\fIOSSL_PROVIDER_gettable_params()\fR is used to get a provider parameter +descriptor set as a constant \fB\s-1OSSL_PARAM\s0\fR array. +See \s-1\fIOSSL_PARAM\s0\fR\|(3) for more information. +.PP +\&\fIOSSL_PROVIDER_get_params()\fR is used to get provider parameter values. +The caller must prepare the \fB\s-1OSSL_PARAM\s0\fR array before calling this +function, and the variables acting as buffers for this parameter array +should be filled with data when it returns successfully. +.PP +\&\fIOSSL_PROVIDER_name()\fR returns the name of the given provider. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOSSL_PROVIDER_add()\fR returns 1 on success, or 0 on error. +.PP +\&\fIOSSL_PROVIDER_load()\fR returns a pointer to a provider object on +success, or \fB\s-1NULL\s0\fR on error. +.PP +\&\fIOSSL_PROVIDER_unload()\fR returns 1 on success, or 0 on error. +.PP +\&\fIOSSL_PROVIDER_available()\fR returns 1 if the named provider is available, +otherwise 0. +.PP +\&\fIOSSL_PROVIDER_gettable_params()\fR returns a pointer to an array +of constant \fB\s-1OSSL_PARAM\s0\fR, or \s-1NULL\s0 if none is provided. +.PP +\&\fIOSSL_PROVIDER_get_params()\fR returns 1 on success, or 0 on error. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This demonstrates how to load the provider module \*(L"foo\*(R" and ask for +its build number. +.PP +.Vb 7 +\& OSSL_PROVIDER *prov = NULL; +\& const char *build = NULL; +\& size_t built_l = 0; +\& OSSL_PARAM request[] = { +\& { "build", OSSL_PARAM_UTF8_STRING_PTR, &build, 0, &build_l }, +\& { NULL, 0, NULL, 0, NULL } +\& }; +\& +\& if ((prov = OSSL_PROVIDER_load(NULL, "foo")) != NULL +\& && OSSL_PROVIDER_get_params(prov, request)) +\& printf("Provider \*(Aqfoo\*(Aq build %s\en", build); +\& else +\& ERR_print_errors_fp(stderr); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\-core.h\fR\|(7), \s-1\fIOPENSSL_CTX\s0\fR\|(3), \fIprovider\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The type and functions described here were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/OSSL_SELF_TEST_set_callback.3 b/linux_amd64/share/man/man3/OSSL_SELF_TEST_set_callback.3 new file mode 100755 index 0000000..ab009d8 --- /dev/null +++ b/linux_amd64/share/man/man3/OSSL_SELF_TEST_set_callback.3 @@ -0,0 +1,172 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_SELF_TEST_SET_CALLBACK 3" +.TH OSSL_SELF_TEST_SET_CALLBACK 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_SELF_TEST_set_callback, +OSSL_SELF_TEST_get_callback \- specify a callback for processing self tests +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void OSSL_SELF_TEST_set_callback(OPENSSL_CTX *ctx, OSSL_CALLBACK *cb, void *cbarg); +\& void OSSL_SELF_TEST_get_callback(OPENSSL_CTX *ctx, OSSL_CALLBACK **cb, void **cbarg); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Set or gets the optional application callback (and the callback argument) that +is called during self testing. +The application callback \fB\s-1OSSL_CALLBACK\s0\fR is associated with a \fB\s-1OPENSSL_CTX\s0\fR. +The application callback function receives information about a running self test, +and may return a result to the calling self test. +See \fIopenssl\-core.h\fR\|(7) for further information on the callback. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOSSL_SELF_TEST_get_callback()\fR returns the callback and callback argument that +has been set via \fIOSSL_SELF_TEST_set_callback()\fR for the given library context \fBctx\fR. +These returned parameters will be \s-1NULL\s0 if \fIOSSL_SELF_TEST_set_callback()\fR has +not been called. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\-core.h\fR\|(7), +\&\s-1\fIOSSL_PROVIDER\-FIPS\s0\fR\|(7) +\&\s-1\fIOPENSSL_CTX\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/OSSL_SERIALIZER.3 b/linux_amd64/share/man/man3/OSSL_SERIALIZER.3 new file mode 100755 index 0000000..513ec5d --- /dev/null +++ b/linux_amd64/share/man/man3/OSSL_SERIALIZER.3 @@ -0,0 +1,248 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_SERIALIZER 3" +.TH OSSL_SERIALIZER 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_SERIALIZER, +OSSL_SERIALIZER_fetch, +OSSL_SERIALIZER_up_ref, +OSSL_SERIALIZER_free, +OSSL_SERIALIZER_provider, +OSSL_SERIALIZER_properties, +OSSL_SERIALIZER_is_a, +OSSL_SERIALIZER_number, +OSSL_SERIALIZER_do_all_provided, +OSSL_SERIALIZER_names_do_all +\&\- Serializer method routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct ossl_serializer_st OSSL_SERIALIZER; +\& +\& OSSL_SERIALIZER *OSSL_SERIALIZER_fetch(OPENSSL_CTX *ctx, const char *name, +\& const char *properties); +\& int OSSL_SERIALIZER_up_ref(OSSL_SERIALIZER *serializer); +\& void OSSL_SERIALIZER_free(OSSL_SERIALIZER *serializer); +\& const OSSL_PROVIDER *OSSL_SERIALIZER_provider(const OSSL_SERIALIZER +\& *serializer); +\& const char *OSSL_SERIALIZER_properties(const OSSL_SERIALIZER *ser); +\& int OSSL_SERIALIZER_is_a(const OSSL_SERIALIZER *serializer, +\& const char *name); +\& int OSSL_SERIALIZER_number(const OSSL_SERIALIZER *serializer); +\& void OSSL_SERIALIZER_do_all_provided(OPENSSL_CTX *libctx, +\& void (*fn)(OSSL_SERIALIZER *serializer, +\& void *arg), +\& void *arg); +\& void OSSL_SERIALIZER_names_do_all(const OSSL_SERIALIZER *serializer, +\& void (*fn)(const char *name, void *data), +\& void *data); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fB\s-1OSSL_SERIALIZER\s0\fR is a method for serializers, which know how to +serialize an object of some kind to a serialized form, such as \s-1PEM\s0, +\&\s-1DER\s0, or even human readable text. +.PP +\&\fIOSSL_SERIALIZER_fetch()\fR looks for an algorithm within the provider that +has been loaded into the \fB\s-1OPENSSL_CTX\s0\fR given by \fIctx\fR, having the +name given by \fIname\fR and the properties given by \fIproperties\fR. +The \fIname\fR determines what type of object the fetched serializer +method is expected to be able to serialize, and the properties are +used to determine the expected output type. +For known properties and the values they may have, please have a look +in \*(L"Names and properties\*(R" in \fIprovider\-serializer\fR\|(7). +.PP +\&\fIOSSL_SERIALIZER_up_ref()\fR increments the reference count for the given +\&\fIserializer\fR. +.PP +\&\fIOSSL_SERIALIZER_free()\fR decrements the reference count for the given +\&\fIserializer\fR, and when the count reaches zero, frees it. +.PP +\&\fIOSSL_SERIALIZER_provider()\fR returns the provider of the given +\&\fIserializer\fR. +.PP +\&\fIOSSL_SERIALIZER_provider()\fR returns the property definition associated +with the given \fIserializer\fR. +.PP +\&\fIOSSL_SERIALIZER_is_a()\fR checks if \fIserializer\fR is an implementation of an +algorithm that's identifiable with \fIname\fR. +.PP +\&\fIOSSL_SERIALIZER_number()\fR returns the internal dynamic number assigned to +the given \fIserializer\fR. +.PP +\&\fIOSSL_SERIALIZER_names_do_all()\fR traverses all names for the given +\&\fIserializer\fR, and calls \fIfn\fR with each name and \fIdata\fR. +.PP +\&\fIOSSL_SERIALIZER_do_all_provided()\fR traverses all serializer +implementations by all activated providers in the library context +\&\fIlibctx\fR, and for each of the implementations, calls \fIfn\fR with the +implementation method and \fIdata\fR as arguments. +.SH "NOTES" +.IX Header "NOTES" +\&\fIOSSL_SERIALIZER_fetch()\fR may be called implicitly by other fetching +functions, using the same library context and properties. +Any other \s-1API\s0 that uses keys will typically do this. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOSSL_SERIALIZER_fetch()\fR returns a pointer to the key management +implementation represented by an \s-1OSSL_SERIALIZER\s0 object, or \s-1NULL\s0 on +error. +.PP +\&\fIOSSL_SERIALIZER_up_ref()\fR returns 1 on success, or 0 on error. +.PP +\&\fIOSSL_SERIALIZER_free()\fR doesn't return any value. +.PP +\&\fIOSSL_SERIALIZER_provider()\fR returns a pointer to a provider object, or +\&\s-1NULL\s0 on error. +.PP +\&\fIOSSL_SERIALIZER_properties()\fR returns a pointer to a property +definition string, or \s-1NULL\s0 on error. +.PP +\&\fIOSSL_SERIALIZER_is_a()\fR returns 1 of \fIserializer\fR was identifiable, +otherwise 0. +.PP +\&\fIOSSL_SERIALIZER_number()\fR returns an integer. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIprovider\fR\|(7), \s-1\fIOSSL_SERIALIZER_CTX\s0\fR\|(3), \fIOSSL_SERIALIZER_to_bio\fR\|(3), +\&\fIOSSL_SERIALIZER_CTX_new_by_EVP_PKEY\fR\|(3), \s-1\fIOPENSSL_CTX\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/OSSL_SERIALIZER_CTX.3 b/linux_amd64/share/man/man3/OSSL_SERIALIZER_CTX.3 new file mode 100755 index 0000000..6153f96 --- /dev/null +++ b/linux_amd64/share/man/man3/OSSL_SERIALIZER_CTX.3 @@ -0,0 +1,208 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_SERIALIZER_CTX 3" +.TH OSSL_SERIALIZER_CTX 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_SERIALIZER_CTX, +OSSL_SERIALIZER_CTX_new, +OSSL_SERIALIZER_CTX_get_serializer, +OSSL_SERIALIZER_settable_ctx_params, +OSSL_SERIALIZER_CTX_set_params, +OSSL_SERIALIZER_CTX_free +\&\- Serializer context routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct ossl_serializer_ctx_st OSSL_SERIALIZER_CTX; +\& +\& OSSL_SERIALIZER_CTX *OSSL_SERIALIZER_CTX_new(OSSL_SERIALIZER *ser); +\& const OSSL_SERIALIZER * +\& OSSL_SERIALIZER_CTX_get_serializer(OSSL_SERIALIZER_CTX *ctx); +\& const OSSL_PARAM *OSSL_SERIALIZER_settable_ctx_params(OSSL_SERIALIZER *ser); +\& int OSSL_SERIALIZER_CTX_set_params(OSSL_SERIALIZER_CTX *ctx, +\& const OSSL_PARAM params[]); +\& void OSSL_SERIALIZER_CTX_free(OSSL_SERIALIZER_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fB\s-1OSSL_SERIALIZER_CTX\s0\fR is a context with which \fB\s-1OSSL_SERIALIZER\s0\fR +operations are performed. The context typically holds values, both +internal and supplied by the application, which are useful for the +implementations supplied by providers. +.PP +\&\fIOSSL_SERIALIZER_CTX_new()\fR creates a \fB\s-1OSSL_SERIALIZER_CTX\s0\fR associated +with the serializer \fIser\fR. \s-1NULL\s0 is a valid \fIser\fR, the context will +be created anyway, it's just not very useful. This is intentional, to +distinguish between errors in allocating the context or assigning it +values on one hand, and the lack of serializer support on the other. +.PP +\&\fIOSSL_SERIALIZER_CTX_get_serializer()\fR gets the serializer method +currently associated with the context \fIctx\fR. +.PP +\&\fIOSSL_SERIALIZER_settable_ctx_params()\fR returns an \s-1\fIOSSL_PARAM\s0\fR\|(3) +array of parameter descriptors. +.PP +\&\fIOSSL_SERIALIZER_CTX_set_params()\fR attempts to set parameters specified +with an \s-1\fIOSSL_PARAM\s0\fR\|(3) array \fIparams\fR. Parameters that the +implementation doesn't recognise should be ignored. +.PP +\&\fIOSSL_SERIALIZER_CTX_free()\fR frees the given context \fIctx\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOSSL_SERIALIZER_CTX_new()\fR returns a pointer to a +\&\fB\s-1OSSL_SERIALIZER_CTX\s0\fR, or \s-1NULL\s0 if the context structure couldn't be +allocated. +.PP +\&\fIOSSL_SERIALIZER_CTX_get_serializer()\fR returns a pointer to the +serializer method associated with \fIctx\fR. \s-1NULL\s0 is a valid return +value and signifies that there is no associated serializer method. +.PP +\&\fIOSSL_SERIALIZER_settable_ctx_params()\fR returns an \s-1\fIOSSL_PARAM\s0\fR\|(3) +array, or \s-1NULL\s0 if none is available. +.PP +\&\fIOSSL_SERIALIZER_CTX_set_params()\fR returns 1 if all recognised +parameters were valid, or 0 if one of them was invalid or caused some +other failure in the implementation. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIprovider\fR\|(7), \s-1\fIOSSL_SERIALIZER\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.3 b/linux_amd64/share/man/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.3 new file mode 100755 index 0000000..5d3f7fb --- /dev/null +++ b/linux_amd64/share/man/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.3 @@ -0,0 +1,262 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_SERIALIZER_CTX_NEW_BY_EVP_PKEY 3" +.TH OSSL_SERIALIZER_CTX_NEW_BY_EVP_PKEY 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_SERIALIZER_CTX_new_by_EVP_PKEY, +OSSL_SERIALIZER_CTX_set_cipher, +OSSL_SERIALIZER_CTX_set_passphrase, +OSSL_SERIALIZER_CTX_set_passphrase_cb, +OSSL_SERIALIZER_CTX_set_passphrase_ui, +OSSL_SERIALIZER_PUBKEY_TO_PEM_PQ, +OSSL_SERIALIZER_PrivateKey_TO_PEM_PQ, +OSSL_SERIALIZER_Parameters_TO_PEM_PQ, +OSSL_SERIALIZER_PUBKEY_TO_DER_PQ, +OSSL_SERIALIZER_PrivateKey_TO_DER_PQ, +OSSL_SERIALIZER_Parameters_TO_DER_PQ, +OSSL_SERIALIZER_PUBKEY_TO_TEXT_PQ, +OSSL_SERIALIZER_PrivateKey_TO_TEXT_PQ, +OSSL_SERIALIZER_Parameters_TO_TEXT_PQ +\&\- Serializer routines to serialize EVP_PKEYs +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& OSSL_SERIALIZER_CTX *OSSL_SERIALIZER_CTX_new_by_EVP_PKEY(const EVP_PKEY *pkey, +\& const char *propquery); +\& +\& int OSSL_SERIALIZER_CTX_set_cipher(OSSL_SERIALIZER_CTX *ctx, +\& const char *cipher_name, +\& const char *propquery); +\& int OSSL_SERIALIZER_CTX_set_passphrase(OSSL_SERIALIZER_CTX *ctx, +\& const unsigned char *kstr, +\& size_t klen); +\& int OSSL_SERIALIZER_CTX_set_passphrase_cb(OSSL_SERIALIZER_CTX *ctx, int enc, +\& pem_password_cb *cb, void *cbarg); +\& int OSSL_SERIALIZER_CTX_set_passphrase_ui(OSSL_SERIALIZER_CTX *ctx, +\& const UI_METHOD *ui_method, +\& void *ui_data); +\& +\& #define OSSL_SERIALIZER_PUBKEY_TO_PEM_PQ "format=pem,type=public" +\& #define OSSL_SERIALIZER_PrivateKey_TO_PEM_PQ "format=pem,type=private" +\& #define OSSL_SERIALIZER_Parameters_TO_PEM_PQ "format=pem,type=parameters" +\& +\& #define OSSL_SERIALIZER_PUBKEY_TO_DER_PQ "format=der,type=public" +\& #define OSSL_SERIALIZER_PrivateKey_TO_DER_PQ "format=der,type=private" +\& #define OSSL_SERIALIZER_Parameters_TO_DER_PQ "format=der,type=parameters" +\& +\& #define OSSL_SERIALIZER_PUBKEY_TO_TEXT_PQ "format=text,type=public" +\& #define OSSL_SERIALIZER_PrivateKey_TO_TEXT_PQ "format=text,type=private" +\& #define OSSL_SERIALIZER_Parameters_TO_TEXT_PQ "format=text,type=parameters" +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIOSSL_SERIALIZER_CTX_new_by_EVP_PKEY()\fR creates a \fB\s-1OSSL_SERIALIZER_CTX\s0\fR +with a suitable attached output routine for \fB\s-1EVP_PKEY\s0\fRs. It will +search for a serializer implementation that matches the algorithm of +the \fB\s-1EVP_PKEY\s0\fR and the property query given with \fIpropquery\fR. It +will prefer to find a serializer from the same provider as the key +data of the \fB\s-1EVP_PKEY\s0\fR itself, but failing that, it will choose the +first serializer that supplies a generic serializing function. +.PP +If no suitable serializer was found, \fIOSSL_SERIALIZER_CTX_new_by_EVP_PKEY()\fR +still creates a \fB\s-1OSSL_SERIALIZER_CTX\s0\fR, but with no associated +serializer (\fIOSSL_SERIALIZER_CTX_get_serializer\fR\|(3) returns \s-1NULL\s0). +This helps the caller distinguish between an error when creating +the \fB\s-1OSSL_SERIALIZER_CTX\s0\fR, and the lack the serializer support and +act accordingly. +.PP +\&\fIOSSL_SERIALIZER_CTX_set_cipher()\fR tells the implementation what cipher +should be used to encrypt serialized keys. The cipher is given by +name \fIcipher_name\fR. The interpretation of that \fIcipher_name\fR is +implementation dependent. The implementation may implement the digest +directly itself or by other implementations, or it may choose to fetch +it. If the implementation supports fetching the cipher, then it may +use \fIpropquery\fR as properties to be queried for when fetching. +\&\fIcipher_name\fR may also be \s-1NULL\s0, which will result in unencrypted +serialization. +.PP +\&\fIOSSL_SERIALIZER_CTX_set_passphrase()\fR gives the implementation a +pass phrase to use when encrypting the serialized private key. +Alternatively, a pass phrase callback may be specified with the +following functions. +.PP +\&\fIOSSL_SERIALIZER_CTX_set_passphrase_cb()\fR and +\&\fIOSSL_SERIALIZER_CTX_set_passphrase_ui()\fR sets up a callback method that +the implementation can use to prompt for a pass phrase. +.PP +The macros \fB\s-1OSSL_SERIALIZER_PUBKEY_TO_PEM_PQ\s0\fR, +\&\fBOSSL_SERIALIZER_PrivateKey_TO_PEM_PQ\fR, +\&\fBOSSL_SERIALIZER_Parameters_TO_PEM_PQ\fR, +\&\fB\s-1OSSL_SERIALIZER_PUBKEY_TO_DER_PQ\s0\fR, +\&\fBOSSL_SERIALIZER_PrivateKey_TO_DER_PQ\fR, +\&\fBOSSL_SERIALIZER_Parameters_TO_DER_PQ\fR, +\&\fB\s-1OSSL_SERIALIZER_PUBKEY_TO_TEXT_PQ\s0\fR, +\&\fBOSSL_SERIALIZER_PrivateKey_TO_TEXT_PQ\fR, +\&\fBOSSL_SERIALIZER_Parameters_TO_TEXT_PQ\fR are convenience macros with +property queries to serialize the \fB\s-1EVP_PKEY\s0\fR as a public key, private +key or parameters to \fB\s-1PEM\s0\fR, to \fB\s-1DER\s0\fR, or to text. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOSSL_SERIALIZER_CTX_new_by_EVP_PKEY()\fR returns a pointer to a +\&\fB\s-1OSSL_SERIALIZER_CTX\s0\fR, or \s-1NULL\s0 if it couldn't be created. +.PP +\&\fIOSSL_SERIALIZER_CTX_set_cipher()\fR, +\&\fIOSSL_SERIALIZER_CTX_set_passphrase()\fR, +\&\fIOSSL_SERIALIZER_CTX_set_passphrase_cb()\fR, and +\&\fIOSSL_SERIALIZER_CTX_set_passphrase_ui()\fR all return 1 on success, or 0 +on failure. +.SH "NOTES" +.IX Header "NOTES" +Parts of the function and macro names are made to match already +existing OpenSSL names. +.PP +\&\fB\s-1EVP_PKEY\s0\fR in \fIOSSL_SERIALIZER_CTX_new_by_EVP_PKEY()\fR matches the type +name, thus making for the naming pattern +\&\fBOSSL_SERIALIZER_CTX_new_by_\f(BI\s-1TYPE\s0\fB\fR() when new types are handled. +.PP +\&\fB\s-1PUBKEY\s0\fR, \fBPrivateKey\fR and \fBParameters\fR in the macro names match +the \fB\f(BI\s-1TYPE\s0\fB\fR part of of \fBPEM_write_bio_\f(BI\s-1TYPE\s0\fB\fR functions as well +as \fBi2d_\f(BI\s-1TYPE\s0\fB_bio\fR functions. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIprovider\fR\|(7), \s-1\fIOSSL_SERIALIZER\s0\fR\|(3), \s-1\fIOSSL_SERIALIZER_CTX\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/OSSL_SERIALIZER_to_bio.3 b/linux_amd64/share/man/man3/OSSL_SERIALIZER_to_bio.3 new file mode 100755 index 0000000..c88cdaa --- /dev/null +++ b/linux_amd64/share/man/man3/OSSL_SERIALIZER_to_bio.3 @@ -0,0 +1,174 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_SERIALIZER_TO_BIO 3" +.TH OSSL_SERIALIZER_TO_BIO 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_SERIALIZER_to_bio, +OSSL_SERIALIZER_to_fp +\&\- Serializer file output routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int OSSL_SERIALIZER_to_bio(OSSL_SERIALIZER_CTX *ctx, BIO *out); +\& int OSSL_SERIALIZER_to_fp(OSSL_SERIALIZER_CTX *ctx, FILE *fp); +.Ve +.PP +Feature availability macros: +.IP "\fIOSSL_SERIALIZER_to_fp()\fR is only available when \fB\s-1OPENSSL_NO_STDIO\s0\fR is undefined." 4 +.IX Item "OSSL_SERIALIZER_to_fp() is only available when OPENSSL_NO_STDIO is undefined." +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIOSSL_SERIALIZER_to_bio()\fR runs the serialization process for the +context \fIctx\fR, with the output going to the \fB\s-1BIO\s0\fR \fIout\fR. The +application is required to set up the \fB\s-1BIO\s0\fR properly, for example to +have it in text or binary mode if that's appropriate. +.PP +\&\fIOSSL_SERIALIZER_to_fp()\fR does the same thing as \fIOSSL_SERIALIZER_to_bio()\fR, +except that the output is going to the \fB\s-1FILE\s0\fR \fIfp\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOSSL_SERIALIZER_to_bio()\fR and \fIOSSL_SERIALIZER_to_fp()\fR return 1 on +success, or 0 on failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIprovider\fR\|(7), \s-1\fIOSSL_SERIALIZER_CTX\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/OSSL_STORE_INFO.3 b/linux_amd64/share/man/man3/OSSL_STORE_INFO.3 new file mode 100755 index 0000000..1b2f93f --- /dev/null +++ b/linux_amd64/share/man/man3/OSSL_STORE_INFO.3 @@ -0,0 +1,314 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_STORE_INFO 3" +.TH OSSL_STORE_INFO 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_STORE_INFO, OSSL_STORE_INFO_get_type, OSSL_STORE_INFO_get0_NAME, +OSSL_STORE_INFO_get0_NAME_description, OSSL_STORE_INFO_get0_PARAMS, +OSSL_STORE_INFO_get0_PKEY, OSSL_STORE_INFO_get0_CERT, OSSL_STORE_INFO_get0_CRL, +OSSL_STORE_INFO_get1_NAME, OSSL_STORE_INFO_get1_NAME_description, +OSSL_STORE_INFO_get1_PARAMS, OSSL_STORE_INFO_get1_PKEY, +OSSL_STORE_INFO_get1_CERT, +OSSL_STORE_INFO_get1_CRL, OSSL_STORE_INFO_type_string, OSSL_STORE_INFO_free, +OSSL_STORE_INFO_new_NAME, OSSL_STORE_INFO_set0_NAME_description, +OSSL_STORE_INFO_new_PARAMS, OSSL_STORE_INFO_new_PKEY, OSSL_STORE_INFO_new_CERT, +OSSL_STORE_INFO_new_CRL \- Functions to manipulate OSSL_STORE_INFO objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct ossl_store_info_st OSSL_STORE_INFO; +\& +\& int OSSL_STORE_INFO_get_type(const OSSL_STORE_INFO *store_info); +\& const char *OSSL_STORE_INFO_get0_NAME(const OSSL_STORE_INFO *store_info); +\& char *OSSL_STORE_INFO_get1_NAME(const OSSL_STORE_INFO *store_info); +\& const char *OSSL_STORE_INFO_get0_NAME_description(const OSSL_STORE_INFO +\& *store_info); +\& char *OSSL_STORE_INFO_get1_NAME_description(const OSSL_STORE_INFO *store_info); +\& EVP_PKEY *OSSL_STORE_INFO_get0_PARAMS(const OSSL_STORE_INFO *store_info); +\& EVP_PKEY *OSSL_STORE_INFO_get1_PARAMS(const OSSL_STORE_INFO *store_info); +\& EVP_PKEY *OSSL_STORE_INFO_get0_PKEY(const OSSL_STORE_INFO *store_info); +\& EVP_PKEY *OSSL_STORE_INFO_get1_PKEY(const OSSL_STORE_INFO *store_info); +\& X509 *OSSL_STORE_INFO_get0_CERT(const OSSL_STORE_INFO *store_info); +\& X509 *OSSL_STORE_INFO_get1_CERT(const OSSL_STORE_INFO *store_info); +\& X509_CRL *OSSL_STORE_INFO_get0_CRL(const OSSL_STORE_INFO *store_info); +\& X509_CRL *OSSL_STORE_INFO_get1_CRL(const OSSL_STORE_INFO *store_info); +\& +\& const char *OSSL_STORE_INFO_type_string(int type); +\& +\& void OSSL_STORE_INFO_free(OSSL_STORE_INFO *store_info); +\& +\& OSSL_STORE_INFO *OSSL_STORE_INFO_new_NAME(char *name); +\& int OSSL_STORE_INFO_set0_NAME_description(OSSL_STORE_INFO *info, char *desc); +\& OSSL_STORE_INFO *OSSL_STORE_INFO_new_PARAMS(DSA *dsa_params); +\& OSSL_STORE_INFO *OSSL_STORE_INFO_new_PKEY(EVP_PKEY *pkey); +\& OSSL_STORE_INFO *OSSL_STORE_INFO_new_CERT(X509 *x509); +\& OSSL_STORE_INFO *OSSL_STORE_INFO_new_CRL(X509_CRL *crl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions are primarily useful for applications to retrieve +supported objects from \fB\s-1OSSL_STORE_INFO\s0\fR objects and for scheme specific +loaders to create \fB\s-1OSSL_STORE_INFO\s0\fR holders. +.SS "Types" +.IX Subsection "Types" +\&\fB\s-1OSSL_STORE_INFO\s0\fR is an opaque type that's just an intermediary holder for +the objects that have been retrieved by \fIOSSL_STORE_load()\fR and similar +functions. +Supported OpenSSL type object can be extracted using one of +\&\fISTORE_INFO_get0_TYPE()\fR. +The life time of this extracted object is as long as the life time of +the \fB\s-1OSSL_STORE_INFO\s0\fR it was extracted from, so care should be taken not +to free the latter too early. +As an alternative, \fISTORE_INFO_get1_TYPE()\fR extracts a duplicate (or the +same object with its reference count increased), which can be used +after the containing \fB\s-1OSSL_STORE_INFO\s0\fR has been freed. +The object returned by \fISTORE_INFO_get1_TYPE()\fR must be freed separately +by the caller. +See \*(L"\s-1SUPPORTED\s0 \s-1OBJECTS\s0\*(R" for more information on the types that are +supported. +.SS "Functions" +.IX Subsection "Functions" +\&\fIOSSL_STORE_INFO_get_type()\fR takes a \fB\s-1OSSL_STORE_INFO\s0\fR and returns the \s-1STORE\s0 +type number for the object inside. +\&\fISTORE_INFO_get_type_string()\fR takes a \s-1STORE\s0 type number and returns a +short string describing it. +.PP +\&\fIOSSL_STORE_INFO_get0_NAME()\fR, \fIOSSL_STORE_INFO_get0_NAME_description()\fR, +\&\fIOSSL_STORE_INFO_get0_PARAMS()\fR, \fIOSSL_STORE_INFO_get0_PKEY()\fR, +\&\fIOSSL_STORE_INFO_get0_CERT()\fR and \fIOSSL_STORE_INFO_get0_CRL()\fR all take a +\&\fB\s-1OSSL_STORE_INFO\s0\fR and return the held object of the appropriate OpenSSL +type provided that's what's held. +.PP +\&\fIOSSL_STORE_INFO_get1_NAME()\fR, \fIOSSL_STORE_INFO_get1_NAME_description()\fR, +\&\fIOSSL_STORE_INFO_get1_PARAMS()\fR, \fIOSSL_STORE_INFO_get1_PKEY()\fR, +\&\fIOSSL_STORE_INFO_get1_CERT()\fR and \fIOSSL_STORE_INFO_get1_CRL()\fR all take a +\&\fB\s-1OSSL_STORE_INFO\s0\fR and return a duplicate of the held object of the +appropriate OpenSSL type provided that's what's held. +.PP +\&\fIOSSL_STORE_INFO_free()\fR frees a \fB\s-1OSSL_STORE_INFO\s0\fR and its contained type. +.PP +\&\fIOSSL_STORE_INFO_new_NAME()\fR , \fIOSSL_STORE_INFO_new_PARAMS()\fR, +\&\fIOSSL_STORE_INFO_new_PKEY()\fR, \fIOSSL_STORE_INFO_new_CERT()\fR and +\&\fIOSSL_STORE_INFO_new_CRL()\fR create a \fB\s-1OSSL_STORE_INFO\s0\fR +object to hold the given input object. +Additionally, for \fB\s-1OSSL_STORE_INFO_NAME\s0\fR` objects, +\&\fIOSSL_STORE_INFO_set0_NAME_description()\fR can be used to add an extra +description. +This description is meant to be human readable and should be used for +information printout. +.SH "SUPPORTED OBJECTS" +.IX Header "SUPPORTED OBJECTS" +Currently supported object types are: +.IP "\s-1OSSL_STORE_INFO_NAME\s0" 4 +.IX Item "OSSL_STORE_INFO_NAME" +A name is exactly that, a name. +It's like a name in a directory, but formatted as a complete \s-1URI\s0. +For example, the path in \s-1URI\s0 \f(CW\*(C`file:/foo/bar/\*(C'\fR could include a file +named \f(CW\*(C`cookie.pem\*(C'\fR, and in that case, the returned \fB\s-1OSSL_STORE_INFO_NAME\s0\fR +object would have the \s-1URI\s0 \f(CW\*(C`file:/foo/bar/cookie.pem\*(C'\fR, which can be +used by the application to get the objects in that file. +This can be applied to all schemes that can somehow support a listing +of object URIs. +.Sp +For \f(CW\*(C`file:\*(C'\fR URIs that are used without the explicit scheme, the +returned name will be the path of each object, so if \f(CW\*(C`/foo/bar\*(C'\fR was +given and that path has the file \f(CW\*(C`cookie.pem\*(C'\fR, the name +\&\f(CW\*(C`/foo/bar/cookie.pem\*(C'\fR will be returned. +.Sp +The returned \s-1URI\s0 is considered canonical and must be unique and permanent +for the storage where the object (or collection of objects) resides. +Each loader is responsible for ensuring that it only returns canonical +URIs. +However, it's possible that certain schemes allow an object (or collection +thereof) to be reached with alternative URIs; just because one \s-1URI\s0 is +canonical doesn't mean that other variants can't be used. +.Sp +At the discretion of the loader that was used to get these names, an +extra description may be attached as well. +.IP "\s-1OSSL_STORE_INFO_PARAMS\s0" 4 +.IX Item "OSSL_STORE_INFO_PARAMS" +Key parameters. +.IP "\s-1OSSL_STORE_INFO_PKEY\s0" 4 +.IX Item "OSSL_STORE_INFO_PKEY" +A private/public key of some sort. +.IP "\s-1OSSL_STORE_INFO_CERT\s0" 4 +.IX Item "OSSL_STORE_INFO_CERT" +An X.509 certificate. +.IP "\s-1OSSL_STORE_INFO_CRL\s0" 4 +.IX Item "OSSL_STORE_INFO_CRL" +A X.509 certificate revocation list. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOSSL_STORE_INFO_get_type()\fR returns the \s-1STORE\s0 type number of the given +\&\fB\s-1OSSL_STORE_INFO\s0\fR. +There is no error value. +.PP +\&\fIOSSL_STORE_INFO_get0_NAME()\fR, \fIOSSL_STORE_INFO_get0_NAME_description()\fR, +\&\fIOSSL_STORE_INFO_get0_PARAMS()\fR, \fIOSSL_STORE_INFO_get0_PKEY()\fR, +\&\fIOSSL_STORE_INFO_get0_CERT()\fR and \fIOSSL_STORE_INFO_get0_CRL()\fR all return +a pointer to the OpenSSL object on success, \s-1NULL\s0 otherwise. +.PP +\&\fIOSSL_STORE_INFO_get0_NAME()\fR, \fIOSSL_STORE_INFO_get0_NAME_description()\fR, +\&\fIOSSL_STORE_INFO_get0_PARAMS()\fR, \fIOSSL_STORE_INFO_get0_PKEY()\fR, +\&\fIOSSL_STORE_INFO_get0_CERT()\fR and \fIOSSL_STORE_INFO_get0_CRL()\fR all return +a pointer to a duplicate of the OpenSSL object on success, \s-1NULL\s0 otherwise. +.PP +\&\fIOSSL_STORE_INFO_type_string()\fR returns a string on success, or \fB\s-1NULL\s0\fR on +failure. +.PP +\&\fIOSSL_STORE_INFO_new_NAME()\fR, \fIOSSL_STORE_INFO_new_PARAMS()\fR, +\&\fIOSSL_STORE_INFO_new_PKEY()\fR, \fIOSSL_STORE_INFO_new_CERT()\fR and +\&\fIOSSL_STORE_INFO_new_CRL()\fR return a \fB\s-1OSSL_STORE_INFO\s0\fR +pointer on success, or \fB\s-1NULL\s0\fR on failure. +.PP +\&\fIOSSL_STORE_INFO_set0_NAME_description()\fR returns 1 on success, or 0 on +failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIossl_store\fR\|(7), \fIOSSL_STORE_open\fR\|(3), \fIOSSL_STORE_register_loader\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1\fIOSSL_STORE_INFO\s0()\fR, \fIOSSL_STORE_INFO_get_type()\fR, \fIOSSL_STORE_INFO_get0_NAME()\fR, +\&\fIOSSL_STORE_INFO_get0_PARAMS()\fR, \fIOSSL_STORE_INFO_get0_PKEY()\fR, +\&\fIOSSL_STORE_INFO_get0_CERT()\fR, \fIOSSL_STORE_INFO_get0_CRL()\fR, +\&\fIOSSL_STORE_INFO_type_string()\fR, \fIOSSL_STORE_INFO_free()\fR, \fIOSSL_STORE_INFO_new_NAME()\fR, +\&\fIOSSL_STORE_INFO_new_PARAMS()\fR, \fIOSSL_STORE_INFO_new_PKEY()\fR, +\&\fIOSSL_STORE_INFO_new_CERT()\fR and \fIOSSL_STORE_INFO_new_CRL()\fR +were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/OSSL_STORE_LOADER.3 b/linux_amd64/share/man/man3/OSSL_STORE_LOADER.3 new file mode 100755 index 0000000..08f4d6a --- /dev/null +++ b/linux_amd64/share/man/man3/OSSL_STORE_LOADER.3 @@ -0,0 +1,364 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_STORE_LOADER 3" +.TH OSSL_STORE_LOADER 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_STORE_LOADER, OSSL_STORE_LOADER_CTX, OSSL_STORE_LOADER_new, +OSSL_STORE_LOADER_get0_engine, OSSL_STORE_LOADER_get0_scheme, +OSSL_STORE_LOADER_set_open, OSSL_STORE_LOADER_set_ctrl, +OSSL_STORE_LOADER_set_expect, OSSL_STORE_LOADER_set_find, +OSSL_STORE_LOADER_set_load, OSSL_STORE_LOADER_set_eof, +OSSL_STORE_LOADER_set_error, OSSL_STORE_LOADER_set_close, +OSSL_STORE_LOADER_free, OSSL_STORE_register_loader, +OSSL_STORE_unregister_loader, OSSL_STORE_open_fn, OSSL_STORE_ctrl_fn, +OSSL_STORE_expect_fn, OSSL_STORE_find_fn, +OSSL_STORE_load_fn, OSSL_STORE_eof_fn, OSSL_STORE_error_fn, +OSSL_STORE_close_fn \- Types and functions to manipulate, register and +unregister STORE loaders for different URI schemes +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct ossl_store_loader_st OSSL_STORE_LOADER; +\& +\& OSSL_STORE_LOADER *OSSL_STORE_LOADER_new(ENGINE *e, const char *scheme); +\& const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER +\& *store_loader); +\& const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER +\& *store_loader); +\& +\& /* struct ossl_store_loader_ctx_st is defined differently by each loader */ +\& typedef struct ossl_store_loader_ctx_st OSSL_STORE_LOADER_CTX; +\& +\& typedef OSSL_STORE_LOADER_CTX *(*OSSL_STORE_open_fn)(const char *uri, +\& const UI_METHOD *ui_method, +\& void *ui_data); +\& int OSSL_STORE_LOADER_set_open(OSSL_STORE_LOADER *store_loader, +\& OSSL_STORE_open_fn store_open_function); +\& typedef int (*OSSL_STORE_ctrl_fn)(OSSL_STORE_LOADER_CTX *ctx, int cmd, +\& va_list args); +\& int OSSL_STORE_LOADER_set_ctrl(OSSL_STORE_LOADER *store_loader, +\& OSSL_STORE_ctrl_fn store_ctrl_function); +\& typedef int (*OSSL_STORE_expect_fn)(OSSL_STORE_LOADER_CTX *ctx, int expected); +\& int OSSL_STORE_LOADER_set_expect(OSSL_STORE_LOADER *loader, +\& OSSL_STORE_expect_fn expect_function); +\& typedef int (*OSSL_STORE_find_fn)(OSSL_STORE_LOADER_CTX *ctx, +\& OSSL_STORE_SEARCH *criteria); +\& int OSSL_STORE_LOADER_set_find(OSSL_STORE_LOADER *loader, +\& OSSL_STORE_find_fn find_function); +\& typedef OSSL_STORE_INFO *(*OSSL_STORE_load_fn)(OSSL_STORE_LOADER_CTX *ctx, +\& UI_METHOD *ui_method, +\& void *ui_data); +\& int OSSL_STORE_LOADER_set_load(OSSL_STORE_LOADER *store_loader, +\& OSSL_STORE_load_fn store_load_function); +\& typedef int (*OSSL_STORE_eof_fn)(OSSL_STORE_LOADER_CTX *ctx); +\& int OSSL_STORE_LOADER_set_eof(OSSL_STORE_LOADER *store_loader, +\& OSSL_STORE_eof_fn store_eof_function); +\& typedef int (*OSSL_STORE_error_fn)(OSSL_STORE_LOADER_CTX *ctx); +\& int OSSL_STORE_LOADER_set_error(OSSL_STORE_LOADER *store_loader, +\& OSSL_STORE_error_fn store_error_function); +\& typedef int (*OSSL_STORE_close_fn)(OSSL_STORE_LOADER_CTX *ctx); +\& int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *store_loader, +\& OSSL_STORE_close_fn store_close_function); +\& void OSSL_STORE_LOADER_free(OSSL_STORE_LOADER *store_loader); +\& +\& int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader); +\& OSSL_STORE_LOADER *OSSL_STORE_unregister_loader(const char *scheme); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions help applications and engines to create loaders for +schemes they support. +.SS "Types" +.IX Subsection "Types" +\&\fB\s-1OSSL_STORE_LOADER\s0\fR is the type to hold a loader. +It contains a scheme and the functions needed to implement +\&\fIOSSL_STORE_open()\fR, \fIOSSL_STORE_load()\fR, \fIOSSL_STORE_eof()\fR, \fIOSSL_STORE_error()\fR and +\&\fIOSSL_STORE_close()\fR for this scheme. +.PP +\&\fB\s-1OSSL_STORE_LOADER_CTX\s0\fR is a type template, to be defined by each loader +using \fBstruct ossl_store_loader_ctx_st { ... }\fR. +.PP +\&\fBOSSL_STORE_open_fn\fR, \fBOSSL_STORE_ctrl_fn\fR, \fBOSSL_STORE_expect_fn\fR, +\&\fBOSSL_STORE_find_fn\fR, \fBOSSL_STORE_load_fn\fR, \fBOSSL_STORE_eof_fn\fR, +and \fBOSSL_STORE_close_fn\fR +are the function pointer types used within a \s-1STORE\s0 loader. +The functions pointed at define the functionality of the given loader. +.IP "\fBOSSL_STORE_open_fn\fR" 4 +.IX Item "OSSL_STORE_open_fn" +This function takes a \s-1URI\s0 and is expected to interpret it in the best +manner possible according to the scheme the loader implements, it also +takes a \fB\s-1UI_METHOD\s0\fR and associated data, to be used any time +something needs to be prompted for. +Furthermore, this function is expected to initialize what needs to be +initialized, to create a private data store (\fB\s-1OSSL_STORE_LOADER_CTX\s0\fR, see +above), and to return it. +If something goes wrong, this function is expected to return \s-1NULL\s0. +.IP "\fBOSSL_STORE_ctrl_fn\fR" 4 +.IX Item "OSSL_STORE_ctrl_fn" +This function takes a \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer, a command number +\&\fBcmd\fR and a \fBva_list\fR \fBargs\fR and is used to manipulate loader +specific parameters. +.Sp +Loader specific command numbers must begin at \fB\s-1OSSL_STORE_C_CUSTOM_START\s0\fR. +Any number below that is reserved for future globally known command +numbers. +.Sp +This function is expected to return 1 on success, 0 on error. +.IP "\fBOSSL_STORE_expect_fn\fR" 4 +.IX Item "OSSL_STORE_expect_fn" +This function takes a \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer and a \fB\s-1OSSL_STORE_INFO\s0\fR +identity \fBexpected\fR, and is used to tell the loader what object type is +expected. +\&\fBexpected\fR may be zero to signify that no specific object type is expected. +.Sp +This function is expected to return 1 on success, 0 on error. +.IP "\fBOSSL_STORE_find_fn\fR" 4 +.IX Item "OSSL_STORE_find_fn" +This function takes a \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer and a +\&\fB\s-1OSSL_STORE_SEARCH\s0\fR search criterion, and is used to tell the loader what +to search for. +.Sp +When called with the loader context being \fB\s-1NULL\s0\fR, this function is expected +to return 1 if the loader supports the criterion, otherwise 0. +.Sp +When called with the loader context being something other than \fB\s-1NULL\s0\fR, this +function is expected to return 1 on success, 0 on error. +.IP "\fBOSSL_STORE_load_fn\fR" 4 +.IX Item "OSSL_STORE_load_fn" +This function takes a \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer and a \fB\s-1UI_METHOD\s0\fR +with associated data. +It's expected to load the next available data, mold it into a data +structure that can be wrapped in a \fB\s-1OSSL_STORE_INFO\s0\fR using one of the +\&\s-1\fIOSSL_STORE_INFO\s0\fR\|(3) functions. +If no more data is available or an error occurs, this function is +expected to return \s-1NULL\s0. +The \fBOSSL_STORE_eof_fn\fR and \fBOSSL_STORE_error_fn\fR functions must indicate if +it was in fact the end of data or if an error occurred. +.Sp +Note that this function retrieves \fIone\fR data item only. +.IP "\fBOSSL_STORE_eof_fn\fR" 4 +.IX Item "OSSL_STORE_eof_fn" +This function takes a \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer and is expected to +return 1 to indicate that the end of available data has been reached. +It is otherwise expected to return 0. +.IP "\fBOSSL_STORE_error_fn\fR" 4 +.IX Item "OSSL_STORE_error_fn" +This function takes a \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer and is expected to +return 1 to indicate that an error occurred in a previous call to the +\&\fBOSSL_STORE_load_fn\fR function. +It is otherwise expected to return 0. +.IP "\fBOSSL_STORE_close_fn\fR" 4 +.IX Item "OSSL_STORE_close_fn" +This function takes a \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer and is expected to +close or shut down what needs to be closed, and finally free the +contents of the \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer. +It returns 1 on success and 0 on error. +.SS "Functions" +.IX Subsection "Functions" +\&\fIOSSL_STORE_LOADER_new()\fR creates a new \fB\s-1OSSL_STORE_LOADER\s0\fR. +It takes an \fB\s-1ENGINE\s0\fR \fBe\fR and a string \fBscheme\fR. +\&\fBscheme\fR must \fIalways\fR be set. +Both \fBe\fR and \fBscheme\fR are used as is and must therefore be alive as +long as the created loader is. +.PP +\&\fIOSSL_STORE_LOADER_get0_engine()\fR returns the engine of the \fBstore_loader\fR. +\&\fIOSSL_STORE_LOADER_get0_scheme()\fR returns the scheme of the \fBstore_loader\fR. +.PP +\&\fIOSSL_STORE_LOADER_set_open()\fR sets the opener function for the +\&\fBstore_loader\fR. +.PP +\&\fIOSSL_STORE_LOADER_set_ctrl()\fR sets the control function for the +\&\fBstore_loader\fR. +.PP +\&\fIOSSL_STORE_LOADER_set_expect()\fR sets the expect function for the +\&\fBstore_loader\fR. +.PP +\&\fIOSSL_STORE_LOADER_set_load()\fR sets the loader function for the +\&\fBstore_loader\fR. +.PP +\&\fIOSSL_STORE_LOADER_set_eof()\fR sets the end of file checker function for the +\&\fBstore_loader\fR. +.PP +\&\fIOSSL_STORE_LOADER_set_close()\fR sets the closing function for the +\&\fBstore_loader\fR. +.PP +\&\fIOSSL_STORE_LOADER_free()\fR frees the given \fBstore_loader\fR. +.PP +\&\fIOSSL_STORE_register_loader()\fR register the given \fBstore_loader\fR and thereby +makes it available for use with \fIOSSL_STORE_open()\fR, \fIOSSL_STORE_load()\fR, +\&\fIOSSL_STORE_eof()\fR and \fIOSSL_STORE_close()\fR. +.PP +\&\fIOSSL_STORE_unregister_loader()\fR unregister the store loader for the given +\&\fBscheme\fR. +.SH "NOTES" +.IX Header "NOTES" +The \fBfile:\fR scheme has built in support. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The functions with the types \fBOSSL_STORE_open_fn\fR, \fBOSSL_STORE_ctrl_fn\fR, +\&\fBOSSL_STORE_expect_fn\fR, +\&\fBOSSL_STORE_load_fn\fR, \fBOSSL_STORE_eof_fn\fR and \fBOSSL_STORE_close_fn\fR have the +same return values as \fIOSSL_STORE_open()\fR, \fIOSSL_STORE_ctrl()\fR, \fIOSSL_STORE_expect()\fR, +\&\fIOSSL_STORE_load()\fR, \fIOSSL_STORE_eof()\fR and \fIOSSL_STORE_close()\fR, respectively. +.PP +\&\fIOSSL_STORE_LOADER_new()\fR returns a pointer to a \fB\s-1OSSL_STORE_LOADER\s0\fR on success, +or \fB\s-1NULL\s0\fR on failure. +.PP +\&\fIOSSL_STORE_LOADER_set_open()\fR, \fIOSSL_STORE_LOADER_set_ctrl()\fR, +\&\fIOSSL_STORE_LOADER_set_load()\fR, \fIOSSL_STORE_LOADER_set_eof()\fR and +\&\fIOSSL_STORE_LOADER_set_close()\fR return 1 on success, or 0 on failure. +.PP +\&\fIOSSL_STORE_register_loader()\fR returns 1 on success, or 0 on failure. +.PP +\&\fIOSSL_STORE_unregister_loader()\fR returns the unregistered loader on success, +or \fB\s-1NULL\s0\fR on failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIossl_store\fR\|(7), \fIOSSL_STORE_open\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1\fIOSSL_STORE_LOADER\s0()\fR, \s-1\fIOSSL_STORE_LOADER_CTX\s0()\fR, \fIOSSL_STORE_LOADER_new()\fR, +\&\fIOSSL_STORE_LOADER_set0_scheme()\fR, \fIOSSL_STORE_LOADER_set_open()\fR, +\&\fIOSSL_STORE_LOADER_set_ctrl()\fR, \fIOSSL_STORE_LOADER_set_load()\fR, +\&\fIOSSL_STORE_LOADER_set_eof()\fR, \fIOSSL_STORE_LOADER_set_close()\fR, +\&\fIOSSL_STORE_LOADER_free()\fR, \fIOSSL_STORE_register_loader()\fR, +\&\fIOSSL_STORE_unregister_loader()\fR, \fIOSSL_STORE_open_fn()\fR, \fIOSSL_STORE_ctrl_fn()\fR, +\&\fIOSSL_STORE_load_fn()\fR, \fIOSSL_STORE_eof_fn()\fR and \fIOSSL_STORE_close_fn()\fR +were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/OSSL_STORE_SEARCH.3 b/linux_amd64/share/man/man3/OSSL_STORE_SEARCH.3 new file mode 100755 index 0000000..55d9b2c --- /dev/null +++ b/linux_amd64/share/man/man3/OSSL_STORE_SEARCH.3 @@ -0,0 +1,303 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_STORE_SEARCH 3" +.TH OSSL_STORE_SEARCH 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_STORE_SEARCH, +OSSL_STORE_SEARCH_by_name, +OSSL_STORE_SEARCH_by_issuer_serial, +OSSL_STORE_SEARCH_by_key_fingerprint, +OSSL_STORE_SEARCH_by_alias, +OSSL_STORE_SEARCH_free, +OSSL_STORE_SEARCH_get_type, +OSSL_STORE_SEARCH_get0_name, +OSSL_STORE_SEARCH_get0_serial, +OSSL_STORE_SEARCH_get0_bytes, +OSSL_STORE_SEARCH_get0_string, +OSSL_STORE_SEARCH_get0_digest +\&\- Type and functions to create OSSL_STORE search criteria +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct ossl_store_search_st OSSL_STORE_SEARCH; +\& +\& OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_name(X509_NAME *name); +\& OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_issuer_serial(X509_NAME *name, +\& const ASN1_INTEGER +\& *serial); +\& OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_key_fingerprint(const EVP_MD *digest, +\& const unsigned char +\& *bytes, int len); +\& OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_alias(const char *alias); +\& +\& void OSSL_STORE_SEARCH_free(OSSL_STORE_SEARCH *search); +\& +\& int OSSL_STORE_SEARCH_get_type(const OSSL_STORE_SEARCH *criterion); +\& X509_NAME *OSSL_STORE_SEARCH_get0_name(OSSL_STORE_SEARCH *criterion); +\& const ASN1_INTEGER *OSSL_STORE_SEARCH_get0_serial(const OSSL_STORE_SEARCH +\& *criterion); +\& const unsigned char *OSSL_STORE_SEARCH_get0_bytes(const OSSL_STORE_SEARCH +\& *criterion, size_t *length); +\& const char *OSSL_STORE_SEARCH_get0_string(const OSSL_STORE_SEARCH *criterion); +\& const EVP_MD *OSSL_STORE_SEARCH_get0_digest(const OSSL_STORE_SEARCH +\& *criterion); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions are used to specify search criteria to help search for specific +objects through other names than just the \s-1URI\s0 that's given to \fIOSSL_STORE_open()\fR. +For example, this can be useful for an application that has received a \s-1URI\s0 +and then wants to add on search criteria in a uniform and supported manner. +.SS "Types" +.IX Subsection "Types" +\&\fB\s-1OSSL_STORE_SEARCH\s0\fR is an opaque type that holds the constructed search +criterion, and that can be given to an \s-1OSSL_STORE\s0 context with +\&\fIOSSL_STORE_find()\fR. +.PP +The calling application owns the allocation of an \fB\s-1OSSL_STORE_SEARCH\s0\fR at all +times, and should therefore be careful not to deallocate it before +\&\fIOSSL_STORE_close()\fR has been called for the \s-1OSSL_STORE\s0 context it was given +to. +.SS "Application Functions" +.IX Subsection "Application Functions" +\&\fIOSSL_STORE_SEARCH_by_name()\fR, +\&\fIOSSL_STORE_SEARCH_by_issuer_serial()\fR, +\&\fIOSSL_STORE_SEARCH_by_key_fingerprint()\fR, +and \fIOSSL_STORE_SEARCH_by_alias()\fR +are used to create an \fB\s-1OSSL_STORE_SEARCH\s0\fR from a subject name, an issuer name +and serial number pair, a key fingerprint, and an alias (for example a friendly +name). +The parameters that are provided are not copied, only referred to in a +criterion, so they must have at least the same life time as the created +\&\fB\s-1OSSL_STORE_SEARCH\s0\fR. +.PP +\&\fIOSSL_STORE_SEARCH_free()\fR is used to free the \fB\s-1OSSL_STORE_SEARCH\s0\fR. +.SS "Loader Functions" +.IX Subsection "Loader Functions" +\&\fIOSSL_STORE_SEARCH_get_type()\fR returns the criterion type for the given +\&\fB\s-1OSSL_STORE_SEARCH\s0\fR. +.PP +\&\fIOSSL_STORE_SEARCH_get0_name()\fR, \fIOSSL_STORE_SEARCH_get0_serial()\fR, +\&\fIOSSL_STORE_SEARCH_get0_bytes()\fR, \fIOSSL_STORE_SEARCH_get0_string()\fR, +and \fIOSSL_STORE_SEARCH_get0_digest()\fR +are used to retrieve different data from a \fB\s-1OSSL_STORE_SEARCH\s0\fR, as +available for each type. +For more information, see \*(L"\s-1SUPPORTED\s0 \s-1CRITERION\s0 \s-1TYPES\s0\*(R" below. +.SH "SUPPORTED CRITERION TYPES" +.IX Header "SUPPORTED CRITERION TYPES" +Currently supported criterion types are: +.IP "\s-1OSSL_STORE_SEARCH_BY_NAME\s0" 4 +.IX Item "OSSL_STORE_SEARCH_BY_NAME" +This criterion supports a search by exact match of subject name. +The subject name itself is a \fBX509_NAME\fR pointer. +A criterion of this type is created with \fIOSSL_STORE_SEARCH_by_name()\fR, +and the actual subject name is retrieved with \fIOSSL_STORE_SEARCH_get0_name()\fR. +.IP "\s-1OSSL_STORE_SEARCH_BY_ISSUER_SERIAL\s0" 4 +.IX Item "OSSL_STORE_SEARCH_BY_ISSUER_SERIAL" +This criterion supports a search by exact match of both issuer name and serial +number. +The issuer name itself is a \fBX509_NAME\fR pointer, and the serial number is +a \fB\s-1ASN1_INTEGER\s0\fR pointer. +A criterion of this type is created with \fIOSSL_STORE_SEARCH_by_issuer_serial()\fR +and the actual issuer name and serial number are retrieved with +\&\fIOSSL_STORE_SEARCH_get0_name()\fR and \fIOSSL_STORE_SEARCH_get0_serial()\fR. +.IP "\s-1OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT\s0" 4 +.IX Item "OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT" +This criterion supports a search by exact match of key fingerprint. +The key fingerprint in itself is a string of bytes and its length, as +well as the algorithm that was used to compute the fingerprint. +The digest may be left unspecified (\s-1NULL\s0), and in that case, the +loader has to decide on a default digest and compare fingerprints +accordingly. +A criterion of this type is created with \fIOSSL_STORE_SEARCH_by_key_fingerprint()\fR +and the actual fingerprint and its length can be retrieved with +\&\fIOSSL_STORE_SEARCH_get0_bytes()\fR. +The digest can be retrieved with \fIOSSL_STORE_SEARCH_get0_digest()\fR. +.IP "\s-1OSSL_STORE_SEARCH_BY_ALIAS\s0" 4 +.IX Item "OSSL_STORE_SEARCH_BY_ALIAS" +This criterion supports a search by match of an alias of some kind. +The alias in itself is a simple C string. +A criterion of this type is created with \fIOSSL_STORE_SEARCH_by_alias()\fR +and the actual alias is retrieved with \fIOSSL_STORE_SEARCH_get0_string()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOSSL_STORE_SEARCH_by_name()\fR, +\&\fIOSSL_STORE_SEARCH_by_issuer_serial()\fR, +\&\fIOSSL_STORE_SEARCH_by_key_fingerprint()\fR, +and \fIOSSL_STORE_SEARCH_by_alias()\fR +return a \fB\s-1OSSL_STORE_SEARCH\s0\fR pointer on success, or \fB\s-1NULL\s0\fR on failure. +.PP +\&\fIOSSL_STORE_SEARCH_get_type()\fR returns the criterion type of the given +\&\fB\s-1OSSL_STORE_SEARCH\s0\fR. +There is no error value. +.PP +\&\fIOSSL_STORE_SEARCH_get0_name()\fR returns a \fBX509_NAME\fR pointer on success, +or \fB\s-1NULL\s0\fR when the given \fB\s-1OSSL_STORE_SEARCH\s0\fR was of a different type. +.PP +\&\fIOSSL_STORE_SEARCH_get0_serial()\fR returns a \fB\s-1ASN1_INTEGER\s0\fR pointer on success, +or \fB\s-1NULL\s0\fR when the given \fB\s-1OSSL_STORE_SEARCH\s0\fR was of a different type. +.PP +\&\fIOSSL_STORE_SEARCH_get0_bytes()\fR returns a \fBconst unsigned char\fR pointer and +sets \fB*length\fR to the strings length on success, or \fB\s-1NULL\s0\fR when the given +\&\fB\s-1OSSL_STORE_SEARCH\s0\fR was of a different type. +.PP +\&\fIOSSL_STORE_SEARCH_get0_string()\fR returns a \fBconst char\fR pointer on success, +or \fB\s-1NULL\s0\fR when the given \fB\s-1OSSL_STORE_SEARCH\s0\fR was of a different type. +.PP +\&\fIOSSL_STORE_SEARCH_get0_digest()\fR returns a \fBconst \s-1EVP_MD\s0\fR pointer. +\&\fB\s-1NULL\s0\fR is a valid value and means that the store loader default will +be used when applicable. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIossl_store\fR\|(7), \fIOSSL_STORE_supports_search\fR\|(3), \fIOSSL_STORE_find\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fB\s-1OSSL_STORE_SEARCH\s0\fR, +\&\fIOSSL_STORE_SEARCH_by_name()\fR, +\&\fIOSSL_STORE_SEARCH_by_issuer_serial()\fR, +\&\fIOSSL_STORE_SEARCH_by_key_fingerprint()\fR, +\&\fIOSSL_STORE_SEARCH_by_alias()\fR, +\&\fIOSSL_STORE_SEARCH_free()\fR, +\&\fIOSSL_STORE_SEARCH_get_type()\fR, +\&\fIOSSL_STORE_SEARCH_get0_name()\fR, +\&\fIOSSL_STORE_SEARCH_get0_serial()\fR, +\&\fIOSSL_STORE_SEARCH_get0_bytes()\fR, +and \fIOSSL_STORE_SEARCH_get0_string()\fR +were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/OSSL_STORE_expect.3 b/linux_amd64/share/man/man3/OSSL_STORE_expect.3 new file mode 100755 index 0000000..c89d415 --- /dev/null +++ b/linux_amd64/share/man/man3/OSSL_STORE_expect.3 @@ -0,0 +1,200 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_STORE_EXPECT 3" +.TH OSSL_STORE_EXPECT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_STORE_expect, +OSSL_STORE_supports_search, +OSSL_STORE_find +\&\- Specify what object type is expected +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int OSSL_STORE_expect(OSSL_STORE_CTX *ctx, int expected_type); +\& +\& int OSSL_STORE_supports_search(OSSL_STORE_CTX *ctx, int criterion_type); +\& +\& int OSSL_STORE_find(OSSL_STORE_CTX *ctx, OSSL_STORE_SEARCH *search); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIOSSL_STORE_expect()\fR helps applications filter what \fIOSSL_STORE_load()\fR returns +by specifying a \fB\s-1OSSL_STORE_INFO\s0\fR type. +For example, if \f(CW\*(C`file:/foo/bar/store.pem\*(C'\fR contains several different objects +and only the certificates are interesting, the application can simply say +that it expects the type \fB\s-1OSSL_STORE_INFO_CERT\s0\fR. +All known object types (see \*(L"\s-1SUPPORTED\s0 \s-1OBJECTS\s0\*(R" in \s-1\fIOSSL_STORE_INFO\s0\fR\|(3)) +except for \fB\s-1OSSL_STORE_INFO_NAME\s0\fR are supported. +.PP +\&\fIOSSL_STORE_find()\fR helps applications specify a criterion for a more fine +grained search of objects. +.PP +\&\fIOSSL_STORE_supports_search()\fR checks if the loader of the given \s-1OSSL_STORE\s0 +context supports the given search type. +See \*(L"\s-1SUPPORTED\s0 \s-1CRITERION\s0 \s-1TYPES\s0\*(R" in \s-1\fIOSSL_STORE_SEARCH\s0\fR\|(3) for information on the +supported search criterion types. +.PP +\&\fIOSSL_STORE_expect()\fR and OSSL_STORE_find \fImust\fR be called before the first +\&\fIOSSL_STORE_load()\fR of a given session, or they will fail. +.SH "NOTES" +.IX Header "NOTES" +If a more elaborate filter is required by the application, a better choice +would be to use a post-processing function. +See \fIOSSL_STORE_open\fR\|(3) for more information. +.PP +However, some loaders may take advantage of the knowledge of an expected type +to make object retrieval more efficient, so if a single type is expected, this +method is usually preferable. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOSSL_STORE_expect()\fR returns 1 on success, or 0 on failure. +.PP +\&\fIOSSL_STORE_supports_search()\fR returns 1 if the criterion is supported, or 0 +otherwise. +.PP +\&\fIOSSL_STORE_find()\fR returns 1 on success, or 0 on failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIossl_store\fR\|(7), \s-1\fIOSSL_STORE_INFO\s0\fR\|(3), \s-1\fIOSSL_STORE_SEARCH\s0\fR\|(3), +\&\fIOSSL_STORE_load\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIOSSL_STORE_expect()\fR, \fIOSSL_STORE_supports_search()\fR and \fIOSSL_STORE_find()\fR +were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/OSSL_STORE_open.3 b/linux_amd64/share/man/man3/OSSL_STORE_open.3 new file mode 100755 index 0000000..a84f73b --- /dev/null +++ b/linux_amd64/share/man/man3/OSSL_STORE_open.3 @@ -0,0 +1,274 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_STORE_OPEN 3" +.TH OSSL_STORE_OPEN 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_STORE_CTX, OSSL_STORE_post_process_info_fn, OSSL_STORE_open, +OSSL_STORE_ctrl, OSSL_STORE_load, OSSL_STORE_eof, OSSL_STORE_error, +OSSL_STORE_close \- Types and functions to read objects from a URI +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct ossl_store_ctx_st OSSL_STORE_CTX; +\& +\& typedef OSSL_STORE_INFO *(*OSSL_STORE_post_process_info_fn)(OSSL_STORE_INFO *, +\& void *); +\& +\& OSSL_STORE_CTX *OSSL_STORE_open(const char *uri, const UI_METHOD *ui_method, +\& void *ui_data, +\& OSSL_STORE_post_process_info_fn post_process, +\& void *post_process_data); +\& int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd, ... /* args */); +\& OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx); +\& int OSSL_STORE_eof(OSSL_STORE_CTX *ctx); +\& int OSSL_STORE_error(OSSL_STORE_CTX *ctx); +\& int OSSL_STORE_close(OSSL_STORE_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions help the application to fetch supported objects (see +\&\*(L"\s-1SUPPORTED\s0 \s-1OBJECTS\s0\*(R" in \s-1\fIOSSL_STORE_INFO\s0\fR\|(3) for information on which those are) +from a given \s-1URI\s0 (see \*(L"\s-1SUPPORTED\s0 \s-1SCHEMES\s0\*(R" for more information on +the supported \s-1URI\s0 schemes). +The general method to do so is to \*(L"open\*(R" the \s-1URI\s0 using \fIOSSL_STORE_open()\fR, +read each available and supported object using \fIOSSL_STORE_load()\fR as long as +\&\fIOSSL_STORE_eof()\fR hasn't been reached, and finish it off with \fIOSSL_STORE_close()\fR. +.PP +The retrieved information is stored in a \fB\s-1OSSL_STORE_INFO\s0\fR, which is further +described in \s-1\fIOSSL_STORE_INFO\s0\fR\|(3). +.SS "Types" +.IX Subsection "Types" +\&\fB\s-1OSSL_STORE_CTX\s0\fR is a context variable that holds all the internal +information for \fIOSSL_STORE_open()\fR, \fIOSSL_STORE_load()\fR, \fIOSSL_STORE_eof()\fR and +\&\fIOSSL_STORE_close()\fR to work together. +.SS "Functions" +.IX Subsection "Functions" +\&\fIOSSL_STORE_open()\fR takes a uri or path \fBuri\fR, password \s-1UI\s0 method +\&\fBui_method\fR with associated data \fBui_data\fR, and post processing +callback \fBpost_process\fR with associated data \fBpost_process_data\fR, +opens a channel to the data located at that \s-1URI\s0 and returns a +\&\fB\s-1OSSL_STORE_CTX\s0\fR with all necessary internal information. +The given \fBui_method\fR and \fBui_data_data\fR will be reused by all +functions that use \fB\s-1OSSL_STORE_CTX\s0\fR when interaction is needed. +The given \fBpost_process\fR and \fBpost_process_data\fR will be reused by +\&\fIOSSL_STORE_load()\fR to manipulate or drop the value to be returned. +The \fBpost_process\fR function drops values by returning \fB\s-1NULL\s0\fR, which +will cause \fIOSSL_STORE_load()\fR to start its process over with loading +the next object, until \fBpost_process\fR returns something other than +\&\fB\s-1NULL\s0\fR, or the end of data is reached as indicated by \fIOSSL_STORE_eof()\fR. +.PP +\&\fIOSSL_STORE_ctrl()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR, and command number \fBcmd\fR and +more arguments not specified here. +The available loader specific command numbers and arguments they each +take depends on the loader that's used and is documented together with +that loader. +.PP +There are also global controls available: +.IP "\fB\s-1OSSL_STORE_C_USE_SECMEM\s0\fR" 4 +.IX Item "OSSL_STORE_C_USE_SECMEM" +Controls if the loader should attempt to use secure memory for any +allocated \fB\s-1OSSL_STORE_INFO\s0\fR and its contents. +This control expects one argument, a pointer to an \fBint\fR that is expected to +have the value 1 (yes) or 0 (no). +Any other value is an error. +.PP +\&\fIOSSL_STORE_load()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR, tries to load the next available +object and return it wrapped with \fB\s-1OSSL_STORE_INFO\s0\fR. +.PP +\&\fIOSSL_STORE_eof()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR and checks if we've reached the end +of data. +.PP +\&\fIOSSL_STORE_error()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR and checks if an error occurred in +the last \fIOSSL_STORE_load()\fR call. +Note that it may still be meaningful to try and load more objects, unless +\&\fIOSSL_STORE_eof()\fR shows that the end of data has been reached. +.PP +\&\fIOSSL_STORE_close()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR, closes the channel that was opened +by \fIOSSL_STORE_open()\fR and frees all other information that was stored in the +\&\fB\s-1OSSL_STORE_CTX\s0\fR, as well as the \fB\s-1OSSL_STORE_CTX\s0\fR itself. +.SH "SUPPORTED SCHEMES" +.IX Header "SUPPORTED SCHEMES" +The basic supported scheme is \fBfile:\fR. +Any other scheme can be added dynamically, using +\&\fIOSSL_STORE_register_loader()\fR. +.SH "NOTES" +.IX Header "NOTES" +A string without a scheme prefix (that is, a non-URI string) is +implicitly interpreted as using the \fIfile:\fR scheme. +.PP +There are some tools that can be used together with +\&\fIOSSL_STORE_open()\fR to determine if any failure is caused by an unparsable +\&\s-1URI\s0, or if it's a different error (such as memory allocation +failures); if the \s-1URI\s0 was parsable but the scheme unregistered, the +top error will have the reason \f(CW\*(C`OSSL_STORE_R_UNREGISTERED_SCHEME\*(C'\fR. +.PP +These functions make no direct assumption regarding the pass phrase received +from the password callback. +The loaders may make assumptions, however. +For example, the \fBfile:\fR scheme loader inherits the assumptions made by +OpenSSL functionality that handles the different file types; this is mostly +relevant for PKCS#12 objects. +See \fIpassphrase\-encoding\fR\|(7) for further information. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOSSL_STORE_open()\fR returns a pointer to a \fB\s-1OSSL_STORE_CTX\s0\fR on success, or +\&\fB\s-1NULL\s0\fR on failure. +.PP +\&\fIOSSL_STORE_load()\fR returns a pointer to a \fB\s-1OSSL_STORE_INFO\s0\fR on success, or +\&\fB\s-1NULL\s0\fR on error or when end of data is reached. +Use \fIOSSL_STORE_error()\fR and \fIOSSL_STORE_eof()\fR to determine the meaning of a +returned \fB\s-1NULL\s0\fR. +.PP +\&\fIOSSL_STORE_eof()\fR returns 1 if the end of data has been reached, otherwise +0. +.PP +\&\fIOSSL_STORE_error()\fR returns 1 if an error occurred in an \fIOSSL_STORE_load()\fR call, +otherwise 0. +.PP +\&\fIOSSL_STORE_ctrl()\fR and \fIOSSL_STORE_close()\fR returns 1 on success, or 0 on failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIossl_store\fR\|(7), \s-1\fIOSSL_STORE_INFO\s0\fR\|(3), \fIOSSL_STORE_register_loader\fR\|(3), +\&\fIpassphrase\-encoding\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1\fIOSSL_STORE_CTX\s0()\fR, \fIOSSL_STORE_post_process_info_fn()\fR, \fIOSSL_STORE_open()\fR, +\&\fIOSSL_STORE_ctrl()\fR, \fIOSSL_STORE_load()\fR, \fIOSSL_STORE_eof()\fR and \fIOSSL_STORE_close()\fR +were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/OSSL_trace_enabled.3 b/linux_amd64/share/man/man3/OSSL_trace_enabled.3 new file mode 100755 index 0000000..71a67e9 --- /dev/null +++ b/linux_amd64/share/man/man3/OSSL_trace_enabled.3 @@ -0,0 +1,419 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_TRACE_ENABLED 3" +.TH OSSL_TRACE_ENABLED 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_trace_enabled, OSSL_trace_begin, OSSL_trace_end, +OSSL_TRACE_BEGIN, OSSL_TRACE_END, OSSL_TRACE_CANCEL, +OSSL_TRACE, OSSL_TRACE1, OSSL_TRACE2, OSSL_TRACE3, OSSL_TRACE4, +OSSL_TRACE5, OSSL_TRACE6, OSSL_TRACE7, OSSL_TRACE8, OSSL_TRACE9, +OSSL_TRACEV, +OSSL_TRACE_ENABLED +\&\- OpenSSL Tracing API +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int OSSL_trace_enabled(int category); +\& +\& BIO *OSSL_trace_begin(int category); +\& void OSSL_trace_end(int category, BIO *channel); +\& +\& /* trace group macros */ +\& OSSL_TRACE_BEGIN(category) { +\& ... +\& if (some_error) { +\& /* Leave trace group prematurely in case of an error */ +\& OSSL_TRACE_CANCEL(category); +\& goto err; +\& } +\& ... +\& } OSSL_TRACE_END(category); +\& +\& /* one\-shot trace macros */ +\& OSSL_TRACE1(category, format, arg1) +\& OSSL_TRACE2(category, format, arg1, arg2) +\& ... +\& OSSL_TRACE9(category, format, arg1, ..., arg9) +\& +\& /* check whether a trace category is enabled */ +\& if (OSSL_TRACE_ENABLED(category)) { +\& ... +\& } +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The functions described here are mainly interesting for those who provide +OpenSSL functionality, either in OpenSSL itself or in engine modules +or similar. +.PP +If tracing is enabled (see \*(L"\s-1NOTES\s0\*(R" below), these functions are used to +generate free text tracing output. +.PP +The tracing output is divided into types which are enabled +individually by the application. +The tracing types are described in detail in +\&\*(L"Trace types\*(R" in \fIOSSL_trace_set_callback\fR\|(3). +The fallback type \f(CW\*(C`OSSL_TRACE_CATEGORY_ALL\*(C'\fR should \fInot\fR be used +with the functions described here. +.PP +Tracing for a specific category is enabled if a so called +\&\fItrace channel\fR is attached to it. A trace channel is simply a +\&\s-1BIO\s0 object to which the application can write its trace output. +.PP +The application has two different ways of registering a trace channel, +either by directly providing a \s-1BIO\s0 object using \fIOSSL_trace_set_channel()\fR, +or by providing a callback routine using \fIOSSL_trace_set_callback()\fR. +The latter is wrapped internally by a dedicated \s-1BIO\s0 object, so for the +tracing code both channel types are effectively indistinguishable. +We call them a \fIsimple trace channel\fR and a \fIcallback trace channel\fR, +respectively. +.PP +To produce trace output, it is necessary to obtain a pointer to the +trace channel (i.e., the \s-1BIO\s0 object) using \fIOSSL_trace_begin()\fR, write +to it using arbitrary \s-1BIO\s0 output routines, and finally releases the +channel using \fIOSSL_trace_end()\fR. The \fIOSSL_trace_begin()\fR/\fIOSSL_trace_end()\fR +calls surrounding the trace output create a group, which acts as a +critical section (guarded by a mutex) to ensure that the trace output +of different threads does not get mixed up. +.PP +The tracing code normally does not call OSSL_trace_{begin,end}() directly, +but rather uses a set of convenience macros, see the \*(L"Macros\*(R" section below. +.SS "Functions" +.IX Subsection "Functions" +\&\fIOSSL_trace_enabled()\fR can be used to check if tracing for the given +\&\f(CW\*(C`category\*(C'\fR is enabled. +.PP +\&\fIOSSL_trace_begin()\fR is used to starts a tracing section, and get the +channel for the given \f(CW\*(C`category\*(C'\fR in form of a \s-1BIO\s0. +This \s-1BIO\s0 can only be used for output. +.PP +\&\fIOSSL_trace_end()\fR is used to end a tracing section. +.PP +Using \fIOSSL_trace_begin()\fR and \fIOSSL_trace_end()\fR to wrap tracing sections +is \fImandatory\fR. +The result of trying to produce tracing output outside of such +sections is undefined. +.SS "Macros" +.IX Subsection "Macros" +There are a number of convenience macros defined, to make tracing +easy and consistent. +.PP +\&\f(CW\*(C`OSSL_TRACE_BEGIN(category)\*(C'\fR and \f(CW\*(C`OSSL_TRACE_END(category)\*(C'\fR reserve +the \fB\s-1BIO\s0\fR \f(CW\*(C`trc_out\*(C'\fR and are used as follows to wrap a trace section: +.PP +.Vb 1 +\& OSSL_TRACE_BEGIN(TLS) { +\& +\& BIO_fprintf(trc_out, ... ); +\& +\& } OSSL_TRACE_END(TLS); +.Ve +.PP +This will normally expand to: +.PP +.Vb 8 +\& do { +\& BIO *trc_out = OSSL_trace_begin(OSSL_TRACE_CATEGORY_TLS); +\& if (trc_out != NULL) { +\& ... +\& BIO_fprintf(trc_out, ...); +\& } +\& OSSL_trace_end(OSSL_TRACE_CATEGORY_TLS, trc_out); +\& } while (0); +.Ve +.PP +\&\f(CW\*(C`OSSL_TRACE_CANCEL(category)\*(C'\fR must be used before returning from or +jumping out of a trace section: +.PP +.Vb 1 +\& OSSL_TRACE_BEGIN(TLS) { +\& +\& if (some_error) { +\& OSSL_TRACE_CANCEL(TLS); +\& goto err; +\& } +\& BIO_fprintf(trc_out, ... ); +\& +\& } OSSL_TRACE_END(TLS); +.Ve +.PP +This will normally expand to: +.PP +.Vb 11 +\& do { +\& BIO *trc_out = OSSL_trace_begin(OSSL_TRACE_CATEGORY_TLS); +\& if (trc_out != NULL) { +\& if (some_error) { +\& OSSL_trace_end(OSSL_TRACE_CATEGORY_TLS, trc_out); +\& goto err; +\& } +\& BIO_fprintf(trc_out, ... ); +\& } +\& OSSL_trace_end(OSSL_TRACE_CATEGORY_TLS, trc_out); +\& } while (0); +.Ve +.PP +\&\f(CW\*(C`OSSL_TRACE()\*(C'\fR and \f(CW\*(C`OSSL_TRACE1()\*(C'\fR, \f(CW\*(C`OSSL_TRACE2()\*(C'\fR, ... \f(CW\*(C`OSSL_TRACE9()\*(C'\fR are +so-called one-shot macros: +.PP +The macro call \f(CW\*(C`OSSL_TRACE(category, text)\*(C'\fR, produces literal text trace output. +.PP +The macro call \f(CW\*(C`OSSL_TRACEn(category, format, arg1, ..., argn)\*(C'\fR produces +printf-style trace output with n format field arguments (n=1,...,9). +It expands to: +.PP +.Vb 3 +\& OSSL_TRACE_BEGIN(category) { +\& BIO_printf(trc_out, format, arg1, ..., argN) +\& } OSSL_TRACE_END(category) +.Ve +.PP +Internally, all one-shot macros are implemented using a generic \f(CW\*(C`OSSL_TRACEV()\*(C'\fR +macro, since C90 does not support variadic macros. This helper macro has a rather +weird synopsis and should not be used directly. +.PP +The \f(CW\*(C`OSSL_TRACE_ENABLED(category)\*(C'\fR macro can be used to conditionally execute +some code only if a specific trace category is enabled. +In some situations this is simpler than entering a trace section using +\&\f(CW\*(C`OSSL_TRACE_BEGIN(category)\*(C'\fR and \f(CW\*(C`OSSL_TRACE_END(category)\*(C'\fR. +For example, the code +.PP +.Vb 3 +\& if (OSSL_TRACE_ENABLED(TLS)) { +\& ... +\& } +.Ve +.PP +expands to +.PP +.Vb 3 +\& if (OSSL_trace_enabled(OSSL_TRACE_CATEGORY_TLS) { +\& ... +\& } +.Ve +.SH "NOTES" +.IX Header "NOTES" +If producing the trace output requires carrying out auxiliary calculations, +this auxiliary code should be placed inside a conditional block which is +executed only if the trace category is enabled. +.PP +The most natural way to do this is to place the code inside the trace section +itself because it already introduces such a conditional block. +.PP +.Vb 2 +\& OSSL_TRACE_BEGIN(TLS) { +\& int var = do_some_auxiliary_calculation(); +\& +\& BIO_printf(trc_out, "var = %d\en", var); +\& +\& } OSSL_TRACE_END(TLS); +.Ve +.PP +In some cases it is more advantageous to use a simple conditional group instead +of a trace section. This is the case if calculations and tracing happen in +different locations of the code, or if the calculations are so time consuming +that placing them inside a (critical) trace section would create too much +contention. +.PP +.Vb 2 +\& if (OSSL_TRACE_ENABLED(TLS)) { +\& int var = do_some_auxiliary_calculation(); +\& +\& OSSL_TRACE1("var = %d\en", var); +\& } +.Ve +.PP +Note however that premature optimization of tracing code is in general futile +and it's better to keep the tracing code as simple as possible. +Because most often the limiting factor for the application's speed is the time +it takes to print the trace output, not to calculate it. +.SS "Configure Tracing" +.IX Subsection "Configure Tracing" +By default, the OpenSSL library is built with tracing disabled. To +use the tracing functionality documented here, it is therefore +necessary to configure and build OpenSSL with the 'enable\-trace' option. +.PP +When the library is built with tracing disabled: +.IP "\(bu" 4 +The macro \f(CW\*(C`OPENSSL_NO_TRACE\*(C'\fR is defined in \f(CW\*(C`openssl/opensslconf.h\*(C'\fR. +.IP "\(bu" 4 +all functions are still present, bu \fIOSSL_trace_enabled()\fR will always +report the categories as disabled, and all other functions will do +nothing. +.IP "\(bu" 4 +the convenience macros are defined to produce dead code. +For example, take this example from \*(L"Macros\*(R" section above: +.Sp +.Vb 1 +\& OSSL_TRACE_BEGIN(TLS) { +\& +\& if (condition) { +\& OSSL_TRACE_CANCEL(TLS); +\& goto err; +\& } +\& BIO_fprintf(trc_out, ... ); +\& +\& } OSSL_TRACE_END(TLS); +.Ve +.Sp +When the tracing \s-1API\s0 isn't operational, that will expand to: +.Sp +.Vb 10 +\& do { +\& BIO *trc_out = NULL; +\& if (0) { +\& if (condition) { +\& ((void)0); +\& goto err; +\& } +\& BIO_fprintf(trc_out, ... ); +\& } +\& } while (0); +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOSSL_trace_enabled()\fR returns 1 if tracing for the given \fBtype\fR is +operational and enabled, otherwise 0. +.PP +\&\fIOSSL_trace_begin()\fR returns a \f(CW\*(C`BIO *\*(C'\fR if the given \fBtype\fR is enabled, +otherwise \f(CW\*(C`NULL\*(C'\fR. +.SH "HISTORY" +.IX Header "HISTORY" +The OpenSSL Tracing \s-1API\s0 was added ino OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/OSSL_trace_get_category_num.3 b/linux_amd64/share/man/man3/OSSL_trace_get_category_num.3 new file mode 100755 index 0000000..aada50e --- /dev/null +++ b/linux_amd64/share/man/man3/OSSL_trace_get_category_num.3 @@ -0,0 +1,167 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_TRACE_GET_CATEGORY_NUM 3" +.TH OSSL_TRACE_GET_CATEGORY_NUM 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_trace_get_category_num, OSSL_trace_get_category_name +\&\- OpenSSL tracing information functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int OSSL_trace_get_category_num(const char *name); +\& const char *OSSL_trace_get_category_name(int num); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIOSSL_trace_get_category_num()\fR gives the category number corresponding +to the given \f(CW\*(C`name\*(C'\fR. +.PP +\&\fIOSSL_trace_get_category_name()\fR gives the category name corresponding +to the given \f(CW\*(C`num\*(C'\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOSSL_trace_get_category_num()\fR returns the category number if the given +\&\f(CW\*(C`name\*(C'\fR is a recognised category name, otherwise \-1. +.PP +\&\fIOSSL_trace_get_category_name()\fR returns the category name if the given +\&\f(CW\*(C`num\*(C'\fR is a recognised category number, otherwise \s-1NULL\s0. +.SH "HISTORY" +.IX Header "HISTORY" +The OpenSSL Tracing \s-1API\s0 was added ino OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/OSSL_trace_set_channel.3 b/linux_amd64/share/man/man3/OSSL_trace_set_channel.3 new file mode 100755 index 0000000..770b1ea --- /dev/null +++ b/linux_amd64/share/man/man3/OSSL_trace_set_channel.3 @@ -0,0 +1,429 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_TRACE_SET_CHANNEL 3" +.TH OSSL_TRACE_SET_CHANNEL 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_trace_set_channel, OSSL_trace_set_prefix, OSSL_trace_set_suffix, +OSSL_trace_set_callback, OSSL_trace_cb \- Enabling trace output +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef size_t (*OSSL_trace_cb)(const char *buf, size_t cnt, +\& int category, int cmd, void *data); +\& +\& void OSSL_trace_set_channel(int category, BIO *bio); +\& void OSSL_trace_set_prefix(int category, const char *prefix); +\& void OSSL_trace_set_suffix(int category, const char *suffix); +\& void OSSL_trace_set_callback(int category, OSSL_trace_cb cb, void *data); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +If available (see \*(L"\s-1NOTES\s0\*(R" below), the application can request +internal trace output. +This output comes in form of free text for humans to read. +.PP +The trace output is divided into categories which can be +enabled individually. +Every category can be enabled individually by attaching a so called +\&\fItrace channel\fR to it, which in the simplest case is just a \s-1BIO\s0 object +to which the application can write the tracing output for this category. +Alternatively, the application can provide a tracer callback in order to +get more finegrained trace information. This callback will be wrapped +internally by a dedicated \s-1BIO\s0 object. +.PP +For the tracing code, both trace channel types are indistinguishable. +These are called a \fIsimple trace channel\fR and a \fIcallback trace channel\fR, +respectively. +.SS "Functions" +.IX Subsection "Functions" +\&\fIOSSL_trace_set_channel()\fR is used to enable the given trace \f(CW\*(C`category\*(C'\fR +by attaching the \fB\s-1BIO\s0\fR \f(CW\*(C`bio\*(C'\fR object as (simple) trace channel. +.PP +\&\fIOSSL_trace_set_prefix()\fR and \fIOSSL_trace_set_suffix()\fR can be used to add +an extra line for each channel, to be output before and after group of +tracing output. +What constitues an output group is decided by the code that produces +the output. +The lines given here are considered immutable; for more dynamic +tracing prefixes, consider setting a callback with +\&\fIOSSL_trace_set_callback()\fR instead. +.PP +\&\fIOSSL_trace_set_callback()\fR is used to enable the given trace +\&\f(CW\*(C`category\*(C'\fR by giving it the tracer callback \f(CW\*(C`cb\*(C'\fR with the associated +data \f(CW\*(C`data\*(C'\fR, which will simply be passed through to \f(CW\*(C`cb\*(C'\fR whenever +it's called. The callback function is internally wrapped by a +dedicated \s-1BIO\s0 object, the so called \fIcallback trace channel\fR. +This should be used when it's desirable to do form the trace output to +something suitable for application needs where a prefix and suffix +line aren't enough. +.PP +\&\fIOSSL_trace_set_channel()\fR and \fIOSSL_trace_set_callback()\fR are mutually +exclusive, calling one of them will clear whatever was set by the +previous call. +.PP +Calling \fIOSSL_trace_set_channel()\fR with \f(CW\*(C`NULL\*(C'\fR for \f(CW\*(C`channel\*(C'\fR or +\&\fIOSSL_trace_set_callback()\fR with \f(CW\*(C`NULL\*(C'\fR for \f(CW\*(C`cb\*(C'\fR disables tracing for +the given \f(CW\*(C`category\*(C'\fR +.SS "Trace callback" +.IX Subsection "Trace callback" +The tracer callback must return a \f(CW\*(C`size_t\*(C'\fR, which must be zero on +error and otherwise return the number of bytes that were output. +It receives a text buffer \f(CW\*(C`buf\*(C'\fR with \f(CW\*(C`cnt\*(C'\fR bytes of text, as well as +the \f(CW\*(C`category\*(C'\fR, a control number \f(CW\*(C`cmd\*(C'\fR, and the \f(CW\*(C`data\*(C'\fR that was +passed to \fIOSSL_trace_set_callback()\fR. +.PP +The possible control numbers are: +.ie n .IP """OSSL_TRACE_CTRL_BEGIN""" 4 +.el .IP "\f(CWOSSL_TRACE_CTRL_BEGIN\fR" 4 +.IX Item "OSSL_TRACE_CTRL_BEGIN" +The callback is called from \fIOSSL_trace_begin()\fR, which gives the +callback the possibility to output a dynamic starting line, or set a +prefix that should be output at the beginning of each line, or +something other. +.ie n .IP """OSSL_TRACE_CTRL_WRITE""" 4 +.el .IP "\f(CWOSSL_TRACE_CTRL_WRITE\fR" 4 +.IX Item "OSSL_TRACE_CTRL_WRITE" +This callback is called whenever data is written to the \s-1BIO\s0 by some +regular \s-1BIO\s0 output routine. +An arbitrary number of \f(CW\*(C`OSSL_TRACE_CTRL_WRITE\*(C'\fR callbacks can occur +inside a group marked by a pair of \f(CW\*(C`OSSL_TRACE_CTRL_BEGIN\*(C'\fR and +\&\f(CW\*(C`OSSL_TRACE_CTRL_END\*(C'\fR calls, but never outside such a group. +.ie n .IP """OSSL_TRACE_CTRL_END""" 4 +.el .IP "\f(CWOSSL_TRACE_CTRL_END\fR" 4 +.IX Item "OSSL_TRACE_CTRL_END" +The callback is called from \fIOSSL_trace_end()\fR, which gives the callback +the possibility to output a dynamic ending line, or reset the line +prefix that was set with \s-1OSSL_TRACE_CTRL_BEGIN\s0, or something other. +.SS "Trace categories" +.IX Subsection "Trace categories" +The trace categories are simple numbers available through macros. +.ie n .IP """OSSL_TRACE_CATEGORY_TRACE""" 4 +.el .IP "\f(CWOSSL_TRACE_CATEGORY_TRACE\fR" 4 +.IX Item "OSSL_TRACE_CATEGORY_TRACE" +Traces the OpenSSL trace \s-1API\s0 itself. +.Sp +More precisely, this will generate trace output any time a new +trace hook is set. +.ie n .IP """OSSL_TRACE_CATEGORY_INIT""" 4 +.el .IP "\f(CWOSSL_TRACE_CATEGORY_INIT\fR" 4 +.IX Item "OSSL_TRACE_CATEGORY_INIT" +Traces OpenSSL library initialization and cleanup. +.Sp +This needs special care, as OpenSSL will do automatic cleanup after +exit from \f(CW\*(C`main()\*(C'\fR, and any tracing output done during this cleanup +will be lost if the tracing channel or callback were cleaned away +prematurely. +A suggestion is to make such cleanup part of a function that's +registered very early with \fIatexit\fR\|(3). +.ie n .IP """OSSL_TRACE_CATEGORY_TLS""" 4 +.el .IP "\f(CWOSSL_TRACE_CATEGORY_TLS\fR" 4 +.IX Item "OSSL_TRACE_CATEGORY_TLS" +Traces the \s-1TLS/SSL\s0 protocol. +.ie n .IP """OSSL_TRACE_CATEGORY_TLS_CIPHER""" 4 +.el .IP "\f(CWOSSL_TRACE_CATEGORY_TLS_CIPHER\fR" 4 +.IX Item "OSSL_TRACE_CATEGORY_TLS_CIPHER" +Traces the ciphers used by the \s-1TLS/SSL\s0 protocol. +.ie n .IP """OSSL_TRACE_CATEGORY_ENGINE_CONF""" 4 +.el .IP "\f(CWOSSL_TRACE_CATEGORY_ENGINE_CONF\fR" 4 +.IX Item "OSSL_TRACE_CATEGORY_ENGINE_CONF" +Traces the \s-1ENGINE\s0 configuration. +.ie n .IP """OSSL_TRACE_CATEGORY_ENGINE_TABLE""" 4 +.el .IP "\f(CWOSSL_TRACE_CATEGORY_ENGINE_TABLE\fR" 4 +.IX Item "OSSL_TRACE_CATEGORY_ENGINE_TABLE" +Traces the \s-1ENGINE\s0 algorithm table selection. +.Sp +More precisely, \fIengine_table_select()\fR, the function that is used by +\&\s-1RSA\s0, \s-1DSA\s0 (etc) code to select registered ENGINEs, cache defaults and +functional references (etc), will generate trace summaries. +.ie n .IP """OSSL_TRACE_CATEGORY_ENGINE_REF_COUNT""" 4 +.el .IP "\f(CWOSSL_TRACE_CATEGORY_ENGINE_REF_COUNT\fR" 4 +.IX Item "OSSL_TRACE_CATEGORY_ENGINE_REF_COUNT" +Tracds the \s-1ENGINE\s0 reference counting. +.Sp +More precisely, both reference counts in the \s-1ENGINE\s0 structure will be +monitored with a line of trace output generated for each change. +.ie n .IP """OSSL_TRACE_CATEGORY_PKCS5V2""" 4 +.el .IP "\f(CWOSSL_TRACE_CATEGORY_PKCS5V2\fR" 4 +.IX Item "OSSL_TRACE_CATEGORY_PKCS5V2" +Traces PKCS#5 v2 key generation. +.ie n .IP """OSSL_TRACE_CATEGORY_PKCS12_KEYGEN""" 4 +.el .IP "\f(CWOSSL_TRACE_CATEGORY_PKCS12_KEYGEN\fR" 4 +.IX Item "OSSL_TRACE_CATEGORY_PKCS12_KEYGEN" +Traces PKCS#12 key generation. +.ie n .IP """OSSL_TRACE_CATEGORY_PKCS12_DECRYPT""" 4 +.el .IP "\f(CWOSSL_TRACE_CATEGORY_PKCS12_DECRYPT\fR" 4 +.IX Item "OSSL_TRACE_CATEGORY_PKCS12_DECRYPT" +Traces PKCS#12 decryption. +.ie n .IP """OSSL_TRACE_CATEGORY_X509V3_POLICY""" 4 +.el .IP "\f(CWOSSL_TRACE_CATEGORY_X509V3_POLICY\fR" 4 +.IX Item "OSSL_TRACE_CATEGORY_X509V3_POLICY" +Traces X509v3 policy processing. +.Sp +More precisely, this generates the complete policy tree at various +point during evaluation. +.ie n .IP """OSSL_TRACE_CATEGORY_BN_CTX""" 4 +.el .IP "\f(CWOSSL_TRACE_CATEGORY_BN_CTX\fR" 4 +.IX Item "OSSL_TRACE_CATEGORY_BN_CTX" +Traces \s-1BIGNUM\s0 context operations. +.ie n .IP """OSSL_TRACE_CATEGORY_PROVIDER_CONF""" 4 +.el .IP "\f(CWOSSL_TRACE_CATEGORY_PROVIDER_CONF\fR" 4 +.IX Item "OSSL_TRACE_CATEGORY_PROVIDER_CONF" +Traces the \s-1OSSL_PROVIDER\s0 configuration. +.PP +There is also \f(CW\*(C`OSSL_TRACE_CATEGORY_ALL\*(C'\fR, which works as a fallback +and can be used to get \fIall\fR trace output. +.PP +Note, however, that in this case all trace output will effectively be +associated with the '\s-1ALL\s0' category, which is undesirable if the +application intends to include the category name in the trace output. +In this case it is better to register separate channels for each +trace category instead. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOSSL_trace_set_channel()\fR, \fIOSSL_trace_set_prefix()\fR, +\&\fIOSSL_trace_set_suffix()\fR, and \fIOSSL_trace_set_callback()\fR return 1 on +success, or 0 on failure. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +In all examples below, the trace producing code is assumed to be +the following: +.PP +.Vb 3 +\& int foo = 42; +\& const char bar[] = { 0, 1, 2, 3, 4, 5, 6, 7, +\& 8, 9, 10, 11, 12, 13, 14, 15 }; +\& +\& OSSL_TRACE_BEGIN(TLS) { +\& BIO_puts(trc_out, "foo: "); +\& BIO_printf(trc_out, "%d\en", foo); +\& BIO_dump(trc_out, bar, sizeof(bar)); +\& } OSSL_TRACE_END(TLS); +.Ve +.SS "Simple example" +.IX Subsection "Simple example" +An example with just a channel and constant prefix / suffix. +.PP +.Vb 6 +\& int main(int argc, char *argv[]) +\& { +\& BIO *err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); +\& OSSL_trace_set_channel(OSSL_TRACE_CATEGORY_SSL, err); +\& OSSL_trace_set_prefix(OSSL_TRACE_CATEGORY_SSL, "BEGIN TRACE[TLS]"); +\& OSSL_trace_set_suffix(OSSL_TRACE_CATEGORY_SSL, "END TRACE[TLS]"); +\& +\& /* ... work ... */ +\& } +.Ve +.PP +When the trace producing code above is performed, this will be output +on standard error: +.PP +.Vb 4 +\& BEGIN TRACE[TLS] +\& foo: 42 +\& 0000 \- 00 01 02 03 04 05 06 07\-08 09 0a 0b 0c 0d 0e 0f ................ +\& END TRACE[TLS] +.Ve +.SS "Advanced example" +.IX Subsection "Advanced example" +This example uses the callback, and depends on pthreads functionality. +.PP +.Vb 5 +\& static size_t cb(const char *buf, size_t cnt, +\& int category, int cmd, void *vdata) +\& { +\& BIO *bio = vdata; +\& const char *label = NULL; +\& +\& switch (cmd) { +\& case OSSL_TRACE_CTRL_BEGIN: +\& label = "BEGIN"; +\& break; +\& case OSSL_TRACE_CTRL_END: +\& label = "END"; +\& break; +\& } +\& +\& if (label != NULL) { +\& union { +\& pthread_t tid; +\& unsigned long ltid; +\& } tid; +\& +\& tid.tid = pthread_self(); +\& BIO_printf(bio, "%s TRACE[%s]:%lx\en", +\& label, OSSL_trace_get_category_name(category), tid.ltid); +\& } +\& return (size_t)BIO_puts(bio, buf); +\& } +\& +\& int main(int argc, char *argv[]) +\& { +\& BIO *err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); +\& OSSL_trace_set_callback(OSSL_TRACE_CATEGORY_SSL, cb, err); +\& +\& /* ... work ... */ +\& } +.Ve +.PP +The output is almost the same as for the simple example above. +.PP +.Vb 4 +\& BEGIN TRACE[TLS]:7f9eb0193b80 +\& foo: 42 +\& 0000 \- 00 01 02 03 04 05 06 07\-08 09 0a 0b 0c 0d 0e 0f ................ +\& END TRACE[TLS]:7f9eb0193b80 +.Ve +.SH "NOTES" +.IX Header "NOTES" +.SS "Configure Tracing" +.IX Subsection "Configure Tracing" +By default, the OpenSSL library is built with tracing disabled. To +use the tracing functionality documented here, it is therefore +necessary to configure and build OpenSSL with the 'enable\-trace' option. +.PP +When the library is built with tracing disabled, the macro +\&\f(CW\*(C`OPENSSL_NO_TRACE\*(C'\fR is defined in \f(CW\*(C`openssl/opensslconf.h\*(C'\fR and all +functions described here are inoperational, i.e. will do nothing. +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIOSSL_trace_set_channel()\fR, \fIOSSL_trace_set_prefix()\fR, +\&\fIOSSL_trace_set_suffix()\fR, and \fIOSSL_trace_set_callback()\fR were all added +in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/OpenSSL_add_all_algorithms.3 b/linux_amd64/share/man/man3/OpenSSL_add_all_algorithms.3 new file mode 100755 index 0000000..160974f --- /dev/null +++ b/linux_amd64/share/man/man3/OpenSSL_add_all_algorithms.3 @@ -0,0 +1,187 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_ADD_ALL_ALGORITHMS 3" +.TH OPENSSL_ADD_ALL_ALGORITHMS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OpenSSL_add_all_algorithms, OpenSSL_add_all_ciphers, OpenSSL_add_all_digests, EVP_cleanup \- +add algorithms to internal table +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.PP +Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 3 +\& void OpenSSL_add_all_algorithms(void); +\& void OpenSSL_add_all_ciphers(void); +\& void OpenSSL_add_all_digests(void); +\& +\& void EVP_cleanup(void) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +OpenSSL keeps an internal table of digest algorithms and ciphers. It uses +this table to lookup ciphers via functions such as \fIEVP_get_cipher_byname()\fR. +.PP +\&\fIOpenSSL_add_all_digests()\fR adds all digest algorithms to the table. +.PP +\&\fIOpenSSL_add_all_algorithms()\fR adds all algorithms to the table (digests and +ciphers). +.PP +\&\fIOpenSSL_add_all_ciphers()\fR adds all encryption algorithms to the table including +password based encryption algorithms. +.PP +In versions prior to 1.1.0 \fIEVP_cleanup()\fR removed all ciphers and digests from +the table. It no longer has any effect in OpenSSL 1.1.0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +None of the functions return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIevp\fR\|(7), \fIEVP_DigestInit\fR\|(3), +\&\fIEVP_EncryptInit\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fIOpenSSL_add_all_algorithms()\fR, \fIOpenSSL_add_all_ciphers()\fR, +\&\fIOpenSSL_add_all_digests()\fR, and \fIEVP_cleanup()\fR, functions +were deprecated in OpenSSL 1.1.0 by \fIOPENSSL_init_crypto()\fR and should +not be used. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/OpenSSL_version.3 b/linux_amd64/share/man/man3/OpenSSL_version.3 new file mode 100755 index 0000000..812fd1d --- /dev/null +++ b/linux_amd64/share/man/man3/OpenSSL_version.3 @@ -0,0 +1,341 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_VERSION 3" +.TH OPENSSL_VERSION 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_VERSION_MAJOR, OPENSSL_VERSION_MINOR, OPENSSL_VERSION_PATCH, +OPENSSL_VERSION_PRE_RELEASE, OPENSSL_VERSION_BUILD_METADATA, +OPENSSL_VERSION_TEXT, +OPENSSL_version_major, OPENSSL_version_minor, OPENSSL_version_patch, +OPENSSL_version_pre_release, OPENSSL_version_build_metadata, OpenSSL_version, +OPENSSL_VERSION_NUMBER, OpenSSL_version_num, OPENSSL_info +\&\- get OpenSSL version number and other information +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& #define OPENSSL_VERSION_MAJOR x +\& #define OPENSSL_VERSION_MINOR y +\& #define OPENSSL_VERSION_PATCH z +\& +\& /* The definitions here are typical release values */ +\& #define OPENSSL_VERSION_PRE_RELEASE "" +\& #define OPENSSL_VERSION_BUILD_METADATA "" +\& +\& #define OPENSSL_VERSION_TEXT "OpenSSL x.y.z xx XXX xxxx" +\& +\& #include +\& +\& unsigned int OPENSSL_version_major(void); +\& unsigned int OPENSSL_version_minor(void); +\& unsigned int OPENSSL_version_patch(void); +\& const char *OPENSSL_version_pre_release(void); +\& const char *OPENSSL_version_build_metadata(void); +\& +\& const char *OpenSSL_version(int t); +\& +\& const char *OPENSSL_info(int t); +.Ve +.PP +Deprecated: +.PP +.Vb 2 +\& /* from openssl/opensslv.h */ +\& #define OPENSSL_VERSION_NUMBER 0xnnnnnnnnnL +\& +\& /* from openssl/crypto.h */ +\& unsigned long OpenSSL_version_num(); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +.SS "Macros" +.IX Subsection "Macros" +The three macros \fB\s-1OPENSSL_VERSION_MAJOR\s0\fR, \fB\s-1OPENSSL_VERSION_MINOR\s0\fR and +\&\fB\s-1OPENSSL_VERSION_PATCH\s0\fR represent the three parts of a version +identifier, \fB\f(BI\s-1MAJOR\s0\fB.\f(BI\s-1MINOR\s0\fB.\f(BI\s-1PATCH\s0\fB\fR. +.PP +The macro \fB\s-1OPENSSL_VERSION_PRE_RELEASE\s0\fR is an added bit of text that +indicates that this is a pre-release version, such as \f(CW"\-dev"\fR for an +ongoing development snapshot or \f(CW"\-alpha3"\fR for an alpha release. +The value must be a string. +.PP +The macro \fB\s-1OPENSSL_VERSION_BUILD_METADATA\s0\fR is extra information, reserved +for other parties, such as \f(CW"+fips"\fR, or \f(CW"+vendor.1"\fR). +The OpenSSL project will not touch this macro (will leave it an empty string). +The value must be a string. +.PP +\&\fB\s-1OPENSSL_VERSION_STR\s0\fR is a convenience macro to get the short version +identifier string, \f(CW"\f(CIMAJOR\f(CW.\f(CIMINOR\f(CW.\f(CIPATCH\f(CW"\fR. +.PP +\&\fB\s-1OPENSSL_FULL_VERSION_STR\s0\fR is a convenience macro to get the longer +version identifier string, which combines \fB\s-1OPENSSL_VERSION_STR\s0\fR, +\&\fB\s-1OPENSSL_VERSION_PRE_RELEASE\s0\fR and \fB\s-1OPENSSL_VERSION_BUILD_METADATA\s0\fR. +.PP +\&\fB\s-1OPENSSL_VERSION_TEXT\s0\fR is a convenience macro to get a full descriptive +version text, which includes \fB\s-1OPENSSL_FULL_VERSION_STR\s0\fR and the release +date. +.SS "Functions" +.IX Subsection "Functions" +\&\fIOPENSSL_version_major()\fR, \fIOPENSSL_version_minor()\fR, \fIOPENSSL_version_patch()\fR, +\&\fIOPENSSL_version_pre_release()\fR, and \fIOPENSSL_version_build_metadata()\fR return +the values of the macros above for the build of the library, respectively. +.PP +\&\fIOpenSSL_version()\fR returns different strings depending on \fIt\fR: +.IP "\s-1OPENSSL_VERSION\s0" 4 +.IX Item "OPENSSL_VERSION" +The value of \fB\s-1OPENSSL_VERSION_TEXT\s0\fR +.IP "\s-1OPENSSL_VERSION_STRING\s0" 4 +.IX Item "OPENSSL_VERSION_STRING" +The value of \fB\s-1OPENSSL_VERSION_STR\s0\fR +.IP "\s-1OPENSSL_FULL_VERSION_STRING\s0" 4 +.IX Item "OPENSSL_FULL_VERSION_STRING" +The value of \fB\s-1OPENSSL_FULL_VERSION_STR\s0\fR +.IP "\s-1OPENSSL_CFLAGS\s0" 4 +.IX Item "OPENSSL_CFLAGS" +The compiler flags set for the compilation process in the form +\&\f(CW\*(C`compiler: ...\*(C'\fR if available, or \f(CW\*(C`compiler: information not available\*(C'\fR +otherwise. +.IP "\s-1OPENSSL_BUILT_ON\s0" 4 +.IX Item "OPENSSL_BUILT_ON" +The date of the build process in the form \f(CW\*(C`built on: ...\*(C'\fR if available +or \f(CW\*(C`built on: date not available\*(C'\fR otherwise. +The date would not be available in a reproducible build, for example. +.IP "\s-1OPENSSL_PLATFORM\s0" 4 +.IX Item "OPENSSL_PLATFORM" +The \*(L"Configure\*(R" target of the library build in the form \f(CW\*(C`platform: ...\*(C'\fR +if available, or \f(CW\*(C`platform: information not available\*(C'\fR otherwise. +.IP "\s-1OPENSSL_DIR\s0" 4 +.IX Item "OPENSSL_DIR" +The \fB\s-1OPENSSLDIR\s0\fR setting of the library build in the form \f(CW\*(C`OPENSSLDIR: "..."\*(C'\fR +if available, or \f(CW\*(C`OPENSSLDIR: N/A\*(C'\fR otherwise. +.IP "\s-1OPENSSL_ENGINES_DIR\s0" 4 +.IX Item "OPENSSL_ENGINES_DIR" +The \fB\s-1ENGINESDIR\s0\fR setting of the library build in the form \f(CW\*(C`ENGINESDIR: "..."\*(C'\fR +if available, or \f(CW\*(C`ENGINESDIR: N/A\*(C'\fR otherwise. +.IP "\s-1OPENSSL_MODULES_DIR\s0" 4 +.IX Item "OPENSSL_MODULES_DIR" +The \fB\s-1MODULESDIR\s0\fR setting of the library build in the form \f(CW\*(C`MODULESDIR: "..."\*(C'\fR +if available, or \f(CW\*(C`MODULESDIR: N/A\*(C'\fR otherwise. +.IP "\s-1OPENSSL_CPU_INFO\s0" 4 +.IX Item "OPENSSL_CPU_INFO" +The current OpenSSL cpu settings. +This is the current setting of the cpu capability flags. It is usually +automatically configured but may be set via an environment variable. +The value has the same syntax as the environment variable. +For x86 the string looks like \f(CW\*(C`CPUINFO: OPENSSL_ia32cap=0x123:0x456\*(C'\fR +or \f(CW\*(C`CPUINFO: N/A\*(C'\fR if not available. +.PP +For an unknown \fIt\fR, the text \f(CW\*(C`not available\*(C'\fR is returned. +.PP +\&\fIOPENSSL_info()\fR also returns different strings depending on \fIt\fR: +.IP "\s-1OPENSSL_INFO_CONFIG_DIR\s0" 4 +.IX Item "OPENSSL_INFO_CONFIG_DIR" +The configured \f(CW\*(C`OPENSSLDIR\*(C'\fR, which is the default location for +OpenSSL configuration files. +.IP "\s-1OPENSSL_INFO_ENGINES_DIR\s0" 4 +.IX Item "OPENSSL_INFO_ENGINES_DIR" +The configured \f(CW\*(C`ENGINESDIR\*(C'\fR, which is the default location for +OpenSSL engines. +.IP "\s-1OPENSSL_INFO_MODULES_DIR\s0" 4 +.IX Item "OPENSSL_INFO_MODULES_DIR" +The configured \f(CW\*(C`MODULESDIR\*(C'\fR, which is the default location for +dynamically loadable OpenSSL modules other than engines. +.IP "\s-1OPENSSL_INFO_DSO_EXTENSION\s0" 4 +.IX Item "OPENSSL_INFO_DSO_EXTENSION" +The configured dynamically loadable module extension. +.IP "\s-1OPENSSL_INFO_DIR_FILENAME_SEPARATOR\s0" 4 +.IX Item "OPENSSL_INFO_DIR_FILENAME_SEPARATOR" +The separator between a directory specification and a filename. +Note that on some operating systems, this is not the same as the +separator between directory elements. +.IP "\s-1OPENSSL_INFO_LIST_SEPARATOR\s0" 4 +.IX Item "OPENSSL_INFO_LIST_SEPARATOR" +The OpenSSL list separator. +This is typically used in strings that are lists of items, such as the +value of the environment variable \f(CW$PATH\fR on Unix (where the +separator is \f(CW\*(C`:\*(C'\fR) or \f(CW\*(C`%PATH%\*(C'\fR on Windows (where the separator is +\&\f(CW\*(C`;\*(C'\fR). +.IP "\s-1OPENSSL_INFO_CPU_SETTINGS\s0" 4 +.IX Item "OPENSSL_INFO_CPU_SETTINGS" +The current OpenSSL cpu settings. +This is the current setting of the cpu capability flags. It is usually +automatically configured but may be set via an environment variable. +The value has the same syntax as the environment variable. +For x86 the string looks like \f(CW\*(C`OPENSSL_ia32cap=0x123:0x456\*(C'\fR. +.PP +For an unknown \fIt\fR, \s-1NULL\s0 is returned. +.SH "BACKWARD COMPATIBILITY" +.IX Header "BACKWARD COMPATIBILITY" +For compatibility, some older macros and functions are retained or +synthesised. +They are all considered deprecated. +.SS "Macros" +.IX Subsection "Macros" +\&\fB\s-1OPENSSL_VERSION_NUMBER\s0\fR is a combination of the major, minor and +patch version into a single integer 0xMNN00PP0L, where: +.IP "M" 4 +.IX Item "M" +is the number from \fB\s-1OPENSSL_VERSION_MAJOR\s0\fR, in hexadecimal notation +.IP "\s-1NN\s0" 4 +.IX Item "NN" +is the number from \fB\s-1OPENSSL_VERSION_MINOR\s0\fR, in hexadecimal notation +.IP "\s-1PP\s0" 4 +.IX Item "PP" +is the number from \fB\s-1OPENSSL_VERSION_PATCH\s0\fR, in hexadecimal notation +.SS "Functions" +.IX Subsection "Functions" +\&\fIOpenSSL_version_num()\fR returns the value of \fB\s-1OPENSSL_VERSION_NUMBER\s0\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOPENSSL_version_major()\fR, \fIOPENSSL_version_minor()\fR and \fIOPENSSL_version_patch()\fR +return the version number parts as integers. +.PP +\&\fIOPENSSL_version_pre_release()\fR and \fIOPENSSL_version_build_metadata()\fR return +the values of \fB\s-1OPENSSL_VERSION_PRE_RELEASE\s0\fR and +\&\fB\s-1OPENSSL_VERSION_BUILD_METADATA\s0\fR respectively as constant strings. +For any of them that is undefined, the empty string is returned. +.PP +\&\fIOpenSSL_version()\fR returns constant strings. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIcrypto\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The macros and functions described here were added in OpenSSL 3.0, +with the exception of the \*(L"\s-1BACKWARD\s0 \s-1COMPATIBILITY\s0\*(R" ones. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/PEM_bytes_read_bio.3 b/linux_amd64/share/man/man3/PEM_bytes_read_bio.3 new file mode 100755 index 0000000..7145c73 --- /dev/null +++ b/linux_amd64/share/man/man3/PEM_bytes_read_bio.3 @@ -0,0 +1,207 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PEM_BYTES_READ_BIO 3" +.TH PEM_BYTES_READ_BIO 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PEM_bytes_read_bio, PEM_bytes_read_bio_secmem \- read a PEM\-encoded data structure from a BIO +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, +\& const char *name, BIO *bp, pem_password_cb *cb, +\& void *u); +\& int PEM_bytes_read_bio_secmem(unsigned char **pdata, long *plen, char **pnm, +\& const char *name, BIO *bp, pem_password_cb *cb, +\& void *u); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIPEM_bytes_read_bio()\fR reads PEM-formatted (\s-1IETF\s0 \s-1RFC\s0 1421 and \s-1IETF\s0 \s-1RFC\s0 7468) +data from the \s-1BIO\s0 +\&\fIbp\fR for the data type given in \fIname\fR (\s-1RSA\s0 \s-1PRIVATE\s0 \s-1KEY\s0, \s-1CERTIFICATE\s0, +etc.). If multiple PEM-encoded data structures are present in the same +stream, \fIPEM_bytes_read_bio()\fR will skip non-matching data types and +continue reading. Non-PEM data present in the stream may cause an +error. +.PP +The \s-1PEM\s0 header may indicate that the following data is encrypted; if so, +the data will be decrypted, waiting on user input to supply a passphrase +if needed. The password callback \fIcb\fR and rock \fIu\fR are used to obtain +the decryption passphrase, if applicable. +.PP +Some data types have compatibility aliases, such as a file containing +X509 \s-1CERTIFICATE\s0 matching a request for the deprecated type \s-1CERTIFICATE\s0. +The actual type indicated by the file is returned in \fI*pnm\fR if \fIpnm\fR is +non-NULL. The caller must free the storage pointed to by \fI*pnm\fR. +.PP +The returned data is the DER-encoded form of the requested type, in +\&\fI*pdata\fR with length \fI*plen\fR. The caller must free the storage pointed +to by \fI*pdata\fR. +.PP +\&\fIPEM_bytes_read_bio_secmem()\fR is similar to \fIPEM_bytes_read_bio()\fR, but uses +memory from the secure heap for its temporary buffers and the storage +returned in \fI*pdata\fR and \fI*pnm\fR. Accordingly, the caller must use +\&\fIOPENSSL_secure_free()\fR to free that storage. +.SH "NOTES" +.IX Header "NOTES" +\&\fIPEM_bytes_read_bio_secmem()\fR only enforces that the secure heap is used for +storage allocated within the \s-1PEM\s0 processing stack. The \s-1BIO\s0 stack from +which input is read may also use temporary buffers, which are not necessarily +allocated from the secure heap. In cases where it is desirable to ensure +that the contents of the \s-1PEM\s0 file only appears in memory from the secure heap, +care is needed in generating the \s-1BIO\s0 passed as \fIbp\fR. In particular, the +use of \fIBIO_s_file()\fR indicates the use of the operating system stdio +functionality, which includes buffering as a feature; \fIBIO_s_fd()\fR is likely +to be more appropriate in such cases. +.PP +These functions make no assumption regarding the pass phrase received from the +password callback. +It will simply be treated as a byte sequence. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIPEM_bytes_read_bio()\fR and \fIPEM_bytes_read_bio_secmem()\fR return 1 for success or +0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIPEM_read_bio_ex\fR\|(3), +\&\fIpassphrase\-encoding\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIPEM_bytes_read_bio_secmem()\fR was introduced in OpenSSL 1.1.1 +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/PEM_read.3 b/linux_amd64/share/man/man3/PEM_read.3 new file mode 100755 index 0000000..90691a9 --- /dev/null +++ b/linux_amd64/share/man/man3/PEM_read.3 @@ -0,0 +1,256 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PEM_READ 3" +.TH PEM_READ 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PEM_write, PEM_write_bio, +PEM_read, PEM_read_bio, PEM_do_header, PEM_get_EVP_CIPHER_INFO +\&\- PEM encoding routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int PEM_write(FILE *fp, const char *name, const char *header, +\& const unsigned char *data, long len) +\& int PEM_write_bio(BIO *bp, const char *name, const char *header, +\& const unsigned char *data, long len) +\& +\& int PEM_read(FILE *fp, char **name, char **header, +\& unsigned char **data, long *len); +\& int PEM_read_bio(BIO *bp, char **name, char **header, +\& unsigned char **data, long *len); +\& +\& int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cinfo); +\& int PEM_do_header(EVP_CIPHER_INFO *cinfo, unsigned char *data, long *len, +\& pem_password_cb *cb, void *u); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions read and write PEM-encoded objects, using the \s-1PEM\s0 +type \fBname\fR, any additional \fBheader\fR information, and the raw +\&\fBdata\fR of length \fBlen\fR. +.PP +\&\s-1PEM\s0 is the term used for binary content encoding first defined in \s-1IETF\s0 +\&\s-1RFC\s0 1421. The content is a series of base64\-encoded lines, surrounded +by begin/end markers each on their own line. For example: +.PP +.Vb 4 +\& \-\-\-\-\-BEGIN PRIVATE KEY\-\-\-\-\- +\& MIICdg.... +\& ... bhTQ== +\& \-\-\-\-\-END PRIVATE KEY\-\-\-\-\- +.Ve +.PP +Optional header line(s) may appear after the begin line, and their +existence depends on the type of object being written or read. +.PP +\&\fIPEM_write()\fR writes to the file \fBfp\fR, while \fIPEM_write_bio()\fR writes to +the \s-1BIO\s0 \fBbp\fR. The \fBname\fR is the name to use in the marker, the +\&\fBheader\fR is the header value or \s-1NULL\s0, and \fBdata\fR and \fBlen\fR specify +the data and its length. +.PP +The final \fBdata\fR buffer is typically an \s-1ASN\s0.1 object which can be decoded with +the \fBd2i\fR function appropriate to the type \fBname\fR; see \fId2i_X509\fR\|(3) +for examples. +.PP +\&\fIPEM_read()\fR reads from the file \fBfp\fR, while \fIPEM_read_bio()\fR reads +from the \s-1BIO\s0 \fBbp\fR. +Both skip any non-PEM data that precedes the start of the next \s-1PEM\s0 object. +When an object is successfully retrieved, the type name from the \*(L"\-\-\-\-BEGIN +\-\-\-\-\-\*(R" is returned via the \fBname\fR argument, any encapsulation headers +are returned in \fBheader\fR and the base64\-decoded content and its length are +returned via \fBdata\fR and \fBlen\fR respectively. +The \fBname\fR, \fBheader\fR and \fBdata\fR pointers are allocated via \fIOPENSSL_malloc()\fR +and should be freed by the caller via \fIOPENSSL_free()\fR when no longer needed. +.PP +\&\fIPEM_get_EVP_CIPHER_INFO()\fR can be used to determine the \fBdata\fR returned by +\&\fIPEM_read()\fR or \fIPEM_read_bio()\fR is encrypted and to retrieve the associated cipher +and \s-1IV\s0. +The caller passes a pointer to structure of type \fB\s-1EVP_CIPHER_INFO\s0\fR via the +\&\fBcinfo\fR argument and the \fBheader\fR returned via \fIPEM_read()\fR or \fIPEM_read_bio()\fR. +If the call is successful 1 is returned and the cipher and \s-1IV\s0 are stored at the +address pointed to by \fBcinfo\fR. +When the header is malformed, or not supported or when the cipher is unknown +or some internal error happens 0 is returned. +This function is deprecated, see \fB\s-1NOTES\s0\fR below. +.PP +\&\fIPEM_do_header()\fR can then be used to decrypt the data if the header +indicates encryption. +The \fBcinfo\fR argument is a pointer to the structure initialized by the previous +call to \fIPEM_get_EVP_CIPHER_INFO()\fR. +The \fBdata\fR and \fBlen\fR arguments are those returned by the previous call to +\&\fIPEM_read()\fR or \fIPEM_read_bio()\fR. +The \fBcb\fR and \fBu\fR arguments make it possible to override the default password +prompt function as described in \fIPEM_read_PrivateKey\fR\|(3). +On successful completion the \fBdata\fR is decrypted in place, and \fBlen\fR is +updated to indicate the plaintext length. +This function is deprecated, see \fB\s-1NOTES\s0\fR below. +.PP +If the data is a priori known to not be encrypted, then neither \fIPEM_do_header()\fR +nor \fIPEM_get_EVP_CIPHER_INFO()\fR need be called. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIPEM_read()\fR and \fIPEM_read_bio()\fR return 1 on success and 0 on failure, the latter +includes the case when no more \s-1PEM\s0 objects remain in the input file. +To distinguish end of file from more serious errors the caller must peek at the +error stack and check for \fB\s-1PEM_R_NO_START_LINE\s0\fR, which indicates that no more +\&\s-1PEM\s0 objects were found. See \fIERR_peek_last_error\fR\|(3), \s-1\fIERR_GET_REASON\s0\fR\|(3). +.PP +\&\fIPEM_get_EVP_CIPHER_INFO()\fR and \fIPEM_do_header()\fR return 1 on success, and 0 on +failure. +The \fBdata\fR is likely meaningless if these functions fail. +.SH "NOTES" +.IX Header "NOTES" +The \fIPEM_get_EVP_CIPHER_INFO()\fR and \fIPEM_do_header()\fR functions are deprecated. +This is because the underlying \s-1PEM\s0 encryption format is obsolete, and should +be avoided. +It uses an encryption format with an OpenSSL-specific key-derivation function, +which employs \s-1MD5\s0 with an iteration count of 1! +Instead, private keys should be stored in PKCS#8 form, with a strong PKCS#5 +v2.0 \s-1PBE\s0. +See \fIPEM_write_PrivateKey\fR\|(3) and \fId2i_PKCS8PrivateKey_bio\fR\|(3). +.PP +\&\fIPEM_do_header()\fR makes no assumption regarding the pass phrase received from the +password callback. +It will simply be treated as a byte sequence. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_peek_last_error\fR\|(3), \s-1\fIERR_GET_LIB\s0\fR\|(3), +\&\fId2i_PKCS8PrivateKey_bio\fR\|(3), +\&\fIpassphrase\-encoding\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 1998\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/PEM_read_CMS.3 b/linux_amd64/share/man/man3/PEM_read_CMS.3 new file mode 100755 index 0000000..c98e5ef --- /dev/null +++ b/linux_amd64/share/man/man3/PEM_read_CMS.3 @@ -0,0 +1,231 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PEM_READ_CMS 3" +.TH PEM_READ_CMS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DECLARE_PEM_rw, +PEM_read_CMS, +PEM_read_bio_CMS, +PEM_write_CMS, +PEM_write_bio_CMS, +PEM_write_DHxparams, +PEM_write_bio_DHxparams, +PEM_read_ECPKParameters, +PEM_read_bio_ECPKParameters, +PEM_write_ECPKParameters, +PEM_write_bio_ECPKParameters, +PEM_read_ECPrivateKey, +PEM_write_ECPrivateKey, +PEM_write_bio_ECPrivateKey, +PEM_read_EC_PUBKEY, +PEM_read_bio_EC_PUBKEY, +PEM_write_EC_PUBKEY, +PEM_write_bio_EC_PUBKEY, +PEM_read_NETSCAPE_CERT_SEQUENCE, +PEM_read_bio_NETSCAPE_CERT_SEQUENCE, +PEM_write_NETSCAPE_CERT_SEQUENCE, +PEM_write_bio_NETSCAPE_CERT_SEQUENCE, +PEM_read_PKCS8, +PEM_read_bio_PKCS8, +PEM_write_PKCS8, +PEM_write_bio_PKCS8, +PEM_write_PKCS8_PRIV_KEY_INFO, +PEM_read_bio_PKCS8_PRIV_KEY_INFO, +PEM_read_PKCS8_PRIV_KEY_INFO, +PEM_write_bio_PKCS8_PRIV_KEY_INFO, +PEM_read_SSL_SESSION, +PEM_read_bio_SSL_SESSION, +PEM_write_SSL_SESSION, +PEM_write_bio_SSL_SESSION, +PEM_read_X509_PUBKEY, +PEM_read_bio_X509_PUBKEY, +PEM_write_X509_PUBKEY, +PEM_write_bio_X509_PUBKEY +\&\- PEM object encoding routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& DECLARE_PEM_rw(name, TYPE) +\& +\& TYPE *PEM_read_TYPE(FILE *fp, TYPE **a, pem_password_cb *cb, void *u); +\& TYPE *PEM_read_bio_TYPE(BIO *bp, TYPE **a, pem_password_cb *cb, void *u); +\& int PEM_write_TYPE(FILE *fp, const TYPE *a); +\& int PEM_write_bio_TYPE(BIO *bp, const TYPE *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +In the description below, \fB\f(BI\s-1TYPE\s0\fB\fR is used +as a placeholder for any of the OpenSSL datatypes, such as \fBX509\fR. +The macro \fBDECLARE_PEM_rw\fR expands to the set of declarations shown in +the next four lines of the synopsis. +.PP +These routines convert between local instances of \s-1ASN1\s0 datatypes and +the \s-1PEM\s0 encoding. For more information on the templates, see +\&\s-1\fIASN1_ITEM\s0\fR\|(3). For more information on the lower-level routines used +by the functions here, see \fIPEM_read\fR\|(3). +.PP +\&\fBPEM_read_\f(BI\s-1TYPE\s0\fB\fR() reads a PEM-encoded object of \fB\f(BI\s-1TYPE\s0\fB\fR from the file +\&\fIfp\fR and returns it. The \fIcb\fR and \fIu\fR parameters are as described in +\&\fIpem_password_cb\fR\|(3). +.PP +\&\fBPEM_read_bio_\f(BI\s-1TYPE\s0\fB\fR() is similar to \fBPEM_read_\f(BI\s-1TYPE\s0\fB\fR() but reads from +the \s-1BIO\s0 \fIbp\fR. +.PP +\&\fBPEM_write_\f(BI\s-1TYPE\s0\fB\fR() writes the \s-1PEM\s0 encoding of the object \fIa\fR to the file +\&\fIfp\fR. +.PP +\&\fBPEM_write_bio_\f(BI\s-1TYPE\s0\fB\fR() similarly writes to the \s-1BIO\s0 \fIbp\fR. +.SH "NOTES" +.IX Header "NOTES" +These functions make no assumption regarding the pass phrase received from the +password callback. +It will simply be treated as a byte sequence. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBPEM_read_\f(BI\s-1TYPE\s0\fB\fR() and \fBPEM_read_bio_\f(BI\s-1TYPE\s0\fB\fR() return a pointer to an +allocated object, which should be released by calling \fB\f(BI\s-1TYPE\s0\fB_free\fR(), or +\&\s-1NULL\s0 on error. +.PP +\&\fBPEM_write_\f(BI\s-1TYPE\s0\fB\fR() and \fBPEM_write_bio_\f(BI\s-1TYPE\s0\fB\fR() return the number of bytes +written or zero on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIPEM_read\fR\|(3), +\&\fIpassphrase\-encoding\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 1998\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/PEM_read_bio_PrivateKey.3 b/linux_amd64/share/man/man3/PEM_read_bio_PrivateKey.3 new file mode 100755 index 0000000..74a2010 --- /dev/null +++ b/linux_amd64/share/man/man3/PEM_read_bio_PrivateKey.3 @@ -0,0 +1,635 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PEM_READ_BIO_PRIVATEKEY 3" +.TH PEM_READ_BIO_PRIVATEKEY 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +pem_password_cb, +PEM_read_bio_PrivateKey, PEM_read_PrivateKey, PEM_write_bio_PrivateKey, +PEM_write_bio_PrivateKey_traditional, PEM_write_PrivateKey, +PEM_write_bio_PKCS8PrivateKey, PEM_write_PKCS8PrivateKey, +PEM_write_bio_PKCS8PrivateKey_nid, PEM_write_PKCS8PrivateKey_nid, +PEM_read_bio_PUBKEY, PEM_read_PUBKEY, PEM_write_bio_PUBKEY, PEM_write_PUBKEY, +PEM_read_bio_RSAPrivateKey, PEM_read_RSAPrivateKey, +PEM_write_bio_RSAPrivateKey, PEM_write_RSAPrivateKey, +PEM_read_bio_RSAPublicKey, PEM_read_RSAPublicKey, PEM_write_bio_RSAPublicKey, +PEM_write_RSAPublicKey, PEM_read_bio_RSA_PUBKEY, PEM_read_RSA_PUBKEY, +PEM_write_bio_RSA_PUBKEY, PEM_write_RSA_PUBKEY, PEM_read_bio_DSAPrivateKey, +PEM_read_DSAPrivateKey, PEM_write_bio_DSAPrivateKey, PEM_write_DSAPrivateKey, +PEM_read_bio_DSA_PUBKEY, PEM_read_DSA_PUBKEY, PEM_write_bio_DSA_PUBKEY, +PEM_write_DSA_PUBKEY, PEM_read_bio_Parameters, PEM_write_bio_Parameters, +PEM_read_bio_DSAparams, PEM_read_DSAparams, +PEM_write_bio_DSAparams, PEM_write_DSAparams, PEM_read_bio_DHparams, +PEM_read_DHparams, PEM_write_bio_DHparams, PEM_write_DHparams, +PEM_read_bio_X509, PEM_read_X509, PEM_write_bio_X509, PEM_write_X509, +PEM_read_bio_X509_AUX, PEM_read_X509_AUX, PEM_write_bio_X509_AUX, +PEM_write_X509_AUX, PEM_read_bio_X509_REQ, PEM_read_X509_REQ, +PEM_write_bio_X509_REQ, PEM_write_X509_REQ, PEM_write_bio_X509_REQ_NEW, +PEM_write_X509_REQ_NEW, PEM_read_bio_X509_CRL, PEM_read_X509_CRL, +PEM_write_bio_X509_CRL, PEM_write_X509_CRL, PEM_read_bio_PKCS7, PEM_read_PKCS7, +PEM_write_bio_PKCS7, PEM_write_PKCS7 \- PEM routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef int pem_password_cb(char *buf, int size, int rwflag, void *u); +\& +\& EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, +\& pem_password_cb *cb, void *u); +\& EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, +\& pem_password_cb *cb, void *u); +\& int PEM_write_bio_PrivateKey(BIO *bp, const EVP_PKEY *x, const EVP_CIPHER *enc, +\& unsigned char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& int PEM_write_bio_PrivateKey_traditional(BIO *bp, EVP_PKEY *x, +\& const EVP_CIPHER *enc, +\& unsigned char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, +\& unsigned char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& int PEM_write_bio_PKCS8PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, +\& char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, +\& char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, const EVP_PKEY *x, int nid, +\& char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& int PEM_write_PKCS8PrivateKey_nid(FILE *fp, const EVP_PKEY *x, int nid, +\& char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& +\& EVP_PKEY *PEM_read_bio_PUBKEY(BIO *bp, EVP_PKEY **x, +\& pem_password_cb *cb, void *u); +\& EVP_PKEY *PEM_read_PUBKEY(FILE *fp, EVP_PKEY **x, +\& pem_password_cb *cb, void *u); +\& int PEM_write_bio_PUBKEY(BIO *bp, EVP_PKEY *x); +\& int PEM_write_PUBKEY(FILE *fp, EVP_PKEY *x); +\& +\& RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **x, +\& pem_password_cb *cb, void *u); +\& RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **x, +\& pem_password_cb *cb, void *u); +\& int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc, +\& unsigned char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc, +\& unsigned char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& +\& RSA *PEM_read_bio_RSAPublicKey(BIO *bp, RSA **x, +\& pem_password_cb *cb, void *u); +\& RSA *PEM_read_RSAPublicKey(FILE *fp, RSA **x, +\& pem_password_cb *cb, void *u); +\& int PEM_write_bio_RSAPublicKey(BIO *bp, RSA *x); +\& int PEM_write_RSAPublicKey(FILE *fp, RSA *x); +\& +\& RSA *PEM_read_bio_RSA_PUBKEY(BIO *bp, RSA **x, +\& pem_password_cb *cb, void *u); +\& RSA *PEM_read_RSA_PUBKEY(FILE *fp, RSA **x, +\& pem_password_cb *cb, void *u); +\& int PEM_write_bio_RSA_PUBKEY(BIO *bp, RSA *x); +\& int PEM_write_RSA_PUBKEY(FILE *fp, RSA *x); +\& +\& DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **x, +\& pem_password_cb *cb, void *u); +\& DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **x, +\& pem_password_cb *cb, void *u); +\& int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc, +\& unsigned char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc, +\& unsigned char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& +\& DSA *PEM_read_bio_DSA_PUBKEY(BIO *bp, DSA **x, +\& pem_password_cb *cb, void *u); +\& DSA *PEM_read_DSA_PUBKEY(FILE *fp, DSA **x, +\& pem_password_cb *cb, void *u); +\& int PEM_write_bio_DSA_PUBKEY(BIO *bp, DSA *x); +\& int PEM_write_DSA_PUBKEY(FILE *fp, DSA *x); +\& +\& EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x); +\& int PEM_write_bio_Parameters(BIO *bp, const EVP_PKEY *x); +\& +\& DSA *PEM_read_bio_DSAparams(BIO *bp, DSA **x, pem_password_cb *cb, void *u); +\& DSA *PEM_read_DSAparams(FILE *fp, DSA **x, pem_password_cb *cb, void *u); +\& int PEM_write_bio_DSAparams(BIO *bp, DSA *x); +\& int PEM_write_DSAparams(FILE *fp, DSA *x); +\& +\& DH *PEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u); +\& DH *PEM_read_DHparams(FILE *fp, DH **x, pem_password_cb *cb, void *u); +\& int PEM_write_bio_DHparams(BIO *bp, DH *x); +\& int PEM_write_DHparams(FILE *fp, DH *x); +\& +\& X509 *PEM_read_bio_X509(BIO *bp, X509 **x, pem_password_cb *cb, void *u); +\& X509 *PEM_read_X509(FILE *fp, X509 **x, pem_password_cb *cb, void *u); +\& int PEM_write_bio_X509(BIO *bp, X509 *x); +\& int PEM_write_X509(FILE *fp, X509 *x); +\& +\& X509 *PEM_read_bio_X509_AUX(BIO *bp, X509 **x, pem_password_cb *cb, void *u); +\& X509 *PEM_read_X509_AUX(FILE *fp, X509 **x, pem_password_cb *cb, void *u); +\& int PEM_write_bio_X509_AUX(BIO *bp, X509 *x); +\& int PEM_write_X509_AUX(FILE *fp, X509 *x); +\& +\& X509_REQ *PEM_read_bio_X509_REQ(BIO *bp, X509_REQ **x, +\& pem_password_cb *cb, void *u); +\& X509_REQ *PEM_read_X509_REQ(FILE *fp, X509_REQ **x, +\& pem_password_cb *cb, void *u); +\& int PEM_write_bio_X509_REQ(BIO *bp, X509_REQ *x); +\& int PEM_write_X509_REQ(FILE *fp, X509_REQ *x); +\& int PEM_write_bio_X509_REQ_NEW(BIO *bp, X509_REQ *x); +\& int PEM_write_X509_REQ_NEW(FILE *fp, X509_REQ *x); +\& +\& X509_CRL *PEM_read_bio_X509_CRL(BIO *bp, X509_CRL **x, +\& pem_password_cb *cb, void *u); +\& X509_CRL *PEM_read_X509_CRL(FILE *fp, X509_CRL **x, +\& pem_password_cb *cb, void *u); +\& int PEM_write_bio_X509_CRL(BIO *bp, X509_CRL *x); +\& int PEM_write_X509_CRL(FILE *fp, X509_CRL *x); +\& +\& PKCS7 *PEM_read_bio_PKCS7(BIO *bp, PKCS7 **x, pem_password_cb *cb, void *u); +\& PKCS7 *PEM_read_PKCS7(FILE *fp, PKCS7 **x, pem_password_cb *cb, void *u); +\& int PEM_write_bio_PKCS7(BIO *bp, PKCS7 *x); +\& int PEM_write_PKCS7(FILE *fp, PKCS7 *x); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1PEM\s0 functions read or write structures in \s-1PEM\s0 format. In +this sense \s-1PEM\s0 format is simply base64 encoded data surrounded +by header lines. +.PP +For more details about the meaning of arguments see the +\&\fB\s-1PEM\s0 \s-1FUNCTION\s0 \s-1ARGUMENTS\s0\fR section. +.PP +Each operation has four functions associated with it. For +brevity the term "\fB\f(BI\s-1TYPE\s0\fB\fR functions" will be used below to collectively +refer to the \fBPEM_read_bio_\f(BI\s-1TYPE\s0\fB\fR(), \fBPEM_read_\f(BI\s-1TYPE\s0\fB\fR(), +\&\fBPEM_write_bio_\f(BI\s-1TYPE\s0\fB\fR(), and \fBPEM_write_\f(BI\s-1TYPE\s0\fB\fR() functions. +.PP +The \fBPrivateKey\fR functions read or write a private key in \s-1PEM\s0 format using an +\&\s-1EVP_PKEY\s0 structure. The write routines use PKCS#8 private key format and are +equivalent to \fIPEM_write_bio_PKCS8PrivateKey()\fR.The read functions transparently +handle traditional and PKCS#8 format encrypted and unencrypted keys. +.PP +\&\fIPEM_write_bio_PrivateKey_traditional()\fR writes out a private key in the +\&\*(L"traditional\*(R" format with a simple private key marker and should only +be used for compatibility with legacy programs. +.PP +\&\fIPEM_write_bio_PKCS8PrivateKey()\fR and \fIPEM_write_PKCS8PrivateKey()\fR write a private +key in an \s-1EVP_PKEY\s0 structure in PKCS#8 EncryptedPrivateKeyInfo format using +PKCS#5 v2.0 password based encryption algorithms. The \fIcipher\fR argument +specifies the encryption algorithm to use: unlike some other \s-1PEM\s0 routines the +encryption is applied at the PKCS#8 level and not in the \s-1PEM\s0 headers. If +\&\fIcipher\fR is \s-1NULL\s0 then no encryption is used and a PKCS#8 PrivateKeyInfo +structure is used instead. +.PP +\&\fIPEM_write_bio_PKCS8PrivateKey_nid()\fR and \fIPEM_write_PKCS8PrivateKey_nid()\fR +also write out a private key as a PKCS#8 EncryptedPrivateKeyInfo however +it uses PKCS#5 v1.5 or PKCS#12 encryption algorithms instead. The algorithm +to use is specified in the \fInid\fR parameter and should be the \s-1NID\s0 of the +corresponding \s-1OBJECT\s0 \s-1IDENTIFIER\s0 (see \s-1NOTES\s0 section). +.PP +The \fB\s-1PUBKEY\s0\fR functions process a public key using an \s-1EVP_PKEY\s0 +structure. The public key is encoded as a SubjectPublicKeyInfo +structure. +.PP +The \fBRSAPrivateKey\fR functions process an \s-1RSA\s0 private key using an +\&\s-1RSA\s0 structure. The write routines uses traditional format. The read +routines handles the same formats as the \fBPrivateKey\fR +functions but an error occurs if the private key is not \s-1RSA\s0. +.PP +The \fBRSAPublicKey\fR functions process an \s-1RSA\s0 public key using an +\&\s-1RSA\s0 structure. The public key is encoded using a PKCS#1 RSAPublicKey +structure. +.PP +The \fB\s-1RSA_PUBKEY\s0\fR functions also process an \s-1RSA\s0 public key using +an \s-1RSA\s0 structure. However the public key is encoded using a +SubjectPublicKeyInfo structure and an error occurs if the public +key is not \s-1RSA\s0. +.PP +The \fBDSAPrivateKey\fR functions process a \s-1DSA\s0 private key using a +\&\s-1DSA\s0 structure. The write routines uses traditional format. The read +routines handles the same formats as the \fBPrivateKey\fR +functions but an error occurs if the private key is not \s-1DSA\s0. +.PP +The \fB\s-1DSA_PUBKEY\s0\fR functions process a \s-1DSA\s0 public key using +a \s-1DSA\s0 structure. The public key is encoded using a +SubjectPublicKeyInfo structure and an error occurs if the public +key is not \s-1DSA\s0. +.PP +The \fBParameters\fR functions read or write key parameters in \s-1PEM\s0 format using +an \s-1EVP_PKEY\s0 structure. The encoding depends on the type of key; for \s-1DSA\s0 key +parameters, it will be a Dss-Parms structure as defined in \s-1RFC2459\s0, and for \s-1DH\s0 +key parameters, it will be a PKCS#3 DHparameter structure. \fIThese functions +only exist for the \f(BI\s-1BIO\s0\fI type\fR. +.PP +The \fBDSAparams\fR functions process \s-1DSA\s0 parameters using a \s-1DSA\s0 +structure. The parameters are encoded using a Dss-Parms structure +as defined in \s-1RFC2459\s0. +.PP +The \fBDHparams\fR functions process \s-1DH\s0 parameters using a \s-1DH\s0 +structure. The parameters are encoded using a PKCS#3 DHparameter +structure. +.PP +The \fBX509\fR functions process an X509 certificate using an X509 +structure. They will also process a trusted X509 certificate but +any trust settings are discarded. +.PP +The \fBX509_AUX\fR functions process a trusted X509 certificate using +an X509 structure. +.PP +The \fBX509_REQ\fR and \fBX509_REQ_NEW\fR functions process a PKCS#10 +certificate request using an X509_REQ structure. The \fBX509_REQ\fR +write functions use \fB\s-1CERTIFICATE\s0 \s-1REQUEST\s0\fR in the header whereas +the \fBX509_REQ_NEW\fR functions use \fB\s-1NEW\s0 \s-1CERTIFICATE\s0 \s-1REQUEST\s0\fR +(as required by some CAs). The \fBX509_REQ\fR read functions will +handle either form so there are no \fBX509_REQ_NEW\fR read functions. +.PP +The \fBX509_CRL\fR functions process an X509 \s-1CRL\s0 using an X509_CRL +structure. +.PP +The \fB\s-1PKCS7\s0\fR functions process a PKCS#7 ContentInfo using a \s-1PKCS7\s0 +structure. +.SH "PEM FUNCTION ARGUMENTS" +.IX Header "PEM FUNCTION ARGUMENTS" +The \s-1PEM\s0 functions have many common arguments. +.PP +The \fIbp\fR \s-1BIO\s0 parameter (if present) specifies the \s-1BIO\s0 to read from +or write to. +.PP +The \fIfp\fR \s-1FILE\s0 parameter (if present) specifies the \s-1FILE\s0 pointer to +read from or write to. +.PP +The \s-1PEM\s0 read functions all take an argument \fI\f(BI\s-1TYPE\s0\fI **x\fR and return +a \fI\f(BI\s-1TYPE\s0\fI *\fR pointer. Where \fI\f(BI\s-1TYPE\s0\fI\fR is whatever structure the function +uses. If \fIx\fR is \s-1NULL\s0 then the parameter is ignored. If \fIx\fR is not +\&\s-1NULL\s0 but \fI*x\fR is \s-1NULL\s0 then the structure returned will be written +to \fI*x\fR. If neither \fIx\fR nor \fI*x\fR is \s-1NULL\s0 then an attempt is made +to reuse the structure at \fI*x\fR (but see \s-1BUGS\s0 and \s-1EXAMPLES\s0 sections). +Irrespective of the value of \fIx\fR a pointer to the structure is always +returned (or \s-1NULL\s0 if an error occurred). +.PP +The \s-1PEM\s0 functions which write private keys take an \fIenc\fR parameter +which specifies the encryption algorithm to use, encryption is done +at the \s-1PEM\s0 level. If this parameter is set to \s-1NULL\s0 then the private +key is written in unencrypted form. +.PP +The \fIcb\fR argument is the callback to use when querying for the pass +phrase used for encrypted \s-1PEM\s0 structures (normally only private keys). +.PP +For the \s-1PEM\s0 write routines if the \fIkstr\fR parameter is not \s-1NULL\s0 then +\&\fIklen\fR bytes at \fIkstr\fR are used as the passphrase and \fIcb\fR is +ignored. +.PP +If the \fIcb\fR parameters is set to \s-1NULL\s0 and the \fIu\fR parameter is not +\&\s-1NULL\s0 then the \fIu\fR parameter is interpreted as a null terminated string +to use as the passphrase. If both \fIcb\fR and \fIu\fR are \s-1NULL\s0 then the +default callback routine is used which will typically prompt for the +passphrase on the current terminal with echoing turned off. +.PP +The default passphrase callback is sometimes inappropriate (for example +in a \s-1GUI\s0 application) so an alternative can be supplied. The callback +routine has the following form: +.PP +.Vb 1 +\& int cb(char *buf, int size, int rwflag, void *u); +.Ve +.PP +\&\fIbuf\fR is the buffer to write the passphrase to. \fIsize\fR is the maximum +length of the passphrase (i.e. the size of buf). \fIrwflag\fR is a flag +which is set to 0 when reading and 1 when writing. A typical routine +will ask the user to verify the passphrase (for example by prompting +for it twice) if \fIrwflag\fR is 1. The \fIu\fR parameter has the same +value as the \fIu\fR parameter passed to the \s-1PEM\s0 routine. It allows +arbitrary data to be passed to the callback by the application +(for example a window handle in a \s-1GUI\s0 application). The callback +\&\fImust\fR return the number of characters in the passphrase or \-1 if +an error occurred. +.SH "NOTES" +.IX Header "NOTES" +The old \fBPrivateKey\fR write routines are retained for compatibility. +New applications should write private keys using the +\&\fIPEM_write_bio_PKCS8PrivateKey()\fR or \fIPEM_write_PKCS8PrivateKey()\fR routines +because they are more secure (they use an iteration count of 2048 whereas +the traditional routines use a count of 1) unless compatibility with older +versions of OpenSSL is important. +.PP +The \fBPrivateKey\fR read routines can be used in all applications because +they handle all formats transparently. +.PP +A frequent cause of problems is attempting to use the \s-1PEM\s0 routines like +this: +.PP +.Vb 1 +\& X509 *x; +\& +\& PEM_read_bio_X509(bp, &x, 0, NULL); +.Ve +.PP +this is a bug because an attempt will be made to reuse the data at \fIx\fR +which is an uninitialised pointer. +.PP +These functions make no assumption regarding the pass phrase received from the +password callback. +It will simply be treated as a byte sequence. +.SH "PEM ENCRYPTION FORMAT" +.IX Header "PEM ENCRYPTION FORMAT" +These old \fBPrivateKey\fR routines use a non standard technique for encryption. +.PP +The private key (or other data) takes the following form: +.PP +.Vb 3 +\& \-\-\-\-\-BEGIN RSA PRIVATE KEY\-\-\-\-\- +\& Proc\-Type: 4,ENCRYPTED +\& DEK\-Info: DES\-EDE3\-CBC,3F17F5316E2BAC89 +\& +\& ...base64 encoded data... +\& \-\-\-\-\-END RSA PRIVATE KEY\-\-\-\-\- +.Ve +.PP +The line beginning with \fIProc-Type\fR contains the version and the +protection on the encapsulated data. The line beginning \fIDEK-Info\fR +contains two comma separated values: the encryption algorithm name as +used by \fIEVP_get_cipherbyname()\fR and an initialization vector used by the +cipher encoded as a set of hexadecimal digits. After those two lines is +the base64\-encoded encrypted data. +.PP +The encryption key is derived using \fIEVP_BytesToKey()\fR. The cipher's +initialization vector is passed to \fIEVP_BytesToKey()\fR as the \fIsalt\fR +parameter. Internally, \fB\s-1PKCS5_SALT_LEN\s0\fR bytes of the salt are used +(regardless of the size of the initialization vector). The user's +password is passed to \fIEVP_BytesToKey()\fR using the \fIdata\fR and \fIdatal\fR +parameters. Finally, the library uses an iteration count of 1 for +\&\fIEVP_BytesToKey()\fR. +.PP +The \fIkey\fR derived by \fIEVP_BytesToKey()\fR along with the original initialization +vector is then used to decrypt the encrypted data. The \fIiv\fR produced by +\&\fIEVP_BytesToKey()\fR is not utilized or needed, and \s-1NULL\s0 should be passed to +the function. +.PP +The pseudo code to derive the key would look similar to: +.PP +.Vb 2 +\& EVP_CIPHER* cipher = EVP_des_ede3_cbc(); +\& EVP_MD* md = EVP_md5(); +\& +\& unsigned int nkey = EVP_CIPHER_key_length(cipher); +\& unsigned int niv = EVP_CIPHER_iv_length(cipher); +\& unsigned char key[nkey]; +\& unsigned char iv[niv]; +\& +\& memcpy(iv, HexToBin("3F17F5316E2BAC89"), niv); +\& rc = EVP_BytesToKey(cipher, md, iv /*salt*/, pword, plen, 1, key, NULL /*iv*/); +\& if (rc != nkey) +\& /* Error */ +\& +\& /* On success, use key and iv to initialize the cipher */ +.Ve +.SH "BUGS" +.IX Header "BUGS" +The \s-1PEM\s0 read routines in some versions of OpenSSL will not correctly reuse +an existing structure. Therefore the following: +.PP +.Vb 1 +\& PEM_read_bio_X509(bp, &x, 0, NULL); +.Ve +.PP +where \fIx\fR already contains a valid certificate, may not work, whereas: +.PP +.Vb 2 +\& X509_free(x); +\& x = PEM_read_bio_X509(bp, NULL, 0, NULL); +.Ve +.PP +is guaranteed to work. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The read routines return either a pointer to the structure read or \s-1NULL\s0 +if an error occurred. +.PP +The write routines return 1 for success or 0 for failure. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Although the \s-1PEM\s0 routines take several arguments in almost all applications +most of them are set to 0 or \s-1NULL\s0. +.PP +Read a certificate in \s-1PEM\s0 format from a \s-1BIO:\s0 +.PP +.Vb 1 +\& X509 *x; +\& +\& x = PEM_read_bio_X509(bp, NULL, 0, NULL); +\& if (x == NULL) +\& /* Error */ +.Ve +.PP +Alternative method: +.PP +.Vb 1 +\& X509 *x = NULL; +\& +\& if (!PEM_read_bio_X509(bp, &x, 0, NULL)) +\& /* Error */ +.Ve +.PP +Write a certificate to a \s-1BIO:\s0 +.PP +.Vb 2 +\& if (!PEM_write_bio_X509(bp, x)) +\& /* Error */ +.Ve +.PP +Write a private key (using traditional format) to a \s-1BIO\s0 using +triple \s-1DES\s0 encryption, the pass phrase is prompted for: +.PP +.Vb 2 +\& if (!PEM_write_bio_PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, NULL)) +\& /* Error */ +.Ve +.PP +Write a private key (using PKCS#8 format) to a \s-1BIO\s0 using triple +\&\s-1DES\s0 encryption, using the pass phrase \*(L"hello\*(R": +.PP +.Vb 3 +\& if (!PEM_write_bio_PKCS8PrivateKey(bp, key, EVP_des_ede3_cbc(), +\& NULL, 0, 0, "hello")) +\& /* Error */ +.Ve +.PP +Read a private key from a \s-1BIO\s0 using a pass phrase callback: +.PP +.Vb 3 +\& key = PEM_read_bio_PrivateKey(bp, NULL, pass_cb, "My Private Key"); +\& if (key == NULL) +\& /* Error */ +.Ve +.PP +Skeleton pass phrase callback: +.PP +.Vb 2 +\& int pass_cb(char *buf, int size, int rwflag, void *u) +\& { +\& +\& /* We\*(Aqd probably do something else if \*(Aqrwflag\*(Aq is 1 */ +\& printf("Enter pass phrase for \e"%s\e"\en", (char *)u); +\& +\& /* get pass phrase, length \*(Aqlen\*(Aq into \*(Aqtmp\*(Aq */ +\& char *tmp = "hello"; +\& if (tmp == NULL) /* An error occurred */ +\& return \-1; +\& +\& size_t len = strlen(tmp); +\& +\& if (len > size) +\& len = size; +\& memcpy(buf, tmp, len); +\& return len; +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_EncryptInit\fR\|(3), \fIEVP_BytesToKey\fR\|(3), +\&\fIpassphrase\-encoding\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The old Netscape certificate sequences were no longer documented +in OpenSSL 1.1.0; applications should use the \s-1PKCS7\s0 standard instead +as they will be formally deprecated in a future releases. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/PEM_read_bio_ex.3 b/linux_amd64/share/man/man3/PEM_read_bio_ex.3 new file mode 100755 index 0000000..b339114 --- /dev/null +++ b/linux_amd64/share/man/man3/PEM_read_bio_ex.3 @@ -0,0 +1,191 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PEM_READ_BIO_EX 3" +.TH PEM_READ_BIO_EX 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PEM_read_bio_ex, PEM_FLAG_SECURE, PEM_FLAG_EAY_COMPATIBLE, +PEM_FLAG_ONLY_B64 \- read PEM format files with custom processing +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& #define PEM_FLAG_SECURE 0x1 +\& #define PEM_FLAG_EAY_COMPATIBLE 0x2 +\& #define PEM_FLAG_ONLY_B64 0x4 +\& int PEM_read_bio_ex(BIO *in, char **name, char **header, +\& unsigned char **data, long *len, unsigned int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIPEM_read_bio_ex()\fR reads in \s-1PEM\s0 formatted data from an input \s-1BIO\s0, outputting +the name of the type of contained data, the header information regarding +the possibly encrypted data, and the binary data payload (after base64 decoding). +It should generally only be used to implement PEM_read_bio_\-family functions +for specific data types or other usage, but is exposed to allow greater flexibility +over how processing is performed, if needed. +.PP +If \s-1PEM_FLAG_SECURE\s0 is set, the intermediate buffers used to read in lines of +input are allocated from the secure heap. +.PP +If \s-1PEM_FLAG_EAY_COMPATIBLE\s0 is set, a simple algorithm is used to remove whitespace +and control characters from the end of each line, so as to be compatible with +the historical behavior of \fIPEM_read_bio()\fR. +.PP +If \s-1PEM_FLAG_ONLY_B64\s0 is set, all characters are required to be valid base64 +characters (or newlines); non\-base64 characters are treated as end of input. +.PP +If neither \s-1PEM_FLAG_EAY_COMPATIBLE\s0 or \s-1PEM_FLAG_ONLY_B64\s0 is set, control characters +are ignored. +.PP +If both \s-1PEM_FLAG_EAY_COMPATIBLE\s0 and \s-1PEM_FLAG_ONLY_B64\s0 are set, an error is returned; +these options are not compatible with each other. +.SH "NOTES" +.IX Header "NOTES" +The caller must release the storage allocated for *name, *header, and *data. +If \s-1PEM_FLAG_SECURE\s0 was set, use \fIOPENSSL_secure_free()\fR; otherwise, +\&\fIOPENSSL_free()\fR is used. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIPEM_read_bio_ex()\fR returns 1 for success or 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIPEM_bytes_read_bio\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fIPEM_read_bio_ex()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/PEM_write_bio_CMS_stream.3 b/linux_amd64/share/man/man3/PEM_write_bio_CMS_stream.3 new file mode 100755 index 0000000..d04d8ab --- /dev/null +++ b/linux_amd64/share/man/man3/PEM_write_bio_CMS_stream.3 @@ -0,0 +1,171 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PEM_WRITE_BIO_CMS_STREAM 3" +.TH PEM_WRITE_BIO_CMS_STREAM 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PEM_write_bio_CMS_stream \- output CMS_ContentInfo structure in PEM format +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *data, int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIPEM_write_bio_CMS_stream()\fR outputs a CMS_ContentInfo structure in \s-1PEM\s0 format. +.PP +It is otherwise identical to the function \fISMIME_write_CMS()\fR. +.SH "NOTES" +.IX Header "NOTES" +This function is effectively a version of the \fIPEM_write_bio_CMS()\fR supporting +streaming. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIPEM_write_bio_CMS_stream()\fR returns 1 for success or 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3), +\&\fICMS_verify\fR\|(3), \fICMS_encrypt\fR\|(3) +\&\fICMS_decrypt\fR\|(3), +\&\fIPEM_write\fR\|(3), +\&\fISMIME_write_CMS\fR\|(3), +\&\fIi2d_CMS_bio_stream\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fIPEM_write_bio_CMS_stream()\fR function was added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/PEM_write_bio_PKCS7_stream.3 b/linux_amd64/share/man/man3/PEM_write_bio_PKCS7_stream.3 new file mode 100755 index 0000000..655a9ad --- /dev/null +++ b/linux_amd64/share/man/man3/PEM_write_bio_PKCS7_stream.3 @@ -0,0 +1,170 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PEM_WRITE_BIO_PKCS7_STREAM 3" +.TH PEM_WRITE_BIO_PKCS7_STREAM 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PEM_write_bio_PKCS7_stream \- output PKCS7 structure in PEM format +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *data, int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIPEM_write_bio_PKCS7_stream()\fR outputs a \s-1PKCS7\s0 structure in \s-1PEM\s0 format. +.PP +It is otherwise identical to the function \fISMIME_write_PKCS7()\fR. +.SH "NOTES" +.IX Header "NOTES" +This function is effectively a version of the \fIPEM_write_bio_PKCS7()\fR supporting +streaming. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIPEM_write_bio_PKCS7_stream()\fR returns 1 for success or 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fIPKCS7_sign\fR\|(3), +\&\fIPKCS7_verify\fR\|(3), \fIPKCS7_encrypt\fR\|(3) +\&\fIPKCS7_decrypt\fR\|(3), +\&\fISMIME_write_PKCS7\fR\|(3), +\&\fIi2d_PKCS7_bio_stream\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fIPEM_write_bio_PKCS7_stream()\fR function was added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2007\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/PKCS12_SAFEBAG_get0_attrs.3 b/linux_amd64/share/man/man3/PKCS12_SAFEBAG_get0_attrs.3 new file mode 100755 index 0000000..1d95ae4 --- /dev/null +++ b/linux_amd64/share/man/man3/PKCS12_SAFEBAG_get0_attrs.3 @@ -0,0 +1,172 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS12_SAFEBAG_GET0_ATTRS 3" +.TH PKCS12_SAFEBAG_GET0_ATTRS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS12_SAFEBAG_get0_attrs, PKCS12_get_attr_gen \- Retrieve attributes from a PKCS#12 safeBag +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const STACK_OF(X509_ATTRIBUTE) *PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag); +\& +\& ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs, +\& int attr_nid) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIPKCS12_SAFEBAG_get0_attrs()\fR retrieves the stack of \fBX509_ATTRIBUTE\fRs from a +PKCS#12 safeBag. \fIbag\fR is the \fB\s-1PKCS12_SAFEBAG\s0\fR to retrieve the attributes from. +.PP +\&\fIPKCS12_get_attr_gen()\fR retrieves an attribute by \s-1NID\s0 from a stack of +\&\fBX509_ATTRIBUTE\fRs. \fIattr_nid\fR is the \s-1NID\s0 of the attribute to retrieve. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIPKCS12_SAFEBAG_get0_attrs()\fR returns the stack of \fBX509_ATTRIBUTE\fRs from a +PKCS#12 safeBag, which could be empty. +.PP +\&\fIPKCS12_get_attr_gen()\fR returns an \fB\s-1ASN1_TYPE\s0\fR object containing the attribute, +or \s-1NULL\s0 if the attribute was either not present or an error occurred. +.PP +\&\fIPKCS12_get_attr_gen()\fR does not allocate a new attribute. The returned attribute +is still owned by the \fB\s-1PKCS12_SAFEBAG\s0\fR in which it resides. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIPKCS12_get_friendlyname\fR\|(3), +\&\fIPKCS12_add_friendlyname_asc\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/PKCS12_add_CSPName_asc.3 b/linux_amd64/share/man/man3/PKCS12_add_CSPName_asc.3 new file mode 100755 index 0000000..3ef7360 --- /dev/null +++ b/linux_amd64/share/man/man3/PKCS12_add_CSPName_asc.3 @@ -0,0 +1,159 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS12_ADD_CSPNAME_ASC 3" +.TH PKCS12_ADD_CSPNAME_ASC 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS12_add_CSPName_asc \- Add a Microsoft CSP Name attribute to a PKCS#12 safeBag +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name, int namelen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIPKCS12_add_CSPName_asc()\fR adds an \s-1ASCII\s0 string representation of the Microsoft \s-1CSP\s0 Name attribute to a PKCS#12 safeBag. +.PP +\&\fIbag\fR is the \fB\s-1PKCS12_SAFEBAG\s0\fR to add the attribute to. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Returns 1 for success or 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIPKCS12_add_friendlyname_asc\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/PKCS12_add_friendlyname_asc.3 b/linux_amd64/share/man/man3/PKCS12_add_friendlyname_asc.3 new file mode 100755 index 0000000..640cd55 --- /dev/null +++ b/linux_amd64/share/man/man3/PKCS12_add_friendlyname_asc.3 @@ -0,0 +1,175 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS12_ADD_FRIENDLYNAME_ASC 3" +.TH PKCS12_ADD_FRIENDLYNAME_ASC 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS12_add_friendlyname_asc, PKCS12_add_friendlyname_utf8, +PKCS12_add_friendlyname_uni \- Functions to add the friendlyname attribute to a +PKCS#12 safeBag +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name, +\& int namelen); +\& +\& int PKCS12_add_friendlyname_utf8(PKCS12_SAFEBAG *bag, const char *name, +\& int namelen); +\& +\& int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, +\& const unsigned char *name, int namelen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIPKCS12_add_friendlyname_asc()\fR adds an \s-1ASCII\s0 string representation of the PKCS#9 +friendlyName attribute to a PKCS#12 safeBag. +.PP +\&\fIPKCS12_add_friendlyname_utf8()\fR adds a \s-1UTF\-8\s0 string representation of the PKCS#9 +friendlyName attribute to a PKCS#12 safeBag. +.PP +\&\fIPKCS12_add_friendlyname_uni()\fR adds a Unicode string representation of the PKCS#9 +friendlyName attribute to a PKCS#12 safeBag. +.PP +\&\fIbag\fR is the \fB\s-1PKCS12_SAFEBAG\s0\fR to add the attribute to. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Returns 1 for success or 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIPKCS12_get_friendlyname\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/PKCS12_add_localkeyid.3 b/linux_amd64/share/man/man3/PKCS12_add_localkeyid.3 new file mode 100755 index 0000000..6c748cd --- /dev/null +++ b/linux_amd64/share/man/man3/PKCS12_add_localkeyid.3 @@ -0,0 +1,161 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS12_ADD_LOCALKEYID 3" +.TH PKCS12_ADD_LOCALKEYID 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS12_add_localkeyid \- Add the localKeyId attribute to a PKCS#12 safeBag +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, const char *name, +\& int namelen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIPKCS12_add_localkeyid()\fR adds an octet string representation of the PKCS#9 +localKeyId attribute to a PKCS#12 safeBag. +.PP +\&\fIbag\fR is the \fB\s-1PKCS12_SAFEBAG\s0\fR to add the attribute to. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Returns 1 for success or 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIPKCS12_add_friendlyname_asc\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/PKCS12_create.3 b/linux_amd64/share/man/man3/PKCS12_create.3 new file mode 100755 index 0000000..ec5452b --- /dev/null +++ b/linux_amd64/share/man/man3/PKCS12_create.3 @@ -0,0 +1,208 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS12_CREATE 3" +.TH PKCS12_CREATE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS12_create \- create a PKCS#12 structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey, +\& X509 *cert, STACK_OF(X509) *ca, +\& int nid_key, int nid_cert, int iter, int mac_iter, int keytype); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIPKCS12_create()\fR creates a PKCS#12 structure. +.PP +\&\fBpass\fR is the passphrase to use. \fBname\fR is the \fBfriendlyName\fR to use for +the supplied certificate and key. \fBpkey\fR is the private key to include in +the structure and \fBcert\fR its corresponding certificates. \fBca\fR, if not \fB\s-1NULL\s0\fR +is an optional set of certificates to also include in the structure. +.PP +\&\fBnid_key\fR and \fBnid_cert\fR are the encryption algorithms that should be used +for the key and certificate respectively. The modes +\&\s-1GCM\s0, \s-1CCM\s0, \s-1XTS\s0, and \s-1OCB\s0 are unsupported. \fBiter\fR is the encryption algorithm +iteration count to use and \fBmac_iter\fR is the \s-1MAC\s0 iteration count to use. +\&\fBkeytype\fR is the type of key. +.SH "NOTES" +.IX Header "NOTES" +The parameters \fBnid_key\fR, \fBnid_cert\fR, \fBiter\fR, \fBmac_iter\fR and \fBkeytype\fR +can all be set to zero and sensible defaults will be used. +.PP +These defaults are: 40 bit \s-1RC2\s0 encryption for certificates, triple \s-1DES\s0 +encryption for private keys, a key iteration count of \s-1PKCS12_DEFAULT_ITER\s0 +(currently 2048) and a \s-1MAC\s0 iteration count of 1. +.PP +The default \s-1MAC\s0 iteration count is 1 in order to retain compatibility with +old software which did not interpret \s-1MAC\s0 iteration counts. If such compatibility +is not required then \fBmac_iter\fR should be set to \s-1PKCS12_DEFAULT_ITER\s0. +.PP +\&\fBkeytype\fR adds a flag to the store private key. This is a non standard extension +that is only currently interpreted by \s-1MSIE\s0. If set to zero the flag is omitted, +if set to \fB\s-1KEY_SIG\s0\fR the key can be used for signing only, if set to \fB\s-1KEY_EX\s0\fR +it can be used for signing and encryption. This option was useful for old +export grade software which could use signing only keys of arbitrary size but +had restrictions on the permissible sizes of keys which could be used for +encryption. +.PP +If a certificate contains an \fBalias\fR or \fBkeyid\fR then this will be +used for the corresponding \fBfriendlyName\fR or \fBlocalKeyID\fR in the +\&\s-1PKCS12\s0 structure. +.PP +Either \fBpkey\fR, \fBcert\fR or both can be \fB\s-1NULL\s0\fR to indicate that no key or +certificate is required. In previous versions both had to be present or +a fatal error is returned. +.PP +\&\fBnid_key\fR or \fBnid_cert\fR can be set to \-1 indicating that no encryption +should be used. +.PP +\&\fBmac_iter\fR can be set to \-1 and the \s-1MAC\s0 will then be omitted entirely. +.PP +\&\fIPKCS12_create()\fR makes assumptions regarding the encoding of the given pass +phrase. +See \fIpassphrase\-encoding\fR\|(7) for more information. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIPKCS12_create()\fR returns a valid \fB\s-1PKCS12\s0\fR structure or \s-1NULL\s0 if an error occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fId2i_PKCS12\fR\|(3), +\&\fIpassphrase\-encoding\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/PKCS12_get_friendlyname.3 b/linux_amd64/share/man/man3/PKCS12_get_friendlyname.3 new file mode 100755 index 0000000..5332e48 --- /dev/null +++ b/linux_amd64/share/man/man3/PKCS12_get_friendlyname.3 @@ -0,0 +1,162 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS12_GET_FRIENDLYNAME 3" +.TH PKCS12_GET_FRIENDLYNAME 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS12_get_friendlyname \- Retrieve the friendlyname attribute from a PKCS#12 safeBag +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIPKCS12_get_friendlyname()\fR retrieves a \s-1UTF\-8\s0 string representation of the PKCS#9 +friendlyName attribute for a PKCS#12 safeBag item. +.PP +\&\fIbag\fR is the \fB\s-1PKCS12_SAFEBAG\s0\fR to retrieve the attribute from. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +A \s-1UTF\-8\s0 string, or \s-1NULL\s0 if the attribute was either not present or an error occurred. +.PP +The returned string is allocated by OpenSSL and should be freed by the user. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIPKCS12_add_friendlyname_asc\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/PKCS12_newpass.3 b/linux_amd64/share/man/man3/PKCS12_newpass.3 new file mode 100755 index 0000000..44af9c2 --- /dev/null +++ b/linux_amd64/share/man/man3/PKCS12_newpass.3 @@ -0,0 +1,235 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS12_NEWPASS 3" +.TH PKCS12_NEWPASS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS12_newpass \- change the password of a PKCS12 structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIPKCS12_newpass()\fR changes the password of a \s-1PKCS12\s0 structure. +.PP +\&\fBp12\fR is a pointer to a \s-1PKCS12\s0 structure. \fBoldpass\fR is the existing password +and \fBnewpass\fR is the new password. +.PP +Each of \fBoldpass\fR and \fBnewpass\fR is independently interpreted as a string in +the \s-1UTF\-8\s0 encoding. If it is not valid \s-1UTF\-8\s0, it is assumed to be \s-1ISO8859\-1\s0 +instead. +.PP +In particular, this means that passwords in the locale character set +(or code page on Windows) must potentially be converted to \s-1UTF\-8\s0 before +use. This may include passwords from local text files, or input from +the terminal or command line. Refer to the documentation of +\&\fIUI_OpenSSL\fR\|(3), for example. +.PP +If the PKCS#12 structure does not have a password, then you must use the empty +string "" for \fBoldpass\fR. Using \s-1NULL\s0 for \fBoldpass\fR will result in a +\&\fIPKCS12_newpass()\fR failure. +.PP +If the wrong password is used for \fBoldpass\fR then the function will fail, +with a \s-1MAC\s0 verification error. In rare cases the \s-1PKCS12\s0 structure does not +contain a \s-1MAC:\s0 in this case it will usually fail with a decryption padding +error. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIPKCS12_newpass()\fR returns 1 on success or 0 on failure. Applications can +retrieve the most recent error from \fIPKCS12_newpass()\fR with \fIERR_get_error()\fR. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This example loads a PKCS#12 file, changes its password and writes out +the result to a new file. +.PP +.Vb 5 +\& #include +\& #include +\& #include +\& #include +\& #include +\& +\& int main(int argc, char **argv) +\& { +\& FILE *fp; +\& PKCS12 *p12; +\& +\& if (argc != 5) { +\& fprintf(stderr, "Usage: pkread p12file password newpass opfile\en"); +\& return 1; +\& } +\& if ((fp = fopen(argv[1], "rb")) == NULL) { +\& fprintf(stderr, "Error opening file %s\en", argv[1]); +\& return 1; +\& } +\& p12 = d2i_PKCS12_fp(fp, NULL); +\& fclose(fp); +\& if (p12 == NULL) { +\& fprintf(stderr, "Error reading PKCS#12 file\en"); +\& ERR_print_errors_fp(stderr); +\& return 1; +\& } +\& if (PKCS12_newpass(p12, argv[2], argv[3]) == 0) { +\& fprintf(stderr, "Error changing password\en"); +\& ERR_print_errors_fp(stderr); +\& PKCS12_free(p12); +\& return 1; +\& } +\& if ((fp = fopen(argv[4], "wb")) == NULL) { +\& fprintf(stderr, "Error opening file %s\en", argv[4]); +\& PKCS12_free(p12); +\& return 1; +\& } +\& i2d_PKCS12_fp(fp, p12); +\& PKCS12_free(p12); +\& fclose(fp); +\& return 0; +\& } +.Ve +.SH "BUGS" +.IX Header "BUGS" +The password format is a \s-1NULL\s0 terminated \s-1ASCII\s0 string which is converted to +Unicode form internally. As a result some passwords cannot be supplied to +this function. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIPKCS12_create\fR\|(3), \fIERR_get_error\fR\|(3), +\&\fIpassphrase\-encoding\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/PKCS12_parse.3 b/linux_amd64/share/man/man3/PKCS12_parse.3 new file mode 100755 index 0000000..f66b82b --- /dev/null +++ b/linux_amd64/share/man/man3/PKCS12_parse.3 @@ -0,0 +1,194 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS12_PARSE 3" +.TH PKCS12_PARSE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS12_parse \- parse a PKCS#12 structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, +\& STACK_OF(X509) **ca); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIPKCS12_parse()\fR parses a \s-1PKCS12\s0 structure. +.PP +\&\fBp12\fR is the \fB\s-1PKCS12\s0\fR structure to parse. \fBpass\fR is the passphrase to use. +If successful the private key will be written to \fB*pkey\fR, the corresponding +certificate to \fB*cert\fR and any additional certificates to \fB*ca\fR. +.SH "NOTES" +.IX Header "NOTES" +The parameters \fBpkey\fR and \fBcert\fR cannot be \fB\s-1NULL\s0\fR. \fBca\fR can be <\s-1NULL\s0> in +which case additional certificates will be discarded. \fB*ca\fR can also be a +valid \s-1STACK\s0 in which case additional certificates are appended to \fB*ca\fR. If +\&\fB*ca\fR is \fB\s-1NULL\s0\fR a new \s-1STACK\s0 will be allocated. +.PP +The \fBfriendlyName\fR and \fBlocalKeyID\fR attributes (if present) on each +certificate will be stored in the \fBalias\fR and \fBkeyid\fR attributes of the +\&\fBX509\fR structure. +.PP +The parameter \fBpass\fR is interpreted as a string in the \s-1UTF\-8\s0 encoding. If it +is not valid \s-1UTF\-8\s0, then it is assumed to be \s-1ISO8859\-1\s0 instead. +.PP +In particular, this means that passwords in the locale character set +(or code page on Windows) must potentially be converted to \s-1UTF\-8\s0 before +use. This may include passwords from local text files, or input from +the terminal or command line. Refer to the documentation of +\&\fIUI_OpenSSL\fR\|(3), for example. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIPKCS12_parse()\fR returns 1 for success and zero if an error occurred. +.PP +The error can be obtained from \fIERR_get_error\fR\|(3) +.SH "BUGS" +.IX Header "BUGS" +Only a single private key and corresponding certificate is returned by this +function. More complex PKCS#12 files with multiple private keys will only +return the first match. +.PP +Only \fBfriendlyName\fR and \fBlocalKeyID\fR attributes are currently stored in +certificates. Other attributes are discarded. +.PP +Attributes currently cannot be stored in the private key \fB\s-1EVP_PKEY\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fId2i_PKCS12\fR\|(3), +\&\fIpassphrase\-encoding\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/PKCS5_PBKDF2_HMAC.3 b/linux_amd64/share/man/man3/PKCS5_PBKDF2_HMAC.3 new file mode 100755 index 0000000..79c5c17 --- /dev/null +++ b/linux_amd64/share/man/man3/PKCS5_PBKDF2_HMAC.3 @@ -0,0 +1,199 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS5_PBKDF2_HMAC 3" +.TH PKCS5_PBKDF2_HMAC 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS5_PBKDF2_HMAC, PKCS5_PBKDF2_HMAC_SHA1 \- password based derivation routines with salt and iteration count +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, +\& const unsigned char *salt, int saltlen, int iter, +\& const EVP_MD *digest, +\& int keylen, unsigned char *out); +\& +\& int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, +\& const unsigned char *salt, int saltlen, int iter, +\& int keylen, unsigned char *out); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1\fIPKCS5_PBKDF2_HMAC\s0()\fR derives a key from a password using a salt and iteration count +as specified in \s-1RFC\s0 2898. +.PP +\&\fBpass\fR is the password used in the derivation of length \fBpasslen\fR. \fBpass\fR +is an optional parameter and can be \s-1NULL\s0. If \fBpasslen\fR is \-1, then the +function will calculate the length of \fBpass\fR using \fIstrlen()\fR. +.PP +\&\fBsalt\fR is the salt used in the derivation of length \fBsaltlen\fR. If the +\&\fBsalt\fR is \s-1NULL\s0, then \fBsaltlen\fR must be 0. The function will not +attempt to calculate the length of the \fBsalt\fR because it is not assumed to +be \s-1NULL\s0 terminated. +.PP +\&\fBiter\fR is the iteration count and its value should be greater than or +equal to 1. \s-1RFC\s0 2898 suggests an iteration count of at least 1000. Any +\&\fBiter\fR less than 1 is treated as a single iteration. +.PP +\&\fBdigest\fR is the message digest function used in the derivation. Values include +any of the EVP_* message digests. \s-1\fIPKCS5_PBKDF2_HMAC_SHA1\s0()\fR calls +\&\s-1\fIPKCS5_PBKDF2_HMAC\s0()\fR with \fIEVP_sha1()\fR. +.PP +The derived key will be written to \fBout\fR. The size of the \fBout\fR buffer +is specified via \fBkeylen\fR. +.SH "NOTES" +.IX Header "NOTES" +A typical application of this function is to derive keying material for an +encryption algorithm from a password in the \fBpass\fR, a salt in \fBsalt\fR, +and an iteration count. +.PP +Increasing the \fBiter\fR parameter slows down the algorithm which makes it +harder for an attacker to perform a brute force attack using a large number +of candidate passwords. +.PP +These functions make no assumption regarding the given password. +It will simply be treated as a byte sequence. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\s-1\fIPKCS5_PBKDF2_HMAC\s0()\fR and \s-1\fIPBKCS5_PBKDF2_HMAC_SHA1\s0()\fR return 1 on success or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIevp\fR\|(7), \fIRAND_bytes\fR\|(3), +\&\fIEVP_BytesToKey\fR\|(3), +\&\fIpassphrase\-encoding\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2014\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/PKCS7_decrypt.3 b/linux_amd64/share/man/man3/PKCS7_decrypt.3 new file mode 100755 index 0000000..ba32c54 --- /dev/null +++ b/linux_amd64/share/man/man3/PKCS7_decrypt.3 @@ -0,0 +1,178 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS7_DECRYPT 3" +.TH PKCS7_DECRYPT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS7_decrypt \- decrypt content from a PKCS#7 envelopedData structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIPKCS7_decrypt()\fR extracts and decrypts the content from a PKCS#7 envelopedData +structure. \fBpkey\fR is the private key of the recipient, \fBcert\fR is the +recipients certificate, \fBdata\fR is a \s-1BIO\s0 to write the content to and +\&\fBflags\fR is an optional set of flags. +.SH "NOTES" +.IX Header "NOTES" +Although the recipients certificate is not needed to decrypt the data it is needed +to locate the appropriate (of possible several) recipients in the PKCS#7 structure. +.PP +The following flags can be passed in the \fBflags\fR parameter. +.PP +If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are deleted +from the content. If the content is not of type \fBtext/plain\fR then an error is +returned. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIPKCS7_decrypt()\fR returns either 1 for success or 0 for failure. +The error can be obtained from \fIERR_get_error\fR\|(3) +.SH "BUGS" +.IX Header "BUGS" +\&\fIPKCS7_decrypt()\fR must be passed the correct recipient key and certificate. It would +be better if it could look up the correct key and certificate from a database. +.PP +The lack of single pass processing and need to hold all data in memory as +mentioned in \fIPKCS7_sign()\fR also applies to \fIPKCS7_verify()\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fIPKCS7_encrypt\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/PKCS7_encrypt.3 b/linux_amd64/share/man/man3/PKCS7_encrypt.3 new file mode 100755 index 0000000..a9fd1e1 --- /dev/null +++ b/linux_amd64/share/man/man3/PKCS7_encrypt.3 @@ -0,0 +1,207 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS7_ENCRYPT 3" +.TH PKCS7_ENCRYPT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS7_encrypt \- create a PKCS#7 envelopedData structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, +\& int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIPKCS7_encrypt()\fR creates and returns a PKCS#7 envelopedData structure. \fBcerts\fR +is a list of recipient certificates. \fBin\fR is the content to be encrypted. +\&\fBcipher\fR is the symmetric cipher to use. \fBflags\fR is an optional set of flags. +.PP +Only \s-1RSA\s0 keys are supported in PKCS#7 and envelopedData so the recipient +certificates supplied to this function must all contain \s-1RSA\s0 public keys, though +they do not have to be signed using the \s-1RSA\s0 algorithm. +.PP +\&\fIEVP_des_ede3_cbc()\fR (triple \s-1DES\s0) is the algorithm of choice for S/MIME use +because most clients will support it. +.PP +Some old \*(L"export grade\*(R" clients may only support weak encryption using 40 or 64 +bit \s-1RC2\s0. These can be used by passing \fIEVP_rc2_40_cbc()\fR and \fIEVP_rc2_64_cbc()\fR +respectively. +.PP +The algorithm passed in the \fBcipher\fR parameter must support \s-1ASN1\s0 encoding of +its parameters. +.PP +Many browsers implement a \*(L"sign and encrypt\*(R" option which is simply an S/MIME +envelopedData containing an S/MIME signed message. This can be readily produced +by storing the S/MIME signed message in a memory \s-1BIO\s0 and passing it to +\&\fIPKCS7_encrypt()\fR. +.PP +The following flags can be passed in the \fBflags\fR parameter. +.PP +If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are +prepended to the data. +.PP +Normally the supplied content is translated into \s-1MIME\s0 canonical format (as +required by the S/MIME specifications) if \fB\s-1PKCS7_BINARY\s0\fR is set no translation +occurs. This option should be used if the supplied data is in binary format +otherwise the translation will corrupt it. If \fB\s-1PKCS7_BINARY\s0\fR is set then +\&\fB\s-1PKCS7_TEXT\s0\fR is ignored. +.PP +If the \fB\s-1PKCS7_STREAM\s0\fR flag is set a partial \fB\s-1PKCS7\s0\fR structure is output +suitable for streaming I/O: no data is read from the \s-1BIO\s0 \fBin\fR. +.PP +If the flag \fB\s-1PKCS7_STREAM\s0\fR is set the returned \fB\s-1PKCS7\s0\fR structure is \fBnot\fR +complete and outputting its contents via a function that does not +properly finalize the \fB\s-1PKCS7\s0\fR structure will give unpredictable +results. +.PP +Several functions including \fISMIME_write_PKCS7()\fR, \fIi2d_PKCS7_bio_stream()\fR, +\&\fIPEM_write_bio_PKCS7_stream()\fR finalize the structure. Alternatively finalization +can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using +\&\fIBIO_new_PKCS7()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIPKCS7_encrypt()\fR returns either a \s-1PKCS7\s0 structure or \s-1NULL\s0 if an error occurred. +The error can be obtained from \fIERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fIPKCS7_decrypt\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fB\s-1PKCS7_STREAM\s0\fR flag was added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/PKCS7_sign.3 b/linux_amd64/share/man/man3/PKCS7_sign.3 new file mode 100755 index 0000000..551e551 --- /dev/null +++ b/linux_amd64/share/man/man3/PKCS7_sign.3 @@ -0,0 +1,241 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS7_SIGN 3" +.TH PKCS7_SIGN 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS7_sign \- create a PKCS#7 signedData structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, +\& BIO *data, int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIPKCS7_sign()\fR creates and returns a PKCS#7 signedData structure. \fBsigncert\fR is +the certificate to sign with, \fBpkey\fR is the corresponding private key. +\&\fBcerts\fR is an optional additional set of certificates to include in the PKCS#7 +structure (for example any intermediate CAs in the chain). +.PP +The data to be signed is read from \s-1BIO\s0 \fBdata\fR. +.PP +\&\fBflags\fR is an optional set of flags. +.PP +Any of the following flags (ored together) can be passed in the \fBflags\fR +parameter. +.PP +Many S/MIME clients expect the signed content to include valid \s-1MIME\s0 headers. If +the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are prepended +to the data. +.PP +If \fB\s-1PKCS7_NOCERTS\s0\fR is set the signer's certificate will not be included in the +\&\s-1PKCS7\s0 structure, the signer's certificate must still be supplied in the +\&\fBsigncert\fR parameter though. This can reduce the size of the signature if the +signers certificate can be obtained by other means: for example a previously +signed message. +.PP +The data being signed is included in the \s-1PKCS7\s0 structure, unless +\&\fB\s-1PKCS7_DETACHED\s0\fR is set in which case it is omitted. This is used for \s-1PKCS7\s0 +detached signatures which are used in S/MIME plaintext signed messages for +example. +.PP +Normally the supplied content is translated into \s-1MIME\s0 canonical format (as +required by the S/MIME specifications) if \fB\s-1PKCS7_BINARY\s0\fR is set no translation +occurs. This option should be used if the supplied data is in binary format +otherwise the translation will corrupt it. +.PP +The signedData structure includes several PKCS#7 authenticatedAttributes +including the signing time, the PKCS#7 content type and the supported list of +ciphers in an SMIMECapabilities attribute. If \fB\s-1PKCS7_NOATTR\s0\fR is set then no +authenticatedAttributes will be used. If \fB\s-1PKCS7_NOSMIMECAP\s0\fR is set then just +the SMIMECapabilities are omitted. +.PP +If present the SMIMECapabilities attribute indicates support for the following +algorithms: triple \s-1DES\s0, 128 bit \s-1RC2\s0, 64 bit \s-1RC2\s0, \s-1DES\s0 and 40 bit \s-1RC2\s0. If any of +these algorithms is disabled then it will not be included. +.PP +If the flags \fB\s-1PKCS7_STREAM\s0\fR is set then the returned \fB\s-1PKCS7\s0\fR structure is +just initialized ready to perform the signing operation. The signing is however +\&\fBnot\fR performed and the data to be signed is not read from the \fBdata\fR +parameter. Signing is deferred until after the data has been written. In this +way data can be signed in a single pass. +.PP +If the \fB\s-1PKCS7_PARTIAL\s0\fR flag is set a partial \fB\s-1PKCS7\s0\fR structure is output to +which additional signers and capabilities can be added before finalization. +.PP +If the flag \fB\s-1PKCS7_STREAM\s0\fR is set the returned \fB\s-1PKCS7\s0\fR structure is \fBnot\fR +complete and outputting its contents via a function that does not properly +finalize the \fB\s-1PKCS7\s0\fR structure will give unpredictable results. +.PP +Several functions including \fISMIME_write_PKCS7()\fR, \fIi2d_PKCS7_bio_stream()\fR, +\&\fIPEM_write_bio_PKCS7_stream()\fR finalize the structure. Alternatively finalization +can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using +\&\fIBIO_new_PKCS7()\fR. +.PP +If a signer is specified it will use the default digest for the signing +algorithm. This is \fB\s-1SHA1\s0\fR for both \s-1RSA\s0 and \s-1DSA\s0 keys. +.PP +The \fBcerts\fR, \fBsigncert\fR and \fBpkey\fR parameters can all be +\&\fB\s-1NULL\s0\fR if the \fB\s-1PKCS7_PARTIAL\s0\fR flag is set. One or more signers can be added +using the function \fIPKCS7_sign_add_signer()\fR. \fIPKCS7_final()\fR must also be +called to finalize the structure if streaming is not enabled. Alternative +signing digests can also be specified using this method. +.PP +If \fBsigncert\fR and \fBpkey\fR are \s-1NULL\s0 then a certificates only +PKCS#7 structure is output. +.PP +In versions of OpenSSL before 1.0.0 the \fBsigncert\fR and \fBpkey\fR parameters must +\&\fB\s-1NOT\s0\fR be \s-1NULL\s0. +.SH "BUGS" +.IX Header "BUGS" +Some advanced attributes such as counter signatures are not supported. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIPKCS7_sign()\fR returns either a valid \s-1PKCS7\s0 structure or \s-1NULL\s0 if an error +occurred. The error can be obtained from \fIERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fIPKCS7_verify\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fB\s-1PKCS7_PARTIAL\s0\fR flag, and the ability for \fBcerts\fR, \fBsigncert\fR, +and \fBpkey\fR parameters to be \fB\s-1NULL\s0\fR were added in OpenSSL 1.0.0. +.PP +The \fB\s-1PKCS7_STREAM\s0\fR flag was added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/PKCS7_sign_add_signer.3 b/linux_amd64/share/man/man3/PKCS7_sign_add_signer.3 new file mode 100755 index 0000000..b9a8421 --- /dev/null +++ b/linux_amd64/share/man/man3/PKCS7_sign_add_signer.3 @@ -0,0 +1,215 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS7_SIGN_ADD_SIGNER 3" +.TH PKCS7_SIGN_ADD_SIGNER 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS7_sign_add_signer \- add a signer PKCS7 signed data structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert, +\& EVP_PKEY *pkey, const EVP_MD *md, int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIPKCS7_sign_add_signer()\fR adds a signer with certificate \fBsigncert\fR and private +key \fBpkey\fR using message digest \fBmd\fR to a \s-1PKCS7\s0 signed data structure +\&\fBp7\fR. +.PP +The \s-1PKCS7\s0 structure should be obtained from an initial call to \fIPKCS7_sign()\fR +with the flag \fB\s-1PKCS7_PARTIAL\s0\fR set or in the case or re-signing a valid \s-1PKCS7\s0 +signed data structure. +.PP +If the \fBmd\fR parameter is \fB\s-1NULL\s0\fR then the default digest for the public +key algorithm will be used. +.PP +Unless the \fB\s-1PKCS7_REUSE_DIGEST\s0\fR flag is set the returned \s-1PKCS7\s0 structure +is not complete and must be finalized either by streaming (if applicable) or +a call to \fIPKCS7_final()\fR. +.SH "NOTES" +.IX Header "NOTES" +The main purpose of this function is to provide finer control over a PKCS#7 +signed data structure where the simpler \fIPKCS7_sign()\fR function defaults are +not appropriate. For example if multiple signers or non default digest +algorithms are needed. +.PP +Any of the following flags (ored together) can be passed in the \fBflags\fR +parameter. +.PP +If \fB\s-1PKCS7_REUSE_DIGEST\s0\fR is set then an attempt is made to copy the content +digest value from the \s-1PKCS7\s0 structure: to add a signer to an existing structure. +An error occurs if a matching digest value cannot be found to copy. The +returned \s-1PKCS7\s0 structure will be valid and finalized when this flag is set. +.PP +If \fB\s-1PKCS7_PARTIAL\s0\fR is set in addition to \fB\s-1PKCS7_REUSE_DIGEST\s0\fR then the +\&\fB\s-1PKCS7_SIGNER_INO\s0\fR structure will not be finalized so additional attributes +can be added. In this case an explicit call to \fIPKCS7_SIGNER_INFO_sign()\fR is +needed to finalize it. +.PP +If \fB\s-1PKCS7_NOCERTS\s0\fR is set the signer's certificate will not be included in the +\&\s-1PKCS7\s0 structure, the signer's certificate must still be supplied in the +\&\fBsigncert\fR parameter though. This can reduce the size of the signature if the +signers certificate can be obtained by other means: for example a previously +signed message. +.PP +The signedData structure includes several PKCS#7 authenticatedAttributes +including the signing time, the PKCS#7 content type and the supported list of +ciphers in an SMIMECapabilities attribute. If \fB\s-1PKCS7_NOATTR\s0\fR is set then no +authenticatedAttributes will be used. If \fB\s-1PKCS7_NOSMIMECAP\s0\fR is set then just +the SMIMECapabilities are omitted. +.PP +If present the SMIMECapabilities attribute indicates support for the following +algorithms: triple \s-1DES\s0, 128 bit \s-1RC2\s0, 64 bit \s-1RC2\s0, \s-1DES\s0 and 40 bit \s-1RC2\s0. If any of +these algorithms is disabled then it will not be included. +.PP +\&\fIPKCS7_sign_add_signers()\fR returns an internal pointer to the \s-1PKCS7_SIGNER_INFO\s0 +structure just added, this can be used to set additional attributes +before it is finalized. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIPKCS7_sign_add_signers()\fR returns an internal pointer to the \s-1PKCS7_SIGNER_INFO\s0 +structure just added or \s-1NULL\s0 if an error occurs. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fIPKCS7_sign\fR\|(3), +\&\fIPKCS7_final\fR\|(3), +.SH "HISTORY" +.IX Header "HISTORY" +The \fIPPKCS7_sign_add_signer()\fR function was added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2007\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/PKCS7_verify.3 b/linux_amd64/share/man/man3/PKCS7_verify.3 new file mode 100755 index 0000000..e42ac83 --- /dev/null +++ b/linux_amd64/share/man/man3/PKCS7_verify.3 @@ -0,0 +1,249 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS7_VERIFY 3" +.TH PKCS7_VERIFY 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS7_verify, PKCS7_get0_signers \- verify a PKCS#7 signedData structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, +\& BIO *indata, BIO *out, int flags); +\& +\& STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIPKCS7_verify()\fR verifies a PKCS#7 signedData structure. \fBp7\fR is the \s-1PKCS7\s0 +structure to verify. \fBcerts\fR is a set of certificates in which to search for +the signer's certificate. \fBstore\fR is a trusted certificate store (used for +chain verification). \fBindata\fR is the signed data if the content is not +present in \fBp7\fR (that is it is detached). The content is written to \fBout\fR +if it is not \s-1NULL\s0. +.PP +\&\fBflags\fR is an optional set of flags, which can be used to modify the verify +operation. +.PP +\&\fIPKCS7_get0_signers()\fR retrieves the signer's certificates from \fBp7\fR, it does +\&\fBnot\fR check their validity or whether any signatures are valid. The \fBcerts\fR +and \fBflags\fR parameters have the same meanings as in \fIPKCS7_verify()\fR. +.SH "VERIFY PROCESS" +.IX Header "VERIFY PROCESS" +Normally the verify process proceeds as follows. +.PP +Initially some sanity checks are performed on \fBp7\fR. The type of \fBp7\fR must +be signedData. There must be at least one signature on the data and if +the content is detached \fBindata\fR cannot be \fB\s-1NULL\s0\fR. If the content is +not detached and \fBindata\fR is not \fB\s-1NULL\s0\fR, then the structure has both +embedded and external content. To treat this as an error, use the flag +\&\fB\s-1PKCS7_NO_DUAL_CONTENT\s0\fR. +The default behavior allows this, for compatibility with older +versions of OpenSSL. +.PP +An attempt is made to locate all the signer's certificates, first looking in +the \fBcerts\fR parameter (if it is not \fB\s-1NULL\s0\fR) and then looking in any certificates +contained in the \fBp7\fR structure itself. If any signer's certificates cannot be +located the operation fails. +.PP +Each signer's certificate is chain verified using the \fBsmimesign\fR purpose and +the supplied trusted certificate store. Any internal certificates in the message +are used as untrusted CAs. If any chain verify fails an error code is returned. +.PP +Finally the signed content is read (and written to \fBout\fR is it is not \s-1NULL\s0) and +the signature's checked. +.PP +If all signature's verify correctly then the function is successful. +.PP +Any of the following flags (ored together) can be passed in the \fBflags\fR parameter +to change the default verify behaviour. Only the flag \fB\s-1PKCS7_NOINTERN\s0\fR is +meaningful to \fIPKCS7_get0_signers()\fR. +.PP +If \fB\s-1PKCS7_NOINTERN\s0\fR is set the certificates in the message itself are not +searched when locating the signer's certificate. This means that all the signers +certificates must be in the \fBcerts\fR parameter. +.PP +If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are deleted +from the content. If the content is not of type \fBtext/plain\fR then an error is +returned. +.PP +If \fB\s-1PKCS7_NOVERIFY\s0\fR is set the signer's certificates are not chain verified. +.PP +If \fB\s-1PKCS7_NOCHAIN\s0\fR is set then the certificates contained in the message are +not used as untrusted CAs. This means that the whole verify chain (apart from +the signer's certificate) must be contained in the trusted store. +.PP +If \fB\s-1PKCS7_NOSIGS\s0\fR is set then the signatures on the data are not checked. +.SH "NOTES" +.IX Header "NOTES" +One application of \fB\s-1PKCS7_NOINTERN\s0\fR is to only accept messages signed by +a small number of certificates. The acceptable certificates would be passed +in the \fBcerts\fR parameter. In this case if the signer is not one of the +certificates supplied in \fBcerts\fR then the verify will fail because the +signer cannot be found. +.PP +Care should be taken when modifying the default verify behaviour, for example +setting \f(CW\*(C`PKCS7_NOVERIFY|PKCS7_NOSIGS\*(C'\fR will totally disable all verification +and any signed message will be considered valid. This combination is however +useful if one merely wishes to write the content to \fBout\fR and its validity +is not considered important. +.PP +Chain verification should arguably be performed using the signing time rather +than the current time. However since the signing time is supplied by the +signer it cannot be trusted without additional evidence (such as a trusted +timestamp). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIPKCS7_verify()\fR returns one for a successful verification and zero +if an error occurs. +.PP +\&\fIPKCS7_get0_signers()\fR returns all signers or \fB\s-1NULL\s0\fR if an error occurred. +.PP +The error can be obtained from \fIERR_get_error\fR\|(3) +.SH "BUGS" +.IX Header "BUGS" +The trusted certificate store is not searched for the signers certificate, +this is primarily due to the inadequacies of the current \fBX509_STORE\fR +functionality. +.PP +The lack of single pass processing and need to hold all data in memory as +mentioned in \fIPKCS7_sign()\fR also applies to \fIPKCS7_verify()\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fIPKCS7_sign\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/PKCS8_pkey_add1_attr.3 b/linux_amd64/share/man/man3/PKCS8_pkey_add1_attr.3 new file mode 100755 index 0000000..423cfd9 --- /dev/null +++ b/linux_amd64/share/man/man3/PKCS8_pkey_add1_attr.3 @@ -0,0 +1,176 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS8_PKEY_ADD1_ATTR 3" +.TH PKCS8_PKEY_ADD1_ATTR 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS8_pkey_get0_attrs, PKCS8_pkey_add1_attr, PKCS8_pkey_add1_attr_by_NID, PKCS8_pkey_add1_attr_by_OBJ \- PKCS8 attribute functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const STACK_OF(X509_ATTRIBUTE) * +\& PKCS8_pkey_get0_attrs(const PKCS8_PRIV_KEY_INFO *p8); +\& int PKCS8_pkey_add1_attr(PKCS8_PRIV_KEY_INFO *p8, X509_ATTRIBUTE *attr); +\& int PKCS8_pkey_add1_attr_by_NID(PKCS8_PRIV_KEY_INFO *p8, int nid, int type, +\& const unsigned char *bytes, int len); +\& int PKCS8_pkey_add1_attr_by_OBJ(PKCS8_PRIV_KEY_INFO *p8, const ASN1_OBJECT *obj, +\& int type, const unsigned char *bytes, int len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIPKCS8_pkey_get0_attrs()\fR returns a const \s-1STACK\s0 of X509_ATTRIBUTE present in +the passed const \s-1PKCS8_PRIV_KEY_INFO\s0 structure \fBp8\fR. +.PP +\&\fIPKCS8_pkey_add1_attr()\fR adds a constructed X509_ATTRIBUTE \fBattr\fR to the +existing \s-1PKCS8_PRIV_KEY_INFO\s0 structure \fBp8\fR. +.PP +\&\fIPKCS8_pkey_add1_attr_by_NID()\fR and \fIPKCS8_pkey_add1_attr_by_OBJ()\fR construct a new +X509_ATTRIBUTE from the passed arguments and add it to the existing +\&\s-1PKCS8_PRIV_KEY_INFO\s0 structure \fBp8\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIPKCS8_pkey_add1_attr()\fR, \fIPKCS8_pkey_add1_attr_by_NID()\fR, and +\&\fIPKCS8_pkey_add1_attr_by_OBJ()\fR return 1 for success and 0 for failure. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1STACK\s0 of X509_ATTRIBUTE is present in many X509\-related structures and some of +them have the corresponding set of similar functions. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIcrypto\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/RAND_DRBG_generate.3 b/linux_amd64/share/man/man3/RAND_DRBG_generate.3 new file mode 100755 index 0000000..69805a5 --- /dev/null +++ b/linux_amd64/share/man/man3/RAND_DRBG_generate.3 @@ -0,0 +1,209 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND_DRBG_GENERATE 3" +.TH RAND_DRBG_GENERATE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND_DRBG_generate, +RAND_DRBG_bytes +\&\- generate random bytes using the given drbg instance +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RAND_DRBG_generate(RAND_DRBG *drbg, +\& unsigned char *out, size_t outlen, +\& int prediction_resistance, +\& const unsigned char *adin, size_t adinlen); +\& +\& int RAND_DRBG_bytes(RAND_DRBG *drbg, +\& unsigned char *out, size_t outlen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIRAND_DRBG_generate()\fR generates \fBoutlen\fR random bytes using the given +\&\s-1DRBG\s0 instance \fBdrbg\fR and stores them in the buffer at \fBout\fR. +.PP +Before generating the output, the \s-1DRBG\s0 instance checks whether the maximum +number of generate requests (\fIreseed interval\fR) or the maximum timespan +(\fIreseed time interval\fR) since its last seeding have been reached. +If this is the case, the \s-1DRBG\s0 reseeds automatically. +Additionally, an immediate reseeding can be requested by setting the +\&\fBprediction_resistance\fR flag to 1. +Requesting prediction resistance is a relative expensive operation. +See \s-1NOTES\s0 section for more details. +.PP +The caller can optionally provide additional data to be used for reseeding +by passing a pointer \fBadin\fR to a buffer of length \fBadinlen\fR. +This additional data is mixed into the internal state of the random +generator but does not contribute to the entropy count. +The additional data can be omitted by setting \fBadin\fR to \s-1NULL\s0 and +\&\fBadinlen\fR to 0; +.PP +\&\fIRAND_DRBG_bytes()\fR generates \fBoutlen\fR random bytes using the given +\&\s-1DRBG\s0 instance \fBdrbg\fR and stores them in the buffer at \fBout\fR. +This function is a wrapper around the \fIRAND_DRBG_generate()\fR call, +which collects some additional data from low entropy sources +(e.g., a high resolution timer) and calls +RAND_DRBG_generate(drbg, out, outlen, 0, adin, adinlen). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIRAND_DRBG_generate()\fR and \fIRAND_DRBG_bytes()\fR return 1 on success, +and 0 on failure. +.SH "NOTES" +.IX Header "NOTES" +The \fIreseed interval\fR and \fIreseed time interval\fR of the \fBdrbg\fR are set to +reasonable default values, which in general do not have to be adjusted. +If necessary, they can be changed using \fIRAND_DRBG_set_reseed_interval\fR\|(3) +and \fIRAND_DRBG_set_reseed_time_interval\fR\|(3), respectively. +.PP +A request for prediction resistance can only be satisfied by pulling fresh +entropy from a live entropy source (section 5.5.2 of [\s-1NIST\s0 \s-1SP\s0 800\-90C]). +It is up to the user to ensure that a live entropy source is configured +and is being used. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIRAND_bytes\fR\|(3), +\&\fIRAND_DRBG_set_reseed_interval\fR\|(3), +\&\fIRAND_DRBG_set_reseed_time_interval\fR\|(3), +\&\s-1\fIRAND_DRBG\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \s-1RAND_DRBG\s0 functions were added in OpenSSL 1.1.1. +.PP +Prediction resistance is supported from OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/RAND_DRBG_get0_master.3 b/linux_amd64/share/man/man3/RAND_DRBG_get0_master.3 new file mode 100755 index 0000000..2b0cf0c --- /dev/null +++ b/linux_amd64/share/man/man3/RAND_DRBG_get0_master.3 @@ -0,0 +1,217 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND_DRBG_GET0_MASTER 3" +.TH RAND_DRBG_GET0_MASTER 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_CTX_get0_master_drbg, +OPENSSL_CTX_get0_public_drbg, +OPENSSL_CTX_get0_private_drbg, +RAND_DRBG_get0_master, +RAND_DRBG_get0_public, +RAND_DRBG_get0_private +\&\- get access to the global RAND_DRBG instances +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& RAND_DRBG *OPENSSL_CTX_get0_master_drbg(OPENSSL_CTX *ctx); +\& RAND_DRBG *OPENSSL_CTX_get0_public_drbg(OPENSSL_CTX *ctx); +\& RAND_DRBG *OPENSSL_CTX_get0_private_drbg(OPENSSL_CTX *ctx); +\& RAND_DRBG *RAND_DRBG_get0_master(void); +\& RAND_DRBG *RAND_DRBG_get0_public(void); +\& RAND_DRBG *RAND_DRBG_get0_private(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The default \s-1RAND\s0 \s-1API\s0 implementation (\fIRAND_OpenSSL()\fR) utilizes three +shared \s-1DRBG\s0 instances which are accessed via the \s-1RAND\s0 \s-1API:\s0 +.PP +The \fIpublic\fR and \fIprivate\fR \s-1DRBG\s0 are thread-local instances, which are used +by \fIRAND_bytes()\fR and \fIRAND_priv_bytes()\fR, respectively. +The \fImaster\fR \s-1DRBG\s0 is a global instance, which is not intended to be used +directly, but is used internally to reseed the other two instances. +.PP +These functions here provide access to the shared \s-1DRBG\s0 instances. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOPENSSL_CTX_get0_master_drbg()\fR returns a pointer to the \fImaster\fR \s-1DRBG\s0 instance +for the given \s-1OPENSSL_CTX\s0 \fBctx\fR. +.PP +\&\fIOPENSSL_CTX_get0_public_drbg()\fR returns a pointer to the \fIpublic\fR \s-1DRBG\s0 instance +for the given \s-1OPENSSL_CTX\s0 \fBctx\fR. +.PP +\&\fIOPENSSL_CTX_get0_private_drbg()\fR returns a pointer to the \fIprivate\fR \s-1DRBG\s0 instance +for the given \s-1OPENSSL_CTX\s0 \fBctx\fR. +.PP +In all the above cases the \fBctx\fR parameter can +be \s-1NULL\s0 in which case the default \s-1OPENSSL_CTX\s0 is used. \fIRAND_DRBG_get0_master()\fR, +\&\fIRAND_DRBG_get0_public()\fR and \fIRAND_DRBG_get0_private()\fR are the same as +\&\fIOPENSSL_CTX_get0_master_drbg()\fR, \fIOPENSSL_CTX_get0_public_drbg()\fR and +\&\fIOPENSSL_CTX_get0_private_drbg()\fR respectively except that the default \s-1OPENSSL_CTX\s0 +is always used. +.SH "NOTES" +.IX Header "NOTES" +It is not thread-safe to access the \fImaster\fR \s-1DRBG\s0 instance. +The \fIpublic\fR and \fIprivate\fR \s-1DRBG\s0 instance can be accessed safely, because +they are thread-local. Note however, that changes to these two instances +apply only to the current thread. +.PP +For that reason it is recommended not to change the settings of these +three instances directly. +Instead, an application should change the default settings for new \s-1DRBG\s0 instances +at initialization time, before creating additional threads. +.PP +During initialization, it is possible to change the reseed interval +and reseed time interval. +It is also possible to exchange the reseeding callbacks entirely. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIRAND_DRBG_set_callbacks\fR\|(3), +\&\fIRAND_DRBG_set_reseed_defaults\fR\|(3), +\&\fIRAND_DRBG_set_reseed_interval\fR\|(3), +\&\fIRAND_DRBG_set_reseed_time_interval\fR\|(3), +\&\fIRAND_DRBG_set_callbacks\fR\|(3), +\&\fIRAND_DRBG_generate\fR\|(3), +\&\s-1\fIRAND_DRBG\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \fIOPENSSL_CTX_get0_master_drbg()\fR, \fIOPENSSL_CTX_get0_public_drbg()\fR and +\&\fIOPENSSL_CTX_get0_private_drbg()\fR functions were added in OpenSSL 3.0. +.PP +All other \s-1RAND_DRBG\s0 functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/RAND_DRBG_new.3 b/linux_amd64/share/man/man3/RAND_DRBG_new.3 new file mode 100755 index 0000000..4d0d3a6 --- /dev/null +++ b/linux_amd64/share/man/man3/RAND_DRBG_new.3 @@ -0,0 +1,285 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND_DRBG_NEW 3" +.TH RAND_DRBG_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND_DRBG_new_ex, +RAND_DRBG_new, +RAND_DRBG_secure_new_ex, +RAND_DRBG_secure_new, +RAND_DRBG_set, +RAND_DRBG_set_defaults, +RAND_DRBG_instantiate, +RAND_DRBG_uninstantiate, +RAND_DRBG_free +\&\- initialize and cleanup a RAND_DRBG instance +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& RAND_DRBG *RAND_DRBG_new_ex(OPENSSL_CTX *ctx, +\& int type, +\& unsigned int flags, +\& RAND_DRBG *parent); +\& +\& RAND_DRBG *RAND_DRBG_new(int type, +\& unsigned int flags, +\& RAND_DRBG *parent); +\& +\& RAND_DRBG *RAND_DRBG_secure_new_ex(OPENSSL_CTX *ctx, +\& int type, +\& unsigned int flags, +\& RAND_DRBG *parent); +\& +\& RAND_DRBG *RAND_DRBG_secure_new(int type, +\& unsigned int flags, +\& RAND_DRBG *parent); +\& +\& int RAND_DRBG_set(RAND_DRBG *drbg, +\& int type, unsigned int flags); +\& +\& int RAND_DRBG_set_defaults(int type, unsigned int flags); +\& +\& int RAND_DRBG_instantiate(RAND_DRBG *drbg, +\& const unsigned char *pers, size_t perslen); +\& +\& int RAND_DRBG_uninstantiate(RAND_DRBG *drbg); +\& +\& void RAND_DRBG_free(RAND_DRBG *drbg); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIRAND_DRBG_new_ex()\fR and \fIRAND_DRBG_secure_new_ex()\fR +create a new \s-1DRBG\s0 instance of the given \fBtype\fR, allocated from the heap resp. +the secure heap, for the given \s-1OPENSSL_CTX\s0 +(using \fIOPENSSL_zalloc()\fR resp. \fIOPENSSL_secure_zalloc()\fR). The parameter can +be \s-1NULL\s0 in which case the default \s-1OPENSSL_CTX\s0 is used. \fIRAND_DRBG_new()\fR and +\&\fIRAND_DRBG_secure_new()\fR are the same as \fIRAND_DRBG_new_ex()\fR and +\&\fIRAND_DRBG_secure_new_ex()\fR except that the default \s-1OPENSSL_CTX\s0 is always used. +.PP +\&\fIRAND_DRBG_set()\fR initializes the \fBdrbg\fR with the given \fBtype\fR and \fBflags\fR. +.PP +\&\fIRAND_DRBG_set_defaults()\fR sets the default \fBtype\fR and \fBflags\fR for new \s-1DRBG\s0 +instances. +.PP +The \s-1DRBG\s0 types are AES-CTR, \s-1HMAC\s0 and \s-1HASH\s0 so \fBtype\fR can be one of the +following values: +.PP +NID_aes_128_ctr, NID_aes_192_ctr, NID_aes_256_ctr, NID_sha1, NID_sha224, +NID_sha256, NID_sha384, NID_sha512, NID_sha512_224, NID_sha512_256, +NID_sha3_224, NID_sha3_256, NID_sha3_384 or NID_sha3_512. +.PP +If this method is not called then the default type is given by NID_aes_256_ctr +and the default flags are zero. +.PP +Before the \s-1DRBG\s0 can be used to generate random bits, it is necessary to set +its type and to instantiate it. +.PP +The optional \fBflags\fR argument specifies a set of bit flags which can be +joined using the | operator. The supported flags are: +.IP "\s-1RAND_DRBG_FLAG_CTR_NO_DF\s0" 4 +.IX Item "RAND_DRBG_FLAG_CTR_NO_DF" +Disables the use of the derivation function ctr_df. For an explanation, +see [\s-1NIST\s0 \s-1SP\s0 800\-90A Rev. 1]. +.IP "\s-1RAND_DRBG_FLAG_HMAC\s0" 4 +.IX Item "RAND_DRBG_FLAG_HMAC" +Enables use of \s-1HMAC\s0 instead of the \s-1HASH\s0 \s-1DRBG\s0. +.IP "\s-1RAND_DRBG_FLAG_MASTER\s0" 4 +.IX Item "RAND_DRBG_FLAG_MASTER" +.PD 0 +.IP "\s-1RAND_DRBG_FLAG_PUBLIC\s0" 4 +.IX Item "RAND_DRBG_FLAG_PUBLIC" +.IP "\s-1RAND_DRBG_FLAG_PRIVATE\s0" 4 +.IX Item "RAND_DRBG_FLAG_PRIVATE" +.PD +These 3 flags can be used to set the individual \s-1DRBG\s0 types created. Multiple +calls are required to set the types to different values. If none of these 3 +flags are used, then the same type and flags are used for all 3 DRBGs in the +\&\fBdrbg\fR chain (, and ). +.PP +If a \fBparent\fR instance is specified then this will be used instead of +the default entropy source for reseeding the \fBdrbg\fR. It is said that the +\&\fBdrbg\fR is \fIchained\fR to its \fBparent\fR. +For more information, see the \s-1NOTES\s0 section. +.PP +\&\fIRAND_DRBG_instantiate()\fR +seeds the \fBdrbg\fR instance using random input from trusted entropy sources. +Optionally, a personalization string \fBpers\fR of length \fBperslen\fR can be +specified. +To omit the personalization string, set \fBpers\fR=NULL and \fBperslen\fR=0; +.PP +\&\fIRAND_DRBG_uninstantiate()\fR +clears the internal state of the \fBdrbg\fR and puts it back in the +uninstantiated state. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIRAND_DRBG_new_ex()\fR, \fIRAND_DRBG_new()\fR, \fIRAND_DRBG_secure_new_ex()\fR and +\&\fIRAND_DRBG_secure_new()\fR return a pointer to a \s-1DRBG\s0 instance allocated on the +heap, resp. secure heap. +.PP +\&\fIRAND_DRBG_set()\fR, +\&\fIRAND_DRBG_instantiate()\fR, and +\&\fIRAND_DRBG_uninstantiate()\fR +return 1 on success, and 0 on failure. +.PP +\&\fIRAND_DRBG_free()\fR does not return a value. +.SH "NOTES" +.IX Header "NOTES" +The \s-1DRBG\s0 design supports \fIchaining\fR, which means that a \s-1DRBG\s0 instance can +use another \fBparent\fR \s-1DRBG\s0 instance instead of the default entropy source +to obtain fresh random input for reseeding, provided that \fBparent\fR \s-1DRBG\s0 +instance was properly instantiated, either from a trusted entropy source, +or from yet another parent \s-1DRBG\s0 instance. +For a detailed description of the reseeding process, see \s-1\fIRAND_DRBG\s0\fR\|(7). +.PP +The default \s-1DRBG\s0 type and flags are applied only during creation of a \s-1DRBG\s0 +instance. +To ensure that they are applied to the global and thread-local \s-1DRBG\s0 instances +(, resp. and ), it is necessary to call +\&\fIRAND_DRBG_set_defaults()\fR before creating any thread and before calling any +cryptographic routines that obtain random data directly or indirectly. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIOPENSSL_zalloc\fR\|(3), +\&\fIOPENSSL_secure_zalloc\fR\|(3), +\&\fIRAND_DRBG_generate\fR\|(3), +\&\s-1\fIRAND_DRBG\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \s-1RAND_DRBG\s0 functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/RAND_DRBG_reseed.3 b/linux_amd64/share/man/man3/RAND_DRBG_reseed.3 new file mode 100755 index 0000000..efcdc92 --- /dev/null +++ b/linux_amd64/share/man/man3/RAND_DRBG_reseed.3 @@ -0,0 +1,236 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND_DRBG_RESEED 3" +.TH RAND_DRBG_RESEED 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND_DRBG_reseed, +RAND_DRBG_set_reseed_interval, +RAND_DRBG_set_reseed_time_interval, +RAND_DRBG_set_reseed_defaults +\&\- reseed a RAND_DRBG instance +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RAND_DRBG_reseed(RAND_DRBG *drbg, +\& const unsigned char *adin, size_t adinlen, +\& int prediction_resistance); +\& +\& int RAND_DRBG_set_reseed_interval(RAND_DRBG *drbg, +\& unsigned int interval); +\& +\& int RAND_DRBG_set_reseed_time_interval(RAND_DRBG *drbg, +\& time_t interval); +\& +\& int RAND_DRBG_set_reseed_defaults( +\& unsigned int master_reseed_interval, +\& unsigned int slave_reseed_interval, +\& time_t master_reseed_time_interval, +\& time_t slave_reseed_time_interval +\& ); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIRAND_DRBG_reseed()\fR +reseeds the given \fBdrbg\fR, obtaining entropy input from its entropy source +and mixing in the specified additional data provided in the buffer \fBadin\fR +of length \fBadinlen\fR. +The additional data can be omitted by setting \fBadin\fR to \s-1NULL\s0 and \fBadinlen\fR +to 0. +An immediate reseeding can be requested by setting the +\&\fBprediction_resistance\fR flag to 1. +Requesting prediction resistance is a relative expensive operation. +See \s-1NOTES\s0 section for more details. +.PP +\&\fIRAND_DRBG_set_reseed_interval()\fR +sets the reseed interval of the \fBdrbg\fR, which is the maximum allowed number +of generate requests between consecutive reseedings. +If \fBinterval\fR > 0, then the \fBdrbg\fR will reseed automatically whenever the +number of generate requests since its last seeding exceeds the given reseed +interval. +If \fBinterval\fR == 0, then this feature is disabled. +.PP +\&\fIRAND_DRBG_set_reseed_time_interval()\fR +sets the reseed time interval of the \fBdrbg\fR, which is the maximum allowed +number of seconds between consecutive reseedings. +If \fBinterval\fR > 0, then the \fBdrbg\fR will reseed automatically whenever the +elapsed time since its last reseeding exceeds the given reseed time interval. +If \fBinterval\fR == 0, then this feature is disabled. +.PP +\&\fIRAND_DRBG_set_reseed_defaults()\fR sets the default values for the reseed interval +(\fBmaster_reseed_interval\fR and \fBslave_reseed_interval\fR) +and the reseed time interval +(\fBmaster_reseed_time_interval\fR and \fBslave_reseed_tme_interval\fR) +of \s-1DRBG\s0 instances. +The default values are set independently for master \s-1DRBG\s0 instances (which don't +have a parent) and slave \s-1DRBG\s0 instances (which are chained to a parent \s-1DRBG\s0). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIRAND_DRBG_reseed()\fR, +\&\fIRAND_DRBG_set_reseed_interval()\fR, and +\&\fIRAND_DRBG_set_reseed_time_interval()\fR, +return 1 on success, 0 on failure. +.SH "NOTES" +.IX Header "NOTES" +The default OpenSSL random generator is already set up for automatic reseeding, +so in general it is not necessary to reseed it explicitly, or to modify +its reseeding thresholds. +.PP +Normally, the entropy input for seeding a \s-1DRBG\s0 is either obtained from a +trusted os entropy source or from a parent \s-1DRBG\s0 instance, which was seeded +(directly or indirectly) from a trusted os entropy source. +In exceptional cases it is possible to replace the reseeding mechanism entirely +by providing application defined callbacks using \fIRAND_DRBG_set_callbacks()\fR. +.PP +The reseeding default values are applied only during creation of a \s-1DRBG\s0 instance. +To ensure that they are applied to the global and thread-local \s-1DRBG\s0 instances +(, resp. and ), it is necessary to call +\&\fIRAND_DRBG_set_reseed_defaults()\fR before creating any thread and before calling any + cryptographic routines that obtain random data directly or indirectly. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIRAND_DRBG_generate\fR\|(3), +\&\fIRAND_DRBG_bytes\fR\|(3), +\&\fIRAND_DRBG_set_callbacks\fR\|(3). +\&\s-1\fIRAND_DRBG\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \s-1RAND_DRBG\s0 functions were added in OpenSSL 1.1.1. +.PP +Prediction resistance is supported from OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/RAND_DRBG_set_callbacks.3 b/linux_amd64/share/man/man3/RAND_DRBG_set_callbacks.3 new file mode 100755 index 0000000..f74ddc3 --- /dev/null +++ b/linux_amd64/share/man/man3/RAND_DRBG_set_callbacks.3 @@ -0,0 +1,289 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND_DRBG_SET_CALLBACKS 3" +.TH RAND_DRBG_SET_CALLBACKS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND_DRBG_set_callbacks, +RAND_DRBG_set_callback_data, +RAND_DRBG_get_callback_data, +RAND_DRBG_get_entropy_fn, +RAND_DRBG_cleanup_entropy_fn, +RAND_DRBG_get_nonce_fn, +RAND_DRBG_cleanup_nonce_fn +\&\- set callbacks for reseeding +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& +\& int RAND_DRBG_set_callbacks(RAND_DRBG *drbg, +\& RAND_DRBG_get_entropy_fn get_entropy, +\& RAND_DRBG_cleanup_entropy_fn cleanup_entropy, +\& RAND_DRBG_get_nonce_fn get_nonce, +\& RAND_DRBG_cleanup_nonce_fn cleanup_nonce); +\& +\& int RAND_DRBG_set_callback_data(RAND_DRBG *drbg, void *ctx); +\& +\& void *RAND_DRBG_get_callback_data(RAND_DRBG *drbg); +.Ve +.SS "Callback Functions" +.IX Subsection "Callback Functions" +.Vb 6 +\& typedef size_t (*RAND_DRBG_get_entropy_fn)( +\& RAND_DRBG *drbg, +\& unsigned char **pout, +\& int entropy, +\& size_t min_len, size_t max_len, +\& int prediction_resistance); +\& +\& typedef void (*RAND_DRBG_cleanup_entropy_fn)( +\& RAND_DRBG *drbg, +\& unsigned char *out, size_t outlen); +\& +\& typedef size_t (*RAND_DRBG_get_nonce_fn)( +\& RAND_DRBG *drbg, +\& unsigned char **pout, +\& int entropy, +\& size_t min_len, size_t max_len); +\& +\& typedef void (*RAND_DRBG_cleanup_nonce_fn)( +\& RAND_DRBG *drbg, +\& unsigned char *out, size_t outlen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIRAND_DRBG_set_callbacks()\fR sets the callbacks for obtaining fresh entropy and +the nonce when reseeding the given \fBdrbg\fR. +The callback functions are implemented and provided by the caller. +Their parameter lists need to match the function prototypes above. +.PP +\&\fIRAND_DRBG_set_callback_data()\fR can be used to store a pointer to some context +specific data, which can subsequently be retrieved by the entropy and nonce +callbacks using \fIRAND_DRBG_get_callback_data()\fR. +The ownership of the context data remains with the caller, i.e., it is the +caller's responsibility to keep it available as long as it is needed by the +callbacks and free it after use. +For more information about the the callback data see the \s-1NOTES\s0 section. +.PP +Setting the callbacks or the callback data is allowed only if the \s-1DRBG\s0 has +not been initialized yet. +Otherwise, the operation will fail. +To change the settings for one of the three shared DRBGs it is necessary to call +\&\fIRAND_DRBG_uninstantiate()\fR first. +.PP +The \fBget_entropy\fR() callback is called by the \fBdrbg\fR when it requests fresh +random input. +It is expected that the callback allocates and fills a random buffer of size +\&\fBmin_len\fR <= size <= \fBmax_len\fR (in bytes) which contains at least \fBentropy\fR +bits of randomness. +The \fBprediction_resistance\fR flag indicates whether the reseeding was +triggered by a prediction resistance request. +.PP +The buffer's address is to be returned in *\fBpout\fR and the number of collected +randomness bytes as return value. +.PP +If the callback fails to acquire at least \fBentropy\fR bits of randomness, +it must indicate an error by returning a buffer length of 0. +.PP +If \fBprediction_resistance\fR was requested and the random source of the \s-1DRBG\s0 +does not satisfy the conditions requested by [\s-1NIST\s0 \s-1SP\s0 800\-90C], then +it must also indicate an error by returning a buffer length of 0. +See \s-1NOTES\s0 section for more details. +.PP +The \fBcleanup_entropy\fR() callback is called from the \fBdrbg\fR to to clear and +free the buffer allocated previously by \fIget_entropy()\fR. +The values \fBout\fR and \fBoutlen\fR are the random buffer's address and length, +as returned by the \fIget_entropy()\fR callback. +.PP +The \fBget_nonce\fR() and \fBcleanup_nonce\fR() callbacks are used to obtain a nonce +and free it again. A nonce is only required for instantiation (not for reseeding) +and only in the case where the \s-1DRBG\s0 uses a derivation function. +The callbacks are analogous to \fIget_entropy()\fR and \fIcleanup_entropy()\fR, +except for the missing prediction_resistance flag. +.PP +If the derivation function is disabled, then no nonce is used for instantiation, +and the \fBget_nonce\fR() and \fBcleanup_nonce\fR() callbacks can be omitted by +setting them to \s-1NULL\s0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIRAND_DRBG_set_callbacks()\fR returns 1 on success, and 0 on failure. +.PP +\&\fIRAND_DRBG_set_callback_data()\fR returns 1 on success, and 0 on failure. +.PP +\&\fIRAND_DRBG_get_callback_data()\fR returns the pointer to the callback data, +which is \s-1NULL\s0 if none has been set previously. +.SH "NOTES" +.IX Header "NOTES" +It is important that \fBcleanup_entropy\fR() and \fBcleanup_nonce\fR() clear the buffer +contents safely before freeing it, in order not to leave sensitive information +about the \s-1DRBG\s0's state in memory. +.PP +A request for prediction resistance can only be satisfied by pulling fresh +entropy from a live entropy source (section 5.5.2 of [\s-1NIST\s0 \s-1SP\s0 800\-90C]). +It is up to the user to ensure that a live entropy source is configured +and is being used. +.PP +The derivation function is disabled during initialization by calling the +\&\fIRAND_DRBG_set()\fR function with the \s-1RAND_DRBG_FLAG_CTR_NO_DF\s0 flag. +For more information on the derivation function and when it can be omitted, +see [\s-1NIST\s0 \s-1SP\s0 800\-90A Rev. 1]. Roughly speaking it can be omitted if the random +source has \*(L"full entropy\*(R", i.e., contains 8 bits of entropy per byte. +.PP +Even if a nonce is required, the \fBget_nonce\fR() and \fBcleanup_nonce\fR() +callbacks can be omitted by setting them to \s-1NULL\s0. +In this case the \s-1DRBG\s0 will automatically request an extra amount of entropy +(using the \fBget_entropy\fR() and \fBcleanup_entropy\fR() callbacks) which it will +utilize for the nonce, following the recommendations of [\s-1NIST\s0 \s-1SP\s0 800\-90A Rev. 1], +section 8.6.7. +.PP +The callback data is a rather specialized feature, because in general the +random sources don't (and in fact, they must not) depend on any state provided +by the \s-1DRBG\s0. +There are however exceptional cases where this feature is useful, most notably +for implementing known answer tests (KATs) or deterministic signatures like +those specified in \s-1RFC6979\s0, which require passing a specified entropy and nonce +for instantiating the \s-1DRBG\s0. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIRAND_DRBG_new\fR\|(3), +\&\fIRAND_DRBG_reseed\fR\|(3), +\&\s-1\fIRAND_DRBG\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \s-1RAND_DRBG\s0 functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/RAND_add.3 b/linux_amd64/share/man/man3/RAND_add.3 new file mode 100755 index 0000000..5b2c11e --- /dev/null +++ b/linux_amd64/share/man/man3/RAND_add.3 @@ -0,0 +1,234 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND_ADD 3" +.TH RAND_ADD 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND_add, RAND_poll, RAND_seed, RAND_status, RAND_event, RAND_screen, +RAND_keep_random_devices_open +\&\- add randomness to the PRNG or get its status +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RAND_status(void); +\& int RAND_poll(); +\& +\& void RAND_add(const void *buf, int num, double randomness); +\& void RAND_seed(const void *buf, int num); +\& +\& void RAND_keep_random_devices_open(int keep); +.Ve +.PP +Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 2 +\& int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam); +\& void RAND_screen(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions can be used to seed the random generator and to check its +seeded state. +In general, manual (re\-)seeding of the default OpenSSL random generator +(\fIRAND_OpenSSL\fR\|(3)) is not necessary (but allowed), since it does (re\-)seed +itself automatically using trusted system entropy sources. +This holds unless the default \s-1RAND_METHOD\s0 has been replaced or OpenSSL was +built with automatic reseeding disabled, see \s-1\fIRAND\s0\fR\|(7) for more details. +.PP +\&\fIRAND_status()\fR indicates whether or not the random generator has been sufficiently +seeded. If not, functions such as \fIRAND_bytes\fR\|(3) will fail. +.PP +\&\fIRAND_poll()\fR uses the system's capabilities to seed the random generator using +random input obtained from polling various trusted entropy sources. +The default choice of the entropy source can be modified at build time, +see \s-1\fIRAND\s0\fR\|(7) for more details. +.PP +\&\fIRAND_add()\fR mixes the \fBnum\fR bytes at \fBbuf\fR into the internal state +of the random generator. +This function will not normally be needed, as mentioned above. +The \fBrandomness\fR argument is an estimate of how much randomness is +contained in +\&\fBbuf\fR, in bytes, and should be a number between zero and \fBnum\fR. +Details about sources of randomness and how to estimate their randomness +can be found in the literature; for example [\s-1NIST\s0 \s-1SP\s0 800\-90B]. +The content of \fBbuf\fR cannot be recovered from subsequent random generator output. +Applications that intend to save and restore random state in an external file +should consider using \fIRAND_load_file\fR\|(3) instead. +.PP +\&\s-1NOTE:\s0 In \s-1FIPS\s0 mode, random data provided by the application is not considered to +be a trusted entropy source. It is mixed into the internal state of the \s-1RNG\s0 as +additional data only and this does not count as a full reseed. +For more details, see \s-1\fIRAND_DRBG\s0\fR\|(7). +.PP +\&\fIRAND_seed()\fR is equivalent to \fIRAND_add()\fR with \fBrandomness\fR set to \fBnum\fR. +.PP +\&\fIRAND_keep_random_devices_open()\fR is used to control file descriptor +usage by the random seed sources. Some seed sources maintain open file +descriptors by default, which allows such sources to operate in a +\&\fIchroot\fR\|(2) jail without the associated device nodes being available. When +the \fBkeep\fR argument is zero, this call disables the retention of file +descriptors. Conversely, a nonzero argument enables the retention of +file descriptors. This function is usually called during initialization +and it takes effect immediately. +.PP +\&\fIRAND_event()\fR and \fIRAND_screen()\fR are equivalent to \fIRAND_poll()\fR and exist +for compatibility reasons only. See \s-1HISTORY\s0 section below. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIRAND_status()\fR returns 1 if the random generator has been seeded +with enough data, 0 otherwise. +.PP +\&\fIRAND_poll()\fR returns 1 if it generated seed data, 0 otherwise. +.PP +\&\fIRAND_event()\fR returns \fIRAND_status()\fR. +.PP +The other functions do not return values. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIRAND_bytes\fR\|(3), +\&\fIRAND_egd\fR\|(3), +\&\fIRAND_load_file\fR\|(3), +\&\s-1\fIRAND\s0\fR\|(7) +\&\s-1\fIRAND_DRBG\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIRAND_event()\fR and \fIRAND_screen()\fR were deprecated in OpenSSL 1.1.0 and should +not be used. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/RAND_bytes.3 b/linux_amd64/share/man/man3/RAND_bytes.3 new file mode 100755 index 0000000..669065b --- /dev/null +++ b/linux_amd64/share/man/man3/RAND_bytes.3 @@ -0,0 +1,209 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND_BYTES 3" +.TH RAND_BYTES 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND_bytes, RAND_priv_bytes, RAND_bytes_ex, RAND_priv_bytes_ex, +RAND_pseudo_bytes \- generate random data +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RAND_bytes(unsigned char *buf, int num); +\& int RAND_priv_bytes(unsigned char *buf, int num); +\& +\& int RAND_bytes_ex(OPENSSL_CTX *ctx, unsigned char *buf, int num); +\& int RAND_priv_bytes_ex(OPENSSL_CTX *ctx, unsigned char *buf, int num); +.Ve +.PP +Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& int RAND_pseudo_bytes(unsigned char *buf, int num); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIRAND_bytes()\fR puts \fBnum\fR cryptographically strong pseudo-random bytes +into \fBbuf\fR. +.PP +\&\fIRAND_priv_bytes()\fR has the same semantics as \fIRAND_bytes()\fR. It is intended to +be used for generating values that should remain private. If using the +default \s-1RAND_METHOD\s0, this function uses a separate \*(L"private\*(R" \s-1PRNG\s0 +instance so that a compromise of the \*(L"public\*(R" \s-1PRNG\s0 instance will not +affect the secrecy of these private values, as described in \s-1\fIRAND\s0\fR\|(7) +and \s-1\fIRAND_DRBG\s0\fR\|(7). +.PP +\&\fIRAND_bytes_ex()\fR and \fIRAND_priv_bytes_ex()\fR are the same as \fIRAND_bytes()\fR and +\&\fIRAND_priv_bytes()\fR except that they both take an additional \fIctx\fR parameter. +The \s-1DRBG\s0 used for the operation is the public or private \s-1DRBG\s0 associated with +the specified \fIctx\fR. The parameter can be \s-1NULL\s0, in which case +the default library context is used (see \s-1\fIOPENSSL_CTX\s0\fR\|(3). +If the default \s-1RAND_METHOD\s0 has been changed then for compatibility reasons the +\&\s-1RAND_METHOD\s0 will be used in preference and the \s-1DRBG\s0 of the library context +ignored. +.SH "NOTES" +.IX Header "NOTES" +Always check the error return value of \fIRAND_bytes()\fR and +\&\fIRAND_priv_bytes()\fR and do not take randomness for granted: an error occurs +if the \s-1CSPRNG\s0 has not been seeded with enough randomness to ensure an +unpredictable byte sequence. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIRAND_bytes()\fR and \fIRAND_priv_bytes()\fR +return 1 on success, \-1 if not supported by the current +\&\s-1RAND\s0 method, or 0 on other failure. The error code can be +obtained by \fIERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIRAND_add\fR\|(3), +\&\fIRAND_bytes\fR\|(3), +\&\fIRAND_priv_bytes\fR\|(3), +\&\fIERR_get_error\fR\|(3), +\&\s-1\fIRAND\s0\fR\|(7), +\&\s-1\fIRAND_DRBG\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +.IP "\(bu" 2 +\&\fIRAND_pseudo_bytes()\fR was deprecated in OpenSSL 1.1.0; use \fIRAND_bytes()\fR instead. +.IP "\(bu" 2 +The \fIRAND_priv_bytes()\fR function was added in OpenSSL 1.1.1. +.IP "\(bu" 2 +The \fIRAND_bytes_ex()\fR and \fIRAND_priv_bytes_ex()\fR functions were added in OpenSSL 3.0 +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/RAND_cleanup.3 b/linux_amd64/share/man/man3/RAND_cleanup.3 new file mode 100755 index 0000000..f60fb2d --- /dev/null +++ b/linux_amd64/share/man/man3/RAND_cleanup.3 @@ -0,0 +1,170 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND_CLEANUP 3" +.TH RAND_CLEANUP 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND_cleanup \- erase the PRNG state +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.PP +Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& void RAND_cleanup(void) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Prior to OpenSSL 1.1.0, \fIRAND_cleanup()\fR released all resources used by +the \s-1PRNG\s0. As of version 1.1.0, it does nothing and should not be called, +since no explicit initialisation or de-initialisation is necessary. See +\&\fIOPENSSL_init_crypto\fR\|(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIRAND_cleanup()\fR returns no value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fIRAND\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIRAND_cleanup()\fR was deprecated in OpenSSL 1.1.0; do not use it. +See \fIOPENSSL_init_crypto\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/RAND_egd.3 b/linux_amd64/share/man/man3/RAND_egd.3 new file mode 100755 index 0000000..92549ec --- /dev/null +++ b/linux_amd64/share/man/man3/RAND_egd.3 @@ -0,0 +1,184 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND_EGD 3" +.TH RAND_EGD 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND_egd, RAND_egd_bytes, RAND_query_egd_bytes \- query entropy gathering daemon +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RAND_egd_bytes(const char *path, int num); +\& int RAND_egd(const char *path); +\& +\& int RAND_query_egd_bytes(const char *path, unsigned char *buf, int num); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +On older platforms without a good source of randomness such as \f(CW\*(C`/dev/urandom\*(C'\fR, +it is possible to query an Entropy Gathering Daemon (\s-1EGD\s0) over a local +socket to obtain randomness and seed the OpenSSL \s-1RNG\s0. +The protocol used is defined by the EGDs available at + or . +.PP +\&\fIRAND_egd_bytes()\fR requests \fBnum\fR bytes of randomness from an \s-1EGD\s0 at the +specified socket \fBpath\fR, and passes the data it receives into \fIRAND_add()\fR. +\&\fIRAND_egd()\fR is equivalent to \fIRAND_egd_bytes()\fR with \fBnum\fR set to 255. +.PP +\&\fIRAND_query_egd_bytes()\fR requests \fBnum\fR bytes of randomness from an \s-1EGD\s0 at +the specified socket \fBpath\fR, where \fBnum\fR must be less than 256. +If \fBbuf\fR is \fB\s-1NULL\s0\fR, it is equivalent to \fIRAND_egd_bytes()\fR. +If \fBbuf\fR is not \fB\s-1NULL\s0\fR, then the data is copied to the buffer and +\&\fIRAND_add()\fR is not called. +.PP +OpenSSL can be configured at build time to try to use the \s-1EGD\s0 for seeding +automatically. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIRAND_egd()\fR and \fIRAND_egd_bytes()\fR return the number of bytes read from the +daemon on success, or \-1 if the connection failed or the daemon did not +return enough data to fully seed the \s-1PRNG\s0. +.PP +\&\fIRAND_query_egd_bytes()\fR returns the number of bytes read from the daemon on +success, or \-1 if the connection failed. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIRAND_add\fR\|(3), +\&\fIRAND_bytes\fR\|(3), +\&\s-1\fIRAND\s0\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/RAND_load_file.3 b/linux_amd64/share/man/man3/RAND_load_file.3 new file mode 100755 index 0000000..db94142 --- /dev/null +++ b/linux_amd64/share/man/man3/RAND_load_file.3 @@ -0,0 +1,209 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND_LOAD_FILE 3" +.TH RAND_LOAD_FILE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND_load_file, RAND_write_file, RAND_file_name \- PRNG seed file +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RAND_load_file(const char *filename, long max_bytes); +\& +\& int RAND_write_file(const char *filename); +\& +\& const char *RAND_file_name(char *buf, size_t num); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIRAND_load_file()\fR reads a number of bytes from file \fBfilename\fR and +adds them to the \s-1PRNG\s0. If \fBmax_bytes\fR is non-negative, +up to \fBmax_bytes\fR are read; +if \fBmax_bytes\fR is \-1, the complete file is read. +Do not load the same file multiple times unless its contents have +been updated by \fIRAND_write_file()\fR between reads. +Also, note that \fBfilename\fR should be adequately protected so that an +attacker cannot replace or examine the contents. +If \fBfilename\fR is not a regular file, then user is considered to be +responsible for any side effects, e.g. non-anticipated blocking or +capture of controlling terminal. +.PP +\&\fIRAND_write_file()\fR writes a number of random bytes (currently 128) to +file \fBfilename\fR which can be used to initialize the \s-1PRNG\s0 by calling +\&\fIRAND_load_file()\fR in a later session. +.PP +\&\fIRAND_file_name()\fR generates a default path for the random seed +file. \fBbuf\fR points to a buffer of size \fBnum\fR in which to store the +filename. +.PP +On all systems, if the environment variable \fB\s-1RANDFILE\s0\fR is set, its +value will be used as the seed filename. +Otherwise, the file is called \f(CW\*(C`.rnd\*(C'\fR, found in platform dependent locations: +.IP "On Windows (in order of preference)" 4 +.IX Item "On Windows (in order of preference)" +.Vb 1 +\& %HOME%, %USERPROFILE%, %SYSTEMROOT%, C:\e +.Ve +.IP "On \s-1VMS\s0" 4 +.IX Item "On VMS" +.Vb 1 +\& SYS$LOGIN: +.Ve +.IP "On all other systems" 4 +.IX Item "On all other systems" +.Vb 1 +\& $HOME +.Ve +.PP +If \f(CW$HOME\fR (on non-Windows and non-VMS system) is not set either, or +\&\fBnum\fR is too small for the pathname, an error occurs. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIRAND_load_file()\fR returns the number of bytes read or \-1 on error. +.PP +\&\fIRAND_write_file()\fR returns the number of bytes written, or \-1 if the +bytes written were generated without appropriate seeding. +.PP +\&\fIRAND_file_name()\fR returns a pointer to \fBbuf\fR on success, and \s-1NULL\s0 on +error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIRAND_add\fR\|(3), +\&\fIRAND_bytes\fR\|(3), +\&\s-1\fIRAND\s0\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/RAND_set_rand_method.3 b/linux_amd64/share/man/man3/RAND_set_rand_method.3 new file mode 100755 index 0000000..368cca9 --- /dev/null +++ b/linux_amd64/share/man/man3/RAND_set_rand_method.3 @@ -0,0 +1,194 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND_SET_RAND_METHOD 3" +.TH RAND_SET_RAND_METHOD 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND_set_rand_method, RAND_get_rand_method, RAND_OpenSSL \- select RAND method +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& RAND_METHOD *RAND_OpenSSL(void); +\& +\& int RAND_set_rand_method(const RAND_METHOD *meth); +\& +\& const RAND_METHOD *RAND_get_rand_method(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A \fB\s-1RAND_METHOD\s0\fR specifies the functions that OpenSSL uses for random number +generation. +.PP +\&\fIRAND_OpenSSL()\fR returns the default \fB\s-1RAND_METHOD\s0\fR implementation by OpenSSL. +This implementation ensures that the \s-1PRNG\s0 state is unique for each thread. +.PP +If an \fB\s-1ENGINE\s0\fR is loaded that provides the \s-1RAND\s0 \s-1API\s0, however, it will +be used instead of the method returned by \fIRAND_OpenSSL()\fR. +.PP +\&\fIRAND_set_rand_method()\fR makes \fBmeth\fR the method for \s-1PRNG\s0 use. If an +\&\s-1ENGINE\s0 was providing the method, it will be released first. +.PP +\&\fIRAND_get_rand_method()\fR returns a pointer to the current \fB\s-1RAND_METHOD\s0\fR. +.SH "THE RAND_METHOD STRUCTURE" +.IX Header "THE RAND_METHOD STRUCTURE" +.Vb 8 +\& typedef struct rand_meth_st { +\& void (*seed)(const void *buf, int num); +\& int (*bytes)(unsigned char *buf, int num); +\& void (*cleanup)(void); +\& void (*add)(const void *buf, int num, int randomness); +\& int (*pseudorand)(unsigned char *buf, int num); +\& int (*status)(void); +\& } RAND_METHOD; +.Ve +.PP +The fields point to functions that are used by, in order, +\&\fIRAND_seed()\fR, \fIRAND_bytes()\fR, internal \s-1RAND\s0 cleanup, \fIRAND_add()\fR, \fIRAND_pseudo_rand()\fR +and \fIRAND_status()\fR. +Each pointer may be \s-1NULL\s0 if the function is not implemented. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIRAND_set_rand_method()\fR returns 1 on success and 0 on failure. +\&\fIRAND_get_rand_method()\fR and \fIRAND_OpenSSL()\fR return pointers to the respective +methods. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIRAND_bytes\fR\|(3), +\&\fIENGINE_by_id\fR\|(3), +\&\s-1\fIRAND\s0\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/RC4_set_key.3 b/linux_amd64/share/man/man3/RC4_set_key.3 new file mode 100755 index 0000000..f34266a --- /dev/null +++ b/linux_amd64/share/man/man3/RC4_set_key.3 @@ -0,0 +1,201 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RC4_SET_KEY 3" +.TH RC4_SET_KEY 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RC4_set_key, RC4 \- RC4 encryption +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); +\& +\& void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata, +\& unsigned char *outdata); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. Applications should +instead use \fIEVP_EncryptInit_ex\fR\|(3), \fIEVP_EncryptUpdate\fR\|(3) and +\&\fIEVP_EncryptFinal_ex\fR\|(3) or the equivalently named decrypt functions. +.PP +This library implements the Alleged \s-1RC4\s0 cipher, which is described for +example in \fIApplied Cryptography\fR. It is believed to be compatible +with RC4[\s-1TM\s0], a proprietary cipher of \s-1RSA\s0 Security Inc. +.PP +\&\s-1RC4\s0 is a stream cipher with variable key length. Typically, 128 bit +(16 byte) keys are used for strong encryption, but shorter insecure +key sizes have been widely used due to export restrictions. +.PP +\&\s-1RC4\s0 consists of a key setup phase and the actual encryption or +decryption phase. +.PP +\&\fIRC4_set_key()\fR sets up the \fB\s-1RC4_KEY\s0\fR \fBkey\fR using the \fBlen\fR bytes long +key at \fBdata\fR. +.PP +\&\s-1\fIRC4\s0()\fR encrypts or decrypts the \fBlen\fR bytes of data at \fBindata\fR using +\&\fBkey\fR and places the result at \fBoutdata\fR. Repeated \s-1\fIRC4\s0()\fR calls with +the same \fBkey\fR yield a continuous key stream. +.PP +Since \s-1RC4\s0 is a stream cipher (the input is XORed with a pseudo-random +key stream to produce the output), decryption uses the same function +calls as encryption. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIRC4_set_key()\fR and \s-1\fIRC4\s0()\fR do not return values. +.SH "NOTE" +.IX Header "NOTE" +Applications should use the higher level functions +\&\fIEVP_EncryptInit\fR\|(3) etc. instead of calling these +functions directly. +.PP +It is difficult to securely use stream ciphers. For example, do not perform +multiple encryptions using the same key stream. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_EncryptInit\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/RIPEMD160_Init.3 b/linux_amd64/share/man/man3/RIPEMD160_Init.3 new file mode 100755 index 0000000..d8da26b --- /dev/null +++ b/linux_amd64/share/man/man3/RIPEMD160_Init.3 @@ -0,0 +1,205 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RIPEMD160_INIT 3" +.TH RIPEMD160_INIT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RIPEMD160, RIPEMD160_Init, RIPEMD160_Update, RIPEMD160_Final \- +RIPEMD\-160 hash function +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 2 +\& unsigned char *RIPEMD160(const unsigned char *d, unsigned long n, +\& unsigned char *md); +\& +\& int RIPEMD160_Init(RIPEMD160_CTX *c); +\& int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, unsigned long len); +\& int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. +Applications should instead use \fIEVP_DigestInit_ex\fR\|(3), \fIEVP_DigestUpdate\fR\|(3) +and \fIEVP_DigestFinal_ex\fR\|(3). +.PP +\&\s-1RIPEMD\-160\s0 is a cryptographic hash function with a +160 bit output. +.PP +\&\s-1\fIRIPEMD160\s0()\fR computes the \s-1RIPEMD\-160\s0 message digest of the \fBn\fR +bytes at \fBd\fR and places it in \fBmd\fR (which must have space for +\&\s-1RIPEMD160_DIGEST_LENGTH\s0 == 20 bytes of output). If \fBmd\fR is \s-1NULL\s0, the digest +is placed in a static array. +.PP +The following functions may be used if the message is not completely +stored in memory: +.PP +\&\fIRIPEMD160_Init()\fR initializes a \fB\s-1RIPEMD160_CTX\s0\fR structure. +.PP +\&\fIRIPEMD160_Update()\fR can be called repeatedly with chunks of the message to +be hashed (\fBlen\fR bytes at \fBdata\fR). +.PP +\&\fIRIPEMD160_Final()\fR places the message digest in \fBmd\fR, which must have +space for \s-1RIPEMD160_DIGEST_LENGTH\s0 == 20 bytes of output, and erases +the \fB\s-1RIPEMD160_CTX\s0\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\s-1\fIRIPEMD160\s0()\fR returns a pointer to the hash value. +.PP +\&\fIRIPEMD160_Init()\fR, \fIRIPEMD160_Update()\fR and \fIRIPEMD160_Final()\fR return 1 for +success, 0 otherwise. +.SH "NOTE" +.IX Header "NOTE" +Applications should use the higher level functions +\&\fIEVP_DigestInit\fR\|(3) etc. instead of calling these +functions directly. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1ISO/IEC\s0 10118\-3:2016 Dedicated Hash-Function 1 (\s-1RIPEMD\-160\s0). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_DigestInit\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/RSA_blinding_on.3 b/linux_amd64/share/man/man3/RSA_blinding_on.3 new file mode 100755 index 0000000..5ae6d7b --- /dev/null +++ b/linux_amd64/share/man/man3/RSA_blinding_on.3 @@ -0,0 +1,167 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_BLINDING_ON 3" +.TH RSA_BLINDING_ON 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_blinding_on, RSA_blinding_off \- protect the RSA operation from timing attacks +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RSA_blinding_on(RSA *rsa, BN_CTX *ctx); +\& +\& void RSA_blinding_off(RSA *rsa); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1RSA\s0 is vulnerable to timing attacks. In a setup where attackers can +measure the time of \s-1RSA\s0 decryption or signature operations, blinding +must be used to protect the \s-1RSA\s0 operation from that attack. +.PP +\&\fIRSA_blinding_on()\fR turns blinding on for key \fBrsa\fR and generates a +random blinding factor. \fBctx\fR is \fB\s-1NULL\s0\fR or a pre-allocated and +initialized \fB\s-1BN_CTX\s0\fR. +.PP +\&\fIRSA_blinding_off()\fR turns blinding off and frees the memory used for +the blinding factor. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIRSA_blinding_on()\fR returns 1 on success, and 0 if an error occurred. +.PP +\&\fIRSA_blinding_off()\fR returns no value. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/RSA_check_key.3 b/linux_amd64/share/man/man3/RSA_check_key.3 new file mode 100755 index 0000000..89ce6c6 --- /dev/null +++ b/linux_amd64/share/man/man3/RSA_check_key.3 @@ -0,0 +1,216 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_CHECK_KEY 3" +.TH RSA_CHECK_KEY 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_check_key_ex, RSA_check_key \- validate private RSA keys +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& int RSA_check_key_ex(RSA *rsa, BN_GENCB *cb); +\& +\& int RSA_check_key(RSA *rsa); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Both of the functions described on this page are deprecated. +Applications should instead use \fIEVP_PKEY_public_check\fR\|(3), +\&\fIEVP_PKEY_private_check\fR\|(3) and \fIEVP_PKEY_pairwise_check\fR\|(3). +.PP +\&\fIRSA_check_key_ex()\fR function validates \s-1RSA\s0 keys. +It checks that \fBp\fR and \fBq\fR are +in fact prime, and that \fBn = p*q\fR. +.PP +It does not work on \s-1RSA\s0 public keys that have only the modulus +and public exponent elements populated. +It also checks that \fBd*e = 1 mod (p\-1*q\-1)\fR, +and that \fBdmp1\fR, \fBdmq1\fR and \fBiqmp\fR are set correctly or are \fB\s-1NULL\s0\fR. +It performs integrity checks on all +the \s-1RSA\s0 key material, so the \s-1RSA\s0 key structure must contain all the private +key data too. +Therefore, it cannot be used with any arbitrary \s-1RSA\s0 key object, +even if it is otherwise fit for regular \s-1RSA\s0 operation. +.PP +The \fBcb\fR parameter is a callback that will be invoked in the same +manner as \fIBN_is_prime_ex\fR\|(3). +.PP +\&\fIRSA_check_key()\fR is equivalent to \fIRSA_check_key_ex()\fR with a \s-1NULL\s0 \fBcb\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIRSA_check_key_ex()\fR and \fIRSA_check_key()\fR +return 1 if \fBrsa\fR is a valid \s-1RSA\s0 key, and 0 otherwise. +They return \-1 if an error occurs while checking the key. +.PP +If the key is invalid or an error occurred, the reason code can be +obtained using \fIERR_get_error\fR\|(3). +.SH "NOTES" +.IX Header "NOTES" +Unlike most other \s-1RSA\s0 functions, this function does \fBnot\fR work +transparently with any underlying \s-1ENGINE\s0 implementation because it uses the +key data in the \s-1RSA\s0 structure directly. An \s-1ENGINE\s0 implementation can +override the way key data is stored and handled, and can even provide +support for \s-1HSM\s0 keys \- in which case the \s-1RSA\s0 structure may contain \fBno\fR +key data at all! If the \s-1ENGINE\s0 in question is only being used for +acceleration or analysis purposes, then in all likelihood the \s-1RSA\s0 key data +is complete and untouched, but this can't be assumed in the general case. +.SH "BUGS" +.IX Header "BUGS" +A method of verifying the \s-1RSA\s0 key using opaque \s-1RSA\s0 \s-1API\s0 functions might need +to be considered. Right now \fIRSA_check_key()\fR simply uses the \s-1RSA\s0 structure +elements directly, bypassing the \s-1RSA_METHOD\s0 table altogether (and +completely violating encapsulation and object-orientation in the process). +The best fix will probably be to introduce a \*(L"\fIcheck_key()\fR\*(R" handler to the +\&\s-1RSA_METHOD\s0 function table so that alternative implementations can also +provide their own verifiers. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIBN_is_prime_ex\fR\|(3), +\&\fIERR_get_error\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. +.PP +\&\fIRSA_check_key_ex()\fR appeared after OpenSSL 1.0.2. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/RSA_generate_key.3 b/linux_amd64/share/man/man3/RSA_generate_key.3 new file mode 100755 index 0000000..07cc4dc --- /dev/null +++ b/linux_amd64/share/man/man3/RSA_generate_key.3 @@ -0,0 +1,237 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_GENERATE_KEY 3" +.TH RSA_GENERATE_KEY 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_generate_key_ex, RSA_generate_key, +RSA_generate_multi_prime_key \- generate RSA key pair +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 2 +\& int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); +\& int RSA_generate_multi_prime_key(RSA *rsa, int bits, int primes, BIGNUM *e, BN_GENCB *cb); +.Ve +.PP +Deprecated since OpenSSL 0.9.8, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 2 +\& RSA *RSA_generate_key(int bits, unsigned long e, +\& void (*callback)(int, int, void *), void *cb_arg); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. +Applications should instead use \fIEVP_PKEY_keygen_init\fR\|(3) and +\&\fIEVP_PKEY_keygen\fR\|(3). +.PP +\&\fIRSA_generate_key_ex()\fR generates a 2\-prime \s-1RSA\s0 key pair and stores it in the +\&\fB\s-1RSA\s0\fR structure provided in \fBrsa\fR. The pseudo-random number generator must +be seeded prior to calling \fIRSA_generate_key_ex()\fR. +.PP +\&\fIRSA_generate_multi_prime_key()\fR generates a multi-prime \s-1RSA\s0 key pair and stores +it in the \fB\s-1RSA\s0\fR structure provided in \fBrsa\fR. The number of primes is given by +the \fBprimes\fR parameter. The random number generator must be seeded when +calling \fIRSA_generate_multi_prime_key()\fR. +If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to +external circumstances (see \s-1\fIRAND\s0\fR\|(7)), the operation will fail. +.PP +The modulus size will be of length \fBbits\fR, the number of primes to form the +modulus will be \fBprimes\fR, and the public exponent will be \fBe\fR. Key sizes +with \fBnum\fR < 1024 should be considered insecure. The exponent is an odd +number, typically 3, 17 or 65537. +.PP +In order to maintain adequate security level, the maximum number of permitted +\&\fBprimes\fR depends on modulus bit length: +.PP +.Vb 3 +\& <1024 | >=1024 | >=4096 | >=8192 +\& \-\-\-\-\-\-+\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\- +\& 2 | 3 | 4 | 5 +.Ve +.PP +A callback function may be used to provide feedback about the +progress of the key generation. If \fBcb\fR is not \fB\s-1NULL\s0\fR, it +will be called as follows using the \fIBN_GENCB_call()\fR function +described on the \fIBN_generate_prime\fR\|(3) page. +.PP +\&\fIRSA_generate_key()\fR is similar to \fIRSA_generate_key_ex()\fR but +expects an old-style callback function; see +\&\fIBN_generate_prime\fR\|(3) for information on the old-style callback. +.IP "\(bu" 2 +While a random prime number is generated, it is called as +described in \fIBN_generate_prime\fR\|(3). +.IP "\(bu" 2 +When the n\-th randomly generated prime is rejected as not +suitable for the key, \fBBN_GENCB_call(cb, 2, n)\fR is called. +.IP "\(bu" 2 +When a random p has been found with p\-1 relatively prime to \fBe\fR, +it is called as \fBBN_GENCB_call(cb, 3, 0)\fR. +.PP +The process is then repeated for prime q and other primes (if any) +with \fBBN_GENCB_call(cb, 3, i)\fR where \fBi\fR indicates the i\-th prime. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIRSA_generate_multi_prime_key()\fR returns 1 on success or 0 on error. +\&\fIRSA_generate_key_ex()\fR returns 1 on success or 0 on error. +The error codes can be obtained by \fIERR_get_error\fR\|(3). +.PP +\&\fIRSA_generate_key()\fR returns a pointer to the \s-1RSA\s0 structure or +\&\fB\s-1NULL\s0\fR if the key generation fails. +.SH "BUGS" +.IX Header "BUGS" +\&\fBBN_GENCB_call(cb, 2, x)\fR is used with two different meanings. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fIRAND_bytes\fR\|(3), \fIBN_generate_prime\fR\|(3), +\&\s-1\fIRAND\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. +.PP +\&\fIRSA_generate_key()\fR was deprecated in OpenSSL 0.9.8; use +\&\fIRSA_generate_key_ex()\fR instead. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/RSA_get0_key.3 b/linux_amd64/share/man/man3/RSA_get0_key.3 new file mode 100755 index 0000000..f0faaa9 --- /dev/null +++ b/linux_amd64/share/man/man3/RSA_get0_key.3 @@ -0,0 +1,305 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_GET0_KEY 3" +.TH RSA_GET0_KEY 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_set0_key, RSA_set0_factors, RSA_set0_crt_params, RSA_get0_key, +RSA_get0_factors, RSA_get0_crt_params, +RSA_get0_n, RSA_get0_e, RSA_get0_d, RSA_get0_p, RSA_get0_q, +RSA_get0_dmp1, RSA_get0_dmq1, RSA_get0_iqmp, RSA_get0_pss_params, +RSA_clear_flags, +RSA_test_flags, RSA_set_flags, RSA_get0_engine, RSA_get_multi_prime_extra_count, +RSA_get0_multi_prime_factors, RSA_get0_multi_prime_crt_params, +RSA_set0_multi_prime_params, RSA_get_version +\&\- Routines for getting and setting data in an RSA object +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d); +\& int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q); +\& int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp); +\& void RSA_get0_key(const RSA *r, +\& const BIGNUM **n, const BIGNUM **e, const BIGNUM **d); +\& void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q); +\& void RSA_get0_crt_params(const RSA *r, +\& const BIGNUM **dmp1, const BIGNUM **dmq1, +\& const BIGNUM **iqmp); +\& const BIGNUM *RSA_get0_n(const RSA *d); +\& const BIGNUM *RSA_get0_e(const RSA *d); +\& const BIGNUM *RSA_get0_d(const RSA *d); +\& const BIGNUM *RSA_get0_p(const RSA *d); +\& const BIGNUM *RSA_get0_q(const RSA *d); +\& const BIGNUM *RSA_get0_dmp1(const RSA *r); +\& const BIGNUM *RSA_get0_dmq1(const RSA *r); +\& const BIGNUM *RSA_get0_iqmp(const RSA *r); +\& const RSA_PSS_PARAMS *RSA_get0_pss_params(const RSA *r); +\& void RSA_clear_flags(RSA *r, int flags); +\& int RSA_test_flags(const RSA *r, int flags); +\& void RSA_set_flags(RSA *r, int flags); +\& ENGINE *RSA_get0_engine(RSA *r); +\& int RSA_get_multi_prime_extra_count(const RSA *r); +\& int RSA_get0_multi_prime_factors(const RSA *r, const BIGNUM *primes[]); +\& int RSA_get0_multi_prime_crt_params(const RSA *r, const BIGNUM *exps[], +\& const BIGNUM *coeffs[]); +\& int RSA_set0_multi_prime_params(RSA *r, BIGNUM *primes[], BIGNUM *exps[], +\& BIGNUM *coeffs[], int pnum); +\& int RSA_get_version(RSA *r); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +An \s-1RSA\s0 object contains the components for the public and private key, +\&\fBn\fR, \fBe\fR, \fBd\fR, \fBp\fR, \fBq\fR, \fBdmp1\fR, \fBdmq1\fR and \fBiqmp\fR. \fBn\fR is +the modulus common to both public and private key, \fBe\fR is the public +exponent and \fBd\fR is the private exponent. \fBp\fR, \fBq\fR, \fBdmp1\fR, +\&\fBdmq1\fR and \fBiqmp\fR are the factors for the second representation of a +private key (see PKCS#1 section 3 Key Types), where \fBp\fR and \fBq\fR are +the first and second factor of \fBn\fR and \fBdmp1\fR, \fBdmq1\fR and \fBiqmp\fR +are the exponents and coefficient for \s-1CRT\s0 calculations. +.PP +For multi-prime \s-1RSA\s0 (defined in \s-1RFC\s0 8017), there are also one or more +\&'triplet' in an \s-1RSA\s0 object. A triplet contains three members, \fBr\fR, \fBd\fR +and \fBt\fR. \fBr\fR is the additional prime besides \fBp\fR and \fBq\fR. \fBd\fR and +\&\fBt\fR are the exponent and coefficient for \s-1CRT\s0 calculations. +.PP +The \fBn\fR, \fBe\fR and \fBd\fR parameters can be obtained by calling +\&\fIRSA_get0_key()\fR. If they have not been set yet, then \fB*n\fR, \fB*e\fR and +\&\fB*d\fR will be set to \s-1NULL\s0. Otherwise, they are set to pointers to +their respective values. These point directly to the internal +representations of the values and therefore should not be freed +by the caller. +.PP +The \fBn\fR, \fBe\fR and \fBd\fR parameter values can be set by calling +\&\fIRSA_set0_key()\fR and passing the new values for \fBn\fR, \fBe\fR and \fBd\fR as +parameters to the function. The values \fBn\fR and \fBe\fR must be non-NULL +the first time this function is called on a given \s-1RSA\s0 object. The +value \fBd\fR may be \s-1NULL\s0. On subsequent calls any of these values may be +\&\s-1NULL\s0 which means the corresponding \s-1RSA\s0 field is left untouched. +Calling this function transfers the memory management of the values to +the \s-1RSA\s0 object, and therefore the values that have been passed in +should not be freed by the caller after this function has been called. +.PP +In a similar fashion, the \fBp\fR and \fBq\fR parameters can be obtained and +set with \fIRSA_get0_factors()\fR and \fIRSA_set0_factors()\fR, and the \fBdmp1\fR, +\&\fBdmq1\fR and \fBiqmp\fR parameters can be obtained and set with +\&\fIRSA_get0_crt_params()\fR and \fIRSA_set0_crt_params()\fR. +.PP +For \fIRSA_get0_key()\fR, \fIRSA_get0_factors()\fR, and \fIRSA_get0_crt_params()\fR, +\&\s-1NULL\s0 value \s-1BIGNUM\s0 ** output parameters are permitted. The functions +ignore \s-1NULL\s0 parameters but return values for other, non-NULL, parameters. +.PP +For multi-prime \s-1RSA\s0, \fIRSA_get0_multi_prime_factors()\fR and \fIRSA_get0_multi_prime_params()\fR +can be used to obtain other primes and related \s-1CRT\s0 parameters. The +return values are stored in an array of \fB\s-1BIGNUM\s0 *\fR. \fIRSA_set0_multi_prime_params()\fR +sets a collect of multi-prime 'triplet' members (prime, exponent and coefficient) +into an \s-1RSA\s0 object. +.PP +Any of the values \fBn\fR, \fBe\fR, \fBd\fR, \fBp\fR, \fBq\fR, \fBdmp1\fR, \fBdmq1\fR, and \fBiqmp\fR can also be +retrieved separately by the corresponding function +\&\fIRSA_get0_n()\fR, \fIRSA_get0_e()\fR, \fIRSA_get0_d()\fR, \fIRSA_get0_p()\fR, \fIRSA_get0_q()\fR, +\&\fIRSA_get0_dmp1()\fR, \fIRSA_get0_dmq1()\fR, and \fIRSA_get0_iqmp()\fR, respectively. +.PP +\&\fIRSA_get0_pss_params()\fR is used to retrieve the RSA-PSS parameters. +.PP +\&\fIRSA_set_flags()\fR sets the flags in the \fBflags\fR parameter on the \s-1RSA\s0 +object. Multiple flags can be passed in one go (bitwise ORed together). +Any flags that are already set are left set. \fIRSA_test_flags()\fR tests to +see whether the flags passed in the \fBflags\fR parameter are currently +set in the \s-1RSA\s0 object. Multiple flags can be tested in one go. All +flags that are currently set are returned, or zero if none of the +flags are set. \fIRSA_clear_flags()\fR clears the specified flags within the +\&\s-1RSA\s0 object. +.PP +\&\fIRSA_get0_engine()\fR returns a handle to the \s-1ENGINE\s0 that has been set for +this \s-1RSA\s0 object, or \s-1NULL\s0 if no such \s-1ENGINE\s0 has been set. +.PP +\&\fIRSA_get_version()\fR returns the version of an \s-1RSA\s0 object \fBr\fR. +.SH "NOTES" +.IX Header "NOTES" +Values retrieved with \fIRSA_get0_key()\fR are owned by the \s-1RSA\s0 object used +in the call and may therefore \fInot\fR be passed to \fIRSA_set0_key()\fR. If +needed, duplicate the received value using \fIBN_dup()\fR and pass the +duplicate. The same applies to \fIRSA_get0_factors()\fR and \fIRSA_set0_factors()\fR +as well as \fIRSA_get0_crt_params()\fR and \fIRSA_set0_crt_params()\fR. +.PP +The caller should obtain the size by calling \fIRSA_get_multi_prime_extra_count()\fR +in advance and allocate sufficient buffer to store the return values before +calling \fIRSA_get0_multi_prime_factors()\fR and \fIRSA_get0_multi_prime_params()\fR. +.PP +\&\fIRSA_set0_multi_prime_params()\fR always clears the original multi-prime +triplets in \s-1RSA\s0 object \fBr\fR and assign the new set of triplets into it. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIRSA_set0_key()\fR, \fIRSA_set0_factors()\fR, \fIRSA_set0_crt_params()\fR and +\&\fIRSA_set0_multi_prime_params()\fR return 1 on success or 0 on failure. +.PP +\&\fIRSA_get0_n()\fR, \fIRSA_get0_e()\fR, \fIRSA_get0_d()\fR, \fIRSA_get0_p()\fR, \fIRSA_get0_q()\fR, +\&\fIRSA_get0_dmp1()\fR, \fIRSA_get0_dmq1()\fR, and \fIRSA_get0_iqmp()\fR +return the respective value. +.PP +\&\fIRSA_get0_pss_params()\fR returns a \fB\s-1RSA_PSS_PARAMS\s0\fR pointer, or \s-1NULL\s0 if +there is none. +.PP +\&\fIRSA_get0_multi_prime_factors()\fR and \fIRSA_get0_multi_prime_crt_params()\fR return +1 on success or 0 on failure. +.PP +\&\fIRSA_get_multi_prime_extra_count()\fR returns two less than the number of primes +in use, which is 0 for traditional \s-1RSA\s0 and the number of extra primes for +multi-prime \s-1RSA\s0. +.PP +\&\fIRSA_get_version()\fR returns \fB\s-1RSA_ASN1_VERSION_MULTI\s0\fR for multi-prime \s-1RSA\s0 and +\&\fB\s-1RSA_ASN1_VERSION_DEFAULT\s0\fR for normal two-prime \s-1RSA\s0, as defined in \s-1RFC\s0 8017. +.PP +\&\fIRSA_test_flags()\fR returns the current state of the flags in the \s-1RSA\s0 object. +.PP +\&\fIRSA_get0_engine()\fR returns the \s-1ENGINE\s0 set for the \s-1RSA\s0 object or \s-1NULL\s0 if no +\&\s-1ENGINE\s0 has been set. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIRSA_new\fR\|(3), \fIRSA_size\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fIRSA_get0_pss_params()\fR function was added in OpenSSL 1.1.1e. +.PP +The +\&\fIRSA_get_multi_prime_extra_count()\fR, \fIRSA_get0_multi_prime_factors()\fR, +\&\fIRSA_get0_multi_prime_crt_params()\fR, \fIRSA_set0_multi_prime_params()\fR, +and \fIRSA_get_version()\fR functions were added in OpenSSL 1.1.1. +.PP +Other functions described here were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/RSA_meth_new.3 b/linux_amd64/share/man/man3/RSA_meth_new.3 new file mode 100755 index 0000000..7faf0f1 --- /dev/null +++ b/linux_amd64/share/man/man3/RSA_meth_new.3 @@ -0,0 +1,395 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_METH_NEW 3" +.TH RSA_METH_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_meth_get0_app_data, RSA_meth_set0_app_data, +RSA_meth_new, RSA_meth_free, RSA_meth_dup, RSA_meth_get0_name, +RSA_meth_set1_name, RSA_meth_get_flags, RSA_meth_set_flags, +RSA_meth_get_pub_enc, +RSA_meth_set_pub_enc, RSA_meth_get_pub_dec, RSA_meth_set_pub_dec, +RSA_meth_get_priv_enc, RSA_meth_set_priv_enc, RSA_meth_get_priv_dec, +RSA_meth_set_priv_dec, RSA_meth_get_mod_exp, RSA_meth_set_mod_exp, +RSA_meth_get_bn_mod_exp, RSA_meth_set_bn_mod_exp, RSA_meth_get_init, +RSA_meth_set_init, RSA_meth_get_finish, RSA_meth_set_finish, +RSA_meth_get_sign, RSA_meth_set_sign, RSA_meth_get_verify, +RSA_meth_set_verify, RSA_meth_get_keygen, RSA_meth_set_keygen, +RSA_meth_get_multi_prime_keygen, RSA_meth_set_multi_prime_keygen +\&\- Routines to build up RSA methods +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 2 +\& RSA_METHOD *RSA_meth_new(const char *name, int flags); +\& void RSA_meth_free(RSA_METHOD *meth); +\& +\& RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth); +\& +\& const char *RSA_meth_get0_name(const RSA_METHOD *meth); +\& int RSA_meth_set1_name(RSA_METHOD *meth, const char *name); +\& +\& int RSA_meth_get_flags(const RSA_METHOD *meth); +\& int RSA_meth_set_flags(RSA_METHOD *meth, int flags); +\& +\& void *RSA_meth_get0_app_data(const RSA_METHOD *meth); +\& int RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data); +\& +\& int (*RSA_meth_get_pub_enc(const RSA_METHOD *meth))(int flen, const unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding); +\& int RSA_meth_set_pub_enc(RSA_METHOD *rsa, +\& int (*pub_enc)(int flen, const unsigned char *from, +\& unsigned char *to, RSA *rsa, +\& int padding)); +\& +\& int (*RSA_meth_get_pub_dec(const RSA_METHOD *meth)) +\& (int flen, const unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding); +\& int RSA_meth_set_pub_dec(RSA_METHOD *rsa, +\& int (*pub_dec)(int flen, const unsigned char *from, +\& unsigned char *to, RSA *rsa, +\& int padding)); +\& +\& int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth))(int flen, const unsigned char *from, +\& unsigned char *to, RSA *rsa, +\& int padding); +\& int RSA_meth_set_priv_enc(RSA_METHOD *rsa, +\& int (*priv_enc)(int flen, const unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding)); +\& +\& int (*RSA_meth_get_priv_dec(const RSA_METHOD *meth))(int flen, const unsigned char *from, +\& unsigned char *to, RSA *rsa, +\& int padding); +\& int RSA_meth_set_priv_dec(RSA_METHOD *rsa, +\& int (*priv_dec)(int flen, const unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding)); +\& +\& /* Can be null */ +\& int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth))(BIGNUM *r0, const BIGNUM *i, +\& RSA *rsa, BN_CTX *ctx); +\& int RSA_meth_set_mod_exp(RSA_METHOD *rsa, +\& int (*mod_exp)(BIGNUM *r0, const BIGNUM *i, RSA *rsa, +\& BN_CTX *ctx)); +\& +\& /* Can be null */ +\& int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth))(BIGNUM *r, const BIGNUM *a, +\& const BIGNUM *p, const BIGNUM *m, +\& BN_CTX *ctx, BN_MONT_CTX *m_ctx); +\& int RSA_meth_set_bn_mod_exp(RSA_METHOD *rsa, +\& int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, +\& const BIGNUM *p, const BIGNUM *m, +\& BN_CTX *ctx, BN_MONT_CTX *m_ctx)); +\& +\& /* called at new */ +\& int (*RSA_meth_get_init(const RSA_METHOD *meth) (RSA *rsa); +\& int RSA_meth_set_init(RSA_METHOD *rsa, int (*init (RSA *rsa)); +\& +\& /* called at free */ +\& int (*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa); +\& int RSA_meth_set_finish(RSA_METHOD *rsa, int (*finish)(RSA *rsa)); +\& +\& int (*RSA_meth_get_sign(const RSA_METHOD *meth))(int type, const unsigned char *m, +\& unsigned int m_length, +\& unsigned char *sigret, +\& unsigned int *siglen, const RSA *rsa); +\& int RSA_meth_set_sign(RSA_METHOD *rsa, +\& int (*sign)(int type, const unsigned char *m, +\& unsigned int m_length, unsigned char *sigret, +\& unsigned int *siglen, const RSA *rsa)); +\& +\& int (*RSA_meth_get_verify(const RSA_METHOD *meth))(int dtype, const unsigned char *m, +\& unsigned int m_length, +\& const unsigned char *sigbuf, +\& unsigned int siglen, const RSA *rsa); +\& int RSA_meth_set_verify(RSA_METHOD *rsa, +\& int (*verify)(int dtype, const unsigned char *m, +\& unsigned int m_length, +\& const unsigned char *sigbuf, +\& unsigned int siglen, const RSA *rsa)); +\& +\& int (*RSA_meth_get_keygen(const RSA_METHOD *meth))(RSA *rsa, int bits, BIGNUM *e, +\& BN_GENCB *cb); +\& int RSA_meth_set_keygen(RSA_METHOD *rsa, +\& int (*keygen)(RSA *rsa, int bits, BIGNUM *e, +\& BN_GENCB *cb)); +\& +\& int (*RSA_meth_get_multi_prime_keygen(const RSA_METHOD *meth))(RSA *rsa, int bits, +\& int primes, BIGNUM *e, +\& BN_GENCB *cb); +\& +\& int RSA_meth_set_multi_prime_keygen(RSA_METHOD *meth, +\& int (*keygen) (RSA *rsa, int bits, +\& int primes, BIGNUM *e, +\& BN_GENCB *cb)); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. +Applications should instead use the \s-1OSSL_PROVIDER\s0 APIs. +.PP +The \fB\s-1RSA_METHOD\s0\fR type is a structure used for the provision of custom +\&\s-1RSA\s0 implementations. It provides a set of functions used by OpenSSL +for the implementation of the various \s-1RSA\s0 capabilities. +.PP +\&\fIRSA_meth_new()\fR creates a new \fB\s-1RSA_METHOD\s0\fR structure. It should be +given a unique \fBname\fR and a set of \fBflags\fR. The \fBname\fR should be a +\&\s-1NULL\s0 terminated string, which will be duplicated and stored in the +\&\fB\s-1RSA_METHOD\s0\fR object. It is the callers responsibility to free the +original string. The flags will be used during the construction of a +new \fB\s-1RSA\s0\fR object based on this \fB\s-1RSA_METHOD\s0\fR. Any new \fB\s-1RSA\s0\fR object +will have those flags set by default. +.PP +\&\fIRSA_meth_dup()\fR creates a duplicate copy of the \fB\s-1RSA_METHOD\s0\fR object +passed as a parameter. This might be useful for creating a new +\&\fB\s-1RSA_METHOD\s0\fR based on an existing one, but with some differences. +.PP +\&\fIRSA_meth_free()\fR destroys an \fB\s-1RSA_METHOD\s0\fR structure and frees up any +memory associated with it. +.PP +\&\fIRSA_meth_get0_name()\fR will return a pointer to the name of this +\&\s-1RSA_METHOD\s0. This is a pointer to the internal name string and so +should not be freed by the caller. \fIRSA_meth_set1_name()\fR sets the name +of the \s-1RSA_METHOD\s0 to \fBname\fR. The string is duplicated and the copy is +stored in the \s-1RSA_METHOD\s0 structure, so the caller remains responsible +for freeing the memory associated with the name. +.PP +\&\fIRSA_meth_get_flags()\fR returns the current value of the flags associated +with this \s-1RSA_METHOD\s0. \fIRSA_meth_set_flags()\fR provides the ability to set +these flags. +.PP +The functions \fIRSA_meth_get0_app_data()\fR and \fIRSA_meth_set0_app_data()\fR +provide the ability to associate implementation specific data with the +\&\s-1RSA_METHOD\s0. It is the application's responsibility to free this data +before the \s-1RSA_METHOD\s0 is freed via a call to \fIRSA_meth_free()\fR. +.PP +\&\fIRSA_meth_get_sign()\fR and \fIRSA_meth_set_sign()\fR get and set the function +used for creating an \s-1RSA\s0 signature respectively. This function will be +called in response to the application calling \fIRSA_sign()\fR. The +parameters for the function have the same meaning as for \fIRSA_sign()\fR. +.PP +\&\fIRSA_meth_get_verify()\fR and \fIRSA_meth_set_verify()\fR get and set the +function used for verifying an \s-1RSA\s0 signature respectively. This +function will be called in response to the application calling +\&\fIRSA_verify()\fR. The parameters for the function have the same meaning as +for \fIRSA_verify()\fR. +.PP +\&\fIRSA_meth_get_mod_exp()\fR and \fIRSA_meth_set_mod_exp()\fR get and set the +function used for \s-1CRT\s0 computations. +.PP +\&\fIRSA_meth_get_bn_mod_exp()\fR and \fIRSA_meth_set_bn_mod_exp()\fR get and set +the function used for \s-1CRT\s0 computations, specifically the following +value: +.PP +.Vb 1 +\& r = a ^ p mod m +.Ve +.PP +Both the \fImod_exp()\fR and \fIbn_mod_exp()\fR functions are called by the +default OpenSSL method during encryption, decryption, signing and +verification. +.PP +\&\fIRSA_meth_get_init()\fR and \fIRSA_meth_set_init()\fR get and set the function +used for creating a new \s-1RSA\s0 instance respectively. This function will +be called in response to the application calling \fIRSA_new()\fR (if the +current default \s-1RSA_METHOD\s0 is this one) or \fIRSA_new_method()\fR. The +\&\fIRSA_new()\fR and \fIRSA_new_method()\fR functions will allocate the memory for +the new \s-1RSA\s0 object, and a pointer to this newly allocated structure +will be passed as a parameter to the function. This function may be +\&\s-1NULL\s0. +.PP +\&\fIRSA_meth_get_finish()\fR and \fIRSA_meth_set_finish()\fR get and set the +function used for destroying an instance of an \s-1RSA\s0 object respectively. +This function will be called in response to the application calling +\&\fIRSA_free()\fR. A pointer to the \s-1RSA\s0 to be destroyed is passed as a +parameter. The destroy function should be used for \s-1RSA\s0 implementation +specific clean up. The memory for the \s-1RSA\s0 itself should not be freed +by this function. This function may be \s-1NULL\s0. +.PP +\&\fIRSA_meth_get_keygen()\fR and \fIRSA_meth_set_keygen()\fR get and set the +function used for generating a new \s-1RSA\s0 key pair respectively. This +function will be called in response to the application calling +\&\fIRSA_generate_key_ex()\fR. The parameter for the function has the same +meaning as for \fIRSA_generate_key_ex()\fR. +.PP +\&\fIRSA_meth_get_multi_prime_keygen()\fR and \fIRSA_meth_set_multi_prime_keygen()\fR get +and set the function used for generating a new multi-prime \s-1RSA\s0 key pair +respectively. This function will be called in response to the application calling +\&\fIRSA_generate_multi_prime_key()\fR. The parameter for the function has the same +meaning as for \fIRSA_generate_multi_prime_key()\fR. +.PP +\&\fIRSA_meth_get_pub_enc()\fR, \fIRSA_meth_set_pub_enc()\fR, +\&\fIRSA_meth_get_pub_dec()\fR, \fIRSA_meth_set_pub_dec()\fR, +\&\fIRSA_meth_get_priv_enc()\fR, \fIRSA_meth_set_priv_enc()\fR, +\&\fIRSA_meth_get_priv_dec()\fR, \fIRSA_meth_set_priv_dec()\fR get and set the +functions used for public and private key encryption and decryption. +These functions will be called in response to the application calling +\&\fIRSA_public_encrypt()\fR, \fIRSA_private_decrypt()\fR, \fIRSA_private_encrypt()\fR and +\&\fIRSA_public_decrypt()\fR and take the same parameters as those. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIRSA_meth_new()\fR and \fIRSA_meth_dup()\fR return the newly allocated +\&\s-1RSA_METHOD\s0 object or \s-1NULL\s0 on failure. +.PP +\&\fIRSA_meth_get0_name()\fR and \fIRSA_meth_get_flags()\fR return the name and +flags associated with the \s-1RSA_METHOD\s0 respectively. +.PP +All other RSA_meth_get_*() functions return the appropriate function +pointer that has been set in the \s-1RSA_METHOD\s0, or \s-1NULL\s0 if no such +pointer has yet been set. +.PP +RSA_meth_set1_name and all RSA_meth_set_*() functions return 1 on +success or 0 on failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIRSA_new\fR\|(3), \fIRSA_generate_key_ex\fR\|(3), \fIRSA_sign\fR\|(3), +\&\fIRSA_set_method\fR\|(3), \fIRSA_size\fR\|(3), \fIRSA_get0_key\fR\|(3), +\&\fIRSA_generate_multi_prime_key\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. +.PP +\&\fIRSA_meth_get_multi_prime_keygen()\fR and \fIRSA_meth_set_multi_prime_keygen()\fR were +added in OpenSSL 1.1.1. +.PP +Other functions described here were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/RSA_new.3 b/linux_amd64/share/man/man3/RSA_new.3 new file mode 100755 index 0000000..b51bc8d --- /dev/null +++ b/linux_amd64/share/man/man3/RSA_new.3 @@ -0,0 +1,170 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_NEW 3" +.TH RSA_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_new, RSA_free \- allocate and free RSA objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& RSA *RSA_new(void); +\& +\& void RSA_free(RSA *rsa); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIRSA_new()\fR allocates and initializes an \fB\s-1RSA\s0\fR structure. It is equivalent to +calling RSA_new_method(\s-1NULL\s0). +.PP +\&\fIRSA_free()\fR frees the \fB\s-1RSA\s0\fR structure and its components. The key is +erased before the memory is returned to the system. +If \fBrsa\fR is \s-1NULL\s0 nothing is done. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +If the allocation fails, \fIRSA_new()\fR returns \fB\s-1NULL\s0\fR and sets an error +code that can be obtained by \fIERR_get_error\fR\|(3). Otherwise it returns +a pointer to the newly allocated structure. +.PP +\&\fIRSA_free()\fR returns no value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), +\&\fIRSA_generate_key\fR\|(3), +\&\fIRSA_new_method\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/RSA_padding_add_PKCS1_type_1.3 b/linux_amd64/share/man/man3/RSA_padding_add_PKCS1_type_1.3 new file mode 100755 index 0000000..c8b04f1 --- /dev/null +++ b/linux_amd64/share/man/man3/RSA_padding_add_PKCS1_type_1.3 @@ -0,0 +1,285 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_PADDING_ADD_PKCS1_TYPE_1 3" +.TH RSA_PADDING_ADD_PKCS1_TYPE_1 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_padding_add_PKCS1_type_1, RSA_padding_check_PKCS1_type_1, +RSA_padding_add_PKCS1_type_2, RSA_padding_check_PKCS1_type_2, +RSA_padding_add_PKCS1_OAEP, RSA_padding_check_PKCS1_OAEP, +RSA_padding_add_PKCS1_OAEP_mgf1, RSA_padding_check_PKCS1_OAEP_mgf1, +RSA_padding_add_SSLv23, RSA_padding_check_SSLv23, +RSA_padding_add_none, RSA_padding_check_none \- asymmetric encryption +padding +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 2 +\& int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen, +\& const unsigned char *f, int fl); +\& +\& int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen, +\& const unsigned char *f, int fl, int rsa_len); +\& +\& int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen, +\& const unsigned char *f, int fl); +\& +\& int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, +\& const unsigned char *f, int fl, int rsa_len); +\& +\& int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, +\& const unsigned char *f, int fl, +\& const unsigned char *p, int pl); +\& +\& int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, +\& const unsigned char *f, int fl, int rsa_len, +\& const unsigned char *p, int pl); +\& +\& int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, +\& const unsigned char *f, int fl, +\& const unsigned char *p, int pl, +\& const EVP_MD *md, const EVP_MD *mgf1md); +\& +\& int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, +\& const unsigned char *f, int fl, int rsa_len, +\& const unsigned char *p, int pl, +\& const EVP_MD *md, const EVP_MD *mgf1md); +\& +\& int RSA_padding_add_SSLv23(unsigned char *to, int tlen, +\& const unsigned char *f, int fl); +\& +\& int RSA_padding_check_SSLv23(unsigned char *to, int tlen, +\& const unsigned char *f, int fl, int rsa_len); +\& +\& int RSA_padding_add_none(unsigned char *to, int tlen, +\& const unsigned char *f, int fl); +\& +\& int RSA_padding_check_none(unsigned char *to, int tlen, +\& const unsigned char *f, int fl, int rsa_len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. +Applications should instead use the \s-1EVP\s0 \s-1PKEY\s0 APIs. +.PP +The \fIRSA_padding_xxx_xxx()\fR functions are called from the \s-1RSA\s0 encrypt, +decrypt, sign and verify functions. Normally they should not be called +from application programs. +.PP +However, they can also be called directly to implement padding for other +asymmetric ciphers. \fIRSA_padding_add_PKCS1_OAEP()\fR and +\&\fIRSA_padding_check_PKCS1_OAEP()\fR may be used in an application combined +with \fB\s-1RSA_NO_PADDING\s0\fR in order to implement \s-1OAEP\s0 with an encoding +parameter. +.PP +\&\fIRSA_padding_add_xxx()\fR encodes \fBfl\fR bytes from \fBf\fR so as to fit into +\&\fBtlen\fR bytes and stores the result at \fBto\fR. An error occurs if \fBfl\fR +does not meet the size requirements of the encoding method. +.PP +The following encoding methods are implemented: +.IP "PKCS1_type_1" 4 +.IX Item "PKCS1_type_1" +\&\s-1PKCS\s0 #1 v2.0 EMSA\-PKCS1\-v1_5 (\s-1PKCS\s0 #1 v1.5 block type 1); used for signatures +.IP "PKCS1_type_2" 4 +.IX Item "PKCS1_type_2" +\&\s-1PKCS\s0 #1 v2.0 EME\-PKCS1\-v1_5 (\s-1PKCS\s0 #1 v1.5 block type 2) +.IP "\s-1PKCS1_OAEP\s0" 4 +.IX Item "PKCS1_OAEP" +\&\s-1PKCS\s0 #1 v2.0 EME-OAEP +.IP "SSLv23" 4 +.IX Item "SSLv23" +\&\s-1PKCS\s0 #1 EME\-PKCS1\-v1_5 with SSL-specific modification +.IP "none" 4 +.IX Item "none" +simply copy the data +.PP +The random number generator must be seeded prior to calling +\&\fIRSA_padding_add_xxx()\fR. +If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to +external circumstances (see \s-1\fIRAND\s0\fR\|(7)), the operation will fail. +.PP +\&\fIRSA_padding_check_xxx()\fR verifies that the \fBfl\fR bytes at \fBf\fR contain +a valid encoding for a \fBrsa_len\fR byte \s-1RSA\s0 key in the respective +encoding method and stores the recovered data of at most \fBtlen\fR bytes +(for \fB\s-1RSA_NO_PADDING\s0\fR: of size \fBtlen\fR) +at \fBto\fR. +.PP +For \fIRSA_padding_xxx_OAEP()\fR, \fBp\fR points to the encoding parameter +of length \fBpl\fR. \fBp\fR may be \fB\s-1NULL\s0\fR if \fBpl\fR is 0. +.PP +For \fIRSA_padding_xxx_OAEP_mgf1()\fR, \fBmd\fR points to the md hash, +if \fBmd\fR is \fB\s-1NULL\s0\fR that means md=sha1, and \fBmgf1md\fR points to +the mgf1 hash, if \fBmgf1md\fR is \fB\s-1NULL\s0\fR that means mgf1md=md. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The \fIRSA_padding_add_xxx()\fR functions return 1 on success, 0 on error. +The \fIRSA_padding_check_xxx()\fR functions return the length of the +recovered data, \-1 on error. Error codes can be obtained by calling +\&\fIERR_get_error\fR\|(3). +.SH "WARNINGS" +.IX Header "WARNINGS" +The result of \fIRSA_padding_check_PKCS1_type_2()\fR is a very sensitive +information which can potentially be used to mount a Bleichenbacher +padding oracle attack. This is an inherent weakness in the \s-1PKCS\s0 #1 +v1.5 padding design. Prefer \s-1PKCS1_OAEP\s0 padding. If that is not +possible, the result of \fIRSA_padding_check_PKCS1_type_2()\fR should be +checked in constant time if it matches the expected length of the +plaintext and additionally some application specific consistency +checks on the plaintext need to be performed in constant time. +If the plaintext is rejected it must be kept secret which of the +checks caused the application to reject the message. +Do not remove the zero-padding from the decrypted raw \s-1RSA\s0 data +which was computed by \fIRSA_private_decrypt()\fR with \fB\s-1RSA_NO_PADDING\s0\fR, +as this would create a small timing side channel which could be +used to mount a Bleichenbacher attack against any padding mode +including \s-1PKCS1_OAEP\s0. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIRSA_public_encrypt\fR\|(3), +\&\fIRSA_private_decrypt\fR\|(3), +\&\fIRSA_sign\fR\|(3), \fIRSA_verify\fR\|(3), +\&\s-1\fIRAND\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/RSA_print.3 b/linux_amd64/share/man/man3/RSA_print.3 new file mode 100755 index 0000000..c68a52e --- /dev/null +++ b/linux_amd64/share/man/man3/RSA_print.3 @@ -0,0 +1,204 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_PRINT 3" +.TH RSA_PRINT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_print, RSA_print_fp, +DSAparams_print, DSAparams_print_fp, DSA_print, DSA_print_fp, +DHparams_print, DHparams_print_fp \- print cryptographic parameters +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 2 +\& int RSA_print(BIO *bp, RSA *x, int offset); +\& int RSA_print_fp(FILE *fp, RSA *x, int offset); +\& +\& #include +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 4 +\& int DSAparams_print(BIO *bp, DSA *x); +\& int DSAparams_print_fp(FILE *fp, DSA *x); +\& int DSA_print(BIO *bp, DSA *x, int offset); +\& int DSA_print_fp(FILE *fp, DSA *x, int offset); +\& +\& #include +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 2 +\& int DHparams_print(BIO *bp, DH *x); +\& int DHparams_print_fp(FILE *fp, DH *x); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. +Applications should instead use \fIEVP_PKEY_print_params\fR\|(3) and +\&\fIEVP_PKEY_print_private\fR\|(3). +.PP +A human-readable hexadecimal output of the components of the \s-1RSA\s0 +key, \s-1DSA\s0 parameters or key or \s-1DH\s0 parameters is printed to \fBbp\fR or \fBfp\fR. +.PP +The output lines are indented by \fBoffset\fR spaces. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return 1 on success, 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +.Vb 3 +\& L, +\& L, +\& L +.Ve +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/RSA_private_encrypt.3 b/linux_amd64/share/man/man3/RSA_private_encrypt.3 new file mode 100755 index 0000000..cae2071 --- /dev/null +++ b/linux_amd64/share/man/man3/RSA_private_encrypt.3 @@ -0,0 +1,204 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_PRIVATE_ENCRYPT 3" +.TH RSA_PRIVATE_ENCRYPT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_private_encrypt, RSA_public_decrypt \- low level signature operations +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 2 +\& int RSA_private_encrypt(int flen, unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding); +\& +\& int RSA_public_decrypt(int flen, unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Both of the functions described on this page are deprecated. +Applications should instead use \fIEVP_PKEY_encrypt_init\fR\|(3), +\&\fIEVP_PKEY_encrypt\fR\|(3), \fIEVP_PKEY_decrypt_init\fR\|(3) and \fIEVP_PKEY_decrypt\fR\|(3). +.PP +These functions handle \s-1RSA\s0 signatures at a low level. +.PP +\&\fIRSA_private_encrypt()\fR signs the \fBflen\fR bytes at \fBfrom\fR (usually a +message digest with an algorithm identifier) using the private key +\&\fBrsa\fR and stores the signature in \fBto\fR. \fBto\fR must point to +\&\fBRSA_size(rsa)\fR bytes of memory. +.PP +\&\fBpadding\fR denotes one of the following modes: +.IP "\s-1RSA_PKCS1_PADDING\s0" 4 +.IX Item "RSA_PKCS1_PADDING" +\&\s-1PKCS\s0 #1 v1.5 padding. This function does not handle the +\&\fBalgorithmIdentifier\fR specified in \s-1PKCS\s0 #1. When generating or +verifying \s-1PKCS\s0 #1 signatures, \fIRSA_sign\fR\|(3) and \fIRSA_verify\fR\|(3) should be +used. +.IP "\s-1RSA_NO_PADDING\s0" 4 +.IX Item "RSA_NO_PADDING" +Raw \s-1RSA\s0 signature. This mode should \fIonly\fR be used to implement +cryptographically sound padding modes in the application code. +Signing user data directly with \s-1RSA\s0 is insecure. +.PP +\&\fIRSA_public_decrypt()\fR recovers the message digest from the \fBflen\fR +bytes long signature at \fBfrom\fR using the signer's public key +\&\fBrsa\fR. \fBto\fR must point to a memory section large enough to hold the +message digest (which is smaller than \fBRSA_size(rsa) \- +11\fR). \fBpadding\fR is the padding mode that was used to sign the data. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIRSA_private_encrypt()\fR returns the size of the signature (i.e., +RSA_size(rsa)). \fIRSA_public_decrypt()\fR returns the size of the +recovered message digest. +.PP +On error, \-1 is returned; the error codes can be +obtained by \fIERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), +\&\fIRSA_sign\fR\|(3), \fIRSA_verify\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +Both of these functions were deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/RSA_public_encrypt.3 b/linux_amd64/share/man/man3/RSA_public_encrypt.3 new file mode 100755 index 0000000..97d2a2b --- /dev/null +++ b/linux_amd64/share/man/man3/RSA_public_encrypt.3 @@ -0,0 +1,235 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_PUBLIC_ENCRYPT 3" +.TH RSA_PUBLIC_ENCRYPT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_public_encrypt, RSA_private_decrypt \- RSA public key cryptography +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 2 +\& int RSA_public_encrypt(int flen, const unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding); +\& +\& int RSA_private_decrypt(int flen, const unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Both of the functions described on this page are deprecated. +Applications should instead use \fIEVP_PKEY_encrypt_init\fR\|(3), +\&\fIEVP_PKEY_encrypt\fR\|(3), \fIEVP_PKEY_decrypt_init\fR\|(3) and \fIEVP_PKEY_decrypt\fR\|(3). +.PP +\&\fIRSA_public_encrypt()\fR encrypts the \fBflen\fR bytes at \fBfrom\fR (usually a +session key) using the public key \fBrsa\fR and stores the ciphertext in +\&\fBto\fR. \fBto\fR must point to RSA_size(\fBrsa\fR) bytes of memory. +.PP +\&\fBpadding\fR denotes one of the following modes: +.IP "\s-1RSA_PKCS1_PADDING\s0" 4 +.IX Item "RSA_PKCS1_PADDING" +\&\s-1PKCS\s0 #1 v1.5 padding. This currently is the most widely used mode. +However, it is highly recommended to use \s-1RSA_PKCS1_OAEP_PADDING\s0 in +new applications. \s-1SEE\s0 \s-1WARNING\s0 \s-1BELOW\s0. +.IP "\s-1RSA_PKCS1_OAEP_PADDING\s0" 4 +.IX Item "RSA_PKCS1_OAEP_PADDING" +EME-OAEP as defined in \s-1PKCS\s0 #1 v2.0 with \s-1SHA\-1\s0, \s-1MGF1\s0 and an empty +encoding parameter. This mode is recommended for all new applications. +.IP "\s-1RSA_SSLV23_PADDING\s0" 4 +.IX Item "RSA_SSLV23_PADDING" +\&\s-1PKCS\s0 #1 v1.5 padding with an SSL-specific modification that denotes +that the server is \s-1SSL3\s0 capable. +.IP "\s-1RSA_NO_PADDING\s0" 4 +.IX Item "RSA_NO_PADDING" +Raw \s-1RSA\s0 encryption. This mode should \fIonly\fR be used to implement +cryptographically sound padding modes in the application code. +Encrypting user data directly with \s-1RSA\s0 is insecure. +.PP +\&\fBflen\fR must not be more than RSA_size(\fBrsa\fR) \- 11 for the \s-1PKCS\s0 #1 v1.5 +based padding modes, not more than RSA_size(\fBrsa\fR) \- 42 for +\&\s-1RSA_PKCS1_OAEP_PADDING\s0 and exactly RSA_size(\fBrsa\fR) for \s-1RSA_NO_PADDING\s0. +When a padding mode other than \s-1RSA_NO_PADDING\s0 is in use, then +\&\fIRSA_public_encrypt()\fR will include some random bytes into the ciphertext +and therefore the ciphertext will be different each time, even if the +plaintext and the public key are exactly identical. +The returned ciphertext in \fBto\fR will always be zero padded to exactly +RSA_size(\fBrsa\fR) bytes. +\&\fBto\fR and \fBfrom\fR may overlap. +.PP +\&\fIRSA_private_decrypt()\fR decrypts the \fBflen\fR bytes at \fBfrom\fR using the +private key \fBrsa\fR and stores the plaintext in \fBto\fR. \fBflen\fR should +be equal to RSA_size(\fBrsa\fR) but may be smaller, when leading zero +bytes are in the ciphertext. Those are not important and may be removed, +but \fIRSA_public_encrypt()\fR does not do that. \fBto\fR must point +to a memory section large enough to hold the maximal possible decrypted +data (which is equal to RSA_size(\fBrsa\fR) for \s-1RSA_NO_PADDING\s0, +RSA_size(\fBrsa\fR) \- 11 for the \s-1PKCS\s0 #1 v1.5 based padding modes and +RSA_size(\fBrsa\fR) \- 42 for \s-1RSA_PKCS1_OAEP_PADDING\s0). +\&\fBpadding\fR is the padding mode that was used to encrypt the data. +\&\fBto\fR and \fBfrom\fR may overlap. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIRSA_public_encrypt()\fR returns the size of the encrypted data (i.e., +RSA_size(\fBrsa\fR)). \fIRSA_private_decrypt()\fR returns the size of the +recovered plaintext. A return value of 0 is not an error and +means only that the plaintext was empty. +.PP +On error, \-1 is returned; the error codes can be +obtained by \fIERR_get_error\fR\|(3). +.SH "WARNINGS" +.IX Header "WARNINGS" +Decryption failures in the \s-1RSA_PKCS1_PADDING\s0 mode leak information +which can potentially be used to mount a Bleichenbacher padding oracle +attack. This is an inherent weakness in the \s-1PKCS\s0 #1 v1.5 padding +design. Prefer \s-1RSA_PKCS1_OAEP_PADDING\s0. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1SSL\s0, \s-1PKCS\s0 #1 v2.0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fIRAND_bytes\fR\|(3), +\&\fIRSA_size\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +Both of these functions were deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/RSA_set_method.3 b/linux_amd64/share/man/man3/RSA_set_method.3 new file mode 100755 index 0000000..f144aae --- /dev/null +++ b/linux_amd64/share/man/man3/RSA_set_method.3 @@ -0,0 +1,319 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_SET_METHOD 3" +.TH RSA_SET_METHOD 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_set_default_method, RSA_get_default_method, RSA_set_method, +RSA_get_method, RSA_PKCS1_OpenSSL, RSA_flags, +RSA_new_method \- select RSA method +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& void RSA_set_default_method(const RSA_METHOD *meth); +\& +\& RSA_METHOD *RSA_get_default_method(void); +\& +\& int RSA_set_method(RSA *rsa, const RSA_METHOD *meth); +\& +\& RSA_METHOD *RSA_get_method(const RSA *rsa); +\& +\& RSA_METHOD *RSA_PKCS1_OpenSSL(void); +\& +\& int RSA_flags(const RSA *rsa); +\& +\& RSA *RSA_new_method(ENGINE *engine); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. +Applications should instead use the \s-1OSSL_PROVIDER\s0 APIs. +.PP +An \fB\s-1RSA_METHOD\s0\fR specifies the functions that OpenSSL uses for \s-1RSA\s0 +operations. By modifying the method, alternative implementations such as +hardware accelerators may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for +important information about how these \s-1RSA\s0 \s-1API\s0 functions are affected by the +use of \fB\s-1ENGINE\s0\fR \s-1API\s0 calls. +.PP +Initially, the default \s-1RSA_METHOD\s0 is the OpenSSL internal implementation, +as returned by \fIRSA_PKCS1_OpenSSL()\fR. +.PP +\&\fIRSA_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1RSA\s0 +structures created later. +\&\fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has +been set as a default for \s-1RSA\s0, so this function is no longer recommended. +This function is not thread-safe and should not be called at the same time +as other OpenSSL functions. +.PP +\&\fIRSA_get_default_method()\fR returns a pointer to the current default +\&\s-1RSA_METHOD\s0. However, the meaningfulness of this result is dependent on +whether the \s-1ENGINE\s0 \s-1API\s0 is being used, so this function is no longer +recommended. +.PP +\&\fIRSA_set_method()\fR selects \fBmeth\fR to perform all operations using the key +\&\fBrsa\fR. This will replace the \s-1RSA_METHOD\s0 used by the \s-1RSA\s0 key and if the +previous method was supplied by an \s-1ENGINE\s0, the handle to that \s-1ENGINE\s0 will +be released during the change. It is possible to have \s-1RSA\s0 keys that only +work with certain \s-1RSA_METHOD\s0 implementations (eg. from an \s-1ENGINE\s0 module +that supports embedded hardware-protected keys), and in such cases +attempting to change the \s-1RSA_METHOD\s0 for the key can have unexpected +results. +.PP +\&\fIRSA_get_method()\fR returns a pointer to the \s-1RSA_METHOD\s0 being used by \fBrsa\fR. +This method may or may not be supplied by an \s-1ENGINE\s0 implementation, but if +it is, the return value can only be guaranteed to be valid as long as the +\&\s-1RSA\s0 key itself is valid and does not have its implementation changed by +\&\fIRSA_set_method()\fR. +.PP +\&\fIRSA_flags()\fR returns the \fBflags\fR that are set for \fBrsa\fR's current +\&\s-1RSA_METHOD\s0. See the \s-1BUGS\s0 section. +.PP +\&\fIRSA_new_method()\fR allocates and initializes an \s-1RSA\s0 structure so that +\&\fBengine\fR will be used for the \s-1RSA\s0 operations. If \fBengine\fR is \s-1NULL\s0, the +default \s-1ENGINE\s0 for \s-1RSA\s0 operations is used, and if no default \s-1ENGINE\s0 is set, +the \s-1RSA_METHOD\s0 controlled by \fIRSA_set_default_method()\fR is used. +.PP +\&\fIRSA_flags()\fR returns the \fBflags\fR that are set for \fBrsa\fR's current method. +.PP +\&\fIRSA_new_method()\fR allocates and initializes an \fB\s-1RSA\s0\fR structure so that +\&\fBmethod\fR will be used for the \s-1RSA\s0 operations. If \fBmethod\fR is \fB\s-1NULL\s0\fR, +the default method is used. +.SH "THE RSA_METHOD STRUCTURE" +.IX Header "THE RSA_METHOD STRUCTURE" +.Vb 4 +\& typedef struct rsa_meth_st +\& { +\& /* name of the implementation */ +\& const char *name; +\& +\& /* encrypt */ +\& int (*rsa_pub_enc)(int flen, unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding); +\& +\& /* verify arbitrary data */ +\& int (*rsa_pub_dec)(int flen, unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding); +\& +\& /* sign arbitrary data */ +\& int (*rsa_priv_enc)(int flen, unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding); +\& +\& /* decrypt */ +\& int (*rsa_priv_dec)(int flen, unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding); +\& +\& /* compute r0 = r0 ^ I mod rsa\->n (May be NULL for some implementations) */ +\& int (*rsa_mod_exp)(BIGNUM *r0, BIGNUM *I, RSA *rsa); +\& +\& /* compute r = a ^ p mod m (May be NULL for some implementations) */ +\& int (*bn_mod_exp)(BIGNUM *r, BIGNUM *a, const BIGNUM *p, +\& const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +\& +\& /* called at RSA_new */ +\& int (*init)(RSA *rsa); +\& +\& /* called at RSA_free */ +\& int (*finish)(RSA *rsa); +\& +\& /* +\& * RSA_FLAG_EXT_PKEY \- rsa_mod_exp is called for private key +\& * operations, even if p,q,dmp1,dmq1,iqmp +\& * are NULL +\& * RSA_METHOD_FLAG_NO_CHECK \- don\*(Aqt check pub/private match +\& */ +\& int flags; +\& +\& char *app_data; /* ?? */ +\& +\& int (*rsa_sign)(int type, +\& const unsigned char *m, unsigned int m_length, +\& unsigned char *sigret, unsigned int *siglen, const RSA *rsa); +\& int (*rsa_verify)(int dtype, +\& const unsigned char *m, unsigned int m_length, +\& const unsigned char *sigbuf, unsigned int siglen, +\& const RSA *rsa); +\& /* keygen. If NULL built\-in RSA key generation will be used */ +\& int (*rsa_keygen)(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); +\& +\& } RSA_METHOD; +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIRSA_PKCS1_OpenSSL()\fR, \fIRSA_PKCS1_null_method()\fR, \fIRSA_get_default_method()\fR +and \fIRSA_get_method()\fR return pointers to the respective RSA_METHODs. +.PP +\&\fIRSA_set_default_method()\fR returns no value. +.PP +\&\fIRSA_set_method()\fR returns a pointer to the old \s-1RSA_METHOD\s0 implementation +that was replaced. However, this return value should probably be ignored +because if it was supplied by an \s-1ENGINE\s0, the pointer could be invalidated +at any time if the \s-1ENGINE\s0 is unloaded (in fact it could be unloaded as a +result of the \fIRSA_set_method()\fR function releasing its handle to the +\&\s-1ENGINE\s0). For this reason, the return type may be replaced with a \fBvoid\fR +declaration in a future release. +.PP +\&\fIRSA_new_method()\fR returns \s-1NULL\s0 and sets an error code that can be obtained +by \fIERR_get_error\fR\|(3) if the allocation fails. Otherwise +it returns a pointer to the newly allocated structure. +.SH "BUGS" +.IX Header "BUGS" +The behaviour of \fIRSA_flags()\fR is a mis-feature that is left as-is for now +to avoid creating compatibility problems. \s-1RSA\s0 functionality, such as the +encryption functions, are controlled by the \fBflags\fR value in the \s-1RSA\s0 key +itself, not by the \fBflags\fR value in the \s-1RSA_METHOD\s0 attached to the \s-1RSA\s0 key +(which is what this function returns). If the flags element of an \s-1RSA\s0 key +is changed, the changes will be honoured by \s-1RSA\s0 functionality but will not +be reflected in the return value of the \fIRSA_flags()\fR function \- in effect +\&\fIRSA_flags()\fR behaves more like an \fIRSA_default_flags()\fR function (which does +not currently exist). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIRSA_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. +.PP +The \fIRSA_null_method()\fR, which was a partial attempt to avoid patent issues, +was replaced to always return \s-1NULL\s0 in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/RSA_sign.3 b/linux_amd64/share/man/man3/RSA_sign.3 new file mode 100755 index 0000000..4189773 --- /dev/null +++ b/linux_amd64/share/man/man3/RSA_sign.3 @@ -0,0 +1,200 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_SIGN 3" +.TH RSA_SIGN 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_sign, RSA_verify \- RSA signatures +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 2 +\& int RSA_sign(int type, const unsigned char *m, unsigned int m_len, +\& unsigned char *sigret, unsigned int *siglen, RSA *rsa); +\& +\& int RSA_verify(int type, const unsigned char *m, unsigned int m_len, +\& unsigned char *sigbuf, unsigned int siglen, RSA *rsa); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. +Applications should instead use \fIEVP_PKEY_sign_init\fR\|(3), \fIEVP_PKEY_sign\fR\|(3), +\&\fIEVP_PKEY_verify_init\fR\|(3) and \fIEVP_PKEY_verify\fR\|(3). +.PP +\&\fIRSA_sign()\fR signs the message digest \fBm\fR of size \fBm_len\fR using the +private key \fBrsa\fR using RSASSA\-PKCS1\-v1_5 as specified in \s-1RFC\s0 3447. It +stores the signature in \fBsigret\fR and the signature size in \fBsiglen\fR. +\&\fBsigret\fR must point to RSA_size(\fBrsa\fR) bytes of memory. +Note that \s-1PKCS\s0 #1 adds meta-data, placing limits on the size of the +key that can be used. +See \fIRSA_private_encrypt\fR\|(3) for lower-level +operations. +.PP +\&\fBtype\fR denotes the message digest algorithm that was used to generate +\&\fBm\fR. +If \fBtype\fR is \fBNID_md5_sha1\fR, +an \s-1SSL\s0 signature (\s-1MD5\s0 and \s-1SHA1\s0 message digests with \s-1PKCS\s0 #1 padding +and no algorithm identifier) is created. +.PP +\&\fIRSA_verify()\fR verifies that the signature \fBsigbuf\fR of size \fBsiglen\fR +matches a given message digest \fBm\fR of size \fBm_len\fR. \fBtype\fR denotes +the message digest algorithm that was used to generate the signature. +\&\fBrsa\fR is the signer's public key. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIRSA_sign()\fR returns 1 on success. +\&\fIRSA_verify()\fR returns 1 on successful verification. +.PP +The error codes can be obtained by \fIERR_get_error\fR\|(3). +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1SSL\s0, \s-1PKCS\s0 #1 v2.0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), +\&\fIRSA_private_encrypt\fR\|(3), +\&\fIRSA_public_decrypt\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/RSA_sign_ASN1_OCTET_STRING.3 b/linux_amd64/share/man/man3/RSA_sign_ASN1_OCTET_STRING.3 new file mode 100755 index 0000000..7a18990 --- /dev/null +++ b/linux_amd64/share/man/man3/RSA_sign_ASN1_OCTET_STRING.3 @@ -0,0 +1,201 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_SIGN_ASN1_OCTET_STRING 3" +.TH RSA_SIGN_ASN1_OCTET_STRING 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_sign_ASN1_OCTET_STRING, RSA_verify_ASN1_OCTET_STRING \- RSA signatures +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 3 +\& int RSA_sign_ASN1_OCTET_STRING(int dummy, unsigned char *m, +\& unsigned int m_len, unsigned char *sigret, +\& unsigned int *siglen, RSA *rsa); +\& +\& int RSA_verify_ASN1_OCTET_STRING(int dummy, unsigned char *m, +\& unsigned int m_len, unsigned char *sigbuf, +\& unsigned int siglen, RSA *rsa); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. +Applications should instead use \s-1EVP\s0 \s-1PKEY\s0 APIs. +.PP +\&\fIRSA_sign_ASN1_OCTET_STRING()\fR signs the octet string \fBm\fR of size +\&\fBm_len\fR using the private key \fBrsa\fR represented in \s-1DER\s0 using \s-1PKCS\s0 #1 +padding. It stores the signature in \fBsigret\fR and the signature size +in \fBsiglen\fR. \fBsigret\fR must point to \fBRSA_size(rsa)\fR bytes of +memory. +.PP +\&\fBdummy\fR is ignored. +.PP +The random number generator must be seeded when calling +\&\fIRSA_sign_ASN1_OCTET_STRING()\fR. +If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to +external circumstances (see \s-1\fIRAND\s0\fR\|(7)), the operation will fail. +.PP +\&\fIRSA_verify_ASN1_OCTET_STRING()\fR verifies that the signature \fBsigbuf\fR +of size \fBsiglen\fR is the \s-1DER\s0 representation of a given octet string +\&\fBm\fR of size \fBm_len\fR. \fBdummy\fR is ignored. \fBrsa\fR is the signer's +public key. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIRSA_sign_ASN1_OCTET_STRING()\fR returns 1 on success, 0 otherwise. +\&\fIRSA_verify_ASN1_OCTET_STRING()\fR returns 1 on successful verification, 0 +otherwise. +.PP +The error codes can be obtained by \fIERR_get_error\fR\|(3). +.SH "BUGS" +.IX Header "BUGS" +These functions serve no recognizable purpose. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), +\&\fIRAND_bytes\fR\|(3), \fIRSA_sign\fR\|(3), +\&\fIRSA_verify\fR\|(3), +\&\s-1\fIRAND\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/RSA_size.3 b/linux_amd64/share/man/man3/RSA_size.3 new file mode 100755 index 0000000..b3e61f0 --- /dev/null +++ b/linux_amd64/share/man/man3/RSA_size.3 @@ -0,0 +1,189 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_SIZE 3" +.TH RSA_SIZE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_size, RSA_bits, RSA_security_bits \- get RSA modulus size or security bits +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& int RSA_size(const RSA *rsa); +\& +\& int RSA_bits(const RSA *rsa); +\& +\& int RSA_security_bits(const RSA *rsa) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. +Applications should instead use \fIEVP_PKEY_size\fR\|(3), \fIEVP_PKEY_bits\fR\|(3) +and \fIEVP_PKEY_security_bits\fR\|(3). +.PP +\&\fIRSA_size()\fR returns the \s-1RSA\s0 modulus size in bytes. It can be used to +determine how much memory must be allocated for an \s-1RSA\s0 encrypted +value. +.PP +\&\fIRSA_bits()\fR returns the number of significant bits. +.PP +\&\fBrsa\fR and \fBrsa\->n\fR must not be \fB\s-1NULL\s0\fR. +.PP +\&\fIRSA_security_bits()\fR returns the number of security bits of the given \fBrsa\fR +key. See \fIBN_security_bits\fR\|(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIRSA_size()\fR returns the size of modulus in bytes. +.PP +\&\fIDSA_bits()\fR returns the number of bits in the key. +.PP +\&\fIRSA_security_bits()\fR returns the number of security bits. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIBN_num_bits\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. +.PP +The \fIRSA_bits()\fR function was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SCT_new.3 b/linux_amd64/share/man/man3/SCT_new.3 new file mode 100755 index 0000000..9c32215 --- /dev/null +++ b/linux_amd64/share/man/man3/SCT_new.3 @@ -0,0 +1,307 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SCT_NEW 3" +.TH SCT_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SCT_new, SCT_new_from_base64, SCT_free, SCT_LIST_free, +SCT_get_version, SCT_set_version, +SCT_get_log_entry_type, SCT_set_log_entry_type, +SCT_get0_log_id, SCT_set0_log_id, SCT_set1_log_id, +SCT_get_timestamp, SCT_set_timestamp, +SCT_get_signature_nid, SCT_set_signature_nid, +SCT_get0_signature, SCT_set0_signature, SCT_set1_signature, +SCT_get0_extensions, SCT_set0_extensions, SCT_set1_extensions, +SCT_get_source, SCT_set_source +\&\- A Certificate Transparency Signed Certificate Timestamp +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef enum { +\& CT_LOG_ENTRY_TYPE_NOT_SET = \-1, +\& CT_LOG_ENTRY_TYPE_X509 = 0, +\& CT_LOG_ENTRY_TYPE_PRECERT = 1 +\& } ct_log_entry_type_t; +\& +\& typedef enum { +\& SCT_VERSION_NOT_SET = \-1, +\& SCT_VERSION_V1 = 0 +\& } sct_version_t; +\& +\& typedef enum { +\& SCT_SOURCE_UNKNOWN, +\& SCT_SOURCE_TLS_EXTENSION, +\& SCT_SOURCE_X509V3_EXTENSION, +\& SCT_SOURCE_OCSP_STAPLED_RESPONSE +\& } sct_source_t; +\& +\& SCT *SCT_new(void); +\& SCT *SCT_new_from_base64(unsigned char version, +\& const char *logid_base64, +\& ct_log_entry_type_t entry_type, +\& uint64_t timestamp, +\& const char *extensions_base64, +\& const char *signature_base64); +\& +\& void SCT_free(SCT *sct); +\& void SCT_LIST_free(STACK_OF(SCT) *a); +\& +\& sct_version_t SCT_get_version(const SCT *sct); +\& int SCT_set_version(SCT *sct, sct_version_t version); +\& +\& ct_log_entry_type_t SCT_get_log_entry_type(const SCT *sct); +\& int SCT_set_log_entry_type(SCT *sct, ct_log_entry_type_t entry_type); +\& +\& size_t SCT_get0_log_id(const SCT *sct, unsigned char **log_id); +\& int SCT_set0_log_id(SCT *sct, unsigned char *log_id, size_t log_id_len); +\& int SCT_set1_log_id(SCT *sct, const unsigned char *log_id, size_t log_id_len); +\& +\& uint64_t SCT_get_timestamp(const SCT *sct); +\& void SCT_set_timestamp(SCT *sct, uint64_t timestamp); +\& +\& int SCT_get_signature_nid(const SCT *sct); +\& int SCT_set_signature_nid(SCT *sct, int nid); +\& +\& size_t SCT_get0_signature(const SCT *sct, unsigned char **sig); +\& void SCT_set0_signature(SCT *sct, unsigned char *sig, size_t sig_len); +\& int SCT_set1_signature(SCT *sct, const unsigned char *sig, size_t sig_len); +\& +\& size_t SCT_get0_extensions(const SCT *sct, unsigned char **ext); +\& void SCT_set0_extensions(SCT *sct, unsigned char *ext, size_t ext_len); +\& int SCT_set1_extensions(SCT *sct, const unsigned char *ext, size_t ext_len); +\& +\& sct_source_t SCT_get_source(const SCT *sct); +\& int SCT_set_source(SCT *sct, sct_source_t source); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Signed Certificate Timestamps (SCTs) are defined by \s-1RFC\s0 6962, Section 3.2. +They constitute a promise by a Certificate Transparency (\s-1CT\s0) log to publicly +record a certificate. By cryptographically verifying that a log did indeed issue +an \s-1SCT\s0, some confidence can be gained that the certificate is publicly known. +.PP +An internal representation of an \s-1SCT\s0 can be created in one of two ways. +The first option is to create a blank \s-1SCT\s0, using \fISCT_new()\fR, and then populate +it using: +.IP "\(bu" 2 +\&\fISCT_set_version()\fR to set the \s-1SCT\s0 version. +.Sp +Only \s-1SCT_VERSION_V1\s0 is currently supported. +.IP "\(bu" 2 +\&\fISCT_set_log_entry_type()\fR to set the type of certificate the \s-1SCT\s0 was issued for: +.Sp +\&\fB\s-1CT_LOG_ENTRY_TYPE_X509\s0\fR for a normal certificate. +\&\fB\s-1CT_LOG_ENTRY_TYPE_PRECERT\s0\fR for a pre-certificate. +.IP "\(bu" 2 +\&\fISCT_set0_log_id()\fR or \fISCT_set1_log_id()\fR to set the LogID of the \s-1CT\s0 log that the \s-1SCT\s0 came from. +.Sp +The former takes ownership, whereas the latter makes a copy. +See \s-1RFC\s0 6962, Section 3.2 for the definition of LogID. +.IP "\(bu" 2 +\&\fISCT_set_timestamp()\fR to set the time the \s-1SCT\s0 was issued (time in milliseconds +since the Unix Epoch). +.IP "\(bu" 2 +\&\fISCT_set_signature_nid()\fR to set the \s-1NID\s0 of the signature. +.IP "\(bu" 2 +\&\fISCT_set0_signature()\fR or \fISCT_set1_signature()\fR to set the raw signature value. +.Sp +The former takes ownership, whereas the latter makes a copy. +.IP "\(bu" 2 +\&\fISCT_set0_extensions()\fR or \fBSCT_set1_extensions\fR to provide \s-1SCT\s0 extensions. +.Sp +The former takes ownership, whereas the latter makes a copy. +.PP +Alternatively, the \s-1SCT\s0 can be pre-populated from the following data using +\&\fISCT_new_from_base64()\fR: +.IP "\(bu" 2 +The \s-1SCT\s0 version (only \s-1SCT_VERSION_V1\s0 is currently supported). +.IP "\(bu" 2 +The LogID (see \s-1RFC\s0 6962, Section 3.2), base64 encoded. +.IP "\(bu" 2 +The type of certificate the \s-1SCT\s0 was issued for: +\&\fB\s-1CT_LOG_ENTRY_TYPE_X509\s0\fR for a normal certificate. +\&\fB\s-1CT_LOG_ENTRY_TYPE_PRECERT\s0\fR for a pre-certificate. +.IP "\(bu" 2 +The time that the \s-1SCT\s0 was issued (time in milliseconds since the Unix Epoch). +.IP "\(bu" 2 +The \s-1SCT\s0 extensions, base64 encoded. +.IP "\(bu" 2 +The \s-1SCT\s0 signature, base64 encoded. +.PP +\&\fISCT_set_source()\fR can be used to record where the \s-1SCT\s0 was found +(\s-1TLS\s0 extension, X.509 certificate extension or \s-1OCSP\s0 response). This is not +required for verifying the \s-1SCT\s0. +.SH "NOTES" +.IX Header "NOTES" +Some of the setters return int, instead of void. These will all return 1 on +success, 0 on failure. They will not make changes on failure. +.PP +All of the setters will reset the validation status of the \s-1SCT\s0 to +\&\s-1SCT_VALIDATION_STATUS_NOT_SET\s0 (see \fISCT_validate\fR\|(3)). +.PP +\&\fISCT_set_source()\fR will call \fISCT_set_log_entry_type()\fR if the type of +certificate the \s-1SCT\s0 was issued for can be inferred from where the \s-1SCT\s0 was found. +For example, an \s-1SCT\s0 found in an X.509 extension must have been issued for a pre\- +certificate. +.PP +\&\fISCT_set_source()\fR will not refuse unknown values. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISCT_set_version()\fR returns 1 if the specified version is supported, 0 otherwise. +.PP +\&\fISCT_set_log_entry_type()\fR returns 1 if the specified log entry type is supported, 0 otherwise. +.PP +\&\fISCT_set0_log_id()\fR and \fBSCT_set1_log_id\fR return 1 if the specified LogID is a +valid \s-1SHA\-256\s0 hash, 0 otherwise. Additionally, \fBSCT_set1_log_id\fR returns 0 if +malloc fails. +.PP +\&\fBSCT_set_signature_nid\fR returns 1 if the specified \s-1NID\s0 is supported, 0 otherwise. +.PP +\&\fBSCT_set1_extensions\fR and \fBSCT_set1_signature\fR return 1 if the supplied buffer +is copied successfully, 0 otherwise (i.e. if malloc fails). +.PP +\&\fBSCT_set_source\fR returns 1 on success, 0 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIct\fR\|(7), +\&\fISCT_validate\fR\|(3), +\&\fIOBJ_nid2obj\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SCT_print.3 b/linux_amd64/share/man/man3/SCT_print.3 new file mode 100755 index 0000000..5e60980 --- /dev/null +++ b/linux_amd64/share/man/man3/SCT_print.3 @@ -0,0 +1,179 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SCT_PRINT 3" +.TH SCT_PRINT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SCT_print, SCT_LIST_print, SCT_validation_status_string \- +Prints Signed Certificate Timestamps in a human\-readable way +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SCT_print(const SCT *sct, BIO *out, int indent, const CTLOG_STORE *logs); +\& void SCT_LIST_print(const STACK_OF(SCT) *sct_list, BIO *out, int indent, +\& const char *separator, const CTLOG_STORE *logs); +\& const char *SCT_validation_status_string(const SCT *sct); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISCT_print()\fR prints a single Signed Certificate Timestamp (\s-1SCT\s0) to a \fB\s-1BIO\s0\fR in +a human-readable format. \fISCT_LIST_print()\fR prints an entire list of SCTs in a +similar way. A separator can be specified to delimit each \s-1SCT\s0 in the output. +.PP +The output can be indented by a specified number of spaces. If a \fB\s-1CTLOG_STORE\s0\fR +is provided, it will be used to print the description of the \s-1CT\s0 log that issued +each \s-1SCT\s0 (if that log is in the \s-1CTLOG_STORE\s0). Alternatively, \s-1NULL\s0 can be passed +as the \s-1CTLOG_STORE\s0 parameter to disable this feature. +.PP +\&\fISCT_validation_status_string()\fR will return the validation status of an \s-1SCT\s0 as +a human-readable string. Call \fISCT_validate()\fR or \fISCT_LIST_validate()\fR +beforehand in order to set the validation status of an \s-1SCT\s0 first. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISCT_validation_status_string()\fR returns a null-terminated string representing +the validation status of an \fB\s-1SCT\s0\fR object. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIct\fR\|(7), +\&\fIbio\fR\|(7), +\&\fICTLOG_STORE_new\fR\|(3), +\&\fISCT_validate\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SCT_validate.3 b/linux_amd64/share/man/man3/SCT_validate.3 new file mode 100755 index 0000000..fed00d6 --- /dev/null +++ b/linux_amd64/share/man/man3/SCT_validate.3 @@ -0,0 +1,215 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SCT_VALIDATE 3" +.TH SCT_VALIDATE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SCT_validate, SCT_LIST_validate, SCT_get_validation_status \- +checks Signed Certificate Timestamps (SCTs) are valid +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef enum { +\& SCT_VALIDATION_STATUS_NOT_SET, +\& SCT_VALIDATION_STATUS_UNKNOWN_LOG, +\& SCT_VALIDATION_STATUS_VALID, +\& SCT_VALIDATION_STATUS_INVALID, +\& SCT_VALIDATION_STATUS_UNVERIFIED, +\& SCT_VALIDATION_STATUS_UNKNOWN_VERSION +\& } sct_validation_status_t; +\& +\& int SCT_validate(SCT *sct, const CT_POLICY_EVAL_CTX *ctx); +\& int SCT_LIST_validate(const STACK_OF(SCT) *scts, CT_POLICY_EVAL_CTX *ctx); +\& sct_validation_status_t SCT_get_validation_status(const SCT *sct); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISCT_validate()\fR will check that an \s-1SCT\s0 is valid and verify its signature. +\&\fISCT_LIST_validate()\fR performs the same checks on an entire stack of SCTs. +The result of the validation checks can be obtained by passing the \s-1SCT\s0 to +\&\fISCT_get_validation_status()\fR. +.PP +A \s-1CT_POLICY_EVAL_CTX\s0 must be provided that specifies: +.IP "\(bu" 2 +The certificate the \s-1SCT\s0 was issued for. +.Sp +Failure to provide the certificate will result in the validation status being +\&\s-1SCT_VALIDATION_STATUS_UNVERIFIED\s0. +.IP "\(bu" 2 +The issuer of that certificate. +.Sp +This is only required if the \s-1SCT\s0 was issued for a pre-certificate +(see \s-1RFC\s0 6962). If it is required but not provided, the validation status will +be \s-1SCT_VALIDATION_STATUS_UNVERIFIED\s0. +.IP "\(bu" 2 +A \s-1CTLOG_STORE\s0 that contains the \s-1CT\s0 log that issued this \s-1SCT\s0. +.Sp +If the \s-1SCT\s0 was issued by a log that is not in this \s-1CTLOG_STORE\s0, the validation +status will be \s-1SCT_VALIDATION_STATUS_UNKNOWN_LOG\s0. +.PP +If the \s-1SCT\s0 is of an unsupported version (only v1 is currently supported), the +validation status will be \s-1SCT_VALIDATION_STATUS_UNKNOWN_VERSION\s0. +.PP +If the \s-1SCT\s0's signature is incorrect, its timestamp is in the future (relative to +the time in \s-1CT_POLICY_EVAL_CTX\s0), or if it is otherwise invalid, the validation +status will be \s-1SCT_VALIDATION_STATUS_INVALID\s0. +.PP +If all checks pass, the validation status will be \s-1SCT_VALIDATION_STATUS_VALID\s0. +.SH "NOTES" +.IX Header "NOTES" +A return value of 0 from \fISCT_LIST_validate()\fR should not be interpreted as a +failure. At a minimum, only one valid \s-1SCT\s0 may provide sufficient confidence +that a certificate has been publicly logged. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISCT_validate()\fR returns a negative integer if an internal error occurs, 0 if the +\&\s-1SCT\s0 fails validation, or 1 if the \s-1SCT\s0 passes validation. +.PP +\&\fISCT_LIST_validate()\fR returns a negative integer if an internal error occurs, 0 +if any of SCTs fails validation, or 1 if they all pass validation. +.PP +\&\fISCT_get_validation_status()\fR returns the validation status of the \s-1SCT\s0. +If \fISCT_validate()\fR or \fISCT_LIST_validate()\fR have not been passed that \s-1SCT\s0, the +returned value will be \s-1SCT_VALIDATION_STATUS_NOT_SET\s0. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIct\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SHA256_Init.3 b/linux_amd64/share/man/man3/SHA256_Init.3 new file mode 100755 index 0000000..2ad0ca6 --- /dev/null +++ b/linux_amd64/share/man/man3/SHA256_Init.3 @@ -0,0 +1,239 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SHA256_INIT 3" +.TH SHA256_INIT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SHA1, SHA1_Init, SHA1_Update, SHA1_Final, SHA224, SHA224_Init, SHA224_Update, +SHA224_Final, SHA256, SHA256_Init, SHA256_Update, SHA256_Final, SHA384, +SHA384_Init, SHA384_Update, SHA384_Final, SHA512, SHA512_Init, SHA512_Update, +SHA512_Final \- Secure Hash Algorithm +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 5 +\& int SHA1_Init(SHA_CTX *c); +\& int SHA1_Update(SHA_CTX *c, const void *data, size_t len); +\& int SHA1_Final(unsigned char *md, SHA_CTX *c); +\& unsigned char *SHA1(const unsigned char *d, size_t n, +\& unsigned char *md); +\& +\& int SHA224_Init(SHA256_CTX *c); +\& int SHA224_Update(SHA256_CTX *c, const void *data, size_t len); +\& int SHA224_Final(unsigned char *md, SHA256_CTX *c); +\& unsigned char *SHA224(const unsigned char *d, size_t n, +\& unsigned char *md); +\& +\& int SHA256_Init(SHA256_CTX *c); +\& int SHA256_Update(SHA256_CTX *c, const void *data, size_t len); +\& int SHA256_Final(unsigned char *md, SHA256_CTX *c); +\& unsigned char *SHA256(const unsigned char *d, size_t n, +\& unsigned char *md); +\& +\& int SHA384_Init(SHA512_CTX *c); +\& int SHA384_Update(SHA512_CTX *c, const void *data, size_t len); +\& int SHA384_Final(unsigned char *md, SHA512_CTX *c); +\& unsigned char *SHA384(const unsigned char *d, size_t n, +\& unsigned char *md); +\& +\& int SHA512_Init(SHA512_CTX *c); +\& int SHA512_Update(SHA512_CTX *c, const void *data, size_t len); +\& int SHA512_Final(unsigned char *md, SHA512_CTX *c); +\& unsigned char *SHA512(const unsigned char *d, size_t n, +\& unsigned char *md); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. +Applications should instead use \fIEVP_DigestInit_ex\fR\|(3), \fIEVP_DigestUpdate\fR\|(3) +and \fIEVP_DigestFinal_ex\fR\|(3). +.PP +\&\s-1SHA\-1\s0 (Secure Hash Algorithm) is a cryptographic hash function with a +160 bit output. +.PP +\&\s-1\fISHA1\s0()\fR computes the \s-1SHA\-1\s0 message digest of the \fBn\fR +bytes at \fBd\fR and places it in \fBmd\fR (which must have space for +\&\s-1SHA_DIGEST_LENGTH\s0 == 20 bytes of output). If \fBmd\fR is \s-1NULL\s0, the digest +is placed in a static array. Note: setting \fBmd\fR to \s-1NULL\s0 is \fBnot thread safe\fR. +.PP +The following functions may be used if the message is not completely +stored in memory: +.PP +\&\fISHA1_Init()\fR initializes a \fB\s-1SHA_CTX\s0\fR structure. +.PP +\&\fISHA1_Update()\fR can be called repeatedly with chunks of the message to +be hashed (\fBlen\fR bytes at \fBdata\fR). +.PP +\&\fISHA1_Final()\fR places the message digest in \fBmd\fR, which must have space +for \s-1SHA_DIGEST_LENGTH\s0 == 20 bytes of output, and erases the \fB\s-1SHA_CTX\s0\fR. +.PP +The \s-1SHA224\s0, \s-1SHA256\s0, \s-1SHA384\s0 and \s-1SHA512\s0 families of functions operate in the +same way as for the \s-1SHA1\s0 functions. Note that \s-1SHA224\s0 and \s-1SHA256\s0 use a +\&\fB\s-1SHA256_CTX\s0\fR object instead of \fB\s-1SHA_CTX\s0\fR. \s-1SHA384\s0 and \s-1SHA512\s0 use \fB\s-1SHA512_CTX\s0\fR. +The buffer \fBmd\fR must have space for the output from the \s-1SHA\s0 variant being used +(defined by \s-1SHA224_DIGEST_LENGTH\s0, \s-1SHA256_DIGEST_LENGTH\s0, \s-1SHA384_DIGEST_LENGTH\s0 and +\&\s-1SHA512_DIGEST_LENGTH\s0). Also note that, as for the \s-1\fISHA1\s0()\fR function above, the +\&\s-1\fISHA224\s0()\fR, \s-1\fISHA256\s0()\fR, \s-1\fISHA384\s0()\fR and \s-1\fISHA512\s0()\fR functions are not thread safe if +\&\fBmd\fR is \s-1NULL\s0. +.PP +The predecessor of \s-1SHA\-1\s0, \s-1SHA\s0, is also implemented, but it should be +used only when backward compatibility is required. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\s-1\fISHA1\s0()\fR, \s-1\fISHA224\s0()\fR, \s-1\fISHA256\s0()\fR, \s-1\fISHA384\s0()\fR and \s-1\fISHA512\s0()\fR return a pointer to the hash +value. +.PP +\&\fISHA1_Init()\fR, \fISHA1_Update()\fR and \fISHA1_Final()\fR and equivalent \s-1SHA224\s0, \s-1SHA256\s0, +\&\s-1SHA384\s0 and \s-1SHA512\s0 functions return 1 for success, 0 otherwise. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1US\s0 Federal Information Processing Standard \s-1FIPS\s0 \s-1PUB\s0 180\-4 (Secure Hash +Standard), +\&\s-1ANSI\s0 X9.30 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_DigestInit\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SMIME_read_CMS.3 b/linux_amd64/share/man/man3/SMIME_read_CMS.3 new file mode 100755 index 0000000..3a990ce --- /dev/null +++ b/linux_amd64/share/man/man3/SMIME_read_CMS.3 @@ -0,0 +1,198 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SMIME_READ_CMS 3" +.TH SMIME_READ_CMS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SMIME_read_CMS \- parse S/MIME message +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& CMS_ContentInfo *SMIME_read_CMS(BIO *in, BIO **bcont); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISMIME_read_CMS()\fR parses a message in S/MIME format. +.PP +\&\fBin\fR is a \s-1BIO\s0 to read the message from. +.PP +If cleartext signing is used then the content is saved in a memory bio which is +written to \fB*bcont\fR, otherwise \fB*bcont\fR is set to \s-1NULL\s0. +.PP +The parsed CMS_ContentInfo structure is returned or \s-1NULL\s0 if an +error occurred. +.SH "NOTES" +.IX Header "NOTES" +If \fB*bcont\fR is not \s-1NULL\s0 then the message is clear text signed. \fB*bcont\fR can +then be passed to \fICMS_verify()\fR with the \fB\s-1CMS_DETACHED\s0\fR flag set. +.PP +Otherwise the type of the returned structure can be determined +using \fICMS_get0_type()\fR. +.PP +To support future functionality if \fBbcont\fR is not \s-1NULL\s0 \fB*bcont\fR should be +initialized to \s-1NULL\s0. For example: +.PP +.Vb 2 +\& BIO *cont = NULL; +\& CMS_ContentInfo *cms; +\& +\& cms = SMIME_read_CMS(in, &cont); +.Ve +.SH "BUGS" +.IX Header "BUGS" +The \s-1MIME\s0 parser used by \fISMIME_read_CMS()\fR is somewhat primitive. While it will +handle most S/MIME messages more complex compound formats may not work. +.PP +The parser assumes that the CMS_ContentInfo structure is always base64 encoded +and will not handle the case where it is in binary format or uses quoted +printable format. +.PP +The use of a memory \s-1BIO\s0 to hold the signed content limits the size of message +which can be processed due to memory restraints: a streaming single pass option +should be available. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISMIME_read_CMS()\fR returns a valid \fBCMS_ContentInfo\fR structure or \fB\s-1NULL\s0\fR +if an error occurred. The error can be obtained from \fIERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), +\&\fISMIME_read_CMS\fR\|(3), \fICMS_sign\fR\|(3), +\&\fICMS_verify\fR\|(3), \fICMS_encrypt\fR\|(3), +\&\fICMS_decrypt\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SMIME_read_PKCS7.3 b/linux_amd64/share/man/man3/SMIME_read_PKCS7.3 new file mode 100755 index 0000000..f6b72ad --- /dev/null +++ b/linux_amd64/share/man/man3/SMIME_read_PKCS7.3 @@ -0,0 +1,201 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SMIME_READ_PKCS7 3" +.TH SMIME_READ_PKCS7 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SMIME_read_PKCS7 \- parse S/MIME message +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& PKCS7 *SMIME_read_PKCS7(BIO *in, BIO **bcont); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISMIME_read_PKCS7()\fR parses a message in S/MIME format. +.PP +\&\fBin\fR is a \s-1BIO\s0 to read the message from. +.PP +If cleartext signing is used then the content is saved in +a memory bio which is written to \fB*bcont\fR, otherwise +\&\fB*bcont\fR is set to \fB\s-1NULL\s0\fR. +.PP +The parsed PKCS#7 structure is returned or \fB\s-1NULL\s0\fR if an +error occurred. +.SH "NOTES" +.IX Header "NOTES" +If \fB*bcont\fR is not \fB\s-1NULL\s0\fR then the message is clear text +signed. \fB*bcont\fR can then be passed to \fIPKCS7_verify()\fR with +the \fB\s-1PKCS7_DETACHED\s0\fR flag set. +.PP +Otherwise the type of the returned structure can be determined +using \fIPKCS7_type_is_enveloped()\fR, etc. +.PP +To support future functionality if \fBbcont\fR is not \fB\s-1NULL\s0\fR +\&\fB*bcont\fR should be initialized to \fB\s-1NULL\s0\fR. For example: +.PP +.Vb 2 +\& BIO *cont = NULL; +\& PKCS7 *p7; +\& +\& p7 = SMIME_read_PKCS7(in, &cont); +.Ve +.SH "BUGS" +.IX Header "BUGS" +The \s-1MIME\s0 parser used by \fISMIME_read_PKCS7()\fR is somewhat primitive. +While it will handle most S/MIME messages more complex compound +formats may not work. +.PP +The parser assumes that the \s-1PKCS7\s0 structure is always base64 +encoded and will not handle the case where it is in binary format +or uses quoted printable format. +.PP +The use of a memory \s-1BIO\s0 to hold the signed content limits the size +of message which can be processed due to memory restraints: a +streaming single pass option should be available. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISMIME_read_PKCS7()\fR returns a valid \fB\s-1PKCS7\s0\fR structure or \fB\s-1NULL\s0\fR +if an error occurred. The error can be obtained from \fIERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), +\&\fISMIME_read_PKCS7\fR\|(3), \fIPKCS7_sign\fR\|(3), +\&\fIPKCS7_verify\fR\|(3), \fIPKCS7_encrypt\fR\|(3) +\&\fIPKCS7_decrypt\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SMIME_write_CMS.3 b/linux_amd64/share/man/man3/SMIME_write_CMS.3 new file mode 100755 index 0000000..629878a --- /dev/null +++ b/linux_amd64/share/man/man3/SMIME_write_CMS.3 @@ -0,0 +1,190 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SMIME_WRITE_CMS 3" +.TH SMIME_WRITE_CMS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SMIME_write_CMS \- convert CMS structure to S/MIME format +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SMIME_write_CMS(BIO *out, CMS_ContentInfo *cms, BIO *data, int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISMIME_write_CMS()\fR adds the appropriate \s-1MIME\s0 headers to a \s-1CMS\s0 +structure to produce an S/MIME message. +.PP +\&\fBout\fR is the \s-1BIO\s0 to write the data to. \fBcms\fR is the appropriate +\&\fBCMS_ContentInfo\fR structure. If streaming is enabled then the content must be +supplied in the \fBdata\fR argument. \fBflags\fR is an optional set of flags. +.SH "NOTES" +.IX Header "NOTES" +The following flags can be passed in the \fBflags\fR parameter. +.PP +If \fB\s-1CMS_DETACHED\s0\fR is set then cleartext signing will be used, this option only +makes sense for SignedData where \fB\s-1CMS_DETACHED\s0\fR is also set when \fICMS_sign()\fR is +called. +.PP +If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are added to +the content, this only makes sense if \fB\s-1CMS_DETACHED\s0\fR is also set. +.PP +If the \fB\s-1CMS_STREAM\s0\fR flag is set streaming is performed. This flag should only +be set if \fB\s-1CMS_STREAM\s0\fR was also set in the previous call to a CMS_ContentInfo +creation function. +.PP +If cleartext signing is being used and \fB\s-1CMS_STREAM\s0\fR not set then the data must +be read twice: once to compute the signature in \fICMS_sign()\fR and once to output +the S/MIME message. +.PP +If streaming is performed the content is output in \s-1BER\s0 format using indefinite +length constructed encoding except in the case of signed data with detached +content where the content is absent and \s-1DER\s0 format is used. +.SH "BUGS" +.IX Header "BUGS" +\&\fISMIME_write_CMS()\fR always base64 encodes \s-1CMS\s0 structures, there should be an +option to disable this. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISMIME_write_CMS()\fR returns 1 for success or 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3), +\&\fICMS_verify\fR\|(3), \fICMS_encrypt\fR\|(3) +\&\fICMS_decrypt\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SMIME_write_PKCS7.3 b/linux_amd64/share/man/man3/SMIME_write_PKCS7.3 new file mode 100755 index 0000000..554d2ef --- /dev/null +++ b/linux_amd64/share/man/man3/SMIME_write_PKCS7.3 @@ -0,0 +1,191 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SMIME_WRITE_PKCS7 3" +.TH SMIME_WRITE_PKCS7 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SMIME_write_PKCS7 \- convert PKCS#7 structure to S/MIME format +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SMIME_write_PKCS7(BIO *out, PKCS7 *p7, BIO *data, int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISMIME_write_PKCS7()\fR adds the appropriate \s-1MIME\s0 headers to a PKCS#7 +structure to produce an S/MIME message. +.PP +\&\fBout\fR is the \s-1BIO\s0 to write the data to. \fBp7\fR is the appropriate \fB\s-1PKCS7\s0\fR +structure. If streaming is enabled then the content must be supplied in the +\&\fBdata\fR argument. \fBflags\fR is an optional set of flags. +.SH "NOTES" +.IX Header "NOTES" +The following flags can be passed in the \fBflags\fR parameter. +.PP +If \fB\s-1PKCS7_DETACHED\s0\fR is set then cleartext signing will be used, +this option only makes sense for signedData where \fB\s-1PKCS7_DETACHED\s0\fR +is also set when \fIPKCS7_sign()\fR is also called. +.PP +If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR +are added to the content, this only makes sense if \fB\s-1PKCS7_DETACHED\s0\fR +is also set. +.PP +If the \fB\s-1PKCS7_STREAM\s0\fR flag is set streaming is performed. This flag should +only be set if \fB\s-1PKCS7_STREAM\s0\fR was also set in the previous call to +\&\fIPKCS7_sign()\fR or \fIPKCS7_encrypt()\fR. +.PP +If cleartext signing is being used and \fB\s-1PKCS7_STREAM\s0\fR not set then +the data must be read twice: once to compute the signature in \fIPKCS7_sign()\fR +and once to output the S/MIME message. +.PP +If streaming is performed the content is output in \s-1BER\s0 format using indefinite +length constructed encoding except in the case of signed data with detached +content where the content is absent and \s-1DER\s0 format is used. +.SH "BUGS" +.IX Header "BUGS" +\&\fISMIME_write_PKCS7()\fR always base64 encodes PKCS#7 structures, there +should be an option to disable this. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISMIME_write_PKCS7()\fR returns 1 for success or 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fIPKCS7_sign\fR\|(3), +\&\fIPKCS7_verify\fR\|(3), \fIPKCS7_encrypt\fR\|(3) +\&\fIPKCS7_decrypt\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SRP_VBASE_new.3 b/linux_amd64/share/man/man3/SRP_VBASE_new.3 new file mode 100755 index 0000000..9cd57e8 --- /dev/null +++ b/linux_amd64/share/man/man3/SRP_VBASE_new.3 @@ -0,0 +1,221 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SRP_VBASE_NEW 3" +.TH SRP_VBASE_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SRP_VBASE_new, +SRP_VBASE_free, +SRP_VBASE_init, +SRP_VBASE_add0_user, +SRP_VBASE_get1_by_user, +SRP_VBASE_get_by_user +\&\- Functions to create and manage a stack of SRP user verifier information +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& SRP_VBASE *SRP_VBASE_new(char *seed_key); +\& void SRP_VBASE_free(SRP_VBASE *vb); +\& +\& int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file); +\& +\& int SRP_VBASE_add0_user(SRP_VBASE *vb, SRP_user_pwd *user_pwd); +\& SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username); +\& SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fISRP_VBASE_new()\fR function allocates a structure to store server side \s-1SRP\s0 +verifier information. +If \fBseed_key\fR is not \s-1NULL\s0 a copy is stored and used to generate dummy parameters +for users that are not found by \fISRP_VBASE_get1_by_user()\fR. This allows the server +to hide the fact that it doesn't have a verifier for a particular username, +as described in section 2.5.1.3 'Unknown \s-1SRP\s0' of \s-1RFC\s0 5054. +The seed string should contain random \s-1NUL\s0 terminated binary data (therefore +the random data should not contain \s-1NUL\s0 bytes!). +.PP +The \fISRP_VBASE_free()\fR function frees up the \fBvb\fR structure. +If \fBvb\fR is \s-1NULL\s0, nothing is done. +.PP +The \fISRP_VBASE_init()\fR function parses the information in a verifier file and +populates the \fBvb\fR structure. +The verifier file is a text file containing multiple entries, whose format is: +flag base64(verifier) base64(salt) username gNid userinfo(optional) +where the flag can be 'V' (valid) or 'R' (revoked). +Note that the base64 encoding used here is non-standard so it is recommended +to use \fIopenssl\-srp\fR\|(1) to generate this file. +.PP +The \fISRP_VBASE_add0_user()\fR function adds the \fBuser_pwd\fR verifier information +to the \fBvb\fR structure. See \fISRP_user_pwd_new\fR\|(3) to create and populate this +record. +The library takes ownership of \fBuser_pwd\fR, it should not be freed by the caller. +.PP +The \fISRP_VBASE_get1_by_user()\fR function returns the password info for the user +whose username matches \fBusername\fR. It replaces the deprecated +\&\fISRP_VBASE_get_by_user()\fR. +If no matching user is found but a seed_key and default gN parameters have been +set, dummy authentication information is generated from the seed_key, allowing +the server to hide the fact that it doesn't have a verifier for a particular +username. When using \s-1SRP\s0 as a \s-1TLS\s0 authentication mechanism, this will cause +the handshake to proceed normally but the first client will be rejected with +a \*(L"bad_record_mac\*(R" alert, as if the password was incorrect. +If no matching user is found and the seed_key is not set, \s-1NULL\s0 is returned. +Ownership of the returned pointer is released to the caller, it must be freed +with \fISRP_user_pwd_free()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISRP_VBASE_init()\fR returns \fB\s-1SRP_NO_ERROR\s0\fR (0) on success and a positive value +on failure. +The error codes are \fB\s-1SRP_ERR_OPEN_FILE\s0\fR if the file could not be opened, +\&\fB\s-1SRP_ERR_VBASE_INCOMPLETE_FILE\s0\fR if the file could not be parsed, +\&\fB\s-1SRP_ERR_MEMORY\s0\fR on memory allocation failure and \fB\s-1SRP_ERR_VBASE_BN_LIB\s0\fR +for invalid decoded parameter values. +.PP +\&\fISRP_VBASE_add0_user()\fR returns 1 on success and 0 on failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\-srp\fR\|(1), +\&\fISRP_create_verifier\fR\|(3), +\&\fISRP_user_pwd_new\fR\|(3), +\&\fISSL_CTX_set_srp_password\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fISRP_VBASE_add0_user()\fR function was added in OpenSSL 3.0. +.PP +All other functions were added in OpenSSL 1.0.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SRP_create_verifier.3 b/linux_amd64/share/man/man3/SRP_create_verifier.3 new file mode 100755 index 0000000..49fdd4f --- /dev/null +++ b/linux_amd64/share/man/man3/SRP_create_verifier.3 @@ -0,0 +1,233 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SRP_CREATE_VERIFIER 3" +.TH SRP_CREATE_VERIFIER 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SRP_create_verifier, +SRP_create_verifier_BN, +SRP_check_known_gN_param, +SRP_get_default_gN +\&\- SRP authentication primitives +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& char *SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, +\& BIGNUM **verifier, const BIGNUM *N, const BIGNUM *g); +\& char *SRP_create_verifier(const char *user, const char *pass, char **salt, +\& char **verifier, const char *N, const char *g); +\& +\& char *SRP_check_known_gN_param(const BIGNUM *g, const BIGNUM *N); +\& SRP_gN *SRP_get_default_gN(const char *id); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fISRP_create_verifier_BN()\fR function creates an \s-1SRP\s0 password verifier from +the supplied parameters as defined in section 2.4 of \s-1RFC\s0 5054. +On successful exit \fB*verifier\fR will point to a newly allocated \s-1BIGNUM\s0 containing +the verifier and (if a salt was not provided) \fB*salt\fR will be populated with a +newly allocated \s-1BIGNUM\s0 containing a random salt. If \fB*salt\fR is not \s-1NULL\s0 then +the provided salt is used instead. +The caller is responsible for freeing the allocated \fB*salt\fR and \fB*verifier\fR +\&\s-1BIGNUMS\s0 (use \fIBN_free\fR\|(3)). +.PP +The \fISRP_create_verifier()\fR function is similar to \fISRP_create_verifier_BN()\fR but +all numeric parameters are in a non-standard base64 encoding originally designed +for compatibility with libsrp. This is mainly present for historical compatibility +and its use is discouraged. +It is possible to pass \s-1NULL\s0 as \fBN\fR and an \s-1SRP\s0 group id as \fBg\fR instead to +load the appropriate gN values (see \fISRP_get_default_gN()\fR). +If both \fBN\fR and \fBg\fR are \s-1NULL\s0 the 8192\-bit \s-1SRP\s0 group parameters are used. +The caller is responsible for freeing the allocated \fB*salt\fR and \fB*verifier\fR +(use \fIOPENSSL_free\fR\|(3)). +.PP +The \fISRP_check_known_gN_param()\fR function checks that \fBg\fR and \fBN\fR are valid +\&\s-1SRP\s0 group parameters from \s-1RFC\s0 5054 appendix A. +.PP +The \fISRP_get_default_gN()\fR function returns the gN parameters for the \s-1RFC\s0 5054 \fBid\fR +\&\s-1SRP\s0 group size. +The known ids are \*(L"1024\*(R", \*(L"1536\*(R", \*(L"2048\*(R", \*(L"3072\*(R", \*(L"4096\*(R", \*(L"6144\*(R" and \*(L"8192\*(R". +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISRP_create_verifier_BN()\fR returns 1 on success and 0 on failure. +.PP +\&\fISRP_create_verifier()\fR returns \s-1NULL\s0 on failure and a non-NULL value on success: +\&\*(L"*\*(R" if \fBN\fR is not \s-1NULL\s0, the selected group id otherwise. This value should +not be freed. +.PP +\&\fISRP_check_known_gN_param()\fR returns the text representation of the group id +(ie. the prime bit size) or \s-1NULL\s0 if the arguments are not valid \s-1SRP\s0 group parameters. +This value should not be freed. +.PP +\&\fISRP_get_default_gN()\fR returns \s-1NULL\s0 if \fBid\fR is not a valid group size, +or the 8192\-bit group parameters if \fBid\fR is \s-1NULL\s0. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Generate and store a 8192 bit password verifier (error handling +omitted for clarity): +.PP +.Vb 2 +\& #include +\& #include +\& +\& const char *username = "username"; +\& const char *password = "password"; +\& +\& SRP_VBASE *srpData = SRP_VBASE_new(NULL); +\& +\& SRP_gN *gN = SRP_get_default_gN("8192"); +\& +\& BIGNUM *salt = NULL, *verifier = NULL; +\& SRP_create_verifier_BN(username, password, &salt, &verifier, gN\->N, gN\->g); +\& +\& SRP_user_pwd *pwd = SRP_user_pwd_new(); +\& SRP_user_pwd_set1_ids(pwd, username, NULL); +\& SRP_user_pwd_set0_sv(pwd, salt, verifier); +\& SRP_user_pwd_set_gN(pwd, gN\->g, gN\->N); +\& +\& SRP_VBASE_add0_user(srpData, pwd); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\-srp\fR\|(1), +\&\fISRP_VBASE_new\fR\|(3), +\&\fISRP_user_pwd_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SRP_user_pwd_new.3 b/linux_amd64/share/man/man3/SRP_user_pwd_new.3 new file mode 100755 index 0000000..bbe5d3f --- /dev/null +++ b/linux_amd64/share/man/man3/SRP_user_pwd_new.3 @@ -0,0 +1,192 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SRP_USER_PWD_NEW 3" +.TH SRP_USER_PWD_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SRP_user_pwd_new, +SRP_user_pwd_free, +SRP_user_pwd_set1_ids, +SRP_user_pwd_set_gN, +SRP_user_pwd_set0_sv +\&\- Functions to create a record of SRP user verifier information +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& SRP_user_pwd *SRP_user_pwd_new(void); +\& void SRP_user_pwd_free(SRP_user_pwd *user_pwd); +\& +\& int SRP_user_pwd_set1_ids(SRP_user_pwd *user_pwd, const char *id, const char *info); +\& void SRP_user_pwd_set_gN(SRP_user_pwd *user_pwd, const BIGNUM *g, const BIGNUM *N); +\& int SRP_user_pwd_set0_sv(SRP_user_pwd *user_pwd, BIGNUM *s, BIGNUM *v); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fISRP_user_pwd_new()\fR function allocates a structure to store a user verifier +record. +.PP +The \fISRP_user_pwd_free()\fR function frees up the \fBuser_pwd\fR structure. +If \fBuser_pwd\fR is \s-1NULL\s0, nothing is done. +.PP +The \fISRP_user_pwd_set1_ids()\fR function sets the username to \fBid\fR and the optional +user info to \fBinfo\fR for \fBuser_pwd\fR. +The library allocates new copies of \fBid\fR and \fBinfo\fR, the caller still +owns the original memory. +.PP +The \fISRP_user_pwd_set0_sv()\fR function sets the user salt to \fBs\fR and the verifier +to \fBv\fR for \fBuser_pwd\fR. +The library takes ownership of the values, they should not be freed by the caller. +.PP +The \fISRP_user_pwd_set_gN()\fR function sets the \s-1SRP\s0 group parameters for \fBuser_pwd\fR. +The memory is not freed by \fISRP_user_pwd_free()\fR, the caller must make sure it is +freed once it is no longer used. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISRP_user_pwd_set1_ids()\fR returns 1 on success and 0 on failure or if \fBid\fR was \s-1NULL\s0. +.PP +\&\fISRP_user_pwd_set0_sv()\fR returns 1 if both \fBs\fR and \fBv\fR are not \s-1NULL\s0, 0 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\-srp\fR\|(1), +\&\fISRP_create_verifier\fR\|(3), +\&\fISRP_VBASE_new\fR\|(3), +\&\fISSL_CTX_set_srp_password\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were made public in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CIPHER_get_name.3 b/linux_amd64/share/man/man3/SSL_CIPHER_get_name.3 new file mode 100755 index 0000000..cb5cd30 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CIPHER_get_name.3 @@ -0,0 +1,331 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CIPHER_GET_NAME 3" +.TH SSL_CIPHER_GET_NAME 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CIPHER_get_name, +SSL_CIPHER_standard_name, +OPENSSL_cipher_name, +SSL_CIPHER_get_bits, +SSL_CIPHER_get_version, +SSL_CIPHER_description, +SSL_CIPHER_get_cipher_nid, +SSL_CIPHER_get_digest_nid, +SSL_CIPHER_get_handshake_digest, +SSL_CIPHER_get_kx_nid, +SSL_CIPHER_get_auth_nid, +SSL_CIPHER_is_aead, +SSL_CIPHER_find, +SSL_CIPHER_get_id, +SSL_CIPHER_get_protocol_id +\&\- get SSL_CIPHER properties +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const char *SSL_CIPHER_get_name(const SSL_CIPHER *cipher); +\& const char *SSL_CIPHER_standard_name(const SSL_CIPHER *cipher); +\& const char *OPENSSL_cipher_name(const char *stdname); +\& int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, int *alg_bits); +\& char *SSL_CIPHER_get_version(const SSL_CIPHER *cipher); +\& char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int size); +\& int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c); +\& int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c); +\& const EVP_MD *SSL_CIPHER_get_handshake_digest(const SSL_CIPHER *c); +\& int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c); +\& int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c); +\& int SSL_CIPHER_is_aead(const SSL_CIPHER *c); +\& const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr); +\& uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c); +\& uint32_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *c); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CIPHER_get_name()\fR returns a pointer to the name of \fBcipher\fR. If the +\&\fBcipher\fR is \s-1NULL\s0, it returns \*(L"(\s-1NONE\s0)\*(R". +.PP +\&\fISSL_CIPHER_standard_name()\fR returns a pointer to the standard \s-1RFC\s0 name of +\&\fBcipher\fR. If the \fBcipher\fR is \s-1NULL\s0, it returns \*(L"(\s-1NONE\s0)\*(R". If the \fBcipher\fR +has no standard name, it returns \fB\s-1NULL\s0\fR. If \fBcipher\fR was defined in both +SSLv3 and \s-1TLS\s0, it returns the \s-1TLS\s0 name. +.PP +\&\fIOPENSSL_cipher_name()\fR returns a pointer to the OpenSSL name of \fBstdname\fR. +If the \fBstdname\fR is \s-1NULL\s0, or \fBstdname\fR has no corresponding OpenSSL name, +it returns \*(L"(\s-1NONE\s0)\*(R". Where both exist, \fBstdname\fR should be the \s-1TLS\s0 name rather +than the SSLv3 name. +.PP +\&\fISSL_CIPHER_get_bits()\fR returns the number of secret bits used for \fBcipher\fR. +If \fBcipher\fR is \s-1NULL\s0, 0 is returned. +.PP +\&\fISSL_CIPHER_get_version()\fR returns string which indicates the \s-1SSL/TLS\s0 protocol +version that first defined the cipher. It returns \*(L"(\s-1NONE\s0)\*(R" if \fBcipher\fR is \s-1NULL\s0. +.PP +\&\fISSL_CIPHER_get_cipher_nid()\fR returns the cipher \s-1NID\s0 corresponding to \fBc\fR. +If there is no cipher (e.g. for cipher suites with no encryption) then +\&\fBNID_undef\fR is returned. +.PP +\&\fISSL_CIPHER_get_digest_nid()\fR returns the digest \s-1NID\s0 corresponding to the \s-1MAC\s0 +used by \fBc\fR during record encryption/decryption. If there is no digest (e.g. +for \s-1AEAD\s0 cipher suites) then \fBNID_undef\fR is returned. +.PP +\&\fISSL_CIPHER_get_handshake_digest()\fR returns an \s-1EVP_MD\s0 for the digest used during +the \s-1SSL/TLS\s0 handshake when using the \s-1SSL_CIPHER\s0 \fBc\fR. Note that this may be +different to the digest used to calculate the \s-1MAC\s0 for encrypted records. +.PP +\&\fISSL_CIPHER_get_kx_nid()\fR returns the key exchange \s-1NID\s0 corresponding to the method +used by \fBc\fR. If there is no key exchange, then \fBNID_undef\fR is returned. +If any appropriate key exchange algorithm can be used (as in the case of \s-1TLS\s0 1.3 +cipher suites) \fBNID_kx_any\fR is returned. Examples (not comprehensive): +.PP +.Vb 4 +\& NID_kx_rsa +\& NID_kx_ecdhe +\& NID_kx_dhe +\& NID_kx_psk +.Ve +.PP +\&\fISSL_CIPHER_get_auth_nid()\fR returns the authentication \s-1NID\s0 corresponding to the method +used by \fBc\fR. If there is no authentication, then \fBNID_undef\fR is returned. +If any appropriate authentication algorithm can be used (as in the case of +\&\s-1TLS\s0 1.3 cipher suites) \fBNID_auth_any\fR is returned. Examples (not comprehensive): +.PP +.Vb 3 +\& NID_auth_rsa +\& NID_auth_ecdsa +\& NID_auth_psk +.Ve +.PP +\&\fISSL_CIPHER_is_aead()\fR returns 1 if the cipher \fBc\fR is \s-1AEAD\s0 (e.g. \s-1GCM\s0 or +ChaCha20/Poly1305), and 0 if it is not \s-1AEAD\s0. +.PP +\&\fISSL_CIPHER_find()\fR returns a \fB\s-1SSL_CIPHER\s0\fR structure which has the cipher \s-1ID\s0 stored +in \fBptr\fR. The \fBptr\fR parameter is a two element array of \fBchar\fR, which stores the +two-byte \s-1TLS\s0 cipher \s-1ID\s0 (as allocated by \s-1IANA\s0) in network byte order. This parameter +is usually retrieved from a \s-1TLS\s0 packet by using functions like +\&\fISSL_client_hello_get0_ciphers\fR\|(3). \fISSL_CIPHER_find()\fR returns \s-1NULL\s0 if an +error occurs or the indicated cipher is not found. +.PP +\&\fISSL_CIPHER_get_id()\fR returns the OpenSSL-specific \s-1ID\s0 of the given cipher \fBc\fR. That \s-1ID\s0 is +not the same as the IANA-specific \s-1ID\s0. +.PP +\&\fISSL_CIPHER_get_protocol_id()\fR returns the two-byte \s-1ID\s0 used in the \s-1TLS\s0 protocol of the given +cipher \fBc\fR. +.PP +\&\fISSL_CIPHER_description()\fR returns a textual description of the cipher used +into the buffer \fBbuf\fR of length \fBlen\fR provided. If \fBbuf\fR is provided, it +must be at least 128 bytes, otherwise a buffer will be allocated using +\&\fIOPENSSL_malloc()\fR. If the provided buffer is too small, or the allocation fails, +\&\fB\s-1NULL\s0\fR is returned. +.PP +The string returned by \fISSL_CIPHER_description()\fR consists of several fields +separated by whitespace: +.IP "" 4 +.IX Item "" +Textual representation of the cipher name. +.IP "" 4 +.IX Item "" +The minimum protocol version that the ciphersuite supports, such as \fBTLSv1.2\fR. +Note that this is not always the same as the protocol version in which the +ciphersuite was first defined because some ciphersuites are backwards compatible +with earlier protocol versions. +.IP "Kx=" 4 +.IX Item "Kx=" +Key exchange method such as \fB\s-1RSA\s0\fR, \fB\s-1ECDHE\s0\fR, etc. +.IP "Au=" 4 +.IX Item "Au=" +Authentication method such as \fB\s-1RSA\s0\fR, \fBNone\fR, etc.. None is the +representation of anonymous ciphers. +.IP "Enc=" 4 +.IX Item "Enc=" +Encryption method, with number of secret bits, such as \fB\s-1AESGCM\s0(128)\fR. +.IP "Mac=" 4 +.IX Item "Mac=" +Message digest, such as \fB\s-1SHA256\s0\fR. +.PP +Some examples for the output of \fISSL_CIPHER_description()\fR: +.PP +.Vb 2 +\& ECDHE\-RSA\-AES256\-GCM\-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD +\& RSA\-PSK\-AES256\-CBC\-SHA384 TLSv1.0 Kx=RSAPSK Au=RSA Enc=AES(256) Mac=SHA384 +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CIPHER_get_name()\fR, \fISSL_CIPHER_standard_name()\fR, \fIOPENSSL_cipher_name()\fR, +\&\fISSL_CIPHER_get_version()\fR and \fISSL_CIPHER_description()\fR return the corresponding +value in a null-terminated string for a specific cipher or \*(L"(\s-1NONE\s0)\*(R" +if the cipher is not found. +.PP +\&\fISSL_CIPHER_get_bits()\fR returns a positive integer representing the number of +secret bits or 0 if an error occurred. +.PP +\&\fISSL_CIPHER_get_cipher_nid()\fR, \fISSL_CIPHER_get_digest_nid()\fR, +\&\fISSL_CIPHER_get_kx_nid()\fR and \fISSL_CIPHER_get_auth_nid()\fR return the \s-1NID\s0 value or +\&\fBNID_undef\fR if an error occurred. +.PP +\&\fISSL_CIPHER_get_handshake_digest()\fR returns a valid \fB\s-1EVP_MD\s0\fR structure or \s-1NULL\s0 +if an error occurred. +.PP +\&\fISSL_CIPHER_is_aead()\fR returns 1 if the cipher is \s-1AEAD\s0 or 0 otherwise. +.PP +\&\fISSL_CIPHER_find()\fR returns a valid \fB\s-1SSL_CIPHER\s0\fR structure or \s-1NULL\s0 if an error +occurred. +.PP +\&\fISSL_CIPHER_get_id()\fR returns a 4\-byte integer representing the OpenSSL-specific \s-1ID\s0. +.PP +\&\fISSL_CIPHER_get_protocol_id()\fR returns a 2\-byte integer representing the \s-1TLS\s0 +protocol-specific \s-1ID\s0. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_get_current_cipher\fR\|(3), +\&\fISSL_get_ciphers\fR\|(3), \fIopenssl\-ciphers\fR\|(1) +.SH "HISTORY" +.IX Header "HISTORY" +The \fISSL_CIPHER_get_version()\fR function was updated to always return the +correct protocol string in OpenSSL 1.1.0. +.PP +The \fISSL_CIPHER_description()\fR function was changed to return \fB\s-1NULL\s0\fR on error, +rather than a fixed string, in OpenSSL 1.1.0. +.PP +The \fISSL_CIPHER_get_handshake_digest()\fR function was added in OpenSSL 1.1.1. +.PP +The \fISSL_CIPHER_standard_name()\fR function was globally available in OpenSSL 1.1.1. + Before OpenSSL 1.1.1, tracing (\fBenable-ssl-trace\fR argument to Configure) was +required to enable this function. +.PP +The \fIOPENSSL_cipher_name()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_COMP_add_compression_method.3 b/linux_amd64/share/man/man3/SSL_COMP_add_compression_method.3 new file mode 100755 index 0000000..c4cb5b2 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_COMP_add_compression_method.3 @@ -0,0 +1,222 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_COMP_ADD_COMPRESSION_METHOD 3" +.TH SSL_COMP_ADD_COMPRESSION_METHOD 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_COMP_add_compression_method, SSL_COMP_get_compression_methods, +SSL_COMP_get0_name, SSL_COMP_get_id, SSL_COMP_free_compression_methods +\&\- handle SSL/TLS integrated compression methods +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm); +\& STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); +\& const char *SSL_COMP_get0_name(const SSL_COMP *comp); +\& int SSL_COMP_get_id(const SSL_COMP *comp); +.Ve +.PP +Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& void SSL_COMP_free_compression_methods(void) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_COMP_add_compression_method()\fR adds the compression method \fBcm\fR with +the identifier \fBid\fR to the list of available compression methods. This +list is globally maintained for all \s-1SSL\s0 operations within this application. +It cannot be set for specific \s-1SSL_CTX\s0 or \s-1SSL\s0 objects. +.PP +\&\fISSL_COMP_get_compression_methods()\fR returns a stack of all of the available +compression methods or \s-1NULL\s0 on error. +.PP +\&\fISSL_COMP_get0_name()\fR returns the name of the compression method \fBcomp\fR. +.PP +\&\fISSL_COMP_get_id()\fR returns the id of the compression method \fBcomp\fR. +.PP +\&\fISSL_COMP_free_compression_methods()\fR releases any resources acquired to +maintain the internal table of compression methods. +.SH "NOTES" +.IX Header "NOTES" +The \s-1TLS\s0 standard (or SSLv3) allows the integration of compression methods +into the communication. The \s-1TLS\s0 \s-1RFC\s0 does however not specify compression +methods or their corresponding identifiers, so there is currently no compatible +way to integrate compression with unknown peers. It is therefore currently not +recommended to integrate compression into applications. Applications for +non-public use may agree on certain compression methods. Using different +compression methods with the same identifier will lead to connection failure. +.PP +An OpenSSL client speaking a protocol that allows compression (SSLv3, TLSv1) +will unconditionally send the list of all compression methods enabled with +\&\fISSL_COMP_add_compression_method()\fR to the server during the handshake. +Unlike the mechanisms to set a cipher list, there is no method available to +restrict the list of compression method on a per connection basis. +.PP +An OpenSSL server will match the identifiers listed by a client against +its own compression methods and will unconditionally activate compression +when a matching identifier is found. There is no way to restrict the list +of compression methods supported on a per connection basis. +.PP +If enabled during compilation, the OpenSSL library will have the +\&\fICOMP_zlib()\fR compression method available. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_COMP_add_compression_method()\fR may return the following values: +.IP "0" 4 +The operation succeeded. +.IP "1" 4 +.IX Item "1" +The operation failed. Check the error queue to find out the reason. +.PP +\&\fISSL_COMP_get_compression_methods()\fR returns the stack of compressions methods or +\&\s-1NULL\s0 on error. +.PP +\&\fISSL_COMP_get0_name()\fR returns the name of the compression method or \s-1NULL\s0 on error. +.PP +\&\fISSL_COMP_get_id()\fR returns the name of the compression method or \-1 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \fISSL_COMP_free_compression_methods()\fR function was deprecated in OpenSSL 1.1.0. +The \fISSL_COMP_get0_name()\fR and \fISSL_comp_get_id()\fR functions were added in OpenSSL 1.1.0d. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CONF_CTX_new.3 b/linux_amd64/share/man/man3/SSL_CONF_CTX_new.3 new file mode 100755 index 0000000..798e133 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CONF_CTX_new.3 @@ -0,0 +1,173 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CONF_CTX_NEW 3" +.TH SSL_CONF_CTX_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CONF_CTX_new, SSL_CONF_CTX_free \- SSL configuration allocation functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& SSL_CONF_CTX *SSL_CONF_CTX_new(void); +\& void SSL_CONF_CTX_free(SSL_CONF_CTX *cctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fISSL_CONF_CTX_new()\fR allocates and initialises an \fB\s-1SSL_CONF_CTX\s0\fR +structure for use with the \s-1SSL_CONF\s0 functions. +.PP +The function \fISSL_CONF_CTX_free()\fR frees up the context \fBcctx\fR. +If \fBcctx\fR is \s-1NULL\s0 nothing is done. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CONF_CTX_new()\fR returns either the newly allocated \fB\s-1SSL_CONF_CTX\s0\fR structure +or \fB\s-1NULL\s0\fR if an error occurs. +.PP +\&\fISSL_CONF_CTX_free()\fR does not return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_CONF_CTX_set_flags\fR\|(3), +\&\fISSL_CONF_CTX_set_ssl_ctx\fR\|(3), +\&\fISSL_CONF_CTX_set1_prefix\fR\|(3), +\&\fISSL_CONF_cmd\fR\|(3), +\&\fISSL_CONF_cmd_argv\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.2. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2012\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CONF_CTX_set1_prefix.3 b/linux_amd64/share/man/man3/SSL_CONF_CTX_set1_prefix.3 new file mode 100755 index 0000000..db14ae0 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CONF_CTX_set1_prefix.3 @@ -0,0 +1,180 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CONF_CTX_SET1_PREFIX 3" +.TH SSL_CONF_CTX_SET1_PREFIX 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CONF_CTX_set1_prefix \- Set configuration context command prefix +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& unsigned int SSL_CONF_CTX_set1_prefix(SSL_CONF_CTX *cctx, const char *prefix); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fISSL_CONF_CTX_set1_prefix()\fR sets the command prefix of \fBcctx\fR +to \fBprefix\fR. If \fBprefix\fR is \fB\s-1NULL\s0\fR it is restored to the default value. +.SH "NOTES" +.IX Header "NOTES" +Command prefixes alter the commands recognised by subsequent \fISSL_CONF_cmd()\fR +calls. For example for files, if the prefix \*(L"\s-1SSL\s0\*(R" is set then command names +such as \*(L"SSLProtocol\*(R", \*(L"SSLOptions\*(R" etc. are recognised instead of \*(L"Protocol\*(R" +and \*(L"Options\*(R". Similarly for command lines if the prefix is \*(L"\-\-ssl\-\*(R" then +\&\*(L"\-\-ssl\-no_tls1_2\*(R" is recognised instead of \*(L"\-no_tls1_2\*(R". +.PP +If the \fB\s-1SSL_CONF_FLAG_CMDLINE\s0\fR flag is set then prefix checks are case +sensitive and \*(L"\-\*(R" is the default. In the unlikely even an application +explicitly wants to set no prefix it must be explicitly set to "". +.PP +If the \fB\s-1SSL_CONF_FLAG_FILE\s0\fR flag is set then prefix checks are case +insensitive and no prefix is the default. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CONF_CTX_set1_prefix()\fR returns 1 for success and 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_CONF_CTX_new\fR\|(3), +\&\fISSL_CONF_CTX_set_flags\fR\|(3), +\&\fISSL_CONF_CTX_set_ssl_ctx\fR\|(3), +\&\fISSL_CONF_cmd\fR\|(3), +\&\fISSL_CONF_cmd_argv\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.2. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2012\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CONF_CTX_set_flags.3 b/linux_amd64/share/man/man3/SSL_CONF_CTX_set_flags.3 new file mode 100755 index 0000000..053b0f2 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CONF_CTX_set_flags.3 @@ -0,0 +1,197 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CONF_CTX_SET_FLAGS 3" +.TH SSL_CONF_CTX_SET_FLAGS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CONF_CTX_set_flags, SSL_CONF_CTX_clear_flags \- Set or clear SSL configuration context flags +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& unsigned int SSL_CONF_CTX_set_flags(SSL_CONF_CTX *cctx, unsigned int flags); +\& unsigned int SSL_CONF_CTX_clear_flags(SSL_CONF_CTX *cctx, unsigned int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fISSL_CONF_CTX_set_flags()\fR sets \fBflags\fR in the context \fBcctx\fR. +.PP +The function \fISSL_CONF_CTX_clear_flags()\fR clears \fBflags\fR in the context \fBcctx\fR. +.SH "NOTES" +.IX Header "NOTES" +The flags set affect how subsequent calls to \fISSL_CONF_cmd()\fR or +\&\fISSL_CONF_argv()\fR behave. +.PP +Currently the following \fBflags\fR values are recognised: +.IP "\s-1SSL_CONF_FLAG_CMDLINE\s0, \s-1SSL_CONF_FLAG_FILE\s0" 4 +.IX Item "SSL_CONF_FLAG_CMDLINE, SSL_CONF_FLAG_FILE" +recognise options intended for command line or configuration file use. At +least one of these flags must be set. +.IP "\s-1SSL_CONF_FLAG_CLIENT\s0, \s-1SSL_CONF_FLAG_SERVER\s0" 4 +.IX Item "SSL_CONF_FLAG_CLIENT, SSL_CONF_FLAG_SERVER" +recognise options intended for use in \s-1SSL/TLS\s0 clients or servers. One or +both of these flags must be set. +.IP "\s-1SSL_CONF_FLAG_CERTIFICATE\s0" 4 +.IX Item "SSL_CONF_FLAG_CERTIFICATE" +recognise certificate and private key options. +.IP "\s-1SSL_CONF_FLAG_REQUIRE_PRIVATE\s0" 4 +.IX Item "SSL_CONF_FLAG_REQUIRE_PRIVATE" +If this option is set then if a private key is not specified for a certificate +it will attempt to load a private key from the certificate file when +\&\fISSL_CONF_CTX_finish()\fR is called. If a key cannot be loaded from the certificate +file an error occurs. +.IP "\s-1SSL_CONF_FLAG_SHOW_ERRORS\s0" 4 +.IX Item "SSL_CONF_FLAG_SHOW_ERRORS" +indicate errors relating to unrecognised options or missing arguments in +the error queue. If this option isn't set such errors are only reflected +in the return values of \fISSL_CONF_set_cmd()\fR or \fISSL_CONF_set_argv()\fR +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CONF_CTX_set_flags()\fR and \fISSL_CONF_CTX_clear_flags()\fR returns the new flags +value after setting or clearing flags. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_CONF_CTX_new\fR\|(3), +\&\fISSL_CONF_CTX_set_ssl_ctx\fR\|(3), +\&\fISSL_CONF_CTX_set1_prefix\fR\|(3), +\&\fISSL_CONF_cmd\fR\|(3), +\&\fISSL_CONF_cmd_argv\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.2. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2012\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 b/linux_amd64/share/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 new file mode 100755 index 0000000..26ba70f --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 @@ -0,0 +1,178 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CONF_CTX_SET_SSL_CTX 3" +.TH SSL_CONF_CTX_SET_SSL_CTX 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CONF_CTX_set_ssl_ctx, SSL_CONF_CTX_set_ssl \- set context to configure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *cctx, SSL_CTX *ctx); +\& void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CONF_CTX_set_ssl_ctx()\fR sets the context associated with \fBcctx\fR to the +\&\fB\s-1SSL_CTX\s0\fR structure \fBctx\fR. Any previous \fB\s-1SSL\s0\fR or \fB\s-1SSL_CTX\s0\fR associated with +\&\fBcctx\fR is cleared. Subsequent calls to \fISSL_CONF_cmd()\fR will be sent to +\&\fBctx\fR. +.PP +\&\fISSL_CONF_CTX_set_ssl()\fR sets the context associated with \fBcctx\fR to the +\&\fB\s-1SSL\s0\fR structure \fBssl\fR. Any previous \fB\s-1SSL\s0\fR or \fB\s-1SSL_CTX\s0\fR associated with +\&\fBcctx\fR is cleared. Subsequent calls to \fISSL_CONF_cmd()\fR will be sent to +\&\fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +The context need not be set or it can be set to \fB\s-1NULL\s0\fR in which case only +syntax checking of commands is performed, where possible. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CONF_CTX_set_ssl_ctx()\fR and \fISSL_CTX_set_ssl()\fR do not return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_CONF_CTX_new\fR\|(3), +\&\fISSL_CONF_CTX_set_flags\fR\|(3), +\&\fISSL_CONF_CTX_set1_prefix\fR\|(3), +\&\fISSL_CONF_cmd\fR\|(3), +\&\fISSL_CONF_cmd_argv\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.2. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2012\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CONF_cmd.3 b/linux_amd64/share/man/man3/SSL_CONF_cmd.3 new file mode 100755 index 0000000..b20686f --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CONF_cmd.3 @@ -0,0 +1,787 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CONF_CMD 3" +.TH SSL_CONF_CMD 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CONF_cmd_value_type, +SSL_CONF_cmd \- send configuration command +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CONF_cmd(SSL_CONF_CTX *ctx, const char *option, const char *value); +\& int SSL_CONF_cmd_value_type(SSL_CONF_CTX *ctx, const char *option); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fISSL_CONF_cmd()\fR performs configuration operation \fBoption\fR with +optional parameter \fBvalue\fR on \fBctx\fR. Its purpose is to simplify application +configuration of \fB\s-1SSL_CTX\s0\fR or \fB\s-1SSL\s0\fR structures by providing a common +framework for command line options or configuration files. +.PP +\&\fISSL_CONF_cmd_value_type()\fR returns the type of value that \fBoption\fR refers to. +.SH "SUPPORTED COMMAND LINE COMMANDS" +.IX Header "SUPPORTED COMMAND LINE COMMANDS" +Currently supported \fBoption\fR names for command lines (i.e. when the +flag \fB\s-1SSL_CONF_CMDLINE\s0\fR is set) are listed below. Note: all \fBoption\fR names +are case sensitive. Unless otherwise stated commands can be used by +both clients and servers and the \fBvalue\fR parameter is not used. The default +prefix for command line commands is \fB\-\fR and that is reflected below. +.IP "\fB\-bugs\fR" 4 +.IX Item "-bugs" +Various bug workarounds are set, same as setting \fB\s-1SSL_OP_ALL\s0\fR. +.IP "\fB\-no_comp\fR" 4 +.IX Item "-no_comp" +Disables support for \s-1SSL/TLS\s0 compression, same as setting +\&\fB\s-1SSL_OP_NO_COMPRESSION\s0\fR. +As of OpenSSL 1.1.0, compression is off by default. +.IP "\fB\-comp\fR" 4 +.IX Item "-comp" +Enables support for \s-1SSL/TLS\s0 compression, same as clearing +\&\fB\s-1SSL_OP_NO_COMPRESSION\s0\fR. +This command was introduced in OpenSSL 1.1.0. +As of OpenSSL 1.1.0, compression is off by default. +.IP "\fB\-no_ticket\fR" 4 +.IX Item "-no_ticket" +Disables support for session tickets, same as setting \fB\s-1SSL_OP_NO_TICKET\s0\fR. +.IP "\fB\-serverpref\fR" 4 +.IX Item "-serverpref" +Use server and not client preference order when determining which cipher suite, +signature algorithm or elliptic curve to use for an incoming connection. +Equivalent to \fB\s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0\fR. Only used by servers. +.IP "\fB\-legacyrenegotiation\fR" 4 +.IX Item "-legacyrenegotiation" +permits the use of unsafe legacy renegotiation. Equivalent to setting +\&\fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR. +.IP "\fB\-no_renegotiation\fR" 4 +.IX Item "-no_renegotiation" +Disables all attempts at renegotiation in TLSv1.2 and earlier, same as setting +\&\fB\s-1SSL_OP_NO_RENEGOTIATION\s0\fR. +.IP "\fB\-no_resumption_on_reneg\fR" 4 +.IX Item "-no_resumption_on_reneg" +set \s-1SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION\s0 flag. Only used by servers. +.IP "\fB\-legacy_server_connect\fR, \fB\-no_legacy_server_connect\fR" 4 +.IX Item "-legacy_server_connect, -no_legacy_server_connect" +permits or prohibits the use of unsafe legacy renegotiation for OpenSSL +clients only. Equivalent to setting or clearing \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR. +Set by default. +.IP "\fB\-prioritize_chacha\fR" 4 +.IX Item "-prioritize_chacha" +Prioritize ChaCha ciphers when the client has a ChaCha20 cipher at the top of +its preference list. This usually indicates a client without \s-1AES\s0 hardware +acceleration (e.g. mobile) is in use. Equivalent to \fB\s-1SSL_OP_PRIORITIZE_CHACHA\s0\fR. +Only used by servers. Requires \fB\-serverpref\fR. +.IP "\fB\-allow_no_dhe_kex\fR" 4 +.IX Item "-allow_no_dhe_kex" +In TLSv1.3 allow a non\-(ec)dhe based key exchange mode on resumption. This means +that there will be no forward secrecy for the resumed session. +.IP "\fB\-strict\fR" 4 +.IX Item "-strict" +enables strict mode protocol handling. Equivalent to setting +\&\fB\s-1SSL_CERT_FLAG_TLS_STRICT\s0\fR. +.IP "\fB\-sigalgs\fR \fIalgs\fR" 4 +.IX Item "-sigalgs algs" +This sets the supported signature algorithms for TLSv1.2 and TLSv1.3. +For clients this value is used directly for the supported signature +algorithms extension. For servers it is used to determine which signature +algorithms to support. +.Sp +The \fBalgs\fR argument should be a colon separated list of signature +algorithms in order of decreasing preference of the form \fBalgorithm+hash\fR +or \fBsignature_scheme\fR. \fBalgorithm\fR is one of \fB\s-1RSA\s0\fR, \fB\s-1DSA\s0\fR or \fB\s-1ECDSA\s0\fR and +\&\fBhash\fR is a supported algorithm \s-1OID\s0 short name such as \fB\s-1SHA1\s0\fR, \fB\s-1SHA224\s0\fR, +\&\fB\s-1SHA256\s0\fR, \fB\s-1SHA384\s0\fR of \fB\s-1SHA512\s0\fR. Note: algorithm and hash names are case +sensitive. \fBsignature_scheme\fR is one of the signature schemes defined in +TLSv1.3, specified using the \s-1IETF\s0 name, e.g., \fBecdsa_secp256r1_sha256\fR, +\&\fBed25519\fR, or \fBrsa_pss_pss_sha256\fR. +.Sp +If this option is not set then all signature algorithms supported by the +OpenSSL library are permissible. +.Sp +Note: algorithms which specify a PKCS#1 v1.5 signature scheme (either by +using \fB\s-1RSA\s0\fR as the \fBalgorithm\fR or by using one of the \fBrsa_pkcs1_*\fR +identifiers) are ignored in TLSv1.3 and will not be negotiated. +.IP "\fB\-client_sigalgs\fR \fIalgs\fR" 4 +.IX Item "-client_sigalgs algs" +This sets the supported signature algorithms associated with client +authentication for TLSv1.2 and TLSv1.3. For servers the \fBalgs\fR is used +in the \fBsignature_algorithms\fR field of a \fBCertificateRequest\fR message. +For clients it is used to determine which signature algorithm to use with +the client certificate. If a server does not request a certificate this +option has no effect. +.Sp +The syntax of \fBalgs\fR is identical to \fB\-sigalgs\fR. If not set, then the +value set for \fB\-sigalgs\fR will be used instead. +.IP "\fB\-groups\fR \fIgroups\fR" 4 +.IX Item "-groups groups" +This sets the supported groups. For clients, the groups are sent using +the supported groups extension. For servers, it is used to determine which +group to use. This setting affects groups used for signatures (in TLSv1.2 +and earlier) and key exchange. The first group listed will also be used +for the \fBkey_share\fR sent by a client in a TLSv1.3 \fBClientHello\fR. +.Sp +The \fBgroups\fR argument is a colon separated list of groups. The group can +be either the \fB\s-1NIST\s0\fR name (e.g. \fBP\-256\fR), some other commonly used name +where applicable (e.g. \fBX25519\fR, \fBffdhe2048\fR) or an OpenSSL \s-1OID\s0 name +(e.g \fBprime256v1\fR). Group names are case sensitive. The list should be +in order of preference with the most preferred group first. +.Sp +Currently supported groups for \fBTLSv1.3\fR are \fBP\-256\fR, \fBP\-384\fR, \fBP\-521\fR, +\&\fBX25519\fR, \fBX448\fR, \fBffdhe2048\fR, \fBffdhe3072\fR, \fBffdhe4096\fR, \fBffdhe6144\fR, +\&\fBffdhe8192\fR. +.IP "\fB\-curves\fR \fIgroups\fR" 4 +.IX Item "-curves groups" +This is a synonym for the \fB\-groups\fR command. +.IP "\fB\-named_curve\fR \fIcurve\fR" 4 +.IX Item "-named_curve curve" +This sets the temporary curve used for ephemeral \s-1ECDH\s0 modes. Only used +by servers. +.Sp +The \fBgroups\fR argument is a curve name or the special value \fBauto\fR which +picks an appropriate curve based on client and server preferences. The +curve can be either the \fB\s-1NIST\s0\fR name (e.g. \fBP\-256\fR) or an OpenSSL \s-1OID\s0 name +(e.g \fBprime256v1\fR). Curve names are case sensitive. +.IP "\fB\-cipher\fR \fIciphers\fR" 4 +.IX Item "-cipher ciphers" +Sets the TLSv1.2 and below ciphersuite list to \fBciphers\fR. This list will be +combined with any configured TLSv1.3 ciphersuites. Note: syntax checking +of \fBciphers\fR is currently not performed unless a \fB\s-1SSL\s0\fR or \fB\s-1SSL_CTX\s0\fR +structure is associated with \fBctx\fR. +.IP "\fB\-ciphersuites\fR \fI1.3ciphers\fR" 4 +.IX Item "-ciphersuites 1.3ciphers" +Sets the available ciphersuites for TLSv1.3 to value. This is a +colon-separated list of TLSv1.3 ciphersuite names in order of preference. This +list will be combined any configured TLSv1.2 and below ciphersuites. +See \fIopenssl\-ciphers\fR\|(1) for more information. +.IP "\fB\-min_protocol\fR \fIminprot\fR, \fB\-max_protocol\fR \fImaxprot\fR" 4 +.IX Item "-min_protocol minprot, -max_protocol maxprot" +Sets the minimum and maximum supported protocol. Currently supported +protocol values are \fBSSLv3\fR, \fBTLSv1\fR, \fBTLSv1.1\fR, \fBTLSv1.2\fR, \fBTLSv1.3\fR +for \s-1TLS\s0 and \fBDTLSv1\fR, \fBDTLSv1.2\fR for \s-1DTLS\s0, and \fBNone\fR for no limit. +If either bound is not specified then only the other bound applies, +if specified. To restrict the supported protocol versions use these +commands rather than the deprecated alternative commands below. +.IP "\fB\-record_padding\fR \fIpadding\fR" 4 +.IX Item "-record_padding padding" +Attempts to pad TLSv1.3 records so that they are a multiple of \fBpadding\fR +in length on send. A \fBpadding\fR of 0 or 1 turns off padding. Otherwise, +the \fBpadding\fR must be >1 or <=16384. +.IP "\fB\-debug_broken_protocol\fR" 4 +.IX Item "-debug_broken_protocol" +Ignored. +.IP "\fB\-no_middlebox\fR" 4 +.IX Item "-no_middlebox" +Turn off \*(L"middlebox compatibility\*(R", as described below. +.SS "Additional Options" +.IX Subsection "Additional Options" +The following options are accepted by \fISSL_CONF_cmd()\fR, but are not +processed by the OpenSSL commands. +.IP "\fB\-cert\fR \fIfile\fR" 4 +.IX Item "-cert file" +Attempts to use \fBfile\fR as the certificate for the appropriate context. It +currently uses \fISSL_CTX_use_certificate_chain_file()\fR if an \fB\s-1SSL_CTX\s0\fR +structure is set or \fISSL_use_certificate_file()\fR with filetype \s-1PEM\s0 if an +\&\fB\s-1SSL\s0\fR structure is set. This option is only supported if certificate +operations are permitted. +.IP "\fB\-key\fR \fIfile\fR" 4 +.IX Item "-key file" +Attempts to use \fBfile\fR as the private key for the appropriate context. This +option is only supported if certificate operations are permitted. Note: +if no \fB\-key\fR option is set then a private key is not loaded unless the +flag \fB\s-1SSL_CONF_FLAG_REQUIRE_PRIVATE\s0\fR is set. +.IP "\fB\-dhparam\fR \fIfile\fR" 4 +.IX Item "-dhparam file" +Attempts to use \fBfile\fR as the set of temporary \s-1DH\s0 parameters for +the appropriate context. This option is only supported if certificate +operations are permitted. +.IP "\fB\-no_ssl3\fR, \fB\-no_tls1\fR, \fB\-no_tls1_1\fR, \fB\-no_tls1_2\fR, \fB\-no_tls1_3\fR" 4 +.IX Item "-no_ssl3, -no_tls1, -no_tls1_1, -no_tls1_2, -no_tls1_3" +Disables protocol support for SSLv3, TLSv1.0, TLSv1.1, TLSv1.2 or TLSv1.3 by +setting the corresponding options \fBSSL_OP_NO_SSLv3\fR, \fBSSL_OP_NO_TLSv1\fR, +\&\fBSSL_OP_NO_TLSv1_1\fR, \fBSSL_OP_NO_TLSv1_2\fR and \fBSSL_OP_NO_TLSv1_3\fR +respectively. These options are deprecated, use \fB\-min_protocol\fR and +\&\fB\-max_protocol\fR instead. +.IP "\fB\-anti_replay\fR, \fB\-no_anti_replay\fR" 4 +.IX Item "-anti_replay, -no_anti_replay" +Switches replay protection, on or off respectively. With replay protection on, +OpenSSL will automatically detect if a session ticket has been used more than +once, TLSv1.3 has been negotiated, and early data is enabled on the server. A +full handshake is forced if a session ticket is used a second or subsequent +time. Anti-Replay is on by default unless overridden by a configuration file and +is only used by servers. Anti-replay measures are required for compliance with +the TLSv1.3 specification. Some applications may be able to mitigate the replay +risks in other ways and in such cases the built-in OpenSSL functionality is not +required. Switching off anti-replay is equivalent to \fB\s-1SSL_OP_NO_ANTI_REPLAY\s0\fR. +.SH "SUPPORTED CONFIGURATION FILE COMMANDS" +.IX Header "SUPPORTED CONFIGURATION FILE COMMANDS" +Currently supported \fBoption\fR names for configuration files (i.e., when the +flag \fB\s-1SSL_CONF_FLAG_FILE\s0\fR is set) are listed below. All configuration file +\&\fBoption\fR names are case insensitive so \fBsignaturealgorithms\fR is recognised +as well as \fBSignatureAlgorithms\fR. Unless otherwise stated the \fBvalue\fR names +are also case insensitive. +.PP +Note: the command prefix (if set) alters the recognised \fBoption\fR values. +.IP "\fBCipherString\fR" 4 +.IX Item "CipherString" +Sets the ciphersuite list for TLSv1.2 and below to \fBvalue\fR. This list will be +combined with any configured TLSv1.3 ciphersuites. Note: syntax +checking of \fBvalue\fR is currently not performed unless an \fB\s-1SSL\s0\fR or \fB\s-1SSL_CTX\s0\fR +structure is associated with \fBctx\fR. +.IP "\fBCiphersuites\fR" 4 +.IX Item "Ciphersuites" +Sets the available ciphersuites for TLSv1.3 to \fBvalue\fR. This is a +colon-separated list of TLSv1.3 ciphersuite names in order of preference. This +list will be combined any configured TLSv1.2 and below ciphersuites. +See \fIopenssl\-ciphers\fR\|(1) for more information. +.IP "\fBCertificate\fR" 4 +.IX Item "Certificate" +Attempts to use the file \fBvalue\fR as the certificate for the appropriate +context. It currently uses \fISSL_CTX_use_certificate_chain_file()\fR if an \fB\s-1SSL_CTX\s0\fR +structure is set or \fISSL_use_certificate_file()\fR with filetype \s-1PEM\s0 if an \fB\s-1SSL\s0\fR +structure is set. This option is only supported if certificate operations +are permitted. +.IP "\fBPrivateKey\fR" 4 +.IX Item "PrivateKey" +Attempts to use the file \fBvalue\fR as the private key for the appropriate +context. This option is only supported if certificate operations +are permitted. Note: if no \fBPrivateKey\fR option is set then a private key is +not loaded unless the \fB\s-1SSL_CONF_FLAG_REQUIRE_PRIVATE\s0\fR is set. +.IP "\fBChainCAFile\fR, \fBChainCAPath\fR, \fBVerifyCAFile\fR, \fBVerifyCAPath\fR" 4 +.IX Item "ChainCAFile, ChainCAPath, VerifyCAFile, VerifyCAPath" +These options indicate a file or directory used for building certificate +chains or verifying certificate chains. These options are only supported +if certificate operations are permitted. +.IP "\fBRequestCAFile\fR" 4 +.IX Item "RequestCAFile" +This option indicates a file containing a set of certificates in \s-1PEM\s0 form. +The subject names of the certificates are sent to the peer in the +\&\fBcertificate_authorities\fR extension for \s-1TLS\s0 1.3 (in ClientHello or +CertificateRequest) or in a certificate request for previous versions or +\&\s-1TLS\s0. +.IP "\fBServerInfoFile\fR" 4 +.IX Item "ServerInfoFile" +Attempts to use the file \fBvalue\fR in the \*(L"serverinfo\*(R" extension using the +function SSL_CTX_use_serverinfo_file. +.IP "\fBDHParameters\fR" 4 +.IX Item "DHParameters" +Attempts to use the file \fBvalue\fR as the set of temporary \s-1DH\s0 parameters for +the appropriate context. This option is only supported if certificate +operations are permitted. +.IP "\fBRecordPadding\fR" 4 +.IX Item "RecordPadding" +Attempts to pad TLSv1.3 records so that they are a multiple of \fBvalue\fR in +length on send. A \fBvalue\fR of 0 or 1 turns off padding. Otherwise, the +\&\fBvalue\fR must be >1 or <=16384. +.IP "\fBSignatureAlgorithms\fR" 4 +.IX Item "SignatureAlgorithms" +This sets the supported signature algorithms for TLSv1.2 and TLSv1.3. +For clients this +value is used directly for the supported signature algorithms extension. For +servers it is used to determine which signature algorithms to support. +.Sp +The \fBvalue\fR argument should be a colon separated list of signature algorithms +in order of decreasing preference of the form \fBalgorithm+hash\fR or +\&\fBsignature_scheme\fR. \fBalgorithm\fR +is one of \fB\s-1RSA\s0\fR, \fB\s-1DSA\s0\fR or \fB\s-1ECDSA\s0\fR and \fBhash\fR is a supported algorithm +\&\s-1OID\s0 short name such as \fB\s-1SHA1\s0\fR, \fB\s-1SHA224\s0\fR, \fB\s-1SHA256\s0\fR, \fB\s-1SHA384\s0\fR of \fB\s-1SHA512\s0\fR. +Note: algorithm and hash names are case sensitive. +\&\fBsignature_scheme\fR is one of the signature schemes defined in TLSv1.3, +specified using the \s-1IETF\s0 name, e.g., \fBecdsa_secp256r1_sha256\fR, \fBed25519\fR, +or \fBrsa_pss_pss_sha256\fR. +.Sp +If this option is not set then all signature algorithms supported by the +OpenSSL library are permissible. +.Sp +Note: algorithms which specify a PKCS#1 v1.5 signature scheme (either by +using \fB\s-1RSA\s0\fR as the \fBalgorithm\fR or by using one of the \fBrsa_pkcs1_*\fR +identifiers) are ignored in TLSv1.3 and will not be negotiated. +.IP "\fBClientSignatureAlgorithms\fR" 4 +.IX Item "ClientSignatureAlgorithms" +This sets the supported signature algorithms associated with client +authentication for TLSv1.2 and TLSv1.3. +For servers the value is used in the +\&\fBsignature_algorithms\fR field of a \fBCertificateRequest\fR message. +For clients it is +used to determine which signature algorithm to use with the client certificate. +If a server does not request a certificate this option has no effect. +.Sp +The syntax of \fBvalue\fR is identical to \fBSignatureAlgorithms\fR. If not set then +the value set for \fBSignatureAlgorithms\fR will be used instead. +.IP "\fBGroups\fR" 4 +.IX Item "Groups" +This sets the supported groups. For clients, the groups are +sent using the supported groups extension. For servers, it is used +to determine which group to use. This setting affects groups used for +signatures (in TLSv1.2 and earlier) and key exchange. The first group listed +will also be used for the \fBkey_share\fR sent by a client in a TLSv1.3 +\&\fBClientHello\fR. +.Sp +The \fBvalue\fR argument is a colon separated list of groups. The group can be +either the \fB\s-1NIST\s0\fR name (e.g. \fBP\-256\fR), some other commonly used name where +applicable (e.g. \fBX25519\fR, \fBffdhe2048\fR) or an OpenSSL \s-1OID\s0 name +(e.g \fBprime256v1\fR). Group names are case sensitive. The list should be in +order of preference with the most preferred group first. +.Sp +Currently supported groups for \fBTLSv1.3\fR are \fBP\-256\fR, \fBP\-384\fR, \fBP\-521\fR, +\&\fBX25519\fR, \fBX448\fR, \fBffdhe2048\fR, \fBffdhe3072\fR, \fBffdhe4096\fR, \fBffdhe6144\fR, +\&\fBffdhe8192\fR. +.IP "\fBCurves\fR" 4 +.IX Item "Curves" +This is a synonym for the \*(L"Groups\*(R" command. +.IP "\fBMinProtocol\fR" 4 +.IX Item "MinProtocol" +This sets the minimum supported \s-1SSL\s0, \s-1TLS\s0 or \s-1DTLS\s0 version. +.Sp +Currently supported protocol values are \fBSSLv3\fR, \fBTLSv1\fR, \fBTLSv1.1\fR, +\&\fBTLSv1.2\fR, \fBTLSv1.3\fR, \fBDTLSv1\fR and \fBDTLSv1.2\fR. +The value \fBNone\fR will disable the limit. +.IP "\fBMaxProtocol\fR" 4 +.IX Item "MaxProtocol" +This sets the maximum supported \s-1SSL\s0, \s-1TLS\s0 or \s-1DTLS\s0 version. +.Sp +Currently supported protocol values are \fBSSLv3\fR, \fBTLSv1\fR, \fBTLSv1.1\fR, +\&\fBTLSv1.2\fR, \fBTLSv1.3\fR, \fBDTLSv1\fR and \fBDTLSv1.2\fR. +The value \fBNone\fR will disable the limit. +.IP "\fBProtocol\fR" 4 +.IX Item "Protocol" +This can be used to enable or disable certain versions of the \s-1SSL\s0, +\&\s-1TLS\s0 or \s-1DTLS\s0 protocol. +.Sp +The \fBvalue\fR argument is a comma separated list of supported protocols +to enable or disable. +If a protocol is preceded by \fB\-\fR that version is disabled. +.Sp +All protocol versions are enabled by default. +You need to disable at least one protocol version for this setting have any +effect. +Only enabling some protocol versions does not disable the other protocol +versions. +.Sp +Currently supported protocol values are \fBSSLv3\fR, \fBTLSv1\fR, \fBTLSv1.1\fR, +\&\fBTLSv1.2\fR, \fBTLSv1.3\fR, \fBDTLSv1\fR and \fBDTLSv1.2\fR. +The special value \fB\s-1ALL\s0\fR refers to all supported versions. +.Sp +This can't enable protocols that are disabled using \fBMinProtocol\fR +or \fBMaxProtocol\fR, but can disable protocols that are still allowed +by them. +.Sp +The \fBProtocol\fR command is fragile and deprecated; do not use it. +Use \fBMinProtocol\fR and \fBMaxProtocol\fR instead. +If you do use \fBProtocol\fR, make sure that the resulting range of enabled +protocols has no \*(L"holes\*(R", e.g. if \s-1TLS\s0 1.0 and \s-1TLS\s0 1.2 are both enabled, make +sure to also leave \s-1TLS\s0 1.1 enabled. +.IP "\fBOptions\fR" 4 +.IX Item "Options" +The \fBvalue\fR argument is a comma separated list of various flags to set. +If a flag string is preceded \fB\-\fR it is disabled. +See the \fISSL_CTX_set_options\fR\|(3) function for more details of +individual options. +.Sp +Each option is listed below. Where an operation is enabled by default +the \fB\-flag\fR syntax is needed to disable it. +.Sp +\&\fBSessionTicket\fR: session ticket support, enabled by default. Inverse of +\&\fB\s-1SSL_OP_NO_TICKET\s0\fR: that is \fB\-SessionTicket\fR is the same as setting +\&\fB\s-1SSL_OP_NO_TICKET\s0\fR. +.Sp +\&\fBCompression\fR: \s-1SSL/TLS\s0 compression support, enabled by default. Inverse +of \fB\s-1SSL_OP_NO_COMPRESSION\s0\fR. +.Sp +\&\fBEmptyFragments\fR: use empty fragments as a countermeasure against a +\&\s-1SSL\s0 3.0/TLS 1.0 protocol vulnerability affecting \s-1CBC\s0 ciphers. It +is set by default. Inverse of \fB\s-1SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS\s0\fR. +.Sp +\&\fBBugs\fR: enable various bug workarounds. Same as \fB\s-1SSL_OP_ALL\s0\fR. +.Sp +\&\fBDHSingle\fR: enable single use \s-1DH\s0 keys, set by default. Inverse of +\&\fB\s-1SSL_OP_DH_SINGLE\s0\fR. Only used by servers. +.Sp +\&\fBECDHSingle\fR: enable single use \s-1ECDH\s0 keys, set by default. Inverse of +\&\fB\s-1SSL_OP_ECDH_SINGLE\s0\fR. Only used by servers. +.Sp +\&\fBServerPreference\fR: use server and not client preference order when +determining which cipher suite, signature algorithm or elliptic curve +to use for an incoming connection. Equivalent to +\&\fB\s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0\fR. Only used by servers. +.Sp +\&\fBPrioritizeChaCha\fR: prioritizes ChaCha ciphers when the client has a +ChaCha20 cipher at the top of its preference list. This usually indicates +a mobile client is in use. Equivalent to \fB\s-1SSL_OP_PRIORITIZE_CHACHA\s0\fR. +Only used by servers. +.Sp +\&\fBNoResumptionOnRenegotiation\fR: set +\&\fB\s-1SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION\s0\fR flag. Only used by servers. +.Sp +\&\fBNoRenegotiation\fR: disables all attempts at renegotiation in TLSv1.2 and +earlier, same as setting \fB\s-1SSL_OP_NO_RENEGOTIATION\s0\fR. +.Sp +\&\fBUnsafeLegacyRenegotiation\fR: permits the use of unsafe legacy renegotiation. +Equivalent to \fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR. +.Sp +\&\fBUnsafeLegacyServerConnect\fR: permits the use of unsafe legacy renegotiation +for OpenSSL clients only. Equivalent to \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR. +Set by default. +.Sp +\&\fBEncryptThenMac\fR: use encrypt-then-mac extension, enabled by +default. Inverse of \fB\s-1SSL_OP_NO_ENCRYPT_THEN_MAC\s0\fR: that is, +\&\fB\-EncryptThenMac\fR is the same as setting \fB\s-1SSL_OP_NO_ENCRYPT_THEN_MAC\s0\fR. +.Sp +\&\fBAllowNoDHEKEX\fR: In TLSv1.3 allow a non\-(ec)dhe based key exchange mode on +resumption. This means that there will be no forward secrecy for the resumed +session. Equivalent to \fB\s-1SSL_OP_ALLOW_NO_DHE_KEX\s0\fR. +.Sp +\&\fBMiddleboxCompat\fR: If set then dummy Change Cipher Spec (\s-1CCS\s0) messages are sent +in TLSv1.3. This has the effect of making TLSv1.3 look more like TLSv1.2 so that +middleboxes that do not understand TLSv1.3 will not drop the connection. This +option is set by default. A future version of OpenSSL may not set this by +default. Equivalent to \fB\s-1SSL_OP_ENABLE_MIDDLEBOX_COMPAT\s0\fR. +.Sp +\&\fBAntiReplay\fR: If set then OpenSSL will automatically detect if a session ticket +has been used more than once, TLSv1.3 has been negotiated, and early data is +enabled on the server. A full handshake is forced if a session ticket is used a +second or subsequent time. This option is set by default and is only used by +servers. Anti-replay measures are required to comply with the TLSv1.3 +specification. Some applications may be able to mitigate the replay risks in +other ways and in such cases the built-in OpenSSL functionality is not required. +Disabling anti-replay is equivalent to setting \fB\s-1SSL_OP_NO_ANTI_REPLAY\s0\fR. +.Sp +\&\fBExtendedMasterSecret\fR: use extended master secret extension, enabled by +default. Inverse of \fB\s-1SSL_OP_NO_EXTENDED_MASTER_SECRET\s0\fR: that is, +\&\fB\-ExtendedMasterSecret\fR is the same as setting \fB\s-1SSL_OP_NO_EXTENDED_MASTER_SECRET\s0\fR. +.IP "\fBVerifyMode\fR" 4 +.IX Item "VerifyMode" +The \fBvalue\fR argument is a comma separated list of flags to set. +.Sp +\&\fBPeer\fR enables peer verification: for clients only. +.Sp +\&\fBRequest\fR requests but does not require a certificate from the client. +Servers only. +.Sp +\&\fBRequire\fR requests and requires a certificate from the client: an error +occurs if the client does not present a certificate. Servers only. +.Sp +\&\fBOnce\fR requests a certificate from a client only on the initial connection: +not when renegotiating. Servers only. +.Sp +\&\fBRequestPostHandshake\fR configures the connection to support requests but does +not require a certificate from the client post-handshake. A certificate will +not be requested during the initial handshake. The server application must +provide a mechanism to request a certificate post-handshake. Servers only. +TLSv1.3 only. +.Sp +\&\fBRequiresPostHandshake\fR configures the connection to support requests and +requires a certificate from the client post-handshake: an error occurs if the +client does not present a certificate. A certificate will not be requested +during the initial handshake. The server application must provide a mechanism +to request a certificate post-handshake. Servers only. TLSv1.3 only. +.IP "\fBClientCAFile\fR, \fBClientCAPath\fR" 4 +.IX Item "ClientCAFile, ClientCAPath" +A file or directory of certificates in \s-1PEM\s0 format whose names are used as the +set of acceptable names for client CAs. Servers only. This option is only +supported if certificate operations are permitted. +.SH "SUPPORTED COMMAND TYPES" +.IX Header "SUPPORTED COMMAND TYPES" +The function \fISSL_CONF_cmd_value_type()\fR currently returns one of the following +types: +.IP "\fB\s-1SSL_CONF_TYPE_UNKNOWN\s0\fR" 4 +.IX Item "SSL_CONF_TYPE_UNKNOWN" +The \fBoption\fR string is unrecognised, this return value can be use to flag +syntax errors. +.IP "\fB\s-1SSL_CONF_TYPE_STRING\s0\fR" 4 +.IX Item "SSL_CONF_TYPE_STRING" +The value is a string without any specific structure. +.IP "\fB\s-1SSL_CONF_TYPE_FILE\s0\fR" 4 +.IX Item "SSL_CONF_TYPE_FILE" +The value is a filename. +.IP "\fB\s-1SSL_CONF_TYPE_DIR\s0\fR" 4 +.IX Item "SSL_CONF_TYPE_DIR" +The value is a directory name. +.IP "\fB\s-1SSL_CONF_TYPE_NONE\s0\fR" 4 +.IX Item "SSL_CONF_TYPE_NONE" +The value string is not used e.g. a command line option which doesn't take an +argument. +.SH "NOTES" +.IX Header "NOTES" +The order of operations is significant. This can be used to set either defaults +or values which cannot be overridden. For example if an application calls: +.PP +.Vb 2 +\& SSL_CONF_cmd(ctx, "Protocol", "\-SSLv3"); +\& SSL_CONF_cmd(ctx, userparam, uservalue); +.Ve +.PP +it will disable SSLv3 support by default but the user can override it. If +however the call sequence is: +.PP +.Vb 2 +\& SSL_CONF_cmd(ctx, userparam, uservalue); +\& SSL_CONF_cmd(ctx, "Protocol", "\-SSLv3"); +.Ve +.PP +SSLv3 is \fBalways\fR disabled and attempt to override this by the user are +ignored. +.PP +By checking the return code of \fISSL_CONF_cmd()\fR it is possible to query if a +given \fBoption\fR is recognised, this is useful if \fISSL_CONF_cmd()\fR values are +mixed with additional application specific operations. +.PP +For example an application might call \fISSL_CONF_cmd()\fR and if it returns +\&\-2 (unrecognised command) continue with processing of application specific +commands. +.PP +Applications can also use \fISSL_CONF_cmd()\fR to process command lines though the +utility function \fISSL_CONF_cmd_argv()\fR is normally used instead. One way +to do this is to set the prefix to an appropriate value using +\&\fISSL_CONF_CTX_set1_prefix()\fR, pass the current argument to \fBoption\fR and the +following argument to \fBvalue\fR (which may be \s-1NULL\s0). +.PP +In this case if the return value is positive then it is used to skip that +number of arguments as they have been processed by \fISSL_CONF_cmd()\fR. If \-2 is +returned then \fBoption\fR is not recognised and application specific arguments +can be checked instead. If \-3 is returned a required argument is missing +and an error is indicated. If 0 is returned some other error occurred and +this can be reported back to the user. +.PP +The function \fISSL_CONF_cmd_value_type()\fR can be used by applications to +check for the existence of a command or to perform additional syntax +checking or translation of the command value. For example if the return +value is \fB\s-1SSL_CONF_TYPE_FILE\s0\fR an application could translate a relative +pathname to an absolute pathname. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CONF_cmd()\fR returns 1 if the value of \fBoption\fR is recognised and \fBvalue\fR is +\&\fB\s-1NOT\s0\fR used and 2 if both \fBoption\fR and \fBvalue\fR are used. In other words it +returns the number of arguments processed. This is useful when processing +command lines. +.PP +A return value of \-2 means \fBoption\fR is not recognised. +.PP +A return value of \-3 means \fBoption\fR is recognised and the command requires a +value but \fBvalue\fR is \s-1NULL\s0. +.PP +A return code of 0 indicates that both \fBoption\fR and \fBvalue\fR are valid but an +error occurred attempting to perform the operation: for example due to an +error in the syntax of \fBvalue\fR in this case the error queue may provide +additional information. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Set supported signature algorithms: +.PP +.Vb 1 +\& SSL_CONF_cmd(ctx, "SignatureAlgorithms", "ECDSA+SHA256:RSA+SHA256:DSA+SHA256"); +.Ve +.PP +There are various ways to select the supported protocols. +.PP +This set the minimum protocol version to TLSv1, and so disables SSLv3. +This is the recommended way to disable protocols. +.PP +.Vb 1 +\& SSL_CONF_cmd(ctx, "MinProtocol", "TLSv1"); +.Ve +.PP +The following also disables SSLv3: +.PP +.Vb 1 +\& SSL_CONF_cmd(ctx, "Protocol", "\-SSLv3"); +.Ve +.PP +The following will first enable all protocols, and then disable +SSLv3. +If no protocol versions were disabled before this has the same effect as +\&\*(L"\-SSLv3\*(R", but if some versions were disables this will re-enable them before +disabling SSLv3. +.PP +.Vb 1 +\& SSL_CONF_cmd(ctx, "Protocol", "ALL,\-SSLv3"); +.Ve +.PP +Only enable TLSv1.2: +.PP +.Vb 2 +\& SSL_CONF_cmd(ctx, "MinProtocol", "TLSv1.2"); +\& SSL_CONF_cmd(ctx, "MaxProtocol", "TLSv1.2"); +.Ve +.PP +This also only enables TLSv1.2: +.PP +.Vb 1 +\& SSL_CONF_cmd(ctx, "Protocol", "\-ALL,TLSv1.2"); +.Ve +.PP +Disable \s-1TLS\s0 session tickets: +.PP +.Vb 1 +\& SSL_CONF_cmd(ctx, "Options", "\-SessionTicket"); +.Ve +.PP +Enable compression: +.PP +.Vb 1 +\& SSL_CONF_cmd(ctx, "Options", "Compression"); +.Ve +.PP +Set supported curves to P\-256, P\-384: +.PP +.Vb 1 +\& SSL_CONF_cmd(ctx, "Curves", "P\-256:P\-384"); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_CONF_CTX_new\fR\|(3), +\&\fISSL_CONF_CTX_set_flags\fR\|(3), +\&\fISSL_CONF_CTX_set1_prefix\fR\|(3), +\&\fISSL_CONF_CTX_set_ssl_ctx\fR\|(3), +\&\fISSL_CONF_cmd_argv\fR\|(3), +\&\fISSL_CTX_set_options\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fISSL_CONF_cmd()\fR function was added in OpenSSL 1.0.2. +.PP +The \fB\s-1SSL_OP_NO_SSL2\s0\fR option doesn't have effect since 1.1.0, but the macro +is retained for backwards compatibility. +.PP +The \fB\s-1SSL_CONF_TYPE_NONE\s0\fR was added in OpenSSL 1.1.0. In earlier versions of +OpenSSL passing a command which didn't take an argument would return +\&\fB\s-1SSL_CONF_TYPE_UNKNOWN\s0\fR. +.PP +\&\fBMinProtocol\fR and \fBMaxProtocol\fR where added in OpenSSL 1.1.0. +.PP +\&\fBAllowNoDHEKEX\fR and \fBPrioritizeChaCha\fR were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2012\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CONF_cmd_argv.3 b/linux_amd64/share/man/man3/SSL_CONF_cmd_argv.3 new file mode 100755 index 0000000..f0a94d9 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CONF_cmd_argv.3 @@ -0,0 +1,174 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CONF_CMD_ARGV 3" +.TH SSL_CONF_CMD_ARGV 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CONF_cmd_argv \- SSL configuration command line processing +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CONF_cmd_argv(SSL_CONF_CTX *cctx, int *pargc, char ***pargv); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fISSL_CONF_cmd_argv()\fR processes at most two command line +arguments from \fBpargv\fR and \fBpargc\fR. The values of \fBpargv\fR and \fBpargc\fR +are updated to reflect the number of command options processed. The \fBpargc\fR +argument can be set to \fB\s-1NULL\s0\fR if it is not used. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CONF_cmd_argv()\fR returns the number of command arguments processed: 0, 1, 2 +or a negative error code. +.PP +If \-2 is returned then an argument for a command is missing. +.PP +If \-1 is returned the command is recognised but couldn't be processed due +to an error: for example a syntax error in the argument. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_CONF_CTX_new\fR\|(3), +\&\fISSL_CONF_CTX_set_flags\fR\|(3), +\&\fISSL_CONF_CTX_set1_prefix\fR\|(3), +\&\fISSL_CONF_CTX_set_ssl_ctx\fR\|(3), +\&\fISSL_CONF_cmd\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.2. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2012\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CTX_add1_chain_cert.3 b/linux_amd64/share/man/man3/SSL_CTX_add1_chain_cert.3 new file mode 100755 index 0000000..27776c6 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CTX_add1_chain_cert.3 @@ -0,0 +1,280 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_ADD1_CHAIN_CERT 3" +.TH SSL_CTX_ADD1_CHAIN_CERT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set0_chain, SSL_CTX_set1_chain, SSL_CTX_add0_chain_cert, +SSL_CTX_add1_chain_cert, SSL_CTX_get0_chain_certs, SSL_CTX_clear_chain_certs, +SSL_set0_chain, SSL_set1_chain, SSL_add0_chain_cert, SSL_add1_chain_cert, +SSL_get0_chain_certs, SSL_clear_chain_certs, SSL_CTX_build_cert_chain, +SSL_build_cert_chain, SSL_CTX_select_current_cert, +SSL_select_current_cert, SSL_CTX_set_current_cert, SSL_set_current_cert \- extra +chain certificate processing +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_set0_chain(SSL_CTX *ctx, STACK_OF(X509) *sk); +\& int SSL_CTX_set1_chain(SSL_CTX *ctx, STACK_OF(X509) *sk); +\& int SSL_CTX_add0_chain_cert(SSL_CTX *ctx, X509 *x509); +\& int SSL_CTX_add1_chain_cert(SSL_CTX *ctx, X509 *x509); +\& int SSL_CTX_get0_chain_certs(SSL_CTX *ctx, STACK_OF(X509) **sk); +\& int SSL_CTX_clear_chain_certs(SSL_CTX *ctx); +\& +\& int SSL_set0_chain(SSL *ssl, STACK_OF(X509) *sk); +\& int SSL_set1_chain(SSL *ssl, STACK_OF(X509) *sk); +\& int SSL_add0_chain_cert(SSL *ssl, X509 *x509); +\& int SSL_add1_chain_cert(SSL *ssl, X509 *x509); +\& int SSL_get0_chain_certs(SSL *ssl, STACK_OF(X509) **sk); +\& int SSL_clear_chain_certs(SSL *ssl); +\& +\& int SSL_CTX_build_cert_chain(SSL_CTX *ctx, flags); +\& int SSL_build_cert_chain(SSL *ssl, flags); +\& +\& int SSL_CTX_select_current_cert(SSL_CTX *ctx, X509 *x509); +\& int SSL_select_current_cert(SSL *ssl, X509 *x509); +\& int SSL_CTX_set_current_cert(SSL_CTX *ctx, long op); +\& int SSL_set_current_cert(SSL *ssl, long op); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set0_chain()\fR and \fISSL_CTX_set1_chain()\fR set the certificate chain +associated with the current certificate of \fBctx\fR to \fBsk\fR. +.PP +\&\fISSL_CTX_add0_chain_cert()\fR and \fISSL_CTX_add1_chain_cert()\fR append the single +certificate \fBx509\fR to the chain associated with the current certificate of +\&\fBctx\fR. +.PP +\&\fISSL_CTX_get0_chain_certs()\fR retrieves the chain associated with the current +certificate of \fBctx\fR. +.PP +\&\fISSL_CTX_clear_chain_certs()\fR clears any existing chain associated with the +current certificate of \fBctx\fR. (This is implemented by calling +\&\fISSL_CTX_set0_chain()\fR with \fBsk\fR set to \fB\s-1NULL\s0\fR). +.PP +\&\fISSL_CTX_build_cert_chain()\fR builds the certificate chain for \fBctx\fR normally +this uses the chain store or the verify store if the chain store is not set. +If the function is successful the built chain will replace any existing chain. +The \fBflags\fR parameter can be set to \fB\s-1SSL_BUILD_CHAIN_FLAG_UNTRUSTED\s0\fR to use +existing chain certificates as untrusted CAs, \fB\s-1SSL_BUILD_CHAIN_FLAG_NO_ROOT\s0\fR +to omit the root \s-1CA\s0 from the built chain, \fB\s-1SSL_BUILD_CHAIN_FLAG_CHECK\s0\fR to +use all existing chain certificates only to build the chain (effectively +sanity checking and rearranging them if necessary), the flag +\&\fB\s-1SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR\s0\fR ignores any errors during verification: +if flag \fB\s-1SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR\s0\fR is also set verification errors +are cleared from the error queue. +.PP +Each of these functions operates on the \fIcurrent\fR end entity +(i.e. server or client) certificate. This is the last certificate loaded or +selected on the corresponding \fBctx\fR structure. +.PP +\&\fISSL_CTX_select_current_cert()\fR selects \fBx509\fR as the current end entity +certificate, but only if \fBx509\fR has already been loaded into \fBctx\fR using a +function such as \fISSL_CTX_use_certificate()\fR. +.PP +\&\fISSL_set0_chain()\fR, \fISSL_set1_chain()\fR, \fISSL_add0_chain_cert()\fR, +\&\fISSL_add1_chain_cert()\fR, \fISSL_get0_chain_certs()\fR, \fISSL_clear_chain_certs()\fR, +\&\fISSL_build_cert_chain()\fR, \fISSL_select_current_cert()\fR and \fISSL_set_current_cert()\fR +are similar except they apply to \s-1SSL\s0 structure \fBssl\fR. +.PP +\&\fISSL_CTX_set_current_cert()\fR changes the current certificate to a value based +on the \fBop\fR argument. Currently \fBop\fR can be \fB\s-1SSL_CERT_SET_FIRST\s0\fR to use +the first valid certificate or \fB\s-1SSL_CERT_SET_NEXT\s0\fR to set the next valid +certificate after the current certificate. These two operations can be +used to iterate over all certificates in an \fB\s-1SSL_CTX\s0\fR structure. +.PP +\&\fISSL_set_current_cert()\fR also supports the option \fB\s-1SSL_CERT_SET_SERVER\s0\fR. +If \fBssl\fR is a server and has sent a certificate to a connected client +this option sets that certificate to the current certificate and returns 1. +If the negotiated cipher suite is anonymous (and thus no certificate will +be sent) 2 is returned and the current certificate is unchanged. If \fBssl\fR +is not a server or a certificate has not been sent 0 is returned and +the current certificate is unchanged. +.PP +All these functions are implemented as macros. Those containing a \fB1\fR +increment the reference count of the supplied certificate or chain so it must +be freed at some point after the operation. Those containing a \fB0\fR do +not increment reference counts and the supplied certificate or chain +\&\fB\s-1MUST\s0 \s-1NOT\s0\fR be freed after the operation. +.SH "NOTES" +.IX Header "NOTES" +The chains associate with an \s-1SSL_CTX\s0 structure are copied to any \s-1SSL\s0 +structures when \fISSL_new()\fR is called. \s-1SSL\s0 structures will not be affected +by any chains subsequently changed in the parent \s-1SSL_CTX\s0. +.PP +One chain can be set for each key type supported by a server. So, for example, +an \s-1RSA\s0 and a \s-1DSA\s0 certificate can (and often will) have different chains. +.PP +The functions \fISSL_CTX_build_cert_chain()\fR and \fISSL_build_cert_chain()\fR can +be used to check application configuration and to ensure any necessary +subordinate CAs are sent in the correct order. Misconfigured applications +sending incorrect certificate chains often cause problems with peers. +.PP +For example an application can add any set of certificates using +\&\fISSL_CTX_use_certificate_chain_file()\fR then call \fISSL_CTX_build_cert_chain()\fR +with the option \fB\s-1SSL_BUILD_CHAIN_FLAG_CHECK\s0\fR to check and reorder them. +.PP +Applications can issue non fatal warnings when checking chains by setting +the flag \fB\s-1SSL_BUILD_CHAIN_FLAG_IGNORE_ERRORS\s0\fR and checking the return +value. +.PP +Calling \fISSL_CTX_build_cert_chain()\fR or \fISSL_build_cert_chain()\fR is more +efficient than the automatic chain building as it is only performed once. +Automatic chain building is performed on each new session. +.PP +If any certificates are added using these functions no certificates added +using \fISSL_CTX_add_extra_chain_cert()\fR will be used. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_set_current_cert()\fR with \fB\s-1SSL_CERT_SET_SERVER\s0\fR return 1 for success, 2 if +no server certificate is used because the cipher suites is anonymous and 0 +for failure. +.PP +\&\fISSL_CTX_build_cert_chain()\fR and \fISSL_build_cert_chain()\fR return 1 for success +and 0 for failure. If the flag \fB\s-1SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR\s0\fR and +a verification error occurs then 2 is returned. +.PP +All other functions return 1 for success and 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_CTX_add_extra_chain_cert\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.2. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2013\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CTX_add_extra_chain_cert.3 b/linux_amd64/share/man/man3/SSL_CTX_add_extra_chain_cert.3 new file mode 100755 index 0000000..98ab46e --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CTX_add_extra_chain_cert.3 @@ -0,0 +1,215 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_ADD_EXTRA_CHAIN_CERT 3" +.TH SSL_CTX_ADD_EXTRA_CHAIN_CERT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_add_extra_chain_cert, +SSL_CTX_get_extra_chain_certs, +SSL_CTX_get_extra_chain_certs_only, +SSL_CTX_clear_extra_chain_certs +\&\- add, get or clear extra chain certificates +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509); +\& long SSL_CTX_get_extra_chain_certs(SSL_CTX *ctx, STACK_OF(X509) **sk); +\& long SSL_CTX_get_extra_chain_certs_only(SSL_CTX *ctx, STACK_OF(X509) **sk); +\& long SSL_CTX_clear_extra_chain_certs(SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_add_extra_chain_cert()\fR adds the certificate \fBx509\fR to the extra chain +certificates associated with \fBctx\fR. Several certificates can be added one +after another. +.PP +\&\fISSL_CTX_get_extra_chain_certs()\fR retrieves the extra chain certificates +associated with \fBctx\fR, or the chain associated with the current certificate +of \fBctx\fR if the extra chain is empty. +The returned stack should not be freed by the caller. +.PP +\&\fISSL_CTX_get_extra_chain_certs_only()\fR retrieves the extra chain certificates +associated with \fBctx\fR. +The returned stack should not be freed by the caller. +.PP +\&\fISSL_CTX_clear_extra_chain_certs()\fR clears all extra chain certificates +associated with \fBctx\fR. +.PP +These functions are implemented as macros. +.SH "NOTES" +.IX Header "NOTES" +When sending a certificate chain, extra chain certificates are sent in order +following the end entity certificate. +.PP +If no chain is specified, the library will try to complete the chain from the +available \s-1CA\s0 certificates in the trusted \s-1CA\s0 storage, see +\&\fISSL_CTX_load_verify_locations\fR\|(3). +.PP +The \fBx509\fR certificate provided to \fISSL_CTX_add_extra_chain_cert()\fR will be +freed by the library when the \fB\s-1SSL_CTX\s0\fR is destroyed. An application +\&\fBshould not\fR free the \fBx509\fR object. +.SH "RESTRICTIONS" +.IX Header "RESTRICTIONS" +Only one set of extra chain certificates can be specified per \s-1SSL_CTX\s0 +structure. Different chains for different certificates (for example if both +\&\s-1RSA\s0 and \s-1DSA\s0 certificates are specified by the same server) or different \s-1SSL\s0 +structures with the same parent \s-1SSL_CTX\s0 cannot be specified using this +function. For more flexibility functions such as \fISSL_add1_chain_cert()\fR should +be used instead. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_add_extra_chain_cert()\fR and \fISSL_CTX_clear_extra_chain_certs()\fR return +1 on success and 0 for failure. Check out the error stack to find out the +reason for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_CTX_use_certificate\fR\|(3), +\&\fISSL_CTX_set_client_cert_cb\fR\|(3), +\&\fISSL_CTX_load_verify_locations\fR\|(3) +\&\fISSL_CTX_set0_chain\fR\|(3) +\&\fISSL_CTX_set1_chain\fR\|(3) +\&\fISSL_CTX_add0_chain_cert\fR\|(3) +\&\fISSL_CTX_add1_chain_cert\fR\|(3) +\&\fISSL_set0_chain\fR\|(3) +\&\fISSL_set1_chain\fR\|(3) +\&\fISSL_add0_chain_cert\fR\|(3) +\&\fISSL_add1_chain_cert\fR\|(3) +\&\fISSL_CTX_build_cert_chain\fR\|(3) +\&\fISSL_build_cert_chain\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CTX_add_session.3 b/linux_amd64/share/man/man3/SSL_CTX_add_session.3 new file mode 100755 index 0000000..3f86f47 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CTX_add_session.3 @@ -0,0 +1,191 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_ADD_SESSION 3" +.TH SSL_CTX_ADD_SESSION 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_add_session, SSL_CTX_remove_session \- manipulate session cache +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c); +\& +\& int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_add_session()\fR adds the session \fBc\fR to the context \fBctx\fR. The +reference count for session \fBc\fR is incremented by 1. If a session with +the same session id already exists, the old session is removed by calling +\&\fISSL_SESSION_free\fR\|(3). +.PP +\&\fISSL_CTX_remove_session()\fR removes the session \fBc\fR from the context \fBctx\fR and +marks it as non-resumable. \fISSL_SESSION_free\fR\|(3) is called once for \fBc\fR. +.SH "NOTES" +.IX Header "NOTES" +When adding a new session to the internal session cache, it is examined +whether a session with the same session id already exists. In this case +it is assumed that both sessions are identical. If the same session is +stored in a different \s-1SSL_SESSION\s0 object, The old session is +removed and replaced by the new session. If the session is actually +identical (the \s-1SSL_SESSION\s0 object is identical), \fISSL_CTX_add_session()\fR +is a no-op, and the return value is 0. +.PP +If a server \s-1SSL_CTX\s0 is configured with the \s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0 +flag then the internal cache will not be populated automatically by new +sessions negotiated by the \s-1SSL/TLS\s0 implementation, even though the internal +cache will be searched automatically for session-resume requests (the +latter can be suppressed by \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0). So the +application can use \fISSL_CTX_add_session()\fR directly to have full control +over the sessions that can be resumed if desired. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following values are returned by all functions: +.IP "0" 4 +The operation failed. In case of the add operation, it was tried to add +the same (identical) session twice. In case of the remove operation, the +session was not found in the cache. +.IP "1" 4 +.IX Item "1" +The operation succeeded. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_CTX_set_session_cache_mode\fR\|(3), +\&\fISSL_SESSION_free\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CTX_config.3 b/linux_amd64/share/man/man3/SSL_CTX_config.3 new file mode 100755 index 0000000..68ccf6b --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CTX_config.3 @@ -0,0 +1,216 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_CONFIG 3" +.TH SSL_CTX_CONFIG 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_config, SSL_config \- configure SSL_CTX or SSL structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_config(SSL_CTX *ctx, const char *name); +\& int SSL_config(SSL *s, const char *name); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The functions \fISSL_CTX_config()\fR and \fISSL_config()\fR configure an \fB\s-1SSL_CTX\s0\fR or +\&\fB\s-1SSL\s0\fR structure using the configuration \fBname\fR. +.SH "NOTES" +.IX Header "NOTES" +By calling \fISSL_CTX_config()\fR or \fISSL_config()\fR an application can perform many +complex tasks based on the contents of the configuration file: greatly +simplifying application configuration code. A degree of future proofing +can also be achieved: an application can support configuration features +in newer versions of OpenSSL automatically. +.PP +A configuration file must have been previously loaded, for example using +\&\fICONF_modules_load_file()\fR. See \fIconfig\fR\|(5) for details of the configuration +file syntax. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_config()\fR and \fISSL_config()\fR return 1 for success or 0 if an error +occurred. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +If the file \*(L"config.cnf\*(R" contains the following: +.PP +.Vb 1 +\& testapp = test_sect +\& +\& [test_sect] +\& # list of configuration modules +\& +\& ssl_conf = ssl_sect +\& +\& [ssl_sect] +\& server = server_section +\& +\& [server_section] +\& RSA.Certificate = server\-rsa.pem +\& ECDSA.Certificate = server\-ecdsa.pem +\& Ciphers = ALL:!RC4 +.Ve +.PP +An application could call: +.PP +.Vb 4 +\& if (CONF_modules_load_file("config.cnf", "testapp", 0) <= 0) { +\& fprintf(stderr, "Error processing config file\en"); +\& goto err; +\& } +\& +\& ctx = SSL_CTX_new(TLS_server_method()); +\& +\& if (SSL_CTX_config(ctx, "server") == 0) { +\& fprintf(stderr, "Error configuring server.\en"); +\& goto err; +\& } +.Ve +.PP +In this example two certificates and the cipher list are configured without +the need for any additional application code. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fIconfig\fR\|(5), +\&\fISSL_CONF_cmd\fR\|(3), +\&\fICONF_modules_load_file\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fISSL_CTX_config()\fR and \fISSL_config()\fR functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CTX_ctrl.3 b/linux_amd64/share/man/man3/SSL_CTX_ctrl.3 new file mode 100755 index 0000000..5b2425c --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CTX_ctrl.3 @@ -0,0 +1,166 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_CTRL 3" +.TH SSL_CTX_CTRL 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_ctrl, SSL_CTX_callback_ctrl, SSL_ctrl, SSL_callback_ctrl \- internal handling functions for SSL_CTX and SSL objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg); +\& long SSL_CTX_callback_ctrl(SSL_CTX *, int cmd, void (*fp)()); +\& +\& long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg); +\& long SSL_callback_ctrl(SSL *, int cmd, void (*fp)()); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The SSL_*\fI_ctrl()\fR family of functions is used to manipulate settings of +the \s-1SSL_CTX\s0 and \s-1SSL\s0 objects. Depending on the command \fBcmd\fR the arguments +\&\fBlarg\fR, \fBparg\fR, or \fBfp\fR are evaluated. These functions should never +be called directly. All functionalities needed are made available via +other functions or macros. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The return values of the SSL*\fI_ctrl()\fR functions depend on the command +supplied via the \fBcmd\fR parameter. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CTX_dane_enable.3 b/linux_amd64/share/man/man3/SSL_CTX_dane_enable.3 new file mode 100755 index 0000000..562cbb5 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CTX_dane_enable.3 @@ -0,0 +1,505 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_DANE_ENABLE 3" +.TH SSL_CTX_DANE_ENABLE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_dane_enable, SSL_CTX_dane_mtype_set, SSL_dane_enable, +SSL_dane_tlsa_add, SSL_get0_dane_authority, SSL_get0_dane_tlsa, +SSL_CTX_dane_set_flags, SSL_CTX_dane_clear_flags, +SSL_dane_set_flags, SSL_dane_clear_flags +\&\- enable DANE TLS authentication of the remote TLS server in the local +TLS client +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_dane_enable(SSL_CTX *ctx); +\& int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md, +\& uint8_t mtype, uint8_t ord); +\& int SSL_dane_enable(SSL *s, const char *basedomain); +\& int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector, +\& uint8_t mtype, unsigned const char *data, size_t dlen); +\& int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki); +\& int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector, +\& uint8_t *mtype, unsigned const char **data, +\& size_t *dlen); +\& unsigned long SSL_CTX_dane_set_flags(SSL_CTX *ctx, unsigned long flags); +\& unsigned long SSL_CTX_dane_clear_flags(SSL_CTX *ctx, unsigned long flags); +\& unsigned long SSL_dane_set_flags(SSL *ssl, unsigned long flags); +\& unsigned long SSL_dane_clear_flags(SSL *ssl, unsigned long flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions implement support for \s-1DANE\s0 \s-1TLSA\s0 (\s-1RFC6698\s0 and \s-1RFC7671\s0) +peer authentication. +.PP +\&\fISSL_CTX_dane_enable()\fR must be called first to initialize the shared state +required for \s-1DANE\s0 support. +Individual connections associated with the context can then enable +per-connection \s-1DANE\s0 support as appropriate. +\&\s-1DANE\s0 authentication is implemented in the \fIX509_verify_cert\fR\|(3) function, and +applications that override \fIX509_verify_cert\fR\|(3) via +\&\fISSL_CTX_set_cert_verify_callback\fR\|(3) are responsible to authenticate the peer +chain in whatever manner they see fit. +.PP +\&\fISSL_CTX_dane_mtype_set()\fR may then be called zero or more times to adjust the +supported digest algorithms. +This must be done before any \s-1SSL\s0 handles are created for the context. +.PP +The \fBmtype\fR argument specifies a \s-1DANE\s0 \s-1TLSA\s0 matching type and the \fBmd\fR +argument specifies the associated digest algorithm handle. +The \fBord\fR argument specifies a strength ordinal. +Algorithms with a larger strength ordinal are considered more secure. +Strength ordinals are used to implement \s-1RFC7671\s0 digest algorithm agility. +Specifying a \fB\s-1NULL\s0\fR digest algorithm for a matching type disables +support for that matching type. +Matching type \fIFull\fR\|(0) cannot be modified or disabled. +.PP +By default, matching type \f(CW\*(C`SHA2\-256(1)\*(C'\fR (see \s-1RFC7218\s0 for definitions +of the \s-1DANE\s0 \s-1TLSA\s0 parameter acronyms) is mapped to \f(CW\*(C`EVP_sha256()\*(C'\fR +with a strength ordinal of \f(CW1\fR and matching type \f(CW\*(C`SHA2\-512(2)\*(C'\fR +is mapped to \f(CW\*(C`EVP_sha512()\*(C'\fR with a strength ordinal of \f(CW2\fR. +.PP +\&\fISSL_dane_enable()\fR must be called before the \s-1SSL\s0 handshake is initiated with +\&\fISSL_connect\fR\|(3) if (and only if) you want to enable \s-1DANE\s0 for that connection. +(The connection must be associated with a DANE-enabled \s-1SSL\s0 context). +The \fBbasedomain\fR argument specifies the \s-1RFC7671\s0 \s-1TLSA\s0 base domain, +which will be the primary peer reference identifier for certificate +name checks. +Additional server names can be specified via \fISSL_add1_host\fR\|(3). +The \fBbasedomain\fR is used as the default \s-1SNI\s0 hint if none has yet been +specified via \fISSL_set_tlsext_host_name\fR\|(3). +.PP +\&\fISSL_dane_tlsa_add()\fR may then be called one or more times, to load each of the +\&\s-1TLSA\s0 records that apply to the remote \s-1TLS\s0 peer. +(This too must be done prior to the beginning of the \s-1SSL\s0 handshake). +The arguments specify the fields of the \s-1TLSA\s0 record. +The \fBdata\fR field is provided in binary (wire \s-1RDATA\s0) form, not the hexadecimal +\&\s-1ASCII\s0 presentation form, with an explicit length passed via \fBdlen\fR. +The library takes a copy of the \fBdata\fR buffer contents and the caller may +free the original \fBdata\fR buffer when convenient. +A return value of 0 indicates that \*(L"unusable\*(R" \s-1TLSA\s0 records (with invalid or +unsupported parameters) were provided. +A negative return value indicates an internal error in processing the record. +.PP +The caller is expected to check the return value of each \fISSL_dane_tlsa_add()\fR +call and take appropriate action if none are usable or an internal error +is encountered in processing some records. +.PP +If no \s-1TLSA\s0 records are added successfully, \s-1DANE\s0 authentication is not enabled, +and authentication will be based on any configured traditional trust-anchors; +authentication success in this case does not mean that the peer was +DANE-authenticated. +.PP +\&\fISSL_get0_dane_authority()\fR can be used to get more detailed information about +the matched \s-1DANE\s0 trust-anchor after successful connection completion. +The return value is negative if \s-1DANE\s0 verification failed (or was not enabled), +0 if an \s-1EE\s0 \s-1TLSA\s0 record directly matched the leaf certificate, or a positive +number indicating the depth at which a \s-1TA\s0 record matched an issuer certificate. +The complete verified chain can be retrieved via \fISSL_get0_verified_chain\fR\|(3). +The return value is an index into this verified chain, rather than the list of +certificates sent by the peer as returned by \fISSL_get_peer_cert_chain\fR\|(3). +.PP +If the \fBmcert\fR argument is not \fB\s-1NULL\s0\fR and a \s-1TLSA\s0 record matched a chain +certificate, a pointer to the matching certificate is returned via \fBmcert\fR. +The returned address is a short-term internal reference to the certificate and +must not be freed by the application. +Applications that want to retain access to the certificate can call +\&\fIX509_up_ref\fR\|(3) to obtain a long-term reference which must then be freed via +\&\fIX509_free\fR\|(3) once no longer needed. +.PP +If no \s-1TLSA\s0 records directly matched any elements of the certificate chain, but +a \s-1\fIDANE\-TA\s0\fR\|(2) \s-1\fISPKI\s0\fR\|(1) \fIFull\fR\|(0) record provided the public key that signed an +element of the chain, then that key is returned via \fBmspki\fR argument (if not +\&\s-1NULL\s0). +In this case the return value is the depth of the top-most element of the +validated certificate chain. +As with \fBmcert\fR this is a short-term internal reference, and +\&\fIEVP_PKEY_up_ref\fR\|(3) and \fIEVP_PKEY_free\fR\|(3) can be used to acquire and +release long-term references respectively. +.PP +\&\fISSL_get0_dane_tlsa()\fR can be used to retrieve the fields of the \s-1TLSA\s0 record that +matched the peer certificate chain. +The return value indicates the match depth or failure to match just as with +\&\fISSL_get0_dane_authority()\fR. +When the return value is non-negative, the storage pointed to by the \fBusage\fR, +\&\fBselector\fR, \fBmtype\fR and \fBdata\fR parameters is updated to the corresponding +\&\s-1TLSA\s0 record fields. +The \fBdata\fR field is in binary wire form, and is therefore not NUL-terminated, +its length is returned via the \fBdlen\fR parameter. +If any of these parameters is \s-1NULL\s0, the corresponding field is not returned. +The \fBdata\fR parameter is set to a short-term internal-copy of the associated +data field and must not be freed by the application. +Applications that need long-term access to this field need to copy the content. +.PP +\&\fISSL_CTX_dane_set_flags()\fR and \fISSL_dane_set_flags()\fR can be used to enable +optional \s-1DANE\s0 verification features. +\&\fISSL_CTX_dane_clear_flags()\fR and \fISSL_dane_clear_flags()\fR can be used to disable +the same features. +The \fBflags\fR argument is a bit-mask of the features to enable or disable. +The \fBflags\fR set for an \fB\s-1SSL_CTX\s0\fR context are copied to each \fB\s-1SSL\s0\fR handle +associated with that context at the time the handle is created. +Subsequent changes in the context's \fBflags\fR have no effect on the \fBflags\fR set +for the handle. +.PP +At present, the only available option is \fB\s-1DANE_FLAG_NO_DANE_EE_NAMECHECKS\s0\fR +which can be used to disable server name checks when authenticating via +\&\s-1\fIDANE\-EE\s0\fR\|(3) \s-1TLSA\s0 records. +For some applications, primarily web browsers, it is not safe to disable name +checks due to \*(L"unknown key share\*(R" attacks, in which a malicious server can +convince a client that a connection to a victim server is instead a secure +connection to the malicious server. +The malicious server may then be able to violate cross-origin scripting +restrictions. +Thus, despite the text of \s-1RFC7671\s0, name checks are by default enabled for +\&\s-1\fIDANE\-EE\s0\fR\|(3) \s-1TLSA\s0 records, and can be disabled in applications where it is safe +to do so. +In particular, \s-1SMTP\s0 and \s-1XMPP\s0 clients should set this option as \s-1SRV\s0 and \s-1MX\s0 +records already make it possible for a remote domain to redirect client +connections to any server of its choice, and in any case \s-1SMTP\s0 and \s-1XMPP\s0 clients +do not execute scripts downloaded from remote servers. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The functions \fISSL_CTX_dane_enable()\fR, \fISSL_CTX_dane_mtype_set()\fR, +\&\fISSL_dane_enable()\fR and \fISSL_dane_tlsa_add()\fR return a positive value on success. +Negative return values indicate resource problems (out of memory, etc.) in the +\&\s-1SSL\s0 library, while a return value of \fB0\fR indicates incorrect usage or invalid +input, such as an unsupported \s-1TLSA\s0 record certificate usage, selector or +matching type. +Invalid input also includes malformed data, either a digest length that does +not match the digest algorithm, or a \f(CWFull(0)\fR (binary \s-1ASN\s0.1 \s-1DER\s0 form) +certificate or a public key that fails to parse. +.PP +The functions \fISSL_get0_dane_authority()\fR and \fISSL_get0_dane_tlsa()\fR return a +negative value when \s-1DANE\s0 authentication failed or was not enabled, a +non-negative value indicates the chain depth at which the \s-1TLSA\s0 record matched a +chain certificate, or the depth of the top-most certificate, when the \s-1TLSA\s0 +record is a full public key that is its signer. +.PP +The functions \fISSL_CTX_dane_set_flags()\fR, \fISSL_CTX_dane_clear_flags()\fR, +\&\fISSL_dane_set_flags()\fR and \fISSL_dane_clear_flags()\fR return the \fBflags\fR in effect +before they were called. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Suppose \*(L"smtp.example.com\*(R" is the \s-1MX\s0 host of the domain \*(L"example.com\*(R", and has +DNSSEC-validated \s-1TLSA\s0 records. +The calls below will perform \s-1DANE\s0 authentication and arrange to match either +the \s-1MX\s0 hostname or the destination domain name in the \s-1SMTP\s0 server certificate. +Wildcards are supported, but must match the entire label. +The actual name matched in the certificate (which might be a wildcard) is +retrieved, and must be copied by the application if it is to be retained beyond +the lifetime of the \s-1SSL\s0 connection. +.PP +.Vb 7 +\& SSL_CTX *ctx; +\& SSL *ssl; +\& int (*verify_cb)(int ok, X509_STORE_CTX *sctx) = NULL; +\& int num_usable = 0; +\& const char *nexthop_domain = "example.com"; +\& const char *dane_tlsa_domain = "smtp.example.com"; +\& uint8_t usage, selector, mtype; +\& +\& if ((ctx = SSL_CTX_new(TLS_client_method())) == NULL) +\& /* error */ +\& if (SSL_CTX_dane_enable(ctx) <= 0) +\& /* error */ +\& if ((ssl = SSL_new(ctx)) == NULL) +\& /* error */ +\& if (SSL_dane_enable(ssl, dane_tlsa_domain) <= 0) +\& /* error */ +\& +\& /* +\& * For many applications it is safe to skip DANE\-EE(3) namechecks. Do not +\& * disable the checks unless "unknown key share" attacks pose no risk for +\& * your application. +\& */ +\& SSL_dane_set_flags(ssl, DANE_FLAG_NO_DANE_EE_NAMECHECKS); +\& +\& if (!SSL_add1_host(ssl, nexthop_domain)) +\& /* error */ +\& SSL_set_hostflags(ssl, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); +\& +\& for (... each TLSA record ...) { +\& unsigned char *data; +\& size_t len; +\& int ret; +\& +\& /* set usage, selector, mtype, data, len */ +\& +\& /* +\& * Opportunistic DANE TLS clients support only DANE\-TA(2) or DANE\-EE(3). +\& * They treat all other certificate usages, and in particular PKIX\-TA(0) +\& * and PKIX\-EE(1), as unusable. +\& */ +\& switch (usage) { +\& default: +\& case 0: /* PKIX\-TA(0) */ +\& case 1: /* PKIX\-EE(1) */ +\& continue; +\& case 2: /* DANE\-TA(2) */ +\& case 3: /* DANE\-EE(3) */ +\& break; +\& } +\& +\& ret = SSL_dane_tlsa_add(ssl, usage, selector, mtype, data, len); +\& /* free data as appropriate */ +\& +\& if (ret < 0) +\& /* handle SSL library internal error */ +\& else if (ret == 0) +\& /* handle unusable TLSA record */ +\& else +\& ++num_usable; +\& } +\& +\& /* +\& * At this point, the verification mode is still the default SSL_VERIFY_NONE. +\& * Opportunistic DANE clients use unauthenticated TLS when all TLSA records +\& * are unusable, so continue the handshake even if authentication fails. +\& */ +\& if (num_usable == 0) { +\& /* Log all records unusable? */ +\& +\& /* Optionally set verify_cb to a suitable non\-NULL callback. */ +\& SSL_set_verify(ssl, SSL_VERIFY_NONE, verify_cb); +\& } else { +\& /* At least one usable record. We expect to verify the peer */ +\& +\& /* Optionally set verify_cb to a suitable non\-NULL callback. */ +\& +\& /* +\& * Below we elect to fail the handshake when peer verification fails. +\& * Alternatively, use the permissive SSL_VERIFY_NONE verification mode, +\& * complete the handshake, check the verification status, and if not +\& * verified disconnect gracefully at the application layer, especially if +\& * application protocol supports informing the server that authentication +\& * failed. +\& */ +\& SSL_set_verify(ssl, SSL_VERIFY_PEER, verify_cb); +\& } +\& +\& /* +\& * Load any saved session for resumption, making sure that the previous +\& * session applied the same security and authentication requirements that +\& * would be expected of a fresh connection. +\& */ +\& +\& /* Perform SSL_connect() handshake and handle errors here */ +\& +\& if (SSL_session_reused(ssl)) { +\& if (SSL_get_verify_result(ssl) == X509_V_OK) { +\& /* +\& * Resumed session was originally verified, this connection is +\& * authenticated. +\& */ +\& } else { +\& /* +\& * Resumed session was not originally verified, this connection is not +\& * authenticated. +\& */ +\& } +\& } else if (SSL_get_verify_result(ssl) == X509_V_OK) { +\& const char *peername = SSL_get0_peername(ssl); +\& EVP_PKEY *mspki = NULL; +\& +\& int depth = SSL_get0_dane_authority(ssl, NULL, &mspki); +\& if (depth >= 0) { +\& (void) SSL_get0_dane_tlsa(ssl, &usage, &selector, &mtype, NULL, NULL); +\& printf("DANE TLSA %d %d %d %s at depth %d\en", usage, selector, mtype, +\& (mspki != NULL) ? "TA public key verified certificate" : +\& depth ? "matched TA certificate" : "matched EE certificate", +\& depth); +\& } +\& if (peername != NULL) { +\& /* Name checks were in scope and matched the peername */ +\& printf("Verified peername: %s\en", peername); +\& } +\& } else { +\& /* +\& * Not authenticated, presumably all TLSA rrs unusable, but possibly a +\& * callback suppressed connection termination despite the presence of +\& * usable TLSA RRs none of which matched. Do whatever is appropriate for +\& * fresh unauthenticated connections. +\& */ +\& } +.Ve +.SH "NOTES" +.IX Header "NOTES" +It is expected that the majority of clients employing \s-1DANE\s0 \s-1TLS\s0 will be doing +\&\*(L"opportunistic \s-1DANE\s0 \s-1TLS\s0\*(R" in the sense of \s-1RFC7672\s0 and \s-1RFC7435\s0. +That is, they will use \s-1DANE\s0 authentication when DNSSEC-validated \s-1TLSA\s0 records +are published for a given peer, and otherwise will use unauthenticated \s-1TLS\s0 or +even cleartext. +.PP +Such applications should generally treat any \s-1TLSA\s0 records published by the peer +with usages \s-1\fIPKIX\-TA\s0\fR\|(0) and \s-1\fIPKIX\-EE\s0\fR\|(1) as \*(L"unusable\*(R", and should not include +them among the \s-1TLSA\s0 records used to authenticate peer connections. +In addition, some \s-1TLSA\s0 records with supported usages may be \*(L"unusable\*(R" as a +result of invalid or unsupported parameters. +.PP +When a peer has \s-1TLSA\s0 records, but none are \*(L"usable\*(R", an opportunistic +application must avoid cleartext, but cannot authenticate the peer, +and so should generally proceed with an unauthenticated connection. +Opportunistic applications need to note the return value of each +call to \fISSL_dane_tlsa_add()\fR, and if all return 0 (due to invalid +or unsupported parameters) disable peer authentication by calling +\&\fISSL_set_verify\fR\|(3) with \fBmode\fR equal to \fB\s-1SSL_VERIFY_NONE\s0\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_new\fR\|(3), +\&\fISSL_add1_host\fR\|(3), +\&\fISSL_set_hostflags\fR\|(3), +\&\fISSL_set_tlsext_host_name\fR\|(3), +\&\fISSL_set_verify\fR\|(3), +\&\fISSL_CTX_set_cert_verify_callback\fR\|(3), +\&\fISSL_get0_verified_chain\fR\|(3), +\&\fISSL_get_peer_cert_chain\fR\|(3), +\&\fISSL_get_verify_result\fR\|(3), +\&\fISSL_connect\fR\|(3), +\&\fISSL_get0_peername\fR\|(3), +\&\fIX509_verify_cert\fR\|(3), +\&\fIX509_up_ref\fR\|(3), +\&\fIX509_free\fR\|(3), +\&\fIEVP_get_digestbyname\fR\|(3), +\&\fIEVP_PKEY_up_ref\fR\|(3), +\&\fIEVP_PKEY_free\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CTX_flush_sessions.3 b/linux_amd64/share/man/man3/SSL_CTX_flush_sessions.3 new file mode 100755 index 0000000..7b1333e --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CTX_flush_sessions.3 @@ -0,0 +1,179 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_FLUSH_SESSIONS 3" +.TH SSL_CTX_FLUSH_SESSIONS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_flush_sessions \- remove expired sessions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_flush_sessions()\fR causes a run through the session cache of +\&\fBctx\fR to remove sessions expired at time \fBtm\fR. +.SH "NOTES" +.IX Header "NOTES" +If enabled, the internal session cache will collect all sessions established +up to the specified maximum number (see \fISSL_CTX_sess_set_cache_size()\fR). +As sessions will not be reused ones they are expired, they should be +removed from the cache to save resources. This can either be done +automatically whenever 255 new sessions were established (see +\&\fISSL_CTX_set_session_cache_mode\fR\|(3)) +or manually by calling \fISSL_CTX_flush_sessions()\fR. +.PP +The parameter \fBtm\fR specifies the time which should be used for the +expiration test, in most cases the actual time given by \fItime\fR\|(0) +will be used. +.PP +\&\fISSL_CTX_flush_sessions()\fR will only check sessions stored in the internal +cache. When a session is found and removed, the remove_session_cb is however +called to synchronize with the external cache (see +\&\fISSL_CTX_sess_set_get_cb\fR\|(3)). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_flush_sessions()\fR does not return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_CTX_set_session_cache_mode\fR\|(3), +\&\fISSL_CTX_set_timeout\fR\|(3), +\&\fISSL_CTX_sess_set_get_cb\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CTX_free.3 b/linux_amd64/share/man/man3/SSL_CTX_free.3 new file mode 100755 index 0000000..f891e3a --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CTX_free.3 @@ -0,0 +1,173 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_FREE 3" +.TH SSL_CTX_FREE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_free \- free an allocated SSL_CTX object +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_free(SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_free()\fR decrements the reference count of \fBctx\fR, and removes the +\&\s-1SSL_CTX\s0 object pointed to by \fBctx\fR and frees up the allocated memory if the reference count has reached 0. +.PP +It also calls the \fIfree()\fRing procedures for indirectly affected items, if +applicable: the session cache, the list of ciphers, the list of Client CAs, +the certificates and keys. +.PP +If \fBctx\fR is \s-1NULL\s0 nothing is done. +.SH "WARNINGS" +.IX Header "WARNINGS" +If a session-remove callback is set (\fISSL_CTX_sess_set_remove_cb()\fR), this +callback will be called for each session being freed from \fBctx\fR's +session cache. This implies, that all corresponding sessions from an +external session cache are removed as well. If this is not desired, the user +should explicitly unset the callback by calling +SSL_CTX_sess_set_remove_cb(\fBctx\fR, \s-1NULL\s0) prior to calling \fISSL_CTX_free()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_free()\fR does not provide diagnostic information. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fISSL_CTX_new\fR\|(3), \fIssl\fR\|(7), +\&\fISSL_CTX_sess_set_get_cb\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CTX_get0_param.3 b/linux_amd64/share/man/man3/SSL_CTX_get0_param.3 new file mode 100755 index 0000000..aa93b4d --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CTX_get0_param.3 @@ -0,0 +1,187 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_GET0_PARAM 3" +.TH SSL_CTX_GET0_PARAM 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_get0_param, SSL_get0_param, SSL_CTX_set1_param, SSL_set1_param \- +get and set verification parameters +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx) +\& X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl) +\& int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm) +\& int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_get0_param()\fR and \fISSL_get0_param()\fR retrieve an internal pointer to +the verification parameters for \fBctx\fR or \fBssl\fR respectively. The returned +pointer must not be freed by the calling application. +.PP +\&\fISSL_CTX_set1_param()\fR and \fISSL_set1_param()\fR set the verification parameters +to \fBvpm\fR for \fBctx\fR or \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +Typically parameters are retrieved from an \fB\s-1SSL_CTX\s0\fR or \fB\s-1SSL\s0\fR structure +using \fISSL_CTX_get0_param()\fR or \fISSL_get0_param()\fR and an application modifies +them to suit its needs: for example to add a hostname check. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_get0_param()\fR and \fISSL_get0_param()\fR return a pointer to an +\&\fBX509_VERIFY_PARAM\fR structure. +.PP +\&\fISSL_CTX_set1_param()\fR and \fISSL_set1_param()\fR return 1 for success and 0 +for failure. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Check hostname matches \*(L"www.foo.com\*(R" in peer certificate: +.PP +.Vb 2 +\& X509_VERIFY_PARAM *vpm = SSL_get0_param(ssl); +\& X509_VERIFY_PARAM_set1_host(vpm, "www.foo.com", 0); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fIX509_VERIFY_PARAM_set_flags\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.2. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CTX_get_verify_mode.3 b/linux_amd64/share/man/man3/SSL_CTX_get_verify_mode.3 new file mode 100755 index 0000000..e1b65cf --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CTX_get_verify_mode.3 @@ -0,0 +1,182 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_GET_VERIFY_MODE 3" +.TH SSL_CTX_GET_VERIFY_MODE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_get_verify_mode, SSL_get_verify_mode, SSL_CTX_get_verify_depth, SSL_get_verify_depth, SSL_get_verify_callback, SSL_CTX_get_verify_callback \- get currently set verification parameters +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_get_verify_mode(const SSL_CTX *ctx); +\& int SSL_get_verify_mode(const SSL *ssl); +\& int SSL_CTX_get_verify_depth(const SSL_CTX *ctx); +\& int SSL_get_verify_depth(const SSL *ssl); +\& int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *); +\& int (*SSL_get_verify_callback(const SSL *ssl))(int, X509_STORE_CTX *); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_get_verify_mode()\fR returns the verification mode currently set in +\&\fBctx\fR. +.PP +\&\fISSL_get_verify_mode()\fR returns the verification mode currently set in +\&\fBssl\fR. +.PP +\&\fISSL_CTX_get_verify_depth()\fR returns the verification depth limit currently set +in \fBctx\fR. If no limit has been explicitly set, \-1 is returned and the +default value will be used. +.PP +\&\fISSL_get_verify_depth()\fR returns the verification depth limit currently set +in \fBssl\fR. If no limit has been explicitly set, \-1 is returned and the +default value will be used. +.PP +\&\fISSL_CTX_get_verify_callback()\fR returns a function pointer to the verification +callback currently set in \fBctx\fR. If no callback was explicitly set, the +\&\s-1NULL\s0 pointer is returned and the default callback will be used. +.PP +\&\fISSL_get_verify_callback()\fR returns a function pointer to the verification +callback currently set in \fBssl\fR. If no callback was explicitly set, the +\&\s-1NULL\s0 pointer is returned and the default callback will be used. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +See \s-1DESCRIPTION\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_CTX_set_verify\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CTX_has_client_custom_ext.3 b/linux_amd64/share/man/man3/SSL_CTX_has_client_custom_ext.3 new file mode 100755 index 0000000..e66cae0 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CTX_has_client_custom_ext.3 @@ -0,0 +1,160 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_HAS_CLIENT_CUSTOM_EXT 3" +.TH SSL_CTX_HAS_CLIENT_CUSTOM_EXT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_has_client_custom_ext \- check whether a handler exists for a particular +client extension type +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_has_client_custom_ext(const SSL_CTX *ctx, unsigned int ext_type); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_has_client_custom_ext()\fR checks whether a handler has been set for a +client extension of type \fBext_type\fR using \fISSL_CTX_add_client_custom_ext()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Returns 1 if a handler has been set, 0 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_CTX_add_client_custom_ext\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CTX_load_verify_locations.3 b/linux_amd64/share/man/man3/SSL_CTX_load_verify_locations.3 new file mode 100755 index 0000000..d7c1c5a --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CTX_load_verify_locations.3 @@ -0,0 +1,307 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_LOAD_VERIFY_LOCATIONS 3" +.TH SSL_CTX_LOAD_VERIFY_LOCATIONS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_load_verify_dir, SSL_CTX_load_verify_file, +SSL_CTX_load_verify_store, SSL_CTX_set_default_verify_paths, +SSL_CTX_set_default_verify_dir, SSL_CTX_set_default_verify_file, +SSL_CTX_set_default_verify_store, SSL_CTX_load_verify_locations +\&\- set default locations for trusted CA certificates +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_load_verify_dir(SSL_CTX *ctx, const char *CApath); +\& int SSL_CTX_load_verify_file(SSL_CTX *ctx, const char *CAfile); +\& int SSL_CTX_load_verify_store(SSL_CTX *ctx, const char *CAstore); +\& +\& int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); +\& +\& int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx); +\& int SSL_CTX_set_default_verify_file(SSL_CTX *ctx); +\& int SSL_CTX_set_default_verify_store(SSL_CTX *ctx); +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 2 +\& int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, +\& const char *CApath); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_load_verify_dir()\fR, \fISSL_CTX_load_verify_file()\fR, +\&\fISSL_CTX_load_verify_store()\fR specifies the locations for \fBctx\fR, at +which \s-1CA\s0 certificates for verification purposes are located. The +certificates available via \fBCAfile\fR, \fBCApath\fR and \fBCAstore\fR are +trusted. +.PP +\&\fISSL_CTX_set_default_verify_paths()\fR specifies that the default locations from +which \s-1CA\s0 certificates are loaded should be used. There is one default directory, +one default file and one default store. +The default \s-1CA\s0 certificates directory is called \fIcerts\fR in the default OpenSSL +directory, and this is also the default store. +Alternatively the \fB\s-1SSL_CERT_DIR\s0\fR environment variable can be defined to +override this location. +The default \s-1CA\s0 certificates file is called \fIcert.pem\fR in the default +OpenSSL directory. +Alternatively the \fB\s-1SSL_CERT_FILE\s0\fR environment variable can be defined to +override this location. +.PP +\&\fISSL_CTX_set_default_verify_dir()\fR is similar to +\&\fISSL_CTX_set_default_verify_paths()\fR except that just the default directory is +used. +.PP +\&\fISSL_CTX_set_default_verify_file()\fR is similar to +\&\fISSL_CTX_set_default_verify_paths()\fR except that just the default file is +used. +.PP +\&\fISSL_CTX_set_default_verify_store()\fR is similar to +\&\fISSL_CTX_set_default_verify_paths()\fR except that just the default store is +used. +.SH "NOTES" +.IX Header "NOTES" +If \fBCAfile\fR is not \s-1NULL\s0, it points to a file of \s-1CA\s0 certificates in \s-1PEM\s0 +format. The file can contain several \s-1CA\s0 certificates identified by +.PP +.Vb 3 +\& \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\- +\& ... (CA certificate in base64 encoding) ... +\& \-\-\-\-\-END CERTIFICATE\-\-\-\-\- +.Ve +.PP +sequences. Before, between, and after the certificates text is allowed +which can be used e.g. for descriptions of the certificates. +.PP +The \fBCAfile\fR is processed on execution of the \fISSL_CTX_load_verify_locations()\fR +function. +.PP +If \fBCApath\fR is not \s-1NULL\s0, it points to a directory containing \s-1CA\s0 certificates +in \s-1PEM\s0 format. The files each contain one \s-1CA\s0 certificate. The files are +looked up by the \s-1CA\s0 subject name hash value, which must hence be available. +If more than one \s-1CA\s0 certificate with the same name hash value exist, the +extension must be different (e.g. 9d66eef0.0, 9d66eef0.1 etc). The search +is performed in the ordering of the extension number, regardless of other +properties of the certificates. +Use the \fBc_rehash\fR utility to create the necessary links. +.PP +The certificates in \fBCApath\fR are only looked up when required, e.g. when +building the certificate chain or when actually performing the verification +of a peer certificate. +.PP +When looking up \s-1CA\s0 certificates, the OpenSSL library will first search the +certificates in \fBCAfile\fR, then those in \fBCApath\fR. Certificate matching +is done based on the subject name, the key identifier (if present), and the +serial number as taken from the certificate to be verified. If these data +do not match, the next certificate will be tried. If a first certificate +matching the parameters is found, the verification process will be performed; +no other certificates for the same parameters will be searched in case of +failure. +.PP +If \fBCAstore\fR is not \s-1NULL\s0, it's a \s-1URI\s0 for to a store, which may +represent a single container or a whole catalogue of containers. +Apart from the \fBCAstore\fR not necessarily being a local file or +directory, it's generally treated the same way as a \fBCApath\fR. +.PP +In server mode, when requesting a client certificate, the server must send +the list of CAs of which it will accept client certificates. This list +is not influenced by the contents of \fBCAfile\fR or \fBCApath\fR and must +explicitly be set using the +\&\fISSL_CTX_set_client_CA_list\fR\|(3) +family of functions. +.PP +When building its own certificate chain, an OpenSSL client/server will +try to fill in missing certificates from \fBCAfile\fR/\fBCApath\fR, if the +certificate chain was not explicitly specified (see +\&\fISSL_CTX_add_extra_chain_cert\fR\|(3), +\&\fISSL_CTX_use_certificate\fR\|(3). +.SH "WARNINGS" +.IX Header "WARNINGS" +If several \s-1CA\s0 certificates matching the name, key identifier, and serial +number condition are available, only the first one will be examined. This +may lead to unexpected results if the same \s-1CA\s0 certificate is available +with different expiration dates. If a \*(L"certificate expired\*(R" verification +error occurs, no other certificate will be searched. Make sure to not +have expired certificates mixed with valid ones. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +For SSL_CTX_load_verify_locations the following return values can occur: +.IP "0" 4 +The operation failed because \fBCAfile\fR and \fBCApath\fR are \s-1NULL\s0 or the +processing at one of the locations specified failed. Check the error +stack to find out the reason. +.IP "1" 4 +.IX Item "1" +The operation succeeded. +.PP +\&\fISSL_CTX_set_default_verify_paths()\fR, \fISSL_CTX_set_default_verify_dir()\fR and +\&\fISSL_CTX_set_default_verify_file()\fR all return 1 on success or 0 on failure. A +missing default location is still treated as a success. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Generate a \s-1CA\s0 certificate file with descriptive text from the \s-1CA\s0 certificates +ca1.pem ca2.pem ca3.pem: +.PP +.Vb 5 +\& #!/bin/sh +\& rm CAfile.pem +\& for i in ca1.pem ca2.pem ca3.pem ; do +\& openssl x509 \-in $i \-text >> CAfile.pem +\& done +.Ve +.PP +Prepare the directory /some/where/certs containing several \s-1CA\s0 certificates +for use as \fBCApath\fR: +.PP +.Vb 2 +\& cd /some/where/certs +\& c_rehash . +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_CTX_set_client_CA_list\fR\|(3), +\&\fISSL_get_client_CA_list\fR\|(3), +\&\fISSL_CTX_use_certificate\fR\|(3), +\&\fISSL_CTX_add_extra_chain_cert\fR\|(3), +\&\fISSL_CTX_set_cert_store\fR\|(3), +\&\fISSL_CTX_set_client_CA_list\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CTX_new.3 b/linux_amd64/share/man/man3/SSL_CTX_new.3 new file mode 100755 index 0000000..6aa6f19 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CTX_new.3 @@ -0,0 +1,340 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_NEW 3" +.TH SSL_CTX_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +TLSv1_2_method, TLSv1_2_server_method, TLSv1_2_client_method, +SSL_CTX_new, SSL_CTX_new_with_libctx, SSL_CTX_up_ref, SSLv3_method, +SSLv3_server_method, SSLv3_client_method, TLSv1_method, TLSv1_server_method, +TLSv1_client_method, TLSv1_1_method, TLSv1_1_server_method, +TLSv1_1_client_method, TLS_method, TLS_server_method, TLS_client_method, +SSLv23_method, SSLv23_server_method, SSLv23_client_method, DTLS_method, +DTLS_server_method, DTLS_client_method, DTLSv1_method, DTLSv1_server_method, +DTLSv1_client_method, DTLSv1_2_method, DTLSv1_2_server_method, +DTLSv1_2_client_method +\&\- create a new SSL_CTX object as framework for TLS/SSL or DTLS enabled +functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& SSL_CTX *SSL_CTX_new_with_libctx(OPENSSL_CTX *libctx, const char *propq, +\& const SSL_METHOD *method); +\& SSL_CTX *SSL_CTX_new(const SSL_METHOD *method); +\& int SSL_CTX_up_ref(SSL_CTX *ctx); +\& +\& const SSL_METHOD *TLS_method(void); +\& const SSL_METHOD *TLS_server_method(void); +\& const SSL_METHOD *TLS_client_method(void); +\& +\& const SSL_METHOD *SSLv23_method(void); +\& const SSL_METHOD *SSLv23_server_method(void); +\& const SSL_METHOD *SSLv23_client_method(void); +\& +\& #ifndef OPENSSL_NO_SSL3_METHOD +\& const SSL_METHOD *SSLv3_method(void); +\& const SSL_METHOD *SSLv3_server_method(void); +\& const SSL_METHOD *SSLv3_client_method(void); +\& #endif +\& +\& #ifndef OPENSSL_NO_TLS1_METHOD +\& const SSL_METHOD *TLSv1_method(void); +\& const SSL_METHOD *TLSv1_server_method(void); +\& const SSL_METHOD *TLSv1_client_method(void); +\& #endif +\& +\& #ifndef OPENSSL_NO_TLS1_1_METHOD +\& const SSL_METHOD *TLSv1_1_method(void); +\& const SSL_METHOD *TLSv1_1_server_method(void); +\& const SSL_METHOD *TLSv1_1_client_method(void); +\& #endif +\& +\& #ifndef OPENSSL_NO_TLS1_2_METHOD +\& const SSL_METHOD *TLSv1_2_method(void); +\& const SSL_METHOD *TLSv1_2_server_method(void); +\& const SSL_METHOD *TLSv1_2_client_method(void); +\& #endif +\& +\& const SSL_METHOD *DTLS_method(void); +\& const SSL_METHOD *DTLS_server_method(void); +\& const SSL_METHOD *DTLS_client_method(void); +\& +\& #ifndef OPENSSL_NO_DTLS1_METHOD +\& const SSL_METHOD *DTLSv1_method(void); +\& const SSL_METHOD *DTLSv1_server_method(void); +\& const SSL_METHOD *DTLSv1_client_method(void); +\& #endif +\& +\& #ifndef OPENSSL_NO_DTLS1_2_METHOD +\& const SSL_METHOD *DTLSv1_2_method(void); +\& const SSL_METHOD *DTLSv1_2_server_method(void); +\& const SSL_METHOD *DTLSv1_2_client_method(void); +\& #endif +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_new_with_libctx()\fR creates a new \fB\s-1SSL_CTX\s0\fR object as a framework to +establish \s-1TLS/SSL\s0 or \s-1DTLS\s0 enabled connections using the library context +\&\fIlibctx\fR (see \s-1\fIOPENSSL_CTX\s0\fR\|(3)). Any cryptographic algorithms that are used +by any \fB\s-1SSL\s0\fR objects created from this \fB\s-1SSL_CTX\s0\fR will be fetched from the +\&\fIlibctx\fR using the property query string \fIpropq\fR (see +\&\*(L"Fetching algorithms\*(R" in \fIprovider\fR\|(7). Either or both the \fIlibctx\fR or \fIpropq\fR +parameters may be \s-1NULL\s0. +.PP +\&\fISSL_CTX_new()\fR does the same as \fISSL_CTX_new_with_libctx()\fR except that the default +library context is used and no property query string is specified. +.PP +An \fB\s-1SSL_CTX\s0\fR object is reference counted. Creating an \fB\s-1SSL_CTX\s0\fR object for the +first time increments the reference count. Freeing the \fB\s-1SSL_CTX\s0\fR (using +SSL_CTX_free) decrements it. When the reference count drops to zero, any memory +or resources allocated to the \fB\s-1SSL_CTX\s0\fR object are freed. \fISSL_CTX_up_ref()\fR +increments the reference count for an existing \fB\s-1SSL_CTX\s0\fR structure. +.SH "NOTES" +.IX Header "NOTES" +The \s-1SSL_CTX\s0 object uses \fImethod\fR as the connection method. +The methods exist in a generic type (for client and server use), a server only +type, and a client only type. +\&\fBmethod\fR can be one of the following types: +.IP "\fITLS_method()\fR, \fITLS_server_method()\fR, \fITLS_client_method()\fR" 4 +.IX Item "TLS_method(), TLS_server_method(), TLS_client_method()" +These are the general-purpose \fIversion-flexible\fR \s-1SSL/TLS\s0 methods. +The actual protocol version used will be negotiated to the highest version +mutually supported by the client and the server. +The supported protocols are SSLv3, TLSv1, TLSv1.1, TLSv1.2 and TLSv1.3. +Applications should use these methods, and avoid the version-specific +methods described below, which are deprecated. +.IP "\fISSLv23_method()\fR, \fISSLv23_server_method()\fR, \fISSLv23_client_method()\fR" 4 +.IX Item "SSLv23_method(), SSLv23_server_method(), SSLv23_client_method()" +These functions do not exist anymore, they have been renamed to +\&\fITLS_method()\fR, \fITLS_server_method()\fR and \fITLS_client_method()\fR respectively. +Currently, the old function calls are renamed to the corresponding new +ones by preprocessor macros, to ensure that existing code which uses the +old function names still compiles. However, using the old function names +is deprecated and new code should call the new functions instead. +.IP "\fITLSv1_2_method()\fR, \fITLSv1_2_server_method()\fR, \fITLSv1_2_client_method()\fR" 4 +.IX Item "TLSv1_2_method(), TLSv1_2_server_method(), TLSv1_2_client_method()" +A \s-1TLS/SSL\s0 connection established with these methods will only understand the +TLSv1.2 protocol. These methods are deprecated. +.IP "\fITLSv1_1_method()\fR, \fITLSv1_1_server_method()\fR, \fITLSv1_1_client_method()\fR" 4 +.IX Item "TLSv1_1_method(), TLSv1_1_server_method(), TLSv1_1_client_method()" +A \s-1TLS/SSL\s0 connection established with these methods will only understand the +TLSv1.1 protocol. These methods are deprecated. +.IP "\fITLSv1_method()\fR, \fITLSv1_server_method()\fR, \fITLSv1_client_method()\fR" 4 +.IX Item "TLSv1_method(), TLSv1_server_method(), TLSv1_client_method()" +A \s-1TLS/SSL\s0 connection established with these methods will only understand the +TLSv1 protocol. These methods are deprecated. +.IP "\fISSLv3_method()\fR, \fISSLv3_server_method()\fR, \fISSLv3_client_method()\fR" 4 +.IX Item "SSLv3_method(), SSLv3_server_method(), SSLv3_client_method()" +A \s-1TLS/SSL\s0 connection established with these methods will only understand the +SSLv3 protocol. +The SSLv3 protocol is deprecated and should not be used. +.IP "\fIDTLS_method()\fR, \fIDTLS_server_method()\fR, \fIDTLS_client_method()\fR" 4 +.IX Item "DTLS_method(), DTLS_server_method(), DTLS_client_method()" +These are the version-flexible \s-1DTLS\s0 methods. +Currently supported protocols are \s-1DTLS\s0 1.0 and \s-1DTLS\s0 1.2. +.IP "\fIDTLSv1_2_method()\fR, \fIDTLSv1_2_server_method()\fR, \fIDTLSv1_2_client_method()\fR" 4 +.IX Item "DTLSv1_2_method(), DTLSv1_2_server_method(), DTLSv1_2_client_method()" +These are the version-specific methods for DTLSv1.2. +These methods are deprecated. +.IP "\fIDTLSv1_method()\fR, \fIDTLSv1_server_method()\fR, \fIDTLSv1_client_method()\fR" 4 +.IX Item "DTLSv1_method(), DTLSv1_server_method(), DTLSv1_client_method()" +These are the version-specific methods for DTLSv1. +These methods are deprecated. +.PP +\&\fISSL_CTX_new()\fR initializes the list of ciphers, the session cache setting, the +callbacks, the keys and certificates and the options to their default values. +.PP +\&\fITLS_method()\fR, \fITLS_server_method()\fR, \fITLS_client_method()\fR, \fIDTLS_method()\fR, +\&\fIDTLS_server_method()\fR and \fIDTLS_client_method()\fR are the \fIversion-flexible\fR +methods. +All other methods only support one specific protocol version. +Use the \fIversion-flexible\fR methods instead of the version specific methods. +.PP +If you want to limit the supported protocols for the version flexible +methods you can use \fISSL_CTX_set_min_proto_version\fR\|(3), +\&\fISSL_set_min_proto_version\fR\|(3), \fISSL_CTX_set_max_proto_version\fR\|(3) and +\&\fISSL_set_max_proto_version\fR\|(3) functions. +Using these functions it is possible to choose e.g. \fITLS_server_method()\fR +and be able to negotiate with all possible clients, but to only +allow newer protocols like \s-1TLS\s0 1.0, \s-1TLS\s0 1.1, \s-1TLS\s0 1.2 or \s-1TLS\s0 1.3. +.PP +The list of protocols available can also be limited using the +\&\fBSSL_OP_NO_SSLv3\fR, \fBSSL_OP_NO_TLSv1\fR, \fBSSL_OP_NO_TLSv1_1\fR, +\&\fBSSL_OP_NO_TLSv1_3\fR, \fBSSL_OP_NO_TLSv1_2\fR and \fBSSL_OP_NO_TLSv1_3\fR +options of the +\&\fISSL_CTX_set_options\fR\|(3) or \fISSL_set_options\fR\|(3) functions, but this approach +is not recommended. Clients should avoid creating \*(L"holes\*(R" in the set of +protocols they support. When disabling a protocol, make sure that you also +disable either all previous or all subsequent protocol versions. +In clients, when a protocol version is disabled without disabling \fIall\fR +previous protocol versions, the effect is to also disable all subsequent +protocol versions. +.PP +The SSLv3 protocol is deprecated and should generally not be used. +Applications should typically use \fISSL_CTX_set_min_proto_version\fR\|(3) to set +the minimum protocol to at least \fB\s-1TLS1_VERSION\s0\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "\s-1NULL\s0" 4 +.IX Item "NULL" +The creation of a new \s-1SSL_CTX\s0 object failed. Check the error stack to find out +the reason. +.IP "Pointer to an \s-1SSL_CTX\s0 object" 4 +.IX Item "Pointer to an SSL_CTX object" +The return value points to an allocated \s-1SSL_CTX\s0 object. +.Sp +\&\fISSL_CTX_up_ref()\fR returns 1 for success and 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fISSL_CTX_set_options\fR\|(3), \fISSL_CTX_free\fR\|(3), \fISSL_accept\fR\|(3), +\&\fISSL_CTX_set_min_proto_version\fR\|(3), \fIssl\fR\|(7), \fISSL_set_connect_state\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +Support for SSLv2 and the corresponding \fISSLv2_method()\fR, +\&\fISSLv2_server_method()\fR and \fISSLv2_client_method()\fR functions where +removed in OpenSSL 1.1.0. +.PP +\&\fISSLv23_method()\fR, \fISSLv23_server_method()\fR and \fISSLv23_client_method()\fR +were deprecated and the preferred \fITLS_method()\fR, \fITLS_server_method()\fR +and \fITLS_client_method()\fR functions were added in OpenSSL 1.1.0. +.PP +All version-specific methods were deprecated in OpenSSL 1.1.0. +.PP +\&\fISSL_CTX_new_with_libctx()\fR was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CTX_sess_number.3 b/linux_amd64/share/man/man3/SSL_CTX_sess_number.3 new file mode 100755 index 0000000..d399c7e --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CTX_sess_number.3 @@ -0,0 +1,208 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SESS_NUMBER 3" +.TH SSL_CTX_SESS_NUMBER 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_sess_number, SSL_CTX_sess_connect, SSL_CTX_sess_connect_good, SSL_CTX_sess_connect_renegotiate, SSL_CTX_sess_accept, SSL_CTX_sess_accept_good, SSL_CTX_sess_accept_renegotiate, SSL_CTX_sess_hits, SSL_CTX_sess_cb_hits, SSL_CTX_sess_misses, SSL_CTX_sess_timeouts, SSL_CTX_sess_cache_full \- obtain session cache statistics +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_sess_number(SSL_CTX *ctx); +\& long SSL_CTX_sess_connect(SSL_CTX *ctx); +\& long SSL_CTX_sess_connect_good(SSL_CTX *ctx); +\& long SSL_CTX_sess_connect_renegotiate(SSL_CTX *ctx); +\& long SSL_CTX_sess_accept(SSL_CTX *ctx); +\& long SSL_CTX_sess_accept_good(SSL_CTX *ctx); +\& long SSL_CTX_sess_accept_renegotiate(SSL_CTX *ctx); +\& long SSL_CTX_sess_hits(SSL_CTX *ctx); +\& long SSL_CTX_sess_cb_hits(SSL_CTX *ctx); +\& long SSL_CTX_sess_misses(SSL_CTX *ctx); +\& long SSL_CTX_sess_timeouts(SSL_CTX *ctx); +\& long SSL_CTX_sess_cache_full(SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_sess_number()\fR returns the current number of sessions in the internal +session cache. +.PP +\&\fISSL_CTX_sess_connect()\fR returns the number of started \s-1SSL/TLS\s0 handshakes in +client mode. +.PP +\&\fISSL_CTX_sess_connect_good()\fR returns the number of successfully established +\&\s-1SSL/TLS\s0 sessions in client mode. +.PP +\&\fISSL_CTX_sess_connect_renegotiate()\fR returns the number of started renegotiations +in client mode. +.PP +\&\fISSL_CTX_sess_accept()\fR returns the number of started \s-1SSL/TLS\s0 handshakes in +server mode. +.PP +\&\fISSL_CTX_sess_accept_good()\fR returns the number of successfully established +\&\s-1SSL/TLS\s0 sessions in server mode. +.PP +\&\fISSL_CTX_sess_accept_renegotiate()\fR returns the number of started renegotiations +in server mode. +.PP +\&\fISSL_CTX_sess_hits()\fR returns the number of successfully reused sessions. +In client mode a session set with \fISSL_set_session\fR\|(3) +successfully reused is counted as a hit. In server mode a session successfully +retrieved from internal or external cache is counted as a hit. +.PP +\&\fISSL_CTX_sess_cb_hits()\fR returns the number of successfully retrieved sessions +from the external session cache in server mode. +.PP +\&\fISSL_CTX_sess_misses()\fR returns the number of sessions proposed by clients +that were not found in the internal session cache in server mode. +.PP +\&\fISSL_CTX_sess_timeouts()\fR returns the number of sessions proposed by clients +and either found in the internal or external session cache in server mode, + but that were invalid due to timeout. These sessions are not included in +the \fISSL_CTX_sess_hits()\fR count. +.PP +\&\fISSL_CTX_sess_cache_full()\fR returns the number of sessions that were removed +because the maximum session cache size was exceeded. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The functions return the values indicated in the \s-1DESCRIPTION\s0 section. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_set_session\fR\|(3), +\&\fISSL_CTX_set_session_cache_mode\fR\|(3) +\&\fISSL_CTX_sess_set_cache_size\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CTX_sess_set_cache_size.3 b/linux_amd64/share/man/man3/SSL_CTX_sess_set_cache_size.3 new file mode 100755 index 0000000..99d80e4 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CTX_sess_set_cache_size.3 @@ -0,0 +1,184 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SESS_SET_CACHE_SIZE 3" +.TH SSL_CTX_SESS_SET_CACHE_SIZE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_sess_set_cache_size, SSL_CTX_sess_get_cache_size \- manipulate session cache size +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_sess_set_cache_size(SSL_CTX *ctx, long t); +\& long SSL_CTX_sess_get_cache_size(SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_sess_set_cache_size()\fR sets the size of the internal session cache +of context \fBctx\fR to \fBt\fR. +This value is a hint and not an absolute; see the notes below. +.PP +\&\fISSL_CTX_sess_get_cache_size()\fR returns the currently valid session cache size. +.SH "NOTES" +.IX Header "NOTES" +The internal session cache size is \s-1SSL_SESSION_CACHE_MAX_SIZE_DEFAULT\s0, +currently 1024*20, so that up to 20000 sessions can be held. This size +can be modified using the \fISSL_CTX_sess_set_cache_size()\fR call. A special +case is the size 0, which is used for unlimited size. +.PP +If adding the session makes the cache exceed its size, then unused +sessions are dropped from the end of the cache. +Cache space may also be reclaimed by calling +\&\fISSL_CTX_flush_sessions\fR\|(3) to remove +expired sessions. +.PP +If the size of the session cache is reduced and more sessions are already +in the session cache, old session will be removed at the next time a +session shall be added. This removal is not synchronized with the +expiration of sessions. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_sess_set_cache_size()\fR returns the previously valid size. +.PP +\&\fISSL_CTX_sess_get_cache_size()\fR returns the currently valid size. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_CTX_set_session_cache_mode\fR\|(3), +\&\fISSL_CTX_sess_number\fR\|(3), +\&\fISSL_CTX_flush_sessions\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CTX_sess_set_get_cb.3 b/linux_amd64/share/man/man3/SSL_CTX_sess_set_get_cb.3 new file mode 100755 index 0000000..ca74eca --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CTX_sess_set_get_cb.3 @@ -0,0 +1,242 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SESS_SET_GET_CB 3" +.TH SSL_CTX_SESS_SET_GET_CB 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_sess_set_new_cb, SSL_CTX_sess_set_remove_cb, SSL_CTX_sess_set_get_cb, SSL_CTX_sess_get_new_cb, SSL_CTX_sess_get_remove_cb, SSL_CTX_sess_get_get_cb \- provide callback functions for server side external session caching +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, +\& int (*new_session_cb)(SSL *, SSL_SESSION *)); +\& void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, +\& void (*remove_session_cb)(SSL_CTX *ctx, +\& SSL_SESSION *)); +\& void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, +\& SSL_SESSION (*get_session_cb)(SSL *, +\& const unsigned char *, +\& int, int *)); +\& +\& int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, +\& SSL_SESSION *sess); +\& void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx, +\& SSL_SESSION *sess); +\& SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl, +\& const unsigned char *data, +\& int len, int *copy); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_sess_set_new_cb()\fR sets the callback function, which is automatically +called whenever a new session was negotiated. +.PP +\&\fISSL_CTX_sess_set_remove_cb()\fR sets the callback function, which is +automatically called whenever a session is removed by the \s-1SSL\s0 engine, +because it is considered faulty or the session has become obsolete because +of exceeding the timeout value. +.PP +\&\fISSL_CTX_sess_set_get_cb()\fR sets the callback function which is called, +whenever a \s-1SSL/TLS\s0 client proposed to resume a session but the session +could not be found in the internal session cache (see +\&\fISSL_CTX_set_session_cache_mode\fR\|(3)). +(\s-1SSL/TLS\s0 server only.) +.PP +\&\fISSL_CTX_sess_get_new_cb()\fR, \fISSL_CTX_sess_get_remove_cb()\fR, and +\&\fISSL_CTX_sess_get_get_cb()\fR retrieve the function pointers set by the +corresponding set callback functions. If a callback function has not been +set, the \s-1NULL\s0 pointer is returned. +.SH "NOTES" +.IX Header "NOTES" +In order to allow external session caching, synchronization with the internal +session cache is realized via callback functions. Inside these callback +functions, session can be saved to disk or put into a database using the +\&\fId2i_SSL_SESSION\fR\|(3) interface. +.PP +The \fInew_session_cb()\fR is called whenever a new session has been negotiated and +session caching is enabled (see \fISSL_CTX_set_session_cache_mode\fR\|(3)). The +\&\fInew_session_cb()\fR is passed the \fBssl\fR connection and the ssl session \fBsess\fR. +Since sessions are reference-counted objects, the reference count on the +session is incremented before the callback, on behalf of the application. If +the callback returns \fB0\fR, the session will be immediately removed from the +internal cache and the reference count released. If the callback returns \fB1\fR, +the application retains the reference (for an entry in the +application-maintained \*(L"external session cache\*(R"), and is responsible for +calling \fISSL_SESSION_free()\fR when the session reference is no longer in use. +.PP +Note that in TLSv1.3, sessions are established after the main +handshake has completed. The server decides when to send the client the session +information and this may occur some time after the end of the handshake (or not +at all). This means that applications should expect the \fInew_session_cb()\fR +function to be invoked during the handshake (for <= TLSv1.2) or after the +handshake (for TLSv1.3). It is also possible in TLSv1.3 for multiple sessions to +be established with a single connection. In these case the \fInew_session_cb()\fR +function will be invoked multiple times. +.PP +In TLSv1.3 it is recommended that each \s-1SSL_SESSION\s0 object is only used for +resumption once. One way of enforcing that is for applications to call +\&\fISSL_CTX_remove_session\fR\|(3) after a session has been used. +.PP +The \fIremove_session_cb()\fR is called, whenever the \s-1SSL\s0 engine removes a session +from the internal cache. This happens when the session is removed because +it is expired or when a connection was not shutdown cleanly. It also happens +for all sessions in the internal session cache when +\&\fISSL_CTX_free\fR\|(3) is called. The \fIremove_session_cb()\fR is passed +the \fBctx\fR and the ssl session \fBsess\fR. It does not provide any feedback. +.PP +The \fIget_session_cb()\fR is only called on \s-1SSL/TLS\s0 servers with the session id +proposed by the client. The \fIget_session_cb()\fR is always called, also when +session caching was disabled. The \fIget_session_cb()\fR is passed the +\&\fBssl\fR connection, the session id of length \fBlength\fR at the memory location +\&\fBdata\fR. With the parameter \fBcopy\fR the callback can require the +\&\s-1SSL\s0 engine to increment the reference count of the \s-1SSL_SESSION\s0 object, +Normally the reference count is not incremented and therefore the +session must not be explicitly freed with +\&\fISSL_SESSION_free\fR\|(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_sess_get_new_cb()\fR, \fISSL_CTX_sess_get_remove_cb()\fR and \fISSL_CTX_sess_get_get_cb()\fR +return different callback function pointers respectively. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fId2i_SSL_SESSION\fR\|(3), +\&\fISSL_CTX_set_session_cache_mode\fR\|(3), +\&\fISSL_CTX_flush_sessions\fR\|(3), +\&\fISSL_SESSION_free\fR\|(3), +\&\fISSL_CTX_free\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CTX_sessions.3 b/linux_amd64/share/man/man3/SSL_CTX_sessions.3 new file mode 100755 index 0000000..6b9fc32 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CTX_sessions.3 @@ -0,0 +1,169 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SESSIONS 3" +.TH SSL_CTX_SESSIONS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_sessions \- access internal session cache +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_sessions()\fR returns a pointer to the lhash databases containing the +internal session cache for \fBctx\fR. +.SH "NOTES" +.IX Header "NOTES" +The sessions in the internal session cache are kept in an +\&\s-1\fILHASH\s0\fR\|(3) type database. It is possible to directly +access this database e.g. for searching. In parallel, the sessions +form a linked list which is maintained separately from the +\&\s-1\fILHASH\s0\fR\|(3) operations, so that the database must not be +modified directly but by using the +\&\fISSL_CTX_add_session\fR\|(3) family of functions. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_sessions()\fR returns a pointer to the lhash of \fB\s-1SSL_SESSION\s0\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \s-1\fILHASH\s0\fR\|(3), +\&\fISSL_CTX_add_session\fR\|(3), +\&\fISSL_CTX_set_session_cache_mode\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CTX_set0_CA_list.3 b/linux_amd64/share/man/man3/SSL_CTX_set0_CA_list.3 new file mode 100755 index 0000000..568537a --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CTX_set0_CA_list.3 @@ -0,0 +1,311 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET0_CA_LIST 3" +.TH SSL_CTX_SET0_CA_LIST 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_client_CA_list, +SSL_set_client_CA_list, +SSL_get_client_CA_list, +SSL_CTX_get_client_CA_list, +SSL_CTX_add_client_CA, +SSL_add_client_CA, +SSL_set0_CA_list, +SSL_CTX_set0_CA_list, +SSL_get0_CA_list, +SSL_CTX_get0_CA_list, +SSL_add1_to_CA_list, +SSL_CTX_add1_to_CA_list, +SSL_get0_peer_CA_list +\&\- get or set CA list +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list); +\& void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list); +\& STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s); +\& STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx); +\& int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *cacert); +\& int SSL_add_client_CA(SSL *ssl, X509 *cacert); +\& +\& void SSL_CTX_set0_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); +\& void SSL_set0_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list); +\& const STACK_OF(X509_NAME) *SSL_CTX_get0_CA_list(const SSL_CTX *ctx); +\& const STACK_OF(X509_NAME) *SSL_get0_CA_list(const SSL *s); +\& int SSL_CTX_add1_to_CA_list(SSL_CTX *ctx, const X509 *x); +\& int SSL_add1_to_CA_list(SSL *ssl, const X509 *x); +\& +\& const STACK_OF(X509_NAME) *SSL_get0_peer_CA_list(const SSL *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The functions described here set and manage the list of \s-1CA\s0 names that are sent +between two communicating peers. +.PP +For \s-1TLS\s0 versions 1.2 and earlier the list of \s-1CA\s0 names is only sent from the +server to the client when requesting a client certificate. So any list of \s-1CA\s0 +names set is never sent from client to server and the list of \s-1CA\s0 names retrieved +by \fISSL_get0_peer_CA_list()\fR is always \fB\s-1NULL\s0\fR. +.PP +For \s-1TLS\s0 1.3 the list of \s-1CA\s0 names is sent using the \fBcertificate_authorities\fR +extension and may be sent by a client (in the ClientHello message) or by +a server (when requesting a certificate). +.PP +In most cases it is not necessary to set \s-1CA\s0 names on the client side. The list +of \s-1CA\s0 names that are acceptable to the client will be sent in plaintext to the +server. This has privacy implications and may also have performance implications +if the list is large. This optional capability was introduced as part of TLSv1.3 +and therefore setting \s-1CA\s0 names on the client side will have no impact if that +protocol version has been disabled. Most servers do not need this and so this +should be avoided unless required. +.PP +The \*(L"client \s-1CA\s0 list\*(R" functions below only have an effect when called on the +server side. +.PP +\&\fISSL_CTX_set_client_CA_list()\fR sets the \fBlist\fR of CAs sent to the client when +requesting a client certificate for \fBctx\fR. Ownership of \fBlist\fR is transferred +to \fBctx\fR and it should not be freed by the caller. +.PP +\&\fISSL_set_client_CA_list()\fR sets the \fBlist\fR of CAs sent to the client when +requesting a client certificate for the chosen \fBssl\fR, overriding the +setting valid for \fBssl\fR's \s-1SSL_CTX\s0 object. Ownership of \fBlist\fR is transferred +to \fBs\fR and it should not be freed by the caller. +.PP +\&\fISSL_CTX_get_client_CA_list()\fR returns the list of client CAs explicitly set for +\&\fBctx\fR using \fISSL_CTX_set_client_CA_list()\fR. The returned list should not be freed +by the caller. +.PP +\&\fISSL_get_client_CA_list()\fR returns the list of client CAs explicitly +set for \fBssl\fR using \fISSL_set_client_CA_list()\fR or \fBssl\fR's \s-1SSL_CTX\s0 object with +\&\fISSL_CTX_set_client_CA_list()\fR, when in server mode. In client mode, +SSL_get_client_CA_list returns the list of client CAs sent from the server, if +any. The returned list should not be freed by the caller. +.PP +\&\fISSL_CTX_add_client_CA()\fR adds the \s-1CA\s0 name extracted from \fBcacert\fR to the +list of CAs sent to the client when requesting a client certificate for +\&\fBctx\fR. +.PP +\&\fISSL_add_client_CA()\fR adds the \s-1CA\s0 name extracted from \fBcacert\fR to the +list of CAs sent to the client when requesting a client certificate for +the chosen \fBssl\fR, overriding the setting valid for \fBssl\fR's \s-1SSL_CTX\s0 object. +.PP +\&\fISSL_get0_peer_CA_list()\fR retrieves the list of \s-1CA\s0 names (if any) the peer +has sent. This can be called on either the server or the client side. The +returned list should not be freed by the caller. +.PP +The \*(L"generic \s-1CA\s0 list\*(R" functions below are very similar to the \*(L"client \s-1CA\s0 +list\*(R" functions except that they have an effect on both the server and client +sides. The lists of \s-1CA\s0 names managed are separate \- so you cannot (for example) +set \s-1CA\s0 names using the \*(L"client \s-1CA\s0 list\*(R" functions and then get them using the +\&\*(L"generic \s-1CA\s0 list\*(R" functions. Where a mix of the two types of functions has been +used on the server side then the \*(L"client \s-1CA\s0 list\*(R" functions take precedence. +Typically, on the server side, the \*(L"client \s-1CA\s0 list \*(R" functions should be used in +preference. As noted above in most cases it is not necessary to set \s-1CA\s0 names on +the client side. +.PP +\&\fISSL_CTX_set0_CA_list()\fR sets the list of CAs to be sent to the peer to +\&\fBname_list\fR. Ownership of \fBname_list\fR is transferred to \fBctx\fR and +it should not be freed by the caller. +.PP +\&\fISSL_set0_CA_list()\fR sets the list of CAs to be sent to the peer to \fBname_list\fR +overriding any list set in the parent \fB\s-1SSL_CTX\s0\fR of \fBs\fR. Ownership of +\&\fBname_list\fR is transferred to \fBs\fR and it should not be freed by the caller. +.PP +\&\fISSL_CTX_get0_CA_list()\fR retrieves any previously set list of CAs set for +\&\fBctx\fR. The returned list should not be freed by the caller. +.PP +\&\fISSL_get0_CA_list()\fR retrieves any previously set list of CAs set for +\&\fBs\fR or if none are set the list from the parent \fB\s-1SSL_CTX\s0\fR is retrieved. The +returned list should not be freed by the caller. +.PP +\&\fISSL_CTX_add1_to_CA_list()\fR appends the \s-1CA\s0 subject name extracted from \fBx\fR to the +list of CAs sent to peer for \fBctx\fR. +.PP +\&\fISSL_add1_to_CA_list()\fR appends the \s-1CA\s0 subject name extracted from \fBx\fR to the +list of CAs sent to the peer for \fBs\fR, overriding the setting in the parent +\&\fB\s-1SSL_CTX\s0\fR. +.SH "NOTES" +.IX Header "NOTES" +When a \s-1TLS/SSL\s0 server requests a client certificate (see +\&\fB\f(BISSL_CTX_set_verify\fB\|(3)\fR), it sends a list of CAs, for which it will accept +certificates, to the client. +.PP +This list must explicitly be set using \fISSL_CTX_set_client_CA_list()\fR or +\&\fISSL_CTX_set0_CA_list()\fR for \fBctx\fR and \fISSL_set_client_CA_list()\fR or +\&\fISSL_set0_CA_list()\fR for the specific \fBssl\fR. The list specified +overrides the previous setting. The CAs listed do not become trusted (\fBlist\fR +only contains the names, not the complete certificates); use +\&\fISSL_CTX_load_verify_locations\fR\|(3) to additionally load them for verification. +.PP +If the list of acceptable CAs is compiled in a file, the +\&\fISSL_load_client_CA_file\fR\|(3) function can be used to help to import the +necessary data. +.PP +\&\fISSL_CTX_add_client_CA()\fR, \fISSL_CTX_add1_to_CA_list()\fR, \fISSL_add_client_CA()\fR and +\&\fISSL_add1_to_CA_list()\fR can be used to add additional items the list of CAs. If no +list was specified before using \fISSL_CTX_set_client_CA_list()\fR, +\&\fISSL_CTX_set0_CA_list()\fR, \fISSL_set_client_CA_list()\fR or \fISSL_set0_CA_list()\fR, a +new \s-1CA\s0 list for \fBctx\fR or \fBssl\fR (as appropriate) is opened. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_client_CA_list()\fR, \fISSL_set_client_CA_list()\fR, +\&\fISSL_CTX_set_client_CA_list()\fR, \fISSL_set_client_CA_list()\fR, \fISSL_CTX_set0_CA_list()\fR +and \fISSL_set0_CA_list()\fR do not return a value. +.PP +\&\fISSL_CTX_get_client_CA_list()\fR, \fISSL_get_client_CA_list()\fR, \fISSL_CTX_get0_CA_list()\fR +and \fISSL_get0_CA_list()\fR return a stack of \s-1CA\s0 names or \fB\s-1NULL\s0\fR is no \s-1CA\s0 names are +set. +.PP +\&\fISSL_CTX_add_client_CA()\fR,\fISSL_add_client_CA()\fR, \fISSL_CTX_add1_to_CA_list()\fR and +\&\fISSL_add1_to_CA_list()\fR return 1 for success and 0 for failure. +.PP +\&\fISSL_get0_peer_CA_list()\fR returns a stack of \s-1CA\s0 names sent by the peer or +\&\fB\s-1NULL\s0\fR or an empty stack if no list was sent. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Scan all certificates in \fBCAfile\fR and list them as acceptable CAs: +.PP +.Vb 1 +\& SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile)); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_load_client_CA_file\fR\|(3), +\&\fISSL_CTX_load_verify_locations\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CTX_set1_curves.3 b/linux_amd64/share/man/man3/SSL_CTX_set1_curves.3 new file mode 100755 index 0000000..161b369 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CTX_set1_curves.3 @@ -0,0 +1,248 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET1_CURVES 3" +.TH SSL_CTX_SET1_CURVES 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set1_groups, SSL_CTX_set1_groups_list, SSL_set1_groups, +SSL_set1_groups_list, SSL_get1_groups, SSL_get_shared_group, +SSL_get_negotiated_group, SSL_CTX_set1_curves, SSL_CTX_set1_curves_list, +SSL_set1_curves, SSL_set1_curves_list, SSL_get1_curves, SSL_get_shared_curve +\&\- EC supported curve functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_set1_groups(SSL_CTX *ctx, int *glist, int glistlen); +\& int SSL_CTX_set1_groups_list(SSL_CTX *ctx, char *list); +\& +\& int SSL_set1_groups(SSL *ssl, int *glist, int glistlen); +\& int SSL_set1_groups_list(SSL *ssl, char *list); +\& +\& int SSL_get1_groups(SSL *ssl, int *groups); +\& int SSL_get_shared_group(SSL *s, int n); +\& int SSL_get_negotiated_group(SSL *s); +\& +\& int SSL_CTX_set1_curves(SSL_CTX *ctx, int *clist, int clistlen); +\& int SSL_CTX_set1_curves_list(SSL_CTX *ctx, char *list); +\& +\& int SSL_set1_curves(SSL *ssl, int *clist, int clistlen); +\& int SSL_set1_curves_list(SSL *ssl, char *list); +\& +\& int SSL_get1_curves(SSL *ssl, int *curves); +\& int SSL_get_shared_curve(SSL *s, int n); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +For all of the functions below that set the supported groups there must be at +least one group in the list. +.PP +\&\fISSL_CTX_set1_groups()\fR sets the supported groups for \fBctx\fR to \fBglistlen\fR +groups in the array \fBglist\fR. The array consist of all NIDs of groups in +preference order. For a \s-1TLS\s0 client the groups are used directly in the +supported groups extension. For a \s-1TLS\s0 server the groups are used to +determine the set of shared groups. Currently supported groups for +\&\fBTLSv1.3\fR are \fBNID_X9_62_prime256v1\fR, \fBNID_secp384r1\fR, \fBNID_secp521r1\fR, +\&\fB\s-1NID_X25519\s0\fR, \fB\s-1NID_X448\s0\fR, \fBNID_ffdhe2048\fR, \fBNID_ffdhe3072\fR, +\&\fBNID_ffdhe4096\fR, \fBNID_ffdhe6144\fR and \fBNID_ffdhe8192\fR. +.PP +\&\fISSL_CTX_set1_groups_list()\fR sets the supported groups for \fBctx\fR to +string \fBlist\fR. The string is a colon separated list of group NIDs or +names, for example \*(L"P\-521:P\-384:P\-256:X25519:ffdhe2048\*(R". Currently supported +groups for \fBTLSv1.3\fR are \fBP\-256\fR, \fBP\-384\fR, \fBP\-521\fR, \fBX25519\fR, \fBX448\fR, +\&\fBffdhe2048\fR, \fBffdhe3072\fR, \fBffdhe4096\fR, \fBffdhe6144\fR, \fBffdhe8192\fR. +.PP +\&\fISSL_set1_groups()\fR and \fISSL_set1_groups_list()\fR are similar except they set +supported groups for the \s-1SSL\s0 structure \fBssl\fR. +.PP +\&\fISSL_get1_groups()\fR returns the set of supported groups sent by a client +in the supported groups extension. It returns the total number of +supported groups. The \fBgroups\fR parameter can be \fB\s-1NULL\s0\fR to simply +return the number of groups for memory allocation purposes. The +\&\fBgroups\fR array is in the form of a set of group NIDs in preference +order. It can return zero if the client did not send a supported groups +extension. +.PP +\&\fISSL_get_shared_group()\fR returns shared group \fBn\fR for a server-side +\&\s-1SSL\s0 \fBssl\fR. If \fBn\fR is \-1 then the total number of shared groups is +returned, which may be zero. Other than for diagnostic purposes, +most applications will only be interested in the first shared group +so \fBn\fR is normally set to zero. If the value \fBn\fR is out of range, +NID_undef is returned. +.PP +\&\fISSL_get_negotiated_group()\fR returns the negotiated group on a TLSv1.3 connection +for key exchange. This can be called by either client or server. +.PP +All these functions are implemented as macros. +.PP +The curve functions are synonyms for the equivalently named group functions and +are identical in every respect. They exist because, prior to \s-1TLS1\s0.3, there was +only the concept of supported curves. In \s-1TLS1\s0.3 this was renamed to supported +groups, and extended to include Diffie Hellman groups. The group functions +should be used in preference. +.SH "NOTES" +.IX Header "NOTES" +If an application wishes to make use of several of these functions for +configuration purposes either on a command line or in a file it should +consider using the \s-1SSL_CONF\s0 interface instead of manually parsing options. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set1_groups()\fR, \fISSL_CTX_set1_groups_list()\fR, \fISSL_set1_groups()\fR and +\&\fISSL_set1_groups_list()\fR, return 1 for success and 0 for failure. +.PP +\&\fISSL_get1_groups()\fR returns the number of groups, which may be zero. +.PP +\&\fISSL_get_shared_group()\fR returns the \s-1NID\s0 of shared group \fBn\fR or NID_undef if there +is no shared group \fBn\fR; or the total number of shared groups if \fBn\fR +is \-1. +.PP +When called on a client \fBssl\fR, \fISSL_get_shared_group()\fR has no meaning and +returns \-1. +.PP +\&\fISSL_get_negotiated_group()\fR returns the \s-1NID\s0 of the negotiated group on a +TLSv1.3 connection for key exchange. Or it returns NID_undef if no negotiated +group. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_CTX_add_extra_chain_cert\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The curve functions were added in OpenSSL 1.0.2. The equivalent group +functions were added in OpenSSL 1.1.1. The \fISSL_get_negotiated_group()\fR function +was added in OpenSSL 3.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2013\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CTX_set1_sigalgs.3 b/linux_amd64/share/man/man3/SSL_CTX_set1_sigalgs.3 new file mode 100755 index 0000000..709d0e4 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CTX_set1_sigalgs.3 @@ -0,0 +1,243 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET1_SIGALGS 3" +.TH SSL_CTX_SET1_SIGALGS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set1_sigalgs, SSL_set1_sigalgs, SSL_CTX_set1_sigalgs_list, +SSL_set1_sigalgs_list, SSL_CTX_set1_client_sigalgs, +SSL_set1_client_sigalgs, SSL_CTX_set1_client_sigalgs_list, +SSL_set1_client_sigalgs_list \- set supported signature algorithms +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_set1_sigalgs(SSL_CTX *ctx, const int *slist, long slistlen); +\& long SSL_set1_sigalgs(SSL *ssl, const int *slist, long slistlen); +\& long SSL_CTX_set1_sigalgs_list(SSL_CTX *ctx, const char *str); +\& long SSL_set1_sigalgs_list(SSL *ssl, const char *str); +\& +\& long SSL_CTX_set1_client_sigalgs(SSL_CTX *ctx, const int *slist, long slistlen); +\& long SSL_set1_client_sigalgs(SSL *ssl, const int *slist, long slistlen); +\& long SSL_CTX_set1_client_sigalgs_list(SSL_CTX *ctx, const char *str); +\& long SSL_set1_client_sigalgs_list(SSL *ssl, const char *str); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set1_sigalgs()\fR and \fISSL_set1_sigalgs()\fR set the supported signature +algorithms for \fBctx\fR or \fBssl\fR. The array \fBslist\fR of length \fBslistlen\fR +must consist of pairs of NIDs corresponding to digest and public key +algorithms. +.PP +\&\fISSL_CTX_set1_sigalgs_list()\fR and \fISSL_set1_sigalgs_list()\fR set the supported +signature algorithms for \fBctx\fR or \fBssl\fR. The \fBstr\fR parameter +must be a null terminated string consisting of a colon separated list of +elements, where each element is either a combination of a public key +algorithm and a digest separated by \fB+\fR, or a \s-1TLS\s0 1.3\-style named +SignatureScheme such as rsa_pss_pss_sha256. +.PP +\&\fISSL_CTX_set1_client_sigalgs()\fR, \fISSL_set1_client_sigalgs()\fR, +\&\fISSL_CTX_set1_client_sigalgs_list()\fR and \fISSL_set1_client_sigalgs_list()\fR set +signature algorithms related to client authentication, otherwise they are +identical to \fISSL_CTX_set1_sigalgs()\fR, \fISSL_set1_sigalgs()\fR, +\&\fISSL_CTX_set1_sigalgs_list()\fR and \fISSL_set1_sigalgs_list()\fR. +.PP +All these functions are implemented as macros. The signature algorithm +parameter (integer array or string) is not freed: the application should +free it, if necessary. +.SH "NOTES" +.IX Header "NOTES" +If an application wishes to allow the setting of signature algorithms +as one of many user configurable options it should consider using the more +flexible \s-1SSL_CONF\s0 \s-1API\s0 instead. +.PP +The signature algorithms set by a client are used directly in the supported +signature algorithm in the client hello message. +.PP +The supported signature algorithms set by a server are not sent to the +client but are used to determine the set of shared signature algorithms +and (if server preferences are set with \s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0) +their order. +.PP +The client authentication signature algorithms set by a server are sent +in a certificate request message if client authentication is enabled, +otherwise they are unused. +.PP +Similarly client authentication signature algorithms set by a client are +used to determined the set of client authentication shared signature +algorithms. +.PP +Signature algorithms will neither be advertised nor used if the security level +prohibits them (for example \s-1SHA1\s0 if the security level is 4 or more). +.PP +Currently the NID_md5, NID_sha1, NID_sha224, NID_sha256, NID_sha384 and +NID_sha512 digest NIDs are supported and the public key algorithm NIDs +\&\s-1EVP_PKEY_RSA\s0, \s-1EVP_PKEY_RSA_PSS\s0, \s-1EVP_PKEY_DSA\s0 and \s-1EVP_PKEY_EC\s0. +.PP +The short or long name values for digests can be used in a string (for +example \*(L"\s-1MD5\s0\*(R", \*(L"\s-1SHA1\s0\*(R", \*(L"\s-1SHA224\s0\*(R", \*(L"\s-1SHA256\s0\*(R", \*(L"\s-1SHA384\s0\*(R", \*(L"\s-1SHA512\s0\*(R") and +the public key algorithm strings \*(L"\s-1RSA\s0\*(R", \*(L"RSA-PSS\*(R", \*(L"\s-1DSA\s0\*(R" or \*(L"\s-1ECDSA\s0\*(R". +.PP +The \s-1TLS\s0 1.3 signature scheme names (such as \*(L"rsa_pss_pss_sha256\*(R") can also +be used with the \fB_list\fR forms of the \s-1API\s0. +.PP +The use of \s-1MD5\s0 as a digest is strongly discouraged due to security weaknesses. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All these functions return 1 for success and 0 for failure. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Set supported signature algorithms to \s-1SHA256\s0 with \s-1ECDSA\s0 and \s-1SHA256\s0 with \s-1RSA\s0 +using an array: +.PP +.Vb 1 +\& const int slist[] = {NID_sha256, EVP_PKEY_EC, NID_sha256, EVP_PKEY_RSA}; +\& +\& SSL_CTX_set1_sigalgs(ctx, slist, 4); +.Ve +.PP +Set supported signature algorithms to \s-1SHA256\s0 with \s-1ECDSA\s0 and \s-1SHA256\s0 with \s-1RSA\s0 +using a string: +.PP +.Vb 1 +\& SSL_CTX_set1_sigalgs_list(ctx, "ECDSA+SHA256:RSA+SHA256"); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_get_shared_sigalgs\fR\|(3), +\&\fISSL_CONF_CTX_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CTX_set1_verify_cert_store.3 b/linux_amd64/share/man/man3/SSL_CTX_set1_verify_cert_store.3 new file mode 100755 index 0000000..0c6743d --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CTX_set1_verify_cert_store.3 @@ -0,0 +1,222 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET1_VERIFY_CERT_STORE 3" +.TH SSL_CTX_SET1_VERIFY_CERT_STORE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set0_verify_cert_store, SSL_CTX_set1_verify_cert_store, +SSL_CTX_set0_chain_cert_store, SSL_CTX_set1_chain_cert_store, +SSL_set0_verify_cert_store, SSL_set1_verify_cert_store, +SSL_set0_chain_cert_store, SSL_set1_chain_cert_store \- set certificate +verification or chain store +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_set0_verify_cert_store(SSL_CTX *ctx, X509_STORE *st); +\& int SSL_CTX_set1_verify_cert_store(SSL_CTX *ctx, X509_STORE *st); +\& int SSL_CTX_set0_chain_cert_store(SSL_CTX *ctx, X509_STORE *st); +\& int SSL_CTX_set1_chain_cert_store(SSL_CTX *ctx, X509_STORE *st); +\& +\& int SSL_set0_verify_cert_store(SSL *ctx, X509_STORE *st); +\& int SSL_set1_verify_cert_store(SSL *ctx, X509_STORE *st); +\& int SSL_set0_chain_cert_store(SSL *ctx, X509_STORE *st); +\& int SSL_set1_chain_cert_store(SSL *ctx, X509_STORE *st); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set0_verify_cert_store()\fR and \fISSL_CTX_set1_verify_cert_store()\fR +set the certificate store used for certificate verification to \fBst\fR. +.PP +\&\fISSL_CTX_set0_chain_cert_store()\fR and \fISSL_CTX_set1_chain_cert_store()\fR +set the certificate store used for certificate chain building to \fBst\fR. +.PP +\&\fISSL_set0_verify_cert_store()\fR, \fISSL_set1_verify_cert_store()\fR, +\&\fISSL_set0_chain_cert_store()\fR and \fISSL_set1_chain_cert_store()\fR are similar +except they apply to \s-1SSL\s0 structure \fBssl\fR. +.PP +All these functions are implemented as macros. Those containing a \fB1\fR +increment the reference count of the supplied store so it must +be freed at some point after the operation. Those containing a \fB0\fR do +not increment reference counts and the supplied store \fB\s-1MUST\s0 \s-1NOT\s0\fR be freed +after the operation. +.SH "NOTES" +.IX Header "NOTES" +The stores pointers associated with an \s-1SSL_CTX\s0 structure are copied to any \s-1SSL\s0 +structures when \fISSL_new()\fR is called. As a result \s-1SSL\s0 structures will not be +affected if the parent \s-1SSL_CTX\s0 store pointer is set to a new value. +.PP +The verification store is used to verify the certificate chain sent by the +peer: that is an \s-1SSL/TLS\s0 client will use the verification store to verify +the server's certificate chain and a \s-1SSL/TLS\s0 server will use it to verify +any client certificate chain. +.PP +The chain store is used to build the certificate chain. +.PP +If the mode \fB\s-1SSL_MODE_NO_AUTO_CHAIN\s0\fR is set or a certificate chain is +configured already (for example using the functions such as +\&\fISSL_CTX_add1_chain_cert\fR\|(3) or +\&\fISSL_CTX_add_extra_chain_cert\fR\|(3)) then +automatic chain building is disabled. +.PP +If the mode \fB\s-1SSL_MODE_NO_AUTO_CHAIN\s0\fR is set then automatic chain building +is disabled. +.PP +If the chain or the verification store is not set then the store associated +with the parent \s-1SSL_CTX\s0 is used instead to retain compatibility with previous +versions of OpenSSL. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All these functions return 1 for success and 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_CTX_add_extra_chain_cert\fR\|(3) +\&\fISSL_CTX_set0_chain\fR\|(3) +\&\fISSL_CTX_set1_chain\fR\|(3) +\&\fISSL_CTX_add0_chain_cert\fR\|(3) +\&\fISSL_CTX_add1_chain_cert\fR\|(3) +\&\fISSL_set0_chain\fR\|(3) +\&\fISSL_set1_chain\fR\|(3) +\&\fISSL_add0_chain_cert\fR\|(3) +\&\fISSL_add1_chain_cert\fR\|(3) +\&\fISSL_CTX_build_cert_chain\fR\|(3) +\&\fISSL_build_cert_chain\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.2. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2013\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CTX_set_alpn_select_cb.3 b/linux_amd64/share/man/man3/SSL_CTX_set_alpn_select_cb.3 new file mode 100755 index 0000000..081eada --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CTX_set_alpn_select_cb.3 @@ -0,0 +1,308 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_ALPN_SELECT_CB 3" +.TH SSL_CTX_SET_ALPN_SELECT_CB 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_alpn_protos, SSL_set_alpn_protos, SSL_CTX_set_alpn_select_cb, +SSL_CTX_set_next_proto_select_cb, SSL_CTX_set_next_protos_advertised_cb, +SSL_select_next_proto, SSL_get0_alpn_selected, SSL_get0_next_proto_negotiated +\&\- handle application layer protocol negotiation (ALPN) +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, +\& unsigned int protos_len); +\& int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos, +\& unsigned int protos_len); +\& void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, +\& int (*cb) (SSL *ssl, +\& const unsigned char **out, +\& unsigned char *outlen, +\& const unsigned char *in, +\& unsigned int inlen, +\& void *arg), void *arg); +\& void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, +\& unsigned int *len); +\& +\& void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, +\& int (*cb)(SSL *ssl, +\& const unsigned char **out, +\& unsigned int *outlen, +\& void *arg), +\& void *arg); +\& void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, +\& int (*cb)(SSL *s, +\& unsigned char **out, +\& unsigned char *outlen, +\& const unsigned char *in, +\& unsigned int inlen, +\& void *arg), +\& void *arg); +\& int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, +\& const unsigned char *server, +\& unsigned int server_len, +\& const unsigned char *client, +\& unsigned int client_len) +\& void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, +\& unsigned *len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_alpn_protos()\fR and \fISSL_set_alpn_protos()\fR are used by the client to +set the list of protocols available to be negotiated. The \fBprotos\fR must be in +protocol-list format, described below. The length of \fBprotos\fR is specified in +\&\fBprotos_len\fR. +.PP +\&\fISSL_CTX_set_alpn_select_cb()\fR sets the application callback \fBcb\fR used by a +server to select which protocol to use for the incoming connection. When \fBcb\fR +is \s-1NULL\s0, \s-1ALPN\s0 is not used. The \fBarg\fR value is a pointer which is passed to +the application callback. +.PP +\&\fBcb\fR is the application defined callback. The \fBin\fR, \fBinlen\fR parameters are a +vector in protocol-list format. The value of the \fBout\fR, \fBoutlen\fR vector +should be set to the value of a single protocol selected from the \fBin\fR, +\&\fBinlen\fR vector. The \fBout\fR buffer may point directly into \fBin\fR, or to a +buffer that outlives the handshake. The \fBarg\fR parameter is the pointer set via +\&\fISSL_CTX_set_alpn_select_cb()\fR. +.PP +\&\fISSL_select_next_proto()\fR is a helper function used to select protocols. It +implements the standard protocol selection. It is expected that this function +is called from the application callback \fBcb\fR. The protocol data in \fBserver\fR, +\&\fBserver_len\fR and \fBclient\fR, \fBclient_len\fR must be in the protocol-list format +described below. The first item in the \fBserver\fR, \fBserver_len\fR list that +matches an item in the \fBclient\fR, \fBclient_len\fR list is selected, and returned +in \fBout\fR, \fBoutlen\fR. The \fBout\fR value will point into either \fBserver\fR or +\&\fBclient\fR, so it should be copied immediately. If no match is found, the first +item in \fBclient\fR, \fBclient_len\fR is returned in \fBout\fR, \fBoutlen\fR. This +function can also be used in the \s-1NPN\s0 callback. +.PP +\&\fISSL_CTX_set_next_proto_select_cb()\fR sets a callback \fBcb\fR that is called when a +client needs to select a protocol from the server's provided list, and a +user-defined pointer argument \fBarg\fR which will be passed to this callback. +For the callback itself, \fBout\fR +must be set to point to the selected protocol (which may be within \fBin\fR). +The length of the protocol name must be written into \fBoutlen\fR. The +server's advertised protocols are provided in \fBin\fR and \fBinlen\fR. The +callback can assume that \fBin\fR is syntactically valid. The client must +select a protocol. It is fatal to the connection if this callback returns +a value other than \fB\s-1SSL_TLSEXT_ERR_OK\s0\fR. The \fBarg\fR parameter is the pointer +set via \fISSL_CTX_set_next_proto_select_cb()\fR. +.PP +\&\fISSL_CTX_set_next_protos_advertised_cb()\fR sets a callback \fBcb\fR that is called +when a \s-1TLS\s0 server needs a list of supported protocols for Next Protocol +Negotiation. The returned list must be in protocol-list format, described +below. The list is +returned by setting \fBout\fR to point to it and \fBoutlen\fR to its length. This +memory will not be modified, but the \fB\s-1SSL\s0\fR does keep a +reference to it. The callback should return \fB\s-1SSL_TLSEXT_ERR_OK\s0\fR if it +wishes to advertise. Otherwise, no such extension will be included in the +ServerHello. +.PP +\&\fISSL_get0_alpn_selected()\fR returns a pointer to the selected protocol in \fBdata\fR +with length \fBlen\fR. It is not NUL-terminated. \fBdata\fR is set to \s-1NULL\s0 and \fBlen\fR +is set to 0 if no protocol has been selected. \fBdata\fR must not be freed. +.PP +\&\fISSL_get0_next_proto_negotiated()\fR sets \fBdata\fR and \fBlen\fR to point to the +client's requested protocol for this connection. If the client did not +request any protocol or \s-1NPN\s0 is not enabled, then \fBdata\fR is set to \s-1NULL\s0 and +\&\fBlen\fR to 0. Note that +the client can request any protocol it chooses. The value returned from +this function need not be a member of the list of supported protocols +provided by the callback. +.SH "NOTES" +.IX Header "NOTES" +The protocol-lists must be in wire-format, which is defined as a vector of +non-empty, 8\-bit length-prefixed, byte strings. The length-prefix byte is not +included in the length. Each string is limited to 255 bytes. A byte-string +length of 0 is invalid. A truncated byte-string is invalid. The length of the +vector is not in the vector itself, but in a separate variable. +.PP +Example: +.PP +.Vb 5 +\& unsigned char vector[] = { +\& 6, \*(Aqs\*(Aq, \*(Aqp\*(Aq, \*(Aqd\*(Aq, \*(Aqy\*(Aq, \*(Aq/\*(Aq, \*(Aq1\*(Aq, +\& 8, \*(Aqh\*(Aq, \*(Aqt\*(Aq, \*(Aqt\*(Aq, \*(Aqp\*(Aq, \*(Aq/\*(Aq, \*(Aq1\*(Aq, \*(Aq.\*(Aq, \*(Aq1\*(Aq +\& }; +\& unsigned int length = sizeof(vector); +.Ve +.PP +The \s-1ALPN\s0 callback is executed after the servername callback; as that servername +callback may update the \s-1SSL_CTX\s0, and subsequently, the \s-1ALPN\s0 callback. +.PP +If there is no \s-1ALPN\s0 proposed in the ClientHello, the \s-1ALPN\s0 callback is not +invoked. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_alpn_protos()\fR and \fISSL_set_alpn_protos()\fR return 0 on success, and +non\-0 on failure. \s-1WARNING:\s0 these functions reverse the return value convention. +.PP +\&\fISSL_select_next_proto()\fR returns one of the following: +.IP "\s-1OPENSSL_NPN_NEGOTIATED\s0" 4 +.IX Item "OPENSSL_NPN_NEGOTIATED" +A match was found and is returned in \fBout\fR, \fBoutlen\fR. +.IP "\s-1OPENSSL_NPN_NO_OVERLAP\s0" 4 +.IX Item "OPENSSL_NPN_NO_OVERLAP" +No match was found. The first item in \fBclient\fR, \fBclient_len\fR is returned in +\&\fBout\fR, \fBoutlen\fR. +.PP +The \s-1ALPN\s0 select callback \fBcb\fR, must return one of the following: +.IP "\s-1SSL_TLSEXT_ERR_OK\s0" 4 +.IX Item "SSL_TLSEXT_ERR_OK" +\&\s-1ALPN\s0 protocol selected. +.IP "\s-1SSL_TLSEXT_ERR_ALERT_FATAL\s0" 4 +.IX Item "SSL_TLSEXT_ERR_ALERT_FATAL" +There was no overlap between the client's supplied list and the server +configuration. +.IP "\s-1SSL_TLSEXT_ERR_NOACK\s0" 4 +.IX Item "SSL_TLSEXT_ERR_NOACK" +\&\s-1ALPN\s0 protocol not selected, e.g., because no \s-1ALPN\s0 protocols are configured for +this connection. +.PP +The callback set using \fISSL_CTX_set_next_proto_select_cb()\fR should return +\&\fB\s-1SSL_TLSEXT_ERR_OK\s0\fR if successful. Any other value is fatal to the connection. +.PP +The callback set using \fISSL_CTX_set_next_protos_advertised_cb()\fR should return +\&\fB\s-1SSL_TLSEXT_ERR_OK\s0\fR if it wishes to advertise. Otherwise, no such extension +will be included in the ServerHello. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_CTX_set_tlsext_servername_callback\fR\|(3), +\&\fISSL_CTX_set_tlsext_servername_arg\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CTX_set_cert_cb.3 b/linux_amd64/share/man/man3/SSL_CTX_set_cert_cb.3 new file mode 100755 index 0000000..0ffc766 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CTX_set_cert_cb.3 @@ -0,0 +1,204 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_CERT_CB 3" +.TH SSL_CTX_SET_CERT_CB 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_cert_cb, SSL_set_cert_cb \- handle certificate callback function +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cert_cb)(SSL *ssl, void *arg), +\& void *arg); +\& void SSL_set_cert_cb(SSL *s, int (*cert_cb)(SSL *ssl, void *arg), void *arg); +\& +\& int (*cert_cb)(SSL *ssl, void *arg); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_cert_cb()\fR and \fISSL_set_cert_cb()\fR sets the \fIcert_cb()\fR callback, +\&\fBarg\fR value is pointer which is passed to the application callback. +.PP +When \fIcert_cb()\fR is \s-1NULL\s0, no callback function is used. +.PP +\&\fIcert_cb()\fR is the application defined callback. It is called before a +certificate will be used by a client or server. The callback can then inspect +the passed \fBssl\fR structure and set or clear any appropriate certificates. If +the callback is successful it \fB\s-1MUST\s0\fR return 1 even if no certificates have +been set. A zero is returned on error which will abort the handshake with a +fatal internal error alert. A negative return value will suspend the handshake +and the handshake function will return immediately. +\&\fISSL_get_error\fR\|(3) will return \s-1SSL_ERROR_WANT_X509_LOOKUP\s0 to +indicate, that the handshake was suspended. The next call to the handshake +function will again lead to the call of \fIcert_cb()\fR. It is the job of the +\&\fIcert_cb()\fR to store information about the state of the last call, +if required to continue. +.SH "NOTES" +.IX Header "NOTES" +An application will typically call \fISSL_use_certificate()\fR and +\&\fISSL_use_PrivateKey()\fR to set the end entity certificate and private key. +It can add intermediate and optionally the root \s-1CA\s0 certificates using +\&\fISSL_add1_chain_cert()\fR. +.PP +It might also call \fISSL_certs_clear()\fR to delete any certificates associated +with the \fB\s-1SSL\s0\fR object. +.PP +The certificate callback functionality supersedes the (largely broken) +functionality provided by the old client certificate callback interface. +It is \fBalways\fR called even is a certificate is already set so the callback +can modify or delete the existing certificate. +.PP +A more advanced callback might examine the handshake parameters and set +whatever chain is appropriate. For example a legacy client supporting only +TLSv1.0 might receive a certificate chain signed using \s-1SHA1\s0 whereas a +TLSv1.2 or later client which advertises support for \s-1SHA256\s0 could receive a +chain using \s-1SHA256\s0. +.PP +Normal server sanity checks are performed on any certificates set +by the callback. So if an \s-1EC\s0 chain is set for a curve the client does not +support it will \fBnot\fR be used. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_cert_cb()\fR and \fISSL_set_cert_cb()\fR do not return values. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_use_certificate\fR\|(3), +\&\fISSL_add1_chain_cert\fR\|(3), +\&\fISSL_get_client_CA_list\fR\|(3), +\&\fISSL_clear\fR\|(3), \fISSL_free\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2014\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CTX_set_cert_store.3 b/linux_amd64/share/man/man3/SSL_CTX_set_cert_store.3 new file mode 100755 index 0000000..87e296c --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CTX_set_cert_store.3 @@ -0,0 +1,210 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_CERT_STORE 3" +.TH SSL_CTX_SET_CERT_STORE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_cert_store, SSL_CTX_set1_cert_store, SSL_CTX_get_cert_store \- manipulate X509 certificate verification storage +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store); +\& void SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *store); +\& X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_cert_store()\fR sets/replaces the certificate verification storage +of \fBctx\fR to/with \fBstore\fR. If another X509_STORE object is currently +set in \fBctx\fR, it will be \fIX509_STORE_free()\fRed. +.PP +\&\fISSL_CTX_set1_cert_store()\fR sets/replaces the certificate verification storage +of \fBctx\fR to/with \fBstore\fR. The \fBstore\fR's reference count is incremented. +If another X509_STORE object is currently set in \fBctx\fR, it will be \fIX509_STORE_free()\fRed. +.PP +\&\fISSL_CTX_get_cert_store()\fR returns a pointer to the current certificate +verification storage. +.SH "NOTES" +.IX Header "NOTES" +In order to verify the certificates presented by the peer, trusted \s-1CA\s0 +certificates must be accessed. These \s-1CA\s0 certificates are made available +via lookup methods, handled inside the X509_STORE. From the X509_STORE +the X509_STORE_CTX used when verifying certificates is created. +.PP +Typically the trusted certificate store is handled indirectly via using +\&\fISSL_CTX_load_verify_locations\fR\|(3). +Using the \fISSL_CTX_set_cert_store()\fR and \fISSL_CTX_get_cert_store()\fR functions +it is possible to manipulate the X509_STORE object beyond the +\&\fISSL_CTX_load_verify_locations\fR\|(3) +call. +.PP +Currently no detailed documentation on how to use the X509_STORE +object is available. Not all members of the X509_STORE are used when +the verification takes place. So will e.g. the \fIverify_callback()\fR be +overridden with the \fIverify_callback()\fR set via the +\&\fISSL_CTX_set_verify\fR\|(3) family of functions. +This document must therefore be updated when documentation about the +X509_STORE object and its handling becomes available. +.PP +\&\fISSL_CTX_set_cert_store()\fR does not increment the \fBstore\fR's reference +count, so it should not be used to assign an X509_STORE that is owned +by another \s-1SSL_CTX\s0. +.PP +To share X509_STOREs between two SSL_CTXs, use \fISSL_CTX_get_cert_store()\fR +to get the X509_STORE from the first \s-1SSL_CTX\s0, and then use +\&\fISSL_CTX_set1_cert_store()\fR to assign to the second \s-1SSL_CTX\s0 and +increment the reference count of the X509_STORE. +.SH "RESTRICTIONS" +.IX Header "RESTRICTIONS" +The X509_STORE structure used by an \s-1SSL_CTX\s0 is used for verifying peer +certificates and building certificate chains, it is also shared by +every child \s-1SSL\s0 structure. Applications wanting finer control can use +functions such as \fISSL_CTX_set1_verify_cert_store()\fR instead. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_cert_store()\fR does not return diagnostic output. +.PP +\&\fISSL_CTX_set1_cert_store()\fR does not return diagnostic output. +.PP +\&\fISSL_CTX_get_cert_store()\fR returns the current setting. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_CTX_load_verify_locations\fR\|(3), +\&\fISSL_CTX_set_verify\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CTX_set_cert_verify_callback.3 b/linux_amd64/share/man/man3/SSL_CTX_set_cert_verify_callback.3 new file mode 100755 index 0000000..703a4d5 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CTX_set_cert_verify_callback.3 @@ -0,0 +1,200 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_CERT_VERIFY_CALLBACK 3" +.TH SSL_CTX_SET_CERT_VERIFY_CALLBACK 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_cert_verify_callback \- set peer certificate verification procedure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, +\& int (*callback)(X509_STORE_CTX *, void *), +\& void *arg); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_cert_verify_callback()\fR sets the verification callback function for +\&\fIctx\fR. \s-1SSL\s0 objects that are created from \fIctx\fR inherit the setting valid at +the time when \fISSL_new\fR\|(3) is called. +.SH "NOTES" +.IX Header "NOTES" +Whenever a certificate is verified during a \s-1SSL/TLS\s0 handshake, a verification +function is called. If the application does not explicitly specify a +verification callback function, the built-in verification function is used. +If a verification callback \fIcallback\fR is specified via +\&\fISSL_CTX_set_cert_verify_callback()\fR, the supplied callback function is called +instead. By setting \fIcallback\fR to \s-1NULL\s0, the default behaviour is restored. +.PP +When the verification must be performed, \fIcallback\fR will be called with +the arguments callback(X509_STORE_CTX *x509_store_ctx, void *arg). The +argument \fIarg\fR is specified by the application when setting \fIcallback\fR. +.PP +\&\fIcallback\fR should return 1 to indicate verification success and 0 to +indicate verification failure. If \s-1SSL_VERIFY_PEER\s0 is set and \fIcallback\fR +returns 0, the handshake will fail. As the verification procedure may +allow the connection to continue in the case of failure (by always +returning 1) the verification result must be set in any case using the +\&\fBerror\fR member of \fIx509_store_ctx\fR so that the calling application +will be informed about the detailed result of the verification procedure! +.PP +Within \fIx509_store_ctx\fR, \fIcallback\fR has access to the \fIverify_callback\fR +function set using \fISSL_CTX_set_verify\fR\|(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_cert_verify_callback()\fR does not return a value. +.SH "WARNINGS" +.IX Header "WARNINGS" +Do not mix the verification callback described in this function with the +\&\fBverify_callback\fR function called during the verification process. The +latter is set using the \fISSL_CTX_set_verify\fR\|(3) +family of functions. +.PP +Providing a complete verification procedure including certificate purpose +settings etc is a complex task. The built-in procedure is quite powerful +and in most cases it should be sufficient to modify its behaviour using +the \fBverify_callback\fR function. +.SH "BUGS" +.IX Header "BUGS" +\&\fISSL_CTX_set_cert_verify_callback()\fR does not provide diagnostic information. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_CTX_set_verify\fR\|(3), +\&\fISSL_get_verify_result\fR\|(3), +\&\fISSL_CTX_load_verify_locations\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CTX_set_cipher_list.3 b/linux_amd64/share/man/man3/SSL_CTX_set_cipher_list.3 new file mode 100755 index 0000000..05a2053 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CTX_set_cipher_list.3 @@ -0,0 +1,248 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_CIPHER_LIST 3" +.TH SSL_CTX_SET_CIPHER_LIST 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_cipher_list, +SSL_set_cipher_list, +SSL_CTX_set_ciphersuites, +SSL_set_ciphersuites, +OSSL_default_cipher_list, +OSSL_default_ciphersuites +\&\- choose list of available SSL_CIPHERs +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str); +\& int SSL_set_cipher_list(SSL *ssl, const char *str); +\& +\& int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str); +\& int SSL_set_ciphersuites(SSL *s, const char *str); +\& +\& const char *OSSL_default_cipher_list(void); +\& const char *OSSL_default_ciphersuites(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_cipher_list()\fR sets the list of available ciphers (TLSv1.2 and below) +for \fBctx\fR using the control string \fBstr\fR. The format of the string is described +in \fIopenssl\-ciphers\fR\|(1). The list of ciphers is inherited by all +\&\fBssl\fR objects created from \fBctx\fR. This function does not impact TLSv1.3 +ciphersuites. Use \fISSL_CTX_set_ciphersuites()\fR to configure those. +.PP +\&\fISSL_set_cipher_list()\fR sets the list of ciphers (TLSv1.2 and below) only for +\&\fBssl\fR. +.PP +\&\fISSL_CTX_set_ciphersuites()\fR is used to configure the available TLSv1.3 +ciphersuites for \fBctx\fR. This is a simple colon (\*(L":\*(R") separated list of TLSv1.3 +ciphersuite names in order of preference. Valid TLSv1.3 ciphersuite names are: +.IP "\s-1TLS_AES_128_GCM_SHA256\s0" 4 +.IX Item "TLS_AES_128_GCM_SHA256" +.PD 0 +.IP "\s-1TLS_AES_256_GCM_SHA384\s0" 4 +.IX Item "TLS_AES_256_GCM_SHA384" +.IP "\s-1TLS_CHACHA20_POLY1305_SHA256\s0" 4 +.IX Item "TLS_CHACHA20_POLY1305_SHA256" +.IP "\s-1TLS_AES_128_CCM_SHA256\s0" 4 +.IX Item "TLS_AES_128_CCM_SHA256" +.IP "\s-1TLS_AES_128_CCM_8_SHA256\s0" 4 +.IX Item "TLS_AES_128_CCM_8_SHA256" +.PD +.PP +An empty list is permissible. The default value for the this setting is: +.PP +\&\*(L"\s-1TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256\s0\*(R" +.PP +\&\fISSL_set_ciphersuites()\fR is the same as \fISSL_CTX_set_ciphersuites()\fR except it +configures the ciphersuites for \fBssl\fR. +.PP +\&\fIOSSL_default_cipher_list()\fR returns the default cipher string for TLSv1.2 +(and earlier) ciphers. \fIOSSL_default_ciphersuites()\fR returns the default +cipher string for TLSv1.3 ciphersuites. +.SH "NOTES" +.IX Header "NOTES" +The control string \fBstr\fR for \fISSL_CTX_set_cipher_list()\fR and +\&\fISSL_set_cipher_list()\fR should be universally usable and not depend +on details of the library configuration (ciphers compiled in). Thus no +syntax checking takes place. Items that are not recognized, because the +corresponding ciphers are not compiled in or because they are mistyped, +are simply ignored. Failure is only flagged if no ciphers could be collected +at all. +.PP +It should be noted, that inclusion of a cipher to be used into the list is +a necessary condition. On the client side, the inclusion into the list is +also sufficient unless the security level excludes it. On the server side, +additional restrictions apply. All ciphers have additional requirements. +\&\s-1ADH\s0 ciphers don't need a certificate, but DH-parameters must have been set. +All other ciphers need a corresponding certificate and key. +.PP +A \s-1RSA\s0 cipher can only be chosen, when a \s-1RSA\s0 certificate is available. +\&\s-1RSA\s0 ciphers using \s-1DHE\s0 need a certificate and key and additional DH-parameters +(see \fISSL_CTX_set_tmp_dh_callback\fR\|(3)). +.PP +A \s-1DSA\s0 cipher can only be chosen, when a \s-1DSA\s0 certificate is available. +\&\s-1DSA\s0 ciphers always use \s-1DH\s0 key exchange and therefore need DH-parameters +(see \fISSL_CTX_set_tmp_dh_callback\fR\|(3)). +.PP +When these conditions are not met for any cipher in the list (e.g. a +client only supports export \s-1RSA\s0 ciphers with an asymmetric key length +of 512 bits and the server is not configured to use temporary \s-1RSA\s0 +keys), the \*(L"no shared cipher\*(R" (\s-1SSL_R_NO_SHARED_CIPHER\s0) error is generated +and the handshake will fail. +.PP +\&\fIOSSL_default_cipher_list()\fR and \fIOSSL_default_ciphersuites()\fR replace +\&\s-1SSL_DEFAULT_CIPHER_LIST\s0 and \s-1TLS_DEFAULT_CIPHERSUITES\s0, respectively. The +cipher list defines are deprecated as of 3.0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_cipher_list()\fR and \fISSL_set_cipher_list()\fR return 1 if any cipher +could be selected and 0 on complete failure. +.PP +\&\fISSL_CTX_set_ciphersuites()\fR and \fISSL_set_ciphersuites()\fR return 1 if the requested +ciphersuite list was configured, and 0 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_get_ciphers\fR\|(3), +\&\fISSL_CTX_use_certificate\fR\|(3), +\&\fISSL_CTX_set_tmp_dh_callback\fR\|(3), +\&\fIopenssl\-ciphers\fR\|(1) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIOSSL_default_cipher_list()\fR and \fIOSSL_default_ciphersites()\fR are new in 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CTX_set_client_cert_cb.3 b/linux_amd64/share/man/man3/SSL_CTX_set_client_cert_cb.3 new file mode 100755 index 0000000..163ccdc --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CTX_set_client_cert_cb.3 @@ -0,0 +1,232 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_CLIENT_CERT_CB 3" +.TH SSL_CTX_SET_CLIENT_CERT_CB 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_client_cert_cb, SSL_CTX_get_client_cert_cb \- handle client certificate callback function +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, +\& int (*client_cert_cb)(SSL *ssl, X509 **x509, +\& EVP_PKEY **pkey)); +\& int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, +\& EVP_PKEY **pkey); +\& int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_client_cert_cb()\fR sets the \fIclient_cert_cb()\fR callback, that is +called when a client certificate is requested by a server and no certificate +was yet set for the \s-1SSL\s0 object. +.PP +When \fIclient_cert_cb()\fR is \s-1NULL\s0, no callback function is used. +.PP +\&\fISSL_CTX_get_client_cert_cb()\fR returns a pointer to the currently set callback +function. +.PP +\&\fIclient_cert_cb()\fR is the application defined callback. If it wants to +set a certificate, a certificate/private key combination must be set +using the \fBx509\fR and \fBpkey\fR arguments and \*(L"1\*(R" must be returned. The +certificate will be installed into \fBssl\fR, see the \s-1NOTES\s0 and \s-1BUGS\s0 sections. +If no certificate should be set, \*(L"0\*(R" has to be returned and no certificate +will be sent. A negative return value will suspend the handshake and the +handshake function will return immediately. \fISSL_get_error\fR\|(3) +will return \s-1SSL_ERROR_WANT_X509_LOOKUP\s0 to indicate, that the handshake was +suspended. The next call to the handshake function will again lead to the call +of \fIclient_cert_cb()\fR. It is the job of the \fIclient_cert_cb()\fR to store information +about the state of the last call, if required to continue. +.SH "NOTES" +.IX Header "NOTES" +During a handshake (or renegotiation) a server may request a certificate +from the client. A client certificate must only be sent, when the server +did send the request. +.PP +When a certificate was set using the +\&\fISSL_CTX_use_certificate\fR\|(3) family of functions, +it will be sent to the server. The \s-1TLS\s0 standard requires that only a +certificate is sent, if it matches the list of acceptable CAs sent by the +server. This constraint is violated by the default behavior of the OpenSSL +library. Using the callback function it is possible to implement a proper +selection routine or to allow a user interaction to choose the certificate to +be sent. +.PP +If a callback function is defined and no certificate was yet defined for the +\&\s-1SSL\s0 object, the callback function will be called. +If the callback function returns a certificate, the OpenSSL library +will try to load the private key and certificate data into the \s-1SSL\s0 +object using the \fISSL_use_certificate()\fR and \fISSL_use_private_key()\fR functions. +Thus it will permanently install the certificate and key for this \s-1SSL\s0 +object. It will not be reset by calling \fISSL_clear\fR\|(3). +If the callback returns no certificate, the OpenSSL library will not send +a certificate. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_get_client_cert_cb()\fR returns function pointer of \fIclient_cert_cb()\fR or +\&\s-1NULL\s0 if the callback is not set. +.SH "BUGS" +.IX Header "BUGS" +The \fIclient_cert_cb()\fR cannot return a complete certificate chain, it can +only return one client certificate. If the chain only has a length of 2, +the root \s-1CA\s0 certificate may be omitted according to the \s-1TLS\s0 standard and +thus a standard conforming answer can be sent to the server. For a +longer chain, the client must send the complete chain (with the option +to leave out the root \s-1CA\s0 certificate). This can only be accomplished by +either adding the intermediate \s-1CA\s0 certificates into the trusted +certificate store for the \s-1SSL_CTX\s0 object (resulting in having to add +\&\s-1CA\s0 certificates that otherwise maybe would not be trusted), or by adding +the chain certificates using the +\&\fISSL_CTX_add_extra_chain_cert\fR\|(3) +function, which is only available for the \s-1SSL_CTX\s0 object as a whole and that +therefore probably can only apply for one client certificate, making +the concept of the callback function (to allow the choice from several +certificates) questionable. +.PP +Once the \s-1SSL\s0 object has been used in conjunction with the callback function, +the certificate will be set for the \s-1SSL\s0 object and will not be cleared +even when \fISSL_clear\fR\|(3) is being called. It is therefore +mandatory to destroy the \s-1SSL\s0 object using \fISSL_free\fR\|(3) +and create a new one to return to the previous state. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_CTX_use_certificate\fR\|(3), +\&\fISSL_CTX_add_extra_chain_cert\fR\|(3), +\&\fISSL_get_client_CA_list\fR\|(3), +\&\fISSL_clear\fR\|(3), \fISSL_free\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CTX_set_client_hello_cb.3 b/linux_amd64/share/man/man3/SSL_CTX_set_client_hello_cb.3 new file mode 100755 index 0000000..b60cb10 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CTX_set_client_hello_cb.3 @@ -0,0 +1,253 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_CLIENT_HELLO_CB 3" +.TH SSL_CTX_SET_CLIENT_HELLO_CB 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_client_hello_cb, SSL_client_hello_cb_fn, SSL_client_hello_isv2, SSL_client_hello_get0_legacy_version, SSL_client_hello_get0_random, SSL_client_hello_get0_session_id, SSL_client_hello_get0_ciphers, SSL_client_hello_get0_compression_methods, SSL_client_hello_get1_extensions_present, SSL_client_hello_get0_ext \- callback functions for early server\-side ClientHello processing +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 10 +\& typedef int (*SSL_client_hello_cb_fn)(SSL *s, int *al, void *arg); +\& void SSL_CTX_set_client_hello_cb(SSL_CTX *c, SSL_client_hello_cb_fn *f, +\& void *arg); +\& int SSL_client_hello_isv2(SSL *s); +\& unsigned int SSL_client_hello_get0_legacy_version(SSL *s); +\& size_t SSL_client_hello_get0_random(SSL *s, const unsigned char **out); +\& size_t SSL_client_hello_get0_session_id(SSL *s, const unsigned char **out); +\& size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out); +\& size_t SSL_client_hello_get0_compression_methods(SSL *s, +\& const unsigned char **out); +\& int SSL_client_hello_get1_extensions_present(SSL *s, int **out, +\& size_t *outlen); +\& int SSL_client_hello_get0_ext(SSL *s, int type, const unsigned char **out, +\& size_t *outlen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_client_hello_cb()\fR sets the callback function, which is automatically +called during the early stages of ClientHello processing on the server. +The argument supplied when setting the callback is passed back to the +callback at run time. A callback that returns failure (0) will cause the +connection to terminate, and callbacks returning failure should indicate +what alert value is to be sent in the \fBal\fR parameter. A callback may +also return a negative value to suspend the handshake, and the handshake +function will return immediately. \fISSL_get_error\fR\|(3) will return +\&\s-1SSL_ERROR_WANT_CLIENT_HELLO_CB\s0 to indicate that the handshake was suspended. +It is the job of the ClientHello callback to store information about the state +of the last call if needed to continue. On the next call into the handshake +function, the ClientHello callback will be called again, and, if it returns +success, normal handshake processing will continue from that point. +.PP +\&\fISSL_client_hello_isv2()\fR indicates whether the ClientHello was carried in a +SSLv2 record and is in the SSLv2 format. The SSLv2 format has substantial +differences from the normal SSLv3 format, including using three bytes per +cipher suite, and not allowing extensions. Additionally, the SSLv2 format +\&'challenge' field is exposed via \fISSL_client_hello_get0_random()\fR, padded to +\&\s-1SSL3_RANDOM_SIZE\s0 bytes with zeros if needed. For SSLv2 format ClientHellos, +\&\fISSL_client_hello_get0_compression_methods()\fR returns a dummy list that only includes +the null compression method, since the SSLv2 format does not include a +mechanism by which to negotiate compression. +.PP +\&\fISSL_client_hello_get0_random()\fR, \fISSL_client_hello_get0_session_id()\fR, +\&\fISSL_client_hello_get0_ciphers()\fR, and +\&\fISSL_client_hello_get0_compression_methods()\fR provide access to the corresponding +ClientHello fields, returning the field length and optionally setting an out +pointer to the octets of that field. +.PP +Similarly, \fISSL_client_hello_get0_ext()\fR provides access to individual extensions +from the ClientHello on a per-extension basis. For the provided wire +protocol extension type value, the extension value and length are returned +in the output parameters (if present). +.PP +\&\fISSL_client_hello_get1_extensions_present()\fR can be used prior to +\&\fISSL_client_hello_get0_ext()\fR, to determine which extensions are present in the +ClientHello before querying for them. The \fBout\fR and \fBoutlen\fR parameters are +both required, and on success the caller must release the storage allocated for +\&\fB*out\fR using \fIOPENSSL_free()\fR. The contents of \fB*out\fR is an array of integers +holding the numerical value of the \s-1TLS\s0 extension types in the order they appear +in the ClientHello. \fB*outlen\fR contains the number of elements in the array. +In situations when the ClientHello has no extensions, the function will return +success with \fB*out\fR set to \s-1NULL\s0 and \fB*outlen\fR set to 0. +.SH "NOTES" +.IX Header "NOTES" +The ClientHello callback provides a vast window of possibilities for application +code to affect the \s-1TLS\s0 handshake. A primary use of the callback is to +allow the server to examine the server name indication extension provided +by the client in order to select an appropriate certificate to present, +and make other configuration adjustments relevant to that server name +and its configuration. Such configuration changes can include swapping out +the associated \s-1SSL_CTX\s0 pointer, modifying the server's list of permitted \s-1TLS\s0 +versions, changing the server's cipher list in response to the client's +cipher list, etc. +.PP +It is also recommended that applications utilize a ClientHello callback and +not use a servername callback, in order to avoid unexpected behavior that +occurs due to the relative order of processing between things like session +resumption and the historical servername callback. +.PP +The SSL_client_hello_* family of functions may only be called from code executing +within a ClientHello callback. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The application's supplied ClientHello callback returns +\&\s-1SSL_CLIENT_HELLO_SUCCESS\s0 on success, \s-1SSL_CLIENT_HELLO_ERROR\s0 on failure, and +\&\s-1SSL_CLIENT_HELLO_RETRY\s0 to suspend processing. +.PP +\&\fISSL_client_hello_isv2()\fR returns 1 for SSLv2\-format ClientHellos and 0 otherwise. +.PP +\&\fISSL_client_hello_get0_random()\fR, \fISSL_client_hello_get0_session_id()\fR, +\&\fISSL_client_hello_get0_ciphers()\fR, and +\&\fISSL_client_hello_get0_compression_methods()\fR return the length of the +corresponding ClientHello fields. If zero is returned, the output pointer +should not be assumed to be valid. +.PP +\&\fISSL_client_hello_get0_ext()\fR returns 1 if the extension of type 'type' is present, and +0 otherwise. +.PP +\&\fISSL_client_hello_get1_extensions_present()\fR returns 1 on success and 0 on failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_CTX_set_tlsext_servername_callback\fR\|(3), +\&\fISSL_bytes_to_cipher_list\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \s-1SSL\s0 ClientHello callback, \fISSL_client_hello_isv2()\fR, +\&\fISSL_client_hello_get0_random()\fR, \fISSL_client_hello_get0_session_id()\fR, +\&\fISSL_client_hello_get0_ciphers()\fR, \fISSL_client_hello_get0_compression_methods()\fR, +\&\fISSL_client_hello_get0_ext()\fR, and \fISSL_client_hello_get1_extensions_present()\fR +were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CTX_set_ct_validation_callback.3 b/linux_amd64/share/man/man3/SSL_CTX_set_ct_validation_callback.3 new file mode 100755 index 0000000..3a1f59f --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CTX_set_ct_validation_callback.3 @@ -0,0 +1,266 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_CT_VALIDATION_CALLBACK 3" +.TH SSL_CTX_SET_CT_VALIDATION_CALLBACK 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ssl_ct_validation_cb, +SSL_enable_ct, SSL_CTX_enable_ct, SSL_disable_ct, SSL_CTX_disable_ct, +SSL_set_ct_validation_callback, SSL_CTX_set_ct_validation_callback, +SSL_ct_is_enabled, SSL_CTX_ct_is_enabled \- +control Certificate Transparency policy +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef int (*ssl_ct_validation_cb)(const CT_POLICY_EVAL_CTX *ctx, +\& const STACK_OF(SCT) *scts, void *arg); +\& +\& int SSL_enable_ct(SSL *s, int validation_mode); +\& int SSL_CTX_enable_ct(SSL_CTX *ctx, int validation_mode); +\& int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback, +\& void *arg); +\& int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx, +\& ssl_ct_validation_cb callback, +\& void *arg); +\& void SSL_disable_ct(SSL *s); +\& void SSL_CTX_disable_ct(SSL_CTX *ctx); +\& int SSL_ct_is_enabled(const SSL *s); +\& int SSL_CTX_ct_is_enabled(const SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_enable_ct()\fR and \fISSL_CTX_enable_ct()\fR enable the processing of signed +certificate timestamps (SCTs) either for a given \s-1SSL\s0 connection or for all +connections that share the given \s-1SSL\s0 context, respectively. +This is accomplished by setting a built-in \s-1CT\s0 validation callback. +The behaviour of the callback is determined by the \fBvalidation_mode\fR argument, +which can be either of \fB\s-1SSL_CT_VALIDATION_PERMISSIVE\s0\fR or +\&\fB\s-1SSL_CT_VALIDATION_STRICT\s0\fR as described below. +.PP +If \fBvalidation_mode\fR is equal to \fB\s-1SSL_CT_VALIDATION_STRICT\s0\fR, then in a full +\&\s-1TLS\s0 handshake with the verification mode set to \fB\s-1SSL_VERIFY_PEER\s0\fR, if the peer +presents no valid SCTs the handshake will be aborted. +If the verification mode is \fB\s-1SSL_VERIFY_NONE\s0\fR, the handshake will continue +despite lack of valid SCTs. +However, in that case if the verification status before the built-in callback +was \fBX509_V_OK\fR it will be set to \fBX509_V_ERR_NO_VALID_SCTS\fR after the +callback. +Applications can call \fISSL_get_verify_result\fR\|(3) to check the status at +handshake completion, even after session resumption since the verification +status is part of the saved session state. +See \fISSL_set_verify\fR\|(3), <\fISSL_get_verify_result\fR\|(3)>, \fISSL_session_reused\fR\|(3). +.PP +If \fBvalidation_mode\fR is equal to \fB\s-1SSL_CT_VALIDATION_PERMISSIVE\s0\fR, then the +handshake continues, and the verification status is not modified, regardless of +the validation status of any SCTs. +The application can still inspect the validation status of the SCTs at +handshake completion. +Note that with session resumption there will not be any SCTs presented during +the handshake. +Therefore, in applications that delay \s-1SCT\s0 policy enforcement until after +handshake completion, such delayed \s-1SCT\s0 checks should only be performed when the +session is not resumed. +.PP +\&\fISSL_set_ct_validation_callback()\fR and \fISSL_CTX_set_ct_validation_callback()\fR +register a custom callback that may implement a different policy than either of +the above. +This callback can examine the peer's SCTs and determine whether they are +sufficient to allow the connection to continue. +The \s-1TLS\s0 handshake is aborted if the verification mode is not \fB\s-1SSL_VERIFY_NONE\s0\fR +and the callback returns a non-positive result. +.PP +An arbitrary callback data argument, \fBarg\fR, can be passed in when setting +the callback. +This will be passed to the callback whenever it is invoked. +Ownership of this context remains with the caller. +.PP +If no callback is set, SCTs will not be requested and Certificate Transparency +validation will not occur. +.PP +No callback will be invoked when the peer presents no certificate, e.g. by +employing an anonymous (aNULL) cipher suite. +In that case the handshake continues as it would had no callback been +requested. +Callbacks are also not invoked when the peer certificate chain is invalid or +validated via \s-1\fIDANE\-TA\s0\fR\|(2) or \s-1\fIDANE\-EE\s0\fR\|(3) \s-1TLSA\s0 records which use a private X.509 +\&\s-1PKI\s0, or no X.509 \s-1PKI\s0 at all, respectively. +Clients that require SCTs are expected to not have enabled any aNULL ciphers +nor to have specified server verification via \s-1\fIDANE\-TA\s0\fR\|(2) or \s-1\fIDANE\-EE\s0\fR\|(3) \s-1TLSA\s0 +records. +.PP +\&\fISSL_disable_ct()\fR and \fISSL_CTX_disable_ct()\fR turn off \s-1CT\s0 processing, whether +enabled via the built-in or the custom callbacks, by setting a \s-1NULL\s0 callback. +These may be implemented as macros. +.PP +\&\fISSL_ct_is_enabled()\fR and \fISSL_CTX_ct_is_enabled()\fR return 1 if \s-1CT\s0 processing is +enabled via either \fISSL_enable_ct()\fR or a non-null custom callback, and 0 +otherwise. +.SH "NOTES" +.IX Header "NOTES" +When \s-1SCT\s0 processing is enabled, \s-1OCSP\s0 stapling will be enabled. This is because +one possible source of SCTs is the \s-1OCSP\s0 response from a server. +.PP +The time returned by \fISSL_SESSION_get_time()\fR will be used to evaluate whether any +presented SCTs have timestamps that are in the future (and therefore invalid). +.SH "RESTRICTIONS" +.IX Header "RESTRICTIONS" +Certificate Transparency validation cannot be enabled and so a callback cannot +be set if a custom client extension handler has been registered to handle \s-1SCT\s0 +extensions (\fBTLSEXT_TYPE_signed_certificate_timestamp\fR). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_enable_ct()\fR, \fISSL_CTX_enable_ct()\fR, \fISSL_CTX_set_ct_validation_callback()\fR and +\&\fISSL_set_ct_validation_callback()\fR return 1 if the \fBcallback\fR is successfully +set. +They return 0 if an error occurs, e.g. a custom client extension handler has +been setup to handle SCTs. +.PP +\&\fISSL_disable_ct()\fR and \fISSL_CTX_disable_ct()\fR do not return a result. +.PP +\&\fISSL_CTX_ct_is_enabled()\fR and \fISSL_ct_is_enabled()\fR return a 1 if a non-null \s-1CT\s0 +validation callback is set, or 0 if no callback (or equivalently a \s-1NULL\s0 +callback) is set. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +<\fISSL_get_verify_result\fR\|(3)>, +\&\fISSL_session_reused\fR\|(3), +\&\fISSL_set_verify\fR\|(3), +\&\fISSL_CTX_set_verify\fR\|(3), +\&\fISSL_SESSION_get_time\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CTX_set_ctlog_list_file.3 b/linux_amd64/share/man/man3/SSL_CTX_set_ctlog_list_file.3 new file mode 100755 index 0000000..7c037be --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CTX_set_ctlog_list_file.3 @@ -0,0 +1,175 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_CTLOG_LIST_FILE 3" +.TH SSL_CTX_SET_CTLOG_LIST_FILE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_default_ctlog_list_file, SSL_CTX_set_ctlog_list_file \- +load a Certificate Transparency log list from a file +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_set_default_ctlog_list_file(SSL_CTX *ctx); +\& int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_default_ctlog_list_file()\fR loads a list of Certificate Transparency +(\s-1CT\s0) logs from the default file location, \*(L"ct_log_list.cnf\*(R", found in the +directory where OpenSSL is installed. +.PP +\&\fISSL_CTX_set_ctlog_list_file()\fR loads a list of \s-1CT\s0 logs from a specific path. +See \fICTLOG_STORE_new\fR\|(3) for the file format. +.SH "NOTES" +.IX Header "NOTES" +These functions will not clear the existing \s-1CT\s0 log list \- it will be appended +to. To replace the existing list, use \fISSL_CTX_set0_ctlog_store\fR\|(3) first. +.PP +If an error occurs whilst parsing a particular log entry in the file, that log +entry will be skipped. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_default_ctlog_list_file()\fR and \fISSL_CTX_set_ctlog_list_file()\fR +return 1 if the log list is successfully loaded, and 0 if an error occurs. In +the case of an error, the log list may have been partially loaded. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_CTX_set_ct_validation_callback\fR\|(3), +\&\fICTLOG_STORE_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CTX_set_default_passwd_cb.3 b/linux_amd64/share/man/man3/SSL_CTX_set_default_passwd_cb.3 new file mode 100755 index 0000000..012c93c --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CTX_set_default_passwd_cb.3 @@ -0,0 +1,235 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_DEFAULT_PASSWD_CB 3" +.TH SSL_CTX_SET_DEFAULT_PASSWD_CB 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_default_passwd_cb, SSL_CTX_set_default_passwd_cb_userdata, +SSL_CTX_get_default_passwd_cb, SSL_CTX_get_default_passwd_cb_userdata, +SSL_set_default_passwd_cb, SSL_set_default_passwd_cb_userdata, +SSL_get_default_passwd_cb, SSL_get_default_passwd_cb_userdata \- set or +get passwd callback for encrypted PEM file handling +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb); +\& void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u); +\& pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx); +\& void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx); +\& +\& void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb); +\& void SSL_set_default_passwd_cb_userdata(SSL *s, void *u); +\& pem_password_cb *SSL_get_default_passwd_cb(SSL *s); +\& void *SSL_get_default_passwd_cb_userdata(SSL *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_default_passwd_cb()\fR sets the default password callback called +when loading/storing a \s-1PEM\s0 certificate with encryption. +.PP +\&\fISSL_CTX_set_default_passwd_cb_userdata()\fR sets a pointer to userdata, \fBu\fR, +which will be provided to the password callback on invocation. +.PP +\&\fISSL_CTX_get_default_passwd_cb()\fR returns a function pointer to the password +callback currently set in \fBctx\fR. If no callback was explicitly set, the +\&\s-1NULL\s0 pointer is returned. +.PP +\&\fISSL_CTX_get_default_passwd_cb_userdata()\fR returns a pointer to the userdata +currently set in \fBctx\fR. If no userdata was explicitly set, the \s-1NULL\s0 pointer +is returned. +.PP +\&\fISSL_set_default_passwd_cb()\fR, \fISSL_set_default_passwd_cb_userdata()\fR, +\&\fISSL_get_default_passwd_cb()\fR and \fISSL_get_default_passwd_cb_userdata()\fR perform +the same function as their \s-1SSL_CTX\s0 counterparts, but using an \s-1SSL\s0 object. +.PP +The password callback, which must be provided by the application, hands back the +password to be used during decryption. +On invocation a pointer to userdata +is provided. The function must store the password into the provided buffer +\&\fBbuf\fR which is of size \fBsize\fR. The actual length of the password must +be returned to the calling function. \fBrwflag\fR indicates whether the +callback is used for reading/decryption (rwflag=0) or writing/encryption +(rwflag=1). +For more details, see \fIpem_password_cb\fR\|(3). +.SH "NOTES" +.IX Header "NOTES" +When loading or storing private keys, a password might be supplied to +protect the private key. The way this password can be supplied may depend +on the application. If only one private key is handled, it can be practical +to have the callback handle the password dialog interactively. If several +keys have to be handled, it can be practical to ask for the password once, +then keep it in memory and use it several times. In the last case, the +password could be stored into the userdata storage and the +callback only returns the password already stored. +.PP +When asking for the password interactively, the callback can use +\&\fBrwflag\fR to check, whether an item shall be encrypted (rwflag=1). +In this case the password dialog may ask for the same password twice +for comparison in order to catch typos, that would make decryption +impossible. +.PP +Other items in \s-1PEM\s0 formatting (certificates) can also be encrypted, it is +however not usual, as certificate information is considered public. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions do not provide diagnostic information. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The following example returns the password provided as userdata to the +calling function. The password is considered to be a '\e0' terminated +string. If the password does not fit into the buffer, the password is +truncated. +.PP +.Vb 6 +\& int my_cb(char *buf, int size, int rwflag, void *u) +\& { +\& strncpy(buf, (char *)u, size); +\& buf[size \- 1] = \*(Aq\e0\*(Aq; +\& return strlen(buf); +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_CTX_use_certificate\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fISSL_CTX_get_default_passwd_cb()\fR, \fISSL_CTX_get_default_passwd_cb_userdata()\fR, +\&\fISSL_set_default_passwd_cb()\fR and \fISSL_set_default_passwd_cb_userdata()\fR were +added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CTX_set_generate_session_id.3 b/linux_amd64/share/man/man3/SSL_CTX_set_generate_session_id.3 new file mode 100755 index 0000000..c3c8bfd --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CTX_set_generate_session_id.3 @@ -0,0 +1,260 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_GENERATE_SESSION_ID 3" +.TH SSL_CTX_SET_GENERATE_SESSION_ID 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_generate_session_id, SSL_set_generate_session_id, +SSL_has_matching_session_id, GEN_SESSION_CB +\&\- manipulate generation of SSL session IDs (server only) +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef int (*GEN_SESSION_CB)(SSL *ssl, unsigned char *id, +\& unsigned int *id_len); +\& +\& int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb); +\& int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB, cb); +\& int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, +\& unsigned int id_len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_generate_session_id()\fR sets the callback function for generating +new session ids for \s-1SSL/TLS\s0 sessions for \fBctx\fR to be \fBcb\fR. +.PP +\&\fISSL_set_generate_session_id()\fR sets the callback function for generating +new session ids for \s-1SSL/TLS\s0 sessions for \fBssl\fR to be \fBcb\fR. +.PP +\&\fISSL_has_matching_session_id()\fR checks, whether a session with id \fBid\fR +(of length \fBid_len\fR) is already contained in the internal session cache +of the parent context of \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +When a new session is established between client and server, the server +generates a session id. The session id is an arbitrary sequence of bytes. +The length of the session id is between 1 and 32 bytes. The session id is not +security critical but must be unique for the server. Additionally, the session id is +transmitted in the clear when reusing the session so it must not contain +sensitive information. +.PP +Without a callback being set, an OpenSSL server will generate a unique +session id from pseudo random numbers of the maximum possible length. +Using the callback function, the session id can be changed to contain +additional information like e.g. a host id in order to improve load balancing +or external caching techniques. +.PP +The callback function receives a pointer to the memory location to put +\&\fBid\fR into and a pointer to the maximum allowed length \fBid_len\fR. The +buffer at location \fBid\fR is only guaranteed to have the size \fBid_len\fR. +The callback is only allowed to generate a shorter id and reduce \fBid_len\fR; +the callback \fBmust never\fR increase \fBid_len\fR or write to the location +\&\fBid\fR exceeding the given limit. +.PP +The location \fBid\fR is filled with 0x00 before the callback is called, so the +callback may only fill part of the possible length and leave \fBid_len\fR +untouched while maintaining reproducibility. +.PP +Since the sessions must be distinguished, session ids must be unique. +Without the callback a random number is used, so that the probability +of generating the same session id is extremely small (2^256 for SSLv3/TLSv1). +In order to assure the uniqueness of the generated session id, the callback must call +\&\fISSL_has_matching_session_id()\fR and generate another id if a conflict occurs. +If an id conflict is not resolved, the handshake will fail. +If the application codes e.g. a unique host id, a unique process number, and +a unique sequence number into the session id, uniqueness could easily be +achieved without randomness added (it should however be taken care that +no confidential information is leaked this way). If the application can not +guarantee uniqueness, it is recommended to use the maximum \fBid_len\fR and +fill in the bytes not used to code special information with random data +to avoid collisions. +.PP +\&\fISSL_has_matching_session_id()\fR will only query the internal session cache, +not the external one. Since the session id is generated before the +handshake is completed, it is not immediately added to the cache. If +another thread is using the same internal session cache, a race condition +can occur in that another thread generates the same session id. +Collisions can also occur when using an external session cache, since +the external cache is not tested with \fISSL_has_matching_session_id()\fR +and the same race condition applies. +.PP +The callback must return 0 if it cannot generate a session id for whatever +reason and return 1 on success. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_generate_session_id()\fR and \fISSL_set_generate_session_id()\fR +always return 1. +.PP +\&\fISSL_has_matching_session_id()\fR returns 1 if another session with the +same id is already in the cache. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The callback function listed will generate a session id with the +server id given, and will fill the rest with pseudo random bytes: +.PP +.Vb 1 +\& const char session_id_prefix = "www\-18"; +\& +\& #define MAX_SESSION_ID_ATTEMPTS 10 +\& static int generate_session_id(SSL *ssl, unsigned char *id, +\& unsigned int *id_len) +\& { +\& unsigned int count = 0; +\& +\& do { +\& RAND_pseudo_bytes(id, *id_len); +\& /* +\& * Prefix the session_id with the required prefix. NB: If our +\& * prefix is too long, clip it \- but there will be worse effects +\& * anyway, eg. the server could only possibly create 1 session +\& * ID (ie. the prefix!) so all future session negotiations will +\& * fail due to conflicts. +\& */ +\& memcpy(id, session_id_prefix, strlen(session_id_prefix) < *id_len ? +\& strlen(session_id_prefix) : *id_len); +\& } while (SSL_has_matching_session_id(ssl, id, *id_len) +\& && ++count < MAX_SESSION_ID_ATTEMPTS); +\& if (count >= MAX_SESSION_ID_ATTEMPTS) +\& return 0; +\& return 1; +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_get_version\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CTX_set_info_callback.3 b/linux_amd64/share/man/man3/SSL_CTX_set_info_callback.3 new file mode 100755 index 0000000..a7a0b54 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CTX_set_info_callback.3 @@ -0,0 +1,280 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_INFO_CALLBACK 3" +.TH SSL_CTX_SET_INFO_CALLBACK 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_info_callback, +SSL_CTX_get_info_callback, +SSL_set_info_callback, +SSL_get_info_callback +\&\- handle information callback for SSL connections +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*callback)()); +\& void (*SSL_CTX_get_info_callback(const SSL_CTX *ctx))(); +\& +\& void SSL_set_info_callback(SSL *ssl, void (*callback)()); +\& void (*SSL_get_info_callback(const SSL *ssl))(); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_info_callback()\fR sets the \fBcallback\fR function, that can be used to +obtain state information for \s-1SSL\s0 objects created from \fBctx\fR during connection +setup and use. The setting for \fBctx\fR is overridden from the setting for +a specific \s-1SSL\s0 object, if specified. +When \fBcallback\fR is \s-1NULL\s0, no callback function is used. +.PP +\&\fISSL_set_info_callback()\fR sets the \fBcallback\fR function, that can be used to +obtain state information for \fBssl\fR during connection setup and use. +When \fBcallback\fR is \s-1NULL\s0, the callback setting currently valid for +\&\fBctx\fR is used. +.PP +\&\fISSL_CTX_get_info_callback()\fR returns a pointer to the currently set information +callback function for \fBctx\fR. +.PP +\&\fISSL_get_info_callback()\fR returns a pointer to the currently set information +callback function for \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +When setting up a connection and during use, it is possible to obtain state +information from the \s-1SSL/TLS\s0 engine. When set, an information callback function +is called whenever a significant event occurs such as: the state changes, +an alert appears, or an error occurs. +.PP +The callback function is called as \fBcallback(\s-1SSL\s0 *ssl, int where, int ret)\fR. +The \fBwhere\fR argument specifies information about where (in which context) +the callback function was called. If \fBret\fR is 0, an error condition occurred. +If an alert is handled, \s-1SSL_CB_ALERT\s0 is set and \fBret\fR specifies the alert +information. +.PP +\&\fBwhere\fR is a bit-mask made up of the following bits: +.IP "\s-1SSL_CB_LOOP\s0" 4 +.IX Item "SSL_CB_LOOP" +Callback has been called to indicate state change or some other significant +state machine event. This may mean that the callback gets invoked more than once +per state in some situations. +.IP "\s-1SSL_CB_EXIT\s0" 4 +.IX Item "SSL_CB_EXIT" +Callback has been called to indicate exit of a handshake function. This will +happen after the end of a handshake, but may happen at other times too such as +on error or when \s-1IO\s0 might otherwise block and non-blocking is being used. +.IP "\s-1SSL_CB_READ\s0" 4 +.IX Item "SSL_CB_READ" +Callback has been called during read operation. +.IP "\s-1SSL_CB_WRITE\s0" 4 +.IX Item "SSL_CB_WRITE" +Callback has been called during write operation. +.IP "\s-1SSL_CB_ALERT\s0" 4 +.IX Item "SSL_CB_ALERT" +Callback has been called due to an alert being sent or received. +.IP "\s-1SSL_CB_READ_ALERT\s0 (SSL_CB_ALERT|SSL_CB_READ)" 4 +.IX Item "SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ)" +.PD 0 +.IP "\s-1SSL_CB_WRITE_ALERT\s0 (SSL_CB_ALERT|SSL_CB_WRITE)" 4 +.IX Item "SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE)" +.IP "\s-1SSL_CB_ACCEPT_LOOP\s0 (SSL_ST_ACCEPT|SSL_CB_LOOP)" 4 +.IX Item "SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP)" +.IP "\s-1SSL_CB_ACCEPT_EXIT\s0 (SSL_ST_ACCEPT|SSL_CB_EXIT)" 4 +.IX Item "SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT)" +.IP "\s-1SSL_CB_CONNECT_LOOP\s0 (SSL_ST_CONNECT|SSL_CB_LOOP)" 4 +.IX Item "SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP)" +.IP "\s-1SSL_CB_CONNECT_EXIT\s0 (SSL_ST_CONNECT|SSL_CB_EXIT)" 4 +.IX Item "SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT)" +.IP "\s-1SSL_CB_HANDSHAKE_START\s0" 4 +.IX Item "SSL_CB_HANDSHAKE_START" +.PD +Callback has been called because a new handshake is started. It also occurs when +resuming a handshake following a pause to handle early data. +.IP "\s-1SSL_CB_HANDSHAKE_DONE\s0" 4 +.IX Item "SSL_CB_HANDSHAKE_DONE" +Callback has been called because a handshake is finished. It also occurs if the +handshake is paused to allow the exchange of early data. +.PP +The current state information can be obtained using the +\&\fISSL_state_string\fR\|(3) family of functions. +.PP +The \fBret\fR information can be evaluated using the +\&\fISSL_alert_type_string\fR\|(3) family of functions. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_set_info_callback()\fR does not provide diagnostic information. +.PP +\&\fISSL_get_info_callback()\fR returns the current setting. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The following example callback function prints state strings, information +about alerts being handled and error messages to the \fBbio_err\fR \s-1BIO\s0. +.PP +.Vb 4 +\& void apps_ssl_info_callback(SSL *s, int where, int ret) +\& { +\& const char *str; +\& int w = where & ~SSL_ST_MASK; +\& +\& if (w & SSL_ST_CONNECT) +\& str = "SSL_connect"; +\& else if (w & SSL_ST_ACCEPT) +\& str = "SSL_accept"; +\& else +\& str = "undefined"; +\& +\& if (where & SSL_CB_LOOP) { +\& BIO_printf(bio_err, "%s:%s\en", str, SSL_state_string_long(s)); +\& } else if (where & SSL_CB_ALERT) { +\& str = (where & SSL_CB_READ) ? "read" : "write"; +\& BIO_printf(bio_err, "SSL3 alert %s:%s:%s\en", str, +\& SSL_alert_type_string_long(ret), +\& SSL_alert_desc_string_long(ret)); +\& } else if (where & SSL_CB_EXIT) { +\& if (ret == 0) { +\& BIO_printf(bio_err, "%s:failed in %s\en", +\& str, SSL_state_string_long(s)); +\& } else if (ret < 0) { +\& BIO_printf(bio_err, "%s:error in %s\en", +\& str, SSL_state_string_long(s)); +\& } +\& } +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_state_string\fR\|(3), +\&\fISSL_alert_type_string\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CTX_set_keylog_callback.3 b/linux_amd64/share/man/man3/SSL_CTX_set_keylog_callback.3 new file mode 100755 index 0000000..9ec3fd9 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CTX_set_keylog_callback.3 @@ -0,0 +1,175 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_KEYLOG_CALLBACK 3" +.TH SSL_CTX_SET_KEYLOG_CALLBACK 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_keylog_callback, SSL_CTX_get_keylog_callback, +SSL_CTX_keylog_cb_func \- logging TLS key material +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef void (*SSL_CTX_keylog_cb_func)(const SSL *ssl, const char *line); +\& +\& void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb); +\& SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_keylog_callback()\fR sets the \s-1TLS\s0 key logging callback. This callback +is called whenever \s-1TLS\s0 key material is generated or received, in order to allow +applications to store this keying material for debugging purposes. +.PP +\&\fISSL_CTX_get_keylog_callback()\fR retrieves the previously set \s-1TLS\s0 key logging +callback. If no callback has been set, this will return \s-1NULL\s0. When there is no +key logging callback, or if SSL_CTX_set_keylog_callback is called with \s-1NULL\s0 as +the value of cb, no logging of key material will be done. +.PP +The key logging callback is called with two items: the \fBssl\fR object associated +with the connection, and \fBline\fR, a string containing the key material in the +format used by \s-1NSS\s0 for its \fB\s-1SSLKEYLOGFILE\s0\fR debugging output. To recreate that +file, the key logging callback should log \fBline\fR, followed by a newline. +\&\fBline\fR will always be a NULL-terminated string. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_get_keylog_callback()\fR returns a pointer to \fBSSL_CTX_keylog_cb_func\fR or +\&\s-1NULL\s0 if the callback is not set. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CTX_set_max_cert_list.3 b/linux_amd64/share/man/man3/SSL_CTX_set_max_cert_list.3 new file mode 100755 index 0000000..23c250d --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CTX_set_max_cert_list.3 @@ -0,0 +1,204 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_MAX_CERT_LIST 3" +.TH SSL_CTX_SET_MAX_CERT_LIST 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_max_cert_list, SSL_CTX_get_max_cert_list, SSL_set_max_cert_list, SSL_get_max_cert_list \- manipulate allowed size for the peer's certificate chain +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_set_max_cert_list(SSL_CTX *ctx, long size); +\& long SSL_CTX_get_max_cert_list(SSL_CTX *ctx); +\& +\& long SSL_set_max_cert_list(SSL *ssl, long size); +\& long SSL_get_max_cert_list(SSL *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_max_cert_list()\fR sets the maximum size allowed for the peer's +certificate chain for all \s-1SSL\s0 objects created from \fBctx\fR to be bytes. +The \s-1SSL\s0 objects inherit the setting valid for \fBctx\fR at the time +\&\fISSL_new\fR\|(3) is being called. +.PP +\&\fISSL_CTX_get_max_cert_list()\fR returns the currently set maximum size for \fBctx\fR. +.PP +\&\fISSL_set_max_cert_list()\fR sets the maximum size allowed for the peer's +certificate chain for \fBssl\fR to be bytes. This setting stays valid +until a new value is set. +.PP +\&\fISSL_get_max_cert_list()\fR returns the currently set maximum size for \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +During the handshake process, the peer may send a certificate chain. +The \s-1TLS/SSL\s0 standard does not give any maximum size of the certificate chain. +The OpenSSL library handles incoming data by a dynamically allocated buffer. +In order to prevent this buffer from growing without bounds due to data +received from a faulty or malicious peer, a maximum size for the certificate +chain is set. +.PP +The default value for the maximum certificate chain size is 100kB (30kB +on the 16bit \s-1DOS\s0 platform). This should be sufficient for usual certificate +chains (OpenSSL's default maximum chain length is 10, see +\&\fISSL_CTX_set_verify\fR\|(3), and certificates +without special extensions have a typical size of 1\-2kB). +.PP +For special applications it can be necessary to extend the maximum certificate +chain size allowed to be sent by the peer, see e.g. the work on +\&\*(L"Internet X.509 Public Key Infrastructure Proxy Certificate Profile\*(R" +and \*(L"\s-1TLS\s0 Delegation Protocol\*(R" at http://www.ietf.org/ and +http://www.globus.org/ . +.PP +Under normal conditions it should never be necessary to set a value smaller +than the default, as the buffer is handled dynamically and only uses the +memory actually required by the data sent by the peer. +.PP +If the maximum certificate chain size allowed is exceeded, the handshake will +fail with a \s-1SSL_R_EXCESSIVE_MESSAGE_SIZE\s0 error. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_max_cert_list()\fR and \fISSL_set_max_cert_list()\fR return the previously +set value. +.PP +\&\fISSL_CTX_get_max_cert_list()\fR and \fISSL_get_max_cert_list()\fR return the currently +set value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_new\fR\|(3), +\&\fISSL_CTX_set_verify\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CTX_set_min_proto_version.3 b/linux_amd64/share/man/man3/SSL_CTX_set_min_proto_version.3 new file mode 100755 index 0000000..9f932a6 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CTX_set_min_proto_version.3 @@ -0,0 +1,195 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_MIN_PROTO_VERSION 3" +.TH SSL_CTX_SET_MIN_PROTO_VERSION 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_min_proto_version, SSL_CTX_set_max_proto_version, +SSL_CTX_get_min_proto_version, SSL_CTX_get_max_proto_version, +SSL_set_min_proto_version, SSL_set_max_proto_version, +SSL_get_min_proto_version, SSL_get_max_proto_version \- Get and set minimum +and maximum supported protocol version +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, int version); +\& int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, int version); +\& int SSL_CTX_get_min_proto_version(SSL_CTX *ctx); +\& int SSL_CTX_get_max_proto_version(SSL_CTX *ctx); +\& +\& int SSL_set_min_proto_version(SSL *ssl, int version); +\& int SSL_set_max_proto_version(SSL *ssl, int version); +\& int SSL_get_min_proto_version(SSL *ssl); +\& int SSL_get_max_proto_version(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The functions get or set the minimum and maximum supported protocol versions +for the \fBctx\fR or \fBssl\fR. +This works in combination with the options set via +\&\fISSL_CTX_set_options\fR\|(3) that also make it possible to disable +specific protocol versions. +Use these functions instead of disabling specific protocol versions. +.PP +Setting the minimum or maximum version to 0, will enable protocol +versions down to the lowest version, or up to the highest version +supported by the library, respectively. +.PP +Getters return 0 in case \fBctx\fR or \fBssl\fR have been configured to +automatically use the lowest or highest version supported by the library. +.PP +Currently supported versions are \fB\s-1SSL3_VERSION\s0\fR, \fB\s-1TLS1_VERSION\s0\fR, +\&\fB\s-1TLS1_1_VERSION\s0\fR, \fB\s-1TLS1_2_VERSION\s0\fR, \fB\s-1TLS1_3_VERSION\s0\fR for \s-1TLS\s0 and +\&\fB\s-1DTLS1_VERSION\s0\fR, \fB\s-1DTLS1_2_VERSION\s0\fR for \s-1DTLS\s0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These setter functions return 1 on success and 0 on failure. The getter +functions return the configured version or 0 for auto-configuration of +lowest or highest protocol, respectively. +.SH "NOTES" +.IX Header "NOTES" +All these functions are implemented using macros. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_CTX_set_options\fR\|(3), \fISSL_CONF_cmd\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The setter functions were added in OpenSSL 1.1.0. The getter functions +were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CTX_set_mode.3 b/linux_amd64/share/man/man3/SSL_CTX_set_mode.3 new file mode 100755 index 0000000..7cc2a9b --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CTX_set_mode.3 @@ -0,0 +1,273 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_MODE 3" +.TH SSL_CTX_SET_MODE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_mode, SSL_CTX_clear_mode, SSL_set_mode, SSL_clear_mode, SSL_CTX_get_mode, SSL_get_mode \- manipulate SSL engine mode +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_set_mode(SSL_CTX *ctx, long mode); +\& long SSL_CTX_clear_mode(SSL_CTX *ctx, long mode); +\& long SSL_set_mode(SSL *ssl, long mode); +\& long SSL_clear_mode(SSL *ssl, long mode); +\& +\& long SSL_CTX_get_mode(SSL_CTX *ctx); +\& long SSL_get_mode(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_mode()\fR adds the mode set via bit-mask in \fBmode\fR to \fBctx\fR. +Options already set before are not cleared. +\&\fISSL_CTX_clear_mode()\fR removes the mode set via bit-mask in \fBmode\fR from \fBctx\fR. +.PP +\&\fISSL_set_mode()\fR adds the mode set via bit-mask in \fBmode\fR to \fBssl\fR. +Options already set before are not cleared. +\&\fISSL_clear_mode()\fR removes the mode set via bit-mask in \fBmode\fR from \fBssl\fR. +.PP +\&\fISSL_CTX_get_mode()\fR returns the mode set for \fBctx\fR. +.PP +\&\fISSL_get_mode()\fR returns the mode set for \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +The following mode changes are available: +.IP "\s-1SSL_MODE_ENABLE_PARTIAL_WRITE\s0" 4 +.IX Item "SSL_MODE_ENABLE_PARTIAL_WRITE" +Allow SSL_write_ex(..., n, &r) to return with 0 < r < n (i.e. report success +when just a single record has been written). This works in a similar way for +\&\fISSL_write()\fR. When not set (the default), \fISSL_write_ex()\fR or \fISSL_write()\fR will only +report success once the complete chunk was written. Once \fISSL_write_ex()\fR or +\&\fISSL_write()\fR returns successful, \fBr\fR bytes have been written and the next call +to \fISSL_write_ex()\fR or \fISSL_write()\fR must only send the n\-r bytes left, imitating +the behaviour of \fIwrite()\fR. +.IP "\s-1SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER\s0" 4 +.IX Item "SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER" +Make it possible to retry \fISSL_write_ex()\fR or \fISSL_write()\fR with changed buffer +location (the buffer contents must stay the same). This is not the default to +avoid the misconception that non-blocking \fISSL_write()\fR behaves like +non-blocking \fIwrite()\fR. +.IP "\s-1SSL_MODE_AUTO_RETRY\s0" 4 +.IX Item "SSL_MODE_AUTO_RETRY" +During normal operations, non-application data records might need to be sent or +received that the application is not aware of. +If a non-application data record was processed, +\&\fISSL_read_ex\fR\|(3) and \fISSL_read\fR\|(3) can return with a failure and indicate the +need to retry with \fB\s-1SSL_ERROR_WANT_READ\s0\fR. +If such a non-application data record was processed, the flag +\&\fB\s-1SSL_MODE_AUTO_RETRY\s0\fR causes it to try to process the next record instead of +returning. +.Sp +In a non-blocking environment applications must be prepared to handle +incomplete read/write operations. +Setting \fB\s-1SSL_MODE_AUTO_RETRY\s0\fR for a non-blocking \fB\s-1BIO\s0\fR will process +non-application data records until either no more data is available or +an application data record has been processed. +.Sp +In a blocking environment, applications are not always prepared to +deal with the functions returning intermediate reports such as retry +requests, and setting the \fB\s-1SSL_MODE_AUTO_RETRY\s0\fR flag will cause the functions +to only return after successfully processing an application data record or a +failure. +.Sp +Turning off \fB\s-1SSL_MODE_AUTO_RETRY\s0\fR can be useful with blocking \fB\s-1BIO\s0\fRs in case +they are used in combination with something like \fIselect()\fR or \fIpoll()\fR. +Otherwise the call to \fISSL_read()\fR or \fISSL_read_ex()\fR might hang when a +non-application record was sent and no application data was sent. +.IP "\s-1SSL_MODE_RELEASE_BUFFERS\s0" 4 +.IX Item "SSL_MODE_RELEASE_BUFFERS" +When we no longer need a read buffer or a write buffer for a given \s-1SSL\s0, +then release the memory we were using to hold it. +Using this flag can +save around 34k per idle \s-1SSL\s0 connection. +This flag has no effect on \s-1SSL\s0 v2 connections, or on \s-1DTLS\s0 connections. +.IP "\s-1SSL_MODE_SEND_FALLBACK_SCSV\s0" 4 +.IX Item "SSL_MODE_SEND_FALLBACK_SCSV" +Send \s-1TLS_FALLBACK_SCSV\s0 in the ClientHello. +To be set only by applications that reconnect with a downgraded protocol +version; see draft\-ietf\-tls\-downgrade\-scsv\-00 for details. +.Sp +\&\s-1DO\s0 \s-1NOT\s0 \s-1ENABLE\s0 \s-1THIS\s0 if your application attempts a normal handshake. +Only use this in explicit fallback retries, following the guidance +in draft\-ietf\-tls\-downgrade\-scsv\-00. +.IP "\s-1SSL_MODE_ASYNC\s0" 4 +.IX Item "SSL_MODE_ASYNC" +Enable asynchronous processing. \s-1TLS\s0 I/O operations may indicate a retry with +\&\s-1SSL_ERROR_WANT_ASYNC\s0 with this mode set if an asynchronous capable engine is +used to perform cryptographic operations. See \fISSL_get_error\fR\|(3). +.IP "\s-1SSL_MODE_NO_KTLS_TX\s0" 4 +.IX Item "SSL_MODE_NO_KTLS_TX" +Disable the use of the kernel \s-1TLS\s0 egress data-path. +By default kernel \s-1TLS\s0 is enabled if it is supported by the negotiated ciphersuites +and extensions and OpenSSL has been compiled with support for it. +The kernel \s-1TLS\s0 data-path implements the record layer, +and the crypto algorithm. The kernel will utilize the best hardware +available for crypto. Using the kernel data-path should reduce the memory +footprint of OpenSSL because no buffering is required. Also, the throughput +should improve because data copy is avoided when user data is encrypted into +kernel memory instead of the usual encrypt than copy to kernel. +.Sp +Kernel \s-1TLS\s0 might not support all the features of OpenSSL. For instance, +renegotiation, and setting the maximum fragment size is not possible as of +Linux 4.20. +.IP "\s-1SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG\s0" 4 +.IX Item "SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG" +Older versions of OpenSSL had a bug in the computation of the label length +used for computing the endpoint-pair shared secret. The bug was that the +terminating zero was included in the length of the label. Setting this option +enables this behaviour to allow interoperability with such broken +implementations. Please note that setting this option breaks interoperability +with correct implementations. This option only applies to \s-1DTLS\s0 over \s-1SCTP\s0. +.PP +All modes are off by default except for \s-1SSL_MODE_AUTO_RETRY\s0 which is on by +default since 1.1.1. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_mode()\fR and \fISSL_set_mode()\fR return the new mode bit-mask +after adding \fBmode\fR. +.PP +\&\fISSL_CTX_get_mode()\fR and \fISSL_get_mode()\fR return the current bit-mask. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_read_ex\fR\|(3), \fISSL_read\fR\|(3), \fISSL_write_ex\fR\|(3) or +\&\fISSL_write\fR\|(3), \fISSL_get_error\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1SSL_MODE_ASYNC\s0 was added in OpenSSL 1.1.0. +\&\s-1SSL_MODE_NO_KTLS_TX\s0 was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CTX_set_msg_callback.3 b/linux_amd64/share/man/man3/SSL_CTX_set_msg_callback.3 new file mode 100755 index 0000000..a3cf35f --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CTX_set_msg_callback.3 @@ -0,0 +1,247 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_MSG_CALLBACK 3" +.TH SSL_CTX_SET_MSG_CALLBACK 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_msg_callback, +SSL_CTX_set_msg_callback_arg, +SSL_set_msg_callback, +SSL_set_msg_callback_arg +\&\- install callback for observing protocol messages +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_set_msg_callback(SSL_CTX *ctx, +\& void (*cb)(int write_p, int version, +\& int content_type, const void *buf, +\& size_t len, SSL *ssl, void *arg)); +\& void SSL_CTX_set_msg_callback_arg(SSL_CTX *ctx, void *arg); +\& +\& void SSL_set_msg_callback(SSL *ssl, +\& void (*cb)(int write_p, int version, +\& int content_type, const void *buf, +\& size_t len, SSL *ssl, void *arg)); +\& void SSL_set_msg_callback_arg(SSL *ssl, void *arg); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_msg_callback()\fR or \fISSL_set_msg_callback()\fR can be used to +define a message callback function \fIcb\fR for observing all \s-1SSL/TLS\s0 +protocol messages (such as handshake messages) that are received or +sent, as well as other events that occur during processing. +\&\fISSL_CTX_set_msg_callback_arg()\fR and \fISSL_set_msg_callback_arg()\fR +can be used to set argument \fIarg\fR to the callback function, which is +available for arbitrary application use. +.PP +\&\fISSL_CTX_set_msg_callback()\fR and \fISSL_CTX_set_msg_callback_arg()\fR specify +default settings that will be copied to new \fB\s-1SSL\s0\fR objects by +\&\fISSL_new\fR\|(3). \fISSL_set_msg_callback()\fR and +\&\fISSL_set_msg_callback_arg()\fR modify the actual settings of an \fB\s-1SSL\s0\fR +object. Using a \fB\s-1NULL\s0\fR pointer for \fIcb\fR disables the message callback. +.PP +When \fIcb\fR is called by the \s-1SSL/TLS\s0 library the function arguments have the +following meaning: +.IP "\fIwrite_p\fR" 4 +.IX Item "write_p" +This flag is \fB0\fR when a protocol message has been received and \fB1\fR +when a protocol message has been sent. +.IP "\fIversion\fR" 4 +.IX Item "version" +The protocol version according to which the protocol message is +interpreted by the library such as \fB\s-1TLS1_3_VERSION\s0\fR, \fB\s-1TLS1_2_VERSION\s0\fR etc. +This is set to 0 for the \s-1SSL3_RT_HEADER\s0 pseudo content type (see \s-1NOTES\s0 below). +.IP "\fIcontent_type\fR" 4 +.IX Item "content_type" +This is one of the content type values defined in the protocol specification +(\fB\s-1SSL3_RT_CHANGE_CIPHER_SPEC\s0\fR, \fB\s-1SSL3_RT_ALERT\s0\fR, \fB\s-1SSL3_RT_HANDSHAKE\s0\fR; but never +\&\fB\s-1SSL3_RT_APPLICATION_DATA\s0\fR because the callback will only be called for protocol +messages). Alternatively it may be a \*(L"pseudo\*(R" content type. These pseudo +content types are used to signal some other event in the processing of data (see +\&\s-1NOTES\s0 below). +.IP "\fIbuf\fR, \fIlen\fR" 4 +.IX Item "buf, len" +\&\fIbuf\fR points to a buffer containing the protocol message or other data (in the +case of pseudo content types), which consists of \fIlen\fR bytes. The buffer is no +longer valid after the callback function has returned. +.IP "\fIssl\fR" 4 +.IX Item "ssl" +The \fB\s-1SSL\s0\fR object that received or sent the message. +.IP "\fIarg\fR" 4 +.IX Item "arg" +The user-defined argument optionally defined by +\&\fISSL_CTX_set_msg_callback_arg()\fR or \fISSL_set_msg_callback_arg()\fR. +.SH "NOTES" +.IX Header "NOTES" +Protocol messages are passed to the callback function after decryption +and fragment collection where applicable. (Thus record boundaries are +not visible.) +.PP +If processing a received protocol message results in an error, +the callback function may not be called. For example, the callback +function will never see messages that are considered too large to be +processed. +.PP +Due to automatic protocol version negotiation, \fIversion\fR is not +necessarily the protocol version used by the sender of the message: If +a \s-1TLS\s0 1.0 ClientHello message is received by an \s-1SSL\s0 3.0\-only server, +\&\fIversion\fR will be \fB\s-1SSL3_VERSION\s0\fR. +.PP +Pseudo content type values may be sent at various points during the processing +of data. The following pseudo content types are currently defined: +.IP "\fB\s-1SSL3_RT_HEADER\s0\fR" 4 +.IX Item "SSL3_RT_HEADER" +Used when a record is sent or received. The \fBbuf\fR contains the record header +bytes only. +.IP "\fB\s-1SSL3_RT_INNER_CONTENT_TYPE\s0\fR" 4 +.IX Item "SSL3_RT_INNER_CONTENT_TYPE" +Used when an encrypted TLSv1.3 record is sent or received. In encrypted TLSv1.3 +records the content type in the record header is always +\&\s-1SSL3_RT_APPLICATION_DATA\s0. The real content type for the record is contained in +an \*(L"inner\*(R" content type. \fBbuf\fR contains the encoded \*(L"inner\*(R" content type byte. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_msg_callback()\fR, \fISSL_CTX_set_msg_callback_arg()\fR, \fISSL_set_msg_callback()\fR +and \fISSL_set_msg_callback_arg()\fR do not return values. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The pseudo content type \fB\s-1SSL3_RT_INNER_CONTENT_TYPE\s0\fR was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CTX_set_num_tickets.3 b/linux_amd64/share/man/man3/SSL_CTX_set_num_tickets.3 new file mode 100755 index 0000000..bb1bced --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CTX_set_num_tickets.3 @@ -0,0 +1,194 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_NUM_TICKETS 3" +.TH SSL_CTX_SET_NUM_TICKETS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_set_num_tickets, +SSL_get_num_tickets, +SSL_CTX_set_num_tickets, +SSL_CTX_get_num_tickets +\&\- control the number of TLSv1.3 session tickets that are issued +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_set_num_tickets(SSL *s, size_t num_tickets); +\& size_t SSL_get_num_tickets(SSL *s); +\& int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets); +\& size_t SSL_CTX_get_num_tickets(SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_num_tickets()\fR and \fISSL_set_num_tickets()\fR can be called for a server +application and set the number of TLSv1.3 session tickets that will be sent to +the client after a full handshake. Set the desired value (which could be 0) in +the \fBnum_tickets\fR argument. Typically these functions should be called before +the start of the handshake. +.PP +The default number of tickets is 2; the default number of tickets sent following +a resumption handshake is 1 but this cannot be changed using these functions. +The number of tickets following a resumption handshake can be reduced to 0 using +custom session ticket callbacks (see \fISSL_CTX_set_session_ticket_cb\fR\|(3)). +.PP +Tickets are also issued on receipt of a post-handshake certificate from the +client following a request by the server using +\&\fISSL_verify_client_post_handshake\fR\|(3). These new tickets will be associated +with the updated client identity (i.e. including their certificate and +verification status). The number of tickets issued will normally be the same as +was used for the initial handshake. If the initial handshake was a full +handshake then \fISSL_set_num_tickets()\fR can be called again prior to calling +\&\fISSL_verify_client_post_handshake()\fR to update the number of tickets that will be +sent. +.PP +\&\fISSL_CTX_get_num_tickets()\fR and \fISSL_get_num_tickets()\fR return the number of +tickets set by a previous call to \fISSL_CTX_set_num_tickets()\fR or +\&\fISSL_set_num_tickets()\fR, or 2 if no such call has been made. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_num_tickets()\fR and \fISSL_set_num_tickets()\fR return 1 on success or 0 on +failure. +.PP +\&\fISSL_CTX_get_num_tickets()\fR and \fISSL_get_num_tickets()\fR return the number of tickets +that have been previously set. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CTX_set_options.3 b/linux_amd64/share/man/man3/SSL_CTX_set_options.3 new file mode 100755 index 0000000..5a9d110 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CTX_set_options.3 @@ -0,0 +1,473 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_OPTIONS 3" +.TH SSL_CTX_SET_OPTIONS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_options, SSL_set_options, SSL_CTX_clear_options, +SSL_clear_options, SSL_CTX_get_options, SSL_get_options, +SSL_get_secure_renegotiation_support \- manipulate SSL options +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_set_options(SSL_CTX *ctx, long options); +\& long SSL_set_options(SSL *ssl, long options); +\& +\& long SSL_CTX_clear_options(SSL_CTX *ctx, long options); +\& long SSL_clear_options(SSL *ssl, long options); +\& +\& long SSL_CTX_get_options(SSL_CTX *ctx); +\& long SSL_get_options(SSL *ssl); +\& +\& long SSL_get_secure_renegotiation_support(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_options()\fR adds the options set via bit-mask in \fBoptions\fR to \fBctx\fR. +Options already set before are not cleared! +.PP +\&\fISSL_set_options()\fR adds the options set via bit-mask in \fBoptions\fR to \fBssl\fR. +Options already set before are not cleared! +.PP +\&\fISSL_CTX_clear_options()\fR clears the options set via bit-mask in \fBoptions\fR +to \fBctx\fR. +.PP +\&\fISSL_clear_options()\fR clears the options set via bit-mask in \fBoptions\fR to \fBssl\fR. +.PP +\&\fISSL_CTX_get_options()\fR returns the options set for \fBctx\fR. +.PP +\&\fISSL_get_options()\fR returns the options set for \fBssl\fR. +.PP +\&\fISSL_get_secure_renegotiation_support()\fR indicates whether the peer supports +secure renegotiation. +Note, this is implemented via a macro. +.SH "NOTES" +.IX Header "NOTES" +The behaviour of the \s-1SSL\s0 library can be changed by setting several options. +The options are coded as bit-masks and can be combined by a bitwise \fBor\fR +operation (|). +.PP +\&\fISSL_CTX_set_options()\fR and \fISSL_set_options()\fR affect the (external) +protocol behaviour of the \s-1SSL\s0 library. The (internal) behaviour of +the \s-1API\s0 can be changed by using the similar +\&\fISSL_CTX_set_mode\fR\|(3) and \fISSL_set_mode()\fR functions. +.PP +During a handshake, the option settings of the \s-1SSL\s0 object are used. When +a new \s-1SSL\s0 object is created from a context using \fISSL_new()\fR, the current +option setting is copied. Changes to \fBctx\fR do not affect already created +\&\s-1SSL\s0 objects. \fISSL_clear()\fR does not affect the settings. +.PP +The following \fBbug workaround\fR options are available: +.IP "\s-1SSL_OP_SAFARI_ECDHE_ECDSA_BUG\s0" 4 +.IX Item "SSL_OP_SAFARI_ECDHE_ECDSA_BUG" +Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on \s-1OS\s0 X. +\&\s-1OS\s0 X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers. +.IP "\s-1SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS\s0" 4 +.IX Item "SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS" +Disables a countermeasure against a \s-1SSL\s0 3.0/TLS 1.0 protocol +vulnerability affecting \s-1CBC\s0 ciphers, which cannot be handled by some +broken \s-1SSL\s0 implementations. This option has no effect for connections +using other ciphers. +.IP "\s-1SSL_OP_TLSEXT_PADDING\s0" 4 +.IX Item "SSL_OP_TLSEXT_PADDING" +Adds a padding extension to ensure the ClientHello size is never between +256 and 511 bytes in length. This is needed as a workaround for some +implementations. +.IP "\s-1SSL_OP_ALL\s0" 4 +.IX Item "SSL_OP_ALL" +All of the above bug workarounds plus \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR as +mentioned below. +.PP +It is usually safe to use \fB\s-1SSL_OP_ALL\s0\fR to enable the bug workaround +options if compatibility with somewhat broken implementations is +desired. +.PP +The following \fBmodifying\fR options are available: +.IP "\s-1SSL_OP_TLS_ROLLBACK_BUG\s0" 4 +.IX Item "SSL_OP_TLS_ROLLBACK_BUG" +Disable version rollback attack detection. +.Sp +During the client key exchange, the client must send the same information +about acceptable \s-1SSL/TLS\s0 protocol levels as during the first hello. Some +clients violate this rule by adapting to the server's answer. (Example: +the client sends a SSLv2 hello and accepts up to SSLv3.1=TLSv1, the server +only understands up to SSLv3. In this case the client must still use the +same SSLv3.1=TLSv1 announcement. Some clients step down to SSLv3 with respect +to the server's answer and violate the version rollback protection.) +.IP "\s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0" 4 +.IX Item "SSL_OP_CIPHER_SERVER_PREFERENCE" +When choosing a cipher, use the server's preferences instead of the client +preferences. When not set, the \s-1SSL\s0 server will always follow the clients +preferences. When set, the \s-1SSL/TLS\s0 server will choose following its +own preferences. +.IP "SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1, SSL_OP_NO_TLSv1_2, SSL_OP_NO_TLSv1_3, SSL_OP_NO_DTLSv1, SSL_OP_NO_DTLSv1_2" 4 +.IX Item "SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1, SSL_OP_NO_TLSv1_2, SSL_OP_NO_TLSv1_3, SSL_OP_NO_DTLSv1, SSL_OP_NO_DTLSv1_2" +These options turn off the SSLv3, TLSv1, TLSv1.1, TLSv1.2 or TLSv1.3 protocol +versions with \s-1TLS\s0 or the DTLSv1, DTLSv1.2 versions with \s-1DTLS\s0, +respectively. +As of OpenSSL 1.1.0, these options are deprecated, use +\&\fISSL_CTX_set_min_proto_version\fR\|(3) and +\&\fISSL_CTX_set_max_proto_version\fR\|(3) instead. +.IP "\s-1SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION\s0" 4 +.IX Item "SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION" +When performing renegotiation as a server, always start a new session +(i.e., session resumption requests are only accepted in the initial +handshake). This option is not needed for clients. +.IP "\s-1SSL_OP_NO_COMPRESSION\s0" 4 +.IX Item "SSL_OP_NO_COMPRESSION" +Do not use compression even if it is supported. +.IP "\s-1SSL_OP_NO_QUERY_MTU\s0" 4 +.IX Item "SSL_OP_NO_QUERY_MTU" +Do not query the \s-1MTU\s0. Only affects \s-1DTLS\s0 connections. +.IP "\s-1SSL_OP_COOKIE_EXCHANGE\s0" 4 +.IX Item "SSL_OP_COOKIE_EXCHANGE" +Turn on Cookie Exchange as described in \s-1RFC4347\s0 Section 4.2.1. Only affects +\&\s-1DTLS\s0 connections. +.IP "\s-1SSL_OP_NO_TICKET\s0" 4 +.IX Item "SSL_OP_NO_TICKET" +\&\s-1SSL/TLS\s0 supports two mechanisms for resuming sessions: session ids and stateless +session tickets. +.Sp +When using session ids a copy of the session information is +cached on the server and a unique id is sent to the client. When the client +wishes to resume it provides the unique id so that the server can retrieve the +session information from its cache. +.Sp +When using stateless session tickets the server uses a session ticket encryption +key to encrypt the session information. This encrypted data is sent to the +client as a \*(L"ticket\*(R". When the client wishes to resume it sends the encrypted +data back to the server. The server uses its key to decrypt the data and resume +the session. In this way the server can operate statelessly \- no session +information needs to be cached locally. +.Sp +The TLSv1.3 protocol only supports tickets and does not directly support session +ids. However OpenSSL allows two modes of ticket operation in TLSv1.3: stateful +and stateless. Stateless tickets work the same way as in TLSv1.2 and below. +Stateful tickets mimic the session id behaviour available in TLSv1.2 and below. +The session information is cached on the server and the session id is wrapped up +in a ticket and sent back to the client. When the client wishes to resume, it +presents a ticket in the same way as for stateless tickets. The server can then +extract the session id from the ticket and retrieve the session information from +its cache. +.Sp +By default OpenSSL will use stateless tickets. The \s-1SSL_OP_NO_TICKET\s0 option will +cause stateless tickets to not be issued. In TLSv1.2 and below this means no +ticket gets sent to the client at all. In TLSv1.3 a stateful ticket will be +sent. This is a server-side option only. +.Sp +In TLSv1.3 it is possible to suppress all tickets (stateful and stateless) from +being sent by calling \fISSL_CTX_set_num_tickets\fR\|(3) or +\&\fISSL_set_num_tickets\fR\|(3). +.IP "\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0" 4 +.IX Item "SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION" +Allow legacy insecure renegotiation between OpenSSL and unpatched clients or +servers. See the \fB\s-1SECURE\s0 \s-1RENEGOTIATION\s0\fR section for more details. +.IP "\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0" 4 +.IX Item "SSL_OP_LEGACY_SERVER_CONNECT" +Allow legacy insecure renegotiation between OpenSSL and unpatched servers +\&\fBonly\fR: this option is currently set by default. See the +\&\fB\s-1SECURE\s0 \s-1RENEGOTIATION\s0\fR section for more details. +.IP "\s-1SSL_OP_NO_ENCRYPT_THEN_MAC\s0" 4 +.IX Item "SSL_OP_NO_ENCRYPT_THEN_MAC" +Normally clients and servers will transparently attempt to negotiate the +\&\s-1RFC7366\s0 Encrypt-then-MAC option on \s-1TLS\s0 and \s-1DTLS\s0 connection. +.Sp +If this option is set, Encrypt-then-MAC is disabled. Clients will not +propose, and servers will not accept the extension. +.IP "\s-1SSL_OP_NO_EXTENDED_MASTER_SECRET\s0" 4 +.IX Item "SSL_OP_NO_EXTENDED_MASTER_SECRET" +Normally clients and servers will transparently attempt to negotiate the +\&\s-1RFC7627\s0 Extended Master Secret option on \s-1TLS\s0 and \s-1DTLS\s0 connection. +.Sp +If this option is set, Extended Master Secret is disabled. Clients will +not propose, and servers will not accept the extension. +.IP "\s-1SSL_OP_NO_RENEGOTIATION\s0" 4 +.IX Item "SSL_OP_NO_RENEGOTIATION" +Disable all renegotiation in TLSv1.2 and earlier. Do not send HelloRequest +messages, and ignore renegotiation requests via ClientHello. +.IP "\s-1SSL_OP_ALLOW_NO_DHE_KEX\s0" 4 +.IX Item "SSL_OP_ALLOW_NO_DHE_KEX" +In TLSv1.3 allow a non\-(ec)dhe based key exchange mode on resumption. This means +that there will be no forward secrecy for the resumed session. +.IP "\s-1SSL_OP_PRIORITIZE_CHACHA\s0" 4 +.IX Item "SSL_OP_PRIORITIZE_CHACHA" +When \s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0 is set, temporarily reprioritize +ChaCha20\-Poly1305 ciphers to the top of the server cipher list if a +ChaCha20\-Poly1305 cipher is at the top of the client cipher list. This helps +those clients (e.g. mobile) use ChaCha20\-Poly1305 if that cipher is anywhere +in the server cipher list; but still allows other clients to use \s-1AES\s0 and other +ciphers. Requires \fB\s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0\fR. +.IP "\s-1SSL_OP_ENABLE_MIDDLEBOX_COMPAT\s0" 4 +.IX Item "SSL_OP_ENABLE_MIDDLEBOX_COMPAT" +If set then dummy Change Cipher Spec (\s-1CCS\s0) messages are sent in TLSv1.3. This +has the effect of making TLSv1.3 look more like TLSv1.2 so that middleboxes that +do not understand TLSv1.3 will not drop the connection. Regardless of whether +this option is set or not \s-1CCS\s0 messages received from the peer will always be +ignored in TLSv1.3. This option is set by default. To switch it off use +\&\fISSL_clear_options()\fR. A future version of OpenSSL may not set this by default. +.IP "\s-1SSL_OP_NO_ANTI_REPLAY\s0" 4 +.IX Item "SSL_OP_NO_ANTI_REPLAY" +By default, when a server is configured for early data (i.e., max_early_data > 0), +OpenSSL will switch on replay protection. See \fISSL_read_early_data\fR\|(3) for a +description of the replay protection feature. Anti-replay measures are required +to comply with the TLSv1.3 specification. Some applications may be able to +mitigate the replay risks in other ways and in such cases the built in OpenSSL +functionality is not required. Those applications can turn this feature off by +setting this option. This is a server-side opton only. It is ignored by +clients. +.PP +The following options no longer have any effect but their identifiers are +retained for compatibility purposes: +.IP "\s-1SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG\s0" 4 +.IX Item "SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG" +.PD 0 +.IP "\s-1SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER\s0" 4 +.IX Item "SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER" +.IP "\s-1SSL_OP_SSLEAY_080_CLIENT_DH_BUG\s0" 4 +.IX Item "SSL_OP_SSLEAY_080_CLIENT_DH_BUG" +.IP "\s-1SSL_OP_TLS_D5_BUG\s0" 4 +.IX Item "SSL_OP_TLS_D5_BUG" +.IP "\s-1SSL_OP_TLS_BLOCK_PADDING_BUG\s0" 4 +.IX Item "SSL_OP_TLS_BLOCK_PADDING_BUG" +.IP "\s-1SSL_OP_MSIE_SSLV2_RSA_PADDING\s0" 4 +.IX Item "SSL_OP_MSIE_SSLV2_RSA_PADDING" +.IP "\s-1SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG\s0" 4 +.IX Item "SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG" +.IP "\s-1SSL_OP_MICROSOFT_SESS_ID_BUG\s0" 4 +.IX Item "SSL_OP_MICROSOFT_SESS_ID_BUG" +.IP "\s-1SSL_OP_NETSCAPE_CHALLENGE_BUG\s0" 4 +.IX Item "SSL_OP_NETSCAPE_CHALLENGE_BUG" +.IP "\s-1SSL_OP_PKCS1_CHECK_1\s0" 4 +.IX Item "SSL_OP_PKCS1_CHECK_1" +.IP "\s-1SSL_OP_PKCS1_CHECK_2\s0" 4 +.IX Item "SSL_OP_PKCS1_CHECK_2" +.IP "\s-1SSL_OP_SINGLE_DH_USE\s0" 4 +.IX Item "SSL_OP_SINGLE_DH_USE" +.IP "\s-1SSL_OP_SINGLE_ECDH_USE\s0" 4 +.IX Item "SSL_OP_SINGLE_ECDH_USE" +.IP "\s-1SSL_OP_EPHEMERAL_RSA\s0" 4 +.IX Item "SSL_OP_EPHEMERAL_RSA" +.PD +.SH "SECURE RENEGOTIATION" +.IX Header "SECURE RENEGOTIATION" +OpenSSL always attempts to use secure renegotiation as +described in \s-1RFC5746\s0. This counters the prefix attack described in +\&\s-1CVE\-2009\-3555\s0 and elsewhere. +.PP +This attack has far reaching consequences which application writers should be +aware of. In the description below an implementation supporting secure +renegotiation is referred to as \fIpatched\fR. A server not supporting secure +renegotiation is referred to as \fIunpatched\fR. +.PP +The following sections describe the operations permitted by OpenSSL's secure +renegotiation implementation. +.SS "Patched client and server" +.IX Subsection "Patched client and server" +Connections and renegotiation are always permitted by OpenSSL implementations. +.SS "Unpatched client and patched OpenSSL server" +.IX Subsection "Unpatched client and patched OpenSSL server" +The initial connection succeeds but client renegotiation is denied by the +server with a \fBno_renegotiation\fR warning alert if \s-1TLS\s0 v1.0 is used or a fatal +\&\fBhandshake_failure\fR alert in \s-1SSL\s0 v3.0. +.PP +If the patched OpenSSL server attempts to renegotiate a fatal +\&\fBhandshake_failure\fR alert is sent. This is because the server code may be +unaware of the unpatched nature of the client. +.PP +If the option \fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR is set then +renegotiation \fBalways\fR succeeds. +.SS "Patched OpenSSL client and unpatched server" +.IX Subsection "Patched OpenSSL client and unpatched server" +If the option \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR or +\&\fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR is set then initial connections +and renegotiation between patched OpenSSL clients and unpatched servers +succeeds. If neither option is set then initial connections to unpatched +servers will fail. +.PP +The option \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR is currently set by default even +though it has security implications: otherwise it would be impossible to +connect to unpatched servers (i.e. all of them initially) and this is clearly +not acceptable. Renegotiation is permitted because this does not add any +additional security issues: during an attack clients do not see any +renegotiations anyway. +.PP +As more servers become patched the option \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR will +\&\fBnot\fR be set by default in a future version of OpenSSL. +.PP +OpenSSL client applications wishing to ensure they can connect to unpatched +servers should always \fBset\fR \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR +.PP +OpenSSL client applications that want to ensure they can \fBnot\fR connect to +unpatched servers (and thus avoid any security issues) should always \fBclear\fR +\&\fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR using \fISSL_CTX_clear_options()\fR or +\&\fISSL_clear_options()\fR. +.PP +The difference between the \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR and +\&\fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR options is that +\&\fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR enables initial connections and secure +renegotiation between OpenSSL clients and unpatched servers \fBonly\fR, while +\&\fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR allows initial connections +and renegotiation between OpenSSL and unpatched clients or servers. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_options()\fR and \fISSL_set_options()\fR return the new options bit-mask +after adding \fBoptions\fR. +.PP +\&\fISSL_CTX_clear_options()\fR and \fISSL_clear_options()\fR return the new options bit-mask +after clearing \fBoptions\fR. +.PP +\&\fISSL_CTX_get_options()\fR and \fISSL_get_options()\fR return the current bit-mask. +.PP +\&\fISSL_get_secure_renegotiation_support()\fR returns 1 is the peer supports +secure renegotiation and 0 if it does not. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_new\fR\|(3), \fISSL_clear\fR\|(3), +\&\fISSL_CTX_set_tmp_dh_callback\fR\|(3), +\&\fISSL_CTX_set_min_proto_version\fR\|(3), +\&\fIopenssl\-dhparam\fR\|(1) +.SH "HISTORY" +.IX Header "HISTORY" +The attempt to always try to use secure renegotiation was added in +OpenSSL 0.9.8m. +.PP +The \fB\s-1SSL_OP_PRIORITIZE_CHACHA\s0\fR and \fB\s-1SSL_OP_NO_RENEGOTIATION\s0\fR options +were added in OpenSSL 1.1.1. +.PP +The \fB\s-1SSL_OP_NO_EXTENDED_MASTER_SECRET\s0\fR option was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CTX_set_psk_client_callback.3 b/linux_amd64/share/man/man3/SSL_CTX_set_psk_client_callback.3 new file mode 100755 index 0000000..b98fb61 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CTX_set_psk_client_callback.3 @@ -0,0 +1,290 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_PSK_CLIENT_CALLBACK 3" +.TH SSL_CTX_SET_PSK_CLIENT_CALLBACK 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_psk_client_cb_func, +SSL_psk_use_session_cb_func, +SSL_CTX_set_psk_client_callback, +SSL_set_psk_client_callback, +SSL_CTX_set_psk_use_session_callback, +SSL_set_psk_use_session_callback +\&\- set PSK client callback +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef int (*SSL_psk_use_session_cb_func)(SSL *ssl, const EVP_MD *md, +\& const unsigned char **id, +\& size_t *idlen, +\& SSL_SESSION **sess); +\& +\& +\& void SSL_CTX_set_psk_use_session_callback(SSL_CTX *ctx, +\& SSL_psk_use_session_cb_func cb); +\& void SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb); +\& +\& +\& typedef unsigned int (*SSL_psk_client_cb_func)(SSL *ssl, +\& const char *hint, +\& char *identity, +\& unsigned int max_identity_len, +\& unsigned char *psk, +\& unsigned int max_psk_len); +\& +\& void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, SSL_psk_client_cb_func cb); +\& void SSL_set_psk_client_callback(SSL *ssl, SSL_psk_client_cb_func cb); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A client application wishing to use TLSv1.3 PSKs should use either +\&\fISSL_CTX_set_psk_use_session_callback()\fR or \fISSL_set_psk_use_session_callback()\fR as +appropriate. These functions cannot be used for TLSv1.2 and below PSKs. +.PP +The callback function is given a pointer to the \s-1SSL\s0 connection in \fBssl\fR. +.PP +The first time the callback is called for a connection the \fBmd\fR parameter is +\&\s-1NULL\s0. In some circumstances the callback will be called a second time. In that +case the server will have specified a ciphersuite to use already and the \s-1PSK\s0 +must be compatible with the digest for that ciphersuite. The digest will be +given in \fBmd\fR. The \s-1PSK\s0 returned by the callback is allowed to be different +between the first and second time it is called. +.PP +On successful completion the callback must store a pointer to an identifier for +the \s-1PSK\s0 in \fB*id\fR. The identifier length in bytes should be stored in \fB*idlen\fR. +The memory pointed to by \fB*id\fR remains owned by the application and should +be freed by it as required at any point after the handshake is complete. +.PP +Additionally the callback should store a pointer to an \s-1SSL_SESSION\s0 object in +\&\fB*sess\fR. This is used as the basis for the \s-1PSK\s0, and should, at a minimum, have +the following fields set: +.IP "The master key" 4 +.IX Item "The master key" +This can be set via a call to \fISSL_SESSION_set1_master_key\fR\|(3). +.IP "A ciphersuite" 4 +.IX Item "A ciphersuite" +Only the handshake digest associated with the ciphersuite is relevant for the +\&\s-1PSK\s0 (the server may go on to negotiate any ciphersuite which is compatible with +the digest). The application can use any TLSv1.3 ciphersuite. If \fBmd\fR is +not \s-1NULL\s0 the handshake digest for the ciphersuite should be the same. +The ciphersuite can be set via a call to <\fISSL_SESSION_set_cipher\fR\|(3)>. The +handshake digest of an \s-1SSL_CIPHER\s0 object can be checked using +<\fISSL_CIPHER_get_handshake_digest\fR\|(3)>. +.IP "The protocol version" 4 +.IX Item "The protocol version" +This can be set via a call to \fISSL_SESSION_set_protocol_version\fR\|(3) and should +be \s-1TLS1_3_VERSION\s0. +.PP +Additionally the maximum early data value should be set via a call to +\&\fISSL_SESSION_set_max_early_data\fR\|(3) if the \s-1PSK\s0 will be used for sending early +data. +.PP +Alternatively an \s-1SSL_SESSION\s0 created from a previous non-PSK handshake may also +be used as the basis for a \s-1PSK\s0. +.PP +Ownership of the \s-1SSL_SESSION\s0 object is passed to the OpenSSL library and so it +should not be freed by the application. +.PP +It is also possible for the callback to succeed but not supply a \s-1PSK\s0. In this +case no \s-1PSK\s0 will be sent to the server but the handshake will continue. To do +this the callback should return successfully and ensure that \fB*sess\fR is +\&\s-1NULL\s0. The contents of \fB*id\fR and \fB*idlen\fR will be ignored. +.PP +A client application wishing to use \s-1PSK\s0 ciphersuites for TLSv1.2 and below must +provide a different callback function. This function will be called when the +client is sending the ClientKeyExchange message to the server. +.PP +The purpose of the callback function is to select the \s-1PSK\s0 identity and +the pre-shared key to use during the connection setup phase. +.PP +The callback is set using functions \fISSL_CTX_set_psk_client_callback()\fR +or \fISSL_set_psk_client_callback()\fR. The callback function is given the +connection in parameter \fBssl\fR, a \fB\s-1NULL\s0\fR\-terminated \s-1PSK\s0 identity hint +sent by the server in parameter \fBhint\fR, a buffer \fBidentity\fR of +length \fBmax_identity_len\fR bytes where the resulting +\&\fB\s-1NUL\s0\fR\-terminated identity is to be stored, and a buffer \fBpsk\fR of +length \fBmax_psk_len\fR bytes where the resulting pre-shared key is to +be stored. +.PP +The callback for use in TLSv1.2 will also work in TLSv1.3 although it is +recommended to use \fISSL_CTX_set_psk_use_session_callback()\fR +or \fISSL_set_psk_use_session_callback()\fR for this purpose instead. If TLSv1.3 has +been negotiated then OpenSSL will first check to see if a callback has been set +via \fISSL_CTX_set_psk_use_session_callback()\fR or \fISSL_set_psk_use_session_callback()\fR +and it will use that in preference. If no such callback is present then it will +check to see if a callback has been set via \fISSL_CTX_set_psk_client_callback()\fR or +\&\fISSL_set_psk_client_callback()\fR and use that. In this case the \fBhint\fR value will +always be \s-1NULL\s0 and the handshake digest will default to \s-1SHA\-256\s0 for any returned +\&\s-1PSK\s0. +.SH "NOTES" +.IX Header "NOTES" +Note that parameter \fBhint\fR given to the callback may be \fB\s-1NULL\s0\fR. +.PP +A connection established via a TLSv1.3 \s-1PSK\s0 will appear as if session resumption +has occurred so that \fISSL_session_reused\fR\|(3) will return true. +.PP +There are no known security issues with sharing the same \s-1PSK\s0 between TLSv1.2 (or +below) and TLSv1.3. However the \s-1RFC\s0 has this note of caution: +.PP +\&\*(L"While there is no known way in which the same \s-1PSK\s0 might produce related output +in both versions, only limited analysis has been done. Implementations can +ensure safety from cross-protocol related output by not reusing PSKs between +\&\s-1TLS\s0 1.3 and \s-1TLS\s0 1.2.\*(R" +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Return values from the \fBSSL_psk_client_cb_func\fR callback are interpreted as +follows: +.PP +On success (callback found a \s-1PSK\s0 identity and a pre-shared key to use) +the length (> 0) of \fBpsk\fR in bytes is returned. +.PP +Otherwise or on errors the callback should return 0. In this case +the connection setup fails. +.PP +The SSL_psk_use_session_cb_func callback should return 1 on success or 0 on +failure. In the event of failure the connection setup fails. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_CTX_set_psk_find_session_callback\fR\|(3), +\&\fISSL_set_psk_find_session_callback\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fISSL_CTX_set_psk_use_session_callback()\fR and \fISSL_set_psk_use_session_callback()\fR +were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CTX_set_quiet_shutdown.3 b/linux_amd64/share/man/man3/SSL_CTX_set_quiet_shutdown.3 new file mode 100755 index 0000000..1d6a4a4 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CTX_set_quiet_shutdown.3 @@ -0,0 +1,194 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_QUIET_SHUTDOWN 3" +.TH SSL_CTX_SET_QUIET_SHUTDOWN 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_quiet_shutdown, SSL_CTX_get_quiet_shutdown, SSL_set_quiet_shutdown, SSL_get_quiet_shutdown \- manipulate shutdown behaviour +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode); +\& int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx); +\& +\& void SSL_set_quiet_shutdown(SSL *ssl, int mode); +\& int SSL_get_quiet_shutdown(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_quiet_shutdown()\fR sets the \*(L"quiet shutdown\*(R" flag for \fBctx\fR to be +\&\fBmode\fR. \s-1SSL\s0 objects created from \fBctx\fR inherit the \fBmode\fR valid at the time +\&\fISSL_new\fR\|(3) is called. \fBmode\fR may be 0 or 1. +.PP +\&\fISSL_CTX_get_quiet_shutdown()\fR returns the \*(L"quiet shutdown\*(R" setting of \fBctx\fR. +.PP +\&\fISSL_set_quiet_shutdown()\fR sets the \*(L"quiet shutdown\*(R" flag for \fBssl\fR to be +\&\fBmode\fR. The setting stays valid until \fBssl\fR is removed with +\&\fISSL_free\fR\|(3) or \fISSL_set_quiet_shutdown()\fR is called again. +It is not changed when \fISSL_clear\fR\|(3) is called. +\&\fBmode\fR may be 0 or 1. +.PP +\&\fISSL_get_quiet_shutdown()\fR returns the \*(L"quiet shutdown\*(R" setting of \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +Normally when a \s-1SSL\s0 connection is finished, the parties must send out +close_notify alert messages using \fISSL_shutdown\fR\|(3) +for a clean shutdown. +.PP +When setting the \*(L"quiet shutdown\*(R" flag to 1, \fISSL_shutdown\fR\|(3) +will set the internal flags to SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN. +(\fISSL_shutdown\fR\|(3) then behaves like +\&\fISSL_set_shutdown\fR\|(3) called with +SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN.) +The session is thus considered to be shutdown, but no close_notify alert +is sent to the peer. This behaviour violates the \s-1TLS\s0 standard. +.PP +The default is normal shutdown behaviour as described by the \s-1TLS\s0 standard. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_quiet_shutdown()\fR and \fISSL_set_quiet_shutdown()\fR do not return +diagnostic information. +.PP +\&\fISSL_CTX_get_quiet_shutdown()\fR and SSL_get_quiet_shutdown return the current +setting. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_shutdown\fR\|(3), +\&\fISSL_set_shutdown\fR\|(3), \fISSL_new\fR\|(3), +\&\fISSL_clear\fR\|(3), \fISSL_free\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CTX_set_read_ahead.3 b/linux_amd64/share/man/man3/SSL_CTX_set_read_ahead.3 new file mode 100755 index 0000000..a6c5e10 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CTX_set_read_ahead.3 @@ -0,0 +1,196 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_READ_AHEAD 3" +.TH SSL_CTX_SET_READ_AHEAD 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_read_ahead, SSL_CTX_get_read_ahead, +SSL_set_read_ahead, SSL_get_read_ahead, +SSL_CTX_get_default_read_ahead +\&\- manage whether to read as many input bytes as possible +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_set_read_ahead(SSL *s, int yes); +\& int SSL_get_read_ahead(const SSL *s); +\& +\& SSL_CTX_set_read_ahead(SSL_CTX *ctx, int yes); +\& long SSL_CTX_get_read_ahead(SSL_CTX *ctx); +\& long SSL_CTX_get_default_read_ahead(SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_read_ahead()\fR and \fISSL_set_read_ahead()\fR set whether we should read as +many input bytes as possible (for non-blocking reads) or not. For example if +\&\fBx\fR bytes are currently required by OpenSSL, but \fBy\fR bytes are available from +the underlying \s-1BIO\s0 (where \fBy\fR > \fBx\fR), then OpenSSL will read all \fBy\fR bytes +into its buffer (providing that the buffer is large enough) if reading ahead is +on, or \fBx\fR bytes otherwise. +Setting the parameter \fByes\fR to 0 turns reading ahead is off, other values turn +it on. +\&\fISSL_CTX_set_default_read_ahead()\fR is identical to \fISSL_CTX_set_read_ahead()\fR. +.PP +\&\fISSL_CTX_get_read_ahead()\fR and \fISSL_get_read_ahead()\fR indicate whether reading +ahead has been set or not. +\&\fISSL_CTX_get_default_read_ahead()\fR is identical to \fISSL_CTX_get_read_ahead()\fR. +.SH "NOTES" +.IX Header "NOTES" +These functions have no impact when used with \s-1DTLS\s0. The return values for +\&\fISSL_CTX_get_read_head()\fR and \fISSL_get_read_ahead()\fR are undefined for \s-1DTLS\s0. Setting +\&\fBread_ahead\fR can impact the behaviour of the \fISSL_pending()\fR function +(see \fISSL_pending\fR\|(3)). +.PP +Since \fISSL_read()\fR can return \fB\s-1SSL_ERROR_WANT_READ\s0\fR for non-application data +records, and \fISSL_has_pending()\fR can't tell the difference between processed and +unprocessed data, it's recommended that if read ahead is turned on that +\&\fB\s-1SSL_MODE_AUTO_RETRY\s0\fR is not turned off using \fISSL_CTX_clear_mode()\fR. +That will prevent getting \fB\s-1SSL_ERROR_WANT_READ\s0\fR when there is still a complete +record available that hasn't been processed. +.PP +If the application wants to continue to use the underlying transport (e.g. \s-1TCP\s0 +connection) after the \s-1SSL\s0 connection is finished using \fISSL_shutdown()\fR reading +ahead should be turned off. +Otherwise the \s-1SSL\s0 structure might read data that it shouldn't. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_get_read_ahead()\fR and \fISSL_CTX_get_read_ahead()\fR return 0 if reading ahead is off, +and non zero otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_pending\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CTX_set_record_padding_callback.3 b/linux_amd64/share/man/man3/SSL_CTX_set_record_padding_callback.3 new file mode 100755 index 0000000..912c490 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CTX_set_record_padding_callback.3 @@ -0,0 +1,217 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_RECORD_PADDING_CALLBACK 3" +.TH SSL_CTX_SET_RECORD_PADDING_CALLBACK 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_record_padding_callback, +SSL_set_record_padding_callback, +SSL_CTX_set_record_padding_callback_arg, +SSL_set_record_padding_callback_arg, +SSL_CTX_get_record_padding_callback_arg, +SSL_get_record_padding_callback_arg, +SSL_CTX_set_block_padding, +SSL_set_block_padding \- install callback to specify TLS 1.3 record padding +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx, size_t (*cb)(SSL *s, int type, size_t len, void *arg)); +\& void SSL_set_record_padding_callback(SSL *ssl, size_t (*cb)(SSL *s, int type, size_t len, void *arg)); +\& +\& void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg); +\& void *SSL_CTX_get_record_padding_callback_arg(const SSL_CTX *ctx); +\& +\& void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg); +\& void *SSL_get_record_padding_callback_arg(const SSL *ssl); +\& +\& int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size); +\& int SSL_set_block_padding(SSL *ssl, size_t block_size); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_record_padding_callback()\fR or \fISSL_set_record_padding_callback()\fR +can be used to assign a callback function \fIcb\fR to specify the padding +for \s-1TLS\s0 1.3 records. The value set in \fBctx\fR is copied to a new \s-1SSL\s0 by \fISSL_new()\fR. +.PP +\&\fISSL_CTX_set_record_padding_callback_arg()\fR and \fISSL_set_record_padding_callback_arg()\fR +assign a value \fBarg\fR that is passed to the callback when it is invoked. The value +set in \fBctx\fR is copied to a new \s-1SSL\s0 by \fISSL_new()\fR. +.PP +\&\fISSL_CTX_get_record_padding_callback_arg()\fR and \fISSL_get_record_padding_callback_arg()\fR +retrieve the \fBarg\fR value that is passed to the callback. +.PP +\&\fISSL_CTX_set_block_padding()\fR and \fISSL_set_block_padding()\fR pads the record to a multiple +of the \fBblock_size\fR. A \fBblock_size\fR of 0 or 1 disables block padding. The limit of +\&\fBblock_size\fR is \s-1SSL3_RT_MAX_PLAIN_LENGTH\s0. +.PP +The callback is invoked for every record before encryption. +The \fBtype\fR parameter is the \s-1TLS\s0 record type that is being processed; may be +one of \s-1SSL3_RT_APPLICATION_DATA\s0, \s-1SSL3_RT_HANDSHAKE\s0, or \s-1SSL3_RT_ALERT\s0. +The \fBlen\fR parameter is the current plaintext length of the record before encryption. +The \fBarg\fR parameter is the value set via \fISSL_CTX_set_record_padding_callback_arg()\fR +or \fISSL_set_record_padding_callback_arg()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The \fISSL_CTX_get_record_padding_callback_arg()\fR and \fISSL_get_record_padding_callback_arg()\fR +functions return the \fBarg\fR value assigned in the corresponding set functions. +.PP +The \fISSL_CTX_set_block_padding()\fR and \fISSL_set_block_padding()\fR functions return 1 on success +or 0 if \fBblock_size\fR is too large. +.PP +The \fBcb\fR returns the number of padding bytes to add to the record. A return of 0 +indicates no padding will be added. A return value that causes the record to +exceed the maximum record size (\s-1SSL3_RT_MAX_PLAIN_LENGTH\s0) will pad out to the +maximum record size. +.SH "NOTES" +.IX Header "NOTES" +The default behavior is to add no padding to the record. +.PP +A user-supplied padding callback function will override the behavior set by +\&\fISSL_set_block_padding()\fR or \fISSL_CTX_set_block_padding()\fR. Setting the user-supplied +callback to \s-1NULL\s0 will restore the configured block padding behavior. +.PP +These functions only apply to \s-1TLS\s0 1.3 records being written. +.PP +Padding bytes are not added in constant-time. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The record padding \s-1API\s0 was added for \s-1TLS\s0 1.3 support in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CTX_set_security_level.3 b/linux_amd64/share/man/man3/SSL_CTX_set_security_level.3 new file mode 100755 index 0000000..e04e8b3 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CTX_set_security_level.3 @@ -0,0 +1,303 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_SECURITY_LEVEL 3" +.TH SSL_CTX_SET_SECURITY_LEVEL 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_security_level, SSL_set_security_level, SSL_CTX_get_security_level, SSL_get_security_level, SSL_CTX_set_security_callback, SSL_set_security_callback, SSL_CTX_get_security_callback, SSL_get_security_callback, SSL_CTX_set0_security_ex_data, SSL_set0_security_ex_data, SSL_CTX_get0_security_ex_data, SSL_get0_security_ex_data \- SSL/TLS security framework +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_set_security_level(SSL_CTX *ctx, int level); +\& void SSL_set_security_level(SSL *s, int level); +\& +\& int SSL_CTX_get_security_level(const SSL_CTX *ctx); +\& int SSL_get_security_level(const SSL *s); +\& +\& void SSL_CTX_set_security_callback(SSL_CTX *ctx, +\& int (*cb)(SSL *s, SSL_CTX *ctx, int op, +\& int bits, int nid, +\& void *other, void *ex)); +\& +\& void SSL_set_security_callback(SSL *s, int (*cb)(SSL *s, SSL_CTX *ctx, int op, +\& int bits, int nid, +\& void *other, void *ex)); +\& +\& int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx))(SSL *s, SSL_CTX *ctx, int op, +\& int bits, int nid, void *other, +\& void *ex); +\& int (*SSL_get_security_callback(const SSL *s))(SSL *s, SSL_CTX *ctx, int op, +\& int bits, int nid, void *other, +\& void *ex); +\& +\& void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex); +\& void SSL_set0_security_ex_data(SSL *s, void *ex); +\& +\& void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx); +\& void *SSL_get0_security_ex_data(const SSL *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The functions \fISSL_CTX_set_security_level()\fR and \fISSL_set_security_level()\fR set +the security level to \fBlevel\fR. If not set the library default security level +is used. +.PP +The functions \fISSL_CTX_get_security_level()\fR and \fISSL_get_security_level()\fR +retrieve the current security level. +.PP +\&\fISSL_CTX_set_security_callback()\fR, \fISSL_set_security_callback()\fR, +\&\fISSL_CTX_get_security_callback()\fR and \fISSL_get_security_callback()\fR get or set +the security callback associated with \fBctx\fR or \fBs\fR. If not set a default +security callback is used. The meaning of the parameters and the behaviour +of the default callbacks is described below. +.PP +\&\fISSL_CTX_set0_security_ex_data()\fR, \fISSL_set0_security_ex_data()\fR, +\&\fISSL_CTX_get0_security_ex_data()\fR and \fISSL_get0_security_ex_data()\fR set the +extra data pointer passed to the \fBex\fR parameter of the callback. This +value is passed to the callback verbatim and can be set to any convenient +application specific value. +.SH "DEFAULT CALLBACK BEHAVIOUR" +.IX Header "DEFAULT CALLBACK BEHAVIOUR" +If an application doesn't set its own security callback the default +callback is used. It is intended to provide sane defaults. The meaning +of each level is described below. +.IP "\fBLevel 0\fR" 4 +.IX Item "Level 0" +Everything is permitted. This retains compatibility with previous versions of +OpenSSL. +.IP "\fBLevel 1\fR" 4 +.IX Item "Level 1" +The security level corresponds to a minimum of 80 bits of security. Any +parameters offering below 80 bits of security are excluded. As a result \s-1RSA\s0, +\&\s-1DSA\s0 and \s-1DH\s0 keys shorter than 1024 bits and \s-1ECC\s0 keys shorter than 160 bits +are prohibited. All export cipher suites are prohibited since they all offer +less than 80 bits of security. \s-1SSL\s0 version 2 is prohibited. Any cipher suite +using \s-1MD5\s0 for the \s-1MAC\s0 is also prohibited. +.IP "\fBLevel 2\fR" 4 +.IX Item "Level 2" +Security level set to 112 bits of security. As a result \s-1RSA\s0, \s-1DSA\s0 and \s-1DH\s0 keys +shorter than 2048 bits and \s-1ECC\s0 keys shorter than 224 bits are prohibited. +In addition to the level 1 exclusions any cipher suite using \s-1RC4\s0 is also +prohibited. \s-1SSL\s0 version 3 is also not allowed. Compression is disabled. +.IP "\fBLevel 3\fR" 4 +.IX Item "Level 3" +Security level set to 128 bits of security. As a result \s-1RSA\s0, \s-1DSA\s0 and \s-1DH\s0 keys +shorter than 3072 bits and \s-1ECC\s0 keys shorter than 256 bits are prohibited. +In addition to the level 2 exclusions cipher suites not offering forward +secrecy are prohibited. \s-1TLS\s0 versions below 1.1 are not permitted. Session +tickets are disabled. +.IP "\fBLevel 4\fR" 4 +.IX Item "Level 4" +Security level set to 192 bits of security. As a result \s-1RSA\s0, \s-1DSA\s0 and +\&\s-1DH\s0 keys shorter than 7680 bits and \s-1ECC\s0 keys shorter than 384 bits are +prohibited. Cipher suites using \s-1SHA1\s0 for the \s-1MAC\s0 are prohibited. \s-1TLS\s0 +versions below 1.2 are not permitted. +.IP "\fBLevel 5\fR" 4 +.IX Item "Level 5" +Security level set to 256 bits of security. As a result \s-1RSA\s0, \s-1DSA\s0 and \s-1DH\s0 keys +shorter than 15360 bits and \s-1ECC\s0 keys shorter than 512 bits are prohibited. +.SH "APPLICATION DEFINED SECURITY CALLBACKS" +.IX Header "APPLICATION DEFINED SECURITY CALLBACKS" +\&\fIDocumentation to be provided.\fR +.SH "NOTES" +.IX Header "NOTES" +\&\fB\s-1WARNING\s0\fR at this time setting the security level higher than 1 for +general internet use is likely to cause \fBconsiderable\fR interoperability +issues and is not recommended. This is because the \fB\s-1SHA1\s0\fR algorithm +is very widely used in certificates and will be rejected at levels +higher than 1 because it only offers 80 bits of security. +.PP +The default security level can be configured when OpenSSL is compiled by +setting \fB\-DOPENSSL_TLS_SECURITY_LEVEL=level\fR. If not set then 1 is used. +.PP +The security framework disables or reject parameters inconsistent with the +set security level. In the past this was difficult as applications had to set +a number of distinct parameters (supported ciphers, supported curves supported +signature algorithms) to achieve this end and some cases (\s-1DH\s0 parameter size +for example) could not be checked at all. +.PP +By setting an appropriate security level much of this complexity can be +avoided. +.PP +The bits of security limits affect all relevant parameters including +cipher suite encryption algorithms, supported \s-1ECC\s0 curves, supported +signature algorithms, \s-1DH\s0 parameter sizes, certificate key sizes and +signature algorithms. This limit applies no matter what other custom +settings an application has set: so if the cipher suite is set to \fB\s-1ALL\s0\fR +then only cipher suites consistent with the security level are permissible. +.PP +See \s-1SP800\-57\s0 for how the security limits are related to individual +algorithms. +.PP +Some security levels require large key sizes for non-ECC public key +algorithms which can severely degrade performance. For example 256 bits +of security requires the use of \s-1RSA\s0 keys of at least 15360 bits in size. +.PP +Some restrictions can be gracefully handled: for example cipher suites +offering insufficient security are not sent by the client and will not +be selected by the server. Other restrictions such as the peer certificate +key size or the \s-1DH\s0 parameter size will abort the handshake with a fatal +alert. +.PP +Attempts to set certificates or parameters with insufficient security are +also blocked. For example trying to set a certificate using a 512 bit \s-1RSA\s0 +key using \fISSL_CTX_use_certificate()\fR at level 1. Applications which do not +check the return values for errors will misbehave: for example it might +appear that a certificate is not set at all because it had been rejected. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_security_level()\fR and \fISSL_set_security_level()\fR do not return values. +.PP +\&\fISSL_CTX_get_security_level()\fR and \fISSL_get_security_level()\fR return a integer that +represents the security level with \fB\s-1SSL_CTX\s0\fR or \fB\s-1SSL\s0\fR, respectively. +.PP +\&\fISSL_CTX_set_security_callback()\fR and \fISSL_set_security_callback()\fR do not return +values. +.PP +\&\fISSL_CTX_get_security_callback()\fR and \fISSL_get_security_callback()\fR return the pointer +to the security callback or \s-1NULL\s0 if the callback is not set. +.PP +\&\fISSL_CTX_get0_security_ex_data()\fR and \fISSL_get0_security_ex_data()\fR return the extra +data pointer or \s-1NULL\s0 if the ex data is not set. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2014\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CTX_set_session_cache_mode.3 b/linux_amd64/share/man/man3/SSL_CTX_set_session_cache_mode.3 new file mode 100755 index 0000000..d4e1838 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CTX_set_session_cache_mode.3 @@ -0,0 +1,249 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_SESSION_CACHE_MODE 3" +.TH SSL_CTX_SET_SESSION_CACHE_MODE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_session_cache_mode, SSL_CTX_get_session_cache_mode \- enable/disable session caching +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_set_session_cache_mode(SSL_CTX ctx, long mode); +\& long SSL_CTX_get_session_cache_mode(SSL_CTX ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_session_cache_mode()\fR enables/disables session caching +by setting the operational mode for \fBctx\fR to . +.PP +\&\fISSL_CTX_get_session_cache_mode()\fR returns the currently used cache mode. +.SH "NOTES" +.IX Header "NOTES" +The OpenSSL library can store/retrieve \s-1SSL/TLS\s0 sessions for later reuse. +The sessions can be held in memory for each \fBctx\fR, if more than one +\&\s-1SSL_CTX\s0 object is being maintained, the sessions are unique for each \s-1SSL_CTX\s0 +object. +.PP +In order to reuse a session, a client must send the session's id to the +server. It can only send exactly one id. The server then either +agrees to reuse the session or it starts a full handshake (to create a new +session). +.PP +A server will look up the session in its internal session storage. If the +session is not found in internal storage or lookups for the internal storage +have been deactivated (\s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0), the server will try +the external storage if available. +.PP +Since a client may try to reuse a session intended for use in a different +context, the session id context must be set by the server (see +\&\fISSL_CTX_set_session_id_context\fR\|(3)). +.PP +The following session cache modes and modifiers are available: +.IP "\s-1SSL_SESS_CACHE_OFF\s0" 4 +.IX Item "SSL_SESS_CACHE_OFF" +No session caching for client or server takes place. +.IP "\s-1SSL_SESS_CACHE_CLIENT\s0" 4 +.IX Item "SSL_SESS_CACHE_CLIENT" +Client sessions are added to the session cache. As there is no reliable way +for the OpenSSL library to know whether a session should be reused or which +session to choose (due to the abstract \s-1BIO\s0 layer the \s-1SSL\s0 engine does not +have details about the connection), the application must select the session +to be reused by using the \fISSL_set_session\fR\|(3) +function. This option is not activated by default. +.IP "\s-1SSL_SESS_CACHE_SERVER\s0" 4 +.IX Item "SSL_SESS_CACHE_SERVER" +Server sessions are added to the session cache. When a client proposes a +session to be reused, the server looks for the corresponding session in (first) +the internal session cache (unless \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0 is set), +then (second) in the external cache if available. If the session is found, the +server will try to reuse the session. This is the default. +.IP "\s-1SSL_SESS_CACHE_BOTH\s0" 4 +.IX Item "SSL_SESS_CACHE_BOTH" +Enable both \s-1SSL_SESS_CACHE_CLIENT\s0 and \s-1SSL_SESS_CACHE_SERVER\s0 at the same time. +.IP "\s-1SSL_SESS_CACHE_NO_AUTO_CLEAR\s0" 4 +.IX Item "SSL_SESS_CACHE_NO_AUTO_CLEAR" +Normally the session cache is checked for expired sessions every +255 connections using the +\&\fISSL_CTX_flush_sessions\fR\|(3) function. Since +this may lead to a delay which cannot be controlled, the automatic +flushing may be disabled and +\&\fISSL_CTX_flush_sessions\fR\|(3) can be called +explicitly by the application. +.IP "\s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0" 4 +.IX Item "SSL_SESS_CACHE_NO_INTERNAL_LOOKUP" +By setting this flag, session-resume operations in an \s-1SSL/TLS\s0 server will not +automatically look up sessions in the internal cache, even if sessions are +automatically stored there. If external session caching callbacks are in use, +this flag guarantees that all lookups are directed to the external cache. +As automatic lookup only applies for \s-1SSL/TLS\s0 servers, the flag has no effect on +clients. +.IP "\s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0" 4 +.IX Item "SSL_SESS_CACHE_NO_INTERNAL_STORE" +Depending on the presence of \s-1SSL_SESS_CACHE_CLIENT\s0 and/or \s-1SSL_SESS_CACHE_SERVER\s0, +sessions negotiated in an \s-1SSL/TLS\s0 handshake may be cached for possible reuse. +Normally a new session is added to the internal cache as well as any external +session caching (callback) that is configured for the \s-1SSL_CTX\s0. This flag will +prevent sessions being stored in the internal cache (though the application can +add them manually using \fISSL_CTX_add_session\fR\|(3)). Note: +in any \s-1SSL/TLS\s0 servers where external caching is configured, any successful +session lookups in the external cache (ie. for session-resume requests) would +normally be copied into the local cache before processing continues \- this flag +prevents these additions to the internal cache as well. +.IP "\s-1SSL_SESS_CACHE_NO_INTERNAL\s0" 4 +.IX Item "SSL_SESS_CACHE_NO_INTERNAL" +Enable both \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0 and +\&\s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0 at the same time. +.PP +The default mode is \s-1SSL_SESS_CACHE_SERVER\s0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_session_cache_mode()\fR returns the previously set cache mode. +.PP +\&\fISSL_CTX_get_session_cache_mode()\fR returns the currently set cache mode. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_set_session\fR\|(3), +\&\fISSL_session_reused\fR\|(3), +\&\fISSL_CTX_add_session\fR\|(3), +\&\fISSL_CTX_sess_number\fR\|(3), +\&\fISSL_CTX_sess_set_cache_size\fR\|(3), +\&\fISSL_CTX_sess_set_get_cb\fR\|(3), +\&\fISSL_CTX_set_session_id_context\fR\|(3), +\&\fISSL_CTX_set_timeout\fR\|(3), +\&\fISSL_CTX_flush_sessions\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CTX_set_session_id_context.3 b/linux_amd64/share/man/man3/SSL_CTX_set_session_id_context.3 new file mode 100755 index 0000000..ef0d960 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CTX_set_session_id_context.3 @@ -0,0 +1,206 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_SESSION_ID_CONTEXT 3" +.TH SSL_CTX_SET_SESSION_ID_CONTEXT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_session_id_context, SSL_set_session_id_context \- set context within which session can be reused (server side only) +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, +\& unsigned int sid_ctx_len); +\& int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, +\& unsigned int sid_ctx_len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_session_id_context()\fR sets the context \fBsid_ctx\fR of length +\&\fBsid_ctx_len\fR within which a session can be reused for the \fBctx\fR object. +.PP +\&\fISSL_set_session_id_context()\fR sets the context \fBsid_ctx\fR of length +\&\fBsid_ctx_len\fR within which a session can be reused for the \fBssl\fR object. +.SH "NOTES" +.IX Header "NOTES" +Sessions are generated within a certain context. When exporting/importing +sessions with \fBi2d_SSL_SESSION\fR/\fBd2i_SSL_SESSION\fR it would be possible, +to re-import a session generated from another context (e.g. another +application), which might lead to malfunctions. Therefore each application +must set its own session id context \fBsid_ctx\fR which is used to distinguish +the contexts and is stored in exported sessions. The \fBsid_ctx\fR can be +any kind of binary data with a given length, it is therefore possible +to use e.g. the name of the application and/or the hostname and/or service +name ... +.PP +The session id context becomes part of the session. The session id context +is set by the \s-1SSL/TLS\s0 server. The \fISSL_CTX_set_session_id_context()\fR and +\&\fISSL_set_session_id_context()\fR functions are therefore only useful on the +server side. +.PP +OpenSSL clients will check the session id context returned by the server +when reusing a session. +.PP +The maximum length of the \fBsid_ctx\fR is limited to +\&\fB\s-1SSL_MAX_SID_CTX_LENGTH\s0\fR. +.SH "WARNINGS" +.IX Header "WARNINGS" +If the session id context is not set on an \s-1SSL/TLS\s0 server and client +certificates are used, stored sessions +will not be reused but a fatal error will be flagged and the handshake +will fail. +.PP +If a server returns a different session id context to an OpenSSL client +when reusing a session, an error will be flagged and the handshake will +fail. OpenSSL servers will always return the correct session id context, +as an OpenSSL server checks the session id context itself before reusing +a session as described above. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_session_id_context()\fR and \fISSL_set_session_id_context()\fR +return the following values: +.IP "0" 4 +The length \fBsid_ctx_len\fR of the session id context \fBsid_ctx\fR exceeded +the maximum allowed length of \fB\s-1SSL_MAX_SID_CTX_LENGTH\s0\fR. The error +is logged to the error stack. +.IP "1" 4 +.IX Item "1" +The operation succeeded. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CTX_set_session_ticket_cb.3 b/linux_amd64/share/man/man3/SSL_CTX_set_session_ticket_cb.3 new file mode 100755 index 0000000..580d70f --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CTX_set_session_ticket_cb.3 @@ -0,0 +1,296 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_SESSION_TICKET_CB 3" +.TH SSL_CTX_SET_SESSION_TICKET_CB 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_session_ticket_cb, +SSL_SESSION_get0_ticket_appdata, +SSL_SESSION_set1_ticket_appdata, +SSL_CTX_generate_session_ticket_fn, +SSL_CTX_decrypt_session_ticket_fn \- manage session ticket application data +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef int (*SSL_CTX_generate_session_ticket_fn)(SSL *s, void *arg); +\& typedef SSL_TICKET_RETURN (*SSL_CTX_decrypt_session_ticket_fn)(SSL *s, SSL_SESSION *ss, +\& const unsigned char *keyname, +\& size_t keyname_len, +\& SSL_TICKET_STATUS status, +\& void *arg); +\& int SSL_CTX_set_session_ticket_cb(SSL_CTX *ctx, +\& SSL_CTX_generate_session_ticket_fn gen_cb, +\& SSL_CTX_decrypt_session_ticket_fn dec_cb, +\& void *arg); +\& int SSL_SESSION_set1_ticket_appdata(SSL_SESSION *ss, const void *data, size_t len); +\& int SSL_SESSION_get0_ticket_appdata(SSL_SESSION *ss, void **data, size_t *len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_set_session_ticket_cb()\fR sets the application callbacks \fBgen_cb\fR +and \fBdec_cb\fR that are used by a server to set and get application data stored +with a session, and placed into a session ticket. Either callback function may +be set to \s-1NULL\s0. The value of \fBarg\fR is passed to the callbacks. +.PP +\&\fBgen_cb\fR is the application defined callback invoked when a session ticket is +about to be created. The application can call \fISSL_SESSION_set1_ticket_appdata()\fR +at this time to add application data to the session ticket. The value of \fBarg\fR +is the same as that given to \fISSL_CTX_set_session_ticket_cb()\fR. The \fBgen_cb\fR +callback is defined as type \fBSSL_CTX_generate_session_ticket_fn\fR. +.PP +\&\fBdec_cb\fR is the application defined callback invoked after session ticket +decryption has been attempted and any session ticket application data is +available. If ticket decryption was successful then the \fBss\fR argument contains +the session data. The \fBkeyname\fR and \fBkeyname_len\fR arguments identify the key +used to decrypt the session ticket. The \fBstatus\fR argument is the result of the +ticket decryption. See the \*(L"\s-1NOTES\s0\*(R" section below for further details. The value +of \fBarg\fR is the same as that given to \fISSL_CTX_set_session_ticket_cb()\fR. The +\&\fBdec_cb\fR callback is defined as type \fBSSL_CTX_decrypt_session_ticket_fn\fR. +.PP +\&\fISSL_SESSION_set1_ticket_appdata()\fR sets the application data specified by +\&\fBdata\fR and \fBlen\fR into \fBss\fR which is then placed into any generated session +tickets. It can be called at any time before a session ticket is created to +update the data placed into the session ticket. However, given that sessions +and tickets are created by the handshake, the \fBgen_cb\fR is provided to notify +the application that a session ticket is about to be generated. +.PP +\&\fISSL_SESSION_get0_ticket_appdata()\fR assigns \fBdata\fR to the session ticket +application data and assigns \fBlen\fR to the length of the session ticket +application data from \fBss\fR. The application data can be set via +\&\fISSL_SESSION_set1_ticket_appdata()\fR or by a session ticket. \s-1NULL\s0 will be assigned +to \fBdata\fR and 0 will be assigned to \fBlen\fR if there is no session ticket +application data. \fISSL_SESSION_get0_ticket_appdata()\fR can be called any time +after a session has been created. The \fBdec_cb\fR is provided to notify the +application that a session ticket has just been decrypted. +.SH "NOTES" +.IX Header "NOTES" +When the \fBdec_cb\fR callback is invoked, the \s-1SSL_SESSION\s0 \fBss\fR has not yet been +assigned to the \s-1SSL\s0 \fBs\fR. The \fBstatus\fR indicates the result of the ticket +decryption. The callback must check the \fBstatus\fR value before performing any +action, as it is called even if ticket decryption fails. +.PP +The \fBkeyname\fR and \fBkeyname_len\fR arguments to \fBdec_cb\fR may be used to identify +the key that was used to encrypt the session ticket. +.PP +The \fBstatus\fR argument can be any of these values: +.IP "\s-1SSL_TICKET_EMPTY\s0" 4 +.IX Item "SSL_TICKET_EMPTY" +Empty ticket present. No ticket data will be used and a new ticket should be +sent to the client. This only occurs in TLSv1.2 or below. In TLSv1.3 it is not +valid for a client to send an empty ticket. +.IP "\s-1SSL_TICKET_NO_DECRYPT\s0" 4 +.IX Item "SSL_TICKET_NO_DECRYPT" +The ticket couldn't be decrypted. No ticket data will be used and a new ticket +should be sent to the client. +.IP "\s-1SSL_TICKET_SUCCESS\s0" 4 +.IX Item "SSL_TICKET_SUCCESS" +A ticket was successfully decrypted, any session ticket application data should +be available. A new ticket should not be sent to the client. +.IP "\s-1SSL_TICKET_SUCCESS_RENEW\s0" 4 +.IX Item "SSL_TICKET_SUCCESS_RENEW" +Same as \fB\s-1SSL_TICKET_SUCCESS\s0\fR, but a new ticket should be sent to the client. +.PP +The return value can be any of these values: +.IP "\s-1SSL_TICKET_RETURN_ABORT\s0" 4 +.IX Item "SSL_TICKET_RETURN_ABORT" +The handshake should be aborted, either because of an error or because of some +policy. Note that in TLSv1.3 a client may send more than one ticket in a single +handshake. Therefore just because one ticket is unacceptable it does not mean +that all of them are. For this reason this option should be used with caution. +.IP "\s-1SSL_TICKET_RETURN_IGNORE\s0" 4 +.IX Item "SSL_TICKET_RETURN_IGNORE" +Do not use a ticket (if one was available). Do not send a renewed ticket to the +client. +.IP "\s-1SSL_TICKET_RETURN_IGNORE_RENEW\s0" 4 +.IX Item "SSL_TICKET_RETURN_IGNORE_RENEW" +Do not use a ticket (if one was available). Send a renewed ticket to the client. +.Sp +If the callback does not wish to change the default ticket behaviour then it +should return this value if \fBstatus\fR is \fB\s-1SSL_TICKET_EMPTY\s0\fR or +\&\fB\s-1SSL_TICKET_NO_DECRYPT\s0\fR. +.IP "\s-1SSL_TICKET_RETURN_USE\s0" 4 +.IX Item "SSL_TICKET_RETURN_USE" +Use the ticket. Do not send a renewed ticket to the client. It is an error for +the callback to return this value if \fBstatus\fR has a value other than +\&\fB\s-1SSL_TICKET_SUCCESS\s0\fR or \fB\s-1SSL_TICKET_SUCCESS_RENEW\s0\fR. +.Sp +If the callback does not wish to change the default ticket behaviour then it +should return this value if \fBstatus\fR is \fB\s-1SSL_TICKET_SUCCESS\s0\fR. +.IP "\s-1SSL_TICKET_RETURN_USE_RENEW\s0" 4 +.IX Item "SSL_TICKET_RETURN_USE_RENEW" +Use the ticket. Send a renewed ticket to the client. It is an error for the +callback to return this value if \fBstatus\fR has a value other than +\&\fB\s-1SSL_TICKET_SUCCESS\s0\fR or \fB\s-1SSL_TICKET_SUCCESS_RENEW\s0\fR. +.Sp +If the callback does not wish to change the default ticket behaviour then it +should return this value if \fBstatus\fR is \fB\s-1SSL_TICKET_SUCCESS_RENEW\s0\fR. +.PP +If \fBstatus\fR has the value \fB\s-1SSL_TICKET_EMPTY\s0\fR or \fB\s-1SSL_TICKET_NO_DECRYPT\s0\fR then +no session data will be available and the callback must not use the \fBss\fR +argument. If \fBstatus\fR has the value \fB\s-1SSL_TICKET_SUCCESS\s0\fR or +\&\fB\s-1SSL_TICKET_SUCCESS_RENEW\s0\fR then the application can call +\&\fISSL_SESSION_get0_ticket_appdata()\fR using the session provided in the \fBss\fR +argument to retrieve the application data. +.PP +When the \fBgen_cb\fR callback is invoked, the \fISSL_get_session()\fR function can be +used to retrieve the \s-1SSL_SESSION\s0 for \fISSL_SESSION_set1_ticket_appdata()\fR. +.PP +By default, in TLSv1.2 and below, a new session ticket is not issued on a +successful resumption and therefore \fBgen_cb\fR will not be called. In TLSv1.3 the +default behaviour is to always issue a new ticket on resumption. In both cases +this behaviour can be changed if a ticket key callback is in use (see +\&\fISSL_CTX_set_tlsext_ticket_key_cb\fR\|(3)). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The \fISSL_CTX_set_session_ticket_cb()\fR, \fISSL_SESSION_set1_ticket_appdata()\fR and +\&\fISSL_SESSION_get0_ticket_appdata()\fR functions return 1 on success and 0 on +failure. +.PP +The \fBgen_cb\fR callback must return 1 to continue the connection. A return of 0 +will terminate the connection with an \s-1INTERNAL_ERROR\s0 alert. +.PP +The \fBdec_cb\fR callback must return a value as described in \*(L"\s-1NOTES\s0\*(R" above. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_get_session\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fISSL_CTX_set_session_ticket_cb()\fR, \fISSSL_SESSION_set1_ticket_appdata()\fR +and \fISSL_SESSION_get_ticket_appdata()\fR functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CTX_set_split_send_fragment.3 b/linux_amd64/share/man/man3/SSL_CTX_set_split_send_fragment.3 new file mode 100755 index 0000000..8d33567 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CTX_set_split_send_fragment.3 @@ -0,0 +1,301 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_SPLIT_SEND_FRAGMENT 3" +.TH SSL_CTX_SET_SPLIT_SEND_FRAGMENT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_max_send_fragment, SSL_set_max_send_fragment, +SSL_CTX_set_split_send_fragment, SSL_set_split_send_fragment, +SSL_CTX_set_max_pipelines, SSL_set_max_pipelines, +SSL_CTX_set_default_read_buffer_len, SSL_set_default_read_buffer_len, +SSL_CTX_set_tlsext_max_fragment_length, +SSL_set_tlsext_max_fragment_length, +SSL_SESSION_get_max_fragment_length \- Control fragment size settings and pipelining operations +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_set_max_send_fragment(SSL_CTX *ctx, long); +\& long SSL_set_max_send_fragment(SSL *ssl, long m); +\& +\& long SSL_CTX_set_max_pipelines(SSL_CTX *ctx, long m); +\& long SSL_set_max_pipelines(SSL_CTX *ssl, long m); +\& +\& long SSL_CTX_set_split_send_fragment(SSL_CTX *ctx, long m); +\& long SSL_set_split_send_fragment(SSL *ssl, long m); +\& +\& void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len); +\& void SSL_set_default_read_buffer_len(SSL *s, size_t len); +\& +\& int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode); +\& int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode); +\& uint8_t SSL_SESSION_get_max_fragment_length(SSL_SESSION *session); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Some engines are able to process multiple simultaneous crypto operations. This +capability could be utilised to parallelise the processing of a single +connection. For example a single write can be split into multiple records and +each one encrypted independently and in parallel. Note: this will only work in +\&\s-1TLS1\s0.1+. There is no support in SSLv3, TLSv1.0 or \s-1DTLS\s0 (any version). This +capability is known as \*(L"pipelining\*(R" within OpenSSL. +.PP +In order to benefit from the pipelining capability. You need to have an engine +that provides ciphers that support this. The OpenSSL \*(L"dasync\*(R" engine provides +\&\s-1AES128\-SHA\s0 based ciphers that have this capability. However these are for +development and test purposes only. +.PP +\&\fISSL_CTX_set_max_send_fragment()\fR and \fISSL_set_max_send_fragment()\fR set the +\&\fBmax_send_fragment\fR parameter for \s-1SSL_CTX\s0 and \s-1SSL\s0 objects respectively. This +value restricts the amount of plaintext bytes that will be sent in any one +\&\s-1SSL/TLS\s0 record. By default its value is \s-1SSL3_RT_MAX_PLAIN_LENGTH\s0 (16384). These +functions will only accept a value in the range 512 \- \s-1SSL3_RT_MAX_PLAIN_LENGTH\s0. +.PP +\&\fISSL_CTX_set_max_pipelines()\fR and \fISSL_set_max_pipelines()\fR set the maximum number +of pipelines that will be used at any one time. This value applies to both +\&\*(L"read\*(R" pipelining and \*(L"write\*(R" pipelining. By default only one pipeline will be +used (i.e. normal non-parallel operation). The number of pipelines set must be +in the range 1 \- \s-1SSL_MAX_PIPELINES\s0 (32). Setting this to a value > 1 will also +automatically turn on \*(L"read_ahead\*(R" (see \fISSL_CTX_set_read_ahead\fR\|(3)). This is +explained further below. OpenSSL will only every use more than one pipeline if +a cipher suite is negotiated that uses a pipeline capable cipher provided by an +engine. +.PP +Pipelining operates slightly differently for reading encrypted data compared to +writing encrypted data. \fISSL_CTX_set_split_send_fragment()\fR and +\&\fISSL_set_split_send_fragment()\fR define how data is split up into pipelines when +writing encrypted data. The number of pipelines used will be determined by the +amount of data provided to the \fISSL_write_ex()\fR or \fISSL_write()\fR call divided by +\&\fBsplit_send_fragment\fR. +.PP +For example if \fBsplit_send_fragment\fR is set to 2000 and \fBmax_pipelines\fR is 4 +then: +.PP +SSL_write/SSL_write_ex called with 0\-2000 bytes == 1 pipeline used +.PP +SSL_write/SSL_write_ex called with 2001\-4000 bytes == 2 pipelines used +.PP +SSL_write/SSL_write_ex called with 4001\-6000 bytes == 3 pipelines used +.PP +SSL_write/SSL_write_ex called with 6001+ bytes == 4 pipelines used +.PP +\&\fBsplit_send_fragment\fR must always be less than or equal to +\&\fBmax_send_fragment\fR. By default it is set to be equal to \fBmax_send_fragment\fR. +This will mean that the same number of records will always be created as would +have been created in the non-parallel case, although the data will be +apportioned differently. In the parallel case data will be spread equally +between the pipelines. +.PP +Read pipelining is controlled in a slightly different way than with write +pipelining. While reading we are constrained by the number of records that the +peer (and the network) can provide to us in one go. The more records we can get +in one go the more opportunity we have to parallelise the processing. As noted +above when setting \fBmax_pipelines\fR to a value greater than one, \fBread_ahead\fR +is automatically set. The \fBread_ahead\fR parameter causes OpenSSL to attempt to +read as much data into the read buffer as the network can provide and will fit +into the buffer. Without this set data is read into the read buffer one record +at a time. The more data that can be read, the more opportunity there is for +parallelising the processing at the cost of increased memory overhead per +connection. Setting \fBread_ahead\fR can impact the behaviour of the \fISSL_pending()\fR +function (see \fISSL_pending\fR\|(3)). +.PP +The \fISSL_CTX_set_default_read_buffer_len()\fR and \fISSL_set_default_read_buffer_len()\fR +functions control the size of the read buffer that will be used. The \fBlen\fR +parameter sets the size of the buffer. The value will only be used if it is +greater than the default that would have been used anyway. The normal default +value depends on a number of factors but it will be at least +\&\s-1SSL3_RT_MAX_PLAIN_LENGTH\s0 + \s-1SSL3_RT_MAX_ENCRYPTED_OVERHEAD\s0 (16704) bytes. +.PP +\&\fISSL_CTX_set_tlsext_max_fragment_length()\fR sets the default maximum fragment +length negotiation mode via value \fBmode\fR to \fBctx\fR. +This setting affects only \s-1SSL\s0 instances created after this function is called. +It affects the client-side as only its side may initiate this extension use. +.PP +\&\fISSL_set_tlsext_max_fragment_length()\fR sets the maximum fragment length +negotiation mode via value \fBmode\fR to \fBssl\fR. +This setting will be used during a handshake when extensions are exchanged +between client and server. +So it only affects \s-1SSL\s0 sessions created after this function is called. +It affects the client-side as only its side may initiate this extension use. +.PP +\&\fISSL_SESSION_get_max_fragment_length()\fR gets the maximum fragment length +negotiated in \fBsession\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All non-void functions return 1 on success and 0 on failure. +.SH "NOTES" +.IX Header "NOTES" +The Maximum Fragment Length extension support is optional on the server side. +If the server does not support this extension then +\&\fISSL_SESSION_get_max_fragment_length()\fR will return: +TLSEXT_max_fragment_length_DISABLED. +.PP +The following modes are available: +.IP "TLSEXT_max_fragment_length_DISABLED" 4 +.IX Item "TLSEXT_max_fragment_length_DISABLED" +Disables Maximum Fragment Length Negotiation (default). +.IP "TLSEXT_max_fragment_length_512" 4 +.IX Item "TLSEXT_max_fragment_length_512" +Sets Maximum Fragment Length to 512 bytes. +.IP "TLSEXT_max_fragment_length_1024" 4 +.IX Item "TLSEXT_max_fragment_length_1024" +Sets Maximum Fragment Length to 1024. +.IP "TLSEXT_max_fragment_length_2048" 4 +.IX Item "TLSEXT_max_fragment_length_2048" +Sets Maximum Fragment Length to 2048. +.IP "TLSEXT_max_fragment_length_4096" 4 +.IX Item "TLSEXT_max_fragment_length_4096" +Sets Maximum Fragment Length to 4096. +.PP +With the exception of \fISSL_CTX_set_default_read_buffer_len()\fR +\&\fISSL_set_default_read_buffer_len()\fR, \fISSL_CTX_set_tlsext_max_fragment_length()\fR, +\&\fISSL_set_tlsext_max_fragment_length()\fR and \fISSL_SESSION_get_max_fragment_length()\fR +all these functions are implemented using macros. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_CTX_set_read_ahead\fR\|(3), \fISSL_pending\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fISSL_CTX_set_max_pipelines()\fR, \fISSL_set_max_pipelines()\fR, +\&\fISSL_CTX_set_split_send_fragment()\fR, \fISSL_set_split_send_fragment()\fR, +\&\fISSL_CTX_set_default_read_buffer_len()\fR and \fISSL_set_default_read_buffer_len()\fR +functions were added in OpenSSL 1.1.0. +.PP +The \fISSL_CTX_set_tlsext_max_fragment_length()\fR, \fISSL_set_tlsext_max_fragment_length()\fR +and \fISSL_SESSION_get_max_fragment_length()\fR functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CTX_set_srp_password.3 b/linux_amd64/share/man/man3/SSL_CTX_set_srp_password.3 new file mode 100755 index 0000000..7c503f3 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CTX_set_srp_password.3 @@ -0,0 +1,342 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_SRP_PASSWORD 3" +.TH SSL_CTX_SET_SRP_PASSWORD 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_srp_username, +SSL_CTX_set_srp_password, +SSL_CTX_set_srp_strength, +SSL_CTX_set_srp_cb_arg, +SSL_CTX_set_srp_username_callback, +SSL_CTX_set_srp_client_pwd_callback, +SSL_CTX_set_srp_verify_param_callback, +SSL_set_srp_server_param, +SSL_set_srp_server_param_pw, +SSL_get_srp_g, +SSL_get_srp_N, +SSL_get_srp_username, +SSL_get_srp_userinfo +\&\- SRP control operations +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_set_srp_username(SSL_CTX *ctx, char *name); +\& int SSL_CTX_set_srp_password(SSL_CTX *ctx, char *password); +\& int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength); +\& int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg); +\& int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx, +\& int (*cb) (SSL *s, int *ad, void *arg)); +\& int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx, +\& char *(*cb) (SSL *s, void *arg)); +\& int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx, +\& int (*cb) (SSL *s, void *arg)); +\& +\& int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g, +\& BIGNUM *sa, BIGNUM *v, char *info); +\& int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass, +\& const char *grp); +\& +\& BIGNUM *SSL_get_srp_g(SSL *s); +\& BIGNUM *SSL_get_srp_N(SSL *s); +\& +\& char *SSL_get_srp_username(SSL *s); +\& char *SSL_get_srp_userinfo(SSL *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions provide access to \s-1SRP\s0 (Secure Remote Password) parameters, +an alternate authentication mechanism for \s-1TLS\s0. \s-1SRP\s0 allows the use of user names +and passwords over unencrypted channels without revealing the password to an +eavesdropper. \s-1SRP\s0 also supplies a shared secret at the end of the authentication +sequence that can be used to generate encryption keys. +.PP +The \s-1SRP\s0 protocol, version 3 is specified in \s-1RFC\s0 2945. \s-1SRP\s0 version 6 is described +in \s-1RFC\s0 5054 with applications to \s-1TLS\s0 authentication. +.PP +The \fISSL_CTX_set_srp_username()\fR function sets the \s-1SRP\s0 username for \fBctx\fR. This +should be called on the client prior to creating a connection to the server. +The length of \fBname\fR must be shorter or equal to 255 characters. +.PP +The \fISSL_CTX_set_srp_password()\fR function sets the \s-1SRP\s0 password for \fBctx\fR. This +may be called on the client prior to creating a connection to the server. +This overrides the effect of \fISSL_CTX_set_srp_client_pwd_callback()\fR. +.PP +The \fISSL_CTX_set_srp_strength()\fR function sets the \s-1SRP\s0 strength for \fBctx\fR. This +is the minimal length of the \s-1SRP\s0 prime in bits. If not specified 1024 is used. +If not satisfied by the server key exchange the connection will be rejected. +.PP +The \fISSL_CTX_set_srp_cb_arg()\fR function sets an extra parameter that will +be passed to all following callbacks as \fBarg\fR. +.PP +The \fISSL_CTX_set_srp_username_callback()\fR function sets the server side callback +that is invoked when an \s-1SRP\s0 username is found in a ClientHello. +The callback parameters are the \s-1SSL\s0 connection \fBs\fR, a writable error flag \fBad\fR +and the extra argument \fBarg\fR set by \fISSL_CTX_set_srp_cb_arg()\fR. +This callback should setup the server for the key exchange by calling +\&\fISSL_set_srp_server_param()\fR with the appropriate parameters for the received +username. The username can be obtained by calling \fISSL_get_srp_username()\fR. +See \fISRP_VBASE_init\fR\|(3) to parse the verifier file created by \fIopenssl\-srp\fR\|(1) or +\&\fISRP_create_verifier\fR\|(3) to generate it. +The callback should return \fB\s-1SSL_ERROR_NONE\s0\fR to proceed with the server key exchange, +\&\fB\s-1SSL3_AL_FATAL\s0\fR for a fatal error or any value < 0 for a retryable error. +In the event of a \fB\s-1SSL3_AL_FATAL\s0\fR the alert flag given by \fB*al\fR will be sent +back. By default this will be \fB\s-1SSL_AD_UNKNOWN_PSK_IDENTITY\s0\fR. +.PP +The \fISSL_CTX_set_srp_client_pwd_callback()\fR function sets the client password +callback on the client. +The callback parameters are the \s-1SSL\s0 connection \fBs\fR and the extra argument \fBarg\fR +set by \fISSL_CTX_set_srp_cb_arg()\fR. +The callback will be called as part of the generation of the client secrets. +It should return the client password in text form or \s-1NULL\s0 to abort the connection. +The resulting memory will be freed by the library as part of the callback resolution. +This overrides the effect of \fISSL_CTX_set_srp_password()\fR. +.PP +The \fISSL_CTX_set_srp_verify_param_callback()\fR sets the \s-1SRP\s0 gN parameter verification +callback on the client. This allows the client to perform custom verification when +receiving the server \s-1SRP\s0 proposed parameters. +The callback parameters are the \s-1SSL\s0 connection \fBs\fR and the extra argument \fBarg\fR +set by \fISSL_CTX_set_srp_cb_arg()\fR. +The callback should return a positive value to accept the server parameters. +Returning 0 or a negative value will abort the connection. The server parameters +can be obtained by calling \fISSL_get_srp_N()\fR and \fISSL_get_srp_g()\fR. +Sanity checks are already performed by the library after the handshake +(B % N non zero, check against the strength parameter) and are not necessary. +If no callback is set the g and N parameters will be checked against +known \s-1RFC\s0 5054 values. +.PP +The \fISSL_set_srp_server_param()\fR function sets all \s-1SRP\s0 parameters for +the connection \fBs\fR. \fBN\fR and \fBg\fR are the \s-1SRP\s0 group parameters, \fBsa\fR is the +user salt, \fBv\fR the password verifier and \fBinfo\fR is the optional user info. +.PP +The \fISSL_set_srp_server_param_pw()\fR function sets all \s-1SRP\s0 parameters for the +connection \fBs\fR by generating a random salt and a password verifier. +\&\fBuser\fR is the username, \fBpass\fR the password and \fBgrp\fR the \s-1SRP\s0 group parameters +identifier for \fISRP_get_default_gN\fR\|(3). +.PP +The \fISSL_get_srp_g()\fR function returns the \s-1SRP\s0 group generator for \fBs\fR, or from +the underlying \s-1SSL_CTX\s0 if it is \s-1NULL\s0. +.PP +The \fISSL_get_srp_N()\fR function returns the \s-1SRP\s0 prime for \fBs\fR, or from +the underlying \s-1SSL_CTX\s0 if it is \s-1NULL\s0. +.PP +The \fISSL_get_srp_username()\fR function returns the \s-1SRP\s0 username for \fBs\fR, or from +the underlying \s-1SSL_CTX\s0 if it is \s-1NULL\s0. +.PP +The \fISSL_get_srp_userinfo()\fR function returns the \s-1SRP\s0 user info for \fBs\fR, or from +the underlying \s-1SSL_CTX\s0 if it is \s-1NULL\s0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All SSL_CTX_set_* functions return 1 on success and 0 on failure. +.PP +\&\fISSL_set_srp_server_param()\fR returns 1 on success and \-1 on failure. +.PP +The SSL_get_SRP_* functions return a pointer to the requested data, the memory +is owned by the library and should not be freed by the caller. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Setup \s-1SRP\s0 parameters on the client: +.PP +.Vb 1 +\& #include +\& +\& const char *username = "username"; +\& const char *password = "password"; +\& +\& SSL_CTX *ctx = SSL_CTX_new(TLS_client_method()); +\& if (!ctx) +\& /* Error */ +\& if (!SSL_CTX_set_srp_username(ctx, username)) +\& /* Error */ +\& if (!SSL_CTX_set_srp_password(ctx, password)) +\& /* Error */ +.Ve +.PP +Setup \s-1SRP\s0 server with verifier file: +.PP +.Vb 2 +\& #include +\& #include +\& +\& const char *srpvfile = "password.srpv"; +\& +\& int srpServerCallback(SSL *s, int *ad, void *arg) +\& { +\& SRP_VBASE *srpData = (SRP_VBASE*) arg; +\& char *username = SSL_get_srp_username(s); +\& +\& SRP_user_pwd *user_pwd = SRP_VBASE_get1_by_user(srpData, username); +\& if (!user_pwd) +\& /* Error */ +\& return SSL3_AL_FATAL; +\& +\& if (SSL_set_srp_server_param(s, user_pwd\->N, user_pwd\->g, +\& user_pwd\->s, user_pwd\->v, user_pwd\->info) < 0) +\& /* Error */ +\& +\& SRP_user_pwd_free(user_pwd); +\& return SSL_ERROR_NONE; +\& } +\& +\& SSL_CTX *ctx = SSL_CTX_new(TLS_server_method()); +\& if (!ctx) +\& /* Error */ +\& +\& /* +\& * seedKey should contain a NUL terminated sequence +\& * of random non NUL bytes +\& */ +\& const char *seedKey; +\& +\& SRP_VBASE *srpData = SRP_VBASE_new(seedKey); +\& if (SRP_VBASE_init(srpData, (char*) srpvfile) != SRP_NO_ERROR) +\& /* Error */ +\& +\& SSL_CTX_set_srp_cb_arg(ctx, srpData); +\& SSL_CTX_set_srp_username_callback(ctx, srpServerCallback); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fIopenssl\-srp\fR\|(1), +\&\fISRP_VBASE_new\fR\|(3), +\&\fISRP_create_verifier\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CTX_set_ssl_version.3 b/linux_amd64/share/man/man3/SSL_CTX_set_ssl_version.3 new file mode 100755 index 0000000..926563d --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CTX_set_ssl_version.3 @@ -0,0 +1,185 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_SSL_VERSION 3" +.TH SSL_CTX_SET_SSL_VERSION 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_ssl_version, SSL_set_ssl_method, SSL_get_ssl_method +\&\- choose a new TLS/SSL method +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *method); +\& int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method); +\& const SSL_METHOD *SSL_get_ssl_method(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_ssl_version()\fR sets a new default \s-1TLS/SSL\s0 \fBmethod\fR for \s-1SSL\s0 objects +newly created from this \fBctx\fR. \s-1SSL\s0 objects already created with +\&\fISSL_new\fR\|(3) are not affected, except when +\&\fISSL_clear\fR\|(3) is being called. +.PP +\&\fISSL_set_ssl_method()\fR sets a new \s-1TLS/SSL\s0 \fBmethod\fR for a particular \fBssl\fR +object. It may be reset, when \fISSL_clear()\fR is called. +.PP +\&\fISSL_get_ssl_method()\fR returns a function pointer to the \s-1TLS/SSL\s0 method +set in \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +The available \fBmethod\fR choices are described in +\&\fISSL_CTX_new\fR\|(3). +.PP +When \fISSL_clear\fR\|(3) is called and no session is connected to +an \s-1SSL\s0 object, the method of the \s-1SSL\s0 object is reset to the method currently +set in the corresponding \s-1SSL_CTX\s0 object. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur for \fISSL_CTX_set_ssl_version()\fR +and \fISSL_set_ssl_method()\fR: +.IP "0" 4 +The new choice failed, check the error stack to find out the reason. +.IP "1" 4 +.IX Item "1" +The operation succeeded. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fISSL_CTX_new\fR\|(3), \fISSL_new\fR\|(3), +\&\fISSL_clear\fR\|(3), \fIssl\fR\|(7), +\&\fISSL_set_connect_state\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 b/linux_amd64/share/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 new file mode 100755 index 0000000..c765152 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 @@ -0,0 +1,218 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_STATELESS_COOKIE_GENERATE_CB 3" +.TH SSL_CTX_SET_STATELESS_COOKIE_GENERATE_CB 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_stateless_cookie_generate_cb, +SSL_CTX_set_stateless_cookie_verify_cb, +SSL_CTX_set_cookie_generate_cb, +SSL_CTX_set_cookie_verify_cb +\&\- Callback functions for stateless TLS1.3 cookies +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_set_stateless_cookie_generate_cb( +\& SSL_CTX *ctx, +\& int (*gen_stateless_cookie_cb) (SSL *ssl, +\& unsigned char *cookie, +\& size_t *cookie_len)); +\& void SSL_CTX_set_stateless_cookie_verify_cb( +\& SSL_CTX *ctx, +\& int (*verify_stateless_cookie_cb) (SSL *ssl, +\& const unsigned char *cookie, +\& size_t cookie_len)); +\& +\& void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, +\& int (*app_gen_cookie_cb) (SSL *ssl, +\& unsigned char +\& *cookie, +\& unsigned int +\& *cookie_len)); +\& void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, +\& int (*app_verify_cookie_cb) (SSL *ssl, +\& const unsigned +\& char *cookie, +\& unsigned int +\& cookie_len)); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_stateless_cookie_generate_cb()\fR sets the callback used by +\&\fISSL_stateless\fR\|(3) to generate the application-controlled portion of the cookie +provided to clients in the HelloRetryRequest transmitted as a response to a +ClientHello with a missing or invalid cookie. \fIgen_stateless_cookie_cb()\fR must +write at most \s-1SSL_COOKIE_LENGTH\s0 bytes into \fBcookie\fR, and must write the number +of bytes written to \fBcookie_len\fR. If a cookie cannot be generated, a zero +return value can be used to abort the handshake. +.PP +\&\fISSL_CTX_set_stateless_cookie_verify_cb()\fR sets the callback used by +\&\fISSL_stateless\fR\|(3) to determine whether the application-controlled portion of a +ClientHello cookie is valid. The cookie data is pointed to by \fBcookie\fR and is of +length \fBcookie_len\fR. A nonzero return value from \fIverify_stateless_cookie_cb()\fR +communicates that the cookie is valid. The integrity of the entire cookie, +including the application-controlled portion, is automatically verified by \s-1HMAC\s0 +before \fIverify_stateless_cookie_cb()\fR is called. +.PP +\&\fISSL_CTX_set_cookie_generate_cb()\fR sets the callback used by \fIDTLSv1_listen\fR\|(3) +to generate the cookie provided to clients in the HelloVerifyRequest transmitted +as a response to a ClientHello with a missing or invalid cookie. +\&\fIapp_gen_cookie_cb()\fR must write at most \s-1DTLS1_COOKIE_LENGTH\s0 bytes into +\&\fBcookie\fR, and must write the number of bytes written to \fBcookie_len\fR. If a +cookie cannot be generated, a zero return value can be used to abort the +handshake. +.PP +\&\fISSL_CTX_set_cookie_verify_cb()\fR sets the callback used by \fIDTLSv1_listen\fR\|(3) to +determine whether the cookie in a ClientHello is valid. The cookie data is +pointed to by \fBcookie\fR and is of length \fBcookie_len\fR. A nonzero return value +from \fIapp_verify_cookie_cb()\fR communicates that the cookie is valid. The +integrity of the cookie is not verified by OpenSSL. This is an application +responsibility. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Neither function returns a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_stateless\fR\|(3), +\&\fIDTLSv1_listen\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fISSL_CTX_set_stateless_cookie_generate_cb()\fR and +\&\fISSL_CTX_set_stateless_cookie_verify_cb()\fR were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CTX_set_timeout.3 b/linux_amd64/share/man/man3/SSL_CTX_set_timeout.3 new file mode 100755 index 0000000..10dc177 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CTX_set_timeout.3 @@ -0,0 +1,190 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_TIMEOUT 3" +.TH SSL_CTX_SET_TIMEOUT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_timeout, SSL_CTX_get_timeout \- manipulate timeout values for session caching +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_set_timeout(SSL_CTX *ctx, long t); +\& long SSL_CTX_get_timeout(SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_timeout()\fR sets the timeout for newly created sessions for +\&\fBctx\fR to \fBt\fR. The timeout value \fBt\fR must be given in seconds. +.PP +\&\fISSL_CTX_get_timeout()\fR returns the currently set timeout value for \fBctx\fR. +.SH "NOTES" +.IX Header "NOTES" +Whenever a new session is created, it is assigned a maximum lifetime. This +lifetime is specified by storing the creation time of the session and the +timeout value valid at this time. If the actual time is later than creation +time plus timeout, the session is not reused. +.PP +Due to this realization, all sessions behave according to the timeout value +valid at the time of the session negotiation. Changes of the timeout value +do not affect already established sessions. +.PP +The expiration time of a single session can be modified using the +\&\fISSL_SESSION_get_time\fR\|(3) family of functions. +.PP +Expired sessions are removed from the internal session cache, whenever +\&\fISSL_CTX_flush_sessions\fR\|(3) is called, either +directly by the application or automatically (see +\&\fISSL_CTX_set_session_cache_mode\fR\|(3)) +.PP +The default value for session timeout is decided on a per protocol +basis, see \fISSL_get_default_timeout\fR\|(3). +All currently supported protocols have the same default timeout value +of 300 seconds. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_timeout()\fR returns the previously set timeout value. +.PP +\&\fISSL_CTX_get_timeout()\fR returns the currently set timeout value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_CTX_set_session_cache_mode\fR\|(3), +\&\fISSL_SESSION_get_time\fR\|(3), +\&\fISSL_CTX_flush_sessions\fR\|(3), +\&\fISSL_get_default_timeout\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CTX_set_tlsext_servername_callback.3 b/linux_amd64/share/man/man3/SSL_CTX_set_tlsext_servername_callback.3 new file mode 100755 index 0000000..f8002d6 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CTX_set_tlsext_servername_callback.3 @@ -0,0 +1,278 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_TLSEXT_SERVERNAME_CALLBACK 3" +.TH SSL_CTX_SET_TLSEXT_SERVERNAME_CALLBACK 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_tlsext_servername_callback, SSL_CTX_set_tlsext_servername_arg, +SSL_get_servername_type, SSL_get_servername, +SSL_set_tlsext_host_name \- handle server name indication (SNI) +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_set_tlsext_servername_callback(SSL_CTX *ctx, +\& int (*cb)(SSL *s, int *al, void *arg)); +\& long SSL_CTX_set_tlsext_servername_arg(SSL_CTX *ctx, void *arg); +\& +\& const char *SSL_get_servername(const SSL *s, const int type); +\& int SSL_get_servername_type(const SSL *s); +\& +\& int SSL_set_tlsext_host_name(const SSL *s, const char *name); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The functionality provided by the servername callback is mostly superseded by +the ClientHello callback, which can be set using \fISSL_CTX_set_client_hello_cb()\fR. +However, even where the ClientHello callback is used, the servername callback is +still necessary in order to acknowledge the servername requested by the client. +.PP +\&\fISSL_CTX_set_tlsext_servername_callback()\fR sets the application callback \fBcb\fR +used by a server to perform any actions or configuration required based on +the servername extension received in the incoming connection. When \fBcb\fR +is \s-1NULL\s0, \s-1SNI\s0 is not used. +.PP +The servername callback should return one of the following values: +.IP "\s-1SSL_TLSEXT_ERR_OK\s0" 4 +.IX Item "SSL_TLSEXT_ERR_OK" +This is used to indicate that the servername requested by the client has been +accepted. Typically a server will call \fISSL_set_SSL_CTX()\fR in the callback to set +up a different configuration for the selected servername in this case. +.IP "\s-1SSL_TLSEXT_ERR_ALERT_FATAL\s0" 4 +.IX Item "SSL_TLSEXT_ERR_ALERT_FATAL" +In this case the servername requested by the client is not accepted and the +handshake will be aborted. The value of the alert to be used should be stored in +the location pointed to by the \fBal\fR parameter to the callback. By default this +value is initialised to \s-1SSL_AD_UNRECOGNIZED_NAME\s0. +.IP "\s-1SSL_TLSEXT_ERR_ALERT_WARNING\s0" 4 +.IX Item "SSL_TLSEXT_ERR_ALERT_WARNING" +If this value is returned then the servername is not accepted by the server. +However the handshake will continue and send a warning alert instead. The value +of the alert should be stored in the location pointed to by the \fBal\fR parameter +as for \s-1SSL_TLSEXT_ERR_ALERT_FATAL\s0 above. Note that TLSv1.3 does not support +warning alerts, so if TLSv1.3 has been negotiated then this return value is +treated the same way as \s-1SSL_TLSEXT_ERR_NOACK\s0. +.IP "\s-1SSL_TLSEXT_ERR_NOACK\s0" 4 +.IX Item "SSL_TLSEXT_ERR_NOACK" +This return value indicates that the servername is not accepted by the server. +No alerts are sent and the server will not acknowledge the requested servername. +.PP +\&\fISSL_CTX_set_tlsext_servername_arg()\fR sets a context-specific argument to be +passed into the callback (via the \fBarg\fR parameter) for this \fB\s-1SSL_CTX\s0\fR. +.PP +The behaviour of \fISSL_get_servername()\fR depends on a number of different factors. +In particular note that in TLSv1.3 the servername is negotiated in every +handshake. In TLSv1.2 the servername is only negotiated on initial handshakes +and not on resumption handshakes. +.IP "On the client, before the handshake" 4 +.IX Item "On the client, before the handshake" +If a servername has been set via a call to \fISSL_set_tlsext_host_name()\fR then it +will return that servername. +.Sp +If one has not been set, but a TLSv1.2 resumption is being attempted and the +session from the original handshake had a servername accepted by the server then +it will return that servername. +.Sp +Otherwise it returns \s-1NULL\s0. +.IP "On the client, during or after the handshake and a TLSv1.2 (or below) resumption occurred" 4 +.IX Item "On the client, during or after the handshake and a TLSv1.2 (or below) resumption occurred" +If the session from the orignal handshake had a servername accepted by the +server then it will return that servername. +.Sp +Otherwise it returns the servername set via \fISSL_set_tlsext_host_name()\fR or \s-1NULL\s0 +if it was not called. +.IP "On the client, during or after the handshake and a TLSv1.2 (or below) resumption did not occur" 4 +.IX Item "On the client, during or after the handshake and a TLSv1.2 (or below) resumption did not occur" +It will return the servername set via \fISSL_set_tlsext_host_name()\fR or \s-1NULL\s0 if it +was not called. +.IP "On the server, before the handshake" 4 +.IX Item "On the server, before the handshake" +The function will always return \s-1NULL\s0 before the handshake +.IP "On the server, after the servername extension has been processed and a TLSv1.2 (or below) resumption occurred" 4 +.IX Item "On the server, after the servername extension has been processed and a TLSv1.2 (or below) resumption occurred" +If a servername was accepted by the server in the original handshake then it +will return that servername, or \s-1NULL\s0 otherwise. +.IP "On the server, after the servername extension has been processed and a TLSv1.2 (or below) resumption did not occur" 4 +.IX Item "On the server, after the servername extension has been processed and a TLSv1.2 (or below) resumption did not occur" +The function will return the servername requested by the client in this +handshake or \s-1NULL\s0 if none was requested. +.PP +Note that the ClientHello callback occurs before a servername extension from the +client is processed. The servername, certificate and \s-1ALPN\s0 callbacks occur after +a servername extension from the client is processed. +.PP +\&\fISSL_get_servername_type()\fR returns the servername type or \-1 if no servername +is present. Currently the only supported type (defined in \s-1RFC3546\s0) is +\&\fBTLSEXT_NAMETYPE_host_name\fR. +.PP +\&\fISSL_set_tlsext_host_name()\fR sets the server name indication ClientHello extension +to contain the value \fBname\fR. The type of server name indication extension is set +to \fBTLSEXT_NAMETYPE_host_name\fR (defined in \s-1RFC3546\s0). +.SH "NOTES" +.IX Header "NOTES" +Several callbacks are executed during ClientHello processing, including +the ClientHello, \s-1ALPN\s0, and servername callbacks. The ClientHello callback is +executed first, then the servername callback, followed by the \s-1ALPN\s0 callback. +.PP +The \fISSL_set_tlsext_host_name()\fR function should only be called on \s-1SSL\s0 objects +that will act as clients; otherwise the configured \fBname\fR will be ignored. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_tlsext_servername_callback()\fR and +\&\fISSL_CTX_set_tlsext_servername_arg()\fR both always return 1 indicating success. +\&\fISSL_set_tlsext_host_name()\fR returns 1 on success, 0 in case of error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_CTX_set_alpn_select_cb\fR\|(3), +\&\fISSL_get0_alpn_selected\fR\|(3), \fISSL_CTX_set_client_hello_cb\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fISSL_get_servername()\fR historically provided some unexpected results in certain +corner cases. This has been fixed from OpenSSL 1.1.1e. +.PP +Prior to 1.1.1e, when the client requested a servername in an initial TLSv1.2 +handshake, the server accepted it, and then the client successfully resumed but +set a different explict servername in the second handshake then when called by +the client it returned the servername from the second handshake. This has now +been changed to return the servername requested in the original handshake. +.PP +Also prior to 1.1.1e, if the client sent a servername in the first handshake but +the server did not accept it, and then a second handshake occured where TLSv1.2 +resumption was successful then when called by the server it returned the +servername requested in the original handshake. This has now been changed to +\&\s-1NULL\s0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CTX_set_tlsext_status_cb.3 b/linux_amd64/share/man/man3/SSL_CTX_set_tlsext_status_cb.3 new file mode 100755 index 0000000..04de3c2 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CTX_set_tlsext_status_cb.3 @@ -0,0 +1,249 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_TLSEXT_STATUS_CB 3" +.TH SSL_CTX_SET_TLSEXT_STATUS_CB 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_tlsext_status_cb, +SSL_CTX_get_tlsext_status_cb, +SSL_CTX_set_tlsext_status_arg, +SSL_CTX_get_tlsext_status_arg, +SSL_CTX_set_tlsext_status_type, +SSL_CTX_get_tlsext_status_type, +SSL_set_tlsext_status_type, +SSL_get_tlsext_status_type, +SSL_get_tlsext_status_ocsp_resp, +SSL_set_tlsext_status_ocsp_resp +\&\- OCSP Certificate Status Request functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_set_tlsext_status_cb(SSL_CTX *ctx, int (*callback)(SSL *, void *)); +\& long SSL_CTX_get_tlsext_status_cb(SSL_CTX *ctx, int (**callback)(SSL *, void *)); +\& +\& long SSL_CTX_set_tlsext_status_arg(SSL_CTX *ctx, void *arg); +\& long SSL_CTX_get_tlsext_status_arg(SSL_CTX *ctx, void **arg); +\& +\& long SSL_CTX_set_tlsext_status_type(SSL_CTX *ctx, int type); +\& long SSL_CTX_get_tlsext_status_type(SSL_CTX *ctx); +\& +\& long SSL_set_tlsext_status_type(SSL *s, int type); +\& long SSL_get_tlsext_status_type(SSL *s); +\& +\& long SSL_get_tlsext_status_ocsp_resp(ssl, unsigned char **resp); +\& long SSL_set_tlsext_status_ocsp_resp(ssl, unsigned char *resp, int len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A client application may request that a server send back an \s-1OCSP\s0 status response +(also known as \s-1OCSP\s0 stapling). To do so the client should call the +\&\fISSL_CTX_set_tlsext_status_type()\fR function prior to the creation of any \s-1SSL\s0 +objects. Alternatively an application can call the \fISSL_set_tlsext_status_type()\fR +function on an individual \s-1SSL\s0 object prior to the start of the handshake. +Currently the only supported type is \fBTLSEXT_STATUSTYPE_ocsp\fR. This value +should be passed in the \fBtype\fR argument. Calling +\&\fISSL_CTX_get_tlsext_status_type()\fR will return the type \fBTLSEXT_STATUSTYPE_ocsp\fR +previously set via \fISSL_CTX_set_tlsext_status_type()\fR or \-1 if not set. +.PP +The client should additionally provide a callback function to decide what to do +with the returned \s-1OCSP\s0 response by calling \fISSL_CTX_set_tlsext_status_cb()\fR. The +callback function should determine whether the returned \s-1OCSP\s0 response is +acceptable or not. The callback will be passed as an argument the value +previously set via a call to \fISSL_CTX_set_tlsext_status_arg()\fR. Note that the +callback will not be called in the event of a handshake where session resumption +occurs (because there are no Certificates exchanged in such a handshake). +The callback previously set via \fISSL_CTX_set_tlsext_status_cb()\fR can be retrieved +by calling \fISSL_CTX_get_tlsext_status_cb()\fR, and the argument by calling +\&\fISSL_CTX_get_tlsext_status_arg()\fR. +.PP +On the client side \fISSL_get_tlsext_status_type()\fR can be used to determine whether +the client has previously called \fISSL_set_tlsext_status_type()\fR. It will return +\&\fBTLSEXT_STATUSTYPE_ocsp\fR if it has been called or \-1 otherwise. On the server +side \fISSL_get_tlsext_status_type()\fR can be used to determine whether the client +requested \s-1OCSP\s0 stapling. If the client requested it then this function will +return \fBTLSEXT_STATUSTYPE_ocsp\fR, or \-1 otherwise. +.PP +The response returned by the server can be obtained via a call to +\&\fISSL_get_tlsext_status_ocsp_resp()\fR. The value \fB*resp\fR will be updated to point +to the \s-1OCSP\s0 response data and the return value will be the length of that data. +Typically a callback would obtain an \s-1OCSP_RESPONSE\s0 object from this data via a +call to the \fId2i_OCSP_RESPONSE()\fR function. If the server has not provided any +response data then \fB*resp\fR will be \s-1NULL\s0 and the return value from +\&\fISSL_get_tlsext_status_ocsp_resp()\fR will be \-1. +.PP +A server application must also call the \fISSL_CTX_set_tlsext_status_cb()\fR function +if it wants to be able to provide clients with \s-1OCSP\s0 Certificate Status +responses. Typically the server callback would obtain the server certificate +that is being sent back to the client via a call to \fISSL_get_certificate()\fR; +obtain the \s-1OCSP\s0 response to be sent back; and then set that response data by +calling \fISSL_set_tlsext_status_ocsp_resp()\fR. A pointer to the response data should +be provided in the \fBresp\fR argument, and the length of that data should be in +the \fBlen\fR argument. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The callback when used on the client side should return a negative value on +error; 0 if the response is not acceptable (in which case the handshake will +fail) or a positive value if it is acceptable. +.PP +The callback when used on the server side should return with either +\&\s-1SSL_TLSEXT_ERR_OK\s0 (meaning that the \s-1OCSP\s0 response that has been set should be +returned), \s-1SSL_TLSEXT_ERR_NOACK\s0 (meaning that an \s-1OCSP\s0 response should not be +returned) or \s-1SSL_TLSEXT_ERR_ALERT_FATAL\s0 (meaning that a fatal error has +occurred). +.PP +\&\fISSL_CTX_set_tlsext_status_cb()\fR, \fISSL_CTX_set_tlsext_status_arg()\fR, +\&\fISSL_CTX_set_tlsext_status_type()\fR, \fISSL_set_tlsext_status_type()\fR and +\&\fISSL_set_tlsext_status_ocsp_resp()\fR return 0 on error or 1 on success. +.PP +\&\fISSL_CTX_get_tlsext_status_type()\fR returns the value previously set by +\&\fISSL_CTX_set_tlsext_status_type()\fR, or \-1 if not set. +.PP +\&\fISSL_get_tlsext_status_ocsp_resp()\fR returns the length of the \s-1OCSP\s0 response data +or \-1 if there is no \s-1OCSP\s0 response data. +.PP +\&\fISSL_get_tlsext_status_type()\fR returns \fBTLSEXT_STATUSTYPE_ocsp\fR on the client +side if \fISSL_set_tlsext_status_type()\fR was previously called, or on the server +side if the client requested \s-1OCSP\s0 stapling. Otherwise \-1 is returned. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \fISSL_get_tlsext_status_type()\fR, \fISSL_CTX_get_tlsext_status_type()\fR +and \fISSL_CTX_set_tlsext_status_type()\fR functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 b/linux_amd64/share/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 new file mode 100755 index 0000000..bff43fd --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 @@ -0,0 +1,358 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_TLSEXT_TICKET_KEY_CB 3" +.TH SSL_CTX_SET_TLSEXT_TICKET_KEY_CB 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_tlsext_ticket_key_evp_cb, +SSL_CTX_set_tlsext_ticket_key_cb +\&\- set a callback for session ticket processing +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_set_tlsext_ticket_key_evp_cb(SSL_CTX sslctx, +\& int (*cb)(SSL *s, unsigned char key_name[16], +\& unsigned char iv[EVP_MAX_IV_LENGTH], +\& EVP_CIPHER_CTX *ctx, EVP_MAC_CTX *hctx, int enc)); +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 4 +\& int SSL_CTX_set_tlsext_ticket_key_cb(SSL_CTX sslctx, +\& int (*cb)(SSL *s, unsigned char key_name[16], +\& unsigned char iv[EVP_MAX_IV_LENGTH], +\& EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc)); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_tlsext_ticket_key_evp_cb()\fR sets a callback function \fIcb\fR for handling +session tickets for the ssl context \fIsslctx\fR. Session tickets, defined in +\&\s-1RFC5077\s0 provide an enhanced session resumption capability where the server +implementation is not required to maintain per session state. It only applies +to \s-1TLS\s0 and there is no SSLv3 implementation. +.PP +The callback function \fIcb\fR will be called for every client instigated \s-1TLS\s0 +session when session ticket extension is presented in the \s-1TLS\s0 hello +message. It is the responsibility of this function to create or retrieve the +cryptographic parameters and to maintain their state. +.PP +The OpenSSL library uses your callback function to help implement a common \s-1TLS\s0 +ticket construction state according to \s-1RFC5077\s0 Section 4 such that per session +state is unnecessary and a small set of cryptographic variables needs to be +maintained by the callback function implementation. +.PP +In order to reuse a session, a \s-1TLS\s0 client must send the a session ticket +extension to the server. The client can only send exactly one session ticket. +The server, through the callback function, either agrees to reuse the session +ticket information or it starts a full \s-1TLS\s0 handshake to create a new session +ticket. +.PP +Before the callback function is started \fIctx\fR and \fIhctx\fR have been +initialised with \fIEVP_CIPHER_CTX_reset\fR\|(3) and \fIEVP_MAC_CTX_new\fR\|(3) +respectively. +.PP +For new sessions tickets, when the client doesn't present a session ticket, or +an attempted retrieval of the ticket failed, or a renew option was indicated, +the callback function will be called with \fIenc\fR equal to 1. The OpenSSL +library expects that the function will set an arbitrary \fIname\fR, initialize +\&\fIiv\fR, and set the cipher context \fIctx\fR and the hash context \fIhctx\fR. +.PP +The \fIname\fR is 16 characters long and is used as a key identifier. +.PP +The \fIiv\fR length is the length of the \s-1IV\s0 of the corresponding cipher. The +maximum \s-1IV\s0 length is \fB\s-1EVP_MAX_IV_LENGTH\s0\fR bytes defined in \fBevp.h\fR. +.PP +The initialization vector \fIiv\fR should be a random value. The cipher context +\&\fIctx\fR should use the initialisation vector \fIiv\fR. The cipher context can be +set using \fIEVP_EncryptInit_ex\fR\|(3). The hmac context and digest can be set using +\&\fIEVP_MAC_CTX_set_params\fR\|(3) with the \fB\s-1OSSL_MAC_PARAM_KEY\s0\fR and +\&\fB\s-1OSSL_MAC_PARAM_DIGEST\s0\fR parameters respectively. +.PP +When the client presents a session ticket, the callback function with be called +with \fIenc\fR set to 0 indicating that the \fIcb\fR function should retrieve a set +of parameters. In this case \fIname\fR and \fIiv\fR have already been parsed out of +the session ticket. The OpenSSL library expects that the \fIname\fR will be used +to retrieve a cryptographic parameters and that the cryptographic context +\&\fIctx\fR will be set with the retrieved parameters and the initialization vector +\&\fIiv\fR. using a function like \fIEVP_DecryptInit_ex\fR\|(3). The key material and +digest for \fIhctx\fR need to be set using \fIEVP_MAC_CTX_set_params\fR\|(3) with the +\&\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR and \fB\s-1OSSL_MAC_PARAM_DIGEST\s0\fR parameters respectively. +.PP +If the \fIname\fR is still valid but a renewal of the ticket is required the +callback function should return 2. The library will call the callback again +with an argument of enc equal to 1 to set the new ticket. +.PP +The return value of the \fIcb\fR function is used by OpenSSL to determine what +further processing will occur. The following return values have meaning: +.IP "2" 4 +.IX Item "2" +This indicates that the \fIctx\fR and \fIhctx\fR have been set and the session can +continue on those parameters. Additionally it indicates that the session +ticket is in a renewal period and should be replaced. The OpenSSL library will +call \fIcb\fR again with an enc argument of 1 to set the new ticket (see \s-1RFC5077\s0 +3.3 paragraph 2). +.IP "1" 4 +.IX Item "1" +This indicates that the \fIctx\fR and \fIhctx\fR have been set and the session can +continue on those parameters. +.IP "0" 4 +This indicates that it was not possible to set/retrieve a session ticket and +the \s-1SSL/TLS\s0 session will continue by negotiating a set of cryptographic +parameters or using the alternate \s-1SSL/TLS\s0 resumption mechanism, session ids. +.Sp +If called with enc equal to 0 the library will call the \fIcb\fR again to get +a new set of parameters. +.IP "less than 0" 4 +.IX Item "less than 0" +This indicates an error. +.PP +The \fISSL_CTX_set_tlsext_ticket_key_cb()\fR function is identical to +\&\fISSL_CTX_set_tlsext_ticket_key_evp_cb()\fR except that it takes a deprecated +\&\s-1HMAC_CTX\s0 pointer instead of an \s-1EVP_MAC_CTX\s0 one. +Before this callback function is started \fIhctx\fR will have been +initialised with \fIEVP_MAC_CTX_new\fR\|(3) and the digest set with +\&\fIEVP_MAC_CTX_set_params\fR\|(3). +The \fIhctx\fR key material can be set using \fIHMAC_Init_ex\fR\|(3). +.SH "NOTES" +.IX Header "NOTES" +Session resumption shortcuts the \s-1TLS\s0 so that the client certificate +negotiation don't occur. It makes up for this by storing client certificate +an all other negotiated state information encrypted within the ticket. In a +resumed session the applications will have all this state information available +exactly as if a full negotiation had occurred. +.PP +If an attacker can obtain the key used to encrypt a session ticket, they can +obtain the master secret for any ticket using that key and decrypt any traffic +using that session: even if the cipher suite supports forward secrecy. As +a result applications may wish to use multiple keys and avoid using long term +keys stored in files. +.PP +Applications can use longer keys to maintain a consistent level of security. +For example if a cipher suite uses 256 bit ciphers but only a 128 bit ticket key +the overall security is only 128 bits because breaking the ticket key will +enable an attacker to obtain the session keys. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +returns 0 to indicate the callback function was set. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Reference Implementation: +.PP +.Vb 2 +\& SSL_CTX_set_tlsext_ticket_key_evp_cb(SSL, ssl_tlsext_ticket_key_cb); +\& ... +\& +\& static int ssl_tlsext_ticket_key_cb(SSL *s, unsigned char key_name[16], +\& unsigned char *iv, EVP_CIPHER_CTX *ctx, +\& EVP_MAC_CTX *hctx, int enc) +\& { +\& OSSL_PARAM params[3]; +\& +\& if (enc) { /* create new session */ +\& if (RAND_bytes(iv, EVP_MAX_IV_LENGTH) <= 0) +\& return \-1; /* insufficient random */ +\& +\& key = currentkey(); /* something that you need to implement */ +\& if (key == NULL) { +\& /* current key doesn\*(Aqt exist or isn\*(Aqt valid */ +\& key = createkey(); /* +\& * Something that you need to implement. +\& * createkey needs to initialise a name, +\& * an aes_key, a hmac_key and optionally +\& * an expire time. +\& */ +\& if (key == NULL) /* key couldn\*(Aqt be created */ +\& return 0; +\& } +\& memcpy(key_name, key\->name, 16); +\& +\& EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key\->aes_key, iv); +\& +\& params[0] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, +\& key\->hmac_key, 16); +\& params[1] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, +\& "sha256", 0); +\& params[2] = OSSL_PARAM_construct_end(); +\& EVP_MAC_CTX_set_params(hctx, params); +\& +\& return 1; +\& +\& } else { /* retrieve session */ +\& key = findkey(name); +\& +\& if (key == NULL || key\->expire < now()) +\& return 0; +\& +\& params[0] = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, +\& key\->hmac_key, 16); +\& params[1] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, +\& "sha256", 0); +\& params[2] = OSSL_PARAM_construct_end(); +\& EVP_MAC_CTX_set_params(hctx, params); +\& +\& EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key\->aes_key, iv); +\& +\& if (key\->expire < now() \- RENEW_TIME) { +\& /* +\& * return 2 \- This session will get a new ticket even though the +\& * current one is still valid. +\& */ +\& return 2; +\& } +\& return 1; +\& } +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_set_session\fR\|(3), +\&\fISSL_session_reused\fR\|(3), +\&\fISSL_CTX_add_session\fR\|(3), +\&\fISSL_CTX_sess_number\fR\|(3), +\&\fISSL_CTX_sess_set_get_cb\fR\|(3), +\&\fISSL_CTX_set_session_id_context\fR\|(3), +.SH "HISTORY" +.IX Header "HISTORY" +The \fISSL_CTX_set_tlsext_ticket_key_cb()\fR function was deprecated in OpenSSL 3.0. +.PP +The \fISSL_CTX_set_tlsext_ticket_key_evp_cb()\fR function was introduced in +OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2014\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CTX_set_tlsext_use_srtp.3 b/linux_amd64/share/man/man3/SSL_CTX_set_tlsext_use_srtp.3 new file mode 100755 index 0000000..d6f202c --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CTX_set_tlsext_use_srtp.3 @@ -0,0 +1,227 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_TLSEXT_USE_SRTP 3" +.TH SSL_CTX_SET_TLSEXT_USE_SRTP 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_tlsext_use_srtp, +SSL_set_tlsext_use_srtp, +SSL_get_srtp_profiles, +SSL_get_selected_srtp_profile +\&\- Configure and query SRTP support +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles); +\& int SSL_set_tlsext_use_srtp(SSL *ssl, const char *profiles); +\& +\& STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl); +\& SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1SRTP\s0 is the Secure Real-Time Transport Protocol. OpenSSL implements support for +the \*(L"use_srtp\*(R" \s-1DTLS\s0 extension defined in \s-1RFC5764\s0. This provides a mechanism for +establishing \s-1SRTP\s0 keying material, algorithms and parameters using \s-1DTLS\s0. This +capability may be used as part of an implementation that conforms to \s-1RFC5763\s0. +OpenSSL does not implement \s-1SRTP\s0 itself or \s-1RFC5763\s0. Note that OpenSSL does not +support the use of \s-1SRTP\s0 Master Key Identifiers (MKIs). Also note that this +extension is only supported in \s-1DTLS\s0. Any \s-1SRTP\s0 configuration will be ignored if a +\&\s-1TLS\s0 connection is attempted. +.PP +An OpenSSL client wishing to send the \*(L"use_srtp\*(R" extension should call +\&\fISSL_CTX_set_tlsext_use_srtp()\fR to set its use for all \s-1SSL\s0 objects subsequently +created from an \s-1SSL_CTX\s0. Alternatively a client may call +\&\fISSL_set_tlsext_use_srtp()\fR to set its use for an individual \s-1SSL\s0 object. The +\&\fBprofiles\fR parameters should point to a NUL-terminated, colon delimited list of +\&\s-1SRTP\s0 protection profile names. +.PP +The currently supported protection profile names are: +.IP "\s-1SRTP_AES128_CM_SHA1_80\s0" 4 +.IX Item "SRTP_AES128_CM_SHA1_80" +This corresponds to \s-1SRTP_AES128_CM_HMAC_SHA1_80\s0 defined in \s-1RFC5764\s0. +.IP "\s-1SRTP_AES128_CM_SHA1_32\s0" 4 +.IX Item "SRTP_AES128_CM_SHA1_32" +This corresponds to \s-1SRTP_AES128_CM_HMAC_SHA1_32\s0 defined in \s-1RFC5764\s0. +.IP "\s-1SRTP_AEAD_AES_128_GCM\s0" 4 +.IX Item "SRTP_AEAD_AES_128_GCM" +This corresponds to the profile of the same name defined in \s-1RFC7714\s0. +.IP "\s-1SRTP_AEAD_AES_256_GCM\s0" 4 +.IX Item "SRTP_AEAD_AES_256_GCM" +This corresponds to the profile of the same name defined in \s-1RFC7714\s0. +.PP +Supplying an unrecognised protection profile name will result in an error. +.PP +An OpenSSL server wishing to support the \*(L"use_srtp\*(R" extension should also call +\&\fISSL_CTX_set_tlsext_use_srtp()\fR or \fISSL_set_tlsext_use_srtp()\fR to indicate the +protection profiles that it is willing to negotiate. +.PP +The currently configured list of protection profiles for either a client or a +server can be obtained by calling \fISSL_get_srtp_profiles()\fR. This returns a stack +of \s-1SRTP_PROTECTION_PROFILE\s0 objects. The memory pointed to in the return value of +this function should not be freed by the caller. +.PP +After a handshake has been completed the negotiated \s-1SRTP\s0 protection profile (if +any) can be obtained (on the client or the server) by calling +\&\fISSL_get_selected_srtp_profile()\fR. This function will return \s-1NULL\s0 if no \s-1SRTP\s0 +protection profile was negotiated. The memory returned from this function should +not be freed by the caller. +.PP +If an \s-1SRTP\s0 protection profile has been successfully negotiated then the \s-1SRTP\s0 +keying material (on both the client and server) should be obtained via a call to +\&\fISSL_export_keying_material\fR\|(3). This call should provide a label value of +\&\*(L"EXTRACTOR\-dtls_srtp\*(R" and a \s-1NULL\s0 context value (use_context is 0). The total +length of keying material obtained should be equal to two times the sum of the +master key length and the salt length as defined for the protection profile in +use. This provides the client write master key, the server write master key, the +client write master salt and the server write master salt in that order. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_tlsext_use_srtp()\fR and \fISSL_set_tlsext_use_srtp()\fR return 0 on success +or 1 on error. +.PP +\&\fISSL_get_srtp_profiles()\fR returns a stack of \s-1SRTP_PROTECTION_PROFILE\s0 objects on +success or \s-1NULL\s0 on error or if no protection profiles have been configured. +.PP +\&\fISSL_get_selected_srtp_profile()\fR returns a pointer to an \s-1SRTP_PROTECTION_PROFILE\s0 +object if one has been negotiated or \s-1NULL\s0 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_export_keying_material\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CTX_set_tmp_dh_callback.3 b/linux_amd64/share/man/man3/SSL_CTX_set_tmp_dh_callback.3 new file mode 100755 index 0000000..b34cb27 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CTX_set_tmp_dh_callback.3 @@ -0,0 +1,260 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_TMP_DH_CALLBACK 3" +.TH SSL_CTX_SET_TMP_DH_CALLBACK 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh, SSL_set_tmp_dh_callback, SSL_set_tmp_dh \- handle DH keys for ephemeral key exchange +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, +\& DH *(*tmp_dh_callback)(SSL *ssl, int is_export, +\& int keylength)); +\& long SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh); +\& +\& void SSL_set_tmp_dh_callback(SSL *ctx, +\& DH *(*tmp_dh_callback)(SSL *ssl, int is_export, +\& int keylength)); +\& long SSL_set_tmp_dh(SSL *ssl, DH *dh) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_tmp_dh_callback()\fR sets the callback function for \fBctx\fR to be +used when a \s-1DH\s0 parameters are required to \fBtmp_dh_callback\fR. +The callback is inherited by all \fBssl\fR objects created from \fBctx\fR. +.PP +\&\fISSL_CTX_set_tmp_dh()\fR sets \s-1DH\s0 parameters to be used to be \fBdh\fR. +The key is inherited by all \fBssl\fR objects created from \fBctx\fR. +.PP +\&\fISSL_set_tmp_dh_callback()\fR sets the callback only for \fBssl\fR. +.PP +\&\fISSL_set_tmp_dh()\fR sets the parameters only for \fBssl\fR. +.PP +These functions apply to \s-1SSL/TLS\s0 servers only. +.SH "NOTES" +.IX Header "NOTES" +When using a cipher with \s-1RSA\s0 authentication, an ephemeral \s-1DH\s0 key exchange +can take place. Ciphers with \s-1DSA\s0 keys always use ephemeral \s-1DH\s0 keys as well. +In these cases, the session data are negotiated using the +ephemeral/temporary \s-1DH\s0 key and the key supplied and certified +by the certificate chain is only used for signing. +Anonymous ciphers (without a permanent server key) also use ephemeral \s-1DH\s0 keys. +.PP +Using ephemeral \s-1DH\s0 key exchange yields forward secrecy, as the connection +can only be decrypted, when the \s-1DH\s0 key is known. By generating a temporary +\&\s-1DH\s0 key inside the server application that is lost when the application +is left, it becomes impossible for an attacker to decrypt past sessions, +even if he gets hold of the normal (certified) key, as this key was +only used for signing. +.PP +In order to perform a \s-1DH\s0 key exchange the server must use a \s-1DH\s0 group +(\s-1DH\s0 parameters) and generate a \s-1DH\s0 key. The server will always generate +a new \s-1DH\s0 key during the negotiation. +.PP +As generating \s-1DH\s0 parameters is extremely time consuming, an application +should not generate the parameters on the fly but supply the parameters. +\&\s-1DH\s0 parameters can be reused, as the actual key is newly generated during +the negotiation. The risk in reusing \s-1DH\s0 parameters is that an attacker +may specialize on a very often used \s-1DH\s0 group. Applications should therefore +generate their own \s-1DH\s0 parameters during the installation process using the +openssl \fIopenssl\-dhparam\fR\|(1) application. This application +guarantees that \*(L"strong\*(R" primes are used. +.PP +Files dh2048.pem, and dh4096.pem in the 'apps' directory of the current +version of the OpenSSL distribution contain the '\s-1SKIP\s0' \s-1DH\s0 parameters, +which use safe primes and were generated verifiably pseudo-randomly. +These files can be converted into C code using the \fB\-C\fR option of the +\&\fIopenssl\-dhparam\fR\|(1) application. Generation of custom \s-1DH\s0 +parameters during installation should still be preferred to stop an +attacker from specializing on a commonly used group. File dh1024.pem +contains old parameters that must not be used by applications. +.PP +An application may either directly specify the \s-1DH\s0 parameters or +can supply the \s-1DH\s0 parameters via a callback function. +.PP +Previous versions of the callback used \fBis_export\fR and \fBkeylength\fR +parameters to control parameter generation for export and non-export +cipher suites. Modern servers that do not support export cipher suites +are advised to either use \fISSL_CTX_set_tmp_dh()\fR or alternatively, use +the callback but ignore \fBkeylength\fR and \fBis_export\fR and simply +supply at least 2048\-bit parameters in the callback. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_tmp_dh_callback()\fR and \fISSL_set_tmp_dh_callback()\fR do not return +diagnostic output. +.PP +\&\fISSL_CTX_set_tmp_dh()\fR and \fISSL_set_tmp_dh()\fR do return 1 on success and 0 +on failure. Check the error queue to find out the reason of failure. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Setup \s-1DH\s0 parameters with a key length of 2048 bits. (Error handling +partly left out.) +.PP +Command-line parameter generation: +.PP +.Vb 1 +\& $ openssl dhparam \-out dh_param_2048.pem 2048 +.Ve +.PP +Code for setting up parameters during server initialization: +.PP +.Vb 1 +\& SSL_CTX ctx = SSL_CTX_new(); +\& +\& DH *dh_2048 = NULL; +\& FILE *paramfile = fopen("dh_param_2048.pem", "r"); +\& +\& if (paramfile) { +\& dh_2048 = PEM_read_DHparams(paramfile, NULL, NULL, NULL); +\& fclose(paramfile); +\& } else { +\& /* Error. */ +\& } +\& if (dh_2048 == NULL) +\& /* Error. */ +\& if (SSL_CTX_set_tmp_dh(ctx, dh_2048) != 1) +\& /* Error. */ +\& ... +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_CTX_set_cipher_list\fR\|(3), +\&\fISSL_CTX_set_options\fR\|(3), +\&\fIopenssl\-ciphers\fR\|(1), \fIopenssl\-dhparam\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CTX_set_tmp_ecdh.3 b/linux_amd64/share/man/man3/SSL_CTX_set_tmp_ecdh.3 new file mode 100755 index 0000000..e62a98c --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CTX_set_tmp_ecdh.3 @@ -0,0 +1,173 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_TMP_ECDH 3" +.TH SSL_CTX_SET_TMP_ECDH 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_tmp_ecdh, SSL_set_tmp_ecdh, SSL_CTX_set_ecdh_auto, SSL_set_ecdh_auto +\&\- handle ECDH keys for ephemeral key exchange +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_set_tmp_ecdh(SSL_CTX *ctx, const EC_KEY *ecdh); +\& long SSL_set_tmp_ecdh(SSL *ssl, const EC_KEY *ecdh); +\& +\& long SSL_CTX_set_ecdh_auto(SSL_CTX *ctx, int state); +\& long SSL_set_ecdh_auto(SSL *ssl, int state); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_tmp_ecdh()\fR sets \s-1ECDH\s0 parameters to be used to be \fBecdh\fR. +The key is inherited by all \fBssl\fR objects created from \fBctx\fR. +This macro is deprecated in favor of \fISSL_CTX_set1_groups\fR\|(3). +.PP +\&\fISSL_set_tmp_ecdh()\fR sets the parameters only for \fBssl\fR. +This macro is deprecated in favor of \fISSL_set1_groups\fR\|(3). +.PP +\&\fISSL_CTX_set_ecdh_auto()\fR and \fISSL_set_ecdh_auto()\fR are deprecated and +have no effect. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_tmp_ecdh()\fR and \fISSL_set_tmp_ecdh()\fR return 1 on success and 0 +on failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_CTX_set1_curves\fR\|(3), \fISSL_CTX_set_cipher_list\fR\|(3), +\&\fISSL_CTX_set_options\fR\|(3), \fISSL_CTX_set_tmp_dh_callback\fR\|(3), +\&\fIopenssl\-ciphers\fR\|(1), \fIopenssl\-ecparam\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CTX_set_verify.3 b/linux_amd64/share/man/man3/SSL_CTX_set_verify.3 new file mode 100755 index 0000000..c5f8cee --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CTX_set_verify.3 @@ -0,0 +1,470 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_VERIFY 3" +.TH SSL_CTX_SET_VERIFY 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_ex_data_X509_STORE_CTX_idx, +SSL_CTX_set_verify, SSL_set_verify, +SSL_CTX_set_verify_depth, SSL_set_verify_depth, +SSL_verify_cb, +SSL_verify_client_post_handshake, +SSL_set_post_handshake_auth, +SSL_CTX_set_post_handshake_auth +\&\- set peer certificate verification parameters +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx); +\& +\& void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, SSL_verify_cb verify_callback); +\& void SSL_set_verify(SSL *ssl, int mode, SSL_verify_cb verify_callback); +\& SSL_get_ex_data_X509_STORE_CTX_idx(void); +\& +\& void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth); +\& void SSL_set_verify_depth(SSL *ssl, int depth); +\& +\& int SSL_verify_client_post_handshake(SSL *ssl); +\& void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val); +\& void SSL_set_post_handshake_auth(SSL *ssl, int val); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_verify()\fR sets the verification flags for \fBctx\fR to be \fBmode\fR and +specifies the \fBverify_callback\fR function to be used. If no callback function +shall be specified, the \s-1NULL\s0 pointer can be used for \fBverify_callback\fR. +.PP +\&\fISSL_set_verify()\fR sets the verification flags for \fBssl\fR to be \fBmode\fR and +specifies the \fBverify_callback\fR function to be used. If no callback function +shall be specified, the \s-1NULL\s0 pointer can be used for \fBverify_callback\fR. In +this case last \fBverify_callback\fR set specifically for this \fBssl\fR remains. If +no special \fBcallback\fR was set before, the default callback for the underlying +\&\fBctx\fR is used, that was valid at the time \fBssl\fR was created with +\&\fISSL_new\fR\|(3). Within the callback function, +\&\fBSSL_get_ex_data_X509_STORE_CTX_idx\fR can be called to get the data index +of the current \s-1SSL\s0 object that is doing the verification. +.PP +\&\fISSL_CTX_set_verify_depth()\fR sets the maximum \fBdepth\fR for the certificate chain +verification that shall be allowed for \fBctx\fR. +.PP +\&\fISSL_set_verify_depth()\fR sets the maximum \fBdepth\fR for the certificate chain +verification that shall be allowed for \fBssl\fR. +.PP +\&\fISSL_CTX_set_post_handshake_auth()\fR and \fISSL_set_post_handshake_auth()\fR enable the +Post-Handshake Authentication extension to be added to the ClientHello such that +post-handshake authentication can be requested by the server. If \fBval\fR is 0 +then the extension is not sent, otherwise it is. By default the extension is not +sent. A certificate callback will need to be set via +\&\fISSL_CTX_set_client_cert_cb()\fR if no certificate is provided at initialization. +.PP +\&\fISSL_verify_client_post_handshake()\fR causes a CertificateRequest message to be +sent by a server on the given \fBssl\fR connection. The \s-1SSL_VERIFY_PEER\s0 flag must +be set; the \s-1SSL_VERIFY_POST_HANDSHAKE\s0 flag is optional. +.SH "NOTES" +.IX Header "NOTES" +The verification of certificates can be controlled by a set of logically +or'ed \fBmode\fR flags: +.IP "\s-1SSL_VERIFY_NONE\s0" 4 +.IX Item "SSL_VERIFY_NONE" +\&\fBServer mode:\fR the server will not send a client certificate request to the +client, so the client will not send a certificate. +.Sp +\&\fBClient mode:\fR if not using an anonymous cipher (by default disabled), the +server will send a certificate which will be checked. The result of the +certificate verification process can be checked after the \s-1TLS/SSL\s0 handshake +using the \fISSL_get_verify_result\fR\|(3) function. +The handshake will be continued regardless of the verification result. +.IP "\s-1SSL_VERIFY_PEER\s0" 4 +.IX Item "SSL_VERIFY_PEER" +\&\fBServer mode:\fR the server sends a client certificate request to the client. +The certificate returned (if any) is checked. If the verification process +fails, the \s-1TLS/SSL\s0 handshake is +immediately terminated with an alert message containing the reason for +the verification failure. +The behaviour can be controlled by the additional +\&\s-1SSL_VERIFY_FAIL_IF_NO_PEER_CERT\s0, \s-1SSL_VERIFY_CLIENT_ONCE\s0 and +\&\s-1SSL_VERIFY_POST_HANDSHAKE\s0 flags. +.Sp +\&\fBClient mode:\fR the server certificate is verified. If the verification process +fails, the \s-1TLS/SSL\s0 handshake is +immediately terminated with an alert message containing the reason for +the verification failure. If no server certificate is sent, because an +anonymous cipher is used, \s-1SSL_VERIFY_PEER\s0 is ignored. +.IP "\s-1SSL_VERIFY_FAIL_IF_NO_PEER_CERT\s0" 4 +.IX Item "SSL_VERIFY_FAIL_IF_NO_PEER_CERT" +\&\fBServer mode:\fR if the client did not return a certificate, the \s-1TLS/SSL\s0 +handshake is immediately terminated with a \*(L"handshake failure\*(R" alert. +This flag must be used together with \s-1SSL_VERIFY_PEER\s0. +.Sp +\&\fBClient mode:\fR ignored (see \s-1BUGS\s0) +.IP "\s-1SSL_VERIFY_CLIENT_ONCE\s0" 4 +.IX Item "SSL_VERIFY_CLIENT_ONCE" +\&\fBServer mode:\fR only request a client certificate once during the +connection. Do not ask for a client certificate again during +renegotiation or post-authentication if a certificate was requested +during the initial handshake. This flag must be used together with +\&\s-1SSL_VERIFY_PEER\s0. +.Sp +\&\fBClient mode:\fR ignored (see \s-1BUGS\s0) +.IP "\s-1SSL_VERIFY_POST_HANDSHAKE\s0" 4 +.IX Item "SSL_VERIFY_POST_HANDSHAKE" +\&\fBServer mode:\fR the server will not send a client certificate request +during the initial handshake, but will send the request via +\&\fISSL_verify_client_post_handshake()\fR. This allows the \s-1SSL_CTX\s0 or \s-1SSL\s0 +to be configured for post-handshake peer verification before the +handshake occurs. This flag must be used together with +\&\s-1SSL_VERIFY_PEER\s0. TLSv1.3 only; no effect on pre\-TLSv1.3 connections. +.Sp +\&\fBClient mode:\fR ignored (see \s-1BUGS\s0) +.PP +If the \fBmode\fR is \s-1SSL_VERIFY_NONE\s0 none of the other flags may be set. +.PP +The actual verification procedure is performed either using the built-in +verification procedure or using another application provided verification +function set with +\&\fISSL_CTX_set_cert_verify_callback\fR\|(3). +The following descriptions apply in the case of the built-in procedure. An +application provided procedure also has access to the verify depth information +and the \fIverify_callback()\fR function, but the way this information is used +may be different. +.PP +\&\fISSL_CTX_set_verify_depth()\fR and \fISSL_set_verify_depth()\fR set a limit on the +number of certificates between the end-entity and trust-anchor certificates. +Neither the +end-entity nor the trust-anchor certificates count against \fBdepth\fR. If the +certificate chain needed to reach a trusted issuer is longer than \fBdepth+2\fR, +X509_V_ERR_CERT_CHAIN_TOO_LONG will be issued. +The depth count is \*(L"level 0:peer certificate\*(R", \*(L"level 1: \s-1CA\s0 certificate\*(R", +\&\*(L"level 2: higher level \s-1CA\s0 certificate\*(R", and so on. Setting the maximum +depth to 2 allows the levels 0, 1, 2 and 3 (0 being the end-entity and 3 the +trust-anchor). +The default depth limit is 100, +allowing for the peer certificate, at most 100 intermediate \s-1CA\s0 certificates and +a final trust anchor certificate. +.PP +The \fBverify_callback\fR function is used to control the behaviour when the +\&\s-1SSL_VERIFY_PEER\s0 flag is set. It must be supplied by the application and +receives two arguments: \fBpreverify_ok\fR indicates, whether the verification of +the certificate in question was passed (preverify_ok=1) or not +(preverify_ok=0). \fBx509_ctx\fR is a pointer to the complete context used +for the certificate chain verification. +.PP +The certificate chain is checked starting with the deepest nesting level +(the root \s-1CA\s0 certificate) and worked upward to the peer's certificate. +At each level signatures and issuer attributes are checked. Whenever +a verification error is found, the error number is stored in \fBx509_ctx\fR +and \fBverify_callback\fR is called with \fBpreverify_ok\fR=0. By applying +X509_CTX_store_* functions \fBverify_callback\fR can locate the certificate +in question and perform additional steps (see \s-1EXAMPLES\s0). If no error is +found for a certificate, \fBverify_callback\fR is called with \fBpreverify_ok\fR=1 +before advancing to the next level. +.PP +The return value of \fBverify_callback\fR controls the strategy of the further +verification process. If \fBverify_callback\fR returns 0, the verification +process is immediately stopped with \*(L"verification failed\*(R" state. If +\&\s-1SSL_VERIFY_PEER\s0 is set, a verification failure alert is sent to the peer and +the \s-1TLS/SSL\s0 handshake is terminated. If \fBverify_callback\fR returns 1, +the verification process is continued. If \fBverify_callback\fR always returns +1, the \s-1TLS/SSL\s0 handshake will not be terminated with respect to verification +failures and the connection will be established. The calling process can +however retrieve the error code of the last verification error using +\&\fISSL_get_verify_result\fR\|(3) or by maintaining its +own error storage managed by \fBverify_callback\fR. +.PP +If no \fBverify_callback\fR is specified, the default callback will be used. +Its return value is identical to \fBpreverify_ok\fR, so that any verification +failure will lead to a termination of the \s-1TLS/SSL\s0 handshake with an +alert message, if \s-1SSL_VERIFY_PEER\s0 is set. +.PP +After calling \fISSL_set_post_handshake_auth()\fR, the client will need to add a +certificate or certificate callback to its configuration before it can +successfully authenticate. This must be called before \fISSL_connect()\fR. +.PP +\&\fISSL_verify_client_post_handshake()\fR requires that verify flags have been +previously set, and that a client sent the post-handshake authentication +extension. When the client returns a certificate the verify callback will be +invoked. A write operation must take place for the Certificate Request to be +sent to the client, this can be done with \fISSL_do_handshake()\fR or \fISSL_write_ex()\fR. +Only one certificate request may be outstanding at any time. +.PP +When post-handshake authentication occurs, a refreshed NewSessionTicket +message is sent to the client. +.SH "BUGS" +.IX Header "BUGS" +In client mode, it is not checked whether the \s-1SSL_VERIFY_PEER\s0 flag +is set, but whether any flags other than \s-1SSL_VERIFY_NONE\s0 are set. This can +lead to unexpected behaviour if \s-1SSL_VERIFY_PEER\s0 and other flags are not used as +required. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The SSL*_set_verify*() functions do not provide diagnostic information. +.PP +The \fISSL_verify_client_post_handshake()\fR function returns 1 if the request +succeeded, and 0 if the request failed. The error stack can be examined +to determine the failure reason. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The following code sequence realizes an example \fBverify_callback\fR function +that will always continue the \s-1TLS/SSL\s0 handshake regardless of verification +failure, if wished. The callback realizes a verification depth limit with +more informational output. +.PP +All verification errors are printed; information about the certificate chain +is printed on request. +The example is realized for a server that does allow but not require client +certificates. +.PP +The example makes use of the ex_data technique to store application data +into/retrieve application data from the \s-1SSL\s0 structure +(see \fICRYPTO_get_ex_new_index\fR\|(3), +\&\fISSL_get_ex_data_X509_STORE_CTX_idx\fR\|(3)). +.PP +.Vb 7 +\& ... +\& typedef struct { +\& int verbose_mode; +\& int verify_depth; +\& int always_continue; +\& } mydata_t; +\& int mydata_index; +\& +\& ... +\& static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx) +\& { +\& char buf[256]; +\& X509 *err_cert; +\& int err, depth; +\& SSL *ssl; +\& mydata_t *mydata; +\& +\& err_cert = X509_STORE_CTX_get_current_cert(ctx); +\& err = X509_STORE_CTX_get_error(ctx); +\& depth = X509_STORE_CTX_get_error_depth(ctx); +\& +\& /* +\& * Retrieve the pointer to the SSL of the connection currently treated +\& * and the application specific data stored into the SSL object. +\& */ +\& ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()); +\& mydata = SSL_get_ex_data(ssl, mydata_index); +\& +\& X509_NAME_oneline(X509_get_subject_name(err_cert), buf, 256); +\& +\& /* +\& * Catch a too long certificate chain. The depth limit set using +\& * SSL_CTX_set_verify_depth() is by purpose set to "limit+1" so +\& * that whenever the "depth>verify_depth" condition is met, we +\& * have violated the limit and want to log this error condition. +\& * We must do it here, because the CHAIN_TOO_LONG error would not +\& * be found explicitly; only errors introduced by cutting off the +\& * additional certificates would be logged. +\& */ +\& if (depth > mydata\->verify_depth) { +\& preverify_ok = 0; +\& err = X509_V_ERR_CERT_CHAIN_TOO_LONG; +\& X509_STORE_CTX_set_error(ctx, err); +\& } +\& if (!preverify_ok) { +\& printf("verify error:num=%d:%s:depth=%d:%s\en", err, +\& X509_verify_cert_error_string(err), depth, buf); +\& } else if (mydata\->verbose_mode) { +\& printf("depth=%d:%s\en", depth, buf); +\& } +\& +\& /* +\& * At this point, err contains the last verification error. We can use +\& * it for something special +\& */ +\& if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT)) { +\& X509_NAME_oneline(X509_get_issuer_name(err_cert), buf, 256); +\& printf("issuer= %s\en", buf); +\& } +\& +\& if (mydata\->always_continue) +\& return 1; +\& else +\& return preverify_ok; +\& } +\& ... +\& +\& mydata_t mydata; +\& +\& ... +\& mydata_index = SSL_get_ex_new_index(0, "mydata index", NULL, NULL, NULL); +\& +\& ... +\& SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, +\& verify_callback); +\& +\& /* +\& * Let the verify_callback catch the verify_depth error so that we get +\& * an appropriate error in the logfile. +\& */ +\& SSL_CTX_set_verify_depth(verify_depth + 1); +\& +\& /* +\& * Set up the SSL specific data into "mydata" and store it into th SSL +\& * structure. +\& */ +\& mydata.verify_depth = verify_depth; ... +\& SSL_set_ex_data(ssl, mydata_index, &mydata); +\& +\& ... +\& SSL_accept(ssl); /* check of success left out for clarity */ +\& if (peer = SSL_get_peer_certificate(ssl)) { +\& if (SSL_get_verify_result(ssl) == X509_V_OK) { +\& /* The client sent a certificate which verified OK */ +\& } +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_new\fR\|(3), +\&\fISSL_CTX_get_verify_mode\fR\|(3), +\&\fISSL_get_verify_result\fR\|(3), +\&\fISSL_CTX_load_verify_locations\fR\|(3), +\&\fISSL_get_peer_certificate\fR\|(3), +\&\fISSL_CTX_set_cert_verify_callback\fR\|(3), +\&\fISSL_get_ex_data_X509_STORE_CTX_idx\fR\|(3), +\&\fISSL_CTX_set_client_cert_cb\fR\|(3), +\&\fICRYPTO_get_ex_new_index\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \s-1SSL_VERIFY_POST_HANDSHAKE\s0 option, and the \fISSL_verify_client_post_handshake()\fR +and \fISSL_set_post_handshake_auth()\fR functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CTX_use_certificate.3 b/linux_amd64/share/man/man3/SSL_CTX_use_certificate.3 new file mode 100755 index 0000000..066393c --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CTX_use_certificate.3 @@ -0,0 +1,326 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_USE_CERTIFICATE 3" +.TH SSL_CTX_USE_CERTIFICATE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_use_certificate, SSL_CTX_use_certificate_ASN1, +SSL_CTX_use_certificate_file, SSL_use_certificate, SSL_use_certificate_ASN1, +SSL_use_certificate_file, SSL_CTX_use_certificate_chain_file, +SSL_use_certificate_chain_file, +SSL_CTX_use_PrivateKey, SSL_CTX_use_PrivateKey_ASN1, +SSL_CTX_use_PrivateKey_file, SSL_CTX_use_RSAPrivateKey, +SSL_CTX_use_RSAPrivateKey_ASN1, SSL_CTX_use_RSAPrivateKey_file, +SSL_use_PrivateKey_file, SSL_use_PrivateKey_ASN1, SSL_use_PrivateKey, +SSL_use_RSAPrivateKey, SSL_use_RSAPrivateKey_ASN1, +SSL_use_RSAPrivateKey_file, SSL_CTX_check_private_key, SSL_check_private_key, +SSL_CTX_use_cert_and_key, SSL_use_cert_and_key +\&\- load certificate and key data +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); +\& int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d); +\& int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type); +\& int SSL_use_certificate(SSL *ssl, X509 *x); +\& int SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len); +\& int SSL_use_certificate_file(SSL *ssl, const char *file, int type); +\& +\& int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); +\& int SSL_use_certificate_chain_file(SSL *ssl, const char *file); +\& +\& int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); +\& int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, unsigned char *d, +\& long len); +\& int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type); +\& int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); +\& int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len); +\& int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type); +\& int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); +\& int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, unsigned char *d, long len); +\& int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type); +\& int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); +\& int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len); +\& int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); +\& +\& int SSL_CTX_check_private_key(const SSL_CTX *ctx); +\& int SSL_check_private_key(const SSL *ssl); +\& +\& int SSL_CTX_use_cert_and_key(SSL_CTX *ctx, X509 *x, EVP_PKEY *pkey, STACK_OF(X509) *chain, int override); +\& int SSL_use_cert_and_key(SSL *ssl, X509 *x, EVP_PKEY *pkey, STACK_OF(X509) *chain, int override); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions load the certificates and private keys into the \s-1SSL_CTX\s0 +or \s-1SSL\s0 object, respectively. +.PP +The SSL_CTX_* class of functions loads the certificates and keys into the +\&\s-1SSL_CTX\s0 object \fBctx\fR. The information is passed to \s-1SSL\s0 objects \fBssl\fR +created from \fBctx\fR with \fISSL_new\fR\|(3) by copying, so that +changes applied to \fBctx\fR do not propagate to already existing \s-1SSL\s0 objects. +.PP +The SSL_* class of functions only loads certificates and keys into a +specific \s-1SSL\s0 object. The specific information is kept, when +\&\fISSL_clear\fR\|(3) is called for this \s-1SSL\s0 object. +.PP +\&\fISSL_CTX_use_certificate()\fR loads the certificate \fBx\fR into \fBctx\fR, +\&\fISSL_use_certificate()\fR loads \fBx\fR into \fBssl\fR. The rest of the +certificates needed to form the complete certificate chain can be +specified using the +\&\fISSL_CTX_add_extra_chain_cert\fR\|(3) +function. +.PP +\&\fISSL_CTX_use_certificate_ASN1()\fR loads the \s-1ASN1\s0 encoded certificate from +the memory location \fBd\fR (with length \fBlen\fR) into \fBctx\fR, +\&\fISSL_use_certificate_ASN1()\fR loads the \s-1ASN1\s0 encoded certificate into \fBssl\fR. +.PP +\&\fISSL_CTX_use_certificate_file()\fR loads the first certificate stored in \fBfile\fR +into \fBctx\fR. The formatting \fBtype\fR of the certificate must be specified +from the known types \s-1SSL_FILETYPE_PEM\s0, \s-1SSL_FILETYPE_ASN1\s0. +\&\fISSL_use_certificate_file()\fR loads the certificate from \fBfile\fR into \fBssl\fR. +See the \s-1NOTES\s0 section on why \fISSL_CTX_use_certificate_chain_file()\fR +should be preferred. +.PP +\&\fISSL_CTX_use_certificate_chain_file()\fR loads a certificate chain from +\&\fBfile\fR into \fBctx\fR. The certificates must be in \s-1PEM\s0 format and must +be sorted starting with the subject's certificate (actual client or server +certificate), followed by intermediate \s-1CA\s0 certificates if applicable, and +ending at the highest level (root) \s-1CA\s0. \fISSL_use_certificate_chain_file()\fR is +similar except it loads the certificate chain into \fBssl\fR. +.PP +\&\fISSL_CTX_use_PrivateKey()\fR adds \fBpkey\fR as private key to \fBctx\fR. +\&\fISSL_CTX_use_RSAPrivateKey()\fR adds the private key \fBrsa\fR of type \s-1RSA\s0 +to \fBctx\fR. \fISSL_use_PrivateKey()\fR adds \fBpkey\fR as private key to \fBssl\fR; +\&\fISSL_use_RSAPrivateKey()\fR adds \fBrsa\fR as private key of type \s-1RSA\s0 to \fBssl\fR. +If a certificate has already been set and the private does not belong +to the certificate an error is returned. To change a certificate, private +key pair the new certificate needs to be set with \fISSL_use_certificate()\fR +or \fISSL_CTX_use_certificate()\fR before setting the private key with +\&\fISSL_CTX_use_PrivateKey()\fR or \fISSL_use_PrivateKey()\fR. +.PP +\&\fISSL_CTX_use_cert_and_key()\fR and \fISSL_use_cert_and_key()\fR assign the X.509 +certificate \fBx\fR, private key \fBkey\fR, and certificate \fBchain\fR onto the +corresponding \fBssl\fR or \fBctx\fR. The \fBpkey\fR argument must be the private +key of the X.509 certificate \fBx\fR. If the \fBoverride\fR argument is 0, then +\&\fBx\fR, \fBpkey\fR and \fBchain\fR are set only if all were not previously set. +If \fBoverride\fR is non\-0, then the certificate, private key and chain certs +are always set. If \fBpkey\fR is \s-1NULL\s0, then the public key of \fBx\fR is used as +the private key. This is intended to be used with hardware (via the \s-1ENGINE\s0 +interface) that stores the private key securely, such that it cannot be +accessed by OpenSSL. The reference count of the public key is incremented +(twice if there is no private key); it is not copied nor duplicated. This +allows all private key validations checks to succeed without an actual +private key being assigned via \fISSL_CTX_use_PrivateKey()\fR, etc. +.PP +\&\fISSL_CTX_use_PrivateKey_ASN1()\fR adds the private key of type \fBpk\fR +stored at memory location \fBd\fR (length \fBlen\fR) to \fBctx\fR. +\&\fISSL_CTX_use_RSAPrivateKey_ASN1()\fR adds the private key of type \s-1RSA\s0 +stored at memory location \fBd\fR (length \fBlen\fR) to \fBctx\fR. +\&\fISSL_use_PrivateKey_ASN1()\fR and \fISSL_use_RSAPrivateKey_ASN1()\fR add the private +key to \fBssl\fR. +.PP +\&\fISSL_CTX_use_PrivateKey_file()\fR adds the first private key found in +\&\fBfile\fR to \fBctx\fR. The formatting \fBtype\fR of the private key must be specified +from the known types \s-1SSL_FILETYPE_PEM\s0, \s-1SSL_FILETYPE_ASN1\s0. +\&\fISSL_CTX_use_RSAPrivateKey_file()\fR adds the first private \s-1RSA\s0 key found in +\&\fBfile\fR to \fBctx\fR. \fISSL_use_PrivateKey_file()\fR adds the first private key found +in \fBfile\fR to \fBssl\fR; \fISSL_use_RSAPrivateKey_file()\fR adds the first private +\&\s-1RSA\s0 key found to \fBssl\fR. +.PP +\&\fISSL_CTX_check_private_key()\fR checks the consistency of a private key with +the corresponding certificate loaded into \fBctx\fR. If more than one +key/certificate pair (\s-1RSA/DSA\s0) is installed, the last item installed will +be checked. If e.g. the last item was a \s-1RSA\s0 certificate or key, the \s-1RSA\s0 +key/certificate pair will be checked. \fISSL_check_private_key()\fR performs +the same check for \fBssl\fR. If no key/certificate was explicitly added for +this \fBssl\fR, the last item added into \fBctx\fR will be checked. +.SH "NOTES" +.IX Header "NOTES" +The internal certificate store of OpenSSL can hold several private +key/certificate pairs at a time. The certificate used depends on the +cipher selected, see also \fISSL_CTX_set_cipher_list\fR\|(3). +.PP +When reading certificates and private keys from file, files of type +\&\s-1SSL_FILETYPE_ASN1\s0 (also known as \fB\s-1DER\s0\fR, binary encoding) can only contain +one certificate or private key, consequently +\&\fISSL_CTX_use_certificate_chain_file()\fR is only applicable to \s-1PEM\s0 formatting. +Files of type \s-1SSL_FILETYPE_PEM\s0 can contain more than one item. +.PP +\&\fISSL_CTX_use_certificate_chain_file()\fR adds the first certificate found +in the file to the certificate store. The other certificates are added +to the store of chain certificates using \fISSL_CTX_add1_chain_cert\fR\|(3). Note: versions of OpenSSL before 1.0.2 only had a single +certificate chain store for all certificate types, OpenSSL 1.0.2 and later +have a separate chain store for each type. \fISSL_CTX_use_certificate_chain_file()\fR +should be used instead of the \fISSL_CTX_use_certificate_file()\fR function in order +to allow the use of complete certificate chains even when no trusted \s-1CA\s0 +storage is used or when the \s-1CA\s0 issuing the certificate shall not be added to +the trusted \s-1CA\s0 storage. +.PP +If additional certificates are needed to complete the chain during the +\&\s-1TLS\s0 negotiation, \s-1CA\s0 certificates are additionally looked up in the +locations of trusted \s-1CA\s0 certificates, see +\&\fISSL_CTX_load_verify_locations\fR\|(3). +.PP +The private keys loaded from file can be encrypted. In order to successfully +load encrypted keys, a function returning the passphrase must have been +supplied, see +\&\fISSL_CTX_set_default_passwd_cb\fR\|(3). +(Certificate files might be encrypted as well from the technical point +of view, it however does not make sense as the data in the certificate +is considered public anyway.) +.PP +All of the functions to set a new certificate will replace any existing +certificate of the same type that has already been set. Similarly all of the +functions to set a new private key will replace any private key that has already +been set. Applications should call \fISSL_CTX_check_private_key\fR\|(3) or +\&\fISSL_check_private_key\fR\|(3) as appropriate after loading a new certificate and +private key to confirm that the certificate and key match. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +On success, the functions return 1. +Otherwise check out the error stack to find out the reason. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_new\fR\|(3), \fISSL_clear\fR\|(3), +\&\fISSL_CTX_load_verify_locations\fR\|(3), +\&\fISSL_CTX_set_default_passwd_cb\fR\|(3), +\&\fISSL_CTX_set_cipher_list\fR\|(3), +\&\fISSL_CTX_set_client_CA_list\fR\|(3), +\&\fISSL_CTX_set_client_cert_cb\fR\|(3), +\&\fISSL_CTX_add_extra_chain_cert\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CTX_use_psk_identity_hint.3 b/linux_amd64/share/man/man3/SSL_CTX_use_psk_identity_hint.3 new file mode 100755 index 0000000..8bc1b13 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CTX_use_psk_identity_hint.3 @@ -0,0 +1,268 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_USE_PSK_IDENTITY_HINT 3" +.TH SSL_CTX_USE_PSK_IDENTITY_HINT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_psk_server_cb_func, +SSL_psk_find_session_cb_func, +SSL_CTX_use_psk_identity_hint, +SSL_use_psk_identity_hint, +SSL_CTX_set_psk_server_callback, +SSL_set_psk_server_callback, +SSL_CTX_set_psk_find_session_callback, +SSL_set_psk_find_session_callback +\&\- set PSK identity hint to use +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef int (*SSL_psk_find_session_cb_func)(SSL *ssl, +\& const unsigned char *identity, +\& size_t identity_len, +\& SSL_SESSION **sess); +\& +\& +\& void SSL_CTX_set_psk_find_session_callback(SSL_CTX *ctx, +\& SSL_psk_find_session_cb_func cb); +\& void SSL_set_psk_find_session_callback(SSL *s, SSL_psk_find_session_cb_func cb); +\& +\& typedef unsigned int (*SSL_psk_server_cb_func)(SSL *ssl, +\& const char *identity, +\& unsigned char *psk, +\& unsigned int max_psk_len); +\& +\& int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *hint); +\& int SSL_use_psk_identity_hint(SSL *ssl, const char *hint); +\& +\& void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb); +\& void SSL_set_psk_server_callback(SSL *ssl, SSL_psk_server_cb_func cb); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A server application wishing to use TLSv1.3 PSKs should set a callback +using either \fISSL_CTX_set_psk_find_session_callback()\fR or +\&\fISSL_set_psk_find_session_callback()\fR as appropriate. +.PP +The callback function is given a pointer to the \s-1SSL\s0 connection in \fBssl\fR and +an identity in \fBidentity\fR of length \fBidentity_len\fR. The callback function +should identify an \s-1SSL_SESSION\s0 object that provides the \s-1PSK\s0 details and store it +in \fB*sess\fR. The \s-1SSL_SESSION\s0 object should, as a minimum, set the master key, +the ciphersuite and the protocol version. See +\&\fISSL_CTX_set_psk_use_session_callback\fR\|(3) for details. +.PP +It is also possible for the callback to succeed but not supply a \s-1PSK\s0. In this +case no \s-1PSK\s0 will be used but the handshake will continue. To do this the +callback should return successfully and ensure that \fB*sess\fR is +\&\s-1NULL\s0. +.PP +Identity hints are not relevant for TLSv1.3. A server application wishing to use +\&\s-1PSK\s0 ciphersuites for TLSv1.2 and below may call \fISSL_CTX_use_psk_identity_hint()\fR +to set the given \fB\s-1NUL\s0\fR\-terminated \s-1PSK\s0 identity hint \fBhint\fR for \s-1SSL\s0 context +object \fBctx\fR. \fISSL_use_psk_identity_hint()\fR sets the given \fB\s-1NUL\s0\fR\-terminated \s-1PSK\s0 +identity hint \fBhint\fR for the \s-1SSL\s0 connection object \fBssl\fR. If \fBhint\fR is +\&\fB\s-1NULL\s0\fR the current hint from \fBctx\fR or \fBssl\fR is deleted. +.PP +In the case where \s-1PSK\s0 identity hint is \fB\s-1NULL\s0\fR, the server does not send the +ServerKeyExchange message to the client. +.PP +A server application wishing to use PSKs for TLSv1.2 and below must provide a +callback function which is called when the server receives the +ClientKeyExchange message from the client. The purpose of the callback function +is to validate the received \s-1PSK\s0 identity and to fetch the pre-shared key used +during the connection setup phase. The callback is set using the functions +\&\fISSL_CTX_set_psk_server_callback()\fR or \fISSL_set_psk_server_callback()\fR. The callback +function is given the connection in parameter \fBssl\fR, \fB\s-1NUL\s0\fR\-terminated \s-1PSK\s0 +identity sent by the client in parameter \fBidentity\fR, and a buffer \fBpsk\fR of +length \fBmax_psk_len\fR bytes where the pre-shared key is to be stored. +.PP +The callback for use in TLSv1.2 will also work in TLSv1.3 although it is +recommended to use \fISSL_CTX_set_psk_find_session_callback()\fR +or \fISSL_set_psk_find_session_callback()\fR for this purpose instead. If TLSv1.3 has +been negotiated then OpenSSL will first check to see if a callback has been set +via \fISSL_CTX_set_psk_find_session_callback()\fR or \fISSL_set_psk_find_session_callback()\fR +and it will use that in preference. If no such callback is present then it will +check to see if a callback has been set via \fISSL_CTX_set_psk_server_callback()\fR or +\&\fISSL_set_psk_server_callback()\fR and use that. In this case the handshake digest +will default to \s-1SHA\-256\s0 for any returned \s-1PSK\s0. +.PP +A connection established via a TLSv1.3 \s-1PSK\s0 will appear as if session resumption +has occurred so that \fISSL_session_reused\fR\|(3) will return true. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fB\f(BISSL_CTX_use_psk_identity_hint()\fB\fR and \fB\f(BISSL_use_psk_identity_hint()\fB\fR return +1 on success, 0 otherwise. +.PP +Return values from the TLSv1.2 and below server callback are interpreted as +follows: +.IP "0" 4 +\&\s-1PSK\s0 identity was not found. An \*(L"unknown_psk_identity\*(R" alert message +will be sent and the connection setup fails. +.IP ">0" 4 +.IX Item ">0" +\&\s-1PSK\s0 identity was found and the server callback has provided the \s-1PSK\s0 +successfully in parameter \fBpsk\fR. Return value is the length of +\&\fBpsk\fR in bytes. It is an error to return a value greater than +\&\fBmax_psk_len\fR. +.Sp +If the \s-1PSK\s0 identity was not found but the callback instructs the +protocol to continue anyway, the callback must provide some random +data to \fBpsk\fR and return the length of the random data, so the +connection will fail with decryption_error before it will be finished +completely. +.PP +The \fBSSL_psk_find_session_cb_func\fR callback should return 1 on success or 0 on +failure. In the event of failure the connection setup fails. +.SH "NOTES" +.IX Header "NOTES" +There are no known security issues with sharing the same \s-1PSK\s0 between TLSv1.2 (or +below) and TLSv1.3. However the \s-1RFC\s0 has this note of caution: +.PP +\&\*(L"While there is no known way in which the same \s-1PSK\s0 might produce related output +in both versions, only limited analysis has been done. Implementations can +ensure safety from cross-protocol related output by not reusing PSKs between +\&\s-1TLS\s0 1.3 and \s-1TLS\s0 1.2.\*(R" +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_CTX_set_psk_use_session_callback\fR\|(3), +\&\fISSL_set_psk_use_session_callback\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fISSL_CTX_set_psk_find_session_callback()\fR and \fISSL_set_psk_find_session_callback()\fR +were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_CTX_use_serverinfo.3 b/linux_amd64/share/man/man3/SSL_CTX_use_serverinfo.3 new file mode 100755 index 0000000..cb21339 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_CTX_use_serverinfo.3 @@ -0,0 +1,212 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_USE_SERVERINFO 3" +.TH SSL_CTX_USE_SERVERINFO 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_use_serverinfo_ex, +SSL_CTX_use_serverinfo, +SSL_CTX_use_serverinfo_file +\&\- use serverinfo extension +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_use_serverinfo_ex(SSL_CTX *ctx, unsigned int version, +\& const unsigned char *serverinfo, +\& size_t serverinfo_length); +\& +\& int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo, +\& size_t serverinfo_length); +\& +\& int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions load \*(L"serverinfo\*(R" \s-1TLS\s0 extensions into the \s-1SSL_CTX\s0. A +\&\*(L"serverinfo\*(R" extension is returned in response to an empty ClientHello +Extension. +.PP +\&\fISSL_CTX_use_serverinfo_ex()\fR loads one or more serverinfo extensions from +a byte array into \fBctx\fR. The \fBversion\fR parameter specifies the format of the +byte array provided in \fB*serverinfo\fR which is of length \fBserverinfo_length\fR. +.PP +If \fBversion\fR is \fB\s-1SSL_SERVERINFOV2\s0\fR then the extensions in the array must +consist of a 4\-byte context, a 2\-byte Extension Type, a 2\-byte length, and then +length bytes of extension_data. The context and type values have the same +meaning as for \fISSL_CTX_add_custom_ext\fR\|(3). If serverinfo is being loaded for +extensions to be added to a Certificate message, then the extension will only +be added for the first certificate in the message (which is always the +end-entity certificate). +.PP +If \fBversion\fR is \fB\s-1SSL_SERVERINFOV1\s0\fR then the extensions in the array must +consist of a 2\-byte Extension Type, a 2\-byte length, and then length bytes of +extension_data. The type value has the same meaning as for +\&\fISSL_CTX_add_custom_ext\fR\|(3). The following default context value will be used +in this case: +.PP +.Vb 2 +\& SSL_EXT_TLS1_2_AND_BELOW_ONLY | SSL_EXT_CLIENT_HELLO +\& | SSL_EXT_TLS1_2_SERVER_HELLO | SSL_EXT_IGNORE_ON_RESUMPTION +.Ve +.PP +\&\fISSL_CTX_use_serverinfo()\fR does the same thing as \fISSL_CTX_use_serverinfo_ex()\fR +except that there is no \fBversion\fR parameter so a default version of +\&\s-1SSL_SERVERINFOV1\s0 is used instead. +.PP +\&\fISSL_CTX_use_serverinfo_file()\fR loads one or more serverinfo extensions from +\&\fBfile\fR into \fBctx\fR. The extensions must be in \s-1PEM\s0 format. Each extension +must be in a format as described above for \fISSL_CTX_use_serverinfo_ex()\fR. Each +\&\s-1PEM\s0 extension name must begin with the phrase \*(L"\s-1BEGIN\s0 \s-1SERVERINFOV2\s0 \s-1FOR\s0 \*(R" for +\&\s-1SSL_SERVERINFOV2\s0 data or \*(L"\s-1BEGIN\s0 \s-1SERVERINFO\s0 \s-1FOR\s0 \*(R" for \s-1SSL_SERVERINFOV1\s0 data. +.PP +If more than one certificate (\s-1RSA/DSA\s0) is installed using +\&\fISSL_CTX_use_certificate()\fR, the serverinfo extension will be loaded into the +last certificate installed. If e.g. the last item was a \s-1RSA\s0 certificate, the +loaded serverinfo extension data will be loaded for that certificate. To +use the serverinfo extension for multiple certificates, +\&\fISSL_CTX_use_serverinfo()\fR needs to be called multiple times, once \fBafter\fR +each time a certificate is loaded via a call to \fISSL_CTX_use_certificate()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +On success, the functions return 1. +On failure, the functions return 0. Check out the error stack to find out +the reason. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2013\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_SESSION_free.3 b/linux_amd64/share/man/man3/SSL_SESSION_free.3 new file mode 100755 index 0000000..9d74e53 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_SESSION_free.3 @@ -0,0 +1,208 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_FREE 3" +.TH SSL_SESSION_FREE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_SESSION_new, +SSL_SESSION_dup, +SSL_SESSION_up_ref, +SSL_SESSION_free \- create, free and manage SSL_SESSION structures +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& SSL_SESSION *SSL_SESSION_new(void); +\& SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src); +\& int SSL_SESSION_up_ref(SSL_SESSION *ses); +\& void SSL_SESSION_free(SSL_SESSION *session); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_SESSION_new()\fR creates a new \s-1SSL_SESSION\s0 structure and returns a pointer to +it. +.PP +\&\fISSL_SESSION_dup()\fR copies the contents of the \s-1SSL_SESSION\s0 structure in \fBsrc\fR +and returns a pointer to it. +.PP +\&\fISSL_SESSION_up_ref()\fR increments the reference count on the given \s-1SSL_SESSION\s0 +structure. +.PP +\&\fISSL_SESSION_free()\fR decrements the reference count of \fBsession\fR and removes +the \fB\s-1SSL_SESSION\s0\fR structure pointed to by \fBsession\fR and frees up the allocated +memory, if the reference count has reached 0. +If \fBsession\fR is \s-1NULL\s0 nothing is done. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1SSL_SESSION\s0 objects are allocated, when a \s-1TLS/SSL\s0 handshake operation +is successfully completed. Depending on the settings, see +\&\fISSL_CTX_set_session_cache_mode\fR\|(3), +the \s-1SSL_SESSION\s0 objects are internally referenced by the \s-1SSL_CTX\s0 and +linked into its session cache. \s-1SSL\s0 objects may be using the \s-1SSL_SESSION\s0 object; +as a session may be reused, several \s-1SSL\s0 objects may be using one \s-1SSL_SESSION\s0 +object at the same time. It is therefore crucial to keep the reference +count (usage information) correct and not delete a \s-1SSL_SESSION\s0 object +that is still used, as this may lead to program failures due to +dangling pointers. These failures may also appear delayed, e.g. +when an \s-1SSL_SESSION\s0 object was completely freed as the reference count +incorrectly became 0, but it is still referenced in the internal +session cache and the cache list is processed during a +\&\fISSL_CTX_flush_sessions\fR\|(3) operation. +.PP +\&\fISSL_SESSION_free()\fR must only be called for \s-1SSL_SESSION\s0 objects, for +which the reference count was explicitly incremented (e.g. +by calling \fISSL_get1_session()\fR, see \fISSL_get_session\fR\|(3)) +or when the \s-1SSL_SESSION\s0 object was generated outside a \s-1TLS\s0 handshake +operation, e.g. by using \fId2i_SSL_SESSION\fR\|(3). +It must not be called on other \s-1SSL_SESSION\s0 objects, as this would cause +incorrect reference counts and therefore program failures. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +SSL_SESSION_new returns a pointer to the newly allocated \s-1SSL_SESSION\s0 structure +or \s-1NULL\s0 on error. +.PP +SSL_SESSION_up_ref returns 1 on success or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_get_session\fR\|(3), +\&\fISSL_CTX_set_session_cache_mode\fR\|(3), +\&\fISSL_CTX_flush_sessions\fR\|(3), +\&\fId2i_SSL_SESSION\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fISSL_SESSION_dup()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_SESSION_get0_cipher.3 b/linux_amd64/share/man/man3/SSL_SESSION_get0_cipher.3 new file mode 100755 index 0000000..df679ca --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_SESSION_get0_cipher.3 @@ -0,0 +1,180 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_GET0_CIPHER 3" +.TH SSL_SESSION_GET0_CIPHER 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_SESSION_get0_cipher, +SSL_SESSION_set_cipher +\&\- set and retrieve the SSL cipher associated with a session +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *s); +\& int SSL_SESSION_set_cipher(SSL_SESSION *s, const SSL_CIPHER *cipher); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_SESSION_get0_cipher()\fR retrieves the cipher that was used by the +connection when the session was created, or \s-1NULL\s0 if it cannot be determined. +.PP +The value returned is a pointer to an object maintained within \fBs\fR and +should not be released. +.PP +\&\fISSL_SESSION_set_cipher()\fR can be used to set the ciphersuite associated with the +\&\s-1SSL_SESSION\s0 \fBs\fR to \fBcipher\fR. For example, this could be used to set up a +session based \s-1PSK\s0 (see \fISSL_CTX_set_psk_use_session_callback\fR\|(3)). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_SESSION_get0_cipher()\fR returns the \s-1SSL_CIPHER\s0 associated with the \s-1SSL_SESSION\s0 +or \s-1NULL\s0 if it cannot be determined. +.PP +\&\fISSL_SESSION_set_cipher()\fR returns 1 on success or 0 on failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fId2i_SSL_SESSION\fR\|(3), +\&\fISSL_SESSION_get_time\fR\|(3), +\&\fISSL_SESSION_get0_hostname\fR\|(3), +\&\fISSL_SESSION_free\fR\|(3), +\&\fISSL_CTX_set_psk_use_session_callback\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fISSL_SESSION_get0_cipher()\fR function was added in OpenSSL 1.1.0. +The \fISSL_SESSION_set_cipher()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_SESSION_get0_hostname.3 b/linux_amd64/share/man/man3/SSL_SESSION_get0_hostname.3 new file mode 100755 index 0000000..44c19a1 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_SESSION_get0_hostname.3 @@ -0,0 +1,199 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_GET0_HOSTNAME 3" +.TH SSL_SESSION_GET0_HOSTNAME 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_SESSION_get0_hostname, +SSL_SESSION_set1_hostname, +SSL_SESSION_get0_alpn_selected, +SSL_SESSION_set1_alpn_selected +\&\- get and set SNI and ALPN data associated with a session +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s); +\& int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname); +\& +\& void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s, +\& const unsigned char **alpn, +\& size_t *len); +\& int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s, const unsigned char *alpn, +\& size_t len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_SESSION_get0_hostname()\fR retrieves the \s-1SNI\s0 value that was sent by the +client when the session was created if it was accepted by the server and TLSv1.2 +or below was negotiated. Otherwise \s-1NULL\s0 is returned. Note that in TLSv1.3 the +\&\s-1SNI\s0 hostname is negotiated with each handshake including resumption handshakes +and is therefore never associated with the session. +.PP +The value returned is a pointer to memory maintained within \fBs\fR and +should not be free'd. +.PP +\&\fISSL_SESSION_set1_hostname()\fR sets the \s-1SNI\s0 value for the hostname to a copy of +the string provided in hostname. +.PP +\&\fISSL_SESSION_get0_alpn_selected()\fR retrieves the selected \s-1ALPN\s0 protocol for this +session and its associated length in bytes. The returned value of \fB*alpn\fR is a +pointer to memory maintained within \fBs\fR and should not be free'd. +.PP +\&\fISSL_SESSION_set1_alpn_selected()\fR sets the \s-1ALPN\s0 protocol for this session to the +value in \fBalpn\fR which should be of length \fBlen\fR bytes. A copy of the input +value is made, and the caller retains ownership of the memory pointed to by +\&\fBalpn\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_SESSION_get0_hostname()\fR returns either a string or \s-1NULL\s0 based on if there +is the \s-1SNI\s0 value sent by client. +.PP +\&\fISSL_SESSION_set1_hostname()\fR returns 1 on success or 0 on error. +.PP +\&\fISSL_SESSION_set1_alpn_selected()\fR returns 1 on success or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fId2i_SSL_SESSION\fR\|(3), +\&\fISSL_SESSION_get_time\fR\|(3), +\&\fISSL_SESSION_free\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fISSL_SESSION_set1_hostname()\fR, \fISSL_SESSION_get0_alpn_selected()\fR and +\&\fISSL_SESSION_set1_alpn_selected()\fR functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_SESSION_get0_id_context.3 b/linux_amd64/share/man/man3/SSL_SESSION_get0_id_context.3 new file mode 100755 index 0000000..ff917dc --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_SESSION_get0_id_context.3 @@ -0,0 +1,178 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_GET0_ID_CONTEXT 3" +.TH SSL_SESSION_GET0_ID_CONTEXT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_SESSION_get0_id_context, +SSL_SESSION_set1_id_context +\&\- get and set the SSL ID context associated with a session +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s, +\& unsigned int *len) +\& int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, +\& unsigned int sid_ctx_len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +See \fISSL_CTX_set_session_id_context\fR\|(3) for further details on session \s-1ID\s0 +contexts. +.PP +\&\fISSL_SESSION_get0_id_context()\fR returns the \s-1ID\s0 context associated with +the \s-1SSL/TLS\s0 session \fBs\fR. The length of the \s-1ID\s0 context is written to +\&\fB*len\fR if \fBlen\fR is not \s-1NULL\s0. +.PP +The value returned is a pointer to an object maintained within \fBs\fR and +should not be released. +.PP +\&\fISSL_SESSION_set1_id_context()\fR takes a copy of the provided \s-1ID\s0 context given in +\&\fBsid_ctx\fR and associates it with the session \fBs\fR. The length of the \s-1ID\s0 context +is given by \fBsid_ctx_len\fR which must not exceed \s-1SSL_MAX_SID_CTX_LENGTH\s0 bytes. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_SESSION_set1_id_context()\fR returns 1 on success or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_set_session_id_context\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fISSL_SESSION_get0_id_context()\fR function was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_SESSION_get0_peer.3 b/linux_amd64/share/man/man3/SSL_SESSION_get0_peer.3 new file mode 100755 index 0000000..eac40e9 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_SESSION_get0_peer.3 @@ -0,0 +1,161 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_GET0_PEER 3" +.TH SSL_SESSION_GET0_PEER 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_SESSION_get0_peer +\&\- get details about peer's certificate for a session +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& X509 *SSL_SESSION_get0_peer(SSL_SESSION *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_SESSION_get0_peer()\fR returns the peer certificate associated with the session +\&\fBs\fR or \s-1NULL\s0 if no peer certificate is available. The caller should not free the +returned value (unless \fIX509_up_ref\fR\|(3) has also been called). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_SESSION_get0_peer()\fR returns a pointer to the peer certificate or \s-1NULL\s0 if +no peer certificate is available. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_SESSION_get_compress_id.3 b/linux_amd64/share/man/man3/SSL_SESSION_get_compress_id.3 new file mode 100755 index 0000000..3248a21 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_SESSION_get_compress_id.3 @@ -0,0 +1,162 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_GET_COMPRESS_ID 3" +.TH SSL_SESSION_GET_COMPRESS_ID 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_SESSION_get_compress_id +\&\- get details about the compression associated with a session +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +If compression has been negotiated for an ssl session then +\&\fISSL_SESSION_get_compress_id()\fR will return the id for the compression method or +0 otherwise. The only built-in supported compression method is zlib which has an +id of 1. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_SESSION_get_compress_id()\fR returns the id of the compression method or 0 if +none. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_SESSION_get_protocol_version.3 b/linux_amd64/share/man/man3/SSL_SESSION_get_protocol_version.3 new file mode 100755 index 0000000..361dfe3 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_SESSION_get_protocol_version.3 @@ -0,0 +1,178 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_GET_PROTOCOL_VERSION 3" +.TH SSL_SESSION_GET_PROTOCOL_VERSION 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_SESSION_get_protocol_version, +SSL_SESSION_set_protocol_version +\&\- get and set the session protocol version +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_SESSION_get_protocol_version(const SSL_SESSION *s); +\& int SSL_SESSION_set_protocol_version(SSL_SESSION *s, int version); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_SESSION_get_protocol_version()\fR returns the protocol version number used +by session \fBs\fR. +.PP +\&\fISSL_SESSION_set_protocol_version()\fR sets the protocol version associated with the +\&\s-1SSL_SESSION\s0 object \fBs\fR to the value \fBversion\fR. This value should be a version +constant such as \fB\s-1TLS1_3_VERSION\s0\fR etc. For example, this could be used to set +up a session based \s-1PSK\s0 (see \fISSL_CTX_set_psk_use_session_callback\fR\|(3)). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_SESSION_get_protocol_version()\fR returns a number indicating the protocol +version used for the session; this number matches the constants \fIe.g.\fR +\&\fB\s-1TLS1_VERSION\s0\fR, \fB\s-1TLS1_2_VERSION\s0\fR or \fB\s-1TLS1_3_VERSION\s0\fR. +.PP +Note that the \fISSL_SESSION_get_protocol_version()\fR function +does \fBnot\fR perform a null check on the provided session \fBs\fR pointer. +.PP +\&\fISSL_SESSION_set_protocol_version()\fR returns 1 on success or 0 on failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_CTX_set_psk_use_session_callback\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fISSL_SESSION_get_protocol_version()\fR function was added in OpenSSL 1.1.0. +The \fISSL_SESSION_set_protocol_version()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_SESSION_get_time.3 b/linux_amd64/share/man/man3/SSL_SESSION_get_time.3 new file mode 100755 index 0000000..a1df60e --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_SESSION_get_time.3 @@ -0,0 +1,198 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_GET_TIME 3" +.TH SSL_SESSION_GET_TIME 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_SESSION_get_time, SSL_SESSION_set_time, SSL_SESSION_get_timeout, +SSL_SESSION_set_timeout, +SSL_get_time, SSL_set_time, SSL_get_timeout, SSL_set_timeout +\&\- retrieve and manipulate session time and timeout settings +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_SESSION_get_time(const SSL_SESSION *s); +\& long SSL_SESSION_set_time(SSL_SESSION *s, long tm); +\& long SSL_SESSION_get_timeout(const SSL_SESSION *s); +\& long SSL_SESSION_set_timeout(SSL_SESSION *s, long tm); +\& +\& long SSL_get_time(const SSL_SESSION *s); +\& long SSL_set_time(SSL_SESSION *s, long tm); +\& long SSL_get_timeout(const SSL_SESSION *s); +\& long SSL_set_timeout(SSL_SESSION *s, long tm); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_SESSION_get_time()\fR returns the time at which the session \fBs\fR was +established. The time is given in seconds since the Epoch and therefore +compatible to the time delivered by the \fItime()\fR call. +.PP +\&\fISSL_SESSION_set_time()\fR replaces the creation time of the session \fBs\fR with +the chosen value \fBtm\fR. +.PP +\&\fISSL_SESSION_get_timeout()\fR returns the timeout value set for session \fBs\fR +in seconds. +.PP +\&\fISSL_SESSION_set_timeout()\fR sets the timeout value for session \fBs\fR in seconds +to \fBtm\fR. +.PP +The \fISSL_get_time()\fR, \fISSL_set_time()\fR, \fISSL_get_timeout()\fR, and \fISSL_set_timeout()\fR +functions are synonyms for the SSL_SESSION_*() counterparts. +.SH "NOTES" +.IX Header "NOTES" +Sessions are expired by examining the creation time and the timeout value. +Both are set at creation time of the session to the actual time and the +default timeout value at creation, respectively, as set by +\&\fISSL_CTX_set_timeout\fR\|(3). +Using these functions it is possible to extend or shorten the lifetime +of the session. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_SESSION_get_time()\fR and \fISSL_SESSION_get_timeout()\fR return the currently +valid values. +.PP +\&\fISSL_SESSION_set_time()\fR and \fISSL_SESSION_set_timeout()\fR return 1 on success. +.PP +If any of the function is passed the \s-1NULL\s0 pointer for the session \fBs\fR, +0 is returned. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_CTX_set_timeout\fR\|(3), +\&\fISSL_get_default_timeout\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_SESSION_has_ticket.3 b/linux_amd64/share/man/man3/SSL_SESSION_has_ticket.3 new file mode 100755 index 0000000..6790e23 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_SESSION_has_ticket.3 @@ -0,0 +1,181 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_HAS_TICKET 3" +.TH SSL_SESSION_HAS_TICKET 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_SESSION_get0_ticket, +SSL_SESSION_has_ticket, SSL_SESSION_get_ticket_lifetime_hint +\&\- get details about the ticket associated with a session +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_SESSION_has_ticket(const SSL_SESSION *s); +\& unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s); +\& void SSL_SESSION_get0_ticket(const SSL_SESSION *s, const unsigned char **tick, +\& size_t *len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_SESSION_has_ticket()\fR returns 1 if there is a Session Ticket associated with +this session, and 0 otherwise. +.PP +SSL_SESSION_get_ticket_lifetime_hint returns the lifetime hint in seconds +associated with the session ticket. +.PP +SSL_SESSION_get0_ticket obtains a pointer to the ticket associated with a +session. The length of the ticket is written to \fB*len\fR. If \fBtick\fR is non +\&\s-1NULL\s0 then a pointer to the ticket is written to \fB*tick\fR. The pointer is only +valid while the connection is in use. The session (and hence the ticket pointer) +may also become invalid as a result of a call to \fISSL_CTX_flush_sessions()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_SESSION_has_ticket()\fR returns 1 if session ticket exists or 0 otherwise. +.PP +\&\fISSL_SESSION_get_ticket_lifetime_hint()\fR returns the number of seconds. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fId2i_SSL_SESSION\fR\|(3), +\&\fISSL_SESSION_get_time\fR\|(3), +\&\fISSL_SESSION_free\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fISSL_SESSION_has_ticket()\fR, \fISSL_SESSION_get_ticket_lifetime_hint()\fR +and \fISSL_SESSION_get0_ticket()\fR functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_SESSION_is_resumable.3 b/linux_amd64/share/man/man3/SSL_SESSION_is_resumable.3 new file mode 100755 index 0000000..b478ac1 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_SESSION_is_resumable.3 @@ -0,0 +1,166 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_IS_RESUMABLE 3" +.TH SSL_SESSION_IS_RESUMABLE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_SESSION_is_resumable +\&\- determine whether an SSL_SESSION object can be used for resumption +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_SESSION_is_resumable(const SSL_SESSION *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_SESSION_is_resumable()\fR determines whether an \s-1SSL_SESSION\s0 object can be used +to resume a session or not. Returns 1 if it can or 0 if not. Note that +attempting to resume with a non-resumable session will result in a full +handshake. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_SESSION_is_resumable()\fR returns 1 if the session is resumable or 0 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_get_session\fR\|(3), +\&\fISSL_CTX_sess_set_new_cb\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fISSL_SESSION_is_resumable()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_SESSION_print.3 b/linux_amd64/share/man/man3/SSL_SESSION_print.3 new file mode 100755 index 0000000..09f0c9f --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_SESSION_print.3 @@ -0,0 +1,170 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_PRINT 3" +.TH SSL_SESSION_PRINT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_SESSION_print, +SSL_SESSION_print_fp, +SSL_SESSION_print_keylog +\&\- printf information about a session +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses); +\& int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses); +\& int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_SESSION_print()\fR prints summary information about the session provided in +\&\fBses\fR to the \s-1BIO\s0 \fBfp\fR. +.PP +\&\fISSL_SESSION_print_fp()\fR does the same as \fISSL_SESSION_print()\fR except it prints it +to the \s-1FILE\s0 \fBfp\fR. +.PP +\&\fISSL_SESSION_print_keylog()\fR prints session information to the provided \s-1BIO\s0 +in \s-1NSS\s0 keylog format. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_SESSION_print()\fR, \fISSL_SESSION_print_fp()\fR and SSL_SESSION_print_keylog return +1 on success or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_SESSION_set1_id.3 b/linux_amd64/share/man/man3/SSL_SESSION_set1_id.3 new file mode 100755 index 0000000..dba81c8 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_SESSION_set1_id.3 @@ -0,0 +1,172 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_SET1_ID 3" +.TH SSL_SESSION_SET1_ID 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_SESSION_get_id, +SSL_SESSION_set1_id +\&\- get and set the SSL session ID +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, +\& unsigned int *len) +\& int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid, +\& unsigned int sid_len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_SESSION_get_id()\fR returns a pointer to the internal session id value for the +session \fBs\fR. The length of the id in bytes is stored in \fB*len\fR. The length may +be 0. The caller should not free the returned pointer directly. +.PP +\&\fISSL_SESSION_set1_id()\fR sets the session \s-1ID\s0 for the \fBssl\fR \s-1SSL/TLS\s0 session +to \fBsid\fR of length \fBsid_len\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_SESSION_get_id()\fR returns a pointer to the session id value. +\&\fISSL_SESSION_set1_id()\fR returns 1 for success and 0 for failure, for example +if the supplied session \s-1ID\s0 length exceeds \fB\s-1SSL_MAX_SSL_SESSION_ID_LENGTH\s0\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \fISSL_SESSION_set1_id()\fR function was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_accept.3 b/linux_amd64/share/man/man3/SSL_accept.3 new file mode 100755 index 0000000..7bfa12a --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_accept.3 @@ -0,0 +1,196 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_ACCEPT 3" +.TH SSL_ACCEPT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_accept \- wait for a TLS/SSL client to initiate a TLS/SSL handshake +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_accept(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_accept()\fR waits for a \s-1TLS/SSL\s0 client to initiate the \s-1TLS/SSL\s0 handshake. +The communication channel must already have been set and assigned to the +\&\fBssl\fR by setting an underlying \fB\s-1BIO\s0\fR. +.SH "NOTES" +.IX Header "NOTES" +The behaviour of \fISSL_accept()\fR depends on the underlying \s-1BIO\s0. +.PP +If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_accept()\fR will only return once the +handshake has been finished or an error occurred. +.PP +If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fISSL_accept()\fR will also return +when the underlying \s-1BIO\s0 could not satisfy the needs of \fISSL_accept()\fR +to continue the handshake, indicating the problem by the return value \-1. +In this case a call to \fISSL_get_error()\fR with the +return value of \fISSL_accept()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or +\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after +taking appropriate action to satisfy the needs of \fISSL_accept()\fR. +The action depends on the underlying \s-1BIO\s0. When using a non-blocking socket, +nothing is to be done, but \fIselect()\fR can be used to check for the required +condition. When using a buffering \s-1BIO\s0, like a \s-1BIO\s0 pair, data must be written +into or retrieved out of the \s-1BIO\s0 before being able to continue. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "0" 4 +The \s-1TLS/SSL\s0 handshake was not successful but was shut down controlled and +by the specifications of the \s-1TLS/SSL\s0 protocol. Call \fISSL_get_error()\fR with the +return value \fBret\fR to find out the reason. +.IP "1" 4 +.IX Item "1" +The \s-1TLS/SSL\s0 handshake was successfully completed, a \s-1TLS/SSL\s0 connection has been +established. +.IP "<0" 4 +.IX Item "<0" +The \s-1TLS/SSL\s0 handshake was not successful because a fatal error occurred either +at the protocol level or a connection failure occurred. The shutdown was +not clean. It can also occur of action is need to continue the operation +for non-blocking BIOs. Call \fISSL_get_error()\fR with the return value \fBret\fR +to find out the reason. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fISSL_get_error\fR\|(3), \fISSL_connect\fR\|(3), +\&\fISSL_shutdown\fR\|(3), \fIssl\fR\|(7), \fIbio\fR\|(7), +\&\fISSL_set_connect_state\fR\|(3), +\&\fISSL_do_handshake\fR\|(3), +\&\fISSL_CTX_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_alert_type_string.3 b/linux_amd64/share/man/man3/SSL_alert_type_string.3 new file mode 100755 index 0000000..563e36f --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_alert_type_string.3 @@ -0,0 +1,360 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_ALERT_TYPE_STRING 3" +.TH SSL_ALERT_TYPE_STRING 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_alert_type_string, SSL_alert_type_string_long, SSL_alert_desc_string, SSL_alert_desc_string_long \- get textual description of alert information +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const char *SSL_alert_type_string(int value); +\& const char *SSL_alert_type_string_long(int value); +\& +\& const char *SSL_alert_desc_string(int value); +\& const char *SSL_alert_desc_string_long(int value); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_alert_type_string()\fR returns a one letter string indicating the +type of the alert specified by \fBvalue\fR. +.PP +\&\fISSL_alert_type_string_long()\fR returns a string indicating the type of the alert +specified by \fBvalue\fR. +.PP +\&\fISSL_alert_desc_string()\fR returns a two letter string as a short form +describing the reason of the alert specified by \fBvalue\fR. +.PP +\&\fISSL_alert_desc_string_long()\fR returns a string describing the reason +of the alert specified by \fBvalue\fR. +.SH "NOTES" +.IX Header "NOTES" +When one side of an \s-1SSL/TLS\s0 communication wants to inform the peer about +a special situation, it sends an alert. The alert is sent as a special message +and does not influence the normal data stream (unless its contents results +in the communication being canceled). +.PP +A warning alert is sent, when a non-fatal error condition occurs. The +\&\*(L"close notify\*(R" alert is sent as a warning alert. Other examples for +non-fatal errors are certificate errors (\*(L"certificate expired\*(R", +\&\*(L"unsupported certificate\*(R"), for which a warning alert may be sent. +(The sending party may however decide to send a fatal error.) The +receiving side may cancel the connection on reception of a warning +alert on it discretion. +.PP +Several alert messages must be sent as fatal alert messages as specified +by the \s-1TLS\s0 \s-1RFC\s0. A fatal alert always leads to a connection abort. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following strings can occur for \fISSL_alert_type_string()\fR or +\&\fISSL_alert_type_string_long()\fR: +.ie n .IP """W""/""warning""" 4 +.el .IP "``W''/``warning''" 4 +.IX Item "W/warning" +.PD 0 +.ie n .IP """F""/""fatal""" 4 +.el .IP "``F''/``fatal''" 4 +.IX Item "F/fatal" +.ie n .IP """U""/""unknown""" 4 +.el .IP "``U''/``unknown''" 4 +.IX Item "U/unknown" +.PD +This indicates that no support is available for this alert type. +Probably \fBvalue\fR does not contain a correct alert message. +.PP +The following strings can occur for \fISSL_alert_desc_string()\fR or +\&\fISSL_alert_desc_string_long()\fR: +.ie n .IP """\s-1CN\s0""/""close notify""" 4 +.el .IP "``\s-1CN\s0''/``close notify''" 4 +.IX Item "CN/close notify" +The connection shall be closed. This is a warning alert. +.ie n .IP """\s-1UM\s0""/""unexpected message""" 4 +.el .IP "``\s-1UM\s0''/``unexpected message''" 4 +.IX Item "UM/unexpected message" +An inappropriate message was received. This alert is always fatal +and should never be observed in communication between proper +implementations. +.ie n .IP """\s-1BM\s0""/""bad record mac""" 4 +.el .IP "``\s-1BM\s0''/``bad record mac''" 4 +.IX Item "BM/bad record mac" +This alert is returned if a record is received with an incorrect +\&\s-1MAC\s0. This message is always fatal. +.ie n .IP """\s-1DF\s0""/""decompression failure""" 4 +.el .IP "``\s-1DF\s0''/``decompression failure''" 4 +.IX Item "DF/decompression failure" +The decompression function received improper input (e.g. data +that would expand to excessive length). This message is always +fatal. +.ie n .IP """\s-1HF\s0""/""handshake failure""" 4 +.el .IP "``\s-1HF\s0''/``handshake failure''" 4 +.IX Item "HF/handshake failure" +Reception of a handshake_failure alert message indicates that the +sender was unable to negotiate an acceptable set of security +parameters given the options available. This is a fatal error. +.ie n .IP """\s-1NC\s0""/""no certificate""" 4 +.el .IP "``\s-1NC\s0''/``no certificate''" 4 +.IX Item "NC/no certificate" +A client, that was asked to send a certificate, does not send a certificate +(SSLv3 only). +.ie n .IP """\s-1BC\s0""/""bad certificate""" 4 +.el .IP "``\s-1BC\s0''/``bad certificate''" 4 +.IX Item "BC/bad certificate" +A certificate was corrupt, contained signatures that did not +verify correctly, etc +.ie n .IP """\s-1UC\s0""/""unsupported certificate""" 4 +.el .IP "``\s-1UC\s0''/``unsupported certificate''" 4 +.IX Item "UC/unsupported certificate" +A certificate was of an unsupported type. +.ie n .IP """\s-1CR\s0""/""certificate revoked""" 4 +.el .IP "``\s-1CR\s0''/``certificate revoked''" 4 +.IX Item "CR/certificate revoked" +A certificate was revoked by its signer. +.ie n .IP """\s-1CE\s0""/""certificate expired""" 4 +.el .IP "``\s-1CE\s0''/``certificate expired''" 4 +.IX Item "CE/certificate expired" +A certificate has expired or is not currently valid. +.ie n .IP """\s-1CU\s0""/""certificate unknown""" 4 +.el .IP "``\s-1CU\s0''/``certificate unknown''" 4 +.IX Item "CU/certificate unknown" +Some other (unspecified) issue arose in processing the +certificate, rendering it unacceptable. +.ie n .IP """\s-1IP\s0""/""illegal parameter""" 4 +.el .IP "``\s-1IP\s0''/``illegal parameter''" 4 +.IX Item "IP/illegal parameter" +A field in the handshake was out of range or inconsistent with +other fields. This is always fatal. +.ie n .IP """\s-1DC\s0""/""decryption failed""" 4 +.el .IP "``\s-1DC\s0''/``decryption failed''" 4 +.IX Item "DC/decryption failed" +A TLSCiphertext decrypted in an invalid way: either it wasn't an +even multiple of the block length or its padding values, when +checked, weren't correct. This message is always fatal. +.ie n .IP """\s-1RO\s0""/""record overflow""" 4 +.el .IP "``\s-1RO\s0''/``record overflow''" 4 +.IX Item "RO/record overflow" +A TLSCiphertext record was received which had a length more than +2^14+2048 bytes, or a record decrypted to a TLSCompressed record +with more than 2^14+1024 bytes. This message is always fatal. +.ie n .IP """\s-1CA\s0""/""unknown \s-1CA\s0""" 4 +.el .IP "``\s-1CA\s0''/``unknown \s-1CA\s0''" 4 +.IX Item "CA/unknown CA" +A valid certificate chain or partial chain was received, but the +certificate was not accepted because the \s-1CA\s0 certificate could not +be located or couldn't be matched with a known, trusted \s-1CA\s0. This +message is always fatal. +.ie n .IP """\s-1AD\s0""/""access denied""" 4 +.el .IP "``\s-1AD\s0''/``access denied''" 4 +.IX Item "AD/access denied" +A valid certificate was received, but when access control was +applied, the sender decided not to proceed with negotiation. +This message is always fatal. +.ie n .IP """\s-1DE\s0""/""decode error""" 4 +.el .IP "``\s-1DE\s0''/``decode error''" 4 +.IX Item "DE/decode error" +A message could not be decoded because some field was out of the +specified range or the length of the message was incorrect. This +message is always fatal. +.ie n .IP """\s-1CY\s0""/""decrypt error""" 4 +.el .IP "``\s-1CY\s0''/``decrypt error''" 4 +.IX Item "CY/decrypt error" +A handshake cryptographic operation failed, including being +unable to correctly verify a signature, decrypt a key exchange, +or validate a finished message. +.ie n .IP """\s-1ER\s0""/""export restriction""" 4 +.el .IP "``\s-1ER\s0''/``export restriction''" 4 +.IX Item "ER/export restriction" +A negotiation not in compliance with export restrictions was +detected; for example, attempting to transfer a 1024 bit +ephemeral \s-1RSA\s0 key for the \s-1RSA_EXPORT\s0 handshake method. This +message is always fatal. +.ie n .IP """\s-1PV\s0""/""protocol version""" 4 +.el .IP "``\s-1PV\s0''/``protocol version''" 4 +.IX Item "PV/protocol version" +The protocol version the client has attempted to negotiate is +recognized, but not supported. (For example, old protocol +versions might be avoided for security reasons). This message is +always fatal. +.ie n .IP """\s-1IS\s0""/""insufficient security""" 4 +.el .IP "``\s-1IS\s0''/``insufficient security''" 4 +.IX Item "IS/insufficient security" +Returned instead of handshake_failure when a negotiation has +failed specifically because the server requires ciphers more +secure than those supported by the client. This message is always +fatal. +.ie n .IP """\s-1IE\s0""/""internal error""" 4 +.el .IP "``\s-1IE\s0''/``internal error''" 4 +.IX Item "IE/internal error" +An internal error unrelated to the peer or the correctness of the +protocol makes it impossible to continue (such as a memory +allocation failure). This message is always fatal. +.ie n .IP """\s-1US\s0""/""user canceled""" 4 +.el .IP "``\s-1US\s0''/``user canceled''" 4 +.IX Item "US/user canceled" +This handshake is being canceled for some reason unrelated to a +protocol failure. If the user cancels an operation after the +handshake is complete, just closing the connection by sending a +close_notify is more appropriate. This alert should be followed +by a close_notify. This message is generally a warning. +.ie n .IP """\s-1NR\s0""/""no renegotiation""" 4 +.el .IP "``\s-1NR\s0''/``no renegotiation''" 4 +.IX Item "NR/no renegotiation" +Sent by the client in response to a hello request or by the +server in response to a client hello after initial handshaking. +Either of these would normally lead to renegotiation; when that +is not appropriate, the recipient should respond with this alert; +at that point, the original requester can decide whether to +proceed with the connection. One case where this would be +appropriate would be where a server has spawned a process to +satisfy a request; the process might receive security parameters +(key length, authentication, etc.) at startup and it might be +difficult to communicate changes to these parameters after that +point. This message is always a warning. +.ie n .IP """\s-1UP\s0""/""unknown \s-1PSK\s0 identity""" 4 +.el .IP "``\s-1UP\s0''/``unknown \s-1PSK\s0 identity''" 4 +.IX Item "UP/unknown PSK identity" +Sent by the server to indicate that it does not recognize a \s-1PSK\s0 +identity or an \s-1SRP\s0 identity. +.ie n .IP """\s-1UK\s0""/""unknown""" 4 +.el .IP "``\s-1UK\s0''/``unknown''" 4 +.IX Item "UK/unknown" +This indicates that no description is available for this alert type. +Probably \fBvalue\fR does not contain a correct alert message. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_CTX_set_info_callback\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_alloc_buffers.3 b/linux_amd64/share/man/man3/SSL_alloc_buffers.3 new file mode 100755 index 0000000..b3f3f6f --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_alloc_buffers.3 @@ -0,0 +1,185 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_ALLOC_BUFFERS 3" +.TH SSL_ALLOC_BUFFERS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_free_buffers, SSL_alloc_buffers \- manage SSL structure buffers +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_free_buffers(SSL *ssl); +\& int SSL_alloc_buffers(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_free_buffers()\fR frees the read and write buffers of the given \fBssl\fR. +\&\fISSL_alloc_buffers()\fR allocates the read and write buffers of the given \fBssl\fR. +.PP +The \fB\s-1SSL_MODE_RELEASE_BUFFERS\s0\fR mode releases read or write buffers whenever +the buffers have been drained. These functions allow applications to manually +control when buffers are freed and allocated. +.PP +After freeing the buffers, the buffers are automatically reallocated upon a +new read or write. The \fISSL_alloc_buffers()\fR does not need to be called, but +can be used to make sure the buffers are pre-allocated. This can be used to +avoid allocation during data processing or with \fICRYPTO_set_mem_functions()\fR +to control where and how buffers are allocated. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "0 (Failure)" 4 +.IX Item "0 (Failure)" +The \fISSL_free_buffers()\fR function returns 0 when there is pending data to be +read or written. The \fISSL_alloc_buffers()\fR function returns 0 when there is +an allocation failure. +.IP "1 (Success)" 4 +.IX Item "1 (Success)" +The \fISSL_free_buffers()\fR function returns 1 if the buffers have been freed. This +value is also returned if the buffers had been freed before calling +\&\fISSL_free_buffers()\fR. +The \fISSL_alloc_buffers()\fR function returns 1 if the buffers have been allocated. +This value is also returned if the buffers had been allocated before calling +\&\fISSL_alloc_buffers()\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_free\fR\|(3), \fISSL_clear\fR\|(3), +\&\fISSL_new\fR\|(3), \fISSL_CTX_set_mode\fR\|(3), +\&\fICRYPTO_set_mem_functions\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_check_chain.3 b/linux_amd64/share/man/man3/SSL_check_chain.3 new file mode 100755 index 0000000..50a242d --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_check_chain.3 @@ -0,0 +1,216 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CHECK_CHAIN 3" +.TH SSL_CHECK_CHAIN 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_check_chain \- check certificate chain suitability +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_check_chain()\fR checks whether certificate \fBx\fR, private key \fBpk\fR and +certificate chain \fBchain\fR is suitable for use with the current session +\&\fBs\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_check_chain()\fR returns a bitmap of flags indicating the validity of the +chain. +.PP +\&\fB\s-1CERT_PKEY_VALID\s0\fR: the chain can be used with the current session. +If this flag is \fBnot\fR set then the certificate will never be used even +if the application tries to set it because it is inconsistent with the +peer preferences. +.PP +\&\fB\s-1CERT_PKEY_SIGN\s0\fR: the \s-1EE\s0 key can be used for signing. +.PP +\&\fB\s-1CERT_PKEY_EE_SIGNATURE\s0\fR: the signature algorithm of the \s-1EE\s0 certificate is +acceptable. +.PP +\&\fB\s-1CERT_PKEY_CA_SIGNATURE\s0\fR: the signature algorithms of all \s-1CA\s0 certificates +are acceptable. +.PP +\&\fB\s-1CERT_PKEY_EE_PARAM\s0\fR: the parameters of the end entity certificate are +acceptable (e.g. it is a supported curve). +.PP +\&\fB\s-1CERT_PKEY_CA_PARAM\s0\fR: the parameters of all \s-1CA\s0 certificates are acceptable. +.PP +\&\fB\s-1CERT_PKEY_EXPLICIT_SIGN\s0\fR: the end entity certificate algorithm +can be used explicitly for signing (i.e. it is mentioned in the signature +algorithms extension). +.PP +\&\fB\s-1CERT_PKEY_ISSUER_NAME\s0\fR: the issuer name is acceptable. This is only +meaningful for client authentication. +.PP +\&\fB\s-1CERT_PKEY_CERT_TYPE\s0\fR: the certificate type is acceptable. Only meaningful +for client authentication. +.PP +\&\fB\s-1CERT_PKEY_SUITEB\s0\fR: chain is suitable for Suite B use. +.SH "NOTES" +.IX Header "NOTES" +\&\fISSL_check_chain()\fR must be called in servers after a client hello message or in +clients after a certificate request message. It will typically be called +in the certificate callback. +.PP +An application wishing to support multiple certificate chains may call this +function on each chain in turn: starting with the one it considers the +most secure. It could then use the chain of the first set which returns +suitable flags. +.PP +As a minimum the flag \fB\s-1CERT_PKEY_VALID\s0\fR must be set for a chain to be +usable. An application supporting multiple chains with different \s-1CA\s0 signature +algorithms may also wish to check \fB\s-1CERT_PKEY_CA_SIGNATURE\s0\fR too. If no +chain is suitable a server should fall back to the most secure chain which +sets \fB\s-1CERT_PKEY_VALID\s0\fR. +.PP +The validity of a chain is determined by checking if it matches a supported +signature algorithm, supported curves and in the case of client authentication +certificate types and issuer names. +.PP +Since the supported signature algorithms extension is only used in \s-1TLS\s0 1.2, +\&\s-1TLS\s0 1.3 and \s-1DTLS\s0 1.2 the results for earlier versions of \s-1TLS\s0 and \s-1DTLS\s0 may not +be very useful. Applications may wish to specify a different \*(L"legacy\*(R" chain +for earlier versions of \s-1TLS\s0 or \s-1DTLS\s0. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fISSL_CTX_set_cert_cb\fR\|(3), +\&\fIssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_clear.3 b/linux_amd64/share/man/man3/SSL_clear.3 new file mode 100755 index 0000000..0907517 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_clear.3 @@ -0,0 +1,199 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CLEAR 3" +.TH SSL_CLEAR 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_clear \- reset SSL object to allow another connection +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_clear(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Reset \fBssl\fR to allow another connection. All settings (method, ciphers, +BIOs) are kept. +.SH "NOTES" +.IX Header "NOTES" +SSL_clear is used to prepare an \s-1SSL\s0 object for a new connection. While all +settings are kept, a side effect is the handling of the current \s-1SSL\s0 session. +If a session is still \fBopen\fR, it is considered bad and will be removed +from the session cache, as required by \s-1RFC2246\s0. A session is considered open, +if \fISSL_shutdown\fR\|(3) was not called for the connection +or at least \fISSL_set_shutdown\fR\|(3) was used to +set the \s-1SSL_SENT_SHUTDOWN\s0 state. +.PP +If a session was closed cleanly, the session object will be kept and all +settings corresponding. This explicitly means, that e.g. the special method +used during the session will be kept for the next handshake. So if the +session was a TLSv1 session, a \s-1SSL\s0 client object will use a TLSv1 client +method for the next handshake and a \s-1SSL\s0 server object will use a TLSv1 +server method, even if TLS_*_methods were chosen on startup. This +will might lead to connection failures (see \fISSL_new\fR\|(3)) +for a description of the method's properties. +.SH "WARNINGS" +.IX Header "WARNINGS" +\&\fISSL_clear()\fR resets the \s-1SSL\s0 object to allow for another connection. The +reset operation however keeps several settings of the last sessions +(some of these settings were made automatically during the last +handshake). It only makes sense for a new connection with the exact +same peer that shares these settings, and may fail if that peer +changes its settings between connections. Use the sequence +\&\fISSL_get_session\fR\|(3); +\&\fISSL_new\fR\|(3); +\&\fISSL_set_session\fR\|(3); +\&\fISSL_free\fR\|(3) +instead to avoid such failures +(or simply \fISSL_free\fR\|(3); \fISSL_new\fR\|(3) +if session reuse is not desired). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "0" 4 +The \fISSL_clear()\fR operation could not be performed. Check the error stack to +find out the reason. +.IP "1" 4 +.IX Item "1" +The \fISSL_clear()\fR operation was successful. +.PP +\&\fISSL_new\fR\|(3), \fISSL_free\fR\|(3), +\&\fISSL_shutdown\fR\|(3), \fISSL_set_shutdown\fR\|(3), +\&\fISSL_CTX_set_options\fR\|(3), \fIssl\fR\|(7), +\&\fISSL_CTX_set_client_cert_cb\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_connect.3 b/linux_amd64/share/man/man3/SSL_connect.3 new file mode 100755 index 0000000..7bc4d30 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_connect.3 @@ -0,0 +1,211 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CONNECT 3" +.TH SSL_CONNECT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_connect \- initiate the TLS/SSL handshake with an TLS/SSL server +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_connect(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_connect()\fR initiates the \s-1TLS/SSL\s0 handshake with a server. The communication +channel must already have been set and assigned to the \fBssl\fR by setting an +underlying \fB\s-1BIO\s0\fR. +.SH "NOTES" +.IX Header "NOTES" +The behaviour of \fISSL_connect()\fR depends on the underlying \s-1BIO\s0. +.PP +If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_connect()\fR will only return once the +handshake has been finished or an error occurred. +.PP +If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fISSL_connect()\fR will also return +when the underlying \s-1BIO\s0 could not satisfy the needs of \fISSL_connect()\fR +to continue the handshake, indicating the problem by the return value \-1. +In this case a call to \fISSL_get_error()\fR with the +return value of \fISSL_connect()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or +\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after +taking appropriate action to satisfy the needs of \fISSL_connect()\fR. +The action depends on the underlying \s-1BIO\s0. When using a non-blocking socket, +nothing is to be done, but \fIselect()\fR can be used to check for the required +condition. When using a buffering \s-1BIO\s0, like a \s-1BIO\s0 pair, data must be written +into or retrieved out of the \s-1BIO\s0 before being able to continue. +.PP +Many systems implement Nagle's algorithm by default which means that it will +buffer outgoing \s-1TCP\s0 data if a \s-1TCP\s0 packet has already been sent for which no +corresponding \s-1ACK\s0 has been received yet from the peer. This can have performance +impacts after a successful TLSv1.3 handshake or a successful TLSv1.2 (or below) +resumption handshake, because the last peer to communicate in the handshake is +the client. If the client is also the first to send application data (as is +typical for many protocols) then this data could be buffered until an \s-1ACK\s0 has +been received for the final handshake message. +.PP +The \fB\s-1TCP_NODELAY\s0\fR socket option is often available to disable Nagle's +algorithm. If an application opts to disable Nagle's algorithm consideration +should be given to turning it back on again later if appropriate. The helper +function \fIBIO_set_tcp_ndelay()\fR can be used to turn on or off the \fB\s-1TCP_NODELAY\s0\fR +option. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "0" 4 +The \s-1TLS/SSL\s0 handshake was not successful but was shut down controlled and +by the specifications of the \s-1TLS/SSL\s0 protocol. Call \fISSL_get_error()\fR with the +return value \fBret\fR to find out the reason. +.IP "1" 4 +.IX Item "1" +The \s-1TLS/SSL\s0 handshake was successfully completed, a \s-1TLS/SSL\s0 connection has been +established. +.IP "<0" 4 +.IX Item "<0" +The \s-1TLS/SSL\s0 handshake was not successful, because a fatal error occurred either +at the protocol level or a connection failure occurred. The shutdown was +not clean. It can also occur of action is need to continue the operation +for non-blocking BIOs. Call \fISSL_get_error()\fR with the return value \fBret\fR +to find out the reason. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fISSL_get_error\fR\|(3), \fISSL_accept\fR\|(3), +\&\fISSL_shutdown\fR\|(3), \fIssl\fR\|(7), \fIbio\fR\|(7), +\&\fISSL_set_connect_state\fR\|(3), +\&\fISSL_do_handshake\fR\|(3), +\&\fISSL_CTX_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_do_handshake.3 b/linux_amd64/share/man/man3/SSL_do_handshake.3 new file mode 100755 index 0000000..8644a1c --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_do_handshake.3 @@ -0,0 +1,195 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_DO_HANDSHAKE 3" +.TH SSL_DO_HANDSHAKE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_do_handshake \- perform a TLS/SSL handshake +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_do_handshake(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_do_handshake()\fR will wait for a \s-1SSL/TLS\s0 handshake to take place. If the +connection is in client mode, the handshake will be started. The handshake +routines may have to be explicitly set in advance using either +\&\fISSL_set_connect_state\fR\|(3) or +\&\fISSL_set_accept_state\fR\|(3). +.SH "NOTES" +.IX Header "NOTES" +The behaviour of \fISSL_do_handshake()\fR depends on the underlying \s-1BIO\s0. +.PP +If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_do_handshake()\fR will only return +once the handshake has been finished or an error occurred. +.PP +If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fISSL_do_handshake()\fR will also return +when the underlying \s-1BIO\s0 could not satisfy the needs of \fISSL_do_handshake()\fR +to continue the handshake. In this case a call to \fISSL_get_error()\fR with the +return value of \fISSL_do_handshake()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or +\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after +taking appropriate action to satisfy the needs of \fISSL_do_handshake()\fR. +The action depends on the underlying \s-1BIO\s0. When using a non-blocking socket, +nothing is to be done, but \fIselect()\fR can be used to check for the required +condition. When using a buffering \s-1BIO\s0, like a \s-1BIO\s0 pair, data must be written +into or retrieved out of the \s-1BIO\s0 before being able to continue. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "0" 4 +The \s-1TLS/SSL\s0 handshake was not successful but was shut down controlled and +by the specifications of the \s-1TLS/SSL\s0 protocol. Call \fISSL_get_error()\fR with the +return value \fBret\fR to find out the reason. +.IP "1" 4 +.IX Item "1" +The \s-1TLS/SSL\s0 handshake was successfully completed, a \s-1TLS/SSL\s0 connection has been +established. +.IP "<0" 4 +.IX Item "<0" +The \s-1TLS/SSL\s0 handshake was not successful because a fatal error occurred either +at the protocol level or a connection failure occurred. The shutdown was +not clean. It can also occur of action is need to continue the operation +for non-blocking BIOs. Call \fISSL_get_error()\fR with the return value \fBret\fR +to find out the reason. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fISSL_get_error\fR\|(3), \fISSL_connect\fR\|(3), +\&\fISSL_accept\fR\|(3), \fIssl\fR\|(7), \fIbio\fR\|(7), +\&\fISSL_set_connect_state\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_export_keying_material.3 b/linux_amd64/share/man/man3/SSL_export_keying_material.3 new file mode 100755 index 0000000..c4ae0a3 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_export_keying_material.3 @@ -0,0 +1,213 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_EXPORT_KEYING_MATERIAL 3" +.TH SSL_EXPORT_KEYING_MATERIAL 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_export_keying_material, +SSL_export_keying_material_early +\&\- obtain keying material for application use +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, +\& const char *label, size_t llen, +\& const unsigned char *context, +\& size_t contextlen, int use_context); +\& +\& int SSL_export_keying_material_early(SSL *s, unsigned char *out, size_t olen, +\& const char *label, size_t llen, +\& const unsigned char *context, +\& size_t contextlen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +During the creation of a \s-1TLS\s0 or \s-1DTLS\s0 connection shared keying material is +established between the two endpoints. The functions +\&\fISSL_export_keying_material()\fR and \fISSL_export_keying_material_early()\fR enable an +application to use some of this keying material for its own purposes in +accordance with \s-1RFC5705\s0 (for TLSv1.2 and below) or \s-1RFC8446\s0 (for TLSv1.3). +.PP +\&\fISSL_export_keying_material()\fR derives keying material using +the \fIexporter_master_secret\fR established in the handshake. +.PP +\&\fISSL_export_keying_material_early()\fR is only usable with TLSv1.3, and derives +keying material using the \fIearly_exporter_master_secret\fR (as defined in the +\&\s-1TLS\s0 1.3 \s-1RFC\s0). For the client, the \fIearly_exporter_master_secret\fR is only +available when the client attempts to send 0\-RTT data. For the server, it is +only available when the server accepts 0\-RTT data. +.PP +An application may need to securely establish the context within which this +keying material will be used. For example this may include identifiers for the +application session, application algorithms or parameters, or the lifetime of +the context. The context value is left to the application but must be the same +on both sides of the communication. +.PP +For a given \s-1SSL\s0 connection \fBs\fR, \fBolen\fR bytes of data will be written to +\&\fBout\fR. The application specific context should be supplied in the location +pointed to by \fBcontext\fR and should be \fBcontextlen\fR bytes long. Provision of +a context is optional. If the context should be omitted entirely then +\&\fBuse_context\fR should be set to 0. Otherwise it should be any other value. If +\&\fBuse_context\fR is 0 then the values of \fBcontext\fR and \fBcontextlen\fR are ignored. +Note that in TLSv1.2 and below a zero length context is treated differently from +no context at all, and will result in different keying material being returned. +In TLSv1.3 a zero length context is that same as no context at all and will +result in the same keying material being returned. +.PP +An application specific label should be provided in the location pointed to by +\&\fBlabel\fR and should be \fBllen\fR bytes long. Typically this will be a value from +the \s-1IANA\s0 Exporter Label Registry +(https://www.iana.org/assignments/tls\-parameters/tls\-parameters.xhtml#exporter\-labels ). +Alternatively labels beginning with \*(L"\s-1EXPERIMENTAL\s0\*(R" are permitted by the standard +to be used without registration. TLSv1.3 imposes a maximum label length of +249 bytes. +.PP +Note that this function is only defined for TLSv1.0 and above, and DTLSv1.0 and +above. Attempting to use it in SSLv3 will result in an error. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_export_keying_material()\fR returns 0 or \-1 on failure or 1 on success. +.PP +\&\fISSL_export_keying_material_early()\fR returns 0 on failure or 1 on success. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \fISSL_export_keying_material_early()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_extension_supported.3 b/linux_amd64/share/man/man3/SSL_extension_supported.3 new file mode 100755 index 0000000..f38a814 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_extension_supported.3 @@ -0,0 +1,400 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_EXTENSION_SUPPORTED 3" +.TH SSL_EXTENSION_SUPPORTED 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_extension_supported, +SSL_custom_ext_add_cb_ex, +SSL_custom_ext_free_cb_ex, +SSL_custom_ext_parse_cb_ex, +SSL_CTX_add_custom_ext, +SSL_CTX_add_client_custom_ext, SSL_CTX_add_server_custom_ext, +custom_ext_add_cb, custom_ext_free_cb, custom_ext_parse_cb +\&\- custom TLS extension handling +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef int (*SSL_custom_ext_add_cb_ex)(SSL *s, unsigned int ext_type, +\& unsigned int context, +\& const unsigned char **out, +\& size_t *outlen, X509 *x, +\& size_t chainidx, int *al, +\& void *add_arg); +\& +\& typedef void (*SSL_custom_ext_free_cb_ex)(SSL *s, unsigned int ext_type, +\& unsigned int context, +\& const unsigned char *out, +\& void *add_arg); +\& +\& typedef int (*SSL_custom_ext_parse_cb_ex)(SSL *s, unsigned int ext_type, +\& unsigned int context, +\& const unsigned char *in, +\& size_t inlen, X509 *x, +\& size_t chainidx, int *al, +\& void *parse_arg); +\& +\& int SSL_CTX_add_custom_ext(SSL_CTX *ctx, unsigned int ext_type, +\& unsigned int context, +\& SSL_custom_ext_add_cb_ex add_cb, +\& SSL_custom_ext_free_cb_ex free_cb, +\& void *add_arg, +\& SSL_custom_ext_parse_cb_ex parse_cb, +\& void *parse_arg); +\& +\& typedef int (*custom_ext_add_cb)(SSL *s, unsigned int ext_type, +\& const unsigned char **out, +\& size_t *outlen, int *al, +\& void *add_arg); +\& +\& typedef void (*custom_ext_free_cb)(SSL *s, unsigned int ext_type, +\& const unsigned char *out, +\& void *add_arg); +\& +\& typedef int (*custom_ext_parse_cb)(SSL *s, unsigned int ext_type, +\& const unsigned char *in, +\& size_t inlen, int *al, +\& void *parse_arg); +\& +\& int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type, +\& custom_ext_add_cb add_cb, +\& custom_ext_free_cb free_cb, void *add_arg, +\& custom_ext_parse_cb parse_cb, +\& void *parse_arg); +\& +\& int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type, +\& custom_ext_add_cb add_cb, +\& custom_ext_free_cb free_cb, void *add_arg, +\& custom_ext_parse_cb parse_cb, +\& void *parse_arg); +\& +\& int SSL_extension_supported(unsigned int ext_type); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_add_custom_ext()\fR adds a custom extension for a \s-1TLS/DTLS\s0 client or server +for all supported protocol versions with extension type \fBext_type\fR and +callbacks \fBadd_cb\fR, \fBfree_cb\fR and \fBparse_cb\fR (see the +\&\*(L"\s-1EXTENSION\s0 \s-1CALLBACKS\s0\*(R" section below). The \fBcontext\fR value determines +which messages and under what conditions the extension will be added/parsed (see +the \*(L"\s-1EXTENSION\s0 \s-1CONTEXTS\s0\*(R" section below). +.PP +\&\fISSL_CTX_add_client_custom_ext()\fR adds a custom extension for a \s-1TLS/DTLS\s0 client +with extension type \fBext_type\fR and callbacks \fBadd_cb\fR, \fBfree_cb\fR and +\&\fBparse_cb\fR. This function is similar to \fISSL_CTX_add_custom_ext()\fR except it only +applies to clients, uses the older style of callbacks, and implicitly sets the +\&\fBcontext\fR value to: +.PP +.Vb 2 +\& SSL_EXT_TLS1_2_AND_BELOW_ONLY | SSL_EXT_CLIENT_HELLO +\& | SSL_EXT_TLS1_2_SERVER_HELLO | SSL_EXT_IGNORE_ON_RESUMPTION +.Ve +.PP +\&\fISSL_CTX_add_server_custom_ext()\fR adds a custom extension for a \s-1TLS/DTLS\s0 server +with extension type \fBext_type\fR and callbacks \fBadd_cb\fR, \fBfree_cb\fR and +\&\fBparse_cb\fR. This function is similar to \fISSL_CTX_add_custom_ext()\fR except it +only applies to servers, uses the older style of callbacks, and implicitly sets +the \fBcontext\fR value to the same as for \fISSL_CTX_add_client_custom_ext()\fR above. +.PP +The \fBext_type\fR parameter corresponds to the \fBextension_type\fR field of +\&\s-1RFC5246\s0 et al. It is \fBnot\fR a \s-1NID\s0. In all cases the extension type must not be +handled by OpenSSL internally or an error occurs. +.PP +\&\fISSL_extension_supported()\fR returns 1 if the extension \fBext_type\fR is handled +internally by OpenSSL and 0 otherwise. +.SH "EXTENSION CALLBACKS" +.IX Header "EXTENSION CALLBACKS" +The callback \fBadd_cb\fR is called to send custom extension data to be +included in various \s-1TLS\s0 messages. The \fBext_type\fR parameter is set to the +extension type which will be added and \fBadd_arg\fR to the value set when the +extension handler was added. When using the new style callbacks the \fBcontext\fR +parameter will indicate which message is currently being constructed e.g. for +the ClientHello it will be set to \fB\s-1SSL_EXT_CLIENT_HELLO\s0\fR. +.PP +If the application wishes to include the extension \fBext_type\fR it should +set \fB*out\fR to the extension data, set \fB*outlen\fR to the length of the +extension data and return 1. +.PP +If the \fBadd_cb\fR does not wish to include the extension it must return 0. +.PP +If \fBadd_cb\fR returns \-1 a fatal handshake error occurs using the \s-1TLS\s0 +alert value specified in \fB*al\fR. +.PP +When constructing the ClientHello, if \fBadd_cb\fR is set to \s-1NULL\s0 a zero length +extension is added for \fBext_type\fR. For all other messages if \fBadd_cb\fR is set +to \s-1NULL\s0 then no extension is added. +.PP +When constructing a Certificate message the callback will be called for each +certificate in the message. The \fBx\fR parameter will indicate the +current certificate and the \fBchainidx\fR parameter will indicate the position +of the certificate in the message. The first certificate is always the end +entity certificate and has a \fBchainidx\fR value of 0. The certificates are in the +order that they were received in the Certificate message. +.PP +For all messages except the ServerHello and EncryptedExtensions every +registered \fBadd_cb\fR is always called to see if the application wishes to add an +extension (as long as all requirements of the specified \fBcontext\fR are met). +.PP +For the ServerHello and EncryptedExtension messages every registered \fBadd_cb\fR +is called once if and only if the requirements of the specified \fBcontext\fR are +met and the corresponding extension was received in the ClientHello. That is, if +no corresponding extension was received in the ClientHello then \fBadd_cb\fR will +not be called. +.PP +If an extension is added (that is \fBadd_cb\fR returns 1) \fBfree_cb\fR is called +(if it is set) with the value of \fBout\fR set by the add callback. It can be +used to free up any dynamic extension data set by \fBadd_cb\fR. Since \fBout\fR is +constant (to permit use of constant data in \fBadd_cb\fR) applications may need to +cast away const to free the data. +.PP +The callback \fBparse_cb\fR receives data for \s-1TLS\s0 extensions. The callback is only +called if the extension is present and relevant for the context (see +\&\*(L"\s-1EXTENSION\s0 \s-1CONTEXTS\s0\*(R" below). +.PP +The extension data consists of \fBinlen\fR bytes in the buffer \fBin\fR for the +extension \fBext_type\fR. +.PP +If the message being parsed is a TLSv1.3 compatible Certificate message then +\&\fBparse_cb\fR will be called for each certificate contained within the message. +The \fBx\fR parameter will indicate the current certificate and the \fBchainidx\fR +parameter will indicate the position of the certificate in the message. The +first certificate is always the end entity certificate and has a \fBchainidx\fR +value of 0. +.PP +If the \fBparse_cb\fR considers the extension data acceptable it must return +1. If it returns 0 or a negative value a fatal handshake error occurs +using the \s-1TLS\s0 alert value specified in \fB*al\fR. +.PP +The buffer \fBin\fR is a temporary internal buffer which will not be valid after +the callback returns. +.SH "EXTENSION CONTEXTS" +.IX Header "EXTENSION CONTEXTS" +An extension context defines which messages and under which conditions an +extension should be added or expected. The context is built up by performing +a bitwise \s-1OR\s0 of multiple pre-defined values together. The valid context values +are: +.IP "\s-1SSL_EXT_TLS_ONLY\s0" 4 +.IX Item "SSL_EXT_TLS_ONLY" +The extension is only allowed in \s-1TLS\s0 +.IP "\s-1SSL_EXT_DTLS_ONLY\s0" 4 +.IX Item "SSL_EXT_DTLS_ONLY" +The extension is only allowed in \s-1DTLS\s0 +.IP "\s-1SSL_EXT_TLS_IMPLEMENTATION_ONLY\s0" 4 +.IX Item "SSL_EXT_TLS_IMPLEMENTATION_ONLY" +The extension is allowed in \s-1DTLS\s0, but there is only a \s-1TLS\s0 implementation +available (so it is ignored in \s-1DTLS\s0). +.IP "\s-1SSL_EXT_SSL3_ALLOWED\s0" 4 +.IX Item "SSL_EXT_SSL3_ALLOWED" +Extensions are not typically defined for SSLv3. Setting this value will allow +the extension in SSLv3. Applications will not typically need to use this. +.IP "\s-1SSL_EXT_TLS1_2_AND_BELOW_ONLY\s0" 4 +.IX Item "SSL_EXT_TLS1_2_AND_BELOW_ONLY" +The extension is only defined for TLSv1.2/DTLSv1.2 and below. Servers will +ignore this extension if it is present in the ClientHello and TLSv1.3 is +negotiated. +.IP "\s-1SSL_EXT_TLS1_3_ONLY\s0" 4 +.IX Item "SSL_EXT_TLS1_3_ONLY" +The extension is only defined for \s-1TLS1\s0.3 and above. Servers will ignore this +extension if it is present in the ClientHello and TLSv1.2 or below is +negotiated. +.IP "\s-1SSL_EXT_IGNORE_ON_RESUMPTION\s0" 4 +.IX Item "SSL_EXT_IGNORE_ON_RESUMPTION" +The extension will be ignored during parsing if a previous session is being +successfully resumed. +.IP "\s-1SSL_EXT_CLIENT_HELLO\s0" 4 +.IX Item "SSL_EXT_CLIENT_HELLO" +The extension may be present in the ClientHello message. +.IP "\s-1SSL_EXT_TLS1_2_SERVER_HELLO\s0" 4 +.IX Item "SSL_EXT_TLS1_2_SERVER_HELLO" +The extension may be present in a TLSv1.2 or below compatible ServerHello +message. +.IP "\s-1SSL_EXT_TLS1_3_SERVER_HELLO\s0" 4 +.IX Item "SSL_EXT_TLS1_3_SERVER_HELLO" +The extension may be present in a TLSv1.3 compatible ServerHello message. +.IP "\s-1SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS\s0" 4 +.IX Item "SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS" +The extension may be present in an EncryptedExtensions message. +.IP "\s-1SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST\s0" 4 +.IX Item "SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST" +The extension may be present in a HelloRetryRequest message. +.IP "\s-1SSL_EXT_TLS1_3_CERTIFICATE\s0" 4 +.IX Item "SSL_EXT_TLS1_3_CERTIFICATE" +The extension may be present in a TLSv1.3 compatible Certificate message. +.IP "\s-1SSL_EXT_TLS1_3_NEW_SESSION_TICKET\s0" 4 +.IX Item "SSL_EXT_TLS1_3_NEW_SESSION_TICKET" +The extension may be present in a TLSv1.3 compatible NewSessionTicket message. +.IP "\s-1SSL_EXT_TLS1_3_CERTIFICATE_REQUEST\s0" 4 +.IX Item "SSL_EXT_TLS1_3_CERTIFICATE_REQUEST" +The extension may be present in a TLSv1.3 compatible CertificateRequest message. +.PP +The context must include at least one message value (otherwise the extension +will never be used). +.SH "NOTES" +.IX Header "NOTES" +The \fBadd_arg\fR and \fBparse_arg\fR parameters can be set to arbitrary values +which will be passed to the corresponding callbacks. They can, for example, +be used to store the extension data received in a convenient structure or +pass the extension data to be added or freed when adding extensions. +.PP +If the same custom extension type is received multiple times a fatal +\&\fBdecode_error\fR alert is sent and the handshake aborts. If a custom extension +is received in a ServerHello/EncryptedExtensions message which was not sent in +the ClientHello a fatal \fBunsupported_extension\fR alert is sent and the +handshake is aborted. The ServerHello/EncryptedExtensions \fBadd_cb\fR callback is +only called if the corresponding extension was received in the ClientHello. This +is compliant with the \s-1TLS\s0 specifications. This behaviour ensures that each +callback is called at most once and that an application can never send +unsolicited extensions. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_add_custom_ext()\fR, \fISSL_CTX_add_client_custom_ext()\fR and +\&\fISSL_CTX_add_server_custom_ext()\fR return 1 for success and 0 for failure. A +failure can occur if an attempt is made to add the same \fBext_type\fR more than +once, if an attempt is made to use an extension type handled internally by +OpenSSL or if an internal error occurs (for example a memory allocation +failure). +.PP +\&\fISSL_extension_supported()\fR returns 1 if the extension \fBext_type\fR is handled +internally by OpenSSL and 0 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \fISSL_CTX_add_custom_ext()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2014\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_free.3 b/linux_amd64/share/man/man3/SSL_free.3 new file mode 100755 index 0000000..f1015b3 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_free.3 @@ -0,0 +1,177 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_FREE 3" +.TH SSL_FREE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_free \- free an allocated SSL structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_free(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_free()\fR decrements the reference count of \fBssl\fR, and removes the \s-1SSL\s0 +structure pointed to by \fBssl\fR and frees up the allocated memory if the +reference count has reached 0. +If \fBssl\fR is \s-1NULL\s0 nothing is done. +.SH "NOTES" +.IX Header "NOTES" +\&\fISSL_free()\fR also calls the \fIfree()\fRing procedures for indirectly affected items, if +applicable: the buffering \s-1BIO\s0, the read and write BIOs, +cipher lists specially created for this \fBssl\fR, the \fB\s-1SSL_SESSION\s0\fR. +Do not explicitly free these indirectly freed up items before or after +calling \fISSL_free()\fR, as trying to free things twice may lead to program +failure. +.PP +The ssl session has reference counts from two users: the \s-1SSL\s0 object, for +which the reference count is removed by \fISSL_free()\fR and the internal +session cache. If the session is considered bad, because +\&\fISSL_shutdown\fR\|(3) was not called for the connection +and \fISSL_set_shutdown\fR\|(3) was not used to set the +\&\s-1SSL_SENT_SHUTDOWN\s0 state, the session will also be removed +from the session cache as required by \s-1RFC2246\s0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_free()\fR does not provide diagnostic information. +.PP +\&\fISSL_new\fR\|(3), \fISSL_clear\fR\|(3), +\&\fISSL_shutdown\fR\|(3), \fISSL_set_shutdown\fR\|(3), +\&\fIssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_get0_peer_scts.3 b/linux_amd64/share/man/man3/SSL_get0_peer_scts.3 new file mode 100755 index 0000000..bdae00f --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_get0_peer_scts.3 @@ -0,0 +1,167 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET0_PEER_SCTS 3" +.TH SSL_GET0_PEER_SCTS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get0_peer_scts \- get SCTs received +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_get0_peer_scts()\fR returns the signed certificate timestamps (SCTs) that have +been received. If this is the first time that this function has been called for +a given \fB\s-1SSL\s0\fR instance, it will examine the \s-1TLS\s0 extensions, \s-1OCSP\s0 response and +the peer's certificate for SCTs. Future calls will return the same SCTs. +.SH "RESTRICTIONS" +.IX Header "RESTRICTIONS" +If no Certificate Transparency validation callback has been set (using +\&\fBSSL_CTX_set_ct_validation_callback\fR or \fBSSL_set_ct_validation_callback\fR), +this function is not guaranteed to return all of the SCTs that the peer is +capable of sending. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_get0_peer_scts()\fR returns a list of SCTs found, or \s-1NULL\s0 if an error occurs. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_CTX_set_ct_validation_callback\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_get_SSL_CTX.3 b/linux_amd64/share/man/man3/SSL_get_SSL_CTX.3 new file mode 100755 index 0000000..034d959 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_get_SSL_CTX.3 @@ -0,0 +1,158 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_SSL_CTX 3" +.TH SSL_GET_SSL_CTX 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_SSL_CTX \- get the SSL_CTX from which an SSL is created +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_get_SSL_CTX()\fR returns a pointer to the \s-1SSL_CTX\s0 object, from which +\&\fBssl\fR was created with \fISSL_new\fR\|(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The pointer to the \s-1SSL_CTX\s0 object is returned. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_get_all_async_fds.3 b/linux_amd64/share/man/man3/SSL_get_all_async_fds.3 new file mode 100755 index 0000000..0f1120f --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_get_all_async_fds.3 @@ -0,0 +1,208 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_ALL_ASYNC_FDS 3" +.TH SSL_GET_ALL_ASYNC_FDS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_waiting_for_async, +SSL_get_all_async_fds, +SSL_get_changed_async_fds +\&\- manage asynchronous operations +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& #include +\& #include +\& +\& int SSL_waiting_for_async(SSL *s); +\& int SSL_get_all_async_fds(SSL *s, OSSL_ASYNC_FD *fd, size_t *numfds); +\& int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd, size_t *numaddfds, +\& OSSL_ASYNC_FD *delfd, size_t *numdelfds); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_waiting_for_async()\fR determines whether an \s-1SSL\s0 connection is currently +waiting for asynchronous operations to complete (see the \fB\s-1SSL_MODE_ASYNC\s0\fR mode +in \fISSL_CTX_set_mode\fR\|(3)). +.PP +\&\fISSL_get_all_async_fds()\fR returns a list of file descriptor which can be used in a +call to \fIselect()\fR or \fIpoll()\fR to determine whether the current asynchronous +operation has completed or not. A completed operation will result in data +appearing as \*(L"read ready\*(R" on the file descriptor (no actual data should be read +from the file descriptor). This function should only be called if the \fB\s-1SSL\s0\fR +object is currently waiting for asynchronous work to complete (i.e. +\&\fB\s-1SSL_ERROR_WANT_ASYNC\s0\fR has been received \- see \fISSL_get_error\fR\|(3)). Typically +the list will only contain one file descriptor. However if multiple asynchronous +capable engines are in use then more than one is possible. The number of file +descriptors returned is stored in \fI*numfds\fR and the file descriptors themselves +are in \fI*fds\fR. The \fIfds\fR parameter may be \s-1NULL\s0 in which case no file +descriptors are returned but \fI*numfds\fR is still populated. It is the callers +responsibility to ensure sufficient memory is allocated at \fI*fds\fR so typically +this function is called twice (once with a \s-1NULL\s0 \fIfds\fR parameter and once +without). +.PP +\&\fISSL_get_changed_async_fds()\fR returns a list of the asynchronous file descriptors +that have been added and a list that have been deleted since the last +\&\fB\s-1SSL_ERROR_WANT_ASYNC\s0\fR was received (or since the \fB\s-1SSL\s0\fR object was created if +no \fB\s-1SSL_ERROR_WANT_ASYNC\s0\fR has been received). Similar to \fISSL_get_all_async_fds()\fR +it is the callers responsibility to ensure that \fI*addfd\fR and \fI*delfd\fR have +sufficient memory allocated, although they may be \s-1NULL\s0. The number of added fds +and the number of deleted fds are stored in \fI*numaddfds\fR and \fI*numdelfds\fR +respectively. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_waiting_for_async()\fR will return 1 if the current \s-1SSL\s0 operation is waiting +for an async operation to complete and 0 otherwise. +.PP +\&\fISSL_get_all_async_fds()\fR and \fISSL_get_changed_async_fds()\fR return 1 on success or +0 on error. +.SH "NOTES" +.IX Header "NOTES" +On Windows platforms the openssl/async.h header is dependent on some +of the types customarily made available by including windows.h. The +application developer is likely to require control over when the latter +is included, commonly as one of the first included headers. Therefore +it is defined as an application developer's responsibility to include +windows.h prior to async.h. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_get_error\fR\|(3), \fISSL_CTX_set_mode\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fISSL_waiting_for_async()\fR, \fISSL_get_all_async_fds()\fR +and \fISSL_get_changed_async_fds()\fR functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_get_ciphers.3 b/linux_amd64/share/man/man3/SSL_get_ciphers.3 new file mode 100755 index 0000000..c1f09f6 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_get_ciphers.3 @@ -0,0 +1,239 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_CIPHERS 3" +.TH SSL_GET_CIPHERS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get1_supported_ciphers, +SSL_get_client_ciphers, +SSL_get_ciphers, +SSL_CTX_get_ciphers, +SSL_bytes_to_cipher_list, +SSL_get_cipher_list, +SSL_get_shared_ciphers +\&\- get list of available SSL_CIPHERs +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *ssl); +\& STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx); +\& STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s); +\& STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *ssl); +\& int SSL_bytes_to_cipher_list(SSL *s, const unsigned char *bytes, size_t len, +\& int isv2format, STACK_OF(SSL_CIPHER) **sk, +\& STACK_OF(SSL_CIPHER) **scsvs); +\& const char *SSL_get_cipher_list(const SSL *ssl, int priority); +\& char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_get_ciphers()\fR returns the stack of available SSL_CIPHERs for \fBssl\fR, +sorted by preference. If \fBssl\fR is \s-1NULL\s0 or no ciphers are available, \s-1NULL\s0 +is returned. +.PP +\&\fISSL_CTX_get_ciphers()\fR returns the stack of available SSL_CIPHERs for \fBctx\fR. +.PP +\&\fISSL_get1_supported_ciphers()\fR returns the stack of enabled SSL_CIPHERs for +\&\fBssl\fR as would be sent in a ClientHello (that is, sorted by preference). +The list depends on settings like the cipher list, the supported protocol +versions, the security level, and the enabled signature algorithms. +\&\s-1SRP\s0 and \s-1PSK\s0 ciphers are only enabled if the appropriate callbacks or settings +have been applied. +The list of ciphers that would be sent in a ClientHello can differ from +the list of ciphers that would be acceptable when acting as a server. +For example, additional ciphers may be usable by a server if there is +a gap in the list of supported protocols, and some ciphers may not be +usable by a server if there is not a suitable certificate configured. +If \fBssl\fR is \s-1NULL\s0 or no ciphers are available, \s-1NULL\s0 is returned. +.PP +\&\fISSL_get_client_ciphers()\fR returns the stack of available SSL_CIPHERs matching the +list received from the client on \fBssl\fR. If \fBssl\fR is \s-1NULL\s0, no ciphers are +available, or \fBssl\fR is not operating in server mode, \s-1NULL\s0 is returned. +.PP +\&\fISSL_bytes_to_cipher_list()\fR treats the supplied \fBlen\fR octets in \fBbytes\fR +as a wire-protocol cipher suite specification (in the three-octet-per-cipher +SSLv2 wire format if \fBisv2format\fR is nonzero; otherwise the two-octet +SSLv3/TLS wire format), and parses the cipher suites supported by the library +into the returned stacks of \s-1SSL_CIPHER\s0 objects sk and Signalling Cipher-Suite +Values scsvs. Unsupported cipher suites are ignored. Returns 1 on success +and 0 on failure. +.PP +\&\fISSL_get_cipher_list()\fR returns a pointer to the name of the \s-1SSL_CIPHER\s0 +listed for \fBssl\fR with \fBpriority\fR. If \fBssl\fR is \s-1NULL\s0, no ciphers are +available, or there are less ciphers than \fBpriority\fR available, \s-1NULL\s0 +is returned. +.PP +\&\fISSL_get_shared_ciphers()\fR creates a colon separated and \s-1NUL\s0 terminated list of +\&\s-1SSL_CIPHER\s0 names that are available in both the client and the server. \fBbuf\fR is +the buffer that should be populated with the list of names and \fBsize\fR is the +size of that buffer. A pointer to \fBbuf\fR is returned on success or \s-1NULL\s0 on +error. If the supplied buffer is not large enough to contain the complete list +of names then a truncated list of names will be returned. Note that just because +a ciphersuite is available (i.e. it is configured in the cipher list) and shared +by both the client and the server it does not mean that it is enabled (see the +description of \fISSL_get1_supported_ciphers()\fR above). This function will return +available shared ciphersuites whether or not they are enabled. This is a server +side function only and must only be called after the completion of the initial +handshake. +.SH "NOTES" +.IX Header "NOTES" +The details of the ciphers obtained by \fISSL_get_ciphers()\fR, \fISSL_CTX_get_ciphers()\fR +\&\fISSL_get1_supported_ciphers()\fR and \fISSL_get_client_ciphers()\fR can be obtained using +the \fISSL_CIPHER_get_name\fR\|(3) family of functions. +.PP +Call \fISSL_get_cipher_list()\fR with \fBpriority\fR starting from 0 to obtain the +sorted list of available ciphers, until \s-1NULL\s0 is returned. +.PP +Note: \fISSL_get_ciphers()\fR, \fISSL_CTX_get_ciphers()\fR and \fISSL_get_client_ciphers()\fR +return a pointer to an internal cipher stack, which will be freed later on when +the \s-1SSL\s0 or \s-1SSL_SESSION\s0 object is freed. Therefore, the calling code \fB\s-1MUST\s0 \s-1NOT\s0\fR +free the return value itself. +.PP +The stack returned by \fISSL_get1_supported_ciphers()\fR should be freed using +\&\fIsk_SSL_CIPHER_free()\fR. +.PP +The stacks returned by \fISSL_bytes_to_cipher_list()\fR should be freed using +\&\fIsk_SSL_CIPHER_free()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +See \s-1DESCRIPTION\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_CTX_set_cipher_list\fR\|(3), +\&\fISSL_CIPHER_get_name\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_get_client_random.3 b/linux_amd64/share/man/man3/SSL_get_client_random.3 new file mode 100755 index 0000000..4eb8e27 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_get_client_random.3 @@ -0,0 +1,224 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_CLIENT_RANDOM 3" +.TH SSL_GET_CLIENT_RANDOM 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_client_random, +SSL_get_server_random, +SSL_SESSION_get_master_key, +SSL_SESSION_set1_master_key +\&\- get internal TLS/SSL random values and get/set master key +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, size_t outlen); +\& size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen); +\& size_t SSL_SESSION_get_master_key(const SSL_SESSION *session, +\& unsigned char *out, size_t outlen); +\& int SSL_SESSION_set1_master_key(SSL_SESSION *sess, const unsigned char *in, +\& size_t len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_get_client_random()\fR extracts the random value sent from the client +to the server during the initial \s-1SSL/TLS\s0 handshake. It copies as many +bytes as it can of this value into the buffer provided in \fBout\fR, +which must have at least \fBoutlen\fR bytes available. It returns the +total number of bytes that were actually copied. If \fBoutlen\fR is +zero, \fISSL_get_client_random()\fR copies nothing, and returns the +total size of the client_random value. +.PP +\&\fISSL_get_server_random()\fR behaves the same, but extracts the random value +sent from the server to the client during the initial \s-1SSL/TLS\s0 handshake. +.PP +\&\fISSL_SESSION_get_master_key()\fR behaves the same, but extracts the master +secret used to guarantee the security of the \s-1SSL/TLS\s0 session. This one +can be dangerous if misused; see \s-1NOTES\s0 below. +.PP +\&\fISSL_SESSION_set1_master_key()\fR sets the master key value associated with the +\&\s-1SSL_SESSION\s0 \fBsess\fR. For example, this could be used to set up a session based +\&\s-1PSK\s0 (see \fISSL_CTX_set_psk_use_session_callback\fR\|(3)). The master key of length +\&\fBlen\fR should be provided at \fBin\fR. The supplied master key is copied by the +function, so the caller is responsible for freeing and cleaning any memory +associated with \fBin\fR. The caller must ensure that the length of the key is +suitable for the ciphersuite associated with the \s-1SSL_SESSION\s0. +.SH "NOTES" +.IX Header "NOTES" +You probably shouldn't use these functions. +.PP +These functions expose internal values from the \s-1TLS\s0 handshake, for +use in low-level protocols. You probably should not use them, unless +you are implementing something that needs access to the internal protocol +details. +.PP +Despite the names of \fISSL_get_client_random()\fR and \fISSL_get_server_random()\fR, they +\&\s-1ARE\s0 \s-1NOT\s0 random number generators. Instead, they return the mostly-random values that +were already generated and used in the \s-1TLS\s0 protocol. Using them +in place of \fIRAND_bytes()\fR would be grossly foolish. +.PP +The security of your \s-1TLS\s0 session depends on keeping the master key secret: +do not expose it, or any information about it, to anybody. +If you need to calculate another secret value that depends on the master +secret, you should probably use \fISSL_export_keying_material()\fR instead, and +forget that you ever saw these functions. +.PP +In current versions of the \s-1TLS\s0 protocols, the length of client_random +(and also server_random) is always \s-1SSL3_RANDOM_SIZE\s0 bytes. Support for +other outlen arguments to the SSL_get_*\fI_random()\fR functions is provided +in case of the unlikely event that a future version or variant of \s-1TLS\s0 +uses some other length there. +.PP +Finally, though the \*(L"client_random\*(R" and \*(L"server_random\*(R" values are called +\&\*(L"random\*(R", many \s-1TLS\s0 implementations will generate four bytes of those +values based on their view of the current time. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_SESSION_set1_master_key()\fR returns 1 on success or 0 on failure. +.PP +For the other functions, if \fBoutlen\fR is greater than 0 then these functions +return the number of bytes actually copied, which will be less than or equal to +\&\fBoutlen\fR. If \fBoutlen\fR is 0 then these functions return the maximum number +of bytes they would copy \*(-- that is, the length of the underlying field. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fIRAND_bytes\fR\|(3), +\&\fISSL_export_keying_material\fR\|(3), +\&\fISSL_CTX_set_psk_use_session_callback\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_get_current_cipher.3 b/linux_amd64/share/man/man3/SSL_get_current_cipher.3 new file mode 100755 index 0000000..5672b4f --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_get_current_cipher.3 @@ -0,0 +1,193 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_CURRENT_CIPHER 3" +.TH SSL_GET_CURRENT_CIPHER 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_current_cipher, SSL_get_cipher_name, SSL_get_cipher, +SSL_get_cipher_bits, SSL_get_cipher_version, +SSL_get_pending_cipher \- get SSL_CIPHER of a connection +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& SSL_CIPHER *SSL_get_current_cipher(const SSL *ssl); +\& SSL_CIPHER *SSL_get_pending_cipher(const SSL *ssl); +\& +\& const char *SSL_get_cipher_name(const SSL *s); +\& const char *SSL_get_cipher(const SSL *s); +\& int SSL_get_cipher_bits(const SSL *s, int *np); +\& const char *SSL_get_cipher_version(const SSL *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_get_current_cipher()\fR returns a pointer to an \s-1SSL_CIPHER\s0 object containing +the description of the actually used cipher of a connection established with +the \fBssl\fR object. +See \fISSL_CIPHER_get_name\fR\|(3) for more details. +.PP +\&\fISSL_get_cipher_name()\fR obtains the +name of the currently used cipher. +\&\fISSL_get_cipher()\fR is identical to \fISSL_get_cipher_name()\fR. +\&\fISSL_get_cipher_bits()\fR is a +macro to obtain the number of secret/algorithm bits used and +\&\fISSL_get_cipher_version()\fR returns the protocol name. +.PP +\&\fISSL_get_pending_cipher()\fR returns a pointer to an \s-1SSL_CIPHER\s0 object containing +the description of the cipher (if any) that has been negotiated for future use +on the connection established with the \fBssl\fR object, but is not yet in use. +This may be the case during handshake processing, when control flow can be +returned to the application via any of several callback methods. The internal +sequencing of handshake processing and callback invocation is not guaranteed +to be stable from release to release, and at present only the callback set +by \fISSL_CTX_set_alpn_select_cb()\fR is guaranteed to have a non-NULL return value. +Other callbacks may be added to this list over time. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_get_current_cipher()\fR returns the cipher actually used, or \s-1NULL\s0 if +no session has been established. +.PP +\&\fISSL_get_pending_cipher()\fR returns the cipher to be used at the next change +of cipher suite, or \s-1NULL\s0 if no such cipher is known. +.SH "NOTES" +.IX Header "NOTES" +SSL_get_cipher, SSL_get_cipher_bits, SSL_get_cipher_version, and +SSL_get_cipher_name are implemented as macros. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_CIPHER_get_name\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_get_default_timeout.3 b/linux_amd64/share/man/man3/SSL_get_default_timeout.3 new file mode 100755 index 0000000..2897304 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_get_default_timeout.3 @@ -0,0 +1,172 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_DEFAULT_TIMEOUT 3" +.TH SSL_GET_DEFAULT_TIMEOUT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_default_timeout \- get default session timeout value +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_get_default_timeout(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_get_default_timeout()\fR returns the default timeout value assigned to +\&\s-1SSL_SESSION\s0 objects negotiated for the protocol valid for \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +Whenever a new session is negotiated, it is assigned a timeout value, +after which it will not be accepted for session reuse. If the timeout +value was not explicitly set using +\&\fISSL_CTX_set_timeout\fR\|(3), the hardcoded default +timeout for the protocol will be used. +.PP +\&\fISSL_get_default_timeout()\fR return this hardcoded value, which is 300 seconds +for all currently supported protocols. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +See description. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_CTX_set_session_cache_mode\fR\|(3), +\&\fISSL_SESSION_get_time\fR\|(3), +\&\fISSL_CTX_flush_sessions\fR\|(3), +\&\fISSL_get_default_timeout\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_get_error.3 b/linux_amd64/share/man/man3/SSL_get_error.3 new file mode 100755 index 0000000..5dda0cb --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_get_error.3 @@ -0,0 +1,284 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_ERROR 3" +.TH SSL_GET_ERROR 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_error \- obtain result code for TLS/SSL I/O operation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_get_error(const SSL *ssl, int ret); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_get_error()\fR returns a result code (suitable for the C \*(L"switch\*(R" +statement) for a preceding call to \fISSL_connect()\fR, \fISSL_accept()\fR, \fISSL_do_handshake()\fR, +\&\fISSL_read_ex()\fR, \fISSL_read()\fR, \fISSL_peek_ex()\fR, \fISSL_peek()\fR, \fISSL_shutdown()\fR, +\&\fISSL_write_ex()\fR or \fISSL_write()\fR on \fBssl\fR. The value returned by that \s-1TLS/SSL\s0 I/O +function must be passed to \fISSL_get_error()\fR in parameter \fBret\fR. +.PP +In addition to \fBssl\fR and \fBret\fR, \fISSL_get_error()\fR inspects the +current thread's OpenSSL error queue. Thus, \fISSL_get_error()\fR must be +used in the same thread that performed the \s-1TLS/SSL\s0 I/O operation, and no +other OpenSSL function calls should appear in between. The current +thread's error queue must be empty before the \s-1TLS/SSL\s0 I/O operation is +attempted, or \fISSL_get_error()\fR will not work reliably. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can currently occur: +.IP "\s-1SSL_ERROR_NONE\s0" 4 +.IX Item "SSL_ERROR_NONE" +The \s-1TLS/SSL\s0 I/O operation completed. This result code is returned +if and only if \fBret > 0\fR. +.IP "\s-1SSL_ERROR_ZERO_RETURN\s0" 4 +.IX Item "SSL_ERROR_ZERO_RETURN" +The \s-1TLS/SSL\s0 peer has closed the connection for writing by sending the +close_notify alert. +No more data can be read. +Note that \fB\s-1SSL_ERROR_ZERO_RETURN\s0\fR does not necessarily +indicate that the underlying transport has been closed. +.IP "\s-1SSL_ERROR_WANT_READ\s0, \s-1SSL_ERROR_WANT_WRITE\s0" 4 +.IX Item "SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE" +The operation did not complete and can be retried later. +.Sp +\&\fB\s-1SSL_ERROR_WANT_READ\s0\fR is returned when the last operation was a read +operation from a non-blocking \fB\s-1BIO\s0\fR. +It means that not enough data was available at this time to complete the +operation. +If at a later time the underlying \fB\s-1BIO\s0\fR has data available for reading the same +function can be called again. +.Sp +\&\fISSL_read()\fR and \fISSL_read_ex()\fR can also set \fB\s-1SSL_ERROR_WANT_READ\s0\fR when there is +still unprocessed data available at either the \fB\s-1SSL\s0\fR or the \fB\s-1BIO\s0\fR layer, even +for a blocking \fB\s-1BIO\s0\fR. +See \fISSL_read\fR\|(3) for more information. +.Sp +\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR is returned when the last operation was a write +to a non-blocking \fB\s-1BIO\s0\fR and it was unable to sent all data to the \fB\s-1BIO\s0\fR. +When the \fB\s-1BIO\s0\fR is writeable again, the same function can be called again. +.Sp +Note that the retry may again lead to an \fB\s-1SSL_ERROR_WANT_READ\s0\fR or +\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR condition. +There is no fixed upper limit for the number of iterations that +may be necessary until progress becomes visible at application +protocol level. +.Sp +It is safe to call \fISSL_read()\fR or \fISSL_read_ex()\fR when more data is available +even when the call that set this error was an \fISSL_write()\fR or \fISSL_write_ex()\fR. +However if the call was an \fISSL_write()\fR or \fISSL_write_ex()\fR, it should be called +again to continue sending the application data. +.Sp +For socket \fB\s-1BIO\s0\fRs (e.g. when \fISSL_set_fd()\fR was used), \fIselect()\fR or +\&\fIpoll()\fR on the underlying socket can be used to find out when the +\&\s-1TLS/SSL\s0 I/O function should be retried. +.Sp +Caveat: Any \s-1TLS/SSL\s0 I/O function can lead to either of +\&\fB\s-1SSL_ERROR_WANT_READ\s0\fR and \fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. +In particular, +\&\fISSL_read_ex()\fR, \fISSL_read()\fR, \fISSL_peek_ex()\fR, or \fISSL_peek()\fR may want to write data +and \fISSL_write()\fR or \fISSL_write_ex()\fR may want to read data. +This is mainly because +\&\s-1TLS/SSL\s0 handshakes may occur at any time during the protocol (initiated by +either the client or the server); \fISSL_read_ex()\fR, \fISSL_read()\fR, \fISSL_peek_ex()\fR, +\&\fISSL_peek()\fR, \fISSL_write_ex()\fR, and \fISSL_write()\fR will handle any pending handshakes. +.IP "\s-1SSL_ERROR_WANT_CONNECT\s0, \s-1SSL_ERROR_WANT_ACCEPT\s0" 4 +.IX Item "SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT" +The operation did not complete; the same \s-1TLS/SSL\s0 I/O function should be +called again later. The underlying \s-1BIO\s0 was not connected yet to the peer +and the call would block in \fIconnect()\fR/\fIaccept()\fR. The \s-1SSL\s0 function should be +called again when the connection is established. These messages can only +appear with a \fIBIO_s_connect()\fR or \fIBIO_s_accept()\fR \s-1BIO\s0, respectively. +In order to find out, when the connection has been successfully established, +on many platforms \fIselect()\fR or \fIpoll()\fR for writing on the socket file descriptor +can be used. +.IP "\s-1SSL_ERROR_WANT_X509_LOOKUP\s0" 4 +.IX Item "SSL_ERROR_WANT_X509_LOOKUP" +The operation did not complete because an application callback set by +\&\fISSL_CTX_set_client_cert_cb()\fR has asked to be called again. +The \s-1TLS/SSL\s0 I/O function should be called again later. +Details depend on the application. +.IP "\s-1SSL_ERROR_WANT_ASYNC\s0" 4 +.IX Item "SSL_ERROR_WANT_ASYNC" +The operation did not complete because an asynchronous engine is still +processing data. This will only occur if the mode has been set to \s-1SSL_MODE_ASYNC\s0 +using \fISSL_CTX_set_mode\fR\|(3) or \fISSL_set_mode\fR\|(3) and an asynchronous capable +engine is being used. An application can determine whether the engine has +completed its processing using \fIselect()\fR or \fIpoll()\fR on the asynchronous wait file +descriptor. This file descriptor is available by calling +\&\fISSL_get_all_async_fds\fR\|(3) or \fISSL_get_changed_async_fds\fR\|(3). The \s-1TLS/SSL\s0 I/O +function should be called again later. The function \fBmust\fR be called from the +same thread that the original call was made from. +.IP "\s-1SSL_ERROR_WANT_ASYNC_JOB\s0" 4 +.IX Item "SSL_ERROR_WANT_ASYNC_JOB" +The asynchronous job could not be started because there were no async jobs +available in the pool (see \fIASYNC_init_thread\fR\|(3)). This will only occur if the +mode has been set to \s-1SSL_MODE_ASYNC\s0 using \fISSL_CTX_set_mode\fR\|(3) or +\&\fISSL_set_mode\fR\|(3) and a maximum limit has been set on the async job pool +through a call to \fIASYNC_init_thread\fR\|(3). The application should retry the +operation after a currently executing asynchronous operation for the current +thread has completed. +.IP "\s-1SSL_ERROR_WANT_CLIENT_HELLO_CB\s0" 4 +.IX Item "SSL_ERROR_WANT_CLIENT_HELLO_CB" +The operation did not complete because an application callback set by +\&\fISSL_CTX_set_client_hello_cb()\fR has asked to be called again. +The \s-1TLS/SSL\s0 I/O function should be called again later. +Details depend on the application. +.IP "\s-1SSL_ERROR_SYSCALL\s0" 4 +.IX Item "SSL_ERROR_SYSCALL" +Some non-recoverable, fatal I/O error occurred. The OpenSSL error queue may +contain more information on the error. For socket I/O on Unix systems, consult +\&\fBerrno\fR for details. If this error occurs then no further I/O operations should +be performed on the connection and \fISSL_shutdown()\fR must not be called. +.Sp +This value can also be returned for other errors, check the error queue for +details. +.IP "\s-1SSL_ERROR_SSL\s0" 4 +.IX Item "SSL_ERROR_SSL" +A non-recoverable, fatal error in the \s-1SSL\s0 library occurred, usually a protocol +error. The OpenSSL error queue contains more information on the error. If this +error occurs then no further I/O operations should be performed on the +connection and \fISSL_shutdown()\fR must not be called. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \s-1SSL_ERROR_WANT_ASYNC\s0 error code was added in OpenSSL 1.1.0. +The \s-1SSL_ERROR_WANT_CLIENT_HELLO_CB\s0 error code was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_get_extms_support.3 b/linux_amd64/share/man/man3/SSL_get_extms_support.3 new file mode 100755 index 0000000..0f3664f --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_get_extms_support.3 @@ -0,0 +1,163 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_EXTMS_SUPPORT 3" +.TH SSL_GET_EXTMS_SUPPORT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_extms_support \- extended master secret support +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_get_extms_support(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_get_extms_support()\fR indicates whether the current session used extended +master secret. +.PP +This function is implemented as a macro. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_get_extms_support()\fR returns 1 if the current session used extended +master secret, 0 if it did not and \-1 if a handshake is currently in +progress i.e. it is not possible to determine if extended master secret +was used. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_get_fd.3 b/linux_amd64/share/man/man3/SSL_get_fd.3 new file mode 100755 index 0000000..0b942d3 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_get_fd.3 @@ -0,0 +1,170 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_FD 3" +.TH SSL_GET_FD 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_fd, SSL_get_rfd, SSL_get_wfd \- get file descriptor linked to an SSL object +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_get_fd(const SSL *ssl); +\& int SSL_get_rfd(const SSL *ssl); +\& int SSL_get_wfd(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_get_fd()\fR returns the file descriptor which is linked to \fBssl\fR. +\&\fISSL_get_rfd()\fR and \fISSL_get_wfd()\fR return the file descriptors for the +read or the write channel, which can be different. If the read and the +write channel are different, \fISSL_get_fd()\fR will return the file descriptor +of the read channel. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "\-1" 4 +.IX Item "-1" +The operation failed, because the underlying \s-1BIO\s0 is not of the correct type +(suitable for file descriptors). +.IP ">=0" 4 +.IX Item ">=0" +The file descriptor linked to \fBssl\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fISSL_set_fd\fR\|(3), \fIssl\fR\|(7) , \fIbio\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_get_peer_cert_chain.3 b/linux_amd64/share/man/man3/SSL_get_peer_cert_chain.3 new file mode 100755 index 0000000..1cf0f61 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_get_peer_cert_chain.3 @@ -0,0 +1,193 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_PEER_CERT_CHAIN 3" +.TH SSL_GET_PEER_CERT_CHAIN 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_peer_cert_chain, SSL_get0_verified_chain \- get the X509 certificate +chain of the peer +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *ssl); +\& STACK_OF(X509) *SSL_get0_verified_chain(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_get_peer_cert_chain()\fR returns a pointer to \s-1STACK_OF\s0(X509) certificates +forming the certificate chain sent by the peer. If called on the client side, +the stack also contains the peer's certificate; if called on the server +side, the peer's certificate must be obtained separately using +\&\fISSL_get_peer_certificate\fR\|(3). +If the peer did not present a certificate, \s-1NULL\s0 is returned. +.PP +\&\s-1NB:\s0 \fISSL_get_peer_cert_chain()\fR returns the peer chain as sent by the peer: it +only consists of certificates the peer has sent (in the order the peer +has sent them) it is \fBnot\fR a verified chain. +.PP +\&\fISSL_get0_verified_chain()\fR returns the \fBverified\fR certificate chain +of the peer including the peer's end entity certificate. It must be called +after a session has been successfully established. If peer verification was +not successful (as indicated by \fISSL_get_verify_result()\fR not returning +X509_V_OK) the chain may be incomplete or invalid. +.SH "NOTES" +.IX Header "NOTES" +If the session is resumed peers do not send certificates so a \s-1NULL\s0 pointer +is returned by these functions. Applications can call \fISSL_session_reused()\fR +to determine whether a session is resumed. +.PP +The reference count of each certificate in the returned \s-1STACK_OF\s0(X509) object +is not incremented and the returned stack may be invalidated by renegotiation. +If applications wish to use any certificates in the returned chain +indefinitely they must increase the reference counts using \fIX509_up_ref()\fR or +obtain a copy of the whole chain with \fIX509_chain_up_ref()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "\s-1NULL\s0" 4 +.IX Item "NULL" +No certificate was presented by the peer or no connection was established +or the certificate chain is no longer available when a session is reused. +.IP "Pointer to a \s-1STACK_OF\s0(X509)" 4 +.IX Item "Pointer to a STACK_OF(X509)" +The return value points to the certificate chain presented by the peer. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_get_peer_certificate\fR\|(3), \fIX509_up_ref\fR\|(3), +\&\fIX509_chain_up_ref\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_get_peer_certificate.3 b/linux_amd64/share/man/man3/SSL_get_peer_certificate.3 new file mode 100755 index 0000000..4e545f3 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_get_peer_certificate.3 @@ -0,0 +1,180 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_PEER_CERTIFICATE 3" +.TH SSL_GET_PEER_CERTIFICATE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_peer_certificate \- get the X509 certificate of the peer +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& X509 *SSL_get_peer_certificate(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_get_peer_certificate()\fR returns a pointer to the X509 certificate the +peer presented. If the peer did not present a certificate, \s-1NULL\s0 is returned. +.SH "NOTES" +.IX Header "NOTES" +Due to the protocol definition, a \s-1TLS/SSL\s0 server will always send a +certificate, if present. A client will only send a certificate when +explicitly requested to do so by the server (see +\&\fISSL_CTX_set_verify\fR\|(3)). If an anonymous cipher +is used, no certificates are sent. +.PP +That a certificate is returned does not indicate information about the +verification state, use \fISSL_get_verify_result\fR\|(3) +to check the verification state. +.PP +The reference count of the X509 object is incremented by one, so that it +will not be destroyed when the session containing the peer certificate is +freed. The X509 object must be explicitly freed using \fIX509_free()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "\s-1NULL\s0" 4 +.IX Item "NULL" +No certificate was presented by the peer or no connection was established. +.IP "Pointer to an X509 certificate" 4 +.IX Item "Pointer to an X509 certificate" +The return value points to the certificate presented by the peer. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_get_verify_result\fR\|(3), +\&\fISSL_CTX_set_verify\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_get_peer_signature_nid.3 b/linux_amd64/share/man/man3/SSL_get_peer_signature_nid.3 new file mode 100755 index 0000000..c686298 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_get_peer_signature_nid.3 @@ -0,0 +1,176 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_PEER_SIGNATURE_NID 3" +.TH SSL_GET_PEER_SIGNATURE_NID 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_peer_signature_nid, SSL_get_peer_signature_type_nid, +SSL_get_signature_nid, SSL_get_signature_type_nid \- get TLS message signing +types +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_get_peer_signature_nid(SSL *ssl, int *psig_nid); +\& int SSL_get_peer_signature_type_nid(const SSL *ssl, int *psigtype_nid); +\& int SSL_get_signature_nid(SSL *ssl, int *psig_nid); +\& int SSL_get_signature_type_nid(const SSL *ssl, int *psigtype_nid); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_get_peer_signature_nid()\fR sets \fB*psig_nid\fR to the \s-1NID\s0 of the digest used +by the peer to sign \s-1TLS\s0 messages. It is implemented as a macro. +.PP +\&\fISSL_get_peer_signature_type_nid()\fR sets \fB*psigtype_nid\fR to the signature +type used by the peer to sign \s-1TLS\s0 messages. Currently the signature type +is the \s-1NID\s0 of the public key type used for signing except for \s-1PSS\s0 signing +where it is \fB\s-1EVP_PKEY_RSA_PSS\s0\fR. To differentiate between +\&\fBrsa_pss_rsae_*\fR and \fBrsa_pss_pss_*\fR signatures, it's necessary to check +the type of public key in the peer's certificate. +.PP +\&\fISSL_get_signature_nid()\fR and \fISSL_get_signature_type_nid()\fR return the equivalent +information for the local end of the connection. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return 1 for success and 0 for failure. There are several +possible reasons for failure: the cipher suite has no signature (e.g. it +uses \s-1RSA\s0 key exchange or is anonymous), the \s-1TLS\s0 version is below 1.2 or +the functions were called too early, e.g. before the peer signed a message. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_get_peer_certificate\fR\|(3), +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_get_peer_tmp_key.3 b/linux_amd64/share/man/man3/SSL_get_peer_tmp_key.3 new file mode 100755 index 0000000..25ecd05 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_get_peer_tmp_key.3 @@ -0,0 +1,175 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_PEER_TMP_KEY 3" +.TH SSL_GET_PEER_TMP_KEY 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_peer_tmp_key, SSL_get_server_tmp_key, SSL_get_tmp_key \- get information +about temporary keys used during a handshake +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_get_peer_tmp_key(SSL *ssl, EVP_PKEY **key); +\& long SSL_get_server_tmp_key(SSL *ssl, EVP_PKEY **key); +\& long SSL_get_tmp_key(SSL *ssl, EVP_PKEY **key); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_get_peer_tmp_key()\fR returns the temporary key provided by the peer and +used during key exchange. For example, if \s-1ECDHE\s0 is in use, then this represents +the peer's public \s-1ECDHE\s0 key. On success a pointer to the key is stored in +\&\fB*key\fR. It is the caller's responsibility to free this key after use using +\&\fIEVP_PKEY_free\fR\|(3). +.PP +\&\fISSL_get_server_tmp_key()\fR is a backwards compatibility alias for +\&\fISSL_get_peer_tmp_key()\fR. +Under that name it worked just on the client side of the connection, its +behaviour on the server end is release-dependent. +.PP +\&\fISSL_get_tmp_key()\fR returns the equivalent information for the local +end of the connection. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All these functions return 1 on success and 0 otherwise. +.SH "NOTES" +.IX Header "NOTES" +This function is implemented as a macro. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fIEVP_PKEY_free\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_get_psk_identity.3 b/linux_amd64/share/man/man3/SSL_get_psk_identity.3 new file mode 100755 index 0000000..c2c7cd8 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_get_psk_identity.3 @@ -0,0 +1,167 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_PSK_IDENTITY 3" +.TH SSL_GET_PSK_IDENTITY 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_psk_identity, SSL_get_psk_identity_hint \- get PSK client identity and hint +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const char *SSL_get_psk_identity_hint(const SSL *ssl); +\& const char *SSL_get_psk_identity(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_get_psk_identity_hint()\fR is used to retrieve the \s-1PSK\s0 identity hint +used during the connection setup related to \s-1SSL\s0 object +\&\fBssl\fR. Similarly, \fISSL_get_psk_identity()\fR is used to retrieve the \s-1PSK\s0 +identity used during the connection setup. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +If non\-\fB\s-1NULL\s0\fR, \fISSL_get_psk_identity_hint()\fR returns the \s-1PSK\s0 identity +hint and \fISSL_get_psk_identity()\fR returns the \s-1PSK\s0 identity. Both are +\&\fB\s-1NULL\s0\fR\-terminated. \fISSL_get_psk_identity_hint()\fR may return \fB\s-1NULL\s0\fR if +no \s-1PSK\s0 identity hint was used during the connection setup. +.PP +Note that the return value is valid only during the lifetime of the +\&\s-1SSL\s0 object \fBssl\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_get_rbio.3 b/linux_amd64/share/man/man3/SSL_get_rbio.3 new file mode 100755 index 0000000..1fefe7a --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_get_rbio.3 @@ -0,0 +1,166 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_RBIO 3" +.TH SSL_GET_RBIO 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_rbio, SSL_get_wbio \- get BIO linked to an SSL object +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& BIO *SSL_get_rbio(SSL *ssl); +\& BIO *SSL_get_wbio(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_get_rbio()\fR and \fISSL_get_wbio()\fR return pointers to the BIOs for the +read or the write channel, which can be different. The reference count +of the \s-1BIO\s0 is not incremented. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "\s-1NULL\s0" 4 +.IX Item "NULL" +No \s-1BIO\s0 was connected to the \s-1SSL\s0 object +.IP "Any other pointer" 4 +.IX Item "Any other pointer" +The \s-1BIO\s0 linked to \fBssl\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fISSL_set_bio\fR\|(3), \fIssl\fR\|(7) , \fIbio\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_get_session.3 b/linux_amd64/share/man/man3/SSL_get_session.3 new file mode 100755 index 0000000..62b8537 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_get_session.3 @@ -0,0 +1,226 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_SESSION 3" +.TH SSL_GET_SESSION 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_session, SSL_get0_session, SSL_get1_session \- retrieve TLS/SSL session data +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& SSL_SESSION *SSL_get_session(const SSL *ssl); +\& SSL_SESSION *SSL_get0_session(const SSL *ssl); +\& SSL_SESSION *SSL_get1_session(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_get_session()\fR returns a pointer to the \fB\s-1SSL_SESSION\s0\fR actually used in +\&\fBssl\fR. The reference count of the \fB\s-1SSL_SESSION\s0\fR is not incremented, so +that the pointer can become invalid by other operations. +.PP +\&\fISSL_get0_session()\fR is the same as \fISSL_get_session()\fR. +.PP +\&\fISSL_get1_session()\fR is the same as \fISSL_get_session()\fR, but the reference +count of the \fB\s-1SSL_SESSION\s0\fR is incremented by one. +.SH "NOTES" +.IX Header "NOTES" +The ssl session contains all information required to re-establish the +connection without a full handshake for \s-1SSL\s0 versions up to and including +TLSv1.2. In TLSv1.3 the same is true, but sessions are established after the +main handshake has occurred. The server will send the session information to the +client at a time of its choosing, which may be some while after the initial +connection is established (or never). Calling these functions on the client side +in TLSv1.3 before the session has been established will still return an +\&\s-1SSL_SESSION\s0 object but that object cannot be used for resuming the session. See +\&\fISSL_SESSION_is_resumable\fR\|(3) for information on how to determine whether an +\&\s-1SSL_SESSION\s0 object can be used for resumption or not. +.PP +Additionally, in TLSv1.3, a server can send multiple messages that establish a +session for a single connection. In that case the above functions will only +return information on the last session that was received. +.PP +The preferred way for applications to obtain a resumable \s-1SSL_SESSION\s0 object is +to use a new session callback as described in \fISSL_CTX_sess_set_new_cb\fR\|(3). +The new session callback is only invoked when a session is actually established, +so this avoids the problem described above where an application obtains an +\&\s-1SSL_SESSION\s0 object that cannot be used for resumption in TLSv1.3. It also +enables applications to obtain information about all sessions sent by the +server. +.PP +A session will be automatically removed from the session cache and marked as +non-resumable if the connection is not closed down cleanly, e.g. if a fatal +error occurs on the connection or \fISSL_shutdown\fR\|(3) is not called prior to +\&\fISSL_free\fR\|(3). +.PP +In TLSv1.3 it is recommended that each \s-1SSL_SESSION\s0 object is only used for +resumption once. +.PP +\&\fISSL_get0_session()\fR returns a pointer to the actual session. As the +reference counter is not incremented, the pointer is only valid while +the connection is in use. If \fISSL_clear\fR\|(3) or +\&\fISSL_free\fR\|(3) is called, the session may be removed completely +(if considered bad), and the pointer obtained will become invalid. Even +if the session is valid, it can be removed at any time due to timeout +during \fISSL_CTX_flush_sessions\fR\|(3). +.PP +If the data is to be kept, \fISSL_get1_session()\fR will increment the reference +count, so that the session will not be implicitly removed by other operations +but stays in memory. In order to remove the session +\&\fISSL_SESSION_free\fR\|(3) must be explicitly called once +to decrement the reference count again. +.PP +\&\s-1SSL_SESSION\s0 objects keep internal link information about the session cache +list, when being inserted into one \s-1SSL_CTX\s0 object's session cache. +One \s-1SSL_SESSION\s0 object, regardless of its reference count, must therefore +only be used with one \s-1SSL_CTX\s0 object (and the \s-1SSL\s0 objects created +from this \s-1SSL_CTX\s0 object). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "\s-1NULL\s0" 4 +.IX Item "NULL" +There is no session available in \fBssl\fR. +.IP "Pointer to an \s-1SSL_SESSION\s0" 4 +.IX Item "Pointer to an SSL_SESSION" +The return value points to the data of an \s-1SSL\s0 session. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_free\fR\|(3), +\&\fISSL_clear\fR\|(3), +\&\fISSL_SESSION_free\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_get_shared_sigalgs.3 b/linux_amd64/share/man/man3/SSL_get_shared_sigalgs.3 new file mode 100755 index 0000000..9f98abe --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_get_shared_sigalgs.3 @@ -0,0 +1,210 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_SHARED_SIGALGS 3" +.TH SSL_GET_SHARED_SIGALGS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_shared_sigalgs, SSL_get_sigalgs \- get supported signature algorithms +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_get_shared_sigalgs(SSL *s, int idx, +\& int *psign, int *phash, int *psignhash, +\& unsigned char *rsig, unsigned char *rhash); +\& +\& int SSL_get_sigalgs(SSL *s, int idx, +\& int *psign, int *phash, int *psignhash, +\& unsigned char *rsig, unsigned char *rhash); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_get_shared_sigalgs()\fR returns information about the shared signature +algorithms supported by peer \fBs\fR. The parameter \fBidx\fR indicates the index +of the shared signature algorithm to return starting from zero. The signature +algorithm \s-1NID\s0 is written to \fB*psign\fR, the hash \s-1NID\s0 to \fB*phash\fR and the +sign and hash \s-1NID\s0 to \fB*psignhash\fR. The raw signature and hash values +are written to \fB*rsig\fR and \fB*rhash\fR. +.PP +\&\fISSL_get_sigalgs()\fR is similar to \fISSL_get_shared_sigalgs()\fR except it returns +information about all signature algorithms supported by \fBs\fR in the order +they were sent by the peer. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_get_shared_sigalgs()\fR and \fISSL_get_sigalgs()\fR return the number of +signature algorithms or \fB0\fR if the \fBidx\fR parameter is out of range. +.SH "NOTES" +.IX Header "NOTES" +These functions are typically called for debugging purposes (to report +the peer's preferences) or where an application wants finer control over +certificate selection. Most applications will rely on internal handling +and will not need to call them. +.PP +If an application is only interested in the highest preference shared +signature algorithm it can just set \fBidx\fR to zero. +.PP +Any or all of the parameters \fBpsign\fR, \fBphash\fR, \fBpsignhash\fR, \fBrsig\fR or +\&\fBrhash\fR can be set to \fB\s-1NULL\s0\fR if the value is not required. By setting +them all to \fB\s-1NULL\s0\fR and setting \fBidx\fR to zero the total number of +signature algorithms can be determined: which can be zero. +.PP +These functions must be called after the peer has sent a list of supported +signature algorithms: after a client hello (for servers) or a certificate +request (for clients). They can (for example) be called in the certificate +callback. +.PP +Only \s-1TLS\s0 1.2, \s-1TLS\s0 1.3 and \s-1DTLS\s0 1.2 currently support signature algorithms. +If these +functions are called on an earlier version of \s-1TLS\s0 or \s-1DTLS\s0 zero is returned. +.PP +The shared signature algorithms returned by \fISSL_get_shared_sigalgs()\fR are +ordered according to configuration and peer preferences. +.PP +The raw values correspond to the on the wire form as defined by \s-1RFC5246\s0 et al. +The NIDs are OpenSSL equivalents. For example if the peer sent \fIsha256\fR\|(4) and +\&\fIrsa\fR\|(1) then \fB*rhash\fR would be 4, \fB*rsign\fR 1, \fB*phash\fR NID_sha256, \fB*psig\fR +NID_rsaEncryption and \fB*psighash\fR NID_sha256WithRSAEncryption. +.PP +If a signature algorithm is not recognised the corresponding NIDs +will be set to \fBNID_undef\fR. This may be because the value is not supported, +is not an appropriate combination (for example \s-1MD5\s0 and \s-1DSA\s0) or the +signature algorithm does not use a hash (for example Ed25519). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fISSL_CTX_set_cert_cb\fR\|(3), +\&\fIssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_get_verify_result.3 b/linux_amd64/share/man/man3/SSL_get_verify_result.3 new file mode 100755 index 0000000..0218497 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_get_verify_result.3 @@ -0,0 +1,181 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_VERIFY_RESULT 3" +.TH SSL_GET_VERIFY_RESULT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_verify_result \- get result of peer certificate verification +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_get_verify_result(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_get_verify_result()\fR returns the result of the verification of the +X509 certificate presented by the peer, if any. +.SH "NOTES" +.IX Header "NOTES" +\&\fISSL_get_verify_result()\fR can only return one error code while the verification +of a certificate can fail because of many reasons at the same time. Only +the last verification error that occurred during the processing is available +from \fISSL_get_verify_result()\fR. +.PP +The verification result is part of the established session and is restored +when a session is reused. +.SH "BUGS" +.IX Header "BUGS" +If no peer certificate was presented, the returned result code is +X509_V_OK. This is because no verification error occurred, it does however +not indicate success. \fISSL_get_verify_result()\fR is only useful in connection +with \fISSL_get_peer_certificate\fR\|(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can currently occur: +.IP "X509_V_OK" 4 +.IX Item "X509_V_OK" +The verification succeeded or no peer certificate was presented. +.IP "Any other value" 4 +.IX Item "Any other value" +Documented in \fIopenssl\-verify\fR\|(1). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_set_verify_result\fR\|(3), +\&\fISSL_get_peer_certificate\fR\|(3), +\&\fIopenssl\-verify\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_get_version.3 b/linux_amd64/share/man/man3/SSL_get_version.3 new file mode 100755 index 0000000..82efebd --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_get_version.3 @@ -0,0 +1,213 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_VERSION 3" +.TH SSL_GET_VERSION 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_client_version, SSL_get_version, SSL_is_dtls, SSL_version \- get the +protocol information of a connection +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_client_version(const SSL *s); +\& +\& const char *SSL_get_version(const SSL *ssl); +\& +\& int SSL_is_dtls(const SSL *ssl); +\& +\& int SSL_version(const SSL *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_client_version()\fR returns the numeric protocol version advertised by the +client in the legacy_version field of the ClientHello when initiating the +connection. Note that, for \s-1TLS\s0, this value will never indicate a version greater +than TLSv1.2 even if TLSv1.3 is subsequently negotiated. \fISSL_get_version()\fR +returns the name of the protocol used for the connection. \fISSL_version()\fR returns +the numeric protocol version used for the connection. They should only be called +after the initial handshake has been completed. Prior to that the results +returned from these functions may be unreliable. +.PP +\&\fISSL_is_dtls()\fR returns one if the connection is using \s-1DTLS\s0, zero if not. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_get_version()\fR returns one of the following strings: +.IP "SSLv3" 4 +.IX Item "SSLv3" +The connection uses the SSLv3 protocol. +.IP "TLSv1" 4 +.IX Item "TLSv1" +The connection uses the TLSv1.0 protocol. +.IP "TLSv1.1" 4 +.IX Item "TLSv1.1" +The connection uses the TLSv1.1 protocol. +.IP "TLSv1.2" 4 +.IX Item "TLSv1.2" +The connection uses the TLSv1.2 protocol. +.IP "TLSv1.3" 4 +.IX Item "TLSv1.3" +The connection uses the TLSv1.3 protocol. +.IP "unknown" 4 +.IX Item "unknown" +This indicates an unknown protocol version. +.PP +\&\fISSL_version()\fR and \fISSL_client_version()\fR return an integer which could include any +of the following: +.IP "\s-1SSL3_VERSION\s0" 4 +.IX Item "SSL3_VERSION" +The connection uses the SSLv3 protocol. +.IP "\s-1TLS1_VERSION\s0" 4 +.IX Item "TLS1_VERSION" +The connection uses the TLSv1.0 protocol. +.IP "\s-1TLS1_1_VERSION\s0" 4 +.IX Item "TLS1_1_VERSION" +The connection uses the TLSv1.1 protocol. +.IP "\s-1TLS1_2_VERSION\s0" 4 +.IX Item "TLS1_2_VERSION" +The connection uses the TLSv1.2 protocol. +.IP "\s-1TLS1_3_VERSION\s0" 4 +.IX Item "TLS1_3_VERSION" +The connection uses the TLSv1.3 protocol (never returned for +\&\fISSL_client_version()\fR). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \fISSL_is_dtls()\fR function was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_in_init.3 b/linux_amd64/share/man/man3/SSL_in_init.3 new file mode 100755 index 0000000..d0ca0bf --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_in_init.3 @@ -0,0 +1,224 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_IN_INIT 3" +.TH SSL_IN_INIT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_in_before, +SSL_in_init, +SSL_is_init_finished, +SSL_in_connect_init, +SSL_in_accept_init, +SSL_get_state +\&\- retrieve information about the handshake state machine +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_in_init(const SSL *s); +\& int SSL_in_before(const SSL *s); +\& int SSL_is_init_finished(const SSL *s); +\& +\& int SSL_in_connect_init(SSL *s); +\& int SSL_in_accept_init(SSL *s); +\& +\& OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_in_init()\fR returns 1 if the \s-1SSL/TLS\s0 state machine is currently processing or +awaiting handshake messages, or 0 otherwise. +.PP +\&\fISSL_in_before()\fR returns 1 if no \s-1SSL/TLS\s0 handshake has yet been initiated, or 0 +otherwise. +.PP +\&\fISSL_is_init_finished()\fR returns 1 if the \s-1SSL/TLS\s0 connection is in a state where +fully protected application data can be transferred or 0 otherwise. +.PP +Note that in some circumstances (such as when early data is being transferred) +\&\fISSL_in_init()\fR, \fISSL_in_before()\fR and \fISSL_is_init_finished()\fR can all return 0. +.PP +\&\fISSL_in_connect_init()\fR returns 1 if \fBs\fR is acting as a client and \fISSL_in_init()\fR +would return 1, or 0 otherwise. +.PP +\&\fISSL_in_accept_init()\fR returns 1 if \fBs\fR is acting as a server and \fISSL_in_init()\fR +would return 1, or 0 otherwise. +.PP +\&\fISSL_in_connect_init()\fR and \fISSL_in_accept_init()\fR are implemented as macros. +.PP +\&\fISSL_get_state()\fR returns a value indicating the current state of the handshake +state machine. \s-1OSSL_HANDSHAKE_STATE\s0 is an enumerated type where each value +indicates a discrete state machine state. Note that future versions of OpenSSL +may define more states so applications should expect to receive unrecognised +state values. The naming format is made up of a number of elements as follows: +.PP +\&\fBprotocol\fR_ST_\fBrole\fR_\fBmessage\fR +.PP +\&\fBprotocol\fR is one of \s-1TLS\s0 or \s-1DTLS\s0. \s-1DTLS\s0 is used where a state is specific to the +\&\s-1DTLS\s0 protocol. Otherwise \s-1TLS\s0 is used. +.PP +\&\fBrole\fR is one of \s-1CR\s0, \s-1CW\s0, \s-1SR\s0 or \s-1SW\s0 to indicate \*(L"client reading\*(R", +\&\*(L"client writing\*(R", \*(L"server reading\*(R" or \*(L"server writing\*(R" respectively. +.PP +\&\fBmessage\fR is the name of a handshake message that is being or has been sent, or +is being or has been processed. +.PP +Additionally there are some special states that do not conform to the above +format. These are: +.IP "\s-1TLS_ST_BEFORE\s0" 4 +.IX Item "TLS_ST_BEFORE" +No handshake messages have yet been been sent or received. +.IP "\s-1TLS_ST_OK\s0" 4 +.IX Item "TLS_ST_OK" +Handshake message sending/processing has completed. +.IP "\s-1TLS_ST_EARLY_DATA\s0" 4 +.IX Item "TLS_ST_EARLY_DATA" +Early data is being processed +.IP "\s-1TLS_ST_PENDING_EARLY_DATA_END\s0" 4 +.IX Item "TLS_ST_PENDING_EARLY_DATA_END" +Awaiting the end of early data processing +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_in_init()\fR, \fISSL_in_before()\fR, \fISSL_is_init_finished()\fR, \fISSL_in_connect_init()\fR +and \fISSL_in_accept_init()\fR return values as indicated above. +.PP +\&\fISSL_get_state()\fR returns the current handshake state. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_read_early_data\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_key_update.3 b/linux_amd64/share/man/man3/SSL_key_update.3 new file mode 100755 index 0000000..ace1565 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_key_update.3 @@ -0,0 +1,232 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_KEY_UPDATE 3" +.TH SSL_KEY_UPDATE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_key_update, +SSL_get_key_update_type, +SSL_renegotiate, +SSL_renegotiate_abbreviated, +SSL_renegotiate_pending +\&\- initiate and obtain information about updating connection keys +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_key_update(SSL *s, int updatetype); +\& int SSL_get_key_update_type(const SSL *s); +\& +\& int SSL_renegotiate(SSL *s); +\& int SSL_renegotiate_abbreviated(SSL *s); +\& int SSL_renegotiate_pending(const SSL *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_key_update()\fR schedules an update of the keys for the current \s-1TLS\s0 connection. +If the \fBupdatetype\fR parameter is set to \fB\s-1SSL_KEY_UPDATE_NOT_REQUESTED\s0\fR then +the sending keys for this connection will be updated and the peer will be +informed of the change. If the \fBupdatetype\fR parameter is set to +\&\fB\s-1SSL_KEY_UPDATE_REQUESTED\s0\fR then the sending keys for this connection will be +updated and the peer will be informed of the change along with a request for the +peer to additionally update its sending keys. It is an error if \fBupdatetype\fR is +set to \fB\s-1SSL_KEY_UPDATE_NONE\s0\fR. +.PP +\&\fISSL_key_update()\fR must only be called after the initial handshake has been +completed and TLSv1.3 has been negotiated. The key update will not take place +until the next time an \s-1IO\s0 operation such as \fISSL_read_ex()\fR or \fISSL_write_ex()\fR +takes place on the connection. Alternatively \fISSL_do_handshake()\fR can be called to +force the update to take place immediately. +.PP +\&\fISSL_get_key_update_type()\fR can be used to determine whether a key update +operation has been scheduled but not yet performed. The type of the pending key +update operation will be returned if there is one, or \s-1SSL_KEY_UPDATE_NONE\s0 +otherwise. +.PP +\&\fISSL_renegotiate()\fR and \fISSL_renegotiate_abbreviated()\fR should only be called for +connections that have negotiated TLSv1.2 or less. Calling them on any other +connection will result in an error. +.PP +When called from the client side, \fISSL_renegotiate()\fR schedules a completely new +handshake over an existing \s-1SSL/TLS\s0 connection. The next time an \s-1IO\s0 operation +such as \fISSL_read_ex()\fR or \fISSL_write_ex()\fR takes place on the connection a check +will be performed to confirm that it is a suitable time to start a +renegotiation. If so, then it will be initiated immediately. OpenSSL will not +attempt to resume any session associated with the connection in the new +handshake. +.PP +When called from the client side, \fISSL_renegotiate_abbreviated()\fR works in the +same was as \fISSL_renegotiate()\fR except that OpenSSL will attempt to resume the +session associated with the current connection in the new handshake. +.PP +When called from the server side, \fISSL_renegotiate()\fR and +\&\fISSL_renegotiate_abbreviated()\fR behave identically. They both schedule a request +for a new handshake to be sent to the client. The next time an \s-1IO\s0 operation is +performed then the same checks as on the client side are performed and then, if +appropriate, the request is sent. The client may or may not respond with a new +handshake and it may or may not attempt to resume an existing session. If +a new handshake is started then this will be handled transparently by calling +any OpenSSL \s-1IO\s0 function. +.PP +If an OpenSSL client receives a renegotiation request from a server then again +this will be handled transparently through calling any OpenSSL \s-1IO\s0 function. For +a \s-1TLS\s0 connection the client will attempt to resume the current session in the +new handshake. For historical reasons, \s-1DTLS\s0 clients will not attempt to resume +the session in the new handshake. +.PP +The \fISSL_renegotiate_pending()\fR function returns 1 if a renegotiation or +renegotiation request has been scheduled but not yet acted on, or 0 otherwise. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_key_update()\fR, \fISSL_renegotiate()\fR and \fISSL_renegotiate_abbreviated()\fR return 1 +on success or 0 on error. +.PP +\&\fISSL_get_key_update_type()\fR returns the update type of the pending key update +operation or \s-1SSL_KEY_UPDATE_NONE\s0 if there is none. +.PP +\&\fISSL_renegotiate_pending()\fR returns 1 if a renegotiation or renegotiation request +has been scheduled but not yet acted on, or 0 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_read_ex\fR\|(3), +\&\fISSL_write_ex\fR\|(3), +\&\fISSL_do_handshake\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fISSL_key_update()\fR and \fISSL_get_key_update_type()\fR functions were added in +OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_library_init.3 b/linux_amd64/share/man/man3/SSL_library_init.3 new file mode 100755 index 0000000..0be8722 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_library_init.3 @@ -0,0 +1,177 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_LIBRARY_INIT 3" +.TH SSL_LIBRARY_INIT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_library_init, OpenSSL_add_ssl_algorithms +\&\- initialize SSL library by registering algorithms +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_library_init(void); +\& +\& int OpenSSL_add_ssl_algorithms(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_library_init()\fR registers the available \s-1SSL/TLS\s0 ciphers and digests. +.PP +\&\fIOpenSSL_add_ssl_algorithms()\fR is a synonym for \fISSL_library_init()\fR and is +implemented as a macro. +.SH "NOTES" +.IX Header "NOTES" +\&\fISSL_library_init()\fR must be called before any other action takes place. +\&\fISSL_library_init()\fR is not reentrant. +.SH "WARNINGS" +.IX Header "WARNINGS" +\&\fISSL_library_init()\fR adds ciphers and digests used directly and indirectly by +\&\s-1SSL/TLS\s0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_library_init()\fR always returns \*(L"1\*(R", so it is safe to discard the return +value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fIRAND_add\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fISSL_library_init()\fR and \fIOpenSSL_add_ssl_algorithms()\fR functions were +deprecated in OpenSSL 1.1.0 by \fIOPENSSL_init_ssl()\fR. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_load_client_CA_file.3 b/linux_amd64/share/man/man3/SSL_load_client_CA_file.3 new file mode 100755 index 0000000..05b8dbc --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_load_client_CA_file.3 @@ -0,0 +1,214 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_LOAD_CLIENT_CA_FILE 3" +.TH SSL_LOAD_CLIENT_CA_FILE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_load_client_CA_file, +SSL_add_file_cert_subjects_to_stack, +SSL_add_dir_cert_subjects_to_stack, +SSL_add_store_cert_subjects_to_stack +\&\- load certificate names +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); +\& +\& int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, +\& const char *file) +\& int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, +\& const char *dir) +\& int SSL_add_store_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, +\& const char *store) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_load_client_CA_file()\fR reads certificates from \fIfile\fR and returns +a \s-1STACK_OF\s0(X509_NAME) with the subject names found. +.PP +\&\fISSL_add_file_cert_subjects_to_stack()\fR reads certificates from \fIfile\fR, +and adds their subject name to the already existing \fIstack\fR. +.PP +\&\fISSL_add_dir_cert_subjects_to_stack()\fR reads certificates from every +file in the directory \fIdir\fR, and adds their subject name to the +already existing \fIstack\fR. +.PP +\&\fISSL_add_store_cert_subjects_to_stack()\fR loads certificates from the +\&\fIstore\fR \s-1URI\s0, and adds their subject name to the already existing +\&\fIstack\fR. +.SH "NOTES" +.IX Header "NOTES" +\&\fISSL_load_client_CA_file()\fR reads a file of \s-1PEM\s0 formatted certificates and +extracts the X509_NAMES of the certificates found. While the name suggests +the specific usage as support function for +\&\fISSL_CTX_set_client_CA_list\fR\|(3), +it is not limited to \s-1CA\s0 certificates. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "\s-1NULL\s0" 4 +.IX Item "NULL" +The operation failed, check out the error stack for the reason. +.IP "Pointer to \s-1STACK_OF\s0(X509_NAME)" 4 +.IX Item "Pointer to STACK_OF(X509_NAME)" +Pointer to the subject names of the successfully read certificates. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Load names of CAs from file and use it as a client \s-1CA\s0 list: +.PP +.Vb 2 +\& SSL_CTX *ctx; +\& STACK_OF(X509_NAME) *cert_names; +\& +\& ... +\& cert_names = SSL_load_client_CA_file("/path/to/CAfile.pem"); +\& if (cert_names != NULL) +\& SSL_CTX_set_client_CA_list(ctx, cert_names); +\& else +\& /* error */ +\& ... +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fIossl_store\fR\|(7), +\&\fISSL_CTX_set_client_CA_list\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fISSL_add_store_cert_subjects_to_stack()\fR was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_new.3 b/linux_amd64/share/man/man3/SSL_new.3 new file mode 100755 index 0000000..6d2d9c6 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_new.3 @@ -0,0 +1,200 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_NEW 3" +.TH SSL_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_dup, SSL_new, SSL_up_ref \- create an SSL structure for a connection +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& SSL *SSL_dup(SSL *s); +\& SSL *SSL_new(SSL_CTX *ctx); +\& int SSL_up_ref(SSL *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_new()\fR creates a new \fB\s-1SSL\s0\fR structure which is needed to hold the +data for a \s-1TLS/SSL\s0 connection. The new structure inherits the settings +of the underlying context \fBctx\fR: connection method, +options, verification settings, timeout settings. An \fB\s-1SSL\s0\fR structure is +reference counted. Creating an \fB\s-1SSL\s0\fR structure for the first time increments +the reference count. Freeing it (using SSL_free) decrements it. When the +reference count drops to zero, any memory or resources allocated to the \fB\s-1SSL\s0\fR +structure are freed. +.PP +\&\fISSL_up_ref()\fR increments the reference count for an +existing \fB\s-1SSL\s0\fR structure. +.PP +\&\fISSL_dup()\fR duplicates an existing \fB\s-1SSL\s0\fR structure into a new allocated one +or just increments the reference count if the connection is active. All +settings are inherited from the original \fB\s-1SSL\s0\fR structure. Dynamic data (i.e. +existing connection details) are not copied, the new \fB\s-1SSL\s0\fR is set into an +initial accept (server) or connect (client) state. +.PP +\&\fISSL_dup()\fR allows applications to configure an \s-1SSL\s0 handle for use in multiple +\&\s-1SSL\s0 connections, and then duplicate it prior to initiating each connection +with the duplicated handle. Use of \fISSL_dup()\fR avoids the need to repeat +the configuration of the handles for each connection. +.PP +For \fISSL_dup()\fR to work, the connection \s-1MUST\s0 be in its initial state and +\&\s-1MUST\s0 \s-1NOT\s0 have not yet have started the \s-1SSL\s0 handshake. For connections +that are not in their initial state \fISSL_dup()\fR just increments an internal +reference count and returns the \fIsame\fR handle. It may be possible to +use \fISSL_clear\fR\|(3) to recycle an \s-1SSL\s0 handle that is not in its initial +state for re-use, but this is best avoided. Instead, save and restore +the session, if desired, and construct a fresh handle for each connection. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "\s-1NULL\s0" 4 +.IX Item "NULL" +The creation of a new \s-1SSL\s0 structure failed. Check the error stack to +find out the reason. +.IP "Pointer to an \s-1SSL\s0 structure" 4 +.IX Item "Pointer to an SSL structure" +The return value points to an allocated \s-1SSL\s0 structure. +.Sp +\&\fISSL_up_ref()\fR returns 1 for success and 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fISSL_free\fR\|(3), \fISSL_clear\fR\|(3), +\&\fISSL_CTX_set_options\fR\|(3), +\&\fISSL_get_SSL_CTX\fR\|(3), +\&\fIssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_pending.3 b/linux_amd64/share/man/man3/SSL_pending.3 new file mode 100755 index 0000000..39c7362 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_pending.3 @@ -0,0 +1,191 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_PENDING 3" +.TH SSL_PENDING 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_pending, SSL_has_pending \- check for readable bytes buffered in an +SSL object +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_pending(const SSL *ssl); +\& int SSL_has_pending(const SSL *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Data is received in whole blocks known as records from the peer. A whole record +is processed (e.g. decrypted) in one go and is buffered by OpenSSL until it is +read by the application via a call to \fISSL_read_ex\fR\|(3) or \fISSL_read\fR\|(3). +.PP +\&\fISSL_pending()\fR returns the number of bytes which have been processed, buffered +and are available inside \fBssl\fR for immediate read. +.PP +If the \fB\s-1SSL\s0\fR object's \fIread_ahead\fR flag is set (see +\&\fISSL_CTX_set_read_ahead\fR\|(3)), additional protocol bytes (beyond the current +record) may have been read containing more \s-1TLS/SSL\s0 records. This also applies to +\&\s-1DTLS\s0 and pipelining (see \fISSL_CTX_set_split_send_fragment\fR\|(3)). These +additional bytes will be buffered by OpenSSL but will remain unprocessed until +they are needed. As these bytes are still in an unprocessed state \fISSL_pending()\fR +will ignore them. Therefore it is possible for no more bytes to be readable from +the underlying \s-1BIO\s0 (because OpenSSL has already read them) and for \fISSL_pending()\fR +to return 0, even though readable application data bytes are available (because +the data is in unprocessed buffered records). +.PP +\&\fISSL_has_pending()\fR returns 1 if \fBs\fR has buffered data (whether processed or +unprocessed) and 0 otherwise. Note that it is possible for \fISSL_has_pending()\fR to +return 1, and then a subsequent call to \fISSL_read_ex()\fR or \fISSL_read()\fR to return no +data because the unprocessed buffered data when processed yielded no application +data (for example this can happen during renegotiation). It is also possible in +this scenario for \fISSL_has_pending()\fR to continue to return 1 even after an +\&\fISSL_read_ex()\fR or \fISSL_read()\fR call because the buffered and unprocessed data is +not yet processable (e.g. because OpenSSL has only received a partial record so +far). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_pending()\fR returns the number of buffered and processed application data +bytes that are pending and are available for immediate read. \fISSL_has_pending()\fR +returns 1 if there is buffered record data in the \s-1SSL\s0 object and 0 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fISSL_read_ex\fR\|(3), \fISSL_read\fR\|(3), \fISSL_CTX_set_read_ahead\fR\|(3), +\&\fISSL_CTX_set_split_send_fragment\fR\|(3), \fIssl\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \fISSL_has_pending()\fR function was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_read.3 b/linux_amd64/share/man/man3/SSL_read.3 new file mode 100755 index 0000000..a4b0e79 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_read.3 @@ -0,0 +1,267 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_READ 3" +.TH SSL_READ 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_read_ex, SSL_read, SSL_peek_ex, SSL_peek +\&\- read bytes from a TLS/SSL connection +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_read_ex(SSL *ssl, void *buf, size_t num, size_t *readbytes); +\& int SSL_read(SSL *ssl, void *buf, int num); +\& +\& int SSL_peek_ex(SSL *ssl, void *buf, size_t num, size_t *readbytes); +\& int SSL_peek(SSL *ssl, void *buf, int num); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_read_ex()\fR and \fISSL_read()\fR try to read \fBnum\fR bytes from the specified \fBssl\fR +into the buffer \fBbuf\fR. On success \fISSL_read_ex()\fR will store the number of bytes +actually read in \fB*readbytes\fR. +.PP +\&\fISSL_peek_ex()\fR and \fISSL_peek()\fR are identical to \fISSL_read_ex()\fR and \fISSL_read()\fR +respectively except no bytes are actually removed from the underlying \s-1BIO\s0 during +the read, so that a subsequent call to \fISSL_read_ex()\fR or \fISSL_read()\fR will yield +at least the same bytes. +.SH "NOTES" +.IX Header "NOTES" +In the paragraphs below a \*(L"read function\*(R" is defined as one of \fISSL_read_ex()\fR, +\&\fISSL_read()\fR, \fISSL_peek_ex()\fR or \fISSL_peek()\fR. +.PP +If necessary, a read function will negotiate a \s-1TLS/SSL\s0 session, if not already +explicitly performed by \fISSL_connect\fR\|(3) or \fISSL_accept\fR\|(3). If the +peer requests a re-negotiation, it will be performed transparently during +the read function operation. The behaviour of the read functions depends on the +underlying \s-1BIO\s0. +.PP +For the transparent negotiation to succeed, the \fBssl\fR must have been +initialized to client or server mode. This is being done by calling +\&\fISSL_set_connect_state\fR\|(3) or \fISSL_set_accept_state()\fR before the first +invocation of a read function. +.PP +The read functions work based on the \s-1SSL/TLS\s0 records. The data are received in +records (with a maximum record size of 16kB). Only when a record has been +completely received, can it be processed (decryption and check of integrity). +Therefore data that was not retrieved at the last read call can still be +buffered inside the \s-1SSL\s0 layer and will be retrieved on the next read +call. If \fBnum\fR is higher than the number of bytes buffered then the read +functions will return with the bytes buffered. If no more bytes are in the +buffer, the read functions will trigger the processing of the next record. +Only when the record has been received and processed completely will the read +functions return reporting success. At most the contents of one record will +be returned. As the size of an \s-1SSL/TLS\s0 record may exceed the maximum packet size +of the underlying transport (e.g. \s-1TCP\s0), it may be necessary to read several +packets from the transport layer before the record is complete and the read call +can succeed. +.PP +If \fB\s-1SSL_MODE_AUTO_RETRY\s0\fR has been switched off and a non-application data +record has been processed, the read function can return and set the error to +\&\fB\s-1SSL_ERROR_WANT_READ\s0\fR. +In this case there might still be unprocessed data available in the \fB\s-1BIO\s0\fR. +If read ahead was set using \fISSL_CTX_set_read_ahead\fR\|(3), there might also still +be unprocessed data available in the \fB\s-1SSL\s0\fR. +This behaviour can be controlled using the \fISSL_CTX_set_mode\fR\|(3) call. +.PP +If the underlying \s-1BIO\s0 is \fBblocking\fR, a read function will only return once the +read operation has been finished or an error occurred, except when a +non-application data record has been processed and \fB\s-1SSL_MODE_AUTO_RETRY\s0\fR is +not set. +Note that if \fB\s-1SSL_MODE_AUTO_RETRY\s0\fR is set and only non-application data is +available the call will hang. +.PP +If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, a read function will also return when +the underlying \s-1BIO\s0 could not satisfy the needs of the function to continue the +operation. +In this case a call to \fISSL_get_error\fR\|(3) with the +return value of the read function will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or +\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. +As at any time it's possible that non-application data needs to be sent, +a read function can also cause write operations. +The calling process then must repeat the call after taking appropriate action +to satisfy the needs of the read function. +The action depends on the underlying \s-1BIO\s0. +When using a non-blocking socket, nothing is to be done, but \fIselect()\fR can be +used to check for the required condition. +When using a buffering \s-1BIO\s0, like a \s-1BIO\s0 pair, data must be written into or +retrieved out of the \s-1BIO\s0 before being able to continue. +.PP +\&\fISSL_pending\fR\|(3) can be used to find out whether there +are buffered bytes available for immediate retrieval. +In this case the read function can be called without blocking or actually +receiving new data from the underlying socket. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_read_ex()\fR and \fISSL_peek_ex()\fR will return 1 for success or 0 for failure. +Success means that 1 or more application data bytes have been read from the \s-1SSL\s0 +connection. +Failure means that no bytes could be read from the \s-1SSL\s0 connection. +Failures can be retryable (e.g. we are waiting for more bytes to +be delivered by the network) or non-retryable (e.g. a fatal network error). +In the event of a failure call \fISSL_get_error\fR\|(3) to find out the reason which +indicates whether the call is retryable or not. +.PP +For \fISSL_read()\fR and \fISSL_peek()\fR the following return values can occur: +.IP "> 0" 4 +.IX Item "> 0" +The read operation was successful. +The return value is the number of bytes actually read from the \s-1TLS/SSL\s0 +connection. +.IP "<= 0" 4 +.IX Item "<= 0" +The read operation was not successful, because either the connection was closed, +an error occurred or action must be taken by the calling process. +Call \fISSL_get_error\fR\|(3) with the return value \fBret\fR to find out the reason. +.Sp +Old documentation indicated a difference between 0 and \-1, and that \-1 was +retryable. +You should instead call \fISSL_get_error()\fR to find out if it's retryable. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fISSL_get_error\fR\|(3), \fISSL_write_ex\fR\|(3), +\&\fISSL_CTX_set_mode\fR\|(3), \fISSL_CTX_new\fR\|(3), +\&\fISSL_connect\fR\|(3), \fISSL_accept\fR\|(3) +\&\fISSL_set_connect_state\fR\|(3), +\&\fISSL_pending\fR\|(3), +\&\fISSL_shutdown\fR\|(3), \fISSL_set_shutdown\fR\|(3), +\&\fIssl\fR\|(7), \fIbio\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \fISSL_read_ex()\fR and \fISSL_peek_ex()\fR functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_read_early_data.3 b/linux_amd64/share/man/man3/SSL_read_early_data.3 new file mode 100755 index 0000000..b9f3aaa --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_read_early_data.3 @@ -0,0 +1,487 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_READ_EARLY_DATA 3" +.TH SSL_READ_EARLY_DATA 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_set_max_early_data, +SSL_CTX_set_max_early_data, +SSL_get_max_early_data, +SSL_CTX_get_max_early_data, +SSL_set_recv_max_early_data, +SSL_CTX_set_recv_max_early_data, +SSL_get_recv_max_early_data, +SSL_CTX_get_recv_max_early_data, +SSL_SESSION_get_max_early_data, +SSL_SESSION_set_max_early_data, +SSL_write_early_data, +SSL_read_early_data, +SSL_get_early_data_status, +SSL_allow_early_data_cb_fn, +SSL_CTX_set_allow_early_data_cb, +SSL_set_allow_early_data_cb +\&\- functions for sending and receiving early data +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_set_max_early_data(SSL_CTX *ctx, uint32_t max_early_data); +\& uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx); +\& int SSL_set_max_early_data(SSL *s, uint32_t max_early_data); +\& uint32_t SSL_get_max_early_data(const SSL *s); +\& +\& int SSL_CTX_set_recv_max_early_data(SSL_CTX *ctx, uint32_t recv_max_early_data); +\& uint32_t SSL_CTX_get_recv_max_early_data(const SSL_CTX *ctx); +\& int SSL_set_recv_max_early_data(SSL *s, uint32_t recv_max_early_data); +\& uint32_t SSL_get_recv_max_early_data(const SSL *s); +\& +\& uint32_t SSL_SESSION_get_max_early_data(const SSL_SESSION *s); +\& int SSL_SESSION_set_max_early_data(SSL_SESSION *s, uint32_t max_early_data); +\& +\& int SSL_write_early_data(SSL *s, const void *buf, size_t num, size_t *written); +\& +\& int SSL_read_early_data(SSL *s, void *buf, size_t num, size_t *readbytes); +\& +\& int SSL_get_early_data_status(const SSL *s); +\& +\& +\& typedef int (*SSL_allow_early_data_cb_fn)(SSL *s, void *arg); +\& +\& void SSL_CTX_set_allow_early_data_cb(SSL_CTX *ctx, +\& SSL_allow_early_data_cb_fn cb, +\& void *arg); +\& void SSL_set_allow_early_data_cb(SSL *s, +\& SSL_allow_early_data_cb_fn cb, +\& void *arg); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions are used to send and receive early data where TLSv1.3 has been +negotiated. Early data can be sent by the client immediately after its initial +ClientHello without having to wait for the server to complete the handshake. +Early data can only be sent if a session has previously been established with +the server, and the server is known to support it. Additionally these functions +can be used to send data from the server to the client when the client has not +yet completed the authentication stage of the handshake. +.PP +Early data has weaker security properties than other data sent over an \s-1SSL/TLS\s0 +connection. In particular the data does not have forward secrecy. There are also +additional considerations around replay attacks (see \*(L"\s-1REPLAY\s0 \s-1PROTECTION\s0\*(R" +below). For these reasons extreme care should be exercised when using early +data. For specific details, consult the \s-1TLS\s0 1.3 specification. +.PP +When a server receives early data it may opt to immediately respond by sending +application data back to the client. Data sent by the server at this stage is +done before the full handshake has been completed. Specifically the client's +authentication messages have not yet been received, i.e. the client is +unauthenticated at this point and care should be taken when using this +capability. +.PP +A server or client can determine whether the full handshake has been completed +or not by calling \fISSL_is_init_finished\fR\|(3). +.PP +On the client side, the function \fISSL_SESSION_get_max_early_data()\fR can be used to +determine if a session established with a server can be used to send early data. +If the session cannot be used then this function will return 0. Otherwise it +will return the maximum number of early data bytes that can be sent. +.PP +The function \fISSL_SESSION_set_max_early_data()\fR sets the maximum number of early +data bytes that can be sent for a session. This would typically be used when +creating a \s-1PSK\s0 session file (see \fISSL_CTX_set_psk_use_session_callback\fR\|(3)). If +using a ticket based \s-1PSK\s0 then this is set automatically to the value provided by +the server. +.PP +A client uses the function \fISSL_write_early_data()\fR to send early data. This +function is similar to the \fISSL_write_ex\fR\|(3) function, but with the following +differences. See \fISSL_write_ex\fR\|(3) for information on how to write bytes to +the underlying connection, and how to handle any errors that may arise. This +page describes the differences between \fISSL_write_early_data()\fR and +\&\fISSL_write_ex\fR\|(3). +.PP +When called by a client, \fISSL_write_early_data()\fR must be the first \s-1IO\s0 function +called on a new connection, i.e. it must occur before any calls to +\&\fISSL_write_ex\fR\|(3), \fISSL_read_ex\fR\|(3), \fISSL_connect\fR\|(3), \fISSL_do_handshake\fR\|(3) +or other similar functions. It may be called multiple times to stream data to +the server, but the total number of bytes written must not exceed the value +returned from \fISSL_SESSION_get_max_early_data()\fR. Once the initial +\&\fISSL_write_early_data()\fR call has completed successfully the client may interleave +calls to \fISSL_read_ex\fR\|(3) and \fISSL_read\fR\|(3) with calls to +\&\fISSL_write_early_data()\fR as required. +.PP +If \fISSL_write_early_data()\fR fails you should call \fISSL_get_error\fR\|(3) to determine +the correct course of action, as for \fISSL_write_ex\fR\|(3). +.PP +When the client no longer wishes to send any more early data then it should +complete the handshake by calling a function such as \fISSL_connect\fR\|(3) or +\&\fISSL_do_handshake\fR\|(3). Alternatively you can call a standard write function +such as \fISSL_write_ex\fR\|(3), which will transparently complete the connection and +write the requested data. +.PP +A server may choose to ignore early data that has been sent to it. Once the +connection has been completed you can determine whether the server accepted or +rejected the early data by calling \fISSL_get_early_data_status()\fR. This will return +\&\s-1SSL_EARLY_DATA_ACCEPTED\s0 if the data was accepted, \s-1SSL_EARLY_DATA_REJECTED\s0 if it +was rejected or \s-1SSL_EARLY_DATA_NOT_SENT\s0 if no early data was sent. This function +may be called by either the client or the server. +.PP +A server uses the \fISSL_read_early_data()\fR function to receive early data on a +connection for which early data has been enabled using +\&\fISSL_CTX_set_max_early_data()\fR or \fISSL_set_max_early_data()\fR. As for +\&\fISSL_write_early_data()\fR, this must be the first \s-1IO\s0 function +called on a connection, i.e. it must occur before any calls to +\&\fISSL_write_ex\fR\|(3), \fISSL_read_ex\fR\|(3), \fISSL_accept\fR\|(3), \fISSL_do_handshake\fR\|(3), +or other similar functions. +.PP +\&\fISSL_read_early_data()\fR is similar to \fISSL_read_ex\fR\|(3) with the following +differences. Refer to \fISSL_read_ex\fR\|(3) for full details. +.PP +\&\fISSL_read_early_data()\fR may return 3 possible values: +.IP "\s-1SSL_READ_EARLY_DATA_ERROR\s0" 4 +.IX Item "SSL_READ_EARLY_DATA_ERROR" +This indicates an \s-1IO\s0 or some other error occurred. This should be treated in the +same way as a 0 return value from \fISSL_read_ex\fR\|(3). +.IP "\s-1SSL_READ_EARLY_DATA_SUCCESS\s0" 4 +.IX Item "SSL_READ_EARLY_DATA_SUCCESS" +This indicates that early data was successfully read. This should be treated in +the same way as a 1 return value from \fISSL_read_ex\fR\|(3). You should continue to +call \fISSL_read_early_data()\fR to read more data. +.IP "\s-1SSL_READ_EARLY_DATA_FINISH\s0" 4 +.IX Item "SSL_READ_EARLY_DATA_FINISH" +This indicates that no more early data can be read. It may be returned on the +first call to \fISSL_read_early_data()\fR if the client has not sent any early data, +or if the early data was rejected. +.PP +Once the initial \fISSL_read_early_data()\fR call has completed successfully (i.e. it +has returned \s-1SSL_READ_EARLY_DATA_SUCCESS\s0 or \s-1SSL_READ_EARLY_DATA_FINISH\s0) then the +server may choose to write data immediately to the unauthenticated client using +\&\fISSL_write_early_data()\fR. If \fISSL_read_early_data()\fR returned +\&\s-1SSL_READ_EARLY_DATA_FINISH\s0 then in some situations (e.g. if the client only +supports TLSv1.2) the handshake may have already been completed and calls +to \fISSL_write_early_data()\fR are not allowed. Call \fISSL_is_init_finished\fR\|(3) to +determine whether the handshake has completed or not. If the handshake is still +in progress then the server may interleave calls to \fISSL_write_early_data()\fR with +calls to \fISSL_read_early_data()\fR as required. +.PP +Servers must not call \fISSL_read_ex\fR\|(3), \fISSL_read\fR\|(3), \fISSL_write_ex\fR\|(3) or +\&\fISSL_write\fR\|(3) until \fISSL_read_early_data()\fR has returned with +\&\s-1SSL_READ_EARLY_DATA_FINISH\s0. Once it has done so the connection to the client +still needs to be completed. Complete the connection by calling a function such +as \fISSL_accept\fR\|(3) or \fISSL_do_handshake\fR\|(3). Alternatively you can call a +standard read function such as \fISSL_read_ex\fR\|(3), which will transparently +complete the connection and read the requested data. Note that it is an error to +attempt to complete the connection before \fISSL_read_early_data()\fR has returned +\&\s-1SSL_READ_EARLY_DATA_FINISH\s0. +.PP +Only servers may call \fISSL_read_early_data()\fR. +.PP +Calls to \fISSL_read_early_data()\fR may, in certain circumstances, complete the +connection immediately without further need to call a function such as +\&\fISSL_accept\fR\|(3). This can happen if the client is using a protocol version less +than TLSv1.3. Applications can test for this by calling +\&\fISSL_is_init_finished\fR\|(3). Alternatively, applications may choose to call +\&\fISSL_accept\fR\|(3) anyway. Such a call will successfully return immediately with no +further action taken. +.PP +When a session is created between a server and a client the server will specify +the maximum amount of any early data that it will accept on any future +connection attempt. By default the server does not accept early data; a +server may indicate support for early data by calling +\&\fISSL_CTX_set_max_early_data()\fR or +\&\fISSL_set_max_early_data()\fR to set it for the whole \s-1SSL_CTX\s0 or an individual \s-1SSL\s0 +object respectively. The \fBmax_early_data\fR parameter specifies the maximum +amount of early data in bytes that is permitted to be sent on a single +connection. Similarly the \fISSL_CTX_get_max_early_data()\fR and +\&\fISSL_get_max_early_data()\fR functions can be used to obtain the current maximum +early data settings for the \s-1SSL_CTX\s0 and \s-1SSL\s0 objects respectively. Generally a +server application will either use both of \fISSL_read_early_data()\fR and +\&\fISSL_CTX_set_max_early_data()\fR (or \fISSL_set_max_early_data()\fR), or neither of them, +since there is no practical benefit from using only one of them. If the maximum +early data setting for a server is nonzero then replay protection is +automatically enabled (see \*(L"\s-1REPLAY\s0 \s-1PROTECTION\s0\*(R" below). +.PP +If the server rejects the early data sent by a client then it will skip over +the data that is sent. The maximum amount of received early data that is skipped +is controlled by the recv_max_early_data setting. If a client sends more than +this then the connection will abort. This value can be set by calling +\&\fISSL_CTX_set_recv_max_early_data()\fR or \fISSL_set_recv_max_early_data()\fR. The current +value for this setting can be obtained by calling +\&\fISSL_CTX_get_recv_max_early_data()\fR or \fISSL_get_recv_max_early_data()\fR. The default +value for this setting is 16,384 bytes. +.PP +The recv_max_early_data value also has an impact on early data that is accepted. +The amount of data that is accepted will always be the lower of the +max_early_data for the session and the recv_max_early_data setting for the +server. If a client sends more data than this then the connection will abort. +.PP +The configured value for max_early_data on a server may change over time as +required. However clients may have tickets containing the previously configured +max_early_data value. The recv_max_early_data should always be equal to or +higher than any recently configured max_early_data value in order to avoid +aborted connections. The recv_max_early_data should never be set to less than +the current configured max_early_data value. +.PP +Some server applications may wish to have more control over whether early data +is accepted or not, for example to mitigate replay risks (see \*(L"\s-1REPLAY\s0 \s-1PROTECTION\s0\*(R" +below) or to decline early_data when the server is heavily loaded. The functions +\&\fISSL_CTX_set_allow_early_data_cb()\fR and \fISSL_set_allow_early_data_cb()\fR set a +callback which is called at a point in the handshake immediately before a +decision is made to accept or reject early data. The callback is provided with a +pointer to the user data argument that was provided when the callback was first +set. Returning 1 from the callback will allow early data and returning 0 will +reject it. Note that the OpenSSL library may reject early data for other reasons +in which case this callback will not get called. Notably, the built-in replay +protection feature will still be used even if a callback is present unless it +has been explicitly disabled using the \s-1SSL_OP_NO_ANTI_REPLAY\s0 option. See +\&\*(L"\s-1REPLAY\s0 \s-1PROTECTION\s0\*(R" below. +.SH "NOTES" +.IX Header "NOTES" +The whole purpose of early data is to enable a client to start sending data to +the server before a full round trip of network traffic has occurred. Application +developers should ensure they consider optimisation of the underlying \s-1TCP\s0 socket +to obtain a performant solution. For example Nagle's algorithm is commonly used +by operating systems in an attempt to avoid lots of small \s-1TCP\s0 packets. In many +scenarios this is beneficial for performance, but it does not work well with the +early data solution as implemented in OpenSSL. In Nagle's algorithm the \s-1OS\s0 will +buffer outgoing \s-1TCP\s0 data if a \s-1TCP\s0 packet has already been sent which we have not +yet received an \s-1ACK\s0 for from the peer. The buffered data will only be +transmitted if enough data to fill an entire \s-1TCP\s0 packet is accumulated, or if +the \s-1ACK\s0 is received from the peer. The initial ClientHello will be sent in the +first \s-1TCP\s0 packet along with any data from the first call to +\&\fISSL_write_early_data()\fR. If the amount of data written will exceed the size of a +single \s-1TCP\s0 packet, or if there are more calls to \fISSL_write_early_data()\fR then +that additional data will be sent in subsequent \s-1TCP\s0 packets which will be +buffered by the \s-1OS\s0 and not sent until an \s-1ACK\s0 is received for the first packet +containing the ClientHello. This means the early data is not actually +sent until a complete round trip with the server has occurred which defeats the +objective of early data. +.PP +In many operating systems the \s-1TCP_NODELAY\s0 socket option is available to disable +Nagle's algorithm. If an application opts to disable Nagle's algorithm +consideration should be given to turning it back on again after the handshake is +complete if appropriate. +.PP +In rare circumstances, it may be possible for a client to have a session that +reports a max early data value greater than 0, but where the server does not +support this. For example, this can occur if a server has had its configuration +changed to accept a lower max early data value such as by calling +\&\fISSL_CTX_set_recv_max_early_data()\fR. Another example is if a server used to +support TLSv1.3 but was later downgraded to TLSv1.2. Sending early data to such +a server will cause the connection to abort. Clients that encounter an aborted +connection while sending early data may want to retry the connection without +sending early data as this does not happen automatically. A client will have to +establish a new transport layer connection to the server and attempt the \s-1SSL/TLS\s0 +connection again but without sending early data. Note that it is inadvisable to +retry with a lower maximum protocol version. +.SH "REPLAY PROTECTION" +.IX Header "REPLAY PROTECTION" +When early data is in use the \s-1TLS\s0 protocol provides no security guarantees that +the same early data was not replayed across multiple connections. As a +mitigation for this issue OpenSSL automatically enables replay protection if the +server is configured with a nonzero max early data value. With replay +protection enabled sessions are forced to be single use only. If a client +attempts to reuse a session ticket more than once, then the second and +subsequent attempts will fall back to a full handshake (and any early data that +was submitted will be ignored). Note that single use tickets are enforced even +if a client does not send any early data. +.PP +The replay protection mechanism relies on the internal OpenSSL server session +cache (see \fISSL_CTX_set_session_cache_mode\fR\|(3)). When replay protection is +being used the server will operate as if the \s-1SSL_OP_NO_TICKET\s0 option had been +selected (see \fISSL_CTX_set_options\fR\|(3)). Sessions will be added to the cache +whenever a session ticket is issued. When a client attempts to resume the +session, OpenSSL will check for its presence in the internal cache. If it exists +then the resumption is allowed and the session is removed from the cache. If it +does not exist then the resumption is not allowed and a full handshake will +occur. +.PP +Note that some applications may maintain an external cache of sessions (see +\&\fISSL_CTX_sess_set_new_cb\fR\|(3) and similar functions). It is the application's +responsibility to ensure that any sessions in the external cache are also +populated in the internal cache and that once removed from the internal cache +they are similarly removed from the external cache. Failing to do this could +result in an application becoming vulnerable to replay attacks. Note that +OpenSSL will lock the internal cache while a session is removed but that lock is +not held when the remove session callback (see \fISSL_CTX_sess_set_remove_cb\fR\|(3)) +is called. This could result in a small amount of time where the session has +been removed from the internal cache but is still available in the external +cache. Applications should be designed with this in mind in order to minimise +the possibility of replay attacks. +.PP +The OpenSSL replay protection does not apply to external Pre Shared Keys (PSKs) +(e.g. see \fISSL_CTX_set_psk_find_session_callback\fR\|(3)). Therefore extreme caution +should be applied when combining external PSKs with early data. +.PP +Some applications may mitigate the replay risks in other ways. For those +applications it is possible to turn off the built-in replay protection feature +using the \fB\s-1SSL_OP_NO_ANTI_REPLAY\s0\fR option. See \fISSL_CTX_set_options\fR\|(3) for +details. Applications can also set a callback to make decisions about accepting +early data or not. See \fISSL_CTX_set_allow_early_data_cb()\fR above for details. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_write_early_data()\fR returns 1 for success or 0 for failure. In the event of a +failure call \fISSL_get_error\fR\|(3) to determine the correct course of action. +.PP +\&\fISSL_read_early_data()\fR returns \s-1SSL_READ_EARLY_DATA_ERROR\s0 for failure, +\&\s-1SSL_READ_EARLY_DATA_SUCCESS\s0 for success with more data to read and +\&\s-1SSL_READ_EARLY_DATA_FINISH\s0 for success with no more to data be read. In the +event of a failure call \fISSL_get_error\fR\|(3) to determine the correct course of +action. +.PP +\&\fISSL_get_max_early_data()\fR, \fISSL_CTX_get_max_early_data()\fR and +\&\fISSL_SESSION_get_max_early_data()\fR return the maximum number of early data bytes +that may be sent. +.PP +\&\fISSL_set_max_early_data()\fR, \fISSL_CTX_set_max_early_data()\fR and +\&\fISSL_SESSION_set_max_early_data()\fR return 1 for success or 0 for failure. +.PP +\&\fISSL_get_early_data_status()\fR returns \s-1SSL_EARLY_DATA_ACCEPTED\s0 if early data was +accepted by the server, \s-1SSL_EARLY_DATA_REJECTED\s0 if early data was rejected by +the server, or \s-1SSL_EARLY_DATA_NOT_SENT\s0 if no early data was sent. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fISSL_get_error\fR\|(3), +\&\fISSL_write_ex\fR\|(3), +\&\fISSL_read_ex\fR\|(3), +\&\fISSL_connect\fR\|(3), +\&\fISSL_accept\fR\|(3), +\&\fISSL_do_handshake\fR\|(3), +\&\fISSL_CTX_set_psk_use_session_callback\fR\|(3), +\&\fIssl\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +All of the functions described above were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_rstate_string.3 b/linux_amd64/share/man/man3/SSL_rstate_string.3 new file mode 100755 index 0000000..bc150a9 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_rstate_string.3 @@ -0,0 +1,186 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_RSTATE_STRING 3" +.TH SSL_RSTATE_STRING 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_rstate_string, SSL_rstate_string_long \- get textual description of state of an SSL object during read operation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const char *SSL_rstate_string(SSL *ssl); +\& const char *SSL_rstate_string_long(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_rstate_string()\fR returns a 2 letter string indicating the current read state +of the \s-1SSL\s0 object \fBssl\fR. +.PP +\&\fISSL_rstate_string_long()\fR returns a string indicating the current read state of +the \s-1SSL\s0 object \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +When performing a read operation, the \s-1SSL/TLS\s0 engine must parse the record, +consisting of header and body. When working in a blocking environment, +SSL_rstate_string[_long]() should always return \*(L"\s-1RD\s0\*(R"/\*(L"read done\*(R". +.PP +This function should only seldom be needed in applications. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_rstate_string()\fR and \fISSL_rstate_string_long()\fR can return the following +values: +.ie n .IP """\s-1RH\s0""/""read header""" 4 +.el .IP "``\s-1RH\s0''/``read header''" 4 +.IX Item "RH/read header" +The header of the record is being evaluated. +.ie n .IP """\s-1RB\s0""/""read body""" 4 +.el .IP "``\s-1RB\s0''/``read body''" 4 +.IX Item "RB/read body" +The body of the record is being evaluated. +.ie n .IP """\s-1RD\s0""/""read done""" 4 +.el .IP "``\s-1RD\s0''/``read done''" 4 +.IX Item "RD/read done" +The record has been completely processed. +.ie n .IP """unknown""/""unknown""" 4 +.el .IP "``unknown''/``unknown''" 4 +.IX Item "unknown/unknown" +The read state is unknown. This should never happen. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_session_reused.3 b/linux_amd64/share/man/man3/SSL_session_reused.3 new file mode 100755 index 0000000..f36a1f7 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_session_reused.3 @@ -0,0 +1,169 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_REUSED 3" +.TH SSL_SESSION_REUSED 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_session_reused \- query whether a reused session was negotiated during handshake +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_session_reused(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Query, whether a reused session was negotiated during the handshake. +.SH "NOTES" +.IX Header "NOTES" +During the negotiation, a client can propose to reuse a session. The server +then looks up the session in its cache. If both client and server agree +on the session, it will be reused and a flag is being set that can be +queried by the application. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "0" 4 +A new session was negotiated. +.IP "1" 4 +.IX Item "1" +A session was reused. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_set_session\fR\|(3), +\&\fISSL_CTX_set_session_cache_mode\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_set1_host.3 b/linux_amd64/share/man/man3/SSL_set1_host.3 new file mode 100755 index 0000000..7e82ab8 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_set1_host.3 @@ -0,0 +1,242 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SET1_HOST 3" +.TH SSL_SET1_HOST 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_set1_host, SSL_add1_host, SSL_set_hostflags, SSL_get0_peername \- +SSL server verification parameters +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_set1_host(SSL *s, const char *hostname); +\& int SSL_add1_host(SSL *s, const char *hostname); +\& void SSL_set_hostflags(SSL *s, unsigned int flags); +\& const char *SSL_get0_peername(SSL *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions configure server hostname checks in the \s-1SSL\s0 client. +.PP +\&\fISSL_set1_host()\fR sets the expected \s-1DNS\s0 hostname to \fBname\fR clearing +any previously specified hostname. If \fBname\fR is \s-1NULL\s0 +or the empty string, the list of hostnames is cleared and name +checks are not performed on the peer certificate. When a non-empty +\&\fBname\fR is specified, certificate verification automatically checks +the peer hostname via \fIX509_check_host\fR\|(3) with \fBflags\fR as specified +via \fISSL_set_hostflags()\fR. Clients that enable \s-1DANE\s0 \s-1TLSA\s0 authentication +via \fISSL_dane_enable\fR\|(3) should leave it to that function to set +the primary reference identifier of the peer, and should not call +\&\fISSL_set1_host()\fR. +.PP +\&\fISSL_add1_host()\fR adds \fBname\fR as an additional reference identifier +that can match the peer's certificate. Any previous names set via +\&\fISSL_set1_host()\fR or \fISSL_add1_host()\fR are retained, no change is made +if \fBname\fR is \s-1NULL\s0 or empty. When multiple names are configured, +the peer is considered verified when any name matches. This function +is required for \s-1DANE\s0 \s-1TLSA\s0 in the presence of service name indirection +via \s-1CNAME\s0, \s-1MX\s0 or \s-1SRV\s0 records as specified in \s-1RFC7671\s0, \s-1RFC7672\s0 or +\&\s-1RFC7673\s0. +.PP +\&\fISSL_set_hostflags()\fR sets the \fBflags\fR that will be passed to +\&\fIX509_check_host\fR\|(3) when name checks are applicable, by default +the \fBflags\fR value is 0. See \fIX509_check_host\fR\|(3) for the list +of available flags and their meaning. +.PP +\&\fISSL_get0_peername()\fR returns the \s-1DNS\s0 hostname or subject CommonName +from the peer certificate that matched one of the reference +identifiers. When wildcard matching is not disabled, the name +matched in the peer certificate may be a wildcard name. When one +of the reference identifiers configured via \fISSL_set1_host()\fR or +\&\fISSL_add1_host()\fR starts with \*(L".\*(R", which indicates a parent domain prefix +rather than a fixed name, the matched peer name may be a sub-domain +of the reference identifier. The returned string is allocated by +the library and is no longer valid once the associated \fBssl\fR handle +is cleared or freed, or a renegotiation takes place. Applications +must not free the return value. +.PP +\&\s-1SSL\s0 clients are advised to use these functions in preference to +explicitly calling \fIX509_check_host\fR\|(3). Hostname checks may be out +of scope with the \s-1RFC7671\s0 \s-1\fIDANE\-EE\s0\fR\|(3) certificate usage, and the +internal check will be suppressed as appropriate when \s-1DANE\s0 is +enabled. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_set1_host()\fR and \fISSL_add1_host()\fR return 1 for success and 0 for +failure. +.PP +\&\fISSL_get0_peername()\fR returns \s-1NULL\s0 if peername verification is not +applicable (as with \s-1RFC7671\s0 \s-1\fIDANE\-EE\s0\fR\|(3)), or no trusted peername was +matched. Otherwise, it returns the matched peername. To determine +whether verification succeeded call \fISSL_get_verify_result\fR\|(3). +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Suppose \*(L"smtp.example.com\*(R" is the \s-1MX\s0 host of the domain \*(L"example.com\*(R". +The calls below will arrange to match either the \s-1MX\s0 hostname or the +destination domain name in the \s-1SMTP\s0 server certificate. Wildcards +are supported, but must match the entire label. The actual name +matched in the certificate (which might be a wildcard) is retrieved, +and must be copied by the application if it is to be retained beyond +the lifetime of the \s-1SSL\s0 connection. +.PP +.Vb 5 +\& SSL_set_hostflags(ssl, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); +\& if (!SSL_set1_host(ssl, "smtp.example.com")) +\& /* error */ +\& if (!SSL_add1_host(ssl, "example.com")) +\& /* error */ +\& +\& /* XXX: Perform SSL_connect() handshake and handle errors here */ +\& +\& if (SSL_get_verify_result(ssl) == X509_V_OK) { +\& const char *peername = SSL_get0_peername(ssl); +\& +\& if (peername != NULL) +\& /* Name checks were in scope and matched the peername */ +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fIX509_check_host\fR\|(3), +\&\fISSL_get_verify_result\fR\|(3). +\&\fISSL_dane_enable\fR\|(3). +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_set_async_callback.3 b/linux_amd64/share/man/man3/SSL_set_async_callback.3 new file mode 100755 index 0000000..d43483b --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_set_async_callback.3 @@ -0,0 +1,229 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SET_ASYNC_CALLBACK 3" +.TH SSL_SET_ASYNC_CALLBACK 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_async_callback, +SSL_CTX_set_async_callback_arg, +SSL_set_async_callback, +SSL_set_async_callback_arg, +SSL_get_async_status, +SSL_async_callback_fn +\&\- manage asynchronous operations +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef int (*SSL_async_callback_fn)(SSL *s, void *arg); +\& int SSL_CTX_set_async_callback(SSL_CTX *ctx, SSL_async_callback_fn callback); +\& int SSL_CTX_set_async_callback_arg(SSL_CTX *ctx, void *arg); +\& int SSL_set_async_callback(SSL *s, SSL_async_callback_fn callback); +\& int SSL_set_async_callback_arg(SSL *s, void *arg); +\& int SSL_get_async_status(SSL *s, int *status); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_async_callback()\fR sets an asynchronous callback function. All \fB\s-1SSL\s0\fR +objects generated based on this \fB\s-1SSL_CTX\s0\fR will get this callback. If an engine +supports the callback mechanism, it will be automatically called if +\&\fB\s-1SSL_MODE_ASYNC\s0\fR has been set and an asynchronous capable engine completes a +cryptography operation to notify the application to resume the paused work flow. +.PP +\&\fISSL_CTX_set_async_callback_arg()\fR sets the callback argument. +.PP +\&\fISSL_set_async_callback()\fR allows an application to set a callback in an +asynchronous \fB\s-1SSL\s0\fR object, so that when an engine completes a cryptography +operation, the callback will be called to notify the application to resume the +paused work flow. +.PP +\&\fISSL_set_async_callback_arg()\fR sets an argument for the \fB\s-1SSL\s0\fR object when the +above callback is called. +.PP +\&\fISSL_get_async_status()\fR returns the engine status. This function facilitates the +communication from the engine to the application. During an \s-1SSL\s0 session, +cryptographic operations are dispatched to an engine. The engine status is very +useful for an application to know if the operation has been successfully +dispatched. If the engine does not support this additional callback method, +\&\fB\s-1ASYNC_STATUS_UNSUPPORTED\s0\fR will be returned. See \fIASYNC_WAIT_CTX_set_status()\fR +for a description of all of the status values. +.PP +An example of the above functions would be the following: +.IP "1." 4 +Application sets the async callback and callback data on an \s-1SSL\s0 connection +by calling \fISSL_set_async_callback()\fR. +.IP "2." 4 +Application sets \fB\s-1SSL_MODE_ASYNC\s0\fR and makes an asynchronous \s-1SSL\s0 call +.IP "3." 4 +OpenSSL submits the asynchronous request to the engine. If a retry occurs at +this point then the status within the \fB\s-1ASYNC_WAIT_CTX\s0\fR would be set and the +async callback function would be called (goto Step 7). +.IP "4." 4 +The OpenSSL engine pauses the current job and returns, so that the +application can continue processing other connections. +.IP "5." 4 +At a future point in time (probably via a polling mechanism or via an +interrupt) the engine will become aware that the asynchronous request has +finished processing. +.IP "6." 4 +The engine will call the application's callback passing the callback data as +a parameter. +.IP "7." 4 +The callback function should then run. Note: it is a requirement that the +callback function is small and non-blocking as it will be run in the context of +a polling mechanism or an interrupt. +.IP "8." 4 +It is the application's responsibility via the callback function to schedule +recalling the OpenSSL asynchronous function and to continue processing. +.IP "9." 4 +The callback function has the option to check the status returned via +\&\fISSL_get_async_status()\fR to determine whether a retry happened instead of the +request being submitted, allowing different processing if required. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_async_callback()\fR, \fISSL_set_async_callback()\fR, +\&\fISSL_CTX_set_async_callback_arg()\fR, \fISSL_CTX_set_async_callback_arg()\fR and +\&\fISSL_get_async_status()\fR return 1 on success or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fISSL_CTX_set_async_callback()\fR, \fISSL_CTX_set_async_callback_arg()\fR, +\&\fISSL_set_async_callback()\fR, \fISSL_set_async_callback_arg()\fR and +\&\fISSL_get_async_status()\fR were first added to OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_set_bio.3 b/linux_amd64/share/man/man3/SSL_set_bio.3 new file mode 100755 index 0000000..99a743a --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_set_bio.3 @@ -0,0 +1,218 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SET_BIO 3" +.TH SSL_SET_BIO 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_set_bio, SSL_set0_rbio, SSL_set0_wbio \- connect the SSL object with a BIO +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio); +\& void SSL_set0_rbio(SSL *s, BIO *rbio); +\& void SSL_set0_wbio(SSL *s, BIO *wbio); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_set0_rbio()\fR connects the \s-1BIO\s0 \fBrbio\fR for the read operations of the \fBssl\fR +object. The \s-1SSL\s0 engine inherits the behaviour of \fBrbio\fR. If the \s-1BIO\s0 is +non-blocking then the \fBssl\fR object will also have non-blocking behaviour. This +function transfers ownership of \fBrbio\fR to \fBssl\fR. It will be automatically +freed using \fIBIO_free_all\fR\|(3) when the \fBssl\fR is freed. On calling this +function, any existing \fBrbio\fR that was previously set will also be freed via a +call to \fIBIO_free_all\fR\|(3) (this includes the case where the \fBrbio\fR is set to +the same value as previously). +.PP +\&\fISSL_set0_wbio()\fR works in the same as \fISSL_set0_rbio()\fR except that it connects +the \s-1BIO\s0 \fBwbio\fR for the write operations of the \fBssl\fR object. Note that if the +rbio and wbio are the same then \fISSL_set0_rbio()\fR and \fISSL_set0_wbio()\fR each take +ownership of one reference. Therefore it may be necessary to increment the +number of references available using \fIBIO_up_ref\fR\|(3) before calling the set0 +functions. +.PP +\&\fISSL_set_bio()\fR is similar to \fISSL_set0_rbio()\fR and \fISSL_set0_wbio()\fR except +that it connects both the \fBrbio\fR and the \fBwbio\fR at the same time, and +transfers the ownership of \fBrbio\fR and \fBwbio\fR to \fBssl\fR according to +the following set of rules: +.IP "\(bu" 2 +If neither the \fBrbio\fR or \fBwbio\fR have changed from their previous values +then nothing is done. +.IP "\(bu" 2 +If the \fBrbio\fR and \fBwbio\fR parameters are different and both are different +to their +previously set values then one reference is consumed for the rbio and one +reference is consumed for the wbio. +.IP "\(bu" 2 +If the \fBrbio\fR and \fBwbio\fR parameters are the same and the \fBrbio\fR is not +the same as the previously set value then one reference is consumed. +.IP "\(bu" 2 +If the \fBrbio\fR and \fBwbio\fR parameters are the same and the \fBrbio\fR is the +same as the previously set value, then no additional references are consumed. +.IP "\(bu" 2 +If the \fBrbio\fR and \fBwbio\fR parameters are different and the \fBrbio\fR is the +same as the +previously set value then one reference is consumed for the \fBwbio\fR and no +references are consumed for the \fBrbio\fR. +.IP "\(bu" 2 +If the \fBrbio\fR and \fBwbio\fR parameters are different and the \fBwbio\fR is the +same as the previously set value and the old \fBrbio\fR and \fBwbio\fR values +were the same as each other then one reference is consumed for the \fBrbio\fR +and no references are consumed for the \fBwbio\fR. +.IP "\(bu" 2 +If the \fBrbio\fR and \fBwbio\fR parameters are different and the \fBwbio\fR +is the same as the +previously set value and the old \fBrbio\fR and \fBwbio\fR values were different +to each +other then one reference is consumed for the \fBrbio\fR and one reference +is consumed +for the \fBwbio\fR. +.PP +Because of this complexity, this function should be avoided; +use \fISSL_set0_rbio()\fR and \fISSL_set0_wbio()\fR instead. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_set_bio()\fR, \fISSL_set0_rbio()\fR and \fISSL_set0_wbio()\fR cannot fail. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fISSL_get_rbio\fR\|(3), +\&\fISSL_connect\fR\|(3), \fISSL_accept\fR\|(3), +\&\fISSL_shutdown\fR\|(3), \fIssl\fR\|(7), \fIbio\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fISSL_set0_rbio()\fR and \fISSL_set0_wbio()\fR were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_set_connect_state.3 b/linux_amd64/share/man/man3/SSL_set_connect_state.3 new file mode 100755 index 0000000..b14ef80 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_set_connect_state.3 @@ -0,0 +1,199 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SET_CONNECT_STATE 3" +.TH SSL_SET_CONNECT_STATE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_set_connect_state, SSL_set_accept_state, SSL_is_server +\&\- functions for manipulating and examining the client or server mode of an SSL object +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_set_connect_state(SSL *ssl); +\& +\& void SSL_set_accept_state(SSL *ssl); +\& +\& int SSL_is_server(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_set_connect_state()\fR sets \fBssl\fR to work in client mode. +.PP +\&\fISSL_set_accept_state()\fR sets \fBssl\fR to work in server mode. +.PP +\&\fISSL_is_server()\fR checks if \fBssl\fR is working in server mode. +.SH "NOTES" +.IX Header "NOTES" +When the \s-1SSL_CTX\s0 object was created with \fISSL_CTX_new\fR\|(3), +it was either assigned a dedicated client method, a dedicated server +method, or a generic method, that can be used for both client and +server connections. (The method might have been changed with +\&\fISSL_CTX_set_ssl_version\fR\|(3) or +\&\fISSL_set_ssl_method\fR\|(3).) +.PP +When beginning a new handshake, the \s-1SSL\s0 engine must know whether it must +call the connect (client) or accept (server) routines. Even though it may +be clear from the method chosen, whether client or server mode was +requested, the handshake routines must be explicitly set. +.PP +When using the \fISSL_connect\fR\|(3) or +\&\fISSL_accept\fR\|(3) routines, the correct handshake +routines are automatically set. When performing a transparent negotiation +using \fISSL_write_ex\fR\|(3), \fISSL_write\fR\|(3), \fISSL_read_ex\fR\|(3), or \fISSL_read\fR\|(3), +the handshake routines must be explicitly set in advance using either +\&\fISSL_set_connect_state()\fR or \fISSL_set_accept_state()\fR. +.PP +If \fISSL_is_server()\fR is called before \fISSL_set_connect_state()\fR or +\&\fISSL_set_accept_state()\fR is called (either automatically or explicitly), +the result depends on what method was used when \s-1SSL_CTX\s0 was created with +\&\fISSL_CTX_new\fR\|(3). If a generic method or a dedicated server method was +passed to \fISSL_CTX_new\fR\|(3), \fISSL_is_server()\fR returns 1; otherwise, it returns 0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_set_connect_state()\fR and \fISSL_set_accept_state()\fR do not return diagnostic +information. +.PP +\&\fISSL_is_server()\fR returns 1 if \fBssl\fR is working in server mode or 0 for client mode. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_new\fR\|(3), \fISSL_CTX_new\fR\|(3), +\&\fISSL_connect\fR\|(3), \fISSL_accept\fR\|(3), +\&\fISSL_write_ex\fR\|(3), \fISSL_write\fR\|(3), \fISSL_read_ex\fR\|(3), \fISSL_read\fR\|(3), +\&\fISSL_do_handshake\fR\|(3), +\&\fISSL_CTX_set_ssl_version\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_set_fd.3 b/linux_amd64/share/man/man3/SSL_set_fd.3 new file mode 100755 index 0000000..d0ab32d --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_set_fd.3 @@ -0,0 +1,179 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SET_FD 3" +.TH SSL_SET_FD 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_set_fd, SSL_set_rfd, SSL_set_wfd \- connect the SSL object with a file descriptor +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_set_fd(SSL *ssl, int fd); +\& int SSL_set_rfd(SSL *ssl, int fd); +\& int SSL_set_wfd(SSL *ssl, int fd); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_set_fd()\fR sets the file descriptor \fBfd\fR as the input/output facility +for the \s-1TLS/SSL\s0 (encrypted) side of \fBssl\fR. \fBfd\fR will typically be the +socket file descriptor of a network connection. +.PP +When performing the operation, a \fBsocket \s-1BIO\s0\fR is automatically created to +interface between the \fBssl\fR and \fBfd\fR. The \s-1BIO\s0 and hence the \s-1SSL\s0 engine +inherit the behaviour of \fBfd\fR. If \fBfd\fR is non-blocking, the \fBssl\fR will +also have non-blocking behaviour. +.PP +If there was already a \s-1BIO\s0 connected to \fBssl\fR, \fIBIO_free()\fR will be called +(for both the reading and writing side, if different). +.PP +\&\fISSL_set_rfd()\fR and \fISSL_set_wfd()\fR perform the respective action, but only +for the read channel or the write channel, which can be set independently. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "0" 4 +The operation failed. Check the error stack to find out why. +.IP "1" 4 +.IX Item "1" +The operation succeeded. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fISSL_get_fd\fR\|(3), \fISSL_set_bio\fR\|(3), +\&\fISSL_connect\fR\|(3), \fISSL_accept\fR\|(3), +\&\fISSL_shutdown\fR\|(3), \fIssl\fR\|(7) , \fIbio\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_set_session.3 b/linux_amd64/share/man/man3/SSL_set_session.3 new file mode 100755 index 0000000..ab75063 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_set_session.3 @@ -0,0 +1,185 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SET_SESSION 3" +.TH SSL_SET_SESSION 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_set_session \- set a TLS/SSL session to be used during TLS/SSL connect +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_set_session(SSL *ssl, SSL_SESSION *session); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_set_session()\fR sets \fBsession\fR to be used when the \s-1TLS/SSL\s0 connection +is to be established. \fISSL_set_session()\fR is only useful for \s-1TLS/SSL\s0 clients. +When the session is set, the reference count of \fBsession\fR is incremented +by 1. If the session is not reused, the reference count is decremented +again during \fISSL_connect()\fR. Whether the session was reused can be queried +with the \fISSL_session_reused\fR\|(3) call. +.PP +If there is already a session set inside \fBssl\fR (because it was set with +\&\fISSL_set_session()\fR before or because the same \fBssl\fR was already used for +a connection), \fISSL_SESSION_free()\fR will be called for that session. If that old +session is still \fBopen\fR, it is considered bad and will be removed from the +session cache (if used). A session is considered open, if \fISSL_shutdown\fR\|(3) was +not called for the connection (or at least \fISSL_set_shutdown\fR\|(3) was used to +set the \s-1SSL_SENT_SHUTDOWN\s0 state). +.SH "NOTES" +.IX Header "NOTES" +\&\s-1SSL_SESSION\s0 objects keep internal link information about the session cache +list, when being inserted into one \s-1SSL_CTX\s0 object's session cache. +One \s-1SSL_SESSION\s0 object, regardless of its reference count, must therefore +only be used with one \s-1SSL_CTX\s0 object (and the \s-1SSL\s0 objects created +from this \s-1SSL_CTX\s0 object). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "0" 4 +The operation failed; check the error stack to find out the reason. +.IP "1" 4 +.IX Item "1" +The operation succeeded. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_SESSION_free\fR\|(3), +\&\fISSL_get_session\fR\|(3), +\&\fISSL_session_reused\fR\|(3), +\&\fISSL_CTX_set_session_cache_mode\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_set_shutdown.3 b/linux_amd64/share/man/man3/SSL_set_shutdown.3 new file mode 100755 index 0000000..f380823 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_set_shutdown.3 @@ -0,0 +1,195 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SET_SHUTDOWN 3" +.TH SSL_SET_SHUTDOWN 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_set_shutdown, SSL_get_shutdown \- manipulate shutdown state of an SSL connection +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_set_shutdown(SSL *ssl, int mode); +\& +\& int SSL_get_shutdown(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_set_shutdown()\fR sets the shutdown state of \fBssl\fR to \fBmode\fR. +.PP +\&\fISSL_get_shutdown()\fR returns the shutdown mode of \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +The shutdown state of an ssl connection is a bit-mask of: +.IP "0" 4 +No shutdown setting, yet. +.IP "\s-1SSL_SENT_SHUTDOWN\s0" 4 +.IX Item "SSL_SENT_SHUTDOWN" +A close_notify shutdown alert was sent to the peer, the connection is being +considered closed and the session is closed and correct. +.IP "\s-1SSL_RECEIVED_SHUTDOWN\s0" 4 +.IX Item "SSL_RECEIVED_SHUTDOWN" +A shutdown alert was received form the peer, either a normal close_notify +or a fatal error. +.PP +\&\s-1SSL_SENT_SHUTDOWN\s0 and \s-1SSL_RECEIVED_SHUTDOWN\s0 can be set at the same time. +.PP +The shutdown state of the connection is used to determine the state of +the ssl session. If the session is still open, when +\&\fISSL_clear\fR\|(3) or \fISSL_free\fR\|(3) is called, +it is considered bad and removed according to \s-1RFC2246\s0. +The actual condition for a correctly closed session is \s-1SSL_SENT_SHUTDOWN\s0 +(according to the \s-1TLS\s0 \s-1RFC\s0, it is acceptable to only send the close_notify +alert but to not wait for the peer's answer, when the underlying connection +is closed). +\&\fISSL_set_shutdown()\fR can be used to set this state without sending a +close alert to the peer (see \fISSL_shutdown\fR\|(3)). +.PP +If a close_notify was received, \s-1SSL_RECEIVED_SHUTDOWN\s0 will be set, +for setting \s-1SSL_SENT_SHUTDOWN\s0 the application must however still call +\&\fISSL_shutdown\fR\|(3) or \fISSL_set_shutdown()\fR itself. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_set_shutdown()\fR does not return diagnostic information. +.PP +\&\fISSL_get_shutdown()\fR returns the current setting. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_shutdown\fR\|(3), +\&\fISSL_CTX_set_quiet_shutdown\fR\|(3), +\&\fISSL_clear\fR\|(3), \fISSL_free\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_set_verify_result.3 b/linux_amd64/share/man/man3/SSL_set_verify_result.3 new file mode 100755 index 0000000..4f40a5f --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_set_verify_result.3 @@ -0,0 +1,169 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SET_VERIFY_RESULT 3" +.TH SSL_SET_VERIFY_RESULT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_set_verify_result \- override result of peer certificate verification +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_set_verify_result(SSL *ssl, long verify_result); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_set_verify_result()\fR sets \fBverify_result\fR of the object \fBssl\fR to be the +result of the verification of the X509 certificate presented by the peer, +if any. +.SH "NOTES" +.IX Header "NOTES" +\&\fISSL_set_verify_result()\fR overrides the verification result. It only changes +the verification result of the \fBssl\fR object. It does not become part of the +established session, so if the session is to be reused later, the original +value will reappear. +.PP +The valid codes for \fBverify_result\fR are documented in \fIopenssl\-verify\fR\|(1). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_set_verify_result()\fR does not provide a return value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_get_verify_result\fR\|(3), +\&\fISSL_get_peer_certificate\fR\|(3), +\&\fIopenssl\-verify\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_shutdown.3 b/linux_amd64/share/man/man3/SSL_shutdown.3 new file mode 100755 index 0000000..a70b1e0 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_shutdown.3 @@ -0,0 +1,276 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SHUTDOWN 3" +.TH SSL_SHUTDOWN 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_shutdown \- shut down a TLS/SSL connection +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_shutdown(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_shutdown()\fR shuts down an active \s-1TLS/SSL\s0 connection. It sends the +close_notify shutdown alert to the peer. +.PP +\&\fISSL_shutdown()\fR tries to send the close_notify shutdown alert to the peer. +Whether the operation succeeds or not, the \s-1SSL_SENT_SHUTDOWN\s0 flag is set and +a currently open session is considered closed and good and will be kept in the +session cache for further reuse. +.PP +Note that \fISSL_shutdown()\fR must not be called if a previous fatal error has +occurred on a connection i.e. if \fISSL_get_error()\fR has returned \s-1SSL_ERROR_SYSCALL\s0 +or \s-1SSL_ERROR_SSL\s0. +.PP +The shutdown procedure consists of two steps: sending of the close_notify +shutdown alert, and reception of the peer's close_notify shutdown alert. +The order of those two steps depends on the application. +.PP +It is acceptable for an application to only send its shutdown alert and +then close the underlying connection without waiting for the peer's response. +This way resources can be saved, as the process can already terminate or +serve another connection. +This should only be done when it is known that the other side will not send more +data, otherwise there is a risk of a truncation attack. +.PP +When a client only writes and never reads from the connection, and the server +has sent a session ticket to establish a session, the client might not be able +to resume the session because it did not received and process the session ticket +from the server. +In case the application wants to be able to resume the session, it is recommended to +do a complete shutdown procedure (bidirectional close_notify alerts). +.PP +When the underlying connection shall be used for more communications, the +complete shutdown procedure must be performed, so that the peers stay +synchronized. +.PP +\&\fISSL_shutdown()\fR only closes the write direction. +It is not possible to call \fISSL_write()\fR after calling \fISSL_shutdown()\fR. +The read direction is closed by the peer. +.PP +The behaviour of \fISSL_shutdown()\fR additionally depends on the underlying \s-1BIO\s0. +If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_shutdown()\fR will only return once the +handshake step has been finished or an error occurred. +.PP +If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fISSL_shutdown()\fR will also return +when the underlying \s-1BIO\s0 could not satisfy the needs of \fISSL_shutdown()\fR +to continue the handshake. In this case a call to \fISSL_get_error()\fR with the +return value of \fISSL_shutdown()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or +\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after +taking appropriate action to satisfy the needs of \fISSL_shutdown()\fR. +The action depends on the underlying \s-1BIO\s0. When using a non-blocking socket, +nothing is to be done, but \fIselect()\fR can be used to check for the required +condition. When using a buffering \s-1BIO\s0, like a \s-1BIO\s0 pair, data must be written +into or retrieved out of the \s-1BIO\s0 before being able to continue. +.PP +After \fISSL_shutdown()\fR returned 0, it is possible to call \fISSL_shutdown()\fR again +to wait for the peer's close_notify alert. +\&\fISSL_shutdown()\fR will return 1 in that case. +However, it is recommended to wait for it using \fISSL_read()\fR instead. +.PP +\&\fISSL_shutdown()\fR can be modified to only set the connection to \*(L"shutdown\*(R" +state but not actually send the close_notify alert messages, +see \fISSL_CTX_set_quiet_shutdown\fR\|(3). +When \*(L"quiet shutdown\*(R" is enabled, \fISSL_shutdown()\fR will always succeed +and return 1. +.SS "First to close the connection" +.IX Subsection "First to close the connection" +When the application is the first party to send the close_notify +alert, \fISSL_shutdown()\fR will only send the alert and then set the +\&\s-1SSL_SENT_SHUTDOWN\s0 flag (so that the session is considered good and will +be kept in the cache). +If successful, \fISSL_shutdown()\fR will return 0. +.PP +If a unidirectional shutdown is enough (the underlying connection shall be +closed anyway), this first successful call to \fISSL_shutdown()\fR is sufficient. +.PP +In order to complete the bidirectional shutdown handshake, the peer needs +to send back a close_notify alert. +The \s-1SSL_RECEIVED_SHUTDOWN\s0 flag will be set after receiving and processing +it. +.PP +The peer is still allowed to send data after receiving the close_notify +event. +When it is done sending data, it will send the close_notify alert. +\&\fISSL_read()\fR should be called until all data is received. +\&\fISSL_read()\fR will indicate the end of the peer data by returning <= 0 +and \fISSL_get_error()\fR returning \s-1SSL_ERROR_ZERO_RETURN\s0. +.SS "Peer closes the connection" +.IX Subsection "Peer closes the connection" +If the peer already sent the close_notify alert \fBand\fR it was +already processed implicitly inside another function +(\fISSL_read\fR\|(3)), the \s-1SSL_RECEIVED_SHUTDOWN\s0 flag is set. +\&\fISSL_read()\fR will return <= 0 in that case, and \fISSL_get_error()\fR will return +\&\s-1SSL_ERROR_ZERO_RETURN\s0. +\&\fISSL_shutdown()\fR will send the close_notify alert, set the \s-1SSL_SENT_SHUTDOWN\s0 +flag. +If successful, \fISSL_shutdown()\fR will return 1. +.PP +Whether \s-1SSL_RECEIVED_SHUTDOWN\s0 is already set can be checked using the +\&\fISSL_get_shutdown()\fR (see also \fISSL_set_shutdown\fR\|(3) call. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "0" 4 +The shutdown is not yet finished: the close_notify was sent but the peer +did not send it back yet. +Call \fISSL_read()\fR to do a bidirectional shutdown. +The output of \fISSL_get_error\fR\|(3) may be misleading, as an +erroneous \s-1SSL_ERROR_SYSCALL\s0 may be flagged even though no error occurred. +.IP "1" 4 +.IX Item "1" +The shutdown was successfully completed. The close_notify alert was sent +and the peer's close_notify alert was received. +.IP "<0" 4 +.IX Item "<0" +The shutdown was not successful. +Call \fISSL_get_error\fR\|(3) with the return value \fBret\fR to find out the reason. +It can occur if an action is needed to continue the operation for non-blocking +BIOs. +.Sp +It can also occur when not all data was read using \fISSL_read()\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fISSL_get_error\fR\|(3), \fISSL_connect\fR\|(3), +\&\fISSL_accept\fR\|(3), \fISSL_set_shutdown\fR\|(3), +\&\fISSL_CTX_set_quiet_shutdown\fR\|(3), +\&\fISSL_clear\fR\|(3), \fISSL_free\fR\|(3), +\&\fIssl\fR\|(7), \fIbio\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_state_string.3 b/linux_amd64/share/man/man3/SSL_state_string.3 new file mode 100755 index 0000000..1ed579d --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_state_string.3 @@ -0,0 +1,176 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_STATE_STRING 3" +.TH SSL_STATE_STRING 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_state_string, SSL_state_string_long \- get textual description of state of an SSL object +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const char *SSL_state_string(const SSL *ssl); +\& const char *SSL_state_string_long(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_state_string()\fR returns a 6 letter string indicating the current state +of the \s-1SSL\s0 object \fBssl\fR. +.PP +\&\fISSL_state_string_long()\fR returns a string indicating the current state of +the \s-1SSL\s0 object \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +During its use, an \s-1SSL\s0 objects passes several states. The state is internally +maintained. Querying the state information is not very informative before +or when a connection has been established. It however can be of significant +interest during the handshake. +.PP +When using non-blocking sockets, the function call performing the handshake +may return with \s-1SSL_ERROR_WANT_READ\s0 or \s-1SSL_ERROR_WANT_WRITE\s0 condition, +so that SSL_state_string[_long]() may be called. +.PP +For both blocking or non-blocking sockets, the details state information +can be used within the info_callback function set with the +\&\fISSL_set_info_callback()\fR call. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Detailed description of possible states to be included later. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_CTX_set_info_callback\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_want.3 b/linux_amd64/share/man/man3/SSL_want.3 new file mode 100755 index 0000000..8c8078e --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_want.3 @@ -0,0 +1,226 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_WANT 3" +.TH SSL_WANT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_want, SSL_want_nothing, SSL_want_read, SSL_want_write, SSL_want_x509_lookup, +SSL_want_async, SSL_want_async_job, SSL_want_client_hello_cb \- obtain state +information TLS/SSL I/O operation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_want(const SSL *ssl); +\& int SSL_want_nothing(const SSL *ssl); +\& int SSL_want_read(const SSL *ssl); +\& int SSL_want_write(const SSL *ssl); +\& int SSL_want_x509_lookup(const SSL *ssl); +\& int SSL_want_async(const SSL *ssl); +\& int SSL_want_async_job(const SSL *ssl); +\& int SSL_want_client_hello_cb(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_want()\fR returns state information for the \s-1SSL\s0 object \fBssl\fR. +.PP +The other SSL_want_*() calls are shortcuts for the possible states returned +by \fISSL_want()\fR. +.SH "NOTES" +.IX Header "NOTES" +\&\fISSL_want()\fR examines the internal state information of the \s-1SSL\s0 object. Its +return values are similar to that of \fISSL_get_error\fR\|(3). +Unlike \fISSL_get_error\fR\|(3), which also evaluates the +error queue, the results are obtained by examining an internal state flag +only. The information must therefore only be used for normal operation under +non-blocking I/O. Error conditions are not handled and must be treated +using \fISSL_get_error\fR\|(3). +.PP +The result returned by \fISSL_want()\fR should always be consistent with +the result of \fISSL_get_error\fR\|(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can currently occur for \fISSL_want()\fR: +.IP "\s-1SSL_NOTHING\s0" 4 +.IX Item "SSL_NOTHING" +There is no data to be written or to be read. +.IP "\s-1SSL_WRITING\s0" 4 +.IX Item "SSL_WRITING" +There are data in the \s-1SSL\s0 buffer that must be written to the underlying +\&\fB\s-1BIO\s0\fR layer in order to complete the actual SSL_*() operation. +A call to \fISSL_get_error\fR\|(3) should return +\&\s-1SSL_ERROR_WANT_WRITE\s0. +.IP "\s-1SSL_READING\s0" 4 +.IX Item "SSL_READING" +More data must be read from the underlying \fB\s-1BIO\s0\fR layer in order to +complete the actual SSL_*() operation. +A call to \fISSL_get_error\fR\|(3) should return +\&\s-1SSL_ERROR_WANT_READ\s0. +.IP "\s-1SSL_X509_LOOKUP\s0" 4 +.IX Item "SSL_X509_LOOKUP" +The operation did not complete because an application callback set by +\&\fISSL_CTX_set_client_cert_cb()\fR has asked to be called again. +A call to \fISSL_get_error\fR\|(3) should return +\&\s-1SSL_ERROR_WANT_X509_LOOKUP\s0. +.IP "\s-1SSL_ASYNC_PAUSED\s0" 4 +.IX Item "SSL_ASYNC_PAUSED" +An asynchronous operation partially completed and was then paused. See +\&\fISSL_get_all_async_fds\fR\|(3). A call to \fISSL_get_error\fR\|(3) should return +\&\s-1SSL_ERROR_WANT_ASYNC\s0. +.IP "\s-1SSL_ASYNC_NO_JOBS\s0" 4 +.IX Item "SSL_ASYNC_NO_JOBS" +The asynchronous job could not be started because there were no async jobs +available in the pool (see \fIASYNC_init_thread\fR\|(3)). A call to \fISSL_get_error\fR\|(3) +should return \s-1SSL_ERROR_WANT_ASYNC_JOB\s0. +.IP "\s-1SSL_CLIENT_HELLO_CB\s0" 4 +.IX Item "SSL_CLIENT_HELLO_CB" +The operation did not complete because an application callback set by +\&\fISSL_CTX_set_client_hello_cb()\fR has asked to be called again. +A call to \fISSL_get_error\fR\|(3) should return +\&\s-1SSL_ERROR_WANT_CLIENT_HELLO_CB\s0. +.PP +\&\fISSL_want_nothing()\fR, \fISSL_want_read()\fR, \fISSL_want_write()\fR, \fISSL_want_x509_lookup()\fR, +\&\fISSL_want_async()\fR, \fISSL_want_async_job()\fR, and \fISSL_want_client_hello_cb()\fR return +1, when the corresponding condition is true or 0 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_get_error\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fISSL_want_client_hello_cb()\fR function and the \s-1SSL_CLIENT_HELLO_CB\s0 return value +were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/SSL_write.3 b/linux_amd64/share/man/man3/SSL_write.3 new file mode 100755 index 0000000..df05b06 --- /dev/null +++ b/linux_amd64/share/man/man3/SSL_write.3 @@ -0,0 +1,263 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_WRITE 3" +.TH SSL_WRITE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_write_ex, SSL_write, SSL_sendfile \- write bytes to a TLS/SSL connection +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& ossl_ssize_t SSL_sendfile(SSL *s, int fd, off_t offset, size_t size, int flags); +\& int SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *written); +\& int SSL_write(SSL *ssl, const void *buf, int num); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_write_ex()\fR and \fISSL_write()\fR write \fBnum\fR bytes from the buffer \fBbuf\fR into +the specified \fBssl\fR connection. On success \fISSL_write_ex()\fR will store the number +of bytes written in \fB*written\fR. +.PP +\&\fISSL_sendfile()\fR writes \fBsize\fR bytes from offset \fBoffset\fR in the file +descriptor \fBfd\fR to the specified \s-1SSL\s0 connection \fBs\fR. This function provides +efficient zero-copy semantics. \fISSL_sendfile()\fR is available only when +Kernel \s-1TLS\s0 is enabled, which can be checked by calling \fIBIO_get_ktls_send()\fR. +It is provided here to allow users to maintain the same interface. +The meaning of \fBflags\fR is platform dependent. +Currently, under Linux it is ignored. +.SH "NOTES" +.IX Header "NOTES" +In the paragraphs below a \*(L"write function\*(R" is defined as one of either +\&\fISSL_write_ex()\fR, or \fISSL_write()\fR. +.PP +If necessary, a write function will negotiate a \s-1TLS/SSL\s0 session, if not already +explicitly performed by \fISSL_connect\fR\|(3) or \fISSL_accept\fR\|(3). If the peer +requests a re-negotiation, it will be performed transparently during +the write function operation. The behaviour of the write functions depends on the +underlying \s-1BIO\s0. +.PP +For the transparent negotiation to succeed, the \fBssl\fR must have been +initialized to client or server mode. This is being done by calling +\&\fISSL_set_connect_state\fR\|(3) or \fISSL_set_accept_state()\fR +before the first call to a write function. +.PP +If the underlying \s-1BIO\s0 is \fBblocking\fR, the write functions will only return, once +the write operation has been finished or an error occurred. +.PP +If the underlying \s-1BIO\s0 is \fBnon-blocking\fR the write functions will also return +when the underlying \s-1BIO\s0 could not satisfy the needs of the function to continue +the operation. In this case a call to \fISSL_get_error\fR\|(3) with the +return value of the write function will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR +or \fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. As at any time a re-negotiation is possible, a +call to a write function can also cause read operations! The calling process +then must repeat the call after taking appropriate action to satisfy the needs +of the write function. The action depends on the underlying \s-1BIO\s0. When using a +non-blocking socket, nothing is to be done, but \fIselect()\fR can be used to check +for the required condition. When using a buffering \s-1BIO\s0, like a \s-1BIO\s0 pair, data +must be written into or retrieved out of the \s-1BIO\s0 before being able to continue. +.PP +The write functions will only return with success when the complete contents of +\&\fBbuf\fR of length \fBnum\fR has been written. This default behaviour can be changed +with the \s-1SSL_MODE_ENABLE_PARTIAL_WRITE\s0 option of \fISSL_CTX_set_mode\fR\|(3). When +this flag is set the write functions will also return with success when a +partial write has been successfully completed. In this case the write function +operation is considered completed. The bytes are sent and a new write call with +a new buffer (with the already sent bytes removed) must be started. A partial +write is performed with the size of a message block, which is 16kB. +.SH "WARNINGS" +.IX Header "WARNINGS" +When a write function call has to be repeated because \fISSL_get_error\fR\|(3) +returned \fB\s-1SSL_ERROR_WANT_READ\s0\fR or \fB\s-1SSL_ERROR_WANT_WRITE\s0\fR, it must be repeated +with the same arguments. +The data that was passed might have been partially processed. +When \fB\s-1SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER\s0\fR was set using \fISSL_CTX_set_mode\fR\|(3) +the pointer can be different, but the data and length should still be the same. +.PP +You should not call \fISSL_write()\fR with num=0, it will return an error. +\&\fISSL_write_ex()\fR can be called with num=0, but will not send application data to +the peer. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_write_ex()\fR will return 1 for success or 0 for failure. Success means that +all requested application data bytes have been written to the \s-1SSL\s0 connection or, +if \s-1SSL_MODE_ENABLE_PARTIAL_WRITE\s0 is in use, at least 1 application data byte has +been written to the \s-1SSL\s0 connection. Failure means that not all the requested +bytes have been written yet (if \s-1SSL_MODE_ENABLE_PARTIAL_WRITE\s0 is not in use) or +no bytes could be written to the \s-1SSL\s0 connection (if +\&\s-1SSL_MODE_ENABLE_PARTIAL_WRITE\s0 is in use). Failures can be retryable (e.g. the +network write buffer has temporarily filled up) or non-retryable (e.g. a fatal +network error). In the event of a failure call \fISSL_get_error\fR\|(3) to find out +the reason which indicates whether the call is retryable or not. +.PP +For \fISSL_write()\fR the following return values can occur: +.IP "> 0" 4 +.IX Item "> 0" +The write operation was successful, the return value is the number of +bytes actually written to the \s-1TLS/SSL\s0 connection. +.IP "<= 0" 4 +.IX Item "<= 0" +The write operation was not successful, because either the connection was +closed, an error occurred or action must be taken by the calling process. +Call \fISSL_get_error()\fR with the return value \fBret\fR to find out the reason. +.Sp +Old documentation indicated a difference between 0 and \-1, and that \-1 was +retryable. +You should instead call \fISSL_get_error()\fR to find out if it's retryable. +.PP +For \fISSL_sendfile()\fR, the following return values can occur: +.IP ">= 0" 4 +.IX Item ">= 0" +The write operation was successful, the return value is the number +of bytes of the file written to the \s-1TLS/SSL\s0 connection. +.IP "< 0" 4 +.IX Item "< 0" +The write operation was not successful, because either the connection was +closed, an error occurred or action must be taken by the calling process. +Call \fISSL_get_error()\fR with the return value to find out the reason. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fISSL_get_error\fR\|(3), \fISSL_read_ex\fR\|(3), \fISSL_read\fR\|(3) +\&\fISSL_CTX_set_mode\fR\|(3), \fISSL_CTX_new\fR\|(3), +\&\fISSL_connect\fR\|(3), \fISSL_accept\fR\|(3) +\&\fISSL_set_connect_state\fR\|(3), \fIBIO_ctrl\fR\|(3), +\&\fIssl\fR\|(7), \fIbio\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \fISSL_write_ex()\fR function was added in OpenSSL 1.1.1. +The \fISSL_sendfile()\fR function was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/TS_VERIFY_CTX_set_certs.3 b/linux_amd64/share/man/man3/TS_VERIFY_CTX_set_certs.3 new file mode 100755 index 0000000..8b0a7bc --- /dev/null +++ b/linux_amd64/share/man/man3/TS_VERIFY_CTX_set_certs.3 @@ -0,0 +1,180 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "TS_VERIFY_CTX_SET_CERTS 3" +.TH TS_VERIFY_CTX_SET_CERTS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +TS_VERIFY_CTX_set_certs, TS_VERIFY_CTS_set_certs +\&\- set certificates for TS response verification +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& STACK_OF(X509) *TS_VERIFY_CTX_set_certs(TS_VERIFY_CTX *ctx, +\& STACK_OF(X509) *certs); +\& STACK_OF(X509) *TS_VERIFY_CTS_set_certs(TS_VERIFY_CTX *ctx, +\& STACK_OF(X509) *certs); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The Time-Stamp Protocol (\s-1TSP\s0) is defined by \s-1RFC\s0 3161. \s-1TSP\s0 is a protocol used to +provide long term proof of the existence of a certain datum before a particular +time. \s-1TSP\s0 defines a Time Stamping Authority (\s-1TSA\s0) and an entity who shall make +requests to the \s-1TSA\s0. Usually the \s-1TSA\s0 is denoted as the server side and the +requesting entity is denoted as the client. +.PP +In \s-1TSP\s0, when a server is sending a response to a client, the server normally +needs to sign the response data \- the TimeStampToken (\s-1TST\s0) \- with its private +key. Then the client shall verify the received \s-1TST\s0 by the server's certificate +chain. +.PP +\&\fITS_VERIFY_CTX_set_certs()\fR is used to set the server's certificate chain when +verifying a \s-1TST\s0. \fBctx\fR is the verification context created in advance and +\&\fBcerts\fR is a stack of \fBX509\fR certificates. +.PP +\&\fITS_VERIFY_CTS_set_certs()\fR is a misspelled version of \fITS_VERIFY_CTX_set_certs()\fR +which takes the same parameters and returns the same result. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fITS_VERIFY_CTX_set_certs()\fR returns the stack of \fBX509\fR certificates the user +passes in via parameter \fBcerts\fR. +.SH "HISTORY" +.IX Header "HISTORY" +The spelling of \fITS_VERIFY_CTX_set_certs()\fR was corrected in OpenSSL 3.0.0. +The misspelled version \fITS_VERIFY_CTS_set_certs()\fR has been retained for +compatibility reasons, but it is deprecated in OpenSSL 3.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/UI_STRING.3 b/linux_amd64/share/man/man3/UI_STRING.3 new file mode 100755 index 0000000..2b1e696 --- /dev/null +++ b/linux_amd64/share/man/man3/UI_STRING.3 @@ -0,0 +1,270 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "UI_STRING 3" +.TH UI_STRING 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +UI_STRING, UI_string_types, UI_get_string_type, +UI_get_input_flags, UI_get0_output_string, +UI_get0_action_string, UI_get0_result_string, UI_get_result_string_length, +UI_get0_test_string, UI_get_result_minsize, +UI_get_result_maxsize, UI_set_result, UI_set_result_ex +\&\- User interface string parsing +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct ui_string_st UI_STRING; +\& +\& enum UI_string_types { +\& UIT_NONE = 0, +\& UIT_PROMPT, /* Prompt for a string */ +\& UIT_VERIFY, /* Prompt for a string and verify */ +\& UIT_BOOLEAN, /* Prompt for a yes/no response */ +\& UIT_INFO, /* Send info to the user */ +\& UIT_ERROR /* Send an error message to the user */ +\& }; +\& +\& enum UI_string_types UI_get_string_type(UI_STRING *uis); +\& int UI_get_input_flags(UI_STRING *uis); +\& const char *UI_get0_output_string(UI_STRING *uis); +\& const char *UI_get0_action_string(UI_STRING *uis); +\& const char *UI_get0_result_string(UI_STRING *uis); +\& int UI_get_result_string_length(UI_STRING *uis); +\& const char *UI_get0_test_string(UI_STRING *uis); +\& int UI_get_result_minsize(UI_STRING *uis); +\& int UI_get_result_maxsize(UI_STRING *uis); +\& int UI_set_result(UI *ui, UI_STRING *uis, const char *result); +\& int UI_set_result_ex(UI *ui, UI_STRING *uis, const char *result, int len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1UI_STRING\s0\fR gets created internally and added to a \fB\s-1UI\s0\fR whenever +one of the functions \fIUI_add_input_string()\fR, \fIUI_dup_input_string()\fR, +\&\fIUI_add_verify_string()\fR, \fIUI_dup_verify_string()\fR, +\&\fIUI_add_input_boolean()\fR, \fIUI_dup_input_boolean()\fR, \fIUI_add_info_string()\fR, +\&\fIUI_dup_info_string()\fR, \fIUI_add_error_string()\fR or \fIUI_dup_error_string()\fR +is called. +For a \fB\s-1UI_METHOD\s0\fR user, there's no need to know more. +For a \fB\s-1UI_METHOD\s0\fR creator, it is of interest to fetch text from these +\&\fB\s-1UI_STRING\s0\fR objects as well as adding results to some of them. +.PP +\&\fIUI_get_string_type()\fR is used to retrieve the type of the given +\&\fB\s-1UI_STRING\s0\fR. +.PP +\&\fIUI_get_input_flags()\fR is used to retrieve the flags associated with the +given \fB\s-1UI_STRING\s0\fR. +.PP +\&\fIUI_get0_output_string()\fR is used to retrieve the actual string to +output (prompt, info, error, ...). +.PP +\&\fIUI_get0_action_string()\fR is used to retrieve the action description +associated with a \fB\s-1UIT_BOOLEAN\s0\fR type \fB\s-1UI_STRING\s0\fR. +For all other \fB\s-1UI_STRING\s0\fR types, \s-1NULL\s0 is returned. +See \fIUI_add_input_boolean\fR\|(3). +.PP +\&\fIUI_get0_result_string()\fR and \fIUI_get_result_string_length()\fR are used to +retrieve the result of a prompt and its length. +This is only useful for \fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type strings. +For all other \fB\s-1UI_STRING\s0\fR types, \fIUI_get0_result_string()\fR returns \s-1NULL\s0 +and \fIUI_get_result_string_length()\fR returns \-1. +.PP +\&\fIUI_get0_test_string()\fR is used to retrieve the string to compare the +prompt result with. +This is only useful for \fB\s-1UIT_VERIFY\s0\fR type strings. +For all other \fB\s-1UI_STRING\s0\fR types, \s-1NULL\s0 is returned. +.PP +\&\fIUI_get_result_minsize()\fR and \fIUI_get_result_maxsize()\fR are used to +retrieve the minimum and maximum required size of the result. +This is only useful for \fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type strings. +For all other \fB\s-1UI_STRING\s0\fR types, \-1 is returned. +.PP +\&\fIUI_set_result_ex()\fR is used to set the result value of a prompt and its length. +For \fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type \s-1UI\s0 strings, this sets the +result retrievable with \fIUI_get0_result_string()\fR by copying the +contents of \fBresult\fR if its length fits the minimum and maximum size +requirements. +For \fB\s-1UIT_BOOLEAN\s0\fR type \s-1UI\s0 strings, this sets the first character of +the result retrievable with \fIUI_get0_result_string()\fR to the first +\&\fBok_char\fR given with \fIUI_add_input_boolean()\fR or \fIUI_dup_input_boolean()\fR +if the \fBresult\fR matched any of them, or the first of the +\&\fBcancel_chars\fR if the \fBresult\fR matched any of them, otherwise it's +set to the \s-1NUL\s0 char \f(CW\*(C`\e0\*(C'\fR. +See \fIUI_add_input_boolean\fR\|(3) for more information on \fBok_chars\fR and +\&\fBcancel_chars\fR. +.PP +\&\fIUI_set_result()\fR does the same thing as \fIUI_set_result_ex()\fR, but calculates +its length internally. +It expects the string to be terminated with a \s-1NUL\s0 byte, and is therefore +only useful with normal C strings. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIUI_get_string_type()\fR returns the \s-1UI\s0 string type. +.PP +\&\fIUI_get_input_flags()\fR returns the \s-1UI\s0 string flags. +.PP +\&\fIUI_get0_output_string()\fR returns the \s-1UI\s0 string output string. +.PP +\&\fIUI_get0_action_string()\fR returns the \s-1UI\s0 string action description +string for \fB\s-1UIT_BOOLEAN\s0\fR type \s-1UI\s0 strings, \s-1NULL\s0 for any other type. +.PP +\&\fIUI_get0_result_string()\fR returns the \s-1UI\s0 string result buffer for +\&\fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type \s-1UI\s0 strings, \s-1NULL\s0 for any other +type. +.PP +\&\fIUI_get_result_string_length()\fR returns the \s-1UI\s0 string result buffer's +content length for \fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type \s-1UI\s0 strings, +\&\-1 for any other type. +.PP +\&\fIUI_get0_test_string()\fR returns the \s-1UI\s0 string action description +string for \fB\s-1UIT_VERIFY\s0\fR type \s-1UI\s0 strings, \s-1NULL\s0 for any other type. +.PP +\&\fIUI_get_result_minsize()\fR returns the minimum allowed result size for +the \s-1UI\s0 string for \fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type strings, +\&\-1 for any other type. +.PP +\&\fIUI_get_result_maxsize()\fR returns the minimum allowed result size for +the \s-1UI\s0 string for \fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type strings, +\&\-1 for any other type. +.PP +\&\fIUI_set_result()\fR returns 0 on success or when the \s-1UI\s0 string is of any +type other than \fB\s-1UIT_PROMPT\s0\fR, \fB\s-1UIT_VERIFY\s0\fR or \fB\s-1UIT_BOOLEAN\s0\fR, \-1 on +error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fIUI\s0\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/UI_UTIL_read_pw.3 b/linux_amd64/share/man/man3/UI_UTIL_read_pw.3 new file mode 100755 index 0000000..cdd03ac --- /dev/null +++ b/linux_amd64/share/man/man3/UI_UTIL_read_pw.3 @@ -0,0 +1,194 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "UI_UTIL_READ_PW 3" +.TH UI_UTIL_READ_PW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +UI_UTIL_read_pw_string, UI_UTIL_read_pw, +UI_UTIL_wrap_read_pem_callback \- user interface utilities +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt, +\& int verify); +\& int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt, +\& int verify); +\& UI_METHOD *UI_UTIL_wrap_read_pem_callback(pem_password_cb *cb, int rwflag); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIUI_UTIL_read_pw_string()\fR asks for a passphrase, using \fBprompt\fR as a +prompt, and stores it in \fBbuf\fR. +The maximum allowed size is given with \fBlength\fR, including the +terminating \s-1NUL\s0 byte. +If \fBverify\fR is nonzero, the password will be verified as well. +.PP +\&\fIUI_UTIL_read_pw()\fR does the same as \fIUI_UTIL_read_pw_string()\fR, the +difference is that you can give it an external buffer \fBbuff\fR for the +verification passphrase. +.PP +\&\fIUI_UTIL_wrap_read_pem_callback()\fR can be used to create a temporary +\&\fB\s-1UI_METHOD\s0\fR that wraps a given \s-1PEM\s0 password callback \fBcb\fR. +\&\fBrwflag\fR is used to specify if this method will be used for +passphrase entry without (0) or with (1) verification. +When not used any more, the returned method should be freed with +\&\fIUI_destroy_method()\fR. +.SH "NOTES" +.IX Header "NOTES" +\&\fIUI_UTIL_read_pw_string()\fR and \fIUI_UTIL_read_pw()\fR use default +\&\fB\s-1UI_METHOD\s0\fR. +See \fIUI_get_default_method\fR\|(3) and friends for more information. +.PP +The result from the \fB\s-1UI_METHOD\s0\fR created by +\&\fIUI_UTIL_wrap_read_pem_callback()\fR will generate password strings in the +encoding that the given password callback generates. +The default password prompting functions (apart from +\&\fIUI_UTIL_read_pw_string()\fR and \fIUI_UTIL_read_pw()\fR, there is +\&\fIPEM_def_callback()\fR, \fIEVP_read_pw_string()\fR and \fIEVP_read_pw_string_min()\fR) +all use the default \fB\s-1UI_METHOD\s0\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIUI_UTIL_read_pw_string()\fR and \fIUI_UTIL_read_pw()\fR return 0 on success or a negative +value on error. +.PP +\&\fIUI_UTIL_wrap_read_pem_callback()\fR returns a valid \fB\s-1UI_METHOD\s0\fR structure or \s-1NULL\s0 +if an error occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIUI_get_default_method\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/UI_create_method.3 b/linux_amd64/share/man/man3/UI_create_method.3 new file mode 100755 index 0000000..58a7310 --- /dev/null +++ b/linux_amd64/share/man/man3/UI_create_method.3 @@ -0,0 +1,319 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "UI_CREATE_METHOD 3" +.TH UI_CREATE_METHOD 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +UI_METHOD, +UI_create_method, UI_destroy_method, UI_method_set_opener, +UI_method_set_writer, UI_method_set_flusher, UI_method_set_reader, +UI_method_set_closer, UI_method_set_data_duplicator, +UI_method_set_prompt_constructor, UI_method_set_ex_data, +UI_method_get_opener, UI_method_get_writer, UI_method_get_flusher, +UI_method_get_reader, UI_method_get_closer, +UI_method_get_data_duplicator, UI_method_get_data_destructor, +UI_method_get_prompt_constructor, UI_method_get_ex_data \- user +interface method creation and destruction +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct ui_method_st UI_METHOD; +\& +\& UI_METHOD *UI_create_method(const char *name); +\& void UI_destroy_method(UI_METHOD *ui_method); +\& int UI_method_set_opener(UI_METHOD *method, int (*opener) (UI *ui)); +\& int UI_method_set_writer(UI_METHOD *method, +\& int (*writer) (UI *ui, UI_STRING *uis)); +\& int UI_method_set_flusher(UI_METHOD *method, int (*flusher) (UI *ui)); +\& int UI_method_set_reader(UI_METHOD *method, +\& int (*reader) (UI *ui, UI_STRING *uis)); +\& int UI_method_set_closer(UI_METHOD *method, int (*closer) (UI *ui)); +\& int UI_method_set_data_duplicator(UI_METHOD *method, +\& void *(*duplicator) (UI *ui, void *ui_data), +\& void (*destructor)(UI *ui, void *ui_data)); +\& int UI_method_set_prompt_constructor(UI_METHOD *method, +\& char *(*prompt_constructor) (UI *ui, +\& const char +\& *object_desc, +\& const char +\& *object_name)); +\& int UI_method_set_ex_data(UI_METHOD *method, int idx, void *data); +\& int (*UI_method_get_opener(const UI_METHOD *method)) (UI *); +\& int (*UI_method_get_writer(const UI_METHOD *method)) (UI *, UI_STRING *); +\& int (*UI_method_get_flusher(const UI_METHOD *method)) (UI *); +\& int (*UI_method_get_reader(const UI_METHOD *method)) (UI *, UI_STRING *); +\& int (*UI_method_get_closer(const UI_METHOD *method)) (UI *); +\& char *(*UI_method_get_prompt_constructor(const UI_METHOD *method)) +\& (UI *, const char *, const char *); +\& void *(*UI_method_get_data_duplicator(const UI_METHOD *method)) (UI *, void *); +\& void (*UI_method_get_data_destructor(const UI_METHOD *method)) (UI *, void *); +\& const void *UI_method_get_ex_data(const UI_METHOD *method, int idx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A method contains a few functions that implement the low level of the +User Interface. +These functions are: +.IP "an opener" 4 +.IX Item "an opener" +This function takes a reference to a \s-1UI\s0 and starts a session, for +example by opening a channel to a tty, or by creating a dialog box. +.IP "a writer" 4 +.IX Item "a writer" +This function takes a reference to a \s-1UI\s0 and a \s-1UI\s0 String, and writes +the string where appropriate, maybe to the tty, maybe added as a field +label in a dialog box. +Note that this gets fed all strings associated with a \s-1UI\s0, one after +the other, so care must be taken which ones it actually uses. +.IP "a flusher" 4 +.IX Item "a flusher" +This function takes a reference to a \s-1UI\s0, and flushes everything that +has been output so far. +For example, if the method builds up a dialog box, this can be used to +actually display it and accepting input ended with a pressed button. +.IP "a reader" 4 +.IX Item "a reader" +This function takes a reference to a \s-1UI\s0 and a \s-1UI\s0 string and reads off +the given prompt, maybe from the tty, maybe from a field in a dialog +box. +Note that this gets fed all strings associated with a \s-1UI\s0, one after +the other, so care must be taken which ones it actually uses. +.IP "a closer" 4 +.IX Item "a closer" +This function takes a reference to a \s-1UI\s0, and closes the session, maybe +by closing the channel to the tty, maybe by destroying a dialog box. +.PP +All of these functions are expected to return 0 on error, 1 on +success, or \-1 on out-off-band events, for example if some prompting +has been cancelled (by pressing Ctrl-C, for example). +Only the flusher or the reader are expected to return \-1. +If returned by another of the functions, it's treated as if 0 was +returned. +.PP +Regarding the writer and the reader, don't assume the former should +only write and don't assume the latter should only read. +This depends on the needs of the method. +.PP +For example, a typical tty reader wouldn't write the prompts in the +write, but would rather do so in the reader, because of the sequential +nature of prompting on a tty. +This is how the \fIUI_OpenSSL()\fR method does it. +.PP +In contrast, a method that builds up a dialog box would add all prompt +text in the writer, have all input read in the flusher and store the +results in some temporary buffer, and finally have the reader just +fetch those results. +.PP +The central function that uses these method functions is \fIUI_process()\fR, +and it does it in five steps: +.IP "1." 4 +Open the session using the opener function if that one's defined. +If an error occurs, jump to 5. +.IP "2." 4 +For every \s-1UI\s0 String associated with the \s-1UI\s0, call the writer function +if that one's defined. +If an error occurs, jump to 5. +.IP "3." 4 +Flush everything using the flusher function if that one's defined. +If an error occurs, jump to 5. +.IP "4." 4 +For every \s-1UI\s0 String associated with the \s-1UI\s0, call the reader function +if that one's defined. +If an error occurs, jump to 5. +.IP "5." 4 +Close the session using the closer function if that one's defined. +.PP +\&\fIUI_create_method()\fR creates a new \s-1UI\s0 method with a given \fBname\fR. +.PP +\&\fIUI_destroy_method()\fR destroys the given \s-1UI\s0 method \fBui_method\fR. +.PP +\&\fIUI_method_set_opener()\fR, \fIUI_method_set_writer()\fR, +\&\fIUI_method_set_flusher()\fR, \fIUI_method_set_reader()\fR and +\&\fIUI_method_set_closer()\fR set the five main method function to the given +function pointer. +.PP +\&\fIUI_method_set_data_duplicator()\fR sets the user data duplicator and destructor. +See \fIUI_dup_user_data\fR\|(3). +.PP +\&\fIUI_method_set_prompt_constructor()\fR sets the prompt constructor. +See \fIUI_construct_prompt\fR\|(3). +.PP +\&\fIUI_method_set_ex_data()\fR sets application specific data with a given +\&\s-1EX_DATA\s0 index. +See \fICRYPTO_get_ex_new_index\fR\|(3) for general information on how to +get that index. +.PP +\&\fIUI_method_get_opener()\fR, \fIUI_method_get_writer()\fR, +\&\fIUI_method_get_flusher()\fR, \fIUI_method_get_reader()\fR, +\&\fIUI_method_get_closer()\fR, \fIUI_method_get_data_duplicator()\fR, +\&\fIUI_method_get_data_destructor()\fR and \fIUI_method_get_prompt_constructor()\fR +return the different method functions. +.PP +\&\fIUI_method_get_ex_data()\fR returns the application data previously stored +with \fIUI_method_set_ex_data()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIUI_create_method()\fR returns a \s-1UI_METHOD\s0 pointer on success, \s-1NULL\s0 on +error. +.PP +\&\fIUI_method_set_opener()\fR, \fIUI_method_set_writer()\fR, +\&\fIUI_method_set_flusher()\fR, \fIUI_method_set_reader()\fR, +\&\fIUI_method_set_closer()\fR, \fIUI_method_set_data_duplicator()\fR and +\&\fIUI_method_set_prompt_constructor()\fR +return 0 on success, \-1 if the given \fBmethod\fR is \s-1NULL\s0. +.PP +\&\fIUI_method_set_ex_data()\fR returns 1 on success and 0 on error (because +\&\fICRYPTO_set_ex_data()\fR does so). +.PP +\&\fIUI_method_get_opener()\fR, \fIUI_method_get_writer()\fR, +\&\fIUI_method_get_flusher()\fR, \fIUI_method_get_reader()\fR, +\&\fIUI_method_get_closer()\fR, \fIUI_method_get_data_duplicator()\fR, +\&\fIUI_method_get_data_destructor()\fR and \fIUI_method_get_prompt_constructor()\fR +return the requested function pointer if it's set in the method, +otherwise \s-1NULL\s0. +.PP +\&\fIUI_method_get_ex_data()\fR returns a pointer to the application specific +data associated with the method. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fIUI\s0\fR\|(3), \fICRYPTO_get_ex_data\fR\|(3), \s-1\fIUI_STRING\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fIUI_method_set_data_duplicator()\fR, \fIUI_method_get_data_duplicator()\fR +and \fIUI_method_get_data_destructor()\fR functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/UI_new.3 b/linux_amd64/share/man/man3/UI_new.3 new file mode 100755 index 0000000..fd7d1c6 --- /dev/null +++ b/linux_amd64/share/man/man3/UI_new.3 @@ -0,0 +1,375 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "UI_NEW 3" +.TH UI_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +UI, +UI_new, UI_new_method, UI_free, UI_add_input_string, UI_dup_input_string, +UI_add_verify_string, UI_dup_verify_string, UI_add_input_boolean, +UI_dup_input_boolean, UI_add_info_string, UI_dup_info_string, +UI_add_error_string, UI_dup_error_string, UI_construct_prompt, +UI_add_user_data, UI_dup_user_data, UI_get0_user_data, UI_get0_result, +UI_get_result_length, +UI_process, UI_ctrl, UI_set_default_method, UI_get_default_method, +UI_get_method, UI_set_method, UI_OpenSSL, UI_null \- user interface +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct ui_st UI; +\& +\& UI *UI_new(void); +\& UI *UI_new_method(const UI_METHOD *method); +\& void UI_free(UI *ui); +\& +\& int UI_add_input_string(UI *ui, const char *prompt, int flags, +\& char *result_buf, int minsize, int maxsize); +\& int UI_dup_input_string(UI *ui, const char *prompt, int flags, +\& char *result_buf, int minsize, int maxsize); +\& int UI_add_verify_string(UI *ui, const char *prompt, int flags, +\& char *result_buf, int minsize, int maxsize, +\& const char *test_buf); +\& int UI_dup_verify_string(UI *ui, const char *prompt, int flags, +\& char *result_buf, int minsize, int maxsize, +\& const char *test_buf); +\& int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc, +\& const char *ok_chars, const char *cancel_chars, +\& int flags, char *result_buf); +\& int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc, +\& const char *ok_chars, const char *cancel_chars, +\& int flags, char *result_buf); +\& int UI_add_info_string(UI *ui, const char *text); +\& int UI_dup_info_string(UI *ui, const char *text); +\& int UI_add_error_string(UI *ui, const char *text); +\& int UI_dup_error_string(UI *ui, const char *text); +\& +\& char *UI_construct_prompt(UI *ui_method, +\& const char *object_desc, const char *object_name); +\& +\& void *UI_add_user_data(UI *ui, void *user_data); +\& int UI_dup_user_data(UI *ui, void *user_data); +\& void *UI_get0_user_data(UI *ui); +\& +\& const char *UI_get0_result(UI *ui, int i); +\& int UI_get_result_length(UI *ui, int i); +\& +\& int UI_process(UI *ui); +\& +\& int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)()); +\& +\& void UI_set_default_method(const UI_METHOD *meth); +\& const UI_METHOD *UI_get_default_method(void); +\& const UI_METHOD *UI_get_method(UI *ui); +\& const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth); +\& +\& UI_METHOD *UI_OpenSSL(void); +\& const UI_METHOD *UI_null(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1UI\s0 stands for User Interface, and is general purpose set of routines to +prompt the user for text-based information. Through user-written methods +(see \fIUI_create_method\fR\|(3)), prompting can be done in any way +imaginable, be it plain text prompting, through dialog boxes or from a +cell phone. +.PP +All the functions work through a context of the type \s-1UI\s0. This context +contains all the information needed to prompt correctly as well as a +reference to a \s-1UI_METHOD\s0, which is an ordered vector of functions that +carry out the actual prompting. +.PP +The first thing to do is to create a \s-1UI\s0 with \fIUI_new()\fR or \fIUI_new_method()\fR, +then add information to it with the UI_add or UI_dup functions. Also, +user-defined random data can be passed down to the underlying method +through calls to \fIUI_add_user_data()\fR or \fIUI_dup_user_data()\fR. The default +\&\s-1UI\s0 method doesn't care about these data, but other methods might. Finally, +use \fIUI_process()\fR to actually perform the prompting and \fIUI_get0_result()\fR +and \fIUI_get_result_length()\fR to find the result to the prompt and its length. +.PP +A \s-1UI\s0 can contain more than one prompt, which are performed in the given +sequence. Each prompt gets an index number which is returned by the +UI_add and UI_dup functions, and has to be used to get the corresponding +result with \fIUI_get0_result()\fR and \fIUI_get_result_length()\fR. +.PP +\&\fIUI_process()\fR can be called more than once on the same \s-1UI\s0, thereby allowing +a \s-1UI\s0 to have a long lifetime, but can just as well have a short lifetime. +.PP +The functions are as follows: +.PP +\&\fIUI_new()\fR creates a new \s-1UI\s0 using the default \s-1UI\s0 method. When done with +this \s-1UI\s0, it should be freed using \fIUI_free()\fR. +.PP +\&\fIUI_new_method()\fR creates a new \s-1UI\s0 using the given \s-1UI\s0 method. When done with +this \s-1UI\s0, it should be freed using \fIUI_free()\fR. +.PP +\&\fIUI_OpenSSL()\fR returns the built-in \s-1UI\s0 method (note: not necessarily the +default one, since the default can be changed. See further on). This +method is the most machine/OS dependent part of OpenSSL and normally +generates the most problems when porting. +.PP +\&\fIUI_null()\fR returns a \s-1UI\s0 method that does nothing. Its use is to avoid +getting internal defaults for passed \s-1UI_METHOD\s0 pointers. +.PP +\&\fIUI_free()\fR removes a \s-1UI\s0 from memory, along with all other pieces of memory +that's connected to it, like duplicated input strings, results and others. +If \fBui\fR is \s-1NULL\s0 nothing is done. +.PP +\&\fIUI_add_input_string()\fR and \fIUI_add_verify_string()\fR add a prompt to the \s-1UI\s0, +as well as flags and a result buffer and the desired minimum and maximum +sizes of the result, not counting the final \s-1NUL\s0 character. The given +information is used to prompt for information, for example a password, +and to verify a password (i.e. having the user enter it twice and check +that the same string was entered twice). \fIUI_add_verify_string()\fR takes +and extra argument that should be a pointer to the result buffer of the +input string that it's supposed to verify, or verification will fail. +.PP +\&\fIUI_add_input_boolean()\fR adds a prompt to the \s-1UI\s0 that's supposed to be answered +in a boolean way, with a single character for yes and a different character +for no. A set of characters that can be used to cancel the prompt is given +as well. The prompt itself is divided in two, one part being the +descriptive text (given through the \fIprompt\fR argument) and one describing +the possible answers (given through the \fIaction_desc\fR argument). +.PP +\&\fIUI_add_info_string()\fR and \fIUI_add_error_string()\fR add strings that are shown at +the same time as the prompt for extra information or to show an error string. +The difference between the two is only conceptual. With the built-in method, +there's no technical difference between them. Other methods may make a +difference between them, however. +.PP +The flags currently supported are \fB\s-1UI_INPUT_FLAG_ECHO\s0\fR, which is relevant for +\&\fIUI_add_input_string()\fR and will have the users response be echoed (when +prompting for a password, this flag should obviously not be used, and +\&\fB\s-1UI_INPUT_FLAG_DEFAULT_PWD\s0\fR, which means that a default password of some +sort will be used (completely depending on the application and the \s-1UI\s0 +method). +.PP +\&\fIUI_dup_input_string()\fR, \fIUI_dup_verify_string()\fR, \fIUI_dup_input_boolean()\fR, +\&\fIUI_dup_info_string()\fR and \fIUI_dup_error_string()\fR are basically the same +as their UI_add counterparts, except that they make their own copies +of all strings. +.PP +\&\fIUI_construct_prompt()\fR is a helper function that can be used to create +a prompt from two pieces of information: an description and a name. +The default constructor (if there is none provided by the method used) +creates a string "Enter \fIdescription\fR for \fIname\fR:\*(L". With the +description \*(R"pass phrase\*(L" and the filename \*(R"foo.key\*(L", that becomes +\&\*(R"Enter pass phrase for foo.key:". Other methods may create whatever +string and may include encodings that will be processed by the other +method functions. +.PP +\&\fIUI_add_user_data()\fR adds a user data pointer for the method to use at any +time. The built-in \s-1UI\s0 method doesn't care about this info. Note that several +calls to this function doesn't add data, it replaces the previous blob +with the one given as argument. +.PP +\&\fIUI_dup_user_data()\fR duplicates the user data and works as an alternative +to \fIUI_add_user_data()\fR when the user data needs to be preserved for a longer +duration, perhaps even the lifetime of the application. The \s-1UI\s0 object takes +ownership of this duplicate and will free it whenever it gets replaced or +the \s-1UI\s0 is destroyed. \fIUI_dup_user_data()\fR returns 0 on success, or \-1 on memory +allocation failure or if the method doesn't have a duplicator function. +.PP +\&\fIUI_get0_user_data()\fR retrieves the data that has last been given to the +\&\s-1UI\s0 with \fIUI_add_user_data()\fR or UI_dup_user_data. +.PP +\&\fIUI_get0_result()\fR returns a pointer to the result buffer associated with +the information indexed by \fIi\fR. +.PP +\&\fIUI_get_result_length()\fR returns the length of the result buffer associated with +the information indexed by \fIi\fR. +.PP +\&\fIUI_process()\fR goes through the information given so far, does all the printing +and prompting and returns the final status, which is \-2 on out-of-band events +(Interrupt, Cancel, ...), \-1 on error and 0 on success. +.PP +\&\fIUI_ctrl()\fR adds extra control for the application author. For now, it +understands two commands: \fB\s-1UI_CTRL_PRINT_ERRORS\s0\fR, which makes \fIUI_process()\fR +print the OpenSSL error stack as part of processing the \s-1UI\s0, and +\&\fB\s-1UI_CTRL_IS_REDOABLE\s0\fR, which returns a flag saying if the used \s-1UI\s0 can +be used again or not. +.PP +\&\fIUI_set_default_method()\fR changes the default \s-1UI\s0 method to the one given. +This function is not thread-safe and should not be called at the same time +as other OpenSSL functions. +.PP +\&\fIUI_get_default_method()\fR returns a pointer to the current default \s-1UI\s0 method. +.PP +\&\fIUI_get_method()\fR returns the \s-1UI\s0 method associated with a given \s-1UI\s0. +.PP +\&\fIUI_set_method()\fR changes the \s-1UI\s0 method associated with a given \s-1UI\s0. +.SH "NOTES" +.IX Header "NOTES" +The resulting strings that the built in method \fIUI_OpenSSL()\fR generate +are assumed to be encoded according to the current locale or (for +Windows) code page. +For applications having different demands, these strings need to be +converted appropriately by the caller. +For Windows, if the \fB\s-1OPENSSL_WIN32_UTF8\s0\fR environment variable is set, +the built-in method \fIUI_OpenSSL()\fR will produce \s-1UTF\-8\s0 encoded strings +instead. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIUI_new()\fR and \fIUI_new_method()\fR return a valid \fB\s-1UI\s0\fR structure or \s-1NULL\s0 if an error +occurred. +.PP +\&\fIUI_add_input_string()\fR, \fIUI_dup_input_string()\fR, \fIUI_add_verify_string()\fR, +\&\fIUI_dup_verify_string()\fR, \fIUI_add_input_boolean()\fR, \fIUI_dup_input_boolean()\fR, +\&\fIUI_add_info_string()\fR, \fIUI_dup_info_string()\fR, \fIUI_add_error_string()\fR +and \fIUI_dup_error_string()\fR return a positive number on success or a value which +is less than or equal to 0 otherwise. +.PP +\&\fIUI_construct_prompt()\fR returns a string or \s-1NULL\s0 if an error occurred. +.PP +\&\fIUI_dup_user_data()\fR returns 0 on success or \-1 on error. +.PP +\&\fIUI_get0_result()\fR returns a string or \s-1NULL\s0 on error. +.PP +\&\fIUI_get_result_length()\fR returns a positive integer or 0 on success; otherwise it +returns \-1 on error. +.PP +\&\fIUI_process()\fR returns 0 on success or a negative value on error. +.PP +\&\fIUI_ctrl()\fR returns a mask on success or \-1 on error. +.PP +\&\fIUI_get_default_method()\fR, \fIUI_get_method()\fR, \fIUI_OpenSSL()\fR, \fIUI_null()\fR and +\&\fIUI_set_method()\fR return either a valid \fB\s-1UI_METHOD\s0\fR structure or \s-1NULL\s0 +respectively. +.SH "HISTORY" +.IX Header "HISTORY" +The \fIUI_dup_user_data()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/X509V3_get_d2i.3 b/linux_amd64/share/man/man3/X509V3_get_d2i.3 new file mode 100755 index 0000000..e785ad0 --- /dev/null +++ b/linux_amd64/share/man/man3/X509V3_get_d2i.3 @@ -0,0 +1,370 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509V3_GET_D2I 3" +.TH X509V3_GET_D2I 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_get0_extensions, X509_CRL_get0_extensions, X509_REVOKED_get0_extensions, +X509V3_get_d2i, X509V3_add1_i2d, X509V3_EXT_d2i, X509V3_EXT_i2d, +X509_get_ext_d2i, X509_add1_ext_i2d, X509_CRL_get_ext_d2i, +X509_CRL_add1_ext_i2d, X509_REVOKED_get_ext_d2i, +X509_REVOKED_add1_ext_i2d \- X509 extension decode and encode functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit, +\& int *idx); +\& int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, +\& int crit, unsigned long flags); +\& +\& void *X509V3_EXT_d2i(X509_EXTENSION *ext); +\& X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext); +\& +\& void *X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx); +\& int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, +\& unsigned long flags); +\& +\& void *X509_CRL_get_ext_d2i(const X509_CRL *crl, int nid, int *crit, int *idx); +\& int X509_CRL_add1_ext_i2d(X509_CRL *crl, int nid, void *value, int crit, +\& unsigned long flags); +\& +\& void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *r, int nid, int *crit, int *idx); +\& int X509_REVOKED_add1_ext_i2d(X509_REVOKED *r, int nid, void *value, int crit, +\& unsigned long flags); +\& +\& const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x); +\& const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(const X509_CRL *crl); +\& const STACK_OF(X509_EXTENSION) *X509_REVOKED_get0_extensions(const X509_REVOKED *r); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIX509V3_get_ext_d2i()\fR looks for an extension with \s-1OID\s0 \fBnid\fR in the extensions +\&\fBx\fR and, if found, decodes it. If \fBidx\fR is \fB\s-1NULL\s0\fR then only one +occurrence of an extension is permissible otherwise the first extension after +index \fB*idx\fR is returned and \fB*idx\fR updated to the location of the extension. +If \fBcrit\fR is not \fB\s-1NULL\s0\fR then \fB*crit\fR is set to a status value: \-2 if the +extension occurs multiple times (this is only returned if \fBidx\fR is \fB\s-1NULL\s0\fR), +\&\-1 if the extension could not be found, 0 if the extension is found and is +not critical and 1 if critical. A pointer to an extension specific structure +or \fB\s-1NULL\s0\fR is returned. +.PP +\&\fIX509V3_add1_i2d()\fR adds extension \fBvalue\fR to \s-1STACK\s0 \fB*x\fR (allocating a new +\&\s-1STACK\s0 if necessary) using \s-1OID\s0 \fBnid\fR and criticality \fBcrit\fR according +to \fBflags\fR. +.PP +\&\fIX509V3_EXT_d2i()\fR attempts to decode the \s-1ASN\s0.1 data contained in extension +\&\fBext\fR and returns a pointer to an extension specific structure or \fB\s-1NULL\s0\fR +if the extension could not be decoded (invalid syntax or not supported). +.PP +\&\fIX509V3_EXT_i2d()\fR encodes the extension specific structure \fBext\fR +with \s-1OID\s0 \fBext_nid\fR and criticality \fBcrit\fR. +.PP +\&\fIX509_get_ext_d2i()\fR and \fIX509_add1_ext_i2d()\fR operate on the extensions of +certificate \fBx\fR, they are otherwise identical to \fIX509V3_get_d2i()\fR and +\&\fIX509V3_add_i2d()\fR. +.PP +\&\fIX509_CRL_get_ext_d2i()\fR and \fIX509_CRL_add1_ext_i2d()\fR operate on the extensions +of \s-1CRL\s0 \fBcrl\fR, they are otherwise identical to \fIX509V3_get_d2i()\fR and +\&\fIX509V3_add_i2d()\fR. +.PP +\&\fIX509_REVOKED_get_ext_d2i()\fR and \fIX509_REVOKED_add1_ext_i2d()\fR operate on the +extensions of \fBX509_REVOKED\fR structure \fBr\fR (i.e for \s-1CRL\s0 entry extensions), +they are otherwise identical to \fIX509V3_get_d2i()\fR and \fIX509V3_add_i2d()\fR. +.PP +\&\fIX509_get0_extensions()\fR, \fIX509_CRL_get0_extensions()\fR and +\&\fIX509_REVOKED_get0_extensions()\fR return a stack of all the extensions +of a certificate a \s-1CRL\s0 or a \s-1CRL\s0 entry respectively. +.SH "NOTES" +.IX Header "NOTES" +In almost all cases an extension can occur at most once and multiple +occurrences is an error. Therefore the \fBidx\fR parameter is usually \fB\s-1NULL\s0\fR. +.PP +The \fBflags\fR parameter may be one of the following values. +.PP +\&\fBX509V3_ADD_DEFAULT\fR appends a new extension only if the extension does +not already exist. An error is returned if the extension does already +exist. +.PP +\&\fBX509V3_ADD_APPEND\fR appends a new extension, ignoring whether the extension +already exists. +.PP +\&\fBX509V3_ADD_REPLACE\fR replaces an extension if it exists otherwise appends +a new extension. +.PP +\&\fBX509V3_ADD_REPLACE_EXISTING\fR replaces an existing extension if it exists +otherwise returns an error. +.PP +\&\fBX509V3_ADD_KEEP_EXISTING\fR appends a new extension only if the extension does +not already exist. An error \fBis not\fR returned if the extension does already +exist. +.PP +\&\fBX509V3_ADD_DELETE\fR extension \fBnid\fR is deleted: no new extension is added. +.PP +If \fBX509V3_ADD_SILENT\fR is ored with \fBflags\fR: any error returned will not +be added to the error queue. +.PP +The function \fIX509V3_get_d2i()\fR will return \fB\s-1NULL\s0\fR if the extension is not +found, occurs multiple times or cannot be decoded. It is possible to +determine the precise reason by checking the value of \fB*crit\fR. +.SH "SUPPORTED EXTENSIONS" +.IX Header "SUPPORTED EXTENSIONS" +The following sections contain a list of all supported extensions +including their name and \s-1NID\s0. +.SS "\s-1PKIX\s0 Certificate Extensions" +.IX Subsection "PKIX Certificate Extensions" +The following certificate extensions are defined in \s-1PKIX\s0 standards such as +\&\s-1RFC5280\s0. +.PP +.Vb 3 +\& Basic Constraints NID_basic_constraints +\& Key Usage NID_key_usage +\& Extended Key Usage NID_ext_key_usage +\& +\& Subject Key Identifier NID_subject_key_identifier +\& Authority Key Identifier NID_authority_key_identifier +\& +\& Private Key Usage Period NID_private_key_usage_period +\& +\& Subject Alternative Name NID_subject_alt_name +\& Issuer Alternative Name NID_issuer_alt_name +\& +\& Authority Information Access NID_info_access +\& Subject Information Access NID_sinfo_access +\& +\& Name Constraints NID_name_constraints +\& +\& Certificate Policies NID_certificate_policies +\& Policy Mappings NID_policy_mappings +\& Policy Constraints NID_policy_constraints +\& Inhibit Any Policy NID_inhibit_any_policy +\& +\& TLS Feature NID_tlsfeature +.Ve +.SS "Netscape Certificate Extensions" +.IX Subsection "Netscape Certificate Extensions" +The following are (largely obsolete) Netscape certificate extensions. +.PP +.Vb 8 +\& Netscape Cert Type NID_netscape_cert_type +\& Netscape Base Url NID_netscape_base_url +\& Netscape Revocation Url NID_netscape_revocation_url +\& Netscape CA Revocation Url NID_netscape_ca_revocation_url +\& Netscape Renewal Url NID_netscape_renewal_url +\& Netscape CA Policy Url NID_netscape_ca_policy_url +\& Netscape SSL Server Name NID_netscape_ssl_server_name +\& Netscape Comment NID_netscape_comment +.Ve +.SS "Miscellaneous Certificate Extensions" +.IX Subsection "Miscellaneous Certificate Extensions" +.Vb 2 +\& Strong Extranet ID NID_sxnet +\& Proxy Certificate Information NID_proxyCertInfo +.Ve +.SS "\s-1PKIX\s0 \s-1CRL\s0 Extensions" +.IX Subsection "PKIX CRL Extensions" +The following are \s-1CRL\s0 extensions from \s-1PKIX\s0 standards such as \s-1RFC5280\s0. +.PP +.Vb 6 +\& CRL Number NID_crl_number +\& CRL Distribution Points NID_crl_distribution_points +\& Delta CRL Indicator NID_delta_crl +\& Freshest CRL NID_freshest_crl +\& Invalidity Date NID_invalidity_date +\& Issuing Distribution Point NID_issuing_distribution_point +.Ve +.PP +The following are \s-1CRL\s0 entry extensions from \s-1PKIX\s0 standards such as \s-1RFC5280\s0. +.PP +.Vb 2 +\& CRL Reason Code NID_crl_reason +\& Certificate Issuer NID_certificate_issuer +.Ve +.SS "\s-1OCSP\s0 Extensions" +.IX Subsection "OCSP Extensions" +.Vb 7 +\& OCSP Nonce NID_id_pkix_OCSP_Nonce +\& OCSP CRL ID NID_id_pkix_OCSP_CrlID +\& Acceptable OCSP Responses NID_id_pkix_OCSP_acceptableResponses +\& OCSP No Check NID_id_pkix_OCSP_noCheck +\& OCSP Archive Cutoff NID_id_pkix_OCSP_archiveCutoff +\& OCSP Service Locator NID_id_pkix_OCSP_serviceLocator +\& Hold Instruction Code NID_hold_instruction_code +.Ve +.SS "Certificate Transparency Extensions" +.IX Subsection "Certificate Transparency Extensions" +The following extensions are used by certificate transparency, \s-1RFC6962\s0 +.PP +.Vb 2 +\& CT Precertificate SCTs NID_ct_precert_scts +\& CT Certificate SCTs NID_ct_cert_scts +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509V3_EXT_d2i()\fR and *\fIX509V3_get_d2i()\fR return a pointer to an extension +specific structure of \fB\s-1NULL\s0\fR if an error occurs. +.PP +\&\fIX509V3_EXT_i2d()\fR returns a pointer to an \fBX509_EXTENSION\fR structure +or \fB\s-1NULL\s0\fR if an error occurs. +.PP +\&\fIX509V3_add1_i2d()\fR returns 1 if the operation is successful and 0 if it +fails due to a non-fatal error (extension not found, already exists, +cannot be encoded) or \-1 due to a fatal error such as a memory allocation +failure. +.PP +\&\fIX509_get0_extensions()\fR, \fIX509_CRL_get0_extensions()\fR and +\&\fIX509_REVOKED_get0_extensions()\fR return a stack of extensions. They return +\&\s-1NULL\s0 if no extensions are present. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fId2i_X509\fR\|(3), +\&\fIERR_get_error\fR\|(3), +\&\fIX509_CRL_get0_by_serial\fR\|(3), +\&\fIX509_get0_signature\fR\|(3), +\&\fIX509_get_ext_d2i\fR\|(3), +\&\fIX509_get_extension_flags\fR\|(3), +\&\fIX509_get_pubkey\fR\|(3), +\&\fIX509_get_subject_name\fR\|(3), +\&\fIX509_get_version\fR\|(3), +\&\fIX509_NAME_add_entry_by_txt\fR\|(3), +\&\fIX509_NAME_ENTRY_get_object\fR\|(3), +\&\fIX509_NAME_get_index_by_NID\fR\|(3), +\&\fIX509_NAME_print_ex\fR\|(3), +\&\fIX509_new\fR\|(3), +\&\fIX509_sign\fR\|(3), +\&\fIX509_verify_cert\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/X509_ALGOR_dup.3 b/linux_amd64/share/man/man3/X509_ALGOR_dup.3 new file mode 100755 index 0000000..030caeb --- /dev/null +++ b/linux_amd64/share/man/man3/X509_ALGOR_dup.3 @@ -0,0 +1,184 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_ALGOR_DUP 3" +.TH X509_ALGOR_DUP 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_ALGOR_dup, X509_ALGOR_set0, X509_ALGOR_get0, X509_ALGOR_set_md, X509_ALGOR_cmp \- AlgorithmIdentifier functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *alg); +\& int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval); +\& void X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype, +\& const void **ppval, const X509_ALGOR *alg); +\& void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md); +\& int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIX509_ALGOR_dup()\fR returns a copy of \fBalg\fR. +.PP +\&\fIX509_ALGOR_set0()\fR sets the algorithm \s-1OID\s0 of \fBalg\fR to \fBaobj\fR and the +associated parameter type to \fBptype\fR with value \fBpval\fR. If \fBptype\fR is +\&\fBV_ASN1_UNDEF\fR the parameter is omitted, otherwise \fBptype\fR and \fBpval\fR have +the same meaning as the \fBtype\fR and \fBvalue\fR parameters to \fIASN1_TYPE_set()\fR. +All the supplied parameters are used internally so must \fB\s-1NOT\s0\fR be freed after +this call. +.PP +\&\fIX509_ALGOR_get0()\fR is the inverse of \fIX509_ALGOR_set0()\fR: it returns the +algorithm \s-1OID\s0 in \fB*paobj\fR and the associated parameter in \fB*pptype\fR +and \fB*ppval\fR from the \fBAlgorithmIdentifier\fR \fBalg\fR. +.PP +\&\fIX509_ALGOR_set_md()\fR sets the \fBAlgorithmIdentifier\fR \fBalg\fR to appropriate +values for the message digest \fBmd\fR. +.PP +\&\fIX509_ALGOR_cmp()\fR compares \fBa\fR and \fBb\fR and returns 0 if they have identical +encodings and nonzero otherwise. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_ALGOR_dup()\fR returns a valid \fBX509_ALGOR\fR structure or \s-1NULL\s0 if an error +occurred. +.PP +\&\fIX509_ALGOR_set0()\fR returns 1 on success or 0 on error. +.PP +\&\fIX509_ALGOR_get0()\fR and \fIX509_ALGOR_set_md()\fR return no values. +.PP +\&\fIX509_ALGOR_cmp()\fR returns 0 if the two parameters have identical encodings and +nonzero otherwise. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/X509_CRL_get0_by_serial.3 b/linux_amd64/share/man/man3/X509_CRL_get0_by_serial.3 new file mode 100755 index 0000000..dadb3a1 --- /dev/null +++ b/linux_amd64/share/man/man3/X509_CRL_get0_by_serial.3 @@ -0,0 +1,237 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_CRL_GET0_BY_SERIAL 3" +.TH X509_CRL_GET0_BY_SERIAL 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_CRL_get0_by_serial, X509_CRL_get0_by_cert, X509_CRL_get_REVOKED, +X509_REVOKED_get0_serialNumber, X509_REVOKED_get0_revocationDate, +X509_REVOKED_set_serialNumber, X509_REVOKED_set_revocationDate, +X509_CRL_add0_revoked, X509_CRL_sort \- CRL revoked entry utility +functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_CRL_get0_by_serial(X509_CRL *crl, +\& X509_REVOKED **ret, ASN1_INTEGER *serial); +\& int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x); +\& +\& STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl); +\& +\& const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *r); +\& const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOKED *r); +\& +\& int X509_REVOKED_set_serialNumber(X509_REVOKED *r, ASN1_INTEGER *serial); +\& int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm); +\& +\& int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev); +\& +\& int X509_CRL_sort(X509_CRL *crl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIX509_CRL_get0_by_serial()\fR attempts to find a revoked entry in \fBcrl\fR for +serial number \fBserial\fR. If it is successful it sets \fB*ret\fR to the internal +pointer of the matching entry, as a result \fB*ret\fR must not be freed up +after the call. +.PP +\&\fIX509_CRL_get0_by_cert()\fR is similar to \fIX509_get0_by_serial()\fR except it +looks for a revoked entry using the serial number of certificate \fBx\fR. +.PP +\&\fIX509_CRL_get_REVOKED()\fR returns an internal pointer to a stack of all +revoked entries for \fBcrl\fR. +.PP +\&\fIX509_REVOKED_get0_serialNumber()\fR returns an internal pointer to the +serial number of \fBr\fR. +.PP +\&\fIX509_REVOKED_get0_revocationDate()\fR returns an internal pointer to the +revocation date of \fBr\fR. +.PP +\&\fIX509_REVOKED_set_serialNumber()\fR sets the serial number of \fBr\fR to \fBserial\fR. +The supplied \fBserial\fR pointer is not used internally so it should be +freed up after use. +.PP +\&\fIX509_REVOKED_set_revocationDate()\fR sets the revocation date of \fBr\fR to +\&\fBtm\fR. The supplied \fBtm\fR pointer is not used internally so it should be +freed up after use. +.PP +\&\fIX509_CRL_add0_revoked()\fR appends revoked entry \fBrev\fR to \s-1CRL\s0 \fBcrl\fR. The +pointer \fBrev\fR is used internally so it must not be freed up after the call: +it is freed when the parent \s-1CRL\s0 is freed. +.PP +\&\fIX509_CRL_sort()\fR sorts the revoked entries of \fBcrl\fR into ascending serial +number order. +.SH "NOTES" +.IX Header "NOTES" +Applications can determine the number of revoked entries returned by +\&\fIX509_CRL_get_revoked()\fR using \fIsk_X509_REVOKED_num()\fR and examine each one +in turn using \fIsk_X509_REVOKED_value()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_CRL_get0_by_serial()\fR and \fIX509_CRL_get0_by_cert()\fR return 0 for failure, +1 on success except if the revoked entry has the reason \f(CW\*(C`removeFromCRL\*(C'\fR (8), +in which case 2 is returned. +.PP +\&\fIX509_REVOKED_set_serialNumber()\fR, \fIX509_REVOKED_set_revocationDate()\fR, +\&\fIX509_CRL_add0_revoked()\fR and \fIX509_CRL_sort()\fR return 1 for success and 0 for +failure. +.PP +\&\fIX509_REVOKED_get0_serialNumber()\fR returns an \fB\s-1ASN1_INTEGER\s0\fR pointer. +.PP +\&\fIX509_REVOKED_get0_revocationDate()\fR returns an \fB\s-1ASN1_TIME\s0\fR value. +.PP +\&\fIX509_CRL_get_REVOKED()\fR returns a \s-1STACK\s0 of revoked entries. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fId2i_X509\fR\|(3), +\&\fIERR_get_error\fR\|(3), +\&\fIX509_get0_signature\fR\|(3), +\&\fIX509_get_ext_d2i\fR\|(3), +\&\fIX509_get_extension_flags\fR\|(3), +\&\fIX509_get_pubkey\fR\|(3), +\&\fIX509_get_subject_name\fR\|(3), +\&\fIX509_get_version\fR\|(3), +\&\fIX509_NAME_add_entry_by_txt\fR\|(3), +\&\fIX509_NAME_ENTRY_get_object\fR\|(3), +\&\fIX509_NAME_get_index_by_NID\fR\|(3), +\&\fIX509_NAME_print_ex\fR\|(3), +\&\fIX509_new\fR\|(3), +\&\fIX509_sign\fR\|(3), +\&\fIX509V3_get_d2i\fR\|(3), +\&\fIX509_verify_cert\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/X509_EXTENSION_set_object.3 b/linux_amd64/share/man/man3/X509_EXTENSION_set_object.3 new file mode 100755 index 0000000..d3d0364 --- /dev/null +++ b/linux_amd64/share/man/man3/X509_EXTENSION_set_object.3 @@ -0,0 +1,218 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_EXTENSION_SET_OBJECT 3" +.TH X509_EXTENSION_SET_OBJECT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_EXTENSION_set_object, X509_EXTENSION_set_critical, +X509_EXTENSION_set_data, X509_EXTENSION_create_by_NID, +X509_EXTENSION_create_by_OBJ, X509_EXTENSION_get_object, +X509_EXTENSION_get_critical, X509_EXTENSION_get_data \- extension utility +functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 3 +\& int X509_EXTENSION_set_object(X509_EXTENSION *ex, const ASN1_OBJECT *obj); +\& int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit); +\& int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data); +\& +\& X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, +\& int nid, int crit, +\& ASN1_OCTET_STRING *data); +\& X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex, +\& const ASN1_OBJECT *obj, int crit, +\& ASN1_OCTET_STRING *data); +\& +\& ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex); +\& int X509_EXTENSION_get_critical(const X509_EXTENSION *ex); +\& ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIX509_EXTENSION_set_object()\fR sets the extension type of \fBex\fR to \fBobj\fR. The +\&\fBobj\fR pointer is duplicated internally so \fBobj\fR should be freed up after use. +.PP +\&\fIX509_EXTENSION_set_critical()\fR sets the criticality of \fBex\fR to \fBcrit\fR. If +\&\fBcrit\fR is zero the extension in non-critical otherwise it is critical. +.PP +\&\fIX509_EXTENSION_set_data()\fR sets the data in extension \fBex\fR to \fBdata\fR. The +\&\fBdata\fR pointer is duplicated internally. +.PP +\&\fIX509_EXTENSION_create_by_NID()\fR creates an extension of type \fBnid\fR, +criticality \fBcrit\fR using data \fBdata\fR. The created extension is returned and +written to \fB*ex\fR reusing or allocating a new extension if necessary so \fB*ex\fR +should either be \fB\s-1NULL\s0\fR or a valid \fBX509_EXTENSION\fR structure it must +\&\fBnot\fR be an uninitialised pointer. +.PP +\&\fIX509_EXTENSION_create_by_OBJ()\fR is identical to \fIX509_EXTENSION_create_by_NID()\fR +except it creates and extension using \fBobj\fR instead of a \s-1NID\s0. +.PP +\&\fIX509_EXTENSION_get_object()\fR returns the extension type of \fBex\fR as an +\&\fB\s-1ASN1_OBJECT\s0\fR pointer. The returned pointer is an internal value which must +not be freed up. +.PP +\&\fIX509_EXTENSION_get_critical()\fR returns the criticality of extension \fBex\fR it +returns \fB1\fR for critical and \fB0\fR for non-critical. +.PP +\&\fIX509_EXTENSION_get_data()\fR returns the data of extension \fBex\fR. The returned +pointer is an internal value which must not be freed up. +.SH "NOTES" +.IX Header "NOTES" +These functions manipulate the contents of an extension directly. Most +applications will want to parse or encode and add an extension: they should +use the extension encode and decode functions instead such as +\&\fIX509_add1_ext_i2d()\fR and \fIX509_get_ext_d2i()\fR. +.PP +The \fBdata\fR associated with an extension is the extension encoding in an +\&\fB\s-1ASN1_OCTET_STRING\s0\fR structure. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_EXTENSION_set_object()\fR \fIX509_EXTENSION_set_critical()\fR and +\&\fIX509_EXTENSION_set_data()\fR return \fB1\fR for success and \fB0\fR for failure. +.PP +\&\fIX509_EXTENSION_create_by_NID()\fR and \fIX509_EXTENSION_create_by_OBJ()\fR return +an \fBX509_EXTENSION\fR pointer or \fB\s-1NULL\s0\fR if an error occurs. +.PP +\&\fIX509_EXTENSION_get_object()\fR returns an \fB\s-1ASN1_OBJECT\s0\fR pointer. +.PP +\&\fIX509_EXTENSION_get_critical()\fR returns \fB0\fR for non-critical and \fB1\fR for +critical. +.PP +\&\fIX509_EXTENSION_get_data()\fR returns an \fB\s-1ASN1_OCTET_STRING\s0\fR pointer. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIX509V3_get_d2i\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/X509_LOOKUP.3 b/linux_amd64/share/man/man3/X509_LOOKUP.3 new file mode 100755 index 0000000..9772df7 --- /dev/null +++ b/linux_amd64/share/man/man3/X509_LOOKUP.3 @@ -0,0 +1,306 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_LOOKUP 3" +.TH X509_LOOKUP 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_LOOKUP, X509_LOOKUP_TYPE, +X509_LOOKUP_new, X509_LOOKUP_free, X509_LOOKUP_init, +X509_LOOKUP_shutdown, +X509_LOOKUP_set_method_data, X509_LOOKUP_get_method_data, +X509_LOOKUP_ctrl, +X509_LOOKUP_load_file, X509_LOOKUP_add_dir, X509_LOOKUP_add_store, +X509_LOOKUP_load_store, +X509_LOOKUP_get_store, X509_LOOKUP_by_subject, +X509_LOOKUP_by_issuer_serial, X509_LOOKUP_by_fingerprint, +X509_LOOKUP_by_alias +\&\- OpenSSL certificate lookup mechanisms +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef x509_lookup_st X509_LOOKUP; +\& +\& typedef enum X509_LOOKUP_TYPE; +\& +\& X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method); +\& int X509_LOOKUP_init(X509_LOOKUP *ctx); +\& int X509_LOOKUP_shutdown(X509_LOOKUP *ctx); +\& void X509_LOOKUP_free(X509_LOOKUP *ctx); +\& +\& int X509_LOOKUP_set_method_data(X509_LOOKUP *ctx, void *data); +\& void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx); +\& +\& int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, +\& long argl, char **ret); +\& int X509_LOOKUP_load_file(X509_LOOKUP *ctx, char *name, long type); +\& int X509_LOOKUP_add_dir(X509_LOOKUP *ctx, char *name, long type); +\& int X509_LOOKUP_add_store(X509_LOOKUP *ctx, char *uri); +\& int X509_LOOKUP_load_store(X509_LOOKUP *ctx, char *uri); +\& +\& X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx); +\& +\& int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, +\& X509_NAME *name, X509_OBJECT *ret); +\& int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, +\& X509_NAME *name, ASN1_INTEGER *serial, +\& X509_OBJECT *ret); +\& int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, +\& const unsigned char *bytes, int len, +\& X509_OBJECT *ret); +\& int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, +\& const char *str, int len, X509_OBJECT *ret); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBX509_LOOKUP\fR structure holds the information needed to look up +certificates and CRLs according to an associated \fIX509_LOOKUP_METHOD\fR\|(3). +Multiple \fBX509_LOOKUP\fR instances can be added to an \fIX509_STORE\fR\|(3) +to enable lookup in that store. +.PP +\&\fIX509_LOOKUP_new()\fR creates a new \fBX509_LOOKUP\fR using the given lookup +\&\fImethod\fR. +It can also be created by calling \fIX509_STORE_add_lookup\fR\|(3), which +will associate a \fBX509_STORE\fR with the lookup mechanism. +.PP +\&\fIX509_LOOKUP_init()\fR initializes the internal state and resources as +needed by the given \fBX509_LOOKUP\fR to do its work. +.PP +\&\fIX509_LOOKUP_shutdown()\fR tears down the internal state and resources of +the given \fBX509_LOOKUP\fR. +.PP +\&\fIX509_LOOKUP_free()\fR destructs the given \fBX509_LOOKUP\fR. +.PP +\&\fIX509_LOOKUP_set_method_data()\fR and \fIX509_LOOKUP_get_method_data()\fR +associates and retrieves a pointer to application data to and from the +given \fBX509_LOOKUP\fR, respectively. +.PP +\&\fIX509_LOOKUP_ctrl()\fR is used to set or get additional data to or from a +\&\fBX509_LOOKUP\fR structure or its associated \fIX509_LOOKUP_METHOD\fR\|(3). +The arguments of the control command are passed via \fIargc\fR and \fIargl\fR, +its return value via \fI*ret\fR. +The meaning of the arguments depends on the \fIcmd\fR number of the +control command. In general, this function is not called directly, but +wrapped by a macro call, see below. +The control \fIcmd\fRs known to OpenSSL are discussed in more depth +in \*(L"Control Commands\*(R". +.PP +\&\fIX509_LOOKUP_load_file()\fR passes a filename to be loaded immediately +into the associated \fBX509_STORE\fR. +\&\fItype\fR indicates what type of object is expected. +This can only be used with a lookup using the implementation +\&\fIX509_LOOKUP_file\fR\|(3). +.PP +\&\fIX509_LOOKUP_add_dir()\fR passes a directory specification from which +certificates and CRLs are loaded on demand into the associated +\&\fBX509_STORE\fR. +\&\fItype\fR indicates what type of object is expected. +This can only be used with a lookup using the implementation +\&\fIX509_LOOKUP_hash_dir\fR\|(3). +.PP +\&\fIX509_LOOKUP_add_store()\fR passes a \s-1URI\s0 for a directory-like structure +from which containers with certificates and CRLs are loaded on demand +into the associated \fBX509_STORE\fR. +\&\fIX509_LOOKUP_load_store()\fR passes a \s-1URI\s0 for a single container from +which certificates and CRLs are immediately loaded into the associated +\&\fBX509_STORE\fR. +These functions can only be used with a lookup using the +implementation \fIX509_LOOKUP_store\fR\|(3). +.PP +\&\fIX509_LOOKUP_load_file()\fR, \fIX509_LOOKUP_add_dir()\fR, +\&\fIX509_LOOKUP_add_store()\fR, and \fIX509_LOOKUP_load_store()\fR are implemented +as macros that use \fIX509_LOOKUP_ctrl()\fR. +.PP +\&\fIX509_LOOKUP_by_subject()\fR, \fIX509_LOOKUP_by_issuer_serial()\fR, +\&\fIX509_LOOKUP_by_fingerprint()\fR, and \fIX509_LOOKUP_by_alias()\fR look up +certificates and CRLs in the \fIX509_STORE\fR\|(3) associated with the +\&\fBX509_LOOKUP\fR using different criteria, where the looked up object is +stored in \fIret\fR. +Some of the underlying \fBX509_LOOKUP_METHOD\fRs will also cache objects +matching the criteria in the associated \fBX509_STORE\fR, which makes it +possible to handle cases where the criteria have more than one hit. +.SS "Control Commands" +.IX Subsection "Control Commands" +The \fBX509_LOOKUP_METHOD\fRs built into OpenSSL recognise the following +\&\fIX509_LOOKUP_ctrl()\fR \fIcmd\fRs: +.IP "\fBX509_L_FILE_LOAD\fR" 4 +.IX Item "X509_L_FILE_LOAD" +This is the command that \fIX509_LOOKUP_load_file()\fR uses. +The filename is passed in \fIargc\fR, and the type in \fIargl\fR. +.IP "\fBX509_L_ADD_DIR\fR" 4 +.IX Item "X509_L_ADD_DIR" +This is the command that \fIX509_LOOKUP_add_dir()\fR uses. +The directory specification is passed in \fIargc\fR, and the type in +\&\fIargl\fR. +.IP "\fBX509_L_ADD_STORE\fR" 4 +.IX Item "X509_L_ADD_STORE" +This is the command that \fIX509_LOOKUP_add_store()\fR uses. +The \s-1URI\s0 is passed in \fIargc\fR. +.IP "\fBX509_L_LOAD_STORE\fR" 4 +.IX Item "X509_L_LOAD_STORE" +This is the command that \fIX509_LOOKUP_load_store()\fR uses. +The \s-1URI\s0 is passed in \fIargc\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_LOOKUP_new()\fR returns a \fBX509_LOOKUP\fR pointer when successful, +or \s-1NULL\s0 on error. +.PP +\&\fIX509_LOOKUP_init()\fR and \fIX509_LOOKUP_shutdown()\fR return 1 on success, or +0 on error. +.PP +\&\fIX509_LOOKUP_ctrl()\fR returns \-1 if the \fBX509_LOOKUP\fR doesn't have an +associated \fBX509_LOOKUP_METHOD\fR, or 1 if the +doesn't have a control function. +Otherwise, it returns what the control function in the +\&\fBX509_LOOKUP_METHOD\fR returns, which is usually 1 on success and 0 in +error. +.IX Xref "509_LOOKUP_METHOD" +.PP +\&\fIX509_LOOKUP_get_store()\fR returns a \fBX509_STORE\fR pointer if there is +one, otherwise \s-1NULL\s0. +.PP +\&\fIX509_LOOKUP_by_subject()\fR, \fIX509_LOOKUP_by_issuer_serial()\fR, +\&\fIX509_LOOKUP_by_fingerprint()\fR, and \fIX509_LOOKUP_by_alias()\fR all return 0 +if there is no \fBX509_LOOKUP_METHOD\fR or that method doesn't implement +the corresponding function. +Otherwise, it returns what the corresponding function in the +\&\fBX509_LOOKUP_METHOD\fR returns, which is usually 1 on success and 0 in +error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIX509_LOOKUP_METHOD\fR\|(3), \fIX509_STORE\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/X509_LOOKUP_hash_dir.3 b/linux_amd64/share/man/man3/X509_LOOKUP_hash_dir.3 new file mode 100755 index 0000000..e76578a --- /dev/null +++ b/linux_amd64/share/man/man3/X509_LOOKUP_hash_dir.3 @@ -0,0 +1,277 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_LOOKUP_HASH_DIR 3" +.TH X509_LOOKUP_HASH_DIR 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_LOOKUP_hash_dir, X509_LOOKUP_file, X509_LOOKUP_store, +X509_load_cert_file, +X509_load_crl_file, +X509_load_cert_crl_file \- Default OpenSSL certificate +lookup methods +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void); +\& X509_LOOKUP_METHOD *X509_LOOKUP_file(void); +\& X509_LOOKUP_METHOD *X509_LOOKUP_store(void); +\& +\& int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type); +\& int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type); +\& int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_LOOKUP_hash_dir\fR and \fBX509_LOOKUP_file\fR are two certificate +lookup methods to use with \fBX509_STORE\fR, provided by OpenSSL library. +.PP +Users of the library typically do not need to create instances of these +methods manually, they would be created automatically by +\&\fIX509_STORE_load_locations\fR\|(3) or +\&\fISSL_CTX_load_verify_locations\fR\|(3) +functions. +.PP +Internally loading of certificates and CRLs is implemented via functions +\&\fBX509_load_cert_crl_file\fR, \fBX509_load_cert_file\fR and +\&\fBX509_load_crl_file\fR. These functions support parameter \fItype\fR, which +can be one of constants \fB\s-1FILETYPE_PEM\s0\fR, \fB\s-1FILETYPE_ASN1\s0\fR and +\&\fB\s-1FILETYPE_DEFAULT\s0\fR. They load certificates and/or CRLs from specified +file into memory cache of \fBX509_STORE\fR objects which given \fBctx\fR +parameter is associated with. +.PP +Functions \fBX509_load_cert_file\fR and +\&\fBX509_load_crl_file\fR can load both \s-1PEM\s0 and \s-1DER\s0 formats depending of +type value. Because \s-1DER\s0 format cannot contain more than one certificate +or \s-1CRL\s0 object (while \s-1PEM\s0 can contain several concatenated \s-1PEM\s0 objects) +\&\fBX509_load_cert_crl_file\fR with \fB\s-1FILETYPE_ASN1\s0\fR is equivalent to +\&\fBX509_load_cert_file\fR. +.PP +Constant \fB\s-1FILETYPE_DEFAULT\s0\fR with \s-1NULL\s0 filename causes these functions +to load default certificate store file (see +\&\fIX509_STORE_set_default_paths\fR\|(3). +.PP +Functions return number of objects loaded from file or 0 in case of +error. +.PP +Both methods support adding several certificate locations into one +\&\fBX509_STORE\fR. +.PP +This page documents certificate store formats used by these methods and +caching policy. +.SS "File Method" +.IX Subsection "File Method" +The \fBX509_LOOKUP_file\fR method loads all the certificates or CRLs +present in a file into memory at the time the file is added as a +lookup source. +.PP +File format is \s-1ASCII\s0 text which contains concatenated \s-1PEM\s0 certificates +and CRLs. +.PP +This method should be used by applications which work with a small +set of CAs. +.SS "Hashed Directory Method" +.IX Subsection "Hashed Directory Method" +\&\fBX509_LOOKUP_hash_dir\fR is a more advanced method, which loads +certificates and CRLs on demand, and caches them in memory once +they are loaded. As of OpenSSL 1.0.0, it also checks for newer CRLs +upon each lookup, so that newer CRLs are as soon as they appear in +the directory. +.PP +The directory should contain one certificate or \s-1CRL\s0 per file in \s-1PEM\s0 format, +with a filename of the form \fIhash\fR.\fIN\fR for a certificate, or +\&\fIhash\fR.\fBr\fR\fIN\fR for a \s-1CRL\s0. +The \fIhash\fR is the value returned by the \fIX509_NAME_hash\fR\|(3) function applied +to the subject name for certificates or issuer name for CRLs. +The hash can also be obtained via the \fB\-hash\fR option of the +\&\fIopenssl\-x509\fR\|(1) or \fIopenssl\-crl\fR\|(1) commands. +.PP +The .\fIN\fR or .\fBr\fR\fIN\fR suffix is a sequence number that starts at zero, and is +incremented consecutively for each certificate or \s-1CRL\s0 with the same \fIhash\fR +value. +Gaps in the sequence numbers are not supported, it is assumed that there are no +more objects with the same hash beyond the first missing number in the +sequence. +.PP +Sequence numbers make it possible for the directory to contain multiple +certificates with same subject name hash value. +For example, it is possible to have in the store several certificates with same +subject or several CRLs with same issuer (and, for example, different validity +period). +.PP +When checking for new CRLs once one \s-1CRL\s0 for given hash value is +loaded, hash_dir lookup method checks only for certificates with +sequence number greater than that of the already cached \s-1CRL\s0. +.PP +Note that the hash algorithm used for subject name hashing changed in OpenSSL +1.0.0, and all certificate stores have to be rehashed when moving from OpenSSL +0.9.8 to 1.0.0. +.PP +OpenSSL includes a \fIopenssl\-rehash\fR\|(1) utility which creates symlinks with +hashed names for all files with \fI.pem\fR suffix in a given directory. +.SS "\s-1OSSL_STORE\s0 Method" +.IX Subsection "OSSL_STORE Method" +\&\fBX509_LOOKUP_store\fR is a method that allows access to any store of +certificates and CRLs through any loader supported by +\&\fIossl_store\fR\|(7). +It works with the help of URIs, which can be direct references to +certificates or CRLs, but can also be references to catalogues of such +objects (that behave like directories). +.PP +This method overlaps the \*(L"File Method\*(R" and \*(L"Hashed Directory Method\*(R" +because of the 'file:' scheme loader. +It does no caching of its own, but can use a caching \fIossl_store\fR\|(7) +loader, and therefore depends on the loader's capability. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_LOOKUP_hash_dir()\fR, \fIX509_LOOKUP_file()\fR and \fIX509_LOOKUP_store()\fR +always return a valid \fBX509_LOOKUP_METHOD\fR structure. +.PP +\&\fIX509_load_cert_file()\fR, \fIX509_load_crl_file()\fR and \fIX509_load_cert_crl_file()\fR return +the number of loaded objects or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIPEM_read_PrivateKey\fR\|(3), +\&\fIX509_STORE_load_locations\fR\|(3), +\&\fIX509_store_add_lookup\fR\|(3), +\&\fISSL_CTX_load_verify_locations\fR\|(3), +\&\fIX509_LOOKUP_meth_new\fR\|(3), +\&\fIossl_store\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBX509_LOOKUP_store\fR was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/X509_LOOKUP_meth_new.3 b/linux_amd64/share/man/man3/X509_LOOKUP_meth_new.3 new file mode 100755 index 0000000..4050c66 --- /dev/null +++ b/linux_amd64/share/man/man3/X509_LOOKUP_meth_new.3 @@ -0,0 +1,317 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_LOOKUP_METH_NEW 3" +.TH X509_LOOKUP_METH_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_LOOKUP_METHOD, +X509_LOOKUP_meth_new, X509_LOOKUP_meth_free, X509_LOOKUP_meth_set_new_item, +X509_LOOKUP_meth_get_new_item, X509_LOOKUP_meth_set_free, +X509_LOOKUP_meth_get_free, X509_LOOKUP_meth_set_init, +X509_LOOKUP_meth_get_init, X509_LOOKUP_meth_set_shutdown, +X509_LOOKUP_meth_get_shutdown, +X509_LOOKUP_ctrl_fn, X509_LOOKUP_meth_set_ctrl, X509_LOOKUP_meth_get_ctrl, +X509_LOOKUP_get_by_subject_fn, X509_LOOKUP_meth_set_get_by_subject, +X509_LOOKUP_meth_get_get_by_subject, +X509_LOOKUP_get_by_issuer_serial_fn, X509_LOOKUP_meth_set_get_by_issuer_serial, +X509_LOOKUP_meth_get_get_by_issuer_serial, +X509_LOOKUP_get_by_fingerprint_fn, X509_LOOKUP_meth_set_get_by_fingerprint, +X509_LOOKUP_meth_get_get_by_fingerprint, +X509_LOOKUP_get_by_alias_fn, X509_LOOKUP_meth_set_get_by_alias, +X509_LOOKUP_meth_get_get_by_alias, +X509_OBJECT_set1_X509, X509_OBJECT_set1_X509_CRL +\&\- Routines to build up X509_LOOKUP methods +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef x509_lookup_method_st X509_LOOKUP_METHOD; +\& +\& X509_LOOKUP_METHOD *X509_LOOKUP_meth_new(const char *name); +\& void X509_LOOKUP_meth_free(X509_LOOKUP_METHOD *method); +\& +\& int X509_LOOKUP_meth_set_new_item(X509_LOOKUP_METHOD *method, +\& int (*new_item) (X509_LOOKUP *ctx)); +\& int (*X509_LOOKUP_meth_get_new_item(const X509_LOOKUP_METHOD* method)) +\& (X509_LOOKUP *ctx); +\& +\& int X509_LOOKUP_meth_set_free(X509_LOOKUP_METHOD *method, +\& void (*free) (X509_LOOKUP *ctx)); +\& void (*X509_LOOKUP_meth_get_free(const X509_LOOKUP_METHOD* method)) +\& (X509_LOOKUP *ctx); +\& +\& int X509_LOOKUP_meth_set_init(X509_LOOKUP_METHOD *method, +\& int (*init) (X509_LOOKUP *ctx)); +\& int (*X509_LOOKUP_meth_get_init(const X509_LOOKUP_METHOD* method)) +\& (X509_LOOKUP *ctx); +\& +\& int X509_LOOKUP_meth_set_shutdown(X509_LOOKUP_METHOD *method, +\& int (*shutdown) (X509_LOOKUP *ctx)); +\& int (*X509_LOOKUP_meth_get_shutdown(const X509_LOOKUP_METHOD* method)) +\& (X509_LOOKUP *ctx); +\& +\& typedef int (*X509_LOOKUP_ctrl_fn)(X509_LOOKUP *ctx, int cmd, const char *argc, +\& long argl, char **ret); +\& int X509_LOOKUP_meth_set_ctrl(X509_LOOKUP_METHOD *method, +\& X509_LOOKUP_ctrl_fn ctrl_fn); +\& X509_LOOKUP_ctrl_fn X509_LOOKUP_meth_get_ctrl(const X509_LOOKUP_METHOD *method); +\& +\& typedef int (*X509_LOOKUP_get_by_subject_fn)(X509_LOOKUP *ctx, +\& X509_LOOKUP_TYPE type, +\& X509_NAME *name, +\& X509_OBJECT *ret); +\& int X509_LOOKUP_meth_set_get_by_subject(X509_LOOKUP_METHOD *method, +\& X509_LOOKUP_get_by_subject_fn fn); +\& X509_LOOKUP_get_by_subject_fn X509_LOOKUP_meth_get_get_by_subject( +\& const X509_LOOKUP_METHOD *method); +\& +\& typedef int (*X509_LOOKUP_get_by_issuer_serial_fn)(X509_LOOKUP *ctx, +\& X509_LOOKUP_TYPE type, +\& X509_NAME *name, +\& ASN1_INTEGER *serial, +\& X509_OBJECT *ret); +\& int X509_LOOKUP_meth_set_get_by_issuer_serial( +\& X509_LOOKUP_METHOD *method, X509_LOOKUP_get_by_issuer_serial_fn fn); +\& X509_LOOKUP_get_by_issuer_serial_fn X509_LOOKUP_meth_get_get_by_issuer_serial( +\& const X509_LOOKUP_METHOD *method); +\& +\& typedef int (*X509_LOOKUP_get_by_fingerprint_fn)(X509_LOOKUP *ctx, +\& X509_LOOKUP_TYPE type, +\& const unsigned char* bytes, +\& int len, +\& X509_OBJECT *ret); +\& int X509_LOOKUP_meth_set_get_by_fingerprint(X509_LOOKUP_METHOD *method, +\& X509_LOOKUP_get_by_fingerprint_fn fn); +\& X509_LOOKUP_get_by_fingerprint_fn X509_LOOKUP_meth_get_get_by_fingerprint( +\& const X509_LOOKUP_METHOD *method); +\& +\& typedef int (*X509_LOOKUP_get_by_alias_fn)(X509_LOOKUP *ctx, +\& X509_LOOKUP_TYPE type, +\& const char *str, +\& int len, +\& X509_OBJECT *ret); +\& int X509_LOOKUP_meth_set_get_by_alias(X509_LOOKUP_METHOD *method, +\& X509_LOOKUP_get_by_alias_fn fn); +\& X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias( +\& const X509_LOOKUP_METHOD *method); +\& +\& int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj); +\& int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBX509_LOOKUP_METHOD\fR type is a structure used for the implementation of new +X509_LOOKUP types. It provides a set of functions used by OpenSSL for the +implementation of various X509 and X509_CRL lookup capabilities. One instance +of an X509_LOOKUP_METHOD can be associated to many instantiations of an +\&\fBX509_LOOKUP\fR structure. +.PP +\&\fIX509_LOOKUP_meth_new()\fR creates a new \fBX509_LOOKUP_METHOD\fR structure. It should +be given a human-readable string containing a brief description of the lookup +method. +.PP +\&\fIX509_LOOKUP_meth_free()\fR destroys a \fBX509_LOOKUP_METHOD\fR structure. +.PP +\&\fIX509_LOOKUP_get_new_item()\fR and \fIX509_LOOKUP_set_new_item()\fR get and set the +function that is called when an \fBX509_LOOKUP\fR object is created with +\&\fIX509_LOOKUP_new()\fR. If an X509_LOOKUP_METHOD requires any per\-X509_LOOKUP +specific data, the supplied new_item function should allocate this data and +invoke \fIX509_LOOKUP_set_method_data\fR\|(3). +.PP +\&\fIX509_LOOKUP_get_free()\fR and \fIX509_LOOKUP_set_free()\fR get and set the function +that is used to free any method data that was allocated and set from within +new_item function. +.PP +\&\fIX509_LOOKUP_meth_get_init()\fR and \fIX509_LOOKUP_meth_set_init()\fR get and set the +function that is used to initialize the method data that was set with +\&\fIX509_LOOKUP_set_method_data\fR\|(3) as part of the new_item routine. +.PP +\&\fIX509_LOOKUP_meth_get_shutdown()\fR and \fIX509_LOOKUP_meth_set_shutdown()\fR get and set +the function that is used to shut down the method data whose state was +previously initialized in the init function. +.PP +\&\fIX509_LOOKUP_meth_get_ctrl()\fR and \fIX509_LOOKUP_meth_set_ctrl()\fR get and set a +function to be used to handle arbitrary control commands issued by +\&\fIX509_LOOKUP_ctrl()\fR. The control function is given the X509_LOOKUP +\&\fBctx\fR, along with the arguments passed by X509_LOOKUP_ctrl. \fBcmd\fR is +an arbitrary integer that defines some operation. \fBargc\fR is a pointer +to an array of characters. \fBargl\fR is an integer. \fBret\fR, if set, +points to a location where any return data should be written to. How +\&\fBargc\fR and \fBargl\fR are used depends entirely on the control function. +.PP +\&\fIX509_LOOKUP_set_get_by_subject()\fR, \fIX509_LOOKUP_set_get_by_issuer_serial()\fR, +\&\fIX509_LOOKUP_set_get_by_fingerprint()\fR, \fIX509_LOOKUP_set_get_by_alias()\fR set +the functions used to retrieve an X509 or X509_CRL object by the object's +subject, issuer, fingerprint, and alias respectively. These functions are given +the X509_LOOKUP context, the type of the X509_OBJECT being requested, parameters +related to the lookup, and an X509_OBJECT that will receive the requested +object. +.PP +Implementations must add objects they find to the \fBX509_STORE\fR object +using \fIX509_STORE_add_cert()\fR or \fIX509_STORE_add_crl()\fR. This increments +its reference count. However, the \fIX509_STORE_CTX_get_by_subject()\fR +function also increases the reference count which leads to one too +many references being held. Therefore applications should +additionally call \fIX509_free()\fR or \fIX509_CRL_free()\fR to decrement the +reference count again. +.PP +Implementations should also use either \fIX509_OBJECT_set1_X509()\fR or +\&\fIX509_OBJECT_set1_X509_CRL()\fR to set the result. Note that this also +increments the result's reference count. +.PP +Any method data that was created as a result of the new_item function +set by \fIX509_LOOKUP_meth_set_new_item()\fR can be accessed with +\&\fIX509_LOOKUP_get_method_data\fR\|(3). The \fBX509_STORE\fR object that owns the +X509_LOOKUP may be accessed with \fIX509_LOOKUP_get_store\fR\|(3). Successful +lookups should return 1, and unsuccessful lookups should return 0. +.PP +\&\fIX509_LOOKUP_get_get_by_subject()\fR, \fIX509_LOOKUP_get_get_by_issuer_serial()\fR, +\&\fIX509_LOOKUP_get_get_by_fingerprint()\fR, \fIX509_LOOKUP_get_get_by_alias()\fR retrieve +the function set by the corresponding setter. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The \fBX509_LOOKUP_meth_set\fR functions return 1 on success or 0 on error. +.PP +The \fBX509_LOOKUP_meth_get\fR functions return the corresponding function +pointers. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIX509_STORE_new\fR\|(3), \fISSL_CTX_set_cert_store\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 1.1.0i. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/X509_NAME_ENTRY_get_object.3 b/linux_amd64/share/man/man3/X509_NAME_ENTRY_get_object.3 new file mode 100755 index 0000000..7b1dbf2 --- /dev/null +++ b/linux_amd64/share/man/man3/X509_NAME_ENTRY_get_object.3 @@ -0,0 +1,218 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_NAME_ENTRY_GET_OBJECT 3" +.TH X509_NAME_ENTRY_GET_OBJECT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_NAME_ENTRY_get_object, X509_NAME_ENTRY_get_data, +X509_NAME_ENTRY_set_object, X509_NAME_ENTRY_set_data, +X509_NAME_ENTRY_create_by_txt, X509_NAME_ENTRY_create_by_NID, +X509_NAME_ENTRY_create_by_OBJ \- X509_NAME_ENTRY utility functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne); +\& ASN1_STRING *X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne); +\& +\& int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, const ASN1_OBJECT *obj); +\& int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, +\& const unsigned char *bytes, int len); +\& +\& X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, const char *field, +\& int type, const unsigned char *bytes, +\& int len); +\& X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, +\& int type, const unsigned char *bytes, +\& int len); +\& X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, +\& const ASN1_OBJECT *obj, int type, +\& const unsigned char *bytes, int len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIX509_NAME_ENTRY_get_object()\fR retrieves the field name of \fBne\fR in +and \fB\s-1ASN1_OBJECT\s0\fR structure. +.PP +\&\fIX509_NAME_ENTRY_get_data()\fR retrieves the field value of \fBne\fR in +and \fB\s-1ASN1_STRING\s0\fR structure. +.PP +\&\fIX509_NAME_ENTRY_set_object()\fR sets the field name of \fBne\fR to \fBobj\fR. +.PP +\&\fIX509_NAME_ENTRY_set_data()\fR sets the field value of \fBne\fR to string type +\&\fBtype\fR and value determined by \fBbytes\fR and \fBlen\fR. +.PP +\&\fIX509_NAME_ENTRY_create_by_txt()\fR, \fIX509_NAME_ENTRY_create_by_NID()\fR +and \fIX509_NAME_ENTRY_create_by_OBJ()\fR create and return an +\&\fBX509_NAME_ENTRY\fR structure. +.SH "NOTES" +.IX Header "NOTES" +\&\fIX509_NAME_ENTRY_get_object()\fR and \fIX509_NAME_ENTRY_get_data()\fR can be +used to examine an \fBX509_NAME_ENTRY\fR function as returned by +\&\fIX509_NAME_get_entry()\fR for example. +.PP +\&\fIX509_NAME_ENTRY_create_by_txt()\fR, \fIX509_NAME_ENTRY_create_by_OBJ()\fR, +\&\fIX509_NAME_ENTRY_create_by_NID()\fR and \fIX509_NAME_ENTRY_set_data()\fR +are seldom used in practice because \fBX509_NAME_ENTRY\fR structures +are almost always part of \fBX509_NAME\fR structures and the +corresponding \fBX509_NAME\fR functions are typically used to +create and add new entries in a single operation. +.PP +The arguments of these functions support similar options to the similarly +named ones of the corresponding \fBX509_NAME\fR functions such as +\&\fIX509_NAME_add_entry_by_txt()\fR. So for example \fBtype\fR can be set to +\&\fB\s-1MBSTRING_ASC\s0\fR but in the case of \fIX509_set_data()\fR the field name must be +set first so the relevant field information can be looked up internally. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_NAME_ENTRY_get_object()\fR returns a valid \fB\s-1ASN1_OBJECT\s0\fR structure if it is +set or \s-1NULL\s0 if an error occurred. +.PP +\&\fIX509_NAME_ENTRY_get_data()\fR returns a valid \fB\s-1ASN1_STRING\s0\fR structure if it is set +or \s-1NULL\s0 if an error occurred. +.PP +\&\fIX509_NAME_ENTRY_set_object()\fR and \fIX509_NAME_ENTRY_set_data()\fR return 1 on success +or 0 on error. +.PP +\&\fIX509_NAME_ENTRY_create_by_txt()\fR, \fIX509_NAME_ENTRY_create_by_NID()\fR and +\&\fIX509_NAME_ENTRY_create_by_OBJ()\fR return a valid \fBX509_NAME_ENTRY\fR on success or +\&\s-1NULL\s0 if an error occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fId2i_X509_NAME\fR\|(3), +\&\fIOBJ_nid2obj\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/X509_NAME_add_entry_by_txt.3 b/linux_amd64/share/man/man3/X509_NAME_add_entry_by_txt.3 new file mode 100755 index 0000000..845558a --- /dev/null +++ b/linux_amd64/share/man/man3/X509_NAME_add_entry_by_txt.3 @@ -0,0 +1,249 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_NAME_ADD_ENTRY_BY_TXT 3" +.TH X509_NAME_ADD_ENTRY_BY_TXT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_NAME_add_entry_by_txt, X509_NAME_add_entry_by_OBJ, X509_NAME_add_entry_by_NID, +X509_NAME_add_entry, X509_NAME_delete_entry \- X509_NAME modification functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, +\& const unsigned char *bytes, int len, int loc, int set); +\& +\& int X509_NAME_add_entry_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int type, +\& const unsigned char *bytes, int len, int loc, int set); +\& +\& int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, +\& const unsigned char *bytes, int len, int loc, int set); +\& +\& int X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *ne, int loc, int set); +\& +\& X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIX509_NAME_add_entry_by_txt()\fR, \fIX509_NAME_add_entry_by_OBJ()\fR and +\&\fIX509_NAME_add_entry_by_NID()\fR add a field whose name is defined +by a string \fBfield\fR, an object \fBobj\fR or a \s-1NID\s0 \fBnid\fR respectively. +The field value to be added is in \fBbytes\fR of length \fBlen\fR. If +\&\fBlen\fR is \-1 then the field length is calculated internally using +strlen(bytes). +.PP +The type of field is determined by \fBtype\fR which can either be a +definition of the type of \fBbytes\fR (such as \fB\s-1MBSTRING_ASC\s0\fR) or a +standard \s-1ASN1\s0 type (such as \fBV_ASN1_IA5STRING\fR). The new entry is +added to a position determined by \fBloc\fR and \fBset\fR. +.PP +\&\fIX509_NAME_add_entry()\fR adds a copy of \fBX509_NAME_ENTRY\fR structure \fBne\fR +to \fBname\fR. The new entry is added to a position determined by \fBloc\fR +and \fBset\fR. Since a copy of \fBne\fR is added \fBne\fR must be freed up after +the call. +.PP +\&\fIX509_NAME_delete_entry()\fR deletes an entry from \fBname\fR at position +\&\fBloc\fR. The deleted entry is returned and must be freed up. +.SH "NOTES" +.IX Header "NOTES" +The use of string types such as \fB\s-1MBSTRING_ASC\s0\fR or \fB\s-1MBSTRING_UTF8\s0\fR +is strongly recommended for the \fBtype\fR parameter. This allows the +internal code to correctly determine the type of the field and to +apply length checks according to the relevant standards. This is +done using \fIASN1_STRING_set_by_NID()\fR. +.PP +If instead an \s-1ASN1\s0 type is used no checks are performed and the +supplied data in \fBbytes\fR is used directly. +.PP +In \fIX509_NAME_add_entry_by_txt()\fR the \fBfield\fR string represents +the field name using OBJ_txt2obj(field, 0). +.PP +The \fBloc\fR and \fBset\fR parameters determine where a new entry should +be added. For almost all applications \fBloc\fR can be set to \-1 and \fBset\fR +to 0. This adds a new entry to the end of \fBname\fR as a single valued +RelativeDistinguishedName (\s-1RDN\s0). +.PP +\&\fBloc\fR actually determines the index where the new entry is inserted: +if it is \-1 it is appended. +.PP +\&\fBset\fR determines how the new type is added. If it is zero a +new \s-1RDN\s0 is created. +.PP +If \fBset\fR is \-1 or 1 it is added to the previous or next \s-1RDN\s0 +structure respectively. This will then be a multivalued \s-1RDN:\s0 +since multivalues RDNs are very seldom used \fBset\fR is almost +always set to zero. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_NAME_add_entry_by_txt()\fR, \fIX509_NAME_add_entry_by_OBJ()\fR, +\&\fIX509_NAME_add_entry_by_NID()\fR and \fIX509_NAME_add_entry()\fR return 1 for +success of 0 if an error occurred. +.PP +\&\fIX509_NAME_delete_entry()\fR returns either the deleted \fBX509_NAME_ENTRY\fR +structure of \fB\s-1NULL\s0\fR if an error occurred. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Create an \fBX509_NAME\fR structure: +.PP +\&\*(L"C=UK, O=Disorganized Organization, CN=Joe Bloggs\*(R" +.PP +.Vb 1 +\& X509_NAME *nm; +\& +\& nm = X509_NAME_new(); +\& if (nm == NULL) +\& /* Some error */ +\& if (!X509_NAME_add_entry_by_txt(nm, "C", MBSTRING_ASC, +\& "UK", \-1, \-1, 0)) +\& /* Error */ +\& if (!X509_NAME_add_entry_by_txt(nm, "O", MBSTRING_ASC, +\& "Disorganized Organization", \-1, \-1, 0)) +\& /* Error */ +\& if (!X509_NAME_add_entry_by_txt(nm, "CN", MBSTRING_ASC, +\& "Joe Bloggs", \-1, \-1, 0)) +\& /* Error */ +.Ve +.SH "BUGS" +.IX Header "BUGS" +\&\fBtype\fR can still be set to \fBV_ASN1_APP_CHOOSE\fR to use a +different algorithm to determine field types. Since this form does +not understand multicharacter types, performs no length checks and +can result in invalid field types its use is strongly discouraged. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fId2i_X509_NAME\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/X509_NAME_get0_der.3 b/linux_amd64/share/man/man3/X509_NAME_get0_der.3 new file mode 100755 index 0000000..9ad510b --- /dev/null +++ b/linux_amd64/share/man/man3/X509_NAME_get0_der.3 @@ -0,0 +1,162 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_NAME_GET0_DER 3" +.TH X509_NAME_GET0_DER 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_NAME_get0_der \- get X509_NAME DER encoding +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_NAME_get0_der(X509_NAME *nm, const unsigned char **pder, +\& size_t *pderlen) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fIX509_NAME_get0_der()\fR returns an internal pointer to the +encoding of an \fBX509_NAME\fR structure in \fB*pder\fR and consisting of +\&\fB*pderlen\fR bytes. It is useful for applications that wish to examine +the encoding of an \fBX509_NAME\fR structure without copying it. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The function \fIX509_NAME_get0_der()\fR returns 1 for success and 0 if an error +occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fId2i_X509\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/X509_NAME_get_index_by_NID.3 b/linux_amd64/share/man/man3/X509_NAME_get_index_by_NID.3 new file mode 100755 index 0000000..c75e8d4 --- /dev/null +++ b/linux_amd64/share/man/man3/X509_NAME_get_index_by_NID.3 @@ -0,0 +1,247 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_NAME_GET_INDEX_BY_NID 3" +.TH X509_NAME_GET_INDEX_BY_NID 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_NAME_get_index_by_NID, X509_NAME_get_index_by_OBJ, X509_NAME_get_entry, +X509_NAME_entry_count, X509_NAME_get_text_by_NID, X509_NAME_get_text_by_OBJ \- +X509_NAME lookup and enumeration functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos); +\& int X509_NAME_get_index_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int lastpos); +\& +\& int X509_NAME_entry_count(const X509_NAME *name); +\& X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc); +\& +\& int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len); +\& int X509_NAME_get_text_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, char *buf, int len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions allow an \fBX509_NAME\fR structure to be examined. The +\&\fBX509_NAME\fR structure is the same as the \fBName\fR type defined in +\&\s-1RFC2459\s0 (and elsewhere) and used for example in certificate subject +and issuer names. +.PP +\&\fIX509_NAME_get_index_by_NID()\fR and \fIX509_NAME_get_index_by_OBJ()\fR retrieve +the next index matching \fBnid\fR or \fBobj\fR after \fBlastpos\fR. \fBlastpos\fR +should initially be set to \-1. If there are no more entries \-1 is returned. +If \fBnid\fR is invalid (doesn't correspond to a valid \s-1OID\s0) then \-2 is returned. +.PP +\&\fIX509_NAME_entry_count()\fR returns the total number of entries in \fBname\fR. +.PP +\&\fIX509_NAME_get_entry()\fR retrieves the \fBX509_NAME_ENTRY\fR from \fBname\fR +corresponding to index \fBloc\fR. Acceptable values for \fBloc\fR run from +0 to (X509_NAME_entry_count(name) \- 1). The value returned is an +internal pointer which must not be freed. +.PP +\&\fIX509_NAME_get_text_by_NID()\fR, \fIX509_NAME_get_text_by_OBJ()\fR retrieve +the \*(L"text\*(R" from the first entry in \fBname\fR which matches \fBnid\fR or +\&\fBobj\fR, if no such entry exists \-1 is returned. At most \fBlen\fR bytes +will be written and the text written to \fBbuf\fR will be null +terminated. The length of the output string written is returned +excluding the terminating null. If \fBbuf\fR is <\s-1NULL\s0> then the amount +of space needed in \fBbuf\fR (excluding the final null) is returned. +.SH "NOTES" +.IX Header "NOTES" +\&\fIX509_NAME_get_text_by_NID()\fR and \fIX509_NAME_get_text_by_OBJ()\fR should be +considered deprecated because they +have various limitations which make them +of minimal use in practice. They can only find the first matching +entry and will copy the contents of the field verbatim: this can +be highly confusing if the target is a multicharacter string type +like a BMPString or a UTF8String. +.PP +For a more general solution \fIX509_NAME_get_index_by_NID()\fR or +\&\fIX509_NAME_get_index_by_OBJ()\fR should be used followed by +\&\fIX509_NAME_get_entry()\fR on any matching indices and then the +various \fBX509_NAME_ENTRY\fR utility functions on the result. +.PP +The list of all relevant \fBNID_*\fR and \fBOBJ_* codes\fR can be found in +the source code header files and/or +. +.PP +Applications which could pass invalid NIDs to \fIX509_NAME_get_index_by_NID()\fR +should check for the return value of \-2. Alternatively the \s-1NID\s0 validity +can be determined first by checking OBJ_nid2obj(nid) is not \s-1NULL\s0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_NAME_get_index_by_NID()\fR and \fIX509_NAME_get_index_by_OBJ()\fR +return the index of the next matching entry or \-1 if not found. +\&\fIX509_NAME_get_index_by_NID()\fR can also return \-2 if the supplied +\&\s-1NID\s0 is invalid. +.PP +\&\fIX509_NAME_entry_count()\fR returns the total number of entries. +.PP +\&\fIX509_NAME_get_entry()\fR returns an \fBX509_NAME\fR pointer to the +requested entry or \fB\s-1NULL\s0\fR if the index is invalid. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Process all entries: +.PP +.Vb 2 +\& int i; +\& X509_NAME_ENTRY *e; +\& +\& for (i = 0; i < X509_NAME_entry_count(nm); i++) { +\& e = X509_NAME_get_entry(nm, i); +\& /* Do something with e */ +\& } +.Ve +.PP +Process all commonName entries: +.PP +.Vb 2 +\& int lastpos = \-1; +\& X509_NAME_ENTRY *e; +\& +\& for (;;) { +\& lastpos = X509_NAME_get_index_by_NID(nm, NID_commonName, lastpos); +\& if (lastpos == \-1) +\& break; +\& e = X509_NAME_get_entry(nm, lastpos); +\& /* Do something with e */ +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fId2i_X509_NAME\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/X509_NAME_print_ex.3 b/linux_amd64/share/man/man3/X509_NAME_print_ex.3 new file mode 100755 index 0000000..32a31b9 --- /dev/null +++ b/linux_amd64/share/man/man3/X509_NAME_print_ex.3 @@ -0,0 +1,244 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_NAME_PRINT_EX 3" +.TH X509_NAME_PRINT_EX 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_NAME_print_ex, X509_NAME_print_ex_fp, X509_NAME_print, +X509_NAME_oneline \- X509_NAME printing routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent, unsigned long flags); +\& int X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, int indent, unsigned long flags); +\& char *X509_NAME_oneline(const X509_NAME *a, char *buf, int size); +\& int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIX509_NAME_print_ex()\fR prints a human readable version of \fBnm\fR to \s-1BIO\s0 \fBout\fR. Each +line (for multiline formats) is indented by \fBindent\fR spaces. The output format +can be extensively customised by use of the \fBflags\fR parameter. +.PP +\&\fIX509_NAME_print_ex_fp()\fR is identical to \fIX509_NAME_print_ex()\fR except the output is +written to \s-1FILE\s0 pointer \fBfp\fR. +.PP +\&\fIX509_NAME_oneline()\fR prints an \s-1ASCII\s0 version of \fBa\fR to \fBbuf\fR. +If \fBbuf\fR is \fB\s-1NULL\s0\fR then a buffer is dynamically allocated and returned, and +\&\fBsize\fR is ignored. +Otherwise, at most \fBsize\fR bytes will be written, including the ending '\e0', +and \fBbuf\fR is returned. +.PP +\&\fIX509_NAME_print()\fR prints out \fBname\fR to \fBbp\fR indenting each line by \fBobase\fR +characters. Multiple lines are used if the output (including indent) exceeds +80 characters. +.SH "NOTES" +.IX Header "NOTES" +The functions \fIX509_NAME_oneline()\fR and \fIX509_NAME_print()\fR +produce a non standard output form, they don't handle multi character fields and +have various quirks and inconsistencies. +Their use is strongly discouraged in new applications and they could +be deprecated in a future release. +.PP +Although there are a large number of possible flags for most purposes +\&\fB\s-1XN_FLAG_ONELINE\s0\fR, \fB\s-1XN_FLAG_MULTILINE\s0\fR or \fB\s-1XN_FLAG_RFC2253\s0\fR will suffice. +As noted on the \fIASN1_STRING_print_ex\fR\|(3) manual page +for \s-1UTF8\s0 terminals the \fB\s-1ASN1_STRFLGS_ESC_MSB\s0\fR should be unset: so for example +\&\fB\s-1XN_FLAG_ONELINE\s0 & ~ASN1_STRFLGS_ESC_MSB\fR would be used. +.PP +The complete set of the flags supported by \fIX509_NAME_print_ex()\fR is listed below. +.PP +Several options can be ored together. +.PP +The options \fB\s-1XN_FLAG_SEP_COMMA_PLUS\s0\fR, \fB\s-1XN_FLAG_SEP_CPLUS_SPC\s0\fR, +\&\fB\s-1XN_FLAG_SEP_SPLUS_SPC\s0\fR and \fB\s-1XN_FLAG_SEP_MULTILINE\s0\fR determine the field separators +to use. Two distinct separators are used between distinct RelativeDistinguishedName +components and separate values in the same \s-1RDN\s0 for a multi-valued \s-1RDN\s0. Multi-valued +RDNs are currently very rare so the second separator will hardly ever be used. +.PP +\&\fB\s-1XN_FLAG_SEP_COMMA_PLUS\s0\fR uses comma and plus as separators. \fB\s-1XN_FLAG_SEP_CPLUS_SPC\s0\fR +uses comma and plus with spaces: this is more readable that plain comma and plus. +\&\fB\s-1XN_FLAG_SEP_SPLUS_SPC\s0\fR uses spaced semicolon and plus. \fB\s-1XN_FLAG_SEP_MULTILINE\s0\fR uses +spaced newline and plus respectively. +.PP +If \fB\s-1XN_FLAG_DN_REV\s0\fR is set the whole \s-1DN\s0 is printed in reversed order. +.PP +The fields \fB\s-1XN_FLAG_FN_SN\s0\fR, \fB\s-1XN_FLAG_FN_LN\s0\fR, \fB\s-1XN_FLAG_FN_OID\s0\fR, +\&\fB\s-1XN_FLAG_FN_NONE\s0\fR determine how a field name is displayed. It will +use the short name (e.g. \s-1CN\s0) the long name (e.g. commonName) always +use \s-1OID\s0 numerical form (normally OIDs are only used if the field name is not +recognised) and no field name respectively. +.PP +If \fB\s-1XN_FLAG_SPC_EQ\s0\fR is set then spaces will be placed around the '=' character +separating field names and values. +.PP +If \fB\s-1XN_FLAG_DUMP_UNKNOWN_FIELDS\s0\fR is set then the encoding of unknown fields is +printed instead of the values. +.PP +If \fB\s-1XN_FLAG_FN_ALIGN\s0\fR is set then field names are padded to 20 characters: this +is only of use for multiline format. +.PP +Additionally all the options supported by \fIASN1_STRING_print_ex()\fR can be used to +control how each field value is displayed. +.PP +In addition a number options can be set for commonly used formats. +.PP +\&\fB\s-1XN_FLAG_RFC2253\s0\fR sets options which produce an output compatible with \s-1RFC2253\s0 it +is equivalent to: + \f(CW\*(C`ASN1_STRFLGS_RFC2253 | XN_FLAG_SEP_COMMA_PLUS | XN_FLAG_DN_REV | XN_FLAG_FN_SN | XN_FLAG_DUMP_UNKNOWN_FIELDS\*(C'\fR +.PP +\&\fB\s-1XN_FLAG_ONELINE\s0\fR is a more readable one line format which is the same as: + \f(CW\*(C`ASN1_STRFLGS_RFC2253 | ASN1_STRFLGS_ESC_QUOTE | XN_FLAG_SEP_CPLUS_SPC | XN_FLAG_SPC_EQ | XN_FLAG_FN_SN\*(C'\fR +.PP +\&\fB\s-1XN_FLAG_MULTILINE\s0\fR is a multiline format which is the same as: + \f(CW\*(C`ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB | XN_FLAG_SEP_MULTILINE | XN_FLAG_SPC_EQ | XN_FLAG_FN_LN | XN_FLAG_FN_ALIGN\*(C'\fR +.PP +\&\fB\s-1XN_FLAG_COMPAT\s0\fR uses a format identical to \fIX509_NAME_print()\fR: in fact it calls \fIX509_NAME_print()\fR internally. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_NAME_oneline()\fR returns a valid string on success or \s-1NULL\s0 on error. +.PP +\&\fIX509_NAME_print()\fR returns 1 on success or 0 on error. +.PP +\&\fIX509_NAME_print_ex()\fR and \fIX509_NAME_print_ex_fp()\fR return 1 on success or 0 on error +if the \fB\s-1XN_FLAG_COMPAT\s0\fR is set, which is the same as \fIX509_NAME_print()\fR. Otherwise, +it returns \-1 on error or other values on success. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIASN1_STRING_print_ex\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/X509_PUBKEY_new.3 b/linux_amd64/share/man/man3/X509_PUBKEY_new.3 new file mode 100755 index 0000000..64bc491 --- /dev/null +++ b/linux_amd64/share/man/man3/X509_PUBKEY_new.3 @@ -0,0 +1,244 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_PUBKEY_NEW 3" +.TH X509_PUBKEY_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_PUBKEY_new, X509_PUBKEY_free, X509_PUBKEY_dup, +X509_PUBKEY_set, X509_PUBKEY_get0, X509_PUBKEY_get, +d2i_PUBKEY, i2d_PUBKEY, d2i_PUBKEY_bio, d2i_PUBKEY_fp, +i2d_PUBKEY_fp, i2d_PUBKEY_bio, X509_PUBKEY_set0_param, +X509_PUBKEY_get0_param \- SubjectPublicKeyInfo public key functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& X509_PUBKEY *X509_PUBKEY_new(void); +\& void X509_PUBKEY_free(X509_PUBKEY *a); +\& X509_PUBKEY *X509_PUBKEY_dup(const X509_PUBKEY *a); +\& +\& int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey); +\& EVP_PKEY *X509_PUBKEY_get0(X509_PUBKEY *key); +\& EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key); +\& +\& EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length); +\& int i2d_PUBKEY(const EVP_PKEY *a, unsigned char **pp); +\& +\& EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a); +\& EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a); +\& +\& int i2d_PUBKEY_fp(const FILE *fp, EVP_PKEY *pkey); +\& int i2d_PUBKEY_bio(BIO *bp, const EVP_PKEY *pkey); +\& +\& int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj, +\& int ptype, void *pval, +\& unsigned char *penc, int penclen); +\& int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, +\& const unsigned char **pk, int *ppklen, +\& X509_ALGOR **pa, X509_PUBKEY *pub); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBX509_PUBKEY\fR structure represents the \s-1ASN\s0.1 \fBSubjectPublicKeyInfo\fR +structure defined in \s-1RFC5280\s0 and used in certificates and certificate requests. +.PP +\&\fIX509_PUBKEY_new()\fR allocates and initializes an \fBX509_PUBKEY\fR structure. +.PP +\&\fIX509_PUBKEY_free()\fR frees up \fBX509_PUBKEY\fR structure \fBa\fR. If \fBa\fR is \s-1NULL\s0 +nothing is done. +.PP +\&\fIX509_PUBKEY_set()\fR sets the public key in \fB*x\fR to the public key contained +in the \fB\s-1EVP_PKEY\s0\fR structure \fBpkey\fR. If \fB*x\fR is not \s-1NULL\s0 any existing +public key structure will be freed. +.PP +\&\fIX509_PUBKEY_get0()\fR returns the public key contained in \fBkey\fR. The returned +value is an internal pointer which \fB\s-1MUST\s0 \s-1NOT\s0\fR be freed after use. +.PP +\&\fIX509_PUBKEY_get()\fR is similar to \fIX509_PUBKEY_get0()\fR except the reference +count on the returned key is incremented so it \fB\s-1MUST\s0\fR be freed using +\&\fIEVP_PKEY_free()\fR after use. +.PP +\&\fId2i_PUBKEY()\fR and \fIi2d_PUBKEY()\fR decode and encode an \fB\s-1EVP_PKEY\s0\fR structure +using \fBSubjectPublicKeyInfo\fR format. They otherwise follow the conventions of +other \s-1ASN\s0.1 functions such as \fId2i_X509()\fR. +.PP +\&\fId2i_PUBKEY_bio()\fR, \fId2i_PUBKEY_fp()\fR, \fIi2d_PUBKEY_bio()\fR and \fIi2d_PUBKEY_fp()\fR are +similar to \fId2i_PUBKEY()\fR and \fIi2d_PUBKEY()\fR except they decode or encode using a +\&\fB\s-1BIO\s0\fR or \fB\s-1FILE\s0\fR pointer. +.PP +\&\fIX509_PUBKEY_set0_param()\fR sets the public key parameters of \fBpub\fR. The +\&\s-1OID\s0 associated with the algorithm is set to \fBaobj\fR. The type of the +algorithm parameters is set to \fBtype\fR using the structure \fBpval\fR. +The encoding of the public key itself is set to the \fBpenclen\fR +bytes contained in buffer \fBpenc\fR. On success ownership of all the supplied +parameters is passed to \fBpub\fR so they must not be freed after the +call. +.PP +\&\fIX509_PUBKEY_get0_param()\fR retrieves the public key parameters from \fBpub\fR, +\&\fB*ppkalg\fR is set to the associated \s-1OID\s0 and the encoding consists of +\&\fB*ppklen\fR bytes at \fB*pk\fR, \fB*pa\fR is set to the associated +AlgorithmIdentifier for the public key. If the value of any of these +parameters is not required it can be set to \fB\s-1NULL\s0\fR. All of the +retrieved pointers are internal and must not be freed after the +call. +.SH "NOTES" +.IX Header "NOTES" +The \fBX509_PUBKEY\fR functions can be used to encode and decode public keys +in a standard format. +.PP +In many cases applications will not call the \fBX509_PUBKEY\fR functions +directly: they will instead call wrapper functions such as \fIX509_get0_pubkey()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +If the allocation fails, \fIX509_PUBKEY_new()\fR returns \fB\s-1NULL\s0\fR and sets an error +code that can be obtained by \fIERR_get_error\fR\|(3). +.PP +Otherwise it returns a pointer to the newly allocated structure. +.PP +\&\fIX509_PUBKEY_free()\fR does not return a value. +.PP +\&\fIX509_PUBKEY_get0()\fR and \fIX509_PUBKEY_get()\fR return a pointer to an \fB\s-1EVP_PKEY\s0\fR +structure or \fB\s-1NULL\s0\fR if an error occurs. +.PP +\&\fIX509_PUBKEY_set()\fR, \fIX509_PUBKEY_set0_param()\fR and \fIX509_PUBKEY_get0_param()\fR +return 1 for success and 0 if an error occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fId2i_X509\fR\|(3), +\&\fIERR_get_error\fR\|(3), +\&\fIX509_get_pubkey\fR\|(3), +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/X509_SIG_get0.3 b/linux_amd64/share/man/man3/X509_SIG_get0.3 new file mode 100755 index 0000000..cc9a0b8 --- /dev/null +++ b/linux_amd64/share/man/man3/X509_SIG_get0.3 @@ -0,0 +1,163 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_SIG_GET0 3" +.TH X509_SIG_GET0 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_SIG_get0, X509_SIG_getm \- DigestInfo functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg, +\& const ASN1_OCTET_STRING **pdigest); +\& void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg, +\& ASN1_OCTET_STRING **pdigest, +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIX509_SIG_get0()\fR returns pointers to the algorithm identifier and digest +value in \fBsig\fR. \fIX509_SIG_getm()\fR is identical to \fIX509_SIG_get0()\fR +except the pointers returned are not constant and can be modified: +for example to initialise them. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_SIG_get0()\fR and \fIX509_SIG_getm()\fR return no values. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fId2i_X509\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/X509_STORE_CTX_get_error.3 b/linux_amd64/share/man/man3/X509_STORE_CTX_get_error.3 new file mode 100755 index 0000000..833319d --- /dev/null +++ b/linux_amd64/share/man/man3/X509_STORE_CTX_get_error.3 @@ -0,0 +1,501 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_STORE_CTX_GET_ERROR 3" +.TH X509_STORE_CTX_GET_ERROR 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_STORE_CTX_get_error, X509_STORE_CTX_set_error, +X509_STORE_CTX_get_error_depth, X509_STORE_CTX_set_error_depth, +X509_STORE_CTX_get_current_cert, X509_STORE_CTX_set_current_cert, +X509_STORE_CTX_get0_cert, X509_STORE_CTX_get1_chain, +X509_verify_cert_error_string \- get or set certificate verification status +information +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); +\& void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s); +\& int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); +\& void X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth); +\& X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); +\& void X509_STORE_CTX_set_current_cert(X509_STORE_CTX *ctx, X509 *x); +\& X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx); +\& +\& STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx); +\& +\& const char *X509_verify_cert_error_string(long n); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions are typically called after \fIX509_verify_cert()\fR has indicated +an error or in a verification callback to determine the nature of an error. +.PP +\&\fIX509_STORE_CTX_get_error()\fR returns the error code of \fBctx\fR, see +the \fB\s-1ERROR\s0 \s-1CODES\s0\fR section for a full description of all error codes. +.PP +\&\fIX509_STORE_CTX_set_error()\fR sets the error code of \fBctx\fR to \fBs\fR. For example +it might be used in a verification callback to set an error based on additional +checks. +.PP +\&\fIX509_STORE_CTX_get_error_depth()\fR returns the \fBdepth\fR of the error. This is a +non-negative integer representing where in the certificate chain the error +occurred. If it is zero it occurred in the end entity certificate, one if +it is the certificate which signed the end entity certificate and so on. +.PP +\&\fIX509_STORE_CTX_set_error_depth()\fR sets the error \fBdepth\fR. +This can be used in combination with \fIX509_STORE_CTX_set_error()\fR to set the +depth at which an error condition was detected. +.PP +\&\fIX509_STORE_CTX_get_current_cert()\fR returns the certificate in \fBctx\fR which +caused the error or \fB\s-1NULL\s0\fR if no certificate is relevant. +.PP +\&\fIX509_STORE_CTX_set_current_cert()\fR sets the certificate \fBx\fR in \fBctx\fR which +caused the error. +This value is not intended to remain valid for very long, and remains owned by +the caller. +It may be examined by a verification callback invoked to handle each error +encountered during chain verification and is no longer required after such a +callback. +If a callback wishes the save the certificate for use after it returns, it +needs to increment its reference count via \fIX509_up_ref\fR\|(3). +Once such a \fIsaved\fR certificate is no longer needed it can be freed with +\&\fIX509_free\fR\|(3). +.PP +\&\fIX509_STORE_CTX_get0_cert()\fR retrieves an internal pointer to the +certificate being verified by the \fBctx\fR. +.PP +\&\fIX509_STORE_CTX_get1_chain()\fR returns a complete validate chain if a previous +call to \fIX509_verify_cert()\fR is successful. If the call to \fIX509_verify_cert()\fR +is \fBnot\fR successful the returned chain may be incomplete or invalid. The +returned chain persists after the \fBctx\fR structure is freed, when it is +no longer needed it should be free up using: +.PP +.Vb 1 +\& sk_X509_pop_free(chain, X509_free); +.Ve +.PP +\&\fIX509_verify_cert_error_string()\fR returns a human readable error string for +verification error \fBn\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_STORE_CTX_get_error()\fR returns \fBX509_V_OK\fR or an error code. +.PP +\&\fIX509_STORE_CTX_get_error_depth()\fR returns a non-negative error depth. +.PP +\&\fIX509_STORE_CTX_get_current_cert()\fR returns the certificate which caused the +error or \fB\s-1NULL\s0\fR if no certificate is relevant to the error. +.PP +\&\fIX509_verify_cert_error_string()\fR returns a human readable error string for +verification error \fBn\fR. +.SH "ERROR CODES" +.IX Header "ERROR CODES" +A list of error codes and messages is shown below. Some of the +error codes are defined but currently never returned: these are described as +\&\*(L"unused\*(R". +.IP "\fBX509_V_OK: ok\fR" 4 +.IX Item "X509_V_OK: ok" +The operation was successful. +.IP "\fBX509_V_ERR_UNSPECIFIED: unspecified certificate verification error\fR" 4 +.IX Item "X509_V_ERR_UNSPECIFIED: unspecified certificate verification error" +Unspecified error; should not happen. +.IP "\fBX509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certificate\fR" 4 +.IX Item "X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certificate" +The issuer certificate of a locally looked up certificate could not be found. +This normally means the list of trusted certificates is not complete. +.IP "\fBX509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate \s-1CRL\s0\fR" 4 +.IX Item "X509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate CRL" +The \s-1CRL\s0 of a certificate could not be found. +.IP "\fBX509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature\fR" 4 +.IX Item "X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature" +The certificate signature could not be decrypted. This means that the actual +signature value could not be determined rather than it not matching the +expected value, this is only meaningful for \s-1RSA\s0 keys. +.IP "\fBX509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt \s-1CRL\s0's signature\fR" 4 +.IX Item "X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt CRL's signature" +The \s-1CRL\s0 signature could not be decrypted: this means that the actual signature +value could not be determined rather than it not matching the expected value. +Unused. +.IP "\fBX509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: unable to decode issuer public key\fR" 4 +.IX Item "X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: unable to decode issuer public key" +The public key in the certificate \f(CW\*(C`SubjectPublicKeyInfo\*(C'\fR field could +not be read. +.IP "\fBX509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure\fR" 4 +.IX Item "X509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure" +The signature of the certificate is invalid. +.IP "\fBX509_V_ERR_CRL_SIGNATURE_FAILURE: \s-1CRL\s0 signature failure\fR" 4 +.IX Item "X509_V_ERR_CRL_SIGNATURE_FAILURE: CRL signature failure" +The signature of the certificate is invalid. +.IP "\fBX509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid\fR" 4 +.IX Item "X509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid" +The certificate is not yet valid: the \f(CW\*(C`notBefore\*(C'\fR date is after the +current time. +.IP "\fBX509_V_ERR_CERT_HAS_EXPIRED: certificate has expired\fR" 4 +.IX Item "X509_V_ERR_CERT_HAS_EXPIRED: certificate has expired" +The certificate has expired: that is the \f(CW\*(C`notAfter\*(C'\fR date is before the +current time. +.IP "\fBX509_V_ERR_CRL_NOT_YET_VALID: \s-1CRL\s0 is not yet valid\fR" 4 +.IX Item "X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid" +The \s-1CRL\s0 is not yet valid. +.IP "\fBX509_V_ERR_CRL_HAS_EXPIRED: \s-1CRL\s0 has expired\fR" 4 +.IX Item "X509_V_ERR_CRL_HAS_EXPIRED: CRL has expired" +The \s-1CRL\s0 has expired. +.IP "\fBX509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field\fR" 4 +.IX Item "X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field" +The certificate \fBnotBefore\fR field contains an invalid time. +.IP "\fBX509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: format error in certificate's notAfter field\fR" 4 +.IX Item "X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: format error in certificate's notAfter field" +The certificate \fBnotAfter\fR field contains an invalid time. +.IP "\fBX509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in \s-1CRL\s0's lastUpdate field\fR" 4 +.IX Item "X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in CRL's lastUpdate field" +The \s-1CRL\s0 \fBlastUpdate\fR field contains an invalid time. +.IP "\fBX509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in \s-1CRL\s0's nextUpdate field\fR" 4 +.IX Item "X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in CRL's nextUpdate field" +The \s-1CRL\s0 \fBnextUpdate\fR field contains an invalid time. +.IP "\fBX509_V_ERR_OUT_OF_MEM: out of memory\fR" 4 +.IX Item "X509_V_ERR_OUT_OF_MEM: out of memory" +An error occurred trying to allocate memory. +.IP "\fBX509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self signed certificate\fR" 4 +.IX Item "X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self signed certificate" +The passed certificate is self-signed and the same certificate cannot be found +in the list of trusted certificates. +.IP "\fBX509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain\fR" 4 +.IX Item "X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain" +The certificate chain could be built up using the untrusted certificates but +the root could not be found locally. +.IP "\fBX509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate\fR" 4 +.IX Item "X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate" +The issuer certificate could not be found: this occurs if the issuer certificate +of an untrusted certificate cannot be found. +.IP "\fBX509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate\fR" 4 +.IX Item "X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate" +No signatures could be verified because the chain contains only one certificate +and it is not self signed. +.IP "\fBX509_V_ERR_CERT_CHAIN_TOO_LONG: certificate chain too long\fR" 4 +.IX Item "X509_V_ERR_CERT_CHAIN_TOO_LONG: certificate chain too long" +The certificate chain length is greater than the supplied maximum depth. Unused. +.IP "\fBX509_V_ERR_CERT_REVOKED: certificate revoked\fR" 4 +.IX Item "X509_V_ERR_CERT_REVOKED: certificate revoked" +The certificate has been revoked. +.IP "\fBX509_V_ERR_INVALID_CA: invalid \s-1CA\s0 certificate\fR" 4 +.IX Item "X509_V_ERR_INVALID_CA: invalid CA certificate" +A \s-1CA\s0 certificate is invalid. Either it is not a \s-1CA\s0 or its extensions are not +consistent with the supplied purpose. +.IP "\fBX509_V_ERR_PATH_LENGTH_EXCEEDED: path length constraint exceeded\fR" 4 +.IX Item "X509_V_ERR_PATH_LENGTH_EXCEEDED: path length constraint exceeded" +The basicConstraints path-length parameter has been exceeded. +.IP "\fBX509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose\fR" 4 +.IX Item "X509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose" +The supplied certificate cannot be used for the specified purpose. +.IP "\fBX509_V_ERR_CERT_UNTRUSTED: certificate not trusted\fR" 4 +.IX Item "X509_V_ERR_CERT_UNTRUSTED: certificate not trusted" +The root \s-1CA\s0 is not marked as trusted for the specified purpose. +.IP "\fBX509_V_ERR_CERT_REJECTED: certificate rejected\fR" 4 +.IX Item "X509_V_ERR_CERT_REJECTED: certificate rejected" +The root \s-1CA\s0 is marked to reject the specified purpose. +.IP "\fBX509_V_ERR_SUBJECT_ISSUER_MISMATCH: subject issuer mismatch\fR" 4 +.IX Item "X509_V_ERR_SUBJECT_ISSUER_MISMATCH: subject issuer mismatch" +The current candidate issuer certificate was rejected because its subject name +did not match the issuer name of the current certificate. +.IP "\fBX509_V_ERR_AKID_SKID_MISMATCH: authority and subject key identifier mismatch\fR" 4 +.IX Item "X509_V_ERR_AKID_SKID_MISMATCH: authority and subject key identifier mismatch" +The current candidate issuer certificate was rejected because its subject key +identifier was present and did not match the authority key identifier current +certificate. +Not used as of OpenSSL 1.1.0. +.IP "\fBX509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: authority and issuer serial number mismatch\fR" 4 +.IX Item "X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: authority and issuer serial number mismatch" +The current candidate issuer certificate was rejected because its issuer name +and serial number was present and did not match the authority key identifier of +the current certificate. +Not used as of OpenSSL 1.1.0. +.IP "\fBX509_V_ERR_KEYUSAGE_NO_CERTSIGN:key usage does not include certificate signing\fR" 4 +.IX Item "X509_V_ERR_KEYUSAGE_NO_CERTSIGN:key usage does not include certificate signing" +The current candidate issuer certificate was rejected because its \fBkeyUsage\fR +extension does not permit certificate signing. +Not used as of OpenSSL 1.1.0. +.IP "\fBX509_V_ERR_INVALID_EXTENSION: invalid or inconsistent certificate extension\fR" 4 +.IX Item "X509_V_ERR_INVALID_EXTENSION: invalid or inconsistent certificate extension" +A certificate extension had an invalid value (for example an incorrect +encoding) or some value inconsistent with other extensions. +.IP "\fBX509_V_ERR_INVALID_POLICY_EXTENSION: invalid or inconsistent certificate policy extension\fR" 4 +.IX Item "X509_V_ERR_INVALID_POLICY_EXTENSION: invalid or inconsistent certificate policy extension" +A certificate policies extension had an invalid value (for example an incorrect +encoding) or some value inconsistent with other extensions. This error only +occurs if policy processing is enabled. +.IP "\fBX509_V_ERR_NO_EXPLICIT_POLICY: no explicit policy\fR" 4 +.IX Item "X509_V_ERR_NO_EXPLICIT_POLICY: no explicit policy" +The verification flags were set to require and explicit policy but none was +present. +.IP "\fBX509_V_ERR_DIFFERENT_CRL_SCOPE: Different \s-1CRL\s0 scope\fR" 4 +.IX Item "X509_V_ERR_DIFFERENT_CRL_SCOPE: Different CRL scope" +The only CRLs that could be found did not match the scope of the certificate. +.IP "\fBX509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE: Unsupported extension feature\fR" 4 +.IX Item "X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE: Unsupported extension feature" +Some feature of a certificate extension is not supported. Unused. +.IP "\fBX509_V_ERR_PERMITTED_VIOLATION: permitted subtree violation\fR" 4 +.IX Item "X509_V_ERR_PERMITTED_VIOLATION: permitted subtree violation" +A name constraint violation occurred in the permitted subtrees. +.IP "\fBX509_V_ERR_EXCLUDED_VIOLATION: excluded subtree violation\fR" 4 +.IX Item "X509_V_ERR_EXCLUDED_VIOLATION: excluded subtree violation" +A name constraint violation occurred in the excluded subtrees. +.IP "\fBX509_V_ERR_SUBTREE_MINMAX: name constraints minimum and maximum not supported\fR" 4 +.IX Item "X509_V_ERR_SUBTREE_MINMAX: name constraints minimum and maximum not supported" +A certificate name constraints extension included a minimum or maximum field: +this is not supported. +.IP "\fBX509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: unsupported name constraint type\fR" 4 +.IX Item "X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: unsupported name constraint type" +An unsupported name constraint type was encountered. OpenSSL currently only +supports directory name, \s-1DNS\s0 name, email and \s-1URI\s0 types. +.IP "\fBX509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: unsupported or invalid name constraint syntax\fR" 4 +.IX Item "X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: unsupported or invalid name constraint syntax" +The format of the name constraint is not recognised: for example an email +address format of a form not mentioned in \s-1RFC3280\s0. This could be caused by +a garbage extension or some new feature not currently supported. +.IP "\fBX509_V_ERR_CRL_PATH_VALIDATION_ERROR: \s-1CRL\s0 path validation error\fR" 4 +.IX Item "X509_V_ERR_CRL_PATH_VALIDATION_ERROR: CRL path validation error" +An error occurred when attempting to verify the \s-1CRL\s0 path. This error can only +happen if extended \s-1CRL\s0 checking is enabled. +.IP "\fBX509_V_ERR_APPLICATION_VERIFICATION: application verification failure\fR" 4 +.IX Item "X509_V_ERR_APPLICATION_VERIFICATION: application verification failure" +An application specific error. This will never be returned unless explicitly +set by an application callback. +.IP "\fBX509_V_ERR_UNABLE_TO_GET_CRL_ISSUER: unable to get \s-1CRL\s0 issuer certificate\fR" 4 +.IX Item "X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER: unable to get CRL issuer certificate" +Unable to get \s-1CRL\s0 issuer certificate. +.IP "\fBX509_V_ERR_UNHANDLED_CRITICAL_EXTENSION: unhandled critical extension\fR" 4 +.IX Item "X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION: unhandled critical extension" +Unhandled critical extension. +.IP "\fBX509_V_ERR_KEYUSAGE_NO_CRL_SIGN: key usage does not include \s-1CRL\s0 signing\fR" 4 +.IX Item "X509_V_ERR_KEYUSAGE_NO_CRL_SIGN: key usage does not include CRL signing" +Key usage does not include \s-1CRL\s0 signing. +.IP "\fBX509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION: unhandled critical \s-1CRL\s0 extension\fR" 4 +.IX Item "X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION: unhandled critical CRL extension" +Unhandled critical \s-1CRL\s0 extension. +.IP "\fBX509_V_ERR_INVALID_NON_CA: invalid non-CA certificate (has \s-1CA\s0 markings)\fR" 4 +.IX Item "X509_V_ERR_INVALID_NON_CA: invalid non-CA certificate (has CA markings)" +Invalid non-CA certificate has \s-1CA\s0 markings. +.IP "\fBX509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED: proxy path length contraint exceeded\fR" 4 +.IX Item "X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED: proxy path length contraint exceeded" +Proxy path length constraint exceeded. +.IP "\fBX509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE: key usage does not include digital signature\fR" 4 +.IX Item "X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE: key usage does not include digital signature" +Key usage does not include digital signature, and therefore cannot sign +certificates. +.IP "\fBX509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED: proxy certificates not allowed, please set the appropriate flag\fR" 4 +.IX Item "X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED: proxy certificates not allowed, please set the appropriate flag" +Proxy certificates not allowed unless the \fB\-allow_proxy_certs\fR option is used. +.IP "\fBX509_V_ERR_UNNESTED_RESOURCE: \s-1RFC\s0 3779 resource not subset of parent's resrouces\fR" 4 +.IX Item "X509_V_ERR_UNNESTED_RESOURCE: RFC 3779 resource not subset of parent's resrouces" +See \s-1RFC\s0 3779 for details. +.IP "\fBX509_V_ERR_UNSUPPORTED_NAME_SYNTAX: unsupported or invalid name syntax\fR" 4 +.IX Item "X509_V_ERR_UNSUPPORTED_NAME_SYNTAX: unsupported or invalid name syntax" +Unsupported or invalid name syntax. +.IP "\fBX509_V_ERR_PATH_LOOP: path loop\fR" 4 +.IX Item "X509_V_ERR_PATH_LOOP: path loop" +Path loop. +.IP "\fBX509_V_ERR_HOSTNAME_MISMATCH: hostname mismatch\fR" 4 +.IX Item "X509_V_ERR_HOSTNAME_MISMATCH: hostname mismatch" +Hostname mismatch. +.IP "\fBX509_V_ERR_EMAIL_MISMATCH: email address mismatch\fR" 4 +.IX Item "X509_V_ERR_EMAIL_MISMATCH: email address mismatch" +Email address mismatch. +.IP "\fBX509_V_ERR_IP_ADDRESS_MISMATCH: \s-1IP\s0 address mismatch\fR" 4 +.IX Item "X509_V_ERR_IP_ADDRESS_MISMATCH: IP address mismatch" +\&\s-1IP\s0 address mismatch. +.IP "\fBX509_V_ERR_DANE_NO_MATCH: no matching \s-1DANE\s0 \s-1TLSA\s0 records\fR" 4 +.IX Item "X509_V_ERR_DANE_NO_MATCH: no matching DANE TLSA records" +\&\s-1DANE\s0 \s-1TLSA\s0 authentication is enabled, but no \s-1TLSA\s0 records matched the +certificate chain. +This error is only possible in \fIopenssl\-s_client\fR\|(1). +.IP "\fBX509_V_ERR_EE_KEY_TOO_SMALL: \s-1EE\s0 certificate key too weak\fR" 4 +.IX Item "X509_V_ERR_EE_KEY_TOO_SMALL: EE certificate key too weak" +\&\s-1EE\s0 certificate key too weak. +.IP "\fBX509_ERR_CA_KEY_TOO_SMALL: \s-1CA\s0 certificate key too weak\fR" 4 +.IX Item "X509_ERR_CA_KEY_TOO_SMALL: CA certificate key too weak" +\&\s-1CA\s0 certificate key too weak. +.IP "\fBX509_ERR_CA_MD_TOO_WEAK: \s-1CA\s0 signature digest algorithm too weak\fR" 4 +.IX Item "X509_ERR_CA_MD_TOO_WEAK: CA signature digest algorithm too weak" +\&\s-1CA\s0 signature digest algorithm too weak. +.IP "\fBX509_V_ERR_INVALID_CALL: invalid certificate verification context\fR" 4 +.IX Item "X509_V_ERR_INVALID_CALL: invalid certificate verification context" +invalid certificate verification context. +.IP "\fBX509_V_ERR_STORE_LOOKUP: issuer certificate lookup error\fR" 4 +.IX Item "X509_V_ERR_STORE_LOOKUP: issuer certificate lookup error" +Issuer certificate lookup error. +.IP "\fBX509_V_ERR_NO_VALID_SCTS: certificate transparency required, but no valid SCTs found\fR" 4 +.IX Item "X509_V_ERR_NO_VALID_SCTS: certificate transparency required, but no valid SCTs found" +Certificate Transparency required, but no valid SCTs found. +.IP "\fBX509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION: proxy subject name violation\fR" 4 +.IX Item "X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION: proxy subject name violation" +Proxy subject name violation. +.IP "\fBX509_V_ERR_OCSP_VERIFY_NEEDED: \s-1OCSP\s0 verification needed\fR" 4 +.IX Item "X509_V_ERR_OCSP_VERIFY_NEEDED: OCSP verification needed" +Returned by the verify callback to indicate an \s-1OCSP\s0 verification is needed. +.IP "\fBX509_V_ERR_OCSP_VERIFY_FAILED: \s-1OCSP\s0 verification failed\fR" 4 +.IX Item "X509_V_ERR_OCSP_VERIFY_FAILED: OCSP verification failed" +Returned by the verify callback to indicate \s-1OCSP\s0 verification failed. +.IP "\fBX509_V_ERR_OCSP_CERT_UNKNOWN: \s-1OCSP\s0 unknown cert\fR" 4 +.IX Item "X509_V_ERR_OCSP_CERT_UNKNOWN: OCSP unknown cert" +Returned by the verify callback to indicate that the certificate is not +recognized by the \s-1OCSP\s0 responder. +.IP "\fB509_V_ERROR_NO_ISSUER_PUBLI_KEY, issuer certificate doesn't have a public key\fR" 4 +.IX Item "509_V_ERROR_NO_ISSUER_PUBLI_KEY, issuer certificate doesn't have a public key" +The issuer certificate does not have a public key. +.IP "\fBX509_V_ERROR_SIGNATURE_ALGORITHM_MISMATCH, Subject signature algorithm and issuer public key algoritm mismatch\fR" 4 +.IX Item "X509_V_ERROR_SIGNATURE_ALGORITHM_MISMATCH, Subject signature algorithm and issuer public key algoritm mismatch" +The issuer's public key is not of the type required by the signature in +the subject's certificate. +.SH "NOTES" +.IX Header "NOTES" +The above functions should be used instead of directly referencing the fields +in the \fBX509_VERIFY_CTX\fR structure. +.PP +In versions of OpenSSL before 1.0 the current certificate returned by +\&\fIX509_STORE_CTX_get_current_cert()\fR was never \fB\s-1NULL\s0\fR. Applications should +check the return value before printing out any debugging information relating +to the current certificate. +.PP +If an unrecognised error code is passed to \fIX509_verify_cert_error_string()\fR the +numerical value of the unknown code is returned in a static buffer. This is not +thread safe but will never happen unless an invalid code is passed. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIX509_verify_cert\fR\|(3), +\&\fIX509_up_ref\fR\|(3), +\&\fIX509_free\fR\|(3). +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2009\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/X509_STORE_CTX_new.3 b/linux_amd64/share/man/man3/X509_STORE_CTX_new.3 new file mode 100755 index 0000000..d4d8b63 --- /dev/null +++ b/linux_amd64/share/man/man3/X509_STORE_CTX_new.3 @@ -0,0 +1,296 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_STORE_CTX_NEW 3" +.TH X509_STORE_CTX_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_STORE_CTX_new, X509_STORE_CTX_cleanup, X509_STORE_CTX_free, +X509_STORE_CTX_init, X509_STORE_CTX_set0_trusted_stack, X509_STORE_CTX_set_cert, +X509_STORE_CTX_set0_crls, +X509_STORE_CTX_get0_chain, X509_STORE_CTX_set0_verified_chain, +X509_STORE_CTX_get0_param, X509_STORE_CTX_set0_param, +X509_STORE_CTX_get0_untrusted, X509_STORE_CTX_set0_untrusted, +X509_STORE_CTX_get_num_untrusted, +X509_STORE_CTX_set_default, +X509_STORE_CTX_set_verify, +X509_STORE_CTX_verify_fn +\&\- X509_STORE_CTX initialisation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& X509_STORE_CTX *X509_STORE_CTX_new(void); +\& void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx); +\& void X509_STORE_CTX_free(X509_STORE_CTX *ctx); +\& +\& int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, +\& X509 *x509, STACK_OF(X509) *chain); +\& +\& void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); +\& +\& void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x); +\& STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx); +\& void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *chain); +\& void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk); +\& +\& X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx); +\& void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param); +\& int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name); +\& +\& STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx); +\& void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); +\& +\& int X509_STORE_CTX_get_num_untrusted(X509_STORE_CTX *ctx); +\& +\& typedef int (*X509_STORE_CTX_verify_fn)(X509_STORE_CTX *); +\& void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, X509_STORE_CTX_verify_fn verify); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions initialise an \fBX509_STORE_CTX\fR structure for subsequent use +by \fIX509_verify_cert()\fR. +.PP +\&\fIX509_STORE_CTX_new()\fR returns a newly initialised \fBX509_STORE_CTX\fR structure. +.PP +\&\fIX509_STORE_CTX_cleanup()\fR internally cleans up an \fBX509_STORE_CTX\fR structure. +The context can then be reused with an new call to \fIX509_STORE_CTX_init()\fR. +.PP +\&\fIX509_STORE_CTX_free()\fR completely frees up \fBctx\fR. After this call \fBctx\fR +is no longer valid. +If \fBctx\fR is \s-1NULL\s0 nothing is done. +.PP +\&\fIX509_STORE_CTX_init()\fR sets up \fBctx\fR for a subsequent verification operation. +It must be called before each call to \fIX509_verify_cert()\fR, i.e. a \fBctx\fR is only +good for one call to \fIX509_verify_cert()\fR; if you want to verify a second +certificate with the same \fBctx\fR then you must call \fIX509_STORE_CTX_cleanup()\fR +and then \fIX509_STORE_CTX_init()\fR again before the second call to +\&\fIX509_verify_cert()\fR. The trusted certificate store is set to \fBstore\fR, the end +entity certificate to be verified is set to \fBx509\fR and a set of additional +certificates (which will be untrusted but may be used to build the chain) in +\&\fBchain\fR. Any or all of the \fBstore\fR, \fBx509\fR and \fBchain\fR parameters can be +\&\fB\s-1NULL\s0\fR. +.PP +\&\fIX509_STORE_CTX_set0_trusted_stack()\fR sets the set of trusted certificates of +\&\fBctx\fR to \fBsk\fR. This is an alternative way of specifying trusted certificates +instead of using an \fBX509_STORE\fR. +.PP +\&\fIX509_STORE_CTX_set_cert()\fR sets the certificate to be verified in \fBctx\fR to +\&\fBx\fR. +.PP +\&\fIX509_STORE_CTX_set0_verified_chain()\fR sets the validated chain used +by \fBctx\fR to be \fBchain\fR. +Ownership of the chain is transferred to \fBctx\fR and should not be +free'd by the caller. +\&\fIX509_STORE_CTX_get0_chain()\fR returns a the internal pointer used by the +\&\fBctx\fR that contains the validated chain. +.PP +\&\fIX509_STORE_CTX_set0_crls()\fR sets a set of CRLs to use to aid certificate +verification to \fBsk\fR. These CRLs will only be used if \s-1CRL\s0 verification is +enabled in the associated \fBX509_VERIFY_PARAM\fR structure. This might be +used where additional \*(L"useful\*(R" CRLs are supplied as part of a protocol, +for example in a PKCS#7 structure. +.PP +\&\fIX509_STORE_CTX_get0_param()\fR retrieves an internal pointer +to the verification parameters associated with \fBctx\fR. +.PP +\&\fIX509_STORE_CTX_get0_untrusted()\fR retrieves an internal pointer to the +stack of untrusted certificates associated with \fBctx\fR. +.PP +\&\fIX509_STORE_CTX_set0_untrusted()\fR sets the internal point to the stack +of untrusted certificates associated with \fBctx\fR to \fBsk\fR. +.PP +\&\fIX509_STORE_CTX_set0_param()\fR sets the internal verification parameter pointer +to \fBparam\fR. After this call \fBparam\fR should not be used. +.PP +\&\fIX509_STORE_CTX_set_default()\fR looks up and sets the default verification +method to \fBname\fR. This uses the function \fIX509_VERIFY_PARAM_lookup()\fR to +find an appropriate set of parameters from \fBname\fR. +.PP +\&\fIX509_STORE_CTX_get_num_untrusted()\fR returns the number of untrusted certificates +that were used in building the chain following a call to \fIX509_verify_cert()\fR. +.PP +\&\fIX509_STORE_CTX_set_verify()\fR provides the capability for overriding the default +verify function. This function is responsible for verifying chain signatures and +expiration times. +.PP +A verify function is defined as an X509_STORE_CTX_verify type which has the +following signature: +.PP +.Vb 1 +\& int (*verify)(X509_STORE_CTX *); +.Ve +.PP +This function should receive the current X509_STORE_CTX as a parameter and +return 1 on success or 0 on failure. +.SH "NOTES" +.IX Header "NOTES" +The certificates and CRLs in a store are used internally and should \fBnot\fR +be freed up until after the associated \fBX509_STORE_CTX\fR is freed. +.SH "BUGS" +.IX Header "BUGS" +The certificates and CRLs in a context are used internally and should \fBnot\fR +be freed up until after the associated \fBX509_STORE_CTX\fR is freed. Copies +should be made or reference counts increased instead. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_STORE_CTX_new()\fR returns an newly allocates context or \fB\s-1NULL\s0\fR is an +error occurred. +.PP +\&\fIX509_STORE_CTX_init()\fR returns 1 for success or 0 if an error occurred. +.PP +\&\fIX509_STORE_CTX_get0_param()\fR returns a pointer to an \fBX509_VERIFY_PARAM\fR +structure or \fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fIX509_STORE_CTX_cleanup()\fR, \fIX509_STORE_CTX_free()\fR, +\&\fIX509_STORE_CTX_set0_trusted_stack()\fR, +\&\fIX509_STORE_CTX_set_cert()\fR, +\&\fIX509_STORE_CTX_set0_crls()\fR and \fIX509_STORE_CTX_set0_param()\fR do not return +values. +.PP +\&\fIX509_STORE_CTX_set_default()\fR returns 1 for success or 0 if an error occurred. +.PP +\&\fIX509_STORE_CTX_get_num_untrusted()\fR returns the number of untrusted certificates +used. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIX509_verify_cert\fR\|(3) +\&\fIX509_VERIFY_PARAM_set_flags\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fIX509_STORE_CTX_set0_crls()\fR function was added in OpenSSL 1.0.0. +The \fIX509_STORE_CTX_get_num_untrusted()\fR function was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2009\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/X509_STORE_CTX_set_verify_cb.3 b/linux_amd64/share/man/man3/X509_STORE_CTX_set_verify_cb.3 new file mode 100755 index 0000000..f08c266 --- /dev/null +++ b/linux_amd64/share/man/man3/X509_STORE_CTX_set_verify_cb.3 @@ -0,0 +1,348 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_STORE_CTX_SET_VERIFY_CB 3" +.TH X509_STORE_CTX_SET_VERIFY_CB 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_STORE_CTX_get_cleanup, +X509_STORE_CTX_get_lookup_crls, +X509_STORE_CTX_get_lookup_certs, +X509_STORE_CTX_get_check_policy, +X509_STORE_CTX_get_cert_crl, +X509_STORE_CTX_get_check_crl, +X509_STORE_CTX_get_get_crl, +X509_STORE_CTX_get_check_revocation, +X509_STORE_CTX_get_check_issued, +X509_STORE_CTX_get_get_issuer, +X509_STORE_CTX_get_verify_cb, +X509_STORE_CTX_set_verify_cb, +X509_STORE_CTX_verify_cb, +X509_STORE_CTX_print_verify_cb +\&\- get and set X509_STORE_CTX components such as verification callback +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *); +\& int X509_STORE_CTX_print_verify_cb(int ok, X509_STORE_CTX *ctx); +\& +\& X509_STORE_CTX_verify_cb X509_STORE_CTX_get_verify_cb(X509_STORE_CTX *ctx); +\& +\& void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, +\& X509_STORE_CTX_verify_cb verify_cb); +\& +\& X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(X509_STORE_CTX *ctx); +\& X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(X509_STORE_CTX *ctx); +\& X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(X509_STORE_CTX *ctx); +\& X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(X509_STORE_CTX *ctx); +\& X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(X509_STORE_CTX *ctx); +\& X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(X509_STORE_CTX *ctx); +\& X509_STORE_CTX_check_policy_fn X509_STORE_CTX_get_check_policy(X509_STORE_CTX *ctx); +\& X509_STORE_CTX_lookup_certs_fn X509_STORE_CTX_get_lookup_certs(X509_STORE_CTX *ctx); +\& X509_STORE_CTX_lookup_crls_fn X509_STORE_CTX_get_lookup_crls(X509_STORE_CTX *ctx); +\& X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(X509_STORE_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIX509_STORE_CTX_set_verify_cb()\fR sets the verification callback of \fBctx\fR to +\&\fBverify_cb\fR overwriting any existing callback. +.PP +The verification callback can be used to customise the operation of certificate +verification, either by overriding error conditions or logging errors for +debugging purposes. +.PP +However a verification callback is \fBnot\fR essential and the default operation +is often sufficient. +.PP +The \fBok\fR parameter to the callback indicates the value the callback should +return to retain the default behaviour. If it is zero then an error condition +is indicated. If it is 1 then no error occurred. If the flag +\&\fBX509_V_FLAG_NOTIFY_POLICY\fR is set then \fBok\fR is set to 2 to indicate the +policy checking is complete. +.PP +The \fBctx\fR parameter to the callback is the \fBX509_STORE_CTX\fR structure that +is performing the verification operation. A callback can examine this +structure and receive additional information about the error, for example +by calling \fIX509_STORE_CTX_get_current_cert()\fR. Additional application data can +be passed to the callback via the \fBex_data\fR mechanism. +.PP +\&\fIX509_STORE_CTX_print_verify_cb()\fR is a verification callback function that, +when a certificate verification has failed, adds an entry to the error queue +with code \fBX509_R_CERTIFICATE_VERIFICATION_FAILED\fR and with diagnostic details, +including the most relevant fields of the target certificate that failed to +verify and, if appropriate, of the available untrusted and trusted certificates. +.PP +\&\fIX509_STORE_CTX_get_verify_cb()\fR returns the value of the current callback +for the specific \fBctx\fR. +.PP +\&\fIX509_STORE_CTX_get_get_issuer()\fR, +\&\fIX509_STORE_CTX_get_check_issued()\fR, \fIX509_STORE_CTX_get_check_revocation()\fR, +\&\fIX509_STORE_CTX_get_get_crl()\fR, \fIX509_STORE_CTX_get_check_crl()\fR, +\&\fIX509_STORE_CTX_get_cert_crl()\fR, \fIX509_STORE_CTX_get_check_policy()\fR, +\&\fIX509_STORE_CTX_get_lookup_certs()\fR, \fIX509_STORE_CTX_get_lookup_crls()\fR +and \fIX509_STORE_CTX_get_cleanup()\fR return the function pointers cached +from the corresponding \fBX509_STORE\fR, please see +\&\fIX509_STORE_set_verify\fR\|(3) for more information. +.SH "WARNINGS" +.IX Header "WARNINGS" +In general a verification callback should \fB\s-1NOT\s0\fR unconditionally return 1 in +all circumstances because this will allow verification to succeed no matter +what the error. This effectively removes all security from the application +because \fBany\fR certificate (including untrusted generated ones) will be +accepted. +.SH "NOTES" +.IX Header "NOTES" +The verification callback can be set and inherited from the parent structure +performing the operation. In some cases (such as S/MIME verification) the +\&\fBX509_STORE_CTX\fR structure is created and destroyed internally and the +only way to set a custom verification callback is by inheriting it from the +associated \fBX509_STORE\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_STORE_CTX_set_verify_cb()\fR does not return a value. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Default callback operation: +.PP +.Vb 3 +\& int verify_callback(int ok, X509_STORE_CTX *ctx) { +\& return ok; +\& } +.Ve +.PP +Simple example, suppose a certificate in the chain is expired and we wish +to continue after this error: +.PP +.Vb 7 +\& int verify_callback(int ok, X509_STORE_CTX *ctx) { +\& /* Tolerate certificate expiration */ +\& if (X509_STORE_CTX_get_error(ctx) == X509_V_ERR_CERT_HAS_EXPIRED) +\& return 1; +\& /* Otherwise don\*(Aqt override */ +\& return ok; +\& } +.Ve +.PP +More complex example, we don't wish to continue after \fBany\fR certificate has +expired just one specific case: +.PP +.Vb 4 +\& int verify_callback(int ok, X509_STORE_CTX *ctx) +\& { +\& int err = X509_STORE_CTX_get_error(ctx); +\& X509 *err_cert = X509_STORE_CTX_get_current_cert(ctx); +\& +\& if (err == X509_V_ERR_CERT_HAS_EXPIRED) { +\& if (check_is_acceptable_expired_cert(err_cert) +\& return 1; +\& } +\& return ok; +\& } +.Ve +.PP +Full featured logging callback. In this case the \fBbio_err\fR is assumed to be +a global logging \fB\s-1BIO\s0\fR, an alternative would to store a \s-1BIO\s0 in \fBctx\fR using +\&\fBex_data\fR. +.PP +.Vb 4 +\& int verify_callback(int ok, X509_STORE_CTX *ctx) +\& { +\& X509 *err_cert; +\& int err, depth; +\& +\& err_cert = X509_STORE_CTX_get_current_cert(ctx); +\& err = X509_STORE_CTX_get_error(ctx); +\& depth = X509_STORE_CTX_get_error_depth(ctx); +\& +\& BIO_printf(bio_err, "depth=%d ", depth); +\& if (err_cert) { +\& X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert), +\& 0, XN_FLAG_ONELINE); +\& BIO_puts(bio_err, "\en"); +\& } +\& else +\& BIO_puts(bio_err, "\en"); +\& if (!ok) +\& BIO_printf(bio_err, "verify error:num=%d:%s\en", err, +\& X509_verify_cert_error_string(err)); +\& switch (err) { +\& case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: +\& BIO_puts(bio_err, "issuer= "); +\& X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert), +\& 0, XN_FLAG_ONELINE); +\& BIO_puts(bio_err, "\en"); +\& break; +\& case X509_V_ERR_CERT_NOT_YET_VALID: +\& case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: +\& BIO_printf(bio_err, "notBefore="); +\& ASN1_TIME_print(bio_err, X509_get_notBefore(err_cert)); +\& BIO_printf(bio_err, "\en"); +\& break; +\& case X509_V_ERR_CERT_HAS_EXPIRED: +\& case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: +\& BIO_printf(bio_err, "notAfter="); +\& ASN1_TIME_print(bio_err, X509_get_notAfter(err_cert)); +\& BIO_printf(bio_err, "\en"); +\& break; +\& case X509_V_ERR_NO_EXPLICIT_POLICY: +\& policies_print(bio_err, ctx); +\& break; +\& } +\& if (err == X509_V_OK && ok == 2) +\& /* print out policies */ +\& +\& BIO_printf(bio_err, "verify return:%d\en", ok); +\& return(ok); +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIX509_STORE_CTX_get_error\fR\|(3) +\&\fIX509_STORE_set_verify_cb_func\fR\|(3) +\&\fIX509_STORE_CTX_get_ex_new_index\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The +\&\fIX509_STORE_CTX_get_get_issuer()\fR, +\&\fIX509_STORE_CTX_get_check_issued()\fR, \fIX509_STORE_CTX_get_check_revocation()\fR, +\&\fIX509_STORE_CTX_get_get_crl()\fR, \fIX509_STORE_CTX_get_check_crl()\fR, +\&\fIX509_STORE_CTX_get_cert_crl()\fR, \fIX509_STORE_CTX_get_check_policy()\fR, +\&\fIX509_STORE_CTX_get_lookup_certs()\fR, \fIX509_STORE_CTX_get_lookup_crls()\fR +and \fIX509_STORE_CTX_get_cleanup()\fR functions were added in OpenSSL 1.1.0. +.PP +\&\fIX509_STORE_CTX_print_verify_cb()\fR was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2009\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/X509_STORE_add_cert.3 b/linux_amd64/share/man/man3/X509_STORE_add_cert.3 new file mode 100755 index 0000000..15f731e --- /dev/null +++ b/linux_amd64/share/man/man3/X509_STORE_add_cert.3 @@ -0,0 +1,261 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_STORE_ADD_CERT 3" +.TH X509_STORE_ADD_CERT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_STORE, +X509_STORE_add_cert, X509_STORE_add_crl, X509_STORE_set_depth, +X509_STORE_set_flags, X509_STORE_set_purpose, X509_STORE_set_trust, +X509_STORE_add_lookup, +X509_STORE_load_file, X509_STORE_load_path, X509_STORE_load_store, +X509_STORE_set_default_paths, +X509_STORE_load_locations +\&\- X509_STORE manipulation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef x509_store_st X509_STORE; +\& +\& int X509_STORE_add_cert(X509_STORE *ctx, X509 *x); +\& int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x); +\& int X509_STORE_set_depth(X509_STORE *store, int depth); +\& int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags); +\& int X509_STORE_set_purpose(X509_STORE *ctx, int purpose); +\& int X509_STORE_set_trust(X509_STORE *ctx, int trust); +\& +\& X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *store, +\& X509_LOOKUP_METHOD *meth); +\& +\& int X509_STORE_set_default_paths(X509_STORE *ctx); +\& int X509_STORE_load_file(X509_STORE *ctx, const char *file); +\& int X509_STORE_load_path(X509_STORE *ctx, const char *dir); +\& int X509_STORE_load_store(X509_STORE *ctx, const char *uri); +.Ve +.PP +Deprecated: +.PP +.Vb 2 +\& int X509_STORE_load_locations(X509_STORE *ctx, +\& const char *file, const char *dir); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBX509_STORE\fR structure is intended to be a consolidated mechanism for +holding information about X.509 certificates and CRLs, and constructing +and validating chains of certificates terminating in trusted roots. +It admits multiple lookup mechanisms and efficient scaling performance +with large numbers of certificates, and a great deal of flexibility in +how validation and policy checks are performed. +.PP +\&\fIX509_STORE_new\fR\|(3) creates an empty \fBX509_STORE\fR structure, which contains +no information about trusted certificates or where such certificates +are located on disk, and is generally not usable. Normally, trusted +certificates will be added to the \fBX509_STORE\fR to prepare it for use, +via mechanisms such as \fIX509_STORE_add_lookup()\fR and \fIX509_LOOKUP_file()\fR, or +\&\fIPEM_read_bio_X509_AUX()\fR and \fIX509_STORE_add_cert()\fR. CRLs can also be added, +and many behaviors configured as desired. +.PP +Once the \fBX509_STORE\fR is suitably configured, \fIX509_STORE_CTX_new()\fR is +used to instantiate a single-use \fBX509_STORE_CTX\fR for each chain-building +and verification operation. That process includes providing the end-entity +certificate to be verified and an additional set of untrusted certificates +that may be used in chain-building. As such, it is expected that the +certificates included in the \fBX509_STORE\fR are certificates that represent +trusted entities such as root certificate authorities (CAs). +OpenSSL represents these trusted certificates internally as \fBX509\fR objects +with an associated \fBX509_CERT_AUX\fR, as are produced by +\&\fIPEM_read_bio_X509_AUX()\fR and similar routines that refer to X509_AUX. +The public interfaces that operate on such trusted certificates still +operate on pointers to \fBX509\fR objects, though. +.PP +\&\fIX509_STORE_add_cert()\fR and \fIX509_STORE_add_crl()\fR add the respective object +to the \fBX509_STORE\fR's local storage. Untrusted objects should not be +added in this way. The added object's reference count is incremented by one, +hence the caller retains ownership of the object and needs to free it when it +is no longer needed. +.PP +\&\fIX509_STORE_set_depth()\fR, \fIX509_STORE_set_flags()\fR, \fIX509_STORE_set_purpose()\fR, +\&\fIX509_STORE_set_trust()\fR, and \fIX509_STORE_set1_param()\fR set the default values +for the corresponding values used in certificate chain validation. Their +behavior is documented in the corresponding \fBX509_VERIFY_PARAM\fR manual +pages, e.g., \fIX509_VERIFY_PARAM_set_depth\fR\|(3). +.PP +\&\fIX509_STORE_add_lookup()\fR finds or creates a \fIX509_LOOKUP\fR\|(3) with the +\&\fIX509_LOOKUP_METHOD\fR\|(3) \fImeth\fR and adds it to the \fBX509_STORE\fR +\&\fIstore\fR. This also associates the \fBX509_STORE\fR with the lookup, so +\&\fBX509_LOOKUP\fR functions can look up objects in that store. +.PP +\&\fIX509_STORE_load_file()\fR loads trusted certificate(s) into an +\&\fBX509_STORE\fR from a given file. +.PP +\&\fIX509_STORE_load_path()\fR loads trusted certificate(s) into an +\&\fBX509_STORE\fR from a given directory path. +The certificates in the directory must be in hashed form, as +documented in \fIX509_LOOKUP_hash_dir\fR\|(3). +.PP +\&\fIX509_STORE_load_store()\fR loads trusted certificate(s) into an +\&\fBX509_STORE\fR from a store at a given \s-1URI\s0. +.PP +\&\fIX509_STORE_load_locations()\fR combines \fIX509_STORE_load_file()\fR and +\&\fIX509_STORE_load_dir()\fR for a given file and/or directory path. +It is permitted to specify just a file, just a directory, or both +paths. +.PP +\&\fIX509_STORE_set_default_paths()\fR is somewhat misnamed, in that it does not +set what default paths should be used for loading certificates. Instead, +it loads certificates into the \fBX509_STORE\fR from the hardcoded default +paths. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_STORE_add_cert()\fR, \fIX509_STORE_add_crl()\fR, \fIX509_STORE_set_depth()\fR, +\&\fIX509_STORE_set_flags()\fR, \fIX509_STORE_set_purpose()\fR, +\&\fIX509_STORE_set_trust()\fR, \fIX509_STORE_load_file()\fR, +\&\fIX509_STORE_load_path()\fR, \fIX509_STORE_load_store()\fR, +\&\fIX509_STORE_load_locations()\fR, and \fIX509_STORE_set_default_paths()\fR return +1 on success or 0 on failure. +.PP +\&\fIX509_STORE_add_lookup()\fR returns the found or created +\&\fIX509_LOOKUP\fR\|(3), or \s-1NULL\s0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIX509_LOOKUP_hash_dir\fR\|(3). +\&\fIX509_VERIFY_PARAM_set_depth\fR\|(3). +\&\fIX509_STORE_new\fR\|(3), +\&\fIX509_STORE_get0_param\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/X509_STORE_get0_param.3 b/linux_amd64/share/man/man3/X509_STORE_get0_param.3 new file mode 100755 index 0000000..6b66029 --- /dev/null +++ b/linux_amd64/share/man/man3/X509_STORE_get0_param.3 @@ -0,0 +1,187 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_STORE_GET0_PARAM 3" +.TH X509_STORE_GET0_PARAM 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_STORE_get0_param, X509_STORE_set1_param, +X509_STORE_get0_objects, X509_STORE_get1_all_certs +\&\- X509_STORE setter and getter functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx); +\& int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm); +\& STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *ctx); +\& STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *st); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIX509_STORE_set1_param()\fR sets the verification parameters +to \fBpm\fR for \fBctx\fR. +.PP +\&\fIX509_STORE_get0_param()\fR retrieves an internal pointer to the verification +parameters for \fBctx\fR. The returned pointer must not be freed by the +calling application +.PP +\&\fIX509_STORE_get0_objects()\fR retrieves an internal pointer to the store's +X509 object cache. The cache contains \fBX509\fR and \fBX509_CRL\fR objects. The +returned pointer must not be freed by the calling application. +.PP +\&\fIX509_STORE_get1_all_certs()\fR returns a list of all certificates in the store. +The caller is responsible for freeing the returned list. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_STORE_get0_param()\fR returns a pointer to an +\&\fBX509_VERIFY_PARAM\fR structure. +.PP +\&\fIX509_STORE_set1_param()\fR returns 1 for success and 0 for failure. +.PP +\&\fIX509_STORE_get0_objects()\fR returns a pointer to a stack of \fBX509_OBJECT\fR. +.PP +\&\fIX509_STORE_get1_all_certs()\fR returns a pointer to a stack of the retrieved +certificates on success, else \s-1NULL\s0. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIX509_STORE_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBX509_STORE_get0_param\fR and \fBX509_STORE_get0_objects\fR were added in +OpenSSL 1.1.0. +\&\fBX509_STORE_get1_certs\fR was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/X509_STORE_new.3 b/linux_amd64/share/man/man3/X509_STORE_new.3 new file mode 100755 index 0000000..7f987e6 --- /dev/null +++ b/linux_amd64/share/man/man3/X509_STORE_new.3 @@ -0,0 +1,180 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_STORE_NEW 3" +.TH X509_STORE_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_STORE_new, X509_STORE_up_ref, X509_STORE_free, X509_STORE_lock, +X509_STORE_unlock \- X509_STORE allocation, freeing and locking functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& X509_STORE *X509_STORE_new(void); +\& void X509_STORE_free(X509_STORE *v); +\& int X509_STORE_lock(X509_STORE *v); +\& int X509_STORE_unlock(X509_STORE *v); +\& int X509_STORE_up_ref(X509_STORE *v); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fIX509_STORE_new()\fR function returns a new X509_STORE. +.PP +\&\fIX509_STORE_up_ref()\fR increments the reference count associated with the +X509_STORE object. +.PP +\&\fIX509_STORE_lock()\fR locks the store from modification by other threads, +\&\fIX509_STORE_unlock()\fR unlocks it. +.PP +\&\fIX509_STORE_free()\fR frees up a single X509_STORE object. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_STORE_new()\fR returns a newly created X509_STORE or \s-1NULL\s0 if the call fails. +.PP +\&\fIX509_STORE_up_ref()\fR, \fIX509_STORE_lock()\fR and \fIX509_STORE_unlock()\fR return +1 for success and 0 for failure. +.PP +\&\fIX509_STORE_free()\fR does not return values. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIX509_STORE_set_verify_cb_func\fR\|(3) +\&\fIX509_STORE_get0_param\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fIX509_STORE_up_ref()\fR, \fIX509_STORE_lock()\fR and \fIX509_STORE_unlock()\fR +functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/X509_STORE_set_verify_cb_func.3 b/linux_amd64/share/man/man3/X509_STORE_set_verify_cb_func.3 new file mode 100755 index 0000000..ee13b30 --- /dev/null +++ b/linux_amd64/share/man/man3/X509_STORE_set_verify_cb_func.3 @@ -0,0 +1,386 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_STORE_SET_VERIFY_CB_FUNC 3" +.TH X509_STORE_SET_VERIFY_CB_FUNC 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_STORE_set_lookup_crls_cb, +X509_STORE_set_verify_func, +X509_STORE_get_cleanup, +X509_STORE_set_cleanup, +X509_STORE_get_lookup_crls, +X509_STORE_set_lookup_crls, +X509_STORE_get_lookup_certs, +X509_STORE_set_lookup_certs, +X509_STORE_get_check_policy, +X509_STORE_set_check_policy, +X509_STORE_get_cert_crl, +X509_STORE_set_cert_crl, +X509_STORE_get_check_crl, +X509_STORE_set_check_crl, +X509_STORE_get_get_crl, +X509_STORE_set_get_crl, +X509_STORE_get_check_revocation, +X509_STORE_set_check_revocation, +X509_STORE_get_check_issued, +X509_STORE_set_check_issued, +X509_STORE_get_get_issuer, +X509_STORE_set_get_issuer, +X509_STORE_CTX_get_verify, +X509_STORE_set_verify, +X509_STORE_get_verify_cb, +X509_STORE_set_verify_cb_func, X509_STORE_set_verify_cb, +X509_STORE_CTX_cert_crl_fn, X509_STORE_CTX_check_crl_fn, +X509_STORE_CTX_check_issued_fn, X509_STORE_CTX_check_policy_fn, +X509_STORE_CTX_check_revocation_fn, X509_STORE_CTX_cleanup_fn, +X509_STORE_CTX_get_crl_fn, X509_STORE_CTX_get_issuer_fn, +X509_STORE_CTX_lookup_certs_fn, X509_STORE_CTX_lookup_crls_fn +\&\- set verification callback +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef int (*X509_STORE_CTX_get_issuer_fn)(X509 **issuer, +\& X509_STORE_CTX *ctx, X509 *x); +\& typedef int (*X509_STORE_CTX_check_issued_fn)(X509_STORE_CTX *ctx, +\& X509 *x, X509 *issuer); +\& typedef int (*X509_STORE_CTX_check_revocation_fn)(X509_STORE_CTX *ctx); +\& typedef int (*X509_STORE_CTX_get_crl_fn)(X509_STORE_CTX *ctx, +\& X509_CRL **crl, X509 *x); +\& typedef int (*X509_STORE_CTX_check_crl_fn)(X509_STORE_CTX *ctx, X509_CRL *crl); +\& typedef int (*X509_STORE_CTX_cert_crl_fn)(X509_STORE_CTX *ctx, +\& X509_CRL *crl, X509 *x); +\& typedef int (*X509_STORE_CTX_check_policy_fn)(X509_STORE_CTX *ctx); +\& typedef STACK_OF(X509) *(*X509_STORE_CTX_lookup_certs_fn)(X509_STORE_CTX *ctx, +\& X509_NAME *nm); +\& typedef STACK_OF(X509_CRL) *(*X509_STORE_CTX_lookup_crls_fn)(X509_STORE_CTX *ctx, +\& X509_NAME *nm); +\& typedef int (*X509_STORE_CTX_cleanup_fn)(X509_STORE_CTX *ctx); +\& +\& void X509_STORE_set_verify_cb(X509_STORE *ctx, +\& X509_STORE_CTX_verify_cb verify_cb); +\& X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(X509_STORE_CTX *ctx); +\& +\& void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify); +\& X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx); +\& +\& void X509_STORE_set_get_issuer(X509_STORE *ctx, +\& X509_STORE_CTX_get_issuer_fn get_issuer); +\& X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(X509_STORE_CTX *ctx); +\& +\& void X509_STORE_set_check_issued(X509_STORE *ctx, +\& X509_STORE_CTX_check_issued_fn check_issued); +\& X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(X509_STORE_CTX *ctx); +\& +\& void X509_STORE_set_check_revocation(X509_STORE *ctx, +\& X509_STORE_CTX_check_revocation_fn check_revocation); +\& X509_STORE_CTX_check_revocation_fn X509_STORE_get_check_revocation(X509_STORE_CTX *ctx); +\& +\& void X509_STORE_set_get_crl(X509_STORE *ctx, +\& X509_STORE_CTX_get_crl_fn get_crl); +\& X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(X509_STORE_CTX *ctx); +\& +\& void X509_STORE_set_check_crl(X509_STORE *ctx, +\& X509_STORE_CTX_check_crl_fn check_crl); +\& X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(X509_STORE_CTX *ctx); +\& +\& void X509_STORE_set_cert_crl(X509_STORE *ctx, +\& X509_STORE_CTX_cert_crl_fn cert_crl); +\& X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(X509_STORE_CTX *ctx); +\& +\& void X509_STORE_set_check_policy(X509_STORE *ctx, +\& X509_STORE_CTX_check_policy_fn check_policy); +\& X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(X509_STORE_CTX *ctx); +\& +\& void X509_STORE_set_lookup_certs(X509_STORE *ctx, +\& X509_STORE_CTX_lookup_certs_fn lookup_certs); +\& X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(X509_STORE_CTX *ctx); +\& +\& void X509_STORE_set_lookup_crls(X509_STORE *ctx, +\& X509_STORE_CTX_lookup_crls_fn lookup_crls); +\& X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(X509_STORE_CTX *ctx); +\& +\& void X509_STORE_set_cleanup(X509_STORE *ctx, +\& X509_STORE_CTX_cleanup_fn cleanup); +\& X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(X509_STORE_CTX *ctx); +\& +\& /* Aliases */ +\& void X509_STORE_set_verify_cb_func(X509_STORE *st, +\& X509_STORE_CTX_verify_cb verify_cb); +\& void X509_STORE_set_verify_func(X509_STORE *ctx, +\& X509_STORE_CTX_verify_fn verify); +\& void X509_STORE_set_lookup_crls_cb(X509_STORE *ctx, +\& X509_STORE_CTX_lookup_crls_fn lookup_crls); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIX509_STORE_set_verify_cb()\fR sets the verification callback of \fBctx\fR to +\&\fBverify_cb\fR overwriting the previous callback. +The callback assigned with this function becomes a default for the one +that can be assigned directly to the corresponding \fBX509_STORE_CTX\fR, +please see \fIX509_STORE_CTX_set_verify_cb\fR\|(3) for further information. +.PP +\&\fIX509_STORE_set_verify()\fR sets the final chain verification function for +\&\fBctx\fR to \fBverify\fR. +Its purpose is to go through the chain of certificates and check that +all signatures are valid and that the current time is within the +limits of each certificate's first and last validity time. +The final chain verification functions must return 0 on failure and 1 +on success. +\&\fIIf no chain verification function is provided, the internal default +function will be used instead.\fR +.PP +\&\fIX509_STORE_set_get_issuer()\fR sets the function to get the issuer +certificate that verifies the given certificate \fBx\fR. +When found, the issuer certificate must be assigned to \fB*issuer\fR. +This function must return 0 on failure and 1 on success. +\&\fIIf no function to get the issuer is provided, the internal default +function will be used instead.\fR +.PP +\&\fIX509_STORE_set_check_issued()\fR sets the function to check that a given +certificate \fBx\fR is issued with the issuer certificate \fBissuer\fR. +This function must return 0 on failure (among others if \fBx\fR hasn't +been issued with \fBissuer\fR) and 1 on success. +\&\fIIf no function to get the issuer is provided, the internal default +function will be used instead.\fR +.PP +\&\fIX509_STORE_set_check_revocation()\fR sets the revocation checking +function. +Its purpose is to look through the final chain and check the +revocation status for each certificate. +It must return 0 on failure and 1 on success. +\&\fIIf no function to get the issuer is provided, the internal default +function will be used instead.\fR +.PP +\&\fIX509_STORE_set_get_crl()\fR sets the function to get the crl for a given +certificate \fBx\fR. +When found, the crl must be assigned to \fB*crl\fR. +This function must return 0 on failure and 1 on success. +\&\fIIf no function to get the issuer is provided, the internal default +function will be used instead.\fR +.PP +\&\fIX509_STORE_set_check_crl()\fR sets the function to check the validity of +the given \fBcrl\fR. +This function must return 0 on failure and 1 on success. +\&\fIIf no function to get the issuer is provided, the internal default +function will be used instead.\fR +.PP +\&\fIX509_STORE_set_cert_crl()\fR sets the function to check the revocation +status of the given certificate \fBx\fR against the given \fBcrl\fR. +This function must return 0 on failure and 1 on success. +\&\fIIf no function to get the issuer is provided, the internal default +function will be used instead.\fR +.PP +\&\fIX509_STORE_set_check_policy()\fR sets the function to check the policies +of all the certificates in the final chain.. +This function must return 0 on failure and 1 on success. +\&\fIIf no function to get the issuer is provided, the internal default +function will be used instead.\fR +.PP +\&\fIX509_STORE_set_lookup_certs()\fR and \fIX509_STORE_set_lookup_crls()\fR set the +functions to look up all the certs or all the CRLs that match the +given name \fBnm\fR. +These functions return \s-1NULL\s0 on failure and a pointer to a stack of +certificates (\fBX509\fR) or to a stack of CRLs (\fBX509_CRL\fR) on +success. +\&\fIIf no function to get the issuer is provided, the internal default +function will be used instead.\fR +.PP +\&\fIX509_STORE_set_cleanup()\fR sets the final cleanup function, which is +called when the context (\fBX509_STORE_CTX\fR) is being torn down. +This function doesn't return any value. +\&\fIIf no function to get the issuer is provided, the internal default +function will be used instead.\fR +.PP +\&\fIX509_STORE_get_verify_cb()\fR, \fIX509_STORE_CTX_get_verify()\fR, +\&\fIX509_STORE_get_get_issuer()\fR, \fIX509_STORE_get_check_issued()\fR, +\&\fIX509_STORE_get_check_revocation()\fR, \fIX509_STORE_get_get_crl()\fR, +\&\fIX509_STORE_get_check_crl()\fR, \fIX509_STORE_set_verify()\fR, +\&\fIX509_STORE_set_get_issuer()\fR, \fIX509_STORE_get_cert_crl()\fR, +\&\fIX509_STORE_get_check_policy()\fR, \fIX509_STORE_get_lookup_certs()\fR, +\&\fIX509_STORE_get_lookup_crls()\fR and \fIX509_STORE_get_cleanup()\fR all return +the function pointer assigned with \fIX509_STORE_set_check_issued()\fR, +\&\fIX509_STORE_set_check_revocation()\fR, \fIX509_STORE_set_get_crl()\fR, +\&\fIX509_STORE_set_check_crl()\fR, \fIX509_STORE_set_cert_crl()\fR, +\&\fIX509_STORE_set_check_policy()\fR, \fIX509_STORE_set_lookup_certs()\fR, +\&\fIX509_STORE_set_lookup_crls()\fR and \fIX509_STORE_set_cleanup()\fR, or \s-1NULL\s0 if +no assignment has been made. +.PP +\&\fIX509_STORE_set_verify_cb_func()\fR, \fIX509_STORE_set_verify_func()\fR and +\&\fIX509_STORE_set_lookup_crls_cb()\fR are aliases for +\&\fIX509_STORE_set_verify_cb()\fR, \fIX509_STORE_set_verify()\fR and +X509_STORE_set_lookup_crls, available as macros for backward +compatibility. +.SH "NOTES" +.IX Header "NOTES" +All the callbacks from a \fBX509_STORE\fR are inherited by the +corresponding \fBX509_STORE_CTX\fR structure when it is initialized. +See \fIX509_STORE_CTX_set_verify_cb\fR\|(3) for further details. +.SH "BUGS" +.IX Header "BUGS" +The macro version of this function was the only one available before +OpenSSL 1.0.0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The X509_STORE_set_*() functions do not return a value. +.PP +The X509_STORE_get_*() functions return a pointer of the appropriate +function type. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIX509_STORE_CTX_set_verify_cb\fR\|(3), \fIX509_STORE_CTX_get0_chain\fR\|(3), +\&\fIX509_STORE_CTX_verify_cb\fR\|(3), \fIX509_STORE_CTX_verify_fn\fR\|(3), +\&\fICMS_verify\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fIX509_STORE_set_verify_cb()\fR function was added in OpenSSL 1.0.0. +.PP +The functions +\&\fIX509_STORE_set_verify_cb()\fR, \fIX509_STORE_get_verify_cb()\fR, +\&\fIX509_STORE_set_verify()\fR, \fIX509_STORE_CTX_get_verify()\fR, +\&\fIX509_STORE_set_get_issuer()\fR, \fIX509_STORE_get_get_issuer()\fR, +\&\fIX509_STORE_set_check_issued()\fR, \fIX509_STORE_get_check_issued()\fR, +\&\fIX509_STORE_set_check_revocation()\fR, \fIX509_STORE_get_check_revocation()\fR, +\&\fIX509_STORE_set_get_crl()\fR, \fIX509_STORE_get_get_crl()\fR, +\&\fIX509_STORE_set_check_crl()\fR, \fIX509_STORE_get_check_crl()\fR, +\&\fIX509_STORE_set_cert_crl()\fR, \fIX509_STORE_get_cert_crl()\fR, +\&\fIX509_STORE_set_check_policy()\fR, \fIX509_STORE_get_check_policy()\fR, +\&\fIX509_STORE_set_lookup_certs()\fR, \fIX509_STORE_get_lookup_certs()\fR, +\&\fIX509_STORE_set_lookup_crls()\fR, \fIX509_STORE_get_lookup_crls()\fR, +\&\fIX509_STORE_set_cleanup()\fR and \fIX509_STORE_get_cleanup()\fR +were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2009\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/X509_VERIFY_PARAM_set_flags.3 b/linux_amd64/share/man/man3/X509_VERIFY_PARAM_set_flags.3 new file mode 100755 index 0000000..058e77d --- /dev/null +++ b/linux_amd64/share/man/man3/X509_VERIFY_PARAM_set_flags.3 @@ -0,0 +1,505 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_VERIFY_PARAM_SET_FLAGS 3" +.TH X509_VERIFY_PARAM_SET_FLAGS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags, +X509_VERIFY_PARAM_get_flags, X509_VERIFY_PARAM_set_purpose, +X509_VERIFY_PARAM_get_inh_flags, X509_VERIFY_PARAM_set_inh_flags, +X509_VERIFY_PARAM_set_trust, X509_VERIFY_PARAM_set_depth, +X509_VERIFY_PARAM_get_depth, X509_VERIFY_PARAM_set_auth_level, +X509_VERIFY_PARAM_get_auth_level, X509_VERIFY_PARAM_set_time, +X509_VERIFY_PARAM_get_time, +X509_VERIFY_PARAM_add0_policy, X509_VERIFY_PARAM_set1_policies, +X509_VERIFY_PARAM_set1_host, X509_VERIFY_PARAM_add1_host, +X509_VERIFY_PARAM_set_hostflags, +X509_VERIFY_PARAM_get_hostflags, +X509_VERIFY_PARAM_get0_peername, +X509_VERIFY_PARAM_set1_email, X509_VERIFY_PARAM_set1_ip, +X509_VERIFY_PARAM_set1_ip_asc +\&\- X509 verification parameters +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, +\& unsigned long flags); +\& int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param, +\& unsigned long flags); +\& unsigned long X509_VERIFY_PARAM_get_flags(const X509_VERIFY_PARAM *param); +\& +\& int X509_VERIFY_PARAM_set_inh_flags(X509_VERIFY_PARAM *param, +\& uint32_t flags); +\& uint32_t X509_VERIFY_PARAM_get_inh_flags(const X509_VERIFY_PARAM *param); +\& +\& int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose); +\& int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust); +\& +\& void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t); +\& time_t X509_VERIFY_PARAM_get_time(const X509_VERIFY_PARAM *param); +\& +\& int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, +\& ASN1_OBJECT *policy); +\& int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, +\& STACK_OF(ASN1_OBJECT) *policies); +\& +\& void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth); +\& int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param); +\& +\& void X509_VERIFY_PARAM_set_auth_level(X509_VERIFY_PARAM *param, +\& int auth_level); +\& int X509_VERIFY_PARAM_get_auth_level(const X509_VERIFY_PARAM *param); +\& +\& int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, +\& const char *name, size_t namelen); +\& int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param, +\& const char *name, size_t namelen); +\& void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, +\& unsigned int flags); +\& unsigned int X509_VERIFY_PARAM_get_hostflags(const X509_VERIFY_PARAM *param); +\& char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param); +\& int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, +\& const char *email, size_t emaillen); +\& int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param, +\& const unsigned char *ip, size_t iplen); +\& int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions manipulate the \fBX509_VERIFY_PARAM\fR structure associated with +a certificate verification operation. +.PP +The \fIX509_VERIFY_PARAM_set_flags()\fR function sets the flags in \fBparam\fR by oring +it with \fBflags\fR. See the \fB\s-1VERIFICATION\s0 \s-1FLAGS\s0\fR section for a complete +description of values the \fBflags\fR parameter can take. +.PP +\&\fIX509_VERIFY_PARAM_get_flags()\fR returns the flags in \fBparam\fR. +.PP +\&\fIX509_VERIFY_PARAM_get_inh_flags()\fR returns the inheritance flags in \fBparam\fR +which specifies how verification flags are copied from one structure to +another. \fIX509_VERIFY_PARAM_set_inh_flags()\fR sets the inheritance flags. +See the \fB\s-1INHERITANCE\s0 \s-1FLAGS\s0\fR section for a description of these bits. +.PP +\&\fIX509_VERIFY_PARAM_clear_flags()\fR clears the flags \fBflags\fR in \fBparam\fR. +.PP +\&\fIX509_VERIFY_PARAM_set_purpose()\fR sets the verification purpose in \fBparam\fR +to \fBpurpose\fR. This determines the acceptable purpose of the certificate +chain, for example \s-1SSL\s0 client or \s-1SSL\s0 server. +.PP +\&\fIX509_VERIFY_PARAM_set_trust()\fR sets the trust setting in \fBparam\fR to +\&\fBtrust\fR. +.PP +\&\fIX509_VERIFY_PARAM_set_time()\fR sets the verification time in \fBparam\fR to +\&\fBt\fR. Normally the current time is used. +.PP +\&\fIX509_VERIFY_PARAM_add0_policy()\fR enables policy checking (it is disabled +by default) and adds \fBpolicy\fR to the acceptable policy set. +.PP +\&\fIX509_VERIFY_PARAM_set1_policies()\fR enables policy checking (it is disabled +by default) and sets the acceptable policy set to \fBpolicies\fR. Any existing +policy set is cleared. The \fBpolicies\fR parameter can be \fB\s-1NULL\s0\fR to clear +an existing policy set. +.PP +\&\fIX509_VERIFY_PARAM_set_depth()\fR sets the maximum verification depth to \fBdepth\fR. +That is the maximum number of intermediate \s-1CA\s0 certificates that can appear in a +chain. +A maximal depth chain contains 2 more certificates than the limit, since +neither the end-entity certificate nor the trust-anchor count against this +limit. +Thus a \fBdepth\fR limit of 0 only allows the end-entity certificate to be signed +directly by the trust-anchor, while with a \fBdepth\fR limit of 1 there can be one +intermediate \s-1CA\s0 certificate between the trust-anchor and the end-entity +certificate. +.PP +\&\fIX509_VERIFY_PARAM_set_auth_level()\fR sets the authentication security level to +\&\fBauth_level\fR. +The authentication security level determines the acceptable signature and public +key strength when verifying certificate chains. +For a certificate chain to validate, the public keys of all the certificates +must meet the specified security level. +The signature algorithm security level is not enforced for the chain's \fItrust +anchor\fR certificate, which is either directly trusted or validated by means other +than its signature. +See \fISSL_CTX_set_security_level\fR\|(3) for the definitions of the available +levels. +The default security level is \-1, or \*(L"not set\*(R". +At security level 0 or lower all algorithms are acceptable. +Security level 1 requires at least 80\-bit\-equivalent security and is broadly +interoperable, though it will, for example, reject \s-1MD5\s0 signatures or \s-1RSA\s0 keys +shorter than 1024 bits. +.PP +\&\fIX509_VERIFY_PARAM_set1_host()\fR sets the expected \s-1DNS\s0 hostname to +\&\fBname\fR clearing any previously specified hostname. If +\&\fBname\fR is \s-1NULL\s0, or empty the list of hostnames is cleared, and +name checks are not performed on the peer certificate. If \fBname\fR +is NUL-terminated, \fBnamelen\fR may be zero, otherwise \fBnamelen\fR +must be set to the length of \fBname\fR. +.PP +When a hostname is specified, +certificate verification automatically invokes \fIX509_check_host\fR\|(3) +with flags equal to the \fBflags\fR argument given to +\&\fIX509_VERIFY_PARAM_set_hostflags()\fR (default zero). Applications +are strongly advised to use this interface in preference to explicitly +calling \fIX509_check_host\fR\|(3), hostname checks may be out of scope +with the \s-1\fIDANE\-EE\s0\fR\|(3) certificate usage, and the internal check will +be suppressed as appropriate when \s-1DANE\s0 verification is enabled. +.PP +When the subject CommonName will not be ignored, whether as a result of the +\&\fBX509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT\fR host flag, or because no \s-1DNS\s0 subject +alternative names are present in the certificate, any \s-1DNS\s0 name constraints in +issuer certificates apply to the subject CommonName as well as the subject +alternative name extension. +.PP +When the subject CommonName will be ignored, whether as a result of the +\&\fBX509_CHECK_FLAG_NEVER_CHECK_SUBJECT\fR host flag, or because some \s-1DNS\s0 subject +alternative names are present in the certificate, \s-1DNS\s0 name constraints in +issuer certificates will not be applied to the subject \s-1DN\s0. +As described in \fIX509_check_host\fR\|(3) the \fBX509_CHECK_FLAG_NEVER_CHECK_SUBJECT\fR +flag takes precedence over the \fBX509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT\fR flag. +.PP +\&\fIX509_VERIFY_PARAM_get_hostflags()\fR returns any host flags previously set via a +call to \fIX509_VERIFY_PARAM_set_hostflags()\fR. +.PP +\&\fIX509_VERIFY_PARAM_add1_host()\fR adds \fBname\fR as an additional reference +identifier that can match the peer's certificate. Any previous names +set via \fIX509_VERIFY_PARAM_set1_host()\fR or \fIX509_VERIFY_PARAM_add1_host()\fR +are retained, no change is made if \fBname\fR is \s-1NULL\s0 or empty. When +multiple names are configured, the peer is considered verified when +any name matches. +.PP +\&\fIX509_VERIFY_PARAM_get0_peername()\fR returns the \s-1DNS\s0 hostname or subject +CommonName from the peer certificate that matched one of the reference +identifiers. When wildcard matching is not disabled, or when a +reference identifier specifies a parent domain (starts with \*(L".\*(R") +rather than a hostname, the peer name may be a wildcard name or a +sub-domain of the reference identifier respectively. The return +string is allocated by the library and is no longer valid once the +associated \fBparam\fR argument is freed. Applications must not free +the return value. +.PP +\&\fIX509_VERIFY_PARAM_set1_email()\fR sets the expected \s-1RFC822\s0 email address to +\&\fBemail\fR. If \fBemail\fR is NUL-terminated, \fBemaillen\fR may be zero, otherwise +\&\fBemaillen\fR must be set to the length of \fBemail\fR. When an email address +is specified, certificate verification automatically invokes +\&\fIX509_check_email\fR\|(3). +.PP +\&\fIX509_VERIFY_PARAM_set1_ip()\fR sets the expected \s-1IP\s0 address to \fBip\fR. +The \fBip\fR argument is in binary format, in network byte-order and +\&\fBiplen\fR must be set to 4 for IPv4 and 16 for IPv6. When an \s-1IP\s0 +address is specified, certificate verification automatically invokes +\&\fIX509_check_ip\fR\|(3). +.PP +\&\fIX509_VERIFY_PARAM_set1_ip_asc()\fR sets the expected \s-1IP\s0 address to +\&\fBipasc\fR. The \fBipasc\fR argument is a NUL-terminal \s-1ASCII\s0 string: +dotted decimal quad for IPv4 and colon-separated hexadecimal for +IPv6. The condensed \*(L"::\*(R" notation is supported for IPv6 addresses. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_VERIFY_PARAM_set_flags()\fR, \fIX509_VERIFY_PARAM_clear_flags()\fR, +\&\fIX509_VERIFY_PARAM_set_inh_flags()\fR, +\&\fIX509_VERIFY_PARAM_set_purpose()\fR, \fIX509_VERIFY_PARAM_set_trust()\fR, +\&\fIX509_VERIFY_PARAM_add0_policy()\fR \fIX509_VERIFY_PARAM_set1_policies()\fR, +\&\fIX509_VERIFY_PARAM_set1_host()\fR, \fIX509_VERIFY_PARAM_add1_host()\fR, +\&\fIX509_VERIFY_PARAM_set1_email()\fR, \fIX509_VERIFY_PARAM_set1_ip()\fR and +\&\fIX509_VERIFY_PARAM_set1_ip_asc()\fR return 1 for success and 0 for +failure. +.PP +\&\fIX509_VERIFY_PARAM_get_flags()\fR returns the current verification flags. +.PP +\&\fIX509_VERIFY_PARAM_get_hostflags()\fR returns any current host flags. +.PP +\&\fIX509_VERIFY_PARAM_get_inh_flags()\fR returns the current inheritance flags. +.PP +\&\fIX509_VERIFY_PARAM_set_time()\fR and \fIX509_VERIFY_PARAM_set_depth()\fR do not return +values. +.PP +\&\fIX509_VERIFY_PARAM_get_depth()\fR returns the current verification depth. +.PP +\&\fIX509_VERIFY_PARAM_get_auth_level()\fR returns the current authentication security +level. +.SH "VERIFICATION FLAGS" +.IX Header "VERIFICATION FLAGS" +The verification flags consists of zero or more of the following flags +ored together. +.PP +\&\fBX509_V_FLAG_CRL_CHECK\fR enables \s-1CRL\s0 checking for the certificate chain leaf +certificate. An error occurs if a suitable \s-1CRL\s0 cannot be found. +.PP +\&\fBX509_V_FLAG_CRL_CHECK_ALL\fR enables \s-1CRL\s0 checking for the entire certificate +chain. +.PP +\&\fBX509_V_FLAG_IGNORE_CRITICAL\fR disabled critical extension checking. By default +any unhandled critical extensions in certificates or (if checked) CRLs results +in a fatal error. If this flag is set unhandled critical extensions are +ignored. \fB\s-1WARNING\s0\fR setting this option for anything other than debugging +purposes can be a security risk. Finer control over which extensions are +supported can be performed in the verification callback. +.PP +The \fBX509_V_FLAG_X509_STRICT\fR flag disables workarounds for some broken +certificates and makes the verification strictly apply \fBX509\fR rules. +.PP +\&\fBX509_V_FLAG_ALLOW_PROXY_CERTS\fR enables proxy certificate verification. +.PP +\&\fBX509_V_FLAG_POLICY_CHECK\fR enables certificate policy checking, by default +no policy checking is performed. Additional information is sent to the +verification callback relating to policy checking. +.PP +\&\fBX509_V_FLAG_EXPLICIT_POLICY\fR, \fBX509_V_FLAG_INHIBIT_ANY\fR and +\&\fBX509_V_FLAG_INHIBIT_MAP\fR set the \fBrequire explicit policy\fR, \fBinhibit any +policy\fR and \fBinhibit policy mapping\fR flags respectively as defined in +\&\fB\s-1RFC3280\s0\fR. Policy checking is automatically enabled if any of these flags +are set. +.PP +If \fBX509_V_FLAG_NOTIFY_POLICY\fR is set and the policy checking is successful +a special status code is set to the verification callback. This permits it +to examine the valid policy tree and perform additional checks or simply +log it for debugging purposes. +.PP +By default some additional features such as indirect CRLs and CRLs signed by +different keys are disabled. If \fBX509_V_FLAG_EXTENDED_CRL_SUPPORT\fR is set +they are enabled. +.PP +If \fBX509_V_FLAG_USE_DELTAS\fR is set delta CRLs (if present) are used to +determine certificate status. If not set deltas are ignored. +.PP +\&\fBX509_V_FLAG_CHECK_SS_SIGNATURE\fR enables checking of the root \s-1CA\s0 self signed +certificate signature. By default this check is disabled because it doesn't +add any additional security but in some cases applications might want to +check the signature anyway. A side effect of not checking the root \s-1CA\s0 +signature is that disabled or unsupported message digests on the root \s-1CA\s0 +are not treated as fatal errors. +.PP +When \fBX509_V_FLAG_TRUSTED_FIRST\fR is set, construction of the certificate chain +in \fIX509_verify_cert\fR\|(3) will search the trust store for issuer certificates +before searching the provided untrusted certificates. +Local issuer certificates are often more likely to satisfy local security +requirements and lead to a locally trusted root. +This is especially important when some certificates in the trust store have +explicit trust settings (see \*(L"\s-1TRUST\s0 \s-1SETTINGS\s0\*(R" in \fIopenssl\-x509\fR\|(1)). +As of OpenSSL 1.1.0 this option is on by default. +.PP +The \fBX509_V_FLAG_NO_ALT_CHAINS\fR flag suppresses checking for alternative +chains. +By default, unless \fBX509_V_FLAG_TRUSTED_FIRST\fR is set, when building a +certificate chain, if the first certificate chain found is not trusted, then +OpenSSL will attempt to replace untrusted certificates supplied by the peer +with certificates from the trust store to see if an alternative chain can be +found that is trusted. +As of OpenSSL 1.1.0, with \fBX509_V_FLAG_TRUSTED_FIRST\fR always set, this option +has no effect. +.PP +The \fBX509_V_FLAG_PARTIAL_CHAIN\fR flag causes intermediate certificates in the +trust store to be treated as trust-anchors, in the same way as the self-signed +root \s-1CA\s0 certificates. +This makes it possible to trust certificates issued by an intermediate \s-1CA\s0 +without having to trust its ancestor root \s-1CA\s0. +With OpenSSL 1.1.0 and later and set, chain +construction stops as soon as the first certificate from the trust store is +added to the chain, whether that certificate is a self-signed \*(L"root\*(R" +certificate or a not self-signed intermediate certificate. +Thus, when an intermediate certificate is found in the trust store, the +verified chain passed to callbacks may be shorter than it otherwise would +be without the \fBX509_V_FLAG_PARTIAL_CHAIN\fR flag. +.PP +The \fBX509_V_FLAG_NO_CHECK_TIME\fR flag suppresses checking the validity period +of certificates and CRLs against the current time. If \fIX509_VERIFY_PARAM_set_time()\fR +is used to specify a verification time, the check is not suppressed. +.SH "INHERITANCE FLAGS" +.IX Header "INHERITANCE FLAGS" +These flags specify how parameters are \*(L"inherited\*(R" from one structure to +another. +.PP +If \fBX509_VP_FLAG_ONCE\fR is set then the current setting is zeroed +after the next call. +.PP +If \fBX509_VP_FLAG_LOCKED\fR is set then no values are copied. This overrides +all of the following flags. +.PP +If \fBX509_VP_FLAG_DEFAULT\fR is set then anything set in the source is copied +to the destination. Effectively the values in \*(L"to\*(R" become default values +which will be used only if nothing new is set in \*(L"from\*(R". This is the +default. +.PP +If \fBX509_VP_FLAG_OVERWRITE\fR is set then all value are copied across whether +they are set or not. Flags is still Ored though. +.PP +If \fBX509_VP_FLAG_RESET_FLAGS\fR is set then the flags value is copied instead +of ORed. +.SH "NOTES" +.IX Header "NOTES" +The above functions should be used to manipulate verification parameters +instead of functions which work in specific structures such as +\&\fIX509_STORE_CTX_set_flags()\fR which are likely to be deprecated in a future +release. +.SH "BUGS" +.IX Header "BUGS" +Delta \s-1CRL\s0 checking is currently primitive. Only a single delta can be used and +(partly due to limitations of \fBX509_STORE\fR) constructed CRLs are not +maintained. +.PP +If CRLs checking is enable CRLs are expected to be available in the +corresponding \fBX509_STORE\fR structure. No attempt is made to download +CRLs from the \s-1CRL\s0 distribution points extension. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Enable \s-1CRL\s0 checking when performing certificate verification during \s-1SSL\s0 +connections associated with an \fB\s-1SSL_CTX\s0\fR structure \fBctx\fR: +.PP +.Vb 1 +\& X509_VERIFY_PARAM *param; +\& +\& param = X509_VERIFY_PARAM_new(); +\& X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK); +\& SSL_CTX_set1_param(ctx, param); +\& X509_VERIFY_PARAM_free(param); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIX509_verify_cert\fR\|(3), +\&\fIX509_check_host\fR\|(3), +\&\fIX509_check_email\fR\|(3), +\&\fIX509_check_ip\fR\|(3), +\&\fIopenssl\-x509\fR\|(1) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBX509_V_FLAG_NO_ALT_CHAINS\fR flag was added in OpenSSL 1.1.0. +The flag \fBX509_V_FLAG_CB_ISSUER_CHECK\fR was deprecated in OpenSSL 1.1.0 +and has no effect. +.PP +The \fIX509_VERIFY_PARAM_get_hostflags()\fR function was added in OpenSSL 1.1.0i. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2009\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/X509_check_ca.3 b/linux_amd64/share/man/man3/X509_check_ca.3 new file mode 100755 index 0000000..75876c8 --- /dev/null +++ b/linux_amd64/share/man/man3/X509_check_ca.3 @@ -0,0 +1,168 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_CHECK_CA 3" +.TH X509_CHECK_CA 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_check_ca \- check if given certificate is CA certificate +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_check_ca(X509 *cert); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This function checks if given certificate is \s-1CA\s0 certificate (can be used +to sign other certificates). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Function return 0, if it is not \s-1CA\s0 certificate, 1 if it is proper X509v3 +\&\s-1CA\s0 certificate with \fBbasicConstraints\fR extension \s-1CA:TRUE\s0, +3, if it is self-signed X509 v1 certificate, 4, if it is certificate with +\&\fBkeyUsage\fR extension with bit \fBkeyCertSign\fR set, but without +\&\fBbasicConstraints\fR, and 5 if it has outdated Netscape Certificate Type +extension telling that it is \s-1CA\s0 certificate. +.PP +Actually, any nonzero value means that this certificate could have been +used to sign other certificates. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIX509_verify_cert\fR\|(3), +\&\fIX509_check_issued\fR\|(3), +\&\fIX509_check_purpose\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/X509_check_host.3 b/linux_amd64/share/man/man3/X509_check_host.3 new file mode 100755 index 0000000..2bd4755 --- /dev/null +++ b/linux_amd64/share/man/man3/X509_check_host.3 @@ -0,0 +1,279 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_CHECK_HOST 3" +.TH X509_CHECK_HOST 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_check_host, X509_check_email, X509_check_ip, X509_check_ip_asc \- X.509 certificate matching +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_check_host(X509 *, const char *name, size_t namelen, +\& unsigned int flags, char **peername); +\& int X509_check_email(X509 *, const char *address, size_t addresslen, +\& unsigned int flags); +\& int X509_check_ip(X509 *, const unsigned char *address, size_t addresslen, +\& unsigned int flags); +\& int X509_check_ip_asc(X509 *, const char *address, unsigned int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The certificate matching functions are used to check whether a +certificate matches a given hostname, email address, or \s-1IP\s0 address. +The validity of the certificate and its trust level has to be checked by +other means. +.PP +\&\fIX509_check_host()\fR checks if the certificate Subject Alternative +Name (\s-1SAN\s0) or Subject CommonName (\s-1CN\s0) matches the specified host +name, which must be encoded in the preferred name syntax described +in section 3.5 of \s-1RFC\s0 1034. By default, wildcards are supported +and they match only in the left-most label; but they may match +part of that label with an explicit prefix or suffix. For example, +by default, the host \fBname\fR \*(L"www.example.com\*(R" would match a +certificate with a \s-1SAN\s0 or \s-1CN\s0 value of \*(L"*.example.com\*(R", \*(L"w*.example.com\*(R" +or \*(L"*w.example.com\*(R". +.PP +Per section 6.4.2 of \s-1RFC\s0 6125, \fBname\fR values representing international +domain names must be given in A\-label form. The \fBnamelen\fR argument +must be the number of characters in the name string or zero in which +case the length is calculated with strlen(\fBname\fR). When \fBname\fR starts +with a dot (e.g \*(L".example.com\*(R"), it will be matched by a certificate +valid for any sub-domain of \fBname\fR, (see also +\&\fBX509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS\fR below). +.PP +When the certificate is matched, and \fBpeername\fR is not \s-1NULL\s0, a +pointer to a copy of the matching \s-1SAN\s0 or \s-1CN\s0 from the peer certificate +is stored at the address passed in \fBpeername\fR. The application +is responsible for freeing the peername via \fIOPENSSL_free()\fR when it +is no longer needed. +.PP +\&\fIX509_check_email()\fR checks if the certificate matches the specified +email \fBaddress\fR. Only the mailbox syntax of \s-1RFC\s0 822 is supported, +comments are not allowed, and no attempt is made to normalize quoted +characters. The \fBaddresslen\fR argument must be the number of +characters in the address string or zero in which case the length +is calculated with strlen(\fBaddress\fR). +.PP +\&\fIX509_check_ip()\fR checks if the certificate matches a specified IPv4 or +IPv6 address. The \fBaddress\fR array is in binary format, in network +byte order. The length is either 4 (IPv4) or 16 (IPv6). Only +explicitly marked addresses in the certificates are considered; \s-1IP\s0 +addresses stored in \s-1DNS\s0 names and Common Names are ignored. +.PP +\&\fIX509_check_ip_asc()\fR is similar, except that the NUL-terminated +string \fBaddress\fR is first converted to the internal representation. +.PP +The \fBflags\fR argument is usually 0. It can be the bitwise \s-1OR\s0 of the +flags: +.IP "\fBX509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT\fR," 4 +.IX Item "X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT," +.PD 0 +.IP "\fBX509_CHECK_FLAG_NEVER_CHECK_SUBJECT\fR," 4 +.IX Item "X509_CHECK_FLAG_NEVER_CHECK_SUBJECT," +.IP "\fBX509_CHECK_FLAG_NO_WILDCARDS\fR," 4 +.IX Item "X509_CHECK_FLAG_NO_WILDCARDS," +.IP "\fBX509_CHECK_FLAG_NO_PARTIAL_WILDCARDS\fR," 4 +.IX Item "X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS," +.IP "\fBX509_CHECK_FLAG_MULTI_LABEL_WILDCARDS\fR." 4 +.IX Item "X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS." +.IP "\fBX509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS\fR." 4 +.IX Item "X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS." +.PD +.PP +The \fBX509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT\fR flag causes the function +to consider the subject \s-1DN\s0 even if the certificate contains at least +one subject alternative name of the right type (\s-1DNS\s0 name or email +address as appropriate); the default is to ignore the subject \s-1DN\s0 +when at least one corresponding subject alternative names is present. +.PP +The \fBX509_CHECK_FLAG_NEVER_CHECK_SUBJECT\fR flag causes the function to never +consider the subject \s-1DN\s0 even if the certificate contains no subject alternative +names of the right type (\s-1DNS\s0 name or email address as appropriate); the default +is to use the subject \s-1DN\s0 when no corresponding subject alternative names are +present. +If both \fBX509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT\fR and +\&\fBX509_CHECK_FLAG_NEVER_CHECK_SUBJECT\fR are specified, the latter takes +precedence and the subject \s-1DN\s0 is not checked for matching names. +.PP +If set, \fBX509_CHECK_FLAG_NO_WILDCARDS\fR disables wildcard +expansion; this only applies to \fBX509_check_host\fR. +.PP +If set, \fBX509_CHECK_FLAG_NO_PARTIAL_WILDCARDS\fR suppresses support +for \*(L"*\*(R" as wildcard pattern in labels that have a prefix or suffix, +such as: \*(L"www*\*(R" or \*(L"*www\*(R"; this only applies to \fBX509_check_host\fR. +.PP +If set, \fBX509_CHECK_FLAG_MULTI_LABEL_WILDCARDS\fR allows a \*(L"*\*(R" that +constitutes the complete label of a \s-1DNS\s0 name (e.g. \*(L"*.example.com\*(R") +to match more than one label in \fBname\fR; this flag only applies +to \fBX509_check_host\fR. +.PP +If set, \fBX509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS\fR restricts \fBname\fR +values which start with \*(L".\*(R", that would otherwise match any sub-domain +in the peer certificate, to only match direct child sub-domains. +Thus, for instance, with this flag set a \fBname\fR of \*(L".example.com\*(R" +would match a peer certificate with a \s-1DNS\s0 name of \*(L"www.example.com\*(R", +but would not match a peer certificate with a \s-1DNS\s0 name of +\&\*(L"www.sub.example.com\*(R"; this flag only applies to \fBX509_check_host\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The functions return 1 for a successful match, 0 for a failed match +and \-1 for an internal error: typically a memory allocation failure +or an \s-1ASN\s0.1 decoding error. +.PP +All functions can also return \-2 if the input is malformed. For example, +\&\fIX509_check_host()\fR returns \-2 if the provided \fBname\fR contains embedded +NULs. +.SH "NOTES" +.IX Header "NOTES" +Applications are encouraged to use \fIX509_VERIFY_PARAM_set1_host()\fR +rather than explicitly calling \fIX509_check_host\fR\|(3). Hostname +checks may be out of scope with the \s-1\fIDANE\-EE\s0\fR\|(3) certificate usage, +and the internal checks will be suppressed as appropriate when +\&\s-1DANE\s0 support is enabled. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fISSL_get_verify_result\fR\|(3), +\&\fIX509_VERIFY_PARAM_set1_host\fR\|(3), +\&\fIX509_VERIFY_PARAM_add1_host\fR\|(3), +\&\fIX509_VERIFY_PARAM_set1_email\fR\|(3), +\&\fIX509_VERIFY_PARAM_set1_ip\fR\|(3), +\&\fIX509_VERIFY_PARAM_set1_ipasc\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.2. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2012\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/X509_check_issued.3 b/linux_amd64/share/man/man3/X509_check_issued.3 new file mode 100755 index 0000000..e159984 --- /dev/null +++ b/linux_amd64/share/man/man3/X509_check_issued.3 @@ -0,0 +1,167 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_CHECK_ISSUED 3" +.TH X509_CHECK_ISSUED 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_check_issued \- checks if certificate is issued by another +certificate +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_check_issued(X509 *issuer, X509 *subject); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This function checks if certificate \fIsubject\fR was issued using \s-1CA\s0 +certificate \fIissuer\fR. This function takes into account not only +matching of issuer field of \fIsubject\fR with subject field of \fIissuer\fR, +but also compares \fBauthorityKeyIdentifier\fR extension of \fIsubject\fR with +\&\fBsubjectKeyIdentifier\fR of \fIissuer\fR if \fBauthorityKeyIdentifier\fR +present in the \fIsubject\fR certificate and checks \fBkeyUsage\fR field of +\&\fIissuer\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Function return \fBX509_V_OK\fR if certificate \fIsubject\fR is issued by +\&\fIissuer\fR or some \fBX509_V_ERR*\fR constant to indicate an error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIX509_verify_cert\fR\|(3), +\&\fIX509_check_ca\fR\|(3), +\&\fIopenssl\-verify\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/X509_check_private_key.3 b/linux_amd64/share/man/man3/X509_check_private_key.3 new file mode 100755 index 0000000..cd20175 --- /dev/null +++ b/linux_amd64/share/man/man3/X509_check_private_key.3 @@ -0,0 +1,176 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_CHECK_PRIVATE_KEY 3" +.TH X509_CHECK_PRIVATE_KEY 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_check_private_key, X509_REQ_check_private_key \- check the consistency +of a private key with the public key in an X509 certificate or certificate +request +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_check_private_key(X509 *x, EVP_PKEY *k); +\& +\& int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIX509_check_private_key()\fR function checks the consistency of private +key \fBk\fR with the public key in \fBx\fR. +.PP +\&\fIX509_REQ_check_private_key()\fR is equivalent to \fIX509_check_private_key()\fR +except that \fBx\fR represents a certificate request of structure \fBX509_REQ\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_check_private_key()\fR and \fIX509_REQ_check_private_key()\fR return 1 if +the keys match each other, and 0 if not. +.PP +If the key is invalid or an error occurred, the reason code can be +obtained using \fIERR_get_error\fR\|(3). +.SH "BUGS" +.IX Header "BUGS" +The \fBcheck_private_key\fR functions don't check if \fBk\fR itself is indeed +a private key or not. It merely compares the public materials (e.g. exponent +and modulus of an \s-1RSA\s0 key) and/or key parameters (e.g. \s-1EC\s0 params of an \s-1EC\s0 key) +of a key pair. So if you pass a public key to these functions in \fBk\fR, it will +return success. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/X509_cmp.3 b/linux_amd64/share/man/man3/X509_cmp.3 new file mode 100755 index 0000000..09d1aaa --- /dev/null +++ b/linux_amd64/share/man/man3/X509_cmp.3 @@ -0,0 +1,203 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_CMP 3" +.TH X509_CMP 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_cmp, X509_NAME_cmp, +X509_issuer_and_serial_cmp, X509_issuer_name_cmp, X509_subject_name_cmp, +X509_CRL_cmp, X509_CRL_match +\&\- compare X509 certificates and related values +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_cmp(const X509 *a, const X509 *b); +\& int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b); +\& int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b); +\& int X509_issuer_name_cmp(const X509 *a, const X509 *b); +\& int X509_subject_name_cmp(const X509 *a, const X509 *b); +\& int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b); +\& int X509_CRL_match(const X509_CRL *a, const X509_CRL *b); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This set of functions are used to compare X509 objects, including X509 +certificates, X509 \s-1CRL\s0 objects and various values in an X509 certificate. +.PP +The \fIX509_cmp()\fR function compares two \fBX509\fR objects indicated by parameters +\&\fBa\fR and \fBb\fR. The comparison is based on the \fBmemcmp\fR result of the hash +values of two \fBX509\fR objects and the canonical (\s-1DER\s0) encoding values. +.PP +The \fIX509_NAME_cmp()\fR function compares two \fBX509_NAME\fR objects indicated by +parameters \fBa\fR and \fBb\fR. The comparison is based on the \fBmemcmp\fR result of +the canonical (\s-1DER\s0) encoding values of the two objects. \fIi2d_X509_NAME\fR\|(3) +has a more detailed description of the \s-1DER\s0 encoding of the \fBX509_NAME\fR structure. +.PP +The \fIX509_issuer_and_serial_cmp()\fR function compares the serial number and issuer +values in the given \fBX509\fR objects \fBa\fR and \fBb\fR. +.PP +The \fIX509_issuer_name_cmp()\fR, \fIX509_subject_name_cmp()\fR and \fIX509_CRL_cmp()\fR functions +are effectively wrappers of the \fIX509_NAME_cmp()\fR function. These functions compare +issuer names and subject names of the objects, or issuers of \fBX509_CRL\fR +objects, respectively. +.IX Xref "509" +.PP +The \fIX509_CRL_match()\fR function compares two \fBX509_CRL\fR objects. Unlike the +\&\fIX509_CRL_cmp()\fR function, this function compares the whole \s-1CRL\s0 content instead +of just the issuer name. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Like common memory comparison functions, the \fBX509\fR comparison functions return +an integer less than, equal to, or greater than zero if object \fBa\fR is found to +be less than, to match, or be greater than object \fBb\fR, respectively. +.PP +\&\fIX509_NAME_cmp()\fR, \fIX509_issuer_and_serial_cmp()\fR, \fIX509_issuer_name_cmp()\fR, +\&\fIX509_subject_name_cmp()\fR and \fIX509_CRL_cmp()\fR may return \fB\-2\fR to indicate an error. +.SH "NOTES" +.IX Header "NOTES" +These functions in fact utilize the underlying \fBmemcmp\fR of the C library to do +the comparison job. Data to be compared varies from \s-1DER\s0 encoding data, hash +value or \fB\s-1ASN1_STRING\s0\fR. The sign of the comparison can be used to order the +objects but it does not have a special meaning in some cases. +.PP +\&\fIX509_NAME_cmp()\fR and wrappers utilize the value \fB\-2\fR to indicate errors in some +circumstances, which could cause confusion for the applications. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIi2d_X509_NAME\fR\|(3), \fIi2d_X509\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/X509_cmp_time.3 b/linux_amd64/share/man/man3/X509_cmp_time.3 new file mode 100755 index 0000000..70f400b --- /dev/null +++ b/linux_amd64/share/man/man3/X509_cmp_time.3 @@ -0,0 +1,205 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_CMP_TIME 3" +.TH X509_CMP_TIME 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_cmp_time, X509_cmp_current_time, X509_cmp_timeframe, +X509_time_adj, X509_time_adj_ex +\&\- X509 time functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 7 +\& int X509_cmp_time(const ASN1_TIME *asn1_time, time_t *in_tm); +\& int X509_cmp_current_time(const ASN1_TIME *asn1_time); +\& int X509_cmp_timeframe(const X509_VERIFY_PARAM *vpm, +\& const ASN1_TIME *start, const ASN1_TIME *end); +\& ASN1_TIME *X509_time_adj(ASN1_TIME *asn1_time, long offset_sec, time_t *in_tm); +\& ASN1_TIME *X509_time_adj_ex(ASN1_TIME *asn1_time, int offset_day, long +\& offset_sec, time_t *in_tm); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIX509_cmp_time()\fR compares the \s-1ASN1_TIME\s0 in \fBasn1_time\fR with the time +in . +.PP +\&\fIX509_cmp_current_time()\fR compares the \s-1ASN1_TIME\s0 in +\&\fBasn1_time\fR with the current time, expressed as time_t. +.PP +\&\fIX509_cmp_timeframe()\fR compares the given time period with the reference time +included in the verification parameters \fBvpm\fR if they are not \s-1NULL\s0 and contain +\&\fBX509_V_FLAG_USE_CHECK_TIME\fR; else the current time is used as reference time. +.PP +\&\fIX509_time_adj_ex()\fR sets the \s-1ASN1_TIME\s0 structure \fBasn1_time\fR to the time +\&\fBoffset_day\fR and \fBoffset_sec\fR after \fBin_tm\fR. +.PP +\&\fIX509_time_adj()\fR sets the \s-1ASN1_TIME\s0 structure \fBasn1_time\fR to the time +\&\fBoffset_sec\fR after \fBin_tm\fR. This method can only handle second +offsets up to the capacity of long, so the newer \fIX509_time_adj_ex()\fR +\&\s-1API\s0 should be preferred. +.PP +In both methods, if \fBasn1_time\fR is \s-1NULL\s0, a new \s-1ASN1_TIME\s0 structure +is allocated and returned. +.PP +In all methods, if \fBin_tm\fR is \s-1NULL\s0, the current time, expressed as +time_t, is used. +.PP +\&\fBasn1_time\fR must satisfy the \s-1ASN1_TIME\s0 format mandated by \s-1RFC\s0 5280, +i.e., its format must be either \s-1YYMMDDHHMMSSZ\s0 or \s-1YYYYMMDDHHMMSSZ\s0. +.SH "BUGS" +.IX Header "BUGS" +Unlike many standard comparison functions, \fIX509_cmp_time()\fR and +\&\fIX509_cmp_current_time()\fR return 0 on error. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_cmp_time()\fR and \fIX509_cmp_current_time()\fR return \-1 if \fBasn1_time\fR +is earlier than, or equal to, \fBin_tm\fR (resp. current time), and 1 +otherwise. These methods return 0 on error. +.PP +\&\fIX509_cmp_timeframe()\fR returns 0 if \fBvpm\fR is not \s-1NULL\s0 and the verification +parameters do not contain \fBX509_V_FLAG_USE_CHECK_TIME\fR +but do contain \fBX509_V_FLAG_NO_CHECK_TIME\fR. Otherwise it returns +1 if the end time is not \s-1NULL\s0 and the reference time (which has determined as +stated above) is past the end time, \-1 if the start time is not \s-1NULL\s0 and the +reference time is before, else 0 to indicate that the reference time is in range +(implying that the end time is not before the start time if both are present). +.PP +\&\fIX509_time_adj()\fR and \fIX509_time_adj_ex()\fR return a pointer to the updated +\&\s-1ASN1_TIME\s0 structure, and \s-1NULL\s0 on error. +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIX509_cmp_timeframe()\fR was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/X509_digest.3 b/linux_amd64/share/man/man3/X509_digest.3 new file mode 100755 index 0000000..1035134 --- /dev/null +++ b/linux_amd64/share/man/man3/X509_digest.3 @@ -0,0 +1,190 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_DIGEST 3" +.TH X509_DIGEST 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_digest, X509_CRL_digest, +X509_pubkey_digest, +X509_NAME_digest, +X509_REQ_digest, +PKCS7_ISSUER_AND_SERIAL_digest +\&\- get digest of various objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md, +\& unsigned int *len); +\& +\& int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, unsigned char *md, +\& unsigned int *len); +\& +\& int X509_pubkey_digest(const X509 *data, const EVP_MD *type, +\& unsigned char *md, unsigned int *len); +\& +\& int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, +\& unsigned char *md, unsigned int *len); +\& +\& int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, +\& unsigned char *md, unsigned int *len); +\& +\& #include +\& +\& int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, +\& const EVP_MD *type, unsigned char *md, +\& unsigned int *len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIX509_pubkey_digest()\fR returns a digest of the \s-1DER\s0 representation of the public +key in the specified X509 \fBdata\fR object. +All other functions described here return a digest of the \s-1DER\s0 representation +of their entire \fBdata\fR objects. +.PP +The \fBtype\fR parameter specifies the digest to +be used, such as \fIEVP_sha1()\fR. The \fBmd\fR is a pointer to the buffer where the +digest will be copied and is assumed to be large enough; the constant +\&\fB\s-1EVP_MAX_MD_SIZE\s0\fR is suggested. The \fBlen\fR parameter, if not \s-1NULL\s0, points +to a place where the digest size will be stored. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All functions described here return 1 for success and 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_sha1\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/X509_dup.3 b/linux_amd64/share/man/man3/X509_dup.3 new file mode 100755 index 0000000..36e8f0b --- /dev/null +++ b/linux_amd64/share/man/man3/X509_dup.3 @@ -0,0 +1,475 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_DUP 3" +.TH X509_DUP 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DECLARE_ASN1_FUNCTIONS, +IMPLEMENT_ASN1_FUNCTIONS, +ASN1_ITEM, +ACCESS_DESCRIPTION_free, +ACCESS_DESCRIPTION_new, +ADMISSIONS_free, +ADMISSIONS_new, +ADMISSION_SYNTAX_free, +ADMISSION_SYNTAX_new, +ASIdOrRange_free, +ASIdOrRange_new, +ASIdentifierChoice_free, +ASIdentifierChoice_new, +ASIdentifiers_free, +ASIdentifiers_new, +ASRange_free, +ASRange_new, +AUTHORITY_INFO_ACCESS_free, +AUTHORITY_INFO_ACCESS_new, +AUTHORITY_KEYID_free, +AUTHORITY_KEYID_new, +BASIC_CONSTRAINTS_free, +BASIC_CONSTRAINTS_new, +CERTIFICATEPOLICIES_free, +CERTIFICATEPOLICIES_new, +CMS_ContentInfo_free, +CMS_ContentInfo_new, +CMS_ContentInfo_print_ctx, +CMS_ReceiptRequest_free, +CMS_ReceiptRequest_new, +CRL_DIST_POINTS_free, +CRL_DIST_POINTS_new, +DIRECTORYSTRING_free, +DIRECTORYSTRING_new, +DISPLAYTEXT_free, +DISPLAYTEXT_new, +DIST_POINT_NAME_free, +DIST_POINT_NAME_new, +DIST_POINT_free, +DIST_POINT_new, +DSAparams_dup, +ECPARAMETERS_free, +ECPARAMETERS_new, +ECPKPARAMETERS_free, +ECPKPARAMETERS_new, +EDIPARTYNAME_free, +EDIPARTYNAME_new, +ESS_CERT_ID_dup, +ESS_CERT_ID_free, +ESS_CERT_ID_new, +ESS_CERT_ID_V2_dup, +ESS_CERT_ID_V2_free, +ESS_CERT_ID_V2_new, +ESS_ISSUER_SERIAL_dup, +ESS_ISSUER_SERIAL_free, +ESS_ISSUER_SERIAL_new, +ESS_SIGNING_CERT_dup, +ESS_SIGNING_CERT_free, +ESS_SIGNING_CERT_new, +ESS_SIGNING_CERT_V2_dup, +ESS_SIGNING_CERT_V2_free, +ESS_SIGNING_CERT_V2_new, +EXTENDED_KEY_USAGE_free, +EXTENDED_KEY_USAGE_new, +GENERAL_NAMES_free, +GENERAL_NAMES_new, +GENERAL_NAME_dup, +GENERAL_NAME_free, +GENERAL_NAME_new, +GENERAL_SUBTREE_free, +GENERAL_SUBTREE_new, +IPAddressChoice_free, +IPAddressChoice_new, +IPAddressFamily_free, +IPAddressFamily_new, +IPAddressOrRange_free, +IPAddressOrRange_new, +IPAddressRange_free, +IPAddressRange_new, +ISSUING_DIST_POINT_free, +ISSUING_DIST_POINT_new, +NAME_CONSTRAINTS_free, +NAME_CONSTRAINTS_new, +NAMING_AUTHORITY_free, +NAMING_AUTHORITY_new, +NETSCAPE_CERT_SEQUENCE_free, +NETSCAPE_CERT_SEQUENCE_new, +NETSCAPE_SPKAC_free, +NETSCAPE_SPKAC_new, +NETSCAPE_SPKI_free, +NETSCAPE_SPKI_new, +NOTICEREF_free, +NOTICEREF_new, +OCSP_BASICRESP_free, +OCSP_BASICRESP_new, +OCSP_CERTID_dup, +OCSP_CERTID_new, +OCSP_CERTSTATUS_free, +OCSP_CERTSTATUS_new, +OCSP_CRLID_free, +OCSP_CRLID_new, +OCSP_ONEREQ_free, +OCSP_ONEREQ_new, +OCSP_REQINFO_free, +OCSP_REQINFO_new, +OCSP_RESPBYTES_free, +OCSP_RESPBYTES_new, +OCSP_RESPDATA_free, +OCSP_RESPDATA_new, +OCSP_RESPID_free, +OCSP_RESPID_new, +OCSP_RESPONSE_new, +OCSP_REVOKEDINFO_free, +OCSP_REVOKEDINFO_new, +OCSP_SERVICELOC_free, +OCSP_SERVICELOC_new, +OCSP_SIGNATURE_free, +OCSP_SIGNATURE_new, +OCSP_SINGLERESP_free, +OCSP_SINGLERESP_new, +OSSL_CMP_ITAV_free, +OSSL_CMP_MSG_it, +OSSL_CMP_MSG_free, +OSSL_CMP_PKIHEADER_free, +OSSL_CMP_PKIHEADER_it, +OSSL_CMP_PKIHEADER_new, +OSSL_CMP_PKISI_free, +OSSL_CMP_PKISI_new, +OSSL_CMP_PKISTATUS_it, +OSSL_CRMF_CERTID_free, +OSSL_CRMF_CERTID_it, +OSSL_CRMF_CERTID_new, +OSSL_CRMF_CERTTEMPLATE_free, +OSSL_CRMF_CERTTEMPLATE_it, +OSSL_CRMF_CERTTEMPLATE_new, +OSSL_CRMF_ENCRYPTEDVALUE_free, +OSSL_CRMF_ENCRYPTEDVALUE_it, +OSSL_CRMF_ENCRYPTEDVALUE_new, +OSSL_CRMF_MSGS_free, +OSSL_CRMF_MSGS_it, +OSSL_CRMF_MSGS_new, +OSSL_CRMF_MSG_free, +OSSL_CRMF_MSG_it, +OSSL_CRMF_MSG_new, +OSSL_CRMF_PBMPARAMETER_free, +OSSL_CRMF_PBMPARAMETER_it, +OSSL_CRMF_PBMPARAMETER_new, +OSSL_CRMF_PKIPUBLICATIONINFO_free, +OSSL_CRMF_PKIPUBLICATIONINFO_it, +OSSL_CRMF_PKIPUBLICATIONINFO_new, +OSSL_CRMF_SINGLEPUBINFO_free, +OSSL_CRMF_SINGLEPUBINFO_it, +OSSL_CRMF_SINGLEPUBINFO_new, +OTHERNAME_free, +OTHERNAME_new, +PBE2PARAM_free, +PBE2PARAM_new, +PBEPARAM_free, +PBEPARAM_new, +PBKDF2PARAM_free, +PBKDF2PARAM_new, +PKCS12_BAGS_free, +PKCS12_BAGS_new, +PKCS12_MAC_DATA_free, +PKCS12_MAC_DATA_new, +PKCS12_SAFEBAG_free, +PKCS12_SAFEBAG_new, +PKCS12_free, +PKCS12_new, +PKCS7_DIGEST_free, +PKCS7_DIGEST_new, +PKCS7_ENCRYPT_free, +PKCS7_ENCRYPT_new, +PKCS7_ENC_CONTENT_free, +PKCS7_ENC_CONTENT_new, +PKCS7_ENVELOPE_free, +PKCS7_ENVELOPE_new, +PKCS7_ISSUER_AND_SERIAL_free, +PKCS7_ISSUER_AND_SERIAL_new, +PKCS7_RECIP_INFO_free, +PKCS7_RECIP_INFO_new, +PKCS7_SIGNED_free, +PKCS7_SIGNED_new, +PKCS7_SIGNER_INFO_free, +PKCS7_SIGNER_INFO_new, +PKCS7_SIGN_ENVELOPE_free, +PKCS7_SIGN_ENVELOPE_new, +PKCS7_dup, +PKCS7_free, +PKCS7_new, +PKCS7_print_ctx, +PKCS8_PRIV_KEY_INFO_free, +PKCS8_PRIV_KEY_INFO_new, +PKEY_USAGE_PERIOD_free, +PKEY_USAGE_PERIOD_new, +POLICYINFO_free, +POLICYINFO_new, +POLICYQUALINFO_free, +POLICYQUALINFO_new, +POLICY_CONSTRAINTS_free, +POLICY_CONSTRAINTS_new, +POLICY_MAPPING_free, +POLICY_MAPPING_new, +PROFESSION_INFOS_free, +PROFESSION_INFOS_new, +PROFESSION_INFO_free, +PROFESSION_INFO_new, +PROXY_CERT_INFO_EXTENSION_free, +PROXY_CERT_INFO_EXTENSION_new, +PROXY_POLICY_free, +PROXY_POLICY_new, +RSAPrivateKey_dup, +RSAPublicKey_dup, +RSA_OAEP_PARAMS_free, +RSA_OAEP_PARAMS_new, +RSA_PSS_PARAMS_free, +RSA_PSS_PARAMS_new, +SCRYPT_PARAMS_free, +SCRYPT_PARAMS_new, +SXNETID_free, +SXNETID_new, +SXNET_free, +SXNET_new, +TLS_FEATURE_free, +TLS_FEATURE_new, +TS_ACCURACY_dup, +TS_ACCURACY_free, +TS_ACCURACY_new, +TS_MSG_IMPRINT_dup, +TS_MSG_IMPRINT_free, +TS_MSG_IMPRINT_new, +TS_REQ_dup, +TS_REQ_free, +TS_REQ_new, +TS_RESP_dup, +TS_RESP_free, +TS_RESP_new, +TS_STATUS_INFO_dup, +TS_STATUS_INFO_free, +TS_STATUS_INFO_new, +TS_TST_INFO_dup, +TS_TST_INFO_free, +TS_TST_INFO_new, +USERNOTICE_free, +USERNOTICE_new, +X509_ALGOR_free, +X509_ALGOR_new, +X509_ATTRIBUTE_dup, +X509_ATTRIBUTE_free, +X509_ATTRIBUTE_new, +X509_CERT_AUX_free, +X509_CERT_AUX_new, +X509_CINF_free, +X509_CINF_new, +X509_CRL_INFO_free, +X509_CRL_INFO_new, +X509_CRL_dup, +X509_CRL_free, +X509_CRL_new, +X509_EXTENSION_dup, +X509_EXTENSION_free, +X509_EXTENSION_new, +X509_NAME_ENTRY_dup, +X509_NAME_ENTRY_free, +X509_NAME_ENTRY_new, +X509_NAME_dup, +X509_NAME_free, +X509_NAME_new, +X509_REQ_INFO_free, +X509_REQ_INFO_new, +X509_REQ_dup, +X509_REQ_free, +X509_REQ_new, +X509_REVOKED_dup, +X509_REVOKED_free, +X509_REVOKED_new, +X509_SIG_free, +X509_SIG_new, +X509_VAL_free, +X509_VAL_new, +X509_dup, +\&\- ASN1 object utilities +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& DECLARE_ASN1_FUNCTIONS(type) +\& IMPLEMENT_ASN1_FUNCTIONS(stname) +\& +\& typedef struct ASN1_ITEM_st ASN1_ITEM; +\& +\& extern const ASN1_ITEM TYPE_it; +\& TYPE *TYPE_new(void); +\& TYPE *TYPE_dup(const TYPE *a); +\& void TYPE_free(TYPE *a); +\& int TYPE_print_ctx(BIO *out, TYPE *a, int indent, const ASN1_PCTX *pctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +In the description below, \fB\f(BI\s-1TYPE\s0\fB\fR is used +as a placeholder for any of the OpenSSL datatypes, such as \fBX509\fR. +.PP +The OpenSSL \s-1ASN1\s0 parsing library templates are like a data-driven bytecode +interpreter. +Every \s-1ASN1\s0 object as a global variable, TYPE_it, that describes the item +such as its fields. (On systems which cannot export variables from shared +libraries, the global is instead a function which returns a pointer to a +static variable. +.PP +The macro \s-1\fIDECLARE_ASN1_FUNCTIONS\s0()\fR is typically used in header files +to generate the function declarations. +.PP +The macro \s-1\fIIMPLEMENT_ASN1_FUNCTIONS\s0()\fR is used once in a source file +to generate the function bodies. +.PP +\&\fB\f(BI\s-1TYPE\s0\fB_new\fR() allocates an empty object of the indicated type. +The object returned must be released by calling \fB\f(BI\s-1TYPE\s0\fB_free\fR(). +.PP +\&\fB\f(BI\s-1TYPE\s0\fB_dup\fR() copies an existing object, leaving it untouched. +.PP +\&\fB\f(BI\s-1TYPE\s0\fB_free\fR() releases the object and all pointers and sub-objects +within it. +.PP +\&\fB\f(BI\s-1TYPE\s0\fB_print_ctx\fR() prints the object \fIa\fR on the specified \s-1BIO\s0 \fIout\fR. +Each line will be prefixed with \fIindent\fR spaces. +The \fIpctx\fR specifies the printing context and is for internal +use; use \s-1NULL\s0 to get the default behavior. If a print function is +user-defined, then pass in any \fIpctx\fR down to any nested calls. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fB\f(BI\s-1TYPE\s0\fB_new\fR() and \fB\f(BI\s-1TYPE\s0\fB_dup\fR() return a pointer to the object or \s-1NULL\s0 on +failure. +.PP +\&\fB\f(BI\s-1TYPE\s0\fB_print_ctx\fR() returns 1 on success or zero on failure. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/X509_get0_notBefore.3 b/linux_amd64/share/man/man3/X509_get0_notBefore.3 new file mode 100755 index 0000000..3f6edb7 --- /dev/null +++ b/linux_amd64/share/man/man3/X509_get0_notBefore.3 @@ -0,0 +1,225 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_GET0_NOTBEFORE 3" +.TH X509_GET0_NOTBEFORE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_get0_notBefore, X509_getm_notBefore, X509_get0_notAfter, +X509_getm_notAfter, X509_set1_notBefore, X509_set1_notAfter, +X509_CRL_get0_lastUpdate, X509_CRL_get0_nextUpdate, X509_CRL_set1_lastUpdate, +X509_CRL_set1_nextUpdate \- get or set certificate or CRL dates +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const ASN1_TIME *X509_get0_notBefore(const X509 *x); +\& const ASN1_TIME *X509_get0_notAfter(const X509 *x); +\& +\& ASN1_TIME *X509_getm_notBefore(const X509 *x); +\& ASN1_TIME *X509_getm_notAfter(const X509 *x); +\& +\& int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm); +\& int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm); +\& +\& const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl); +\& const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl); +\& +\& int X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm); +\& int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIX509_get0_notBefore()\fR and \fIX509_get0_notAfter()\fR return the \fBnotBefore\fR +and \fBnotAfter\fR fields of certificate \fBx\fR respectively. The value +returned is an internal pointer which must not be freed up after +the call. +.PP +\&\fIX509_getm_notBefore()\fR and \fIX509_getm_notAfter()\fR are similar to +\&\fIX509_get0_notBefore()\fR and \fIX509_get0_notAfter()\fR except they return +non-constant mutable references to the associated date field of +the certificate. +.PP +\&\fIX509_set1_notBefore()\fR and \fIX509_set1_notAfter()\fR set the \fBnotBefore\fR +and \fBnotAfter\fR fields of \fBx\fR to \fBtm\fR. Ownership of the passed +parameter \fBtm\fR is not transferred by these functions so it must +be freed up after the call. +.PP +\&\fIX509_CRL_get0_lastUpdate()\fR and \fIX509_CRL_get0_nextUpdate()\fR return the +\&\fBlastUpdate\fR and \fBnextUpdate\fR fields of \fBcrl\fR. The value +returned is an internal pointer which must not be freed up after +the call. If the \fBnextUpdate\fR field is absent from \fBcrl\fR then +\&\fB\s-1NULL\s0\fR is returned. +.PP +\&\fIX509_CRL_set1_lastUpdate()\fR and \fIX509_CRL_set1_nextUpdate()\fR set the \fBlastUpdate\fR +and \fBnextUpdate\fR fields of \fBcrl\fR to \fBtm\fR. Ownership of the passed parameter +\&\fBtm\fR is not transferred by these functions so it must be freed up after the +call. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_get0_notBefore()\fR, \fIX509_get0_notAfter()\fR and \fIX509_CRL_get0_lastUpdate()\fR +return a pointer to an \fB\s-1ASN1_TIME\s0\fR structure. +.PP +\&\fIX509_CRL_get0_lastUpdate()\fR return a pointer to an \fB\s-1ASN1_TIME\s0\fR structure +or \s-1NULL\s0 if the \fBlastUpdate\fR field is absent. +.PP +\&\fIX509_set1_notBefore()\fR, \fIX509_set1_notAfter()\fR, \fIX509_CRL_set1_lastUpdate()\fR and +\&\fIX509_CRL_set1_nextUpdate()\fR return 1 for success or 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fId2i_X509\fR\|(3), +\&\fIERR_get_error\fR\|(3), +\&\fIX509_CRL_get0_by_serial\fR\|(3), +\&\fIX509_get0_signature\fR\|(3), +\&\fIX509_get_ext_d2i\fR\|(3), +\&\fIX509_get_extension_flags\fR\|(3), +\&\fIX509_get_pubkey\fR\|(3), +\&\fIX509_get_subject_name\fR\|(3), +\&\fIX509_NAME_add_entry_by_txt\fR\|(3), +\&\fIX509_NAME_ENTRY_get_object\fR\|(3), +\&\fIX509_NAME_get_index_by_NID\fR\|(3), +\&\fIX509_NAME_print_ex\fR\|(3), +\&\fIX509_new\fR\|(3), +\&\fIX509_sign\fR\|(3), +\&\fIX509V3_get_d2i\fR\|(3), +\&\fIX509_verify_cert\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions are available in all versions of OpenSSL. +.PP +\&\fIX509_get_notBefore()\fR and \fIX509_get_notAfter()\fR were deprecated in OpenSSL +1.1.0 +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/X509_get0_signature.3 b/linux_amd64/share/man/man3/X509_get0_signature.3 new file mode 100755 index 0000000..6a692db --- /dev/null +++ b/linux_amd64/share/man/man3/X509_get0_signature.3 @@ -0,0 +1,251 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_GET0_SIGNATURE 3" +.TH X509_GET0_SIGNATURE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_get0_signature, X509_get_signature_nid, X509_get0_tbs_sigalg, +X509_REQ_get0_signature, X509_REQ_get_signature_nid, X509_CRL_get0_signature, +X509_CRL_get_signature_nid, X509_get_signature_info, X509_SIG_INFO_get, +X509_SIG_INFO_set \- signature information +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void X509_get0_signature(const ASN1_BIT_STRING **psig, +\& const X509_ALGOR **palg, +\& const X509 *x); +\& int X509_get_signature_nid(const X509 *x); +\& const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x); +\& +\& void X509_REQ_get0_signature(const X509_REQ *crl, +\& const ASN1_BIT_STRING **psig, +\& const X509_ALGOR **palg); +\& int X509_REQ_get_signature_nid(const X509_REQ *crl); +\& +\& void X509_CRL_get0_signature(const X509_CRL *crl, +\& const ASN1_BIT_STRING **psig, +\& const X509_ALGOR **palg); +\& int X509_CRL_get_signature_nid(const X509_CRL *crl); +\& +\& int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits, +\& uint32_t *flags); +\& +\& int X509_SIG_INFO_get(const X509_SIG_INFO *siginf, int *mdnid, int *pknid, +\& int *secbits, uint32_t *flags); +\& void X509_SIG_INFO_set(X509_SIG_INFO *siginf, int mdnid, int pknid, +\& int secbits, uint32_t flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIX509_get0_signature()\fR sets \fB*psig\fR to the signature of \fBx\fR and \fB*palg\fR +to the signature algorithm of \fBx\fR. The values returned are internal +pointers which \fB\s-1MUST\s0 \s-1NOT\s0\fR be freed up after the call. +.PP +\&\fIX509_get0_tbs_sigalg()\fR returns the signature algorithm in the signed +portion of \fBx\fR. +.PP +\&\fIX509_get_signature_nid()\fR returns the \s-1NID\s0 corresponding to the signature +algorithm of \fBx\fR. +.PP +\&\fIX509_REQ_get0_signature()\fR, \fIX509_REQ_get_signature_nid()\fR +\&\fIX509_CRL_get0_signature()\fR and \fIX509_CRL_get_signature_nid()\fR perform the +same function for certificate requests and CRLs. +.PP +\&\fIX509_get_signature_info()\fR retrieves information about the signature of +certificate \fBx\fR. The \s-1NID\s0 of the signing digest is written to \fB*mdnid\fR, +the public key algorithm to \fB*pknid\fR, the effective security bits to +\&\fB*secbits\fR and flag details to \fB*flags\fR. Any of the parameters can +be set to \fB\s-1NULL\s0\fR if the information is not required. +.PP +\&\fIX509_SIG_INFO_get()\fR and \fIX509_SIG_INFO_set()\fR get and set information +about a signature in an \fBX509_SIG_INFO\fR structure. They are only +used by implementations of algorithms which need to set custom +signature information: most applications will never need to call +them. +.SH "NOTES" +.IX Header "NOTES" +These functions provide lower level access to signatures in certificates +where an application wishes to analyse or generate a signature in a form +where \fIX509_sign()\fR et al is not appropriate (for example a non standard +or unsupported format). +.PP +The security bits returned by \fIX509_get_signature_info()\fR refers to information +available from the certificate signature (such as the signing digest). In some +cases the actual security of the signature is less because the signing +key is less secure: for example a certificate signed using \s-1SHA\-512\s0 and a +1024 bit \s-1RSA\s0 key. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_get_signature_nid()\fR, \fIX509_REQ_get_signature_nid()\fR and +\&\fIX509_CRL_get_signature_nid()\fR return a \s-1NID\s0. +.PP +\&\fIX509_get0_signature()\fR, \fIX509_REQ_get0_signature()\fR and +\&\fIX509_CRL_get0_signature()\fR do not return values. +.PP +\&\fIX509_get_signature_info()\fR returns 1 if the signature information +returned is valid or 0 if the information is not available (e.g. +unknown algorithms or malformed parameters). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fId2i_X509\fR\|(3), +\&\fIERR_get_error\fR\|(3), +\&\fIX509_CRL_get0_by_serial\fR\|(3), +\&\fIX509_get_ext_d2i\fR\|(3), +\&\fIX509_get_extension_flags\fR\|(3), +\&\fIX509_get_pubkey\fR\|(3), +\&\fIX509_get_subject_name\fR\|(3), +\&\fIX509_get_version\fR\|(3), +\&\fIX509_NAME_add_entry_by_txt\fR\|(3), +\&\fIX509_NAME_ENTRY_get_object\fR\|(3), +\&\fIX509_NAME_get_index_by_NID\fR\|(3), +\&\fIX509_NAME_print_ex\fR\|(3), +\&\fIX509_new\fR\|(3), +\&\fIX509_sign\fR\|(3), +\&\fIX509V3_get_d2i\fR\|(3), +\&\fIX509_verify_cert\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The +\&\fIX509_get0_signature()\fR and \fIX509_get_signature_nid()\fR functions were +added in OpenSSL 1.0.2. +.PP +The +\&\fIX509_REQ_get0_signature()\fR, \fIX509_REQ_get_signature_nid()\fR, +\&\fIX509_CRL_get0_signature()\fR and \fIX509_CRL_get_signature_nid()\fR were +added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/X509_get0_sm2_id.3 b/linux_amd64/share/man/man3/X509_get0_sm2_id.3 new file mode 100755 index 0000000..1c81eb3 --- /dev/null +++ b/linux_amd64/share/man/man3/X509_get0_sm2_id.3 @@ -0,0 +1,177 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_GET0_SM2_ID 3" +.TH X509_GET0_SM2_ID 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_get0_sm2_id, X509_set0_sm2_id, +X509_REQ_get0_sm2_id, X509_REQ_set0_sm2_id +\&\- get or set SM2 ID for certificate operations +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& ASN1_OCTET_STRING *X509_get0_sm2_id(X509 *x); +\& void X509_set0_sm2_id(X509 *x, ASN1_OCTET_STRING *sm2_id); +\& ASN1_OCTET_STRING *X509_REQ_get0_sm2_id(X509_REQ *x); +\& void X509_REQ_set0_sm2_id(X509_REQ *x, ASN1_OCTET_STRING *sm2_id); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIX509_get0_sm2_id()\fR gets the \s-1ID\s0 value of an \s-1SM2\s0 certificate \fBx\fR by returning an +\&\fB\s-1ASN1_OCTET_STRING\s0\fR object which should not be freed by the caller. +.PP +\&\fIX509_set0_sm2_id()\fR sets the \fBsm2_id\fR value to an \s-1SM2\s0 certificate \fBx\fR. Calling +this function transfers the memory management of the value to the X509 object, +and therefore the value that has been passed in should not be freed by the +caller after this function has been called. +.PP +\&\fIX509_REQ_get0_sm2_id()\fR and \fIX509_REQ_set0_sm2_id()\fR have the same functionality +as \fIX509_get0_sm2_id()\fR and \fIX509_set0_sm2_id()\fR except that they deal with +\&\fBX509_REQ\fR objects instead of \fBX509\fR. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1SM2\s0 signature algorithm requires an \s-1ID\s0 value when generating and verifying a +signature. The functions described in this manual provide the user with the +ability to set and retrieve the \s-1SM2\s0 \s-1ID\s0 value. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_set0_sm2_id()\fR and \fIX509_REQ_set0_sm2_id()\fR do not return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIX509_verify\fR\|(3), \s-1\fISM2\s0\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/X509_get0_uids.3 b/linux_amd64/share/man/man3/X509_get0_uids.3 new file mode 100755 index 0000000..2a59e28 --- /dev/null +++ b/linux_amd64/share/man/man3/X509_get0_uids.3 @@ -0,0 +1,179 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_GET0_UIDS 3" +.TH X509_GET0_UIDS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_get0_uids \- get certificate unique identifiers +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void X509_get0_uids(const X509 *x, const ASN1_BIT_STRING **piuid, +\& const ASN1_BIT_STRING **psuid); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIX509_get0_uids()\fR sets \fB*piuid\fR and \fB*psuid\fR to the issuer and subject unique +identifiers of certificate \fBx\fR or \s-1NULL\s0 if the fields are not present. +.SH "NOTES" +.IX Header "NOTES" +The issuer and subject unique identifier fields are very rarely encountered in +practice outside test cases. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_get0_uids()\fR does not return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fId2i_X509\fR\|(3), +\&\fIERR_get_error\fR\|(3), +\&\fIX509_CRL_get0_by_serial\fR\|(3), +\&\fIX509_get0_signature\fR\|(3), +\&\fIX509_get_ext_d2i\fR\|(3), +\&\fIX509_get_extension_flags\fR\|(3), +\&\fIX509_get_pubkey\fR\|(3), +\&\fIX509_get_subject_name\fR\|(3), +\&\fIX509_get_version\fR\|(3), +\&\fIX509_NAME_add_entry_by_txt\fR\|(3), +\&\fIX509_NAME_ENTRY_get_object\fR\|(3), +\&\fIX509_NAME_get_index_by_NID\fR\|(3), +\&\fIX509_NAME_print_ex\fR\|(3), +\&\fIX509_new\fR\|(3), +\&\fIX509_sign\fR\|(3), +\&\fIX509V3_get_d2i\fR\|(3), +\&\fIX509_verify_cert\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/X509_get_extension_flags.3 b/linux_amd64/share/man/man3/X509_get_extension_flags.3 new file mode 100755 index 0000000..bdc9805 --- /dev/null +++ b/linux_amd64/share/man/man3/X509_get_extension_flags.3 @@ -0,0 +1,299 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_GET_EXTENSION_FLAGS 3" +.TH X509_GET_EXTENSION_FLAGS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_get0_subject_key_id, +X509_get0_authority_key_id, +X509_get0_authority_issuer, +X509_get0_authority_serial, +X509_get_pathlen, +X509_get_extension_flags, +X509_get_key_usage, +X509_get_extended_key_usage, +X509_set_proxy_flag, +X509_set_proxy_pathlen, +X509_get_proxy_pathlen \- retrieve certificate extension data +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long X509_get_pathlen(X509 *x); +\& uint32_t X509_get_extension_flags(X509 *x); +\& uint32_t X509_get_key_usage(X509 *x); +\& uint32_t X509_get_extended_key_usage(X509 *x); +\& const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x); +\& const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x); +\& const GENERAL_NAMES *X509_get0_authority_issuer(X509 *x); +\& const ASN1_INTEGER *X509_get0_authority_serial(X509 *x); +\& void X509_set_proxy_flag(X509 *x); +\& void X509_set_proxy_pathlen(int l); +\& long X509_get_proxy_pathlen(X509 *x); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions retrieve information related to commonly used certificate extensions. +.PP +\&\fIX509_get_pathlen()\fR retrieves the path length extension from a certificate. +This extension is used to limit the length of a cert chain that may be +issued from that \s-1CA\s0. +.PP +\&\fIX509_get_extension_flags()\fR retrieves general information about a certificate, +it will return one or more of the following flags ored together. +.IP "\fB\s-1EXFLAG_V1\s0\fR" 4 +.IX Item "EXFLAG_V1" +The certificate is an obsolete version 1 certificate. +.IP "\fB\s-1EXFLAG_BCONS\s0\fR" 4 +.IX Item "EXFLAG_BCONS" +The certificate contains a basic constraints extension. +.IP "\fB\s-1EXFLAG_CA\s0\fR" 4 +.IX Item "EXFLAG_CA" +The certificate contains basic constraints and asserts the \s-1CA\s0 flag. +.IP "\fB\s-1EXFLAG_PROXY\s0\fR" 4 +.IX Item "EXFLAG_PROXY" +The certificate is a valid proxy certificate. +.IP "\fB\s-1EXFLAG_SI\s0\fR" 4 +.IX Item "EXFLAG_SI" +The certificate is self issued (that is subject and issuer names match). +.IP "\fB\s-1EXFLAG_SS\s0\fR" 4 +.IX Item "EXFLAG_SS" +The subject and issuer names match and extension values imply it is self +signed. +.IP "\fB\s-1EXFLAG_FRESHEST\s0\fR" 4 +.IX Item "EXFLAG_FRESHEST" +The freshest \s-1CRL\s0 extension is present in the certificate. +.IP "\fB\s-1EXFLAG_CRITICAL\s0\fR" 4 +.IX Item "EXFLAG_CRITICAL" +The certificate contains an unhandled critical extension. +.IP "\fB\s-1EXFLAG_INVALID\s0\fR" 4 +.IX Item "EXFLAG_INVALID" +Some certificate extension values are invalid or inconsistent. The +certificate should be rejected. +.IP "\fB\s-1EXFLAG_KUSAGE\s0\fR" 4 +.IX Item "EXFLAG_KUSAGE" +The certificate contains a key usage extension. The value can be retrieved +using \fIX509_get_key_usage()\fR. +.IP "\fB\s-1EXFLAG_XKUSAGE\s0\fR" 4 +.IX Item "EXFLAG_XKUSAGE" +The certificate contains an extended key usage extension. The value can be +retrieved using \fIX509_get_extended_key_usage()\fR. +.PP +\&\fIX509_get_key_usage()\fR returns the value of the key usage extension. If key +usage is present will return zero or more of the flags: +\&\fB\s-1KU_DIGITAL_SIGNATURE\s0\fR, \fB\s-1KU_NON_REPUDIATION\s0\fR, \fB\s-1KU_KEY_ENCIPHERMENT\s0\fR, +\&\fB\s-1KU_DATA_ENCIPHERMENT\s0\fR, \fB\s-1KU_KEY_AGREEMENT\s0\fR, \fB\s-1KU_KEY_CERT_SIGN\s0\fR, +\&\fB\s-1KU_CRL_SIGN\s0\fR, \fB\s-1KU_ENCIPHER_ONLY\s0\fR or \fB\s-1KU_DECIPHER_ONLY\s0\fR corresponding to +individual key usage bits. If key usage is absent then \fB\s-1UINT32_MAX\s0\fR is +returned. +.PP +\&\fIX509_get_extended_key_usage()\fR returns the value of the extended key usage +extension. If extended key usage is present it will return zero or more of the +flags: \fB\s-1XKU_SSL_SERVER\s0\fR, \fB\s-1XKU_SSL_CLIENT\s0\fR, \fB\s-1XKU_SMIME\s0\fR, \fB\s-1XKU_CODE_SIGN\s0\fR +\&\fB\s-1XKU_OCSP_SIGN\s0\fR, \fB\s-1XKU_TIMESTAMP\s0\fR, \fB\s-1XKU_DVCS\s0\fR or \fB\s-1XKU_ANYEKU\s0\fR. These +correspond to the OIDs \fBid-kp-serverAuth\fR, \fBid-kp-clientAuth\fR, +\&\fBid-kp-emailProtection\fR, \fBid-kp-codeSigning\fR, \fBid-kp-OCSPSigning\fR, +\&\fBid-kp-timeStamping\fR, \fBid-kp-dvcs\fR and \fBanyExtendedKeyUsage\fR respectively. +Additionally \fB\s-1XKU_SGC\s0\fR is set if either Netscape or Microsoft \s-1SGC\s0 OIDs are +present. +.PP +\&\fIX509_get0_subject_key_id()\fR returns an internal pointer to the subject key +identifier of \fBx\fR as an \fB\s-1ASN1_OCTET_STRING\s0\fR or \fB\s-1NULL\s0\fR if the extension +is not present or cannot be parsed. +.PP +\&\fIX509_get0_authority_key_id()\fR returns an internal pointer to the authority key +identifier of \fBx\fR as an \fB\s-1ASN1_OCTET_STRING\s0\fR or \fB\s-1NULL\s0\fR if the extension +is not present or cannot be parsed. +.PP +\&\fIX509_get0_authority_issuer()\fR returns an internal pointer to the authority +certificate issuer of \fBx\fR as a stack of \fB\s-1GENERAL_NAME\s0\fR structures or +\&\fB\s-1NULL\s0\fR if the extension is not present or cannot be parsed. +.PP +\&\fIX509_get0_authority_serial()\fR returns an internal pointer to the authority +certificate serial number of \fBx\fR as an \fB\s-1ASN1_INTEGER\s0\fR or \fB\s-1NULL\s0\fR if the +extension is not present or cannot be parsed. +.PP +\&\fIX509_set_proxy_flag()\fR marks the certificate with the \fB\s-1EXFLAG_PROXY\s0\fR flag. +This is for the users who need to mark non\-RFC3820 proxy certificates as +such, as OpenSSL only detects \s-1RFC3820\s0 compliant ones. +.PP +\&\fIX509_set_proxy_pathlen()\fR sets the proxy certificate path length for the given +certificate \fBx\fR. This is for the users who need to mark non\-RFC3820 proxy +certificates as such, as OpenSSL only detects \s-1RFC3820\s0 compliant ones. +.PP +\&\fIX509_get_proxy_pathlen()\fR returns the proxy certificate path length for the +given certificate \fBx\fR if it is a proxy certificate. +.SH "NOTES" +.IX Header "NOTES" +The value of the flags correspond to extension values which are cached +in the \fBX509\fR structure. If the flags returned do not provide sufficient +information an application should examine extension values directly +for example using \fIX509_get_ext_d2i()\fR. +.PP +If the key usage or extended key usage extension is absent then typically usage +is unrestricted. For this reason \fIX509_get_key_usage()\fR and +\&\fIX509_get_extended_key_usage()\fR return \fB\s-1UINT32_MAX\s0\fR when the corresponding +extension is absent. Applications can additionally check the return value of +\&\fIX509_get_extension_flags()\fR and take appropriate action is an extension is +absent. +.PP +If \fIX509_get0_subject_key_id()\fR returns \fB\s-1NULL\s0\fR then the extension may be +absent or malformed. Applications can determine the precise reason using +\&\fIX509_get_ext_d2i()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_get_pathlen()\fR returns the path length value, or \-1 if the extension +is not present. +.PP +\&\fIX509_get_extension_flags()\fR, \fIX509_get_key_usage()\fR and +\&\fIX509_get_extended_key_usage()\fR return sets of flags corresponding to the +certificate extension values. +.PP +\&\fIX509_get0_subject_key_id()\fR returns the subject key identifier as a +pointer to an \fB\s-1ASN1_OCTET_STRING\s0\fR structure or \fB\s-1NULL\s0\fR if the extension +is absent or an error occurred during parsing. +.PP +\&\fIX509_get_proxy_pathlen()\fR returns the path length value if the given +certificate is a proxy one and has a path length set, and \-1 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIX509_check_purpose\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIX509_get_pathlen()\fR, \fIX509_set_proxy_flag()\fR, \fIX509_set_proxy_pathlen()\fR and +\&\fIX509_get_proxy_pathlen()\fR were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/X509_get_pubkey.3 b/linux_amd64/share/man/man3/X509_get_pubkey.3 new file mode 100755 index 0000000..8ba5485 --- /dev/null +++ b/linux_amd64/share/man/man3/X509_get_pubkey.3 @@ -0,0 +1,209 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_GET_PUBKEY 3" +.TH X509_GET_PUBKEY 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_get_pubkey, X509_get0_pubkey, X509_set_pubkey, X509_get_X509_PUBKEY, +X509_REQ_get_pubkey, X509_REQ_get0_pubkey, X509_REQ_set_pubkey, +X509_REQ_get_X509_PUBKEY \- get or set certificate or certificate request +public key +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EVP_PKEY *X509_get_pubkey(X509 *x); +\& EVP_PKEY *X509_get0_pubkey(const X509 *x); +\& int X509_set_pubkey(X509 *x, EVP_PKEY *pkey); +\& X509_PUBKEY *X509_get_X509_PUBKEY(X509 *x); +\& +\& EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req); +\& EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req); +\& int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey); +\& X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *x); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIX509_get_pubkey()\fR attempts to decode the public key for certificate \fBx\fR. If +successful it returns the public key as an \fB\s-1EVP_PKEY\s0\fR pointer with its +reference count incremented: this means the returned key must be freed up +after use. \fIX509_get0_pubkey()\fR is similar except it does \fBnot\fR increment +the reference count of the returned \fB\s-1EVP_PKEY\s0\fR so it must not be freed up +after use. +.PP +\&\fIX509_get_X509_PUBKEY()\fR returns an internal pointer to the \fBX509_PUBKEY\fR +structure which encodes the certificate of \fBx\fR. The returned value +must not be freed up after use. +.PP +\&\fIX509_set_pubkey()\fR attempts to set the public key for certificate \fBx\fR to +\&\fBpkey\fR. The key \fBpkey\fR should be freed up after use. +.PP +\&\fIX509_REQ_get_pubkey()\fR, \fIX509_REQ_get0_pubkey()\fR, \fIX509_REQ_set_pubkey()\fR and +\&\fIX509_REQ_get_X509_PUBKEY()\fR are similar but operate on certificate request \fBreq\fR. +.SH "NOTES" +.IX Header "NOTES" +The first time a public key is decoded the \fB\s-1EVP_PKEY\s0\fR structure is +cached in the certificate or certificate request itself. Subsequent calls +return the cached structure with its reference count incremented to +improve performance. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_get_pubkey()\fR, \fIX509_get0_pubkey()\fR, \fIX509_get_X509_PUBKEY()\fR, +\&\fIX509_REQ_get_pubkey()\fR and \fIX509_REQ_get_X509_PUBKEY()\fR return a public key or +\&\fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fIX509_set_pubkey()\fR and \fIX509_REQ_set_pubkey()\fR return 1 for success and 0 +for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fId2i_X509\fR\|(3), +\&\fIERR_get_error\fR\|(3), +\&\fIX509_CRL_get0_by_serial\fR\|(3), +\&\fIX509_get0_signature\fR\|(3), +\&\fIX509_get_ext_d2i\fR\|(3), +\&\fIX509_get_extension_flags\fR\|(3), +\&\fIX509_get_subject_name\fR\|(3), +\&\fIX509_get_version\fR\|(3), +\&\fIX509_NAME_add_entry_by_txt\fR\|(3), +\&\fIX509_NAME_ENTRY_get_object\fR\|(3), +\&\fIX509_NAME_get_index_by_NID\fR\|(3), +\&\fIX509_NAME_print_ex\fR\|(3), +\&\fIX509_new\fR\|(3), +\&\fIX509_sign\fR\|(3), +\&\fIX509V3_get_d2i\fR\|(3), +\&\fIX509_verify_cert\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/X509_get_serialNumber.3 b/linux_amd64/share/man/man3/X509_get_serialNumber.3 new file mode 100755 index 0000000..fc7f077 --- /dev/null +++ b/linux_amd64/share/man/man3/X509_get_serialNumber.3 @@ -0,0 +1,194 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_GET_SERIALNUMBER 3" +.TH X509_GET_SERIALNUMBER 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_get_serialNumber, +X509_get0_serialNumber, +X509_set_serialNumber +\&\- get or set certificate serial number +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& ASN1_INTEGER *X509_get_serialNumber(X509 *x); +\& const ASN1_INTEGER *X509_get0_serialNumber(const X509 *x); +\& int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIX509_get_serialNumber()\fR returns the serial number of certificate \fBx\fR as an +\&\fB\s-1ASN1_INTEGER\s0\fR structure which can be examined or initialised. The value +returned is an internal pointer which \fB\s-1MUST\s0 \s-1NOT\s0\fR be freed up after the call. +.PP +\&\fIX509_get0_serialNumber()\fR is the same as \fIX509_get_serialNumber()\fR except it +accepts a const parameter and returns a const result. +.PP +\&\fIX509_set_serialNumber()\fR sets the serial number of certificate \fBx\fR to +\&\fBserial\fR. A copy of the serial number is used internally so \fBserial\fR should +be freed up after use. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_get_serialNumber()\fR and \fIX509_get0_serialNumber()\fR return an \fB\s-1ASN1_INTEGER\s0\fR +structure. +.PP +\&\fIX509_set_serialNumber()\fR returns 1 for success and 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fId2i_X509\fR\|(3), +\&\fIERR_get_error\fR\|(3), +\&\fIX509_CRL_get0_by_serial\fR\|(3), +\&\fIX509_get0_signature\fR\|(3), +\&\fIX509_get_ext_d2i\fR\|(3), +\&\fIX509_get_extension_flags\fR\|(3), +\&\fIX509_get_pubkey\fR\|(3), +\&\fIX509_get_subject_name\fR\|(3), +\&\fIX509_NAME_add_entry_by_txt\fR\|(3), +\&\fIX509_NAME_ENTRY_get_object\fR\|(3), +\&\fIX509_NAME_get_index_by_NID\fR\|(3), +\&\fIX509_NAME_print_ex\fR\|(3), +\&\fIX509_new\fR\|(3), +\&\fIX509_sign\fR\|(3), +\&\fIX509V3_get_d2i\fR\|(3), +\&\fIX509_verify_cert\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fIX509_get_serialNumber()\fR and \fIX509_set_serialNumber()\fR functions are +available in all versions of OpenSSL. +The \fIX509_get0_serialNumber()\fR function was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/X509_get_subject_name.3 b/linux_amd64/share/man/man3/X509_get_subject_name.3 new file mode 100755 index 0000000..8c330bb --- /dev/null +++ b/linux_amd64/share/man/man3/X509_get_subject_name.3 @@ -0,0 +1,208 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_GET_SUBJECT_NAME 3" +.TH X509_GET_SUBJECT_NAME 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_get_subject_name, X509_set_subject_name, X509_get_issuer_name, +X509_set_issuer_name, X509_REQ_get_subject_name, X509_REQ_set_subject_name, +X509_CRL_get_issuer, X509_CRL_set_issuer_name \- get and set issuer or +subject names +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& X509_NAME *X509_get_subject_name(const X509 *x); +\& int X509_set_subject_name(X509 *x, X509_NAME *name); +\& +\& X509_NAME *X509_get_issuer_name(const X509 *x); +\& int X509_set_issuer_name(X509 *x, X509_NAME *name); +\& +\& X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req); +\& int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name); +\& +\& X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl); +\& int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIX509_get_subject_name()\fR returns the subject name of certificate \fBx\fR. The +returned value is an internal pointer which \fB\s-1MUST\s0 \s-1NOT\s0\fR be freed. +.PP +\&\fIX509_set_subject_name()\fR sets the issuer name of certificate \fBx\fR to +\&\fBname\fR. The \fBname\fR parameter is copied internally and should be freed +up when it is no longer needed. +.PP +\&\fIX509_get_issuer_name()\fR and \fIX509_set_issuer_name()\fR are identical to +\&\fIX509_get_subject_name()\fR and \fIX509_set_subject_name()\fR except the get and +set the issuer name of \fBx\fR. +.PP +Similarly \fIX509_REQ_get_subject_name()\fR, \fIX509_REQ_set_subject_name()\fR, +\&\fIX509_CRL_get_issuer()\fR and \fIX509_CRL_set_issuer_name()\fR get or set the subject +or issuer names of certificate requests of CRLs respectively. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_get_subject_name()\fR, \fIX509_get_issuer_name()\fR, \fIX509_REQ_get_subject_name()\fR +and \fIX509_CRL_get_issuer()\fR return an \fBX509_NAME\fR pointer. +.PP +\&\fIX509_set_subject_name()\fR, \fIX509_set_issuer_name()\fR, \fIX509_REQ_set_subject_name()\fR +and \fIX509_CRL_set_issuer_name()\fR return 1 for success and 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fId2i_X509\fR\|(3), +\&\fIERR_get_error\fR\|(3), \fId2i_X509\fR\|(3) +\&\fIX509_CRL_get0_by_serial\fR\|(3), +\&\fIX509_get0_signature\fR\|(3), +\&\fIX509_get_ext_d2i\fR\|(3), +\&\fIX509_get_extension_flags\fR\|(3), +\&\fIX509_get_pubkey\fR\|(3), +\&\fIX509_NAME_add_entry_by_txt\fR\|(3), +\&\fIX509_NAME_ENTRY_get_object\fR\|(3), +\&\fIX509_NAME_get_index_by_NID\fR\|(3), +\&\fIX509_NAME_print_ex\fR\|(3), +\&\fIX509_new\fR\|(3), +\&\fIX509_sign\fR\|(3), +\&\fIX509V3_get_d2i\fR\|(3), +\&\fIX509_verify_cert\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIX509_REQ_get_subject_name()\fR is a function in OpenSSL 1.1.0 and a macro in +earlier versions. +.PP +\&\fIX509_CRL_get_issuer()\fR is a function in OpenSSL 1.1.0. It was previously +added in OpenSSL 1.0.0 as a macro. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/X509_get_version.3 b/linux_amd64/share/man/man3/X509_get_version.3 new file mode 100755 index 0000000..2465879 --- /dev/null +++ b/linux_amd64/share/man/man3/X509_get_version.3 @@ -0,0 +1,204 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_GET_VERSION 3" +.TH X509_GET_VERSION 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_get_version, X509_set_version, X509_REQ_get_version, X509_REQ_set_version, +X509_CRL_get_version, X509_CRL_set_version \- get or set certificate, +certificate request or CRL version +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long X509_get_version(const X509 *x); +\& int X509_set_version(X509 *x, long version); +\& +\& long X509_REQ_get_version(const X509_REQ *req); +\& int X509_REQ_set_version(X509_REQ *x, long version); +\& +\& long X509_CRL_get_version(const X509_CRL *crl); +\& int X509_CRL_set_version(X509_CRL *x, long version); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIX509_get_version()\fR returns the numerical value of the version field of +certificate \fBx\fR. Note: this is defined by standards (X.509 et al) to be one +less than the certificate version. So a version 3 certificate will return 2 and +a version 1 certificate will return 0. +.PP +\&\fIX509_set_version()\fR sets the numerical value of the version field of certificate +\&\fBx\fR to \fBversion\fR. +.PP +Similarly \fIX509_REQ_get_version()\fR, \fIX509_REQ_set_version()\fR, +\&\fIX509_CRL_get_version()\fR and \fIX509_CRL_set_version()\fR get and set the version +number of certificate requests and CRLs. +.SH "NOTES" +.IX Header "NOTES" +The version field of certificates, certificate requests and CRLs has a +\&\s-1DEFAULT\s0 value of \fB\f(BIv1\fB\|(0)\fR meaning the field should be omitted for version +1. This is handled transparently by these functions. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_get_version()\fR, \fIX509_REQ_get_version()\fR and \fIX509_CRL_get_version()\fR +return the numerical value of the version field. +.PP +\&\fIX509_set_version()\fR, \fIX509_REQ_set_version()\fR and \fIX509_CRL_set_version()\fR +return 1 for success and 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fId2i_X509\fR\|(3), +\&\fIERR_get_error\fR\|(3), +\&\fIX509_CRL_get0_by_serial\fR\|(3), +\&\fIX509_get0_signature\fR\|(3), +\&\fIX509_get_ext_d2i\fR\|(3), +\&\fIX509_get_extension_flags\fR\|(3), +\&\fIX509_get_pubkey\fR\|(3), +\&\fIX509_get_subject_name\fR\|(3), +\&\fIX509_NAME_add_entry_by_txt\fR\|(3), +\&\fIX509_NAME_ENTRY_get_object\fR\|(3), +\&\fIX509_NAME_get_index_by_NID\fR\|(3), +\&\fIX509_NAME_print_ex\fR\|(3), +\&\fIX509_new\fR\|(3), +\&\fIX509_sign\fR\|(3), +\&\fIX509V3_get_d2i\fR\|(3), +\&\fIX509_verify_cert\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIX509_get_version()\fR, \fIX509_REQ_get_version()\fR and \fIX509_CRL_get_version()\fR are +functions in OpenSSL 1.1.0, in previous versions they were macros. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/X509_load_http.3 b/linux_amd64/share/man/man3/X509_load_http.3 new file mode 100755 index 0000000..1f3935b --- /dev/null +++ b/linux_amd64/share/man/man3/X509_load_http.3 @@ -0,0 +1,185 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_LOAD_HTTP 3" +.TH X509_LOAD_HTTP 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_load_http, +X509_http_nbio, +X509_CRL_load_http, +X509_CRL_http_nbio +\&\- certificate and CRL loading functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& X509 *X509_load_http(const char *url, BIO *bio, BIO *rbio, int timeout); +\& X509_CRL *X509_CRL_load_http(const char *url, BIO *bio, BIO *rbio, int timeout); +\& +\& #define X509_http_nbio(url) +\& #define X509_CRL_http_nbio(url) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIX509_load_http()\fR and \fIX509_CRL_load_http()\fR loads a certificate or a \s-1CRL\s0, +respectively, in \s-1ASN\s0.1 format using \s-1HTTP\s0 from the given \fBurl\fR. +.PP +If \fBbio\fR is given and \fBrbio\fR is \s-1NULL\s0 then this \s-1BIO\s0 is used instead of an +interal one for connecting, writing the request, and reading the response. +If both \fBbio\fR and \fBrbio\fR are given (which may be memory BIOs, for instance) +then no explicit connection is attempted, +\&\fBbio\fR is used for writing the request, and \fBrbio\fR for reading the response. +.PP +If the \fBtimeout\fR parameter is > 0 this indicates the maximum number of seconds +to wait until the transfer is complete. +A value of 0 enables waiting indefinitely, +while a value < 0 immediately leads to a timeout condition. +.PP +\&\fIX509_http_nbio()\fR and \fIX509_CRL_http_nbio()\fR are macros for backward compatibility +that have the same effect as the functions above but with infinite timeout +and without the possiblity to specify custom BIOs. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +On success the function yield the loaded value, else \s-1NULL\s0. +Error conditions include connection/transfer timeout, parse errors, etc. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIOSSL_HTTP_get_asn1\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIX509_load_http()\fR and \fIX509_CRL_load_http()\fR were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/X509_new.3 b/linux_amd64/share/man/man3/X509_new.3 new file mode 100755 index 0000000..4b40202 --- /dev/null +++ b/linux_amd64/share/man/man3/X509_new.3 @@ -0,0 +1,205 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_NEW 3" +.TH X509_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_chain_up_ref, +X509_new, X509_free, X509_up_ref \- X509 certificate ASN1 allocation functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& X509 *X509_new(void); +\& void X509_free(X509 *a); +\& int X509_up_ref(X509 *a); +\& STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *x); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The X509 \s-1ASN1\s0 allocation routines, allocate and free an +X509 structure, which represents an X509 certificate. +.PP +\&\fIX509_new()\fR allocates and initializes a X509 structure with reference count +\&\fB1\fR. +.PP +\&\fIX509_free()\fR decrements the reference count of \fBX509\fR structure \fBa\fR and +frees it up if the reference count is zero. If \fBa\fR is \s-1NULL\s0 nothing is done. +.PP +\&\fIX509_up_ref()\fR increments the reference count of \fBa\fR. +.PP +\&\fIX509_chain_up_ref()\fR increases the reference count of all certificates in +chain \fBx\fR and returns a copy of the stack. +.SH "NOTES" +.IX Header "NOTES" +The function \fIX509_up_ref()\fR if useful if a certificate structure is being +used by several different operations each of which will free it up after +use: this avoids the need to duplicate the entire certificate structure. +.PP +The function \fIX509_chain_up_ref()\fR doesn't just up the reference count of +each certificate it also returns a copy of the stack, using \fIsk_X509_dup()\fR, +but it serves a similar purpose: the returned chain persists after the +original has been freed. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +If the allocation fails, \fIX509_new()\fR returns \fB\s-1NULL\s0\fR and sets an error +code that can be obtained by \fIERR_get_error\fR\|(3). +Otherwise it returns a pointer to the newly allocated structure. +.PP +\&\fIX509_up_ref()\fR returns 1 for success and 0 for failure. +.PP +\&\fIX509_chain_up_ref()\fR returns a copy of the stack or \fB\s-1NULL\s0\fR if an error +occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fId2i_X509\fR\|(3), +\&\fIERR_get_error\fR\|(3), +\&\fIX509_CRL_get0_by_serial\fR\|(3), +\&\fIX509_get0_signature\fR\|(3), +\&\fIX509_get_ext_d2i\fR\|(3), +\&\fIX509_get_extension_flags\fR\|(3), +\&\fIX509_get_pubkey\fR\|(3), +\&\fIX509_get_subject_name\fR\|(3), +\&\fIX509_get_version\fR\|(3), +\&\fIX509_NAME_add_entry_by_txt\fR\|(3), +\&\fIX509_NAME_ENTRY_get_object\fR\|(3), +\&\fIX509_NAME_get_index_by_NID\fR\|(3), +\&\fIX509_NAME_print_ex\fR\|(3), +\&\fIX509_sign\fR\|(3), +\&\fIX509V3_get_d2i\fR\|(3), +\&\fIX509_verify_cert\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/X509_sign.3 b/linux_amd64/share/man/man3/X509_sign.3 new file mode 100755 index 0000000..cc994a8 --- /dev/null +++ b/linux_amd64/share/man/man3/X509_sign.3 @@ -0,0 +1,220 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_SIGN 3" +.TH X509_SIGN 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_sign, X509_sign_ctx, X509_verify, X509_REQ_sign, X509_REQ_sign_ctx, +X509_REQ_verify, X509_CRL_sign, X509_CRL_sign_ctx, X509_CRL_verify \- +sign or verify certificate, certificate request or CRL signature +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); +\& int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx); +\& int X509_verify(X509 *a, EVP_PKEY *r); +\& +\& int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md); +\& int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx); +\& int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r); +\& +\& int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md); +\& int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx); +\& int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIX509_sign()\fR signs certificate \fBx\fR using private key \fBpkey\fR and message +digest \fBmd\fR and sets the signature in \fBx\fR. \fIX509_sign_ctx()\fR also signs +certificate \fBx\fR but uses the parameters contained in digest context \fBctx\fR. +.PP +\&\fIX509_verify()\fR verifies the signature of certificate \fBx\fR using public key +\&\fBpkey\fR. Only the signature is checked: no other checks (such as certificate +chain validity) are performed. +.PP +\&\fIX509_REQ_sign()\fR, \fIX509_REQ_sign_ctx()\fR, \fIX509_REQ_verify()\fR, +\&\fIX509_CRL_sign()\fR, \fIX509_CRL_sign_ctx()\fR and \fIX509_CRL_verify()\fR sign and verify +certificate requests and CRLs respectively. +.SH "NOTES" +.IX Header "NOTES" +\&\fIX509_sign_ctx()\fR is used where the default parameters for the corresponding +public key and digest are not suitable. It can be used to sign keys using +RSA-PSS for example. +.PP +For efficiency reasons and to work around \s-1ASN\s0.1 encoding issues the encoding +of the signed portion of a certificate, certificate request and \s-1CRL\s0 is cached +internally. If the signed portion of the structure is modified the encoding +is not always updated meaning a stale version is sometimes used. This is not +normally a problem because modifying the signed portion will invalidate the +signature and signing will always update the encoding. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_sign()\fR, \fIX509_sign_ctx()\fR, \fIX509_REQ_sign()\fR, \fIX509_REQ_sign_ctx()\fR, +\&\fIX509_CRL_sign()\fR and \fIX509_CRL_sign_ctx()\fR return the size of the signature +in bytes for success and zero for failure. +.PP +\&\fIX509_verify()\fR, \fIX509_REQ_verify()\fR and \fIX509_CRL_verify()\fR return 1 if the +signature is valid and 0 if the signature check fails. If the signature +could not be checked at all because it was invalid or some other error +occurred then \-1 is returned. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fId2i_X509\fR\|(3), +\&\fIERR_get_error\fR\|(3), +\&\fIX509_CRL_get0_by_serial\fR\|(3), +\&\fIX509_get0_signature\fR\|(3), +\&\fIX509_get_ext_d2i\fR\|(3), +\&\fIX509_get_extension_flags\fR\|(3), +\&\fIX509_get_pubkey\fR\|(3), +\&\fIX509_get_subject_name\fR\|(3), +\&\fIX509_get_version\fR\|(3), +\&\fIX509_NAME_add_entry_by_txt\fR\|(3), +\&\fIX509_NAME_ENTRY_get_object\fR\|(3), +\&\fIX509_NAME_get_index_by_NID\fR\|(3), +\&\fIX509_NAME_print_ex\fR\|(3), +\&\fIX509_new\fR\|(3), +\&\fIX509V3_get_d2i\fR\|(3), +\&\fIX509_verify_cert\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fIX509_sign()\fR, \fIX509_REQ_sign()\fR and \fIX509_CRL_sign()\fR functions are +available in all versions of OpenSSL. +.PP +The \fIX509_sign_ctx()\fR, \fIX509_REQ_sign_ctx()\fR +and \fIX509_CRL_sign_ctx()\fR functions were added OpenSSL 1.0.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/X509_verify_cert.3 b/linux_amd64/share/man/man3/X509_verify_cert.3 new file mode 100755 index 0000000..175a69a --- /dev/null +++ b/linux_amd64/share/man/man3/X509_verify_cert.3 @@ -0,0 +1,181 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_VERIFY_CERT 3" +.TH X509_VERIFY_CERT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_verify_cert \- discover and verify X509 certificate chain +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_verify_cert(X509_STORE_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fIX509_verify_cert()\fR function attempts to discover and validate a +certificate chain based on parameters in \fBctx\fR. A complete description of +the process is contained in the \fIopenssl\-verify\fR\|(1) manual page. +.PP +Applications rarely call this function directly but it is used by +OpenSSL internally for certificate validation, in both the S/MIME and +\&\s-1SSL/TLS\s0 code. +.PP +A negative return value from \fIX509_verify_cert()\fR can occur if it is invoked +incorrectly, such as with no certificate set in \fBctx\fR, or when it is called +twice in succession without reinitialising \fBctx\fR for the second call. +A negative return value can also happen due to internal resource problems or if +a retry operation is requested during internal lookups (which never happens +with standard lookup methods). +Applications must check for <= 0 return value on error. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +If a complete chain can be built and validated this function returns 1, +otherwise it return zero, in exceptional circumstances it can also +return a negative code. +.PP +If the function fails additional error information can be obtained by +examining \fBctx\fR using, for example \fIX509_STORE_CTX_get_error()\fR. +.SH "BUGS" +.IX Header "BUGS" +This function uses the header \fI\fR +as opposed to most chain verification +functions which use \fI\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIX509_STORE_CTX_get_error\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2009\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/X509v3_get_ext_by_NID.3 b/linux_amd64/share/man/man3/X509v3_get_ext_by_NID.3 new file mode 100755 index 0000000..38544ca --- /dev/null +++ b/linux_amd64/share/man/man3/X509v3_get_ext_by_NID.3 @@ -0,0 +1,264 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509V3_GET_EXT_BY_NID 3" +.TH X509V3_GET_EXT_BY_NID 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509v3_get_ext_count, X509v3_get_ext, X509v3_get_ext_by_NID, +X509v3_get_ext_by_OBJ, X509v3_get_ext_by_critical, X509v3_delete_ext, +X509v3_add_ext, X509_get_ext_count, X509_get_ext, +X509_get_ext_by_NID, X509_get_ext_by_OBJ, X509_get_ext_by_critical, +X509_delete_ext, X509_add_ext, X509_CRL_get_ext_count, X509_CRL_get_ext, +X509_CRL_get_ext_by_NID, X509_CRL_get_ext_by_OBJ, X509_CRL_get_ext_by_critical, +X509_CRL_delete_ext, X509_CRL_add_ext, X509_REVOKED_get_ext_count, +X509_REVOKED_get_ext, X509_REVOKED_get_ext_by_NID, X509_REVOKED_get_ext_by_OBJ, +X509_REVOKED_get_ext_by_critical, X509_REVOKED_delete_ext, +X509_REVOKED_add_ext \- extension stack utility functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x); +\& X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc); +\& +\& int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, +\& int nid, int lastpos); +\& int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x, +\& const ASN1_OBJECT *obj, int lastpos); +\& int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x, +\& int crit, int lastpos); +\& X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc); +\& STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, +\& X509_EXTENSION *ex, int loc); +\& +\& int X509_get_ext_count(const X509 *x); +\& X509_EXTENSION *X509_get_ext(const X509 *x, int loc); +\& int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos); +\& int X509_get_ext_by_OBJ(const X509 *x, const ASN1_OBJECT *obj, int lastpos); +\& int X509_get_ext_by_critical(const X509 *x, int crit, int lastpos); +\& X509_EXTENSION *X509_delete_ext(X509 *x, int loc); +\& int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc); +\& +\& int X509_CRL_get_ext_count(const X509_CRL *x); +\& X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc); +\& int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, int lastpos); +\& int X509_CRL_get_ext_by_OBJ(const X509_CRL *x, const ASN1_OBJECT *obj, int lastpos); +\& int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit, int lastpos); +\& X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc); +\& int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc); +\& +\& int X509_REVOKED_get_ext_count(const X509_REVOKED *x); +\& X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc); +\& int X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid, int lastpos); +\& int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x, const ASN1_OBJECT *obj, +\& int lastpos); +\& int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x, int crit, int lastpos); +\& X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc); +\& int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIX509v3_get_ext_count()\fR retrieves the number of extensions in \fBx\fR. +.PP +\&\fIX509v3_get_ext()\fR retrieves extension \fBloc\fR from \fBx\fR. The index \fBloc\fR +can take any value from \fB0\fR to X509_get_ext_count(x) \- 1. The returned +extension is an internal pointer which \fBmust not\fR be freed up by the +application. +.PP +\&\fIX509v3_get_ext_by_NID()\fR and \fIX509v3_get_ext_by_OBJ()\fR look for an extension +with \fBnid\fR or \fBobj\fR from extension stack \fBx\fR. The search starts from the +extension after \fBlastpos\fR or from the beginning if is \fB\-1\fR. If +the extension is found its index is returned otherwise \fB\-1\fR is returned. +.PP +\&\fIX509v3_get_ext_by_critical()\fR is similar to \fIX509v3_get_ext_by_NID()\fR except it +looks for an extension of criticality \fBcrit\fR. A zero value for \fBcrit\fR +looks for a non-critical extension a nonzero value looks for a critical +extension. +.PP +\&\fIX509v3_delete_ext()\fR deletes the extension with index \fBloc\fR from \fBx\fR. The +deleted extension is returned and must be freed by the caller. If \fBloc\fR +is in invalid index value \fB\s-1NULL\s0\fR is returned. +.PP +\&\fIX509v3_add_ext()\fR adds extension \fBex\fR to stack \fB*x\fR at position \fBloc\fR. If +\&\fBloc\fR is \fB\-1\fR the new extension is added to the end. If \fB*x\fR is \fB\s-1NULL\s0\fR +a new stack will be allocated. The passed extension \fBex\fR is duplicated +internally so it must be freed after use. +.PP +\&\fIX509_get_ext_count()\fR, \fIX509_get_ext()\fR, \fIX509_get_ext_by_NID()\fR, +\&\fIX509_get_ext_by_OBJ()\fR, \fIX509_get_ext_by_critical()\fR, \fIX509_delete_ext()\fR +and \fIX509_add_ext()\fR operate on the extensions of certificate \fBx\fR they are +otherwise identical to the X509v3 functions. +.PP +\&\fIX509_CRL_get_ext_count()\fR, \fIX509_CRL_get_ext()\fR, \fIX509_CRL_get_ext_by_NID()\fR, +\&\fIX509_CRL_get_ext_by_OBJ()\fR, \fIX509_CRL_get_ext_by_critical()\fR, +\&\fIX509_CRL_delete_ext()\fR and \fIX509_CRL_add_ext()\fR operate on the extensions of +\&\s-1CRL\s0 \fBx\fR they are otherwise identical to the X509v3 functions. +.PP +\&\fIX509_REVOKED_get_ext_count()\fR, \fIX509_REVOKED_get_ext()\fR, +\&\fIX509_REVOKED_get_ext_by_NID()\fR, \fIX509_REVOKED_get_ext_by_OBJ()\fR, +\&\fIX509_REVOKED_get_ext_by_critical()\fR, \fIX509_REVOKED_delete_ext()\fR and +\&\fIX509_REVOKED_add_ext()\fR operate on the extensions of \s-1CRL\s0 entry \fBx\fR +they are otherwise identical to the X509v3 functions. +.SH "NOTES" +.IX Header "NOTES" +These functions are used to examine stacks of extensions directly. Many +applications will want to parse or encode and add an extension: they should +use the extension encode and decode functions instead such as +\&\fIX509_add1_ext_i2d()\fR and \fIX509_get_ext_d2i()\fR. +.PP +Extension indices start from zero, so a zero index return value is \fBnot\fR an +error. These search functions start from the extension \fBafter\fR the \fBlastpos\fR +parameter so it should initially be set to \fB\-1\fR, if it is set to zero the +initial extension will not be checked. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509v3_get_ext_count()\fR returns the extension count. +.PP +\&\fIX509v3_get_ext()\fR, \fIX509v3_delete_ext()\fR and \fIX509_delete_ext()\fR return an +\&\fBX509_EXTENSION\fR pointer or \fB\s-1NULL\s0\fR if an error occurs. +.PP +\&\fIX509v3_get_ext_by_NID()\fR \fIX509v3_get_ext_by_OBJ()\fR and +\&\fIX509v3_get_ext_by_critical()\fR return the an extension index or \fB\-1\fR if an +error occurs. +.PP +\&\fIX509v3_add_ext()\fR returns a stack of extensions or \fB\s-1NULL\s0\fR on error. +.PP +\&\fIX509_add_ext()\fR returns 1 on success and 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIX509V3_get_d2i\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/d2i_DHparams.3 b/linux_amd64/share/man/man3/d2i_DHparams.3 new file mode 100755 index 0000000..6533b82 --- /dev/null +++ b/linux_amd64/share/man/man3/d2i_DHparams.3 @@ -0,0 +1,165 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "D2I_DHPARAMS 3" +.TH D2I_DHPARAMS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +d2i_DHparams, i2d_DHparams \- PKCS#3 DH parameter functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& DH *d2i_DHparams(DH **a, unsigned char **pp, long length); +\& int i2d_DHparams(DH *a, unsigned char **pp); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions decode and encode PKCS#3 \s-1DH\s0 parameters using the +DHparameter structure described in PKCS#3. +.PP +Otherwise these behave in a similar way to \fId2i_X509()\fR and \fIi2d_X509()\fR +described in the \fId2i_X509\fR\|(3) manual page. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fId2i_DHparams()\fR returns a valid \fB\s-1DH\s0\fR structure or \s-1NULL\s0 if an error occurred. +.PP +\&\fIi2d_DHparams()\fR returns the length of encoded data on success or a value which +is less than or equal to 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fId2i_X509\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/d2i_PKCS8PrivateKey_bio.3 b/linux_amd64/share/man/man3/d2i_PKCS8PrivateKey_bio.3 new file mode 100755 index 0000000..787f8f1 --- /dev/null +++ b/linux_amd64/share/man/man3/d2i_PKCS8PrivateKey_bio.3 @@ -0,0 +1,196 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "D2I_PKCS8PRIVATEKEY_BIO 3" +.TH D2I_PKCS8PRIVATEKEY_BIO 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +d2i_PKCS8PrivateKey_bio, d2i_PKCS8PrivateKey_fp, +i2d_PKCS8PrivateKey_bio, i2d_PKCS8PrivateKey_fp, +i2d_PKCS8PrivateKey_nid_bio, i2d_PKCS8PrivateKey_nid_fp \- PKCS#8 format private key functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u); +\& EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u); +\& +\& int i2d_PKCS8PrivateKey_bio(BIO *bp, const EVP_PKEY *x, const EVP_CIPHER *enc, +\& char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& +\& int i2d_PKCS8PrivateKey_fp(FILE *fp, const EVP_PKEY *x, const EVP_CIPHER *enc, +\& char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& +\& int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, const EVP_PKEY *x, int nid, +\& char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& +\& int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, const EVP_PKEY *x, int nid, +\& char *kstr, int klen, +\& pem_password_cb *cb, void *u); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The PKCS#8 functions encode and decode private keys in PKCS#8 format using both +PKCS#5 v1.5 and PKCS#5 v2.0 password based encryption algorithms. +.PP +Other than the use of \s-1DER\s0 as opposed to \s-1PEM\s0 these functions are identical to the +corresponding \fB\s-1PEM\s0\fR function as described in \fIPEM_read_PrivateKey\fR\|(3). +.SH "NOTES" +.IX Header "NOTES" +These functions are currently the only way to store encrypted private keys using \s-1DER\s0 format. +.PP +Currently all the functions use BIOs or \s-1FILE\s0 pointers, there are no functions which +work directly on memory: this can be readily worked around by converting the buffers +to memory BIOs, see \fIBIO_s_mem\fR\|(3) for details. +.PP +These functions make no assumption regarding the pass phrase received from the +password callback. +It will simply be treated as a byte sequence. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fId2i_PKCS8PrivateKey_bio()\fR and \fId2i_PKCS8PrivateKey_fp()\fR return a valid \fB\s-1EVP_PKEY\s0\fR +structure or \s-1NULL\s0 if an error occurred. +.PP +\&\fIi2d_PKCS8PrivateKey_bio()\fR, \fIi2d_PKCS8PrivateKey_fp()\fR, \fIi2d_PKCS8PrivateKey_nid_bio()\fR +and \fIi2d_PKCS8PrivateKey_nid_fp()\fR return 1 on success or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIPEM_read_PrivateKey\fR\|(3), +\&\fIpassphrase\-encoding\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/d2i_PrivateKey.3 b/linux_amd64/share/man/man3/d2i_PrivateKey.3 new file mode 100755 index 0000000..5488a0a --- /dev/null +++ b/linux_amd64/share/man/man3/d2i_PrivateKey.3 @@ -0,0 +1,211 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "D2I_PRIVATEKEY 3" +.TH D2I_PRIVATEKEY 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +d2i_PrivateKey, d2i_PublicKey, d2i_KeyParams, d2i_AutoPrivateKey, +i2d_PrivateKey, i2d_PublicKey, i2d_KeyParams, i2d_KeyParams_bio, +d2i_PrivateKey_bio, d2i_PrivateKey_fp, d2i_KeyParams_bio +\&\- decode and encode functions for reading and saving EVP_PKEY structures +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, +\& long length); +\& EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, +\& long length); +\& EVP_PKEY *d2i_KeyParams(int type, EVP_PKEY **a, const unsigned char **pp, +\& long length); +\& EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, +\& long length); +\& +\& int i2d_PrivateKey(const EVP_PKEY *a, unsigned char **pp); +\& int i2d_PublicKey(const EVP_PKEY *a, unsigned char **pp); +\& int i2d_KeyParams(const EVP_PKEY *a, unsigned char **pp); +\& int i2d_KeyParams_bio(BIO *bp, const EVP_PKEY *pkey); +\& +\& EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a); +\& EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a) +\& EVP_PKEY *d2i_KeyParams_bio(int type, EVP_PKEY **a, BIO *in); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fId2i_PrivateKey()\fR decodes a private key using algorithm \fBtype\fR. It attempts to +use any key specific format or PKCS#8 unencrypted PrivateKeyInfo format. The +\&\fBtype\fR parameter should be a public key algorithm constant such as +\&\fB\s-1EVP_PKEY_RSA\s0\fR. An error occurs if the decoded key does not match \fBtype\fR. +\&\fId2i_PublicKey()\fR does the same for public keys. +\&\fId2i_KeyParams()\fR does the same for key parameters. +.PP +\&\fId2i_AutoPrivateKey()\fR is similar to \fId2i_PrivateKey()\fR except it attempts to +automatically detect the private key format. +.PP +\&\fIi2d_PrivateKey()\fR encodes \fBkey\fR. It uses a key specific format or, if none is +defined for that key type, PKCS#8 unencrypted PrivateKeyInfo format. +\&\fIi2d_PublicKey()\fR does the same for public keys. +\&\fIi2d_KeyParams()\fR does the same for key parameters. +These functions are similar to the \fId2i_X509()\fR functions; see \fId2i_X509\fR\|(3). +.SH "NOTES" +.IX Header "NOTES" +All these functions use \s-1DER\s0 format and unencrypted keys. Applications wishing +to encrypt or decrypt private keys should use other functions such as +\&\fId2i_PKCS8PrivateKey()\fR instead. +.PP +If the \fB*a\fR is not \s-1NULL\s0 when calling \fId2i_PrivateKey()\fR or \fId2i_AutoPrivateKey()\fR +(i.e. an existing structure is being reused) and the key format is PKCS#8 +then \fB*a\fR will be freed and replaced on a successful call. +.PP +To decode a key with type \fB\s-1EVP_PKEY_EC\s0\fR, \fId2i_PublicKey()\fR requires \fB*a\fR to be +a non-NULL \s-1EVP_PKEY\s0 structure assigned an \s-1EC_KEY\s0 structure referencing the proper +\&\s-1EC_GROUP\s0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The \fId2i_PrivateKey()\fR, \fId2i_AutoPrivateKey()\fR, \fId2i_PrivateKey_bio()\fR, \fId2i_PrivateKey_fp()\fR, +\&\fId2i_PublicKey()\fR, \fId2i_KeyParams()\fR and \fId2i_KeyParams_bio()\fR functions return a valid +\&\fB\s-1EVP_KEY\s0\fR structure or \fB\s-1NULL\s0\fR if an error occurs. The error code can be +obtained by calling \fIERR_get_error\fR\|(3). +.PP +\&\fIi2d_PrivateKey()\fR, \fIi2d_PublicKey()\fR, \fIi2d_KeyParams()\fR \fIi2d_KeyParams_bio()\fR return +the number of bytes successfully encoded or a negative value if an error occurs. +The error code can be obtained by calling \fIERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIcrypto\fR\|(7), +\&\fId2i_PKCS8PrivateKey_bio\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/d2i_SSL_SESSION.3 b/linux_amd64/share/man/man3/d2i_SSL_SESSION.3 new file mode 100755 index 0000000..47911f4 --- /dev/null +++ b/linux_amd64/share/man/man3/d2i_SSL_SESSION.3 @@ -0,0 +1,173 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "D2I_SSL_SESSION 3" +.TH D2I_SSL_SESSION 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +d2i_SSL_SESSION, i2d_SSL_SESSION \- convert SSL_SESSION object from/to ASN1 representation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, +\& long length); +\& int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions decode and encode an \s-1SSL_SESSION\s0 object. +For encoding details see \fId2i_X509\fR\|(3). +.PP +\&\s-1SSL_SESSION\s0 objects keep internal link information about the session cache +list, when being inserted into one \s-1SSL_CTX\s0 object's session cache. +One \s-1SSL_SESSION\s0 object, regardless of its reference count, must therefore +only be used with one \s-1SSL_CTX\s0 object (and the \s-1SSL\s0 objects created +from this \s-1SSL_CTX\s0 object). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fId2i_SSL_SESSION()\fR returns a pointer to the newly allocated \s-1SSL_SESSION\s0 +object. In case of failure the NULL-pointer is returned and the error message +can be retrieved from the error stack. +.PP +\&\fIi2d_SSL_SESSION()\fR returns the size of the \s-1ASN1\s0 representation in bytes. +When the session is not valid, \fB0\fR is returned and no operation is performed. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_SESSION_free\fR\|(3), +\&\fISSL_CTX_sess_set_get_cb\fR\|(3), +\&\fId2i_X509\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/d2i_X509.3 b/linux_amd64/share/man/man3/d2i_X509.3 new file mode 100755 index 0000000..08cdb12 --- /dev/null +++ b/linux_amd64/share/man/man3/d2i_X509.3 @@ -0,0 +1,764 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "D2I_X509 3" +.TH D2I_X509 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +d2i_ACCESS_DESCRIPTION, +d2i_ADMISSIONS, +d2i_ADMISSION_SYNTAX, +d2i_ASIdOrRange, +d2i_ASIdentifierChoice, +d2i_ASIdentifiers, +d2i_ASN1_BIT_STRING, +d2i_ASN1_BMPSTRING, +d2i_ASN1_ENUMERATED, +d2i_ASN1_GENERALIZEDTIME, +d2i_ASN1_GENERALSTRING, +d2i_ASN1_IA5STRING, +d2i_ASN1_INTEGER, +d2i_ASN1_NULL, +d2i_ASN1_OBJECT, +d2i_ASN1_OCTET_STRING, +d2i_ASN1_PRINTABLE, +d2i_ASN1_PRINTABLESTRING, +d2i_ASN1_SEQUENCE_ANY, +d2i_ASN1_SET_ANY, +d2i_ASN1_T61STRING, +d2i_ASN1_TIME, +d2i_ASN1_TYPE, +d2i_ASN1_UINTEGER, +d2i_ASN1_UNIVERSALSTRING, +d2i_ASN1_UTCTIME, +d2i_ASN1_UTF8STRING, +d2i_ASN1_VISIBLESTRING, +d2i_ASRange, +d2i_AUTHORITY_INFO_ACCESS, +d2i_AUTHORITY_KEYID, +d2i_BASIC_CONSTRAINTS, +d2i_CERTIFICATEPOLICIES, +d2i_CMS_ContentInfo, +d2i_CMS_ReceiptRequest, +d2i_CMS_bio, +d2i_CRL_DIST_POINTS, +d2i_DHxparams, +d2i_DIRECTORYSTRING, +d2i_DISPLAYTEXT, +d2i_DIST_POINT, +d2i_DIST_POINT_NAME, +d2i_DSAPrivateKey, +d2i_DSAPrivateKey_bio, +d2i_DSAPrivateKey_fp, +d2i_DSAPublicKey, +d2i_DSA_PUBKEY, +d2i_DSA_PUBKEY_bio, +d2i_DSA_PUBKEY_fp, +d2i_DSA_SIG, +d2i_DSAparams, +d2i_ECDSA_SIG, +d2i_ECPKParameters, +d2i_ECParameters, +d2i_ECPrivateKey, +d2i_ECPrivateKey_bio, +d2i_ECPrivateKey_fp, +d2i_EC_PUBKEY, +d2i_EC_PUBKEY_bio, +d2i_EC_PUBKEY_fp, +d2i_EDIPARTYNAME, +d2i_ESS_CERT_ID, +d2i_ESS_CERT_ID_V2, +d2i_ESS_ISSUER_SERIAL, +d2i_ESS_SIGNING_CERT, +d2i_ESS_SIGNING_CERT_V2, +d2i_EXTENDED_KEY_USAGE, +d2i_GENERAL_NAME, +d2i_GENERAL_NAMES, +d2i_IPAddressChoice, +d2i_IPAddressFamily, +d2i_IPAddressOrRange, +d2i_IPAddressRange, +d2i_ISSUING_DIST_POINT, +d2i_NAMING_AUTHORITY, +d2i_NETSCAPE_CERT_SEQUENCE, +d2i_NETSCAPE_SPKAC, +d2i_NETSCAPE_SPKI, +d2i_NOTICEREF, +d2i_OCSP_BASICRESP, +d2i_OCSP_CERTID, +d2i_OCSP_CERTSTATUS, +d2i_OCSP_CRLID, +d2i_OCSP_ONEREQ, +d2i_OCSP_REQINFO, +d2i_OCSP_REQUEST, +d2i_OCSP_RESPBYTES, +d2i_OCSP_RESPDATA, +d2i_OCSP_RESPID, +d2i_OCSP_RESPONSE, +d2i_OCSP_REVOKEDINFO, +d2i_OCSP_SERVICELOC, +d2i_OCSP_SIGNATURE, +d2i_OCSP_SINGLERESP, +d2i_OSSL_CMP_MSG, +d2i_OSSL_CMP_PKIHEADER, +d2i_OSSL_CRMF_CERTID, +d2i_OSSL_CRMF_CERTTEMPLATE, +d2i_OSSL_CRMF_ENCRYPTEDVALUE, +d2i_OSSL_CRMF_MSG, +d2i_OSSL_CRMF_MSGS, +d2i_OSSL_CRMF_PBMPARAMETER, +d2i_OSSL_CRMF_PKIPUBLICATIONINFO, +d2i_OSSL_CRMF_SINGLEPUBINFO, +d2i_OTHERNAME, +d2i_PBE2PARAM, +d2i_PBEPARAM, +d2i_PBKDF2PARAM, +d2i_PKCS12, +d2i_PKCS12_BAGS, +d2i_PKCS12_MAC_DATA, +d2i_PKCS12_SAFEBAG, +d2i_PKCS12_bio, +d2i_PKCS12_fp, +d2i_PKCS7, +d2i_PKCS7_DIGEST, +d2i_PKCS7_ENCRYPT, +d2i_PKCS7_ENC_CONTENT, +d2i_PKCS7_ENVELOPE, +d2i_PKCS7_ISSUER_AND_SERIAL, +d2i_PKCS7_RECIP_INFO, +d2i_PKCS7_SIGNED, +d2i_PKCS7_SIGNER_INFO, +d2i_PKCS7_SIGN_ENVELOPE, +d2i_PKCS7_bio, +d2i_PKCS7_fp, +d2i_PKCS8_PRIV_KEY_INFO, +d2i_PKCS8_PRIV_KEY_INFO_bio, +d2i_PKCS8_PRIV_KEY_INFO_fp, +d2i_PKCS8_bio, +d2i_PKCS8_fp, +d2i_PKEY_USAGE_PERIOD, +d2i_POLICYINFO, +d2i_POLICYQUALINFO, +d2i_PROFESSION_INFO, +d2i_PROXY_CERT_INFO_EXTENSION, +d2i_PROXY_POLICY, +d2i_RSAPrivateKey, +d2i_RSAPrivateKey_bio, +d2i_RSAPrivateKey_fp, +d2i_RSAPublicKey, +d2i_RSAPublicKey_bio, +d2i_RSAPublicKey_fp, +d2i_RSA_OAEP_PARAMS, +d2i_RSA_PSS_PARAMS, +d2i_RSA_PUBKEY, +d2i_RSA_PUBKEY_bio, +d2i_RSA_PUBKEY_fp, +d2i_SCRYPT_PARAMS, +d2i_SCT_LIST, +d2i_SXNET, +d2i_SXNETID, +d2i_TS_ACCURACY, +d2i_TS_MSG_IMPRINT, +d2i_TS_MSG_IMPRINT_bio, +d2i_TS_MSG_IMPRINT_fp, +d2i_TS_REQ, +d2i_TS_REQ_bio, +d2i_TS_REQ_fp, +d2i_TS_RESP, +d2i_TS_RESP_bio, +d2i_TS_RESP_fp, +d2i_TS_STATUS_INFO, +d2i_TS_TST_INFO, +d2i_TS_TST_INFO_bio, +d2i_TS_TST_INFO_fp, +d2i_USERNOTICE, +d2i_X509, +d2i_X509_ALGOR, +d2i_X509_ALGORS, +d2i_X509_ATTRIBUTE, +d2i_X509_CERT_AUX, +d2i_X509_CINF, +d2i_X509_CRL, +d2i_X509_CRL_INFO, +d2i_X509_CRL_bio, +d2i_X509_CRL_fp, +d2i_X509_EXTENSION, +d2i_X509_EXTENSIONS, +d2i_X509_NAME, +d2i_X509_NAME_ENTRY, +d2i_X509_PUBKEY, +d2i_X509_PUBKEY_bio, +d2i_X509_PUBKEY_fp, +d2i_X509_REQ, +d2i_X509_REQ_INFO, +d2i_X509_REQ_bio, +d2i_X509_REQ_fp, +d2i_X509_REVOKED, +d2i_X509_SIG, +d2i_X509_VAL, +i2d_ACCESS_DESCRIPTION, +i2d_ADMISSIONS, +i2d_ADMISSION_SYNTAX, +i2d_ASIdOrRange, +i2d_ASIdentifierChoice, +i2d_ASIdentifiers, +i2d_ASN1_BIT_STRING, +i2d_ASN1_BMPSTRING, +i2d_ASN1_ENUMERATED, +i2d_ASN1_GENERALIZEDTIME, +i2d_ASN1_GENERALSTRING, +i2d_ASN1_IA5STRING, +i2d_ASN1_INTEGER, +i2d_ASN1_NULL, +i2d_ASN1_OBJECT, +i2d_ASN1_OCTET_STRING, +i2d_ASN1_PRINTABLE, +i2d_ASN1_PRINTABLESTRING, +i2d_ASN1_SEQUENCE_ANY, +i2d_ASN1_SET_ANY, +i2d_ASN1_T61STRING, +i2d_ASN1_TIME, +i2d_ASN1_TYPE, +i2d_ASN1_UNIVERSALSTRING, +i2d_ASN1_UTCTIME, +i2d_ASN1_UTF8STRING, +i2d_ASN1_VISIBLESTRING, +i2d_ASN1_bio_stream, +i2d_ASRange, +i2d_AUTHORITY_INFO_ACCESS, +i2d_AUTHORITY_KEYID, +i2d_BASIC_CONSTRAINTS, +i2d_CERTIFICATEPOLICIES, +i2d_CMS_ContentInfo, +i2d_CMS_ReceiptRequest, +i2d_CMS_bio, +i2d_CRL_DIST_POINTS, +i2d_DHxparams, +i2d_DIRECTORYSTRING, +i2d_DISPLAYTEXT, +i2d_DIST_POINT, +i2d_DIST_POINT_NAME, +i2d_DSAPrivateKey, +i2d_DSAPrivateKey_bio, +i2d_DSAPrivateKey_fp, +i2d_DSAPublicKey, +i2d_DSA_PUBKEY, +i2d_DSA_PUBKEY_bio, +i2d_DSA_PUBKEY_fp, +i2d_DSA_SIG, +i2d_DSAparams, +i2d_ECDSA_SIG, +i2d_ECPKParameters, +i2d_ECParameters, +i2d_ECPrivateKey, +i2d_ECPrivateKey_bio, +i2d_ECPrivateKey_fp, +i2d_EC_PUBKEY, +i2d_EC_PUBKEY_bio, +i2d_EC_PUBKEY_fp, +i2d_EDIPARTYNAME, +i2d_ESS_CERT_ID, +i2d_ESS_CERT_ID_V2, +i2d_ESS_ISSUER_SERIAL, +i2d_ESS_SIGNING_CERT, +i2d_ESS_SIGNING_CERT_V2, +i2d_EXTENDED_KEY_USAGE, +i2d_GENERAL_NAME, +i2d_GENERAL_NAMES, +i2d_IPAddressChoice, +i2d_IPAddressFamily, +i2d_IPAddressOrRange, +i2d_IPAddressRange, +i2d_ISSUING_DIST_POINT, +i2d_NAMING_AUTHORITY, +i2d_NETSCAPE_CERT_SEQUENCE, +i2d_NETSCAPE_SPKAC, +i2d_NETSCAPE_SPKI, +i2d_NOTICEREF, +i2d_OCSP_BASICRESP, +i2d_OCSP_CERTID, +i2d_OCSP_CERTSTATUS, +i2d_OCSP_CRLID, +i2d_OCSP_ONEREQ, +i2d_OCSP_REQINFO, +i2d_OCSP_REQUEST, +i2d_OCSP_RESPBYTES, +i2d_OCSP_RESPDATA, +i2d_OCSP_RESPID, +i2d_OCSP_RESPONSE, +i2d_OCSP_REVOKEDINFO, +i2d_OCSP_SERVICELOC, +i2d_OCSP_SIGNATURE, +i2d_OCSP_SINGLERESP, +i2d_OSSL_CMP_MSG, +i2d_OSSL_CMP_PKIHEADER, +i2d_OSSL_CRMF_CERTID, +i2d_OSSL_CRMF_CERTTEMPLATE, +i2d_OSSL_CRMF_ENCRYPTEDVALUE, +i2d_OSSL_CRMF_MSG, +i2d_OSSL_CRMF_MSGS, +i2d_OSSL_CRMF_PBMPARAMETER, +i2d_OSSL_CRMF_PKIPUBLICATIONINFO, +i2d_OSSL_CRMF_SINGLEPUBINFO, +i2d_OTHERNAME, +i2d_PBE2PARAM, +i2d_PBEPARAM, +i2d_PBKDF2PARAM, +i2d_PKCS12, +i2d_PKCS12_BAGS, +i2d_PKCS12_MAC_DATA, +i2d_PKCS12_SAFEBAG, +i2d_PKCS12_bio, +i2d_PKCS12_fp, +i2d_PKCS7, +i2d_PKCS7_DIGEST, +i2d_PKCS7_ENCRYPT, +i2d_PKCS7_ENC_CONTENT, +i2d_PKCS7_ENVELOPE, +i2d_PKCS7_ISSUER_AND_SERIAL, +i2d_PKCS7_NDEF, +i2d_PKCS7_RECIP_INFO, +i2d_PKCS7_SIGNED, +i2d_PKCS7_SIGNER_INFO, +i2d_PKCS7_SIGN_ENVELOPE, +i2d_PKCS7_bio, +i2d_PKCS7_fp, +i2d_PKCS8PrivateKeyInfo_bio, +i2d_PKCS8PrivateKeyInfo_fp, +i2d_PKCS8_PRIV_KEY_INFO, +i2d_PKCS8_PRIV_KEY_INFO_bio, +i2d_PKCS8_PRIV_KEY_INFO_fp, +i2d_PKCS8_bio, +i2d_PKCS8_fp, +i2d_PKEY_USAGE_PERIOD, +i2d_POLICYINFO, +i2d_POLICYQUALINFO, +i2d_PROFESSION_INFO, +i2d_PROXY_CERT_INFO_EXTENSION, +i2d_PROXY_POLICY, +i2d_RSAPrivateKey, +i2d_RSAPrivateKey_bio, +i2d_RSAPrivateKey_fp, +i2d_RSAPublicKey, +i2d_RSAPublicKey_bio, +i2d_RSAPublicKey_fp, +i2d_RSA_OAEP_PARAMS, +i2d_RSA_PSS_PARAMS, +i2d_RSA_PUBKEY, +i2d_RSA_PUBKEY_bio, +i2d_RSA_PUBKEY_fp, +i2d_SCRYPT_PARAMS, +i2d_SCT_LIST, +i2d_SXNET, +i2d_SXNETID, +i2d_TS_ACCURACY, +i2d_TS_MSG_IMPRINT, +i2d_TS_MSG_IMPRINT_bio, +i2d_TS_MSG_IMPRINT_fp, +i2d_TS_REQ, +i2d_TS_REQ_bio, +i2d_TS_REQ_fp, +i2d_TS_RESP, +i2d_TS_RESP_bio, +i2d_TS_RESP_fp, +i2d_TS_STATUS_INFO, +i2d_TS_TST_INFO, +i2d_TS_TST_INFO_bio, +i2d_TS_TST_INFO_fp, +i2d_USERNOTICE, +i2d_X509, +i2d_X509_ALGOR, +i2d_X509_ALGORS, +i2d_X509_ATTRIBUTE, +i2d_X509_CERT_AUX, +i2d_X509_CINF, +i2d_X509_CRL, +i2d_X509_CRL_INFO, +i2d_X509_CRL_bio, +i2d_X509_CRL_fp, +i2d_X509_EXTENSION, +i2d_X509_EXTENSIONS, +i2d_X509_NAME, +i2d_X509_NAME_ENTRY, +i2d_X509_PUBKEY, +i2d_X509_PUBKEY_bio, +i2d_X509_PUBKEY_fp, +i2d_X509_REQ, +i2d_X509_REQ_INFO, +i2d_X509_REQ_bio, +i2d_X509_REQ_fp, +i2d_X509_REVOKED, +i2d_X509_SIG, +i2d_X509_VAL, +\&\- convert objects from/to ASN.1/DER representation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 3 +\& TYPE *d2i_TYPE(TYPE **a, unsigned char **ppin, long length); +\& TYPE *d2i_TYPE_bio(BIO *bp, TYPE **a); +\& TYPE *d2i_TYPE_fp(FILE *fp, TYPE **a); +\& +\& int i2d_TYPE(const TYPE *a, unsigned char **ppout); +\& int i2d_TYPE(TYPE *a, unsigned char **ppout); +\& int i2d_TYPE_fp(FILE *fp, const TYPE *a); +\& int i2d_TYPE_fp(FILE *fp, TYPE *a); +\& int i2d_TYPE_bio(BIO *bp, const TYPE *a); +\& int i2d_TYPE_bio(BIO *bp, TYPE *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +In the description here, \fB\f(BI\s-1TYPE\s0\fB\fR is used a placeholder +for any of the OpenSSL datatypes, such as \fIX509_CRL\fR. +The function parameters \fIppin\fR and \fIppout\fR are generally +either both named \fIpp\fR in the headers, or \fIin\fR and \fIout\fR. +.PP +These functions convert OpenSSL objects to and from their \s-1ASN\s0.1/DER +encoding. Unlike the C structures which can have pointers to sub-objects +within, the \s-1DER\s0 is a serialized encoding, suitable for sending over the +network, writing to a file, and so on. +.PP +\&\fBd2i_\f(BI\s-1TYPE\s0\fB\fR() attempts to decode \fIlen\fR bytes at \fI*ppin\fR. If successful a +pointer to the \fB\f(BI\s-1TYPE\s0\fB\fR structure is returned and \fI*ppin\fR is incremented to +the byte following the parsed data. If \fIa\fR is not \s-1NULL\s0 then a pointer +to the returned structure is also written to \fI*a\fR. If an error occurred +then \s-1NULL\s0 is returned. +.PP +On a successful return, if \fI*a\fR is not \s-1NULL\s0 then it is assumed that \fI*a\fR +contains a valid \fB\f(BI\s-1TYPE\s0\fB\fR structure and an attempt is made to reuse it. This +\&\*(L"reuse\*(R" capability is present for historical compatibility but its use is +\&\fBstrongly discouraged\fR (see \s-1BUGS\s0 below, and the discussion in the \s-1RETURN\s0 +\&\s-1VALUES\s0 section). +.PP +\&\fBd2i_\f(BI\s-1TYPE\s0\fB_bio\fR() is similar to \fBd2i_\f(BI\s-1TYPE\s0\fB\fR() except it attempts +to parse data from \s-1BIO\s0 \fIbp\fR. +.PP +\&\fBd2i_\f(BI\s-1TYPE\s0\fB_fp\fR() is similar to \fBd2i_\f(BI\s-1TYPE\s0\fB\fR() except it attempts +to parse data from \s-1FILE\s0 pointer \fIfp\fR. +.PP +\&\fBi2d_\f(BI\s-1TYPE\s0\fB\fR() encodes the structure pointed to by \fIa\fR into \s-1DER\s0 format. +If \fIppout\fR is not \s-1NULL\s0, it writes the \s-1DER\s0 encoded data to the buffer +at \fI*ppout\fR, and increments it to point after the data just written. +If the return value is negative an error occurred, otherwise it +returns the length of the encoded data. +.PP +If \fI*ppout\fR is \s-1NULL\s0 memory will be allocated for a buffer and the encoded +data written to it. In this case \fI*ppout\fR is not incremented and it points +to the start of the data just written. +.PP +\&\fBi2d_\f(BI\s-1TYPE\s0\fB_bio\fR() is similar to \fBi2d_\f(BI\s-1TYPE\s0\fB\fR() except it writes +the encoding of the structure \fIa\fR to \s-1BIO\s0 \fIbp\fR and it +returns 1 for success and 0 for failure. +.PP +\&\fBi2d_\f(BI\s-1TYPE\s0\fB_fp\fR() is similar to \fBi2d_\f(BI\s-1TYPE\s0\fB\fR() except it writes +the encoding of the structure \fIa\fR to \s-1BIO\s0 \fIbp\fR and it +returns 1 for success and 0 for failure. +.PP +These routines do not encrypt private keys and therefore offer no +security; use \fIPEM_write_PrivateKey\fR\|(3) or similar for writing to files. +.SH "NOTES" +.IX Header "NOTES" +The letters \fBi\fR and \fBd\fR in \fBi2d_\f(BI\s-1TYPE\s0\fB\fR() stand for +\&\*(L"internal\*(R" (that is, an internal C structure) and \*(L"\s-1DER\s0\*(R" respectively. +So \fBi2d_\f(BI\s-1TYPE\s0\fB\fR() converts from internal to \s-1DER\s0. +.PP +The functions can also understand \fB\s-1BER\s0\fR forms. +.PP +The actual \s-1TYPE\s0 structure passed to \fBi2d_\f(BI\s-1TYPE\s0\fB\fR() must be a valid +populated \fB\f(BI\s-1TYPE\s0\fB\fR structure \*(-- it \fBcannot\fR simply be fed with an +empty structure such as that returned by \fITYPE_new()\fR. +.PP +The encoded data is in binary form and may contain embedded zeros. +Therefore any \s-1FILE\s0 pointers or BIOs should be opened in binary mode. +Functions such as \fIstrlen()\fR will \fBnot\fR return the correct length +of the encoded structure. +.PP +The ways that \fI*ppin\fR and \fI*ppout\fR are incremented after the operation +can trap the unwary. See the \fB\s-1WARNINGS\s0\fR section for some common +errors. +The reason for this-auto increment behaviour is to reflect a typical +usage of \s-1ASN1\s0 functions: after one structure is encoded or decoded +another will be processed after it. +.PP +The following points about the data types might be useful: +.IP "\fB\s-1ASN1_OBJECT\s0\fR" 4 +.IX Item "ASN1_OBJECT" +Represents an \s-1ASN1\s0 \s-1OBJECT\s0 \s-1IDENTIFIER\s0. +.IP "\fBDHparams\fR" 4 +.IX Item "DHparams" +Represents a PKCS#3 \s-1DH\s0 parameters structure. +.IP "\fBDHxparams\fR" 4 +.IX Item "DHxparams" +Represents an \s-1ANSI\s0 X9.42 \s-1DH\s0 parameters structure. +.IP "\fB\s-1DSA_PUBKEY\s0\fR" 4 +.IX Item "DSA_PUBKEY" +Represents a \s-1DSA\s0 public key using a \fBSubjectPublicKeyInfo\fR structure. +.IP "\fBDSAPublicKey\fR, \fBDSAPrivateKey\fR" 4 +.IX Item "DSAPublicKey, DSAPrivateKey" +Use a non-standard OpenSSL format and should be avoided; use \fB\s-1DSA_PUBKEY\s0\fR, +\&\fIPEM_write_PrivateKey\fR\|(3), or similar instead. +.IP "\fB\s-1ECDSA_SIG\s0\fR" 4 +.IX Item "ECDSA_SIG" +Represents an \s-1ECDSA\s0 signature. +.IP "\fBRSAPublicKey\fR" 4 +.IX Item "RSAPublicKey" +Represents a PKCS#1 \s-1RSA\s0 public key structure. +.IP "\fBX509_ALGOR\fR" 4 +.IX Item "X509_ALGOR" +Represents an \fBAlgorithmIdentifier\fR structure as used in \s-1IETF\s0 \s-1RFC\s0 6960 and +elsewhere. +.IP "\fBX509_Name\fR" 4 +.IX Item "X509_Name" +Represents a \fBName\fR type as used for subject and issuer names in +\&\s-1IETF\s0 \s-1RFC\s0 6960 and elsewhere. +.IP "\fBX509_REQ\fR" 4 +.IX Item "X509_REQ" +Represents a PKCS#10 certificate request. +.IP "\fBX509_SIG\fR" 4 +.IX Item "X509_SIG" +Represents the \fBDigestInfo\fR structure defined in PKCS#1 and PKCS#7. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBd2i_\f(BI\s-1TYPE\s0\fB\fR(), \fBd2i_\f(BI\s-1TYPE\s0\fB_bio\fR() and \fBd2i_\f(BI\s-1TYPE\s0\fB_fp\fR() return a valid +\&\fB\f(BI\s-1TYPE\s0\fB\fR structure or \s-1NULL\s0 if an error occurs. If the \*(L"reuse\*(R" capability has +been used with a valid structure being passed in via \fIa\fR, then the object is +freed in the event of error and \fI*a\fR is set to \s-1NULL\s0. +.PP +\&\fBi2d_\f(BI\s-1TYPE\s0\fB\fR() returns the number of bytes successfully encoded or a negative +value if an error occurs. +.PP +\&\fBi2d_\f(BI\s-1TYPE\s0\fB_bio\fR() and \fBi2d_\f(BI\s-1TYPE\s0\fB_fp\fR() return 1 for success and 0 if an +error occurs. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Allocate and encode the \s-1DER\s0 encoding of an X509 structure: +.PP +.Vb 2 +\& int len; +\& unsigned char *buf; +\& +\& buf = NULL; +\& len = i2d_X509(x, &buf); +\& if (len < 0) +\& /* error */ +.Ve +.PP +Attempt to decode a buffer: +.PP +.Vb 3 +\& X509 *x; +\& unsigned char *buf, *p; +\& int len; +\& +\& /* Set up buf and len to point to the input buffer. */ +\& p = buf; +\& x = d2i_X509(NULL, &p, len); +\& if (x == NULL) +\& /* error */ +.Ve +.PP +Alternative technique: +.PP +.Vb 3 +\& X509 *x; +\& unsigned char *buf, *p; +\& int len; +\& +\& /* Set up buf and len to point to the input buffer. */ +\& p = buf; +\& x = NULL; +\& +\& if (d2i_X509(&x, &p, len) == NULL) +\& /* error */ +.Ve +.SH "WARNINGS" +.IX Header "WARNINGS" +Using a temporary variable is mandatory. A common +mistake is to attempt to use a buffer directly as follows: +.PP +.Vb 2 +\& int len; +\& unsigned char *buf; +\& +\& len = i2d_X509(x, NULL); +\& buf = OPENSSL_malloc(len); +\& ... +\& i2d_X509(x, &buf); +\& ... +\& OPENSSL_free(buf); +.Ve +.PP +This code will result in \fIbuf\fR apparently containing garbage because +it was incremented after the call to point after the data just written. +Also \fIbuf\fR will no longer contain the pointer allocated by \fIOPENSSL_malloc()\fR +and the subsequent call to \fIOPENSSL_free()\fR is likely to crash. +.PP +Another trap to avoid is misuse of the \fIa\fR argument to \fBd2i_\f(BI\s-1TYPE\s0\fB\fR(): +.PP +.Vb 1 +\& X509 *x; +\& +\& if (d2i_X509(&x, &p, len) == NULL) +\& /* error */ +.Ve +.PP +This will probably crash somewhere in \fId2i_X509()\fR. The reason for this +is that the variable \fIx\fR is uninitialized and an attempt will be made to +interpret its (invalid) value as an \fBX509\fR structure, typically causing +a segmentation violation. If \fIx\fR is set to \s-1NULL\s0 first then this will not +happen. +.SH "BUGS" +.IX Header "BUGS" +In some versions of OpenSSL the \*(L"reuse\*(R" behaviour of \fBd2i_\f(BI\s-1TYPE\s0\fB\fR() when +\&\fI*a\fR is valid is broken and some parts of the reused structure may +persist if they are not present in the new one. Additionally, in versions of +OpenSSL prior to 1.1.0, when the \*(L"reuse\*(R" behaviour is used and an error occurs +the behaviour is inconsistent. Some functions behaved as described here, while +some did not free \fI*a\fR on error and did not set \fI*a\fR to \s-1NULL\s0. +.PP +As a result of the above issues the \*(L"reuse\*(R" behaviour is strongly discouraged. +.PP +\&\fBi2d_\f(BI\s-1TYPE\s0\fB\fR() will not return an error in many versions of OpenSSL, +if mandatory fields are not initialized due to a programming error +then the encoded structure may contain invalid data or omit the +fields entirely and will not be parsed by \fBd2i_\f(BI\s-1TYPE\s0\fB\fR(). This may be +fixed in future so code should not assume that \fBi2d_\f(BI\s-1TYPE\s0\fB\fR() will +always succeed. +.PP +Any function which encodes a structure (\fBi2d_\f(BI\s-1TYPE\s0\fB\fR(), +\&\fBi2d_\f(BI\s-1TYPE\s0\fB\fR() or \fBi2d_\f(BI\s-1TYPE\s0\fB\fR()) may return a stale encoding if the +structure has been modified after deserialization or previous +serialization. This is because some objects cache the encoding for +efficiency reasons. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 1998\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/i2d_CMS_bio_stream.3 b/linux_amd64/share/man/man3/i2d_CMS_bio_stream.3 new file mode 100755 index 0000000..fc73af0 --- /dev/null +++ b/linux_amd64/share/man/man3/i2d_CMS_bio_stream.3 @@ -0,0 +1,173 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "I2D_CMS_BIO_STREAM 3" +.TH I2D_CMS_BIO_STREAM 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +i2d_CMS_bio_stream \- output CMS_ContentInfo structure in BER format +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *data, int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIi2d_CMS_bio_stream()\fR outputs a CMS_ContentInfo structure in \s-1BER\s0 format. +.PP +It is otherwise identical to the function \fISMIME_write_CMS()\fR. +.SH "NOTES" +.IX Header "NOTES" +This function is effectively a version of the \fIi2d_CMS_bio()\fR supporting +streaming. +.SH "BUGS" +.IX Header "BUGS" +The prefix \*(L"i2d\*(R" is arguably wrong because the function outputs \s-1BER\s0 format. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIi2d_CMS_bio_stream()\fR returns 1 for success or 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3), +\&\fICMS_verify\fR\|(3), \fICMS_encrypt\fR\|(3) +\&\fICMS_decrypt\fR\|(3), +\&\fISMIME_write_CMS\fR\|(3), +\&\fIPEM_write_bio_CMS_stream\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fIi2d_CMS_bio_stream()\fR function was added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/i2d_PKCS7_bio_stream.3 b/linux_amd64/share/man/man3/i2d_PKCS7_bio_stream.3 new file mode 100755 index 0000000..82e29eb --- /dev/null +++ b/linux_amd64/share/man/man3/i2d_PKCS7_bio_stream.3 @@ -0,0 +1,173 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "I2D_PKCS7_BIO_STREAM 3" +.TH I2D_PKCS7_BIO_STREAM 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +i2d_PKCS7_bio_stream \- output PKCS7 structure in BER format +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *data, int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIi2d_PKCS7_bio_stream()\fR outputs a \s-1PKCS7\s0 structure in \s-1BER\s0 format. +.PP +It is otherwise identical to the function \fISMIME_write_PKCS7()\fR. +.SH "NOTES" +.IX Header "NOTES" +This function is effectively a version of the \fId2i_PKCS7_bio()\fR supporting +streaming. +.SH "BUGS" +.IX Header "BUGS" +The prefix \*(L"i2d\*(R" is arguably wrong because the function outputs \s-1BER\s0 format. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIi2d_PKCS7_bio_stream()\fR returns 1 for success or 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fIPKCS7_sign\fR\|(3), +\&\fIPKCS7_verify\fR\|(3), \fIPKCS7_encrypt\fR\|(3) +\&\fIPKCS7_decrypt\fR\|(3), +\&\fISMIME_write_PKCS7\fR\|(3), +\&\fIPEM_write_bio_PKCS7_stream\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fIi2d_PKCS7_bio_stream()\fR function was added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/i2d_re_X509_tbs.3 b/linux_amd64/share/man/man3/i2d_re_X509_tbs.3 new file mode 100755 index 0000000..068da33 --- /dev/null +++ b/linux_amd64/share/man/man3/i2d_re_X509_tbs.3 @@ -0,0 +1,211 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "I2D_RE_X509_TBS 3" +.TH I2D_RE_X509_TBS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +d2i_X509_AUX, i2d_X509_AUX, +i2d_re_X509_tbs, i2d_re_X509_CRL_tbs, i2d_re_X509_REQ_tbs +\&\- X509 encode and decode functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& X509 *d2i_X509_AUX(X509 **px, const unsigned char **in, long len); +\& int i2d_X509_AUX(X509 *x, unsigned char **out); +\& int i2d_re_X509_tbs(X509 *x, unsigned char **out); +\& int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **pp); +\& int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The X509 encode and decode routines encode and parse an +\&\fBX509\fR structure, which represents an X509 certificate. +.PP +\&\fId2i_X509_AUX()\fR is similar to \fId2i_X509\fR\|(3) but the input is expected to +consist of an X509 certificate followed by auxiliary trust information. +This is used by the \s-1PEM\s0 routines to read \*(L"\s-1TRUSTED\s0 \s-1CERTIFICATE\s0\*(R" objects. +This function should not be called on untrusted input. +.PP +\&\fIi2d_X509_AUX()\fR is similar to \fIi2d_X509\fR\|(3), but the encoded output +contains both the certificate and any auxiliary trust information. +This is used by the \s-1PEM\s0 routines to write \*(L"\s-1TRUSTED\s0 \s-1CERTIFICATE\s0\*(R" objects. +Note that this is a non-standard OpenSSL-specific data format. +.PP +\&\fIi2d_re_X509_tbs()\fR is similar to \fIi2d_X509\fR\|(3) except it encodes only +the TBSCertificate portion of the certificate. \fIi2d_re_X509_CRL_tbs()\fR +and \fIi2d_re_X509_REQ_tbs()\fR are analogous for \s-1CRL\s0 and certificate request, +respectively. The \*(L"re\*(R" in \fBi2d_re_X509_tbs\fR stands for \*(L"re-encode\*(R", +and ensures that a fresh encoding is generated in case the object has been +modified after creation (see the \s-1BUGS\s0 section). +.PP +The encoding of the TBSCertificate portion of a certificate is cached +in the \fBX509\fR structure internally to improve encoding performance +and to ensure certificate signatures are verified correctly in some +certificates with broken (non-DER) encodings. +.PP +If, after modification, the \fBX509\fR object is re-signed with \fIX509_sign()\fR, +the encoding is automatically renewed. Otherwise, the encoding of the +TBSCertificate portion of the \fBX509\fR can be manually renewed by calling +\&\fIi2d_re_X509_tbs()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fId2i_X509_AUX()\fR returns a valid \fBX509\fR structure or \s-1NULL\s0 if an error occurred. +.PP +\&\fIi2d_X509_AUX()\fR returns the length of encoded data or \-1 on error. +.PP +\&\fIi2d_re_X509_tbs()\fR, \fIi2d_re_X509_CRL_tbs()\fR and \fIi2d_re_X509_REQ_tbs()\fR return the +length of encoded data or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3) +\&\fIX509_CRL_get0_by_serial\fR\|(3), +\&\fIX509_get0_signature\fR\|(3), +\&\fIX509_get_ext_d2i\fR\|(3), +\&\fIX509_get_extension_flags\fR\|(3), +\&\fIX509_get_pubkey\fR\|(3), +\&\fIX509_get_subject_name\fR\|(3), +\&\fIX509_get_version\fR\|(3), +\&\fIX509_NAME_add_entry_by_txt\fR\|(3), +\&\fIX509_NAME_ENTRY_get_object\fR\|(3), +\&\fIX509_NAME_get_index_by_NID\fR\|(3), +\&\fIX509_NAME_print_ex\fR\|(3), +\&\fIX509_new\fR\|(3), +\&\fIX509_sign\fR\|(3), +\&\fIX509V3_get_d2i\fR\|(3), +\&\fIX509_verify_cert\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/o2i_SCT_LIST.3 b/linux_amd64/share/man/man3/o2i_SCT_LIST.3 new file mode 100755 index 0000000..5ea5f66 --- /dev/null +++ b/linux_amd64/share/man/man3/o2i_SCT_LIST.3 @@ -0,0 +1,171 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "O2I_SCT_LIST 3" +.TH O2I_SCT_LIST 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +o2i_SCT_LIST, i2o_SCT_LIST, o2i_SCT, i2o_SCT \- +decode and encode Signed Certificate Timestamp lists in TLS wire format +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& STACK_OF(SCT) *o2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, +\& size_t len); +\& int i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp); +\& SCT *o2i_SCT(SCT **psct, const unsigned char **in, size_t len); +\& int i2o_SCT(const SCT *sct, unsigned char **out); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1SCT_LIST\s0 and \s-1SCT\s0 functions are very similar to the i2d and d2i family of +functions, except that they convert to and from \s-1TLS\s0 wire format, as described in +\&\s-1RFC\s0 6962. See \fId2i_SCT_LIST\fR\|(3) for more information about how the parameters are +treated and the return values. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All of the functions have return values consistent with those stated for +\&\fId2i_SCT_LIST\fR\|(3) and \fIi2d_SCT_LIST\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIct\fR\|(7), +\&\fId2i_SCT_LIST\fR\|(3), +\&\fIi2d_SCT_LIST\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man3/s2i_ASN1_IA5STRING.3 b/linux_amd64/share/man/man3/s2i_ASN1_IA5STRING.3 new file mode 100755 index 0000000..2380a96 --- /dev/null +++ b/linux_amd64/share/man/man3/s2i_ASN1_IA5STRING.3 @@ -0,0 +1,203 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "S2I_ASN1_IA5STRING 3" +.TH S2I_ASN1_IA5STRING 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +i2s_ASN1_IA5STRING, +s2i_ASN1_IA5STRING, +i2s_ASN1_INTEGER, +s2i_ASN1_INTEGER, +i2s_ASN1_OCTET_STRING, +s2i_ASN1_OCTET_STRING, +i2s_ASN1_ENUMERATED, +i2s_ASN1_ENUMERATED_TABLE, +\&\- convert objects from/to ASN.1/string representation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 12 +\& char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5); +\& ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, +\& X509V3_CTX *ctx, const char *str); +\& char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, const ASN1_INTEGER *a); +\& ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, const char *value); +\& char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, +\& const ASN1_OCTET_STRING *oct); +\& ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, +\& X509V3_CTX *ctx, const char *str); +\& char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *method, const ASN1_ENUMERATED *a); +\& char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method, +\& const ASN1_ENUMERATED *e); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions convert OpenSSL objects to and from their \s-1ASN\s0.1/string +representation. This function is used for \fBX509v3\fR extentions. +.SH "NOTES" +.IX Header "NOTES" +The letters \fBi\fR and \fBs\fR in \fBi2s_ASN1_IA5STRING\fR() stand for +\&\*(L"internal\*(R" (that is, an internal C structure) and string respectively. +So \fBi2s_ASN1_IA5STRING\fR() converts from internal to string. +.PP +It is the caller's responsibility to free the returned string. +In the \fBi2s_ASN1_IA5STRING\fR() function the string is copied and +the ownership of the original string remains with the caller. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBi2s_ASN1_IA5STRING\fR() returns the pointer to a \s-1IA5\s0 string +or \s-1NULL\s0 if an error occurs. +.PP +\&\fBs2i_ASN1_IA5STRING\fR() return a valid +\&\fB\s-1ASN1_IA5STRING\s0\fR structure or \s-1NULL\s0 if an error occurs. +.PP +\&\fBi2s_ASN1_INTEGER\fR() return a valid +string or \s-1NULL\s0 if an error occurs. +.PP +\&\fBs2i_ASN1_INTEGER\fR() returns the pointer to a \fB\s-1ASN1_INTEGER\s0\fR +structure or \s-1NULL\s0 if an error occurs. +.PP +\&\fBi2s_ASN1_OCTET_STRING\fR() returns the pointer to a \s-1OCTET_STRING\s0 string +or \s-1NULL\s0 if an error occurs. +.PP +\&\fBs2i_ASN1_OCTET_STRING\fR() return a valid +\&\fB\s-1ASN1_OCTET_STRING\s0\fR structure or \s-1NULL\s0 if an error occurs. +.PP +\&\fBi2s_ASN1_ENUMERATED\fR() return a valid +string or \s-1NULL\s0 if an error occurs. +.PP +\&\fBs2i_ASN1_ENUMERATED\fR() returns the pointer to a \fB\s-1ASN1_ENUMERATED\s0\fR +structure or \s-1NULL\s0 if an error occurs. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man5/config.5 b/linux_amd64/share/man/man5/config.5 new file mode 100755 index 0000000..e345326 --- /dev/null +++ b/linux_amd64/share/man/man5/config.5 @@ -0,0 +1,715 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CONFIG 5" +.TH CONFIG 5 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +config \- OpenSSL CONF library configuration files +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The OpenSSL \s-1CONF\s0 library can be used to read configuration files. +It is used for the OpenSSL master configuration file \fBopenssl.cnf\fR +and in a few other places like \fB\s-1SPKAC\s0\fR files and certificate extension +files for the \fBx509\fR utility. OpenSSL applications can also use the +\&\s-1CONF\s0 library for their own purposes. +.PP +A configuration file is divided into a number of sections. Each section +starts with a line \f(CW\*(C`[section_name]\*(C'\fR and ends when a new section is +started or end of file is reached. A section name can consist of +alphanumeric characters and underscores. The brackets are required. +.PP +The first section of a configuration file is special and is referred +to as the \fBdefault\fR section. This section is usually unnamed and spans from the +start of file until the first named section. When a name is being looked up +it is first looked up in a named section (if any) and then the +default section. +.PP +The environment is mapped onto a section called \fB\s-1ENV\s0\fR. +.PP +Comments can be included by preceding them with the \fB#\fR character +.PP +Other files can be included using the \fB.include\fR directive followed +by a path. If the path points to a directory all files with +names ending with \fB.cnf\fR or \fB.conf\fR are included from the directory. +Recursive inclusion of directories from files in such directory is not +supported. That means the files in the included directory can also contain +\&\fB.include\fR directives but only inclusion of regular files is supported +there. The inclusion of directories is not supported on systems without +\&\s-1POSIX\s0 \s-1IO\s0 support. +.PP +It is strongly recommended to use absolute paths with the \fB.include\fR +directive. Relative paths are evaluated based on the application current +working directory so unless the configuration file containing the +\&\fB.include\fR directive is application specific the inclusion will not +work as expected. The environment variable \fB\s-1OPENSSL_CONF_INCLUDE\s0\fR can also be +used to specify the path to prepend to all .include paths. +.PP +There can be optional \fB=\fR character and whitespace characters between +\&\fB.include\fR directive and the path which can be useful in cases the +configuration file needs to be loaded by old OpenSSL versions which do +not support the \fB.include\fR syntax. They would bail out with error +if the \fB=\fR character is not present but with it they just ignore +the include. +.PP +Pragmas can be specified with the \fB.pragma\fR directive. +See \*(L"\s-1PRAGMAS\s0\*(R" for more information. +.PP +Each section in a configuration file consists of a number of name and +value pairs of the form \fBname=value\fR +.PP +The \fBname\fR string can contain any alphanumeric characters as well as +a few punctuation symbols such as \fB.\fR \fB,\fR \fB;\fR and \fB_\fR. +.PP +The \fBvalue\fR string consists of the string following the \fB=\fR character +until end of line with any leading and trailing white space removed. +.PP +The value string undergoes variable expansion. This can be done by +including the form \fB\f(CB$var\fB\fR or \fB${var}\fR: this will substitute the value +of the named variable in the current section. It is also possible to +substitute a value from another section using the syntax \fB\f(CB$section::name\fB\fR +or \fB${section::name}\fR. By using the form \fB\f(CB$ENV::name\fB\fR environment +variables can be substituted. It is also possible to assign values to +environment variables by using the name \fBENV::name\fR, this will work +if the program looks up environment variables using the \fB\s-1CONF\s0\fR library +instead of calling \fIgetenv()\fR directly. The value string must not exceed 64k in +length after variable expansion. Otherwise an error will occur. +.PP +It is possible to escape certain characters by using any kind of quote +or the \fB\e\fR character. By making the last character of a line a \fB\e\fR +a \fBvalue\fR string can be spread across multiple lines. In addition +the sequences \fB\en\fR, \fB\er\fR, \fB\eb\fR and \fB\et\fR are recognized. +.PP +All expansion and escape rules as described above that apply to \fBvalue\fR +also apply to the path of the \fB.include\fR directive. +.SH "PRAGMAS" +.IX Header "PRAGMAS" +Pragmas can be used to change the behavior of the configuration file +parser, among others. Currently supported pragmas are: +.IP "\fB.pragma\fR \fBdollarid\fR:\fIvalue\fR" 4 +.IX Item ".pragma dollarid:value" +\&\fIvalue\fR can be one of: +.RS 4 +.ie n .IP "\fB""on""\fR or \fB""true""\fR" 4 +.el .IP "\fB``on''\fR or \fB``true''\fR" 4 +.IX Item "on or true" +this signifies that dollar signs are considered an identity character +from this point on and that variable expansion requires the use of +braces or parentheses. In other words, \f(CW\*(C`foo$bar\*(C'\fR will be considered +a name instead of \f(CW\*(C`foo\*(C'\fR followed by the expansion of the variable +\&\f(CW\*(C`bar\*(C'\fR. +This is suitable for platforms where the dollar sign is commonly used +as part of names. +.ie n .IP "\fB""off""\fR or \fB""false""\fR" 4 +.el .IP "\fB``off''\fR or \fB``false''\fR" 4 +.IX Item "off or false" +Turns this pragma off, i.e. \f(CW\*(C`foo$bar\*(C'\fR will be interpreted as \f(CW\*(C`foo\*(C'\fR +followed by the expansion of the variable \f(CW\*(C`bar\*(C'\fR. +.RE +.RS 4 +.Sp +By default, this pragma is turned off. +.RE +.SH "OPENSSL LIBRARY CONFIGURATION" +.IX Header "OPENSSL LIBRARY CONFIGURATION" +Applications can automatically configure certain +aspects of OpenSSL using the master OpenSSL configuration file, or optionally +an alternative configuration file. The \fBopenssl\fR utility includes this +functionality: any sub command uses the master OpenSSL configuration file +unless an option is used in the sub command to use an alternative configuration +file. +.PP +To enable library configuration the default section needs to contain an +appropriate line which points to the main configuration section. The default +name is \fBopenssl_conf\fR which is used by the \fBopenssl\fR utility. Other +applications may use an alternative name such as \fBmyapplication_conf\fR. +All library configuration lines appear in the default section at the start +of the configuration file. +.PP +The configuration section should consist of a set of name value pairs which +contain specific module configuration information. The \fBname\fR represents +the name of the \fIconfiguration module\fR. The meaning of the \fBvalue\fR is +module specific: it may, for example, represent a further configuration +section containing configuration module specific information. E.g.: +.PP +.Vb 2 +\& # This must be in the default section +\& openssl_conf = openssl_init +\& +\& [openssl_init] +\& +\& oid_section = new_oids +\& engines = engine_section +\& providers = provider_section +\& +\& [new_oids] +\& +\& ... new oids here ... +\& +\& [engine_section] +\& +\& ... engine stuff here ... +\& +\& [provider_section] +\& +\& ... provider stuff here ... +.Ve +.PP +The features of each configuration module are described below. +.SS "\s-1ASN1\s0 Object Configuration Module" +.IX Subsection "ASN1 Object Configuration Module" +This module has the name \fBoid_section\fR. The value of this variable points +to a section containing name value pairs of OIDs: the name is the \s-1OID\s0 short +and long name, the value is the numerical form of the \s-1OID\s0. Although some of +the \fBopenssl\fR utility sub commands already have their own \s-1ASN1\s0 \s-1OBJECT\s0 section +functionality not all do. By using the \s-1ASN1\s0 \s-1OBJECT\s0 configuration module +\&\fBall\fR the \fBopenssl\fR utility sub commands can see the new objects as well +as any compliant applications. For example: +.PP +.Vb 1 +\& [new_oids] +\& +\& some_new_oid = 1.2.3.4 +\& some_other_oid = 1.2.3.5 +.Ve +.PP +It is also possible to set the value to the long name followed +by a comma and the numerical \s-1OID\s0 form. For example: +.PP +.Vb 1 +\& shortName = some object long name, 1.2.3.4 +.Ve +.SS "Engine Configuration Module" +.IX Subsection "Engine Configuration Module" +This \s-1ENGINE\s0 configuration module has the name \fBengines\fR. The value of this +variable points to a section containing further \s-1ENGINE\s0 configuration +information. +.PP +The section pointed to by \fBengines\fR is a table of engine names (though see +\&\fBengine_id\fR below) and further sections containing configuration information +specific to each \s-1ENGINE\s0. +.PP +Each \s-1ENGINE\s0 specific section is used to set default algorithms, load +dynamic, perform initialization and send ctrls. The actual operation performed +depends on the \fIcommand\fR name which is the name of the name value pair. The +currently supported commands are listed below. +.PP +For example: +.PP +.Vb 1 +\& [engine_section] +\& +\& # Configure ENGINE named "foo" +\& foo = foo_section +\& # Configure ENGINE named "bar" +\& bar = bar_section +\& +\& [foo_section] +\& ... foo ENGINE specific commands ... +\& +\& [bar_section] +\& ... "bar" ENGINE specific commands ... +.Ve +.PP +The command \fBengine_id\fR is used to give the \s-1ENGINE\s0 name. If used this +command must be first. For example: +.PP +.Vb 3 +\& [engine_section] +\& # This would normally handle an ENGINE named "foo" +\& foo = foo_section +\& +\& [foo_section] +\& # Override default name and use "myfoo" instead. +\& engine_id = myfoo +.Ve +.PP +The command \fBdynamic_path\fR loads and adds an \s-1ENGINE\s0 from the given path. It +is equivalent to sending the ctrls \fB\s-1SO_PATH\s0\fR with the path argument followed +by \fB\s-1LIST_ADD\s0\fR with value 2 and \fB\s-1LOAD\s0\fR to the dynamic \s-1ENGINE\s0. If this is +not the required behaviour then alternative ctrls can be sent directly +to the dynamic \s-1ENGINE\s0 using ctrl commands. +.PP +The command \fBinit\fR determines whether to initialize the \s-1ENGINE\s0. If the value +is \fB0\fR the \s-1ENGINE\s0 will not be initialized, if \fB1\fR and attempt it made to +initialized the \s-1ENGINE\s0 immediately. If the \fBinit\fR command is not present +then an attempt will be made to initialize the \s-1ENGINE\s0 after all commands in +its section have been processed. +.PP +The command \fBdefault_algorithms\fR sets the default algorithms an \s-1ENGINE\s0 will +supply using the functions \fIENGINE_set_default_string()\fR. +.PP +If the name matches none of the above command names it is assumed to be a +ctrl command which is sent to the \s-1ENGINE\s0. The value of the command is the +argument to the ctrl command. If the value is the string \fB\s-1EMPTY\s0\fR then no +value is sent to the command. +.PP +For example: +.PP +.Vb 1 +\& [engine_section] +\& +\& # Configure ENGINE named "foo" +\& foo = foo_section +\& +\& [foo_section] +\& # Load engine from DSO +\& dynamic_path = /some/path/fooengine.so +\& # A foo specific ctrl. +\& some_ctrl = some_value +\& # Another ctrl that doesn\*(Aqt take a value. +\& other_ctrl = EMPTY +\& # Supply all default algorithms +\& default_algorithms = ALL +.Ve +.SS "Provider Configuration Module" +.IX Subsection "Provider Configuration Module" +This provider configuration module has the name \fBproviders\fR. The +value of this variable points to a section containing further provider +configuration information. +.PP +The section pointed to by \fBproviders\fR is a table of provider names +(though see \fBidentity\fR below) and further sections containing +configuration information specific to each provider module. +.PP +Each provider specific section is used to load its module, perform +activation and set parameters to pass to the provider on demand. The +actual operation performed depends on the name of the name value pair. +The currently supported commands are listed below. +.PP +For example: +.PP +.Vb 1 +\& [provider_section] +\& +\& # Configure provider named "foo" +\& foo = foo_section +\& # Configure provider named "bar" +\& bar = bar_section +\& +\& [foo_section] +\& ... "foo" provider specific parameters ... +\& +\& [bar_section] +\& ... "bar" provider specific parameters ... +.Ve +.PP +The command \fBidentity\fR is used to give the provider name. For example: +.PP +.Vb 3 +\& [provider_section] +\& # This would normally handle a provider named "foo" +\& foo = foo_section +\& +\& [foo_section] +\& # Override default name and use "myfoo" instead. +\& identity = myfoo +.Ve +.PP +The parameter \fBmodule\fR loads and adds a provider module from the +given module path. That path may be a simple filename, a relative +path or an absolute path. +.PP +The parameter \fBactivate\fR determines whether to activate the +provider. The value has no importance, the presence of the parameter +is enough for activation to take place. +.PP +All parameters in the section as well as sub-sections are made +available to the provider. +.SS "\s-1EVP\s0 Configuration Module" +.IX Subsection "EVP Configuration Module" +This module has the name \fBalg_section\fR which points to a section containing +algorithm commands. +.PP +The supported algorithm commands are: +.IP "\fBdefault_properties\fR" 4 +.IX Item "default_properties" +The value may be anything that is acceptable as a property query +string for \fIEVP_set_default_properties()\fR. +.IP "\fBfips_mode\fR (deprecated)" 4 +.IX Item "fips_mode (deprecated)" +The value is a boolean that can be \fByes\fR or \fBno\fR. If the value is +\&\fByes\fR, this is exactly equivalent to: +.Sp +.Vb 1 +\& default_properties = fips=yes +.Ve +.Sp +If the value is \fBno\fR, nothing happens. +.PP +These two commands should not be used together, as there is no control +over how they affect each other. +The use of \fBfips_mode\fR is strongly discouraged and is only present +for backward compatibility with earlier OpenSSL \s-1FIPS\s0 modules. +.SS "\s-1SSL\s0 Configuration Module" +.IX Subsection "SSL Configuration Module" +This module has the name \fBssl_conf\fR which points to a section containing +\&\s-1SSL\s0 configurations. +.PP +Each line in the \s-1SSL\s0 configuration section contains the name of the +configuration and the section containing it. +.PP +Each configuration section consists of command value pairs for \fB\s-1SSL_CONF\s0\fR. +Each pair will be passed to a \fB\s-1SSL_CTX\s0\fR or \fB\s-1SSL\s0\fR structure if it calls +\&\fISSL_CTX_config()\fR or \fISSL_config()\fR with the appropriate configuration name. +.PP +Note: any characters before an initial dot in the configuration section are +ignored so the same command can be used multiple times. +.PP +For example: +.PP +.Vb 1 +\& ssl_conf = ssl_sect +\& +\& [ssl_sect] +\& +\& server = server_section +\& +\& [server_section] +\& +\& RSA.Certificate = server\-rsa.pem +\& ECDSA.Certificate = server\-ecdsa.pem +\& Ciphers = ALL:!RC4 +.Ve +.PP +The system default configuration with name \fBsystem_default\fR if present will +be applied during any creation of the \fB\s-1SSL_CTX\s0\fR structure. +.PP +Example of a configuration with the system default: +.PP +.Vb 1 +\& ssl_conf = ssl_sect +\& +\& [ssl_sect] +\& +\& system_default = system_default_sect +\& +\& [system_default_sect] +\& +\& MinProtocol = TLSv1.2 +.Ve +.SH "NOTES" +.IX Header "NOTES" +If a configuration file attempts to expand a variable that doesn't exist +then an error is flagged and the file will not load. This can happen +if an attempt is made to expand an environment variable that doesn't +exist. For example in a previous version of OpenSSL the default OpenSSL +master configuration file used the value of \fB\s-1HOME\s0\fR which may not be +defined on non Unix systems and would cause an error. +.PP +This can be worked around by including a \fBdefault\fR section to provide +a default value: then if the environment lookup fails the default value +will be used instead. For this to work properly the default value must +be defined earlier in the configuration file than the expansion. See +the \fB\s-1EXAMPLES\s0\fR section for an example of how to do this. +.PP +If the same variable exists in the same section then all but the last +value will be silently ignored. In certain circumstances such as with +DNs the same field may occur multiple times. This is usually worked +around by ignoring any characters before an initial \fB.\fR e.g. +.PP +.Vb 2 +\& 1.OU="My first OU" +\& 2.OU="My Second OU" +.Ve +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Here is a sample configuration file using some of the features +mentioned above. +.PP +.Vb 1 +\& # This is the default section. +\& +\& HOME=/temp +\& configdir=$ENV::HOME/config +\& +\& [ section_one ] +\& +\& # We are now in section one. +\& +\& # Quotes permit leading and trailing whitespace +\& any = " any variable name " +\& +\& other = A string that can \e +\& cover several lines \e +\& by including \e\e characters +\& +\& message = Hello World\en +\& +\& [ section_two ] +\& +\& greeting = $section_one::message +.Ve +.PP +This next example shows how to expand environment variables safely. +.PP +Suppose you want a variable called \fBtmpfile\fR to refer to a +temporary filename. The directory it is placed in can determined by +the \fB\s-1TEMP\s0\fR or \fB\s-1TMP\s0\fR environment variables but they may not be +set to any value at all. If you just include the environment variable +names and the variable doesn't exist then this will cause an error when +an attempt is made to load the configuration file. By making use of the +default section both values can be looked up with \fB\s-1TEMP\s0\fR taking +priority and \fB/tmp\fR used if neither is defined: +.PP +.Vb 5 +\& TMP=/tmp +\& # The above value is used if TMP isn\*(Aqt in the environment +\& TEMP=$ENV::TMP +\& # The above value is used if TEMP isn\*(Aqt in the environment +\& tmpfile=${ENV::TEMP}/tmp.filename +.Ve +.PP +Simple OpenSSL library configuration example to enter \s-1FIPS\s0 mode: +.PP +.Vb 3 +\& # Default appname: should match "appname" parameter (if any) +\& # supplied to CONF_modules_load_file et al. +\& openssl_conf = openssl_conf_section +\& +\& [openssl_conf_section] +\& # Configuration module list +\& alg_section = evp_sect +\& +\& [evp_sect] +\& # Set to "yes" to enter FIPS mode if supported +\& fips_mode = yes +.Ve +.PP +Note: in the above example you will get an error in non \s-1FIPS\s0 capable versions +of OpenSSL. +.PP +Simple OpenSSL library configuration to make \s-1TLS\s0 1.3 the system-default +minimum \s-1TLS\s0 version: +.PP +.Vb 2 +\& # Toplevel section for openssl (including libssl) +\& openssl_conf = default_conf_section +\& +\& [default_conf_section] +\& # We only specify configuration for the "ssl module" +\& ssl_conf = ssl_section +\& +\& [ssl_section] +\& system_default = system_default_section +\& +\& [system_default_section] +\& MinProtocol = TLSv1.3 +.Ve +.PP +More complex OpenSSL library configuration. Add \s-1OID\s0 and don't enter \s-1FIPS\s0 mode: +.PP +.Vb 3 +\& # Default appname: should match "appname" parameter (if any) +\& # supplied to CONF_modules_load_file et al. +\& openssl_conf = openssl_conf_section +\& +\& [openssl_conf_section] +\& # Configuration module list +\& alg_section = evp_sect +\& oid_section = new_oids +\& +\& [evp_sect] +\& # This will have no effect as FIPS mode is off by default. +\& # Set to "yes" to enter FIPS mode, if supported +\& fips_mode = no +\& +\& [new_oids] +\& # New OID, just short name +\& newoid1 = 1.2.3.4.1 +\& # New OID shortname and long name +\& newoid2 = New OID 2 long name, 1.2.3.4.2 +.Ve +.PP +The above examples can be used with any application supporting library +configuration if \*(L"openssl_conf\*(R" is modified to match the appropriate \*(L"appname\*(R". +.PP +For example if the second sample file above is saved to \*(L"example.cnf\*(R" then +the command line: +.PP +.Vb 1 +\& OPENSSL_CONF=example.cnf openssl asn1parse \-genstr OID:1.2.3.4.1 +.Ve +.PP +will output: +.PP +.Vb 1 +\& 0:d=0 hl=2 l= 4 prim: OBJECT :newoid1 +.Ve +.PP +showing that the \s-1OID\s0 \*(L"newoid1\*(R" has been added as \*(L"1.2.3.4.1\*(R". +.SH "ENVIRONMENT" +.IX Header "ENVIRONMENT" +.IP "\fB\s-1OPENSSL_CONF\s0\fR" 4 +.IX Item "OPENSSL_CONF" +The path to the config file. +Ignored in set-user-ID and set-group-ID programs. +.IP "\fB\s-1OPENSSL_ENGINES\s0\fR" 4 +.IX Item "OPENSSL_ENGINES" +The path to the engines directory. +Ignored in set-user-ID and set-group-ID programs. +.IP "\fB\s-1OPENSSL_MODULES\s0\fR" 4 +.IX Item "OPENSSL_MODULES" +The path to the directory with OpenSSL modules, such as providers. +Ignored in set-user-ID and set-group-ID programs. +.IP "\fB\s-1OPENSSL_CONF_INCLUDE\s0\fR" 4 +.IX Item "OPENSSL_CONF_INCLUDE" +The optional path to prepend to all .include paths. +.SH "BUGS" +.IX Header "BUGS" +Currently there is no way to include characters using the octal \fB\ennn\fR +form. Strings are all null terminated so nulls cannot form part of +the value. +.PP +The escaping isn't quite right: if you want to use sequences like \fB\en\fR +you can't use any quote escaping on the same line. +.PP +Files are loaded in a single pass. This means that an variable expansion +will only work if the variables referenced are defined earlier in the +file. +.SH "HISTORY" +.IX Header "HISTORY" +An undocumented \s-1API\s0, \s-1\fINCONF_WIN32\s0()\fR, used a slightly different set +of parsing rules there were intended to be tailored to +the Microsoft Windows platform. +Specifically, the backslash character was not an escape character and +could be used in pathnames, only the double-quote character was recognized, +and comments began with a semi-colon. +This function was deprecated in OpenSSL 3.0; applications with +configuration files using that syntax will have to be modified. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\-x509\fR\|(1), \fIopenssl\-req\fR\|(1), \fIopenssl\-ca\fR\|(1), \fIfips_config\fR\|(5) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man5/fips_config.5 b/linux_amd64/share/man/man5/fips_config.5 new file mode 100755 index 0000000..593da88 --- /dev/null +++ b/linux_amd64/share/man/man5/fips_config.5 @@ -0,0 +1,185 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "FIPS_CONFIG 5" +.TH FIPS_CONFIG 5 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +fips_config \- OpenSSL FIPS configuration +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A separate configuration file containing data related to \s-1FIPS\s0 'self tests' is +written to during installation time. +This data is used for 2 purposes when the fips module is loaded: +.IP "\- Verify the module's checksum each time the fips module loads." 4 +.IX Item "- Verify the module's checksum each time the fips module loads." +.PD 0 +.IP "\- Run the startup \s-1FIPS\s0 self test \s-1KATS\s0 (known answer tests). This only needs to be run once during installation." 4 +.IX Item "- Run the startup FIPS self test KATS (known answer tests). This only needs to be run once during installation." +.PD +.PP +The supported options are: +.IP "\fBmodule-checksum\fR" 4 +.IX Item "module-checksum" +The calculated \s-1MAC\s0 of the module file +.IP "\fBinstall-version\fR" 4 +.IX Item "install-version" +A version number for the fips install process. Should be 1. +.IP "\fBinstall-status\fR" 4 +.IX Item "install-status" +The install status indicator description that will be verified. +If this field is not present the \s-1FIPS\s0 self tests will run when the fips module +loads. +This value should only be written to after the \s-1FIPS\s0 module has +successfully passed its self tests during installation. +.IP "\fBinstall-checksum\fR" 4 +.IX Item "install-checksum" +The calculated \s-1MAC\s0 of the install status indicator. +It is initially empty and is written to at the same time as the install_status. +.PP +For example: +.PP +.Vb 1 +\& [fips_install] +\& +\& install\-version = 1 +\& module\-checksum = 41:D0:FA:C2:5D:41:75:CD:7D:C3:90:55:6F:A4:DC +\& install\-checksum = FE:10:13:5A:D3:B4:C7:82:1B:1E:17:4C:AC:84:0C +\& install\-status = INSTALL_SELF_TEST_KATS_RUN +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIconfig\fR\|(5) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man5/x509v3_config.5 b/linux_amd64/share/man/man5/x509v3_config.5 new file mode 100755 index 0000000..43f7513 --- /dev/null +++ b/linux_amd64/share/man/man5/x509v3_config.5 @@ -0,0 +1,695 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509V3_CONFIG 5" +.TH X509V3_CONFIG 5 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +x509v3_config \- X509 V3 certificate extension configuration format +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Several of the OpenSSL utilities can add extensions to a certificate or +certificate request based on the contents of a configuration file. +.PP +Typically the application will contain an option to point to an extension +section. Each line of the extension section takes the form: +.PP +.Vb 1 +\& extension_name=[critical,] extension_options +.Ve +.PP +If \fBcritical\fR is present then the extension will be critical. +.PP +The format of \fBextension_options\fR depends on the value of \fBextension_name\fR. +.PP +There are four main types of extension: \fIstring\fR extensions, \fImulti-valued\fR +extensions, \fIraw\fR and \fIarbitrary\fR extensions. +.PP +String extensions simply have a string which contains either the value itself +or how it is obtained. +.PP +For example: +.PP +.Vb 1 +\& nsComment="This is a Comment" +.Ve +.PP +Multi-valued extensions have a short form and a long form. The short form +is a list of names and values: +.PP +.Vb 1 +\& basicConstraints=critical,CA:true,pathlen:1 +.Ve +.PP +The long form allows the values to be placed in a separate section: +.PP +.Vb 1 +\& basicConstraints=critical,@bs_section +\& +\& [bs_section] +\& +\& CA=true +\& pathlen=1 +.Ve +.PP +Both forms are equivalent. +.PP +The syntax of raw extensions is governed by the extension code: it can +for example contain data in multiple sections. The correct syntax to +use is defined by the extension code itself: check out the certificate +policies extension for an example. +.PP +If an extension type is unsupported then the \fIarbitrary\fR extension syntax +must be used, see the \*(L"\s-1ARBITRARY\s0 \s-1EXTENSIONS\s0\*(R" section for more details. +.SH "STANDARD EXTENSIONS" +.IX Header "STANDARD EXTENSIONS" +The following sections describe each supported extension in detail. +.SS "Basic Constraints" +.IX Subsection "Basic Constraints" +This is a multi valued extension which indicates whether a certificate is +a \s-1CA\s0 certificate. The first (mandatory) name is \fB\s-1CA\s0\fR followed by \fB\s-1TRUE\s0\fR or +\&\fB\s-1FALSE\s0\fR. If \fB\s-1CA\s0\fR is \fB\s-1TRUE\s0\fR then an optional \fBpathlen\fR name followed by a +non-negative value can be included. +.PP +For example: +.PP +.Vb 1 +\& basicConstraints=CA:TRUE +\& +\& basicConstraints=CA:FALSE +\& +\& basicConstraints=critical,CA:TRUE, pathlen:0 +.Ve +.PP +A \s-1CA\s0 certificate \fBmust\fR include the basicConstraints value with the \s-1CA\s0 field +set to \s-1TRUE\s0. An end user certificate must either set \s-1CA\s0 to \s-1FALSE\s0 or exclude the +extension entirely. Some software may require the inclusion of basicConstraints +with \s-1CA\s0 set to \s-1FALSE\s0 for end entity certificates. +.PP +The pathlen parameter indicates the maximum number of CAs that can appear +below this one in a chain. So if you have a \s-1CA\s0 with a pathlen of zero it can +only be used to sign end user certificates and not further CAs. +.SS "Key Usage" +.IX Subsection "Key Usage" +Key usage is a multi valued extension consisting of a list of names of the +permitted key usages. +.PP +The supported names are: digitalSignature, nonRepudiation, keyEncipherment, +dataEncipherment, keyAgreement, keyCertSign, cRLSign, encipherOnly +and decipherOnly. +.PP +Examples: +.PP +.Vb 1 +\& keyUsage=digitalSignature, nonRepudiation +\& +\& keyUsage=critical, keyCertSign +.Ve +.SS "Extended Key Usage" +.IX Subsection "Extended Key Usage" +This extensions consists of a list of usages indicating purposes for which +the certificate public key can be used for, +.PP +These can either be object short names or the dotted numerical form of OIDs. +While any \s-1OID\s0 can be used only certain values make sense. In particular the +following \s-1PKIX\s0, \s-1NS\s0 and \s-1MS\s0 values are meaningful: +.PP +.Vb 10 +\& Value Meaning +\& \-\-\-\-\- \-\-\-\-\-\-\- +\& serverAuth SSL/TLS Web Server Authentication. +\& clientAuth SSL/TLS Web Client Authentication. +\& codeSigning Code signing. +\& emailProtection E\-mail Protection (S/MIME). +\& timeStamping Trusted Timestamping +\& OCSPSigning OCSP Signing +\& ipsecIKE ipsec Internet Key Exchange +\& msCodeInd Microsoft Individual Code Signing (authenticode) +\& msCodeCom Microsoft Commercial Code Signing (authenticode) +\& msCTLSign Microsoft Trust List Signing +\& msEFS Microsoft Encrypted File System +.Ve +.PP +Examples: +.PP +.Vb 2 +\& extendedKeyUsage=critical,codeSigning,1.2.3.4 +\& extendedKeyUsage=serverAuth,clientAuth +.Ve +.SS "Subject Key Identifier" +.IX Subsection "Subject Key Identifier" +This is really a string extension and can take two possible values. Either +the word \fBhash\fR which will automatically follow the guidelines in \s-1RFC3280\s0 +or a hex string giving the extension value to include. The use of the hex +string is strongly discouraged. +.PP +Example: +.PP +.Vb 1 +\& subjectKeyIdentifier=hash +.Ve +.SS "Authority Key Identifier" +.IX Subsection "Authority Key Identifier" +The authority key identifier extension permits two options. keyid and issuer: +both can take the optional value \*(L"always\*(R". +.PP +If the keyid option is present an attempt is made to copy the subject key +identifier from the parent certificate. If the value \*(L"always\*(R" is present +then an error is returned if the option fails. +.PP +The issuer option copies the issuer and serial number from the issuer +certificate. This will only be done if the keyid option fails or +is not included unless the \*(L"always\*(R" flag will always include the value. +.PP +Example: +.PP +.Vb 1 +\& authorityKeyIdentifier=keyid,issuer +.Ve +.SS "Subject Alternative Name" +.IX Subsection "Subject Alternative Name" +The subject alternative name extension allows various literal values to be +included in the configuration file. These include \fBemail\fR (an email address) +\&\fB\s-1URI\s0\fR a uniform resource indicator, \fB\s-1DNS\s0\fR (a \s-1DNS\s0 domain name), \fB\s-1RID\s0\fR (a +registered \s-1ID:\s0 \s-1OBJECT\s0 \s-1IDENTIFIER\s0), \fB\s-1IP\s0\fR (an \s-1IP\s0 address), \fBdirName\fR +(a distinguished name) and otherName. +.PP +The email option include a special 'copy' value. This will automatically +include any email addresses contained in the certificate subject name in +the extension. +.PP +The \s-1IP\s0 address used in the \fB\s-1IP\s0\fR options can be in either IPv4 or IPv6 format. +.PP +The value of \fBdirName\fR should point to a section containing the distinguished +name to use as a set of name value pairs. Multi values AVAs can be formed by +prefacing the name with a \fB+\fR character. +.PP +otherName can include arbitrary data associated with an \s-1OID:\s0 the value +should be the \s-1OID\s0 followed by a semicolon and the content in standard +\&\fIASN1_generate_nconf\fR\|(3) format. +.PP +Examples: +.PP +.Vb 5 +\& subjectAltName=email:copy,email:my@other.address,URI:http://my.url.here/ +\& subjectAltName=IP:192.168.7.1 +\& subjectAltName=IP:13::17 +\& subjectAltName=email:my@other.address,RID:1.2.3.4 +\& subjectAltName=otherName:1.2.3.4;UTF8:some other identifier +\& +\& subjectAltName=dirName:dir_sect +\& +\& [dir_sect] +\& C=UK +\& O=My Organization +\& OU=My Unit +\& CN=My Name +.Ve +.SS "Issuer Alternative Name" +.IX Subsection "Issuer Alternative Name" +The issuer alternative name option supports all the literal options of +subject alternative name. It does \fBnot\fR support the email:copy option because +that would not make sense. It does support an additional issuer:copy option +that will copy all the subject alternative name values from the issuer +certificate (if possible). +.PP +Example: +.PP +.Vb 1 +\& issuerAltName = issuer:copy +.Ve +.SS "Authority Info Access" +.IX Subsection "Authority Info Access" +The authority information access extension gives details about how to access +certain information relating to the \s-1CA\s0. Its syntax is accessOID;location +where \fIlocation\fR has the same syntax as subject alternative name (except +that email:copy is not supported). accessOID can be any valid \s-1OID\s0 but only +certain values are meaningful, for example \s-1OCSP\s0 and caIssuers. +.PP +Example: +.PP +.Vb 2 +\& authorityInfoAccess = OCSP;URI:http://ocsp.my.host/ +\& authorityInfoAccess = caIssuers;URI:http://my.ca/ca.html +.Ve +.SS "\s-1CRL\s0 distribution points" +.IX Subsection "CRL distribution points" +This is a multi-valued extension whose options can be either in name:value pair +using the same form as subject alternative name or a single value representing +a section name containing all the distribution point fields. +.PP +For a name:value pair a new DistributionPoint with the fullName field set to +the given value both the cRLissuer and reasons fields are omitted in this case. +.PP +In the single option case the section indicated contains values for each +field. In this section: +.PP +If the name is \*(L"fullname\*(R" the value field should contain the full name +of the distribution point in the same format as subject alternative name. +.PP +If the name is \*(L"relativename\*(R" then the value field should contain a section +name whose contents represent a \s-1DN\s0 fragment to be placed in this field. +.PP +The name \*(L"CRLIssuer\*(R" if present should contain a value for this field in +subject alternative name format. +.PP +If the name is \*(L"reasons\*(R" the value field should consist of a comma +separated field containing the reasons. Valid reasons are: \*(L"keyCompromise\*(R", +\&\*(L"CACompromise\*(R", \*(L"affiliationChanged\*(R", \*(L"superseded\*(R", \*(L"cessationOfOperation\*(R", +\&\*(L"certificateHold\*(R", \*(L"privilegeWithdrawn\*(R" and \*(L"AACompromise\*(R". +.PP +Simple examples: +.PP +.Vb 2 +\& crlDistributionPoints=URI:http://myhost.com/myca.crl +\& crlDistributionPoints=URI:http://my.com/my.crl,URI:http://oth.com/my.crl +.Ve +.PP +Full distribution point example: +.PP +.Vb 1 +\& crlDistributionPoints=crldp1_section +\& +\& [crldp1_section] +\& +\& fullname=URI:http://myhost.com/myca.crl +\& CRLissuer=dirName:issuer_sect +\& reasons=keyCompromise, CACompromise +\& +\& [issuer_sect] +\& C=UK +\& O=Organisation +\& CN=Some Name +.Ve +.SS "Issuing Distribution Point" +.IX Subsection "Issuing Distribution Point" +This extension should only appear in CRLs. It is a multi valued extension +whose syntax is similar to the \*(L"section\*(R" pointed to by the \s-1CRL\s0 distribution +points extension with a few differences. +.PP +The names \*(L"reasons\*(R" and \*(L"CRLissuer\*(R" are not recognized. +.PP +The name \*(L"onlysomereasons\*(R" is accepted which sets this field. The value is +in the same format as the \s-1CRL\s0 distribution point \*(L"reasons\*(R" field. +.PP +The names \*(L"onlyuser\*(R", \*(L"onlyCA\*(R", \*(L"onlyAA\*(R" and \*(L"indirectCRL\*(R" are also accepted +the values should be a boolean value (\s-1TRUE\s0 or \s-1FALSE\s0) to indicate the value of +the corresponding field. +.PP +Example: +.PP +.Vb 1 +\& issuingDistributionPoint=critical, @idp_section +\& +\& [idp_section] +\& +\& fullname=URI:http://myhost.com/myca.crl +\& indirectCRL=TRUE +\& onlysomereasons=keyCompromise, CACompromise +\& +\& [issuer_sect] +\& C=UK +\& O=Organisation +\& CN=Some Name +.Ve +.SS "Certificate Policies" +.IX Subsection "Certificate Policies" +This is a \fIraw\fR extension. All the fields of this extension can be set by +using the appropriate syntax. +.PP +If you follow the \s-1PKIX\s0 recommendations and just using one \s-1OID\s0 then you just +include the value of that \s-1OID\s0. Multiple OIDs can be set separated by commas, +for example: +.PP +.Vb 1 +\& certificatePolicies= 1.2.4.5, 1.1.3.4 +.Ve +.PP +If you wish to include qualifiers then the policy \s-1OID\s0 and qualifiers need to +be specified in a separate section: this is done by using the \f(CW@section\fR syntax +instead of a literal \s-1OID\s0 value. +.PP +The section referred to must include the policy \s-1OID\s0 using the name +policyIdentifier, cPSuri qualifiers can be included using the syntax: +.PP +.Vb 1 +\& CPS.nnn=value +.Ve +.PP +userNotice qualifiers can be set using the syntax: +.PP +.Vb 1 +\& userNotice.nnn=@notice +.Ve +.PP +The value of the userNotice qualifier is specified in the relevant section. +This section can include explicitText, organization and noticeNumbers +options. explicitText and organization are text strings, noticeNumbers is a +comma separated list of numbers. The organization and noticeNumbers options +(if included) must \s-1BOTH\s0 be present. If you use the userNotice option with \s-1IE5\s0 +then you need the 'ia5org' option at the top level to modify the encoding: +otherwise it will not be interpreted properly. +.PP +Example: +.PP +.Vb 1 +\& certificatePolicies=ia5org,1.2.3.4,1.5.6.7.8,@polsect +\& +\& [polsect] +\& +\& policyIdentifier = 1.3.5.8 +\& CPS.1="http://my.host.name/" +\& CPS.2="http://my.your.name/" +\& userNotice.1=@notice +\& +\& [notice] +\& +\& explicitText="Explicit Text Here" +\& organization="Organisation Name" +\& noticeNumbers=1,2,3,4 +.Ve +.PP +The \fBia5org\fR option changes the type of the \fIorganization\fR field. In \s-1RFC2459\s0 +it can only be of type DisplayText. In \s-1RFC3280\s0 IA5String is also permissible. +Some software (for example some versions of \s-1MSIE\s0) may require ia5org. +.PP +\&\s-1ASN1\s0 type of explicitText can be specified by prepending \fB\s-1UTF8\s0\fR, +\&\fB\s-1BMP\s0\fR or \fB\s-1VISIBLE\s0\fR prefix followed by colon. For example: +.PP +.Vb 2 +\& [notice] +\& explicitText="UTF8:Explicit Text Here" +.Ve +.SS "Policy Constraints" +.IX Subsection "Policy Constraints" +This is a multi-valued extension which consisting of the names +\&\fBrequireExplicitPolicy\fR or \fBinhibitPolicyMapping\fR and a non negative integer +value. At least one component must be present. +.PP +Example: +.PP +.Vb 1 +\& policyConstraints = requireExplicitPolicy:3 +.Ve +.SS "Inhibit Any Policy" +.IX Subsection "Inhibit Any Policy" +This is a string extension whose value must be a non negative integer. +.PP +Example: +.PP +.Vb 1 +\& inhibitAnyPolicy = 2 +.Ve +.SS "Name Constraints" +.IX Subsection "Name Constraints" +The name constraints extension is a multi-valued extension. The name should +begin with the word \fBpermitted\fR or \fBexcluded\fR followed by a \fB;\fR. The rest of +the name and the value follows the syntax of subjectAltName except email:copy +is not supported and the \fB\s-1IP\s0\fR form should consist of an \s-1IP\s0 addresses and +subnet mask separated by a \fB/\fR. +.PP +Examples: +.PP +.Vb 1 +\& nameConstraints=permitted;IP:192.168.0.0/255.255.0.0 +\& +\& nameConstraints=permitted;email:.somedomain.com +\& +\& nameConstraints=excluded;email:.com +.Ve +.SS "\s-1OCSP\s0 No Check" +.IX Subsection "OCSP No Check" +The \s-1OCSP\s0 No Check extension is a string extension but its value is ignored. +.PP +Example: +.PP +.Vb 1 +\& noCheck = ignored +.Ve +.SS "\s-1TLS\s0 Feature (aka Must Staple)" +.IX Subsection "TLS Feature (aka Must Staple)" +This is a multi-valued extension consisting of a list of \s-1TLS\s0 extension +identifiers. Each identifier may be a number (0..65535) or a supported name. +When a \s-1TLS\s0 client sends a listed extension, the \s-1TLS\s0 server is expected to +include that extension in its reply. +.PP +The supported names are: \fBstatus_request\fR and \fBstatus_request_v2\fR. +.PP +Example: +.PP +.Vb 1 +\& tlsfeature = status_request +.Ve +.SH "DEPRECATED EXTENSIONS" +.IX Header "DEPRECATED EXTENSIONS" +The following extensions are non standard, Netscape specific and largely +obsolete. Their use in new applications is discouraged. +.SS "Netscape String extensions" +.IX Subsection "Netscape String extensions" +Netscape Comment (\fBnsComment\fR) is a string extension containing a comment +which will be displayed when the certificate is viewed in some browsers. +.PP +Example: +.PP +.Vb 1 +\& nsComment = "Some Random Comment" +.Ve +.PP +Other supported extensions in this category are: \fBnsBaseUrl\fR, +\&\fBnsRevocationUrl\fR, \fBnsCaRevocationUrl\fR, \fBnsRenewalUrl\fR, \fBnsCaPolicyUrl\fR +and \fBnsSslServerName\fR. +.SS "Netscape Certificate Type" +.IX Subsection "Netscape Certificate Type" +This is a multi-valued extensions which consists of a list of flags to be +included. It was used to indicate the purposes for which a certificate could +be used. The basicConstraints, keyUsage and extended key usage extensions are +now used instead. +.PP +Acceptable values for nsCertType are: \fBclient\fR, \fBserver\fR, \fBemail\fR, +\&\fBobjsign\fR, \fBreserved\fR, \fBsslCA\fR, \fBemailCA\fR, \fBobjCA\fR. +.SH "ARBITRARY EXTENSIONS" +.IX Header "ARBITRARY EXTENSIONS" +If an extension is not supported by the OpenSSL code then it must be encoded +using the arbitrary extension format. It is also possible to use the arbitrary +format for supported extensions. Extreme care should be taken to ensure that +the data is formatted correctly for the given extension type. +.PP +There are two ways to encode arbitrary extensions. +.PP +The first way is to use the word \s-1ASN1\s0 followed by the extension content +using the same syntax as \fIASN1_generate_nconf\fR\|(3). +For example: +.PP +.Vb 1 +\& 1.2.3.4=critical,ASN1:UTF8String:Some random data +\& +\& 1.2.3.4=ASN1:SEQUENCE:seq_sect +\& +\& [seq_sect] +\& +\& field1 = UTF8:field1 +\& field2 = UTF8:field2 +.Ve +.PP +It is also possible to use the word \s-1DER\s0 to include the raw encoded data in any +extension. +.PP +.Vb 2 +\& 1.2.3.4=critical,DER:01:02:03:04 +\& 1.2.3.4=DER:01020304 +.Ve +.PP +The value following \s-1DER\s0 is a hex dump of the \s-1DER\s0 encoding of the extension +Any extension can be placed in this form to override the default behaviour. +For example: +.PP +.Vb 1 +\& basicConstraints=critical,DER:00:01:02:03 +.Ve +.SH "WARNINGS" +.IX Header "WARNINGS" +There is no guarantee that a specific implementation will process a given +extension. It may therefore be sometimes possible to use certificates for +purposes prohibited by their extensions because a specific application does +not recognize or honour the values of the relevant extensions. +.PP +The \s-1DER\s0 and \s-1ASN1\s0 options should be used with caution. It is possible to create +totally invalid extensions if they are not used carefully. +.SH "NOTES" +.IX Header "NOTES" +If an extension is multi-value and a field value must contain a comma the long +form must be used otherwise the comma would be misinterpreted as a field +separator. For example: +.PP +.Vb 1 +\& subjectAltName=URI:ldap://somehost.com/CN=foo,OU=bar +.Ve +.PP +will produce an error but the equivalent form: +.PP +.Vb 1 +\& subjectAltName=@subject_alt_section +\& +\& [subject_alt_section] +\& subjectAltName=URI:ldap://somehost.com/CN=foo,OU=bar +.Ve +.PP +is valid. +.PP +Due to the behaviour of the OpenSSL \fBconf\fR library the same field name +can only occur once in a section. This means that: +.PP +.Vb 1 +\& subjectAltName=@alt_section +\& +\& [alt_section] +\& +\& email=steve@here +\& email=steve@there +.Ve +.PP +will only recognize the last value. This can be worked around by using the form: +.PP +.Vb 1 +\& [alt_section] +\& +\& email.1=steve@here +\& email.2=steve@there +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\-req\fR\|(1), \fIopenssl\-ca\fR\|(1), \fIopenssl\-x509\fR\|(1), +\&\fIASN1_generate_nconf\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2004\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man7/EVP_KDF-HKDF.7 b/linux_amd64/share/man/man7/EVP_KDF-HKDF.7 new file mode 100755 index 0000000..012b2c0 --- /dev/null +++ b/linux_amd64/share/man/man7/EVP_KDF-HKDF.7 @@ -0,0 +1,277 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_KDF-HKDF 7" +.TH EVP_KDF-HKDF 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_KDF\-HKDF \- The HKDF EVP_KDF implementation +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Support for computing the \fB\s-1HKDF\s0\fR \s-1KDF\s0 through the \fB\s-1EVP_KDF\s0\fR \s-1API\s0. +.PP +The \s-1EVP_KDF\-HKDF\s0 algorithm implements the \s-1HKDF\s0 key derivation function. +\&\s-1HKDF\s0 follows the \*(L"extract-then-expand\*(R" paradigm, where the \s-1KDF\s0 logically +consists of two modules. The first stage takes the input keying material +and \*(L"extracts\*(R" from it a fixed-length pseudorandom key K. The second stage +\&\*(L"expands\*(R" the key K into several additional pseudorandom keys (the output +of the \s-1KDF\s0). +.SS "Identity" +.IX Subsection "Identity" +\&\*(L"\s-1HKDF\s0\*(R" is the name for this implementation; it +can be used with the \fIEVP_KDF_fetch()\fR function. +.SS "Supported parameters" +.IX Subsection "Supported parameters" +The supported parameters are: +.ie n .IP """properties"" (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``properties'' (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "properties (OSSL_KDF_PARAM_PROPERTIES) " +.PD 0 +.ie n .IP """digest"" (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``digest'' (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "digest (OSSL_KDF_PARAM_DIGEST) " +.ie n .IP """key"" (\fB\s-1OSSL_KDF_PARAM_KEY\s0\fR) " 4 +.el .IP "``key'' (\fB\s-1OSSL_KDF_PARAM_KEY\s0\fR) " 4 +.IX Item "key (OSSL_KDF_PARAM_KEY) " +.ie n .IP """salt"" (\fB\s-1OSSL_KDF_PARAM_SALT\s0\fR) " 4 +.el .IP "``salt'' (\fB\s-1OSSL_KDF_PARAM_SALT\s0\fR) " 4 +.IX Item "salt (OSSL_KDF_PARAM_SALT) " +.PD +These parameters work as described in \*(L"\s-1PARAMETERS\s0\*(R" in \s-1\fIEVP_KDF\s0\fR\|(3). +.ie n .IP """info"" (\fB\s-1OSSL_KDF_PARAM_INFO\s0\fR) " 4 +.el .IP "``info'' (\fB\s-1OSSL_KDF_PARAM_INFO\s0\fR) " 4 +.IX Item "info (OSSL_KDF_PARAM_INFO) " +This parameter sets the info value. +The length of the context info buffer cannot exceed 1024 bytes; +this should be more than enough for any normal use of \s-1HKDF\s0. +.ie n .IP """mode"" (\fB\s-1OSSL_KDF_PARAM_MODE\s0\fR) <\s-1UTF8\s0 string> or " 4 +.el .IP "``mode'' (\fB\s-1OSSL_KDF_PARAM_MODE\s0\fR) <\s-1UTF8\s0 string> or " 4 +.IX Item "mode (OSSL_KDF_PARAM_MODE) or " +This parameter sets the mode for the \s-1HKDF\s0 operation. +There are three modes that are currently defined: +.RS 4 +.ie n .IP "\fB\s-1EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND\s0\fR ""\s-1EXTRACT_AND_EXPAND\s0""" 4 +.el .IP "\fB\s-1EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND\s0\fR ``\s-1EXTRACT_AND_EXPAND\s0''" 4 +.IX Item "EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND EXTRACT_AND_EXPAND" +This is the default mode. Calling \fIEVP_KDF_derive\fR\|(3) on an \s-1EVP_KDF_CTX\s0 set +up for \s-1HKDF\s0 will perform an extract followed by an expand operation in one go. +The derived key returned will be the result after the expand operation. The +intermediate fixed-length pseudorandom key K is not returned. +.Sp +In this mode the digest, key, salt and info values must be set before a key is +derived otherwise an error will occur. +.ie n .IP "\fB\s-1EVP_KDF_HKDF_MODE_EXTRACT_ONLY\s0\fR ""\s-1EXTRACT_ONLY\s0""" 4 +.el .IP "\fB\s-1EVP_KDF_HKDF_MODE_EXTRACT_ONLY\s0\fR ``\s-1EXTRACT_ONLY\s0''" 4 +.IX Item "EVP_KDF_HKDF_MODE_EXTRACT_ONLY EXTRACT_ONLY" +In this mode calling \fIEVP_KDF_derive\fR\|(3) will just perform the extract +operation. The value returned will be the intermediate fixed-length pseudorandom +key K. The \fIkeylen\fR parameter must match the size of K, which can be looked +up by calling \fIEVP_KDF_size()\fR after setting the mode and digest. +.Sp +The digest, key and salt values must be set before a key is derived otherwise +an error will occur. +.ie n .IP "\fB\s-1EVP_KDF_HKDF_MODE_EXPAND_ONLY\s0\fR ""\s-1EXPAND_ONLY\s0""" 4 +.el .IP "\fB\s-1EVP_KDF_HKDF_MODE_EXPAND_ONLY\s0\fR ``\s-1EXPAND_ONLY\s0''" 4 +.IX Item "EVP_KDF_HKDF_MODE_EXPAND_ONLY EXPAND_ONLY" +In this mode calling \fIEVP_KDF_derive\fR\|(3) will just perform the expand +operation. The input key should be set to the intermediate fixed-length +pseudorandom key K returned from a previous extract operation. +.Sp +The digest, key and info values must be set before a key is derived otherwise +an error will occur. +.RE +.RS 4 +.RE +.SH "NOTES" +.IX Header "NOTES" +A context for \s-1HKDF\s0 can be obtained by calling: +.PP +.Vb 2 +\& EVP_KDF *kdf = EVP_KDF_fetch(NULL, "HKDF", NULL); +\& EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf); +.Ve +.PP +The output length of an \s-1HKDF\s0 expand operation is specified via the \fIkeylen\fR +parameter to the \fIEVP_KDF_derive\fR\|(3) function. When using +\&\s-1EVP_KDF_HKDF_MODE_EXTRACT_ONLY\s0 the \fIkeylen\fR parameter must equal the size of +the intermediate fixed-length pseudorandom key otherwise an error will occur. +For that mode, the fixed output size can be looked up by calling \fIEVP_KDF_size()\fR +after setting the mode and digest on the \fB\s-1EVP_KDF_CTX\s0\fR. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This example derives 10 bytes using \s-1SHA\-256\s0 with the secret key \*(L"secret\*(R", +salt value \*(L"salt\*(R" and info value \*(L"label\*(R": +.PP +.Vb 4 +\& EVP_KDF *kdf; +\& EVP_KDF_CTX *kctx; +\& unsigned char out[10]; +\& OSSL_PARAM params[5], *p = params; +\& +\& kdf = EVP_KDF_fetch(NULL, "HKDF", NULL); +\& kctx = EVP_KDF_CTX_new(kdf); +\& EVP_KDF_free(kdf); +\& +\& *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, +\& SN_sha256, strlen(SN_sha256)); +\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, +\& "secret", (size_t)6); +\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, +\& "label", (size_t)5); +\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, +\& "salt", (size_t)4); +\& *p = OSSL_PARAM_construct_end(); +\& if (EVP_KDF_CTX_set_params(kctx, params) <= 0) { +\& error("EVP_KDF_CTX_set_params"); +\& } +\& if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) { +\& error("EVP_KDF_derive"); +\& } +\& +\& EVP_KDF_CTX_free(kctx); +.Ve +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1RFC\s0 5869 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fIEVP_KDF\s0\fR\|(3), +\&\fIEVP_KDF_CTX_new\fR\|(3), +\&\fIEVP_KDF_CTX_free\fR\|(3), +\&\fIEVP_KDF_size\fR\|(3), +\&\fIEVP_KDF_CTX_set_params\fR\|(3), +\&\fIEVP_KDF_derive\fR\|(3), +\&\*(L"\s-1PARAMETERS\s0\*(R" in \s-1\fIEVP_KDF\s0\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man7/EVP_KDF-KB.7 b/linux_amd64/share/man/man7/EVP_KDF-KB.7 new file mode 100755 index 0000000..18b0ea7 --- /dev/null +++ b/linux_amd64/share/man/man7/EVP_KDF-KB.7 @@ -0,0 +1,287 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_KDF-KB 7" +.TH EVP_KDF-KB 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_KDF\-KB \- The Key\-Based EVP_KDF implementation +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP_KDF\-KB\s0 algorithm implements the Key-Based key derivation function +(\s-1KBKDF\s0). \s-1KBKDF\s0 derives a key from repeated application of a keyed \s-1MAC\s0 to an +input secret (and other optional values). +.SS "Identity" +.IX Subsection "Identity" +\&\*(L"\s-1KBKDF\s0\*(R" is the name for this implementation; it can be used with the +\&\fIEVP_KDF_fetch()\fR function. +.SS "Supported parameters" +.IX Subsection "Supported parameters" +The supported parameters are: +.ie n .IP """properties"" (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``properties'' (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "properties (OSSL_KDF_PARAM_PROPERTIES) " +.PD 0 +.ie n .IP """mode"" (\fB\s-1OSSL_KDF_PARAM_MODE\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``mode'' (\fB\s-1OSSL_KDF_PARAM_MODE\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "mode (OSSL_KDF_PARAM_MODE) " +.ie n .IP """mac"" (\fB\s-1OSSL_KDF_PARAM_MAC\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``mac'' (\fB\s-1OSSL_KDF_PARAM_MAC\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "mac (OSSL_KDF_PARAM_MAC) " +.ie n .IP """digest"" (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``digest'' (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "digest (OSSL_KDF_PARAM_DIGEST) " +.ie n .IP """cipher"" (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``cipher'' (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "cipher (OSSL_KDF_PARAM_DIGEST) " +.ie n .IP """key"" (\fB\s-1OSSL_KDF_PARAM_KEY\s0\fR) " 4 +.el .IP "``key'' (\fB\s-1OSSL_KDF_PARAM_KEY\s0\fR) " 4 +.IX Item "key (OSSL_KDF_PARAM_KEY) " +.ie n .IP """salt"" (\fB\s-1OSSL_KDF_PARAM_SALT\s0\fR) " 4 +.el .IP "``salt'' (\fB\s-1OSSL_KDF_PARAM_SALT\s0\fR) " 4 +.IX Item "salt (OSSL_KDF_PARAM_SALT) " +.IP """info (\fB\s-1OSSL_KDF_PARAM_INFO\s0\fR) " 4 +.IX Item """info (OSSL_KDF_PARAM_INFO) " +.ie n .IP """seed"" (\fB\s-1OSSL_KDF_PARAM_SEED\s0\fR) " 4 +.el .IP "``seed'' (\fB\s-1OSSL_KDF_PARAM_SEED\s0\fR) " 4 +.IX Item "seed (OSSL_KDF_PARAM_SEED) " +.PD +.PP +The mode parameter determines which flavor of \s-1KBKDF\s0 to use \- currently the +choices are \*(L"counter\*(R" and \*(L"feedback\*(R". Counter is the default, and will be +used if unspecified. The seed parameter is unused in counter mode. +.PP +The parameters key, salt, info, and seed correspond to \s-1KI\s0, Label, Context, and +\&\s-1IV\s0 (respectively) in \s-1SP800\-108\s0. As in that document, salt, info, and seed are +optional and may be omitted. +.PP +Depending on whether mac is \s-1CMAC\s0 or \s-1HMAC\s0, either digest or cipher is required +(respectively) and the other is unused. +.SH "NOTES" +.IX Header "NOTES" +A context for \s-1KBKDF\s0 can be obtained by calling: +.PP +.Vb 2 +\& EVP_KDF *kdf = EVP_KDF_fetch(NULL, "KBKDF", NULL); +\& EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf); +.Ve +.PP +The output length of an \s-1KBKDF\s0 is specified via the \f(CW\*(C`keylen\*(C'\fR +parameter to the \fIEVP_KDF_derive\fR\|(3) function. +.PP +Note that currently OpenSSL only implements counter and feedback modes. Other +variants may be supported in the future. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This example derives 10 bytes using \s-1COUNTER\-HMAC\-SHA256\s0, with \s-1KI\s0 \*(L"secret\*(R", +Label \*(L"label\*(R", and Context \*(L"context\*(R". +.PP +.Vb 4 +\& EVP_KDF *kdf; +\& EVP_KDF_CTX *kctx; +\& unsigned char out[10]; +\& OSSL_PARAM params[6], *p = params; +\& +\& kdf = EVP_KDF_fetch(NULL, "KBKDF", NULL); +\& kctx = EVP_KDF_CTX_new(kdf); +\& EVP_KDF_free(kdf); +\& +\& *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, +\& "SHA2\-256", 0); +\& *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC, +\& "HMAC", 0); +\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, +\& "secret", strlen("secret")) +\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, +\& "label", strlen("label")); +\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, +\& "context", strlen("context")); +\& *p = OSSL_PARAM_construct_end(); +\& if (EVP_KDF_CTX_set_params(kctx, params) <= 0) +\& error("EVP_KDF_CTX_set_params"); +\& else if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) +\& error("EVP_KDF_derive"); +\& +\& EVP_KDF_CTX_free(kctx); +.Ve +.PP +This example derives 10 bytes using \s-1FEEDBACK\-CMAC\-AES256\s0, with \s-1KI\s0 \*(L"secret\*(R", +Label \*(L"label\*(R", and \s-1IV\s0 \*(L"sixteen bytes iv\*(R". +.PP +.Vb 5 +\& EVP_KDF *kdf; +\& EVP_KDF_CTX *kctx; +\& unsigned char out[10]; +\& OSSL_PARAM params[8], *p = params; +\& unsigned char *iv = "sixteen bytes iv"; +\& +\& kdf = EVP_KDF_fetch(NULL, "KBKDF", NULL); +\& kctx = EVP_KDF_CTX_new(kdf); +\& EVP_KDF_free(kdf); +\& +\& *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CIPHER, "AES256", 0); +\& *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC, "CMAC", 0); +\& *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MODE, "FEEDBACK", 0); +\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, +\& "secret", strlen("secret")); +\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, +\& "label", strlen("label")); +\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, +\& "context", strlen("context")); +\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED, +\& iv, strlen(iv)); +\& *p = OSSL_PARAM_construct_end(); +\& if (EVP_KDF_CTX_set_params(kctx, params) <= 0) +\& error("EVP_KDF_CTX_set_params"); +\& else if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) +\& error("EVP_KDF_derive"); +\& +\& EVP_KDF_CTX_free(kctx); +.Ve +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1NIST\s0 \s-1SP800\-108\s0, \s-1IETF\s0 \s-1RFC\s0 6803, \s-1IETF\s0 \s-1RFC\s0 8009. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fIEVP_KDF\s0\fR\|(3), +\&\fIEVP_KDF_CTX_free\fR\|(3), +\&\fIEVP_KDF_size\fR\|(3), +\&\fIEVP_KDF_derive\fR\|(3), +\&\*(L"\s-1PARAMETERS\s0\*(R" in \s-1\fIEVP_KDF\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +This functionality was added to OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019 Red Hat, Inc. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man7/EVP_KDF-KRB5KDF.7 b/linux_amd64/share/man/man7/EVP_KDF-KRB5KDF.7 new file mode 100755 index 0000000..34abcec --- /dev/null +++ b/linux_amd64/share/man/man7/EVP_KDF-KRB5KDF.7 @@ -0,0 +1,239 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_KDF-KRB5KDF 7" +.TH EVP_KDF-KRB5KDF 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_KDF\-KRB5KDF \- The RFC3961 Krb5 KDF EVP_KDF implementation +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Support for computing the \fB\s-1KRB5KDF\s0\fR \s-1KDF\s0 through the \fB\s-1EVP_KDF\s0\fR \s-1API\s0. +.PP +The \s-1EVP_KDF\-KRB5KDF\s0 algorithm implements the key derivation function defined +in \s-1RFC\s0 3961, section 5.1 and is used by Krb5 to derive session keys. +Three inputs are required to perform key derivation: a cipher, (for example +\&\s-1AES\-128\-CBC\s0), the initial key, and a constant. +.SS "Identity" +.IX Subsection "Identity" +\&\*(L"\s-1KRB5KDF\s0\*(R" is the name for this implementation; +it can be used with the \fIEVP_KDF_fetch()\fR function. +.SS "Supported parameters" +.IX Subsection "Supported parameters" +The supported parameters are: +.ie n .IP """properties"" (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``properties'' (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "properties (OSSL_KDF_PARAM_PROPERTIES) " +.PD 0 +.ie n .IP """cipher"" (\fB\s-1OSSL_KDF_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``cipher'' (\fB\s-1OSSL_KDF_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "cipher (OSSL_KDF_PARAM_CIPHER) " +.ie n .IP """key"" (\fB\s-1OSSL_KDF_PARAM_KEY\s0\fR) " 4 +.el .IP "``key'' (\fB\s-1OSSL_KDF_PARAM_KEY\s0\fR) " 4 +.IX Item "key (OSSL_KDF_PARAM_KEY) " +.PD +These parameters work as described in \*(L"\s-1PARAMETERS\s0\*(R" in \s-1\fIEVP_KDF\s0\fR\|(3). +.ie n .IP """constant"" (\fB\s-1OSSL_KDF_PARAM_CONSTANT\s0\fR) " 4 +.el .IP "``constant'' (\fB\s-1OSSL_KDF_PARAM_CONSTANT\s0\fR) " 4 +.IX Item "constant (OSSL_KDF_PARAM_CONSTANT) " +This parameter sets the constant value for the \s-1KDF\s0. +If a value is already set, the contents are replaced. +.SH "NOTES" +.IX Header "NOTES" +A context for \s-1KRB5KDF\s0 can be obtained by calling: +.PP +.Vb 2 +\& EVP_KDF *kdf = EVP_KDF_fetch(NULL, "KRB5KDF", NULL); +\& EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf); +.Ve +.PP +The output length of the \s-1KRB5KDF\s0 derivation is specified via the \fIkeylen\fR +parameter to the \fIEVP_KDF_derive\fR\|(3) function, and \s-1MUST\s0 match the key +length for the chosen cipher or an error is returned. Moreover the +constant's length must not exceed the block size of the cipher. +Since the \s-1KRB5KDF\s0 output length depends on the chosen cipher, calling +\&\fIEVP_KDF_size\fR\|(3) to obtain the requisite length returns the correct length +only after the cipher is set. Prior to that \fB\s-1EVP_MAX_KEY_LENGTH\s0\fR is returned. +The caller must allocate a buffer of the correct length for the chosen +cipher, and pass that buffer to the \fIEVP_KDF_derive\fR\|(3) function along +with that length. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This example derives a key using the \s-1AES\-128\-CBC\s0 cipher: +.PP +.Vb 7 +\& EVP_KDF *kdf; +\& EVP_KDF_CTX *kctx; +\& unsigned char key[16] = "01234..."; +\& unsigned char constant[] = "I\*(Aqm a constant"; +\& unsigned char out[16]; +\& size_t outlen = sizeof(out); +\& OSSL_PARAM params[4], *p = params; +\& +\& kdf = EVP_KDF_fetch(NULL, "KRB5KDF", NULL); +\& kctx = EVP_KDF_CTX_new(kdf); +\& EVP_KDF_free(kdf); +\& +\& *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CIPHER, +\& SN_aes_128_cbc, +\& strlen(SN_aes_128_cbc)); +\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, +\& key, (size_t)16); +\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_CONSTANT, +\& constant, strlen(constant)); +\& *p = OSSL_PARAM_construct_end(); +\& if (EVP_KDF_set_params(kctx, params) <= 0) +\& /* Error */ +\& +\& if (EVP_KDF_derive(kctx, out, outlen) <= 0) +\& /* Error */ +\& +\& EVP_KDF_CTX_free(kctx); +.Ve +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1RFC\s0 3961 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fIEVP_KDF\s0\fR\|(3), +\&\fIEVP_KDF_CTX_free\fR\|(3), +\&\fIEVP_KDF_ctrl\fR\|(3), +\&\fIEVP_KDF_size\fR\|(3), +\&\fIEVP_KDF_derive\fR\|(3), +\&\*(L"\s-1PARAMETERS\s0\*(R" in \s-1\fIEVP_KDF\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +This functionality was added to OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man7/EVP_KDF-PBKDF2.7 b/linux_amd64/share/man/man7/EVP_KDF-PBKDF2.7 new file mode 100755 index 0000000..24c6269 --- /dev/null +++ b/linux_amd64/share/man/man7/EVP_KDF-PBKDF2.7 @@ -0,0 +1,227 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_KDF-PBKDF2 7" +.TH EVP_KDF-PBKDF2 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_KDF\-PBKDF2 \- The PBKDF2 EVP_KDF implementation +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Support for computing the \fB\s-1PBKDF2\s0\fR password-based \s-1KDF\s0 through the \fB\s-1EVP_KDF\s0\fR +\&\s-1API\s0. +.PP +The \s-1EVP_KDF\-PBKDF2\s0 algorithm implements the \s-1PBKDF2\s0 password-based key +derivation function, as described in \s-1SP800\-132\s0; it derives a key from a password +using a salt and iteration count. +.SS "Identity" +.IX Subsection "Identity" +\&\*(L"\s-1PBKDF2\s0\*(R" is the name for this implementation; it +can be used with the \fIEVP_KDF_fetch()\fR function. +.SS "Supported parameters" +.IX Subsection "Supported parameters" +The supported parameters are: +.ie n .IP """pass"" (\fB\s-1OSSL_KDF_PARAM_PASSWORD\s0\fR) " 4 +.el .IP "``pass'' (\fB\s-1OSSL_KDF_PARAM_PASSWORD\s0\fR) " 4 +.IX Item "pass (OSSL_KDF_PARAM_PASSWORD) " +.PD 0 +.ie n .IP """salt"" (\fB\s-1OSSL_KDF_PARAM_SALT\s0\fR) " 4 +.el .IP "``salt'' (\fB\s-1OSSL_KDF_PARAM_SALT\s0\fR) " 4 +.IX Item "salt (OSSL_KDF_PARAM_SALT) " +.ie n .IP """iter"" (\fB\s-1OSSL_KDF_PARAM_ITER\s0\fR) " 4 +.el .IP "``iter'' (\fB\s-1OSSL_KDF_PARAM_ITER\s0\fR) " 4 +.IX Item "iter (OSSL_KDF_PARAM_ITER) " +.PD +This parameter has a default value of 2048. +.ie n .IP """properties"" (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``properties'' (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "properties (OSSL_KDF_PARAM_PROPERTIES) " +.PD 0 +.ie n .IP """digest"" (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``digest'' (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "digest (OSSL_KDF_PARAM_DIGEST) " +.PD +These parameters work as described in \*(L"\s-1PARAMETERS\s0\*(R" in \s-1\fIEVP_KDF\s0\fR\|(3). +.ie n .IP """pkcs5"" (\fB\s-1OSSL_KDF_PARAM_PKCS5\s0\fR) " 4 +.el .IP "``pkcs5'' (\fB\s-1OSSL_KDF_PARAM_PKCS5\s0\fR) " 4 +.IX Item "pkcs5 (OSSL_KDF_PARAM_PKCS5) " +This parameter can be used to enable or disable \s-1SP800\-132\s0 compliance checks. +Setting the mode to 0 enables the compliance checks. +.Sp +The checks performed are: +.RS 4 +.IP "\- the iteration count is at least 1000." 4 +.IX Item "- the iteration count is at least 1000." +.PD 0 +.IP "\- the salt length is at least 128 bits." 4 +.IX Item "- the salt length is at least 128 bits." +.IP "\- the derived key length is at least 112 bits." 4 +.IX Item "- the derived key length is at least 112 bits." +.RE +.RS 4 +.PD +.Sp +The default provider uses a default mode of 1 for backwards compatibility, +and the fips provider uses a default mode of 0. +.Sp +The value string is expected to be a decimal number 0 or 1. +.RE +.SH "NOTES" +.IX Header "NOTES" +A typical application of this algorithm is to derive keying material for an +encryption algorithm from a password in the \*(L"pass\*(R", a salt in \*(L"salt\*(R", +and an iteration count. +.PP +Increasing the \*(L"iter\*(R" parameter slows down the algorithm which makes it +harder for an attacker to perform a brute force attack using a large number +of candidate passwords. +.PP +No assumption is made regarding the given password; it is simply treated as a +byte sequence. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1SP800\-132\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fIEVP_KDF\s0\fR\|(3), +\&\fIEVP_KDF_CTX_new\fR\|(3), +\&\fIEVP_KDF_CTX_free\fR\|(3), +\&\fIEVP_KDF_CTX_set_params\fR\|(3), +\&\fIEVP_KDF_derive\fR\|(3), +\&\*(L"\s-1PARAMETERS\s0\*(R" in \s-1\fIEVP_KDF\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +This functionality was added to OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man7/EVP_KDF-SCRYPT.7 b/linux_amd64/share/man/man7/EVP_KDF-SCRYPT.7 new file mode 100755 index 0000000..968992a --- /dev/null +++ b/linux_amd64/share/man/man7/EVP_KDF-SCRYPT.7 @@ -0,0 +1,267 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_KDF-SCRYPT 7" +.TH EVP_KDF-SCRYPT 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_KDF\-SCRYPT \- The scrypt EVP_KDF implementation +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Support for computing the \fBscrypt\fR password-based \s-1KDF\s0 through the \fB\s-1EVP_KDF\s0\fR +\&\s-1API\s0. +.PP +The \s-1EVP_KDF\-SCRYPT\s0 algorithm implements the scrypt password-based key +derivation function, as described in \s-1RFC\s0 7914. It is memory-hard in the sense +that it deliberately requires a significant amount of \s-1RAM\s0 for efficient +computation. The intention of this is to render brute forcing of passwords on +systems that lack large amounts of main memory (such as GPUs or ASICs) +computationally infeasible. +.PP +scrypt provides three work factors that can be customized: N, r and p. N, which +has to be a positive power of two, is the general work factor and scales \s-1CPU\s0 +time in an approximately linear fashion. r is the block size of the internally +used hash function and p is the parallelization factor. Both r and p need to be +greater than zero. The amount of \s-1RAM\s0 that scrypt requires for its computation +is roughly (128 * N * r * p) bytes. +.PP +In the original paper of Colin Percival (\*(L"Stronger Key Derivation via +Sequential Memory-Hard Functions\*(R", 2009), the suggested values that give a +computation time of less than 5 seconds on a 2.5 GHz Intel Core 2 Duo are N = +2^20 = 1048576, r = 8, p = 1. Consequently, the required amount of memory for +this computation is roughly 1 GiB. On a more recent \s-1CPU\s0 (Intel i7\-5930K at 3.5 +GHz), this computation takes about 3 seconds. When N, r or p are not specified, +they default to 1048576, 8, and 1, respectively. The maximum amount of \s-1RAM\s0 that +may be used by scrypt defaults to 1025 MiB. +.SS "Identity" +.IX Subsection "Identity" +\&\*(L"\s-1SCRYPT\s0\*(R" is the name for this implementation; it +can be used with the \fIEVP_KDF_fetch()\fR function. +.SS "Supported parameters" +.IX Subsection "Supported parameters" +The supported parameters are: +.ie n .IP """pass"" (\fB\s-1OSSL_KDF_PARAM_PASSWORD\s0\fR) " 4 +.el .IP "``pass'' (\fB\s-1OSSL_KDF_PARAM_PASSWORD\s0\fR) " 4 +.IX Item "pass (OSSL_KDF_PARAM_PASSWORD) " +.PD 0 +.ie n .IP """salt"" (\fB\s-1OSSL_KDF_PARAM_SALT\s0\fR) " 4 +.el .IP "``salt'' (\fB\s-1OSSL_KDF_PARAM_SALT\s0\fR) " 4 +.IX Item "salt (OSSL_KDF_PARAM_SALT) " +.PD +These parameters work as described in \*(L"\s-1PARAMETERS\s0\*(R" in \s-1\fIEVP_KDF\s0\fR\|(3). +.ie n .IP """n"" (\fB\s-1OSSL_KDF_PARAM_SCRYPT_N\s0\fR) " 4 +.el .IP "``n'' (\fB\s-1OSSL_KDF_PARAM_SCRYPT_N\s0\fR) " 4 +.IX Item "n (OSSL_KDF_PARAM_SCRYPT_N) " +.PD 0 +.ie n .IP """r"" (\fB\s-1OSSL_KDF_PARAM_SCRYPT_R\s0\fR) " 4 +.el .IP "``r'' (\fB\s-1OSSL_KDF_PARAM_SCRYPT_R\s0\fR) " 4 +.IX Item "r (OSSL_KDF_PARAM_SCRYPT_R) " +.ie n .IP """p"" (\fB\s-1OSSL_KDF_PARAM_SCRYPT_P\s0\fR) " 4 +.el .IP "``p'' (\fB\s-1OSSL_KDF_PARAM_SCRYPT_P\s0\fR) " 4 +.IX Item "p (OSSL_KDF_PARAM_SCRYPT_P) " +.PD +These parameters configure the scrypt work factors N, r and p. +N is a parameter of type \fBuint64_t\fR. +Both r and p are parameters of type \fBuint32_t\fR. +.SH "NOTES" +.IX Header "NOTES" +A context for scrypt can be obtained by calling: +.PP +.Vb 2 +\& EVP_KDF *kdf = EVP_KDF_fetch(NULL, "SCRYPT", NULL); +\& EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf); +.Ve +.PP +The output length of an scrypt key derivation is specified via the +\&\*(L"keylen\*(R" parameter to the \fIEVP_KDF_derive\fR\|(3) function. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This example derives a 64\-byte long test vector using scrypt with the password +\&\*(L"password\*(R", salt \*(L"NaCl\*(R" and N = 1024, r = 8, p = 16. +.PP +.Vb 4 +\& EVP_KDF *kdf; +\& EVP_KDF_CTX *kctx; +\& unsigned char out[64]; +\& OSSL_PARAM params[6], *p = params; +\& +\& kdf = EVP_KDF_fetch(NULL, "SCRYPT", NULL); +\& kctx = EVP_KDF_CTX_new(kdf); +\& EVP_KDF_free(kdf); +\& +\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD, +\& "password", (size_t)8); +\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, +\& "NaCl", (size_t)4); +\& *p++ = OSSL_PARAM_construct_uint64(OSSL_KDF_PARAM_SCRYPT_N, (uint64_t)1024); +\& *p++ = OSSL_PARAM_construct_uint32(OSSL_KDF_PARAM_SCRYPT_R, (uint32_t)8); +\& *p++ = OSSL_PARAM_construct_uint32(OSSL_KDF_PARAM_SCRYPT_P, (uint32_t)16); +\& *p = OSSL_PARAM_construct_end(); +\& if (EVP_KDF_CTX_set_params(kctx, params) <= 0) { +\& error("EVP_KDF_CTX_set_params"); +\& } +\& if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) { +\& error("EVP_KDF_derive"); +\& } +\& +\& { +\& const unsigned char expected[sizeof(out)] = { +\& 0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00, +\& 0x78, 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe, +\& 0x7c, 0x6a, 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30, +\& 0xe7, 0x73, 0x76, 0x63, 0x4b, 0x37, 0x31, 0x62, +\& 0x2e, 0xaf, 0x30, 0xd9, 0x2e, 0x22, 0xa3, 0x88, +\& 0x6f, 0xf1, 0x09, 0x27, 0x9d, 0x98, 0x30, 0xda, +\& 0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d, +\& 0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40 +\& }; +\& +\& assert(!memcmp(out, expected, sizeof(out))); +\& } +\& +\& EVP_KDF_CTX_free(kctx); +.Ve +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1RFC\s0 7914 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fIEVP_KDF\s0\fR\|(3), +\&\fIEVP_KDF_CTX_new\fR\|(3), +\&\fIEVP_KDF_CTX_free\fR\|(3), +\&\fIEVP_KDF_CTX_set_params\fR\|(3), +\&\fIEVP_KDF_derive\fR\|(3), +\&\*(L"\s-1PARAMETERS\s0\*(R" in \s-1\fIEVP_KDF\s0\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man7/EVP_KDF-SS.7 b/linux_amd64/share/man/man7/EVP_KDF-SS.7 new file mode 100755 index 0000000..8c31f31 --- /dev/null +++ b/linux_amd64/share/man/man7/EVP_KDF-SS.7 @@ -0,0 +1,322 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_KDF-SS 7" +.TH EVP_KDF-SS 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_KDF\-SS \- The Single Step / One Step EVP_KDF implementation +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP_KDF\-SS\s0 algorithm implements the Single Step key derivation function (\s-1SSKDF\s0). +\&\s-1SSKDF\s0 derives a key using input such as a shared secret key (that was generated +during the execution of a key establishment scheme) and fixedinfo. +\&\s-1SSKDF\s0 is also informally referred to as 'Concat \s-1KDF\s0'. +.SS "Auxiliary function" +.IX Subsection "Auxiliary function" +The implementation uses a selectable auxiliary function H, which can be one of: +.IP "\fBH(x) = hash(x, digest=md)\fR" 4 +.IX Item "H(x) = hash(x, digest=md)" +.PD 0 +.IP "\fBH(x) = HMAC_hash(x, key=salt, digest=md)\fR" 4 +.IX Item "H(x) = HMAC_hash(x, key=salt, digest=md)" +.ie n .IP "\fBH(x) = KMACxxx(x, key=salt, custom=""\s-1KDF\s0"", outlen=mac_size)\fR" 4 +.el .IP "\fBH(x) = KMACxxx(x, key=salt, custom=``\s-1KDF\s0'', outlen=mac_size)\fR" 4 +.IX Item "H(x) = KMACxxx(x, key=salt, custom=KDF, outlen=mac_size)" +.PD +.PP +Both the \s-1HMAC\s0 and \s-1KMAC\s0 implementations set the key using the 'salt' value. +The hash and \s-1HMAC\s0 also require the digest to be set. +.SS "Identity" +.IX Subsection "Identity" +\&\*(L"\s-1SSKDF\s0\*(R" is the name for this implementation; it +can be used with the \fIEVP_KDF_fetch()\fR function. +.SS "Supported parameters" +.IX Subsection "Supported parameters" +The supported parameters are: +.ie n .IP """properties"" (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``properties'' (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "properties (OSSL_KDF_PARAM_PROPERTIES) " +.PD 0 +.ie n .IP """digest"" (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``digest'' (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "digest (OSSL_KDF_PARAM_DIGEST) " +.ie n .IP """mac"" (\fB\s-1OSSL_KDF_PARAM_MAC\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``mac'' (\fB\s-1OSSL_KDF_PARAM_MAC\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "mac (OSSL_KDF_PARAM_MAC) " +.ie n .IP """maclen"" (\fB\s-1OSSL_KDF_PARAM_MAC_SIZE\s0\fR) " 4 +.el .IP "``maclen'' (\fB\s-1OSSL_KDF_PARAM_MAC_SIZE\s0\fR) " 4 +.IX Item "maclen (OSSL_KDF_PARAM_MAC_SIZE) " +.ie n .IP """salt"" (\fB\s-1OSSL_KDF_PARAM_SALT\s0\fR) " 4 +.el .IP "``salt'' (\fB\s-1OSSL_KDF_PARAM_SALT\s0\fR) " 4 +.IX Item "salt (OSSL_KDF_PARAM_SALT) " +.PD +These parameters work as described in \*(L"\s-1PARAMETERS\s0\*(R" in \s-1\fIEVP_KDF\s0\fR\|(3). +.ie n .IP """key"" (\fB\s-1EVP_KDF_CTRL_SET_KEY\s0\fR) " 4 +.el .IP "``key'' (\fB\s-1EVP_KDF_CTRL_SET_KEY\s0\fR) " 4 +.IX Item "key (EVP_KDF_CTRL_SET_KEY) " +This parameter set the shared secret that is used for key derivation. +.ie n .IP """info"" (\fB\s-1OSSL_KDF_PARAM_INFO\s0\fR) " 4 +.el .IP "``info'' (\fB\s-1OSSL_KDF_PARAM_INFO\s0\fR) " 4 +.IX Item "info (OSSL_KDF_PARAM_INFO) " +This parameter sets an optional value for fixedinfo, also known as otherinfo. +.SH "NOTES" +.IX Header "NOTES" +A context for \s-1SSKDF\s0 can be obtained by calling: +.PP +.Vb 2 +\& EVP_KDF *kdf = EVP_KDF_fetch(NULL, "SSKDF", NULL); +\& EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf); +.Ve +.PP +The output length of an \s-1SSKDF\s0 is specified via the \fIkeylen\fR +parameter to the \fIEVP_KDF_derive\fR\|(3) function. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This example derives 10 bytes using H(x) = \s-1SHA\-256\s0, with the secret key \*(L"secret\*(R" +and fixedinfo value \*(L"label\*(R": +.PP +.Vb 4 +\& EVP_KDF *kdf; +\& EVP_KDF_CTX *kctx; +\& unsigned char out[10]; +\& OSSL_PARAM params[4], *p = params; +\& +\& kdf = EVP_KDF_fetch(NULL, "SSKDF", NULL); +\& kctx = EVP_KDF_CTX_new(kdf); +\& EVP_KDF_free(kdf); +\& +\& *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, +\& SN_sha256, strlen(SN_sha256)); +\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, +\& "secret", (size_t)6); +\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, +\& "label", (size_t)5); +\& *p = OSSL_PARAM_construct_end(); +\& if (EVP_KDF_CTX_set_params(kctx, params) <= 0) { +\& error("EVP_KDF_CTX_set_params"); +\& } +\& if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) { +\& error("EVP_KDF_derive"); +\& } +\& +\& EVP_KDF_CTX_free(kctx); +.Ve +.PP +This example derives 10 bytes using H(x) = \s-1HMAC\s0(\s-1SHA\-256\s0), with the secret key \*(L"secret\*(R", +fixedinfo value \*(L"label\*(R" and salt \*(L"salt\*(R": +.PP +.Vb 4 +\& EVP_KDF *kdf; +\& EVP_KDF_CTX *kctx; +\& unsigned char out[10]; +\& OSSL_PARAM params[6], *p = params; +\& +\& kdf = EVP_KDF_fetch(NULL, "SSKDF", NULL); +\& kctx = EVP_KDF_CTX_new(kdf); +\& EVP_KDF_free(kdf); +\& +\& *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC, +\& SN_hmac, strlen(SN_hmac)); +\& *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, +\& SN_sha256, strlen(SN_sha256)); +\& *p++ = OSSL_PARAM_construct_octet_string(EVP_KDF_CTRL_SET_KEY, +\& "secret", (size_t)6); +\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, +\& "label", (size_t)5); +\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, +\& "salt", (size_t)4); +\& *p = OSSL_PARAM_construct_end(); +\& if (EVP_KDF_CTX_set_params(kctx, params) <= 0) { +\& error("EVP_KDF_CTX_set_params"); +\& } +\& if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) { +\& error("EVP_KDF_derive"); +\& } +\& +\& EVP_KDF_CTX_free(kctx); +.Ve +.PP +This example derives 10 bytes using H(x) = \s-1KMAC128\s0(x,salt,outlen), with the secret key \*(L"secret\*(R" +fixedinfo value \*(L"label\*(R", salt of \*(L"salt\*(R" and \s-1KMAC\s0 outlen of 20: +.PP +.Vb 4 +\& EVP_KDF *kdf; +\& EVP_KDF_CTX *kctx; +\& unsigned char out[10]; +\& OSSL_PARAM params[7], *p = params; +\& +\& kdf = EVP_KDF_fetch(NULL, "SSKDF", NULL); +\& kctx = EVP_KDF_CTX_new(kdf); +\& EVP_KDF_free(kdf); +\& +\& *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC, +\& SN_kmac128, strlen(SN_kmac128)); +\& *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, +\& SN_sha256, strlen(SN_sha256)); +\& *p++ = OSSL_PARAM_construct_octet_string(EVP_KDF_CTRL_SET_KEY, +\& "secret", (size_t)6); +\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, +\& "label", (size_t)5); +\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, +\& "salt", (size_t)4); +\& *p++ = OSSL_PARAM_construct_size_t(OSSL_KDF_PARAM_MAC_SIZE, (size_t)20); +\& *p = OSSL_PARAM_construct_end(); +\& if (EVP_KDF_CTX_set_params(kctx, params) <= 0) { +\& error("EVP_KDF_CTX_set_params"); +\& } +\& if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) { +\& error("EVP_KDF_derive"); +\& } +\& +\& EVP_KDF_CTX_free(kctx); +.Ve +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1NIST\s0 SP800\-56Cr1. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fIEVP_KDF\s0\fR\|(3), +\&\fIEVP_KDF_CTX_new\fR\|(3), +\&\fIEVP_KDF_CTX_free\fR\|(3), +\&\fIEVP_KDF_CTX_set_params\fR\|(3), +\&\fIEVP_KDF_size\fR\|(3), +\&\fIEVP_KDF_derive\fR\|(3), +\&\*(L"\s-1PARAMETERS\s0\*(R" in \s-1\fIEVP_KDF\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +This functionality was added to OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. Copyright +(c) 2019, Oracle and/or its affiliates. All rights reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man7/EVP_KDF-SSHKDF.7 b/linux_amd64/share/man/man7/EVP_KDF-SSHKDF.7 new file mode 100755 index 0000000..63b0789 --- /dev/null +++ b/linux_amd64/share/man/man7/EVP_KDF-SSHKDF.7 @@ -0,0 +1,276 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_KDF-SSHKDF 7" +.TH EVP_KDF-SSHKDF 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_KDF\-SSHKDF \- The SSHKDF EVP_KDF implementation +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Support for computing the \fB\s-1SSHKDF\s0\fR \s-1KDF\s0 through the \fB\s-1EVP_KDF\s0\fR \s-1API\s0. +.PP +The \s-1EVP_KDF\-SSHKDF\s0 algorithm implements the \s-1SSHKDF\s0 key derivation function. +It is defined in \s-1RFC\s0 4253, section 7.2 and is used by \s-1SSH\s0 to derive IVs, +encryption keys and integrity keys. +Five inputs are required to perform key derivation: The hashing function +(for example \s-1SHA256\s0), the Initial Key, the Exchange Hash, the Session \s-1ID\s0, +and the derivation key type. +.SS "Identity" +.IX Subsection "Identity" +\&\*(L"\s-1SSHKDF\s0\*(R" is the name for this implementation; it +can be used with the \fIEVP_KDF_fetch()\fR function. +.SS "Supported parameters" +.IX Subsection "Supported parameters" +The supported parameters are: +.ie n .IP """properties"" (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``properties'' (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "properties (OSSL_KDF_PARAM_PROPERTIES) " +.PD 0 +.ie n .IP """digest"" (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``digest'' (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "digest (OSSL_KDF_PARAM_DIGEST) " +.ie n .IP """key"" (\fB\s-1OSSL_KDF_PARAM_KEY\s0\fR) " 4 +.el .IP "``key'' (\fB\s-1OSSL_KDF_PARAM_KEY\s0\fR) " 4 +.IX Item "key (OSSL_KDF_PARAM_KEY) " +.PD +These parameters work as described in \*(L"\s-1PARAMETERS\s0\*(R" in \s-1\fIEVP_KDF\s0\fR\|(3). +.ie n .IP """xcghash"" (\fB\s-1OSSL_KDF_PARAM_SSHKDF_XCGHASH\s0\fR) " 4 +.el .IP "``xcghash'' (\fB\s-1OSSL_KDF_PARAM_SSHKDF_XCGHASH\s0\fR) " 4 +.IX Item "xcghash (OSSL_KDF_PARAM_SSHKDF_XCGHASH) " +.PD 0 +.ie n .IP """session_id"" (\fB\s-1OSSL_KDF_PARAM_SSHKDF_SESSION_ID\s0\fR) " 4 +.el .IP "``session_id'' (\fB\s-1OSSL_KDF_PARAM_SSHKDF_SESSION_ID\s0\fR) " 4 +.IX Item "session_id (OSSL_KDF_PARAM_SSHKDF_SESSION_ID) " +.PD +These parameters set the respective values for the \s-1KDF\s0. +If a value is already set, the contents are replaced. +.ie n .IP """type"" (\fB\s-1OSSL_KDF_PARAM_SSHKDF_TYPE\s0\fR) " 4 +.el .IP "``type'' (\fB\s-1OSSL_KDF_PARAM_SSHKDF_TYPE\s0\fR) " 4 +.IX Item "type (OSSL_KDF_PARAM_SSHKDF_TYPE) " +This parameter sets the type for the \s-1SSHHKDF\s0 operation. +There are six supported types: +.RS 4 +.IP "\s-1EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV\s0" 4 +.IX Item "EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV" +The Initial \s-1IV\s0 from client to server. +A single char of value 65 (\s-1ASCII\s0 char 'A'). +.IP "\s-1EVP_KDF_SSHKDF_TYPE_INITIAL_IV_SRV_TO_CLI\s0" 4 +.IX Item "EVP_KDF_SSHKDF_TYPE_INITIAL_IV_SRV_TO_CLI" +The Initial \s-1IV\s0 from server to client +A single char of value 66 (\s-1ASCII\s0 char 'B'). +.IP "\s-1EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_CLI_TO_SRV\s0" 4 +.IX Item "EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_CLI_TO_SRV" +The Encryption Key from client to server +A single char of value 67 (\s-1ASCII\s0 char 'C'). +.IP "\s-1EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_SRV_TO_CLI\s0" 4 +.IX Item "EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_SRV_TO_CLI" +The Encryption Key from server to client +A single char of value 68 (\s-1ASCII\s0 char 'D'). +.IP "\s-1EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_CLI_TO_SRV\s0" 4 +.IX Item "EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_CLI_TO_SRV" +The Integrity Key from client to server +A single char of value 69 (\s-1ASCII\s0 char 'E'). +.IP "\s-1EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_SRV_TO_CLI\s0" 4 +.IX Item "EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_SRV_TO_CLI" +The Integrity Key from client to server +A single char of value 70 (\s-1ASCII\s0 char 'F'). +.RE +.RS 4 +.RE +.SH "NOTES" +.IX Header "NOTES" +A context for \s-1SSHKDF\s0 can be obtained by calling: +.PP +.Vb 2 +\& EVP_KDF *kdf = EVP_KDF_fetch(NULL, "SSHKDF", NULL); +\& EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf); +.Ve +.PP +The output length of the \s-1SSHKDF\s0 derivation is specified via the \fIkeylen\fR +parameter to the \fIEVP_KDF_derive\fR\|(3) function. +Since the \s-1SSHKDF\s0 output length is variable, calling \fIEVP_KDF_size\fR\|(3) +to obtain the requisite length is not meaningful. The caller must +allocate a buffer of the desired length, and pass that buffer to the +\&\fIEVP_KDF_derive\fR\|(3) function along with the desired length. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This example derives an 8 byte \s-1IV\s0 using \s-1SHA\-256\s0 with a 1K \*(L"key\*(R" and appropriate +\&\*(L"xcghash\*(R" and \*(L"session_id\*(R" values: +.PP +.Vb 8 +\& EVP_KDF *kdf; +\& EVP_KDF_CTX *kctx; +\& unsigned char key[1024] = "01234..."; +\& unsigned char xcghash[32] = "012345..."; +\& unsigned char session_id[32] = "012345..."; +\& unsigned char out[8]; +\& size_t outlen = sizeof(out); +\& OSSL_PARAM params[6], *p = params; +\& +\& kdf = EVP_KDF_fetch(NULL, "SSHKDF", NULL); +\& kctx = EVP_KDF_CTX_new(kdf); +\& EVP_KDF_free(kdf); +\& +\& *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, +\& SN_sha256, strlen(SN_sha256)); +\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, +\& key, (size_t)1024); +\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SSHKDF_XCGHASH, +\& xcghash, (size_t)32); +\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, +\& session_id, (size_t)32); +\& *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_SSHKDF_TYPE, +\& EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV); +\& *p = OSSL_PARAM_construct_end(); +\& if (EVP_KDF_CTX_set_params(kctx, params) <= 0) +\& /* Error */ +\& +\& if (EVP_KDF_derive(kctx, out, &outlen) <= 0) +\& /* Error */ +.Ve +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1RFC\s0 4253 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fIEVP_KDF\s0\fR\|(3), +\&\fIEVP_KDF_CTX_new\fR\|(3), +\&\fIEVP_KDF_CTX_free\fR\|(3), +\&\fIEVP_KDF_CTX_set_params\fR\|(3), +\&\fIEVP_KDF_size\fR\|(3), +\&\fIEVP_KDF_derive\fR\|(3), +\&\*(L"\s-1PARAMETERS\s0\*(R" in \s-1\fIEVP_KDF\s0\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man7/EVP_KDF-TLS1_PRF.7 b/linux_amd64/share/man/man7/EVP_KDF-TLS1_PRF.7 new file mode 100755 index 0000000..14ad60b --- /dev/null +++ b/linux_amd64/share/man/man7/EVP_KDF-TLS1_PRF.7 @@ -0,0 +1,234 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_KDF-TLS1_PRF 7" +.TH EVP_KDF-TLS1_PRF 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_KDF\-TLS1_PRF \- The TLS1 PRF EVP_KDF implementation +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Support for computing the \fB\s-1TLS1\s0\fR \s-1PRF\s0 through the \fB\s-1EVP_KDF\s0\fR \s-1API\s0. +.PP +The \s-1EVP_KDF\-TLS1_PRF\s0 algorithm implements the \s-1PRF\s0 used by \s-1TLS\s0 versions up to +and including \s-1TLS\s0 1.2. +.SS "Identity" +.IX Subsection "Identity" +\&\*(L"\s-1TLS1\-PRF\s0\*(R" is the name for this implementation; it +can be used with the \fIEVP_KDF_fetch()\fR function. +.SS "Supported parameters" +.IX Subsection "Supported parameters" +The supported parameters are: +.ie n .IP """properties"" (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``properties'' (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "properties (OSSL_KDF_PARAM_PROPERTIES) " +.PD 0 +.ie n .IP """digest"" (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``digest'' (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "digest (OSSL_KDF_PARAM_DIGEST) " +.PD +These parameters work as described in \*(L"\s-1PARAMETERS\s0\*(R" in \s-1\fIEVP_KDF\s0\fR\|(3). +.Sp +The \fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR parameter is used to set the message digest +associated with the \s-1TLS\s0 \s-1PRF\s0. +\&\fIEVP_md5_sha1()\fR is treated as a special case which uses the +\&\s-1PRF\s0 algorithm using both \fB\s-1MD5\s0\fR and \fB\s-1SHA1\s0\fR as used in \s-1TLS\s0 1.0 and 1.1. +.ie n .IP """secret"" (\fB\s-1OSSL_KDF_PARAM_SECRET\s0\fR) " 4 +.el .IP "``secret'' (\fB\s-1OSSL_KDF_PARAM_SECRET\s0\fR) " 4 +.IX Item "secret (OSSL_KDF_PARAM_SECRET) " +This parameter sets the secret value of the \s-1TLS\s0 \s-1PRF\s0. +Any existing secret value is replaced. +.ie n .IP """seed"" (\fB\s-1OSSL_KDF_PARAM_SEED\s0\fR) " 4 +.el .IP "``seed'' (\fB\s-1OSSL_KDF_PARAM_SEED\s0\fR) " 4 +.IX Item "seed (OSSL_KDF_PARAM_SEED) " +This parameter sets the context seed. +The length of the context seed cannot exceed 1024 bytes; +this should be more than enough for any normal use of the \s-1TLS\s0 \s-1PRF\s0. +.SH "NOTES" +.IX Header "NOTES" +A context for the \s-1TLS\s0 \s-1PRF\s0 can be obtained by calling: +.PP +.Vb 2 +\& EVP_KDF *kdf = EVP_KDF_fetch(NULL, "TLS1\-PRF", NULL); +\& EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf); +.Ve +.PP +The digest, secret value and seed must be set before a key is derived otherwise +an error will occur. +.PP +The output length of the \s-1PRF\s0 is specified by the \fIkeylen\fR parameter to the +\&\fIEVP_KDF_derive()\fR function. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This example derives 10 bytes using \s-1SHA\-256\s0 with the secret key \*(L"secret\*(R" +and seed value \*(L"seed\*(R": +.PP +.Vb 4 +\& EVP_KDF *kdf; +\& EVP_KDF_CTX *kctx; +\& unsigned char out[10]; +\& OSSL_PARAM params[4], *p = params; +\& +\& kdf = EVP_KDF_fetch(NULL, "TLS1\-PRF", NULL); +\& kctx = EVP_KDF_CTX_new(kdf); +\& EVP_KDF_free(kdf); +\& +\& *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, +\& SN_sha256, strlen(SN_sha256)); +\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET, +\& "secret", (size_t)6); +\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED, +\& "seed", (size_t)4); +\& *p = OSSL_PARAM_construct_end(); +\& if (EVP_KDF_CTX_set_params(kctx, params) <= 0) { +\& error("EVP_KDF_CTX_set_params"); +\& } +\& if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) { +\& error("EVP_KDF_derive"); +\& } +\& EVP_KDF_CTX_free(kctx); +.Ve +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1RFC\s0 2246, \s-1RFC\s0 5246 and \s-1NIST\s0 \s-1SP\s0 800\-135 r1 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fIEVP_KDF\s0\fR\|(3), +\&\fIEVP_KDF_CTX_new\fR\|(3), +\&\fIEVP_KDF_CTX_free\fR\|(3), +\&\fIEVP_KDF_CTX_set_params\fR\|(3), +\&\fIEVP_KDF_derive\fR\|(3), +\&\*(L"\s-1PARAMETERS\s0\*(R" in \s-1\fIEVP_KDF\s0\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man7/EVP_KDF-X942.7 b/linux_amd64/share/man/man7/EVP_KDF-X942.7 new file mode 100755 index 0000000..5c2d79f --- /dev/null +++ b/linux_amd64/share/man/man7/EVP_KDF-X942.7 @@ -0,0 +1,242 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_KDF-X942 7" +.TH EVP_KDF-X942 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_KDF\-X942 \- The X9.42\-2001 asn1 EVP_KDF implementation +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP_KDF\-X942\s0 algorithm implements the key derivation function (X942KDF). +X942KDF is used by Cryptographic Message Syntax (\s-1CMS\s0) for \s-1DH\s0 KeyAgreement, to +derive a key using input such as a shared secret key and other info. The other +info is \s-1DER\s0 encoded data that contains a 32 bit counter. +.SS "Identity" +.IX Subsection "Identity" +\&\*(L"X942KDF\*(R" is the name for this implementation; it +can be used with the \fIEVP_KDF_fetch()\fR function. +.SS "Supported parameters" +.IX Subsection "Supported parameters" +The supported parameters are: +.ie n .IP """properties"" (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``properties'' (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "properties (OSSL_KDF_PARAM_PROPERTIES) " +.PD 0 +.ie n .IP """digest"" (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``digest'' (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "digest (OSSL_KDF_PARAM_DIGEST) " +.PD +These parameters work as described in \*(L"\s-1PARAMETERS\s0\*(R" in \s-1\fIEVP_KDF\s0\fR\|(3). +.ie n .IP """key"" (\fB\s-1OSSL_KDF_PARAM_KEY\s0\fR) " 4 +.el .IP "``key'' (\fB\s-1OSSL_KDF_PARAM_KEY\s0\fR) " 4 +.IX Item "key (OSSL_KDF_PARAM_KEY) " +The shared secret used for key derivation. This parameter sets the secret. +.ie n .IP """ukm"" (\fB\s-1OSSL_KDF_PARAM_UKM\s0\fR) " 4 +.el .IP "``ukm'' (\fB\s-1OSSL_KDF_PARAM_UKM\s0\fR) " 4 +.IX Item "ukm (OSSL_KDF_PARAM_UKM) " +This parameter is an optional random string that is provided +by the sender called \*(L"partyAInfo\*(R". +In \s-1CMS\s0 this is the user keying material. +.ie n .IP """cekalg"" (\fB\s-1OSSL_KDF_PARAM_CEK_ALG\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``cekalg'' (\fB\s-1OSSL_KDF_PARAM_CEK_ALG\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "cekalg (OSSL_KDF_PARAM_CEK_ALG) " +This parameter sets the \s-1CEK\s0 wrapping algorithm name. +.SH "NOTES" +.IX Header "NOTES" +A context for X942KDF can be obtained by calling: +.PP +.Vb 2 +\& EVP_KDF *kdf = EVP_KDF_fetch(NULL, "X942KDF", NULL); +\& EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf); +.Ve +.PP +The output length of an X942KDF is specified via the \fIkeylen\fR +parameter to the \fIEVP_KDF_derive\fR\|(3) function. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This example derives 24 bytes, with the secret key \*(L"secret\*(R" and a random user +keying material: +.PP +.Vb 5 +\& EVP_KDF_CTX *kctx; +\& EVP_KDF_CTX *kctx; +\& unsigned char out[192/8]; +\& unsignred char ukm[64]; +\& OSSL_PARAM params[5], *p = params; +\& +\& if (RAND_bytes(ukm, sizeof(ukm)) <= 0) +\& error("RAND_bytes"); +\& +\& kdf = EVP_KDF_fetch(NULL, "X942KDF", NULL); +\& if (kctx == NULL) +\& error("EVP_KDF_fetch"); +\& kctx = EVP_KDF_CTX_new(kdf); +\& if (kctx == NULL) +\& error("EVP_KDF_CTX_new"); +\& EVP_KDF_free(kdf); +\& +\& *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, +\& SN_sha256, strlen(SN_sha256)); +\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET, +\& "secret", (size_t)6); +\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_UKM, ukm, sizeof(ukm)); +\& *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CEK_ALG, +\& SN_id_smime_alg_CMS3DESwrap, +\& strlen(SN_id_smime_alg_CMS3DESwrap)); +\& *p = OSSL_PARAM_construct_end(); +\& if (EVP_KDF_CTX_set_params(kctx, params) <= 0) +\& error("EVP_KDF_CTX_set_params"); +\& if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) +\& error("EVP_KDF_derive"); +\& +\& EVP_KDF_CTX_free(kctx); +.Ve +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1RFC\s0 2631 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fIEVP_KDF\s0\fR\|(3), +\&\fIEVP_KDF_CTX_new\fR\|(3), +\&\fIEVP_KDF_CTX_free\fR\|(3), +\&\fIEVP_KDF_CTX_set_params\fR\|(3), +\&\fIEVP_KDF_size\fR\|(3), +\&\fIEVP_KDF_derive\fR\|(3), +\&\*(L"\s-1PARAMETERS\s0\*(R" in \s-1\fIEVP_KDF\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +This functionality was added to OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man7/EVP_KDF-X963.7 b/linux_amd64/share/man/man7/EVP_KDF-X963.7 new file mode 100755 index 0000000..b532b29 --- /dev/null +++ b/linux_amd64/share/man/man7/EVP_KDF-X963.7 @@ -0,0 +1,231 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_KDF-X963 7" +.TH EVP_KDF-X963 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_KDF\-X963 \- The X9.63\-2001 EVP_KDF implementation +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP_KDF\-X963\s0 algorithm implements the key derivation function (X963KDF). +X963KDF is used by Cryptographic Message Syntax (\s-1CMS\s0) for \s-1EC\s0 KeyAgreement, to +derive a key using input such as a shared secret key and shared info. +.SS "Identity" +.IX Subsection "Identity" +\&\*(L"X963KDF\*(R" is the name for this implementation; it +can be used with the \fIEVP_KDF_fetch()\fR function. +.SS "Supported parameters" +.IX Subsection "Supported parameters" +The supported parameters are: +.ie n .IP """properties"" (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``properties'' (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "properties (OSSL_KDF_PARAM_PROPERTIES) " +.PD 0 +.ie n .IP """digest"" (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``digest'' (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "digest (OSSL_KDF_PARAM_DIGEST) " +.PD +These parameters work as described in \*(L"\s-1PARAMETERS\s0\*(R" in \s-1\fIEVP_KDF\s0\fR\|(3). +.ie n .IP """key"" (\fB\s-1OSSL_KDF_PARAM_KEY\s0\fR) " 4 +.el .IP "``key'' (\fB\s-1OSSL_KDF_PARAM_KEY\s0\fR) " 4 +.IX Item "key (OSSL_KDF_PARAM_KEY) " +The shared secret used for key derivation. +This parameter sets the secret. +.ie n .IP """info"" (\fB\s-1OSSL_KDF_PARAM_INFO\s0\fR) " 4 +.el .IP "``info'' (\fB\s-1OSSL_KDF_PARAM_INFO\s0\fR) " 4 +.IX Item "info (OSSL_KDF_PARAM_INFO) " +This parameter specifies an optional value for shared info. +.SH "NOTES" +.IX Header "NOTES" +X963KDF is very similar to the \s-1SSKDF\s0 that uses a digest as the auxiliary function, +X963KDF appends the counter to the secret, whereas \s-1SSKDF\s0 prepends the counter. +.PP +A context for X963KDF can be obtained by calling: +.PP +.Vb 2 +\& EVP_KDF *kdf = EVP_KDF_fetch(NULL, "X963KDF", NULL); +\& EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf); +.Ve +.PP +The output length of an X963KDF is specified via the \fIkeylen\fR +parameter to the \fIEVP_KDF_derive\fR\|(3) function. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This example derives 10 bytes, with the secret key \*(L"secret\*(R" and sharedinfo +value \*(L"label\*(R": +.PP +.Vb 4 +\& EVP_KDF *kdf; +\& EVP_KDF_CTX *kctx; +\& unsigned char out[10]; +\& OSSL_PARAM params[4], *p = params; +\& +\& kdf = EVP_KDF_fetch(NULL, "X963KDF", NULL); +\& kctx = EVP_KDF_CTX_new(kdf); +\& EVP_KDF_free(kdf); +\& +\& *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, +\& SN_sha256, strlen(SN_sha256)); +\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET, +\& "secret", (size_t)6); +\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, +\& "label", (size_t)5); +\& *p = OSSL_PARAM_construct_end(); +\& if (EVP_KDF_CTX_set_params(kctx, params) <= 0) { +\& error("EVP_KDF_CTX_set_params"); +\& } +\& if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) { +\& error("EVP_KDF_derive"); +\& } +\& +\& EVP_KDF_CTX_free(kctx); +.Ve +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\*(L"\s-1SEC\s0 1: Elliptic Curve Cryptography\*(R" +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fIEVP_KDF\s0\fR\|(3), +\&\fIEVP_KDF_CTX_new\fR\|(3), +\&\fIEVP_KDF_CTX_free\fR\|(3), +\&\fIEVP_KDF_CTX_set_params\fR\|(3), +\&\fIEVP_KDF_size\fR\|(3), +\&\fIEVP_KDF_derive\fR\|(3), +\&\*(L"\s-1PARAMETERS\s0\*(R" in \s-1\fIEVP_KDF\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +This functionality was added to OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man7/EVP_MAC-BLAKE2.7 b/linux_amd64/share/man/man7/EVP_MAC-BLAKE2.7 new file mode 100755 index 0000000..fd33c20 --- /dev/null +++ b/linux_amd64/share/man/man7/EVP_MAC-BLAKE2.7 @@ -0,0 +1,196 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_MAC-BLAKE2 7" +.TH EVP_MAC-BLAKE2 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_MAC\-BLAKE2, EVP_MAC\-BLAKE2BMAC, EVP_MAC\-BLAKE2SMAC +\&\- The BLAKE2 EVP_MAC implementations +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Support for computing \s-1BLAKE2\s0 MACs through the \fB\s-1EVP_MAC\s0\fR \s-1API\s0. +.SS "Identity" +.IX Subsection "Identity" +These implementations are identified with one of these names and +properties, to be used with \fIEVP_MAC_fetch()\fR: +.ie n .IP """\s-1BLAKE2BMAC\s0"", ""provider=default""" 4 +.el .IP "``\s-1BLAKE2BMAC\s0'', ``provider=default''" 4 +.IX Item "BLAKE2BMAC, provider=default" +.PD 0 +.ie n .IP """\s-1BLAKE2SMAC\s0"", ""provider=default""" 4 +.el .IP "``\s-1BLAKE2SMAC\s0'', ``provider=default''" 4 +.IX Item "BLAKE2SMAC, provider=default" +.PD +.SS "Supported parameters" +.IX Subsection "Supported parameters" +The general description of these parameters can be found in +\&\*(L"\s-1PARAMETERS\s0\*(R" in \s-1\fIEVP_MAC\s0\fR\|(3). +.PP +All these parameters can be set with \fIEVP_MAC_CTX_set_params()\fR. +Furthermore, the \*(L"size\*(R" parameter can be retrieved with +\&\fIEVP_MAC_CTX_get_params()\fR, or with \fIEVP_MAC_size()\fR. +The length of the \*(L"size\*(R" parameter should not exceed that of a \fBsize_t\fR. +.ie n .IP """key"" (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) " 4 +.el .IP "``key'' (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) " 4 +.IX Item "key (OSSL_MAC_PARAM_KEY) " +This may be at most 64 bytes for \s-1BLAKE2BMAC\s0 or 32 for \s-1BLAKE2SMAC\s0 and +at least 1 byte in both cases. +.ie n .IP """custom"" (\fB\s-1OSSL_MAC_PARAM_CUSTOM\s0\fR) " 4 +.el .IP "``custom'' (\fB\s-1OSSL_MAC_PARAM_CUSTOM\s0\fR) " 4 +.IX Item "custom (OSSL_MAC_PARAM_CUSTOM) " +This is an optional value of at most 16 bytes for \s-1BLAKE2BMAC\s0 or 8 for +\&\s-1BLAKE2SMAC\s0. +It is empty by default. +.ie n .IP """salt"" (\fB\s-1OSSL_MAC_PARAM_SALT\s0\fR) " 4 +.el .IP "``salt'' (\fB\s-1OSSL_MAC_PARAM_SALT\s0\fR) " 4 +.IX Item "salt (OSSL_MAC_PARAM_SALT) " +This is an optional value of at most 16 bytes for \s-1BLAKE2BMAC\s0 or 8 for +\&\s-1BLAKE2SMAC\s0. +It is empty by default. +.ie n .IP """size"" (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) " 4 +.el .IP "``size'' (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) " 4 +.IX Item "size (OSSL_MAC_PARAM_SIZE) " +When set, this can be any number between between 1 and 32 for +\&\s-1EVP_MAC_BLAKE2S\s0 or 64 for \s-1EVP_MAC_BLAKE2B\s0. +It is 32 and 64 respectively by default. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_MAC_CTX_get_params\fR\|(3), \fIEVP_MAC_CTX_set_params\fR\|(3), +\&\*(L"\s-1PARAMETERS\s0\*(R" in \s-1\fIEVP_MAC\s0\fR\|(3), \s-1\fIOSSL_PARAM\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The macros and functions described here were added to OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man7/EVP_MAC-CMAC.7 b/linux_amd64/share/man/man7/EVP_MAC-CMAC.7 new file mode 100755 index 0000000..a9dde07 --- /dev/null +++ b/linux_amd64/share/man/man7/EVP_MAC-CMAC.7 @@ -0,0 +1,181 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_MAC-CMAC 7" +.TH EVP_MAC-CMAC 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_MAC\-CMAC \- The CMAC EVP_MAC implementation +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Support for computing \s-1CMAC\s0 MACs through the \fB\s-1EVP_MAC\s0\fR \s-1API\s0. +.SS "Identity" +.IX Subsection "Identity" +This implementation is identified with this name and properties, to be +used with \fIEVP_MAC_fetch()\fR: +.ie n .IP """\s-1CMAC\s0"", ""provider=default"" or ""provider=fips""" 4 +.el .IP "``\s-1CMAC\s0'', ``provider=default'' or ``provider=fips''" 4 +.IX Item "CMAC, provider=default or provider=fips" +.SS "Supported parameters" +.IX Subsection "Supported parameters" +The general description of these parameters can be found in +\&\*(L"\s-1PARAMETERS\s0\*(R" in \s-1\fIEVP_MAC\s0\fR\|(3). +.PP +The following parameter can be set with \fIEVP_MAC_CTX_set_params()\fR: +.ie n .IP """key"" (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) " 4 +.el .IP "``key'' (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) " 4 +.IX Item "key (OSSL_MAC_PARAM_KEY) " +.PD 0 +.ie n .IP """cipher"" (\fB\s-1OSSL_MAC_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``cipher'' (\fB\s-1OSSL_MAC_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "cipher (OSSL_MAC_PARAM_CIPHER) " +.ie n .IP """properties"" (\fB\s-1OSSL_MAC_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``properties'' (\fB\s-1OSSL_MAC_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "properties (OSSL_MAC_PARAM_PROPERTIES) " +.PD +.PP +The following parameters can be retrieved with +\&\fIEVP_MAC_CTX_get_params()\fR: +.ie n .IP """size"" (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) " 4 +.el .IP "``size'' (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) " 4 +.IX Item "size (OSSL_MAC_PARAM_SIZE) " +.PP +The \*(L"size\*(R" parameter can also be retrieved with with \fIEVP_MAC_size()\fR. +The length of the \*(L"size\*(R" parameter is equal to that of an \fBunsigned int\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_MAC_CTX_get_params\fR\|(3), \fIEVP_MAC_CTX_set_params\fR\|(3), +\&\*(L"\s-1PARAMETERS\s0\*(R" in \s-1\fIEVP_MAC\s0\fR\|(3), \s-1\fIOSSL_PARAM\s0\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man7/EVP_MAC-GMAC.7 b/linux_amd64/share/man/man7/EVP_MAC-GMAC.7 new file mode 100755 index 0000000..ec70f7c --- /dev/null +++ b/linux_amd64/share/man/man7/EVP_MAC-GMAC.7 @@ -0,0 +1,184 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_MAC-GMAC 7" +.TH EVP_MAC-GMAC 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_MAC\-GMAC \- The GMAC EVP_MAC implementation +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Support for computing \s-1GMAC\s0 MACs through the \fB\s-1EVP_MAC\s0\fR \s-1API\s0. +.SS "Identity" +.IX Subsection "Identity" +This implementation is identified with this name and properties, to be +used with \fIEVP_MAC_fetch()\fR: +.ie n .IP """\s-1GMAC\s0"", ""provider=default"" or ""provider=fips""" 4 +.el .IP "``\s-1GMAC\s0'', ``provider=default'' or ``provider=fips''" 4 +.IX Item "GMAC, provider=default or provider=fips" +.SS "Supported parameters" +.IX Subsection "Supported parameters" +The general description of these parameters can be found in +\&\*(L"\s-1PARAMETERS\s0\*(R" in \s-1\fIEVP_MAC\s0\fR\|(3). +.PP +The following parameter can be set with \fIEVP_MAC_CTX_set_params()\fR: +.ie n .IP """key"" (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) " 4 +.el .IP "``key'' (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) " 4 +.IX Item "key (OSSL_MAC_PARAM_KEY) " +.PD 0 +.ie n .IP """iv"" (\fB\s-1OSSL_MAC_PARAM_IV\s0\fR) " 4 +.el .IP "``iv'' (\fB\s-1OSSL_MAC_PARAM_IV\s0\fR) " 4 +.IX Item "iv (OSSL_MAC_PARAM_IV) " +.ie n .IP """cipher"" (\fB\s-1OSSL_MAC_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``cipher'' (\fB\s-1OSSL_MAC_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "cipher (OSSL_MAC_PARAM_CIPHER) " +.ie n .IP """properties"" (\fB\s-1OSSL_MAC_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``properties'' (\fB\s-1OSSL_MAC_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "properties (OSSL_MAC_PARAM_PROPERTIES) " +.PD +.PP +The following parameters can be retrieved with +\&\fIEVP_MAC_CTX_get_params()\fR: +.ie n .IP """size"" (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) " 4 +.el .IP "``size'' (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) " 4 +.IX Item "size (OSSL_MAC_PARAM_SIZE) " +.PP +The \*(L"size\*(R" parameter can also be retrieved with \fIEVP_MAC_size()\fR. +The length of the \*(L"size\*(R" parameter is equal to that of an \fBunsigned int\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_MAC_CTX_get_params\fR\|(3), \fIEVP_MAC_CTX_set_params\fR\|(3), +\&\*(L"\s-1PARAMETERS\s0\*(R" in \s-1\fIEVP_MAC\s0\fR\|(3), \s-1\fIOSSL_PARAM\s0\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man7/EVP_MAC-HMAC.7 b/linux_amd64/share/man/man7/EVP_MAC-HMAC.7 new file mode 100755 index 0000000..52e62ec --- /dev/null +++ b/linux_amd64/share/man/man7/EVP_MAC-HMAC.7 @@ -0,0 +1,186 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_MAC-HMAC 7" +.TH EVP_MAC-HMAC 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_MAC\-HMAC \- The HMAC EVP_MAC implementation +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Support for computing \s-1HMAC\s0 MACs through the \fB\s-1EVP_MAC\s0\fR \s-1API\s0. +.SS "Identity" +.IX Subsection "Identity" +This implementation is identified with this name and properties, to be +used with \fIEVP_MAC_fetch()\fR: +.ie n .IP """\s-1HMAC\s0"", ""provider=default"" or ""provider=fips""" 4 +.el .IP "``\s-1HMAC\s0'', ``provider=default'' or ``provider=fips''" 4 +.IX Item "HMAC, provider=default or provider=fips" +.SS "Supported parameters" +.IX Subsection "Supported parameters" +The general description of these parameters can be found in +\&\*(L"\s-1PARAMETERS\s0\*(R" in \s-1\fIEVP_MAC\s0\fR\|(3). +.PP +The following parameter can be set with \fIEVP_MAC_CTX_set_params()\fR: +.ie n .IP """key"" (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) " 4 +.el .IP "``key'' (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) " 4 +.IX Item "key (OSSL_MAC_PARAM_KEY) " +.PD 0 +.ie n .IP """flags"" (\fB\s-1OSSL_MAC_PARAM_FLAGS\s0\fR) " 4 +.el .IP "``flags'' (\fB\s-1OSSL_MAC_PARAM_FLAGS\s0\fR) " 4 +.IX Item "flags (OSSL_MAC_PARAM_FLAGS) " +.ie n .IP """digest"" (\fB\s-1OSSL_MAC_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``digest'' (\fB\s-1OSSL_MAC_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "digest (OSSL_MAC_PARAM_DIGEST) " +.ie n .IP """properties"" (\fB\s-1OSSL_MAC_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``properties'' (\fB\s-1OSSL_MAC_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "properties (OSSL_MAC_PARAM_PROPERTIES) " +.PD +.PP +The \*(L"flags\*(R" parameter is passed directly to \fIHMAC_CTX_set_flags()\fR. +.PP +The following parameter can be retrieved with +\&\fIEVP_MAC_CTX_get_params()\fR: +.ie n .IP """size"" (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) " 4 +.el .IP "``size'' (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) " 4 +.IX Item "size (OSSL_MAC_PARAM_SIZE) " +.PP +The \*(L"size\*(R" parameter can also be retrieved with \fIEVP_MAC_size()\fR. +The length of the \*(L"size\*(R" parameter is equal to that of an \fBunsigned int\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_MAC_CTX_get_params\fR\|(3), \fIEVP_MAC_CTX_set_params\fR\|(3), +\&\*(L"\s-1PARAMETERS\s0\*(R" in \s-1\fIEVP_MAC\s0\fR\|(3), \s-1\fIOSSL_PARAM\s0\fR\|(3), \s-1\fIHMAC\s0\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man7/EVP_MAC-KMAC.7 b/linux_amd64/share/man/man7/EVP_MAC-KMAC.7 new file mode 100755 index 0000000..85e0810 --- /dev/null +++ b/linux_amd64/share/man/man7/EVP_MAC-KMAC.7 @@ -0,0 +1,188 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_MAC-KMAC 7" +.TH EVP_MAC-KMAC 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_MAC\-KMAC, EVP_MAC\-KMAC128, EVP_MAC\-KMAC256 +\&\- The KMAC EVP_MAC implementations +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Support for computing \s-1KMAC\s0 MACs through the \fB\s-1EVP_MAC\s0\fR \s-1API\s0. +.SS "Identity" +.IX Subsection "Identity" +These implementations are identified with one of these names and +properties, to be used with \fIEVP_MAC_fetch()\fR: +.ie n .IP """\s-1KMAC\-128\s0"", ""provider=default"" or ""provider=fips""" 4 +.el .IP "``\s-1KMAC\-128\s0'', ``provider=default'' or ``provider=fips''" 4 +.IX Item "KMAC-128, provider=default or provider=fips" +.PD 0 +.ie n .IP """\s-1KMAC\-256\s0"", ""provider=default"" or ""provider=fips""" 4 +.el .IP "``\s-1KMAC\-256\s0'', ``provider=default'' or ``provider=fips''" 4 +.IX Item "KMAC-256, provider=default or provider=fips" +.PD +.SS "Supported parameters" +.IX Subsection "Supported parameters" +The general description of these parameters can be found in +\&\*(L"\s-1PARAMETERS\s0\*(R" in \s-1\fIEVP_MAC\s0\fR\|(3). +.PP +All these parameters can be set with \fIEVP_MAC_CTX_set_params()\fR. +Furthermore, the \*(L"size\*(R" parameter can be retrieved with +\&\fIEVP_MAC_CTX_get_params()\fR, or with \fIEVP_MAC_size()\fR. +The length of the \*(L"size\*(R" parameter should not exceed that of a \fBsize_t\fR. +.ie n .IP """key"" (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) " 4 +.el .IP "``key'' (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) " 4 +.IX Item "key (OSSL_MAC_PARAM_KEY) " +.PD 0 +.ie n .IP """custom"" (\fB\s-1OSSL_MAC_PARAM_CUSTOM\s0\fR) " 4 +.el .IP "``custom'' (\fB\s-1OSSL_MAC_PARAM_CUSTOM\s0\fR) " 4 +.IX Item "custom (OSSL_MAC_PARAM_CUSTOM) " +.ie n .IP """size"" (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) " 4 +.el .IP "``size'' (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) " 4 +.IX Item "size (OSSL_MAC_PARAM_SIZE) " +.ie n .IP """xof"" (\fB\s-1OSSL_MAC_PARAM_XOF\s0\fR) " 4 +.el .IP "``xof'' (\fB\s-1OSSL_MAC_PARAM_XOF\s0\fR) " 4 +.IX Item "xof (OSSL_MAC_PARAM_XOF) " +.PD +.PP +The \*(L"xof\*(R" parameter value is expected to be 1 or 0. Use 1 to enable \s-1XOF\s0 +mode. If \s-1XOF\s0 is enabled then the output length that is encoded as part of +the input stream is set to zero. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_MAC_CTX_get_params\fR\|(3), \fIEVP_MAC_CTX_set_params\fR\|(3), +\&\*(L"\s-1PARAMETERS\s0\*(R" in \s-1\fIEVP_MAC\s0\fR\|(3), \s-1\fIOSSL_PARAM\s0\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man7/EVP_MAC-Poly1305.7 b/linux_amd64/share/man/man7/EVP_MAC-Poly1305.7 new file mode 100755 index 0000000..7b79ede --- /dev/null +++ b/linux_amd64/share/man/man7/EVP_MAC-Poly1305.7 @@ -0,0 +1,173 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_MAC-POLY1305 7" +.TH EVP_MAC-POLY1305 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_MAC\-Poly1305 \- The Poly1305 EVP_MAC implementation +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Support for computing Poly1305 MACs through the \fB\s-1EVP_MAC\s0\fR \s-1API\s0. +.SS "Identity" +.IX Subsection "Identity" +This implementation is identified with this name and properties, to be +used with \fIEVP_MAC_fetch()\fR: +.ie n .IP """\s-1POLY1305\s0"", ""provider=default""" 4 +.el .IP "``\s-1POLY1305\s0'', ``provider=default''" 4 +.IX Item "POLY1305, provider=default" +.SS "Supported parameters" +.IX Subsection "Supported parameters" +The general description of these parameters can be found in +\&\*(L"\s-1PARAMETERS\s0\*(R" in \s-1\fIEVP_MAC\s0\fR\|(3). +.PP +The following parameter can be set with \fIEVP_MAC_CTX_set_params()\fR: +.ie n .IP """key"" (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) " 4 +.el .IP "``key'' (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) " 4 +.IX Item "key (OSSL_MAC_PARAM_KEY) " +.PP +The following parameters can be retrieved with +\&\fIEVP_MAC_CTX_get_params()\fR: +.ie n .IP """size"" (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) " 4 +.el .IP "``size'' (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) " 4 +.IX Item "size (OSSL_MAC_PARAM_SIZE) " +.PP +The \*(L"size\*(R" parameter can also be retrieved with with \fIEVP_MAC_size()\fR. +The length of the \*(L"size\*(R" parameter should not exceed that of an \fBunsigned int\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_MAC_CTX_get_params\fR\|(3), \fIEVP_MAC_CTX_set_params\fR\|(3), +\&\*(L"\s-1PARAMETERS\s0\*(R" in \s-1\fIEVP_MAC\s0\fR\|(3), \s-1\fIOSSL_PARAM\s0\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man7/EVP_MAC-Siphash.7 b/linux_amd64/share/man/man7/EVP_MAC-Siphash.7 new file mode 100755 index 0000000..a86cd45 --- /dev/null +++ b/linux_amd64/share/man/man7/EVP_MAC-Siphash.7 @@ -0,0 +1,172 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_MAC-SIPHASH 7" +.TH EVP_MAC-SIPHASH 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_MAC\-Siphash \- The SipHash EVP_MAC implementation +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Support for computing SipHash MACs through the \fB\s-1EVP_MAC\s0\fR \s-1API\s0. +.SS "Identity" +.IX Subsection "Identity" +This implementation is identified with this name and properties, to be +used with \fIEVP_MAC_fetch()\fR: +.ie n .IP """\s-1SIPHASH\s0"", ""provider=default""" 4 +.el .IP "``\s-1SIPHASH\s0'', ``provider=default''" 4 +.IX Item "SIPHASH, provider=default" +.SS "Supported parameters" +.IX Subsection "Supported parameters" +The general description of these parameters can be found in +\&\*(L"\s-1PARAMETERS\s0\*(R" in \s-1\fIEVP_MAC\s0\fR\|(3). +.PP +All these parameters can be set with \fIEVP_MAC_CTX_set_params()\fR. +Furthermore, the \*(L"size\*(R" parameter can be retrieved with +\&\fIEVP_MAC_CTX_get_params()\fR, or with \fIEVP_MAC_size()\fR. +The length of the \*(L"size\*(R" parameter should not exceed that of a \fBsize_t\fR. +.ie n .IP """key"" (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) " 4 +.el .IP "``key'' (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) " 4 +.IX Item "key (OSSL_MAC_PARAM_KEY) " +.PD 0 +.ie n .IP """size"" (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) " 4 +.el .IP "``size'' (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) " 4 +.IX Item "size (OSSL_MAC_PARAM_SIZE) " +.PD +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_MAC_CTX_get_params\fR\|(3), \fIEVP_MAC_CTX_set_params\fR\|(3), +\&\*(L"\s-1PARAMETERS\s0\*(R" in \s-1\fIEVP_MAC\s0\fR\|(3), \s-1\fIOSSL_PARAM\s0\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man7/Ed25519.7 b/linux_amd64/share/man/man7/Ed25519.7 new file mode 100755 index 0000000..3f13b27 --- /dev/null +++ b/linux_amd64/share/man/man7/Ed25519.7 @@ -0,0 +1,215 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ED25519 7" +.TH ED25519 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +Ed25519, +Ed448 +\&\- EVP_PKEY Ed25519 and Ed448 support +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBEd25519\fR and \fBEd448\fR \s-1EVP_PKEY\s0 implementation supports key generation, +one-shot digest sign and digest verify using PureEdDSA and \fBEd25519\fR or \fBEd448\fR +(see \s-1RFC8032\s0). It has associated private and public key formats compatible with +draft\-ietf\-curdle\-pkix\-04. +.PP +No additional parameters can be set during key generation, one-shot signing or +verification. In particular, because PureEdDSA is used, a digest must \fB\s-1NOT\s0\fR be +specified when signing or verifying. +.SH "NOTES" +.IX Header "NOTES" +The PureEdDSA algorithm does not support the streaming mechanism +of other signature algorithms using, for example, \fIEVP_DigestUpdate()\fR. +The message to sign or verify must be passed using the one-shot +\&\fIEVP_DigestSign()\fR and \fIEVP_DigestVerify()\fR functions. +.PP +When calling \fIEVP_DigestSignInit()\fR or \fIEVP_DigestVerifyInit()\fR, the +digest \fItype\fR parameter \fB\s-1MUST\s0\fR be set to \s-1NULL\s0. +.PP +Applications wishing to sign certificates (or other structures such as +CRLs or certificate requests) using Ed25519 or Ed448 can either use \fIX509_sign()\fR +or \fIX509_sign_ctx()\fR in the usual way. +.PP +A context for the \fBEd25519\fR algorithm can be obtained by calling: +.PP +.Vb 1 +\& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_ED25519, NULL); +.Ve +.PP +For the \fBEd448\fR algorithm a context can be obtained by calling: +.PP +.Vb 1 +\& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_ED448, NULL); +.Ve +.PP +Ed25519 or Ed448 private keys can be set directly using +\&\fIEVP_PKEY_new_raw_private_key\fR\|(3) or loaded from a PKCS#8 private key file +using \fIPEM_read_bio_PrivateKey\fR\|(3) (or similar function). Completely new keys +can also be generated (see the example below). Setting a private key also sets +the associated public key. +.PP +Ed25519 or Ed448 public keys can be set directly using +\&\fIEVP_PKEY_new_raw_public_key\fR\|(3) or loaded from a SubjectPublicKeyInfo +structure in a \s-1PEM\s0 file using \fIPEM_read_bio_PUBKEY\fR\|(3) (or similar function). +.PP +Ed25519 and Ed448 can be tested with the \fIopenssl\-speed\fR\|(1) application +since version 1.1.1. +Valid algorithm names are \fBed25519\fR, \fBed448\fR and \fBeddsa\fR. If \fBeddsa\fR is +specified, then both Ed25519 and Ed448 are benchmarked. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This example generates an \fB\s-1ED25519\s0\fR private key and writes it to standard +output in \s-1PEM\s0 format: +.PP +.Vb 9 +\& #include +\& #include +\& ... +\& EVP_PKEY *pkey = NULL; +\& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_ED25519, NULL); +\& EVP_PKEY_keygen_init(pctx); +\& EVP_PKEY_keygen(pctx, &pkey); +\& EVP_PKEY_CTX_free(pctx); +\& PEM_write_PrivateKey(stdout, pkey, NULL, NULL, 0, NULL, NULL); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_PKEY_CTX_new\fR\|(3), +\&\fIEVP_PKEY_keygen\fR\|(3), +\&\fIEVP_DigestSignInit\fR\|(3), +\&\fIEVP_DigestVerifyInit\fR\|(3), +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man7/OSSL_PROVIDER-FIPS.7 b/linux_amd64/share/man/man7/OSSL_PROVIDER-FIPS.7 new file mode 100755 index 0000000..3b11764 --- /dev/null +++ b/linux_amd64/share/man/man7/OSSL_PROVIDER-FIPS.7 @@ -0,0 +1,403 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_PROVIDER-FIPS 7" +.TH OSSL_PROVIDER-FIPS 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_PROVIDER\-FIPS \- OPENSSL FIPS provider +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1OPENSSL\s0 \s-1FIPS\s0 provider is a special provider that conforms to the Federal +Information Processing Standards (\s-1FIPS\s0) specified in \s-1FIPS\s0 140\-2. This 'module' +contains an approved set of cryptographic algorithms that is validated by an +accredited testing laboratory. +.SH "SELF TESTING" +.IX Header "SELF TESTING" +One of the requirements for the \s-1FIPS\s0 module is self testing. An optional callback +mechanism is available to return information to the user using +\&\fIOSSL_SELF_TEST_set_callback\fR\|(3). +.PP +The \s-1OPENSSL\s0 \s-1FIPS\s0 module uses the following mechanism to provide information +about the self tests as they run. +This is useful for debugging if a self test is failing. +The callback also allows forcing any self test to fail, in order to check that +it operates correctly on failure. +.PP +The 'args' parameter of \fB\s-1OSSL_CALLBACK\s0\fR contains the \fB\s-1OPENSSL_CTX\s0\fR associated +with the provider that is triggering the self test. This may be useful if +multiple fips providers are present. +.PP +The \s-1OSSL_PARAM\s0 names used are: +.ie n .IP """st-phase"" (\fB\s-1OSSL_PROV_PARAM_SELF_TEST_PHASE\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``st-phase'' (\fB\s-1OSSL_PROV_PARAM_SELF_TEST_PHASE\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "st-phase (OSSL_PROV_PARAM_SELF_TEST_PHASE) " +Each self test calls the callback 3 times with the following string values +for the phase. +.RS 4 +.ie n .IP """Start"" (\fB\s-1OSSL_SELF_TEST_PHASE_START\s0\fR)" 4 +.el .IP "``Start'' (\fB\s-1OSSL_SELF_TEST_PHASE_START\s0\fR)" 4 +.IX Item "Start (OSSL_SELF_TEST_PHASE_START)" +This is the initial phase before the self test has run. +This is used for informational purposes only. +The value returned by the callback is ignored. +.ie n .IP """Corrupt"" (\fB\s-1OSSL_SELF_TEST_PHASE_CORRUPT\s0\fR)" 4 +.el .IP "``Corrupt'' (\fB\s-1OSSL_SELF_TEST_PHASE_CORRUPT\s0\fR)" 4 +.IX Item "Corrupt (OSSL_SELF_TEST_PHASE_CORRUPT)" +The corrupt phase is run after the self test has calculated its known value. +The callback may be used to force the self test to fail by returning a value +of 0 from the callback during this phase. +Returning any other value from the callback causes the self test to run normally. +.ie n .IP """Pass"" (\fB\s-1OSSL_SELF_TEST_PHASE_PASS\s0\fR)" 4 +.el .IP "``Pass'' (\fB\s-1OSSL_SELF_TEST_PHASE_PASS\s0\fR)" 4 +.IX Item "Pass (OSSL_SELF_TEST_PHASE_PASS)" +.PD 0 +.ie n .IP """Fail"" (\fB\s-1OSSL_SELF_TEST_PHASE_FAIL\s0\fR)" 4 +.el .IP "``Fail'' (\fB\s-1OSSL_SELF_TEST_PHASE_FAIL\s0\fR)" 4 +.IX Item "Fail (OSSL_SELF_TEST_PHASE_FAIL)" +.PD +The final phase runs after the self test is complete and indicates if a self +test passed or failed. This is used for informational purposes only. +The value returned by the callback is ignored. +\&\*(L"Fail\*(R" should normally only be returned if any self test was forced to fail +during the \*(L"Corrupt\*(R" phase (or if there was an error such as the integrity +check of the module failed). +.Sp +Note that all self tests run even if a self test failure occurs. +.RE +.RS 4 +.RE +.ie n .IP """st-type"" (\fB\s-1OSSL_PROV_PARAM_SELF_TEST_TYPE\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``st-type'' (\fB\s-1OSSL_PROV_PARAM_SELF_TEST_TYPE\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "st-type (OSSL_PROV_PARAM_SELF_TEST_TYPE) " +Used as a category to identify the type of self test being run. +It includes the following string values: +.RS 4 +.ie n .IP """Module_Integrity"" (\fB\s-1OSSL_SELF_TEST_TYPE_MODULE_INTEGRITY\s0\fR)" 4 +.el .IP "``Module_Integrity'' (\fB\s-1OSSL_SELF_TEST_TYPE_MODULE_INTEGRITY\s0\fR)" 4 +.IX Item "Module_Integrity (OSSL_SELF_TEST_TYPE_MODULE_INTEGRITY)" +Uses \s-1HMAC\s0 \s-1SHA256\s0 on the module file to validate that the module has not been +modified. The integrity value is compared to a value written to a configuration +file during installation. +.ie n .IP """Install_Integrity"" (\fB\s-1OSSL_SELF_TEST_TYPE_INSTALL_INTEGRITY\s0\fR)" 4 +.el .IP "``Install_Integrity'' (\fB\s-1OSSL_SELF_TEST_TYPE_INSTALL_INTEGRITY\s0\fR)" 4 +.IX Item "Install_Integrity (OSSL_SELF_TEST_TYPE_INSTALL_INTEGRITY)" +Uses \s-1HMAC\s0 \s-1SHA256\s0 on a fixed string to validate that the installation process +has already been performed and the self test \s-1KATS\s0 have already been tested, +The integrity value is compared to a value written to a configuration +file after successfully running the self tests during installation. +.ie n .IP """KAT_Cipher"" (\fB\s-1OSSL_SELF_TEST_TYPE_KAT_CIPHER\s0\fR)" 4 +.el .IP "``KAT_Cipher'' (\fB\s-1OSSL_SELF_TEST_TYPE_KAT_CIPHER\s0\fR)" 4 +.IX Item "KAT_Cipher (OSSL_SELF_TEST_TYPE_KAT_CIPHER)" +Known answer test for a symmetric cipher. +.ie n .IP """KAT_Digest"" (\fB\s-1OSSL_SELF_TEST_TYPE_KAT_DIGEST\s0\fR)" 4 +.el .IP "``KAT_Digest'' (\fB\s-1OSSL_SELF_TEST_TYPE_KAT_DIGEST\s0\fR)" 4 +.IX Item "KAT_Digest (OSSL_SELF_TEST_TYPE_KAT_DIGEST)" +Known answer test for a digest. +.ie n .IP """KAT_Signature"" (\fB\s-1OSSL_SELF_TEST_TYPE_KAT_SIGNATURE\s0\fR)" 4 +.el .IP "``KAT_Signature'' (\fB\s-1OSSL_SELF_TEST_TYPE_KAT_SIGNATURE\s0\fR)" 4 +.IX Item "KAT_Signature (OSSL_SELF_TEST_TYPE_KAT_SIGNATURE)" +Known answer test for a signature. +.ie n .IP """\s-1KAT_KDF\s0"" (\fB\s-1OSSL_SELF_TEST_TYPE_KAT_KDF\s0\fR)" 4 +.el .IP "``\s-1KAT_KDF\s0'' (\fB\s-1OSSL_SELF_TEST_TYPE_KAT_KDF\s0\fR)" 4 +.IX Item "KAT_KDF (OSSL_SELF_TEST_TYPE_KAT_KDF)" +Known answer test for a key derivation function. +.ie n .IP """\s-1KAT_KA\s0"" (\fB\s-1OSSL_SELF_TEST_TYPE_KAT_KA\s0\fR)" 4 +.el .IP "``\s-1KAT_KA\s0'' (\fB\s-1OSSL_SELF_TEST_TYPE_KAT_KA\s0\fR)" 4 +.IX Item "KAT_KA (OSSL_SELF_TEST_TYPE_KAT_KA)" +Known answer test for key agreement. +.ie n .IP """\s-1DRBG\s0"" (\fB\s-1OSSL_SELF_TEST_TYPE_DRBG\s0\fR)" 4 +.el .IP "``\s-1DRBG\s0'' (\fB\s-1OSSL_SELF_TEST_TYPE_DRBG\s0\fR)" 4 +.IX Item "DRBG (OSSL_SELF_TEST_TYPE_DRBG)" +Known answer test for a Deterministic Random Bit Generator. +.ie n .IP """Pairwise_Consistency_Test"" (\fB\s-1OSSL_SELF_TEST_TYPE_PCT\s0\fR)" 4 +.el .IP "``Pairwise_Consistency_Test'' (\fB\s-1OSSL_SELF_TEST_TYPE_PCT\s0\fR)" 4 +.IX Item "Pairwise_Consistency_Test (OSSL_SELF_TEST_TYPE_PCT)" +Conditional test that is run during the generation of key pairs. +.RE +.RS 4 +.Sp +The \*(L"Module_Integrity\*(R" self test is always run at startup. +The \*(L"Install_Integrity\*(R" self test is used to check if the self tests have +already been run at installation time. If they have already run then the +self tests are not run on subsequent startups. +All other self test categories are run once at installation time, except for the +\&\*(L"Pairwise_Consistency_Test\*(R". +.Sp +There is only one instance of the \*(L"Module_Integrity\*(R" and \*(L"Install_Integrity\*(R" +self tests. All other self tests may have multiple instances. +.RE +.ie n .IP """st-desc"" (\fB\s-1OSSL_PROV_PARAM_SELF_TEST_DESC\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``st-desc'' (\fB\s-1OSSL_PROV_PARAM_SELF_TEST_DESC\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "st-desc (OSSL_PROV_PARAM_SELF_TEST_DESC) " +Used as a sub category to identify an individual self test. +The following description strings are used. +.RS 4 +.ie n .IP """\s-1HMAC\s0"" (\fB\s-1OSSL_SELF_TEST_DESC_INTEGRITY_HMAC\s0\fR)" 4 +.el .IP "``\s-1HMAC\s0'' (\fB\s-1OSSL_SELF_TEST_DESC_INTEGRITY_HMAC\s0\fR)" 4 +.IX Item "HMAC (OSSL_SELF_TEST_DESC_INTEGRITY_HMAC)" +\&\*(L"Module_Integrity\*(R" and \*(L"Install_Integrity\*(R" use this. +.ie n .IP """\s-1RSA\s0"" (\fB\s-1OSSL_SELF_TEST_DESC_PCT_RSA_PKCS1\s0\fR)" 4 +.el .IP "``\s-1RSA\s0'' (\fB\s-1OSSL_SELF_TEST_DESC_PCT_RSA_PKCS1\s0\fR)" 4 +.IX Item "RSA (OSSL_SELF_TEST_DESC_PCT_RSA_PKCS1)" +.PD 0 +.ie n .IP """\s-1ECDSA\s0"" (\fB\s-1OSSL_SELF_TEST_DESC_PCT_ECDSA\s0\fR)" 4 +.el .IP "``\s-1ECDSA\s0'' (\fB\s-1OSSL_SELF_TEST_DESC_PCT_ECDSA\s0\fR)" 4 +.IX Item "ECDSA (OSSL_SELF_TEST_DESC_PCT_ECDSA)" +.ie n .IP """\s-1DSA\s0"" (\fB\s-1OSSL_SELF_TEST_DESC_PCT_DSA\s0\fR)" 4 +.el .IP "``\s-1DSA\s0'' (\fB\s-1OSSL_SELF_TEST_DESC_PCT_DSA\s0\fR)" 4 +.IX Item "DSA (OSSL_SELF_TEST_DESC_PCT_DSA)" +.PD +Key generation tests used with the \*(L"Pairwise_Consistency_Test\*(R" type. +.ie n .IP """\s-1AES_GCM\s0"" (\fB\s-1OSSL_SELF_TEST_DESC_CIPHER_AES_GCM\s0\fR)" 4 +.el .IP "``\s-1AES_GCM\s0'' (\fB\s-1OSSL_SELF_TEST_DESC_CIPHER_AES_GCM\s0\fR)" 4 +.IX Item "AES_GCM (OSSL_SELF_TEST_DESC_CIPHER_AES_GCM)" +.PD 0 +.ie n .IP """\s-1TDES\s0"" (\fB\s-1OSSL_SELF_TEST_DESC_CIPHER_TDES\s0\fR)" 4 +.el .IP "``\s-1TDES\s0'' (\fB\s-1OSSL_SELF_TEST_DESC_CIPHER_TDES\s0\fR)" 4 +.IX Item "TDES (OSSL_SELF_TEST_DESC_CIPHER_TDES)" +.PD +Symmetric cipher tests used with the \*(L"KAT_Cipher\*(R" type. +.ie n .IP """\s-1SHA1\s0"" (\fB\s-1OSSL_SELF_TEST_DESC_MD_SHA1\s0\fR)" 4 +.el .IP "``\s-1SHA1\s0'' (\fB\s-1OSSL_SELF_TEST_DESC_MD_SHA1\s0\fR)" 4 +.IX Item "SHA1 (OSSL_SELF_TEST_DESC_MD_SHA1)" +.PD 0 +.ie n .IP """\s-1SHA2\s0"" (\fB\s-1OSSL_SELF_TEST_DESC_MD_SHA2\s0\fR)" 4 +.el .IP "``\s-1SHA2\s0'' (\fB\s-1OSSL_SELF_TEST_DESC_MD_SHA2\s0\fR)" 4 +.IX Item "SHA2 (OSSL_SELF_TEST_DESC_MD_SHA2)" +.ie n .IP """\s-1SHA3\s0"" (\fB\s-1OSSL_SELF_TEST_DESC_MD_SHA3\s0\fR)" 4 +.el .IP "``\s-1SHA3\s0'' (\fB\s-1OSSL_SELF_TEST_DESC_MD_SHA3\s0\fR)" 4 +.IX Item "SHA3 (OSSL_SELF_TEST_DESC_MD_SHA3)" +.PD +Digest tests used with the \*(L"KAT_Digest\*(R" type. +.ie n .IP """\s-1DSA\s0"" (\fB\s-1OSSL_SELF_TEST_DESC_SIGN_DSA\s0\fR)" 4 +.el .IP "``\s-1DSA\s0'' (\fB\s-1OSSL_SELF_TEST_DESC_SIGN_DSA\s0\fR)" 4 +.IX Item "DSA (OSSL_SELF_TEST_DESC_SIGN_DSA)" +.PD 0 +.ie n .IP """\s-1RSA\s0"" (\fB\s-1OSSL_SELF_TEST_DESC_SIGN_RSA\s0\fR)" 4 +.el .IP "``\s-1RSA\s0'' (\fB\s-1OSSL_SELF_TEST_DESC_SIGN_RSA\s0\fR)" 4 +.IX Item "RSA (OSSL_SELF_TEST_DESC_SIGN_RSA)" +.ie n .IP """\s-1ECDSA\s0"" (\fB\s-1OSSL_SELF_TEST_DESC_SIGN_ECDSA\s0\fR)" 4 +.el .IP "``\s-1ECDSA\s0'' (\fB\s-1OSSL_SELF_TEST_DESC_SIGN_ECDSA\s0\fR)" 4 +.IX Item "ECDSA (OSSL_SELF_TEST_DESC_SIGN_ECDSA)" +.PD +Signature tests used with the \*(L"KAT_Signature\*(R" type. +.ie n .IP """\s-1ECDH\s0"" (\fB\s-1OSSL_SELF_TEST_DESC_KA_ECDH\s0\fR)" 4 +.el .IP "``\s-1ECDH\s0'' (\fB\s-1OSSL_SELF_TEST_DESC_KA_ECDH\s0\fR)" 4 +.IX Item "ECDH (OSSL_SELF_TEST_DESC_KA_ECDH)" +.PD 0 +.ie n .IP """\s-1ECDSA\s0"" (\fB\s-1OSSL_SELF_TEST_DESC_KA_ECDSA\s0\fR)" 4 +.el .IP "``\s-1ECDSA\s0'' (\fB\s-1OSSL_SELF_TEST_DESC_KA_ECDSA\s0\fR)" 4 +.IX Item "ECDSA (OSSL_SELF_TEST_DESC_KA_ECDSA)" +.PD +Key agreement tests used with the \*(L"\s-1KAT_KA\s0\*(R" type. +.ie n .IP """\s-1HKDF\s0"" (\fB\s-1OSSL_SELF_TEST_DESC_KDF_HKDF\s0\fR)" 4 +.el .IP "``\s-1HKDF\s0'' (\fB\s-1OSSL_SELF_TEST_DESC_KDF_HKDF\s0\fR)" 4 +.IX Item "HKDF (OSSL_SELF_TEST_DESC_KDF_HKDF)" +Key Derivation Function tests used with the \*(L"\s-1KAT_KDF\s0\*(R" type. +.ie n .IP """\s-1CTR\s0"" (\fB\s-1OSSL_SELF_TEST_DESC_DRBG_CTR\s0\fR)" 4 +.el .IP "``\s-1CTR\s0'' (\fB\s-1OSSL_SELF_TEST_DESC_DRBG_CTR\s0\fR)" 4 +.IX Item "CTR (OSSL_SELF_TEST_DESC_DRBG_CTR)" +.PD 0 +.ie n .IP """\s-1HASH\s0"" (\fB\s-1OSSL_SELF_TEST_DESC_DRBG_HASH\s0\fR)" 4 +.el .IP "``\s-1HASH\s0'' (\fB\s-1OSSL_SELF_TEST_DESC_DRBG_HASH\s0\fR)" 4 +.IX Item "HASH (OSSL_SELF_TEST_DESC_DRBG_HASH)" +.ie n .IP """\s-1HMAC\s0"" (\fB\s-1OSSL_SELF_TEST_DESC_DRBG_HMAC\s0\fR)" 4 +.el .IP "``\s-1HMAC\s0'' (\fB\s-1OSSL_SELF_TEST_DESC_DRBG_HMAC\s0\fR)" 4 +.IX Item "HMAC (OSSL_SELF_TEST_DESC_DRBG_HMAC)" +.PD +\&\s-1DRBG\s0 tests used with the \*(L"\s-1DRBG\s0\*(R" type. +.RE +.RS 4 +.RE +.SH "EXAMPLES" +.IX Header "EXAMPLES" +A simple self test callback is shown below for illustrative purposes. +.PP +.Vb 1 +\& #include +\& +\& static OSSL_CALLBACK self_test_cb; +\& +\& static int self_test_cb(const OSSL_PARAM params[], void *arg) +\& { +\& int ret = 0; +\& const OSSL_PARAM *p = NULL; +\& const char *phase = NULL, *type = NULL, *desc = NULL; +\& +\& p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_PHASE); +\& if (p == NULL || p\->data_type != OSSL_PARAM_UTF8_STRING) +\& goto err; +\& phase = (const char *)p\->data; +\& +\& p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_DESC); +\& if (p == NULL || p\->data_type != OSSL_PARAM_UTF8_STRING) +\& goto err; +\& desc = (const char *)p\->data; +\& +\& p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_TYPE); +\& if (p == NULL || p\->data_type != OSSL_PARAM_UTF8_STRING) +\& goto err; +\& type = (const char *)p\->data; +\& +\& /* Do some logging */ +\& if (strcmp(phase, OSSL_SELF_TEST_PHASE_START) == 0) +\& BIO_printf(bio_out, "%s : (%s) : ", desc, type); +\& if (strcmp(phase, OSSL_SELF_TEST_PHASE_PASS) == 0 +\& || strcmp(phase, OSSL_SELF_TEST_PHASE_FAIL) == 0) +\& BIO_printf(bio_out, "%s\en", phase); +\& +\& /* Corrupt the SHA1 self test during the \*(Aqcorrupt\*(Aq phase by returning 0 */ +\& if (strcmp(phase, OSSL_SELF_TEST_PHASE_CORRUPT) == 0 +\& && strcmp(desc, OSSL_SELF_TEST_DESC_MD_SHA1) == 0) { +\& BIO_printf(bio_out, "%s %s", phase, desc); +\& return 0; +\& } +\& ret = 1; +\& err: +\& return ret; +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\-fipsinstall\fR\|(1), +\&\fIfips_config\fR\|(5), +\&\fIOSSL_SELF_TEST_set_callback\fR\|(3), +\&\s-1\fIOSSL_PARAM\s0\fR\|(3), +\&\fIopenssl\-core.h\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The type and functions described here were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man7/RAND.7 b/linux_amd64/share/man/man7/RAND.7 new file mode 100755 index 0000000..b29298a --- /dev/null +++ b/linux_amd64/share/man/man7/RAND.7 @@ -0,0 +1,202 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND 7" +.TH RAND 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND +\&\- the OpenSSL random generator +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Random numbers are a vital part of cryptography, they are needed to provide +unpredictability for tasks like key generation, creating salts, and many more. +Software-based generators must be seeded with external randomness before they +can be used as a cryptographically-secure pseudo-random number generator +(\s-1CSPRNG\s0). +The availability of common hardware with special instructions and +modern operating systems, which may use items such as interrupt jitter +and network packet timings, can be reasonable sources of seeding material. +.PP +OpenSSL comes with a default implementation of the \s-1RAND\s0 \s-1API\s0 which is based on +the deterministic random bit generator (\s-1DRBG\s0) model as described in +[\s-1NIST\s0 \s-1SP\s0 800\-90A Rev. 1]. The default random generator will initialize +automatically on first use and will be fully functional without having +to be initialized ('seeded') explicitly. +It seeds and reseeds itself automatically using trusted random sources +provided by the operating system. +.PP +As a normal application developer, you do not have to worry about any details, +just use \fIRAND_bytes\fR\|(3) to obtain random data. +Having said that, there is one important rule to obey: Always check the error +return value of \fIRAND_bytes\fR\|(3) and do not take randomness for granted. +Although (re\-)seeding is automatic, it can fail because no trusted random source +is available or the trusted source(s) temporarily fail to provide sufficient +random seed material. +In this case the \s-1CSPRNG\s0 enters an error state and ceases to provide output, +until it is able to recover from the error by reseeding itself. +For more details on reseeding and error recovery, see \s-1\fIRAND_DRBG\s0\fR\|(7). +.PP +For values that should remain secret, you can use \fIRAND_priv_bytes\fR\|(3) +instead. +This method does not provide 'better' randomness, it uses the same type of \s-1CSPRNG\s0. +The intention behind using a dedicated \s-1CSPRNG\s0 exclusively for private +values is that none of its output should be visible to an attacker (e.g., +used as salt value), in order to reveal as little information as +possible about its internal state, and that a compromise of the \*(L"public\*(R" +\&\s-1CSPRNG\s0 instance will not affect the secrecy of these private values. +.PP +In the rare case where the default implementation does not satisfy your special +requirements, there are two options: +.IP "\(bu" 2 +Replace the default \s-1RAND\s0 method by your own \s-1RAND\s0 method using +\&\fIRAND_set_rand_method\fR\|(3). +.IP "\(bu" 2 +Modify the default settings of the OpenSSL \s-1RAND\s0 method by modifying the security +parameters of the underlying \s-1DRBG\s0, which is described in detail in \s-1\fIRAND_DRBG\s0\fR\|(7). +.PP +Changing the default random generator or its default parameters should be necessary +only in exceptional cases and is not recommended, unless you have a profound knowledge +of cryptographic principles and understand the implications of your changes. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIRAND_add\fR\|(3), +\&\fIRAND_bytes\fR\|(3), +\&\fIRAND_priv_bytes\fR\|(3), +\&\fIRAND_get_rand_method\fR\|(3), +\&\fIRAND_set_rand_method\fR\|(3), +\&\fIRAND_OpenSSL\fR\|(3), +\&\s-1\fIRAND_DRBG\s0\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man7/RAND_DRBG.7 b/linux_amd64/share/man/man7/RAND_DRBG.7 new file mode 100755 index 0000000..74e2276 --- /dev/null +++ b/linux_amd64/share/man/man7/RAND_DRBG.7 @@ -0,0 +1,395 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND_DRBG 7" +.TH RAND_DRBG 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND_DRBG \- the deterministic random bit generator +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The default OpenSSL \s-1RAND\s0 method is based on the \s-1RAND_DRBG\s0 class, +which implements a deterministic random bit generator (\s-1DRBG\s0). +A \s-1DRBG\s0 is a certain type of cryptographically-secure pseudo-random +number generator (\s-1CSPRNG\s0), which is described in +[\s-1NIST\s0 \s-1SP\s0 800\-90A Rev. 1]. +.PP +While the \s-1RAND\s0 \s-1API\s0 is the 'frontend' which is intended to be used by +application developers for obtaining random bytes, the \s-1RAND_DRBG\s0 \s-1API\s0 +serves as the 'backend', connecting the former with the operating +systems's entropy sources and providing access to the \s-1DRBG\s0's +configuration parameters. +.SS "Disclaimer" +.IX Subsection "Disclaimer" +Unless you have very specific requirements for your random generator, +it is in general not necessary to utilize the \s-1RAND_DRBG\s0 \s-1API\s0 directly. +The usual way to obtain random bytes is to use \fIRAND_bytes\fR\|(3) or +\&\fIRAND_priv_bytes\fR\|(3), see also \s-1\fIRAND\s0\fR\|(7). +.SS "Typical Use Cases" +.IX Subsection "Typical Use Cases" +Typical examples for such special use cases are the following: +.IP "\(bu" 2 +You want to use your own private \s-1DRBG\s0 instances. +Multiple \s-1DRBG\s0 instances which are accessed only by a single thread provide +additional security (because their internal states are independent) and +better scalability in multithreaded applications (because they don't need +to be locked). +.IP "\(bu" 2 +You need to integrate a previously unsupported entropy source. +.IP "\(bu" 2 +You need to change the default settings of the standard OpenSSL \s-1RAND\s0 +implementation to meet specific requirements. +.SH "CHAINING" +.IX Header "CHAINING" +A \s-1DRBG\s0 instance can be used as the entropy source of another \s-1DRBG\s0 instance, +provided it has itself access to a valid entropy source. +The \s-1DRBG\s0 instance which acts as entropy source is called the \fIparent\fR \s-1DRBG\s0, +the other instance the \fIchild\fR \s-1DRBG\s0. +.PP +This is called chaining. A chained \s-1DRBG\s0 instance is created by passing +a pointer to the parent \s-1DRBG\s0 as argument to the \fIRAND_DRBG_new()\fR call. +It is possible to create chains of more than two \s-1DRBG\s0 in a row. +.SH "THE THREE SHARED DRBG INSTANCES" +.IX Header "THE THREE SHARED DRBG INSTANCES" +Currently, there are three shared \s-1DRBG\s0 instances, +the , , and \s-1DRBG\s0. +While the \s-1DRBG\s0 is a single global instance, the and +\&\s-1DRBG\s0 are created per thread and accessed through thread-local storage. +.PP +By default, the functions \fIRAND_bytes\fR\|(3) and \fIRAND_priv_bytes\fR\|(3) use +the thread-local and \s-1DRBG\s0 instance, respectively. +.SS "The \s-1DRBG\s0 instance" +.IX Subsection "The DRBG instance" +The \s-1DRBG\s0 is not used directly by the application, only for reseeding +the two other two \s-1DRBG\s0 instances. It reseeds itself by obtaining randomness +either from os entropy sources or by consuming randomness which was added +previously by \fIRAND_add\fR\|(3). +.SS "The \s-1DRBG\s0 instance" +.IX Subsection "The DRBG instance" +This instance is used per default by \fIRAND_bytes\fR\|(3). +.SS "The \s-1DRBG\s0 instance" +.IX Subsection "The DRBG instance" +This instance is used per default by \fIRAND_priv_bytes\fR\|(3) +.SH "LOCKING" +.IX Header "LOCKING" +The \s-1DRBG\s0 is intended to be accessed concurrently for reseeding +by its child \s-1DRBG\s0 instances. The necessary locking is done internally. +It is \fInot\fR thread-safe to access the \s-1DRBG\s0 directly via the +\&\s-1RAND_DRBG\s0 interface. +The and \s-1DRBG\s0 are thread-local, i.e. there is an +instance of each per thread. So they can safely be accessed without +locking via the \s-1RAND_DRBG\s0 interface. +.PP +Pointers to these \s-1DRBG\s0 instances can be obtained using +\&\fIRAND_DRBG_get0_master()\fR, +\&\fIRAND_DRBG_get0_public()\fR, and +\&\fIRAND_DRBG_get0_private()\fR, respectively. +Note that it is not allowed to store a pointer to one of the thread-local +\&\s-1DRBG\s0 instances in a variable or other memory location where it will be +accessed and used by multiple threads. +.PP +All other \s-1DRBG\s0 instances created by an application don't support locking, +because they are intended to be used by a single thread. +Instead of accessing a single \s-1DRBG\s0 instance concurrently from different +threads, it is recommended to instantiate a separate \s-1DRBG\s0 instance per +thread. Using the \s-1DRBG\s0 as entropy source for multiple \s-1DRBG\s0 +instances on different threads is thread-safe, because the \s-1DRBG\s0 instance +will lock the \s-1DRBG\s0 automatically for obtaining random input. +.SH "THE OVERALL PICTURE" +.IX Header "THE OVERALL PICTURE" +The following picture gives an overview over how the \s-1DRBG\s0 instances work +together and are being used. +.PP +.Vb 10 +\& +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+ +\& | os entropy sources | +\& +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+ +\& | +\& v +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+ +\& RAND_add() ==> <\-| shared DRBG (with locking) | +\& / \e +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+ +\& / \e +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+ +\& <\- | per\-thread DRBG instances | +\& | | +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+ +\& v v +\& RAND_bytes() RAND_priv_bytes() +\& | ^ +\& | | +\& +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+ +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+ +\& | general purpose | | used for secrets like session keys | +\& | random generator | | and private keys for certificates | +\& +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+ +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+ +.Ve +.PP +The usual way to obtain random bytes is to call RAND_bytes(...) or +RAND_priv_bytes(...). These calls are roughly equivalent to calling +RAND_DRBG_bytes(, ...) and RAND_DRBG_bytes(, ...), +respectively. The method \fIRAND_DRBG_bytes\fR\|(3) is a convenience method +wrapping the \fIRAND_DRBG_generate\fR\|(3) function, which serves the actual +request for random data. +.SH "RESEEDING" +.IX Header "RESEEDING" +A \s-1DRBG\s0 instance seeds itself automatically, pulling random input from +its entropy source. The entropy source can be either a trusted operating +system entropy source, or another \s-1DRBG\s0 with access to such a source. +.PP +Automatic reseeding occurs after a predefined number of generate requests. +The selection of the trusted entropy sources is configured at build +time using the \-\-with\-rand\-seed option. The following sections explain +the reseeding process in more detail. +.SS "Automatic Reseeding" +.IX Subsection "Automatic Reseeding" +Before satisfying a generate request (\fIRAND_DRBG_generate\fR\|(3)), the \s-1DRBG\s0 +reseeds itself automatically, if one of the following conditions holds: +.PP +\&\- the \s-1DRBG\s0 was not instantiated (=seeded) yet or has been uninstantiated. +.PP +\&\- the number of generate requests since the last reseeding exceeds a +certain threshold, the so called \fIreseed_interval\fR. +This behaviour can be disabled by setting the \fIreseed_interval\fR to 0. +.PP +\&\- the time elapsed since the last reseeding exceeds a certain time +interval, the so called \fIreseed_time_interval\fR. +This can be disabled by setting the \fIreseed_time_interval\fR to 0. +.PP +\&\- the \s-1DRBG\s0 is in an error state. +.PP +\&\fBNote\fR: An error state is entered if the entropy source fails while +the \s-1DRBG\s0 is seeding or reseeding. +The last case ensures that the \s-1DRBG\s0 automatically recovers +from the error as soon as the entropy source is available again. +.SS "Manual Reseeding" +.IX Subsection "Manual Reseeding" +In addition to automatic reseeding, the caller can request an immediate +reseeding of the \s-1DRBG\s0 with fresh entropy by setting the +\&\fIprediction resistance\fR parameter to 1 when calling \fIRAND_DRBG_generate\fR\|(3). +.PP +The document [\s-1NIST\s0 \s-1SP\s0 800\-90C] describes prediction resistance requests +in detail and imposes strict conditions on the entropy sources that are +approved for providing prediction resistance. +A request for prediction resistance can only be satisfied by pulling fresh +entropy from a live entropy source (section 5.5.2 of [\s-1NIST\s0 \s-1SP\s0 800\-90C]). +It is up to the user to ensure that a live entropy source is configured +and is being used. +.PP +For the three shared DRBGs (and only for these) there is another way to +reseed them manually: +If \fIRAND_add\fR\|(3) is called with a positive \fIrandomness\fR argument +(or \fIRAND_seed\fR\|(3)), then this will immediately reseed the \s-1DRBG\s0. +The and \s-1DRBG\s0 will detect this on their next generate +call and reseed, pulling randomness from . +.PP +The last feature has been added to support the common practice used with +previous OpenSSL versions to call \fIRAND_add()\fR before calling \fIRAND_bytes()\fR. +.SS "Entropy Input and Additional Data" +.IX Subsection "Entropy Input and Additional Data" +The \s-1DRBG\s0 distinguishes two different types of random input: \fIentropy\fR, +which comes from a trusted source, and \fIadditional input\fR', +which can optionally be added by the user and is considered untrusted. +It is possible to add \fIadditional input\fR not only during reseeding, +but also for every generate request. +This is in fact done automatically by \fIRAND_DRBG_bytes\fR\|(3). +.SS "Configuring the Random Seed Source" +.IX Subsection "Configuring the Random Seed Source" +In most cases OpenSSL will automatically choose a suitable seed source +for automatically seeding and reseeding its \s-1DRBG\s0. In some cases +however, it will be necessary to explicitly specify a seed source during +configuration, using the \-\-with\-rand\-seed option. For more information, +see the \s-1INSTALL\s0 instructions. There are also operating systems where no +seed source is available and automatic reseeding is disabled by default. +.PP +The following two sections describe the reseeding process of the master +\&\s-1DRBG\s0, depending on whether automatic reseeding is available or not. +.SS "Reseeding the master \s-1DRBG\s0 with automatic seeding enabled" +.IX Subsection "Reseeding the master DRBG with automatic seeding enabled" +Calling \fIRAND_poll()\fR or \fIRAND_add()\fR is not necessary, because the \s-1DRBG\s0 +pulls the necessary entropy from its source automatically. +However, both calls are permitted, and do reseed the \s-1RNG\s0. +.PP +\&\fIRAND_add()\fR can be used to add both kinds of random input, depending on the +value of the \fIrandomness\fR argument: +.IP "randomness == 0:" 4 +.IX Item "randomness == 0:" +The random bytes are mixed as additional input into the current state of +the \s-1DRBG\s0. +Mixing in additional input is not considered a full reseeding, hence the +reseed counter is not reset. +.IP "randomness > 0:" 4 +.IX Item "randomness > 0:" +The random bytes are used as entropy input for a full reseeding +(resp. reinstantiation) if the \s-1DRBG\s0 is instantiated +(resp. uninstantiated or in an error state). +The number of random bits required for reseeding is determined by the +security strength of the \s-1DRBG\s0. Currently it defaults to 256 bits (32 bytes). +It is possible to provide less randomness than required. +In this case the missing randomness will be obtained by pulling random input +from the trusted entropy sources. +.PP +\&\s-1NOTE:\s0 Manual reseeding is *not allowed* in \s-1FIPS\s0 mode, because +[\s-1NIST\s0 SP\-800\-90Ar1] mandates that entropy *shall not* be provided by +the consuming application for instantiation (Section 9.1) or +reseeding (Section 9.2). For that reason, the \fIrandomness\fR +argument is ignored and the random bytes provided by the \fIRAND_add\fR\|(3) and +\&\fIRAND_seed\fR\|(3) calls are treated as additional data. +.SS "Reseeding the master \s-1DRBG\s0 with automatic seeding disabled" +.IX Subsection "Reseeding the master DRBG with automatic seeding disabled" +Calling \fIRAND_poll()\fR will always fail. +.PP +\&\fIRAND_add()\fR needs to be called for initial seeding and periodic reseeding. +At least 48 bytes (384 bits) of randomness have to be provided, otherwise +the (re\-)seeding of the \s-1DRBG\s0 will fail. This corresponds to one and a half +times the security strength of the \s-1DRBG\s0. The extra half is used for the +nonce during instantiation. +.PP +More precisely, the number of bytes needed for seeding depend on the +\&\fIsecurity strength\fR of the \s-1DRBG\s0, which is set to 256 by default. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIRAND_DRBG_bytes\fR\|(3), +\&\fIRAND_DRBG_generate\fR\|(3), +\&\fIRAND_DRBG_reseed\fR\|(3), +\&\fIRAND_DRBG_get0_master\fR\|(3), +\&\fIRAND_DRBG_get0_public\fR\|(3), +\&\fIRAND_DRBG_get0_private\fR\|(3), +\&\fIRAND_DRBG_set_reseed_interval\fR\|(3), +\&\fIRAND_DRBG_set_reseed_time_interval\fR\|(3), +\&\fIRAND_DRBG_set_reseed_defaults\fR\|(3), +\&\s-1\fIRAND\s0\fR\|(7), +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man7/RSA-PSS.7 b/linux_amd64/share/man/man7/RSA-PSS.7 new file mode 100755 index 0000000..5cb64b0 --- /dev/null +++ b/linux_amd64/share/man/man7/RSA-PSS.7 @@ -0,0 +1,180 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA-PSS 7" +.TH RSA-PSS 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA\-PSS \- EVP_PKEY RSA\-PSS algorithm support +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBRSA-PSS\fR \s-1EVP_PKEY\s0 implementation is a restricted version of the \s-1RSA\s0 +algorithm which only supports signing, verification and key generation +using \s-1PSS\s0 padding modes with optional parameter restrictions. +.PP +It has associated private key and public key formats. +.PP +This algorithm shares several control operations with the \fB\s-1RSA\s0\fR algorithm +but with some restrictions described below. +.SS "Signing and Verification" +.IX Subsection "Signing and Verification" +Signing and verification is similar to the \fB\s-1RSA\s0\fR algorithm except the +padding mode is always \s-1PSS\s0. If the key in use has parameter restrictions then +the corresponding signature parameters are set to the restrictions: +for example, if the key can only be used with digest \s-1SHA256\s0, \s-1MGF1\s0 \s-1SHA256\s0 +and minimum salt length 32 then the digest, \s-1MGF1\s0 digest and salt length +will be set to \s-1SHA256\s0, \s-1SHA256\s0 and 32 respectively. +.SS "Key Generation" +.IX Subsection "Key Generation" +By default no parameter restrictions are placed on the generated key. +.SH "NOTES" +.IX Header "NOTES" +The public key format is documented in \s-1RFC4055\s0. +.PP +The PKCS#8 private key format used for RSA-PSS keys is similar to the \s-1RSA\s0 +format except it uses the \fBid-RSASSA-PSS\fR \s-1OID\s0 and the parameters field, if +present, restricts the key parameters in the same way as the public key. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1RFC\s0 4055 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_PKEY_CTX_set_rsa_pss_keygen_md\fR\|(3), +\&\fIEVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md\fR\|(3), +\&\fIEVP_PKEY_CTX_set_rsa_pss_keygen_saltlen\fR\|(3), +\&\fIEVP_PKEY_CTX_new\fR\|(3), +\&\fIEVP_PKEY_CTX_ctrl_str\fR\|(3), +\&\fIEVP_PKEY_derive\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man7/SM2.7 b/linux_amd64/share/man/man7/SM2.7 new file mode 100755 index 0000000..8616e2b --- /dev/null +++ b/linux_amd64/share/man/man7/SM2.7 @@ -0,0 +1,199 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SM2 7" +.TH SM2 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SM2 \- Chinese SM2 signature and encryption algorithm support +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1SM2\s0\fR algorithm was first defined by the Chinese national standard \s-1GM/T\s0 +0003\-2012 and was later standardized by \s-1ISO\s0 as \s-1ISO/IEC\s0 14888. \fB\s-1SM2\s0\fR is actually +an elliptic curve based algorithm. The current implementation in OpenSSL supports +both signature and encryption schemes via the \s-1EVP\s0 interface. +.PP +When doing the \fB\s-1SM2\s0\fR signature algorithm, it requires a distinguishing identifier +to form the message prefix which is hashed before the real message is hashed. +.SH "NOTES" +.IX Header "NOTES" +\&\fB\s-1SM2\s0\fR signatures can be generated by using the 'DigestSign' series of APIs, for +instance, \fIEVP_DigestSignInit()\fR, \fIEVP_DigestSignUpdate()\fR and \fIEVP_DigestSignFinal()\fR. +Ditto for the verification process by calling the 'DigestVerify' series of APIs. +.PP +Before computing an \fB\s-1SM2\s0\fR signature, an \fB\s-1EVP_PKEY_CTX\s0\fR needs to be created, +and an \fB\s-1SM2\s0\fR \s-1ID\s0 must be set for it, like this: +.PP +.Vb 1 +\& EVP_PKEY_CTX_set1_id(pctx, id, id_len); +.Ve +.PP +Before calling the \fIEVP_DigestSignInit()\fR or \fIEVP_DigestVerifyInit()\fR functions, +that \fB\s-1EVP_PKEY_CTX\s0\fR should be assigned to the \fB\s-1EVP_MD_CTX\s0\fR, like this: +.PP +.Vb 1 +\& EVP_MD_CTX_set_pkey_ctx(mctx, pctx); +.Ve +.PP +There is normally no need to pass a \fBpctx\fR parameter to \fIEVP_DigestSignInit()\fR +or \fIEVP_DigestVerifyInit()\fR in such a scenario. +.PP +\&\s-1SM2\s0 can be tested with the \fIopenssl\-speed\fR\|(1) application since version 3.0.0. +Currently, the only valid algorithm name is \fBsm2\fR. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This example demonstrates the calling sequence for using an \fB\s-1EVP_PKEY\s0\fR to verify +a message with the \s-1SM2\s0 signature algorithm and the \s-1SM3\s0 hash algorithm: +.PP +.Vb 1 +\& #include +\& +\& /* obtain an EVP_PKEY using whatever methods... */ +\& mctx = EVP_MD_CTX_new(); +\& pctx = EVP_PKEY_CTX_new(pkey, NULL); +\& EVP_PKEY_CTX_set1_id(pctx, id, id_len); +\& EVP_MD_CTX_set_pkey_ctx(mctx, pctx); +\& EVP_DigestVerifyInit(mctx, NULL, EVP_sm3(), NULL, pkey); +\& EVP_DigestVerifyUpdate(mctx, msg, msg_len); +\& EVP_DigestVerifyFinal(mctx, sig, sig_len) +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_PKEY_CTX_new\fR\|(3), +\&\fIEVP_DigestSignInit\fR\|(3), +\&\fIEVP_DigestVerifyInit\fR\|(3), +\&\fIEVP_PKEY_CTX_set1_id\fR\|(3), +\&\fIEVP_MD_CTX_set_pkey_ctx\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man7/X25519.7 b/linux_amd64/share/man/man7/X25519.7 new file mode 100755 index 0000000..b3e7f95 --- /dev/null +++ b/linux_amd64/share/man/man7/X25519.7 @@ -0,0 +1,201 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X25519 7" +.TH X25519 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X25519, +X448 +\&\- EVP_PKEY X25519 and X448 support +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBX25519\fR and \fBX448\fR \s-1EVP_PKEY\s0 implementation supports key generation and +key derivation using \fBX25519\fR and \fBX448\fR. It has associated private and public +key formats compatible with draft\-ietf\-curdle\-pkix\-03. +.PP +No additional parameters can be set during key generation. +.PP +The peer public key must be set using \fIEVP_PKEY_derive_set_peer()\fR when +performing key derivation. +.SH "NOTES" +.IX Header "NOTES" +A context for the \fBX25519\fR algorithm can be obtained by calling: +.PP +.Vb 1 +\& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_X25519, NULL); +.Ve +.PP +For the \fBX448\fR algorithm a context can be obtained by calling: +.PP +.Vb 1 +\& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_X448, NULL); +.Ve +.PP +X25519 or X448 private keys can be set directly using +\&\fIEVP_PKEY_new_raw_private_key\fR\|(3) or loaded from a PKCS#8 private key file +using \fIPEM_read_bio_PrivateKey\fR\|(3) (or similar function). Completely new keys +can also be generated (see the example below). Setting a private key also sets +the associated public key. +.PP +X25519 or X448 public keys can be set directly using +\&\fIEVP_PKEY_new_raw_public_key\fR\|(3) or loaded from a SubjectPublicKeyInfo +structure in a \s-1PEM\s0 file using \fIPEM_read_bio_PUBKEY\fR\|(3) (or similar function). +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This example generates an \fBX25519\fR private key and writes it to standard +output in \s-1PEM\s0 format: +.PP +.Vb 9 +\& #include +\& #include +\& ... +\& EVP_PKEY *pkey = NULL; +\& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_X25519, NULL); +\& EVP_PKEY_keygen_init(pctx); +\& EVP_PKEY_keygen(pctx, &pkey); +\& EVP_PKEY_CTX_free(pctx); +\& PEM_write_PrivateKey(stdout, pkey, NULL, NULL, 0, NULL, NULL); +.Ve +.PP +The key derivation example in \fIEVP_PKEY_derive\fR\|(3) can be used with +\&\fBX25519\fR and \fBX448\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_PKEY_CTX_new\fR\|(3), +\&\fIEVP_PKEY_keygen\fR\|(3), +\&\fIEVP_PKEY_derive\fR\|(3), +\&\fIEVP_PKEY_derive_set_peer\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man7/bio.7 b/linux_amd64/share/man/man7/bio.7 new file mode 100755 index 0000000..97b1d7a --- /dev/null +++ b/linux_amd64/share/man/man7/bio.7 @@ -0,0 +1,208 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO 7" +.TH BIO 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +bio \- Basic I/O abstraction +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A \s-1BIO\s0 is an I/O abstraction, it hides many of the underlying I/O +details from an application. If an application uses a \s-1BIO\s0 for its +I/O it can transparently handle \s-1SSL\s0 connections, unencrypted network +connections and file I/O. +.PP +There are two type of \s-1BIO\s0, a source/sink \s-1BIO\s0 and a filter \s-1BIO\s0. +.PP +As its name implies a source/sink \s-1BIO\s0 is a source and/or sink of data, +examples include a socket \s-1BIO\s0 and a file \s-1BIO\s0. +.PP +A filter \s-1BIO\s0 takes data from one \s-1BIO\s0 and passes it through to +another, or the application. The data may be left unmodified (for +example a message digest \s-1BIO\s0) or translated (for example an +encryption \s-1BIO\s0). The effect of a filter \s-1BIO\s0 may change according +to the I/O operation it is performing: for example an encryption +\&\s-1BIO\s0 will encrypt data if it is being written to and decrypt data +if it is being read from. +.PP +BIOs can be joined together to form a chain (a single \s-1BIO\s0 is a chain +with one component). A chain normally consist of one source/sink +\&\s-1BIO\s0 and one or more filter BIOs. Data read from or written to the +first \s-1BIO\s0 then traverses the chain to the end (normally a source/sink +\&\s-1BIO\s0). +.PP +Some BIOs (such as memory BIOs) can be used immediately after calling +\&\fIBIO_new()\fR. Others (such as file BIOs) need some additional initialization, +and frequently a utility function exists to create and initialize such BIOs. +.PP +If \fIBIO_free()\fR is called on a \s-1BIO\s0 chain it will only free one \s-1BIO\s0 resulting +in a memory leak. +.PP +Calling \fIBIO_free_all()\fR on a single \s-1BIO\s0 has the same effect as calling +\&\fIBIO_free()\fR on it other than the discarded return value. +.PP +Normally the \fItype\fR argument is supplied by a function which returns a +pointer to a \s-1BIO_METHOD\s0. There is a naming convention for such functions: +a source/sink \s-1BIO\s0 typically starts with \fIBIO_s_\fR and +a filter \s-1BIO\s0 with \fIBIO_f_\fR. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Create a memory \s-1BIO:\s0 +.PP +.Vb 1 +\& BIO *mem = BIO_new(BIO_s_mem()); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIBIO_ctrl\fR\|(3), +\&\fIBIO_f_base64\fR\|(3), \fIBIO_f_buffer\fR\|(3), +\&\fIBIO_f_cipher\fR\|(3), \fIBIO_f_md\fR\|(3), +\&\fIBIO_f_null\fR\|(3), \fIBIO_f_ssl\fR\|(3), +\&\fIBIO_find_type\fR\|(3), \fIBIO_new\fR\|(3), +\&\fIBIO_new_bio_pair\fR\|(3), +\&\fIBIO_push\fR\|(3), \fIBIO_read_ex\fR\|(3), +\&\fIBIO_s_accept\fR\|(3), \fIBIO_s_bio\fR\|(3), +\&\fIBIO_s_connect\fR\|(3), \fIBIO_s_fd\fR\|(3), +\&\fIBIO_s_file\fR\|(3), \fIBIO_s_mem\fR\|(3), +\&\fIBIO_s_null\fR\|(3), \fIBIO_s_socket\fR\|(3), +\&\fIBIO_set_callback\fR\|(3), +\&\fIBIO_should_retry\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man7/crypto.7 b/linux_amd64/share/man/man7/crypto.7 new file mode 100755 index 0000000..047e8ae --- /dev/null +++ b/linux_amd64/share/man/man7/crypto.7 @@ -0,0 +1,182 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CRYPTO 7" +.TH CRYPTO 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +crypto \- OpenSSL cryptographic library +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +See the individual manual pages for details. +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The OpenSSL crypto library (\f(CW\*(C`libcrypto\*(C'\fR) implements a wide range of +cryptographic algorithms used in various Internet standards. The services +provided by this library are used by the OpenSSL implementations of \s-1SSL\s0, \s-1TLS\s0 +and S/MIME, and they have also been used to implement \s-1SSH\s0, OpenPGP, and +other cryptographic standards. +.PP +\&\f(CW\*(C`libcrypto\*(C'\fR consists of a number of sub-libraries that implement the +individual algorithms. +.PP +The functionality includes symmetric encryption, public key +cryptography and key agreement, certificate handling, cryptographic +hash functions, cryptographic pseudo-random number generator, and +various utilities. +.SH "NOTES" +.IX Header "NOTES" +Some of the newer functions follow a naming convention using the numbers +\&\fB0\fR and \fB1\fR. For example the functions: +.PP +.Vb 2 +\& int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev); +\& int X509_add1_trust_object(X509 *x, const ASN1_OBJECT *obj); +.Ve +.PP +The \fB0\fR version uses the supplied structure pointer directly +in the parent and it will be freed up when the parent is freed. +In the above example \fIcrl\fR would be freed but \fIrev\fR would not. +.PP +The \fB1\fR function uses a copy of the supplied structure pointer +(or in some cases increases its link count) in the parent and +so both (\fIx\fR and \fIobj\fR above) should be freed up. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +See the individual manual pages for details. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), \fIssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man7/ct.7 b/linux_amd64/share/man/man7/ct.7 new file mode 100755 index 0000000..10c8755 --- /dev/null +++ b/linux_amd64/share/man/man7/ct.7 @@ -0,0 +1,176 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CT 7" +.TH CT 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ct \- Certificate Transparency +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This library implements Certificate Transparency (\s-1CT\s0) verification for \s-1TLS\s0 +clients, as defined in \s-1RFC\s0 6962. This verification can provide some confidence +that a certificate has been publicly logged in a set of \s-1CT\s0 logs. +.PP +By default, these checks are disabled. They can be enabled using +\&\fISSL_CTX_enable_ct\fR\|(3) or \fISSL_enable_ct\fR\|(3). +.PP +This library can also be used to parse and examine \s-1CT\s0 data structures, such as +Signed Certificate Timestamps (SCTs), or to read a list of \s-1CT\s0 logs. There are +functions for: +\&\- decoding and encoding SCTs in \s-1DER\s0 and \s-1TLS\s0 wire format. +\&\- printing SCTs. +\&\- verifying the authenticity of SCTs. +\&\- loading a \s-1CT\s0 log list from a \s-1CONF\s0 file. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fId2i_SCT_LIST\fR\|(3), +\&\fICTLOG_STORE_new\fR\|(3), +\&\fICTLOG_STORE_get0_log_by_id\fR\|(3), +\&\fISCT_new\fR\|(3), +\&\fISCT_print\fR\|(3), +\&\fISCT_validate\fR\|(3), +\&\fISCT_validate\fR\|(3), +\&\fICT_POLICY_EVAL_CTX_new\fR\|(3), +\&\fISSL_CTX_set_ct_validation_callback\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The ct library was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man7/des_modes.7 b/linux_amd64/share/man/man7/des_modes.7 new file mode 100755 index 0000000..53b9598 --- /dev/null +++ b/linux_amd64/share/man/man7/des_modes.7 @@ -0,0 +1,286 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DES_MODES 7" +.TH DES_MODES 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +des_modes \- the variants of DES and other crypto algorithms of OpenSSL +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Several crypto algorithms for OpenSSL can be used in a number of modes. Those +are used for using block ciphers in a way similar to stream ciphers, among +other things. +.SH "OVERVIEW" +.IX Header "OVERVIEW" +.SS "Electronic Codebook Mode (\s-1ECB\s0)" +.IX Subsection "Electronic Codebook Mode (ECB)" +Normally, this is found as the function \fIalgorithm\fR\fI_ecb_encrypt()\fR. +.IP "\(bu" 2 +64 bits are enciphered at a time. +.IP "\(bu" 2 +The order of the blocks can be rearranged without detection. +.IP "\(bu" 2 +The same plaintext block always produces the same ciphertext block +(for the same key) making it vulnerable to a 'dictionary attack'. +.IP "\(bu" 2 +An error will only affect one ciphertext block. +.SS "Cipher Block Chaining Mode (\s-1CBC\s0)" +.IX Subsection "Cipher Block Chaining Mode (CBC)" +Normally, this is found as the function \fIalgorithm\fR\fI_cbc_encrypt()\fR. +Be aware that \fIdes_cbc_encrypt()\fR is not really \s-1DES\s0 \s-1CBC\s0 (it does +not update the \s-1IV\s0); use \fIdes_ncbc_encrypt()\fR instead. +.IP "\(bu" 2 +a multiple of 64 bits are enciphered at a time. +.IP "\(bu" 2 +The \s-1CBC\s0 mode produces the same ciphertext whenever the same +plaintext is encrypted using the same key and starting variable. +.IP "\(bu" 2 +The chaining operation makes the ciphertext blocks dependent on the +current and all preceding plaintext blocks and therefore blocks can not +be rearranged. +.IP "\(bu" 2 +The use of different starting variables prevents the same plaintext +enciphering to the same ciphertext. +.IP "\(bu" 2 +An error will affect the current and the following ciphertext blocks. +.SS "Cipher Feedback Mode (\s-1CFB\s0)" +.IX Subsection "Cipher Feedback Mode (CFB)" +Normally, this is found as the function \fIalgorithm\fR\fI_cfb_encrypt()\fR. +.IP "\(bu" 2 +a number of bits (j) <= 64 are enciphered at a time. +.IP "\(bu" 2 +The \s-1CFB\s0 mode produces the same ciphertext whenever the same +plaintext is encrypted using the same key and starting variable. +.IP "\(bu" 2 +The chaining operation makes the ciphertext variables dependent on the +current and all preceding variables and therefore j\-bit variables are +chained together and can not be rearranged. +.IP "\(bu" 2 +The use of different starting variables prevents the same plaintext +enciphering to the same ciphertext. +.IP "\(bu" 2 +The strength of the \s-1CFB\s0 mode depends on the size of k (maximal if +j == k). In my implementation this is always the case. +.IP "\(bu" 2 +Selection of a small value for j will require more cycles through +the encipherment algorithm per unit of plaintext and thus cause +greater processing overheads. +.IP "\(bu" 2 +Only multiples of j bits can be enciphered. +.IP "\(bu" 2 +An error will affect the current and the following ciphertext variables. +.SS "Output Feedback Mode (\s-1OFB\s0)" +.IX Subsection "Output Feedback Mode (OFB)" +Normally, this is found as the function \fIalgorithm\fR\fI_ofb_encrypt()\fR. +.IP "\(bu" 2 +a number of bits (j) <= 64 are enciphered at a time. +.IP "\(bu" 2 +The \s-1OFB\s0 mode produces the same ciphertext whenever the same +plaintext enciphered using the same key and starting variable. More +over, in the \s-1OFB\s0 mode the same key stream is produced when the same +key and start variable are used. Consequently, for security reasons +a specific start variable should be used only once for a given key. +.IP "\(bu" 2 +The absence of chaining makes the \s-1OFB\s0 more vulnerable to specific attacks. +.IP "\(bu" 2 +The use of different start variables values prevents the same +plaintext enciphering to the same ciphertext, by producing different +key streams. +.IP "\(bu" 2 +Selection of a small value for j will require more cycles through +the encipherment algorithm per unit of plaintext and thus cause +greater processing overheads. +.IP "\(bu" 2 +Only multiples of j bits can be enciphered. +.IP "\(bu" 2 +\&\s-1OFB\s0 mode of operation does not extend ciphertext errors in the +resultant plaintext output. Every bit error in the ciphertext causes +only one bit to be in error in the deciphered plaintext. +.IP "\(bu" 2 +\&\s-1OFB\s0 mode is not self-synchronizing. If the two operation of +encipherment and decipherment get out of synchronism, the system needs +to be re-initialized. +.IP "\(bu" 2 +Each re-initialization should use a value of the start variable +different from the start variable values used before with the same +key. The reason for this is that an identical bit stream would be +produced each time from the same parameters. This would be +susceptible to a 'known plaintext' attack. +.SS "Triple \s-1ECB\s0 Mode" +.IX Subsection "Triple ECB Mode" +Normally, this is found as the function \fIalgorithm\fR\fI_ecb3_encrypt()\fR. +.IP "\(bu" 2 +Encrypt with key1, decrypt with key2 and encrypt with key3 again. +.IP "\(bu" 2 +As for \s-1ECB\s0 encryption but increases the key length to 168 bits. +There are theoretic attacks that can be used that make the effective +key length 112 bits, but this attack also requires 2^56 blocks of +memory, not very likely, even for the \s-1NSA\s0. +.IP "\(bu" 2 +If both keys are the same it is equivalent to encrypting once with +just one key. +.IP "\(bu" 2 +If the first and last key are the same, the key length is 112 bits. +There are attacks that could reduce the effective key strength +to only slightly more than 56 bits, but these require a lot of memory. +.IP "\(bu" 2 +If all 3 keys are the same, this is effectively the same as normal +ecb mode. +.SS "Triple \s-1CBC\s0 Mode" +.IX Subsection "Triple CBC Mode" +Normally, this is found as the function \fIalgorithm\fR\fI_ede3_cbc_encrypt()\fR. +.IP "\(bu" 2 +Encrypt with key1, decrypt with key2 and then encrypt with key3. +.IP "\(bu" 2 +As for \s-1CBC\s0 encryption but increases the key length to 168 bits with +the same restrictions as for triple ecb mode. +.SH "NOTES" +.IX Header "NOTES" +This text was been written in large parts by Eric Young in his original +documentation for SSLeay, the predecessor of OpenSSL. In turn, he attributed +it to: +.PP +.Vb 5 +\& AS 2805.5.2 +\& Australian Standard +\& Electronic funds transfer \- Requirements for interfaces, +\& Part 5.2: Modes of operation for an n\-bit block cipher algorithm +\& Appendix A +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIBF_encrypt\fR\|(3), \fIDES_crypt\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man7/evp.7 b/linux_amd64/share/man/man7/evp.7 new file mode 100755 index 0000000..633b1e3 --- /dev/null +++ b/linux_amd64/share/man/man7/evp.7 @@ -0,0 +1,227 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP 7" +.TH EVP 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +evp \- high\-level cryptographic functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP\s0 library provides a high-level interface to cryptographic +functions. +.PP +The \fBEVP_Seal\fR\fI\s-1XXX\s0\fR and \fBEVP_Open\fR\fI\s-1XXX\s0\fR +functions provide public key encryption and decryption to implement digital \*(L"envelopes\*(R". +.PP +The \fBEVP_DigestSign\fR\fI\s-1XXX\s0\fR and +\&\fBEVP_DigestVerify\fR\fI\s-1XXX\s0\fR functions implement +digital signatures and Message Authentication Codes (MACs). Also see the older +\&\fBEVP_Sign\fR\fI\s-1XXX\s0\fR and \fBEVP_Verify\fR\fI\s-1XXX\s0\fR +functions. +.PP +Symmetric encryption is available with the \fBEVP_Encrypt\fR\fI\s-1XXX\s0\fR +functions. The \fBEVP_Digest\fR\fI\s-1XXX\s0\fR functions provide message digests. +.PP +The \fB\s-1EVP_PKEY\s0\fR\fI\s-1XXX\s0\fR functions provide a high level interface to +asymmetric algorithms. To create a new \s-1EVP_PKEY\s0 see +\&\fIEVP_PKEY_new\fR\|(3). EVP_PKEYs can be associated +with a private key of a particular algorithm by using the functions +described on the \fIEVP_PKEY_set1_RSA\fR\|(3) page, or +new keys can be generated using \fIEVP_PKEY_keygen\fR\|(3). +EVP_PKEYs can be compared using \fIEVP_PKEY_cmp\fR\|(3), or printed using +\&\fIEVP_PKEY_print_private\fR\|(3). +.PP +The \s-1EVP_PKEY\s0 functions support the full range of asymmetric algorithm operations: +.IP "For key agreement see \fIEVP_PKEY_derive\fR\|(3)" 4 +.IX Item "For key agreement see EVP_PKEY_derive" +.PD 0 +.IP "For signing and verifying see \fIEVP_PKEY_sign\fR\|(3), \fIEVP_PKEY_verify\fR\|(3) and \fIEVP_PKEY_verify_recover\fR\|(3). However, note that these functions do not perform a digest of the data to be signed. Therefore normally you would use the \fIEVP_DigestSignInit\fR\|(3) functions for this purpose." 4 +.IX Item "For signing and verifying see EVP_PKEY_sign, EVP_PKEY_verify and EVP_PKEY_verify_recover. However, note that these functions do not perform a digest of the data to be signed. Therefore normally you would use the EVP_DigestSignInit functions for this purpose." +.ie n .IP "For encryption and decryption see \fIEVP_PKEY_encrypt\fR\|(3) and \fIEVP_PKEY_decrypt\fR\|(3) respectively. However, note that these functions perform encryption and decryption only. As public key encryption is an expensive operation, normally you would wrap an encrypted message in a ""digital envelope"" using the \fIEVP_SealInit\fR\|(3) and \fIEVP_OpenInit\fR\|(3) functions." 4 +.el .IP "For encryption and decryption see \fIEVP_PKEY_encrypt\fR\|(3) and \fIEVP_PKEY_decrypt\fR\|(3) respectively. However, note that these functions perform encryption and decryption only. As public key encryption is an expensive operation, normally you would wrap an encrypted message in a ``digital envelope'' using the \fIEVP_SealInit\fR\|(3) and \fIEVP_OpenInit\fR\|(3) functions." 4 +.IX Item "For encryption and decryption see EVP_PKEY_encrypt and EVP_PKEY_decrypt respectively. However, note that these functions perform encryption and decryption only. As public key encryption is an expensive operation, normally you would wrap an encrypted message in a digital envelope using the EVP_SealInit and EVP_OpenInit functions." +.PD +.PP +The \fIEVP_BytesToKey\fR\|(3) function provides some limited support for password +based encryption. Careful selection of the parameters will provide a PKCS#5 \s-1PBKDF1\s0 compatible +implementation. However, new applications should not typically use this (preferring, for example, +\&\s-1PBKDF2\s0 from PCKS#5). +.PP +The \fBEVP_Encode\fR\fI\s-1XXX\s0\fR and +\&\fBEVP_Decode\fR\fI\s-1XXX\s0\fR functions implement base 64 encoding +and decoding. +.PP +All the symmetric algorithms (ciphers), digests and asymmetric algorithms +(public key algorithms) can be replaced by \s-1ENGINE\s0 modules providing alternative +implementations. If \s-1ENGINE\s0 implementations of ciphers or digests are registered +as defaults, then the various \s-1EVP\s0 functions will automatically use those +implementations automatically in preference to built in software +implementations. For more information, consult the \fIengine\fR\|(3) man page. +.PP +Although low level algorithm specific functions exist for many algorithms +their use is discouraged. They cannot be used with an \s-1ENGINE\s0 and \s-1ENGINE\s0 +versions of new algorithms cannot be accessed using the low level functions. +Also makes code harder to adapt to new algorithms and some options are not +cleanly supported at the low level and some operations are more efficient +using the high level interface. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_DigestInit\fR\|(3), +\&\fIEVP_EncryptInit\fR\|(3), +\&\fIEVP_OpenInit\fR\|(3), +\&\fIEVP_SealInit\fR\|(3), +\&\fIEVP_DigestSignInit\fR\|(3), +\&\fIEVP_SignInit\fR\|(3), +\&\fIEVP_VerifyInit\fR\|(3), +\&\fIEVP_EncodeInit\fR\|(3), +\&\fIEVP_PKEY_new\fR\|(3), +\&\fIEVP_PKEY_set1_RSA\fR\|(3), +\&\fIEVP_PKEY_keygen\fR\|(3), +\&\fIEVP_PKEY_print_private\fR\|(3), +\&\fIEVP_PKEY_decrypt\fR\|(3), +\&\fIEVP_PKEY_encrypt\fR\|(3), +\&\fIEVP_PKEY_sign\fR\|(3), +\&\fIEVP_PKEY_verify\fR\|(3), +\&\fIEVP_PKEY_verify_recover\fR\|(3), +\&\fIEVP_PKEY_derive\fR\|(3), +\&\fIEVP_BytesToKey\fR\|(3), +\&\fIENGINE_by_id\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man7/openssl-core.h.7 b/linux_amd64/share/man/man7/openssl-core.h.7 new file mode 100755 index 0000000..6e9a71f --- /dev/null +++ b/linux_amd64/share/man/man7/openssl-core.h.7 @@ -0,0 +1,246 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-CORE.H 7" +.TH OPENSSL-CORE.H 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl/core.h \- OpenSSL Core types +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fI\fR header defines a number of public types that +are used to communicate between the OpenSSL libraries and +implementation providers. +These types are designed to minimise the need for intimate knowledge +of internal structures between the OpenSSL libraries and the providers. +.PP +The types are: +.IP "\fB\s-1OSSL_DISPATCH\s0\fR" 4 +.IX Item "OSSL_DISPATCH" +This type is a tuple of function identity and function pointer. +Arrays of this type are passed between the OpenSSL libraries and the +providers to describe what functionality one side provides to the +other. +Arrays of this type must be terminated with a tuple having function +identity zero and function pointer \s-1NULL\s0. +.Sp +The available function identities and corresponding function +signatures are defined in \fIopenssl\-core_numbers.h\fR\|(7). +.Sp +Any function identity not recognised by the recipient of this type +will be ignored. +This ensures that providers built with one OpenSSL version in mind +will work together with any other OpenSSL version that supports this +mechanism. +.IP "\fB\s-1OSSL_ITEM\s0\fR" 4 +.IX Item "OSSL_ITEM" +This type is a tuple of integer and pointer. +It's a generic type used as a generic descriptor, its exact meaning +being defined by how it's used. +Arrays of this type are passed between the OpenSSL libraries and the +providers, and must be terminated with a tuple where the integer is +zero and the pointer \s-1NULL\s0. +.IP "\fB\s-1OSSL_ALGORITHM\s0\fR" 4 +.IX Item "OSSL_ALGORITHM" +This type is a tuple of an algorithm name (string), a property +definition (string) and a dispatch table (array of \fB\s-1OSSL_DISPATCH\s0\fR). +Arrays of this type are passed on demand from the providers to the +OpenSSL libraries to describe what algorithms the providers provide +implementations of, and with what properties. +Arrays of this type must be terminated with a tuple having function +identity zero and function pointer \s-1NULL\s0. +.Sp +The algorithm names and property definitions are defined by the +providers. +.IP "\fB\s-1OSSL_PARAM\s0\fR" 4 +.IX Item "OSSL_PARAM" +This type is a structure that allows passing arbitrary object data +between two parties that have no or very little shared knowledge about +their respective internal structures for that object. +It's normally passed in arrays, where the array is terminated with an +element where all fields are zero (for non-pointers) or \s-1NULL\s0 (for +pointers). +.Sp +These arrays can be used to set parameters for some object, to request +parameters, and to describe parameters. +.Sp +\&\fB\s-1OSSL_PARAM\s0\fR is further described in \s-1\fIOSSL_PARAM\s0\fR\|(3) +.IP "\fB\s-1OSSL_CALLBACK\s0\fR" 4 +.IX Item "OSSL_CALLBACK" +This is a function type for a generic feedback callback function: +.Sp +.Vb 1 +\& typedef int (OSSL_CALLBACK)(const OSSL_PARAM params[], void *arg); +.Ve +.Sp +A function that takes a pointer of this type should also take a +pointer to caller data. When calling this callback, the function is +expected to build an \fB\s-1OSSL_PARAM\s0\fR array of data it wants or is +expected to pass back, and pass that as \fIparams\fR, as well as +the caller data pointer it received, as \fIarg\fR. +.IP "\fB\s-1OSSL_PASSPHRASE_CALLBACK\s0\fR" 4 +.IX Item "OSSL_PASSPHRASE_CALLBACK" +This is a function type for a generic pass phrase callback function: +.Sp +.Vb 4 +\& typedef int (OSSL_PASSPHRASE_CALLBACK)(char *pass, size_t pass_size, +\& size_t *pass_len, +\& const OSSL_PARAM params[], +\& void *arg); +.Ve +.Sp +This callback can be used to prompt the user for a passphrase. When +calling it, a buffer to store the pass phrase needs to be given with +\&\fIpass\fR, and its size with \fIpass_size\fR. The length of the prompted +pass phrase will be given back in \fI*pass_len\fR. +.Sp +Additional parameters can be passed with the \fB\s-1OSSL_PARAM\s0\fR array +\&\fIparams\fR. +.Sp +A function that takes a pointer of this type should also take a +pointer to caller data, which should be passed as \fIarg\fR to this +callback. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\-core_numbers.h\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The types described here were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man7/openssl-env.7 b/linux_amd64/share/man/man7/openssl-env.7 new file mode 100755 index 0000000..efb4cae --- /dev/null +++ b/linux_amd64/share/man/man7/openssl-env.7 @@ -0,0 +1,191 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-ENV 7" +.TH OPENSSL-ENV 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-env \- OpenSSL environment variables +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The OpenSSL libraries use environment variables to override the +compiled-in default paths for various data. +To avoid security risks, the environment is usually not consulted when +the executable is set-user-ID or set-group-ID. +.IP "\fB\s-1CTLOG_FILE\s0\fR" 4 +.IX Item "CTLOG_FILE" +Specifies the path to a certificate transparency log list. +See \fICTLOG_STORE_new\fR\|(3). +.IP "\fB\s-1OPENSSL\s0\fR" 4 +.IX Item "OPENSSL" +Specifies the path to the \fBopenssl\fR executable. Only used by +the \fBrehash\fR script. +See \*(L"Script Configuration\*(R" in \fIopenssl\-rehash\fR\|(1). +.IP "\fB\s-1OPENSSL_CONF\s0\fR" 4 +.IX Item "OPENSSL_CONF" +Specifies the path to a configuration file. +See \fIopenssl\fR\|(1) and \fIconfig\fR\|(5). +.IP "\fB\s-1OPENSSL_ENGINES\s0\fR" 4 +.IX Item "OPENSSL_ENGINES" +Specifies the directory from which dynamic engines are loaded. +See \fIopenssl\-engine\fR\|(1). +.IP "\fB\s-1OPENSSL_MALLOC_FD\s0\fR, \fB\s-1OPENSSL_MALLOC_FAILURES\s0\fR" 4 +.IX Item "OPENSSL_MALLOC_FD, OPENSSL_MALLOC_FAILURES" +If built with debugging, this allows memory allocation to fail. +See \fIOPENSSL_malloc\fR\|(3). +.IP "\fB\s-1OPENSSL_MODULES\s0\fR" 4 +.IX Item "OPENSSL_MODULES" +Specifies the directory from which cryptographic providers are loaded. +See \fIopenssl\-provider\fR\|(1). +.IP "\fB\s-1OPENSSL_WIN32_UTF8\s0\fR" 4 +.IX Item "OPENSSL_WIN32_UTF8" +If set, then \fIUI_OpenSSL\fR\|(3) returns \s-1UTF\-8\s0 encoded strings, rather than +ones encoded in the current code page, and +the \fIopenssl\fR\|(1) program also transcodes the command-line parameters +from the current code page to \s-1UTF\-8\s0. +This environment variable is only checked on Microsoft Windows platforms. +.IP "\fB\s-1RANDFILE\s0\fR" 4 +.IX Item "RANDFILE" +The state file for the random number generator. +This should not be needed in normal use. +See \fIRAND_load_file\fR\|(3). +.IP "\fB\s-1SSL_CERT_DIR\s0\fR, \fB\s-1SSL_CERT_FILE\s0\fR" 4 +.IX Item "SSL_CERT_DIR, SSL_CERT_FILE" +Specify the default directory or file containing \s-1CA\s0 certificates. +See \fISSL_CTX_load_verify_locations\fR\|(3). +.IP "\fB\s-1TSGET\s0\fR" 4 +.IX Item "TSGET" +Additional arguments for the \fItsget\fR\|(1) command. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man7/openssl_user_macros.7 b/linux_amd64/share/man/man7/openssl_user_macros.7 new file mode 100755 index 0000000..068358c --- /dev/null +++ b/linux_amd64/share/man/man7/openssl_user_macros.7 @@ -0,0 +1,221 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_USER_MACROS 7" +.TH OPENSSL_USER_MACROS 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl_user_macros, OPENSSL_API_COMPAT \- User defined macros +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +User defined macros allow the programmer to control certain aspects of +what is exposed by the OpenSSL headers. +.PP +\&\fB\s-1NOTE:\s0\fR to be effective, a user defined macro \fImust be defined +before including any header file that depends on it\fR, either in the +compilation command (\f(CW\*(C`cc \-DMACRO=value\*(C'\fR) or by defining the macro in +source before including any headers. +.PP +Other manual pages may refer to this page when declarations depend on +user defined macros. +.SS "The macros" +.IX Subsection "The macros" +.IP "\fB\s-1OPENSSL_API_COMPAT\s0\fR" 4 +.IX Item "OPENSSL_API_COMPAT" +The value is a version number, given in one of the following two forms: +.RS 4 +.ie n .IP """0xMNNFF000L""" 4 +.el .IP "\f(CW0xMNNFF000L\fR" 4 +.IX Item "0xMNNFF000L" +This is the form supported for all versions up to 1.1.x, where \f(CW\*(C`M\*(C'\fR +represents the major number, \f(CW\*(C`NN\*(C'\fR represents the minor number, and +\&\f(CW\*(C`FF\*(C'\fR represents the fix number, as a hexadecimal number. For version +1.1.0, that's \f(CW\*(C`0x10100000L\*(C'\fR. +.Sp +Any version number may be given, but these numbers are +the current known major deprecation points, making them the most +meaningful: +.RS 4 +.ie n .IP """0x00908000L"" (version 0.9.8)" 4 +.el .IP "\f(CW0x00908000L\fR (version 0.9.8)" 4 +.IX Item "0x00908000L (version 0.9.8)" +.PD 0 +.ie n .IP """0x10000000L"" (version 1.0.0)" 4 +.el .IP "\f(CW0x10000000L\fR (version 1.0.0)" 4 +.IX Item "0x10000000L (version 1.0.0)" +.ie n .IP """0x10100000L"" (version 1.1.0)" 4 +.el .IP "\f(CW0x10100000L\fR (version 1.1.0)" 4 +.IX Item "0x10100000L (version 1.1.0)" +.RE +.RS 4 +.PD +.Sp +For convenience, higher numbers are accepted as well, as long as +feasible. For example, \f(CW\*(C`0x60000000L\*(C'\fR will work as expected. +However, it is recommended to start using the second form instead: +.RE +.ie n .IP """mmnnpp""" 4 +.el .IP "\f(CWmmnnpp\fR" 4 +.IX Item "mmnnpp" +This form is a simple decimal number calculated with this formula: +.Sp +\&\fImajor\fR * 10000 + \fIminor\fR * 100 + \fIpatch\fR +.Sp +where \fImajor\fR, \fIminor\fR and \fIpatch\fR are the desired major, +minor and patch components of the version number. For example: +.RS 4 +.IP "30000 corresponds to version 3.0.0" 4 +.IX Item "30000 corresponds to version 3.0.0" +.PD 0 +.IP "10002 corresponds to version 1.0.2" 4 +.IX Item "10002 corresponds to version 1.0.2" +.IP "420101 corresponds to version 42.1.1" 4 +.IX Item "420101 corresponds to version 42.1.1" +.RE +.RS 4 +.RE +.RE +.RS 4 +.PD +.Sp +If not set, this macro will default to +\&\f(CW30000\fR. +.RE +.IP "\fB\s-1OPENSSL_NO_DEPRECATED\s0\fR" 4 +.IX Item "OPENSSL_NO_DEPRECATED" +If this macro is defined, all deprecated public symbols in all OpenSSL +versions up to and including the version given by \fB\s-1OPENSSL_API_COMPAT\s0\fR +will be hidden. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man7/ossl_store-file.7 b/linux_amd64/share/man/man7/ossl_store-file.7 new file mode 100755 index 0000000..0aa17e8 --- /dev/null +++ b/linux_amd64/share/man/man7/ossl_store-file.7 @@ -0,0 +1,182 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_STORE-FILE 7" +.TH OSSL_STORE-FILE 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ossl_store\-file \- The store 'file' scheme loader +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +#include +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Support for the 'file' scheme is built into \f(CW\*(C`libcrypto\*(C'\fR. +Since files come in all kinds of formats and content types, the 'file' +scheme has its own layer of functionality called \*(L"file handlers\*(R", +which are used to try to decode diverse types of file contents. +.PP +In case a file is formatted as \s-1PEM\s0, each called file handler receives +the \s-1PEM\s0 name (everything following any '\f(CW\*(C`\-\-\-\-\-BEGIN \*(C'\fR') as well as +possible \s-1PEM\s0 headers, together with the decoded \s-1PEM\s0 body. Since \s-1PEM\s0 +formatted files can contain more than one object, the file handlers +are called upon for each such object. +.PP +If the file isn't determined to be formatted as \s-1PEM\s0, the content is +loaded in raw form in its entirety and passed to the available file +handlers as is, with no \s-1PEM\s0 name or headers. +.PP +Each file handler is expected to handle \s-1PEM\s0 and non-PEM content as +appropriate. Some may refuse non-PEM content for the sake of +determinism (for example, there are keys out in the wild that are +represented as an \s-1ASN\s0.1 \s-1OCTET\s0 \s-1STRING\s0. In raw form, it's not easily +possible to distinguish those from any other data coming as an \s-1ASN\s0.1 +\&\s-1OCTET\s0 \s-1STRING\s0, so such keys would naturally be accepted as \s-1PEM\s0 files +only). +.SH "NOTES" +.IX Header "NOTES" +When needed, the 'file' scheme loader will require a pass phrase by +using the \fB\s-1UI_METHOD\s0\fR that was passed via \fIOSSL_STORE_open()\fR. +This pass phrase is expected to be \s-1UTF\-8\s0 encoded, anything else will +give an undefined result. +The files made accessible through this loader are expected to be +standard compliant with regards to pass phrase encoding. +Files that aren't should be re-generated with a correctly encoded pass +phrase. +See \fIpassphrase\-encoding\fR\|(7) for more information. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIossl_store\fR\|(7), \fIpassphrase\-encoding\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man7/ossl_store.7 b/linux_amd64/share/man/man7/ossl_store.7 new file mode 100755 index 0000000..6b5ff4d --- /dev/null +++ b/linux_amd64/share/man/man7/ossl_store.7 @@ -0,0 +1,206 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_STORE 7" +.TH OSSL_STORE 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ossl_store \- Store retrieval functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +#include +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +.SS "General" +.IX Subsection "General" +A \s-1STORE\s0 is a layer of functionality to retrieve a number of supported +objects from a repository of any kind, addressable as a filename or +as a \s-1URI\s0. +.PP +The functionality supports the pattern \*(L"open a channel to the +repository\*(R", \*(L"loop and retrieve one object at a time\*(R", and \*(L"finish up +by closing the channel\*(R". +.PP +The retrieved objects are returned as a wrapper type \fB\s-1OSSL_STORE_INFO\s0\fR, +from which an OpenSSL type can be retrieved. +.SS "\s-1URI\s0 schemes and loaders" +.IX Subsection "URI schemes and loaders" +Support for a \s-1URI\s0 scheme is called a \s-1STORE\s0 \*(L"loader\*(R", and can be added +dynamically from the calling application or from a loadable engine. +.PP +Support for the 'file' scheme is built into \f(CW\*(C`libcrypto\*(C'\fR. +See \fIossl_store\-file\fR\|(7) for more information. +.SS "\s-1UI_METHOD\s0 and pass phrases" +.IX Subsection "UI_METHOD and pass phrases" +The \fB\s-1OSS_STORE\s0\fR \s-1API\s0 does nothing to enforce any specific format or +encoding on the pass phrase that the \fB\s-1UI_METHOD\s0\fR provides. However, +the pass phrase is expected to be \s-1UTF\-8\s0 encoded. The result of any +other encoding is undefined. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +.SS "A generic call" +.IX Subsection "A generic call" +.Vb 1 +\& OSSL_STORE_CTX *ctx = OSSL_STORE_open("file:/foo/bar/data.pem"); +\& +\& /* +\& * OSSL_STORE_eof() simulates file semantics for any repository to signal +\& * that no more data can be expected +\& */ +\& while (!OSSL_STORE_eof(ctx)) { +\& OSSL_STORE_INFO *info = OSSL_STORE_load(ctx); +\& +\& /* +\& * Do whatever is necessary with the OSSL_STORE_INFO, +\& * here just one example +\& */ +\& switch (OSSL_STORE_INFO_get_type(info)) { +\& case OSSL_STORE_INFO_X509: +\& /* Print the X.509 certificate text */ +\& X509_print_fp(stdout, OSSL_STORE_INFO_get0_CERT(info)); +\& /* Print the X.509 certificate PEM output */ +\& PEM_write_X509(stdout, OSSL_STORE_INFO_get0_CERT(info)); +\& break; +\& } +\& } +\& +\& OSSL_STORE_close(ctx); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fIOSSL_STORE_INFO\s0\fR\|(3), \s-1\fIOSSL_STORE_LOADER\s0\fR\|(3), +\&\fIOSSL_STORE_open\fR\|(3), \fIOSSL_STORE_expect\fR\|(3), +\&\s-1\fIOSSL_STORE_SEARCH\s0\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man7/passphrase-encoding.7 b/linux_amd64/share/man/man7/passphrase-encoding.7 new file mode 100755 index 0000000..83049d9 --- /dev/null +++ b/linux_amd64/share/man/man7/passphrase-encoding.7 @@ -0,0 +1,279 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PASSPHRASE-ENCODING 7" +.TH PASSPHRASE-ENCODING 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +passphrase\-encoding +\&\- How diverse parts of OpenSSL treat pass phrases character encoding +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +In a modern world with all sorts of character encodings, the treatment of pass +phrases has become increasingly complex. +This manual page attempts to give an overview over how this problem is +currently addressed in different parts of the OpenSSL library. +.SS "The general case" +.IX Subsection "The general case" +The OpenSSL library doesn't treat pass phrases in any special way as a general +rule, and trusts the application or user to choose a suitable character set +and stick to that throughout the lifetime of affected objects. +This means that for an object that was encrypted using a pass phrase encoded in +\&\s-1ISO\-8859\-1\s0, that object needs to be decrypted using a pass phrase encoded in +\&\s-1ISO\-8859\-1\s0. +Using the wrong encoding is expected to cause a decryption failure. +.SS "PKCS#12" +.IX Subsection "PKCS#12" +PKCS#12 is a bit different regarding pass phrase encoding. +The standard stipulates that the pass phrase shall be encoded as an \s-1ASN\s0.1 +BMPString, which consists of the code points of the basic multilingual plane, +encoded in big endian (\s-1UCS\-2\s0 \s-1BE\s0). +.PP +OpenSSL tries to adapt to this requirements in one of the following manners: +.IP "1." 4 +Treats the received pass phrase as \s-1UTF\-8\s0 encoded and tries to re-encode it to +\&\s-1UTF\-16\s0 (which is the same as \s-1UCS\-2\s0 for characters U+0000 to U+D7FF and U+E000 +to U+FFFF, but becomes an expansion for any other character), or failing that, +proceeds with step 2. +.IP "2." 4 +Assumes that the pass phrase is encoded in \s-1ASCII\s0 or \s-1ISO\-8859\-1\s0 and +opportunistically prepends each byte with a zero byte to obtain the \s-1UCS\-2\s0 +encoding of the characters, which it stores as a BMPString. +.Sp +Note that since there is no check of your locale, this may produce \s-1UCS\-2\s0 / +\&\s-1UTF\-16\s0 characters that do not correspond to the original pass phrase characters +for other character sets, such as any \s-1ISO\-8859\-X\s0 encoding other than +\&\s-1ISO\-8859\-1\s0 (or for Windows, \s-1CP\s0 1252 with exception for the extra \*(L"graphical\*(R" +characters in the 0x80\-0x9F range). +.PP +OpenSSL versions older than 1.1.0 do variant 2 only, and that is the reason why +OpenSSL still does this, to be able to read files produced with older versions. +.PP +It should be noted that this approach isn't entirely fault free. +.PP +A pass phrase encoded in \s-1ISO\-8859\-2\s0 could very well have a sequence such as +0xC3 0xAF (which is the two characters \*(L"\s-1LATIN\s0 \s-1CAPITAL\s0 \s-1LETTER\s0 A \s-1WITH\s0 \s-1BREVE\s0\*(R" +and \*(L"\s-1LATIN\s0 \s-1CAPITAL\s0 \s-1LETTER\s0 Z \s-1WITH\s0 \s-1DOT\s0 \s-1ABOVE\s0\*(R" in \s-1ISO\-8859\-2\s0 encoding), but would +be misinterpreted as the perfectly valid \s-1UTF\-8\s0 encoded code point U+00EF (\s-1LATIN\s0 +\&\s-1SMALL\s0 \s-1LETTER\s0 I \s-1WITH\s0 \s-1DIAERESIS\s0) \fIif the pass phrase doesn't contain anything that +would be invalid \s-1UTF\-8\s0\fR. +A pass phrase that contains this kind of byte sequence will give a different +outcome in OpenSSL 1.1.0 and newer than in OpenSSL older than 1.1.0. +.PP +.Vb 2 +\& 0x00 0xC3 0x00 0xAF # OpenSSL older than 1.1.0 +\& 0x00 0xEF # OpenSSL 1.1.0 and newer +.Ve +.PP +On the same accord, anything encoded in \s-1UTF\-8\s0 that was given to OpenSSL older +than 1.1.0 was misinterpreted as \s-1ISO\-8859\-1\s0 sequences. +.SS "\s-1OSSL_STORE\s0" +.IX Subsection "OSSL_STORE" +\&\fIossl_store\fR\|(7) acts as a general interface to access all kinds of objects, +potentially protected with a pass phrase, a \s-1PIN\s0 or something else. +This \s-1API\s0 stipulates that pass phrases should be \s-1UTF\-8\s0 encoded, and that any +other pass phrase encoding may give undefined results. +This \s-1API\s0 relies on the application to ensure \s-1UTF\-8\s0 encoding, and doesn't check +that this is the case, so what it gets, it will also pass to the underlying +loader. +.SH "RECOMMENDATIONS" +.IX Header "RECOMMENDATIONS" +This section assumes that you know what pass phrase was used for encryption, +but that it may have been encoded in a different character encoding than the +one used by your current input method. +For example, the pass phrase may have been used at a time when your default +encoding was \s-1ISO\-8859\-1\s0 (i.e. \*(L"nai\*:ve\*(R" resulting in the byte sequence 0x6E 0x61 +0xEF 0x76 0x65), and you're now in an environment where your default encoding +is \s-1UTF\-8\s0 (i.e. \*(L"nai\*:ve\*(R" resulting in the byte sequence 0x6E 0x61 0xC3 0xAF 0x76 +0x65). +Whenever it's mentioned that you should use a certain character encoding, it +should be understood that you either change the input method to use the +mentioned encoding when you type in your pass phrase, or use some suitable tool +to convert your pass phrase from your default encoding to the target encoding. +.PP +Also note that the sub-sections below discuss human readable pass phrases. +This is particularly relevant for PKCS#12 objects, where human readable pass +phrases are assumed. +For other objects, it's as legitimate to use any byte sequence (such as a +sequence of bytes from `/dev/urandom` that's been saved away), which makes any +character encoding discussion irrelevant; in such cases, simply use the same +byte sequence as it is. +.SS "Creating new objects" +.IX Subsection "Creating new objects" +For creating new pass phrase protected objects, make sure the pass phrase is +encoded using \s-1UTF\-8\s0. +This is default on most modern Unixes, but may involve an effort on other +platforms. +Specifically for Windows, setting the environment variable +\&\fB\s-1OPENSSL_WIN32_UTF8\s0\fR will have anything entered on [Windows] console prompt +converted to \s-1UTF\-8\s0 (command line and separately prompted pass phrases alike). +.SS "Opening existing objects" +.IX Subsection "Opening existing objects" +For opening pass phrase protected objects where you know what character +encoding was used for the encryption pass phrase, make sure to use the same +encoding again. +.PP +For opening pass phrase protected objects where the character encoding that was +used is unknown, or where the producing application is unknown, try one of the +following: +.IP "1." 4 +Try the pass phrase that you have as it is in the character encoding of your +environment. +It's possible that its byte sequence is exactly right. +.IP "2." 4 +Convert the pass phrase to \s-1UTF\-8\s0 and try with the result. +Specifically with PKCS#12, this should open up any object that was created +according to the specification. +.IP "3." 4 +Do a nai\*:ve (i.e. purely mathematical) \s-1ISO\-8859\-1\s0 to \s-1UTF\-8\s0 conversion and try +with the result. +This differs from the previous attempt because \s-1ISO\-8859\-1\s0 maps directly to +U+0000 to U+00FF, which other non\-UTF\-8 character sets do not. +.Sp +This also takes care of the case when a \s-1UTF\-8\s0 encoded string was used with +OpenSSL older than 1.1.0. +(for example, \f(CW\*(C`i\*:\*(C'\fR, which is 0xC3 0xAF when encoded in \s-1UTF\-8\s0, would become 0xC3 +0x83 0xC2 0xAF when re-encoded in the nai\*:ve manner. +The conversion to BMPString would then yield 0x00 0xC3 0x00 0xA4 0x00 0x00, the +erroneous/non\-compliant encoding used by OpenSSL older than 1.1.0) +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIevp\fR\|(7), +\&\fIossl_store\fR\|(7), +\&\fIEVP_BytesToKey\fR\|(3), \fIEVP_DecryptInit\fR\|(3), +\&\fIPEM_do_header\fR\|(3), +\&\fIPKCS12_parse\fR\|(3), \fIPKCS12_newpass\fR\|(3), +\&\fId2i_PKCS8PrivateKey_bio\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man7/property.7 b/linux_amd64/share/man/man7/property.7 new file mode 100755 index 0000000..51923a3 --- /dev/null +++ b/linux_amd64/share/man/man7/property.7 @@ -0,0 +1,275 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PROPERTY 7" +.TH PROPERTY 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +property \- Properties, a selection mechanism for algorithm implementations +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +As of OpenSSL 3.0, a new method has been introduced to decide which of +multiple implementations of an algorithm will be used. +The method is centered around the concept of properties. +Each implementation defines a number of properties and when an algorithm +is being selected, filters based on these properties can be used to +choose the most appropriate implementation of the algorithm. +.PP +Properties are like variables, they are referenced by name and have a value +assigned. +.SS "Property Names" +.IX Subsection "Property Names" +Property names fall into two categories: those reserved by the OpenSSL +project and user defined names. +A \fIreserved\fR property name consists of a single C\-style identifier +(except for leading underscores not being permitted), which begins +with a letter and can be followed by any number of letters, numbers +and underscores. +Property names are case-insensitive, but OpenSSL will only use lowercase +letters. +.PP +A \fIuser defined\fR property name is similar, but it \fBmust\fR consist of +two or more C\-style identifiers, separated by periods. +The last identifier in the name can be considered the 'true' property +name, which is prefixed by some sort of 'namespace'. +Providers for example could include their name in the prefix and use +property names like +.PP +.Vb 2 +\& . +\& .. +.Ve +.SS "Properties" +.IX Subsection "Properties" +A \fIproperty\fR is a \fIname=value\fR pair. +A \fIproperty definition\fR is a sequence of comma separated properties. +There can be any number of properties in a definition. +For example: "\*(L" defines a null property definition; \*(R"my.foo=bar" +defines a property named \fImy.foo\fR which has a string value \fIbar\fR and +\&\*(L"iteration.count=3\*(R" defines a property named \fIiteration.count\fR which +has a numeric value of \fI3\fR. +The full syntax for property definitions appears below. +.SS "Implementations" +.IX Subsection "Implementations" +Each implementation of an algorithm can define any number of +properties. +For example, the default provider defines the property \fIprovider=default\fR +for all of its algorithms. +Likewise, OpenSSL's \s-1FIPS\s0 provider defines \fIprovider=fips\fR and the legacy +provider defines \fIprovider=legacy\fR for all of their algorithms. +.SS "Queries" +.IX Subsection "Queries" +A \fIproperty query clause\fR is a single conditional test. +For example, \*(L"fips=yes\*(R", \*(L"provider!=default\*(R" or \*(L"?iteration.count!=3\*(R". +The first two represent mandatory clauses, such clauses \fBmust\fR match +for any algorithm to even be under consideration. +The third clause represents an optional clause. +Matching such clauses is not a requirement, but any additional optional +match counts in favor of the algorithm. +More details about that in the \fBLookups\fR section. +A \fIproperty query\fR is a sequence of comma separated property query clauses. +The full syntax for property queries appears below, but the available syntactic +features are: +.IP "\(bu" 4 +\&\fB=\fR is an infix operator providing an equality test. +.IP "\(bu" 4 +\&\fB!=\fR is an infix operator providing an inequality test. +.IP "\(bu" 4 +\&\fB?\fR is a prefix operator that means that the following clause is optional +but preferred. +.IP "\(bu" 4 +\&\fB\-\fR is a prefix operator that means any global query clause involving the +following property name should be ignored. +.IP "\(bu" 4 +\&\fB\*(L"...\*(R"\fR is a quoted string. +The quotes are not included in the body of the string. +.IP "\(bu" 4 +\&\fB'...'\fR is a quoted string. +The quotes are not included in the body of the string. +.SS "Lookups" +.IX Subsection "Lookups" +When an algorithm is looked up, a property query is used to determine +the best matching algorithm. +All mandatory query clauses \fBmust\fR be present and the implementation +that additionally has the largest number of matching optional query +clauses will be used. +If there is more than one such optimal candidate, the result will be +chosen from amongst those in an indeterminate way. +Ordering of optional clauses is not significant. +.SS "Shortcut" +.IX Subsection "Shortcut" +In order to permit a more concise expression of boolean properties, there +is one short cut: a property name alone (e.g. \*(L"my.property\*(R") is +exactly equivalent to \*(L"my.property=yes\*(R" in both definitions and queries. +.SS "Global and Local" +.IX Subsection "Global and Local" +Two levels of property query are supported. +A context based property query that applies to all fetch operations and a local +property query. +Where both the context and local queries include a clause with the same name, +the local clause overrides the context clause. +.PP +It is possible for a local property query to remove a clause in the context +property query by preceding the property name with a '\-'. +For example, a context property query that contains \*(L"fips=yes\*(R" would normally +result in implementations that have \*(L"fips=yes\*(R". +.PP +However, if the setting of the \*(L"fips\*(R" property is irrelevant to the +operations being performed, the local property query can include the +clause \*(L"\-fips\*(R". +Note that the local property query could not use \*(L"fips=no\*(R" because that would +disallow any implementations with \*(L"fips=yes\*(R" rather than not caring about the +setting. +.SH "SYNTAX" +.IX Header "SYNTAX" +The lexical syntax in \s-1EBNF\s0 is given by: +.PP +.Vb 11 +\& Definition ::= PropertyName ( \*(Aq=\*(Aq Value )? +\& ( \*(Aq,\*(Aq PropertyName ( \*(Aq=\*(Aq Value )? )* +\& Query ::= PropertyQuery ( \*(Aq,\*(Aq PropertyQuery )* +\& PropertyQuery ::= \*(Aq\-\*(Aq PropertyName +\& | \*(Aq?\*(Aq? ( PropertyName (( \*(Aq=\*(Aq | \*(Aq!=\*(Aq ) Value)?) +\& Value ::= NumberLiteral | StringLiteral +\& StringLiteral ::= QuotedString | UnquotedString +\& QuotedString ::= \*(Aq"\*(Aq [^"]* \*(Aq"\*(Aq | "\*(Aq" [^\*(Aq]* "\*(Aq" +\& UnquotedString ::= [^{space},]+ +\& NumberLiteral ::= \*(Aq0\*(Aq ( [0\-7]* | \*(Aqx\*(Aq [0\-9A\-Fa\-f]+ ) | \*(Aq\-\*(Aq? [1\-9] [0\-9]+ +\& PropertyName ::= [A\-Z] [A\-Z0\-9_]* ( \*(Aq.\*(Aq [A\-Z] [A\-Z0\-9_]* )* +.Ve +.SH "HISTORY" +.IX Header "HISTORY" +Properties were added in OpenSSL 3.0 +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man7/provider-asym_cipher.7 b/linux_amd64/share/man/man7/provider-asym_cipher.7 new file mode 100755 index 0000000..9a872be --- /dev/null +++ b/linux_amd64/share/man/man7/provider-asym_cipher.7 @@ -0,0 +1,375 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PROVIDER-ASYM_CIPHER 7" +.TH PROVIDER-ASYM_CIPHER 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +provider\-asym_cipher \- The asym_cipher library <\-> provider functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& #include +\& #include +\& +\& /* +\& * None of these are actual functions, but are displayed like this for +\& * the function signatures for functions that are offered as function +\& * pointers in OSSL_DISPATCH arrays. +\& */ +\& +\& /* Context management */ +\& void *OP_asym_cipher_newctx(void *provctx); +\& void OP_asym_cipher_freectx(void *ctx); +\& void *OP_asym_cipher_dupctx(void *ctx); +\& +\& /* Encryption */ +\& int OP_asym_cipher_encrypt_init(void *ctx, void *provkey); +\& int OP_asym_cipher_encrypt(void *ctx, unsigned char *out, size_t *outlen, +\& size_t outsize, const unsigned char *in, +\& size_t inlen); +\& +\& /* Decryption */ +\& int OP_asym_cipher_decrypt_init(void *ctx, void *provkey); +\& int OP_asym_cipher_decrypt(void *ctx, unsigned char *out, size_t *outlen, +\& size_t outsize, const unsigned char *in, +\& size_t inlen); +\& +\& /* Asymmetric Cipher parameters */ +\& int OP_asym_cipher_get_ctx_params(void *ctx, OSSL_PARAM params[]); +\& const OSSL_PARAM *OP_asym_cipher_gettable_ctx_params(void); +\& int OP_asym_cipher_set_ctx_params(void *ctx, const OSSL_PARAM params[]); +\& const OSSL_PARAM *OP_asym_cipher_settable_ctx_params(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This documentation is primarily aimed at provider authors. See \fIprovider\fR\|(7) +for further information. +.PP +The asymmetric cipher (\s-1OSSL_OP_ASYM_CIPHER\s0) operation enables providers to +implement asymmetric cipher algorithms and make them available to applications +via the \s-1API\s0 functions \fIEVP_PKEY_encrypt\fR\|(3), +\&\fIEVP_PKEY_decrypt\fR\|(3) and +other related functions). +.PP +All \*(L"functions\*(R" mentioned here are passed as function pointers between +\&\fIlibcrypto\fR and the provider in \fB\s-1OSSL_DISPATCH\s0\fR arrays via +\&\fB\s-1OSSL_ALGORITHM\s0\fR arrays that are returned by the provider's +\&\fIprovider_query_operation()\fR function +(see \*(L"Provider Functions\*(R" in \fIprovider\-base\fR\|(7)). +.PP +All these \*(L"functions\*(R" have a corresponding function type definition +named \fBOSSL_{name}_fn\fR, and a helper function to retrieve the +function pointer from an \fB\s-1OSSL_DISPATCH\s0\fR element named +\&\fBOSSL_get_{name}\fR. +For example, the \*(L"function\*(R" \fIOP_asym_cipher_newctx()\fR has these: +.PP +.Vb 3 +\& typedef void *(OSSL_OP_asym_cipher_newctx_fn)(void *provctx); +\& static ossl_inline OSSL_OP_asym_cipher_newctx_fn +\& OSSL_get_OP_asym_cipher_newctx(const OSSL_DISPATCH *opf); +.Ve +.PP +\&\fB\s-1OSSL_DISPATCH\s0\fR arrays are indexed by numbers that are provided as +macros in \fIopenssl\-core_numbers.h\fR\|(7), as follows: +.PP +.Vb 3 +\& OP_asym_cipher_newctx OSSL_FUNC_ASYM_CIPHER_NEWCTX +\& OP_asym_cipher_freectx OSSL_FUNC_ASYM_CIPHER_FREECTX +\& OP_asym_cipher_dupctx OSSL_FUNC_ASYM_CIPHER_DUPCTX +\& +\& OP_asym_cipher_encrypt_init OSSL_FUNC_ASYM_CIPHER_ENCRYPT_INIT +\& OP_asym_cipher_encrypt OSSL_FUNC_ASYM_CIPHER_ENCRYPT +\& +\& OP_asym_cipher_decrypt_init OSSL_FUNC_ASYM_CIPHER_DECRYPT_INIT +\& OP_asym_cipher_decrypt OSSL_FUNC_ASYM_CIPHER_DECRYPT +\& +\& OP_asym_cipher_get_ctx_params OSSL_FUNC_ASYM_CIPHER_GET_CTX_PARAMS +\& OP_asym_cipher_gettable_ctx_params OSSL_FUNC_ASYM_CIPHER_GETTABLE_CTX_PARAMS +\& OP_asym_cipher_set_ctx_params OSSL_FUNC_ASYM_CIPHER_SET_CTX_PARAMS +\& OP_asym_cipher_settable_ctx_params OSSL_FUNC_ASYM_CIPHER_SETTABLE_CTX_PARAMS +.Ve +.PP +An asymmetric cipher algorithm implementation may not implement all of these +functions. +In order to be a consistent set of functions a provider must implement +OP_asym_cipher_newctx and OP_asym_cipher_freectx. +It must also implement both of OP_asym_cipher_encrypt_init and +OP_asym_cipher_encrypt, or both of OP_asym_cipher_decrypt_init and +OP_asym_cipher_decrypt. +OP_asym_cipher_get_ctx_params is optional but if it is present then so must +OP_asym_cipher_gettable_ctx_params. +Similarly, OP_asym_cipher_set_ctx_params is optional but if it is present then +so must OP_asym_cipher_settable_ctx_params. +.PP +An asymmetric cipher algorithm must also implement some mechanism for generating, +loading or importing keys via the key management (\s-1OSSL_OP_KEYMGMT\s0) operation. +See \fIprovider\-keymgmt\fR\|(7) for further details. +.SS "Context Management Functions" +.IX Subsection "Context Management Functions" +\&\fIOP_asym_cipher_newctx()\fR should create and return a pointer to a provider side +structure for holding context information during an asymmetric cipher operation. +A pointer to this context will be passed back in a number of the other +asymmetric cipher operation function calls. +The parameter \fIprovctx\fR is the provider context generated during provider +initialisation (see \fIprovider\fR\|(7)). +.PP +\&\fIOP_asym_cipher_freectx()\fR is passed a pointer to the provider side asymmetric +cipher context in the \fIctx\fR parameter. +This function should free any resources associated with that context. +.PP +\&\fIOP_asym_cipher_dupctx()\fR should duplicate the provider side asymmetric cipher +context in the \fIctx\fR parameter and return the duplicate copy. +.SS "Encryption Functions" +.IX Subsection "Encryption Functions" +\&\fIOP_asym_cipher_encrypt_init()\fR initialises a context for an asymmetric encryption +given a provider side asymmetric cipher context in the \fIctx\fR parameter, and a +pointer to a provider key object in the \fIprovkey\fR parameter. +The key object should have been previously generated, loaded or imported into +the provider using the key management (\s-1OSSL_OP_KEYMGMT\s0) operation (see +\&\fIprovider\-keymgmt\fR\|(7)>. +.PP +\&\fIOP_asym_cipher_encrypt()\fR performs the actual encryption itself. +A previously initialised asymmetric cipher context is passed in the \fIctx\fR +parameter. +The data to be encrypted is pointed to by the \fIin\fR parameter which is \fIinlen\fR +bytes long. +Unless \fIout\fR is \s-1NULL\s0, the encrypted data should be written to the location +pointed to by the \fIout\fR parameter and it should not exceed \fIoutsize\fR bytes in +length. +The length of the encrypted data should be written to \fI*outlen\fR. +If \fIout\fR is \s-1NULL\s0 then the maximum length of the encrypted data should be +written to \fI*outlen\fR. +.SS "Decryption Functions" +.IX Subsection "Decryption Functions" +\&\fIOP_asym_cipher_decrypt_init()\fR initialises a context for an asymmetric decryption +given a provider side asymmetric cipher context in the \fIctx\fR parameter, and a +pointer to a provider key object in the \fIprovkey\fR parameter. +The key object should have been previously generated, loaded or imported into +the provider using the key management (\s-1OSSL_OP_KEYMGMT\s0) operation (see +\&\fIprovider\-keymgmt\fR\|(7)>. +.PP +\&\fIOP_asym_cipher_decrypt()\fR performs the actual decryption itself. +A previously initialised asymmetric cipher context is passed in the \fIctx\fR +parameter. +The data to be decrypted is pointed to by the \fIin\fR parameter which is \fIinlen\fR +bytes long. +Unless \fIout\fR is \s-1NULL\s0, the decrypted data should be written to the location +pointed to by the \fIout\fR parameter and it should not exceed \fIoutsize\fR bytes in +length. +The length of the decrypted data should be written to \fI*outlen\fR. +If \fIout\fR is \s-1NULL\s0 then the maximum length of the decrypted data should be +written to \fI*outlen\fR. +.SS "Asymmetric Cipher Parameters" +.IX Subsection "Asymmetric Cipher Parameters" +See \s-1\fIOSSL_PARAM\s0\fR\|(3) for further details on the parameters structure used by +the \fIOP_asym_cipher_get_ctx_params()\fR and \fIOP_asym_cipher_set_ctx_params()\fR +functions. +.PP +\&\fIOP_asym_cipher_get_ctx_params()\fR gets asymmetric cipher parameters associated +with the given provider side asymmetric cipher context \fIctx\fR and stores them in +\&\fIparams\fR. +\&\fIOP_asym_cipher_set_ctx_params()\fR sets the asymmetric cipher parameters associated +with the given provider side asymmetric cipher context \fIctx\fR to \fIparams\fR. +Any parameter settings are additional to any that were previously set. +.PP +Parameters currently recognised by built-in asymmetric cipher algorithms are as +follows. +Not all parameters are relevant to, or are understood by all asymmetric cipher +algorithms: +.ie n .IP """pad-mode"" (\fB\s-1OSSL_ASYM_CIPHER_PARAM_PAD_MODE\s0\fR) " 4 +.el .IP "``pad-mode'' (\fB\s-1OSSL_ASYM_CIPHER_PARAM_PAD_MODE\s0\fR) " 4 +.IX Item "pad-mode (OSSL_ASYM_CIPHER_PARAM_PAD_MODE) " +The type of padding to be used. The interpretation of this value will depend +on the algorithm in use. The default provider understands these \s-1RSA\s0 padding +modes: 1 (\s-1RSA_PKCS1_PADDING\s0), 2 (\s-1RSA_SSLV23_PADDING\s0), 3 (\s-1RSA_NO_PADDING\s0), +4 (\s-1RSA_PKCS1_OAEP_PADDING\s0), 5 (\s-1RSA_X931_PADDING\s0), 6 (\s-1RSA_PKCS1_PSS_PADDING\s0) and +7 (\s-1RSA_PKCS1_WITH_TLS_PADDING\s0). See \fIEVP_PKEY_CTX_set_rsa_padding\fR\|(3) for +further details. +.ie n .IP """digest"" (\fB\s-1OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``digest'' (\fB\s-1OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "digest (OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST) " +Gets or sets the name of the \s-1OAEP\s0 digest algorithm used when \s-1OAEP\s0 padding is in +use. +.ie n .IP """digest-props"" (\fB\s-1OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``digest-props'' (\fB\s-1OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "digest-props (OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS) " +Gets or sets the properties to use when fetching the \s-1OAEP\s0 digest algorithm. +.ie n .IP """mgf1\-digest"" (\fB\s-1OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``mgf1\-digest'' (\fB\s-1OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "mgf1-digest (OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST) " +Gets or sets the name of the \s-1MGF1\s0 digest algorithm used when \s-1OAEP\s0 or \s-1PSS\s0 padding +is in use. +.ie n .IP """mgf1\-digest\-props"" (\fB\s-1OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``mgf1\-digest\-props'' (\fB\s-1OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "mgf1-digest-props (OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS) " +Gets or sets the properties to use when fetching the \s-1MGF1\s0 digest algorithm. +.ie n .IP """oaep-label"" (\fB\s-1OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL\s0\fR) " 4 +.el .IP "``oaep-label'' (\fB\s-1OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL\s0\fR) " 4 +.IX Item "oaep-label (OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL) " +Gets or sets the \s-1OAEP\s0 label used when \s-1OAEP\s0 padding is in use. +.ie n .IP """oaep-label-len"" (\fB\s-1OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL_LEN\s0\fR) " 4 +.el .IP "``oaep-label-len'' (\fB\s-1OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL_LEN\s0\fR) " 4 +.IX Item "oaep-label-len (OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL_LEN) " +Gets the length of an \s-1OAEP\s0 label when \s-1OAEP\s0 padding is in use. +.ie n .IP """tls-client-version"" (\fB\s-1OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION\s0\fR) " 4 +.el .IP "``tls-client-version'' (\fB\s-1OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION\s0\fR) " 4 +.IX Item "tls-client-version (OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION) " +The \s-1TLS\s0 protocol version first requested by the client. See +\&\fB\s-1RSA_PKCS1_WITH_TLS_PADDING\s0\fR on the page \fIEVP_PKEY_CTX_set_rsa_padding\fR\|(3). +.ie n .IP """tls-negotiated-version"" (\fB\s-1OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION\s0\fR) " 4 +.el .IP "``tls-negotiated-version'' (\fB\s-1OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION\s0\fR) " 4 +.IX Item "tls-negotiated-version (OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION) " +The negotiated \s-1TLS\s0 protocol version. See +\&\fB\s-1RSA_PKCS1_WITH_TLS_PADDING\s0\fR on the page \fIEVP_PKEY_CTX_set_rsa_padding\fR\|(3). +.PP +\&\fIOP_asym_cipher_gettable_ctx_params()\fR and \fIOP_asym_cipher_settable_ctx_params()\fR +get a constant \fB\s-1OSSL_PARAM\s0\fR array that describes the gettable and settable +parameters, i.e. parameters that can be used with \fIOP_asym_cipherget_ctx_params()\fR +and \fIOP_asym_cipher_set_ctx_params()\fR respectively. +See \s-1\fIOSSL_PARAM\s0\fR\|(3) for the use of \fB\s-1OSSL_PARAM\s0\fR as parameter descriptor. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOP_asym_cipher_newctx()\fR and \fIOP_asym_cipher_dupctx()\fR should return the newly +created provider side asymmetric cipher context, or \s-1NULL\s0 on failure. +.PP +All other functions should return 1 for success or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIprovider\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The provider \s-1ASYM_CIPHER\s0 interface was introduced in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man7/provider-base.7 b/linux_amd64/share/man/man7/provider-base.7 new file mode 100755 index 0000000..e5ca978 --- /dev/null +++ b/linux_amd64/share/man/man7/provider-base.7 @@ -0,0 +1,611 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PROVIDER-BASE 7" +.TH PROVIDER-BASE 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +provider\-base +\&\- The basic OpenSSL library <\-> provider functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& /* +\& * None of these are actual functions, but are displayed like this for +\& * the function signatures for functions that are offered as function +\& * pointers in OSSL_DISPATCH arrays. +\& */ +\& +\& /* Functions offered by libcrypto to the providers */ +\& const OSSL_ITEM *core_gettable_params(const OSSL_PROVIDER *prov); +\& int core_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[]); +\& int core_thread_start(const OSSL_PROVIDER *prov, +\& OSSL_thread_stop_handler_fn handfn); +\& OPENSSL_CTX *core_get_library_context(const OSSL_PROVIDER *prov); +\& void core_new_error(const OSSL_PROVIDER *prov); +\& void core_set_error_debug(const OSSL_PROVIDER *prov, +\& const char *file, int line, const char *func); +\& void core_vset_error(const OSSL_PROVIDER *prov, +\& uint32_t reason, const char *fmt, va_list args); +\& +\& /* +\& * Some OpenSSL functionality is directly offered to providers via +\& * dispatch +\& */ +\& void *CRYPTO_malloc(size_t num, const char *file, int line); +\& void *CRYPTO_zalloc(size_t num, const char *file, int line); +\& void *CRYPTO_memdup(const void *str, size_t siz, +\& const char *file, int line); +\& char *CRYPTO_strdup(const char *str, const char *file, int line); +\& char *CRYPTO_strndup(const char *str, size_t s, +\& const char *file, int line); +\& void CRYPTO_free(void *ptr, const char *file, int line); +\& void CRYPTO_clear_free(void *ptr, size_t num, +\& const char *file, int line); +\& void *CRYPTO_realloc(void *addr, size_t num, +\& const char *file, int line); +\& void *CRYPTO_clear_realloc(void *addr, size_t old_num, size_t num, +\& const char *file, int line); +\& void *CRYPTO_secure_malloc(size_t num, const char *file, int line); +\& void *CRYPTO_secure_zalloc(size_t num, const char *file, int line); +\& void CRYPTO_secure_free(void *ptr, const char *file, int line); +\& void CRYPTO_secure_clear_free(void *ptr, size_t num, +\& const char *file, int line); +\& int CRYPTO_secure_allocated(const void *ptr); +\& void OPENSSL_cleanse(void *ptr, size_t len); +\& unsigned char *OPENSSL_hexstr2buf(const char *str, long *len); +\& +\& /* Functions offered by the provider to libcrypto */ +\& void provider_teardown(void *provctx); +\& const OSSL_ITEM *provider_gettable_params(void *provctx); +\& int provider_get_params(void *provctx, OSSL_PARAM params[]); +\& const OSSL_ALGORITHM *provider_query_operation(void *provctx, +\& int operation_id, +\& const int *no_store); +\& const OSSL_ITEM *provider_get_reason_strings(void *provctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +All \*(L"functions\*(R" mentioned here are passed as function pointers between +\&\fIlibcrypto\fR and the provider in \fB\s-1OSSL_DISPATCH\s0\fR arrays, in the call +of the provider initialization function. See \*(L"Provider\*(R" in \fIprovider\fR\|(7) +for a description of the initialization function. +.PP +All these \*(L"functions\*(R" have a corresponding function type definition +named \fBOSSL_{name}_fn\fR, and a helper function to retrieve the +function pointer from a \fB\s-1OSSL_DISPATCH\s0\fR element named +\&\fBOSSL_get_{name}\fR. +For example, the \*(L"function\*(R" \fIcore_gettable_params()\fR has these: +.PP +.Vb 4 +\& typedef OSSL_ITEM * +\& (OSSL_core_gettable_params_fn)(const OSSL_PROVIDER *prov); +\& static ossl_inline OSSL_NAME_core_gettable_params_fn +\& OSSL_get_core_gettable_params(const OSSL_DISPATCH *opf); +.Ve +.PP +\&\fB\s-1OSSL_DISPATCH\s0\fR arrays are indexed by numbers that are provided as +macros in \fIopenssl\-core_numbers.h\fR\|(7), as follows: +.PP +For \fIin\fR (the \fB\s-1OSSL_DISPATCH\s0\fR array passed from \fIlibcrypto\fR to the +provider): +.PP +.Vb 10 +\& core_gettable_params OSSL_FUNC_CORE_GETTABLE_PARAMS +\& core_get_params OSSL_FUNC_CORE_GET_PARAMS +\& core_thread_start OSSL_FUNC_CORE_THREAD_START +\& core_get_library_context OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT +\& core_new_error OSSL_FUNC_CORE_NEW_ERROR +\& core_set_error_debug OSSL_FUNC_CORE_SET_ERROR_DEBUG +\& core_set_error OSSL_FUNC_CORE_SET_ERROR +\& CRYPTO_malloc OSSL_FUNC_CRYPTO_MALLOC +\& CRYPTO_zalloc OSSL_FUNC_CRYPTO_ZALLOC +\& CRYPTO_memdup OSSL_FUNC_CRYPTO_MEMDUP +\& CRYPTO_strdup OSSL_FUNC_CRYPTO_STRDUP +\& CRYPTO_strndup OSSL_FUNC_CRYPTO_STRNDUP +\& CRYPTO_free OSSL_FUNC_CRYPTO_FREE +\& CRYPTO_clear_free OSSL_FUNC_CRYPTO_CLEAR_FREE +\& CRYPTO_realloc OSSL_FUNC_CRYPTO_REALLOC +\& CRYPTO_clear_realloc OSSL_FUNC_CRYPTO_CLEAR_REALLOC +\& CRYPTO_secure_malloc OSSL_FUNC_CRYPTO_SECURE_MALLOC +\& CRYPTO_secure_zalloc OSSL_FUNC_CRYPTO_SECURE_ZALLOC +\& CRYPTO_secure_free OSSL_FUNC_CRYPTO_SECURE_FREE +\& CRYPTO_secure_clear_free OSSL_FUNC_CRYPTO_SECURE_CLEAR_FREE +\& CRYPTO_secure_allocated OSSL_FUNC_CRYPTO_SECURE_ALLOCATED +\& BIO_new_file OSSL_FUNC_BIO_NEW_FILE +\& BIO_new_mem_buf OSSL_FUNC_BIO_NEW_MEMBUF +\& BIO_read_ex OSSL_FUNC_BIO_READ_EX +\& BIO_free OSSL_FUNC_BIO_FREE +\& BIO_vprintf OSSL_FUNC_BIO_VPRINTF +\& OPENSSL_cleanse OSSL_FUNC_OPENSSL_CLEANSE +\& OPENSSL_hexstr2buf OSSL_FUNC_OPENSSL_HEXSTR2BUF +\& OSSL_SELF_TEST_set_callback OSSL_FUNC_SELF_TEST_CB +.Ve +.PP +For \fI*out\fR (the \fB\s-1OSSL_DISPATCH\s0\fR array passed from the provider to +\&\fIlibcrypto\fR): +.PP +.Vb 5 +\& provider_teardown OSSL_FUNC_PROVIDER_TEARDOWN +\& provider_gettable_params OSSL_FUNC_PROVIDER_GETTABLE_PARAMS +\& provider_get_params OSSL_FUNC_PROVIDER_GET_PARAMS +\& provider_query_operation OSSL_FUNC_PROVIDER_QUERY_OPERATION +\& provider_get_reason_strings OSSL_FUNC_PROVIDER_GET_REASON_STRINGS +.Ve +.SS "Core functions" +.IX Subsection "Core functions" +\&\fIcore_gettable_params()\fR returns a constant array of descriptor +\&\fB\s-1OSSL_PARAM\s0\fR, for parameters that \fIcore_get_params()\fR can handle. +.PP +\&\fIcore_get_params()\fR retrieves \fIprov\fR parameters from the core. +See \*(L"Core parameters\*(R" below for a description of currently known +parameters. +.PP +\&\fIcore_get_library_context()\fR retrieves the library context in which the +\&\fB\s-1OSSL_PROVIDER\s0\fR object \fIprov\fR is stored. +This may sometimes be useful if the provider wishes to store a +reference to its context in the same library context. +.PP +\&\fIcore_new_error()\fR, \fIcore_set_error_debug()\fR and \fIcore_set_error()\fR are +building blocks for reporting an error back to the core, with +reference to the provider object \fIprov\fR. +.IP "\fIcore_new_error()\fR" 4 +.IX Item "core_new_error()" +allocates a new thread specific error record. +.Sp +This corresponds to the OpenSSL function \fIERR_new\fR\|(3). +.IP "\fIcore_set_error_debug()\fR" 4 +.IX Item "core_set_error_debug()" +sets debugging information in the current thread specific error +record. +The debugging information includes the name of the file \fIfile\fR, the +line \fIline\fR and the function name \fIfunc\fR where the error occurred. +.Sp +This corresponds to the OpenSSL function \fIERR_set_debug\fR\|(3). +.IP "\fIcore_set_error()\fR" 4 +.IX Item "core_set_error()" +sets the \fIreason\fR for the error, along with any addition data. +The \fIreason\fR is a number defined by the provider and used to index +the reason strings table that's returned by +\&\fIprovider_get_reason_strings()\fR. +The additional data is given as a format string \fIfmt\fR and a set of +arguments \fIargs\fR, which are treated in the same manner as with +\&\fIBIO_vsnprintf()\fR. +\&\fIfile\fR and \fIline\fR may also be passed to indicate exactly where the +error occurred or was reported. +.Sp +This corresponds to the OpenSSL function \fIERR_vset_error\fR\|(3). +.PP +\&\fICRYPTO_malloc()\fR, \fICRYPTO_zalloc()\fR, \fICRYPTO_memdup()\fR, \fICRYPTO_strdup()\fR, +\&\fICRYPTO_strndup()\fR, \fICRYPTO_free()\fR, \fICRYPTO_clear_free()\fR, +\&\fICRYPTO_realloc()\fR, \fICRYPTO_clear_realloc()\fR, \fICRYPTO_secure_malloc()\fR, +\&\fICRYPTO_secure_zalloc()\fR, \fICRYPTO_secure_free()\fR, +\&\fICRYPTO_secure_clear_free()\fR, \fICRYPTO_secure_allocated()\fR, +\&\fIBIO_new_file()\fR, \fIBIO_new_mem_buf()\fR, \fIBIO_read_ex()\fR, \fIBIO_free()\fR, +\&\fIBIO_vprintf()\fR, \fIOPENSSL_cleanse()\fR, and \fIOPENSSL_hexstr2buf()\fR +correspond exactly to the public functions with the same name. +As a matter of fact, the pointers in the \fB\s-1OSSL_DISPATCH\s0\fR array are +direct pointers to those public functions. +\&\fIOSSL_SELF_TEST_set_callback()\fR is used to set an optional callback that can be +passed into a provider. This may be ignored by a provider. +.SS "Provider functions" +.IX Subsection "Provider functions" +\&\fIprovider_teardown()\fR is called when a provider is shut down and removed +from the core's provider store. +It must free the passed \fIprovctx\fR. +.PP +\&\fIprovider_gettable_params()\fR should return a constant array of +descriptor \fB\s-1OSSL_PARAM\s0\fR, for parameters that \fIprovider_get_params()\fR +can handle. +.PP +\&\fIprovider_get_params()\fR should process the \fB\s-1OSSL_PARAM\s0\fR array +\&\fIparams\fR, setting the values of the parameters it understands. +.PP +\&\fIprovider_query_operation()\fR should return a constant \fB\s-1OSSL_ALGORITHM\s0\fR +that corresponds to the given \fIoperation_id\fR. +It should indicate if the core may store a reference to this array by +setting \fI*no_store\fR to 0 (core may store a reference) or 1 (core may +not store a reference). +.PP +\&\fIprovider_get_reason_strings()\fR should return a constant \fB\s-1OSSL_ITEM\s0\fR +array that provides reason strings for reason codes the provider may +use when reporting errors using \fIcore_put_error()\fR. +.PP +None of these functions are mandatory, but a provider is fairly +useless without at least \fIprovider_query_operation()\fR, and +\&\fIprovider_gettable_params()\fR is fairly useless if not accompanied by +\&\fIprovider_get_params()\fR. +.SS "Core parameters" +.IX Subsection "Core parameters" +\&\fIcore_get_params()\fR understands the following known parameters: +.ie n .IP """openssl-version""" 4 +.el .IP "``openssl-version''" 4 +.IX Item "openssl-version" +This is a \fB\s-1OSSL_PARAM_UTF8_PTR\s0\fR type of parameter, pointing at the +OpenSSL libraries' full version string, i.e. the string expanded from +the macro \fB\s-1OPENSSL_VERSION_STR\s0\fR. +.ie n .IP """provider-name""" 4 +.el .IP "``provider-name''" 4 +.IX Item "provider-name" +This is a \fB\s-1OSSL_PARAM_UTF8_PTR\s0\fR type of parameter, pointing at the +OpenSSL libraries' idea of what the calling provider is called. +.PP +Additionally, provider specific configuration parameters from the +config file are available, in dotted name form. +The dotted name form is a concatenation of section names and final +config command name separated by periods. +.PP +For example, let's say we have the following config example: +.PP +.Vb 1 +\& openssl_conf = openssl_init +\& +\& [openssl_init] +\& providers = providers_sect +\& +\& [providers_sect] +\& foo = foo_sect +\& +\& [foo_sect] +\& activate = 1 +\& data1 = 2 +\& data2 = str +\& more = foo_more +\& +\& [foo_more] +\& data3 = foo,bar +.Ve +.PP +The provider will have these additional parameters available: +.ie n .IP """activate""" 4 +.el .IP "``activate''" 4 +.IX Item "activate" +pointing at the string \*(L"1\*(R" +.ie n .IP """data1""" 4 +.el .IP "``data1''" 4 +.IX Item "data1" +pointing at the string \*(L"2\*(R" +.ie n .IP """data2""" 4 +.el .IP "``data2''" 4 +.IX Item "data2" +pointing at the string \*(L"str\*(R" +.ie n .IP """more.data3""" 4 +.el .IP "``more.data3''" 4 +.IX Item "more.data3" +pointing at the string \*(L"foo,bar\*(R" +.PP +For more information on handling parameters, see \s-1\fIOSSL_PARAM\s0\fR\|(3) as +\&\fIOSSL_PARAM_int\fR\|(3). +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This is an example of a simple provider made available as a +dynamically loadable module. +It implements the fictitious algorithm \f(CW\*(C`FOO\*(C'\fR for the fictitious +operation \f(CW\*(C`BAR\*(C'\fR. +.PP +.Vb 3 +\& #include +\& #include +\& #include +\& +\& /* Errors used in this provider */ +\& #define E_MALLOC 1 +\& +\& static const OSSL_ITEM reasons[] = { +\& { E_MALLOC, "memory allocation failure" }. +\& { 0, NULL } /* Termination */ +\& }; +\& +\& /* +\& * To ensure we get the function signature right, forward declare +\& * them using function types provided by openssl/core_numbers.h +\& */ +\& OSSL_OP_bar_newctx_fn foo_newctx; +\& OSSL_OP_bar_freectx_fn foo_freectx; +\& OSSL_OP_bar_init_fn foo_init; +\& OSSL_OP_bar_update_fn foo_update; +\& OSSL_OP_bar_final_fn foo_final; +\& +\& OSSL_provider_query_operation_fn p_query; +\& OSSL_provider_get_reason_strings_fn p_reasons; +\& OSSL_provider_teardown_fn p_teardown; +\& +\& OSSL_provider_init_fn OSSL_provider_init; +\& +\& OSSL_core_put_error *c_put_error = NULL; +\& +\& /* Provider context */ +\& struct prov_ctx_st { +\& OSSL_PROVIDER *prov; +\& } +\& +\& /* operation context for the algorithm FOO */ +\& struct foo_ctx_st { +\& struct prov_ctx_st *provctx; +\& int b; +\& }; +\& +\& static void *foo_newctx(void *provctx) +\& { +\& struct foo_ctx_st *fooctx = malloc(sizeof(*fooctx)); +\& +\& if (fooctx != NULL) +\& fooctx\->provctx = provctx; +\& else +\& c_put_error(provctx\->prov, E_MALLOC, _\|_FILE_\|_, _\|_LINE_\|_); +\& return fooctx; +\& } +\& +\& static void foo_freectx(void *fooctx) +\& { +\& free(fooctx); +\& } +\& +\& static int foo_init(void *vfooctx) +\& { +\& struct foo_ctx_st *fooctx = vfooctx; +\& +\& fooctx\->b = 0x33; +\& } +\& +\& static int foo_update(void *vfooctx, unsigned char *in, size_t inl) +\& { +\& struct foo_ctx_st *fooctx = vfooctx; +\& +\& /* did you expect something serious? */ +\& if (inl == 0) +\& return 1; +\& for (; inl\-\- > 0; in++) +\& *in ^= fooctx\->b; +\& return 1; +\& } +\& +\& static int foo_final(void *vfooctx) +\& { +\& struct foo_ctx_st *fooctx = vfooctx; +\& +\& fooctx\->b = 0x66; +\& } +\& +\& static const OSSL_DISPATCH foo_fns[] = { +\& { OSSL_FUNC_BAR_NEWCTX, (void (*)(void))foo_newctx }, +\& { OSSL_FUNC_BAR_FREECTX, (void (*)(void))foo_freectx }, +\& { OSSL_FUNC_BAR_INIT, (void (*)(void))foo_init }, +\& { OSSL_FUNC_BAR_UPDATE, (void (*)(void))foo_update }, +\& { OSSL_FUNC_BAR_FINAL, (void (*)(void))foo_final }, +\& { 0, NULL } +\& }; +\& +\& static const OSSL_ALGORITHM bars[] = { +\& { "FOO", "provider=chumbawamba", foo_fns }, +\& { NULL, NULL, NULL } +\& }; +\& +\& static const OSSL_ALGORITHM *p_query(void *provctx, int operation_id, +\& int *no_store) +\& { +\& switch (operation_id) { +\& case OSSL_OP_BAR: +\& return bars; +\& } +\& return NULL; +\& } +\& +\& static const OSSL_ITEM *p_reasons(void *provctx) +\& { +\& return reasons; +\& } +\& +\& static void p_teardown(void *provctx) +\& { +\& free(provctx); +\& } +\& +\& static const OSSL_DISPATCH prov_fns[] = { +\& { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))p_teardown }, +\& { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))p_query }, +\& { OSSL_FUNC_PROVIDER_GET_REASON_STRINGS, (void (*)(void))p_reasons }, +\& { 0, NULL } +\& }; +\& +\& int OSSL_provider_init(const OSSL_PROVIDER *provider, +\& const OSSL_DISPATCH *in, +\& const OSSL_DISPATCH **out, +\& void **provctx) +\& { +\& struct prov_ctx_st *pctx = NULL; +\& +\& for (; in\->function_id != 0; in++) +\& switch (in\->function_id) { +\& case OSSL_FUNC_CORE_PUT_ERROR: +\& c_put_error = OSSL_get_core_put_error(in); +\& break; +\& } +\& +\& *out = prov_fns; +\& +\& if ((pctx = malloc(sizeof(*pctx))) == NULL) { +\& /* +\& * ALEA IACTA EST, if the core retrieves the reason table +\& * regardless, that string will be displayed, otherwise not. +\& */ +\& c_put_error(provider, E_MALLOC, _\|_FILE_\|_, _\|_LINE_\|_); +\& return 0; +\& } +\& return 1; +\& } +.Ve +.PP +This relies on a few things existing in \fIopenssl/core_numbers.h\fR: +.PP +.Vb 1 +\& #define OSSL_OP_BAR 4711 +\& +\& #define OSSL_FUNC_BAR_NEWCTX 1 +\& typedef void *(OSSL_OP_bar_newctx_fn)(void *provctx); +\& static ossl_inline OSSL_get_bar_newctx(const OSSL_DISPATCH *opf) +\& { return (OSSL_OP_bar_newctx_fn *)opf\->function; } +\& +\& #define OSSL_FUNC_BAR_FREECTX 2 +\& typedef void (OSSL_OP_bar_freectx_fn)(void *ctx); +\& static ossl_inline OSSL_get_bar_newctx(const OSSL_DISPATCH *opf) +\& { return (OSSL_OP_bar_freectx_fn *)opf\->function; } +\& +\& #define OSSL_FUNC_BAR_INIT 3 +\& typedef void *(OSSL_OP_bar_init_fn)(void *ctx); +\& static ossl_inline OSSL_get_bar_init(const OSSL_DISPATCH *opf) +\& { return (OSSL_OP_bar_init_fn *)opf\->function; } +\& +\& #define OSSL_FUNC_BAR_UPDATE 4 +\& typedef void *(OSSL_OP_bar_update_fn)(void *ctx, +\& unsigned char *in, size_t inl); +\& static ossl_inline OSSL_get_bar_update(const OSSL_DISPATCH *opf) +\& { return (OSSL_OP_bar_update_fn *)opf\->function; } +\& +\& #define OSSL_FUNC_BAR_FINAL 5 +\& typedef void *(OSSL_OP_bar_final_fn)(void *ctx); +\& static ossl_inline OSSL_get_bar_final(const OSSL_DISPATCH *opf) +\& { return (OSSL_OP_bar_final_fn *)opf\->function; } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIprovider\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The concept of providers and everything surrounding them was +introduced in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man7/provider-cipher.7 b/linux_amd64/share/man/man7/provider-cipher.7 new file mode 100755 index 0000000..0ffef8a --- /dev/null +++ b/linux_amd64/share/man/man7/provider-cipher.7 @@ -0,0 +1,557 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PROVIDER-CIPHER 7" +.TH PROVIDER-CIPHER 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +provider\-cipher \- The cipher library <\-> provider functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& #include +\& #include +\& +\& /* +\& * None of these are actual functions, but are displayed like this for +\& * the function signatures for functions that are offered as function +\& * pointers in OSSL_DISPATCH arrays. +\& */ +\& +\& /* Context management */ +\& void *OP_cipher_newctx(void *provctx); +\& void OP_cipher_freectx(void *cctx); +\& void *OP_cipher_dupctx(void *cctx); +\& +\& /* Encryption/decryption */ +\& int OP_cipher_encrypt_init(void *cctx, const unsigned char *key, +\& size_t keylen, const unsigned char *iv, +\& size_t ivlen); +\& int OP_cipher_decrypt_init(void *cctx, const unsigned char *key, +\& size_t keylen, const unsigned char *iv, +\& size_t ivlen); +\& int OP_cipher_update(void *cctx, unsigned char *out, size_t *outl, +\& size_t outsize, const unsigned char *in, size_t inl); +\& int OP_cipher_final(void *cctx, unsigned char *out, size_t *outl, +\& size_t outsize); +\& int OP_cipher_cipher(void *cctx, unsigned char *out, size_t *outl, +\& size_t outsize, const unsigned char *in, size_t inl); +\& +\& /* Cipher parameter descriptors */ +\& const OSSL_PARAM *OP_cipher_gettable_params(void); +\& +\& /* Cipher operation parameter descriptors */ +\& const OSSL_PARAM *OP_cipher_gettable_ctx_params(void); +\& const OSSL_PARAM *OP_cipher_settable_ctx_params(void); +\& +\& /* Cipher parameters */ +\& int OP_cipher_get_params(OSSL_PARAM params[]); +\& +\& /* Cipher operation parameters */ +\& int OP_cipher_get_ctx_params(void *cctx, OSSL_PARAM params[]); +\& int OP_cipher_set_ctx_params(void *cctx, const OSSL_PARAM params[]); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This documentation is primarily aimed at provider authors. See \fIprovider\fR\|(7) +for further information. +.PP +The \s-1CIPHER\s0 operation enables providers to implement cipher algorithms and make +them available to applications via the \s-1API\s0 functions \fIEVP_EncryptInit_ex\fR\|(3), +\&\fIEVP_EncryptUpdate\fR\|(3) and \fIEVP_EncryptFinal\fR\|(3) (as well as the decrypt +equivalents and other related functions). +.PP +All \*(L"functions\*(R" mentioned here are passed as function pointers between +\&\fIlibcrypto\fR and the provider in \fB\s-1OSSL_DISPATCH\s0\fR arrays via +\&\fB\s-1OSSL_ALGORITHM\s0\fR arrays that are returned by the provider's +\&\fIprovider_query_operation()\fR function +(see \*(L"Provider Functions\*(R" in \fIprovider\-base\fR\|(7)). +.PP +All these \*(L"functions\*(R" have a corresponding function type definition +named \fBOSSL_{name}_fn\fR, and a helper function to retrieve the +function pointer from an \fB\s-1OSSL_DISPATCH\s0\fR element named +\&\fBOSSL_get_{name}\fR. +For example, the \*(L"function\*(R" \fIOP_cipher_newctx()\fR has these: +.PP +.Vb 3 +\& typedef void *(OSSL_OP_cipher_newctx_fn)(void *provctx); +\& static ossl_inline OSSL_OP_cipher_newctx_fn +\& OSSL_get_OP_cipher_newctx(const OSSL_DISPATCH *opf); +.Ve +.PP +\&\fB\s-1OSSL_DISPATCH\s0\fR arrays are indexed by numbers that are provided as +macros in \fIopenssl\-core_numbers.h\fR\|(7), as follows: +.PP +.Vb 3 +\& OP_cipher_newctx OSSL_FUNC_CIPHER_NEWCTX +\& OP_cipher_freectx OSSL_FUNC_CIPHER_FREECTX +\& OP_cipher_dupctx OSSL_FUNC_CIPHER_DUPCTX +\& +\& OP_cipher_encrypt_init OSSL_FUNC_CIPHER_ENCRYPT_INIT +\& OP_cipher_decrypt_init OSSL_FUNC_CIPHER_DECRYPT_INIT +\& OP_cipher_update OSSL_FUNC_CIPHER_UPDATE +\& OP_cipher_final OSSL_FUNC_CIPHER_FINAL +\& OP_cipher_cipher OSSL_FUNC_CIPHER_CIPHER +\& +\& OP_cipher_get_params OSSL_FUNC_CIPHER_GET_PARAMS +\& OP_cipher_get_ctx_params OSSL_FUNC_CIPHER_GET_CTX_PARAMS +\& OP_cipher_set_ctx_params OSSL_FUNC_CIPHER_SET_CTX_PARAMS +\& +\& OP_cipher_gettable_params OSSL_FUNC_CIPHER_GETTABLE_PARAMS +\& OP_cipher_gettable_ctx_params OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS +\& OP_cipher_settable_ctx_params OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS +.Ve +.PP +A cipher algorithm implementation may not implement all of these functions. +In order to be a consistent set of functions there must at least be a complete +set of \*(L"encrypt\*(R" functions, or a complete set of \*(L"decrypt\*(R" functions, or a +single \*(L"cipher\*(R" function. +In all cases both the OP_cipher_newctx and OP_cipher_freectx functions must be +present. +All other functions are optional. +.SS "Context Management Functions" +.IX Subsection "Context Management Functions" +\&\fIOP_cipher_newctx()\fR should create and return a pointer to a provider side +structure for holding context information during a cipher operation. +A pointer to this context will be passed back in a number of the other cipher +operation function calls. +The parameter \fIprovctx\fR is the provider context generated during provider +initialisation (see \fIprovider\fR\|(7)). +.PP +\&\fIOP_cipher_freectx()\fR is passed a pointer to the provider side cipher context in +the \fIcctx\fR parameter. +This function should free any resources associated with that context. +.PP +\&\fIOP_cipher_dupctx()\fR should duplicate the provider side cipher context in the +\&\fIcctx\fR parameter and return the duplicate copy. +.SS "Encryption/Decryption Functions" +.IX Subsection "Encryption/Decryption Functions" +\&\fIOP_cipher_encrypt_init()\fR initialises a cipher operation for encryption given a +newly created provider side cipher context in the \fIcctx\fR parameter. +The key to be used is given in \fIkey\fR which is \fIkeylen\fR bytes long. +The \s-1IV\s0 to be used is given in \fIiv\fR which is \fIivlen\fR bytes long. +.PP +\&\fIOP_cipher_decrypt_init()\fR is the same as \fIOP_cipher_encrypt_init()\fR except that it +initialises the context for a decryption operation. +.PP +\&\fIOP_cipher_update()\fR is called to supply data to be encrypted/decrypted as part of +a previously initialised cipher operation. +The \fIcctx\fR parameter contains a pointer to a previously initialised provider +side context. +\&\fIOP_cipher_update()\fR should encrypt/decrypt \fIinl\fR bytes of data at the location +pointed to by \fIin\fR. +The encrypted data should be stored in \fIout\fR and the amount of data written to +\&\fI*outl\fR which should not exceed \fIoutsize\fR bytes. +\&\fIOP_cipher_update()\fR may be called multiple times for a single cipher operation. +It is the responsibility of the cipher implementation to handle input lengths +that are not multiples of the block length. +In such cases a cipher implementation will typically cache partial blocks of +input data until a complete block is obtained. +\&\fIout\fR may be the same location as \fIin\fR but it should not partially overlap. +The same expectations apply to \fIoutsize\fR as documented for +\&\fIEVP_EncryptUpdate\fR\|(3) and \fIEVP_DecryptUpdate\fR\|(3). +.PP +\&\fIOP_cipher_final()\fR completes an encryption or decryption started through previous +\&\fIOP_cipher_encrypt_init()\fR or \fIOP_cipher_decrypt_init()\fR, and \fIOP_cipher_update()\fR +calls. +The \fIcctx\fR parameter contains a pointer to the provider side context. +Any final encryption/decryption output should be written to \fIout\fR and the +amount of data written to \fI*outl\fR which should not exceed \fIoutsize\fR bytes. +The same expectations apply to \fIoutsize\fR as documented for +\&\fIEVP_EncryptFinal\fR\|(3) and \fIEVP_DecryptFinal\fR\|(3). +.PP +\&\fIOP_cipher_cipher()\fR performs encryption/decryption using the provider side cipher +context in the \fIcctx\fR parameter that should have been previously initialised via +a call to \fIOP_cipher_encrypt_init()\fR or \fIOP_cipher_decrypt_init()\fR. +This should call the raw underlying cipher function without any padding. +This will be invoked in the provider as a result of the application calling +\&\fIEVP_Cipher\fR\|(3). +The application is responsible for ensuring that the input is a multiple of the +block length. +The data to be encrypted/decrypted will be in \fIin\fR, and it will be \fIinl\fR bytes +in length. +The output from the encryption/decryption should be stored in \fIout\fR and the +amount of data stored should be put in \fI*outl\fR which should be no more than +\&\fIoutsize\fR bytes. +.SS "Cipher Parameters" +.IX Subsection "Cipher Parameters" +See \s-1\fIOSSL_PARAM\s0\fR\|(3) for further details on the parameters structure used by +these functions. +.PP +\&\fIOP_cipher_get_params()\fR gets details of the algorithm implementation +and stores them in \fIparams\fR. +.PP +\&\fIOP_cipher_set_ctx_params()\fR sets cipher operation parameters for the +provider side cipher context \fIcctx\fR to \fIparams\fR. +Any parameter settings are additional to any that were previously set. +.PP +\&\fIOP_cipher_get_ctx_params()\fR gets cipher operation details details from +the given provider side cipher context \fIcctx\fR and stores them in \fIparams\fR. +.PP +\&\fIOP_cipher_gettable_params()\fR, \fIOP_cipher_gettable_ctx_params()\fR, and +\&\fIOP_cipher_settable_ctx_params()\fR all return constant \fB\s-1OSSL_PARAM\s0\fR arrays +as descriptors of the parameters that \fIOP_cipher_get_params()\fR, +\&\fIOP_cipher_get_ctx_params()\fR, and \fIOP_cipher_set_ctx_params()\fR can handle, +respectively. +.PP +Parameters currently recognised by built-in ciphers are as follows. Not all +parameters are relevant to, or are understood by all ciphers: +.ie n .IP """padding"" (\fB\s-1OSSL_CIPHER_PARAM_PADDING\s0\fR) " 4 +.el .IP "``padding'' (\fB\s-1OSSL_CIPHER_PARAM_PADDING\s0\fR) " 4 +.IX Item "padding (OSSL_CIPHER_PARAM_PADDING) " +Sets the padding mode for the associated cipher ctx. +Setting a value of 1 will turn padding on. +Setting a value of 0 will turn padding off. +.ie n .IP """mode"" (\fB\s-1OSSL_CIPHER_PARAM_MODE\s0\fR) " 4 +.el .IP "``mode'' (\fB\s-1OSSL_CIPHER_PARAM_MODE\s0\fR) " 4 +.IX Item "mode (OSSL_CIPHER_PARAM_MODE) " +Gets the mode for the associated cipher algorithm. +See \fIEVP_CIPHER_mode\fR\|(3) for a list of valid modes. +.ie n .IP """blocksize"" (\fB\s-1OSSL_CIPHER_PARAM_BLOCK_SIZE\s0\fR) " 4 +.el .IP "``blocksize'' (\fB\s-1OSSL_CIPHER_PARAM_BLOCK_SIZE\s0\fR) " 4 +.IX Item "blocksize (OSSL_CIPHER_PARAM_BLOCK_SIZE) " +Gets the block size for the associated cipher algorithm. +The block size should be 1 for stream ciphers. +Note that the block size for a cipher may be different to the block size for +the underlying encryption/decryption primitive. +For example \s-1AES\s0 in \s-1CTR\s0 mode has a block size of 1 (because it operates like a +stream cipher), even though \s-1AES\s0 has a block size of 16. +The length of the \*(L"blocksize\*(R" parameter should not exceed that of a \fBsize_t\fR. +.ie n .IP """flags"" (\fB\s-1OSSL_CIPHER_PARAM_FLAGS\s0\fR) " 4 +.el .IP "``flags'' (\fB\s-1OSSL_CIPHER_PARAM_FLAGS\s0\fR) " 4 +.IX Item "flags (OSSL_CIPHER_PARAM_FLAGS) " +Gets any flags for the associated cipher algorithm. +See \fIEVP_CIPHER_meth_set_flags\fR\|(3) for a list of currently defined cipher +flags. +The length of the \*(L"flags\*(R" parameter should equal that of an +\&\fBunsigned long int\fR. +.ie n .IP """keylen"" (\fB\s-1OSSL_CIPHER_PARAM_KEYLEN\s0\fR) " 4 +.el .IP "``keylen'' (\fB\s-1OSSL_CIPHER_PARAM_KEYLEN\s0\fR) " 4 +.IX Item "keylen (OSSL_CIPHER_PARAM_KEYLEN) " +Gets the key length for the associated cipher algorithm. +This can also be used to get or set the key length for the associated cipher +ctx. +The length of the \*(L"keylen\*(R" parameter should not exceed that of a \fBsize_t\fR. +.ie n .IP """ivlen"" (\fB\s-1OSSL_CIPHER_PARAM_IVLEN\s0\fR) " 4 +.el .IP "``ivlen'' (\fB\s-1OSSL_CIPHER_PARAM_IVLEN\s0\fR) " 4 +.IX Item "ivlen (OSSL_CIPHER_PARAM_IVLEN) " +Gets the \s-1IV\s0 length for the associated cipher algorithm. +The length of the \*(L"ivlen\*(R" parameter should not exceed that of a \fBsize_t\fR. +.ie n .IP """iv"" (\fB\s-1OSSL_CIPHER_PARAM_IV\s0\fR) " 4 +.el .IP "``iv'' (\fB\s-1OSSL_CIPHER_PARAM_IV\s0\fR) " 4 +.IX Item "iv (OSSL_CIPHER_PARAM_IV) " +Gets the \s-1IV\s0 for the associated cipher ctx. +.ie n .IP """num"" (\fB\s-1OSSL_CIPHER_PARAM_NUM\s0\fR) " 4 +.el .IP "``num'' (\fB\s-1OSSL_CIPHER_PARAM_NUM\s0\fR) " 4 +.IX Item "num (OSSL_CIPHER_PARAM_NUM) " +Gets or sets the cipher specific \*(L"num\*(R" parameter for the associated cipher ctx. +Built-in ciphers typically use this to track how much of the current underlying +block has been \*(L"used\*(R" already. +.ie n .IP """tag"" (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TAG\s0\fR) " 4 +.el .IP "``tag'' (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TAG\s0\fR) " 4 +.IX Item "tag (OSSL_CIPHER_PARAM_AEAD_TAG) " +Gets or sets the \s-1AEAD\s0 tag for the associated cipher ctx. +See \*(L"\s-1AEAD\s0 Interface\*(R" in \fIEVP_EncryptInit\fR\|(3). +.ie n .IP """taglen"" (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TAGLEN\s0\fR) " 4 +.el .IP "``taglen'' (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TAGLEN\s0\fR) " 4 +.IX Item "taglen (OSSL_CIPHER_PARAM_AEAD_TAGLEN) " +Gets the tag length to be used for an \s-1AEAD\s0 cipher for the associated cipher ctx. +It returns a default value if it has not been set. +The length of the \*(L"taglen\*(R" parameter should not exceed that of a \fBsize_t\fR. +.ie n .IP """tlsaad"" (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TLS1_AAD\s0\fR) " 4 +.el .IP "``tlsaad'' (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TLS1_AAD\s0\fR) " 4 +.IX Item "tlsaad (OSSL_CIPHER_PARAM_AEAD_TLS1_AAD) " +Sets TLSv1.2 \s-1AAD\s0 information for the associated cipher ctx. +TLSv1.2 \s-1AAD\s0 information is always 13 bytes in length and is as defined for the +\&\*(L"additional_data\*(R" field described in section 6.2.3.3 of \s-1RFC5246\s0. +.ie n .IP """tlsaadpad"" (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD\s0\fR) " 4 +.el .IP "``tlsaadpad'' (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD\s0\fR) " 4 +.IX Item "tlsaadpad (OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD) " +Gets the length of the tag that will be added to a \s-1TLS\s0 record for the \s-1AEAD\s0 +tag for the associated cipher ctx. +The length of the \*(L"tlsaadpad\*(R" parameter should not exceed that of a \fBsize_t\fR. +.ie n .IP """tlsivfixed"" (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED\s0\fR) " 4 +.el .IP "``tlsivfixed'' (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED\s0\fR) " 4 +.IX Item "tlsivfixed (OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED) " +Sets the fixed portion of an \s-1IV\s0 for an \s-1AEAD\s0 cipher used in a \s-1TLS\s0 record +encryption/ decryption for the associated cipher ctx. +\&\s-1TLS\s0 record encryption/decryption always occurs \*(L"in place\*(R" so that the input and +output buffers are always the same memory location. +\&\s-1AEAD\s0 IVs in TLSv1.2 consist of an implicit \*(L"fixed\*(R" part and an explicit part +that varies with every record. +Setting a \s-1TLS\s0 fixed \s-1IV\s0 changes a cipher to encrypt/decrypt \s-1TLS\s0 records. +\&\s-1TLS\s0 records are encrypted/decrypted using a single OP_cipher_cipher call per +record. +For a record decryption the first bytes of the input buffer will be the explicit +part of the \s-1IV\s0 and the final bytes of the input buffer will be the \s-1AEAD\s0 tag. +The length of the explicit part of the \s-1IV\s0 and the tag length will depend on the +cipher in use and will be defined in the \s-1RFC\s0 for the relevant ciphersuite. +In order to allow for \*(L"in place\*(R" decryption the plaintext output should be +written to the same location in the output buffer that the ciphertext payload +was read from, i.e. immediately after the explicit \s-1IV\s0. +.Sp +When encrypting a record the first bytes of the input buffer will be empty to +allow space for the explicit \s-1IV\s0, as will the final bytes where the tag will +be written. +The length of the input buffer will include the length of the explicit \s-1IV\s0, the +payload, and the tag bytes. +The cipher implementation should generate the explicit \s-1IV\s0 and write it to the +beginning of the output buffer, do \*(L"in place\*(R" encryption of the payload and +write that to the output buffer, and finally add the tag onto the end of the +output buffer. +.Sp +Whether encrypting or decrypting the value written to \fI*outl\fR in the +OP_cipher_cipher call should be the length of the payload excluding the explicit +\&\s-1IV\s0 length and the tag length. +.ie n .IP """ivlen"" (\fB\s-1OSSL_CIPHER_PARAM_AEAD_IVLEN\s0\fR) " 4 +.el .IP "``ivlen'' (\fB\s-1OSSL_CIPHER_PARAM_AEAD_IVLEN\s0\fR) " 4 +.IX Item "ivlen (OSSL_CIPHER_PARAM_AEAD_IVLEN) " +Sets the \s-1IV\s0 length to be used for an \s-1AEAD\s0 cipher for the associated cipher ctx. +The length of the \*(L"ivlen\*(R" parameter should not exceed that of a \fBsize_t\fR. +.ie n .IP """mackey"" (\fB\s-1OSSL_CIPHER_PARAM_AEAD_MAC_KEY\s0\fR) " 4 +.el .IP "``mackey'' (\fB\s-1OSSL_CIPHER_PARAM_AEAD_MAC_KEY\s0\fR) " 4 +.IX Item "mackey (OSSL_CIPHER_PARAM_AEAD_MAC_KEY) " +Sets the \s-1MAC\s0 key used by composite \s-1AEAD\s0 ciphers such as \s-1AES\-CBC\-HMAC\-SHA256\s0. +.ie n .IP """randkey"" (\fB\s-1OSSL_CIPHER_PARAM_RANDOM_KEY\s0\fR) " 4 +.el .IP "``randkey'' (\fB\s-1OSSL_CIPHER_PARAM_RANDOM_KEY\s0\fR) " 4 +.IX Item "randkey (OSSL_CIPHER_PARAM_RANDOM_KEY) " +Gets a implementation specific randomly generated key for the associated +cipher ctx. This is currently only supported by 3DES (which sets the key to +odd parity). +.ie n .IP """alg_id_param"" (\fB\s-1OSSL_CIPHER_PARAM_ALG_ID\s0\fR) " 4 +.el .IP "``alg_id_param'' (\fB\s-1OSSL_CIPHER_PARAM_ALG_ID\s0\fR) " 4 +.IX Item "alg_id_param (OSSL_CIPHER_PARAM_ALG_ID) " +Used to pass the \s-1DER\s0 encoded AlgorithmIdentifier parameter to or from +the cipher implementation. Functions like \fIEVP_CIPHER_param_to_asn1\fR\|(3) +and \fIEVP_CIPHER_asn1_to_param\fR\|(3) use this parameter for any implementation +that has the flag \fB\s-1EVP_CIPH_FLAG_CUSTOM_ASN1\s0\fR set. +.ie n .IP """rounds"" (\fB\s-1OSSL_CIPHER_PARAM_ROUNDS\s0\fR) " 4 +.el .IP "``rounds'' (\fB\s-1OSSL_CIPHER_PARAM_ROUNDS\s0\fR) " 4 +.IX Item "rounds (OSSL_CIPHER_PARAM_ROUNDS) " +Sets or gets the number of rounds to be used for a cipher. +This is used by the \s-1RC5\s0 cipher. +.ie n .IP """keybits"" (\fB\s-1OSSL_CIPHER_PARAM_RC2_KEYBITS\s0\fR) " 4 +.el .IP "``keybits'' (\fB\s-1OSSL_CIPHER_PARAM_RC2_KEYBITS\s0\fR) " 4 +.IX Item "keybits (OSSL_CIPHER_PARAM_RC2_KEYBITS) " +Gets or sets the effective keybits used for a \s-1RC2\s0 cipher. +The length of the \*(L"keybits\*(R" parameter should not exceed that of a \fBsize_t\fR. +.ie n .IP """speed"" (\fB\s-1OSSL_CIPHER_PARAM_SPEED\s0\fR) " 4 +.el .IP "``speed'' (\fB\s-1OSSL_CIPHER_PARAM_SPEED\s0\fR) " 4 +.IX Item "speed (OSSL_CIPHER_PARAM_SPEED) " +Sets the speed option for the associated cipher ctx. This is only supported +by \s-1AES\s0 \s-1SIV\s0 ciphers which disallow multiple operations by default. +Setting \*(L"speed\*(R" to 1 allows another encrypt or decrypt operation to be +performed. This is used for performance testing. +.ie n .IP """tlsivgen"" (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN\s0\fR) " 4 +.el .IP "``tlsivgen'' (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN\s0\fR) " 4 +.IX Item "tlsivgen (OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN) " +Gets the invocation field generated for encryption. +Can only be called after \*(L"tlsivfixed\*(R" is set. +This is only used for \s-1GCM\s0 mode. +.ie n .IP """tlsivinv"" (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV\s0\fR) " 4 +.el .IP "``tlsivinv'' (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV\s0\fR) " 4 +.IX Item "tlsivinv (OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV) " +Sets the invocation field used for decryption. +Can only be called after \*(L"tlsivfixed\*(R" is set. +This is only used for \s-1GCM\s0 mode. +.ie n .IP """tls1multi_enc"" (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC\s0\fR) " 4 +.el .IP "``tls1multi_enc'' (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC\s0\fR) " 4 +.IX Item "tls1multi_enc (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC) " +Triggers a multiblock tls1 encrypt operation for a tls1 aware cipher that supports +sending 4 or 8 records in one go. +The cipher performs both the \s-1MAC\s0 and encrypt stages and constructs the record +headers itself. +\&\*(L"tls1multi_enc\*(R" supplies the output buffer for the encrypt operation, +\&\*(L"tls1multi_encin\*(R" & \*(L"tls1multi_interleave\*(R" must also be set in order to supply +values to the encrypt operation. +.ie n .IP """tls1multi_enclen"" (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN\s0\fR) " 4 +.el .IP "``tls1multi_enclen'' (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN\s0\fR) " 4 +.IX Item "tls1multi_enclen (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN) " +Get the total length of the record returned from the \*(L"tls1multi_enc\*(R" operation. +.ie n .IP """tls1multi_interleave"" (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE\s0\fR) " 4 +.el .IP "``tls1multi_interleave'' (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE\s0\fR) " 4 +.IX Item "tls1multi_interleave (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE) " +Sets or gets the number of records being sent in one go for a tls1 multiblock +cipher operation (either 4 or 8 records). +.ie n .IP """tls1multi_encin"" (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN\s0\fR) " 4 +.el .IP "``tls1multi_encin'' (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN\s0\fR) " 4 +.IX Item "tls1multi_encin (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN) " +Supplies the data to encrypt for a tls1 multiblock cipher operation. +.ie n .IP """tls1multi_maxsndfrag"" (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT\s0\fR) " 4 +.el .IP "``tls1multi_maxsndfrag'' (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT\s0\fR) " 4 +.IX Item "tls1multi_maxsndfrag (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT) " +Sets the maximum send fragment size for a tls1 multiblock cipher operation. +It must be set before using \*(L"tls1multi_maxbufsz\*(R". +The length of the \*(L"tls1multi_maxsndfrag\*(R" parameter should not exceed that of a \fBsize_t\fR. +.ie n .IP """tls1multi_maxbufsz"" (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE\s0\fR) " 4 +.el .IP "``tls1multi_maxbufsz'' (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE\s0\fR) " 4 +.IX Item "tls1multi_maxbufsz (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE) " +Gets the maximum record length for a tls1 multiblock cipher operation. +The length of the \*(L"tls1multi_maxbufsz\*(R" parameter should not exceed that of a \fBsize_t\fR. +.ie n .IP """tls1multi_aad"" (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD\s0\fR) " 4 +.el .IP "``tls1multi_aad'' (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD\s0\fR) " 4 +.IX Item "tls1multi_aad (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD) " +Sets the authenticated additional data used by a tls1 multiblock cipher operation. +The supplied data consists of 13 bytes of record data containing: +Bytes 0\-7: The sequence number of the first record +Byte 8: The record type +Byte 9\-10: The protocol version +Byte 11\-12: Input length (Always 0) +.Sp +\&\*(L"tls1multi_interleave\*(R" must also be set for this operation. +.ie n .IP """tls1multi_aadpacklen"" (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN\s0\fR) " 4 +.el .IP "``tls1multi_aadpacklen'' (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN\s0\fR) " 4 +.IX Item "tls1multi_aadpacklen (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN) " +Gets the result of running the \*(L"tls1multi_aad\*(R" operation. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOP_cipher_newctx()\fR and \fIOP_cipher_dupctx()\fR should return the newly created +provider side cipher context, or \s-1NULL\s0 on failure. +.PP +\&\fIOP_cipher_encrypt_init()\fR, \fIOP_cipher_decrypt_init()\fR, \fIOP_cipher_update()\fR, +\&\fIOP_cipher_final()\fR, \fIOP_cipher_cipher()\fR, \fIOP_cipher_get_params()\fR, +\&\fIOP_cipher_get_ctx_params()\fR and \fIOP_cipher_set_ctx_params()\fR should return 1 for +success or 0 on error. +.PP +\&\fIOP_cipher_gettable_params()\fR, \fIOP_cipher_gettable_ctx_params()\fR and +\&\fIOP_cipher_settable_ctx_params()\fR should return a constant \fB\s-1OSSL_PARAM\s0\fR +array, or \s-1NULL\s0 if none is offered. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIprovider\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The provider \s-1CIPHER\s0 interface was introduced in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man7/provider-digest.7 b/linux_amd64/share/man/man7/provider-digest.7 new file mode 100755 index 0000000..c001bcf --- /dev/null +++ b/linux_amd64/share/man/man7/provider-digest.7 @@ -0,0 +1,406 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PROVIDER-DIGEST 7" +.TH PROVIDER-DIGEST 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +provider\-digest \- The digest library <\-> provider functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& #include +\& #include +\& +\& /* +\& * Digests support the following function signatures in OSSL_DISPATCH arrays. +\& * (The function signatures are not actual functions). +\& */ +\& +\& /* Context management */ +\& void *OP_digest_newctx(void *provctx); +\& void OP_digest_freectx(void *dctx); +\& void *OP_digest_dupctx(void *dctx); +\& +\& /* Digest generation */ +\& int OP_digest_init(void *dctx); +\& int OP_digest_update(void *dctx, const unsigned char *in, size_t inl); +\& int OP_digest_final(void *dctx, unsigned char *out, size_t *outl, +\& size_t outsz); +\& int OP_digest_digest(void *provctx, const unsigned char *in, size_t inl, +\& unsigned char *out, size_t *outl, size_t outsz); +\& +\& /* Digest parameter descriptors */ +\& const OSSL_PARAM *OP_digest_gettable_params(void); +\& +\& /* Digest operation parameter descriptors */ +\& const OSSL_PARAM *OP_digest_gettable_ctx_params(void); +\& const OSSL_PARAM *OP_digest_settable_ctx_params(void); +\& +\& /* Digest parameters */ +\& int OP_digest_get_params(OSSL_PARAM params[]); +\& +\& /* Digest operation parameters */ +\& int OP_digest_set_ctx_params(void *dctx, const OSSL_PARAM params[]); +\& int OP_digest_get_ctx_params(void *dctx, OSSL_PARAM params[]); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This documentation is primarily aimed at provider authors. See \fIprovider\fR\|(7) +for further information. +.PP +The \s-1DIGEST\s0 operation enables providers to implement digest algorithms and make +them available to applications via the \s-1API\s0 functions \fIEVP_DigestInit_ex\fR\|(3), +\&\fIEVP_DigestUpdate\fR\|(3) and \fIEVP_DigestFinal\fR\|(3) (and other related functions). +.PP +All \*(L"functions\*(R" mentioned here are passed as function pointers between +\&\fIlibcrypto\fR and the provider in \fB\s-1OSSL_DISPATCH\s0\fR arrays via +\&\fB\s-1OSSL_ALGORITHM\s0\fR arrays that are returned by the provider's +\&\fIprovider_query_operation()\fR function +(see \*(L"Provider Functions\*(R" in \fIprovider\-base\fR\|(7)). +.PP +All these \*(L"functions\*(R" have a corresponding function type definition +named \fBOSSL_{name}_fn\fR, and a helper function to retrieve the +function pointer from an \fB\s-1OSSL_DISPATCH\s0\fR element named +\&\fBOSSL_get_{name}\fR. +For example, the \*(L"function\*(R" \fIOP_digest_newctx()\fR has these: +.PP +.Vb 3 +\& typedef void *(OSSL_OP_digest_newctx_fn)(void *provctx); +\& static ossl_inline OSSL_OP_digest_newctx_fn +\& OSSL_get_OP_digest_newctx(const OSSL_DISPATCH *opf); +.Ve +.PP +\&\fB\s-1OSSL_DISPATCH\s0\fR arrays are indexed by numbers that are provided as +macros in \fIopenssl\-core_numbers.h\fR\|(7), as follows: +.PP +.Vb 3 +\& OP_digest_newctx OSSL_FUNC_DIGEST_NEWCTX +\& OP_digest_freectx OSSL_FUNC_DIGEST_FREECTX +\& OP_digest_dupctx OSSL_FUNC_DIGEST_DUPCTX +\& +\& OP_digest_init OSSL_FUNC_DIGEST_INIT +\& OP_digest_update OSSL_FUNC_DIGEST_UPDATE +\& OP_digest_final OSSL_FUNC_DIGEST_FINAL +\& OP_digest_digest OSSL_FUNC_DIGEST_DIGEST +\& +\& OP_digest_get_params OSSL_FUNC_DIGEST_GET_PARAMS +\& OP_digest_get_ctx_params OSSL_FUNC_DIGEST_GET_CTX_PARAMS +\& OP_digest_set_ctx_params OSSL_FUNC_DIGEST_SET_CTX_PARAMS +\& +\& OP_digest_gettable_params OSSL_FUNC_DIGEST_GETTABLE_PARAMS +\& OP_digest_gettable_ctx_params OSSL_FUNC_DIGEST_GETTABLE_CTX_PARAMS +\& OP_digest_settable_ctx_params OSSL_FUNC_DIGEST_SETTABLE_CTX_PARAMS +.Ve +.PP +A digest algorithm implementation may not implement all of these functions. +In order to be usable all or none of OP_digest_newctx, OP_digest_freectx, +OP_digest_init, OP_digest_update and OP_digest_final should be implemented. +All other functions are optional. +.SS "Context Management Functions" +.IX Subsection "Context Management Functions" +\&\fIOP_digest_newctx()\fR should create and return a pointer to a provider side +structure for holding context information during a digest operation. +A pointer to this context will be passed back in a number of the other digest +operation function calls. +The parameter \fIprovctx\fR is the provider context generated during provider +initialisation (see \fIprovider\fR\|(7)). +.PP +\&\fIOP_digest_freectx()\fR is passed a pointer to the provider side digest context in +the \fIdctx\fR parameter. +This function should free any resources associated with that context. +.PP +\&\fIOP_digest_dupctx()\fR should duplicate the provider side digest context in the +\&\fIdctx\fR parameter and return the duplicate copy. +.SS "Digest Generation Functions" +.IX Subsection "Digest Generation Functions" +\&\fIOP_digest_init()\fR initialises a digest operation given a newly created +provider side digest context in the \fIdctx\fR parameter. +.PP +\&\fIOP_digest_update()\fR is called to supply data to be digested as part of a +previously initialised digest operation. +The \fIdctx\fR parameter contains a pointer to a previously initialised provider +side context. +\&\fIOP_digest_update()\fR should digest \fIinl\fR bytes of data at the location pointed to +by \fIin\fR. +\&\fIOP_digest_update()\fR may be called multiple times for a single digest operation. +.PP +\&\fIOP_digest_final()\fR generates a digest started through previous \fIOP_digest_init()\fR +and \fIOP_digest_update()\fR calls. +The \fIdctx\fR parameter contains a pointer to the provider side context. +The digest should be written to \fI*out\fR and the length of the digest to +\&\fI*outl\fR. +The digest should not exceed \fIoutsz\fR bytes. +.PP +\&\fIOP_digest_digest()\fR is a \*(L"oneshot\*(R" digest function. +No provider side digest context is used. +Instead the provider context that was created during provider initialisation is +passed in the \fIprovctx\fR parameter (see \fIprovider\fR\|(7)). +\&\fIinl\fR bytes at \fIin\fR should be digested and the result should be stored at +\&\fIout\fR. The length of the digest should be stored in \fI*outl\fR which should not +exceed \fIoutsz\fR bytes. +.SS "Digest Parameters" +.IX Subsection "Digest Parameters" +See \s-1\fIOSSL_PARAM\s0\fR\|(3) for further details on the parameters structure used by +these functions. +.PP +\&\fIOP_digest_get_params()\fR gets details of the algorithm implementation +and stores them in \fIparams\fR. +.PP +\&\fIOP_digest_set_ctx_params()\fR sets digest operation parameters for the +provider side digest context \fIdctx\fR to \fIparams\fR. +Any parameter settings are additional to any that were previously set. +.PP +\&\fIOP_digest_get_ctx_params()\fR gets digest operation details details from +the given provider side digest context \fIdctx\fR and stores them in \fIparams\fR. +.PP +\&\fIOP_digest_gettable_params()\fR, \fIOP_digest_gettable_ctx_params()\fR, and +\&\fIOP_digest_settable_ctx_params()\fR all return constant \fB\s-1OSSL_PARAM\s0\fR arrays +as descriptors of the parameters that \fIOP_digest_get_params()\fR, +\&\fIOP_digest_get_ctx_params()\fR, and \fIOP_digest_set_ctx_params()\fR can handle, +respectively. +.PP +Parameters currently recognised by built-in digests with this function +are as follows. Not all parameters are relevant to, or are understood +by all digests: +.ie n .IP """blocksize"" (\fB\s-1OSSL_DIGEST_PARAM_BLOCK_SIZE\s0\fR) " 4 +.el .IP "``blocksize'' (\fB\s-1OSSL_DIGEST_PARAM_BLOCK_SIZE\s0\fR) " 4 +.IX Item "blocksize (OSSL_DIGEST_PARAM_BLOCK_SIZE) " +The digest block size. +The length of the \*(L"blocksize\*(R" parameter should not exceed that of a \fBsize_t\fR. +.ie n .IP """size"" (\fB\s-1OSSL_DIGEST_PARAM_SIZE\s0\fR) " 4 +.el .IP "``size'' (\fB\s-1OSSL_DIGEST_PARAM_SIZE\s0\fR) " 4 +.IX Item "size (OSSL_DIGEST_PARAM_SIZE) " +The digest output size. +The length of the \*(L"size\*(R" parameter should not exceed that of a \fBsize_t\fR. +.ie n .IP """flags"" (\fB\s-1OSSL_DIGEST_PARAM_FLAGS\s0\fR) " 4 +.el .IP "``flags'' (\fB\s-1OSSL_DIGEST_PARAM_FLAGS\s0\fR) " 4 +.IX Item "flags (OSSL_DIGEST_PARAM_FLAGS) " +Diverse flags that describe exceptional behaviour for the digest: +.RS 4 +.IP "\fB\s-1EVP_MD_FLAG_ONESHOT\s0\fR" 4 +.IX Item "EVP_MD_FLAG_ONESHOT" +This digest method can only handle one block of input. +.IP "\fB\s-1EVP_MD_FLAG_XOF\s0\fR" 4 +.IX Item "EVP_MD_FLAG_XOF" +This digest method is an extensible-output function (\s-1XOF\s0) and supports +setting the \fB\s-1OSSL_DIGEST_PARAM_XOFLEN\s0\fR parameter. +.IP "\fB\s-1EVP_MD_FLAG_DIGALGID_NULL\s0\fR" 4 +.IX Item "EVP_MD_FLAG_DIGALGID_NULL" +When setting up a DigestAlgorithmIdentifier, this flag will have the +parameter set to \s-1NULL\s0 by default. Use this for PKCS#1. \fINote: if +combined with \s-1EVP_MD_FLAG_DIGALGID_ABSENT\s0, the latter will override.\fR +.IP "\fB\s-1EVP_MD_FLAG_DIGALGID_ABSENT\s0\fR" 4 +.IX Item "EVP_MD_FLAG_DIGALGID_ABSENT" +When setting up a DigestAlgorithmIdentifier, this flag will have the +parameter be left absent by default. \fINote: if combined with +\&\s-1EVP_MD_FLAG_DIGALGID_NULL\s0, the latter will be overridden.\fR +.IP "\fB\s-1EVP_MD_FLAG_DIGALGID_CUSTOM\s0\fR" 4 +.IX Item "EVP_MD_FLAG_DIGALGID_CUSTOM" +Custom DigestAlgorithmIdentifier handling via ctrl, with +\&\fB\s-1EVP_MD_FLAG_DIGALGID_ABSENT\s0\fR as default. \fINote: if combined with +\&\s-1EVP_MD_FLAG_DIGALGID_NULL\s0, the latter will be overridden.\fR +Currently unused. +.RE +.RS 4 +.Sp +The length of the \*(L"flags\*(R" parameter should equal that of an +\&\fBunsigned long int\fR. +.RE +.SS "Digest Context Parameters" +.IX Subsection "Digest Context Parameters" +\&\fIOP_digest_set_ctx_params()\fR sets digest parameters associated with the +given provider side digest context \fIdctx\fR to \fIparams\fR. +Any parameter settings are additional to any that were previously set. +See \s-1\fIOSSL_PARAM\s0\fR\|(3) for further details on the parameters structure. +.PP +\&\fIOP_digest_get_ctx_params()\fR gets details of currently set parameters +values associated with the give provider side digest context \fIdctx\fR +and stores them in \fIparams\fR. +See \s-1\fIOSSL_PARAM\s0\fR\|(3) for further details on the parameters structure. +.PP +Parameters currently recognised by built-in digests are as follows. Not all +parameters are relevant to, or are understood by all digests: +.ie n .IP """xoflen"" (\fB\s-1OSSL_DIGEST_PARAM_XOFLEN\s0\fR) " 4 +.el .IP "``xoflen'' (\fB\s-1OSSL_DIGEST_PARAM_XOFLEN\s0\fR) " 4 +.IX Item "xoflen (OSSL_DIGEST_PARAM_XOFLEN) " +Sets the digest length for extendable output functions. +The length of the \*(L"xoflen\*(R" parameter should not exceed that of a \fBsize_t\fR. +.ie n .IP """ssl3\-ms"" (\fB\s-1OSSL_DIGEST_PARAM_SSL3_MS\s0\fR) " 4 +.el .IP "``ssl3\-ms'' (\fB\s-1OSSL_DIGEST_PARAM_SSL3_MS\s0\fR) " 4 +.IX Item "ssl3-ms (OSSL_DIGEST_PARAM_SSL3_MS) " +This parameter is set by libssl in order to calculate a signature hash for an +SSLv3 CertificateVerify message as per \s-1RFC6101\s0. +It is only set after all handshake messages have already been digested via +\&\fIOP_digest_update()\fR calls. +The parameter provides the master secret value to be added to the digest. +The digest implementation should calculate the complete digest as per \s-1RFC6101\s0 +section 5.6.8. +The next call after setting this parameter will be \fIOP_digest_final()\fR. +This is only relevant for implementations of \s-1SHA1\s0 or \s-1MD5_SHA1\s0. +.ie n .IP """pad_type"" (\fB\s-1OSSL_DIGEST_PARAM_PAD_TYPE\s0\fR) " 4 +.el .IP "``pad_type'' (\fB\s-1OSSL_DIGEST_PARAM_PAD_TYPE\s0\fR) " 4 +.IX Item "pad_type (OSSL_DIGEST_PARAM_PAD_TYPE) " +Sets the pad type to be used. +The only built-in digest that uses this is \s-1MDC2\s0. +Normally the final \s-1MDC2\s0 block is padded with 0s. +If the pad type is set to 2 then the final block is padded with 0x80 followed by +0s. +.ie n .IP """micalg"" (\fB\s-1OSSL_DIGEST_PARAM_MICALG\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``micalg'' (\fB\s-1OSSL_DIGEST_PARAM_MICALG\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "micalg (OSSL_DIGEST_PARAM_MICALG) " +Gets the digest Message Integrity Check algorithm string. +This is used when creating S/MIME multipart/signed messages, as specified in +\&\s-1RFC\s0 5751. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOP_digest_newctx()\fR and \fIOP_digest_dupctx()\fR should return the newly created +provider side digest context, or \s-1NULL\s0 on failure. +.PP +\&\fIOP_digest_init()\fR, \fIOP_digest_update()\fR, \fIOP_digest_final()\fR, \fIOP_digest_digest()\fR, +\&\fIOP_digest_set_params()\fR and \fIOP_digest_get_params()\fR should return 1 for success or +0 on error. +.PP +\&\fIOP_digest_size()\fR should return the digest size. +.PP +\&\fIOP_digest_block_size()\fR should return the block size of the underlying digest +algorithm. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIprovider\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The provider \s-1DIGEST\s0 interface was introduced in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man7/provider-keyexch.7 b/linux_amd64/share/man/man7/provider-keyexch.7 new file mode 100755 index 0000000..abf0e55 --- /dev/null +++ b/linux_amd64/share/man/man7/provider-keyexch.7 @@ -0,0 +1,375 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PROVIDER-KEYEXCH 7" +.TH PROVIDER-KEYEXCH 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +provider\-keyexch \- The keyexch library <\-> provider functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& #include +\& #include +\& +\& /* +\& * None of these are actual functions, but are displayed like this for +\& * the function signatures for functions that are offered as function +\& * pointers in OSSL_DISPATCH arrays. +\& */ +\& +\& /* Context management */ +\& void *OP_keyexch_newctx(void *provctx); +\& void OP_keyexch_freectx(void *ctx); +\& void *OP_keyexch_dupctx(void *ctx); +\& +\& /* Shared secret derivation */ +\& int OP_keyexch_init(void *ctx, void *provkey); +\& int OP_keyexch_set_peer(void *ctx, void *provkey); +\& int OP_keyexch_derive(void *ctx, unsigned char *secret, size_t *secretlen, +\& size_t outlen); +\& +\& /* Key Exchange parameters */ +\& int OP_keyexch_set_ctx_params(void *ctx, const OSSL_PARAM params[]); +\& const OSSL_PARAM *OP_keyexch_settable_ctx_params(void); +\& int OP_keyexch_get_ctx_params(void *ctx, OSSL_PARAM params[]); +\& const OSSL_PARAM *OP_keyexch_gettable_ctx_params(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This documentation is primarily aimed at provider authors. See \fIprovider\fR\|(7) +for further information. +.PP +The key exchange (\s-1OSSL_OP_KEYEXCH\s0) operation enables providers to implement key +exchange algorithms and make them available to applications via +\&\fIEVP_PKEY_derive\fR\|(3) and +other related functions). +.PP +All \*(L"functions\*(R" mentioned here are passed as function pointers between +\&\fIlibcrypto\fR and the provider in \fB\s-1OSSL_DISPATCH\s0\fR arrays via +\&\fB\s-1OSSL_ALGORITHM\s0\fR arrays that are returned by the provider's +\&\fIprovider_query_operation()\fR function +(see \*(L"Provider Functions\*(R" in \fIprovider\-base\fR\|(7)). +.PP +All these \*(L"functions\*(R" have a corresponding function type definition +named \fBOSSL_{name}_fn\fR, and a helper function to retrieve the +function pointer from an \fB\s-1OSSL_DISPATCH\s0\fR element named +\&\fBOSSL_get_{name}\fR. +For example, the \*(L"function\*(R" \fIOP_keyexch_newctx()\fR has these: +.PP +.Vb 3 +\& typedef void *(OSSL_OP_keyexch_newctx_fn)(void *provctx); +\& static ossl_inline OSSL_OP_keyexch_newctx_fn +\& OSSL_get_OP_keyexch_newctx(const OSSL_DISPATCH *opf); +.Ve +.PP +\&\fB\s-1OSSL_DISPATCH\s0\fR arrays are indexed by numbers that are provided as +macros in \fIopenssl\-core_numbers.h\fR\|(7), as follows: +.PP +.Vb 3 +\& OP_keyexch_newctx OSSL_FUNC_KEYEXCH_NEWCTX +\& OP_keyexch_freectx OSSL_FUNC_KEYEXCH_FREECTX +\& OP_keyexch_dupctx OSSL_FUNC_KEYEXCH_DUPCTX +\& +\& OP_keyexch_init OSSL_FUNC_KEYEXCH_INIT +\& OP_keyexch_set_peer OSSL_FUNC_KEYEXCH_SET_PEER +\& OP_keyexch_derive OSSL_FUNC_KEYEXCH_DERIVE +\& +\& OP_keyexch_set_ctx_params OSSL_FUNC_KEYEXCH_SET_CTX_PARAMS +\& OP_keyexch_settable_ctx_params OSSL_FUNC_KEYEXCH_SETTABLE_CTX_PARAMS +\& OP_keyexch_get_ctx_params OSSL_FUNC_KEYEXCH_GET_CTX_PARAMS +\& OP_keyexch_gettable_ctx_params OSSL_FUNC_KEYEXCH_GETTABLE_CTX_PARAMS +.Ve +.PP +A key exchange algorithm implementation may not implement all of these functions. +In order to be a consistent set of functions a provider must implement +OP_keyexch_newctx, OP_keyexch_freectx, OP_keyexch_init and OP_keyexch_derive. +All other functions are optional. +.PP +A key exchange algorithm must also implement some mechanism for generating, +loading or importing keys via the key management (\s-1OSSL_OP_KEYMGMT\s0) operation. +See \fIprovider\-keymgmt\fR\|(7) for further details. +.SS "Context Management Functions" +.IX Subsection "Context Management Functions" +\&\fIOP_keyexch_newctx()\fR should create and return a pointer to a provider side +structure for holding context information during a key exchange operation. +A pointer to this context will be passed back in a number of the other key +exchange operation function calls. +The parameter \fIprovctx\fR is the provider context generated during provider +initialisation (see \fIprovider\fR\|(7)). +.PP +\&\fIOP_keyexch_freectx()\fR is passed a pointer to the provider side key exchange +context in the \fIctx\fR parameter. +This function should free any resources associated with that context. +.PP +\&\fIOP_keyexch_dupctx()\fR should duplicate the provider side key exchange context in +the \fIctx\fR parameter and return the duplicate copy. +.SS "Shared Secret Derivation Functions" +.IX Subsection "Shared Secret Derivation Functions" +\&\fIOP_keyexch_init()\fR initialises a key exchange operation given a provider side key +exchange context in the \fIctx\fR parameter, and a pointer to a provider key object +in the \fIprovkey\fR parameter. The key object should have been previously +generated, loaded or imported into the provider using the key management +(\s-1OSSL_OP_KEYMGMT\s0) operation (see \fIprovider\-keymgmt\fR\|(7)>. +.PP +\&\fIOP_keyexch_set_peer()\fR is called to supply the peer's public key (in the +\&\fIprovkey\fR parameter) to be used when deriving the shared secret. +It is also passed a previously initialised key exchange context in the \fIctx\fR +parameter. +The key object should have been previously generated, loaded or imported into +the provider using the key management (\s-1OSSL_OP_KEYMGMT\s0) operation (see +\&\fIprovider\-keymgmt\fR\|(7)>. +.PP +\&\fIOP_keyexch_derive()\fR performs the actual key exchange itself by deriving a shared +secret. +A previously initialised key exchange context is passed in the \fIctx\fR +parameter. +The derived secret should be written to the location \fIsecret\fR which should not +exceed \fIoutlen\fR bytes. +The length of the shared secret should be written to \fI*secretlen\fR. +If \fIsecret\fR is \s-1NULL\s0 then the maximum length of the shared secret should be +written to \fI*secretlen\fR. +.SS "Key Exchange Parameters Functions" +.IX Subsection "Key Exchange Parameters Functions" +\&\fIOP_keyexch_set_ctx_params()\fR sets key exchange parameters associated with the +given provider side key exchange context \fIctx\fR to \fIparams\fR, +see \*(L"Key Exchange Parameters\*(R". +Any parameter settings are additional to any that were previously set. +.PP +\&\fIOP_keyexch_get_ctx_params()\fR gets key exchange parameters associated with the +given provider side key exchange context \fIctx\fR into \fIparams\fR, +see \*(L"Key Exchange Parameters\*(R". +.PP +\&\fIOP_keyexch_settable_ctx_params()\fR yields a constant \fB\s-1OSSL_PARAM\s0\fR array that +describes the settable parameters, i.e. parameters that can be used with +\&\fIOP_signature_set_ctx_params()\fR. +If \fIOP_keyexch_settable_ctx_params()\fR is present, \fIOP_keyexch_set_ctx_params()\fR must +also be present, and vice versa. +Similarly, \fIOP_keyexch_gettable_ctx_params()\fR yields a constant \fB\s-1OSSL_PARAM\s0\fR +array that describes the gettable parameters, i.e. parameters that can be +handled by \fIOP_signature_get_ctx_params()\fR. +If \fIOP_keyexch_gettable_ctx_params()\fR is present, \fIOP_keyexch_get_ctx_params()\fR must +also be present, and vice versa. +See \s-1\fIOSSL_PARAM\s0\fR\|(3) for the use of \fB\s-1OSSL_PARAM\s0\fR as parameter descriptor. +.PP +Notice that not all settable parameters are also gettable, and vice versa. +.SS "Key Exchange Parameters" +.IX Subsection "Key Exchange Parameters" +See \s-1\fIOSSL_PARAM\s0\fR\|(3) for further details on the parameters structure used by +the \fIOP_keyexch_set_ctx_params()\fR and \fIOP_keyexch_get_ctx_params()\fR functions. +.PP +Parameters currently recognised by built-in key exchange algorithms are as +follows. +Not all parameters are relevant to, or are understood by all key exchange +algorithms: +.ie n .IP """pad"" (\fB\s-1OSSL_EXCHANGE_PARAM_PAD\s0\fR) " 4 +.el .IP "``pad'' (\fB\s-1OSSL_EXCHANGE_PARAM_PAD\s0\fR) " 4 +.IX Item "pad (OSSL_EXCHANGE_PARAM_PAD) " +Sets the padding mode for the associated key exchange ctx. +Setting a value of 1 will turn padding on. +Setting a vlue of 0 will turn padding off. +If padding is off then the derived shared secret may be smaller than the largest +possible secret size. +If padding is on then the derived shared secret will have its first bytes filled +with 0s where necessary to make the shared secret the same size as the largest +possible secret size. +.ie n .IP """ecdh-cofactor-mode"" (\fB\s-1OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE\s0\fR) " 4 +.el .IP "``ecdh-cofactor-mode'' (\fB\s-1OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE\s0\fR) " 4 +.IX Item "ecdh-cofactor-mode (OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE) " +Sets/gets the \s-1ECDH\s0 mode of operation for the associated key exchange ctx. +.Sp +In the context of an Elliptic Curve Diffie-Hellman key exchange, this parameter +can be used to select between the plain Diffie-Hellman (\s-1DH\s0) or Cofactor +Diffie-Hellman (\s-1CDH\s0) variants of the key exchange algorithm. +.Sp +When setting, the value should be 1, 0 or \-1, respectively forcing cofactor mode +on, off, or resetting it to the default for the private key associated with the +given key exchange ctx. +.Sp +When getting, the value should be either 1 or 0, respectively signaling if the +cofactor mode is on or off. +.Sp +See also \fIprovider\-keymgmt\fR\|(7) for the related +\&\fB\s-1OSSL_PKEY_PARAM_USE_COFACTOR_ECDH\s0\fR parameter that can be set on a +per-key basis. +.ie n .IP """kdf-type"" (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_TYPE\s0\fR) " 4 +.el .IP "``kdf-type'' (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_TYPE\s0\fR) " 4 +.IX Item "kdf-type (OSSL_EXCHANGE_PARAM_KDF_TYPE) " +Sets/gets the Key Derivation Function type to apply within the associated key +exchange ctx. +.ie n .IP """kdf-digest"" (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_DIGEST\s0\fR) " 4 +.el .IP "``kdf-digest'' (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_DIGEST\s0\fR) " 4 +.IX Item "kdf-digest (OSSL_EXCHANGE_PARAM_KDF_DIGEST) " +Sets/gets the Digest algorithm to be used as part of the Key Derivation Function +associated with the given key exchange ctx. +.ie n .IP """kdf-digest-props"" (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS\s0\fR) " 4 +.el .IP "``kdf-digest-props'' (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS\s0\fR) " 4 +.IX Item "kdf-digest-props (OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS) " +Sets properties to be used upon look up of the implementation for the selected +Digest algorithm for the Key Derivation Function associated with the given key +exchange ctx. +.ie n .IP """kdf-outlen"" (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_OUTLEN\s0\fR) " 4 +.el .IP "``kdf-outlen'' (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_OUTLEN\s0\fR) " 4 +.IX Item "kdf-outlen (OSSL_EXCHANGE_PARAM_KDF_OUTLEN) " +Sets/gets the desired size for the output of the chosen Key Derivation Function +associated with the given key exchange ctx. +.ie n .IP """kdf-ukm"" (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_UKM\s0\fR) " 4 +.el .IP "``kdf-ukm'' (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_UKM\s0\fR) " 4 +.IX Item "kdf-ukm (OSSL_EXCHANGE_PARAM_KDF_UKM) " +Sets/gets User Key Material to be used as part of the selected Key Derivation +Function associated with the given key exchange ctx. +.ie n .IP """kdf-ukm-len"" (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_UKM_LEN\s0\fR) " 4 +.el .IP "``kdf-ukm-len'' (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_UKM_LEN\s0\fR) " 4 +.IX Item "kdf-ukm-len (OSSL_EXCHANGE_PARAM_KDF_UKM_LEN) " +Sets/gets the size of the User Key Material to be used as part of the selected +Key Derivation Function associated with the given key exchange ctx. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOP_keyexch_newctx()\fR and \fIOP_keyexch_dupctx()\fR should return the newly created +provider side key exchange context, or \s-1NULL\s0 on failure. +.PP +\&\fIOP_keyexch_init()\fR, \fIOP_keyexch_set_peer()\fR, \fIOP_keyexch_derive()\fR, +\&\fIOP_keyexch_set_params()\fR, and \fIOP_keyexch_get_params()\fR should return 1 for success +or 0 on error. +.PP +\&\fIOP_keyexch_settable_ctx_params()\fR and \fIOP_keyexch_gettable_ctx_params()\fR should +always return a constant \fB\s-1OSSL_PARAM\s0\fR array. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIprovider\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The provider \s-1KEYEXCH\s0 interface was introduced in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man7/provider-keymgmt.7 b/linux_amd64/share/man/man7/provider-keymgmt.7 new file mode 100755 index 0000000..5c3e3b8 --- /dev/null +++ b/linux_amd64/share/man/man7/provider-keymgmt.7 @@ -0,0 +1,517 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PROVIDER-KEYMGMT 7" +.TH PROVIDER-KEYMGMT 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +provider\-keymgmt \- The KEYMGMT library <\-> provider functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& /* +\& * None of these are actual functions, but are displayed like this for +\& * the function signatures for functions that are offered as function +\& * pointers in OSSL_DISPATCH arrays. +\& */ +\& +\& /* Key object (keydata) creation and destruction */ +\& void *OP_keymgmt_new(void *provctx); +\& void OP_keymgmt_free(void *keydata); +\& +\& /* Key object information */ +\& int OP_keymgmt_get_params(void *keydata, OSSL_PARAM params[]); +\& const OSSL_PARAM *OP_keymgmt_gettable_params(void); +\& int OP_keymgmt_set_params(void *keydata, const OSSL_PARAM params[]); +\& const OSSL_PARAM *OP_keymgmt_settable_params(void); +\& +\& /* Key object content checks */ +\& int OP_keymgmt_has(void *keydata, int selection); +\& int OP_keymgmt_match(const void *keydata1, const void *keydata2, +\& int selection); +\& +\& /* Discovery of supported operations */ +\& const char *OP_keymgmt_query_operation_name(int operation_id); +\& +\& /* Key object import and export functions */ +\& int OP_keymgmt_import(int selection, void *keydata, const OSSL_PARAM params[]); +\& const OSSL_PARAM *OP_keymgmt_import_types(int selection); +\& int OP_keymgmt_export(int selection, void *keydata, +\& OSSL_CALLBACK *param_cb, void *cbarg); +\& const OSSL_PARAM *OP_keymgmt_export_types(int selection); +\& +\& /* Key object copy */ +\& int OP_keymgmt_copy(void *keydata_to, const void *keydata_from, int selection); +\& +\& /* Key object validation */ +\& int OP_keymgmt_validate(void *keydata, int selection); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1KEYMGMT\s0 operation doesn't have much public visibility in OpenSSL +libraries, it's rather an internal operation that's designed to work +in tandem with operations that use private/public key pairs. +.PP +Because the \s-1KEYMGMT\s0 operation shares knowledge with the operations it +works with in tandem, they must belong to the same provider. +The OpenSSL libraries will ensure that they do. +.PP +The primary responsibility of the \s-1KEYMGMT\s0 operation is to hold the +provider side key data for the OpenSSL library \s-1EVP_PKEY\s0 structure. +.PP +All \*(L"functions\*(R" mentioned here are passed as function pointers between +\&\fIlibcrypto\fR and the provider in \fB\s-1OSSL_DISPATCH\s0\fR arrays via +\&\fB\s-1OSSL_ALGORITHM\s0\fR arrays that are returned by the provider's +\&\fIprovider_query_operation()\fR function +(see \*(L"Provider Functions\*(R" in \fIprovider\-base\fR\|(7)). +.PP +All these \*(L"functions\*(R" have a corresponding function type definition +named \fBOSSL_{name}_fn\fR, and a helper function to retrieve the +function pointer from a \fB\s-1OSSL_DISPATCH\s0\fR element named +\&\fBOSSL_get_{name}\fR. +For example, the \*(L"function\*(R" \fIOP_keymgmt_new()\fR has these: +.PP +.Vb 3 +\& typedef void *(OSSL_OP_keymgmt_new_fn)(void *provctx); +\& static ossl_inline OSSL_OP_keymgmt_new_fn +\& OSSL_get_OP_keymgmt_new(const OSSL_DISPATCH *opf); +.Ve +.PP +\&\fB\s-1OSSL_DISPATCH\s0\fR arrays are indexed by numbers that are provided as +macros in \fIopenssl\-core_numbers.h\fR\|(7), as follows: +.PP +.Vb 2 +\& OP_keymgmt_new OSSL_FUNC_KEYMGMT_NEW +\& OP_keymgmt_free OSSL_FUNC_KEYMGMT_FREE +\& +\& OP_keymgmt_get_params OSSL_FUNC_KEYMGMT_GET_PARAMS +\& OP_keymgmt_gettable_params OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS +\& OP_keymgmt_set_params OSSL_FUNC_KEYMGMT_SET_PARAMS +\& OP_keymgmt_settable_params OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS +\& +\& OP_keymgmt_query_operation_name OSSL_FUNC_KEYMGMT_QUERY_OPERATION_NAME +\& +\& OP_keymgmt_has OSSL_FUNC_KEYMGMT_HAS +\& OP_keymgmt_validate OSSL_FUNC_KEYMGMT_VALIDATE +\& OP_keymgmt_match OSSL_FUNC_KEYMGMT_MATCH +\& +\& OP_keymgmt_import OSSL_FUNC_KEYMGMT_IMPORT +\& OP_keymgmt_import_types OSSL_FUNC_KEYMGMT_IMPORT_TYPES +\& OP_keymgmt_export OSSL_FUNC_KEYMGMT_EXPORT +\& OP_keymgmt_export_types OSSL_FUNC_KEYMGMT_EXPORT_TYPES +\& +\& OP_keymgmt_copy OSSL_FUNC_KEYMGMT_COPY +.Ve +.SS "Key Objects" +.IX Subsection "Key Objects" +A key object is a collection of data for an asymmetric key, and is +represented as \fIkeydata\fR in this manual. +.PP +The exact contents of a key object are defined by the provider, and it +is assumed that different operations in one and the same provider use +the exact same structure to represent this collection of data, so that +for example, a key object that has been created using the \s-1KEYMGMT\s0 +interface that we document here can be passed as is to other provider +operations, such as \fIOP_signature_sign_init()\fR (see +\&\fIprovider\-signature\fR\|(7)). +.PP +With some of the \s-1KEYMGMT\s0 functions, it's possible to select a specific +subset of data to handle, governed by the bits in a \fIselection\fR +indicator. The bits are: +.IP "\fB\s-1OSSL_KEYMGMT_SELECT_PRIVATE_KEY\s0\fR" 4 +.IX Item "OSSL_KEYMGMT_SELECT_PRIVATE_KEY" +Indicating that the private key data in a key object should be +considered. +.IP "\fB\s-1OSSL_KEYMGMT_SELECT_PUBLIC_KEY\s0\fR" 4 +.IX Item "OSSL_KEYMGMT_SELECT_PUBLIC_KEY" +Indicating that the public key data in a key object should be +considered. +.IP "\fB\s-1OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS\s0\fR" 4 +.IX Item "OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS" +Indicating that the domain parameters in a key object should be +considered. +.IP "\fB\s-1OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS\s0\fR" 4 +.IX Item "OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS" +Indicating that other parameters in a key object should be +considered. +.Sp +Other parameters are key parameters that don't fit any other +classification. In other words, this particular selector bit works as +a last resort bit bucket selector. +.PP +Some selector bits have also been combined for easier use: +.IP "\fB\s-1OSSL_KEYMGMT_SELECT_ALL_PARAMETERS\s0\fR" 4 +.IX Item "OSSL_KEYMGMT_SELECT_ALL_PARAMETERS" +Indicating that all key object parameters should be considered, +regardless of their more granular classification. +.Sp +This is a combination of \fB\s-1OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS\s0\fR and +\&\fB\s-1OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS\s0\fR. +.IP "\fB\s-1OSSL_KEYMGMT_SELECT_KEYPAIR\s0\fR" 4 +.IX Item "OSSL_KEYMGMT_SELECT_KEYPAIR" +Indicating that both the whole key pair in a key object should be +considered, i.e. the combination of public and private key. +.Sp +This is a combination of \fB\s-1OSSL_KEYMGMT_SELECT_PRIVATE_KEY\s0\fR and +\&\fB\s-1OSSL_KEYMGMT_SELECT_PUBLIC_KEY\s0\fR. +.IP "\fB\s-1OSSL_KEYMGMT_SELECT_ALL\s0\fR" 4 +.IX Item "OSSL_KEYMGMT_SELECT_ALL" +Indicating that everything in a key object should be considered. +.PP +The exact interpretation of those bits or how they combine is left to +each function where you can specify a selector. +.SS "Constructing and Destructing Functions" +.IX Subsection "Constructing and Destructing Functions" +\&\fIOP_keymgmt_new()\fR should create a provider side key object. The +provider context \fIprovctx\fR is passed and may be incorporated in the +key object, but that is not mandatory. +.PP +\&\fIOP_keymgmt_free()\fR should free the passed \fIkeydata\fR. +.PP +The constructor and destructor are mandatory, a \s-1KEYMGMT\s0 implementation +without them will not be accepted. +.SS "Key Object Information Functions" +.IX Subsection "Key Object Information Functions" +\&\fIOP_keymgmt_get_params()\fR should extract information data associated +with the given \fIkeydata\fR, see \*(L"Information Parameters\*(R". +.PP +\&\fIOP_keymgmt_gettable_params()\fR should return a constant array of +descriptor \fB\s-1OSSL_PARAM\s0\fR, for parameters that \fIOP_keymgmt_get_params()\fR +can handle. +.PP +If \fIOP_keymgmt_gettable_params()\fR is present, \fIOP_keymgmt_get_params()\fR +must also be present, and vice versa. +.PP +\&\fIOP_keymgmt_set_params()\fR should update information data associated +with the given \fIkeydata\fR, see \*(L"Information Parameters\*(R". +.PP +\&\fIOP_keymgmt_settable_params()\fR should return a constant array of +descriptor \fB\s-1OSSL_PARAM\s0\fR, for parameters that \fIOP_keymgmt_set_params()\fR +can handle. +.PP +If \fIOP_keymgmt_settable_params()\fR is present, \fIOP_keymgmt_set_params()\fR +must also be present, and vice versa. +.SS "Key Object Checking Functions" +.IX Subsection "Key Object Checking Functions" +\&\fIOP_keymgmt_query_operation_name()\fR should return the name of the +supported algorithm for the operation \fIoperation_id\fR. This is +similar to \fIprovider_query_operation()\fR (see \fIprovider\-base\fR\|(7)), +but only works as an advisory. If this function is not present, or +returns \s-1NULL\s0, the caller is free to assume that there's an algorithm +from the same provider, of the same name as the one used to fetch the +keymgmt and try to use that. +.PP +\&\fIOP_keymgmt_has()\fR should check whether the given \fIkeydata\fR contains the subsets +of data indicated by the \fIselector\fR. A combination of several +selector bits must consider all those subsets, not just one. An +implementation is, however, free to consider an empty subset of data +to still be a valid subset. +.PP +\&\fIOP_keymgmt_validate()\fR should check if the \fIkeydata\fR contains valid +data subsets indicated by \fIselection\fR. Some combined selections of +data subsets may cause validation of the combined data. +For example, the combination of \fB\s-1OSSL_KEYMGMT_SELECT_PRIVATE_KEY\s0\fR and +\&\fB\s-1OSSL_KEYMGMT_SELECT_PUBLIC_KEY\s0\fR (or \fB\s-1OSSL_KEYMGMT_SELECT_KEYPAIR\s0\fR +for short) is expected to check that the pairwise consistency of +\&\fIkeydata\fR is valid. +.PP +\&\fIOP_keymgmt_match()\fR should check if the data subset indicated by +\&\fIselection\fR in \fIkeydata1\fR and \fIkeydata2\fR match. It is assumed that +the caller has ensured that \fIkeydata1\fR and \fIkeydata2\fR are both owned +by the implementation of this function. +.SS "Key Object Import, Export and Copy Functions" +.IX Subsection "Key Object Import, Export and Copy Functions" +\&\fIOP_keymgmt_import()\fR should import data indicated by \fIselection\fR into +\&\fIkeydata\fR with values taken from the \fB\s-1OSSL_PARAM\s0\fR array \fIparams\fR. +.PP +\&\fIOP_keymgmt_export()\fR should extract values indicated by \fIselection\fR +from \fIkeydata\fR, create an \fB\s-1OSSL_PARAM\s0\fR array with them and call +\&\fIparam_cb\fR with that array as well as the given \fIcbarg\fR. +.PP +\&\fIOP_keymgmt_import_types()\fR should return a constant array of descriptor +\&\fB\s-1OSSL_PARAM\s0\fR for data indicated by \fIselection\fR, for parameters that +\&\fIOP_keymgmt_import()\fR can handle. +.PP +\&\fIOP_keymgmt_export_types()\fR should return a constant array of descriptor +\&\fB\s-1OSSL_PARAM\s0\fR for data indicated by \fIselection\fR, that the +\&\fIOP_keymgmt_export()\fR callback can expect to receive. +.PP +\&\fIOP_keymgmt_copy()\fR should copy data subsets indicated by \fIselection\fR +from \fIkeydata_from\fR to \fIkeydata_to\fR. It is assumed that the caller +has ensured that \fIkeydata_to\fR and \fIkeydata_from\fR are both owned by +the implementation of this function. +.SS "Built-in \s-1RSA\s0 Import/Export Types" +.IX Subsection "Built-in RSA Import/Export Types" +The following Import/Export types are available for the built-in \s-1RSA\s0 algorithm: +.ie n .IP """n"" (\fB\s-1OSSL_PKEY_PARAM_RSA_N\s0\fR) " 4 +.el .IP "``n'' (\fB\s-1OSSL_PKEY_PARAM_RSA_N\s0\fR) " 4 +.IX Item "n (OSSL_PKEY_PARAM_RSA_N) " +The \s-1RSA\s0 \*(L"n\*(R" value. +.ie n .IP """e"" (\fB\s-1OSSL_PKEY_PARAM_RSA_E\s0\fR) " 4 +.el .IP "``e'' (\fB\s-1OSSL_PKEY_PARAM_RSA_E\s0\fR) " 4 +.IX Item "e (OSSL_PKEY_PARAM_RSA_E) " +The \s-1RSA\s0 \*(L"e\*(R" value. +.ie n .IP """d"" (\fB\s-1OSSL_PKEY_PARAM_RSA_D\s0\fR) " 4 +.el .IP "``d'' (\fB\s-1OSSL_PKEY_PARAM_RSA_D\s0\fR) " 4 +.IX Item "d (OSSL_PKEY_PARAM_RSA_D) " +The \s-1RSA\s0 \*(L"d\*(R" value. +.ie n .IP """rsa-factor"" (\fB\s-1OSSL_PKEY_PARAM_RSA_FACTOR\s0\fR) " 4 +.el .IP "``rsa-factor'' (\fB\s-1OSSL_PKEY_PARAM_RSA_FACTOR\s0\fR) " 4 +.IX Item "rsa-factor (OSSL_PKEY_PARAM_RSA_FACTOR) " +An \s-1RSA\s0 factor. In 2 prime \s-1RSA\s0 these are often known as \*(L"p\*(R" or \*(L"q\*(R". This value +may be repeated up to 10 times in a single key. +.ie n .IP """rsa-exponent"" (\fB\s-1OSSL_PKEY_PARAM_RSA_EXPONENT\s0\fR) " 4 +.el .IP "``rsa-exponent'' (\fB\s-1OSSL_PKEY_PARAM_RSA_EXPONENT\s0\fR) " 4 +.IX Item "rsa-exponent (OSSL_PKEY_PARAM_RSA_EXPONENT) " +An \s-1RSA\s0 \s-1CRT\s0 (Chinese Remainder Theorem) exponent. This value may be repeated up +to 10 times in a single key. +.ie n .IP """rsa-coefficient"" (\fB\s-1OSSL_PKEY_PARAM_RSA_COEFFICIENT\s0\fR) " 4 +.el .IP "``rsa-coefficient'' (\fB\s-1OSSL_PKEY_PARAM_RSA_COEFFICIENT\s0\fR) " 4 +.IX Item "rsa-coefficient (OSSL_PKEY_PARAM_RSA_COEFFICIENT) " +An \s-1RSA\s0 \s-1CRT\s0 (Chinese Remainder Theorem) coefficient. This value may be repeated +up to 9 times in a single key. +.SS "Built-in \s-1DSA\s0 and Diffie-Hellman Import/Export Types" +.IX Subsection "Built-in DSA and Diffie-Hellman Import/Export Types" +The following Import/Export types are available for the built-in \s-1DSA\s0 and +Diffie-Hellman algorithms: +.ie n .IP """pub"" (\fB\s-1OSSL_PKEY_PARAM_PUB_KEY\s0\fR) or " 4 +.el .IP "``pub'' (\fB\s-1OSSL_PKEY_PARAM_PUB_KEY\s0\fR) or " 4 +.IX Item "pub (OSSL_PKEY_PARAM_PUB_KEY) or " +The public key value. +.ie n .IP """priv"" (\fB\s-1OSSL_PKEY_PARAM_PRIV_KEY\s0\fR) or " 4 +.el .IP "``priv'' (\fB\s-1OSSL_PKEY_PARAM_PRIV_KEY\s0\fR) or " 4 +.IX Item "priv (OSSL_PKEY_PARAM_PRIV_KEY) or " +The private key value. +.ie n .IP """p"" (\fB\s-1OSSL_PKEY_PARAM_FFC_P\s0\fR) " 4 +.el .IP "``p'' (\fB\s-1OSSL_PKEY_PARAM_FFC_P\s0\fR) " 4 +.IX Item "p (OSSL_PKEY_PARAM_FFC_P) " +A \s-1DSA\s0 or Diffie-Hellman \*(L"p\*(R" value. +.ie n .IP """q"" (\fB\s-1OSSL_PKEY_PARAM_FFC_Q\s0\fR) " 4 +.el .IP "``q'' (\fB\s-1OSSL_PKEY_PARAM_FFC_Q\s0\fR) " 4 +.IX Item "q (OSSL_PKEY_PARAM_FFC_Q) " +A \s-1DSA\s0 or Diffie-Hellman \*(L"q\*(R" value. +.ie n .IP """g"" (\fB\s-1OSSL_PKEY_PARAM_FFC_G\s0\fR) " 4 +.el .IP "``g'' (\fB\s-1OSSL_PKEY_PARAM_FFC_G\s0\fR) " 4 +.IX Item "g (OSSL_PKEY_PARAM_FFC_G) " +A \s-1DSA\s0 or Diffie-Hellman \*(L"g\*(R" value. +.SS "Built-in X25519, X448, \s-1ED25519\s0 and \s-1ED448\s0 Import/Export Types" +.IX Subsection "Built-in X25519, X448, ED25519 and ED448 Import/Export Types" +The following Import/Export types are available for the built-in X25519, X448, +\&\s-1ED25519\s0 and X448 algorithms: +.ie n .IP """pub"" (\fB\s-1OSSL_PKEY_PARAM_PUB_KEY\s0\fR) " 4 +.el .IP "``pub'' (\fB\s-1OSSL_PKEY_PARAM_PUB_KEY\s0\fR) " 4 +.IX Item "pub (OSSL_PKEY_PARAM_PUB_KEY) " +The public key value. +.ie n .IP """priv"" (\fB\s-1OSSL_PKEY_PARAM_PRIV_KEY\s0\fR) " 4 +.el .IP "``priv'' (\fB\s-1OSSL_PKEY_PARAM_PRIV_KEY\s0\fR) " 4 +.IX Item "priv (OSSL_PKEY_PARAM_PRIV_KEY) " +The private key value. +.SS "Information Parameters" +.IX Subsection "Information Parameters" +See \s-1\fIOSSL_PARAM\s0\fR\|(3) for further details on the parameters structure. +.PP +Parameters currently recognised by built-in keymgmt algorithms +are as follows. +Not all parameters are relevant to, or are understood by all keymgmt +algorithms: +.ie n .IP """bits"" (\fB\s-1OSSL_PKEY_PARAM_BITS\s0\fR) " 4 +.el .IP "``bits'' (\fB\s-1OSSL_PKEY_PARAM_BITS\s0\fR) " 4 +.IX Item "bits (OSSL_PKEY_PARAM_BITS) " +The value should be the cryptographic length of the cryptosystem to +which the key belongs, in bits. The definition of cryptographic +length is specific to the key cryptosystem. +.ie n .IP """max-size"" (\fB\s-1OSSL_PKEY_PARAM_MAX_SIZE\s0\fR) " 4 +.el .IP "``max-size'' (\fB\s-1OSSL_PKEY_PARAM_MAX_SIZE\s0\fR) " 4 +.IX Item "max-size (OSSL_PKEY_PARAM_MAX_SIZE) " +The value should be the maximum size that a caller should allocate to +safely store a signature (called \fIsig\fR in \fIprovider\-signature\fR\|(7)), +the result of asymmmetric encryption / decryption (\fIout\fR in +\&\fIprovider\-asym_cipher\fR\|(7), a derived secret (\fIsecret\fR in +\&\fIprovider\-keyexch\fR\|(7), and similar data). +.Sp +Because an \s-1EVP_KEYMGMT\s0 method is always tightly bound to another method +(signature, asymmetric cipher, key exchange, ...) and must be of the +same provider, this number only needs to be synchronised with the +dimensions handled in the rest of the same provider. +.ie n .IP """security-bits"" (\fB\s-1OSSL_PKEY_PARAM_SECURITY_BITS\s0\fR) " 4 +.el .IP "``security-bits'' (\fB\s-1OSSL_PKEY_PARAM_SECURITY_BITS\s0\fR) " 4 +.IX Item "security-bits (OSSL_PKEY_PARAM_SECURITY_BITS) " +The value should be the number of security bits of the given key. +Bits of security is defined in \s-1SP800\-57\s0. +.ie n .IP """use-cofactor-flag"" (\fB\s-1OSSL_PKEY_PARAM_USE_COFACTOR_FLAG\s0\fR, \fB\s-1OSSL_PKEY_PARAM_USE_COFACTOR_ECDH\s0\fR) " 4 +.el .IP "``use-cofactor-flag'' (\fB\s-1OSSL_PKEY_PARAM_USE_COFACTOR_FLAG\s0\fR, \fB\s-1OSSL_PKEY_PARAM_USE_COFACTOR_ECDH\s0\fR) " 4 +.IX Item "use-cofactor-flag (OSSL_PKEY_PARAM_USE_COFACTOR_FLAG, OSSL_PKEY_PARAM_USE_COFACTOR_ECDH) " +The value should be either 1 or 0, to respectively enable or disable +use of the cofactor in operations using this key. +.Sp +In the context of a key that can be used to perform an Elliptic Curve +Diffie-Hellman key exchange, this parameter can be used to mark a requirement +for using the Cofactor Diffie-Hellman (\s-1CDH\s0) variant of the key exchange +algorithm. +.Sp +See also \fIprovider\-keyexch\fR\|(7) for the related +\&\fB\s-1OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE\s0\fR parameter that can be set on a +per-operation basis. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOP_keymgmt_new()\fR should return a valid reference to the newly created provider +side key object, or \s-1NULL\s0 on failure. +.PP +\&\fIOP_keymgmt_import()\fR, \fIOP_keymgmt_export()\fR, \fIOP_keymgmt_get_params()\fR and +\&\fIOP_keymgmt_set_params()\fR should return 1 for success or 0 on error. +.PP +\&\fIOP_keymgmt_validate()\fR should return 1 on successful validation, or 0 on +failure. +.PP +\&\fIOP_keymgmt_has()\fR should return 1 if all the selected data subsets are contained +in the given \fIkeydata\fR or 0 otherwise. +.PP +\&\fIOP_keymgmt_query_operation_name()\fR should return a pointer to a string matching +the requested operation, or \s-1NULL\s0 if the same name used to fetch the keymgmt +applies. +.PP +\&\fIOP_keymgmt_gettable_params()\fR and \fIOP_keymgmt_settable_params()\fR +\&\fIOP_keymgmt_import_types()\fR, \fIOP_keymgmt_export_types()\fR +should +always return a constant \fB\s-1OSSL_PARAM\s0\fR array. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIprovider\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \s-1KEYMGMT\s0 interface was introduced in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man7/provider-mac.7 b/linux_amd64/share/man/man7/provider-mac.7 new file mode 100755 index 0000000..8d40a61 --- /dev/null +++ b/linux_amd64/share/man/man7/provider-mac.7 @@ -0,0 +1,352 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PROVIDER-MAC 7" +.TH PROVIDER-MAC 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +provider\-mac \- The mac library <\-> provider functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& #include +\& #include +\& +\& /* +\& * None of these are actual functions, but are displayed like this for +\& * the function signatures for functions that are offered as function +\& * pointers in OSSL_DISPATCH arrays. +\& */ +\& +\& /* Context management */ +\& void *OP_mac_newctx(void *provctx); +\& void OP_mac_freectx(void *mctx); +\& void *OP_mac_dupctx(void *src); +\& +\& /* Encryption/decryption */ +\& int OP_mac_init(void *mctx); +\& int OP_mac_update(void *mctx, const unsigned char *in, size_t inl); +\& int OP_mac_final(void *mctx, unsigned char *out, size_t *outl, size_t outsize); +\& +\& /* MAC parameter descriptors */ +\& const OSSL_PARAM *OP_mac_get_params(void); +\& const OSSL_PARAM *OP_mac_get_ctx_params(void); +\& const OSSL_PARAM *OP_mac_set_ctx_params(void); +\& +\& /* MAC parameters */ +\& int OP_mac_get_params(OSSL_PARAM params[]); +\& int OP_mac_get_ctx_params(void *mctx, OSSL_PARAM params[]); +\& int OP_mac_set_ctx_params(void *mctx, const OSSL_PARAM params[]); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This documentation is primarily aimed at provider authors. See \fIprovider\fR\|(7) +for further information. +.PP +The \s-1MAC\s0 operation enables providers to implement mac algorithms and make +them available to applications via the \s-1API\s0 functions \fIEVP_MAC_init\fR\|(3), +\&\fIEVP_MAC_update\fR\|(3) and \fIEVP_MAC_final\fR\|(3). +.PP +All \*(L"functions\*(R" mentioned here are passed as function pointers between +\&\fIlibcrypto\fR and the provider in \fB\s-1OSSL_DISPATCH\s0\fR arrays via +\&\fB\s-1OSSL_ALGORITHM\s0\fR arrays that are returned by the provider's +\&\fIprovider_query_operation()\fR function +(see \*(L"Provider Functions\*(R" in \fIprovider\-base\fR\|(7)). +.PP +All these \*(L"functions\*(R" have a corresponding function type definition +named \fBOSSL_{name}_fn\fR, and a helper function to retrieve the +function pointer from an \fB\s-1OSSL_DISPATCH\s0\fR element named +\&\fBOSSL_get_{name}\fR. +For example, the \*(L"function\*(R" \fIOP_mac_newctx()\fR has these: +.PP +.Vb 3 +\& typedef void *(OSSL_OP_mac_newctx_fn)(void *provctx); +\& static ossl_inline OSSL_OP_mac_newctx_fn +\& OSSL_get_OP_mac_newctx(const OSSL_DISPATCH *opf); +.Ve +.PP +\&\fB\s-1OSSL_DISPATCH\s0\fR arrays are indexed by numbers that are provided as +macros in \fIopenssl\-core_numbers.h\fR\|(7), as follows: +.PP +.Vb 3 +\& OP_mac_newctx OSSL_FUNC_MAC_NEWCTX +\& OP_mac_freectx OSSL_FUNC_MAC_FREECTX +\& OP_mac_dupctx OSSL_FUNC_MAC_DUPCTX +\& +\& OP_mac_init OSSL_FUNC_MAC_INIT +\& OP_mac_update OSSL_FUNC_MAC_UPDATE +\& OP_mac_final OSSL_FUNC_MAC_FINAL +\& +\& OP_mac_get_params OSSL_FUNC_MAC_GET_PARAMS +\& OP_mac_get_ctx_params OSSL_FUNC_MAC_GET_CTX_PARAMS +\& OP_mac_set_ctx_params OSSL_FUNC_MAC_SET_CTX_PARAMS +\& +\& OP_mac_gettable_params OSSL_FUNC_MAC_GETTABLE_PARAMS +\& OP_mac_gettable_ctx_params OSSL_FUNC_MAC_GETTABLE_CTX_PARAMS +\& OP_mac_settable_ctx_params OSSL_FUNC_MAC_SETTABLE_CTX_PARAMS +.Ve +.PP +A mac algorithm implementation may not implement all of these functions. +In order to be a consistent set of functions, at least the following functions +must be implemented: \fIOP_mac_newctx()\fR, \fIOP_mac_freectx()\fR, \fIOP_mac_init()\fR, +\&\fIOP_mac_update()\fR, \fIOP_mac_final()\fR. +All other functions are optional. +.SS "Context Management Functions" +.IX Subsection "Context Management Functions" +\&\fIOP_mac_newctx()\fR should create and return a pointer to a provider side +structure for holding context information during a mac operation. +A pointer to this context will be passed back in a number of the other mac +operation function calls. +The parameter \fIprovctx\fR is the provider context generated during provider +initialisation (see \fIprovider\fR\|(7)). +.PP +\&\fIOP_mac_freectx()\fR is passed a pointer to the provider side mac context in +the \fImctx\fR parameter. +If it receives \s-1NULL\s0 as \fImctx\fR value, it should not do anything other than +return. +This function should free any resources associated with that context. +.PP +\&\fIOP_mac_dupctx()\fR should duplicate the provider side mac context in the +\&\fImctx\fR parameter and return the duplicate copy. +.SS "Encryption/Decryption Functions" +.IX Subsection "Encryption/Decryption Functions" +\&\fIOP_mac_init()\fR initialises a mac operation given a newly created provider +side mac context in the \fImctx\fR parameter. +.PP +\&\fIOP_mac_update()\fR is called to supply data for \s-1MAC\s0 computation of a previously +initialised mac operation. +The \fImctx\fR parameter contains a pointer to a previously initialised provider +side context. +\&\fIOP_mac_update()\fR may be called multiple times for a single mac operation. +.PP +\&\fIOP_mac_final()\fR completes the \s-1MAC\s0 computation started through previous +\&\fIOP_mac_init()\fR and \fIOP_mac_update()\fR calls. +The \fImctx\fR parameter contains a pointer to the provider side context. +The resulting \s-1MAC\s0 should be written to \fIout\fR and the amount of data written +to \fI*outl\fR, which should not exceed \fIoutsize\fR bytes. +The same expectations apply to \fIoutsize\fR as documented for +\&\fIEVP_MAC_final\fR\|(3). +.SS "Mac Parameters" +.IX Subsection "Mac Parameters" +See \s-1\fIOSSL_PARAM\s0\fR\|(3) for further details on the parameters structure used by +these functions. +.PP +\&\fIOP_mac_get_params()\fR gets details of parameter values associated with the +provider algorithm and stores them in \fIparams\fR. +.PP +\&\fIOP_mac_set_ctx_params()\fR sets mac parameters associated with the given +provider side mac context \fImctx\fR to \fIparams\fR. +Any parameter settings are additional to any that were previously set. +.PP +\&\fIOP_mac_get_ctx_params()\fR gets details of currently set parameter values +associated with the given provider side mac context \fImctx\fR and stores them +in \fIparams\fR. +.PP +\&\fIOP_mac_gettable_params()\fR, \fIOP_mac_gettable_ctx_params()\fR, and +\&\fIOP_mac_settable_ctx_params()\fR all return constant \fB\s-1OSSL_PARAM\s0\fR arrays +as descriptors of the parameters that \fIOP_mac_get_params()\fR, +\&\fIOP_mac_get_ctx_params()\fR, and \fIOP_mac_set_ctx_params()\fR can handle, +respectively. +.PP +Parameters currently recognised by built-in macs are as follows. Not all +parameters are relevant to, or are understood by all macs: +.ie n .IP """key"" (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) " 4 +.el .IP "``key'' (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) " 4 +.IX Item "key (OSSL_MAC_PARAM_KEY) " +Sets the key in the associated \s-1MAC\s0 ctx. +.ie n .IP """iv"" (\fB\s-1OSSL_MAC_PARAM_IV\s0\fR) " 4 +.el .IP "``iv'' (\fB\s-1OSSL_MAC_PARAM_IV\s0\fR) " 4 +.IX Item "iv (OSSL_MAC_PARAM_IV) " +Sets the \s-1IV\s0 of the underlying cipher, when applicable. +.ie n .IP """custom"" (\fB\s-1OSSL_MAC_PARAM_CUSTOM\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``custom'' (\fB\s-1OSSL_MAC_PARAM_CUSTOM\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "custom (OSSL_MAC_PARAM_CUSTOM) " +Sets the custom string in the associated \s-1MAC\s0 ctx. +.ie n .IP """salt"" (\fB\s-1OSSL_MAC_PARAM_SALT\s0\fR) " 4 +.el .IP "``salt'' (\fB\s-1OSSL_MAC_PARAM_SALT\s0\fR) " 4 +.IX Item "salt (OSSL_MAC_PARAM_SALT) " +Sets the salt of the underlying cipher, when applicable. +.ie n .IP """xof"" (\fB\s-1OSSL_MAC_PARAM_BLOCK_XOF\s0\fR) " 4 +.el .IP "``xof'' (\fB\s-1OSSL_MAC_PARAM_BLOCK_XOF\s0\fR) " 4 +.IX Item "xof (OSSL_MAC_PARAM_BLOCK_XOF) " +Sets \s-1XOF\s0 mode in the associated \s-1MAC\s0 ctx. +0 means no \s-1XOF\s0 mode, 1 means \s-1XOF\s0 mode. +.ie n .IP """flags"" (\fB\s-1OSSL_MAC_PARAM_FLAGS\s0\fR) " 4 +.el .IP "``flags'' (\fB\s-1OSSL_MAC_PARAM_FLAGS\s0\fR) " 4 +.IX Item "flags (OSSL_MAC_PARAM_FLAGS) " +Gets flags associated with the \s-1MAC\s0. +.ie n .IP """cipher"" (\fB\s-1OSSL_MAC_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``cipher'' (\fB\s-1OSSL_MAC_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "cipher (OSSL_MAC_PARAM_CIPHER) " +.PD 0 +.ie n .IP """digest"" (\fB\s-1OSSL_MAC_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``digest'' (\fB\s-1OSSL_MAC_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "digest (OSSL_MAC_PARAM_DIGEST) " +.PD +Sets the name of the underlying cipher or digest to be used. +It must name a suitable algorithm for the \s-1MAC\s0 that's being used. +.ie n .IP """properties"" (\fB\s-1OSSL_MAC_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``properties'' (\fB\s-1OSSL_MAC_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "properties (OSSL_MAC_PARAM_PROPERTIES) " +Sets the properties to be queried when trying to fetch the underlying algorithm. +This must be given together with the algorithm naming parameter to be +considered valid. +.ie n .IP """size"" (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) " 4 +.el .IP "``size'' (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) " 4 +.IX Item "size (OSSL_MAC_PARAM_SIZE) " +Can be used to get the resulting \s-1MAC\s0 size. +.Sp +With some \s-1MAC\s0 algorithms, it can also be used to set the size that the +resulting \s-1MAC\s0 should have. +Allowable sizes are decided within each implementation. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOP_mac_newctx()\fR and \fIOP_mac_dupctx()\fR should return the newly created +provider side mac context, or \s-1NULL\s0 on failure. +.PP +\&\fIOP_mac_init()\fR, \fIOP_mac_update()\fR, \fIOP_mac_final()\fR, \fIOP_mac_get_params()\fR, +\&\fIOP_mac_get_ctx_params()\fR and \fIOP_mac_set_ctx_params()\fR should return 1 for +success or 0 on error. +.PP +\&\fIOP_mac_gettable_params()\fR, \fIOP_mac_gettable_ctx_params()\fR and +\&\fIOP_mac_settable_ctx_params()\fR should return a constant \fB\s-1OSSL_PARAM\s0\fR +array, or \s-1NULL\s0 if none is offered. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIprovider\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The provider \s-1MAC\s0 interface was introduced in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man7/provider-serializer.7 b/linux_amd64/share/man/man7/provider-serializer.7 new file mode 100755 index 0000000..fb2e8cf --- /dev/null +++ b/linux_amd64/share/man/man7/provider-serializer.7 @@ -0,0 +1,370 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PROVIDER-SERIALIZER 7" +.TH PROVIDER-SERIALIZER 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +provider\-serializer \- The SERIALIZER library <\-> provider functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& /* +\& * None of these are actual functions, but are displayed like this for +\& * the function signatures for functions that are offered as function +\& * pointers in OSSL_DISPATCH arrays. +\& */ +\& +\& /* Functions to construct / destruct / manipulate the serializer context */ +\& void *OP_serializer_newctx(void *provctx); +\& void OP_serializer_freectx(void *ctx); +\& int OP_serializer_set_ctx_params(void *ctx, const OSSL_PARAM params[]); +\& const OSSL_PARAM *OP_serializer_settable_ctx_params(void) +\& +\& /* Functions to serialize object data */ +\& int OP_serializer_serialize_data(void *ctx, const OSSL_PARAM *data, +\& BIO *out, +\& OSSL_PASSPHRASE_CALLBACK *cb, +\& void *cbarg); +\& int OP_serializer_serialize_object(void *ctx, void *obj, BIO *out, +\& OSSL_PASSPHRASE_CALLBACK *cb, +\& void *cbarg); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1SERIALIZER\s0 is a generic method to serialize any set of object data +in \s-1\fIOSSL_PARAM\s0\fR\|(3) array form, or any provider side object into +serialized form, and write it to the given \s-1BIO\s0. If the caller wants +to get the serialized stream to memory, it should provide a +\&\fIBIO_s_membuf\fR\|(3). +.PP +The serializer doesn't need to know more about the \fB\s-1BIO\s0\fR pointer than +being able to pass it to the appropriate \s-1BIO\s0 upcalls (see +\&\*(L"Core functions\*(R" in \fIprovider\-base\fR\|(7)). +.PP +The serialization using the \s-1\fIOSSL_PARAM\s0\fR\|(3) array form allows a +serializer to be used for data that's been exported from another +provider, and thereby allow them to exist independently of each +other. +.PP +The serialization using a provider side object can only be safely used +with provider data coming from the same provider, for example keys +with the \s-1KEYMGMT\s0 provider. +.PP +All \*(L"functions\*(R" mentioned here are passed as function pointers between +\&\fIlibcrypto\fR and the provider in \fB\s-1OSSL_DISPATCH\s0\fR arrays via +\&\fB\s-1OSSL_ALGORITHM\s0\fR arrays that are returned by the provider's +\&\fIprovider_query_operation()\fR function +(see \*(L"Provider Functions\*(R" in \fIprovider\-base\fR\|(7)). +.PP +All these \*(L"functions\*(R" have a corresponding function type definition +named \fBOSSL_{name}_fn\fR, and a helper function to retrieve the +function pointer from a \fB\s-1OSSL_DISPATCH\s0\fR element named +\&\fBOSSL_get_{name}\fR. +For example, the \*(L"function\*(R" \fIOP_serializer_serialize_data()\fR has these: +.PP +.Vb 6 +\& typedef int +\& (OSSL_OP_serializer_serialize_data_fn)(void *provctx, +\& const OSSL_PARAM params[], +\& BIO *out); +\& static ossl_inline OSSL_OP_serializer_serialize_data_fn +\& OSSL_get_OP_serializer_serialize_data(const OSSL_DISPATCH *opf); +.Ve +.PP +\&\fB\s-1OSSL_DISPATCH\s0\fR arrays are indexed by numbers that are provided as +macros in \fIopenssl\-core_numbers.h\fR\|(7), as follows: +.PP +.Vb 4 +\& OP_serializer_newctx OSSL_FUNC_SERIALIZER_NEWCTX +\& OP_serializer_freectx OSSL_FUNC_SERIALIZER_FREECTX +\& OP_serializer_set_ctx_params OSSL_FUNC_SERIALIZER_SET_CTX_PARAMS +\& OP_serializer_settable_ctx_params OSSL_FUNC_SERIALIZER_SETTABLE_CTX_PARAMS +\& +\& OP_serializer_serialize_data OSSL_FUNC_SERIALIZER_SERIALIZE_DATA +\& OP_serializer_serialize_object OSSL_FUNC_SERIALIZER_SERIALIZE_OBJECT +.Ve +.SS "Names and properties" +.IX Subsection "Names and properties" +The name of an implementation should match the type of object it +handles. For example, an implementation that serializes an \s-1RSA\s0 key +should be named accordingly. +.PP +To be able to specify exactly what serialization format and what type +of data a serializer implementation is expected to handle, two +additional properties may be given: +.IP "format" 4 +.IX Item "format" +This property is used to specify what kind of output format the +implementation produces. Currently known formats are: +.RS 4 +.IP "text" 4 +.IX Item "text" +An implementation with that format property value outputs human +readable text, making that implementation suitable for \f(CW\*(C`\-text\*(C'\fR output +in diverse \fIopenssl\fR\|(1) commands. +.IP "pem" 4 +.IX Item "pem" +An implementation with that format property value outputs \s-1PEM\s0 +formatted data. +.IP "der" 4 +.IX Item "der" +An implementation with that format property value outputs \s-1DER\s0 +formatted data. +.RE +.RS 4 +.RE +.IP "type" 4 +.IX Item "type" +With objects that have multiple purposes, this can be used to specify +the purpose type. The currently known use cases are asymmetric keys +and key parameters, where the type can be one of: +.RS 4 +.IP "private" 4 +.IX Item "private" +An implementation with that format property value outputs a private +key. +.IP "public" 4 +.IX Item "public" +An implementation with that format property value outputs a public +key. +.IP "parameters" 4 +.IX Item "parameters" +An implementation with that format property value outputs key +parameters. +.RE +.RS 4 +.RE +.PP +The possible values of both these properties is open ended. A +provider may very well specify other formats that libcrypto doesn't +know anything about. +.SS "Context functions" +.IX Subsection "Context functions" +\&\fIOP_serializer_newctx()\fR returns a context to be used with the rest of +the functions. +.PP +\&\fIOP_serializer_freectx()\fR frees the given \fIctx\fR, if it was created by +\&\fIOP_serializer_newctx()\fR. +.PP +\&\fIOP_serializer_set_ctx_params()\fR sets context data according to +parameters from \fIparams\fR that it recognises. Unrecognised parameters +should be ignored. +.PP +\&\fIOP_serializer_settable_ctx_params()\fR returns a constant \fB\s-1OSSL_PARAM\s0\fR +array describing the parameters that \fIOP_serializer_set_ctx_params()\fR +can handle. +.PP +See \s-1\fIOSSL_PARAM\s0\fR\|(3) for further details on the parameters structure used +by \fIOP_serializer_set_ctx_params()\fR and \fIOP_serializer_settable_ctx_params()\fR. +.SS "Serializing functions" +.IX Subsection "Serializing functions" +\&\fIOP_serializer_serialize_data()\fR should take an array of \fB\s-1OSSL_PARAM\s0\fR, +\&\fIdata\fR, and if it contains the data necessary for the object type +that the implementation handles, it should output the object in +serialized form to the \fB\s-1BIO\s0\fR. +.PP +\&\fIOP_serializer_serialize_object()\fR should take a pointer to an object +that it knows intimately, and output that object in serialized form to +the \fB\s-1BIO\s0\fR. The caller \fImust\fR ensure that this function is called +with a pointer that the provider of this function is familiar with. +It is not suitable to use with object pointers coming from other +providers. +.PP +Both serialization functions also take an \fB\s-1OSSL_PASSPHRASE_CALLBACK\s0\fR +function pointer along with a pointer to application data \fIcbarg\fR, +which should be used when a pass phrase prompt is needed. +.SS "Serializer parameters" +.IX Subsection "Serializer parameters" +Parameters currently recognised by built-in serializers are as +follows: +.ie n .IP """cipher"" (\fB\s-1OSSL_SERIALIZER_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``cipher'' (\fB\s-1OSSL_SERIALIZER_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "cipher (OSSL_SERIALIZER_PARAM_CIPHER) " +The name of the encryption cipher to be used when generating encrypted +serialization. This is used when serializing private keys, as well as +other objects that need protection. +.Sp +If this name is invalid for the serialization implementation, the +implementation should refuse to perform the serialization, i.e. +\&\fIOP_serializer_serialize_data()\fR and \fIOP_serializer_serialize_object()\fR +should return an error. +.ie n .IP """properties"" (\fB\s-1OSSL_SERIALIZER_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``properties'' (\fB\s-1OSSL_SERIALIZER_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "properties (OSSL_SERIALIZER_PARAM_PROPERTIES) " +The properties to be queried when trying to fetch the algorithm given +with the \*(L"cipher\*(R" parameter. +This must be given together with the \*(L"cipher\*(R" parameter to be +considered valid. +.Sp +The serialization implementation isn't obligated to use this value. +However, it is recommended that implementations that do not handle +property strings return an error on receiving this parameter unless +its value \s-1NULL\s0 or the empty string. +.ie n .IP """passphrase"" (\fB\s-1OSSL_SERIALIZER_PARAM_PASS\s0\fR) " 4 +.el .IP "``passphrase'' (\fB\s-1OSSL_SERIALIZER_PARAM_PASS\s0\fR) " 4 +.IX Item "passphrase (OSSL_SERIALIZER_PARAM_PASS) " +A pass phrase provided by the application. When this is given, the +built-in serializers will not attempt to use the passphrase callback. +.PP +Parameters currently recognised by the built-in pass phrase callback: +.ie n .IP """info"" (\fB\s-1OSSL_PASSPHRASE_PARAM_INFO\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``info'' (\fB\s-1OSSL_PASSPHRASE_PARAM_INFO\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "info (OSSL_PASSPHRASE_PARAM_INFO) " +A string of information that will become part of the pass phrase +prompt. This could be used to give the user information on what kind +of object it's being prompted for. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOP_serializer_newctx()\fR returns a pointer to a context, or \s-1NULL\s0 on +failure. +.PP +\&\fIOP_serializer_set_ctx_params()\fR returns 1, unless a recognised +parameters was invalid or caused an error, for which 0 is returned. +.PP +\&\fIOP_serializer_settable_ctx_params()\fR returns a pointer to an array of +constant \fB\s-1OSSL_PARAM\s0\fR elements. +.PP +\&\fIOP_serializer_serialize_data()\fR and \fIOP_serializer_serialize_object()\fR +return 1 on success, or 0 on failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIprovider\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \s-1SERIALIZER\s0 interface was introduced in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man7/provider-signature.7 b/linux_amd64/share/man/man7/provider-signature.7 new file mode 100755 index 0000000..b93841c --- /dev/null +++ b/linux_amd64/share/man/man7/provider-signature.7 @@ -0,0 +1,355 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PROVIDER-SIGNATURE 7" +.TH PROVIDER-SIGNATURE 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +provider\-signature \- The signature library <\-> provider functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& #include +\& #include +\& +\& /* +\& * None of these are actual functions, but are displayed like this for +\& * the function signatures for functions that are offered as function +\& * pointers in OSSL_DISPATCH arrays. +\& */ +\& +\& /* Context management */ +\& void *OP_signature_newctx(void *provctx); +\& void OP_signature_freectx(void *ctx); +\& void *OP_signature_dupctx(void *ctx); +\& +\& /* Signing */ +\& int OP_signature_sign_init(void *ctx, void *provkey); +\& int OP_signature_sign(void *ctx, unsigned char *sig, size_t *siglen, +\& size_t sigsize, const unsigned char *tbs, size_t tbslen); +\& +\& /* Verifying */ +\& int OP_signature_verify_init(void *ctx, void *provkey); +\& int OP_signature_verify(void *ctx, const unsigned char *sig, size_t siglen, +\& const unsigned char *tbs, size_t tbslen); +\& +\& /* Verify Recover */ +\& int OP_signature_verify_recover_init(void *ctx, void *provkey); +\& int OP_signature_verify_recover(void *ctx, unsigned char *rout, +\& size_t *routlen, size_t routsize, +\& const unsigned char *sig, size_t siglen); +\& +\& /* Signature parameters */ +\& int OP_signature_get_ctx_params(void *ctx, OSSL_PARAM params[]); +\& const OSSL_PARAM *OP_signature_gettable_ctx_params(void); +\& int OP_signature_set_ctx_params(void *ctx, const OSSL_PARAM params[]); +\& const OSSL_PARAM *OP_signature_settable_ctx_params(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This documentation is primarily aimed at provider authors. See \fIprovider\fR\|(7) +for further information. +.PP +The signature (\s-1OSSL_OP_SIGNATURE\s0) operation enables providers to implement +signature algorithms and make them available to applications via the \s-1API\s0 +functions \fIEVP_PKEY_sign\fR\|(3), +\&\fIEVP_PKEY_verify\fR\|(3), +and \fIEVP_PKEY_verify_recover\fR\|(3) (as well +as other related functions). +.PP +All \*(L"functions\*(R" mentioned here are passed as function pointers between +\&\fIlibcrypto\fR and the provider in \fB\s-1OSSL_DISPATCH\s0\fR arrays via +\&\fB\s-1OSSL_ALGORITHM\s0\fR arrays that are returned by the provider's +\&\fIprovider_query_operation()\fR function +(see \*(L"Provider Functions\*(R" in \fIprovider\-base\fR\|(7)). +.PP +All these \*(L"functions\*(R" have a corresponding function type definition +named \fBOSSL_{name}_fn\fR, and a helper function to retrieve the +function pointer from an \fB\s-1OSSL_DISPATCH\s0\fR element named +\&\fBOSSL_get_{name}\fR. +For example, the \*(L"function\*(R" \fIOP_signature_newctx()\fR has these: +.PP +.Vb 3 +\& typedef void *(OSSL_OP_signature_newctx_fn)(void *provctx); +\& static ossl_inline OSSL_OP_signature_newctx_fn +\& OSSL_get_OP_signature_newctx(const OSSL_DISPATCH *opf); +.Ve +.PP +\&\fB\s-1OSSL_DISPATCH\s0\fR arrays are indexed by numbers that are provided as +macros in \fIopenssl\-core_numbers.h\fR\|(7), as follows: +.PP +.Vb 3 +\& OP_signature_newctx OSSL_FUNC_SIGNATURE_NEWCTX +\& OP_signature_freectx OSSL_FUNC_SIGNATURE_FREECTX +\& OP_signature_dupctx OSSL_FUNC_SIGNATURE_DUPCTX +\& +\& OP_signature_sign_init OSSL_FUNC_SIGNATURE_SIGN_INIT +\& OP_signature_sign OSSL_FUNC_SIGNATURE_SIGN +\& +\& OP_signature_verify_init OSSL_FUNC_SIGNATURE_VERIFY_INIT +\& OP_signature_verify OSSL_FUNC_SIGNATURE_VERIFY +\& +\& OP_signature_verify_recover_init OSSL_FUNC_SIGNATURE_VERIFY_RECOVER_INIT +\& OP_signature_verify_recover OSSL_FUNC_SIGNATURE_VERIFY_RECOVER +\& +\& OP_signature_get_ctx_params OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS +\& OP_signature_gettable_ctx_params OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS +\& OP_signature_set_ctx_params OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS +\& OP_signature_settable_ctx_params OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS +.Ve +.PP +A signature algorithm implementation may not implement all of these functions. +In order to be a consistent set of functions a provider must implement +OP_signature_newctx and OP_signature_freectx. +It must also implement both of OP_signature_sign_init and OP_signature_sign, +or both of OP_signature_verify_init and OP_signature_verify, or both of +OP_signature_verify_recover_init and OP_signature_verify_recover. +All other functions are optional. +.PP +A signature algorithm must also implement some mechanism for generating, +loading or importing keys via the key management (\s-1OSSL_OP_KEYMGMT\s0) operation. +See \fIprovider\-keymgmt\fR\|(7) for further details. +.SS "Context Management Functions" +.IX Subsection "Context Management Functions" +\&\fIOP_signature_newctx()\fR should create and return a pointer to a provider side +structure for holding context information during a signature operation. +A pointer to this context will be passed back in a number of the other signature +operation function calls. +The parameter \fIprovctx\fR is the provider context generated during provider +initialisation (see \fIprovider\fR\|(7)). +.PP +\&\fIOP_signature_freectx()\fR is passed a pointer to the provider side signature +context in the \fIctx\fR parameter. +This function should free any resources associated with that context. +.PP +\&\fIOP_signature_dupctx()\fR should duplicate the provider side signature context in +the \fIctx\fR parameter and return the duplicate copy. +.SS "Signing Functions" +.IX Subsection "Signing Functions" +\&\fIOP_signature_sign_init()\fR initialises a context for signing given a provider side +signature context in the \fIctx\fR parameter, and a pointer to a provider key object +in the \fIprovkey\fR parameter. +The key object should have been previously generated, loaded or imported into +the provider using the key management (\s-1OSSL_OP_KEYMGMT\s0) operation (see +\&\fIprovider\-keymgmt\fR\|(7)>. +.PP +\&\fIOP_signature_sign()\fR performs the actual signing itself. +A previously initialised signature context is passed in the \fIctx\fR +parameter. +The data to be signed is pointed to be the \fItbs\fR parameter which is \fItbslen\fR +bytes long. +Unless \fIsig\fR is \s-1NULL\s0, the signature should be written to the location pointed +to by the \fIsig\fR parameter and it should not exceed \fIsigsize\fR bytes in length. +The length of the signature should be written to \fI*siglen\fR. +If \fIsig\fR is \s-1NULL\s0 then the maximum length of the signature should be written to +\&\fI*siglen\fR. +.SS "Verify Functions" +.IX Subsection "Verify Functions" +\&\fIOP_signature_verify_init()\fR initialises a context for verifying a signature given +a provider side signature context in the \fIctx\fR parameter, and a pointer to a +provider key object in the \fIprovkey\fR parameter. +The key object should have been previously generated, loaded or imported into +the provider using the key management (\s-1OSSL_OP_KEYMGMT\s0) operation (see +\&\fIprovider\-keymgmt\fR\|(7)>. +.PP +\&\fIOP_signature_verify()\fR performs the actual verification itself. +A previously initialised signature context is passed in the \fIctx\fR parameter. +The data that the signature covers is pointed to be the \fItbs\fR parameter which +is \fItbslen\fR bytes long. +The signature is pointed to by the \fIsig\fR parameter which is \fIsiglen\fR bytes +long. +.SS "Verify Recover Functions" +.IX Subsection "Verify Recover Functions" +\&\fIOP_signature_verify_recover_init()\fR initialises a context for recovering the +signed data given a provider side signature context in the \fIctx\fR parameter, and +a pointer to a provider key object in the \fIprovkey\fR parameter. +The key object should have been previously generated, loaded or imported into +the provider using the key management (\s-1OSSL_OP_KEYMGMT\s0) operation (see +\&\fIprovider\-keymgmt\fR\|(7)>. +.PP +\&\fIOP_signature_verify_recover()\fR performs the actual verify recover itself. +A previously initialised signature context is passed in the \fIctx\fR parameter. +The signature is pointed to by the \fIsig\fR parameter which is \fIsiglen\fR bytes +long. +Unless \fIrout\fR is \s-1NULL\s0, the recovered data should be written to the location +pointed to by \fIrout\fR which should not exceed \fIroutsize\fR bytes in length. +The length of the recovered data should be written to \fI*routlen\fR. +If \fIrout\fR is \s-1NULL\s0 then the maximum size of the output buffer is written to +the \fIroutlen\fR parameter. +.SS "Signature Parameters" +.IX Subsection "Signature Parameters" +See \s-1\fIOSSL_PARAM\s0\fR\|(3) for further details on the parameters structure used by +the \fIOP_signature_get_ctx_params()\fR and \fIOP_signature_set_ctx_params()\fR functions. +.PP +\&\fIOP_signature_get_ctx_params()\fR gets signature parameters associated with the +given provider side signature context \fIctx\fR and stored them in \fIparams\fR. +\&\fIOP_signature_set_ctx_params()\fR sets the signature parameters associated with the +given provider side signature context \fIctx\fR to \fIparams\fR. +Any parameter settings are additional to any that were previously set. +.PP +Parameters currently recognised by built-in signature algorithms are as +follows. +Not all parameters are relevant to, or are understood by all signature +algorithms: +.ie n .IP """digest"" (\fB\s-1OSSL_SIGNATURE_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``digest'' (\fB\s-1OSSL_SIGNATURE_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "digest (OSSL_SIGNATURE_PARAM_DIGEST) " +Get or sets the name of the digest algorithm used for the input to the signature +functions. +.ie n .IP """digest-size"" (\fB\s-1OSSL_SIGNATURE_PARAM_DIGEST_SIZE\s0\fR) " 4 +.el .IP "``digest-size'' (\fB\s-1OSSL_SIGNATURE_PARAM_DIGEST_SIZE\s0\fR) " 4 +.IX Item "digest-size (OSSL_SIGNATURE_PARAM_DIGEST_SIZE) " +Gets or sets the output size of the digest algorithm used for the input to the +signature functions. +The length of the \*(L"digest-size\*(R" parameter should not exceed that of a \fBsize_t\fR. +.PP +\&\fIOP_signature_gettable_ctx_params()\fR and \fIOP_signature_settable_ctx_params()\fR get a +constant \fB\s-1OSSL_PARAM\s0\fR array that describes the gettable and settable parameters, +i.e. parameters that can be used with \fIOP_signature_get_ctx_params()\fR and +\&\fIOP_signature_set_ctx_params()\fR respectively. +See \s-1\fIOSSL_PARAM\s0\fR\|(3) for the use of \fB\s-1OSSL_PARAM\s0\fR as parameter descriptor. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOP_signature_newctx()\fR and \fIOP_signature_dupctx()\fR should return the newly created +provider side signature, or \s-1NULL\s0 on failure. +.PP +All other functions should return 1 for success or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIprovider\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The provider \s-1SIGNATURE\s0 interface was introduced in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man7/provider.7 b/linux_amd64/share/man/man7/provider.7 new file mode 100755 index 0000000..09d18f9 --- /dev/null +++ b/linux_amd64/share/man/man7/provider.7 @@ -0,0 +1,493 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PROVIDER 7" +.TH PROVIDER 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +provider \- OpenSSL operation implementation providers +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +#include +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +.SS "General" +.IX Subsection "General" +A \fIprovider\fR, in OpenSSL terms, is a unit of code that provides one +or more implementations for various operations for diverse algorithms +that one might want to perform. +.PP +An \fIoperation\fR is something one wants to do, such as encryption and +decryption, key derivation, \s-1MAC\s0 calculation, signing and verification, +etc. +.PP +An \fIalgorithm\fR is a named method to perform an operation. +Very often, the algorithms revolve around cryptographic operations, +but may also revolve around other types of operation, such as managing +certain types of objects. +.SS "Provider" +.IX Subsection "Provider" +\&\fI\s-1NOTE:\s0 This section is mostly interesting for provider authors.\fR +.PP +A \fIprovider\fR offers an initialization function, as a set of base +functions in the form of an \fB\s-1OSSL_DISPATCH\s0\fR array, and by extension, +a set of \fB\s-1OSSL_ALGORITHM\s0\fRs (see \fIopenssl\-core.h\fR\|(7)). +It may be a dynamically loadable module, or may be built-in, in +OpenSSL libraries or in the application. +If it's a dynamically loadable module, the initialization function +must be named \f(CW\*(C`OSSL_provider_init\*(C'\fR and must be exported. +If it's built-in, the initialization function may have any name. +.PP +The initialization function must have the following signature: +.PP +.Vb 3 +\& int NAME(const OSSL_PROVIDER *provider, +\& const OSSL_DISPATCH *in, const OSSL_DISPATCH **out, +\& void **provctx); +.Ve +.PP +\&\fIprovider\fR is the OpenSSL library object for the provider, and works +as a handle for everything the OpenSSL libraries need to know about +the provider. +For the provider itself, it may hold some interesting information, +and is also passed to some of the functions given in the dispatch +array \fIin\fR. +.PP +\&\fIin\fR is a dispatch array of base functions offered by the OpenSSL +libraries, and the available functions are further described in +\&\fIprovider\-base\fR\|(7). +.PP +\&\fI*out\fR must be assigned a dispatch array of base functions that the +provider offers to the OpenSSL libraries. +The functions that may be offered are further described in +\&\fIprovider\-base\fR\|(7), and they are the central means of communication +between the OpenSSL libraries and the provider. +.PP +\&\fI*provctx\fR should be assigned a provider specific context to allow +the provider multiple simultaneous uses. +This pointer will be passed to various operation functions offered by +the provider. +.PP +One of the functions the provider offers to the OpenSSL libraries is +the central mechanism for the OpenSSL libraries to get access to +operation implementations for diverse algorithms. +Its referred to with the number \fB\s-1OSSL_FUNC_PROVIDER_QUERY_OPERATION\s0\fR +and has the following signature: +.PP +.Vb 3 +\& const OSSL_ALGORITHM *provider_query_operation(void *provctx, +\& int operation_id, +\& const int *no_store); +.Ve +.PP +\&\fIprovctx\fR is the provider specific context that was passed back by +the initialization function. +.PP +\&\fIoperation_id\fR is an operation identity (see \*(L"Operations\*(R" below). +.PP +\&\fIno_store\fR is a flag back to the OpenSSL libraries which, when +nonzero, signifies that the OpenSSL libraries will not store a +reference to the returned data in their internal store of +implementations. +.PP +The returned \fB\s-1OSSL_ALGORITHM\s0\fR is the foundation of any OpenSSL +library \s-1API\s0 that uses providers for their implementation, most +commonly in the \fIfetching\fR type of functions +(see \*(L"Fetching algorithms\*(R" below). +.SS "Operations" +.IX Subsection "Operations" +\&\fI\s-1NOTE:\s0 This section is mostly interesting for provider authors.\fR +.PP +Operations are referred to with numbers, via macros with names +starting with \f(CW\*(C`OSSL_OP_\*(C'\fR. +.PP +With each operation comes a set of defined function types that a +provider may or may not offer, depending on its needs. +.PP +Currently available operations are: +.IP "Digests" 4 +.IX Item "Digests" +In the OpenSSL libraries, the corresponding method object is +\&\fB\s-1EVP_MD\s0\fR. +The number for this operation is \fB\s-1OSSL_OP_DIGEST\s0\fR. +The functions the provider can offer are described in +\&\fIprovider\-digest\fR\|(7) +.IP "Symmetric ciphers" 4 +.IX Item "Symmetric ciphers" +In the OpenSSL libraries, the corresponding method object is +\&\fB\s-1EVP_CIPHER\s0\fR. +The number for this operation is \fB\s-1OSSL_OP_CIPHER\s0\fR. +The functions the provider can offer are described in +\&\fIprovider\-cipher\fR\|(7) +.IP "Message Authentication Code (\s-1MAC\s0)" 4 +.IX Item "Message Authentication Code (MAC)" +In the OpenSSL libraries, the corresponding method object is +\&\fB\s-1EVP_MAC\s0\fR. +The number for this operation is \fB\s-1OSSL_OP_MAC\s0\fR. +The functions the provider can offer are described in +\&\fIprovider\-mac\fR\|(7) +.IP "Key Derivation Function (\s-1KDF\s0)" 4 +.IX Item "Key Derivation Function (KDF)" +In the OpenSSL libraries, the corresponding method object is +\&\fB\s-1EVP_KDF\s0\fR. +The number for this operation is \fB\s-1OSSL_OP_KDF\s0\fR. +The functions the provider can offer are described in +\&\fIprovider\-kdf\fR\|(7) +.IP "Key Exchange" 4 +.IX Item "Key Exchange" +In the OpenSSL libraries, the corresponding method object is +\&\fB\s-1EVP_KEYEXCH\s0\fR. +The number for this operation is \fB\s-1OSSL_OP_KEYEXCH\s0\fR. +The functions the provider can offer are described in +\&\fIprovider\-keyexch\fR\|(7) +.IP "Serialization" 4 +.IX Item "Serialization" +In the OpenSSL libraries, the corresponding method object is +\&\fB\s-1OSSL_SERIALIZER\s0\fR. +The number for this operation is \fB\s-1OSSL_OP_SERIALIZER\s0\fR. +The functions the provider can offer are described in +\&\fIprovider\-serializer\fR\|(7) +.SS "Fetching algorithms" +.IX Subsection "Fetching algorithms" +\fIExplicit fetch\fR +.IX Subsection "Explicit fetch" +.PP +\&\fI\s-1NOTE:\s0 This section is mostly interesting to OpenSSL users.\fR +.PP +Users of the OpenSSL libraries never query the provider directly for +its diverse implementations and dispatch tables. +Instead, the diverse OpenSSL APIs often have fetching functions that +do the work, and they return an appropriate method object back to the +user. +These functions usually have the name \f(CW\*(C`APINAME_fetch\*(C'\fR, where +\&\f(CW\*(C`APINAME\*(C'\fR is the name of the \s-1API\s0, for example \fIEVP_MD_fetch\fR\|(3). +.PP +These fetching functions follow a fairly common pattern, where three +arguments are passed: +.IP "The library context" 4 +.IX Item "The library context" +See \s-1\fIOPENSSL_CTX\s0\fR\|(3) for a more detailed description. +This may be \s-1NULL\s0 to signify the default (global) library context, or a +context created by the user. +Only providers loaded in this library context (see +\&\fIOSSL_PROVIDER_load\fR\|(3)) will be considered by the fetching +function. +.IP "An identifier" 4 +.IX Item "An identifier" +This is most commonly an algorithm name (this is the case for all \s-1EVP\s0 +methods), but may also be called something else. +.IP "A property query string" 4 +.IX Item "A property query string" +See \fIproperty\fR\|(7) for a more detailed description. +This is used to select more exactly which providers will get to offer +an implementation. +.PP +The method object that is fetched can then be used with diverse other +functions that use them, for example \fIEVP_DigestInit_ex\fR\|(3). +.PP +\fIImplicit fetch\fR +.IX Subsection "Implicit fetch" +.PP +\&\fI\s-1NOTE:\s0 This section is mostly interesting to OpenSSL users.\fR +.PP +OpenSSL has a number of functions that return a method object with no +associated implementation, such as \fIEVP_sha256\fR\|(3), +\&\fIEVP_blake2b512\fR\|(3) or \fIEVP_aes_128_cbc\fR\|(3), which are present for +compatibility with OpenSSL before version 3.0. +.PP +When they are used with functions like \fIEVP_DigestInit_ex\fR\|(3) or +\&\fIEVP_CipherInit_ex\fR\|(3), the actual implementation to be used is +fetched implicitly using default search criteria. +.PP +Implicit fetching can also occur when a \s-1NULL\s0 algorithm parameter is +supplied. +In this case an algorithm implementation is implicitly fetched using +default search criteria and an algorithm name that is consistent with +the type of \s-1EVP_PKEY\s0 being used. +.PP +\fIAlgorithm naming\fR +.IX Subsection "Algorithm naming" +.PP +Algorithm names are case insensitive. Any particular algorithm can have multiple +aliases associated with it. The canonical OpenSSL naming scheme follows this +format: +.PP +ALGNAME[\s-1VERSION\s0?][\-SUBNAME[\s-1VERSION\s0?]?][\-SIZE?][\-MODE?] +.PP +\&\s-1VERSION\s0 is only present if there are multiple versions of an algorithm (e.g. +\&\s-1MD2\s0, \s-1MD4\s0, \s-1MD5\s0). It may be omitted if there is only one version. +.PP +\&\s-1SUBNAME\s0 may be present where multiple algorithms are combined together, +e.g. \s-1MD5\-SHA1\s0. +.PP +\&\s-1SIZE\s0 is only present if multiple versions of an algorithm exist with different +sizes (e.g. \s-1AES\-128\-CBC\s0, \s-1AES\-256\-CBC\s0) +.PP +\&\s-1MODE\s0 is only present where applicable. +.PP +Other aliases may exist for example where standards bodies or common practice +use alternative names or names that OpenSSL has used historically. +.SH "OPENSSL PROVIDERS" +.IX Header "OPENSSL PROVIDERS" +OpenSSL comes with a set of providers. +.PP +The algorithms available in each of these providers may vary due to build time +configuration options. The \fIopenssl\-list\fR\|(1) command can be used to list the +currently available algorithms. +.PP +The names of the algorithms shown from \fIopenssl\-list\fR\|(1) can be used as an +algorithm identifier to the appropriate fetching function. +.SS "Default provider" +.IX Subsection "Default provider" +The default provider is built in as part of the \fIlibcrypto\fR library. +Should it be needed (if other providers are loaded and offer +implementations of the same algorithms), the property \*(L"provider=default\*(R" +can be used as a search criterion for these implementations. Some +non-cryptographic algorithms (such as serializers for loading keys and +parameters from files) are not \s-1FIPS\s0 algorithm implementations in themselves but +support algorithms from the \s-1FIPS\s0 provider and are allowed for use in \*(L"\s-1FIPS\s0 +mode\*(R". The property \*(L"fips=yes\*(R" can be used to select such algorithms. +.SS "\s-1FIPS\s0 provider" +.IX Subsection "FIPS provider" +The \s-1FIPS\s0 provider is a dynamically loadable module, and must therefore +be loaded explicitly, either in code or through OpenSSL configuration +(see \fIconfig\fR\|(5)). +Should it be needed (if other providers are loaded and offer +implementations of the same algorithms), the property \*(L"provider=fips\*(R" can +be used as a search criterion for these implementations. All algorithm +implementations in the \s-1FIPS\s0 provider can also be selected with the property +\&\*(L"fips=yes\*(R". +.SS "Legacy provider" +.IX Subsection "Legacy provider" +The legacy provider is a dynamically loadable module, and must therefore +be loaded explicitly, either in code or through OpenSSL configuration +(see \fIconfig\fR\|(5)). +Should it be needed (if other providers are loaded and offer +implementations of the same algorithms), the property \*(L"provider=legacy\*(R" can be +used as a search criterion for these implementations. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +.SS "Fetching" +.IX Subsection "Fetching" +Fetch any available implementation of \s-1SHA2\-256\s0 in the default context: +.PP +.Vb 3 +\& EVP_MD *md = EVP_MD_fetch(NULL, "SHA2\-256", NULL); +\& ... +\& EVP_MD_meth_free(md); +.Ve +.PP +Fetch any available implementation of \s-1AES\-128\-CBC\s0 in the default context: +.PP +.Vb 3 +\& EVP_CIPHER *cipher = EVP_CIPHER_fetch(NULL, "AES\-128\-CBC", NULL); +\& ... +\& EVP_CIPHER_meth_free(cipher); +.Ve +.PP +Fetch an implementation of \s-1SHA2\-256\s0 from the default provider in the default +context: +.PP +.Vb 3 +\& EVP_MD *md = EVP_MD_fetch(NULL, "SHA2\-256", "provider=default"); +\& ... +\& EVP_MD_meth_free(md); +.Ve +.PP +Fetch an implementation of \s-1SHA2\-256\s0 that is not from the default provider in the +default context: +.PP +.Vb 3 +\& EVP_MD *md = EVP_MD_fetch(NULL, "SHA2\-256", "provider!=default"); +\& ... +\& EVP_MD_meth_free(md); +.Ve +.PP +Fetch an implementation of \s-1SHA2\-256\s0 from the default provider in the specified +context: +.PP +.Vb 3 +\& EVP_MD *md = EVP_MD_fetch(ctx, "SHA2\-256", "provider=default"); +\& ... +\& EVP_MD_meth_free(md); +.Ve +.PP +Load the legacy provider into the default context and then fetch an +implementation of \s-1WHIRLPOOL\s0 from it: +.PP +.Vb 2 +\& /* This only needs to be done once \- usually at application start up */ +\& OSSL_PROVIDER *legacy = OSSL_PROVIDER_load(NULL, "legacy"); +\& +\& EVP_MD *md = EVP_MD_fetch(NULL, "WHIRLPOOL", "provider=legacy"); +\& ... +\& EVP_MD_meth_free(md); +.Ve +.PP +Note that in the above example the property string \*(L"provider=legacy\*(R" is optional +since, assuming no other providers have been loaded, the only implementation of +the \*(L"whirlpool\*(R" algorithm is in the \*(L"legacy\*(R" provider. Also note that the +default provider should be explicitly loaded if it is required in addition to +other providers: +.PP +.Vb 3 +\& /* This only needs to be done once \- usually at application start up */ +\& OSSL_PROVIDER *legacy = OSSL_PROVIDER_load(NULL, "legacy"); +\& OSSL_PROVIDER *default = OSSL_PROVIDER_load(NULL, "default"); +\& +\& EVP_MD *md_whirlpool = EVP_MD_fetch(NULL, "whirlpool", NULL); +\& EVP_MD *md_sha256 = EVP_MD_fetch(NULL, "SHA2\-256", NULL); +\& ... +\& EVP_MD_meth_free(md_whirlpool); +\& EVP_MD_meth_free(md_sha256); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_DigestInit_ex\fR\|(3), \fIEVP_EncryptInit_ex\fR\|(3), +\&\s-1\fIOPENSSL_CTX\s0\fR\|(3), +\&\fIEVP_set_default_properties\fR\|(3), +\&\fIEVP_MD_fetch\fR\|(3), +\&\fIEVP_CIPHER_fetch\fR\|(3), +\&\fIEVP_KEYMGMT_fetch\fR\|(3), +\&\fIopenssl\-core.h\fR\|(7), +\&\fIprovider\-base\fR\|(7), +\&\fIprovider\-digest\fR\|(7), +\&\fIprovider\-cipher\fR\|(7), +\&\fIprovider\-keyexch\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The concept of providers and everything surrounding them was +introduced in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man7/proxy-certificates.7 b/linux_amd64/share/man/man7/proxy-certificates.7 new file mode 100755 index 0000000..8dfb636 --- /dev/null +++ b/linux_amd64/share/man/man7/proxy-certificates.7 @@ -0,0 +1,469 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PROXY-CERTIFICATES 7" +.TH PROXY-CERTIFICATES 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +proxy\-certificates \- Proxy certificates in OpenSSL +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Proxy certificates are defined in \s-1RFC\s0 3820. They are used to +extend rights to some other entity (a computer process, typically, or +sometimes to the user itself). This allows the entity to perform +operations on behalf of the owner of the \s-1EE\s0 (End Entity) certificate. +.PP +The requirements for a valid proxy certificate are: +.IP "\(bu" 4 +They are issued by an End Entity, either a normal \s-1EE\s0 certificate, or +another proxy certificate. +.IP "\(bu" 4 +They must not have the \fBsubjectAltName\fR or \fBissuerAltName\fR +extensions. +.IP "\(bu" 4 +They must have the \fBproxyCertInfo\fR extension. +.IP "\(bu" 4 +They must have the subject of their issuer, with one \fBcommonName\fR +added. +.SS "Enabling proxy certificate verification" +.IX Subsection "Enabling proxy certificate verification" +OpenSSL expects applications that want to use proxy certificates to be +specially aware of them, and make that explicit. This is done by +setting an X509 verification flag: +.PP +.Vb 1 +\& X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS); +.Ve +.PP +or +.PP +.Vb 1 +\& X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_ALLOW_PROXY_CERTS); +.Ve +.PP +See \*(L"\s-1NOTES\s0\*(R" for a discussion on this requirement. +.SS "Creating proxy certificates" +.IX Subsection "Creating proxy certificates" +Creating proxy certificates can be done using the \fIopenssl\-x509\fR\|(1) +command, with some extra extensions: +.PP +.Vb 3 +\& [ v3_proxy ] +\& # A proxy certificate MUST NEVER be a CA certificate. +\& basicConstraints=CA:FALSE +\& +\& # Usual authority key ID +\& authorityKeyIdentifier=keyid,issuer:always +\& +\& # The extension which marks this certificate as a proxy +\& proxyCertInfo=critical,language:id\-ppl\-anyLanguage,pathlen:1,policy:text:AB +.Ve +.PP +It's also possible to specify the proxy extension in a separate section: +.PP +.Vb 1 +\& proxyCertInfo=critical,@proxy_ext +\& +\& [ proxy_ext ] +\& language=id\-ppl\-anyLanguage +\& pathlen=0 +\& policy=text:BC +.Ve +.PP +The policy value has a specific syntax, \fIsyntag\fR:\fIstring\fR, where the +\&\fIsyntag\fR determines what will be done with the string. The following +\&\fIsyntag\fRs are recognised: +.IP "\fBtext\fR" 4 +.IX Item "text" +indicates that the string is a byte sequence, without any encoding: +.Sp +.Vb 1 +\& policy=text:ra\*:ksmo\*:rga\*os +.Ve +.IP "\fBhex\fR" 4 +.IX Item "hex" +indicates the string is encoded hexadecimal encoded binary data, with +colons between each byte (every second hex digit): +.Sp +.Vb 1 +\& policy=hex:72:E4:6B:73:6D:F6:72:67:E5:73 +.Ve +.IP "\fBfile\fR" 4 +.IX Item "file" +indicates that the text of the policy should be taken from a file. +The string is then a filename. This is useful for policies that are +large (more than a few lines, e.g. \s-1XML\s0 documents). +.PP +\&\fI\s-1NOTE:\s0 The proxy policy value is what determines the rights granted +to the process during the proxy certificate. It's up to the +application to interpret and combine these policies.\fR +.PP +With a proxy extension, creating a proxy certificate is a matter of +two commands: +.PP +.Vb 3 +\& openssl req \-new \-config proxy.cnf \e +\& \-out proxy.req \-keyout proxy.key \e +\& \-subj "/DC=org/DC=openssl/DC=users/CN=proxy 1" +\& +\& openssl x509 \-req \-CAcreateserial \-in proxy.req \-out proxy.crt \e +\& \-CA user.crt \-CAkey user.key \-days 7 \e +\& \-extfile proxy.cnf \-extensions v3_proxy1 +.Ve +.PP +You can also create a proxy certificate using another proxy +certificate as issuer (note: using a different configuration +section for the proxy extensions): +.PP +.Vb 3 +\& openssl req \-new \-config proxy.cnf \e +\& \-out proxy2.req \-keyout proxy2.key \e +\& \-subj "/DC=org/DC=openssl/DC=users/CN=proxy 1/CN=proxy 2" +\& +\& openssl x509 \-req \-CAcreateserial \-in proxy2.req \-out proxy2.crt \e +\& \-CA proxy.crt \-CAkey proxy.key \-days 7 \e +\& \-extfile proxy.cnf \-extensions v3_proxy2 +.Ve +.SS "Using proxy certs in applications" +.IX Subsection "Using proxy certs in applications" +To interpret proxy policies, the application would normally start with +some default rights (perhaps none at all), then compute the resulting +rights by checking the rights against the chain of proxy certificates, +user certificate and \s-1CA\s0 certificates. +.PP +The complicated part is figuring out how to pass data between your +application and the certificate validation procedure. +.PP +The following ingredients are needed for such processing: +.IP "\(bu" 4 +a callback function that will be called for every certificate being +validated. The callback is called several times for each certificate, +so you must be careful to do the proxy policy interpretation at the +right time. You also need to fill in the defaults when the \s-1EE\s0 +certificate is checked. +.IP "\(bu" 4 +a data structure that is shared between your application code and the +callback. +.IP "\(bu" 4 +a wrapper function that sets it all up. +.IP "\(bu" 4 +an ex_data index function that creates an index into the generic +ex_data store that is attached to an X509 validation context. +.PP +The following skeleton code can be used as a starting point: +.PP +.Vb 4 +\& #include +\& #include +\& #include +\& #include +\& +\& #define total_rights 25 +\& +\& /* +\& * In this example, I will use a view of granted rights as a bit +\& * array, one bit for each possible right. +\& */ +\& typedef struct your_rights { +\& unsigned char rights[(total_rights + 7) / 8]; +\& } YOUR_RIGHTS; +\& +\& /* +\& * The following procedure will create an index for the ex_data +\& * store in the X509 validation context the first time it\*(Aqs +\& * called. Subsequent calls will return the same index. +\& */ +\& static int get_proxy_auth_ex_data_idx(X509_STORE_CTX *ctx) +\& { +\& static volatile int idx = \-1; +\& +\& if (idx < 0) { +\& X509_STORE_lock(X509_STORE_CTX_get0_store(ctx)); +\& if (idx < 0) { +\& idx = X509_STORE_CTX_get_ex_new_index(0, +\& "for verify callback", +\& NULL,NULL,NULL); +\& } +\& X509_STORE_unlock(X509_STORE_CTX_get0_store(ctx)); +\& } +\& return idx; +\& } +\& +\& /* Callback to be given to the X509 validation procedure. */ +\& static int verify_callback(int ok, X509_STORE_CTX *ctx) +\& { +\& if (ok == 1) { +\& /* +\& * It\*(Aqs REALLY important you keep the proxy policy check +\& * within this section. It\*(Aqs important to know that when +\& * ok is 1, the certificates are checked from top to +\& * bottom. You get the CA root first, followed by the +\& * possible chain of intermediate CAs, followed by the EE +\& * certificate, followed by the possible proxy +\& * certificates. +\& */ +\& X509 *xs = X509_STORE_CTX_get_current_cert(ctx); +\& +\& if (X509_get_extension_flags(xs) & EXFLAG_PROXY) { +\& YOUR_RIGHTS *rights = +\& (YOUR_RIGHTS *)X509_STORE_CTX_get_ex_data(ctx, +\& get_proxy_auth_ex_data_idx(ctx)); +\& PROXY_CERT_INFO_EXTENSION *pci = +\& X509_get_ext_d2i(xs, NID_proxyCertInfo, NULL, NULL); +\& +\& switch (OBJ_obj2nid(pci\->proxyPolicy\->policyLanguage)) { +\& case NID_Independent: +\& /* +\& * Do whatever you need to grant explicit rights +\& * to this particular proxy certificate, usually +\& * by pulling them from some database. If there +\& * are none to be found, clear all rights (making +\& * this and any subsequent proxy certificate void +\& * of any rights). +\& */ +\& memset(rights\->rights, 0, sizeof(rights\->rights)); +\& break; +\& case NID_id_ppl_inheritAll: +\& /* +\& * This is basically a NOP, we simply let the +\& * current rights stand as they are. +\& */ +\& break; +\& default: +\& /* +\& * This is usually the most complex section of +\& * code. You really do whatever you want as long +\& * as you follow RFC 3820. In the example we use +\& * here, the simplest thing to do is to build +\& * another, temporary bit array and fill it with +\& * the rights granted by the current proxy +\& * certificate, then use it as a mask on the +\& * accumulated rights bit array, and voila\*`, you +\& * now have a new accumulated rights bit array. +\& */ +\& { +\& int i; +\& YOUR_RIGHTS tmp_rights; +\& memset(tmp_rights.rights, 0, +\& sizeof(tmp_rights.rights)); +\& +\& /* +\& * process_rights() is supposed to be a +\& * procedure that takes a string and its +\& * length, interprets it and sets the bits +\& * in the YOUR_RIGHTS pointed at by the +\& * third argument. +\& */ +\& process_rights((char *) pci\->proxyPolicy\->policy\->data, +\& pci\->proxyPolicy\->policy\->length, +\& &tmp_rights); +\& +\& for(i = 0; i < total_rights / 8; i++) +\& rights\->rights[i] &= tmp_rights.rights[i]; +\& } +\& break; +\& } +\& PROXY_CERT_INFO_EXTENSION_free(pci); +\& } else if (!(X509_get_extension_flags(xs) & EXFLAG_CA)) { +\& /* We have an EE certificate, let\*(Aqs use it to set default! */ +\& YOUR_RIGHTS *rights = +\& (YOUR_RIGHTS *)X509_STORE_CTX_get_ex_data(ctx, +\& get_proxy_auth_ex_data_idx(ctx)); +\& +\& /* +\& * The following procedure finds out what rights the +\& * owner of the current certificate has, and sets them +\& * in the YOUR_RIGHTS structure pointed at by the +\& * second argument. +\& */ +\& set_default_rights(xs, rights); +\& } +\& } +\& return ok; +\& } +\& +\& static int my_X509_verify_cert(X509_STORE_CTX *ctx, +\& YOUR_RIGHTS *needed_rights) +\& { +\& int ok; +\& int (*save_verify_cb)(int ok,X509_STORE_CTX *ctx) = +\& X509_STORE_CTX_get_verify_cb(ctx); +\& YOUR_RIGHTS rights; +\& +\& X509_STORE_CTX_set_verify_cb(ctx, verify_callback); +\& X509_STORE_CTX_set_ex_data(ctx, get_proxy_auth_ex_data_idx(ctx), +\& &rights); +\& X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS); +\& ok = X509_verify_cert(ctx); +\& +\& if (ok == 1) { +\& ok = check_needed_rights(rights, needed_rights); +\& } +\& +\& X509_STORE_CTX_set_verify_cb(ctx, save_verify_cb); +\& +\& return ok; +\& } +.Ve +.PP +If you use \s-1SSL\s0 or \s-1TLS\s0, you can easily set up a callback to have the +certificates checked properly, using the code above: +.PP +.Vb 2 +\& SSL_CTX_set_cert_verify_callback(s_ctx, my_X509_verify_cert, +\& &needed_rights); +.Ve +.SH "NOTES" +.IX Header "NOTES" +To this date, it seems that proxy certificates have only been used in +environments that are aware of them, and no one seems to have +investigated how they can be used or misused outside of such an +environment. +.PP +For that reason, OpenSSL requires that applications aware of proxy +certificates must also make that explicit. +.PP +\&\fBsubjectAltName\fR and \fBissuerAltName\fR are forbidden in proxy +certificates, and this is enforced in OpenSSL. The subject must be +the same as the issuer, with one commonName added on. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIX509_STORE_CTX_set_flags\fR\|(3), +\&\fIX509_STORE_CTX_set_verify_cb\fR\|(3), +\&\fIX509_VERIFY_PARAM_set_flags\fR\|(3), +\&\fISSL_CTX_set_cert_verify_callback\fR\|(3), +\&\fIopenssl\-req\fR\|(1), \fIopenssl\-x509\fR\|(1), +\&\s-1RFC\s0 3820 +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man7/ssl.7 b/linux_amd64/share/man/man7/ssl.7 new file mode 100755 index 0000000..0a2107c --- /dev/null +++ b/linux_amd64/share/man/man7/ssl.7 @@ -0,0 +1,220 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL 7" +.TH SSL 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ssl \- OpenSSL SSL/TLS library +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +See the individual manual pages for details. +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The OpenSSL \fBssl\fR library implements several versions of the +Secure Sockets Layer, Transport Layer Security, and Datagram Transport Layer +Security protocols. +This page gives a brief overview of the extensive \s-1API\s0 and data types +provided by the library. +.PP +An \fB\s-1SSL_CTX\s0\fR object is created as a framework to establish +\&\s-1TLS/SSL\s0 enabled connections (see \fISSL_CTX_new\fR\|(3)). +Various options regarding certificates, algorithms etc. can be set +in this object. +.PP +When a network connection has been created, it can be assigned to an +\&\fB\s-1SSL\s0\fR object. After the \fB\s-1SSL\s0\fR object has been created using +\&\fISSL_new\fR\|(3), \fISSL_set_fd\fR\|(3) or +\&\fISSL_set_bio\fR\|(3) can be used to associate the network +connection with the object. +.PP +When the \s-1TLS/SSL\s0 handshake is performed using +\&\fISSL_accept\fR\|(3) or \fISSL_connect\fR\|(3) +respectively. +\&\fISSL_read_ex\fR\|(3), \fISSL_read\fR\|(3), \fISSL_write_ex\fR\|(3) and \fISSL_write\fR\|(3) are +used to read and write data on the \s-1TLS/SSL\s0 connection. +\&\fISSL_shutdown\fR\|(3) can be used to shut down the +\&\s-1TLS/SSL\s0 connection. +.SH "DATA STRUCTURES" +.IX Header "DATA STRUCTURES" +Here are some of the main data structures in the library. +.IP "\fB\s-1SSL_METHOD\s0\fR (\s-1SSL\s0 Method)" 4 +.IX Item "SSL_METHOD (SSL Method)" +This is a dispatch structure describing the internal \fBssl\fR library +methods/functions which implement the various protocol versions (SSLv3 +TLSv1, ...). It's needed to create an \fB\s-1SSL_CTX\s0\fR. +.IP "\fB\s-1SSL_CIPHER\s0\fR (\s-1SSL\s0 Cipher)" 4 +.IX Item "SSL_CIPHER (SSL Cipher)" +This structure holds the algorithm information for a particular cipher which +are a core part of the \s-1SSL/TLS\s0 protocol. The available ciphers are configured +on a \fB\s-1SSL_CTX\s0\fR basis and the actual ones used are then part of the +\&\fB\s-1SSL_SESSION\s0\fR. +.IP "\fB\s-1SSL_CTX\s0\fR (\s-1SSL\s0 Context)" 4 +.IX Item "SSL_CTX (SSL Context)" +This is the global context structure which is created by a server or client +once per program life-time and which holds mainly default values for the +\&\fB\s-1SSL\s0\fR structures which are later created for the connections. +.IP "\fB\s-1SSL_SESSION\s0\fR (\s-1SSL\s0 Session)" 4 +.IX Item "SSL_SESSION (SSL Session)" +This is a structure containing the current \s-1TLS/SSL\s0 session details for a +connection: \fB\s-1SSL_CIPHER\s0\fRs, client and server certificates, keys, etc. +.IP "\fB\s-1SSL\s0\fR (\s-1SSL\s0 Connection)" 4 +.IX Item "SSL (SSL Connection)" +This is the main \s-1SSL/TLS\s0 structure which is created by a server or client per +established connection. This actually is the core structure in the \s-1SSL\s0 \s-1API\s0. +At run-time the application usually deals with this structure which has +links to mostly all other structures. +.SH "HEADER FILES" +.IX Header "HEADER FILES" +Currently the OpenSSL \fBssl\fR library provides the following C header files +containing the prototypes for the data structures and functions: +.IP "\fI\fR" 4 +.IX Item "" +This is the common header file for the \s-1SSL/TLS\s0 \s-1API\s0. Include it into your +program to make the \s-1API\s0 of the \fBssl\fR library available. It internally +includes both more private \s-1SSL\s0 headers and headers from the \fBcrypto\fR library. +Whenever you need hard-core details on the internals of the \s-1SSL\s0 \s-1API\s0, look +inside this header file. +This file also includes the others listed below. +.IP "\fI\fR" 4 +.IX Item "" +Unused. Present for backwards compatibility only. +.IP "\fI\fR" 4 +.IX Item "" +This is the sub header file dealing with the SSLv3 protocol only. +.IP "\fI\fR" 4 +.IX Item "" +This is the sub header file dealing with the TLSv1 protocol only. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/share/man/man7/x509.7 b/linux_amd64/share/man/man7/x509.7 new file mode 100755 index 0000000..727d182 --- /dev/null +++ b/linux_amd64/share/man/man7/x509.7 @@ -0,0 +1,196 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509 7" +.TH X509 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +x509 \- X.509 certificate handling +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +An X.509 certificate is a structured grouping of information about +an individual, a device, or anything one can imagine. A X.509 \s-1CRL\s0 +(certificate revocation list) is a tool to help determine if a +certificate is still valid. The exact definition of those can be +found in the X.509 document from ITU-T, or in \s-1RFC3280\s0 from \s-1PKIX\s0. +In OpenSSL, the type X509 is used to express such a certificate, and +the type X509_CRL is used to express a \s-1CRL\s0. +.PP +A related structure is a certificate request, defined in PKCS#10 from +\&\s-1RSA\s0 Security, Inc, also reflected in \s-1RFC2896\s0. In OpenSSL, the type +X509_REQ is used to express such a certificate request. +.PP +To handle some complex parts of a certificate, there are the types +X509_NAME (to express a certificate name), X509_ATTRIBUTE (to express +a certificate attributes), X509_EXTENSION (to express a certificate +extension) and a few more. +.PP +Finally, there's the supertype X509_INFO, which can contain a \s-1CRL\s0, a +certificate and a corresponding private key. +.PP +\&\fBX509_\fR\fI\s-1XXX\s0\fR, \fBd2i_X509_\fR\fI\s-1XXX\s0\fR, and \fBi2d_X509_\fR\fI\s-1XXX\s0\fR functions +handle X.509 certificates, with some exceptions, shown below. +.PP +\&\fBX509_CRL_\fR\fI\s-1XXX\s0\fR, \fBd2i_X509_CRL_\fR\fI\s-1XXX\s0\fR, and \fBi2d_X509_CRL_\fR\fI\s-1XXX\s0\fR +functions handle X.509 CRLs. +.PP +\&\fBX509_REQ_\fR\fI\s-1XXX\s0\fR, \fBd2i_X509_REQ_\fR\fI\s-1XXX\s0\fR, and \fBi2d_X509_REQ_\fR\fI\s-1XXX\s0\fR +functions handle PKCS#10 certificate requests. +.PP +\&\fBX509_NAME_\fR\fI\s-1XXX\s0\fR functions handle certificate names. +.PP +\&\fBX509_ATTRIBUTE_\fR\fI\s-1XXX\s0\fR functions handle certificate attributes. +.PP +\&\fBX509_EXTENSION_\fR\fI\s-1XXX\s0\fR functions handle certificate extensions. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIX509_NAME_ENTRY_get_object\fR\|(3), +\&\fIX509_NAME_add_entry_by_txt\fR\|(3), +\&\fIX509_NAME_add_entry_by_NID\fR\|(3), +\&\fIX509_NAME_print_ex\fR\|(3), +\&\fIX509_NAME_new\fR\|(3), +\&\fId2i_X509\fR\|(3), +\&\fId2i_X509_ALGOR\fR\|(3), +\&\fId2i_X509_CRL\fR\|(3), +\&\fId2i_X509_NAME\fR\|(3), +\&\fId2i_X509_REQ\fR\|(3), +\&\fId2i_X509_SIG\fR\|(3), +\&\fIcrypto\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2003\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/bin/c_rehash b/linux_amd64/ssl/bin/c_rehash new file mode 100755 index 0000000..ec0a871 --- /dev/null +++ b/linux_amd64/ssl/bin/c_rehash @@ -0,0 +1,232 @@ +#!/usr/bin/env perl + +# WARNING: do not edit! +# Generated by Makefile from ../tools/c_rehash.in +# Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +# Perl c_rehash script, scan all files in a directory +# and add symbolic links to their hash values. + +my $dir = ""; +my $prefix = "/root/openssl/build/../out"; + +my $errorcount = 0; +my $openssl = $ENV{OPENSSL} || "openssl"; +my $pwd; +my $x509hash = "-subject_hash"; +my $crlhash = "-hash"; +my $verbose = 0; +my $symlink_exists=eval {symlink("",""); 1}; +my $removelinks = 1; + +## Parse flags. +while ( $ARGV[0] =~ /^-/ ) { + my $flag = shift @ARGV; + last if ( $flag eq '--'); + if ( $flag eq '-old') { + $x509hash = "-subject_hash_old"; + $crlhash = "-hash_old"; + } elsif ( $flag eq '-h' || $flag eq '-help' ) { + help(); + } elsif ( $flag eq '-n' ) { + $removelinks = 0; + } elsif ( $flag eq '-v' ) { + $verbose++; + } + else { + print STDERR "Usage error; try -h.\n"; + exit 1; + } +} + +sub help { + print "Usage: c_rehash [-old] [-h] [-help] [-v] [dirs...]\n"; + print " -old use old-style digest\n"; + print " -h or -help print this help text\n"; + print " -v print files removed and linked\n"; + exit 0; +} + +eval "require Cwd"; +if (defined(&Cwd::getcwd)) { + $pwd=Cwd::getcwd(); +} else { + $pwd=`pwd`; + chomp($pwd); +} + +# DOS/Win32 or Unix delimiter? Prefix our installdir, then search. +my $path_delim = ($pwd =~ /^[a-z]\:/i) ? ';' : ':'; +$ENV{PATH} = "$prefix/bin" . ($ENV{PATH} ? $path_delim . $ENV{PATH} : ""); + +if (! -x $openssl) { + my $found = 0; + foreach (split /$path_delim/, $ENV{PATH}) { + if (-x "$_/$openssl") { + $found = 1; + $openssl = "$_/$openssl"; + last; + } + } + if ($found == 0) { + print STDERR "c_rehash: rehashing skipped ('openssl' program not available)\n"; + exit 0; + } +} + +if (@ARGV) { + @dirlist = @ARGV; +} elsif ($ENV{SSL_CERT_DIR}) { + @dirlist = split /$path_delim/, $ENV{SSL_CERT_DIR}; +} else { + $dirlist[0] = "$dir/certs"; +} + +if (-d $dirlist[0]) { + chdir $dirlist[0]; + $openssl="$pwd/$openssl" if (!-x $openssl); + chdir $pwd; +} + +foreach (@dirlist) { + if (-d $_ ) { + if ( -w $_) { + hash_dir($_); + } else { + print "Skipping $_, can't write\n"; + $errorcount++; + } + } +} +exit($errorcount); + +sub hash_dir { + my %hashlist; + print "Doing $_[0]\n"; + chdir $_[0]; + opendir(DIR, "."); + my @flist = sort readdir(DIR); + closedir DIR; + if ( $removelinks ) { + # Delete any existing symbolic links + foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @flist) { + if (-l $_) { + print "unlink $_" if $verbose; + unlink $_ || warn "Can't unlink $_, $!\n"; + } + } + } + FILE: foreach $fname (grep {/\.(pem)|(crt)|(cer)|(crl)$/} @flist) { + # Check to see if certificates and/or CRLs present. + my ($cert, $crl) = check_file($fname); + if (!$cert && !$crl) { + print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n"; + next; + } + link_hash_cert($fname) if ($cert); + link_hash_crl($fname) if ($crl); + } +} + +sub check_file { + my ($is_cert, $is_crl) = (0,0); + my $fname = $_[0]; + open IN, $fname; + while() { + if (/^-----BEGIN (.*)-----/) { + my $hdr = $1; + if ($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) { + $is_cert = 1; + last if ($is_crl); + } elsif ($hdr eq "X509 CRL") { + $is_crl = 1; + last if ($is_cert); + } + } + } + close IN; + return ($is_cert, $is_crl); +} + + +# Link a certificate to its subject name hash value, each hash is of +# the form . where n is an integer. If the hash value already exists +# then we need to up the value of n, unless its a duplicate in which +# case we skip the link. We check for duplicates by comparing the +# certificate fingerprints + +sub link_hash_cert { + my $fname = $_[0]; + $fname =~ s/'/'\\''/g; + my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`; + chomp $hash; + chomp $fprint; + $fprint =~ s/^.*=//; + $fprint =~ tr/://d; + my $suffix = 0; + # Search for an unused hash filename + while(exists $hashlist{"$hash.$suffix"}) { + # Hash matches: if fingerprint matches its a duplicate cert + if ($hashlist{"$hash.$suffix"} eq $fprint) { + print STDERR "WARNING: Skipping duplicate certificate $fname\n"; + return; + } + $suffix++; + } + $hash .= ".$suffix"; + if ($symlink_exists) { + print "link $fname -> $hash\n" if $verbose; + symlink $fname, $hash || warn "Can't symlink, $!"; + } else { + print "copy $fname -> $hash\n" if $verbose; + if (open($in, "<", $fname)) { + if (open($out,">", $hash)) { + print $out $_ while (<$in>); + close $out; + } else { + warn "can't open $hash for write, $!"; + } + close $in; + } else { + warn "can't open $fname for read, $!"; + } + } + $hashlist{$hash} = $fprint; +} + +# Same as above except for a CRL. CRL links are of the form .r + +sub link_hash_crl { + my $fname = $_[0]; + $fname =~ s/'/'\\''/g; + my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`; + chomp $hash; + chomp $fprint; + $fprint =~ s/^.*=//; + $fprint =~ tr/://d; + my $suffix = 0; + # Search for an unused hash filename + while(exists $hashlist{"$hash.r$suffix"}) { + # Hash matches: if fingerprint matches its a duplicate cert + if ($hashlist{"$hash.r$suffix"} eq $fprint) { + print STDERR "WARNING: Skipping duplicate CRL $fname\n"; + return; + } + $suffix++; + } + $hash .= ".r$suffix"; + if ($symlink_exists) { + print "link $fname -> $hash\n" if $verbose; + symlink $fname, $hash || warn "Can't symlink, $!"; + } else { + print "cp $fname -> $hash\n" if $verbose; + system ("cp", $fname, $hash); + warn "Can't copy, $!" if ($? >> 8) != 0; + } + $hashlist{$hash} = $fprint; +} diff --git a/linux_amd64/ssl/bin/openssl b/linux_amd64/ssl/bin/openssl new file mode 100755 index 0000000..61d0225 Binary files /dev/null and b/linux_amd64/ssl/bin/openssl differ diff --git a/linux_amd64/ssl/ct_log_list.cnf b/linux_amd64/ssl/ct_log_list.cnf new file mode 100644 index 0000000..e643cfd --- /dev/null +++ b/linux_amd64/ssl/ct_log_list.cnf @@ -0,0 +1,9 @@ +# This file specifies the Certificate Transparency logs +# that are to be trusted. + +# Google's list of logs can be found here: +# www.certificate-transparency.org/known-logs +# A Python program to convert the log list to OpenSSL's format can be +# found here: +# https://github.com/google/certificate-transparency/blob/master/python/utilities/log_list/print_log_list.py +# Use the "--openssl_output" flag. diff --git a/linux_amd64/ssl/ct_log_list.cnf.dist b/linux_amd64/ssl/ct_log_list.cnf.dist new file mode 100644 index 0000000..e643cfd --- /dev/null +++ b/linux_amd64/ssl/ct_log_list.cnf.dist @@ -0,0 +1,9 @@ +# This file specifies the Certificate Transparency logs +# that are to be trusted. + +# Google's list of logs can be found here: +# www.certificate-transparency.org/known-logs +# A Python program to convert the log list to OpenSSL's format can be +# found here: +# https://github.com/google/certificate-transparency/blob/master/python/utilities/log_list/print_log_list.py +# Use the "--openssl_output" flag. diff --git a/linux_amd64/ssl/include/openssl/aes.h b/linux_amd64/ssl/include/openssl/aes.h new file mode 100644 index 0000000..f6e74db --- /dev/null +++ b/linux_amd64/ssl/include/openssl/aes.h @@ -0,0 +1,116 @@ +/* + * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_AES_H +# define OPENSSL_AES_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_AES_H +# endif + +# include + +# include +# ifdef __cplusplus +extern "C" { +# endif + +# define AES_BLOCK_SIZE 16 + +# ifndef OPENSSL_NO_DEPRECATED_3_0 + +# define AES_ENCRYPT 1 +# define AES_DECRYPT 0 + +# define AES_MAXNR 14 + + +/* This should be a hidden type, but EVP requires that the size be known */ +struct aes_key_st { +# ifdef AES_LONG + unsigned long rd_key[4 * (AES_MAXNR + 1)]; +# else + unsigned int rd_key[4 * (AES_MAXNR + 1)]; +# endif + int rounds; +}; +typedef struct aes_key_st AES_KEY; + +# endif + +DEPRECATEDIN_3_0(const char *AES_options(void)) + +DEPRECATEDIN_3_0(int + AES_set_encrypt_key(const unsigned char *userKey, + const int bits, AES_KEY *key)) +DEPRECATEDIN_3_0(int + AES_set_decrypt_key(const unsigned char *userKey, + const int bits, AES_KEY *key)) + +DEPRECATEDIN_3_0(void + AES_encrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key)) +DEPRECATEDIN_3_0(void + AES_decrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key)) + +DEPRECATEDIN_3_0(void + AES_ecb_encrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key, const int enc)) +DEPRECATEDIN_3_0(void + AES_cbc_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, const int enc)) +DEPRECATEDIN_3_0(void + AES_cfb128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, int *num, + const int enc)) +DEPRECATEDIN_3_0(void + AES_cfb1_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, int *num, const int enc)) +DEPRECATEDIN_3_0(void + AES_cfb8_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, int *num, const int enc)) +DEPRECATEDIN_3_0(void + AES_ofb128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, int *num)) + +/* NB: the IV is _two_ blocks long */ +DEPRECATEDIN_3_0(void + AES_ige_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, const int enc)) +/* NB: the IV is _four_ blocks long */ +DEPRECATEDIN_3_0(void + AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + const AES_KEY *key2, + const unsigned char *ivec, const int enc)) + +DEPRECATEDIN_3_0(int + AES_wrap_key(AES_KEY *key, const unsigned char *iv, + unsigned char *out, const unsigned char *in, + unsigned int inlen)) +DEPRECATEDIN_3_0(int + AES_unwrap_key(AES_KEY *key, const unsigned char *iv, + unsigned char *out, const unsigned char *in, + unsigned int inlen)) + + +# ifdef __cplusplus +} +# endif + +#endif diff --git a/linux_amd64/ssl/include/openssl/asn1.h b/linux_amd64/ssl/include/openssl/asn1.h new file mode 100644 index 0000000..5863fef --- /dev/null +++ b/linux_amd64/ssl/include/openssl/asn1.h @@ -0,0 +1,867 @@ +/* + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_ASN1_H +# define OPENSSL_ASN1_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_ASN1_H +# endif + +# include +# include +# include +# include +# include +# include +# include + +# include +# include + +# ifdef OPENSSL_BUILD_SHLIBCRYPTO +# undef OPENSSL_EXTERN +# define OPENSSL_EXTERN OPENSSL_EXPORT +# endif + +#ifdef __cplusplus +extern "C" { +#endif + +# define V_ASN1_UNIVERSAL 0x00 +# define V_ASN1_APPLICATION 0x40 +# define V_ASN1_CONTEXT_SPECIFIC 0x80 +# define V_ASN1_PRIVATE 0xc0 + +# define V_ASN1_CONSTRUCTED 0x20 +# define V_ASN1_PRIMITIVE_TAG 0x1f +# define V_ASN1_PRIMATIVE_TAG /*compat*/ V_ASN1_PRIMITIVE_TAG + +# define V_ASN1_APP_CHOOSE -2/* let the recipient choose */ +# define V_ASN1_OTHER -3/* used in ASN1_TYPE */ +# define V_ASN1_ANY -4/* used in ASN1 template code */ + +# define V_ASN1_UNDEF -1 +/* ASN.1 tag values */ +# define V_ASN1_EOC 0 +# define V_ASN1_BOOLEAN 1 /**/ +# define V_ASN1_INTEGER 2 +# define V_ASN1_BIT_STRING 3 +# define V_ASN1_OCTET_STRING 4 +# define V_ASN1_NULL 5 +# define V_ASN1_OBJECT 6 +# define V_ASN1_OBJECT_DESCRIPTOR 7 +# define V_ASN1_EXTERNAL 8 +# define V_ASN1_REAL 9 +# define V_ASN1_ENUMERATED 10 +# define V_ASN1_UTF8STRING 12 +# define V_ASN1_SEQUENCE 16 +# define V_ASN1_SET 17 +# define V_ASN1_NUMERICSTRING 18 /**/ +# define V_ASN1_PRINTABLESTRING 19 +# define V_ASN1_T61STRING 20 +# define V_ASN1_TELETEXSTRING 20/* alias */ +# define V_ASN1_VIDEOTEXSTRING 21 /**/ +# define V_ASN1_IA5STRING 22 +# define V_ASN1_UTCTIME 23 +# define V_ASN1_GENERALIZEDTIME 24 /**/ +# define V_ASN1_GRAPHICSTRING 25 /**/ +# define V_ASN1_ISO64STRING 26 /**/ +# define V_ASN1_VISIBLESTRING 26/* alias */ +# define V_ASN1_GENERALSTRING 27 /**/ +# define V_ASN1_UNIVERSALSTRING 28 /**/ +# define V_ASN1_BMPSTRING 30 + +/* + * NB the constants below are used internally by ASN1_INTEGER + * and ASN1_ENUMERATED to indicate the sign. They are *not* on + * the wire tag values. + */ + +# define V_ASN1_NEG 0x100 +# define V_ASN1_NEG_INTEGER (2 | V_ASN1_NEG) +# define V_ASN1_NEG_ENUMERATED (10 | V_ASN1_NEG) + +/* For use with d2i_ASN1_type_bytes() */ +# define B_ASN1_NUMERICSTRING 0x0001 +# define B_ASN1_PRINTABLESTRING 0x0002 +# define B_ASN1_T61STRING 0x0004 +# define B_ASN1_TELETEXSTRING 0x0004 +# define B_ASN1_VIDEOTEXSTRING 0x0008 +# define B_ASN1_IA5STRING 0x0010 +# define B_ASN1_GRAPHICSTRING 0x0020 +# define B_ASN1_ISO64STRING 0x0040 +# define B_ASN1_VISIBLESTRING 0x0040 +# define B_ASN1_GENERALSTRING 0x0080 +# define B_ASN1_UNIVERSALSTRING 0x0100 +# define B_ASN1_OCTET_STRING 0x0200 +# define B_ASN1_BIT_STRING 0x0400 +# define B_ASN1_BMPSTRING 0x0800 +# define B_ASN1_UNKNOWN 0x1000 +# define B_ASN1_UTF8STRING 0x2000 +# define B_ASN1_UTCTIME 0x4000 +# define B_ASN1_GENERALIZEDTIME 0x8000 +# define B_ASN1_SEQUENCE 0x10000 +/* For use with ASN1_mbstring_copy() */ +# define MBSTRING_FLAG 0x1000 +# define MBSTRING_UTF8 (MBSTRING_FLAG) +# define MBSTRING_ASC (MBSTRING_FLAG|1) +# define MBSTRING_BMP (MBSTRING_FLAG|2) +# define MBSTRING_UNIV (MBSTRING_FLAG|4) +# define SMIME_OLDMIME 0x400 +# define SMIME_CRLFEOL 0x800 +# define SMIME_STREAM 0x1000 + struct X509_algor_st; +DEFINE_STACK_OF(X509_ALGOR) + +# define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */ +/* + * This indicates that the ASN1_STRING is not a real value but just a place + * holder for the location where indefinite length constructed data should be + * inserted in the memory buffer + */ +# define ASN1_STRING_FLAG_NDEF 0x010 + +/* + * This flag is used by the CMS code to indicate that a string is not + * complete and is a place holder for content when it had all been accessed. + * The flag will be reset when content has been written to it. + */ + +# define ASN1_STRING_FLAG_CONT 0x020 +/* + * This flag is used by ASN1 code to indicate an ASN1_STRING is an MSTRING + * type. + */ +# define ASN1_STRING_FLAG_MSTRING 0x040 +/* String is embedded and only content should be freed */ +# define ASN1_STRING_FLAG_EMBED 0x080 +/* String should be parsed in RFC 5280's time format */ +# define ASN1_STRING_FLAG_X509_TIME 0x100 +/* This is the base type that holds just about everything :-) */ +struct asn1_string_st { + int length; + int type; + unsigned char *data; + /* + * The value of the following field depends on the type being held. It + * is mostly being used for BIT_STRING so if the input data has a + * non-zero 'unused bits' value, it will be handled correctly + */ + long flags; +}; + +/* + * ASN1_ENCODING structure: this is used to save the received encoding of an + * ASN1 type. This is useful to get round problems with invalid encodings + * which can break signatures. + */ + +typedef struct ASN1_ENCODING_st { + unsigned char *enc; /* DER encoding */ + long len; /* Length of encoding */ + int modified; /* set to 1 if 'enc' is invalid */ +} ASN1_ENCODING; + +/* Used with ASN1 LONG type: if a long is set to this it is omitted */ +# define ASN1_LONG_UNDEF 0x7fffffffL + +# define STABLE_FLAGS_MALLOC 0x01 +/* + * A zero passed to ASN1_STRING_TABLE_new_add for the flags is interpreted + * as "don't change" and STABLE_FLAGS_MALLOC is always set. By setting + * STABLE_FLAGS_MALLOC only we can clear the existing value. Use the alias + * STABLE_FLAGS_CLEAR to reflect this. + */ +# define STABLE_FLAGS_CLEAR STABLE_FLAGS_MALLOC +# define STABLE_NO_MASK 0x02 +# define DIRSTRING_TYPE \ + (B_ASN1_PRINTABLESTRING|B_ASN1_T61STRING|B_ASN1_BMPSTRING|B_ASN1_UTF8STRING) +# define PKCS9STRING_TYPE (DIRSTRING_TYPE|B_ASN1_IA5STRING) + +typedef struct asn1_string_table_st { + int nid; + long minsize; + long maxsize; + unsigned long mask; + unsigned long flags; +} ASN1_STRING_TABLE; + +DEFINE_STACK_OF(ASN1_STRING_TABLE) + +/* size limits: this stuff is taken straight from RFC2459 */ + +# define ub_name 32768 +# define ub_common_name 64 +# define ub_locality_name 128 +# define ub_state_name 128 +# define ub_organization_name 64 +# define ub_organization_unit_name 64 +# define ub_title 64 +# define ub_email_address 128 + +/* + * Declarations for template structures: for full definitions see asn1t.h + */ +typedef struct ASN1_TEMPLATE_st ASN1_TEMPLATE; +typedef struct ASN1_TLC_st ASN1_TLC; +/* This is just an opaque pointer */ +typedef struct ASN1_VALUE_st ASN1_VALUE; + +/* Declare ASN1 functions: the implement macro in in asn1t.h */ + +# define DECLARE_ASN1_FUNCTIONS(type) DECLARE_ASN1_FUNCTIONS_name(type, type) + +# define DECLARE_ASN1_ALLOC_FUNCTIONS(type) \ + DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, type) + +# define DECLARE_ASN1_FUNCTIONS_name(type, name) \ + DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ + DECLARE_ASN1_ENCODE_FUNCTIONS_name(type, name) + +# define DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) \ + DECLARE_ASN1_ENCODE_FUNCTIONS_only(type, name) \ + DECLARE_ASN1_ITEM(itname) + +# define DECLARE_ASN1_ENCODE_FUNCTIONS_name(type, name) \ + DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name) + +# define DECLARE_ASN1_ENCODE_FUNCTIONS_only(type, name) \ + type *d2i_##name(type **a, const unsigned char **in, long len); \ + int i2d_##name(const type *a, unsigned char **out); + +# define DECLARE_ASN1_NDEF_FUNCTION(name) \ + int i2d_##name##_NDEF(const name *a, unsigned char **out); + +# define DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ + type *name##_new(void); \ + void name##_free(type *a); + +# define DECLARE_ASN1_DUP_FUNCTION(type) \ + DECLARE_ASN1_DUP_FUNCTION_name(type, type) + +# define DECLARE_ASN1_DUP_FUNCTION_name(type, name) \ + type *name##_dup(const type *a); + +# define DECLARE_ASN1_PRINT_FUNCTION(stname) \ + DECLARE_ASN1_PRINT_FUNCTION_fname(stname, stname) + +# define DECLARE_ASN1_PRINT_FUNCTION_fname(stname, fname) \ + int fname##_print_ctx(BIO *out, const stname *x, int indent, \ + const ASN1_PCTX *pctx); + +# define D2I_OF(type) type *(*)(type **,const unsigned char **,long) +# define I2D_OF(type) int (*)(const type *,unsigned char **) + +# define CHECKED_D2I_OF(type, d2i) \ + ((d2i_of_void*) (1 ? d2i : ((D2I_OF(type))0))) +# define CHECKED_I2D_OF(type, i2d) \ + ((i2d_of_void*) (1 ? i2d : ((I2D_OF(type))0))) +# define CHECKED_NEW_OF(type, xnew) \ + ((void *(*)(void)) (1 ? xnew : ((type *(*)(void))0))) +# define CHECKED_PTR_OF(type, p) \ + ((void*) (1 ? p : (type*)0)) +# define CHECKED_PPTR_OF(type, p) \ + ((void**) (1 ? p : (type**)0)) + +# define TYPEDEF_D2I_OF(type) typedef type *d2i_of_##type(type **,const unsigned char **,long) +# define TYPEDEF_I2D_OF(type) typedef int i2d_of_##type(const type *,unsigned char **) +# define TYPEDEF_D2I2D_OF(type) TYPEDEF_D2I_OF(type); TYPEDEF_I2D_OF(type) + +typedef void *d2i_of_void(void **, const unsigned char **, long); +typedef int i2d_of_void(const void *, unsigned char **); + +/*- + * The following macros and typedefs allow an ASN1_ITEM + * to be embedded in a structure and referenced. Since + * the ASN1_ITEM pointers need to be globally accessible + * (possibly from shared libraries) they may exist in + * different forms. On platforms that support it the + * ASN1_ITEM structure itself will be globally exported. + * Other platforms will export a function that returns + * an ASN1_ITEM pointer. + * + * To handle both cases transparently the macros below + * should be used instead of hard coding an ASN1_ITEM + * pointer in a structure. + * + * The structure will look like this: + * + * typedef struct SOMETHING_st { + * ... + * ASN1_ITEM_EXP *iptr; + * ... + * } SOMETHING; + * + * It would be initialised as e.g.: + * + * SOMETHING somevar = {...,ASN1_ITEM_ref(X509),...}; + * + * and the actual pointer extracted with: + * + * const ASN1_ITEM *it = ASN1_ITEM_ptr(somevar.iptr); + * + * Finally an ASN1_ITEM pointer can be extracted from an + * appropriate reference with: ASN1_ITEM_rptr(X509). This + * would be used when a function takes an ASN1_ITEM * argument. + * + */ + + +/* + * Platforms that can't easily handle shared global variables are declared as + * functions returning ASN1_ITEM pointers. + */ + +/* ASN1_ITEM pointer exported type */ +typedef const ASN1_ITEM *ASN1_ITEM_EXP (void); + +/* Macro to obtain ASN1_ITEM pointer from exported type */ +# define ASN1_ITEM_ptr(iptr) (iptr()) + +/* Macro to include ASN1_ITEM pointer from base type */ +# define ASN1_ITEM_ref(iptr) (iptr##_it) + +# define ASN1_ITEM_rptr(ref) (ref##_it()) + +# define DECLARE_ASN1_ITEM(name) \ + const ASN1_ITEM * name##_it(void); + +/* Parameters used by ASN1_STRING_print_ex() */ + +/* + * These determine which characters to escape: RFC2253 special characters, + * control characters and MSB set characters + */ + +# define ASN1_STRFLGS_ESC_2253 1 +# define ASN1_STRFLGS_ESC_CTRL 2 +# define ASN1_STRFLGS_ESC_MSB 4 + +/* + * This flag determines how we do escaping: normally RC2253 backslash only, + * set this to use backslash and quote. + */ + +# define ASN1_STRFLGS_ESC_QUOTE 8 + +/* These three flags are internal use only. */ + +/* Character is a valid PrintableString character */ +# define CHARTYPE_PRINTABLESTRING 0x10 +/* Character needs escaping if it is the first character */ +# define CHARTYPE_FIRST_ESC_2253 0x20 +/* Character needs escaping if it is the last character */ +# define CHARTYPE_LAST_ESC_2253 0x40 + +/* + * NB the internal flags are safely reused below by flags handled at the top + * level. + */ + +/* + * If this is set we convert all character strings to UTF8 first + */ + +# define ASN1_STRFLGS_UTF8_CONVERT 0x10 + +/* + * If this is set we don't attempt to interpret content: just assume all + * strings are 1 byte per character. This will produce some pretty odd + * looking output! + */ + +# define ASN1_STRFLGS_IGNORE_TYPE 0x20 + +/* If this is set we include the string type in the output */ +# define ASN1_STRFLGS_SHOW_TYPE 0x40 + +/* + * This determines which strings to display and which to 'dump' (hex dump of + * content octets or DER encoding). We can only dump non character strings or + * everything. If we don't dump 'unknown' they are interpreted as character + * strings with 1 octet per character and are subject to the usual escaping + * options. + */ + +# define ASN1_STRFLGS_DUMP_ALL 0x80 +# define ASN1_STRFLGS_DUMP_UNKNOWN 0x100 + +/* + * These determine what 'dumping' does, we can dump the content octets or the + * DER encoding: both use the RFC2253 #XXXXX notation. + */ + +# define ASN1_STRFLGS_DUMP_DER 0x200 + +/* + * This flag specifies that RC2254 escaping shall be performed. + */ +#define ASN1_STRFLGS_ESC_2254 0x400 + +/* + * All the string flags consistent with RFC2253, escaping control characters + * isn't essential in RFC2253 but it is advisable anyway. + */ + +# define ASN1_STRFLGS_RFC2253 (ASN1_STRFLGS_ESC_2253 | \ + ASN1_STRFLGS_ESC_CTRL | \ + ASN1_STRFLGS_ESC_MSB | \ + ASN1_STRFLGS_UTF8_CONVERT | \ + ASN1_STRFLGS_DUMP_UNKNOWN | \ + ASN1_STRFLGS_DUMP_DER) + +DEFINE_STACK_OF(ASN1_INTEGER) + +DEFINE_STACK_OF(ASN1_GENERALSTRING) + +DEFINE_STACK_OF(ASN1_UTF8STRING) + +typedef struct asn1_type_st { + int type; + union { + char *ptr; + ASN1_BOOLEAN boolean; + ASN1_STRING *asn1_string; + ASN1_OBJECT *object; + ASN1_INTEGER *integer; + ASN1_ENUMERATED *enumerated; + ASN1_BIT_STRING *bit_string; + ASN1_OCTET_STRING *octet_string; + ASN1_PRINTABLESTRING *printablestring; + ASN1_T61STRING *t61string; + ASN1_IA5STRING *ia5string; + ASN1_GENERALSTRING *generalstring; + ASN1_BMPSTRING *bmpstring; + ASN1_UNIVERSALSTRING *universalstring; + ASN1_UTCTIME *utctime; + ASN1_GENERALIZEDTIME *generalizedtime; + ASN1_VISIBLESTRING *visiblestring; + ASN1_UTF8STRING *utf8string; + /* + * set and sequence are left complete and still contain the set or + * sequence bytes + */ + ASN1_STRING *set; + ASN1_STRING *sequence; + ASN1_VALUE *asn1_value; + } value; +} ASN1_TYPE; + +DEFINE_STACK_OF(ASN1_TYPE) + +typedef STACK_OF(ASN1_TYPE) ASN1_SEQUENCE_ANY; + +DECLARE_ASN1_ENCODE_FUNCTIONS_name(ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY) +DECLARE_ASN1_ENCODE_FUNCTIONS_name(ASN1_SEQUENCE_ANY, ASN1_SET_ANY) + +/* This is used to contain a list of bit names */ +typedef struct BIT_STRING_BITNAME_st { + int bitnum; + const char *lname; + const char *sname; +} BIT_STRING_BITNAME; + +# define B_ASN1_TIME \ + B_ASN1_UTCTIME | \ + B_ASN1_GENERALIZEDTIME + +# define B_ASN1_PRINTABLE \ + B_ASN1_NUMERICSTRING| \ + B_ASN1_PRINTABLESTRING| \ + B_ASN1_T61STRING| \ + B_ASN1_IA5STRING| \ + B_ASN1_BIT_STRING| \ + B_ASN1_UNIVERSALSTRING|\ + B_ASN1_BMPSTRING|\ + B_ASN1_UTF8STRING|\ + B_ASN1_SEQUENCE|\ + B_ASN1_UNKNOWN + +# define B_ASN1_DIRECTORYSTRING \ + B_ASN1_PRINTABLESTRING| \ + B_ASN1_TELETEXSTRING|\ + B_ASN1_BMPSTRING|\ + B_ASN1_UNIVERSALSTRING|\ + B_ASN1_UTF8STRING + +# define B_ASN1_DISPLAYTEXT \ + B_ASN1_IA5STRING| \ + B_ASN1_VISIBLESTRING| \ + B_ASN1_BMPSTRING|\ + B_ASN1_UTF8STRING + +DECLARE_ASN1_ALLOC_FUNCTIONS_name(ASN1_TYPE, ASN1_TYPE) +DECLARE_ASN1_ENCODE_FUNCTIONS(ASN1_TYPE, ASN1_ANY, ASN1_TYPE) + +int ASN1_TYPE_get(const ASN1_TYPE *a); +void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value); +int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value); +int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b); + +ASN1_TYPE *ASN1_TYPE_pack_sequence(const ASN1_ITEM *it, void *s, ASN1_TYPE **t); +void *ASN1_TYPE_unpack_sequence(const ASN1_ITEM *it, const ASN1_TYPE *t); + +DECLARE_ASN1_FUNCTIONS(ASN1_OBJECT) +DEFINE_STACK_OF(ASN1_OBJECT) + +ASN1_STRING *ASN1_STRING_new(void); +void ASN1_STRING_free(ASN1_STRING *a); +void ASN1_STRING_clear_free(ASN1_STRING *a); +int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str); +DECLARE_ASN1_DUP_FUNCTION(ASN1_STRING) +ASN1_STRING *ASN1_STRING_type_new(int type); +int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b); + /* + * Since this is used to store all sorts of things, via macros, for now, + * make its data void * + */ +int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len); +void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len); +int ASN1_STRING_length(const ASN1_STRING *x); +void ASN1_STRING_length_set(ASN1_STRING *x, int n); +int ASN1_STRING_type(const ASN1_STRING *x); +DEPRECATEDIN_1_1_0(unsigned char *ASN1_STRING_data(ASN1_STRING *x)) +const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x); + +DECLARE_ASN1_FUNCTIONS(ASN1_BIT_STRING) +int ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d, int length); +int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value); +int ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n); +int ASN1_BIT_STRING_check(const ASN1_BIT_STRING *a, + const unsigned char *flags, int flags_len); + +int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs, + BIT_STRING_BITNAME *tbl, int indent); +int ASN1_BIT_STRING_num_asc(const char *name, BIT_STRING_BITNAME *tbl); +int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, const char *name, int value, + BIT_STRING_BITNAME *tbl); + +DECLARE_ASN1_FUNCTIONS(ASN1_INTEGER) +ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, + long length); +DECLARE_ASN1_DUP_FUNCTION(ASN1_INTEGER) +int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y); + +DECLARE_ASN1_FUNCTIONS(ASN1_ENUMERATED) + +int ASN1_UTCTIME_check(const ASN1_UTCTIME *a); +ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t); +ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, + int offset_day, long offset_sec); +int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str); +int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t); + +int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *a); +ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s, + time_t t); +ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s, + time_t t, int offset_day, + long offset_sec); +int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str); + +int ASN1_TIME_diff(int *pday, int *psec, + const ASN1_TIME *from, const ASN1_TIME *to); + +DECLARE_ASN1_FUNCTIONS(ASN1_OCTET_STRING) +DECLARE_ASN1_DUP_FUNCTION(ASN1_OCTET_STRING) +int ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a, + const ASN1_OCTET_STRING *b); +int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, const unsigned char *data, + int len); + +DECLARE_ASN1_FUNCTIONS(ASN1_VISIBLESTRING) +DECLARE_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING) +DECLARE_ASN1_FUNCTIONS(ASN1_UTF8STRING) +DECLARE_ASN1_FUNCTIONS(ASN1_NULL) +DECLARE_ASN1_FUNCTIONS(ASN1_BMPSTRING) + +int UTF8_getc(const unsigned char *str, int len, unsigned long *val); +int UTF8_putc(unsigned char *str, int len, unsigned long value); + +DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, ASN1_PRINTABLE) + +DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DIRECTORYSTRING) +DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DISPLAYTEXT) +DECLARE_ASN1_FUNCTIONS(ASN1_PRINTABLESTRING) +DECLARE_ASN1_FUNCTIONS(ASN1_T61STRING) +DECLARE_ASN1_FUNCTIONS(ASN1_IA5STRING) +DECLARE_ASN1_FUNCTIONS(ASN1_GENERALSTRING) +DECLARE_ASN1_FUNCTIONS(ASN1_UTCTIME) +DECLARE_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME) +DECLARE_ASN1_FUNCTIONS(ASN1_TIME) + +DECLARE_ASN1_DUP_FUNCTION(ASN1_TIME) +DECLARE_ASN1_DUP_FUNCTION(ASN1_UTCTIME) +DECLARE_ASN1_DUP_FUNCTION(ASN1_GENERALIZEDTIME) + +DECLARE_ASN1_ITEM(ASN1_OCTET_STRING_NDEF) + +ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t); +ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t, + int offset_day, long offset_sec); +int ASN1_TIME_check(const ASN1_TIME *t); +ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(const ASN1_TIME *t, + ASN1_GENERALIZEDTIME **out); +int ASN1_TIME_set_string(ASN1_TIME *s, const char *str); +int ASN1_TIME_set_string_X509(ASN1_TIME *s, const char *str); +int ASN1_TIME_to_tm(const ASN1_TIME *s, struct tm *tm); +int ASN1_TIME_normalize(ASN1_TIME *s); +int ASN1_TIME_cmp_time_t(const ASN1_TIME *s, time_t t); +int ASN1_TIME_compare(const ASN1_TIME *a, const ASN1_TIME *b); + +int i2a_ASN1_INTEGER(BIO *bp, const ASN1_INTEGER *a); +int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size); +int i2a_ASN1_ENUMERATED(BIO *bp, const ASN1_ENUMERATED *a); +int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size); +int i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *a); +int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size); +int i2a_ASN1_STRING(BIO *bp, const ASN1_STRING *a, int type); +int i2t_ASN1_OBJECT(char *buf, int buf_len, const ASN1_OBJECT *a); + +int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num); +ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len, + const char *sn, const char *ln); + +int ASN1_INTEGER_get_int64(int64_t *pr, const ASN1_INTEGER *a); +int ASN1_INTEGER_set_int64(ASN1_INTEGER *a, int64_t r); +int ASN1_INTEGER_get_uint64(uint64_t *pr, const ASN1_INTEGER *a); +int ASN1_INTEGER_set_uint64(ASN1_INTEGER *a, uint64_t r); + +int ASN1_INTEGER_set(ASN1_INTEGER *a, long v); +long ASN1_INTEGER_get(const ASN1_INTEGER *a); +ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai); +BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn); + +int ASN1_ENUMERATED_get_int64(int64_t *pr, const ASN1_ENUMERATED *a); +int ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *a, int64_t r); + + +int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v); +long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a); +ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(const BIGNUM *bn, ASN1_ENUMERATED *ai); +BIGNUM *ASN1_ENUMERATED_to_BN(const ASN1_ENUMERATED *ai, BIGNUM *bn); + +/* General */ +/* given a string, return the correct type, max is the maximum length */ +int ASN1_PRINTABLE_type(const unsigned char *s, int max); + +unsigned long ASN1_tag2bit(int tag); + +/* SPECIALS */ +int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag, + int *pclass, long omax); +int ASN1_check_infinite_end(unsigned char **p, long len); +int ASN1_const_check_infinite_end(const unsigned char **p, long len); +void ASN1_put_object(unsigned char **pp, int constructed, int length, + int tag, int xclass); +int ASN1_put_eoc(unsigned char **pp); +int ASN1_object_size(int constructed, int length, int tag); + +/* Used to implement other functions */ +void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, const void *x); + +# define ASN1_dup_of(type,i2d,d2i,x) \ + ((type*)ASN1_dup(CHECKED_I2D_OF(type, i2d), \ + CHECKED_D2I_OF(type, d2i), \ + CHECKED_PTR_OF(const type, x))) + +void *ASN1_item_dup(const ASN1_ITEM *it, const void *x); + +/* ASN1 alloc/free macros for when a type is only used internally */ + +# define M_ASN1_new_of(type) (type *)ASN1_item_new(ASN1_ITEM_rptr(type)) +# define M_ASN1_free_of(x, type) \ + ASN1_item_free(CHECKED_PTR_OF(type, x), ASN1_ITEM_rptr(type)) + +# ifndef OPENSSL_NO_STDIO +void *ASN1_d2i_fp(void *(*xnew) (void), d2i_of_void *d2i, FILE *in, void **x); + +# define ASN1_d2i_fp_of(type,xnew,d2i,in,x) \ + ((type*)ASN1_d2i_fp(CHECKED_NEW_OF(type, xnew), \ + CHECKED_D2I_OF(type, d2i), \ + in, \ + CHECKED_PPTR_OF(type, x))) + +void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x); +int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, const void *x); + +# define ASN1_i2d_fp_of(type,i2d,out,x) \ + (ASN1_i2d_fp(CHECKED_I2D_OF(type, i2d), \ + out, \ + CHECKED_PTR_OF(const type, x))) + +int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, const void *x); +int ASN1_STRING_print_ex_fp(FILE *fp, const ASN1_STRING *str, unsigned long flags); +# endif + +int ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in); + +void *ASN1_d2i_bio(void *(*xnew) (void), d2i_of_void *d2i, BIO *in, void **x); + +# define ASN1_d2i_bio_of(type,xnew,d2i,in,x) \ + ((type*)ASN1_d2i_bio( CHECKED_NEW_OF(type, xnew), \ + CHECKED_D2I_OF(type, d2i), \ + in, \ + CHECKED_PPTR_OF(type, x))) + +void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x); +int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, const void *x); + +# define ASN1_i2d_bio_of(type,i2d,out,x) \ + (ASN1_i2d_bio(CHECKED_I2D_OF(type, i2d), \ + out, \ + CHECKED_PTR_OF(const type, x))) + +int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, const void *x); +int ASN1_UTCTIME_print(BIO *fp, const ASN1_UTCTIME *a); +int ASN1_GENERALIZEDTIME_print(BIO *fp, const ASN1_GENERALIZEDTIME *a); +int ASN1_TIME_print(BIO *fp, const ASN1_TIME *a); +int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v); +int ASN1_STRING_print_ex(BIO *out, const ASN1_STRING *str, unsigned long flags); +int ASN1_buf_print(BIO *bp, const unsigned char *buf, size_t buflen, int off); +int ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num, + unsigned char *buf, int off); +int ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent); +int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent, + int dump); +const char *ASN1_tag2str(int tag); + +/* Used to load and write Netscape format cert */ + +int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s); + +int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len); +int ASN1_TYPE_get_octetstring(const ASN1_TYPE *a, unsigned char *data, int max_len); +int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, + unsigned char *data, int len); +int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num, + unsigned char *data, int max_len); + +void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it); + +ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, + ASN1_OCTET_STRING **oct); + +void ASN1_STRING_set_default_mask(unsigned long mask); +int ASN1_STRING_set_default_mask_asc(const char *p); +unsigned long ASN1_STRING_get_default_mask(void); +int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len, + int inform, unsigned long mask); +int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, + int inform, unsigned long mask, + long minsize, long maxsize); + +ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, + const unsigned char *in, int inlen, + int inform, int nid); +ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid); +int ASN1_STRING_TABLE_add(int, long, long, unsigned long, unsigned long); +void ASN1_STRING_TABLE_cleanup(void); + +/* ASN1 template functions */ + +/* Old API compatible functions */ +ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it); +void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it); +ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **val, const unsigned char **in, + long len, const ASN1_ITEM *it); +int ASN1_item_i2d(const ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it); +int ASN1_item_ndef_i2d(const ASN1_VALUE *val, unsigned char **out, + const ASN1_ITEM *it); + +void ASN1_add_oid_module(void); +void ASN1_add_stable_module(void); + +ASN1_TYPE *ASN1_generate_nconf(const char *str, CONF *nconf); +ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf); +int ASN1_str2mask(const char *str, unsigned long *pmask); + +/* ASN1 Print flags */ + +/* Indicate missing OPTIONAL fields */ +# define ASN1_PCTX_FLAGS_SHOW_ABSENT 0x001 +/* Mark start and end of SEQUENCE */ +# define ASN1_PCTX_FLAGS_SHOW_SEQUENCE 0x002 +/* Mark start and end of SEQUENCE/SET OF */ +# define ASN1_PCTX_FLAGS_SHOW_SSOF 0x004 +/* Show the ASN1 type of primitives */ +# define ASN1_PCTX_FLAGS_SHOW_TYPE 0x008 +/* Don't show ASN1 type of ANY */ +# define ASN1_PCTX_FLAGS_NO_ANY_TYPE 0x010 +/* Don't show ASN1 type of MSTRINGs */ +# define ASN1_PCTX_FLAGS_NO_MSTRING_TYPE 0x020 +/* Don't show field names in SEQUENCE */ +# define ASN1_PCTX_FLAGS_NO_FIELD_NAME 0x040 +/* Show structure names of each SEQUENCE field */ +# define ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME 0x080 +/* Don't show structure name even at top level */ +# define ASN1_PCTX_FLAGS_NO_STRUCT_NAME 0x100 + +int ASN1_item_print(BIO *out, const ASN1_VALUE *ifld, int indent, + const ASN1_ITEM *it, const ASN1_PCTX *pctx); +ASN1_PCTX *ASN1_PCTX_new(void); +void ASN1_PCTX_free(ASN1_PCTX *p); +unsigned long ASN1_PCTX_get_flags(const ASN1_PCTX *p); +void ASN1_PCTX_set_flags(ASN1_PCTX *p, unsigned long flags); +unsigned long ASN1_PCTX_get_nm_flags(const ASN1_PCTX *p); +void ASN1_PCTX_set_nm_flags(ASN1_PCTX *p, unsigned long flags); +unsigned long ASN1_PCTX_get_cert_flags(const ASN1_PCTX *p); +void ASN1_PCTX_set_cert_flags(ASN1_PCTX *p, unsigned long flags); +unsigned long ASN1_PCTX_get_oid_flags(const ASN1_PCTX *p); +void ASN1_PCTX_set_oid_flags(ASN1_PCTX *p, unsigned long flags); +unsigned long ASN1_PCTX_get_str_flags(const ASN1_PCTX *p); +void ASN1_PCTX_set_str_flags(ASN1_PCTX *p, unsigned long flags); + +ASN1_SCTX *ASN1_SCTX_new(int (*scan_cb) (ASN1_SCTX *ctx)); +void ASN1_SCTX_free(ASN1_SCTX *p); +const ASN1_ITEM *ASN1_SCTX_get_item(ASN1_SCTX *p); +const ASN1_TEMPLATE *ASN1_SCTX_get_template(ASN1_SCTX *p); +unsigned long ASN1_SCTX_get_flags(ASN1_SCTX *p); +void ASN1_SCTX_set_app_data(ASN1_SCTX *p, void *data); +void *ASN1_SCTX_get_app_data(ASN1_SCTX *p); + +const BIO_METHOD *BIO_f_asn1(void); + +/* cannot constify val because of CMS_stream() */ +BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it); + +int i2d_ASN1_bio_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags, + const ASN1_ITEM *it); +int PEM_write_bio_ASN1_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags, + const char *hdr, const ASN1_ITEM *it); +/* cannot constify val because of CMS_dataFinal() */ +int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags, + int ctype_nid, int econt_nid, + STACK_OF(X509_ALGOR) *mdalgs, const ASN1_ITEM *it); +ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it); +int SMIME_crlf_copy(BIO *in, BIO *out, int flags); +int SMIME_text(BIO *in, BIO *out); + +const ASN1_ITEM *ASN1_ITEM_lookup(const char *name); +const ASN1_ITEM *ASN1_ITEM_get(size_t i); + +/* Legacy compatibility */ +# define DECLARE_ASN1_FUNCTIONS_fname(type, itname, name) \ + DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ + DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) +# define DECLARE_ASN1_FUNCTIONS_const(type) DECLARE_ASN1_FUNCTIONS(type) +# define DECLARE_ASN1_ENCODE_FUNCTIONS_const(type, name) \ + DECLARE_ASN1_ENCODE_FUNCTIONS(type, name) +# define I2D_OF_const(type) I2D_OF(type) +# define ASN1_dup_of_const(type,i2d,d2i,x) ASN1_dup_of(type,i2d,d2i,x) +# define ASN1_i2d_fp_of_const(type,i2d,out,x) ASN1_i2d_fp_of(type,i2d,out,x) +# define ASN1_i2d_bio_of_const(type,i2d,out,x) ASN1_i2d_bio_of(type,i2d,out,x) + +# ifdef __cplusplus +} +# endif +#endif diff --git a/linux_amd64/ssl/include/openssl/asn1_mac.h b/linux_amd64/ssl/include/openssl/asn1_mac.h new file mode 100644 index 0000000..fdcb983 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/asn1_mac.h @@ -0,0 +1,10 @@ +/* + * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#error "This file is obsolete; please update your software." diff --git a/linux_amd64/ssl/include/openssl/asn1err.h b/linux_amd64/ssl/include/openssl/asn1err.h new file mode 100644 index 0000000..15f9939 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/asn1err.h @@ -0,0 +1,266 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_ASN1ERR_H +# define OPENSSL_ASN1ERR_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_ASN1ERR_H +# endif + +# include +# include + + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_ASN1_strings(void); + +/* + * ASN1 function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define ASN1_F_A2D_ASN1_OBJECT 0 +# define ASN1_F_A2I_ASN1_INTEGER 0 +# define ASN1_F_A2I_ASN1_STRING 0 +# define ASN1_F_APPEND_EXP 0 +# define ASN1_F_ASN1_BIO_INIT 0 +# define ASN1_F_ASN1_BIT_STRING_SET_BIT 0 +# define ASN1_F_ASN1_CB 0 +# define ASN1_F_ASN1_CHECK_TLEN 0 +# define ASN1_F_ASN1_COLLECT 0 +# define ASN1_F_ASN1_D2I_EX_PRIMITIVE 0 +# define ASN1_F_ASN1_D2I_FP 0 +# define ASN1_F_ASN1_D2I_READ_BIO 0 +# define ASN1_F_ASN1_DIGEST 0 +# define ASN1_F_ASN1_DO_ADB 0 +# define ASN1_F_ASN1_DO_LOCK 0 +# define ASN1_F_ASN1_DUP 0 +# define ASN1_F_ASN1_ENC_SAVE 0 +# define ASN1_F_ASN1_EX_C2I 0 +# define ASN1_F_ASN1_FIND_END 0 +# define ASN1_F_ASN1_GENERALIZEDTIME_ADJ 0 +# define ASN1_F_ASN1_GENERATE_V3 0 +# define ASN1_F_ASN1_GET_INT64 0 +# define ASN1_F_ASN1_GET_OBJECT 0 +# define ASN1_F_ASN1_GET_UINT64 0 +# define ASN1_F_ASN1_I2D_BIO 0 +# define ASN1_F_ASN1_I2D_FP 0 +# define ASN1_F_ASN1_ITEM_D2I_FP 0 +# define ASN1_F_ASN1_ITEM_DUP 0 +# define ASN1_F_ASN1_ITEM_EMBED_D2I 0 +# define ASN1_F_ASN1_ITEM_EMBED_NEW 0 +# define ASN1_F_ASN1_ITEM_FLAGS_I2D 0 +# define ASN1_F_ASN1_ITEM_I2D_BIO 0 +# define ASN1_F_ASN1_ITEM_I2D_FP 0 +# define ASN1_F_ASN1_ITEM_PACK 0 +# define ASN1_F_ASN1_ITEM_SIGN 0 +# define ASN1_F_ASN1_ITEM_SIGN_CTX 0 +# define ASN1_F_ASN1_ITEM_UNPACK 0 +# define ASN1_F_ASN1_ITEM_VERIFY 0 +# define ASN1_F_ASN1_MBSTRING_NCOPY 0 +# define ASN1_F_ASN1_OBJECT_NEW 0 +# define ASN1_F_ASN1_OUTPUT_DATA 0 +# define ASN1_F_ASN1_PCTX_NEW 0 +# define ASN1_F_ASN1_PRIMITIVE_NEW 0 +# define ASN1_F_ASN1_SCTX_NEW 0 +# define ASN1_F_ASN1_SIGN 0 +# define ASN1_F_ASN1_STR2TYPE 0 +# define ASN1_F_ASN1_STRING_GET_INT64 0 +# define ASN1_F_ASN1_STRING_GET_UINT64 0 +# define ASN1_F_ASN1_STRING_SET 0 +# define ASN1_F_ASN1_STRING_TABLE_ADD 0 +# define ASN1_F_ASN1_STRING_TO_BN 0 +# define ASN1_F_ASN1_STRING_TYPE_NEW 0 +# define ASN1_F_ASN1_TEMPLATE_EX_D2I 0 +# define ASN1_F_ASN1_TEMPLATE_NEW 0 +# define ASN1_F_ASN1_TEMPLATE_NOEXP_D2I 0 +# define ASN1_F_ASN1_TIME_ADJ 0 +# define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING 0 +# define ASN1_F_ASN1_TYPE_GET_OCTETSTRING 0 +# define ASN1_F_ASN1_UTCTIME_ADJ 0 +# define ASN1_F_ASN1_VERIFY 0 +# define ASN1_F_B64_READ_ASN1 0 +# define ASN1_F_B64_WRITE_ASN1 0 +# define ASN1_F_BIO_NEW_NDEF 0 +# define ASN1_F_BITSTR_CB 0 +# define ASN1_F_BN_TO_ASN1_STRING 0 +# define ASN1_F_C2I_ASN1_BIT_STRING 0 +# define ASN1_F_C2I_ASN1_INTEGER 0 +# define ASN1_F_C2I_ASN1_OBJECT 0 +# define ASN1_F_C2I_IBUF 0 +# define ASN1_F_C2I_UINT64_INT 0 +# define ASN1_F_COLLECT_DATA 0 +# define ASN1_F_D2I_ASN1_OBJECT 0 +# define ASN1_F_D2I_ASN1_UINTEGER 0 +# define ASN1_F_D2I_AUTOPRIVATEKEY 0 +# define ASN1_F_D2I_KEYPARAMS 0 +# define ASN1_F_D2I_PRIVATEKEY 0 +# define ASN1_F_D2I_PUBLICKEY 0 +# define ASN1_F_DO_BUF 0 +# define ASN1_F_DO_CREATE 0 +# define ASN1_F_DO_DUMP 0 +# define ASN1_F_DO_TCREATE 0 +# define ASN1_F_I2A_ASN1_OBJECT 0 +# define ASN1_F_I2D_ASN1_BIO_STREAM 0 +# define ASN1_F_I2D_ASN1_OBJECT 0 +# define ASN1_F_I2D_DSA_PUBKEY 0 +# define ASN1_F_I2D_EC_PUBKEY 0 +# define ASN1_F_I2D_KEYPARAMS 0 +# define ASN1_F_I2D_PRIVATEKEY 0 +# define ASN1_F_I2D_PUBLICKEY 0 +# define ASN1_F_I2D_RSA_PUBKEY 0 +# define ASN1_F_LONG_C2I 0 +# define ASN1_F_NDEF_PREFIX 0 +# define ASN1_F_NDEF_SUFFIX 0 +# define ASN1_F_OID_MODULE_INIT 0 +# define ASN1_F_PARSE_TAGGING 0 +# define ASN1_F_PKCS5_PBE2_SET_IV 0 +# define ASN1_F_PKCS5_PBE2_SET_SCRYPT 0 +# define ASN1_F_PKCS5_PBE_SET 0 +# define ASN1_F_PKCS5_PBE_SET0_ALGOR 0 +# define ASN1_F_PKCS5_PBKDF2_SET 0 +# define ASN1_F_PKCS5_SCRYPT_SET 0 +# define ASN1_F_SMIME_READ_ASN1 0 +# define ASN1_F_SMIME_TEXT 0 +# define ASN1_F_STABLE_GET 0 +# define ASN1_F_STBL_MODULE_INIT 0 +# define ASN1_F_UINT32_C2I 0 +# define ASN1_F_UINT32_NEW 0 +# define ASN1_F_UINT64_C2I 0 +# define ASN1_F_UINT64_NEW 0 +# define ASN1_F_X509_CRL_ADD0_REVOKED 0 +# define ASN1_F_X509_INFO_NEW 0 +# define ASN1_F_X509_NAME_ENCODE 0 +# define ASN1_F_X509_NAME_EX_D2I 0 +# define ASN1_F_X509_NAME_EX_NEW 0 +# define ASN1_F_X509_PKEY_NEW 0 +# endif + +/* + * ASN1 reason codes. + */ +# define ASN1_R_ADDING_OBJECT 171 +# define ASN1_R_ASN1_PARSE_ERROR 203 +# define ASN1_R_ASN1_SIG_PARSE_ERROR 204 +# define ASN1_R_AUX_ERROR 100 +# define ASN1_R_BAD_OBJECT_HEADER 102 +# define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 214 +# define ASN1_R_BN_LIB 105 +# define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106 +# define ASN1_R_BUFFER_TOO_SMALL 107 +# define ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 108 +# define ASN1_R_CONTEXT_NOT_INITIALISED 217 +# define ASN1_R_DATA_IS_WRONG 109 +# define ASN1_R_DECODE_ERROR 110 +# define ASN1_R_DEPTH_EXCEEDED 174 +# define ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED 198 +# define ASN1_R_ENCODE_ERROR 112 +# define ASN1_R_ERROR_GETTING_TIME 173 +# define ASN1_R_ERROR_LOADING_SECTION 172 +# define ASN1_R_ERROR_SETTING_CIPHER_PARAMS 114 +# define ASN1_R_EXPECTING_AN_INTEGER 115 +# define ASN1_R_EXPECTING_AN_OBJECT 116 +# define ASN1_R_EXPLICIT_LENGTH_MISMATCH 119 +# define ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED 120 +# define ASN1_R_FIELD_MISSING 121 +# define ASN1_R_FIRST_NUM_TOO_LARGE 122 +# define ASN1_R_HEADER_TOO_LONG 123 +# define ASN1_R_ILLEGAL_BITSTRING_FORMAT 175 +# define ASN1_R_ILLEGAL_BOOLEAN 176 +# define ASN1_R_ILLEGAL_CHARACTERS 124 +# define ASN1_R_ILLEGAL_FORMAT 177 +# define ASN1_R_ILLEGAL_HEX 178 +# define ASN1_R_ILLEGAL_IMPLICIT_TAG 179 +# define ASN1_R_ILLEGAL_INTEGER 180 +# define ASN1_R_ILLEGAL_NEGATIVE_VALUE 226 +# define ASN1_R_ILLEGAL_NESTED_TAGGING 181 +# define ASN1_R_ILLEGAL_NULL 125 +# define ASN1_R_ILLEGAL_NULL_VALUE 182 +# define ASN1_R_ILLEGAL_OBJECT 183 +# define ASN1_R_ILLEGAL_OPTIONAL_ANY 126 +# define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE 170 +# define ASN1_R_ILLEGAL_PADDING 221 +# define ASN1_R_ILLEGAL_TAGGED_ANY 127 +# define ASN1_R_ILLEGAL_TIME_VALUE 184 +# define ASN1_R_ILLEGAL_ZERO_CONTENT 222 +# define ASN1_R_INTEGER_NOT_ASCII_FORMAT 185 +# define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 128 +# define ASN1_R_INVALID_BIT_STRING_BITS_LEFT 220 +# define ASN1_R_INVALID_BMPSTRING_LENGTH 129 +# define ASN1_R_INVALID_DIGIT 130 +# define ASN1_R_INVALID_MIME_TYPE 205 +# define ASN1_R_INVALID_MODIFIER 186 +# define ASN1_R_INVALID_NUMBER 187 +# define ASN1_R_INVALID_OBJECT_ENCODING 216 +# define ASN1_R_INVALID_SCRYPT_PARAMETERS 227 +# define ASN1_R_INVALID_SEPARATOR 131 +# define ASN1_R_INVALID_STRING_TABLE_VALUE 218 +# define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH 133 +# define ASN1_R_INVALID_UTF8STRING 134 +# define ASN1_R_INVALID_VALUE 219 +# define ASN1_R_LIST_ERROR 188 +# define ASN1_R_MIME_NO_CONTENT_TYPE 206 +# define ASN1_R_MIME_PARSE_ERROR 207 +# define ASN1_R_MIME_SIG_PARSE_ERROR 208 +# define ASN1_R_MISSING_EOC 137 +# define ASN1_R_MISSING_SECOND_NUMBER 138 +# define ASN1_R_MISSING_VALUE 189 +# define ASN1_R_MSTRING_NOT_UNIVERSAL 139 +# define ASN1_R_MSTRING_WRONG_TAG 140 +# define ASN1_R_NESTED_ASN1_STRING 197 +# define ASN1_R_NESTED_TOO_DEEP 201 +# define ASN1_R_NON_HEX_CHARACTERS 141 +# define ASN1_R_NOT_ASCII_FORMAT 190 +# define ASN1_R_NOT_ENOUGH_DATA 142 +# define ASN1_R_NO_CONTENT_TYPE 209 +# define ASN1_R_NO_MATCHING_CHOICE_TYPE 143 +# define ASN1_R_NO_MULTIPART_BODY_FAILURE 210 +# define ASN1_R_NO_MULTIPART_BOUNDARY 211 +# define ASN1_R_NO_SIG_CONTENT_TYPE 212 +# define ASN1_R_NULL_IS_WRONG_LENGTH 144 +# define ASN1_R_OBJECT_NOT_ASCII_FORMAT 191 +# define ASN1_R_ODD_NUMBER_OF_CHARS 145 +# define ASN1_R_SECOND_NUMBER_TOO_LARGE 147 +# define ASN1_R_SEQUENCE_LENGTH_MISMATCH 148 +# define ASN1_R_SEQUENCE_NOT_CONSTRUCTED 149 +# define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG 192 +# define ASN1_R_SHORT_LINE 150 +# define ASN1_R_SIG_INVALID_MIME_TYPE 213 +# define ASN1_R_STREAMING_NOT_SUPPORTED 202 +# define ASN1_R_STRING_TOO_LONG 151 +# define ASN1_R_STRING_TOO_SHORT 152 +# define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 154 +# define ASN1_R_TIME_NOT_ASCII_FORMAT 193 +# define ASN1_R_TOO_LARGE 223 +# define ASN1_R_TOO_LONG 155 +# define ASN1_R_TOO_SMALL 224 +# define ASN1_R_TYPE_NOT_CONSTRUCTED 156 +# define ASN1_R_TYPE_NOT_PRIMITIVE 195 +# define ASN1_R_UNEXPECTED_EOC 159 +# define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 215 +# define ASN1_R_UNKNOWN_FORMAT 160 +# define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 161 +# define ASN1_R_UNKNOWN_OBJECT_TYPE 162 +# define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE 163 +# define ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM 199 +# define ASN1_R_UNKNOWN_TAG 194 +# define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE 164 +# define ASN1_R_UNSUPPORTED_CIPHER 228 +# define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE 167 +# define ASN1_R_UNSUPPORTED_TYPE 196 +# define ASN1_R_WRONG_INTEGER_TYPE 225 +# define ASN1_R_WRONG_PUBLIC_KEY_TYPE 200 +# define ASN1_R_WRONG_TAG 168 + +#endif diff --git a/linux_amd64/ssl/include/openssl/asn1t.h b/linux_amd64/ssl/include/openssl/asn1t.h new file mode 100644 index 0000000..934b10c --- /dev/null +++ b/linux_amd64/ssl/include/openssl/asn1t.h @@ -0,0 +1,905 @@ +/* + * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_ASN1T_H +# define OPENSSL_ASN1T_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_ASN1T_H +# endif + +# include +# include +# include + +# ifdef OPENSSL_BUILD_SHLIBCRYPTO +# undef OPENSSL_EXTERN +# define OPENSSL_EXTERN OPENSSL_EXPORT +# endif + +/* ASN1 template defines, structures and functions */ + +#ifdef __cplusplus +extern "C" { +#endif + +/* Macro to obtain ASN1_ADB pointer from a type (only used internally) */ +# define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)((iptr)())) + +/* Macros for start and end of ASN1_ITEM definition */ + +# define ASN1_ITEM_start(itname) \ + const ASN1_ITEM * itname##_it(void) \ + { \ + static const ASN1_ITEM local_it = { + +# define static_ASN1_ITEM_start(itname) \ + static ASN1_ITEM_start(itname) + +# define ASN1_ITEM_end(itname) \ + }; \ + return &local_it; \ + } + +/* Macros to aid ASN1 template writing */ + +# define ASN1_ITEM_TEMPLATE(tname) \ + static const ASN1_TEMPLATE tname##_item_tt + +# define ASN1_ITEM_TEMPLATE_END(tname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_PRIMITIVE,\ + -1,\ + &tname##_item_tt,\ + 0,\ + NULL,\ + 0,\ + #tname \ + ASN1_ITEM_end(tname) +# define static_ASN1_ITEM_TEMPLATE_END(tname) \ + ;\ + static_ASN1_ITEM_start(tname) \ + ASN1_ITYPE_PRIMITIVE,\ + -1,\ + &tname##_item_tt,\ + 0,\ + NULL,\ + 0,\ + #tname \ + ASN1_ITEM_end(tname) + +/* This is a ASN1 type which just embeds a template */ + +/*- + * This pair helps declare a SEQUENCE. We can do: + * + * ASN1_SEQUENCE(stname) = { + * ... SEQUENCE components ... + * } ASN1_SEQUENCE_END(stname) + * + * This will produce an ASN1_ITEM called stname_it + * for a structure called stname. + * + * If you want the same structure but a different + * name then use: + * + * ASN1_SEQUENCE(itname) = { + * ... SEQUENCE components ... + * } ASN1_SEQUENCE_END_name(stname, itname) + * + * This will create an item called itname_it using + * a structure called stname. + */ + +# define ASN1_SEQUENCE(tname) \ + static const ASN1_TEMPLATE tname##_seq_tt[] + +# define ASN1_SEQUENCE_END(stname) ASN1_SEQUENCE_END_name(stname, stname) + +# define static_ASN1_SEQUENCE_END(stname) static_ASN1_SEQUENCE_END_name(stname, stname) + +# define ASN1_SEQUENCE_END_name(stname, tname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + NULL,\ + sizeof(stname),\ + #tname \ + ASN1_ITEM_end(tname) + +# define static_ASN1_SEQUENCE_END_name(stname, tname) \ + ;\ + static_ASN1_ITEM_start(tname) \ + ASN1_ITYPE_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + NULL,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + +# define ASN1_NDEF_SEQUENCE(tname) \ + ASN1_SEQUENCE(tname) + +# define ASN1_NDEF_SEQUENCE_cb(tname, cb) \ + ASN1_SEQUENCE_cb(tname, cb) + +# define ASN1_SEQUENCE_cb(tname, cb) \ + static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0, NULL}; \ + ASN1_SEQUENCE(tname) + +# define ASN1_SEQUENCE_const_cb(tname, const_cb) \ + static const ASN1_AUX tname##_aux = \ + {NULL, ASN1_AFLG_CONST_CB, 0, 0, NULL, 0, const_cb}; \ + ASN1_SEQUENCE(tname) + +# define ASN1_SEQUENCE_cb_const_cb(tname, cb, const_cb) \ + static const ASN1_AUX tname##_aux = \ + {NULL, ASN1_AFLG_CONST_CB, 0, 0, cb, 0, const_cb}; \ + ASN1_SEQUENCE(tname) + +# define ASN1_SEQUENCE_ref(tname, cb) \ + static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), offsetof(tname, lock), cb, 0, NULL}; \ + ASN1_SEQUENCE(tname) + +# define ASN1_SEQUENCE_enc(tname, enc, cb) \ + static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_ENCODING, 0, 0, cb, offsetof(tname, enc), NULL}; \ + ASN1_SEQUENCE(tname) + +# define ASN1_NDEF_SEQUENCE_END(tname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_NDEF_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + NULL,\ + sizeof(tname),\ + #tname \ + ASN1_ITEM_end(tname) +# define static_ASN1_NDEF_SEQUENCE_END(tname) \ + ;\ + static_ASN1_ITEM_start(tname) \ + ASN1_ITYPE_NDEF_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + NULL,\ + sizeof(tname),\ + #tname \ + ASN1_ITEM_end(tname) + + +# define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname) + +# define ASN1_SEQUENCE_END_cb(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname) +# define static_ASN1_SEQUENCE_END_cb(stname, tname) static_ASN1_SEQUENCE_END_ref(stname, tname) + +# define ASN1_SEQUENCE_END_ref(stname, tname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + &tname##_aux,\ + sizeof(stname),\ + #tname \ + ASN1_ITEM_end(tname) +# define static_ASN1_SEQUENCE_END_ref(stname, tname) \ + ;\ + static_ASN1_ITEM_start(tname) \ + ASN1_ITYPE_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + &tname##_aux,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + +# define ASN1_NDEF_SEQUENCE_END_cb(stname, tname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_NDEF_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + &tname##_aux,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + +/*- + * This pair helps declare a CHOICE type. We can do: + * + * ASN1_CHOICE(chname) = { + * ... CHOICE options ... + * ASN1_CHOICE_END(chname) + * + * This will produce an ASN1_ITEM called chname_it + * for a structure called chname. The structure + * definition must look like this: + * typedef struct { + * int type; + * union { + * ASN1_SOMETHING *opt1; + * ASN1_SOMEOTHER *opt2; + * } value; + * } chname; + * + * the name of the selector must be 'type'. + * to use an alternative selector name use the + * ASN1_CHOICE_END_selector() version. + */ + +# define ASN1_CHOICE(tname) \ + static const ASN1_TEMPLATE tname##_ch_tt[] + +# define ASN1_CHOICE_cb(tname, cb) \ + static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0, NULL}; \ + ASN1_CHOICE(tname) + +# define ASN1_CHOICE_END(stname) ASN1_CHOICE_END_name(stname, stname) + +# define static_ASN1_CHOICE_END(stname) static_ASN1_CHOICE_END_name(stname, stname) + +# define ASN1_CHOICE_END_name(stname, tname) ASN1_CHOICE_END_selector(stname, tname, type) + +# define static_ASN1_CHOICE_END_name(stname, tname) static_ASN1_CHOICE_END_selector(stname, tname, type) + +# define ASN1_CHOICE_END_selector(stname, tname, selname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_CHOICE,\ + offsetof(stname,selname) ,\ + tname##_ch_tt,\ + sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\ + NULL,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + +# define static_ASN1_CHOICE_END_selector(stname, tname, selname) \ + ;\ + static_ASN1_ITEM_start(tname) \ + ASN1_ITYPE_CHOICE,\ + offsetof(stname,selname) ,\ + tname##_ch_tt,\ + sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\ + NULL,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + +# define ASN1_CHOICE_END_cb(stname, tname, selname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_CHOICE,\ + offsetof(stname,selname) ,\ + tname##_ch_tt,\ + sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\ + &tname##_aux,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + +/* This helps with the template wrapper form of ASN1_ITEM */ + +# define ASN1_EX_TEMPLATE_TYPE(flags, tag, name, type) { \ + (flags), (tag), 0,\ + #name, ASN1_ITEM_ref(type) } + +/* These help with SEQUENCE or CHOICE components */ + +/* used to declare other types */ + +# define ASN1_EX_TYPE(flags, tag, stname, field, type) { \ + (flags), (tag), offsetof(stname, field),\ + #field, ASN1_ITEM_ref(type) } + +/* implicit and explicit helper macros */ + +# define ASN1_IMP_EX(stname, field, type, tag, ex) \ + ASN1_EX_TYPE(ASN1_TFLG_IMPLICIT | (ex), tag, stname, field, type) + +# define ASN1_EXP_EX(stname, field, type, tag, ex) \ + ASN1_EX_TYPE(ASN1_TFLG_EXPLICIT | (ex), tag, stname, field, type) + +/* Any defined by macros: the field used is in the table itself */ + +# define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, tblname##_adb } +# define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, tblname##_adb } + +/* Plain simple type */ +# define ASN1_SIMPLE(stname, field, type) ASN1_EX_TYPE(0,0, stname, field, type) +/* Embedded simple type */ +# define ASN1_EMBED(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_EMBED,0, stname, field, type) + +/* OPTIONAL simple type */ +# define ASN1_OPT(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL, 0, stname, field, type) +# define ASN1_OPT_EMBED(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL|ASN1_TFLG_EMBED, 0, stname, field, type) + +/* IMPLICIT tagged simple type */ +# define ASN1_IMP(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, 0) +# define ASN1_IMP_EMBED(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_EMBED) + +/* IMPLICIT tagged OPTIONAL simple type */ +# define ASN1_IMP_OPT(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL) +# define ASN1_IMP_OPT_EMBED(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_EMBED) + +/* Same as above but EXPLICIT */ + +# define ASN1_EXP(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, 0) +# define ASN1_EXP_EMBED(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_EMBED) +# define ASN1_EXP_OPT(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL) +# define ASN1_EXP_OPT_EMBED(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_EMBED) + +/* SEQUENCE OF type */ +# define ASN1_SEQUENCE_OF(stname, field, type) \ + ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, stname, field, type) + +/* OPTIONAL SEQUENCE OF */ +# define ASN1_SEQUENCE_OF_OPT(stname, field, type) \ + ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type) + +/* Same as above but for SET OF */ + +# define ASN1_SET_OF(stname, field, type) \ + ASN1_EX_TYPE(ASN1_TFLG_SET_OF, 0, stname, field, type) + +# define ASN1_SET_OF_OPT(stname, field, type) \ + ASN1_EX_TYPE(ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type) + +/* Finally compound types of SEQUENCE, SET, IMPLICIT, EXPLICIT and OPTIONAL */ + +# define ASN1_IMP_SET_OF(stname, field, type, tag) \ + ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF) + +# define ASN1_EXP_SET_OF(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF) + +# define ASN1_IMP_SET_OF_OPT(stname, field, type, tag) \ + ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL) + +# define ASN1_EXP_SET_OF_OPT(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL) + +# define ASN1_IMP_SEQUENCE_OF(stname, field, type, tag) \ + ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF) + +# define ASN1_IMP_SEQUENCE_OF_OPT(stname, field, type, tag) \ + ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL) + +# define ASN1_EXP_SEQUENCE_OF(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF) + +# define ASN1_EXP_SEQUENCE_OF_OPT(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL) + +/* EXPLICIT using indefinite length constructed form */ +# define ASN1_NDEF_EXP(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_NDEF) + +/* EXPLICIT OPTIONAL using indefinite length constructed form */ +# define ASN1_NDEF_EXP_OPT(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_NDEF) + +/* Macros for the ASN1_ADB structure */ + +# define ASN1_ADB(name) \ + static const ASN1_ADB_TABLE name##_adbtbl[] + +# define ASN1_ADB_END(name, flags, field, adb_cb, def, none) \ + ;\ + static const ASN1_ITEM *name##_adb(void) \ + { \ + static const ASN1_ADB internal_adb = \ + {\ + flags,\ + offsetof(name, field),\ + adb_cb,\ + name##_adbtbl,\ + sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\ + def,\ + none\ + }; \ + return (const ASN1_ITEM *) &internal_adb; \ + } \ + void dummy_function(void) + +# define ADB_ENTRY(val, template) {val, template} + +# define ASN1_ADB_TEMPLATE(name) \ + static const ASN1_TEMPLATE name##_tt + +/* + * This is the ASN1 template structure that defines a wrapper round the + * actual type. It determines the actual position of the field in the value + * structure, various flags such as OPTIONAL and the field name. + */ + +struct ASN1_TEMPLATE_st { + unsigned long flags; /* Various flags */ + long tag; /* tag, not used if no tagging */ + unsigned long offset; /* Offset of this field in structure */ + const char *field_name; /* Field name */ + ASN1_ITEM_EXP *item; /* Relevant ASN1_ITEM or ASN1_ADB */ +}; + +/* Macro to extract ASN1_ITEM and ASN1_ADB pointer from ASN1_TEMPLATE */ + +# define ASN1_TEMPLATE_item(t) (t->item_ptr) +# define ASN1_TEMPLATE_adb(t) (t->item_ptr) + +typedef struct ASN1_ADB_TABLE_st ASN1_ADB_TABLE; +typedef struct ASN1_ADB_st ASN1_ADB; + +struct ASN1_ADB_st { + unsigned long flags; /* Various flags */ + unsigned long offset; /* Offset of selector field */ + int (*adb_cb)(long *psel); /* Application callback */ + const ASN1_ADB_TABLE *tbl; /* Table of possible types */ + long tblcount; /* Number of entries in tbl */ + const ASN1_TEMPLATE *default_tt; /* Type to use if no match */ + const ASN1_TEMPLATE *null_tt; /* Type to use if selector is NULL */ +}; + +struct ASN1_ADB_TABLE_st { + long value; /* NID for an object or value for an int */ + const ASN1_TEMPLATE tt; /* item for this value */ +}; + +/* template flags */ + +/* Field is optional */ +# define ASN1_TFLG_OPTIONAL (0x1) + +/* Field is a SET OF */ +# define ASN1_TFLG_SET_OF (0x1 << 1) + +/* Field is a SEQUENCE OF */ +# define ASN1_TFLG_SEQUENCE_OF (0x2 << 1) + +/* + * Special case: this refers to a SET OF that will be sorted into DER order + * when encoded *and* the corresponding STACK will be modified to match the + * new order. + */ +# define ASN1_TFLG_SET_ORDER (0x3 << 1) + +/* Mask for SET OF or SEQUENCE OF */ +# define ASN1_TFLG_SK_MASK (0x3 << 1) + +/* + * These flags mean the tag should be taken from the tag field. If EXPLICIT + * then the underlying type is used for the inner tag. + */ + +/* IMPLICIT tagging */ +# define ASN1_TFLG_IMPTAG (0x1 << 3) + +/* EXPLICIT tagging, inner tag from underlying type */ +# define ASN1_TFLG_EXPTAG (0x2 << 3) + +# define ASN1_TFLG_TAG_MASK (0x3 << 3) + +/* context specific IMPLICIT */ +# define ASN1_TFLG_IMPLICIT (ASN1_TFLG_IMPTAG|ASN1_TFLG_CONTEXT) + +/* context specific EXPLICIT */ +# define ASN1_TFLG_EXPLICIT (ASN1_TFLG_EXPTAG|ASN1_TFLG_CONTEXT) + +/* + * If tagging is in force these determine the type of tag to use. Otherwise + * the tag is determined by the underlying type. These values reflect the + * actual octet format. + */ + +/* Universal tag */ +# define ASN1_TFLG_UNIVERSAL (0x0<<6) +/* Application tag */ +# define ASN1_TFLG_APPLICATION (0x1<<6) +/* Context specific tag */ +# define ASN1_TFLG_CONTEXT (0x2<<6) +/* Private tag */ +# define ASN1_TFLG_PRIVATE (0x3<<6) + +# define ASN1_TFLG_TAG_CLASS (0x3<<6) + +/* + * These are for ANY DEFINED BY type. In this case the 'item' field points to + * an ASN1_ADB structure which contains a table of values to decode the + * relevant type + */ + +# define ASN1_TFLG_ADB_MASK (0x3<<8) + +# define ASN1_TFLG_ADB_OID (0x1<<8) + +# define ASN1_TFLG_ADB_INT (0x1<<9) + +/* + * This flag when present in a SEQUENCE OF, SET OF or EXPLICIT causes + * indefinite length constructed encoding to be used if required. + */ + +# define ASN1_TFLG_NDEF (0x1<<11) + +/* Field is embedded and not a pointer */ +# define ASN1_TFLG_EMBED (0x1 << 12) + +/* This is the actual ASN1 item itself */ + +struct ASN1_ITEM_st { + char itype; /* The item type, primitive, SEQUENCE, CHOICE + * or extern */ + long utype; /* underlying type */ + const ASN1_TEMPLATE *templates; /* If SEQUENCE or CHOICE this contains + * the contents */ + long tcount; /* Number of templates if SEQUENCE or CHOICE */ + const void *funcs; /* functions that handle this type */ + long size; /* Structure size (usually) */ + const char *sname; /* Structure name */ +}; + +/*- + * These are values for the itype field and + * determine how the type is interpreted. + * + * For PRIMITIVE types the underlying type + * determines the behaviour if items is NULL. + * + * Otherwise templates must contain a single + * template and the type is treated in the + * same way as the type specified in the template. + * + * For SEQUENCE types the templates field points + * to the members, the size field is the + * structure size. + * + * For CHOICE types the templates field points + * to each possible member (typically a union) + * and the 'size' field is the offset of the + * selector. + * + * The 'funcs' field is used for application + * specific functions. + * + * The EXTERN type uses a new style d2i/i2d. + * The new style should be used where possible + * because it avoids things like the d2i IMPLICIT + * hack. + * + * MSTRING is a multiple string type, it is used + * for a CHOICE of character strings where the + * actual strings all occupy an ASN1_STRING + * structure. In this case the 'utype' field + * has a special meaning, it is used as a mask + * of acceptable types using the B_ASN1 constants. + * + * NDEF_SEQUENCE is the same as SEQUENCE except + * that it will use indefinite length constructed + * encoding if requested. + * + */ + +# define ASN1_ITYPE_PRIMITIVE 0x0 + +# define ASN1_ITYPE_SEQUENCE 0x1 + +# define ASN1_ITYPE_CHOICE 0x2 + +# define ASN1_ITYPE_EXTERN 0x4 + +# define ASN1_ITYPE_MSTRING 0x5 + +# define ASN1_ITYPE_NDEF_SEQUENCE 0x6 + +/* + * Cache for ASN1 tag and length, so we don't keep re-reading it for things + * like CHOICE + */ + +struct ASN1_TLC_st { + char valid; /* Values below are valid */ + int ret; /* return value */ + long plen; /* length */ + int ptag; /* class value */ + int pclass; /* class value */ + int hdrlen; /* header length */ +}; + +/* Typedefs for ASN1 function pointers */ +typedef int ASN1_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, + const ASN1_ITEM *it, int tag, int aclass, char opt, + ASN1_TLC *ctx); + +typedef int ASN1_ex_i2d(const ASN1_VALUE **pval, unsigned char **out, + const ASN1_ITEM *it, int tag, int aclass); +typedef int ASN1_ex_new_func(ASN1_VALUE **pval, const ASN1_ITEM *it); +typedef void ASN1_ex_free_func(ASN1_VALUE **pval, const ASN1_ITEM *it); + +typedef int ASN1_ex_print_func(BIO *out, const ASN1_VALUE **pval, + int indent, const char *fname, + const ASN1_PCTX *pctx); + +typedef int ASN1_primitive_i2c(const ASN1_VALUE **pval, unsigned char *cont, + int *putype, const ASN1_ITEM *it); +typedef int ASN1_primitive_c2i(ASN1_VALUE **pval, const unsigned char *cont, + int len, int utype, char *free_cont, + const ASN1_ITEM *it); +typedef int ASN1_primitive_print(BIO *out, const ASN1_VALUE **pval, + const ASN1_ITEM *it, int indent, + const ASN1_PCTX *pctx); + +typedef struct ASN1_EXTERN_FUNCS_st { + void *app_data; + ASN1_ex_new_func *asn1_ex_new; + ASN1_ex_free_func *asn1_ex_free; + ASN1_ex_free_func *asn1_ex_clear; + ASN1_ex_d2i *asn1_ex_d2i; + ASN1_ex_i2d *asn1_ex_i2d; + ASN1_ex_print_func *asn1_ex_print; +} ASN1_EXTERN_FUNCS; + +typedef struct ASN1_PRIMITIVE_FUNCS_st { + void *app_data; + unsigned long flags; + ASN1_ex_new_func *prim_new; + ASN1_ex_free_func *prim_free; + ASN1_ex_free_func *prim_clear; + ASN1_primitive_c2i *prim_c2i; + ASN1_primitive_i2c *prim_i2c; + ASN1_primitive_print *prim_print; +} ASN1_PRIMITIVE_FUNCS; + +/* + * This is the ASN1_AUX structure: it handles various miscellaneous + * requirements. For example the use of reference counts and an informational + * callback. The "informational callback" is called at various points during + * the ASN1 encoding and decoding. It can be used to provide minor + * customisation of the structures used. This is most useful where the + * supplied routines *almost* do the right thing but need some extra help at + * a few points. If the callback returns zero then it is assumed a fatal + * error has occurred and the main operation should be abandoned. If major + * changes in the default behaviour are required then an external type is + * more appropriate. + * For the operations ASN1_OP_I2D_PRE, ASN1_OP_I2D_POST, ASN1_OP_PRINT_PRE, and + * ASN1_OP_PRINT_POST, meanwhile a variant of the callback with const parameter + * 'in' is provided to make clear statically that its input is not modified. If + * and only if this variant is in use the flag ASN1_AFLG_CONST_CB must be set. + */ + +typedef int ASN1_aux_cb(int operation, ASN1_VALUE **in, const ASN1_ITEM *it, + void *exarg); +typedef int ASN1_aux_const_cb(int operation, const ASN1_VALUE **in, + const ASN1_ITEM *it, void *exarg); + +typedef struct ASN1_AUX_st { + void *app_data; + int flags; + int ref_offset; /* Offset of reference value */ + int ref_lock; /* Lock type to use */ + ASN1_aux_cb *asn1_cb; + int enc_offset; /* Offset of ASN1_ENCODING structure */ + ASN1_aux_const_cb *asn1_const_cb; /* for ASN1_OP_I2D_ and ASN1_OP_PRINT_ */ +} ASN1_AUX; + +/* For print related callbacks exarg points to this structure */ +typedef struct ASN1_PRINT_ARG_st { + BIO *out; + int indent; + const ASN1_PCTX *pctx; +} ASN1_PRINT_ARG; + +/* For streaming related callbacks exarg points to this structure */ +typedef struct ASN1_STREAM_ARG_st { + /* BIO to stream through */ + BIO *out; + /* BIO with filters appended */ + BIO *ndef_bio; + /* Streaming I/O boundary */ + unsigned char **boundary; +} ASN1_STREAM_ARG; + +/* Flags in ASN1_AUX */ + +/* Use a reference count */ +# define ASN1_AFLG_REFCOUNT 1 +/* Save the encoding of structure (useful for signatures) */ +# define ASN1_AFLG_ENCODING 2 +/* The Sequence length is invalid */ +# define ASN1_AFLG_BROKEN 4 +/* Use the new asn1_const_cb */ +# define ASN1_AFLG_CONST_CB 8 + +/* operation values for asn1_cb */ + +# define ASN1_OP_NEW_PRE 0 +# define ASN1_OP_NEW_POST 1 +# define ASN1_OP_FREE_PRE 2 +# define ASN1_OP_FREE_POST 3 +# define ASN1_OP_D2I_PRE 4 +# define ASN1_OP_D2I_POST 5 +# define ASN1_OP_I2D_PRE 6 +# define ASN1_OP_I2D_POST 7 +# define ASN1_OP_PRINT_PRE 8 +# define ASN1_OP_PRINT_POST 9 +# define ASN1_OP_STREAM_PRE 10 +# define ASN1_OP_STREAM_POST 11 +# define ASN1_OP_DETACHED_PRE 12 +# define ASN1_OP_DETACHED_POST 13 + +/* Macro to implement a primitive type */ +# define IMPLEMENT_ASN1_TYPE(stname) IMPLEMENT_ASN1_TYPE_ex(stname, stname, 0) +# define IMPLEMENT_ASN1_TYPE_ex(itname, vname, ex) \ + ASN1_ITEM_start(itname) \ + ASN1_ITYPE_PRIMITIVE, V_##vname, NULL, 0, NULL, ex, #itname \ + ASN1_ITEM_end(itname) + +/* Macro to implement a multi string type */ +# define IMPLEMENT_ASN1_MSTRING(itname, mask) \ + ASN1_ITEM_start(itname) \ + ASN1_ITYPE_MSTRING, mask, NULL, 0, NULL, sizeof(ASN1_STRING), #itname \ + ASN1_ITEM_end(itname) + +# define IMPLEMENT_EXTERN_ASN1(sname, tag, fptrs) \ + ASN1_ITEM_start(sname) \ + ASN1_ITYPE_EXTERN, \ + tag, \ + NULL, \ + 0, \ + &fptrs, \ + 0, \ + #sname \ + ASN1_ITEM_end(sname) + +/* Macro to implement standard functions in terms of ASN1_ITEM structures */ + +# define IMPLEMENT_ASN1_FUNCTIONS(stname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, stname, stname) + +# define IMPLEMENT_ASN1_FUNCTIONS_name(stname, itname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, itname) + +# define IMPLEMENT_ASN1_FUNCTIONS_ENCODE_name(stname, itname) \ + IMPLEMENT_ASN1_FUNCTIONS_ENCODE_fname(stname, itname, itname) + +# define IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(stname) \ + IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(static, stname, stname, stname) + +# define IMPLEMENT_ASN1_ALLOC_FUNCTIONS(stname) \ + IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, stname, stname) + +# define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(pre, stname, itname, fname) \ + pre stname *fname##_new(void) \ + { \ + return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \ + } \ + pre void fname##_free(stname *a) \ + { \ + ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \ + } + +# define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) \ + stname *fname##_new(void) \ + { \ + return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \ + } \ + void fname##_free(stname *a) \ + { \ + ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \ + } + +# define IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, fname) \ + IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \ + IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) + +# define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \ + stname *d2i_##fname(stname **a, const unsigned char **in, long len) \ + { \ + return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\ + } \ + int i2d_##fname(const stname *a, unsigned char **out) \ + { \ + return ASN1_item_i2d((const ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\ + } + +# define IMPLEMENT_ASN1_NDEF_FUNCTION(stname) \ + int i2d_##stname##_NDEF(const stname *a, unsigned char **out) \ + { \ + return ASN1_item_ndef_i2d((const ASN1_VALUE *)a, out, ASN1_ITEM_rptr(stname));\ + } + +# define IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(stname) \ + static stname *d2i_##stname(stname **a, \ + const unsigned char **in, long len) \ + { \ + return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, \ + ASN1_ITEM_rptr(stname)); \ + } \ + static int i2d_##stname(const stname *a, unsigned char **out) \ + { \ + return ASN1_item_i2d((const ASN1_VALUE *)a, out, \ + ASN1_ITEM_rptr(stname)); \ + } + +# define IMPLEMENT_ASN1_DUP_FUNCTION(stname) \ + stname * stname##_dup(const stname *x) \ + { \ + return ASN1_item_dup(ASN1_ITEM_rptr(stname), x); \ + } + +# define IMPLEMENT_ASN1_PRINT_FUNCTION(stname) \ + IMPLEMENT_ASN1_PRINT_FUNCTION_fname(stname, stname, stname) + +# define IMPLEMENT_ASN1_PRINT_FUNCTION_fname(stname, itname, fname) \ + int fname##_print_ctx(BIO *out, const stname *x, int indent, \ + const ASN1_PCTX *pctx) \ + { \ + return ASN1_item_print(out, (const ASN1_VALUE *)x, indent, \ + ASN1_ITEM_rptr(itname), pctx); \ + } + +/* external definitions for primitive types */ + +DECLARE_ASN1_ITEM(ASN1_BOOLEAN) +DECLARE_ASN1_ITEM(ASN1_TBOOLEAN) +DECLARE_ASN1_ITEM(ASN1_FBOOLEAN) +DECLARE_ASN1_ITEM(ASN1_SEQUENCE) +DECLARE_ASN1_ITEM(CBIGNUM) +DECLARE_ASN1_ITEM(BIGNUM) +DECLARE_ASN1_ITEM(INT32) +DECLARE_ASN1_ITEM(ZINT32) +DECLARE_ASN1_ITEM(UINT32) +DECLARE_ASN1_ITEM(ZUINT32) +DECLARE_ASN1_ITEM(INT64) +DECLARE_ASN1_ITEM(ZINT64) +DECLARE_ASN1_ITEM(UINT64) +DECLARE_ASN1_ITEM(ZUINT64) + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +/* + * LONG and ZLONG are strongly discouraged for use as stored data, as the + * underlying C type (long) differs in size depending on the architecture. + * They are designed with 32-bit longs in mind. + */ +DECLARE_ASN1_ITEM(LONG) +DECLARE_ASN1_ITEM(ZLONG) +# endif + +DEFINE_STACK_OF(ASN1_VALUE) + +/* Functions used internally by the ASN1 code */ + +int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it); +void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it); + +int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, + const ASN1_ITEM *it, int tag, int aclass, char opt, + ASN1_TLC *ctx); + +int ASN1_item_ex_i2d(const ASN1_VALUE **pval, unsigned char **out, + const ASN1_ITEM *it, int tag, int aclass); + +/* Legacy compatibility */ +# define IMPLEMENT_ASN1_FUNCTIONS_const(name) IMPLEMENT_ASN1_FUNCTIONS(name) +# define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \ + IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) + +#ifdef __cplusplus +} +#endif +#endif diff --git a/linux_amd64/ssl/include/openssl/async.h b/linux_amd64/ssl/include/openssl/async.h new file mode 100644 index 0000000..bc27d5d --- /dev/null +++ b/linux_amd64/ssl/include/openssl/async.h @@ -0,0 +1,96 @@ +/* + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include + +#ifndef OPENSSL_ASYNC_H +# define OPENSSL_ASYNC_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_ASYNC_H +# endif + +#if defined(_WIN32) +# if defined(BASETYPES) || defined(_WINDEF_H) +/* application has to include to use this */ +#define OSSL_ASYNC_FD HANDLE +#define OSSL_BAD_ASYNC_FD INVALID_HANDLE_VALUE +# endif +#else +#define OSSL_ASYNC_FD int +#define OSSL_BAD_ASYNC_FD -1 +#endif +# include + + +# ifdef __cplusplus +extern "C" { +# endif + +typedef struct async_job_st ASYNC_JOB; +typedef struct async_wait_ctx_st ASYNC_WAIT_CTX; +typedef int (*ASYNC_callback_fn)(void *arg); + +#define ASYNC_ERR 0 +#define ASYNC_NO_JOBS 1 +#define ASYNC_PAUSE 2 +#define ASYNC_FINISH 3 + +#define ASYNC_STATUS_UNSUPPORTED 0 +#define ASYNC_STATUS_ERR 1 +#define ASYNC_STATUS_OK 2 +#define ASYNC_STATUS_EAGAIN 3 + +int ASYNC_init_thread(size_t max_size, size_t init_size); +void ASYNC_cleanup_thread(void); + +#ifdef OSSL_ASYNC_FD +ASYNC_WAIT_CTX *ASYNC_WAIT_CTX_new(void); +void ASYNC_WAIT_CTX_free(ASYNC_WAIT_CTX *ctx); +int ASYNC_WAIT_CTX_set_wait_fd(ASYNC_WAIT_CTX *ctx, const void *key, + OSSL_ASYNC_FD fd, + void *custom_data, + void (*cleanup)(ASYNC_WAIT_CTX *, const void *, + OSSL_ASYNC_FD, void *)); +int ASYNC_WAIT_CTX_get_fd(ASYNC_WAIT_CTX *ctx, const void *key, + OSSL_ASYNC_FD *fd, void **custom_data); +int ASYNC_WAIT_CTX_get_all_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *fd, + size_t *numfds); +int ASYNC_WAIT_CTX_get_callback(ASYNC_WAIT_CTX *ctx, + ASYNC_callback_fn *callback, + void **callback_arg); +int ASYNC_WAIT_CTX_set_callback(ASYNC_WAIT_CTX *ctx, + ASYNC_callback_fn callback, + void *callback_arg); +int ASYNC_WAIT_CTX_set_status(ASYNC_WAIT_CTX *ctx, int status); +int ASYNC_WAIT_CTX_get_status(ASYNC_WAIT_CTX *ctx); +int ASYNC_WAIT_CTX_get_changed_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *addfd, + size_t *numaddfds, OSSL_ASYNC_FD *delfd, + size_t *numdelfds); +int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key); +#endif + +int ASYNC_is_capable(void); + +int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *ctx, int *ret, + int (*func)(void *), void *args, size_t size); +int ASYNC_pause_job(void); + +ASYNC_JOB *ASYNC_get_current_job(void); +ASYNC_WAIT_CTX *ASYNC_get_wait_ctx(ASYNC_JOB *job); +void ASYNC_block_pause(void); +void ASYNC_unblock_pause(void); + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/linux_amd64/ssl/include/openssl/asyncerr.h b/linux_amd64/ssl/include/openssl/asyncerr.h new file mode 100644 index 0000000..17defd0 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/asyncerr.h @@ -0,0 +1,50 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_ASYNCERR_H +# define OPENSSL_ASYNCERR_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_ASYNCERR_H +# endif + +# include +# include + + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_ASYNC_strings(void); + +/* + * ASYNC function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define ASYNC_F_ASYNC_CTX_NEW 0 +# define ASYNC_F_ASYNC_INIT_THREAD 0 +# define ASYNC_F_ASYNC_JOB_NEW 0 +# define ASYNC_F_ASYNC_PAUSE_JOB 0 +# define ASYNC_F_ASYNC_START_FUNC 0 +# define ASYNC_F_ASYNC_START_JOB 0 +# define ASYNC_F_ASYNC_WAIT_CTX_SET_WAIT_FD 0 +# endif + +/* + * ASYNC reason codes. + */ +# define ASYNC_R_FAILED_TO_SET_POOL 101 +# define ASYNC_R_FAILED_TO_SWAP_CONTEXT 102 +# define ASYNC_R_INIT_FAILED 105 +# define ASYNC_R_INVALID_POOL_SIZE 103 + +#endif diff --git a/linux_amd64/ssl/include/openssl/bio.h b/linux_amd64/ssl/include/openssl/bio.h new file mode 100644 index 0000000..8583362 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/bio.h @@ -0,0 +1,842 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_BIO_H +# define OPENSSL_BIO_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_BIO_H +# endif + +# include + +# ifndef OPENSSL_NO_STDIO +# include +# endif +# include + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* There are the classes of BIOs */ +# define BIO_TYPE_DESCRIPTOR 0x0100 /* socket, fd, connect or accept */ +# define BIO_TYPE_FILTER 0x0200 +# define BIO_TYPE_SOURCE_SINK 0x0400 + +/* These are the 'types' of BIOs */ +# define BIO_TYPE_NONE 0 +# define BIO_TYPE_MEM ( 1|BIO_TYPE_SOURCE_SINK) +# define BIO_TYPE_FILE ( 2|BIO_TYPE_SOURCE_SINK) + +# define BIO_TYPE_FD ( 4|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) +# define BIO_TYPE_SOCKET ( 5|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) +# define BIO_TYPE_NULL ( 6|BIO_TYPE_SOURCE_SINK) +# define BIO_TYPE_SSL ( 7|BIO_TYPE_FILTER) +# define BIO_TYPE_MD ( 8|BIO_TYPE_FILTER) +# define BIO_TYPE_BUFFER ( 9|BIO_TYPE_FILTER) +# define BIO_TYPE_CIPHER (10|BIO_TYPE_FILTER) +# define BIO_TYPE_BASE64 (11|BIO_TYPE_FILTER) +# define BIO_TYPE_CONNECT (12|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) +# define BIO_TYPE_ACCEPT (13|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) + +# define BIO_TYPE_NBIO_TEST (16|BIO_TYPE_FILTER)/* server proxy BIO */ +# define BIO_TYPE_NULL_FILTER (17|BIO_TYPE_FILTER) +# define BIO_TYPE_BIO (19|BIO_TYPE_SOURCE_SINK)/* half a BIO pair */ +# define BIO_TYPE_LINEBUFFER (20|BIO_TYPE_FILTER) +# define BIO_TYPE_DGRAM (21|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) +# define BIO_TYPE_ASN1 (22|BIO_TYPE_FILTER) +# define BIO_TYPE_COMP (23|BIO_TYPE_FILTER) +# ifndef OPENSSL_NO_SCTP +# define BIO_TYPE_DGRAM_SCTP (24|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) +# endif + +#define BIO_TYPE_START 128 + +/* + * BIO_FILENAME_READ|BIO_CLOSE to open or close on free. + * BIO_set_fp(in,stdin,BIO_NOCLOSE); + */ +# define BIO_NOCLOSE 0x00 +# define BIO_CLOSE 0x01 + +/* + * These are used in the following macros and are passed to BIO_ctrl() + */ +# define BIO_CTRL_RESET 1/* opt - rewind/zero etc */ +# define BIO_CTRL_EOF 2/* opt - are we at the eof */ +# define BIO_CTRL_INFO 3/* opt - extra tit-bits */ +# define BIO_CTRL_SET 4/* man - set the 'IO' type */ +# define BIO_CTRL_GET 5/* man - get the 'IO' type */ +# define BIO_CTRL_PUSH 6/* opt - internal, used to signify change */ +# define BIO_CTRL_POP 7/* opt - internal, used to signify change */ +# define BIO_CTRL_GET_CLOSE 8/* man - set the 'close' on free */ +# define BIO_CTRL_SET_CLOSE 9/* man - set the 'close' on free */ +# define BIO_CTRL_PENDING 10/* opt - is their more data buffered */ +# define BIO_CTRL_FLUSH 11/* opt - 'flush' buffered output */ +# define BIO_CTRL_DUP 12/* man - extra stuff for 'duped' BIO */ +# define BIO_CTRL_WPENDING 13/* opt - number of bytes still to write */ +# define BIO_CTRL_SET_CALLBACK 14/* opt - set callback function */ +# define BIO_CTRL_GET_CALLBACK 15/* opt - set callback function */ + +# define BIO_CTRL_PEEK 29/* BIO_f_buffer special */ +# define BIO_CTRL_SET_FILENAME 30/* BIO_s_file special */ + +/* dgram BIO stuff */ +# define BIO_CTRL_DGRAM_CONNECT 31/* BIO dgram special */ +# define BIO_CTRL_DGRAM_SET_CONNECTED 32/* allow for an externally connected + * socket to be passed in */ +# define BIO_CTRL_DGRAM_SET_RECV_TIMEOUT 33/* setsockopt, essentially */ +# define BIO_CTRL_DGRAM_GET_RECV_TIMEOUT 34/* getsockopt, essentially */ +# define BIO_CTRL_DGRAM_SET_SEND_TIMEOUT 35/* setsockopt, essentially */ +# define BIO_CTRL_DGRAM_GET_SEND_TIMEOUT 36/* getsockopt, essentially */ + +# define BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP 37/* flag whether the last */ +# define BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP 38/* I/O operation tiemd out */ + +/* #ifdef IP_MTU_DISCOVER */ +# define BIO_CTRL_DGRAM_MTU_DISCOVER 39/* set DF bit on egress packets */ +/* #endif */ + +# define BIO_CTRL_DGRAM_QUERY_MTU 40/* as kernel for current MTU */ +# define BIO_CTRL_DGRAM_GET_FALLBACK_MTU 47 +# define BIO_CTRL_DGRAM_GET_MTU 41/* get cached value for MTU */ +# define BIO_CTRL_DGRAM_SET_MTU 42/* set cached value for MTU. + * want to use this if asking + * the kernel fails */ + +# define BIO_CTRL_DGRAM_MTU_EXCEEDED 43/* check whether the MTU was + * exceed in the previous write + * operation */ + +# define BIO_CTRL_DGRAM_GET_PEER 46 +# define BIO_CTRL_DGRAM_SET_PEER 44/* Destination for the data */ + +# define BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT 45/* Next DTLS handshake timeout + * to adjust socket timeouts */ +# define BIO_CTRL_DGRAM_SET_DONT_FRAG 48 + +# define BIO_CTRL_DGRAM_GET_MTU_OVERHEAD 49 + +/* Deliberately outside of OPENSSL_NO_SCTP - used in bss_dgram.c */ +# define BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE 50 +# ifndef OPENSSL_NO_SCTP +/* SCTP stuff */ +# define BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY 51 +# define BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY 52 +# define BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD 53 +# define BIO_CTRL_DGRAM_SCTP_GET_SNDINFO 60 +# define BIO_CTRL_DGRAM_SCTP_SET_SNDINFO 61 +# define BIO_CTRL_DGRAM_SCTP_GET_RCVINFO 62 +# define BIO_CTRL_DGRAM_SCTP_SET_RCVINFO 63 +# define BIO_CTRL_DGRAM_SCTP_GET_PRINFO 64 +# define BIO_CTRL_DGRAM_SCTP_SET_PRINFO 65 +# define BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN 70 +# endif + +# define BIO_CTRL_DGRAM_SET_PEEK_MODE 71 + +/* + * internal BIO: + * # define BIO_CTRL_SET_KTLS_SEND 72 + * # define BIO_CTRL_SET_KTLS_SEND_CTRL_MSG 74 + * # define BIO_CTRL_CLEAR_KTLS_CTRL_MSG 75 + */ + +# define BIO_CTRL_GET_KTLS_SEND 73 +# define BIO_CTRL_GET_KTLS_RECV 76 + +# define BIO_CTRL_DGRAM_SCTP_WAIT_FOR_DRY 77 +# define BIO_CTRL_DGRAM_SCTP_MSG_WAITING 78 + +/* BIO_f_prefix controls */ +# define BIO_CTRL_SET_PREFIX 79 +# define BIO_CTRL_SET_INDENT 80 +# define BIO_CTRL_GET_INDENT 81 + +# ifndef OPENSSL_NO_KTLS +# define BIO_get_ktls_send(b) \ + BIO_ctrl(b, BIO_CTRL_GET_KTLS_SEND, 0, NULL) +# define BIO_get_ktls_recv(b) \ + BIO_ctrl(b, BIO_CTRL_GET_KTLS_RECV, 0, NULL) +# else +# define BIO_get_ktls_send(b) (0) +# define BIO_get_ktls_recv(b) (0) +# endif + +/* modifiers */ +# define BIO_FP_READ 0x02 +# define BIO_FP_WRITE 0x04 +# define BIO_FP_APPEND 0x08 +# define BIO_FP_TEXT 0x10 + +# define BIO_FLAGS_READ 0x01 +# define BIO_FLAGS_WRITE 0x02 +# define BIO_FLAGS_IO_SPECIAL 0x04 +# define BIO_FLAGS_RWS (BIO_FLAGS_READ|BIO_FLAGS_WRITE|BIO_FLAGS_IO_SPECIAL) +# define BIO_FLAGS_SHOULD_RETRY 0x08 +# ifndef OPENSSL_NO_DEPRECATED_3_0 +/* This #define was replaced by an internal constant and should not be used. */ +# define BIO_FLAGS_UPLINK 0 +# endif + +# define BIO_FLAGS_BASE64_NO_NL 0x100 + +/* + * This is used with memory BIOs: + * BIO_FLAGS_MEM_RDONLY means we shouldn't free up or change the data in any way; + * BIO_FLAGS_NONCLEAR_RST means we shouldn't clear data on reset. + */ +# define BIO_FLAGS_MEM_RDONLY 0x200 +# define BIO_FLAGS_NONCLEAR_RST 0x400 +# define BIO_FLAGS_IN_EOF 0x800 + +typedef union bio_addr_st BIO_ADDR; +typedef struct bio_addrinfo_st BIO_ADDRINFO; + +int BIO_get_new_index(void); +void BIO_set_flags(BIO *b, int flags); +int BIO_test_flags(const BIO *b, int flags); +void BIO_clear_flags(BIO *b, int flags); + +# define BIO_get_flags(b) BIO_test_flags(b, ~(0x0)) +# define BIO_set_retry_special(b) \ + BIO_set_flags(b, (BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY)) +# define BIO_set_retry_read(b) \ + BIO_set_flags(b, (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY)) +# define BIO_set_retry_write(b) \ + BIO_set_flags(b, (BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY)) + +/* These are normally used internally in BIOs */ +# define BIO_clear_retry_flags(b) \ + BIO_clear_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY)) +# define BIO_get_retry_flags(b) \ + BIO_test_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY)) + +/* These should be used by the application to tell why we should retry */ +# define BIO_should_read(a) BIO_test_flags(a, BIO_FLAGS_READ) +# define BIO_should_write(a) BIO_test_flags(a, BIO_FLAGS_WRITE) +# define BIO_should_io_special(a) BIO_test_flags(a, BIO_FLAGS_IO_SPECIAL) +# define BIO_retry_type(a) BIO_test_flags(a, BIO_FLAGS_RWS) +# define BIO_should_retry(a) BIO_test_flags(a, BIO_FLAGS_SHOULD_RETRY) + +/* + * The next three are used in conjunction with the BIO_should_io_special() + * condition. After this returns true, BIO *BIO_get_retry_BIO(BIO *bio, int + * *reason); will walk the BIO stack and return the 'reason' for the special + * and the offending BIO. Given a BIO, BIO_get_retry_reason(bio) will return + * the code. + */ +/* + * Returned from the SSL bio when the certificate retrieval code had an error + */ +# define BIO_RR_SSL_X509_LOOKUP 0x01 +/* Returned from the connect BIO when a connect would have blocked */ +# define BIO_RR_CONNECT 0x02 +/* Returned from the accept BIO when an accept would have blocked */ +# define BIO_RR_ACCEPT 0x03 + +/* These are passed by the BIO callback */ +# define BIO_CB_FREE 0x01 +# define BIO_CB_READ 0x02 +# define BIO_CB_WRITE 0x03 +# define BIO_CB_PUTS 0x04 +# define BIO_CB_GETS 0x05 +# define BIO_CB_CTRL 0x06 + +/* + * The callback is called before and after the underling operation, The + * BIO_CB_RETURN flag indicates if it is after the call + */ +# define BIO_CB_RETURN 0x80 +# define BIO_CB_return(a) ((a)|BIO_CB_RETURN) +# define BIO_cb_pre(a) (!((a)&BIO_CB_RETURN)) +# define BIO_cb_post(a) ((a)&BIO_CB_RETURN) + +typedef long (*BIO_callback_fn)(BIO *b, int oper, const char *argp, int argi, + long argl, long ret); +typedef long (*BIO_callback_fn_ex)(BIO *b, int oper, const char *argp, + size_t len, int argi, + long argl, int ret, size_t *processed); +BIO_callback_fn BIO_get_callback(const BIO *b); +void BIO_set_callback(BIO *b, BIO_callback_fn callback); + +BIO_callback_fn_ex BIO_get_callback_ex(const BIO *b); +void BIO_set_callback_ex(BIO *b, BIO_callback_fn_ex callback); + +char *BIO_get_callback_arg(const BIO *b); +void BIO_set_callback_arg(BIO *b, char *arg); + +typedef struct bio_method_st BIO_METHOD; + +const char *BIO_method_name(const BIO *b); +int BIO_method_type(const BIO *b); + +typedef int BIO_info_cb(BIO *, int, int); +typedef BIO_info_cb bio_info_cb; /* backward compatibility */ + +DEFINE_STACK_OF(BIO) + +/* Prefix and suffix callback in ASN1 BIO */ +typedef int asn1_ps_func (BIO *b, unsigned char **pbuf, int *plen, + void *parg); + +typedef void (*BIO_dgram_sctp_notification_handler_fn) (BIO *b, + void *context, + void *buf); +# ifndef OPENSSL_NO_SCTP +/* SCTP parameter structs */ +struct bio_dgram_sctp_sndinfo { + uint16_t snd_sid; + uint16_t snd_flags; + uint32_t snd_ppid; + uint32_t snd_context; +}; + +struct bio_dgram_sctp_rcvinfo { + uint16_t rcv_sid; + uint16_t rcv_ssn; + uint16_t rcv_flags; + uint32_t rcv_ppid; + uint32_t rcv_tsn; + uint32_t rcv_cumtsn; + uint32_t rcv_context; +}; + +struct bio_dgram_sctp_prinfo { + uint16_t pr_policy; + uint32_t pr_value; +}; +# endif + +/* + * #define BIO_CONN_get_param_hostname BIO_ctrl + */ + +# define BIO_C_SET_CONNECT 100 +# define BIO_C_DO_STATE_MACHINE 101 +# define BIO_C_SET_NBIO 102 +/* # define BIO_C_SET_PROXY_PARAM 103 */ +# define BIO_C_SET_FD 104 +# define BIO_C_GET_FD 105 +# define BIO_C_SET_FILE_PTR 106 +# define BIO_C_GET_FILE_PTR 107 +# define BIO_C_SET_FILENAME 108 +# define BIO_C_SET_SSL 109 +# define BIO_C_GET_SSL 110 +# define BIO_C_SET_MD 111 +# define BIO_C_GET_MD 112 +# define BIO_C_GET_CIPHER_STATUS 113 +# define BIO_C_SET_BUF_MEM 114 +# define BIO_C_GET_BUF_MEM_PTR 115 +# define BIO_C_GET_BUFF_NUM_LINES 116 +# define BIO_C_SET_BUFF_SIZE 117 +# define BIO_C_SET_ACCEPT 118 +# define BIO_C_SSL_MODE 119 +# define BIO_C_GET_MD_CTX 120 +/* # define BIO_C_GET_PROXY_PARAM 121 */ +# define BIO_C_SET_BUFF_READ_DATA 122/* data to read first */ +# define BIO_C_GET_CONNECT 123 +# define BIO_C_GET_ACCEPT 124 +# define BIO_C_SET_SSL_RENEGOTIATE_BYTES 125 +# define BIO_C_GET_SSL_NUM_RENEGOTIATES 126 +# define BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT 127 +# define BIO_C_FILE_SEEK 128 +# define BIO_C_GET_CIPHER_CTX 129 +# define BIO_C_SET_BUF_MEM_EOF_RETURN 130/* return end of input + * value */ +# define BIO_C_SET_BIND_MODE 131 +# define BIO_C_GET_BIND_MODE 132 +# define BIO_C_FILE_TELL 133 +# define BIO_C_GET_SOCKS 134 +# define BIO_C_SET_SOCKS 135 + +# define BIO_C_SET_WRITE_BUF_SIZE 136/* for BIO_s_bio */ +# define BIO_C_GET_WRITE_BUF_SIZE 137 +# define BIO_C_MAKE_BIO_PAIR 138 +# define BIO_C_DESTROY_BIO_PAIR 139 +# define BIO_C_GET_WRITE_GUARANTEE 140 +# define BIO_C_GET_READ_REQUEST 141 +# define BIO_C_SHUTDOWN_WR 142 +# define BIO_C_NREAD0 143 +# define BIO_C_NREAD 144 +# define BIO_C_NWRITE0 145 +# define BIO_C_NWRITE 146 +# define BIO_C_RESET_READ_REQUEST 147 +# define BIO_C_SET_MD_CTX 148 + +# define BIO_C_SET_PREFIX 149 +# define BIO_C_GET_PREFIX 150 +# define BIO_C_SET_SUFFIX 151 +# define BIO_C_GET_SUFFIX 152 + +# define BIO_C_SET_EX_ARG 153 +# define BIO_C_GET_EX_ARG 154 + +# define BIO_C_SET_CONNECT_MODE 155 + +# define BIO_set_app_data(s,arg) BIO_set_ex_data(s,0,arg) +# define BIO_get_app_data(s) BIO_get_ex_data(s,0) + +# define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) + +# ifndef OPENSSL_NO_SOCK +/* IP families we support, for BIO_s_connect() and BIO_s_accept() */ +/* Note: the underlying operating system may not support some of them */ +# define BIO_FAMILY_IPV4 4 +# define BIO_FAMILY_IPV6 6 +# define BIO_FAMILY_IPANY 256 + +/* BIO_s_connect() */ +# define BIO_set_conn_hostname(b,name) BIO_ctrl(b,BIO_C_SET_CONNECT,0, \ + (char *)(name)) +# define BIO_set_conn_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,1, \ + (char *)(port)) +# define BIO_set_conn_address(b,addr) BIO_ctrl(b,BIO_C_SET_CONNECT,2, \ + (char *)(addr)) +# define BIO_set_conn_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_CONNECT,3,f) +# define BIO_get_conn_hostname(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0)) +# define BIO_get_conn_port(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1)) +# define BIO_get_conn_address(b) ((const BIO_ADDR *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2)) +# define BIO_get_conn_ip_family(b) BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL) +# define BIO_set_conn_mode(b,n) BIO_ctrl(b,BIO_C_SET_CONNECT_MODE,(n),NULL) + +/* BIO_s_accept() */ +# define BIO_set_accept_name(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0, \ + (char *)(name)) +# define BIO_set_accept_port(b,port) BIO_ctrl(b,BIO_C_SET_ACCEPT,1, \ + (char *)(port)) +# define BIO_get_accept_name(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0)) +# define BIO_get_accept_port(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,1)) +# define BIO_get_peer_name(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,2)) +# define BIO_get_peer_port(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,3)) +/* #define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */ +# define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(n)?(void *)"a":NULL) +# define BIO_set_accept_bios(b,bio) BIO_ctrl(b,BIO_C_SET_ACCEPT,3, \ + (char *)(bio)) +# define BIO_set_accept_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_ACCEPT,4,f) +# define BIO_get_accept_ip_family(b) BIO_ctrl(b,BIO_C_GET_ACCEPT,4,NULL) + +/* Aliases kept for backward compatibility */ +# define BIO_BIND_NORMAL 0 +# define BIO_BIND_REUSEADDR BIO_SOCK_REUSEADDR +# define BIO_BIND_REUSEADDR_IF_UNUSED BIO_SOCK_REUSEADDR +# define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL) +# define BIO_get_bind_mode(b) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL) + +/* BIO_s_accept() and BIO_s_connect() */ +# define BIO_do_connect(b) BIO_do_handshake(b) +# define BIO_do_accept(b) BIO_do_handshake(b) +# endif /* OPENSSL_NO_SOCK */ + +# define BIO_do_handshake(b) BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL) + +/* BIO_s_datagram(), BIO_s_fd(), BIO_s_socket(), BIO_s_accept() and BIO_s_connect() */ +# define BIO_set_fd(b,fd,c) BIO_int_ctrl(b,BIO_C_SET_FD,c,fd) +# define BIO_get_fd(b,c) BIO_ctrl(b,BIO_C_GET_FD,0,(char *)(c)) + +/* BIO_s_file() */ +# define BIO_set_fp(b,fp,c) BIO_ctrl(b,BIO_C_SET_FILE_PTR,c,(char *)(fp)) +# define BIO_get_fp(b,fpp) BIO_ctrl(b,BIO_C_GET_FILE_PTR,0,(char *)(fpp)) + +/* BIO_s_fd() and BIO_s_file() */ +# define BIO_seek(b,ofs) (int)BIO_ctrl(b,BIO_C_FILE_SEEK,ofs,NULL) +# define BIO_tell(b) (int)BIO_ctrl(b,BIO_C_FILE_TELL,0,NULL) + +/* + * name is cast to lose const, but might be better to route through a + * function so we can do it safely + */ +# ifdef CONST_STRICT +/* + * If you are wondering why this isn't defined, its because CONST_STRICT is + * purely a compile-time kludge to allow const to be checked. + */ +int BIO_read_filename(BIO *b, const char *name); +# else +# define BIO_read_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \ + BIO_CLOSE|BIO_FP_READ,(char *)(name)) +# endif +# define BIO_write_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \ + BIO_CLOSE|BIO_FP_WRITE,name) +# define BIO_append_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \ + BIO_CLOSE|BIO_FP_APPEND,name) +# define BIO_rw_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \ + BIO_CLOSE|BIO_FP_READ|BIO_FP_WRITE,name) + +/* + * WARNING WARNING, this ups the reference count on the read bio of the SSL + * structure. This is because the ssl read BIO is now pointed to by the + * next_bio field in the bio. So when you free the BIO, make sure you are + * doing a BIO_free_all() to catch the underlying BIO. + */ +# define BIO_set_ssl(b,ssl,c) BIO_ctrl(b,BIO_C_SET_SSL,c,(char *)(ssl)) +# define BIO_get_ssl(b,sslp) BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)(sslp)) +# define BIO_set_ssl_mode(b,client) BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL) +# define BIO_set_ssl_renegotiate_bytes(b,num) \ + BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL) +# define BIO_get_num_renegotiates(b) \ + BIO_ctrl(b,BIO_C_GET_SSL_NUM_RENEGOTIATES,0,NULL) +# define BIO_set_ssl_renegotiate_timeout(b,seconds) \ + BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL) + +/* defined in evp.h */ +/* #define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,1,(char *)(md)) */ + +# define BIO_get_mem_data(b,pp) BIO_ctrl(b,BIO_CTRL_INFO,0,(char *)(pp)) +# define BIO_set_mem_buf(b,bm,c) BIO_ctrl(b,BIO_C_SET_BUF_MEM,c,(char *)(bm)) +# define BIO_get_mem_ptr(b,pp) BIO_ctrl(b,BIO_C_GET_BUF_MEM_PTR,0, \ + (char *)(pp)) +# define BIO_set_mem_eof_return(b,v) \ + BIO_ctrl(b,BIO_C_SET_BUF_MEM_EOF_RETURN,v,NULL) + +/* For the BIO_f_buffer() type */ +# define BIO_get_buffer_num_lines(b) BIO_ctrl(b,BIO_C_GET_BUFF_NUM_LINES,0,NULL) +# define BIO_set_buffer_size(b,size) BIO_ctrl(b,BIO_C_SET_BUFF_SIZE,size,NULL) +# define BIO_set_read_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,0) +# define BIO_set_write_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,1) +# define BIO_set_buffer_read_data(b,buf,num) BIO_ctrl(b,BIO_C_SET_BUFF_READ_DATA,num,buf) + +/* Don't use the next one unless you know what you are doing :-) */ +# define BIO_dup_state(b,ret) BIO_ctrl(b,BIO_CTRL_DUP,0,(char *)(ret)) + +# define BIO_reset(b) (int)BIO_ctrl(b,BIO_CTRL_RESET,0,NULL) +# define BIO_eof(b) (int)BIO_ctrl(b,BIO_CTRL_EOF,0,NULL) +# define BIO_set_close(b,c) (int)BIO_ctrl(b,BIO_CTRL_SET_CLOSE,(c),NULL) +# define BIO_get_close(b) (int)BIO_ctrl(b,BIO_CTRL_GET_CLOSE,0,NULL) +# define BIO_pending(b) (int)BIO_ctrl(b,BIO_CTRL_PENDING,0,NULL) +# define BIO_wpending(b) (int)BIO_ctrl(b,BIO_CTRL_WPENDING,0,NULL) +/* ...pending macros have inappropriate return type */ +size_t BIO_ctrl_pending(BIO *b); +size_t BIO_ctrl_wpending(BIO *b); +# define BIO_flush(b) (int)BIO_ctrl(b,BIO_CTRL_FLUSH,0,NULL) +# define BIO_get_info_callback(b,cbp) (int)BIO_ctrl(b,BIO_CTRL_GET_CALLBACK,0, \ + cbp) +# define BIO_set_info_callback(b,cb) (int)BIO_callback_ctrl(b,BIO_CTRL_SET_CALLBACK,cb) + +/* For the BIO_f_buffer() type */ +# define BIO_buffer_get_num_lines(b) BIO_ctrl(b,BIO_CTRL_GET,0,NULL) +# define BIO_buffer_peek(b,s,l) BIO_ctrl(b,BIO_CTRL_PEEK,(l),(s)) + +/* For BIO_s_bio() */ +# define BIO_set_write_buf_size(b,size) (int)BIO_ctrl(b,BIO_C_SET_WRITE_BUF_SIZE,size,NULL) +# define BIO_get_write_buf_size(b,size) (size_t)BIO_ctrl(b,BIO_C_GET_WRITE_BUF_SIZE,size,NULL) +# define BIO_make_bio_pair(b1,b2) (int)BIO_ctrl(b1,BIO_C_MAKE_BIO_PAIR,0,b2) +# define BIO_destroy_bio_pair(b) (int)BIO_ctrl(b,BIO_C_DESTROY_BIO_PAIR,0,NULL) +# define BIO_shutdown_wr(b) (int)BIO_ctrl(b, BIO_C_SHUTDOWN_WR, 0, NULL) +/* macros with inappropriate type -- but ...pending macros use int too: */ +# define BIO_get_write_guarantee(b) (int)BIO_ctrl(b,BIO_C_GET_WRITE_GUARANTEE,0,NULL) +# define BIO_get_read_request(b) (int)BIO_ctrl(b,BIO_C_GET_READ_REQUEST,0,NULL) +size_t BIO_ctrl_get_write_guarantee(BIO *b); +size_t BIO_ctrl_get_read_request(BIO *b); +int BIO_ctrl_reset_read_request(BIO *b); + +/* ctrl macros for dgram */ +# define BIO_ctrl_dgram_connect(b,peer) \ + (int)BIO_ctrl(b,BIO_CTRL_DGRAM_CONNECT,0, (char *)(peer)) +# define BIO_ctrl_set_connected(b,peer) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_CONNECTED, 0, (char *)(peer)) +# define BIO_dgram_recv_timedout(b) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP, 0, NULL) +# define BIO_dgram_send_timedout(b) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP, 0, NULL) +# define BIO_dgram_get_peer(b,peer) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)(peer)) +# define BIO_dgram_set_peer(b,peer) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)(peer)) +# define BIO_dgram_get_mtu_overhead(b) \ + (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL) + +/* ctrl macros for BIO_f_prefix */ +# define BIO_set_prefix(b,p) BIO_ctrl((b), BIO_CTRL_SET_PREFIX, 0, (void *)(p)) +# define BIO_set_indent(b,i) BIO_ctrl((b), BIO_CTRL_SET_INDENT, (i), NULL) +# define BIO_get_indent(b) BIO_ctrl((b), BIO_CTRL_GET_INDENT, 0, NULL) + +#define BIO_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_BIO, l, p, newf, dupf, freef) +int BIO_set_ex_data(BIO *bio, int idx, void *data); +void *BIO_get_ex_data(BIO *bio, int idx); +uint64_t BIO_number_read(BIO *bio); +uint64_t BIO_number_written(BIO *bio); + +/* For BIO_f_asn1() */ +int BIO_asn1_set_prefix(BIO *b, asn1_ps_func *prefix, + asn1_ps_func *prefix_free); +int BIO_asn1_get_prefix(BIO *b, asn1_ps_func **pprefix, + asn1_ps_func **pprefix_free); +int BIO_asn1_set_suffix(BIO *b, asn1_ps_func *suffix, + asn1_ps_func *suffix_free); +int BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix, + asn1_ps_func **psuffix_free); + +const BIO_METHOD *BIO_s_file(void); +BIO *BIO_new_file(const char *filename, const char *mode); +# ifndef OPENSSL_NO_STDIO +BIO *BIO_new_fp(FILE *stream, int close_flag); +# endif +BIO *BIO_new(const BIO_METHOD *type); +int BIO_free(BIO *a); +void BIO_set_data(BIO *a, void *ptr); +void *BIO_get_data(BIO *a); +void BIO_set_init(BIO *a, int init); +int BIO_get_init(BIO *a); +void BIO_set_shutdown(BIO *a, int shut); +int BIO_get_shutdown(BIO *a); +void BIO_vfree(BIO *a); +int BIO_up_ref(BIO *a); +int BIO_read(BIO *b, void *data, int dlen); +int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes); +int BIO_gets(BIO *bp, char *buf, int size); +int BIO_write(BIO *b, const void *data, int dlen); +int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written); +int BIO_puts(BIO *bp, const char *buf); +int BIO_indent(BIO *b, int indent, int max); +long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg); +long BIO_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp); +void *BIO_ptr_ctrl(BIO *bp, int cmd, long larg); +long BIO_int_ctrl(BIO *bp, int cmd, long larg, int iarg); +BIO *BIO_push(BIO *b, BIO *append); +BIO *BIO_pop(BIO *b); +void BIO_free_all(BIO *a); +BIO *BIO_find_type(BIO *b, int bio_type); +BIO *BIO_next(BIO *b); +void BIO_set_next(BIO *b, BIO *next); +BIO *BIO_get_retry_BIO(BIO *bio, int *reason); +int BIO_get_retry_reason(BIO *bio); +void BIO_set_retry_reason(BIO *bio, int reason); +BIO *BIO_dup_chain(BIO *in); + +int BIO_nread0(BIO *bio, char **buf); +int BIO_nread(BIO *bio, char **buf, int num); +int BIO_nwrite0(BIO *bio, char **buf); +int BIO_nwrite(BIO *bio, char **buf, int num); + +long BIO_debug_callback(BIO *bio, int cmd, const char *argp, int argi, + long argl, long ret); + +const BIO_METHOD *BIO_s_mem(void); +const BIO_METHOD *BIO_s_secmem(void); +BIO *BIO_new_mem_buf(const void *buf, int len); +# ifndef OPENSSL_NO_SOCK +const BIO_METHOD *BIO_s_socket(void); +const BIO_METHOD *BIO_s_connect(void); +const BIO_METHOD *BIO_s_accept(void); +# endif +const BIO_METHOD *BIO_s_fd(void); +const BIO_METHOD *BIO_s_log(void); +const BIO_METHOD *BIO_s_bio(void); +const BIO_METHOD *BIO_s_null(void); +const BIO_METHOD *BIO_f_null(void); +const BIO_METHOD *BIO_f_buffer(void); +const BIO_METHOD *BIO_f_linebuffer(void); +const BIO_METHOD *BIO_f_nbio_test(void); +const BIO_METHOD *BIO_f_prefix(void); +# ifndef OPENSSL_NO_DGRAM +const BIO_METHOD *BIO_s_datagram(void); +int BIO_dgram_non_fatal_error(int error); +BIO *BIO_new_dgram(int fd, int close_flag); +# ifndef OPENSSL_NO_SCTP +const BIO_METHOD *BIO_s_datagram_sctp(void); +BIO *BIO_new_dgram_sctp(int fd, int close_flag); +int BIO_dgram_is_sctp(BIO *bio); +int BIO_dgram_sctp_notification_cb(BIO *b, + BIO_dgram_sctp_notification_handler_fn handle_notifications, + void *context); +int BIO_dgram_sctp_wait_for_dry(BIO *b); +int BIO_dgram_sctp_msg_waiting(BIO *b); +# endif +# endif + +# ifndef OPENSSL_NO_SOCK +int BIO_sock_should_retry(int i); +int BIO_sock_non_fatal_error(int error); +int BIO_socket_wait(int fd, int for_read, time_t max_time); +# endif +int BIO_wait(BIO *bio, time_t max_time, unsigned int milliseconds); +int BIO_connect_retry(BIO *bio, int timeout); + +int BIO_fd_should_retry(int i); +int BIO_fd_non_fatal_error(int error); +int BIO_dump_cb(int (*cb) (const void *data, size_t len, void *u), + void *u, const void *s, int len); +int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u), + void *u, const void *s, int len, int indent); +int BIO_dump(BIO *b, const void *bytes, int len); +int BIO_dump_indent(BIO *b, const void *bytes, int len, int indent); +# ifndef OPENSSL_NO_STDIO +int BIO_dump_fp(FILE *fp, const void *s, int len); +int BIO_dump_indent_fp(FILE *fp, const void *s, int len, int indent); +# endif +int BIO_hex_string(BIO *out, int indent, int width, const void *data, + int datalen); + +# ifndef OPENSSL_NO_SOCK +BIO_ADDR *BIO_ADDR_new(void); +int BIO_ADDR_rawmake(BIO_ADDR *ap, int family, + const void *where, size_t wherelen, unsigned short port); +void BIO_ADDR_free(BIO_ADDR *); +void BIO_ADDR_clear(BIO_ADDR *ap); +int BIO_ADDR_family(const BIO_ADDR *ap); +int BIO_ADDR_rawaddress(const BIO_ADDR *ap, void *p, size_t *l); +unsigned short BIO_ADDR_rawport(const BIO_ADDR *ap); +char *BIO_ADDR_hostname_string(const BIO_ADDR *ap, int numeric); +char *BIO_ADDR_service_string(const BIO_ADDR *ap, int numeric); +char *BIO_ADDR_path_string(const BIO_ADDR *ap); + +const BIO_ADDRINFO *BIO_ADDRINFO_next(const BIO_ADDRINFO *bai); +int BIO_ADDRINFO_family(const BIO_ADDRINFO *bai); +int BIO_ADDRINFO_socktype(const BIO_ADDRINFO *bai); +int BIO_ADDRINFO_protocol(const BIO_ADDRINFO *bai); +const BIO_ADDR *BIO_ADDRINFO_address(const BIO_ADDRINFO *bai); +void BIO_ADDRINFO_free(BIO_ADDRINFO *bai); + +enum BIO_hostserv_priorities { + BIO_PARSE_PRIO_HOST, BIO_PARSE_PRIO_SERV +}; +int BIO_parse_hostserv(const char *hostserv, char **host, char **service, + enum BIO_hostserv_priorities hostserv_prio); +enum BIO_lookup_type { + BIO_LOOKUP_CLIENT, BIO_LOOKUP_SERVER +}; +int BIO_lookup(const char *host, const char *service, + enum BIO_lookup_type lookup_type, + int family, int socktype, BIO_ADDRINFO **res); +int BIO_lookup_ex(const char *host, const char *service, + int lookup_type, int family, int socktype, int protocol, + BIO_ADDRINFO **res); +int BIO_sock_error(int sock); +int BIO_socket_ioctl(int fd, long type, void *arg); +int BIO_socket_nbio(int fd, int mode); +int BIO_sock_init(void); +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define BIO_sock_cleanup() while(0) continue +# endif +int BIO_set_tcp_ndelay(int sock, int turn_on); + +DEPRECATEDIN_1_1_0(struct hostent *BIO_gethostbyname(const char *name)) +DEPRECATEDIN_1_1_0(int BIO_get_port(const char *str, unsigned short *port_ptr)) +DEPRECATEDIN_1_1_0(int BIO_get_host_ip(const char *str, unsigned char *ip)) +DEPRECATEDIN_1_1_0(int BIO_get_accept_socket(char *host_port, int mode)) +DEPRECATEDIN_1_1_0(int BIO_accept(int sock, char **ip_port)) + +union BIO_sock_info_u { + BIO_ADDR *addr; +}; +enum BIO_sock_info_type { + BIO_SOCK_INFO_ADDRESS +}; +int BIO_sock_info(int sock, + enum BIO_sock_info_type type, union BIO_sock_info_u *info); + +# define BIO_SOCK_REUSEADDR 0x01 +# define BIO_SOCK_V6_ONLY 0x02 +# define BIO_SOCK_KEEPALIVE 0x04 +# define BIO_SOCK_NONBLOCK 0x08 +# define BIO_SOCK_NODELAY 0x10 + +int BIO_socket(int domain, int socktype, int protocol, int options); +int BIO_connect(int sock, const BIO_ADDR *addr, int options); +int BIO_bind(int sock, const BIO_ADDR *addr, int options); +int BIO_listen(int sock, const BIO_ADDR *addr, int options); +int BIO_accept_ex(int accept_sock, BIO_ADDR *addr, int options); +int BIO_closesocket(int sock); + +BIO *BIO_new_socket(int sock, int close_flag); +BIO *BIO_new_connect(const char *host_port); +BIO *BIO_new_accept(const char *host_port); +# endif /* OPENSSL_NO_SOCK*/ + +BIO *BIO_new_fd(int fd, int close_flag); + +int BIO_new_bio_pair(BIO **bio1, size_t writebuf1, + BIO **bio2, size_t writebuf2); +/* + * If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints. + * Otherwise returns 0 and sets *bio1 and *bio2 to NULL. Size 0 uses default + * value. + */ + +void BIO_copy_next_retry(BIO *b); + +/* + * long BIO_ghbn_ctrl(int cmd,int iarg,char *parg); + */ + +# define ossl_bio__attr__(x) +# if defined(__GNUC__) && defined(__STDC_VERSION__) \ + && !defined(__APPLE__) + /* + * Because we support the 'z' modifier, which made its appearance in C99, + * we can't use __attribute__ with pre C99 dialects. + */ +# if __STDC_VERSION__ >= 199901L +# undef ossl_bio__attr__ +# define ossl_bio__attr__ __attribute__ +# if __GNUC__*10 + __GNUC_MINOR__ >= 44 +# define ossl_bio__printf__ __gnu_printf__ +# else +# define ossl_bio__printf__ __printf__ +# endif +# endif +# endif +int BIO_printf(BIO *bio, const char *format, ...) +ossl_bio__attr__((__format__(ossl_bio__printf__, 2, 3))); +int BIO_vprintf(BIO *bio, const char *format, va_list args) +ossl_bio__attr__((__format__(ossl_bio__printf__, 2, 0))); +int BIO_snprintf(char *buf, size_t n, const char *format, ...) +ossl_bio__attr__((__format__(ossl_bio__printf__, 3, 4))); +int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) +ossl_bio__attr__((__format__(ossl_bio__printf__, 3, 0))); +# undef ossl_bio__attr__ +# undef ossl_bio__printf__ + + +BIO_METHOD *BIO_meth_new(int type, const char *name); +void BIO_meth_free(BIO_METHOD *biom); +int (*BIO_meth_get_write(const BIO_METHOD *biom)) (BIO *, const char *, int); +int (*BIO_meth_get_write_ex(const BIO_METHOD *biom)) (BIO *, const char *, size_t, + size_t *); +int BIO_meth_set_write(BIO_METHOD *biom, + int (*write) (BIO *, const char *, int)); +int BIO_meth_set_write_ex(BIO_METHOD *biom, + int (*bwrite) (BIO *, const char *, size_t, size_t *)); +int (*BIO_meth_get_read(const BIO_METHOD *biom)) (BIO *, char *, int); +int (*BIO_meth_get_read_ex(const BIO_METHOD *biom)) (BIO *, char *, size_t, size_t *); +int BIO_meth_set_read(BIO_METHOD *biom, + int (*read) (BIO *, char *, int)); +int BIO_meth_set_read_ex(BIO_METHOD *biom, + int (*bread) (BIO *, char *, size_t, size_t *)); +int (*BIO_meth_get_puts(const BIO_METHOD *biom)) (BIO *, const char *); +int BIO_meth_set_puts(BIO_METHOD *biom, + int (*puts) (BIO *, const char *)); +int (*BIO_meth_get_gets(const BIO_METHOD *biom)) (BIO *, char *, int); +int BIO_meth_set_gets(BIO_METHOD *biom, + int (*gets) (BIO *, char *, int)); +long (*BIO_meth_get_ctrl(const BIO_METHOD *biom)) (BIO *, int, long, void *); +int BIO_meth_set_ctrl(BIO_METHOD *biom, + long (*ctrl) (BIO *, int, long, void *)); +int (*BIO_meth_get_create(const BIO_METHOD *bion)) (BIO *); +int BIO_meth_set_create(BIO_METHOD *biom, int (*create) (BIO *)); +int (*BIO_meth_get_destroy(const BIO_METHOD *biom)) (BIO *); +int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy) (BIO *)); +long (*BIO_meth_get_callback_ctrl(const BIO_METHOD *biom)) + (BIO *, int, BIO_info_cb *); +int BIO_meth_set_callback_ctrl(BIO_METHOD *biom, + long (*callback_ctrl) (BIO *, int, + BIO_info_cb *)); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/linux_amd64/ssl/include/openssl/bioerr.h b/linux_amd64/ssl/include/openssl/bioerr.h new file mode 100644 index 0000000..95cc056 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/bioerr.h @@ -0,0 +1,135 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_BIOERR_H +# define OPENSSL_BIOERR_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_BIOERR_H +# endif + +# include +# include + + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_BIO_strings(void); + +/* + * BIO function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define BIO_F_ACPT_STATE 0 +# define BIO_F_ADDRINFO_WRAP 0 +# define BIO_F_ADDR_STRINGS 0 +# define BIO_F_BIO_ACCEPT 0 +# define BIO_F_BIO_ACCEPT_EX 0 +# define BIO_F_BIO_ACCEPT_NEW 0 +# define BIO_F_BIO_ADDR_NEW 0 +# define BIO_F_BIO_BIND 0 +# define BIO_F_BIO_CALLBACK_CTRL 0 +# define BIO_F_BIO_CONNECT 0 +# define BIO_F_BIO_CONNECT_NEW 0 +# define BIO_F_BIO_CTRL 0 +# define BIO_F_BIO_GETS 0 +# define BIO_F_BIO_GET_HOST_IP 0 +# define BIO_F_BIO_GET_NEW_INDEX 0 +# define BIO_F_BIO_GET_PORT 0 +# define BIO_F_BIO_LISTEN 0 +# define BIO_F_BIO_LOOKUP 0 +# define BIO_F_BIO_LOOKUP_EX 0 +# define BIO_F_BIO_MAKE_PAIR 0 +# define BIO_F_BIO_METH_NEW 0 +# define BIO_F_BIO_NEW 0 +# define BIO_F_BIO_NEW_DGRAM_SCTP 0 +# define BIO_F_BIO_NEW_FILE 0 +# define BIO_F_BIO_NEW_MEM_BUF 0 +# define BIO_F_BIO_NREAD 0 +# define BIO_F_BIO_NREAD0 0 +# define BIO_F_BIO_NWRITE 0 +# define BIO_F_BIO_NWRITE0 0 +# define BIO_F_BIO_PARSE_HOSTSERV 0 +# define BIO_F_BIO_PUTS 0 +# define BIO_F_BIO_READ 0 +# define BIO_F_BIO_READ_EX 0 +# define BIO_F_BIO_READ_INTERN 0 +# define BIO_F_BIO_SOCKET 0 +# define BIO_F_BIO_SOCKET_NBIO 0 +# define BIO_F_BIO_SOCK_INFO 0 +# define BIO_F_BIO_SOCK_INIT 0 +# define BIO_F_BIO_WRITE 0 +# define BIO_F_BIO_WRITE_EX 0 +# define BIO_F_BIO_WRITE_INTERN 0 +# define BIO_F_BUFFER_CTRL 0 +# define BIO_F_CONN_CTRL 0 +# define BIO_F_CONN_STATE 0 +# define BIO_F_DGRAM_SCTP_NEW 0 +# define BIO_F_DGRAM_SCTP_READ 0 +# define BIO_F_DGRAM_SCTP_WRITE 0 +# define BIO_F_DOAPR_OUTCH 0 +# define BIO_F_FILE_CTRL 0 +# define BIO_F_FILE_READ 0 +# define BIO_F_LINEBUFFER_CTRL 0 +# define BIO_F_LINEBUFFER_NEW 0 +# define BIO_F_MEM_WRITE 0 +# define BIO_F_NBIOF_NEW 0 +# define BIO_F_SLG_WRITE 0 +# define BIO_F_SSL_NEW 0 +# endif + +/* + * BIO reason codes. + */ +# define BIO_R_ACCEPT_ERROR 100 +# define BIO_R_ADDRINFO_ADDR_IS_NOT_AF_INET 141 +# define BIO_R_AMBIGUOUS_HOST_OR_SERVICE 129 +# define BIO_R_BAD_FOPEN_MODE 101 +# define BIO_R_BROKEN_PIPE 124 +# define BIO_R_CONNECT_ERROR 103 +# define BIO_R_CONNECT_TIMEOUT 147 +# define BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET 107 +# define BIO_R_GETSOCKNAME_ERROR 132 +# define BIO_R_GETSOCKNAME_TRUNCATED_ADDRESS 133 +# define BIO_R_GETTING_SOCKTYPE 134 +# define BIO_R_INVALID_ARGUMENT 125 +# define BIO_R_INVALID_SOCKET 135 +# define BIO_R_IN_USE 123 +# define BIO_R_LENGTH_TOO_LONG 102 +# define BIO_R_LISTEN_V6_ONLY 136 +# define BIO_R_LOOKUP_RETURNED_NOTHING 142 +# define BIO_R_MALFORMED_HOST_OR_SERVICE 130 +# define BIO_R_NBIO_CONNECT_ERROR 110 +# define BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED 143 +# define BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED 144 +# define BIO_R_NO_PORT_DEFINED 113 +# define BIO_R_NO_SUCH_FILE 128 +# define BIO_R_NULL_PARAMETER 115 +# define BIO_R_TRANSFER_ERROR 104 +# define BIO_R_TRANSFER_TIMEOUT 105 +# define BIO_R_UNABLE_TO_BIND_SOCKET 117 +# define BIO_R_UNABLE_TO_CREATE_SOCKET 118 +# define BIO_R_UNABLE_TO_KEEPALIVE 137 +# define BIO_R_UNABLE_TO_LISTEN_SOCKET 119 +# define BIO_R_UNABLE_TO_NODELAY 138 +# define BIO_R_UNABLE_TO_REUSEADDR 139 +# define BIO_R_UNAVAILABLE_IP_FAMILY 145 +# define BIO_R_UNINITIALIZED 120 +# define BIO_R_UNKNOWN_INFO_TYPE 140 +# define BIO_R_UNSUPPORTED_IP_FAMILY 146 +# define BIO_R_UNSUPPORTED_METHOD 121 +# define BIO_R_UNSUPPORTED_PROTOCOL_FAMILY 131 +# define BIO_R_WRITE_TO_READ_ONLY_BIO 126 +# define BIO_R_WSASTARTUP 122 + +#endif diff --git a/linux_amd64/ssl/include/openssl/blowfish.h b/linux_amd64/ssl/include/openssl/blowfish.h new file mode 100644 index 0000000..c83a208 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/blowfish.h @@ -0,0 +1,78 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_BLOWFISH_H +# define OPENSSL_BLOWFISH_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_BLOWFISH_H +# endif + +# include + +# ifndef OPENSSL_NO_BF +# include +# ifdef __cplusplus +extern "C" { +# endif + +# define BF_BLOCK 8 + +# ifndef OPENSSL_NO_DEPRECATED_3_0 + +# define BF_ENCRYPT 1 +# define BF_DECRYPT 0 + +/*- + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + * ! BF_LONG has to be at least 32 bits wide. ! + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + */ +# define BF_LONG unsigned int + +# define BF_ROUNDS 16 + +typedef struct bf_key_st { + BF_LONG P[BF_ROUNDS + 2]; + BF_LONG S[4 * 256]; +} BF_KEY; + +# endif /* OPENSSL_NO_DEPRECATED_3_0 */ + +DEPRECATEDIN_3_0(void BF_set_key(BF_KEY *key, int len, + const unsigned char *data)) + +DEPRECATEDIN_3_0(void BF_encrypt(BF_LONG *data, const BF_KEY *key)) +DEPRECATEDIN_3_0(void BF_decrypt(BF_LONG *data, const BF_KEY *key)) + +DEPRECATEDIN_3_0(void BF_ecb_encrypt(const unsigned char *in, + unsigned char *out, const BF_KEY *key, + int enc)) +DEPRECATEDIN_3_0(void BF_cbc_encrypt(const unsigned char *in, + unsigned char *out, long length, + const BF_KEY *schedule, + unsigned char *ivec, int enc)) +DEPRECATEDIN_3_0(void BF_cfb64_encrypt(const unsigned char *in, + unsigned char *out, + long length, const BF_KEY *schedule, + unsigned char *ivec, int *num, int enc)) +DEPRECATEDIN_3_0(void BF_ofb64_encrypt(const unsigned char *in, + unsigned char *out, + long length, const BF_KEY *schedule, + unsigned char *ivec, int *num)) +DEPRECATEDIN_3_0(const char *BF_options(void)) + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/linux_amd64/ssl/include/openssl/bn.h b/linux_amd64/ssl/include/openssl/bn.h new file mode 100644 index 0000000..69cd127 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/bn.h @@ -0,0 +1,561 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_BN_H +# define OPENSSL_BN_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_BN_H +# endif + +# include +# ifndef OPENSSL_NO_STDIO +# include +# endif +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * 64-bit processor with LP64 ABI + */ +# ifdef SIXTY_FOUR_BIT_LONG +# define BN_ULONG unsigned long +# define BN_BYTES 8 +# endif + +/* + * 64-bit processor other than LP64 ABI + */ +# ifdef SIXTY_FOUR_BIT +# define BN_ULONG unsigned long long +# define BN_BYTES 8 +# endif + +# ifdef THIRTY_TWO_BIT +# define BN_ULONG unsigned int +# define BN_BYTES 4 +# endif + +# define BN_BITS2 (BN_BYTES * 8) +# define BN_BITS (BN_BITS2 * 2) +# define BN_TBIT ((BN_ULONG)1 << (BN_BITS2 - 1)) + +# define BN_FLG_MALLOCED 0x01 +# define BN_FLG_STATIC_DATA 0x02 + +/* + * avoid leaking exponent information through timing, + * BN_mod_exp_mont() will call BN_mod_exp_mont_consttime, + * BN_div() will call BN_div_no_branch, + * BN_mod_inverse() will call BN_mod_inverse_no_branch. + */ +# define BN_FLG_CONSTTIME 0x04 +# define BN_FLG_SECURE 0x08 + +# ifndef OPENSSL_NO_DEPRECATED_0_9_8 +/* deprecated name for the flag */ +# define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME +# define BN_FLG_FREE 0x8000 /* used for debugging */ +# endif + +void BN_set_flags(BIGNUM *b, int n); +int BN_get_flags(const BIGNUM *b, int n); + +/* Values for |top| in BN_rand() */ +#define BN_RAND_TOP_ANY -1 +#define BN_RAND_TOP_ONE 0 +#define BN_RAND_TOP_TWO 1 + +/* Values for |bottom| in BN_rand() */ +#define BN_RAND_BOTTOM_ANY 0 +#define BN_RAND_BOTTOM_ODD 1 + +/* + * get a clone of a BIGNUM with changed flags, for *temporary* use only (the + * two BIGNUMs cannot be used in parallel!). Also only for *read only* use. The + * value |dest| should be a newly allocated BIGNUM obtained via BN_new() that + * has not been otherwise initialised or used. + */ +void BN_with_flags(BIGNUM *dest, const BIGNUM *b, int flags); + +/* Wrapper function to make using BN_GENCB easier */ +int BN_GENCB_call(BN_GENCB *cb, int a, int b); + +BN_GENCB *BN_GENCB_new(void); +void BN_GENCB_free(BN_GENCB *cb); + +/* Populate a BN_GENCB structure with an "old"-style callback */ +void BN_GENCB_set_old(BN_GENCB *gencb, void (*callback) (int, int, void *), + void *cb_arg); + +/* Populate a BN_GENCB structure with a "new"-style callback */ +void BN_GENCB_set(BN_GENCB *gencb, int (*callback) (int, int, BN_GENCB *), + void *cb_arg); + +void *BN_GENCB_get_arg(BN_GENCB *cb); + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define BN_prime_checks 0 /* default: select number of iterations based + * on the size of the number */ + +/* + * BN_prime_checks_for_size() returns the number of Miller-Rabin iterations + * that will be done for checking that a random number is probably prime. The + * error rate for accepting a composite number as prime depends on the size of + * the prime |b|. The error rates used are for calculating an RSA key with 2 primes, + * and so the level is what you would expect for a key of double the size of the + * prime. + * + * This table is generated using the algorithm of FIPS PUB 186-4 + * Digital Signature Standard (DSS), section F.1, page 117. + * (https://dx.doi.org/10.6028/NIST.FIPS.186-4) + * + * The following magma script was used to generate the output: + * securitybits:=125; + * k:=1024; + * for t:=1 to 65 do + * for M:=3 to Floor(2*Sqrt(k-1)-1) do + * S:=0; + * // Sum over m + * for m:=3 to M do + * s:=0; + * // Sum over j + * for j:=2 to m do + * s+:=(RealField(32)!2)^-(j+(k-1)/j); + * end for; + * S+:=2^(m-(m-1)*t)*s; + * end for; + * A:=2^(k-2-M*t); + * B:=8*(Pi(RealField(32))^2-6)/3*2^(k-2)*S; + * pkt:=2.00743*Log(2)*k*2^-k*(A+B); + * seclevel:=Floor(-Log(2,pkt)); + * if seclevel ge securitybits then + * printf "k: %5o, security: %o bits (t: %o, M: %o)\n",k,seclevel,t,M; + * break; + * end if; + * end for; + * if seclevel ge securitybits then break; end if; + * end for; + * + * It can be run online at: + * http://magma.maths.usyd.edu.au/calc + * + * And will output: + * k: 1024, security: 129 bits (t: 6, M: 23) + * + * k is the number of bits of the prime, securitybits is the level we want to + * reach. + * + * prime length | RSA key size | # MR tests | security level + * -------------+--------------|------------+--------------- + * (b) >= 6394 | >= 12788 | 3 | 256 bit + * (b) >= 3747 | >= 7494 | 3 | 192 bit + * (b) >= 1345 | >= 2690 | 4 | 128 bit + * (b) >= 1080 | >= 2160 | 5 | 128 bit + * (b) >= 852 | >= 1704 | 5 | 112 bit + * (b) >= 476 | >= 952 | 5 | 80 bit + * (b) >= 400 | >= 800 | 6 | 80 bit + * (b) >= 347 | >= 694 | 7 | 80 bit + * (b) >= 308 | >= 616 | 8 | 80 bit + * (b) >= 55 | >= 110 | 27 | 64 bit + * (b) >= 6 | >= 12 | 34 | 64 bit + */ + +# define BN_prime_checks_for_size(b) ((b) >= 3747 ? 3 : \ + (b) >= 1345 ? 4 : \ + (b) >= 476 ? 5 : \ + (b) >= 400 ? 6 : \ + (b) >= 347 ? 7 : \ + (b) >= 308 ? 8 : \ + (b) >= 55 ? 27 : \ + /* b >= 6 */ 34) +# endif + +# define BN_num_bytes(a) ((BN_num_bits(a)+7)/8) + +int BN_abs_is_word(const BIGNUM *a, const BN_ULONG w); +int BN_is_zero(const BIGNUM *a); +int BN_is_one(const BIGNUM *a); +int BN_is_word(const BIGNUM *a, const BN_ULONG w); +int BN_is_odd(const BIGNUM *a); + +# define BN_one(a) (BN_set_word((a),1)) + +void BN_zero_ex(BIGNUM *a); + +# if OPENSSL_API_LEVEL > 908 +# define BN_zero(a) BN_zero_ex(a) +# else +# define BN_zero(a) (BN_set_word((a),0)) +# endif + +const BIGNUM *BN_value_one(void); +char *BN_options(void); +BN_CTX *BN_CTX_new_ex(OPENSSL_CTX *ctx); +BN_CTX *BN_CTX_new(void); +BN_CTX *BN_CTX_secure_new_ex(OPENSSL_CTX *ctx); +BN_CTX *BN_CTX_secure_new(void); +void BN_CTX_free(BN_CTX *c); +void BN_CTX_start(BN_CTX *ctx); +BIGNUM *BN_CTX_get(BN_CTX *ctx); +void BN_CTX_end(BN_CTX *ctx); +int BN_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, BN_CTX *ctx); +int BN_rand(BIGNUM *rnd, int bits, int top, int bottom); +int BN_priv_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, BN_CTX *ctx); +int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom); +int BN_rand_range_ex(BIGNUM *r, const BIGNUM *range, BN_CTX *ctx); +int BN_rand_range(BIGNUM *rnd, const BIGNUM *range); +int BN_priv_rand_range_ex(BIGNUM *r, const BIGNUM *range, BN_CTX *ctx); +int BN_priv_rand_range(BIGNUM *rnd, const BIGNUM *range); +int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom); +int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range); +int BN_num_bits(const BIGNUM *a); +int BN_num_bits_word(BN_ULONG l); +int BN_security_bits(int L, int N); +BIGNUM *BN_new(void); +BIGNUM *BN_secure_new(void); +void BN_clear_free(BIGNUM *a); +BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b); +void BN_swap(BIGNUM *a, BIGNUM *b); +BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret); +int BN_bn2bin(const BIGNUM *a, unsigned char *to); +int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen); +BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret); +int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen); +BIGNUM *BN_native2bn(const unsigned char *s, int len, BIGNUM *ret); +int BN_bn2nativepad(const BIGNUM *a, unsigned char *to, int tolen); +BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret); +int BN_bn2mpi(const BIGNUM *a, unsigned char *to); +int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); +int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx); +/** BN_set_negative sets sign of a BIGNUM + * \param b pointer to the BIGNUM object + * \param n 0 if the BIGNUM b should be positive and a value != 0 otherwise + */ +void BN_set_negative(BIGNUM *b, int n); +/** BN_is_negative returns 1 if the BIGNUM is negative + * \param b pointer to the BIGNUM object + * \return 1 if a < 0 and 0 otherwise + */ +int BN_is_negative(const BIGNUM *b); + +int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, + BN_CTX *ctx); +# define BN_mod(rem,m,d,ctx) BN_div(NULL,(rem),(m),(d),(ctx)) +int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx); +int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, + BN_CTX *ctx); +int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *m); +int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, + BN_CTX *ctx); +int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *m); +int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, + BN_CTX *ctx); +int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); +int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); +int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m); +int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, + BN_CTX *ctx); +int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m); + +BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w); +BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w); +int BN_mul_word(BIGNUM *a, BN_ULONG w); +int BN_add_word(BIGNUM *a, BN_ULONG w); +int BN_sub_word(BIGNUM *a, BN_ULONG w); +int BN_set_word(BIGNUM *a, BN_ULONG w); +BN_ULONG BN_get_word(const BIGNUM *a); + +int BN_cmp(const BIGNUM *a, const BIGNUM *b); +void BN_free(BIGNUM *a); +int BN_is_bit_set(const BIGNUM *a, int n); +int BN_lshift(BIGNUM *r, const BIGNUM *a, int n); +int BN_lshift1(BIGNUM *r, const BIGNUM *a); +int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); + +int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx); +int BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *in_mont); +int BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +int BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1, const BIGNUM *p1, + const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m, + BN_CTX *ctx, BN_MONT_CTX *m_ctx); +int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx); + +int BN_mask_bits(BIGNUM *a, int n); +# ifndef OPENSSL_NO_STDIO +int BN_print_fp(FILE *fp, const BIGNUM *a); +# endif +int BN_print(BIO *bio, const BIGNUM *a); +int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx); +int BN_rshift(BIGNUM *r, const BIGNUM *a, int n); +int BN_rshift1(BIGNUM *r, const BIGNUM *a); +void BN_clear(BIGNUM *a); +BIGNUM *BN_dup(const BIGNUM *a); +int BN_ucmp(const BIGNUM *a, const BIGNUM *b); +int BN_set_bit(BIGNUM *a, int n); +int BN_clear_bit(BIGNUM *a, int n); +char *BN_bn2hex(const BIGNUM *a); +char *BN_bn2dec(const BIGNUM *a); +int BN_hex2bn(BIGNUM **a, const char *str); +int BN_dec2bn(BIGNUM **a, const char *str); +int BN_asc2bn(BIGNUM **a, const char *str); +int BN_gcd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); +int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); /* returns + * -2 for + * error */ +BIGNUM *BN_mod_inverse(BIGNUM *ret, + const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx); +BIGNUM *BN_mod_sqrt(BIGNUM *ret, + const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx); + +void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords); + +/* Deprecated versions */ +DEPRECATEDIN_0_9_8(BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, + const BIGNUM *add, + const BIGNUM *rem, + void (*callback) (int, int, + void *), + void *cb_arg)) +DEPRECATEDIN_0_9_8(int + BN_is_prime(const BIGNUM *p, int nchecks, + void (*callback) (int, int, void *), + BN_CTX *ctx, void *cb_arg)) +DEPRECATEDIN_0_9_8(int + BN_is_prime_fasttest(const BIGNUM *p, int nchecks, + void (*callback) (int, int, void *), + BN_CTX *ctx, void *cb_arg, + int do_trial_division)) + +DEPRECATEDIN_3_0(int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, BN_GENCB *cb)) +DEPRECATEDIN_3_0(int BN_is_prime_fasttest_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, + int do_trial_division, BN_GENCB *cb)) +/* Newer versions */ +int BN_generate_prime_ex2(BIGNUM *ret, int bits, int safe, + const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb, + BN_CTX *ctx); +int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add, + const BIGNUM *rem, BN_GENCB *cb); +int BN_check_prime(const BIGNUM *p, BN_CTX *ctx, BN_GENCB *cb); + +int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx); + +int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, + const BIGNUM *Xp, const BIGNUM *Xp1, + const BIGNUM *Xp2, const BIGNUM *e, BN_CTX *ctx, + BN_GENCB *cb); +int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, BIGNUM *Xp1, + BIGNUM *Xp2, const BIGNUM *Xp, const BIGNUM *e, + BN_CTX *ctx, BN_GENCB *cb); + +BN_MONT_CTX *BN_MONT_CTX_new(void); +int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + BN_MONT_CTX *mont, BN_CTX *ctx); +int BN_to_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, + BN_CTX *ctx); +int BN_from_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, + BN_CTX *ctx); +void BN_MONT_CTX_free(BN_MONT_CTX *mont); +int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx); +BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from); +BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, CRYPTO_RWLOCK *lock, + const BIGNUM *mod, BN_CTX *ctx); + +/* BN_BLINDING flags */ +# define BN_BLINDING_NO_UPDATE 0x00000001 +# define BN_BLINDING_NO_RECREATE 0x00000002 + +BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod); +void BN_BLINDING_free(BN_BLINDING *b); +int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx); +int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); +int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); +int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *); +int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, + BN_CTX *); + +int BN_BLINDING_is_current_thread(BN_BLINDING *b); +void BN_BLINDING_set_current_thread(BN_BLINDING *b); +int BN_BLINDING_lock(BN_BLINDING *b); +int BN_BLINDING_unlock(BN_BLINDING *b); + +unsigned long BN_BLINDING_get_flags(const BN_BLINDING *); +void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long); +BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, + const BIGNUM *e, BIGNUM *m, BN_CTX *ctx, + int (*bn_mod_exp) (BIGNUM *r, + const BIGNUM *a, + const BIGNUM *p, + const BIGNUM *m, + BN_CTX *ctx, + BN_MONT_CTX *m_ctx), + BN_MONT_CTX *m_ctx); + +DEPRECATEDIN_0_9_8(void BN_set_params(int mul, int high, int low, int mont)) +DEPRECATEDIN_0_9_8(int BN_get_params(int which)) /* 0, mul, 1 high, 2 low, 3 + * mont */ + +BN_RECP_CTX *BN_RECP_CTX_new(void); +void BN_RECP_CTX_free(BN_RECP_CTX *recp); +int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *rdiv, BN_CTX *ctx); +int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y, + BN_RECP_CTX *recp, BN_CTX *ctx); +int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx); +int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, + BN_RECP_CTX *recp, BN_CTX *ctx); + +# ifndef OPENSSL_NO_EC2M + +/* + * Functions for arithmetic over binary polynomials represented by BIGNUMs. + * The BIGNUM::neg property of BIGNUMs representing binary polynomials is + * ignored. Note that input arguments are not const so that their bit arrays + * can be expanded to the appropriate size if needed. + */ + +/* + * r = a + b + */ +int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +# define BN_GF2m_sub(r, a, b) BN_GF2m_add(r, a, b) +/* + * r=a mod p + */ +int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p); +/* r = (a * b) mod p */ +int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *p, BN_CTX *ctx); +/* r = (a * a) mod p */ +int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +/* r = (1 / b) mod p */ +int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx); +/* r = (a / b) mod p */ +int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *p, BN_CTX *ctx); +/* r = (a ^ b) mod p */ +int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *p, BN_CTX *ctx); +/* r = sqrt(a) mod p */ +int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + BN_CTX *ctx); +/* r^2 + r = a mod p */ +int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + BN_CTX *ctx); +# define BN_GF2m_cmp(a, b) BN_ucmp((a), (b)) +/*- + * Some functions allow for representation of the irreducible polynomials + * as an unsigned int[], say p. The irreducible f(t) is then of the form: + * t^p[0] + t^p[1] + ... + t^p[k] + * where m = p[0] > p[1] > ... > p[k] = 0. + */ +/* r = a mod p */ +int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[]); +/* r = (a * b) mod p */ +int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const int p[], BN_CTX *ctx); +/* r = (a * a) mod p */ +int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[], + BN_CTX *ctx); +/* r = (1 / b) mod p */ +int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const int p[], + BN_CTX *ctx); +/* r = (a / b) mod p */ +int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const int p[], BN_CTX *ctx); +/* r = (a ^ b) mod p */ +int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const int p[], BN_CTX *ctx); +/* r = sqrt(a) mod p */ +int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, + const int p[], BN_CTX *ctx); +/* r^2 + r = a mod p */ +int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a, + const int p[], BN_CTX *ctx); +int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max); +int BN_GF2m_arr2poly(const int p[], BIGNUM *a); + +# endif + +/* + * faster mod functions for the 'NIST primes' 0 <= a < p^2 + */ +int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); + +const BIGNUM *BN_get0_nist_prime_192(void); +const BIGNUM *BN_get0_nist_prime_224(void); +const BIGNUM *BN_get0_nist_prime_256(void); +const BIGNUM *BN_get0_nist_prime_384(void); +const BIGNUM *BN_get0_nist_prime_521(void); + +int (*BN_nist_mod_func(const BIGNUM *p)) (BIGNUM *r, const BIGNUM *a, + const BIGNUM *field, BN_CTX *ctx); + +int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, + const BIGNUM *priv, const unsigned char *message, + size_t message_len, BN_CTX *ctx); + +# ifndef OPENSSL_NO_DH +/* Primes from RFC 2409 */ +BIGNUM *BN_get_rfc2409_prime_768(BIGNUM *bn); +BIGNUM *BN_get_rfc2409_prime_1024(BIGNUM *bn); + +/* Primes from RFC 3526 */ +BIGNUM *BN_get_rfc3526_prime_1536(BIGNUM *bn); +BIGNUM *BN_get_rfc3526_prime_2048(BIGNUM *bn); +BIGNUM *BN_get_rfc3526_prime_3072(BIGNUM *bn); +BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *bn); +BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn); +BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn); + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define get_rfc2409_prime_768 BN_get_rfc2409_prime_768 +# define get_rfc2409_prime_1024 BN_get_rfc2409_prime_1024 +# define get_rfc3526_prime_1536 BN_get_rfc3526_prime_1536 +# define get_rfc3526_prime_2048 BN_get_rfc3526_prime_2048 +# define get_rfc3526_prime_3072 BN_get_rfc3526_prime_3072 +# define get_rfc3526_prime_4096 BN_get_rfc3526_prime_4096 +# define get_rfc3526_prime_6144 BN_get_rfc3526_prime_6144 +# define get_rfc3526_prime_8192 BN_get_rfc3526_prime_8192 +# endif +# endif + +int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom); + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/linux_amd64/ssl/include/openssl/bnerr.h b/linux_amd64/ssl/include/openssl/bnerr.h new file mode 100644 index 0000000..cce4cbb --- /dev/null +++ b/linux_amd64/ssl/include/openssl/bnerr.h @@ -0,0 +1,110 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_BNERR_H +# define OPENSSL_BNERR_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_BNERR_H +# endif + +# include +# include + + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_BN_strings(void); + +/* + * BN function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define BN_F_BNRAND 0 +# define BN_F_BNRAND_RANGE 0 +# define BN_F_BN_BLINDING_CONVERT_EX 0 +# define BN_F_BN_BLINDING_CREATE_PARAM 0 +# define BN_F_BN_BLINDING_INVERT_EX 0 +# define BN_F_BN_BLINDING_NEW 0 +# define BN_F_BN_BLINDING_UPDATE 0 +# define BN_F_BN_BN2DEC 0 +# define BN_F_BN_BN2HEX 0 +# define BN_F_BN_COMPUTE_WNAF 0 +# define BN_F_BN_CTX_GET 0 +# define BN_F_BN_CTX_NEW 0 +# define BN_F_BN_CTX_NEW_EX 0 +# define BN_F_BN_CTX_START 0 +# define BN_F_BN_DIV 0 +# define BN_F_BN_DIV_RECP 0 +# define BN_F_BN_EXP 0 +# define BN_F_BN_EXPAND_INTERNAL 0 +# define BN_F_BN_GENCB_NEW 0 +# define BN_F_BN_GENERATE_DSA_NONCE 0 +# define BN_F_BN_GENERATE_PRIME_EX 0 +# define BN_F_BN_GF2M_MOD 0 +# define BN_F_BN_GF2M_MOD_EXP 0 +# define BN_F_BN_GF2M_MOD_MUL 0 +# define BN_F_BN_GF2M_MOD_SOLVE_QUAD 0 +# define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR 0 +# define BN_F_BN_GF2M_MOD_SQR 0 +# define BN_F_BN_GF2M_MOD_SQRT 0 +# define BN_F_BN_LSHIFT 0 +# define BN_F_BN_MOD_EXP2_MONT 0 +# define BN_F_BN_MOD_EXP_MONT 0 +# define BN_F_BN_MOD_EXP_MONT_CONSTTIME 0 +# define BN_F_BN_MOD_EXP_MONT_WORD 0 +# define BN_F_BN_MOD_EXP_RECP 0 +# define BN_F_BN_MOD_EXP_SIMPLE 0 +# define BN_F_BN_MOD_INVERSE 0 +# define BN_F_BN_MOD_INVERSE_NO_BRANCH 0 +# define BN_F_BN_MOD_LSHIFT_QUICK 0 +# define BN_F_BN_MOD_SQRT 0 +# define BN_F_BN_MONT_CTX_NEW 0 +# define BN_F_BN_MPI2BN 0 +# define BN_F_BN_NEW 0 +# define BN_F_BN_POOL_GET 0 +# define BN_F_BN_RAND 0 +# define BN_F_BN_RAND_RANGE 0 +# define BN_F_BN_RECP_CTX_NEW 0 +# define BN_F_BN_RSHIFT 0 +# define BN_F_BN_SET_WORDS 0 +# define BN_F_BN_STACK_PUSH 0 +# define BN_F_BN_USUB 0 +# endif + +/* + * BN reason codes. + */ +# define BN_R_ARG2_LT_ARG3 100 +# define BN_R_BAD_RECIPROCAL 101 +# define BN_R_BIGNUM_TOO_LONG 114 +# define BN_R_BITS_TOO_SMALL 118 +# define BN_R_CALLED_WITH_EVEN_MODULUS 102 +# define BN_R_DIV_BY_ZERO 103 +# define BN_R_ENCODING_ERROR 104 +# define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA 105 +# define BN_R_INPUT_NOT_REDUCED 110 +# define BN_R_INVALID_LENGTH 106 +# define BN_R_INVALID_RANGE 115 +# define BN_R_INVALID_SHIFT 119 +# define BN_R_NOT_A_SQUARE 111 +# define BN_R_NOT_INITIALIZED 107 +# define BN_R_NO_INVERSE 108 +# define BN_R_NO_SOLUTION 116 +# define BN_R_NO_SUITABLE_DIGEST 120 +# define BN_R_PRIVATE_KEY_TOO_LARGE 117 +# define BN_R_P_IS_NOT_PRIME 112 +# define BN_R_TOO_MANY_ITERATIONS 113 +# define BN_R_TOO_MANY_TEMPORARY_VARIABLES 109 + +#endif diff --git a/linux_amd64/ssl/include/openssl/buffer.h b/linux_amd64/ssl/include/openssl/buffer.h new file mode 100644 index 0000000..5773b98 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/buffer.h @@ -0,0 +1,62 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_BUFFER_H +# define OPENSSL_BUFFER_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_BUFFER_H +# endif + +# include +# ifndef OPENSSL_CRYPTO_H +# include +# endif +# include + + +#ifdef __cplusplus +extern "C" { +#endif + +# include +# include + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define BUF_strdup(s) OPENSSL_strdup(s) +# define BUF_strndup(s, size) OPENSSL_strndup(s, size) +# define BUF_memdup(data, size) OPENSSL_memdup(data, size) +# define BUF_strlcpy(dst, src, size) OPENSSL_strlcpy(dst, src, size) +# define BUF_strlcat(dst, src, size) OPENSSL_strlcat(dst, src, size) +# define BUF_strnlen(str, maxlen) OPENSSL_strnlen(str, maxlen) +# endif + +struct buf_mem_st { + size_t length; /* current number of bytes */ + char *data; + size_t max; /* size of buffer */ + unsigned long flags; +}; + +# define BUF_MEM_FLAG_SECURE 0x01 + +BUF_MEM *BUF_MEM_new(void); +BUF_MEM *BUF_MEM_new_ex(unsigned long flags); +void BUF_MEM_free(BUF_MEM *a); +size_t BUF_MEM_grow(BUF_MEM *str, size_t len); +size_t BUF_MEM_grow_clean(BUF_MEM *str, size_t len); +void BUF_reverse(unsigned char *out, const unsigned char *in, size_t siz); + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/linux_amd64/ssl/include/openssl/buffererr.h b/linux_amd64/ssl/include/openssl/buffererr.h new file mode 100644 index 0000000..1a5de3a --- /dev/null +++ b/linux_amd64/ssl/include/openssl/buffererr.h @@ -0,0 +1,42 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_BUFFERERR_H +# define OPENSSL_BUFFERERR_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_BUFERR_H +# endif + +# include +# include + + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_BUF_strings(void); + +/* + * BUF function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define BUF_F_BUF_MEM_GROW 0 +# define BUF_F_BUF_MEM_GROW_CLEAN 0 +# define BUF_F_BUF_MEM_NEW 0 +# endif + +/* + * BUF reason codes. + */ + +#endif diff --git a/linux_amd64/ssl/include/openssl/camellia.h b/linux_amd64/ssl/include/openssl/camellia.h new file mode 100644 index 0000000..dc95dee --- /dev/null +++ b/linux_amd64/ssl/include/openssl/camellia.h @@ -0,0 +1,118 @@ +/* + * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_CAMELLIA_H +# define OPENSSL_CAMELLIA_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_CAMELLIA_H +# endif + +# include + +# ifndef OPENSSL_NO_CAMELLIA +# include +#ifdef __cplusplus +extern "C" { +#endif + +# define CAMELLIA_BLOCK_SIZE 16 + +# ifndef OPENSSL_NO_DEPRECATED_3_0 + +# define CAMELLIA_ENCRYPT 1 +# define CAMELLIA_DECRYPT 0 + +/* + * Because array size can't be a const in C, the following two are macros. + * Both sizes are in bytes. + */ + +/* This should be a hidden type, but EVP requires that the size be known */ + +# define CAMELLIA_TABLE_BYTE_LEN 272 +# define CAMELLIA_TABLE_WORD_LEN (CAMELLIA_TABLE_BYTE_LEN / 4) + +typedef unsigned int KEY_TABLE_TYPE[CAMELLIA_TABLE_WORD_LEN]; /* to match + * with WORD */ + +struct camellia_key_st { + union { + double d; /* ensures 64-bit align */ + KEY_TABLE_TYPE rd_key; + } u; + int grand_rounds; +}; +typedef struct camellia_key_st CAMELLIA_KEY; + +# endif /* OPENSSL_NO_DEPRECATED_3_0 */ + +DEPRECATEDIN_3_0(int Camellia_set_key(const unsigned char *userKey, + const int bits, + CAMELLIA_KEY *key)) + +DEPRECATEDIN_3_0(void Camellia_encrypt(const unsigned char *in, + unsigned char *out, + const CAMELLIA_KEY *key)) +DEPRECATEDIN_3_0(void Camellia_decrypt(const unsigned char *in, + unsigned char *out, + const CAMELLIA_KEY *key)) + +DEPRECATEDIN_3_0(void Camellia_ecb_encrypt(const unsigned char *in, + unsigned char *out, + const CAMELLIA_KEY *key, + const int enc)) +DEPRECATEDIN_3_0(void Camellia_cbc_encrypt(const unsigned char *in, + unsigned char *out, + size_t length, const + CAMELLIA_KEY *key, + unsigned char *ivec, const int enc)) +DEPRECATEDIN_3_0(void Camellia_cfb128_encrypt(const unsigned char *in, + unsigned char *out, + size_t length, + const CAMELLIA_KEY *key, + unsigned char *ivec, + int *num, + const int enc)) +DEPRECATEDIN_3_0(void Camellia_cfb1_encrypt(const unsigned char *in, + unsigned char *out, + size_t length, + const CAMELLIA_KEY *key, + unsigned char *ivec, + int *num, + const int enc)) +DEPRECATEDIN_3_0(void Camellia_cfb8_encrypt(const unsigned char *in, + unsigned char *out, + size_t length, + const CAMELLIA_KEY *key, + unsigned char *ivec, + int *num, + const int enc)) +DEPRECATEDIN_3_0(void Camellia_ofb128_encrypt(const unsigned char *in, + unsigned char *out, + size_t length, + const CAMELLIA_KEY *key, + unsigned char *ivec, + int *num)) +DEPRECATEDIN_3_0(void Camellia_ctr128_encrypt(const unsigned char *in, + unsigned char *out, + size_t length, + const CAMELLIA_KEY *key, + unsigned char ivec[CAMELLIA_BLOCK_SIZE], + unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE], + unsigned int *num)) + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/linux_amd64/ssl/include/openssl/cast.h b/linux_amd64/ssl/include/openssl/cast.h new file mode 100644 index 0000000..f338d41 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/cast.h @@ -0,0 +1,78 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_CAST_H +# define OPENSSL_CAST_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_CAST_H +# endif + +# include + +# ifndef OPENSSL_NO_CAST +# ifdef __cplusplus +extern "C" { +# endif + +# define CAST_BLOCK 8 +# define CAST_KEY_LENGTH 16 + +# ifndef OPENSSL_NO_DEPRECATED_3_0 + +# define CAST_ENCRYPT 1 +# define CAST_DECRYPT 0 + +# define CAST_LONG unsigned int + +typedef struct cast_key_st { + CAST_LONG data[32]; + int short_key; /* Use reduced rounds for short key */ +} CAST_KEY; + +# endif /* OPENSSL_NO_DEPRECATED_3_0 */ + +DEPRECATEDIN_3_0(void CAST_set_key(CAST_KEY *key, int len, + const unsigned char *data)) +DEPRECATEDIN_3_0(void CAST_ecb_encrypt(const unsigned char *in, + unsigned char *out, + const CAST_KEY *key, + int enc)) +DEPRECATEDIN_3_0(void CAST_encrypt(CAST_LONG *data, + const CAST_KEY *key)) +DEPRECATEDIN_3_0(void CAST_decrypt(CAST_LONG *data, + const CAST_KEY *key)) +DEPRECATEDIN_3_0(void CAST_cbc_encrypt(const unsigned char *in, + unsigned char *out, + long length, + const CAST_KEY *ks, + unsigned char *iv, + int enc)) +DEPRECATEDIN_3_0(void CAST_cfb64_encrypt(const unsigned char *in, + unsigned char *out, + long length, + const CAST_KEY *schedule, + unsigned char *ivec, + int *num, + int enc)) +DEPRECATEDIN_3_0(void CAST_ofb64_encrypt(const unsigned char *in, + unsigned char *out, + long length, + const CAST_KEY *schedule, + unsigned char *ivec, + int *num)) + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/linux_amd64/ssl/include/openssl/cmac.h b/linux_amd64/ssl/include/openssl/cmac.h new file mode 100644 index 0000000..2f43ece --- /dev/null +++ b/linux_amd64/ssl/include/openssl/cmac.h @@ -0,0 +1,50 @@ +/* + * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_CMAC_H +# define OPENSSL_CMAC_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_CMAC_H +# endif + +# ifndef OPENSSL_NO_CMAC + +# ifdef __cplusplus +extern "C" { +# endif + +# include + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +/* Opaque */ +typedef struct CMAC_CTX_st CMAC_CTX; +# endif + +DEPRECATEDIN_3_0(CMAC_CTX *CMAC_CTX_new(void)) +DEPRECATEDIN_3_0(void CMAC_CTX_cleanup(CMAC_CTX *ctx)) +DEPRECATEDIN_3_0(void CMAC_CTX_free(CMAC_CTX *ctx)) +DEPRECATEDIN_3_0(EVP_CIPHER_CTX *CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx)) +DEPRECATEDIN_3_0(int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in)) + +DEPRECATEDIN_3_0(int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen, + const EVP_CIPHER *cipher, ENGINE *impl)) +DEPRECATEDIN_3_0(int CMAC_Update(CMAC_CTX *ctx, const void *data, size_t dlen)) +DEPRECATEDIN_3_0(int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, + size_t *poutlen)) +DEPRECATEDIN_3_0(int CMAC_resume(CMAC_CTX *ctx)) + +# ifdef __cplusplus +} +# endif + +# endif +#endif diff --git a/linux_amd64/ssl/include/openssl/cmp.h b/linux_amd64/ssl/include/openssl/cmp.h new file mode 100644 index 0000000..43dcc69 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/cmp.h @@ -0,0 +1,360 @@ +/* + * Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright Nokia 2007-2019 + * Copyright Siemens AG 2015-2019 + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_CMP_H +# define OPENSSL_CMP_H + +# include +# ifndef OPENSSL_NO_CMP + +# include +# include +# include +# include + +/* explicit #includes not strictly needed since implied by the above: */ +# include +# include +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +# define OSSL_CMP_PVNO 2 + +/*- + * PKIFailureInfo ::= BIT STRING { + * -- since we can fail in more than one way! + * -- More codes may be added in the future if/when required. + * badAlg (0), + * -- unrecognized or unsupported Algorithm Identifier + * badMessageCheck (1), + * -- integrity check failed (e.g., signature did not verify) + * badRequest (2), + * -- transaction not permitted or supported + * badTime (3), + * -- messageTime was not sufficiently close to the system time, + * -- as defined by local policy + * badCertId (4), + * -- no certificate could be found matching the provided criteria + * badDataFormat (5), + * -- the data submitted has the wrong format + * wrongAuthority (6), + * -- the authority indicated in the request is different from the + * -- one creating the response token + * incorrectData (7), + * -- the requester's data is incorrect (for notary services) + * missingTimeStamp (8), + * -- when the timestamp is missing but should be there + * -- (by policy) + * badPOP (9), + * -- the proof-of-possession failed + * certRevoked (10), + * -- the certificate has already been revoked + * certConfirmed (11), + * -- the certificate has already been confirmed + * wrongIntegrity (12), + * -- invalid integrity, password based instead of signature or + * -- vice versa + * badRecipientNonce (13), + * -- invalid recipient nonce, either missing or wrong value + * timeNotAvailable (14), + * -- the TSA's time source is not available + * unacceptedPolicy (15), + * -- the requested TSA policy is not supported by the TSA. + * unacceptedExtension (16), + * -- the requested extension is not supported by the TSA. + * addInfoNotAvailable (17), + * -- the additional information requested could not be + * -- understood or is not available + * badSenderNonce (18), + * -- invalid sender nonce, either missing or wrong size + * badCertTemplate (19), + * -- invalid cert. template or missing mandatory information + * signerNotTrusted (20), + * -- signer of the message unknown or not trusted + * transactionIdInUse (21), + * -- the transaction identifier is already in use + * unsupportedVersion (22), + * -- the version of the message is not supported + * notAuthorized (23), + * -- the sender was not authorized to make the preceding + * -- request or perform the preceding action + * systemUnavail (24), + * -- the request cannot be handled due to system unavailability + * systemFailure (25), + * -- the request cannot be handled due to system failure + * duplicateCertReq (26) + * -- certificate cannot be issued because a duplicate + * -- certificate already exists + * } + */ +# define OSSL_CMP_PKIFAILUREINFO_badAlg 0 +# define OSSL_CMP_PKIFAILUREINFO_badMessageCheck 1 +# define OSSL_CMP_PKIFAILUREINFO_badRequest 2 +# define OSSL_CMP_PKIFAILUREINFO_badTime 3 +# define OSSL_CMP_PKIFAILUREINFO_badCertId 4 +# define OSSL_CMP_PKIFAILUREINFO_badDataFormat 5 +# define OSSL_CMP_PKIFAILUREINFO_wrongAuthority 6 +# define OSSL_CMP_PKIFAILUREINFO_incorrectData 7 +# define OSSL_CMP_PKIFAILUREINFO_missingTimeStamp 8 +# define OSSL_CMP_PKIFAILUREINFO_badPOP 9 +# define OSSL_CMP_PKIFAILUREINFO_certRevoked 10 +# define OSSL_CMP_PKIFAILUREINFO_certConfirmed 11 +# define OSSL_CMP_PKIFAILUREINFO_wrongIntegrity 12 +# define OSSL_CMP_PKIFAILUREINFO_badRecipientNonce 13 +# define OSSL_CMP_PKIFAILUREINFO_timeNotAvailable 14 +# define OSSL_CMP_PKIFAILUREINFO_unacceptedPolicy 15 +# define OSSL_CMP_PKIFAILUREINFO_unacceptedExtension 16 +# define OSSL_CMP_PKIFAILUREINFO_addInfoNotAvailable 17 +# define OSSL_CMP_PKIFAILUREINFO_badSenderNonce 18 +# define OSSL_CMP_PKIFAILUREINFO_badCertTemplate 19 +# define OSSL_CMP_PKIFAILUREINFO_signerNotTrusted 20 +# define OSSL_CMP_PKIFAILUREINFO_transactionIdInUse 21 +# define OSSL_CMP_PKIFAILUREINFO_unsupportedVersion 22 +# define OSSL_CMP_PKIFAILUREINFO_notAuthorized 23 +# define OSSL_CMP_PKIFAILUREINFO_systemUnavail 24 +# define OSSL_CMP_PKIFAILUREINFO_systemFailure 25 +# define OSSL_CMP_PKIFAILUREINFO_duplicateCertReq 26 +# define OSSL_CMP_PKIFAILUREINFO_MAX 26 +# define OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN \ + ((1 << (OSSL_CMP_PKIFAILUREINFO_MAX + 1)) - 1) +# if OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN > INT_MAX +# error CMP_PKIFAILUREINFO_MAX bit pattern does not fit in type int +# endif + +typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO; + +# define OSSL_CMP_CTX_FAILINFO_badAlg (1 << 0) +# define OSSL_CMP_CTX_FAILINFO_badMessageCheck (1 << 1) +# define OSSL_CMP_CTX_FAILINFO_badRequest (1 << 2) +# define OSSL_CMP_CTX_FAILINFO_badTime (1 << 3) +# define OSSL_CMP_CTX_FAILINFO_badCertId (1 << 4) +# define OSSL_CMP_CTX_FAILINFO_badDataFormat (1 << 5) +# define OSSL_CMP_CTX_FAILINFO_wrongAuthority (1 << 6) +# define OSSL_CMP_CTX_FAILINFO_incorrectData (1 << 7) +# define OSSL_CMP_CTX_FAILINFO_missingTimeStamp (1 << 8) +# define OSSL_CMP_CTX_FAILINFO_badPOP (1 << 9) +# define OSSL_CMP_CTX_FAILINFO_certRevoked (1 << 10) +# define OSSL_CMP_CTX_FAILINFO_certConfirmed (1 << 11) +# define OSSL_CMP_CTX_FAILINFO_wrongIntegrity (1 << 12) +# define OSSL_CMP_CTX_FAILINFO_badRecipientNonce (1 << 13) +# define OSSL_CMP_CTX_FAILINFO_timeNotAvailable (1 << 14) +# define OSSL_CMP_CTX_FAILINFO_unacceptedPolicy (1 << 15) +# define OSSL_CMP_CTX_FAILINFO_unacceptedExtension (1 << 16) +# define OSSL_CMP_CTX_FAILINFO_addInfoNotAvailable (1 << 17) +# define OSSL_CMP_CTX_FAILINFO_badSenderNonce (1 << 18) +# define OSSL_CMP_CTX_FAILINFO_badCertTemplate (1 << 19) +# define OSSL_CMP_CTX_FAILINFO_signerNotTrusted (1 << 20) +# define OSSL_CMP_CTX_FAILINFO_transactionIdInUse (1 << 21) +# define OSSL_CMP_CTX_FAILINFO_unsupportedVersion (1 << 22) +# define OSSL_CMP_CTX_FAILINFO_notAuthorized (1 << 23) +# define OSSL_CMP_CTX_FAILINFO_systemUnavail (1 << 24) +# define OSSL_CMP_CTX_FAILINFO_systemFailure (1 << 25) +# define OSSL_CMP_CTX_FAILINFO_duplicateCertReq (1 << 26) + +/*- + * PKIStatus ::= INTEGER { + * accepted (0), + * -- you got exactly what you asked for + * grantedWithMods (1), + * -- you got something like what you asked for; the + * -- requester is responsible for ascertaining the differences + * rejection (2), + * -- you don't get it, more information elsewhere in the message + * waiting (3), + * -- the request body part has not yet been processed; expect to + * -- hear more later (note: proper handling of this status + * -- response MAY use the polling req/rep PKIMessages specified + * -- in Section 5.3.22; alternatively, polling in the underlying + * -- transport layer MAY have some utility in this regard) + * revocationWarning (4), + * -- this message contains a warning that a revocation is + * -- imminent + * revocationNotification (5), + * -- notification that a revocation has occurred + * keyUpdateWarning (6) + * -- update already done for the oldCertId specified in + * -- CertReqMsg + * } + */ +# define OSSL_CMP_PKISTATUS_accepted 0 +# define OSSL_CMP_PKISTATUS_grantedWithMods 1 +# define OSSL_CMP_PKISTATUS_rejection 2 +# define OSSL_CMP_PKISTATUS_waiting 3 +# define OSSL_CMP_PKISTATUS_revocationWarning 4 +# define OSSL_CMP_PKISTATUS_revocationNotification 5 +# define OSSL_CMP_PKISTATUS_keyUpdateWarning 6 + +typedef ASN1_INTEGER OSSL_CMP_PKISTATUS; +DECLARE_ASN1_ITEM(OSSL_CMP_PKISTATUS) + +# define OSSL_CMP_CERTORENCCERT_CERTIFICATE 0 +# define OSSL_CMP_CERTORENCCERT_ENCRYPTEDCERT 1 + +/* data type declarations */ +typedef struct ossl_cmp_ctx_st OSSL_CMP_CTX; +typedef struct ossl_cmp_pkiheader_st OSSL_CMP_PKIHEADER; +DECLARE_ASN1_FUNCTIONS(OSSL_CMP_PKIHEADER) +typedef struct ossl_cmp_msg_st OSSL_CMP_MSG; +DECLARE_ASN1_ENCODE_FUNCTIONS(OSSL_CMP_MSG, OSSL_CMP_MSG, OSSL_CMP_MSG) +typedef struct ossl_cmp_certstatus_st OSSL_CMP_CERTSTATUS; +DEFINE_STACK_OF(OSSL_CMP_CERTSTATUS) +typedef struct ossl_cmp_itav_st OSSL_CMP_ITAV; +DEFINE_STACK_OF(OSSL_CMP_ITAV) +typedef struct ossl_cmp_revrepcontent_st OSSL_CMP_REVREPCONTENT; +typedef struct ossl_cmp_pkisi_st OSSL_CMP_PKISI; +DEFINE_STACK_OF(OSSL_CMP_PKISI) +typedef struct ossl_cmp_certrepmessage_st OSSL_CMP_CERTREPMESSAGE; +DEFINE_STACK_OF(OSSL_CMP_CERTREPMESSAGE) +typedef struct ossl_cmp_pollrep_st OSSL_CMP_POLLREP; +typedef STACK_OF(OSSL_CMP_POLLREP) OSSL_CMP_POLLREPCONTENT; +typedef struct ossl_cmp_certresponse_st OSSL_CMP_CERTRESPONSE; +DEFINE_STACK_OF(OSSL_CMP_CERTRESPONSE) +typedef STACK_OF(ASN1_UTF8STRING) OSSL_CMP_PKIFREETEXT; + +/* + * function DECLARATIONS + */ + +/* from cmp_asn.c */ +OSSL_CMP_ITAV *OSSL_CMP_ITAV_create(ASN1_OBJECT *type, ASN1_TYPE *value); +void OSSL_CMP_ITAV_set0(OSSL_CMP_ITAV *itav, ASN1_OBJECT *type, + ASN1_TYPE *value); +ASN1_OBJECT *OSSL_CMP_ITAV_get0_type(const OSSL_CMP_ITAV *itav); +ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav); +int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p, + OSSL_CMP_ITAV *itav); +void OSSL_CMP_ITAV_free(OSSL_CMP_ITAV *itav); +void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg); + +/* from cmp_ctx.c */ +OSSL_CMP_CTX *OSSL_CMP_CTX_new(void); +void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx); +int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx); +/* various CMP options: */ +# define OSSL_CMP_OPT_LOG_VERBOSITY 0 +# define OSSL_CMP_OPT_MSGTIMEOUT 1 +# define OSSL_CMP_OPT_TOTALTIMEOUT 2 +# define OSSL_CMP_OPT_VALIDITYDAYS 3 +# define OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT 4 +# define OSSL_CMP_OPT_SUBJECTALTNAME_CRITICAL 5 +# define OSSL_CMP_OPT_POLICIES_CRITICAL 6 +# define OSSL_CMP_OPT_POPOMETHOD 7 +# define OSSL_CMP_OPT_DIGEST_ALGNID 8 +# define OSSL_CMP_OPT_OWF_ALGNID 9 +# define OSSL_CMP_OPT_MAC_ALGNID 10 +# define OSSL_CMP_OPT_REVOCATION_REASON 11 +# define OSSL_CMP_OPT_IMPLICITCONFIRM 12 +# define OSSL_CMP_OPT_DISABLECONFIRM 13 +# define OSSL_CMP_OPT_UNPROTECTED_SEND 14 +# define OSSL_CMP_OPT_UNPROTECTED_ERRORS 15 +# define OSSL_CMP_OPT_IGNORE_KEYUSAGE 16 +# define OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR 17 +int OSSL_CMP_CTX_set_option(OSSL_CMP_CTX *ctx, int opt, int val); +int OSSL_CMP_CTX_get_option(const OSSL_CMP_CTX *ctx, int opt); +/* CMP-specific callback for logging and outputting the error queue: */ +int OSSL_CMP_CTX_set_log_cb(OSSL_CMP_CTX *ctx, OSSL_cmp_log_cb_t cb); +# define OSSL_CMP_CTX_set_log_verbosity(ctx, level) \ + OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_LOG_VERBOSITY, level) +void OSSL_CMP_CTX_print_errors(OSSL_CMP_CTX *ctx); +/* message transfer: */ +int OSSL_CMP_CTX_set1_serverPath(OSSL_CMP_CTX *ctx, const char *path); +int OSSL_CMP_CTX_set1_serverName(OSSL_CMP_CTX *ctx, const char *name); +int OSSL_CMP_CTX_set_serverPort(OSSL_CMP_CTX *ctx, int port); +int OSSL_CMP_CTX_set1_proxyName(OSSL_CMP_CTX *ctx, const char *name); +int OSSL_CMP_CTX_set_proxyPort(OSSL_CMP_CTX *ctx, int port); +# define OSSL_CMP_DEFAULT_PORT 80 +int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_HTTP_bio_cb_t cb); +int OSSL_CMP_CTX_set_http_cb_arg(OSSL_CMP_CTX *ctx, void *arg); +void *OSSL_CMP_CTX_get_http_cb_arg(const OSSL_CMP_CTX *ctx); +typedef OSSL_CMP_MSG *(*OSSL_cmp_transfer_cb_t) (OSSL_CMP_CTX *ctx, + const OSSL_CMP_MSG *req); +int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX *ctx, OSSL_cmp_transfer_cb_t cb); +int OSSL_CMP_CTX_set_transfer_cb_arg(OSSL_CMP_CTX *ctx, void *arg); +void *OSSL_CMP_CTX_get_transfer_cb_arg(const OSSL_CMP_CTX *ctx); +/* server authentication: */ +int OSSL_CMP_CTX_set1_srvCert(OSSL_CMP_CTX *ctx, X509 *cert); +int OSSL_CMP_CTX_set1_expected_sender(OSSL_CMP_CTX *ctx, const X509_NAME *name); +int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX *ctx, X509_STORE *store); +X509_STORE *OSSL_CMP_CTX_get0_trustedStore(const OSSL_CMP_CTX *ctx); +int OSSL_CMP_CTX_set1_untrusted_certs(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs); +STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted_certs(const OSSL_CMP_CTX *ctx); +/* client authentication: */ +int OSSL_CMP_CTX_set1_clCert(OSSL_CMP_CTX *ctx, X509 *cert); +int OSSL_CMP_CTX_set1_pkey(OSSL_CMP_CTX *ctx, EVP_PKEY *pkey); +int OSSL_CMP_CTX_set1_referenceValue(OSSL_CMP_CTX *ctx, + const unsigned char *ref, int len); +int OSSL_CMP_CTX_set1_secretValue(OSSL_CMP_CTX *ctx, const unsigned char *sec, + const int len); +/* CMP message header and extra certificates: */ +int OSSL_CMP_CTX_set1_recipient(OSSL_CMP_CTX *ctx, const X509_NAME *name); +int OSSL_CMP_CTX_push0_geninfo_ITAV(OSSL_CMP_CTX *ctx, OSSL_CMP_ITAV *itav); +int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx, + STACK_OF(X509) *extraCertsOut); +/* certificate template: */ +int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey); +EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv); +int OSSL_CMP_CTX_set1_issuer(OSSL_CMP_CTX *ctx, const X509_NAME *name); +int OSSL_CMP_CTX_set1_subjectName(OSSL_CMP_CTX *ctx, const X509_NAME *name); +int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx, const GENERAL_NAME *name); +int OSSL_CMP_CTX_set0_reqExtensions(OSSL_CMP_CTX *ctx, X509_EXTENSIONS *exts); +int OSSL_CMP_CTX_reqExtensions_have_SAN(OSSL_CMP_CTX *ctx); +int OSSL_CMP_CTX_push0_policy(OSSL_CMP_CTX *ctx, POLICYINFO *pinfo); +int OSSL_CMP_CTX_set1_oldCert(OSSL_CMP_CTX *ctx, X509 *cert); +int OSSL_CMP_CTX_set1_p10CSR(OSSL_CMP_CTX *ctx, const X509_REQ *csr); +/* misc body contents: */ +int OSSL_CMP_CTX_push0_genm_ITAV(OSSL_CMP_CTX *ctx, OSSL_CMP_ITAV *itav); +/* certificate confirmation: */ +typedef int (*OSSL_cmp_certConf_cb_t) (OSSL_CMP_CTX *ctx, X509 *cert, + int fail_info, const char **txt); +int OSSL_CMP_CTX_set_certConf_cb(OSSL_CMP_CTX *ctx, OSSL_cmp_certConf_cb_t cb); +int OSSL_CMP_CTX_set_certConf_cb_arg(OSSL_CMP_CTX *ctx, void *arg); +void *OSSL_CMP_CTX_get_certConf_cb_arg(const OSSL_CMP_CTX *ctx); +/* result fetching: */ +int OSSL_CMP_CTX_get_status(const OSSL_CMP_CTX *ctx); +OSSL_CMP_PKIFREETEXT *OSSL_CMP_CTX_get0_statusString(const OSSL_CMP_CTX *ctx); +int OSSL_CMP_CTX_get_failInfoCode(const OSSL_CMP_CTX *ctx); +# define OSSL_CMP_PKISI_BUFLEN 1024 +X509 *OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX *ctx); +STACK_OF(X509) *OSSL_CMP_CTX_get1_caPubs(const OSSL_CMP_CTX *ctx); +STACK_OF(X509) *OSSL_CMP_CTX_get1_extraCertsIn(const OSSL_CMP_CTX *ctx); +/* support application-level CMP debugging in cmp.c: */ +int OSSL_CMP_CTX_set1_transactionID(OSSL_CMP_CTX *ctx, + const ASN1_OCTET_STRING *id); +int OSSL_CMP_CTX_set1_senderNonce(OSSL_CMP_CTX *ctx, + const ASN1_OCTET_STRING *nonce); + +/* from cmp_status.c */ +char *OSSL_CMP_CTX_snprint_PKIStatus(OSSL_CMP_CTX *ctx, char *buf, + size_t bufsize); + +/* from cmp_hdr.c */ +/* support application-level CMP debugging in cmp.c: */ +ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_transactionID(const OSSL_CMP_PKIHEADER *hdr); +ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_recipNonce(const OSSL_CMP_PKIHEADER *hdr); + +/* from cmp_msg.c */ +/* support application-level CMP debugging in cmp.c: */ +OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg); + +/* from cmp_vfy.c */ +int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg); +int OSSL_CMP_validate_cert_path(OSSL_CMP_CTX *ctx, + X509_STORE *trusted_store, X509 *cert); + +# ifdef __cplusplus +} +# endif +# endif /* !defined OPENSSL_NO_CMP */ +#endif /* !defined OPENSSL_CMP_H */ diff --git a/linux_amd64/ssl/include/openssl/cmp_util.h b/linux_amd64/ssl/include/openssl/cmp_util.h new file mode 100644 index 0000000..56fb49e --- /dev/null +++ b/linux_amd64/ssl/include/openssl/cmp_util.h @@ -0,0 +1,54 @@ +/* + * Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright Nokia 2007-2019 + * Copyright Siemens AG 2015-2019 + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_CMP_UTIL_H +# define OPENSSL_CMP_UTIL_H + +# include +# ifndef OPENSSL_NO_CMP + +# include +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +int OSSL_CMP_log_open(void); +void OSSL_CMP_log_close(void); +# define OSSL_CMP_LOG_PREFIX "CMP " + +/* + * generalized logging/error callback mirroring the severity levels of syslog.h + */ +typedef int OSSL_CMP_severity; +# define OSSL_CMP_LOG_EMERG 0 +# define OSSL_CMP_LOG_ALERT 1 +# define OSSL_CMP_LOG_CRIT 2 +# define OSSL_CMP_LOG_ERR 3 +# define OSSL_CMP_LOG_WARNING 4 +# define OSSL_CMP_LOG_NOTICE 5 +# define OSSL_CMP_LOG_INFO 6 +# define OSSL_CMP_LOG_DEBUG 7 +typedef int (*OSSL_cmp_log_cb_t)(const char *func, const char *file, int line, + OSSL_CMP_severity level, const char *msg); + +int OSSL_CMP_print_to_bio(BIO *bio, const char *component, const char *file, + int line, OSSL_CMP_severity level, const char *msg); +/* use of the logging callback for outputting error queue */ +void OSSL_CMP_print_errors_cb(OSSL_cmp_log_cb_t log_fn); + +# ifdef __cplusplus +} +# endif +# endif /* !defined OPENSSL_NO_CMP */ +#endif /* !defined OPENSSL_CMP_UTIL_H */ diff --git a/linux_amd64/ssl/include/openssl/cmperr.h b/linux_amd64/ssl/include/openssl/cmperr.h new file mode 100644 index 0000000..51795a5 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/cmperr.h @@ -0,0 +1,91 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_CMPERR_H +# define OPENSSL_CMPERR_H + +# include +# include + + +# include + +# ifndef OPENSSL_NO_CMP + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_CMP_strings(void); + +/* + * CMP function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# endif + +/* + * CMP reason codes. + */ +# define CMP_R_ALGORITHM_NOT_SUPPORTED 139 +# define CMP_R_BAD_REQUEST_ID 108 +# define CMP_R_CERTID_NOT_FOUND 109 +# define CMP_R_CERTIFICATE_NOT_FOUND 112 +# define CMP_R_CERTRESPONSE_NOT_FOUND 113 +# define CMP_R_CERT_AND_KEY_DO_NOT_MATCH 114 +# define CMP_R_ERROR_CALCULATING_PROTECTION 115 +# define CMP_R_ERROR_CREATING_CERTCONF 116 +# define CMP_R_ERROR_CREATING_CERTREP 117 +# define CMP_R_ERROR_CREATING_ERROR 118 +# define CMP_R_ERROR_CREATING_GENM 119 +# define CMP_R_ERROR_CREATING_GENP 120 +# define CMP_R_ERROR_CREATING_P10CR 121 +# define CMP_R_ERROR_CREATING_PKICONF 122 +# define CMP_R_ERROR_CREATING_POLLREP 123 +# define CMP_R_ERROR_CREATING_POLLREQ 124 +# define CMP_R_ERROR_CREATING_RP 125 +# define CMP_R_ERROR_CREATING_RR 126 +# define CMP_R_ERROR_PARSING_PKISTATUS 107 +# define CMP_R_ERROR_PROTECTING_MESSAGE 127 +# define CMP_R_ERROR_SETTING_CERTHASH 128 +# define CMP_R_ERROR_VALIDATING_PROTECTION 140 +# define CMP_R_FAILED_EXTRACTING_PUBKEY 141 +# define CMP_R_FAILURE_OBTAINING_RANDOM 110 +# define CMP_R_FAIL_INFO_OUT_OF_RANGE 129 +# define CMP_R_INVALID_ARGS 100 +# define CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION 130 +# define CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE 142 +# define CMP_R_MISSING_PRIVATE_KEY 131 +# define CMP_R_MISSING_PROTECTION 143 +# define CMP_R_MISSING_SENDER_IDENTIFICATION 111 +# define CMP_R_MISSING_TRUST_STORE 144 +# define CMP_R_MULTIPLE_SAN_SOURCES 102 +# define CMP_R_NO_STDIO 194 +# define CMP_R_NO_SUITABLE_SENDER_CERT 145 +# define CMP_R_NULL_ARGUMENT 103 +# define CMP_R_PKIBODY_ERROR 146 +# define CMP_R_PKISTATUSINFO_NOT_FOUND 132 +# define CMP_R_POTENTIALLY_INVALID_CERTIFICATE 147 +# define CMP_R_RECIPNONCE_UNMATCHED 148 +# define CMP_R_REQUEST_NOT_ACCEPTED 149 +# define CMP_R_SENDER_GENERALNAME_TYPE_NOT_SUPPORTED 150 +# define CMP_R_SRVCERT_DOES_NOT_VALIDATE_MSG 151 +# define CMP_R_TRANSACTIONID_UNMATCHED 152 +# define CMP_R_UNEXPECTED_PKIBODY 133 +# define CMP_R_UNEXPECTED_PVNO 153 +# define CMP_R_UNKNOWN_ALGORITHM_ID 134 +# define CMP_R_UNKNOWN_CERT_TYPE 135 +# define CMP_R_UNSUPPORTED_ALGORITHM 136 +# define CMP_R_UNSUPPORTED_KEY_TYPE 137 +# define CMP_R_UNSUPPORTED_PROTECTION_ALG_DHBASEDMAC 154 +# define CMP_R_WRONG_ALGORITHM_OID 138 +# define CMP_R_WRONG_PBM_VALUE 155 + +# endif +#endif diff --git a/linux_amd64/ssl/include/openssl/cms.h b/linux_amd64/ssl/include/openssl/cms.h new file mode 100644 index 0000000..1d502fa --- /dev/null +++ b/linux_amd64/ssl/include/openssl/cms.h @@ -0,0 +1,346 @@ +/* + * Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_CMS_H +# define OPENSSL_CMS_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_CMS_H +# endif + +# include + +# ifndef OPENSSL_NO_CMS +# include +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + +typedef struct CMS_ContentInfo_st CMS_ContentInfo; +typedef struct CMS_SignerInfo_st CMS_SignerInfo; +typedef struct CMS_CertificateChoices CMS_CertificateChoices; +typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice; +typedef struct CMS_RecipientInfo_st CMS_RecipientInfo; +typedef struct CMS_ReceiptRequest_st CMS_ReceiptRequest; +typedef struct CMS_Receipt_st CMS_Receipt; +typedef struct CMS_RecipientEncryptedKey_st CMS_RecipientEncryptedKey; +typedef struct CMS_OtherKeyAttribute_st CMS_OtherKeyAttribute; + +DEFINE_STACK_OF(CMS_SignerInfo) +DEFINE_STACK_OF(CMS_RecipientEncryptedKey) +DEFINE_STACK_OF(CMS_RecipientInfo) +DEFINE_STACK_OF(CMS_RevocationInfoChoice) +DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo) +DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest) +DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo) + +# define CMS_SIGNERINFO_ISSUER_SERIAL 0 +# define CMS_SIGNERINFO_KEYIDENTIFIER 1 + +# define CMS_RECIPINFO_NONE -1 +# define CMS_RECIPINFO_TRANS 0 +# define CMS_RECIPINFO_AGREE 1 +# define CMS_RECIPINFO_KEK 2 +# define CMS_RECIPINFO_PASS 3 +# define CMS_RECIPINFO_OTHER 4 + +/* S/MIME related flags */ + +# define CMS_TEXT 0x1 +# define CMS_NOCERTS 0x2 +# define CMS_NO_CONTENT_VERIFY 0x4 +# define CMS_NO_ATTR_VERIFY 0x8 +# define CMS_NOSIGS \ + (CMS_NO_CONTENT_VERIFY|CMS_NO_ATTR_VERIFY) +# define CMS_NOINTERN 0x10 +# define CMS_NO_SIGNER_CERT_VERIFY 0x20 +# define CMS_NOVERIFY 0x20 +# define CMS_DETACHED 0x40 +# define CMS_BINARY 0x80 +# define CMS_NOATTR 0x100 +# define CMS_NOSMIMECAP 0x200 +# define CMS_NOOLDMIMETYPE 0x400 +# define CMS_CRLFEOL 0x800 +# define CMS_STREAM 0x1000 +# define CMS_NOCRL 0x2000 +# define CMS_PARTIAL 0x4000 +# define CMS_REUSE_DIGEST 0x8000 +# define CMS_USE_KEYID 0x10000 +# define CMS_DEBUG_DECRYPT 0x20000 +# define CMS_KEY_PARAM 0x40000 +# define CMS_ASCIICRLF 0x80000 +# define CMS_CADES 0x100000 + +const ASN1_OBJECT *CMS_get0_type(const CMS_ContentInfo *cms); + +BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont); +int CMS_dataFinal(CMS_ContentInfo *cms, BIO *bio); + +ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms); +int CMS_is_detached(CMS_ContentInfo *cms); +int CMS_set_detached(CMS_ContentInfo *cms, int detached); + +# ifdef OPENSSL_PEM_H +DECLARE_PEM_rw(CMS, CMS_ContentInfo) +# endif +int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms); +CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms); +int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms); + +BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms); +int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags); +int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, + int flags); +CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont); +int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags); + +int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, + unsigned int flags); + +CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, + STACK_OF(X509) *certs, BIO *data, + unsigned int flags); + +CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, + X509 *signcert, EVP_PKEY *pkey, + STACK_OF(X509) *certs, unsigned int flags); + +int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags); +CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags); + +int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out, + unsigned int flags); +CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md, + unsigned int flags); + +int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms, + const unsigned char *key, size_t keylen, + BIO *dcont, BIO *out, unsigned int flags); + +CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher, + const unsigned char *key, + size_t keylen, unsigned int flags); + +int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph, + const unsigned char *key, size_t keylen); + +int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, + X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags); + +int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms, + STACK_OF(X509) *certs, + X509_STORE *store, unsigned int flags); + +STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms); + +CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in, + const EVP_CIPHER *cipher, unsigned int flags); + +int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert, + BIO *dcont, BIO *out, unsigned int flags); + +int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert); +int CMS_decrypt_set1_key(CMS_ContentInfo *cms, + unsigned char *key, size_t keylen, + const unsigned char *id, size_t idlen); +int CMS_decrypt_set1_password(CMS_ContentInfo *cms, + unsigned char *pass, ossl_ssize_t passlen); + +STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms); +int CMS_RecipientInfo_type(CMS_RecipientInfo *ri); +EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri); +CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher); +CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, + X509 *recip, unsigned int flags); +int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey); +int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert); +int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri, + EVP_PKEY **pk, X509 **recip, + X509_ALGOR **palg); +int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri, + ASN1_OCTET_STRING **keyid, + X509_NAME **issuer, + ASN1_INTEGER **sno); + +CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid, + unsigned char *key, size_t keylen, + unsigned char *id, size_t idlen, + ASN1_GENERALIZEDTIME *date, + ASN1_OBJECT *otherTypeId, + ASN1_TYPE *otherType); + +int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, + X509_ALGOR **palg, + ASN1_OCTET_STRING **pid, + ASN1_GENERALIZEDTIME **pdate, + ASN1_OBJECT **potherid, + ASN1_TYPE **pothertype); + +int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, + unsigned char *key, size_t keylen); + +int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, + const unsigned char *id, size_t idlen); + +int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri, + unsigned char *pass, + ossl_ssize_t passlen); + +CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, + int iter, int wrap_nid, + int pbe_nid, + unsigned char *pass, + ossl_ssize_t passlen, + const EVP_CIPHER *kekciph); + +int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri); +int CMS_RecipientInfo_encrypt(const CMS_ContentInfo *cms, CMS_RecipientInfo *ri); + +int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, + unsigned int flags); +CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags); + +int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid); +const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms); + +CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms); +int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert); +int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert); +STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms); + +CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms); +int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl); +int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl); +STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms); + +int CMS_SignedData_init(CMS_ContentInfo *cms); +CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, + X509 *signer, EVP_PKEY *pk, const EVP_MD *md, + unsigned int flags); +EVP_PKEY_CTX *CMS_SignerInfo_get0_pkey_ctx(CMS_SignerInfo *si); +EVP_MD_CTX *CMS_SignerInfo_get0_md_ctx(CMS_SignerInfo *si); +STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms); + +void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer); +int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, + ASN1_OCTET_STRING **keyid, + X509_NAME **issuer, ASN1_INTEGER **sno); +int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert); +int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *certs, + unsigned int flags); +void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, + X509 **signer, X509_ALGOR **pdig, + X509_ALGOR **psig); +ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si); +int CMS_SignerInfo_sign(CMS_SignerInfo *si); +int CMS_SignerInfo_verify(CMS_SignerInfo *si); +int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain); + +int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs); +int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, + int algnid, int keysize); +int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap); + +int CMS_signed_get_attr_count(const CMS_SignerInfo *si); +int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid, + int lastpos); +int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, const ASN1_OBJECT *obj, + int lastpos); +X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc); +X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc); +int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr); +int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si, + const ASN1_OBJECT *obj, int type, + const void *bytes, int len); +int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si, + int nid, int type, + const void *bytes, int len); +int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si, + const char *attrname, int type, + const void *bytes, int len); +void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, const ASN1_OBJECT *oid, + int lastpos, int type); + +int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si); +int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid, + int lastpos); +int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, + const ASN1_OBJECT *obj, int lastpos); +X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc); +X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc); +int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr); +int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si, + const ASN1_OBJECT *obj, int type, + const void *bytes, int len); +int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si, + int nid, int type, + const void *bytes, int len); +int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si, + const char *attrname, int type, + const void *bytes, int len); +void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, + int lastpos, int type); + +int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr); +CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen, + int allorfirst, + STACK_OF(GENERAL_NAMES) + *receiptList, STACK_OF(GENERAL_NAMES) + *receiptsTo); +int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr); +void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, + ASN1_STRING **pcid, + int *pallorfirst, + STACK_OF(GENERAL_NAMES) **plist, + STACK_OF(GENERAL_NAMES) **prto); +int CMS_RecipientInfo_kari_get0_alg(CMS_RecipientInfo *ri, + X509_ALGOR **palg, + ASN1_OCTET_STRING **pukm); +STACK_OF(CMS_RecipientEncryptedKey) +*CMS_RecipientInfo_kari_get0_reks(CMS_RecipientInfo *ri); + +int CMS_RecipientInfo_kari_get0_orig_id(CMS_RecipientInfo *ri, + X509_ALGOR **pubalg, + ASN1_BIT_STRING **pubkey, + ASN1_OCTET_STRING **keyid, + X509_NAME **issuer, + ASN1_INTEGER **sno); + +int CMS_RecipientInfo_kari_orig_id_cmp(CMS_RecipientInfo *ri, X509 *cert); + +int CMS_RecipientEncryptedKey_get0_id(CMS_RecipientEncryptedKey *rek, + ASN1_OCTET_STRING **keyid, + ASN1_GENERALIZEDTIME **tm, + CMS_OtherKeyAttribute **other, + X509_NAME **issuer, ASN1_INTEGER **sno); +int CMS_RecipientEncryptedKey_cert_cmp(CMS_RecipientEncryptedKey *rek, + X509 *cert); +int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk); +EVP_CIPHER_CTX *CMS_RecipientInfo_kari_get0_ctx(CMS_RecipientInfo *ri); +int CMS_RecipientInfo_kari_decrypt(CMS_ContentInfo *cms, + CMS_RecipientInfo *ri, + CMS_RecipientEncryptedKey *rek); + +int CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg, + ASN1_OCTET_STRING *ukm, int keylen); + +/* Backward compatibility for spelling errors. */ +# define CMS_R_UNKNOWN_DIGEST_ALGORITM CMS_R_UNKNOWN_DIGEST_ALGORITHM +# define CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE \ + CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/linux_amd64/ssl/include/openssl/cmserr.h b/linux_amd64/ssl/include/openssl/cmserr.h new file mode 100644 index 0000000..10e0fd6 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/cmserr.h @@ -0,0 +1,212 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_CMSERR_H +# define OPENSSL_CMSERR_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_CMSERR_H +# endif + +# include +# include + + +# include + +# ifndef OPENSSL_NO_CMS + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_CMS_strings(void); + +/* + * CMS function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define CMS_F_CHECK_CONTENT 0 +# define CMS_F_CMS_ADD0_CERT 0 +# define CMS_F_CMS_ADD0_RECIPIENT_KEY 0 +# define CMS_F_CMS_ADD0_RECIPIENT_PASSWORD 0 +# define CMS_F_CMS_ADD1_RECEIPTREQUEST 0 +# define CMS_F_CMS_ADD1_RECIPIENT_CERT 0 +# define CMS_F_CMS_ADD1_SIGNER 0 +# define CMS_F_CMS_ADD1_SIGNINGTIME 0 +# define CMS_F_CMS_ADD1_SIGNING_CERT 0 +# define CMS_F_CMS_ADD1_SIGNING_CERT_V2 0 +# define CMS_F_CMS_COMPRESS 0 +# define CMS_F_CMS_COMPRESSEDDATA_CREATE 0 +# define CMS_F_CMS_COMPRESSEDDATA_INIT_BIO 0 +# define CMS_F_CMS_COPY_CONTENT 0 +# define CMS_F_CMS_COPY_MESSAGEDIGEST 0 +# define CMS_F_CMS_DATA 0 +# define CMS_F_CMS_DATAFINAL 0 +# define CMS_F_CMS_DATAINIT 0 +# define CMS_F_CMS_DECRYPT 0 +# define CMS_F_CMS_DECRYPT_SET1_KEY 0 +# define CMS_F_CMS_DECRYPT_SET1_PASSWORD 0 +# define CMS_F_CMS_DECRYPT_SET1_PKEY 0 +# define CMS_F_CMS_DIGESTALGORITHM_FIND_CTX 0 +# define CMS_F_CMS_DIGESTALGORITHM_INIT_BIO 0 +# define CMS_F_CMS_DIGESTEDDATA_DO_FINAL 0 +# define CMS_F_CMS_DIGEST_VERIFY 0 +# define CMS_F_CMS_ENCODE_RECEIPT 0 +# define CMS_F_CMS_ENCRYPT 0 +# define CMS_F_CMS_ENCRYPTEDCONTENT_INIT 0 +# define CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO 0 +# define CMS_F_CMS_ENCRYPTEDDATA_DECRYPT 0 +# define CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT 0 +# define CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY 0 +# define CMS_F_CMS_ENVELOPEDDATA_CREATE 0 +# define CMS_F_CMS_ENVELOPEDDATA_INIT_BIO 0 +# define CMS_F_CMS_ENVELOPED_DATA_INIT 0 +# define CMS_F_CMS_ENV_ASN1_CTRL 0 +# define CMS_F_CMS_FINAL 0 +# define CMS_F_CMS_GET0_CERTIFICATE_CHOICES 0 +# define CMS_F_CMS_GET0_CONTENT 0 +# define CMS_F_CMS_GET0_ECONTENT_TYPE 0 +# define CMS_F_CMS_GET0_ENVELOPED 0 +# define CMS_F_CMS_GET0_REVOCATION_CHOICES 0 +# define CMS_F_CMS_GET0_SIGNED 0 +# define CMS_F_CMS_MSGSIGDIGEST_ADD1 0 +# define CMS_F_CMS_RECEIPTREQUEST_CREATE0 0 +# define CMS_F_CMS_RECEIPT_VERIFY 0 +# define CMS_F_CMS_RECIPIENTINFO_DECRYPT 0 +# define CMS_F_CMS_RECIPIENTINFO_ENCRYPT 0 +# define CMS_F_CMS_RECIPIENTINFO_KARI_ENCRYPT 0 +# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ALG 0 +# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ORIG_ID 0 +# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_REKS 0 +# define CMS_F_CMS_RECIPIENTINFO_KARI_ORIG_ID_CMP 0 +# define CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT 0 +# define CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT 0 +# define CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID 0 +# define CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP 0 +# define CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP 0 +# define CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT 0 +# define CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT 0 +# define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS 0 +# define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID 0 +# define CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT 0 +# define CMS_F_CMS_RECIPIENTINFO_SET0_KEY 0 +# define CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD 0 +# define CMS_F_CMS_RECIPIENTINFO_SET0_PKEY 0 +# define CMS_F_CMS_SD_ASN1_CTRL 0 +# define CMS_F_CMS_SET1_IAS 0 +# define CMS_F_CMS_SET1_KEYID 0 +# define CMS_F_CMS_SET1_SIGNERIDENTIFIER 0 +# define CMS_F_CMS_SET_DETACHED 0 +# define CMS_F_CMS_SIGN 0 +# define CMS_F_CMS_SIGNED_DATA_INIT 0 +# define CMS_F_CMS_SIGNERINFO_CONTENT_SIGN 0 +# define CMS_F_CMS_SIGNERINFO_SIGN 0 +# define CMS_F_CMS_SIGNERINFO_VERIFY 0 +# define CMS_F_CMS_SIGNERINFO_VERIFY_CERT 0 +# define CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT 0 +# define CMS_F_CMS_SIGN_RECEIPT 0 +# define CMS_F_CMS_SI_CHECK_ATTRIBUTES 0 +# define CMS_F_CMS_STREAM 0 +# define CMS_F_CMS_UNCOMPRESS 0 +# define CMS_F_CMS_VERIFY 0 +# define CMS_F_KEK_UNWRAP_KEY 0 +# endif + +/* + * CMS reason codes. + */ +# define CMS_R_ADD_SIGNER_ERROR 99 +# define CMS_R_ATTRIBUTE_ERROR 161 +# define CMS_R_CERTIFICATE_ALREADY_PRESENT 175 +# define CMS_R_CERTIFICATE_HAS_NO_KEYID 160 +# define CMS_R_CERTIFICATE_VERIFY_ERROR 100 +# define CMS_R_CIPHER_INITIALISATION_ERROR 101 +# define CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR 102 +# define CMS_R_CMS_DATAFINAL_ERROR 103 +# define CMS_R_CMS_LIB 104 +# define CMS_R_CONTENTIDENTIFIER_MISMATCH 170 +# define CMS_R_CONTENT_NOT_FOUND 105 +# define CMS_R_CONTENT_TYPE_MISMATCH 171 +# define CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA 106 +# define CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA 107 +# define CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA 108 +# define CMS_R_CONTENT_VERIFY_ERROR 109 +# define CMS_R_CTRL_ERROR 110 +# define CMS_R_CTRL_FAILURE 111 +# define CMS_R_DECRYPT_ERROR 112 +# define CMS_R_ERROR_GETTING_PUBLIC_KEY 113 +# define CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE 114 +# define CMS_R_ERROR_SETTING_KEY 115 +# define CMS_R_ERROR_SETTING_RECIPIENTINFO 116 +# define CMS_R_INVALID_ENCRYPTED_KEY_LENGTH 117 +# define CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER 176 +# define CMS_R_INVALID_KEY_LENGTH 118 +# define CMS_R_MD_BIO_INIT_ERROR 119 +# define CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH 120 +# define CMS_R_MESSAGEDIGEST_WRONG_LENGTH 121 +# define CMS_R_MSGSIGDIGEST_ERROR 172 +# define CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE 162 +# define CMS_R_MSGSIGDIGEST_WRONG_LENGTH 163 +# define CMS_R_NEED_ONE_SIGNER 164 +# define CMS_R_NOT_A_SIGNED_RECEIPT 165 +# define CMS_R_NOT_ENCRYPTED_DATA 122 +# define CMS_R_NOT_KEK 123 +# define CMS_R_NOT_KEY_AGREEMENT 181 +# define CMS_R_NOT_KEY_TRANSPORT 124 +# define CMS_R_NOT_PWRI 177 +# define CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 125 +# define CMS_R_NO_CIPHER 126 +# define CMS_R_NO_CONTENT 127 +# define CMS_R_NO_CONTENT_TYPE 173 +# define CMS_R_NO_DEFAULT_DIGEST 128 +# define CMS_R_NO_DIGEST_SET 129 +# define CMS_R_NO_KEY 130 +# define CMS_R_NO_KEY_OR_CERT 174 +# define CMS_R_NO_MATCHING_DIGEST 131 +# define CMS_R_NO_MATCHING_RECIPIENT 132 +# define CMS_R_NO_MATCHING_SIGNATURE 166 +# define CMS_R_NO_MSGSIGDIGEST 167 +# define CMS_R_NO_PASSWORD 178 +# define CMS_R_NO_PRIVATE_KEY 133 +# define CMS_R_NO_PUBLIC_KEY 134 +# define CMS_R_NO_RECEIPT_REQUEST 168 +# define CMS_R_NO_SIGNERS 135 +# define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 136 +# define CMS_R_RECEIPT_DECODE_ERROR 169 +# define CMS_R_RECIPIENT_ERROR 137 +# define CMS_R_SIGNER_CERTIFICATE_NOT_FOUND 138 +# define CMS_R_SIGNFINAL_ERROR 139 +# define CMS_R_SMIME_TEXT_ERROR 140 +# define CMS_R_STORE_INIT_ERROR 141 +# define CMS_R_TYPE_NOT_COMPRESSED_DATA 142 +# define CMS_R_TYPE_NOT_DATA 143 +# define CMS_R_TYPE_NOT_DIGESTED_DATA 144 +# define CMS_R_TYPE_NOT_ENCRYPTED_DATA 145 +# define CMS_R_TYPE_NOT_ENVELOPED_DATA 146 +# define CMS_R_UNABLE_TO_FINALIZE_CONTEXT 147 +# define CMS_R_UNKNOWN_CIPHER 148 +# define CMS_R_UNKNOWN_DIGEST_ALGORITHM 149 +# define CMS_R_UNKNOWN_ID 150 +# define CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM 151 +# define CMS_R_UNSUPPORTED_CONTENT_TYPE 152 +# define CMS_R_UNSUPPORTED_KEK_ALGORITHM 153 +# define CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM 179 +# define CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE 155 +# define CMS_R_UNSUPPORTED_RECIPIENT_TYPE 154 +# define CMS_R_UNSUPPORTED_TYPE 156 +# define CMS_R_UNWRAP_ERROR 157 +# define CMS_R_UNWRAP_FAILURE 180 +# define CMS_R_VERIFICATION_FAILURE 158 +# define CMS_R_WRAP_ERROR 159 + +# endif +#endif diff --git a/linux_amd64/ssl/include/openssl/comp.h b/linux_amd64/ssl/include/openssl/comp.h new file mode 100644 index 0000000..06ff581 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/comp.h @@ -0,0 +1,59 @@ +/* + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_COMP_H +# define OPENSSL_COMP_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_COMP_H +# endif + +# include + +# ifndef OPENSSL_NO_COMP +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + + + +COMP_CTX *COMP_CTX_new(COMP_METHOD *meth); +const COMP_METHOD *COMP_CTX_get_method(const COMP_CTX *ctx); +int COMP_CTX_get_type(const COMP_CTX* comp); +int COMP_get_type(const COMP_METHOD *meth); +const char *COMP_get_name(const COMP_METHOD *meth); +void COMP_CTX_free(COMP_CTX *ctx); + +int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen, + unsigned char *in, int ilen); +int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen, + unsigned char *in, int ilen); + +COMP_METHOD *COMP_zlib(void); + +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define COMP_zlib_cleanup() while(0) continue +#endif + +# ifdef OPENSSL_BIO_H +# ifdef ZLIB +const BIO_METHOD *BIO_f_zlib(void); +# endif +# endif + + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/linux_amd64/ssl/include/openssl/comperr.h b/linux_amd64/ssl/include/openssl/comperr.h new file mode 100644 index 0000000..4794562 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/comperr.h @@ -0,0 +1,52 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_COMPERR_H +# define OPENSSL_COMPERR_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_COMPERR_H +# endif + +# include +# include + + +# include + +# ifndef OPENSSL_NO_COMP + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_COMP_strings(void); + +/* + * COMP function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define COMP_F_BIO_ZLIB_FLUSH 0 +# define COMP_F_BIO_ZLIB_NEW 0 +# define COMP_F_BIO_ZLIB_READ 0 +# define COMP_F_BIO_ZLIB_WRITE 0 +# define COMP_F_COMP_CTX_NEW 0 +# endif + +/* + * COMP reason codes. + */ +# define COMP_R_ZLIB_DEFLATE_ERROR 99 +# define COMP_R_ZLIB_INFLATE_ERROR 100 +# define COMP_R_ZLIB_NOT_SUPPORTED 101 + +# endif +#endif diff --git a/linux_amd64/ssl/include/openssl/conf.h b/linux_amd64/ssl/include/openssl/conf.h new file mode 100644 index 0000000..438361e --- /dev/null +++ b/linux_amd64/ssl/include/openssl/conf.h @@ -0,0 +1,175 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_CONF_H +# define OPENSSL_CONF_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_CONF_H +# endif + +# include +# include +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct { + char *section; + char *name; + char *value; +} CONF_VALUE; + +DEFINE_STACK_OF(CONF_VALUE) +DEFINE_LHASH_OF(CONF_VALUE); + +struct conf_st; +struct conf_method_st; +typedef struct conf_method_st CONF_METHOD; + +struct conf_method_st { + const char *name; + CONF *(*create) (CONF_METHOD *meth); + int (*init) (CONF *conf); + int (*destroy) (CONF *conf); + int (*destroy_data) (CONF *conf); + int (*load_bio) (CONF *conf, BIO *bp, long *eline); + int (*dump) (const CONF *conf, BIO *bp); + int (*is_number) (const CONF *conf, char c); + int (*to_int) (const CONF *conf, char c); + int (*load) (CONF *conf, const char *name, long *eline); +}; + +/* Module definitions */ + +typedef struct conf_imodule_st CONF_IMODULE; +typedef struct conf_module_st CONF_MODULE; + +DEFINE_STACK_OF(CONF_MODULE) +DEFINE_STACK_OF(CONF_IMODULE) + +/* DSO module function typedefs */ +typedef int conf_init_func (CONF_IMODULE *md, const CONF *cnf); +typedef void conf_finish_func (CONF_IMODULE *md); + +# define CONF_MFLAGS_IGNORE_ERRORS 0x1 +# define CONF_MFLAGS_IGNORE_RETURN_CODES 0x2 +# define CONF_MFLAGS_SILENT 0x4 +# define CONF_MFLAGS_NO_DSO 0x8 +# define CONF_MFLAGS_IGNORE_MISSING_FILE 0x10 +# define CONF_MFLAGS_DEFAULT_SECTION 0x20 + +int CONF_set_default_method(CONF_METHOD *meth); +void CONF_set_nconf(CONF *conf, LHASH_OF(CONF_VALUE) *hash); +LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file, + long *eline); +# ifndef OPENSSL_NO_STDIO +LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp, + long *eline); +# endif +LHASH_OF(CONF_VALUE) *CONF_load_bio(LHASH_OF(CONF_VALUE) *conf, BIO *bp, + long *eline); +STACK_OF(CONF_VALUE) *CONF_get_section(LHASH_OF(CONF_VALUE) *conf, + const char *section); +char *CONF_get_string(LHASH_OF(CONF_VALUE) *conf, const char *group, + const char *name); +long CONF_get_number(LHASH_OF(CONF_VALUE) *conf, const char *group, + const char *name); +void CONF_free(LHASH_OF(CONF_VALUE) *conf); +#ifndef OPENSSL_NO_STDIO +int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out); +#endif +int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out); + +DEPRECATEDIN_1_1_0(void OPENSSL_config(const char *config_name)) + +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define OPENSSL_no_config() \ + OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG, NULL) +#endif + +/* + * New conf code. The semantics are different from the functions above. If + * that wasn't the case, the above functions would have been replaced + */ + +struct conf_st { + CONF_METHOD *meth; + void *meth_data; + LHASH_OF(CONF_VALUE) *data; + unsigned int flag_dollarid:1; +}; + +CONF *NCONF_new(CONF_METHOD *meth); +CONF_METHOD *NCONF_default(void); +DEPRECATEDIN_3_0(CONF_METHOD *NCONF_WIN32(void)) +void NCONF_free(CONF *conf); +void NCONF_free_data(CONF *conf); + +int NCONF_load(CONF *conf, const char *file, long *eline); +# ifndef OPENSSL_NO_STDIO +int NCONF_load_fp(CONF *conf, FILE *fp, long *eline); +# endif +int NCONF_load_bio(CONF *conf, BIO *bp, long *eline); +STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf, + const char *section); +char *NCONF_get_string(const CONF *conf, const char *group, const char *name); +int NCONF_get_number_e(const CONF *conf, const char *group, const char *name, + long *result); +#ifndef OPENSSL_NO_STDIO +int NCONF_dump_fp(const CONF *conf, FILE *out); +#endif +int NCONF_dump_bio(const CONF *conf, BIO *out); + +#define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r) + +/* Module functions */ + +int CONF_modules_load(const CONF *cnf, const char *appname, + unsigned long flags); +int CONF_modules_load_file(const char *filename, const char *appname, + unsigned long flags); +void CONF_modules_unload(int all); +void CONF_modules_finish(void); +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define CONF_modules_free() while(0) continue +#endif +int CONF_module_add(const char *name, conf_init_func *ifunc, + conf_finish_func *ffunc); + +const char *CONF_imodule_get_name(const CONF_IMODULE *md); +const char *CONF_imodule_get_value(const CONF_IMODULE *md); +void *CONF_imodule_get_usr_data(const CONF_IMODULE *md); +void CONF_imodule_set_usr_data(CONF_IMODULE *md, void *usr_data); +CONF_MODULE *CONF_imodule_get_module(const CONF_IMODULE *md); +unsigned long CONF_imodule_get_flags(const CONF_IMODULE *md); +void CONF_imodule_set_flags(CONF_IMODULE *md, unsigned long flags); +void *CONF_module_get_usr_data(CONF_MODULE *pmod); +void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data); + +char *CONF_get1_default_config_file(void); + +int CONF_parse_list(const char *list, int sep, int nospc, + int (*list_cb) (const char *elem, int len, void *usr), + void *arg); + +void OPENSSL_load_builtin_modules(void); + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/linux_amd64/ssl/include/openssl/conf_api.h b/linux_amd64/ssl/include/openssl/conf_api.h new file mode 100644 index 0000000..ed67d57 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/conf_api.h @@ -0,0 +1,46 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_CONF_API_H +# define OPENSSL_CONF_API_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_CONF_API_H +# endif + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* Up until OpenSSL 0.9.5a, this was new_section */ +CONF_VALUE *_CONF_new_section(CONF *conf, const char *section); +/* Up until OpenSSL 0.9.5a, this was get_section */ +CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section); +/* Up until OpenSSL 0.9.5a, this was CONF_get_section */ +STACK_OF(CONF_VALUE) *_CONF_get_section_values(const CONF *conf, + const char *section); + +int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value); +char *_CONF_get_string(const CONF *conf, const char *section, + const char *name); +long _CONF_get_number(const CONF *conf, const char *section, + const char *name); + +int _CONF_new_data(CONF *conf); +void _CONF_free_data(CONF *conf); + +#ifdef __cplusplus +} +#endif +#endif diff --git a/linux_amd64/ssl/include/openssl/conferr.h b/linux_amd64/ssl/include/openssl/conferr.h new file mode 100644 index 0000000..b3d2596 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/conferr.h @@ -0,0 +1,86 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_CONFERR_H +# define OPENSSL_CONFERR_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_CONFERR_H +# endif + +# include +# include + + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_CONF_strings(void); + +/* + * CONF function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define CONF_F_CONF_DUMP_FP 0 +# define CONF_F_CONF_LOAD 0 +# define CONF_F_CONF_LOAD_FP 0 +# define CONF_F_CONF_PARSE_LIST 0 +# define CONF_F_DEF_LOAD 0 +# define CONF_F_DEF_LOAD_BIO 0 +# define CONF_F_GET_NEXT_FILE 0 +# define CONF_F_MODULE_ADD 0 +# define CONF_F_MODULE_INIT 0 +# define CONF_F_MODULE_LOAD_DSO 0 +# define CONF_F_MODULE_RUN 0 +# define CONF_F_NCONF_DUMP_BIO 0 +# define CONF_F_NCONF_DUMP_FP 0 +# define CONF_F_NCONF_GET_NUMBER_E 0 +# define CONF_F_NCONF_GET_SECTION 0 +# define CONF_F_NCONF_GET_STRING 0 +# define CONF_F_NCONF_LOAD 0 +# define CONF_F_NCONF_LOAD_BIO 0 +# define CONF_F_NCONF_LOAD_FP 0 +# define CONF_F_NCONF_NEW 0 +# define CONF_F_PROCESS_INCLUDE 0 +# define CONF_F_SSL_MODULE_INIT 0 +# define CONF_F_STR_COPY 0 +# endif + +/* + * CONF reason codes. + */ +# define CONF_R_ERROR_LOADING_DSO 110 +# define CONF_R_INVALID_PRAGMA 122 +# define CONF_R_LIST_CANNOT_BE_NULL 115 +# define CONF_R_MANDATORY_BRACES_IN_VARIABLE_EXPANSION 123 +# define CONF_R_MISSING_CLOSE_SQUARE_BRACKET 100 +# define CONF_R_MISSING_EQUAL_SIGN 101 +# define CONF_R_MISSING_INIT_FUNCTION 112 +# define CONF_R_MODULE_INITIALIZATION_ERROR 109 +# define CONF_R_NO_CLOSE_BRACE 102 +# define CONF_R_NO_CONF 105 +# define CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE 106 +# define CONF_R_NO_SECTION 107 +# define CONF_R_NO_SUCH_FILE 114 +# define CONF_R_NO_VALUE 108 +# define CONF_R_NUMBER_TOO_LARGE 121 +# define CONF_R_RECURSIVE_DIRECTORY_INCLUDE 111 +# define CONF_R_SSL_COMMAND_SECTION_EMPTY 117 +# define CONF_R_SSL_COMMAND_SECTION_NOT_FOUND 118 +# define CONF_R_SSL_SECTION_EMPTY 119 +# define CONF_R_SSL_SECTION_NOT_FOUND 120 +# define CONF_R_UNABLE_TO_CREATE_NEW_SECTION 103 +# define CONF_R_UNKNOWN_MODULE_NAME 113 +# define CONF_R_VARIABLE_EXPANSION_TOO_LONG 116 +# define CONF_R_VARIABLE_HAS_NO_VALUE 104 + +#endif diff --git a/linux_amd64/ssl/include/openssl/configuration.h b/linux_amd64/ssl/include/openssl/configuration.h new file mode 100644 index 0000000..f0c6b74 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/configuration.h @@ -0,0 +1,126 @@ +/* + * WARNING: do not edit! + * Generated by Makefile from ../include/openssl/configuration.h.in + * + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_CONFIGURATION_H +# define OPENSSL_CONFIGURATION_H + +# ifdef __cplusplus +extern "C" { +# endif + +# ifdef OPENSSL_ALGORITHM_DEFINES +# error OPENSSL_ALGORITHM_DEFINES no longer supported +# endif + +/* + * OpenSSL was configured with the following options: + */ + +# define OPENSSL_CONFIGURED_API 30000 +# ifndef OPENSSL_RAND_SEED_OS +# define OPENSSL_RAND_SEED_OS +# endif +# ifndef OPENSSL_THREADS +# define OPENSSL_THREADS +# endif +# ifndef OPENSSL_NO_ASAN +# define OPENSSL_NO_ASAN +# endif +# ifndef OPENSSL_NO_CRYPTO_MDEBUG +# define OPENSSL_NO_CRYPTO_MDEBUG +# endif +# ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE +# define OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE +# endif +# ifndef OPENSSL_NO_DEVCRYPTOENG +# define OPENSSL_NO_DEVCRYPTOENG +# endif +# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 +# define OPENSSL_NO_EC_NISTP_64_GCC_128 +# endif +# ifndef OPENSSL_NO_EGD +# define OPENSSL_NO_EGD +# endif +# ifndef OPENSSL_NO_EXTERNAL_TESTS +# define OPENSSL_NO_EXTERNAL_TESTS +# endif +# ifndef OPENSSL_NO_FUZZ_AFL +# define OPENSSL_NO_FUZZ_AFL +# endif +# ifndef OPENSSL_NO_FUZZ_LIBFUZZER +# define OPENSSL_NO_FUZZ_LIBFUZZER +# endif +# ifndef OPENSSL_NO_KTLS +# define OPENSSL_NO_KTLS +# endif +# ifndef OPENSSL_NO_MD2 +# define OPENSSL_NO_MD2 +# endif +# ifndef OPENSSL_NO_MSAN +# define OPENSSL_NO_MSAN +# endif +# ifndef OPENSSL_NO_RC5 +# define OPENSSL_NO_RC5 +# endif +# ifndef OPENSSL_NO_SCTP +# define OPENSSL_NO_SCTP +# endif +# ifndef OPENSSL_NO_SSL_TRACE +# define OPENSSL_NO_SSL_TRACE +# endif +# ifndef OPENSSL_NO_SSL3 +# define OPENSSL_NO_SSL3 +# endif +# ifndef OPENSSL_NO_SSL3_METHOD +# define OPENSSL_NO_SSL3_METHOD +# endif +# ifndef OPENSSL_NO_TRACE +# define OPENSSL_NO_TRACE +# endif +# ifndef OPENSSL_NO_UBSAN +# define OPENSSL_NO_UBSAN +# endif +# ifndef OPENSSL_NO_UNIT_TEST +# define OPENSSL_NO_UNIT_TEST +# endif +# ifndef OPENSSL_NO_UPLINK +# define OPENSSL_NO_UPLINK +# endif +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS +# define OPENSSL_NO_WEAK_SSL_CIPHERS +# endif +# ifndef OPENSSL_NO_STATIC_ENGINE +# define OPENSSL_NO_STATIC_ENGINE +# endif + + +/* Generate 80386 code? */ +# undef I386_ONLY + +/* + * The following are cipher-specific, but are part of the public API. + */ +# if !defined(OPENSSL_SYS_UEFI) +# undef BN_LLONG +/* Only one for the following should be defined */ +# define SIXTY_FOUR_BIT_LONG +# undef SIXTY_FOUR_BIT +# undef THIRTY_TWO_BIT +# endif + +# define RC4_INT unsigned int + +# ifdef __cplusplus +} +# endif + +#endif /* OPENSSL_CONFIGURATION_H */ diff --git a/linux_amd64/ssl/include/openssl/core.h b/linux_amd64/ssl/include/openssl/core.h new file mode 100644 index 0000000..5959a31 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/core.h @@ -0,0 +1,219 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_CORE_H +# define OPENSSL_CORE_H + +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +/*- + * Base types + * ---------- + * + * These are the types that the OpenSSL core and providers have in common + * to communicate data between them. + */ + +/* + * Dispatch table element. function_id numbers are defined further down, + * see macros with '_FUNC' in their names. + * + * An array of these is always terminated by function_id == 0 + */ +struct ossl_dispatch_st { + int function_id; + void (*function)(void); +}; + +/* + * Other items, essentially an int<->pointer map element. + * + * We make this type distinct from OSSL_DISPATCH to ensure that dispatch + * tables remain tables with function pointers only. + * + * This is used whenever we need to pass things like a table of error reason + * codes <-> reason string maps, ... + * + * Usage determines which field works as key if any, rather than field order. + * + * An array of these is always terminated by id == 0 && ptr == NULL + */ +struct ossl_item_st { + unsigned int id; + void *ptr; +}; + +/* + * Type to tie together algorithm names, property definition string and + * the algorithm implementation in the form of a dispatch table. + * + * An array of these is always terminated by algorithm_names == NULL + */ +struct ossl_algorithm_st { + const char *algorithm_names; /* key */ + const char *property_definition; /* key */ + const OSSL_DISPATCH *implementation; +}; + +/* + * Type to pass object data in a uniform way, without exposing the object + * structure. + * + * An array of these is always terminated by key == NULL + */ +struct ossl_param_st { + const char *key; /* the name of the parameter */ + unsigned int data_type; /* declare what kind of content is in buffer */ + void *data; /* value being passed in or out */ + size_t data_size; /* data size */ + size_t return_size; /* returned content size */ +}; + +/* Currently supported OSSL_PARAM data types */ +/* + * OSSL_PARAM_INTEGER and OSSL_PARAM_UNSIGNED_INTEGER + * are arbitrary length and therefore require an arbitrarily sized buffer, + * since they may be used to pass numbers larger than what is natively + * available. + * + * The number must be buffered in native form, i.e. MSB first on B_ENDIAN + * systems and LSB first on L_ENDIAN systems. This means that arbitrary + * native integers can be stored in the buffer, just make sure that the + * buffer size is correct and the buffer itself is properly aligned (for + * example by having the buffer field point at a C integer). + */ +# define OSSL_PARAM_INTEGER 1 +# define OSSL_PARAM_UNSIGNED_INTEGER 2 +/*- + * OSSL_PARAM_REAL + * is a C binary floating point values in native form and alignment. + */ +# define OSSL_PARAM_REAL 3 +/*- + * OSSL_PARAM_UTF8_STRING + * is a printable string. Is expteced to be printed as it is. + */ +# define OSSL_PARAM_UTF8_STRING 4 +/*- + * OSSL_PARAM_OCTET_STRING + * is a string of bytes with no further specification. Is expected to be + * printed as a hexdump. + */ +# define OSSL_PARAM_OCTET_STRING 5 +/*- + * OSSL_PARAM_UTF8_PTR + * is a pointer to a printable string. Is expteced to be printed as it is. + * + * The difference between this and OSSL_PARAM_UTF8_STRING is that only pointers + * are manipulated for this type. + * + * This is more relevant for parameter requests, where the responding + * function doesn't need to copy the data to the provided buffer, but + * sets the provided buffer to point at the actual data instead. + * + * WARNING! Using these is FRAGILE, as it assumes that the actual + * data and its location are constant. + */ +# define OSSL_PARAM_UTF8_PTR 6 +/*- + * OSSL_PARAM_OCTET_PTR + * is a pointer to a string of bytes with no further specification. It is + * expected to be printed as a hexdump. + * + * The difference between this and OSSL_PARAM_OCTET_STRING is that only pointers + * are manipulated for this type. + * + * This is more relevant for parameter requests, where the responding + * function doesn't need to copy the data to the provided buffer, but + * sets the provided buffer to point at the actual data instead. + * + * WARNING! Using these is FRAGILE, as it assumes that the actual + * data and its location are constant. + */ +# define OSSL_PARAM_OCTET_PTR 7 + +/* + * Typedef for the thread stop handling callback. Used both internally and by + * providers. + * + * Providers may register for notifications about threads stopping by + * registering a callback to hear about such events. Providers register the + * callback using the OSSL_FUNC_CORE_THREAD_START function in the |in| dispatch + * table passed to OSSL_provider_init(). The arg passed back to a provider will + * be the provider side context object. + */ +typedef void (*OSSL_thread_stop_handler_fn)(void *arg); + + +/*- + * Provider entry point + * -------------------- + * + * This function is expected to be present in any dynamically loadable + * provider module. By definition, if this function doesn't exist in a + * module, that module is not an OpenSSL provider module. + */ +/*- + * |provider| pointer to opaque type OSSL_PROVIDER. This can be used + * together with some functions passed via |in| to query data. + * |in| is the array of functions that the Core passes to the provider. + * |out| will be the array of base functions that the provider passes + * back to the Core. + * |provctx| a provider side context object, optionally created if the + * provider needs it. This value is passed to other provider + * functions, notably other context constructors. + */ +typedef int (OSSL_provider_init_fn)(const OSSL_PROVIDER *provider, + const OSSL_DISPATCH *in, + const OSSL_DISPATCH **out, + void **provctx); +# ifdef __VMS +# pragma names save +# pragma names uppercase,truncated +# endif +extern OSSL_provider_init_fn OSSL_provider_init; +# ifdef __VMS +# pragma names restore +# endif + +/* + * Generic callback function signature. + * + * The expectation is that any provider function that wants to offer + * a callback / hook can do so by taking an argument with this type, + * as well as a pointer to caller-specific data. When calling the + * callback, the provider function can populate an OSSL_PARAM array + * with data of its choice and pass that in the callback call, along + * with the caller data argument. + * + * libcrypto may use the OSSL_PARAM array to create arguments for an + * application callback it knows about. + */ +typedef int (OSSL_CALLBACK)(const OSSL_PARAM params[], void *arg); + +/* + * Passphrase callback function signature + * + * This is similar to the generic callback function above, but adds a + * result parameter. + */ +typedef int (OSSL_PASSPHRASE_CALLBACK)(char *pass, size_t pass_size, + size_t *pass_len, + const OSSL_PARAM params[], void *arg); + +# ifdef __cplusplus +} +# endif + +#endif diff --git a/linux_amd64/ssl/include/openssl/core_names.h b/linux_amd64/ssl/include/openssl/core_names.h new file mode 100644 index 0000000..5e3a13a --- /dev/null +++ b/linux_amd64/ssl/include/openssl/core_names.h @@ -0,0 +1,286 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_CORE_NAMES_H +# define OPENSSL_CORE_NAMES_H + +# ifdef __cplusplus +extern "C" { +# endif + +/* Well known parameter names that Providers can define */ +#define OSSL_PROV_PARAM_NAME "name" /* utf8_string */ +#define OSSL_PROV_PARAM_VERSION "version" /* utf8_string */ +#define OSSL_PROV_PARAM_BUILDINFO "buildinfo" /* utf8_string */ +#define OSSL_PROV_PARAM_MODULE_FILENAME "module-filename" /* octet_string */ + +/* Self test callback parameters */ +#define OSSL_PROV_PARAM_SELF_TEST_PHASE "st-phase" /* utf8_string */ +#define OSSL_PROV_PARAM_SELF_TEST_TYPE "st-type" /* utf8_string */ +#define OSSL_PROV_PARAM_SELF_TEST_DESC "st-desc" /* utf8_string */ + +/* + * Algorithm parameters + * If "engine" or "properties" are specified, they should always be paired + * with the algorithm type. + */ +#define OSSL_ALG_PARAM_DIGEST "digest" /* utf8_string */ +#define OSSL_ALG_PARAM_CIPHER "cipher" /* utf8_string */ +#define OSSL_ALG_PARAM_MAC "mac" /* utf8_string */ +#define OSSL_ALG_PARAM_PROPERTIES "properties"/* utf8_string */ + +/* cipher parameters */ +#define OSSL_CIPHER_PARAM_PADDING "padding" /* uint */ +#define OSSL_CIPHER_PARAM_MODE "mode" /* uint */ +#define OSSL_CIPHER_PARAM_BLOCK_SIZE "blocksize" /* size_t */ +#define OSSL_CIPHER_PARAM_FLAGS "flags" /* ulong */ +#define OSSL_CIPHER_PARAM_KEYLEN "keylen" /* size_t */ +#define OSSL_CIPHER_PARAM_IVLEN "ivlen" /* size_t */ +#define OSSL_CIPHER_PARAM_IV "iv" /* octet_string OR octet_ptr */ +#define OSSL_CIPHER_PARAM_NUM "num" /* uint */ +#define OSSL_CIPHER_PARAM_ROUNDS "rounds" /* uint */ +#define OSSL_CIPHER_PARAM_AEAD_TAG "tag" /* octet_string */ +#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD "tlsaad" /* octet_string */ +#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD "tlsaadpad" /* size_t */ +#define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED "tlsivfixed" /* octet_string */ +#define OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN "tlsivgen" /* octet_string */ +#define OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV "tlsivinv" /* octet_string */ +#define OSSL_CIPHER_PARAM_AEAD_IVLEN OSSL_CIPHER_PARAM_IVLEN +#define OSSL_CIPHER_PARAM_AEAD_TAGLEN "taglen" /* size_t */ +#define OSSL_CIPHER_PARAM_AEAD_MAC_KEY "mackey" /* octet_string */ +#define OSSL_CIPHER_PARAM_RANDOM_KEY "randkey" /* octet_string */ +#define OSSL_CIPHER_PARAM_RC2_KEYBITS "keybits" /* size_t */ +#define OSSL_CIPHER_PARAM_SPEED "speed" /* uint */ +/* For passing the AlgorithmIdentifier parameter in DER form */ +#define OSSL_CIPHER_PARAM_ALG_ID "alg_id_param" /* octet_string */ + +#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT \ + "tls1multi_maxsndfrag" /* uint */ +#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE \ + "tls1multi_maxbufsz" /* size_t */ +#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE \ + "tls1multi_interleave" /* uint */ +#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD \ + "tls1multi_aad" /* octet_string */ +#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN \ + "tls1multi_aadpacklen" /* uint */ +#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC \ + "tls1multi_enc" /* octet_string */ +#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN \ + "tls1multi_encin" /* octet_string */ +#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN \ + "tls1multi_enclen" /* size_t */ + +/* digest parameters */ +#define OSSL_DIGEST_PARAM_XOFLEN "xoflen" /* size_t */ +#define OSSL_DIGEST_PARAM_SSL3_MS "ssl3-ms" /* octet string */ +#define OSSL_DIGEST_PARAM_PAD_TYPE "pad_type" /* uint */ +#define OSSL_DIGEST_PARAM_MICALG "micalg" /* utf8 string */ +#define OSSL_DIGEST_PARAM_BLOCK_SIZE "blocksize" /* size_t */ +#define OSSL_DIGEST_PARAM_SIZE "size" /* size_t */ +#define OSSL_DIGEST_PARAM_FLAGS "flags" /* ulong */ + +/* Known DIGEST names (not a complete list) */ +#define OSSL_DIGEST_NAME_MD5 "MD5" +#define OSSL_DIGEST_NAME_MD5_SHA1 "MD5-SHA1" +#define OSSL_DIGEST_NAME_SHA1 "SHA1" +#define OSSL_DIGEST_NAME_SHA2_224 "SHA2-224" +#define OSSL_DIGEST_NAME_SHA2_256 "SHA2-256" +#define OSSL_DIGEST_NAME_SHA2_384 "SHA2-384" +#define OSSL_DIGEST_NAME_SHA2_512 "SHA2-512" +#define OSSL_DIGEST_NAME_MD2 "MD2" +#define OSSL_DIGEST_NAME_MD4 "MD4" +#define OSSL_DIGEST_NAME_MDC2 "MDC2" +#define OSSL_DIGEST_NAME_RIPEMD160 "RIPEMD160" +#define OSSL_DIGEST_NAME_SHA3_224 "SHA3-224" +#define OSSL_DIGEST_NAME_SHA3_256 "SHA3-256" +#define OSSL_DIGEST_NAME_SHA3_384 "SHA3-384" +#define OSSL_DIGEST_NAME_SHA3_512 "SHA3-512" +#define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128" +#define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256" + +/* MAC parameters */ +#define OSSL_MAC_PARAM_KEY "key" /* octet string */ +#define OSSL_MAC_PARAM_IV "iv" /* octet string */ +#define OSSL_MAC_PARAM_CUSTOM "custom" /* utf8 string */ +#define OSSL_MAC_PARAM_SALT "salt" /* octet string */ +#define OSSL_MAC_PARAM_XOF "xof" /* int, 0 or 1 */ +#define OSSL_MAC_PARAM_FLAGS "flags" /* int */ +/* + * If "engine" or "properties" are specified, they should always be paired + * with "cipher" or "digest". + */ +#define OSSL_MAC_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER /* utf8 string */ +#define OSSL_MAC_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST /* utf8 string */ +#define OSSL_MAC_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES /* utf8 string */ +#define OSSL_MAC_PARAM_SIZE "size" /* size_t */ + +/* Known MAC names (not a complete list) */ +#define OSSL_MAC_NAME_CMAC "CMAC" +#define OSSL_MAC_NAME_HMAC "HMAC" +#define OSSL_MAC_NAME_KMAC128 "KMAC128" +#define OSSL_MAC_NAME_KMAC256 "KMAC256" + +/* KDF / PRF parameters */ +#define OSSL_KDF_PARAM_SECRET "secret" /* octet string */ +#define OSSL_KDF_PARAM_KEY "key" /* octet string */ +#define OSSL_KDF_PARAM_SALT "salt" /* octet string */ +#define OSSL_KDF_PARAM_PASSWORD "pass" /* octet string */ +#define OSSL_KDF_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST /* utf8 string */ +#define OSSL_KDF_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER /* utf8 string */ +#define OSSL_KDF_PARAM_MAC OSSL_ALG_PARAM_MAC /* utf8 string */ +#define OSSL_KDF_PARAM_MAC_SIZE "maclen" /* size_t */ +#define OSSL_KDF_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES /* utf8 string */ +#define OSSL_KDF_PARAM_ITER "iter" /* unsigned int */ +#define OSSL_KDF_PARAM_MODE "mode" /* utf8 string or int */ +#define OSSL_KDF_PARAM_PKCS5 "pkcs5" /* int */ +#define OSSL_KDF_PARAM_UKM "ukm" /* octet string */ +#define OSSL_KDF_PARAM_CEK_ALG "cekalg" /* utf8 string */ +#define OSSL_KDF_PARAM_SCRYPT_N "n" /* uint64_t */ +#define OSSL_KDF_PARAM_SCRYPT_R "r" /* uint32_t */ +#define OSSL_KDF_PARAM_SCRYPT_P "p" /* uint32_t */ +#define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes" /* uint64_t */ +#define OSSL_KDF_PARAM_INFO "info" /* octet string */ +#define OSSL_KDF_PARAM_SEED "seed" /* octet string */ +#define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash" /* octet string */ +#define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id" /* octet string */ +#define OSSL_KDF_PARAM_SSHKDF_TYPE "type" /* int */ +#define OSSL_KDF_PARAM_SIZE "size" /* size_t */ +#define OSSL_KDF_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER /* utf8 string */ +#define OSSL_KDF_PARAM_CONSTANT "constant" /* octet string */ + +/* Known KDF names */ +#define OSSL_KDF_NAME_HKDF "HKDF" +#define OSSL_KDF_NAME_PBKDF2 "PBKDF2" +#define OSSL_KDF_NAME_SCRYPT "SCRYPT" +#define OSSL_KDF_NAME_SSHKDF "SSHKDF" +#define OSSL_KDF_NAME_SSKDF "SSKDF" +#define OSSL_KDF_NAME_TLS1_PRF "TLS1-PRF" +#define OSSL_KDF_NAME_X942KDF "X942KDF" +#define OSSL_KDF_NAME_X963KDF "X963KDF" +#define OSSL_KDF_NAME_KBKDF "KBKDF" +#define OSSL_KDF_NAME_KRB5KDF "KRB5KDF" + +/* PKEY parameters */ +/* Common PKEY parameters */ +#define OSSL_PKEY_PARAM_BITS "bits" /* integer */ +#define OSSL_PKEY_PARAM_MAX_SIZE "max-size" /* integer */ +#define OSSL_PKEY_PARAM_SECURITY_BITS "security-bits" /* integer */ +#define OSSL_PKEY_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST +#define OSSL_PKEY_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES +#define OSSL_PKEY_PARAM_DEFAULT_DIGEST "default-digest" /* utf8 string */ +#define OSSL_PKEY_PARAM_MANDATORY_DIGEST "mandatory-digest" /* utf8 string */ +#define OSSL_PKEY_PARAM_PAD_MODE "pad-mode" +#define OSSL_PKEY_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST +#define OSSL_PKEY_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES +#define OSSL_PKEY_PARAM_DIGEST_SIZE "digest-size" +#define OSSL_PKEY_PARAM_MGF1_DIGEST "mgf1-digest" +#define OSSL_PKEY_PARAM_MGF1_PROPERTIES "mgf1-properties" + +/* Diffie-Hellman/DSA public/private key */ +#define OSSL_PKEY_PARAM_PUB_KEY "pub" +#define OSSL_PKEY_PARAM_PRIV_KEY "priv" + +/* Diffie-Hellman/DSA Parameters */ +#define OSSL_PKEY_PARAM_FFC_P "p" +#define OSSL_PKEY_PARAM_FFC_G "g" +#define OSSL_PKEY_PARAM_FFC_Q "q" + +/* Elliptic Curve Domain Parameters */ +#define OSSL_PKEY_PARAM_EC_NAME "curve-name" + +/* Elliptic Curve Key Parameters */ +#define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag" +#define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH \ + OSSL_PKEY_PARAM_USE_COFACTOR_FLAG + +/* RSA Keys */ +/* + * n, e, d are the usual public and private key components + * + * rsa-num is the number of factors, including p and q + * rsa-factor is used for each factor: p, q, r_i (i = 3, ...) + * rsa-exponent is used for each exponent: dP, dQ, d_i (i = 3, ...) + * rsa-coefficient is used for each coefficient: qInv, t_i (i = 3, ...) + * + * The number of rsa-factor items must be equal to the number of rsa-exponent + * items, and the number of rsa-coefficients must be one less. + * (the base i for the coefficients is 2, not 1, at least as implied by + * RFC 8017) + */ +#define OSSL_PKEY_PARAM_RSA_N "n" +#define OSSL_PKEY_PARAM_RSA_E "e" +#define OSSL_PKEY_PARAM_RSA_D "d" +#define OSSL_PKEY_PARAM_RSA_FACTOR "rsa-factor" +#define OSSL_PKEY_PARAM_RSA_EXPONENT "rsa-exponent" +#define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient" + +/* Key Exchange parameters */ + +#define OSSL_EXCHANGE_PARAM_PAD "pad" /* uint */ +#define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode" /* int */ +#define OSSL_EXCHANGE_PARAM_KDF_TYPE "kdf-type" /* utf8_string */ +#define OSSL_EXCHANGE_PARAM_KDF_DIGEST "kdf-digest" /* utf8_string */ +#define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS "kdf-digest-props" /* utf8_string */ +#define OSSL_EXCHANGE_PARAM_KDF_OUTLEN "kdf-outlen" /* size_t */ + +/* + * TODO(3.0): improve this pattern + * + * Currently the sole internal user of OSSL_EXCHANGE_PARAM_KDF_UKM is + * EVP_PKEY_CTX_{set0,get0}_ecdh_kdf_ukm(): + * OSSL_EXCHANGE_PARAM_KDF_UKM is handled as a octet_string on set0, + * and as an octet_ptr on get0. + * + * This pattern is borrowed from the handling of + * OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL in + * EVP_PKEY_CTX_{set0,get0}_rsa_oaep_label(). + */ +#define OSSL_EXCHANGE_PARAM_KDF_UKM "kdf-ukm" /* see note above */ +#define OSSL_EXCHANGE_PARAM_KDF_UKM_LEN "kdf-ukm-len" /* size_t */ + +/* Signature parameters */ +#define OSSL_SIGNATURE_PARAM_ALGORITHM_ID "algorithm-id" +#define OSSL_SIGNATURE_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE +#define OSSL_SIGNATURE_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST +#define OSSL_SIGNATURE_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES +#define OSSL_SIGNATURE_PARAM_PSS_SALTLEN "pss-saltlen" +#define OSSL_SIGNATURE_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST +#define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES \ + OSSL_PKEY_PARAM_MGF1_PROPERTIES + +/* Asym cipher parameters */ +#define OSSL_ASYM_CIPHER_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE +#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST \ + OSSL_PKEY_PARAM_MGF1_DIGEST +#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS \ + OSSL_PKEY_PARAM_MGF1_PROPERTIES +#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST OSSL_ALG_PARAM_DIGEST +#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS "digest-props" +#define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label" +#define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL_LEN "oaep-label-len" +#define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version" +#define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version" + +/* + * Serializer parameters + */ +/* The passphrase may be passed as a utf8 string or an octet string */ +#define OSSL_SERIALIZER_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER +#define OSSL_SERIALIZER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES +#define OSSL_SERIALIZER_PARAM_PASS "passphrase" + +/* Passphrase callback parameters */ +#define OSSL_PASSPHRASE_PARAM_INFO "info" + +# ifdef __cplusplus +} +# endif + +#endif diff --git a/linux_amd64/ssl/include/openssl/core_numbers.h b/linux_amd64/ssl/include/openssl/core_numbers.h new file mode 100644 index 0000000..3314a0f --- /dev/null +++ b/linux_amd64/ssl/include/openssl/core_numbers.h @@ -0,0 +1,615 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_CORE_NUMBERS_H +# define OPENSSL_CORE_NUMBERS_H + +# include +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +/*- + * Identities + * ---------- + * + * All series start with 1, to allow 0 to be an array terminator. + * For any FUNC identity, we also provide a function signature typedef + * and a static inline function to extract a function pointer from a + * OSSL_DISPATCH element in a type safe manner. + * + * Names: + * for any function base name 'foo' (uppercase form 'FOO'), we will have + * the following: + * - a macro for the identity with the name OSSL_FUNC_'FOO' or derivatives + * thereof (to be specified further down) + * - a function signature typedef with the name OSSL_'foo'_fn + * - a function pointer extractor function with the name OSSL_'foo' + */ + +/* + * Helper macro to create the function signature typedef and the extractor + * |type| is the return-type of the function, |name| is the name of the + * function to fetch, and |args| is a parenthesized list of parameters + * for the function (that is, it is |name|'s function signature). + */ +#define OSSL_CORE_MAKE_FUNC(type,name,args) \ + typedef type (OSSL_##name##_fn)args; \ + static ossl_inline \ + OSSL_##name##_fn *OSSL_get_##name(const OSSL_DISPATCH *opf) \ + { \ + return (OSSL_##name##_fn *)opf->function; \ + } + +/* + * Core function identities, for the two OSSL_DISPATCH tables being passed + * in the OSSL_provider_init call. + * + * 0 serves as a marker for the end of the OSSL_DISPATCH array, and must + * therefore NEVER be used as a function identity. + */ +/* Functions provided by the Core to the provider, reserved numbers 1-1023 */ +# define OSSL_FUNC_CORE_GETTABLE_PARAMS 1 +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, + core_gettable_params,(const OSSL_PROVIDER *prov)) +# define OSSL_FUNC_CORE_GET_PARAMS 2 +OSSL_CORE_MAKE_FUNC(int,core_get_params,(const OSSL_PROVIDER *prov, + OSSL_PARAM params[])) +# define OSSL_FUNC_CORE_THREAD_START 3 +OSSL_CORE_MAKE_FUNC(int,core_thread_start,(const OSSL_PROVIDER *prov, + OSSL_thread_stop_handler_fn handfn)) +# define OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT 4 +OSSL_CORE_MAKE_FUNC(OPENSSL_CTX *,core_get_library_context, + (const OSSL_PROVIDER *prov)) +# define OSSL_FUNC_CORE_NEW_ERROR 5 +OSSL_CORE_MAKE_FUNC(void,core_new_error,(const OSSL_PROVIDER *prov)) +# define OSSL_FUNC_CORE_SET_ERROR_DEBUG 6 +OSSL_CORE_MAKE_FUNC(void,core_set_error_debug, + (const OSSL_PROVIDER *prov, + const char *file, int line, const char *func)) +# define OSSL_FUNC_CORE_VSET_ERROR 7 +OSSL_CORE_MAKE_FUNC(void,core_vset_error, + (const OSSL_PROVIDER *prov, + uint32_t reason, const char *fmt, va_list args)) +# define OSSL_FUNC_CORE_SET_ERROR_MARK 8 +OSSL_CORE_MAKE_FUNC(int, core_set_error_mark, (const OSSL_PROVIDER *prov)) +# define OSSL_FUNC_CORE_CLEAR_LAST_ERROR_MARK 9 +OSSL_CORE_MAKE_FUNC(int, core_clear_last_error_mark, + (const OSSL_PROVIDER *prov)) +# define OSSL_FUNC_CORE_POP_ERROR_TO_MARK 10 +OSSL_CORE_MAKE_FUNC(int, core_pop_error_to_mark, (const OSSL_PROVIDER *prov)) + +/* Memory allocation, freeing, clearing. */ +#define OSSL_FUNC_CRYPTO_MALLOC 20 +OSSL_CORE_MAKE_FUNC(void *, + CRYPTO_malloc, (size_t num, const char *file, int line)) +#define OSSL_FUNC_CRYPTO_ZALLOC 21 +OSSL_CORE_MAKE_FUNC(void *, + CRYPTO_zalloc, (size_t num, const char *file, int line)) +#define OSSL_FUNC_CRYPTO_FREE 22 +OSSL_CORE_MAKE_FUNC(void, + CRYPTO_free, (void *ptr, const char *file, int line)) +#define OSSL_FUNC_CRYPTO_CLEAR_FREE 23 +OSSL_CORE_MAKE_FUNC(void, + CRYPTO_clear_free, (void *ptr, size_t num, const char *file, int line)) +#define OSSL_FUNC_CRYPTO_REALLOC 24 +OSSL_CORE_MAKE_FUNC(void *, + CRYPTO_realloc, (void *addr, size_t num, const char *file, int line)) +#define OSSL_FUNC_CRYPTO_CLEAR_REALLOC 25 +OSSL_CORE_MAKE_FUNC(void *, + CRYPTO_clear_realloc, (void *addr, size_t old_num, size_t num, + const char *file, int line)) +#define OSSL_FUNC_CRYPTO_SECURE_MALLOC 26 +OSSL_CORE_MAKE_FUNC(void *, + CRYPTO_secure_malloc, (size_t num, const char *file, int line)) +#define OSSL_FUNC_CRYPTO_SECURE_ZALLOC 27 +OSSL_CORE_MAKE_FUNC(void *, + CRYPTO_secure_zalloc, (size_t num, const char *file, int line)) +#define OSSL_FUNC_CRYPTO_SECURE_FREE 28 +OSSL_CORE_MAKE_FUNC(void, + CRYPTO_secure_free, (void *ptr, const char *file, int line)) +#define OSSL_FUNC_CRYPTO_SECURE_CLEAR_FREE 29 +OSSL_CORE_MAKE_FUNC(void, + CRYPTO_secure_clear_free, (void *ptr, size_t num, const char *file, + int line)) +#define OSSL_FUNC_CRYPTO_SECURE_ALLOCATED 30 +OSSL_CORE_MAKE_FUNC(int, + CRYPTO_secure_allocated, (const void *ptr)) +#define OSSL_FUNC_OPENSSL_CLEANSE 31 +OSSL_CORE_MAKE_FUNC(void, + OPENSSL_cleanse, (void *ptr, size_t len)) + +/* Bio functions provided by the core */ +#define OSSL_FUNC_BIO_NEW_FILE 40 +#define OSSL_FUNC_BIO_NEW_MEMBUF 41 +#define OSSL_FUNC_BIO_READ_EX 42 +#define OSSL_FUNC_BIO_FREE 43 +#define OSSL_FUNC_BIO_VPRINTF 44 + +OSSL_CORE_MAKE_FUNC(BIO *, BIO_new_file, (const char *filename, const char *mode)) +OSSL_CORE_MAKE_FUNC(BIO *, BIO_new_membuf, (const void *buf, int len)) +OSSL_CORE_MAKE_FUNC(int, BIO_read_ex, (BIO *bio, void *data, size_t data_len, + size_t *bytes_read)) +OSSL_CORE_MAKE_FUNC(int, BIO_free, (BIO *bio)) +OSSL_CORE_MAKE_FUNC(int, BIO_vprintf, (BIO *bio, const char *format, + va_list args)) + +#define OSSL_FUNC_SELF_TEST_CB 100 +OSSL_CORE_MAKE_FUNC(void, self_test_cb, (OPENSSL_CTX *ctx, OSSL_CALLBACK **cb, + void **cbarg)) + +/* Functions provided by the provider to the Core, reserved numbers 1024-1535 */ +# define OSSL_FUNC_PROVIDER_TEARDOWN 1024 +OSSL_CORE_MAKE_FUNC(void,provider_teardown,(void *provctx)) +# define OSSL_FUNC_PROVIDER_GETTABLE_PARAMS 1025 +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, + provider_gettable_params,(void *provctx)) +# define OSSL_FUNC_PROVIDER_GET_PARAMS 1026 +OSSL_CORE_MAKE_FUNC(int,provider_get_params,(void *provctx, + OSSL_PARAM params[])) +# define OSSL_FUNC_PROVIDER_QUERY_OPERATION 1027 +OSSL_CORE_MAKE_FUNC(const OSSL_ALGORITHM *,provider_query_operation, + (void *provctx, int operation_id, const int *no_store)) +# define OSSL_FUNC_PROVIDER_GET_REASON_STRINGS 1028 +OSSL_CORE_MAKE_FUNC(const OSSL_ITEM *,provider_get_reason_strings, + (void *provctx)) + +/* Operations */ + +# define OSSL_OP_DIGEST 1 +# define OSSL_OP_CIPHER 2 /* Symmetric Ciphers */ +# define OSSL_OP_MAC 3 +# define OSSL_OP_KDF 4 +# define OSSL_OP_KEYMGMT 10 +# define OSSL_OP_KEYEXCH 11 +# define OSSL_OP_SIGNATURE 12 +# define OSSL_OP_ASYM_CIPHER 13 +/* New section for non-EVP operations */ +# define OSSL_OP_SERIALIZER 20 +/* Highest known operation number */ +# define OSSL_OP__HIGHEST 20 + +/* Digests */ + +# define OSSL_FUNC_DIGEST_NEWCTX 1 +# define OSSL_FUNC_DIGEST_INIT 2 +# define OSSL_FUNC_DIGEST_UPDATE 3 +# define OSSL_FUNC_DIGEST_FINAL 4 +# define OSSL_FUNC_DIGEST_DIGEST 5 +# define OSSL_FUNC_DIGEST_FREECTX 6 +# define OSSL_FUNC_DIGEST_DUPCTX 7 +# define OSSL_FUNC_DIGEST_GET_PARAMS 8 +# define OSSL_FUNC_DIGEST_SET_CTX_PARAMS 9 +# define OSSL_FUNC_DIGEST_GET_CTX_PARAMS 10 +# define OSSL_FUNC_DIGEST_GETTABLE_PARAMS 11 +# define OSSL_FUNC_DIGEST_SETTABLE_CTX_PARAMS 12 +# define OSSL_FUNC_DIGEST_GETTABLE_CTX_PARAMS 13 + +OSSL_CORE_MAKE_FUNC(void *, OP_digest_newctx, (void *provctx)) +OSSL_CORE_MAKE_FUNC(int, OP_digest_init, (void *dctx)) +OSSL_CORE_MAKE_FUNC(int, OP_digest_update, + (void *dctx, const unsigned char *in, size_t inl)) +OSSL_CORE_MAKE_FUNC(int, OP_digest_final, + (void *dctx, + unsigned char *out, size_t *outl, size_t outsz)) +OSSL_CORE_MAKE_FUNC(int, OP_digest_digest, + (void *provctx, const unsigned char *in, size_t inl, + unsigned char *out, size_t *outl, size_t outsz)) + +OSSL_CORE_MAKE_FUNC(void, OP_digest_freectx, (void *dctx)) +OSSL_CORE_MAKE_FUNC(void *, OP_digest_dupctx, (void *dctx)) + +OSSL_CORE_MAKE_FUNC(int, OP_digest_get_params, (OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, OP_digest_set_ctx_params, + (void *vctx, const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, OP_digest_get_ctx_params, + (void *vctx, OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_digest_gettable_params, (void)) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_digest_settable_ctx_params, (void)) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_digest_gettable_ctx_params, (void)) + +/* Symmetric Ciphers */ + +# define OSSL_FUNC_CIPHER_NEWCTX 1 +# define OSSL_FUNC_CIPHER_ENCRYPT_INIT 2 +# define OSSL_FUNC_CIPHER_DECRYPT_INIT 3 +# define OSSL_FUNC_CIPHER_UPDATE 4 +# define OSSL_FUNC_CIPHER_FINAL 5 +# define OSSL_FUNC_CIPHER_CIPHER 6 +# define OSSL_FUNC_CIPHER_FREECTX 7 +# define OSSL_FUNC_CIPHER_DUPCTX 8 +# define OSSL_FUNC_CIPHER_GET_PARAMS 9 +# define OSSL_FUNC_CIPHER_GET_CTX_PARAMS 10 +# define OSSL_FUNC_CIPHER_SET_CTX_PARAMS 11 +# define OSSL_FUNC_CIPHER_GETTABLE_PARAMS 12 +# define OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS 13 +# define OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS 14 + +OSSL_CORE_MAKE_FUNC(void *, OP_cipher_newctx, (void *provctx)) +OSSL_CORE_MAKE_FUNC(int, OP_cipher_encrypt_init, (void *cctx, + const unsigned char *key, + size_t keylen, + const unsigned char *iv, + size_t ivlen)) +OSSL_CORE_MAKE_FUNC(int, OP_cipher_decrypt_init, (void *cctx, + const unsigned char *key, + size_t keylen, + const unsigned char *iv, + size_t ivlen)) +OSSL_CORE_MAKE_FUNC(int, OP_cipher_update, + (void *cctx, + unsigned char *out, size_t *outl, size_t outsize, + const unsigned char *in, size_t inl)) +OSSL_CORE_MAKE_FUNC(int, OP_cipher_final, + (void *cctx, + unsigned char *out, size_t *outl, size_t outsize)) +OSSL_CORE_MAKE_FUNC(int, OP_cipher_cipher, + (void *cctx, + unsigned char *out, size_t *outl, size_t outsize, + const unsigned char *in, size_t inl)) +OSSL_CORE_MAKE_FUNC(void, OP_cipher_freectx, (void *cctx)) +OSSL_CORE_MAKE_FUNC(void *, OP_cipher_dupctx, (void *cctx)) +OSSL_CORE_MAKE_FUNC(int, OP_cipher_get_params, (OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, OP_cipher_get_ctx_params, (void *cctx, + OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, OP_cipher_set_ctx_params, (void *cctx, + const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_cipher_gettable_params, (void)) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_cipher_settable_ctx_params, (void)) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_cipher_gettable_ctx_params, (void)) + +/* MACs */ + +# define OSSL_FUNC_MAC_NEWCTX 1 +# define OSSL_FUNC_MAC_DUPCTX 2 +# define OSSL_FUNC_MAC_FREECTX 3 +# define OSSL_FUNC_MAC_INIT 4 +# define OSSL_FUNC_MAC_UPDATE 5 +# define OSSL_FUNC_MAC_FINAL 6 +# define OSSL_FUNC_MAC_GET_PARAMS 7 +# define OSSL_FUNC_MAC_GET_CTX_PARAMS 8 +# define OSSL_FUNC_MAC_SET_CTX_PARAMS 9 +# define OSSL_FUNC_MAC_GETTABLE_PARAMS 10 +# define OSSL_FUNC_MAC_GETTABLE_CTX_PARAMS 11 +# define OSSL_FUNC_MAC_SETTABLE_CTX_PARAMS 12 + +OSSL_CORE_MAKE_FUNC(void *, OP_mac_newctx, (void *provctx)) +OSSL_CORE_MAKE_FUNC(void *, OP_mac_dupctx, (void *src)) +OSSL_CORE_MAKE_FUNC(void, OP_mac_freectx, (void *mctx)) +OSSL_CORE_MAKE_FUNC(size_t, OP_mac_size, (void *mctx)) +OSSL_CORE_MAKE_FUNC(int, OP_mac_init, (void *mctx)) +OSSL_CORE_MAKE_FUNC(int, OP_mac_update, + (void *mctx, const unsigned char *in, size_t inl)) +OSSL_CORE_MAKE_FUNC(int, OP_mac_final, + (void *mctx, + unsigned char *out, size_t *outl, size_t outsize)) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_mac_gettable_params, (void)) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_mac_gettable_ctx_params, (void)) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_mac_settable_ctx_params, (void)) +OSSL_CORE_MAKE_FUNC(int, OP_mac_get_params, (OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, OP_mac_get_ctx_params, + (void *mctx, OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, OP_mac_set_ctx_params, + (void *mctx, const OSSL_PARAM params[])) + +/* KDFs and PRFs */ + +# define OSSL_FUNC_KDF_NEWCTX 1 +# define OSSL_FUNC_KDF_DUPCTX 2 +# define OSSL_FUNC_KDF_FREECTX 3 +# define OSSL_FUNC_KDF_RESET 4 +# define OSSL_FUNC_KDF_DERIVE 5 +# define OSSL_FUNC_KDF_GETTABLE_PARAMS 6 +# define OSSL_FUNC_KDF_GETTABLE_CTX_PARAMS 7 +# define OSSL_FUNC_KDF_SETTABLE_CTX_PARAMS 8 +# define OSSL_FUNC_KDF_GET_PARAMS 9 +# define OSSL_FUNC_KDF_GET_CTX_PARAMS 10 +# define OSSL_FUNC_KDF_SET_CTX_PARAMS 11 + +OSSL_CORE_MAKE_FUNC(void *, OP_kdf_newctx, (void *provctx)) +OSSL_CORE_MAKE_FUNC(void *, OP_kdf_dupctx, (void *src)) +OSSL_CORE_MAKE_FUNC(void, OP_kdf_freectx, (void *kctx)) +OSSL_CORE_MAKE_FUNC(void, OP_kdf_reset, (void *kctx)) +OSSL_CORE_MAKE_FUNC(int, OP_kdf_derive, (void *kctx, unsigned char *key, + size_t keylen)) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_kdf_gettable_params, (void)) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_kdf_gettable_ctx_params, (void)) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_kdf_settable_ctx_params, (void)) +OSSL_CORE_MAKE_FUNC(int, OP_kdf_get_params, (OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, OP_kdf_get_ctx_params, + (void *kctx, OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, OP_kdf_set_ctx_params, + (void *kctx, const OSSL_PARAM params[])) + +/*- + * Key management + * + * The Key Management takes care of provider side key objects, and includes + * all current functionality to create them, destroy them, set parameters + * and key material, etc, essentially everything that manipulates the keys + * themselves and their parameters. + * + * The key objects are commonly refered to as |keydata|, and it MUST be able + * to contain parameters if the key has any, the public key and the private + * key. All parts are optional, but their presence determines what can be + * done with the key object in terms of encryption, signature, and so on. + * The assumption from libcrypto is that the key object contains any of the + * following data combinations: + * + * - parameters only + * - public key only + * - public key + private key + * - parameters + public key + * - parameters + public key + private key + * + * What "parameters", "public key" and "private key" means in detail is left + * to the implementation. In the case of DH and DSA, they would typically + * include domain parameters, while for certain variants of RSA, they would + * typically include PSS or OAEP parameters. + * + * Key objects are created with OP_keymgmt_new() and destroyed with + * Op_keymgmt_free(). Key objects can have data filled in with + * OP_keymgmt_import(). + * + * Three functions are made available to check what selection of data is + * present in a key object: OP_keymgmt_has_parameters(), + * OP_keymgmt_has_public_key(), and OP_keymgmt_has_private_key(), + */ + +/* Key data subset selection - individual bits */ +# define OSSL_KEYMGMT_SELECT_PRIVATE_KEY 0x01 +# define OSSL_KEYMGMT_SELECT_PUBLIC_KEY 0x02 +# define OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS 0x04 +# define OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS 0x80 + +/* Key data subset selection - combinations */ +# define OSSL_KEYMGMT_SELECT_ALL_PARAMETERS \ + ( OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS \ + | OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) +# define OSSL_KEYMGMT_SELECT_KEYPAIR \ + ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY | OSSL_KEYMGMT_SELECT_PUBLIC_KEY ) +# define OSSL_KEYMGMT_SELECT_ALL \ + ( OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ) + +/* Basic key object creation, destruction */ +# define OSSL_FUNC_KEYMGMT_NEW 1 +# define OSSL_FUNC_KEYMGMT_FREE 9 +OSSL_CORE_MAKE_FUNC(void *, OP_keymgmt_new, (void *provctx)) +OSSL_CORE_MAKE_FUNC(void, OP_keymgmt_free, (void *keydata)) + +/* Key object information, with discovery */ +#define OSSL_FUNC_KEYMGMT_GET_PARAMS 10 +#define OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS 11 +OSSL_CORE_MAKE_FUNC(int, OP_keymgmt_get_params, + (void *keydata, OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_keymgmt_gettable_params, (void)) + +#define OSSL_FUNC_KEYMGMT_SET_PARAMS 12 +#define OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS 13 +OSSL_CORE_MAKE_FUNC(int, OP_keymgmt_set_params, + (void *keydata, const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_keymgmt_settable_params, (void)) + +/* Key checks - discovery of supported operations */ +# define OSSL_FUNC_KEYMGMT_QUERY_OPERATION_NAME 20 +OSSL_CORE_MAKE_FUNC(const char *, OP_keymgmt_query_operation_name, + (int operation_id)) + +/* Key checks - key data content checks */ +# define OSSL_FUNC_KEYMGMT_HAS 21 +OSSL_CORE_MAKE_FUNC(int, OP_keymgmt_has, (void *keydata, int selection)) + +/* Key checks - validation */ +# define OSSL_FUNC_KEYMGMT_VALIDATE 22 +OSSL_CORE_MAKE_FUNC(int, OP_keymgmt_validate, (void *keydata, int selection)) + +/* Key checks - matching */ +# define OSSL_FUNC_KEYMGMT_MATCH 23 +OSSL_CORE_MAKE_FUNC(int, OP_keymgmt_match, + (const void *keydata1, const void *keydata2, + int selection)) + +/* Import and export functions, with discovery */ +# define OSSL_FUNC_KEYMGMT_IMPORT 40 +# define OSSL_FUNC_KEYMGMT_IMPORT_TYPES 41 +# define OSSL_FUNC_KEYMGMT_EXPORT 42 +# define OSSL_FUNC_KEYMGMT_EXPORT_TYPES 43 +OSSL_CORE_MAKE_FUNC(int, OP_keymgmt_import, + (void *keydata, int selection, const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_keymgmt_import_types, + (int selection)) +OSSL_CORE_MAKE_FUNC(int, OP_keymgmt_export, + (void *keydata, int selection, + OSSL_CALLBACK *param_cb, void *cbarg)) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_keymgmt_export_types, + (int selection)) + +/* Copy function, only works for matching keymgmt */ +# define OSSL_FUNC_KEYMGMT_COPY 44 +OSSL_CORE_MAKE_FUNC(int, OP_keymgmt_copy, + ( void *keydata_to, const void *keydata_from, + int selection)) + +/* Key Exchange */ + +# define OSSL_FUNC_KEYEXCH_NEWCTX 1 +# define OSSL_FUNC_KEYEXCH_INIT 2 +# define OSSL_FUNC_KEYEXCH_DERIVE 3 +# define OSSL_FUNC_KEYEXCH_SET_PEER 4 +# define OSSL_FUNC_KEYEXCH_FREECTX 5 +# define OSSL_FUNC_KEYEXCH_DUPCTX 6 +# define OSSL_FUNC_KEYEXCH_SET_CTX_PARAMS 7 +# define OSSL_FUNC_KEYEXCH_SETTABLE_CTX_PARAMS 8 +# define OSSL_FUNC_KEYEXCH_GET_CTX_PARAMS 9 +# define OSSL_FUNC_KEYEXCH_GETTABLE_CTX_PARAMS 10 + +OSSL_CORE_MAKE_FUNC(void *, OP_keyexch_newctx, (void *provctx)) +OSSL_CORE_MAKE_FUNC(int, OP_keyexch_init, (void *ctx, void *provkey)) +OSSL_CORE_MAKE_FUNC(int, OP_keyexch_derive, (void *ctx, unsigned char *secret, + size_t *secretlen, size_t outlen)) +OSSL_CORE_MAKE_FUNC(int, OP_keyexch_set_peer, (void *ctx, void *provkey)) +OSSL_CORE_MAKE_FUNC(void, OP_keyexch_freectx, (void *ctx)) +OSSL_CORE_MAKE_FUNC(void *, OP_keyexch_dupctx, (void *ctx)) +OSSL_CORE_MAKE_FUNC(int, OP_keyexch_set_ctx_params, (void *ctx, + const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_keyexch_settable_ctx_params, + (void)) +OSSL_CORE_MAKE_FUNC(int, OP_keyexch_get_ctx_params, (void *ctx, + OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_keyexch_gettable_ctx_params, + (void)) + +/* Signature */ + +# define OSSL_FUNC_SIGNATURE_NEWCTX 1 +# define OSSL_FUNC_SIGNATURE_SIGN_INIT 2 +# define OSSL_FUNC_SIGNATURE_SIGN 3 +# define OSSL_FUNC_SIGNATURE_VERIFY_INIT 4 +# define OSSL_FUNC_SIGNATURE_VERIFY 5 +# define OSSL_FUNC_SIGNATURE_VERIFY_RECOVER_INIT 6 +# define OSSL_FUNC_SIGNATURE_VERIFY_RECOVER 7 +# define OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT 8 +# define OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE 9 +# define OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL 10 +# define OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT 11 +# define OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE 12 +# define OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL 13 +# define OSSL_FUNC_SIGNATURE_FREECTX 14 +# define OSSL_FUNC_SIGNATURE_DUPCTX 15 +# define OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS 16 +# define OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS 17 +# define OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS 18 +# define OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS 19 +# define OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS 20 +# define OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS 21 +# define OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS 22 +# define OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS 23 + +OSSL_CORE_MAKE_FUNC(void *, OP_signature_newctx, (void *provctx)) +OSSL_CORE_MAKE_FUNC(int, OP_signature_sign_init, (void *ctx, void *provkey)) +OSSL_CORE_MAKE_FUNC(int, OP_signature_sign, (void *ctx, unsigned char *sig, + size_t *siglen, size_t sigsize, + const unsigned char *tbs, + size_t tbslen)) +OSSL_CORE_MAKE_FUNC(int, OP_signature_verify_init, (void *ctx, void *provkey)) +OSSL_CORE_MAKE_FUNC(int, OP_signature_verify, (void *ctx, + const unsigned char *sig, + size_t siglen, + const unsigned char *tbs, + size_t tbslen)) +OSSL_CORE_MAKE_FUNC(int, OP_signature_verify_recover_init, (void *ctx, + void *provkey)) +OSSL_CORE_MAKE_FUNC(int, OP_signature_verify_recover, (void *ctx, + unsigned char *rout, + size_t *routlen, + size_t routsize, + const unsigned char *sig, + size_t siglen)) +OSSL_CORE_MAKE_FUNC(int, OP_signature_digest_sign_init, + (void *ctx, const char *mdname, const char *props, + void *provkey)) +OSSL_CORE_MAKE_FUNC(int, OP_signature_digest_sign_update, + (void *ctx, const unsigned char *data, size_t datalen)) +OSSL_CORE_MAKE_FUNC(int, OP_signature_digest_sign_final, + (void *ctx, unsigned char *sig, size_t *siglen, + size_t sigsize)) +OSSL_CORE_MAKE_FUNC(int, OP_signature_digest_verify_init, + (void *ctx, const char *mdname, const char *props, + void *provkey)) +OSSL_CORE_MAKE_FUNC(int, OP_signature_digest_verify_update, + (void *ctx, const unsigned char *data, size_t datalen)) +OSSL_CORE_MAKE_FUNC(int, OP_signature_digest_verify_final, + (void *ctx, const unsigned char *sig, size_t siglen)) +OSSL_CORE_MAKE_FUNC(void, OP_signature_freectx, (void *ctx)) +OSSL_CORE_MAKE_FUNC(void *, OP_signature_dupctx, (void *ctx)) +OSSL_CORE_MAKE_FUNC(int, OP_signature_get_ctx_params, + (void *ctx, OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_signature_gettable_ctx_params, + (void)) +OSSL_CORE_MAKE_FUNC(int, OP_signature_set_ctx_params, + (void *ctx, const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_signature_settable_ctx_params, + (void)) +OSSL_CORE_MAKE_FUNC(int, OP_signature_get_ctx_md_params, + (void *ctx, OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_signature_gettable_ctx_md_params, + (void *ctx)) +OSSL_CORE_MAKE_FUNC(int, OP_signature_set_ctx_md_params, + (void *ctx, const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_signature_settable_ctx_md_params, + (void *ctx)) + + +/* Asymmetric Ciphers */ + +# define OSSL_FUNC_ASYM_CIPHER_NEWCTX 1 +# define OSSL_FUNC_ASYM_CIPHER_ENCRYPT_INIT 2 +# define OSSL_FUNC_ASYM_CIPHER_ENCRYPT 3 +# define OSSL_FUNC_ASYM_CIPHER_DECRYPT_INIT 4 +# define OSSL_FUNC_ASYM_CIPHER_DECRYPT 5 +# define OSSL_FUNC_ASYM_CIPHER_FREECTX 6 +# define OSSL_FUNC_ASYM_CIPHER_DUPCTX 7 +# define OSSL_FUNC_ASYM_CIPHER_GET_CTX_PARAMS 8 +# define OSSL_FUNC_ASYM_CIPHER_GETTABLE_CTX_PARAMS 9 +# define OSSL_FUNC_ASYM_CIPHER_SET_CTX_PARAMS 10 +# define OSSL_FUNC_ASYM_CIPHER_SETTABLE_CTX_PARAMS 11 + +OSSL_CORE_MAKE_FUNC(void *, OP_asym_cipher_newctx, (void *provctx)) +OSSL_CORE_MAKE_FUNC(int, OP_asym_cipher_encrypt_init, (void *ctx, void *provkey)) +OSSL_CORE_MAKE_FUNC(int, OP_asym_cipher_encrypt, (void *ctx, unsigned char *out, + size_t *outlen, + size_t outsize, + const unsigned char *in, + size_t inlen)) +OSSL_CORE_MAKE_FUNC(int, OP_asym_cipher_decrypt_init, (void *ctx, void *provkey)) +OSSL_CORE_MAKE_FUNC(int, OP_asym_cipher_decrypt, (void *ctx, unsigned char *out, + size_t *outlen, + size_t outsize, + const unsigned char *in, + size_t inlen)) +OSSL_CORE_MAKE_FUNC(void, OP_asym_cipher_freectx, (void *ctx)) +OSSL_CORE_MAKE_FUNC(void *, OP_asym_cipher_dupctx, (void *ctx)) +OSSL_CORE_MAKE_FUNC(int, OP_asym_cipher_get_ctx_params, + (void *ctx, OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_asym_cipher_gettable_ctx_params, + (void)) +OSSL_CORE_MAKE_FUNC(int, OP_asym_cipher_set_ctx_params, + (void *ctx, const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_asym_cipher_settable_ctx_params, + (void)) + +/* Serializers */ +# define OSSL_FUNC_SERIALIZER_NEWCTX 1 +# define OSSL_FUNC_SERIALIZER_FREECTX 2 +# define OSSL_FUNC_SERIALIZER_SET_CTX_PARAMS 3 +# define OSSL_FUNC_SERIALIZER_SETTABLE_CTX_PARAMS 4 +# define OSSL_FUNC_SERIALIZER_SERIALIZE_DATA 10 +# define OSSL_FUNC_SERIALIZER_SERIALIZE_OBJECT 11 +OSSL_CORE_MAKE_FUNC(void *, OP_serializer_newctx, (void *provctx)) +OSSL_CORE_MAKE_FUNC(void, OP_serializer_freectx, (void *ctx)) +OSSL_CORE_MAKE_FUNC(int, OP_serializer_set_ctx_params, + (void *ctx, const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_serializer_settable_ctx_params, + (void)) + +OSSL_CORE_MAKE_FUNC(int, OP_serializer_serialize_data, + (void *ctx, const OSSL_PARAM[], BIO *out, + OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg)) +OSSL_CORE_MAKE_FUNC(int, OP_serializer_serialize_object, + (void *ctx, void *obj, BIO *out, + OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg)) + +# ifdef __cplusplus +} +# endif + +#endif diff --git a/linux_amd64/ssl/include/openssl/crmf.h b/linux_amd64/ssl/include/openssl/crmf.h new file mode 100644 index 0000000..09b57f6 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/crmf.h @@ -0,0 +1,139 @@ +/*- + * Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright Nokia 2007-2019 + * Copyright Siemens AG 2015-2019 + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + * + * CRMF (RFC 4211) implementation by M. Peylo, M. Viljanen, and D. von Oheimb. + */ + +#ifndef OPENSSL_CRMF_H +# define OPENSSL_CRMF_H + +# include + +# ifndef OPENSSL_NO_CRMF +# include +# include +# include +# include /* for GENERAL_NAME etc. */ + +/* explicit #includes not strictly needed since implied by the above: */ +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +# define OSSL_CRMF_POPOPRIVKEY_THISMESSAGE 0 +# define OSSL_CRMF_POPOPRIVKEY_SUBSEQUENTMESSAGE 1 +# define OSSL_CRMF_POPOPRIVKEY_DHMAC 2 +# define OSSL_CRMF_POPOPRIVKEY_AGREEMAC 3 +# define OSSL_CRMF_POPOPRIVKEY_ENCRYPTEDKEY 4 + +# define OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT 0 +# define OSSL_CRMF_SUBSEQUENTMESSAGE_CHALLENGERESP 1 + +typedef struct ossl_crmf_encryptedvalue_st OSSL_CRMF_ENCRYPTEDVALUE; +DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_ENCRYPTEDVALUE) +typedef struct ossl_crmf_msg_st OSSL_CRMF_MSG; +DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSG) +DEFINE_STACK_OF(OSSL_CRMF_MSG) +typedef struct ossl_crmf_attributetypeandvalue_st OSSL_CRMF_ATTRIBUTETYPEANDVALUE; +typedef struct ossl_crmf_pbmparameter_st OSSL_CRMF_PBMPARAMETER; +DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_PBMPARAMETER) +typedef struct ossl_crmf_poposigningkey_st OSSL_CRMF_POPOSIGNINGKEY; +typedef struct ossl_crmf_certrequest_st OSSL_CRMF_CERTREQUEST; +typedef struct ossl_crmf_certid_st OSSL_CRMF_CERTID; +DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_CERTID) +DEFINE_STACK_OF(OSSL_CRMF_CERTID) + +typedef struct ossl_crmf_pkipublicationinfo_st OSSL_CRMF_PKIPUBLICATIONINFO; +DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_PKIPUBLICATIONINFO) +typedef struct ossl_crmf_singlepubinfo_st OSSL_CRMF_SINGLEPUBINFO; +DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_SINGLEPUBINFO) +typedef struct ossl_crmf_certtemplate_st OSSL_CRMF_CERTTEMPLATE; +DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_CERTTEMPLATE) +typedef STACK_OF(OSSL_CRMF_MSG) OSSL_CRMF_MSGS; +DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSGS) + +typedef struct ossl_crmf_optionalvalidity_st OSSL_CRMF_OPTIONALVALIDITY; + +/* crmf_pbm.c */ +OSSL_CRMF_PBMPARAMETER *OSSL_CRMF_pbmp_new(size_t slen, int owfnid, + int itercnt, int macnid); +int OSSL_CRMF_pbm_new(const OSSL_CRMF_PBMPARAMETER *pbmp, + const unsigned char *msg, size_t msglen, + const unsigned char *sec, size_t seclen, + unsigned char **mac, size_t *maclen); + +/* crmf_lib.c */ +int OSSL_CRMF_MSG_set1_regCtrl_regToken(OSSL_CRMF_MSG *msg, + const ASN1_UTF8STRING *tok); +int OSSL_CRMF_MSG_set1_regCtrl_authenticator(OSSL_CRMF_MSG *msg, + const ASN1_UTF8STRING *auth); +int +OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo(OSSL_CRMF_PKIPUBLICATIONINFO *pi, + OSSL_CRMF_SINGLEPUBINFO *spi); +# define OSSL_CRMF_PUB_METHOD_DONTCARE 0 +# define OSSL_CRMF_PUB_METHOD_X500 1 +# define OSSL_CRMF_PUB_METHOD_WEB 2 +# define OSSL_CRMF_PUB_METHOD_LDAP 3 +int OSSL_CRMF_MSG_set0_SinglePubInfo(OSSL_CRMF_SINGLEPUBINFO *spi, + int method, GENERAL_NAME *nm); +# define OSSL_CRMF_PUB_ACTION_DONTPUBLISH 0 +# define OSSL_CRMF_PUB_ACTION_PLEASEPUBLISH 1 +int OSSL_CRMF_MSG_set_PKIPublicationInfo_action(OSSL_CRMF_PKIPUBLICATIONINFO *pi, + int action); +int OSSL_CRMF_MSG_set1_regCtrl_pkiPublicationInfo(OSSL_CRMF_MSG *msg, + const OSSL_CRMF_PKIPUBLICATIONINFO *pi); +int OSSL_CRMF_MSG_set1_regCtrl_protocolEncrKey(OSSL_CRMF_MSG *msg, + const X509_PUBKEY *pubkey); +int OSSL_CRMF_MSG_set1_regCtrl_oldCertID(OSSL_CRMF_MSG *msg, + const OSSL_CRMF_CERTID *cid); +OSSL_CRMF_CERTID *OSSL_CRMF_CERTID_gen(const X509_NAME *issuer, + const ASN1_INTEGER *serial); + +int OSSL_CRMF_MSG_set1_regInfo_utf8Pairs(OSSL_CRMF_MSG *msg, + const ASN1_UTF8STRING *utf8pairs); +int OSSL_CRMF_MSG_set1_regInfo_certReq(OSSL_CRMF_MSG *msg, + const OSSL_CRMF_CERTREQUEST *cr); + +int OSSL_CRMF_MSG_set_validity(OSSL_CRMF_MSG *crm, time_t from, time_t to); +int OSSL_CRMF_MSG_set_certReqId(OSSL_CRMF_MSG *crm, int rid); +int OSSL_CRMF_MSG_get_certReqId(OSSL_CRMF_MSG *crm); +int OSSL_CRMF_MSG_set0_extensions(OSSL_CRMF_MSG *crm, X509_EXTENSIONS *exts); + +int OSSL_CRMF_MSG_push0_extension(OSSL_CRMF_MSG *crm, X509_EXTENSION *ext); +# define OSSL_CRMF_POPO_NONE -1 +# define OSSL_CRMF_POPO_RAVERIFIED 0 +# define OSSL_CRMF_POPO_SIGNATURE 1 +# define OSSL_CRMF_POPO_KEYENC 2 +# define OSSL_CRMF_POPO_KEYAGREE 3 +int OSSL_CRMF_MSG_create_popo(OSSL_CRMF_MSG *crm, EVP_PKEY *pkey, + int dgst, int ppmtd); +int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs, + int rid, int acceptRAVerified); +OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm); +ASN1_INTEGER *OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(OSSL_CRMF_CERTTEMPLATE *t); +X509_NAME *OSSL_CRMF_CERTTEMPLATE_get0_issuer(OSSL_CRMF_CERTTEMPLATE *tmpl); +X509_NAME *OSSL_CRMF_CERTID_get0_issuer(const OSSL_CRMF_CERTID *cid); +ASN1_INTEGER *OSSL_CRMF_CERTID_get0_serialNumber(const OSSL_CRMF_CERTID *cid); +int OSSL_CRMF_CERTTEMPLATE_fill(OSSL_CRMF_CERTTEMPLATE *tmpl, + EVP_PKEY *pubkey, + const X509_NAME *subject, + const X509_NAME *issuer, + const ASN1_INTEGER *serial); +X509 *OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert(OSSL_CRMF_ENCRYPTEDVALUE *ecert, + EVP_PKEY *pkey); + +# ifdef __cplusplus +} +# endif +# endif /* !defined OPENSSL_NO_CRMF */ +#endif /* !defined OPENSSL_CRMF_H */ diff --git a/linux_amd64/ssl/include/openssl/crmferr.h b/linux_amd64/ssl/include/openssl/crmferr.h new file mode 100644 index 0000000..97a3028 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/crmferr.h @@ -0,0 +1,75 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_CRMFERR_H +# define OPENSSL_CRMFERR_H + +# include +# include + + +# include + +# ifndef OPENSSL_NO_CRMF + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_CRMF_strings(void); + +/* + * CRMF function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define CRMF_F_CRMF_POPOSIGNINGKEY_INIT 0 +# define CRMF_F_OSSL_CRMF_CERTID_GEN 0 +# define CRMF_F_OSSL_CRMF_CERTTEMPLATE_FILL 0 +# define CRMF_F_OSSL_CRMF_ENCRYPTEDVALUE_GET1_ENCCERT 0 +# define CRMF_F_OSSL_CRMF_MSGS_VERIFY_POPO 0 +# define CRMF_F_OSSL_CRMF_MSG_CREATE_POPO 0 +# define CRMF_F_OSSL_CRMF_MSG_GET0_TMPL 0 +# define CRMF_F_OSSL_CRMF_MSG_GET_CERTREQID 0 +# define CRMF_F_OSSL_CRMF_MSG_PKIPUBLICATIONINFO_PUSH0_SINGLEPUBINFO 0 +# define CRMF_F_OSSL_CRMF_MSG_PUSH0_EXTENSION 0 +# define CRMF_F_OSSL_CRMF_MSG_PUSH0_REGCTRL 0 +# define CRMF_F_OSSL_CRMF_MSG_PUSH0_REGINFO 0 +# define CRMF_F_OSSL_CRMF_MSG_SET0_EXTENSIONS 0 +# define CRMF_F_OSSL_CRMF_MSG_SET0_SINGLEPUBINFO 0 +# define CRMF_F_OSSL_CRMF_MSG_SET_CERTREQID 0 +# define CRMF_F_OSSL_CRMF_MSG_SET_PKIPUBLICATIONINFO_ACTION 0 +# define CRMF_F_OSSL_CRMF_MSG_SET_VALIDITY 0 +# define CRMF_F_OSSL_CRMF_PBMP_NEW 0 +# define CRMF_F_OSSL_CRMF_PBM_NEW 0 +# endif + +/* + * CRMF reason codes. + */ +# define CRMF_R_BAD_PBM_ITERATIONCOUNT 100 +# define CRMF_R_CRMFERROR 102 +# define CRMF_R_ERROR 103 +# define CRMF_R_ERROR_DECODING_CERTIFICATE 104 +# define CRMF_R_ERROR_DECRYPTING_CERTIFICATE 105 +# define CRMF_R_ERROR_DECRYPTING_SYMMETRIC_KEY 106 +# define CRMF_R_FAILURE_OBTAINING_RANDOM 107 +# define CRMF_R_ITERATIONCOUNT_BELOW_100 108 +# define CRMF_R_MALFORMED_IV 101 +# define CRMF_R_NULL_ARGUMENT 109 +# define CRMF_R_SETTING_MAC_ALGOR_FAILURE 110 +# define CRMF_R_SETTING_OWF_ALGOR_FAILURE 111 +# define CRMF_R_UNSUPPORTED_ALGORITHM 112 +# define CRMF_R_UNSUPPORTED_ALG_FOR_POPSIGNINGKEY 113 +# define CRMF_R_UNSUPPORTED_CIPHER 114 +# define CRMF_R_UNSUPPORTED_METHOD_FOR_CREATING_POPO 115 +# define CRMF_R_UNSUPPORTED_POPO_METHOD 116 +# define CRMF_R_UNSUPPORTED_POPO_NOT_ACCEPTED 117 + +# endif +#endif diff --git a/linux_amd64/ssl/include/openssl/crypto.h b/linux_amd64/ssl/include/openssl/crypto.h new file mode 100644 index 0000000..a157558 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/crypto.h @@ -0,0 +1,501 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_CRYPTO_H +# define OPENSSL_CRYPTO_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_CRYPTO_H +# endif + +# include +# include + +# include + +# ifndef OPENSSL_NO_STDIO +# include +# endif + +# include +# include +# include +# include +# include + +# ifdef CHARSET_EBCDIC +# include +# endif + +/* + * Resolve problems on some operating systems with symbol names that clash + * one way or another + */ +# include + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# include +# endif + +#ifdef __cplusplus +extern "C" { +#endif + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define SSLeay OpenSSL_version_num +# define SSLeay_version OpenSSL_version +# define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER +# define SSLEAY_VERSION OPENSSL_VERSION +# define SSLEAY_CFLAGS OPENSSL_CFLAGS +# define SSLEAY_BUILT_ON OPENSSL_BUILT_ON +# define SSLEAY_PLATFORM OPENSSL_PLATFORM +# define SSLEAY_DIR OPENSSL_DIR + +/* + * Old type for allocating dynamic locks. No longer used. Use the new thread + * API instead. + */ +typedef struct { + int dummy; +} CRYPTO_dynlock; + +# endif /* OPENSSL_NO_DEPRECATED_1_1_0 */ + +typedef void CRYPTO_RWLOCK; + +CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void); +int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock); +int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock); +int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock); +void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock); + +int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock); + +/* No longer needed, so this is a no-op */ +#define OPENSSL_malloc_init() while(0) continue + +# define OPENSSL_malloc(num) \ + CRYPTO_malloc(num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_zalloc(num) \ + CRYPTO_zalloc(num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_realloc(addr, num) \ + CRYPTO_realloc(addr, num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_clear_realloc(addr, old_num, num) \ + CRYPTO_clear_realloc(addr, old_num, num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_clear_free(addr, num) \ + CRYPTO_clear_free(addr, num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_free(addr) \ + CRYPTO_free(addr, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_memdup(str, s) \ + CRYPTO_memdup((str), s, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_strdup(str) \ + CRYPTO_strdup(str, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_strndup(str, n) \ + CRYPTO_strndup(str, n, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_secure_malloc(num) \ + CRYPTO_secure_malloc(num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_secure_zalloc(num) \ + CRYPTO_secure_zalloc(num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_secure_free(addr) \ + CRYPTO_secure_free(addr, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_secure_clear_free(addr, num) \ + CRYPTO_secure_clear_free(addr, num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_secure_actual_size(ptr) \ + CRYPTO_secure_actual_size(ptr) + +size_t OPENSSL_strlcpy(char *dst, const char *src, size_t siz); +size_t OPENSSL_strlcat(char *dst, const char *src, size_t siz); +size_t OPENSSL_strnlen(const char *str, size_t maxlen); +int OPENSSL_buf2hexstr_ex(char *str, size_t str_n, size_t *strlen, + const unsigned char *buf, size_t buflen); +char *OPENSSL_buf2hexstr(const unsigned char *buf, long buflen); +int OPENSSL_hexstr2buf_ex(unsigned char *buf, size_t buf_n, size_t *buflen, + const char *str); +unsigned char *OPENSSL_hexstr2buf(const char *str, long *buflen); +int OPENSSL_hexchar2int(unsigned char c); + +# define OPENSSL_MALLOC_MAX_NELEMS(type) (((1U<<(sizeof(int)*8-1))-1)/sizeof(type)) + +/* + * These functions return the values of OPENSSL_VERSION_MAJOR, + * OPENSSL_VERSION_MINOR, OPENSSL_VERSION_PATCH, OPENSSL_VERSION_PRE_RELEASE + * and OPENSSL_VERSION_BUILD_METADATA, respectively. + */ +unsigned int OPENSSL_version_major(void); +unsigned int OPENSSL_version_minor(void); +unsigned int OPENSSL_version_patch(void); +const char *OPENSSL_version_pre_release(void); +const char *OPENSSL_version_build_metadata(void); + +unsigned long OpenSSL_version_num(void); +const char *OpenSSL_version(int type); +# define OPENSSL_VERSION 0 +# define OPENSSL_CFLAGS 1 +# define OPENSSL_BUILT_ON 2 +# define OPENSSL_PLATFORM 3 +# define OPENSSL_DIR 4 +# define OPENSSL_ENGINES_DIR 5 +# define OPENSSL_VERSION_STRING 6 +# define OPENSSL_FULL_VERSION_STRING 7 +# define OPENSSL_MODULES_DIR 8 +# define OPENSSL_CPU_INFO 9 + +const char *OPENSSL_info(int type); +/* + * The series starts at 1001 to avoid confusion with the OpenSSL_version + * types. + */ +# define OPENSSL_INFO_CONFIG_DIR 1001 +# define OPENSSL_INFO_ENGINES_DIR 1002 +# define OPENSSL_INFO_MODULES_DIR 1003 +# define OPENSSL_INFO_DSO_EXTENSION 1004 +# define OPENSSL_INFO_DIR_FILENAME_SEPARATOR 1005 +# define OPENSSL_INFO_LIST_SEPARATOR 1006 +# define OPENSSL_INFO_SEED_SOURCE 1007 +# define OPENSSL_INFO_CPU_SETTINGS 1008 + +int OPENSSL_issetugid(void); + +struct crypto_ex_data_st { + OPENSSL_CTX *ctx; + STACK_OF(void) *sk; +}; +DEFINE_STACK_OF(void) + +/* + * Per class, we have a STACK of function pointers. + */ +# define CRYPTO_EX_INDEX_SSL 0 +# define CRYPTO_EX_INDEX_SSL_CTX 1 +# define CRYPTO_EX_INDEX_SSL_SESSION 2 +# define CRYPTO_EX_INDEX_X509 3 +# define CRYPTO_EX_INDEX_X509_STORE 4 +# define CRYPTO_EX_INDEX_X509_STORE_CTX 5 +# define CRYPTO_EX_INDEX_DH 6 +# define CRYPTO_EX_INDEX_DSA 7 +# define CRYPTO_EX_INDEX_EC_KEY 8 +# define CRYPTO_EX_INDEX_RSA 9 +# define CRYPTO_EX_INDEX_ENGINE 10 +# define CRYPTO_EX_INDEX_UI 11 +# define CRYPTO_EX_INDEX_BIO 12 +# define CRYPTO_EX_INDEX_APP 13 +# define CRYPTO_EX_INDEX_UI_METHOD 14 +# define CRYPTO_EX_INDEX_RAND_DRBG 15 +# define CRYPTO_EX_INDEX_DRBG CRYPTO_EX_INDEX_RAND_DRBG +# define CRYPTO_EX_INDEX_OPENSSL_CTX 16 +# define CRYPTO_EX_INDEX__COUNT 17 + +typedef void CRYPTO_EX_new (void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp); +typedef void CRYPTO_EX_free (void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp); +typedef int CRYPTO_EX_dup (CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, + void *from_d, int idx, long argl, void *argp); +__owur int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp, + CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, + CRYPTO_EX_free *free_func); +/* No longer use an index. */ +int CRYPTO_free_ex_index(int class_index, int idx); + +/* + * Initialise/duplicate/free CRYPTO_EX_DATA variables corresponding to a + * given class (invokes whatever per-class callbacks are applicable) + */ +int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad); +int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, + const CRYPTO_EX_DATA *from); + +void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad); + +/* Allocate a single item in the CRYPTO_EX_DATA variable */ +int CRYPTO_alloc_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad, + int idx); + +/* + * Get/set data in a CRYPTO_EX_DATA variable corresponding to a particular + * index (relative to the class type involved) + */ +int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val); +void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx); + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +/* + * This function cleans up all "ex_data" state. It mustn't be called under + * potential race-conditions. + */ +# define CRYPTO_cleanup_all_ex_data() while(0) continue + +/* + * The old locking functions have been removed completely without compatibility + * macros. This is because the old functions either could not properly report + * errors, or the returned error values were not clearly documented. + * Replacing the locking functions with no-ops would cause race condition + * issues in the affected applications. It is far better for them to fail at + * compile time. + * On the other hand, the locking callbacks are no longer used. Consequently, + * the callback management functions can be safely replaced with no-op macros. + */ +# define CRYPTO_num_locks() (1) +# define CRYPTO_set_locking_callback(func) +# define CRYPTO_get_locking_callback() (NULL) +# define CRYPTO_set_add_lock_callback(func) +# define CRYPTO_get_add_lock_callback() (NULL) + +/* + * These defines where used in combination with the old locking callbacks, + * they are not called anymore, but old code that's not called might still + * use them. + */ +# define CRYPTO_LOCK 1 +# define CRYPTO_UNLOCK 2 +# define CRYPTO_READ 4 +# define CRYPTO_WRITE 8 + +/* This structure is no longer used */ +typedef struct crypto_threadid_st { + int dummy; +} CRYPTO_THREADID; +/* Only use CRYPTO_THREADID_set_[numeric|pointer]() within callbacks */ +# define CRYPTO_THREADID_set_numeric(id, val) +# define CRYPTO_THREADID_set_pointer(id, ptr) +# define CRYPTO_THREADID_set_callback(threadid_func) (0) +# define CRYPTO_THREADID_get_callback() (NULL) +# define CRYPTO_THREADID_current(id) +# define CRYPTO_THREADID_cmp(a, b) (-1) +# define CRYPTO_THREADID_cpy(dest, src) +# define CRYPTO_THREADID_hash(id) (0UL) + +# ifndef OPENSSL_NO_DEPRECATED_1_0_0 +# define CRYPTO_set_id_callback(func) +# define CRYPTO_get_id_callback() (NULL) +# define CRYPTO_thread_id() (0UL) +# endif /* OPENSSL_NO_DEPRECATED_1_0_0 */ + +# define CRYPTO_set_dynlock_create_callback(dyn_create_function) +# define CRYPTO_set_dynlock_lock_callback(dyn_lock_function) +# define CRYPTO_set_dynlock_destroy_callback(dyn_destroy_function) +# define CRYPTO_get_dynlock_create_callback() (NULL) +# define CRYPTO_get_dynlock_lock_callback() (NULL) +# define CRYPTO_get_dynlock_destroy_callback() (NULL) +# endif /* OPENSSL_NO_DEPRECATED_1_1_0 */ + +typedef void *(*CRYPTO_malloc_fn)(size_t num, const char *file, int line); +typedef void *(*CRYPTO_realloc_fn)(void *addr, size_t num, const char *file, + int line); +typedef void (*CRYPTO_free_fn)(void *addr, const char *file, int line); +int CRYPTO_set_mem_functions(CRYPTO_malloc_fn malloc_fn, + CRYPTO_realloc_fn realloc_fn, + CRYPTO_free_fn free_fn); +void CRYPTO_get_mem_functions(CRYPTO_malloc_fn *malloc_fn, + CRYPTO_realloc_fn *realloc_fn, + CRYPTO_free_fn *free_fn); + +void *CRYPTO_malloc(size_t num, const char *file, int line); +void *CRYPTO_zalloc(size_t num, const char *file, int line); +void *CRYPTO_memdup(const void *str, size_t siz, const char *file, int line); +char *CRYPTO_strdup(const char *str, const char *file, int line); +char *CRYPTO_strndup(const char *str, size_t s, const char *file, int line); +void CRYPTO_free(void *ptr, const char *file, int line); +void CRYPTO_clear_free(void *ptr, size_t num, const char *file, int line); +void *CRYPTO_realloc(void *addr, size_t num, const char *file, int line); +void *CRYPTO_clear_realloc(void *addr, size_t old_num, size_t num, + const char *file, int line); + +int CRYPTO_secure_malloc_init(size_t sz, size_t minsize); +int CRYPTO_secure_malloc_done(void); +void *CRYPTO_secure_malloc(size_t num, const char *file, int line); +void *CRYPTO_secure_zalloc(size_t num, const char *file, int line); +void CRYPTO_secure_free(void *ptr, const char *file, int line); +void CRYPTO_secure_clear_free(void *ptr, size_t num, + const char *file, int line); +int CRYPTO_secure_allocated(const void *ptr); +int CRYPTO_secure_malloc_initialized(void); +size_t CRYPTO_secure_actual_size(void *ptr); +size_t CRYPTO_secure_used(void); + +void OPENSSL_cleanse(void *ptr, size_t len); + +# ifndef OPENSSL_NO_CRYPTO_MDEBUG +/* + * The following can be used to detect memory leaks in the library. If + * used, it turns on malloc checking + */ +# define CRYPTO_MEM_CHECK_OFF 0x0 /* Control only */ +# define CRYPTO_MEM_CHECK_ON 0x1 /* Control and mode bit */ +# define CRYPTO_MEM_CHECK_ENABLE 0x2 /* Control and mode bit */ +# define CRYPTO_MEM_CHECK_DISABLE 0x3 /* Control only */ + +void CRYPTO_get_alloc_counts(int *mcount, int *rcount, int *fcount); +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define OPENSSL_mem_debug_push(info) \ + CRYPTO_mem_debug_push(info, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_mem_debug_pop() \ + CRYPTO_mem_debug_pop() +# endif +DEPRECATEDIN_3_0(int CRYPTO_set_mem_debug(int flag)) +DEPRECATEDIN_3_0(int CRYPTO_mem_ctrl(int mode)) +DEPRECATEDIN_3_0(int CRYPTO_mem_debug_push(const char *info, + const char *file, int line)) +DEPRECATEDIN_3_0(int CRYPTO_mem_debug_pop(void)) + +DEPRECATEDIN_3_0(void CRYPTO_mem_debug_malloc(void *addr, size_t num, + int flag, + const char *file, int line)) +DEPRECATEDIN_3_0(void CRYPTO_mem_debug_realloc(void *addr1, void *addr2, + size_t num, int flag, + const char *file, int line)) +DEPRECATEDIN_3_0(void CRYPTO_mem_debug_free(void *addr, int flag, + const char *file, int line)) + +DEPRECATEDIN_3_0(int CRYPTO_mem_leaks_cb( + int (*cb)(const char *str, size_t len, void *u), void *u)) +# ifndef OPENSSL_NO_STDIO +DEPRECATEDIN_3_0(int CRYPTO_mem_leaks_fp(FILE *)) +# endif +DEPRECATEDIN_3_0(int CRYPTO_mem_leaks(BIO *bio)) +# endif /* OPENSSL_NO_CRYPTO_MDEBUG */ + +/* die if we have to */ +ossl_noreturn void OPENSSL_die(const char *assertion, const char *file, int line); +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define OpenSSLDie(f,l,a) OPENSSL_die((a),(f),(l)) +# endif +# define OPENSSL_assert(e) \ + (void)((e) ? 0 : (OPENSSL_die("assertion failed: " #e, OPENSSL_FILE, OPENSSL_LINE), 1)) + +int OPENSSL_isservice(void); + +int FIPS_mode(void); +int FIPS_mode_set(int r); + +void OPENSSL_init(void); +# ifdef OPENSSL_SYS_UNIX +void OPENSSL_fork_prepare(void); +void OPENSSL_fork_parent(void); +void OPENSSL_fork_child(void); +# endif + +struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result); +int OPENSSL_gmtime_adj(struct tm *tm, int offset_day, long offset_sec); +int OPENSSL_gmtime_diff(int *pday, int *psec, + const struct tm *from, const struct tm *to); + +/* + * CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. + * It takes an amount of time dependent on |len|, but independent of the + * contents of |a| and |b|. Unlike memcmp, it cannot be used to put elements + * into a defined order as the return value when a != b is undefined, other + * than to be non-zero. + */ +int CRYPTO_memcmp(const void * in_a, const void * in_b, size_t len); + +/* Standard initialisation options */ +# define OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS 0x00000001L +# define OPENSSL_INIT_LOAD_CRYPTO_STRINGS 0x00000002L +# define OPENSSL_INIT_ADD_ALL_CIPHERS 0x00000004L +# define OPENSSL_INIT_ADD_ALL_DIGESTS 0x00000008L +# define OPENSSL_INIT_NO_ADD_ALL_CIPHERS 0x00000010L +# define OPENSSL_INIT_NO_ADD_ALL_DIGESTS 0x00000020L +# define OPENSSL_INIT_LOAD_CONFIG 0x00000040L +# define OPENSSL_INIT_NO_LOAD_CONFIG 0x00000080L +# define OPENSSL_INIT_ASYNC 0x00000100L +# define OPENSSL_INIT_ENGINE_RDRAND 0x00000200L +# define OPENSSL_INIT_ENGINE_DYNAMIC 0x00000400L +# define OPENSSL_INIT_ENGINE_OPENSSL 0x00000800L +# define OPENSSL_INIT_ENGINE_CRYPTODEV 0x00001000L +# define OPENSSL_INIT_ENGINE_CAPI 0x00002000L +# define OPENSSL_INIT_ENGINE_PADLOCK 0x00004000L +# define OPENSSL_INIT_ENGINE_AFALG 0x00008000L +/* OPENSSL_INIT_ZLIB 0x00010000L */ +# define OPENSSL_INIT_ATFORK 0x00020000L +/* OPENSSL_INIT_BASE_ONLY 0x00040000L */ +# define OPENSSL_INIT_NO_ATEXIT 0x00080000L +/* OPENSSL_INIT flag range 0x03f00000 reserved for OPENSSL_init_ssl() */ +/* FREE: 0x04000000L */ +/* FREE: 0x08000000L */ +/* FREE: 0x10000000L */ +/* FREE: 0x20000000L */ +/* FREE: 0x40000000L */ +/* FREE: 0x80000000L */ +/* Max OPENSSL_INIT flag value is 0x80000000 */ + +/* openssl and dasync not counted as builtin */ +# define OPENSSL_INIT_ENGINE_ALL_BUILTIN \ + (OPENSSL_INIT_ENGINE_RDRAND | OPENSSL_INIT_ENGINE_DYNAMIC \ + | OPENSSL_INIT_ENGINE_CRYPTODEV | OPENSSL_INIT_ENGINE_CAPI | \ + OPENSSL_INIT_ENGINE_PADLOCK) + + +/* Library initialisation functions */ +void OPENSSL_cleanup(void); +int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); +int OPENSSL_atexit(void (*handler)(void)); +void OPENSSL_thread_stop(void); +void OPENSSL_thread_stop_ex(OPENSSL_CTX *ctx); + +/* Low-level control of initialization */ +OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void); +# ifndef OPENSSL_NO_STDIO +int OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *settings, + const char *config_filename); +void OPENSSL_INIT_set_config_file_flags(OPENSSL_INIT_SETTINGS *settings, + unsigned long flags); +int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *settings, + const char *config_appname); +# endif +void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *settings); + +# if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG) +# if defined(_WIN32) +# if defined(BASETYPES) || defined(_WINDEF_H) +/* application has to include in order to use this */ +typedef DWORD CRYPTO_THREAD_LOCAL; +typedef DWORD CRYPTO_THREAD_ID; + +typedef LONG CRYPTO_ONCE; +# define CRYPTO_ONCE_STATIC_INIT 0 +# endif +# else +# include +typedef pthread_once_t CRYPTO_ONCE; +typedef pthread_key_t CRYPTO_THREAD_LOCAL; +typedef pthread_t CRYPTO_THREAD_ID; + +# define CRYPTO_ONCE_STATIC_INIT PTHREAD_ONCE_INIT +# endif +# endif + +# if !defined(CRYPTO_ONCE_STATIC_INIT) +typedef unsigned int CRYPTO_ONCE; +typedef unsigned int CRYPTO_THREAD_LOCAL; +typedef unsigned int CRYPTO_THREAD_ID; +# define CRYPTO_ONCE_STATIC_INIT 0 +# endif + +int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void)); + +int CRYPTO_THREAD_init_local(CRYPTO_THREAD_LOCAL *key, void (*cleanup)(void *)); +void *CRYPTO_THREAD_get_local(CRYPTO_THREAD_LOCAL *key); +int CRYPTO_THREAD_set_local(CRYPTO_THREAD_LOCAL *key, void *val); +int CRYPTO_THREAD_cleanup_local(CRYPTO_THREAD_LOCAL *key); + +CRYPTO_THREAD_ID CRYPTO_THREAD_get_current_id(void); +int CRYPTO_THREAD_compare_id(CRYPTO_THREAD_ID a, CRYPTO_THREAD_ID b); + +OPENSSL_CTX *OPENSSL_CTX_new(void); +void OPENSSL_CTX_free(OPENSSL_CTX *); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/linux_amd64/ssl/include/openssl/cryptoerr.h b/linux_amd64/ssl/include/openssl/cryptoerr.h new file mode 100644 index 0000000..ae146c4 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/cryptoerr.h @@ -0,0 +1,105 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_CRYPTOERR_H +# define OPENSSL_CRYPTOERR_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_CRYPTOERR_H +# endif + +# include +# include + + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_CRYPTO_strings(void); + +/* + * CRYPTO function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define CRYPTO_F_CMAC_CTX_NEW 0 +# define CRYPTO_F_CRYPTO_DUP_EX_DATA 0 +# define CRYPTO_F_CRYPTO_FREE_EX_DATA 0 +# define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX 0 +# define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX_EX 0 +# define CRYPTO_F_CRYPTO_MEMDUP 0 +# define CRYPTO_F_CRYPTO_NEW_EX_DATA 0 +# define CRYPTO_F_CRYPTO_NEW_EX_DATA_EX 0 +# define CRYPTO_F_CRYPTO_OCB128_COPY_CTX 0 +# define CRYPTO_F_CRYPTO_OCB128_INIT 0 +# define CRYPTO_F_CRYPTO_SET_EX_DATA 0 +# define CRYPTO_F_FIPS_MODE_SET 0 +# define CRYPTO_F_GET_AND_LOCK 0 +# define CRYPTO_F_GET_PROVIDER_STORE 0 +# define CRYPTO_F_OPENSSL_ATEXIT 0 +# define CRYPTO_F_OPENSSL_BUF2HEXSTR 0 +# define CRYPTO_F_OPENSSL_BUF2HEXSTR_EX 0 +# define CRYPTO_F_OPENSSL_FOPEN 0 +# define CRYPTO_F_OPENSSL_HEXSTR2BUF 0 +# define CRYPTO_F_OPENSSL_HEXSTR2BUF_EX 0 +# define CRYPTO_F_OPENSSL_INIT_CRYPTO 0 +# define CRYPTO_F_OPENSSL_LH_NEW 0 +# define CRYPTO_F_OPENSSL_SK_DEEP_COPY 0 +# define CRYPTO_F_OPENSSL_SK_DUP 0 +# define CRYPTO_F_OSSL_PARAM_BLD_PUSH_BN 0 +# define CRYPTO_F_OSSL_PARAM_BLD_PUSH_OCTET_PTR 0 +# define CRYPTO_F_OSSL_PARAM_BLD_PUSH_OCTET_STRING 0 +# define CRYPTO_F_OSSL_PARAM_BLD_PUSH_UTF8_PTR 0 +# define CRYPTO_F_OSSL_PARAM_BLD_PUSH_UTF8_STRING 0 +# define CRYPTO_F_OSSL_PARAM_BLD_TO_PARAM 0 +# define CRYPTO_F_OSSL_PARAM_BLD_TO_PARAM_EX 0 +# define CRYPTO_F_OSSL_PARAM_TYPE_TO_PARAM 0 +# define CRYPTO_F_OSSL_PROVIDER_ACTIVATE 0 +# define CRYPTO_F_OSSL_PROVIDER_ADD_BUILTIN 0 +# define CRYPTO_F_OSSL_PROVIDER_ADD_PARAMETER 0 +# define CRYPTO_F_OSSL_PROVIDER_NEW 0 +# define CRYPTO_F_OSSL_PROVIDER_SET_MODULE_PATH 0 +# define CRYPTO_F_PARAM_PUSH 0 +# define CRYPTO_F_PARAM_PUSH_NUM 0 +# define CRYPTO_F_PKEY_HMAC_INIT 0 +# define CRYPTO_F_PKEY_POLY1305_INIT 0 +# define CRYPTO_F_PKEY_SIPHASH_INIT 0 +# define CRYPTO_F_PROVIDER_ACTIVATE 0 +# define CRYPTO_F_PROVIDER_CONF_INIT 0 +# define CRYPTO_F_PROVIDER_CONF_LOAD 0 +# define CRYPTO_F_PROVIDER_NEW 0 +# define CRYPTO_F_PROVIDER_STORE_NEW 0 +# define CRYPTO_F_SK_RESERVE 0 +# endif + +/* + * CRYPTO reason codes. + */ +# define CRYPTO_R_BAD_ALGORITHM_NAME 117 +# define CRYPTO_R_CONFLICTING_NAMES 118 +# define CRYPTO_R_FIPS_MODE_NOT_SUPPORTED 101 +# define CRYPTO_R_ILLEGAL_HEX_DIGIT 102 +# define CRYPTO_R_INSUFFICIENT_DATA_SPACE 106 +# define CRYPTO_R_INSUFFICIENT_PARAM_SIZE 107 +# define CRYPTO_R_INSUFFICIENT_SECURE_DATA_SPACE 108 +# define CRYPTO_R_INVALID_NULL_ARGUMENT 109 +# define CRYPTO_R_INVALID_OSSL_PARAM_TYPE 110 +# define CRYPTO_R_ODD_NUMBER_OF_DIGITS 103 +# define CRYPTO_R_PROVIDER_ALREADY_EXISTS 104 +# define CRYPTO_R_PROVIDER_SECTION_ERROR 105 +# define CRYPTO_R_SECURE_MALLOC_FAILURE 111 +# define CRYPTO_R_STRING_TOO_LONG 112 +# define CRYPTO_R_TOO_MANY_BYTES 113 +# define CRYPTO_R_TOO_MANY_RECORDS 114 +# define CRYPTO_R_TOO_SMALL_BUFFER 116 +# define CRYPTO_R_ZERO_LENGTH_NUMBER 115 + +#endif diff --git a/linux_amd64/ssl/include/openssl/ct.h b/linux_amd64/ssl/include/openssl/ct.h new file mode 100644 index 0000000..b7c211d --- /dev/null +++ b/linux_amd64/ssl/include/openssl/ct.h @@ -0,0 +1,480 @@ +/* + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_CT_H +# define OPENSSL_CT_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_CT_H +# endif + +# include + +# ifndef OPENSSL_NO_CT +# include +# include +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + + +/* Minimum RSA key size, from RFC6962 */ +# define SCT_MIN_RSA_BITS 2048 + +/* All hashes are SHA256 in v1 of Certificate Transparency */ +# define CT_V1_HASHLEN SHA256_DIGEST_LENGTH + +typedef enum { + CT_LOG_ENTRY_TYPE_NOT_SET = -1, + CT_LOG_ENTRY_TYPE_X509 = 0, + CT_LOG_ENTRY_TYPE_PRECERT = 1 +} ct_log_entry_type_t; + +typedef enum { + SCT_VERSION_NOT_SET = -1, + SCT_VERSION_V1 = 0 +} sct_version_t; + +typedef enum { + SCT_SOURCE_UNKNOWN, + SCT_SOURCE_TLS_EXTENSION, + SCT_SOURCE_X509V3_EXTENSION, + SCT_SOURCE_OCSP_STAPLED_RESPONSE +} sct_source_t; + +typedef enum { + SCT_VALIDATION_STATUS_NOT_SET, + SCT_VALIDATION_STATUS_UNKNOWN_LOG, + SCT_VALIDATION_STATUS_VALID, + SCT_VALIDATION_STATUS_INVALID, + SCT_VALIDATION_STATUS_UNVERIFIED, + SCT_VALIDATION_STATUS_UNKNOWN_VERSION +} sct_validation_status_t; + +DEFINE_STACK_OF(SCT) +DEFINE_STACK_OF(CTLOG) + +/****************************************** + * CT policy evaluation context functions * + ******************************************/ + +/* + * Creates a new, empty policy evaluation context. + * The caller is responsible for calling CT_POLICY_EVAL_CTX_free when finished + * with the CT_POLICY_EVAL_CTX. + */ +CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void); + +/* Deletes a policy evaluation context and anything it owns. */ +void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx); + +/* Gets the peer certificate that the SCTs are for */ +X509* CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx); + +/* + * Sets the certificate associated with the received SCTs. + * Increments the reference count of cert. + * Returns 1 on success, 0 otherwise. + */ +int CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert); + +/* Gets the issuer of the aforementioned certificate */ +X509* CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx); + +/* + * Sets the issuer of the certificate associated with the received SCTs. + * Increments the reference count of issuer. + * Returns 1 on success, 0 otherwise. + */ +int CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer); + +/* Gets the CT logs that are trusted sources of SCTs */ +const CTLOG_STORE *CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX *ctx); + +/* Sets the log store that is in use. It must outlive the CT_POLICY_EVAL_CTX. */ +void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx, + CTLOG_STORE *log_store); + +/* + * Gets the time, in milliseconds since the Unix epoch, that will be used as the + * current time when checking whether an SCT was issued in the future. + * Such SCTs will fail validation, as required by RFC6962. + */ +uint64_t CT_POLICY_EVAL_CTX_get_time(const CT_POLICY_EVAL_CTX *ctx); + +/* + * Sets the time to evaluate SCTs against, in milliseconds since the Unix epoch. + * If an SCT's timestamp is after this time, it will be interpreted as having + * been issued in the future. RFC6962 states that "TLS clients MUST reject SCTs + * whose timestamp is in the future", so an SCT will not validate in this case. + */ +void CT_POLICY_EVAL_CTX_set_time(CT_POLICY_EVAL_CTX *ctx, uint64_t time_in_ms); + +/***************** + * SCT functions * + *****************/ + +/* + * Creates a new, blank SCT. + * The caller is responsible for calling SCT_free when finished with the SCT. + */ +SCT *SCT_new(void); + +/* + * Creates a new SCT from some base64-encoded strings. + * The caller is responsible for calling SCT_free when finished with the SCT. + */ +SCT *SCT_new_from_base64(unsigned char version, + const char *logid_base64, + ct_log_entry_type_t entry_type, + uint64_t timestamp, + const char *extensions_base64, + const char *signature_base64); + +/* + * Frees the SCT and the underlying data structures. + */ +void SCT_free(SCT *sct); + +/* + * Free a stack of SCTs, and the underlying SCTs themselves. + * Intended to be compatible with X509V3_EXT_FREE. + */ +void SCT_LIST_free(STACK_OF(SCT) *a); + +/* + * Returns the version of the SCT. + */ +sct_version_t SCT_get_version(const SCT *sct); + +/* + * Set the version of an SCT. + * Returns 1 on success, 0 if the version is unrecognized. + */ +__owur int SCT_set_version(SCT *sct, sct_version_t version); + +/* + * Returns the log entry type of the SCT. + */ +ct_log_entry_type_t SCT_get_log_entry_type(const SCT *sct); + +/* + * Set the log entry type of an SCT. + * Returns 1 on success, 0 otherwise. + */ +__owur int SCT_set_log_entry_type(SCT *sct, ct_log_entry_type_t entry_type); + +/* + * Gets the ID of the log that an SCT came from. + * Ownership of the log ID remains with the SCT. + * Returns the length of the log ID. + */ +size_t SCT_get0_log_id(const SCT *sct, unsigned char **log_id); + +/* + * Set the log ID of an SCT to point directly to the *log_id specified. + * The SCT takes ownership of the specified pointer. + * Returns 1 on success, 0 otherwise. + */ +__owur int SCT_set0_log_id(SCT *sct, unsigned char *log_id, size_t log_id_len); + +/* + * Set the log ID of an SCT. + * This makes a copy of the log_id. + * Returns 1 on success, 0 otherwise. + */ +__owur int SCT_set1_log_id(SCT *sct, const unsigned char *log_id, + size_t log_id_len); + +/* + * Returns the timestamp for the SCT (epoch time in milliseconds). + */ +uint64_t SCT_get_timestamp(const SCT *sct); + +/* + * Set the timestamp of an SCT (epoch time in milliseconds). + */ +void SCT_set_timestamp(SCT *sct, uint64_t timestamp); + +/* + * Return the NID for the signature used by the SCT. + * For CT v1, this will be either NID_sha256WithRSAEncryption or + * NID_ecdsa_with_SHA256 (or NID_undef if incorrect/unset). + */ +int SCT_get_signature_nid(const SCT *sct); + +/* + * Set the signature type of an SCT + * For CT v1, this should be either NID_sha256WithRSAEncryption or + * NID_ecdsa_with_SHA256. + * Returns 1 on success, 0 otherwise. + */ +__owur int SCT_set_signature_nid(SCT *sct, int nid); + +/* + * Set *ext to point to the extension data for the SCT. ext must not be NULL. + * The SCT retains ownership of this pointer. + * Returns length of the data pointed to. + */ +size_t SCT_get0_extensions(const SCT *sct, unsigned char **ext); + +/* + * Set the extensions of an SCT to point directly to the *ext specified. + * The SCT takes ownership of the specified pointer. + */ +void SCT_set0_extensions(SCT *sct, unsigned char *ext, size_t ext_len); + +/* + * Set the extensions of an SCT. + * This takes a copy of the ext. + * Returns 1 on success, 0 otherwise. + */ +__owur int SCT_set1_extensions(SCT *sct, const unsigned char *ext, + size_t ext_len); + +/* + * Set *sig to point to the signature for the SCT. sig must not be NULL. + * The SCT retains ownership of this pointer. + * Returns length of the data pointed to. + */ +size_t SCT_get0_signature(const SCT *sct, unsigned char **sig); + +/* + * Set the signature of an SCT to point directly to the *sig specified. + * The SCT takes ownership of the specified pointer. + */ +void SCT_set0_signature(SCT *sct, unsigned char *sig, size_t sig_len); + +/* + * Set the signature of an SCT to be a copy of the *sig specified. + * Returns 1 on success, 0 otherwise. + */ +__owur int SCT_set1_signature(SCT *sct, const unsigned char *sig, + size_t sig_len); + +/* + * The origin of this SCT, e.g. TLS extension, OCSP response, etc. + */ +sct_source_t SCT_get_source(const SCT *sct); + +/* + * Set the origin of this SCT, e.g. TLS extension, OCSP response, etc. + * Returns 1 on success, 0 otherwise. + */ +__owur int SCT_set_source(SCT *sct, sct_source_t source); + +/* + * Returns a text string describing the validation status of |sct|. + */ +const char *SCT_validation_status_string(const SCT *sct); + +/* + * Pretty-prints an |sct| to |out|. + * It will be indented by the number of spaces specified by |indent|. + * If |logs| is not NULL, it will be used to lookup the CT log that the SCT came + * from, so that the log name can be printed. + */ +void SCT_print(const SCT *sct, BIO *out, int indent, const CTLOG_STORE *logs); + +/* + * Pretty-prints an |sct_list| to |out|. + * It will be indented by the number of spaces specified by |indent|. + * SCTs will be delimited by |separator|. + * If |logs| is not NULL, it will be used to lookup the CT log that each SCT + * came from, so that the log names can be printed. + */ +void SCT_LIST_print(const STACK_OF(SCT) *sct_list, BIO *out, int indent, + const char *separator, const CTLOG_STORE *logs); + +/* + * Gets the last result of validating this SCT. + * If it has not been validated yet, returns SCT_VALIDATION_STATUS_NOT_SET. + */ +sct_validation_status_t SCT_get_validation_status(const SCT *sct); + +/* + * Validates the given SCT with the provided context. + * Sets the "validation_status" field of the SCT. + * Returns 1 if the SCT is valid and the signature verifies. + * Returns 0 if the SCT is invalid or could not be verified. + * Returns -1 if an error occurs. + */ +__owur int SCT_validate(SCT *sct, const CT_POLICY_EVAL_CTX *ctx); + +/* + * Validates the given list of SCTs with the provided context. + * Sets the "validation_status" field of each SCT. + * Returns 1 if there are no invalid SCTs and all signatures verify. + * Returns 0 if at least one SCT is invalid or could not be verified. + * Returns a negative integer if an error occurs. + */ +__owur int SCT_LIST_validate(const STACK_OF(SCT) *scts, + CT_POLICY_EVAL_CTX *ctx); + + +/********************************* + * SCT parsing and serialisation * + *********************************/ + +/* + * Serialize (to TLS format) a stack of SCTs and return the length. + * "a" must not be NULL. + * If "pp" is NULL, just return the length of what would have been serialized. + * If "pp" is not NULL and "*pp" is null, function will allocate a new pointer + * for data that caller is responsible for freeing (only if function returns + * successfully). + * If "pp" is NULL and "*pp" is not NULL, caller is responsible for ensuring + * that "*pp" is large enough to accept all of the serialized data. + * Returns < 0 on error, >= 0 indicating bytes written (or would have been) + * on success. + */ +__owur int i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp); + +/* + * Convert TLS format SCT list to a stack of SCTs. + * If "a" or "*a" is NULL, a new stack will be created that the caller is + * responsible for freeing (by calling SCT_LIST_free). + * "**pp" and "*pp" must not be NULL. + * Upon success, "*pp" will point to after the last bytes read, and a stack + * will be returned. + * Upon failure, a NULL pointer will be returned, and the position of "*pp" is + * not defined. + */ +STACK_OF(SCT) *o2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, + size_t len); + +/* + * Serialize (to DER format) a stack of SCTs and return the length. + * "a" must not be NULL. + * If "pp" is NULL, just returns the length of what would have been serialized. + * If "pp" is not NULL and "*pp" is null, function will allocate a new pointer + * for data that caller is responsible for freeing (only if function returns + * successfully). + * If "pp" is NULL and "*pp" is not NULL, caller is responsible for ensuring + * that "*pp" is large enough to accept all of the serialized data. + * Returns < 0 on error, >= 0 indicating bytes written (or would have been) + * on success. + */ +__owur int i2d_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp); + +/* + * Parses an SCT list in DER format and returns it. + * If "a" or "*a" is NULL, a new stack will be created that the caller is + * responsible for freeing (by calling SCT_LIST_free). + * "**pp" and "*pp" must not be NULL. + * Upon success, "*pp" will point to after the last bytes read, and a stack + * will be returned. + * Upon failure, a NULL pointer will be returned, and the position of "*pp" is + * not defined. + */ +STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, + long len); + +/* + * Serialize (to TLS format) an |sct| and write it to |out|. + * If |out| is null, no SCT will be output but the length will still be returned. + * If |out| points to a null pointer, a string will be allocated to hold the + * TLS-format SCT. It is the responsibility of the caller to free it. + * If |out| points to an allocated string, the TLS-format SCT will be written + * to it. + * The length of the SCT in TLS format will be returned. + */ +__owur int i2o_SCT(const SCT *sct, unsigned char **out); + +/* + * Parses an SCT in TLS format and returns it. + * If |psct| is not null, it will end up pointing to the parsed SCT. If it + * already points to a non-null pointer, the pointer will be free'd. + * |in| should be a pointer to a string containing the TLS-format SCT. + * |in| will be advanced to the end of the SCT if parsing succeeds. + * |len| should be the length of the SCT in |in|. + * Returns NULL if an error occurs. + * If the SCT is an unsupported version, only the SCT's 'sct' and 'sct_len' + * fields will be populated (with |in| and |len| respectively). + */ +SCT *o2i_SCT(SCT **psct, const unsigned char **in, size_t len); + +/******************** + * CT log functions * + ********************/ + +/* + * Creates a new CT log instance with the given |public_key| and |name|. + * Takes ownership of |public_key| but copies |name|. + * Returns NULL if malloc fails or if |public_key| cannot be converted to DER. + * Should be deleted by the caller using CTLOG_free when no longer needed. + */ +CTLOG *CTLOG_new(EVP_PKEY *public_key, const char *name); + +/* + * Creates a new CTLOG instance with the base64-encoded SubjectPublicKeyInfo DER + * in |pkey_base64|. The |name| is a string to help users identify this log. + * Returns 1 on success, 0 on failure. + * Should be deleted by the caller using CTLOG_free when no longer needed. + */ +int CTLOG_new_from_base64(CTLOG ** ct_log, + const char *pkey_base64, const char *name); + +/* + * Deletes a CT log instance and its fields. + */ +void CTLOG_free(CTLOG *log); + +/* Gets the name of the CT log */ +const char *CTLOG_get0_name(const CTLOG *log); +/* Gets the ID of the CT log */ +void CTLOG_get0_log_id(const CTLOG *log, const uint8_t **log_id, + size_t *log_id_len); +/* Gets the public key of the CT log */ +EVP_PKEY *CTLOG_get0_public_key(const CTLOG *log); + +/************************** + * CT log store functions * + **************************/ + +/* + * Creates a new CT log store. + * Should be deleted by the caller using CTLOG_STORE_free when no longer needed. + */ +CTLOG_STORE *CTLOG_STORE_new(void); + +/* + * Deletes a CT log store and all of the CT log instances held within. + */ +void CTLOG_STORE_free(CTLOG_STORE *store); + +/* + * Finds a CT log in the store based on its log ID. + * Returns the CT log, or NULL if no match is found. + */ +const CTLOG *CTLOG_STORE_get0_log_by_id(const CTLOG_STORE *store, + const uint8_t *log_id, + size_t log_id_len); + +/* + * Loads a CT log list into a |store| from a |file|. + * Returns 1 if loading is successful, or 0 otherwise. + */ +__owur int CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file); + +/* + * Loads the default CT log list into a |store|. + * Returns 1 if loading is successful, or 0 otherwise. + */ +__owur int CTLOG_STORE_load_default_file(CTLOG_STORE *store); + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/linux_amd64/ssl/include/openssl/cterr.h b/linux_amd64/ssl/include/openssl/cterr.h new file mode 100644 index 0000000..b0d904e --- /dev/null +++ b/linux_amd64/ssl/include/openssl/cterr.h @@ -0,0 +1,88 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_CTERR_H +# define OPENSSL_CTERR_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_CTERR_H +# endif + +# include +# include + + +# include + +# ifndef OPENSSL_NO_CT + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_CT_strings(void); + +/* + * CT function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define CT_F_CTLOG_NEW 0 +# define CT_F_CTLOG_NEW_FROM_BASE64 0 +# define CT_F_CTLOG_NEW_FROM_CONF 0 +# define CT_F_CTLOG_STORE_LOAD_CTX_NEW 0 +# define CT_F_CTLOG_STORE_LOAD_FILE 0 +# define CT_F_CTLOG_STORE_LOAD_LOG 0 +# define CT_F_CTLOG_STORE_NEW 0 +# define CT_F_CT_BASE64_DECODE 0 +# define CT_F_CT_POLICY_EVAL_CTX_NEW 0 +# define CT_F_CT_V1_LOG_ID_FROM_PKEY 0 +# define CT_F_I2O_SCT 0 +# define CT_F_I2O_SCT_LIST 0 +# define CT_F_I2O_SCT_SIGNATURE 0 +# define CT_F_O2I_SCT 0 +# define CT_F_O2I_SCT_LIST 0 +# define CT_F_O2I_SCT_SIGNATURE 0 +# define CT_F_SCT_CTX_NEW 0 +# define CT_F_SCT_CTX_VERIFY 0 +# define CT_F_SCT_NEW 0 +# define CT_F_SCT_NEW_FROM_BASE64 0 +# define CT_F_SCT_SET0_LOG_ID 0 +# define CT_F_SCT_SET1_EXTENSIONS 0 +# define CT_F_SCT_SET1_LOG_ID 0 +# define CT_F_SCT_SET1_SIGNATURE 0 +# define CT_F_SCT_SET_LOG_ENTRY_TYPE 0 +# define CT_F_SCT_SET_SIGNATURE_NID 0 +# define CT_F_SCT_SET_VERSION 0 +# endif + +/* + * CT reason codes. + */ +# define CT_R_BASE64_DECODE_ERROR 108 +# define CT_R_INVALID_LOG_ID_LENGTH 100 +# define CT_R_LOG_CONF_INVALID 109 +# define CT_R_LOG_CONF_INVALID_KEY 110 +# define CT_R_LOG_CONF_MISSING_DESCRIPTION 111 +# define CT_R_LOG_CONF_MISSING_KEY 112 +# define CT_R_LOG_KEY_INVALID 113 +# define CT_R_SCT_FUTURE_TIMESTAMP 116 +# define CT_R_SCT_INVALID 104 +# define CT_R_SCT_INVALID_SIGNATURE 107 +# define CT_R_SCT_LIST_INVALID 105 +# define CT_R_SCT_LOG_ID_MISMATCH 114 +# define CT_R_SCT_NOT_SET 106 +# define CT_R_SCT_UNSUPPORTED_VERSION 115 +# define CT_R_UNRECOGNIZED_SIGNATURE_NID 101 +# define CT_R_UNSUPPORTED_ENTRY_TYPE 102 +# define CT_R_UNSUPPORTED_VERSION 103 + +# endif +#endif diff --git a/linux_amd64/ssl/include/openssl/des.h b/linux_amd64/ssl/include/openssl/des.h new file mode 100644 index 0000000..bd5d5b4 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/des.h @@ -0,0 +1,207 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_DES_H +# define OPENSSL_DES_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_DES_H +# endif + +# include + +# ifndef OPENSSL_NO_DES +# ifdef __cplusplus +extern "C" { +# endif +# include + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +typedef unsigned int DES_LONG; + +# ifdef OPENSSL_BUILD_SHLIBCRYPTO +# undef OPENSSL_EXTERN +# define OPENSSL_EXTERN OPENSSL_EXPORT +# endif + +typedef unsigned char DES_cblock[8]; +typedef /* const */ unsigned char const_DES_cblock[8]; +/* + * With "const", gcc 2.8.1 on Solaris thinks that DES_cblock * and + * const_DES_cblock * are incompatible pointer types. + */ + +typedef struct DES_ks { + union { + DES_cblock cblock; + /* + * make sure things are correct size on machines with 8 byte longs + */ + DES_LONG deslong[2]; + } ks[16]; +} DES_key_schedule; + +# define DES_KEY_SZ (sizeof(DES_cblock)) +# define DES_SCHEDULE_SZ (sizeof(DES_key_schedule)) + +# define DES_ENCRYPT 1 +# define DES_DECRYPT 0 + +# define DES_CBC_MODE 0 +# define DES_PCBC_MODE 1 + +# define DES_ecb2_encrypt(i,o,k1,k2,e) \ + DES_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e)) + +# define DES_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \ + DES_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e)) + +# define DES_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \ + DES_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e)) + +# define DES_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \ + DES_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n)) + +# define DES_fixup_key_parity DES_set_odd_parity +# endif + +DEPRECATEDIN_3_0(const char *DES_options(void)) +DEPRECATEDIN_3_0(void DES_ecb3_encrypt(const_DES_cblock *input, + DES_cblock *output, + DES_key_schedule *ks1, + DES_key_schedule *ks2, + DES_key_schedule *ks3, int enc)) +DEPRECATEDIN_3_0(DES_LONG DES_cbc_cksum(const unsigned char *input, + DES_cblock *output, long length, + DES_key_schedule *schedule, + const_DES_cblock *ivec)) +/* DES_cbc_encrypt does not update the IV! Use DES_ncbc_encrypt instead. */ +DEPRECATEDIN_3_0(void DES_cbc_encrypt(const unsigned char *input, + unsigned char *output, long length, + DES_key_schedule *schedule, + DES_cblock *ivec, int enc)) +DEPRECATEDIN_3_0(void DES_ncbc_encrypt(const unsigned char *input, + unsigned char *output, long length, + DES_key_schedule *schedule, + DES_cblock *ivec, int enc)) +DEPRECATEDIN_3_0(void DES_xcbc_encrypt(const unsigned char *input, + unsigned char *output, long length, + DES_key_schedule *schedule, + DES_cblock *ivec, const_DES_cblock *inw, + const_DES_cblock *outw, int enc)) +DEPRECATEDIN_3_0(void DES_cfb_encrypt(const unsigned char *in, + unsigned char *out, int numbits, + long length, DES_key_schedule *schedule, + DES_cblock *ivec, int enc)) +DEPRECATEDIN_3_0(void DES_ecb_encrypt(const_DES_cblock *input, + DES_cblock *output, DES_key_schedule *ks, + int enc)) + +/* + * This is the DES encryption function that gets called by just about every + * other DES routine in the library. You should not use this function except + * to implement 'modes' of DES. I say this because the functions that call + * this routine do the conversion from 'char *' to long, and this needs to be + * done to make sure 'non-aligned' memory access do not occur. The + * characters are loaded 'little endian'. Data is a pointer to 2 unsigned + * long's and ks is the DES_key_schedule to use. enc, is non zero specifies + * encryption, zero if decryption. + */ +DEPRECATEDIN_3_0(void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, + int enc)) + +/* + * This functions is the same as DES_encrypt1() except that the DES initial + * permutation (IP) and final permutation (FP) have been left out. As for + * DES_encrypt1(), you should not use this function. It is used by the + * routines in the library that implement triple DES. IP() DES_encrypt2() + * DES_encrypt2() DES_encrypt2() FP() is the same as DES_encrypt1() + * DES_encrypt1() DES_encrypt1() except faster :-). + */ +DEPRECATEDIN_3_0(void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, + int enc)) + +DEPRECATEDIN_3_0(void DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1, + DES_key_schedule *ks2, DES_key_schedule *ks3)) +DEPRECATEDIN_3_0(void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1, + DES_key_schedule *ks2, DES_key_schedule *ks3)) +DEPRECATEDIN_3_0(void DES_ede3_cbc_encrypt(const unsigned char *input, + unsigned char *output, long length, + DES_key_schedule *ks1, + DES_key_schedule *ks2, + DES_key_schedule *ks3, + DES_cblock *ivec, int enc)) +DEPRECATEDIN_3_0(void DES_ede3_cfb64_encrypt(const unsigned char *in, + unsigned char *out, long length, + DES_key_schedule *ks1, + DES_key_schedule *ks2, + DES_key_schedule *ks3, + DES_cblock *ivec, int *num, + int enc)) +DEPRECATEDIN_3_0(void DES_ede3_cfb_encrypt(const unsigned char *in, + unsigned char *out, int numbits, + long length, DES_key_schedule *ks1, + DES_key_schedule *ks2, + DES_key_schedule *ks3, + DES_cblock *ivec, int enc)) +DEPRECATEDIN_3_0(void DES_ede3_ofb64_encrypt(const unsigned char *in, + unsigned char *out, long length, + DES_key_schedule *ks1, + DES_key_schedule *ks2, + DES_key_schedule *ks3, + DES_cblock *ivec, int *num)) +DEPRECATEDIN_3_0(char *DES_fcrypt(const char *buf, const char *salt, char *ret)) +DEPRECATEDIN_3_0(char *DES_crypt(const char *buf, const char *salt)) +DEPRECATEDIN_3_0(void DES_ofb_encrypt(const unsigned char *in, + unsigned char *out, int numbits, + long length, DES_key_schedule *schedule, + DES_cblock *ivec)) +DEPRECATEDIN_3_0(void DES_pcbc_encrypt(const unsigned char *input, + unsigned char *output, long length, + DES_key_schedule *schedule, + DES_cblock *ivec, int enc)) +DEPRECATEDIN_3_0(DES_LONG DES_quad_cksum(const unsigned char *input, + DES_cblock output[], long length, + int out_count, DES_cblock *seed)) +DEPRECATEDIN_3_0(int DES_random_key(DES_cblock *ret)) +DEPRECATEDIN_3_0(void DES_set_odd_parity(DES_cblock *key)) +DEPRECATEDIN_3_0(int DES_check_key_parity(const_DES_cblock *key)) +DEPRECATEDIN_3_0(int DES_is_weak_key(const_DES_cblock *key)) +/* + * DES_set_key (= set_key = DES_key_sched = key_sched) calls + * DES_set_key_checked + */ +DEPRECATEDIN_3_0(int DES_set_key(const_DES_cblock *key, + DES_key_schedule *schedule)) +DEPRECATEDIN_3_0(int DES_key_sched(const_DES_cblock *key, + DES_key_schedule *schedule)) +DEPRECATEDIN_3_0(int DES_set_key_checked(const_DES_cblock *key, + DES_key_schedule *schedule)) +DEPRECATEDIN_3_0(void DES_set_key_unchecked(const_DES_cblock *key, + DES_key_schedule *schedule)) +DEPRECATEDIN_3_0(void DES_string_to_key(const char *str, DES_cblock *key)) +DEPRECATEDIN_3_0(void DES_string_to_2keys(const char *str, DES_cblock *key1, + DES_cblock *key2)) +DEPRECATEDIN_3_0(void DES_cfb64_encrypt(const unsigned char *in, + unsigned char *out, long length, + DES_key_schedule *schedule, + DES_cblock *ivec, int *num, int enc)) +DEPRECATEDIN_3_0(void DES_ofb64_encrypt(const unsigned char *in, + unsigned char *out, long length, + DES_key_schedule *schedule, + DES_cblock *ivec, int *num)) + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/linux_amd64/ssl/include/openssl/dh.h b/linux_amd64/ssl/include/openssl/dh.h new file mode 100644 index 0000000..b26e94e --- /dev/null +++ b/linux_amd64/ssl/include/openssl/dh.h @@ -0,0 +1,371 @@ +/* + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_DH_H +# define OPENSSL_DH_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_DH_H +# endif + +# include + +# ifndef OPENSSL_NO_DH +# include +# include +# include +# include +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# include +# endif +# include + +# ifdef __cplusplus +extern "C" { +# endif + +# ifndef OPENSSL_DH_MAX_MODULUS_BITS +# define OPENSSL_DH_MAX_MODULUS_BITS 10000 +# endif + +# define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024 + +# define DH_FLAG_CACHE_MONT_P 0x01 + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +/* + * Does nothing. Previously this switched off constant time behaviour. + */ +# define DH_FLAG_NO_EXP_CONSTTIME 0x00 +# endif + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +/* + * If this flag is set the DH method is FIPS compliant and can be used in + * FIPS mode. This is set in the validated module method. If an application + * sets this flag in its own methods it is its responsibility to ensure the + * result is compliant. + */ + +# define DH_FLAG_FIPS_METHOD 0x0400 + +/* + * If this flag is set the operations normally disabled in FIPS mode are + * permitted it is then the applications responsibility to ensure that the + * usage is compliant. + */ + +# define DH_FLAG_NON_FIPS_ALLOW 0x0400 +# endif + +/* Already defined in ossl_typ.h */ +/* typedef struct dh_st DH; */ +/* typedef struct dh_method DH_METHOD; */ + +DECLARE_ASN1_ITEM(DHparams) + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define DH_GENERATOR_2 2 +# define DH_GENERATOR_3 3 +# define DH_GENERATOR_5 5 + +/* DH_check error codes */ +/* + * NB: These values must align with the equivalently named macros in + * internal/ffc.h. + */ +# define DH_CHECK_P_NOT_PRIME 0x01 +# define DH_CHECK_P_NOT_SAFE_PRIME 0x02 +# define DH_UNABLE_TO_CHECK_GENERATOR 0x04 +# define DH_NOT_SUITABLE_GENERATOR 0x08 +# define DH_CHECK_Q_NOT_PRIME 0x10 +# define DH_CHECK_INVALID_Q_VALUE 0x20 +# define DH_CHECK_INVALID_J_VALUE 0x40 +# define DH_MODULUS_TOO_SMALL 0x80 +# define DH_MODULUS_TOO_LARGE 0x100 + +/* DH_check_pub_key error codes */ +# define DH_CHECK_PUBKEY_TOO_SMALL 0x01 +# define DH_CHECK_PUBKEY_TOO_LARGE 0x02 +# define DH_CHECK_PUBKEY_INVALID 0x04 + +/* + * primes p where (p-1)/2 is prime too are called "safe"; we define this for + * backward compatibility: + */ +# define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME + +/* DH parameter generation types used by EVP_PKEY_CTX_set_dh_paramgen_type() */ +# define DH_PARAMGEN_TYPE_GENERATOR 0 /* Use a generator g */ +# define DH_PARAMGEN_TYPE_FIPS_186_2 1 /* Use legacy FIPS186-2 standard */ +# define DH_PARAMGEN_TYPE_FIPS_186_4 2 /* Use FIPS186-4 standard */ + +# define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME + +# define d2i_DHparams_fp(fp, x) \ + (DH *)ASN1_d2i_fp((char *(*)())DH_new, \ + (char *(*)())d2i_DHparams, \ + (fp), \ + (unsigned char **)(x)) +# define i2d_DHparams_fp(fp, x) \ + ASN1_i2d_fp(i2d_DHparams,(fp), (unsigned char *)(x)) +# define d2i_DHparams_bio(bp, x) \ + ASN1_d2i_bio_of(DH, DH_new, d2i_DHparams, bp, x) +# define i2d_DHparams_bio(bp, x) \ + ASN1_i2d_bio_of(DH, i2d_DHparams, bp, x) + +# define d2i_DHxparams_fp(fp,x) \ + (DH *)ASN1_d2i_fp((char *(*)())DH_new, \ + (char *(*)())d2i_DHxparams, \ + (fp), \ + (unsigned char **)(x)) +# define i2d_DHxparams_fp(fp, x) \ + ASN1_i2d_fp(i2d_DHxparams,(fp), (unsigned char *)(x)) +# define d2i_DHxparams_bio(bp, x) \ + ASN1_d2i_bio_of(DH, DH_new, d2i_DHxparams, bp, x) +# define i2d_DHxparams_bio(bp, x) \ + ASN1_i2d_bio_of(DH, i2d_DHxparams, bp, x) +# endif + +DECLARE_ASN1_DUP_FUNCTION_name(DH, DHparams) + +DEPRECATEDIN_3_0(const DH_METHOD *DH_OpenSSL(void)) + +DEPRECATEDIN_3_0(void DH_set_default_method(const DH_METHOD *meth)) +DEPRECATEDIN_3_0(const DH_METHOD *DH_get_default_method(void)) +DEPRECATEDIN_3_0(int DH_set_method(DH *dh, const DH_METHOD *meth)) +DEPRECATEDIN_3_0(DH *DH_new_method(ENGINE *engine)) + +DH *DH_new(void); +void DH_free(DH *dh); +int DH_up_ref(DH *dh); +DEPRECATEDIN_3_0(int DH_bits(const DH *dh)) +DEPRECATEDIN_3_0(int DH_size(const DH *dh)) +DEPRECATEDIN_3_0(int DH_security_bits(const DH *dh)) +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define DH_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, l, p, newf, dupf, freef) +# endif +DEPRECATEDIN_3_0(int DH_set_ex_data(DH *d, int idx, void *arg)) +DEPRECATEDIN_3_0(void *DH_get_ex_data(DH *d, int idx)) + +/* Deprecated version */ +DEPRECATEDIN_0_9_8(DH *DH_generate_parameters(int prime_len, int generator, + void (*callback) (int, int, + void *), + void *cb_arg)) + +/* New version */ +DEPRECATEDIN_3_0(int DH_generate_parameters_ex(DH *dh, int prime_len, + int generator, BN_GENCB *cb)) + +DEPRECATEDIN_3_0(int DH_check_params_ex(const DH *dh)) +DEPRECATEDIN_3_0(int DH_check_ex(const DH *dh)) +DEPRECATEDIN_3_0(int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key)) +/* + * TODO(3.0): deprecate DH_check_params once ssl/statem/statem_clnt.c is fixed. + */ +int DH_check_params(const DH *dh, int *ret); +DEPRECATEDIN_3_0(int DH_check(const DH *dh, int *codes)) +DEPRECATEDIN_3_0(int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, + int *codes)) +DEPRECATEDIN_3_0(int DH_generate_key(DH *dh)) +DEPRECATEDIN_3_0(int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, + DH *dh)) +DEPRECATEDIN_3_0(int DH_compute_key_padded(unsigned char *key, + const BIGNUM *pub_key, DH *dh)) +DECLARE_ASN1_ENCODE_FUNCTIONS_only(DH, DHparams) +DECLARE_ASN1_ENCODE_FUNCTIONS_only(DH, DHxparams) +# ifndef OPENSSL_NO_STDIO +DEPRECATEDIN_3_0(int DHparams_print_fp(FILE *fp, const DH *x)) +# endif +DEPRECATEDIN_3_0(int DHparams_print(BIO *bp, const DH *x)) + +/* RFC 5114 parameters */ +DH *DH_get_1024_160(void); +DH *DH_get_2048_224(void); +DH *DH_get_2048_256(void); + +/* Named parameters, currently RFC7919 and RFC3526 */ +/* TODO(3.0): deprecate DH_new_by_nid() after converting ssl/s3_lib.c */ +DH *DH_new_by_nid(int nid); +DEPRECATEDIN_3_0(int DH_get_nid(DH *dh)) + +# ifndef OPENSSL_NO_CMS +/* RFC2631 KDF */ +DEPRECATEDIN_3_0(int DH_KDF_X9_42(unsigned char *out, size_t outlen, + const unsigned char *Z, size_t Zlen, + ASN1_OBJECT *key_oid, + const unsigned char *ukm, + size_t ukmlen, const EVP_MD *md)) +# endif + +void DH_get0_pqg(const DH *dh, + const BIGNUM **p, const BIGNUM **q, const BIGNUM **g); +int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); +void DH_get0_key(const DH *dh, + const BIGNUM **pub_key, const BIGNUM **priv_key); +int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key); +const BIGNUM *DH_get0_p(const DH *dh); +const BIGNUM *DH_get0_q(const DH *dh); +const BIGNUM *DH_get0_g(const DH *dh); +const BIGNUM *DH_get0_priv_key(const DH *dh); +const BIGNUM *DH_get0_pub_key(const DH *dh); +void DH_clear_flags(DH *dh, int flags); +int DH_test_flags(const DH *dh, int flags); +void DH_set_flags(DH *dh, int flags); +DEPRECATEDIN_3_0(ENGINE *DH_get0_engine(DH *d)) +DEPRECATEDIN_3_0(long DH_get_length(const DH *dh)) +DEPRECATEDIN_3_0(int DH_set_length(DH *dh, long length)) + +DEPRECATEDIN_3_0(DH_METHOD *DH_meth_new(const char *name, int flags)) +DEPRECATEDIN_3_0(void DH_meth_free(DH_METHOD *dhm)) +DEPRECATEDIN_3_0(DH_METHOD *DH_meth_dup(const DH_METHOD *dhm)) +DEPRECATEDIN_3_0(const char *DH_meth_get0_name(const DH_METHOD *dhm)) +DEPRECATEDIN_3_0(int DH_meth_set1_name(DH_METHOD *dhm, const char *name)) +DEPRECATEDIN_3_0(int DH_meth_get_flags(const DH_METHOD *dhm)) +DEPRECATEDIN_3_0(int DH_meth_set_flags(DH_METHOD *dhm, int flags)) +DEPRECATEDIN_3_0(void *DH_meth_get0_app_data(const DH_METHOD *dhm)) +DEPRECATEDIN_3_0(int DH_meth_set0_app_data(DH_METHOD *dhm, void *app_data)) +DEPRECATEDIN_3_0(int (*DH_meth_get_generate_key(const DH_METHOD *dhm)) (DH *)) +DEPRECATEDIN_3_0(int DH_meth_set_generate_key(DH_METHOD *dhm, + int (*generate_key) (DH *))) +DEPRECATEDIN_3_0(int (*DH_meth_get_compute_key(const DH_METHOD *dhm)) + (unsigned char *key, + const BIGNUM *pub_key, DH *dh)) +DEPRECATEDIN_3_0(int DH_meth_set_compute_key(DH_METHOD *dhm, + int (*compute_key) + (unsigned char *key, + const BIGNUM *pub_key, + DH *dh))) +DEPRECATEDIN_3_0(int (*DH_meth_get_bn_mod_exp(const DH_METHOD *dhm)) + (const DH *, BIGNUM *, + const BIGNUM *, + const BIGNUM *, + const BIGNUM *, BN_CTX *, + BN_MONT_CTX *)) +DEPRECATEDIN_3_0(int DH_meth_set_bn_mod_exp(DH_METHOD *dhm, + int (*bn_mod_exp) + (const DH *, BIGNUM *, + const BIGNUM *, const BIGNUM *, + const BIGNUM *, BN_CTX *, + BN_MONT_CTX *))) +DEPRECATEDIN_3_0(int (*DH_meth_get_init(const DH_METHOD *dhm))(DH *)) +DEPRECATEDIN_3_0(int DH_meth_set_init(DH_METHOD *dhm, int (*init)(DH *))) +DEPRECATEDIN_3_0(int (*DH_meth_get_finish(const DH_METHOD *dhm)) (DH *)) +DEPRECATEDIN_3_0(int DH_meth_set_finish(DH_METHOD *dhm, int (*finish) (DH *))) +DEPRECATEDIN_3_0(int (*DH_meth_get_generate_params(const DH_METHOD *dhm)) + (DH *, int, int, + BN_GENCB *)) +DEPRECATEDIN_3_0(int DH_meth_set_generate_params(DH_METHOD *dhm, + int (*generate_params) + (DH *, int, int, + BN_GENCB *))) + +# define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, len, NULL) + +# define EVP_PKEY_CTX_set_dh_paramgen_subprime_len(ctx, len) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN, len, NULL) + +# define EVP_PKEY_CTX_set_dh_paramgen_type(ctx, typ) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_PARAMGEN_TYPE, typ, NULL) + +# define EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, gen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR, gen, NULL) + +# define EVP_PKEY_CTX_set_dh_rfc5114(ctx, gen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_RFC5114, gen, NULL) + +# define EVP_PKEY_CTX_set_dhx_rfc5114(ctx, gen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_RFC5114, gen, NULL) + +# define EVP_PKEY_CTX_set_dh_nid(ctx, nid) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, \ + EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_DH_NID, nid, NULL) + +int EVP_PKEY_CTX_set_dh_pad(EVP_PKEY_CTX *ctx, int pad); + +# define EVP_PKEY_CTX_set_dh_kdf_type(ctx, kdf) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_DH_KDF_TYPE, kdf, NULL) + +# define EVP_PKEY_CTX_get_dh_kdf_type(ctx) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_DH_KDF_TYPE, -2, NULL) + +# define EVP_PKEY_CTX_set0_dh_kdf_oid(ctx, oid) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_DH_KDF_OID, 0, (void *)(oid)) + +# define EVP_PKEY_CTX_get0_dh_kdf_oid(ctx, poid) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_DH_KDF_OID, 0, (void *)(poid)) + +# define EVP_PKEY_CTX_set_dh_kdf_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_DH_KDF_MD, 0, (void *)(md)) + +# define EVP_PKEY_CTX_get_dh_kdf_md(ctx, pmd) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_DH_KDF_MD, 0, (void *)(pmd)) + +# define EVP_PKEY_CTX_set_dh_kdf_outlen(ctx, len) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_DH_KDF_OUTLEN, len, NULL) + +# define EVP_PKEY_CTX_get_dh_kdf_outlen(ctx, plen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN, 0, (void *)(plen)) + +# define EVP_PKEY_CTX_set0_dh_kdf_ukm(ctx, p, plen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_DH_KDF_UKM, plen, (void *)(p)) + +# define EVP_PKEY_CTX_get0_dh_kdf_ukm(ctx, p) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_DH_KDF_UKM, 0, (void *)(p)) + +# define EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN (EVP_PKEY_ALG_CTRL + 1) +# define EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR (EVP_PKEY_ALG_CTRL + 2) +# define EVP_PKEY_CTRL_DH_RFC5114 (EVP_PKEY_ALG_CTRL + 3) +# define EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN (EVP_PKEY_ALG_CTRL + 4) +# define EVP_PKEY_CTRL_DH_PARAMGEN_TYPE (EVP_PKEY_ALG_CTRL + 5) +# define EVP_PKEY_CTRL_DH_KDF_TYPE (EVP_PKEY_ALG_CTRL + 6) +# define EVP_PKEY_CTRL_DH_KDF_MD (EVP_PKEY_ALG_CTRL + 7) +# define EVP_PKEY_CTRL_GET_DH_KDF_MD (EVP_PKEY_ALG_CTRL + 8) +# define EVP_PKEY_CTRL_DH_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 9) +# define EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 10) +# define EVP_PKEY_CTRL_DH_KDF_UKM (EVP_PKEY_ALG_CTRL + 11) +# define EVP_PKEY_CTRL_GET_DH_KDF_UKM (EVP_PKEY_ALG_CTRL + 12) +# define EVP_PKEY_CTRL_DH_KDF_OID (EVP_PKEY_ALG_CTRL + 13) +# define EVP_PKEY_CTRL_GET_DH_KDF_OID (EVP_PKEY_ALG_CTRL + 14) +# define EVP_PKEY_CTRL_DH_NID (EVP_PKEY_ALG_CTRL + 15) +# define EVP_PKEY_CTRL_DH_PAD (EVP_PKEY_ALG_CTRL + 16) + +/* KDF types */ +# define EVP_PKEY_DH_KDF_NONE 1 +# ifndef OPENSSL_NO_CMS +# define EVP_PKEY_DH_KDF_X9_42 2 +# endif + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/linux_amd64/ssl/include/openssl/dherr.h b/linux_amd64/ssl/include/openssl/dherr.h new file mode 100644 index 0000000..463019d --- /dev/null +++ b/linux_amd64/ssl/include/openssl/dherr.h @@ -0,0 +1,99 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_DHERR_H +# define OPENSSL_DHERR_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_DHERR_H +# endif + +# include +# include + + +# include + +# ifndef OPENSSL_NO_DH + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_DH_strings(void); + +/* + * DH function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define DH_F_COMPUTE_KEY 0 +# define DH_F_DHPARAMS_PRINT_FP 0 +# define DH_F_DH_BUF2KEY 0 +# define DH_F_DH_BUILTIN_GENPARAMS 0 +# define DH_F_DH_CHECK_EX 0 +# define DH_F_DH_CHECK_PARAMS_EX 0 +# define DH_F_DH_CHECK_PUB_KEY_EX 0 +# define DH_F_DH_CMS_DECRYPT 0 +# define DH_F_DH_CMS_SET_PEERKEY 0 +# define DH_F_DH_CMS_SET_SHARED_INFO 0 +# define DH_F_DH_KEY2BUF 0 +# define DH_F_DH_METH_DUP 0 +# define DH_F_DH_METH_NEW 0 +# define DH_F_DH_METH_SET1_NAME 0 +# define DH_F_DH_NEW_BY_NID 0 +# define DH_F_DH_NEW_METHOD 0 +# define DH_F_DH_PARAM_DECODE 0 +# define DH_F_DH_PKEY_PUBLIC_CHECK 0 +# define DH_F_DH_PRIV_DECODE 0 +# define DH_F_DH_PRIV_ENCODE 0 +# define DH_F_DH_PUB_DECODE 0 +# define DH_F_DH_PUB_ENCODE 0 +# define DH_F_DO_DH_PRINT 0 +# define DH_F_GENERATE_KEY 0 +# define DH_F_PKEY_DH_CTRL_STR 0 +# define DH_F_PKEY_DH_DERIVE 0 +# define DH_F_PKEY_DH_INIT 0 +# define DH_F_PKEY_DH_KEYGEN 0 +# endif + +/* + * DH reason codes. + */ +# define DH_R_BAD_GENERATOR 101 +# define DH_R_BN_DECODE_ERROR 109 +# define DH_R_BN_ERROR 106 +# define DH_R_CHECK_INVALID_J_VALUE 115 +# define DH_R_CHECK_INVALID_Q_VALUE 116 +# define DH_R_CHECK_PUBKEY_INVALID 122 +# define DH_R_CHECK_PUBKEY_TOO_LARGE 123 +# define DH_R_CHECK_PUBKEY_TOO_SMALL 124 +# define DH_R_CHECK_P_NOT_PRIME 117 +# define DH_R_CHECK_P_NOT_SAFE_PRIME 118 +# define DH_R_CHECK_Q_NOT_PRIME 119 +# define DH_R_DECODE_ERROR 104 +# define DH_R_INVALID_PARAMETER_NAME 110 +# define DH_R_INVALID_PARAMETER_NID 114 +# define DH_R_INVALID_PUBKEY 102 +# define DH_R_KDF_PARAMETER_ERROR 112 +# define DH_R_KEYS_NOT_SET 108 +# define DH_R_MISSING_PUBKEY 125 +# define DH_R_MODULUS_TOO_LARGE 103 +# define DH_R_MODULUS_TOO_SMALL 126 +# define DH_R_NOT_SUITABLE_GENERATOR 120 +# define DH_R_NO_PARAMETERS_SET 107 +# define DH_R_NO_PRIVATE_VALUE 100 +# define DH_R_PARAMETER_ENCODING_ERROR 105 +# define DH_R_PEER_KEY_ERROR 111 +# define DH_R_SHARED_INFO_ERROR 113 +# define DH_R_UNABLE_TO_CHECK_GENERATOR 121 + +# endif +#endif diff --git a/linux_amd64/ssl/include/openssl/dsa.h b/linux_amd64/ssl/include/openssl/dsa.h new file mode 100644 index 0000000..ac4d221 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/dsa.h @@ -0,0 +1,266 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_DSA_H +# define OPENSSL_DSA_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_DSA_H +# endif + +# include + +# ifndef OPENSSL_NO_DSA +# ifdef __cplusplus +extern "C" { +# endif +# include +# include +# include +# include +# include +# include +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# include +# endif +# include + +# ifndef OPENSSL_DSA_MAX_MODULUS_BITS +# define OPENSSL_DSA_MAX_MODULUS_BITS 10000 +# endif + +# define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024 + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +/* + * Does nothing. Previously this switched off constant time behaviour. + */ +# define DSA_FLAG_NO_EXP_CONSTTIME 0x00 +# endif + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define DSA_FLAG_CACHE_MONT_P 0x01 + +/* + * If this flag is set the DSA method is FIPS compliant and can be used in + * FIPS mode. This is set in the validated module method. If an application + * sets this flag in its own methods it is its responsibility to ensure the + * result is compliant. + */ + +# define DSA_FLAG_FIPS_METHOD 0x0400 + +/* + * If this flag is set the operations normally disabled in FIPS mode are + * permitted it is then the applications responsibility to ensure that the + * usage is compliant. + */ + +# define DSA_FLAG_NON_FIPS_ALLOW 0x0400 +# define DSA_FLAG_FIPS_CHECKED 0x0800 +# endif /* OPENSSL_NO_DEPRECATED_3_0 */ + +/* Already defined in ossl_typ.h */ +/* typedef struct dsa_st DSA; */ +/* typedef struct dsa_method DSA_METHOD; */ + +typedef struct DSA_SIG_st DSA_SIG; + +/* + * TODO(3.0): consider removing the ASN.1 encoding and decoding when + * deserialisation is completed elsewhere. + */ +# define d2i_DSAparams_fp(fp, x) \ + (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \ + (char *(*)())d2i_DSAparams, (fp), \ + (unsigned char **)(x)) +# define i2d_DSAparams_fp(fp, x) \ + ASN1_i2d_fp(i2d_DSAparams, (fp), (unsigned char *)(x)) +# define d2i_DSAparams_bio(bp, x) \ + ASN1_d2i_bio_of(DSA, DSA_new, d2i_DSAparams, bp, x) +# define i2d_DSAparams_bio(bp, x) \ + ASN1_i2d_bio_of(DSA, i2d_DSAparams, bp, x) + +DECLARE_ASN1_DUP_FUNCTION_name(DSA, DSAparams) +DSA_SIG *DSA_SIG_new(void); +void DSA_SIG_free(DSA_SIG *a); +DECLARE_ASN1_ENCODE_FUNCTIONS_only(DSA_SIG, DSA_SIG) +void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); +int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s); + +DEPRECATEDIN_3_0(DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, + DSA *dsa)) +DEPRECATEDIN_3_0(int DSA_do_verify(const unsigned char *dgst, int dgst_len, + DSA_SIG *sig, DSA *dsa)) + +DEPRECATEDIN_3_0(const DSA_METHOD *DSA_OpenSSL(void)) + +DEPRECATEDIN_3_0(void DSA_set_default_method(const DSA_METHOD *)) +DEPRECATEDIN_3_0(const DSA_METHOD *DSA_get_default_method(void)) +DEPRECATEDIN_3_0(int DSA_set_method(DSA *dsa, const DSA_METHOD *)) +DEPRECATEDIN_3_0(const DSA_METHOD *DSA_get_method(DSA *d)) + +DSA *DSA_new(void); +DEPRECATEDIN_3_0(DSA *DSA_new_method(ENGINE *engine)) +void DSA_free(DSA *r); +/* "up" the DSA object's reference count */ +int DSA_up_ref(DSA *r); +DEPRECATEDIN_3_0(int DSA_size(const DSA *)) +DEPRECATEDIN_3_0(int DSA_bits(const DSA *d)) +DEPRECATEDIN_3_0(int DSA_security_bits(const DSA *d)) + /* next 4 return -1 on error */ +DEPRECATEDIN_3_0(int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, + BIGNUM **rp)) +DEPRECATEDIN_3_0(int DSA_sign(int type, const unsigned char *dgst, int dlen, + unsigned char *sig, unsigned int *siglen, + DSA *dsa)) +DEPRECATEDIN_3_0(int DSA_verify(int type, const unsigned char *dgst, + int dgst_len, const unsigned char *sigbuf, + int siglen, DSA *dsa)) +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define DSA_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, l, p, newf, dupf, freef) +# endif +DEPRECATEDIN_3_0(int DSA_set_ex_data(DSA *d, int idx, void *arg)) +DEPRECATEDIN_3_0(void *DSA_get_ex_data(DSA *d, int idx)) + +DECLARE_ASN1_ENCODE_FUNCTIONS_only(DSA, DSAPublicKey) +DECLARE_ASN1_ENCODE_FUNCTIONS_only(DSA, DSAPrivateKey) +DECLARE_ASN1_ENCODE_FUNCTIONS_only(DSA, DSAparams) + +/* Deprecated version */ +DEPRECATEDIN_0_9_8(DSA *DSA_generate_parameters(int bits, + unsigned char *seed, + int seed_len, + int *counter_ret, + unsigned long *h_ret, void + (*callback) (int, int, + void *), + void *cb_arg)) + +/* New version */ +DEPRECATEDIN_3_0(int DSA_generate_parameters_ex(DSA *dsa, int bits, + const unsigned char *seed, + int seed_len, int *counter_ret, + unsigned long *h_ret, + BN_GENCB *cb)) + +DEPRECATEDIN_3_0(int DSA_generate_key(DSA *a)) + +DEPRECATEDIN_3_0(int DSAparams_print(BIO *bp, const DSA *x)) +DEPRECATEDIN_3_0(int DSA_print(BIO *bp, const DSA *x, int off)) +# ifndef OPENSSL_NO_STDIO +DEPRECATEDIN_3_0(int DSAparams_print_fp(FILE *fp, const DSA *x)) +DEPRECATEDIN_3_0(int DSA_print_fp(FILE *bp, const DSA *x, int off)) +# endif + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define DSS_prime_checks 64 +/* + * Primality test according to FIPS PUB 186-4, Appendix C.3. Since we only + * have one value here we set the number of checks to 64 which is the 128 bit + * security level that is the highest level and valid for creating a 3072 bit + * DSA key. + */ +# define DSA_is_prime(n, callback, cb_arg) \ + BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg) +# endif + +# ifndef OPENSSL_NO_DH +/* + * Convert DSA structure (key or just parameters) into DH structure (be + * careful to avoid small subgroup attacks when using this!) + */ +DEPRECATEDIN_3_0(DH *DSA_dup_DH(const DSA *r)) +# endif + +# define EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, nbits, NULL) +# define EVP_PKEY_CTX_set_dsa_paramgen_q_bits(ctx, qbits) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, qbits, NULL) +# define EVP_PKEY_CTX_set_dsa_paramgen_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0, (void *)(md)) + +# define EVP_PKEY_CTRL_DSA_PARAMGEN_BITS (EVP_PKEY_ALG_CTRL + 1) +# define EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS (EVP_PKEY_ALG_CTRL + 2) +# define EVP_PKEY_CTRL_DSA_PARAMGEN_MD (EVP_PKEY_ALG_CTRL + 3) + +void DSA_get0_pqg(const DSA *d, + const BIGNUM **p, const BIGNUM **q, const BIGNUM **g); +int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g); +void DSA_get0_key(const DSA *d, + const BIGNUM **pub_key, const BIGNUM **priv_key); +int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key); +const BIGNUM *DSA_get0_p(const DSA *d); +const BIGNUM *DSA_get0_q(const DSA *d); +const BIGNUM *DSA_get0_g(const DSA *d); +const BIGNUM *DSA_get0_pub_key(const DSA *d); +const BIGNUM *DSA_get0_priv_key(const DSA *d); +void DSA_clear_flags(DSA *d, int flags); +int DSA_test_flags(const DSA *d, int flags); +void DSA_set_flags(DSA *d, int flags); +DEPRECATEDIN_3_0(ENGINE *DSA_get0_engine(DSA *d)) + +DEPRECATEDIN_3_0(DSA_METHOD *DSA_meth_new(const char *name, int flags)) +DEPRECATEDIN_3_0(void DSA_meth_free(DSA_METHOD *dsam)) +DEPRECATEDIN_3_0(DSA_METHOD *DSA_meth_dup(const DSA_METHOD *dsam)) +DEPRECATEDIN_3_0(const char *DSA_meth_get0_name(const DSA_METHOD *dsam)) +DEPRECATEDIN_3_0(int DSA_meth_set1_name(DSA_METHOD *dsam, const char *name)) +DEPRECATEDIN_3_0(int DSA_meth_get_flags(const DSA_METHOD *dsam)) +DEPRECATEDIN_3_0(int DSA_meth_set_flags(DSA_METHOD *dsam, int flags)) +DEPRECATEDIN_3_0(void *DSA_meth_get0_app_data(const DSA_METHOD *dsam)) +DEPRECATEDIN_3_0(int DSA_meth_set0_app_data(DSA_METHOD *dsam, void *app_data)) +DEPRECATEDIN_3_0(DSA_SIG *(*DSA_meth_get_sign(const DSA_METHOD *dsam)) + (const unsigned char *, int, DSA *)) +DEPRECATEDIN_3_0(int DSA_meth_set_sign(DSA_METHOD *dsam, + DSA_SIG *(*sign) (const unsigned char *, int, DSA *))) +DEPRECATEDIN_3_0(int (*DSA_meth_get_sign_setup(const DSA_METHOD *dsam)) + (DSA *, BN_CTX *, BIGNUM **, BIGNUM **)) +DEPRECATEDIN_3_0(int DSA_meth_set_sign_setup(DSA_METHOD *dsam, + int (*sign_setup) (DSA *, BN_CTX *, BIGNUM **, BIGNUM **))) +DEPRECATEDIN_3_0(int (*DSA_meth_get_verify(const DSA_METHOD *dsam)) + (const unsigned char *, int, DSA_SIG *, DSA *)) +DEPRECATEDIN_3_0(int DSA_meth_set_verify(DSA_METHOD *dsam, + int (*verify) (const unsigned char *, int, DSA_SIG *, DSA *))) +DEPRECATEDIN_3_0(int (*DSA_meth_get_mod_exp(const DSA_METHOD *dsam)) + (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, + const BIGNUM *, const BIGNUM *, BN_CTX *, BN_MONT_CTX *)) +DEPRECATEDIN_3_0(int DSA_meth_set_mod_exp(DSA_METHOD *dsam, + int (*mod_exp) (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, + const BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *, + BN_MONT_CTX *))) +DEPRECATEDIN_3_0(int (*DSA_meth_get_bn_mod_exp(const DSA_METHOD *dsam)) + (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, + BN_CTX *, BN_MONT_CTX *)) +DEPRECATEDIN_3_0(int DSA_meth_set_bn_mod_exp(DSA_METHOD *dsam, + int (*bn_mod_exp) (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, + const BIGNUM *, BN_CTX *, BN_MONT_CTX *))) +DEPRECATEDIN_3_0(int (*DSA_meth_get_init(const DSA_METHOD *dsam))(DSA *)) +DEPRECATEDIN_3_0(int DSA_meth_set_init(DSA_METHOD *dsam, int (*init)(DSA *))) +DEPRECATEDIN_3_0(int (*DSA_meth_get_finish(const DSA_METHOD *dsam)) (DSA *)) +DEPRECATEDIN_3_0(int DSA_meth_set_finish(DSA_METHOD *dsam, int (*finish) (DSA *))) +DEPRECATEDIN_3_0(int (*DSA_meth_get_paramgen(const DSA_METHOD *dsam)) + (DSA *, int, const unsigned char *, int, int *, unsigned long *, + BN_GENCB *)) +DEPRECATEDIN_3_0(int DSA_meth_set_paramgen(DSA_METHOD *dsam, + int (*paramgen) (DSA *, int, const unsigned char *, int, int *, + unsigned long *, BN_GENCB *))) +DEPRECATEDIN_3_0(int (*DSA_meth_get_keygen(const DSA_METHOD *dsam)) (DSA *)) +DEPRECATEDIN_3_0(int DSA_meth_set_keygen(DSA_METHOD *dsam, int (*keygen) (DSA *))) + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/linux_amd64/ssl/include/openssl/dsaerr.h b/linux_amd64/ssl/include/openssl/dsaerr.h new file mode 100644 index 0000000..48dd7d0 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/dsaerr.h @@ -0,0 +1,80 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_DSAERR_H +# define OPENSSL_DSAERR_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_DSAERR_H +# endif + +# include +# include + + +# include + +# ifndef OPENSSL_NO_DSA + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_DSA_strings(void); + +/* + * DSA function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define DSA_F_DSAPARAMS_PRINT 0 +# define DSA_F_DSAPARAMS_PRINT_FP 0 +# define DSA_F_DSA_BUILTIN_PARAMGEN 0 +# define DSA_F_DSA_BUILTIN_PARAMGEN2 0 +# define DSA_F_DSA_DO_SIGN 0 +# define DSA_F_DSA_DO_VERIFY 0 +# define DSA_F_DSA_METH_DUP 0 +# define DSA_F_DSA_METH_NEW 0 +# define DSA_F_DSA_METH_SET1_NAME 0 +# define DSA_F_DSA_NEW_METHOD 0 +# define DSA_F_DSA_PARAM_DECODE 0 +# define DSA_F_DSA_PRINT_FP 0 +# define DSA_F_DSA_PRIV_DECODE 0 +# define DSA_F_DSA_PRIV_ENCODE 0 +# define DSA_F_DSA_PUB_DECODE 0 +# define DSA_F_DSA_PUB_ENCODE 0 +# define DSA_F_DSA_SIGN 0 +# define DSA_F_DSA_SIGN_SETUP 0 +# define DSA_F_DSA_SIG_NEW 0 +# define DSA_F_OLD_DSA_PRIV_DECODE 0 +# define DSA_F_PKEY_DSA_CTRL 0 +# define DSA_F_PKEY_DSA_CTRL_STR 0 +# define DSA_F_PKEY_DSA_KEYGEN 0 +# endif + +/* + * DSA reason codes. + */ +# define DSA_R_BAD_Q_VALUE 102 +# define DSA_R_BN_DECODE_ERROR 108 +# define DSA_R_BN_ERROR 109 +# define DSA_R_DECODE_ERROR 104 +# define DSA_R_INVALID_DIGEST_TYPE 106 +# define DSA_R_INVALID_PARAMETERS 112 +# define DSA_R_MISSING_PARAMETERS 101 +# define DSA_R_MISSING_PRIVATE_KEY 111 +# define DSA_R_MODULUS_TOO_LARGE 103 +# define DSA_R_NO_PARAMETERS_SET 107 +# define DSA_R_PARAMETER_ENCODING_ERROR 105 +# define DSA_R_Q_NOT_PRIME 113 +# define DSA_R_SEED_LEN_SMALL 110 + +# endif +#endif diff --git a/linux_amd64/ssl/include/openssl/dtls1.h b/linux_amd64/ssl/include/openssl/dtls1.h new file mode 100644 index 0000000..bfc2d6e --- /dev/null +++ b/linux_amd64/ssl/include/openssl/dtls1.h @@ -0,0 +1,65 @@ +/* + * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_DTLS1_H +# define OPENSSL_DTLS1_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_DTLS1_H +# endif + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +# define DTLS1_VERSION 0xFEFF +# define DTLS1_2_VERSION 0xFEFD +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define DTLS_MIN_VERSION DTLS1_VERSION +# define DTLS_MAX_VERSION DTLS1_2_VERSION +# endif +# define DTLS1_VERSION_MAJOR 0xFE + +# define DTLS1_BAD_VER 0x0100 + +/* Special value for method supporting multiple versions */ +# define DTLS_ANY_VERSION 0x1FFFF + +/* lengths of messages */ +/* + * Actually the max cookie length in DTLS is 255. But we can't change this now + * due to compatibility concerns. + */ +# define DTLS1_COOKIE_LENGTH 256 + +# define DTLS1_RT_HEADER_LENGTH 13 + +# define DTLS1_HM_HEADER_LENGTH 12 + +# define DTLS1_HM_BAD_FRAGMENT -2 +# define DTLS1_HM_FRAGMENT_RETRY -3 + +# define DTLS1_CCS_HEADER_LENGTH 1 + +# define DTLS1_AL_HEADER_LENGTH 2 + +/* Timeout multipliers */ +# define DTLS1_TMO_READ_COUNT 2 +# define DTLS1_TMO_WRITE_COUNT 2 + +# define DTLS1_TMO_ALERT_COUNT 12 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/linux_amd64/ssl/include/openssl/e_os2.h b/linux_amd64/ssl/include/openssl/e_os2.h new file mode 100644 index 0000000..982dd2b --- /dev/null +++ b/linux_amd64/ssl/include/openssl/e_os2.h @@ -0,0 +1,280 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_E_OS2_H +# define OPENSSL_E_OS2_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_E_OS2_H +# endif + +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/****************************************************************************** + * Detect operating systems. This probably needs completing. + * The result is that at least one OPENSSL_SYS_os macro should be defined. + * However, if none is defined, Unix is assumed. + **/ + +# define OPENSSL_SYS_UNIX + +/* --------------------- Microsoft operating systems ---------------------- */ + +/* + * Note that MSDOS actually denotes 32-bit environments running on top of + * MS-DOS, such as DJGPP one. + */ +# if defined(OPENSSL_SYS_MSDOS) +# undef OPENSSL_SYS_UNIX +# endif + +/* + * For 32 bit environment, there seems to be the CygWin environment and then + * all the others that try to do the same thing Microsoft does... + */ +/* + * UEFI lives here because it might be built with a Microsoft toolchain and + * we need to avoid the false positive match on Windows. + */ +# if defined(OPENSSL_SYS_UEFI) +# undef OPENSSL_SYS_UNIX +# elif defined(OPENSSL_SYS_UWIN) +# undef OPENSSL_SYS_UNIX +# define OPENSSL_SYS_WIN32_UWIN +# else +# if defined(__CYGWIN__) || defined(OPENSSL_SYS_CYGWIN) +# define OPENSSL_SYS_WIN32_CYGWIN +# else +# if defined(_WIN32) || defined(OPENSSL_SYS_WIN32) +# undef OPENSSL_SYS_UNIX +# if !defined(OPENSSL_SYS_WIN32) +# define OPENSSL_SYS_WIN32 +# endif +# endif +# if defined(_WIN64) || defined(OPENSSL_SYS_WIN64) +# undef OPENSSL_SYS_UNIX +# if !defined(OPENSSL_SYS_WIN64) +# define OPENSSL_SYS_WIN64 +# endif +# endif +# if defined(OPENSSL_SYS_WINNT) +# undef OPENSSL_SYS_UNIX +# endif +# if defined(OPENSSL_SYS_WINCE) +# undef OPENSSL_SYS_UNIX +# endif +# endif +# endif + +/* Anything that tries to look like Microsoft is "Windows" */ +# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN64) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE) +# undef OPENSSL_SYS_UNIX +# define OPENSSL_SYS_WINDOWS +# ifndef OPENSSL_SYS_MSDOS +# define OPENSSL_SYS_MSDOS +# endif +# endif + +/* + * DLL settings. This part is a bit tough, because it's up to the + * application implementor how he or she will link the application, so it + * requires some macro to be used. + */ +# ifdef OPENSSL_SYS_WINDOWS +# ifndef OPENSSL_OPT_WINDLL +# if defined(_WINDLL) /* This is used when building OpenSSL to + * indicate that DLL linkage should be used */ +# define OPENSSL_OPT_WINDLL +# endif +# endif +# endif + +/* ------------------------------- OpenVMS -------------------------------- */ +# if defined(__VMS) || defined(VMS) || defined(OPENSSL_SYS_VMS) +# if !defined(OPENSSL_SYS_VMS) +# undef OPENSSL_SYS_UNIX +# endif +# define OPENSSL_SYS_VMS +# if defined(__DECC) +# define OPENSSL_SYS_VMS_DECC +# elif defined(__DECCXX) +# define OPENSSL_SYS_VMS_DECC +# define OPENSSL_SYS_VMS_DECCXX +# else +# define OPENSSL_SYS_VMS_NODECC +# endif +# endif + +/* -------------------------------- Unix ---------------------------------- */ +# ifdef OPENSSL_SYS_UNIX +# if defined(linux) || defined(__linux__) && !defined(OPENSSL_SYS_LINUX) +# define OPENSSL_SYS_LINUX +# endif +# if defined(_AIX) && !defined(OPENSSL_SYS_AIX) +# define OPENSSL_SYS_AIX +# endif +# endif + +/* -------------------------------- VOS ----------------------------------- */ +# if defined(__VOS__) && !defined(OPENSSL_SYS_VOS) +# define OPENSSL_SYS_VOS +# ifdef __HPPA__ +# define OPENSSL_SYS_VOS_HPPA +# endif +# ifdef __IA32__ +# define OPENSSL_SYS_VOS_IA32 +# endif +# endif + +/** + * That's it for OS-specific stuff + *****************************************************************************/ + +/*- + * OPENSSL_EXTERN is normally used to declare a symbol with possible extra + * attributes to handle its presence in a shared library. + * OPENSSL_EXPORT is used to define a symbol with extra possible attributes + * to make it visible in a shared library. + * Care needs to be taken when a header file is used both to declare and + * define symbols. Basically, for any library that exports some global + * variables, the following code must be present in the header file that + * declares them, before OPENSSL_EXTERN is used: + * + * #ifdef SOME_BUILD_FLAG_MACRO + * # undef OPENSSL_EXTERN + * # define OPENSSL_EXTERN OPENSSL_EXPORT + * #endif + * + * The default is to have OPENSSL_EXPORT and OPENSSL_EXTERN + * have some generally sensible values. + */ + +# if defined(OPENSSL_SYS_WINDOWS) && defined(OPENSSL_OPT_WINDLL) +# define OPENSSL_EXPORT extern __declspec(dllexport) +# define OPENSSL_EXTERN extern __declspec(dllimport) +# else +# define OPENSSL_EXPORT extern +# define OPENSSL_EXTERN extern +# endif + +# ifdef _WIN32 +# ifdef _WIN64 +# define ossl_ssize_t __int64 +# define OSSL_SSIZE_MAX _I64_MAX +# else +# define ossl_ssize_t int +# define OSSL_SSIZE_MAX INT_MAX +# endif +# endif + +# if defined(OPENSSL_SYS_UEFI) && !defined(ossl_ssize_t) +# define ossl_ssize_t INTN +# define OSSL_SSIZE_MAX MAX_INTN +# endif + +# ifndef ossl_ssize_t +# define ossl_ssize_t ssize_t +# if defined(SSIZE_MAX) +# define OSSL_SSIZE_MAX SSIZE_MAX +# elif defined(_POSIX_SSIZE_MAX) +# define OSSL_SSIZE_MAX _POSIX_SSIZE_MAX +# else +# define OSSL_SSIZE_MAX ((ssize_t)(SIZE_MAX>>1)) +# endif +# endif + +# ifdef DEBUG_UNUSED +# define __owur __attribute__((__warn_unused_result__)) +# else +# define __owur +# endif + +/* Standard integer types */ +# define OPENSSL_NO_INTTYPES_H +# define OPENSSL_NO_STDINT_H +# if defined(OPENSSL_SYS_UEFI) +typedef INT8 int8_t; +typedef UINT8 uint8_t; +typedef INT16 int16_t; +typedef UINT16 uint16_t; +typedef INT32 int32_t; +typedef UINT32 uint32_t; +typedef INT64 int64_t; +typedef UINT64 uint64_t; +# elif (defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) || \ + defined(__osf__) || defined(__sgi) || defined(__hpux) || \ + defined(OPENSSL_SYS_VMS) || defined (__OpenBSD__) +# include +# undef OPENSSL_NO_INTTYPES_H +/* Because the specs say that inttypes.h includes stdint.h if present */ +# undef OPENSSL_NO_STDINT_H +# elif defined(_MSC_VER) && _MSC_VER<=1500 +/* + * minimally required typdefs for systems not supporting inttypes.h or + * stdint.h: currently just older VC++ + */ +typedef signed char int8_t; +typedef unsigned char uint8_t; +typedef short int16_t; +typedef unsigned short uint16_t; +typedef int int32_t; +typedef unsigned int uint32_t; +typedef __int64 int64_t; +typedef unsigned __int64 uint64_t; +# else +# include +# undef OPENSSL_NO_STDINT_H +# endif + +/* ossl_inline: portable inline definition usable in public headers */ +# if !defined(inline) && !defined(__cplusplus) +# if defined(__STDC_VERSION__) && __STDC_VERSION__>=199901L + /* just use inline */ +# define ossl_inline inline +# elif defined(__GNUC__) && __GNUC__>=2 +# define ossl_inline __inline__ +# elif defined(_MSC_VER) + /* + * Visual Studio: inline is available in C++ only, however + * __inline is available for C, see + * http://msdn.microsoft.com/en-us/library/z8y1yy88.aspx + */ +# define ossl_inline __inline +# else +# define ossl_inline +# endif +# else +# define ossl_inline inline +# endif + +# if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L +# define ossl_noreturn _Noreturn +# elif defined(__GNUC__) && __GNUC__ >= 2 +# define ossl_noreturn __attribute__((noreturn)) +# else +# define ossl_noreturn +# endif + +/* ossl_unused: portable unused attribute for use in public headers */ +# if defined(__GNUC__) +# define ossl_unused __attribute__((unused)) +# else +# define ossl_unused +# endif + +#ifdef __cplusplus +} +#endif +#endif diff --git a/linux_amd64/ssl/include/openssl/ebcdic.h b/linux_amd64/ssl/include/openssl/ebcdic.h new file mode 100644 index 0000000..e0ae1aa --- /dev/null +++ b/linux_amd64/ssl/include/openssl/ebcdic.h @@ -0,0 +1,39 @@ +/* + * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_EBCDIC_H +# define OPENSSL_EBCDIC_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_EBCDIC_H +# endif + +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* Avoid name clashes with other applications */ +# define os_toascii _openssl_os_toascii +# define os_toebcdic _openssl_os_toebcdic +# define ebcdic2ascii _openssl_ebcdic2ascii +# define ascii2ebcdic _openssl_ascii2ebcdic + +extern const unsigned char os_toascii[256]; +extern const unsigned char os_toebcdic[256]; +void *ebcdic2ascii(void *dest, const void *srce, size_t count); +void *ascii2ebcdic(void *dest, const void *srce, size_t count); + +#ifdef __cplusplus +} +#endif +#endif diff --git a/linux_amd64/ssl/include/openssl/ec.h b/linux_amd64/ssl/include/openssl/ec.h new file mode 100644 index 0000000..c5d5fc0 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/ec.h @@ -0,0 +1,1519 @@ +/* + * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_EC_H +# define OPENSSL_EC_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_EC_H +# endif + +# include + +# ifndef OPENSSL_NO_EC +# include +# include +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# include +# endif +# include +# ifdef __cplusplus +extern "C" { +# endif + +# ifndef OPENSSL_ECC_MAX_FIELD_BITS +# define OPENSSL_ECC_MAX_FIELD_BITS 661 +# endif + +/** Enum for the point conversion form as defined in X9.62 (ECDSA) + * for the encoding of a elliptic curve point (x,y) */ +typedef enum { + /** the point is encoded as z||x, where the octet z specifies + * which solution of the quadratic equation y is */ + POINT_CONVERSION_COMPRESSED = 2, + /** the point is encoded as z||x||y, where z is the octet 0x04 */ + POINT_CONVERSION_UNCOMPRESSED = 4, + /** the point is encoded as z||x||y, where the octet z specifies + * which solution of the quadratic equation y is */ + POINT_CONVERSION_HYBRID = 6 +} point_conversion_form_t; + +typedef struct ec_method_st EC_METHOD; +typedef struct ec_group_st EC_GROUP; +typedef struct ec_point_st EC_POINT; +typedef struct ecpk_parameters_st ECPKPARAMETERS; +typedef struct ec_parameters_st ECPARAMETERS; + +/********************************************************************/ +/* EC_METHODs for curves over GF(p) */ +/********************************************************************/ + +/** Returns the basic GFp ec methods which provides the basis for the + * optimized methods. + * \return EC_METHOD object + */ +const EC_METHOD *EC_GFp_simple_method(void); + +/** Returns GFp methods using montgomery multiplication. + * \return EC_METHOD object + */ +const EC_METHOD *EC_GFp_mont_method(void); + +/** Returns GFp methods using optimized methods for NIST recommended curves + * \return EC_METHOD object + */ +const EC_METHOD *EC_GFp_nist_method(void); + +# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 +/** Returns 64-bit optimized methods for nistp224 + * \return EC_METHOD object + */ +const EC_METHOD *EC_GFp_nistp224_method(void); + +/** Returns 64-bit optimized methods for nistp256 + * \return EC_METHOD object + */ +const EC_METHOD *EC_GFp_nistp256_method(void); + +/** Returns 64-bit optimized methods for nistp521 + * \return EC_METHOD object + */ +const EC_METHOD *EC_GFp_nistp521_method(void); +# endif + +# ifndef OPENSSL_NO_EC2M +/********************************************************************/ +/* EC_METHOD for curves over GF(2^m) */ +/********************************************************************/ + +/** Returns the basic GF2m ec method + * \return EC_METHOD object + */ +const EC_METHOD *EC_GF2m_simple_method(void); + +# endif + +/********************************************************************/ +/* EC_GROUP functions */ +/********************************************************************/ + +/** + * Creates a new EC_GROUP object + * \param libctx The associated library context or NULL for the default + * library context + * \param meth EC_METHOD to use + * \return newly created EC_GROUP object or NULL in case of an error. + */ +EC_GROUP *EC_GROUP_new_ex(OPENSSL_CTX *libctx, const EC_METHOD *meth); + +/** + * Creates a new EC_GROUP object. Same as EC_GROUP_new_ex with NULL for the + * library context. + * \param meth EC_METHOD to use + * \return newly created EC_GROUP object or NULL in case of an error. + */ +EC_GROUP *EC_GROUP_new(const EC_METHOD *meth); + +/** Frees a EC_GROUP object + * \param group EC_GROUP object to be freed. + */ +void EC_GROUP_free(EC_GROUP *group); + +/** Clears and frees a EC_GROUP object + * \param group EC_GROUP object to be cleared and freed. + */ +DEPRECATEDIN_3_0(void EC_GROUP_clear_free(EC_GROUP *group)) + +/** Copies EC_GROUP objects. Note: both EC_GROUPs must use the same EC_METHOD. + * \param dst destination EC_GROUP object + * \param src source EC_GROUP object + * \return 1 on success and 0 if an error occurred. + */ +int EC_GROUP_copy(EC_GROUP *dst, const EC_GROUP *src); + +/** Creates a new EC_GROUP object and copies the content + * form src to the newly created EC_KEY object + * \param src source EC_GROUP object + * \return newly created EC_GROUP object or NULL in case of an error. + */ +EC_GROUP *EC_GROUP_dup(const EC_GROUP *src); + +/** Returns the EC_METHOD of the EC_GROUP object. + * \param group EC_GROUP object + * \return EC_METHOD used in this EC_GROUP object. + */ +const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group); + +/** Returns the field type of the EC_METHOD. + * \param meth EC_METHOD object + * \return NID of the underlying field type OID. + */ +int EC_METHOD_get_field_type(const EC_METHOD *meth); + +/** Sets the generator and its order/cofactor of a EC_GROUP object. + * \param group EC_GROUP object + * \param generator EC_POINT object with the generator. + * \param order the order of the group generated by the generator. + * \param cofactor the index of the sub-group generated by the generator + * in the group of all points on the elliptic curve. + * \return 1 on success and 0 if an error occurred + */ +int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, + const BIGNUM *order, const BIGNUM *cofactor); + +/** Returns the generator of a EC_GROUP object. + * \param group EC_GROUP object + * \return the currently used generator (possibly NULL). + */ +const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group); + +/** Returns the montgomery data for order(Generator) + * \param group EC_GROUP object + * \return the currently used montgomery data (possibly NULL). +*/ +BN_MONT_CTX *EC_GROUP_get_mont_data(const EC_GROUP *group); + +/** Gets the order of a EC_GROUP + * \param group EC_GROUP object + * \param order BIGNUM to which the order is copied + * \param ctx unused + * \return 1 on success and 0 if an error occurred + */ +int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx); + +/** Gets the order of an EC_GROUP + * \param group EC_GROUP object + * \return the group order + */ +const BIGNUM *EC_GROUP_get0_order(const EC_GROUP *group); + +/** Gets the number of bits of the order of an EC_GROUP + * \param group EC_GROUP object + * \return number of bits of group order. + */ +int EC_GROUP_order_bits(const EC_GROUP *group); + +/** Gets the cofactor of a EC_GROUP + * \param group EC_GROUP object + * \param cofactor BIGNUM to which the cofactor is copied + * \param ctx unused + * \return 1 on success and 0 if an error occurred + */ +int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, + BN_CTX *ctx); + +/** Gets the cofactor of an EC_GROUP + * \param group EC_GROUP object + * \return the group cofactor + */ +const BIGNUM *EC_GROUP_get0_cofactor(const EC_GROUP *group); + +/** Sets the name of a EC_GROUP object + * \param group EC_GROUP object + * \param nid NID of the curve name OID + */ +void EC_GROUP_set_curve_name(EC_GROUP *group, int nid); + +/** Returns the curve name of a EC_GROUP object + * \param group EC_GROUP object + * \return NID of the curve name OID or 0 if not set. + */ +int EC_GROUP_get_curve_name(const EC_GROUP *group); + +/** Gets the field of an EC_GROUP + * \param group EC_GROUP object + * \return the group field + */ +const BIGNUM *EC_GROUP_get0_field(const EC_GROUP *group); + +void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag); +int EC_GROUP_get_asn1_flag(const EC_GROUP *group); + +void EC_GROUP_set_point_conversion_form(EC_GROUP *group, + point_conversion_form_t form); +point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *); + +unsigned char *EC_GROUP_get0_seed(const EC_GROUP *x); +size_t EC_GROUP_get_seed_len(const EC_GROUP *); +size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len); + +/** Sets the parameters of a ec curve defined by y^2 = x^3 + a*x + b (for GFp) + * or y^2 + x*y = x^3 + a*x^2 + b (for GF2m) + * \param group EC_GROUP object + * \param p BIGNUM with the prime number (GFp) or the polynomial + * defining the underlying field (GF2m) + * \param a BIGNUM with parameter a of the equation + * \param b BIGNUM with parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_GROUP_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, + const BIGNUM *b, BN_CTX *ctx); + +/** Gets the parameters of the ec curve defined by y^2 = x^3 + a*x + b (for GFp) + * or y^2 + x*y = x^3 + a*x^2 + b (for GF2m) + * \param group EC_GROUP object + * \param p BIGNUM with the prime number (GFp) or the polynomial + * defining the underlying field (GF2m) + * \param a BIGNUM for parameter a of the equation + * \param b BIGNUM for parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, + BN_CTX *ctx); + +/** Sets the parameters of an ec curve. Synonym for EC_GROUP_set_curve + * \param group EC_GROUP object + * \param p BIGNUM with the prime number (GFp) or the polynomial + * defining the underlying field (GF2m) + * \param a BIGNUM with parameter a of the equation + * \param b BIGNUM with parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_3_0(int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, + const BIGNUM *a, const BIGNUM *b, + BN_CTX *ctx)) + +/** Gets the parameters of an ec curve. Synonym for EC_GROUP_get_curve + * \param group EC_GROUP object + * \param p BIGNUM with the prime number (GFp) or the polynomial + * defining the underlying field (GF2m) + * \param a BIGNUM for parameter a of the equation + * \param b BIGNUM for parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_3_0(int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, + BIGNUM *a, BIGNUM *b, + BN_CTX *ctx)) + +# ifndef OPENSSL_NO_EC2M +/** Sets the parameter of an ec curve. Synonym for EC_GROUP_set_curve + * \param group EC_GROUP object + * \param p BIGNUM with the prime number (GFp) or the polynomial + * defining the underlying field (GF2m) + * \param a BIGNUM with parameter a of the equation + * \param b BIGNUM with parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_3_0(int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, + const BIGNUM *a, const BIGNUM *b, + BN_CTX *ctx)) + +/** Gets the parameters of an ec curve. Synonym for EC_GROUP_get_curve + * \param group EC_GROUP object + * \param p BIGNUM with the prime number (GFp) or the polynomial + * defining the underlying field (GF2m) + * \param a BIGNUM for parameter a of the equation + * \param b BIGNUM for parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_3_0(int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, + BIGNUM *a, BIGNUM *b, + BN_CTX *ctx)) +# endif +/** Returns the number of bits needed to represent a field element + * \param group EC_GROUP object + * \return number of bits needed to represent a field element + */ +int EC_GROUP_get_degree(const EC_GROUP *group); + +/** Checks whether the parameter in the EC_GROUP define a valid ec group + * \param group EC_GROUP object + * \param ctx BN_CTX object (optional) + * \return 1 if group is a valid ec group and 0 otherwise + */ +int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx); + +/** Checks whether the discriminant of the elliptic curve is zero or not + * \param group EC_GROUP object + * \param ctx BN_CTX object (optional) + * \return 1 if the discriminant is not zero and 0 otherwise + */ +int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx); + +/** Compares two EC_GROUP objects + * \param a first EC_GROUP object + * \param b second EC_GROUP object + * \param ctx BN_CTX object (optional) + * \return 0 if the groups are equal, 1 if not, or -1 on error + */ +int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx); + +/* + * EC_GROUP_new_GF*() calls EC_GROUP_new() and EC_GROUP_set_GF*() after + * choosing an appropriate EC_METHOD + */ + +/** Creates a new EC_GROUP object with the specified parameters defined + * over GFp (defined by the equation y^2 = x^3 + a*x + b) + * \param p BIGNUM with the prime number + * \param a BIGNUM with the parameter a of the equation + * \param b BIGNUM with the parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return newly created EC_GROUP object with the specified parameters + */ +EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, + const BIGNUM *b, BN_CTX *ctx); +# ifndef OPENSSL_NO_EC2M +/** Creates a new EC_GROUP object with the specified parameters defined + * over GF2m (defined by the equation y^2 + x*y = x^3 + a*x^2 + b) + * \param p BIGNUM with the polynomial defining the underlying field + * \param a BIGNUM with the parameter a of the equation + * \param b BIGNUM with the parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return newly created EC_GROUP object with the specified parameters + */ +EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, + const BIGNUM *b, BN_CTX *ctx); +# endif + +/** + * Creates a EC_GROUP object with a curve specified by a NID + * \param libctx The associated library context or NULL for the default + * context + * \param nid NID of the OID of the curve name + * \return newly created EC_GROUP object with specified curve or NULL + * if an error occurred + */ +EC_GROUP *EC_GROUP_new_by_curve_name_ex(OPENSSL_CTX *libctx, int nid); + +/** + * Creates a EC_GROUP object with a curve specified by a NID. Same as + * EC_GROUP_new_by_curve_name_ex but the libctx is always NULL. + * \param nid NID of the OID of the curve name + * \return newly created EC_GROUP object with specified curve or NULL + * if an error occurred + */ +EC_GROUP *EC_GROUP_new_by_curve_name(int nid); + +/** Creates a new EC_GROUP object from an ECPARAMETERS object + * \param params pointer to the ECPARAMETERS object + * \return newly created EC_GROUP object with specified curve or NULL + * if an error occurred + */ +EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params); + +/** Creates an ECPARAMETERS object for the given EC_GROUP object. + * \param group pointer to the EC_GROUP object + * \param params pointer to an existing ECPARAMETERS object or NULL + * \return pointer to the new ECPARAMETERS object or NULL + * if an error occurred. + */ +ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group, + ECPARAMETERS *params); + +/** Creates a new EC_GROUP object from an ECPKPARAMETERS object + * \param params pointer to an existing ECPKPARAMETERS object, or NULL + * \return newly created EC_GROUP object with specified curve, or NULL + * if an error occurred + */ +EC_GROUP *EC_GROUP_new_from_ecpkparameters(const ECPKPARAMETERS *params); + +/** Creates an ECPKPARAMETERS object for the given EC_GROUP object. + * \param group pointer to the EC_GROUP object + * \param params pointer to an existing ECPKPARAMETERS object or NULL + * \return pointer to the new ECPKPARAMETERS object or NULL + * if an error occurred. + */ +ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group, + ECPKPARAMETERS *params); + +/********************************************************************/ +/* handling of internal curves */ +/********************************************************************/ + +typedef struct { + int nid; + const char *comment; +} EC_builtin_curve; + +/* + * EC_builtin_curves(EC_builtin_curve *r, size_t size) returns number of all + * available curves or zero if a error occurred. In case r is not zero, + * nitems EC_builtin_curve structures are filled with the data of the first + * nitems internal groups + */ +size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems); + +const char *EC_curve_nid2nist(int nid); +int EC_curve_nist2nid(const char *name); +int EC_GROUP_check_named_curve(const EC_GROUP *group, int nist_only, + BN_CTX *ctx); + +/********************************************************************/ +/* EC_POINT functions */ +/********************************************************************/ + +/** Creates a new EC_POINT object for the specified EC_GROUP + * \param group EC_GROUP the underlying EC_GROUP object + * \return newly created EC_POINT object or NULL if an error occurred + */ +EC_POINT *EC_POINT_new(const EC_GROUP *group); + +/** Frees a EC_POINT object + * \param point EC_POINT object to be freed + */ +void EC_POINT_free(EC_POINT *point); + +/** Clears and frees a EC_POINT object + * \param point EC_POINT object to be cleared and freed + */ +void EC_POINT_clear_free(EC_POINT *point); + +/** Copies EC_POINT object + * \param dst destination EC_POINT object + * \param src source EC_POINT object + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_copy(EC_POINT *dst, const EC_POINT *src); + +/** Creates a new EC_POINT object and copies the content of the supplied + * EC_POINT + * \param src source EC_POINT object + * \param group underlying the EC_GROUP object + * \return newly created EC_POINT object or NULL if an error occurred + */ +EC_POINT *EC_POINT_dup(const EC_POINT *src, const EC_GROUP *group); + +/** Returns the EC_METHOD used in EC_POINT object + * \param point EC_POINT object + * \return the EC_METHOD used + */ +const EC_METHOD *EC_POINT_method_of(const EC_POINT *point); + +/** Sets a point to infinity (neutral element) + * \param group underlying EC_GROUP object + * \param point EC_POINT to set to infinity + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point); + +/** Sets the jacobian projective coordinates of a EC_POINT over GFp + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with the x-coordinate + * \param y BIGNUM with the y-coordinate + * \param z BIGNUM with the z-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, + EC_POINT *p, const BIGNUM *x, + const BIGNUM *y, const BIGNUM *z, + BN_CTX *ctx); + +/** Gets the jacobian projective coordinates of a EC_POINT over GFp + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM for the x-coordinate + * \param y BIGNUM for the y-coordinate + * \param z BIGNUM for the z-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, + const EC_POINT *p, BIGNUM *x, + BIGNUM *y, BIGNUM *z, + BN_CTX *ctx); + +/** Sets the affine coordinates of an EC_POINT + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with the x-coordinate + * \param y BIGNUM with the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_set_affine_coordinates(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, const BIGNUM *y, + BN_CTX *ctx); + +/** Gets the affine coordinates of an EC_POINT. + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM for the x-coordinate + * \param y BIGNUM for the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *p, + BIGNUM *x, BIGNUM *y, BN_CTX *ctx); + +/** Sets the affine coordinates of an EC_POINT. A synonym of + * EC_POINT_set_affine_coordinates + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with the x-coordinate + * \param y BIGNUM with the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_3_0(int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, + EC_POINT *p, + const BIGNUM *x, + const BIGNUM *y, + BN_CTX *ctx)) + +/** Gets the affine coordinates of an EC_POINT. A synonym of + * EC_POINT_get_affine_coordinates + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM for the x-coordinate + * \param y BIGNUM for the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_3_0(int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, + const EC_POINT *p, + BIGNUM *x, + BIGNUM *y, + BN_CTX *ctx)) + +/** Sets the x9.62 compressed coordinates of a EC_POINT + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with x-coordinate + * \param y_bit integer with the y-Bit (either 0 or 1) + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, int y_bit, + BN_CTX *ctx); + +/** Sets the x9.62 compressed coordinates of a EC_POINT. A synonym of + * EC_POINT_set_compressed_coordinates + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with x-coordinate + * \param y_bit integer with the y-Bit (either 0 or 1) + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_3_0(int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, + EC_POINT *p, + const BIGNUM *x, + int y_bit, + BN_CTX *ctx)) +# ifndef OPENSSL_NO_EC2M +/** Sets the affine coordinates of an EC_POINT. A synonym of + * EC_POINT_set_affine_coordinates + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with the x-coordinate + * \param y BIGNUM with the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_3_0(int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, + EC_POINT *p, + const BIGNUM *x, + const BIGNUM *y, + BN_CTX *ctx)) + +/** Gets the affine coordinates of an EC_POINT. A synonym of + * EC_POINT_get_affine_coordinates + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM for the x-coordinate + * \param y BIGNUM for the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_3_0(int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, + const EC_POINT *p, + BIGNUM *x, + BIGNUM *y, + BN_CTX *ctx)) + +/** Sets the x9.62 compressed coordinates of a EC_POINT. A synonym of + * EC_POINT_set_compressed_coordinates + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with x-coordinate + * \param y_bit integer with the y-Bit (either 0 or 1) + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_3_0(int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, + EC_POINT *p, + const BIGNUM *x, + int y_bit, + BN_CTX *ctx)) +# endif +/** Encodes a EC_POINT object to a octet string + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param form point conversion form + * \param buf memory buffer for the result. If NULL the function returns + * required buffer size. + * \param len length of the memory buffer + * \param ctx BN_CTX object (optional) + * \return the length of the encoded octet string or 0 if an error occurred + */ +size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *p, + point_conversion_form_t form, + unsigned char *buf, size_t len, BN_CTX *ctx); + +/** Decodes a EC_POINT from a octet string + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param buf memory buffer with the encoded ec point + * \param len length of the encoded ec point + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *p, + const unsigned char *buf, size_t len, BN_CTX *ctx); + +/** Encodes an EC_POINT object to an allocated octet string + * \param group underlying EC_GROUP object + * \param point EC_POINT object + * \param form point conversion form + * \param pbuf returns pointer to allocated buffer + * \param ctx BN_CTX object (optional) + * \return the length of the encoded octet string or 0 if an error occurred + */ +size_t EC_POINT_point2buf(const EC_GROUP *group, const EC_POINT *point, + point_conversion_form_t form, + unsigned char **pbuf, BN_CTX *ctx); + +/* other interfaces to point2oct/oct2point: */ +BIGNUM *EC_POINT_point2bn(const EC_GROUP *, const EC_POINT *, + point_conversion_form_t form, BIGNUM *, BN_CTX *); +EC_POINT *EC_POINT_bn2point(const EC_GROUP *, const BIGNUM *, + EC_POINT *, BN_CTX *); +char *EC_POINT_point2hex(const EC_GROUP *, const EC_POINT *, + point_conversion_form_t form, BN_CTX *); +EC_POINT *EC_POINT_hex2point(const EC_GROUP *, const char *, + EC_POINT *, BN_CTX *); + +/********************************************************************/ +/* functions for doing EC_POINT arithmetic */ +/********************************************************************/ + +/** Computes the sum of two EC_POINT + * \param group underlying EC_GROUP object + * \param r EC_POINT object for the result (r = a + b) + * \param a EC_POINT object with the first summand + * \param b EC_POINT object with the second summand + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, + const EC_POINT *b, BN_CTX *ctx); + +/** Computes the double of a EC_POINT + * \param group underlying EC_GROUP object + * \param r EC_POINT object for the result (r = 2 * a) + * \param a EC_POINT object + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, + BN_CTX *ctx); + +/** Computes the inverse of a EC_POINT + * \param group underlying EC_GROUP object + * \param a EC_POINT object to be inverted (it's used for the result as well) + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx); + +/** Checks whether the point is the neutral element of the group + * \param group the underlying EC_GROUP object + * \param p EC_POINT object + * \return 1 if the point is the neutral element and 0 otherwise + */ +int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *p); + +/** Checks whether the point is on the curve + * \param group underlying EC_GROUP object + * \param point EC_POINT object to check + * \param ctx BN_CTX object (optional) + * \return 1 if the point is on the curve, 0 if not, or -1 on error + */ +int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, + BN_CTX *ctx); + +/** Compares two EC_POINTs + * \param group underlying EC_GROUP object + * \param a first EC_POINT object + * \param b second EC_POINT object + * \param ctx BN_CTX object (optional) + * \return 1 if the points are not equal, 0 if they are, or -1 on error + */ +int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, + BN_CTX *ctx); + +int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx); +int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, + EC_POINT *points[], BN_CTX *ctx); + +/** Computes r = generator * n + sum_{i=0}^{num-1} p[i] * m[i] + * \param group underlying EC_GROUP object + * \param r EC_POINT object for the result + * \param n BIGNUM with the multiplier for the group generator (optional) + * \param num number further summands + * \param p array of size num of EC_POINT objects + * \param m array of size num of BIGNUM objects + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, + size_t num, const EC_POINT *p[], const BIGNUM *m[], + BN_CTX *ctx); + +/** Computes r = generator * n + q * m + * \param group underlying EC_GROUP object + * \param r EC_POINT object for the result + * \param n BIGNUM with the multiplier for the group generator (optional) + * \param q EC_POINT object with the first factor of the second summand + * \param m BIGNUM with the second factor of the second summand + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, + const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx); + +/** Stores multiples of generator for faster point multiplication + * \param group EC_GROUP object + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx); + +/** Reports whether a precomputation has been done + * \param group EC_GROUP object + * \return 1 if a pre-computation has been done and 0 otherwise + */ +int EC_GROUP_have_precompute_mult(const EC_GROUP *group); + +/********************************************************************/ +/* ASN1 stuff */ +/********************************************************************/ + +DECLARE_ASN1_ITEM(ECPKPARAMETERS) +DECLARE_ASN1_ALLOC_FUNCTIONS(ECPKPARAMETERS) +DECLARE_ASN1_ITEM(ECPARAMETERS) +DECLARE_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS) + +/* + * EC_GROUP_get_basis_type() returns the NID of the basis type used to + * represent the field elements + */ +int EC_GROUP_get_basis_type(const EC_GROUP *); +# ifndef OPENSSL_NO_EC2M +int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k); +int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1, + unsigned int *k2, unsigned int *k3); +# endif + +# define OPENSSL_EC_EXPLICIT_CURVE 0x000 +# define OPENSSL_EC_NAMED_CURVE 0x001 + +EC_GROUP *d2i_ECPKParameters(EC_GROUP **, const unsigned char **in, long len); +int i2d_ECPKParameters(const EC_GROUP *, unsigned char **out); + +# define d2i_ECPKParameters_bio(bp,x) \ + ASN1_d2i_bio_of(EC_GROUP, NULL, d2i_ECPKParameters, bp, x) +# define i2d_ECPKParameters_bio(bp,x) \ + ASN1_i2d_bio_of(EC_GROUP, i2d_ECPKParameters, bp, x) +# define d2i_ECPKParameters_fp(fp,x) \ + (EC_GROUP *)ASN1_d2i_fp(NULL, (char *(*)())d2i_ECPKParameters, (fp), \ + (unsigned char **)(x)) +# define i2d_ECPKParameters_fp(fp,x) \ + ASN1_i2d_fp(i2d_ECPKParameters,(fp), (unsigned char *)(x)) + +int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off); +# ifndef OPENSSL_NO_STDIO +int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off); +# endif + +/********************************************************************/ +/* EC_KEY functions */ +/********************************************************************/ + +/* some values for the encoding_flag */ +# define EC_PKEY_NO_PARAMETERS 0x001 +# define EC_PKEY_NO_PUBKEY 0x002 + +/* some values for the flags field */ +# define EC_FLAG_NON_FIPS_ALLOW 0x1 +# define EC_FLAG_FIPS_CHECKED 0x2 +# define EC_FLAG_COFACTOR_ECDH 0x1000 + +/** + * Creates a new EC_KEY object. + * \param ctx The library context for to use for this EC_KEY. May be NULL in + * which case the default library context is used. + * \return EC_KEY object or NULL if an error occurred. + */ +EC_KEY *EC_KEY_new_ex(OPENSSL_CTX *ctx); + +/** + * Creates a new EC_KEY object. Same as calling EC_KEY_new_ex with a NULL + * library context + * \return EC_KEY object or NULL if an error occurred. + */ +EC_KEY *EC_KEY_new(void); + +int EC_KEY_get_flags(const EC_KEY *key); + +void EC_KEY_set_flags(EC_KEY *key, int flags); + +void EC_KEY_clear_flags(EC_KEY *key, int flags); + +/** + * Creates a new EC_KEY object using a named curve as underlying + * EC_GROUP object. + * \param ctx The library context for to use for this EC_KEY. May be NULL in + * which case the default library context is used. + * \param nid NID of the named curve. + * \return EC_KEY object or NULL if an error occurred. + */ +EC_KEY *EC_KEY_new_by_curve_name_ex(OPENSSL_CTX *ctx, int nid); + +/** + * Creates a new EC_KEY object using a named curve as underlying + * EC_GROUP object. Same as calling EC_KEY_new_by_curve_name_ex with a NULL + * library context. + * \param nid NID of the named curve. + * \return EC_KEY object or NULL if an error occurred. + */ +EC_KEY *EC_KEY_new_by_curve_name(int nid); + + +/** Frees a EC_KEY object. + * \param key EC_KEY object to be freed. + */ +void EC_KEY_free(EC_KEY *key); + +/** Copies a EC_KEY object. + * \param dst destination EC_KEY object + * \param src src EC_KEY object + * \return dst or NULL if an error occurred. + */ +EC_KEY *EC_KEY_copy(EC_KEY *dst, const EC_KEY *src); + +/** Creates a new EC_KEY object and copies the content from src to it. + * \param src the source EC_KEY object + * \return newly created EC_KEY object or NULL if an error occurred. + */ +EC_KEY *EC_KEY_dup(const EC_KEY *src); + +/** Increases the internal reference count of a EC_KEY object. + * \param key EC_KEY object + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_up_ref(EC_KEY *key); + +/** Returns the ENGINE object of a EC_KEY object + * \param eckey EC_KEY object + * \return the ENGINE object (possibly NULL). + */ +ENGINE *EC_KEY_get0_engine(const EC_KEY *eckey); + +/** Returns the EC_GROUP object of a EC_KEY object + * \param key EC_KEY object + * \return the EC_GROUP object (possibly NULL). + */ +const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key); + +/** Sets the EC_GROUP of a EC_KEY object. + * \param key EC_KEY object + * \param group EC_GROUP to use in the EC_KEY object (note: the EC_KEY + * object will use an own copy of the EC_GROUP). + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group); + +/** Returns the private key of a EC_KEY object. + * \param key EC_KEY object + * \return a BIGNUM with the private key (possibly NULL). + */ +const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key); + +/** Sets the private key of a EC_KEY object. + * \param key EC_KEY object + * \param prv BIGNUM with the private key (note: the EC_KEY object + * will use an own copy of the BIGNUM). + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *prv); + +/** Returns the public key of a EC_KEY object. + * \param key the EC_KEY object + * \return a EC_POINT object with the public key (possibly NULL) + */ +const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key); + +/** Sets the public key of a EC_KEY object. + * \param key EC_KEY object + * \param pub EC_POINT object with the public key (note: the EC_KEY object + * will use an own copy of the EC_POINT object). + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub); + +unsigned EC_KEY_get_enc_flags(const EC_KEY *key); +void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags); +point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key); +void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform); + +# define EC_KEY_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_EC_KEY, l, p, newf, dupf, freef) +int EC_KEY_set_ex_data(EC_KEY *key, int idx, void *arg); +void *EC_KEY_get_ex_data(const EC_KEY *key, int idx); + +/* wrapper functions for the underlying EC_GROUP object */ +void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag); + +/** Creates a table of pre-computed multiples of the generator to + * accelerate further EC_KEY operations. + * \param key EC_KEY object + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx); + +/** Creates a new ec private (and optional a new public) key. + * \param key EC_KEY object + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_generate_key(EC_KEY *key); + +/** Verifies that a private and/or public key is valid. + * \param key the EC_KEY object + * \return 1 on success and 0 otherwise. + */ +int EC_KEY_check_key(const EC_KEY *key); + +/** Indicates if an EC_KEY can be used for signing. + * \param eckey the EC_KEY object + * \return 1 if can can sign and 0 otherwise. + */ +int EC_KEY_can_sign(const EC_KEY *eckey); + +/** Sets a public key from affine coordinates performing + * necessary NIST PKV tests. + * \param key the EC_KEY object + * \param x public key x coordinate + * \param y public key y coordinate + * \return 1 on success and 0 otherwise. + */ +int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, + BIGNUM *y); + +/** Encodes an EC_KEY public key to an allocated octet string + * \param key key to encode + * \param form point conversion form + * \param pbuf returns pointer to allocated buffer + * \param ctx BN_CTX object (optional) + * \return the length of the encoded octet string or 0 if an error occurred + */ +size_t EC_KEY_key2buf(const EC_KEY *key, point_conversion_form_t form, + unsigned char **pbuf, BN_CTX *ctx); + +/** Decodes a EC_KEY public key from a octet string + * \param key key to decode + * \param buf memory buffer with the encoded ec point + * \param len length of the encoded ec point + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ + +int EC_KEY_oct2key(EC_KEY *key, const unsigned char *buf, size_t len, + BN_CTX *ctx); + +/** Decodes an EC_KEY private key from an octet string + * \param key key to decode + * \param buf memory buffer with the encoded private key + * \param len length of the encoded key + * \return 1 on success and 0 if an error occurred + */ + +int EC_KEY_oct2priv(EC_KEY *key, const unsigned char *buf, size_t len); + +/** Encodes a EC_KEY private key to an octet string + * \param key key to encode + * \param buf memory buffer for the result. If NULL the function returns + * required buffer size. + * \param len length of the memory buffer + * \return the length of the encoded octet string or 0 if an error occurred + */ + +size_t EC_KEY_priv2oct(const EC_KEY *key, unsigned char *buf, size_t len); + +/** Encodes an EC_KEY private key to an allocated octet string + * \param eckey key to encode + * \param pbuf returns pointer to allocated buffer + * \return the length of the encoded octet string or 0 if an error occurred + */ +size_t EC_KEY_priv2buf(const EC_KEY *eckey, unsigned char **pbuf); + +/********************************************************************/ +/* de- and encoding functions for SEC1 ECPrivateKey */ +/********************************************************************/ + +/** Decodes a private key from a memory buffer. + * \param key a pointer to a EC_KEY object which should be used (or NULL) + * \param in pointer to memory with the DER encoded private key + * \param len length of the DER encoded private key + * \return the decoded private key or NULL if an error occurred. + */ +EC_KEY *d2i_ECPrivateKey(EC_KEY **key, const unsigned char **in, long len); + +/** Encodes a private key object and stores the result in a buffer. + * \param key the EC_KEY object to encode + * \param out the buffer for the result (if NULL the function returns number + * of bytes needed). + * \return 1 on success and 0 if an error occurred. + */ +int i2d_ECPrivateKey(const EC_KEY *key, unsigned char **out); + +/********************************************************************/ +/* de- and encoding functions for EC parameters */ +/********************************************************************/ + +/** Decodes ec parameter from a memory buffer. + * \param key a pointer to a EC_KEY object which should be used (or NULL) + * \param in pointer to memory with the DER encoded ec parameters + * \param len length of the DER encoded ec parameters + * \return a EC_KEY object with the decoded parameters or NULL if an error + * occurred. + */ +EC_KEY *d2i_ECParameters(EC_KEY **key, const unsigned char **in, long len); + +/** Encodes ec parameter and stores the result in a buffer. + * \param key the EC_KEY object with ec parameters to encode + * \param out the buffer for the result (if NULL the function returns number + * of bytes needed). + * \return 1 on success and 0 if an error occurred. + */ +int i2d_ECParameters(const EC_KEY *key, unsigned char **out); + +/********************************************************************/ +/* de- and encoding functions for EC public key */ +/* (octet string, not DER -- hence 'o2i' and 'i2o') */ +/********************************************************************/ + +/** Decodes a ec public key from a octet string. + * \param key a pointer to a EC_KEY object which should be used + * \param in memory buffer with the encoded public key + * \param len length of the encoded public key + * \return EC_KEY object with decoded public key or NULL if an error + * occurred. + */ +EC_KEY *o2i_ECPublicKey(EC_KEY **key, const unsigned char **in, long len); + +/** Encodes a ec public key in an octet string. + * \param key the EC_KEY object with the public key + * \param out the buffer for the result (if NULL the function returns number + * of bytes needed). + * \return 1 on success and 0 if an error occurred + */ +int i2o_ECPublicKey(const EC_KEY *key, unsigned char **out); + +/** Prints out the ec parameters on human readable form. + * \param bp BIO object to which the information is printed + * \param key EC_KEY object + * \return 1 on success and 0 if an error occurred + */ +int ECParameters_print(BIO *bp, const EC_KEY *key); + +/** Prints out the contents of a EC_KEY object + * \param bp BIO object to which the information is printed + * \param key EC_KEY object + * \param off line offset + * \return 1 on success and 0 if an error occurred + */ +int EC_KEY_print(BIO *bp, const EC_KEY *key, int off); + +# ifndef OPENSSL_NO_STDIO +/** Prints out the ec parameters on human readable form. + * \param fp file descriptor to which the information is printed + * \param key EC_KEY object + * \return 1 on success and 0 if an error occurred + */ +int ECParameters_print_fp(FILE *fp, const EC_KEY *key); + +/** Prints out the contents of a EC_KEY object + * \param fp file descriptor to which the information is printed + * \param key EC_KEY object + * \param off line offset + * \return 1 on success and 0 if an error occurred + */ +int EC_KEY_print_fp(FILE *fp, const EC_KEY *key, int off); + +# endif + +const EC_KEY_METHOD *EC_KEY_OpenSSL(void); +const EC_KEY_METHOD *EC_KEY_get_default_method(void); +void EC_KEY_set_default_method(const EC_KEY_METHOD *meth); +const EC_KEY_METHOD *EC_KEY_get_method(const EC_KEY *key); +int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth); +EC_KEY *EC_KEY_new_method(ENGINE *engine); + +/** The old name for ecdh_KDF_X9_63 + * The ECDH KDF specification has been mistakingly attributed to ANSI X9.62, + * it is actually specified in ANSI X9.63. + * This identifier is retained for backwards compatibility + */ +DEPRECATEDIN_3_0(int ECDH_KDF_X9_62(unsigned char *out, size_t outlen, + const unsigned char *Z, size_t Zlen, + const unsigned char *sinfo, size_t sinfolen, + const EVP_MD *md)) + +DEPRECATEDIN_3_0(int ECDH_compute_key(void *out, size_t outlen, + const EC_POINT *pub_key, + const EC_KEY *ecdh, + void *(*KDF)(const void *in, size_t inlen, + void *out, size_t *outlen))) + +typedef struct ECDSA_SIG_st ECDSA_SIG; + +/** Allocates and initialize a ECDSA_SIG structure + * \return pointer to a ECDSA_SIG structure or NULL if an error occurred + */ +ECDSA_SIG *ECDSA_SIG_new(void); + +/** frees a ECDSA_SIG structure + * \param sig pointer to the ECDSA_SIG structure + */ +void ECDSA_SIG_free(ECDSA_SIG *sig); + +/** i2d_ECDSA_SIG encodes content of ECDSA_SIG (note: this function modifies *pp + * (*pp += length of the DER encoded signature)). + * \param sig pointer to the ECDSA_SIG object + * \param pp pointer to a unsigned char pointer for the output or NULL + * \return the length of the DER encoded ECDSA_SIG object or a negative value + * on error + */ +DECLARE_ASN1_ENCODE_FUNCTIONS_only(ECDSA_SIG, ECDSA_SIG) + +/** d2i_ECDSA_SIG decodes an ECDSA signature (note: this function modifies *pp + * (*pp += len)). + * \param sig pointer to ECDSA_SIG pointer (may be NULL) + * \param pp memory buffer with the DER encoded signature + * \param len length of the buffer + * \return pointer to the decoded ECDSA_SIG structure (or NULL) + */ + +/** Accessor for r and s fields of ECDSA_SIG + * \param sig pointer to ECDSA_SIG structure + * \param pr pointer to BIGNUM pointer for r (may be NULL) + * \param ps pointer to BIGNUM pointer for s (may be NULL) + */ +void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); + +/** Accessor for r field of ECDSA_SIG + * \param sig pointer to ECDSA_SIG structure + */ +const BIGNUM *ECDSA_SIG_get0_r(const ECDSA_SIG *sig); + +/** Accessor for s field of ECDSA_SIG + * \param sig pointer to ECDSA_SIG structure + */ +const BIGNUM *ECDSA_SIG_get0_s(const ECDSA_SIG *sig); + +/** Setter for r and s fields of ECDSA_SIG + * \param sig pointer to ECDSA_SIG structure + * \param r pointer to BIGNUM for r (may be NULL) + * \param s pointer to BIGNUM for s (may be NULL) + */ +int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s); + +/** Computes the ECDSA signature of the given hash value using + * the supplied private key and returns the created signature. + * \param dgst pointer to the hash value + * \param dgst_len length of the hash value + * \param eckey EC_KEY object containing a private EC key + * \return pointer to a ECDSA_SIG structure or NULL if an error occurred + */ +DEPRECATEDIN_3_0(ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, + int dgst_len, EC_KEY *eckey)) + +/** Computes ECDSA signature of a given hash value using the supplied + * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). + * \param dgst pointer to the hash value to sign + * \param dgstlen length of the hash value + * \param kinv BIGNUM with a pre-computed inverse k (optional) + * \param rp BIGNUM with a pre-computed rp value (optional), + * see ECDSA_sign_setup + * \param eckey EC_KEY object containing a private EC key + * \return pointer to a ECDSA_SIG structure or NULL if an error occurred + */ +DEPRECATEDIN_3_0(ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, + int dgstlen, const BIGNUM *kinv, + const BIGNUM *rp, EC_KEY *eckey)) + +/** Verifies that the supplied signature is a valid ECDSA + * signature of the supplied hash value using the supplied public key. + * \param dgst pointer to the hash value + * \param dgst_len length of the hash value + * \param sig ECDSA_SIG structure + * \param eckey EC_KEY object containing a public EC key + * \return 1 if the signature is valid, 0 if the signature is invalid + * and -1 on error + */ +DEPRECATEDIN_3_0(int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, + const ECDSA_SIG *sig, EC_KEY *eckey)) + +/** Precompute parts of the signing operation + * \param eckey EC_KEY object containing a private EC key + * \param ctx BN_CTX object (optional) + * \param kinv BIGNUM pointer for the inverse of k + * \param rp BIGNUM pointer for x coordinate of k * generator + * \return 1 on success and 0 otherwise + */ +DEPRECATEDIN_3_0(int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, + BIGNUM **kinv, BIGNUM **rp)) + +/** Computes ECDSA signature of a given hash value using the supplied + * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). + * \param type this parameter is ignored + * \param dgst pointer to the hash value to sign + * \param dgstlen length of the hash value + * \param sig memory for the DER encoded created signature + * \param siglen pointer to the length of the returned signature + * \param eckey EC_KEY object containing a private EC key + * \return 1 on success and 0 otherwise + */ +DEPRECATEDIN_3_0(int ECDSA_sign(int type, const unsigned char *dgst, + int dgstlen, unsigned char *sig, + unsigned int *siglen, EC_KEY *eckey)) + +/** Computes ECDSA signature of a given hash value using the supplied + * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). + * \param type this parameter is ignored + * \param dgst pointer to the hash value to sign + * \param dgstlen length of the hash value + * \param sig buffer to hold the DER encoded signature + * \param siglen pointer to the length of the returned signature + * \param kinv BIGNUM with a pre-computed inverse k (optional) + * \param rp BIGNUM with a pre-computed rp value (optional), + * see ECDSA_sign_setup + * \param eckey EC_KEY object containing a private EC key + * \return 1 on success and 0 otherwise + */ +DEPRECATEDIN_3_0(int ECDSA_sign_ex(int type, const unsigned char *dgst, + int dgstlen, unsigned char *sig, + unsigned int *siglen, const BIGNUM *kinv, + const BIGNUM *rp, EC_KEY *eckey)) + +/** Verifies that the given signature is valid ECDSA signature + * of the supplied hash value using the specified public key. + * \param type this parameter is ignored + * \param dgst pointer to the hash value + * \param dgstlen length of the hash value + * \param sig pointer to the DER encoded signature + * \param siglen length of the DER encoded signature + * \param eckey EC_KEY object containing a public EC key + * \return 1 if the signature is valid, 0 if the signature is invalid + * and -1 on error + */ +DEPRECATEDIN_3_0(int ECDSA_verify(int type, const unsigned char *dgst, + int dgstlen, const unsigned char *sig, + int siglen, EC_KEY *eckey)) + +/** Returns the maximum length of the DER encoded signature + * \param eckey EC_KEY object + * \return numbers of bytes required for the DER encoded signature + */ +DEPRECATEDIN_3_0(int ECDSA_size(const EC_KEY *eckey)) + +/********************************************************************/ +/* EC_KEY_METHOD constructors, destructors, writers and accessors */ +/********************************************************************/ + +DEPRECATEDIN_3_0(EC_KEY_METHOD *EC_KEY_METHOD_new(const EC_KEY_METHOD *meth)) +DEPRECATEDIN_3_0(void EC_KEY_METHOD_free(EC_KEY_METHOD *meth)) +DEPRECATEDIN_3_0(void EC_KEY_METHOD_set_init + (EC_KEY_METHOD *meth, + int (*init)(EC_KEY *key), + void (*finish)(EC_KEY *key), + int (*copy)(EC_KEY *dest, const EC_KEY *src), + int (*set_group)(EC_KEY *key, const EC_GROUP *grp), + int (*set_private)(EC_KEY *key, + const BIGNUM *priv_key), + int (*set_public)(EC_KEY *key, + const EC_POINT *pub_key))) + +DEPRECATEDIN_3_0(void EC_KEY_METHOD_set_keygen(EC_KEY_METHOD *meth, + int (*keygen)(EC_KEY *key))) + +DEPRECATEDIN_3_0(void EC_KEY_METHOD_set_compute_key + (EC_KEY_METHOD *meth, + int (*ckey)(unsigned char **psec, + size_t *pseclen, + const EC_POINT *pub_key, + const EC_KEY *ecdh))) + +DEPRECATEDIN_3_0(void EC_KEY_METHOD_set_sign + (EC_KEY_METHOD *meth, + int (*sign)(int type, const unsigned char *dgst, + int dlen, unsigned char *sig, + unsigned int *siglen, + const BIGNUM *kinv, const BIGNUM *r, + EC_KEY *eckey), + int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in, + BIGNUM **kinvp, BIGNUM **rp), + ECDSA_SIG *(*sign_sig)(const unsigned char *dgst, + int dgst_len, + const BIGNUM *in_kinv, + const BIGNUM *in_r, + EC_KEY *eckey))) + +DEPRECATEDIN_3_0(void EC_KEY_METHOD_set_verify + (EC_KEY_METHOD *meth, + int (*verify)(int type, const unsigned + char *dgst, int dgst_len, + const unsigned char *sigbuf, + int sig_len, EC_KEY *eckey), + int (*verify_sig)(const unsigned char *dgst, + int dgst_len, + const ECDSA_SIG *sig, + EC_KEY *eckey))) + +DEPRECATEDIN_3_0(void EC_KEY_METHOD_get_init + (const EC_KEY_METHOD *meth, + int (**pinit)(EC_KEY *key), + void (**pfinish)(EC_KEY *key), + int (**pcopy)(EC_KEY *dest, const EC_KEY *src), + int (**pset_group)(EC_KEY *key, + const EC_GROUP *grp), + int (**pset_private)(EC_KEY *key, + const BIGNUM *priv_key), + int (**pset_public)(EC_KEY *key, + const EC_POINT *pub_key))) + +DEPRECATEDIN_3_0(void EC_KEY_METHOD_get_keygen(const EC_KEY_METHOD *meth, + int (**pkeygen)(EC_KEY *key))) + +DEPRECATEDIN_3_0(void EC_KEY_METHOD_get_compute_key + (const EC_KEY_METHOD *meth, + int (**pck)(unsigned char **psec, + size_t *pseclen, + const EC_POINT *pub_key, + const EC_KEY *ecdh))) + +DEPRECATEDIN_3_0(void EC_KEY_METHOD_get_sign + (const EC_KEY_METHOD *meth, + int (**psign)(int type, const unsigned char *dgst, + int dlen, unsigned char *sig, + unsigned int *siglen, + const BIGNUM *kinv, const BIGNUM *r, + EC_KEY *eckey), + int (**psign_setup)(EC_KEY *eckey, BN_CTX *ctx_in, + BIGNUM **kinvp, BIGNUM **rp), + ECDSA_SIG *(**psign_sig)(const unsigned char *dgst, + int dgst_len, + const BIGNUM *in_kinv, + const BIGNUM *in_r, + EC_KEY *eckey))) + +DEPRECATEDIN_3_0(void EC_KEY_METHOD_get_verify + (const EC_KEY_METHOD *meth, + int (**pverify)(int type, const unsigned + char *dgst, int dgst_len, + const unsigned char *sigbuf, + int sig_len, EC_KEY *eckey), + int (**pverify_sig)(const unsigned char *dgst, + int dgst_len, + const ECDSA_SIG *sig, + EC_KEY *eckey))) + +# define ECParameters_dup(x) ASN1_dup_of(EC_KEY, i2d_ECParameters, \ + d2i_ECParameters, x) + +# ifndef __cplusplus +# if defined(__SUNPRO_C) +# if __SUNPRO_C >= 0x520 +# pragma error_messages (default,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE) +# endif +# endif +# endif + +# define EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_PARAMGEN|EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, nid, NULL) + +# define EVP_PKEY_CTX_set_ec_param_enc(ctx, flag) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_PARAMGEN|EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_EC_PARAM_ENC, flag, NULL) + +int EVP_PKEY_CTX_set_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx, int cofactor_mode); +int EVP_PKEY_CTX_get_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx); + +int EVP_PKEY_CTX_set_ecdh_kdf_type(EVP_PKEY_CTX *ctx, int kdf); +int EVP_PKEY_CTX_get_ecdh_kdf_type(EVP_PKEY_CTX *ctx); + +int EVP_PKEY_CTX_set_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); +int EVP_PKEY_CTX_get_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD **md); + +int EVP_PKEY_CTX_set_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int len); +int EVP_PKEY_CTX_get_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int *len); + +int EVP_PKEY_CTX_set0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char *ukm, + int len); +int EVP_PKEY_CTX_get0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm); + +/* SM2 will skip the operation check so no need to pass operation here */ +# define EVP_PKEY_CTX_set1_id(ctx, id, id_len) \ + EVP_PKEY_CTX_ctrl(ctx, -1, -1, \ + EVP_PKEY_CTRL_SET1_ID, (int)id_len, (void*)(id)) +# define EVP_PKEY_CTX_get1_id(ctx, id) \ + EVP_PKEY_CTX_ctrl(ctx, -1, -1, \ + EVP_PKEY_CTRL_GET1_ID, 0, (void*)(id)) + +# define EVP_PKEY_CTX_get1_id_len(ctx, id_len) \ + EVP_PKEY_CTX_ctrl(ctx, -1, -1, \ + EVP_PKEY_CTRL_GET1_ID_LEN, 0, (void*)(id_len)) + +# define EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID (EVP_PKEY_ALG_CTRL + 1) +# define EVP_PKEY_CTRL_EC_PARAM_ENC (EVP_PKEY_ALG_CTRL + 2) +# define EVP_PKEY_CTRL_EC_ECDH_COFACTOR (EVP_PKEY_ALG_CTRL + 3) +# define EVP_PKEY_CTRL_EC_KDF_TYPE (EVP_PKEY_ALG_CTRL + 4) +# define EVP_PKEY_CTRL_EC_KDF_MD (EVP_PKEY_ALG_CTRL + 5) +# define EVP_PKEY_CTRL_GET_EC_KDF_MD (EVP_PKEY_ALG_CTRL + 6) +# define EVP_PKEY_CTRL_EC_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 7) +# define EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 8) +# define EVP_PKEY_CTRL_EC_KDF_UKM (EVP_PKEY_ALG_CTRL + 9) +# define EVP_PKEY_CTRL_GET_EC_KDF_UKM (EVP_PKEY_ALG_CTRL + 10) +# define EVP_PKEY_CTRL_SET1_ID (EVP_PKEY_ALG_CTRL + 11) +# define EVP_PKEY_CTRL_GET1_ID (EVP_PKEY_ALG_CTRL + 12) +# define EVP_PKEY_CTRL_GET1_ID_LEN (EVP_PKEY_ALG_CTRL + 13) + +/* KDF types */ +# define EVP_PKEY_ECDH_KDF_NONE 1 +# define EVP_PKEY_ECDH_KDF_X9_63 2 +/** The old name for EVP_PKEY_ECDH_KDF_X9_63 + * The ECDH KDF specification has been mistakingly attributed to ANSI X9.62, + * it is actually specified in ANSI X9.63. + * This identifier is retained for backwards compatibility + */ +# define EVP_PKEY_ECDH_KDF_X9_62 EVP_PKEY_ECDH_KDF_X9_63 + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/linux_amd64/ssl/include/openssl/ecdh.h b/linux_amd64/ssl/include/openssl/ecdh.h new file mode 100644 index 0000000..56bd4cc --- /dev/null +++ b/linux_amd64/ssl/include/openssl/ecdh.h @@ -0,0 +1,10 @@ +/* + * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include diff --git a/linux_amd64/ssl/include/openssl/ecdsa.h b/linux_amd64/ssl/include/openssl/ecdsa.h new file mode 100644 index 0000000..56bd4cc --- /dev/null +++ b/linux_amd64/ssl/include/openssl/ecdsa.h @@ -0,0 +1,10 @@ +/* + * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include diff --git a/linux_amd64/ssl/include/openssl/ecerr.h b/linux_amd64/ssl/include/openssl/ecerr.h new file mode 100644 index 0000000..88399db --- /dev/null +++ b/linux_amd64/ssl/include/openssl/ecerr.h @@ -0,0 +1,300 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_ECERR_H +# define OPENSSL_ECERR_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_ECERR_H +# endif + +# include +# include + + +# include + +# ifndef OPENSSL_NO_EC + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_EC_strings(void); + +/* + * EC function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define EC_F_BN_TO_FELEM 0 +# define EC_F_D2I_ECPARAMETERS 0 +# define EC_F_D2I_ECPKPARAMETERS 0 +# define EC_F_D2I_ECPRIVATEKEY 0 +# define EC_F_DO_EC_KEY_PRINT 0 +# define EC_F_ECDH_CMS_DECRYPT 0 +# define EC_F_ECDH_CMS_SET_SHARED_INFO 0 +# define EC_F_ECDH_COMPUTE_KEY 0 +# define EC_F_ECDH_SIMPLE_COMPUTE_KEY 0 +# define EC_F_ECDSA_DO_SIGN_EX 0 +# define EC_F_ECDSA_DO_VERIFY 0 +# define EC_F_ECDSA_S390X_NISTP_SIGN_SIG 0 +# define EC_F_ECDSA_S390X_NISTP_VERIFY_SIG 0 +# define EC_F_ECDSA_SIGN_EX 0 +# define EC_F_ECDSA_SIGN_SETUP 0 +# define EC_F_ECDSA_SIG_NEW 0 +# define EC_F_ECDSA_SIMPLE_SIGN_SETUP 0 +# define EC_F_ECDSA_SIMPLE_SIGN_SIG 0 +# define EC_F_ECDSA_SIMPLE_VERIFY_SIG 0 +# define EC_F_ECDSA_VERIFY 0 +# define EC_F_ECD_ITEM_VERIFY 0 +# define EC_F_ECKEY_PARAM2TYPE 0 +# define EC_F_ECKEY_PARAM_DECODE 0 +# define EC_F_ECKEY_PRIV_DECODE 0 +# define EC_F_ECKEY_PRIV_ENCODE 0 +# define EC_F_ECKEY_PUB_DECODE 0 +# define EC_F_ECKEY_PUB_ENCODE 0 +# define EC_F_ECKEY_TYPE2PARAM 0 +# define EC_F_ECPARAMETERS_PRINT 0 +# define EC_F_ECPARAMETERS_PRINT_FP 0 +# define EC_F_ECPKPARAMETERS_PRINT 0 +# define EC_F_ECPKPARAMETERS_PRINT_FP 0 +# define EC_F_ECP_NISTZ256_GET_AFFINE 0 +# define EC_F_ECP_NISTZ256_INV_MOD_ORD 0 +# define EC_F_ECP_NISTZ256_MULT_PRECOMPUTE 0 +# define EC_F_ECP_NISTZ256_POINTS_MUL 0 +# define EC_F_ECP_NISTZ256_PRE_COMP_NEW 0 +# define EC_F_ECP_NISTZ256_WINDOWED_MUL 0 +# define EC_F_ECX_KEY_OP 0 +# define EC_F_ECX_PRIV_ENCODE 0 +# define EC_F_ECX_PUB_ENCODE 0 +# define EC_F_EC_ASN1_GROUP2CURVE 0 +# define EC_F_EC_ASN1_GROUP2FIELDID 0 +# define EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY 0 +# define EC_F_EC_GF2M_SIMPLE_FIELD_INV 0 +# define EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT 0 +# define EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE 0 +# define EC_F_EC_GF2M_SIMPLE_LADDER_POST 0 +# define EC_F_EC_GF2M_SIMPLE_LADDER_PRE 0 +# define EC_F_EC_GF2M_SIMPLE_OCT2POINT 0 +# define EC_F_EC_GF2M_SIMPLE_POINT2OCT 0 +# define EC_F_EC_GF2M_SIMPLE_POINTS_MUL 0 +# define EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES 0 +# define EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES 0 +# define EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES 0 +# define EC_F_EC_GFP_MONT_FIELD_DECODE 0 +# define EC_F_EC_GFP_MONT_FIELD_ENCODE 0 +# define EC_F_EC_GFP_MONT_FIELD_INV 0 +# define EC_F_EC_GFP_MONT_FIELD_MUL 0 +# define EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE 0 +# define EC_F_EC_GFP_MONT_FIELD_SQR 0 +# define EC_F_EC_GFP_MONT_GROUP_SET_CURVE 0 +# define EC_F_EC_GFP_NISTP224_GROUP_SET_CURVE 0 +# define EC_F_EC_GFP_NISTP224_POINTS_MUL 0 +# define EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES 0 +# define EC_F_EC_GFP_NISTP256_GROUP_SET_CURVE 0 +# define EC_F_EC_GFP_NISTP256_POINTS_MUL 0 +# define EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES 0 +# define EC_F_EC_GFP_NISTP521_GROUP_SET_CURVE 0 +# define EC_F_EC_GFP_NISTP521_POINTS_MUL 0 +# define EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES 0 +# define EC_F_EC_GFP_NIST_FIELD_MUL 0 +# define EC_F_EC_GFP_NIST_FIELD_SQR 0 +# define EC_F_EC_GFP_NIST_GROUP_SET_CURVE 0 +# define EC_F_EC_GFP_SIMPLE_BLIND_COORDINATES 0 +# define EC_F_EC_GFP_SIMPLE_FIELD_INV 0 +# define EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT 0 +# define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE 0 +# define EC_F_EC_GFP_SIMPLE_MAKE_AFFINE 0 +# define EC_F_EC_GFP_SIMPLE_OCT2POINT 0 +# define EC_F_EC_GFP_SIMPLE_POINT2OCT 0 +# define EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE 0 +# define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES 0 +# define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES 0 +# define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES 0 +# define EC_F_EC_GROUP_CHECK 0 +# define EC_F_EC_GROUP_CHECK_DISCRIMINANT 0 +# define EC_F_EC_GROUP_CHECK_NAMED_CURVE 0 +# define EC_F_EC_GROUP_COPY 0 +# define EC_F_EC_GROUP_GET_CURVE 0 +# define EC_F_EC_GROUP_GET_CURVE_GF2M 0 +# define EC_F_EC_GROUP_GET_CURVE_GFP 0 +# define EC_F_EC_GROUP_GET_DEGREE 0 +# define EC_F_EC_GROUP_GET_ECPARAMETERS 0 +# define EC_F_EC_GROUP_GET_ECPKPARAMETERS 0 +# define EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS 0 +# define EC_F_EC_GROUP_GET_TRINOMIAL_BASIS 0 +# define EC_F_EC_GROUP_NEW 0 +# define EC_F_EC_GROUP_NEW_BY_CURVE_NAME 0 +# define EC_F_EC_GROUP_NEW_BY_CURVE_NAME_EX 0 +# define EC_F_EC_GROUP_NEW_EX 0 +# define EC_F_EC_GROUP_NEW_FROM_DATA 0 +# define EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS 0 +# define EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS 0 +# define EC_F_EC_GROUP_SET_CURVE 0 +# define EC_F_EC_GROUP_SET_CURVE_GF2M 0 +# define EC_F_EC_GROUP_SET_CURVE_GFP 0 +# define EC_F_EC_GROUP_SET_GENERATOR 0 +# define EC_F_EC_GROUP_SET_SEED 0 +# define EC_F_EC_KEY_CHECK_KEY 0 +# define EC_F_EC_KEY_COPY 0 +# define EC_F_EC_KEY_GENERATE_KEY 0 +# define EC_F_EC_KEY_NEW 0 +# define EC_F_EC_KEY_NEW_METHOD 0 +# define EC_F_EC_KEY_NEW_METHOD_INT 0 +# define EC_F_EC_KEY_OCT2PRIV 0 +# define EC_F_EC_KEY_PRINT 0 +# define EC_F_EC_KEY_PRINT_FP 0 +# define EC_F_EC_KEY_PRIV2BUF 0 +# define EC_F_EC_KEY_PRIV2OCT 0 +# define EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES 0 +# define EC_F_EC_KEY_SIMPLE_CHECK_KEY 0 +# define EC_F_EC_KEY_SIMPLE_OCT2PRIV 0 +# define EC_F_EC_KEY_SIMPLE_PRIV2OCT 0 +# define EC_F_EC_PKEY_CHECK 0 +# define EC_F_EC_PKEY_PARAM_CHECK 0 +# define EC_F_EC_POINTS_MAKE_AFFINE 0 +# define EC_F_EC_POINTS_MUL 0 +# define EC_F_EC_POINT_ADD 0 +# define EC_F_EC_POINT_BN2POINT 0 +# define EC_F_EC_POINT_CMP 0 +# define EC_F_EC_POINT_COPY 0 +# define EC_F_EC_POINT_DBL 0 +# define EC_F_EC_POINT_GET_AFFINE_COORDINATES 0 +# define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M 0 +# define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP 0 +# define EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP 0 +# define EC_F_EC_POINT_INVERT 0 +# define EC_F_EC_POINT_IS_AT_INFINITY 0 +# define EC_F_EC_POINT_IS_ON_CURVE 0 +# define EC_F_EC_POINT_MAKE_AFFINE 0 +# define EC_F_EC_POINT_NEW 0 +# define EC_F_EC_POINT_OCT2POINT 0 +# define EC_F_EC_POINT_POINT2BUF 0 +# define EC_F_EC_POINT_POINT2OCT 0 +# define EC_F_EC_POINT_SET_AFFINE_COORDINATES 0 +# define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M 0 +# define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP 0 +# define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES 0 +# define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M 0 +# define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP 0 +# define EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP 0 +# define EC_F_EC_POINT_SET_TO_INFINITY 0 +# define EC_F_EC_PRE_COMP_NEW 0 +# define EC_F_EC_SCALAR_MUL_LADDER 0 +# define EC_F_EC_WNAF_MUL 0 +# define EC_F_EC_WNAF_PRECOMPUTE_MULT 0 +# define EC_F_I2D_ECPARAMETERS 0 +# define EC_F_I2D_ECPKPARAMETERS 0 +# define EC_F_I2D_ECPRIVATEKEY 0 +# define EC_F_I2O_ECPUBLICKEY 0 +# define EC_F_NISTP224_PRE_COMP_NEW 0 +# define EC_F_NISTP256_PRE_COMP_NEW 0 +# define EC_F_NISTP521_PRE_COMP_NEW 0 +# define EC_F_O2I_ECPUBLICKEY 0 +# define EC_F_OLD_EC_PRIV_DECODE 0 +# define EC_F_OSSL_ECDH_COMPUTE_KEY 0 +# define EC_F_OSSL_ECDSA_SIGN_SETUP 0 +# define EC_F_OSSL_ECDSA_SIGN_SIG 0 +# define EC_F_OSSL_ECDSA_VERIFY_SIG 0 +# define EC_F_PKEY_ECD_CTRL 0 +# define EC_F_PKEY_ECD_DIGESTSIGN 0 +# define EC_F_PKEY_ECD_DIGESTSIGN25519 0 +# define EC_F_PKEY_ECD_DIGESTSIGN448 0 +# define EC_F_PKEY_ECX_DERIVE 0 +# define EC_F_PKEY_EC_CTRL 0 +# define EC_F_PKEY_EC_CTRL_STR 0 +# define EC_F_PKEY_EC_DERIVE 0 +# define EC_F_PKEY_EC_INIT 0 +# define EC_F_PKEY_EC_KDF_DERIVE 0 +# define EC_F_PKEY_EC_KEYGEN 0 +# define EC_F_PKEY_EC_PARAMGEN 0 +# define EC_F_PKEY_EC_SIGN 0 +# define EC_F_S390X_PKEY_ECD_DIGESTSIGN25519 0 +# define EC_F_S390X_PKEY_ECD_DIGESTSIGN448 0 +# define EC_F_S390X_PKEY_ECD_KEYGEN25519 0 +# define EC_F_S390X_PKEY_ECD_KEYGEN448 0 +# define EC_F_S390X_PKEY_ECX_KEYGEN25519 0 +# define EC_F_S390X_PKEY_ECX_KEYGEN448 0 +# define EC_F_VALIDATE_ECX_DERIVE 0 +# endif + +/* + * EC reason codes. + */ +# define EC_R_ASN1_ERROR 115 +# define EC_R_BAD_SIGNATURE 156 +# define EC_R_BIGNUM_OUT_OF_RANGE 144 +# define EC_R_BUFFER_TOO_SMALL 100 +# define EC_R_CANNOT_INVERT 165 +# define EC_R_COORDINATES_OUT_OF_RANGE 146 +# define EC_R_CURVE_DOES_NOT_SUPPORT_ECDH 160 +# define EC_R_CURVE_DOES_NOT_SUPPORT_ECDSA 170 +# define EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING 159 +# define EC_R_D2I_ECPKPARAMETERS_FAILURE 117 +# define EC_R_DECODE_ERROR 142 +# define EC_R_DISCRIMINANT_IS_ZERO 118 +# define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE 119 +# define EC_R_FIELD_TOO_LARGE 143 +# define EC_R_GF2M_NOT_SUPPORTED 147 +# define EC_R_GROUP2PKPARAMETERS_FAILURE 120 +# define EC_R_I2D_ECPKPARAMETERS_FAILURE 121 +# define EC_R_INCOMPATIBLE_OBJECTS 101 +# define EC_R_INVALID_ARGUMENT 112 +# define EC_R_INVALID_COMPRESSED_POINT 110 +# define EC_R_INVALID_COMPRESSION_BIT 109 +# define EC_R_INVALID_CURVE 141 +# define EC_R_INVALID_DIGEST 151 +# define EC_R_INVALID_DIGEST_TYPE 138 +# define EC_R_INVALID_ENCODING 102 +# define EC_R_INVALID_FIELD 103 +# define EC_R_INVALID_FORM 104 +# define EC_R_INVALID_GROUP_ORDER 122 +# define EC_R_INVALID_KEY 116 +# define EC_R_INVALID_OUTPUT_LENGTH 161 +# define EC_R_INVALID_PEER_KEY 133 +# define EC_R_INVALID_PENTANOMIAL_BASIS 132 +# define EC_R_INVALID_PRIVATE_KEY 123 +# define EC_R_INVALID_TRINOMIAL_BASIS 137 +# define EC_R_KDF_PARAMETER_ERROR 148 +# define EC_R_KEYS_NOT_SET 140 +# define EC_R_LADDER_POST_FAILURE 136 +# define EC_R_LADDER_PRE_FAILURE 153 +# define EC_R_LADDER_STEP_FAILURE 162 +# define EC_R_MISSING_PARAMETERS 124 +# define EC_R_MISSING_PRIVATE_KEY 125 +# define EC_R_NEED_NEW_SETUP_VALUES 157 +# define EC_R_NOT_A_NIST_PRIME 135 +# define EC_R_NOT_IMPLEMENTED 126 +# define EC_R_NOT_INITIALIZED 111 +# define EC_R_NO_PARAMETERS_SET 139 +# define EC_R_NO_PRIVATE_VALUE 154 +# define EC_R_OPERATION_NOT_SUPPORTED 152 +# define EC_R_PASSED_NULL_PARAMETER 134 +# define EC_R_PEER_KEY_ERROR 149 +# define EC_R_PKPARAMETERS2GROUP_FAILURE 127 +# define EC_R_POINT_ARITHMETIC_FAILURE 155 +# define EC_R_POINT_AT_INFINITY 106 +# define EC_R_POINT_COORDINATES_BLIND_FAILURE 163 +# define EC_R_POINT_IS_NOT_ON_CURVE 107 +# define EC_R_RANDOM_NUMBER_GENERATION_FAILED 158 +# define EC_R_SHARED_INFO_ERROR 150 +# define EC_R_SLOT_FULL 108 +# define EC_R_UNDEFINED_GENERATOR 113 +# define EC_R_UNDEFINED_ORDER 128 +# define EC_R_UNKNOWN_COFACTOR 164 +# define EC_R_UNKNOWN_GROUP 129 +# define EC_R_UNKNOWN_ORDER 114 +# define EC_R_UNSUPPORTED_FIELD 131 +# define EC_R_WRONG_CURVE_PARAMETERS 145 +# define EC_R_WRONG_ORDER 130 + +# endif +#endif diff --git a/linux_amd64/ssl/include/openssl/engine.h b/linux_amd64/ssl/include/openssl/engine.h new file mode 100644 index 0000000..3c9648d --- /dev/null +++ b/linux_amd64/ssl/include/openssl/engine.h @@ -0,0 +1,757 @@ +/* + * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_ENGINE_H +# define OPENSSL_ENGINE_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_ENGINE_H +# endif + +# include + +# ifndef OPENSSL_NO_ENGINE +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# include +# include +# include +# include +# include +# include +# include +# include +# endif +# include +# include +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + +/* + * These flags are used to control combinations of algorithm (methods) by + * bitwise "OR"ing. + */ +# define ENGINE_METHOD_RSA (unsigned int)0x0001 +# define ENGINE_METHOD_DSA (unsigned int)0x0002 +# define ENGINE_METHOD_DH (unsigned int)0x0004 +# define ENGINE_METHOD_RAND (unsigned int)0x0008 +# define ENGINE_METHOD_CIPHERS (unsigned int)0x0040 +# define ENGINE_METHOD_DIGESTS (unsigned int)0x0080 +# define ENGINE_METHOD_PKEY_METHS (unsigned int)0x0200 +# define ENGINE_METHOD_PKEY_ASN1_METHS (unsigned int)0x0400 +# define ENGINE_METHOD_EC (unsigned int)0x0800 +/* Obvious all-or-nothing cases. */ +# define ENGINE_METHOD_ALL (unsigned int)0xFFFF +# define ENGINE_METHOD_NONE (unsigned int)0x0000 + +/* + * This(ese) flag(s) controls behaviour of the ENGINE_TABLE mechanism used + * internally to control registration of ENGINE implementations, and can be + * set by ENGINE_set_table_flags(). The "NOINIT" flag prevents attempts to + * initialise registered ENGINEs if they are not already initialised. + */ +# define ENGINE_TABLE_FLAG_NOINIT (unsigned int)0x0001 + +/* ENGINE flags that can be set by ENGINE_set_flags(). */ +/* Not used */ +/* #define ENGINE_FLAGS_MALLOCED 0x0001 */ + +/* + * This flag is for ENGINEs that wish to handle the various 'CMD'-related + * control commands on their own. Without this flag, ENGINE_ctrl() handles + * these control commands on behalf of the ENGINE using their "cmd_defns" + * data. + */ +# define ENGINE_FLAGS_MANUAL_CMD_CTRL (int)0x0002 + +/* + * This flag is for ENGINEs who return new duplicate structures when found + * via "ENGINE_by_id()". When an ENGINE must store state (eg. if + * ENGINE_ctrl() commands are called in sequence as part of some stateful + * process like key-generation setup and execution), it can set this flag - + * then each attempt to obtain the ENGINE will result in it being copied into + * a new structure. Normally, ENGINEs don't declare this flag so + * ENGINE_by_id() just increments the existing ENGINE's structural reference + * count. + */ +# define ENGINE_FLAGS_BY_ID_COPY (int)0x0004 + +/* + * This flag if for an ENGINE that does not want its methods registered as + * part of ENGINE_register_all_complete() for example if the methods are not + * usable as default methods. + */ + +# define ENGINE_FLAGS_NO_REGISTER_ALL (int)0x0008 + +/* + * ENGINEs can support their own command types, and these flags are used in + * ENGINE_CTRL_GET_CMD_FLAGS to indicate to the caller what kind of input + * each command expects. Currently only numeric and string input is + * supported. If a control command supports none of the _NUMERIC, _STRING, or + * _NO_INPUT options, then it is regarded as an "internal" control command - + * and not for use in config setting situations. As such, they're not + * available to the ENGINE_ctrl_cmd_string() function, only raw ENGINE_ctrl() + * access. Changes to this list of 'command types' should be reflected + * carefully in ENGINE_cmd_is_executable() and ENGINE_ctrl_cmd_string(). + */ + +/* accepts a 'long' input value (3rd parameter to ENGINE_ctrl) */ +# define ENGINE_CMD_FLAG_NUMERIC (unsigned int)0x0001 +/* + * accepts string input (cast from 'void*' to 'const char *', 4th parameter + * to ENGINE_ctrl) + */ +# define ENGINE_CMD_FLAG_STRING (unsigned int)0x0002 +/* + * Indicates that the control command takes *no* input. Ie. the control + * command is unparameterised. + */ +# define ENGINE_CMD_FLAG_NO_INPUT (unsigned int)0x0004 +/* + * Indicates that the control command is internal. This control command won't + * be shown in any output, and is only usable through the ENGINE_ctrl_cmd() + * function. + */ +# define ENGINE_CMD_FLAG_INTERNAL (unsigned int)0x0008 + +/* + * NB: These 3 control commands are deprecated and should not be used. + * ENGINEs relying on these commands should compile conditional support for + * compatibility (eg. if these symbols are defined) but should also migrate + * the same functionality to their own ENGINE-specific control functions that + * can be "discovered" by calling applications. The fact these control + * commands wouldn't be "executable" (ie. usable by text-based config) + * doesn't change the fact that application code can find and use them + * without requiring per-ENGINE hacking. + */ + +/* + * These flags are used to tell the ctrl function what should be done. All + * command numbers are shared between all engines, even if some don't make + * sense to some engines. In such a case, they do nothing but return the + * error ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED. + */ +# define ENGINE_CTRL_SET_LOGSTREAM 1 +# define ENGINE_CTRL_SET_PASSWORD_CALLBACK 2 +# define ENGINE_CTRL_HUP 3/* Close and reinitialise + * any handles/connections + * etc. */ +# define ENGINE_CTRL_SET_USER_INTERFACE 4/* Alternative to callback */ +# define ENGINE_CTRL_SET_CALLBACK_DATA 5/* User-specific data, used + * when calling the password + * callback and the user + * interface */ +# define ENGINE_CTRL_LOAD_CONFIGURATION 6/* Load a configuration, + * given a string that + * represents a file name + * or so */ +# define ENGINE_CTRL_LOAD_SECTION 7/* Load data from a given + * section in the already + * loaded configuration */ + +/* + * These control commands allow an application to deal with an arbitrary + * engine in a dynamic way. Warn: Negative return values indicate errors FOR + * THESE COMMANDS because zero is used to indicate 'end-of-list'. Other + * commands, including ENGINE-specific command types, return zero for an + * error. An ENGINE can choose to implement these ctrl functions, and can + * internally manage things however it chooses - it does so by setting the + * ENGINE_FLAGS_MANUAL_CMD_CTRL flag (using ENGINE_set_flags()). Otherwise + * the ENGINE_ctrl() code handles this on the ENGINE's behalf using the + * cmd_defns data (set using ENGINE_set_cmd_defns()). This means an ENGINE's + * ctrl() handler need only implement its own commands - the above "meta" + * commands will be taken care of. + */ + +/* + * Returns non-zero if the supplied ENGINE has a ctrl() handler. If "not", + * then all the remaining control commands will return failure, so it is + * worth checking this first if the caller is trying to "discover" the + * engine's capabilities and doesn't want errors generated unnecessarily. + */ +# define ENGINE_CTRL_HAS_CTRL_FUNCTION 10 +/* + * Returns a positive command number for the first command supported by the + * engine. Returns zero if no ctrl commands are supported. + */ +# define ENGINE_CTRL_GET_FIRST_CMD_TYPE 11 +/* + * The 'long' argument specifies a command implemented by the engine, and the + * return value is the next command supported, or zero if there are no more. + */ +# define ENGINE_CTRL_GET_NEXT_CMD_TYPE 12 +/* + * The 'void*' argument is a command name (cast from 'const char *'), and the + * return value is the command that corresponds to it. + */ +# define ENGINE_CTRL_GET_CMD_FROM_NAME 13 +/* + * The next two allow a command to be converted into its corresponding string + * form. In each case, the 'long' argument supplies the command. In the + * NAME_LEN case, the return value is the length of the command name (not + * counting a trailing EOL). In the NAME case, the 'void*' argument must be a + * string buffer large enough, and it will be populated with the name of the + * command (WITH a trailing EOL). + */ +# define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD 14 +# define ENGINE_CTRL_GET_NAME_FROM_CMD 15 +/* The next two are similar but give a "short description" of a command. */ +# define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD 16 +# define ENGINE_CTRL_GET_DESC_FROM_CMD 17 +/* + * With this command, the return value is the OR'd combination of + * ENGINE_CMD_FLAG_*** values that indicate what kind of input a given + * engine-specific ctrl command expects. + */ +# define ENGINE_CTRL_GET_CMD_FLAGS 18 + +/* + * ENGINE implementations should start the numbering of their own control + * commands from this value. (ie. ENGINE_CMD_BASE, ENGINE_CMD_BASE + 1, etc). + */ +# define ENGINE_CMD_BASE 200 + +/* + * NB: These 2 nCipher "chil" control commands are deprecated, and their + * functionality is now available through ENGINE-specific control commands + * (exposed through the above-mentioned 'CMD'-handling). Code using these 2 + * commands should be migrated to the more general command handling before + * these are removed. + */ + +/* Flags specific to the nCipher "chil" engine */ +# define ENGINE_CTRL_CHIL_SET_FORKCHECK 100 + /* + * Depending on the value of the (long)i argument, this sets or + * unsets the SimpleForkCheck flag in the CHIL API to enable or + * disable checking and workarounds for applications that fork(). + */ +# define ENGINE_CTRL_CHIL_NO_LOCKING 101 + /* + * This prevents the initialisation function from providing mutex + * callbacks to the nCipher library. + */ + +/* + * If an ENGINE supports its own specific control commands and wishes the + * framework to handle the above 'ENGINE_CMD_***'-manipulation commands on + * its behalf, it should supply a null-terminated array of ENGINE_CMD_DEFN + * entries to ENGINE_set_cmd_defns(). It should also implement a ctrl() + * handler that supports the stated commands (ie. the "cmd_num" entries as + * described by the array). NB: The array must be ordered in increasing order + * of cmd_num. "null-terminated" means that the last ENGINE_CMD_DEFN element + * has cmd_num set to zero and/or cmd_name set to NULL. + */ +typedef struct ENGINE_CMD_DEFN_st { + unsigned int cmd_num; /* The command number */ + const char *cmd_name; /* The command name itself */ + const char *cmd_desc; /* A short description of the command */ + unsigned int cmd_flags; /* The input the command expects */ +} ENGINE_CMD_DEFN; + +/* Generic function pointer */ +typedef int (*ENGINE_GEN_FUNC_PTR) (void); +/* Generic function pointer taking no arguments */ +typedef int (*ENGINE_GEN_INT_FUNC_PTR) (ENGINE *); +/* Specific control function pointer */ +typedef int (*ENGINE_CTRL_FUNC_PTR) (ENGINE *, int, long, void *, + void (*f) (void)); +/* Generic load_key function pointer */ +typedef EVP_PKEY *(*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *, + UI_METHOD *ui_method, + void *callback_data); +typedef int (*ENGINE_SSL_CLIENT_CERT_PTR) (ENGINE *, SSL *ssl, + STACK_OF(X509_NAME) *ca_dn, + X509 **pcert, EVP_PKEY **pkey, + STACK_OF(X509) **pother, + UI_METHOD *ui_method, + void *callback_data); +/*- + * These callback types are for an ENGINE's handler for cipher and digest logic. + * These handlers have these prototypes; + * int foo(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid); + * int foo(ENGINE *e, const EVP_MD **digest, const int **nids, int nid); + * Looking at how to implement these handlers in the case of cipher support, if + * the framework wants the EVP_CIPHER for 'nid', it will call; + * foo(e, &p_evp_cipher, NULL, nid); (return zero for failure) + * If the framework wants a list of supported 'nid's, it will call; + * foo(e, NULL, &p_nids, 0); (returns number of 'nids' or -1 for error) + */ +/* + * Returns to a pointer to the array of supported cipher 'nid's. If the + * second parameter is non-NULL it is set to the size of the returned array. + */ +typedef int (*ENGINE_CIPHERS_PTR) (ENGINE *, const EVP_CIPHER **, + const int **, int); +typedef int (*ENGINE_DIGESTS_PTR) (ENGINE *, const EVP_MD **, const int **, + int); +typedef int (*ENGINE_PKEY_METHS_PTR) (ENGINE *, EVP_PKEY_METHOD **, + const int **, int); +typedef int (*ENGINE_PKEY_ASN1_METHS_PTR) (ENGINE *, EVP_PKEY_ASN1_METHOD **, + const int **, int); +/* + * STRUCTURE functions ... all of these functions deal with pointers to + * ENGINE structures where the pointers have a "structural reference". This + * means that their reference is to allowed access to the structure but it + * does not imply that the structure is functional. To simply increment or + * decrement the structural reference count, use ENGINE_by_id and + * ENGINE_free. NB: This is not required when iterating using ENGINE_get_next + * as it will automatically decrement the structural reference count of the + * "current" ENGINE and increment the structural reference count of the + * ENGINE it returns (unless it is NULL). + */ + +/* Get the first/last "ENGINE" type available. */ +ENGINE *ENGINE_get_first(void); +ENGINE *ENGINE_get_last(void); +/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */ +ENGINE *ENGINE_get_next(ENGINE *e); +ENGINE *ENGINE_get_prev(ENGINE *e); +/* Add another "ENGINE" type into the array. */ +int ENGINE_add(ENGINE *e); +/* Remove an existing "ENGINE" type from the array. */ +int ENGINE_remove(ENGINE *e); +/* Retrieve an engine from the list by its unique "id" value. */ +ENGINE *ENGINE_by_id(const char *id); + +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define ENGINE_load_openssl() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_OPENSSL, NULL) +# define ENGINE_load_dynamic() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_DYNAMIC, NULL) +# ifndef OPENSSL_NO_STATIC_ENGINE +# define ENGINE_load_padlock() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_PADLOCK, NULL) +# define ENGINE_load_capi() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_CAPI, NULL) +# define ENGINE_load_afalg() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_AFALG, NULL) +# endif +# define ENGINE_load_cryptodev() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_CRYPTODEV, NULL) +# define ENGINE_load_rdrand() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_RDRAND, NULL) +#endif +void ENGINE_load_builtin_engines(void); + +/* + * Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation + * "registry" handling. + */ +unsigned int ENGINE_get_table_flags(void); +void ENGINE_set_table_flags(unsigned int flags); + +/*- Manage registration of ENGINEs per "table". For each type, there are 3 + * functions; + * ENGINE_register_***(e) - registers the implementation from 'e' (if it has one) + * ENGINE_unregister_***(e) - unregister the implementation from 'e' + * ENGINE_register_all_***() - call ENGINE_register_***() for each 'e' in the list + * Cleanup is automatically registered from each table when required. + */ + +int ENGINE_register_RSA(ENGINE *e); +void ENGINE_unregister_RSA(ENGINE *e); +void ENGINE_register_all_RSA(void); + +int ENGINE_register_DSA(ENGINE *e); +void ENGINE_unregister_DSA(ENGINE *e); +void ENGINE_register_all_DSA(void); + +int ENGINE_register_EC(ENGINE *e); +void ENGINE_unregister_EC(ENGINE *e); +void ENGINE_register_all_EC(void); + +int ENGINE_register_DH(ENGINE *e); +void ENGINE_unregister_DH(ENGINE *e); +void ENGINE_register_all_DH(void); + +int ENGINE_register_RAND(ENGINE *e); +void ENGINE_unregister_RAND(ENGINE *e); +void ENGINE_register_all_RAND(void); + +int ENGINE_register_ciphers(ENGINE *e); +void ENGINE_unregister_ciphers(ENGINE *e); +void ENGINE_register_all_ciphers(void); + +int ENGINE_register_digests(ENGINE *e); +void ENGINE_unregister_digests(ENGINE *e); +void ENGINE_register_all_digests(void); + +int ENGINE_register_pkey_meths(ENGINE *e); +void ENGINE_unregister_pkey_meths(ENGINE *e); +void ENGINE_register_all_pkey_meths(void); + +int ENGINE_register_pkey_asn1_meths(ENGINE *e); +void ENGINE_unregister_pkey_asn1_meths(ENGINE *e); +void ENGINE_register_all_pkey_asn1_meths(void); + +/* + * These functions register all support from the above categories. Note, use + * of these functions can result in static linkage of code your application + * may not need. If you only need a subset of functionality, consider using + * more selective initialisation. + */ +int ENGINE_register_complete(ENGINE *e); +int ENGINE_register_all_complete(void); + +/* + * Send parameterised control commands to the engine. The possibilities to + * send down an integer, a pointer to data or a function pointer are + * provided. Any of the parameters may or may not be NULL, depending on the + * command number. In actuality, this function only requires a structural + * (rather than functional) reference to an engine, but many control commands + * may require the engine be functional. The caller should be aware of trying + * commands that require an operational ENGINE, and only use functional + * references in such situations. + */ +int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)); + +/* + * This function tests if an ENGINE-specific command is usable as a + * "setting". Eg. in an application's config file that gets processed through + * ENGINE_ctrl_cmd_string(). If this returns zero, it is not available to + * ENGINE_ctrl_cmd_string(), only ENGINE_ctrl(). + */ +int ENGINE_cmd_is_executable(ENGINE *e, int cmd); + +/* + * This function works like ENGINE_ctrl() with the exception of taking a + * command name instead of a command number, and can handle optional + * commands. See the comment on ENGINE_ctrl_cmd_string() for an explanation + * on how to use the cmd_name and cmd_optional. + */ +int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, + long i, void *p, void (*f) (void), int cmd_optional); + +/* + * This function passes a command-name and argument to an ENGINE. The + * cmd_name is converted to a command number and the control command is + * called using 'arg' as an argument (unless the ENGINE doesn't support such + * a command, in which case no control command is called). The command is + * checked for input flags, and if necessary the argument will be converted + * to a numeric value. If cmd_optional is non-zero, then if the ENGINE + * doesn't support the given cmd_name the return value will be success + * anyway. This function is intended for applications to use so that users + * (or config files) can supply engine-specific config data to the ENGINE at + * run-time to control behaviour of specific engines. As such, it shouldn't + * be used for calling ENGINE_ctrl() functions that return data, deal with + * binary data, or that are otherwise supposed to be used directly through + * ENGINE_ctrl() in application code. Any "return" data from an ENGINE_ctrl() + * operation in this function will be lost - the return value is interpreted + * as failure if the return value is zero, success otherwise, and this + * function returns a boolean value as a result. In other words, vendors of + * 'ENGINE'-enabled devices should write ENGINE implementations with + * parameterisations that work in this scheme, so that compliant ENGINE-based + * applications can work consistently with the same configuration for the + * same ENGINE-enabled devices, across applications. + */ +int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg, + int cmd_optional); + +/* + * These functions are useful for manufacturing new ENGINE structures. They + * don't address reference counting at all - one uses them to populate an + * ENGINE structure with personalised implementations of things prior to + * using it directly or adding it to the builtin ENGINE list in OpenSSL. + * These are also here so that the ENGINE structure doesn't have to be + * exposed and break binary compatibility! + */ +ENGINE *ENGINE_new(void); +int ENGINE_free(ENGINE *e); +int ENGINE_up_ref(ENGINE *e); +int ENGINE_set_id(ENGINE *e, const char *id); +int ENGINE_set_name(ENGINE *e, const char *name); +int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth); +int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth); +int ENGINE_set_EC(ENGINE *e, const EC_KEY_METHOD *ecdsa_meth); +int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth); +int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth); +int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f); +int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f); +int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f); +int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f); +int ENGINE_set_load_privkey_function(ENGINE *e, + ENGINE_LOAD_KEY_PTR loadpriv_f); +int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f); +int ENGINE_set_load_ssl_client_cert_function(ENGINE *e, + ENGINE_SSL_CLIENT_CERT_PTR + loadssl_f); +int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f); +int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f); +int ENGINE_set_pkey_meths(ENGINE *e, ENGINE_PKEY_METHS_PTR f); +int ENGINE_set_pkey_asn1_meths(ENGINE *e, ENGINE_PKEY_ASN1_METHS_PTR f); +int ENGINE_set_flags(ENGINE *e, int flags); +int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns); +/* These functions allow control over any per-structure ENGINE data. */ +#define ENGINE_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ENGINE, l, p, newf, dupf, freef) +int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg); +void *ENGINE_get_ex_data(const ENGINE *e, int idx); + +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +/* + * This function previously cleaned up anything that needs it. Auto-deinit will + * now take care of it so it is no longer required to call this function. + */ +# define ENGINE_cleanup() while(0) continue +#endif + +/* + * These return values from within the ENGINE structure. These can be useful + * with functional references as well as structural references - it depends + * which you obtained. Using the result for functional purposes if you only + * obtained a structural reference may be problematic! + */ +const char *ENGINE_get_id(const ENGINE *e); +const char *ENGINE_get_name(const ENGINE *e); +const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e); +const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e); +const EC_KEY_METHOD *ENGINE_get_EC(const ENGINE *e); +const DH_METHOD *ENGINE_get_DH(const ENGINE *e); +const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e); +ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e); +ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e); +ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e); +ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e); +ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e); +ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e); +ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE + *e); +ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e); +ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e); +ENGINE_PKEY_METHS_PTR ENGINE_get_pkey_meths(const ENGINE *e); +ENGINE_PKEY_ASN1_METHS_PTR ENGINE_get_pkey_asn1_meths(const ENGINE *e); +const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid); +const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid); +const EVP_PKEY_METHOD *ENGINE_get_pkey_meth(ENGINE *e, int nid); +const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth(ENGINE *e, int nid); +const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth_str(ENGINE *e, + const char *str, + int len); +const EVP_PKEY_ASN1_METHOD *ENGINE_pkey_asn1_find_str(ENGINE **pe, + const char *str, + int len); +const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e); +int ENGINE_get_flags(const ENGINE *e); + +/* + * FUNCTIONAL functions. These functions deal with ENGINE structures that + * have (or will) be initialised for use. Broadly speaking, the structural + * functions are useful for iterating the list of available engine types, + * creating new engine types, and other "list" operations. These functions + * actually deal with ENGINEs that are to be used. As such these functions + * can fail (if applicable) when particular engines are unavailable - eg. if + * a hardware accelerator is not attached or not functioning correctly. Each + * ENGINE has 2 reference counts; structural and functional. Every time a + * functional reference is obtained or released, a corresponding structural + * reference is automatically obtained or released too. + */ + +/* + * Initialise a engine type for use (or up its reference count if it's + * already in use). This will fail if the engine is not currently operational + * and cannot initialise. + */ +int ENGINE_init(ENGINE *e); +/* + * Free a functional reference to a engine type. This does not require a + * corresponding call to ENGINE_free as it also releases a structural + * reference. + */ +int ENGINE_finish(ENGINE *e); + +/* + * The following functions handle keys that are stored in some secondary + * location, handled by the engine. The storage may be on a card or + * whatever. + */ +EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, + UI_METHOD *ui_method, void *callback_data); +EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id, + UI_METHOD *ui_method, void *callback_data); +int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s, + STACK_OF(X509_NAME) *ca_dn, X509 **pcert, + EVP_PKEY **ppkey, STACK_OF(X509) **pother, + UI_METHOD *ui_method, void *callback_data); + +/* + * This returns a pointer for the current ENGINE structure that is (by + * default) performing any RSA operations. The value returned is an + * incremented reference, so it should be free'd (ENGINE_finish) before it is + * discarded. + */ +ENGINE *ENGINE_get_default_RSA(void); +/* Same for the other "methods" */ +ENGINE *ENGINE_get_default_DSA(void); +ENGINE *ENGINE_get_default_EC(void); +ENGINE *ENGINE_get_default_DH(void); +ENGINE *ENGINE_get_default_RAND(void); +/* + * These functions can be used to get a functional reference to perform + * ciphering or digesting corresponding to "nid". + */ +ENGINE *ENGINE_get_cipher_engine(int nid); +ENGINE *ENGINE_get_digest_engine(int nid); +ENGINE *ENGINE_get_pkey_meth_engine(int nid); +ENGINE *ENGINE_get_pkey_asn1_meth_engine(int nid); + +/* + * This sets a new default ENGINE structure for performing RSA operations. If + * the result is non-zero (success) then the ENGINE structure will have had + * its reference count up'd so the caller should still free their own + * reference 'e'. + */ +int ENGINE_set_default_RSA(ENGINE *e); +int ENGINE_set_default_string(ENGINE *e, const char *def_list); +/* Same for the other "methods" */ +int ENGINE_set_default_DSA(ENGINE *e); +int ENGINE_set_default_EC(ENGINE *e); +int ENGINE_set_default_DH(ENGINE *e); +int ENGINE_set_default_RAND(ENGINE *e); +int ENGINE_set_default_ciphers(ENGINE *e); +int ENGINE_set_default_digests(ENGINE *e); +int ENGINE_set_default_pkey_meths(ENGINE *e); +int ENGINE_set_default_pkey_asn1_meths(ENGINE *e); + +/* + * The combination "set" - the flags are bitwise "OR"d from the + * ENGINE_METHOD_*** defines above. As with the "ENGINE_register_complete()" + * function, this function can result in unnecessary static linkage. If your + * application requires only specific functionality, consider using more + * selective functions. + */ +int ENGINE_set_default(ENGINE *e, unsigned int flags); + +void ENGINE_add_conf_module(void); + +/* Deprecated functions ... */ +/* int ENGINE_clear_defaults(void); */ + +/**************************/ +/* DYNAMIC ENGINE SUPPORT */ +/**************************/ + +/* Binary/behaviour compatibility levels */ +# define OSSL_DYNAMIC_VERSION (unsigned long)0x00030000 +/* + * Binary versions older than this are too old for us (whether we're a loader + * or a loadee) + */ +# define OSSL_DYNAMIC_OLDEST (unsigned long)0x00030000 + +/* + * When compiling an ENGINE entirely as an external shared library, loadable + * by the "dynamic" ENGINE, these types are needed. The 'dynamic_fns' + * structure type provides the calling application's (or library's) error + * functionality and memory management function pointers to the loaded + * library. These should be used/set in the loaded library code so that the + * loading application's 'state' will be used/changed in all operations. The + * 'static_state' pointer allows the loaded library to know if it shares the + * same static data as the calling application (or library), and thus whether + * these callbacks need to be set or not. + */ +typedef void *(*dyn_MEM_malloc_fn) (size_t, const char *, int); +typedef void *(*dyn_MEM_realloc_fn) (void *, size_t, const char *, int); +typedef void (*dyn_MEM_free_fn) (void *, const char *, int); +typedef struct st_dynamic_MEM_fns { + dyn_MEM_malloc_fn malloc_fn; + dyn_MEM_realloc_fn realloc_fn; + dyn_MEM_free_fn free_fn; +} dynamic_MEM_fns; +/* + * FIXME: Perhaps the memory and locking code (crypto.h) should declare and + * use these types so we (and any other dependent code) can simplify a bit?? + */ +/* The top-level structure */ +typedef struct st_dynamic_fns { + void *static_state; + dynamic_MEM_fns mem_fns; +} dynamic_fns; + +/* + * The version checking function should be of this prototype. NB: The + * ossl_version value passed in is the OSSL_DYNAMIC_VERSION of the loading + * code. If this function returns zero, it indicates a (potential) version + * incompatibility and the loaded library doesn't believe it can proceed. + * Otherwise, the returned value is the (latest) version supported by the + * loading library. The loader may still decide that the loaded code's + * version is unsatisfactory and could veto the load. The function is + * expected to be implemented with the symbol name "v_check", and a default + * implementation can be fully instantiated with + * IMPLEMENT_DYNAMIC_CHECK_FN(). + */ +typedef unsigned long (*dynamic_v_check_fn) (unsigned long ossl_version); +# define IMPLEMENT_DYNAMIC_CHECK_FN() \ + OPENSSL_EXPORT unsigned long v_check(unsigned long v); \ + OPENSSL_EXPORT unsigned long v_check(unsigned long v) { \ + if (v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \ + return 0; } + +/* + * This function is passed the ENGINE structure to initialise with its own + * function and command settings. It should not adjust the structural or + * functional reference counts. If this function returns zero, (a) the load + * will be aborted, (b) the previous ENGINE state will be memcpy'd back onto + * the structure, and (c) the shared library will be unloaded. So + * implementations should do their own internal cleanup in failure + * circumstances otherwise they could leak. The 'id' parameter, if non-NULL, + * represents the ENGINE id that the loader is looking for. If this is NULL, + * the shared library can choose to return failure or to initialise a + * 'default' ENGINE. If non-NULL, the shared library must initialise only an + * ENGINE matching the passed 'id'. The function is expected to be + * implemented with the symbol name "bind_engine". A standard implementation + * can be instantiated with IMPLEMENT_DYNAMIC_BIND_FN(fn) where the parameter + * 'fn' is a callback function that populates the ENGINE structure and + * returns an int value (zero for failure). 'fn' should have prototype; + * [static] int fn(ENGINE *e, const char *id); + */ +typedef int (*dynamic_bind_engine) (ENGINE *e, const char *id, + const dynamic_fns *fns); +# define IMPLEMENT_DYNAMIC_BIND_FN(fn) \ + OPENSSL_EXPORT \ + int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns); \ + OPENSSL_EXPORT \ + int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \ + if (ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \ + CRYPTO_set_mem_functions(fns->mem_fns.malloc_fn, \ + fns->mem_fns.realloc_fn, \ + fns->mem_fns.free_fn); \ + skip_cbs: \ + if (!fn(e, id)) return 0; \ + return 1; } + +/* + * If the loading application (or library) and the loaded ENGINE library + * share the same static data (eg. they're both dynamically linked to the + * same libcrypto.so) we need a way to avoid trying to set system callbacks - + * this would fail, and for the same reason that it's unnecessary to try. If + * the loaded ENGINE has (or gets from through the loader) its own copy of + * the libcrypto static data, we will need to set the callbacks. The easiest + * way to detect this is to have a function that returns a pointer to some + * static data and let the loading application and loaded ENGINE compare + * their respective values. + */ +void *ENGINE_get_static_state(void); + +# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__DragonFly__) +DEPRECATEDIN_1_1_0(void ENGINE_setup_bsd_cryptodev(void)) +# endif + + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/linux_amd64/ssl/include/openssl/engineerr.h b/linux_amd64/ssl/include/openssl/engineerr.h new file mode 100644 index 0000000..006d73a --- /dev/null +++ b/linux_amd64/ssl/include/openssl/engineerr.h @@ -0,0 +1,119 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_ENGINEERR_H +# define OPENSSL_ENGINEERR_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_ENGINEERR_H +# endif + +# include +# include + + +# include + +# ifndef OPENSSL_NO_ENGINE + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_ENGINE_strings(void); + +/* + * ENGINE function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define ENGINE_F_DIGEST_UPDATE 0 +# define ENGINE_F_DYNAMIC_CTRL 0 +# define ENGINE_F_DYNAMIC_GET_DATA_CTX 0 +# define ENGINE_F_DYNAMIC_LOAD 0 +# define ENGINE_F_DYNAMIC_SET_DATA_CTX 0 +# define ENGINE_F_ENGINE_ADD 0 +# define ENGINE_F_ENGINE_BY_ID 0 +# define ENGINE_F_ENGINE_CMD_IS_EXECUTABLE 0 +# define ENGINE_F_ENGINE_CTRL 0 +# define ENGINE_F_ENGINE_CTRL_CMD 0 +# define ENGINE_F_ENGINE_CTRL_CMD_STRING 0 +# define ENGINE_F_ENGINE_FINISH 0 +# define ENGINE_F_ENGINE_GET_CIPHER 0 +# define ENGINE_F_ENGINE_GET_DIGEST 0 +# define ENGINE_F_ENGINE_GET_FIRST 0 +# define ENGINE_F_ENGINE_GET_LAST 0 +# define ENGINE_F_ENGINE_GET_NEXT 0 +# define ENGINE_F_ENGINE_GET_PKEY_ASN1_METH 0 +# define ENGINE_F_ENGINE_GET_PKEY_METH 0 +# define ENGINE_F_ENGINE_GET_PREV 0 +# define ENGINE_F_ENGINE_INIT 0 +# define ENGINE_F_ENGINE_LIST_ADD 0 +# define ENGINE_F_ENGINE_LIST_REMOVE 0 +# define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY 0 +# define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY 0 +# define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT 0 +# define ENGINE_F_ENGINE_NEW 0 +# define ENGINE_F_ENGINE_PKEY_ASN1_FIND_STR 0 +# define ENGINE_F_ENGINE_REMOVE 0 +# define ENGINE_F_ENGINE_SET_DEFAULT_STRING 0 +# define ENGINE_F_ENGINE_SET_ID 0 +# define ENGINE_F_ENGINE_SET_NAME 0 +# define ENGINE_F_ENGINE_TABLE_REGISTER 0 +# define ENGINE_F_ENGINE_UNLOCKED_FINISH 0 +# define ENGINE_F_ENGINE_UP_REF 0 +# define ENGINE_F_INT_CLEANUP_ITEM 0 +# define ENGINE_F_INT_CTRL_HELPER 0 +# define ENGINE_F_INT_ENGINE_CONFIGURE 0 +# define ENGINE_F_INT_ENGINE_MODULE_INIT 0 +# define ENGINE_F_OSSL_HMAC_INIT 0 +# endif + +/* + * ENGINE reason codes. + */ +# define ENGINE_R_ALREADY_LOADED 100 +# define ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER 133 +# define ENGINE_R_CMD_NOT_EXECUTABLE 134 +# define ENGINE_R_COMMAND_TAKES_INPUT 135 +# define ENGINE_R_COMMAND_TAKES_NO_INPUT 136 +# define ENGINE_R_CONFLICTING_ENGINE_ID 103 +# define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED 119 +# define ENGINE_R_DSO_FAILURE 104 +# define ENGINE_R_DSO_NOT_FOUND 132 +# define ENGINE_R_ENGINES_SECTION_ERROR 148 +# define ENGINE_R_ENGINE_CONFIGURATION_ERROR 102 +# define ENGINE_R_ENGINE_IS_NOT_IN_LIST 105 +# define ENGINE_R_ENGINE_SECTION_ERROR 149 +# define ENGINE_R_FAILED_LOADING_PRIVATE_KEY 128 +# define ENGINE_R_FAILED_LOADING_PUBLIC_KEY 129 +# define ENGINE_R_FINISH_FAILED 106 +# define ENGINE_R_ID_OR_NAME_MISSING 108 +# define ENGINE_R_INIT_FAILED 109 +# define ENGINE_R_INTERNAL_LIST_ERROR 110 +# define ENGINE_R_INVALID_ARGUMENT 143 +# define ENGINE_R_INVALID_CMD_NAME 137 +# define ENGINE_R_INVALID_CMD_NUMBER 138 +# define ENGINE_R_INVALID_INIT_VALUE 151 +# define ENGINE_R_INVALID_STRING 150 +# define ENGINE_R_NOT_INITIALISED 117 +# define ENGINE_R_NOT_LOADED 112 +# define ENGINE_R_NO_CONTROL_FUNCTION 120 +# define ENGINE_R_NO_INDEX 144 +# define ENGINE_R_NO_LOAD_FUNCTION 125 +# define ENGINE_R_NO_REFERENCE 130 +# define ENGINE_R_NO_SUCH_ENGINE 116 +# define ENGINE_R_UNIMPLEMENTED_CIPHER 146 +# define ENGINE_R_UNIMPLEMENTED_DIGEST 147 +# define ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD 101 +# define ENGINE_R_VERSION_INCOMPATIBILITY 145 + +# endif +#endif diff --git a/linux_amd64/ssl/include/openssl/err.h b/linux_amd64/ssl/include/openssl/err.h new file mode 100644 index 0000000..ef8e895 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/err.h @@ -0,0 +1,364 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_ERR_H +# define OPENSSL_ERR_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_ERR_H +# endif + +# include + +# ifndef OPENSSL_NO_STDIO +# include +# include +# endif + +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# ifndef OPENSSL_NO_FILENAMES +# define ERR_PUT_error(l,f,r,fn,ln) ERR_put_error(l,f,r,fn,ln) +# else +# define ERR_PUT_error(l,f,r,fn,ln) ERR_put_error(l,f,r,NULL,0) +# endif +# endif + +# include + +# define ERR_TXT_MALLOCED 0x01 +# define ERR_TXT_STRING 0x02 + +# if !defined(OPENSSL_NO_DEPRECATED_3_0) || defined(OSSL_FORCE_ERR_STATE) +# define ERR_FLAG_MARK 0x01 +# define ERR_FLAG_CLEAR 0x02 + +# define ERR_NUM_ERRORS 16 +struct err_state_st { + int err_flags[ERR_NUM_ERRORS]; + unsigned long err_buffer[ERR_NUM_ERRORS]; + char *err_data[ERR_NUM_ERRORS]; + size_t err_data_size[ERR_NUM_ERRORS]; + int err_data_flags[ERR_NUM_ERRORS]; + const char *err_file[ERR_NUM_ERRORS]; + int err_line[ERR_NUM_ERRORS]; + const char *err_func[ERR_NUM_ERRORS]; + int top, bottom; +}; +# endif + +/* library */ +# define ERR_LIB_NONE 1 +# define ERR_LIB_SYS 2 +# define ERR_LIB_BN 3 +# define ERR_LIB_RSA 4 +# define ERR_LIB_DH 5 +# define ERR_LIB_EVP 6 +# define ERR_LIB_BUF 7 +# define ERR_LIB_OBJ 8 +# define ERR_LIB_PEM 9 +# define ERR_LIB_DSA 10 +# define ERR_LIB_X509 11 +/* #define ERR_LIB_METH 12 */ +# define ERR_LIB_ASN1 13 +# define ERR_LIB_CONF 14 +# define ERR_LIB_CRYPTO 15 +# define ERR_LIB_EC 16 +# define ERR_LIB_SSL 20 +/* #define ERR_LIB_SSL23 21 */ +/* #define ERR_LIB_SSL2 22 */ +/* #define ERR_LIB_SSL3 23 */ +/* #define ERR_LIB_RSAREF 30 */ +/* #define ERR_LIB_PROXY 31 */ +# define ERR_LIB_BIO 32 +# define ERR_LIB_PKCS7 33 +# define ERR_LIB_X509V3 34 +# define ERR_LIB_PKCS12 35 +# define ERR_LIB_RAND 36 +# define ERR_LIB_DSO 37 +# define ERR_LIB_ENGINE 38 +# define ERR_LIB_OCSP 39 +# define ERR_LIB_UI 40 +# define ERR_LIB_COMP 41 +# define ERR_LIB_ECDSA 42 +# define ERR_LIB_ECDH 43 +# define ERR_LIB_OSSL_STORE 44 +# define ERR_LIB_FIPS 45 +# define ERR_LIB_CMS 46 +# define ERR_LIB_TS 47 +# define ERR_LIB_HMAC 48 +/* # define ERR_LIB_JPAKE 49 */ +# define ERR_LIB_CT 50 +# define ERR_LIB_ASYNC 51 +# define ERR_LIB_KDF 52 +# define ERR_LIB_SM2 53 +# define ERR_LIB_ESS 54 +# define ERR_LIB_PROP 55 +# define ERR_LIB_CRMF 56 +# define ERR_LIB_PROV 57 +# define ERR_LIB_CMP 58 +# define ERR_LIB_OSSL_SERIALIZER 59 +# define ERR_LIB_HTTP 60 + +# define ERR_LIB_USER 128 + +# if 1 || !defined(OPENSSL_NO_DEPRECATED_3_0) +# define ASN1err(f, r) ERR_raise_data(ERR_LIB_ASN1, (r), NULL) +# define ASYNCerr(f, r) ERR_raise_data(ERR_LIB_ASYNC, (r), NULL) +# define BIOerr(f, r) ERR_raise_data(ERR_LIB_BIO, (r), NULL) +# define BNerr(f, r) ERR_raise_data(ERR_LIB_BN, (r), NULL) +# define BUFerr(f, r) ERR_raise_data(ERR_LIB_BUF, (r), NULL) +# define CMPerr(f, r) ERR_raise_data(ERR_LIB_CMP, (r), NULL) +# define CMSerr(f, r) ERR_raise_data(ERR_LIB_CMS, (r), NULL) +# define COMPerr(f, r) ERR_raise_data(ERR_LIB_COMP, (r), NULL) +# define CONFerr(f, r) ERR_raise_data(ERR_LIB_CONF, (r), NULL) +# define CRMFerr(f, r) ERR_raise_data(ERR_LIB_CRMF, (r), NULL) +# define CRYPTOerr(f, r) ERR_raise_data(ERR_LIB_CRYPTO, (r), NULL) +# define CTerr(f, r) ERR_raise_data(ERR_LIB_CT, (r), NULL) +# define DHerr(f, r) ERR_raise_data(ERR_LIB_DH, (r), NULL) +# define DSAerr(f, r) ERR_raise_data(ERR_LIB_DSA, (r), NULL) +# define DSOerr(f, r) ERR_raise_data(ERR_LIB_DSO, (r), NULL) +# define ECDHerr(f, r) ERR_raise_data(ERR_LIB_ECDH, (r), NULL) +# define ECDSAerr(f, r) ERR_raise_data(ERR_LIB_ECDSA, (r), NULL) +# define ECerr(f, r) ERR_raise_data(ERR_LIB_EC, (r), NULL) +# define ENGINEerr(f, r) ERR_raise_data(ERR_LIB_ENGINE, (r), NULL) +# define ESSerr(f, r) ERR_raise_data(ERR_LIB_ESS, (r), NULL) +# define EVPerr(f, r) ERR_raise_data(ERR_LIB_EVP, (r), NULL) +# define FIPSerr(f, r) ERR_raise_data(ERR_LIB_FIPS, (r), NULL) +# define HMACerr(f, r) ERR_raise_data(ERR_LIB_HMAC, (r), NULL) +# define HTTPerr(f, r) ERR_raise_data(ERR_LIB_HTTP, (r), NULL) +# define KDFerr(f, r) ERR_raise_data(ERR_LIB_KDF, (r), NULL) +# define OBJerr(f, r) ERR_raise_data(ERR_LIB_OBJ, (r), NULL) +# define OCSPerr(f, r) ERR_raise_data(ERR_LIB_OCSP, (r), NULL) +# define OSSL_STOREerr(f, r) ERR_raise_data(ERR_LIB_OSSL_STORE, (r), NULL) +# define PEMerr(f, r) ERR_raise_data(ERR_LIB_PEM, (r), NULL) +# define PKCS12err(f, r) ERR_raise_data(ERR_LIB_PKCS12, (r), NULL) +# define PKCS7err(f, r) ERR_raise_data(ERR_LIB_PKCS7, (r), NULL) +# define PROPerr(f, r) ERR_raise_data(ERR_LIB_PROP, (r), NULL) +# define PROVerr(f, r) ERR_raise_data(ERR_LIB_PROV, (r), NULL) +# define RANDerr(f, r) ERR_raise_data(ERR_LIB_RAND, (r), NULL) +# define RSAerr(f, r) ERR_raise_data(ERR_LIB_RSA, (r), NULL) +# define KDFerr(f, r) ERR_raise_data(ERR_LIB_KDF, (r), NULL) +# define SM2err(f, r) ERR_raise_data(ERR_LIB_SM2, (r), NULL) +# define SSLerr(f, r) ERR_raise_data(ERR_LIB_SSL, (r), NULL) +# define SYSerr(f, r) ERR_raise_data(ERR_LIB_SYS, (r), NULL) +# define TSerr(f, r) ERR_raise_data(ERR_LIB_TS, (r), NULL) +# define UIerr(f, r) ERR_raise_data(ERR_LIB_UI, (r), NULL) +# define X509V3err(f, r) ERR_raise_data(ERR_LIB_X509V3, (r), NULL) +# define X509err(f, r) ERR_raise_data(ERR_LIB_X509, (r), NULL) +# endif + +# define ERR_PACK(l,f,r) ( \ + (((unsigned int)(l) & 0x0FF) << 24L) | \ + (((unsigned int)(f) & 0xFFF) << 12L) | \ + (((unsigned int)(r) & 0xFFF) ) ) +# define ERR_GET_LIB(l) (int)(((l) >> 24L) & 0x0FFL) +# define ERR_GET_FUNC(l) (int)(((l) >> 12L) & 0xFFFL) +# define ERR_GET_REASON(l) (int)( (l) & 0xFFFL) +# define ERR_FATAL_ERROR(l) (int)( (l) & ERR_R_FATAL) + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define SYS_F_FOPEN 0 +# define SYS_F_CONNECT 0 +# define SYS_F_GETSERVBYNAME 0 +# define SYS_F_SOCKET 0 +# define SYS_F_IOCTLSOCKET 0 +# define SYS_F_BIND 0 +# define SYS_F_LISTEN 0 +# define SYS_F_ACCEPT 0 +# define SYS_F_WSASTARTUP 0 +# define SYS_F_OPENDIR 0 +# define SYS_F_FREAD 0 +# define SYS_F_GETADDRINFO 0 +# define SYS_F_GETNAMEINFO 0 +# define SYS_F_SETSOCKOPT 0 +# define SYS_F_GETSOCKOPT 0 +# define SYS_F_GETSOCKNAME 0 +# define SYS_F_GETHOSTBYNAME 0 +# define SYS_F_FFLUSH 0 +# define SYS_F_OPEN 0 +# define SYS_F_CLOSE 0 +# define SYS_F_IOCTL 0 +# define SYS_F_STAT 0 +# define SYS_F_FCNTL 0 +# define SYS_F_FSTAT 0 +# define SYS_F_SENDFILE 0 +# endif + +/* reasons */ +# define ERR_R_SYS_LIB ERR_LIB_SYS/* 2 */ +# define ERR_R_BN_LIB ERR_LIB_BN/* 3 */ +# define ERR_R_RSA_LIB ERR_LIB_RSA/* 4 */ +# define ERR_R_DH_LIB ERR_LIB_DH/* 5 */ +# define ERR_R_EVP_LIB ERR_LIB_EVP/* 6 */ +# define ERR_R_BUF_LIB ERR_LIB_BUF/* 7 */ +# define ERR_R_OBJ_LIB ERR_LIB_OBJ/* 8 */ +# define ERR_R_PEM_LIB ERR_LIB_PEM/* 9 */ +# define ERR_R_DSA_LIB ERR_LIB_DSA/* 10 */ +# define ERR_R_X509_LIB ERR_LIB_X509/* 11 */ +# define ERR_R_ASN1_LIB ERR_LIB_ASN1/* 13 */ +# define ERR_R_EC_LIB ERR_LIB_EC/* 16 */ +# define ERR_R_BIO_LIB ERR_LIB_BIO/* 32 */ +# define ERR_R_PKCS7_LIB ERR_LIB_PKCS7/* 33 */ +# define ERR_R_X509V3_LIB ERR_LIB_X509V3/* 34 */ +# define ERR_R_ENGINE_LIB ERR_LIB_ENGINE/* 38 */ +# define ERR_R_UI_LIB ERR_LIB_UI/* 40 */ +# define ERR_R_ECDSA_LIB ERR_LIB_ECDSA/* 42 */ +# define ERR_R_OSSL_STORE_LIB ERR_LIB_OSSL_STORE/* 44 */ + +# define ERR_R_NESTED_ASN1_ERROR 58 +# define ERR_R_MISSING_ASN1_EOS 63 + +/* fatal error */ +# define ERR_R_FATAL 64 +# define ERR_R_MALLOC_FAILURE (1|ERR_R_FATAL) +# define ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED (2|ERR_R_FATAL) +# define ERR_R_PASSED_NULL_PARAMETER (3|ERR_R_FATAL) +# define ERR_R_INTERNAL_ERROR (4|ERR_R_FATAL) +# define ERR_R_DISABLED (5|ERR_R_FATAL) +# define ERR_R_INIT_FAIL (6|ERR_R_FATAL) +# define ERR_R_PASSED_INVALID_ARGUMENT (7) +# define ERR_R_OPERATION_FAIL (8|ERR_R_FATAL) +# define ERR_R_INVALID_PROVIDER_FUNCTIONS (9|ERR_R_FATAL) +# define ERR_R_INTERRUPTED_OR_CANCELLED (10) + +/* + * 99 is the maximum possible ERR_R_... code, higher values are reserved for + * the individual libraries + */ + +typedef struct ERR_string_data_st { + unsigned long error; + const char *string; +} ERR_STRING_DATA; + +DEFINE_LHASH_OF(ERR_STRING_DATA); + +/* 12 lines and some on an 80 column terminal */ +#define ERR_MAX_DATA_SIZE 1024 + +/* Building blocks */ +void ERR_new(void); +void ERR_set_debug(const char *file, int line, const char *func); +void ERR_set_error(int lib, int reason, const char *fmt, ...); +void ERR_vset_error(int lib, int reason, const char *fmt, va_list args); + +/* Main error raising functions */ +# define ERR_raise(lib, reason) ERR_raise_data((lib),(reason),NULL) +# define ERR_raise_data \ + (ERR_new(), \ + ERR_set_debug(OPENSSL_FILE,OPENSSL_LINE,OPENSSL_FUNC), \ + ERR_set_error) + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +/* Backward compatibility */ +# define ERR_put_error(lib, func, reason, file, line) \ + (ERR_new(), \ + ERR_set_debug((file), (line), OPENSSL_FUNC), \ + ERR_set_error((lib), (reason), NULL)) +# endif + +void ERR_set_error_data(char *data, int flags); + +unsigned long ERR_get_error(void); +/* + * TODO(3.0) consider if the following three functions should be deprecated. + * They all drop the error record from the error queue, so regardless of which + * one is used, the rest of the information is lost, making them not so useful. + * The recommendation should be to use the peek functions to extract all the + * additional data. + */ +unsigned long ERR_get_error_line(const char **file, int *line); +unsigned long ERR_get_error_func(const char **func); +unsigned long ERR_get_error_data(const char **data, int *flags); +unsigned long ERR_get_error_all(const char **file, int *line, + const char **func, + const char **data, int *flags); +DEPRECATEDIN_3_0(unsigned long ERR_get_error_line_data(const char **file, + int *line, + const char **data, + int *flags)) +unsigned long ERR_peek_error(void); +unsigned long ERR_peek_error_line(const char **file, int *line); +unsigned long ERR_peek_error_func(const char **func); +unsigned long ERR_peek_error_data(const char **data, int *flags); +unsigned long ERR_peek_error_all(const char **file, int *line, + const char **func, + const char **data, int *flags); +DEPRECATEDIN_3_0(unsigned long ERR_peek_error_line_data(const char **file, + int *line, + const char **data, + int *flags)) +unsigned long ERR_peek_last_error(void); +unsigned long ERR_peek_last_error_line(const char **file, int *line); +unsigned long ERR_peek_last_error_func(const char **func); +unsigned long ERR_peek_last_error_data(const char **data, int *flags); +unsigned long ERR_peek_last_error_all(const char **file, int *line, + const char **func, + const char **data, int *flags); +DEPRECATEDIN_3_0(unsigned long ERR_peek_last_error_line_data(const char **file, + int *line, + const char **data, + int *flags)) + +void ERR_clear_error(void); + +char *ERR_error_string(unsigned long e, char *buf); +void ERR_error_string_n(unsigned long e, char *buf, size_t len); +const char *ERR_lib_error_string(unsigned long e); +DEPRECATEDIN_3_0(const char *ERR_func_error_string(unsigned long e)) +const char *ERR_reason_error_string(unsigned long e); + +void ERR_print_errors_cb(int (*cb) (const char *str, size_t len, void *u), + void *u); +# ifndef OPENSSL_NO_STDIO +void ERR_print_errors_fp(FILE *fp); +# endif +void ERR_print_errors(BIO *bp); + +void ERR_add_error_data(int num, ...); +void ERR_add_error_vdata(int num, va_list args); +void ERR_add_error_txt(const char *sepr, const char *txt); +void ERR_add_error_mem_bio(const char *sep, BIO *bio); + +int ERR_load_strings(int lib, ERR_STRING_DATA *str); +int ERR_load_strings_const(const ERR_STRING_DATA *str); +int ERR_unload_strings(int lib, ERR_STRING_DATA *str); +int ERR_load_ERR_strings(void); + +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define ERR_load_crypto_strings() \ + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL) +# define ERR_free_strings() while(0) continue +#endif + +DEPRECATEDIN_1_1_0(void ERR_remove_thread_state(void *)) +DEPRECATEDIN_1_0_0(void ERR_remove_state(unsigned long pid)) +DEPRECATEDIN_3_0(ERR_STATE *ERR_get_state(void)) + +int ERR_get_next_error_library(void); + +int ERR_set_mark(void); +int ERR_pop_to_mark(void); +int ERR_clear_last_mark(void); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/linux_amd64/ssl/include/openssl/ess.h b/linux_amd64/ssl/include/openssl/ess.h new file mode 100644 index 0000000..c20bf82 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/ess.h @@ -0,0 +1,56 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_ESS_H +# define OPENSSL_ESS_H + +# include + +# ifdef __cplusplus +extern "C" { +# endif +# include +# include +# include + +typedef struct ESS_issuer_serial ESS_ISSUER_SERIAL; +typedef struct ESS_cert_id ESS_CERT_ID; +typedef struct ESS_signing_cert ESS_SIGNING_CERT; + +DEFINE_STACK_OF(ESS_CERT_ID) + +typedef struct ESS_signing_cert_v2_st ESS_SIGNING_CERT_V2; +typedef struct ESS_cert_id_v2_st ESS_CERT_ID_V2; + +DEFINE_STACK_OF(ESS_CERT_ID_V2) + +DECLARE_ASN1_ALLOC_FUNCTIONS(ESS_ISSUER_SERIAL) +DECLARE_ASN1_ENCODE_FUNCTIONS_only(ESS_ISSUER_SERIAL, ESS_ISSUER_SERIAL) +DECLARE_ASN1_DUP_FUNCTION(ESS_ISSUER_SERIAL) + +DECLARE_ASN1_ALLOC_FUNCTIONS(ESS_CERT_ID) +DECLARE_ASN1_ENCODE_FUNCTIONS_only(ESS_CERT_ID, ESS_CERT_ID) +DECLARE_ASN1_DUP_FUNCTION(ESS_CERT_ID) + +DECLARE_ASN1_ALLOC_FUNCTIONS(ESS_SIGNING_CERT) +DECLARE_ASN1_ENCODE_FUNCTIONS_only(ESS_SIGNING_CERT, ESS_SIGNING_CERT) +DECLARE_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT) + +DECLARE_ASN1_ALLOC_FUNCTIONS(ESS_CERT_ID_V2) +DECLARE_ASN1_ENCODE_FUNCTIONS_only(ESS_CERT_ID_V2, ESS_CERT_ID_V2) +DECLARE_ASN1_DUP_FUNCTION(ESS_CERT_ID_V2) + +DECLARE_ASN1_ALLOC_FUNCTIONS(ESS_SIGNING_CERT_V2) +DECLARE_ASN1_ENCODE_FUNCTIONS_only(ESS_SIGNING_CERT_V2, ESS_SIGNING_CERT_V2) +DECLARE_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT_V2) + +# ifdef __cplusplus +} +# endif +#endif diff --git a/linux_amd64/ssl/include/openssl/esserr.h b/linux_amd64/ssl/include/openssl/esserr.h new file mode 100644 index 0000000..8befce5 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/esserr.h @@ -0,0 +1,42 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_ESSERR_H +# define OPENSSL_ESSERR_H + +# include +# include + + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_ESS_strings(void); + +/* + * ESS function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define ESS_F_ESS_CERT_ID_NEW_INIT 0 +# define ESS_F_ESS_CERT_ID_V2_NEW_INIT 0 +# define ESS_F_ESS_SIGNING_CERT_ADD 0 +# define ESS_F_ESS_SIGNING_CERT_NEW_INIT 0 +# define ESS_F_ESS_SIGNING_CERT_V2_ADD 0 +# define ESS_F_ESS_SIGNING_CERT_V2_NEW_INIT 0 +# endif + +/* + * ESS reason codes. + */ +# define ESS_R_ESS_SIGNING_CERTIFICATE_ERROR 102 +# define ESS_R_ESS_SIGNING_CERT_ADD_ERROR 100 +# define ESS_R_ESS_SIGNING_CERT_V2_ADD_ERROR 101 + +#endif diff --git a/linux_amd64/ssl/include/openssl/evp.h b/linux_amd64/ssl/include/openssl/evp.h new file mode 100644 index 0000000..7aa56b3 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/evp.h @@ -0,0 +1,1867 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_EVP_H +# define OPENSSL_EVP_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_ENVELOPE_H +# endif + +# include + +# include +# include +# include +# include +# include +# include +# include + +# define EVP_MAX_MD_SIZE 64/* longest known is SHA512 */ +# define EVP_MAX_KEY_LENGTH 64 +# define EVP_MAX_IV_LENGTH 16 +# define EVP_MAX_BLOCK_LENGTH 32 + +# define PKCS5_SALT_LEN 8 +/* Default PKCS#5 iteration count */ +# define PKCS5_DEFAULT_ITER 2048 + +# include + +# define EVP_PK_RSA 0x0001 +# define EVP_PK_DSA 0x0002 +# define EVP_PK_DH 0x0004 +# define EVP_PK_EC 0x0008 +# define EVP_PKT_SIGN 0x0010 +# define EVP_PKT_ENC 0x0020 +# define EVP_PKT_EXCH 0x0040 +# define EVP_PKS_RSA 0x0100 +# define EVP_PKS_DSA 0x0200 +# define EVP_PKS_EC 0x0400 + +# define EVP_PKEY_NONE NID_undef +# define EVP_PKEY_RSA NID_rsaEncryption +# define EVP_PKEY_RSA2 NID_rsa +# define EVP_PKEY_RSA_PSS NID_rsassaPss +# define EVP_PKEY_DSA NID_dsa +# define EVP_PKEY_DSA1 NID_dsa_2 +# define EVP_PKEY_DSA2 NID_dsaWithSHA +# define EVP_PKEY_DSA3 NID_dsaWithSHA1 +# define EVP_PKEY_DSA4 NID_dsaWithSHA1_2 +# define EVP_PKEY_DH NID_dhKeyAgreement +# define EVP_PKEY_DHX NID_dhpublicnumber +# define EVP_PKEY_EC NID_X9_62_id_ecPublicKey +# define EVP_PKEY_SM2 NID_sm2 +# define EVP_PKEY_HMAC NID_hmac +# define EVP_PKEY_CMAC NID_cmac +# define EVP_PKEY_SCRYPT NID_id_scrypt +# define EVP_PKEY_TLS1_PRF NID_tls1_prf +# define EVP_PKEY_HKDF NID_hkdf +# define EVP_PKEY_POLY1305 NID_poly1305 +# define EVP_PKEY_SIPHASH NID_siphash +# define EVP_PKEY_X25519 NID_X25519 +# define EVP_PKEY_ED25519 NID_ED25519 +# define EVP_PKEY_X448 NID_X448 +# define EVP_PKEY_ED448 NID_ED448 + +#ifdef __cplusplus +extern "C" { +#endif + +int EVP_set_default_properties(OPENSSL_CTX *libctx, const char *propq); + +# define EVP_PKEY_MO_SIGN 0x0001 +# define EVP_PKEY_MO_VERIFY 0x0002 +# define EVP_PKEY_MO_ENCRYPT 0x0004 +# define EVP_PKEY_MO_DECRYPT 0x0008 + +# ifndef EVP_MD +EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type); +EVP_MD *EVP_MD_meth_dup(const EVP_MD *md); +void EVP_MD_meth_free(EVP_MD *md); + +int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize); +int EVP_MD_meth_set_result_size(EVP_MD *md, int resultsize); +int EVP_MD_meth_set_app_datasize(EVP_MD *md, int datasize); +int EVP_MD_meth_set_flags(EVP_MD *md, unsigned long flags); +int EVP_MD_meth_set_init(EVP_MD *md, int (*init)(EVP_MD_CTX *ctx)); +int EVP_MD_meth_set_update(EVP_MD *md, int (*update)(EVP_MD_CTX *ctx, + const void *data, + size_t count)); +int EVP_MD_meth_set_final(EVP_MD *md, int (*final)(EVP_MD_CTX *ctx, + unsigned char *md)); +int EVP_MD_meth_set_copy(EVP_MD *md, int (*copy)(EVP_MD_CTX *to, + const EVP_MD_CTX *from)); +int EVP_MD_meth_set_cleanup(EVP_MD *md, int (*cleanup)(EVP_MD_CTX *ctx)); +int EVP_MD_meth_set_ctrl(EVP_MD *md, int (*ctrl)(EVP_MD_CTX *ctx, int cmd, + int p1, void *p2)); + +int EVP_MD_meth_get_input_blocksize(const EVP_MD *md); +int EVP_MD_meth_get_result_size(const EVP_MD *md); +int EVP_MD_meth_get_app_datasize(const EVP_MD *md); +unsigned long EVP_MD_meth_get_flags(const EVP_MD *md); +int (*EVP_MD_meth_get_init(const EVP_MD *md))(EVP_MD_CTX *ctx); +int (*EVP_MD_meth_get_update(const EVP_MD *md))(EVP_MD_CTX *ctx, + const void *data, + size_t count); +int (*EVP_MD_meth_get_final(const EVP_MD *md))(EVP_MD_CTX *ctx, + unsigned char *md); +int (*EVP_MD_meth_get_copy(const EVP_MD *md))(EVP_MD_CTX *to, + const EVP_MD_CTX *from); +int (*EVP_MD_meth_get_cleanup(const EVP_MD *md))(EVP_MD_CTX *ctx); +int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd, + int p1, void *p2); + +/* digest can only handle a single block */ +# define EVP_MD_FLAG_ONESHOT 0x0001 + +/* digest is extensible-output function, XOF */ +# define EVP_MD_FLAG_XOF 0x0002 + +/* DigestAlgorithmIdentifier flags... */ + +# define EVP_MD_FLAG_DIGALGID_MASK 0x0018 + +/* NULL or absent parameter accepted. Use NULL */ + +# define EVP_MD_FLAG_DIGALGID_NULL 0x0000 + +/* NULL or absent parameter accepted. Use NULL for PKCS#1 otherwise absent */ + +# define EVP_MD_FLAG_DIGALGID_ABSENT 0x0008 + +/* Custom handling via ctrl */ + +# define EVP_MD_FLAG_DIGALGID_CUSTOM 0x0018 + +/* Note if suitable for use in FIPS mode */ +# define EVP_MD_FLAG_FIPS 0x0400 + +/* Digest ctrls */ + +# define EVP_MD_CTRL_DIGALGID 0x1 +# define EVP_MD_CTRL_MICALG 0x2 +# define EVP_MD_CTRL_XOF_LEN 0x3 + +/* Minimum Algorithm specific ctrl value */ + +# define EVP_MD_CTRL_ALG_CTRL 0x1000 + +# endif /* !EVP_MD */ + +/* values for EVP_MD_CTX flags */ + +# define EVP_MD_CTX_FLAG_ONESHOT 0x0001/* digest update will be + * called once only */ +# define EVP_MD_CTX_FLAG_CLEANED 0x0002/* context has already been + * cleaned */ +# define EVP_MD_CTX_FLAG_REUSE 0x0004/* Don't free up ctx->md_data + * in EVP_MD_CTX_reset */ +/* + * FIPS and pad options are ignored in 1.0.0, definitions are here so we + * don't accidentally reuse the values for other purposes. + */ + +# define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008/* Allow use of non FIPS + * digest in FIPS mode */ + +/* + * The following PAD options are also currently ignored in 1.0.0, digest + * parameters are handled through EVP_DigestSign*() and EVP_DigestVerify*() + * instead. + */ +# define EVP_MD_CTX_FLAG_PAD_MASK 0xF0/* RSA mode to use */ +# define EVP_MD_CTX_FLAG_PAD_PKCS1 0x00/* PKCS#1 v1.5 mode */ +# define EVP_MD_CTX_FLAG_PAD_X931 0x10/* X9.31 mode */ +# define EVP_MD_CTX_FLAG_PAD_PSS 0x20/* PSS mode */ + +# define EVP_MD_CTX_FLAG_NO_INIT 0x0100/* Don't initialize md_data */ +/* + * Some functions such as EVP_DigestSign only finalise copies of internal + * contexts so additional data can be included after the finalisation call. + * This is inefficient if this functionality is not required: it is disabled + * if the following flag is set. + */ +# define EVP_MD_CTX_FLAG_FINALISE 0x0200 +/* NOTE: 0x0400 is reserved for internal usage */ + +EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len); +EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher); +void EVP_CIPHER_meth_free(EVP_CIPHER *cipher); + +int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len); +int EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags); +int EVP_CIPHER_meth_set_impl_ctx_size(EVP_CIPHER *cipher, int ctx_size); +int EVP_CIPHER_meth_set_init(EVP_CIPHER *cipher, + int (*init) (EVP_CIPHER_CTX *ctx, + const unsigned char *key, + const unsigned char *iv, + int enc)); +int EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher, + int (*do_cipher) (EVP_CIPHER_CTX *ctx, + unsigned char *out, + const unsigned char *in, + size_t inl)); +int EVP_CIPHER_meth_set_cleanup(EVP_CIPHER *cipher, + int (*cleanup) (EVP_CIPHER_CTX *)); +int EVP_CIPHER_meth_set_set_asn1_params(EVP_CIPHER *cipher, + int (*set_asn1_parameters) (EVP_CIPHER_CTX *, + ASN1_TYPE *)); +int EVP_CIPHER_meth_set_get_asn1_params(EVP_CIPHER *cipher, + int (*get_asn1_parameters) (EVP_CIPHER_CTX *, + ASN1_TYPE *)); +int EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher, + int (*ctrl) (EVP_CIPHER_CTX *, int type, + int arg, void *ptr)); + +int (*EVP_CIPHER_meth_get_init(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx, + const unsigned char *key, + const unsigned char *iv, + int enc); +int (*EVP_CIPHER_meth_get_do_cipher(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx, + unsigned char *out, + const unsigned char *in, + size_t inl); +int (*EVP_CIPHER_meth_get_cleanup(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *); +int (*EVP_CIPHER_meth_get_set_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, + ASN1_TYPE *); +int (*EVP_CIPHER_meth_get_get_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, + ASN1_TYPE *); +int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, + int type, int arg, + void *ptr); + +/* Values for cipher flags */ + +/* Modes for ciphers */ + +# define EVP_CIPH_STREAM_CIPHER 0x0 +# define EVP_CIPH_ECB_MODE 0x1 +# define EVP_CIPH_CBC_MODE 0x2 +# define EVP_CIPH_CFB_MODE 0x3 +# define EVP_CIPH_OFB_MODE 0x4 +# define EVP_CIPH_CTR_MODE 0x5 +# define EVP_CIPH_GCM_MODE 0x6 +# define EVP_CIPH_CCM_MODE 0x7 +# define EVP_CIPH_XTS_MODE 0x10001 +# define EVP_CIPH_WRAP_MODE 0x10002 +# define EVP_CIPH_OCB_MODE 0x10003 +# define EVP_CIPH_SIV_MODE 0x10004 +# define EVP_CIPH_MODE 0xF0007 +/* Set if variable length cipher */ +# define EVP_CIPH_VARIABLE_LENGTH 0x8 +/* Set if the iv handling should be done by the cipher itself */ +# define EVP_CIPH_CUSTOM_IV 0x10 +/* Set if the cipher's init() function should be called if key is NULL */ +# define EVP_CIPH_ALWAYS_CALL_INIT 0x20 +/* Call ctrl() to init cipher parameters */ +# define EVP_CIPH_CTRL_INIT 0x40 +/* Don't use standard key length function */ +# define EVP_CIPH_CUSTOM_KEY_LENGTH 0x80 +/* Don't use standard block padding */ +# define EVP_CIPH_NO_PADDING 0x100 +/* cipher handles random key generation */ +# define EVP_CIPH_RAND_KEY 0x200 +/* cipher has its own additional copying logic */ +# define EVP_CIPH_CUSTOM_COPY 0x400 +/* Don't use standard iv length function */ +# define EVP_CIPH_CUSTOM_IV_LENGTH 0x800 +/* Legacy and no longer relevant: Allow use default ASN1 get/set iv */ +# define EVP_CIPH_FLAG_DEFAULT_ASN1 0 +/* Free: 0x1000 */ +/* Buffer length in bits not bytes: CFB1 mode only */ +# define EVP_CIPH_FLAG_LENGTH_BITS 0x2000 +/* Note if suitable for use in FIPS mode */ +# define EVP_CIPH_FLAG_FIPS 0x4000 +/* Allow non FIPS cipher in FIPS mode */ +# define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x8000 +/* + * Cipher handles any and all padding logic as well as finalisation. + */ +# define EVP_CIPH_FLAG_CUSTOM_CIPHER 0x100000 +# define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000 +# define EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0x400000 +/* Cipher can handle pipeline operations */ +# define EVP_CIPH_FLAG_PIPELINE 0X800000 +/* For provider implementations that handle ASN1 get/set param themselves */ +# define EVP_CIPH_FLAG_CUSTOM_ASN1 0x1000000 + +/* + * Cipher context flag to indicate we can handle wrap mode: if allowed in + * older applications it could overflow buffers. + */ + +# define EVP_CIPHER_CTX_FLAG_WRAP_ALLOW 0x1 + +/* ctrl() values */ + +# define EVP_CTRL_INIT 0x0 +# define EVP_CTRL_SET_KEY_LENGTH 0x1 +# define EVP_CTRL_GET_RC2_KEY_BITS 0x2 +# define EVP_CTRL_SET_RC2_KEY_BITS 0x3 +# define EVP_CTRL_GET_RC5_ROUNDS 0x4 +# define EVP_CTRL_SET_RC5_ROUNDS 0x5 +# define EVP_CTRL_RAND_KEY 0x6 +# define EVP_CTRL_PBE_PRF_NID 0x7 +# define EVP_CTRL_COPY 0x8 +# define EVP_CTRL_AEAD_SET_IVLEN 0x9 +# define EVP_CTRL_AEAD_GET_TAG 0x10 +# define EVP_CTRL_AEAD_SET_TAG 0x11 +# define EVP_CTRL_AEAD_SET_IV_FIXED 0x12 +# define EVP_CTRL_GCM_SET_IVLEN EVP_CTRL_AEAD_SET_IVLEN +# define EVP_CTRL_GCM_GET_TAG EVP_CTRL_AEAD_GET_TAG +# define EVP_CTRL_GCM_SET_TAG EVP_CTRL_AEAD_SET_TAG +# define EVP_CTRL_GCM_SET_IV_FIXED EVP_CTRL_AEAD_SET_IV_FIXED +# define EVP_CTRL_GCM_IV_GEN 0x13 +# define EVP_CTRL_CCM_SET_IVLEN EVP_CTRL_AEAD_SET_IVLEN +# define EVP_CTRL_CCM_GET_TAG EVP_CTRL_AEAD_GET_TAG +# define EVP_CTRL_CCM_SET_TAG EVP_CTRL_AEAD_SET_TAG +# define EVP_CTRL_CCM_SET_IV_FIXED EVP_CTRL_AEAD_SET_IV_FIXED +# define EVP_CTRL_CCM_SET_L 0x14 +# define EVP_CTRL_CCM_SET_MSGLEN 0x15 +/* + * AEAD cipher deduces payload length and returns number of bytes required to + * store MAC and eventual padding. Subsequent call to EVP_Cipher even + * appends/verifies MAC. + */ +# define EVP_CTRL_AEAD_TLS1_AAD 0x16 +/* Used by composite AEAD ciphers, no-op in GCM, CCM... */ +# define EVP_CTRL_AEAD_SET_MAC_KEY 0x17 +/* Set the GCM invocation field, decrypt only */ +# define EVP_CTRL_GCM_SET_IV_INV 0x18 + +# define EVP_CTRL_TLS1_1_MULTIBLOCK_AAD 0x19 +# define EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT 0x1a +# define EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT 0x1b +# define EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE 0x1c + +# define EVP_CTRL_SSL3_MASTER_SECRET 0x1d + +/* EVP_CTRL_SET_SBOX takes the char * specifying S-boxes */ +# define EVP_CTRL_SET_SBOX 0x1e +/* + * EVP_CTRL_SBOX_USED takes a 'size_t' and 'char *', pointing at a + * pre-allocated buffer with specified size + */ +# define EVP_CTRL_SBOX_USED 0x1f +/* EVP_CTRL_KEY_MESH takes 'size_t' number of bytes to mesh the key after, + * 0 switches meshing off + */ +# define EVP_CTRL_KEY_MESH 0x20 +/* EVP_CTRL_BLOCK_PADDING_MODE takes the padding mode */ +# define EVP_CTRL_BLOCK_PADDING_MODE 0x21 + +/* Set the output buffers to use for a pipelined operation */ +# define EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS 0x22 +/* Set the input buffers to use for a pipelined operation */ +# define EVP_CTRL_SET_PIPELINE_INPUT_BUFS 0x23 +/* Set the input buffer lengths to use for a pipelined operation */ +# define EVP_CTRL_SET_PIPELINE_INPUT_LENS 0x24 +/* Get the IV length used by the cipher */ +# define EVP_CTRL_GET_IVLEN 0x25 +/* Get the IV used by the cipher */ +# define EVP_CTRL_GET_IV 0x26 +/* Tell the cipher it's doing a speed test (SIV disallows multiple ops) */ +# define EVP_CTRL_SET_SPEED 0x27 + +/* Padding modes */ +#define EVP_PADDING_PKCS7 1 +#define EVP_PADDING_ISO7816_4 2 +#define EVP_PADDING_ANSI923 3 +#define EVP_PADDING_ISO10126 4 +#define EVP_PADDING_ZERO 5 + +/* RFC 5246 defines additional data to be 13 bytes in length */ +# define EVP_AEAD_TLS1_AAD_LEN 13 + +typedef struct { + unsigned char *out; + const unsigned char *inp; + size_t len; + unsigned int interleave; +} EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM; + +/* GCM TLS constants */ +/* Length of fixed part of IV derived from PRF */ +# define EVP_GCM_TLS_FIXED_IV_LEN 4 +/* Length of explicit part of IV part of TLS records */ +# define EVP_GCM_TLS_EXPLICIT_IV_LEN 8 +/* Length of tag for TLS */ +# define EVP_GCM_TLS_TAG_LEN 16 + +/* CCM TLS constants */ +/* Length of fixed part of IV derived from PRF */ +# define EVP_CCM_TLS_FIXED_IV_LEN 4 +/* Length of explicit part of IV part of TLS records */ +# define EVP_CCM_TLS_EXPLICIT_IV_LEN 8 +/* Total length of CCM IV length for TLS */ +# define EVP_CCM_TLS_IV_LEN 12 +/* Length of tag for TLS */ +# define EVP_CCM_TLS_TAG_LEN 16 +/* Length of CCM8 tag for TLS */ +# define EVP_CCM8_TLS_TAG_LEN 8 + +/* Length of tag for TLS */ +# define EVP_CHACHAPOLY_TLS_TAG_LEN 16 + +typedef struct evp_cipher_info_st { + const EVP_CIPHER *cipher; + unsigned char iv[EVP_MAX_IV_LENGTH]; +} EVP_CIPHER_INFO; + + +/* Password based encryption function */ +typedef int (EVP_PBE_KEYGEN) (EVP_CIPHER_CTX *ctx, const char *pass, + int passlen, ASN1_TYPE *param, + const EVP_CIPHER *cipher, const EVP_MD *md, + int en_de); + +# ifndef OPENSSL_NO_RSA +# define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\ + (rsa)) +# endif + +# ifndef OPENSSL_NO_DSA +# define EVP_PKEY_assign_DSA(pkey,dsa) EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\ + (dsa)) +# endif + +# ifndef OPENSSL_NO_DH +# define EVP_PKEY_assign_DH(pkey,dh) EVP_PKEY_assign((pkey),EVP_PKEY_DH,(dh)) +# endif + +# ifndef OPENSSL_NO_EC +# define EVP_PKEY_assign_EC_KEY(pkey,eckey) EVP_PKEY_assign((pkey),EVP_PKEY_EC,\ + (eckey)) +# endif +# ifndef OPENSSL_NO_SIPHASH +# define EVP_PKEY_assign_SIPHASH(pkey,shkey) EVP_PKEY_assign((pkey),\ + EVP_PKEY_SIPHASH,(shkey)) +# endif + +# ifndef OPENSSL_NO_POLY1305 +# define EVP_PKEY_assign_POLY1305(pkey,polykey) EVP_PKEY_assign((pkey),\ + EVP_PKEY_POLY1305,(polykey)) +# endif + +/* Add some extra combinations */ +# define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a)) +# define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a)) +# define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a)) +# define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a)) + +int EVP_MD_type(const EVP_MD *md); +# define EVP_MD_nid(e) EVP_MD_type(e) +const char *EVP_MD_name(const EVP_MD *md); +int EVP_MD_number(const EVP_MD *md); +int EVP_MD_is_a(const EVP_MD *md, const char *name); +void EVP_MD_names_do_all(const EVP_MD *md, + void (*fn)(const char *name, void *data), + void *data); +const OSSL_PROVIDER *EVP_MD_provider(const EVP_MD *md); +int EVP_MD_pkey_type(const EVP_MD *md); +int EVP_MD_size(const EVP_MD *md); +int EVP_MD_block_size(const EVP_MD *md); +unsigned long EVP_MD_flags(const EVP_MD *md); + +const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx); +int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx, + const void *data, size_t count); +void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx, + int (*update) (EVP_MD_CTX *ctx, + const void *data, size_t count)); +# define EVP_MD_CTX_name(e) EVP_MD_name(EVP_MD_CTX_md(e)) +# define EVP_MD_CTX_size(e) EVP_MD_size(EVP_MD_CTX_md(e)) +# define EVP_MD_CTX_block_size(e) EVP_MD_block_size(EVP_MD_CTX_md(e)) +# define EVP_MD_CTX_type(e) EVP_MD_type(EVP_MD_CTX_md(e)) +EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx); +void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx); +void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx); + +int EVP_CIPHER_nid(const EVP_CIPHER *cipher); +const char *EVP_CIPHER_name(const EVP_CIPHER *cipher); +int EVP_CIPHER_number(const EVP_CIPHER *cipher); +int EVP_CIPHER_is_a(const EVP_CIPHER *cipher, const char *name); +void EVP_CIPHER_names_do_all(const EVP_CIPHER *cipher, + void (*fn)(const char *name, void *data), + void *data); +const OSSL_PROVIDER *EVP_CIPHER_provider(const EVP_CIPHER *cipher); +int EVP_CIPHER_block_size(const EVP_CIPHER *cipher); +int EVP_CIPHER_impl_ctx_size(const EVP_CIPHER *cipher); +int EVP_CIPHER_key_length(const EVP_CIPHER *cipher); +int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher); +unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher); +int EVP_CIPHER_mode(const EVP_CIPHER *cipher); +EVP_CIPHER *EVP_CIPHER_fetch(OPENSSL_CTX *ctx, const char *algorithm, + const char *properties); +int EVP_CIPHER_up_ref(EVP_CIPHER *cipher); +void EVP_CIPHER_free(EVP_CIPHER *cipher); + +const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_tag_length(const EVP_CIPHER_CTX *ctx); +const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx); +const unsigned char *EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX *ctx); +unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx); +unsigned char *EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_num(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num); +int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in); +void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx); +void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data); +void *EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx); +void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data); +# define EVP_CIPHER_CTX_name(c) EVP_CIPHER_name(EVP_CIPHER_CTX_cipher(c)) +# define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c)) +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define EVP_CIPHER_CTX_flags(c) EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(c)) +# endif +# define EVP_CIPHER_CTX_mode(c) EVP_CIPHER_mode(EVP_CIPHER_CTX_cipher(c)) + +# define EVP_ENCODE_LENGTH(l) ((((l)+2)/3*4)+((l)/48+1)*2+80) +# define EVP_DECODE_LENGTH(l) (((l)+3)/4*3+80) + +# define EVP_SignInit_ex(a,b,c) EVP_DigestInit_ex(a,b,c) +# define EVP_SignInit(a,b) EVP_DigestInit(a,b) +# define EVP_SignUpdate(a,b,c) EVP_DigestUpdate(a,b,c) +# define EVP_VerifyInit_ex(a,b,c) EVP_DigestInit_ex(a,b,c) +# define EVP_VerifyInit(a,b) EVP_DigestInit(a,b) +# define EVP_VerifyUpdate(a,b,c) EVP_DigestUpdate(a,b,c) +# define EVP_OpenUpdate(a,b,c,d,e) EVP_DecryptUpdate(a,b,c,d,e) +# define EVP_SealUpdate(a,b,c,d,e) EVP_EncryptUpdate(a,b,c,d,e) + +# ifdef CONST_STRICT +void BIO_set_md(BIO *, const EVP_MD *md); +# else +# define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,0,(void *)(md)) +# endif +# define BIO_get_md(b,mdp) BIO_ctrl(b,BIO_C_GET_MD,0,(mdp)) +# define BIO_get_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_GET_MD_CTX,0,(mdcp)) +# define BIO_set_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_SET_MD_CTX,0,(mdcp)) +# define BIO_get_cipher_status(b) BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL) +# define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(c_pp)) + +/*__owur*/ int EVP_Cipher(EVP_CIPHER_CTX *c, + unsigned char *out, + const unsigned char *in, unsigned int inl); + +# define EVP_add_cipher_alias(n,alias) \ + OBJ_NAME_add((alias),OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS,(n)) +# define EVP_add_digest_alias(n,alias) \ + OBJ_NAME_add((alias),OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,(n)) +# define EVP_delete_cipher_alias(alias) \ + OBJ_NAME_remove(alias,OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS); +# define EVP_delete_digest_alias(alias) \ + OBJ_NAME_remove(alias,OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS); + +int EVP_MD_get_params(const EVP_MD *digest, OSSL_PARAM params[]); +int EVP_MD_CTX_set_params(EVP_MD_CTX *ctx, const OSSL_PARAM params[]); +int EVP_MD_CTX_get_params(EVP_MD_CTX *ctx, OSSL_PARAM params[]); +const OSSL_PARAM *EVP_MD_gettable_params(const EVP_MD *digest); +const OSSL_PARAM *EVP_MD_settable_ctx_params(const EVP_MD *md); +const OSSL_PARAM *EVP_MD_gettable_ctx_params(const EVP_MD *md); +const OSSL_PARAM *EVP_MD_CTX_settable_params(EVP_MD_CTX *ctx); +const OSSL_PARAM *EVP_MD_CTX_gettable_params(EVP_MD_CTX *ctx); +int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2); +EVP_MD_CTX *EVP_MD_CTX_new(void); +int EVP_MD_CTX_reset(EVP_MD_CTX *ctx); +void EVP_MD_CTX_free(EVP_MD_CTX *ctx); +# define EVP_MD_CTX_create() EVP_MD_CTX_new() +# define EVP_MD_CTX_init(ctx) EVP_MD_CTX_reset((ctx)) +# define EVP_MD_CTX_destroy(ctx) EVP_MD_CTX_free((ctx)) +__owur int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in); +void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags); +void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags); +int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags); +__owur int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, + ENGINE *impl); +__owur int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, + size_t cnt); +__owur int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, + unsigned int *s); +__owur int EVP_Digest(const void *data, size_t count, + unsigned char *md, unsigned int *size, + const EVP_MD *type, ENGINE *impl); + +__owur int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in); +__owur int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); +__owur int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, + unsigned int *s); +__owur int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, + size_t len); + +__owur EVP_MD *EVP_MD_fetch(OPENSSL_CTX *ctx, const char *algorithm, + const char *properties); +int EVP_MD_up_ref(EVP_MD *md); +void EVP_MD_free(EVP_MD *md); + +int EVP_read_pw_string(char *buf, int length, const char *prompt, int verify); +int EVP_read_pw_string_min(char *buf, int minlen, int maxlen, + const char *prompt, int verify); +void EVP_set_pw_prompt(const char *prompt); +char *EVP_get_pw_prompt(void); + +__owur int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, + const unsigned char *salt, + const unsigned char *data, int datal, int count, + unsigned char *key, unsigned char *iv); + +void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags); +void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags); +int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags); + +__owur int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + const unsigned char *key, const unsigned char *iv); +/*__owur*/ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, + const EVP_CIPHER *cipher, ENGINE *impl, + const unsigned char *key, + const unsigned char *iv); +/*__owur*/ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl, const unsigned char *in, int inl); +/*__owur*/ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl); +/*__owur*/ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl); + +__owur int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + const unsigned char *key, const unsigned char *iv); +/*__owur*/ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, + const EVP_CIPHER *cipher, ENGINE *impl, + const unsigned char *key, + const unsigned char *iv); +/*__owur*/ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl, const unsigned char *in, int inl); +__owur int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, + int *outl); +/*__owur*/ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, + int *outl); + +__owur int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + const unsigned char *key, const unsigned char *iv, + int enc); +/*__owur*/ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, + const EVP_CIPHER *cipher, ENGINE *impl, + const unsigned char *key, + const unsigned char *iv, int enc); +__owur int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl, const unsigned char *in, int inl); +__owur int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, + int *outl); +__owur int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, + int *outl); + +__owur int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s, + EVP_PKEY *pkey); + +__owur int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, + size_t *siglen, const unsigned char *tbs, + size_t tbslen); + +__owur int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, + unsigned int siglen, EVP_PKEY *pkey); + +__owur int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, + size_t siglen, const unsigned char *tbs, + size_t tbslen); + +int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + const char *mdname, const char *props, + EVP_PKEY *pkey); +/*__owur*/ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + const EVP_MD *type, ENGINE *e, + EVP_PKEY *pkey); +int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize); +__owur int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, + size_t *siglen); + +int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + const char *mdname, const char *props, + EVP_PKEY *pkey); +__owur int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + const EVP_MD *type, ENGINE *e, + EVP_PKEY *pkey); +int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize); +__owur int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, + size_t siglen); + +# ifndef OPENSSL_NO_RSA +__owur int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, + const unsigned char *ek, int ekl, + const unsigned char *iv, EVP_PKEY *priv); +__owur int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); + +__owur int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, + unsigned char **ek, int *ekl, unsigned char *iv, + EVP_PKEY **pubk, int npubk); +__owur int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); +# endif + +EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void); +void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx); +int EVP_ENCODE_CTX_copy(EVP_ENCODE_CTX *dctx, const EVP_ENCODE_CTX *sctx); +int EVP_ENCODE_CTX_num(EVP_ENCODE_CTX *ctx); +void EVP_EncodeInit(EVP_ENCODE_CTX *ctx); +int EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, + const unsigned char *in, int inl); +void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl); +int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n); + +void EVP_DecodeInit(EVP_ENCODE_CTX *ctx); +int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, + const unsigned char *in, int inl); +int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned + char *out, int *outl); +int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n); + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define EVP_CIPHER_CTX_init(c) EVP_CIPHER_CTX_reset(c) +# define EVP_CIPHER_CTX_cleanup(c) EVP_CIPHER_CTX_reset(c) +# endif +EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void); +int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c); +void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *c); +int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen); +int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad); +int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); +int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key); +int EVP_CIPHER_get_params(EVP_CIPHER *cipher, OSSL_PARAM params[]); +int EVP_CIPHER_CTX_set_params(EVP_CIPHER_CTX *ctx, const OSSL_PARAM params[]); +int EVP_CIPHER_CTX_get_params(EVP_CIPHER_CTX *ctx, OSSL_PARAM params[]); +const OSSL_PARAM *EVP_CIPHER_gettable_params(const EVP_CIPHER *cipher); +const OSSL_PARAM *EVP_CIPHER_settable_ctx_params(const EVP_CIPHER *cipher); +const OSSL_PARAM *EVP_CIPHER_gettable_ctx_params(const EVP_CIPHER *cipher); + +const BIO_METHOD *BIO_f_md(void); +const BIO_METHOD *BIO_f_base64(void); +const BIO_METHOD *BIO_f_cipher(void); +const BIO_METHOD *BIO_f_reliable(void); +__owur int BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k, + const unsigned char *i, int enc); + +const EVP_MD *EVP_md_null(void); +# ifndef OPENSSL_NO_MD2 +const EVP_MD *EVP_md2(void); +# endif +# ifndef OPENSSL_NO_MD4 +const EVP_MD *EVP_md4(void); +# endif +# ifndef OPENSSL_NO_MD5 +const EVP_MD *EVP_md5(void); +const EVP_MD *EVP_md5_sha1(void); +# endif +# ifndef OPENSSL_NO_BLAKE2 +const EVP_MD *EVP_blake2b512(void); +const EVP_MD *EVP_blake2s256(void); +# endif +const EVP_MD *EVP_sha1(void); +const EVP_MD *EVP_sha224(void); +const EVP_MD *EVP_sha256(void); +const EVP_MD *EVP_sha384(void); +const EVP_MD *EVP_sha512(void); +const EVP_MD *EVP_sha512_224(void); +const EVP_MD *EVP_sha512_256(void); +const EVP_MD *EVP_sha3_224(void); +const EVP_MD *EVP_sha3_256(void); +const EVP_MD *EVP_sha3_384(void); +const EVP_MD *EVP_sha3_512(void); +const EVP_MD *EVP_shake128(void); +const EVP_MD *EVP_shake256(void); + +# ifndef OPENSSL_NO_MDC2 +const EVP_MD *EVP_mdc2(void); +# endif +# ifndef OPENSSL_NO_RMD160 +const EVP_MD *EVP_ripemd160(void); +# endif +# ifndef OPENSSL_NO_WHIRLPOOL +const EVP_MD *EVP_whirlpool(void); +# endif +# ifndef OPENSSL_NO_SM3 +const EVP_MD *EVP_sm3(void); +# endif +const EVP_CIPHER *EVP_enc_null(void); /* does nothing :-) */ +# ifndef OPENSSL_NO_DES +const EVP_CIPHER *EVP_des_ecb(void); +const EVP_CIPHER *EVP_des_ede(void); +const EVP_CIPHER *EVP_des_ede3(void); +const EVP_CIPHER *EVP_des_ede_ecb(void); +const EVP_CIPHER *EVP_des_ede3_ecb(void); +const EVP_CIPHER *EVP_des_cfb64(void); +# define EVP_des_cfb EVP_des_cfb64 +const EVP_CIPHER *EVP_des_cfb1(void); +const EVP_CIPHER *EVP_des_cfb8(void); +const EVP_CIPHER *EVP_des_ede_cfb64(void); +# define EVP_des_ede_cfb EVP_des_ede_cfb64 +const EVP_CIPHER *EVP_des_ede3_cfb64(void); +# define EVP_des_ede3_cfb EVP_des_ede3_cfb64 +const EVP_CIPHER *EVP_des_ede3_cfb1(void); +const EVP_CIPHER *EVP_des_ede3_cfb8(void); +const EVP_CIPHER *EVP_des_ofb(void); +const EVP_CIPHER *EVP_des_ede_ofb(void); +const EVP_CIPHER *EVP_des_ede3_ofb(void); +const EVP_CIPHER *EVP_des_cbc(void); +const EVP_CIPHER *EVP_des_ede_cbc(void); +const EVP_CIPHER *EVP_des_ede3_cbc(void); +const EVP_CIPHER *EVP_desx_cbc(void); +const EVP_CIPHER *EVP_des_ede3_wrap(void); +/* + * This should now be supported through the dev_crypto ENGINE. But also, why + * are rc4 and md5 declarations made here inside a "NO_DES" precompiler + * branch? + */ +# endif +# ifndef OPENSSL_NO_RC4 +const EVP_CIPHER *EVP_rc4(void); +const EVP_CIPHER *EVP_rc4_40(void); +# ifndef OPENSSL_NO_MD5 +const EVP_CIPHER *EVP_rc4_hmac_md5(void); +# endif +# endif +# ifndef OPENSSL_NO_IDEA +const EVP_CIPHER *EVP_idea_ecb(void); +const EVP_CIPHER *EVP_idea_cfb64(void); +# define EVP_idea_cfb EVP_idea_cfb64 +const EVP_CIPHER *EVP_idea_ofb(void); +const EVP_CIPHER *EVP_idea_cbc(void); +# endif +# ifndef OPENSSL_NO_RC2 +const EVP_CIPHER *EVP_rc2_ecb(void); +const EVP_CIPHER *EVP_rc2_cbc(void); +const EVP_CIPHER *EVP_rc2_40_cbc(void); +const EVP_CIPHER *EVP_rc2_64_cbc(void); +const EVP_CIPHER *EVP_rc2_cfb64(void); +# define EVP_rc2_cfb EVP_rc2_cfb64 +const EVP_CIPHER *EVP_rc2_ofb(void); +# endif +# ifndef OPENSSL_NO_BF +const EVP_CIPHER *EVP_bf_ecb(void); +const EVP_CIPHER *EVP_bf_cbc(void); +const EVP_CIPHER *EVP_bf_cfb64(void); +# define EVP_bf_cfb EVP_bf_cfb64 +const EVP_CIPHER *EVP_bf_ofb(void); +# endif +# ifndef OPENSSL_NO_CAST +const EVP_CIPHER *EVP_cast5_ecb(void); +const EVP_CIPHER *EVP_cast5_cbc(void); +const EVP_CIPHER *EVP_cast5_cfb64(void); +# define EVP_cast5_cfb EVP_cast5_cfb64 +const EVP_CIPHER *EVP_cast5_ofb(void); +# endif +# ifndef OPENSSL_NO_RC5 +const EVP_CIPHER *EVP_rc5_32_12_16_cbc(void); +const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void); +const EVP_CIPHER *EVP_rc5_32_12_16_cfb64(void); +# define EVP_rc5_32_12_16_cfb EVP_rc5_32_12_16_cfb64 +const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void); +# endif +const EVP_CIPHER *EVP_aes_128_ecb(void); +const EVP_CIPHER *EVP_aes_128_cbc(void); +const EVP_CIPHER *EVP_aes_128_cfb1(void); +const EVP_CIPHER *EVP_aes_128_cfb8(void); +const EVP_CIPHER *EVP_aes_128_cfb128(void); +# define EVP_aes_128_cfb EVP_aes_128_cfb128 +const EVP_CIPHER *EVP_aes_128_ofb(void); +const EVP_CIPHER *EVP_aes_128_ctr(void); +const EVP_CIPHER *EVP_aes_128_ccm(void); +const EVP_CIPHER *EVP_aes_128_gcm(void); +const EVP_CIPHER *EVP_aes_128_xts(void); +const EVP_CIPHER *EVP_aes_128_wrap(void); +const EVP_CIPHER *EVP_aes_128_wrap_pad(void); +# ifndef OPENSSL_NO_OCB +const EVP_CIPHER *EVP_aes_128_ocb(void); +# endif +const EVP_CIPHER *EVP_aes_192_ecb(void); +const EVP_CIPHER *EVP_aes_192_cbc(void); +const EVP_CIPHER *EVP_aes_192_cfb1(void); +const EVP_CIPHER *EVP_aes_192_cfb8(void); +const EVP_CIPHER *EVP_aes_192_cfb128(void); +# define EVP_aes_192_cfb EVP_aes_192_cfb128 +const EVP_CIPHER *EVP_aes_192_ofb(void); +const EVP_CIPHER *EVP_aes_192_ctr(void); +const EVP_CIPHER *EVP_aes_192_ccm(void); +const EVP_CIPHER *EVP_aes_192_gcm(void); +const EVP_CIPHER *EVP_aes_192_wrap(void); +const EVP_CIPHER *EVP_aes_192_wrap_pad(void); +# ifndef OPENSSL_NO_OCB +const EVP_CIPHER *EVP_aes_192_ocb(void); +# endif +const EVP_CIPHER *EVP_aes_256_ecb(void); +const EVP_CIPHER *EVP_aes_256_cbc(void); +const EVP_CIPHER *EVP_aes_256_cfb1(void); +const EVP_CIPHER *EVP_aes_256_cfb8(void); +const EVP_CIPHER *EVP_aes_256_cfb128(void); +# define EVP_aes_256_cfb EVP_aes_256_cfb128 +const EVP_CIPHER *EVP_aes_256_ofb(void); +const EVP_CIPHER *EVP_aes_256_ctr(void); +const EVP_CIPHER *EVP_aes_256_ccm(void); +const EVP_CIPHER *EVP_aes_256_gcm(void); +const EVP_CIPHER *EVP_aes_256_xts(void); +const EVP_CIPHER *EVP_aes_256_wrap(void); +const EVP_CIPHER *EVP_aes_256_wrap_pad(void); +# ifndef OPENSSL_NO_OCB +const EVP_CIPHER *EVP_aes_256_ocb(void); +# endif +const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void); +const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void); +const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha256(void); +const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void); +# ifndef OPENSSL_NO_SIV +const EVP_CIPHER *EVP_aes_128_siv(void); +const EVP_CIPHER *EVP_aes_192_siv(void); +const EVP_CIPHER *EVP_aes_256_siv(void); +# endif +# ifndef OPENSSL_NO_ARIA +const EVP_CIPHER *EVP_aria_128_ecb(void); +const EVP_CIPHER *EVP_aria_128_cbc(void); +const EVP_CIPHER *EVP_aria_128_cfb1(void); +const EVP_CIPHER *EVP_aria_128_cfb8(void); +const EVP_CIPHER *EVP_aria_128_cfb128(void); +# define EVP_aria_128_cfb EVP_aria_128_cfb128 +const EVP_CIPHER *EVP_aria_128_ctr(void); +const EVP_CIPHER *EVP_aria_128_ofb(void); +const EVP_CIPHER *EVP_aria_128_gcm(void); +const EVP_CIPHER *EVP_aria_128_ccm(void); +const EVP_CIPHER *EVP_aria_192_ecb(void); +const EVP_CIPHER *EVP_aria_192_cbc(void); +const EVP_CIPHER *EVP_aria_192_cfb1(void); +const EVP_CIPHER *EVP_aria_192_cfb8(void); +const EVP_CIPHER *EVP_aria_192_cfb128(void); +# define EVP_aria_192_cfb EVP_aria_192_cfb128 +const EVP_CIPHER *EVP_aria_192_ctr(void); +const EVP_CIPHER *EVP_aria_192_ofb(void); +const EVP_CIPHER *EVP_aria_192_gcm(void); +const EVP_CIPHER *EVP_aria_192_ccm(void); +const EVP_CIPHER *EVP_aria_256_ecb(void); +const EVP_CIPHER *EVP_aria_256_cbc(void); +const EVP_CIPHER *EVP_aria_256_cfb1(void); +const EVP_CIPHER *EVP_aria_256_cfb8(void); +const EVP_CIPHER *EVP_aria_256_cfb128(void); +# define EVP_aria_256_cfb EVP_aria_256_cfb128 +const EVP_CIPHER *EVP_aria_256_ctr(void); +const EVP_CIPHER *EVP_aria_256_ofb(void); +const EVP_CIPHER *EVP_aria_256_gcm(void); +const EVP_CIPHER *EVP_aria_256_ccm(void); +# endif +# ifndef OPENSSL_NO_CAMELLIA +const EVP_CIPHER *EVP_camellia_128_ecb(void); +const EVP_CIPHER *EVP_camellia_128_cbc(void); +const EVP_CIPHER *EVP_camellia_128_cfb1(void); +const EVP_CIPHER *EVP_camellia_128_cfb8(void); +const EVP_CIPHER *EVP_camellia_128_cfb128(void); +# define EVP_camellia_128_cfb EVP_camellia_128_cfb128 +const EVP_CIPHER *EVP_camellia_128_ofb(void); +const EVP_CIPHER *EVP_camellia_128_ctr(void); +const EVP_CIPHER *EVP_camellia_192_ecb(void); +const EVP_CIPHER *EVP_camellia_192_cbc(void); +const EVP_CIPHER *EVP_camellia_192_cfb1(void); +const EVP_CIPHER *EVP_camellia_192_cfb8(void); +const EVP_CIPHER *EVP_camellia_192_cfb128(void); +# define EVP_camellia_192_cfb EVP_camellia_192_cfb128 +const EVP_CIPHER *EVP_camellia_192_ofb(void); +const EVP_CIPHER *EVP_camellia_192_ctr(void); +const EVP_CIPHER *EVP_camellia_256_ecb(void); +const EVP_CIPHER *EVP_camellia_256_cbc(void); +const EVP_CIPHER *EVP_camellia_256_cfb1(void); +const EVP_CIPHER *EVP_camellia_256_cfb8(void); +const EVP_CIPHER *EVP_camellia_256_cfb128(void); +# define EVP_camellia_256_cfb EVP_camellia_256_cfb128 +const EVP_CIPHER *EVP_camellia_256_ofb(void); +const EVP_CIPHER *EVP_camellia_256_ctr(void); +# endif +# ifndef OPENSSL_NO_CHACHA +const EVP_CIPHER *EVP_chacha20(void); +# ifndef OPENSSL_NO_POLY1305 +const EVP_CIPHER *EVP_chacha20_poly1305(void); +# endif +# endif + +# ifndef OPENSSL_NO_SEED +const EVP_CIPHER *EVP_seed_ecb(void); +const EVP_CIPHER *EVP_seed_cbc(void); +const EVP_CIPHER *EVP_seed_cfb128(void); +# define EVP_seed_cfb EVP_seed_cfb128 +const EVP_CIPHER *EVP_seed_ofb(void); +# endif + +# ifndef OPENSSL_NO_SM4 +const EVP_CIPHER *EVP_sm4_ecb(void); +const EVP_CIPHER *EVP_sm4_cbc(void); +const EVP_CIPHER *EVP_sm4_cfb128(void); +# define EVP_sm4_cfb EVP_sm4_cfb128 +const EVP_CIPHER *EVP_sm4_ofb(void); +const EVP_CIPHER *EVP_sm4_ctr(void); +# endif + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define OPENSSL_add_all_algorithms_conf() \ + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \ + | OPENSSL_INIT_ADD_ALL_DIGESTS \ + | OPENSSL_INIT_LOAD_CONFIG, NULL) +# define OPENSSL_add_all_algorithms_noconf() \ + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \ + | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL) + +# ifdef OPENSSL_LOAD_CONF +# define OpenSSL_add_all_algorithms() OPENSSL_add_all_algorithms_conf() +# else +# define OpenSSL_add_all_algorithms() OPENSSL_add_all_algorithms_noconf() +# endif + +# define OpenSSL_add_all_ciphers() \ + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS, NULL) +# define OpenSSL_add_all_digests() \ + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS, NULL) + +# define EVP_cleanup() while(0) continue +# endif + +int EVP_add_cipher(const EVP_CIPHER *cipher); +int EVP_add_digest(const EVP_MD *digest); + +const EVP_CIPHER *EVP_get_cipherbyname(const char *name); +const EVP_MD *EVP_get_digestbyname(const char *name); + +void EVP_CIPHER_do_all(void (*fn) (const EVP_CIPHER *ciph, + const char *from, const char *to, void *x), + void *arg); +void EVP_CIPHER_do_all_sorted(void (*fn) + (const EVP_CIPHER *ciph, const char *from, + const char *to, void *x), void *arg); +void EVP_CIPHER_do_all_provided(OPENSSL_CTX *libctx, + void (*fn)(EVP_CIPHER *cipher, void *arg), + void *arg); + +void EVP_MD_do_all(void (*fn) (const EVP_MD *ciph, + const char *from, const char *to, void *x), + void *arg); +void EVP_MD_do_all_sorted(void (*fn) + (const EVP_MD *ciph, const char *from, + const char *to, void *x), void *arg); +void EVP_MD_do_all_provided(OPENSSL_CTX *libctx, + void (*fn)(EVP_MD *md, void *arg), + void *arg); + +/* MAC stuff */ + +EVP_MAC *EVP_MAC_fetch(OPENSSL_CTX *libctx, const char *algorithm, + const char *properties); +int EVP_MAC_up_ref(EVP_MAC *mac); +void EVP_MAC_free(EVP_MAC *mac); +int EVP_MAC_number(const EVP_MAC *mac); +int EVP_MAC_is_a(const EVP_MAC *mac, const char *name); +const OSSL_PROVIDER *EVP_MAC_provider(const EVP_MAC *mac); +int EVP_MAC_get_params(EVP_MAC *mac, OSSL_PARAM params[]); + +EVP_MAC_CTX *EVP_MAC_CTX_new(EVP_MAC *mac); +void EVP_MAC_CTX_free(EVP_MAC_CTX *ctx); +EVP_MAC_CTX *EVP_MAC_CTX_dup(const EVP_MAC_CTX *src); +EVP_MAC *EVP_MAC_CTX_mac(EVP_MAC_CTX *ctx); +int EVP_MAC_CTX_get_params(EVP_MAC_CTX *ctx, OSSL_PARAM params[]); +int EVP_MAC_CTX_set_params(EVP_MAC_CTX *ctx, const OSSL_PARAM params[]); + +size_t EVP_MAC_size(EVP_MAC_CTX *ctx); +int EVP_MAC_init(EVP_MAC_CTX *ctx); +int EVP_MAC_update(EVP_MAC_CTX *ctx, const unsigned char *data, size_t datalen); +int EVP_MAC_final(EVP_MAC_CTX *ctx, + unsigned char *out, size_t *outl, size_t outsize); +const OSSL_PARAM *EVP_MAC_gettable_params(const EVP_MAC *mac); +const OSSL_PARAM *EVP_MAC_gettable_ctx_params(const EVP_MAC *mac); +const OSSL_PARAM *EVP_MAC_settable_ctx_params(const EVP_MAC *mac); + +void EVP_MAC_do_all_provided(OPENSSL_CTX *libctx, + void (*fn)(EVP_MAC *mac, void *arg), + void *arg); +void EVP_MAC_names_do_all(const EVP_MAC *mac, + void (*fn)(const char *name, void *data), + void *data); + +/* PKEY stuff */ +DEPRECATEDIN_3_0(int EVP_PKEY_decrypt_old(unsigned char *dec_key, + const unsigned char *enc_key, + int enc_key_len, + EVP_PKEY *private_key)) +DEPRECATEDIN_3_0(int EVP_PKEY_encrypt_old(unsigned char *enc_key, + const unsigned char *key, + int key_len, EVP_PKEY *pub_key)) +int EVP_PKEY_type(int type); +int EVP_PKEY_id(const EVP_PKEY *pkey); +int EVP_PKEY_base_id(const EVP_PKEY *pkey); +int EVP_PKEY_bits(const EVP_PKEY *pkey); +int EVP_PKEY_security_bits(const EVP_PKEY *pkey); +int EVP_PKEY_size(const EVP_PKEY *pkey); +int EVP_PKEY_set_type(EVP_PKEY *pkey, int type); +int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len); +int EVP_PKEY_set_alias_type(EVP_PKEY *pkey, int type); +# ifndef OPENSSL_NO_ENGINE +int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *e); +ENGINE *EVP_PKEY_get0_engine(const EVP_PKEY *pkey); +# endif +int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key); +void *EVP_PKEY_get0(const EVP_PKEY *pkey); +const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len); +# ifndef OPENSSL_NO_POLY1305 +const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len); +# endif +# ifndef OPENSSL_NO_SIPHASH +const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len); +# endif + +# ifndef OPENSSL_NO_RSA +struct rsa_st; +int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, struct rsa_st *key); +struct rsa_st *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey); +struct rsa_st *EVP_PKEY_get1_RSA(EVP_PKEY *pkey); +# endif +# ifndef OPENSSL_NO_DSA +struct dsa_st; +int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, struct dsa_st *key); +struct dsa_st *EVP_PKEY_get0_DSA(const EVP_PKEY *pkey); +struct dsa_st *EVP_PKEY_get1_DSA(EVP_PKEY *pkey); +# endif +# ifndef OPENSSL_NO_DH +struct dh_st; +int EVP_PKEY_set1_DH(EVP_PKEY *pkey, struct dh_st *key); +struct dh_st *EVP_PKEY_get0_DH(const EVP_PKEY *pkey); +struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey); +# endif +# ifndef OPENSSL_NO_EC +struct ec_key_st; +int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, struct ec_key_st *key); +struct ec_key_st *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey); +struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey); +# endif + +EVP_PKEY *EVP_PKEY_new(void); +int EVP_PKEY_up_ref(EVP_PKEY *pkey); +void EVP_PKEY_free(EVP_PKEY *pkey); + +EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, + long length); +int i2d_PublicKey(const EVP_PKEY *a, unsigned char **pp); + +EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, + long length); +EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, + long length); +int i2d_PrivateKey(const EVP_PKEY *a, unsigned char **pp); + +int i2d_KeyParams(const EVP_PKEY *a, unsigned char **pp); +EVP_PKEY *d2i_KeyParams(int type, EVP_PKEY **a, const unsigned char **pp, + long length); +int i2d_KeyParams_bio(BIO *bp, const EVP_PKEY *pkey); +EVP_PKEY *d2i_KeyParams_bio(int type, EVP_PKEY **a, BIO *in); + +int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from); +int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey); +int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode); +int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b); + +int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b); + +int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey, + int indent, ASN1_PCTX *pctx); +int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey, + int indent, ASN1_PCTX *pctx); +int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey, + int indent, ASN1_PCTX *pctx); + +int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid); +int EVP_PKEY_get_default_digest_name(EVP_PKEY *pkey, + char *mdname, size_t mdname_sz); +int EVP_PKEY_supports_digest_nid(EVP_PKEY *pkey, int nid); + +int EVP_PKEY_set1_tls_encodedpoint(EVP_PKEY *pkey, + const unsigned char *pt, size_t ptlen); +size_t EVP_PKEY_get1_tls_encodedpoint(EVP_PKEY *pkey, unsigned char **ppt); + +int EVP_CIPHER_type(const EVP_CIPHER *ctx); + +/* calls methods */ +int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type); +int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type); + +/* These are used by EVP_CIPHER methods */ +int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type); +int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type); + +/* PKCS5 password based encryption */ +int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + ASN1_TYPE *param, const EVP_CIPHER *cipher, + const EVP_MD *md, int en_de); +int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, + const unsigned char *salt, int saltlen, int iter, + int keylen, unsigned char *out); +int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, + const unsigned char *salt, int saltlen, int iter, + const EVP_MD *digest, int keylen, unsigned char *out); +int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + ASN1_TYPE *param, const EVP_CIPHER *cipher, + const EVP_MD *md, int en_de); + +#ifndef OPENSSL_NO_SCRYPT +int EVP_PBE_scrypt(const char *pass, size_t passlen, + const unsigned char *salt, size_t saltlen, + uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem, + unsigned char *key, size_t keylen); + +int PKCS5_v2_scrypt_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, + int passlen, ASN1_TYPE *param, + const EVP_CIPHER *c, const EVP_MD *md, int en_de); +#endif + +void PKCS5_PBE_add(void); + +int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, + ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de); + +/* PBE type */ + +/* Can appear as the outermost AlgorithmIdentifier */ +# define EVP_PBE_TYPE_OUTER 0x0 +/* Is an PRF type OID */ +# define EVP_PBE_TYPE_PRF 0x1 +/* Is a PKCS#5 v2.0 KDF */ +# define EVP_PBE_TYPE_KDF 0x2 + +int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid, + int md_nid, EVP_PBE_KEYGEN *keygen); +int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md, + EVP_PBE_KEYGEN *keygen); +int EVP_PBE_find(int type, int pbe_nid, int *pcnid, int *pmnid, + EVP_PBE_KEYGEN **pkeygen); +void EVP_PBE_cleanup(void); +int EVP_PBE_get(int *ptype, int *ppbe_nid, size_t num); + +# define ASN1_PKEY_ALIAS 0x1 +# define ASN1_PKEY_DYNAMIC 0x2 +# define ASN1_PKEY_SIGPARAM_NULL 0x4 + +# define ASN1_PKEY_CTRL_PKCS7_SIGN 0x1 +# define ASN1_PKEY_CTRL_PKCS7_ENCRYPT 0x2 +# define ASN1_PKEY_CTRL_DEFAULT_MD_NID 0x3 +# define ASN1_PKEY_CTRL_CMS_SIGN 0x5 +# define ASN1_PKEY_CTRL_CMS_ENVELOPE 0x7 +# define ASN1_PKEY_CTRL_CMS_RI_TYPE 0x8 + +# define ASN1_PKEY_CTRL_SET1_TLS_ENCPT 0x9 +# define ASN1_PKEY_CTRL_GET1_TLS_ENCPT 0xa +# define ASN1_PKEY_CTRL_SUPPORTS_MD_NID 0xb + +int EVP_PKEY_asn1_get_count(void); +const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx); +const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type); +const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe, + const char *str, int len); +int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth); +int EVP_PKEY_asn1_add_alias(int to, int from); +int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *pkey_base_id, + int *ppkey_flags, const char **pinfo, + const char **ppem_str, + const EVP_PKEY_ASN1_METHOD *ameth); + +const EVP_PKEY_ASN1_METHOD *EVP_PKEY_get0_asn1(const EVP_PKEY *pkey); +EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags, + const char *pem_str, + const char *info); +void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst, + const EVP_PKEY_ASN1_METHOD *src); +void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth); +void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth, + int (*pub_decode) (EVP_PKEY *pk, + X509_PUBKEY *pub), + int (*pub_encode) (X509_PUBKEY *pub, + const EVP_PKEY *pk), + int (*pub_cmp) (const EVP_PKEY *a, + const EVP_PKEY *b), + int (*pub_print) (BIO *out, + const EVP_PKEY *pkey, + int indent, ASN1_PCTX *pctx), + int (*pkey_size) (const EVP_PKEY *pk), + int (*pkey_bits) (const EVP_PKEY *pk)); +void EVP_PKEY_asn1_set_private(EVP_PKEY_ASN1_METHOD *ameth, + int (*priv_decode) (EVP_PKEY *pk, + const PKCS8_PRIV_KEY_INFO + *p8inf), + int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8, + const EVP_PKEY *pk), + int (*priv_print) (BIO *out, + const EVP_PKEY *pkey, + int indent, + ASN1_PCTX *pctx)); +void EVP_PKEY_asn1_set_param(EVP_PKEY_ASN1_METHOD *ameth, + int (*param_decode) (EVP_PKEY *pkey, + const unsigned char **pder, + int derlen), + int (*param_encode) (const EVP_PKEY *pkey, + unsigned char **pder), + int (*param_missing) (const EVP_PKEY *pk), + int (*param_copy) (EVP_PKEY *to, + const EVP_PKEY *from), + int (*param_cmp) (const EVP_PKEY *a, + const EVP_PKEY *b), + int (*param_print) (BIO *out, + const EVP_PKEY *pkey, + int indent, + ASN1_PCTX *pctx)); + +void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth, + void (*pkey_free) (EVP_PKEY *pkey)); +void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_ctrl) (EVP_PKEY *pkey, int op, + long arg1, void *arg2)); +void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth, + int (*item_verify) (EVP_MD_CTX *ctx, + const ASN1_ITEM *it, + void *asn, + X509_ALGOR *a, + ASN1_BIT_STRING *sig, + EVP_PKEY *pkey), + int (*item_sign) (EVP_MD_CTX *ctx, + const ASN1_ITEM *it, + void *asn, + X509_ALGOR *alg1, + X509_ALGOR *alg2, + ASN1_BIT_STRING *sig)); + +void EVP_PKEY_asn1_set_siginf(EVP_PKEY_ASN1_METHOD *ameth, + int (*siginf_set) (X509_SIG_INFO *siginf, + const X509_ALGOR *alg, + const ASN1_STRING *sig)); + +void EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_check) (const EVP_PKEY *pk)); + +void EVP_PKEY_asn1_set_public_check(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_pub_check) (const EVP_PKEY *pk)); + +void EVP_PKEY_asn1_set_param_check(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_param_check) (const EVP_PKEY *pk)); + +void EVP_PKEY_asn1_set_set_priv_key(EVP_PKEY_ASN1_METHOD *ameth, + int (*set_priv_key) (EVP_PKEY *pk, + const unsigned char + *priv, + size_t len)); +void EVP_PKEY_asn1_set_set_pub_key(EVP_PKEY_ASN1_METHOD *ameth, + int (*set_pub_key) (EVP_PKEY *pk, + const unsigned char *pub, + size_t len)); +void EVP_PKEY_asn1_set_get_priv_key(EVP_PKEY_ASN1_METHOD *ameth, + int (*get_priv_key) (const EVP_PKEY *pk, + unsigned char *priv, + size_t *len)); +void EVP_PKEY_asn1_set_get_pub_key(EVP_PKEY_ASN1_METHOD *ameth, + int (*get_pub_key) (const EVP_PKEY *pk, + unsigned char *pub, + size_t *len)); + +void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_security_bits) (const EVP_PKEY + *pk)); + +int EVP_PKEY_CTX_get_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD **md); +int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); + +# define EVP_PKEY_OP_UNDEFINED 0 +# define EVP_PKEY_OP_PARAMGEN (1<<1) +# define EVP_PKEY_OP_KEYGEN (1<<2) +# define EVP_PKEY_OP_PARAMFROMDATA (1<<3) +# define EVP_PKEY_OP_KEYFROMDATA (1<<4) +# define EVP_PKEY_OP_SIGN (1<<5) +# define EVP_PKEY_OP_VERIFY (1<<6) +# define EVP_PKEY_OP_VERIFYRECOVER (1<<7) +# define EVP_PKEY_OP_SIGNCTX (1<<8) +# define EVP_PKEY_OP_VERIFYCTX (1<<9) +# define EVP_PKEY_OP_ENCRYPT (1<<10) +# define EVP_PKEY_OP_DECRYPT (1<<11) +# define EVP_PKEY_OP_DERIVE (1<<12) + +# define EVP_PKEY_OP_TYPE_SIG \ + (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY | EVP_PKEY_OP_VERIFYRECOVER \ + | EVP_PKEY_OP_SIGNCTX | EVP_PKEY_OP_VERIFYCTX) + +# define EVP_PKEY_OP_TYPE_CRYPT \ + (EVP_PKEY_OP_ENCRYPT | EVP_PKEY_OP_DECRYPT) + +# define EVP_PKEY_OP_TYPE_NOGEN \ + (EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT | EVP_PKEY_OP_DERIVE) + +# define EVP_PKEY_OP_TYPE_GEN \ + (EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN) + +# define EVP_PKEY_OP_TYPE_FROMDATA \ + (EVP_PKEY_OP_PARAMFROMDATA | EVP_PKEY_OP_KEYFROMDATA) + +# define EVP_PKEY_CTX_set_mac_key(ctx, key, len) \ + EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_SET_MAC_KEY, len, (void *)(key)) + +# define EVP_PKEY_CTRL_MD 1 +# define EVP_PKEY_CTRL_PEER_KEY 2 + +# define EVP_PKEY_CTRL_PKCS7_ENCRYPT 3 +# define EVP_PKEY_CTRL_PKCS7_DECRYPT 4 + +# define EVP_PKEY_CTRL_PKCS7_SIGN 5 + +# define EVP_PKEY_CTRL_SET_MAC_KEY 6 + +# define EVP_PKEY_CTRL_DIGESTINIT 7 + +/* Used by GOST key encryption in TLS */ +# define EVP_PKEY_CTRL_SET_IV 8 + +# define EVP_PKEY_CTRL_CMS_ENCRYPT 9 +# define EVP_PKEY_CTRL_CMS_DECRYPT 10 +# define EVP_PKEY_CTRL_CMS_SIGN 11 + +# define EVP_PKEY_CTRL_CIPHER 12 + +# define EVP_PKEY_CTRL_GET_MD 13 + +# define EVP_PKEY_CTRL_SET_DIGEST_SIZE 14 + +# define EVP_PKEY_ALG_CTRL 0x1000 + +# define EVP_PKEY_FLAG_AUTOARGLEN 2 +/* + * Method handles all operations: don't assume any digest related defaults. + */ +# define EVP_PKEY_FLAG_SIGCTX_CUSTOM 4 + +const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type); +EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags); +void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags, + const EVP_PKEY_METHOD *meth); +void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src); +void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth); +int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth); +int EVP_PKEY_meth_remove(const EVP_PKEY_METHOD *pmeth); +size_t EVP_PKEY_meth_get_count(void); +const EVP_PKEY_METHOD *EVP_PKEY_meth_get0(size_t idx); + +EVP_KEYMGMT *EVP_KEYMGMT_fetch(OPENSSL_CTX *ctx, const char *algorithm, + const char *properties); +int EVP_KEYMGMT_up_ref(EVP_KEYMGMT *keymgmt); +void EVP_KEYMGMT_free(EVP_KEYMGMT *keymgmt); +const OSSL_PROVIDER *EVP_KEYMGMT_provider(const EVP_KEYMGMT *keymgmt); +int EVP_KEYMGMT_number(const EVP_KEYMGMT *keymgmt); +int EVP_KEYMGMT_is_a(const EVP_KEYMGMT *keymgmt, const char *name); +void EVP_KEYMGMT_do_all_provided(OPENSSL_CTX *libctx, + void (*fn)(EVP_KEYMGMT *keymgmt, void *arg), + void *arg); +void EVP_KEYMGMT_names_do_all(const EVP_KEYMGMT *keymgmt, + void (*fn)(const char *name, void *data), + void *data); + +EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e); +EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e); +EVP_PKEY_CTX *EVP_PKEY_CTX_new_from_name(OPENSSL_CTX *libctx, + const char *name, + const char *propquery); +EVP_PKEY_CTX *EVP_PKEY_CTX_new_from_pkey(OPENSSL_CTX *libctx, + EVP_PKEY *pkey, const char *propquery); +EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *ctx); +void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx); + +int EVP_PKEY_CTX_get_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params); +const OSSL_PARAM *EVP_PKEY_CTX_gettable_params(EVP_PKEY_CTX *ctx); +int EVP_PKEY_CTX_set_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params); +const OSSL_PARAM *EVP_PKEY_CTX_settable_params(EVP_PKEY_CTX *ctx); +int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, + int cmd, int p1, void *p2); +int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, + const char *value); +int EVP_PKEY_CTX_ctrl_uint64(EVP_PKEY_CTX *ctx, int keytype, int optype, + int cmd, uint64_t value); + +int EVP_PKEY_CTX_str2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *str); +int EVP_PKEY_CTX_hex2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *hex); + +int EVP_PKEY_CTX_md(EVP_PKEY_CTX *ctx, int optype, int cmd, const char *md); + +int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx); +void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen); + +EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, + const unsigned char *key, int keylen); +EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *e, + const unsigned char *priv, + size_t len); +EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *e, + const unsigned char *pub, + size_t len); +int EVP_PKEY_get_raw_private_key(const EVP_PKEY *pkey, unsigned char *priv, + size_t *len); +int EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey, unsigned char *pub, + size_t *len); + +EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv, + size_t len, const EVP_CIPHER *cipher); + +void EVP_PKEY_CTX_set_data(EVP_PKEY_CTX *ctx, void *data); +void *EVP_PKEY_CTX_get_data(const EVP_PKEY_CTX *ctx); +EVP_PKEY *EVP_PKEY_CTX_get0_pkey(EVP_PKEY_CTX *ctx); + +EVP_PKEY *EVP_PKEY_CTX_get0_peerkey(EVP_PKEY_CTX *ctx); + +void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data); +void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx); + +void EVP_SIGNATURE_free(EVP_SIGNATURE *signature); +int EVP_SIGNATURE_up_ref(EVP_SIGNATURE *signature); +OSSL_PROVIDER *EVP_SIGNATURE_provider(const EVP_SIGNATURE *signature); +EVP_SIGNATURE *EVP_SIGNATURE_fetch(OPENSSL_CTX *ctx, const char *algorithm, + const char *properties); +int EVP_SIGNATURE_is_a(const EVP_SIGNATURE *signature, const char *name); +int EVP_SIGNATURE_number(const EVP_SIGNATURE *signature); +void EVP_SIGNATURE_do_all_provided(OPENSSL_CTX *libctx, + void (*fn)(EVP_SIGNATURE *signature, + void *data), + void *data); +void EVP_SIGNATURE_names_do_all(const EVP_SIGNATURE *signature, + void (*fn)(const char *name, void *data), + void *data); + +void EVP_ASYM_CIPHER_free(EVP_ASYM_CIPHER *cipher); +int EVP_ASYM_CIPHER_up_ref(EVP_ASYM_CIPHER *cipher); +OSSL_PROVIDER *EVP_ASYM_CIPHER_provider(const EVP_ASYM_CIPHER *cipher); +EVP_ASYM_CIPHER *EVP_ASYM_CIPHER_fetch(OPENSSL_CTX *ctx, const char *algorithm, + const char *properties); +int EVP_ASYM_CIPHER_is_a(const EVP_ASYM_CIPHER *cipher, const char *name); +int EVP_ASYM_CIPHER_number(const EVP_ASYM_CIPHER *cipher); +void EVP_ASYM_CIPHER_do_all_provided(OPENSSL_CTX *libctx, + void (*fn)(EVP_ASYM_CIPHER *cipher, + void *arg), + void *arg); +void EVP_ASYM_CIPHER_names_do_all(const EVP_ASYM_CIPHER *cipher, + void (*fn)(const char *name, void *data), + void *data); + +int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_sign(EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen); +int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_verify(EVP_PKEY_CTX *ctx, + const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen); +int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx, + unsigned char *rout, size_t *routlen, + const unsigned char *sig, size_t siglen); +int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx, + unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen); +int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, + unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen); + +int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer); +int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); + +typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx); + +int EVP_PKEY_param_fromdata_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_key_fromdata_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_fromdata(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey, OSSL_PARAM param[]); +const OSSL_PARAM *EVP_PKEY_param_fromdata_settable(EVP_PKEY_CTX *ctx); +const OSSL_PARAM *EVP_PKEY_key_fromdata_settable(EVP_PKEY_CTX *ctx); +int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); +int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); +int EVP_PKEY_check(EVP_PKEY_CTX *ctx); +int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx); +int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx); +int EVP_PKEY_private_check(EVP_PKEY_CTX *ctx); +int EVP_PKEY_pairwise_check(EVP_PKEY_CTX *ctx); + +void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb); +EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx); + +int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx); + +void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth, + int (*init) (EVP_PKEY_CTX *ctx)); + +void EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD *pmeth, + int (*copy) (EVP_PKEY_CTX *dst, + const EVP_PKEY_CTX *src)); + +void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD *pmeth, + void (*cleanup) (EVP_PKEY_CTX *ctx)); + +void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD *pmeth, + int (*paramgen_init) (EVP_PKEY_CTX *ctx), + int (*paramgen) (EVP_PKEY_CTX *ctx, + EVP_PKEY *pkey)); + +void EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD *pmeth, + int (*keygen_init) (EVP_PKEY_CTX *ctx), + int (*keygen) (EVP_PKEY_CTX *ctx, + EVP_PKEY *pkey)); + +void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth, + int (*sign_init) (EVP_PKEY_CTX *ctx), + int (*sign) (EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD *pmeth, + int (*verify_init) (EVP_PKEY_CTX *ctx), + int (*verify) (EVP_PKEY_CTX *ctx, + const unsigned char *sig, + size_t siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD *pmeth, + int (*verify_recover_init) (EVP_PKEY_CTX + *ctx), + int (*verify_recover) (EVP_PKEY_CTX + *ctx, + unsigned char + *sig, + size_t *siglen, + const unsigned + char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD *pmeth, + int (*signctx_init) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (*signctx) (EVP_PKEY_CTX *ctx, + unsigned char *sig, + size_t *siglen, + EVP_MD_CTX *mctx)); + +void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD *pmeth, + int (*verifyctx_init) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (*verifyctx) (EVP_PKEY_CTX *ctx, + const unsigned char *sig, + int siglen, + EVP_MD_CTX *mctx)); + +void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *pmeth, + int (*encrypt_init) (EVP_PKEY_CTX *ctx), + int (*encryptfn) (EVP_PKEY_CTX *ctx, + unsigned char *out, + size_t *outlen, + const unsigned char *in, + size_t inlen)); + +void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *pmeth, + int (*decrypt_init) (EVP_PKEY_CTX *ctx), + int (*decrypt) (EVP_PKEY_CTX *ctx, + unsigned char *out, + size_t *outlen, + const unsigned char *in, + size_t inlen)); + +void EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD *pmeth, + int (*derive_init) (EVP_PKEY_CTX *ctx), + int (*derive) (EVP_PKEY_CTX *ctx, + unsigned char *key, + size_t *keylen)); + +void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, + int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, + void *p2), + int (*ctrl_str) (EVP_PKEY_CTX *ctx, + const char *type, + const char *value)); + +void EVP_PKEY_meth_set_digestsign(EVP_PKEY_METHOD *pmeth, + int (*digestsign) (EVP_MD_CTX *ctx, + unsigned char *sig, + size_t *siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_set_digestverify(EVP_PKEY_METHOD *pmeth, + int (*digestverify) (EVP_MD_CTX *ctx, + const unsigned char *sig, + size_t siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth, + int (*check) (EVP_PKEY *pkey)); + +void EVP_PKEY_meth_set_public_check(EVP_PKEY_METHOD *pmeth, + int (*check) (EVP_PKEY *pkey)); + +void EVP_PKEY_meth_set_param_check(EVP_PKEY_METHOD *pmeth, + int (*check) (EVP_PKEY *pkey)); + +void EVP_PKEY_meth_set_digest_custom(EVP_PKEY_METHOD *pmeth, + int (*digest_custom) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx)); + +void EVP_PKEY_meth_get_init(const EVP_PKEY_METHOD *pmeth, + int (**pinit) (EVP_PKEY_CTX *ctx)); + +void EVP_PKEY_meth_get_copy(const EVP_PKEY_METHOD *pmeth, + int (**pcopy) (EVP_PKEY_CTX *dst, + const EVP_PKEY_CTX *src)); + +void EVP_PKEY_meth_get_cleanup(const EVP_PKEY_METHOD *pmeth, + void (**pcleanup) (EVP_PKEY_CTX *ctx)); + +void EVP_PKEY_meth_get_paramgen(const EVP_PKEY_METHOD *pmeth, + int (**pparamgen_init) (EVP_PKEY_CTX *ctx), + int (**pparamgen) (EVP_PKEY_CTX *ctx, + EVP_PKEY *pkey)); + +void EVP_PKEY_meth_get_keygen(const EVP_PKEY_METHOD *pmeth, + int (**pkeygen_init) (EVP_PKEY_CTX *ctx), + int (**pkeygen) (EVP_PKEY_CTX *ctx, + EVP_PKEY *pkey)); + +void EVP_PKEY_meth_get_sign(const EVP_PKEY_METHOD *pmeth, + int (**psign_init) (EVP_PKEY_CTX *ctx), + int (**psign) (EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_get_verify(const EVP_PKEY_METHOD *pmeth, + int (**pverify_init) (EVP_PKEY_CTX *ctx), + int (**pverify) (EVP_PKEY_CTX *ctx, + const unsigned char *sig, + size_t siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_get_verify_recover(const EVP_PKEY_METHOD *pmeth, + int (**pverify_recover_init) (EVP_PKEY_CTX + *ctx), + int (**pverify_recover) (EVP_PKEY_CTX + *ctx, + unsigned char + *sig, + size_t *siglen, + const unsigned + char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_get_signctx(const EVP_PKEY_METHOD *pmeth, + int (**psignctx_init) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (**psignctx) (EVP_PKEY_CTX *ctx, + unsigned char *sig, + size_t *siglen, + EVP_MD_CTX *mctx)); + +void EVP_PKEY_meth_get_verifyctx(const EVP_PKEY_METHOD *pmeth, + int (**pverifyctx_init) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (**pverifyctx) (EVP_PKEY_CTX *ctx, + const unsigned char *sig, + int siglen, + EVP_MD_CTX *mctx)); + +void EVP_PKEY_meth_get_encrypt(const EVP_PKEY_METHOD *pmeth, + int (**pencrypt_init) (EVP_PKEY_CTX *ctx), + int (**pencryptfn) (EVP_PKEY_CTX *ctx, + unsigned char *out, + size_t *outlen, + const unsigned char *in, + size_t inlen)); + +void EVP_PKEY_meth_get_decrypt(const EVP_PKEY_METHOD *pmeth, + int (**pdecrypt_init) (EVP_PKEY_CTX *ctx), + int (**pdecrypt) (EVP_PKEY_CTX *ctx, + unsigned char *out, + size_t *outlen, + const unsigned char *in, + size_t inlen)); + +void EVP_PKEY_meth_get_derive(const EVP_PKEY_METHOD *pmeth, + int (**pderive_init) (EVP_PKEY_CTX *ctx), + int (**pderive) (EVP_PKEY_CTX *ctx, + unsigned char *key, + size_t *keylen)); + +void EVP_PKEY_meth_get_ctrl(const EVP_PKEY_METHOD *pmeth, + int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1, + void *p2), + int (**pctrl_str) (EVP_PKEY_CTX *ctx, + const char *type, + const char *value)); + +void EVP_PKEY_meth_get_digestsign(EVP_PKEY_METHOD *pmeth, + int (**digestsign) (EVP_MD_CTX *ctx, + unsigned char *sig, + size_t *siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_get_digestverify(EVP_PKEY_METHOD *pmeth, + int (**digestverify) (EVP_MD_CTX *ctx, + const unsigned char *sig, + size_t siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_get_check(const EVP_PKEY_METHOD *pmeth, + int (**pcheck) (EVP_PKEY *pkey)); + +void EVP_PKEY_meth_get_public_check(const EVP_PKEY_METHOD *pmeth, + int (**pcheck) (EVP_PKEY *pkey)); + +void EVP_PKEY_meth_get_param_check(const EVP_PKEY_METHOD *pmeth, + int (**pcheck) (EVP_PKEY *pkey)); + +void EVP_PKEY_meth_get_digest_custom(EVP_PKEY_METHOD *pmeth, + int (**pdigest_custom) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx)); + +void EVP_KEYEXCH_free(EVP_KEYEXCH *exchange); +int EVP_KEYEXCH_up_ref(EVP_KEYEXCH *exchange); +EVP_KEYEXCH *EVP_KEYEXCH_fetch(OPENSSL_CTX *ctx, const char *algorithm, + const char *properties); +OSSL_PROVIDER *EVP_KEYEXCH_provider(const EVP_KEYEXCH *exchange); +int EVP_KEYEXCH_is_a(const EVP_KEYEXCH *keyexch, const char *name); +int EVP_KEYEXCH_number(const EVP_KEYEXCH *keyexch); +void EVP_KEYEXCH_do_all_provided(OPENSSL_CTX *libctx, + void (*fn)(EVP_KEYEXCH *keyexch, void *data), + void *data); +void EVP_KEYEXCH_names_do_all(const EVP_KEYEXCH *keyexch, + void (*fn)(const char *name, void *data), + void *data); + +void EVP_add_alg_module(void); + +/* + * Convenient helper functions to transfer string based controls. + * The callback gets called with the parsed value. + */ +int EVP_str2ctrl(int (*cb)(void *ctx, int cmd, void *buf, size_t buflen), + void *ctx, int cmd, const char *value); +int EVP_hex2ctrl(int (*cb)(void *ctx, int cmd, void *buf, size_t buflen), + void *ctx, int cmd, const char *hex); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/linux_amd64/ssl/include/openssl/evperr.h b/linux_amd64/ssl/include/openssl/evperr.h new file mode 100644 index 0000000..7744465 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/evperr.h @@ -0,0 +1,257 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_EVPERR_H +# define OPENSSL_EVPERR_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_EVPERR_H +# endif + +# include +# include + + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_EVP_strings(void); + +/* + * EVP function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define EVP_F_AESNI_INIT_KEY 0 +# define EVP_F_AESNI_XTS_INIT_KEY 0 +# define EVP_F_AES_GCM_CTRL 0 +# define EVP_F_AES_GCM_TLS_CIPHER 0 +# define EVP_F_AES_INIT_KEY 0 +# define EVP_F_AES_OCB_CIPHER 0 +# define EVP_F_AES_T4_INIT_KEY 0 +# define EVP_F_AES_T4_XTS_INIT_KEY 0 +# define EVP_F_AES_WRAP_CIPHER 0 +# define EVP_F_AES_XTS_CIPHER 0 +# define EVP_F_AES_XTS_INIT_KEY 0 +# define EVP_F_ALG_MODULE_INIT 0 +# define EVP_F_ARIA_CCM_INIT_KEY 0 +# define EVP_F_ARIA_GCM_CTRL 0 +# define EVP_F_ARIA_GCM_INIT_KEY 0 +# define EVP_F_ARIA_INIT_KEY 0 +# define EVP_F_B64_NEW 0 +# define EVP_F_CAMELLIA_INIT_KEY 0 +# define EVP_F_CHACHA20_POLY1305_CTRL 0 +# define EVP_F_CMLL_T4_INIT_KEY 0 +# define EVP_F_DES_EDE3_WRAP_CIPHER 0 +# define EVP_F_DO_SIGVER_INIT 0 +# define EVP_F_ENC_NEW 0 +# define EVP_F_EVP_CIPHERINIT_EX 0 +# define EVP_F_EVP_CIPHER_ASN1_TO_PARAM 0 +# define EVP_F_EVP_CIPHER_CTX_COPY 0 +# define EVP_F_EVP_CIPHER_CTX_CTRL 0 +# define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 0 +# define EVP_F_EVP_CIPHER_CTX_SET_PADDING 0 +# define EVP_F_EVP_CIPHER_FROM_DISPATCH 0 +# define EVP_F_EVP_CIPHER_MODE 0 +# define EVP_F_EVP_CIPHER_PARAM_TO_ASN1 0 +# define EVP_F_EVP_DECRYPTFINAL_EX 0 +# define EVP_F_EVP_DECRYPTUPDATE 0 +# define EVP_F_EVP_DIGESTFINALXOF 0 +# define EVP_F_EVP_DIGESTFINAL_EX 0 +# define EVP_F_EVP_DIGESTINIT_EX 0 +# define EVP_F_EVP_DIGESTUPDATE 0 +# define EVP_F_EVP_ENCRYPTDECRYPTUPDATE 0 +# define EVP_F_EVP_ENCRYPTFINAL_EX 0 +# define EVP_F_EVP_ENCRYPTUPDATE 0 +# define EVP_F_EVP_KDF_CTX_DUP 0 +# define EVP_F_EVP_KDF_CTX_NEW 0 +# define EVP_F_EVP_KEYEXCH_FETCH 0 +# define EVP_F_EVP_KEYEXCH_FROM_DISPATCH 0 +# define EVP_F_EVP_MAC_CTRL 0 +# define EVP_F_EVP_MAC_CTRL_STR 0 +# define EVP_F_EVP_MAC_CTX_DUP 0 +# define EVP_F_EVP_MAC_CTX_NEW 0 +# define EVP_F_EVP_MAC_INIT 0 +# define EVP_F_EVP_MD_BLOCK_SIZE 0 +# define EVP_F_EVP_MD_CTX_COPY_EX 0 +# define EVP_F_EVP_MD_SIZE 0 +# define EVP_F_EVP_OPENINIT 0 +# define EVP_F_EVP_PBE_ALG_ADD 0 +# define EVP_F_EVP_PBE_ALG_ADD_TYPE 0 +# define EVP_F_EVP_PBE_CIPHERINIT 0 +# define EVP_F_EVP_PBE_SCRYPT 0 +# define EVP_F_EVP_PKCS82PKEY 0 +# define EVP_F_EVP_PKEY2PKCS8 0 +# define EVP_F_EVP_PKEY_ASN1_ADD0 0 +# define EVP_F_EVP_PKEY_CHECK 0 +# define EVP_F_EVP_PKEY_COPY_PARAMETERS 0 +# define EVP_F_EVP_PKEY_CTX_CTRL 0 +# define EVP_F_EVP_PKEY_CTX_CTRL_STR 0 +# define EVP_F_EVP_PKEY_CTX_DUP 0 +# define EVP_F_EVP_PKEY_CTX_MD 0 +# define EVP_F_EVP_PKEY_DECRYPT 0 +# define EVP_F_EVP_PKEY_DECRYPT_INIT 0 +# define EVP_F_EVP_PKEY_DECRYPT_OLD 0 +# define EVP_F_EVP_PKEY_DERIVE 0 +# define EVP_F_EVP_PKEY_DERIVE_INIT 0 +# define EVP_F_EVP_PKEY_DERIVE_INIT_EX 0 +# define EVP_F_EVP_PKEY_DERIVE_SET_PEER 0 +# define EVP_F_EVP_PKEY_ENCRYPT 0 +# define EVP_F_EVP_PKEY_ENCRYPT_INIT 0 +# define EVP_F_EVP_PKEY_ENCRYPT_OLD 0 +# define EVP_F_EVP_PKEY_GET0_DH 0 +# define EVP_F_EVP_PKEY_GET0_DSA 0 +# define EVP_F_EVP_PKEY_GET0_EC_KEY 0 +# define EVP_F_EVP_PKEY_GET0_HMAC 0 +# define EVP_F_EVP_PKEY_GET0_POLY1305 0 +# define EVP_F_EVP_PKEY_GET0_RSA 0 +# define EVP_F_EVP_PKEY_GET0_SIPHASH 0 +# define EVP_F_EVP_PKEY_GET_RAW_PRIVATE_KEY 0 +# define EVP_F_EVP_PKEY_GET_RAW_PUBLIC_KEY 0 +# define EVP_F_EVP_PKEY_KEYGEN 0 +# define EVP_F_EVP_PKEY_KEYGEN_INIT 0 +# define EVP_F_EVP_PKEY_METH_ADD0 0 +# define EVP_F_EVP_PKEY_METH_NEW 0 +# define EVP_F_EVP_PKEY_NEW 0 +# define EVP_F_EVP_PKEY_NEW_CMAC_KEY 0 +# define EVP_F_EVP_PKEY_NEW_RAW_PRIVATE_KEY 0 +# define EVP_F_EVP_PKEY_NEW_RAW_PUBLIC_KEY 0 +# define EVP_F_EVP_PKEY_PARAMGEN 0 +# define EVP_F_EVP_PKEY_PARAMGEN_INIT 0 +# define EVP_F_EVP_PKEY_PARAM_CHECK 0 +# define EVP_F_EVP_PKEY_PUBLIC_CHECK 0 +# define EVP_F_EVP_PKEY_SET1_ENGINE 0 +# define EVP_F_EVP_PKEY_SET_ALIAS_TYPE 0 +# define EVP_F_EVP_PKEY_SIGN 0 +# define EVP_F_EVP_PKEY_SIGN_INIT 0 +# define EVP_F_EVP_PKEY_VERIFY 0 +# define EVP_F_EVP_PKEY_VERIFY_INIT 0 +# define EVP_F_EVP_PKEY_VERIFY_RECOVER 0 +# define EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT 0 +# define EVP_F_EVP_SET_DEFAULT_PROPERTIES 0 +# define EVP_F_EVP_SIGNFINAL 0 +# define EVP_F_EVP_VERIFYFINAL 0 +# define EVP_F_GMAC_CTRL 0 +# define EVP_F_INT_CTX_NEW 0 +# define EVP_F_KMAC_CTRL 0 +# define EVP_F_KMAC_INIT 0 +# define EVP_F_OK_NEW 0 +# define EVP_F_PKCS5_PBE_KEYIVGEN 0 +# define EVP_F_PKCS5_V2_PBE_KEYIVGEN 0 +# define EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN 0 +# define EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN 0 +# define EVP_F_PKEY_KDF_CTRL 0 +# define EVP_F_PKEY_MAC_COPY 0 +# define EVP_F_PKEY_MAC_INIT 0 +# define EVP_F_PKEY_SET_TYPE 0 +# define EVP_F_POLY1305_CTRL 0 +# define EVP_F_RC2_MAGIC_TO_METH 0 +# define EVP_F_RC5_CTRL 0 +# define EVP_F_R_32_12_16_INIT_KEY 0 +# define EVP_F_S390X_AES_GCM_CTRL 0 +# define EVP_F_S390X_AES_GCM_TLS_CIPHER 0 +# define EVP_F_SCRYPT_ALG 0 +# define EVP_F_UPDATE 0 +# endif + +/* + * EVP reason codes. + */ +# define EVP_R_AES_KEY_SETUP_FAILED 143 +# define EVP_R_ARIA_KEY_SETUP_FAILED 176 +# define EVP_R_BAD_ALGORITHM_NAME 200 +# define EVP_R_BAD_DECRYPT 100 +# define EVP_R_BAD_KEY_LENGTH 195 +# define EVP_R_BUFFER_TOO_SMALL 155 +# define EVP_R_CAMELLIA_KEY_SETUP_FAILED 157 +# define EVP_R_CANNOT_GET_PARAMETERS 197 +# define EVP_R_CANNOT_SET_PARAMETERS 198 +# define EVP_R_CIPHER_NOT_GCM_MODE 184 +# define EVP_R_CIPHER_PARAMETER_ERROR 122 +# define EVP_R_COMMAND_NOT_SUPPORTED 147 +# define EVP_R_CONFLICTING_ALGORITHM_NAME 201 +# define EVP_R_COPY_ERROR 173 +# define EVP_R_CTRL_NOT_IMPLEMENTED 132 +# define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133 +# define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138 +# define EVP_R_DECODE_ERROR 114 +# define EVP_R_DIFFERENT_KEY_TYPES 101 +# define EVP_R_DIFFERENT_PARAMETERS 153 +# define EVP_R_ERROR_LOADING_SECTION 165 +# define EVP_R_ERROR_SETTING_FIPS_MODE 166 +# define EVP_R_EXPECTING_AN_HMAC_KEY 174 +# define EVP_R_EXPECTING_AN_RSA_KEY 127 +# define EVP_R_EXPECTING_A_DH_KEY 128 +# define EVP_R_EXPECTING_A_DSA_KEY 129 +# define EVP_R_EXPECTING_A_EC_KEY 142 +# define EVP_R_EXPECTING_A_POLY1305_KEY 164 +# define EVP_R_EXPECTING_A_SIPHASH_KEY 175 +# define EVP_R_FINAL_ERROR 188 +# define EVP_R_FIPS_MODE_NOT_SUPPORTED 167 +# define EVP_R_GET_RAW_KEY_FAILED 182 +# define EVP_R_ILLEGAL_SCRYPT_PARAMETERS 171 +# define EVP_R_INITIALIZATION_ERROR 134 +# define EVP_R_INPUT_NOT_INITIALIZED 111 +# define EVP_R_INVALID_CUSTOM_LENGTH 185 +# define EVP_R_INVALID_DIGEST 152 +# define EVP_R_INVALID_FIPS_MODE 168 +# define EVP_R_INVALID_IV_LENGTH 194 +# define EVP_R_INVALID_KEY 163 +# define EVP_R_INVALID_KEY_LENGTH 130 +# define EVP_R_INVALID_OPERATION 148 +# define EVP_R_INVALID_PROVIDER_FUNCTIONS 193 +# define EVP_R_INVALID_SALT_LENGTH 186 +# define EVP_R_KEYGEN_FAILURE 120 +# define EVP_R_KEY_SETUP_FAILED 180 +# define EVP_R_MEMORY_LIMIT_EXCEEDED 172 +# define EVP_R_MESSAGE_DIGEST_IS_NULL 159 +# define EVP_R_METHOD_NOT_SUPPORTED 144 +# define EVP_R_MISSING_PARAMETERS 103 +# define EVP_R_NOT_ABLE_TO_COPY_CTX 190 +# define EVP_R_NOT_XOF_OR_INVALID_LENGTH 178 +# define EVP_R_NO_CIPHER_SET 131 +# define EVP_R_NO_DEFAULT_DIGEST 158 +# define EVP_R_NO_DIGEST_SET 139 +# define EVP_R_NO_KEYMGMT_AVAILABLE 199 +# define EVP_R_NO_KEYMGMT_PRESENT 196 +# define EVP_R_NO_KEY_SET 154 +# define EVP_R_NO_OPERATION_SET 149 +# define EVP_R_ONLY_ONESHOT_SUPPORTED 177 +# define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150 +# define EVP_R_OPERATON_NOT_INITIALIZED 151 +# define EVP_R_PARAMETER_TOO_LARGE 187 +# define EVP_R_PARTIALLY_OVERLAPPING 162 +# define EVP_R_PBKDF2_ERROR 181 +# define EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED 179 +# define EVP_R_PRIVATE_KEY_DECODE_ERROR 145 +# define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146 +# define EVP_R_PUBLIC_KEY_NOT_RSA 106 +# define EVP_R_TOO_MANY_RECORDS 183 +# define EVP_R_UNKNOWN_CIPHER 160 +# define EVP_R_UNKNOWN_DIGEST 161 +# define EVP_R_UNKNOWN_OPTION 169 +# define EVP_R_UNKNOWN_PBE_ALGORITHM 121 +# define EVP_R_UNSUPPORTED_ALGORITHM 156 +# define EVP_R_UNSUPPORTED_CIPHER 107 +# define EVP_R_UNSUPPORTED_KEYLENGTH 123 +# define EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION 124 +# define EVP_R_UNSUPPORTED_KEY_SIZE 108 +# define EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS 135 +# define EVP_R_UNSUPPORTED_PRF 125 +# define EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM 118 +# define EVP_R_UNSUPPORTED_SALT_TYPE 126 +# define EVP_R_UPDATE_ERROR 189 +# define EVP_R_WRAP_MODE_NOT_ALLOWED 170 +# define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109 +# define EVP_R_XTS_DATA_UNIT_IS_TOO_LARGE 191 +# define EVP_R_XTS_DUPLICATED_KEYS 192 + +#endif diff --git a/linux_amd64/ssl/include/openssl/fips_names.h b/linux_amd64/ssl/include/openssl/fips_names.h new file mode 100644 index 0000000..aeb9670 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/fips_names.h @@ -0,0 +1,46 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_FIPS_NAMES_H +# define OPENSSL_FIPS_NAMES_H + +# ifdef __cplusplus +extern "C" { +# endif + +/* + * Parameter names that the FIPS Provider defines + */ + +/* + * The calculated MAC of the module file (Used for FIPS Self Testing) + * Type: OSSL_PARAM_UTF8_STRING + */ +# define OSSL_PROV_FIPS_PARAM_MODULE_MAC "module-checksum" +/* + * A version number for the fips install process (Used for FIPS Self Testing) + * Type: OSSL_PARAM_UTF8_STRING + */ +# define OSSL_PROV_FIPS_PARAM_INSTALL_VERSION "install-version" +/* + * The calculated MAC of the install status indicator (Used for FIPS Self Testing) + * Type: OSSL_PARAM_UTF8_STRING + */ +# define OSSL_PROV_FIPS_PARAM_INSTALL_MAC "install-checksum" +/* + * The install status indicator (Used for FIPS Self Testing) + * Type: OSSL_PARAM_UTF8_STRING + */ +# define OSSL_PROV_FIPS_PARAM_INSTALL_STATUS "install-status" + +# ifdef __cplusplus +} +# endif + +#endif /* OPENSSL_FIPS_NAMES_H */ diff --git a/linux_amd64/ssl/include/openssl/hmac.h b/linux_amd64/ssl/include/openssl/hmac.h new file mode 100644 index 0000000..d05cdde --- /dev/null +++ b/linux_amd64/ssl/include/openssl/hmac.h @@ -0,0 +1,58 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_HMAC_H +# define OPENSSL_HMAC_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_HMAC_H +# endif + +# include + +# include + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HMAC_MAX_MD_CBLOCK 128 /* Deprecated */ +# endif + +# ifdef __cplusplus +extern "C" { +# endif + +DEPRECATEDIN_3_0(size_t HMAC_size(const HMAC_CTX *e)) +DEPRECATEDIN_3_0(HMAC_CTX *HMAC_CTX_new(void)) +DEPRECATEDIN_3_0(int HMAC_CTX_reset(HMAC_CTX *ctx)) +DEPRECATEDIN_3_0(void HMAC_CTX_free(HMAC_CTX *ctx)) + +DEPRECATEDIN_1_1_0(__owur int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, + const EVP_MD *md)) + +DEPRECATEDIN_3_0(int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, + const EVP_MD *md, ENGINE *impl)) +DEPRECATEDIN_3_0(int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, + size_t len)) +DEPRECATEDIN_3_0(int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, + unsigned int *len)) +DEPRECATEDIN_3_0(unsigned char *HMAC(const EVP_MD *evp_md, const void *key, + int key_len, const unsigned char *d, + size_t n, unsigned char *md, + unsigned int *md_len)) +DEPRECATEDIN_3_0(__owur int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx)) + +DEPRECATEDIN_3_0(void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags)) +DEPRECATEDIN_3_0(const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx)) + +# ifdef __cplusplus +} +# endif + +#endif diff --git a/linux_amd64/ssl/include/openssl/http.h b/linux_amd64/ssl/include/openssl/http.h new file mode 100644 index 0000000..e37f636 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/http.h @@ -0,0 +1,72 @@ +/* + * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright Siemens AG 2018-2020 + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_HTTP_H +# define OPENSSL_HTTP_H +# pragma once + +# include + +# include +# include +# include + + +# ifdef __cplusplus +extern "C" { +# endif + +typedef BIO *(*OSSL_HTTP_bio_cb_t)(BIO *bio, void *arg, int connect, int detail); + +BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *proxy_port, + BIO *bio, BIO *rbio, + OSSL_HTTP_bio_cb_t bio_update_fn, void *arg, + const STACK_OF(CONF_VALUE) *headers, + int maxline, unsigned long max_resp_len, int timeout, + const char *expected_content_type, int expect_asn1); +ASN1_VALUE *OSSL_HTTP_get_asn1(const char *url, + const char *proxy, const char *proxy_port, + BIO *bio, BIO *rbio, + OSSL_HTTP_bio_cb_t bio_update_fn, void *arg, + const STACK_OF(CONF_VALUE) *headers, + int maxline, unsigned long max_resp_len, + int timeout, const char *expected_content_type, + const ASN1_ITEM *it); +ASN1_VALUE *OSSL_HTTP_post_asn1(const char *server, const char *port, + const char *path, int use_ssl, + const char *proxy, const char *proxy_port, + BIO *bio, BIO *rbio, + OSSL_HTTP_bio_cb_t bio_update_fn, void *arg, + const STACK_OF(CONF_VALUE) *headers, + const char *content_type, + ASN1_VALUE *req, const ASN1_ITEM *req_it, + int maxline, unsigned long max_resp_len, + int timeout, const char *expected_ct, + const ASN1_ITEM *rsp_it); +BIO *OSSL_HTTP_transfer(const char *server, const char *port, const char *path, + int use_ssl, const char *proxy, const char *proxy_port, + BIO *bio, BIO *rbio, + OSSL_HTTP_bio_cb_t bio_update_fn, void *arg, + const STACK_OF(CONF_VALUE) *headers, + const char *content_type, BIO *req_mem, + int maxline, unsigned long max_resp_len, int timeout, + const char *expected_ct, int expect_asn1, + char **redirection_url); +int OSSL_HTTP_proxy_connect(BIO *bio, const char *server, const char *port, + const char *proxyuser, const char *proxypass, + int timeout, BIO *bio_err, const char *prog); + +int OSSL_HTTP_parse_url(const char *url, char **phost, char **pport, + char **ppath, int *pssl); + +# ifdef __cplusplus +} +# endif +#endif /* !defined OPENSSL_HTTP_H */ diff --git a/linux_amd64/ssl/include/openssl/httperr.h b/linux_amd64/ssl/include/openssl/httperr.h new file mode 100644 index 0000000..36dd7cb --- /dev/null +++ b/linux_amd64/ssl/include/openssl/httperr.h @@ -0,0 +1,55 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_HTTPERR_H +# define OPENSSL_HTTPERR_H + +# include +# include + + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_HTTP_strings(void); + +/* + * HTTP function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# endif + +/* + * HTTP reason codes. + */ +# define HTTP_R_ASN1_LEN_EXCEEDS_MAX_RESP_LEN 108 +# define HTTP_R_CONNECT_FAILURE 100 +# define HTTP_R_ERROR_PARSING_ASN1_LENGTH 109 +# define HTTP_R_ERROR_PARSING_CONTENT_LENGTH 119 +# define HTTP_R_ERROR_PARSING_URL 101 +# define HTTP_R_ERROR_RECEIVING 103 +# define HTTP_R_ERROR_SENDING 102 +# define HTTP_R_INCONSISTENT_CONTENT_LENGTH 120 +# define HTTP_R_MAX_RESP_LEN_EXCEEDED 117 +# define HTTP_R_MISSING_ASN1_ENCODING 110 +# define HTTP_R_MISSING_CONTENT_TYPE 121 +# define HTTP_R_MISSING_REDIRECT_LOCATION 111 +# define HTTP_R_REDIRECTION_FROM_HTTPS_TO_HTTP 112 +# define HTTP_R_REDIRECTION_NOT_ENABLED 116 +# define HTTP_R_RESPONSE_LINE_TOO_LONG 113 +# define HTTP_R_SERVER_RESPONSE_PARSE_ERROR 104 +# define HTTP_R_SERVER_SENT_ERROR 105 +# define HTTP_R_SERVER_SENT_WRONG_HTTP_VERSION 106 +# define HTTP_R_STATUS_CODE_UNSUPPORTED 114 +# define HTTP_R_TLS_NOT_ENABLED 107 +# define HTTP_R_TOO_MANY_REDIRECTIONS 115 +# define HTTP_R_UNEXPECTED_CONTENT_TYPE 118 + +#endif diff --git a/linux_amd64/ssl/include/openssl/idea.h b/linux_amd64/ssl/include/openssl/idea.h new file mode 100644 index 0000000..a651ee2 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/idea.h @@ -0,0 +1,79 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_IDEA_H +# define OPENSSL_IDEA_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_IDEA_H +# endif + +# include + +# ifndef OPENSSL_NO_IDEA +# ifdef __cplusplus +extern "C" { +# endif + +# define IDEA_BLOCK 8 +# define IDEA_KEY_LENGTH 16 + +# ifndef OPENSSL_NO_DEPRECATED_3_0 + +typedef unsigned int IDEA_INT; + +# define IDEA_ENCRYPT 1 +# define IDEA_DECRYPT 0 + +typedef struct idea_key_st { + IDEA_INT data[9][6]; +} IDEA_KEY_SCHEDULE; +#endif + +DEPRECATEDIN_3_0(const char *IDEA_options(void)) +DEPRECATEDIN_3_0(void IDEA_ecb_encrypt(const unsigned char *in, + unsigned char *out, + IDEA_KEY_SCHEDULE *ks)) +DEPRECATEDIN_3_0(void IDEA_set_encrypt_key(const unsigned char *key, + IDEA_KEY_SCHEDULE *ks)) +DEPRECATEDIN_3_0(void IDEA_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, + IDEA_KEY_SCHEDULE *dk)) +DEPRECATEDIN_3_0(void IDEA_cbc_encrypt(const unsigned char *in, + unsigned char *out, long length, + IDEA_KEY_SCHEDULE *ks, + unsigned char *iv, int enc)) +DEPRECATEDIN_3_0(void IDEA_cfb64_encrypt(const unsigned char *in, + unsigned char *out, long length, + IDEA_KEY_SCHEDULE *ks, + unsigned char *iv, int *num, int enc)) +DEPRECATEDIN_3_0(void IDEA_ofb64_encrypt(const unsigned char *in, + unsigned char *out, long length, + IDEA_KEY_SCHEDULE *ks, + unsigned char *iv, int *num)) +DEPRECATEDIN_3_0(void IDEA_encrypt(unsigned long *in, IDEA_KEY_SCHEDULE *ks)) + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define idea_options IDEA_options +# define idea_ecb_encrypt IDEA_ecb_encrypt +# define idea_set_encrypt_key IDEA_set_encrypt_key +# define idea_set_decrypt_key IDEA_set_decrypt_key +# define idea_cbc_encrypt IDEA_cbc_encrypt +# define idea_cfb64_encrypt IDEA_cfb64_encrypt +# define idea_ofb64_encrypt IDEA_ofb64_encrypt +# define idea_encrypt IDEA_encrypt +# endif + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/linux_amd64/ssl/include/openssl/kdf.h b/linux_amd64/ssl/include/openssl/kdf.h new file mode 100644 index 0000000..d8f81c9 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/kdf.h @@ -0,0 +1,178 @@ +/* + * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_KDF_H +# define OPENSSL_KDF_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_KDF_H +# endif + +# include +# include +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +int EVP_KDF_up_ref(EVP_KDF *kdf); +void EVP_KDF_free(EVP_KDF *kdf); +EVP_KDF *EVP_KDF_fetch(OPENSSL_CTX *libctx, const char *algorithm, + const char *properties); + +EVP_KDF_CTX *EVP_KDF_CTX_new(EVP_KDF *kdf); +void EVP_KDF_CTX_free(EVP_KDF_CTX *ctx); +EVP_KDF_CTX *EVP_KDF_CTX_dup(const EVP_KDF_CTX *src); +int EVP_KDF_number(const EVP_KDF *kdf); +int EVP_KDF_is_a(const EVP_KDF *kdf, const char *name); +const OSSL_PROVIDER *EVP_KDF_provider(const EVP_KDF *kdf); +const EVP_KDF *EVP_KDF_CTX_kdf(EVP_KDF_CTX *ctx); + +void EVP_KDF_reset(EVP_KDF_CTX *ctx); +size_t EVP_KDF_size(EVP_KDF_CTX *ctx); +int EVP_KDF_derive(EVP_KDF_CTX *ctx, unsigned char *key, size_t keylen); +int EVP_KDF_get_params(EVP_KDF *kdf, OSSL_PARAM params[]); +int EVP_KDF_CTX_get_params(EVP_KDF_CTX *ctx, OSSL_PARAM params[]); +int EVP_KDF_CTX_set_params(EVP_KDF_CTX *ctx, const OSSL_PARAM params[]); +const OSSL_PARAM *EVP_KDF_gettable_params(const EVP_KDF *kdf); +const OSSL_PARAM *EVP_KDF_gettable_ctx_params(const EVP_KDF *kdf); +const OSSL_PARAM *EVP_KDF_settable_ctx_params(const EVP_KDF *kdf); + +void EVP_KDF_do_all_provided(OPENSSL_CTX *libctx, + void (*fn)(EVP_KDF *kdf, void *arg), + void *arg); +void EVP_KDF_names_do_all(const EVP_KDF *kdf, + void (*fn)(const char *name, void *data), + void *data); + +# define EVP_KDF_CTRL_SET_PASS 0x01 /* unsigned char *, size_t */ +# define EVP_KDF_CTRL_SET_SALT 0x02 /* unsigned char *, size_t */ +# define EVP_KDF_CTRL_SET_ITER 0x03 /* int */ +# define EVP_KDF_CTRL_SET_MD 0x04 /* EVP_MD * */ +# define EVP_KDF_CTRL_SET_KEY 0x05 /* unsigned char *, size_t */ +# define EVP_KDF_CTRL_SET_MAXMEM_BYTES 0x06 /* uint64_t */ +# define EVP_KDF_CTRL_SET_TLS_SECRET 0x07 /* unsigned char *, size_t */ +# define EVP_KDF_CTRL_ADD_TLS_SEED 0x08 /* unsigned char *, size_t */ +# define EVP_KDF_CTRL_RESET_HKDF_INFO 0x09 +# define EVP_KDF_CTRL_ADD_HKDF_INFO 0x0a /* unsigned char *, size_t */ +# define EVP_KDF_CTRL_SET_HKDF_MODE 0x0b /* int */ +# define EVP_KDF_CTRL_SET_SCRYPT_N 0x0c /* uint64_t */ +# define EVP_KDF_CTRL_SET_SCRYPT_R 0x0d /* uint32_t */ +# define EVP_KDF_CTRL_SET_SCRYPT_P 0x0e /* uint32_t */ +# define EVP_KDF_CTRL_SET_SSHKDF_XCGHASH 0x0f /* unsigned char *, size_t */ +# define EVP_KDF_CTRL_SET_SSHKDF_SESSION_ID 0x10 /* unsigned char *, size_t */ +# define EVP_KDF_CTRL_SET_SSHKDF_TYPE 0x11 /* int */ +# define EVP_KDF_CTRL_SET_MAC 0x12 /* EVP_MAC * */ +# define EVP_KDF_CTRL_SET_MAC_SIZE 0x13 /* size_t */ +# define EVP_KDF_CTRL_SET_SSKDF_INFO 0x14 /* unsigned char *, size_t */ +# define EVP_KDF_CTRL_SET_PBKDF2_PKCS5_MODE 0x15 /* int */ +# define EVP_KDF_CTRL_SET_UKM 0x16 /* unsigned char *, size_t */ +# define EVP_KDF_CTRL_SET_CEK_ALG 0x17 /* char * */ +# define EVP_KDF_CTRL_SET_SHARED_INFO EVP_KDF_CTRL_SET_SSKDF_INFO + +# define EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND 0 +# define EVP_KDF_HKDF_MODE_EXTRACT_ONLY 1 +# define EVP_KDF_HKDF_MODE_EXPAND_ONLY 2 + +#define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV 65 +#define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_SRV_TO_CLI 66 +#define EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_CLI_TO_SRV 67 +#define EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_SRV_TO_CLI 68 +#define EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_CLI_TO_SRV 69 +#define EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_SRV_TO_CLI 70 + +/**** The legacy PKEY-based KDF API follows. ****/ + +# define EVP_PKEY_CTRL_TLS_MD (EVP_PKEY_ALG_CTRL) +# define EVP_PKEY_CTRL_TLS_SECRET (EVP_PKEY_ALG_CTRL + 1) +# define EVP_PKEY_CTRL_TLS_SEED (EVP_PKEY_ALG_CTRL + 2) +# define EVP_PKEY_CTRL_HKDF_MD (EVP_PKEY_ALG_CTRL + 3) +# define EVP_PKEY_CTRL_HKDF_SALT (EVP_PKEY_ALG_CTRL + 4) +# define EVP_PKEY_CTRL_HKDF_KEY (EVP_PKEY_ALG_CTRL + 5) +# define EVP_PKEY_CTRL_HKDF_INFO (EVP_PKEY_ALG_CTRL + 6) +# define EVP_PKEY_CTRL_HKDF_MODE (EVP_PKEY_ALG_CTRL + 7) +# define EVP_PKEY_CTRL_PASS (EVP_PKEY_ALG_CTRL + 8) +# define EVP_PKEY_CTRL_SCRYPT_SALT (EVP_PKEY_ALG_CTRL + 9) +# define EVP_PKEY_CTRL_SCRYPT_N (EVP_PKEY_ALG_CTRL + 10) +# define EVP_PKEY_CTRL_SCRYPT_R (EVP_PKEY_ALG_CTRL + 11) +# define EVP_PKEY_CTRL_SCRYPT_P (EVP_PKEY_ALG_CTRL + 12) +# define EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES (EVP_PKEY_ALG_CTRL + 13) + +# define EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND \ + EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND +# define EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY \ + EVP_KDF_HKDF_MODE_EXTRACT_ONLY +# define EVP_PKEY_HKDEF_MODE_EXPAND_ONLY \ + EVP_KDF_HKDF_MODE_EXPAND_ONLY + +# define EVP_PKEY_CTX_set_tls1_prf_md(pctx, md) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_TLS_MD, 0, (void *)(md)) + +# define EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, sec, seclen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_TLS_SECRET, seclen, (void *)(sec)) + +# define EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed, seedlen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_TLS_SEED, seedlen, (void *)(seed)) + +# define EVP_PKEY_CTX_set_hkdf_md(pctx, md) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_HKDF_MD, 0, (void *)(md)) + +# define EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, saltlen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_HKDF_SALT, saltlen, (void *)(salt)) + +# define EVP_PKEY_CTX_set1_hkdf_key(pctx, key, keylen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_HKDF_KEY, keylen, (void *)(key)) + +# define EVP_PKEY_CTX_add1_hkdf_info(pctx, info, infolen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_HKDF_INFO, infolen, (void *)(info)) + +# define EVP_PKEY_CTX_hkdf_mode(pctx, mode) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_HKDF_MODE, mode, NULL) + +# define EVP_PKEY_CTX_set1_pbe_pass(pctx, pass, passlen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_PASS, passlen, (void *)(pass)) + +# define EVP_PKEY_CTX_set1_scrypt_salt(pctx, salt, saltlen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_SCRYPT_SALT, saltlen, (void *)(salt)) + +# define EVP_PKEY_CTX_set_scrypt_N(pctx, n) \ + EVP_PKEY_CTX_ctrl_uint64(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_SCRYPT_N, n) + +# define EVP_PKEY_CTX_set_scrypt_r(pctx, r) \ + EVP_PKEY_CTX_ctrl_uint64(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_SCRYPT_R, r) + +# define EVP_PKEY_CTX_set_scrypt_p(pctx, p) \ + EVP_PKEY_CTX_ctrl_uint64(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_SCRYPT_P, p) + +# define EVP_PKEY_CTX_set_scrypt_maxmem_bytes(pctx, maxmem_bytes) \ + EVP_PKEY_CTX_ctrl_uint64(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES, maxmem_bytes) + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/linux_amd64/ssl/include/openssl/kdferr.h b/linux_amd64/ssl/include/openssl/kdferr.h new file mode 100644 index 0000000..31f112c --- /dev/null +++ b/linux_amd64/ssl/include/openssl/kdferr.h @@ -0,0 +1,118 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_KDFERR_H +# define OPENSSL_KDFERR_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_OSSL_KDFERR_H +# endif + +# include +# include + + +# ifdef __cplusplus +extern "C" +# endif +DEPRECATEDIN_3_0(int ERR_load_KDF_strings(void)) + +/* + * KDF function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define KDF_F_HKDF_EXTRACT 0 +# define KDF_F_KDF_HKDF_DERIVE 0 +# define KDF_F_KDF_HKDF_NEW 0 +# define KDF_F_KDF_HKDF_SIZE 0 +# define KDF_F_KDF_MD2CTRL 0 +# define KDF_F_KDF_PBKDF2_CTRL 0 +# define KDF_F_KDF_PBKDF2_CTRL_STR 0 +# define KDF_F_KDF_PBKDF2_DERIVE 0 +# define KDF_F_KDF_PBKDF2_NEW 0 +# define KDF_F_KDF_SCRYPT_CTRL_STR 0 +# define KDF_F_KDF_SCRYPT_CTRL_UINT32 0 +# define KDF_F_KDF_SCRYPT_CTRL_UINT64 0 +# define KDF_F_KDF_SCRYPT_DERIVE 0 +# define KDF_F_KDF_SCRYPT_NEW 0 +# define KDF_F_KDF_SSHKDF_CTRL 0 +# define KDF_F_KDF_SSHKDF_CTRL_STR 0 +# define KDF_F_KDF_SSHKDF_DERIVE 0 +# define KDF_F_KDF_SSHKDF_NEW 0 +# define KDF_F_KDF_TLS1_PRF_CTRL_STR 0 +# define KDF_F_KDF_TLS1_PRF_DERIVE 0 +# define KDF_F_KDF_TLS1_PRF_NEW 0 +# define KDF_F_PBKDF2_DERIVE 0 +# define KDF_F_PBKDF2_SET_MEMBUF 0 +# define KDF_F_PKEY_HKDF_CTRL_STR 0 +# define KDF_F_PKEY_HKDF_DERIVE 0 +# define KDF_F_PKEY_HKDF_INIT 0 +# define KDF_F_PKEY_SCRYPT_CTRL_STR 0 +# define KDF_F_PKEY_SCRYPT_CTRL_UINT64 0 +# define KDF_F_PKEY_SCRYPT_DERIVE 0 +# define KDF_F_PKEY_SCRYPT_INIT 0 +# define KDF_F_PKEY_SCRYPT_SET_MEMBUF 0 +# define KDF_F_PKEY_TLS1_PRF_CTRL_STR 0 +# define KDF_F_PKEY_TLS1_PRF_DERIVE 0 +# define KDF_F_PKEY_TLS1_PRF_INIT 0 +# define KDF_F_SCRYPT_SET_MEMBUF 0 +# define KDF_F_SSKDF_CTRL_STR 0 +# define KDF_F_SSKDF_DERIVE 0 +# define KDF_F_SSKDF_MAC2CTRL 0 +# define KDF_F_SSKDF_NEW 0 +# define KDF_F_SSKDF_SIZE 0 +# define KDF_F_TLS1_PRF_ALG 0 +# define KDF_F_X942KDF_CTRL 0 +# define KDF_F_X942KDF_DERIVE 0 +# define KDF_F_X942KDF_HASH_KDM 0 +# define KDF_F_X942KDF_NEW 0 +# define KDF_F_X942KDF_SIZE 0 +# define KDF_F_X963KDF_DERIVE 0 +# endif + +/* + * KDF reason codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define KDF_R_BAD_ENCODING 122 +# define KDF_R_BAD_LENGTH 123 +# define KDF_R_BOTH_MODE_AND_MODE_INT 127 +# define KDF_R_INAVLID_UKM_LEN 124 +# define KDF_R_INVALID_DIGEST 100 +# define KDF_R_INVALID_ITERATION_COUNT 119 +# define KDF_R_INVALID_KEY_LEN 120 +# define KDF_R_INVALID_MAC_TYPE 116 +# define KDF_R_INVALID_MODE 128 +# define KDF_R_INVALID_MODE_INT 129 +# define KDF_R_INVALID_SALT_LEN 121 +# define KDF_R_MISSING_CEK_ALG 125 +# define KDF_R_MISSING_ITERATION_COUNT 109 +# define KDF_R_MISSING_KEY 104 +# define KDF_R_MISSING_MESSAGE_DIGEST 105 +# define KDF_R_MISSING_PARAMETER 101 +# define KDF_R_MISSING_PASS 110 +# define KDF_R_MISSING_SALT 111 +# define KDF_R_MISSING_SECRET 107 +# define KDF_R_MISSING_SEED 106 +# define KDF_R_MISSING_SESSION_ID 113 +# define KDF_R_MISSING_TYPE 114 +# define KDF_R_MISSING_XCGHASH 115 +# define KDF_R_NOT_SUPPORTED 118 +# define KDF_R_UNKNOWN_PARAMETER_TYPE 103 +# define KDF_R_UNSUPPORTED_CEK_ALG 126 +# define KDF_R_UNSUPPORTED_MAC_TYPE 117 +# define KDF_R_VALUE_ERROR 108 +# define KDF_R_VALUE_MISSING 102 +# define KDF_R_WRONG_OUTPUT_BUFFER_SIZE 112 +# endif + +#endif diff --git a/linux_amd64/ssl/include/openssl/lhash.h b/linux_amd64/ssl/include/openssl/lhash.h new file mode 100644 index 0000000..2be4cf4 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/lhash.h @@ -0,0 +1,252 @@ +/* + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * Header for dynamic hash table routines Author - Eric Young + */ + +#ifndef OPENSSL_LHASH_H +# define OPENSSL_LHASH_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_LHASH_H +# endif + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct lhash_node_st OPENSSL_LH_NODE; +typedef int (*OPENSSL_LH_COMPFUNC) (const void *, const void *); +typedef unsigned long (*OPENSSL_LH_HASHFUNC) (const void *); +typedef void (*OPENSSL_LH_DOALL_FUNC) (void *); +typedef void (*OPENSSL_LH_DOALL_FUNCARG) (void *, void *); +typedef struct lhash_st OPENSSL_LHASH; + +/* + * Macros for declaring and implementing type-safe wrappers for LHASH + * callbacks. This way, callbacks can be provided to LHASH structures without + * function pointer casting and the macro-defined callbacks provide + * per-variable casting before deferring to the underlying type-specific + * callbacks. NB: It is possible to place a "static" in front of both the + * DECLARE and IMPLEMENT macros if the functions are strictly internal. + */ + +/* First: "hash" functions */ +# define DECLARE_LHASH_HASH_FN(name, o_type) \ + unsigned long name##_LHASH_HASH(const void *); +# define IMPLEMENT_LHASH_HASH_FN(name, o_type) \ + unsigned long name##_LHASH_HASH(const void *arg) { \ + const o_type *a = arg; \ + return name##_hash(a); } +# define LHASH_HASH_FN(name) name##_LHASH_HASH + +/* Second: "compare" functions */ +# define DECLARE_LHASH_COMP_FN(name, o_type) \ + int name##_LHASH_COMP(const void *, const void *); +# define IMPLEMENT_LHASH_COMP_FN(name, o_type) \ + int name##_LHASH_COMP(const void *arg1, const void *arg2) { \ + const o_type *a = arg1; \ + const o_type *b = arg2; \ + return name##_cmp(a,b); } +# define LHASH_COMP_FN(name) name##_LHASH_COMP + +/* Fourth: "doall_arg" functions */ +# define DECLARE_LHASH_DOALL_ARG_FN(name, o_type, a_type) \ + void name##_LHASH_DOALL_ARG(void *, void *); +# define IMPLEMENT_LHASH_DOALL_ARG_FN(name, o_type, a_type) \ + void name##_LHASH_DOALL_ARG(void *arg1, void *arg2) { \ + o_type *a = arg1; \ + a_type *b = arg2; \ + name##_doall_arg(a, b); } +# define LHASH_DOALL_ARG_FN(name) name##_LHASH_DOALL_ARG + + +# define LH_LOAD_MULT 256 + +int OPENSSL_LH_error(OPENSSL_LHASH *lh); +OPENSSL_LHASH *OPENSSL_LH_new(OPENSSL_LH_HASHFUNC h, OPENSSL_LH_COMPFUNC c); +void OPENSSL_LH_free(OPENSSL_LHASH *lh); +void OPENSSL_LH_flush(OPENSSL_LHASH *lh); +void *OPENSSL_LH_insert(OPENSSL_LHASH *lh, void *data); +void *OPENSSL_LH_delete(OPENSSL_LHASH *lh, const void *data); +void *OPENSSL_LH_retrieve(OPENSSL_LHASH *lh, const void *data); +void OPENSSL_LH_doall(OPENSSL_LHASH *lh, OPENSSL_LH_DOALL_FUNC func); +void OPENSSL_LH_doall_arg(OPENSSL_LHASH *lh, OPENSSL_LH_DOALL_FUNCARG func, void *arg); +unsigned long OPENSSL_LH_strhash(const char *c); +unsigned long OPENSSL_LH_num_items(const OPENSSL_LHASH *lh); +unsigned long OPENSSL_LH_get_down_load(const OPENSSL_LHASH *lh); +void OPENSSL_LH_set_down_load(OPENSSL_LHASH *lh, unsigned long down_load); + +# ifndef OPENSSL_NO_STDIO +void OPENSSL_LH_stats(const OPENSSL_LHASH *lh, FILE *fp); +void OPENSSL_LH_node_stats(const OPENSSL_LHASH *lh, FILE *fp); +void OPENSSL_LH_node_usage_stats(const OPENSSL_LHASH *lh, FILE *fp); +# endif +void OPENSSL_LH_stats_bio(const OPENSSL_LHASH *lh, BIO *out); +void OPENSSL_LH_node_stats_bio(const OPENSSL_LHASH *lh, BIO *out); +void OPENSSL_LH_node_usage_stats_bio(const OPENSSL_LHASH *lh, BIO *out); + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define _LHASH OPENSSL_LHASH +# define LHASH_NODE OPENSSL_LH_NODE +# define lh_error OPENSSL_LH_error +# define lh_new OPENSSL_LH_new +# define lh_free OPENSSL_LH_free +# define lh_insert OPENSSL_LH_insert +# define lh_delete OPENSSL_LH_delete +# define lh_retrieve OPENSSL_LH_retrieve +# define lh_doall OPENSSL_LH_doall +# define lh_doall_arg OPENSSL_LH_doall_arg +# define lh_strhash OPENSSL_LH_strhash +# define lh_num_items OPENSSL_LH_num_items +# ifndef OPENSSL_NO_STDIO +# define lh_stats OPENSSL_LH_stats +# define lh_node_stats OPENSSL_LH_node_stats +# define lh_node_usage_stats OPENSSL_LH_node_usage_stats +# endif +# define lh_stats_bio OPENSSL_LH_stats_bio +# define lh_node_stats_bio OPENSSL_LH_node_stats_bio +# define lh_node_usage_stats_bio OPENSSL_LH_node_usage_stats_bio +# endif + +/* Type checking... */ + +# define LHASH_OF(type) struct lhash_st_##type + +# define DEFINE_LHASH_OF(type) \ + LHASH_OF(type) { union lh_##type##_dummy { void* d1; unsigned long d2; int d3; } dummy; }; \ + static ossl_unused ossl_inline LHASH_OF(type) *lh_##type##_new(unsigned long (*hfn)(const type *), \ + int (*cfn)(const type *, const type *)) \ + { \ + return (LHASH_OF(type) *) \ + OPENSSL_LH_new((OPENSSL_LH_HASHFUNC)hfn, (OPENSSL_LH_COMPFUNC)cfn); \ + } \ + static ossl_unused ossl_inline void lh_##type##_free(LHASH_OF(type) *lh) \ + { \ + OPENSSL_LH_free((OPENSSL_LHASH *)lh); \ + } \ + static ossl_unused ossl_inline void lh_##type##_flush(LHASH_OF(type) *lh) \ + { \ + OPENSSL_LH_flush((OPENSSL_LHASH *)lh); \ + } \ + static ossl_unused ossl_inline type *lh_##type##_insert(LHASH_OF(type) *lh, type *d) \ + { \ + return (type *)OPENSSL_LH_insert((OPENSSL_LHASH *)lh, d); \ + } \ + static ossl_unused ossl_inline type *lh_##type##_delete(LHASH_OF(type) *lh, const type *d) \ + { \ + return (type *)OPENSSL_LH_delete((OPENSSL_LHASH *)lh, d); \ + } \ + static ossl_unused ossl_inline type *lh_##type##_retrieve(LHASH_OF(type) *lh, const type *d) \ + { \ + return (type *)OPENSSL_LH_retrieve((OPENSSL_LHASH *)lh, d); \ + } \ + static ossl_unused ossl_inline int lh_##type##_error(LHASH_OF(type) *lh) \ + { \ + return OPENSSL_LH_error((OPENSSL_LHASH *)lh); \ + } \ + static ossl_unused ossl_inline unsigned long lh_##type##_num_items(LHASH_OF(type) *lh) \ + { \ + return OPENSSL_LH_num_items((OPENSSL_LHASH *)lh); \ + } \ + static ossl_unused ossl_inline void lh_##type##_node_stats_bio(const LHASH_OF(type) *lh, BIO *out) \ + { \ + OPENSSL_LH_node_stats_bio((const OPENSSL_LHASH *)lh, out); \ + } \ + static ossl_unused ossl_inline void lh_##type##_node_usage_stats_bio(const LHASH_OF(type) *lh, BIO *out) \ + { \ + OPENSSL_LH_node_usage_stats_bio((const OPENSSL_LHASH *)lh, out); \ + } \ + static ossl_unused ossl_inline void lh_##type##_stats_bio(const LHASH_OF(type) *lh, BIO *out) \ + { \ + OPENSSL_LH_stats_bio((const OPENSSL_LHASH *)lh, out); \ + } \ + static ossl_unused ossl_inline unsigned long lh_##type##_get_down_load(LHASH_OF(type) *lh) \ + { \ + return OPENSSL_LH_get_down_load((OPENSSL_LHASH *)lh); \ + } \ + static ossl_unused ossl_inline void lh_##type##_set_down_load(LHASH_OF(type) *lh, unsigned long dl) \ + { \ + OPENSSL_LH_set_down_load((OPENSSL_LHASH *)lh, dl); \ + } \ + static ossl_unused ossl_inline void lh_##type##_doall(LHASH_OF(type) *lh, \ + void (*doall)(type *)) \ + { \ + OPENSSL_LH_doall((OPENSSL_LHASH *)lh, (OPENSSL_LH_DOALL_FUNC)doall); \ + } \ + LHASH_OF(type) + +#define IMPLEMENT_LHASH_DOALL_ARG_CONST(type, argtype) \ + int_implement_lhash_doall(type, argtype, const type) + +#define IMPLEMENT_LHASH_DOALL_ARG(type, argtype) \ + int_implement_lhash_doall(type, argtype, type) + +#define int_implement_lhash_doall(type, argtype, cbargtype) \ + static ossl_unused ossl_inline void \ + lh_##type##_doall_##argtype(LHASH_OF(type) *lh, \ + void (*fn)(cbargtype *, argtype *), \ + argtype *arg) \ + { \ + OPENSSL_LH_doall_arg((OPENSSL_LHASH *)lh, (OPENSSL_LH_DOALL_FUNCARG)fn, (void *)arg); \ + } \ + LHASH_OF(type) + +DEFINE_LHASH_OF(OPENSSL_STRING); +# ifdef _MSC_VER +/* + * push and pop this warning: + * warning C4090: 'function': different 'const' qualifiers + */ +# pragma warning (push) +# pragma warning (disable: 4090) +# endif + +DEFINE_LHASH_OF(OPENSSL_CSTRING); + +# ifdef _MSC_VER +# pragma warning (pop) +# endif + +/* + * If called without higher optimization (min. -xO3) the Oracle Developer + * Studio compiler generates code for the defined (static inline) functions + * above. + * This would later lead to the linker complaining about missing symbols when + * this header file is included but the resulting object is not linked against + * the Crypto library (openssl#6912). + */ +# ifdef __SUNPRO_C +# pragma weak OPENSSL_LH_new +# pragma weak OPENSSL_LH_free +# pragma weak OPENSSL_LH_insert +# pragma weak OPENSSL_LH_delete +# pragma weak OPENSSL_LH_retrieve +# pragma weak OPENSSL_LH_error +# pragma weak OPENSSL_LH_num_items +# pragma weak OPENSSL_LH_node_stats_bio +# pragma weak OPENSSL_LH_node_usage_stats_bio +# pragma weak OPENSSL_LH_stats_bio +# pragma weak OPENSSL_LH_get_down_load +# pragma weak OPENSSL_LH_set_down_load +# pragma weak OPENSSL_LH_doall +# pragma weak OPENSSL_LH_doall_arg +# endif /* __SUNPRO_C */ + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/linux_amd64/ssl/include/openssl/macros.h b/linux_amd64/ssl/include/openssl/macros.h new file mode 100644 index 0000000..28e3a30 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/macros.h @@ -0,0 +1,256 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include + +#ifndef OPENSSL_MACROS_H +# define OPENSSL_MACROS_H + +/* Helper macros for CPP string composition */ +# define OPENSSL_MSTR_HELPER(x) #x +# define OPENSSL_MSTR(x) OPENSSL_MSTR_HELPER(x) + +/* + * Sometimes OPENSSSL_NO_xxx ends up with an empty file and some compilers + * don't like that. This will hopefully silence them. + */ +# define NON_EMPTY_TRANSLATION_UNIT static void *dummy = &dummy; + +/* + * Generic deprecation macro + * + * If OPENSSL_SUPPRESS_DEPRECATED is defined, then DECLARE_DEPRECATED + * becomes a no-op + */ +# ifndef DECLARE_DEPRECATED +# define DECLARE_DEPRECATED(f) f; +# ifndef OPENSSL_SUPPRESS_DEPRECATED +# ifdef __GNUC__ +# if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0) +# undef DECLARE_DEPRECATED +# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); +# endif +# elif defined(__SUNPRO_C) +# if (__SUNPRO_C >= 0x5130) +# undef DECLARE_DEPRECATED +# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); +# endif +# endif +# endif +# endif + +/* + * Applications should use -DOPENSSL_API_COMPAT= to suppress the + * declarations of functions deprecated in or before . If this is + * undefined, the value of the macro OPENSSL_CONFIGURED_API (defined in + * ) is the default. + * + * For any version number up until version 1.1.x, is expected to be + * the calculated version number 0xMNNFFPPSL. + * For version numbers 3.0 and on, is expected to be a computation + * of the major and minor numbers in decimal using this formula: + * + * MAJOR * 10000 + MINOR * 100 + * + * So version 3.0 becomes 30000, version 3.2 becomes 30200, etc. + */ + +/* + * We use the OPENSSL_API_COMPAT value to define API level macros. These + * macros are used to enable or disable features at that API version boundary. + */ + +# ifdef OPENSSL_API_LEVEL +# error "OPENSSL_API_LEVEL must not be defined by application" +# endif + +/* + * We figure out what API level was intended by simple numeric comparison. + * The lowest old style number we recognise is 0x00908000L, so we take some + * safety margin and assume that anything below 0x00900000L is a new style + * number. This allows new versions up to and including v943.71.83. + */ +# ifdef OPENSSL_API_COMPAT +# if OPENSSL_API_COMPAT < 0x900000L +# define OPENSSL_API_LEVEL (OPENSSL_API_COMPAT) +# else +# define OPENSSL_API_LEVEL \ + (((OPENSSL_API_COMPAT >> 28) & 0xF) * 10000 \ + + ((OPENSSL_API_COMPAT >> 20) & 0xFF) * 100 \ + + ((OPENSSL_API_COMPAT >> 12) & 0xFF)) +# endif +# endif + +/* + * If OPENSSL_API_COMPAT wasn't given, we use default numbers to set + * the API compatibility level. + */ +# ifndef OPENSSL_API_LEVEL +# if OPENSSL_CONFIGURED_API > 0 +# define OPENSSL_API_LEVEL (OPENSSL_CONFIGURED_API) +# else +# define OPENSSL_API_LEVEL \ + (OPENSSL_VERSION_MAJOR * 10000 + OPENSSL_VERSION_MINOR * 100) +# endif +# endif + +# if OPENSSL_API_LEVEL > OPENSSL_CONFIGURED_API +# error "The requested API level higher than the configured API compatibility level" +# endif + +/* + * Check of sane values. + */ +/* Can't go higher than the current version. */ +# if OPENSSL_API_LEVEL > (OPENSSL_VERSION_MAJOR * 10000 + OPENSSL_VERSION_MINOR * 100) +# error "OPENSSL_API_COMPAT expresses an impossible API compatibility level" +# endif +/* OpenSSL will have no version 2.y.z */ +# if OPENSSL_API_LEVEL < 30000 && OPENSSL_API_LEVEL >= 20000 +# error "OPENSSL_API_COMPAT expresses an impossible API compatibility level" +# endif +/* Below 0.9.8 is unacceptably low */ +# if OPENSSL_API_LEVEL < 908 +# error "OPENSSL_API_COMPAT expresses an impossible API compatibility level" +# endif + +/* + * Define macros for deprecation purposes. We always define the macros + * DEPERECATEDIN_{major}_{minor}() for all OpenSSL versions we care for, + * and OPENSSL_NO_DEPRECATED_{major}_{minor} to be used to check if + * removal of deprecated functions applies on that particular version. + */ + +# undef OPENSSL_NO_DEPRECATED_3_0 +# undef OPENSSL_NO_DEPRECATED_1_1_1 +# undef OPENSSL_NO_DEPRECATED_1_1_0 +# undef OPENSSL_NO_DEPRECATED_1_0_2 +# undef OPENSSL_NO_DEPRECATED_1_0_1 +# undef OPENSSL_NO_DEPRECATED_1_0_0 +# undef OPENSSL_NO_DEPRECATED_0_9_8 + +# if OPENSSL_API_LEVEL >= 30000 +# ifndef OPENSSL_NO_DEPRECATED +# define DEPRECATEDIN_3_0(f) DECLARE_DEPRECATED(f) +# else +# define DEPRECATEDIN_3_0(f) +# define OPENSSL_NO_DEPRECATED_3_0 +# endif +# else +# define DEPRECATEDIN_3_0(f) f; +# endif +# if OPENSSL_API_LEVEL >= 10101 +# ifndef OPENSSL_NO_DEPRECATED +# define DEPRECATEDIN_1_1_1(f) DECLARE_DEPRECATED(f) +# else +# define DEPRECATEDIN_1_1_1(f) +# define OPENSSL_NO_DEPRECATED_1_1_1 +# endif +# else +# define DEPRECATEDIN_1_1_1(f) f; +# endif +# if OPENSSL_API_LEVEL >= 10100 +# ifndef OPENSSL_NO_DEPRECATED +# define DEPRECATEDIN_1_1_0(f) DECLARE_DEPRECATED(f) +# else +# define DEPRECATEDIN_1_1_0(f) +# define OPENSSL_NO_DEPRECATED_1_1_0 +# endif +# else +# define DEPRECATEDIN_1_1_0(f) f; +# endif +# if OPENSSL_API_LEVEL >= 10002 +# ifndef OPENSSL_NO_DEPRECATED +# define DEPRECATEDIN_1_0_2(f) DECLARE_DEPRECATED(f) +# else +# define DEPRECATEDIN_1_0_2(f) +# define OPENSSL_NO_DEPRECATED_1_0_2 +# endif +# else +# define DEPRECATEDIN_1_0_2(f) f; +# endif +# if OPENSSL_API_LEVEL >= 10001 +# ifndef OPENSSL_NO_DEPRECATED +# define DEPRECATEDIN_1_0_1(f) DECLARE_DEPRECATED(f) +# else +# define DEPRECATEDIN_1_0_1(f) +# define OPENSSL_NO_DEPRECATED_1_0_1 +# endif +# else +# define DEPRECATEDIN_1_0_1(f) f; +# endif +# if OPENSSL_API_LEVEL >= 10000 +# ifndef OPENSSL_NO_DEPRECATED +# define DEPRECATEDIN_1_0_0(f) DECLARE_DEPRECATED(f) +# else +# define DEPRECATEDIN_1_0_0(f) +# define OPENSSL_NO_DEPRECATED_1_0_0 +# endif +# else +# define DEPRECATEDIN_1_0_0(f) f; +# endif +# if OPENSSL_API_LEVEL >= 908 +# ifndef OPENSSL_NO_DEPRECATED +# define DEPRECATEDIN_0_9_8(f) DECLARE_DEPRECATED(f) +# else +# define DEPRECATEDIN_0_9_8(f) +# define OPENSSL_NO_DEPRECATED_0_9_8 +# endif +# else +# define DEPRECATEDIN_0_9_8(f) f; +# endif + +/* + * Make our own variants of __FILE__ and __LINE__, depending on configuration + */ + +# ifndef OPENSSL_FILE +# ifdef OPENSSL_NO_FILENAMES +# define OPENSSL_FILE "" +# define OPENSSL_LINE 0 +# else +# define OPENSSL_FILE __FILE__ +# define OPENSSL_LINE __LINE__ +# endif +# endif + +/* + * __func__ was standardized in C99, so for any compiler that claims + * to implement that language level or newer, we assume we can safely + * use that symbol. + * + * GNU C also provides __FUNCTION__ since version 2, which predates + * C99. We can, however, only use this if __STDC_VERSION__ exists, + * as it's otherwise not allowed according to ISO C standards (C90). + * (compiling with GNU C's -pedantic tells us so) + * + * If none of the above applies, we check if the compiler is MSVC, + * and use __FUNCTION__ if that's the case. + */ +# ifndef OPENSSL_FUNC +# if defined(__STDC_VERSION__) +# if __STDC_VERSION__ >= 199901L +# define OPENSSL_FUNC __func__ +# elif defined(__GNUC__) && __GNUC__ >= 2 +# define OPENSSL_FUNC __FUNCTION__ +# endif +# elif defined(_MSC_VER) +# define OPENSSL_FUNC __FUNCTION__ +# endif +/* + * If all these possibilities are exhausted, we give up and use a + * static string. + */ +# ifndef OPENSSL_FUNC +# define OPENSSL_FUNC "(unknown function)" +# endif +# endif + +#endif /* OPENSSL_MACROS_H */ diff --git a/linux_amd64/ssl/include/openssl/md2.h b/linux_amd64/ssl/include/openssl/md2.h new file mode 100644 index 0000000..21e24c3 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/md2.h @@ -0,0 +1,55 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_MD2_H +# define OPENSSL_MD2_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_MD2_H +# endif + +# include + +# ifndef OPENSSL_NO_MD2 +# include +# ifdef __cplusplus +extern "C" { +# endif + +# define MD2_DIGEST_LENGTH 16 + +# if !defined(OPENSSL_NO_DEPRECATED_3_0) + +typedef unsigned char MD2_INT; + +# define MD2_BLOCK 16 + +typedef struct MD2state_st { + unsigned int num; + unsigned char data[MD2_BLOCK]; + MD2_INT cksm[MD2_BLOCK]; + MD2_INT state[MD2_BLOCK]; +} MD2_CTX; +# endif + +DEPRECATEDIN_3_0(const char *MD2_options(void)) +DEPRECATEDIN_3_0(int MD2_Init(MD2_CTX *c)) +DEPRECATEDIN_3_0(int MD2_Update(MD2_CTX *c, const unsigned char *data, + size_t len)) +DEPRECATEDIN_3_0(int MD2_Final(unsigned char *md, MD2_CTX *c)) +DEPRECATEDIN_3_0(unsigned char *MD2(const unsigned char *d, size_t n, + unsigned char *md)) + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/linux_amd64/ssl/include/openssl/md4.h b/linux_amd64/ssl/include/openssl/md4.h new file mode 100644 index 0000000..4166e41 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/md4.h @@ -0,0 +1,62 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_MD4_H +# define OPENSSL_MD4_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_MD4_H +# endif + +# include + +# ifndef OPENSSL_NO_MD4 +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + +# define MD4_DIGEST_LENGTH 16 + +# if !defined(OPENSSL_NO_DEPRECATED_3_0) + +/*- + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + * ! MD4_LONG has to be at least 32 bits wide. ! + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + */ +# define MD4_LONG unsigned int + +# define MD4_CBLOCK 64 +# define MD4_LBLOCK (MD4_CBLOCK/4) + +typedef struct MD4state_st { + MD4_LONG A, B, C, D; + MD4_LONG Nl, Nh; + MD4_LONG data[MD4_LBLOCK]; + unsigned int num; +} MD4_CTX; +# endif + +DEPRECATEDIN_3_0(int MD4_Init(MD4_CTX *c)) +DEPRECATEDIN_3_0(int MD4_Update(MD4_CTX *c, const void *data, size_t len)) +DEPRECATEDIN_3_0(int MD4_Final(unsigned char *md, MD4_CTX *c)) +DEPRECATEDIN_3_0(unsigned char *MD4(const unsigned char *d, size_t n, + unsigned char *md)) +DEPRECATEDIN_3_0(void MD4_Transform(MD4_CTX *c, const unsigned char *b)) + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/linux_amd64/ssl/include/openssl/md5.h b/linux_amd64/ssl/include/openssl/md5.h new file mode 100644 index 0000000..0a75b08 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/md5.h @@ -0,0 +1,56 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_MD5_H +# define OPENSSL_MD5_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_MD5_H +# endif + +# include + +# ifndef OPENSSL_NO_MD5 +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + +/* + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + * ! MD5_LONG has to be at least 32 bits wide. ! + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + */ +# define MD5_LONG unsigned int + +# define MD5_CBLOCK 64 +# define MD5_LBLOCK (MD5_CBLOCK/4) +# define MD5_DIGEST_LENGTH 16 + +typedef struct MD5state_st { + MD5_LONG A, B, C, D; + MD5_LONG Nl, Nh; + MD5_LONG data[MD5_LBLOCK]; + unsigned int num; +} MD5_CTX; + +int MD5_Init(MD5_CTX *c); +int MD5_Update(MD5_CTX *c, const void *data, size_t len); +int MD5_Final(unsigned char *md, MD5_CTX *c); +unsigned char *MD5(const unsigned char *d, size_t n, unsigned char *md); +void MD5_Transform(MD5_CTX *c, const unsigned char *b); +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/linux_amd64/ssl/include/openssl/mdc2.h b/linux_amd64/ssl/include/openssl/mdc2.h new file mode 100644 index 0000000..06ab411 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/mdc2.h @@ -0,0 +1,54 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_MDC2_H +# define OPENSSL_MDC2_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_MDC2_H +# endif + +# include + +# ifndef OPENSSL_NO_MDC2 +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + +# define MDC2_DIGEST_LENGTH 16 + +# if !defined(OPENSSL_NO_DEPRECATED_3_0) + +# define MDC2_BLOCK 8 + +typedef struct mdc2_ctx_st { + unsigned int num; + unsigned char data[MDC2_BLOCK]; + DES_cblock h, hh; + unsigned int pad_type; /* either 1 or 2, default 1 */ +} MDC2_CTX; +# endif + +DEPRECATEDIN_3_0(int MDC2_Init(MDC2_CTX *c)) +DEPRECATEDIN_3_0(int MDC2_Update(MDC2_CTX *c, const unsigned char *data, + size_t len)) +DEPRECATEDIN_3_0(int MDC2_Final(unsigned char *md, MDC2_CTX *c)) +DEPRECATEDIN_3_0(unsigned char *MDC2(const unsigned char *d, size_t n, + unsigned char *md)) + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/linux_amd64/ssl/include/openssl/modes.h b/linux_amd64/ssl/include/openssl/modes.h new file mode 100644 index 0000000..e190799 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/modes.h @@ -0,0 +1,219 @@ +/* + * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_MODES_H +# define OPENSSL_MODES_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_MODES_H +# endif + +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif +typedef void (*block128_f) (const unsigned char in[16], + unsigned char out[16], const void *key); + +typedef void (*cbc128_f) (const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], int enc); + +typedef void (*ecb128_f) (const unsigned char *in, unsigned char *out, + size_t len, const void *key, + int enc); + +typedef void (*ctr128_f) (const unsigned char *in, unsigned char *out, + size_t blocks, const void *key, + const unsigned char ivec[16]); + +typedef void (*ccm128_f) (const unsigned char *in, unsigned char *out, + size_t blocks, const void *key, + const unsigned char ivec[16], + unsigned char cmac[16]); + +void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], block128_f block); +void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], block128_f block); + +void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], + unsigned char ecount_buf[16], unsigned int *num, + block128_f block); + +void CRYPTO_ctr128_encrypt_ctr32(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], + unsigned char ecount_buf[16], + unsigned int *num, ctr128_f ctr); + +void CRYPTO_ofb128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], int *num, + block128_f block); + +void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], int *num, + int enc, block128_f block); +void CRYPTO_cfb128_8_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const void *key, + unsigned char ivec[16], int *num, + int enc, block128_f block); +void CRYPTO_cfb128_1_encrypt(const unsigned char *in, unsigned char *out, + size_t bits, const void *key, + unsigned char ivec[16], int *num, + int enc, block128_f block); + +size_t CRYPTO_cts128_encrypt_block(const unsigned char *in, + unsigned char *out, size_t len, + const void *key, unsigned char ivec[16], + block128_f block); +size_t CRYPTO_cts128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], cbc128_f cbc); +size_t CRYPTO_cts128_decrypt_block(const unsigned char *in, + unsigned char *out, size_t len, + const void *key, unsigned char ivec[16], + block128_f block); +size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], cbc128_f cbc); + +size_t CRYPTO_nistcts128_encrypt_block(const unsigned char *in, + unsigned char *out, size_t len, + const void *key, + unsigned char ivec[16], + block128_f block); +size_t CRYPTO_nistcts128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], cbc128_f cbc); +size_t CRYPTO_nistcts128_decrypt_block(const unsigned char *in, + unsigned char *out, size_t len, + const void *key, + unsigned char ivec[16], + block128_f block); +size_t CRYPTO_nistcts128_decrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], cbc128_f cbc); + +typedef struct gcm128_context GCM128_CONTEXT; + +GCM128_CONTEXT *CRYPTO_gcm128_new(void *key, block128_f block); +void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block); +void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const unsigned char *iv, + size_t len); +int CRYPTO_gcm128_aad(GCM128_CONTEXT *ctx, const unsigned char *aad, + size_t len); +int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, + const unsigned char *in, unsigned char *out, + size_t len); +int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, + const unsigned char *in, unsigned char *out, + size_t len); +int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, + const unsigned char *in, unsigned char *out, + size_t len, ctr128_f stream); +int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, + const unsigned char *in, unsigned char *out, + size_t len, ctr128_f stream); +int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const unsigned char *tag, + size_t len); +void CRYPTO_gcm128_tag(GCM128_CONTEXT *ctx, unsigned char *tag, size_t len); +void CRYPTO_gcm128_release(GCM128_CONTEXT *ctx); + +typedef struct ccm128_context CCM128_CONTEXT; + +void CRYPTO_ccm128_init(CCM128_CONTEXT *ctx, + unsigned int M, unsigned int L, void *key, + block128_f block); +int CRYPTO_ccm128_setiv(CCM128_CONTEXT *ctx, const unsigned char *nonce, + size_t nlen, size_t mlen); +void CRYPTO_ccm128_aad(CCM128_CONTEXT *ctx, const unsigned char *aad, + size_t alen); +int CRYPTO_ccm128_encrypt(CCM128_CONTEXT *ctx, const unsigned char *inp, + unsigned char *out, size_t len); +int CRYPTO_ccm128_decrypt(CCM128_CONTEXT *ctx, const unsigned char *inp, + unsigned char *out, size_t len); +int CRYPTO_ccm128_encrypt_ccm64(CCM128_CONTEXT *ctx, const unsigned char *inp, + unsigned char *out, size_t len, + ccm128_f stream); +int CRYPTO_ccm128_decrypt_ccm64(CCM128_CONTEXT *ctx, const unsigned char *inp, + unsigned char *out, size_t len, + ccm128_f stream); +size_t CRYPTO_ccm128_tag(CCM128_CONTEXT *ctx, unsigned char *tag, size_t len); + +typedef struct xts128_context XTS128_CONTEXT; + +int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, + const unsigned char iv[16], + const unsigned char *inp, unsigned char *out, + size_t len, int enc); + +size_t CRYPTO_128_wrap(void *key, const unsigned char *iv, + unsigned char *out, + const unsigned char *in, size_t inlen, + block128_f block); + +size_t CRYPTO_128_unwrap(void *key, const unsigned char *iv, + unsigned char *out, + const unsigned char *in, size_t inlen, + block128_f block); +size_t CRYPTO_128_wrap_pad(void *key, const unsigned char *icv, + unsigned char *out, const unsigned char *in, + size_t inlen, block128_f block); +size_t CRYPTO_128_unwrap_pad(void *key, const unsigned char *icv, + unsigned char *out, const unsigned char *in, + size_t inlen, block128_f block); + +# ifndef OPENSSL_NO_OCB +typedef struct ocb128_context OCB128_CONTEXT; + +typedef void (*ocb128_f) (const unsigned char *in, unsigned char *out, + size_t blocks, const void *key, + size_t start_block_num, + unsigned char offset_i[16], + const unsigned char L_[][16], + unsigned char checksum[16]); + +OCB128_CONTEXT *CRYPTO_ocb128_new(void *keyenc, void *keydec, + block128_f encrypt, block128_f decrypt, + ocb128_f stream); +int CRYPTO_ocb128_init(OCB128_CONTEXT *ctx, void *keyenc, void *keydec, + block128_f encrypt, block128_f decrypt, + ocb128_f stream); +int CRYPTO_ocb128_copy_ctx(OCB128_CONTEXT *dest, OCB128_CONTEXT *src, + void *keyenc, void *keydec); +int CRYPTO_ocb128_setiv(OCB128_CONTEXT *ctx, const unsigned char *iv, + size_t len, size_t taglen); +int CRYPTO_ocb128_aad(OCB128_CONTEXT *ctx, const unsigned char *aad, + size_t len); +int CRYPTO_ocb128_encrypt(OCB128_CONTEXT *ctx, const unsigned char *in, + unsigned char *out, size_t len); +int CRYPTO_ocb128_decrypt(OCB128_CONTEXT *ctx, const unsigned char *in, + unsigned char *out, size_t len); +int CRYPTO_ocb128_finish(OCB128_CONTEXT *ctx, const unsigned char *tag, + size_t len); +int CRYPTO_ocb128_tag(OCB128_CONTEXT *ctx, unsigned char *tag, size_t len); +void CRYPTO_ocb128_cleanup(OCB128_CONTEXT *ctx); +# endif /* OPENSSL_NO_OCB */ + +# ifdef __cplusplus +} +# endif + +#endif diff --git a/linux_amd64/ssl/include/openssl/obj_mac.h b/linux_amd64/ssl/include/openssl/obj_mac.h new file mode 100644 index 0000000..0e564ac --- /dev/null +++ b/linux_amd64/ssl/include/openssl/obj_mac.h @@ -0,0 +1,5294 @@ +/* + * WARNING: do not edit! + * Generated by crypto/objects/objects.pl + * + * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#define SN_undef "UNDEF" +#define LN_undef "undefined" +#define NID_undef 0 +#define OBJ_undef 0L + +#define SN_itu_t "ITU-T" +#define LN_itu_t "itu-t" +#define NID_itu_t 645 +#define OBJ_itu_t 0L + +#define NID_ccitt 404 +#define OBJ_ccitt OBJ_itu_t + +#define SN_iso "ISO" +#define LN_iso "iso" +#define NID_iso 181 +#define OBJ_iso 1L + +#define SN_joint_iso_itu_t "JOINT-ISO-ITU-T" +#define LN_joint_iso_itu_t "joint-iso-itu-t" +#define NID_joint_iso_itu_t 646 +#define OBJ_joint_iso_itu_t 2L + +#define NID_joint_iso_ccitt 393 +#define OBJ_joint_iso_ccitt OBJ_joint_iso_itu_t + +#define SN_member_body "member-body" +#define LN_member_body "ISO Member Body" +#define NID_member_body 182 +#define OBJ_member_body OBJ_iso,2L + +#define SN_identified_organization "identified-organization" +#define NID_identified_organization 676 +#define OBJ_identified_organization OBJ_iso,3L + +#define SN_gmac "GMAC" +#define LN_gmac "gmac" +#define NID_gmac 1195 +#define OBJ_gmac OBJ_iso,0L,9797L,3L,4L + +#define SN_hmac_md5 "HMAC-MD5" +#define LN_hmac_md5 "hmac-md5" +#define NID_hmac_md5 780 +#define OBJ_hmac_md5 OBJ_identified_organization,6L,1L,5L,5L,8L,1L,1L + +#define SN_hmac_sha1 "HMAC-SHA1" +#define LN_hmac_sha1 "hmac-sha1" +#define NID_hmac_sha1 781 +#define OBJ_hmac_sha1 OBJ_identified_organization,6L,1L,5L,5L,8L,1L,2L + +#define SN_x509ExtAdmission "x509ExtAdmission" +#define LN_x509ExtAdmission "Professional Information or basis for Admission" +#define NID_x509ExtAdmission 1093 +#define OBJ_x509ExtAdmission OBJ_identified_organization,36L,8L,3L,3L + +#define SN_certicom_arc "certicom-arc" +#define NID_certicom_arc 677 +#define OBJ_certicom_arc OBJ_identified_organization,132L + +#define SN_ieee "ieee" +#define NID_ieee 1170 +#define OBJ_ieee OBJ_identified_organization,111L + +#define SN_ieee_siswg "ieee-siswg" +#define LN_ieee_siswg "IEEE Security in Storage Working Group" +#define NID_ieee_siswg 1171 +#define OBJ_ieee_siswg OBJ_ieee,2L,1619L + +#define SN_international_organizations "international-organizations" +#define LN_international_organizations "International Organizations" +#define NID_international_organizations 647 +#define OBJ_international_organizations OBJ_joint_iso_itu_t,23L + +#define SN_wap "wap" +#define NID_wap 678 +#define OBJ_wap OBJ_international_organizations,43L + +#define SN_wap_wsg "wap-wsg" +#define NID_wap_wsg 679 +#define OBJ_wap_wsg OBJ_wap,1L + +#define SN_selected_attribute_types "selected-attribute-types" +#define LN_selected_attribute_types "Selected Attribute Types" +#define NID_selected_attribute_types 394 +#define OBJ_selected_attribute_types OBJ_joint_iso_itu_t,5L,1L,5L + +#define SN_clearance "clearance" +#define NID_clearance 395 +#define OBJ_clearance OBJ_selected_attribute_types,55L + +#define SN_ISO_US "ISO-US" +#define LN_ISO_US "ISO US Member Body" +#define NID_ISO_US 183 +#define OBJ_ISO_US OBJ_member_body,840L + +#define SN_X9_57 "X9-57" +#define LN_X9_57 "X9.57" +#define NID_X9_57 184 +#define OBJ_X9_57 OBJ_ISO_US,10040L + +#define SN_X9cm "X9cm" +#define LN_X9cm "X9.57 CM ?" +#define NID_X9cm 185 +#define OBJ_X9cm OBJ_X9_57,4L + +#define SN_ISO_CN "ISO-CN" +#define LN_ISO_CN "ISO CN Member Body" +#define NID_ISO_CN 1140 +#define OBJ_ISO_CN OBJ_member_body,156L + +#define SN_oscca "oscca" +#define NID_oscca 1141 +#define OBJ_oscca OBJ_ISO_CN,10197L + +#define SN_sm_scheme "sm-scheme" +#define NID_sm_scheme 1142 +#define OBJ_sm_scheme OBJ_oscca,1L + +#define SN_dsa "DSA" +#define LN_dsa "dsaEncryption" +#define NID_dsa 116 +#define OBJ_dsa OBJ_X9cm,1L + +#define SN_dsaWithSHA1 "DSA-SHA1" +#define LN_dsaWithSHA1 "dsaWithSHA1" +#define NID_dsaWithSHA1 113 +#define OBJ_dsaWithSHA1 OBJ_X9cm,3L + +#define SN_ansi_X9_62 "ansi-X9-62" +#define LN_ansi_X9_62 "ANSI X9.62" +#define NID_ansi_X9_62 405 +#define OBJ_ansi_X9_62 OBJ_ISO_US,10045L + +#define OBJ_X9_62_id_fieldType OBJ_ansi_X9_62,1L + +#define SN_X9_62_prime_field "prime-field" +#define NID_X9_62_prime_field 406 +#define OBJ_X9_62_prime_field OBJ_X9_62_id_fieldType,1L + +#define SN_X9_62_characteristic_two_field "characteristic-two-field" +#define NID_X9_62_characteristic_two_field 407 +#define OBJ_X9_62_characteristic_two_field OBJ_X9_62_id_fieldType,2L + +#define SN_X9_62_id_characteristic_two_basis "id-characteristic-two-basis" +#define NID_X9_62_id_characteristic_two_basis 680 +#define OBJ_X9_62_id_characteristic_two_basis OBJ_X9_62_characteristic_two_field,3L + +#define SN_X9_62_onBasis "onBasis" +#define NID_X9_62_onBasis 681 +#define OBJ_X9_62_onBasis OBJ_X9_62_id_characteristic_two_basis,1L + +#define SN_X9_62_tpBasis "tpBasis" +#define NID_X9_62_tpBasis 682 +#define OBJ_X9_62_tpBasis OBJ_X9_62_id_characteristic_two_basis,2L + +#define SN_X9_62_ppBasis "ppBasis" +#define NID_X9_62_ppBasis 683 +#define OBJ_X9_62_ppBasis OBJ_X9_62_id_characteristic_two_basis,3L + +#define OBJ_X9_62_id_publicKeyType OBJ_ansi_X9_62,2L + +#define SN_X9_62_id_ecPublicKey "id-ecPublicKey" +#define NID_X9_62_id_ecPublicKey 408 +#define OBJ_X9_62_id_ecPublicKey OBJ_X9_62_id_publicKeyType,1L + +#define OBJ_X9_62_ellipticCurve OBJ_ansi_X9_62,3L + +#define OBJ_X9_62_c_TwoCurve OBJ_X9_62_ellipticCurve,0L + +#define SN_X9_62_c2pnb163v1 "c2pnb163v1" +#define NID_X9_62_c2pnb163v1 684 +#define OBJ_X9_62_c2pnb163v1 OBJ_X9_62_c_TwoCurve,1L + +#define SN_X9_62_c2pnb163v2 "c2pnb163v2" +#define NID_X9_62_c2pnb163v2 685 +#define OBJ_X9_62_c2pnb163v2 OBJ_X9_62_c_TwoCurve,2L + +#define SN_X9_62_c2pnb163v3 "c2pnb163v3" +#define NID_X9_62_c2pnb163v3 686 +#define OBJ_X9_62_c2pnb163v3 OBJ_X9_62_c_TwoCurve,3L + +#define SN_X9_62_c2pnb176v1 "c2pnb176v1" +#define NID_X9_62_c2pnb176v1 687 +#define OBJ_X9_62_c2pnb176v1 OBJ_X9_62_c_TwoCurve,4L + +#define SN_X9_62_c2tnb191v1 "c2tnb191v1" +#define NID_X9_62_c2tnb191v1 688 +#define OBJ_X9_62_c2tnb191v1 OBJ_X9_62_c_TwoCurve,5L + +#define SN_X9_62_c2tnb191v2 "c2tnb191v2" +#define NID_X9_62_c2tnb191v2 689 +#define OBJ_X9_62_c2tnb191v2 OBJ_X9_62_c_TwoCurve,6L + +#define SN_X9_62_c2tnb191v3 "c2tnb191v3" +#define NID_X9_62_c2tnb191v3 690 +#define OBJ_X9_62_c2tnb191v3 OBJ_X9_62_c_TwoCurve,7L + +#define SN_X9_62_c2onb191v4 "c2onb191v4" +#define NID_X9_62_c2onb191v4 691 +#define OBJ_X9_62_c2onb191v4 OBJ_X9_62_c_TwoCurve,8L + +#define SN_X9_62_c2onb191v5 "c2onb191v5" +#define NID_X9_62_c2onb191v5 692 +#define OBJ_X9_62_c2onb191v5 OBJ_X9_62_c_TwoCurve,9L + +#define SN_X9_62_c2pnb208w1 "c2pnb208w1" +#define NID_X9_62_c2pnb208w1 693 +#define OBJ_X9_62_c2pnb208w1 OBJ_X9_62_c_TwoCurve,10L + +#define SN_X9_62_c2tnb239v1 "c2tnb239v1" +#define NID_X9_62_c2tnb239v1 694 +#define OBJ_X9_62_c2tnb239v1 OBJ_X9_62_c_TwoCurve,11L + +#define SN_X9_62_c2tnb239v2 "c2tnb239v2" +#define NID_X9_62_c2tnb239v2 695 +#define OBJ_X9_62_c2tnb239v2 OBJ_X9_62_c_TwoCurve,12L + +#define SN_X9_62_c2tnb239v3 "c2tnb239v3" +#define NID_X9_62_c2tnb239v3 696 +#define OBJ_X9_62_c2tnb239v3 OBJ_X9_62_c_TwoCurve,13L + +#define SN_X9_62_c2onb239v4 "c2onb239v4" +#define NID_X9_62_c2onb239v4 697 +#define OBJ_X9_62_c2onb239v4 OBJ_X9_62_c_TwoCurve,14L + +#define SN_X9_62_c2onb239v5 "c2onb239v5" +#define NID_X9_62_c2onb239v5 698 +#define OBJ_X9_62_c2onb239v5 OBJ_X9_62_c_TwoCurve,15L + +#define SN_X9_62_c2pnb272w1 "c2pnb272w1" +#define NID_X9_62_c2pnb272w1 699 +#define OBJ_X9_62_c2pnb272w1 OBJ_X9_62_c_TwoCurve,16L + +#define SN_X9_62_c2pnb304w1 "c2pnb304w1" +#define NID_X9_62_c2pnb304w1 700 +#define OBJ_X9_62_c2pnb304w1 OBJ_X9_62_c_TwoCurve,17L + +#define SN_X9_62_c2tnb359v1 "c2tnb359v1" +#define NID_X9_62_c2tnb359v1 701 +#define OBJ_X9_62_c2tnb359v1 OBJ_X9_62_c_TwoCurve,18L + +#define SN_X9_62_c2pnb368w1 "c2pnb368w1" +#define NID_X9_62_c2pnb368w1 702 +#define OBJ_X9_62_c2pnb368w1 OBJ_X9_62_c_TwoCurve,19L + +#define SN_X9_62_c2tnb431r1 "c2tnb431r1" +#define NID_X9_62_c2tnb431r1 703 +#define OBJ_X9_62_c2tnb431r1 OBJ_X9_62_c_TwoCurve,20L + +#define OBJ_X9_62_primeCurve OBJ_X9_62_ellipticCurve,1L + +#define SN_X9_62_prime192v1 "prime192v1" +#define NID_X9_62_prime192v1 409 +#define OBJ_X9_62_prime192v1 OBJ_X9_62_primeCurve,1L + +#define SN_X9_62_prime192v2 "prime192v2" +#define NID_X9_62_prime192v2 410 +#define OBJ_X9_62_prime192v2 OBJ_X9_62_primeCurve,2L + +#define SN_X9_62_prime192v3 "prime192v3" +#define NID_X9_62_prime192v3 411 +#define OBJ_X9_62_prime192v3 OBJ_X9_62_primeCurve,3L + +#define SN_X9_62_prime239v1 "prime239v1" +#define NID_X9_62_prime239v1 412 +#define OBJ_X9_62_prime239v1 OBJ_X9_62_primeCurve,4L + +#define SN_X9_62_prime239v2 "prime239v2" +#define NID_X9_62_prime239v2 413 +#define OBJ_X9_62_prime239v2 OBJ_X9_62_primeCurve,5L + +#define SN_X9_62_prime239v3 "prime239v3" +#define NID_X9_62_prime239v3 414 +#define OBJ_X9_62_prime239v3 OBJ_X9_62_primeCurve,6L + +#define SN_X9_62_prime256v1 "prime256v1" +#define NID_X9_62_prime256v1 415 +#define OBJ_X9_62_prime256v1 OBJ_X9_62_primeCurve,7L + +#define OBJ_X9_62_id_ecSigType OBJ_ansi_X9_62,4L + +#define SN_ecdsa_with_SHA1 "ecdsa-with-SHA1" +#define NID_ecdsa_with_SHA1 416 +#define OBJ_ecdsa_with_SHA1 OBJ_X9_62_id_ecSigType,1L + +#define SN_ecdsa_with_Recommended "ecdsa-with-Recommended" +#define NID_ecdsa_with_Recommended 791 +#define OBJ_ecdsa_with_Recommended OBJ_X9_62_id_ecSigType,2L + +#define SN_ecdsa_with_Specified "ecdsa-with-Specified" +#define NID_ecdsa_with_Specified 792 +#define OBJ_ecdsa_with_Specified OBJ_X9_62_id_ecSigType,3L + +#define SN_ecdsa_with_SHA224 "ecdsa-with-SHA224" +#define NID_ecdsa_with_SHA224 793 +#define OBJ_ecdsa_with_SHA224 OBJ_ecdsa_with_Specified,1L + +#define SN_ecdsa_with_SHA256 "ecdsa-with-SHA256" +#define NID_ecdsa_with_SHA256 794 +#define OBJ_ecdsa_with_SHA256 OBJ_ecdsa_with_Specified,2L + +#define SN_ecdsa_with_SHA384 "ecdsa-with-SHA384" +#define NID_ecdsa_with_SHA384 795 +#define OBJ_ecdsa_with_SHA384 OBJ_ecdsa_with_Specified,3L + +#define SN_ecdsa_with_SHA512 "ecdsa-with-SHA512" +#define NID_ecdsa_with_SHA512 796 +#define OBJ_ecdsa_with_SHA512 OBJ_ecdsa_with_Specified,4L + +#define OBJ_secg_ellipticCurve OBJ_certicom_arc,0L + +#define SN_secp112r1 "secp112r1" +#define NID_secp112r1 704 +#define OBJ_secp112r1 OBJ_secg_ellipticCurve,6L + +#define SN_secp112r2 "secp112r2" +#define NID_secp112r2 705 +#define OBJ_secp112r2 OBJ_secg_ellipticCurve,7L + +#define SN_secp128r1 "secp128r1" +#define NID_secp128r1 706 +#define OBJ_secp128r1 OBJ_secg_ellipticCurve,28L + +#define SN_secp128r2 "secp128r2" +#define NID_secp128r2 707 +#define OBJ_secp128r2 OBJ_secg_ellipticCurve,29L + +#define SN_secp160k1 "secp160k1" +#define NID_secp160k1 708 +#define OBJ_secp160k1 OBJ_secg_ellipticCurve,9L + +#define SN_secp160r1 "secp160r1" +#define NID_secp160r1 709 +#define OBJ_secp160r1 OBJ_secg_ellipticCurve,8L + +#define SN_secp160r2 "secp160r2" +#define NID_secp160r2 710 +#define OBJ_secp160r2 OBJ_secg_ellipticCurve,30L + +#define SN_secp192k1 "secp192k1" +#define NID_secp192k1 711 +#define OBJ_secp192k1 OBJ_secg_ellipticCurve,31L + +#define SN_secp224k1 "secp224k1" +#define NID_secp224k1 712 +#define OBJ_secp224k1 OBJ_secg_ellipticCurve,32L + +#define SN_secp224r1 "secp224r1" +#define NID_secp224r1 713 +#define OBJ_secp224r1 OBJ_secg_ellipticCurve,33L + +#define SN_secp256k1 "secp256k1" +#define NID_secp256k1 714 +#define OBJ_secp256k1 OBJ_secg_ellipticCurve,10L + +#define SN_secp384r1 "secp384r1" +#define NID_secp384r1 715 +#define OBJ_secp384r1 OBJ_secg_ellipticCurve,34L + +#define SN_secp521r1 "secp521r1" +#define NID_secp521r1 716 +#define OBJ_secp521r1 OBJ_secg_ellipticCurve,35L + +#define SN_sect113r1 "sect113r1" +#define NID_sect113r1 717 +#define OBJ_sect113r1 OBJ_secg_ellipticCurve,4L + +#define SN_sect113r2 "sect113r2" +#define NID_sect113r2 718 +#define OBJ_sect113r2 OBJ_secg_ellipticCurve,5L + +#define SN_sect131r1 "sect131r1" +#define NID_sect131r1 719 +#define OBJ_sect131r1 OBJ_secg_ellipticCurve,22L + +#define SN_sect131r2 "sect131r2" +#define NID_sect131r2 720 +#define OBJ_sect131r2 OBJ_secg_ellipticCurve,23L + +#define SN_sect163k1 "sect163k1" +#define NID_sect163k1 721 +#define OBJ_sect163k1 OBJ_secg_ellipticCurve,1L + +#define SN_sect163r1 "sect163r1" +#define NID_sect163r1 722 +#define OBJ_sect163r1 OBJ_secg_ellipticCurve,2L + +#define SN_sect163r2 "sect163r2" +#define NID_sect163r2 723 +#define OBJ_sect163r2 OBJ_secg_ellipticCurve,15L + +#define SN_sect193r1 "sect193r1" +#define NID_sect193r1 724 +#define OBJ_sect193r1 OBJ_secg_ellipticCurve,24L + +#define SN_sect193r2 "sect193r2" +#define NID_sect193r2 725 +#define OBJ_sect193r2 OBJ_secg_ellipticCurve,25L + +#define SN_sect233k1 "sect233k1" +#define NID_sect233k1 726 +#define OBJ_sect233k1 OBJ_secg_ellipticCurve,26L + +#define SN_sect233r1 "sect233r1" +#define NID_sect233r1 727 +#define OBJ_sect233r1 OBJ_secg_ellipticCurve,27L + +#define SN_sect239k1 "sect239k1" +#define NID_sect239k1 728 +#define OBJ_sect239k1 OBJ_secg_ellipticCurve,3L + +#define SN_sect283k1 "sect283k1" +#define NID_sect283k1 729 +#define OBJ_sect283k1 OBJ_secg_ellipticCurve,16L + +#define SN_sect283r1 "sect283r1" +#define NID_sect283r1 730 +#define OBJ_sect283r1 OBJ_secg_ellipticCurve,17L + +#define SN_sect409k1 "sect409k1" +#define NID_sect409k1 731 +#define OBJ_sect409k1 OBJ_secg_ellipticCurve,36L + +#define SN_sect409r1 "sect409r1" +#define NID_sect409r1 732 +#define OBJ_sect409r1 OBJ_secg_ellipticCurve,37L + +#define SN_sect571k1 "sect571k1" +#define NID_sect571k1 733 +#define OBJ_sect571k1 OBJ_secg_ellipticCurve,38L + +#define SN_sect571r1 "sect571r1" +#define NID_sect571r1 734 +#define OBJ_sect571r1 OBJ_secg_ellipticCurve,39L + +#define OBJ_wap_wsg_idm_ecid OBJ_wap_wsg,4L + +#define SN_wap_wsg_idm_ecid_wtls1 "wap-wsg-idm-ecid-wtls1" +#define NID_wap_wsg_idm_ecid_wtls1 735 +#define OBJ_wap_wsg_idm_ecid_wtls1 OBJ_wap_wsg_idm_ecid,1L + +#define SN_wap_wsg_idm_ecid_wtls3 "wap-wsg-idm-ecid-wtls3" +#define NID_wap_wsg_idm_ecid_wtls3 736 +#define OBJ_wap_wsg_idm_ecid_wtls3 OBJ_wap_wsg_idm_ecid,3L + +#define SN_wap_wsg_idm_ecid_wtls4 "wap-wsg-idm-ecid-wtls4" +#define NID_wap_wsg_idm_ecid_wtls4 737 +#define OBJ_wap_wsg_idm_ecid_wtls4 OBJ_wap_wsg_idm_ecid,4L + +#define SN_wap_wsg_idm_ecid_wtls5 "wap-wsg-idm-ecid-wtls5" +#define NID_wap_wsg_idm_ecid_wtls5 738 +#define OBJ_wap_wsg_idm_ecid_wtls5 OBJ_wap_wsg_idm_ecid,5L + +#define SN_wap_wsg_idm_ecid_wtls6 "wap-wsg-idm-ecid-wtls6" +#define NID_wap_wsg_idm_ecid_wtls6 739 +#define OBJ_wap_wsg_idm_ecid_wtls6 OBJ_wap_wsg_idm_ecid,6L + +#define SN_wap_wsg_idm_ecid_wtls7 "wap-wsg-idm-ecid-wtls7" +#define NID_wap_wsg_idm_ecid_wtls7 740 +#define OBJ_wap_wsg_idm_ecid_wtls7 OBJ_wap_wsg_idm_ecid,7L + +#define SN_wap_wsg_idm_ecid_wtls8 "wap-wsg-idm-ecid-wtls8" +#define NID_wap_wsg_idm_ecid_wtls8 741 +#define OBJ_wap_wsg_idm_ecid_wtls8 OBJ_wap_wsg_idm_ecid,8L + +#define SN_wap_wsg_idm_ecid_wtls9 "wap-wsg-idm-ecid-wtls9" +#define NID_wap_wsg_idm_ecid_wtls9 742 +#define OBJ_wap_wsg_idm_ecid_wtls9 OBJ_wap_wsg_idm_ecid,9L + +#define SN_wap_wsg_idm_ecid_wtls10 "wap-wsg-idm-ecid-wtls10" +#define NID_wap_wsg_idm_ecid_wtls10 743 +#define OBJ_wap_wsg_idm_ecid_wtls10 OBJ_wap_wsg_idm_ecid,10L + +#define SN_wap_wsg_idm_ecid_wtls11 "wap-wsg-idm-ecid-wtls11" +#define NID_wap_wsg_idm_ecid_wtls11 744 +#define OBJ_wap_wsg_idm_ecid_wtls11 OBJ_wap_wsg_idm_ecid,11L + +#define SN_wap_wsg_idm_ecid_wtls12 "wap-wsg-idm-ecid-wtls12" +#define NID_wap_wsg_idm_ecid_wtls12 745 +#define OBJ_wap_wsg_idm_ecid_wtls12 OBJ_wap_wsg_idm_ecid,12L + +#define SN_cast5_cbc "CAST5-CBC" +#define LN_cast5_cbc "cast5-cbc" +#define NID_cast5_cbc 108 +#define OBJ_cast5_cbc OBJ_ISO_US,113533L,7L,66L,10L + +#define SN_cast5_ecb "CAST5-ECB" +#define LN_cast5_ecb "cast5-ecb" +#define NID_cast5_ecb 109 + +#define SN_cast5_cfb64 "CAST5-CFB" +#define LN_cast5_cfb64 "cast5-cfb" +#define NID_cast5_cfb64 110 + +#define SN_cast5_ofb64 "CAST5-OFB" +#define LN_cast5_ofb64 "cast5-ofb" +#define NID_cast5_ofb64 111 + +#define LN_pbeWithMD5AndCast5_CBC "pbeWithMD5AndCast5CBC" +#define NID_pbeWithMD5AndCast5_CBC 112 +#define OBJ_pbeWithMD5AndCast5_CBC OBJ_ISO_US,113533L,7L,66L,12L + +#define SN_id_PasswordBasedMAC "id-PasswordBasedMAC" +#define LN_id_PasswordBasedMAC "password based MAC" +#define NID_id_PasswordBasedMAC 782 +#define OBJ_id_PasswordBasedMAC OBJ_ISO_US,113533L,7L,66L,13L + +#define SN_id_DHBasedMac "id-DHBasedMac" +#define LN_id_DHBasedMac "Diffie-Hellman based MAC" +#define NID_id_DHBasedMac 783 +#define OBJ_id_DHBasedMac OBJ_ISO_US,113533L,7L,66L,30L + +#define SN_rsadsi "rsadsi" +#define LN_rsadsi "RSA Data Security, Inc." +#define NID_rsadsi 1 +#define OBJ_rsadsi OBJ_ISO_US,113549L + +#define SN_pkcs "pkcs" +#define LN_pkcs "RSA Data Security, Inc. PKCS" +#define NID_pkcs 2 +#define OBJ_pkcs OBJ_rsadsi,1L + +#define SN_pkcs1 "pkcs1" +#define NID_pkcs1 186 +#define OBJ_pkcs1 OBJ_pkcs,1L + +#define LN_rsaEncryption "rsaEncryption" +#define NID_rsaEncryption 6 +#define OBJ_rsaEncryption OBJ_pkcs1,1L + +#define SN_md2WithRSAEncryption "RSA-MD2" +#define LN_md2WithRSAEncryption "md2WithRSAEncryption" +#define NID_md2WithRSAEncryption 7 +#define OBJ_md2WithRSAEncryption OBJ_pkcs1,2L + +#define SN_md4WithRSAEncryption "RSA-MD4" +#define LN_md4WithRSAEncryption "md4WithRSAEncryption" +#define NID_md4WithRSAEncryption 396 +#define OBJ_md4WithRSAEncryption OBJ_pkcs1,3L + +#define SN_md5WithRSAEncryption "RSA-MD5" +#define LN_md5WithRSAEncryption "md5WithRSAEncryption" +#define NID_md5WithRSAEncryption 8 +#define OBJ_md5WithRSAEncryption OBJ_pkcs1,4L + +#define SN_sha1WithRSAEncryption "RSA-SHA1" +#define LN_sha1WithRSAEncryption "sha1WithRSAEncryption" +#define NID_sha1WithRSAEncryption 65 +#define OBJ_sha1WithRSAEncryption OBJ_pkcs1,5L + +#define SN_rsaesOaep "RSAES-OAEP" +#define LN_rsaesOaep "rsaesOaep" +#define NID_rsaesOaep 919 +#define OBJ_rsaesOaep OBJ_pkcs1,7L + +#define SN_mgf1 "MGF1" +#define LN_mgf1 "mgf1" +#define NID_mgf1 911 +#define OBJ_mgf1 OBJ_pkcs1,8L + +#define SN_pSpecified "PSPECIFIED" +#define LN_pSpecified "pSpecified" +#define NID_pSpecified 935 +#define OBJ_pSpecified OBJ_pkcs1,9L + +#define SN_rsassaPss "RSASSA-PSS" +#define LN_rsassaPss "rsassaPss" +#define NID_rsassaPss 912 +#define OBJ_rsassaPss OBJ_pkcs1,10L + +#define SN_sha256WithRSAEncryption "RSA-SHA256" +#define LN_sha256WithRSAEncryption "sha256WithRSAEncryption" +#define NID_sha256WithRSAEncryption 668 +#define OBJ_sha256WithRSAEncryption OBJ_pkcs1,11L + +#define SN_sha384WithRSAEncryption "RSA-SHA384" +#define LN_sha384WithRSAEncryption "sha384WithRSAEncryption" +#define NID_sha384WithRSAEncryption 669 +#define OBJ_sha384WithRSAEncryption OBJ_pkcs1,12L + +#define SN_sha512WithRSAEncryption "RSA-SHA512" +#define LN_sha512WithRSAEncryption "sha512WithRSAEncryption" +#define NID_sha512WithRSAEncryption 670 +#define OBJ_sha512WithRSAEncryption OBJ_pkcs1,13L + +#define SN_sha224WithRSAEncryption "RSA-SHA224" +#define LN_sha224WithRSAEncryption "sha224WithRSAEncryption" +#define NID_sha224WithRSAEncryption 671 +#define OBJ_sha224WithRSAEncryption OBJ_pkcs1,14L + +#define SN_sha512_224WithRSAEncryption "RSA-SHA512/224" +#define LN_sha512_224WithRSAEncryption "sha512-224WithRSAEncryption" +#define NID_sha512_224WithRSAEncryption 1145 +#define OBJ_sha512_224WithRSAEncryption OBJ_pkcs1,15L + +#define SN_sha512_256WithRSAEncryption "RSA-SHA512/256" +#define LN_sha512_256WithRSAEncryption "sha512-256WithRSAEncryption" +#define NID_sha512_256WithRSAEncryption 1146 +#define OBJ_sha512_256WithRSAEncryption OBJ_pkcs1,16L + +#define SN_pkcs3 "pkcs3" +#define NID_pkcs3 27 +#define OBJ_pkcs3 OBJ_pkcs,3L + +#define LN_dhKeyAgreement "dhKeyAgreement" +#define NID_dhKeyAgreement 28 +#define OBJ_dhKeyAgreement OBJ_pkcs3,1L + +#define SN_pkcs5 "pkcs5" +#define NID_pkcs5 187 +#define OBJ_pkcs5 OBJ_pkcs,5L + +#define SN_pbeWithMD2AndDES_CBC "PBE-MD2-DES" +#define LN_pbeWithMD2AndDES_CBC "pbeWithMD2AndDES-CBC" +#define NID_pbeWithMD2AndDES_CBC 9 +#define OBJ_pbeWithMD2AndDES_CBC OBJ_pkcs5,1L + +#define SN_pbeWithMD5AndDES_CBC "PBE-MD5-DES" +#define LN_pbeWithMD5AndDES_CBC "pbeWithMD5AndDES-CBC" +#define NID_pbeWithMD5AndDES_CBC 10 +#define OBJ_pbeWithMD5AndDES_CBC OBJ_pkcs5,3L + +#define SN_pbeWithMD2AndRC2_CBC "PBE-MD2-RC2-64" +#define LN_pbeWithMD2AndRC2_CBC "pbeWithMD2AndRC2-CBC" +#define NID_pbeWithMD2AndRC2_CBC 168 +#define OBJ_pbeWithMD2AndRC2_CBC OBJ_pkcs5,4L + +#define SN_pbeWithMD5AndRC2_CBC "PBE-MD5-RC2-64" +#define LN_pbeWithMD5AndRC2_CBC "pbeWithMD5AndRC2-CBC" +#define NID_pbeWithMD5AndRC2_CBC 169 +#define OBJ_pbeWithMD5AndRC2_CBC OBJ_pkcs5,6L + +#define SN_pbeWithSHA1AndDES_CBC "PBE-SHA1-DES" +#define LN_pbeWithSHA1AndDES_CBC "pbeWithSHA1AndDES-CBC" +#define NID_pbeWithSHA1AndDES_CBC 170 +#define OBJ_pbeWithSHA1AndDES_CBC OBJ_pkcs5,10L + +#define SN_pbeWithSHA1AndRC2_CBC "PBE-SHA1-RC2-64" +#define LN_pbeWithSHA1AndRC2_CBC "pbeWithSHA1AndRC2-CBC" +#define NID_pbeWithSHA1AndRC2_CBC 68 +#define OBJ_pbeWithSHA1AndRC2_CBC OBJ_pkcs5,11L + +#define LN_id_pbkdf2 "PBKDF2" +#define NID_id_pbkdf2 69 +#define OBJ_id_pbkdf2 OBJ_pkcs5,12L + +#define LN_pbes2 "PBES2" +#define NID_pbes2 161 +#define OBJ_pbes2 OBJ_pkcs5,13L + +#define LN_pbmac1 "PBMAC1" +#define NID_pbmac1 162 +#define OBJ_pbmac1 OBJ_pkcs5,14L + +#define SN_pkcs7 "pkcs7" +#define NID_pkcs7 20 +#define OBJ_pkcs7 OBJ_pkcs,7L + +#define LN_pkcs7_data "pkcs7-data" +#define NID_pkcs7_data 21 +#define OBJ_pkcs7_data OBJ_pkcs7,1L + +#define LN_pkcs7_signed "pkcs7-signedData" +#define NID_pkcs7_signed 22 +#define OBJ_pkcs7_signed OBJ_pkcs7,2L + +#define LN_pkcs7_enveloped "pkcs7-envelopedData" +#define NID_pkcs7_enveloped 23 +#define OBJ_pkcs7_enveloped OBJ_pkcs7,3L + +#define LN_pkcs7_signedAndEnveloped "pkcs7-signedAndEnvelopedData" +#define NID_pkcs7_signedAndEnveloped 24 +#define OBJ_pkcs7_signedAndEnveloped OBJ_pkcs7,4L + +#define LN_pkcs7_digest "pkcs7-digestData" +#define NID_pkcs7_digest 25 +#define OBJ_pkcs7_digest OBJ_pkcs7,5L + +#define LN_pkcs7_encrypted "pkcs7-encryptedData" +#define NID_pkcs7_encrypted 26 +#define OBJ_pkcs7_encrypted OBJ_pkcs7,6L + +#define SN_pkcs9 "pkcs9" +#define NID_pkcs9 47 +#define OBJ_pkcs9 OBJ_pkcs,9L + +#define LN_pkcs9_emailAddress "emailAddress" +#define NID_pkcs9_emailAddress 48 +#define OBJ_pkcs9_emailAddress OBJ_pkcs9,1L + +#define LN_pkcs9_unstructuredName "unstructuredName" +#define NID_pkcs9_unstructuredName 49 +#define OBJ_pkcs9_unstructuredName OBJ_pkcs9,2L + +#define LN_pkcs9_contentType "contentType" +#define NID_pkcs9_contentType 50 +#define OBJ_pkcs9_contentType OBJ_pkcs9,3L + +#define LN_pkcs9_messageDigest "messageDigest" +#define NID_pkcs9_messageDigest 51 +#define OBJ_pkcs9_messageDigest OBJ_pkcs9,4L + +#define LN_pkcs9_signingTime "signingTime" +#define NID_pkcs9_signingTime 52 +#define OBJ_pkcs9_signingTime OBJ_pkcs9,5L + +#define LN_pkcs9_countersignature "countersignature" +#define NID_pkcs9_countersignature 53 +#define OBJ_pkcs9_countersignature OBJ_pkcs9,6L + +#define LN_pkcs9_challengePassword "challengePassword" +#define NID_pkcs9_challengePassword 54 +#define OBJ_pkcs9_challengePassword OBJ_pkcs9,7L + +#define LN_pkcs9_unstructuredAddress "unstructuredAddress" +#define NID_pkcs9_unstructuredAddress 55 +#define OBJ_pkcs9_unstructuredAddress OBJ_pkcs9,8L + +#define LN_pkcs9_extCertAttributes "extendedCertificateAttributes" +#define NID_pkcs9_extCertAttributes 56 +#define OBJ_pkcs9_extCertAttributes OBJ_pkcs9,9L + +#define SN_ext_req "extReq" +#define LN_ext_req "Extension Request" +#define NID_ext_req 172 +#define OBJ_ext_req OBJ_pkcs9,14L + +#define SN_SMIMECapabilities "SMIME-CAPS" +#define LN_SMIMECapabilities "S/MIME Capabilities" +#define NID_SMIMECapabilities 167 +#define OBJ_SMIMECapabilities OBJ_pkcs9,15L + +#define SN_SMIME "SMIME" +#define LN_SMIME "S/MIME" +#define NID_SMIME 188 +#define OBJ_SMIME OBJ_pkcs9,16L + +#define SN_id_smime_mod "id-smime-mod" +#define NID_id_smime_mod 189 +#define OBJ_id_smime_mod OBJ_SMIME,0L + +#define SN_id_smime_ct "id-smime-ct" +#define NID_id_smime_ct 190 +#define OBJ_id_smime_ct OBJ_SMIME,1L + +#define SN_id_smime_aa "id-smime-aa" +#define NID_id_smime_aa 191 +#define OBJ_id_smime_aa OBJ_SMIME,2L + +#define SN_id_smime_alg "id-smime-alg" +#define NID_id_smime_alg 192 +#define OBJ_id_smime_alg OBJ_SMIME,3L + +#define SN_id_smime_cd "id-smime-cd" +#define NID_id_smime_cd 193 +#define OBJ_id_smime_cd OBJ_SMIME,4L + +#define SN_id_smime_spq "id-smime-spq" +#define NID_id_smime_spq 194 +#define OBJ_id_smime_spq OBJ_SMIME,5L + +#define SN_id_smime_cti "id-smime-cti" +#define NID_id_smime_cti 195 +#define OBJ_id_smime_cti OBJ_SMIME,6L + +#define SN_id_smime_mod_cms "id-smime-mod-cms" +#define NID_id_smime_mod_cms 196 +#define OBJ_id_smime_mod_cms OBJ_id_smime_mod,1L + +#define SN_id_smime_mod_ess "id-smime-mod-ess" +#define NID_id_smime_mod_ess 197 +#define OBJ_id_smime_mod_ess OBJ_id_smime_mod,2L + +#define SN_id_smime_mod_oid "id-smime-mod-oid" +#define NID_id_smime_mod_oid 198 +#define OBJ_id_smime_mod_oid OBJ_id_smime_mod,3L + +#define SN_id_smime_mod_msg_v3 "id-smime-mod-msg-v3" +#define NID_id_smime_mod_msg_v3 199 +#define OBJ_id_smime_mod_msg_v3 OBJ_id_smime_mod,4L + +#define SN_id_smime_mod_ets_eSignature_88 "id-smime-mod-ets-eSignature-88" +#define NID_id_smime_mod_ets_eSignature_88 200 +#define OBJ_id_smime_mod_ets_eSignature_88 OBJ_id_smime_mod,5L + +#define SN_id_smime_mod_ets_eSignature_97 "id-smime-mod-ets-eSignature-97" +#define NID_id_smime_mod_ets_eSignature_97 201 +#define OBJ_id_smime_mod_ets_eSignature_97 OBJ_id_smime_mod,6L + +#define SN_id_smime_mod_ets_eSigPolicy_88 "id-smime-mod-ets-eSigPolicy-88" +#define NID_id_smime_mod_ets_eSigPolicy_88 202 +#define OBJ_id_smime_mod_ets_eSigPolicy_88 OBJ_id_smime_mod,7L + +#define SN_id_smime_mod_ets_eSigPolicy_97 "id-smime-mod-ets-eSigPolicy-97" +#define NID_id_smime_mod_ets_eSigPolicy_97 203 +#define OBJ_id_smime_mod_ets_eSigPolicy_97 OBJ_id_smime_mod,8L + +#define SN_id_smime_ct_receipt "id-smime-ct-receipt" +#define NID_id_smime_ct_receipt 204 +#define OBJ_id_smime_ct_receipt OBJ_id_smime_ct,1L + +#define SN_id_smime_ct_authData "id-smime-ct-authData" +#define NID_id_smime_ct_authData 205 +#define OBJ_id_smime_ct_authData OBJ_id_smime_ct,2L + +#define SN_id_smime_ct_publishCert "id-smime-ct-publishCert" +#define NID_id_smime_ct_publishCert 206 +#define OBJ_id_smime_ct_publishCert OBJ_id_smime_ct,3L + +#define SN_id_smime_ct_TSTInfo "id-smime-ct-TSTInfo" +#define NID_id_smime_ct_TSTInfo 207 +#define OBJ_id_smime_ct_TSTInfo OBJ_id_smime_ct,4L + +#define SN_id_smime_ct_TDTInfo "id-smime-ct-TDTInfo" +#define NID_id_smime_ct_TDTInfo 208 +#define OBJ_id_smime_ct_TDTInfo OBJ_id_smime_ct,5L + +#define SN_id_smime_ct_contentInfo "id-smime-ct-contentInfo" +#define NID_id_smime_ct_contentInfo 209 +#define OBJ_id_smime_ct_contentInfo OBJ_id_smime_ct,6L + +#define SN_id_smime_ct_DVCSRequestData "id-smime-ct-DVCSRequestData" +#define NID_id_smime_ct_DVCSRequestData 210 +#define OBJ_id_smime_ct_DVCSRequestData OBJ_id_smime_ct,7L + +#define SN_id_smime_ct_DVCSResponseData "id-smime-ct-DVCSResponseData" +#define NID_id_smime_ct_DVCSResponseData 211 +#define OBJ_id_smime_ct_DVCSResponseData OBJ_id_smime_ct,8L + +#define SN_id_smime_ct_compressedData "id-smime-ct-compressedData" +#define NID_id_smime_ct_compressedData 786 +#define OBJ_id_smime_ct_compressedData OBJ_id_smime_ct,9L + +#define SN_id_smime_ct_contentCollection "id-smime-ct-contentCollection" +#define NID_id_smime_ct_contentCollection 1058 +#define OBJ_id_smime_ct_contentCollection OBJ_id_smime_ct,19L + +#define SN_id_smime_ct_authEnvelopedData "id-smime-ct-authEnvelopedData" +#define NID_id_smime_ct_authEnvelopedData 1059 +#define OBJ_id_smime_ct_authEnvelopedData OBJ_id_smime_ct,23L + +#define SN_id_ct_asciiTextWithCRLF "id-ct-asciiTextWithCRLF" +#define NID_id_ct_asciiTextWithCRLF 787 +#define OBJ_id_ct_asciiTextWithCRLF OBJ_id_smime_ct,27L + +#define SN_id_ct_xml "id-ct-xml" +#define NID_id_ct_xml 1060 +#define OBJ_id_ct_xml OBJ_id_smime_ct,28L + +#define SN_id_smime_aa_receiptRequest "id-smime-aa-receiptRequest" +#define NID_id_smime_aa_receiptRequest 212 +#define OBJ_id_smime_aa_receiptRequest OBJ_id_smime_aa,1L + +#define SN_id_smime_aa_securityLabel "id-smime-aa-securityLabel" +#define NID_id_smime_aa_securityLabel 213 +#define OBJ_id_smime_aa_securityLabel OBJ_id_smime_aa,2L + +#define SN_id_smime_aa_mlExpandHistory "id-smime-aa-mlExpandHistory" +#define NID_id_smime_aa_mlExpandHistory 214 +#define OBJ_id_smime_aa_mlExpandHistory OBJ_id_smime_aa,3L + +#define SN_id_smime_aa_contentHint "id-smime-aa-contentHint" +#define NID_id_smime_aa_contentHint 215 +#define OBJ_id_smime_aa_contentHint OBJ_id_smime_aa,4L + +#define SN_id_smime_aa_msgSigDigest "id-smime-aa-msgSigDigest" +#define NID_id_smime_aa_msgSigDigest 216 +#define OBJ_id_smime_aa_msgSigDigest OBJ_id_smime_aa,5L + +#define SN_id_smime_aa_encapContentType "id-smime-aa-encapContentType" +#define NID_id_smime_aa_encapContentType 217 +#define OBJ_id_smime_aa_encapContentType OBJ_id_smime_aa,6L + +#define SN_id_smime_aa_contentIdentifier "id-smime-aa-contentIdentifier" +#define NID_id_smime_aa_contentIdentifier 218 +#define OBJ_id_smime_aa_contentIdentifier OBJ_id_smime_aa,7L + +#define SN_id_smime_aa_macValue "id-smime-aa-macValue" +#define NID_id_smime_aa_macValue 219 +#define OBJ_id_smime_aa_macValue OBJ_id_smime_aa,8L + +#define SN_id_smime_aa_equivalentLabels "id-smime-aa-equivalentLabels" +#define NID_id_smime_aa_equivalentLabels 220 +#define OBJ_id_smime_aa_equivalentLabels OBJ_id_smime_aa,9L + +#define SN_id_smime_aa_contentReference "id-smime-aa-contentReference" +#define NID_id_smime_aa_contentReference 221 +#define OBJ_id_smime_aa_contentReference OBJ_id_smime_aa,10L + +#define SN_id_smime_aa_encrypKeyPref "id-smime-aa-encrypKeyPref" +#define NID_id_smime_aa_encrypKeyPref 222 +#define OBJ_id_smime_aa_encrypKeyPref OBJ_id_smime_aa,11L + +#define SN_id_smime_aa_signingCertificate "id-smime-aa-signingCertificate" +#define NID_id_smime_aa_signingCertificate 223 +#define OBJ_id_smime_aa_signingCertificate OBJ_id_smime_aa,12L + +#define SN_id_smime_aa_smimeEncryptCerts "id-smime-aa-smimeEncryptCerts" +#define NID_id_smime_aa_smimeEncryptCerts 224 +#define OBJ_id_smime_aa_smimeEncryptCerts OBJ_id_smime_aa,13L + +#define SN_id_smime_aa_timeStampToken "id-smime-aa-timeStampToken" +#define NID_id_smime_aa_timeStampToken 225 +#define OBJ_id_smime_aa_timeStampToken OBJ_id_smime_aa,14L + +#define SN_id_smime_aa_ets_sigPolicyId "id-smime-aa-ets-sigPolicyId" +#define NID_id_smime_aa_ets_sigPolicyId 226 +#define OBJ_id_smime_aa_ets_sigPolicyId OBJ_id_smime_aa,15L + +#define SN_id_smime_aa_ets_commitmentType "id-smime-aa-ets-commitmentType" +#define NID_id_smime_aa_ets_commitmentType 227 +#define OBJ_id_smime_aa_ets_commitmentType OBJ_id_smime_aa,16L + +#define SN_id_smime_aa_ets_signerLocation "id-smime-aa-ets-signerLocation" +#define NID_id_smime_aa_ets_signerLocation 228 +#define OBJ_id_smime_aa_ets_signerLocation OBJ_id_smime_aa,17L + +#define SN_id_smime_aa_ets_signerAttr "id-smime-aa-ets-signerAttr" +#define NID_id_smime_aa_ets_signerAttr 229 +#define OBJ_id_smime_aa_ets_signerAttr OBJ_id_smime_aa,18L + +#define SN_id_smime_aa_ets_otherSigCert "id-smime-aa-ets-otherSigCert" +#define NID_id_smime_aa_ets_otherSigCert 230 +#define OBJ_id_smime_aa_ets_otherSigCert OBJ_id_smime_aa,19L + +#define SN_id_smime_aa_ets_contentTimestamp "id-smime-aa-ets-contentTimestamp" +#define NID_id_smime_aa_ets_contentTimestamp 231 +#define OBJ_id_smime_aa_ets_contentTimestamp OBJ_id_smime_aa,20L + +#define SN_id_smime_aa_ets_CertificateRefs "id-smime-aa-ets-CertificateRefs" +#define NID_id_smime_aa_ets_CertificateRefs 232 +#define OBJ_id_smime_aa_ets_CertificateRefs OBJ_id_smime_aa,21L + +#define SN_id_smime_aa_ets_RevocationRefs "id-smime-aa-ets-RevocationRefs" +#define NID_id_smime_aa_ets_RevocationRefs 233 +#define OBJ_id_smime_aa_ets_RevocationRefs OBJ_id_smime_aa,22L + +#define SN_id_smime_aa_ets_certValues "id-smime-aa-ets-certValues" +#define NID_id_smime_aa_ets_certValues 234 +#define OBJ_id_smime_aa_ets_certValues OBJ_id_smime_aa,23L + +#define SN_id_smime_aa_ets_revocationValues "id-smime-aa-ets-revocationValues" +#define NID_id_smime_aa_ets_revocationValues 235 +#define OBJ_id_smime_aa_ets_revocationValues OBJ_id_smime_aa,24L + +#define SN_id_smime_aa_ets_escTimeStamp "id-smime-aa-ets-escTimeStamp" +#define NID_id_smime_aa_ets_escTimeStamp 236 +#define OBJ_id_smime_aa_ets_escTimeStamp OBJ_id_smime_aa,25L + +#define SN_id_smime_aa_ets_certCRLTimestamp "id-smime-aa-ets-certCRLTimestamp" +#define NID_id_smime_aa_ets_certCRLTimestamp 237 +#define OBJ_id_smime_aa_ets_certCRLTimestamp OBJ_id_smime_aa,26L + +#define SN_id_smime_aa_ets_archiveTimeStamp "id-smime-aa-ets-archiveTimeStamp" +#define NID_id_smime_aa_ets_archiveTimeStamp 238 +#define OBJ_id_smime_aa_ets_archiveTimeStamp OBJ_id_smime_aa,27L + +#define SN_id_smime_aa_signatureType "id-smime-aa-signatureType" +#define NID_id_smime_aa_signatureType 239 +#define OBJ_id_smime_aa_signatureType OBJ_id_smime_aa,28L + +#define SN_id_smime_aa_dvcs_dvc "id-smime-aa-dvcs-dvc" +#define NID_id_smime_aa_dvcs_dvc 240 +#define OBJ_id_smime_aa_dvcs_dvc OBJ_id_smime_aa,29L + +#define SN_id_smime_aa_signingCertificateV2 "id-smime-aa-signingCertificateV2" +#define NID_id_smime_aa_signingCertificateV2 1086 +#define OBJ_id_smime_aa_signingCertificateV2 OBJ_id_smime_aa,47L + +#define SN_id_smime_alg_ESDHwith3DES "id-smime-alg-ESDHwith3DES" +#define NID_id_smime_alg_ESDHwith3DES 241 +#define OBJ_id_smime_alg_ESDHwith3DES OBJ_id_smime_alg,1L + +#define SN_id_smime_alg_ESDHwithRC2 "id-smime-alg-ESDHwithRC2" +#define NID_id_smime_alg_ESDHwithRC2 242 +#define OBJ_id_smime_alg_ESDHwithRC2 OBJ_id_smime_alg,2L + +#define SN_id_smime_alg_3DESwrap "id-smime-alg-3DESwrap" +#define NID_id_smime_alg_3DESwrap 243 +#define OBJ_id_smime_alg_3DESwrap OBJ_id_smime_alg,3L + +#define SN_id_smime_alg_RC2wrap "id-smime-alg-RC2wrap" +#define NID_id_smime_alg_RC2wrap 244 +#define OBJ_id_smime_alg_RC2wrap OBJ_id_smime_alg,4L + +#define SN_id_smime_alg_ESDH "id-smime-alg-ESDH" +#define NID_id_smime_alg_ESDH 245 +#define OBJ_id_smime_alg_ESDH OBJ_id_smime_alg,5L + +#define SN_id_smime_alg_CMS3DESwrap "id-smime-alg-CMS3DESwrap" +#define NID_id_smime_alg_CMS3DESwrap 246 +#define OBJ_id_smime_alg_CMS3DESwrap OBJ_id_smime_alg,6L + +#define SN_id_smime_alg_CMSRC2wrap "id-smime-alg-CMSRC2wrap" +#define NID_id_smime_alg_CMSRC2wrap 247 +#define OBJ_id_smime_alg_CMSRC2wrap OBJ_id_smime_alg,7L + +#define SN_id_alg_PWRI_KEK "id-alg-PWRI-KEK" +#define NID_id_alg_PWRI_KEK 893 +#define OBJ_id_alg_PWRI_KEK OBJ_id_smime_alg,9L + +#define SN_id_smime_cd_ldap "id-smime-cd-ldap" +#define NID_id_smime_cd_ldap 248 +#define OBJ_id_smime_cd_ldap OBJ_id_smime_cd,1L + +#define SN_id_smime_spq_ets_sqt_uri "id-smime-spq-ets-sqt-uri" +#define NID_id_smime_spq_ets_sqt_uri 249 +#define OBJ_id_smime_spq_ets_sqt_uri OBJ_id_smime_spq,1L + +#define SN_id_smime_spq_ets_sqt_unotice "id-smime-spq-ets-sqt-unotice" +#define NID_id_smime_spq_ets_sqt_unotice 250 +#define OBJ_id_smime_spq_ets_sqt_unotice OBJ_id_smime_spq,2L + +#define SN_id_smime_cti_ets_proofOfOrigin "id-smime-cti-ets-proofOfOrigin" +#define NID_id_smime_cti_ets_proofOfOrigin 251 +#define OBJ_id_smime_cti_ets_proofOfOrigin OBJ_id_smime_cti,1L + +#define SN_id_smime_cti_ets_proofOfReceipt "id-smime-cti-ets-proofOfReceipt" +#define NID_id_smime_cti_ets_proofOfReceipt 252 +#define OBJ_id_smime_cti_ets_proofOfReceipt OBJ_id_smime_cti,2L + +#define SN_id_smime_cti_ets_proofOfDelivery "id-smime-cti-ets-proofOfDelivery" +#define NID_id_smime_cti_ets_proofOfDelivery 253 +#define OBJ_id_smime_cti_ets_proofOfDelivery OBJ_id_smime_cti,3L + +#define SN_id_smime_cti_ets_proofOfSender "id-smime-cti-ets-proofOfSender" +#define NID_id_smime_cti_ets_proofOfSender 254 +#define OBJ_id_smime_cti_ets_proofOfSender OBJ_id_smime_cti,4L + +#define SN_id_smime_cti_ets_proofOfApproval "id-smime-cti-ets-proofOfApproval" +#define NID_id_smime_cti_ets_proofOfApproval 255 +#define OBJ_id_smime_cti_ets_proofOfApproval OBJ_id_smime_cti,5L + +#define SN_id_smime_cti_ets_proofOfCreation "id-smime-cti-ets-proofOfCreation" +#define NID_id_smime_cti_ets_proofOfCreation 256 +#define OBJ_id_smime_cti_ets_proofOfCreation OBJ_id_smime_cti,6L + +#define LN_friendlyName "friendlyName" +#define NID_friendlyName 156 +#define OBJ_friendlyName OBJ_pkcs9,20L + +#define LN_localKeyID "localKeyID" +#define NID_localKeyID 157 +#define OBJ_localKeyID OBJ_pkcs9,21L + +#define SN_ms_csp_name "CSPName" +#define LN_ms_csp_name "Microsoft CSP Name" +#define NID_ms_csp_name 417 +#define OBJ_ms_csp_name 1L,3L,6L,1L,4L,1L,311L,17L,1L + +#define SN_LocalKeySet "LocalKeySet" +#define LN_LocalKeySet "Microsoft Local Key set" +#define NID_LocalKeySet 856 +#define OBJ_LocalKeySet 1L,3L,6L,1L,4L,1L,311L,17L,2L + +#define OBJ_certTypes OBJ_pkcs9,22L + +#define LN_x509Certificate "x509Certificate" +#define NID_x509Certificate 158 +#define OBJ_x509Certificate OBJ_certTypes,1L + +#define LN_sdsiCertificate "sdsiCertificate" +#define NID_sdsiCertificate 159 +#define OBJ_sdsiCertificate OBJ_certTypes,2L + +#define OBJ_crlTypes OBJ_pkcs9,23L + +#define LN_x509Crl "x509Crl" +#define NID_x509Crl 160 +#define OBJ_x509Crl OBJ_crlTypes,1L + +#define OBJ_pkcs12 OBJ_pkcs,12L + +#define OBJ_pkcs12_pbeids OBJ_pkcs12,1L + +#define SN_pbe_WithSHA1And128BitRC4 "PBE-SHA1-RC4-128" +#define LN_pbe_WithSHA1And128BitRC4 "pbeWithSHA1And128BitRC4" +#define NID_pbe_WithSHA1And128BitRC4 144 +#define OBJ_pbe_WithSHA1And128BitRC4 OBJ_pkcs12_pbeids,1L + +#define SN_pbe_WithSHA1And40BitRC4 "PBE-SHA1-RC4-40" +#define LN_pbe_WithSHA1And40BitRC4 "pbeWithSHA1And40BitRC4" +#define NID_pbe_WithSHA1And40BitRC4 145 +#define OBJ_pbe_WithSHA1And40BitRC4 OBJ_pkcs12_pbeids,2L + +#define SN_pbe_WithSHA1And3_Key_TripleDES_CBC "PBE-SHA1-3DES" +#define LN_pbe_WithSHA1And3_Key_TripleDES_CBC "pbeWithSHA1And3-KeyTripleDES-CBC" +#define NID_pbe_WithSHA1And3_Key_TripleDES_CBC 146 +#define OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC OBJ_pkcs12_pbeids,3L + +#define SN_pbe_WithSHA1And2_Key_TripleDES_CBC "PBE-SHA1-2DES" +#define LN_pbe_WithSHA1And2_Key_TripleDES_CBC "pbeWithSHA1And2-KeyTripleDES-CBC" +#define NID_pbe_WithSHA1And2_Key_TripleDES_CBC 147 +#define OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC OBJ_pkcs12_pbeids,4L + +#define SN_pbe_WithSHA1And128BitRC2_CBC "PBE-SHA1-RC2-128" +#define LN_pbe_WithSHA1And128BitRC2_CBC "pbeWithSHA1And128BitRC2-CBC" +#define NID_pbe_WithSHA1And128BitRC2_CBC 148 +#define OBJ_pbe_WithSHA1And128BitRC2_CBC OBJ_pkcs12_pbeids,5L + +#define SN_pbe_WithSHA1And40BitRC2_CBC "PBE-SHA1-RC2-40" +#define LN_pbe_WithSHA1And40BitRC2_CBC "pbeWithSHA1And40BitRC2-CBC" +#define NID_pbe_WithSHA1And40BitRC2_CBC 149 +#define OBJ_pbe_WithSHA1And40BitRC2_CBC OBJ_pkcs12_pbeids,6L + +#define OBJ_pkcs12_Version1 OBJ_pkcs12,10L + +#define OBJ_pkcs12_BagIds OBJ_pkcs12_Version1,1L + +#define LN_keyBag "keyBag" +#define NID_keyBag 150 +#define OBJ_keyBag OBJ_pkcs12_BagIds,1L + +#define LN_pkcs8ShroudedKeyBag "pkcs8ShroudedKeyBag" +#define NID_pkcs8ShroudedKeyBag 151 +#define OBJ_pkcs8ShroudedKeyBag OBJ_pkcs12_BagIds,2L + +#define LN_certBag "certBag" +#define NID_certBag 152 +#define OBJ_certBag OBJ_pkcs12_BagIds,3L + +#define LN_crlBag "crlBag" +#define NID_crlBag 153 +#define OBJ_crlBag OBJ_pkcs12_BagIds,4L + +#define LN_secretBag "secretBag" +#define NID_secretBag 154 +#define OBJ_secretBag OBJ_pkcs12_BagIds,5L + +#define LN_safeContentsBag "safeContentsBag" +#define NID_safeContentsBag 155 +#define OBJ_safeContentsBag OBJ_pkcs12_BagIds,6L + +#define SN_md2 "MD2" +#define LN_md2 "md2" +#define NID_md2 3 +#define OBJ_md2 OBJ_rsadsi,2L,2L + +#define SN_md4 "MD4" +#define LN_md4 "md4" +#define NID_md4 257 +#define OBJ_md4 OBJ_rsadsi,2L,4L + +#define SN_md5 "MD5" +#define LN_md5 "md5" +#define NID_md5 4 +#define OBJ_md5 OBJ_rsadsi,2L,5L + +#define SN_md5_sha1 "MD5-SHA1" +#define LN_md5_sha1 "md5-sha1" +#define NID_md5_sha1 114 + +#define LN_hmacWithMD5 "hmacWithMD5" +#define NID_hmacWithMD5 797 +#define OBJ_hmacWithMD5 OBJ_rsadsi,2L,6L + +#define LN_hmacWithSHA1 "hmacWithSHA1" +#define NID_hmacWithSHA1 163 +#define OBJ_hmacWithSHA1 OBJ_rsadsi,2L,7L + +#define SN_sm2 "SM2" +#define LN_sm2 "sm2" +#define NID_sm2 1172 +#define OBJ_sm2 OBJ_sm_scheme,301L + +#define SN_sm3 "SM3" +#define LN_sm3 "sm3" +#define NID_sm3 1143 +#define OBJ_sm3 OBJ_sm_scheme,401L + +#define SN_sm3WithRSAEncryption "RSA-SM3" +#define LN_sm3WithRSAEncryption "sm3WithRSAEncryption" +#define NID_sm3WithRSAEncryption 1144 +#define OBJ_sm3WithRSAEncryption OBJ_sm_scheme,504L + +#define SN_SM2_with_SM3 "SM2-SM3" +#define LN_SM2_with_SM3 "SM2-with-SM3" +#define NID_SM2_with_SM3 1204 +#define OBJ_SM2_with_SM3 OBJ_sm_scheme,501L + +#define LN_hmacWithSHA224 "hmacWithSHA224" +#define NID_hmacWithSHA224 798 +#define OBJ_hmacWithSHA224 OBJ_rsadsi,2L,8L + +#define LN_hmacWithSHA256 "hmacWithSHA256" +#define NID_hmacWithSHA256 799 +#define OBJ_hmacWithSHA256 OBJ_rsadsi,2L,9L + +#define LN_hmacWithSHA384 "hmacWithSHA384" +#define NID_hmacWithSHA384 800 +#define OBJ_hmacWithSHA384 OBJ_rsadsi,2L,10L + +#define LN_hmacWithSHA512 "hmacWithSHA512" +#define NID_hmacWithSHA512 801 +#define OBJ_hmacWithSHA512 OBJ_rsadsi,2L,11L + +#define LN_hmacWithSHA512_224 "hmacWithSHA512-224" +#define NID_hmacWithSHA512_224 1193 +#define OBJ_hmacWithSHA512_224 OBJ_rsadsi,2L,12L + +#define LN_hmacWithSHA512_256 "hmacWithSHA512-256" +#define NID_hmacWithSHA512_256 1194 +#define OBJ_hmacWithSHA512_256 OBJ_rsadsi,2L,13L + +#define SN_rc2_cbc "RC2-CBC" +#define LN_rc2_cbc "rc2-cbc" +#define NID_rc2_cbc 37 +#define OBJ_rc2_cbc OBJ_rsadsi,3L,2L + +#define SN_rc2_ecb "RC2-ECB" +#define LN_rc2_ecb "rc2-ecb" +#define NID_rc2_ecb 38 + +#define SN_rc2_cfb64 "RC2-CFB" +#define LN_rc2_cfb64 "rc2-cfb" +#define NID_rc2_cfb64 39 + +#define SN_rc2_ofb64 "RC2-OFB" +#define LN_rc2_ofb64 "rc2-ofb" +#define NID_rc2_ofb64 40 + +#define SN_rc2_40_cbc "RC2-40-CBC" +#define LN_rc2_40_cbc "rc2-40-cbc" +#define NID_rc2_40_cbc 98 + +#define SN_rc2_64_cbc "RC2-64-CBC" +#define LN_rc2_64_cbc "rc2-64-cbc" +#define NID_rc2_64_cbc 166 + +#define SN_rc4 "RC4" +#define LN_rc4 "rc4" +#define NID_rc4 5 +#define OBJ_rc4 OBJ_rsadsi,3L,4L + +#define SN_rc4_40 "RC4-40" +#define LN_rc4_40 "rc4-40" +#define NID_rc4_40 97 + +#define SN_des_ede3_cbc "DES-EDE3-CBC" +#define LN_des_ede3_cbc "des-ede3-cbc" +#define NID_des_ede3_cbc 44 +#define OBJ_des_ede3_cbc OBJ_rsadsi,3L,7L + +#define SN_rc5_cbc "RC5-CBC" +#define LN_rc5_cbc "rc5-cbc" +#define NID_rc5_cbc 120 +#define OBJ_rc5_cbc OBJ_rsadsi,3L,8L + +#define SN_rc5_ecb "RC5-ECB" +#define LN_rc5_ecb "rc5-ecb" +#define NID_rc5_ecb 121 + +#define SN_rc5_cfb64 "RC5-CFB" +#define LN_rc5_cfb64 "rc5-cfb" +#define NID_rc5_cfb64 122 + +#define SN_rc5_ofb64 "RC5-OFB" +#define LN_rc5_ofb64 "rc5-ofb" +#define NID_rc5_ofb64 123 + +#define SN_ms_ext_req "msExtReq" +#define LN_ms_ext_req "Microsoft Extension Request" +#define NID_ms_ext_req 171 +#define OBJ_ms_ext_req 1L,3L,6L,1L,4L,1L,311L,2L,1L,14L + +#define SN_ms_code_ind "msCodeInd" +#define LN_ms_code_ind "Microsoft Individual Code Signing" +#define NID_ms_code_ind 134 +#define OBJ_ms_code_ind 1L,3L,6L,1L,4L,1L,311L,2L,1L,21L + +#define SN_ms_code_com "msCodeCom" +#define LN_ms_code_com "Microsoft Commercial Code Signing" +#define NID_ms_code_com 135 +#define OBJ_ms_code_com 1L,3L,6L,1L,4L,1L,311L,2L,1L,22L + +#define SN_ms_ctl_sign "msCTLSign" +#define LN_ms_ctl_sign "Microsoft Trust List Signing" +#define NID_ms_ctl_sign 136 +#define OBJ_ms_ctl_sign 1L,3L,6L,1L,4L,1L,311L,10L,3L,1L + +#define SN_ms_sgc "msSGC" +#define LN_ms_sgc "Microsoft Server Gated Crypto" +#define NID_ms_sgc 137 +#define OBJ_ms_sgc 1L,3L,6L,1L,4L,1L,311L,10L,3L,3L + +#define SN_ms_efs "msEFS" +#define LN_ms_efs "Microsoft Encrypted File System" +#define NID_ms_efs 138 +#define OBJ_ms_efs 1L,3L,6L,1L,4L,1L,311L,10L,3L,4L + +#define SN_ms_smartcard_login "msSmartcardLogin" +#define LN_ms_smartcard_login "Microsoft Smartcard Login" +#define NID_ms_smartcard_login 648 +#define OBJ_ms_smartcard_login 1L,3L,6L,1L,4L,1L,311L,20L,2L,2L + +#define SN_ms_upn "msUPN" +#define LN_ms_upn "Microsoft User Principal Name" +#define NID_ms_upn 649 +#define OBJ_ms_upn 1L,3L,6L,1L,4L,1L,311L,20L,2L,3L + +#define SN_idea_cbc "IDEA-CBC" +#define LN_idea_cbc "idea-cbc" +#define NID_idea_cbc 34 +#define OBJ_idea_cbc 1L,3L,6L,1L,4L,1L,188L,7L,1L,1L,2L + +#define SN_idea_ecb "IDEA-ECB" +#define LN_idea_ecb "idea-ecb" +#define NID_idea_ecb 36 + +#define SN_idea_cfb64 "IDEA-CFB" +#define LN_idea_cfb64 "idea-cfb" +#define NID_idea_cfb64 35 + +#define SN_idea_ofb64 "IDEA-OFB" +#define LN_idea_ofb64 "idea-ofb" +#define NID_idea_ofb64 46 + +#define SN_bf_cbc "BF-CBC" +#define LN_bf_cbc "bf-cbc" +#define NID_bf_cbc 91 +#define OBJ_bf_cbc 1L,3L,6L,1L,4L,1L,3029L,1L,2L + +#define SN_bf_ecb "BF-ECB" +#define LN_bf_ecb "bf-ecb" +#define NID_bf_ecb 92 + +#define SN_bf_cfb64 "BF-CFB" +#define LN_bf_cfb64 "bf-cfb" +#define NID_bf_cfb64 93 + +#define SN_bf_ofb64 "BF-OFB" +#define LN_bf_ofb64 "bf-ofb" +#define NID_bf_ofb64 94 + +#define SN_id_pkix "PKIX" +#define NID_id_pkix 127 +#define OBJ_id_pkix 1L,3L,6L,1L,5L,5L,7L + +#define SN_id_pkix_mod "id-pkix-mod" +#define NID_id_pkix_mod 258 +#define OBJ_id_pkix_mod OBJ_id_pkix,0L + +#define SN_id_pe "id-pe" +#define NID_id_pe 175 +#define OBJ_id_pe OBJ_id_pkix,1L + +#define SN_id_qt "id-qt" +#define NID_id_qt 259 +#define OBJ_id_qt OBJ_id_pkix,2L + +#define SN_id_kp "id-kp" +#define NID_id_kp 128 +#define OBJ_id_kp OBJ_id_pkix,3L + +#define SN_id_it "id-it" +#define NID_id_it 260 +#define OBJ_id_it OBJ_id_pkix,4L + +#define SN_id_pkip "id-pkip" +#define NID_id_pkip 261 +#define OBJ_id_pkip OBJ_id_pkix,5L + +#define SN_id_alg "id-alg" +#define NID_id_alg 262 +#define OBJ_id_alg OBJ_id_pkix,6L + +#define SN_id_cmc "id-cmc" +#define NID_id_cmc 263 +#define OBJ_id_cmc OBJ_id_pkix,7L + +#define SN_id_on "id-on" +#define NID_id_on 264 +#define OBJ_id_on OBJ_id_pkix,8L + +#define SN_id_pda "id-pda" +#define NID_id_pda 265 +#define OBJ_id_pda OBJ_id_pkix,9L + +#define SN_id_aca "id-aca" +#define NID_id_aca 266 +#define OBJ_id_aca OBJ_id_pkix,10L + +#define SN_id_qcs "id-qcs" +#define NID_id_qcs 267 +#define OBJ_id_qcs OBJ_id_pkix,11L + +#define SN_id_cct "id-cct" +#define NID_id_cct 268 +#define OBJ_id_cct OBJ_id_pkix,12L + +#define SN_id_ppl "id-ppl" +#define NID_id_ppl 662 +#define OBJ_id_ppl OBJ_id_pkix,21L + +#define SN_id_ad "id-ad" +#define NID_id_ad 176 +#define OBJ_id_ad OBJ_id_pkix,48L + +#define SN_id_pkix1_explicit_88 "id-pkix1-explicit-88" +#define NID_id_pkix1_explicit_88 269 +#define OBJ_id_pkix1_explicit_88 OBJ_id_pkix_mod,1L + +#define SN_id_pkix1_implicit_88 "id-pkix1-implicit-88" +#define NID_id_pkix1_implicit_88 270 +#define OBJ_id_pkix1_implicit_88 OBJ_id_pkix_mod,2L + +#define SN_id_pkix1_explicit_93 "id-pkix1-explicit-93" +#define NID_id_pkix1_explicit_93 271 +#define OBJ_id_pkix1_explicit_93 OBJ_id_pkix_mod,3L + +#define SN_id_pkix1_implicit_93 "id-pkix1-implicit-93" +#define NID_id_pkix1_implicit_93 272 +#define OBJ_id_pkix1_implicit_93 OBJ_id_pkix_mod,4L + +#define SN_id_mod_crmf "id-mod-crmf" +#define NID_id_mod_crmf 273 +#define OBJ_id_mod_crmf OBJ_id_pkix_mod,5L + +#define SN_id_mod_cmc "id-mod-cmc" +#define NID_id_mod_cmc 274 +#define OBJ_id_mod_cmc OBJ_id_pkix_mod,6L + +#define SN_id_mod_kea_profile_88 "id-mod-kea-profile-88" +#define NID_id_mod_kea_profile_88 275 +#define OBJ_id_mod_kea_profile_88 OBJ_id_pkix_mod,7L + +#define SN_id_mod_kea_profile_93 "id-mod-kea-profile-93" +#define NID_id_mod_kea_profile_93 276 +#define OBJ_id_mod_kea_profile_93 OBJ_id_pkix_mod,8L + +#define SN_id_mod_cmp "id-mod-cmp" +#define NID_id_mod_cmp 277 +#define OBJ_id_mod_cmp OBJ_id_pkix_mod,9L + +#define SN_id_mod_qualified_cert_88 "id-mod-qualified-cert-88" +#define NID_id_mod_qualified_cert_88 278 +#define OBJ_id_mod_qualified_cert_88 OBJ_id_pkix_mod,10L + +#define SN_id_mod_qualified_cert_93 "id-mod-qualified-cert-93" +#define NID_id_mod_qualified_cert_93 279 +#define OBJ_id_mod_qualified_cert_93 OBJ_id_pkix_mod,11L + +#define SN_id_mod_attribute_cert "id-mod-attribute-cert" +#define NID_id_mod_attribute_cert 280 +#define OBJ_id_mod_attribute_cert OBJ_id_pkix_mod,12L + +#define SN_id_mod_timestamp_protocol "id-mod-timestamp-protocol" +#define NID_id_mod_timestamp_protocol 281 +#define OBJ_id_mod_timestamp_protocol OBJ_id_pkix_mod,13L + +#define SN_id_mod_ocsp "id-mod-ocsp" +#define NID_id_mod_ocsp 282 +#define OBJ_id_mod_ocsp OBJ_id_pkix_mod,14L + +#define SN_id_mod_dvcs "id-mod-dvcs" +#define NID_id_mod_dvcs 283 +#define OBJ_id_mod_dvcs OBJ_id_pkix_mod,15L + +#define SN_id_mod_cmp2000 "id-mod-cmp2000" +#define NID_id_mod_cmp2000 284 +#define OBJ_id_mod_cmp2000 OBJ_id_pkix_mod,16L + +#define SN_info_access "authorityInfoAccess" +#define LN_info_access "Authority Information Access" +#define NID_info_access 177 +#define OBJ_info_access OBJ_id_pe,1L + +#define SN_biometricInfo "biometricInfo" +#define LN_biometricInfo "Biometric Info" +#define NID_biometricInfo 285 +#define OBJ_biometricInfo OBJ_id_pe,2L + +#define SN_qcStatements "qcStatements" +#define NID_qcStatements 286 +#define OBJ_qcStatements OBJ_id_pe,3L + +#define SN_ac_auditEntity "ac-auditEntity" +#define NID_ac_auditEntity 287 +#define OBJ_ac_auditEntity OBJ_id_pe,4L + +#define SN_ac_targeting "ac-targeting" +#define NID_ac_targeting 288 +#define OBJ_ac_targeting OBJ_id_pe,5L + +#define SN_aaControls "aaControls" +#define NID_aaControls 289 +#define OBJ_aaControls OBJ_id_pe,6L + +#define SN_sbgp_ipAddrBlock "sbgp-ipAddrBlock" +#define NID_sbgp_ipAddrBlock 290 +#define OBJ_sbgp_ipAddrBlock OBJ_id_pe,7L + +#define SN_sbgp_autonomousSysNum "sbgp-autonomousSysNum" +#define NID_sbgp_autonomousSysNum 291 +#define OBJ_sbgp_autonomousSysNum OBJ_id_pe,8L + +#define SN_sbgp_routerIdentifier "sbgp-routerIdentifier" +#define NID_sbgp_routerIdentifier 292 +#define OBJ_sbgp_routerIdentifier OBJ_id_pe,9L + +#define SN_ac_proxying "ac-proxying" +#define NID_ac_proxying 397 +#define OBJ_ac_proxying OBJ_id_pe,10L + +#define SN_sinfo_access "subjectInfoAccess" +#define LN_sinfo_access "Subject Information Access" +#define NID_sinfo_access 398 +#define OBJ_sinfo_access OBJ_id_pe,11L + +#define SN_proxyCertInfo "proxyCertInfo" +#define LN_proxyCertInfo "Proxy Certificate Information" +#define NID_proxyCertInfo 663 +#define OBJ_proxyCertInfo OBJ_id_pe,14L + +#define SN_tlsfeature "tlsfeature" +#define LN_tlsfeature "TLS Feature" +#define NID_tlsfeature 1020 +#define OBJ_tlsfeature OBJ_id_pe,24L + +#define SN_id_qt_cps "id-qt-cps" +#define LN_id_qt_cps "Policy Qualifier CPS" +#define NID_id_qt_cps 164 +#define OBJ_id_qt_cps OBJ_id_qt,1L + +#define SN_id_qt_unotice "id-qt-unotice" +#define LN_id_qt_unotice "Policy Qualifier User Notice" +#define NID_id_qt_unotice 165 +#define OBJ_id_qt_unotice OBJ_id_qt,2L + +#define SN_textNotice "textNotice" +#define NID_textNotice 293 +#define OBJ_textNotice OBJ_id_qt,3L + +#define SN_server_auth "serverAuth" +#define LN_server_auth "TLS Web Server Authentication" +#define NID_server_auth 129 +#define OBJ_server_auth OBJ_id_kp,1L + +#define SN_client_auth "clientAuth" +#define LN_client_auth "TLS Web Client Authentication" +#define NID_client_auth 130 +#define OBJ_client_auth OBJ_id_kp,2L + +#define SN_code_sign "codeSigning" +#define LN_code_sign "Code Signing" +#define NID_code_sign 131 +#define OBJ_code_sign OBJ_id_kp,3L + +#define SN_email_protect "emailProtection" +#define LN_email_protect "E-mail Protection" +#define NID_email_protect 132 +#define OBJ_email_protect OBJ_id_kp,4L + +#define SN_ipsecEndSystem "ipsecEndSystem" +#define LN_ipsecEndSystem "IPSec End System" +#define NID_ipsecEndSystem 294 +#define OBJ_ipsecEndSystem OBJ_id_kp,5L + +#define SN_ipsecTunnel "ipsecTunnel" +#define LN_ipsecTunnel "IPSec Tunnel" +#define NID_ipsecTunnel 295 +#define OBJ_ipsecTunnel OBJ_id_kp,6L + +#define SN_ipsecUser "ipsecUser" +#define LN_ipsecUser "IPSec User" +#define NID_ipsecUser 296 +#define OBJ_ipsecUser OBJ_id_kp,7L + +#define SN_time_stamp "timeStamping" +#define LN_time_stamp "Time Stamping" +#define NID_time_stamp 133 +#define OBJ_time_stamp OBJ_id_kp,8L + +#define SN_OCSP_sign "OCSPSigning" +#define LN_OCSP_sign "OCSP Signing" +#define NID_OCSP_sign 180 +#define OBJ_OCSP_sign OBJ_id_kp,9L + +#define SN_dvcs "DVCS" +#define LN_dvcs "dvcs" +#define NID_dvcs 297 +#define OBJ_dvcs OBJ_id_kp,10L + +#define SN_ipsec_IKE "ipsecIKE" +#define LN_ipsec_IKE "ipsec Internet Key Exchange" +#define NID_ipsec_IKE 1022 +#define OBJ_ipsec_IKE OBJ_id_kp,17L + +#define SN_capwapAC "capwapAC" +#define LN_capwapAC "Ctrl/provision WAP Access" +#define NID_capwapAC 1023 +#define OBJ_capwapAC OBJ_id_kp,18L + +#define SN_capwapWTP "capwapWTP" +#define LN_capwapWTP "Ctrl/Provision WAP Termination" +#define NID_capwapWTP 1024 +#define OBJ_capwapWTP OBJ_id_kp,19L + +#define SN_sshClient "secureShellClient" +#define LN_sshClient "SSH Client" +#define NID_sshClient 1025 +#define OBJ_sshClient OBJ_id_kp,21L + +#define SN_sshServer "secureShellServer" +#define LN_sshServer "SSH Server" +#define NID_sshServer 1026 +#define OBJ_sshServer OBJ_id_kp,22L + +#define SN_sendRouter "sendRouter" +#define LN_sendRouter "Send Router" +#define NID_sendRouter 1027 +#define OBJ_sendRouter OBJ_id_kp,23L + +#define SN_sendProxiedRouter "sendProxiedRouter" +#define LN_sendProxiedRouter "Send Proxied Router" +#define NID_sendProxiedRouter 1028 +#define OBJ_sendProxiedRouter OBJ_id_kp,24L + +#define SN_sendOwner "sendOwner" +#define LN_sendOwner "Send Owner" +#define NID_sendOwner 1029 +#define OBJ_sendOwner OBJ_id_kp,25L + +#define SN_sendProxiedOwner "sendProxiedOwner" +#define LN_sendProxiedOwner "Send Proxied Owner" +#define NID_sendProxiedOwner 1030 +#define OBJ_sendProxiedOwner OBJ_id_kp,26L + +#define SN_cmcCA "cmcCA" +#define LN_cmcCA "CMC Certificate Authority" +#define NID_cmcCA 1131 +#define OBJ_cmcCA OBJ_id_kp,27L + +#define SN_cmcRA "cmcRA" +#define LN_cmcRA "CMC Registration Authority" +#define NID_cmcRA 1132 +#define OBJ_cmcRA OBJ_id_kp,28L + +#define SN_id_it_caProtEncCert "id-it-caProtEncCert" +#define NID_id_it_caProtEncCert 298 +#define OBJ_id_it_caProtEncCert OBJ_id_it,1L + +#define SN_id_it_signKeyPairTypes "id-it-signKeyPairTypes" +#define NID_id_it_signKeyPairTypes 299 +#define OBJ_id_it_signKeyPairTypes OBJ_id_it,2L + +#define SN_id_it_encKeyPairTypes "id-it-encKeyPairTypes" +#define NID_id_it_encKeyPairTypes 300 +#define OBJ_id_it_encKeyPairTypes OBJ_id_it,3L + +#define SN_id_it_preferredSymmAlg "id-it-preferredSymmAlg" +#define NID_id_it_preferredSymmAlg 301 +#define OBJ_id_it_preferredSymmAlg OBJ_id_it,4L + +#define SN_id_it_caKeyUpdateInfo "id-it-caKeyUpdateInfo" +#define NID_id_it_caKeyUpdateInfo 302 +#define OBJ_id_it_caKeyUpdateInfo OBJ_id_it,5L + +#define SN_id_it_currentCRL "id-it-currentCRL" +#define NID_id_it_currentCRL 303 +#define OBJ_id_it_currentCRL OBJ_id_it,6L + +#define SN_id_it_unsupportedOIDs "id-it-unsupportedOIDs" +#define NID_id_it_unsupportedOIDs 304 +#define OBJ_id_it_unsupportedOIDs OBJ_id_it,7L + +#define SN_id_it_subscriptionRequest "id-it-subscriptionRequest" +#define NID_id_it_subscriptionRequest 305 +#define OBJ_id_it_subscriptionRequest OBJ_id_it,8L + +#define SN_id_it_subscriptionResponse "id-it-subscriptionResponse" +#define NID_id_it_subscriptionResponse 306 +#define OBJ_id_it_subscriptionResponse OBJ_id_it,9L + +#define SN_id_it_keyPairParamReq "id-it-keyPairParamReq" +#define NID_id_it_keyPairParamReq 307 +#define OBJ_id_it_keyPairParamReq OBJ_id_it,10L + +#define SN_id_it_keyPairParamRep "id-it-keyPairParamRep" +#define NID_id_it_keyPairParamRep 308 +#define OBJ_id_it_keyPairParamRep OBJ_id_it,11L + +#define SN_id_it_revPassphrase "id-it-revPassphrase" +#define NID_id_it_revPassphrase 309 +#define OBJ_id_it_revPassphrase OBJ_id_it,12L + +#define SN_id_it_implicitConfirm "id-it-implicitConfirm" +#define NID_id_it_implicitConfirm 310 +#define OBJ_id_it_implicitConfirm OBJ_id_it,13L + +#define SN_id_it_confirmWaitTime "id-it-confirmWaitTime" +#define NID_id_it_confirmWaitTime 311 +#define OBJ_id_it_confirmWaitTime OBJ_id_it,14L + +#define SN_id_it_origPKIMessage "id-it-origPKIMessage" +#define NID_id_it_origPKIMessage 312 +#define OBJ_id_it_origPKIMessage OBJ_id_it,15L + +#define SN_id_it_suppLangTags "id-it-suppLangTags" +#define NID_id_it_suppLangTags 784 +#define OBJ_id_it_suppLangTags OBJ_id_it,16L + +#define SN_id_regCtrl "id-regCtrl" +#define NID_id_regCtrl 313 +#define OBJ_id_regCtrl OBJ_id_pkip,1L + +#define SN_id_regInfo "id-regInfo" +#define NID_id_regInfo 314 +#define OBJ_id_regInfo OBJ_id_pkip,2L + +#define SN_id_regCtrl_regToken "id-regCtrl-regToken" +#define NID_id_regCtrl_regToken 315 +#define OBJ_id_regCtrl_regToken OBJ_id_regCtrl,1L + +#define SN_id_regCtrl_authenticator "id-regCtrl-authenticator" +#define NID_id_regCtrl_authenticator 316 +#define OBJ_id_regCtrl_authenticator OBJ_id_regCtrl,2L + +#define SN_id_regCtrl_pkiPublicationInfo "id-regCtrl-pkiPublicationInfo" +#define NID_id_regCtrl_pkiPublicationInfo 317 +#define OBJ_id_regCtrl_pkiPublicationInfo OBJ_id_regCtrl,3L + +#define SN_id_regCtrl_pkiArchiveOptions "id-regCtrl-pkiArchiveOptions" +#define NID_id_regCtrl_pkiArchiveOptions 318 +#define OBJ_id_regCtrl_pkiArchiveOptions OBJ_id_regCtrl,4L + +#define SN_id_regCtrl_oldCertID "id-regCtrl-oldCertID" +#define NID_id_regCtrl_oldCertID 319 +#define OBJ_id_regCtrl_oldCertID OBJ_id_regCtrl,5L + +#define SN_id_regCtrl_protocolEncrKey "id-regCtrl-protocolEncrKey" +#define NID_id_regCtrl_protocolEncrKey 320 +#define OBJ_id_regCtrl_protocolEncrKey OBJ_id_regCtrl,6L + +#define SN_id_regInfo_utf8Pairs "id-regInfo-utf8Pairs" +#define NID_id_regInfo_utf8Pairs 321 +#define OBJ_id_regInfo_utf8Pairs OBJ_id_regInfo,1L + +#define SN_id_regInfo_certReq "id-regInfo-certReq" +#define NID_id_regInfo_certReq 322 +#define OBJ_id_regInfo_certReq OBJ_id_regInfo,2L + +#define SN_id_alg_des40 "id-alg-des40" +#define NID_id_alg_des40 323 +#define OBJ_id_alg_des40 OBJ_id_alg,1L + +#define SN_id_alg_noSignature "id-alg-noSignature" +#define NID_id_alg_noSignature 324 +#define OBJ_id_alg_noSignature OBJ_id_alg,2L + +#define SN_id_alg_dh_sig_hmac_sha1 "id-alg-dh-sig-hmac-sha1" +#define NID_id_alg_dh_sig_hmac_sha1 325 +#define OBJ_id_alg_dh_sig_hmac_sha1 OBJ_id_alg,3L + +#define SN_id_alg_dh_pop "id-alg-dh-pop" +#define NID_id_alg_dh_pop 326 +#define OBJ_id_alg_dh_pop OBJ_id_alg,4L + +#define SN_id_cmc_statusInfo "id-cmc-statusInfo" +#define NID_id_cmc_statusInfo 327 +#define OBJ_id_cmc_statusInfo OBJ_id_cmc,1L + +#define SN_id_cmc_identification "id-cmc-identification" +#define NID_id_cmc_identification 328 +#define OBJ_id_cmc_identification OBJ_id_cmc,2L + +#define SN_id_cmc_identityProof "id-cmc-identityProof" +#define NID_id_cmc_identityProof 329 +#define OBJ_id_cmc_identityProof OBJ_id_cmc,3L + +#define SN_id_cmc_dataReturn "id-cmc-dataReturn" +#define NID_id_cmc_dataReturn 330 +#define OBJ_id_cmc_dataReturn OBJ_id_cmc,4L + +#define SN_id_cmc_transactionId "id-cmc-transactionId" +#define NID_id_cmc_transactionId 331 +#define OBJ_id_cmc_transactionId OBJ_id_cmc,5L + +#define SN_id_cmc_senderNonce "id-cmc-senderNonce" +#define NID_id_cmc_senderNonce 332 +#define OBJ_id_cmc_senderNonce OBJ_id_cmc,6L + +#define SN_id_cmc_recipientNonce "id-cmc-recipientNonce" +#define NID_id_cmc_recipientNonce 333 +#define OBJ_id_cmc_recipientNonce OBJ_id_cmc,7L + +#define SN_id_cmc_addExtensions "id-cmc-addExtensions" +#define NID_id_cmc_addExtensions 334 +#define OBJ_id_cmc_addExtensions OBJ_id_cmc,8L + +#define SN_id_cmc_encryptedPOP "id-cmc-encryptedPOP" +#define NID_id_cmc_encryptedPOP 335 +#define OBJ_id_cmc_encryptedPOP OBJ_id_cmc,9L + +#define SN_id_cmc_decryptedPOP "id-cmc-decryptedPOP" +#define NID_id_cmc_decryptedPOP 336 +#define OBJ_id_cmc_decryptedPOP OBJ_id_cmc,10L + +#define SN_id_cmc_lraPOPWitness "id-cmc-lraPOPWitness" +#define NID_id_cmc_lraPOPWitness 337 +#define OBJ_id_cmc_lraPOPWitness OBJ_id_cmc,11L + +#define SN_id_cmc_getCert "id-cmc-getCert" +#define NID_id_cmc_getCert 338 +#define OBJ_id_cmc_getCert OBJ_id_cmc,15L + +#define SN_id_cmc_getCRL "id-cmc-getCRL" +#define NID_id_cmc_getCRL 339 +#define OBJ_id_cmc_getCRL OBJ_id_cmc,16L + +#define SN_id_cmc_revokeRequest "id-cmc-revokeRequest" +#define NID_id_cmc_revokeRequest 340 +#define OBJ_id_cmc_revokeRequest OBJ_id_cmc,17L + +#define SN_id_cmc_regInfo "id-cmc-regInfo" +#define NID_id_cmc_regInfo 341 +#define OBJ_id_cmc_regInfo OBJ_id_cmc,18L + +#define SN_id_cmc_responseInfo "id-cmc-responseInfo" +#define NID_id_cmc_responseInfo 342 +#define OBJ_id_cmc_responseInfo OBJ_id_cmc,19L + +#define SN_id_cmc_queryPending "id-cmc-queryPending" +#define NID_id_cmc_queryPending 343 +#define OBJ_id_cmc_queryPending OBJ_id_cmc,21L + +#define SN_id_cmc_popLinkRandom "id-cmc-popLinkRandom" +#define NID_id_cmc_popLinkRandom 344 +#define OBJ_id_cmc_popLinkRandom OBJ_id_cmc,22L + +#define SN_id_cmc_popLinkWitness "id-cmc-popLinkWitness" +#define NID_id_cmc_popLinkWitness 345 +#define OBJ_id_cmc_popLinkWitness OBJ_id_cmc,23L + +#define SN_id_cmc_confirmCertAcceptance "id-cmc-confirmCertAcceptance" +#define NID_id_cmc_confirmCertAcceptance 346 +#define OBJ_id_cmc_confirmCertAcceptance OBJ_id_cmc,24L + +#define SN_id_on_personalData "id-on-personalData" +#define NID_id_on_personalData 347 +#define OBJ_id_on_personalData OBJ_id_on,1L + +#define SN_id_on_permanentIdentifier "id-on-permanentIdentifier" +#define LN_id_on_permanentIdentifier "Permanent Identifier" +#define NID_id_on_permanentIdentifier 858 +#define OBJ_id_on_permanentIdentifier OBJ_id_on,3L + +#define SN_XmppAddr "id-on-xmppAddr" +#define LN_XmppAddr "XmppAddr" +#define NID_XmppAddr 1209 +#define OBJ_XmppAddr OBJ_id_on,5L + +#define SN_SRVName "id-on-dnsSRV" +#define LN_SRVName "SRVName" +#define NID_SRVName 1210 +#define OBJ_SRVName OBJ_id_on,7L + +#define SN_NAIRealm "id-on-NAIRealm" +#define LN_NAIRealm "NAIRealm" +#define NID_NAIRealm 1211 +#define OBJ_NAIRealm OBJ_id_on,8L + +#define SN_id_on_SmtpUTF8Mailbox "id-on-SmtpUTF8Mailbox" +#define LN_id_on_SmtpUTF8Mailbox "Smtp UTF8 Mailbox" +#define NID_id_on_SmtpUTF8Mailbox 1208 +#define OBJ_id_on_SmtpUTF8Mailbox OBJ_id_on,9L + +#define SN_id_pda_dateOfBirth "id-pda-dateOfBirth" +#define NID_id_pda_dateOfBirth 348 +#define OBJ_id_pda_dateOfBirth OBJ_id_pda,1L + +#define SN_id_pda_placeOfBirth "id-pda-placeOfBirth" +#define NID_id_pda_placeOfBirth 349 +#define OBJ_id_pda_placeOfBirth OBJ_id_pda,2L + +#define SN_id_pda_gender "id-pda-gender" +#define NID_id_pda_gender 351 +#define OBJ_id_pda_gender OBJ_id_pda,3L + +#define SN_id_pda_countryOfCitizenship "id-pda-countryOfCitizenship" +#define NID_id_pda_countryOfCitizenship 352 +#define OBJ_id_pda_countryOfCitizenship OBJ_id_pda,4L + +#define SN_id_pda_countryOfResidence "id-pda-countryOfResidence" +#define NID_id_pda_countryOfResidence 353 +#define OBJ_id_pda_countryOfResidence OBJ_id_pda,5L + +#define SN_id_aca_authenticationInfo "id-aca-authenticationInfo" +#define NID_id_aca_authenticationInfo 354 +#define OBJ_id_aca_authenticationInfo OBJ_id_aca,1L + +#define SN_id_aca_accessIdentity "id-aca-accessIdentity" +#define NID_id_aca_accessIdentity 355 +#define OBJ_id_aca_accessIdentity OBJ_id_aca,2L + +#define SN_id_aca_chargingIdentity "id-aca-chargingIdentity" +#define NID_id_aca_chargingIdentity 356 +#define OBJ_id_aca_chargingIdentity OBJ_id_aca,3L + +#define SN_id_aca_group "id-aca-group" +#define NID_id_aca_group 357 +#define OBJ_id_aca_group OBJ_id_aca,4L + +#define SN_id_aca_role "id-aca-role" +#define NID_id_aca_role 358 +#define OBJ_id_aca_role OBJ_id_aca,5L + +#define SN_id_aca_encAttrs "id-aca-encAttrs" +#define NID_id_aca_encAttrs 399 +#define OBJ_id_aca_encAttrs OBJ_id_aca,6L + +#define SN_id_qcs_pkixQCSyntax_v1 "id-qcs-pkixQCSyntax-v1" +#define NID_id_qcs_pkixQCSyntax_v1 359 +#define OBJ_id_qcs_pkixQCSyntax_v1 OBJ_id_qcs,1L + +#define SN_id_cct_crs "id-cct-crs" +#define NID_id_cct_crs 360 +#define OBJ_id_cct_crs OBJ_id_cct,1L + +#define SN_id_cct_PKIData "id-cct-PKIData" +#define NID_id_cct_PKIData 361 +#define OBJ_id_cct_PKIData OBJ_id_cct,2L + +#define SN_id_cct_PKIResponse "id-cct-PKIResponse" +#define NID_id_cct_PKIResponse 362 +#define OBJ_id_cct_PKIResponse OBJ_id_cct,3L + +#define SN_id_ppl_anyLanguage "id-ppl-anyLanguage" +#define LN_id_ppl_anyLanguage "Any language" +#define NID_id_ppl_anyLanguage 664 +#define OBJ_id_ppl_anyLanguage OBJ_id_ppl,0L + +#define SN_id_ppl_inheritAll "id-ppl-inheritAll" +#define LN_id_ppl_inheritAll "Inherit all" +#define NID_id_ppl_inheritAll 665 +#define OBJ_id_ppl_inheritAll OBJ_id_ppl,1L + +#define SN_Independent "id-ppl-independent" +#define LN_Independent "Independent" +#define NID_Independent 667 +#define OBJ_Independent OBJ_id_ppl,2L + +#define SN_ad_OCSP "OCSP" +#define LN_ad_OCSP "OCSP" +#define NID_ad_OCSP 178 +#define OBJ_ad_OCSP OBJ_id_ad,1L + +#define SN_ad_ca_issuers "caIssuers" +#define LN_ad_ca_issuers "CA Issuers" +#define NID_ad_ca_issuers 179 +#define OBJ_ad_ca_issuers OBJ_id_ad,2L + +#define SN_ad_timeStamping "ad_timestamping" +#define LN_ad_timeStamping "AD Time Stamping" +#define NID_ad_timeStamping 363 +#define OBJ_ad_timeStamping OBJ_id_ad,3L + +#define SN_ad_dvcs "AD_DVCS" +#define LN_ad_dvcs "ad dvcs" +#define NID_ad_dvcs 364 +#define OBJ_ad_dvcs OBJ_id_ad,4L + +#define SN_caRepository "caRepository" +#define LN_caRepository "CA Repository" +#define NID_caRepository 785 +#define OBJ_caRepository OBJ_id_ad,5L + +#define OBJ_id_pkix_OCSP OBJ_ad_OCSP + +#define SN_id_pkix_OCSP_basic "basicOCSPResponse" +#define LN_id_pkix_OCSP_basic "Basic OCSP Response" +#define NID_id_pkix_OCSP_basic 365 +#define OBJ_id_pkix_OCSP_basic OBJ_id_pkix_OCSP,1L + +#define SN_id_pkix_OCSP_Nonce "Nonce" +#define LN_id_pkix_OCSP_Nonce "OCSP Nonce" +#define NID_id_pkix_OCSP_Nonce 366 +#define OBJ_id_pkix_OCSP_Nonce OBJ_id_pkix_OCSP,2L + +#define SN_id_pkix_OCSP_CrlID "CrlID" +#define LN_id_pkix_OCSP_CrlID "OCSP CRL ID" +#define NID_id_pkix_OCSP_CrlID 367 +#define OBJ_id_pkix_OCSP_CrlID OBJ_id_pkix_OCSP,3L + +#define SN_id_pkix_OCSP_acceptableResponses "acceptableResponses" +#define LN_id_pkix_OCSP_acceptableResponses "Acceptable OCSP Responses" +#define NID_id_pkix_OCSP_acceptableResponses 368 +#define OBJ_id_pkix_OCSP_acceptableResponses OBJ_id_pkix_OCSP,4L + +#define SN_id_pkix_OCSP_noCheck "noCheck" +#define LN_id_pkix_OCSP_noCheck "OCSP No Check" +#define NID_id_pkix_OCSP_noCheck 369 +#define OBJ_id_pkix_OCSP_noCheck OBJ_id_pkix_OCSP,5L + +#define SN_id_pkix_OCSP_archiveCutoff "archiveCutoff" +#define LN_id_pkix_OCSP_archiveCutoff "OCSP Archive Cutoff" +#define NID_id_pkix_OCSP_archiveCutoff 370 +#define OBJ_id_pkix_OCSP_archiveCutoff OBJ_id_pkix_OCSP,6L + +#define SN_id_pkix_OCSP_serviceLocator "serviceLocator" +#define LN_id_pkix_OCSP_serviceLocator "OCSP Service Locator" +#define NID_id_pkix_OCSP_serviceLocator 371 +#define OBJ_id_pkix_OCSP_serviceLocator OBJ_id_pkix_OCSP,7L + +#define SN_id_pkix_OCSP_extendedStatus "extendedStatus" +#define LN_id_pkix_OCSP_extendedStatus "Extended OCSP Status" +#define NID_id_pkix_OCSP_extendedStatus 372 +#define OBJ_id_pkix_OCSP_extendedStatus OBJ_id_pkix_OCSP,8L + +#define SN_id_pkix_OCSP_valid "valid" +#define NID_id_pkix_OCSP_valid 373 +#define OBJ_id_pkix_OCSP_valid OBJ_id_pkix_OCSP,9L + +#define SN_id_pkix_OCSP_path "path" +#define NID_id_pkix_OCSP_path 374 +#define OBJ_id_pkix_OCSP_path OBJ_id_pkix_OCSP,10L + +#define SN_id_pkix_OCSP_trustRoot "trustRoot" +#define LN_id_pkix_OCSP_trustRoot "Trust Root" +#define NID_id_pkix_OCSP_trustRoot 375 +#define OBJ_id_pkix_OCSP_trustRoot OBJ_id_pkix_OCSP,11L + +#define SN_algorithm "algorithm" +#define LN_algorithm "algorithm" +#define NID_algorithm 376 +#define OBJ_algorithm 1L,3L,14L,3L,2L + +#define SN_md5WithRSA "RSA-NP-MD5" +#define LN_md5WithRSA "md5WithRSA" +#define NID_md5WithRSA 104 +#define OBJ_md5WithRSA OBJ_algorithm,3L + +#define SN_des_ecb "DES-ECB" +#define LN_des_ecb "des-ecb" +#define NID_des_ecb 29 +#define OBJ_des_ecb OBJ_algorithm,6L + +#define SN_des_cbc "DES-CBC" +#define LN_des_cbc "des-cbc" +#define NID_des_cbc 31 +#define OBJ_des_cbc OBJ_algorithm,7L + +#define SN_des_ofb64 "DES-OFB" +#define LN_des_ofb64 "des-ofb" +#define NID_des_ofb64 45 +#define OBJ_des_ofb64 OBJ_algorithm,8L + +#define SN_des_cfb64 "DES-CFB" +#define LN_des_cfb64 "des-cfb" +#define NID_des_cfb64 30 +#define OBJ_des_cfb64 OBJ_algorithm,9L + +#define SN_rsaSignature "rsaSignature" +#define NID_rsaSignature 377 +#define OBJ_rsaSignature OBJ_algorithm,11L + +#define SN_dsa_2 "DSA-old" +#define LN_dsa_2 "dsaEncryption-old" +#define NID_dsa_2 67 +#define OBJ_dsa_2 OBJ_algorithm,12L + +#define SN_dsaWithSHA "DSA-SHA" +#define LN_dsaWithSHA "dsaWithSHA" +#define NID_dsaWithSHA 66 +#define OBJ_dsaWithSHA OBJ_algorithm,13L + +#define SN_shaWithRSAEncryption "RSA-SHA" +#define LN_shaWithRSAEncryption "shaWithRSAEncryption" +#define NID_shaWithRSAEncryption 42 +#define OBJ_shaWithRSAEncryption OBJ_algorithm,15L + +#define SN_des_ede_ecb "DES-EDE" +#define LN_des_ede_ecb "des-ede" +#define NID_des_ede_ecb 32 +#define OBJ_des_ede_ecb OBJ_algorithm,17L + +#define SN_des_ede3_ecb "DES-EDE3" +#define LN_des_ede3_ecb "des-ede3" +#define NID_des_ede3_ecb 33 + +#define SN_des_ede_cbc "DES-EDE-CBC" +#define LN_des_ede_cbc "des-ede-cbc" +#define NID_des_ede_cbc 43 + +#define SN_des_ede_cfb64 "DES-EDE-CFB" +#define LN_des_ede_cfb64 "des-ede-cfb" +#define NID_des_ede_cfb64 60 + +#define SN_des_ede3_cfb64 "DES-EDE3-CFB" +#define LN_des_ede3_cfb64 "des-ede3-cfb" +#define NID_des_ede3_cfb64 61 + +#define SN_des_ede_ofb64 "DES-EDE-OFB" +#define LN_des_ede_ofb64 "des-ede-ofb" +#define NID_des_ede_ofb64 62 + +#define SN_des_ede3_ofb64 "DES-EDE3-OFB" +#define LN_des_ede3_ofb64 "des-ede3-ofb" +#define NID_des_ede3_ofb64 63 + +#define SN_desx_cbc "DESX-CBC" +#define LN_desx_cbc "desx-cbc" +#define NID_desx_cbc 80 + +#define SN_sha "SHA" +#define LN_sha "sha" +#define NID_sha 41 +#define OBJ_sha OBJ_algorithm,18L + +#define SN_sha1 "SHA1" +#define LN_sha1 "sha1" +#define NID_sha1 64 +#define OBJ_sha1 OBJ_algorithm,26L + +#define SN_dsaWithSHA1_2 "DSA-SHA1-old" +#define LN_dsaWithSHA1_2 "dsaWithSHA1-old" +#define NID_dsaWithSHA1_2 70 +#define OBJ_dsaWithSHA1_2 OBJ_algorithm,27L + +#define SN_sha1WithRSA "RSA-SHA1-2" +#define LN_sha1WithRSA "sha1WithRSA" +#define NID_sha1WithRSA 115 +#define OBJ_sha1WithRSA OBJ_algorithm,29L + +#define SN_ripemd160 "RIPEMD160" +#define LN_ripemd160 "ripemd160" +#define NID_ripemd160 117 +#define OBJ_ripemd160 1L,3L,36L,3L,2L,1L + +#define SN_ripemd160WithRSA "RSA-RIPEMD160" +#define LN_ripemd160WithRSA "ripemd160WithRSA" +#define NID_ripemd160WithRSA 119 +#define OBJ_ripemd160WithRSA 1L,3L,36L,3L,3L,1L,2L + +#define SN_blake2bmac "BLAKE2BMAC" +#define LN_blake2bmac "blake2bmac" +#define NID_blake2bmac 1201 +#define OBJ_blake2bmac 1L,3L,6L,1L,4L,1L,1722L,12L,2L,1L + +#define SN_blake2smac "BLAKE2SMAC" +#define LN_blake2smac "blake2smac" +#define NID_blake2smac 1202 +#define OBJ_blake2smac 1L,3L,6L,1L,4L,1L,1722L,12L,2L,2L + +#define SN_blake2b512 "BLAKE2b512" +#define LN_blake2b512 "blake2b512" +#define NID_blake2b512 1056 +#define OBJ_blake2b512 OBJ_blake2bmac,16L + +#define SN_blake2s256 "BLAKE2s256" +#define LN_blake2s256 "blake2s256" +#define NID_blake2s256 1057 +#define OBJ_blake2s256 OBJ_blake2smac,8L + +#define SN_sxnet "SXNetID" +#define LN_sxnet "Strong Extranet ID" +#define NID_sxnet 143 +#define OBJ_sxnet 1L,3L,101L,1L,4L,1L + +#define SN_X500 "X500" +#define LN_X500 "directory services (X.500)" +#define NID_X500 11 +#define OBJ_X500 2L,5L + +#define SN_X509 "X509" +#define NID_X509 12 +#define OBJ_X509 OBJ_X500,4L + +#define SN_commonName "CN" +#define LN_commonName "commonName" +#define NID_commonName 13 +#define OBJ_commonName OBJ_X509,3L + +#define SN_surname "SN" +#define LN_surname "surname" +#define NID_surname 100 +#define OBJ_surname OBJ_X509,4L + +#define LN_serialNumber "serialNumber" +#define NID_serialNumber 105 +#define OBJ_serialNumber OBJ_X509,5L + +#define SN_countryName "C" +#define LN_countryName "countryName" +#define NID_countryName 14 +#define OBJ_countryName OBJ_X509,6L + +#define SN_localityName "L" +#define LN_localityName "localityName" +#define NID_localityName 15 +#define OBJ_localityName OBJ_X509,7L + +#define SN_stateOrProvinceName "ST" +#define LN_stateOrProvinceName "stateOrProvinceName" +#define NID_stateOrProvinceName 16 +#define OBJ_stateOrProvinceName OBJ_X509,8L + +#define SN_streetAddress "street" +#define LN_streetAddress "streetAddress" +#define NID_streetAddress 660 +#define OBJ_streetAddress OBJ_X509,9L + +#define SN_organizationName "O" +#define LN_organizationName "organizationName" +#define NID_organizationName 17 +#define OBJ_organizationName OBJ_X509,10L + +#define SN_organizationalUnitName "OU" +#define LN_organizationalUnitName "organizationalUnitName" +#define NID_organizationalUnitName 18 +#define OBJ_organizationalUnitName OBJ_X509,11L + +#define SN_title "title" +#define LN_title "title" +#define NID_title 106 +#define OBJ_title OBJ_X509,12L + +#define LN_description "description" +#define NID_description 107 +#define OBJ_description OBJ_X509,13L + +#define LN_searchGuide "searchGuide" +#define NID_searchGuide 859 +#define OBJ_searchGuide OBJ_X509,14L + +#define LN_businessCategory "businessCategory" +#define NID_businessCategory 860 +#define OBJ_businessCategory OBJ_X509,15L + +#define LN_postalAddress "postalAddress" +#define NID_postalAddress 861 +#define OBJ_postalAddress OBJ_X509,16L + +#define LN_postalCode "postalCode" +#define NID_postalCode 661 +#define OBJ_postalCode OBJ_X509,17L + +#define LN_postOfficeBox "postOfficeBox" +#define NID_postOfficeBox 862 +#define OBJ_postOfficeBox OBJ_X509,18L + +#define LN_physicalDeliveryOfficeName "physicalDeliveryOfficeName" +#define NID_physicalDeliveryOfficeName 863 +#define OBJ_physicalDeliveryOfficeName OBJ_X509,19L + +#define LN_telephoneNumber "telephoneNumber" +#define NID_telephoneNumber 864 +#define OBJ_telephoneNumber OBJ_X509,20L + +#define LN_telexNumber "telexNumber" +#define NID_telexNumber 865 +#define OBJ_telexNumber OBJ_X509,21L + +#define LN_teletexTerminalIdentifier "teletexTerminalIdentifier" +#define NID_teletexTerminalIdentifier 866 +#define OBJ_teletexTerminalIdentifier OBJ_X509,22L + +#define LN_facsimileTelephoneNumber "facsimileTelephoneNumber" +#define NID_facsimileTelephoneNumber 867 +#define OBJ_facsimileTelephoneNumber OBJ_X509,23L + +#define LN_x121Address "x121Address" +#define NID_x121Address 868 +#define OBJ_x121Address OBJ_X509,24L + +#define LN_internationaliSDNNumber "internationaliSDNNumber" +#define NID_internationaliSDNNumber 869 +#define OBJ_internationaliSDNNumber OBJ_X509,25L + +#define LN_registeredAddress "registeredAddress" +#define NID_registeredAddress 870 +#define OBJ_registeredAddress OBJ_X509,26L + +#define LN_destinationIndicator "destinationIndicator" +#define NID_destinationIndicator 871 +#define OBJ_destinationIndicator OBJ_X509,27L + +#define LN_preferredDeliveryMethod "preferredDeliveryMethod" +#define NID_preferredDeliveryMethod 872 +#define OBJ_preferredDeliveryMethod OBJ_X509,28L + +#define LN_presentationAddress "presentationAddress" +#define NID_presentationAddress 873 +#define OBJ_presentationAddress OBJ_X509,29L + +#define LN_supportedApplicationContext "supportedApplicationContext" +#define NID_supportedApplicationContext 874 +#define OBJ_supportedApplicationContext OBJ_X509,30L + +#define SN_member "member" +#define NID_member 875 +#define OBJ_member OBJ_X509,31L + +#define SN_owner "owner" +#define NID_owner 876 +#define OBJ_owner OBJ_X509,32L + +#define LN_roleOccupant "roleOccupant" +#define NID_roleOccupant 877 +#define OBJ_roleOccupant OBJ_X509,33L + +#define SN_seeAlso "seeAlso" +#define NID_seeAlso 878 +#define OBJ_seeAlso OBJ_X509,34L + +#define LN_userPassword "userPassword" +#define NID_userPassword 879 +#define OBJ_userPassword OBJ_X509,35L + +#define LN_userCertificate "userCertificate" +#define NID_userCertificate 880 +#define OBJ_userCertificate OBJ_X509,36L + +#define LN_cACertificate "cACertificate" +#define NID_cACertificate 881 +#define OBJ_cACertificate OBJ_X509,37L + +#define LN_authorityRevocationList "authorityRevocationList" +#define NID_authorityRevocationList 882 +#define OBJ_authorityRevocationList OBJ_X509,38L + +#define LN_certificateRevocationList "certificateRevocationList" +#define NID_certificateRevocationList 883 +#define OBJ_certificateRevocationList OBJ_X509,39L + +#define LN_crossCertificatePair "crossCertificatePair" +#define NID_crossCertificatePair 884 +#define OBJ_crossCertificatePair OBJ_X509,40L + +#define SN_name "name" +#define LN_name "name" +#define NID_name 173 +#define OBJ_name OBJ_X509,41L + +#define SN_givenName "GN" +#define LN_givenName "givenName" +#define NID_givenName 99 +#define OBJ_givenName OBJ_X509,42L + +#define SN_initials "initials" +#define LN_initials "initials" +#define NID_initials 101 +#define OBJ_initials OBJ_X509,43L + +#define LN_generationQualifier "generationQualifier" +#define NID_generationQualifier 509 +#define OBJ_generationQualifier OBJ_X509,44L + +#define LN_x500UniqueIdentifier "x500UniqueIdentifier" +#define NID_x500UniqueIdentifier 503 +#define OBJ_x500UniqueIdentifier OBJ_X509,45L + +#define SN_dnQualifier "dnQualifier" +#define LN_dnQualifier "dnQualifier" +#define NID_dnQualifier 174 +#define OBJ_dnQualifier OBJ_X509,46L + +#define LN_enhancedSearchGuide "enhancedSearchGuide" +#define NID_enhancedSearchGuide 885 +#define OBJ_enhancedSearchGuide OBJ_X509,47L + +#define LN_protocolInformation "protocolInformation" +#define NID_protocolInformation 886 +#define OBJ_protocolInformation OBJ_X509,48L + +#define LN_distinguishedName "distinguishedName" +#define NID_distinguishedName 887 +#define OBJ_distinguishedName OBJ_X509,49L + +#define LN_uniqueMember "uniqueMember" +#define NID_uniqueMember 888 +#define OBJ_uniqueMember OBJ_X509,50L + +#define LN_houseIdentifier "houseIdentifier" +#define NID_houseIdentifier 889 +#define OBJ_houseIdentifier OBJ_X509,51L + +#define LN_supportedAlgorithms "supportedAlgorithms" +#define NID_supportedAlgorithms 890 +#define OBJ_supportedAlgorithms OBJ_X509,52L + +#define LN_deltaRevocationList "deltaRevocationList" +#define NID_deltaRevocationList 891 +#define OBJ_deltaRevocationList OBJ_X509,53L + +#define SN_dmdName "dmdName" +#define NID_dmdName 892 +#define OBJ_dmdName OBJ_X509,54L + +#define LN_pseudonym "pseudonym" +#define NID_pseudonym 510 +#define OBJ_pseudonym OBJ_X509,65L + +#define SN_role "role" +#define LN_role "role" +#define NID_role 400 +#define OBJ_role OBJ_X509,72L + +#define LN_organizationIdentifier "organizationIdentifier" +#define NID_organizationIdentifier 1089 +#define OBJ_organizationIdentifier OBJ_X509,97L + +#define SN_countryCode3c "c3" +#define LN_countryCode3c "countryCode3c" +#define NID_countryCode3c 1090 +#define OBJ_countryCode3c OBJ_X509,98L + +#define SN_countryCode3n "n3" +#define LN_countryCode3n "countryCode3n" +#define NID_countryCode3n 1091 +#define OBJ_countryCode3n OBJ_X509,99L + +#define LN_dnsName "dnsName" +#define NID_dnsName 1092 +#define OBJ_dnsName OBJ_X509,100L + +#define SN_X500algorithms "X500algorithms" +#define LN_X500algorithms "directory services - algorithms" +#define NID_X500algorithms 378 +#define OBJ_X500algorithms OBJ_X500,8L + +#define SN_rsa "RSA" +#define LN_rsa "rsa" +#define NID_rsa 19 +#define OBJ_rsa OBJ_X500algorithms,1L,1L + +#define SN_mdc2WithRSA "RSA-MDC2" +#define LN_mdc2WithRSA "mdc2WithRSA" +#define NID_mdc2WithRSA 96 +#define OBJ_mdc2WithRSA OBJ_X500algorithms,3L,100L + +#define SN_mdc2 "MDC2" +#define LN_mdc2 "mdc2" +#define NID_mdc2 95 +#define OBJ_mdc2 OBJ_X500algorithms,3L,101L + +#define SN_id_ce "id-ce" +#define NID_id_ce 81 +#define OBJ_id_ce OBJ_X500,29L + +#define SN_subject_directory_attributes "subjectDirectoryAttributes" +#define LN_subject_directory_attributes "X509v3 Subject Directory Attributes" +#define NID_subject_directory_attributes 769 +#define OBJ_subject_directory_attributes OBJ_id_ce,9L + +#define SN_subject_key_identifier "subjectKeyIdentifier" +#define LN_subject_key_identifier "X509v3 Subject Key Identifier" +#define NID_subject_key_identifier 82 +#define OBJ_subject_key_identifier OBJ_id_ce,14L + +#define SN_key_usage "keyUsage" +#define LN_key_usage "X509v3 Key Usage" +#define NID_key_usage 83 +#define OBJ_key_usage OBJ_id_ce,15L + +#define SN_private_key_usage_period "privateKeyUsagePeriod" +#define LN_private_key_usage_period "X509v3 Private Key Usage Period" +#define NID_private_key_usage_period 84 +#define OBJ_private_key_usage_period OBJ_id_ce,16L + +#define SN_subject_alt_name "subjectAltName" +#define LN_subject_alt_name "X509v3 Subject Alternative Name" +#define NID_subject_alt_name 85 +#define OBJ_subject_alt_name OBJ_id_ce,17L + +#define SN_issuer_alt_name "issuerAltName" +#define LN_issuer_alt_name "X509v3 Issuer Alternative Name" +#define NID_issuer_alt_name 86 +#define OBJ_issuer_alt_name OBJ_id_ce,18L + +#define SN_basic_constraints "basicConstraints" +#define LN_basic_constraints "X509v3 Basic Constraints" +#define NID_basic_constraints 87 +#define OBJ_basic_constraints OBJ_id_ce,19L + +#define SN_crl_number "crlNumber" +#define LN_crl_number "X509v3 CRL Number" +#define NID_crl_number 88 +#define OBJ_crl_number OBJ_id_ce,20L + +#define SN_crl_reason "CRLReason" +#define LN_crl_reason "X509v3 CRL Reason Code" +#define NID_crl_reason 141 +#define OBJ_crl_reason OBJ_id_ce,21L + +#define SN_invalidity_date "invalidityDate" +#define LN_invalidity_date "Invalidity Date" +#define NID_invalidity_date 142 +#define OBJ_invalidity_date OBJ_id_ce,24L + +#define SN_delta_crl "deltaCRL" +#define LN_delta_crl "X509v3 Delta CRL Indicator" +#define NID_delta_crl 140 +#define OBJ_delta_crl OBJ_id_ce,27L + +#define SN_issuing_distribution_point "issuingDistributionPoint" +#define LN_issuing_distribution_point "X509v3 Issuing Distribution Point" +#define NID_issuing_distribution_point 770 +#define OBJ_issuing_distribution_point OBJ_id_ce,28L + +#define SN_certificate_issuer "certificateIssuer" +#define LN_certificate_issuer "X509v3 Certificate Issuer" +#define NID_certificate_issuer 771 +#define OBJ_certificate_issuer OBJ_id_ce,29L + +#define SN_name_constraints "nameConstraints" +#define LN_name_constraints "X509v3 Name Constraints" +#define NID_name_constraints 666 +#define OBJ_name_constraints OBJ_id_ce,30L + +#define SN_crl_distribution_points "crlDistributionPoints" +#define LN_crl_distribution_points "X509v3 CRL Distribution Points" +#define NID_crl_distribution_points 103 +#define OBJ_crl_distribution_points OBJ_id_ce,31L + +#define SN_certificate_policies "certificatePolicies" +#define LN_certificate_policies "X509v3 Certificate Policies" +#define NID_certificate_policies 89 +#define OBJ_certificate_policies OBJ_id_ce,32L + +#define SN_any_policy "anyPolicy" +#define LN_any_policy "X509v3 Any Policy" +#define NID_any_policy 746 +#define OBJ_any_policy OBJ_certificate_policies,0L + +#define SN_policy_mappings "policyMappings" +#define LN_policy_mappings "X509v3 Policy Mappings" +#define NID_policy_mappings 747 +#define OBJ_policy_mappings OBJ_id_ce,33L + +#define SN_authority_key_identifier "authorityKeyIdentifier" +#define LN_authority_key_identifier "X509v3 Authority Key Identifier" +#define NID_authority_key_identifier 90 +#define OBJ_authority_key_identifier OBJ_id_ce,35L + +#define SN_policy_constraints "policyConstraints" +#define LN_policy_constraints "X509v3 Policy Constraints" +#define NID_policy_constraints 401 +#define OBJ_policy_constraints OBJ_id_ce,36L + +#define SN_ext_key_usage "extendedKeyUsage" +#define LN_ext_key_usage "X509v3 Extended Key Usage" +#define NID_ext_key_usage 126 +#define OBJ_ext_key_usage OBJ_id_ce,37L + +#define SN_freshest_crl "freshestCRL" +#define LN_freshest_crl "X509v3 Freshest CRL" +#define NID_freshest_crl 857 +#define OBJ_freshest_crl OBJ_id_ce,46L + +#define SN_inhibit_any_policy "inhibitAnyPolicy" +#define LN_inhibit_any_policy "X509v3 Inhibit Any Policy" +#define NID_inhibit_any_policy 748 +#define OBJ_inhibit_any_policy OBJ_id_ce,54L + +#define SN_target_information "targetInformation" +#define LN_target_information "X509v3 AC Targeting" +#define NID_target_information 402 +#define OBJ_target_information OBJ_id_ce,55L + +#define SN_no_rev_avail "noRevAvail" +#define LN_no_rev_avail "X509v3 No Revocation Available" +#define NID_no_rev_avail 403 +#define OBJ_no_rev_avail OBJ_id_ce,56L + +#define SN_anyExtendedKeyUsage "anyExtendedKeyUsage" +#define LN_anyExtendedKeyUsage "Any Extended Key Usage" +#define NID_anyExtendedKeyUsage 910 +#define OBJ_anyExtendedKeyUsage OBJ_ext_key_usage,0L + +#define SN_netscape "Netscape" +#define LN_netscape "Netscape Communications Corp." +#define NID_netscape 57 +#define OBJ_netscape 2L,16L,840L,1L,113730L + +#define SN_netscape_cert_extension "nsCertExt" +#define LN_netscape_cert_extension "Netscape Certificate Extension" +#define NID_netscape_cert_extension 58 +#define OBJ_netscape_cert_extension OBJ_netscape,1L + +#define SN_netscape_data_type "nsDataType" +#define LN_netscape_data_type "Netscape Data Type" +#define NID_netscape_data_type 59 +#define OBJ_netscape_data_type OBJ_netscape,2L + +#define SN_netscape_cert_type "nsCertType" +#define LN_netscape_cert_type "Netscape Cert Type" +#define NID_netscape_cert_type 71 +#define OBJ_netscape_cert_type OBJ_netscape_cert_extension,1L + +#define SN_netscape_base_url "nsBaseUrl" +#define LN_netscape_base_url "Netscape Base Url" +#define NID_netscape_base_url 72 +#define OBJ_netscape_base_url OBJ_netscape_cert_extension,2L + +#define SN_netscape_revocation_url "nsRevocationUrl" +#define LN_netscape_revocation_url "Netscape Revocation Url" +#define NID_netscape_revocation_url 73 +#define OBJ_netscape_revocation_url OBJ_netscape_cert_extension,3L + +#define SN_netscape_ca_revocation_url "nsCaRevocationUrl" +#define LN_netscape_ca_revocation_url "Netscape CA Revocation Url" +#define NID_netscape_ca_revocation_url 74 +#define OBJ_netscape_ca_revocation_url OBJ_netscape_cert_extension,4L + +#define SN_netscape_renewal_url "nsRenewalUrl" +#define LN_netscape_renewal_url "Netscape Renewal Url" +#define NID_netscape_renewal_url 75 +#define OBJ_netscape_renewal_url OBJ_netscape_cert_extension,7L + +#define SN_netscape_ca_policy_url "nsCaPolicyUrl" +#define LN_netscape_ca_policy_url "Netscape CA Policy Url" +#define NID_netscape_ca_policy_url 76 +#define OBJ_netscape_ca_policy_url OBJ_netscape_cert_extension,8L + +#define SN_netscape_ssl_server_name "nsSslServerName" +#define LN_netscape_ssl_server_name "Netscape SSL Server Name" +#define NID_netscape_ssl_server_name 77 +#define OBJ_netscape_ssl_server_name OBJ_netscape_cert_extension,12L + +#define SN_netscape_comment "nsComment" +#define LN_netscape_comment "Netscape Comment" +#define NID_netscape_comment 78 +#define OBJ_netscape_comment OBJ_netscape_cert_extension,13L + +#define SN_netscape_cert_sequence "nsCertSequence" +#define LN_netscape_cert_sequence "Netscape Certificate Sequence" +#define NID_netscape_cert_sequence 79 +#define OBJ_netscape_cert_sequence OBJ_netscape_data_type,5L + +#define SN_ns_sgc "nsSGC" +#define LN_ns_sgc "Netscape Server Gated Crypto" +#define NID_ns_sgc 139 +#define OBJ_ns_sgc OBJ_netscape,4L,1L + +#define SN_org "ORG" +#define LN_org "org" +#define NID_org 379 +#define OBJ_org OBJ_iso,3L + +#define SN_dod "DOD" +#define LN_dod "dod" +#define NID_dod 380 +#define OBJ_dod OBJ_org,6L + +#define SN_iana "IANA" +#define LN_iana "iana" +#define NID_iana 381 +#define OBJ_iana OBJ_dod,1L + +#define OBJ_internet OBJ_iana + +#define SN_Directory "directory" +#define LN_Directory "Directory" +#define NID_Directory 382 +#define OBJ_Directory OBJ_internet,1L + +#define SN_Management "mgmt" +#define LN_Management "Management" +#define NID_Management 383 +#define OBJ_Management OBJ_internet,2L + +#define SN_Experimental "experimental" +#define LN_Experimental "Experimental" +#define NID_Experimental 384 +#define OBJ_Experimental OBJ_internet,3L + +#define SN_Private "private" +#define LN_Private "Private" +#define NID_Private 385 +#define OBJ_Private OBJ_internet,4L + +#define SN_Security "security" +#define LN_Security "Security" +#define NID_Security 386 +#define OBJ_Security OBJ_internet,5L + +#define SN_SNMPv2 "snmpv2" +#define LN_SNMPv2 "SNMPv2" +#define NID_SNMPv2 387 +#define OBJ_SNMPv2 OBJ_internet,6L + +#define LN_Mail "Mail" +#define NID_Mail 388 +#define OBJ_Mail OBJ_internet,7L + +#define SN_Enterprises "enterprises" +#define LN_Enterprises "Enterprises" +#define NID_Enterprises 389 +#define OBJ_Enterprises OBJ_Private,1L + +#define SN_dcObject "dcobject" +#define LN_dcObject "dcObject" +#define NID_dcObject 390 +#define OBJ_dcObject OBJ_Enterprises,1466L,344L + +#define SN_mime_mhs "mime-mhs" +#define LN_mime_mhs "MIME MHS" +#define NID_mime_mhs 504 +#define OBJ_mime_mhs OBJ_Mail,1L + +#define SN_mime_mhs_headings "mime-mhs-headings" +#define LN_mime_mhs_headings "mime-mhs-headings" +#define NID_mime_mhs_headings 505 +#define OBJ_mime_mhs_headings OBJ_mime_mhs,1L + +#define SN_mime_mhs_bodies "mime-mhs-bodies" +#define LN_mime_mhs_bodies "mime-mhs-bodies" +#define NID_mime_mhs_bodies 506 +#define OBJ_mime_mhs_bodies OBJ_mime_mhs,2L + +#define SN_id_hex_partial_message "id-hex-partial-message" +#define LN_id_hex_partial_message "id-hex-partial-message" +#define NID_id_hex_partial_message 507 +#define OBJ_id_hex_partial_message OBJ_mime_mhs_headings,1L + +#define SN_id_hex_multipart_message "id-hex-multipart-message" +#define LN_id_hex_multipart_message "id-hex-multipart-message" +#define NID_id_hex_multipart_message 508 +#define OBJ_id_hex_multipart_message OBJ_mime_mhs_headings,2L + +#define SN_zlib_compression "ZLIB" +#define LN_zlib_compression "zlib compression" +#define NID_zlib_compression 125 +#define OBJ_zlib_compression OBJ_id_smime_alg,8L + +#define OBJ_csor 2L,16L,840L,1L,101L,3L + +#define OBJ_nistAlgorithms OBJ_csor,4L + +#define OBJ_aes OBJ_nistAlgorithms,1L + +#define SN_aes_128_ecb "AES-128-ECB" +#define LN_aes_128_ecb "aes-128-ecb" +#define NID_aes_128_ecb 418 +#define OBJ_aes_128_ecb OBJ_aes,1L + +#define SN_aes_128_cbc "AES-128-CBC" +#define LN_aes_128_cbc "aes-128-cbc" +#define NID_aes_128_cbc 419 +#define OBJ_aes_128_cbc OBJ_aes,2L + +#define SN_aes_128_ofb128 "AES-128-OFB" +#define LN_aes_128_ofb128 "aes-128-ofb" +#define NID_aes_128_ofb128 420 +#define OBJ_aes_128_ofb128 OBJ_aes,3L + +#define SN_aes_128_cfb128 "AES-128-CFB" +#define LN_aes_128_cfb128 "aes-128-cfb" +#define NID_aes_128_cfb128 421 +#define OBJ_aes_128_cfb128 OBJ_aes,4L + +#define SN_id_aes128_wrap "id-aes128-wrap" +#define NID_id_aes128_wrap 788 +#define OBJ_id_aes128_wrap OBJ_aes,5L + +#define SN_aes_128_gcm "id-aes128-GCM" +#define LN_aes_128_gcm "aes-128-gcm" +#define NID_aes_128_gcm 895 +#define OBJ_aes_128_gcm OBJ_aes,6L + +#define SN_aes_128_ccm "id-aes128-CCM" +#define LN_aes_128_ccm "aes-128-ccm" +#define NID_aes_128_ccm 896 +#define OBJ_aes_128_ccm OBJ_aes,7L + +#define SN_id_aes128_wrap_pad "id-aes128-wrap-pad" +#define NID_id_aes128_wrap_pad 897 +#define OBJ_id_aes128_wrap_pad OBJ_aes,8L + +#define SN_aes_192_ecb "AES-192-ECB" +#define LN_aes_192_ecb "aes-192-ecb" +#define NID_aes_192_ecb 422 +#define OBJ_aes_192_ecb OBJ_aes,21L + +#define SN_aes_192_cbc "AES-192-CBC" +#define LN_aes_192_cbc "aes-192-cbc" +#define NID_aes_192_cbc 423 +#define OBJ_aes_192_cbc OBJ_aes,22L + +#define SN_aes_192_ofb128 "AES-192-OFB" +#define LN_aes_192_ofb128 "aes-192-ofb" +#define NID_aes_192_ofb128 424 +#define OBJ_aes_192_ofb128 OBJ_aes,23L + +#define SN_aes_192_cfb128 "AES-192-CFB" +#define LN_aes_192_cfb128 "aes-192-cfb" +#define NID_aes_192_cfb128 425 +#define OBJ_aes_192_cfb128 OBJ_aes,24L + +#define SN_id_aes192_wrap "id-aes192-wrap" +#define NID_id_aes192_wrap 789 +#define OBJ_id_aes192_wrap OBJ_aes,25L + +#define SN_aes_192_gcm "id-aes192-GCM" +#define LN_aes_192_gcm "aes-192-gcm" +#define NID_aes_192_gcm 898 +#define OBJ_aes_192_gcm OBJ_aes,26L + +#define SN_aes_192_ccm "id-aes192-CCM" +#define LN_aes_192_ccm "aes-192-ccm" +#define NID_aes_192_ccm 899 +#define OBJ_aes_192_ccm OBJ_aes,27L + +#define SN_id_aes192_wrap_pad "id-aes192-wrap-pad" +#define NID_id_aes192_wrap_pad 900 +#define OBJ_id_aes192_wrap_pad OBJ_aes,28L + +#define SN_aes_256_ecb "AES-256-ECB" +#define LN_aes_256_ecb "aes-256-ecb" +#define NID_aes_256_ecb 426 +#define OBJ_aes_256_ecb OBJ_aes,41L + +#define SN_aes_256_cbc "AES-256-CBC" +#define LN_aes_256_cbc "aes-256-cbc" +#define NID_aes_256_cbc 427 +#define OBJ_aes_256_cbc OBJ_aes,42L + +#define SN_aes_256_ofb128 "AES-256-OFB" +#define LN_aes_256_ofb128 "aes-256-ofb" +#define NID_aes_256_ofb128 428 +#define OBJ_aes_256_ofb128 OBJ_aes,43L + +#define SN_aes_256_cfb128 "AES-256-CFB" +#define LN_aes_256_cfb128 "aes-256-cfb" +#define NID_aes_256_cfb128 429 +#define OBJ_aes_256_cfb128 OBJ_aes,44L + +#define SN_id_aes256_wrap "id-aes256-wrap" +#define NID_id_aes256_wrap 790 +#define OBJ_id_aes256_wrap OBJ_aes,45L + +#define SN_aes_256_gcm "id-aes256-GCM" +#define LN_aes_256_gcm "aes-256-gcm" +#define NID_aes_256_gcm 901 +#define OBJ_aes_256_gcm OBJ_aes,46L + +#define SN_aes_256_ccm "id-aes256-CCM" +#define LN_aes_256_ccm "aes-256-ccm" +#define NID_aes_256_ccm 902 +#define OBJ_aes_256_ccm OBJ_aes,47L + +#define SN_id_aes256_wrap_pad "id-aes256-wrap-pad" +#define NID_id_aes256_wrap_pad 903 +#define OBJ_id_aes256_wrap_pad OBJ_aes,48L + +#define SN_aes_128_xts "AES-128-XTS" +#define LN_aes_128_xts "aes-128-xts" +#define NID_aes_128_xts 913 +#define OBJ_aes_128_xts OBJ_ieee_siswg,0L,1L,1L + +#define SN_aes_256_xts "AES-256-XTS" +#define LN_aes_256_xts "aes-256-xts" +#define NID_aes_256_xts 914 +#define OBJ_aes_256_xts OBJ_ieee_siswg,0L,1L,2L + +#define SN_aes_128_cfb1 "AES-128-CFB1" +#define LN_aes_128_cfb1 "aes-128-cfb1" +#define NID_aes_128_cfb1 650 + +#define SN_aes_192_cfb1 "AES-192-CFB1" +#define LN_aes_192_cfb1 "aes-192-cfb1" +#define NID_aes_192_cfb1 651 + +#define SN_aes_256_cfb1 "AES-256-CFB1" +#define LN_aes_256_cfb1 "aes-256-cfb1" +#define NID_aes_256_cfb1 652 + +#define SN_aes_128_cfb8 "AES-128-CFB8" +#define LN_aes_128_cfb8 "aes-128-cfb8" +#define NID_aes_128_cfb8 653 + +#define SN_aes_192_cfb8 "AES-192-CFB8" +#define LN_aes_192_cfb8 "aes-192-cfb8" +#define NID_aes_192_cfb8 654 + +#define SN_aes_256_cfb8 "AES-256-CFB8" +#define LN_aes_256_cfb8 "aes-256-cfb8" +#define NID_aes_256_cfb8 655 + +#define SN_aes_128_ctr "AES-128-CTR" +#define LN_aes_128_ctr "aes-128-ctr" +#define NID_aes_128_ctr 904 + +#define SN_aes_192_ctr "AES-192-CTR" +#define LN_aes_192_ctr "aes-192-ctr" +#define NID_aes_192_ctr 905 + +#define SN_aes_256_ctr "AES-256-CTR" +#define LN_aes_256_ctr "aes-256-ctr" +#define NID_aes_256_ctr 906 + +#define SN_aes_128_ocb "AES-128-OCB" +#define LN_aes_128_ocb "aes-128-ocb" +#define NID_aes_128_ocb 958 + +#define SN_aes_192_ocb "AES-192-OCB" +#define LN_aes_192_ocb "aes-192-ocb" +#define NID_aes_192_ocb 959 + +#define SN_aes_256_ocb "AES-256-OCB" +#define LN_aes_256_ocb "aes-256-ocb" +#define NID_aes_256_ocb 960 + +#define SN_des_cfb1 "DES-CFB1" +#define LN_des_cfb1 "des-cfb1" +#define NID_des_cfb1 656 + +#define SN_des_cfb8 "DES-CFB8" +#define LN_des_cfb8 "des-cfb8" +#define NID_des_cfb8 657 + +#define SN_des_ede3_cfb1 "DES-EDE3-CFB1" +#define LN_des_ede3_cfb1 "des-ede3-cfb1" +#define NID_des_ede3_cfb1 658 + +#define SN_des_ede3_cfb8 "DES-EDE3-CFB8" +#define LN_des_ede3_cfb8 "des-ede3-cfb8" +#define NID_des_ede3_cfb8 659 + +#define OBJ_nist_hashalgs OBJ_nistAlgorithms,2L + +#define SN_sha256 "SHA256" +#define LN_sha256 "sha256" +#define NID_sha256 672 +#define OBJ_sha256 OBJ_nist_hashalgs,1L + +#define SN_sha384 "SHA384" +#define LN_sha384 "sha384" +#define NID_sha384 673 +#define OBJ_sha384 OBJ_nist_hashalgs,2L + +#define SN_sha512 "SHA512" +#define LN_sha512 "sha512" +#define NID_sha512 674 +#define OBJ_sha512 OBJ_nist_hashalgs,3L + +#define SN_sha224 "SHA224" +#define LN_sha224 "sha224" +#define NID_sha224 675 +#define OBJ_sha224 OBJ_nist_hashalgs,4L + +#define SN_sha512_224 "SHA512-224" +#define LN_sha512_224 "sha512-224" +#define NID_sha512_224 1094 +#define OBJ_sha512_224 OBJ_nist_hashalgs,5L + +#define SN_sha512_256 "SHA512-256" +#define LN_sha512_256 "sha512-256" +#define NID_sha512_256 1095 +#define OBJ_sha512_256 OBJ_nist_hashalgs,6L + +#define SN_sha3_224 "SHA3-224" +#define LN_sha3_224 "sha3-224" +#define NID_sha3_224 1096 +#define OBJ_sha3_224 OBJ_nist_hashalgs,7L + +#define SN_sha3_256 "SHA3-256" +#define LN_sha3_256 "sha3-256" +#define NID_sha3_256 1097 +#define OBJ_sha3_256 OBJ_nist_hashalgs,8L + +#define SN_sha3_384 "SHA3-384" +#define LN_sha3_384 "sha3-384" +#define NID_sha3_384 1098 +#define OBJ_sha3_384 OBJ_nist_hashalgs,9L + +#define SN_sha3_512 "SHA3-512" +#define LN_sha3_512 "sha3-512" +#define NID_sha3_512 1099 +#define OBJ_sha3_512 OBJ_nist_hashalgs,10L + +#define SN_shake128 "SHAKE128" +#define LN_shake128 "shake128" +#define NID_shake128 1100 +#define OBJ_shake128 OBJ_nist_hashalgs,11L + +#define SN_shake256 "SHAKE256" +#define LN_shake256 "shake256" +#define NID_shake256 1101 +#define OBJ_shake256 OBJ_nist_hashalgs,12L + +#define SN_hmac_sha3_224 "id-hmacWithSHA3-224" +#define LN_hmac_sha3_224 "hmac-sha3-224" +#define NID_hmac_sha3_224 1102 +#define OBJ_hmac_sha3_224 OBJ_nist_hashalgs,13L + +#define SN_hmac_sha3_256 "id-hmacWithSHA3-256" +#define LN_hmac_sha3_256 "hmac-sha3-256" +#define NID_hmac_sha3_256 1103 +#define OBJ_hmac_sha3_256 OBJ_nist_hashalgs,14L + +#define SN_hmac_sha3_384 "id-hmacWithSHA3-384" +#define LN_hmac_sha3_384 "hmac-sha3-384" +#define NID_hmac_sha3_384 1104 +#define OBJ_hmac_sha3_384 OBJ_nist_hashalgs,15L + +#define SN_hmac_sha3_512 "id-hmacWithSHA3-512" +#define LN_hmac_sha3_512 "hmac-sha3-512" +#define NID_hmac_sha3_512 1105 +#define OBJ_hmac_sha3_512 OBJ_nist_hashalgs,16L + +#define SN_kmac128 "KMAC128" +#define LN_kmac128 "kmac128" +#define NID_kmac128 1196 +#define OBJ_kmac128 OBJ_nist_hashalgs,19L + +#define SN_kmac256 "KMAC256" +#define LN_kmac256 "kmac256" +#define NID_kmac256 1197 +#define OBJ_kmac256 OBJ_nist_hashalgs,20L + +#define OBJ_dsa_with_sha2 OBJ_nistAlgorithms,3L + +#define SN_dsa_with_SHA224 "dsa_with_SHA224" +#define NID_dsa_with_SHA224 802 +#define OBJ_dsa_with_SHA224 OBJ_dsa_with_sha2,1L + +#define SN_dsa_with_SHA256 "dsa_with_SHA256" +#define NID_dsa_with_SHA256 803 +#define OBJ_dsa_with_SHA256 OBJ_dsa_with_sha2,2L + +#define OBJ_sigAlgs OBJ_nistAlgorithms,3L + +#define SN_dsa_with_SHA384 "id-dsa-with-sha384" +#define LN_dsa_with_SHA384 "dsa_with_SHA384" +#define NID_dsa_with_SHA384 1106 +#define OBJ_dsa_with_SHA384 OBJ_sigAlgs,3L + +#define SN_dsa_with_SHA512 "id-dsa-with-sha512" +#define LN_dsa_with_SHA512 "dsa_with_SHA512" +#define NID_dsa_with_SHA512 1107 +#define OBJ_dsa_with_SHA512 OBJ_sigAlgs,4L + +#define SN_dsa_with_SHA3_224 "id-dsa-with-sha3-224" +#define LN_dsa_with_SHA3_224 "dsa_with_SHA3-224" +#define NID_dsa_with_SHA3_224 1108 +#define OBJ_dsa_with_SHA3_224 OBJ_sigAlgs,5L + +#define SN_dsa_with_SHA3_256 "id-dsa-with-sha3-256" +#define LN_dsa_with_SHA3_256 "dsa_with_SHA3-256" +#define NID_dsa_with_SHA3_256 1109 +#define OBJ_dsa_with_SHA3_256 OBJ_sigAlgs,6L + +#define SN_dsa_with_SHA3_384 "id-dsa-with-sha3-384" +#define LN_dsa_with_SHA3_384 "dsa_with_SHA3-384" +#define NID_dsa_with_SHA3_384 1110 +#define OBJ_dsa_with_SHA3_384 OBJ_sigAlgs,7L + +#define SN_dsa_with_SHA3_512 "id-dsa-with-sha3-512" +#define LN_dsa_with_SHA3_512 "dsa_with_SHA3-512" +#define NID_dsa_with_SHA3_512 1111 +#define OBJ_dsa_with_SHA3_512 OBJ_sigAlgs,8L + +#define SN_ecdsa_with_SHA3_224 "id-ecdsa-with-sha3-224" +#define LN_ecdsa_with_SHA3_224 "ecdsa_with_SHA3-224" +#define NID_ecdsa_with_SHA3_224 1112 +#define OBJ_ecdsa_with_SHA3_224 OBJ_sigAlgs,9L + +#define SN_ecdsa_with_SHA3_256 "id-ecdsa-with-sha3-256" +#define LN_ecdsa_with_SHA3_256 "ecdsa_with_SHA3-256" +#define NID_ecdsa_with_SHA3_256 1113 +#define OBJ_ecdsa_with_SHA3_256 OBJ_sigAlgs,10L + +#define SN_ecdsa_with_SHA3_384 "id-ecdsa-with-sha3-384" +#define LN_ecdsa_with_SHA3_384 "ecdsa_with_SHA3-384" +#define NID_ecdsa_with_SHA3_384 1114 +#define OBJ_ecdsa_with_SHA3_384 OBJ_sigAlgs,11L + +#define SN_ecdsa_with_SHA3_512 "id-ecdsa-with-sha3-512" +#define LN_ecdsa_with_SHA3_512 "ecdsa_with_SHA3-512" +#define NID_ecdsa_with_SHA3_512 1115 +#define OBJ_ecdsa_with_SHA3_512 OBJ_sigAlgs,12L + +#define SN_RSA_SHA3_224 "id-rsassa-pkcs1-v1_5-with-sha3-224" +#define LN_RSA_SHA3_224 "RSA-SHA3-224" +#define NID_RSA_SHA3_224 1116 +#define OBJ_RSA_SHA3_224 OBJ_sigAlgs,13L + +#define SN_RSA_SHA3_256 "id-rsassa-pkcs1-v1_5-with-sha3-256" +#define LN_RSA_SHA3_256 "RSA-SHA3-256" +#define NID_RSA_SHA3_256 1117 +#define OBJ_RSA_SHA3_256 OBJ_sigAlgs,14L + +#define SN_RSA_SHA3_384 "id-rsassa-pkcs1-v1_5-with-sha3-384" +#define LN_RSA_SHA3_384 "RSA-SHA3-384" +#define NID_RSA_SHA3_384 1118 +#define OBJ_RSA_SHA3_384 OBJ_sigAlgs,15L + +#define SN_RSA_SHA3_512 "id-rsassa-pkcs1-v1_5-with-sha3-512" +#define LN_RSA_SHA3_512 "RSA-SHA3-512" +#define NID_RSA_SHA3_512 1119 +#define OBJ_RSA_SHA3_512 OBJ_sigAlgs,16L + +#define SN_hold_instruction_code "holdInstructionCode" +#define LN_hold_instruction_code "Hold Instruction Code" +#define NID_hold_instruction_code 430 +#define OBJ_hold_instruction_code OBJ_id_ce,23L + +#define OBJ_holdInstruction OBJ_X9_57,2L + +#define SN_hold_instruction_none "holdInstructionNone" +#define LN_hold_instruction_none "Hold Instruction None" +#define NID_hold_instruction_none 431 +#define OBJ_hold_instruction_none OBJ_holdInstruction,1L + +#define SN_hold_instruction_call_issuer "holdInstructionCallIssuer" +#define LN_hold_instruction_call_issuer "Hold Instruction Call Issuer" +#define NID_hold_instruction_call_issuer 432 +#define OBJ_hold_instruction_call_issuer OBJ_holdInstruction,2L + +#define SN_hold_instruction_reject "holdInstructionReject" +#define LN_hold_instruction_reject "Hold Instruction Reject" +#define NID_hold_instruction_reject 433 +#define OBJ_hold_instruction_reject OBJ_holdInstruction,3L + +#define SN_data "data" +#define NID_data 434 +#define OBJ_data OBJ_itu_t,9L + +#define SN_pss "pss" +#define NID_pss 435 +#define OBJ_pss OBJ_data,2342L + +#define SN_ucl "ucl" +#define NID_ucl 436 +#define OBJ_ucl OBJ_pss,19200300L + +#define SN_pilot "pilot" +#define NID_pilot 437 +#define OBJ_pilot OBJ_ucl,100L + +#define LN_pilotAttributeType "pilotAttributeType" +#define NID_pilotAttributeType 438 +#define OBJ_pilotAttributeType OBJ_pilot,1L + +#define LN_pilotAttributeSyntax "pilotAttributeSyntax" +#define NID_pilotAttributeSyntax 439 +#define OBJ_pilotAttributeSyntax OBJ_pilot,3L + +#define LN_pilotObjectClass "pilotObjectClass" +#define NID_pilotObjectClass 440 +#define OBJ_pilotObjectClass OBJ_pilot,4L + +#define LN_pilotGroups "pilotGroups" +#define NID_pilotGroups 441 +#define OBJ_pilotGroups OBJ_pilot,10L + +#define LN_iA5StringSyntax "iA5StringSyntax" +#define NID_iA5StringSyntax 442 +#define OBJ_iA5StringSyntax OBJ_pilotAttributeSyntax,4L + +#define LN_caseIgnoreIA5StringSyntax "caseIgnoreIA5StringSyntax" +#define NID_caseIgnoreIA5StringSyntax 443 +#define OBJ_caseIgnoreIA5StringSyntax OBJ_pilotAttributeSyntax,5L + +#define LN_pilotObject "pilotObject" +#define NID_pilotObject 444 +#define OBJ_pilotObject OBJ_pilotObjectClass,3L + +#define LN_pilotPerson "pilotPerson" +#define NID_pilotPerson 445 +#define OBJ_pilotPerson OBJ_pilotObjectClass,4L + +#define SN_account "account" +#define NID_account 446 +#define OBJ_account OBJ_pilotObjectClass,5L + +#define SN_document "document" +#define NID_document 447 +#define OBJ_document OBJ_pilotObjectClass,6L + +#define SN_room "room" +#define NID_room 448 +#define OBJ_room OBJ_pilotObjectClass,7L + +#define LN_documentSeries "documentSeries" +#define NID_documentSeries 449 +#define OBJ_documentSeries OBJ_pilotObjectClass,9L + +#define SN_Domain "domain" +#define LN_Domain "Domain" +#define NID_Domain 392 +#define OBJ_Domain OBJ_pilotObjectClass,13L + +#define LN_rFC822localPart "rFC822localPart" +#define NID_rFC822localPart 450 +#define OBJ_rFC822localPart OBJ_pilotObjectClass,14L + +#define LN_dNSDomain "dNSDomain" +#define NID_dNSDomain 451 +#define OBJ_dNSDomain OBJ_pilotObjectClass,15L + +#define LN_domainRelatedObject "domainRelatedObject" +#define NID_domainRelatedObject 452 +#define OBJ_domainRelatedObject OBJ_pilotObjectClass,17L + +#define LN_friendlyCountry "friendlyCountry" +#define NID_friendlyCountry 453 +#define OBJ_friendlyCountry OBJ_pilotObjectClass,18L + +#define LN_simpleSecurityObject "simpleSecurityObject" +#define NID_simpleSecurityObject 454 +#define OBJ_simpleSecurityObject OBJ_pilotObjectClass,19L + +#define LN_pilotOrganization "pilotOrganization" +#define NID_pilotOrganization 455 +#define OBJ_pilotOrganization OBJ_pilotObjectClass,20L + +#define LN_pilotDSA "pilotDSA" +#define NID_pilotDSA 456 +#define OBJ_pilotDSA OBJ_pilotObjectClass,21L + +#define LN_qualityLabelledData "qualityLabelledData" +#define NID_qualityLabelledData 457 +#define OBJ_qualityLabelledData OBJ_pilotObjectClass,22L + +#define SN_userId "UID" +#define LN_userId "userId" +#define NID_userId 458 +#define OBJ_userId OBJ_pilotAttributeType,1L + +#define LN_textEncodedORAddress "textEncodedORAddress" +#define NID_textEncodedORAddress 459 +#define OBJ_textEncodedORAddress OBJ_pilotAttributeType,2L + +#define SN_rfc822Mailbox "mail" +#define LN_rfc822Mailbox "rfc822Mailbox" +#define NID_rfc822Mailbox 460 +#define OBJ_rfc822Mailbox OBJ_pilotAttributeType,3L + +#define SN_info "info" +#define NID_info 461 +#define OBJ_info OBJ_pilotAttributeType,4L + +#define LN_favouriteDrink "favouriteDrink" +#define NID_favouriteDrink 462 +#define OBJ_favouriteDrink OBJ_pilotAttributeType,5L + +#define LN_roomNumber "roomNumber" +#define NID_roomNumber 463 +#define OBJ_roomNumber OBJ_pilotAttributeType,6L + +#define SN_photo "photo" +#define NID_photo 464 +#define OBJ_photo OBJ_pilotAttributeType,7L + +#define LN_userClass "userClass" +#define NID_userClass 465 +#define OBJ_userClass OBJ_pilotAttributeType,8L + +#define SN_host "host" +#define NID_host 466 +#define OBJ_host OBJ_pilotAttributeType,9L + +#define SN_manager "manager" +#define NID_manager 467 +#define OBJ_manager OBJ_pilotAttributeType,10L + +#define LN_documentIdentifier "documentIdentifier" +#define NID_documentIdentifier 468 +#define OBJ_documentIdentifier OBJ_pilotAttributeType,11L + +#define LN_documentTitle "documentTitle" +#define NID_documentTitle 469 +#define OBJ_documentTitle OBJ_pilotAttributeType,12L + +#define LN_documentVersion "documentVersion" +#define NID_documentVersion 470 +#define OBJ_documentVersion OBJ_pilotAttributeType,13L + +#define LN_documentAuthor "documentAuthor" +#define NID_documentAuthor 471 +#define OBJ_documentAuthor OBJ_pilotAttributeType,14L + +#define LN_documentLocation "documentLocation" +#define NID_documentLocation 472 +#define OBJ_documentLocation OBJ_pilotAttributeType,15L + +#define LN_homeTelephoneNumber "homeTelephoneNumber" +#define NID_homeTelephoneNumber 473 +#define OBJ_homeTelephoneNumber OBJ_pilotAttributeType,20L + +#define SN_secretary "secretary" +#define NID_secretary 474 +#define OBJ_secretary OBJ_pilotAttributeType,21L + +#define LN_otherMailbox "otherMailbox" +#define NID_otherMailbox 475 +#define OBJ_otherMailbox OBJ_pilotAttributeType,22L + +#define LN_lastModifiedTime "lastModifiedTime" +#define NID_lastModifiedTime 476 +#define OBJ_lastModifiedTime OBJ_pilotAttributeType,23L + +#define LN_lastModifiedBy "lastModifiedBy" +#define NID_lastModifiedBy 477 +#define OBJ_lastModifiedBy OBJ_pilotAttributeType,24L + +#define SN_domainComponent "DC" +#define LN_domainComponent "domainComponent" +#define NID_domainComponent 391 +#define OBJ_domainComponent OBJ_pilotAttributeType,25L + +#define LN_aRecord "aRecord" +#define NID_aRecord 478 +#define OBJ_aRecord OBJ_pilotAttributeType,26L + +#define LN_pilotAttributeType27 "pilotAttributeType27" +#define NID_pilotAttributeType27 479 +#define OBJ_pilotAttributeType27 OBJ_pilotAttributeType,27L + +#define LN_mXRecord "mXRecord" +#define NID_mXRecord 480 +#define OBJ_mXRecord OBJ_pilotAttributeType,28L + +#define LN_nSRecord "nSRecord" +#define NID_nSRecord 481 +#define OBJ_nSRecord OBJ_pilotAttributeType,29L + +#define LN_sOARecord "sOARecord" +#define NID_sOARecord 482 +#define OBJ_sOARecord OBJ_pilotAttributeType,30L + +#define LN_cNAMERecord "cNAMERecord" +#define NID_cNAMERecord 483 +#define OBJ_cNAMERecord OBJ_pilotAttributeType,31L + +#define LN_associatedDomain "associatedDomain" +#define NID_associatedDomain 484 +#define OBJ_associatedDomain OBJ_pilotAttributeType,37L + +#define LN_associatedName "associatedName" +#define NID_associatedName 485 +#define OBJ_associatedName OBJ_pilotAttributeType,38L + +#define LN_homePostalAddress "homePostalAddress" +#define NID_homePostalAddress 486 +#define OBJ_homePostalAddress OBJ_pilotAttributeType,39L + +#define LN_personalTitle "personalTitle" +#define NID_personalTitle 487 +#define OBJ_personalTitle OBJ_pilotAttributeType,40L + +#define LN_mobileTelephoneNumber "mobileTelephoneNumber" +#define NID_mobileTelephoneNumber 488 +#define OBJ_mobileTelephoneNumber OBJ_pilotAttributeType,41L + +#define LN_pagerTelephoneNumber "pagerTelephoneNumber" +#define NID_pagerTelephoneNumber 489 +#define OBJ_pagerTelephoneNumber OBJ_pilotAttributeType,42L + +#define LN_friendlyCountryName "friendlyCountryName" +#define NID_friendlyCountryName 490 +#define OBJ_friendlyCountryName OBJ_pilotAttributeType,43L + +#define SN_uniqueIdentifier "uid" +#define LN_uniqueIdentifier "uniqueIdentifier" +#define NID_uniqueIdentifier 102 +#define OBJ_uniqueIdentifier OBJ_pilotAttributeType,44L + +#define LN_organizationalStatus "organizationalStatus" +#define NID_organizationalStatus 491 +#define OBJ_organizationalStatus OBJ_pilotAttributeType,45L + +#define LN_janetMailbox "janetMailbox" +#define NID_janetMailbox 492 +#define OBJ_janetMailbox OBJ_pilotAttributeType,46L + +#define LN_mailPreferenceOption "mailPreferenceOption" +#define NID_mailPreferenceOption 493 +#define OBJ_mailPreferenceOption OBJ_pilotAttributeType,47L + +#define LN_buildingName "buildingName" +#define NID_buildingName 494 +#define OBJ_buildingName OBJ_pilotAttributeType,48L + +#define LN_dSAQuality "dSAQuality" +#define NID_dSAQuality 495 +#define OBJ_dSAQuality OBJ_pilotAttributeType,49L + +#define LN_singleLevelQuality "singleLevelQuality" +#define NID_singleLevelQuality 496 +#define OBJ_singleLevelQuality OBJ_pilotAttributeType,50L + +#define LN_subtreeMinimumQuality "subtreeMinimumQuality" +#define NID_subtreeMinimumQuality 497 +#define OBJ_subtreeMinimumQuality OBJ_pilotAttributeType,51L + +#define LN_subtreeMaximumQuality "subtreeMaximumQuality" +#define NID_subtreeMaximumQuality 498 +#define OBJ_subtreeMaximumQuality OBJ_pilotAttributeType,52L + +#define LN_personalSignature "personalSignature" +#define NID_personalSignature 499 +#define OBJ_personalSignature OBJ_pilotAttributeType,53L + +#define LN_dITRedirect "dITRedirect" +#define NID_dITRedirect 500 +#define OBJ_dITRedirect OBJ_pilotAttributeType,54L + +#define SN_audio "audio" +#define NID_audio 501 +#define OBJ_audio OBJ_pilotAttributeType,55L + +#define LN_documentPublisher "documentPublisher" +#define NID_documentPublisher 502 +#define OBJ_documentPublisher OBJ_pilotAttributeType,56L + +#define SN_id_set "id-set" +#define LN_id_set "Secure Electronic Transactions" +#define NID_id_set 512 +#define OBJ_id_set OBJ_international_organizations,42L + +#define SN_set_ctype "set-ctype" +#define LN_set_ctype "content types" +#define NID_set_ctype 513 +#define OBJ_set_ctype OBJ_id_set,0L + +#define SN_set_msgExt "set-msgExt" +#define LN_set_msgExt "message extensions" +#define NID_set_msgExt 514 +#define OBJ_set_msgExt OBJ_id_set,1L + +#define SN_set_attr "set-attr" +#define NID_set_attr 515 +#define OBJ_set_attr OBJ_id_set,3L + +#define SN_set_policy "set-policy" +#define NID_set_policy 516 +#define OBJ_set_policy OBJ_id_set,5L + +#define SN_set_certExt "set-certExt" +#define LN_set_certExt "certificate extensions" +#define NID_set_certExt 517 +#define OBJ_set_certExt OBJ_id_set,7L + +#define SN_set_brand "set-brand" +#define NID_set_brand 518 +#define OBJ_set_brand OBJ_id_set,8L + +#define SN_setct_PANData "setct-PANData" +#define NID_setct_PANData 519 +#define OBJ_setct_PANData OBJ_set_ctype,0L + +#define SN_setct_PANToken "setct-PANToken" +#define NID_setct_PANToken 520 +#define OBJ_setct_PANToken OBJ_set_ctype,1L + +#define SN_setct_PANOnly "setct-PANOnly" +#define NID_setct_PANOnly 521 +#define OBJ_setct_PANOnly OBJ_set_ctype,2L + +#define SN_setct_OIData "setct-OIData" +#define NID_setct_OIData 522 +#define OBJ_setct_OIData OBJ_set_ctype,3L + +#define SN_setct_PI "setct-PI" +#define NID_setct_PI 523 +#define OBJ_setct_PI OBJ_set_ctype,4L + +#define SN_setct_PIData "setct-PIData" +#define NID_setct_PIData 524 +#define OBJ_setct_PIData OBJ_set_ctype,5L + +#define SN_setct_PIDataUnsigned "setct-PIDataUnsigned" +#define NID_setct_PIDataUnsigned 525 +#define OBJ_setct_PIDataUnsigned OBJ_set_ctype,6L + +#define SN_setct_HODInput "setct-HODInput" +#define NID_setct_HODInput 526 +#define OBJ_setct_HODInput OBJ_set_ctype,7L + +#define SN_setct_AuthResBaggage "setct-AuthResBaggage" +#define NID_setct_AuthResBaggage 527 +#define OBJ_setct_AuthResBaggage OBJ_set_ctype,8L + +#define SN_setct_AuthRevReqBaggage "setct-AuthRevReqBaggage" +#define NID_setct_AuthRevReqBaggage 528 +#define OBJ_setct_AuthRevReqBaggage OBJ_set_ctype,9L + +#define SN_setct_AuthRevResBaggage "setct-AuthRevResBaggage" +#define NID_setct_AuthRevResBaggage 529 +#define OBJ_setct_AuthRevResBaggage OBJ_set_ctype,10L + +#define SN_setct_CapTokenSeq "setct-CapTokenSeq" +#define NID_setct_CapTokenSeq 530 +#define OBJ_setct_CapTokenSeq OBJ_set_ctype,11L + +#define SN_setct_PInitResData "setct-PInitResData" +#define NID_setct_PInitResData 531 +#define OBJ_setct_PInitResData OBJ_set_ctype,12L + +#define SN_setct_PI_TBS "setct-PI-TBS" +#define NID_setct_PI_TBS 532 +#define OBJ_setct_PI_TBS OBJ_set_ctype,13L + +#define SN_setct_PResData "setct-PResData" +#define NID_setct_PResData 533 +#define OBJ_setct_PResData OBJ_set_ctype,14L + +#define SN_setct_AuthReqTBS "setct-AuthReqTBS" +#define NID_setct_AuthReqTBS 534 +#define OBJ_setct_AuthReqTBS OBJ_set_ctype,16L + +#define SN_setct_AuthResTBS "setct-AuthResTBS" +#define NID_setct_AuthResTBS 535 +#define OBJ_setct_AuthResTBS OBJ_set_ctype,17L + +#define SN_setct_AuthResTBSX "setct-AuthResTBSX" +#define NID_setct_AuthResTBSX 536 +#define OBJ_setct_AuthResTBSX OBJ_set_ctype,18L + +#define SN_setct_AuthTokenTBS "setct-AuthTokenTBS" +#define NID_setct_AuthTokenTBS 537 +#define OBJ_setct_AuthTokenTBS OBJ_set_ctype,19L + +#define SN_setct_CapTokenData "setct-CapTokenData" +#define NID_setct_CapTokenData 538 +#define OBJ_setct_CapTokenData OBJ_set_ctype,20L + +#define SN_setct_CapTokenTBS "setct-CapTokenTBS" +#define NID_setct_CapTokenTBS 539 +#define OBJ_setct_CapTokenTBS OBJ_set_ctype,21L + +#define SN_setct_AcqCardCodeMsg "setct-AcqCardCodeMsg" +#define NID_setct_AcqCardCodeMsg 540 +#define OBJ_setct_AcqCardCodeMsg OBJ_set_ctype,22L + +#define SN_setct_AuthRevReqTBS "setct-AuthRevReqTBS" +#define NID_setct_AuthRevReqTBS 541 +#define OBJ_setct_AuthRevReqTBS OBJ_set_ctype,23L + +#define SN_setct_AuthRevResData "setct-AuthRevResData" +#define NID_setct_AuthRevResData 542 +#define OBJ_setct_AuthRevResData OBJ_set_ctype,24L + +#define SN_setct_AuthRevResTBS "setct-AuthRevResTBS" +#define NID_setct_AuthRevResTBS 543 +#define OBJ_setct_AuthRevResTBS OBJ_set_ctype,25L + +#define SN_setct_CapReqTBS "setct-CapReqTBS" +#define NID_setct_CapReqTBS 544 +#define OBJ_setct_CapReqTBS OBJ_set_ctype,26L + +#define SN_setct_CapReqTBSX "setct-CapReqTBSX" +#define NID_setct_CapReqTBSX 545 +#define OBJ_setct_CapReqTBSX OBJ_set_ctype,27L + +#define SN_setct_CapResData "setct-CapResData" +#define NID_setct_CapResData 546 +#define OBJ_setct_CapResData OBJ_set_ctype,28L + +#define SN_setct_CapRevReqTBS "setct-CapRevReqTBS" +#define NID_setct_CapRevReqTBS 547 +#define OBJ_setct_CapRevReqTBS OBJ_set_ctype,29L + +#define SN_setct_CapRevReqTBSX "setct-CapRevReqTBSX" +#define NID_setct_CapRevReqTBSX 548 +#define OBJ_setct_CapRevReqTBSX OBJ_set_ctype,30L + +#define SN_setct_CapRevResData "setct-CapRevResData" +#define NID_setct_CapRevResData 549 +#define OBJ_setct_CapRevResData OBJ_set_ctype,31L + +#define SN_setct_CredReqTBS "setct-CredReqTBS" +#define NID_setct_CredReqTBS 550 +#define OBJ_setct_CredReqTBS OBJ_set_ctype,32L + +#define SN_setct_CredReqTBSX "setct-CredReqTBSX" +#define NID_setct_CredReqTBSX 551 +#define OBJ_setct_CredReqTBSX OBJ_set_ctype,33L + +#define SN_setct_CredResData "setct-CredResData" +#define NID_setct_CredResData 552 +#define OBJ_setct_CredResData OBJ_set_ctype,34L + +#define SN_setct_CredRevReqTBS "setct-CredRevReqTBS" +#define NID_setct_CredRevReqTBS 553 +#define OBJ_setct_CredRevReqTBS OBJ_set_ctype,35L + +#define SN_setct_CredRevReqTBSX "setct-CredRevReqTBSX" +#define NID_setct_CredRevReqTBSX 554 +#define OBJ_setct_CredRevReqTBSX OBJ_set_ctype,36L + +#define SN_setct_CredRevResData "setct-CredRevResData" +#define NID_setct_CredRevResData 555 +#define OBJ_setct_CredRevResData OBJ_set_ctype,37L + +#define SN_setct_PCertReqData "setct-PCertReqData" +#define NID_setct_PCertReqData 556 +#define OBJ_setct_PCertReqData OBJ_set_ctype,38L + +#define SN_setct_PCertResTBS "setct-PCertResTBS" +#define NID_setct_PCertResTBS 557 +#define OBJ_setct_PCertResTBS OBJ_set_ctype,39L + +#define SN_setct_BatchAdminReqData "setct-BatchAdminReqData" +#define NID_setct_BatchAdminReqData 558 +#define OBJ_setct_BatchAdminReqData OBJ_set_ctype,40L + +#define SN_setct_BatchAdminResData "setct-BatchAdminResData" +#define NID_setct_BatchAdminResData 559 +#define OBJ_setct_BatchAdminResData OBJ_set_ctype,41L + +#define SN_setct_CardCInitResTBS "setct-CardCInitResTBS" +#define NID_setct_CardCInitResTBS 560 +#define OBJ_setct_CardCInitResTBS OBJ_set_ctype,42L + +#define SN_setct_MeAqCInitResTBS "setct-MeAqCInitResTBS" +#define NID_setct_MeAqCInitResTBS 561 +#define OBJ_setct_MeAqCInitResTBS OBJ_set_ctype,43L + +#define SN_setct_RegFormResTBS "setct-RegFormResTBS" +#define NID_setct_RegFormResTBS 562 +#define OBJ_setct_RegFormResTBS OBJ_set_ctype,44L + +#define SN_setct_CertReqData "setct-CertReqData" +#define NID_setct_CertReqData 563 +#define OBJ_setct_CertReqData OBJ_set_ctype,45L + +#define SN_setct_CertReqTBS "setct-CertReqTBS" +#define NID_setct_CertReqTBS 564 +#define OBJ_setct_CertReqTBS OBJ_set_ctype,46L + +#define SN_setct_CertResData "setct-CertResData" +#define NID_setct_CertResData 565 +#define OBJ_setct_CertResData OBJ_set_ctype,47L + +#define SN_setct_CertInqReqTBS "setct-CertInqReqTBS" +#define NID_setct_CertInqReqTBS 566 +#define OBJ_setct_CertInqReqTBS OBJ_set_ctype,48L + +#define SN_setct_ErrorTBS "setct-ErrorTBS" +#define NID_setct_ErrorTBS 567 +#define OBJ_setct_ErrorTBS OBJ_set_ctype,49L + +#define SN_setct_PIDualSignedTBE "setct-PIDualSignedTBE" +#define NID_setct_PIDualSignedTBE 568 +#define OBJ_setct_PIDualSignedTBE OBJ_set_ctype,50L + +#define SN_setct_PIUnsignedTBE "setct-PIUnsignedTBE" +#define NID_setct_PIUnsignedTBE 569 +#define OBJ_setct_PIUnsignedTBE OBJ_set_ctype,51L + +#define SN_setct_AuthReqTBE "setct-AuthReqTBE" +#define NID_setct_AuthReqTBE 570 +#define OBJ_setct_AuthReqTBE OBJ_set_ctype,52L + +#define SN_setct_AuthResTBE "setct-AuthResTBE" +#define NID_setct_AuthResTBE 571 +#define OBJ_setct_AuthResTBE OBJ_set_ctype,53L + +#define SN_setct_AuthResTBEX "setct-AuthResTBEX" +#define NID_setct_AuthResTBEX 572 +#define OBJ_setct_AuthResTBEX OBJ_set_ctype,54L + +#define SN_setct_AuthTokenTBE "setct-AuthTokenTBE" +#define NID_setct_AuthTokenTBE 573 +#define OBJ_setct_AuthTokenTBE OBJ_set_ctype,55L + +#define SN_setct_CapTokenTBE "setct-CapTokenTBE" +#define NID_setct_CapTokenTBE 574 +#define OBJ_setct_CapTokenTBE OBJ_set_ctype,56L + +#define SN_setct_CapTokenTBEX "setct-CapTokenTBEX" +#define NID_setct_CapTokenTBEX 575 +#define OBJ_setct_CapTokenTBEX OBJ_set_ctype,57L + +#define SN_setct_AcqCardCodeMsgTBE "setct-AcqCardCodeMsgTBE" +#define NID_setct_AcqCardCodeMsgTBE 576 +#define OBJ_setct_AcqCardCodeMsgTBE OBJ_set_ctype,58L + +#define SN_setct_AuthRevReqTBE "setct-AuthRevReqTBE" +#define NID_setct_AuthRevReqTBE 577 +#define OBJ_setct_AuthRevReqTBE OBJ_set_ctype,59L + +#define SN_setct_AuthRevResTBE "setct-AuthRevResTBE" +#define NID_setct_AuthRevResTBE 578 +#define OBJ_setct_AuthRevResTBE OBJ_set_ctype,60L + +#define SN_setct_AuthRevResTBEB "setct-AuthRevResTBEB" +#define NID_setct_AuthRevResTBEB 579 +#define OBJ_setct_AuthRevResTBEB OBJ_set_ctype,61L + +#define SN_setct_CapReqTBE "setct-CapReqTBE" +#define NID_setct_CapReqTBE 580 +#define OBJ_setct_CapReqTBE OBJ_set_ctype,62L + +#define SN_setct_CapReqTBEX "setct-CapReqTBEX" +#define NID_setct_CapReqTBEX 581 +#define OBJ_setct_CapReqTBEX OBJ_set_ctype,63L + +#define SN_setct_CapResTBE "setct-CapResTBE" +#define NID_setct_CapResTBE 582 +#define OBJ_setct_CapResTBE OBJ_set_ctype,64L + +#define SN_setct_CapRevReqTBE "setct-CapRevReqTBE" +#define NID_setct_CapRevReqTBE 583 +#define OBJ_setct_CapRevReqTBE OBJ_set_ctype,65L + +#define SN_setct_CapRevReqTBEX "setct-CapRevReqTBEX" +#define NID_setct_CapRevReqTBEX 584 +#define OBJ_setct_CapRevReqTBEX OBJ_set_ctype,66L + +#define SN_setct_CapRevResTBE "setct-CapRevResTBE" +#define NID_setct_CapRevResTBE 585 +#define OBJ_setct_CapRevResTBE OBJ_set_ctype,67L + +#define SN_setct_CredReqTBE "setct-CredReqTBE" +#define NID_setct_CredReqTBE 586 +#define OBJ_setct_CredReqTBE OBJ_set_ctype,68L + +#define SN_setct_CredReqTBEX "setct-CredReqTBEX" +#define NID_setct_CredReqTBEX 587 +#define OBJ_setct_CredReqTBEX OBJ_set_ctype,69L + +#define SN_setct_CredResTBE "setct-CredResTBE" +#define NID_setct_CredResTBE 588 +#define OBJ_setct_CredResTBE OBJ_set_ctype,70L + +#define SN_setct_CredRevReqTBE "setct-CredRevReqTBE" +#define NID_setct_CredRevReqTBE 589 +#define OBJ_setct_CredRevReqTBE OBJ_set_ctype,71L + +#define SN_setct_CredRevReqTBEX "setct-CredRevReqTBEX" +#define NID_setct_CredRevReqTBEX 590 +#define OBJ_setct_CredRevReqTBEX OBJ_set_ctype,72L + +#define SN_setct_CredRevResTBE "setct-CredRevResTBE" +#define NID_setct_CredRevResTBE 591 +#define OBJ_setct_CredRevResTBE OBJ_set_ctype,73L + +#define SN_setct_BatchAdminReqTBE "setct-BatchAdminReqTBE" +#define NID_setct_BatchAdminReqTBE 592 +#define OBJ_setct_BatchAdminReqTBE OBJ_set_ctype,74L + +#define SN_setct_BatchAdminResTBE "setct-BatchAdminResTBE" +#define NID_setct_BatchAdminResTBE 593 +#define OBJ_setct_BatchAdminResTBE OBJ_set_ctype,75L + +#define SN_setct_RegFormReqTBE "setct-RegFormReqTBE" +#define NID_setct_RegFormReqTBE 594 +#define OBJ_setct_RegFormReqTBE OBJ_set_ctype,76L + +#define SN_setct_CertReqTBE "setct-CertReqTBE" +#define NID_setct_CertReqTBE 595 +#define OBJ_setct_CertReqTBE OBJ_set_ctype,77L + +#define SN_setct_CertReqTBEX "setct-CertReqTBEX" +#define NID_setct_CertReqTBEX 596 +#define OBJ_setct_CertReqTBEX OBJ_set_ctype,78L + +#define SN_setct_CertResTBE "setct-CertResTBE" +#define NID_setct_CertResTBE 597 +#define OBJ_setct_CertResTBE OBJ_set_ctype,79L + +#define SN_setct_CRLNotificationTBS "setct-CRLNotificationTBS" +#define NID_setct_CRLNotificationTBS 598 +#define OBJ_setct_CRLNotificationTBS OBJ_set_ctype,80L + +#define SN_setct_CRLNotificationResTBS "setct-CRLNotificationResTBS" +#define NID_setct_CRLNotificationResTBS 599 +#define OBJ_setct_CRLNotificationResTBS OBJ_set_ctype,81L + +#define SN_setct_BCIDistributionTBS "setct-BCIDistributionTBS" +#define NID_setct_BCIDistributionTBS 600 +#define OBJ_setct_BCIDistributionTBS OBJ_set_ctype,82L + +#define SN_setext_genCrypt "setext-genCrypt" +#define LN_setext_genCrypt "generic cryptogram" +#define NID_setext_genCrypt 601 +#define OBJ_setext_genCrypt OBJ_set_msgExt,1L + +#define SN_setext_miAuth "setext-miAuth" +#define LN_setext_miAuth "merchant initiated auth" +#define NID_setext_miAuth 602 +#define OBJ_setext_miAuth OBJ_set_msgExt,3L + +#define SN_setext_pinSecure "setext-pinSecure" +#define NID_setext_pinSecure 603 +#define OBJ_setext_pinSecure OBJ_set_msgExt,4L + +#define SN_setext_pinAny "setext-pinAny" +#define NID_setext_pinAny 604 +#define OBJ_setext_pinAny OBJ_set_msgExt,5L + +#define SN_setext_track2 "setext-track2" +#define NID_setext_track2 605 +#define OBJ_setext_track2 OBJ_set_msgExt,7L + +#define SN_setext_cv "setext-cv" +#define LN_setext_cv "additional verification" +#define NID_setext_cv 606 +#define OBJ_setext_cv OBJ_set_msgExt,8L + +#define SN_set_policy_root "set-policy-root" +#define NID_set_policy_root 607 +#define OBJ_set_policy_root OBJ_set_policy,0L + +#define SN_setCext_hashedRoot "setCext-hashedRoot" +#define NID_setCext_hashedRoot 608 +#define OBJ_setCext_hashedRoot OBJ_set_certExt,0L + +#define SN_setCext_certType "setCext-certType" +#define NID_setCext_certType 609 +#define OBJ_setCext_certType OBJ_set_certExt,1L + +#define SN_setCext_merchData "setCext-merchData" +#define NID_setCext_merchData 610 +#define OBJ_setCext_merchData OBJ_set_certExt,2L + +#define SN_setCext_cCertRequired "setCext-cCertRequired" +#define NID_setCext_cCertRequired 611 +#define OBJ_setCext_cCertRequired OBJ_set_certExt,3L + +#define SN_setCext_tunneling "setCext-tunneling" +#define NID_setCext_tunneling 612 +#define OBJ_setCext_tunneling OBJ_set_certExt,4L + +#define SN_setCext_setExt "setCext-setExt" +#define NID_setCext_setExt 613 +#define OBJ_setCext_setExt OBJ_set_certExt,5L + +#define SN_setCext_setQualf "setCext-setQualf" +#define NID_setCext_setQualf 614 +#define OBJ_setCext_setQualf OBJ_set_certExt,6L + +#define SN_setCext_PGWYcapabilities "setCext-PGWYcapabilities" +#define NID_setCext_PGWYcapabilities 615 +#define OBJ_setCext_PGWYcapabilities OBJ_set_certExt,7L + +#define SN_setCext_TokenIdentifier "setCext-TokenIdentifier" +#define NID_setCext_TokenIdentifier 616 +#define OBJ_setCext_TokenIdentifier OBJ_set_certExt,8L + +#define SN_setCext_Track2Data "setCext-Track2Data" +#define NID_setCext_Track2Data 617 +#define OBJ_setCext_Track2Data OBJ_set_certExt,9L + +#define SN_setCext_TokenType "setCext-TokenType" +#define NID_setCext_TokenType 618 +#define OBJ_setCext_TokenType OBJ_set_certExt,10L + +#define SN_setCext_IssuerCapabilities "setCext-IssuerCapabilities" +#define NID_setCext_IssuerCapabilities 619 +#define OBJ_setCext_IssuerCapabilities OBJ_set_certExt,11L + +#define SN_setAttr_Cert "setAttr-Cert" +#define NID_setAttr_Cert 620 +#define OBJ_setAttr_Cert OBJ_set_attr,0L + +#define SN_setAttr_PGWYcap "setAttr-PGWYcap" +#define LN_setAttr_PGWYcap "payment gateway capabilities" +#define NID_setAttr_PGWYcap 621 +#define OBJ_setAttr_PGWYcap OBJ_set_attr,1L + +#define SN_setAttr_TokenType "setAttr-TokenType" +#define NID_setAttr_TokenType 622 +#define OBJ_setAttr_TokenType OBJ_set_attr,2L + +#define SN_setAttr_IssCap "setAttr-IssCap" +#define LN_setAttr_IssCap "issuer capabilities" +#define NID_setAttr_IssCap 623 +#define OBJ_setAttr_IssCap OBJ_set_attr,3L + +#define SN_set_rootKeyThumb "set-rootKeyThumb" +#define NID_set_rootKeyThumb 624 +#define OBJ_set_rootKeyThumb OBJ_setAttr_Cert,0L + +#define SN_set_addPolicy "set-addPolicy" +#define NID_set_addPolicy 625 +#define OBJ_set_addPolicy OBJ_setAttr_Cert,1L + +#define SN_setAttr_Token_EMV "setAttr-Token-EMV" +#define NID_setAttr_Token_EMV 626 +#define OBJ_setAttr_Token_EMV OBJ_setAttr_TokenType,1L + +#define SN_setAttr_Token_B0Prime "setAttr-Token-B0Prime" +#define NID_setAttr_Token_B0Prime 627 +#define OBJ_setAttr_Token_B0Prime OBJ_setAttr_TokenType,2L + +#define SN_setAttr_IssCap_CVM "setAttr-IssCap-CVM" +#define NID_setAttr_IssCap_CVM 628 +#define OBJ_setAttr_IssCap_CVM OBJ_setAttr_IssCap,3L + +#define SN_setAttr_IssCap_T2 "setAttr-IssCap-T2" +#define NID_setAttr_IssCap_T2 629 +#define OBJ_setAttr_IssCap_T2 OBJ_setAttr_IssCap,4L + +#define SN_setAttr_IssCap_Sig "setAttr-IssCap-Sig" +#define NID_setAttr_IssCap_Sig 630 +#define OBJ_setAttr_IssCap_Sig OBJ_setAttr_IssCap,5L + +#define SN_setAttr_GenCryptgrm "setAttr-GenCryptgrm" +#define LN_setAttr_GenCryptgrm "generate cryptogram" +#define NID_setAttr_GenCryptgrm 631 +#define OBJ_setAttr_GenCryptgrm OBJ_setAttr_IssCap_CVM,1L + +#define SN_setAttr_T2Enc "setAttr-T2Enc" +#define LN_setAttr_T2Enc "encrypted track 2" +#define NID_setAttr_T2Enc 632 +#define OBJ_setAttr_T2Enc OBJ_setAttr_IssCap_T2,1L + +#define SN_setAttr_T2cleartxt "setAttr-T2cleartxt" +#define LN_setAttr_T2cleartxt "cleartext track 2" +#define NID_setAttr_T2cleartxt 633 +#define OBJ_setAttr_T2cleartxt OBJ_setAttr_IssCap_T2,2L + +#define SN_setAttr_TokICCsig "setAttr-TokICCsig" +#define LN_setAttr_TokICCsig "ICC or token signature" +#define NID_setAttr_TokICCsig 634 +#define OBJ_setAttr_TokICCsig OBJ_setAttr_IssCap_Sig,1L + +#define SN_setAttr_SecDevSig "setAttr-SecDevSig" +#define LN_setAttr_SecDevSig "secure device signature" +#define NID_setAttr_SecDevSig 635 +#define OBJ_setAttr_SecDevSig OBJ_setAttr_IssCap_Sig,2L + +#define SN_set_brand_IATA_ATA "set-brand-IATA-ATA" +#define NID_set_brand_IATA_ATA 636 +#define OBJ_set_brand_IATA_ATA OBJ_set_brand,1L + +#define SN_set_brand_Diners "set-brand-Diners" +#define NID_set_brand_Diners 637 +#define OBJ_set_brand_Diners OBJ_set_brand,30L + +#define SN_set_brand_AmericanExpress "set-brand-AmericanExpress" +#define NID_set_brand_AmericanExpress 638 +#define OBJ_set_brand_AmericanExpress OBJ_set_brand,34L + +#define SN_set_brand_JCB "set-brand-JCB" +#define NID_set_brand_JCB 639 +#define OBJ_set_brand_JCB OBJ_set_brand,35L + +#define SN_set_brand_Visa "set-brand-Visa" +#define NID_set_brand_Visa 640 +#define OBJ_set_brand_Visa OBJ_set_brand,4L + +#define SN_set_brand_MasterCard "set-brand-MasterCard" +#define NID_set_brand_MasterCard 641 +#define OBJ_set_brand_MasterCard OBJ_set_brand,5L + +#define SN_set_brand_Novus "set-brand-Novus" +#define NID_set_brand_Novus 642 +#define OBJ_set_brand_Novus OBJ_set_brand,6011L + +#define SN_des_cdmf "DES-CDMF" +#define LN_des_cdmf "des-cdmf" +#define NID_des_cdmf 643 +#define OBJ_des_cdmf OBJ_rsadsi,3L,10L + +#define SN_rsaOAEPEncryptionSET "rsaOAEPEncryptionSET" +#define NID_rsaOAEPEncryptionSET 644 +#define OBJ_rsaOAEPEncryptionSET OBJ_rsadsi,1L,1L,6L + +#define SN_ipsec3 "Oakley-EC2N-3" +#define LN_ipsec3 "ipsec3" +#define NID_ipsec3 749 + +#define SN_ipsec4 "Oakley-EC2N-4" +#define LN_ipsec4 "ipsec4" +#define NID_ipsec4 750 + +#define SN_whirlpool "whirlpool" +#define NID_whirlpool 804 +#define OBJ_whirlpool OBJ_iso,0L,10118L,3L,0L,55L + +#define SN_cryptopro "cryptopro" +#define NID_cryptopro 805 +#define OBJ_cryptopro OBJ_member_body,643L,2L,2L + +#define SN_cryptocom "cryptocom" +#define NID_cryptocom 806 +#define OBJ_cryptocom OBJ_member_body,643L,2L,9L + +#define SN_id_tc26 "id-tc26" +#define NID_id_tc26 974 +#define OBJ_id_tc26 OBJ_member_body,643L,7L,1L + +#define SN_id_GostR3411_94_with_GostR3410_2001 "id-GostR3411-94-with-GostR3410-2001" +#define LN_id_GostR3411_94_with_GostR3410_2001 "GOST R 34.11-94 with GOST R 34.10-2001" +#define NID_id_GostR3411_94_with_GostR3410_2001 807 +#define OBJ_id_GostR3411_94_with_GostR3410_2001 OBJ_cryptopro,3L + +#define SN_id_GostR3411_94_with_GostR3410_94 "id-GostR3411-94-with-GostR3410-94" +#define LN_id_GostR3411_94_with_GostR3410_94 "GOST R 34.11-94 with GOST R 34.10-94" +#define NID_id_GostR3411_94_with_GostR3410_94 808 +#define OBJ_id_GostR3411_94_with_GostR3410_94 OBJ_cryptopro,4L + +#define SN_id_GostR3411_94 "md_gost94" +#define LN_id_GostR3411_94 "GOST R 34.11-94" +#define NID_id_GostR3411_94 809 +#define OBJ_id_GostR3411_94 OBJ_cryptopro,9L + +#define SN_id_HMACGostR3411_94 "id-HMACGostR3411-94" +#define LN_id_HMACGostR3411_94 "HMAC GOST 34.11-94" +#define NID_id_HMACGostR3411_94 810 +#define OBJ_id_HMACGostR3411_94 OBJ_cryptopro,10L + +#define SN_id_GostR3410_2001 "gost2001" +#define LN_id_GostR3410_2001 "GOST R 34.10-2001" +#define NID_id_GostR3410_2001 811 +#define OBJ_id_GostR3410_2001 OBJ_cryptopro,19L + +#define SN_id_GostR3410_94 "gost94" +#define LN_id_GostR3410_94 "GOST R 34.10-94" +#define NID_id_GostR3410_94 812 +#define OBJ_id_GostR3410_94 OBJ_cryptopro,20L + +#define SN_id_Gost28147_89 "gost89" +#define LN_id_Gost28147_89 "GOST 28147-89" +#define NID_id_Gost28147_89 813 +#define OBJ_id_Gost28147_89 OBJ_cryptopro,21L + +#define SN_gost89_cnt "gost89-cnt" +#define NID_gost89_cnt 814 + +#define SN_gost89_cnt_12 "gost89-cnt-12" +#define NID_gost89_cnt_12 975 + +#define SN_gost89_cbc "gost89-cbc" +#define NID_gost89_cbc 1009 + +#define SN_gost89_ecb "gost89-ecb" +#define NID_gost89_ecb 1010 + +#define SN_gost89_ctr "gost89-ctr" +#define NID_gost89_ctr 1011 + +#define SN_id_Gost28147_89_MAC "gost-mac" +#define LN_id_Gost28147_89_MAC "GOST 28147-89 MAC" +#define NID_id_Gost28147_89_MAC 815 +#define OBJ_id_Gost28147_89_MAC OBJ_cryptopro,22L + +#define SN_gost_mac_12 "gost-mac-12" +#define NID_gost_mac_12 976 + +#define SN_id_GostR3411_94_prf "prf-gostr3411-94" +#define LN_id_GostR3411_94_prf "GOST R 34.11-94 PRF" +#define NID_id_GostR3411_94_prf 816 +#define OBJ_id_GostR3411_94_prf OBJ_cryptopro,23L + +#define SN_id_GostR3410_2001DH "id-GostR3410-2001DH" +#define LN_id_GostR3410_2001DH "GOST R 34.10-2001 DH" +#define NID_id_GostR3410_2001DH 817 +#define OBJ_id_GostR3410_2001DH OBJ_cryptopro,98L + +#define SN_id_GostR3410_94DH "id-GostR3410-94DH" +#define LN_id_GostR3410_94DH "GOST R 34.10-94 DH" +#define NID_id_GostR3410_94DH 818 +#define OBJ_id_GostR3410_94DH OBJ_cryptopro,99L + +#define SN_id_Gost28147_89_CryptoPro_KeyMeshing "id-Gost28147-89-CryptoPro-KeyMeshing" +#define NID_id_Gost28147_89_CryptoPro_KeyMeshing 819 +#define OBJ_id_Gost28147_89_CryptoPro_KeyMeshing OBJ_cryptopro,14L,1L + +#define SN_id_Gost28147_89_None_KeyMeshing "id-Gost28147-89-None-KeyMeshing" +#define NID_id_Gost28147_89_None_KeyMeshing 820 +#define OBJ_id_Gost28147_89_None_KeyMeshing OBJ_cryptopro,14L,0L + +#define SN_id_GostR3411_94_TestParamSet "id-GostR3411-94-TestParamSet" +#define NID_id_GostR3411_94_TestParamSet 821 +#define OBJ_id_GostR3411_94_TestParamSet OBJ_cryptopro,30L,0L + +#define SN_id_GostR3411_94_CryptoProParamSet "id-GostR3411-94-CryptoProParamSet" +#define NID_id_GostR3411_94_CryptoProParamSet 822 +#define OBJ_id_GostR3411_94_CryptoProParamSet OBJ_cryptopro,30L,1L + +#define SN_id_Gost28147_89_TestParamSet "id-Gost28147-89-TestParamSet" +#define NID_id_Gost28147_89_TestParamSet 823 +#define OBJ_id_Gost28147_89_TestParamSet OBJ_cryptopro,31L,0L + +#define SN_id_Gost28147_89_CryptoPro_A_ParamSet "id-Gost28147-89-CryptoPro-A-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_A_ParamSet 824 +#define OBJ_id_Gost28147_89_CryptoPro_A_ParamSet OBJ_cryptopro,31L,1L + +#define SN_id_Gost28147_89_CryptoPro_B_ParamSet "id-Gost28147-89-CryptoPro-B-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_B_ParamSet 825 +#define OBJ_id_Gost28147_89_CryptoPro_B_ParamSet OBJ_cryptopro,31L,2L + +#define SN_id_Gost28147_89_CryptoPro_C_ParamSet "id-Gost28147-89-CryptoPro-C-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_C_ParamSet 826 +#define OBJ_id_Gost28147_89_CryptoPro_C_ParamSet OBJ_cryptopro,31L,3L + +#define SN_id_Gost28147_89_CryptoPro_D_ParamSet "id-Gost28147-89-CryptoPro-D-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_D_ParamSet 827 +#define OBJ_id_Gost28147_89_CryptoPro_D_ParamSet OBJ_cryptopro,31L,4L + +#define SN_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet 828 +#define OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet OBJ_cryptopro,31L,5L + +#define SN_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet 829 +#define OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet OBJ_cryptopro,31L,6L + +#define SN_id_Gost28147_89_CryptoPro_RIC_1_ParamSet "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_RIC_1_ParamSet 830 +#define OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet OBJ_cryptopro,31L,7L + +#define SN_id_GostR3410_94_TestParamSet "id-GostR3410-94-TestParamSet" +#define NID_id_GostR3410_94_TestParamSet 831 +#define OBJ_id_GostR3410_94_TestParamSet OBJ_cryptopro,32L,0L + +#define SN_id_GostR3410_94_CryptoPro_A_ParamSet "id-GostR3410-94-CryptoPro-A-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_A_ParamSet 832 +#define OBJ_id_GostR3410_94_CryptoPro_A_ParamSet OBJ_cryptopro,32L,2L + +#define SN_id_GostR3410_94_CryptoPro_B_ParamSet "id-GostR3410-94-CryptoPro-B-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_B_ParamSet 833 +#define OBJ_id_GostR3410_94_CryptoPro_B_ParamSet OBJ_cryptopro,32L,3L + +#define SN_id_GostR3410_94_CryptoPro_C_ParamSet "id-GostR3410-94-CryptoPro-C-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_C_ParamSet 834 +#define OBJ_id_GostR3410_94_CryptoPro_C_ParamSet OBJ_cryptopro,32L,4L + +#define SN_id_GostR3410_94_CryptoPro_D_ParamSet "id-GostR3410-94-CryptoPro-D-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_D_ParamSet 835 +#define OBJ_id_GostR3410_94_CryptoPro_D_ParamSet OBJ_cryptopro,32L,5L + +#define SN_id_GostR3410_94_CryptoPro_XchA_ParamSet "id-GostR3410-94-CryptoPro-XchA-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_XchA_ParamSet 836 +#define OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet OBJ_cryptopro,33L,1L + +#define SN_id_GostR3410_94_CryptoPro_XchB_ParamSet "id-GostR3410-94-CryptoPro-XchB-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_XchB_ParamSet 837 +#define OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet OBJ_cryptopro,33L,2L + +#define SN_id_GostR3410_94_CryptoPro_XchC_ParamSet "id-GostR3410-94-CryptoPro-XchC-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_XchC_ParamSet 838 +#define OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet OBJ_cryptopro,33L,3L + +#define SN_id_GostR3410_2001_TestParamSet "id-GostR3410-2001-TestParamSet" +#define NID_id_GostR3410_2001_TestParamSet 839 +#define OBJ_id_GostR3410_2001_TestParamSet OBJ_cryptopro,35L,0L + +#define SN_id_GostR3410_2001_CryptoPro_A_ParamSet "id-GostR3410-2001-CryptoPro-A-ParamSet" +#define NID_id_GostR3410_2001_CryptoPro_A_ParamSet 840 +#define OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet OBJ_cryptopro,35L,1L + +#define SN_id_GostR3410_2001_CryptoPro_B_ParamSet "id-GostR3410-2001-CryptoPro-B-ParamSet" +#define NID_id_GostR3410_2001_CryptoPro_B_ParamSet 841 +#define OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet OBJ_cryptopro,35L,2L + +#define SN_id_GostR3410_2001_CryptoPro_C_ParamSet "id-GostR3410-2001-CryptoPro-C-ParamSet" +#define NID_id_GostR3410_2001_CryptoPro_C_ParamSet 842 +#define OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet OBJ_cryptopro,35L,3L + +#define SN_id_GostR3410_2001_CryptoPro_XchA_ParamSet "id-GostR3410-2001-CryptoPro-XchA-ParamSet" +#define NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet 843 +#define OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet OBJ_cryptopro,36L,0L + +#define SN_id_GostR3410_2001_CryptoPro_XchB_ParamSet "id-GostR3410-2001-CryptoPro-XchB-ParamSet" +#define NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet 844 +#define OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet OBJ_cryptopro,36L,1L + +#define SN_id_GostR3410_94_a "id-GostR3410-94-a" +#define NID_id_GostR3410_94_a 845 +#define OBJ_id_GostR3410_94_a OBJ_id_GostR3410_94,1L + +#define SN_id_GostR3410_94_aBis "id-GostR3410-94-aBis" +#define NID_id_GostR3410_94_aBis 846 +#define OBJ_id_GostR3410_94_aBis OBJ_id_GostR3410_94,2L + +#define SN_id_GostR3410_94_b "id-GostR3410-94-b" +#define NID_id_GostR3410_94_b 847 +#define OBJ_id_GostR3410_94_b OBJ_id_GostR3410_94,3L + +#define SN_id_GostR3410_94_bBis "id-GostR3410-94-bBis" +#define NID_id_GostR3410_94_bBis 848 +#define OBJ_id_GostR3410_94_bBis OBJ_id_GostR3410_94,4L + +#define SN_id_Gost28147_89_cc "id-Gost28147-89-cc" +#define LN_id_Gost28147_89_cc "GOST 28147-89 Cryptocom ParamSet" +#define NID_id_Gost28147_89_cc 849 +#define OBJ_id_Gost28147_89_cc OBJ_cryptocom,1L,6L,1L + +#define SN_id_GostR3410_94_cc "gost94cc" +#define LN_id_GostR3410_94_cc "GOST 34.10-94 Cryptocom" +#define NID_id_GostR3410_94_cc 850 +#define OBJ_id_GostR3410_94_cc OBJ_cryptocom,1L,5L,3L + +#define SN_id_GostR3410_2001_cc "gost2001cc" +#define LN_id_GostR3410_2001_cc "GOST 34.10-2001 Cryptocom" +#define NID_id_GostR3410_2001_cc 851 +#define OBJ_id_GostR3410_2001_cc OBJ_cryptocom,1L,5L,4L + +#define SN_id_GostR3411_94_with_GostR3410_94_cc "id-GostR3411-94-with-GostR3410-94-cc" +#define LN_id_GostR3411_94_with_GostR3410_94_cc "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom" +#define NID_id_GostR3411_94_with_GostR3410_94_cc 852 +#define OBJ_id_GostR3411_94_with_GostR3410_94_cc OBJ_cryptocom,1L,3L,3L + +#define SN_id_GostR3411_94_with_GostR3410_2001_cc "id-GostR3411-94-with-GostR3410-2001-cc" +#define LN_id_GostR3411_94_with_GostR3410_2001_cc "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom" +#define NID_id_GostR3411_94_with_GostR3410_2001_cc 853 +#define OBJ_id_GostR3411_94_with_GostR3410_2001_cc OBJ_cryptocom,1L,3L,4L + +#define SN_id_GostR3410_2001_ParamSet_cc "id-GostR3410-2001-ParamSet-cc" +#define LN_id_GostR3410_2001_ParamSet_cc "GOST R 3410-2001 Parameter Set Cryptocom" +#define NID_id_GostR3410_2001_ParamSet_cc 854 +#define OBJ_id_GostR3410_2001_ParamSet_cc OBJ_cryptocom,1L,8L,1L + +#define SN_id_tc26_algorithms "id-tc26-algorithms" +#define NID_id_tc26_algorithms 977 +#define OBJ_id_tc26_algorithms OBJ_id_tc26,1L + +#define SN_id_tc26_sign "id-tc26-sign" +#define NID_id_tc26_sign 978 +#define OBJ_id_tc26_sign OBJ_id_tc26_algorithms,1L + +#define SN_id_GostR3410_2012_256 "gost2012_256" +#define LN_id_GostR3410_2012_256 "GOST R 34.10-2012 with 256 bit modulus" +#define NID_id_GostR3410_2012_256 979 +#define OBJ_id_GostR3410_2012_256 OBJ_id_tc26_sign,1L + +#define SN_id_GostR3410_2012_512 "gost2012_512" +#define LN_id_GostR3410_2012_512 "GOST R 34.10-2012 with 512 bit modulus" +#define NID_id_GostR3410_2012_512 980 +#define OBJ_id_GostR3410_2012_512 OBJ_id_tc26_sign,2L + +#define SN_id_tc26_digest "id-tc26-digest" +#define NID_id_tc26_digest 981 +#define OBJ_id_tc26_digest OBJ_id_tc26_algorithms,2L + +#define SN_id_GostR3411_2012_256 "md_gost12_256" +#define LN_id_GostR3411_2012_256 "GOST R 34.11-2012 with 256 bit hash" +#define NID_id_GostR3411_2012_256 982 +#define OBJ_id_GostR3411_2012_256 OBJ_id_tc26_digest,2L + +#define SN_id_GostR3411_2012_512 "md_gost12_512" +#define LN_id_GostR3411_2012_512 "GOST R 34.11-2012 with 512 bit hash" +#define NID_id_GostR3411_2012_512 983 +#define OBJ_id_GostR3411_2012_512 OBJ_id_tc26_digest,3L + +#define SN_id_tc26_signwithdigest "id-tc26-signwithdigest" +#define NID_id_tc26_signwithdigest 984 +#define OBJ_id_tc26_signwithdigest OBJ_id_tc26_algorithms,3L + +#define SN_id_tc26_signwithdigest_gost3410_2012_256 "id-tc26-signwithdigest-gost3410-2012-256" +#define LN_id_tc26_signwithdigest_gost3410_2012_256 "GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit)" +#define NID_id_tc26_signwithdigest_gost3410_2012_256 985 +#define OBJ_id_tc26_signwithdigest_gost3410_2012_256 OBJ_id_tc26_signwithdigest,2L + +#define SN_id_tc26_signwithdigest_gost3410_2012_512 "id-tc26-signwithdigest-gost3410-2012-512" +#define LN_id_tc26_signwithdigest_gost3410_2012_512 "GOST R 34.10-2012 with GOST R 34.11-2012 (512 bit)" +#define NID_id_tc26_signwithdigest_gost3410_2012_512 986 +#define OBJ_id_tc26_signwithdigest_gost3410_2012_512 OBJ_id_tc26_signwithdigest,3L + +#define SN_id_tc26_mac "id-tc26-mac" +#define NID_id_tc26_mac 987 +#define OBJ_id_tc26_mac OBJ_id_tc26_algorithms,4L + +#define SN_id_tc26_hmac_gost_3411_2012_256 "id-tc26-hmac-gost-3411-2012-256" +#define LN_id_tc26_hmac_gost_3411_2012_256 "HMAC GOST 34.11-2012 256 bit" +#define NID_id_tc26_hmac_gost_3411_2012_256 988 +#define OBJ_id_tc26_hmac_gost_3411_2012_256 OBJ_id_tc26_mac,1L + +#define SN_id_tc26_hmac_gost_3411_2012_512 "id-tc26-hmac-gost-3411-2012-512" +#define LN_id_tc26_hmac_gost_3411_2012_512 "HMAC GOST 34.11-2012 512 bit" +#define NID_id_tc26_hmac_gost_3411_2012_512 989 +#define OBJ_id_tc26_hmac_gost_3411_2012_512 OBJ_id_tc26_mac,2L + +#define SN_id_tc26_cipher "id-tc26-cipher" +#define NID_id_tc26_cipher 990 +#define OBJ_id_tc26_cipher OBJ_id_tc26_algorithms,5L + +#define SN_id_tc26_cipher_gostr3412_2015_magma "id-tc26-cipher-gostr3412-2015-magma" +#define NID_id_tc26_cipher_gostr3412_2015_magma 1173 +#define OBJ_id_tc26_cipher_gostr3412_2015_magma OBJ_id_tc26_cipher,1L + +#define SN_id_tc26_cipher_gostr3412_2015_magma_ctracpkm "id-tc26-cipher-gostr3412-2015-magma-ctracpkm" +#define NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm 1174 +#define OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm OBJ_id_tc26_cipher_gostr3412_2015_magma,1L + +#define SN_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac "id-tc26-cipher-gostr3412-2015-magma-ctracpkm-omac" +#define NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac 1175 +#define OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac OBJ_id_tc26_cipher_gostr3412_2015_magma,2L + +#define SN_id_tc26_cipher_gostr3412_2015_kuznyechik "id-tc26-cipher-gostr3412-2015-kuznyechik" +#define NID_id_tc26_cipher_gostr3412_2015_kuznyechik 1176 +#define OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik OBJ_id_tc26_cipher,2L + +#define SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm" +#define NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm 1177 +#define OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik,1L + +#define SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm-omac" +#define NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac 1178 +#define OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik,2L + +#define SN_id_tc26_agreement "id-tc26-agreement" +#define NID_id_tc26_agreement 991 +#define OBJ_id_tc26_agreement OBJ_id_tc26_algorithms,6L + +#define SN_id_tc26_agreement_gost_3410_2012_256 "id-tc26-agreement-gost-3410-2012-256" +#define NID_id_tc26_agreement_gost_3410_2012_256 992 +#define OBJ_id_tc26_agreement_gost_3410_2012_256 OBJ_id_tc26_agreement,1L + +#define SN_id_tc26_agreement_gost_3410_2012_512 "id-tc26-agreement-gost-3410-2012-512" +#define NID_id_tc26_agreement_gost_3410_2012_512 993 +#define OBJ_id_tc26_agreement_gost_3410_2012_512 OBJ_id_tc26_agreement,2L + +#define SN_id_tc26_wrap "id-tc26-wrap" +#define NID_id_tc26_wrap 1179 +#define OBJ_id_tc26_wrap OBJ_id_tc26_algorithms,7L + +#define SN_id_tc26_wrap_gostr3412_2015_magma "id-tc26-wrap-gostr3412-2015-magma" +#define NID_id_tc26_wrap_gostr3412_2015_magma 1180 +#define OBJ_id_tc26_wrap_gostr3412_2015_magma OBJ_id_tc26_wrap,1L + +#define SN_id_tc26_wrap_gostr3412_2015_magma_kexp15 "id-tc26-wrap-gostr3412-2015-magma-kexp15" +#define NID_id_tc26_wrap_gostr3412_2015_magma_kexp15 1181 +#define OBJ_id_tc26_wrap_gostr3412_2015_magma_kexp15 OBJ_id_tc26_wrap_gostr3412_2015_magma,1L + +#define SN_id_tc26_wrap_gostr3412_2015_kuznyechik "id-tc26-wrap-gostr3412-2015-kuznyechik" +#define NID_id_tc26_wrap_gostr3412_2015_kuznyechik 1182 +#define OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik OBJ_id_tc26_wrap,2L + +#define SN_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 "id-tc26-wrap-gostr3412-2015-kuznyechik-kexp15" +#define NID_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 1183 +#define OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik,1L + +#define SN_id_tc26_constants "id-tc26-constants" +#define NID_id_tc26_constants 994 +#define OBJ_id_tc26_constants OBJ_id_tc26,2L + +#define SN_id_tc26_sign_constants "id-tc26-sign-constants" +#define NID_id_tc26_sign_constants 995 +#define OBJ_id_tc26_sign_constants OBJ_id_tc26_constants,1L + +#define SN_id_tc26_gost_3410_2012_256_constants "id-tc26-gost-3410-2012-256-constants" +#define NID_id_tc26_gost_3410_2012_256_constants 1147 +#define OBJ_id_tc26_gost_3410_2012_256_constants OBJ_id_tc26_sign_constants,1L + +#define SN_id_tc26_gost_3410_2012_256_paramSetA "id-tc26-gost-3410-2012-256-paramSetA" +#define LN_id_tc26_gost_3410_2012_256_paramSetA "GOST R 34.10-2012 (256 bit) ParamSet A" +#define NID_id_tc26_gost_3410_2012_256_paramSetA 1148 +#define OBJ_id_tc26_gost_3410_2012_256_paramSetA OBJ_id_tc26_gost_3410_2012_256_constants,1L + +#define SN_id_tc26_gost_3410_2012_256_paramSetB "id-tc26-gost-3410-2012-256-paramSetB" +#define LN_id_tc26_gost_3410_2012_256_paramSetB "GOST R 34.10-2012 (256 bit) ParamSet B" +#define NID_id_tc26_gost_3410_2012_256_paramSetB 1184 +#define OBJ_id_tc26_gost_3410_2012_256_paramSetB OBJ_id_tc26_gost_3410_2012_256_constants,2L + +#define SN_id_tc26_gost_3410_2012_256_paramSetC "id-tc26-gost-3410-2012-256-paramSetC" +#define LN_id_tc26_gost_3410_2012_256_paramSetC "GOST R 34.10-2012 (256 bit) ParamSet C" +#define NID_id_tc26_gost_3410_2012_256_paramSetC 1185 +#define OBJ_id_tc26_gost_3410_2012_256_paramSetC OBJ_id_tc26_gost_3410_2012_256_constants,3L + +#define SN_id_tc26_gost_3410_2012_256_paramSetD "id-tc26-gost-3410-2012-256-paramSetD" +#define LN_id_tc26_gost_3410_2012_256_paramSetD "GOST R 34.10-2012 (256 bit) ParamSet D" +#define NID_id_tc26_gost_3410_2012_256_paramSetD 1186 +#define OBJ_id_tc26_gost_3410_2012_256_paramSetD OBJ_id_tc26_gost_3410_2012_256_constants,4L + +#define SN_id_tc26_gost_3410_2012_512_constants "id-tc26-gost-3410-2012-512-constants" +#define NID_id_tc26_gost_3410_2012_512_constants 996 +#define OBJ_id_tc26_gost_3410_2012_512_constants OBJ_id_tc26_sign_constants,2L + +#define SN_id_tc26_gost_3410_2012_512_paramSetTest "id-tc26-gost-3410-2012-512-paramSetTest" +#define LN_id_tc26_gost_3410_2012_512_paramSetTest "GOST R 34.10-2012 (512 bit) testing parameter set" +#define NID_id_tc26_gost_3410_2012_512_paramSetTest 997 +#define OBJ_id_tc26_gost_3410_2012_512_paramSetTest OBJ_id_tc26_gost_3410_2012_512_constants,0L + +#define SN_id_tc26_gost_3410_2012_512_paramSetA "id-tc26-gost-3410-2012-512-paramSetA" +#define LN_id_tc26_gost_3410_2012_512_paramSetA "GOST R 34.10-2012 (512 bit) ParamSet A" +#define NID_id_tc26_gost_3410_2012_512_paramSetA 998 +#define OBJ_id_tc26_gost_3410_2012_512_paramSetA OBJ_id_tc26_gost_3410_2012_512_constants,1L + +#define SN_id_tc26_gost_3410_2012_512_paramSetB "id-tc26-gost-3410-2012-512-paramSetB" +#define LN_id_tc26_gost_3410_2012_512_paramSetB "GOST R 34.10-2012 (512 bit) ParamSet B" +#define NID_id_tc26_gost_3410_2012_512_paramSetB 999 +#define OBJ_id_tc26_gost_3410_2012_512_paramSetB OBJ_id_tc26_gost_3410_2012_512_constants,2L + +#define SN_id_tc26_gost_3410_2012_512_paramSetC "id-tc26-gost-3410-2012-512-paramSetC" +#define LN_id_tc26_gost_3410_2012_512_paramSetC "GOST R 34.10-2012 (512 bit) ParamSet C" +#define NID_id_tc26_gost_3410_2012_512_paramSetC 1149 +#define OBJ_id_tc26_gost_3410_2012_512_paramSetC OBJ_id_tc26_gost_3410_2012_512_constants,3L + +#define SN_id_tc26_digest_constants "id-tc26-digest-constants" +#define NID_id_tc26_digest_constants 1000 +#define OBJ_id_tc26_digest_constants OBJ_id_tc26_constants,2L + +#define SN_id_tc26_cipher_constants "id-tc26-cipher-constants" +#define NID_id_tc26_cipher_constants 1001 +#define OBJ_id_tc26_cipher_constants OBJ_id_tc26_constants,5L + +#define SN_id_tc26_gost_28147_constants "id-tc26-gost-28147-constants" +#define NID_id_tc26_gost_28147_constants 1002 +#define OBJ_id_tc26_gost_28147_constants OBJ_id_tc26_cipher_constants,1L + +#define SN_id_tc26_gost_28147_param_Z "id-tc26-gost-28147-param-Z" +#define LN_id_tc26_gost_28147_param_Z "GOST 28147-89 TC26 parameter set" +#define NID_id_tc26_gost_28147_param_Z 1003 +#define OBJ_id_tc26_gost_28147_param_Z OBJ_id_tc26_gost_28147_constants,1L + +#define SN_INN "INN" +#define LN_INN "INN" +#define NID_INN 1004 +#define OBJ_INN OBJ_member_body,643L,3L,131L,1L,1L + +#define SN_OGRN "OGRN" +#define LN_OGRN "OGRN" +#define NID_OGRN 1005 +#define OBJ_OGRN OBJ_member_body,643L,100L,1L + +#define SN_SNILS "SNILS" +#define LN_SNILS "SNILS" +#define NID_SNILS 1006 +#define OBJ_SNILS OBJ_member_body,643L,100L,3L + +#define SN_subjectSignTool "subjectSignTool" +#define LN_subjectSignTool "Signing Tool of Subject" +#define NID_subjectSignTool 1007 +#define OBJ_subjectSignTool OBJ_member_body,643L,100L,111L + +#define SN_issuerSignTool "issuerSignTool" +#define LN_issuerSignTool "Signing Tool of Issuer" +#define NID_issuerSignTool 1008 +#define OBJ_issuerSignTool OBJ_member_body,643L,100L,112L + +#define SN_grasshopper_ecb "grasshopper-ecb" +#define NID_grasshopper_ecb 1012 + +#define SN_grasshopper_ctr "grasshopper-ctr" +#define NID_grasshopper_ctr 1013 + +#define SN_grasshopper_ofb "grasshopper-ofb" +#define NID_grasshopper_ofb 1014 + +#define SN_grasshopper_cbc "grasshopper-cbc" +#define NID_grasshopper_cbc 1015 + +#define SN_grasshopper_cfb "grasshopper-cfb" +#define NID_grasshopper_cfb 1016 + +#define SN_grasshopper_mac "grasshopper-mac" +#define NID_grasshopper_mac 1017 + +#define SN_magma_ecb "magma-ecb" +#define NID_magma_ecb 1187 + +#define SN_magma_ctr "magma-ctr" +#define NID_magma_ctr 1188 + +#define SN_magma_ofb "magma-ofb" +#define NID_magma_ofb 1189 + +#define SN_magma_cbc "magma-cbc" +#define NID_magma_cbc 1190 + +#define SN_magma_cfb "magma-cfb" +#define NID_magma_cfb 1191 + +#define SN_magma_mac "magma-mac" +#define NID_magma_mac 1192 + +#define SN_camellia_128_cbc "CAMELLIA-128-CBC" +#define LN_camellia_128_cbc "camellia-128-cbc" +#define NID_camellia_128_cbc 751 +#define OBJ_camellia_128_cbc 1L,2L,392L,200011L,61L,1L,1L,1L,2L + +#define SN_camellia_192_cbc "CAMELLIA-192-CBC" +#define LN_camellia_192_cbc "camellia-192-cbc" +#define NID_camellia_192_cbc 752 +#define OBJ_camellia_192_cbc 1L,2L,392L,200011L,61L,1L,1L,1L,3L + +#define SN_camellia_256_cbc "CAMELLIA-256-CBC" +#define LN_camellia_256_cbc "camellia-256-cbc" +#define NID_camellia_256_cbc 753 +#define OBJ_camellia_256_cbc 1L,2L,392L,200011L,61L,1L,1L,1L,4L + +#define SN_id_camellia128_wrap "id-camellia128-wrap" +#define NID_id_camellia128_wrap 907 +#define OBJ_id_camellia128_wrap 1L,2L,392L,200011L,61L,1L,1L,3L,2L + +#define SN_id_camellia192_wrap "id-camellia192-wrap" +#define NID_id_camellia192_wrap 908 +#define OBJ_id_camellia192_wrap 1L,2L,392L,200011L,61L,1L,1L,3L,3L + +#define SN_id_camellia256_wrap "id-camellia256-wrap" +#define NID_id_camellia256_wrap 909 +#define OBJ_id_camellia256_wrap 1L,2L,392L,200011L,61L,1L,1L,3L,4L + +#define OBJ_ntt_ds 0L,3L,4401L,5L + +#define OBJ_camellia OBJ_ntt_ds,3L,1L,9L + +#define SN_camellia_128_ecb "CAMELLIA-128-ECB" +#define LN_camellia_128_ecb "camellia-128-ecb" +#define NID_camellia_128_ecb 754 +#define OBJ_camellia_128_ecb OBJ_camellia,1L + +#define SN_camellia_128_ofb128 "CAMELLIA-128-OFB" +#define LN_camellia_128_ofb128 "camellia-128-ofb" +#define NID_camellia_128_ofb128 766 +#define OBJ_camellia_128_ofb128 OBJ_camellia,3L + +#define SN_camellia_128_cfb128 "CAMELLIA-128-CFB" +#define LN_camellia_128_cfb128 "camellia-128-cfb" +#define NID_camellia_128_cfb128 757 +#define OBJ_camellia_128_cfb128 OBJ_camellia,4L + +#define SN_camellia_128_gcm "CAMELLIA-128-GCM" +#define LN_camellia_128_gcm "camellia-128-gcm" +#define NID_camellia_128_gcm 961 +#define OBJ_camellia_128_gcm OBJ_camellia,6L + +#define SN_camellia_128_ccm "CAMELLIA-128-CCM" +#define LN_camellia_128_ccm "camellia-128-ccm" +#define NID_camellia_128_ccm 962 +#define OBJ_camellia_128_ccm OBJ_camellia,7L + +#define SN_camellia_128_ctr "CAMELLIA-128-CTR" +#define LN_camellia_128_ctr "camellia-128-ctr" +#define NID_camellia_128_ctr 963 +#define OBJ_camellia_128_ctr OBJ_camellia,9L + +#define SN_camellia_128_cmac "CAMELLIA-128-CMAC" +#define LN_camellia_128_cmac "camellia-128-cmac" +#define NID_camellia_128_cmac 964 +#define OBJ_camellia_128_cmac OBJ_camellia,10L + +#define SN_camellia_192_ecb "CAMELLIA-192-ECB" +#define LN_camellia_192_ecb "camellia-192-ecb" +#define NID_camellia_192_ecb 755 +#define OBJ_camellia_192_ecb OBJ_camellia,21L + +#define SN_camellia_192_ofb128 "CAMELLIA-192-OFB" +#define LN_camellia_192_ofb128 "camellia-192-ofb" +#define NID_camellia_192_ofb128 767 +#define OBJ_camellia_192_ofb128 OBJ_camellia,23L + +#define SN_camellia_192_cfb128 "CAMELLIA-192-CFB" +#define LN_camellia_192_cfb128 "camellia-192-cfb" +#define NID_camellia_192_cfb128 758 +#define OBJ_camellia_192_cfb128 OBJ_camellia,24L + +#define SN_camellia_192_gcm "CAMELLIA-192-GCM" +#define LN_camellia_192_gcm "camellia-192-gcm" +#define NID_camellia_192_gcm 965 +#define OBJ_camellia_192_gcm OBJ_camellia,26L + +#define SN_camellia_192_ccm "CAMELLIA-192-CCM" +#define LN_camellia_192_ccm "camellia-192-ccm" +#define NID_camellia_192_ccm 966 +#define OBJ_camellia_192_ccm OBJ_camellia,27L + +#define SN_camellia_192_ctr "CAMELLIA-192-CTR" +#define LN_camellia_192_ctr "camellia-192-ctr" +#define NID_camellia_192_ctr 967 +#define OBJ_camellia_192_ctr OBJ_camellia,29L + +#define SN_camellia_192_cmac "CAMELLIA-192-CMAC" +#define LN_camellia_192_cmac "camellia-192-cmac" +#define NID_camellia_192_cmac 968 +#define OBJ_camellia_192_cmac OBJ_camellia,30L + +#define SN_camellia_256_ecb "CAMELLIA-256-ECB" +#define LN_camellia_256_ecb "camellia-256-ecb" +#define NID_camellia_256_ecb 756 +#define OBJ_camellia_256_ecb OBJ_camellia,41L + +#define SN_camellia_256_ofb128 "CAMELLIA-256-OFB" +#define LN_camellia_256_ofb128 "camellia-256-ofb" +#define NID_camellia_256_ofb128 768 +#define OBJ_camellia_256_ofb128 OBJ_camellia,43L + +#define SN_camellia_256_cfb128 "CAMELLIA-256-CFB" +#define LN_camellia_256_cfb128 "camellia-256-cfb" +#define NID_camellia_256_cfb128 759 +#define OBJ_camellia_256_cfb128 OBJ_camellia,44L + +#define SN_camellia_256_gcm "CAMELLIA-256-GCM" +#define LN_camellia_256_gcm "camellia-256-gcm" +#define NID_camellia_256_gcm 969 +#define OBJ_camellia_256_gcm OBJ_camellia,46L + +#define SN_camellia_256_ccm "CAMELLIA-256-CCM" +#define LN_camellia_256_ccm "camellia-256-ccm" +#define NID_camellia_256_ccm 970 +#define OBJ_camellia_256_ccm OBJ_camellia,47L + +#define SN_camellia_256_ctr "CAMELLIA-256-CTR" +#define LN_camellia_256_ctr "camellia-256-ctr" +#define NID_camellia_256_ctr 971 +#define OBJ_camellia_256_ctr OBJ_camellia,49L + +#define SN_camellia_256_cmac "CAMELLIA-256-CMAC" +#define LN_camellia_256_cmac "camellia-256-cmac" +#define NID_camellia_256_cmac 972 +#define OBJ_camellia_256_cmac OBJ_camellia,50L + +#define SN_camellia_128_cfb1 "CAMELLIA-128-CFB1" +#define LN_camellia_128_cfb1 "camellia-128-cfb1" +#define NID_camellia_128_cfb1 760 + +#define SN_camellia_192_cfb1 "CAMELLIA-192-CFB1" +#define LN_camellia_192_cfb1 "camellia-192-cfb1" +#define NID_camellia_192_cfb1 761 + +#define SN_camellia_256_cfb1 "CAMELLIA-256-CFB1" +#define LN_camellia_256_cfb1 "camellia-256-cfb1" +#define NID_camellia_256_cfb1 762 + +#define SN_camellia_128_cfb8 "CAMELLIA-128-CFB8" +#define LN_camellia_128_cfb8 "camellia-128-cfb8" +#define NID_camellia_128_cfb8 763 + +#define SN_camellia_192_cfb8 "CAMELLIA-192-CFB8" +#define LN_camellia_192_cfb8 "camellia-192-cfb8" +#define NID_camellia_192_cfb8 764 + +#define SN_camellia_256_cfb8 "CAMELLIA-256-CFB8" +#define LN_camellia_256_cfb8 "camellia-256-cfb8" +#define NID_camellia_256_cfb8 765 + +#define OBJ_aria 1L,2L,410L,200046L,1L,1L + +#define SN_aria_128_ecb "ARIA-128-ECB" +#define LN_aria_128_ecb "aria-128-ecb" +#define NID_aria_128_ecb 1065 +#define OBJ_aria_128_ecb OBJ_aria,1L + +#define SN_aria_128_cbc "ARIA-128-CBC" +#define LN_aria_128_cbc "aria-128-cbc" +#define NID_aria_128_cbc 1066 +#define OBJ_aria_128_cbc OBJ_aria,2L + +#define SN_aria_128_cfb128 "ARIA-128-CFB" +#define LN_aria_128_cfb128 "aria-128-cfb" +#define NID_aria_128_cfb128 1067 +#define OBJ_aria_128_cfb128 OBJ_aria,3L + +#define SN_aria_128_ofb128 "ARIA-128-OFB" +#define LN_aria_128_ofb128 "aria-128-ofb" +#define NID_aria_128_ofb128 1068 +#define OBJ_aria_128_ofb128 OBJ_aria,4L + +#define SN_aria_128_ctr "ARIA-128-CTR" +#define LN_aria_128_ctr "aria-128-ctr" +#define NID_aria_128_ctr 1069 +#define OBJ_aria_128_ctr OBJ_aria,5L + +#define SN_aria_192_ecb "ARIA-192-ECB" +#define LN_aria_192_ecb "aria-192-ecb" +#define NID_aria_192_ecb 1070 +#define OBJ_aria_192_ecb OBJ_aria,6L + +#define SN_aria_192_cbc "ARIA-192-CBC" +#define LN_aria_192_cbc "aria-192-cbc" +#define NID_aria_192_cbc 1071 +#define OBJ_aria_192_cbc OBJ_aria,7L + +#define SN_aria_192_cfb128 "ARIA-192-CFB" +#define LN_aria_192_cfb128 "aria-192-cfb" +#define NID_aria_192_cfb128 1072 +#define OBJ_aria_192_cfb128 OBJ_aria,8L + +#define SN_aria_192_ofb128 "ARIA-192-OFB" +#define LN_aria_192_ofb128 "aria-192-ofb" +#define NID_aria_192_ofb128 1073 +#define OBJ_aria_192_ofb128 OBJ_aria,9L + +#define SN_aria_192_ctr "ARIA-192-CTR" +#define LN_aria_192_ctr "aria-192-ctr" +#define NID_aria_192_ctr 1074 +#define OBJ_aria_192_ctr OBJ_aria,10L + +#define SN_aria_256_ecb "ARIA-256-ECB" +#define LN_aria_256_ecb "aria-256-ecb" +#define NID_aria_256_ecb 1075 +#define OBJ_aria_256_ecb OBJ_aria,11L + +#define SN_aria_256_cbc "ARIA-256-CBC" +#define LN_aria_256_cbc "aria-256-cbc" +#define NID_aria_256_cbc 1076 +#define OBJ_aria_256_cbc OBJ_aria,12L + +#define SN_aria_256_cfb128 "ARIA-256-CFB" +#define LN_aria_256_cfb128 "aria-256-cfb" +#define NID_aria_256_cfb128 1077 +#define OBJ_aria_256_cfb128 OBJ_aria,13L + +#define SN_aria_256_ofb128 "ARIA-256-OFB" +#define LN_aria_256_ofb128 "aria-256-ofb" +#define NID_aria_256_ofb128 1078 +#define OBJ_aria_256_ofb128 OBJ_aria,14L + +#define SN_aria_256_ctr "ARIA-256-CTR" +#define LN_aria_256_ctr "aria-256-ctr" +#define NID_aria_256_ctr 1079 +#define OBJ_aria_256_ctr OBJ_aria,15L + +#define SN_aria_128_cfb1 "ARIA-128-CFB1" +#define LN_aria_128_cfb1 "aria-128-cfb1" +#define NID_aria_128_cfb1 1080 + +#define SN_aria_192_cfb1 "ARIA-192-CFB1" +#define LN_aria_192_cfb1 "aria-192-cfb1" +#define NID_aria_192_cfb1 1081 + +#define SN_aria_256_cfb1 "ARIA-256-CFB1" +#define LN_aria_256_cfb1 "aria-256-cfb1" +#define NID_aria_256_cfb1 1082 + +#define SN_aria_128_cfb8 "ARIA-128-CFB8" +#define LN_aria_128_cfb8 "aria-128-cfb8" +#define NID_aria_128_cfb8 1083 + +#define SN_aria_192_cfb8 "ARIA-192-CFB8" +#define LN_aria_192_cfb8 "aria-192-cfb8" +#define NID_aria_192_cfb8 1084 + +#define SN_aria_256_cfb8 "ARIA-256-CFB8" +#define LN_aria_256_cfb8 "aria-256-cfb8" +#define NID_aria_256_cfb8 1085 + +#define SN_aria_128_ccm "ARIA-128-CCM" +#define LN_aria_128_ccm "aria-128-ccm" +#define NID_aria_128_ccm 1120 +#define OBJ_aria_128_ccm OBJ_aria,37L + +#define SN_aria_192_ccm "ARIA-192-CCM" +#define LN_aria_192_ccm "aria-192-ccm" +#define NID_aria_192_ccm 1121 +#define OBJ_aria_192_ccm OBJ_aria,38L + +#define SN_aria_256_ccm "ARIA-256-CCM" +#define LN_aria_256_ccm "aria-256-ccm" +#define NID_aria_256_ccm 1122 +#define OBJ_aria_256_ccm OBJ_aria,39L + +#define SN_aria_128_gcm "ARIA-128-GCM" +#define LN_aria_128_gcm "aria-128-gcm" +#define NID_aria_128_gcm 1123 +#define OBJ_aria_128_gcm OBJ_aria,34L + +#define SN_aria_192_gcm "ARIA-192-GCM" +#define LN_aria_192_gcm "aria-192-gcm" +#define NID_aria_192_gcm 1124 +#define OBJ_aria_192_gcm OBJ_aria,35L + +#define SN_aria_256_gcm "ARIA-256-GCM" +#define LN_aria_256_gcm "aria-256-gcm" +#define NID_aria_256_gcm 1125 +#define OBJ_aria_256_gcm OBJ_aria,36L + +#define SN_kisa "KISA" +#define LN_kisa "kisa" +#define NID_kisa 773 +#define OBJ_kisa OBJ_member_body,410L,200004L + +#define SN_seed_ecb "SEED-ECB" +#define LN_seed_ecb "seed-ecb" +#define NID_seed_ecb 776 +#define OBJ_seed_ecb OBJ_kisa,1L,3L + +#define SN_seed_cbc "SEED-CBC" +#define LN_seed_cbc "seed-cbc" +#define NID_seed_cbc 777 +#define OBJ_seed_cbc OBJ_kisa,1L,4L + +#define SN_seed_cfb128 "SEED-CFB" +#define LN_seed_cfb128 "seed-cfb" +#define NID_seed_cfb128 779 +#define OBJ_seed_cfb128 OBJ_kisa,1L,5L + +#define SN_seed_ofb128 "SEED-OFB" +#define LN_seed_ofb128 "seed-ofb" +#define NID_seed_ofb128 778 +#define OBJ_seed_ofb128 OBJ_kisa,1L,6L + +#define SN_sm4_ecb "SM4-ECB" +#define LN_sm4_ecb "sm4-ecb" +#define NID_sm4_ecb 1133 +#define OBJ_sm4_ecb OBJ_sm_scheme,104L,1L + +#define SN_sm4_cbc "SM4-CBC" +#define LN_sm4_cbc "sm4-cbc" +#define NID_sm4_cbc 1134 +#define OBJ_sm4_cbc OBJ_sm_scheme,104L,2L + +#define SN_sm4_ofb128 "SM4-OFB" +#define LN_sm4_ofb128 "sm4-ofb" +#define NID_sm4_ofb128 1135 +#define OBJ_sm4_ofb128 OBJ_sm_scheme,104L,3L + +#define SN_sm4_cfb128 "SM4-CFB" +#define LN_sm4_cfb128 "sm4-cfb" +#define NID_sm4_cfb128 1137 +#define OBJ_sm4_cfb128 OBJ_sm_scheme,104L,4L + +#define SN_sm4_cfb1 "SM4-CFB1" +#define LN_sm4_cfb1 "sm4-cfb1" +#define NID_sm4_cfb1 1136 +#define OBJ_sm4_cfb1 OBJ_sm_scheme,104L,5L + +#define SN_sm4_cfb8 "SM4-CFB8" +#define LN_sm4_cfb8 "sm4-cfb8" +#define NID_sm4_cfb8 1138 +#define OBJ_sm4_cfb8 OBJ_sm_scheme,104L,6L + +#define SN_sm4_ctr "SM4-CTR" +#define LN_sm4_ctr "sm4-ctr" +#define NID_sm4_ctr 1139 +#define OBJ_sm4_ctr OBJ_sm_scheme,104L,7L + +#define SN_hmac "HMAC" +#define LN_hmac "hmac" +#define NID_hmac 855 + +#define SN_cmac "CMAC" +#define LN_cmac "cmac" +#define NID_cmac 894 + +#define SN_rc4_hmac_md5 "RC4-HMAC-MD5" +#define LN_rc4_hmac_md5 "rc4-hmac-md5" +#define NID_rc4_hmac_md5 915 + +#define SN_aes_128_cbc_hmac_sha1 "AES-128-CBC-HMAC-SHA1" +#define LN_aes_128_cbc_hmac_sha1 "aes-128-cbc-hmac-sha1" +#define NID_aes_128_cbc_hmac_sha1 916 + +#define SN_aes_192_cbc_hmac_sha1 "AES-192-CBC-HMAC-SHA1" +#define LN_aes_192_cbc_hmac_sha1 "aes-192-cbc-hmac-sha1" +#define NID_aes_192_cbc_hmac_sha1 917 + +#define SN_aes_256_cbc_hmac_sha1 "AES-256-CBC-HMAC-SHA1" +#define LN_aes_256_cbc_hmac_sha1 "aes-256-cbc-hmac-sha1" +#define NID_aes_256_cbc_hmac_sha1 918 + +#define SN_aes_128_cbc_hmac_sha256 "AES-128-CBC-HMAC-SHA256" +#define LN_aes_128_cbc_hmac_sha256 "aes-128-cbc-hmac-sha256" +#define NID_aes_128_cbc_hmac_sha256 948 + +#define SN_aes_192_cbc_hmac_sha256 "AES-192-CBC-HMAC-SHA256" +#define LN_aes_192_cbc_hmac_sha256 "aes-192-cbc-hmac-sha256" +#define NID_aes_192_cbc_hmac_sha256 949 + +#define SN_aes_256_cbc_hmac_sha256 "AES-256-CBC-HMAC-SHA256" +#define LN_aes_256_cbc_hmac_sha256 "aes-256-cbc-hmac-sha256" +#define NID_aes_256_cbc_hmac_sha256 950 + +#define SN_chacha20_poly1305 "ChaCha20-Poly1305" +#define LN_chacha20_poly1305 "chacha20-poly1305" +#define NID_chacha20_poly1305 1018 + +#define SN_chacha20 "ChaCha20" +#define LN_chacha20 "chacha20" +#define NID_chacha20 1019 + +#define SN_dhpublicnumber "dhpublicnumber" +#define LN_dhpublicnumber "X9.42 DH" +#define NID_dhpublicnumber 920 +#define OBJ_dhpublicnumber OBJ_ISO_US,10046L,2L,1L + +#define SN_brainpoolP160r1 "brainpoolP160r1" +#define NID_brainpoolP160r1 921 +#define OBJ_brainpoolP160r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,1L + +#define SN_brainpoolP160t1 "brainpoolP160t1" +#define NID_brainpoolP160t1 922 +#define OBJ_brainpoolP160t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,2L + +#define SN_brainpoolP192r1 "brainpoolP192r1" +#define NID_brainpoolP192r1 923 +#define OBJ_brainpoolP192r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,3L + +#define SN_brainpoolP192t1 "brainpoolP192t1" +#define NID_brainpoolP192t1 924 +#define OBJ_brainpoolP192t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,4L + +#define SN_brainpoolP224r1 "brainpoolP224r1" +#define NID_brainpoolP224r1 925 +#define OBJ_brainpoolP224r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,5L + +#define SN_brainpoolP224t1 "brainpoolP224t1" +#define NID_brainpoolP224t1 926 +#define OBJ_brainpoolP224t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,6L + +#define SN_brainpoolP256r1 "brainpoolP256r1" +#define NID_brainpoolP256r1 927 +#define OBJ_brainpoolP256r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,7L + +#define SN_brainpoolP256t1 "brainpoolP256t1" +#define NID_brainpoolP256t1 928 +#define OBJ_brainpoolP256t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,8L + +#define SN_brainpoolP320r1 "brainpoolP320r1" +#define NID_brainpoolP320r1 929 +#define OBJ_brainpoolP320r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,9L + +#define SN_brainpoolP320t1 "brainpoolP320t1" +#define NID_brainpoolP320t1 930 +#define OBJ_brainpoolP320t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,10L + +#define SN_brainpoolP384r1 "brainpoolP384r1" +#define NID_brainpoolP384r1 931 +#define OBJ_brainpoolP384r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,11L + +#define SN_brainpoolP384t1 "brainpoolP384t1" +#define NID_brainpoolP384t1 932 +#define OBJ_brainpoolP384t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,12L + +#define SN_brainpoolP512r1 "brainpoolP512r1" +#define NID_brainpoolP512r1 933 +#define OBJ_brainpoolP512r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,13L + +#define SN_brainpoolP512t1 "brainpoolP512t1" +#define NID_brainpoolP512t1 934 +#define OBJ_brainpoolP512t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,14L + +#define OBJ_x9_63_scheme 1L,3L,133L,16L,840L,63L,0L + +#define OBJ_secg_scheme OBJ_certicom_arc,1L + +#define SN_dhSinglePass_stdDH_sha1kdf_scheme "dhSinglePass-stdDH-sha1kdf-scheme" +#define NID_dhSinglePass_stdDH_sha1kdf_scheme 936 +#define OBJ_dhSinglePass_stdDH_sha1kdf_scheme OBJ_x9_63_scheme,2L + +#define SN_dhSinglePass_stdDH_sha224kdf_scheme "dhSinglePass-stdDH-sha224kdf-scheme" +#define NID_dhSinglePass_stdDH_sha224kdf_scheme 937 +#define OBJ_dhSinglePass_stdDH_sha224kdf_scheme OBJ_secg_scheme,11L,0L + +#define SN_dhSinglePass_stdDH_sha256kdf_scheme "dhSinglePass-stdDH-sha256kdf-scheme" +#define NID_dhSinglePass_stdDH_sha256kdf_scheme 938 +#define OBJ_dhSinglePass_stdDH_sha256kdf_scheme OBJ_secg_scheme,11L,1L + +#define SN_dhSinglePass_stdDH_sha384kdf_scheme "dhSinglePass-stdDH-sha384kdf-scheme" +#define NID_dhSinglePass_stdDH_sha384kdf_scheme 939 +#define OBJ_dhSinglePass_stdDH_sha384kdf_scheme OBJ_secg_scheme,11L,2L + +#define SN_dhSinglePass_stdDH_sha512kdf_scheme "dhSinglePass-stdDH-sha512kdf-scheme" +#define NID_dhSinglePass_stdDH_sha512kdf_scheme 940 +#define OBJ_dhSinglePass_stdDH_sha512kdf_scheme OBJ_secg_scheme,11L,3L + +#define SN_dhSinglePass_cofactorDH_sha1kdf_scheme "dhSinglePass-cofactorDH-sha1kdf-scheme" +#define NID_dhSinglePass_cofactorDH_sha1kdf_scheme 941 +#define OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme OBJ_x9_63_scheme,3L + +#define SN_dhSinglePass_cofactorDH_sha224kdf_scheme "dhSinglePass-cofactorDH-sha224kdf-scheme" +#define NID_dhSinglePass_cofactorDH_sha224kdf_scheme 942 +#define OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme OBJ_secg_scheme,14L,0L + +#define SN_dhSinglePass_cofactorDH_sha256kdf_scheme "dhSinglePass-cofactorDH-sha256kdf-scheme" +#define NID_dhSinglePass_cofactorDH_sha256kdf_scheme 943 +#define OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme OBJ_secg_scheme,14L,1L + +#define SN_dhSinglePass_cofactorDH_sha384kdf_scheme "dhSinglePass-cofactorDH-sha384kdf-scheme" +#define NID_dhSinglePass_cofactorDH_sha384kdf_scheme 944 +#define OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme OBJ_secg_scheme,14L,2L + +#define SN_dhSinglePass_cofactorDH_sha512kdf_scheme "dhSinglePass-cofactorDH-sha512kdf-scheme" +#define NID_dhSinglePass_cofactorDH_sha512kdf_scheme 945 +#define OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme OBJ_secg_scheme,14L,3L + +#define SN_dh_std_kdf "dh-std-kdf" +#define NID_dh_std_kdf 946 + +#define SN_dh_cofactor_kdf "dh-cofactor-kdf" +#define NID_dh_cofactor_kdf 947 + +#define SN_ct_precert_scts "ct_precert_scts" +#define LN_ct_precert_scts "CT Precertificate SCTs" +#define NID_ct_precert_scts 951 +#define OBJ_ct_precert_scts 1L,3L,6L,1L,4L,1L,11129L,2L,4L,2L + +#define SN_ct_precert_poison "ct_precert_poison" +#define LN_ct_precert_poison "CT Precertificate Poison" +#define NID_ct_precert_poison 952 +#define OBJ_ct_precert_poison 1L,3L,6L,1L,4L,1L,11129L,2L,4L,3L + +#define SN_ct_precert_signer "ct_precert_signer" +#define LN_ct_precert_signer "CT Precertificate Signer" +#define NID_ct_precert_signer 953 +#define OBJ_ct_precert_signer 1L,3L,6L,1L,4L,1L,11129L,2L,4L,4L + +#define SN_ct_cert_scts "ct_cert_scts" +#define LN_ct_cert_scts "CT Certificate SCTs" +#define NID_ct_cert_scts 954 +#define OBJ_ct_cert_scts 1L,3L,6L,1L,4L,1L,11129L,2L,4L,5L + +#define SN_jurisdictionLocalityName "jurisdictionL" +#define LN_jurisdictionLocalityName "jurisdictionLocalityName" +#define NID_jurisdictionLocalityName 955 +#define OBJ_jurisdictionLocalityName 1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,1L + +#define SN_jurisdictionStateOrProvinceName "jurisdictionST" +#define LN_jurisdictionStateOrProvinceName "jurisdictionStateOrProvinceName" +#define NID_jurisdictionStateOrProvinceName 956 +#define OBJ_jurisdictionStateOrProvinceName 1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,2L + +#define SN_jurisdictionCountryName "jurisdictionC" +#define LN_jurisdictionCountryName "jurisdictionCountryName" +#define NID_jurisdictionCountryName 957 +#define OBJ_jurisdictionCountryName 1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,3L + +#define SN_id_scrypt "id-scrypt" +#define LN_id_scrypt "scrypt" +#define NID_id_scrypt 973 +#define OBJ_id_scrypt 1L,3L,6L,1L,4L,1L,11591L,4L,11L + +#define SN_tls1_prf "TLS1-PRF" +#define LN_tls1_prf "tls1-prf" +#define NID_tls1_prf 1021 + +#define SN_hkdf "HKDF" +#define LN_hkdf "hkdf" +#define NID_hkdf 1036 + +#define SN_sshkdf "SSHKDF" +#define LN_sshkdf "sshkdf" +#define NID_sshkdf 1203 + +#define SN_sskdf "SSKDF" +#define LN_sskdf "sskdf" +#define NID_sskdf 1205 + +#define SN_x942kdf "X942KDF" +#define LN_x942kdf "x942kdf" +#define NID_x942kdf 1207 + +#define SN_x963kdf "X963KDF" +#define LN_x963kdf "x963kdf" +#define NID_x963kdf 1206 + +#define SN_id_pkinit "id-pkinit" +#define NID_id_pkinit 1031 +#define OBJ_id_pkinit 1L,3L,6L,1L,5L,2L,3L + +#define SN_pkInitClientAuth "pkInitClientAuth" +#define LN_pkInitClientAuth "PKINIT Client Auth" +#define NID_pkInitClientAuth 1032 +#define OBJ_pkInitClientAuth OBJ_id_pkinit,4L + +#define SN_pkInitKDC "pkInitKDC" +#define LN_pkInitKDC "Signing KDC Response" +#define NID_pkInitKDC 1033 +#define OBJ_pkInitKDC OBJ_id_pkinit,5L + +#define SN_X25519 "X25519" +#define NID_X25519 1034 +#define OBJ_X25519 1L,3L,101L,110L + +#define SN_X448 "X448" +#define NID_X448 1035 +#define OBJ_X448 1L,3L,101L,111L + +#define SN_ED25519 "ED25519" +#define NID_ED25519 1087 +#define OBJ_ED25519 1L,3L,101L,112L + +#define SN_ED448 "ED448" +#define NID_ED448 1088 +#define OBJ_ED448 1L,3L,101L,113L + +#define SN_kx_rsa "KxRSA" +#define LN_kx_rsa "kx-rsa" +#define NID_kx_rsa 1037 + +#define SN_kx_ecdhe "KxECDHE" +#define LN_kx_ecdhe "kx-ecdhe" +#define NID_kx_ecdhe 1038 + +#define SN_kx_dhe "KxDHE" +#define LN_kx_dhe "kx-dhe" +#define NID_kx_dhe 1039 + +#define SN_kx_ecdhe_psk "KxECDHE-PSK" +#define LN_kx_ecdhe_psk "kx-ecdhe-psk" +#define NID_kx_ecdhe_psk 1040 + +#define SN_kx_dhe_psk "KxDHE-PSK" +#define LN_kx_dhe_psk "kx-dhe-psk" +#define NID_kx_dhe_psk 1041 + +#define SN_kx_rsa_psk "KxRSA_PSK" +#define LN_kx_rsa_psk "kx-rsa-psk" +#define NID_kx_rsa_psk 1042 + +#define SN_kx_psk "KxPSK" +#define LN_kx_psk "kx-psk" +#define NID_kx_psk 1043 + +#define SN_kx_srp "KxSRP" +#define LN_kx_srp "kx-srp" +#define NID_kx_srp 1044 + +#define SN_kx_gost "KxGOST" +#define LN_kx_gost "kx-gost" +#define NID_kx_gost 1045 + +#define SN_kx_any "KxANY" +#define LN_kx_any "kx-any" +#define NID_kx_any 1063 + +#define SN_auth_rsa "AuthRSA" +#define LN_auth_rsa "auth-rsa" +#define NID_auth_rsa 1046 + +#define SN_auth_ecdsa "AuthECDSA" +#define LN_auth_ecdsa "auth-ecdsa" +#define NID_auth_ecdsa 1047 + +#define SN_auth_psk "AuthPSK" +#define LN_auth_psk "auth-psk" +#define NID_auth_psk 1048 + +#define SN_auth_dss "AuthDSS" +#define LN_auth_dss "auth-dss" +#define NID_auth_dss 1049 + +#define SN_auth_gost01 "AuthGOST01" +#define LN_auth_gost01 "auth-gost01" +#define NID_auth_gost01 1050 + +#define SN_auth_gost12 "AuthGOST12" +#define LN_auth_gost12 "auth-gost12" +#define NID_auth_gost12 1051 + +#define SN_auth_srp "AuthSRP" +#define LN_auth_srp "auth-srp" +#define NID_auth_srp 1052 + +#define SN_auth_null "AuthNULL" +#define LN_auth_null "auth-null" +#define NID_auth_null 1053 + +#define SN_auth_any "AuthANY" +#define LN_auth_any "auth-any" +#define NID_auth_any 1064 + +#define SN_poly1305 "Poly1305" +#define LN_poly1305 "poly1305" +#define NID_poly1305 1061 + +#define SN_siphash "SipHash" +#define LN_siphash "siphash" +#define NID_siphash 1062 + +#define SN_ffdhe2048 "ffdhe2048" +#define NID_ffdhe2048 1126 + +#define SN_ffdhe3072 "ffdhe3072" +#define NID_ffdhe3072 1127 + +#define SN_ffdhe4096 "ffdhe4096" +#define NID_ffdhe4096 1128 + +#define SN_ffdhe6144 "ffdhe6144" +#define NID_ffdhe6144 1129 + +#define SN_ffdhe8192 "ffdhe8192" +#define NID_ffdhe8192 1130 + +#define SN_modp_1536 "modp_1536" +#define NID_modp_1536 1212 + +#define SN_modp_2048 "modp_2048" +#define NID_modp_2048 1213 + +#define SN_modp_3072 "modp_3072" +#define NID_modp_3072 1214 + +#define SN_modp_4096 "modp_4096" +#define NID_modp_4096 1215 + +#define SN_modp_6144 "modp_6144" +#define NID_modp_6144 1216 + +#define SN_modp_8192 "modp_8192" +#define NID_modp_8192 1217 + +#define SN_ISO_UA "ISO-UA" +#define NID_ISO_UA 1150 +#define OBJ_ISO_UA OBJ_member_body,804L + +#define SN_ua_pki "ua-pki" +#define NID_ua_pki 1151 +#define OBJ_ua_pki OBJ_ISO_UA,2L,1L,1L,1L + +#define SN_dstu28147 "dstu28147" +#define LN_dstu28147 "DSTU Gost 28147-2009" +#define NID_dstu28147 1152 +#define OBJ_dstu28147 OBJ_ua_pki,1L,1L,1L + +#define SN_dstu28147_ofb "dstu28147-ofb" +#define LN_dstu28147_ofb "DSTU Gost 28147-2009 OFB mode" +#define NID_dstu28147_ofb 1153 +#define OBJ_dstu28147_ofb OBJ_dstu28147,2L + +#define SN_dstu28147_cfb "dstu28147-cfb" +#define LN_dstu28147_cfb "DSTU Gost 28147-2009 CFB mode" +#define NID_dstu28147_cfb 1154 +#define OBJ_dstu28147_cfb OBJ_dstu28147,3L + +#define SN_dstu28147_wrap "dstu28147-wrap" +#define LN_dstu28147_wrap "DSTU Gost 28147-2009 key wrap" +#define NID_dstu28147_wrap 1155 +#define OBJ_dstu28147_wrap OBJ_dstu28147,5L + +#define SN_hmacWithDstu34311 "hmacWithDstu34311" +#define LN_hmacWithDstu34311 "HMAC DSTU Gost 34311-95" +#define NID_hmacWithDstu34311 1156 +#define OBJ_hmacWithDstu34311 OBJ_ua_pki,1L,1L,2L + +#define SN_dstu34311 "dstu34311" +#define LN_dstu34311 "DSTU Gost 34311-95" +#define NID_dstu34311 1157 +#define OBJ_dstu34311 OBJ_ua_pki,1L,2L,1L + +#define SN_dstu4145le "dstu4145le" +#define LN_dstu4145le "DSTU 4145-2002 little endian" +#define NID_dstu4145le 1158 +#define OBJ_dstu4145le OBJ_ua_pki,1L,3L,1L,1L + +#define SN_dstu4145be "dstu4145be" +#define LN_dstu4145be "DSTU 4145-2002 big endian" +#define NID_dstu4145be 1159 +#define OBJ_dstu4145be OBJ_dstu4145le,1L,1L + +#define SN_uacurve0 "uacurve0" +#define LN_uacurve0 "DSTU curve 0" +#define NID_uacurve0 1160 +#define OBJ_uacurve0 OBJ_dstu4145le,2L,0L + +#define SN_uacurve1 "uacurve1" +#define LN_uacurve1 "DSTU curve 1" +#define NID_uacurve1 1161 +#define OBJ_uacurve1 OBJ_dstu4145le,2L,1L + +#define SN_uacurve2 "uacurve2" +#define LN_uacurve2 "DSTU curve 2" +#define NID_uacurve2 1162 +#define OBJ_uacurve2 OBJ_dstu4145le,2L,2L + +#define SN_uacurve3 "uacurve3" +#define LN_uacurve3 "DSTU curve 3" +#define NID_uacurve3 1163 +#define OBJ_uacurve3 OBJ_dstu4145le,2L,3L + +#define SN_uacurve4 "uacurve4" +#define LN_uacurve4 "DSTU curve 4" +#define NID_uacurve4 1164 +#define OBJ_uacurve4 OBJ_dstu4145le,2L,4L + +#define SN_uacurve5 "uacurve5" +#define LN_uacurve5 "DSTU curve 5" +#define NID_uacurve5 1165 +#define OBJ_uacurve5 OBJ_dstu4145le,2L,5L + +#define SN_uacurve6 "uacurve6" +#define LN_uacurve6 "DSTU curve 6" +#define NID_uacurve6 1166 +#define OBJ_uacurve6 OBJ_dstu4145le,2L,6L + +#define SN_uacurve7 "uacurve7" +#define LN_uacurve7 "DSTU curve 7" +#define NID_uacurve7 1167 +#define OBJ_uacurve7 OBJ_dstu4145le,2L,7L + +#define SN_uacurve8 "uacurve8" +#define LN_uacurve8 "DSTU curve 8" +#define NID_uacurve8 1168 +#define OBJ_uacurve8 OBJ_dstu4145le,2L,8L + +#define SN_uacurve9 "uacurve9" +#define LN_uacurve9 "DSTU curve 9" +#define NID_uacurve9 1169 +#define OBJ_uacurve9 OBJ_dstu4145le,2L,9L + +#define SN_aes_128_siv "AES-128-SIV" +#define LN_aes_128_siv "aes-128-siv" +#define NID_aes_128_siv 1198 + +#define SN_aes_192_siv "AES-192-SIV" +#define LN_aes_192_siv "aes-192-siv" +#define NID_aes_192_siv 1199 + +#define SN_aes_256_siv "AES-256-SIV" +#define LN_aes_256_siv "aes-256-siv" +#define NID_aes_256_siv 1200 diff --git a/linux_amd64/ssl/include/openssl/objects.h b/linux_amd64/ssl/include/openssl/objects.h new file mode 100644 index 0000000..9ea91c2 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/objects.h @@ -0,0 +1,183 @@ +/* + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_OBJECTS_H +# define OPENSSL_OBJECTS_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_OBJECTS_H +# endif + +# include +# include +# include +# include + +# define OBJ_NAME_TYPE_UNDEF 0x00 +# define OBJ_NAME_TYPE_MD_METH 0x01 +# define OBJ_NAME_TYPE_CIPHER_METH 0x02 +# define OBJ_NAME_TYPE_PKEY_METH 0x03 +# define OBJ_NAME_TYPE_COMP_METH 0x04 +# define OBJ_NAME_TYPE_MAC_METH 0x05 +# define OBJ_NAME_TYPE_KDF_METH 0x06 +# define OBJ_NAME_TYPE_NUM 0x07 + +# define OBJ_NAME_ALIAS 0x8000 + +# define OBJ_BSEARCH_VALUE_ON_NOMATCH 0x01 +# define OBJ_BSEARCH_FIRST_VALUE_ON_MATCH 0x02 + + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct obj_name_st { + int type; + int alias; + const char *name; + const char *data; +} OBJ_NAME; + +# define OBJ_create_and_add_object(a,b,c) OBJ_create(a,b,c) + +int OBJ_NAME_init(void); +int OBJ_NAME_new_index(unsigned long (*hash_func) (const char *), + int (*cmp_func) (const char *, const char *), + void (*free_func) (const char *, int, const char *)); +const char *OBJ_NAME_get(const char *name, int type); +int OBJ_NAME_add(const char *name, int type, const char *data); +int OBJ_NAME_remove(const char *name, int type); +void OBJ_NAME_cleanup(int type); /* -1 for everything */ +void OBJ_NAME_do_all(int type, void (*fn) (const OBJ_NAME *, void *arg), + void *arg); +void OBJ_NAME_do_all_sorted(int type, + void (*fn) (const OBJ_NAME *, void *arg), + void *arg); + +DECLARE_ASN1_DUP_FUNCTION_name(ASN1_OBJECT, OBJ) +ASN1_OBJECT *OBJ_nid2obj(int n); +const char *OBJ_nid2ln(int n); +const char *OBJ_nid2sn(int n); +int OBJ_obj2nid(const ASN1_OBJECT *o); +ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name); +int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name); +int OBJ_txt2nid(const char *s); +int OBJ_ln2nid(const char *s); +int OBJ_sn2nid(const char *s); +int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b); +const void *OBJ_bsearch_(const void *key, const void *base, int num, int size, + int (*cmp) (const void *, const void *)); +const void *OBJ_bsearch_ex_(const void *key, const void *base, int num, + int size, + int (*cmp) (const void *, const void *), + int flags); + +# define _DECLARE_OBJ_BSEARCH_CMP_FN(scope, type1, type2, nm) \ + static int nm##_cmp_BSEARCH_CMP_FN(const void *, const void *); \ + static int nm##_cmp(type1 const *, type2 const *); \ + scope type2 * OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) + +# define DECLARE_OBJ_BSEARCH_CMP_FN(type1, type2, cmp) \ + _DECLARE_OBJ_BSEARCH_CMP_FN(static, type1, type2, cmp) +# define DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, nm) \ + type2 * OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) + +/*- + * Unsolved problem: if a type is actually a pointer type, like + * nid_triple is, then its impossible to get a const where you need + * it. Consider: + * + * typedef int nid_triple[3]; + * const void *a_; + * const nid_triple const *a = a_; + * + * The assignment discards a const because what you really want is: + * + * const int const * const *a = a_; + * + * But if you do that, you lose the fact that a is an array of 3 ints, + * which breaks comparison functions. + * + * Thus we end up having to cast, sadly, or unpack the + * declarations. Or, as I finally did in this case, declare nid_triple + * to be a struct, which it should have been in the first place. + * + * Ben, August 2008. + * + * Also, strictly speaking not all types need be const, but handling + * the non-constness means a lot of complication, and in practice + * comparison routines do always not touch their arguments. + */ + +# define IMPLEMENT_OBJ_BSEARCH_CMP_FN(type1, type2, nm) \ + static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) \ + { \ + type1 const *a = a_; \ + type2 const *b = b_; \ + return nm##_cmp(a,b); \ + } \ + static type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \ + { \ + return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \ + nm##_cmp_BSEARCH_CMP_FN); \ + } \ + extern void dummy_prototype(void) + +# define IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, nm) \ + static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) \ + { \ + type1 const *a = a_; \ + type2 const *b = b_; \ + return nm##_cmp(a,b); \ + } \ + type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \ + { \ + return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \ + nm##_cmp_BSEARCH_CMP_FN); \ + } \ + extern void dummy_prototype(void) + +# define OBJ_bsearch(type1,key,type2,base,num,cmp) \ + ((type2 *)OBJ_bsearch_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \ + num,sizeof(type2), \ + ((void)CHECKED_PTR_OF(type1,cmp##_type_1), \ + (void)CHECKED_PTR_OF(type2,cmp##_type_2), \ + cmp##_BSEARCH_CMP_FN))) + +# define OBJ_bsearch_ex(type1,key,type2,base,num,cmp,flags) \ + ((type2 *)OBJ_bsearch_ex_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \ + num,sizeof(type2), \ + ((void)CHECKED_PTR_OF(type1,cmp##_type_1), \ + (void)type_2=CHECKED_PTR_OF(type2,cmp##_type_2), \ + cmp##_BSEARCH_CMP_FN)),flags) + +int OBJ_new_nid(int num); +int OBJ_add_object(const ASN1_OBJECT *obj); +int OBJ_create(const char *oid, const char *sn, const char *ln); +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define OBJ_cleanup() while(0) continue +#endif +int OBJ_create_objects(BIO *in); + +size_t OBJ_length(const ASN1_OBJECT *obj); +const unsigned char *OBJ_get0_data(const ASN1_OBJECT *obj); + +int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid); +int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid); +int OBJ_add_sigid(int signid, int dig_id, int pkey_id); +void OBJ_sigid_free(void); + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/linux_amd64/ssl/include/openssl/objectserr.h b/linux_amd64/ssl/include/openssl/objectserr.h new file mode 100644 index 0000000..84c7501 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/objectserr.h @@ -0,0 +1,50 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_OBJECTSERR_H +# define OPENSSL_OBJECTSERR_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_OBJERR_H +# endif + +# include +# include + + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_OBJ_strings(void); + +/* + * OBJ function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define OBJ_F_OBJ_ADD_OBJECT 0 +# define OBJ_F_OBJ_ADD_SIGID 0 +# define OBJ_F_OBJ_CREATE 0 +# define OBJ_F_OBJ_DUP 0 +# define OBJ_F_OBJ_NAME_NEW_INDEX 0 +# define OBJ_F_OBJ_NID2LN 0 +# define OBJ_F_OBJ_NID2OBJ 0 +# define OBJ_F_OBJ_NID2SN 0 +# define OBJ_F_OBJ_TXT2OBJ 0 +# endif + +/* + * OBJ reason codes. + */ +# define OBJ_R_OID_EXISTS 102 +# define OBJ_R_UNKNOWN_NID 101 + +#endif diff --git a/linux_amd64/ssl/include/openssl/ocsp.h b/linux_amd64/ssl/include/openssl/ocsp.h new file mode 100644 index 0000000..209afd6 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/ocsp.h @@ -0,0 +1,375 @@ +/* + * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_OCSP_H +# define OPENSSL_OCSP_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_OCSP_H +# endif + +# include + +/* + * These definitions are outside the OPENSSL_NO_OCSP guard because although for + * historical reasons they have OCSP_* names, they can actually be used + * independently of OCSP. E.g. see RFC5280 + */ +/*- + * CRLReason ::= ENUMERATED { + * unspecified (0), + * keyCompromise (1), + * cACompromise (2), + * affiliationChanged (3), + * superseded (4), + * cessationOfOperation (5), + * certificateHold (6), + * -- value 7 is not used + * removeFromCRL (8), + * privilegeWithdrawn (9), + * aACompromise (10) } + */ +# define OCSP_REVOKED_STATUS_NOSTATUS -1 +# define OCSP_REVOKED_STATUS_UNSPECIFIED 0 +# define OCSP_REVOKED_STATUS_KEYCOMPROMISE 1 +# define OCSP_REVOKED_STATUS_CACOMPROMISE 2 +# define OCSP_REVOKED_STATUS_AFFILIATIONCHANGED 3 +# define OCSP_REVOKED_STATUS_SUPERSEDED 4 +# define OCSP_REVOKED_STATUS_CESSATIONOFOPERATION 5 +# define OCSP_REVOKED_STATUS_CERTIFICATEHOLD 6 +# define OCSP_REVOKED_STATUS_REMOVEFROMCRL 8 +# define OCSP_REVOKED_STATUS_PRIVILEGEWITHDRAWN 9 +# define OCSP_REVOKED_STATUS_AACOMPROMISE 10 + +/* + * These definitions are outside the OPENSSL_NO_OCSP guard because although for + * historical reasons they have OCSP_* names, they are used for the HTTP client. + */ +# include +/* The following functions are used only internally */ +OCSP_REQ_CTX *OCSP_REQ_CTX_new(BIO *wbio, BIO *rbio, + int method_GET, int maxline, + unsigned long max_resp_len, int timeout, + const char *expected_content_type, + int expect_asn1); +void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx); +int OCSP_REQ_CTX_http(OCSP_REQ_CTX *rctx, + const char *server, const char *port, const char *path); +int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx, + const char *name, const char *value); +int OCSP_REQ_CTX_i2d(OCSP_REQ_CTX *rctx, const char *content_type, + const ASN1_ITEM *it, ASN1_VALUE *req); +int OCSP_REQ_CTX_nbio(OCSP_REQ_CTX *rctx); +ASN1_VALUE *OCSP_REQ_CTX_nbio_d2i(OCSP_REQ_CTX *rctx, const ASN1_ITEM *it); +BIO *OCSP_REQ_CTX_get0_mem_bio(OCSP_REQ_CTX *rctx); +void OCSP_set_max_response_length(OCSP_REQ_CTX *rctx, unsigned long len); +/* End of functions used only internally */ + + +# ifndef OPENSSL_NO_OCSP + +# include +# include +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +/* Various flags and values */ + +# define OCSP_DEFAULT_NONCE_LENGTH 16 + +# define OCSP_NOCERTS 0x1 +# define OCSP_NOINTERN 0x2 +# define OCSP_NOSIGS 0x4 +# define OCSP_NOCHAIN 0x8 +# define OCSP_NOVERIFY 0x10 +# define OCSP_NOEXPLICIT 0x20 +# define OCSP_NOCASIGN 0x40 +# define OCSP_NODELEGATED 0x80 +# define OCSP_NOCHECKS 0x100 +# define OCSP_TRUSTOTHER 0x200 +# define OCSP_RESPID_KEY 0x400 +# define OCSP_NOTIME 0x800 + +typedef struct ocsp_cert_id_st OCSP_CERTID; + +DEFINE_STACK_OF(OCSP_CERTID) + +typedef struct ocsp_one_request_st OCSP_ONEREQ; + +DEFINE_STACK_OF(OCSP_ONEREQ) + +typedef struct ocsp_req_info_st OCSP_REQINFO; +typedef struct ocsp_signature_st OCSP_SIGNATURE; +typedef struct ocsp_request_st OCSP_REQUEST; + +# define OCSP_RESPONSE_STATUS_SUCCESSFUL 0 +# define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST 1 +# define OCSP_RESPONSE_STATUS_INTERNALERROR 2 +# define OCSP_RESPONSE_STATUS_TRYLATER 3 +# define OCSP_RESPONSE_STATUS_SIGREQUIRED 5 +# define OCSP_RESPONSE_STATUS_UNAUTHORIZED 6 + +typedef struct ocsp_resp_bytes_st OCSP_RESPBYTES; + +# define V_OCSP_RESPID_NAME 0 +# define V_OCSP_RESPID_KEY 1 + +DEFINE_STACK_OF(OCSP_RESPID) + +typedef struct ocsp_revoked_info_st OCSP_REVOKEDINFO; + +# define V_OCSP_CERTSTATUS_GOOD 0 +# define V_OCSP_CERTSTATUS_REVOKED 1 +# define V_OCSP_CERTSTATUS_UNKNOWN 2 + +typedef struct ocsp_cert_status_st OCSP_CERTSTATUS; +typedef struct ocsp_single_response_st OCSP_SINGLERESP; + +DEFINE_STACK_OF(OCSP_SINGLERESP) + +typedef struct ocsp_response_data_st OCSP_RESPDATA; + +typedef struct ocsp_basic_response_st OCSP_BASICRESP; + +typedef struct ocsp_crl_id_st OCSP_CRLID; +typedef struct ocsp_service_locator_st OCSP_SERVICELOC; + +# define PEM_STRING_OCSP_REQUEST "OCSP REQUEST" +# define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE" + +# define d2i_OCSP_REQUEST_bio(bp,p) ASN1_d2i_bio_of(OCSP_REQUEST,OCSP_REQUEST_new,d2i_OCSP_REQUEST,bp,p) + +# define d2i_OCSP_RESPONSE_bio(bp,p) ASN1_d2i_bio_of(OCSP_RESPONSE,OCSP_RESPONSE_new,d2i_OCSP_RESPONSE,bp,p) + +# define PEM_read_bio_OCSP_REQUEST(bp,x,cb) (OCSP_REQUEST *)PEM_ASN1_read_bio( \ + (char *(*)())d2i_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST, \ + bp,(char **)(x),cb,NULL) + +# define PEM_read_bio_OCSP_RESPONSE(bp,x,cb) (OCSP_RESPONSE *)PEM_ASN1_read_bio(\ + (char *(*)())d2i_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE, \ + bp,(char **)(x),cb,NULL) + +# define PEM_write_bio_OCSP_REQUEST(bp,o) \ + PEM_ASN1_write_bio((int (*)())i2d_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,\ + bp,(char *)(o), NULL,NULL,0,NULL,NULL) + +# define PEM_write_bio_OCSP_RESPONSE(bp,o) \ + PEM_ASN1_write_bio((int (*)())i2d_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,\ + bp,(char *)(o), NULL,NULL,0,NULL,NULL) + +# define i2d_OCSP_RESPONSE_bio(bp,o) ASN1_i2d_bio_of(OCSP_RESPONSE,i2d_OCSP_RESPONSE,bp,o) + +# define i2d_OCSP_REQUEST_bio(bp,o) ASN1_i2d_bio_of(OCSP_REQUEST,i2d_OCSP_REQUEST,bp,o) + +# define ASN1_BIT_STRING_digest(data,type,md,len) \ + ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len) + +# define OCSP_CERTSTATUS_dup(cs)\ + (OCSP_CERTSTATUS*)ASN1_dup((int(*)())i2d_OCSP_CERTSTATUS,\ + (char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs)) + +DECLARE_ASN1_DUP_FUNCTION(OCSP_CERTID) + +OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, const char *path, OCSP_REQUEST *req); +OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req, + int maxline); +int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx); + +/* TODO: remove this (documented but) meanwhile obsolete function? */ +int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, const OCSP_REQUEST *req); + +OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, const X509 *subject, + const X509 *issuer); + +OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, + const X509_NAME *issuerName, + const ASN1_BIT_STRING *issuerKey, + const ASN1_INTEGER *serialNumber); + +OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid); + +int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len); +int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len); +int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs); +int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req); + +int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm); +int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert); + +int OCSP_request_sign(OCSP_REQUEST *req, + X509 *signer, + EVP_PKEY *key, + const EVP_MD *dgst, + STACK_OF(X509) *certs, unsigned long flags); + +int OCSP_response_status(OCSP_RESPONSE *resp); +OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp); + +const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs); +const X509_ALGOR *OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *bs); +const OCSP_RESPDATA *OCSP_resp_get0_respdata(const OCSP_BASICRESP *bs); +int OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer, + STACK_OF(X509) *extra_certs); + +int OCSP_resp_count(OCSP_BASICRESP *bs); +OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx); +const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at(const OCSP_BASICRESP* bs); +const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs); +int OCSP_resp_get0_id(const OCSP_BASICRESP *bs, + const ASN1_OCTET_STRING **pid, + const X509_NAME **pname); +int OCSP_resp_get1_id(const OCSP_BASICRESP *bs, + ASN1_OCTET_STRING **pid, + X509_NAME **pname); + +int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last); +int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason, + ASN1_GENERALIZEDTIME **revtime, + ASN1_GENERALIZEDTIME **thisupd, + ASN1_GENERALIZEDTIME **nextupd); +int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status, + int *reason, + ASN1_GENERALIZEDTIME **revtime, + ASN1_GENERALIZEDTIME **thisupd, + ASN1_GENERALIZEDTIME **nextupd); +int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, + ASN1_GENERALIZEDTIME *nextupd, long sec, long maxsec); + +int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, + X509_STORE *store, unsigned long flags); + +# define OCSP_parse_url OSSL_HTTP_parse_url /* for backward compatibility */ + +int OCSP_id_issuer_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b); +int OCSP_id_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b); + +int OCSP_request_onereq_count(OCSP_REQUEST *req); +OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i); +OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one); +int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd, + ASN1_OCTET_STRING **pikeyHash, + ASN1_INTEGER **pserial, OCSP_CERTID *cid); +int OCSP_request_is_signed(OCSP_REQUEST *req); +OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs); +OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp, + OCSP_CERTID *cid, + int status, int reason, + ASN1_TIME *revtime, + ASN1_TIME *thisupd, + ASN1_TIME *nextupd); +int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert); +int OCSP_basic_sign(OCSP_BASICRESP *brsp, + X509 *signer, EVP_PKEY *key, const EVP_MD *dgst, + STACK_OF(X509) *certs, unsigned long flags); +int OCSP_basic_sign_ctx(OCSP_BASICRESP *brsp, + X509 *signer, EVP_MD_CTX *ctx, + STACK_OF(X509) *certs, unsigned long flags); +int OCSP_RESPID_set_by_name(OCSP_RESPID *respid, X509 *cert); +int OCSP_RESPID_set_by_key(OCSP_RESPID *respid, X509 *cert); +int OCSP_RESPID_match(OCSP_RESPID *respid, X509 *cert); + +X509_EXTENSION *OCSP_crlID_new(const char *url, long *n, char *tim); + +X509_EXTENSION *OCSP_accept_responses_new(char **oids); + +X509_EXTENSION *OCSP_archive_cutoff_new(char *tim); + +X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME *issuer, const char **urls); + +int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x); +int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos); +int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, const ASN1_OBJECT *obj, + int lastpos); +int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos); +X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc); +X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc); +void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, + int *idx); +int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit, + unsigned long flags); +int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc); + +int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x); +int OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos); +int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, const ASN1_OBJECT *obj, int lastpos); +int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos); +X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc); +X509_EXTENSION *OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc); +void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx); +int OCSP_ONEREQ_add1_ext_i2d(OCSP_ONEREQ *x, int nid, void *value, int crit, + unsigned long flags); +int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc); + +int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x); +int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos); +int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, const ASN1_OBJECT *obj, + int lastpos); +int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, + int lastpos); +X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc); +X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc); +void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit, + int *idx); +int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value, + int crit, unsigned long flags); +int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc); + +int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x); +int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos); +int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, const ASN1_OBJECT *obj, + int lastpos); +int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit, + int lastpos); +X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc); +X509_EXTENSION *OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *x, int loc); +void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit, + int *idx); +int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value, + int crit, unsigned long flags); +int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc); +const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *x); + +DECLARE_ASN1_FUNCTIONS(OCSP_SINGLERESP) +DECLARE_ASN1_FUNCTIONS(OCSP_CERTSTATUS) +DECLARE_ASN1_FUNCTIONS(OCSP_REVOKEDINFO) +DECLARE_ASN1_FUNCTIONS(OCSP_BASICRESP) +DECLARE_ASN1_FUNCTIONS(OCSP_RESPDATA) +DECLARE_ASN1_FUNCTIONS(OCSP_RESPID) +DECLARE_ASN1_FUNCTIONS(OCSP_RESPONSE) +DECLARE_ASN1_FUNCTIONS(OCSP_RESPBYTES) +DECLARE_ASN1_FUNCTIONS(OCSP_ONEREQ) +DECLARE_ASN1_FUNCTIONS(OCSP_CERTID) +DECLARE_ASN1_FUNCTIONS(OCSP_REQUEST) +DECLARE_ASN1_FUNCTIONS(OCSP_SIGNATURE) +DECLARE_ASN1_FUNCTIONS(OCSP_REQINFO) +DECLARE_ASN1_FUNCTIONS(OCSP_CRLID) +DECLARE_ASN1_FUNCTIONS(OCSP_SERVICELOC) + +const char *OCSP_response_status_str(long s); +const char *OCSP_cert_status_str(long s); +const char *OCSP_crl_reason_str(long s); + +int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST *a, unsigned long flags); +int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE *o, unsigned long flags); + +int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, + X509_STORE *st, unsigned long flags); + + +# ifdef __cplusplus +} +# endif +# endif /* !defined OPENSSL_NO_OCSP */ +#endif diff --git a/linux_amd64/ssl/include/openssl/ocsperr.h b/linux_amd64/ssl/include/openssl/ocsperr.h new file mode 100644 index 0000000..7e3fd0f --- /dev/null +++ b/linux_amd64/ssl/include/openssl/ocsperr.h @@ -0,0 +1,81 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_OCSPERR_H +# define OPENSSL_OCSPERR_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_OCSPERR_H +# endif + +# include +# include + + +# include + +# ifndef OPENSSL_NO_OCSP + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_OCSP_strings(void); + +/* + * OCSP function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define OCSP_F_D2I_OCSP_NONCE 0 +# define OCSP_F_OCSP_BASIC_ADD1_STATUS 0 +# define OCSP_F_OCSP_BASIC_SIGN 0 +# define OCSP_F_OCSP_BASIC_SIGN_CTX 0 +# define OCSP_F_OCSP_BASIC_VERIFY 0 +# define OCSP_F_OCSP_CERT_ID_NEW 0 +# define OCSP_F_OCSP_CHECK_DELEGATED 0 +# define OCSP_F_OCSP_CHECK_IDS 0 +# define OCSP_F_OCSP_CHECK_ISSUER 0 +# define OCSP_F_OCSP_CHECK_VALIDITY 0 +# define OCSP_F_OCSP_MATCH_ISSUERID 0 +# define OCSP_F_OCSP_REQUEST_SIGN 0 +# define OCSP_F_OCSP_REQUEST_VERIFY 0 +# define OCSP_F_OCSP_RESPONSE_GET1_BASIC 0 +# endif + +/* + * OCSP reason codes. + */ +# define OCSP_R_CERTIFICATE_VERIFY_ERROR 101 +# define OCSP_R_DIGEST_ERR 102 +# define OCSP_R_ERROR_IN_NEXTUPDATE_FIELD 122 +# define OCSP_R_ERROR_IN_THISUPDATE_FIELD 123 +# define OCSP_R_MISSING_OCSPSIGNING_USAGE 103 +# define OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE 124 +# define OCSP_R_NOT_BASIC_RESPONSE 104 +# define OCSP_R_NO_CERTIFICATES_IN_CHAIN 105 +# define OCSP_R_NO_RESPONSE_DATA 108 +# define OCSP_R_NO_REVOKED_TIME 109 +# define OCSP_R_NO_SIGNER_KEY 130 +# define OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 110 +# define OCSP_R_REQUEST_NOT_SIGNED 128 +# define OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA 111 +# define OCSP_R_ROOT_CA_NOT_TRUSTED 112 +# define OCSP_R_SIGNATURE_FAILURE 117 +# define OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND 118 +# define OCSP_R_STATUS_EXPIRED 125 +# define OCSP_R_STATUS_NOT_YET_VALID 126 +# define OCSP_R_STATUS_TOO_OLD 127 +# define OCSP_R_UNKNOWN_MESSAGE_DIGEST 119 +# define OCSP_R_UNKNOWN_NID 120 +# define OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE 129 + +# endif +#endif diff --git a/linux_amd64/ssl/include/openssl/opensslconf.h b/linux_amd64/ssl/include/openssl/opensslconf.h new file mode 100644 index 0000000..9a49bce --- /dev/null +++ b/linux_amd64/ssl/include/openssl/opensslconf.h @@ -0,0 +1,16 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_OPENSSLCONF_H +# define OPENSSL_OPENSSLCONF_H + +#include +#include + +#endif /* OPENSSL_OPENSSLCONF_H */ diff --git a/linux_amd64/ssl/include/openssl/opensslv.h b/linux_amd64/ssl/include/openssl/opensslv.h new file mode 100644 index 0000000..7805942 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/opensslv.h @@ -0,0 +1,114 @@ +/* + * WARNING: do not edit! + * Generated by Makefile from ../include/openssl/opensslv.h.in + * + * Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_OPENSSLV_H +# define OPENSSL_OPENSSLV_H +# pragma once + +# ifdef __cplusplus +extern "C" { +# endif + +/* + * SECTION 1: VERSION DATA. These will change for each release + */ + +/* + * Base version macros + * + * These macros express version number MAJOR.MINOR.PATCH exactly + */ +# define OPENSSL_VERSION_MAJOR 3 +# define OPENSSL_VERSION_MINOR 0 +# define OPENSSL_VERSION_PATCH 0 + +/* + * Additional version information + * + * These are also part of the new version scheme, but aren't part + * of the version number itself. + */ + +/* Could be: #define OPENSSL_VERSION_PRE_RELEASE "-alpha.1" */ +# define OPENSSL_VERSION_PRE_RELEASE "-dev" +/* Could be: #define OPENSSL_VERSION_BUILD_METADATA "+fips" */ +/* Could be: #define OPENSSL_VERSION_BUILD_METADATA "+vendor.1" */ +# define OPENSSL_VERSION_BUILD_METADATA "" + +/* + * Note: The OpenSSL Project will never define OPENSSL_VERSION_BUILD_METADATA + * to be anything but the empty string. Its use is entirely reserved for + * others + */ + +/* + * Shared library version + * + * This is strictly to express ABI version, which may or may not + * be related to the API version expressed with the macros above. + * This is defined in free form. + */ +# define OPENSSL_SHLIB_VERSION 3 + +/* + * SECTION 2: USEFUL MACROS + */ + +/* For checking general API compatibility when preprocessing */ +# define OPENSSL_VERSION_PREREQ(maj,min) \ + ((OPENSSL_VERSION_MAJOR << 16) + OPENSSL_VERSION_MINOR >= ((maj) << 16) + (min)) + +/* + * Macros to get the version in easily digested string form, both the short + * "MAJOR.MINOR.PATCH" variant (where MAJOR, MINOR and PATCH are replaced + * with the values from the corresponding OPENSSL_VERSION_ macros) and the + * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and + * OPENSSL_VERSION_BUILD_METADATA_STR appended. + */ +# define OPENSSL_VERSION_STR "3.0.0" +# define OPENSSL_FULL_VERSION_STR "3.0.0-dev" + +/* + * SECTION 3: ADDITIONAL METADATA + * + * These strings are defined separately to allow them to be parsable. + */ +# define OPENSSL_RELEASE_DATE "xx XXX xxxx" + +/* + * SECTION 4: BACKWARD COMPATIBILITY + */ + +# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.0-dev xx XXX xxxx" + +/* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ +# ifdef OPENSSL_VERSION_PRE_RELEASE +# define _OPENSSL_VERSION_PRE_RELEASE 0x0 +# else +# define _OPENSSL_VERSION_PRE_RELEASE 0xf +# endif +# define OPENSSL_VERSION_NUMBER \ + ( (OPENSSL_VERSION_MAJOR<<28) \ + |(OPENSSL_VERSION_MINOR<<20) \ + |(OPENSSL_VERSION_PATCH<<4) \ + |_OPENSSL_VERSION_PRE_RELEASE ) + +# ifdef __cplusplus +} +# endif + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_OPENSSLV_H +# endif + +#endif /* OPENSSL_OPENSSLV_H */ diff --git a/linux_amd64/ssl/include/openssl/ossl_typ.h b/linux_amd64/ssl/include/openssl/ossl_typ.h new file mode 100644 index 0000000..82a5898 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/ossl_typ.h @@ -0,0 +1,16 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * The original was renamed to + * + * This header file only exists for compatibility reasons with older + * applications which #include . + */ +# include diff --git a/linux_amd64/ssl/include/openssl/params.h b/linux_amd64/ssl/include/openssl/params.h new file mode 100644 index 0000000..cd0f784 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/params.h @@ -0,0 +1,141 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_PARAMS_H +# define OPENSSL_PARAMS_H + +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +# define OSSL_PARAM_END \ + { NULL, 0, NULL, 0, 0 } + +# define OSSL_PARAM_DEFN(key, type, addr, sz) \ + { (key), (type), (addr), (sz), 0 } + +/* Basic parameter types without return sizes */ +# define OSSL_PARAM_int(key, addr) \ + OSSL_PARAM_DEFN((key), OSSL_PARAM_INTEGER, (addr), sizeof(int)) +# define OSSL_PARAM_uint(key, addr) \ + OSSL_PARAM_DEFN((key), OSSL_PARAM_UNSIGNED_INTEGER, (addr), \ + sizeof(unsigned int)) +# define OSSL_PARAM_long(key, addr) \ + OSSL_PARAM_DEFN((key), OSSL_PARAM_INTEGER, (addr), sizeof(long int)) +# define OSSL_PARAM_ulong(key, addr) \ + OSSL_PARAM_DEFN((key), OSSL_PARAM_UNSIGNED_INTEGER, (addr), \ + sizeof(unsigned long int)) +# define OSSL_PARAM_int32(key, addr) \ + OSSL_PARAM_DEFN((key), OSSL_PARAM_INTEGER, (addr), sizeof(int32_t)) +# define OSSL_PARAM_uint32(key, addr) \ + OSSL_PARAM_DEFN((key), OSSL_PARAM_UNSIGNED_INTEGER, (addr), \ + sizeof(uint32_t)) +# define OSSL_PARAM_int64(key, addr) \ + OSSL_PARAM_DEFN((key), OSSL_PARAM_INTEGER, (addr), sizeof(int64_t)) +# define OSSL_PARAM_uint64(key, addr) \ + OSSL_PARAM_DEFN((key), OSSL_PARAM_UNSIGNED_INTEGER, (addr), \ + sizeof(uint64_t)) +# define OSSL_PARAM_size_t(key, addr) \ + OSSL_PARAM_DEFN((key), OSSL_PARAM_UNSIGNED_INTEGER, (addr), sizeof(size_t)) +# define OSSL_PARAM_double(key, addr) \ + OSSL_PARAM_DEFN((key), OSSL_PARAM_REAL, (addr), sizeof(double)) + +# define OSSL_PARAM_BN(key, bn, sz) \ + OSSL_PARAM_DEFN((key), OSSL_PARAM_UNSIGNED_INTEGER, (bn), (sz)) +# define OSSL_PARAM_utf8_string(key, addr, sz) \ + OSSL_PARAM_DEFN((key), OSSL_PARAM_UTF8_STRING, (addr), sz) +# define OSSL_PARAM_octet_string(key, addr, sz) \ + OSSL_PARAM_DEFN((key), OSSL_PARAM_OCTET_STRING, (addr), sz) + +# define OSSL_PARAM_utf8_ptr(key, addr, sz) \ + OSSL_PARAM_DEFN((key), OSSL_PARAM_UTF8_PTR, &(addr), sz) +# define OSSL_PARAM_octet_ptr(key, addr, sz) \ + OSSL_PARAM_DEFN((key), OSSL_PARAM_OCTET_PTR, &(addr), sz) + +/* Search an OSSL_PARAM array for a matching name */ +OSSL_PARAM *OSSL_PARAM_locate(OSSL_PARAM *p, const char *key); +const OSSL_PARAM *OSSL_PARAM_locate_const(const OSSL_PARAM *p, const char *key); + +/* Basic parameter type run-time construction */ +OSSL_PARAM OSSL_PARAM_construct_int(const char *key, int *buf); +OSSL_PARAM OSSL_PARAM_construct_uint(const char *key, unsigned int *buf); +OSSL_PARAM OSSL_PARAM_construct_long(const char *key, long int *buf); +OSSL_PARAM OSSL_PARAM_construct_ulong(const char *key, unsigned long int *buf); +OSSL_PARAM OSSL_PARAM_construct_int32(const char *key, int32_t *buf); +OSSL_PARAM OSSL_PARAM_construct_uint32(const char *key, uint32_t *buf); +OSSL_PARAM OSSL_PARAM_construct_int64(const char *key, int64_t *buf); +OSSL_PARAM OSSL_PARAM_construct_uint64(const char *key, uint64_t *buf); +OSSL_PARAM OSSL_PARAM_construct_size_t(const char *key, size_t *buf); +OSSL_PARAM OSSL_PARAM_construct_BN(const char *key, unsigned char *buf, + size_t bsize); +OSSL_PARAM OSSL_PARAM_construct_double(const char *key, double *buf); +OSSL_PARAM OSSL_PARAM_construct_utf8_string(const char *key, char *buf, + size_t bsize); +OSSL_PARAM OSSL_PARAM_construct_utf8_ptr(const char *key, char **buf, + size_t bsize); +OSSL_PARAM OSSL_PARAM_construct_octet_string(const char *key, void *buf, + size_t bsize); +OSSL_PARAM OSSL_PARAM_construct_octet_ptr(const char *key, void **buf, + size_t bsize); +OSSL_PARAM OSSL_PARAM_construct_end(void); + +int OSSL_PARAM_allocate_from_text(OSSL_PARAM *to, + const OSSL_PARAM *paramdefs, + const char *key, const char *value, + size_t value_n, int *found); + +int OSSL_PARAM_get_int(const OSSL_PARAM *p, int *val); +int OSSL_PARAM_get_uint(const OSSL_PARAM *p, unsigned int *val); +int OSSL_PARAM_get_long(const OSSL_PARAM *p, long int *val); +int OSSL_PARAM_get_ulong(const OSSL_PARAM *p, unsigned long int *val); +int OSSL_PARAM_get_int32(const OSSL_PARAM *p, int32_t *val); +int OSSL_PARAM_get_uint32(const OSSL_PARAM *p, uint32_t *val); +int OSSL_PARAM_get_int64(const OSSL_PARAM *p, int64_t *val); +int OSSL_PARAM_get_uint64(const OSSL_PARAM *p, uint64_t *val); +int OSSL_PARAM_get_size_t(const OSSL_PARAM *p, size_t *val); + +int OSSL_PARAM_set_int(OSSL_PARAM *p, int val); +int OSSL_PARAM_set_uint(OSSL_PARAM *p, unsigned int val); +int OSSL_PARAM_set_long(OSSL_PARAM *p, long int val); +int OSSL_PARAM_set_ulong(OSSL_PARAM *p, unsigned long int val); +int OSSL_PARAM_set_int32(OSSL_PARAM *p, int32_t val); +int OSSL_PARAM_set_uint32(OSSL_PARAM *p, uint32_t val); +int OSSL_PARAM_set_int64(OSSL_PARAM *p, int64_t val); +int OSSL_PARAM_set_uint64(OSSL_PARAM *p, uint64_t val); +int OSSL_PARAM_set_size_t(OSSL_PARAM *p, size_t val); + +int OSSL_PARAM_get_double(const OSSL_PARAM *p, double *val); +int OSSL_PARAM_set_double(OSSL_PARAM *p, double val); + +int OSSL_PARAM_get_BN(const OSSL_PARAM *p, BIGNUM **val); +int OSSL_PARAM_set_BN(OSSL_PARAM *p, const BIGNUM *val); + +int OSSL_PARAM_get_utf8_string(const OSSL_PARAM *p, char **val, size_t max_len); +int OSSL_PARAM_set_utf8_string(OSSL_PARAM *p, const char *val); + +int OSSL_PARAM_get_octet_string(const OSSL_PARAM *p, void **val, size_t max_len, + size_t *used_len); +int OSSL_PARAM_set_octet_string(OSSL_PARAM *p, const void *val, size_t len); + +int OSSL_PARAM_get_utf8_ptr(const OSSL_PARAM *p, const char **val); +int OSSL_PARAM_set_utf8_ptr(OSSL_PARAM *p, const char *val); + +int OSSL_PARAM_get_octet_ptr(const OSSL_PARAM *p, const void **val, + size_t *used_len); +int OSSL_PARAM_set_octet_ptr(OSSL_PARAM *p, const void *val, + size_t used_len); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/linux_amd64/ssl/include/openssl/pem.h b/linux_amd64/ssl/include/openssl/pem.h new file mode 100644 index 0000000..e48d247 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/pem.h @@ -0,0 +1,411 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_PEM_H +# define OPENSSL_PEM_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_PEM_H +# endif + +# include +# include +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# define PEM_BUFSIZE 1024 + +# define PEM_STRING_X509_OLD "X509 CERTIFICATE" +# define PEM_STRING_X509 "CERTIFICATE" +# define PEM_STRING_X509_TRUSTED "TRUSTED CERTIFICATE" +# define PEM_STRING_X509_REQ_OLD "NEW CERTIFICATE REQUEST" +# define PEM_STRING_X509_REQ "CERTIFICATE REQUEST" +# define PEM_STRING_X509_CRL "X509 CRL" +# define PEM_STRING_EVP_PKEY "ANY PRIVATE KEY" +# define PEM_STRING_PUBLIC "PUBLIC KEY" +# define PEM_STRING_RSA "RSA PRIVATE KEY" +# define PEM_STRING_RSA_PUBLIC "RSA PUBLIC KEY" +# define PEM_STRING_DSA "DSA PRIVATE KEY" +# define PEM_STRING_DSA_PUBLIC "DSA PUBLIC KEY" +# define PEM_STRING_PKCS7 "PKCS7" +# define PEM_STRING_PKCS7_SIGNED "PKCS #7 SIGNED DATA" +# define PEM_STRING_PKCS8 "ENCRYPTED PRIVATE KEY" +# define PEM_STRING_PKCS8INF "PRIVATE KEY" +# define PEM_STRING_DHPARAMS "DH PARAMETERS" +# define PEM_STRING_DHXPARAMS "X9.42 DH PARAMETERS" +# define PEM_STRING_SSL_SESSION "SSL SESSION PARAMETERS" +# define PEM_STRING_DSAPARAMS "DSA PARAMETERS" +# define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY" +# define PEM_STRING_ECPARAMETERS "EC PARAMETERS" +# define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY" +# define PEM_STRING_PARAMETERS "PARAMETERS" +# define PEM_STRING_CMS "CMS" + +# define PEM_TYPE_ENCRYPTED 10 +# define PEM_TYPE_MIC_ONLY 20 +# define PEM_TYPE_MIC_CLEAR 30 +# define PEM_TYPE_CLEAR 40 + +/* + * These macros make the PEM_read/PEM_write functions easier to maintain and + * write. Now they are all implemented with either: IMPLEMENT_PEM_rw(...) or + * IMPLEMENT_PEM_rw_cb(...) + */ + +# define PEM_write_fnsig(name, type, OUTTYPE, writename) \ + int PEM_##writename##_##name(OUTTYPE *out, const type *x) +# define PEM_write_cb_fnsig(name, type, OUTTYPE, writename) \ + int PEM_##writename##_##name(OUTTYPE *out, const type *x, \ + const EVP_CIPHER *enc, \ + const unsigned char *kstr, int klen, \ + pem_password_cb *cb, void *u) + +# ifdef OPENSSL_NO_STDIO + +# define IMPLEMENT_PEM_read_fp(name, type, str, asn1) /**/ +# define IMPLEMENT_PEM_write_fp(name, type, str, asn1) /**/ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) /**/ +# endif +# define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) /**/ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) /**/ +# endif +# else + +# define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \ + type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u) \ + { \ + return PEM_ASN1_read((d2i_of_void *)d2i_##asn1, str, fp, \ + (void **)x, cb, u); \ + } + +# define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \ + PEM_write_fnsig(name, type, FILE, write) \ + { \ + return PEM_ASN1_write((i2d_of_void *)i2d_##asn1, str, out, \ + x, NULL, NULL, 0, NULL, NULL); \ + } + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_fp(name, type, str, asn1) +# endif + +# define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \ + PEM_write_cb_fnsig(name, type, FILE, write) \ + { \ + return PEM_ASN1_write((i2d_of_void *)i2d_##asn1, str, out, \ + x, enc, kstr, klen, cb, u); \ + } + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) +# endif +# endif + +# define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \ + type *PEM_read_bio_##name(BIO *bp, type **x, \ + pem_password_cb *cb, void *u) \ + { \ + return PEM_ASN1_read_bio((d2i_of_void *)d2i_##asn1, str, bp, \ + (void **)x, cb, u); \ + } + +# define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \ + PEM_write_fnsig(name, type, BIO, write_bio) \ + { \ + return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1, str, out, \ + x, NULL,NULL,0,NULL,NULL); \ + } + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_bio(name, type, str, asn1) +# endif + +# define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \ + PEM_write_cb_fnsig(name, type, BIO, write_bio) \ + { \ + return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1, str, out, \ + x, enc, kstr, klen, cb, u); \ + } + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) +# endif + +# define IMPLEMENT_PEM_write(name, type, str, asn1) \ + IMPLEMENT_PEM_write_bio(name, type, str, asn1) \ + IMPLEMENT_PEM_write_fp(name, type, str, asn1) + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define IMPLEMENT_PEM_write_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) +# endif + +# define IMPLEMENT_PEM_write_cb(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define IMPLEMENT_PEM_write_cb_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) +# endif + +# define IMPLEMENT_PEM_read(name, type, str, asn1) \ + IMPLEMENT_PEM_read_bio(name, type, str, asn1) \ + IMPLEMENT_PEM_read_fp(name, type, str, asn1) + +# define IMPLEMENT_PEM_rw(name, type, str, asn1) \ + IMPLEMENT_PEM_read(name, type, str, asn1) \ + IMPLEMENT_PEM_write(name, type, str, asn1) + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define IMPLEMENT_PEM_rw_const(name, type, str, asn1) \ + IMPLEMENT_PEM_read(name, type, str, asn1) \ + IMPLEMENT_PEM_write_const(name, type, str, asn1) +# endif + +# define IMPLEMENT_PEM_rw_cb(name, type, str, asn1) \ + IMPLEMENT_PEM_read(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb(name, type, str, asn1) + +/* These are the same except they are for the declarations */ + +# if defined(OPENSSL_NO_STDIO) + +# define DECLARE_PEM_read_fp(name, type) /**/ +# define DECLARE_PEM_write_fp(name, type) /**/ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define DECLARE_PEM_write_fp_const(name, type) /**/ +# endif +# define DECLARE_PEM_write_cb_fp(name, type) /**/ +# else + +# define DECLARE_PEM_read_fp(name, type) \ + type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u); + +# define DECLARE_PEM_write_fp(name, type) \ + PEM_write_fnsig(name, type, FILE, write); + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define DECLARE_PEM_write_fp_const(name, type) \ + PEM_write_fnsig(name, type, FILE, write); +# endif + +# define DECLARE_PEM_write_cb_fp(name, type) \ + PEM_write_cb_fnsig(name, type, FILE, write); + +# endif + +# define DECLARE_PEM_read_bio(name, type) \ + type *PEM_read_bio_##name(BIO *bp, type **x, \ + pem_password_cb *cb, void *u); + +# define DECLARE_PEM_write_bio(name, type) \ + PEM_write_fnsig(name, type, BIO, write_bio); + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define DECLARE_PEM_write_bio_const(name, type) \ + PEM_write_fnsig(name, type, BIO, write_bio); +# endif + +# define DECLARE_PEM_write_cb_bio(name, type) \ + PEM_write_cb_fnsig(name, type, BIO, write_bio); + +# define DECLARE_PEM_write(name, type) \ + DECLARE_PEM_write_bio(name, type) \ + DECLARE_PEM_write_fp(name, type) +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define DECLARE_PEM_write_const(name, type) \ + DECLARE_PEM_write_bio_const(name, type) \ + DECLARE_PEM_write_fp_const(name, type) +# endif +# define DECLARE_PEM_write_cb(name, type) \ + DECLARE_PEM_write_cb_bio(name, type) \ + DECLARE_PEM_write_cb_fp(name, type) +# define DECLARE_PEM_read(name, type) \ + DECLARE_PEM_read_bio(name, type) \ + DECLARE_PEM_read_fp(name, type) +# define DECLARE_PEM_rw(name, type) \ + DECLARE_PEM_read(name, type) \ + DECLARE_PEM_write(name, type) +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define DECLARE_PEM_rw_const(name, type) \ + DECLARE_PEM_read(name, type) \ + DECLARE_PEM_write_const(name, type) +# endif +# define DECLARE_PEM_rw_cb(name, type) \ + DECLARE_PEM_read(name, type) \ + DECLARE_PEM_write_cb(name, type) + +int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher); +int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *len, + pem_password_cb *callback, void *u); + +int PEM_read_bio(BIO *bp, char **name, char **header, + unsigned char **data, long *len); +# define PEM_FLAG_SECURE 0x1 +# define PEM_FLAG_EAY_COMPATIBLE 0x2 +# define PEM_FLAG_ONLY_B64 0x4 +int PEM_read_bio_ex(BIO *bp, char **name, char **header, + unsigned char **data, long *len, unsigned int flags); +int PEM_bytes_read_bio_secmem(unsigned char **pdata, long *plen, char **pnm, + const char *name, BIO *bp, pem_password_cb *cb, + void *u); +int PEM_write_bio(BIO *bp, const char *name, const char *hdr, + const unsigned char *data, long len); +int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, + const char *name, BIO *bp, pem_password_cb *cb, + void *u); +void *PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, void **x, + pem_password_cb *cb, void *u); +int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, + const void *x, const EVP_CIPHER *enc, + const unsigned char *kstr, int klen, + pem_password_cb *cb, void *u); + +STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, + pem_password_cb *cb, void *u); +int PEM_X509_INFO_write_bio(BIO *bp, const X509_INFO *xi, EVP_CIPHER *enc, + const unsigned char *kstr, int klen, + pem_password_cb *cd, void *u); + +#ifndef OPENSSL_NO_STDIO +int PEM_read(FILE *fp, char **name, char **header, + unsigned char **data, long *len); +int PEM_write(FILE *fp, const char *name, const char *hdr, + const unsigned char *data, long len); +void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x, + pem_password_cb *cb, void *u); +int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp, + const void *x, const EVP_CIPHER *enc, + const unsigned char *kstr, int klen, + pem_password_cb *callback, void *u); +STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, + pem_password_cb *cb, void *u); +#endif + +int PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type); +int PEM_SignUpdate(EVP_MD_CTX *ctx, const unsigned char *d, unsigned int cnt); +int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, + unsigned int *siglen, EVP_PKEY *pkey); + +/* The default pem_password_cb that's used internally */ +int PEM_def_callback(char *buf, int num, int rwflag, void *userdata); +void PEM_proc_type(char *buf, int type); +void PEM_dek_info(char *buf, const char *type, int len, const char *str); + +# include + +DECLARE_PEM_rw(X509, X509) +DECLARE_PEM_rw(X509_AUX, X509) +DECLARE_PEM_rw(X509_REQ, X509_REQ) +DECLARE_PEM_write(X509_REQ_NEW, X509_REQ) +DECLARE_PEM_rw(X509_CRL, X509_CRL) +DECLARE_PEM_rw(X509_PUBKEY, X509_PUBKEY) +DECLARE_PEM_rw(PKCS7, PKCS7) +DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE) +DECLARE_PEM_rw(PKCS8, X509_SIG) +DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO) +# ifndef OPENSSL_NO_RSA +DECLARE_PEM_rw_cb(RSAPrivateKey, RSA) +DECLARE_PEM_rw(RSAPublicKey, RSA) +DECLARE_PEM_rw(RSA_PUBKEY, RSA) +# endif +# ifndef OPENSSL_NO_DSA +DECLARE_PEM_rw_cb(DSAPrivateKey, DSA) +DECLARE_PEM_rw(DSA_PUBKEY, DSA) +DECLARE_PEM_rw(DSAparams, DSA) +# endif +# ifndef OPENSSL_NO_EC +DECLARE_PEM_rw(ECPKParameters, EC_GROUP) +DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY) +DECLARE_PEM_rw(EC_PUBKEY, EC_KEY) +# endif +# ifndef OPENSSL_NO_DH +DECLARE_PEM_rw(DHparams, DH) +DECLARE_PEM_write(DHxparams, DH) +# endif +DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY) +DECLARE_PEM_rw(PUBKEY, EVP_PKEY) + +int PEM_write_bio_PrivateKey_traditional(BIO *bp, const EVP_PKEY *x, + const EVP_CIPHER *enc, + const unsigned char *kstr, int klen, + pem_password_cb *cb, void *u); + +/* Why do these take a signed char *kstr? */ +int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, const EVP_PKEY *x, int nid, + const char *kstr, int klen, + pem_password_cb *cb, void *u); +int PEM_write_bio_PKCS8PrivateKey(BIO *, const EVP_PKEY *, const EVP_CIPHER *, + const char *kstr, int klen, + pem_password_cb *cb, void *u); +int i2d_PKCS8PrivateKey_bio(BIO *bp, const EVP_PKEY *x, const EVP_CIPHER *enc, + const char *kstr, int klen, + pem_password_cb *cb, void *u); +int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, const EVP_PKEY *x, int nid, + const char *kstr, int klen, + pem_password_cb *cb, void *u); +EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, + void *u); + +# ifndef OPENSSL_NO_STDIO +int i2d_PKCS8PrivateKey_fp(FILE *fp, const EVP_PKEY *x, const EVP_CIPHER *enc, + const char *kstr, int klen, + pem_password_cb *cb, void *u); +int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, const EVP_PKEY *x, int nid, + const char *kstr, int klen, + pem_password_cb *cb, void *u); +int PEM_write_PKCS8PrivateKey_nid(FILE *fp, const EVP_PKEY *x, int nid, + const char *kstr, int klen, + pem_password_cb *cb, void *u); + +EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, + void *u); + +int PEM_write_PKCS8PrivateKey(FILE *fp, const EVP_PKEY *x, const EVP_CIPHER *enc, + const char *kstr, int klen, + pem_password_cb *cd, void *u); +# endif +EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x); +int PEM_write_bio_Parameters(BIO *bp, const EVP_PKEY *x); + +# ifndef OPENSSL_NO_DSA +EVP_PKEY *b2i_PrivateKey(const unsigned char **in, long length); +EVP_PKEY *b2i_PublicKey(const unsigned char **in, long length); +EVP_PKEY *b2i_PrivateKey_bio(BIO *in); +EVP_PKEY *b2i_PublicKey_bio(BIO *in); +int i2b_PrivateKey_bio(BIO *out, const EVP_PKEY *pk); +int i2b_PublicKey_bio(BIO *out, const EVP_PKEY *pk); +# ifndef OPENSSL_NO_RC4 +EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u); +int i2b_PVK_bio(BIO *out, const EVP_PKEY *pk, int enclevel, + pem_password_cb *cb, void *u); +# endif +# endif + +# ifdef __cplusplus +} +# endif +#endif diff --git a/linux_amd64/ssl/include/openssl/pem2.h b/linux_amd64/ssl/include/openssl/pem2.h new file mode 100644 index 0000000..a8a5325 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/pem2.h @@ -0,0 +1,19 @@ +/* + * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_PEM2_H +# define OPENSSL_PEM2_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_PEM2_H +# endif +# include +#endif diff --git a/linux_amd64/ssl/include/openssl/pemerr.h b/linux_amd64/ssl/include/openssl/pemerr.h new file mode 100644 index 0000000..c37a3ac --- /dev/null +++ b/linux_amd64/ssl/include/openssl/pemerr.h @@ -0,0 +1,111 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_PEMERR_H +# define OPENSSL_PEMERR_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_PEMERR_H +# endif + +# include +# include + + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_PEM_strings(void); + +/* + * PEM function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define PEM_F_B2I_DSS 0 +# define PEM_F_B2I_PVK_BIO 0 +# define PEM_F_B2I_RSA 0 +# define PEM_F_CHECK_BITLEN_DSA 0 +# define PEM_F_CHECK_BITLEN_RSA 0 +# define PEM_F_D2I_PKCS8PRIVATEKEY_BIO 0 +# define PEM_F_D2I_PKCS8PRIVATEKEY_FP 0 +# define PEM_F_DO_B2I 0 +# define PEM_F_DO_B2I_BIO 0 +# define PEM_F_DO_BLOB_HEADER 0 +# define PEM_F_DO_I2B 0 +# define PEM_F_DO_PK8PKEY 0 +# define PEM_F_DO_PK8PKEY_FP 0 +# define PEM_F_DO_PVK_BODY 0 +# define PEM_F_DO_PVK_HEADER 0 +# define PEM_F_GET_HEADER_AND_DATA 0 +# define PEM_F_GET_NAME 0 +# define PEM_F_I2B_PVK 0 +# define PEM_F_I2B_PVK_BIO 0 +# define PEM_F_LOAD_IV 0 +# define PEM_F_PEM_ASN1_READ 0 +# define PEM_F_PEM_ASN1_READ_BIO 0 +# define PEM_F_PEM_ASN1_WRITE 0 +# define PEM_F_PEM_ASN1_WRITE_BIO 0 +# define PEM_F_PEM_DEF_CALLBACK 0 +# define PEM_F_PEM_DO_HEADER 0 +# define PEM_F_PEM_GET_EVP_CIPHER_INFO 0 +# define PEM_F_PEM_READ 0 +# define PEM_F_PEM_READ_BIO 0 +# define PEM_F_PEM_READ_BIO_DHPARAMS 0 +# define PEM_F_PEM_READ_BIO_EX 0 +# define PEM_F_PEM_READ_BIO_PARAMETERS 0 +# define PEM_F_PEM_READ_BIO_PRIVATEKEY 0 +# define PEM_F_PEM_READ_DHPARAMS 0 +# define PEM_F_PEM_READ_PRIVATEKEY 0 +# define PEM_F_PEM_SIGNFINAL 0 +# define PEM_F_PEM_WRITE 0 +# define PEM_F_PEM_WRITE_BIO 0 +# define PEM_F_PEM_WRITE_PRIVATEKEY 0 +# define PEM_F_PEM_X509_INFO_READ 0 +# define PEM_F_PEM_X509_INFO_READ_BIO 0 +# define PEM_F_PEM_X509_INFO_WRITE_BIO 0 +# endif + +/* + * PEM reason codes. + */ +# define PEM_R_BAD_BASE64_DECODE 100 +# define PEM_R_BAD_DECRYPT 101 +# define PEM_R_BAD_END_LINE 102 +# define PEM_R_BAD_IV_CHARS 103 +# define PEM_R_BAD_MAGIC_NUMBER 116 +# define PEM_R_BAD_PASSWORD_READ 104 +# define PEM_R_BAD_VERSION_NUMBER 117 +# define PEM_R_BIO_WRITE_FAILURE 118 +# define PEM_R_CIPHER_IS_NULL 127 +# define PEM_R_ERROR_CONVERTING_PRIVATE_KEY 115 +# define PEM_R_EXPECTING_PRIVATE_KEY_BLOB 119 +# define PEM_R_EXPECTING_PUBLIC_KEY_BLOB 120 +# define PEM_R_HEADER_TOO_LONG 128 +# define PEM_R_INCONSISTENT_HEADER 121 +# define PEM_R_KEYBLOB_HEADER_PARSE_ERROR 122 +# define PEM_R_KEYBLOB_TOO_SHORT 123 +# define PEM_R_MISSING_DEK_IV 129 +# define PEM_R_NOT_DEK_INFO 105 +# define PEM_R_NOT_ENCRYPTED 106 +# define PEM_R_NOT_PROC_TYPE 107 +# define PEM_R_NO_START_LINE 108 +# define PEM_R_PROBLEMS_GETTING_PASSWORD 109 +# define PEM_R_PVK_DATA_TOO_SHORT 124 +# define PEM_R_PVK_TOO_SHORT 125 +# define PEM_R_READ_KEY 111 +# define PEM_R_SHORT_HEADER 112 +# define PEM_R_UNEXPECTED_DEK_IV 130 +# define PEM_R_UNSUPPORTED_CIPHER 113 +# define PEM_R_UNSUPPORTED_ENCRYPTION 114 +# define PEM_R_UNSUPPORTED_KEY_COMPONENTS 126 + +#endif diff --git a/linux_amd64/ssl/include/openssl/pkcs12.h b/linux_amd64/ssl/include/openssl/pkcs12.h new file mode 100644 index 0000000..51d6e8a --- /dev/null +++ b/linux_amd64/ssl/include/openssl/pkcs12.h @@ -0,0 +1,229 @@ +/* + * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_PKCS12_H +# define OPENSSL_PKCS12_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_PKCS12_H +# endif + +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# define PKCS12_KEY_ID 1 +# define PKCS12_IV_ID 2 +# define PKCS12_MAC_ID 3 + +/* Default iteration count */ +# ifndef PKCS12_DEFAULT_ITER +# define PKCS12_DEFAULT_ITER PKCS5_DEFAULT_ITER +# endif + +# define PKCS12_MAC_KEY_LENGTH 20 + +# define PKCS12_SALT_LEN 8 + +/* It's not clear if these are actually needed... */ +# define PKCS12_key_gen PKCS12_key_gen_utf8 +# define PKCS12_add_friendlyname PKCS12_add_friendlyname_utf8 + +/* MS key usage constants */ + +# define KEY_EX 0x10 +# define KEY_SIG 0x80 + +typedef struct PKCS12_MAC_DATA_st PKCS12_MAC_DATA; + +typedef struct PKCS12_st PKCS12; + +typedef struct PKCS12_SAFEBAG_st PKCS12_SAFEBAG; + +DEFINE_STACK_OF(PKCS12_SAFEBAG) + +typedef struct pkcs12_bag_st PKCS12_BAGS; + +# define PKCS12_ERROR 0 +# define PKCS12_OK 1 + +/* Compatibility macros */ + +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 + +# define M_PKCS12_bag_type PKCS12_bag_type +# define M_PKCS12_cert_bag_type PKCS12_cert_bag_type +# define M_PKCS12_crl_bag_type PKCS12_cert_bag_type + +# define PKCS12_certbag2x509 PKCS12_SAFEBAG_get1_cert +# define PKCS12_certbag2scrl PKCS12_SAFEBAG_get1_crl +# define PKCS12_bag_type PKCS12_SAFEBAG_get_nid +# define PKCS12_cert_bag_type PKCS12_SAFEBAG_get_bag_nid +# define PKCS12_x5092certbag PKCS12_SAFEBAG_create_cert +# define PKCS12_x509crl2certbag PKCS12_SAFEBAG_create_crl +# define PKCS12_MAKE_KEYBAG PKCS12_SAFEBAG_create0_p8inf +# define PKCS12_MAKE_SHKEYBAG PKCS12_SAFEBAG_create_pkcs8_encrypt + +#endif + +DEPRECATEDIN_1_1_0(ASN1_TYPE *PKCS12_get_attr(const PKCS12_SAFEBAG *bag, int attr_nid)) + +ASN1_TYPE *PKCS8_get_attr(PKCS8_PRIV_KEY_INFO *p8, int attr_nid); +int PKCS12_mac_present(const PKCS12 *p12); +void PKCS12_get0_mac(const ASN1_OCTET_STRING **pmac, + const X509_ALGOR **pmacalg, + const ASN1_OCTET_STRING **psalt, + const ASN1_INTEGER **piter, + const PKCS12 *p12); + +const ASN1_TYPE *PKCS12_SAFEBAG_get0_attr(const PKCS12_SAFEBAG *bag, + int attr_nid); +const ASN1_OBJECT *PKCS12_SAFEBAG_get0_type(const PKCS12_SAFEBAG *bag); +int PKCS12_SAFEBAG_get_nid(const PKCS12_SAFEBAG *bag); +int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag); + +X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag); +X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag); +const STACK_OF(PKCS12_SAFEBAG) * +PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag); +const PKCS8_PRIV_KEY_INFO *PKCS12_SAFEBAG_get0_p8inf(const PKCS12_SAFEBAG *bag); +const X509_SIG *PKCS12_SAFEBAG_get0_pkcs8(const PKCS12_SAFEBAG *bag); + +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_cert(X509 *x509); +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_crl(X509_CRL *crl); +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_p8inf(PKCS8_PRIV_KEY_INFO *p8); +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_pkcs8(X509_SIG *p8); +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid, + const char *pass, + int passlen, + unsigned char *salt, + int saltlen, int iter, + PKCS8_PRIV_KEY_INFO *p8inf); + +PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, + int nid1, int nid2); +PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(const X509_SIG *p8, const char *pass, + int passlen); +PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(const PKCS12_SAFEBAG *bag, + const char *pass, int passlen); +X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, + const char *pass, int passlen, unsigned char *salt, + int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8); +X509_SIG *PKCS8_set0_pbe(const char *pass, int passlen, + PKCS8_PRIV_KEY_INFO *p8inf, X509_ALGOR *pbe); +PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk); +STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7); +PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, + unsigned char *salt, int saltlen, int iter, + STACK_OF(PKCS12_SAFEBAG) *bags); +STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, + int passlen); + +int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes); +STACK_OF(PKCS7) *PKCS12_unpack_authsafes(const PKCS12 *p12); + +int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, + int namelen); +int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name, + int namelen); +int PKCS12_add_friendlyname_utf8(PKCS12_SAFEBAG *bag, const char *name, + int namelen); +int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name, + int namelen); +int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, + const unsigned char *name, int namelen); +int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage); +ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs, + int attr_nid); +char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag); +const STACK_OF(X509_ATTRIBUTE) * +PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag); +unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor, + const char *pass, int passlen, + const unsigned char *in, int inlen, + unsigned char **data, int *datalen, + int en_de); +void *PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it, + const char *pass, int passlen, + const ASN1_OCTET_STRING *oct, int zbuf); +ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, + const ASN1_ITEM *it, + const char *pass, int passlen, + void *obj, int zbuf); +PKCS12 *PKCS12_init(int mode); +int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt, + int saltlen, int id, int iter, int n, + unsigned char *out, const EVP_MD *md_type); +int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, + int saltlen, int id, int iter, int n, + unsigned char *out, const EVP_MD *md_type); +int PKCS12_key_gen_utf8(const char *pass, int passlen, unsigned char *salt, + int saltlen, int id, int iter, int n, + unsigned char *out, const EVP_MD *md_type); +int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + ASN1_TYPE *param, const EVP_CIPHER *cipher, + const EVP_MD *md_type, int en_de); +int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, + unsigned char *mac, unsigned int *maclen); +int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen); +int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, + unsigned char *salt, int saltlen, int iter, + const EVP_MD *md_type); +int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, + int saltlen, const EVP_MD *md_type); +unsigned char *OPENSSL_asc2uni(const char *asc, int asclen, + unsigned char **uni, int *unilen); +char *OPENSSL_uni2asc(const unsigned char *uni, int unilen); +unsigned char *OPENSSL_utf82uni(const char *asc, int asclen, + unsigned char **uni, int *unilen); +char *OPENSSL_uni2utf8(const unsigned char *uni, int unilen); + +DECLARE_ASN1_FUNCTIONS(PKCS12) +DECLARE_ASN1_FUNCTIONS(PKCS12_MAC_DATA) +DECLARE_ASN1_FUNCTIONS(PKCS12_SAFEBAG) +DECLARE_ASN1_FUNCTIONS(PKCS12_BAGS) + +DECLARE_ASN1_ITEM(PKCS12_SAFEBAGS) +DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES) + +void PKCS12_PBE_add(void); +int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, + STACK_OF(X509) **ca); +PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey, + X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert, + int iter, int mac_iter, int keytype); + +PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert); +PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, + EVP_PKEY *key, int key_usage, int iter, + int key_nid, const char *pass); +int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags, + int safe_nid, int iter, const char *pass); +PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int p7_nid); + +int i2d_PKCS12_bio(BIO *bp, const PKCS12 *p12); +# ifndef OPENSSL_NO_STDIO +int i2d_PKCS12_fp(FILE *fp, const PKCS12 *p12); +# endif +PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12); +# ifndef OPENSSL_NO_STDIO +PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12); +# endif +int PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/linux_amd64/ssl/include/openssl/pkcs12err.h b/linux_amd64/ssl/include/openssl/pkcs12err.h new file mode 100644 index 0000000..12eac4a --- /dev/null +++ b/linux_amd64/ssl/include/openssl/pkcs12err.h @@ -0,0 +1,89 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_PKCS12ERR_H +# define OPENSSL_PKCS12ERR_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_PKCS12ERR_H +# endif + +# include +# include + + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_PKCS12_strings(void); + +/* + * PKCS12 function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define PKCS12_F_OPENSSL_ASC2UNI 0 +# define PKCS12_F_OPENSSL_UNI2ASC 0 +# define PKCS12_F_OPENSSL_UNI2UTF8 0 +# define PKCS12_F_OPENSSL_UTF82UNI 0 +# define PKCS12_F_PKCS12_CREATE 0 +# define PKCS12_F_PKCS12_GEN_MAC 0 +# define PKCS12_F_PKCS12_INIT 0 +# define PKCS12_F_PKCS12_ITEM_DECRYPT_D2I 0 +# define PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT 0 +# define PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG 0 +# define PKCS12_F_PKCS12_KEY_GEN_ASC 0 +# define PKCS12_F_PKCS12_KEY_GEN_UNI 0 +# define PKCS12_F_PKCS12_KEY_GEN_UTF8 0 +# define PKCS12_F_PKCS12_NEWPASS 0 +# define PKCS12_F_PKCS12_PACK_P7DATA 0 +# define PKCS12_F_PKCS12_PACK_P7ENCDATA 0 +# define PKCS12_F_PKCS12_PARSE 0 +# define PKCS12_F_PKCS12_PBE_CRYPT 0 +# define PKCS12_F_PKCS12_PBE_KEYIVGEN 0 +# define PKCS12_F_PKCS12_SAFEBAG_CREATE0_P8INF 0 +# define PKCS12_F_PKCS12_SAFEBAG_CREATE0_PKCS8 0 +# define PKCS12_F_PKCS12_SAFEBAG_CREATE_PKCS8_ENCRYPT 0 +# define PKCS12_F_PKCS12_SETUP_MAC 0 +# define PKCS12_F_PKCS12_SET_MAC 0 +# define PKCS12_F_PKCS12_UNPACK_AUTHSAFES 0 +# define PKCS12_F_PKCS12_UNPACK_P7DATA 0 +# define PKCS12_F_PKCS12_VERIFY_MAC 0 +# define PKCS12_F_PKCS8_ENCRYPT 0 +# define PKCS12_F_PKCS8_SET0_PBE 0 +# endif + +/* + * PKCS12 reason codes. + */ +# define PKCS12_R_CANT_PACK_STRUCTURE 100 +# define PKCS12_R_CONTENT_TYPE_NOT_DATA 121 +# define PKCS12_R_DECODE_ERROR 101 +# define PKCS12_R_ENCODE_ERROR 102 +# define PKCS12_R_ENCRYPT_ERROR 103 +# define PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE 120 +# define PKCS12_R_INVALID_NULL_ARGUMENT 104 +# define PKCS12_R_INVALID_NULL_PKCS12_POINTER 105 +# define PKCS12_R_IV_GEN_ERROR 106 +# define PKCS12_R_KEY_GEN_ERROR 107 +# define PKCS12_R_MAC_ABSENT 108 +# define PKCS12_R_MAC_GENERATION_ERROR 109 +# define PKCS12_R_MAC_SETUP_ERROR 110 +# define PKCS12_R_MAC_STRING_SET_ERROR 111 +# define PKCS12_R_MAC_VERIFY_FAILURE 113 +# define PKCS12_R_PARSE_ERROR 114 +# define PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR 115 +# define PKCS12_R_PKCS12_CIPHERFINAL_ERROR 116 +# define PKCS12_R_PKCS12_PBE_CRYPT_ERROR 117 +# define PKCS12_R_UNKNOWN_DIGEST_ALGORITHM 118 +# define PKCS12_R_UNSUPPORTED_PKCS12_MODE 119 + +#endif diff --git a/linux_amd64/ssl/include/openssl/pkcs7.h b/linux_amd64/ssl/include/openssl/pkcs7.h new file mode 100644 index 0000000..7c079a2 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/pkcs7.h @@ -0,0 +1,325 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_PKCS7_H +# define OPENSSL_PKCS7_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_PKCS7_H +# endif + +# include +# include +# include + +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/*- +Encryption_ID DES-CBC +Digest_ID MD5 +Digest_Encryption_ID rsaEncryption +Key_Encryption_ID rsaEncryption +*/ + +typedef struct pkcs7_issuer_and_serial_st { + X509_NAME *issuer; + ASN1_INTEGER *serial; +} PKCS7_ISSUER_AND_SERIAL; + +typedef struct pkcs7_signer_info_st { + ASN1_INTEGER *version; /* version 1 */ + PKCS7_ISSUER_AND_SERIAL *issuer_and_serial; + X509_ALGOR *digest_alg; + STACK_OF(X509_ATTRIBUTE) *auth_attr; /* [ 0 ] */ + X509_ALGOR *digest_enc_alg; + ASN1_OCTET_STRING *enc_digest; + STACK_OF(X509_ATTRIBUTE) *unauth_attr; /* [ 1 ] */ + /* The private key to sign with */ + EVP_PKEY *pkey; +} PKCS7_SIGNER_INFO; + +DEFINE_STACK_OF(PKCS7_SIGNER_INFO) + +typedef struct pkcs7_recip_info_st { + ASN1_INTEGER *version; /* version 0 */ + PKCS7_ISSUER_AND_SERIAL *issuer_and_serial; + X509_ALGOR *key_enc_algor; + ASN1_OCTET_STRING *enc_key; + X509 *cert; /* get the pub-key from this */ +} PKCS7_RECIP_INFO; + +DEFINE_STACK_OF(PKCS7_RECIP_INFO) + +typedef struct pkcs7_signed_st { + ASN1_INTEGER *version; /* version 1 */ + STACK_OF(X509_ALGOR) *md_algs; /* md used */ + STACK_OF(X509) *cert; /* [ 0 ] */ + STACK_OF(X509_CRL) *crl; /* [ 1 ] */ + STACK_OF(PKCS7_SIGNER_INFO) *signer_info; + struct pkcs7_st *contents; +} PKCS7_SIGNED; +/* + * The above structure is very very similar to PKCS7_SIGN_ENVELOPE. How about + * merging the two + */ + +typedef struct pkcs7_enc_content_st { + ASN1_OBJECT *content_type; + X509_ALGOR *algorithm; + ASN1_OCTET_STRING *enc_data; /* [ 0 ] */ + const EVP_CIPHER *cipher; +} PKCS7_ENC_CONTENT; + +typedef struct pkcs7_enveloped_st { + ASN1_INTEGER *version; /* version 0 */ + STACK_OF(PKCS7_RECIP_INFO) *recipientinfo; + PKCS7_ENC_CONTENT *enc_data; +} PKCS7_ENVELOPE; + +typedef struct pkcs7_signedandenveloped_st { + ASN1_INTEGER *version; /* version 1 */ + STACK_OF(X509_ALGOR) *md_algs; /* md used */ + STACK_OF(X509) *cert; /* [ 0 ] */ + STACK_OF(X509_CRL) *crl; /* [ 1 ] */ + STACK_OF(PKCS7_SIGNER_INFO) *signer_info; + PKCS7_ENC_CONTENT *enc_data; + STACK_OF(PKCS7_RECIP_INFO) *recipientinfo; +} PKCS7_SIGN_ENVELOPE; + +typedef struct pkcs7_digest_st { + ASN1_INTEGER *version; /* version 0 */ + X509_ALGOR *md; /* md used */ + struct pkcs7_st *contents; + ASN1_OCTET_STRING *digest; +} PKCS7_DIGEST; + +typedef struct pkcs7_encrypted_st { + ASN1_INTEGER *version; /* version 0 */ + PKCS7_ENC_CONTENT *enc_data; +} PKCS7_ENCRYPT; + +typedef struct pkcs7_st { + /* + * The following is non NULL if it contains ASN1 encoding of this + * structure + */ + unsigned char *asn1; + long length; +# define PKCS7_S_HEADER 0 +# define PKCS7_S_BODY 1 +# define PKCS7_S_TAIL 2 + int state; /* used during processing */ + int detached; + ASN1_OBJECT *type; + /* content as defined by the type */ + /* + * all encryption/message digests are applied to the 'contents', leaving + * out the 'type' field. + */ + union { + char *ptr; + /* NID_pkcs7_data */ + ASN1_OCTET_STRING *data; + /* NID_pkcs7_signed */ + PKCS7_SIGNED *sign; + /* NID_pkcs7_enveloped */ + PKCS7_ENVELOPE *enveloped; + /* NID_pkcs7_signedAndEnveloped */ + PKCS7_SIGN_ENVELOPE *signed_and_enveloped; + /* NID_pkcs7_digest */ + PKCS7_DIGEST *digest; + /* NID_pkcs7_encrypted */ + PKCS7_ENCRYPT *encrypted; + /* Anything else */ + ASN1_TYPE *other; + } d; +} PKCS7; + +DEFINE_STACK_OF(PKCS7) + +# define PKCS7_OP_SET_DETACHED_SIGNATURE 1 +# define PKCS7_OP_GET_DETACHED_SIGNATURE 2 + +# define PKCS7_get_signed_attributes(si) ((si)->auth_attr) +# define PKCS7_get_attributes(si) ((si)->unauth_attr) + +# define PKCS7_type_is_signed(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_signed) +# define PKCS7_type_is_encrypted(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted) +# define PKCS7_type_is_enveloped(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_enveloped) +# define PKCS7_type_is_signedAndEnveloped(a) \ + (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped) +# define PKCS7_type_is_data(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_data) +# define PKCS7_type_is_digest(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_digest) + +# define PKCS7_set_detached(p,v) \ + PKCS7_ctrl(p,PKCS7_OP_SET_DETACHED_SIGNATURE,v,NULL) +# define PKCS7_get_detached(p) \ + PKCS7_ctrl(p,PKCS7_OP_GET_DETACHED_SIGNATURE,0,NULL) + +# define PKCS7_is_detached(p7) (PKCS7_type_is_signed(p7) && PKCS7_get_detached(p7)) + +/* S/MIME related flags */ + +# define PKCS7_TEXT 0x1 +# define PKCS7_NOCERTS 0x2 +# define PKCS7_NOSIGS 0x4 +# define PKCS7_NOCHAIN 0x8 +# define PKCS7_NOINTERN 0x10 +# define PKCS7_NOVERIFY 0x20 +# define PKCS7_DETACHED 0x40 +# define PKCS7_BINARY 0x80 +# define PKCS7_NOATTR 0x100 +# define PKCS7_NOSMIMECAP 0x200 +# define PKCS7_NOOLDMIMETYPE 0x400 +# define PKCS7_CRLFEOL 0x800 +# define PKCS7_STREAM 0x1000 +# define PKCS7_NOCRL 0x2000 +# define PKCS7_PARTIAL 0x4000 +# define PKCS7_REUSE_DIGEST 0x8000 +# define PKCS7_NO_DUAL_CONTENT 0x10000 + +/* Flags: for compatibility with older code */ + +# define SMIME_TEXT PKCS7_TEXT +# define SMIME_NOCERTS PKCS7_NOCERTS +# define SMIME_NOSIGS PKCS7_NOSIGS +# define SMIME_NOCHAIN PKCS7_NOCHAIN +# define SMIME_NOINTERN PKCS7_NOINTERN +# define SMIME_NOVERIFY PKCS7_NOVERIFY +# define SMIME_DETACHED PKCS7_DETACHED +# define SMIME_BINARY PKCS7_BINARY +# define SMIME_NOATTR PKCS7_NOATTR + +/* CRLF ASCII canonicalisation */ +# define SMIME_ASCIICRLF 0x80000 + +DECLARE_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL) + +int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, + const EVP_MD *type, unsigned char *md, + unsigned int *len); +# ifndef OPENSSL_NO_STDIO +PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7); +int i2d_PKCS7_fp(FILE *fp, const PKCS7 *p7); +# endif +DECLARE_ASN1_DUP_FUNCTION(PKCS7) +PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7); +int i2d_PKCS7_bio(BIO *bp, const PKCS7 *p7); +int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *in, int flags); +int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *in, int flags); + +DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNER_INFO) +DECLARE_ASN1_FUNCTIONS(PKCS7_RECIP_INFO) +DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNED) +DECLARE_ASN1_FUNCTIONS(PKCS7_ENC_CONTENT) +DECLARE_ASN1_FUNCTIONS(PKCS7_ENVELOPE) +DECLARE_ASN1_FUNCTIONS(PKCS7_SIGN_ENVELOPE) +DECLARE_ASN1_FUNCTIONS(PKCS7_DIGEST) +DECLARE_ASN1_FUNCTIONS(PKCS7_ENCRYPT) +DECLARE_ASN1_FUNCTIONS(PKCS7) + +DECLARE_ASN1_ITEM(PKCS7_ATTR_SIGN) +DECLARE_ASN1_ITEM(PKCS7_ATTR_VERIFY) + +DECLARE_ASN1_NDEF_FUNCTION(PKCS7) +DECLARE_ASN1_PRINT_FUNCTION(PKCS7) + +long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg); + +int PKCS7_set_type(PKCS7 *p7, int type); +int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other); +int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data); +int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, + const EVP_MD *dgst); +int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si); +int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i); +int PKCS7_add_certificate(PKCS7 *p7, X509 *x509); +int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509); +int PKCS7_content_new(PKCS7 *p7, int nid); +int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, + BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si); +int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, + X509 *x509); + +BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio); +int PKCS7_dataFinal(PKCS7 *p7, BIO *bio); +BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert); + +PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, + EVP_PKEY *pkey, const EVP_MD *dgst); +X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si); +int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md); +STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7); + +PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509); +void PKCS7_SIGNER_INFO_get0_algs(PKCS7_SIGNER_INFO *si, EVP_PKEY **pk, + X509_ALGOR **pdig, X509_ALGOR **psig); +void PKCS7_RECIP_INFO_get0_alg(PKCS7_RECIP_INFO *ri, X509_ALGOR **penc); +int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri); +int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509); +int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher); +int PKCS7_stream(unsigned char ***boundary, PKCS7 *p7); + +PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx); +ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk); +int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int type, + void *data); +int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, + void *value); +ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid); +ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid); +int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si, + STACK_OF(X509_ATTRIBUTE) *sk); +int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, + STACK_OF(X509_ATTRIBUTE) *sk); + +PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, + BIO *data, int flags); + +PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, + X509 *signcert, EVP_PKEY *pkey, + const EVP_MD *md, int flags); + +int PKCS7_final(PKCS7 *p7, BIO *data, int flags); +int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, + BIO *indata, BIO *out, int flags); +STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, + int flags); +PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, + int flags); +int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, + int flags); + +int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, + STACK_OF(X509_ALGOR) *cap); +STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si); +int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg); + +int PKCS7_add_attrib_content_type(PKCS7_SIGNER_INFO *si, ASN1_OBJECT *coid); +int PKCS7_add0_attrib_signing_time(PKCS7_SIGNER_INFO *si, ASN1_TIME *t); +int PKCS7_add1_attrib_digest(PKCS7_SIGNER_INFO *si, + const unsigned char *md, int mdlen); + +int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags); +PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont); + +BIO *BIO_new_PKCS7(BIO *out, PKCS7 *p7); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/linux_amd64/ssl/include/openssl/pkcs7err.h b/linux_amd64/ssl/include/openssl/pkcs7err.h new file mode 100644 index 0000000..41735bd --- /dev/null +++ b/linux_amd64/ssl/include/openssl/pkcs7err.h @@ -0,0 +1,111 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_PKCS7ERR_H +# define OPENSSL_PKCS7ERR_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_PKCS7ERR_H +# endif + +# include +# include + + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_PKCS7_strings(void); + +/* + * PKCS7 function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define PKCS7_F_DO_PKCS7_SIGNED_ATTRIB 0 +# define PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME 0 +# define PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP 0 +# define PKCS7_F_PKCS7_ADD_CERTIFICATE 0 +# define PKCS7_F_PKCS7_ADD_CRL 0 +# define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO 0 +# define PKCS7_F_PKCS7_ADD_SIGNATURE 0 +# define PKCS7_F_PKCS7_ADD_SIGNER 0 +# define PKCS7_F_PKCS7_BIO_ADD_DIGEST 0 +# define PKCS7_F_PKCS7_COPY_EXISTING_DIGEST 0 +# define PKCS7_F_PKCS7_CTRL 0 +# define PKCS7_F_PKCS7_DATADECODE 0 +# define PKCS7_F_PKCS7_DATAFINAL 0 +# define PKCS7_F_PKCS7_DATAINIT 0 +# define PKCS7_F_PKCS7_DATAVERIFY 0 +# define PKCS7_F_PKCS7_DECRYPT 0 +# define PKCS7_F_PKCS7_DECRYPT_RINFO 0 +# define PKCS7_F_PKCS7_ENCODE_RINFO 0 +# define PKCS7_F_PKCS7_ENCRYPT 0 +# define PKCS7_F_PKCS7_FINAL 0 +# define PKCS7_F_PKCS7_FIND_DIGEST 0 +# define PKCS7_F_PKCS7_GET0_SIGNERS 0 +# define PKCS7_F_PKCS7_RECIP_INFO_SET 0 +# define PKCS7_F_PKCS7_SET_CIPHER 0 +# define PKCS7_F_PKCS7_SET_CONTENT 0 +# define PKCS7_F_PKCS7_SET_DIGEST 0 +# define PKCS7_F_PKCS7_SET_TYPE 0 +# define PKCS7_F_PKCS7_SIGN 0 +# define PKCS7_F_PKCS7_SIGNATUREVERIFY 0 +# define PKCS7_F_PKCS7_SIGNER_INFO_SET 0 +# define PKCS7_F_PKCS7_SIGNER_INFO_SIGN 0 +# define PKCS7_F_PKCS7_SIGN_ADD_SIGNER 0 +# define PKCS7_F_PKCS7_SIMPLE_SMIMECAP 0 +# define PKCS7_F_PKCS7_VERIFY 0 +# endif + +/* + * PKCS7 reason codes. + */ +# define PKCS7_R_CERTIFICATE_VERIFY_ERROR 117 +# define PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 144 +# define PKCS7_R_CIPHER_NOT_INITIALIZED 116 +# define PKCS7_R_CONTENT_AND_DATA_PRESENT 118 +# define PKCS7_R_CTRL_ERROR 152 +# define PKCS7_R_DECRYPT_ERROR 119 +# define PKCS7_R_DIGEST_FAILURE 101 +# define PKCS7_R_ENCRYPTION_CTRL_FAILURE 149 +# define PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 150 +# define PKCS7_R_ERROR_ADDING_RECIPIENT 120 +# define PKCS7_R_ERROR_SETTING_CIPHER 121 +# define PKCS7_R_INVALID_NULL_POINTER 143 +# define PKCS7_R_INVALID_SIGNED_DATA_TYPE 155 +# define PKCS7_R_NO_CONTENT 122 +# define PKCS7_R_NO_DEFAULT_DIGEST 151 +# define PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND 154 +# define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE 115 +# define PKCS7_R_NO_SIGNATURES_ON_DATA 123 +# define PKCS7_R_NO_SIGNERS 142 +# define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE 104 +# define PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR 124 +# define PKCS7_R_PKCS7_ADD_SIGNER_ERROR 153 +# define PKCS7_R_PKCS7_DATASIGN 145 +# define PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 127 +# define PKCS7_R_SIGNATURE_FAILURE 105 +# define PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND 128 +# define PKCS7_R_SIGNING_CTRL_FAILURE 147 +# define PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 148 +# define PKCS7_R_SMIME_TEXT_ERROR 129 +# define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE 106 +# define PKCS7_R_UNABLE_TO_FIND_MEM_BIO 107 +# define PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST 108 +# define PKCS7_R_UNKNOWN_DIGEST_TYPE 109 +# define PKCS7_R_UNKNOWN_OPERATION 110 +# define PKCS7_R_UNSUPPORTED_CIPHER_TYPE 111 +# define PKCS7_R_UNSUPPORTED_CONTENT_TYPE 112 +# define PKCS7_R_WRONG_CONTENT_TYPE 113 +# define PKCS7_R_WRONG_PKCS7_TYPE 114 + +#endif diff --git a/linux_amd64/ssl/include/openssl/provider.h b/linux_amd64/ssl/include/openssl/provider.h new file mode 100644 index 0000000..86dabf4 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/provider.h @@ -0,0 +1,38 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_PROVIDER_H +# define OPENSSL_PROVIDER_H + +# include + +# ifdef __cplusplus +extern "C" { +# endif + +/* Load and unload a provider */ +OSSL_PROVIDER *OSSL_PROVIDER_load(OPENSSL_CTX *, const char *name); +int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov); +int OSSL_PROVIDER_available(OPENSSL_CTX *, const char *name); + +const OSSL_PARAM *OSSL_PROVIDER_gettable_params(const OSSL_PROVIDER *prov); +int OSSL_PROVIDER_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[]); + +/* Add a built in providers */ +int OSSL_PROVIDER_add_builtin(OPENSSL_CTX *, const char *name, + OSSL_provider_init_fn *init_fn); + +/* Information */ +const char *OSSL_PROVIDER_name(const OSSL_PROVIDER *prov); + +# ifdef __cplusplus +} +# endif + +#endif diff --git a/linux_amd64/ssl/include/openssl/rand.h b/linux_amd64/ssl/include/openssl/rand.h new file mode 100644 index 0000000..574592a --- /dev/null +++ b/linux_amd64/ssl/include/openssl/rand.h @@ -0,0 +1,90 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_RAND_H +# define OPENSSL_RAND_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_RAND_H +# endif + +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +struct rand_meth_st { + int (*seed) (const void *buf, int num); + int (*bytes) (unsigned char *buf, int num); + void (*cleanup) (void); + int (*add) (const void *buf, int num, double randomness); + int (*pseudorand) (unsigned char *buf, int num); + int (*status) (void); +}; + +int RAND_set_rand_method(const RAND_METHOD *meth); +const RAND_METHOD *RAND_get_rand_method(void); +# ifndef OPENSSL_NO_ENGINE +int RAND_set_rand_engine(ENGINE *engine); +# endif + +RAND_METHOD *RAND_OpenSSL(void); + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define RAND_cleanup() while(0) continue +# endif +int RAND_bytes(unsigned char *buf, int num); +int RAND_priv_bytes(unsigned char *buf, int num); + +/* Equivalent of RAND_priv_bytes() but additionally taking an OPENSSL_CTX */ +int RAND_priv_bytes_ex(OPENSSL_CTX *ctx, unsigned char *buf, int num); + +/* Equivalent of RAND_bytes() but additionally taking an OPENSSL_CTX */ +int RAND_bytes_ex(OPENSSL_CTX *ctx, unsigned char *buf, int num); + +DEPRECATEDIN_1_1_0(int RAND_pseudo_bytes(unsigned char *buf, int num)) + +void RAND_seed(const void *buf, int num); +void RAND_keep_random_devices_open(int keep); + +# if defined(__ANDROID__) && defined(__NDK_FPABI__) +__NDK_FPABI__ /* __attribute__((pcs("aapcs"))) on ARM */ +# endif +void RAND_add(const void *buf, int num, double randomness); +int RAND_load_file(const char *file, long max_bytes); +int RAND_write_file(const char *file); +const char *RAND_file_name(char *file, size_t num); +int RAND_status(void); + +# ifndef OPENSSL_NO_EGD +int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes); +int RAND_egd(const char *path); +int RAND_egd_bytes(const char *path, int bytes); +# endif + +int RAND_poll(void); + +# if defined(_WIN32) && (defined(BASETYPES) || defined(_WINDEF_H)) +/* application has to include in order to use these */ +DEPRECATEDIN_1_1_0(void RAND_screen(void)) +DEPRECATEDIN_1_1_0(int RAND_event(UINT, WPARAM, LPARAM)) +# endif + + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/linux_amd64/ssl/include/openssl/rand_drbg.h b/linux_amd64/ssl/include/openssl/rand_drbg.h new file mode 100644 index 0000000..6d8368d --- /dev/null +++ b/linux_amd64/ssl/include/openssl/rand_drbg.h @@ -0,0 +1,161 @@ +/* + * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_RAND_DRBG_H +# define OPENSSL_RAND_DRBG_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_DRBG_RAND_H +# endif + +# include +# include +# include + +/* + * RAND_DRBG flags + * + * Note: if new flags are added, the constant `rand_drbg_used_flags` + * in drbg_lib.c needs to be updated accordingly. + */ + +/* In CTR mode, disable derivation function ctr_df */ +# define RAND_DRBG_FLAG_CTR_NO_DF 0x1 +/* + * This flag is only used when a digest NID is specified (i.e: not a CTR cipher) + * Selects DRBG_HMAC if this is set otherwise use DRBG_HASH. + */ +# define RAND_DRBG_FLAG_HMAC 0x2 + +/* Used by RAND_DRBG_set_defaults() to set the master DRBG type and flags. */ +# define RAND_DRBG_FLAG_MASTER 0x4 +/* Used by RAND_DRBG_set_defaults() to set the public DRBG type and flags. */ +# define RAND_DRBG_FLAG_PUBLIC 0x8 +/* Used by RAND_DRBG_set_defaults() to set the private DRBG type and flags. */ +# define RAND_DRBG_FLAG_PRIVATE 0x10 + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +/* This #define was replaced by an internal constant and should not be used. */ +# define RAND_DRBG_USED_FLAGS (RAND_DRBG_FLAG_CTR_NO_DF) +# endif + +/* + * Default security strength (in the sense of [NIST SP 800-90Ar1]) + * + * NIST SP 800-90Ar1 supports the strength of the DRBG being smaller than that + * of the cipher by collecting less entropy. The current DRBG implementation + * does not take RAND_DRBG_STRENGTH into account and sets the strength of the + * DRBG to that of the cipher. + * + * RAND_DRBG_STRENGTH is currently only used for the legacy RAND + * implementation. + * + * Currently supported ciphers are: NID_aes_128_ctr, NID_aes_192_ctr and + * NID_aes_256_ctr. + * The digest types for DRBG_hash or DRBG_hmac are: NID_sha1, NID_sha224, + * NID_sha256, NID_sha384, NID_sha512, NID_sha512_224, NID_sha512_256, + * NID_sha3_224, NID_sha3_256, NID_sha3_384 and NID_sha3_512. + */ +# define RAND_DRBG_STRENGTH 256 +/* Default drbg type */ +# define RAND_DRBG_TYPE NID_aes_256_ctr +/* Default drbg flags */ +# define RAND_DRBG_FLAGS 0 + + +# ifdef __cplusplus +extern "C" { +# endif + +/* + * Object lifetime functions. + */ +RAND_DRBG *RAND_DRBG_new_ex(OPENSSL_CTX *ctx, int type, unsigned int flags, + RAND_DRBG *parent); +RAND_DRBG *RAND_DRBG_secure_new_ex(OPENSSL_CTX *ctx, int type, + unsigned int flags, RAND_DRBG *parent); +RAND_DRBG *RAND_DRBG_new(int type, unsigned int flags, RAND_DRBG *parent); +RAND_DRBG *RAND_DRBG_secure_new(int type, unsigned int flags, RAND_DRBG *parent); +int RAND_DRBG_set(RAND_DRBG *drbg, int type, unsigned int flags); +int RAND_DRBG_set_defaults(int type, unsigned int flags); +int RAND_DRBG_instantiate(RAND_DRBG *drbg, + const unsigned char *pers, size_t perslen); +int RAND_DRBG_uninstantiate(RAND_DRBG *drbg); +void RAND_DRBG_free(RAND_DRBG *drbg); + +/* + * Object "use" functions. + */ +int RAND_DRBG_reseed(RAND_DRBG *drbg, + const unsigned char *adin, size_t adinlen, + int prediction_resistance); +int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen, + int prediction_resistance, + const unsigned char *adin, size_t adinlen); +int RAND_DRBG_bytes(RAND_DRBG *drbg, unsigned char *out, size_t outlen); + +int RAND_DRBG_set_reseed_interval(RAND_DRBG *drbg, unsigned int interval); +int RAND_DRBG_set_reseed_time_interval(RAND_DRBG *drbg, time_t interval); + +int RAND_DRBG_set_reseed_defaults( + unsigned int master_reseed_interval, + unsigned int slave_reseed_interval, + time_t master_reseed_time_interval, + time_t slave_reseed_time_interval + ); + +RAND_DRBG *OPENSSL_CTX_get0_master_drbg(OPENSSL_CTX *ctx); +RAND_DRBG *OPENSSL_CTX_get0_public_drbg(OPENSSL_CTX *ctx); +RAND_DRBG *OPENSSL_CTX_get0_private_drbg(OPENSSL_CTX *ctx); +RAND_DRBG *RAND_DRBG_get0_master(void); +RAND_DRBG *RAND_DRBG_get0_public(void); +RAND_DRBG *RAND_DRBG_get0_private(void); + +/* + * EXDATA + */ +# define RAND_DRBG_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RAND_DRBG, l, p, newf, dupf, freef) +int RAND_DRBG_set_ex_data(RAND_DRBG *drbg, int idx, void *arg); +void *RAND_DRBG_get_ex_data(const RAND_DRBG *drbg, int idx); + +/* + * Callback function typedefs + */ +typedef size_t (*RAND_DRBG_get_entropy_fn)(RAND_DRBG *drbg, + unsigned char **pout, + int entropy, size_t min_len, + size_t max_len, + int prediction_resistance); +typedef void (*RAND_DRBG_cleanup_entropy_fn)(RAND_DRBG *ctx, + unsigned char *out, size_t outlen); +typedef size_t (*RAND_DRBG_get_nonce_fn)(RAND_DRBG *drbg, unsigned char **pout, + int entropy, size_t min_len, + size_t max_len); +typedef void (*RAND_DRBG_cleanup_nonce_fn)(RAND_DRBG *drbg, + unsigned char *out, size_t outlen); + +int RAND_DRBG_set_callbacks(RAND_DRBG *drbg, + RAND_DRBG_get_entropy_fn get_entropy, + RAND_DRBG_cleanup_entropy_fn cleanup_entropy, + RAND_DRBG_get_nonce_fn get_nonce, + RAND_DRBG_cleanup_nonce_fn cleanup_nonce); + + +int RAND_DRBG_set_callback_data(RAND_DRBG *drbg, void *data); + +void *RAND_DRBG_get_callback_data(RAND_DRBG *drbg); + +# ifdef __cplusplus +} +# endif + +#endif diff --git a/linux_amd64/ssl/include/openssl/randerr.h b/linux_amd64/ssl/include/openssl/randerr.h new file mode 100644 index 0000000..780d268 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/randerr.h @@ -0,0 +1,107 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_RANDERR_H +# define OPENSSL_RANDERR_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_RANDERR_H +# endif + +# include +# include + + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_RAND_strings(void); + +/* + * RAND function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define RAND_F_DRBG_BYTES 0 +# define RAND_F_DRBG_CTR_INIT 0 +# define RAND_F_DRBG_GET_ENTROPY 0 +# define RAND_F_DRBG_SETUP 0 +# define RAND_F_GET_ENTROPY 0 +# define RAND_F_RAND_BYTES 0 +# define RAND_F_RAND_BYTES_EX 0 +# define RAND_F_RAND_DRBG_ENABLE_LOCKING 0 +# define RAND_F_RAND_DRBG_GENERATE 0 +# define RAND_F_RAND_DRBG_GET_ENTROPY 0 +# define RAND_F_RAND_DRBG_GET_NONCE 0 +# define RAND_F_RAND_DRBG_INSTANTIATE 0 +# define RAND_F_RAND_DRBG_NEW 0 +# define RAND_F_RAND_DRBG_RESEED 0 +# define RAND_F_RAND_DRBG_RESTART 0 +# define RAND_F_RAND_DRBG_SET 0 +# define RAND_F_RAND_DRBG_SET_DEFAULTS 0 +# define RAND_F_RAND_DRBG_UNINSTANTIATE 0 +# define RAND_F_RAND_LOAD_FILE 0 +# define RAND_F_RAND_POOL_ACQUIRE_ENTROPY 0 +# define RAND_F_RAND_POOL_ADD 0 +# define RAND_F_RAND_POOL_ADD_BEGIN 0 +# define RAND_F_RAND_POOL_ADD_END 0 +# define RAND_F_RAND_POOL_ATTACH 0 +# define RAND_F_RAND_POOL_BYTES_NEEDED 0 +# define RAND_F_RAND_POOL_GROW 0 +# define RAND_F_RAND_POOL_NEW 0 +# define RAND_F_RAND_PRIV_BYTES_EX 0 +# define RAND_F_RAND_PSEUDO_BYTES 0 +# define RAND_F_RAND_WRITE_FILE 0 +# endif + +/* + * RAND reason codes. + */ +# define RAND_R_ADDITIONAL_INPUT_TOO_LONG 102 +# define RAND_R_ALREADY_INSTANTIATED 103 +# define RAND_R_ARGUMENT_OUT_OF_RANGE 105 +# define RAND_R_CANNOT_OPEN_FILE 121 +# define RAND_R_DERIVATION_FUNCTION_MANDATORY_FOR_FIPS 137 +# define RAND_R_DRBG_ALREADY_INITIALIZED 129 +# define RAND_R_DRBG_NOT_INITIALISED 104 +# define RAND_R_ENTROPY_INPUT_TOO_LONG 106 +# define RAND_R_ENTROPY_OUT_OF_RANGE 124 +# define RAND_R_ERROR_ENTROPY_POOL_WAS_IGNORED 127 +# define RAND_R_ERROR_INITIALISING_DRBG 107 +# define RAND_R_ERROR_INSTANTIATING_DRBG 108 +# define RAND_R_ERROR_RETRIEVING_ADDITIONAL_INPUT 109 +# define RAND_R_ERROR_RETRIEVING_ENTROPY 110 +# define RAND_R_ERROR_RETRIEVING_NONCE 111 +# define RAND_R_FAILED_TO_CREATE_LOCK 126 +# define RAND_R_FUNC_NOT_IMPLEMENTED 101 +# define RAND_R_FWRITE_ERROR 123 +# define RAND_R_GENERATE_ERROR 112 +# define RAND_R_INTERNAL_ERROR 113 +# define RAND_R_IN_ERROR_STATE 114 +# define RAND_R_NOT_A_REGULAR_FILE 122 +# define RAND_R_NOT_INSTANTIATED 115 +# define RAND_R_NO_DRBG_IMPLEMENTATION_SELECTED 128 +# define RAND_R_PARENT_LOCKING_NOT_ENABLED 130 +# define RAND_R_PARENT_STRENGTH_TOO_WEAK 131 +# define RAND_R_PERSONALISATION_STRING_TOO_LONG 116 +# define RAND_R_PREDICTION_RESISTANCE_NOT_SUPPORTED 133 +# define RAND_R_PRNG_NOT_SEEDED 100 +# define RAND_R_RANDOM_POOL_OVERFLOW 125 +# define RAND_R_RANDOM_POOL_UNDERFLOW 134 +# define RAND_R_REQUEST_TOO_LARGE_FOR_DRBG 117 +# define RAND_R_RESEED_ERROR 118 +# define RAND_R_SELFTEST_FAILURE 119 +# define RAND_R_TOO_LITTLE_NONCE_REQUESTED 135 +# define RAND_R_TOO_MUCH_NONCE_REQUESTED 136 +# define RAND_R_UNSUPPORTED_DRBG_FLAGS 132 +# define RAND_R_UNSUPPORTED_DRBG_TYPE 120 + +#endif diff --git a/linux_amd64/ssl/include/openssl/rc2.h b/linux_amd64/ssl/include/openssl/rc2.h new file mode 100644 index 0000000..2c63c75 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/rc2.h @@ -0,0 +1,64 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_RC2_H +# define OPENSSL_RC2_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_RC2_H +# endif + +# include + +# ifndef OPENSSL_NO_RC2 +# ifdef __cplusplus +extern "C" { +# endif + +# define RC2_BLOCK 8 +# define RC2_KEY_LENGTH 16 + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +typedef unsigned int RC2_INT; + +# define RC2_ENCRYPT 1 +# define RC2_DECRYPT 0 + +typedef struct rc2_key_st { + RC2_INT data[64]; +} RC2_KEY; +# endif + +DEPRECATEDIN_3_0(void RC2_set_key(RC2_KEY *key, int len, + const unsigned char *data, int bits)) +DEPRECATEDIN_3_0(void RC2_ecb_encrypt(const unsigned char *in, + unsigned char *out, RC2_KEY *key, + int enc)) +DEPRECATEDIN_3_0(void RC2_encrypt(unsigned long *data, RC2_KEY *key)) +DEPRECATEDIN_3_0(void RC2_decrypt(unsigned long *data, RC2_KEY *key)) +DEPRECATEDIN_3_0(void RC2_cbc_encrypt(const unsigned char *in, + unsigned char *out, long length, + RC2_KEY *ks, unsigned char *iv, int enc)) +DEPRECATEDIN_3_0(void RC2_cfb64_encrypt(const unsigned char *in, + unsigned char *out, long length, + RC2_KEY *schedule, unsigned char *ivec, + int *num, int enc)) +DEPRECATEDIN_3_0(void RC2_ofb64_encrypt(const unsigned char *in, + unsigned char *out, long length, + RC2_KEY *schedule, unsigned char *ivec, + int *num)) + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/linux_amd64/ssl/include/openssl/rc4.h b/linux_amd64/ssl/include/openssl/rc4.h new file mode 100644 index 0000000..98ba8d8 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/rc4.h @@ -0,0 +1,45 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_RC4_H +# define OPENSSL_RC4_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_RC4_H +# endif + +# include + +# ifndef OPENSSL_NO_RC4 +# include +# ifdef __cplusplus +extern "C" { +# endif + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +typedef struct rc4_key_st { + RC4_INT x, y; + RC4_INT data[256]; +} RC4_KEY; +# endif + +DEPRECATEDIN_3_0(const char *RC4_options(void)) +DEPRECATEDIN_3_0(void RC4_set_key(RC4_KEY *key, int len, + const unsigned char *data)) +DEPRECATEDIN_3_0(void RC4(RC4_KEY *key, size_t len, const unsigned char *indata, + unsigned char *outdata)) + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/linux_amd64/ssl/include/openssl/rc5.h b/linux_amd64/ssl/include/openssl/rc5.h new file mode 100644 index 0000000..a9c06d3 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/rc5.h @@ -0,0 +1,76 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_RC5_H +# define OPENSSL_RC5_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_RC5_H +# endif + +# include + +# ifndef OPENSSL_NO_RC5 +# ifdef __cplusplus +extern "C" { +# endif + +# define RC5_32_BLOCK 8 +# define RC5_32_KEY_LENGTH 16/* This is a default, max is 255 */ + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define RC5_ENCRYPT 1 +# define RC5_DECRYPT 0 + +# define RC5_32_INT unsigned int + +/* + * This are the only values supported. Tweak the code if you want more The + * most supported modes will be RC5-32/12/16 RC5-32/16/8 + */ +# define RC5_8_ROUNDS 8 +# define RC5_12_ROUNDS 12 +# define RC5_16_ROUNDS 16 + +typedef struct rc5_key_st { + /* Number of rounds */ + int rounds; + RC5_32_INT data[2 * (RC5_16_ROUNDS + 1)]; +} RC5_32_KEY; +# endif + +DEPRECATEDIN_3_0(int RC5_32_set_key(RC5_32_KEY *key, int len, + const unsigned char *data, int rounds)) +DEPRECATEDIN_3_0(void RC5_32_ecb_encrypt(const unsigned char *in, + unsigned char *out, RC5_32_KEY *key, + int enc)) +DEPRECATEDIN_3_0(void RC5_32_encrypt(unsigned long *data, RC5_32_KEY *key)) +DEPRECATEDIN_3_0(void RC5_32_decrypt(unsigned long *data, RC5_32_KEY *key)) +DEPRECATEDIN_3_0(void RC5_32_cbc_encrypt(const unsigned char *in, + unsigned char *out, long length, + RC5_32_KEY *ks, unsigned char *iv, + int enc)) +DEPRECATEDIN_3_0(void RC5_32_cfb64_encrypt(const unsigned char *in, + unsigned char *out, long length, + RC5_32_KEY *schedule, + unsigned char *ivec, int *num, + int enc)) +DEPRECATEDIN_3_0(void RC5_32_ofb64_encrypt(const unsigned char *in, + unsigned char *out, long length, + RC5_32_KEY *schedule, + unsigned char *ivec, int *num)) + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/linux_amd64/ssl/include/openssl/ripemd.h b/linux_amd64/ssl/include/openssl/ripemd.h new file mode 100644 index 0000000..936d4e4 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/ripemd.h @@ -0,0 +1,58 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_RIPEMD_H +# define OPENSSL_RIPEMD_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_RIPEMD_H +# endif + +# include + +# ifndef OPENSSL_NO_RMD160 +# include +# include + +# define RIPEMD160_DIGEST_LENGTH 20 + +# ifdef __cplusplus +extern "C" { +# endif +# if !defined(OPENSSL_NO_DEPRECATED_3_0) + +# define RIPEMD160_LONG unsigned int + +# define RIPEMD160_CBLOCK 64 +# define RIPEMD160_LBLOCK (RIPEMD160_CBLOCK/4) + +typedef struct RIPEMD160state_st { + RIPEMD160_LONG A, B, C, D, E; + RIPEMD160_LONG Nl, Nh; + RIPEMD160_LONG data[RIPEMD160_LBLOCK]; + unsigned int num; +} RIPEMD160_CTX; +# endif + +DEPRECATEDIN_3_0(int RIPEMD160_Init(RIPEMD160_CTX *c)) +DEPRECATEDIN_3_0(int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, + size_t len)) +DEPRECATEDIN_3_0(int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c)) +DEPRECATEDIN_3_0(unsigned char *RIPEMD160(const unsigned char *d, size_t n, + unsigned char *md)) +DEPRECATEDIN_3_0(void RIPEMD160_Transform(RIPEMD160_CTX *c, + const unsigned char *b)) + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/linux_amd64/ssl/include/openssl/rsa.h b/linux_amd64/ssl/include/openssl/rsa.h new file mode 100644 index 0000000..1f0687d --- /dev/null +++ b/linux_amd64/ssl/include/openssl/rsa.h @@ -0,0 +1,553 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_RSA_H +# define OPENSSL_RSA_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_RSA_H +# endif + +# include + +# ifndef OPENSSL_NO_RSA +# include +# include +# include +# include +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# include +# endif +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +# ifndef OPENSSL_RSA_MAX_MODULUS_BITS +# define OPENSSL_RSA_MAX_MODULUS_BITS 16384 +# endif + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +/* The types RSA and RSA_METHOD are defined in ossl_typ.h */ + +# define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 1024 + +# ifndef OPENSSL_RSA_SMALL_MODULUS_BITS +# define OPENSSL_RSA_SMALL_MODULUS_BITS 3072 +# endif + +/* exponent limit enforced for "large" modulus only */ +# ifndef OPENSSL_RSA_MAX_PUBEXP_BITS +# define OPENSSL_RSA_MAX_PUBEXP_BITS 64 +# endif + +# define RSA_3 0x3L +# define RSA_F4 0x10001L + +/* based on RFC 8017 appendix A.1.2 */ +# define RSA_ASN1_VERSION_DEFAULT 0 +# define RSA_ASN1_VERSION_MULTI 1 + +# define RSA_DEFAULT_PRIME_NUM 2 +# endif /* OPENSSL_NO_DEPRECATED_3_0 */ + +/* Don't check pub/private match */ +/* TODO(3.0): deprecate this? It is exposed for sls/t1_lib.c's use */ +# define RSA_METHOD_FLAG_NO_CHECK 0x0001 + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define RSA_FLAG_CACHE_PUBLIC 0x0002 +# define RSA_FLAG_CACHE_PRIVATE 0x0004 +# define RSA_FLAG_BLINDING 0x0008 +# define RSA_FLAG_THREAD_SAFE 0x0010 +/* + * This flag means the private key operations will be handled by rsa_mod_exp + * and that they do not depend on the private key components being present: + * for example a key stored in external hardware. Without this flag + * bn_mod_exp gets called when private key components are absent. + */ +# define RSA_FLAG_EXT_PKEY 0x0020 + +/* + * new with 0.9.6j and 0.9.7b; the built-in + * RSA implementation now uses blinding by + * default (ignoring RSA_FLAG_BLINDING), + * but other engines might not need it + */ +# define RSA_FLAG_NO_BLINDING 0x0080 +# endif /* OPENSSL_NO_DEPRECATED_3_0 */ +/* + * Does nothing. Previously this switched off constant time behaviour. + */ +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define RSA_FLAG_NO_CONSTTIME 0x0000 +# endif +/* deprecated name for the flag*/ +/* + * new with 0.9.7h; the built-in RSA + * implementation now uses constant time + * modular exponentiation for secret exponents + * by default. This flag causes the + * faster variable sliding window method to + * be used for all exponents. + */ +# ifndef OPENSSL_NO_DEPRECATED_0_9_8 +# define RSA_FLAG_NO_EXP_CONSTTIME RSA_FLAG_NO_CONSTTIME +# endif + +int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int pad_mode); +int EVP_PKEY_CTX_get_rsa_padding(EVP_PKEY_CTX *ctx, int *pad_mode); + +int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int saltlen); +int EVP_PKEY_CTX_get_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int *saltlen); + +/* Salt length matches digest */ +# define RSA_PSS_SALTLEN_DIGEST -1 +/* Verify only: auto detect salt length */ +# define RSA_PSS_SALTLEN_AUTO -2 +/* Set salt length to maximum possible */ +# define RSA_PSS_SALTLEN_MAX -3 +/* Old compatible max salt length for sign only */ +# define RSA_PSS_SALTLEN_MAX_SIGN -2 + +# define EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(ctx, len) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_RSA_PSS_SALTLEN, len, NULL) + +# define EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, bits) \ + RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_RSA_KEYGEN_BITS, bits, NULL) + +# define EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp) \ + RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, 0, pubexp) + +# define EVP_PKEY_CTX_set_rsa_keygen_primes(ctx, primes) \ + RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES, primes, NULL) + +int EVP_PKEY_CTX_set_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); +int EVP_PKEY_CTX_set_rsa_mgf1_md_name(EVP_PKEY_CTX *ctx, const char *mdname, + const char *mdprops); +int EVP_PKEY_CTX_get_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD **md); +int EVP_PKEY_CTX_get_rsa_mgf1_md_name(EVP_PKEY_CTX *ctx, char *name, + size_t namelen); + +# define EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)(md)) + +int EVP_PKEY_CTX_set_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); +int EVP_PKEY_CTX_set_rsa_oaep_md_name(EVP_PKEY_CTX *ctx, const char *mdname, + const char *mdprops); +int EVP_PKEY_CTX_get_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD **md); +int EVP_PKEY_CTX_get_rsa_oaep_md_name(EVP_PKEY_CTX *ctx, char *name, + size_t namelen); +int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *ctx, void *label, int llen); +int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label); + +# define EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, \ + EVP_PKEY_OP_KEYGEN, EVP_PKEY_CTRL_MD, \ + 0, (void *)(md)) + + +# define EVP_PKEY_CTRL_RSA_PADDING (EVP_PKEY_ALG_CTRL + 1) +# define EVP_PKEY_CTRL_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 2) + +# define EVP_PKEY_CTRL_RSA_KEYGEN_BITS (EVP_PKEY_ALG_CTRL + 3) +# define EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP (EVP_PKEY_ALG_CTRL + 4) +# define EVP_PKEY_CTRL_RSA_MGF1_MD (EVP_PKEY_ALG_CTRL + 5) + +# define EVP_PKEY_CTRL_GET_RSA_PADDING (EVP_PKEY_ALG_CTRL + 6) +# define EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 7) +# define EVP_PKEY_CTRL_GET_RSA_MGF1_MD (EVP_PKEY_ALG_CTRL + 8) + +# define EVP_PKEY_CTRL_RSA_OAEP_MD (EVP_PKEY_ALG_CTRL + 9) +# define EVP_PKEY_CTRL_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 10) + +# define EVP_PKEY_CTRL_GET_RSA_OAEP_MD (EVP_PKEY_ALG_CTRL + 11) +# define EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 12) + +# define EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES (EVP_PKEY_ALG_CTRL + 13) + +# define RSA_PKCS1_PADDING 1 +# define RSA_SSLV23_PADDING 2 +# define RSA_NO_PADDING 3 +# define RSA_PKCS1_OAEP_PADDING 4 +# define RSA_X931_PADDING 5 + +/* EVP_PKEY_ only */ +# define RSA_PKCS1_PSS_PADDING 6 +# define RSA_PKCS1_WITH_TLS_PADDING 7 + +# define RSA_PKCS1_PADDING_SIZE 11 + +# define RSA_set_app_data(s,arg) RSA_set_ex_data(s,0,arg) +# define RSA_get_app_data(s) RSA_get_ex_data(s,0) + +RSA *RSA_new(void); +DEPRECATEDIN_3_0(RSA *RSA_new_method(ENGINE *engine)) +DEPRECATEDIN_3_0(int RSA_bits(const RSA *rsa)) +DEPRECATEDIN_3_0(int RSA_size(const RSA *rsa)) +DEPRECATEDIN_3_0(int RSA_security_bits(const RSA *rsa)) + +int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d); +int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q); +int RSA_set0_crt_params(RSA *r,BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp); +int RSA_set0_multi_prime_params(RSA *r, BIGNUM *primes[], BIGNUM *exps[], + BIGNUM *coeffs[], int pnum); +void RSA_get0_key(const RSA *r, + const BIGNUM **n, const BIGNUM **e, const BIGNUM **d); +void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q); +int RSA_get_multi_prime_extra_count(const RSA *r); +int RSA_get0_multi_prime_factors(const RSA *r, const BIGNUM *primes[]); +void RSA_get0_crt_params(const RSA *r, + const BIGNUM **dmp1, const BIGNUM **dmq1, + const BIGNUM **iqmp); +int RSA_get0_multi_prime_crt_params(const RSA *r, const BIGNUM *exps[], + const BIGNUM *coeffs[]); +const BIGNUM *RSA_get0_n(const RSA *d); +const BIGNUM *RSA_get0_e(const RSA *d); +const BIGNUM *RSA_get0_d(const RSA *d); +const BIGNUM *RSA_get0_p(const RSA *d); +const BIGNUM *RSA_get0_q(const RSA *d); +const BIGNUM *RSA_get0_dmp1(const RSA *r); +const BIGNUM *RSA_get0_dmq1(const RSA *r); +const BIGNUM *RSA_get0_iqmp(const RSA *r); +DEPRECATEDIN_3_0(const RSA_PSS_PARAMS *RSA_get0_pss_params(const RSA *r)) +void RSA_clear_flags(RSA *r, int flags); +int RSA_test_flags(const RSA *r, int flags); +void RSA_set_flags(RSA *r, int flags); +DEPRECATEDIN_3_0(int RSA_get_version(RSA *r)) +DEPRECATEDIN_3_0(ENGINE *RSA_get0_engine(const RSA *r)) + +/* Deprecated version */ +DEPRECATEDIN_0_9_8(RSA *RSA_generate_key(int bits, unsigned long e, void + (*callback) (int, int, void *), + void *cb_arg)) + +/* New version */ +DEPRECATEDIN_3_0(int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, + BN_GENCB *cb)) +/* Multi-prime version */ +DEPRECATEDIN_3_0(int RSA_generate_multi_prime_key(RSA *rsa, int bits, + int primes, BIGNUM *e, + BN_GENCB *cb)) + +DEPRECATEDIN_3_0(int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, + BIGNUM *q1, BIGNUM *q2, + const BIGNUM *Xp1, const BIGNUM *Xp2, + const BIGNUM *Xp, const BIGNUM *Xq1, + const BIGNUM *Xq2, const BIGNUM *Xq, + const BIGNUM *e, BN_GENCB *cb)) +DEPRECATEDIN_3_0(int RSA_X931_generate_key_ex(RSA *rsa, int bits, + const BIGNUM *e, BN_GENCB *cb)) + +DEPRECATEDIN_3_0(int RSA_check_key(const RSA *)) +DEPRECATEDIN_3_0(int RSA_check_key_ex(const RSA *, BN_GENCB *cb)) + /* next 4 return -1 on error */ +DEPRECATEDIN_3_0(int RSA_public_encrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, + int padding)) +DEPRECATEDIN_3_0(int RSA_private_encrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, + int padding)) +DEPRECATEDIN_3_0(int RSA_public_decrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, + int padding)) +DEPRECATEDIN_3_0(int RSA_private_decrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, + int padding)) +void RSA_free(RSA *r); +/* "up" the RSA object's reference count */ +int RSA_up_ref(RSA *r); + +/* TODO(3.0): deprecate this one ssl/ssl_rsa.c can be changed to avoid it */ +int RSA_flags(const RSA *r); + +DEPRECATEDIN_3_0(void RSA_set_default_method(const RSA_METHOD *meth)) +DEPRECATEDIN_3_0(const RSA_METHOD *RSA_get_default_method(void)) +DEPRECATEDIN_3_0(const RSA_METHOD *RSA_null_method(void)) +DEPRECATEDIN_3_0(const RSA_METHOD *RSA_get_method(const RSA *rsa)) +DEPRECATEDIN_3_0(int RSA_set_method(RSA *rsa, const RSA_METHOD *meth)) + +/* these are the actual RSA functions */ +DEPRECATEDIN_3_0(const RSA_METHOD *RSA_PKCS1_OpenSSL(void)) + +int RSA_pkey_ctx_ctrl(EVP_PKEY_CTX *ctx, int optype, int cmd, int p1, void *p2); + +DECLARE_ASN1_ENCODE_FUNCTIONS_name(RSA, RSAPublicKey) +DECLARE_ASN1_ENCODE_FUNCTIONS_name(RSA, RSAPrivateKey) + +struct rsa_pss_params_st { + X509_ALGOR *hashAlgorithm; + X509_ALGOR *maskGenAlgorithm; + ASN1_INTEGER *saltLength; + ASN1_INTEGER *trailerField; + /* Decoded hash algorithm from maskGenAlgorithm */ + X509_ALGOR *maskHash; +}; + +DECLARE_ASN1_FUNCTIONS(RSA_PSS_PARAMS) + +typedef struct rsa_oaep_params_st { + X509_ALGOR *hashFunc; + X509_ALGOR *maskGenFunc; + X509_ALGOR *pSourceFunc; + /* Decoded hash algorithm from maskGenFunc */ + X509_ALGOR *maskHash; +} RSA_OAEP_PARAMS; + +DECLARE_ASN1_FUNCTIONS(RSA_OAEP_PARAMS) + +# ifndef OPENSSL_NO_STDIO +DEPRECATEDIN_3_0(int RSA_print_fp(FILE *fp, const RSA *r, int offset)) +# endif + +DEPRECATEDIN_3_0(int RSA_print(BIO *bp, const RSA *r, int offset)) + +/* + * The following 2 functions sign and verify a X509_SIG ASN1 object inside + * PKCS#1 padded RSA encryption + */ +DEPRECATEDIN_3_0(int RSA_sign(int type, const unsigned char *m, + unsigned int m_length, unsigned char *sigret, + unsigned int *siglen, RSA *rsa)) +DEPRECATEDIN_3_0(int RSA_verify(int type, const unsigned char *m, + unsigned int m_length, + const unsigned char *sigbuf, + unsigned int siglen, RSA *rsa)) + +/* + * The following 2 function sign and verify a ASN1_OCTET_STRING object inside + * PKCS#1 padded RSA encryption + */ +DEPRECATEDIN_3_0(int RSA_sign_ASN1_OCTET_STRING(int type, + const unsigned char *m, + unsigned int m_length, + unsigned char *sigret, + unsigned int *siglen, RSA *rsa)) +DEPRECATEDIN_3_0(int RSA_verify_ASN1_OCTET_STRING(int type, + const unsigned char *m, + unsigned int m_length, + unsigned char *sigbuf, + unsigned int siglen, + RSA *rsa)) + +/* TODO(3.0): figure out how to deprecate these two */ +int RSA_blinding_on(RSA *rsa, BN_CTX *ctx); +void RSA_blinding_off(RSA *rsa); +DEPRECATEDIN_3_0(BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *ctx)) + +DEPRECATEDIN_3_0(int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen, + const unsigned char *f, + int fl)) +DEPRECATEDIN_3_0(int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen, + const unsigned char *f, + int fl, int rsa_len)) +DEPRECATEDIN_3_0(int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen, + const unsigned char *f, + int fl)) +DEPRECATEDIN_3_0(int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, + const unsigned char *f, + int fl, int rsa_len)) +DEPRECATEDIN_3_0(int PKCS1_MGF1(unsigned char *mask, long len, + const unsigned char *seed, long seedlen, + const EVP_MD *dgst)) +DEPRECATEDIN_3_0(int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, + const unsigned char *f, int fl, + const unsigned char *p, int pl)) +DEPRECATEDIN_3_0(int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, + const unsigned char *f, + int fl, int rsa_len, + const unsigned char *p, + int pl)) +DEPRECATEDIN_3_0(int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, + int tlen, + const unsigned char *from, + int flen, + const unsigned char *param, + int plen, + const EVP_MD *md, + const EVP_MD *mgf1md)) +DEPRECATEDIN_3_0(int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, + int tlen, + const unsigned char *from, + int flen, int num, + const unsigned char *param, + int plen, const EVP_MD *md, + const EVP_MD *mgf1md)) +DEPRECATEDIN_3_0(int RSA_padding_add_SSLv23(unsigned char *to, int tlen, + const unsigned char *f, int fl)) +DEPRECATEDIN_3_0(int RSA_padding_check_SSLv23(unsigned char *to, int tlen, + const unsigned char *f, int fl, + int rsa_len)) +DEPRECATEDIN_3_0(int RSA_padding_add_none(unsigned char *to, int tlen, + const unsigned char *f, int fl)) +DEPRECATEDIN_3_0(int RSA_padding_check_none(unsigned char *to, int tlen, + const unsigned char *f, int fl, + int rsa_len)) +DEPRECATEDIN_3_0(int RSA_padding_add_X931(unsigned char *to, int tlen, + const unsigned char *f, int fl)) +DEPRECATEDIN_3_0(int RSA_padding_check_X931(unsigned char *to, int tlen, + const unsigned char *f, int fl, + int rsa_len)) +DEPRECATEDIN_3_0(int RSA_X931_hash_id(int nid)) + +DEPRECATEDIN_3_0(int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash, + const EVP_MD *Hash, + const unsigned char *EM, int sLen)) +DEPRECATEDIN_3_0(int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM, + const unsigned char *mHash, + const EVP_MD *Hash, int sLen)) + +DEPRECATEDIN_3_0(int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, + const unsigned char *mHash, + const EVP_MD *Hash, + const EVP_MD *mgf1Hash, + const unsigned char *EM, + int sLen)) + +DEPRECATEDIN_3_0(int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, + unsigned char *EM, + const unsigned char *mHash, + const EVP_MD *Hash, + const EVP_MD *mgf1Hash, + int sLen)) + +# define RSA_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, l, p, newf, dupf, freef) +DEPRECATEDIN_3_0(int RSA_set_ex_data(RSA *r, int idx, void *arg)) +DEPRECATEDIN_3_0(void *RSA_get_ex_data(const RSA *r, int idx)) + +DECLARE_ASN1_DUP_FUNCTION_name(RSA, RSAPublicKey) +DECLARE_ASN1_DUP_FUNCTION_name(RSA, RSAPrivateKey) + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +/* + * If this flag is set the RSA method is FIPS compliant and can be used in + * FIPS mode. This is set in the validated module method. If an application + * sets this flag in its own methods it is its responsibility to ensure the + * result is compliant. + */ + +# define RSA_FLAG_FIPS_METHOD 0x0400 + +/* + * If this flag is set the operations normally disabled in FIPS mode are + * permitted it is then the applications responsibility to ensure that the + * usage is compliant. + */ + +# define RSA_FLAG_NON_FIPS_ALLOW 0x0400 +/* + * Application has decided PRNG is good enough to generate a key: don't + * check. + */ +# define RSA_FLAG_CHECKED 0x0800 +# endif /* OPENSSL_NO_DEPRECATED_3_0 */ + +DEPRECATEDIN_3_0(RSA_METHOD *RSA_meth_new(const char *name, int flags)) +DEPRECATEDIN_3_0(void RSA_meth_free(RSA_METHOD *meth)) +DEPRECATEDIN_3_0(RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth)) +DEPRECATEDIN_3_0(const char *RSA_meth_get0_name(const RSA_METHOD *meth)) +DEPRECATEDIN_3_0(int RSA_meth_set1_name(RSA_METHOD *meth, const char *name)) +DEPRECATEDIN_3_0(int RSA_meth_get_flags(const RSA_METHOD *meth)) +DEPRECATEDIN_3_0(int RSA_meth_set_flags(RSA_METHOD *meth, int flags)) +DEPRECATEDIN_3_0(void *RSA_meth_get0_app_data(const RSA_METHOD *meth)) +DEPRECATEDIN_3_0(int RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data)) +DEPRECATEDIN_3_0(int (*RSA_meth_get_pub_enc(const RSA_METHOD *meth)) + (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding)) +DEPRECATEDIN_3_0(int RSA_meth_set_pub_enc(RSA_METHOD *rsa, + int (*pub_enc) (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, + int padding))) +DEPRECATEDIN_3_0(int (*RSA_meth_get_pub_dec(const RSA_METHOD *meth)) + (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding)) +DEPRECATEDIN_3_0(int RSA_meth_set_pub_dec(RSA_METHOD *rsa, + int (*pub_dec) (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, + int padding))) +DEPRECATEDIN_3_0(int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth)) + (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding)) +DEPRECATEDIN_3_0(int RSA_meth_set_priv_enc(RSA_METHOD *rsa, + int (*priv_enc) (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, + int padding))) +DEPRECATEDIN_3_0(int (*RSA_meth_get_priv_dec(const RSA_METHOD *meth)) + (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding)) +DEPRECATEDIN_3_0(int RSA_meth_set_priv_dec(RSA_METHOD *rsa, + int (*priv_dec) (int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, + int padding))) +DEPRECATEDIN_3_0(int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth)) + (BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx)) +DEPRECATEDIN_3_0(int RSA_meth_set_mod_exp(RSA_METHOD *rsa, + int (*mod_exp) (BIGNUM *r0, const BIGNUM *i, RSA *rsa, + BN_CTX *ctx))) +DEPRECATEDIN_3_0(int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth)) + (BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)) +DEPRECATEDIN_3_0(int RSA_meth_set_bn_mod_exp(RSA_METHOD *rsa, + int (*bn_mod_exp) (BIGNUM *r, + const BIGNUM *a, + const BIGNUM *p, + const BIGNUM *m, + BN_CTX *ctx, + BN_MONT_CTX *m_ctx))) +DEPRECATEDIN_3_0(int (*RSA_meth_get_init(const RSA_METHOD *meth)) (RSA *rsa)) +DEPRECATEDIN_3_0(int RSA_meth_set_init(RSA_METHOD *rsa, int (*init) (RSA *rsa))) +DEPRECATEDIN_3_0(int (*RSA_meth_get_finish(const RSA_METHOD *meth)) (RSA *rsa)) +DEPRECATEDIN_3_0(int RSA_meth_set_finish(RSA_METHOD *rsa, + int (*finish) (RSA *rsa))) +DEPRECATEDIN_3_0(int (*RSA_meth_get_sign(const RSA_METHOD *meth)) + (int type, + const unsigned char *m, unsigned int m_length, + unsigned char *sigret, unsigned int *siglen, + const RSA *rsa)) +DEPRECATEDIN_3_0(int RSA_meth_set_sign(RSA_METHOD *rsa, + int (*sign) (int type, const unsigned char *m, + unsigned int m_length, + unsigned char *sigret, unsigned int *siglen, + const RSA *rsa))) +DEPRECATEDIN_3_0(int (*RSA_meth_get_verify(const RSA_METHOD *meth)) + (int dtype, const unsigned char *m, + unsigned int m_length, const unsigned char *sigbuf, + unsigned int siglen, const RSA *rsa)) +DEPRECATEDIN_3_0(int RSA_meth_set_verify(RSA_METHOD *rsa, + int (*verify) (int dtype, const unsigned char *m, + unsigned int m_length, + const unsigned char *sigbuf, + unsigned int siglen, const RSA *rsa))) +DEPRECATEDIN_3_0(int (*RSA_meth_get_keygen(const RSA_METHOD *meth)) + (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)) +DEPRECATEDIN_3_0(int RSA_meth_set_keygen(RSA_METHOD *rsa, + int (*keygen) (RSA *rsa, int bits, BIGNUM *e, + BN_GENCB *cb))) +DEPRECATEDIN_3_0(int (*RSA_meth_get_multi_prime_keygen(const RSA_METHOD *meth)) + (RSA *rsa, int bits, int primes, BIGNUM *e, BN_GENCB *cb)) +DEPRECATEDIN_3_0(int RSA_meth_set_multi_prime_keygen(RSA_METHOD *meth, + int (*keygen) (RSA *rsa, int bits, + int primes, BIGNUM *e, + BN_GENCB *cb))) + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/linux_amd64/ssl/include/openssl/rsaerr.h b/linux_amd64/ssl/include/openssl/rsaerr.h new file mode 100644 index 0000000..ef72bc7 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/rsaerr.h @@ -0,0 +1,187 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_RSAERR_H +# define OPENSSL_RSAERR_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_RSAERR_H +# endif + +# include +# include + + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_RSA_strings(void); + +/* + * RSA function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define RSA_F_CHECK_PADDING_MD 0 +# define RSA_F_ENCODE_PKCS1 0 +# define RSA_F_INT_RSA_VERIFY 0 +# define RSA_F_OLD_RSA_PRIV_DECODE 0 +# define RSA_F_PKEY_PSS_INIT 0 +# define RSA_F_PKEY_RSA_CTRL 0 +# define RSA_F_PKEY_RSA_CTRL_STR 0 +# define RSA_F_PKEY_RSA_SIGN 0 +# define RSA_F_PKEY_RSA_VERIFY 0 +# define RSA_F_PKEY_RSA_VERIFYRECOVER 0 +# define RSA_F_RSA_ALGOR_TO_MD 0 +# define RSA_F_RSA_BUILTIN_KEYGEN 0 +# define RSA_F_RSA_CHECK_KEY 0 +# define RSA_F_RSA_CHECK_KEY_EX 0 +# define RSA_F_RSA_CMS_DECRYPT 0 +# define RSA_F_RSA_CMS_VERIFY 0 +# define RSA_F_RSA_FIPS186_4_GEN_PROB_PRIMES 0 +# define RSA_F_RSA_ITEM_VERIFY 0 +# define RSA_F_RSA_METH_DUP 0 +# define RSA_F_RSA_METH_NEW 0 +# define RSA_F_RSA_METH_SET1_NAME 0 +# define RSA_F_RSA_MGF1_TO_MD 0 +# define RSA_F_RSA_MULTIP_INFO_NEW 0 +# define RSA_F_RSA_NEW_METHOD 0 +# define RSA_F_RSA_NULL 0 +# define RSA_F_RSA_NULL_PRIVATE_DECRYPT 0 +# define RSA_F_RSA_NULL_PRIVATE_ENCRYPT 0 +# define RSA_F_RSA_NULL_PUBLIC_DECRYPT 0 +# define RSA_F_RSA_NULL_PUBLIC_ENCRYPT 0 +# define RSA_F_RSA_OSSL_PRIVATE_DECRYPT 0 +# define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT 0 +# define RSA_F_RSA_OSSL_PUBLIC_DECRYPT 0 +# define RSA_F_RSA_OSSL_PUBLIC_ENCRYPT 0 +# define RSA_F_RSA_PADDING_ADD_NONE 0 +# define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 0 +# define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1 0 +# define RSA_F_RSA_PADDING_ADD_PKCS1_PSS 0 +# define RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1 0 +# define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 0 +# define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 0 +# define RSA_F_RSA_PADDING_ADD_SSLV23 0 +# define RSA_F_RSA_PADDING_ADD_X931 0 +# define RSA_F_RSA_PADDING_CHECK_NONE 0 +# define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP 0 +# define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1 0 +# define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 0 +# define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 0 +# define RSA_F_RSA_PADDING_CHECK_SSLV23 0 +# define RSA_F_RSA_PADDING_CHECK_X931 0 +# define RSA_F_RSA_PARAM_DECODE 0 +# define RSA_F_RSA_PRINT 0 +# define RSA_F_RSA_PRINT_FP 0 +# define RSA_F_RSA_PRIV_DECODE 0 +# define RSA_F_RSA_PRIV_ENCODE 0 +# define RSA_F_RSA_PSS_GET_PARAM 0 +# define RSA_F_RSA_PSS_TO_CTX 0 +# define RSA_F_RSA_PUB_DECODE 0 +# define RSA_F_RSA_SETUP_BLINDING 0 +# define RSA_F_RSA_SIGN 0 +# define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 0 +# define RSA_F_RSA_SP800_56B_CHECK_KEYPAIR 0 +# define RSA_F_RSA_SP800_56B_CHECK_PUBLIC 0 +# define RSA_F_RSA_SP800_56B_PAIRWISE_TEST 0 +# define RSA_F_RSA_SP800_56B_VALIDATE_STRENGTH 0 +# define RSA_F_RSA_VERIFY 0 +# define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 0 +# define RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1 0 +# define RSA_F_SETUP_TBUF 0 +# endif + +/* + * RSA reason codes. + */ +# define RSA_R_ALGORITHM_MISMATCH 100 +# define RSA_R_BAD_E_VALUE 101 +# define RSA_R_BAD_FIXED_HEADER_DECRYPT 102 +# define RSA_R_BAD_PAD_BYTE_COUNT 103 +# define RSA_R_BAD_SIGNATURE 104 +# define RSA_R_BLOCK_TYPE_IS_NOT_01 106 +# define RSA_R_BLOCK_TYPE_IS_NOT_02 107 +# define RSA_R_DATA_GREATER_THAN_MOD_LEN 108 +# define RSA_R_DATA_TOO_LARGE 109 +# define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 110 +# define RSA_R_DATA_TOO_LARGE_FOR_MODULUS 132 +# define RSA_R_DATA_TOO_SMALL 111 +# define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE 122 +# define RSA_R_DIGEST_DOES_NOT_MATCH 158 +# define RSA_R_DIGEST_NOT_ALLOWED 145 +# define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 112 +# define RSA_R_DMP1_NOT_CONGRUENT_TO_D 124 +# define RSA_R_DMQ1_NOT_CONGRUENT_TO_D 125 +# define RSA_R_D_E_NOT_CONGRUENT_TO_1 123 +# define RSA_R_FIRST_OCTET_INVALID 133 +# define RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE 144 +# define RSA_R_INVALID_DIGEST 157 +# define RSA_R_INVALID_DIGEST_LENGTH 143 +# define RSA_R_INVALID_HEADER 137 +# define RSA_R_INVALID_KEYPAIR 171 +# define RSA_R_INVALID_KEY_LENGTH 173 +# define RSA_R_INVALID_LABEL 160 +# define RSA_R_INVALID_MESSAGE_LENGTH 131 +# define RSA_R_INVALID_MGF1_MD 156 +# define RSA_R_INVALID_MODULUS 174 +# define RSA_R_INVALID_MULTI_PRIME_KEY 167 +# define RSA_R_INVALID_OAEP_PARAMETERS 161 +# define RSA_R_INVALID_PADDING 138 +# define RSA_R_INVALID_PADDING_MODE 141 +# define RSA_R_INVALID_PSS_PARAMETERS 149 +# define RSA_R_INVALID_PSS_SALTLEN 146 +# define RSA_R_INVALID_REQUEST 175 +# define RSA_R_INVALID_SALT_LENGTH 150 +# define RSA_R_INVALID_STRENGTH 176 +# define RSA_R_INVALID_TRAILER 139 +# define RSA_R_INVALID_X931_DIGEST 142 +# define RSA_R_IQMP_NOT_INVERSE_OF_Q 126 +# define RSA_R_KEY_PRIME_NUM_INVALID 165 +# define RSA_R_KEY_SIZE_TOO_SMALL 120 +# define RSA_R_LAST_OCTET_INVALID 134 +# define RSA_R_MGF1_DIGEST_NOT_ALLOWED 152 +# define RSA_R_MISSING_PRIVATE_KEY 179 +# define RSA_R_MODULUS_TOO_LARGE 105 +# define RSA_R_MP_COEFFICIENT_NOT_INVERSE_OF_R 168 +# define RSA_R_MP_EXPONENT_NOT_CONGRUENT_TO_D 169 +# define RSA_R_MP_R_NOT_PRIME 170 +# define RSA_R_NO_PUBLIC_EXPONENT 140 +# define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 +# define RSA_R_N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES 172 +# define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 +# define RSA_R_OAEP_DECODING_ERROR 121 +# define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 +# define RSA_R_PADDING_CHECK_FAILED 114 +# define RSA_R_PAIRWISE_TEST_FAILURE 177 +# define RSA_R_PKCS_DECODING_ERROR 159 +# define RSA_R_PSS_SALTLEN_TOO_SMALL 164 +# define RSA_R_PUB_EXPONENT_OUT_OF_RANGE 178 +# define RSA_R_P_NOT_PRIME 128 +# define RSA_R_Q_NOT_PRIME 129 +# define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130 +# define RSA_R_SLEN_CHECK_FAILED 136 +# define RSA_R_SLEN_RECOVERY_FAILED 135 +# define RSA_R_SSLV3_ROLLBACK_ATTACK 115 +# define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116 +# define RSA_R_UNKNOWN_ALGORITHM_TYPE 117 +# define RSA_R_UNKNOWN_DIGEST 166 +# define RSA_R_UNKNOWN_MASK_DIGEST 151 +# define RSA_R_UNKNOWN_PADDING_TYPE 118 +# define RSA_R_UNSUPPORTED_ENCRYPTION_TYPE 162 +# define RSA_R_UNSUPPORTED_LABEL_SOURCE 163 +# define RSA_R_UNSUPPORTED_MASK_ALGORITHM 153 +# define RSA_R_UNSUPPORTED_MASK_PARAMETER 154 +# define RSA_R_UNSUPPORTED_SIGNATURE_TYPE 155 +# define RSA_R_VALUE_MISSING 147 +# define RSA_R_WRONG_SIGNATURE_LENGTH 119 + +#endif diff --git a/linux_amd64/ssl/include/openssl/safestack.h b/linux_amd64/ssl/include/openssl/safestack.h new file mode 100644 index 0000000..b8de23c --- /dev/null +++ b/linux_amd64/ssl/include/openssl/safestack.h @@ -0,0 +1,213 @@ +/* + * Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_SAFESTACK_H +# define OPENSSL_SAFESTACK_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_SAFESTACK_H +# endif + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# define STACK_OF(type) struct stack_st_##type + +# define SKM_DEFINE_STACK_OF(t1, t2, t3) \ + STACK_OF(t1); \ + typedef int (*sk_##t1##_compfunc)(const t3 * const *a, const t3 *const *b); \ + typedef void (*sk_##t1##_freefunc)(t3 *a); \ + typedef t3 * (*sk_##t1##_copyfunc)(const t3 *a); \ + static ossl_unused ossl_inline int sk_##t1##_num(const STACK_OF(t1) *sk) \ + { \ + return OPENSSL_sk_num((const OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline t2 *sk_##t1##_value(const STACK_OF(t1) *sk, int idx) \ + { \ + return (t2 *)OPENSSL_sk_value((const OPENSSL_STACK *)sk, idx); \ + } \ + static ossl_unused ossl_inline STACK_OF(t1) *sk_##t1##_new(sk_##t1##_compfunc compare) \ + { \ + return (STACK_OF(t1) *)OPENSSL_sk_new((OPENSSL_sk_compfunc)compare); \ + } \ + static ossl_unused ossl_inline STACK_OF(t1) *sk_##t1##_new_null(void) \ + { \ + return (STACK_OF(t1) *)OPENSSL_sk_new_null(); \ + } \ + static ossl_unused ossl_inline STACK_OF(t1) *sk_##t1##_new_reserve(sk_##t1##_compfunc compare, int n) \ + { \ + return (STACK_OF(t1) *)OPENSSL_sk_new_reserve((OPENSSL_sk_compfunc)compare, n); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_reserve(STACK_OF(t1) *sk, int n) \ + { \ + return OPENSSL_sk_reserve((OPENSSL_STACK *)sk, n); \ + } \ + static ossl_unused ossl_inline void sk_##t1##_free(STACK_OF(t1) *sk) \ + { \ + OPENSSL_sk_free((OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline void sk_##t1##_zero(STACK_OF(t1) *sk) \ + { \ + OPENSSL_sk_zero((OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline t2 *sk_##t1##_delete(STACK_OF(t1) *sk, int i) \ + { \ + return (t2 *)OPENSSL_sk_delete((OPENSSL_STACK *)sk, i); \ + } \ + static ossl_unused ossl_inline t2 *sk_##t1##_delete_ptr(STACK_OF(t1) *sk, t2 *ptr) \ + { \ + return (t2 *)OPENSSL_sk_delete_ptr((OPENSSL_STACK *)sk, \ + (const void *)ptr); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_push(STACK_OF(t1) *sk, t2 *ptr) \ + { \ + return OPENSSL_sk_push((OPENSSL_STACK *)sk, (const void *)ptr); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_unshift(STACK_OF(t1) *sk, t2 *ptr) \ + { \ + return OPENSSL_sk_unshift((OPENSSL_STACK *)sk, (const void *)ptr); \ + } \ + static ossl_unused ossl_inline t2 *sk_##t1##_pop(STACK_OF(t1) *sk) \ + { \ + return (t2 *)OPENSSL_sk_pop((OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline t2 *sk_##t1##_shift(STACK_OF(t1) *sk) \ + { \ + return (t2 *)OPENSSL_sk_shift((OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline void sk_##t1##_pop_free(STACK_OF(t1) *sk, sk_##t1##_freefunc freefunc) \ + { \ + OPENSSL_sk_pop_free((OPENSSL_STACK *)sk, (OPENSSL_sk_freefunc)freefunc); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_insert(STACK_OF(t1) *sk, t2 *ptr, int idx) \ + { \ + return OPENSSL_sk_insert((OPENSSL_STACK *)sk, (const void *)ptr, idx); \ + } \ + static ossl_unused ossl_inline t2 *sk_##t1##_set(STACK_OF(t1) *sk, int idx, t2 *ptr) \ + { \ + return (t2 *)OPENSSL_sk_set((OPENSSL_STACK *)sk, idx, (const void *)ptr); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_find(STACK_OF(t1) *sk, t2 *ptr) \ + { \ + return OPENSSL_sk_find((OPENSSL_STACK *)sk, (const void *)ptr); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_find_ex(STACK_OF(t1) *sk, t2 *ptr) \ + { \ + return OPENSSL_sk_find_ex((OPENSSL_STACK *)sk, (const void *)ptr); \ + } \ + static ossl_unused ossl_inline void sk_##t1##_sort(STACK_OF(t1) *sk) \ + { \ + OPENSSL_sk_sort((OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline int sk_##t1##_is_sorted(const STACK_OF(t1) *sk) \ + { \ + return OPENSSL_sk_is_sorted((const OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline STACK_OF(t1) * sk_##t1##_dup(const STACK_OF(t1) *sk) \ + { \ + return (STACK_OF(t1) *)OPENSSL_sk_dup((const OPENSSL_STACK *)sk); \ + } \ + static ossl_unused ossl_inline STACK_OF(t1) *sk_##t1##_deep_copy(const STACK_OF(t1) *sk, \ + sk_##t1##_copyfunc copyfunc, \ + sk_##t1##_freefunc freefunc) \ + { \ + return (STACK_OF(t1) *)OPENSSL_sk_deep_copy((const OPENSSL_STACK *)sk, \ + (OPENSSL_sk_copyfunc)copyfunc, \ + (OPENSSL_sk_freefunc)freefunc); \ + } \ + static ossl_unused ossl_inline sk_##t1##_compfunc sk_##t1##_set_cmp_func(STACK_OF(t1) *sk, sk_##t1##_compfunc compare) \ + { \ + return (sk_##t1##_compfunc)OPENSSL_sk_set_cmp_func((OPENSSL_STACK *)sk, (OPENSSL_sk_compfunc)compare); \ + } + +# define DEFINE_SPECIAL_STACK_OF(t1, t2) SKM_DEFINE_STACK_OF(t1, t2, t2) +# define DEFINE_STACK_OF(t) SKM_DEFINE_STACK_OF(t, t, t) +# define DEFINE_SPECIAL_STACK_OF_CONST(t1, t2) \ + SKM_DEFINE_STACK_OF(t1, const t2, t2) +# define DEFINE_STACK_OF_CONST(t) SKM_DEFINE_STACK_OF(t, const t, t) + +/*- + * Strings are special: normally an lhash entry will point to a single + * (somewhat) mutable object. In the case of strings: + * + * a) Instead of a single char, there is an array of chars, NUL-terminated. + * b) The string may have be immutable. + * + * So, they need their own declarations. Especially important for + * type-checking tools, such as Deputy. + * + * In practice, however, it appears to be hard to have a const + * string. For now, I'm settling for dealing with the fact it is a + * string at all. + */ +typedef char *OPENSSL_STRING; +typedef const char *OPENSSL_CSTRING; + +/*- + * Confusingly, LHASH_OF(STRING) deals with char ** throughout, but + * STACK_OF(STRING) is really more like STACK_OF(char), only, as mentioned + * above, instead of a single char each entry is a NUL-terminated array of + * chars. So, we have to implement STRING specially for STACK_OF. This is + * dealt with in the autogenerated macros below. + */ +DEFINE_SPECIAL_STACK_OF(OPENSSL_STRING, char) +DEFINE_SPECIAL_STACK_OF_CONST(OPENSSL_CSTRING, char) + +/* + * Similarly, we sometimes use a block of characters, NOT nul-terminated. + * These should also be distinguished from "normal" stacks. + */ +typedef void *OPENSSL_BLOCK; +DEFINE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) + +/* + * If called without higher optimization (min. -xO3) the Oracle Developer + * Studio compiler generates code for the defined (static inline) functions + * above. + * This would later lead to the linker complaining about missing symbols when + * this header file is included but the resulting object is not linked against + * the Crypto library (openssl#6912). + */ +# ifdef __SUNPRO_C +# pragma weak OPENSSL_sk_num +# pragma weak OPENSSL_sk_value +# pragma weak OPENSSL_sk_new +# pragma weak OPENSSL_sk_new_null +# pragma weak OPENSSL_sk_new_reserve +# pragma weak OPENSSL_sk_reserve +# pragma weak OPENSSL_sk_free +# pragma weak OPENSSL_sk_zero +# pragma weak OPENSSL_sk_delete +# pragma weak OPENSSL_sk_delete_ptr +# pragma weak OPENSSL_sk_push +# pragma weak OPENSSL_sk_unshift +# pragma weak OPENSSL_sk_pop +# pragma weak OPENSSL_sk_shift +# pragma weak OPENSSL_sk_pop_free +# pragma weak OPENSSL_sk_insert +# pragma weak OPENSSL_sk_set +# pragma weak OPENSSL_sk_find +# pragma weak OPENSSL_sk_find_ex +# pragma weak OPENSSL_sk_sort +# pragma weak OPENSSL_sk_is_sorted +# pragma weak OPENSSL_sk_dup +# pragma weak OPENSSL_sk_deep_copy +# pragma weak OPENSSL_sk_set_cmp_func +# endif /* __SUNPRO_C */ + +# ifdef __cplusplus +} +# endif +#endif diff --git a/linux_amd64/ssl/include/openssl/seed.h b/linux_amd64/ssl/include/openssl/seed.h new file mode 100644 index 0000000..2e1ba2a --- /dev/null +++ b/linux_amd64/ssl/include/openssl/seed.h @@ -0,0 +1,110 @@ +/* + * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * Copyright (c) 2007 KISA(Korea Information Security Agency). All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Neither the name of author nor the names of its contributors may + * be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef OPENSSL_SEED_H +# define OPENSSL_SEED_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_SEED_H +# endif + +# include + +# ifndef OPENSSL_NO_SEED +# include +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +# define SEED_BLOCK_SIZE 16 +# define SEED_KEY_LENGTH 16 + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +/* look whether we need 'long' to get 32 bits */ +# ifdef AES_LONG +# ifndef SEED_LONG +# define SEED_LONG 1 +# endif +# endif + + +typedef struct seed_key_st { +# ifdef SEED_LONG + unsigned long data[32]; +# else + unsigned int data[32]; +# endif +} SEED_KEY_SCHEDULE; +# endif /* OPENSSL_NO_DEPRECATED_3_0 */ + +DEPRECATEDIN_3_0(void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], + SEED_KEY_SCHEDULE *ks)) + +DEPRECATEDIN_3_0(void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE], + unsigned char d[SEED_BLOCK_SIZE], + const SEED_KEY_SCHEDULE *ks)) +DEPRECATEDIN_3_0(void SEED_decrypt(const unsigned char s[SEED_BLOCK_SIZE], + unsigned char d[SEED_BLOCK_SIZE], + const SEED_KEY_SCHEDULE *ks)) + +DEPRECATEDIN_3_0(void SEED_ecb_encrypt(const unsigned char *in, + unsigned char *out, + const SEED_KEY_SCHEDULE *ks, int enc)) +DEPRECATEDIN_3_0(void SEED_cbc_encrypt(const unsigned char *in, + unsigned char *out, size_t len, + const SEED_KEY_SCHEDULE *ks, + unsigned char ivec[SEED_BLOCK_SIZE], + int enc)) +DEPRECATEDIN_3_0(void SEED_cfb128_encrypt(const unsigned char *in, + unsigned char *out, size_t len, + const SEED_KEY_SCHEDULE *ks, + unsigned char ivec[SEED_BLOCK_SIZE], + int *num, int enc)) +DEPRECATEDIN_3_0(void SEED_ofb128_encrypt(const unsigned char *in, + unsigned char *out, size_t len, + const SEED_KEY_SCHEDULE *ks, + unsigned char ivec[SEED_BLOCK_SIZE], + int *num)) + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/linux_amd64/ssl/include/openssl/self_test.h b/linux_amd64/ssl/include/openssl/self_test.h new file mode 100644 index 0000000..31dd6bd --- /dev/null +++ b/linux_amd64/ssl/include/openssl/self_test.h @@ -0,0 +1,68 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_SELF_TEST_H +# define OPENSSL_SELF_TEST_H + +# include /* OSSL_CALLBACK */ + +# ifdef __cplusplus +extern "C" { +# endif + +/* The test event phases */ +# define OSSL_SELF_TEST_PHASE_NONE "None" +# define OSSL_SELF_TEST_PHASE_START "Start" +# define OSSL_SELF_TEST_PHASE_CORRUPT "Corrupt" +# define OSSL_SELF_TEST_PHASE_PASS "Pass" +# define OSSL_SELF_TEST_PHASE_FAIL "Fail" + +/* Test event categories */ +# define OSSL_SELF_TEST_TYPE_NONE "None" +# define OSSL_SELF_TEST_TYPE_MODULE_INTEGRITY "Module_Integrity" +# define OSSL_SELF_TEST_TYPE_INSTALL_INTEGRITY "Install_Integrity" +# define OSSL_SELF_TEST_TYPE_PCT "Pairwise_Consistency_Test" +# define OSSL_SELF_TEST_TYPE_KAT_CIPHER "KAT_Cipher" +# define OSSL_SELF_TEST_TYPE_KAT_DIGEST "KAT_Digest" +# define OSSL_SELF_TEST_TYPE_KAT_SIGNATURE "KAT_Signature" +# define OSSL_SELF_TEST_TYPE_KAT_KDF "KAT_KDF" +# define OSSL_SELF_TEST_TYPE_KAT_KA "KAT_KA" +# define OSSL_SELF_TEST_TYPE_DRBG "DRBG" + +/* Test event sub categories */ +# define OSSL_SELF_TEST_DESC_NONE "None" +# define OSSL_SELF_TEST_DESC_INTEGRITY_HMAC "HMAC" +# define OSSL_SELF_TEST_DESC_PCT_RSA_PKCS1 "RSA" +# define OSSL_SELF_TEST_DESC_PCT_ECDSA "ECDSA" +# define OSSL_SELF_TEST_DESC_PCT_DSA "DSA" +# define OSSL_SELF_TEST_DESC_CIPHER_AES_GCM "AES_GCM" +# define OSSL_SELF_TEST_DESC_CIPHER_TDES "TDES" +# define OSSL_SELF_TEST_DESC_MD_SHA1 "SHA1" +# define OSSL_SELF_TEST_DESC_MD_SHA2 "SHA2" +# define OSSL_SELF_TEST_DESC_MD_SHA3 "SHA3" +# define OSSL_SELF_TEST_DESC_SIGN_DSA "DSA" +# define OSSL_SELF_TEST_DESC_SIGN_RSA "RSA" +# define OSSL_SELF_TEST_DESC_SIGN_ECDSA "ECDSA" +# define OSSL_SELF_TEST_DESC_DRBG_CTR "CTR" +# define OSSL_SELF_TEST_DESC_DRBG_HASH "HASH" +# define OSSL_SELF_TEST_DESC_DRBG_HMAC "HMAC" +# define OSSL_SELF_TEST_DESC_KA_ECDH "ECDH" +# define OSSL_SELF_TEST_DESC_KA_ECDSA "ECDSA" +# define OSSL_SELF_TEST_DESC_KDF_HKDF "HKDF" + +# ifdef __cplusplus +} +# endif + +void OSSL_SELF_TEST_set_callback(OPENSSL_CTX *libctx, OSSL_CALLBACK *cb, + void *cbarg); +void OSSL_SELF_TEST_get_callback(OPENSSL_CTX *libctx, OSSL_CALLBACK **cb, + void **cbarg); + +#endif /* OPENSSL_SELF_TEST_H */ diff --git a/linux_amd64/ssl/include/openssl/serializer.h b/linux_amd64/ssl/include/openssl/serializer.h new file mode 100644 index 0000000..ceeeffb --- /dev/null +++ b/linux_amd64/ssl/include/openssl/serializer.h @@ -0,0 +1,104 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_SERIALIZER_H +# define OPENSSL_SERIALIZER_H +# pragma once + +# include + +# ifndef OPENSSL_NO_STDIO +# include +# endif +# include +# include +# include +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +OSSL_SERIALIZER *OSSL_SERIALIZER_fetch(OPENSSL_CTX *libctx, + const char *name, + const char *properties); +int OSSL_SERIALIZER_up_ref(OSSL_SERIALIZER *ser); +void OSSL_SERIALIZER_free(OSSL_SERIALIZER *ser); + +const OSSL_PROVIDER *OSSL_SERIALIZER_provider(const OSSL_SERIALIZER *ser); +const char *OSSL_SERIALIZER_properties(const OSSL_SERIALIZER *ser); +int OSSL_SERIALIZER_number(const OSSL_SERIALIZER *ser); +int OSSL_SERIALIZER_is_a(const OSSL_SERIALIZER *ser, + const char *name); + +void OSSL_SERIALIZER_do_all_provided(OPENSSL_CTX *libctx, + void (*fn)(OSSL_SERIALIZER *ser, + void *arg), + void *arg); +void OSSL_SERIALIZER_names_do_all(const OSSL_SERIALIZER *ser, + void (*fn)(const char *name, void *data), + void *data); + +const OSSL_PARAM *OSSL_SERIALIZER_settable_ctx_params(OSSL_SERIALIZER *ser); +OSSL_SERIALIZER_CTX *OSSL_SERIALIZER_CTX_new(OSSL_SERIALIZER *ser); +const OSSL_SERIALIZER * +OSSL_SERIALIZER_CTX_get_serializer(OSSL_SERIALIZER_CTX *ctx); +int OSSL_SERIALIZER_CTX_set_params(OSSL_SERIALIZER_CTX *ctx, + const OSSL_PARAM params[]); +void OSSL_SERIALIZER_CTX_free(OSSL_SERIALIZER_CTX *ctx); + +/* Utilities that help set specific parameters */ +int OSSL_SERIALIZER_CTX_set_cipher(OSSL_SERIALIZER_CTX *ctx, + const char *cipher_name, + const char *propquery); +int OSSL_SERIALIZER_CTX_set_passphrase(OSSL_SERIALIZER_CTX *ctx, + const unsigned char *kstr, + size_t klen); +int OSSL_SERIALIZER_CTX_set_passphrase_cb(OSSL_SERIALIZER_CTX *ctx, int enc, + pem_password_cb *cb, void *cbarg); +int OSSL_SERIALIZER_CTX_set_passphrase_ui(OSSL_SERIALIZER_CTX *ctx, + const UI_METHOD *ui_method, + void *ui_data); + +/* Utilities to output the object to serialize */ +int OSSL_SERIALIZER_to_bio(OSSL_SERIALIZER_CTX *ctx, BIO *out); +#ifndef OPENSSL_NO_STDIO +int OSSL_SERIALIZER_to_fp(OSSL_SERIALIZER_CTX *ctx, FILE *fp); +#endif + +/* + * Create the OSSL_SERIALIZER_CTX with an associated type. This will perform + * an implicit OSSL_SERIALIZER_fetch(), suitable for the object of that type. + * This is more useful than calling OSSL_SERIALIZER_CTX_new(). + */ +OSSL_SERIALIZER_CTX *OSSL_SERIALIZER_CTX_new_by_EVP_PKEY(const EVP_PKEY *pkey, + const char *propquery); + +/* + * These macros define the last argument to pass to + * OSSL_SERIALIZER_CTX_new_by_TYPE(). + */ +# define OSSL_SERIALIZER_PUBKEY_TO_PEM_PQ "format=pem,type=public" +# define OSSL_SERIALIZER_PrivateKey_TO_PEM_PQ "format=pem,type=private" +# define OSSL_SERIALIZER_Parameters_TO_PEM_PQ "format=pem,type=parameters" + +# define OSSL_SERIALIZER_PUBKEY_TO_DER_PQ "format=der,type=public" +# define OSSL_SERIALIZER_PrivateKey_TO_DER_PQ "format=der,type=private" +# define OSSL_SERIALIZER_Parameters_TO_DER_PQ "format=der,type=parameters" + +/* Corresponding macros for text output */ +# define OSSL_SERIALIZER_PUBKEY_TO_TEXT_PQ "format=text,type=public" +# define OSSL_SERIALIZER_PrivateKey_TO_TEXT_PQ "format=text,type=private" +# define OSSL_SERIALIZER_Parameters_TO_TEXT_PQ "format=text,type=parameters" + +# ifdef __cplusplus +} +# endif +#endif diff --git a/linux_amd64/ssl/include/openssl/serializererr.h b/linux_amd64/ssl/include/openssl/serializererr.h new file mode 100644 index 0000000..4eff9de --- /dev/null +++ b/linux_amd64/ssl/include/openssl/serializererr.h @@ -0,0 +1,34 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_OSSL_SERIALIZERERR_H +# define OPENSSL_OSSL_SERIALIZERERR_H + +# include +# include + + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_OSSL_SERIALIZER_strings(void); + +/* + * OSSL_SERIALIZER function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# endif + +/* + * OSSL_SERIALIZER reason codes. + */ +# define OSSL_SERIALIZER_R_INCORRECT_PROPERTY_QUERY 100 + +#endif diff --git a/linux_amd64/ssl/include/openssl/sha.h b/linux_amd64/ssl/include/openssl/sha.h new file mode 100644 index 0000000..3a31bb6 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/sha.h @@ -0,0 +1,122 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_SHA_H +# define OPENSSL_SHA_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_SHA_H +# endif + +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +/*- + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + * ! SHA_LONG has to be at least 32 bits wide. ! + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + */ +# define SHA_LONG unsigned int + +# define SHA_LBLOCK 16 +# define SHA_CBLOCK (SHA_LBLOCK*4)/* SHA treats input data as a + * contiguous array of 32 bit wide + * big-endian values. */ +# define SHA_LAST_BLOCK (SHA_CBLOCK-8) +# define SHA_DIGEST_LENGTH 20 + +typedef struct SHAstate_st { + SHA_LONG h0, h1, h2, h3, h4; + SHA_LONG Nl, Nh; + SHA_LONG data[SHA_LBLOCK]; + unsigned int num; +} SHA_CTX; + +int SHA1_Init(SHA_CTX *c); +int SHA1_Update(SHA_CTX *c, const void *data, size_t len); +int SHA1_Final(unsigned char *md, SHA_CTX *c); +unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md); +void SHA1_Transform(SHA_CTX *c, const unsigned char *data); + +# define SHA256_CBLOCK (SHA_LBLOCK*4)/* SHA-256 treats input data as a + * contiguous array of 32 bit wide + * big-endian values. */ + +typedef struct SHA256state_st { + SHA_LONG h[8]; + SHA_LONG Nl, Nh; + SHA_LONG data[SHA_LBLOCK]; + unsigned int num, md_len; +} SHA256_CTX; + +int SHA224_Init(SHA256_CTX *c); +int SHA224_Update(SHA256_CTX *c, const void *data, size_t len); +int SHA224_Final(unsigned char *md, SHA256_CTX *c); +unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md); +int SHA256_Init(SHA256_CTX *c); +int SHA256_Update(SHA256_CTX *c, const void *data, size_t len); +int SHA256_Final(unsigned char *md, SHA256_CTX *c); +unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md); +void SHA256_Transform(SHA256_CTX *c, const unsigned char *data); + +# define SHA224_DIGEST_LENGTH 28 +# define SHA256_DIGEST_LENGTH 32 +# define SHA384_DIGEST_LENGTH 48 +# define SHA512_DIGEST_LENGTH 64 + +/* + * Unlike 32-bit digest algorithms, SHA-512 *relies* on SHA_LONG64 + * being exactly 64-bit wide. See Implementation Notes in sha512.c + * for further details. + */ +/* + * SHA-512 treats input data as a + * contiguous array of 64 bit + * wide big-endian values. + */ +# define SHA512_CBLOCK (SHA_LBLOCK*8) +# if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) +# define SHA_LONG64 unsigned __int64 +# elif defined(__arch64__) +# define SHA_LONG64 unsigned long +# else +# define SHA_LONG64 unsigned long long +# endif + +typedef struct SHA512state_st { + SHA_LONG64 h[8]; + SHA_LONG64 Nl, Nh; + union { + SHA_LONG64 d[SHA_LBLOCK]; + unsigned char p[SHA512_CBLOCK]; + } u; + unsigned int num, md_len; +} SHA512_CTX; + +int SHA384_Init(SHA512_CTX *c); +int SHA384_Update(SHA512_CTX *c, const void *data, size_t len); +int SHA384_Final(unsigned char *md, SHA512_CTX *c); +unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md); +int SHA512_Init(SHA512_CTX *c); +int SHA512_Update(SHA512_CTX *c, const void *data, size_t len); +int SHA512_Final(unsigned char *md, SHA512_CTX *c); +unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md); +void SHA512_Transform(SHA512_CTX *c, const unsigned char *data); + +# ifdef __cplusplus +} +# endif + +#endif diff --git a/linux_amd64/ssl/include/openssl/srp.h b/linux_amd64/ssl/include/openssl/srp.h new file mode 100644 index 0000000..9f6f1b8 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/srp.h @@ -0,0 +1,147 @@ +/* + * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2004, EdelKey Project. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + * + * Originally written by Christophe Renou and Peter Sylvester, + * for the EdelKey project. + */ + +#ifndef OPENSSL_SRP_H +# define OPENSSL_SRP_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_SRP_H +# endif + +#include + +#ifndef OPENSSL_NO_SRP +# include +# include +# include +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +typedef struct SRP_gN_cache_st { + char *b64_bn; + BIGNUM *bn; +} SRP_gN_cache; + + +DEFINE_STACK_OF(SRP_gN_cache) + +typedef struct SRP_user_pwd_st { + /* Owned by us. */ + char *id; + BIGNUM *s; + BIGNUM *v; + /* Not owned by us. */ + const BIGNUM *g; + const BIGNUM *N; + /* Owned by us. */ + char *info; +} SRP_user_pwd; + +SRP_user_pwd *SRP_user_pwd_new(void); +void SRP_user_pwd_free(SRP_user_pwd *user_pwd); + +void SRP_user_pwd_set_gN(SRP_user_pwd *user_pwd, const BIGNUM *g, const BIGNUM *N); +int SRP_user_pwd_set1_ids(SRP_user_pwd *user_pwd, const char *id, const char *info); +int SRP_user_pwd_set0_sv(SRP_user_pwd *user_pwd, BIGNUM *s, BIGNUM *v); + +DEFINE_STACK_OF(SRP_user_pwd) + +typedef struct SRP_VBASE_st { + STACK_OF(SRP_user_pwd) *users_pwd; + STACK_OF(SRP_gN_cache) *gN_cache; +/* to simulate a user */ + char *seed_key; + const BIGNUM *default_g; + const BIGNUM *default_N; +} SRP_VBASE; + +/* + * Internal structure storing N and g pair + */ +typedef struct SRP_gN_st { + char *id; + const BIGNUM *g; + const BIGNUM *N; +} SRP_gN; + +DEFINE_STACK_OF(SRP_gN) + +SRP_VBASE *SRP_VBASE_new(char *seed_key); +void SRP_VBASE_free(SRP_VBASE *vb); +int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file); + +int SRP_VBASE_add0_user(SRP_VBASE *vb, SRP_user_pwd *user_pwd); +/* This method ignores the configured seed and fails for an unknown user. */ +DEPRECATEDIN_1_1_0(SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username)) +/* NOTE: unlike in SRP_VBASE_get_by_user, caller owns the returned pointer.*/ +SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username); + +char *SRP_create_verifier(const char *user, const char *pass, char **salt, + char **verifier, const char *N, const char *g); +int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, + BIGNUM **verifier, const BIGNUM *N, + const BIGNUM *g); + +# define SRP_NO_ERROR 0 +# define SRP_ERR_VBASE_INCOMPLETE_FILE 1 +# define SRP_ERR_VBASE_BN_LIB 2 +# define SRP_ERR_OPEN_FILE 3 +# define SRP_ERR_MEMORY 4 + +# define DB_srptype 0 +# define DB_srpverifier 1 +# define DB_srpsalt 2 +# define DB_srpid 3 +# define DB_srpgN 4 +# define DB_srpinfo 5 +# undef DB_NUMBER +# define DB_NUMBER 6 + +# define DB_SRP_INDEX 'I' +# define DB_SRP_VALID 'V' +# define DB_SRP_REVOKED 'R' +# define DB_SRP_MODIF 'v' + +/* see srp.c */ +char *SRP_check_known_gN_param(const BIGNUM *g, const BIGNUM *N); +SRP_gN *SRP_get_default_gN(const char *id); + +/* server side .... */ +BIGNUM *SRP_Calc_server_key(const BIGNUM *A, const BIGNUM *v, const BIGNUM *u, + const BIGNUM *b, const BIGNUM *N); +BIGNUM *SRP_Calc_B(const BIGNUM *b, const BIGNUM *N, const BIGNUM *g, + const BIGNUM *v); +int SRP_Verify_A_mod_N(const BIGNUM *A, const BIGNUM *N); +BIGNUM *SRP_Calc_u(const BIGNUM *A, const BIGNUM *B, const BIGNUM *N); + +/* client side .... */ +BIGNUM *SRP_Calc_x(const BIGNUM *s, const char *user, const char *pass); +BIGNUM *SRP_Calc_A(const BIGNUM *a, const BIGNUM *N, const BIGNUM *g); +BIGNUM *SRP_Calc_client_key(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g, + const BIGNUM *x, const BIGNUM *a, const BIGNUM *u); +int SRP_Verify_B_mod_N(const BIGNUM *B, const BIGNUM *N); + +# define SRP_MINIMAL_N 1024 + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/linux_amd64/ssl/include/openssl/srtp.h b/linux_amd64/ssl/include/openssl/srtp.h new file mode 100644 index 0000000..d64606e --- /dev/null +++ b/linux_amd64/ssl/include/openssl/srtp.h @@ -0,0 +1,56 @@ +/* + * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * DTLS code by Eric Rescorla + * + * Copyright (C) 2006, Network Resonance, Inc. Copyright (C) 2011, RTFM, Inc. + */ + +#ifndef OPENSSL_SRTP_H +# define OPENSSL_SRTP_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_D1_SRTP_H +# endif + +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# define SRTP_AES128_CM_SHA1_80 0x0001 +# define SRTP_AES128_CM_SHA1_32 0x0002 +# define SRTP_AES128_F8_SHA1_80 0x0003 +# define SRTP_AES128_F8_SHA1_32 0x0004 +# define SRTP_NULL_SHA1_80 0x0005 +# define SRTP_NULL_SHA1_32 0x0006 + +/* AEAD SRTP protection profiles from RFC 7714 */ +# define SRTP_AEAD_AES_128_GCM 0x0007 +# define SRTP_AEAD_AES_256_GCM 0x0008 + +# ifndef OPENSSL_NO_SRTP + +__owur int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles); +__owur int SSL_set_tlsext_use_srtp(SSL *ssl, const char *profiles); + +__owur STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl); +__owur SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s); + +# endif + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/linux_amd64/ssl/include/openssl/ssl.h b/linux_amd64/ssl/include/openssl/ssl.h new file mode 100644 index 0000000..c1b6b8e --- /dev/null +++ b/linux_amd64/ssl/include/openssl/ssl.h @@ -0,0 +1,2482 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * Copyright 2005 Nokia. All rights reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_SSL_H +# define OPENSSL_SSL_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_SSL_H +# endif + +# include +# include +# include +# include +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# include +# include +# include +# endif +# include +# include +# include +# include + +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* OpenSSL version number for ASN.1 encoding of the session information */ +/*- + * Version 0 - initial version + * Version 1 - added the optional peer certificate + */ +# define SSL_SESSION_ASN1_VERSION 0x0001 + +# define SSL_MAX_SSL_SESSION_ID_LENGTH 32 +# define SSL_MAX_SID_CTX_LENGTH 32 + +# define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES (512/8) +# define SSL_MAX_KEY_ARG_LENGTH 8 +# define SSL_MAX_MASTER_KEY_LENGTH 48 + +/* The maximum number of encrypt/decrypt pipelines we can support */ +# define SSL_MAX_PIPELINES 32 + +/* text strings for the ciphers */ + +/* These are used to specify which ciphers to use and not to use */ + +# define SSL_TXT_LOW "LOW" +# define SSL_TXT_MEDIUM "MEDIUM" +# define SSL_TXT_HIGH "HIGH" +# define SSL_TXT_FIPS "FIPS" + +# define SSL_TXT_aNULL "aNULL" +# define SSL_TXT_eNULL "eNULL" +# define SSL_TXT_NULL "NULL" + +# define SSL_TXT_kRSA "kRSA" +# define SSL_TXT_kDHr "kDHr"/* this cipher class has been removed */ +# define SSL_TXT_kDHd "kDHd"/* this cipher class has been removed */ +# define SSL_TXT_kDH "kDH"/* this cipher class has been removed */ +# define SSL_TXT_kEDH "kEDH"/* alias for kDHE */ +# define SSL_TXT_kDHE "kDHE" +# define SSL_TXT_kECDHr "kECDHr"/* this cipher class has been removed */ +# define SSL_TXT_kECDHe "kECDHe"/* this cipher class has been removed */ +# define SSL_TXT_kECDH "kECDH"/* this cipher class has been removed */ +# define SSL_TXT_kEECDH "kEECDH"/* alias for kECDHE */ +# define SSL_TXT_kECDHE "kECDHE" +# define SSL_TXT_kPSK "kPSK" +# define SSL_TXT_kRSAPSK "kRSAPSK" +# define SSL_TXT_kECDHEPSK "kECDHEPSK" +# define SSL_TXT_kDHEPSK "kDHEPSK" +# define SSL_TXT_kGOST "kGOST" +# define SSL_TXT_kSRP "kSRP" + +# define SSL_TXT_aRSA "aRSA" +# define SSL_TXT_aDSS "aDSS" +# define SSL_TXT_aDH "aDH"/* this cipher class has been removed */ +# define SSL_TXT_aECDH "aECDH"/* this cipher class has been removed */ +# define SSL_TXT_aECDSA "aECDSA" +# define SSL_TXT_aPSK "aPSK" +# define SSL_TXT_aGOST94 "aGOST94" +# define SSL_TXT_aGOST01 "aGOST01" +# define SSL_TXT_aGOST12 "aGOST12" +# define SSL_TXT_aGOST "aGOST" +# define SSL_TXT_aSRP "aSRP" + +# define SSL_TXT_DSS "DSS" +# define SSL_TXT_DH "DH" +# define SSL_TXT_DHE "DHE"/* same as "kDHE:-ADH" */ +# define SSL_TXT_EDH "EDH"/* alias for DHE */ +# define SSL_TXT_ADH "ADH" +# define SSL_TXT_RSA "RSA" +# define SSL_TXT_ECDH "ECDH" +# define SSL_TXT_EECDH "EECDH"/* alias for ECDHE" */ +# define SSL_TXT_ECDHE "ECDHE"/* same as "kECDHE:-AECDH" */ +# define SSL_TXT_AECDH "AECDH" +# define SSL_TXT_ECDSA "ECDSA" +# define SSL_TXT_PSK "PSK" +# define SSL_TXT_SRP "SRP" + +# define SSL_TXT_DES "DES" +# define SSL_TXT_3DES "3DES" +# define SSL_TXT_RC4 "RC4" +# define SSL_TXT_RC2 "RC2" +# define SSL_TXT_IDEA "IDEA" +# define SSL_TXT_SEED "SEED" +# define SSL_TXT_AES128 "AES128" +# define SSL_TXT_AES256 "AES256" +# define SSL_TXT_AES "AES" +# define SSL_TXT_AES_GCM "AESGCM" +# define SSL_TXT_AES_CCM "AESCCM" +# define SSL_TXT_AES_CCM_8 "AESCCM8" +# define SSL_TXT_CAMELLIA128 "CAMELLIA128" +# define SSL_TXT_CAMELLIA256 "CAMELLIA256" +# define SSL_TXT_CAMELLIA "CAMELLIA" +# define SSL_TXT_CHACHA20 "CHACHA20" +# define SSL_TXT_GOST "GOST89" +# define SSL_TXT_ARIA "ARIA" +# define SSL_TXT_ARIA_GCM "ARIAGCM" +# define SSL_TXT_ARIA128 "ARIA128" +# define SSL_TXT_ARIA256 "ARIA256" + +# define SSL_TXT_MD5 "MD5" +# define SSL_TXT_SHA1 "SHA1" +# define SSL_TXT_SHA "SHA"/* same as "SHA1" */ +# define SSL_TXT_GOST94 "GOST94" +# define SSL_TXT_GOST89MAC "GOST89MAC" +# define SSL_TXT_GOST12 "GOST12" +# define SSL_TXT_GOST89MAC12 "GOST89MAC12" +# define SSL_TXT_SHA256 "SHA256" +# define SSL_TXT_SHA384 "SHA384" + +# define SSL_TXT_SSLV3 "SSLv3" +# define SSL_TXT_TLSV1 "TLSv1" +# define SSL_TXT_TLSV1_1 "TLSv1.1" +# define SSL_TXT_TLSV1_2 "TLSv1.2" + +# define SSL_TXT_ALL "ALL" + +/*- + * COMPLEMENTOF* definitions. These identifiers are used to (de-select) + * ciphers normally not being used. + * Example: "RC4" will activate all ciphers using RC4 including ciphers + * without authentication, which would normally disabled by DEFAULT (due + * the "!ADH" being part of default). Therefore "RC4:!COMPLEMENTOFDEFAULT" + * will make sure that it is also disabled in the specific selection. + * COMPLEMENTOF* identifiers are portable between version, as adjustments + * to the default cipher setup will also be included here. + * + * COMPLEMENTOFDEFAULT does not experience the same special treatment that + * DEFAULT gets, as only selection is being done and no sorting as needed + * for DEFAULT. + */ +# define SSL_TXT_CMPALL "COMPLEMENTOFALL" +# define SSL_TXT_CMPDEF "COMPLEMENTOFDEFAULT" + +/* + * The following cipher list is used by default. It also is substituted when + * an application-defined cipher list string starts with 'DEFAULT'. + * This applies to ciphersuites for TLSv1.2 and below. + * DEPRECATED IN 3.0.0, in favor of OSSL_default_cipher_list() + * Update both macro and function simultaneously + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL" +/* + * This is the default set of TLSv1.3 ciphersuites + * DEPRECATED IN 3.0.0, in favor of OSSL_default_ciphersuites() + * Update both macro and function simultaneously + */ +# if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) +# define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \ + "TLS_CHACHA20_POLY1305_SHA256:" \ + "TLS_AES_128_GCM_SHA256" +# else +# define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \ + "TLS_AES_128_GCM_SHA256" +# endif +# endif +/* + * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always + * starts with a reasonable order, and all we have to do for DEFAULT is + * throwing out anonymous and unencrypted ciphersuites! (The latter are not + * actually enabled by ALL, but "ALL:RSA" would enable some of them.) + */ + +/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ +# define SSL_SENT_SHUTDOWN 1 +# define SSL_RECEIVED_SHUTDOWN 2 + +#ifdef __cplusplus +} +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +# define SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1 +# define SSL_FILETYPE_PEM X509_FILETYPE_PEM + +/* + * This is needed to stop compilers complaining about the 'struct ssl_st *' + * function parameters used to prototype callbacks in SSL_CTX. + */ +typedef struct ssl_st *ssl_crock_st; +typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT; +typedef struct ssl_method_st SSL_METHOD; +typedef struct ssl_cipher_st SSL_CIPHER; +typedef struct ssl_session_st SSL_SESSION; +typedef struct tls_sigalgs_st TLS_SIGALGS; +typedef struct ssl_conf_ctx_st SSL_CONF_CTX; +typedef struct ssl_comp_st SSL_COMP; + +STACK_OF(SSL_CIPHER); +STACK_OF(SSL_COMP); + +/* SRTP protection profiles for use with the use_srtp extension (RFC 5764)*/ +typedef struct srtp_protection_profile_st { + const char *name; + unsigned long id; +} SRTP_PROTECTION_PROFILE; + +DEFINE_STACK_OF(SRTP_PROTECTION_PROFILE) + +typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data, + int len, void *arg); +typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, + STACK_OF(SSL_CIPHER) *peer_ciphers, + const SSL_CIPHER **cipher, void *arg); + +/* Extension context codes */ +/* This extension is only allowed in TLS */ +#define SSL_EXT_TLS_ONLY 0x0001 +/* This extension is only allowed in DTLS */ +#define SSL_EXT_DTLS_ONLY 0x0002 +/* Some extensions may be allowed in DTLS but we don't implement them for it */ +#define SSL_EXT_TLS_IMPLEMENTATION_ONLY 0x0004 +/* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */ +#define SSL_EXT_SSL3_ALLOWED 0x0008 +/* Extension is only defined for TLS1.2 and below */ +#define SSL_EXT_TLS1_2_AND_BELOW_ONLY 0x0010 +/* Extension is only defined for TLS1.3 and above */ +#define SSL_EXT_TLS1_3_ONLY 0x0020 +/* Ignore this extension during parsing if we are resuming */ +#define SSL_EXT_IGNORE_ON_RESUMPTION 0x0040 +#define SSL_EXT_CLIENT_HELLO 0x0080 +/* Really means TLS1.2 or below */ +#define SSL_EXT_TLS1_2_SERVER_HELLO 0x0100 +#define SSL_EXT_TLS1_3_SERVER_HELLO 0x0200 +#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS 0x0400 +#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST 0x0800 +#define SSL_EXT_TLS1_3_CERTIFICATE 0x1000 +#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET 0x2000 +#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST 0x4000 + +/* Typedefs for handling custom extensions */ + +typedef int (*custom_ext_add_cb)(SSL *s, unsigned int ext_type, + const unsigned char **out, size_t *outlen, + int *al, void *add_arg); + +typedef void (*custom_ext_free_cb)(SSL *s, unsigned int ext_type, + const unsigned char *out, void *add_arg); + +typedef int (*custom_ext_parse_cb)(SSL *s, unsigned int ext_type, + const unsigned char *in, size_t inlen, + int *al, void *parse_arg); + + +typedef int (*SSL_custom_ext_add_cb_ex)(SSL *s, unsigned int ext_type, + unsigned int context, + const unsigned char **out, + size_t *outlen, X509 *x, + size_t chainidx, + int *al, void *add_arg); + +typedef void (*SSL_custom_ext_free_cb_ex)(SSL *s, unsigned int ext_type, + unsigned int context, + const unsigned char *out, + void *add_arg); + +typedef int (*SSL_custom_ext_parse_cb_ex)(SSL *s, unsigned int ext_type, + unsigned int context, + const unsigned char *in, + size_t inlen, X509 *x, + size_t chainidx, + int *al, void *parse_arg); + +/* Typedef for verification callback */ +typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx); + +/* Typedef for SSL async callback */ +typedef int (*SSL_async_callback_fn)(SSL *s, void *arg); + +/* + * Some values are reserved until OpenSSL 3.0.0 because they were previously + * included in SSL_OP_ALL in a 1.1.x release. + */ + +/* Disable Extended master secret */ +# define SSL_OP_NO_EXTENDED_MASTER_SECRET 0x00000001U + +/* Reserved value (until OpenSSL 3.0.0) 0x00000002U */ + +/* Allow initial connection to servers that don't support RI */ +# define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004U + +/* Reserved value (until OpenSSL 3.0.0) 0x00000008U */ +# define SSL_OP_TLSEXT_PADDING 0x00000010U +/* Reserved value (until OpenSSL 3.0.0) 0x00000020U */ +# define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040U +/* + * Reserved value (until OpenSSL 3.0.0) 0x00000080U + * Reserved value (until OpenSSL 3.0.0) 0x00000100U + * Reserved value (until OpenSSL 3.0.0) 0x00000200U + */ + +/* In TLSv1.3 allow a non-(ec)dhe based kex_mode */ +# define SSL_OP_ALLOW_NO_DHE_KEX 0x00000400U + +/* + * Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added in + * OpenSSL 0.9.6d. Usually (depending on the application protocol) the + * workaround is not needed. Unfortunately some broken SSL/TLS + * implementations cannot handle it at all, which is why we include it in + * SSL_OP_ALL. Added in 0.9.6e + */ +# define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800U + +/* DTLS options */ +# define SSL_OP_NO_QUERY_MTU 0x00001000U +/* Turn on Cookie Exchange (on relevant for servers) */ +# define SSL_OP_COOKIE_EXCHANGE 0x00002000U +/* Don't use RFC4507 ticket extension */ +# define SSL_OP_NO_TICKET 0x00004000U +# ifndef OPENSSL_NO_DTLS1_METHOD +/* Use Cisco's "speshul" version of DTLS_BAD_VER + * (only with deprecated DTLSv1_client_method()) */ +# define SSL_OP_CISCO_ANYCONNECT 0x00008000U +# endif + +/* As server, disallow session resumption on renegotiation */ +# define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000U +/* Don't use compression even if supported */ +# define SSL_OP_NO_COMPRESSION 0x00020000U +/* Permit unsafe legacy renegotiation */ +# define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000U +/* Disable encrypt-then-mac */ +# define SSL_OP_NO_ENCRYPT_THEN_MAC 0x00080000U + +/* + * Enable TLSv1.3 Compatibility mode. This is on by default. A future version + * of OpenSSL may have this disabled by default. + */ +# define SSL_OP_ENABLE_MIDDLEBOX_COMPAT 0x00100000U + +/* Prioritize Chacha20Poly1305 when client does. + * Modifies SSL_OP_CIPHER_SERVER_PREFERENCE */ +# define SSL_OP_PRIORITIZE_CHACHA 0x00200000U + +/* + * Set on servers to choose the cipher according to the server's preferences + */ +# define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000U +/* + * If set, a server will allow a client to issue a SSLv3.0 version number as + * latest version supported in the premaster secret, even when TLSv1.0 + * (version 3.1) was announced in the client hello. Normally this is + * forbidden to prevent version rollback attacks. + */ +# define SSL_OP_TLS_ROLLBACK_BUG 0x00800000U + +/* + * Switches off automatic TLSv1.3 anti-replay protection for early data. This + * is a server-side option only (no effect on the client). + */ +# define SSL_OP_NO_ANTI_REPLAY 0x01000000U + +# define SSL_OP_NO_SSLv3 0x02000000U +# define SSL_OP_NO_TLSv1 0x04000000U +# define SSL_OP_NO_TLSv1_2 0x08000000U +# define SSL_OP_NO_TLSv1_1 0x10000000U +# define SSL_OP_NO_TLSv1_3 0x20000000U + +# define SSL_OP_NO_DTLSv1 0x04000000U +# define SSL_OP_NO_DTLSv1_2 0x08000000U + +# define SSL_OP_NO_SSL_MASK (SSL_OP_NO_SSLv3|\ + SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2|SSL_OP_NO_TLSv1_3) +# define SSL_OP_NO_DTLS_MASK (SSL_OP_NO_DTLSv1|SSL_OP_NO_DTLSv1_2) + +/* Disallow all renegotiation */ +# define SSL_OP_NO_RENEGOTIATION 0x40000000U + +/* + * Make server add server-hello extension from early version of cryptopro + * draft, when GOST ciphersuite is negotiated. Required for interoperability + * with CryptoPro CSP 3.x + */ +# define SSL_OP_CRYPTOPRO_TLSEXT_BUG 0x80000000U + +/* + * SSL_OP_ALL: various bug workarounds that should be rather harmless. + * This used to be 0x000FFFFFL before 0.9.7. + * This used to be 0x80000BFFU before 1.1.1. + */ +# define SSL_OP_ALL (SSL_OP_CRYPTOPRO_TLSEXT_BUG|\ + SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS|\ + SSL_OP_LEGACY_SERVER_CONNECT|\ + SSL_OP_TLSEXT_PADDING|\ + SSL_OP_SAFARI_ECDHE_ECDSA_BUG) + +/* OBSOLETE OPTIONS: retained for compatibility */ + +/* Removed from OpenSSL 1.1.0. Was 0x00000001L */ +/* Related to removed SSLv2. */ +# define SSL_OP_MICROSOFT_SESS_ID_BUG 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x00000002L */ +/* Related to removed SSLv2. */ +# define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x0 +/* Removed from OpenSSL 0.9.8q and 1.0.0c. Was 0x00000008L */ +/* Dead forever, see CVE-2010-4180 */ +# define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x0 +/* Removed from OpenSSL 1.0.1h and 1.0.2. Was 0x00000010L */ +/* Refers to ancient SSLREF and SSLv2. */ +# define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x00000020 */ +# define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x0 +/* Removed from OpenSSL 0.9.7h and 0.9.8b. Was 0x00000040L */ +# define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x00000080 */ +/* Ancient SSLeay version. */ +# define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x00000100L */ +# define SSL_OP_TLS_D5_BUG 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x00000200L */ +# define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x00080000L */ +# define SSL_OP_SINGLE_ECDH_USE 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x00100000L */ +# define SSL_OP_SINGLE_DH_USE 0x0 +/* Removed from OpenSSL 1.0.1k and 1.0.2. Was 0x00200000L */ +# define SSL_OP_EPHEMERAL_RSA 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x01000000L */ +# define SSL_OP_NO_SSLv2 0x0 +/* Removed from OpenSSL 1.0.1. Was 0x08000000L */ +# define SSL_OP_PKCS1_CHECK_1 0x0 +/* Removed from OpenSSL 1.0.1. Was 0x10000000L */ +# define SSL_OP_PKCS1_CHECK_2 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x20000000L */ +# define SSL_OP_NETSCAPE_CA_DN_BUG 0x0 +/* Removed from OpenSSL 1.1.0. Was 0x40000000L */ +# define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x0 + +/* + * Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success + * when just a single record has been written): + */ +# define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001U +/* + * Make it possible to retry SSL_write() with changed buffer location (buffer + * contents must stay the same!); this is not the default to avoid the + * misconception that non-blocking SSL_write() behaves like non-blocking + * write(): + */ +# define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002U +/* + * Never bother the application with retries if the transport is blocking: + */ +# define SSL_MODE_AUTO_RETRY 0x00000004U +/* Don't attempt to automatically build certificate chain */ +# define SSL_MODE_NO_AUTO_CHAIN 0x00000008U +/* + * Save RAM by releasing read and write buffers when they're empty. (SSL3 and + * TLS only.) Released buffers are freed. + */ +# define SSL_MODE_RELEASE_BUFFERS 0x00000010U +/* + * Send the current time in the Random fields of the ClientHello and + * ServerHello records for compatibility with hypothetical implementations + * that require it. + */ +# define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020U +# define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040U +/* + * Send TLS_FALLBACK_SCSV in the ClientHello. To be set only by applications + * that reconnect with a downgraded protocol version; see + * draft-ietf-tls-downgrade-scsv-00 for details. DO NOT ENABLE THIS if your + * application attempts a normal handshake. Only use this in explicit + * fallback retries, following the guidance in + * draft-ietf-tls-downgrade-scsv-00. + */ +# define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080U +/* + * Support Asynchronous operation + */ +# define SSL_MODE_ASYNC 0x00000100U +/* + * Don't use the kernel TLS data-path for sending. + */ +# define SSL_MODE_NO_KTLS_TX 0x00000200U +/* + * When using DTLS/SCTP, include the terminating zero in the label + * used for computing the endpoint-pair shared secret. Required for + * interoperability with implementations having this bug like these + * older version of OpenSSL: + * - OpenSSL 1.0.0 series + * - OpenSSL 1.0.1 series + * - OpenSSL 1.0.2 series + * - OpenSSL 1.1.0 series + * - OpenSSL 1.1.1 and 1.1.1a + */ +# define SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG 0x00000400U +/* + * Don't use the kernel TLS data-path for receiving. + */ +# define SSL_MODE_NO_KTLS_RX 0x00000800U + +/* Cert related flags */ +/* + * Many implementations ignore some aspects of the TLS standards such as + * enforcing certificate chain algorithms. When this is set we enforce them. + */ +# define SSL_CERT_FLAG_TLS_STRICT 0x00000001U + +/* Suite B modes, takes same values as certificate verify flags */ +# define SSL_CERT_FLAG_SUITEB_128_LOS_ONLY 0x10000 +/* Suite B 192 bit only mode */ +# define SSL_CERT_FLAG_SUITEB_192_LOS 0x20000 +/* Suite B 128 bit mode allowing 192 bit algorithms */ +# define SSL_CERT_FLAG_SUITEB_128_LOS 0x30000 + +/* Perform all sorts of protocol violations for testing purposes */ +# define SSL_CERT_FLAG_BROKEN_PROTOCOL 0x10000000 + +/* Flags for building certificate chains */ +/* Treat any existing certificates as untrusted CAs */ +# define SSL_BUILD_CHAIN_FLAG_UNTRUSTED 0x1 +/* Don't include root CA in chain */ +# define SSL_BUILD_CHAIN_FLAG_NO_ROOT 0x2 +/* Just check certificates already there */ +# define SSL_BUILD_CHAIN_FLAG_CHECK 0x4 +/* Ignore verification errors */ +# define SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR 0x8 +/* Clear verification errors from queue */ +# define SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR 0x10 + +/* Flags returned by SSL_check_chain */ +/* Certificate can be used with this session */ +# define CERT_PKEY_VALID 0x1 +/* Certificate can also be used for signing */ +# define CERT_PKEY_SIGN 0x2 +/* EE certificate signing algorithm OK */ +# define CERT_PKEY_EE_SIGNATURE 0x10 +/* CA signature algorithms OK */ +# define CERT_PKEY_CA_SIGNATURE 0x20 +/* EE certificate parameters OK */ +# define CERT_PKEY_EE_PARAM 0x40 +/* CA certificate parameters OK */ +# define CERT_PKEY_CA_PARAM 0x80 +/* Signing explicitly allowed as opposed to SHA1 fallback */ +# define CERT_PKEY_EXPLICIT_SIGN 0x100 +/* Client CA issuer names match (always set for server cert) */ +# define CERT_PKEY_ISSUER_NAME 0x200 +/* Cert type matches client types (always set for server cert) */ +# define CERT_PKEY_CERT_TYPE 0x400 +/* Cert chain suitable to Suite B */ +# define CERT_PKEY_SUITEB 0x800 + +# define SSL_CONF_FLAG_CMDLINE 0x1 +# define SSL_CONF_FLAG_FILE 0x2 +# define SSL_CONF_FLAG_CLIENT 0x4 +# define SSL_CONF_FLAG_SERVER 0x8 +# define SSL_CONF_FLAG_SHOW_ERRORS 0x10 +# define SSL_CONF_FLAG_CERTIFICATE 0x20 +# define SSL_CONF_FLAG_REQUIRE_PRIVATE 0x40 +/* Configuration value types */ +# define SSL_CONF_TYPE_UNKNOWN 0x0 +# define SSL_CONF_TYPE_STRING 0x1 +# define SSL_CONF_TYPE_FILE 0x2 +# define SSL_CONF_TYPE_DIR 0x3 +# define SSL_CONF_TYPE_NONE 0x4 +# define SSL_CONF_TYPE_STORE 0x5 + +/* Maximum length of the application-controlled segment of a a TLSv1.3 cookie */ +# define SSL_COOKIE_LENGTH 4096 + +/* + * Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, they + * cannot be used to clear bits. + */ + +unsigned long SSL_CTX_get_options(const SSL_CTX *ctx); +unsigned long SSL_get_options(const SSL *s); +unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op); +unsigned long SSL_clear_options(SSL *s, unsigned long op); +unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op); +unsigned long SSL_set_options(SSL *s, unsigned long op); + +# define SSL_CTX_set_mode(ctx,op) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL) +# define SSL_CTX_clear_mode(ctx,op) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL) +# define SSL_CTX_get_mode(ctx) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL) +# define SSL_clear_mode(ssl,op) \ + SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL) +# define SSL_set_mode(ssl,op) \ + SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL) +# define SSL_get_mode(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL) +# define SSL_set_mtu(ssl, mtu) \ + SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL) +# define DTLS_set_link_mtu(ssl, mtu) \ + SSL_ctrl((ssl),DTLS_CTRL_SET_LINK_MTU,(mtu),NULL) +# define DTLS_get_link_min_mtu(ssl) \ + SSL_ctrl((ssl),DTLS_CTRL_GET_LINK_MIN_MTU,0,NULL) + +# define SSL_get_secure_renegotiation_support(ssl) \ + SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL) + +# define SSL_CTX_set_cert_flags(ctx,op) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_CERT_FLAGS,(op),NULL) +# define SSL_set_cert_flags(s,op) \ + SSL_ctrl((s),SSL_CTRL_CERT_FLAGS,(op),NULL) +# define SSL_CTX_clear_cert_flags(ctx,op) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_CERT_FLAGS,(op),NULL) +# define SSL_clear_cert_flags(s,op) \ + SSL_ctrl((s),SSL_CTRL_CLEAR_CERT_FLAGS,(op),NULL) + +void SSL_CTX_set_msg_callback(SSL_CTX *ctx, + void (*cb) (int write_p, int version, + int content_type, const void *buf, + size_t len, SSL *ssl, void *arg)); +void SSL_set_msg_callback(SSL *ssl, + void (*cb) (int write_p, int version, + int content_type, const void *buf, + size_t len, SSL *ssl, void *arg)); +# define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) +# define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) + +# define SSL_get_extms_support(s) \ + SSL_ctrl((s),SSL_CTRL_GET_EXTMS_SUPPORT,0,NULL) + +# ifndef OPENSSL_NO_SRP + +/* see tls_srp.c */ +__owur int SSL_SRP_CTX_init(SSL *s); +__owur int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx); +int SSL_SRP_CTX_free(SSL *ctx); +int SSL_CTX_SRP_CTX_free(SSL_CTX *ctx); +__owur int SSL_srp_server_param_with_username(SSL *s, int *ad); +__owur int SRP_Calc_A_param(SSL *s); + +# endif + +/* 100k max cert list */ +# define SSL_MAX_CERT_LIST_DEFAULT 1024*100 + +# define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT (1024*20) + +/* + * This callback type is used inside SSL_CTX, SSL, and in the functions that + * set them. It is used to override the generation of SSL/TLS session IDs in + * a server. Return value should be zero on an error, non-zero to proceed. + * Also, callbacks should themselves check if the id they generate is unique + * otherwise the SSL handshake will fail with an error - callbacks can do + * this using the 'ssl' value they're passed by; + * SSL_has_matching_session_id(ssl, id, *id_len) The length value passed in + * is set at the maximum size the session ID can be. In SSLv3/TLSv1 it is 32 + * bytes. The callback can alter this length to be less if desired. It is + * also an error for the callback to set the size to zero. + */ +typedef int (*GEN_SESSION_CB) (SSL *ssl, unsigned char *id, + unsigned int *id_len); + +# define SSL_SESS_CACHE_OFF 0x0000 +# define SSL_SESS_CACHE_CLIENT 0x0001 +# define SSL_SESS_CACHE_SERVER 0x0002 +# define SSL_SESS_CACHE_BOTH (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER) +# define SSL_SESS_CACHE_NO_AUTO_CLEAR 0x0080 +/* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */ +# define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100 +# define SSL_SESS_CACHE_NO_INTERNAL_STORE 0x0200 +# define SSL_SESS_CACHE_NO_INTERNAL \ + (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE) + +LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx); +# define SSL_CTX_sess_number(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL) +# define SSL_CTX_sess_connect(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL) +# define SSL_CTX_sess_connect_good(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL) +# define SSL_CTX_sess_connect_renegotiate(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL) +# define SSL_CTX_sess_accept(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL) +# define SSL_CTX_sess_accept_renegotiate(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL) +# define SSL_CTX_sess_accept_good(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL) +# define SSL_CTX_sess_hits(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL) +# define SSL_CTX_sess_cb_hits(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL) +# define SSL_CTX_sess_misses(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL) +# define SSL_CTX_sess_timeouts(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL) +# define SSL_CTX_sess_cache_full(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL) + +void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, + int (*new_session_cb) (struct ssl_st *ssl, + SSL_SESSION *sess)); +int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)) (struct ssl_st *ssl, + SSL_SESSION *sess); +void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, + void (*remove_session_cb) (struct ssl_ctx_st + *ctx, + SSL_SESSION *sess)); +void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)) (struct ssl_ctx_st *ctx, + SSL_SESSION *sess); +void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, + SSL_SESSION *(*get_session_cb) (struct ssl_st + *ssl, + const unsigned char + *data, int len, + int *copy)); +SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx)) (struct ssl_st *ssl, + const unsigned char *data, + int len, int *copy); +void SSL_CTX_set_info_callback(SSL_CTX *ctx, + void (*cb) (const SSL *ssl, int type, int val)); +void (*SSL_CTX_get_info_callback(SSL_CTX *ctx)) (const SSL *ssl, int type, + int val); +void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, + int (*client_cert_cb) (SSL *ssl, X509 **x509, + EVP_PKEY **pkey)); +int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx)) (SSL *ssl, X509 **x509, + EVP_PKEY **pkey); +# ifndef OPENSSL_NO_ENGINE +__owur int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e); +# endif +void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, + int (*app_gen_cookie_cb) (SSL *ssl, + unsigned char + *cookie, + unsigned int + *cookie_len)); +void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, + int (*app_verify_cookie_cb) (SSL *ssl, + const unsigned + char *cookie, + unsigned int + cookie_len)); + +void SSL_CTX_set_stateless_cookie_generate_cb( + SSL_CTX *ctx, + int (*gen_stateless_cookie_cb) (SSL *ssl, + unsigned char *cookie, + size_t *cookie_len)); +void SSL_CTX_set_stateless_cookie_verify_cb( + SSL_CTX *ctx, + int (*verify_stateless_cookie_cb) (SSL *ssl, + const unsigned char *cookie, + size_t cookie_len)); +# ifndef OPENSSL_NO_NEXTPROTONEG + +typedef int (*SSL_CTX_npn_advertised_cb_func)(SSL *ssl, + const unsigned char **out, + unsigned int *outlen, + void *arg); +void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s, + SSL_CTX_npn_advertised_cb_func cb, + void *arg); +# define SSL_CTX_set_npn_advertised_cb SSL_CTX_set_next_protos_advertised_cb + +typedef int (*SSL_CTX_npn_select_cb_func)(SSL *s, + unsigned char **out, + unsigned char *outlen, + const unsigned char *in, + unsigned int inlen, + void *arg); +void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s, + SSL_CTX_npn_select_cb_func cb, + void *arg); +# define SSL_CTX_set_npn_select_cb SSL_CTX_set_next_proto_select_cb + +void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, + unsigned *len); +# define SSL_get0_npn_negotiated SSL_get0_next_proto_negotiated +# endif + +__owur int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, + const unsigned char *in, unsigned int inlen, + const unsigned char *client, + unsigned int client_len); + +# define OPENSSL_NPN_UNSUPPORTED 0 +# define OPENSSL_NPN_NEGOTIATED 1 +# define OPENSSL_NPN_NO_OVERLAP 2 + +__owur int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, + unsigned int protos_len); +__owur int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos, + unsigned int protos_len); +typedef int (*SSL_CTX_alpn_select_cb_func)(SSL *ssl, + const unsigned char **out, + unsigned char *outlen, + const unsigned char *in, + unsigned int inlen, + void *arg); +void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, + SSL_CTX_alpn_select_cb_func cb, + void *arg); +void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, + unsigned int *len); + +# ifndef OPENSSL_NO_PSK +/* + * the maximum length of the buffer given to callbacks containing the + * resulting identity/psk + */ +# define PSK_MAX_IDENTITY_LEN 128 +# define PSK_MAX_PSK_LEN 256 +typedef unsigned int (*SSL_psk_client_cb_func)(SSL *ssl, + const char *hint, + char *identity, + unsigned int max_identity_len, + unsigned char *psk, + unsigned int max_psk_len); +void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, SSL_psk_client_cb_func cb); +void SSL_set_psk_client_callback(SSL *ssl, SSL_psk_client_cb_func cb); + +typedef unsigned int (*SSL_psk_server_cb_func)(SSL *ssl, + const char *identity, + unsigned char *psk, + unsigned int max_psk_len); +void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb); +void SSL_set_psk_server_callback(SSL *ssl, SSL_psk_server_cb_func cb); + +__owur int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint); +__owur int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint); +const char *SSL_get_psk_identity_hint(const SSL *s); +const char *SSL_get_psk_identity(const SSL *s); +# endif + +typedef int (*SSL_psk_find_session_cb_func)(SSL *ssl, + const unsigned char *identity, + size_t identity_len, + SSL_SESSION **sess); +typedef int (*SSL_psk_use_session_cb_func)(SSL *ssl, const EVP_MD *md, + const unsigned char **id, + size_t *idlen, + SSL_SESSION **sess); + +void SSL_set_psk_find_session_callback(SSL *s, SSL_psk_find_session_cb_func cb); +void SSL_CTX_set_psk_find_session_callback(SSL_CTX *ctx, + SSL_psk_find_session_cb_func cb); +void SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb); +void SSL_CTX_set_psk_use_session_callback(SSL_CTX *ctx, + SSL_psk_use_session_cb_func cb); + +/* Register callbacks to handle custom TLS Extensions for client or server. */ + +__owur int SSL_CTX_has_client_custom_ext(const SSL_CTX *ctx, + unsigned int ext_type); + +__owur int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, + unsigned int ext_type, + custom_ext_add_cb add_cb, + custom_ext_free_cb free_cb, + void *add_arg, + custom_ext_parse_cb parse_cb, + void *parse_arg); + +__owur int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, + unsigned int ext_type, + custom_ext_add_cb add_cb, + custom_ext_free_cb free_cb, + void *add_arg, + custom_ext_parse_cb parse_cb, + void *parse_arg); + +__owur int SSL_CTX_add_custom_ext(SSL_CTX *ctx, unsigned int ext_type, + unsigned int context, + SSL_custom_ext_add_cb_ex add_cb, + SSL_custom_ext_free_cb_ex free_cb, + void *add_arg, + SSL_custom_ext_parse_cb_ex parse_cb, + void *parse_arg); + +__owur int SSL_extension_supported(unsigned int ext_type); + +# define SSL_NOTHING 1 +# define SSL_WRITING 2 +# define SSL_READING 3 +# define SSL_X509_LOOKUP 4 +# define SSL_ASYNC_PAUSED 5 +# define SSL_ASYNC_NO_JOBS 6 +# define SSL_CLIENT_HELLO_CB 7 + +/* These will only be used when doing non-blocking IO */ +# define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING) +# define SSL_want_read(s) (SSL_want(s) == SSL_READING) +# define SSL_want_write(s) (SSL_want(s) == SSL_WRITING) +# define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP) +# define SSL_want_async(s) (SSL_want(s) == SSL_ASYNC_PAUSED) +# define SSL_want_async_job(s) (SSL_want(s) == SSL_ASYNC_NO_JOBS) +# define SSL_want_client_hello_cb(s) (SSL_want(s) == SSL_CLIENT_HELLO_CB) + +# define SSL_MAC_FLAG_READ_MAC_STREAM 1 +# define SSL_MAC_FLAG_WRITE_MAC_STREAM 2 + +/* + * A callback for logging out TLS key material. This callback should log out + * |line| followed by a newline. + */ +typedef void (*SSL_CTX_keylog_cb_func)(const SSL *ssl, const char *line); + +/* + * SSL_CTX_set_keylog_callback configures a callback to log key material. This + * is intended for debugging use with tools like Wireshark. The cb function + * should log line followed by a newline. + */ +void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb); + +/* + * SSL_CTX_get_keylog_callback returns the callback configured by + * SSL_CTX_set_keylog_callback. + */ +SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx); + +int SSL_CTX_set_max_early_data(SSL_CTX *ctx, uint32_t max_early_data); +uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx); +int SSL_set_max_early_data(SSL *s, uint32_t max_early_data); +uint32_t SSL_get_max_early_data(const SSL *s); +int SSL_CTX_set_recv_max_early_data(SSL_CTX *ctx, uint32_t recv_max_early_data); +uint32_t SSL_CTX_get_recv_max_early_data(const SSL_CTX *ctx); +int SSL_set_recv_max_early_data(SSL *s, uint32_t recv_max_early_data); +uint32_t SSL_get_recv_max_early_data(const SSL *s); + +#ifdef __cplusplus +} +#endif + +# include +# include +# include /* This is mostly sslv3 with a few tweaks */ +# include /* Datagram TLS */ +# include /* Support for the use_srtp extension */ + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * These need to be after the above set of includes due to a compiler bug + * in VisualStudio 2015 + */ +DEFINE_STACK_OF_CONST(SSL_CIPHER) +DEFINE_STACK_OF(SSL_COMP) + +/* compatibility */ +# define SSL_set_app_data(s,arg) (SSL_set_ex_data(s,0,(char *)(arg))) +# define SSL_get_app_data(s) (SSL_get_ex_data(s,0)) +# define SSL_SESSION_set_app_data(s,a) (SSL_SESSION_set_ex_data(s,0, \ + (char *)(a))) +# define SSL_SESSION_get_app_data(s) (SSL_SESSION_get_ex_data(s,0)) +# define SSL_CTX_get_app_data(ctx) (SSL_CTX_get_ex_data(ctx,0)) +# define SSL_CTX_set_app_data(ctx,arg) (SSL_CTX_set_ex_data(ctx,0, \ + (char *)(arg))) +DEPRECATEDIN_1_1_0(void SSL_set_debug(SSL *s, int debug)) + +/* TLSv1.3 KeyUpdate message types */ +/* -1 used so that this is an invalid value for the on-the-wire protocol */ +#define SSL_KEY_UPDATE_NONE -1 +/* Values as defined for the on-the-wire protocol */ +#define SSL_KEY_UPDATE_NOT_REQUESTED 0 +#define SSL_KEY_UPDATE_REQUESTED 1 + +/* + * The valid handshake states (one for each type message sent and one for each + * type of message received). There are also two "special" states: + * TLS = TLS or DTLS state + * DTLS = DTLS specific state + * CR/SR = Client Read/Server Read + * CW/SW = Client Write/Server Write + * + * The "special" states are: + * TLS_ST_BEFORE = No handshake has been initiated yet + * TLS_ST_OK = A handshake has been successfully completed + */ +typedef enum { + TLS_ST_BEFORE, + TLS_ST_OK, + DTLS_ST_CR_HELLO_VERIFY_REQUEST, + TLS_ST_CR_SRVR_HELLO, + TLS_ST_CR_CERT, + TLS_ST_CR_CERT_STATUS, + TLS_ST_CR_KEY_EXCH, + TLS_ST_CR_CERT_REQ, + TLS_ST_CR_SRVR_DONE, + TLS_ST_CR_SESSION_TICKET, + TLS_ST_CR_CHANGE, + TLS_ST_CR_FINISHED, + TLS_ST_CW_CLNT_HELLO, + TLS_ST_CW_CERT, + TLS_ST_CW_KEY_EXCH, + TLS_ST_CW_CERT_VRFY, + TLS_ST_CW_CHANGE, + TLS_ST_CW_NEXT_PROTO, + TLS_ST_CW_FINISHED, + TLS_ST_SW_HELLO_REQ, + TLS_ST_SR_CLNT_HELLO, + DTLS_ST_SW_HELLO_VERIFY_REQUEST, + TLS_ST_SW_SRVR_HELLO, + TLS_ST_SW_CERT, + TLS_ST_SW_KEY_EXCH, + TLS_ST_SW_CERT_REQ, + TLS_ST_SW_SRVR_DONE, + TLS_ST_SR_CERT, + TLS_ST_SR_KEY_EXCH, + TLS_ST_SR_CERT_VRFY, + TLS_ST_SR_NEXT_PROTO, + TLS_ST_SR_CHANGE, + TLS_ST_SR_FINISHED, + TLS_ST_SW_SESSION_TICKET, + TLS_ST_SW_CERT_STATUS, + TLS_ST_SW_CHANGE, + TLS_ST_SW_FINISHED, + TLS_ST_SW_ENCRYPTED_EXTENSIONS, + TLS_ST_CR_ENCRYPTED_EXTENSIONS, + TLS_ST_CR_CERT_VRFY, + TLS_ST_SW_CERT_VRFY, + TLS_ST_CR_HELLO_REQ, + TLS_ST_SW_KEY_UPDATE, + TLS_ST_CW_KEY_UPDATE, + TLS_ST_SR_KEY_UPDATE, + TLS_ST_CR_KEY_UPDATE, + TLS_ST_EARLY_DATA, + TLS_ST_PENDING_EARLY_DATA_END, + TLS_ST_CW_END_OF_EARLY_DATA, + TLS_ST_SR_END_OF_EARLY_DATA +} OSSL_HANDSHAKE_STATE; + +/* + * Most of the following state values are no longer used and are defined to be + * the closest equivalent value in the current state machine code. Not all + * defines have an equivalent and are set to a dummy value (-1). SSL_ST_CONNECT + * and SSL_ST_ACCEPT are still in use in the definition of SSL_CB_ACCEPT_LOOP, + * SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP and SSL_CB_CONNECT_EXIT. + */ + +# define SSL_ST_CONNECT 0x1000 +# define SSL_ST_ACCEPT 0x2000 + +# define SSL_ST_MASK 0x0FFF + +# define SSL_CB_LOOP 0x01 +# define SSL_CB_EXIT 0x02 +# define SSL_CB_READ 0x04 +# define SSL_CB_WRITE 0x08 +# define SSL_CB_ALERT 0x4000/* used in callback */ +# define SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ) +# define SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE) +# define SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP) +# define SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT) +# define SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP) +# define SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT) +# define SSL_CB_HANDSHAKE_START 0x10 +# define SSL_CB_HANDSHAKE_DONE 0x20 + +/* Is the SSL_connection established? */ +# define SSL_in_connect_init(a) (SSL_in_init(a) && !SSL_is_server(a)) +# define SSL_in_accept_init(a) (SSL_in_init(a) && SSL_is_server(a)) +int SSL_in_init(const SSL *s); +int SSL_in_before(const SSL *s); +int SSL_is_init_finished(const SSL *s); + +/* + * The following 3 states are kept in ssl->rlayer.rstate when reads fail, you + * should not need these + */ +# define SSL_ST_READ_HEADER 0xF0 +# define SSL_ST_READ_BODY 0xF1 +# define SSL_ST_READ_DONE 0xF2 + +/*- + * Obtain latest Finished message + * -- that we sent (SSL_get_finished) + * -- that we expected from peer (SSL_get_peer_finished). + * Returns length (0 == no Finished so far), copies up to 'count' bytes. + */ +size_t SSL_get_finished(const SSL *s, void *buf, size_t count); +size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); + +/* + * use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 3 options are + * 'ored' with SSL_VERIFY_PEER if they are desired + */ +# define SSL_VERIFY_NONE 0x00 +# define SSL_VERIFY_PEER 0x01 +# define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02 +# define SSL_VERIFY_CLIENT_ONCE 0x04 +# define SSL_VERIFY_POST_HANDSHAKE 0x08 + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define OpenSSL_add_ssl_algorithms() SSL_library_init() +# define SSLeay_add_ssl_algorithms() SSL_library_init() +# endif + +/* More backward compatibility */ +# define SSL_get_cipher(s) \ + SSL_CIPHER_get_name(SSL_get_current_cipher(s)) +# define SSL_get_cipher_bits(s,np) \ + SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np) +# define SSL_get_cipher_version(s) \ + SSL_CIPHER_get_version(SSL_get_current_cipher(s)) +# define SSL_get_cipher_name(s) \ + SSL_CIPHER_get_name(SSL_get_current_cipher(s)) +# define SSL_get_time(a) SSL_SESSION_get_time(a) +# define SSL_set_time(a,b) SSL_SESSION_set_time((a),(b)) +# define SSL_get_timeout(a) SSL_SESSION_get_timeout(a) +# define SSL_set_timeout(a,b) SSL_SESSION_set_timeout((a),(b)) + +# define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id) +# define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id) + +DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) +# define SSL_AD_REASON_OFFSET 1000/* offset to get SSL_R_... value + * from SSL_AD_... */ +/* These alert types are for SSLv3 and TLSv1 */ +# define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY +/* fatal */ +# define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE +/* fatal */ +# define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC +# define SSL_AD_DECRYPTION_FAILED TLS1_AD_DECRYPTION_FAILED +# define SSL_AD_RECORD_OVERFLOW TLS1_AD_RECORD_OVERFLOW +/* fatal */ +# define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE +/* fatal */ +# define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE +/* Not for TLS */ +# define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE +# define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE +# define SSL_AD_UNSUPPORTED_CERTIFICATE SSL3_AD_UNSUPPORTED_CERTIFICATE +# define SSL_AD_CERTIFICATE_REVOKED SSL3_AD_CERTIFICATE_REVOKED +# define SSL_AD_CERTIFICATE_EXPIRED SSL3_AD_CERTIFICATE_EXPIRED +# define SSL_AD_CERTIFICATE_UNKNOWN SSL3_AD_CERTIFICATE_UNKNOWN +/* fatal */ +# define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER +/* fatal */ +# define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA +/* fatal */ +# define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED +/* fatal */ +# define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR +# define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR +/* fatal */ +# define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION +/* fatal */ +# define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION +/* fatal */ +# define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY +/* fatal */ +# define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR +# define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED +# define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION +# define SSL_AD_MISSING_EXTENSION TLS13_AD_MISSING_EXTENSION +# define SSL_AD_CERTIFICATE_REQUIRED TLS13_AD_CERTIFICATE_REQUIRED +# define SSL_AD_UNSUPPORTED_EXTENSION TLS1_AD_UNSUPPORTED_EXTENSION +# define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE +# define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME +# define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE +# define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE +/* fatal */ +# define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY +/* fatal */ +# define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK +# define SSL_AD_NO_APPLICATION_PROTOCOL TLS1_AD_NO_APPLICATION_PROTOCOL +# define SSL_ERROR_NONE 0 +# define SSL_ERROR_SSL 1 +# define SSL_ERROR_WANT_READ 2 +# define SSL_ERROR_WANT_WRITE 3 +# define SSL_ERROR_WANT_X509_LOOKUP 4 +# define SSL_ERROR_SYSCALL 5/* look at error stack/return + * value/errno */ +# define SSL_ERROR_ZERO_RETURN 6 +# define SSL_ERROR_WANT_CONNECT 7 +# define SSL_ERROR_WANT_ACCEPT 8 +# define SSL_ERROR_WANT_ASYNC 9 +# define SSL_ERROR_WANT_ASYNC_JOB 10 +# define SSL_ERROR_WANT_CLIENT_HELLO_CB 11 +# define SSL_CTRL_SET_TMP_DH 3 +# define SSL_CTRL_SET_TMP_ECDH 4 +# define SSL_CTRL_SET_TMP_DH_CB 6 +# define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9 +# define SSL_CTRL_GET_NUM_RENEGOTIATIONS 10 +# define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 11 +# define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 12 +# define SSL_CTRL_GET_FLAGS 13 +# define SSL_CTRL_EXTRA_CHAIN_CERT 14 +# define SSL_CTRL_SET_MSG_CALLBACK 15 +# define SSL_CTRL_SET_MSG_CALLBACK_ARG 16 +/* only applies to datagram connections */ +# define SSL_CTRL_SET_MTU 17 +/* Stats */ +# define SSL_CTRL_SESS_NUMBER 20 +# define SSL_CTRL_SESS_CONNECT 21 +# define SSL_CTRL_SESS_CONNECT_GOOD 22 +# define SSL_CTRL_SESS_CONNECT_RENEGOTIATE 23 +# define SSL_CTRL_SESS_ACCEPT 24 +# define SSL_CTRL_SESS_ACCEPT_GOOD 25 +# define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE 26 +# define SSL_CTRL_SESS_HIT 27 +# define SSL_CTRL_SESS_CB_HIT 28 +# define SSL_CTRL_SESS_MISSES 29 +# define SSL_CTRL_SESS_TIMEOUTS 30 +# define SSL_CTRL_SESS_CACHE_FULL 31 +# define SSL_CTRL_MODE 33 +# define SSL_CTRL_GET_READ_AHEAD 40 +# define SSL_CTRL_SET_READ_AHEAD 41 +# define SSL_CTRL_SET_SESS_CACHE_SIZE 42 +# define SSL_CTRL_GET_SESS_CACHE_SIZE 43 +# define SSL_CTRL_SET_SESS_CACHE_MODE 44 +# define SSL_CTRL_GET_SESS_CACHE_MODE 45 +# define SSL_CTRL_GET_MAX_CERT_LIST 50 +# define SSL_CTRL_SET_MAX_CERT_LIST 51 +# define SSL_CTRL_SET_MAX_SEND_FRAGMENT 52 +/* see tls1.h for macros based on these */ +# define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53 +# define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54 +# define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 +# define SSL_CTRL_SET_TLSEXT_DEBUG_CB 56 +# define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57 +# define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58 +# define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59 +/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT 60 */ +/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB 61 */ +/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62 */ +# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63 +# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64 +# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65 +# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66 +# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS 67 +# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS 68 +# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS 69 +# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70 +# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71 +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72 +# endif +# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB 75 +# define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB 76 +# define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB 77 +# define SSL_CTRL_SET_SRP_ARG 78 +# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 79 +# define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80 +# define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 81 +# define DTLS_CTRL_GET_TIMEOUT 73 +# define DTLS_CTRL_HANDLE_TIMEOUT 74 +# define SSL_CTRL_GET_RI_SUPPORT 76 +# define SSL_CTRL_CLEAR_MODE 78 +# define SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB 79 +# define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82 +# define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83 +# define SSL_CTRL_CHAIN 88 +# define SSL_CTRL_CHAIN_CERT 89 +# define SSL_CTRL_GET_GROUPS 90 +# define SSL_CTRL_SET_GROUPS 91 +# define SSL_CTRL_SET_GROUPS_LIST 92 +# define SSL_CTRL_GET_SHARED_GROUP 93 +# define SSL_CTRL_SET_SIGALGS 97 +# define SSL_CTRL_SET_SIGALGS_LIST 98 +# define SSL_CTRL_CERT_FLAGS 99 +# define SSL_CTRL_CLEAR_CERT_FLAGS 100 +# define SSL_CTRL_SET_CLIENT_SIGALGS 101 +# define SSL_CTRL_SET_CLIENT_SIGALGS_LIST 102 +# define SSL_CTRL_GET_CLIENT_CERT_TYPES 103 +# define SSL_CTRL_SET_CLIENT_CERT_TYPES 104 +# define SSL_CTRL_BUILD_CERT_CHAIN 105 +# define SSL_CTRL_SET_VERIFY_CERT_STORE 106 +# define SSL_CTRL_SET_CHAIN_CERT_STORE 107 +# define SSL_CTRL_GET_PEER_SIGNATURE_NID 108 +# define SSL_CTRL_GET_PEER_TMP_KEY 109 +# define SSL_CTRL_GET_RAW_CIPHERLIST 110 +# define SSL_CTRL_GET_EC_POINT_FORMATS 111 +# define SSL_CTRL_GET_CHAIN_CERTS 115 +# define SSL_CTRL_SELECT_CURRENT_CERT 116 +# define SSL_CTRL_SET_CURRENT_CERT 117 +# define SSL_CTRL_SET_DH_AUTO 118 +# define DTLS_CTRL_SET_LINK_MTU 120 +# define DTLS_CTRL_GET_LINK_MIN_MTU 121 +# define SSL_CTRL_GET_EXTMS_SUPPORT 122 +# define SSL_CTRL_SET_MIN_PROTO_VERSION 123 +# define SSL_CTRL_SET_MAX_PROTO_VERSION 124 +# define SSL_CTRL_SET_SPLIT_SEND_FRAGMENT 125 +# define SSL_CTRL_SET_MAX_PIPELINES 126 +# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE 127 +# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB 128 +# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG 129 +# define SSL_CTRL_GET_MIN_PROTO_VERSION 130 +# define SSL_CTRL_GET_MAX_PROTO_VERSION 131 +# define SSL_CTRL_GET_SIGNATURE_NID 132 +# define SSL_CTRL_GET_TMP_KEY 133 +# define SSL_CTRL_GET_NEGOTIATED_GROUP 134 +# define SSL_CERT_SET_FIRST 1 +# define SSL_CERT_SET_NEXT 2 +# define SSL_CERT_SET_SERVER 3 +# define DTLSv1_get_timeout(ssl, arg) \ + SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)(arg)) +# define DTLSv1_handle_timeout(ssl) \ + SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL) +# define SSL_num_renegotiations(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL) +# define SSL_clear_num_renegotiations(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL) +# define SSL_total_renegotiations(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL) +# define SSL_CTX_set_tmp_dh(ctx,dh) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)(dh)) +# define SSL_CTX_set_dh_auto(ctx, onoff) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_DH_AUTO,onoff,NULL) +# define SSL_set_dh_auto(s, onoff) \ + SSL_ctrl(s,SSL_CTRL_SET_DH_AUTO,onoff,NULL) +# define SSL_set_tmp_dh(ssl,dh) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)(dh)) +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)(ecdh)) +# define SSL_set_tmp_ecdh(ssl,ecdh) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)(ecdh)) +# endif +# define SSL_CTX_add_extra_chain_cert(ctx,x509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)(x509)) +# define SSL_CTX_get_extra_chain_certs(ctx,px509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,0,px509) +# define SSL_CTX_get_extra_chain_certs_only(ctx,px509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,1,px509) +# define SSL_CTX_clear_extra_chain_certs(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL) +# define SSL_CTX_set0_chain(ctx,sk) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,0,(char *)(sk)) +# define SSL_CTX_set1_chain(ctx,sk) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,1,(char *)(sk)) +# define SSL_CTX_add0_chain_cert(ctx,x509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN_CERT,0,(char *)(x509)) +# define SSL_CTX_add1_chain_cert(ctx,x509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN_CERT,1,(char *)(x509)) +# define SSL_CTX_get0_chain_certs(ctx,px509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_CHAIN_CERTS,0,px509) +# define SSL_CTX_clear_chain_certs(ctx) \ + SSL_CTX_set0_chain(ctx,NULL) +# define SSL_CTX_build_cert_chain(ctx, flags) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL) +# define SSL_CTX_select_current_cert(ctx,x509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)(x509)) +# define SSL_CTX_set_current_cert(ctx, op) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CURRENT_CERT, op, NULL) +# define SSL_CTX_set0_verify_cert_store(ctx,st) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)(st)) +# define SSL_CTX_set1_verify_cert_store(ctx,st) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)(st)) +# define SSL_CTX_set0_chain_cert_store(ctx,st) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)(st)) +# define SSL_CTX_set1_chain_cert_store(ctx,st) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)(st)) +# define SSL_set0_chain(s,sk) \ + SSL_ctrl(s,SSL_CTRL_CHAIN,0,(char *)(sk)) +# define SSL_set1_chain(s,sk) \ + SSL_ctrl(s,SSL_CTRL_CHAIN,1,(char *)(sk)) +# define SSL_add0_chain_cert(s,x509) \ + SSL_ctrl(s,SSL_CTRL_CHAIN_CERT,0,(char *)(x509)) +# define SSL_add1_chain_cert(s,x509) \ + SSL_ctrl(s,SSL_CTRL_CHAIN_CERT,1,(char *)(x509)) +# define SSL_get0_chain_certs(s,px509) \ + SSL_ctrl(s,SSL_CTRL_GET_CHAIN_CERTS,0,px509) +# define SSL_clear_chain_certs(s) \ + SSL_set0_chain(s,NULL) +# define SSL_build_cert_chain(s, flags) \ + SSL_ctrl(s,SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL) +# define SSL_select_current_cert(s,x509) \ + SSL_ctrl(s,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)(x509)) +# define SSL_set_current_cert(s,op) \ + SSL_ctrl(s,SSL_CTRL_SET_CURRENT_CERT, op, NULL) +# define SSL_set0_verify_cert_store(s,st) \ + SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)(st)) +# define SSL_set1_verify_cert_store(s,st) \ + SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)(st)) +# define SSL_set0_chain_cert_store(s,st) \ + SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)(st)) +# define SSL_set1_chain_cert_store(s,st) \ + SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)(st)) +# define SSL_get1_groups(s, glist) \ + SSL_ctrl(s,SSL_CTRL_GET_GROUPS,0,(int*)(glist)) +# define SSL_CTX_set1_groups(ctx, glist, glistlen) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(char *)(glist)) +# define SSL_CTX_set1_groups_list(ctx, s) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS_LIST,0,(char *)(s)) +# define SSL_set1_groups(s, glist, glistlen) \ + SSL_ctrl(s,SSL_CTRL_SET_GROUPS,glistlen,(char *)(glist)) +# define SSL_set1_groups_list(s, str) \ + SSL_ctrl(s,SSL_CTRL_SET_GROUPS_LIST,0,(char *)(str)) +# define SSL_get_shared_group(s, n) \ + SSL_ctrl(s,SSL_CTRL_GET_SHARED_GROUP,n,NULL) +# define SSL_get_negotiated_group(s) \ + SSL_ctrl(s,SSL_CTRL_GET_NEGOTIATED_GROUP,0,NULL) +# define SSL_CTX_set1_sigalgs(ctx, slist, slistlen) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)(slist)) +# define SSL_CTX_set1_sigalgs_list(ctx, s) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)(s)) +# define SSL_set1_sigalgs(s, slist, slistlen) \ + SSL_ctrl(s,SSL_CTRL_SET_SIGALGS,slistlen,(int *)(slist)) +# define SSL_set1_sigalgs_list(s, str) \ + SSL_ctrl(s,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)(str)) +# define SSL_CTX_set1_client_sigalgs(ctx, slist, slistlen) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS,slistlen,(int *)(slist)) +# define SSL_CTX_set1_client_sigalgs_list(ctx, s) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)(s)) +# define SSL_set1_client_sigalgs(s, slist, slistlen) \ + SSL_ctrl(s,SSL_CTRL_SET_CLIENT_SIGALGS,slistlen,(int *)(slist)) +# define SSL_set1_client_sigalgs_list(s, str) \ + SSL_ctrl(s,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)(str)) +# define SSL_get0_certificate_types(s, clist) \ + SSL_ctrl(s, SSL_CTRL_GET_CLIENT_CERT_TYPES, 0, (char *)(clist)) +# define SSL_CTX_set1_client_certificate_types(ctx, clist, clistlen) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen, \ + (char *)(clist)) +# define SSL_set1_client_certificate_types(s, clist, clistlen) \ + SSL_ctrl(s,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen,(char *)(clist)) +# define SSL_get_signature_nid(s, pn) \ + SSL_ctrl(s,SSL_CTRL_GET_SIGNATURE_NID,0,pn) +# define SSL_get_peer_signature_nid(s, pn) \ + SSL_ctrl(s,SSL_CTRL_GET_PEER_SIGNATURE_NID,0,pn) +# define SSL_get_peer_tmp_key(s, pk) \ + SSL_ctrl(s,SSL_CTRL_GET_PEER_TMP_KEY,0,pk) +# define SSL_get_tmp_key(s, pk) \ + SSL_ctrl(s,SSL_CTRL_GET_TMP_KEY,0,pk) +# define SSL_get0_raw_cipherlist(s, plst) \ + SSL_ctrl(s,SSL_CTRL_GET_RAW_CIPHERLIST,0,plst) +# define SSL_get0_ec_point_formats(s, plst) \ + SSL_ctrl(s,SSL_CTRL_GET_EC_POINT_FORMATS,0,plst) +# define SSL_CTX_set_min_proto_version(ctx, version) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL) +# define SSL_CTX_set_max_proto_version(ctx, version) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL) +# define SSL_CTX_get_min_proto_version(ctx) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, NULL) +# define SSL_CTX_get_max_proto_version(ctx) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL) +# define SSL_set_min_proto_version(s, version) \ + SSL_ctrl(s, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL) +# define SSL_set_max_proto_version(s, version) \ + SSL_ctrl(s, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL) +# define SSL_get_min_proto_version(s) \ + SSL_ctrl(s, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, NULL) +# define SSL_get_max_proto_version(s) \ + SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL) + +/* Backwards compatibility, original 1.1.0 names */ +# define SSL_CTRL_GET_SERVER_TMP_KEY \ + SSL_CTRL_GET_PEER_TMP_KEY +# define SSL_get_server_tmp_key(s, pk) \ + SSL_get_peer_tmp_key(s, pk) + +/* + * The following symbol names are old and obsolete. They are kept + * for compatibility reasons only and should not be used anymore. + */ +# define SSL_CTRL_GET_CURVES SSL_CTRL_GET_GROUPS +# define SSL_CTRL_SET_CURVES SSL_CTRL_SET_GROUPS +# define SSL_CTRL_SET_CURVES_LIST SSL_CTRL_SET_GROUPS_LIST +# define SSL_CTRL_GET_SHARED_CURVE SSL_CTRL_GET_SHARED_GROUP + +# define SSL_get1_curves SSL_get1_groups +# define SSL_CTX_set1_curves SSL_CTX_set1_groups +# define SSL_CTX_set1_curves_list SSL_CTX_set1_groups_list +# define SSL_set1_curves SSL_set1_groups +# define SSL_set1_curves_list SSL_set1_groups_list +# define SSL_get_shared_curve SSL_get_shared_group + + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +/* Provide some compatibility macros for removed functionality. */ +# define SSL_CTX_need_tmp_RSA(ctx) 0 +# define SSL_CTX_set_tmp_rsa(ctx,rsa) 1 +# define SSL_need_tmp_RSA(ssl) 0 +# define SSL_set_tmp_rsa(ssl,rsa) 1 +# define SSL_CTX_set_ecdh_auto(dummy, onoff) ((onoff) != 0) +# define SSL_set_ecdh_auto(dummy, onoff) ((onoff) != 0) +/* + * We "pretend" to call the callback to avoid warnings about unused static + * functions. + */ +# define SSL_CTX_set_tmp_rsa_callback(ctx, cb) while(0) (cb)(NULL, 0, 0) +# define SSL_set_tmp_rsa_callback(ssl, cb) while(0) (cb)(NULL, 0, 0) +# endif +__owur const BIO_METHOD *BIO_f_ssl(void); +__owur BIO *BIO_new_ssl(SSL_CTX *ctx, int client); +__owur BIO *BIO_new_ssl_connect(SSL_CTX *ctx); +__owur BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx); +__owur int BIO_ssl_copy_session_id(BIO *to, BIO *from); +void BIO_ssl_shutdown(BIO *ssl_bio); + +__owur int SSL_CTX_set_cipher_list(SSL_CTX *, const char *str); +__owur SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth); +__owur SSL_CTX *SSL_CTX_new_with_libctx(OPENSSL_CTX *libctx, const char *propq, + const SSL_METHOD *meth); +int SSL_CTX_up_ref(SSL_CTX *ctx); +void SSL_CTX_free(SSL_CTX *); +__owur long SSL_CTX_set_timeout(SSL_CTX *ctx, long t); +__owur long SSL_CTX_get_timeout(const SSL_CTX *ctx); +__owur X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *); +void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *); +void SSL_CTX_set1_cert_store(SSL_CTX *, X509_STORE *); +__owur int SSL_want(const SSL *s); +__owur int SSL_clear(SSL *s); + +void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm); + +__owur const SSL_CIPHER *SSL_get_current_cipher(const SSL *s); +__owur const SSL_CIPHER *SSL_get_pending_cipher(const SSL *s); +__owur int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits); +__owur const char *SSL_CIPHER_get_version(const SSL_CIPHER *c); +__owur const char *SSL_CIPHER_get_name(const SSL_CIPHER *c); +__owur const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c); +__owur const char *OPENSSL_cipher_name(const char *rfc_name); +__owur uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c); +__owur uint16_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *c); +__owur int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c); +__owur int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c); +__owur const EVP_MD *SSL_CIPHER_get_handshake_digest(const SSL_CIPHER *c); +__owur int SSL_CIPHER_is_aead(const SSL_CIPHER *c); + +__owur int SSL_get_fd(const SSL *s); +__owur int SSL_get_rfd(const SSL *s); +__owur int SSL_get_wfd(const SSL *s); +__owur const char *SSL_get_cipher_list(const SSL *s, int n); +__owur char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size); +__owur int SSL_get_read_ahead(const SSL *s); +__owur int SSL_pending(const SSL *s); +__owur int SSL_has_pending(const SSL *s); +# ifndef OPENSSL_NO_SOCK +__owur int SSL_set_fd(SSL *s, int fd); +__owur int SSL_set_rfd(SSL *s, int fd); +__owur int SSL_set_wfd(SSL *s, int fd); +# endif +void SSL_set0_rbio(SSL *s, BIO *rbio); +void SSL_set0_wbio(SSL *s, BIO *wbio); +void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio); +__owur BIO *SSL_get_rbio(const SSL *s); +__owur BIO *SSL_get_wbio(const SSL *s); +__owur int SSL_set_cipher_list(SSL *s, const char *str); +__owur int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str); +__owur int SSL_set_ciphersuites(SSL *s, const char *str); +void SSL_set_read_ahead(SSL *s, int yes); +__owur int SSL_get_verify_mode(const SSL *s); +__owur int SSL_get_verify_depth(const SSL *s); +__owur SSL_verify_cb SSL_get_verify_callback(const SSL *s); +void SSL_set_verify(SSL *s, int mode, SSL_verify_cb callback); +void SSL_set_verify_depth(SSL *s, int depth); +void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg); +# ifndef OPENSSL_NO_RSA +__owur int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); +__owur int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const unsigned char *d, + long len); +# endif +__owur int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); +__owur int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d, + long len); +__owur int SSL_use_certificate(SSL *ssl, X509 *x); +__owur int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len); +__owur int SSL_use_cert_and_key(SSL *ssl, X509 *x509, EVP_PKEY *privatekey, + STACK_OF(X509) *chain, int override); + + +/* serverinfo file format versions */ +# define SSL_SERVERINFOV1 1 +# define SSL_SERVERINFOV2 2 + +/* Set serverinfo data for the current active cert. */ +__owur int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo, + size_t serverinfo_length); +__owur int SSL_CTX_use_serverinfo_ex(SSL_CTX *ctx, unsigned int version, + const unsigned char *serverinfo, + size_t serverinfo_length); +__owur int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file); + +#ifndef OPENSSL_NO_RSA +__owur int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); +#endif + +__owur int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type); +__owur int SSL_use_certificate_file(SSL *ssl, const char *file, int type); + +#ifndef OPENSSL_NO_RSA +__owur int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, + int type); +#endif +__owur int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, + int type); +__owur int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, + int type); +/* PEM type */ +__owur int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); +__owur int SSL_use_certificate_chain_file(SSL *ssl, const char *file); +__owur STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); +__owur int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, + const char *file); +int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, + const char *dir); +int SSL_add_store_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, + const char *uri); + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define SSL_load_error_strings() \ + OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS \ + | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL) +# endif + +__owur const char *SSL_state_string(const SSL *s); +__owur const char *SSL_rstate_string(const SSL *s); +__owur const char *SSL_state_string_long(const SSL *s); +__owur const char *SSL_rstate_string_long(const SSL *s); +__owur long SSL_SESSION_get_time(const SSL_SESSION *s); +__owur long SSL_SESSION_set_time(SSL_SESSION *s, long t); +__owur long SSL_SESSION_get_timeout(const SSL_SESSION *s); +__owur long SSL_SESSION_set_timeout(SSL_SESSION *s, long t); +__owur int SSL_SESSION_get_protocol_version(const SSL_SESSION *s); +__owur int SSL_SESSION_set_protocol_version(SSL_SESSION *s, int version); + +__owur const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s); +__owur int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname); +void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s, + const unsigned char **alpn, + size_t *len); +__owur int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s, + const unsigned char *alpn, + size_t len); +__owur const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *s); +__owur int SSL_SESSION_set_cipher(SSL_SESSION *s, const SSL_CIPHER *cipher); +__owur int SSL_SESSION_has_ticket(const SSL_SESSION *s); +__owur unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s); +void SSL_SESSION_get0_ticket(const SSL_SESSION *s, const unsigned char **tick, + size_t *len); +__owur uint32_t SSL_SESSION_get_max_early_data(const SSL_SESSION *s); +__owur int SSL_SESSION_set_max_early_data(SSL_SESSION *s, + uint32_t max_early_data); +__owur int SSL_copy_session_id(SSL *to, const SSL *from); +__owur X509 *SSL_SESSION_get0_peer(SSL_SESSION *s); +__owur int SSL_SESSION_set1_id_context(SSL_SESSION *s, + const unsigned char *sid_ctx, + unsigned int sid_ctx_len); +__owur int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid, + unsigned int sid_len); +__owur int SSL_SESSION_is_resumable(const SSL_SESSION *s); + +__owur SSL_SESSION *SSL_SESSION_new(void); +__owur SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src); +const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, + unsigned int *len); +const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s, + unsigned int *len); +__owur unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s); +# ifndef OPENSSL_NO_STDIO +int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses); +# endif +int SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses); +int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x); +int SSL_SESSION_up_ref(SSL_SESSION *ses); +void SSL_SESSION_free(SSL_SESSION *ses); +__owur int i2d_SSL_SESSION(const SSL_SESSION *in, unsigned char **pp); +__owur int SSL_set_session(SSL *to, SSL_SESSION *session); +int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *session); +int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *session); +__owur int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb); +__owur int SSL_set_generate_session_id(SSL *s, GEN_SESSION_CB cb); +__owur int SSL_has_matching_session_id(const SSL *s, + const unsigned char *id, + unsigned int id_len); +SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, + long length); + +# ifdef OPENSSL_X509_H +__owur X509 *SSL_get_peer_certificate(const SSL *s); +# endif + +__owur STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s); + +__owur int SSL_CTX_get_verify_mode(const SSL_CTX *ctx); +__owur int SSL_CTX_get_verify_depth(const SSL_CTX *ctx); +__owur SSL_verify_cb SSL_CTX_get_verify_callback(const SSL_CTX *ctx); +void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, SSL_verify_cb callback); +void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth); +void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, + int (*cb) (X509_STORE_CTX *, void *), + void *arg); +void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb) (SSL *ssl, void *arg), + void *arg); +# ifndef OPENSSL_NO_RSA +__owur int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); +__owur int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, + long len); +# endif +__owur int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); +__owur int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, + const unsigned char *d, long len); +__owur int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); +__owur int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, + const unsigned char *d); +__owur int SSL_CTX_use_cert_and_key(SSL_CTX *ctx, X509 *x509, EVP_PKEY *privatekey, + STACK_OF(X509) *chain, int override); + +void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb); +void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u); +pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx); +void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx); +void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb); +void SSL_set_default_passwd_cb_userdata(SSL *s, void *u); +pem_password_cb *SSL_get_default_passwd_cb(SSL *s); +void *SSL_get_default_passwd_cb_userdata(SSL *s); + +__owur int SSL_CTX_check_private_key(const SSL_CTX *ctx); +__owur int SSL_check_private_key(const SSL *ctx); + +__owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx, + const unsigned char *sid_ctx, + unsigned int sid_ctx_len); + +SSL *SSL_new(SSL_CTX *ctx); +int SSL_up_ref(SSL *s); +int SSL_is_dtls(const SSL *s); +__owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, + unsigned int sid_ctx_len); + +__owur int SSL_CTX_set_purpose(SSL_CTX *ctx, int purpose); +__owur int SSL_set_purpose(SSL *ssl, int purpose); +__owur int SSL_CTX_set_trust(SSL_CTX *ctx, int trust); +__owur int SSL_set_trust(SSL *ssl, int trust); + +__owur int SSL_set1_host(SSL *s, const char *hostname); +__owur int SSL_add1_host(SSL *s, const char *hostname); +__owur const char *SSL_get0_peername(SSL *s); +void SSL_set_hostflags(SSL *s, unsigned int flags); + +__owur int SSL_CTX_dane_enable(SSL_CTX *ctx); +__owur int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md, + uint8_t mtype, uint8_t ord); +__owur int SSL_dane_enable(SSL *s, const char *basedomain); +__owur int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector, + uint8_t mtype, unsigned const char *data, size_t dlen); +__owur int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki); +__owur int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector, + uint8_t *mtype, unsigned const char **data, + size_t *dlen); +/* + * Bridge opacity barrier between libcrypt and libssl, also needed to support + * offline testing in test/danetest.c + */ +SSL_DANE *SSL_get0_dane(SSL *ssl); +/* + * DANE flags + */ +unsigned long SSL_CTX_dane_set_flags(SSL_CTX *ctx, unsigned long flags); +unsigned long SSL_CTX_dane_clear_flags(SSL_CTX *ctx, unsigned long flags); +unsigned long SSL_dane_set_flags(SSL *ssl, unsigned long flags); +unsigned long SSL_dane_clear_flags(SSL *ssl, unsigned long flags); + +__owur int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm); +__owur int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm); + +__owur X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx); +__owur X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl); + +# ifndef OPENSSL_NO_SRP +int SSL_CTX_set_srp_username(SSL_CTX *ctx, char *name); +int SSL_CTX_set_srp_password(SSL_CTX *ctx, char *password); +int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength); +int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx, + char *(*cb) (SSL *, void *)); +int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx, + int (*cb) (SSL *, void *)); +int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx, + int (*cb) (SSL *, int *, void *)); +int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg); + +int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g, + BIGNUM *sa, BIGNUM *v, char *info); +int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass, + const char *grp); + +__owur BIGNUM *SSL_get_srp_g(SSL *s); +__owur BIGNUM *SSL_get_srp_N(SSL *s); + +__owur char *SSL_get_srp_username(SSL *s); +__owur char *SSL_get_srp_userinfo(SSL *s); +# endif + +/* + * ClientHello callback and helpers. + */ + +# define SSL_CLIENT_HELLO_SUCCESS 1 +# define SSL_CLIENT_HELLO_ERROR 0 +# define SSL_CLIENT_HELLO_RETRY (-1) + +typedef int (*SSL_client_hello_cb_fn) (SSL *s, int *al, void *arg); +void SSL_CTX_set_client_hello_cb(SSL_CTX *c, SSL_client_hello_cb_fn cb, + void *arg); +int SSL_client_hello_isv2(SSL *s); +unsigned int SSL_client_hello_get0_legacy_version(SSL *s); +size_t SSL_client_hello_get0_random(SSL *s, const unsigned char **out); +size_t SSL_client_hello_get0_session_id(SSL *s, const unsigned char **out); +size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out); +size_t SSL_client_hello_get0_compression_methods(SSL *s, + const unsigned char **out); +int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen); +int SSL_client_hello_get0_ext(SSL *s, unsigned int type, + const unsigned char **out, size_t *outlen); + +void SSL_certs_clear(SSL *s); +void SSL_free(SSL *ssl); +# ifdef OSSL_ASYNC_FD +/* + * Windows application developer has to include windows.h to use these. + */ +__owur int SSL_waiting_for_async(SSL *s); +__owur int SSL_get_all_async_fds(SSL *s, OSSL_ASYNC_FD *fds, size_t *numfds); +__owur int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd, + size_t *numaddfds, OSSL_ASYNC_FD *delfd, + size_t *numdelfds); +__owur int SSL_CTX_set_async_callback(SSL_CTX *ctx, SSL_async_callback_fn callback); +__owur int SSL_CTX_set_async_callback_arg(SSL_CTX *ctx, void *arg); +__owur int SSL_set_async_callback(SSL *s, SSL_async_callback_fn callback); +__owur int SSL_set_async_callback_arg(SSL *s, void *arg); +__owur int SSL_get_async_status(SSL *s, int *status); + +# endif +__owur int SSL_accept(SSL *ssl); +__owur int SSL_stateless(SSL *s); +__owur int SSL_connect(SSL *ssl); +__owur int SSL_read(SSL *ssl, void *buf, int num); +__owur int SSL_read_ex(SSL *ssl, void *buf, size_t num, size_t *readbytes); + +# define SSL_READ_EARLY_DATA_ERROR 0 +# define SSL_READ_EARLY_DATA_SUCCESS 1 +# define SSL_READ_EARLY_DATA_FINISH 2 + +__owur int SSL_read_early_data(SSL *s, void *buf, size_t num, + size_t *readbytes); +__owur int SSL_peek(SSL *ssl, void *buf, int num); +__owur int SSL_peek_ex(SSL *ssl, void *buf, size_t num, size_t *readbytes); +__owur ossl_ssize_t SSL_sendfile(SSL *s, int fd, off_t offset, size_t size, + int flags); +__owur int SSL_write(SSL *ssl, const void *buf, int num); +__owur int SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *written); +__owur int SSL_write_early_data(SSL *s, const void *buf, size_t num, + size_t *written); +long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg); +long SSL_callback_ctrl(SSL *, int, void (*)(void)); +long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg); +long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void)); + +# define SSL_EARLY_DATA_NOT_SENT 0 +# define SSL_EARLY_DATA_REJECTED 1 +# define SSL_EARLY_DATA_ACCEPTED 2 + +__owur int SSL_get_early_data_status(const SSL *s); + +__owur int SSL_get_error(const SSL *s, int ret_code); +__owur const char *SSL_get_version(const SSL *s); + +/* This sets the 'default' SSL version that SSL_new() will create */ +__owur int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth); + +# ifndef OPENSSL_NO_SSL3_METHOD +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_method(void)) /* SSLv3 */ +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_server_method(void)) +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_client_method(void)) +# endif + +#define SSLv23_method TLS_method +#define SSLv23_server_method TLS_server_method +#define SSLv23_client_method TLS_client_method + +/* Negotiate highest available SSL/TLS version */ +__owur const SSL_METHOD *TLS_method(void); +__owur const SSL_METHOD *TLS_server_method(void); +__owur const SSL_METHOD *TLS_client_method(void); + +# ifndef OPENSSL_NO_TLS1_METHOD +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_method(void)) /* TLSv1.0 */ +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_server_method(void)) +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_client_method(void)) +# endif + +# ifndef OPENSSL_NO_TLS1_1_METHOD +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_method(void)) /* TLSv1.1 */ +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_server_method(void)) +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_client_method(void)) +# endif + +# ifndef OPENSSL_NO_TLS1_2_METHOD +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_method(void)) /* TLSv1.2 */ +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_server_method(void)) +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_client_method(void)) +# endif + +# ifndef OPENSSL_NO_DTLS1_METHOD +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_method(void)) /* DTLSv1.0 */ +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_server_method(void)) +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_client_method(void)) +# endif + +# ifndef OPENSSL_NO_DTLS1_2_METHOD +/* DTLSv1.2 */ +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_method(void)) +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_server_method(void)) +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_client_method(void)) +# endif + +__owur const SSL_METHOD *DTLS_method(void); /* DTLS 1.0 and 1.2 */ +__owur const SSL_METHOD *DTLS_server_method(void); /* DTLS 1.0 and 1.2 */ +__owur const SSL_METHOD *DTLS_client_method(void); /* DTLS 1.0 and 1.2 */ + +__owur size_t DTLS_get_data_mtu(const SSL *s); + +__owur STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s); +__owur STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx); +__owur STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s); +__owur STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s); + +__owur int SSL_do_handshake(SSL *s); +int SSL_key_update(SSL *s, int updatetype); +int SSL_get_key_update_type(const SSL *s); +int SSL_renegotiate(SSL *s); +int SSL_renegotiate_abbreviated(SSL *s); +__owur int SSL_renegotiate_pending(const SSL *s); +int SSL_shutdown(SSL *s); +__owur int SSL_verify_client_post_handshake(SSL *s); +void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val); +void SSL_set_post_handshake_auth(SSL *s, int val); + +__owur const SSL_METHOD *SSL_CTX_get_ssl_method(const SSL_CTX *ctx); +__owur const SSL_METHOD *SSL_get_ssl_method(const SSL *s); +__owur int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method); +__owur const char *SSL_alert_type_string_long(int value); +__owur const char *SSL_alert_type_string(int value); +__owur const char *SSL_alert_desc_string_long(int value); +__owur const char *SSL_alert_desc_string(int value); + +void SSL_set0_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list); +void SSL_CTX_set0_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); +__owur const STACK_OF(X509_NAME) *SSL_get0_CA_list(const SSL *s); +__owur const STACK_OF(X509_NAME) *SSL_CTX_get0_CA_list(const SSL_CTX *ctx); +__owur int SSL_add1_to_CA_list(SSL *ssl, const X509 *x); +__owur int SSL_CTX_add1_to_CA_list(SSL_CTX *ctx, const X509 *x); +__owur const STACK_OF(X509_NAME) *SSL_get0_peer_CA_list(const SSL *s); + +void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list); +void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); +__owur STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s); +__owur STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s); +__owur int SSL_add_client_CA(SSL *ssl, X509 *x); +__owur int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x); + +void SSL_set_connect_state(SSL *s); +void SSL_set_accept_state(SSL *s); + +__owur long SSL_get_default_timeout(const SSL *s); + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define SSL_library_init() OPENSSL_init_ssl(0, NULL) +# endif + +__owur char *SSL_CIPHER_description(const SSL_CIPHER *, char *buf, int size); +__owur STACK_OF(X509_NAME) *SSL_dup_CA_list(const STACK_OF(X509_NAME) *sk); + +__owur SSL *SSL_dup(SSL *ssl); + +__owur X509 *SSL_get_certificate(const SSL *ssl); +/* + * EVP_PKEY + */ +struct evp_pkey_st *SSL_get_privatekey(const SSL *ssl); + +__owur X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx); +__owur EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx); + +void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode); +__owur int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx); +void SSL_set_quiet_shutdown(SSL *ssl, int mode); +__owur int SSL_get_quiet_shutdown(const SSL *ssl); +void SSL_set_shutdown(SSL *ssl, int mode); +__owur int SSL_get_shutdown(const SSL *ssl); +__owur int SSL_version(const SSL *ssl); +__owur int SSL_client_version(const SSL *s); +__owur int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); +__owur int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx); +__owur int SSL_CTX_set_default_verify_file(SSL_CTX *ctx); +__owur int SSL_CTX_set_default_verify_store(SSL_CTX *ctx); +__owur int SSL_CTX_load_verify_file(SSL_CTX *ctx, const char *CAfile); +__owur int SSL_CTX_load_verify_dir(SSL_CTX *ctx, const char *CApath); +__owur int SSL_CTX_load_verify_store(SSL_CTX *ctx, const char *CAstore); +DEPRECATEDIN_3_0(__owur int SSL_CTX_load_verify_locations(SSL_CTX *ctx, + const char *CAfile, + const char *CApath)) +# define SSL_get0_session SSL_get_session/* just peek at pointer */ +__owur SSL_SESSION *SSL_get_session(const SSL *ssl); +__owur SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */ +__owur SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); +SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx); +void SSL_set_info_callback(SSL *ssl, + void (*cb) (const SSL *ssl, int type, int val)); +void (*SSL_get_info_callback(const SSL *ssl)) (const SSL *ssl, int type, + int val); +__owur OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl); + +void SSL_set_verify_result(SSL *ssl, long v); +__owur long SSL_get_verify_result(const SSL *ssl); +__owur STACK_OF(X509) *SSL_get0_verified_chain(const SSL *s); + +__owur size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, + size_t outlen); +__owur size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, + size_t outlen); +__owur size_t SSL_SESSION_get_master_key(const SSL_SESSION *sess, + unsigned char *out, size_t outlen); +__owur int SSL_SESSION_set1_master_key(SSL_SESSION *sess, + const unsigned char *in, size_t len); +uint8_t SSL_SESSION_get_max_fragment_length(const SSL_SESSION *sess); + +#define SSL_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, l, p, newf, dupf, freef) +__owur int SSL_set_ex_data(SSL *ssl, int idx, void *data); +void *SSL_get_ex_data(const SSL *ssl, int idx); +#define SSL_SESSION_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, l, p, newf, dupf, freef) +__owur int SSL_SESSION_set_ex_data(SSL_SESSION *ss, int idx, void *data); +void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss, int idx); +#define SSL_CTX_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, l, p, newf, dupf, freef) +__owur int SSL_CTX_set_ex_data(SSL_CTX *ssl, int idx, void *data); +void *SSL_CTX_get_ex_data(const SSL_CTX *ssl, int idx); + +__owur int SSL_get_ex_data_X509_STORE_CTX_idx(void); + +# define SSL_CTX_sess_set_cache_size(ctx,t) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL) +# define SSL_CTX_sess_get_cache_size(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL) +# define SSL_CTX_set_session_cache_mode(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL) +# define SSL_CTX_get_session_cache_mode(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL) + +# define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx) +# define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m) +# define SSL_CTX_get_read_ahead(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL) +# define SSL_CTX_set_read_ahead(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL) +# define SSL_CTX_get_max_cert_list(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL) +# define SSL_CTX_set_max_cert_list(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL) +# define SSL_get_max_cert_list(ssl) \ + SSL_ctrl(ssl,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL) +# define SSL_set_max_cert_list(ssl,m) \ + SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL) + +# define SSL_CTX_set_max_send_fragment(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) +# define SSL_set_max_send_fragment(ssl,m) \ + SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) +# define SSL_CTX_set_split_send_fragment(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SPLIT_SEND_FRAGMENT,m,NULL) +# define SSL_set_split_send_fragment(ssl,m) \ + SSL_ctrl(ssl,SSL_CTRL_SET_SPLIT_SEND_FRAGMENT,m,NULL) +# define SSL_CTX_set_max_pipelines(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_PIPELINES,m,NULL) +# define SSL_set_max_pipelines(ssl,m) \ + SSL_ctrl(ssl,SSL_CTRL_SET_MAX_PIPELINES,m,NULL) + +void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len); +void SSL_set_default_read_buffer_len(SSL *s, size_t len); + +# ifndef OPENSSL_NO_DH +/* NB: the |keylength| is only applicable when is_export is true */ +void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, + DH *(*dh) (SSL *ssl, int is_export, + int keylength)); +void SSL_set_tmp_dh_callback(SSL *ssl, + DH *(*dh) (SSL *ssl, int is_export, + int keylength)); +# endif + +__owur const COMP_METHOD *SSL_get_current_compression(const SSL *s); +__owur const COMP_METHOD *SSL_get_current_expansion(const SSL *s); +__owur const char *SSL_COMP_get_name(const COMP_METHOD *comp); +__owur const char *SSL_COMP_get0_name(const SSL_COMP *comp); +__owur int SSL_COMP_get_id(const SSL_COMP *comp); +STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); +__owur STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP) + *meths); +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define SSL_COMP_free_compression_methods() while(0) continue +# endif +__owur int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm); + +const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr); +int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c); +int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c); +int SSL_bytes_to_cipher_list(SSL *s, const unsigned char *bytes, size_t len, + int isv2format, STACK_OF(SSL_CIPHER) **sk, + STACK_OF(SSL_CIPHER) **scsvs); + +/* TLS extensions functions */ +__owur int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len); + +__owur int SSL_set_session_ticket_ext_cb(SSL *s, + tls_session_ticket_ext_cb_fn cb, + void *arg); + +/* Pre-shared secret session resumption functions */ +__owur int SSL_set_session_secret_cb(SSL *s, + tls_session_secret_cb_fn session_secret_cb, + void *arg); + +void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx, + int (*cb) (SSL *ssl, + int + is_forward_secure)); + +void SSL_set_not_resumable_session_callback(SSL *ssl, + int (*cb) (SSL *ssl, + int is_forward_secure)); + +void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx, + size_t (*cb) (SSL *ssl, int type, + size_t len, void *arg)); +void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg); +void *SSL_CTX_get_record_padding_callback_arg(const SSL_CTX *ctx); +int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size); + +void SSL_set_record_padding_callback(SSL *ssl, + size_t (*cb) (SSL *ssl, int type, + size_t len, void *arg)); +void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg); +void *SSL_get_record_padding_callback_arg(const SSL *ssl); +int SSL_set_block_padding(SSL *ssl, size_t block_size); + +int SSL_set_num_tickets(SSL *s, size_t num_tickets); +size_t SSL_get_num_tickets(const SSL *s); +int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets); +size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx); + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define SSL_cache_hit(s) SSL_session_reused(s) +# endif + +__owur int SSL_session_reused(const SSL *s); +__owur int SSL_is_server(const SSL *s); + +__owur __owur SSL_CONF_CTX *SSL_CONF_CTX_new(void); +int SSL_CONF_CTX_finish(SSL_CONF_CTX *cctx); +void SSL_CONF_CTX_free(SSL_CONF_CTX *cctx); +unsigned int SSL_CONF_CTX_set_flags(SSL_CONF_CTX *cctx, unsigned int flags); +__owur unsigned int SSL_CONF_CTX_clear_flags(SSL_CONF_CTX *cctx, + unsigned int flags); +__owur int SSL_CONF_CTX_set1_prefix(SSL_CONF_CTX *cctx, const char *pre); + +void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl); +void SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *cctx, SSL_CTX *ctx); + +__owur int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value); +__owur int SSL_CONF_cmd_argv(SSL_CONF_CTX *cctx, int *pargc, char ***pargv); +__owur int SSL_CONF_cmd_value_type(SSL_CONF_CTX *cctx, const char *cmd); + +void SSL_add_ssl_module(void); +int SSL_config(SSL *s, const char *name); +int SSL_CTX_config(SSL_CTX *ctx, const char *name); + +# ifndef OPENSSL_NO_SSL_TRACE +void SSL_trace(int write_p, int version, int content_type, + const void *buf, size_t len, SSL *ssl, void *arg); +# endif + +# ifndef OPENSSL_NO_SOCK +int DTLSv1_listen(SSL *s, BIO_ADDR *client); +# endif + +# ifndef OPENSSL_NO_CT + +/* + * A callback for verifying that the received SCTs are sufficient. + * Expected to return 1 if they are sufficient, otherwise 0. + * May return a negative integer if an error occurs. + * A connection should be aborted if the SCTs are deemed insufficient. + */ +typedef int (*ssl_ct_validation_cb)(const CT_POLICY_EVAL_CTX *ctx, + const STACK_OF(SCT) *scts, void *arg); + +/* + * Sets a |callback| that is invoked upon receipt of ServerHelloDone to validate + * the received SCTs. + * If the callback returns a non-positive result, the connection is terminated. + * Call this function before beginning a handshake. + * If a NULL |callback| is provided, SCT validation is disabled. + * |arg| is arbitrary userdata that will be passed to the callback whenever it + * is invoked. Ownership of |arg| remains with the caller. + * + * NOTE: A side-effect of setting a CT callback is that an OCSP stapled response + * will be requested. + */ +int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback, + void *arg); +int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx, + ssl_ct_validation_cb callback, + void *arg); +#define SSL_disable_ct(s) \ + ((void) SSL_set_validation_callback((s), NULL, NULL)) +#define SSL_CTX_disable_ct(ctx) \ + ((void) SSL_CTX_set_validation_callback((ctx), NULL, NULL)) + +/* + * The validation type enumerates the available behaviours of the built-in SSL + * CT validation callback selected via SSL_enable_ct() and SSL_CTX_enable_ct(). + * The underlying callback is a static function in libssl. + */ +enum { + SSL_CT_VALIDATION_PERMISSIVE = 0, + SSL_CT_VALIDATION_STRICT +}; + +/* + * Enable CT by setting up a callback that implements one of the built-in + * validation variants. The SSL_CT_VALIDATION_PERMISSIVE variant always + * continues the handshake, the application can make appropriate decisions at + * handshake completion. The SSL_CT_VALIDATION_STRICT variant requires at + * least one valid SCT, or else handshake termination will be requested. The + * handshake may continue anyway if SSL_VERIFY_NONE is in effect. + */ +int SSL_enable_ct(SSL *s, int validation_mode); +int SSL_CTX_enable_ct(SSL_CTX *ctx, int validation_mode); + +/* + * Report whether a non-NULL callback is enabled. + */ +int SSL_ct_is_enabled(const SSL *s); +int SSL_CTX_ct_is_enabled(const SSL_CTX *ctx); + +/* Gets the SCTs received from a connection */ +const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s); + +/* + * Loads the CT log list from the default location. + * If a CTLOG_STORE has previously been set using SSL_CTX_set_ctlog_store, + * the log information loaded from this file will be appended to the + * CTLOG_STORE. + * Returns 1 on success, 0 otherwise. + */ +int SSL_CTX_set_default_ctlog_list_file(SSL_CTX *ctx); + +/* + * Loads the CT log list from the specified file path. + * If a CTLOG_STORE has previously been set using SSL_CTX_set_ctlog_store, + * the log information loaded from this file will be appended to the + * CTLOG_STORE. + * Returns 1 on success, 0 otherwise. + */ +int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path); + +/* + * Sets the CT log list used by all SSL connections created from this SSL_CTX. + * Ownership of the CTLOG_STORE is transferred to the SSL_CTX. + */ +void SSL_CTX_set0_ctlog_store(SSL_CTX *ctx, CTLOG_STORE *logs); + +/* + * Gets the CT log list used by all SSL connections created from this SSL_CTX. + * This will be NULL unless one of the following functions has been called: + * - SSL_CTX_set_default_ctlog_list_file + * - SSL_CTX_set_ctlog_list_file + * - SSL_CTX_set_ctlog_store + */ +const CTLOG_STORE *SSL_CTX_get0_ctlog_store(const SSL_CTX *ctx); + +# endif /* OPENSSL_NO_CT */ + +/* What the "other" parameter contains in security callback */ +/* Mask for type */ +# define SSL_SECOP_OTHER_TYPE 0xffff0000 +# define SSL_SECOP_OTHER_NONE 0 +# define SSL_SECOP_OTHER_CIPHER (1 << 16) +# define SSL_SECOP_OTHER_CURVE (2 << 16) +# define SSL_SECOP_OTHER_DH (3 << 16) +# define SSL_SECOP_OTHER_PKEY (4 << 16) +# define SSL_SECOP_OTHER_SIGALG (5 << 16) +# define SSL_SECOP_OTHER_CERT (6 << 16) + +/* Indicated operation refers to peer key or certificate */ +# define SSL_SECOP_PEER 0x1000 + +/* Values for "op" parameter in security callback */ + +/* Called to filter ciphers */ +/* Ciphers client supports */ +# define SSL_SECOP_CIPHER_SUPPORTED (1 | SSL_SECOP_OTHER_CIPHER) +/* Cipher shared by client/server */ +# define SSL_SECOP_CIPHER_SHARED (2 | SSL_SECOP_OTHER_CIPHER) +/* Sanity check of cipher server selects */ +# define SSL_SECOP_CIPHER_CHECK (3 | SSL_SECOP_OTHER_CIPHER) +/* Curves supported by client */ +# define SSL_SECOP_CURVE_SUPPORTED (4 | SSL_SECOP_OTHER_CURVE) +/* Curves shared by client/server */ +# define SSL_SECOP_CURVE_SHARED (5 | SSL_SECOP_OTHER_CURVE) +/* Sanity check of curve server selects */ +# define SSL_SECOP_CURVE_CHECK (6 | SSL_SECOP_OTHER_CURVE) +/* Temporary DH key */ +# define SSL_SECOP_TMP_DH (7 | SSL_SECOP_OTHER_PKEY) +/* SSL/TLS version */ +# define SSL_SECOP_VERSION (9 | SSL_SECOP_OTHER_NONE) +/* Session tickets */ +# define SSL_SECOP_TICKET (10 | SSL_SECOP_OTHER_NONE) +/* Supported signature algorithms sent to peer */ +# define SSL_SECOP_SIGALG_SUPPORTED (11 | SSL_SECOP_OTHER_SIGALG) +/* Shared signature algorithm */ +# define SSL_SECOP_SIGALG_SHARED (12 | SSL_SECOP_OTHER_SIGALG) +/* Sanity check signature algorithm allowed */ +# define SSL_SECOP_SIGALG_CHECK (13 | SSL_SECOP_OTHER_SIGALG) +/* Used to get mask of supported public key signature algorithms */ +# define SSL_SECOP_SIGALG_MASK (14 | SSL_SECOP_OTHER_SIGALG) +/* Use to see if compression is allowed */ +# define SSL_SECOP_COMPRESSION (15 | SSL_SECOP_OTHER_NONE) +/* EE key in certificate */ +# define SSL_SECOP_EE_KEY (16 | SSL_SECOP_OTHER_CERT) +/* CA key in certificate */ +# define SSL_SECOP_CA_KEY (17 | SSL_SECOP_OTHER_CERT) +/* CA digest algorithm in certificate */ +# define SSL_SECOP_CA_MD (18 | SSL_SECOP_OTHER_CERT) +/* Peer EE key in certificate */ +# define SSL_SECOP_PEER_EE_KEY (SSL_SECOP_EE_KEY | SSL_SECOP_PEER) +/* Peer CA key in certificate */ +# define SSL_SECOP_PEER_CA_KEY (SSL_SECOP_CA_KEY | SSL_SECOP_PEER) +/* Peer CA digest algorithm in certificate */ +# define SSL_SECOP_PEER_CA_MD (SSL_SECOP_CA_MD | SSL_SECOP_PEER) + +void SSL_set_security_level(SSL *s, int level); +__owur int SSL_get_security_level(const SSL *s); +void SSL_set_security_callback(SSL *s, + int (*cb) (const SSL *s, const SSL_CTX *ctx, + int op, int bits, int nid, + void *other, void *ex)); +int (*SSL_get_security_callback(const SSL *s)) (const SSL *s, + const SSL_CTX *ctx, int op, + int bits, int nid, void *other, + void *ex); +void SSL_set0_security_ex_data(SSL *s, void *ex); +__owur void *SSL_get0_security_ex_data(const SSL *s); + +void SSL_CTX_set_security_level(SSL_CTX *ctx, int level); +__owur int SSL_CTX_get_security_level(const SSL_CTX *ctx); +void SSL_CTX_set_security_callback(SSL_CTX *ctx, + int (*cb) (const SSL *s, const SSL_CTX *ctx, + int op, int bits, int nid, + void *other, void *ex)); +int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx)) (const SSL *s, + const SSL_CTX *ctx, + int op, int bits, + int nid, + void *other, + void *ex); +void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex); +__owur void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx); + +/* OPENSSL_INIT flag 0x010000 reserved for internal use */ +# define OPENSSL_INIT_NO_LOAD_SSL_STRINGS 0x00100000L +# define OPENSSL_INIT_LOAD_SSL_STRINGS 0x00200000L + +# define OPENSSL_INIT_SSL_DEFAULT \ + (OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS) + +int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); + +# ifndef OPENSSL_NO_UNIT_TEST +__owur const struct openssl_ssl_test_functions *SSL_test_functions(void); +# endif + +__owur int SSL_free_buffers(SSL *ssl); +__owur int SSL_alloc_buffers(SSL *ssl); + +/* Status codes passed to the decrypt session ticket callback. Some of these + * are for internal use only and are never passed to the callback. */ +typedef int SSL_TICKET_STATUS; + +/* Support for ticket appdata */ +/* fatal error, malloc failure */ +# define SSL_TICKET_FATAL_ERR_MALLOC 0 +/* fatal error, either from parsing or decrypting the ticket */ +# define SSL_TICKET_FATAL_ERR_OTHER 1 +/* No ticket present */ +# define SSL_TICKET_NONE 2 +/* Empty ticket present */ +# define SSL_TICKET_EMPTY 3 +/* the ticket couldn't be decrypted */ +# define SSL_TICKET_NO_DECRYPT 4 +/* a ticket was successfully decrypted */ +# define SSL_TICKET_SUCCESS 5 +/* same as above but the ticket needs to be renewed */ +# define SSL_TICKET_SUCCESS_RENEW 6 + +/* Return codes for the decrypt session ticket callback */ +typedef int SSL_TICKET_RETURN; + +/* An error occurred */ +#define SSL_TICKET_RETURN_ABORT 0 +/* Do not use the ticket, do not send a renewed ticket to the client */ +#define SSL_TICKET_RETURN_IGNORE 1 +/* Do not use the ticket, send a renewed ticket to the client */ +#define SSL_TICKET_RETURN_IGNORE_RENEW 2 +/* Use the ticket, do not send a renewed ticket to the client */ +#define SSL_TICKET_RETURN_USE 3 +/* Use the ticket, send a renewed ticket to the client */ +#define SSL_TICKET_RETURN_USE_RENEW 4 + +typedef int (*SSL_CTX_generate_session_ticket_fn)(SSL *s, void *arg); +typedef SSL_TICKET_RETURN (*SSL_CTX_decrypt_session_ticket_fn)(SSL *s, SSL_SESSION *ss, + const unsigned char *keyname, + size_t keyname_length, + SSL_TICKET_STATUS status, + void *arg); +int SSL_CTX_set_session_ticket_cb(SSL_CTX *ctx, + SSL_CTX_generate_session_ticket_fn gen_cb, + SSL_CTX_decrypt_session_ticket_fn dec_cb, + void *arg); +int SSL_SESSION_set1_ticket_appdata(SSL_SESSION *ss, const void *data, size_t len); +int SSL_SESSION_get0_ticket_appdata(SSL_SESSION *ss, void **data, size_t *len); + +typedef unsigned int (*DTLS_timer_cb)(SSL *s, unsigned int timer_us); + +void DTLS_set_timer_cb(SSL *s, DTLS_timer_cb cb); + + +typedef int (*SSL_allow_early_data_cb_fn)(SSL *s, void *arg); +void SSL_CTX_set_allow_early_data_cb(SSL_CTX *ctx, + SSL_allow_early_data_cb_fn cb, + void *arg); +void SSL_set_allow_early_data_cb(SSL *s, + SSL_allow_early_data_cb_fn cb, + void *arg); + +/* store the default cipher strings inside the library */ +const char *OSSL_default_cipher_list(void); +const char *OSSL_default_ciphersuites(void); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/linux_amd64/ssl/include/openssl/ssl2.h b/linux_amd64/ssl/include/openssl/ssl2.h new file mode 100644 index 0000000..428ead0 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/ssl2.h @@ -0,0 +1,30 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_SSL2_H +# define OPENSSL_SSL2_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_SSL2_H +# endif + +#ifdef __cplusplus +extern "C" { +#endif + +# define SSL2_VERSION 0x0002 + +# define SSL2_MT_CLIENT_HELLO 1 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/linux_amd64/ssl/include/openssl/ssl3.h b/linux_amd64/ssl/include/openssl/ssl3.h new file mode 100644 index 0000000..efef3cc --- /dev/null +++ b/linux_amd64/ssl/include/openssl/ssl3.h @@ -0,0 +1,344 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_SSL3_H +# define OPENSSL_SSL3_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_SSL3_H +# endif + +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * Signalling cipher suite value from RFC 5746 + * (TLS_EMPTY_RENEGOTIATION_INFO_SCSV) + */ +# define SSL3_CK_SCSV 0x030000FF + +/* + * Signalling cipher suite value from draft-ietf-tls-downgrade-scsv-00 + * (TLS_FALLBACK_SCSV) + */ +# define SSL3_CK_FALLBACK_SCSV 0x03005600 + +# define SSL3_CK_RSA_NULL_MD5 0x03000001 +# define SSL3_CK_RSA_NULL_SHA 0x03000002 +# define SSL3_CK_RSA_RC4_40_MD5 0x03000003 +# define SSL3_CK_RSA_RC4_128_MD5 0x03000004 +# define SSL3_CK_RSA_RC4_128_SHA 0x03000005 +# define SSL3_CK_RSA_RC2_40_MD5 0x03000006 +# define SSL3_CK_RSA_IDEA_128_SHA 0x03000007 +# define SSL3_CK_RSA_DES_40_CBC_SHA 0x03000008 +# define SSL3_CK_RSA_DES_64_CBC_SHA 0x03000009 +# define SSL3_CK_RSA_DES_192_CBC3_SHA 0x0300000A + +# define SSL3_CK_DH_DSS_DES_40_CBC_SHA 0x0300000B +# define SSL3_CK_DH_DSS_DES_64_CBC_SHA 0x0300000C +# define SSL3_CK_DH_DSS_DES_192_CBC3_SHA 0x0300000D +# define SSL3_CK_DH_RSA_DES_40_CBC_SHA 0x0300000E +# define SSL3_CK_DH_RSA_DES_64_CBC_SHA 0x0300000F +# define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 0x03000010 + +# define SSL3_CK_DHE_DSS_DES_40_CBC_SHA 0x03000011 +# define SSL3_CK_EDH_DSS_DES_40_CBC_SHA SSL3_CK_DHE_DSS_DES_40_CBC_SHA +# define SSL3_CK_DHE_DSS_DES_64_CBC_SHA 0x03000012 +# define SSL3_CK_EDH_DSS_DES_64_CBC_SHA SSL3_CK_DHE_DSS_DES_64_CBC_SHA +# define SSL3_CK_DHE_DSS_DES_192_CBC3_SHA 0x03000013 +# define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA SSL3_CK_DHE_DSS_DES_192_CBC3_SHA +# define SSL3_CK_DHE_RSA_DES_40_CBC_SHA 0x03000014 +# define SSL3_CK_EDH_RSA_DES_40_CBC_SHA SSL3_CK_DHE_RSA_DES_40_CBC_SHA +# define SSL3_CK_DHE_RSA_DES_64_CBC_SHA 0x03000015 +# define SSL3_CK_EDH_RSA_DES_64_CBC_SHA SSL3_CK_DHE_RSA_DES_64_CBC_SHA +# define SSL3_CK_DHE_RSA_DES_192_CBC3_SHA 0x03000016 +# define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA SSL3_CK_DHE_RSA_DES_192_CBC3_SHA + +# define SSL3_CK_ADH_RC4_40_MD5 0x03000017 +# define SSL3_CK_ADH_RC4_128_MD5 0x03000018 +# define SSL3_CK_ADH_DES_40_CBC_SHA 0x03000019 +# define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A +# define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B + +/* a bundle of RFC standard cipher names, generated from ssl3_ciphers[] */ +# define SSL3_RFC_RSA_NULL_MD5 "TLS_RSA_WITH_NULL_MD5" +# define SSL3_RFC_RSA_NULL_SHA "TLS_RSA_WITH_NULL_SHA" +# define SSL3_RFC_RSA_DES_192_CBC3_SHA "TLS_RSA_WITH_3DES_EDE_CBC_SHA" +# define SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" +# define SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" +# define SSL3_RFC_ADH_DES_192_CBC_SHA "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA" +# define SSL3_RFC_RSA_IDEA_128_SHA "TLS_RSA_WITH_IDEA_CBC_SHA" +# define SSL3_RFC_RSA_RC4_128_MD5 "TLS_RSA_WITH_RC4_128_MD5" +# define SSL3_RFC_RSA_RC4_128_SHA "TLS_RSA_WITH_RC4_128_SHA" +# define SSL3_RFC_ADH_RC4_128_MD5 "TLS_DH_anon_WITH_RC4_128_MD5" + +# define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5" +# define SSL3_TXT_RSA_NULL_SHA "NULL-SHA" +# define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5" +# define SSL3_TXT_RSA_RC4_128_MD5 "RC4-MD5" +# define SSL3_TXT_RSA_RC4_128_SHA "RC4-SHA" +# define SSL3_TXT_RSA_RC2_40_MD5 "EXP-RC2-CBC-MD5" +# define SSL3_TXT_RSA_IDEA_128_SHA "IDEA-CBC-SHA" +# define SSL3_TXT_RSA_DES_40_CBC_SHA "EXP-DES-CBC-SHA" +# define SSL3_TXT_RSA_DES_64_CBC_SHA "DES-CBC-SHA" +# define SSL3_TXT_RSA_DES_192_CBC3_SHA "DES-CBC3-SHA" + +# define SSL3_TXT_DH_DSS_DES_40_CBC_SHA "EXP-DH-DSS-DES-CBC-SHA" +# define SSL3_TXT_DH_DSS_DES_64_CBC_SHA "DH-DSS-DES-CBC-SHA" +# define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA "DH-DSS-DES-CBC3-SHA" +# define SSL3_TXT_DH_RSA_DES_40_CBC_SHA "EXP-DH-RSA-DES-CBC-SHA" +# define SSL3_TXT_DH_RSA_DES_64_CBC_SHA "DH-RSA-DES-CBC-SHA" +# define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA "DH-RSA-DES-CBC3-SHA" + +# define SSL3_TXT_DHE_DSS_DES_40_CBC_SHA "EXP-DHE-DSS-DES-CBC-SHA" +# define SSL3_TXT_DHE_DSS_DES_64_CBC_SHA "DHE-DSS-DES-CBC-SHA" +# define SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA "DHE-DSS-DES-CBC3-SHA" +# define SSL3_TXT_DHE_RSA_DES_40_CBC_SHA "EXP-DHE-RSA-DES-CBC-SHA" +# define SSL3_TXT_DHE_RSA_DES_64_CBC_SHA "DHE-RSA-DES-CBC-SHA" +# define SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA "DHE-RSA-DES-CBC3-SHA" + +/* + * This next block of six "EDH" labels is for backward compatibility with + * older versions of OpenSSL. New code should use the six "DHE" labels above + * instead: + */ +# define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA "EXP-EDH-DSS-DES-CBC-SHA" +# define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA "EDH-DSS-DES-CBC-SHA" +# define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA "EDH-DSS-DES-CBC3-SHA" +# define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA "EXP-EDH-RSA-DES-CBC-SHA" +# define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA "EDH-RSA-DES-CBC-SHA" +# define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA "EDH-RSA-DES-CBC3-SHA" + +# define SSL3_TXT_ADH_RC4_40_MD5 "EXP-ADH-RC4-MD5" +# define SSL3_TXT_ADH_RC4_128_MD5 "ADH-RC4-MD5" +# define SSL3_TXT_ADH_DES_40_CBC_SHA "EXP-ADH-DES-CBC-SHA" +# define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA" +# define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA" + +# define SSL3_SSL_SESSION_ID_LENGTH 32 +# define SSL3_MAX_SSL_SESSION_ID_LENGTH 32 + +# define SSL3_MASTER_SECRET_SIZE 48 +# define SSL3_RANDOM_SIZE 32 +# define SSL3_SESSION_ID_SIZE 32 +# define SSL3_RT_HEADER_LENGTH 5 + +# define SSL3_HM_HEADER_LENGTH 4 + +# ifndef SSL3_ALIGN_PAYLOAD + /* + * Some will argue that this increases memory footprint, but it's not + * actually true. Point is that malloc has to return at least 64-bit aligned + * pointers, meaning that allocating 5 bytes wastes 3 bytes in either case. + * Suggested pre-gaping simply moves these wasted bytes from the end of + * allocated region to its front, but makes data payload aligned, which + * improves performance:-) + */ +# define SSL3_ALIGN_PAYLOAD 8 +# else +# if (SSL3_ALIGN_PAYLOAD&(SSL3_ALIGN_PAYLOAD-1))!=0 +# error "insane SSL3_ALIGN_PAYLOAD" +# undef SSL3_ALIGN_PAYLOAD +# endif +# endif + +/* + * This is the maximum MAC (digest) size used by the SSL library. Currently + * maximum of 20 is used by SHA1, but we reserve for future extension for + * 512-bit hashes. + */ + +# define SSL3_RT_MAX_MD_SIZE 64 + +/* + * Maximum block size used in all ciphersuites. Currently 16 for AES. + */ + +# define SSL_RT_MAX_CIPHER_BLOCK_SIZE 16 + +# define SSL3_RT_MAX_EXTRA (16384) + +/* Maximum plaintext length: defined by SSL/TLS standards */ +# define SSL3_RT_MAX_PLAIN_LENGTH 16384 +/* Maximum compression overhead: defined by SSL/TLS standards */ +# define SSL3_RT_MAX_COMPRESSED_OVERHEAD 1024 + +/* + * The standards give a maximum encryption overhead of 1024 bytes. In + * practice the value is lower than this. The overhead is the maximum number + * of padding bytes (256) plus the mac size. + */ +# define SSL3_RT_MAX_ENCRYPTED_OVERHEAD (256 + SSL3_RT_MAX_MD_SIZE) +# define SSL3_RT_MAX_TLS13_ENCRYPTED_OVERHEAD 256 + +/* + * OpenSSL currently only uses a padding length of at most one block so the + * send overhead is smaller. + */ + +# define SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \ + (SSL_RT_MAX_CIPHER_BLOCK_SIZE + SSL3_RT_MAX_MD_SIZE) + +/* If compression isn't used don't include the compression overhead */ + +# ifdef OPENSSL_NO_COMP +# define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH +# else +# define SSL3_RT_MAX_COMPRESSED_LENGTH \ + (SSL3_RT_MAX_PLAIN_LENGTH+SSL3_RT_MAX_COMPRESSED_OVERHEAD) +# endif +# define SSL3_RT_MAX_ENCRYPTED_LENGTH \ + (SSL3_RT_MAX_ENCRYPTED_OVERHEAD+SSL3_RT_MAX_COMPRESSED_LENGTH) +# define SSL3_RT_MAX_TLS13_ENCRYPTED_LENGTH \ + (SSL3_RT_MAX_PLAIN_LENGTH + SSL3_RT_MAX_TLS13_ENCRYPTED_OVERHEAD) +# define SSL3_RT_MAX_PACKET_SIZE \ + (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH) + +# define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54" +# define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52" + +# define SSL3_VERSION 0x0300 +# define SSL3_VERSION_MAJOR 0x03 +# define SSL3_VERSION_MINOR 0x00 + +# define SSL3_RT_CHANGE_CIPHER_SPEC 20 +# define SSL3_RT_ALERT 21 +# define SSL3_RT_HANDSHAKE 22 +# define SSL3_RT_APPLICATION_DATA 23 + +/* Pseudo content types to indicate additional parameters */ +# define TLS1_RT_CRYPTO 0x1000 +# define TLS1_RT_CRYPTO_PREMASTER (TLS1_RT_CRYPTO | 0x1) +# define TLS1_RT_CRYPTO_CLIENT_RANDOM (TLS1_RT_CRYPTO | 0x2) +# define TLS1_RT_CRYPTO_SERVER_RANDOM (TLS1_RT_CRYPTO | 0x3) +# define TLS1_RT_CRYPTO_MASTER (TLS1_RT_CRYPTO | 0x4) + +# define TLS1_RT_CRYPTO_READ 0x0000 +# define TLS1_RT_CRYPTO_WRITE 0x0100 +# define TLS1_RT_CRYPTO_MAC (TLS1_RT_CRYPTO | 0x5) +# define TLS1_RT_CRYPTO_KEY (TLS1_RT_CRYPTO | 0x6) +# define TLS1_RT_CRYPTO_IV (TLS1_RT_CRYPTO | 0x7) +# define TLS1_RT_CRYPTO_FIXED_IV (TLS1_RT_CRYPTO | 0x8) + +/* Pseudo content types for SSL/TLS header info */ +# define SSL3_RT_HEADER 0x100 +# define SSL3_RT_INNER_CONTENT_TYPE 0x101 + +# define SSL3_AL_WARNING 1 +# define SSL3_AL_FATAL 2 + +# define SSL3_AD_CLOSE_NOTIFY 0 +# define SSL3_AD_UNEXPECTED_MESSAGE 10/* fatal */ +# define SSL3_AD_BAD_RECORD_MAC 20/* fatal */ +# define SSL3_AD_DECOMPRESSION_FAILURE 30/* fatal */ +# define SSL3_AD_HANDSHAKE_FAILURE 40/* fatal */ +# define SSL3_AD_NO_CERTIFICATE 41 +# define SSL3_AD_BAD_CERTIFICATE 42 +# define SSL3_AD_UNSUPPORTED_CERTIFICATE 43 +# define SSL3_AD_CERTIFICATE_REVOKED 44 +# define SSL3_AD_CERTIFICATE_EXPIRED 45 +# define SSL3_AD_CERTIFICATE_UNKNOWN 46 +# define SSL3_AD_ILLEGAL_PARAMETER 47/* fatal */ + +# define TLS1_HB_REQUEST 1 +# define TLS1_HB_RESPONSE 2 + + +# define SSL3_CT_RSA_SIGN 1 +# define SSL3_CT_DSS_SIGN 2 +# define SSL3_CT_RSA_FIXED_DH 3 +# define SSL3_CT_DSS_FIXED_DH 4 +# define SSL3_CT_RSA_EPHEMERAL_DH 5 +# define SSL3_CT_DSS_EPHEMERAL_DH 6 +# define SSL3_CT_FORTEZZA_DMS 20 +/* + * SSL3_CT_NUMBER is used to size arrays and it must be large enough to + * contain all of the cert types defined for *either* SSLv3 and TLSv1. + */ +# define SSL3_CT_NUMBER 10 + +# if defined(TLS_CT_NUMBER) +# if TLS_CT_NUMBER != SSL3_CT_NUMBER +# error "SSL/TLS CT_NUMBER values do not match" +# endif +# endif + +/* No longer used as of OpenSSL 1.1.1 */ +# define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 + +/* Removed from OpenSSL 1.1.0 */ +# define TLS1_FLAGS_TLS_PADDING_BUG 0x0 + +# define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 + +/* Set if we encrypt then mac instead of usual mac then encrypt */ +# define TLS1_FLAGS_ENCRYPT_THEN_MAC_READ 0x0100 +# define TLS1_FLAGS_ENCRYPT_THEN_MAC TLS1_FLAGS_ENCRYPT_THEN_MAC_READ + +/* Set if extended master secret extension received from peer */ +# define TLS1_FLAGS_RECEIVED_EXTMS 0x0200 + +# define TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE 0x0400 + +# define TLS1_FLAGS_STATELESS 0x0800 + +# define SSL3_MT_HELLO_REQUEST 0 +# define SSL3_MT_CLIENT_HELLO 1 +# define SSL3_MT_SERVER_HELLO 2 +# define SSL3_MT_NEWSESSION_TICKET 4 +# define SSL3_MT_END_OF_EARLY_DATA 5 +# define SSL3_MT_ENCRYPTED_EXTENSIONS 8 +# define SSL3_MT_CERTIFICATE 11 +# define SSL3_MT_SERVER_KEY_EXCHANGE 12 +# define SSL3_MT_CERTIFICATE_REQUEST 13 +# define SSL3_MT_SERVER_DONE 14 +# define SSL3_MT_CERTIFICATE_VERIFY 15 +# define SSL3_MT_CLIENT_KEY_EXCHANGE 16 +# define SSL3_MT_FINISHED 20 +# define SSL3_MT_CERTIFICATE_URL 21 +# define SSL3_MT_CERTIFICATE_STATUS 22 +# define SSL3_MT_SUPPLEMENTAL_DATA 23 +# define SSL3_MT_KEY_UPDATE 24 +# ifndef OPENSSL_NO_NEXTPROTONEG +# define SSL3_MT_NEXT_PROTO 67 +# endif +# define SSL3_MT_MESSAGE_HASH 254 +# define DTLS1_MT_HELLO_VERIFY_REQUEST 3 + +/* Dummy message type for handling CCS like a normal handshake message */ +# define SSL3_MT_CHANGE_CIPHER_SPEC 0x0101 + +# define SSL3_MT_CCS 1 + +/* These are used when changing over to a new cipher */ +# define SSL3_CC_READ 0x001 +# define SSL3_CC_WRITE 0x002 +# define SSL3_CC_CLIENT 0x010 +# define SSL3_CC_SERVER 0x020 +# define SSL3_CC_EARLY 0x040 +# define SSL3_CC_HANDSHAKE 0x080 +# define SSL3_CC_APPLICATION 0x100 +# define SSL3_CHANGE_CIPHER_CLIENT_WRITE (SSL3_CC_CLIENT|SSL3_CC_WRITE) +# define SSL3_CHANGE_CIPHER_SERVER_READ (SSL3_CC_SERVER|SSL3_CC_READ) +# define SSL3_CHANGE_CIPHER_CLIENT_READ (SSL3_CC_CLIENT|SSL3_CC_READ) +# define SSL3_CHANGE_CIPHER_SERVER_WRITE (SSL3_CC_SERVER|SSL3_CC_WRITE) + +#ifdef __cplusplus +} +#endif +#endif diff --git a/linux_amd64/ssl/include/openssl/sslerr.h b/linux_amd64/ssl/include/openssl/sslerr.h new file mode 100644 index 0000000..25e304e --- /dev/null +++ b/linux_amd64/ssl/include/openssl/sslerr.h @@ -0,0 +1,779 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_SSLERR_H +# define OPENSSL_SSLERR_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_SSLERR_H +# endif + +# include +# include + + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_SSL_strings(void); + +/* + * SSL function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define SSL_F_ADD_CLIENT_KEY_SHARE_EXT 0 +# define SSL_F_ADD_KEY_SHARE 0 +# define SSL_F_BYTES_TO_CIPHER_LIST 0 +# define SSL_F_CHECK_SUITEB_CIPHER_LIST 0 +# define SSL_F_CIPHERSUITE_CB 0 +# define SSL_F_CONSTRUCT_CA_NAMES 0 +# define SSL_F_CONSTRUCT_KEY_EXCHANGE_TBS 0 +# define SSL_F_CONSTRUCT_STATEFUL_TICKET 0 +# define SSL_F_CONSTRUCT_STATELESS_TICKET 0 +# define SSL_F_CREATE_SYNTHETIC_MESSAGE_HASH 0 +# define SSL_F_CREATE_TICKET_PREQUEL 0 +# define SSL_F_CT_MOVE_SCTS 0 +# define SSL_F_CT_STRICT 0 +# define SSL_F_CUSTOM_EXT_ADD 0 +# define SSL_F_CUSTOM_EXT_PARSE 0 +# define SSL_F_D2I_SSL_SESSION 0 +# define SSL_F_DANE_CTX_ENABLE 0 +# define SSL_F_DANE_MTYPE_SET 0 +# define SSL_F_DANE_TLSA_ADD 0 +# define SSL_F_DERIVE_SECRET_KEY_AND_IV 0 +# define SSL_F_DO_DTLS1_WRITE 0 +# define SSL_F_DO_SSL3_WRITE 0 +# define SSL_F_DTLS1_BUFFER_RECORD 0 +# define SSL_F_DTLS1_CHECK_TIMEOUT_NUM 0 +# define SSL_F_DTLS1_HM_FRAGMENT_NEW 0 +# define SSL_F_DTLS1_PREPROCESS_FRAGMENT 0 +# define SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS 0 +# define SSL_F_DTLS1_PROCESS_RECORD 0 +# define SSL_F_DTLS1_READ_BYTES 0 +# define SSL_F_DTLS1_READ_FAILED 0 +# define SSL_F_DTLS1_RETRANSMIT_MESSAGE 0 +# define SSL_F_DTLS1_WRITE_APP_DATA_BYTES 0 +# define SSL_F_DTLS1_WRITE_BYTES 0 +# define SSL_F_DTLSV1_LISTEN 0 +# define SSL_F_DTLS_CONSTRUCT_CHANGE_CIPHER_SPEC 0 +# define SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST 0 +# define SSL_F_DTLS_GET_REASSEMBLED_MESSAGE 0 +# define SSL_F_DTLS_PROCESS_HELLO_VERIFY 0 +# define SSL_F_DTLS_RECORD_LAYER_NEW 0 +# define SSL_F_DTLS_WAIT_FOR_DRY 0 +# define SSL_F_EARLY_DATA_COUNT_OK 0 +# define SSL_F_FINAL_EARLY_DATA 0 +# define SSL_F_FINAL_EC_PT_FORMATS 0 +# define SSL_F_FINAL_EMS 0 +# define SSL_F_FINAL_KEY_SHARE 0 +# define SSL_F_FINAL_MAXFRAGMENTLEN 0 +# define SSL_F_FINAL_RENEGOTIATE 0 +# define SSL_F_FINAL_SERVER_NAME 0 +# define SSL_F_FINAL_SIG_ALGS 0 +# define SSL_F_GET_CERT_VERIFY_TBS_DATA 0 +# define SSL_F_NSS_KEYLOG_INT 0 +# define SSL_F_OPENSSL_INIT_SSL 0 +# define SSL_F_OSSL_STATEM_CLIENT13_READ_TRANSITION 0 +# define SSL_F_OSSL_STATEM_CLIENT13_WRITE_TRANSITION 0 +# define SSL_F_OSSL_STATEM_CLIENT_CONSTRUCT_MESSAGE 0 +# define SSL_F_OSSL_STATEM_CLIENT_POST_PROCESS_MESSAGE 0 +# define SSL_F_OSSL_STATEM_CLIENT_PROCESS_MESSAGE 0 +# define SSL_F_OSSL_STATEM_CLIENT_READ_TRANSITION 0 +# define SSL_F_OSSL_STATEM_CLIENT_WRITE_TRANSITION 0 +# define SSL_F_OSSL_STATEM_SERVER13_READ_TRANSITION 0 +# define SSL_F_OSSL_STATEM_SERVER13_WRITE_TRANSITION 0 +# define SSL_F_OSSL_STATEM_SERVER_CONSTRUCT_MESSAGE 0 +# define SSL_F_OSSL_STATEM_SERVER_POST_PROCESS_MESSAGE 0 +# define SSL_F_OSSL_STATEM_SERVER_POST_WORK 0 +# define SSL_F_OSSL_STATEM_SERVER_PROCESS_MESSAGE 0 +# define SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION 0 +# define SSL_F_OSSL_STATEM_SERVER_WRITE_TRANSITION 0 +# define SSL_F_PARSE_CA_NAMES 0 +# define SSL_F_PITEM_NEW 0 +# define SSL_F_PQUEUE_NEW 0 +# define SSL_F_PROCESS_KEY_SHARE_EXT 0 +# define SSL_F_READ_STATE_MACHINE 0 +# define SSL_F_SET_CLIENT_CIPHERSUITE 0 +# define SSL_F_SRP_GENERATE_CLIENT_MASTER_SECRET 0 +# define SSL_F_SRP_GENERATE_SERVER_MASTER_SECRET 0 +# define SSL_F_SRP_VERIFY_SERVER_PARAM 0 +# define SSL_F_SSL3_CHANGE_CIPHER_STATE 0 +# define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 0 +# define SSL_F_SSL3_CTRL 0 +# define SSL_F_SSL3_CTX_CTRL 0 +# define SSL_F_SSL3_DIGEST_CACHED_RECORDS 0 +# define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 0 +# define SSL_F_SSL3_ENC 0 +# define SSL_F_SSL3_FINAL_FINISH_MAC 0 +# define SSL_F_SSL3_FINISH_MAC 0 +# define SSL_F_SSL3_GENERATE_KEY_BLOCK 0 +# define SSL_F_SSL3_GENERATE_MASTER_SECRET 0 +# define SSL_F_SSL3_GET_RECORD 0 +# define SSL_F_SSL3_INIT_FINISHED_MAC 0 +# define SSL_F_SSL3_OUTPUT_CERT_CHAIN 0 +# define SSL_F_SSL3_READ_BYTES 0 +# define SSL_F_SSL3_READ_N 0 +# define SSL_F_SSL3_SETUP_KEY_BLOCK 0 +# define SSL_F_SSL3_SETUP_READ_BUFFER 0 +# define SSL_F_SSL3_SETUP_WRITE_BUFFER 0 +# define SSL_F_SSL3_WRITE_BYTES 0 +# define SSL_F_SSL3_WRITE_PENDING 0 +# define SSL_F_SSL_ADD_CERT_CHAIN 0 +# define SSL_F_SSL_ADD_CERT_TO_BUF 0 +# define SSL_F_SSL_ADD_CERT_TO_WPACKET 0 +# define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT 0 +# define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT 0 +# define SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT 0 +# define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK 0 +# define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK 0 +# define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT 0 +# define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT 0 +# define SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT 0 +# define SSL_F_SSL_BAD_METHOD 0 +# define SSL_F_SSL_BUILD_CERT_CHAIN 0 +# define SSL_F_SSL_BYTES_TO_CIPHER_LIST 0 +# define SSL_F_SSL_CACHE_CIPHERLIST 0 +# define SSL_F_SSL_CERT_ADD0_CHAIN_CERT 0 +# define SSL_F_SSL_CERT_DUP 0 +# define SSL_F_SSL_CERT_NEW 0 +# define SSL_F_SSL_CERT_SET0_CHAIN 0 +# define SSL_F_SSL_CHECK_PRIVATE_KEY 0 +# define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT 0 +# define SSL_F_SSL_CHECK_SRP_EXT_CLIENTHELLO 0 +# define SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG 0 +# define SSL_F_SSL_CHOOSE_CLIENT_VERSION 0 +# define SSL_F_SSL_CIPHER_DESCRIPTION 0 +# define SSL_F_SSL_CIPHER_LIST_TO_BYTES 0 +# define SSL_F_SSL_CIPHER_PROCESS_RULESTR 0 +# define SSL_F_SSL_CIPHER_STRENGTH_SORT 0 +# define SSL_F_SSL_CLEAR 0 +# define SSL_F_SSL_CLIENT_HELLO_GET1_EXTENSIONS_PRESENT 0 +# define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD 0 +# define SSL_F_SSL_CONF_CMD 0 +# define SSL_F_SSL_CREATE_CIPHER_LIST 0 +# define SSL_F_SSL_CTRL 0 +# define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 0 +# define SSL_F_SSL_CTX_ENABLE_CT 0 +# define SSL_F_SSL_CTX_MAKE_PROFILES 0 +# define SSL_F_SSL_CTX_NEW 0 +# define SSL_F_SSL_CTX_SET_ALPN_PROTOS 0 +# define SSL_F_SSL_CTX_SET_CIPHER_LIST 0 +# define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE 0 +# define SSL_F_SSL_CTX_SET_CT_VALIDATION_CALLBACK 0 +# define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 0 +# define SSL_F_SSL_CTX_SET_SSL_VERSION 0 +# define SSL_F_SSL_CTX_SET_TLSEXT_MAX_FRAGMENT_LENGTH 0 +# define SSL_F_SSL_CTX_USE_CERTIFICATE 0 +# define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 0 +# define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 0 +# define SSL_F_SSL_CTX_USE_PRIVATEKEY 0 +# define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 0 +# define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 0 +# define SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT 0 +# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 0 +# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 0 +# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 0 +# define SSL_F_SSL_CTX_USE_SERVERINFO 0 +# define SSL_F_SSL_CTX_USE_SERVERINFO_EX 0 +# define SSL_F_SSL_CTX_USE_SERVERINFO_FILE 0 +# define SSL_F_SSL_DANE_DUP 0 +# define SSL_F_SSL_DANE_ENABLE 0 +# define SSL_F_SSL_DERIVE 0 +# define SSL_F_SSL_DO_CONFIG 0 +# define SSL_F_SSL_DO_HANDSHAKE 0 +# define SSL_F_SSL_DUP_CA_LIST 0 +# define SSL_F_SSL_ENABLE_CT 0 +# define SSL_F_SSL_GENERATE_PKEY_GROUP 0 +# define SSL_F_SSL_GENERATE_SESSION_ID 0 +# define SSL_F_SSL_GET_NEW_SESSION 0 +# define SSL_F_SSL_GET_PREV_SESSION 0 +# define SSL_F_SSL_GET_SERVER_CERT_INDEX 0 +# define SSL_F_SSL_GET_SIGN_PKEY 0 +# define SSL_F_SSL_HANDSHAKE_HASH 0 +# define SSL_F_SSL_INIT_WBIO_BUFFER 0 +# define SSL_F_SSL_KEY_UPDATE 0 +# define SSL_F_SSL_LOAD_CLIENT_CA_FILE 0 +# define SSL_F_SSL_LOG_MASTER_SECRET 0 +# define SSL_F_SSL_LOG_RSA_CLIENT_KEY_EXCHANGE 0 +# define SSL_F_SSL_MODULE_INIT 0 +# define SSL_F_SSL_NEW 0 +# define SSL_F_SSL_NEXT_PROTO_VALIDATE 0 +# define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT 0 +# define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT 0 +# define SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT 0 +# define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT 0 +# define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 0 +# define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT 0 +# define SSL_F_SSL_PEEK 0 +# define SSL_F_SSL_PEEK_EX 0 +# define SSL_F_SSL_PEEK_INTERNAL 0 +# define SSL_F_SSL_READ 0 +# define SSL_F_SSL_READ_EARLY_DATA 0 +# define SSL_F_SSL_READ_EX 0 +# define SSL_F_SSL_READ_INTERNAL 0 +# define SSL_F_SSL_RENEGOTIATE 0 +# define SSL_F_SSL_RENEGOTIATE_ABBREVIATED 0 +# define SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT 0 +# define SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT 0 +# define SSL_F_SSL_SENDFILE 0 +# define SSL_F_SSL_SESSION_DUP 0 +# define SSL_F_SSL_SESSION_NEW 0 +# define SSL_F_SSL_SESSION_PRINT_FP 0 +# define SSL_F_SSL_SESSION_SET1_ID 0 +# define SSL_F_SSL_SESSION_SET1_ID_CONTEXT 0 +# define SSL_F_SSL_SET_ALPN_PROTOS 0 +# define SSL_F_SSL_SET_CERT 0 +# define SSL_F_SSL_SET_CERT_AND_KEY 0 +# define SSL_F_SSL_SET_CIPHER_LIST 0 +# define SSL_F_SSL_SET_CT_VALIDATION_CALLBACK 0 +# define SSL_F_SSL_SET_FD 0 +# define SSL_F_SSL_SET_PKEY 0 +# define SSL_F_SSL_SET_RFD 0 +# define SSL_F_SSL_SET_SESSION 0 +# define SSL_F_SSL_SET_SESSION_ID_CONTEXT 0 +# define SSL_F_SSL_SET_SESSION_TICKET_EXT 0 +# define SSL_F_SSL_SET_TLSEXT_MAX_FRAGMENT_LENGTH 0 +# define SSL_F_SSL_SET_WFD 0 +# define SSL_F_SSL_SHUTDOWN 0 +# define SSL_F_SSL_SRP_CTX_INIT 0 +# define SSL_F_SSL_START_ASYNC_JOB 0 +# define SSL_F_SSL_UNDEFINED_FUNCTION 0 +# define SSL_F_SSL_UNDEFINED_VOID_FUNCTION 0 +# define SSL_F_SSL_USE_CERTIFICATE 0 +# define SSL_F_SSL_USE_CERTIFICATE_ASN1 0 +# define SSL_F_SSL_USE_CERTIFICATE_FILE 0 +# define SSL_F_SSL_USE_PRIVATEKEY 0 +# define SSL_F_SSL_USE_PRIVATEKEY_ASN1 0 +# define SSL_F_SSL_USE_PRIVATEKEY_FILE 0 +# define SSL_F_SSL_USE_PSK_IDENTITY_HINT 0 +# define SSL_F_SSL_USE_RSAPRIVATEKEY 0 +# define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 0 +# define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 0 +# define SSL_F_SSL_VALIDATE_CT 0 +# define SSL_F_SSL_VERIFY_CERT_CHAIN 0 +# define SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE 0 +# define SSL_F_SSL_WRITE 0 +# define SSL_F_SSL_WRITE_EARLY_DATA 0 +# define SSL_F_SSL_WRITE_EARLY_FINISH 0 +# define SSL_F_SSL_WRITE_EX 0 +# define SSL_F_SSL_WRITE_INTERNAL 0 +# define SSL_F_STATE_MACHINE 0 +# define SSL_F_TLS12_CHECK_PEER_SIGALG 0 +# define SSL_F_TLS12_COPY_SIGALGS 0 +# define SSL_F_TLS13_CHANGE_CIPHER_STATE 0 +# define SSL_F_TLS13_ENC 0 +# define SSL_F_TLS13_FINAL_FINISH_MAC 0 +# define SSL_F_TLS13_GENERATE_SECRET 0 +# define SSL_F_TLS13_HKDF_EXPAND 0 +# define SSL_F_TLS13_RESTORE_HANDSHAKE_DIGEST_FOR_PHA 0 +# define SSL_F_TLS13_SAVE_HANDSHAKE_DIGEST_FOR_PHA 0 +# define SSL_F_TLS13_SETUP_KEY_BLOCK 0 +# define SSL_F_TLS1_CHANGE_CIPHER_STATE 0 +# define SSL_F_TLS1_CHECK_DUPLICATE_EXTENSIONS 0 +# define SSL_F_TLS1_ENC 0 +# define SSL_F_TLS1_EXPORT_KEYING_MATERIAL 0 +# define SSL_F_TLS1_GET_CURVELIST 0 +# define SSL_F_TLS1_PRF 0 +# define SSL_F_TLS1_SAVE_U16 0 +# define SSL_F_TLS1_SETUP_KEY_BLOCK 0 +# define SSL_F_TLS1_SET_GROUPS 0 +# define SSL_F_TLS1_SET_RAW_SIGALGS 0 +# define SSL_F_TLS1_SET_SERVER_SIGALGS 0 +# define SSL_F_TLS1_SET_SHARED_SIGALGS 0 +# define SSL_F_TLS1_SET_SIGALGS 0 +# define SSL_F_TLS_CHOOSE_SIGALG 0 +# define SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK 0 +# define SSL_F_TLS_COLLECT_EXTENSIONS 0 +# define SSL_F_TLS_CONSTRUCT_CERTIFICATE_AUTHORITIES 0 +# define SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST 0 +# define SSL_F_TLS_CONSTRUCT_CERT_STATUS 0 +# define SSL_F_TLS_CONSTRUCT_CERT_STATUS_BODY 0 +# define SSL_F_TLS_CONSTRUCT_CERT_VERIFY 0 +# define SSL_F_TLS_CONSTRUCT_CHANGE_CIPHER_SPEC 0 +# define SSL_F_TLS_CONSTRUCT_CKE_DHE 0 +# define SSL_F_TLS_CONSTRUCT_CKE_ECDHE 0 +# define SSL_F_TLS_CONSTRUCT_CKE_GOST 0 +# define SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE 0 +# define SSL_F_TLS_CONSTRUCT_CKE_RSA 0 +# define SSL_F_TLS_CONSTRUCT_CKE_SRP 0 +# define SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE 0 +# define SSL_F_TLS_CONSTRUCT_CLIENT_HELLO 0 +# define SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE 0 +# define SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_ALPN 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_CERTIFICATE 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_COOKIE 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_EC_PT_FORMATS 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_EMS 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_ETM 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_HELLO 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_KEY_EXCHANGE 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_KEY_SHARE 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_MAXFRAGMENTLEN 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_NPN 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_PADDING 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_POST_HANDSHAKE_AUTH 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_PSK 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_PSK_KEX_MODES 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_RENEGOTIATE 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_SCT 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_SERVER_NAME 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_SESSION_TICKET 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_SIG_ALGS 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_SRP 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_GROUPS 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_USE_SRTP 0 +# define SSL_F_TLS_CONSTRUCT_CTOS_VERIFY 0 +# define SSL_F_TLS_CONSTRUCT_ENCRYPTED_EXTENSIONS 0 +# define SSL_F_TLS_CONSTRUCT_END_OF_EARLY_DATA 0 +# define SSL_F_TLS_CONSTRUCT_EXTENSIONS 0 +# define SSL_F_TLS_CONSTRUCT_FINISHED 0 +# define SSL_F_TLS_CONSTRUCT_HELLO_REQUEST 0 +# define SSL_F_TLS_CONSTRUCT_HELLO_RETRY_REQUEST 0 +# define SSL_F_TLS_CONSTRUCT_KEY_UPDATE 0 +# define SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET 0 +# define SSL_F_TLS_CONSTRUCT_NEXT_PROTO 0 +# define SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE 0 +# define SSL_F_TLS_CONSTRUCT_SERVER_HELLO 0 +# define SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE 0 +# define SSL_F_TLS_CONSTRUCT_STOC_ALPN 0 +# define SSL_F_TLS_CONSTRUCT_STOC_CERTIFICATE 0 +# define SSL_F_TLS_CONSTRUCT_STOC_COOKIE 0 +# define SSL_F_TLS_CONSTRUCT_STOC_CRYPTOPRO_BUG 0 +# define SSL_F_TLS_CONSTRUCT_STOC_DONE 0 +# define SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA 0 +# define SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA_INFO 0 +# define SSL_F_TLS_CONSTRUCT_STOC_EC_PT_FORMATS 0 +# define SSL_F_TLS_CONSTRUCT_STOC_EMS 0 +# define SSL_F_TLS_CONSTRUCT_STOC_ETM 0 +# define SSL_F_TLS_CONSTRUCT_STOC_HELLO 0 +# define SSL_F_TLS_CONSTRUCT_STOC_KEY_EXCHANGE 0 +# define SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE 0 +# define SSL_F_TLS_CONSTRUCT_STOC_MAXFRAGMENTLEN 0 +# define SSL_F_TLS_CONSTRUCT_STOC_NEXT_PROTO_NEG 0 +# define SSL_F_TLS_CONSTRUCT_STOC_PSK 0 +# define SSL_F_TLS_CONSTRUCT_STOC_RENEGOTIATE 0 +# define SSL_F_TLS_CONSTRUCT_STOC_SERVER_NAME 0 +# define SSL_F_TLS_CONSTRUCT_STOC_SESSION_TICKET 0 +# define SSL_F_TLS_CONSTRUCT_STOC_STATUS_REQUEST 0 +# define SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_GROUPS 0 +# define SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_VERSIONS 0 +# define SSL_F_TLS_CONSTRUCT_STOC_USE_SRTP 0 +# define SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO 0 +# define SSL_F_TLS_FINISH_HANDSHAKE 0 +# define SSL_F_TLS_GET_MESSAGE_BODY 0 +# define SSL_F_TLS_GET_MESSAGE_HEADER 0 +# define SSL_F_TLS_HANDLE_ALPN 0 +# define SSL_F_TLS_HANDLE_STATUS_REQUEST 0 +# define SSL_F_TLS_PARSE_CERTIFICATE_AUTHORITIES 0 +# define SSL_F_TLS_PARSE_CLIENTHELLO_TLSEXT 0 +# define SSL_F_TLS_PARSE_CTOS_ALPN 0 +# define SSL_F_TLS_PARSE_CTOS_COOKIE 0 +# define SSL_F_TLS_PARSE_CTOS_EARLY_DATA 0 +# define SSL_F_TLS_PARSE_CTOS_EC_PT_FORMATS 0 +# define SSL_F_TLS_PARSE_CTOS_EMS 0 +# define SSL_F_TLS_PARSE_CTOS_KEY_SHARE 0 +# define SSL_F_TLS_PARSE_CTOS_MAXFRAGMENTLEN 0 +# define SSL_F_TLS_PARSE_CTOS_POST_HANDSHAKE_AUTH 0 +# define SSL_F_TLS_PARSE_CTOS_PSK 0 +# define SSL_F_TLS_PARSE_CTOS_PSK_KEX_MODES 0 +# define SSL_F_TLS_PARSE_CTOS_RENEGOTIATE 0 +# define SSL_F_TLS_PARSE_CTOS_SERVER_NAME 0 +# define SSL_F_TLS_PARSE_CTOS_SESSION_TICKET 0 +# define SSL_F_TLS_PARSE_CTOS_SIG_ALGS 0 +# define SSL_F_TLS_PARSE_CTOS_SIG_ALGS_CERT 0 +# define SSL_F_TLS_PARSE_CTOS_SRP 0 +# define SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST 0 +# define SSL_F_TLS_PARSE_CTOS_SUPPORTED_GROUPS 0 +# define SSL_F_TLS_PARSE_CTOS_USE_SRTP 0 +# define SSL_F_TLS_PARSE_STOC_ALPN 0 +# define SSL_F_TLS_PARSE_STOC_COOKIE 0 +# define SSL_F_TLS_PARSE_STOC_EARLY_DATA 0 +# define SSL_F_TLS_PARSE_STOC_EARLY_DATA_INFO 0 +# define SSL_F_TLS_PARSE_STOC_EC_PT_FORMATS 0 +# define SSL_F_TLS_PARSE_STOC_KEY_SHARE 0 +# define SSL_F_TLS_PARSE_STOC_MAXFRAGMENTLEN 0 +# define SSL_F_TLS_PARSE_STOC_NPN 0 +# define SSL_F_TLS_PARSE_STOC_PSK 0 +# define SSL_F_TLS_PARSE_STOC_RENEGOTIATE 0 +# define SSL_F_TLS_PARSE_STOC_SCT 0 +# define SSL_F_TLS_PARSE_STOC_SERVER_NAME 0 +# define SSL_F_TLS_PARSE_STOC_SESSION_TICKET 0 +# define SSL_F_TLS_PARSE_STOC_STATUS_REQUEST 0 +# define SSL_F_TLS_PARSE_STOC_SUPPORTED_VERSIONS 0 +# define SSL_F_TLS_PARSE_STOC_USE_SRTP 0 +# define SSL_F_TLS_POST_PROCESS_CLIENT_HELLO 0 +# define SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE 0 +# define SSL_F_TLS_PREPARE_CLIENT_CERTIFICATE 0 +# define SSL_F_TLS_PROCESS_AS_HELLO_RETRY_REQUEST 0 +# define SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST 0 +# define SSL_F_TLS_PROCESS_CERT_STATUS 0 +# define SSL_F_TLS_PROCESS_CERT_STATUS_BODY 0 +# define SSL_F_TLS_PROCESS_CERT_VERIFY 0 +# define SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC 0 +# define SSL_F_TLS_PROCESS_CKE_DHE 0 +# define SSL_F_TLS_PROCESS_CKE_ECDHE 0 +# define SSL_F_TLS_PROCESS_CKE_GOST 0 +# define SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE 0 +# define SSL_F_TLS_PROCESS_CKE_RSA 0 +# define SSL_F_TLS_PROCESS_CKE_SRP 0 +# define SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE 0 +# define SSL_F_TLS_PROCESS_CLIENT_HELLO 0 +# define SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE 0 +# define SSL_F_TLS_PROCESS_ENCRYPTED_EXTENSIONS 0 +# define SSL_F_TLS_PROCESS_END_OF_EARLY_DATA 0 +# define SSL_F_TLS_PROCESS_FINISHED 0 +# define SSL_F_TLS_PROCESS_HELLO_REQ 0 +# define SSL_F_TLS_PROCESS_HELLO_RETRY_REQUEST 0 +# define SSL_F_TLS_PROCESS_INITIAL_SERVER_FLIGHT 0 +# define SSL_F_TLS_PROCESS_KEY_EXCHANGE 0 +# define SSL_F_TLS_PROCESS_KEY_UPDATE 0 +# define SSL_F_TLS_PROCESS_NEW_SESSION_TICKET 0 +# define SSL_F_TLS_PROCESS_NEXT_PROTO 0 +# define SSL_F_TLS_PROCESS_SERVER_CERTIFICATE 0 +# define SSL_F_TLS_PROCESS_SERVER_DONE 0 +# define SSL_F_TLS_PROCESS_SERVER_HELLO 0 +# define SSL_F_TLS_PROCESS_SKE_DHE 0 +# define SSL_F_TLS_PROCESS_SKE_ECDHE 0 +# define SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE 0 +# define SSL_F_TLS_PROCESS_SKE_SRP 0 +# define SSL_F_TLS_PSK_DO_BINDER 0 +# define SSL_F_TLS_SCAN_CLIENTHELLO_TLSEXT 0 +# define SSL_F_TLS_SETUP_HANDSHAKE 0 +# define SSL_F_USE_CERTIFICATE_CHAIN_FILE 0 +# define SSL_F_WPACKET_INTERN_INIT_LEN 0 +# define SSL_F_WPACKET_START_SUB_PACKET_LEN__ 0 +# define SSL_F_WRITE_STATE_MACHINE 0 +# endif + +/* + * SSL reason codes. + */ +# define SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY 291 +# define SSL_R_APP_DATA_IN_HANDSHAKE 100 +# define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272 +# define SSL_R_AT_LEAST_TLS_1_0_NEEDED_IN_FIPS_MODE 143 +# define SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE 158 +# define SSL_R_BAD_CHANGE_CIPHER_SPEC 103 +# define SSL_R_BAD_CIPHER 186 +# define SSL_R_BAD_DATA 390 +# define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106 +# define SSL_R_BAD_DECOMPRESSION 107 +# define SSL_R_BAD_DH_VALUE 102 +# define SSL_R_BAD_DIGEST_LENGTH 111 +# define SSL_R_BAD_EARLY_DATA 233 +# define SSL_R_BAD_ECC_CERT 304 +# define SSL_R_BAD_ECPOINT 306 +# define SSL_R_BAD_EXTENSION 110 +# define SSL_R_BAD_HANDSHAKE_LENGTH 332 +# define SSL_R_BAD_HANDSHAKE_STATE 236 +# define SSL_R_BAD_HELLO_REQUEST 105 +# define SSL_R_BAD_HRR_VERSION 263 +# define SSL_R_BAD_KEY_SHARE 108 +# define SSL_R_BAD_KEY_UPDATE 122 +# define SSL_R_BAD_LEGACY_VERSION 292 +# define SSL_R_BAD_LENGTH 271 +# define SSL_R_BAD_PACKET 240 +# define SSL_R_BAD_PACKET_LENGTH 115 +# define SSL_R_BAD_PROTOCOL_VERSION_NUMBER 116 +# define SSL_R_BAD_PSK 219 +# define SSL_R_BAD_PSK_IDENTITY 114 +# define SSL_R_BAD_RECORD_TYPE 443 +# define SSL_R_BAD_RSA_ENCRYPT 119 +# define SSL_R_BAD_SIGNATURE 123 +# define SSL_R_BAD_SRP_A_LENGTH 347 +# define SSL_R_BAD_SRP_PARAMETERS 371 +# define SSL_R_BAD_SRTP_MKI_VALUE 352 +# define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST 353 +# define SSL_R_BAD_SSL_FILETYPE 124 +# define SSL_R_BAD_VALUE 384 +# define SSL_R_BAD_WRITE_RETRY 127 +# define SSL_R_BINDER_DOES_NOT_VERIFY 253 +# define SSL_R_BIO_NOT_SET 128 +# define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG 129 +# define SSL_R_BN_LIB 130 +# define SSL_R_CALLBACK_FAILED 234 +# define SSL_R_CANNOT_CHANGE_CIPHER 109 +# define SSL_R_CA_DN_LENGTH_MISMATCH 131 +# define SSL_R_CA_KEY_TOO_SMALL 397 +# define SSL_R_CA_MD_TOO_WEAK 398 +# define SSL_R_CCS_RECEIVED_EARLY 133 +# define SSL_R_CERTIFICATE_VERIFY_FAILED 134 +# define SSL_R_CERT_CB_ERROR 377 +# define SSL_R_CERT_LENGTH_MISMATCH 135 +# define SSL_R_CIPHERSUITE_DIGEST_HAS_CHANGED 218 +# define SSL_R_CIPHER_CODE_WRONG_LENGTH 137 +# define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 138 +# define SSL_R_CLIENTHELLO_TLSEXT 226 +# define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140 +# define SSL_R_COMPRESSION_DISABLED 343 +# define SSL_R_COMPRESSION_FAILURE 141 +# define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 307 +# define SSL_R_COMPRESSION_LIBRARY_ERROR 142 +# define SSL_R_CONNECTION_TYPE_NOT_SET 144 +# define SSL_R_CONTEXT_NOT_DANE_ENABLED 167 +# define SSL_R_COOKIE_GEN_CALLBACK_FAILURE 400 +# define SSL_R_COOKIE_MISMATCH 308 +# define SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED 206 +# define SSL_R_DANE_ALREADY_ENABLED 172 +# define SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL 173 +# define SSL_R_DANE_NOT_ENABLED 175 +# define SSL_R_DANE_TLSA_BAD_CERTIFICATE 180 +# define SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE 184 +# define SSL_R_DANE_TLSA_BAD_DATA_LENGTH 189 +# define SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH 192 +# define SSL_R_DANE_TLSA_BAD_MATCHING_TYPE 200 +# define SSL_R_DANE_TLSA_BAD_PUBLIC_KEY 201 +# define SSL_R_DANE_TLSA_BAD_SELECTOR 202 +# define SSL_R_DANE_TLSA_NULL_DATA 203 +# define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145 +# define SSL_R_DATA_LENGTH_TOO_LONG 146 +# define SSL_R_DECRYPTION_FAILED 147 +# define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281 +# define SSL_R_DH_KEY_TOO_SMALL 394 +# define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148 +# define SSL_R_DIGEST_CHECK_FAILED 149 +# define SSL_R_DTLS_MESSAGE_TOO_BIG 334 +# define SSL_R_DUPLICATE_COMPRESSION_ID 309 +# define SSL_R_ECC_CERT_NOT_FOR_SIGNING 318 +# define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE 374 +# define SSL_R_EE_KEY_TOO_SMALL 399 +# define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 354 +# define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 +# define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151 +# define SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN 204 +# define SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE 194 +# define SSL_R_EXCESSIVE_MESSAGE_SIZE 152 +# define SSL_R_EXTENSION_NOT_RECEIVED 279 +# define SSL_R_EXTRA_DATA_IN_MESSAGE 153 +# define SSL_R_EXT_LENGTH_MISMATCH 163 +# define SSL_R_FAILED_TO_INIT_ASYNC 405 +# define SSL_R_FRAGMENTED_CLIENT_HELLO 401 +# define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154 +# define SSL_R_HTTPS_PROXY_REQUEST 155 +# define SSL_R_HTTP_REQUEST 156 +# define SSL_R_ILLEGAL_POINT_COMPRESSION 162 +# define SSL_R_ILLEGAL_SUITEB_DIGEST 380 +# define SSL_R_INAPPROPRIATE_FALLBACK 373 +# define SSL_R_INCONSISTENT_COMPRESSION 340 +# define SSL_R_INCONSISTENT_EARLY_DATA_ALPN 222 +# define SSL_R_INCONSISTENT_EARLY_DATA_SNI 231 +# define SSL_R_INCONSISTENT_EXTMS 104 +# define SSL_R_INSUFFICIENT_SECURITY 241 +# define SSL_R_INVALID_ALERT 205 +# define SSL_R_INVALID_CCS_MESSAGE 260 +# define SSL_R_INVALID_CERTIFICATE_OR_ALG 238 +# define SSL_R_INVALID_COMMAND 280 +# define SSL_R_INVALID_COMPRESSION_ALGORITHM 341 +# define SSL_R_INVALID_CONFIG 283 +# define SSL_R_INVALID_CONFIGURATION_NAME 113 +# define SSL_R_INVALID_CONTEXT 282 +# define SSL_R_INVALID_CT_VALIDATION_TYPE 212 +# define SSL_R_INVALID_KEY_UPDATE_TYPE 120 +# define SSL_R_INVALID_MAX_EARLY_DATA 174 +# define SSL_R_INVALID_NULL_CMD_NAME 385 +# define SSL_R_INVALID_SEQUENCE_NUMBER 402 +# define SSL_R_INVALID_SERVERINFO_DATA 388 +# define SSL_R_INVALID_SESSION_ID 999 +# define SSL_R_INVALID_SRP_USERNAME 357 +# define SSL_R_INVALID_STATUS_RESPONSE 328 +# define SSL_R_INVALID_TICKET_KEYS_LENGTH 325 +# define SSL_R_LENGTH_MISMATCH 159 +# define SSL_R_LENGTH_TOO_LONG 404 +# define SSL_R_LENGTH_TOO_SHORT 160 +# define SSL_R_LIBRARY_BUG 274 +# define SSL_R_LIBRARY_HAS_NO_CIPHERS 161 +# define SSL_R_MISSING_DSA_SIGNING_CERT 165 +# define SSL_R_MISSING_ECDSA_SIGNING_CERT 381 +# define SSL_R_MISSING_FATAL 256 +# define SSL_R_MISSING_PARAMETERS 290 +# define SSL_R_MISSING_RSA_CERTIFICATE 168 +# define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169 +# define SSL_R_MISSING_RSA_SIGNING_CERT 170 +# define SSL_R_MISSING_SIGALGS_EXTENSION 112 +# define SSL_R_MISSING_SIGNING_CERT 221 +# define SSL_R_MISSING_SRP_PARAM 358 +# define SSL_R_MISSING_SUPPORTED_GROUPS_EXTENSION 209 +# define SSL_R_MISSING_TMP_DH_KEY 171 +# define SSL_R_MISSING_TMP_ECDH_KEY 311 +# define SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA 293 +# define SSL_R_NOT_ON_RECORD_BOUNDARY 182 +# define SSL_R_NOT_REPLACING_CERTIFICATE 289 +# define SSL_R_NOT_SERVER 284 +# define SSL_R_NO_APPLICATION_PROTOCOL 235 +# define SSL_R_NO_CERTIFICATES_RETURNED 176 +# define SSL_R_NO_CERTIFICATE_ASSIGNED 177 +# define SSL_R_NO_CERTIFICATE_SET 179 +# define SSL_R_NO_CHANGE_FOLLOWING_HRR 214 +# define SSL_R_NO_CIPHERS_AVAILABLE 181 +# define SSL_R_NO_CIPHERS_SPECIFIED 183 +# define SSL_R_NO_CIPHER_MATCH 185 +# define SSL_R_NO_CLIENT_CERT_METHOD 331 +# define SSL_R_NO_COMPRESSION_SPECIFIED 187 +# define SSL_R_NO_COOKIE_CALLBACK_SET 287 +# define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER 330 +# define SSL_R_NO_METHOD_SPECIFIED 188 +# define SSL_R_NO_PEM_EXTENSIONS 389 +# define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190 +# define SSL_R_NO_PROTOCOLS_AVAILABLE 191 +# define SSL_R_NO_RENEGOTIATION 339 +# define SSL_R_NO_REQUIRED_DIGEST 324 +# define SSL_R_NO_SHARED_CIPHER 193 +# define SSL_R_NO_SHARED_GROUPS 410 +# define SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS 376 +# define SSL_R_NO_SRTP_PROFILES 359 +# define SSL_R_NO_SUITABLE_KEY_SHARE 101 +# define SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM 118 +# define SSL_R_NO_VALID_SCTS 216 +# define SSL_R_NO_VERIFY_COOKIE_CALLBACK 403 +# define SSL_R_NULL_SSL_CTX 195 +# define SSL_R_NULL_SSL_METHOD_PASSED 196 +# define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197 +# define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344 +# define SSL_R_OVERFLOW_ERROR 237 +# define SSL_R_PACKET_LENGTH_TOO_LONG 198 +# define SSL_R_PARSE_TLSEXT 227 +# define SSL_R_PATH_TOO_LONG 270 +# define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199 +# define SSL_R_PEM_NAME_BAD_PREFIX 391 +# define SSL_R_PEM_NAME_TOO_SHORT 392 +# define SSL_R_PIPELINE_FAILURE 406 +# define SSL_R_POST_HANDSHAKE_AUTH_ENCODING_ERR 278 +# define SSL_R_PRIVATE_KEY_MISMATCH 288 +# define SSL_R_PROTOCOL_IS_SHUTDOWN 207 +# define SSL_R_PSK_IDENTITY_NOT_FOUND 223 +# define SSL_R_PSK_NO_CLIENT_CB 224 +# define SSL_R_PSK_NO_SERVER_CB 225 +# define SSL_R_READ_BIO_NOT_SET 211 +# define SSL_R_READ_TIMEOUT_EXPIRED 312 +# define SSL_R_RECORD_LENGTH_MISMATCH 213 +# define SSL_R_RECORD_TOO_SMALL 298 +# define SSL_R_RENEGOTIATE_EXT_TOO_LONG 335 +# define SSL_R_RENEGOTIATION_ENCODING_ERR 336 +# define SSL_R_RENEGOTIATION_MISMATCH 337 +# define SSL_R_REQUEST_PENDING 285 +# define SSL_R_REQUEST_SENT 286 +# define SSL_R_REQUIRED_CIPHER_MISSING 215 +# define SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING 342 +# define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 345 +# define SSL_R_SCT_VERIFICATION_FAILED 208 +# define SSL_R_SERVERHELLO_TLSEXT 275 +# define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277 +# define SSL_R_SHUTDOWN_WHILE_IN_INIT 407 +# define SSL_R_SIGNATURE_ALGORITHMS_ERROR 360 +# define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 +# define SSL_R_SRP_A_CALC 361 +# define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES 362 +# define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG 363 +# define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE 364 +# define SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH 232 +# define SSL_R_SSL3_EXT_INVALID_SERVERNAME 319 +# define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 320 +# define SSL_R_SSL3_SESSION_ID_TOO_LONG 300 +# define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 +# define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 +# define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045 +# define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044 +# define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046 +# define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030 +# define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040 +# define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047 +# define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041 +# define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010 +# define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043 +# define SSL_R_SSL_COMMAND_SECTION_EMPTY 117 +# define SSL_R_SSL_COMMAND_SECTION_NOT_FOUND 125 +# define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228 +# define SSL_R_SSL_HANDSHAKE_FAILURE 229 +# define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 230 +# define SSL_R_SSL_NEGATIVE_LENGTH 372 +# define SSL_R_SSL_SECTION_EMPTY 126 +# define SSL_R_SSL_SECTION_NOT_FOUND 136 +# define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 301 +# define SSL_R_SSL_SESSION_ID_CONFLICT 302 +# define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273 +# define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 303 +# define SSL_R_SSL_SESSION_ID_TOO_LONG 408 +# define SSL_R_SSL_SESSION_VERSION_MISMATCH 210 +# define SSL_R_STILL_IN_INIT 121 +# define SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED 1116 +# define SSL_R_TLSV13_ALERT_MISSING_EXTENSION 1109 +# define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049 +# define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050 +# define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021 +# define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051 +# define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060 +# define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086 +# define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071 +# define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080 +# define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100 +# define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070 +# define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022 +# define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048 +# define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090 +# define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114 +# define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113 +# define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111 +# define SSL_R_TLSV1_UNRECOGNIZED_NAME 1112 +# define SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110 +# define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL 367 +# define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157 +# define SSL_R_TOO_MANY_KEY_UPDATES 132 +# define SSL_R_TOO_MANY_WARN_ALERTS 409 +# define SSL_R_TOO_MUCH_EARLY_DATA 164 +# define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 314 +# define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239 +# define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 242 +# define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243 +# define SSL_R_UNEXPECTED_CCS_MESSAGE 262 +# define SSL_R_UNEXPECTED_END_OF_EARLY_DATA 178 +# define SSL_R_UNEXPECTED_EOF_WHILE_READING 294 +# define SSL_R_UNEXPECTED_MESSAGE 244 +# define SSL_R_UNEXPECTED_RECORD 245 +# define SSL_R_UNINITIALIZED 276 +# define SSL_R_UNKNOWN_ALERT_TYPE 246 +# define SSL_R_UNKNOWN_CERTIFICATE_TYPE 247 +# define SSL_R_UNKNOWN_CIPHER_RETURNED 248 +# define SSL_R_UNKNOWN_CIPHER_TYPE 249 +# define SSL_R_UNKNOWN_CMD_NAME 386 +# define SSL_R_UNKNOWN_COMMAND 139 +# define SSL_R_UNKNOWN_DIGEST 368 +# define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250 +# define SSL_R_UNKNOWN_PKEY_TYPE 251 +# define SSL_R_UNKNOWN_PROTOCOL 252 +# define SSL_R_UNKNOWN_SSL_VERSION 254 +# define SSL_R_UNKNOWN_STATE 255 +# define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 338 +# define SSL_R_UNSOLICITED_EXTENSION 217 +# define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257 +# define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 315 +# define SSL_R_UNSUPPORTED_PROTOCOL 258 +# define SSL_R_UNSUPPORTED_SSL_VERSION 259 +# define SSL_R_UNSUPPORTED_STATUS_TYPE 329 +# define SSL_R_USE_SRTP_NOT_NEGOTIATED 369 +# define SSL_R_VERSION_TOO_HIGH 166 +# define SSL_R_VERSION_TOO_LOW 396 +# define SSL_R_WRONG_CERTIFICATE_TYPE 383 +# define SSL_R_WRONG_CIPHER_RETURNED 261 +# define SSL_R_WRONG_CURVE 378 +# define SSL_R_WRONG_SIGNATURE_LENGTH 264 +# define SSL_R_WRONG_SIGNATURE_SIZE 265 +# define SSL_R_WRONG_SIGNATURE_TYPE 370 +# define SSL_R_WRONG_SSL_VERSION 266 +# define SSL_R_WRONG_VERSION_NUMBER 267 +# define SSL_R_X509_LIB 268 +# define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 269 + +#endif diff --git a/linux_amd64/ssl/include/openssl/stack.h b/linux_amd64/ssl/include/openssl/stack.h new file mode 100644 index 0000000..031b672 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/stack.h @@ -0,0 +1,89 @@ +/* + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_STACK_H +# define OPENSSL_STACK_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_STACK_H +# endif + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct stack_st OPENSSL_STACK; /* Use STACK_OF(...) instead */ + +typedef int (*OPENSSL_sk_compfunc)(const void *, const void *); +typedef void (*OPENSSL_sk_freefunc)(void *); +typedef void *(*OPENSSL_sk_copyfunc)(const void *); + +int OPENSSL_sk_num(const OPENSSL_STACK *); +void *OPENSSL_sk_value(const OPENSSL_STACK *, int); + +void *OPENSSL_sk_set(OPENSSL_STACK *st, int i, const void *data); + +OPENSSL_STACK *OPENSSL_sk_new(OPENSSL_sk_compfunc cmp); +OPENSSL_STACK *OPENSSL_sk_new_null(void); +OPENSSL_STACK *OPENSSL_sk_new_reserve(OPENSSL_sk_compfunc c, int n); +int OPENSSL_sk_reserve(OPENSSL_STACK *st, int n); +void OPENSSL_sk_free(OPENSSL_STACK *); +void OPENSSL_sk_pop_free(OPENSSL_STACK *st, void (*func) (void *)); +OPENSSL_STACK *OPENSSL_sk_deep_copy(const OPENSSL_STACK *, + OPENSSL_sk_copyfunc c, + OPENSSL_sk_freefunc f); +int OPENSSL_sk_insert(OPENSSL_STACK *sk, const void *data, int where); +void *OPENSSL_sk_delete(OPENSSL_STACK *st, int loc); +void *OPENSSL_sk_delete_ptr(OPENSSL_STACK *st, const void *p); +int OPENSSL_sk_find(OPENSSL_STACK *st, const void *data); +int OPENSSL_sk_find_ex(OPENSSL_STACK *st, const void *data); +int OPENSSL_sk_push(OPENSSL_STACK *st, const void *data); +int OPENSSL_sk_unshift(OPENSSL_STACK *st, const void *data); +void *OPENSSL_sk_shift(OPENSSL_STACK *st); +void *OPENSSL_sk_pop(OPENSSL_STACK *st); +void OPENSSL_sk_zero(OPENSSL_STACK *st); +OPENSSL_sk_compfunc OPENSSL_sk_set_cmp_func(OPENSSL_STACK *sk, + OPENSSL_sk_compfunc cmp); +OPENSSL_STACK *OPENSSL_sk_dup(const OPENSSL_STACK *st); +void OPENSSL_sk_sort(OPENSSL_STACK *st); +int OPENSSL_sk_is_sorted(const OPENSSL_STACK *st); + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define _STACK OPENSSL_STACK +# define sk_num OPENSSL_sk_num +# define sk_value OPENSSL_sk_value +# define sk_set OPENSSL_sk_set +# define sk_new OPENSSL_sk_new +# define sk_new_null OPENSSL_sk_new_null +# define sk_free OPENSSL_sk_free +# define sk_pop_free OPENSSL_sk_pop_free +# define sk_deep_copy OPENSSL_sk_deep_copy +# define sk_insert OPENSSL_sk_insert +# define sk_delete OPENSSL_sk_delete +# define sk_delete_ptr OPENSSL_sk_delete_ptr +# define sk_find OPENSSL_sk_find +# define sk_find_ex OPENSSL_sk_find_ex +# define sk_push OPENSSL_sk_push +# define sk_unshift OPENSSL_sk_unshift +# define sk_shift OPENSSL_sk_shift +# define sk_pop OPENSSL_sk_pop +# define sk_zero OPENSSL_sk_zero +# define sk_set_cmp_func OPENSSL_sk_set_cmp_func +# define sk_dup OPENSSL_sk_dup +# define sk_sort OPENSSL_sk_sort +# define sk_is_sorted OPENSSL_sk_is_sorted +# endif + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/linux_amd64/ssl/include/openssl/store.h b/linux_amd64/ssl/include/openssl/store.h new file mode 100644 index 0000000..7b2561c --- /dev/null +++ b/linux_amd64/ssl/include/openssl/store.h @@ -0,0 +1,272 @@ +/* + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_STORE_H +# define OPENSSL_STORE_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_OSSL_STORE_H +# endif + +# include +# include +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +/*- + * The main OSSL_STORE functions. + * ------------------------------ + * + * These allow applications to open a channel to a resource with supported + * data (keys, certs, crls, ...), read the data a piece at a time and decide + * what to do with it, and finally close. + */ + +typedef struct ossl_store_ctx_st OSSL_STORE_CTX; + +/* + * Typedef for the OSSL_STORE_INFO post processing callback. This can be used + * to massage the given OSSL_STORE_INFO, or to drop it entirely (by returning + * NULL). + */ +typedef OSSL_STORE_INFO *(*OSSL_STORE_post_process_info_fn)(OSSL_STORE_INFO *, + void *); + +/* + * Open a channel given a URI. The given UI method will be used any time the + * loader needs extra input, for example when a password or pin is needed, and + * will be passed the same user data every time it's needed in this context. + * + * Returns a context reference which represents the channel to communicate + * through. + */ +OSSL_STORE_CTX *OSSL_STORE_open(const char *uri, const UI_METHOD *ui_method, + void *ui_data, + OSSL_STORE_post_process_info_fn post_process, + void *post_process_data); + +/* + * Control / fine tune the OSSL_STORE channel. |cmd| determines what is to be + * done, and depends on the underlying loader (use OSSL_STORE_get0_scheme to + * determine which loader is used), except for common commands (see below). + * Each command takes different arguments. + */ +int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd, ... /* args */); +int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd, va_list args); + +/* + * Common ctrl commands that different loaders may choose to support. + */ +/* int on = 0 or 1; STORE_ctrl(ctx, STORE_C_USE_SECMEM, &on); */ +# define OSSL_STORE_C_USE_SECMEM 1 +/* Where custom commands start */ +# define OSSL_STORE_C_CUSTOM_START 100 + +/* + * Read one data item (a key, a cert, a CRL) that is supported by the OSSL_STORE + * functionality, given a context. + * Returns a OSSL_STORE_INFO pointer, from which OpenSSL typed data can be + * extracted with OSSL_STORE_INFO_get0_PKEY(), OSSL_STORE_INFO_get0_CERT(), ... + * NULL is returned on error, which may include that the data found at the URI + * can't be figured out for certain or is ambiguous. + */ +OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx); + +/* + * Check if end of data (end of file) is reached + * Returns 1 on end, 0 otherwise. + */ +int OSSL_STORE_eof(OSSL_STORE_CTX *ctx); + +/* + * Check if an error occurred + * Returns 1 if it did, 0 otherwise. + */ +int OSSL_STORE_error(OSSL_STORE_CTX *ctx); + +/* + * Close the channel + * Returns 1 on success, 0 on error. + */ +int OSSL_STORE_close(OSSL_STORE_CTX *ctx); + + +/*- + * Extracting OpenSSL types from and creating new OSSL_STORE_INFOs + * --------------------------------------------------------------- + */ + +/* + * Types of data that can be ossl_stored in a OSSL_STORE_INFO. + * OSSL_STORE_INFO_NAME is typically found when getting a listing of + * available "files" / "tokens" / what have you. + */ +# define OSSL_STORE_INFO_NAME 1 /* char * */ +# define OSSL_STORE_INFO_PARAMS 2 /* EVP_PKEY * */ +# define OSSL_STORE_INFO_PKEY 3 /* EVP_PKEY * */ +# define OSSL_STORE_INFO_CERT 4 /* X509 * */ +# define OSSL_STORE_INFO_CRL 5 /* X509_CRL * */ + +/* + * Functions to generate OSSL_STORE_INFOs, one function for each type we + * support having in them, as well as a generic constructor. + * + * In all cases, ownership of the object is transferred to the OSSL_STORE_INFO + * and will therefore be freed when the OSSL_STORE_INFO is freed. + */ +OSSL_STORE_INFO *OSSL_STORE_INFO_new_NAME(char *name); +int OSSL_STORE_INFO_set0_NAME_description(OSSL_STORE_INFO *info, char *desc); +OSSL_STORE_INFO *OSSL_STORE_INFO_new_PARAMS(EVP_PKEY *params); +OSSL_STORE_INFO *OSSL_STORE_INFO_new_PKEY(EVP_PKEY *pkey); +OSSL_STORE_INFO *OSSL_STORE_INFO_new_CERT(X509 *x509); +OSSL_STORE_INFO *OSSL_STORE_INFO_new_CRL(X509_CRL *crl); + +/* + * Functions to try to extract data from a OSSL_STORE_INFO. + */ +int OSSL_STORE_INFO_get_type(const OSSL_STORE_INFO *info); +const char *OSSL_STORE_INFO_get0_NAME(const OSSL_STORE_INFO *info); +char *OSSL_STORE_INFO_get1_NAME(const OSSL_STORE_INFO *info); +const char *OSSL_STORE_INFO_get0_NAME_description(const OSSL_STORE_INFO *info); +char *OSSL_STORE_INFO_get1_NAME_description(const OSSL_STORE_INFO *info); +EVP_PKEY *OSSL_STORE_INFO_get0_PARAMS(const OSSL_STORE_INFO *info); +EVP_PKEY *OSSL_STORE_INFO_get1_PARAMS(const OSSL_STORE_INFO *info); +EVP_PKEY *OSSL_STORE_INFO_get0_PKEY(const OSSL_STORE_INFO *info); +EVP_PKEY *OSSL_STORE_INFO_get1_PKEY(const OSSL_STORE_INFO *info); +X509 *OSSL_STORE_INFO_get0_CERT(const OSSL_STORE_INFO *info); +X509 *OSSL_STORE_INFO_get1_CERT(const OSSL_STORE_INFO *info); +X509_CRL *OSSL_STORE_INFO_get0_CRL(const OSSL_STORE_INFO *info); +X509_CRL *OSSL_STORE_INFO_get1_CRL(const OSSL_STORE_INFO *info); + +const char *OSSL_STORE_INFO_type_string(int type); + +/* + * Free the OSSL_STORE_INFO + */ +void OSSL_STORE_INFO_free(OSSL_STORE_INFO *info); + + +/*- + * Functions to construct a search URI from a base URI and search criteria + * ----------------------------------------------------------------------- + */ + +/* OSSL_STORE search types */ +# define OSSL_STORE_SEARCH_BY_NAME 1 /* subject in certs, issuer in CRLs */ +# define OSSL_STORE_SEARCH_BY_ISSUER_SERIAL 2 +# define OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT 3 +# define OSSL_STORE_SEARCH_BY_ALIAS 4 + +/* To check what search types the scheme handler supports */ +int OSSL_STORE_supports_search(OSSL_STORE_CTX *ctx, int search_type); + +/* Search term constructors */ +/* + * The input is considered to be owned by the caller, and must therefore + * remain present throughout the lifetime of the returned OSSL_STORE_SEARCH + */ +OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_name(X509_NAME *name); +OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_issuer_serial(X509_NAME *name, + const ASN1_INTEGER + *serial); +OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_key_fingerprint(const EVP_MD *digest, + const unsigned char + *bytes, size_t len); +OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_alias(const char *alias); + +/* Search term destructor */ +void OSSL_STORE_SEARCH_free(OSSL_STORE_SEARCH *search); + +/* Search term accessors */ +int OSSL_STORE_SEARCH_get_type(const OSSL_STORE_SEARCH *criterion); +X509_NAME *OSSL_STORE_SEARCH_get0_name(const OSSL_STORE_SEARCH *criterion); +const ASN1_INTEGER *OSSL_STORE_SEARCH_get0_serial(const OSSL_STORE_SEARCH + *criterion); +const unsigned char *OSSL_STORE_SEARCH_get0_bytes(const OSSL_STORE_SEARCH + *criterion, size_t *length); +const char *OSSL_STORE_SEARCH_get0_string(const OSSL_STORE_SEARCH *criterion); +const EVP_MD *OSSL_STORE_SEARCH_get0_digest(const OSSL_STORE_SEARCH *criterion); + +/* + * Add search criterion and expected return type (which can be unspecified) + * to the loading channel. This MUST happen before the first OSSL_STORE_load(). + */ +int OSSL_STORE_expect(OSSL_STORE_CTX *ctx, int expected_type); +int OSSL_STORE_find(OSSL_STORE_CTX *ctx, const OSSL_STORE_SEARCH *search); + + +/*- + * Function to register a loader for the given URI scheme. + * ------------------------------------------------------- + * + * The loader receives all the main components of an URI except for the + * scheme. + */ + +typedef struct ossl_store_loader_st OSSL_STORE_LOADER; +OSSL_STORE_LOADER *OSSL_STORE_LOADER_new(ENGINE *e, const char *scheme); +const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER *loader); +const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader); +/* struct ossl_store_loader_ctx_st is defined differently by each loader */ +typedef struct ossl_store_loader_ctx_st OSSL_STORE_LOADER_CTX; +typedef OSSL_STORE_LOADER_CTX *(*OSSL_STORE_open_fn)(const OSSL_STORE_LOADER + *loader, + const char *uri, + const UI_METHOD *ui_method, + void *ui_data); +int OSSL_STORE_LOADER_set_open(OSSL_STORE_LOADER *loader, + OSSL_STORE_open_fn open_function); +typedef int (*OSSL_STORE_ctrl_fn)(OSSL_STORE_LOADER_CTX *ctx, int cmd, + va_list args); +int OSSL_STORE_LOADER_set_ctrl(OSSL_STORE_LOADER *loader, + OSSL_STORE_ctrl_fn ctrl_function); +typedef int (*OSSL_STORE_expect_fn)(OSSL_STORE_LOADER_CTX *ctx, int expected); +int OSSL_STORE_LOADER_set_expect(OSSL_STORE_LOADER *loader, + OSSL_STORE_expect_fn expect_function); +typedef int (*OSSL_STORE_find_fn)(OSSL_STORE_LOADER_CTX *ctx, + const OSSL_STORE_SEARCH *criteria); +int OSSL_STORE_LOADER_set_find(OSSL_STORE_LOADER *loader, + OSSL_STORE_find_fn find_function); +typedef OSSL_STORE_INFO *(*OSSL_STORE_load_fn)(OSSL_STORE_LOADER_CTX *ctx, + const UI_METHOD *ui_method, + void *ui_data); +int OSSL_STORE_LOADER_set_load(OSSL_STORE_LOADER *loader, + OSSL_STORE_load_fn load_function); +typedef int (*OSSL_STORE_eof_fn)(OSSL_STORE_LOADER_CTX *ctx); +int OSSL_STORE_LOADER_set_eof(OSSL_STORE_LOADER *loader, + OSSL_STORE_eof_fn eof_function); +typedef int (*OSSL_STORE_error_fn)(OSSL_STORE_LOADER_CTX *ctx); +int OSSL_STORE_LOADER_set_error(OSSL_STORE_LOADER *loader, + OSSL_STORE_error_fn error_function); +typedef int (*OSSL_STORE_close_fn)(OSSL_STORE_LOADER_CTX *ctx); +int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *loader, + OSSL_STORE_close_fn close_function); +void OSSL_STORE_LOADER_free(OSSL_STORE_LOADER *loader); + +int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader); +OSSL_STORE_LOADER *OSSL_STORE_unregister_loader(const char *scheme); + +/*- + * Functions to list STORE loaders + * ------------------------------- + */ +int OSSL_STORE_do_all_loaders(void (*do_function) (const OSSL_STORE_LOADER + *loader, void *do_arg), + void *do_arg); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/linux_amd64/ssl/include/openssl/storeerr.h b/linux_amd64/ssl/include/openssl/storeerr.h new file mode 100644 index 0000000..cb7304d --- /dev/null +++ b/linux_amd64/ssl/include/openssl/storeerr.h @@ -0,0 +1,99 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_STOREERR_H +# define OPENSSL_STOREERR_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_OSSL_STOREERR_H +# endif + +# include +# include + + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_OSSL_STORE_strings(void); + +/* + * OSSL_STORE function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define OSSL_STORE_F_FILE_CTRL 0 +# define OSSL_STORE_F_FILE_FIND 0 +# define OSSL_STORE_F_FILE_GET_PASS 0 +# define OSSL_STORE_F_FILE_LOAD 0 +# define OSSL_STORE_F_FILE_LOAD_TRY_DECODE 0 +# define OSSL_STORE_F_FILE_NAME_TO_URI 0 +# define OSSL_STORE_F_FILE_OPEN 0 +# define OSSL_STORE_F_OSSL_STORE_ATTACH_PEM_BIO 0 +# define OSSL_STORE_F_OSSL_STORE_EXPECT 0 +# define OSSL_STORE_F_OSSL_STORE_FILE_ATTACH_PEM_BIO_INT 0 +# define OSSL_STORE_F_OSSL_STORE_FIND 0 +# define OSSL_STORE_F_OSSL_STORE_GET0_LOADER_INT 0 +# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_CERT 0 +# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_CRL 0 +# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME 0 +# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME_DESCRIPTION 0 +# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_PARAMS 0 +# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_PKEY 0 +# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_CERT 0 +# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_CRL 0 +# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_EMBEDDED 0 +# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_NAME 0 +# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_PARAMS 0 +# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_PKEY 0 +# define OSSL_STORE_F_OSSL_STORE_INFO_SET0_NAME_DESCRIPTION 0 +# define OSSL_STORE_F_OSSL_STORE_INIT_ONCE 0 +# define OSSL_STORE_F_OSSL_STORE_LOADER_NEW 0 +# define OSSL_STORE_F_OSSL_STORE_OPEN 0 +# define OSSL_STORE_F_OSSL_STORE_OPEN_INT 0 +# define OSSL_STORE_F_OSSL_STORE_REGISTER_LOADER_INT 0 +# define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ALIAS 0 +# define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ISSUER_SERIAL 0 +# define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT 0 +# define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_NAME 0 +# define OSSL_STORE_F_OSSL_STORE_UNREGISTER_LOADER_INT 0 +# define OSSL_STORE_F_TRY_DECODE_PARAMS 0 +# define OSSL_STORE_F_TRY_DECODE_PKCS12 0 +# define OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED 0 +# endif + +/* + * OSSL_STORE reason codes. + */ +# define OSSL_STORE_R_AMBIGUOUS_CONTENT_TYPE 107 +# define OSSL_STORE_R_BAD_PASSWORD_READ 115 +# define OSSL_STORE_R_ERROR_VERIFYING_PKCS12_MAC 113 +# define OSSL_STORE_R_FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST 121 +# define OSSL_STORE_R_INVALID_SCHEME 106 +# define OSSL_STORE_R_IS_NOT_A 112 +# define OSSL_STORE_R_LOADER_INCOMPLETE 116 +# define OSSL_STORE_R_LOADING_STARTED 117 +# define OSSL_STORE_R_NOT_A_CERTIFICATE 100 +# define OSSL_STORE_R_NOT_A_CRL 101 +# define OSSL_STORE_R_NOT_A_KEY 102 +# define OSSL_STORE_R_NOT_A_NAME 103 +# define OSSL_STORE_R_NOT_PARAMETERS 104 +# define OSSL_STORE_R_PASSPHRASE_CALLBACK_ERROR 114 +# define OSSL_STORE_R_PATH_MUST_BE_ABSOLUTE 108 +# define OSSL_STORE_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES 119 +# define OSSL_STORE_R_UI_PROCESS_INTERRUPTED_OR_CANCELLED 109 +# define OSSL_STORE_R_UNREGISTERED_SCHEME 105 +# define OSSL_STORE_R_UNSUPPORTED_CONTENT_TYPE 110 +# define OSSL_STORE_R_UNSUPPORTED_OPERATION 118 +# define OSSL_STORE_R_UNSUPPORTED_SEARCH_TYPE 120 +# define OSSL_STORE_R_URI_AUTHORITY_UNSUPPORTED 111 + +#endif diff --git a/linux_amd64/ssl/include/openssl/symhacks.h b/linux_amd64/ssl/include/openssl/symhacks.h new file mode 100644 index 0000000..d3eacc2 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/symhacks.h @@ -0,0 +1,43 @@ +/* + * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_SYMHACKS_H +# define OPENSSL_SYMHACKS_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_SYMHACKS_H +# endif + +# include + +/* Case insensitive linking causes problems.... */ +# if defined(OPENSSL_SYS_VMS) +# undef ERR_load_CRYPTO_strings +# define ERR_load_CRYPTO_strings ERR_load_CRYPTOlib_strings +# undef OCSP_crlID_new +# define OCSP_crlID_new OCSP_crlID2_new + +# undef d2i_ECPARAMETERS +# define d2i_ECPARAMETERS d2i_UC_ECPARAMETERS +# undef i2d_ECPARAMETERS +# define i2d_ECPARAMETERS i2d_UC_ECPARAMETERS +# undef d2i_ECPKPARAMETERS +# define d2i_ECPKPARAMETERS d2i_UC_ECPKPARAMETERS +# undef i2d_ECPKPARAMETERS +# define i2d_ECPKPARAMETERS i2d_UC_ECPKPARAMETERS + +/* This one clashes with CMS_data_create */ +# undef cms_Data_create +# define cms_Data_create priv_cms_Data_create + +# endif + +#endif /* ! defined HEADER_VMS_IDHACKS_H */ diff --git a/linux_amd64/ssl/include/openssl/tls1.h b/linux_amd64/ssl/include/openssl/tls1.h new file mode 100644 index 0000000..9181e0d --- /dev/null +++ b/linux_amd64/ssl/include/openssl/tls1.h @@ -0,0 +1,1218 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * Copyright 2005 Nokia. All rights reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_TLS1_H +# define OPENSSL_TLS1_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_TLS1_H +# endif + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* Default security level if not overridden at config time */ +# ifndef OPENSSL_TLS_SECURITY_LEVEL +# define OPENSSL_TLS_SECURITY_LEVEL 1 +# endif + +# define TLS1_VERSION 0x0301 +# define TLS1_1_VERSION 0x0302 +# define TLS1_2_VERSION 0x0303 +# define TLS1_3_VERSION 0x0304 +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define TLS_MAX_VERSION TLS1_3_VERSION +# endif + +/* Special value for method supporting multiple versions */ +# define TLS_ANY_VERSION 0x10000 + +# define TLS1_VERSION_MAJOR 0x03 +# define TLS1_VERSION_MINOR 0x01 + +# define TLS1_1_VERSION_MAJOR 0x03 +# define TLS1_1_VERSION_MINOR 0x02 + +# define TLS1_2_VERSION_MAJOR 0x03 +# define TLS1_2_VERSION_MINOR 0x03 + +# define TLS1_get_version(s) \ + ((SSL_version(s) >> 8) == TLS1_VERSION_MAJOR ? SSL_version(s) : 0) + +# define TLS1_get_client_version(s) \ + ((SSL_client_version(s) >> 8) == TLS1_VERSION_MAJOR ? SSL_client_version(s) : 0) + +# define TLS1_AD_DECRYPTION_FAILED 21 +# define TLS1_AD_RECORD_OVERFLOW 22 +# define TLS1_AD_UNKNOWN_CA 48/* fatal */ +# define TLS1_AD_ACCESS_DENIED 49/* fatal */ +# define TLS1_AD_DECODE_ERROR 50/* fatal */ +# define TLS1_AD_DECRYPT_ERROR 51 +# define TLS1_AD_EXPORT_RESTRICTION 60/* fatal */ +# define TLS1_AD_PROTOCOL_VERSION 70/* fatal */ +# define TLS1_AD_INSUFFICIENT_SECURITY 71/* fatal */ +# define TLS1_AD_INTERNAL_ERROR 80/* fatal */ +# define TLS1_AD_INAPPROPRIATE_FALLBACK 86/* fatal */ +# define TLS1_AD_USER_CANCELLED 90 +# define TLS1_AD_NO_RENEGOTIATION 100 +/* TLSv1.3 alerts */ +# define TLS13_AD_MISSING_EXTENSION 109 /* fatal */ +# define TLS13_AD_CERTIFICATE_REQUIRED 116 /* fatal */ +/* codes 110-114 are from RFC3546 */ +# define TLS1_AD_UNSUPPORTED_EXTENSION 110 +# define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111 +# define TLS1_AD_UNRECOGNIZED_NAME 112 +# define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113 +# define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114 +# define TLS1_AD_UNKNOWN_PSK_IDENTITY 115/* fatal */ +# define TLS1_AD_NO_APPLICATION_PROTOCOL 120 /* fatal */ + +/* ExtensionType values from RFC3546 / RFC4366 / RFC6066 */ +# define TLSEXT_TYPE_server_name 0 +# define TLSEXT_TYPE_max_fragment_length 1 +# define TLSEXT_TYPE_client_certificate_url 2 +# define TLSEXT_TYPE_trusted_ca_keys 3 +# define TLSEXT_TYPE_truncated_hmac 4 +# define TLSEXT_TYPE_status_request 5 +/* ExtensionType values from RFC4681 */ +# define TLSEXT_TYPE_user_mapping 6 +/* ExtensionType values from RFC5878 */ +# define TLSEXT_TYPE_client_authz 7 +# define TLSEXT_TYPE_server_authz 8 +/* ExtensionType values from RFC6091 */ +# define TLSEXT_TYPE_cert_type 9 + +/* ExtensionType values from RFC4492 */ +/* + * Prior to TLSv1.3 the supported_groups extension was known as + * elliptic_curves + */ +# define TLSEXT_TYPE_supported_groups 10 +# define TLSEXT_TYPE_elliptic_curves TLSEXT_TYPE_supported_groups +# define TLSEXT_TYPE_ec_point_formats 11 + + +/* ExtensionType value from RFC5054 */ +# define TLSEXT_TYPE_srp 12 + +/* ExtensionType values from RFC5246 */ +# define TLSEXT_TYPE_signature_algorithms 13 + +/* ExtensionType value from RFC5764 */ +# define TLSEXT_TYPE_use_srtp 14 + +/* ExtensionType value from RFC7301 */ +# define TLSEXT_TYPE_application_layer_protocol_negotiation 16 + +/* + * Extension type for Certificate Transparency + * https://tools.ietf.org/html/rfc6962#section-3.3.1 + */ +# define TLSEXT_TYPE_signed_certificate_timestamp 18 + +/* + * ExtensionType value for TLS padding extension. + * http://tools.ietf.org/html/draft-agl-tls-padding + */ +# define TLSEXT_TYPE_padding 21 + +/* ExtensionType value from RFC7366 */ +# define TLSEXT_TYPE_encrypt_then_mac 22 + +/* ExtensionType value from RFC7627 */ +# define TLSEXT_TYPE_extended_master_secret 23 + +/* ExtensionType value from RFC4507 */ +# define TLSEXT_TYPE_session_ticket 35 + +/* As defined for TLS1.3 */ +# define TLSEXT_TYPE_psk 41 +# define TLSEXT_TYPE_early_data 42 +# define TLSEXT_TYPE_supported_versions 43 +# define TLSEXT_TYPE_cookie 44 +# define TLSEXT_TYPE_psk_kex_modes 45 +# define TLSEXT_TYPE_certificate_authorities 47 +# define TLSEXT_TYPE_post_handshake_auth 49 +# define TLSEXT_TYPE_signature_algorithms_cert 50 +# define TLSEXT_TYPE_key_share 51 + +/* Temporary extension type */ +# define TLSEXT_TYPE_renegotiate 0xff01 + +# ifndef OPENSSL_NO_NEXTPROTONEG +/* This is not an IANA defined extension number */ +# define TLSEXT_TYPE_next_proto_neg 13172 +# endif + +/* NameType value from RFC3546 */ +# define TLSEXT_NAMETYPE_host_name 0 +/* status request value from RFC3546 */ +# define TLSEXT_STATUSTYPE_ocsp 1 + +/* ECPointFormat values from RFC4492 */ +# define TLSEXT_ECPOINTFORMAT_first 0 +# define TLSEXT_ECPOINTFORMAT_uncompressed 0 +# define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime 1 +# define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 2 +# define TLSEXT_ECPOINTFORMAT_last 2 + +/* Signature and hash algorithms from RFC5246 */ +# define TLSEXT_signature_anonymous 0 +# define TLSEXT_signature_rsa 1 +# define TLSEXT_signature_dsa 2 +# define TLSEXT_signature_ecdsa 3 +# define TLSEXT_signature_gostr34102001 237 +# define TLSEXT_signature_gostr34102012_256 238 +# define TLSEXT_signature_gostr34102012_512 239 + +/* Total number of different signature algorithms */ +# define TLSEXT_signature_num 7 + +# define TLSEXT_hash_none 0 +# define TLSEXT_hash_md5 1 +# define TLSEXT_hash_sha1 2 +# define TLSEXT_hash_sha224 3 +# define TLSEXT_hash_sha256 4 +# define TLSEXT_hash_sha384 5 +# define TLSEXT_hash_sha512 6 +# define TLSEXT_hash_gostr3411 237 +# define TLSEXT_hash_gostr34112012_256 238 +# define TLSEXT_hash_gostr34112012_512 239 + +/* Total number of different digest algorithms */ + +# define TLSEXT_hash_num 10 + +/* Flag set for unrecognised algorithms */ +# define TLSEXT_nid_unknown 0x1000000 + +/* ECC curves */ + +# define TLSEXT_curve_P_256 23 +# define TLSEXT_curve_P_384 24 + +/* OpenSSL value to disable maximum fragment length extension */ +# define TLSEXT_max_fragment_length_DISABLED 0 +/* Allowed values for max fragment length extension */ +# define TLSEXT_max_fragment_length_512 1 +# define TLSEXT_max_fragment_length_1024 2 +# define TLSEXT_max_fragment_length_2048 3 +# define TLSEXT_max_fragment_length_4096 4 + +int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode); +int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode); + +# define TLSEXT_MAXLEN_host_name 255 + +__owur const char *SSL_get_servername(const SSL *s, const int type); +__owur int SSL_get_servername_type(const SSL *s); +/* + * SSL_export_keying_material exports a value derived from the master secret, + * as specified in RFC 5705. It writes |olen| bytes to |out| given a label and + * optional context. (Since a zero length context is allowed, the |use_context| + * flag controls whether a context is included.) It returns 1 on success and + * 0 or -1 otherwise. + */ +__owur int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, + const char *label, size_t llen, + const unsigned char *context, + size_t contextlen, int use_context); + +/* + * SSL_export_keying_material_early exports a value derived from the + * early exporter master secret, as specified in + * https://tools.ietf.org/html/draft-ietf-tls-tls13-23. It writes + * |olen| bytes to |out| given a label and optional context. It + * returns 1 on success and 0 otherwise. + */ +__owur int SSL_export_keying_material_early(SSL *s, unsigned char *out, + size_t olen, const char *label, + size_t llen, + const unsigned char *context, + size_t contextlen); + +int SSL_get_peer_signature_type_nid(const SSL *s, int *pnid); +int SSL_get_signature_type_nid(const SSL *s, int *pnid); + +int SSL_get_sigalgs(SSL *s, int idx, + int *psign, int *phash, int *psignandhash, + unsigned char *rsig, unsigned char *rhash); + +int SSL_get_shared_sigalgs(SSL *s, int idx, + int *psign, int *phash, int *psignandhash, + unsigned char *rsig, unsigned char *rhash); + +__owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain); + +# define SSL_set_tlsext_host_name(s,name) \ + SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,\ + (void *)name) + +# define SSL_set_tlsext_debug_callback(ssl, cb) \ + SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,\ + (void (*)(void))cb) + +# define SSL_set_tlsext_debug_arg(ssl, arg) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0,arg) + +# define SSL_get_tlsext_status_type(ssl) \ + SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE,0,NULL) + +# define SSL_set_tlsext_status_type(ssl, type) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type,NULL) + +# define SSL_get_tlsext_status_exts(ssl, arg) \ + SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS,0,arg) + +# define SSL_set_tlsext_status_exts(ssl, arg) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS,0,arg) + +# define SSL_get_tlsext_status_ids(ssl, arg) \ + SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS,0,arg) + +# define SSL_set_tlsext_status_ids(ssl, arg) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS,0,arg) + +# define SSL_get_tlsext_status_ocsp_resp(ssl, arg) \ + SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP,0,arg) + +# define SSL_set_tlsext_status_ocsp_resp(ssl, arg, arglen) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,arglen,arg) + +# define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \ + SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,\ + (void (*)(void))cb) + +# define SSL_TLSEXT_ERR_OK 0 +# define SSL_TLSEXT_ERR_ALERT_WARNING 1 +# define SSL_TLSEXT_ERR_ALERT_FATAL 2 +# define SSL_TLSEXT_ERR_NOACK 3 + +# define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0,arg) + +# define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_TLSEXT_TICKET_KEYS,keylen,keys) +# define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_TICKET_KEYS,keylen,keys) + +# define SSL_CTX_get_tlsext_status_cb(ssl, cb) \ + SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB,0,(void *)cb) +# define SSL_CTX_set_tlsext_status_cb(ssl, cb) \ + SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,\ + (void (*)(void))cb) + +# define SSL_CTX_get_tlsext_status_arg(ssl, arg) \ + SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG,0,arg) +# define SSL_CTX_set_tlsext_status_arg(ssl, arg) \ + SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0,arg) + +# define SSL_CTX_set_tlsext_status_type(ssl, type) \ + SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type,NULL) + +# define SSL_CTX_get_tlsext_status_type(ssl) \ + SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE,0,NULL) + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \ + SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,\ + (void (*)(void))cb) +# endif +int SSL_CTX_set_tlsext_ticket_key_evp_cb + (SSL_CTX *ctx, int (*fp)(SSL *, unsigned char *, unsigned char *, + EVP_CIPHER_CTX *, EVP_MAC_CTX *, int)); + +/* PSK ciphersuites from 4279 */ +# define TLS1_CK_PSK_WITH_RC4_128_SHA 0x0300008A +# define TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA 0x0300008B +# define TLS1_CK_PSK_WITH_AES_128_CBC_SHA 0x0300008C +# define TLS1_CK_PSK_WITH_AES_256_CBC_SHA 0x0300008D +# define TLS1_CK_DHE_PSK_WITH_RC4_128_SHA 0x0300008E +# define TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA 0x0300008F +# define TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA 0x03000090 +# define TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA 0x03000091 +# define TLS1_CK_RSA_PSK_WITH_RC4_128_SHA 0x03000092 +# define TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA 0x03000093 +# define TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA 0x03000094 +# define TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA 0x03000095 + +/* PSK ciphersuites from 5487 */ +# define TLS1_CK_PSK_WITH_AES_128_GCM_SHA256 0x030000A8 +# define TLS1_CK_PSK_WITH_AES_256_GCM_SHA384 0x030000A9 +# define TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256 0x030000AA +# define TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384 0x030000AB +# define TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256 0x030000AC +# define TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384 0x030000AD +# define TLS1_CK_PSK_WITH_AES_128_CBC_SHA256 0x030000AE +# define TLS1_CK_PSK_WITH_AES_256_CBC_SHA384 0x030000AF +# define TLS1_CK_PSK_WITH_NULL_SHA256 0x030000B0 +# define TLS1_CK_PSK_WITH_NULL_SHA384 0x030000B1 +# define TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256 0x030000B2 +# define TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384 0x030000B3 +# define TLS1_CK_DHE_PSK_WITH_NULL_SHA256 0x030000B4 +# define TLS1_CK_DHE_PSK_WITH_NULL_SHA384 0x030000B5 +# define TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256 0x030000B6 +# define TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384 0x030000B7 +# define TLS1_CK_RSA_PSK_WITH_NULL_SHA256 0x030000B8 +# define TLS1_CK_RSA_PSK_WITH_NULL_SHA384 0x030000B9 + +/* NULL PSK ciphersuites from RFC4785 */ +# define TLS1_CK_PSK_WITH_NULL_SHA 0x0300002C +# define TLS1_CK_DHE_PSK_WITH_NULL_SHA 0x0300002D +# define TLS1_CK_RSA_PSK_WITH_NULL_SHA 0x0300002E + +/* AES ciphersuites from RFC3268 */ +# define TLS1_CK_RSA_WITH_AES_128_SHA 0x0300002F +# define TLS1_CK_DH_DSS_WITH_AES_128_SHA 0x03000030 +# define TLS1_CK_DH_RSA_WITH_AES_128_SHA 0x03000031 +# define TLS1_CK_DHE_DSS_WITH_AES_128_SHA 0x03000032 +# define TLS1_CK_DHE_RSA_WITH_AES_128_SHA 0x03000033 +# define TLS1_CK_ADH_WITH_AES_128_SHA 0x03000034 +# define TLS1_CK_RSA_WITH_AES_256_SHA 0x03000035 +# define TLS1_CK_DH_DSS_WITH_AES_256_SHA 0x03000036 +# define TLS1_CK_DH_RSA_WITH_AES_256_SHA 0x03000037 +# define TLS1_CK_DHE_DSS_WITH_AES_256_SHA 0x03000038 +# define TLS1_CK_DHE_RSA_WITH_AES_256_SHA 0x03000039 +# define TLS1_CK_ADH_WITH_AES_256_SHA 0x0300003A + +/* TLS v1.2 ciphersuites */ +# define TLS1_CK_RSA_WITH_NULL_SHA256 0x0300003B +# define TLS1_CK_RSA_WITH_AES_128_SHA256 0x0300003C +# define TLS1_CK_RSA_WITH_AES_256_SHA256 0x0300003D +# define TLS1_CK_DH_DSS_WITH_AES_128_SHA256 0x0300003E +# define TLS1_CK_DH_RSA_WITH_AES_128_SHA256 0x0300003F +# define TLS1_CK_DHE_DSS_WITH_AES_128_SHA256 0x03000040 + +/* Camellia ciphersuites from RFC4132 */ +# define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000041 +# define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000042 +# define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000043 +# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000044 +# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000045 +# define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA 0x03000046 + +/* TLS v1.2 ciphersuites */ +# define TLS1_CK_DHE_RSA_WITH_AES_128_SHA256 0x03000067 +# define TLS1_CK_DH_DSS_WITH_AES_256_SHA256 0x03000068 +# define TLS1_CK_DH_RSA_WITH_AES_256_SHA256 0x03000069 +# define TLS1_CK_DHE_DSS_WITH_AES_256_SHA256 0x0300006A +# define TLS1_CK_DHE_RSA_WITH_AES_256_SHA256 0x0300006B +# define TLS1_CK_ADH_WITH_AES_128_SHA256 0x0300006C +# define TLS1_CK_ADH_WITH_AES_256_SHA256 0x0300006D + +/* Camellia ciphersuites from RFC4132 */ +# define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000084 +# define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000085 +# define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000086 +# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000087 +# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000088 +# define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA 0x03000089 + +/* SEED ciphersuites from RFC4162 */ +# define TLS1_CK_RSA_WITH_SEED_SHA 0x03000096 +# define TLS1_CK_DH_DSS_WITH_SEED_SHA 0x03000097 +# define TLS1_CK_DH_RSA_WITH_SEED_SHA 0x03000098 +# define TLS1_CK_DHE_DSS_WITH_SEED_SHA 0x03000099 +# define TLS1_CK_DHE_RSA_WITH_SEED_SHA 0x0300009A +# define TLS1_CK_ADH_WITH_SEED_SHA 0x0300009B + +/* TLS v1.2 GCM ciphersuites from RFC5288 */ +# define TLS1_CK_RSA_WITH_AES_128_GCM_SHA256 0x0300009C +# define TLS1_CK_RSA_WITH_AES_256_GCM_SHA384 0x0300009D +# define TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256 0x0300009E +# define TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384 0x0300009F +# define TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256 0x030000A0 +# define TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384 0x030000A1 +# define TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256 0x030000A2 +# define TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384 0x030000A3 +# define TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256 0x030000A4 +# define TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384 0x030000A5 +# define TLS1_CK_ADH_WITH_AES_128_GCM_SHA256 0x030000A6 +# define TLS1_CK_ADH_WITH_AES_256_GCM_SHA384 0x030000A7 + +/* CCM ciphersuites from RFC6655 */ +# define TLS1_CK_RSA_WITH_AES_128_CCM 0x0300C09C +# define TLS1_CK_RSA_WITH_AES_256_CCM 0x0300C09D +# define TLS1_CK_DHE_RSA_WITH_AES_128_CCM 0x0300C09E +# define TLS1_CK_DHE_RSA_WITH_AES_256_CCM 0x0300C09F +# define TLS1_CK_RSA_WITH_AES_128_CCM_8 0x0300C0A0 +# define TLS1_CK_RSA_WITH_AES_256_CCM_8 0x0300C0A1 +# define TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8 0x0300C0A2 +# define TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8 0x0300C0A3 +# define TLS1_CK_PSK_WITH_AES_128_CCM 0x0300C0A4 +# define TLS1_CK_PSK_WITH_AES_256_CCM 0x0300C0A5 +# define TLS1_CK_DHE_PSK_WITH_AES_128_CCM 0x0300C0A6 +# define TLS1_CK_DHE_PSK_WITH_AES_256_CCM 0x0300C0A7 +# define TLS1_CK_PSK_WITH_AES_128_CCM_8 0x0300C0A8 +# define TLS1_CK_PSK_WITH_AES_256_CCM_8 0x0300C0A9 +# define TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8 0x0300C0AA +# define TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8 0x0300C0AB + +/* CCM ciphersuites from RFC7251 */ +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM 0x0300C0AC +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM 0x0300C0AD +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8 0x0300C0AE +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8 0x0300C0AF + +/* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */ +# define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BA +# define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 0x030000BB +# define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BC +# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 0x030000BD +# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BE +# define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256 0x030000BF + +# define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x030000C0 +# define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 0x030000C1 +# define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x030000C2 +# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 0x030000C3 +# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x030000C4 +# define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256 0x030000C5 + +/* ECC ciphersuites from RFC4492 */ +# define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001 +# define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002 +# define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C003 +# define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0x0300C004 +# define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0x0300C005 + +# define TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA 0x0300C006 +# define TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA 0x0300C007 +# define TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C008 +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0x0300C009 +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0x0300C00A + +# define TLS1_CK_ECDH_RSA_WITH_NULL_SHA 0x0300C00B +# define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA 0x0300C00C +# define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA 0x0300C00D +# define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA 0x0300C00E +# define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA 0x0300C00F + +# define TLS1_CK_ECDHE_RSA_WITH_NULL_SHA 0x0300C010 +# define TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA 0x0300C011 +# define TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA 0x0300C012 +# define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA 0x0300C013 +# define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA 0x0300C014 + +# define TLS1_CK_ECDH_anon_WITH_NULL_SHA 0x0300C015 +# define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA 0x0300C016 +# define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA 0x0300C017 +# define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA 0x0300C018 +# define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA 0x0300C019 + +/* SRP ciphersuites from RFC 5054 */ +# define TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA 0x0300C01A +# define TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA 0x0300C01B +# define TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA 0x0300C01C +# define TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA 0x0300C01D +# define TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA 0x0300C01E +# define TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA 0x0300C01F +# define TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA 0x0300C020 +# define TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA 0x0300C021 +# define TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA 0x0300C022 + +/* ECDH HMAC based ciphersuites from RFC5289 */ +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256 0x0300C023 +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384 0x0300C024 +# define TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256 0x0300C025 +# define TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384 0x0300C026 +# define TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256 0x0300C027 +# define TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384 0x0300C028 +# define TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256 0x0300C029 +# define TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384 0x0300C02A + +/* ECDH GCM based ciphersuites from RFC5289 */ +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02B +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02C +# define TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02D +# define TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02E +# define TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0x0300C02F +# define TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0x0300C030 +# define TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256 0x0300C031 +# define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384 0x0300C032 + +/* ECDHE PSK ciphersuites from RFC5489 */ +# define TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA 0x0300C033 +# define TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 0x0300C034 +# define TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA 0x0300C035 +# define TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA 0x0300C036 + +# define TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256 0x0300C037 +# define TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384 0x0300C038 + +/* NULL PSK ciphersuites from RFC4785 */ +# define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA 0x0300C039 +# define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256 0x0300C03A +# define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384 0x0300C03B + +/* Camellia-CBC ciphersuites from RFC6367 */ +# define TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C072 +# define TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C073 +# define TLS1_CK_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C074 +# define TLS1_CK_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C075 +# define TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C076 +# define TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C077 +# define TLS1_CK_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C078 +# define TLS1_CK_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C079 + +# define TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C094 +# define TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C095 +# define TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C096 +# define TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C097 +# define TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C098 +# define TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C099 +# define TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C09A +# define TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C09B + +/* draft-ietf-tls-chacha20-poly1305-03 */ +# define TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305 0x0300CCA8 +# define TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 0x0300CCA9 +# define TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305 0x0300CCAA +# define TLS1_CK_PSK_WITH_CHACHA20_POLY1305 0x0300CCAB +# define TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305 0x0300CCAC +# define TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305 0x0300CCAD +# define TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305 0x0300CCAE + +/* TLS v1.3 ciphersuites */ +# define TLS1_3_CK_AES_128_GCM_SHA256 0x03001301 +# define TLS1_3_CK_AES_256_GCM_SHA384 0x03001302 +# define TLS1_3_CK_CHACHA20_POLY1305_SHA256 0x03001303 +# define TLS1_3_CK_AES_128_CCM_SHA256 0x03001304 +# define TLS1_3_CK_AES_128_CCM_8_SHA256 0x03001305 + +/* Aria ciphersuites from RFC6209 */ +# define TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C050 +# define TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C051 +# define TLS1_CK_DHE_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C052 +# define TLS1_CK_DHE_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C053 +# define TLS1_CK_DH_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C054 +# define TLS1_CK_DH_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C055 +# define TLS1_CK_DHE_DSS_WITH_ARIA_128_GCM_SHA256 0x0300C056 +# define TLS1_CK_DHE_DSS_WITH_ARIA_256_GCM_SHA384 0x0300C057 +# define TLS1_CK_DH_DSS_WITH_ARIA_128_GCM_SHA256 0x0300C058 +# define TLS1_CK_DH_DSS_WITH_ARIA_256_GCM_SHA384 0x0300C059 +# define TLS1_CK_DH_anon_WITH_ARIA_128_GCM_SHA256 0x0300C05A +# define TLS1_CK_DH_anon_WITH_ARIA_256_GCM_SHA384 0x0300C05B +# define TLS1_CK_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 0x0300C05C +# define TLS1_CK_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 0x0300C05D +# define TLS1_CK_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 0x0300C05E +# define TLS1_CK_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 0x0300C05F +# define TLS1_CK_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C060 +# define TLS1_CK_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C061 +# define TLS1_CK_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C062 +# define TLS1_CK_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C063 +# define TLS1_CK_PSK_WITH_ARIA_128_GCM_SHA256 0x0300C06A +# define TLS1_CK_PSK_WITH_ARIA_256_GCM_SHA384 0x0300C06B +# define TLS1_CK_DHE_PSK_WITH_ARIA_128_GCM_SHA256 0x0300C06C +# define TLS1_CK_DHE_PSK_WITH_ARIA_256_GCM_SHA384 0x0300C06D +# define TLS1_CK_RSA_PSK_WITH_ARIA_128_GCM_SHA256 0x0300C06E +# define TLS1_CK_RSA_PSK_WITH_ARIA_256_GCM_SHA384 0x0300C06F + +/* a bundle of RFC standard cipher names, generated from ssl3_ciphers[] */ +# define TLS1_RFC_RSA_WITH_AES_128_SHA "TLS_RSA_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_DHE_DSS_WITH_AES_128_SHA "TLS_DHE_DSS_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_DHE_RSA_WITH_AES_128_SHA "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_ADH_WITH_AES_128_SHA "TLS_DH_anon_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_RSA_WITH_AES_256_SHA "TLS_RSA_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_DHE_DSS_WITH_AES_256_SHA "TLS_DHE_DSS_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_DHE_RSA_WITH_AES_256_SHA "TLS_DHE_RSA_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_ADH_WITH_AES_256_SHA "TLS_DH_anon_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_RSA_WITH_NULL_SHA256 "TLS_RSA_WITH_NULL_SHA256" +# define TLS1_RFC_RSA_WITH_AES_128_SHA256 "TLS_RSA_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_RSA_WITH_AES_256_SHA256 "TLS_RSA_WITH_AES_256_CBC_SHA256" +# define TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256 "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256 "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256" +# define TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" +# define TLS1_RFC_ADH_WITH_AES_128_SHA256 "TLS_DH_anon_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_ADH_WITH_AES_256_SHA256 "TLS_DH_anon_WITH_AES_256_CBC_SHA256" +# define TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256 "TLS_RSA_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384 "TLS_RSA_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256 "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384 "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256 "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384 "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256 "TLS_DH_anon_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384 "TLS_DH_anon_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_RSA_WITH_AES_128_CCM "TLS_RSA_WITH_AES_128_CCM" +# define TLS1_RFC_RSA_WITH_AES_256_CCM "TLS_RSA_WITH_AES_256_CCM" +# define TLS1_RFC_DHE_RSA_WITH_AES_128_CCM "TLS_DHE_RSA_WITH_AES_128_CCM" +# define TLS1_RFC_DHE_RSA_WITH_AES_256_CCM "TLS_DHE_RSA_WITH_AES_256_CCM" +# define TLS1_RFC_RSA_WITH_AES_128_CCM_8 "TLS_RSA_WITH_AES_128_CCM_8" +# define TLS1_RFC_RSA_WITH_AES_256_CCM_8 "TLS_RSA_WITH_AES_256_CCM_8" +# define TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8 "TLS_DHE_RSA_WITH_AES_128_CCM_8" +# define TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8 "TLS_DHE_RSA_WITH_AES_256_CCM_8" +# define TLS1_RFC_PSK_WITH_AES_128_CCM "TLS_PSK_WITH_AES_128_CCM" +# define TLS1_RFC_PSK_WITH_AES_256_CCM "TLS_PSK_WITH_AES_256_CCM" +# define TLS1_RFC_DHE_PSK_WITH_AES_128_CCM "TLS_DHE_PSK_WITH_AES_128_CCM" +# define TLS1_RFC_DHE_PSK_WITH_AES_256_CCM "TLS_DHE_PSK_WITH_AES_256_CCM" +# define TLS1_RFC_PSK_WITH_AES_128_CCM_8 "TLS_PSK_WITH_AES_128_CCM_8" +# define TLS1_RFC_PSK_WITH_AES_256_CCM_8 "TLS_PSK_WITH_AES_256_CCM_8" +# define TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8 "TLS_PSK_DHE_WITH_AES_128_CCM_8" +# define TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8 "TLS_PSK_DHE_WITH_AES_256_CCM_8" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM "TLS_ECDHE_ECDSA_WITH_AES_128_CCM" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM "TLS_ECDHE_ECDSA_WITH_AES_256_CCM" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8 "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8 "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8" +# define TLS1_3_RFC_AES_128_GCM_SHA256 "TLS_AES_128_GCM_SHA256" +# define TLS1_3_RFC_AES_256_GCM_SHA384 "TLS_AES_256_GCM_SHA384" +# define TLS1_3_RFC_CHACHA20_POLY1305_SHA256 "TLS_CHACHA20_POLY1305_SHA256" +# define TLS1_3_RFC_AES_128_CCM_SHA256 "TLS_AES_128_CCM_SHA256" +# define TLS1_3_RFC_AES_128_CCM_8_SHA256 "TLS_AES_128_CCM_8_SHA256" +# define TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA "TLS_ECDHE_ECDSA_WITH_NULL_SHA" +# define TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA "TLS_ECDHE_RSA_WITH_NULL_SHA" +# define TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_ECDH_anon_WITH_NULL_SHA "TLS_ECDH_anon_WITH_NULL_SHA" +# define TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA "TLS_ECDH_anon_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA "TLS_ECDH_anon_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384" +# define TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384 "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_PSK_WITH_NULL_SHA "TLS_PSK_WITH_NULL_SHA" +# define TLS1_RFC_DHE_PSK_WITH_NULL_SHA "TLS_DHE_PSK_WITH_NULL_SHA" +# define TLS1_RFC_RSA_PSK_WITH_NULL_SHA "TLS_RSA_PSK_WITH_NULL_SHA" +# define TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA "TLS_PSK_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_PSK_WITH_AES_128_CBC_SHA "TLS_PSK_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_PSK_WITH_AES_256_CBC_SHA "TLS_PSK_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA "TLS_DHE_PSK_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA "TLS_DHE_PSK_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA "TLS_RSA_PSK_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA "TLS_RSA_PSK_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256 "TLS_PSK_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384 "TLS_PSK_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256 "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384 "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256 "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384 "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256 "TLS_PSK_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384 "TLS_PSK_WITH_AES_256_CBC_SHA384" +# define TLS1_RFC_PSK_WITH_NULL_SHA256 "TLS_PSK_WITH_NULL_SHA256" +# define TLS1_RFC_PSK_WITH_NULL_SHA384 "TLS_PSK_WITH_NULL_SHA384" +# define TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256 "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384 "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384" +# define TLS1_RFC_DHE_PSK_WITH_NULL_SHA256 "TLS_DHE_PSK_WITH_NULL_SHA256" +# define TLS1_RFC_DHE_PSK_WITH_NULL_SHA384 "TLS_DHE_PSK_WITH_NULL_SHA384" +# define TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256 "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384 "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384" +# define TLS1_RFC_RSA_PSK_WITH_NULL_SHA256 "TLS_RSA_PSK_WITH_NULL_SHA256" +# define TLS1_RFC_RSA_PSK_WITH_NULL_SHA384 "TLS_RSA_PSK_WITH_NULL_SHA384" +# define TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256 "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384 "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384" +# define TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA "TLS_ECDHE_PSK_WITH_NULL_SHA" +# define TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256 "TLS_ECDHE_PSK_WITH_NULL_SHA256" +# define TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384 "TLS_ECDHE_PSK_WITH_NULL_SHA384" +# define TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA "TLS_SRP_SHA_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA "TLS_SRP_SHA_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305 "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256" +# define TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" +# define TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" +# define TLS1_RFC_PSK_WITH_CHACHA20_POLY1305 "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256" +# define TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305 "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256" +# define TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305 "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256" +# define TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305 "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256" +# define TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256 "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256 "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256 "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256" +# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256" +# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256" +# define TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256 "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256" +# define TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA" +# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA" +# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA" +# define TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA" +# define TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA" +# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA" +# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA" +# define TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA" +# define TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384" +# define TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384" +# define TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256 "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384 "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384" +# define TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384" +# define TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384" +# define TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384" +# define TLS1_RFC_RSA_WITH_SEED_SHA "TLS_RSA_WITH_SEED_CBC_SHA" +# define TLS1_RFC_DHE_DSS_WITH_SEED_SHA "TLS_DHE_DSS_WITH_SEED_CBC_SHA" +# define TLS1_RFC_DHE_RSA_WITH_SEED_SHA "TLS_DHE_RSA_WITH_SEED_CBC_SHA" +# define TLS1_RFC_ADH_WITH_SEED_SHA "TLS_DH_anon_WITH_SEED_CBC_SHA" +# define TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA "TLS_ECDHE_PSK_WITH_RC4_128_SHA" +# define TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA "TLS_ECDH_anon_WITH_RC4_128_SHA" +# define TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA" +# define TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA "TLS_ECDHE_RSA_WITH_RC4_128_SHA" +# define TLS1_RFC_PSK_WITH_RC4_128_SHA "TLS_PSK_WITH_RC4_128_SHA" +# define TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA "TLS_RSA_PSK_WITH_RC4_128_SHA" +# define TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA "TLS_DHE_PSK_WITH_RC4_128_SHA" +# define TLS1_RFC_RSA_WITH_ARIA_128_GCM_SHA256 "TLS_RSA_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_RSA_WITH_ARIA_256_GCM_SHA384 "TLS_RSA_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_DHE_RSA_WITH_ARIA_128_GCM_SHA256 "TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_DHE_RSA_WITH_ARIA_256_GCM_SHA384 "TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_DH_RSA_WITH_ARIA_128_GCM_SHA256 "TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_DH_RSA_WITH_ARIA_256_GCM_SHA384 "TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_DHE_DSS_WITH_ARIA_128_GCM_SHA256 "TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_DHE_DSS_WITH_ARIA_256_GCM_SHA384 "TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_DH_DSS_WITH_ARIA_128_GCM_SHA256 "TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_DH_DSS_WITH_ARIA_256_GCM_SHA384 "TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_DH_anon_WITH_ARIA_128_GCM_SHA256 "TLS_DH_anon_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_DH_anon_WITH_ARIA_256_GCM_SHA384 "TLS_DH_anon_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 "TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 "TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 "TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 "TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_PSK_WITH_ARIA_128_GCM_SHA256 "TLS_PSK_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_PSK_WITH_ARIA_256_GCM_SHA384 "TLS_PSK_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_DHE_PSK_WITH_ARIA_128_GCM_SHA256 "TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_DHE_PSK_WITH_ARIA_256_GCM_SHA384 "TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_RSA_PSK_WITH_ARIA_128_GCM_SHA256 "TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_RSA_PSK_WITH_ARIA_256_GCM_SHA384 "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384" + + +/* + * XXX Backward compatibility alert: Older versions of OpenSSL gave some DHE + * ciphers names with "EDH" instead of "DHE". Going forward, we should be + * using DHE everywhere, though we may indefinitely maintain aliases for + * users or configurations that used "EDH" + */ +# define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA "DHE-DSS-RC4-SHA" + +# define TLS1_TXT_PSK_WITH_NULL_SHA "PSK-NULL-SHA" +# define TLS1_TXT_DHE_PSK_WITH_NULL_SHA "DHE-PSK-NULL-SHA" +# define TLS1_TXT_RSA_PSK_WITH_NULL_SHA "RSA-PSK-NULL-SHA" + +/* AES ciphersuites from RFC3268 */ +# define TLS1_TXT_RSA_WITH_AES_128_SHA "AES128-SHA" +# define TLS1_TXT_DH_DSS_WITH_AES_128_SHA "DH-DSS-AES128-SHA" +# define TLS1_TXT_DH_RSA_WITH_AES_128_SHA "DH-RSA-AES128-SHA" +# define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA "DHE-DSS-AES128-SHA" +# define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA "DHE-RSA-AES128-SHA" +# define TLS1_TXT_ADH_WITH_AES_128_SHA "ADH-AES128-SHA" + +# define TLS1_TXT_RSA_WITH_AES_256_SHA "AES256-SHA" +# define TLS1_TXT_DH_DSS_WITH_AES_256_SHA "DH-DSS-AES256-SHA" +# define TLS1_TXT_DH_RSA_WITH_AES_256_SHA "DH-RSA-AES256-SHA" +# define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA "DHE-DSS-AES256-SHA" +# define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA "DHE-RSA-AES256-SHA" +# define TLS1_TXT_ADH_WITH_AES_256_SHA "ADH-AES256-SHA" + +/* ECC ciphersuites from RFC4492 */ +# define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA "ECDH-ECDSA-NULL-SHA" +# define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA "ECDH-ECDSA-RC4-SHA" +# define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA "ECDH-ECDSA-DES-CBC3-SHA" +# define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA "ECDH-ECDSA-AES128-SHA" +# define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA "ECDH-ECDSA-AES256-SHA" + +# define TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA "ECDHE-ECDSA-NULL-SHA" +# define TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA "ECDHE-ECDSA-RC4-SHA" +# define TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA "ECDHE-ECDSA-DES-CBC3-SHA" +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "ECDHE-ECDSA-AES128-SHA" +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA "ECDHE-ECDSA-AES256-SHA" + +# define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA "ECDH-RSA-NULL-SHA" +# define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA "ECDH-RSA-RC4-SHA" +# define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA "ECDH-RSA-DES-CBC3-SHA" +# define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA "ECDH-RSA-AES128-SHA" +# define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA "ECDH-RSA-AES256-SHA" + +# define TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA "ECDHE-RSA-NULL-SHA" +# define TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA "ECDHE-RSA-RC4-SHA" +# define TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA "ECDHE-RSA-DES-CBC3-SHA" +# define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA "ECDHE-RSA-AES128-SHA" +# define TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA "ECDHE-RSA-AES256-SHA" + +# define TLS1_TXT_ECDH_anon_WITH_NULL_SHA "AECDH-NULL-SHA" +# define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA "AECDH-RC4-SHA" +# define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA "AECDH-DES-CBC3-SHA" +# define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA "AECDH-AES128-SHA" +# define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA "AECDH-AES256-SHA" + +/* PSK ciphersuites from RFC 4279 */ +# define TLS1_TXT_PSK_WITH_RC4_128_SHA "PSK-RC4-SHA" +# define TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA "PSK-3DES-EDE-CBC-SHA" +# define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA "PSK-AES128-CBC-SHA" +# define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA "PSK-AES256-CBC-SHA" + +# define TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA "DHE-PSK-RC4-SHA" +# define TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA "DHE-PSK-3DES-EDE-CBC-SHA" +# define TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA "DHE-PSK-AES128-CBC-SHA" +# define TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA "DHE-PSK-AES256-CBC-SHA" +# define TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA "RSA-PSK-RC4-SHA" +# define TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA "RSA-PSK-3DES-EDE-CBC-SHA" +# define TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA "RSA-PSK-AES128-CBC-SHA" +# define TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA "RSA-PSK-AES256-CBC-SHA" + +/* PSK ciphersuites from RFC 5487 */ +# define TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256 "PSK-AES128-GCM-SHA256" +# define TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384 "PSK-AES256-GCM-SHA384" +# define TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256 "DHE-PSK-AES128-GCM-SHA256" +# define TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384 "DHE-PSK-AES256-GCM-SHA384" +# define TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256 "RSA-PSK-AES128-GCM-SHA256" +# define TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384 "RSA-PSK-AES256-GCM-SHA384" + +# define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256 "PSK-AES128-CBC-SHA256" +# define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384 "PSK-AES256-CBC-SHA384" +# define TLS1_TXT_PSK_WITH_NULL_SHA256 "PSK-NULL-SHA256" +# define TLS1_TXT_PSK_WITH_NULL_SHA384 "PSK-NULL-SHA384" + +# define TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256 "DHE-PSK-AES128-CBC-SHA256" +# define TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384 "DHE-PSK-AES256-CBC-SHA384" +# define TLS1_TXT_DHE_PSK_WITH_NULL_SHA256 "DHE-PSK-NULL-SHA256" +# define TLS1_TXT_DHE_PSK_WITH_NULL_SHA384 "DHE-PSK-NULL-SHA384" + +# define TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256 "RSA-PSK-AES128-CBC-SHA256" +# define TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384 "RSA-PSK-AES256-CBC-SHA384" +# define TLS1_TXT_RSA_PSK_WITH_NULL_SHA256 "RSA-PSK-NULL-SHA256" +# define TLS1_TXT_RSA_PSK_WITH_NULL_SHA384 "RSA-PSK-NULL-SHA384" + +/* SRP ciphersuite from RFC 5054 */ +# define TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA "SRP-3DES-EDE-CBC-SHA" +# define TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA "SRP-RSA-3DES-EDE-CBC-SHA" +# define TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA "SRP-DSS-3DES-EDE-CBC-SHA" +# define TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA "SRP-AES-128-CBC-SHA" +# define TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA "SRP-RSA-AES-128-CBC-SHA" +# define TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA "SRP-DSS-AES-128-CBC-SHA" +# define TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA "SRP-AES-256-CBC-SHA" +# define TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA "SRP-RSA-AES-256-CBC-SHA" +# define TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA "SRP-DSS-AES-256-CBC-SHA" + +/* Camellia ciphersuites from RFC4132 */ +# define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA "CAMELLIA128-SHA" +# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA "DH-DSS-CAMELLIA128-SHA" +# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA "DH-RSA-CAMELLIA128-SHA" +# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA "DHE-DSS-CAMELLIA128-SHA" +# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA "DHE-RSA-CAMELLIA128-SHA" +# define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA "ADH-CAMELLIA128-SHA" + +# define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA "CAMELLIA256-SHA" +# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA "DH-DSS-CAMELLIA256-SHA" +# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA "DH-RSA-CAMELLIA256-SHA" +# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA "DHE-DSS-CAMELLIA256-SHA" +# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "DHE-RSA-CAMELLIA256-SHA" +# define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA "ADH-CAMELLIA256-SHA" + +/* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */ +# define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256 "CAMELLIA128-SHA256" +# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 "DH-DSS-CAMELLIA128-SHA256" +# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 "DH-RSA-CAMELLIA128-SHA256" +# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 "DHE-DSS-CAMELLIA128-SHA256" +# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "DHE-RSA-CAMELLIA128-SHA256" +# define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256 "ADH-CAMELLIA128-SHA256" + +# define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256 "CAMELLIA256-SHA256" +# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 "DH-DSS-CAMELLIA256-SHA256" +# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 "DH-RSA-CAMELLIA256-SHA256" +# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 "DHE-DSS-CAMELLIA256-SHA256" +# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 "DHE-RSA-CAMELLIA256-SHA256" +# define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256 "ADH-CAMELLIA256-SHA256" + +# define TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256 "PSK-CAMELLIA128-SHA256" +# define TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384 "PSK-CAMELLIA256-SHA384" +# define TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 "DHE-PSK-CAMELLIA128-SHA256" +# define TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 "DHE-PSK-CAMELLIA256-SHA384" +# define TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 "RSA-PSK-CAMELLIA128-SHA256" +# define TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 "RSA-PSK-CAMELLIA256-SHA384" +# define TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 "ECDHE-PSK-CAMELLIA128-SHA256" +# define TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 "ECDHE-PSK-CAMELLIA256-SHA384" + +/* SEED ciphersuites from RFC4162 */ +# define TLS1_TXT_RSA_WITH_SEED_SHA "SEED-SHA" +# define TLS1_TXT_DH_DSS_WITH_SEED_SHA "DH-DSS-SEED-SHA" +# define TLS1_TXT_DH_RSA_WITH_SEED_SHA "DH-RSA-SEED-SHA" +# define TLS1_TXT_DHE_DSS_WITH_SEED_SHA "DHE-DSS-SEED-SHA" +# define TLS1_TXT_DHE_RSA_WITH_SEED_SHA "DHE-RSA-SEED-SHA" +# define TLS1_TXT_ADH_WITH_SEED_SHA "ADH-SEED-SHA" + +/* TLS v1.2 ciphersuites */ +# define TLS1_TXT_RSA_WITH_NULL_SHA256 "NULL-SHA256" +# define TLS1_TXT_RSA_WITH_AES_128_SHA256 "AES128-SHA256" +# define TLS1_TXT_RSA_WITH_AES_256_SHA256 "AES256-SHA256" +# define TLS1_TXT_DH_DSS_WITH_AES_128_SHA256 "DH-DSS-AES128-SHA256" +# define TLS1_TXT_DH_RSA_WITH_AES_128_SHA256 "DH-RSA-AES128-SHA256" +# define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256 "DHE-DSS-AES128-SHA256" +# define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256 "DHE-RSA-AES128-SHA256" +# define TLS1_TXT_DH_DSS_WITH_AES_256_SHA256 "DH-DSS-AES256-SHA256" +# define TLS1_TXT_DH_RSA_WITH_AES_256_SHA256 "DH-RSA-AES256-SHA256" +# define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256 "DHE-DSS-AES256-SHA256" +# define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256 "DHE-RSA-AES256-SHA256" +# define TLS1_TXT_ADH_WITH_AES_128_SHA256 "ADH-AES128-SHA256" +# define TLS1_TXT_ADH_WITH_AES_256_SHA256 "ADH-AES256-SHA256" + +/* TLS v1.2 GCM ciphersuites from RFC5288 */ +# define TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256 "AES128-GCM-SHA256" +# define TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384 "AES256-GCM-SHA384" +# define TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256 "DHE-RSA-AES128-GCM-SHA256" +# define TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384 "DHE-RSA-AES256-GCM-SHA384" +# define TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256 "DH-RSA-AES128-GCM-SHA256" +# define TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384 "DH-RSA-AES256-GCM-SHA384" +# define TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256 "DHE-DSS-AES128-GCM-SHA256" +# define TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384 "DHE-DSS-AES256-GCM-SHA384" +# define TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256 "DH-DSS-AES128-GCM-SHA256" +# define TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384 "DH-DSS-AES256-GCM-SHA384" +# define TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256 "ADH-AES128-GCM-SHA256" +# define TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384 "ADH-AES256-GCM-SHA384" + +/* CCM ciphersuites from RFC6655 */ +# define TLS1_TXT_RSA_WITH_AES_128_CCM "AES128-CCM" +# define TLS1_TXT_RSA_WITH_AES_256_CCM "AES256-CCM" +# define TLS1_TXT_DHE_RSA_WITH_AES_128_CCM "DHE-RSA-AES128-CCM" +# define TLS1_TXT_DHE_RSA_WITH_AES_256_CCM "DHE-RSA-AES256-CCM" + +# define TLS1_TXT_RSA_WITH_AES_128_CCM_8 "AES128-CCM8" +# define TLS1_TXT_RSA_WITH_AES_256_CCM_8 "AES256-CCM8" +# define TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8 "DHE-RSA-AES128-CCM8" +# define TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8 "DHE-RSA-AES256-CCM8" + +# define TLS1_TXT_PSK_WITH_AES_128_CCM "PSK-AES128-CCM" +# define TLS1_TXT_PSK_WITH_AES_256_CCM "PSK-AES256-CCM" +# define TLS1_TXT_DHE_PSK_WITH_AES_128_CCM "DHE-PSK-AES128-CCM" +# define TLS1_TXT_DHE_PSK_WITH_AES_256_CCM "DHE-PSK-AES256-CCM" + +# define TLS1_TXT_PSK_WITH_AES_128_CCM_8 "PSK-AES128-CCM8" +# define TLS1_TXT_PSK_WITH_AES_256_CCM_8 "PSK-AES256-CCM8" +# define TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8 "DHE-PSK-AES128-CCM8" +# define TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8 "DHE-PSK-AES256-CCM8" + +/* CCM ciphersuites from RFC7251 */ +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM "ECDHE-ECDSA-AES128-CCM" +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM "ECDHE-ECDSA-AES256-CCM" +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8 "ECDHE-ECDSA-AES128-CCM8" +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8 "ECDHE-ECDSA-AES256-CCM8" + +/* ECDH HMAC based ciphersuites from RFC5289 */ +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256 "ECDHE-ECDSA-AES128-SHA256" +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384 "ECDHE-ECDSA-AES256-SHA384" +# define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256 "ECDH-ECDSA-AES128-SHA256" +# define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384 "ECDH-ECDSA-AES256-SHA384" +# define TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256 "ECDHE-RSA-AES128-SHA256" +# define TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384 "ECDHE-RSA-AES256-SHA384" +# define TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256 "ECDH-RSA-AES128-SHA256" +# define TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384 "ECDH-RSA-AES256-SHA384" + +/* ECDH GCM based ciphersuites from RFC5289 */ +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 "ECDHE-ECDSA-AES128-GCM-SHA256" +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 "ECDHE-ECDSA-AES256-GCM-SHA384" +# define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 "ECDH-ECDSA-AES128-GCM-SHA256" +# define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 "ECDH-ECDSA-AES256-GCM-SHA384" +# define TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256 "ECDHE-RSA-AES128-GCM-SHA256" +# define TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384 "ECDHE-RSA-AES256-GCM-SHA384" +# define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256 "ECDH-RSA-AES128-GCM-SHA256" +# define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384 "ECDH-RSA-AES256-GCM-SHA384" + +/* TLS v1.2 PSK GCM ciphersuites from RFC5487 */ +# define TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256 "PSK-AES128-GCM-SHA256" +# define TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384 "PSK-AES256-GCM-SHA384" + +/* ECDHE PSK ciphersuites from RFC 5489 */ +# define TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA "ECDHE-PSK-RC4-SHA" +# define TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA "ECDHE-PSK-3DES-EDE-CBC-SHA" +# define TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA "ECDHE-PSK-AES128-CBC-SHA" +# define TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA "ECDHE-PSK-AES256-CBC-SHA" + +# define TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256 "ECDHE-PSK-AES128-CBC-SHA256" +# define TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384 "ECDHE-PSK-AES256-CBC-SHA384" + +# define TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA "ECDHE-PSK-NULL-SHA" +# define TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256 "ECDHE-PSK-NULL-SHA256" +# define TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384 "ECDHE-PSK-NULL-SHA384" + +/* Camellia-CBC ciphersuites from RFC6367 */ +# define TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDHE-ECDSA-CAMELLIA128-SHA256" +# define TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDHE-ECDSA-CAMELLIA256-SHA384" +# define TLS1_TXT_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDH-ECDSA-CAMELLIA128-SHA256" +# define TLS1_TXT_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDH-ECDSA-CAMELLIA256-SHA384" +# define TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDHE-RSA-CAMELLIA128-SHA256" +# define TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDHE-RSA-CAMELLIA256-SHA384" +# define TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDH-RSA-CAMELLIA128-SHA256" +# define TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDH-RSA-CAMELLIA256-SHA384" + +/* draft-ietf-tls-chacha20-poly1305-03 */ +# define TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305 "ECDHE-RSA-CHACHA20-POLY1305" +# define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 "ECDHE-ECDSA-CHACHA20-POLY1305" +# define TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305 "DHE-RSA-CHACHA20-POLY1305" +# define TLS1_TXT_PSK_WITH_CHACHA20_POLY1305 "PSK-CHACHA20-POLY1305" +# define TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305 "ECDHE-PSK-CHACHA20-POLY1305" +# define TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305 "DHE-PSK-CHACHA20-POLY1305" +# define TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305 "RSA-PSK-CHACHA20-POLY1305" + +/* Aria ciphersuites from RFC6209 */ +# define TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256 "ARIA128-GCM-SHA256" +# define TLS1_TXT_RSA_WITH_ARIA_256_GCM_SHA384 "ARIA256-GCM-SHA384" +# define TLS1_TXT_DHE_RSA_WITH_ARIA_128_GCM_SHA256 "DHE-RSA-ARIA128-GCM-SHA256" +# define TLS1_TXT_DHE_RSA_WITH_ARIA_256_GCM_SHA384 "DHE-RSA-ARIA256-GCM-SHA384" +# define TLS1_TXT_DH_RSA_WITH_ARIA_128_GCM_SHA256 "DH-RSA-ARIA128-GCM-SHA256" +# define TLS1_TXT_DH_RSA_WITH_ARIA_256_GCM_SHA384 "DH-RSA-ARIA256-GCM-SHA384" +# define TLS1_TXT_DHE_DSS_WITH_ARIA_128_GCM_SHA256 "DHE-DSS-ARIA128-GCM-SHA256" +# define TLS1_TXT_DHE_DSS_WITH_ARIA_256_GCM_SHA384 "DHE-DSS-ARIA256-GCM-SHA384" +# define TLS1_TXT_DH_DSS_WITH_ARIA_128_GCM_SHA256 "DH-DSS-ARIA128-GCM-SHA256" +# define TLS1_TXT_DH_DSS_WITH_ARIA_256_GCM_SHA384 "DH-DSS-ARIA256-GCM-SHA384" +# define TLS1_TXT_DH_anon_WITH_ARIA_128_GCM_SHA256 "ADH-ARIA128-GCM-SHA256" +# define TLS1_TXT_DH_anon_WITH_ARIA_256_GCM_SHA384 "ADH-ARIA256-GCM-SHA384" +# define TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 "ECDHE-ECDSA-ARIA128-GCM-SHA256" +# define TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 "ECDHE-ECDSA-ARIA256-GCM-SHA384" +# define TLS1_TXT_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 "ECDH-ECDSA-ARIA128-GCM-SHA256" +# define TLS1_TXT_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 "ECDH-ECDSA-ARIA256-GCM-SHA384" +# define TLS1_TXT_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 "ECDHE-ARIA128-GCM-SHA256" +# define TLS1_TXT_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 "ECDHE-ARIA256-GCM-SHA384" +# define TLS1_TXT_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 "ECDH-ARIA128-GCM-SHA256" +# define TLS1_TXT_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 "ECDH-ARIA256-GCM-SHA384" +# define TLS1_TXT_PSK_WITH_ARIA_128_GCM_SHA256 "PSK-ARIA128-GCM-SHA256" +# define TLS1_TXT_PSK_WITH_ARIA_256_GCM_SHA384 "PSK-ARIA256-GCM-SHA384" +# define TLS1_TXT_DHE_PSK_WITH_ARIA_128_GCM_SHA256 "DHE-PSK-ARIA128-GCM-SHA256" +# define TLS1_TXT_DHE_PSK_WITH_ARIA_256_GCM_SHA384 "DHE-PSK-ARIA256-GCM-SHA384" +# define TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256 "RSA-PSK-ARIA128-GCM-SHA256" +# define TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384 "RSA-PSK-ARIA256-GCM-SHA384" + +# define TLS_CT_RSA_SIGN 1 +# define TLS_CT_DSS_SIGN 2 +# define TLS_CT_RSA_FIXED_DH 3 +# define TLS_CT_DSS_FIXED_DH 4 +# define TLS_CT_ECDSA_SIGN 64 +# define TLS_CT_RSA_FIXED_ECDH 65 +# define TLS_CT_ECDSA_FIXED_ECDH 66 +# define TLS_CT_GOST01_SIGN 22 +# define TLS_CT_GOST12_SIGN 238 +# define TLS_CT_GOST12_512_SIGN 239 + +/* + * when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see + * comment there) + */ +# define TLS_CT_NUMBER 10 + +# if defined(SSL3_CT_NUMBER) +# if TLS_CT_NUMBER != SSL3_CT_NUMBER +# error "SSL/TLS CT_NUMBER values do not match" +# endif +# endif + +# define TLS1_FINISH_MAC_LENGTH 12 + +# define TLS_MD_MAX_CONST_SIZE 22 +# define TLS_MD_CLIENT_FINISH_CONST "client finished" +# define TLS_MD_CLIENT_FINISH_CONST_SIZE 15 +# define TLS_MD_SERVER_FINISH_CONST "server finished" +# define TLS_MD_SERVER_FINISH_CONST_SIZE 15 +# define TLS_MD_KEY_EXPANSION_CONST "key expansion" +# define TLS_MD_KEY_EXPANSION_CONST_SIZE 13 +# define TLS_MD_CLIENT_WRITE_KEY_CONST "client write key" +# define TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE 16 +# define TLS_MD_SERVER_WRITE_KEY_CONST "server write key" +# define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16 +# define TLS_MD_IV_BLOCK_CONST "IV block" +# define TLS_MD_IV_BLOCK_CONST_SIZE 8 +# define TLS_MD_MASTER_SECRET_CONST "master secret" +# define TLS_MD_MASTER_SECRET_CONST_SIZE 13 +# define TLS_MD_EXTENDED_MASTER_SECRET_CONST "extended master secret" +# define TLS_MD_EXTENDED_MASTER_SECRET_CONST_SIZE 22 + +# ifdef CHARSET_EBCDIC +# undef TLS_MD_CLIENT_FINISH_CONST +/* + * client finished + */ +# define TLS_MD_CLIENT_FINISH_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x66\x69\x6e\x69\x73\x68\x65\x64" + +# undef TLS_MD_SERVER_FINISH_CONST +/* + * server finished + */ +# define TLS_MD_SERVER_FINISH_CONST "\x73\x65\x72\x76\x65\x72\x20\x66\x69\x6e\x69\x73\x68\x65\x64" + +# undef TLS_MD_SERVER_WRITE_KEY_CONST +/* + * server write key + */ +# define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" + +# undef TLS_MD_KEY_EXPANSION_CONST +/* + * key expansion + */ +# define TLS_MD_KEY_EXPANSION_CONST "\x6b\x65\x79\x20\x65\x78\x70\x61\x6e\x73\x69\x6f\x6e" + +# undef TLS_MD_CLIENT_WRITE_KEY_CONST +/* + * client write key + */ +# define TLS_MD_CLIENT_WRITE_KEY_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" + +# undef TLS_MD_SERVER_WRITE_KEY_CONST +/* + * server write key + */ +# define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" + +# undef TLS_MD_IV_BLOCK_CONST +/* + * IV block + */ +# define TLS_MD_IV_BLOCK_CONST "\x49\x56\x20\x62\x6c\x6f\x63\x6b" + +# undef TLS_MD_MASTER_SECRET_CONST +/* + * master secret + */ +# define TLS_MD_MASTER_SECRET_CONST "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74" +# undef TLS_MD_EXTENDED_MASTER_SECRET_CONST +/* + * extended master secret + */ +# define TLS_MD_EXTENDED_MASTER_SECRET_CONST "\x65\x78\x74\x65\x6e\x64\x65\x64\x20\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74" +# endif + +/* TLS Session Ticket extension struct */ +struct tls_session_ticket_ext_st { + unsigned short length; + void *data; +}; + +#ifdef __cplusplus +} +#endif +#endif diff --git a/linux_amd64/ssl/include/openssl/trace.h b/linux_amd64/ssl/include/openssl/trace.h new file mode 100644 index 0000000..f71d9fb --- /dev/null +++ b/linux_amd64/ssl/include/openssl/trace.h @@ -0,0 +1,297 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_TRACE_H +# define OPENSSL_TRACE_H + +# include + +# include + +# ifdef __cplusplus +extern "C" { +# endif + +/* + * TRACE CATEGORIES + */ + +/* + * The trace messages of the OpenSSL libraries are organized into different + * categories. For every trace category, the application can register a separate + * tracer callback. When a callback is registered, a so called trace channel is + * created for this category. This channel consists essentially of an internal + * BIO which sends all trace output it receives to the registered application + * callback. + * + * The ALL category can be used as a fallback category to register a single + * channel which receives the output from all categories. However, if the + * application intends to print the trace channel name in the line prefix, + * it is better to register channels for all categories separately. + * (This is how the openssl application does it.) + */ +# define OSSL_TRACE_CATEGORY_ALL 0 /* The fallback */ +# define OSSL_TRACE_CATEGORY_TRACE 1 +# define OSSL_TRACE_CATEGORY_INIT 2 +# define OSSL_TRACE_CATEGORY_TLS 3 +# define OSSL_TRACE_CATEGORY_TLS_CIPHER 4 +# define OSSL_TRACE_CATEGORY_CONF 5 +# define OSSL_TRACE_CATEGORY_ENGINE_TABLE 6 +# define OSSL_TRACE_CATEGORY_ENGINE_REF_COUNT 7 +# define OSSL_TRACE_CATEGORY_PKCS5V2 8 +# define OSSL_TRACE_CATEGORY_PKCS12_KEYGEN 9 +# define OSSL_TRACE_CATEGORY_PKCS12_DECRYPT 10 +# define OSSL_TRACE_CATEGORY_X509V3_POLICY 11 +# define OSSL_TRACE_CATEGORY_BN_CTX 12 +# define OSSL_TRACE_CATEGORY_CMP 13 +# define OSSL_TRACE_CATEGORY_STORE 14 +# define OSSL_TRACE_CATEGORY_NUM 15 + +/* Returns the trace category number for the given |name| */ +int OSSL_trace_get_category_num(const char *name); + +/* Returns the trace category name for the given |num| */ +const char *OSSL_trace_get_category_name(int num); + +/* + * TRACE CONSUMERS + */ + +/* + * Enables tracing for the given |category| by providing a BIO sink + * as |channel|. If a null pointer is passed as |channel|, an existing + * trace channel is removed and tracing for the category is disabled. + * + * Returns 1 on success and 0 on failure + */ +int OSSL_trace_set_channel(int category, BIO* channel); + +/* + * Attach a prefix and a suffix to the given |category|, to be printed at the + * beginning and at the end of each trace output group, i.e. when + * OSSL_trace_begin() and OSSL_trace_end() are called. + * If a null pointer is passed as argument, the existing prefix or suffix is + * removed. + * + * They return 1 on success and 0 on failure + */ +int OSSL_trace_set_prefix(int category, const char *prefix); +int OSSL_trace_set_suffix(int category, const char *suffix); + +/* + * OSSL_trace_cb is the type tracing callback provided by the application. + * It MUST return the number of bytes written, or 0 on error (in other words, + * it can never write zero bytes). + * + * The |buffer| will always contain text, which may consist of several lines. + * The |data| argument points to whatever data was provided by the application + * when registering the tracer function. + * + * The |category| number is given, as well as a |cmd| number, described below. + */ +typedef size_t (*OSSL_trace_cb)(const char *buffer, size_t count, + int category, int cmd, void *data); +/* + * Possible |cmd| numbers. + */ +# define OSSL_TRACE_CTRL_BEGIN 0 +# define OSSL_TRACE_CTRL_WRITE 1 +# define OSSL_TRACE_CTRL_END 2 + +/* + * Enables tracing for the given |category| by creating an internal + * trace channel which sends the output to the given |callback|. + * If a null pointer is passed as callback, an existing trace channel + * is removed and tracing for the category is disabled. + * + * NOTE: OSSL_trace_set_channel() and OSSL_trace_set_callback() are mutually + * exclusive. + * + * Returns 1 on success and 0 on failure + */ +int OSSL_trace_set_callback(int category, OSSL_trace_cb callback, void *data); + +/* + * TRACE PRODUCERS + */ + +/* + * Returns 1 if tracing for the specified category is enabled, otherwise 0 + */ +int OSSL_trace_enabled(int category); + +/* + * Wrap a group of tracing output calls. OSSL_trace_begin() locks tracing and + * returns the trace channel associated with the given category, or NULL if no + * channel is associated with the category. OSSL_trace_end() unlocks tracing. + * + * Usage: + * + * BIO *out; + * if ((out = OSSL_trace_begin(category)) != NULL) { + * ... + * BIO_fprintf(out, ...); + * ... + * OSSL_trace_end(category, out); + * } + * + * See also the convenience macros OSSL_TRACE_BEGIN and OSSL_TRACE_END below. + */ +BIO *OSSL_trace_begin(int category); +void OSSL_trace_end(int category, BIO *channel); + +/* + * OSSL_TRACE* Convenience Macros + */ + +/* + * When the tracing feature is disabled, these macros are defined to + * produce dead code, which a good compiler should eliminate. + */ + +/* + * OSSL_TRACE_BEGIN, OSSL_TRACE_END - Define a Trace Group + * + * These two macros can be used to create a block which is executed only + * if the corresponding trace category is enabled. Inside this block, a + * local variable named |trc_out| is defined, which points to the channel + * associated with the given trace category. + * + * Usage: (using 'TLS' as an example category) + * + * OSSL_TRACE_BEGIN(TLS) { + * + * BIO_fprintf(trc_out, ... ); + * + * } OSSL_TRACE_END(TLS); + * + * + * This expands to the following code + * + * do { + * BIO *trc_out = OSSL_trace_begin(OSSL_TRACE_CATEGORY_TLS); + * if (trc_out != NULL) { + * ... + * BIO_fprintf(trc_out, ...); + * } + * OSSL_trace_end(OSSL_TRACE_CATEGORY_TLS, trc_out); + * } while (0); + * + * The use of the inner '{...}' group and the trailing ';' is enforced + * by the definition of the macros in order to make the code look as much + * like C code as possible. + * + * Before returning from inside the trace block, it is necessary to + * call OSSL_TRACE_CANCEL(category). + */ + +# ifndef OPENSSL_NO_TRACE + +# define OSSL_TRACE_BEGIN(category) \ + do { \ + BIO *trc_out = OSSL_trace_begin(OSSL_TRACE_CATEGORY_##category); \ + \ + if (trc_out != NULL) + +# define OSSL_TRACE_END(category) \ + OSSL_trace_end(OSSL_TRACE_CATEGORY_##category, trc_out); \ + } while (0) + +# define OSSL_TRACE_CANCEL(category) \ + OSSL_trace_end(OSSL_TRACE_CATEGORY_##category, trc_out) \ + +# else + +# define OSSL_TRACE_BEGIN(category) \ + do { \ + BIO *trc_out = NULL; \ + if (0) + +# define OSSL_TRACE_END(category) \ + } while(0) + +# define OSSL_TRACE_CANCEL(category) \ + ((void)0) + +# endif + +/* + * OSSL_TRACE_ENABLED() - Check whether tracing is enabled for |category| + * + * Usage: + * + * if (OSSL_TRACE_ENABLED(TLS)) { + * ... + * } + */ +# ifndef OPENSSL_NO_TRACE + +# define OSSL_TRACE_ENABLED(category) \ + OSSL_trace_enabled(OSSL_TRACE_CATEGORY_##category) + +# else + +# define OSSL_TRACE_ENABLED(category) (0) + +# endif + +/* + * OSSL_TRACE*() - OneShot Trace Macros + * + * These macros are intended to produce a simple printf-style trace output. + * Unfortunately, C90 macros don't support variable arguments, so the + * "vararg" OSSL_TRACEV() macro has a rather weird usage pattern: + * + * OSSL_TRACEV(category, (trc_out, "format string", ...args...)); + * + * Where 'channel' is the literal symbol of this name, not a variable. + * For that reason, it is currently not intended to be used directly, + * but only as helper macro for the other oneshot trace macros + * OSSL_TRACE(), OSSL_TRACE1(), OSSL_TRACE2(), ... + * + * Usage: + * + * OSSL_TRACE(INIT, "Hello world!\n"); + * OSSL_TRACE1(TLS, "The answer is %d\n", 42); + * OSSL_TRACE2(TLS, "The ultimate question to answer %d is '%s'\n", + * 42, "What do you get when you multiply six by nine?"); + */ + +# define OSSL_TRACEV(category, args) \ + OSSL_TRACE_BEGIN(category) \ + BIO_printf args; \ + OSSL_TRACE_END(category) + +# define OSSL_TRACE(category, text) \ + OSSL_TRACEV(category, (trc_out, "%s", text)) + +# define OSSL_TRACE1(category, format, arg1) \ + OSSL_TRACEV(category, (trc_out, format, arg1)) +# define OSSL_TRACE2(category, format, arg1, arg2) \ + OSSL_TRACEV(category, (trc_out, format, arg1, arg2)) +# define OSSL_TRACE3(category, format, arg1, arg2, arg3) \ + OSSL_TRACEV(category, (trc_out, format, arg1, arg2, arg3)) +# define OSSL_TRACE4(category, format, arg1, arg2, arg3, arg4) \ + OSSL_TRACEV(category, (trc_out, format, arg1, arg2, arg3, arg4)) +# define OSSL_TRACE5(category, format, arg1, arg2, arg3, arg4, arg5) \ + OSSL_TRACEV(category, (trc_out, format, arg1, arg2, arg3, arg4, arg5)) +# define OSSL_TRACE6(category, format, arg1, arg2, arg3, arg4, arg5, arg6) \ + OSSL_TRACEV(category, (trc_out, format, arg1, arg2, arg3, arg4, arg5, arg6)) +# define OSSL_TRACE7(category, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7) \ + OSSL_TRACEV(category, (trc_out, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7)) +# define OSSL_TRACE8(category, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8) \ + OSSL_TRACEV(category, (trc_out, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8)) +# define OSSL_TRACE9(category, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8) \ + OSSL_TRACEV(category, (trc_out, format, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9)) + +# ifdef __cplusplus +} +# endif + +#endif diff --git a/linux_amd64/ssl/include/openssl/ts.h b/linux_amd64/ssl/include/openssl/ts.h new file mode 100644 index 0000000..1229838 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/ts.h @@ -0,0 +1,504 @@ +/* + * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_TS_H +# define OPENSSL_TS_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_TS_H +# endif + +# include + +# ifndef OPENSSL_NO_TS +# include +# include +# include +# include +# include +# include +# include +# include +# include +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + +# include +# include + +typedef struct TS_msg_imprint_st TS_MSG_IMPRINT; +typedef struct TS_req_st TS_REQ; +typedef struct TS_accuracy_st TS_ACCURACY; +typedef struct TS_tst_info_st TS_TST_INFO; + +/* Possible values for status. */ +# define TS_STATUS_GRANTED 0 +# define TS_STATUS_GRANTED_WITH_MODS 1 +# define TS_STATUS_REJECTION 2 +# define TS_STATUS_WAITING 3 +# define TS_STATUS_REVOCATION_WARNING 4 +# define TS_STATUS_REVOCATION_NOTIFICATION 5 + +/* Possible values for failure_info. */ +# define TS_INFO_BAD_ALG 0 +# define TS_INFO_BAD_REQUEST 2 +# define TS_INFO_BAD_DATA_FORMAT 5 +# define TS_INFO_TIME_NOT_AVAILABLE 14 +# define TS_INFO_UNACCEPTED_POLICY 15 +# define TS_INFO_UNACCEPTED_EXTENSION 16 +# define TS_INFO_ADD_INFO_NOT_AVAILABLE 17 +# define TS_INFO_SYSTEM_FAILURE 25 + + +typedef struct TS_status_info_st TS_STATUS_INFO; + +typedef struct TS_resp_st TS_RESP; + +DECLARE_ASN1_ALLOC_FUNCTIONS(TS_REQ) +DECLARE_ASN1_ENCODE_FUNCTIONS_only(TS_REQ, TS_REQ) +DECLARE_ASN1_DUP_FUNCTION(TS_REQ) + +#ifndef OPENSSL_NO_STDIO +TS_REQ *d2i_TS_REQ_fp(FILE *fp, TS_REQ **a); +int i2d_TS_REQ_fp(FILE *fp, const TS_REQ *a); +#endif +TS_REQ *d2i_TS_REQ_bio(BIO *fp, TS_REQ **a); +int i2d_TS_REQ_bio(BIO *fp, const TS_REQ *a); + +DECLARE_ASN1_ALLOC_FUNCTIONS(TS_MSG_IMPRINT) +DECLARE_ASN1_ENCODE_FUNCTIONS_only(TS_MSG_IMPRINT, TS_MSG_IMPRINT) +DECLARE_ASN1_DUP_FUNCTION(TS_MSG_IMPRINT) + +#ifndef OPENSSL_NO_STDIO +TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT **a); +int i2d_TS_MSG_IMPRINT_fp(FILE *fp, const TS_MSG_IMPRINT *a); +#endif +TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *bio, TS_MSG_IMPRINT **a); +int i2d_TS_MSG_IMPRINT_bio(BIO *bio, const TS_MSG_IMPRINT *a); + +DECLARE_ASN1_ALLOC_FUNCTIONS(TS_RESP) +DECLARE_ASN1_ENCODE_FUNCTIONS_only(TS_RESP, TS_RESP) +DECLARE_ASN1_DUP_FUNCTION(TS_RESP) + +#ifndef OPENSSL_NO_STDIO +TS_RESP *d2i_TS_RESP_fp(FILE *fp, TS_RESP **a); +int i2d_TS_RESP_fp(FILE *fp, const TS_RESP *a); +#endif +TS_RESP *d2i_TS_RESP_bio(BIO *bio, TS_RESP **a); +int i2d_TS_RESP_bio(BIO *bio, const TS_RESP *a); + +DECLARE_ASN1_ALLOC_FUNCTIONS(TS_STATUS_INFO) +DECLARE_ASN1_ENCODE_FUNCTIONS_only(TS_STATUS_INFO, TS_STATUS_INFO) +DECLARE_ASN1_DUP_FUNCTION(TS_STATUS_INFO) + +DECLARE_ASN1_ALLOC_FUNCTIONS(TS_TST_INFO) +DECLARE_ASN1_ENCODE_FUNCTIONS_only(TS_TST_INFO, TS_TST_INFO) +DECLARE_ASN1_DUP_FUNCTION(TS_TST_INFO) +TS_TST_INFO *PKCS7_to_TS_TST_INFO(PKCS7 *token); + +#ifndef OPENSSL_NO_STDIO +TS_TST_INFO *d2i_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO **a); +int i2d_TS_TST_INFO_fp(FILE *fp, const TS_TST_INFO *a); +#endif +TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *bio, TS_TST_INFO **a); +int i2d_TS_TST_INFO_bio(BIO *bio, const TS_TST_INFO *a); + +DECLARE_ASN1_ALLOC_FUNCTIONS(TS_ACCURACY) +DECLARE_ASN1_ENCODE_FUNCTIONS_only(TS_ACCURACY, TS_ACCURACY) +DECLARE_ASN1_DUP_FUNCTION(TS_ACCURACY) + +int TS_REQ_set_version(TS_REQ *a, long version); +long TS_REQ_get_version(const TS_REQ *a); + +int TS_STATUS_INFO_set_status(TS_STATUS_INFO *a, int i); +const ASN1_INTEGER *TS_STATUS_INFO_get0_status(const TS_STATUS_INFO *a); + +const STACK_OF(ASN1_UTF8STRING) * +TS_STATUS_INFO_get0_text(const TS_STATUS_INFO *a); + +const ASN1_BIT_STRING * +TS_STATUS_INFO_get0_failure_info(const TS_STATUS_INFO *a); + +int TS_REQ_set_msg_imprint(TS_REQ *a, TS_MSG_IMPRINT *msg_imprint); +TS_MSG_IMPRINT *TS_REQ_get_msg_imprint(TS_REQ *a); + +int TS_MSG_IMPRINT_set_algo(TS_MSG_IMPRINT *a, X509_ALGOR *alg); +X509_ALGOR *TS_MSG_IMPRINT_get_algo(TS_MSG_IMPRINT *a); + +int TS_MSG_IMPRINT_set_msg(TS_MSG_IMPRINT *a, unsigned char *d, int len); +ASN1_OCTET_STRING *TS_MSG_IMPRINT_get_msg(TS_MSG_IMPRINT *a); + +int TS_REQ_set_policy_id(TS_REQ *a, const ASN1_OBJECT *policy); +ASN1_OBJECT *TS_REQ_get_policy_id(TS_REQ *a); + +int TS_REQ_set_nonce(TS_REQ *a, const ASN1_INTEGER *nonce); +const ASN1_INTEGER *TS_REQ_get_nonce(const TS_REQ *a); + +int TS_REQ_set_cert_req(TS_REQ *a, int cert_req); +int TS_REQ_get_cert_req(const TS_REQ *a); + +STACK_OF(X509_EXTENSION) *TS_REQ_get_exts(TS_REQ *a); +void TS_REQ_ext_free(TS_REQ *a); +int TS_REQ_get_ext_count(TS_REQ *a); +int TS_REQ_get_ext_by_NID(TS_REQ *a, int nid, int lastpos); +int TS_REQ_get_ext_by_OBJ(TS_REQ *a, const ASN1_OBJECT *obj, int lastpos); +int TS_REQ_get_ext_by_critical(TS_REQ *a, int crit, int lastpos); +X509_EXTENSION *TS_REQ_get_ext(TS_REQ *a, int loc); +X509_EXTENSION *TS_REQ_delete_ext(TS_REQ *a, int loc); +int TS_REQ_add_ext(TS_REQ *a, X509_EXTENSION *ex, int loc); +void *TS_REQ_get_ext_d2i(TS_REQ *a, int nid, int *crit, int *idx); + +/* Function declarations for TS_REQ defined in ts/ts_req_print.c */ + +int TS_REQ_print_bio(BIO *bio, TS_REQ *a); + +/* Function declarations for TS_RESP defined in ts/ts_resp_utils.c */ + +int TS_RESP_set_status_info(TS_RESP *a, TS_STATUS_INFO *info); +TS_STATUS_INFO *TS_RESP_get_status_info(TS_RESP *a); + +/* Caller loses ownership of PKCS7 and TS_TST_INFO objects. */ +void TS_RESP_set_tst_info(TS_RESP *a, PKCS7 *p7, TS_TST_INFO *tst_info); +PKCS7 *TS_RESP_get_token(TS_RESP *a); +TS_TST_INFO *TS_RESP_get_tst_info(TS_RESP *a); + +int TS_TST_INFO_set_version(TS_TST_INFO *a, long version); +long TS_TST_INFO_get_version(const TS_TST_INFO *a); + +int TS_TST_INFO_set_policy_id(TS_TST_INFO *a, ASN1_OBJECT *policy_id); +ASN1_OBJECT *TS_TST_INFO_get_policy_id(TS_TST_INFO *a); + +int TS_TST_INFO_set_msg_imprint(TS_TST_INFO *a, TS_MSG_IMPRINT *msg_imprint); +TS_MSG_IMPRINT *TS_TST_INFO_get_msg_imprint(TS_TST_INFO *a); + +int TS_TST_INFO_set_serial(TS_TST_INFO *a, const ASN1_INTEGER *serial); +const ASN1_INTEGER *TS_TST_INFO_get_serial(const TS_TST_INFO *a); + +int TS_TST_INFO_set_time(TS_TST_INFO *a, const ASN1_GENERALIZEDTIME *gtime); +const ASN1_GENERALIZEDTIME *TS_TST_INFO_get_time(const TS_TST_INFO *a); + +int TS_TST_INFO_set_accuracy(TS_TST_INFO *a, TS_ACCURACY *accuracy); +TS_ACCURACY *TS_TST_INFO_get_accuracy(TS_TST_INFO *a); + +int TS_ACCURACY_set_seconds(TS_ACCURACY *a, const ASN1_INTEGER *seconds); +const ASN1_INTEGER *TS_ACCURACY_get_seconds(const TS_ACCURACY *a); + +int TS_ACCURACY_set_millis(TS_ACCURACY *a, const ASN1_INTEGER *millis); +const ASN1_INTEGER *TS_ACCURACY_get_millis(const TS_ACCURACY *a); + +int TS_ACCURACY_set_micros(TS_ACCURACY *a, const ASN1_INTEGER *micros); +const ASN1_INTEGER *TS_ACCURACY_get_micros(const TS_ACCURACY *a); + +int TS_TST_INFO_set_ordering(TS_TST_INFO *a, int ordering); +int TS_TST_INFO_get_ordering(const TS_TST_INFO *a); + +int TS_TST_INFO_set_nonce(TS_TST_INFO *a, const ASN1_INTEGER *nonce); +const ASN1_INTEGER *TS_TST_INFO_get_nonce(const TS_TST_INFO *a); + +int TS_TST_INFO_set_tsa(TS_TST_INFO *a, GENERAL_NAME *tsa); +GENERAL_NAME *TS_TST_INFO_get_tsa(TS_TST_INFO *a); + +STACK_OF(X509_EXTENSION) *TS_TST_INFO_get_exts(TS_TST_INFO *a); +void TS_TST_INFO_ext_free(TS_TST_INFO *a); +int TS_TST_INFO_get_ext_count(TS_TST_INFO *a); +int TS_TST_INFO_get_ext_by_NID(TS_TST_INFO *a, int nid, int lastpos); +int TS_TST_INFO_get_ext_by_OBJ(TS_TST_INFO *a, const ASN1_OBJECT *obj, + int lastpos); +int TS_TST_INFO_get_ext_by_critical(TS_TST_INFO *a, int crit, int lastpos); +X509_EXTENSION *TS_TST_INFO_get_ext(TS_TST_INFO *a, int loc); +X509_EXTENSION *TS_TST_INFO_delete_ext(TS_TST_INFO *a, int loc); +int TS_TST_INFO_add_ext(TS_TST_INFO *a, X509_EXTENSION *ex, int loc); +void *TS_TST_INFO_get_ext_d2i(TS_TST_INFO *a, int nid, int *crit, int *idx); + +/* + * Declarations related to response generation, defined in ts/ts_resp_sign.c. + */ + +/* Optional flags for response generation. */ + +/* Don't include the TSA name in response. */ +# define TS_TSA_NAME 0x01 + +/* Set ordering to true in response. */ +# define TS_ORDERING 0x02 + +/* + * Include the signer certificate and the other specified certificates in + * the ESS signing certificate attribute beside the PKCS7 signed data. + * Only the signer certificates is included by default. + */ +# define TS_ESS_CERT_ID_CHAIN 0x04 + +/* Forward declaration. */ +struct TS_resp_ctx; + +/* This must return a unique number less than 160 bits long. */ +typedef ASN1_INTEGER *(*TS_serial_cb) (struct TS_resp_ctx *, void *); + +/* + * This must return the seconds and microseconds since Jan 1, 1970 in the sec + * and usec variables allocated by the caller. Return non-zero for success + * and zero for failure. + */ +typedef int (*TS_time_cb) (struct TS_resp_ctx *, void *, long *sec, + long *usec); + +/* + * This must process the given extension. It can modify the TS_TST_INFO + * object of the context. Return values: !0 (processed), 0 (error, it must + * set the status info/failure info of the response). + */ +typedef int (*TS_extension_cb) (struct TS_resp_ctx *, X509_EXTENSION *, + void *); + +typedef struct TS_resp_ctx TS_RESP_CTX; + +DEFINE_STACK_OF_CONST(EVP_MD) + +/* Creates a response context that can be used for generating responses. */ +TS_RESP_CTX *TS_RESP_CTX_new(void); +void TS_RESP_CTX_free(TS_RESP_CTX *ctx); + +/* This parameter must be set. */ +int TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer); + +/* This parameter must be set. */ +int TS_RESP_CTX_set_signer_key(TS_RESP_CTX *ctx, EVP_PKEY *key); + +int TS_RESP_CTX_set_signer_digest(TS_RESP_CTX *ctx, + const EVP_MD *signer_digest); +int TS_RESP_CTX_set_ess_cert_id_digest(TS_RESP_CTX *ctx, const EVP_MD *md); + +/* This parameter must be set. */ +int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT *def_policy); + +/* No additional certs are included in the response by default. */ +int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs); + +/* + * Adds a new acceptable policy, only the default policy is accepted by + * default. + */ +int TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT *policy); + +/* + * Adds a new acceptable message digest. Note that no message digests are + * accepted by default. The md argument is shared with the caller. + */ +int TS_RESP_CTX_add_md(TS_RESP_CTX *ctx, const EVP_MD *md); + +/* Accuracy is not included by default. */ +int TS_RESP_CTX_set_accuracy(TS_RESP_CTX *ctx, + int secs, int millis, int micros); + +/* + * Clock precision digits, i.e. the number of decimal digits: '0' means sec, + * '3' msec, '6' usec, and so on. Default is 0. + */ +int TS_RESP_CTX_set_clock_precision_digits(TS_RESP_CTX *ctx, + unsigned clock_precision_digits); +/* At most we accept usec precision. */ +# define TS_MAX_CLOCK_PRECISION_DIGITS 6 + +/* Maximum status message length */ +# define TS_MAX_STATUS_LENGTH (1024 * 1024) + +/* No flags are set by default. */ +void TS_RESP_CTX_add_flags(TS_RESP_CTX *ctx, int flags); + +/* Default callback always returns a constant. */ +void TS_RESP_CTX_set_serial_cb(TS_RESP_CTX *ctx, TS_serial_cb cb, void *data); + +/* Default callback uses the gettimeofday() and gmtime() system calls. */ +void TS_RESP_CTX_set_time_cb(TS_RESP_CTX *ctx, TS_time_cb cb, void *data); + +/* + * Default callback rejects all extensions. The extension callback is called + * when the TS_TST_INFO object is already set up and not signed yet. + */ +/* FIXME: extension handling is not tested yet. */ +void TS_RESP_CTX_set_extension_cb(TS_RESP_CTX *ctx, + TS_extension_cb cb, void *data); + +/* The following methods can be used in the callbacks. */ +int TS_RESP_CTX_set_status_info(TS_RESP_CTX *ctx, + int status, const char *text); + +/* Sets the status info only if it is still TS_STATUS_GRANTED. */ +int TS_RESP_CTX_set_status_info_cond(TS_RESP_CTX *ctx, + int status, const char *text); + +int TS_RESP_CTX_add_failure_info(TS_RESP_CTX *ctx, int failure); + +/* The get methods below can be used in the extension callback. */ +TS_REQ *TS_RESP_CTX_get_request(TS_RESP_CTX *ctx); + +TS_TST_INFO *TS_RESP_CTX_get_tst_info(TS_RESP_CTX *ctx); + +/* + * Creates the signed TS_TST_INFO and puts it in TS_RESP. + * In case of errors it sets the status info properly. + * Returns NULL only in case of memory allocation/fatal error. + */ +TS_RESP *TS_RESP_create_response(TS_RESP_CTX *ctx, BIO *req_bio); + +/* + * Declarations related to response verification, + * they are defined in ts/ts_resp_verify.c. + */ + +int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs, + X509_STORE *store, X509 **signer_out); + +/* Context structure for the generic verify method. */ + +/* Verify the signer's certificate and the signature of the response. */ +# define TS_VFY_SIGNATURE (1u << 0) +/* Verify the version number of the response. */ +# define TS_VFY_VERSION (1u << 1) +/* Verify if the policy supplied by the user matches the policy of the TSA. */ +# define TS_VFY_POLICY (1u << 2) +/* + * Verify the message imprint provided by the user. This flag should not be + * specified with TS_VFY_DATA. + */ +# define TS_VFY_IMPRINT (1u << 3) +/* + * Verify the message imprint computed by the verify method from the user + * provided data and the MD algorithm of the response. This flag should not + * be specified with TS_VFY_IMPRINT. + */ +# define TS_VFY_DATA (1u << 4) +/* Verify the nonce value. */ +# define TS_VFY_NONCE (1u << 5) +/* Verify if the TSA name field matches the signer certificate. */ +# define TS_VFY_SIGNER (1u << 6) +/* Verify if the TSA name field equals to the user provided name. */ +# define TS_VFY_TSA_NAME (1u << 7) + +/* You can use the following convenience constants. */ +# define TS_VFY_ALL_IMPRINT (TS_VFY_SIGNATURE \ + | TS_VFY_VERSION \ + | TS_VFY_POLICY \ + | TS_VFY_IMPRINT \ + | TS_VFY_NONCE \ + | TS_VFY_SIGNER \ + | TS_VFY_TSA_NAME) +# define TS_VFY_ALL_DATA (TS_VFY_SIGNATURE \ + | TS_VFY_VERSION \ + | TS_VFY_POLICY \ + | TS_VFY_DATA \ + | TS_VFY_NONCE \ + | TS_VFY_SIGNER \ + | TS_VFY_TSA_NAME) + +typedef struct TS_verify_ctx TS_VERIFY_CTX; + +int TS_RESP_verify_response(TS_VERIFY_CTX *ctx, TS_RESP *response); +int TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token); + +/* + * Declarations related to response verification context, + */ +TS_VERIFY_CTX *TS_VERIFY_CTX_new(void); +void TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx); +void TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx); +void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx); +int TS_VERIFY_CTX_set_flags(TS_VERIFY_CTX *ctx, int f); +int TS_VERIFY_CTX_add_flags(TS_VERIFY_CTX *ctx, int f); +BIO *TS_VERIFY_CTX_set_data(TS_VERIFY_CTX *ctx, BIO *b); +unsigned char *TS_VERIFY_CTX_set_imprint(TS_VERIFY_CTX *ctx, + unsigned char *hexstr, long len); +X509_STORE *TS_VERIFY_CTX_set_store(TS_VERIFY_CTX *ctx, X509_STORE *s); +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define TS_VERIFY_CTS_set_certs(ctx, cert) TS_VERIFY_CTX_set_certs(ctx,cert) +# endif +STACK_OF(X509) *TS_VERIFY_CTX_set_certs(TS_VERIFY_CTX *ctx, STACK_OF(X509) *certs); + +/*- + * If ctx is NULL, it allocates and returns a new object, otherwise + * it returns ctx. It initialises all the members as follows: + * flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME | TS_VFY_SIGNATURE) + * certs = NULL + * store = NULL + * policy = policy from the request or NULL if absent (in this case + * TS_VFY_POLICY is cleared from flags as well) + * md_alg = MD algorithm from request + * imprint, imprint_len = imprint from request + * data = NULL + * nonce, nonce_len = nonce from the request or NULL if absent (in this case + * TS_VFY_NONCE is cleared from flags as well) + * tsa_name = NULL + * Important: after calling this method TS_VFY_SIGNATURE should be added! + */ +TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx); + +/* Function declarations for TS_RESP defined in ts/ts_resp_print.c */ + +int TS_RESP_print_bio(BIO *bio, TS_RESP *a); +int TS_STATUS_INFO_print_bio(BIO *bio, TS_STATUS_INFO *a); +int TS_TST_INFO_print_bio(BIO *bio, TS_TST_INFO *a); + +/* Common utility functions defined in ts/ts_lib.c */ + +int TS_ASN1_INTEGER_print_bio(BIO *bio, const ASN1_INTEGER *num); +int TS_OBJ_print_bio(BIO *bio, const ASN1_OBJECT *obj); +int TS_ext_print_bio(BIO *bio, const STACK_OF(X509_EXTENSION) *extensions); +int TS_X509_ALGOR_print_bio(BIO *bio, const X509_ALGOR *alg); +int TS_MSG_IMPRINT_print_bio(BIO *bio, TS_MSG_IMPRINT *msg); + +/* + * Function declarations for handling configuration options, defined in + * ts/ts_conf.c + */ + +X509 *TS_CONF_load_cert(const char *file); +STACK_OF(X509) *TS_CONF_load_certs(const char *file); +EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass); +const char *TS_CONF_get_tsa_section(CONF *conf, const char *section); +int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb, + TS_RESP_CTX *ctx); +#ifndef OPENSSL_NO_ENGINE +int TS_CONF_set_crypto_device(CONF *conf, const char *section, + const char *device); +int TS_CONF_set_default_engine(const char *name); +#endif +int TS_CONF_set_signer_cert(CONF *conf, const char *section, + const char *cert, TS_RESP_CTX *ctx); +int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs, + TS_RESP_CTX *ctx); +int TS_CONF_set_signer_key(CONF *conf, const char *section, + const char *key, const char *pass, + TS_RESP_CTX *ctx); +int TS_CONF_set_signer_digest(CONF *conf, const char *section, + const char *md, TS_RESP_CTX *ctx); +int TS_CONF_set_def_policy(CONF *conf, const char *section, + const char *policy, TS_RESP_CTX *ctx); +int TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_digests(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_accuracy(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_clock_precision_digits(CONF *conf, const char *section, + TS_RESP_CTX *ctx); +int TS_CONF_set_ordering(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_tsa_name(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_ess_cert_id_chain(CONF *conf, const char *section, + TS_RESP_CTX *ctx); +int TS_CONF_set_ess_cert_id_digest(CONF *conf, const char *section, + TS_RESP_CTX *ctx); + +# ifdef __cplusplus +} +# endif +# endif +#endif diff --git a/linux_amd64/ssl/include/openssl/tserr.h b/linux_amd64/ssl/include/openssl/tserr.h new file mode 100644 index 0000000..4684dc2 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/tserr.h @@ -0,0 +1,134 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_TSERR_H +# define OPENSSL_TSERR_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_TSERR_H +# endif + +# include +# include + + +# include + +# ifndef OPENSSL_NO_TS + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_TS_strings(void); + +/* + * TS function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define TS_F_DEF_SERIAL_CB 0 +# define TS_F_DEF_TIME_CB 0 +# define TS_F_INT_TS_RESP_VERIFY_TOKEN 0 +# define TS_F_PKCS7_TO_TS_TST_INFO 0 +# define TS_F_TS_ACCURACY_SET_MICROS 0 +# define TS_F_TS_ACCURACY_SET_MILLIS 0 +# define TS_F_TS_ACCURACY_SET_SECONDS 0 +# define TS_F_TS_CHECK_IMPRINTS 0 +# define TS_F_TS_CHECK_NONCES 0 +# define TS_F_TS_CHECK_POLICY 0 +# define TS_F_TS_CHECK_SIGNING_CERTS 0 +# define TS_F_TS_CHECK_STATUS_INFO 0 +# define TS_F_TS_COMPUTE_IMPRINT 0 +# define TS_F_TS_CONF_INVALID 0 +# define TS_F_TS_CONF_LOAD_CERT 0 +# define TS_F_TS_CONF_LOAD_CERTS 0 +# define TS_F_TS_CONF_LOAD_KEY 0 +# define TS_F_TS_CONF_LOOKUP_FAIL 0 +# define TS_F_TS_CONF_SET_DEFAULT_ENGINE 0 +# define TS_F_TS_GET_STATUS_TEXT 0 +# define TS_F_TS_MSG_IMPRINT_SET_ALGO 0 +# define TS_F_TS_REQ_SET_MSG_IMPRINT 0 +# define TS_F_TS_REQ_SET_NONCE 0 +# define TS_F_TS_REQ_SET_POLICY_ID 0 +# define TS_F_TS_RESP_CREATE_RESPONSE 0 +# define TS_F_TS_RESP_CREATE_TST_INFO 0 +# define TS_F_TS_RESP_CTX_ADD_FAILURE_INFO 0 +# define TS_F_TS_RESP_CTX_ADD_MD 0 +# define TS_F_TS_RESP_CTX_ADD_POLICY 0 +# define TS_F_TS_RESP_CTX_NEW 0 +# define TS_F_TS_RESP_CTX_SET_ACCURACY 0 +# define TS_F_TS_RESP_CTX_SET_CERTS 0 +# define TS_F_TS_RESP_CTX_SET_DEF_POLICY 0 +# define TS_F_TS_RESP_CTX_SET_SIGNER_CERT 0 +# define TS_F_TS_RESP_CTX_SET_STATUS_INFO 0 +# define TS_F_TS_RESP_GET_POLICY 0 +# define TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION 0 +# define TS_F_TS_RESP_SET_STATUS_INFO 0 +# define TS_F_TS_RESP_SET_TST_INFO 0 +# define TS_F_TS_RESP_SIGN 0 +# define TS_F_TS_RESP_VERIFY_SIGNATURE 0 +# define TS_F_TS_TST_INFO_SET_ACCURACY 0 +# define TS_F_TS_TST_INFO_SET_MSG_IMPRINT 0 +# define TS_F_TS_TST_INFO_SET_NONCE 0 +# define TS_F_TS_TST_INFO_SET_POLICY_ID 0 +# define TS_F_TS_TST_INFO_SET_SERIAL 0 +# define TS_F_TS_TST_INFO_SET_TIME 0 +# define TS_F_TS_TST_INFO_SET_TSA 0 +# define TS_F_TS_VERIFY 0 +# define TS_F_TS_VERIFY_CERT 0 +# define TS_F_TS_VERIFY_CTX_NEW 0 +# endif + +/* + * TS reason codes. + */ +# define TS_R_BAD_PKCS7_TYPE 132 +# define TS_R_BAD_TYPE 133 +# define TS_R_CANNOT_LOAD_CERT 137 +# define TS_R_CANNOT_LOAD_KEY 138 +# define TS_R_CERTIFICATE_VERIFY_ERROR 100 +# define TS_R_COULD_NOT_SET_ENGINE 127 +# define TS_R_COULD_NOT_SET_TIME 115 +# define TS_R_DETACHED_CONTENT 134 +# define TS_R_ESS_ADD_SIGNING_CERT_ERROR 116 +# define TS_R_ESS_ADD_SIGNING_CERT_V2_ERROR 139 +# define TS_R_ESS_SIGNING_CERTIFICATE_ERROR 101 +# define TS_R_INVALID_NULL_POINTER 102 +# define TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE 117 +# define TS_R_MESSAGE_IMPRINT_MISMATCH 103 +# define TS_R_NONCE_MISMATCH 104 +# define TS_R_NONCE_NOT_RETURNED 105 +# define TS_R_NO_CONTENT 106 +# define TS_R_NO_TIME_STAMP_TOKEN 107 +# define TS_R_PKCS7_ADD_SIGNATURE_ERROR 118 +# define TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR 119 +# define TS_R_PKCS7_TO_TS_TST_INFO_FAILED 129 +# define TS_R_POLICY_MISMATCH 108 +# define TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 120 +# define TS_R_RESPONSE_SETUP_ERROR 121 +# define TS_R_SIGNATURE_FAILURE 109 +# define TS_R_THERE_MUST_BE_ONE_SIGNER 110 +# define TS_R_TIME_SYSCALL_ERROR 122 +# define TS_R_TOKEN_NOT_PRESENT 130 +# define TS_R_TOKEN_PRESENT 131 +# define TS_R_TSA_NAME_MISMATCH 111 +# define TS_R_TSA_UNTRUSTED 112 +# define TS_R_TST_INFO_SETUP_ERROR 123 +# define TS_R_TS_DATASIGN 124 +# define TS_R_UNACCEPTABLE_POLICY 125 +# define TS_R_UNSUPPORTED_MD_ALGORITHM 126 +# define TS_R_UNSUPPORTED_VERSION 113 +# define TS_R_VAR_BAD_VALUE 135 +# define TS_R_VAR_LOOKUP_FAILURE 136 +# define TS_R_WRONG_CONTENT_TYPE 114 + +# endif +#endif diff --git a/linux_amd64/ssl/include/openssl/txt_db.h b/linux_amd64/ssl/include/openssl/txt_db.h new file mode 100644 index 0000000..af169a3 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/txt_db.h @@ -0,0 +1,63 @@ +/* + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_TXT_DB_H +# define OPENSSL_TXT_DB_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_TXT_DB_H +# endif + +# include +# include +# include +# include + +# define DB_ERROR_OK 0 +# define DB_ERROR_MALLOC 1 +# define DB_ERROR_INDEX_CLASH 2 +# define DB_ERROR_INDEX_OUT_OF_RANGE 3 +# define DB_ERROR_NO_INDEX 4 +# define DB_ERROR_INSERT_INDEX_CLASH 5 +# define DB_ERROR_WRONG_NUM_FIELDS 6 + +#ifdef __cplusplus +extern "C" { +#endif + +typedef OPENSSL_STRING *OPENSSL_PSTRING; +DEFINE_SPECIAL_STACK_OF(OPENSSL_PSTRING, OPENSSL_STRING) + +typedef struct txt_db_st { + int num_fields; + STACK_OF(OPENSSL_PSTRING) *data; + LHASH_OF(OPENSSL_STRING) **index; + int (**qual) (OPENSSL_STRING *); + long error; + long arg1; + long arg2; + OPENSSL_STRING *arg_row; +} TXT_DB; + +TXT_DB *TXT_DB_read(BIO *in, int num); +long TXT_DB_write(BIO *out, TXT_DB *db); +int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (OPENSSL_STRING *), + OPENSSL_LH_HASHFUNC hash, OPENSSL_LH_COMPFUNC cmp); +void TXT_DB_free(TXT_DB *db); +OPENSSL_STRING *TXT_DB_get_by_index(TXT_DB *db, int idx, + OPENSSL_STRING *value); +int TXT_DB_insert(TXT_DB *db, OPENSSL_STRING *value); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/linux_amd64/ssl/include/openssl/types.h b/linux_amd64/ssl/include/openssl/types.h new file mode 100644 index 0000000..5761afc --- /dev/null +++ b/linux_amd64/ssl/include/openssl/types.h @@ -0,0 +1,231 @@ +/* + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_TYPES_H +# define OPENSSL_TYPES_H + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +# include +# include + +typedef struct ossl_provider_st OSSL_PROVIDER; /* Provider Object */ + +# ifdef NO_ASN1_TYPEDEFS +# define ASN1_INTEGER ASN1_STRING +# define ASN1_ENUMERATED ASN1_STRING +# define ASN1_BIT_STRING ASN1_STRING +# define ASN1_OCTET_STRING ASN1_STRING +# define ASN1_PRINTABLESTRING ASN1_STRING +# define ASN1_T61STRING ASN1_STRING +# define ASN1_IA5STRING ASN1_STRING +# define ASN1_UTCTIME ASN1_STRING +# define ASN1_GENERALIZEDTIME ASN1_STRING +# define ASN1_TIME ASN1_STRING +# define ASN1_GENERALSTRING ASN1_STRING +# define ASN1_UNIVERSALSTRING ASN1_STRING +# define ASN1_BMPSTRING ASN1_STRING +# define ASN1_VISIBLESTRING ASN1_STRING +# define ASN1_UTF8STRING ASN1_STRING +# define ASN1_BOOLEAN int +# define ASN1_NULL int +# else +typedef struct asn1_string_st ASN1_INTEGER; +typedef struct asn1_string_st ASN1_ENUMERATED; +typedef struct asn1_string_st ASN1_BIT_STRING; +typedef struct asn1_string_st ASN1_OCTET_STRING; +typedef struct asn1_string_st ASN1_PRINTABLESTRING; +typedef struct asn1_string_st ASN1_T61STRING; +typedef struct asn1_string_st ASN1_IA5STRING; +typedef struct asn1_string_st ASN1_GENERALSTRING; +typedef struct asn1_string_st ASN1_UNIVERSALSTRING; +typedef struct asn1_string_st ASN1_BMPSTRING; +typedef struct asn1_string_st ASN1_UTCTIME; +typedef struct asn1_string_st ASN1_TIME; +typedef struct asn1_string_st ASN1_GENERALIZEDTIME; +typedef struct asn1_string_st ASN1_VISIBLESTRING; +typedef struct asn1_string_st ASN1_UTF8STRING; +typedef struct asn1_string_st ASN1_STRING; +typedef int ASN1_BOOLEAN; +typedef int ASN1_NULL; +# endif + +typedef struct asn1_object_st ASN1_OBJECT; + +typedef struct ASN1_ITEM_st ASN1_ITEM; +typedef struct asn1_pctx_st ASN1_PCTX; +typedef struct asn1_sctx_st ASN1_SCTX; + +# ifdef _WIN32 +# undef X509_NAME +# undef X509_EXTENSIONS +# undef PKCS7_ISSUER_AND_SERIAL +# undef PKCS7_SIGNER_INFO +# undef OCSP_REQUEST +# undef OCSP_RESPONSE +# endif + +# ifdef BIGNUM +# undef BIGNUM +# endif + +typedef struct bio_st BIO; +typedef struct bignum_st BIGNUM; +typedef struct bignum_ctx BN_CTX; +typedef struct bn_blinding_st BN_BLINDING; +typedef struct bn_mont_ctx_st BN_MONT_CTX; +typedef struct bn_recp_ctx_st BN_RECP_CTX; +typedef struct bn_gencb_st BN_GENCB; + +typedef struct buf_mem_st BUF_MEM; + +STACK_OF(BIGNUM); +STACK_OF(BIGNUM_const); + +typedef struct err_state_st ERR_STATE; + +typedef struct evp_cipher_st EVP_CIPHER; +typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX; +typedef struct evp_md_st EVP_MD; +typedef struct evp_md_ctx_st EVP_MD_CTX; +typedef struct evp_mac_st EVP_MAC; +typedef struct evp_mac_ctx_st EVP_MAC_CTX; +typedef struct evp_pkey_st EVP_PKEY; + +typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD; + +typedef struct evp_pkey_method_st EVP_PKEY_METHOD; +typedef struct evp_pkey_ctx_st EVP_PKEY_CTX; + +typedef struct evp_keymgmt_st EVP_KEYMGMT; + +typedef struct evp_kdf_st EVP_KDF; +typedef struct evp_kdf_ctx_st EVP_KDF_CTX; + +typedef struct evp_keyexch_st EVP_KEYEXCH; + +typedef struct evp_signature_st EVP_SIGNATURE; + +typedef struct evp_asym_cipher_st EVP_ASYM_CIPHER; + +typedef struct evp_Encode_Ctx_st EVP_ENCODE_CTX; + +typedef struct hmac_ctx_st HMAC_CTX; + +typedef struct dh_st DH; +typedef struct dh_method DH_METHOD; + +typedef struct dsa_st DSA; +typedef struct dsa_method DSA_METHOD; + +typedef struct rsa_st RSA; +typedef struct rsa_meth_st RSA_METHOD; +typedef struct rsa_pss_params_st RSA_PSS_PARAMS; + +typedef struct ec_key_st EC_KEY; +typedef struct ec_key_method_st EC_KEY_METHOD; + +typedef struct rand_meth_st RAND_METHOD; +typedef struct rand_drbg_st RAND_DRBG; + +typedef struct ssl_dane_st SSL_DANE; +typedef struct x509_st X509; +typedef struct X509_algor_st X509_ALGOR; +typedef struct X509_crl_st X509_CRL; +typedef struct x509_crl_method_st X509_CRL_METHOD; +typedef struct x509_revoked_st X509_REVOKED; +typedef struct X509_name_st X509_NAME; +typedef struct X509_pubkey_st X509_PUBKEY; +typedef struct x509_store_st X509_STORE; +typedef struct x509_store_ctx_st X509_STORE_CTX; + +typedef struct x509_object_st X509_OBJECT; +typedef struct x509_lookup_st X509_LOOKUP; +typedef struct x509_lookup_method_st X509_LOOKUP_METHOD; +typedef struct X509_VERIFY_PARAM_st X509_VERIFY_PARAM; + +typedef struct x509_sig_info_st X509_SIG_INFO; + +typedef struct pkcs8_priv_key_info_st PKCS8_PRIV_KEY_INFO; + +typedef struct v3_ext_ctx X509V3_CTX; +typedef struct conf_st CONF; +typedef struct ossl_init_settings_st OPENSSL_INIT_SETTINGS; + +typedef struct ui_st UI; +typedef struct ui_method_st UI_METHOD; + +typedef struct engine_st ENGINE; +typedef struct ssl_st SSL; +typedef struct ssl_ctx_st SSL_CTX; + +typedef struct comp_ctx_st COMP_CTX; +typedef struct comp_method_st COMP_METHOD; + +typedef struct X509_POLICY_NODE_st X509_POLICY_NODE; +typedef struct X509_POLICY_LEVEL_st X509_POLICY_LEVEL; +typedef struct X509_POLICY_TREE_st X509_POLICY_TREE; +typedef struct X509_POLICY_CACHE_st X509_POLICY_CACHE; + +typedef struct AUTHORITY_KEYID_st AUTHORITY_KEYID; +typedef struct DIST_POINT_st DIST_POINT; +typedef struct ISSUING_DIST_POINT_st ISSUING_DIST_POINT; +typedef struct NAME_CONSTRAINTS_st NAME_CONSTRAINTS; + +typedef struct crypto_ex_data_st CRYPTO_EX_DATA; + +typedef struct ossl_http_req_ctx_st OCSP_REQ_CTX; /* backward compatibility */ +typedef struct ocsp_response_st OCSP_RESPONSE; +typedef struct ocsp_responder_id_st OCSP_RESPID; + +typedef struct sct_st SCT; +typedef struct sct_ctx_st SCT_CTX; +typedef struct ctlog_st CTLOG; +typedef struct ctlog_store_st CTLOG_STORE; +typedef struct ct_policy_eval_ctx_st CT_POLICY_EVAL_CTX; + +typedef struct ossl_store_info_st OSSL_STORE_INFO; +typedef struct ossl_store_search_st OSSL_STORE_SEARCH; + +typedef struct openssl_ctx_st OPENSSL_CTX; + +typedef struct ossl_dispatch_st OSSL_DISPATCH; +typedef struct ossl_item_st OSSL_ITEM; +typedef struct ossl_algorithm_st OSSL_ALGORITHM; +typedef struct ossl_param_st OSSL_PARAM; + +typedef int pem_password_cb (char *buf, int size, int rwflag, void *userdata); + +typedef struct ossl_serializer_st OSSL_SERIALIZER; +typedef struct ossl_serializer_ctx_st OSSL_SERIALIZER_CTX; + +#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L && \ + defined(INTMAX_MAX) && defined(UINTMAX_MAX) +typedef intmax_t ossl_intmax_t; +typedef uintmax_t ossl_uintmax_t; +#else +/* + * Not long long, because the C-library can only be expected to provide + * strtoll(), strtoull() at the same time as intmax_t and strtoimax(), + * strtoumax(). Since we use these for parsing arguments, we need the + * conversion functions, not just the sizes. + */ +typedef long ossl_intmax_t; +typedef unsigned long ossl_uintmax_t; +#endif + +#ifdef __cplusplus +} +#endif + +#endif /* OPENSSL_TYPES_H */ diff --git a/linux_amd64/ssl/include/openssl/ui.h b/linux_amd64/ssl/include/openssl/ui.h new file mode 100644 index 0000000..56fb6f5 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/ui.h @@ -0,0 +1,374 @@ +/* + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_UI_H +# define OPENSSL_UI_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_UI_H +# endif + +# include + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# include +# endif +# include +# include +# include +# include + +/* For compatibility reasons, the macro OPENSSL_NO_UI is currently retained */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# ifdef OPENSSL_NO_UI_CONSOLE +# define OPENSSL_NO_UI +# endif +# endif + +# ifdef __cplusplus +extern "C" { +# endif + +/* + * All the following functions return -1 or NULL on error and in some cases + * (UI_process()) -2 if interrupted or in some other way cancelled. When + * everything is fine, they return 0, a positive value or a non-NULL pointer, + * all depending on their purpose. + */ + +/* Creators and destructor. */ +UI *UI_new(void); +UI *UI_new_method(const UI_METHOD *method); +void UI_free(UI *ui); + +/*- + The following functions are used to add strings to be printed and prompt + strings to prompt for data. The names are UI_{add,dup}__string + and UI_{add,dup}_input_boolean. + + UI_{add,dup}__string have the following meanings: + add add a text or prompt string. The pointers given to these + functions are used verbatim, no copying is done. + dup make a copy of the text or prompt string, then add the copy + to the collection of strings in the user interface. + + The function is a name for the functionality that the given + string shall be used for. It can be one of: + input use the string as data prompt. + verify use the string as verification prompt. This + is used to verify a previous input. + info use the string for informational output. + error use the string for error output. + Honestly, there's currently no difference between info and error for the + moment. + + UI_{add,dup}_input_boolean have the same semantics for "add" and "dup", + and are typically used when one wants to prompt for a yes/no response. + + All of the functions in this group take a UI and a prompt string. + The string input and verify addition functions also take a flag argument, + a buffer for the result to end up with, a minimum input size and a maximum + input size (the result buffer MUST be large enough to be able to contain + the maximum number of characters). Additionally, the verify addition + functions takes another buffer to compare the result against. + The boolean input functions take an action description string (which should + be safe to ignore if the expected user action is obvious, for example with + a dialog box with an OK button and a Cancel button), a string of acceptable + characters to mean OK and to mean Cancel. The two last strings are checked + to make sure they don't have common characters. Additionally, the same + flag argument as for the string input is taken, as well as a result buffer. + The result buffer is required to be at least one byte long. Depending on + the answer, the first character from the OK or the Cancel character strings + will be stored in the first byte of the result buffer. No NUL will be + added, so the result is *not* a string. + + On success, the all return an index of the added information. That index + is useful when retrieving results with UI_get0_result(). */ +int UI_add_input_string(UI *ui, const char *prompt, int flags, + char *result_buf, int minsize, int maxsize); +int UI_dup_input_string(UI *ui, const char *prompt, int flags, + char *result_buf, int minsize, int maxsize); +int UI_add_verify_string(UI *ui, const char *prompt, int flags, + char *result_buf, int minsize, int maxsize, + const char *test_buf); +int UI_dup_verify_string(UI *ui, const char *prompt, int flags, + char *result_buf, int minsize, int maxsize, + const char *test_buf); +int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc, + const char *ok_chars, const char *cancel_chars, + int flags, char *result_buf); +int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc, + const char *ok_chars, const char *cancel_chars, + int flags, char *result_buf); +int UI_add_info_string(UI *ui, const char *text); +int UI_dup_info_string(UI *ui, const char *text); +int UI_add_error_string(UI *ui, const char *text); +int UI_dup_error_string(UI *ui, const char *text); + +/* These are the possible flags. They can be or'ed together. */ +/* Use to have echoing of input */ +# define UI_INPUT_FLAG_ECHO 0x01 +/* + * Use a default password. Where that password is found is completely up to + * the application, it might for example be in the user data set with + * UI_add_user_data(). It is not recommended to have more than one input in + * each UI being marked with this flag, or the application might get + * confused. + */ +# define UI_INPUT_FLAG_DEFAULT_PWD 0x02 + +/*- + * The user of these routines may want to define flags of their own. The core + * UI won't look at those, but will pass them on to the method routines. They + * must use higher bits so they don't get confused with the UI bits above. + * UI_INPUT_FLAG_USER_BASE tells which is the lowest bit to use. A good + * example of use is this: + * + * #define MY_UI_FLAG1 (0x01 << UI_INPUT_FLAG_USER_BASE) + * +*/ +# define UI_INPUT_FLAG_USER_BASE 16 + +/*- + * The following function helps construct a prompt. object_desc is a + * textual short description of the object, for example "pass phrase", + * and object_name is the name of the object (might be a card name or + * a file name. + * The returned string shall always be allocated on the heap with + * OPENSSL_malloc(), and need to be free'd with OPENSSL_free(). + * + * If the ui_method doesn't contain a pointer to a user-defined prompt + * constructor, a default string is built, looking like this: + * + * "Enter {object_desc} for {object_name}:" + * + * So, if object_desc has the value "pass phrase" and object_name has + * the value "foo.key", the resulting string is: + * + * "Enter pass phrase for foo.key:" +*/ +char *UI_construct_prompt(UI *ui_method, + const char *object_desc, const char *object_name); + +/* + * The following function is used to store a pointer to user-specific data. + * Any previous such pointer will be returned and replaced. + * + * For callback purposes, this function makes a lot more sense than using + * ex_data, since the latter requires that different parts of OpenSSL or + * applications share the same ex_data index. + * + * Note that the UI_OpenSSL() method completely ignores the user data. Other + * methods may not, however. + */ +void *UI_add_user_data(UI *ui, void *user_data); +/* + * Alternatively, this function is used to duplicate the user data. + * This uses the duplicator method function. The destroy function will + * be used to free the user data in this case. + */ +int UI_dup_user_data(UI *ui, void *user_data); +/* We need a user data retrieving function as well. */ +void *UI_get0_user_data(UI *ui); + +/* Return the result associated with a prompt given with the index i. */ +const char *UI_get0_result(UI *ui, int i); +int UI_get_result_length(UI *ui, int i); + +/* When all strings have been added, process the whole thing. */ +int UI_process(UI *ui); + +/* + * Give a user interface parameterised control commands. This can be used to + * send down an integer, a data pointer or a function pointer, as well as be + * used to get information from a UI. + */ +int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f) (void)); + +/* The commands */ +/* + * Use UI_CONTROL_PRINT_ERRORS with the value 1 to have UI_process print the + * OpenSSL error stack before printing any info or added error messages and + * before any prompting. + */ +# define UI_CTRL_PRINT_ERRORS 1 +/* + * Check if a UI_process() is possible to do again with the same instance of + * a user interface. This makes UI_ctrl() return 1 if it is redoable, and 0 + * if not. + */ +# define UI_CTRL_IS_REDOABLE 2 + +/* Some methods may use extra data */ +# define UI_set_app_data(s,arg) UI_set_ex_data(s,0,arg) +# define UI_get_app_data(s) UI_get_ex_data(s,0) + +# define UI_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_UI, l, p, newf, dupf, freef) +int UI_set_ex_data(UI *r, int idx, void *arg); +void *UI_get_ex_data(UI *r, int idx); + +/* Use specific methods instead of the built-in one */ +void UI_set_default_method(const UI_METHOD *meth); +const UI_METHOD *UI_get_default_method(void); +const UI_METHOD *UI_get_method(UI *ui); +const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth); + +# ifndef OPENSSL_NO_UI_CONSOLE + +/* The method with all the built-in thingies */ +UI_METHOD *UI_OpenSSL(void); + +# endif + +/* + * NULL method. Literally does nothing, but may serve as a placeholder + * to avoid internal default. + */ +const UI_METHOD *UI_null(void); + +/* ---------- For method writers ---------- */ +/*- + A method contains a number of functions that implement the low level + of the User Interface. The functions are: + + an opener This function starts a session, maybe by opening + a channel to a tty, or by opening a window. + a writer This function is called to write a given string, + maybe to the tty, maybe as a field label in a + window. + a flusher This function is called to flush everything that + has been output so far. It can be used to actually + display a dialog box after it has been built. + a reader This function is called to read a given prompt, + maybe from the tty, maybe from a field in a + window. Note that it's called with all string + structures, not only the prompt ones, so it must + check such things itself. + a closer This function closes the session, maybe by closing + the channel to the tty, or closing the window. + + All these functions are expected to return: + + 0 on error. + 1 on success. + -1 on out-of-band events, for example if some prompting has + been canceled (by pressing Ctrl-C, for example). This is + only checked when returned by the flusher or the reader. + + The way this is used, the opener is first called, then the writer for all + strings, then the flusher, then the reader for all strings and finally the + closer. Note that if you want to prompt from a terminal or other command + line interface, the best is to have the reader also write the prompts + instead of having the writer do it. If you want to prompt from a dialog + box, the writer can be used to build up the contents of the box, and the + flusher to actually display the box and run the event loop until all data + has been given, after which the reader only grabs the given data and puts + them back into the UI strings. + + All method functions take a UI as argument. Additionally, the writer and + the reader take a UI_STRING. +*/ + +/* + * The UI_STRING type is the data structure that contains all the needed info + * about a string or a prompt, including test data for a verification prompt. + */ +typedef struct ui_string_st UI_STRING; +DEFINE_STACK_OF(UI_STRING) + +/* + * The different types of strings that are currently supported. This is only + * needed by method authors. + */ +enum UI_string_types { + UIT_NONE = 0, + UIT_PROMPT, /* Prompt for a string */ + UIT_VERIFY, /* Prompt for a string and verify */ + UIT_BOOLEAN, /* Prompt for a yes/no response */ + UIT_INFO, /* Send info to the user */ + UIT_ERROR /* Send an error message to the user */ +}; + +/* Create and manipulate methods */ +UI_METHOD *UI_create_method(const char *name); +void UI_destroy_method(UI_METHOD *ui_method); +int UI_method_set_opener(UI_METHOD *method, int (*opener) (UI *ui)); +int UI_method_set_writer(UI_METHOD *method, + int (*writer) (UI *ui, UI_STRING *uis)); +int UI_method_set_flusher(UI_METHOD *method, int (*flusher) (UI *ui)); +int UI_method_set_reader(UI_METHOD *method, + int (*reader) (UI *ui, UI_STRING *uis)); +int UI_method_set_closer(UI_METHOD *method, int (*closer) (UI *ui)); +int UI_method_set_data_duplicator(UI_METHOD *method, + void *(*duplicator) (UI *ui, void *ui_data), + void (*destructor)(UI *ui, void *ui_data)); +int UI_method_set_prompt_constructor(UI_METHOD *method, + char *(*prompt_constructor) (UI *ui, + const char + *object_desc, + const char + *object_name)); +int UI_method_set_ex_data(UI_METHOD *method, int idx, void *data); +int (*UI_method_get_opener(const UI_METHOD *method)) (UI *); +int (*UI_method_get_writer(const UI_METHOD *method)) (UI *, UI_STRING *); +int (*UI_method_get_flusher(const UI_METHOD *method)) (UI *); +int (*UI_method_get_reader(const UI_METHOD *method)) (UI *, UI_STRING *); +int (*UI_method_get_closer(const UI_METHOD *method)) (UI *); +char *(*UI_method_get_prompt_constructor(const UI_METHOD *method)) + (UI *, const char *, const char *); +void *(*UI_method_get_data_duplicator(const UI_METHOD *method)) (UI *, void *); +void (*UI_method_get_data_destructor(const UI_METHOD *method)) (UI *, void *); +const void *UI_method_get_ex_data(const UI_METHOD *method, int idx); + +/* + * The following functions are helpers for method writers to access relevant + * data from a UI_STRING. + */ + +/* Return type of the UI_STRING */ +enum UI_string_types UI_get_string_type(UI_STRING *uis); +/* Return input flags of the UI_STRING */ +int UI_get_input_flags(UI_STRING *uis); +/* Return the actual string to output (the prompt, info or error) */ +const char *UI_get0_output_string(UI_STRING *uis); +/* + * Return the optional action string to output (the boolean prompt + * instruction) + */ +const char *UI_get0_action_string(UI_STRING *uis); +/* Return the result of a prompt */ +const char *UI_get0_result_string(UI_STRING *uis); +int UI_get_result_string_length(UI_STRING *uis); +/* + * Return the string to test the result against. Only useful with verifies. + */ +const char *UI_get0_test_string(UI_STRING *uis); +/* Return the required minimum size of the result */ +int UI_get_result_minsize(UI_STRING *uis); +/* Return the required maximum size of the result */ +int UI_get_result_maxsize(UI_STRING *uis); +/* Set the result of a UI_STRING. */ +int UI_set_result(UI *ui, UI_STRING *uis, const char *result); +int UI_set_result_ex(UI *ui, UI_STRING *uis, const char *result, int len); + +/* A couple of popular utility functions */ +int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt, + int verify); +int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt, + int verify); +UI_METHOD *UI_UTIL_wrap_read_pem_callback(pem_password_cb *cb, int rwflag); + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/linux_amd64/ssl/include/openssl/uierr.h b/linux_amd64/ssl/include/openssl/uierr.h new file mode 100644 index 0000000..dbc6432 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/uierr.h @@ -0,0 +1,73 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_UIERR_H +# define OPENSSL_UIERR_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_UIERR_H +# endif + +# include +# include + + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_UI_strings(void); + +/* + * UI function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define UI_F_CLOSE_CONSOLE 0 +# define UI_F_ECHO_CONSOLE 0 +# define UI_F_GENERAL_ALLOCATE_BOOLEAN 0 +# define UI_F_GENERAL_ALLOCATE_PROMPT 0 +# define UI_F_NOECHO_CONSOLE 0 +# define UI_F_OPEN_CONSOLE 0 +# define UI_F_UI_CONSTRUCT_PROMPT 0 +# define UI_F_UI_CREATE_METHOD 0 +# define UI_F_UI_CTRL 0 +# define UI_F_UI_DUP_ERROR_STRING 0 +# define UI_F_UI_DUP_INFO_STRING 0 +# define UI_F_UI_DUP_INPUT_BOOLEAN 0 +# define UI_F_UI_DUP_INPUT_STRING 0 +# define UI_F_UI_DUP_USER_DATA 0 +# define UI_F_UI_DUP_VERIFY_STRING 0 +# define UI_F_UI_GET0_RESULT 0 +# define UI_F_UI_GET_RESULT_LENGTH 0 +# define UI_F_UI_NEW_METHOD 0 +# define UI_F_UI_PROCESS 0 +# define UI_F_UI_SET_RESULT 0 +# define UI_F_UI_SET_RESULT_EX 0 +# endif + +/* + * UI reason codes. + */ +# define UI_R_COMMON_OK_AND_CANCEL_CHARACTERS 104 +# define UI_R_INDEX_TOO_LARGE 102 +# define UI_R_INDEX_TOO_SMALL 103 +# define UI_R_NO_RESULT_BUFFER 105 +# define UI_R_PROCESSING_ERROR 107 +# define UI_R_RESULT_TOO_LARGE 100 +# define UI_R_RESULT_TOO_SMALL 101 +# define UI_R_SYSASSIGN_ERROR 109 +# define UI_R_SYSDASSGN_ERROR 110 +# define UI_R_SYSQIOW_ERROR 111 +# define UI_R_UNKNOWN_CONTROL_COMMAND 106 +# define UI_R_UNKNOWN_TTYGET_ERRNO_VALUE 108 +# define UI_R_USER_DATA_DUPLICATION_UNSUPPORTED 112 + +#endif diff --git a/linux_amd64/ssl/include/openssl/whrlpool.h b/linux_amd64/ssl/include/openssl/whrlpool.h new file mode 100644 index 0000000..cc8802f --- /dev/null +++ b/linux_amd64/ssl/include/openssl/whrlpool.h @@ -0,0 +1,61 @@ +/* + * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_WHRLPOOL_H +# define OPENSSL_WHRLPOOL_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_WHRLPOOL_H +# endif + +# include + +# ifndef OPENSSL_NO_WHIRLPOOL +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + +# define WHIRLPOOL_DIGEST_LENGTH (512/8) + +# if !defined(OPENSSL_NO_DEPRECATED_3_0) + +# define WHIRLPOOL_BBLOCK 512 +# define WHIRLPOOL_COUNTER (256/8) + +typedef struct { + union { + unsigned char c[WHIRLPOOL_DIGEST_LENGTH]; + /* double q is here to ensure 64-bit alignment */ + double q[WHIRLPOOL_DIGEST_LENGTH / sizeof(double)]; + } H; + unsigned char data[WHIRLPOOL_BBLOCK / 8]; + unsigned int bitoff; + size_t bitlen[WHIRLPOOL_COUNTER / sizeof(size_t)]; +} WHIRLPOOL_CTX; +# endif + +DEPRECATEDIN_3_0(int WHIRLPOOL_Init(WHIRLPOOL_CTX *c)) +DEPRECATEDIN_3_0(int WHIRLPOOL_Update(WHIRLPOOL_CTX *c, + const void *inp, size_t bytes)) +DEPRECATEDIN_3_0(void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c, const void *inp, + size_t bits)) +DEPRECATEDIN_3_0(int WHIRLPOOL_Final(unsigned char *md, WHIRLPOOL_CTX *c)) +DEPRECATEDIN_3_0(unsigned char *WHIRLPOOL(const void *inp, size_t bytes, + unsigned char *md)) + +# ifdef __cplusplus +} +# endif +# endif + +#endif diff --git a/linux_amd64/ssl/include/openssl/x509.h b/linux_amd64/ssl/include/openssl/x509.h new file mode 100644 index 0000000..a2d6e44 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/x509.h @@ -0,0 +1,1071 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_X509_H +# define OPENSSL_X509_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_X509_H +# endif + +# include +# include +# include +# include +# include +# include +# include +# include +# include + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# include +# include +# include +# endif + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + + +/* Flags for X509_get_signature_info() */ +/* Signature info is valid */ +# define X509_SIG_INFO_VALID 0x1 +/* Signature is suitable for TLS use */ +# define X509_SIG_INFO_TLS 0x2 + +# define X509_FILETYPE_PEM 1 +# define X509_FILETYPE_ASN1 2 +# define X509_FILETYPE_DEFAULT 3 + +# define X509v3_KU_DIGITAL_SIGNATURE 0x0080 +# define X509v3_KU_NON_REPUDIATION 0x0040 +# define X509v3_KU_KEY_ENCIPHERMENT 0x0020 +# define X509v3_KU_DATA_ENCIPHERMENT 0x0010 +# define X509v3_KU_KEY_AGREEMENT 0x0008 +# define X509v3_KU_KEY_CERT_SIGN 0x0004 +# define X509v3_KU_CRL_SIGN 0x0002 +# define X509v3_KU_ENCIPHER_ONLY 0x0001 +# define X509v3_KU_DECIPHER_ONLY 0x8000 +# define X509v3_KU_UNDEF 0xffff + +struct X509_algor_st { + ASN1_OBJECT *algorithm; + ASN1_TYPE *parameter; +} /* X509_ALGOR */ ; + +typedef STACK_OF(X509_ALGOR) X509_ALGORS; + +typedef struct X509_val_st { + ASN1_TIME *notBefore; + ASN1_TIME *notAfter; +} X509_VAL; + +typedef struct X509_sig_st X509_SIG; + +typedef struct X509_name_entry_st X509_NAME_ENTRY; + +DEFINE_STACK_OF(X509_NAME_ENTRY) + +DEFINE_STACK_OF(X509_NAME) + +# define X509_EX_V_NETSCAPE_HACK 0x8000 +# define X509_EX_V_INIT 0x0001 +typedef struct X509_extension_st X509_EXTENSION; + +typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS; + +DEFINE_STACK_OF(X509_EXTENSION) + +typedef struct x509_attributes_st X509_ATTRIBUTE; + +DEFINE_STACK_OF(X509_ATTRIBUTE) + +typedef struct X509_req_info_st X509_REQ_INFO; + +typedef struct X509_req_st X509_REQ; + +typedef struct x509_cert_aux_st X509_CERT_AUX; + +typedef struct x509_cinf_st X509_CINF; + +DEFINE_STACK_OF(X509) + +/* This is used for a table of trust checking functions */ + +typedef struct x509_trust_st { + int trust; + int flags; + int (*check_trust) (struct x509_trust_st *, X509 *, int); + char *name; + int arg1; + void *arg2; +} X509_TRUST; + +DEFINE_STACK_OF(X509_TRUST) + +/* standard trust ids */ + +# define X509_TRUST_DEFAULT 0 /* Only valid in purpose settings */ + +# define X509_TRUST_COMPAT 1 +# define X509_TRUST_SSL_CLIENT 2 +# define X509_TRUST_SSL_SERVER 3 +# define X509_TRUST_EMAIL 4 +# define X509_TRUST_OBJECT_SIGN 5 +# define X509_TRUST_OCSP_SIGN 6 +# define X509_TRUST_OCSP_REQUEST 7 +# define X509_TRUST_TSA 8 + +/* Keep these up to date! */ +# define X509_TRUST_MIN 1 +# define X509_TRUST_MAX 8 + +/* trust_flags values */ +# define X509_TRUST_DYNAMIC (1U << 0) +# define X509_TRUST_DYNAMIC_NAME (1U << 1) +/* No compat trust if self-signed, preempts "DO_SS" */ +# define X509_TRUST_NO_SS_COMPAT (1U << 2) +/* Compat trust if no explicit accepted trust EKUs */ +# define X509_TRUST_DO_SS_COMPAT (1U << 3) +/* Accept "anyEKU" as a wildcard trust OID */ +# define X509_TRUST_OK_ANY_EKU (1U << 4) + +/* check_trust return codes */ + +# define X509_TRUST_TRUSTED 1 +# define X509_TRUST_REJECTED 2 +# define X509_TRUST_UNTRUSTED 3 + +/* Flags for X509_print_ex() */ + +# define X509_FLAG_COMPAT 0 +# define X509_FLAG_NO_HEADER 1L +# define X509_FLAG_NO_VERSION (1L << 1) +# define X509_FLAG_NO_SERIAL (1L << 2) +# define X509_FLAG_NO_SIGNAME (1L << 3) +# define X509_FLAG_NO_ISSUER (1L << 4) +# define X509_FLAG_NO_VALIDITY (1L << 5) +# define X509_FLAG_NO_SUBJECT (1L << 6) +# define X509_FLAG_NO_PUBKEY (1L << 7) +# define X509_FLAG_NO_EXTENSIONS (1L << 8) +# define X509_FLAG_NO_SIGDUMP (1L << 9) +# define X509_FLAG_NO_AUX (1L << 10) +# define X509_FLAG_NO_ATTRIBUTES (1L << 11) +# define X509_FLAG_NO_IDS (1L << 12) + +/* Flags specific to X509_NAME_print_ex() */ + +/* The field separator information */ + +# define XN_FLAG_SEP_MASK (0xf << 16) + +# define XN_FLAG_COMPAT 0/* Traditional; use old X509_NAME_print */ +# define XN_FLAG_SEP_COMMA_PLUS (1 << 16)/* RFC2253 ,+ */ +# define XN_FLAG_SEP_CPLUS_SPC (2 << 16)/* ,+ spaced: more readable */ +# define XN_FLAG_SEP_SPLUS_SPC (3 << 16)/* ;+ spaced */ +# define XN_FLAG_SEP_MULTILINE (4 << 16)/* One line per field */ + +# define XN_FLAG_DN_REV (1 << 20)/* Reverse DN order */ + +/* How the field name is shown */ + +# define XN_FLAG_FN_MASK (0x3 << 21) + +# define XN_FLAG_FN_SN 0/* Object short name */ +# define XN_FLAG_FN_LN (1 << 21)/* Object long name */ +# define XN_FLAG_FN_OID (2 << 21)/* Always use OIDs */ +# define XN_FLAG_FN_NONE (3 << 21)/* No field names */ + +# define XN_FLAG_SPC_EQ (1 << 23)/* Put spaces round '=' */ + +/* + * This determines if we dump fields we don't recognise: RFC2253 requires + * this. + */ + +# define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24) + +# define XN_FLAG_FN_ALIGN (1 << 25)/* Align field names to 20 + * characters */ + +/* Complete set of RFC2253 flags */ + +# define XN_FLAG_RFC2253 (ASN1_STRFLGS_RFC2253 | \ + XN_FLAG_SEP_COMMA_PLUS | \ + XN_FLAG_DN_REV | \ + XN_FLAG_FN_SN | \ + XN_FLAG_DUMP_UNKNOWN_FIELDS) + +/* readable oneline form */ + +# define XN_FLAG_ONELINE (ASN1_STRFLGS_RFC2253 | \ + ASN1_STRFLGS_ESC_QUOTE | \ + XN_FLAG_SEP_CPLUS_SPC | \ + XN_FLAG_SPC_EQ | \ + XN_FLAG_FN_SN) + +/* readable multiline form */ + +# define XN_FLAG_MULTILINE (ASN1_STRFLGS_ESC_CTRL | \ + ASN1_STRFLGS_ESC_MSB | \ + XN_FLAG_SEP_MULTILINE | \ + XN_FLAG_SPC_EQ | \ + XN_FLAG_FN_LN | \ + XN_FLAG_FN_ALIGN) + +DEFINE_STACK_OF(X509_REVOKED) + +typedef struct X509_crl_info_st X509_CRL_INFO; + +DEFINE_STACK_OF(X509_CRL) + +typedef struct private_key_st { + int version; + /* The PKCS#8 data types */ + X509_ALGOR *enc_algor; + ASN1_OCTET_STRING *enc_pkey; /* encrypted pub key */ + /* When decrypted, the following will not be NULL */ + EVP_PKEY *dec_pkey; + /* used to encrypt and decrypt */ + int key_length; + char *key_data; + int key_free; /* true if we should auto free key_data */ + /* expanded version of 'enc_algor' */ + EVP_CIPHER_INFO cipher; +} X509_PKEY; + +typedef struct X509_info_st { + X509 *x509; + X509_CRL *crl; + X509_PKEY *x_pkey; + EVP_CIPHER_INFO enc_cipher; + int enc_len; + char *enc_data; +} X509_INFO; + +DEFINE_STACK_OF(X509_INFO) + +/* + * The next 2 structures and their 8 routines are used to manipulate Netscape's + * spki structures - useful if you are writing a CA web page + */ +typedef struct Netscape_spkac_st { + X509_PUBKEY *pubkey; + ASN1_IA5STRING *challenge; /* challenge sent in atlas >= PR2 */ +} NETSCAPE_SPKAC; + +typedef struct Netscape_spki_st { + NETSCAPE_SPKAC *spkac; /* signed public key and challenge */ + X509_ALGOR sig_algor; + ASN1_BIT_STRING *signature; +} NETSCAPE_SPKI; + +/* Netscape certificate sequence structure */ +typedef struct Netscape_certificate_sequence { + ASN1_OBJECT *type; + STACK_OF(X509) *certs; +} NETSCAPE_CERT_SEQUENCE; + +/*- Unused (and iv length is wrong) +typedef struct CBCParameter_st + { + unsigned char iv[8]; + } CBC_PARAM; +*/ + +/* Password based encryption structure */ + +typedef struct PBEPARAM_st { + ASN1_OCTET_STRING *salt; + ASN1_INTEGER *iter; +} PBEPARAM; + +/* Password based encryption V2 structures */ + +typedef struct PBE2PARAM_st { + X509_ALGOR *keyfunc; + X509_ALGOR *encryption; +} PBE2PARAM; + +typedef struct PBKDF2PARAM_st { +/* Usually OCTET STRING but could be anything */ + ASN1_TYPE *salt; + ASN1_INTEGER *iter; + ASN1_INTEGER *keylength; + X509_ALGOR *prf; +} PBKDF2PARAM; + +#ifndef OPENSSL_NO_SCRYPT +typedef struct SCRYPT_PARAMS_st { + ASN1_OCTET_STRING *salt; + ASN1_INTEGER *costParameter; + ASN1_INTEGER *blockSize; + ASN1_INTEGER *parallelizationParameter; + ASN1_INTEGER *keyLength; +} SCRYPT_PARAMS; +#endif + +#ifdef __cplusplus +} +#endif + +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# define X509_EXT_PACK_UNKNOWN 1 +# define X509_EXT_PACK_STRING 2 + +# define X509_extract_key(x) X509_get_pubkey(x)/*****/ +# define X509_REQ_extract_key(a) X509_REQ_get_pubkey(a) +# define X509_name_cmp(a,b) X509_NAME_cmp((a),(b)) + +void X509_CRL_set_default_method(const X509_CRL_METHOD *meth); +X509_CRL_METHOD *X509_CRL_METHOD_new(int (*crl_init) (X509_CRL *crl), + int (*crl_free) (X509_CRL *crl), + int (*crl_lookup) (X509_CRL *crl, + X509_REVOKED **ret, + ASN1_INTEGER *ser, + X509_NAME *issuer), + int (*crl_verify) (X509_CRL *crl, + EVP_PKEY *pk)); +void X509_CRL_METHOD_free(X509_CRL_METHOD *m); + +void X509_CRL_set_meth_data(X509_CRL *crl, void *dat); +void *X509_CRL_get_meth_data(X509_CRL *crl); + +const char *X509_verify_cert_error_string(long n); + +int X509_verify(X509 *a, EVP_PKEY *r); + +int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r); +int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r); +int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r); + +NETSCAPE_SPKI *NETSCAPE_SPKI_b64_decode(const char *str, int len); +char *NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *x); +EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x); +int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey); + +int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki); + +int X509_signature_dump(BIO *bp, const ASN1_STRING *sig, int indent); +int X509_signature_print(BIO *bp, const X509_ALGOR *alg, + const ASN1_STRING *sig); + +int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); +int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx); +int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md); +int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx); +int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md); +int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx); +int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md); + +int X509_pubkey_digest(const X509 *data, const EVP_MD *type, + unsigned char *md, unsigned int *len); +int X509_digest(const X509 *data, const EVP_MD *type, + unsigned char *md, unsigned int *len); +int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, + unsigned char *md, unsigned int *len); +int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, + unsigned char *md, unsigned int *len); +int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, + unsigned char *md, unsigned int *len); + +# if !defined(OPENSSL_NO_SOCK) +X509 *X509_load_http(const char *url, BIO *bio, BIO *rbio, int timeout); +# define X509_http_nbio(url) X509_load_http(url, NULL, NULL, 0) +X509_CRL *X509_CRL_load_http(const char *url, BIO *bio, BIO *rbio, int timeout); +# define X509_CRL_http_nbio(url) X509_CRL_load_http(url, NULL, NULL, 0) +# endif + +# ifndef OPENSSL_NO_STDIO +X509 *d2i_X509_fp(FILE *fp, X509 **x509); +int i2d_X509_fp(FILE *fp, const X509 *x509); +X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl); +int i2d_X509_CRL_fp(FILE *fp, const X509_CRL *crl); +X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req); +int i2d_X509_REQ_fp(FILE *fp, const X509_REQ *req); +# ifndef OPENSSL_NO_RSA +RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa); +int i2d_RSAPrivateKey_fp(FILE *fp, const RSA *rsa); +RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa); +int i2d_RSAPublicKey_fp(FILE *fp, const RSA *rsa); +RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa); +int i2d_RSA_PUBKEY_fp(FILE *fp, const RSA *rsa); +# endif +# ifndef OPENSSL_NO_DSA +DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa); +int i2d_DSA_PUBKEY_fp(FILE *fp, const DSA *dsa); +DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa); +int i2d_DSAPrivateKey_fp(FILE *fp, const DSA *dsa); +# endif +# ifndef OPENSSL_NO_EC +EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey); +int i2d_EC_PUBKEY_fp(FILE *fp, const EC_KEY *eckey); +EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey); +int i2d_ECPrivateKey_fp(FILE *fp, const EC_KEY *eckey); +# endif +X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8); +int i2d_PKCS8_fp(FILE *fp, const X509_SIG *p8); +X509_PUBKEY *d2i_X509_PUBKEY_fp(FILE *fp, X509_PUBKEY **xpk); +int i2d_X509_PUBKEY_fp(FILE *fp, const X509_PUBKEY *xpk); +PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, + PKCS8_PRIV_KEY_INFO **p8inf); +int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, const PKCS8_PRIV_KEY_INFO *p8inf); +int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, const EVP_PKEY *key); +int i2d_PrivateKey_fp(FILE *fp, const EVP_PKEY *pkey); +EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a); +int i2d_PUBKEY_fp(FILE *fp, const EVP_PKEY *pkey); +EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a); +# endif + +X509 *d2i_X509_bio(BIO *bp, X509 **x509); +int i2d_X509_bio(BIO *bp, const X509 *x509); +X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl); +int i2d_X509_CRL_bio(BIO *bp, const X509_CRL *crl); +X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req); +int i2d_X509_REQ_bio(BIO *bp, const X509_REQ *req); +# ifndef OPENSSL_NO_RSA +RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa); +int i2d_RSAPrivateKey_bio(BIO *bp, const RSA *rsa); +RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa); +int i2d_RSAPublicKey_bio(BIO *bp, const RSA *rsa); +RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa); +int i2d_RSA_PUBKEY_bio(BIO *bp, const RSA *rsa); +# endif +# ifndef OPENSSL_NO_DSA +DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa); +int i2d_DSA_PUBKEY_bio(BIO *bp, const DSA *dsa); +DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa); +int i2d_DSAPrivateKey_bio(BIO *bp, const DSA *dsa); +# endif +# ifndef OPENSSL_NO_EC +EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey); +int i2d_EC_PUBKEY_bio(BIO *bp, const EC_KEY *eckey); +EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey); +int i2d_ECPrivateKey_bio(BIO *bp, const EC_KEY *eckey); +# endif +X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8); +int i2d_PKCS8_bio(BIO *bp, const X509_SIG *p8); +X509_PUBKEY *d2i_X509_PUBKEY_bio(BIO *bp, X509_PUBKEY **xpk); +int i2d_X509_PUBKEY_bio(BIO *bp, const X509_PUBKEY *xpk); +PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, + PKCS8_PRIV_KEY_INFO **p8inf); +int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, const PKCS8_PRIV_KEY_INFO *p8inf); +int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, const EVP_PKEY *key); +int i2d_PrivateKey_bio(BIO *bp, const EVP_PKEY *pkey); +EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a); +int i2d_PUBKEY_bio(BIO *bp, const EVP_PKEY *pkey); +EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a); + +DECLARE_ASN1_DUP_FUNCTION(X509) +DECLARE_ASN1_DUP_FUNCTION(X509_ALGOR) +DECLARE_ASN1_DUP_FUNCTION(X509_ATTRIBUTE) +DECLARE_ASN1_DUP_FUNCTION(X509_CRL) +DECLARE_ASN1_DUP_FUNCTION(X509_EXTENSION) +DECLARE_ASN1_DUP_FUNCTION(X509_PUBKEY) +DECLARE_ASN1_DUP_FUNCTION(X509_REQ) +DECLARE_ASN1_DUP_FUNCTION(X509_REVOKED) +int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, + void *pval); +void X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype, + const void **ppval, const X509_ALGOR *algor); +void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md); +int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b); + +DECLARE_ASN1_DUP_FUNCTION(X509_NAME) +DECLARE_ASN1_DUP_FUNCTION(X509_NAME_ENTRY) + +int X509_cmp_time(const ASN1_TIME *s, time_t *t); +int X509_cmp_current_time(const ASN1_TIME *s); +int X509_cmp_timeframe(const X509_VERIFY_PARAM *vpm, + const ASN1_TIME *start, const ASN1_TIME *end); +ASN1_TIME *X509_time_adj(ASN1_TIME *s, long adj, time_t *t); +ASN1_TIME *X509_time_adj_ex(ASN1_TIME *s, + int offset_day, long offset_sec, time_t *t); +ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj); + +const char *X509_get_default_cert_area(void); +const char *X509_get_default_cert_dir(void); +const char *X509_get_default_cert_file(void); +const char *X509_get_default_cert_dir_env(void); +const char *X509_get_default_cert_file_env(void); +const char *X509_get_default_private_dir(void); + +X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); +X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey); + +DECLARE_ASN1_FUNCTIONS(X509_ALGOR) +DECLARE_ASN1_ENCODE_FUNCTIONS(X509_ALGORS, X509_ALGORS, X509_ALGORS) +DECLARE_ASN1_FUNCTIONS(X509_VAL) + +DECLARE_ASN1_FUNCTIONS(X509_PUBKEY) + +int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey); +EVP_PKEY *X509_PUBKEY_get0(X509_PUBKEY *key); +EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key); +int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain); +long X509_get_pathlen(X509 *x); +DECLARE_ASN1_ENCODE_FUNCTIONS_only(EVP_PKEY, PUBKEY) +# ifndef OPENSSL_NO_RSA +DECLARE_ASN1_ENCODE_FUNCTIONS_only(RSA, RSA_PUBKEY) +# endif +# ifndef OPENSSL_NO_DSA +DECLARE_ASN1_ENCODE_FUNCTIONS_only(DSA, DSA_PUBKEY) +# endif +# ifndef OPENSSL_NO_EC +DECLARE_ASN1_ENCODE_FUNCTIONS_only(EC_KEY, EC_PUBKEY) +# endif + +DECLARE_ASN1_FUNCTIONS(X509_SIG) +void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg, + const ASN1_OCTET_STRING **pdigest); +void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg, + ASN1_OCTET_STRING **pdigest); + +DECLARE_ASN1_FUNCTIONS(X509_REQ_INFO) +DECLARE_ASN1_FUNCTIONS(X509_REQ) + +DECLARE_ASN1_FUNCTIONS(X509_ATTRIBUTE) +X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value); + +DECLARE_ASN1_FUNCTIONS(X509_EXTENSION) +DECLARE_ASN1_ENCODE_FUNCTIONS(X509_EXTENSIONS, X509_EXTENSIONS, X509_EXTENSIONS) + +DECLARE_ASN1_FUNCTIONS(X509_NAME_ENTRY) + +DECLARE_ASN1_FUNCTIONS(X509_NAME) + +int X509_NAME_set(X509_NAME **xn, const X509_NAME *name); + +DECLARE_ASN1_FUNCTIONS(X509_CINF) +DECLARE_ASN1_FUNCTIONS(X509) +DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX) + +#define X509_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, l, p, newf, dupf, freef) +int X509_set_ex_data(X509 *r, int idx, void *arg); +void *X509_get_ex_data(X509 *r, int idx); +DECLARE_ASN1_ENCODE_FUNCTIONS_only(X509,X509_AUX) + +int i2d_re_X509_tbs(X509 *x, unsigned char **pp); + +int X509_SIG_INFO_get(const X509_SIG_INFO *siginf, int *mdnid, int *pknid, + int *secbits, uint32_t *flags); +void X509_SIG_INFO_set(X509_SIG_INFO *siginf, int mdnid, int pknid, + int secbits, uint32_t flags); + +int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits, + uint32_t *flags); + +void X509_get0_signature(const ASN1_BIT_STRING **psig, + const X509_ALGOR **palg, const X509 *x); +int X509_get_signature_nid(const X509 *x); + +# ifndef OPENSSL_NO_SM2 +void X509_set0_sm2_id(X509 *x, ASN1_OCTET_STRING *sm2_id); +ASN1_OCTET_STRING *X509_get0_sm2_id(X509 *x); +void X509_REQ_set0_sm2_id(X509_REQ *x, ASN1_OCTET_STRING *sm2_id); +ASN1_OCTET_STRING *X509_REQ_get0_sm2_id(X509_REQ *x); +# endif + +int X509_trusted(const X509 *x); +int X509_alias_set1(X509 *x, const unsigned char *name, int len); +int X509_keyid_set1(X509 *x, const unsigned char *id, int len); +unsigned char *X509_alias_get0(X509 *x, int *len); +unsigned char *X509_keyid_get0(X509 *x, int *len); +int (*X509_TRUST_set_default(int (*trust) (int, X509 *, int))) (int, X509 *, + int); +int X509_TRUST_set(int *t, int trust); +int X509_add1_trust_object(X509 *x, const ASN1_OBJECT *obj); +int X509_add1_reject_object(X509 *x, const ASN1_OBJECT *obj); +void X509_trust_clear(X509 *x); +void X509_reject_clear(X509 *x); + +STACK_OF(ASN1_OBJECT) *X509_get0_trust_objects(X509 *x); +STACK_OF(ASN1_OBJECT) *X509_get0_reject_objects(X509 *x); + +DECLARE_ASN1_FUNCTIONS(X509_REVOKED) +DECLARE_ASN1_FUNCTIONS(X509_CRL_INFO) +DECLARE_ASN1_FUNCTIONS(X509_CRL) + +int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev); +int X509_CRL_get0_by_serial(X509_CRL *crl, + X509_REVOKED **ret, ASN1_INTEGER *serial); +int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x); + +X509_PKEY *X509_PKEY_new(void); +void X509_PKEY_free(X509_PKEY *a); + +DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKI) +DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKAC) +DECLARE_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE) + +X509_INFO *X509_INFO_new(void); +void X509_INFO_free(X509_INFO *a); +char *X509_NAME_oneline(const X509_NAME *a, char *buf, int size); + +DEPRECATEDIN_3_0(int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *algor1, + ASN1_BIT_STRING *signature, char *data, + EVP_PKEY *pkey)) + +DEPRECATEDIN_3_0(int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, + char *data, + unsigned char *md, unsigned int *len)) + +DEPRECATEDIN_3_0(int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, + X509_ALGOR *algor2, ASN1_BIT_STRING *signature, + char *data, EVP_PKEY *pkey, const EVP_MD *type)) + +int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *data, + unsigned char *md, unsigned int *len); + +int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *algor1, + ASN1_BIT_STRING *signature, void *data, EVP_PKEY *pkey); +int ASN1_item_verify_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, + ASN1_BIT_STRING *signature, void *data, + EVP_MD_CTX *ctx); + +int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, + X509_ALGOR *algor2, ASN1_BIT_STRING *signature, void *data, + EVP_PKEY *pkey, const EVP_MD *type); +int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, + X509_ALGOR *algor2, ASN1_BIT_STRING *signature, + void *asn, EVP_MD_CTX *ctx); + +long X509_get_version(const X509 *x); +int X509_set_version(X509 *x, long version); +int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial); +ASN1_INTEGER *X509_get_serialNumber(X509 *x); +const ASN1_INTEGER *X509_get0_serialNumber(const X509 *x); +int X509_set_issuer_name(X509 *x, X509_NAME *name); +X509_NAME *X509_get_issuer_name(const X509 *a); +int X509_set_subject_name(X509 *x, X509_NAME *name); +X509_NAME *X509_get_subject_name(const X509 *a); +const ASN1_TIME * X509_get0_notBefore(const X509 *x); +ASN1_TIME *X509_getm_notBefore(const X509 *x); +int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm); +const ASN1_TIME *X509_get0_notAfter(const X509 *x); +ASN1_TIME *X509_getm_notAfter(const X509 *x); +int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm); +int X509_set_pubkey(X509 *x, EVP_PKEY *pkey); +int X509_up_ref(X509 *x); +int X509_get_signature_type(const X509 *x); + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define X509_get_notBefore X509_getm_notBefore +# define X509_get_notAfter X509_getm_notAfter +# define X509_set_notBefore X509_set1_notBefore +# define X509_set_notAfter X509_set1_notAfter +#endif + + +/* + * This one is only used so that a binary form can output, as in + * i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x), &buf) + */ +X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x); +const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x); +void X509_get0_uids(const X509 *x, const ASN1_BIT_STRING **piuid, + const ASN1_BIT_STRING **psuid); +const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x); + +EVP_PKEY *X509_get0_pubkey(const X509 *x); +EVP_PKEY *X509_get_pubkey(X509 *x); +ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x); +int X509_certificate_type(const X509 *x, const EVP_PKEY *pubkey); + +long X509_REQ_get_version(const X509_REQ *req); +int X509_REQ_set_version(X509_REQ *x, long version); +X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req); +int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name); +void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig, + const X509_ALGOR **palg); +int X509_REQ_get_signature_nid(const X509_REQ *req); +int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp); +int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey); +EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req); +EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req); +X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req); +int X509_REQ_extension_nid(int nid); +int *X509_REQ_get_extension_nids(void); +void X509_REQ_set_extension_nids(int *nids); +STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req); +int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts, + int nid); +int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts); +int X509_REQ_get_attr_count(const X509_REQ *req); +int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, int lastpos); +int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, const ASN1_OBJECT *obj, + int lastpos); +X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc); +X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc); +int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr); +int X509_REQ_add1_attr_by_OBJ(X509_REQ *req, + const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, int len); +int X509_REQ_add1_attr_by_NID(X509_REQ *req, + int nid, int type, + const unsigned char *bytes, int len); +int X509_REQ_add1_attr_by_txt(X509_REQ *req, + const char *attrname, int type, + const unsigned char *bytes, int len); + +int X509_CRL_set_version(X509_CRL *x, long version); +int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name); +int X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm); +int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm); +int X509_CRL_sort(X509_CRL *crl); +int X509_CRL_up_ref(X509_CRL *crl); + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define X509_CRL_set_lastUpdate X509_CRL_set1_lastUpdate +# define X509_CRL_set_nextUpdate X509_CRL_set1_nextUpdate +#endif + +long X509_CRL_get_version(const X509_CRL *crl); +const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl); +const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl); +DEPRECATEDIN_1_1_0(ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl)) +DEPRECATEDIN_1_1_0(ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl)) +X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl); +const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(const X509_CRL *crl); +STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl); +void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig, + const X509_ALGOR **palg); +int X509_CRL_get_signature_nid(const X509_CRL *crl); +int i2d_re_X509_CRL_tbs(X509_CRL *req, unsigned char **pp); + +const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *x); +int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial); +const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOKED *x); +int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm); +const STACK_OF(X509_EXTENSION) * +X509_REVOKED_get0_extensions(const X509_REVOKED *r); + +X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer, + EVP_PKEY *skey, const EVP_MD *md, unsigned int flags); + +int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey); + +int X509_check_private_key(const X509 *x509, const EVP_PKEY *pkey); +int X509_chain_check_suiteb(int *perror_depth, + X509 *x, STACK_OF(X509) *chain, + unsigned long flags); +int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags); +STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain); + +int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b); +unsigned long X509_issuer_and_serial_hash(X509 *a); + +int X509_issuer_name_cmp(const X509 *a, const X509 *b); +unsigned long X509_issuer_name_hash(X509 *a); + +int X509_subject_name_cmp(const X509 *a, const X509 *b); +unsigned long X509_subject_name_hash(X509 *x); + +# ifndef OPENSSL_NO_MD5 +unsigned long X509_issuer_name_hash_old(X509 *a); +unsigned long X509_subject_name_hash_old(X509 *x); +# endif + +int X509_cmp(const X509 *a, const X509 *b); +int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b); +unsigned long X509_NAME_hash(X509_NAME *x); +unsigned long X509_NAME_hash_old(X509_NAME *x); + +int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b); +int X509_CRL_match(const X509_CRL *a, const X509_CRL *b); +int X509_aux_print(BIO *out, X509 *x, int indent); +# ifndef OPENSSL_NO_STDIO +int X509_print_ex_fp(FILE *bp, X509 *x, unsigned long nmflag, + unsigned long cflag); +int X509_print_fp(FILE *bp, X509 *x); +int X509_CRL_print_fp(FILE *bp, X509_CRL *x); +int X509_REQ_print_fp(FILE *bp, X509_REQ *req); +int X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, int indent, + unsigned long flags); +# endif + +int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase); +int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent, + unsigned long flags); +int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflag, + unsigned long cflag); +int X509_print(BIO *bp, X509 *x); +int X509_ocspid_print(BIO *bp, X509 *x); +int X509_CRL_print_ex(BIO *out, X509_CRL *x, unsigned long nmflag); +int X509_CRL_print(BIO *bp, X509_CRL *x); +int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag, + unsigned long cflag); +int X509_REQ_print(BIO *bp, X509_REQ *req); + +int X509_NAME_entry_count(const X509_NAME *name); +int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len); +int X509_NAME_get_text_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, + char *buf, int len); + +/* + * NOTE: you should be passing -1, not 0 as lastpos. The functions that use + * lastpos, search after that position on. + */ +int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos); +int X509_NAME_get_index_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, + int lastpos); +X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc); +X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc); +int X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *ne, + int loc, int set); +int X509_NAME_add_entry_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, int len, int loc, + int set); +int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, + const unsigned char *bytes, int len, int loc, + int set); +X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, + const char *field, int type, + const unsigned char *bytes, + int len); +X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, + int type, + const unsigned char *bytes, + int len); +int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, + const unsigned char *bytes, int len, int loc, + int set); +X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, + const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, + int len); +int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, const ASN1_OBJECT *obj); +int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, + const unsigned char *bytes, int len); +ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne); +ASN1_STRING * X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne); +int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne); + +int X509_NAME_get0_der(X509_NAME *nm, const unsigned char **pder, + size_t *pderlen); + +int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x); +int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, + int nid, int lastpos); +int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x, + const ASN1_OBJECT *obj, int lastpos); +int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x, + int crit, int lastpos); +X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc); +X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc); +STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, + X509_EXTENSION *ex, int loc); + +int X509_get_ext_count(const X509 *x); +int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos); +int X509_get_ext_by_OBJ(const X509 *x, const ASN1_OBJECT *obj, int lastpos); +int X509_get_ext_by_critical(const X509 *x, int crit, int lastpos); +X509_EXTENSION *X509_get_ext(const X509 *x, int loc); +X509_EXTENSION *X509_delete_ext(X509 *x, int loc); +int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc); +void *X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx); +int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, + unsigned long flags); + +int X509_CRL_get_ext_count(const X509_CRL *x); +int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, int lastpos); +int X509_CRL_get_ext_by_OBJ(const X509_CRL *x, const ASN1_OBJECT *obj, + int lastpos); +int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit, int lastpos); +X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc); +X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc); +int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc); +void *X509_CRL_get_ext_d2i(const X509_CRL *x, int nid, int *crit, int *idx); +int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit, + unsigned long flags); + +int X509_REVOKED_get_ext_count(const X509_REVOKED *x); +int X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid, int lastpos); +int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x, const ASN1_OBJECT *obj, + int lastpos); +int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x, int crit, + int lastpos); +X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc); +X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc); +int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc); +void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *x, int nid, int *crit, + int *idx); +int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit, + unsigned long flags); + +X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, + int nid, int crit, + ASN1_OCTET_STRING *data); +X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex, + const ASN1_OBJECT *obj, int crit, + ASN1_OCTET_STRING *data); +int X509_EXTENSION_set_object(X509_EXTENSION *ex, const ASN1_OBJECT *obj); +int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit); +int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data); +ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex); +ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne); +int X509_EXTENSION_get_critical(const X509_EXTENSION *ex); + +int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x); +int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid, + int lastpos); +int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, + const ASN1_OBJECT *obj, int lastpos); +X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc); +X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc); +STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, + X509_ATTRIBUTE *attr); +STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) + **x, const ASN1_OBJECT *obj, + int type, + const unsigned char *bytes, + int len); +STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) + **x, int nid, int type, + const unsigned char *bytes, + int len); +STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) + **x, const char *attrname, + int type, + const unsigned char *bytes, + int len); +void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x, + const ASN1_OBJECT *obj, int lastpos, int type); +X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid, + int atrtype, const void *data, + int len); +X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr, + const ASN1_OBJECT *obj, + int atrtype, const void *data, + int len); +X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr, + const char *atrname, int type, + const unsigned char *bytes, + int len); +int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj); +int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, + const void *data, int len); +void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, int atrtype, + void *data); +int X509_ATTRIBUTE_count(const X509_ATTRIBUTE *attr); +ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr); +ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx); + +int EVP_PKEY_get_attr_count(const EVP_PKEY *key); +int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, int lastpos); +int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, const ASN1_OBJECT *obj, + int lastpos); +X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc); +X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc); +int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr); +int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key, + const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, int len); +int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key, + int nid, int type, + const unsigned char *bytes, int len); +int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key, + const char *attrname, int type, + const unsigned char *bytes, int len); + +int X509_verify_cert(X509_STORE_CTX *ctx); + +/* lookup a cert from a X509 STACK */ +X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name, + ASN1_INTEGER *serial); +X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name); + +DECLARE_ASN1_FUNCTIONS(PBEPARAM) +DECLARE_ASN1_FUNCTIONS(PBE2PARAM) +DECLARE_ASN1_FUNCTIONS(PBKDF2PARAM) +#ifndef OPENSSL_NO_SCRYPT +DECLARE_ASN1_FUNCTIONS(SCRYPT_PARAMS) +#endif + +int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter, + const unsigned char *salt, int saltlen); + +X509_ALGOR *PKCS5_pbe_set(int alg, int iter, + const unsigned char *salt, int saltlen); +X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, + unsigned char *salt, int saltlen); +X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, + unsigned char *salt, int saltlen, + unsigned char *aiv, int prf_nid); + +#ifndef OPENSSL_NO_SCRYPT +X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher, + const unsigned char *salt, int saltlen, + unsigned char *aiv, uint64_t N, uint64_t r, + uint64_t p); +#endif + +X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, + int prf_nid, int keylen); + +/* PKCS#8 utilities */ + +DECLARE_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO) + +EVP_PKEY *EVP_PKCS82PKEY(const PKCS8_PRIV_KEY_INFO *p8); +PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(const EVP_PKEY *pkey); + +int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj, + int version, int ptype, void *pval, + unsigned char *penc, int penclen); +int PKCS8_pkey_get0(const ASN1_OBJECT **ppkalg, + const unsigned char **pk, int *ppklen, + const X509_ALGOR **pa, const PKCS8_PRIV_KEY_INFO *p8); + +const STACK_OF(X509_ATTRIBUTE) * +PKCS8_pkey_get0_attrs(const PKCS8_PRIV_KEY_INFO *p8); +int PKCS8_pkey_add1_attr(PKCS8_PRIV_KEY_INFO *p8, X509_ATTRIBUTE *attr); +int PKCS8_pkey_add1_attr_by_NID(PKCS8_PRIV_KEY_INFO *p8, int nid, int type, + const unsigned char *bytes, int len); +int PKCS8_pkey_add1_attr_by_OBJ(PKCS8_PRIV_KEY_INFO *p8, const ASN1_OBJECT *obj, + int type, const unsigned char *bytes, int len); + + +int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj, + int ptype, void *pval, + unsigned char *penc, int penclen); +int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, + const unsigned char **pk, int *ppklen, + X509_ALGOR **pa, X509_PUBKEY *pub); + +int X509_check_trust(X509 *x, int id, int flags); +int X509_TRUST_get_count(void); +X509_TRUST *X509_TRUST_get0(int idx); +int X509_TRUST_get_by_id(int id); +int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int), + const char *name, int arg1, void *arg2); +void X509_TRUST_cleanup(void); +int X509_TRUST_get_flags(const X509_TRUST *xp); +char *X509_TRUST_get0_name(const X509_TRUST *xp); +int X509_TRUST_get_trust(const X509_TRUST *xp); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/linux_amd64/ssl/include/openssl/x509_vfy.h b/linux_amd64/ssl/include/openssl/x509_vfy.h new file mode 100644 index 0000000..75529b2 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/x509_vfy.h @@ -0,0 +1,652 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_X509_VFY_H +# define OPENSSL_X509_VFY_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_X509_VFY_H +# endif + +/* + * Protect against recursion, x509.h and x509_vfy.h each include the other. + */ +# ifndef OPENSSL_X509_H +# include +# endif + +# include +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/*- +SSL_CTX -> X509_STORE + -> X509_LOOKUP + ->X509_LOOKUP_METHOD + -> X509_LOOKUP + ->X509_LOOKUP_METHOD + +SSL -> X509_STORE_CTX + ->X509_STORE + +The X509_STORE holds the tables etc for verification stuff. +A X509_STORE_CTX is used while validating a single certificate. +The X509_STORE has X509_LOOKUPs for looking up certs. +The X509_STORE then calls a function to actually verify the +certificate chain. +*/ + +typedef enum { + X509_LU_NONE = 0, + X509_LU_X509, X509_LU_CRL +} X509_LOOKUP_TYPE; + +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +#define X509_LU_RETRY -1 +#define X509_LU_FAIL 0 +#endif + +DEFINE_STACK_OF(X509_LOOKUP) +DEFINE_STACK_OF(X509_OBJECT) +DEFINE_STACK_OF(X509_VERIFY_PARAM) + +int X509_STORE_set_depth(X509_STORE *store, int depth); + +typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *); +int X509_STORE_CTX_print_verify_cb(int ok, X509_STORE_CTX *ctx); +typedef int (*X509_STORE_CTX_verify_fn)(X509_STORE_CTX *); +typedef int (*X509_STORE_CTX_get_issuer_fn)(X509 **issuer, + X509_STORE_CTX *ctx, X509 *x); +typedef int (*X509_STORE_CTX_check_issued_fn)(X509_STORE_CTX *ctx, + X509 *x, X509 *issuer); +typedef int (*X509_STORE_CTX_check_revocation_fn)(X509_STORE_CTX *ctx); +typedef int (*X509_STORE_CTX_get_crl_fn)(X509_STORE_CTX *ctx, + X509_CRL **crl, X509 *x); +typedef int (*X509_STORE_CTX_check_crl_fn)(X509_STORE_CTX *ctx, X509_CRL *crl); +typedef int (*X509_STORE_CTX_cert_crl_fn)(X509_STORE_CTX *ctx, + X509_CRL *crl, X509 *x); +typedef int (*X509_STORE_CTX_check_policy_fn)(X509_STORE_CTX *ctx); +typedef STACK_OF(X509) *(*X509_STORE_CTX_lookup_certs_fn)(X509_STORE_CTX *ctx, + X509_NAME *nm); +typedef STACK_OF(X509_CRL) *(*X509_STORE_CTX_lookup_crls_fn)(X509_STORE_CTX *ctx, + X509_NAME *nm); +typedef int (*X509_STORE_CTX_cleanup_fn)(X509_STORE_CTX *ctx); + + +void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); + +# define X509_STORE_CTX_set_app_data(ctx,data) \ + X509_STORE_CTX_set_ex_data(ctx,0,data) +# define X509_STORE_CTX_get_app_data(ctx) \ + X509_STORE_CTX_get_ex_data(ctx,0) + +# define X509_L_FILE_LOAD 1 +# define X509_L_ADD_DIR 2 +# define X509_L_ADD_STORE 3 +# define X509_L_LOAD_STORE 4 + +# define X509_LOOKUP_load_file(x,name,type) \ + X509_LOOKUP_ctrl((x),X509_L_FILE_LOAD,(name),(long)(type),NULL) + +# define X509_LOOKUP_add_dir(x,name,type) \ + X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL) + +# define X509_LOOKUP_add_store(x,name) \ + X509_LOOKUP_ctrl((x),X509_L_ADD_STORE,(name),0,NULL) + +# define X509_LOOKUP_load_store(x,name) \ + X509_LOOKUP_ctrl((x),X509_L_LOAD_STORE,(name),0,NULL) + +# define X509_V_OK 0 +# define X509_V_ERR_UNSPECIFIED 1 +# define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2 +# define X509_V_ERR_UNABLE_TO_GET_CRL 3 +# define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4 +# define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE 5 +# define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6 +# define X509_V_ERR_CERT_SIGNATURE_FAILURE 7 +# define X509_V_ERR_CRL_SIGNATURE_FAILURE 8 +# define X509_V_ERR_CERT_NOT_YET_VALID 9 +# define X509_V_ERR_CERT_HAS_EXPIRED 10 +# define X509_V_ERR_CRL_NOT_YET_VALID 11 +# define X509_V_ERR_CRL_HAS_EXPIRED 12 +# define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD 13 +# define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD 14 +# define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD 15 +# define X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD 16 +# define X509_V_ERR_OUT_OF_MEM 17 +# define X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT 18 +# define X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN 19 +# define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY 20 +# define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21 +# define X509_V_ERR_CERT_CHAIN_TOO_LONG 22 +# define X509_V_ERR_CERT_REVOKED 23 +# define X509_V_ERR_INVALID_CA 24 +# define X509_V_ERR_PATH_LENGTH_EXCEEDED 25 +# define X509_V_ERR_INVALID_PURPOSE 26 +# define X509_V_ERR_CERT_UNTRUSTED 27 +# define X509_V_ERR_CERT_REJECTED 28 +/* These are 'informational' when looking for issuer cert */ +# define X509_V_ERR_SUBJECT_ISSUER_MISMATCH 29 +# define X509_V_ERR_AKID_SKID_MISMATCH 30 +# define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH 31 +# define X509_V_ERR_KEYUSAGE_NO_CERTSIGN 32 +# define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33 +# define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34 +# define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35 +# define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36 +# define X509_V_ERR_INVALID_NON_CA 37 +# define X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED 38 +# define X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE 39 +# define X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED 40 +# define X509_V_ERR_INVALID_EXTENSION 41 +# define X509_V_ERR_INVALID_POLICY_EXTENSION 42 +# define X509_V_ERR_NO_EXPLICIT_POLICY 43 +# define X509_V_ERR_DIFFERENT_CRL_SCOPE 44 +# define X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE 45 +# define X509_V_ERR_UNNESTED_RESOURCE 46 +# define X509_V_ERR_PERMITTED_VIOLATION 47 +# define X509_V_ERR_EXCLUDED_VIOLATION 48 +# define X509_V_ERR_SUBTREE_MINMAX 49 +/* The application is not happy */ +# define X509_V_ERR_APPLICATION_VERIFICATION 50 +# define X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE 51 +# define X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX 52 +# define X509_V_ERR_UNSUPPORTED_NAME_SYNTAX 53 +# define X509_V_ERR_CRL_PATH_VALIDATION_ERROR 54 +/* Another issuer check debug option */ +# define X509_V_ERR_PATH_LOOP 55 +/* Suite B mode algorithm violation */ +# define X509_V_ERR_SUITE_B_INVALID_VERSION 56 +# define X509_V_ERR_SUITE_B_INVALID_ALGORITHM 57 +# define X509_V_ERR_SUITE_B_INVALID_CURVE 58 +# define X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM 59 +# define X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED 60 +# define X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 61 +/* Host, email and IP check errors */ +# define X509_V_ERR_HOSTNAME_MISMATCH 62 +# define X509_V_ERR_EMAIL_MISMATCH 63 +# define X509_V_ERR_IP_ADDRESS_MISMATCH 64 +/* DANE TLSA errors */ +# define X509_V_ERR_DANE_NO_MATCH 65 +/* security level errors */ +# define X509_V_ERR_EE_KEY_TOO_SMALL 66 +# define X509_V_ERR_CA_KEY_TOO_SMALL 67 +# define X509_V_ERR_CA_MD_TOO_WEAK 68 +/* Caller error */ +# define X509_V_ERR_INVALID_CALL 69 +/* Issuer lookup error */ +# define X509_V_ERR_STORE_LOOKUP 70 +/* Certificate transparency */ +# define X509_V_ERR_NO_VALID_SCTS 71 + +# define X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION 72 +/* OCSP status errors */ +# define X509_V_ERR_OCSP_VERIFY_NEEDED 73 /* Need OCSP verification */ +# define X509_V_ERR_OCSP_VERIFY_FAILED 74 /* Couldn't verify cert through OCSP */ +# define X509_V_ERR_OCSP_CERT_UNKNOWN 75 /* Certificate wasn't recognized by the OCSP responder */ + +# define X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH 76 +# define X509_V_ERR_NO_ISSUER_PUBLIC_KEY 77 + + +/* Certificate verify flags */ + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define X509_V_FLAG_CB_ISSUER_CHECK 0x0 /* Deprecated */ +# endif +/* Use check time instead of current time */ +# define X509_V_FLAG_USE_CHECK_TIME 0x2 +/* Lookup CRLs */ +# define X509_V_FLAG_CRL_CHECK 0x4 +/* Lookup CRLs for whole chain */ +# define X509_V_FLAG_CRL_CHECK_ALL 0x8 +/* Ignore unhandled critical extensions */ +# define X509_V_FLAG_IGNORE_CRITICAL 0x10 +/* Disable workarounds for broken certificates */ +# define X509_V_FLAG_X509_STRICT 0x20 +/* Enable proxy certificate validation */ +# define X509_V_FLAG_ALLOW_PROXY_CERTS 0x40 +/* Enable policy checking */ +# define X509_V_FLAG_POLICY_CHECK 0x80 +/* Policy variable require-explicit-policy */ +# define X509_V_FLAG_EXPLICIT_POLICY 0x100 +/* Policy variable inhibit-any-policy */ +# define X509_V_FLAG_INHIBIT_ANY 0x200 +/* Policy variable inhibit-policy-mapping */ +# define X509_V_FLAG_INHIBIT_MAP 0x400 +/* Notify callback that policy is OK */ +# define X509_V_FLAG_NOTIFY_POLICY 0x800 +/* Extended CRL features such as indirect CRLs, alternate CRL signing keys */ +# define X509_V_FLAG_EXTENDED_CRL_SUPPORT 0x1000 +/* Delta CRL support */ +# define X509_V_FLAG_USE_DELTAS 0x2000 +/* Check self-signed CA signature */ +# define X509_V_FLAG_CHECK_SS_SIGNATURE 0x4000 +/* Use trusted store first */ +# define X509_V_FLAG_TRUSTED_FIRST 0x8000 +/* Suite B 128 bit only mode: not normally used */ +# define X509_V_FLAG_SUITEB_128_LOS_ONLY 0x10000 +/* Suite B 192 bit only mode */ +# define X509_V_FLAG_SUITEB_192_LOS 0x20000 +/* Suite B 128 bit mode allowing 192 bit algorithms */ +# define X509_V_FLAG_SUITEB_128_LOS 0x30000 +/* Allow partial chains if at least one certificate is in trusted store */ +# define X509_V_FLAG_PARTIAL_CHAIN 0x80000 +/* + * If the initial chain is not trusted, do not attempt to build an alternative + * chain. Alternate chain checking was introduced in 1.1.0. Setting this flag + * will force the behaviour to match that of previous versions. + */ +# define X509_V_FLAG_NO_ALT_CHAINS 0x100000 +/* Do not check certificate/CRL validity against current time */ +# define X509_V_FLAG_NO_CHECK_TIME 0x200000 + +# define X509_VP_FLAG_DEFAULT 0x1 +# define X509_VP_FLAG_OVERWRITE 0x2 +# define X509_VP_FLAG_RESET_FLAGS 0x4 +# define X509_VP_FLAG_LOCKED 0x8 +# define X509_VP_FLAG_ONCE 0x10 + +/* Internal use: mask of policy related options */ +# define X509_V_FLAG_POLICY_MASK (X509_V_FLAG_POLICY_CHECK \ + | X509_V_FLAG_EXPLICIT_POLICY \ + | X509_V_FLAG_INHIBIT_ANY \ + | X509_V_FLAG_INHIBIT_MAP) + +int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type, + X509_NAME *name); +X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, + X509_LOOKUP_TYPE type, + X509_NAME *name); +X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, + X509_OBJECT *x); +int X509_OBJECT_up_ref_count(X509_OBJECT *a); +X509_OBJECT *X509_OBJECT_new(void); +void X509_OBJECT_free(X509_OBJECT *a); +X509_LOOKUP_TYPE X509_OBJECT_get_type(const X509_OBJECT *a); +X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a); +int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj); +X509_CRL *X509_OBJECT_get0_X509_CRL(X509_OBJECT *a); +int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj); +X509_STORE *X509_STORE_new(void); +void X509_STORE_free(X509_STORE *v); +int X509_STORE_lock(X509_STORE *ctx); +int X509_STORE_unlock(X509_STORE *ctx); +int X509_STORE_up_ref(X509_STORE *v); + +STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *v); +STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *st); +STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *st, X509_NAME *nm); +STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(X509_STORE_CTX *st, X509_NAME *nm); +int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags); +int X509_STORE_set_purpose(X509_STORE *ctx, int purpose); +int X509_STORE_set_trust(X509_STORE *ctx, int trust); +int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm); +X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx); + +void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify); +#define X509_STORE_set_verify_func(ctx, func) \ + X509_STORE_set_verify((ctx),(func)) +void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, + X509_STORE_CTX_verify_fn verify); +X509_STORE_CTX_verify_fn X509_STORE_get_verify(X509_STORE *ctx); +void X509_STORE_set_verify_cb(X509_STORE *ctx, + X509_STORE_CTX_verify_cb verify_cb); +# define X509_STORE_set_verify_cb_func(ctx,func) \ + X509_STORE_set_verify_cb((ctx),(func)) +X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(X509_STORE *ctx); +void X509_STORE_set_get_issuer(X509_STORE *ctx, + X509_STORE_CTX_get_issuer_fn get_issuer); +X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(X509_STORE *ctx); +void X509_STORE_set_check_issued(X509_STORE *ctx, + X509_STORE_CTX_check_issued_fn check_issued); +X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(X509_STORE *ctx); +void X509_STORE_set_check_revocation(X509_STORE *ctx, + X509_STORE_CTX_check_revocation_fn check_revocation); +X509_STORE_CTX_check_revocation_fn X509_STORE_get_check_revocation(X509_STORE *ctx); +void X509_STORE_set_get_crl(X509_STORE *ctx, + X509_STORE_CTX_get_crl_fn get_crl); +X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(X509_STORE *ctx); +void X509_STORE_set_check_crl(X509_STORE *ctx, + X509_STORE_CTX_check_crl_fn check_crl); +X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(X509_STORE *ctx); +void X509_STORE_set_cert_crl(X509_STORE *ctx, + X509_STORE_CTX_cert_crl_fn cert_crl); +X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(X509_STORE *ctx); +void X509_STORE_set_check_policy(X509_STORE *ctx, + X509_STORE_CTX_check_policy_fn check_policy); +X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(X509_STORE *ctx); +void X509_STORE_set_lookup_certs(X509_STORE *ctx, + X509_STORE_CTX_lookup_certs_fn lookup_certs); +X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(X509_STORE *ctx); +void X509_STORE_set_lookup_crls(X509_STORE *ctx, + X509_STORE_CTX_lookup_crls_fn lookup_crls); +#define X509_STORE_set_lookup_crls_cb(ctx, func) \ + X509_STORE_set_lookup_crls((ctx), (func)) +X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(X509_STORE *ctx); +void X509_STORE_set_cleanup(X509_STORE *ctx, + X509_STORE_CTX_cleanup_fn cleanup); +X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(X509_STORE *ctx); + +#define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, l, p, newf, dupf, freef) +int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data); +void *X509_STORE_get_ex_data(X509_STORE *ctx, int idx); + +X509_STORE_CTX *X509_STORE_CTX_new(void); + +int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); + +void X509_STORE_CTX_free(X509_STORE_CTX *ctx); +int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, + X509 *x509, STACK_OF(X509) *chain); +void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); +void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx); + +X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx); +X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx); +STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx); +void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); +void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, + X509_STORE_CTX_verify_cb verify); +X509_STORE_CTX_verify_cb X509_STORE_CTX_get_verify_cb(X509_STORE_CTX *ctx); +X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx); +X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(X509_STORE_CTX *ctx); +X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(X509_STORE_CTX *ctx); +X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(X509_STORE_CTX *ctx); +X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(X509_STORE_CTX *ctx); +X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(X509_STORE_CTX *ctx); +X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(X509_STORE_CTX *ctx); +X509_STORE_CTX_check_policy_fn X509_STORE_CTX_get_check_policy(X509_STORE_CTX *ctx); +X509_STORE_CTX_lookup_certs_fn X509_STORE_CTX_get_lookup_certs(X509_STORE_CTX *ctx); +X509_STORE_CTX_lookup_crls_fn X509_STORE_CTX_get_lookup_crls(X509_STORE_CTX *ctx); +X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(X509_STORE_CTX *ctx); + +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define X509_STORE_CTX_get_chain X509_STORE_CTX_get0_chain +# define X509_STORE_CTX_set_chain X509_STORE_CTX_set0_untrusted +# define X509_STORE_CTX_trusted_stack X509_STORE_CTX_set0_trusted_stack +# define X509_STORE_get_by_subject X509_STORE_CTX_get_by_subject +# define X509_STORE_get1_certs X509_STORE_CTX_get1_certs +# define X509_STORE_get1_crls X509_STORE_CTX_get1_crls +/* the following macro is misspelled; use X509_STORE_get1_certs instead */ +# define X509_STORE_get1_cert X509_STORE_CTX_get1_certs +/* the following macro is misspelled; use X509_STORE_get1_crls instead */ +# define X509_STORE_get1_crl X509_STORE_CTX_get1_crls +#endif + +X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m); +X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void); +X509_LOOKUP_METHOD *X509_LOOKUP_file(void); +X509_LOOKUP_METHOD *X509_LOOKUP_store(void); + +typedef int (*X509_LOOKUP_ctrl_fn)(X509_LOOKUP *ctx, int cmd, const char *argc, + long argl, char **ret); +typedef int (*X509_LOOKUP_get_by_subject_fn)(X509_LOOKUP *ctx, + X509_LOOKUP_TYPE type, + X509_NAME *name, + X509_OBJECT *ret); +typedef int (*X509_LOOKUP_get_by_issuer_serial_fn)(X509_LOOKUP *ctx, + X509_LOOKUP_TYPE type, + X509_NAME *name, + ASN1_INTEGER *serial, + X509_OBJECT *ret); +typedef int (*X509_LOOKUP_get_by_fingerprint_fn)(X509_LOOKUP *ctx, + X509_LOOKUP_TYPE type, + const unsigned char* bytes, + int len, + X509_OBJECT *ret); +typedef int (*X509_LOOKUP_get_by_alias_fn)(X509_LOOKUP *ctx, + X509_LOOKUP_TYPE type, + const char *str, + int len, + X509_OBJECT *ret); + +X509_LOOKUP_METHOD *X509_LOOKUP_meth_new(const char *name); +void X509_LOOKUP_meth_free(X509_LOOKUP_METHOD *method); + +int X509_LOOKUP_meth_set_new_item(X509_LOOKUP_METHOD *method, + int (*new_item) (X509_LOOKUP *ctx)); +int (*X509_LOOKUP_meth_get_new_item(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx); + +int X509_LOOKUP_meth_set_free(X509_LOOKUP_METHOD *method, + void (*free_fn) (X509_LOOKUP *ctx)); +void (*X509_LOOKUP_meth_get_free(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx); + +int X509_LOOKUP_meth_set_init(X509_LOOKUP_METHOD *method, + int (*init) (X509_LOOKUP *ctx)); +int (*X509_LOOKUP_meth_get_init(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx); + +int X509_LOOKUP_meth_set_shutdown(X509_LOOKUP_METHOD *method, + int (*shutdown) (X509_LOOKUP *ctx)); +int (*X509_LOOKUP_meth_get_shutdown(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx); + +int X509_LOOKUP_meth_set_ctrl(X509_LOOKUP_METHOD *method, + X509_LOOKUP_ctrl_fn ctrl_fn); +X509_LOOKUP_ctrl_fn X509_LOOKUP_meth_get_ctrl(const X509_LOOKUP_METHOD *method); + +int X509_LOOKUP_meth_set_get_by_subject(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_subject_fn fn); +X509_LOOKUP_get_by_subject_fn X509_LOOKUP_meth_get_get_by_subject( + const X509_LOOKUP_METHOD *method); + +int X509_LOOKUP_meth_set_get_by_issuer_serial(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_issuer_serial_fn fn); +X509_LOOKUP_get_by_issuer_serial_fn X509_LOOKUP_meth_get_get_by_issuer_serial( + const X509_LOOKUP_METHOD *method); + +int X509_LOOKUP_meth_set_get_by_fingerprint(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_fingerprint_fn fn); +X509_LOOKUP_get_by_fingerprint_fn X509_LOOKUP_meth_get_get_by_fingerprint( + const X509_LOOKUP_METHOD *method); + +int X509_LOOKUP_meth_set_get_by_alias(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_alias_fn fn); +X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias( + const X509_LOOKUP_METHOD *method); + + +int X509_STORE_add_cert(X509_STORE *ctx, X509 *x); +int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x); + +int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type, + X509_NAME *name, X509_OBJECT *ret); +X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *vs, + X509_LOOKUP_TYPE type, + X509_NAME *name); + +int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, + long argl, char **ret); + +int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type); +int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type); +int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type); + +X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method); +void X509_LOOKUP_free(X509_LOOKUP *ctx); +int X509_LOOKUP_init(X509_LOOKUP *ctx); +int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, + X509_NAME *name, X509_OBJECT *ret); +int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, + X509_NAME *name, ASN1_INTEGER *serial, + X509_OBJECT *ret); +int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, + const unsigned char *bytes, int len, + X509_OBJECT *ret); +int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, + const char *str, int len, X509_OBJECT *ret); +int X509_LOOKUP_set_method_data(X509_LOOKUP *ctx, void *data); +void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx); +X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx); +int X509_LOOKUP_shutdown(X509_LOOKUP *ctx); + +int X509_STORE_load_file(X509_STORE *ctx, const char *file); +int X509_STORE_load_path(X509_STORE *ctx, const char *path); +int X509_STORE_load_store(X509_STORE *ctx, const char *store); +DEPRECATEDIN_3_0(int X509_STORE_load_locations(X509_STORE *ctx, const char *file, + const char *dir)) +int X509_STORE_set_default_paths(X509_STORE *ctx); + +#define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, l, p, newf, dupf, freef) +int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data); +void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx); +int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); +void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s); +int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); +void X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth); +X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); +void X509_STORE_CTX_set_current_cert(X509_STORE_CTX *ctx, X509 *x); +X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx); +X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx); +X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx); +STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx); +STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx); +void X509_STORE_CTX_set_cert(X509_STORE_CTX *c, X509 *x); +void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk); +void X509_STORE_CTX_set0_crls(X509_STORE_CTX *c, STACK_OF(X509_CRL) *sk); +int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose); +int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust); +int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, + int purpose, int trust); +void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags); +void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, + time_t t); + +X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx); +int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx); +int X509_STORE_CTX_get_num_untrusted(X509_STORE_CTX *ctx); + +X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx); +void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param); +int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name); + +/* + * Bridge opacity barrier between libcrypt and libssl, also needed to support + * offline testing in test/danetest.c + */ +void X509_STORE_CTX_set0_dane(X509_STORE_CTX *ctx, SSL_DANE *dane); +#define DANE_FLAG_NO_DANE_EE_NAMECHECKS (1L << 0) + +/* X509_VERIFY_PARAM functions */ + +X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void); +void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param); +int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *to, + const X509_VERIFY_PARAM *from); +int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to, + const X509_VERIFY_PARAM *from); +int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name); +int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, + unsigned long flags); +int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param, + unsigned long flags); +unsigned long X509_VERIFY_PARAM_get_flags(const X509_VERIFY_PARAM *param); +int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose); +int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust); +void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth); +void X509_VERIFY_PARAM_set_auth_level(X509_VERIFY_PARAM *param, int auth_level); +time_t X509_VERIFY_PARAM_get_time(const X509_VERIFY_PARAM *param); +void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t); +int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, + ASN1_OBJECT *policy); +int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, + STACK_OF(ASN1_OBJECT) *policies); + +int X509_VERIFY_PARAM_set_inh_flags(X509_VERIFY_PARAM *param, + uint32_t flags); +uint32_t X509_VERIFY_PARAM_get_inh_flags(const X509_VERIFY_PARAM *param); + +int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, + const char *name, size_t namelen); +int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param, + const char *name, size_t namelen); +void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, + unsigned int flags); +unsigned int X509_VERIFY_PARAM_get_hostflags(const X509_VERIFY_PARAM *param); +char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *); +void X509_VERIFY_PARAM_move_peername(X509_VERIFY_PARAM *, X509_VERIFY_PARAM *); +int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, + const char *email, size_t emaillen); +int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param, + const unsigned char *ip, size_t iplen); +int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, + const char *ipasc); + +int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param); +int X509_VERIFY_PARAM_get_auth_level(const X509_VERIFY_PARAM *param); +const char *X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM *param); + +int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param); +int X509_VERIFY_PARAM_get_count(void); +const X509_VERIFY_PARAM *X509_VERIFY_PARAM_get0(int id); +const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name); +void X509_VERIFY_PARAM_table_cleanup(void); + +/* Non positive return values are errors */ +#define X509_PCY_TREE_FAILURE -2 /* Failure to satisfy explicit policy */ +#define X509_PCY_TREE_INVALID -1 /* Inconsistent or invalid extensions */ +#define X509_PCY_TREE_INTERNAL 0 /* Internal error, most likely malloc */ + +/* + * Positive return values form a bit mask, all but the first are internal to + * the library and don't appear in results from X509_policy_check(). + */ +#define X509_PCY_TREE_VALID 1 /* The policy tree is valid */ +#define X509_PCY_TREE_EMPTY 2 /* The policy tree is empty */ +#define X509_PCY_TREE_EXPLICIT 4 /* Explicit policy required */ + +int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy, + STACK_OF(X509) *certs, + STACK_OF(ASN1_OBJECT) *policy_oids, unsigned int flags); + +void X509_policy_tree_free(X509_POLICY_TREE *tree); + +int X509_policy_tree_level_count(const X509_POLICY_TREE *tree); +X509_POLICY_LEVEL *X509_policy_tree_get0_level(const X509_POLICY_TREE *tree, + int i); + +STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_policies(const + X509_POLICY_TREE + *tree); + +STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_user_policies(const + X509_POLICY_TREE + *tree); + +int X509_policy_level_node_count(X509_POLICY_LEVEL *level); + +X509_POLICY_NODE *X509_policy_level_get0_node(X509_POLICY_LEVEL *level, + int i); + +const ASN1_OBJECT *X509_policy_node_get0_policy(const X509_POLICY_NODE *node); + +STACK_OF(POLICYQUALINFO) *X509_policy_node_get0_qualifiers(const + X509_POLICY_NODE + *node); +const X509_POLICY_NODE *X509_policy_node_get0_parent(const X509_POLICY_NODE + *node); + +#ifdef __cplusplus +} +#endif +#endif diff --git a/linux_amd64/ssl/include/openssl/x509err.h b/linux_amd64/ssl/include/openssl/x509err.h new file mode 100644 index 0000000..2653870 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/x509err.h @@ -0,0 +1,144 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_X509ERR_H +# define OPENSSL_X509ERR_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_X509ERR_H +# endif + +# include +# include + + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_X509_strings(void); + +/* + * X509 function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define X509_F_ADD_CERT_DIR 0 +# define X509_F_BUILD_CHAIN 0 +# define X509_F_BY_FILE_CTRL 0 +# define X509_F_CHECK_NAME_CONSTRAINTS 0 +# define X509_F_CHECK_POLICY 0 +# define X509_F_COMMON_VERIFY_SM2 0 +# define X509_F_DANE_I2D 0 +# define X509_F_DIR_CTRL 0 +# define X509_F_GET_CERT_BY_SUBJECT 0 +# define X509_F_I2D_X509_AUX 0 +# define X509_F_LOOKUP_CERTS_SK 0 +# define X509_F_NETSCAPE_SPKI_B64_DECODE 0 +# define X509_F_NETSCAPE_SPKI_B64_ENCODE 0 +# define X509_F_NEW_DIR 0 +# define X509_F_X509AT_ADD1_ATTR 0 +# define X509_F_X509V3_ADD_EXT 0 +# define X509_F_X509_ATTRIBUTE_CREATE_BY_NID 0 +# define X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ 0 +# define X509_F_X509_ATTRIBUTE_CREATE_BY_TXT 0 +# define X509_F_X509_ATTRIBUTE_GET0_DATA 0 +# define X509_F_X509_ATTRIBUTE_SET1_DATA 0 +# define X509_F_X509_CHECK_PRIVATE_KEY 0 +# define X509_F_X509_CRL_DIFF 0 +# define X509_F_X509_CRL_METHOD_NEW 0 +# define X509_F_X509_CRL_PRINT_FP 0 +# define X509_F_X509_EXTENSION_CREATE_BY_NID 0 +# define X509_F_X509_EXTENSION_CREATE_BY_OBJ 0 +# define X509_F_X509_GET_PUBKEY_PARAMETERS 0 +# define X509_F_X509_LOAD_CERT_CRL_FILE 0 +# define X509_F_X509_LOAD_CERT_FILE 0 +# define X509_F_X509_LOAD_CRL_FILE 0 +# define X509_F_X509_LOOKUP_METH_NEW 0 +# define X509_F_X509_LOOKUP_NEW 0 +# define X509_F_X509_NAME_ADD_ENTRY 0 +# define X509_F_X509_NAME_CANON 0 +# define X509_F_X509_NAME_ENTRY_CREATE_BY_NID 0 +# define X509_F_X509_NAME_ENTRY_CREATE_BY_TXT 0 +# define X509_F_X509_NAME_ENTRY_SET_OBJECT 0 +# define X509_F_X509_NAME_ONELINE 0 +# define X509_F_X509_NAME_PRINT 0 +# define X509_F_X509_OBJECT_NEW 0 +# define X509_F_X509_PRINT_EX_FP 0 +# define X509_F_X509_PUBKEY_DECODE 0 +# define X509_F_X509_PUBKEY_GET0 0 +# define X509_F_X509_PUBKEY_SET 0 +# define X509_F_X509_REQ_CHECK_PRIVATE_KEY 0 +# define X509_F_X509_REQ_PRINT_EX 0 +# define X509_F_X509_REQ_PRINT_FP 0 +# define X509_F_X509_REQ_TO_X509 0 +# define X509_F_X509_REQ_VERIFY 0 +# define X509_F_X509_REQ_VERIFY_SM2 0 +# define X509_F_X509_STORE_ADD_CERT 0 +# define X509_F_X509_STORE_ADD_CRL 0 +# define X509_F_X509_STORE_ADD_LOOKUP 0 +# define X509_F_X509_STORE_CTX_GET1_ISSUER 0 +# define X509_F_X509_STORE_CTX_INIT 0 +# define X509_F_X509_STORE_CTX_NEW 0 +# define X509_F_X509_STORE_CTX_PURPOSE_INHERIT 0 +# define X509_F_X509_STORE_NEW 0 +# define X509_F_X509_TO_X509_REQ 0 +# define X509_F_X509_TRUST_ADD 0 +# define X509_F_X509_TRUST_SET 0 +# define X509_F_X509_VERIFY 0 +# define X509_F_X509_VERIFY_CERT 0 +# define X509_F_X509_VERIFY_PARAM_NEW 0 +# define X509_F_X509_VERIFY_SM2 0 +# endif + +/* + * X509 reason codes. + */ +# define X509_R_AKID_MISMATCH 110 +# define X509_R_BAD_SELECTOR 133 +# define X509_R_BAD_X509_FILETYPE 100 +# define X509_R_BASE64_DECODE_ERROR 118 +# define X509_R_CANT_CHECK_DH_KEY 114 +# define X509_R_CERT_ALREADY_IN_HASH_TABLE 101 +# define X509_R_CERTIFICATE_VERIFICATION_FAILED 139 +# define X509_R_CRL_ALREADY_DELTA 127 +# define X509_R_CRL_VERIFY_FAILURE 131 +# define X509_R_IDP_MISMATCH 128 +# define X509_R_INVALID_ATTRIBUTES 138 +# define X509_R_INVALID_DIRECTORY 113 +# define X509_R_INVALID_FIELD_NAME 119 +# define X509_R_INVALID_TRUST 123 +# define X509_R_ISSUER_MISMATCH 129 +# define X509_R_KEY_TYPE_MISMATCH 115 +# define X509_R_KEY_VALUES_MISMATCH 116 +# define X509_R_LOADING_CERT_DIR 103 +# define X509_R_LOADING_DEFAULTS 104 +# define X509_R_METHOD_NOT_SUPPORTED 124 +# define X509_R_NAME_TOO_LONG 134 +# define X509_R_NEWER_CRL_NOT_NEWER 132 +# define X509_R_NO_CERTIFICATE_FOUND 135 +# define X509_R_NO_CERTIFICATE_OR_CRL_FOUND 136 +# define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105 +# define X509_R_NO_CRL_FOUND 137 +# define X509_R_NO_CRL_NUMBER 130 +# define X509_R_PUBLIC_KEY_DECODE_ERROR 125 +# define X509_R_PUBLIC_KEY_ENCODE_ERROR 126 +# define X509_R_SHOULD_RETRY 106 +# define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN 107 +# define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY 108 +# define X509_R_UNKNOWN_KEY_TYPE 117 +# define X509_R_UNKNOWN_NID 109 +# define X509_R_UNKNOWN_PURPOSE_ID 121 +# define X509_R_UNKNOWN_TRUST_ID 120 +# define X509_R_UNSUPPORTED_ALGORITHM 111 +# define X509_R_WRONG_LOOKUP_TYPE 112 +# define X509_R_WRONG_TYPE 122 + +#endif diff --git a/linux_amd64/ssl/include/openssl/x509v3.h b/linux_amd64/ssl/include/openssl/x509v3.h new file mode 100644 index 0000000..a400486 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/x509v3.h @@ -0,0 +1,943 @@ +/* + * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_X509V3_H +# define OPENSSL_X509V3_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_X509V3_H +# endif + +# include +# include +# include +# include + +#ifdef __cplusplus +extern "C" { +#endif + +/* Forward reference */ +struct v3_ext_method; +struct v3_ext_ctx; + +/* Useful typedefs */ + +typedef void *(*X509V3_EXT_NEW)(void); +typedef void (*X509V3_EXT_FREE) (void *); +typedef void *(*X509V3_EXT_D2I)(void *, const unsigned char **, long); +typedef int (*X509V3_EXT_I2D) (const void *, unsigned char **); +typedef STACK_OF(CONF_VALUE) * + (*X509V3_EXT_I2V) (const struct v3_ext_method *method, void *ext, + STACK_OF(CONF_VALUE) *extlist); +typedef void *(*X509V3_EXT_V2I)(const struct v3_ext_method *method, + struct v3_ext_ctx *ctx, + STACK_OF(CONF_VALUE) *values); +typedef char *(*X509V3_EXT_I2S)(const struct v3_ext_method *method, + void *ext); +typedef void *(*X509V3_EXT_S2I)(const struct v3_ext_method *method, + struct v3_ext_ctx *ctx, const char *str); +typedef int (*X509V3_EXT_I2R) (const struct v3_ext_method *method, void *ext, + BIO *out, int indent); +typedef void *(*X509V3_EXT_R2I)(const struct v3_ext_method *method, + struct v3_ext_ctx *ctx, const char *str); + +/* V3 extension structure */ + +struct v3_ext_method { + int ext_nid; + int ext_flags; +/* If this is set the following four fields are ignored */ + ASN1_ITEM_EXP *it; +/* Old style ASN1 calls */ + X509V3_EXT_NEW ext_new; + X509V3_EXT_FREE ext_free; + X509V3_EXT_D2I d2i; + X509V3_EXT_I2D i2d; +/* The following pair is used for string extensions */ + X509V3_EXT_I2S i2s; + X509V3_EXT_S2I s2i; +/* The following pair is used for multi-valued extensions */ + X509V3_EXT_I2V i2v; + X509V3_EXT_V2I v2i; +/* The following are used for raw extensions */ + X509V3_EXT_I2R i2r; + X509V3_EXT_R2I r2i; + void *usr_data; /* Any extension specific data */ +}; + +typedef struct X509V3_CONF_METHOD_st { + char *(*get_string) (void *db, const char *section, const char *value); + STACK_OF(CONF_VALUE) *(*get_section) (void *db, const char *section); + void (*free_string) (void *db, char *string); + void (*free_section) (void *db, STACK_OF(CONF_VALUE) *section); +} X509V3_CONF_METHOD; + +/* Context specific info */ +struct v3_ext_ctx { +# define CTX_TEST 0x1 +# define X509V3_CTX_REPLACE 0x2 + int flags; + X509 *issuer_cert; + X509 *subject_cert; + X509_REQ *subject_req; + X509_CRL *crl; + X509V3_CONF_METHOD *db_meth; + void *db; +/* Maybe more here */ +}; + +typedef struct v3_ext_method X509V3_EXT_METHOD; + +DEFINE_STACK_OF(X509V3_EXT_METHOD) + +/* ext_flags values */ +# define X509V3_EXT_DYNAMIC 0x1 +# define X509V3_EXT_CTX_DEP 0x2 +# define X509V3_EXT_MULTILINE 0x4 + +typedef BIT_STRING_BITNAME ENUMERATED_NAMES; + +typedef struct BASIC_CONSTRAINTS_st { + int ca; + ASN1_INTEGER *pathlen; +} BASIC_CONSTRAINTS; + +typedef struct PKEY_USAGE_PERIOD_st { + ASN1_GENERALIZEDTIME *notBefore; + ASN1_GENERALIZEDTIME *notAfter; +} PKEY_USAGE_PERIOD; + +typedef struct otherName_st { + ASN1_OBJECT *type_id; + ASN1_TYPE *value; +} OTHERNAME; + +typedef struct EDIPartyName_st { + ASN1_STRING *nameAssigner; + ASN1_STRING *partyName; +} EDIPARTYNAME; + +typedef struct GENERAL_NAME_st { +# define GEN_OTHERNAME 0 +# define GEN_EMAIL 1 +# define GEN_DNS 2 +# define GEN_X400 3 +# define GEN_DIRNAME 4 +# define GEN_EDIPARTY 5 +# define GEN_URI 6 +# define GEN_IPADD 7 +# define GEN_RID 8 + int type; + union { + char *ptr; + OTHERNAME *otherName; /* otherName */ + ASN1_IA5STRING *rfc822Name; + ASN1_IA5STRING *dNSName; + ASN1_TYPE *x400Address; + X509_NAME *directoryName; + EDIPARTYNAME *ediPartyName; + ASN1_IA5STRING *uniformResourceIdentifier; + ASN1_OCTET_STRING *iPAddress; + ASN1_OBJECT *registeredID; + /* Old names */ + ASN1_OCTET_STRING *ip; /* iPAddress */ + X509_NAME *dirn; /* dirn */ + ASN1_IA5STRING *ia5; /* rfc822Name, dNSName, + * uniformResourceIdentifier */ + ASN1_OBJECT *rid; /* registeredID */ + ASN1_TYPE *other; /* x400Address */ + } d; +} GENERAL_NAME; + +typedef struct ACCESS_DESCRIPTION_st { + ASN1_OBJECT *method; + GENERAL_NAME *location; +} ACCESS_DESCRIPTION; + +typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; + +typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE; + +typedef STACK_OF(ASN1_INTEGER) TLS_FEATURE; + +DEFINE_STACK_OF(GENERAL_NAME) +typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES; +DEFINE_STACK_OF(GENERAL_NAMES) + +DEFINE_STACK_OF(ACCESS_DESCRIPTION) + +typedef struct DIST_POINT_NAME_st { + int type; + union { + GENERAL_NAMES *fullname; + STACK_OF(X509_NAME_ENTRY) *relativename; + } name; +/* If relativename then this contains the full distribution point name */ + X509_NAME *dpname; +} DIST_POINT_NAME; +/* All existing reasons */ +# define CRLDP_ALL_REASONS 0x807f + +# define CRL_REASON_NONE -1 +# define CRL_REASON_UNSPECIFIED 0 +# define CRL_REASON_KEY_COMPROMISE 1 +# define CRL_REASON_CA_COMPROMISE 2 +# define CRL_REASON_AFFILIATION_CHANGED 3 +# define CRL_REASON_SUPERSEDED 4 +# define CRL_REASON_CESSATION_OF_OPERATION 5 +# define CRL_REASON_CERTIFICATE_HOLD 6 +# define CRL_REASON_REMOVE_FROM_CRL 8 +# define CRL_REASON_PRIVILEGE_WITHDRAWN 9 +# define CRL_REASON_AA_COMPROMISE 10 + +struct DIST_POINT_st { + DIST_POINT_NAME *distpoint; + ASN1_BIT_STRING *reasons; + GENERAL_NAMES *CRLissuer; + int dp_reasons; +}; + +typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS; + +DEFINE_STACK_OF(DIST_POINT) + +struct AUTHORITY_KEYID_st { + ASN1_OCTET_STRING *keyid; + GENERAL_NAMES *issuer; + ASN1_INTEGER *serial; +}; + +/* Strong extranet structures */ + +typedef struct SXNET_ID_st { + ASN1_INTEGER *zone; + ASN1_OCTET_STRING *user; +} SXNETID; + +DEFINE_STACK_OF(SXNETID) + +typedef struct SXNET_st { + ASN1_INTEGER *version; + STACK_OF(SXNETID) *ids; +} SXNET; + +typedef struct NOTICEREF_st { + ASN1_STRING *organization; + STACK_OF(ASN1_INTEGER) *noticenos; +} NOTICEREF; + +typedef struct USERNOTICE_st { + NOTICEREF *noticeref; + ASN1_STRING *exptext; +} USERNOTICE; + +typedef struct POLICYQUALINFO_st { + ASN1_OBJECT *pqualid; + union { + ASN1_IA5STRING *cpsuri; + USERNOTICE *usernotice; + ASN1_TYPE *other; + } d; +} POLICYQUALINFO; + +DEFINE_STACK_OF(POLICYQUALINFO) + +typedef struct POLICYINFO_st { + ASN1_OBJECT *policyid; + STACK_OF(POLICYQUALINFO) *qualifiers; +} POLICYINFO; + +typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES; + +DEFINE_STACK_OF(POLICYINFO) + +typedef struct POLICY_MAPPING_st { + ASN1_OBJECT *issuerDomainPolicy; + ASN1_OBJECT *subjectDomainPolicy; +} POLICY_MAPPING; + +DEFINE_STACK_OF(POLICY_MAPPING) + +typedef STACK_OF(POLICY_MAPPING) POLICY_MAPPINGS; + +typedef struct GENERAL_SUBTREE_st { + GENERAL_NAME *base; + ASN1_INTEGER *minimum; + ASN1_INTEGER *maximum; +} GENERAL_SUBTREE; + +DEFINE_STACK_OF(GENERAL_SUBTREE) + +struct NAME_CONSTRAINTS_st { + STACK_OF(GENERAL_SUBTREE) *permittedSubtrees; + STACK_OF(GENERAL_SUBTREE) *excludedSubtrees; +}; + +typedef struct POLICY_CONSTRAINTS_st { + ASN1_INTEGER *requireExplicitPolicy; + ASN1_INTEGER *inhibitPolicyMapping; +} POLICY_CONSTRAINTS; + +/* Proxy certificate structures, see RFC 3820 */ +typedef struct PROXY_POLICY_st { + ASN1_OBJECT *policyLanguage; + ASN1_OCTET_STRING *policy; +} PROXY_POLICY; + +typedef struct PROXY_CERT_INFO_EXTENSION_st { + ASN1_INTEGER *pcPathLengthConstraint; + PROXY_POLICY *proxyPolicy; +} PROXY_CERT_INFO_EXTENSION; + +DECLARE_ASN1_FUNCTIONS(PROXY_POLICY) +DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION) + +struct ISSUING_DIST_POINT_st { + DIST_POINT_NAME *distpoint; + int onlyuser; + int onlyCA; + ASN1_BIT_STRING *onlysomereasons; + int indirectCRL; + int onlyattr; +}; + +/* Values in idp_flags field */ +/* IDP present */ +# define IDP_PRESENT 0x1 +/* IDP values inconsistent */ +# define IDP_INVALID 0x2 +/* onlyuser true */ +# define IDP_ONLYUSER 0x4 +/* onlyCA true */ +# define IDP_ONLYCA 0x8 +/* onlyattr true */ +# define IDP_ONLYATTR 0x10 +/* indirectCRL true */ +# define IDP_INDIRECT 0x20 +/* onlysomereasons present */ +# define IDP_REASONS 0x40 + +# define X509V3_conf_err(val) ERR_add_error_data(6, \ + "section:", (val)->section, \ + ",name:", (val)->name, ",value:", (val)->value) + +# define X509V3_set_ctx_test(ctx) \ + X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST) +# define X509V3_set_ctx_nodb(ctx) (ctx)->db = NULL; + +# define EXT_BITSTRING(nid, table) { nid, 0, ASN1_ITEM_ref(ASN1_BIT_STRING), \ + 0,0,0,0, \ + 0,0, \ + (X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \ + (X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \ + NULL, NULL, \ + table} + +# define EXT_IA5STRING(nid) { nid, 0, ASN1_ITEM_ref(ASN1_IA5STRING), \ + 0,0,0,0, \ + (X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \ + (X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \ + 0,0,0,0, \ + NULL} + +# define EXT_END { -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} + +/* X509_PURPOSE stuff */ + +# define EXFLAG_BCONS 0x1 +# define EXFLAG_KUSAGE 0x2 +# define EXFLAG_XKUSAGE 0x4 +# define EXFLAG_NSCERT 0x8 + +# define EXFLAG_CA 0x10 +/* Really self issued not necessarily self signed */ +# define EXFLAG_SI 0x20 +# define EXFLAG_V1 0x40 +# define EXFLAG_INVALID 0x80 +/* EXFLAG_SET is set to indicate that some values have been precomputed */ +# define EXFLAG_SET 0x100 +# define EXFLAG_CRITICAL 0x200 +# define EXFLAG_PROXY 0x400 + +# define EXFLAG_INVALID_POLICY 0x800 +# define EXFLAG_FRESHEST 0x1000 +/* Self signed */ +# define EXFLAG_SS 0x2000 + +# define KU_DIGITAL_SIGNATURE 0x0080 +# define KU_NON_REPUDIATION 0x0040 +# define KU_KEY_ENCIPHERMENT 0x0020 +# define KU_DATA_ENCIPHERMENT 0x0010 +# define KU_KEY_AGREEMENT 0x0008 +# define KU_KEY_CERT_SIGN 0x0004 +# define KU_CRL_SIGN 0x0002 +# define KU_ENCIPHER_ONLY 0x0001 +# define KU_DECIPHER_ONLY 0x8000 + +# define NS_SSL_CLIENT 0x80 +# define NS_SSL_SERVER 0x40 +# define NS_SMIME 0x20 +# define NS_OBJSIGN 0x10 +# define NS_SSL_CA 0x04 +# define NS_SMIME_CA 0x02 +# define NS_OBJSIGN_CA 0x01 +# define NS_ANY_CA (NS_SSL_CA|NS_SMIME_CA|NS_OBJSIGN_CA) + +# define XKU_SSL_SERVER 0x1 +# define XKU_SSL_CLIENT 0x2 +# define XKU_SMIME 0x4 +# define XKU_CODE_SIGN 0x8 +# define XKU_SGC 0x10 +# define XKU_OCSP_SIGN 0x20 +# define XKU_TIMESTAMP 0x40 +# define XKU_DVCS 0x80 +# define XKU_ANYEKU 0x100 + +# define X509_PURPOSE_DYNAMIC 0x1 +# define X509_PURPOSE_DYNAMIC_NAME 0x2 + +typedef struct x509_purpose_st { + int purpose; + int trust; /* Default trust ID */ + int flags; + int (*check_purpose) (const struct x509_purpose_st *, const X509 *, int); + char *name; + char *sname; + void *usr_data; +} X509_PURPOSE; + +# define X509_PURPOSE_SSL_CLIENT 1 +# define X509_PURPOSE_SSL_SERVER 2 +# define X509_PURPOSE_NS_SSL_SERVER 3 +# define X509_PURPOSE_SMIME_SIGN 4 +# define X509_PURPOSE_SMIME_ENCRYPT 5 +# define X509_PURPOSE_CRL_SIGN 6 +# define X509_PURPOSE_ANY 7 +# define X509_PURPOSE_OCSP_HELPER 8 +# define X509_PURPOSE_TIMESTAMP_SIGN 9 + +# define X509_PURPOSE_MIN 1 +# define X509_PURPOSE_MAX 9 + +/* Flags for X509V3_EXT_print() */ + +# define X509V3_EXT_UNKNOWN_MASK (0xfL << 16) +/* Return error for unknown extensions */ +# define X509V3_EXT_DEFAULT 0 +/* Print error for unknown extensions */ +# define X509V3_EXT_ERROR_UNKNOWN (1L << 16) +/* ASN1 parse unknown extensions */ +# define X509V3_EXT_PARSE_UNKNOWN (2L << 16) +/* BIO_dump unknown extensions */ +# define X509V3_EXT_DUMP_UNKNOWN (3L << 16) + +/* Flags for X509V3_add1_i2d */ + +# define X509V3_ADD_OP_MASK 0xfL +# define X509V3_ADD_DEFAULT 0L +# define X509V3_ADD_APPEND 1L +# define X509V3_ADD_REPLACE 2L +# define X509V3_ADD_REPLACE_EXISTING 3L +# define X509V3_ADD_KEEP_EXISTING 4L +# define X509V3_ADD_DELETE 5L +# define X509V3_ADD_SILENT 0x10 + +DEFINE_STACK_OF(X509_PURPOSE) + +DECLARE_ASN1_FUNCTIONS(BASIC_CONSTRAINTS) + +DECLARE_ASN1_FUNCTIONS(SXNET) +DECLARE_ASN1_FUNCTIONS(SXNETID) + +int SXNET_add_id_asc(SXNET **psx, const char *zone, const char *user, int userlen); +int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, const char *user, + int userlen); +int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, const char *user, + int userlen); + +ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, const char *zone); +ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone); +ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone); + +DECLARE_ASN1_FUNCTIONS(AUTHORITY_KEYID) + +DECLARE_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD) + +DECLARE_ASN1_FUNCTIONS(GENERAL_NAME) +DECLARE_ASN1_DUP_FUNCTION(GENERAL_NAME) +int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b); + +ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *nval); +STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, + ASN1_BIT_STRING *bits, + STACK_OF(CONF_VALUE) *extlist); +char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5); +ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, const char *str); + +STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, + GENERAL_NAME *gen, + STACK_OF(CONF_VALUE) *ret); +int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen); + +DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES) + +STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, + GENERAL_NAMES *gen, + STACK_OF(CONF_VALUE) *extlist); +GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); + +DECLARE_ASN1_FUNCTIONS(OTHERNAME) +DECLARE_ASN1_FUNCTIONS(EDIPARTYNAME) +int OTHERNAME_cmp(OTHERNAME *a, OTHERNAME *b); +void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value); +void *GENERAL_NAME_get0_value(const GENERAL_NAME *a, int *ptype); +int GENERAL_NAME_set0_othername(GENERAL_NAME *gen, + ASN1_OBJECT *oid, ASN1_TYPE *value); +int GENERAL_NAME_get0_otherName(const GENERAL_NAME *gen, + ASN1_OBJECT **poid, ASN1_TYPE **pvalue); + +char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, + const ASN1_OCTET_STRING *ia5); +ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, const char *str); + +DECLARE_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE) +int i2a_ACCESS_DESCRIPTION(BIO *bp, const ACCESS_DESCRIPTION *a); + +DECLARE_ASN1_ALLOC_FUNCTIONS(TLS_FEATURE) + +DECLARE_ASN1_FUNCTIONS(CERTIFICATEPOLICIES) +DECLARE_ASN1_FUNCTIONS(POLICYINFO) +DECLARE_ASN1_FUNCTIONS(POLICYQUALINFO) +DECLARE_ASN1_FUNCTIONS(USERNOTICE) +DECLARE_ASN1_FUNCTIONS(NOTICEREF) + +DECLARE_ASN1_FUNCTIONS(CRL_DIST_POINTS) +DECLARE_ASN1_FUNCTIONS(DIST_POINT) +DECLARE_ASN1_FUNCTIONS(DIST_POINT_NAME) +DECLARE_ASN1_FUNCTIONS(ISSUING_DIST_POINT) + +int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname); + +int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc); +int NAME_CONSTRAINTS_check_CN(X509 *x, NAME_CONSTRAINTS *nc); + +DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION) +DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS) + +DECLARE_ASN1_ITEM(POLICY_MAPPING) +DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING) +DECLARE_ASN1_ITEM(POLICY_MAPPINGS) + +DECLARE_ASN1_ITEM(GENERAL_SUBTREE) +DECLARE_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE) + +DECLARE_ASN1_ITEM(NAME_CONSTRAINTS) +DECLARE_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS) + +DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS) +DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS) + +GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out, + const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, int gen_type, + const char *value, int is_nc); + +# ifdef OPENSSL_CONF_H +GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, CONF_VALUE *cnf); +GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, + const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, CONF_VALUE *cnf, + int is_nc); +void X509V3_conf_free(CONF_VALUE *val); + +X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, + const char *value); +X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, const char *name, + const char *value); +int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section, + STACK_OF(X509_EXTENSION) **sk); +int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, + X509 *cert); +int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, + X509_REQ *req); +int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, + X509_CRL *crl); + +X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, + X509V3_CTX *ctx, int ext_nid, + const char *value); +X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + const char *name, const char *value); +int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + const char *section, X509 *cert); +int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + const char *section, X509_REQ *req); +int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + const char *section, X509_CRL *crl); + +int X509V3_add_value_bool_nf(const char *name, int asn1_bool, + STACK_OF(CONF_VALUE) **extlist); +int X509V3_get_value_bool(const CONF_VALUE *value, int *asn1_bool); +int X509V3_get_value_int(const CONF_VALUE *value, ASN1_INTEGER **aint); +void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf); +void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash); +# endif + +char *X509V3_get_string(X509V3_CTX *ctx, const char *name, const char *section); +STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, const char *section); +void X509V3_string_free(X509V3_CTX *ctx, char *str); +void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section); +void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject, + X509_REQ *req, X509_CRL *crl, int flags); + +int X509V3_add_value(const char *name, const char *value, + STACK_OF(CONF_VALUE) **extlist); +int X509V3_add_value_uchar(const char *name, const unsigned char *value, + STACK_OF(CONF_VALUE) **extlist); +int X509V3_add_value_bool(const char *name, int asn1_bool, + STACK_OF(CONF_VALUE) **extlist); +int X509V3_add_value_int(const char *name, const ASN1_INTEGER *aint, + STACK_OF(CONF_VALUE) **extlist); +char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const ASN1_INTEGER *aint); +ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const char *value); +char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, const ASN1_ENUMERATED *aint); +char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth, + const ASN1_ENUMERATED *aint); +int X509V3_EXT_add(X509V3_EXT_METHOD *ext); +int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist); +int X509V3_EXT_add_alias(int nid_to, int nid_from); +void X509V3_EXT_cleanup(void); + +const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext); +const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid); +int X509V3_add_standard_extensions(void); +STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line); +void *X509V3_EXT_d2i(X509_EXTENSION *ext); +void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit, + int *idx); + +X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc); +int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, + int crit, unsigned long flags); + +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 +/* The new declarations are in crypto.h, but the old ones were here. */ +# define hex_to_string OPENSSL_buf2hexstr +# define string_to_hex OPENSSL_hexstr2buf +#endif + +void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, + int ml); +int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, + int indent); +#ifndef OPENSSL_NO_STDIO +int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent); +#endif +int X509V3_extensions_print(BIO *out, const char *title, + const STACK_OF(X509_EXTENSION) *exts, + unsigned long flag, int indent); + +int X509_check_ca(X509 *x); +int X509_check_purpose(X509 *x, int id, int ca); +int X509_supported_extension(X509_EXTENSION *ex); +int X509_PURPOSE_set(int *p, int purpose); +int X509_check_issued(X509 *issuer, X509 *subject); +int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid); +void X509_set_proxy_flag(X509 *x); +void X509_set_proxy_pathlen(X509 *x, long l); +long X509_get_proxy_pathlen(X509 *x); + +uint32_t X509_get_extension_flags(X509 *x); +uint32_t X509_get_key_usage(X509 *x); +uint32_t X509_get_extended_key_usage(X509 *x); +const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x); +const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x); +const GENERAL_NAMES *X509_get0_authority_issuer(X509 *x); +const ASN1_INTEGER *X509_get0_authority_serial(X509 *x); + +int X509_PURPOSE_get_count(void); +X509_PURPOSE *X509_PURPOSE_get0(int idx); +int X509_PURPOSE_get_by_sname(const char *sname); +int X509_PURPOSE_get_by_id(int id); +int X509_PURPOSE_add(int id, int trust, int flags, + int (*ck) (const X509_PURPOSE *, const X509 *, int), + const char *name, const char *sname, void *arg); +char *X509_PURPOSE_get0_name(const X509_PURPOSE *xp); +char *X509_PURPOSE_get0_sname(const X509_PURPOSE *xp); +int X509_PURPOSE_get_trust(const X509_PURPOSE *xp); +void X509_PURPOSE_cleanup(void); +int X509_PURPOSE_get_id(const X509_PURPOSE *); + +STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x); +STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x); +void X509_email_free(STACK_OF(OPENSSL_STRING) *sk); +STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x); +/* Flags for X509_check_* functions */ + +/* + * Always check subject name for host match even if subject alt names present + */ +# define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT 0x1 +/* Disable wildcard matching for dnsName fields and common name. */ +# define X509_CHECK_FLAG_NO_WILDCARDS 0x2 +/* Wildcards must not match a partial label. */ +# define X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS 0x4 +/* Allow (non-partial) wildcards to match multiple labels. */ +# define X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS 0x8 +/* Constraint verifier subdomain patterns to match a single labels. */ +# define X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS 0x10 +/* Never check the subject CN */ +# define X509_CHECK_FLAG_NEVER_CHECK_SUBJECT 0x20 +/* + * Match reference identifiers starting with "." to any sub-domain. + * This is a non-public flag, turned on implicitly when the subject + * reference identity is a DNS name. + */ +# define _X509_CHECK_FLAG_DOT_SUBDOMAINS 0x8000 + +int X509_check_host(X509 *x, const char *chk, size_t chklen, + unsigned int flags, char **peername); +int X509_check_email(X509 *x, const char *chk, size_t chklen, + unsigned int flags); +int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen, + unsigned int flags); +int X509_check_ip_asc(X509 *x, const char *ipasc, unsigned int flags); + +ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc); +ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc); +int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk, + unsigned long chtype); + +void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent); +DEFINE_STACK_OF(X509_POLICY_NODE) + +#ifndef OPENSSL_NO_RFC3779 +typedef struct ASRange_st { + ASN1_INTEGER *min, *max; +} ASRange; + +# define ASIdOrRange_id 0 +# define ASIdOrRange_range 1 + +typedef struct ASIdOrRange_st { + int type; + union { + ASN1_INTEGER *id; + ASRange *range; + } u; +} ASIdOrRange; + +typedef STACK_OF(ASIdOrRange) ASIdOrRanges; +DEFINE_STACK_OF(ASIdOrRange) + +# define ASIdentifierChoice_inherit 0 +# define ASIdentifierChoice_asIdsOrRanges 1 + +typedef struct ASIdentifierChoice_st { + int type; + union { + ASN1_NULL *inherit; + ASIdOrRanges *asIdsOrRanges; + } u; +} ASIdentifierChoice; + +typedef struct ASIdentifiers_st { + ASIdentifierChoice *asnum, *rdi; +} ASIdentifiers; + +DECLARE_ASN1_FUNCTIONS(ASRange) +DECLARE_ASN1_FUNCTIONS(ASIdOrRange) +DECLARE_ASN1_FUNCTIONS(ASIdentifierChoice) +DECLARE_ASN1_FUNCTIONS(ASIdentifiers) + +typedef struct IPAddressRange_st { + ASN1_BIT_STRING *min, *max; +} IPAddressRange; + +# define IPAddressOrRange_addressPrefix 0 +# define IPAddressOrRange_addressRange 1 + +typedef struct IPAddressOrRange_st { + int type; + union { + ASN1_BIT_STRING *addressPrefix; + IPAddressRange *addressRange; + } u; +} IPAddressOrRange; + +typedef STACK_OF(IPAddressOrRange) IPAddressOrRanges; +DEFINE_STACK_OF(IPAddressOrRange) + +# define IPAddressChoice_inherit 0 +# define IPAddressChoice_addressesOrRanges 1 + +typedef struct IPAddressChoice_st { + int type; + union { + ASN1_NULL *inherit; + IPAddressOrRanges *addressesOrRanges; + } u; +} IPAddressChoice; + +typedef struct IPAddressFamily_st { + ASN1_OCTET_STRING *addressFamily; + IPAddressChoice *ipAddressChoice; +} IPAddressFamily; + +typedef STACK_OF(IPAddressFamily) IPAddrBlocks; +DEFINE_STACK_OF(IPAddressFamily) + +DECLARE_ASN1_FUNCTIONS(IPAddressRange) +DECLARE_ASN1_FUNCTIONS(IPAddressOrRange) +DECLARE_ASN1_FUNCTIONS(IPAddressChoice) +DECLARE_ASN1_FUNCTIONS(IPAddressFamily) + +/* + * API tag for elements of the ASIdentifer SEQUENCE. + */ +# define V3_ASID_ASNUM 0 +# define V3_ASID_RDI 1 + +/* + * AFI values, assigned by IANA. It'd be nice to make the AFI + * handling code totally generic, but there are too many little things + * that would need to be defined for other address families for it to + * be worth the trouble. + */ +# define IANA_AFI_IPV4 1 +# define IANA_AFI_IPV6 2 + +/* + * Utilities to construct and extract values from RFC3779 extensions, + * since some of the encodings (particularly for IP address prefixes + * and ranges) are a bit tedious to work with directly. + */ +int X509v3_asid_add_inherit(ASIdentifiers *asid, int which); +int X509v3_asid_add_id_or_range(ASIdentifiers *asid, int which, + ASN1_INTEGER *min, ASN1_INTEGER *max); +int X509v3_addr_add_inherit(IPAddrBlocks *addr, + const unsigned afi, const unsigned *safi); +int X509v3_addr_add_prefix(IPAddrBlocks *addr, + const unsigned afi, const unsigned *safi, + unsigned char *a, const int prefixlen); +int X509v3_addr_add_range(IPAddrBlocks *addr, + const unsigned afi, const unsigned *safi, + unsigned char *min, unsigned char *max); +unsigned X509v3_addr_get_afi(const IPAddressFamily *f); +int X509v3_addr_get_range(IPAddressOrRange *aor, const unsigned afi, + unsigned char *min, unsigned char *max, + const int length); + +/* + * Canonical forms. + */ +int X509v3_asid_is_canonical(ASIdentifiers *asid); +int X509v3_addr_is_canonical(IPAddrBlocks *addr); +int X509v3_asid_canonize(ASIdentifiers *asid); +int X509v3_addr_canonize(IPAddrBlocks *addr); + +/* + * Tests for inheritance and containment. + */ +int X509v3_asid_inherits(ASIdentifiers *asid); +int X509v3_addr_inherits(IPAddrBlocks *addr); +int X509v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b); +int X509v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b); + +/* + * Check whether RFC 3779 extensions nest properly in chains. + */ +int X509v3_asid_validate_path(X509_STORE_CTX *); +int X509v3_addr_validate_path(X509_STORE_CTX *); +int X509v3_asid_validate_resource_set(STACK_OF(X509) *chain, + ASIdentifiers *ext, + int allow_inheritance); +int X509v3_addr_validate_resource_set(STACK_OF(X509) *chain, + IPAddrBlocks *ext, int allow_inheritance); + +#endif /* OPENSSL_NO_RFC3779 */ + +DEFINE_STACK_OF(ASN1_STRING) + +/* + * Admission Syntax + */ +typedef struct NamingAuthority_st NAMING_AUTHORITY; +typedef struct ProfessionInfo_st PROFESSION_INFO; +typedef struct Admissions_st ADMISSIONS; +typedef struct AdmissionSyntax_st ADMISSION_SYNTAX; +DECLARE_ASN1_FUNCTIONS(NAMING_AUTHORITY) +DECLARE_ASN1_FUNCTIONS(PROFESSION_INFO) +DECLARE_ASN1_FUNCTIONS(ADMISSIONS) +DECLARE_ASN1_FUNCTIONS(ADMISSION_SYNTAX) +DEFINE_STACK_OF(ADMISSIONS) +DEFINE_STACK_OF(PROFESSION_INFO) +typedef STACK_OF(PROFESSION_INFO) PROFESSION_INFOS; + +const ASN1_OBJECT *NAMING_AUTHORITY_get0_authorityId( + const NAMING_AUTHORITY *n); +const ASN1_IA5STRING *NAMING_AUTHORITY_get0_authorityURL( + const NAMING_AUTHORITY *n); +const ASN1_STRING *NAMING_AUTHORITY_get0_authorityText( + const NAMING_AUTHORITY *n); +void NAMING_AUTHORITY_set0_authorityId(NAMING_AUTHORITY *n, + ASN1_OBJECT* namingAuthorityId); +void NAMING_AUTHORITY_set0_authorityURL(NAMING_AUTHORITY *n, + ASN1_IA5STRING* namingAuthorityUrl); +void NAMING_AUTHORITY_set0_authorityText(NAMING_AUTHORITY *n, + ASN1_STRING* namingAuthorityText); + +const GENERAL_NAME *ADMISSION_SYNTAX_get0_admissionAuthority( + const ADMISSION_SYNTAX *as); +void ADMISSION_SYNTAX_set0_admissionAuthority( + ADMISSION_SYNTAX *as, GENERAL_NAME *aa); +const STACK_OF(ADMISSIONS) *ADMISSION_SYNTAX_get0_contentsOfAdmissions( + const ADMISSION_SYNTAX *as); +void ADMISSION_SYNTAX_set0_contentsOfAdmissions( + ADMISSION_SYNTAX *as, STACK_OF(ADMISSIONS) *a); +const GENERAL_NAME *ADMISSIONS_get0_admissionAuthority(const ADMISSIONS *a); +void ADMISSIONS_set0_admissionAuthority(ADMISSIONS *a, GENERAL_NAME *aa); +const NAMING_AUTHORITY *ADMISSIONS_get0_namingAuthority(const ADMISSIONS *a); +void ADMISSIONS_set0_namingAuthority(ADMISSIONS *a, NAMING_AUTHORITY *na); +const PROFESSION_INFOS *ADMISSIONS_get0_professionInfos(const ADMISSIONS *a); +void ADMISSIONS_set0_professionInfos(ADMISSIONS *a, PROFESSION_INFOS *pi); +const ASN1_OCTET_STRING *PROFESSION_INFO_get0_addProfessionInfo( + const PROFESSION_INFO *pi); +void PROFESSION_INFO_set0_addProfessionInfo( + PROFESSION_INFO *pi, ASN1_OCTET_STRING *aos); +const NAMING_AUTHORITY *PROFESSION_INFO_get0_namingAuthority( + const PROFESSION_INFO *pi); +void PROFESSION_INFO_set0_namingAuthority( + PROFESSION_INFO *pi, NAMING_AUTHORITY *na); +const STACK_OF(ASN1_STRING) *PROFESSION_INFO_get0_professionItems( + const PROFESSION_INFO *pi); +void PROFESSION_INFO_set0_professionItems( + PROFESSION_INFO *pi, STACK_OF(ASN1_STRING) *as); +const STACK_OF(ASN1_OBJECT) *PROFESSION_INFO_get0_professionOIDs( + const PROFESSION_INFO *pi); +void PROFESSION_INFO_set0_professionOIDs( + PROFESSION_INFO *pi, STACK_OF(ASN1_OBJECT) *po); +const ASN1_PRINTABLESTRING *PROFESSION_INFO_get0_registrationNumber( + const PROFESSION_INFO *pi); +void PROFESSION_INFO_set0_registrationNumber( + PROFESSION_INFO *pi, ASN1_PRINTABLESTRING *rn); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/linux_amd64/ssl/include/openssl/x509v3err.h b/linux_amd64/ssl/include/openssl/x509v3err.h new file mode 100644 index 0000000..6e73337 --- /dev/null +++ b/linux_amd64/ssl/include/openssl/x509v3err.h @@ -0,0 +1,172 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_X509V3ERR_H +# define OPENSSL_X509V3ERR_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_X509V3ERR_H +# endif + +# include +# include + + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_X509V3_strings(void); + +/* + * X509V3 function codes. + */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define X509V3_F_A2I_GENERAL_NAME 0 +# define X509V3_F_ADDR_VALIDATE_PATH_INTERNAL 0 +# define X509V3_F_ASIDENTIFIERCHOICE_CANONIZE 0 +# define X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL 0 +# define X509V3_F_BIGNUM_TO_STRING 0 +# define X509V3_F_COPY_EMAIL 0 +# define X509V3_F_COPY_ISSUER 0 +# define X509V3_F_DO_DIRNAME 0 +# define X509V3_F_DO_EXT_I2D 0 +# define X509V3_F_DO_EXT_NCONF 0 +# define X509V3_F_GNAMES_FROM_SECTNAME 0 +# define X509V3_F_I2S_ASN1_ENUMERATED 0 +# define X509V3_F_I2S_ASN1_IA5STRING 0 +# define X509V3_F_I2S_ASN1_INTEGER 0 +# define X509V3_F_I2S_ASN1_UTF8STRING 0 +# define X509V3_F_I2V_AUTHORITY_INFO_ACCESS 0 +# define X509V3_F_LEVEL_ADD_NODE 0 +# define X509V3_F_NOTICE_SECTION 0 +# define X509V3_F_NREF_NOS 0 +# define X509V3_F_POLICY_CACHE_CREATE 0 +# define X509V3_F_POLICY_CACHE_NEW 0 +# define X509V3_F_POLICY_DATA_NEW 0 +# define X509V3_F_POLICY_SECTION 0 +# define X509V3_F_PROCESS_PCI_VALUE 0 +# define X509V3_F_R2I_CERTPOL 0 +# define X509V3_F_R2I_PCI 0 +# define X509V3_F_S2I_ASN1_IA5STRING 0 +# define X509V3_F_S2I_ASN1_INTEGER 0 +# define X509V3_F_S2I_ASN1_OCTET_STRING 0 +# define X509V3_F_S2I_ASN1_UTF8STRING 0 +# define X509V3_F_S2I_SKEY_ID 0 +# define X509V3_F_SET_DIST_POINT_NAME 0 +# define X509V3_F_SXNET_ADD_ID_ASC 0 +# define X509V3_F_SXNET_ADD_ID_INTEGER 0 +# define X509V3_F_SXNET_ADD_ID_ULONG 0 +# define X509V3_F_SXNET_GET_ID_ASC 0 +# define X509V3_F_SXNET_GET_ID_ULONG 0 +# define X509V3_F_TREE_INIT 0 +# define X509V3_F_V2I_ASIDENTIFIERS 0 +# define X509V3_F_V2I_ASN1_BIT_STRING 0 +# define X509V3_F_V2I_AUTHORITY_INFO_ACCESS 0 +# define X509V3_F_V2I_AUTHORITY_KEYID 0 +# define X509V3_F_V2I_BASIC_CONSTRAINTS 0 +# define X509V3_F_V2I_CRLD 0 +# define X509V3_F_V2I_EXTENDED_KEY_USAGE 0 +# define X509V3_F_V2I_GENERAL_NAMES 0 +# define X509V3_F_V2I_GENERAL_NAME_EX 0 +# define X509V3_F_V2I_IDP 0 +# define X509V3_F_V2I_IPADDRBLOCKS 0 +# define X509V3_F_V2I_ISSUER_ALT 0 +# define X509V3_F_V2I_NAME_CONSTRAINTS 0 +# define X509V3_F_V2I_POLICY_CONSTRAINTS 0 +# define X509V3_F_V2I_POLICY_MAPPINGS 0 +# define X509V3_F_V2I_SUBJECT_ALT 0 +# define X509V3_F_V2I_TLS_FEATURE 0 +# define X509V3_F_V3_GENERIC_EXTENSION 0 +# define X509V3_F_X509V3_ADD1_I2D 0 +# define X509V3_F_X509V3_ADD_VALUE 0 +# define X509V3_F_X509V3_EXT_ADD 0 +# define X509V3_F_X509V3_EXT_ADD_ALIAS 0 +# define X509V3_F_X509V3_EXT_I2D 0 +# define X509V3_F_X509V3_EXT_NCONF 0 +# define X509V3_F_X509V3_GET_SECTION 0 +# define X509V3_F_X509V3_GET_STRING 0 +# define X509V3_F_X509V3_GET_VALUE_BOOL 0 +# define X509V3_F_X509V3_PARSE_LIST 0 +# define X509V3_F_X509_PURPOSE_ADD 0 +# define X509V3_F_X509_PURPOSE_SET 0 +# endif + +/* + * X509V3 reason codes. + */ +# define X509V3_R_BAD_IP_ADDRESS 118 +# define X509V3_R_BAD_OBJECT 119 +# define X509V3_R_BN_DEC2BN_ERROR 100 +# define X509V3_R_BN_TO_ASN1_INTEGER_ERROR 101 +# define X509V3_R_DIRNAME_ERROR 149 +# define X509V3_R_DISTPOINT_ALREADY_SET 160 +# define X509V3_R_DUPLICATE_ZONE_ID 133 +# define X509V3_R_ERROR_CONVERTING_ZONE 131 +# define X509V3_R_ERROR_CREATING_EXTENSION 144 +# define X509V3_R_ERROR_IN_EXTENSION 128 +# define X509V3_R_EXPECTED_A_SECTION_NAME 137 +# define X509V3_R_EXTENSION_EXISTS 145 +# define X509V3_R_EXTENSION_NAME_ERROR 115 +# define X509V3_R_EXTENSION_NOT_FOUND 102 +# define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED 103 +# define X509V3_R_EXTENSION_VALUE_ERROR 116 +# define X509V3_R_ILLEGAL_EMPTY_EXTENSION 151 +# define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG 152 +# define X509V3_R_INVALID_ASNUMBER 162 +# define X509V3_R_INVALID_ASRANGE 163 +# define X509V3_R_INVALID_BOOLEAN_STRING 104 +# define X509V3_R_INVALID_EXTENSION_STRING 105 +# define X509V3_R_INVALID_INHERITANCE 165 +# define X509V3_R_INVALID_IPADDRESS 166 +# define X509V3_R_INVALID_MULTIPLE_RDNS 161 +# define X509V3_R_INVALID_NAME 106 +# define X509V3_R_INVALID_NULL_ARGUMENT 107 +# define X509V3_R_INVALID_NULL_NAME 108 +# define X509V3_R_INVALID_NULL_VALUE 109 +# define X509V3_R_INVALID_NUMBER 140 +# define X509V3_R_INVALID_NUMBERS 141 +# define X509V3_R_INVALID_OBJECT_IDENTIFIER 110 +# define X509V3_R_INVALID_OPTION 138 +# define X509V3_R_INVALID_POLICY_IDENTIFIER 134 +# define X509V3_R_INVALID_PROXY_POLICY_SETTING 153 +# define X509V3_R_INVALID_PURPOSE 146 +# define X509V3_R_INVALID_SAFI 164 +# define X509V3_R_INVALID_SECTION 135 +# define X509V3_R_INVALID_SYNTAX 143 +# define X509V3_R_ISSUER_DECODE_ERROR 126 +# define X509V3_R_MISSING_VALUE 124 +# define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS 142 +# define X509V3_R_NO_CONFIG_DATABASE 136 +# define X509V3_R_NO_ISSUER_CERTIFICATE 121 +# define X509V3_R_NO_ISSUER_DETAILS 127 +# define X509V3_R_NO_POLICY_IDENTIFIER 139 +# define X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED 154 +# define X509V3_R_NO_PUBLIC_KEY 114 +# define X509V3_R_NO_SUBJECT_DETAILS 125 +# define X509V3_R_OPERATION_NOT_DEFINED 148 +# define X509V3_R_OTHERNAME_ERROR 147 +# define X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED 155 +# define X509V3_R_POLICY_PATH_LENGTH 156 +# define X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED 157 +# define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 159 +# define X509V3_R_SECTION_NOT_FOUND 150 +# define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS 122 +# define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID 123 +# define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT 111 +# define X509V3_R_UNKNOWN_EXTENSION 129 +# define X509V3_R_UNKNOWN_EXTENSION_NAME 130 +# define X509V3_R_UNKNOWN_OPTION 120 +# define X509V3_R_UNSUPPORTED_OPTION 117 +# define X509V3_R_UNSUPPORTED_TYPE 167 +# define X509V3_R_USER_TOO_LONG 132 + +#endif diff --git a/linux_amd64/ssl/lib/engines-3/afalg.so b/linux_amd64/ssl/lib/engines-3/afalg.so new file mode 100755 index 0000000..17195f7 Binary files /dev/null and b/linux_amd64/ssl/lib/engines-3/afalg.so differ diff --git a/linux_amd64/ssl/lib/engines-3/capi.so b/linux_amd64/ssl/lib/engines-3/capi.so new file mode 100755 index 0000000..76ea8ba Binary files /dev/null and b/linux_amd64/ssl/lib/engines-3/capi.so differ diff --git a/linux_amd64/ssl/lib/engines-3/padlock.so b/linux_amd64/ssl/lib/engines-3/padlock.so new file mode 100755 index 0000000..4b8eae5 Binary files /dev/null and b/linux_amd64/ssl/lib/engines-3/padlock.so differ diff --git a/linux_amd64/ssl/lib/libcrypto.a b/linux_amd64/ssl/lib/libcrypto.a new file mode 100644 index 0000000..a0e6361 Binary files /dev/null and b/linux_amd64/ssl/lib/libcrypto.a differ diff --git a/linux_amd64/ssl/lib/libcrypto.so b/linux_amd64/ssl/lib/libcrypto.so new file mode 120000 index 0000000..e6d0d80 --- /dev/null +++ b/linux_amd64/ssl/lib/libcrypto.so @@ -0,0 +1 @@ +libcrypto.so.3 \ No newline at end of file diff --git a/linux_amd64/ssl/lib/libcrypto.so.3 b/linux_amd64/ssl/lib/libcrypto.so.3 new file mode 100755 index 0000000..4e95dfa Binary files /dev/null and b/linux_amd64/ssl/lib/libcrypto.so.3 differ diff --git a/linux_amd64/ssl/lib/libssl.a b/linux_amd64/ssl/lib/libssl.a new file mode 100644 index 0000000..30e0d7c Binary files /dev/null and b/linux_amd64/ssl/lib/libssl.a differ diff --git a/linux_amd64/ssl/lib/libssl.so b/linux_amd64/ssl/lib/libssl.so new file mode 120000 index 0000000..7481049 --- /dev/null +++ b/linux_amd64/ssl/lib/libssl.so @@ -0,0 +1 @@ +libssl.so.3 \ No newline at end of file diff --git a/linux_amd64/ssl/lib/libssl.so.3 b/linux_amd64/ssl/lib/libssl.so.3 new file mode 100755 index 0000000..e94432d Binary files /dev/null and b/linux_amd64/ssl/lib/libssl.so.3 differ diff --git a/linux_amd64/ssl/lib/pkgconfig/libcrypto.pc b/linux_amd64/ssl/lib/pkgconfig/libcrypto.pc new file mode 100644 index 0000000..2491fd7 --- /dev/null +++ b/linux_amd64/ssl/lib/pkgconfig/libcrypto.pc @@ -0,0 +1,12 @@ +prefix=/root/openssl/build/../out +exec_prefix=${prefix} +libdir=${exec_prefix}/lib +includedir=${prefix}/include +enginesdir=${libdir}/engines-3 + +Name: OpenSSL-libcrypto +Description: OpenSSL cryptography library +Version: 3.0.0-dev +Libs: -L${libdir} -lcrypto +Libs.private: -ldl -pthread +Cflags: -I${includedir} diff --git a/linux_amd64/ssl/lib/pkgconfig/libssl.pc b/linux_amd64/ssl/lib/pkgconfig/libssl.pc new file mode 100644 index 0000000..82fc75b --- /dev/null +++ b/linux_amd64/ssl/lib/pkgconfig/libssl.pc @@ -0,0 +1,11 @@ +prefix=/root/openssl/build/../out +exec_prefix=${prefix} +libdir=${exec_prefix}/lib +includedir=${prefix}/include + +Name: OpenSSL-libssl +Description: Secure Sockets Layer and cryptography libraries +Version: 3.0.0-dev +Requires.private: libcrypto +Libs: -L${libdir} -lssl +Cflags: -I${includedir} diff --git a/linux_amd64/ssl/lib/pkgconfig/openssl.pc b/linux_amd64/ssl/lib/pkgconfig/openssl.pc new file mode 100644 index 0000000..7fc760a --- /dev/null +++ b/linux_amd64/ssl/lib/pkgconfig/openssl.pc @@ -0,0 +1,9 @@ +prefix=/root/openssl/build/../out +exec_prefix=${prefix} +libdir=${exec_prefix}/lib +includedir=${prefix}/include + +Name: OpenSSL +Description: Secure Sockets Layer and cryptography libraries and tools +Version: 3.0.0-dev +Requires: libssl libcrypto diff --git a/linux_amd64/ssl/misc/CA.pl b/linux_amd64/ssl/misc/CA.pl new file mode 100755 index 0000000..3264db2 --- /dev/null +++ b/linux_amd64/ssl/misc/CA.pl @@ -0,0 +1,215 @@ +#!/usr/bin/env perl +# Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +# +# Wrapper around the ca to make it easier to use +# +# WARNING: do not edit! +# Generated by Makefile from ../apps/CA.pl.in + +use strict; +use warnings; + +my $openssl = "openssl"; +if(defined $ENV{'OPENSSL'}) { + $openssl = $ENV{'OPENSSL'}; +} else { + $ENV{'OPENSSL'} = $openssl; +} + +my $verbose = 1; + +my $OPENSSL_CONFIG = $ENV{"OPENSSL_CONFIG"} || ""; +my $DAYS = "-days 365"; +my $CADAYS = "-days 1095"; # 3 years +my $REQ = "$openssl req $OPENSSL_CONFIG"; +my $CA = "$openssl ca $OPENSSL_CONFIG"; +my $VERIFY = "$openssl verify"; +my $X509 = "$openssl x509"; +my $PKCS12 = "$openssl pkcs12"; + +# default openssl.cnf file has setup as per the following +my $CATOP = "./demoCA"; +my $CAKEY = "cakey.pem"; +my $CAREQ = "careq.pem"; +my $CACERT = "cacert.pem"; +my $CACRL = "crl.pem"; +my $DIRMODE = 0777; + +my $NEWKEY = "newkey.pem"; +my $NEWREQ = "newreq.pem"; +my $NEWCERT = "newcert.pem"; +my $NEWP12 = "newcert.p12"; +my $RET = 0; +my $WHAT = shift @ARGV || ""; +my @OPENSSL_CMDS = ("req", "ca", "pkcs12", "x509", "verify"); +my %EXTRA = extra_args(\@ARGV, "-extra-"); +my $FILE; + +sub extra_args { + my ($args_ref, $arg_prefix) = @_; + my %eargs = map { + if ($_ < $#$args_ref) { + my ($arg, $value) = splice(@$args_ref, $_, 2); + $arg =~ s/$arg_prefix//; + ($arg, $value); + } else { + (); + } + } reverse grep($$args_ref[$_] =~ /$arg_prefix/, 0..$#$args_ref); + my %empty = map { ($_, "") } @OPENSSL_CMDS; + return (%empty, %eargs); +} + +# See if reason for a CRL entry is valid; exit if not. +sub crl_reason_ok +{ + my $r = shift; + + if ($r eq 'unspecified' || $r eq 'keyCompromise' + || $r eq 'CACompromise' || $r eq 'affiliationChanged' + || $r eq 'superseded' || $r eq 'cessationOfOperation' + || $r eq 'certificateHold' || $r eq 'removeFromCRL') { + return 1; + } + print STDERR "Invalid CRL reason; must be one of:\n"; + print STDERR " unspecified, keyCompromise, CACompromise,\n"; + print STDERR " affiliationChanged, superseded, cessationOfOperation\n"; + print STDERR " certificateHold, removeFromCRL"; + exit 1; +} + +# Copy a PEM-format file; return like exit status (zero means ok) +sub copy_pemfile +{ + my ($infile, $outfile, $bound) = @_; + my $found = 0; + + open IN, $infile || die "Cannot open $infile, $!"; + open OUT, ">$outfile" || die "Cannot write to $outfile, $!"; + while () { + $found = 1 if /^-----BEGIN.*$bound/; + print OUT $_ if $found; + $found = 2, last if /^-----END.*$bound/; + } + close IN; + close OUT; + return $found == 2 ? 0 : 1; +} + +# Wrapper around system; useful for debugging. Returns just the exit status +sub run +{ + my $cmd = shift; + print "====\n$cmd\n" if $verbose; + my $status = system($cmd); + print "==> $status\n====\n" if $verbose; + return $status >> 8; +} + + +if ( $WHAT =~ /^(-\?|-h|-help)$/ ) { + print STDERR "usage: CA.pl -newcert | -newreq | -newreq-nodes | -xsign | -sign | -signCA | -signcert | -crl | -newca [-extra-cmd extra-params]\n"; + print STDERR " CA.pl -pkcs12 [-extra-pkcs12 extra-params] [certname]\n"; + print STDERR " CA.pl -verify [-extra-verify extra-params] certfile ...\n"; + print STDERR " CA.pl -revoke [-extra-ca extra-params] certfile [reason]\n"; + exit 0; +} +if ($WHAT eq '-newcert' ) { + # create a certificate + $RET = run("$REQ -new -x509 -keyout $NEWKEY -out $NEWCERT $DAYS $EXTRA{req}"); + print "Cert is in $NEWCERT, private key is in $NEWKEY\n" if $RET == 0; +} elsif ($WHAT eq '-precert' ) { + # create a pre-certificate + $RET = run("$REQ -x509 -precert -keyout $NEWKEY -out $NEWCERT $DAYS"); + print "Pre-cert is in $NEWCERT, private key is in $NEWKEY\n" if $RET == 0; +} elsif ($WHAT =~ /^\-newreq(\-nodes)?$/ ) { + # create a certificate request + $RET = run("$REQ -new $1 -keyout $NEWKEY -out $NEWREQ $DAYS $EXTRA{req}"); + print "Request is in $NEWREQ, private key is in $NEWKEY\n" if $RET == 0; +} elsif ($WHAT eq '-newca' ) { + # create the directory hierarchy + mkdir ${CATOP}, $DIRMODE; + mkdir "${CATOP}/certs", $DIRMODE; + mkdir "${CATOP}/crl", $DIRMODE ; + mkdir "${CATOP}/newcerts", $DIRMODE; + mkdir "${CATOP}/private", $DIRMODE; + open OUT, ">${CATOP}/index.txt"; + close OUT; + open OUT, ">${CATOP}/crlnumber"; + print OUT "01\n"; + close OUT; + # ask user for existing CA certificate + print "CA certificate filename (or enter to create)\n"; + $FILE = "" unless defined($FILE = ); + $FILE =~ s{\R$}{}; + if ($FILE ne "") { + copy_pemfile($FILE,"${CATOP}/private/$CAKEY", "PRIVATE"); + copy_pemfile($FILE,"${CATOP}/$CACERT", "CERTIFICATE"); + } else { + print "Making CA certificate ...\n"; + $RET = run("$REQ -new -keyout" + . " ${CATOP}/private/$CAKEY" + . " -out ${CATOP}/$CAREQ $EXTRA{req}"); + $RET = run("$CA -create_serial" + . " -out ${CATOP}/$CACERT $CADAYS -batch" + . " -keyfile ${CATOP}/private/$CAKEY -selfsign" + . " -extensions v3_ca $EXTRA{ca}" + . " -infiles ${CATOP}/$CAREQ") if $RET == 0; + print "CA certificate is in ${CATOP}/$CACERT\n" if $RET == 0; + } +} elsif ($WHAT eq '-pkcs12' ) { + my $cname = $ARGV[0]; + $cname = "My Certificate" unless defined $cname; + $RET = run("$PKCS12 -in $NEWCERT -inkey $NEWKEY" + . " -certfile ${CATOP}/$CACERT" + . " -out $NEWP12" + . " -export -name \"$cname\" $EXTRA{pkcs12}"); + print "PKCS #12 file is in $NEWP12\n" if $RET == 0; +} elsif ($WHAT eq '-xsign' ) { + $RET = run("$CA -policy policy_anything $EXTRA{ca} -infiles $NEWREQ"); +} elsif ($WHAT eq '-sign' ) { + $RET = run("$CA -policy policy_anything -out $NEWCERT $EXTRA{ca} -infiles $NEWREQ"); + print "Signed certificate is in $NEWCERT\n" if $RET == 0; +} elsif ($WHAT eq '-signCA' ) { + $RET = run("$CA -policy policy_anything -out $NEWCERT" + . " -extensions v3_ca $EXTRA{ca} -infiles $NEWREQ"); + print "Signed CA certificate is in $NEWCERT\n" if $RET == 0; +} elsif ($WHAT eq '-signcert' ) { + $RET = run("$X509 -x509toreq -in $NEWREQ -signkey $NEWREQ" + . " -out tmp.pem $EXTRA{x509}"); + $RET = run("$CA -policy policy_anything -out $NEWCERT" + . "$EXTRA{ca} -infiles tmp.pem") if $RET == 0; + print "Signed certificate is in $NEWCERT\n" if $RET == 0; +} elsif ($WHAT eq '-verify' ) { + my @files = @ARGV ? @ARGV : ( $NEWCERT ); + my $file; + foreach $file (@files) { + my $status = run("$VERIFY \"-CAfile\" ${CATOP}/$CACERT $file $EXTRA{verify}"); + $RET = $status if $status != 0; + } +} elsif ($WHAT eq '-crl' ) { + $RET = run("$CA -gencrl -out ${CATOP}/crl/$CACRL $EXTRA{ca}"); + print "Generated CRL is in ${CATOP}/crl/$CACRL\n" if $RET == 0; +} elsif ($WHAT eq '-revoke' ) { + my $cname = $ARGV[0]; + if (!defined $cname) { + print "Certificate filename is required; reason optional.\n"; + exit 1; + } + my $reason = $ARGV[1]; + $reason = " -crl_reason $reason" + if defined $reason && crl_reason_ok($reason); + $RET = run("$CA -revoke \"$cname\"" . $reason . $EXTRA{ca}); +} else { + print STDERR "Unknown arg \"$WHAT\"\n"; + print STDERR "Use -help for help.\n"; + exit 1; +} + +exit $RET; diff --git a/linux_amd64/ssl/misc/tsget.pl b/linux_amd64/ssl/misc/tsget.pl new file mode 100755 index 0000000..dd2cad9 --- /dev/null +++ b/linux_amd64/ssl/misc/tsget.pl @@ -0,0 +1,200 @@ +#!/usr/bin/env perl +# Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright (c) 2002 The OpenTSA Project. All rights reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use IO::Handle; +use Getopt::Std; +use File::Basename; +use WWW::Curl::Easy; + +use vars qw(%options); + +# Callback for reading the body. +sub read_body { + my ($maxlength, $state) = @_; + my $return_data = ""; + my $data_len = length ${$state->{data}}; + if ($state->{bytes} < $data_len) { + $data_len = $data_len - $state->{bytes}; + $data_len = $maxlength if $data_len > $maxlength; + $return_data = substr ${$state->{data}}, $state->{bytes}, $data_len; + $state->{bytes} += $data_len; + } + return $return_data; +} + +# Callback for writing the body into a variable. +sub write_body { + my ($data, $pointer) = @_; + ${$pointer} .= $data; + return length($data); +} + +# Initialise a new Curl object. +sub create_curl { + my $url = shift; + + # Create Curl object. + my $curl = WWW::Curl::Easy::new(); + + # Error-handling related options. + $curl->setopt(CURLOPT_VERBOSE, 1) if $options{d}; + $curl->setopt(CURLOPT_FAILONERROR, 1); + $curl->setopt(CURLOPT_USERAGENT, + "OpenTSA tsget.pl/openssl-3.0.0-dev"); + + # Options for POST method. + $curl->setopt(CURLOPT_UPLOAD, 1); + $curl->setopt(CURLOPT_CUSTOMREQUEST, "POST"); + $curl->setopt(CURLOPT_HTTPHEADER, + ["Content-Type: application/timestamp-query", + "Accept: application/timestamp-reply,application/timestamp-response"]); + $curl->setopt(CURLOPT_READFUNCTION, \&read_body); + $curl->setopt(CURLOPT_HEADERFUNCTION, sub { return length($_[0]); }); + + # Options for getting the result. + $curl->setopt(CURLOPT_WRITEFUNCTION, \&write_body); + + # SSL related options. + $curl->setopt(CURLOPT_SSLKEYTYPE, "PEM"); + $curl->setopt(CURLOPT_SSL_VERIFYPEER, 1); # Verify server's certificate. + $curl->setopt(CURLOPT_SSL_VERIFYHOST, 2); # Check server's CN. + $curl->setopt(CURLOPT_SSLKEY, $options{k}) if defined($options{k}); + $curl->setopt(CURLOPT_SSLKEYPASSWD, $options{p}) if defined($options{p}); + $curl->setopt(CURLOPT_SSLCERT, $options{c}) if defined($options{c}); + $curl->setopt(CURLOPT_CAINFO, $options{C}) if defined($options{C}); + $curl->setopt(CURLOPT_CAPATH, $options{P}) if defined($options{P}); + $curl->setopt(CURLOPT_RANDOM_FILE, $options{r}) if defined($options{r}); + $curl->setopt(CURLOPT_EGDSOCKET, $options{g}) if defined($options{g}); + + # Setting destination. + $curl->setopt(CURLOPT_URL, $url); + + return $curl; +} + +# Send a request and returns the body back. +sub get_timestamp { + my $curl = shift; + my $body = shift; + my $ts_body; + local $::error_buf; + + # Error-handling related options. + $curl->setopt(CURLOPT_ERRORBUFFER, "::error_buf"); + + # Options for POST method. + $curl->setopt(CURLOPT_INFILE, {data => $body, bytes => 0}); + $curl->setopt(CURLOPT_INFILESIZE, length(${$body})); + + # Options for getting the result. + $curl->setopt(CURLOPT_FILE, \$ts_body); + + # Send the request... + my $error_code = $curl->perform(); + my $error_string; + if ($error_code != 0) { + my $http_code = $curl->getinfo(CURLINFO_HTTP_CODE); + $error_string = "could not get timestamp"; + $error_string .= ", http code: $http_code" unless $http_code == 0; + $error_string .= ", curl code: $error_code"; + $error_string .= " ($::error_buf)" if defined($::error_buf); + } else { + my $ct = $curl->getinfo(CURLINFO_CONTENT_TYPE); + if (lc($ct) ne "application/timestamp-reply" + && lc($ct) ne "application/timestamp-response") { + $error_string = "unexpected content type returned: $ct"; + } + } + return ($ts_body, $error_string); + +} + +# Print usage information and exists. +sub usage { + + print STDERR "usage: $0 -h [-e ] [-o ] "; + print STDERR "[-v] [-d] [-k ] [-p ] "; + print STDERR "[-c ] [-C ] [-P ] "; + print STDERR "[-r ] [-g ] []...\n"; + exit 1; +} + +# ---------------------------------------------------------------------- +# Main program +# ---------------------------------------------------------------------- + +# Getting command-line options (default comes from TSGET environment variable). +my $getopt_arg = "h:e:o:vdk:p:c:C:P:r:g:"; +if (exists $ENV{TSGET}) { + my @old_argv = @ARGV; + @ARGV = split /\s+/, $ENV{TSGET}; + getopts($getopt_arg, \%options) or usage; + @ARGV = @old_argv; +} +getopts($getopt_arg, \%options) or usage; + +# Checking argument consistency. +if (!exists($options{h}) || (@ARGV == 0 && !exists($options{o})) + || (@ARGV > 1 && exists($options{o}))) { + print STDERR "Inconsistent command line options.\n"; + usage; +} +# Setting defaults. +@ARGV = ("-") unless @ARGV != 0; +$options{e} = ".tsr" unless defined($options{e}); + +# Processing requests. +my $curl = create_curl $options{h}; +undef $/; # For reading whole files. +REQUEST: foreach (@ARGV) { + my $input = $_; + my ($base, $path) = fileparse($input, '\.[^.]*'); + my $output_base = $base . $options{e}; + my $output = defined($options{o}) ? $options{o} : $path . $output_base; + + STDERR->printflush("$input: ") if $options{v}; + # Read request. + my $body; + if ($input eq "-") { + # Read the request from STDIN; + $body = ; + } else { + # Read the request from file. + open INPUT, "<" . $input + or warn("$input: could not open input file: $!\n"), next REQUEST; + $body = ; + close INPUT + or warn("$input: could not close input file: $!\n"), next REQUEST; + } + + # Send request. + STDERR->printflush("sending request") if $options{v}; + + my ($ts_body, $error) = get_timestamp $curl, \$body; + if (defined($error)) { + die "$input: fatal error: $error\n"; + } + STDERR->printflush(", reply received") if $options{v}; + + # Write response. + if ($output eq "-") { + # Write to STDOUT. + print $ts_body; + } else { + # Write to file. + open OUTPUT, ">", $output + or warn("$output: could not open output file: $!\n"), next REQUEST; + print OUTPUT $ts_body; + close OUTPUT + or warn("$output: could not close output file: $!\n"), next REQUEST; + } + STDERR->printflush(", $output written.\n") if $options{v}; +} +$curl->cleanup(); diff --git a/linux_amd64/ssl/openssl.cnf b/linux_amd64/ssl/openssl.cnf new file mode 100644 index 0000000..4acca4b --- /dev/null +++ b/linux_amd64/ssl/openssl.cnf @@ -0,0 +1,350 @@ +# +# OpenSSL example configuration file. +# This is mostly being used for generation of certificate requests. +# + +# Note that you can include other files from the main configuration +# file using the .include directive. +#.include filename + +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . + +# Extra OBJECT IDENTIFIER info: +#oid_file = $ENV::HOME/.oid +oid_section = new_oids + +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + +[ new_oids ] + +# We can add new OIDs in here for use by 'ca', 'req' and 'ts'. +# Add a simple OID like this: +# testoid1=1.2.3.4 +# Or use config file substitution like this: +# testoid2=${testoid1}.5.6 + +# Policies used by the TSA examples. +tsa_policy1 = 1.2.3.4.1 +tsa_policy2 = 1.2.3.4.5.6 +tsa_policy3 = 1.2.3.4.5.7 + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = ./demoCA # Where everything is kept +certs = $dir/certs # Where the issued certs are kept +crl_dir = $dir/crl # Where the issued crl are kept +database = $dir/index.txt # database index file. +#unique_subject = no # Set to 'no' to allow creation of + # several certs with same subject. +new_certs_dir = $dir/newcerts # default place for new certs. + +certificate = $dir/cacert.pem # The CA certificate +serial = $dir/serial # The current serial number +crlnumber = $dir/crlnumber # the current crl number + # must be commented out to leave a V1 CRL +crl = $dir/crl.pem # The current CRL +private_key = $dir/private/cakey.pem# The private key + +x509_extensions = usr_cert # The extensions to add to the cert + +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# Extension copying option: use with caution. +# copy_extensions = copy + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. +# crl_extensions = crl_ext + +default_days = 365 # how long to certify for +default_crl_days= 30 # how long before next CRL +default_md = default # use public key default MD +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#################################################################### +[ req ] +default_bits = 2048 +default_keyfile = privkey.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extensions to add to the self signed cert + +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString (PKIX recommendation before 2004) +# utf8only: only UTF8Strings (PKIX recommendation after 2004). +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings. +string_mask = utf8only + +# req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = AU +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = Some-State + +localityName = Locality Name (eg, city) + +0.organizationName = Organization Name (eg, company) +0.organizationName_default = Internet Widgits Pty Ltd + +# we can do this but it is not needed normally :-) +#1.organizationName = Second Organization Name (eg, company) +#1.organizationName_default = World Wide Web Pty Ltd + +organizationalUnitName = Organizational Unit Name (eg, section) +#organizationalUnitName_default = + +commonName = Common Name (e.g. server FQDN or YOUR name) +commonName_max = 64 + +emailAddress = Email Address +emailAddress_max = 64 + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +challengePassword = A challenge password +challengePassword_min = 4 +challengePassword_max = 20 + +unstructuredName = An optional company name + +[ usr_cert ] + +# These extensions are added when 'ca' signs a request. + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +# This is required for TSA certificates. +# extendedKeyUsage = critical,timeStamping + +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ca ] + + +# Extensions for a typical CA + + +# PKIX recommendation. + +subjectKeyIdentifier=hash + +authorityKeyIdentifier=keyid:always,issuer + +basicConstraints = critical,CA:true + +# Key usage: this is typical for a CA certificate. However since it will +# prevent it being used as an test self-signed certificate it is best +# left out by default. +# keyUsage = cRLSign, keyCertSign + +# Some might want this also +# nsCertType = sslCA, emailCA + +# Include email address in subject alt name: another PKIX recommendation +# subjectAltName=email:copy +# Copy issuer details +# issuerAltName=issuer:copy + +# DER hex encoding of an extension: beware experts only! +# obj=DER:02:03 +# Where 'obj' is a standard or added object +# You can even override a supported extension: +# basicConstraints= critical, DER:30:03:01:01:FF + +[ crl_ext ] + +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +# issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always + +[ proxy_cert_ext ] +# These extensions should be added when creating a proxy certificate + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +# This really needs to be in place for it to be a proxy certificate. +proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo + +#################################################################### +[ tsa ] + +default_tsa = tsa_config1 # the default TSA section + +[ tsa_config1 ] + +# These are used by the TSA reply generation only. +dir = ./demoCA # TSA root directory +serial = $dir/tsaserial # The current serial number (mandatory) +crypto_device = builtin # OpenSSL engine to use for signing +signer_cert = $dir/tsacert.pem # The TSA signing certificate + # (optional) +certs = $dir/cacert.pem # Certificate chain to include in reply + # (optional) +signer_key = $dir/private/tsakey.pem # The TSA private key (optional) +signer_digest = sha256 # Signing digest to use. (Optional) +default_policy = tsa_policy1 # Policy if request did not specify it + # (optional) +other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) +digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory) +accuracy = secs:1, millisecs:500, microsecs:100 # (optional) +clock_precision_digits = 0 # number of digits after dot. (optional) +ordering = yes # Is ordering defined for timestamps? + # (optional, default: no) +tsa_name = yes # Must the TSA name be included in the reply? + # (optional, default: no) +ess_cert_id_chain = no # Must the ESS cert id chain be included? + # (optional, default: no) +ess_cert_id_alg = sha1 # algorithm to compute certificate + # identifier (optional, default: sha1) diff --git a/linux_amd64/ssl/openssl.cnf.dist b/linux_amd64/ssl/openssl.cnf.dist new file mode 100644 index 0000000..4acca4b --- /dev/null +++ b/linux_amd64/ssl/openssl.cnf.dist @@ -0,0 +1,350 @@ +# +# OpenSSL example configuration file. +# This is mostly being used for generation of certificate requests. +# + +# Note that you can include other files from the main configuration +# file using the .include directive. +#.include filename + +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . + +# Extra OBJECT IDENTIFIER info: +#oid_file = $ENV::HOME/.oid +oid_section = new_oids + +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + +[ new_oids ] + +# We can add new OIDs in here for use by 'ca', 'req' and 'ts'. +# Add a simple OID like this: +# testoid1=1.2.3.4 +# Or use config file substitution like this: +# testoid2=${testoid1}.5.6 + +# Policies used by the TSA examples. +tsa_policy1 = 1.2.3.4.1 +tsa_policy2 = 1.2.3.4.5.6 +tsa_policy3 = 1.2.3.4.5.7 + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = ./demoCA # Where everything is kept +certs = $dir/certs # Where the issued certs are kept +crl_dir = $dir/crl # Where the issued crl are kept +database = $dir/index.txt # database index file. +#unique_subject = no # Set to 'no' to allow creation of + # several certs with same subject. +new_certs_dir = $dir/newcerts # default place for new certs. + +certificate = $dir/cacert.pem # The CA certificate +serial = $dir/serial # The current serial number +crlnumber = $dir/crlnumber # the current crl number + # must be commented out to leave a V1 CRL +crl = $dir/crl.pem # The current CRL +private_key = $dir/private/cakey.pem# The private key + +x509_extensions = usr_cert # The extensions to add to the cert + +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# Extension copying option: use with caution. +# copy_extensions = copy + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. +# crl_extensions = crl_ext + +default_days = 365 # how long to certify for +default_crl_days= 30 # how long before next CRL +default_md = default # use public key default MD +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#################################################################### +[ req ] +default_bits = 2048 +default_keyfile = privkey.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extensions to add to the self signed cert + +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString (PKIX recommendation before 2004) +# utf8only: only UTF8Strings (PKIX recommendation after 2004). +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings. +string_mask = utf8only + +# req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = AU +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = Some-State + +localityName = Locality Name (eg, city) + +0.organizationName = Organization Name (eg, company) +0.organizationName_default = Internet Widgits Pty Ltd + +# we can do this but it is not needed normally :-) +#1.organizationName = Second Organization Name (eg, company) +#1.organizationName_default = World Wide Web Pty Ltd + +organizationalUnitName = Organizational Unit Name (eg, section) +#organizationalUnitName_default = + +commonName = Common Name (e.g. server FQDN or YOUR name) +commonName_max = 64 + +emailAddress = Email Address +emailAddress_max = 64 + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +challengePassword = A challenge password +challengePassword_min = 4 +challengePassword_max = 20 + +unstructuredName = An optional company name + +[ usr_cert ] + +# These extensions are added when 'ca' signs a request. + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +# This is required for TSA certificates. +# extendedKeyUsage = critical,timeStamping + +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ca ] + + +# Extensions for a typical CA + + +# PKIX recommendation. + +subjectKeyIdentifier=hash + +authorityKeyIdentifier=keyid:always,issuer + +basicConstraints = critical,CA:true + +# Key usage: this is typical for a CA certificate. However since it will +# prevent it being used as an test self-signed certificate it is best +# left out by default. +# keyUsage = cRLSign, keyCertSign + +# Some might want this also +# nsCertType = sslCA, emailCA + +# Include email address in subject alt name: another PKIX recommendation +# subjectAltName=email:copy +# Copy issuer details +# issuerAltName=issuer:copy + +# DER hex encoding of an extension: beware experts only! +# obj=DER:02:03 +# Where 'obj' is a standard or added object +# You can even override a supported extension: +# basicConstraints= critical, DER:30:03:01:01:FF + +[ crl_ext ] + +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +# issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always + +[ proxy_cert_ext ] +# These extensions should be added when creating a proxy certificate + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +# This really needs to be in place for it to be a proxy certificate. +proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo + +#################################################################### +[ tsa ] + +default_tsa = tsa_config1 # the default TSA section + +[ tsa_config1 ] + +# These are used by the TSA reply generation only. +dir = ./demoCA # TSA root directory +serial = $dir/tsaserial # The current serial number (mandatory) +crypto_device = builtin # OpenSSL engine to use for signing +signer_cert = $dir/tsacert.pem # The TSA signing certificate + # (optional) +certs = $dir/cacert.pem # Certificate chain to include in reply + # (optional) +signer_key = $dir/private/tsakey.pem # The TSA private key (optional) +signer_digest = sha256 # Signing digest to use. (Optional) +default_policy = tsa_policy1 # Policy if request did not specify it + # (optional) +other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) +digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory) +accuracy = secs:1, millisecs:500, microsecs:100 # (optional) +clock_precision_digits = 0 # number of digits after dot. (optional) +ordering = yes # Is ordering defined for timestamps? + # (optional, default: no) +tsa_name = yes # Must the TSA name be included in the reply? + # (optional, default: no) +ess_cert_id_chain = no # Must the ESS cert id chain be included? + # (optional, default: no) +ess_cert_id_alg = sha1 # algorithm to compute certificate + # identifier (optional, default: sha1) diff --git a/linux_amd64/ssl/share/doc/openssl/html/man1/CA.pl.html b/linux_amd64/ssl/share/doc/openssl/html/man1/CA.pl.html new file mode 100755 index 0000000..a24d59c --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man1/CA.pl.html @@ -0,0 +1,257 @@ + + + + +CA.pl + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    CA.pl - friendlier interface for OpenSSL certificate programs

    +

    +

    +
    +

    SYNOPSIS

    +

    CA.pl +-? | +-h | +-help

    +

    CA.pl +-newcert | +-newreq | +-newreq-nodes | +-xsign | +-sign | +-signCA | +-signcert | +-crl | +-newca +[-extra-cmd extra-params]

    +

    CA.pl -pkcs12 [-extra-pkcs12 extra-params] [certname]

    +

    CA.pl -verify [-extra-verify extra-params] certfile ...

    +

    CA.pl -revoke [-extra-ca extra-params] certfile [reason]

    +

    +

    +
    +

    DESCRIPTION

    +

    The CA.pl script is a perl script that supplies the relevant command line +arguments to the openssl(1) command for some common certificate operations. +It is intended to simplify the process of certificate creation and management +by the use of some simple options.

    +

    +

    +
    +

    OPTIONS

    +
    +
    ?, -h, -help
    + +
    +

    Prints a usage message.

    +
    +
    -newcert
    + +
    +

    Creates a new self signed certificate. The private key is written to the file +newkey.pem and the request written to the file newreq.pem. +Invokes openssl-req(1).

    +
    +
    -newreq
    + +
    +

    Creates a new certificate request. The private key is written to the file +newkey.pem and the request written to the file newreq.pem. +Executes openssl-req(1) under the hood.

    +
    +
    -newreq-nodes
    + +
    +

    Is like -newreq except that the private key will not be encrypted. +Uses openssl-req(1).

    +
    +
    -newca
    + +
    +

    Creates a new CA hierarchy for use with the ca program (or the -signcert +and -xsign options). The user is prompted to enter the filename of the CA +certificates (which should also contain the private key) or by hitting ENTER +details of the CA will be prompted for. The relevant files and directories +are created in a directory called demoCA in the current directory. +Uses openssl-req(1) and openssl-ca(1).

    +
    +
    -pkcs12
    + +
    +

    Create a PKCS#12 file containing the user certificate, private key and CA +certificate. It expects the user certificate and private key to be in the +file newcert.pem and the CA certificate to be in the file demoCA/cacert.pem, +it creates a file newcert.p12. This command can thus be called after the +-sign option. The PKCS#12 file can be imported directly into a browser. +If there is an additional argument on the command line it will be used as the +"friendly name" for the certificate (which is typically displayed in the browser +list box), otherwise the name "My Certificate" is used. +Delegates work to openssl-pkcs12(1).

    +
    +
    -sign, -signcert, -xsign
    + +
    +

    Calls the openssl-ca(1) command to sign a certificate request. It expects the +request to be in the file newreq.pem. The new certificate is written to the +file newcert.pem except in the case of the -xsign option when it is +written to standard output.

    +
    +
    -signCA
    + +
    +

    This option is the same as the -signreq option except it uses the +configuration file section v3_ca and so makes the signed request a +valid CA certificate. This is useful when creating intermediate CA from +a root CA. Extra params are passed to openssl-ca(1).

    +
    +
    -signcert
    + +
    +

    This option is the same as -sign except it expects a self signed certificate +to be present in the file newreq.pem. +Extra params are passed to openssl-x509(1) and openssl-ca(1).

    +
    +
    -crl
    + +
    +

    Generate a CRL. Executes openssl-ca(1).

    +
    +
    -revoke certfile [reason]
    + +
    +

    Revoke the certificate contained in the specified certfile. An optional +reason may be specified, and must be one of: unspecified, +keyCompromise, CACompromise, affiliationChanged, superseded, +cessationOfOperation, certificateHold, or removeFromCRL. +Leverages openssl-ca(1).

    +
    +
    -verify
    + +
    +

    Verifies certificates against the CA certificate for demoCA. If no +certificates are specified on the command line it tries to verify the file +newcert.pem. Invokes openssl-verify(1).

    +
    +
    -extra-req | -extra-ca | -extra-pkcs12 | -extra-x509 | -extra-verify extra-params
    + +
    +

    For each option extra-cmd, pass extra-params to the openssl(1) +sub-command with the same name as cmd, if that sub-command is invoked. +For example, if openssl-req(1) is invoked, the extra-params given with +-extra-req will be passed to it. +Users should consult openssl(1) command documentation for more information.

    +
    +
    +

    +

    +
    +

    EXAMPLES

    +

    Create a CA hierarchy:

    +
    + CA.pl -newca
    +

    Complete certificate creation example: create a CA, create a request, sign +the request and finally create a PKCS#12 file containing it.

    +
    + CA.pl -newca
+ CA.pl -newreq
+ CA.pl -signreq
+ CA.pl -pkcs12 "My Test Certificate"
    +

    +

    +
    +

    DSA CERTIFICATES

    +

    Although the CA.pl creates RSA CAs and requests it is still possible to +use it with DSA certificates and requests using the openssl-req(1) command +directly. The following example shows the steps that would typically be taken.

    +

    Create some DSA parameters:

    +
    + openssl dsaparam -out dsap.pem 1024
    +

    Create a DSA CA certificate and private key:

    +
    + openssl req -x509 -newkey dsa:dsap.pem -keyout cacert.pem -out cacert.pem
    +

    Create the CA directories and files:

    +
    + CA.pl -newca
    +

    enter a filename (for example, cacert.pem) when prompted for the CA file +name.

    +

    Create a DSA certificate request and private key (a different set of parameters +can optionally be created first):

    +
    + openssl req -out newreq.pem -newkey dsa:dsap.pem
    +

    Sign the request:

    +
    + CA.pl -signreq
    +

    +

    +
    +

    NOTES

    +

    Most of the filenames mentioned can be modified by editing the CA.pl script.

    +

    If the demoCA directory already exists then the -newca command will not +overwrite it and will do nothing. This can happen if a previous call using +the -newca option terminated abnormally. To get the correct behaviour +delete the demoCA directory if it already exists.

    +

    Under some environments it may not be possible to run the CA.pl script +directly (for example Win32) and the default configuration file location may +be wrong. In this case the command:

    +
    + perl -S CA.pl
    +

    can be used and the OPENSSL_CONF environment variable changed to point to +the correct path of the configuration file.

    +

    The script is intended as a simple front end for the openssl(1) program for +use by a beginner. Its behaviour isn't always what is wanted. For more control +over the behaviour of the certificate commands call the openssl(1) command +directly.

    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +openssl-x509(1), +openssl-ca(1), +openssl-req(1), +openssl-pkcs12(1), +config(5)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-asn1parse.html b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-asn1parse.html new file mode 100755 index 0000000..054657a --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-asn1parse.html @@ -0,0 +1,266 @@ + + + + +openssl-asn1parse + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    openssl-asn1parse - ASN.1 parsing tool

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl asn1parse +[-help] +[-inform DER|PEM] +[-in filename] +[-out filename] +[-noout] +[-offset number] +[-length number] +[-i] +[-oid filename] +[-dump] +[-dlimit num] +[-strparse offset] +[-genstr string] +[-genconf file] +[-strictpem] +[-item name]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command is a diagnostic utility that can parse ASN.1 structures. +It can also be used to extract data from ASN.1 formatted data.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -inform DER|PEM
    + +
    +

    The input format; the default is PEM. +See openssl(1)/Format Options for details.

    +
    +
    -in filename
    + +
    +

    The input file, default is standard input.

    +
    +
    -out filename
    + +
    +

    Output file to place the DER encoded data into. If this +option is not present then no data will be output. This is most useful when +combined with the -strparse option.

    +
    +
    -noout
    + +
    +

    Don't output the parsed version of the input file.

    +
    +
    -offset number
    + +
    +

    Starting offset to begin parsing, default is start of file.

    +
    +
    -length number
    + +
    +

    Number of bytes to parse, default is until end of file.

    +
    +
    -i
    + +
    +

    Indents the output according to the "depth" of the structures.

    +
    +
    -oid filename
    + +
    +

    A file containing additional OBJECT IDENTIFIERs (OIDs). The format of this +file is described in the NOTES section below.

    +
    +
    -dump
    + +
    +

    Dump unknown data in hex format.

    +
    +
    -dlimit num
    + +
    +

    Like -dump, but only the first num bytes are output.

    +
    +
    -strparse offset
    + +
    +

    Parse the contents octets of the ASN.1 object starting at offset. This +option can be used multiple times to "drill down" into a nested structure.

    +
    +
    -genstr string, -genconf file
    + +
    +

    Generate encoded data based on string, file or both using +ASN1_generate_nconf(3) format. If file only is +present then the string is obtained from the default section using the name +asn1. The encoded data is passed through the ASN1 parser and printed out as +though it came from a file, the contents can thus be examined and written to a +file using the -out option.

    +
    +
    -strictpem
    + +
    +

    If this option is used then -inform will be ignored. Without this option any +data in a PEM format input file will be treated as being base64 encoded and +processed whether it has the normal PEM BEGIN and END markers or not. This +option will ignore any data prior to the start of the BEGIN marker, or after an +END marker in a PEM file.

    +
    +
    -item name
    + +
    +

    Attempt to decode and print the data as an ASN1_ITEM name. This can be +used to print out the fields of any supported ASN.1 structure if the type is +known.

    +
    +
    +

    +

    +

    Output

    +

    The output will typically contain lines like this:

    +
    +  0:d=0  hl=4 l= 681 cons: SEQUENCE
    +

    .....

    +
    +  229:d=3  hl=3 l= 141 prim: BIT STRING
+  373:d=2  hl=3 l= 162 cons: cont [ 3 ]
+  376:d=3  hl=3 l= 159 cons: SEQUENCE
+  379:d=4  hl=2 l=  29 cons: SEQUENCE
+  381:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Subject Key Identifier
+  386:d=5  hl=2 l=  22 prim: OCTET STRING
+  410:d=4  hl=2 l= 112 cons: SEQUENCE
+  412:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key Identifier
+  417:d=5  hl=2 l= 105 prim: OCTET STRING
+  524:d=4  hl=2 l=  12 cons: SEQUENCE
    +

    .....

    +

    This example is part of a self-signed certificate. Each line starts with the +offset in decimal. d=XX specifies the current depth. The depth is increased +within the scope of any SET or SEQUENCE. hl=XX gives the header length +(tag and length octets) of the current type. l=XX gives the length of +the contents octets.

    +

    The -i option can be used to make the output more readable.

    +

    Some knowledge of the ASN.1 structure is needed to interpret the output.

    +

    In this example the BIT STRING at offset 229 is the certificate public key. +The contents octets of this will contain the public key information. This can +be examined using the option -strparse 229 to yield:

    +
    +    0:d=0  hl=3 l= 137 cons: SEQUENCE
+    3:d=1  hl=3 l= 129 prim: INTEGER           :E5D21E1F5C8D208EA7A2166C7FAF9F6BDF2059669C60876DDB70840F1A5AAFA59699FE471F379F1DD6A487E7D5409AB6A88D4A9746E24B91D8CF55DB3521015460C8EDE44EE8A4189F7A7BE77D6CD3A9AF2696F486855CF58BF0EDF2B4068058C7A947F52548DDF7E15E96B385F86422BEA9064A3EE9E1158A56E4A6F47E5897
+  135:d=1  hl=2 l=   3 prim: INTEGER           :010001
    +

    +

    +
    +

    NOTES

    +

    If an OID is not part of OpenSSL's internal table it will be represented in +numerical form (for example 1.2.3.4). The file passed to the -oid option +allows additional OIDs to be included. Each line consists of three columns, +the first column is the OID in numerical format and should be followed by white +space. The second column is the "short name" which is a single word followed +by white space. The final column is the rest of the line and is the +"long name". Example:

    +

    1.2.3.4 shortName A long name

    +

    For any OID with an associated short and long name, this command will display +the long name.

    +

    +

    +
    +

    EXAMPLES

    +

    Parse a file:

    +
    + openssl asn1parse -in file.pem
    +

    Parse a DER file:

    +
    + openssl asn1parse -inform DER -in file.der
    +

    Generate a simple UTF8String:

    +
    + openssl asn1parse -genstr 'UTF8:Hello World'
    +

    Generate and write out a UTF8String, don't print parsed output:

    +
    + openssl asn1parse -genstr 'UTF8:Hello World' -noout -out utf8.der
    +

    Generate using a config file:

    +
    + openssl asn1parse -genconf asn1.cnf -noout -out asn1.der
    +

    Example config file:

    +
    + asn1=SEQUENCE:seq_sect
    +
    + [seq_sect]
    +
    + field1=BOOL:TRUE
+ field2=EXP:0, UTF8:some random string
    +

    +

    +
    +

    BUGS

    +

    There should be options to change the format of output lines. The output of some +ASN.1 types is not well handled (if at all).

    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +ASN1_generate_nconf(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-ca.html b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-ca.html new file mode 100755 index 0000000..58162e8 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-ca.html @@ -0,0 +1,882 @@ + + + + +openssl-ca + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    openssl-ca - sample minimal CA application

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl ca +[-help] +[-verbose] +[-config filename] +[-name section] +[-gencrl] +[-revoke file] +[-valid file] +[-status serial] +[-updatedb] +[-crl_reason reason] +[-crl_hold instruction] +[-crl_compromise time] +[-crl_CA_compromise time] +[-crldays days] +[-crlhours hours] +[-crlsec seconds] +[-crlexts section] +[-startdate date] +[-enddate date] +[-days arg] +[-md arg] +[-policy arg] +[-keyfile arg] +[-keyform DER|PEM] +[-key arg] +[-passin arg] +[-cert file] +[-selfsign] +[-in file] +[-out file] +[-notext] +[-outdir dir] +[-infiles] +[-spkac file] +[-ss_cert file] +[-preserveDN] +[-noemailDN] +[-batch] +[-msie_hack] +[-extensions section] +[-extfile section] +[-subj arg] +[-utf8] +[-sigopt nm:v] +[-create_serial] +[-rand_serial] +[-multivalue-rdn] +[-sm2-id string] +[-sm2-hex-id hex-string] +[-rand files] +[-writerand file] +[-engine id] +[certreq...]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command is a minimal CA application. It can be used +to sign certificate requests in a variety of forms and generate +CRLs. It also maintains a text database of issued certificates +and their status. +When signing certificates, a single certificate request can be specified +with the -in option, or multiple requests can be processed by +specifying a set of certreq files after all options.

    +

    The options descriptions will be divided into each purpose.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -verbose
    + +
    +

    This prints extra details about the operations being performed.

    +
    +
    -config filename
    + +
    +

    Specifies the configuration file to use. +Optional; for a description of the default value, +see openssl(1)/COMMAND SUMMARY.

    +
    +
    -name section
    + +
    +

    Specifies the configuration file section to use (overrides +default_ca in the ca section).

    +
    +
    -in filename
    + +
    +

    An input filename containing a single certificate request to be +signed by the CA.

    +
    +
    -ss_cert filename
    + +
    +

    A single self-signed certificate to be signed by the CA.

    +
    +
    -spkac filename
    + +
    +

    A file containing a single Netscape signed public key and challenge +and additional field values to be signed by the CA. See the SPKAC FORMAT +section for information on the required input and output format.

    +
    +
    -infiles
    + +
    +

    If present this should be the last option, all subsequent arguments +are taken as the names of files containing certificate requests.

    +
    +
    -out filename
    + +
    +

    The output file to output certificates to. The default is standard +output. The certificate details will also be printed out to this +file in PEM format (except that -spkac outputs DER format).

    +
    +
    -outdir directory
    + +
    +

    The directory to output certificates to. The certificate will be +written to a filename consisting of the serial number in hex with +.pem appended.

    +
    +
    -cert
    + +
    +

    The CA certificate file.

    +
    +
    -keyfile filename
    + +
    +

    The private key to sign requests with.

    +
    +
    -keyform DER|PEM
    + +
    +

    The format of the private key file; the default is PEM. +See openssl(1)/Format Options for details.

    +
    +
    -sigopt nm:v
    + +
    +

    Pass options to the signature algorithm during sign or verify operations. +Names and values of these options are algorithm-specific.

    +
    +
    -key password
    + +
    +

    The password used to encrypt the private key. Since on some +systems the command line arguments are visible (e.g. Unix with +the ps(1) utility) this option should be used with caution.

    +
    +
    -selfsign
    + +
    +

    Indicates the issued certificates are to be signed with the key +the certificate requests were signed with (given with -keyfile). +Certificate requests signed with a different key are ignored. If +-spkac, -ss_cert or -gencrl are given, -selfsign is +ignored.

    +

    A consequence of using -selfsign is that the self-signed +certificate appears among the entries in the certificate database +(see the configuration option database), and uses the same +serial number counter as all other certificates sign with the +self-signed certificate.

    +
    +
    -passin arg
    + +
    +

    The key password source. For more information about the format of arg +see openssl(1)/Pass Phrase Options.

    +
    +
    -notext
    + +
    +

    Don't output the text form of a certificate to the output file.

    +
    +
    -startdate date
    + +
    +

    This allows the start date to be explicitly set. The format of the +date is YYMMDDHHMMSSZ (the same as an ASN1 UTCTime structure), or +YYYYMMDDHHMMSSZ (the same as an ASN1 GeneralizedTime structure). In +both formats, seconds SS and timezone Z must be present.

    +
    +
    -enddate date
    + +
    +

    This allows the expiry date to be explicitly set. The format of the +date is YYMMDDHHMMSSZ (the same as an ASN1 UTCTime structure), or +YYYYMMDDHHMMSSZ (the same as an ASN1 GeneralizedTime structure). In +both formats, seconds SS and timezone Z must be present.

    +
    +
    -days arg
    + +
    +

    The number of days to certify the certificate for.

    +
    +
    -md alg
    + +
    +

    The message digest to use. +Any digest supported by the openssl-dgst(1) command can be used. For signing +algorithms that do not support a digest (i.e. Ed25519 and Ed448) any message +digest that is set is ignored. This option also applies to CRLs.

    +
    +
    -policy arg
    + +
    +

    This option defines the CA "policy" to use. This is a section in +the configuration file which decides which fields should be mandatory +or match the CA certificate. Check out the POLICY FORMAT section +for more information.

    +
    +
    -msie_hack
    + +
    +

    This is a deprecated option to make this command work with very old versions +of the IE certificate enrollment control "certenr3". It used UniversalStrings +for almost everything. Since the old control has various security bugs +its use is strongly discouraged.

    +
    +
    -preserveDN
    + +
    +

    Normally the DN order of a certificate is the same as the order of the +fields in the relevant policy section. When this option is set the order +is the same as the request. This is largely for compatibility with the +older IE enrollment control which would only accept certificates if their +DNs match the order of the request. This is not needed for Xenroll.

    +
    +
    -noemailDN
    + +
    +

    The DN of a certificate can contain the EMAIL field if present in the +request DN, however it is good policy just having the e-mail set into +the altName extension of the certificate. When this option is set the +EMAIL field is removed from the certificate' subject and set only in +the, eventually present, extensions. The email_in_dn keyword can be +used in the configuration file to enable this behaviour.

    +
    +
    -batch
    + +
    +

    This sets the batch mode. In this mode no questions will be asked +and all certificates will be certified automatically.

    +
    +
    -extensions section
    + +
    +

    The section of the configuration file containing certificate extensions +to be added when a certificate is issued (defaults to x509_extensions +unless the -extfile option is used). If no extension section is +present then, a V1 certificate is created. If the extension section +is present (even if it is empty), then a V3 certificate is created. See the +x509v3_config(5) manual page for details of the +extension section format.

    +
    +
    -extfile file
    + +
    +

    An additional configuration file to read certificate extensions from +(using the default section unless the -extensions option is also +used).

    +
    +
    -subj arg
    + +
    +

    Supersedes subject name given in the request. +The arg must be formatted as /type0=value0/type1=value1/type2=.... +Keyword characters may be escaped by \ (backslash), and whitespace is +retained. +Empty values are permitted, but the corresponding type will not be included +in the resulting certificate.

    +
    +
    -utf8
    + +
    +

    This option causes field values to be interpreted as UTF8 strings, by +default they are interpreted as ASCII. This means that the field +values, whether prompted from a terminal or obtained from a +configuration file, must be valid UTF8 strings.

    +
    +
    -create_serial
    + +
    +

    If reading serial from the text file as specified in the configuration +fails, specifying this option creates a new random serial to be used as next +serial number. +To get random serial numbers, use the -rand_serial flag instead; this +should only be used for simple error-recovery.

    +
    +
    -rand_serial
    + +
    +

    Generate a large random number to use as the serial number. +This overrides any option or configuration to use a serial number file.

    +
    +
    -multivalue-rdn
    + +
    +

    This option causes the -subj argument to be interpreted with full +support for multivalued RDNs. Example:

    +

    /DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe

    +

    If -multi-rdn is not used then the UID value is 123456+CN=John Doe.

    +
    +
    -sm2-id string
    + +
    +

    Specify the ID string to use when verifying an SM2 certificate. The ID string is +required by the SM2 signature algorithm for signing and verification.

    +
    +
    -sm2-hex-id hex-string
    + +
    +

    Specify a binary ID string to use when signing or verifying using an SM2 +certificate. The argument for this option is string of hexadecimal digits.

    +
    +
    -rand files, -writerand file
    + +
    +

    See openssl(1)/Random State Options for details.

    +
    +
    -engine id
    + +
    +

    See openssl(1)/Engine Options.

    +
    +
    +

    +

    +
    +

    CRL OPTIONS

    +
    +
    -gencrl
    + +
    +

    This option generates a CRL based on information in the index file.

    +
    +
    -crldays num
    + +
    +

    The number of days before the next CRL is due. That is the days from +now to place in the CRL nextUpdate field.

    +
    +
    -crlhours num
    + +
    +

    The number of hours before the next CRL is due.

    +
    +
    -crlsec num
    + +
    +

    The number of seconds before the next CRL is due.

    +
    +
    -revoke filename
    + +
    +

    A filename containing a certificate to revoke.

    +
    +
    -valid filename
    + +
    +

    A filename containing a certificate to add a Valid certificate entry.

    +
    +
    -status serial
    + +
    +

    Displays the revocation status of the certificate with the specified +serial number and exits.

    +
    +
    -updatedb
    + +
    +

    Updates the database index to purge expired certificates.

    +
    +
    -crl_reason reason
    + +
    +

    Revocation reason, where reason is one of: unspecified, keyCompromise, +CACompromise, affiliationChanged, superseded, cessationOfOperation, +certificateHold or removeFromCRL. The matching of reason is case +insensitive. Setting any revocation reason will make the CRL v2.

    +

    In practice removeFromCRL is not particularly useful because it is only used +in delta CRLs which are not currently implemented.

    +
    +
    -crl_hold instruction
    + +
    +

    This sets the CRL revocation reason code to certificateHold and the hold +instruction to instruction which must be an OID. Although any OID can be +used only holdInstructionNone (the use of which is discouraged by RFC2459) +holdInstructionCallIssuer or holdInstructionReject will normally be used.

    +
    +
    -crl_compromise time
    + +
    +

    This sets the revocation reason to keyCompromise and the compromise time to +time. time should be in GeneralizedTime format that is YYYYMMDDHHMMSSZ.

    +
    +
    -crl_CA_compromise time
    + +
    +

    This is the same as crl_compromise except the revocation reason is set to +CACompromise.

    +
    +
    -crlexts section
    + +
    +

    The section of the configuration file containing CRL extensions to +include. If no CRL extension section is present then a V1 CRL is +created, if the CRL extension section is present (even if it is +empty) then a V2 CRL is created. The CRL extensions specified are +CRL extensions and not CRL entry extensions. It should be noted +that some software (for example Netscape) can't handle V2 CRLs. See +x509v3_config(5) manual page for details of the +extension section format.

    +
    +
    +

    +

    +
    +

    CONFIGURATION FILE OPTIONS

    +

    The section of the configuration file containing options for this command +is found as follows: If the -name command line option is used, +then it names the section to be used. Otherwise the section to +be used must be named in the default_ca option of the ca section +of the configuration file (or in the default section of the +configuration file). Besides default_ca, the following options are +read directly from the ca section: + RANDFILE + preserve + msie_hack +With the exception of RANDFILE, this is probably a bug and may +change in future releases.

    +

    Many of the configuration file options are identical to command line +options. Where the option is present in the configuration file +and the command line the command line value is used. Where an +option is described as mandatory then it must be present in +the configuration file or the command line equivalent (if +any) used.

    +
    +
    oid_file
    + +
    +

    This specifies a file containing additional OBJECT IDENTIFIERS. +Each line of the file should consist of the numerical form of the +object identifier followed by white space then the short name followed +by white space and finally the long name.

    +
    +
    oid_section
    + +
    +

    This specifies a section in the configuration file containing extra +object identifiers. Each line should consist of the short name of the +object identifier followed by = and the numerical form. The short +and long names are the same when this option is used.

    +
    +
    new_certs_dir
    + +
    +

    The same as the -outdir command line option. It specifies +the directory where new certificates will be placed. Mandatory.

    +
    +
    certificate
    + +
    +

    The same as -cert. It gives the file containing the CA +certificate. Mandatory.

    +
    +
    private_key
    + +
    +

    Same as the -keyfile option. The file containing the +CA private key. Mandatory.

    +
    +
    RANDFILE
    + +
    +

    At startup the specified file is loaded into the random number generator, +and at exit 256 bytes will be written to it. (Note: Using a RANDFILE is +not necessary anymore, see the HISTORY section.

    +
    +
    default_days
    + +
    +

    The same as the -days option. The number of days to certify +a certificate for.

    +
    +
    default_startdate
    + +
    +

    The same as the -startdate option. The start date to certify +a certificate for. If not set the current time is used.

    +
    +
    default_enddate
    + +
    +

    The same as the -enddate option. Either this option or +default_days (or the command line equivalents) must be +present.

    +
    +
    default_crl_hours default_crl_days
    + +
    +

    The same as the -crlhours and the -crldays options. These +will only be used if neither command line option is present. At +least one of these must be present to generate a CRL.

    +
    +
    default_md
    + +
    +

    The same as the -md option. Mandatory except where the signing algorithm does +not require a digest (i.e. Ed25519 and Ed448).

    +
    +
    database
    + +
    +

    The text database file to use. Mandatory. This file must be present +though initially it will be empty.

    +
    +
    unique_subject
    + +
    +

    If the value yes is given, the valid certificate entries in the +database must have unique subjects. if the value no is given, +several valid certificate entries may have the exact same subject. +The default value is yes, to be compatible with older (pre 0.9.8) +versions of OpenSSL. However, to make CA certificate roll-over easier, +it's recommended to use the value no, especially if combined with +the -selfsign command line option.

    +

    Note that it is valid in some circumstances for certificates to be created +without any subject. In the case where there are multiple certificates without +subjects this does not count as a duplicate.

    +
    +
    serial
    + +
    +

    A text file containing the next serial number to use in hex. Mandatory. +This file must be present and contain a valid serial number.

    +
    +
    crlnumber
    + +
    +

    A text file containing the next CRL number to use in hex. The crl number +will be inserted in the CRLs only if this file exists. If this file is +present, it must contain a valid CRL number.

    +
    +
    x509_extensions
    + +
    +

    The same as -extensions.

    +
    +
    crl_extensions
    + +
    +

    The same as -crlexts.

    +
    +
    preserve
    + +
    +

    The same as -preserveDN

    +
    +
    email_in_dn
    + +
    +

    The same as -noemailDN. If you want the EMAIL field to be removed +from the DN of the certificate simply set this to 'no'. If not present +the default is to allow for the EMAIL filed in the certificate's DN.

    +
    +
    msie_hack
    + +
    +

    The same as -msie_hack

    +
    +
    policy
    + +
    +

    The same as -policy. Mandatory. See the POLICY FORMAT section +for more information.

    +
    +
    name_opt, cert_opt
    + +
    +

    These options allow the format used to display the certificate details +when asking the user to confirm signing. All the options supported by +the x509 utilities -nameopt and -certopt switches can be used +here, except the no_signame and no_sigdump are permanently set +and cannot be disabled (this is because the certificate signature cannot +be displayed because the certificate has not been signed at this point).

    +

    For convenience the values ca_default are accepted by both to produce +a reasonable output.

    +

    If neither option is present the format used in earlier versions of +OpenSSL is used. Use of the old format is strongly discouraged because +it only displays fields mentioned in the policy section, mishandles +multicharacter string types and does not display extensions.

    +
    +
    copy_extensions
    + +
    +

    Determines how extensions in certificate requests should be handled. +If set to none or this option is not present then extensions are +ignored and not copied to the certificate. If set to copy then any +extensions present in the request that are not already present are copied +to the certificate. If set to copyall then all extensions in the +request are copied to the certificate: if the extension is already present +in the certificate it is deleted first. See the WARNINGS section before +using this option.

    +

    The main use of this option is to allow a certificate request to supply +values for certain extensions such as subjectAltName.

    +
    +
    +

    +

    +
    +

    POLICY FORMAT

    +

    The policy section consists of a set of variables corresponding to +certificate DN fields. If the value is "match" then the field value +must match the same field in the CA certificate. If the value is +"supplied" then it must be present. If the value is "optional" then +it may be present. Any fields not mentioned in the policy section +are silently deleted, unless the -preserveDN option is set but +this can be regarded more of a quirk than intended behaviour.

    +

    +

    +
    +

    SPKAC FORMAT

    +

    The input to the -spkac command line option is a Netscape +signed public key and challenge. This will usually come from +the KEYGEN tag in an HTML form to create a new private key. +It is however possible to create SPKACs using openssl-spkac(1).

    +

    The file should contain the variable SPKAC set to the value of +the SPKAC and also the required DN components as name value pairs. +If you need to include the same component twice then it can be +preceded by a number and a '.'.

    +

    When processing SPKAC format, the output is DER if the -out +flag is used, but PEM format if sending to stdout or the -outdir +flag is used.

    +

    +

    +
    +

    EXAMPLES

    +

    Note: these examples assume that the directory structure this command +assumes is already set up and the relevant files already exist. This +usually involves creating a CA certificate and private key with +openssl-req(1), a serial number file and an empty index file and +placing them in the relevant directories.

    +

    To use the sample configuration file below the directories demoCA, +demoCA/private and demoCA/newcerts would be created. The CA +certificate would be copied to demoCA/cacert.pem and its private +key to demoCA/private/cakey.pem. A file demoCA/serial would be +created containing for example "01" and the empty index file +demoCA/index.txt.

    +

    Sign a certificate request:

    +
    + openssl ca -in req.pem -out newcert.pem
    +

    Sign an SM2 certificate request:

    +
    + openssl ca -in sm2.csr -out sm2.crt -md sm3 -sigopt "sm2_id:1234567812345678" -sm2-id "1234567812345678"
    +

    Sign a certificate request, using CA extensions:

    +
    + openssl ca -in req.pem -extensions v3_ca -out newcert.pem
    +

    Generate a CRL

    +
    + openssl ca -gencrl -out crl.pem
    +

    Sign several requests:

    +
    + openssl ca -infiles req1.pem req2.pem req3.pem
    +

    Certify a Netscape SPKAC:

    +
    + openssl ca -spkac spkac.txt
    +

    A sample SPKAC file (the SPKAC line has been truncated for clarity):

    +
    + SPKAC=MIG0MGAwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAn7PDhCeV/xIxUg8V70YRxK2A5
+ CN=Steve Test
+ emailAddress=steve@openssl.org
+ 0.OU=OpenSSL Group
+ 1.OU=Another Group
    +

    A sample configuration file with the relevant sections for this command:

    +
    + [ ca ]
+ default_ca      = CA_default            # The default ca section
    +
    + [ CA_default ]
    +
    + dir            = ./demoCA              # top dir
+ database       = $dir/index.txt        # index file.
+ new_certs_dir  = $dir/newcerts         # new certs dir
    +
    + certificate    = $dir/cacert.pem       # The CA cert
+ serial         = $dir/serial           # serial no file
+ #rand_serial    = yes                  # for random serial#'s
+ private_key    = $dir/private/cakey.pem# CA private key
    +
    + default_days   = 365                   # how long to certify for
+ default_crl_days= 30                   # how long before next CRL
+ default_md     = md5                   # md to use
    +
    + policy         = policy_any            # default policy
+ email_in_dn    = no                    # Don't add the email into cert DN
    +
    + name_opt       = ca_default            # Subject name display option
+ cert_opt       = ca_default            # Certificate display option
+ copy_extensions = none                 # Don't copy extensions from request
    +
    + [ policy_any ]
+ countryName            = supplied
+ stateOrProvinceName    = optional
+ organizationName       = optional
+ organizationalUnitName = optional
+ commonName             = supplied
+ emailAddress           = optional
    +

    +

    +
    +

    FILES

    +

    Note: the location of all files can change either by compile time options, +configuration file entries, environment variables or command line options. +The values below reflect the default values.

    +
    + /usr/local/ssl/lib/openssl.cnf - master configuration file
+ ./demoCA                       - main CA directory
+ ./demoCA/cacert.pem            - CA certificate
+ ./demoCA/private/cakey.pem     - CA private key
+ ./demoCA/serial                - CA serial number file
+ ./demoCA/serial.old            - CA serial number backup file
+ ./demoCA/index.txt             - CA text database file
+ ./demoCA/index.txt.old         - CA text database backup file
+ ./demoCA/certs                 - certificate output file
    +

    +

    +
    +

    RESTRICTIONS

    +

    The text database index file is a critical part of the process and +if corrupted it can be difficult to fix. It is theoretically possible +to rebuild the index file from all the issued certificates and a current +CRL: however there is no option to do this.

    +

    V2 CRL features like delta CRLs are not currently supported.

    +

    Although several requests can be input and handled at once it is only +possible to include one SPKAC or self-signed certificate.

    +

    +

    +
    +

    BUGS

    +

    The use of an in-memory text database can cause problems when large +numbers of certificates are present because, as the name implies +the database has to be kept in memory.

    +

    This command really needs rewriting or the required functionality +exposed at either a command or interface level so a more friendly utility +(perl script or GUI) can handle things properly. The script +CA.pl helps a little but not very much.

    +

    Any fields in a request that are not present in a policy are silently +deleted. This does not happen if the -preserveDN option is used. To +enforce the absence of the EMAIL field within the DN, as suggested by +RFCs, regardless the contents of the request' subject the -noemailDN +option can be used. The behaviour should be more friendly and +configurable.

    +

    Canceling some commands by refusing to certify a certificate can +create an empty file.

    +

    +

    +
    +

    WARNINGS

    +

    This command is quirky and at times downright unfriendly.

    +

    This command was originally meant as an example of how to do +things in a CA. It was not supposed to be used as a full blown CA itself: +nevertheless some people are using it for this purpose.

    +

    This command command is effectively a single user command: no locking +is done on the various files and attempts to run more than one openssl ca +command on the same database can have unpredictable results.

    +

    The copy_extensions option should be used with caution. If care is +not taken then it can be a security risk. For example if a certificate +request contains a basicConstraints extension with CA:TRUE and the +copy_extensions value is set to copyall and the user does not spot +this when the certificate is displayed then this will hand the requester +a valid CA certificate.

    +

    This situation can be avoided by setting copy_extensions to copy +and including basicConstraints with CA:FALSE in the configuration file. +Then if the request contains a basicConstraints extension it will be +ignored.

    +

    It is advisable to also include values for other extensions such +as keyUsage to prevent a request supplying its own values.

    +

    Additional restrictions can be placed on the CA certificate itself. +For example if the CA certificate has:

    +
    + basicConstraints = CA:TRUE, pathlen:0
    +

    then even if a certificate is issued with CA:TRUE it will not be valid.

    +

    +

    +
    +

    HISTORY

    +

    Since OpenSSL 1.1.1, the program follows RFC5280. Specifically, +certificate validity period (specified by any of -startdate, +-enddate and -days) will be encoded as UTCTime if the dates are +earlier than year 2049 (included), and as GeneralizedTime if the dates +are in year 2050 or later.

    +

    OpenSSL 1.1.1 introduced a new random generator (CSPRNG) with an improved +seeding mechanism. The new seeding mechanism makes it unnecessary to +define a RANDFILE for saving and restoring randomness. This option is +retained mainly for compatibility reasons.

    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +openssl-req(1), +openssl-spkac(1), +openssl-x509(1), +CA.pl(1), +config(5), +x509v3_config(5)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-ciphers.html b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-ciphers.html new file mode 100755 index 0000000..cda10a3 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-ciphers.html @@ -0,0 +1,882 @@ + + + + +openssl-ciphers + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    openssl-ciphers - SSL cipher display and cipher list tool

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl ciphers +[-help] +[-s] +[-v] +[-V] +[-ssl3] +[-tls1] +[-tls1_1] +[-tls1_2] +[-tls1_3] +[-s] +[-psk] +[-srp] +[-stdname] +[-convert name] +[-ciphersuites val] +[cipherlist]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command converts textual OpenSSL cipher lists into +ordered SSL cipher preference lists. It can be used as a test tool to +determine the appropriate cipherlist.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print a usage message.

    +
    +
    -s
    + +
    +

    Only list supported ciphers: those consistent with the security level, and +minimum and maximum protocol version. This is closer to the actual cipher list +an application will support.

    +

    PSK and SRP ciphers are not enabled by default: they require -psk or -srp +to enable them.

    +

    It also does not change the default list of supported signature algorithms.

    +

    On a server the list of supported ciphers might also exclude other ciphers +depending on the configured certificates and presence of DH parameters.

    +

    If this option is not used then all ciphers that match the cipherlist will be +listed.

    +
    +
    -psk
    + +
    +

    When combined with -s includes cipher suites which require PSK.

    +
    +
    -srp
    + +
    +

    When combined with -s includes cipher suites which require SRP.

    +
    +
    -v
    + +
    +

    Verbose output: For each cipher suite, list details as provided by +SSL_CIPHER_description(3).

    +
    +
    -V
    + +
    +

    Like -v, but include the official cipher suite values in hex.

    +
    +
    -tls1_3, -tls1_2, -tls1_1, -tls1, -ssl3
    + +
    +

    In combination with the -s option, list the ciphers which could be used if +the specified protocol were negotiated. +Note that not all protocols and flags may be available, depending on how +OpenSSL was built.

    +
    +
    -stdname
    + +
    +

    Precede each cipher suite by its standard name.

    +
    +
    -convert name
    + +
    +

    Convert a standard cipher name to its OpenSSL name.

    +
    +
    -ciphersuites val
    + +
    +

    Sets the list of TLSv1.3 ciphersuites. This list will be combined with any +TLSv1.2 and below ciphersuites that have been configured. The format for this +list is a simple colon (":") separated list of TLSv1.3 ciphersuite names. By +default this value is:

    +
    + TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
    +
    +
    cipherlist
    + +
    +

    A cipher list of TLSv1.2 and below ciphersuites to convert to a cipher +preference list. This list will be combined with any TLSv1.3 ciphersuites that +have been configured. If it is not included then the default cipher list will be +used. The format is described below.

    +
    +
    +

    +

    +
    +

    CIPHER LIST FORMAT

    +

    The cipher list consists of one or more cipher strings separated by colons. +Commas or spaces are also acceptable separators but colons are normally used.

    +

    The actual cipher string can take several different forms.

    +

    It can consist of a single cipher suite such as RC4-SHA.

    +

    It can represent a list of cipher suites containing a certain algorithm, or +cipher suites of a certain type. For example SHA1 represents all ciphers +suites using the digest algorithm SHA1 and SSLv3 represents all SSL v3 +algorithms.

    +

    Lists of cipher suites can be combined in a single cipher string using the ++ character. This is used as a logical and operation. For example +SHA1+DES represents all cipher suites containing the SHA1 and the DES +algorithms.

    +

    Each cipher string can be optionally preceded by the characters !, +- or +.

    +

    If ! is used then the ciphers are permanently deleted from the list. +The ciphers deleted can never reappear in the list even if they are +explicitly stated.

    +

    If - is used then the ciphers are deleted from the list, but some or +all of the ciphers can be added again by later options.

    +

    If + is used then the ciphers are moved to the end of the list. This +option doesn't add any new ciphers it just moves matching existing ones.

    +

    If none of these characters is present then the string is just interpreted +as a list of ciphers to be appended to the current preference list. If the +list includes any ciphers already present they will be ignored: that is they +will not moved to the end of the list.

    +

    The cipher string @STRENGTH can be used at any point to sort the current +cipher list in order of encryption algorithm key length.

    +

    The cipher string @SECLEVEL=n can be used at any point to set the security +level to n, which should be a number between zero and five, inclusive. +See SSL_CTX_set_security_level(3) for a description of what each level means.

    +

    The cipher list can be prefixed with the DEFAULT keyword, which enables +the default cipher list as defined below. Unlike cipher strings, +this prefix may not be combined with other strings using + character. +For example, DEFAULT+DES is not valid.

    +

    The content of the default list is determined at compile time and normally +corresponds to ALL:!COMPLEMENTOFDEFAULT:!eNULL.

    +

    +

    +
    +

    CIPHER STRINGS

    +

    The following is a list of all permitted cipher strings and their meanings.

    +
    +
    COMPLEMENTOFDEFAULT
    + +
    +

    The ciphers included in ALL, but not enabled by default. Currently +this includes all RC4 and anonymous ciphers. Note that this rule does +not cover eNULL, which is not included by ALL (use COMPLEMENTOFALL if +necessary). Note that RC4 based cipher suites are not built into OpenSSL by +default (see the enable-weak-ssl-ciphers option to Configure).

    +
    +
    ALL
    + +
    +

    All cipher suites except the eNULL ciphers (which must be explicitly enabled +if needed). +As of OpenSSL 1.0.0, the ALL cipher suites are sensibly ordered by default.

    +
    +
    COMPLEMENTOFALL
    + +
    +

    The cipher suites not enabled by ALL, currently eNULL.

    +
    +
    HIGH
    + +
    +

    "High" encryption cipher suites. This currently means those with key lengths +larger than 128 bits, and some cipher suites with 128-bit keys.

    +
    +
    MEDIUM
    + +
    +

    "Medium" encryption cipher suites, currently some of those using 128 bit +encryption.

    +
    +
    LOW
    + +
    +

    "Low" encryption cipher suites, currently those using 64 or 56 bit +encryption algorithms but excluding export cipher suites. All these +cipher suites have been removed as of OpenSSL 1.1.0.

    +
    +
    eNULL, NULL
    + +
    +

    The "NULL" ciphers that is those offering no encryption. Because these offer no +encryption at all and are a security risk they are not enabled via either the +DEFAULT or ALL cipher strings. +Be careful when building cipherlists out of lower-level primitives such as +kRSA or aECDSA as these do overlap with the eNULL ciphers. When in +doubt, include !eNULL in your cipherlist.

    +
    +
    aNULL
    + +
    +

    The cipher suites offering no authentication. This is currently the anonymous +DH algorithms and anonymous ECDH algorithms. These cipher suites are vulnerable +to "man in the middle" attacks and so their use is discouraged. +These are excluded from the DEFAULT ciphers, but included in the ALL +ciphers. +Be careful when building cipherlists out of lower-level primitives such as +kDHE or AES as these do overlap with the aNULL ciphers. +When in doubt, include !aNULL in your cipherlist.

    +
    +
    kRSA, aRSA, RSA
    + +
    +

    Cipher suites using RSA key exchange or authentication. RSA is an alias for +kRSA.

    +
    +
    kDHr, kDHd, kDH
    + +
    +

    Cipher suites using static DH key agreement and DH certificates signed by CAs +with RSA and DSS keys or either respectively. +All these cipher suites have been removed in OpenSSL 1.1.0.

    +
    +
    kDHE, kEDH, DH
    + +
    +

    Cipher suites using ephemeral DH key agreement, including anonymous cipher +suites.

    +
    +
    DHE, EDH
    + +
    +

    Cipher suites using authenticated ephemeral DH key agreement.

    +
    +
    ADH
    + +
    +

    Anonymous DH cipher suites, note that this does not include anonymous Elliptic +Curve DH (ECDH) cipher suites.

    +
    +
    kEECDH, kECDHE, ECDH
    + +
    +

    Cipher suites using ephemeral ECDH key agreement, including anonymous +cipher suites.

    +
    +
    ECDHE, EECDH
    + +
    +

    Cipher suites using authenticated ephemeral ECDH key agreement.

    +
    +
    AECDH
    + +
    +

    Anonymous Elliptic Curve Diffie-Hellman cipher suites.

    +
    +
    aDSS, DSS
    + +
    +

    Cipher suites using DSS authentication, i.e. the certificates carry DSS keys.

    +
    +
    aDH
    + +
    +

    Cipher suites effectively using DH authentication, i.e. the certificates carry +DH keys. +All these cipher suites have been removed in OpenSSL 1.1.0.

    +
    +
    aECDSA, ECDSA
    + +
    +

    Cipher suites using ECDSA authentication, i.e. the certificates carry ECDSA +keys.

    +
    +
    TLSv1.2, TLSv1.0, SSLv3
    + +
    +

    Lists cipher suites which are only supported in at least TLS v1.2, TLS v1.0 or +SSL v3.0 respectively. +Note: there are no cipher suites specific to TLS v1.1. +Since this is only the minimum version, if, for example, TLSv1.0 is negotiated +then both TLSv1.0 and SSLv3.0 cipher suites are available.

    +

    Note: these cipher strings do not change the negotiated version of SSL or +TLS, they only affect the list of available cipher suites.

    +
    +
    AES128, AES256, AES
    + +
    +

    cipher suites using 128 bit AES, 256 bit AES or either 128 or 256 bit AES.

    +
    +
    AESGCM
    + +
    +

    AES in Galois Counter Mode (GCM): these cipher suites are only supported +in TLS v1.2.

    +
    +
    AESCCM, AESCCM8
    + +
    +

    AES in Cipher Block Chaining - Message Authentication Mode (CCM): these +cipher suites are only supported in TLS v1.2. AESCCM references CCM +cipher suites using both 16 and 8 octet Integrity Check Value (ICV) +while AESCCM8 only references 8 octet ICV.

    +
    +
    ARIA128, ARIA256, ARIA
    + +
    +

    Cipher suites using 128 bit ARIA, 256 bit ARIA or either 128 or 256 bit +ARIA.

    +
    +
    CAMELLIA128, CAMELLIA256, CAMELLIA
    + +
    +

    Cipher suites using 128 bit CAMELLIA, 256 bit CAMELLIA or either 128 or 256 bit +CAMELLIA.

    +
    +
    CHACHA20
    + +
    +

    Cipher suites using ChaCha20.

    + +
  • 3DES + +

    Cipher suites using triple DES.

    +
    • +
    DES
    + +
    +

    Cipher suites using DES (not triple DES). +All these cipher suites have been removed in OpenSSL 1.1.0.

    +
    +
    RC4
    + +
    +

    Cipher suites using RC4.

    +
    +
    RC2
    + +
    +

    Cipher suites using RC2.

    +
    +
    IDEA
    + +
    +

    Cipher suites using IDEA.

    +
    +
    SEED
    + +
    +

    Cipher suites using SEED.

    +
    +
    MD5
    + +
    +

    Cipher suites using MD5.

    +
    +
    SHA1, SHA
    + +
    +

    Cipher suites using SHA1.

    +
    +
    SHA256, SHA384
    + +
    +

    Cipher suites using SHA256 or SHA384.

    +
    +
    aGOST
    + +
    +

    Cipher suites using GOST R 34.10 (either 2001 or 94) for authentication +(needs an engine supporting GOST algorithms).

    +
    +
    aGOST01
    + +
    +

    Cipher suites using GOST R 34.10-2001 authentication.

    +
    +
    kGOST
    + +
    +

    Cipher suites, using VKO 34.10 key exchange, specified in the RFC 4357.

    +
    +
    GOST94
    + +
    +

    Cipher suites, using HMAC based on GOST R 34.11-94.

    +
    +
    GOST89MAC
    + +
    +

    Cipher suites using GOST 28147-89 MAC instead of HMAC.

    +
    +
    PSK
    + +
    +

    All cipher suites using pre-shared keys (PSK).

    +
    +
    kPSK, kECDHEPSK, kDHEPSK, kRSAPSK
    + +
    +

    Cipher suites using PSK key exchange, ECDHE_PSK, DHE_PSK or RSA_PSK.

    +
    +
    aPSK
    + +
    +

    Cipher suites using PSK authentication (currently all PSK modes apart from +RSA_PSK).

    +
    +
    SUITEB128, SUITEB128ONLY, SUITEB192
    + +
    +

    Enables suite B mode of operation using 128 (permitting 192 bit mode by peer) +128 bit (not permitting 192 bit by peer) or 192 bit level of security +respectively. +If used these cipherstrings should appear first in the cipher +list and anything after them is ignored. +Setting Suite B mode has additional consequences required to comply with +RFC6460. +In particular the supported signature algorithms is reduced to support only +ECDSA and SHA256 or SHA384, only the elliptic curves P-256 and P-384 can be +used and only the two suite B compliant cipher suites +(ECDHE-ECDSA-AES128-GCM-SHA256 and ECDHE-ECDSA-AES256-GCM-SHA384) are +permissible.

    +
    +
    +

    +

    +
    +

    CIPHER SUITE NAMES

    +

    The following lists give the SSL or TLS cipher suites names from the +relevant specification and their OpenSSL equivalents. It should be noted, +that several cipher suite names do not include the authentication used, +e.g. DES-CBC3-SHA. In these cases, RSA authentication is used.

    +

    +

    +

    SSL v3.0 cipher suites

    +
    + SSL_RSA_WITH_NULL_MD5                   NULL-MD5
+ SSL_RSA_WITH_NULL_SHA                   NULL-SHA
+ SSL_RSA_WITH_RC4_128_MD5                RC4-MD5
+ SSL_RSA_WITH_RC4_128_SHA                RC4-SHA
+ SSL_RSA_WITH_IDEA_CBC_SHA               IDEA-CBC-SHA
+ SSL_RSA_WITH_3DES_EDE_CBC_SHA           DES-CBC3-SHA
    +
    + SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA        DH-DSS-DES-CBC3-SHA
+ SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA        DH-RSA-DES-CBC3-SHA
+ SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA       DHE-DSS-DES-CBC3-SHA
+ SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA       DHE-RSA-DES-CBC3-SHA
    +
    + SSL_DH_anon_WITH_RC4_128_MD5            ADH-RC4-MD5
+ SSL_DH_anon_WITH_3DES_EDE_CBC_SHA       ADH-DES-CBC3-SHA
    +
    + SSL_FORTEZZA_KEA_WITH_NULL_SHA          Not implemented.
+ SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA  Not implemented.
+ SSL_FORTEZZA_KEA_WITH_RC4_128_SHA       Not implemented.
    +

    +

    +

    TLS v1.0 cipher suites

    +
    + TLS_RSA_WITH_NULL_MD5                   NULL-MD5
+ TLS_RSA_WITH_NULL_SHA                   NULL-SHA
+ TLS_RSA_WITH_RC4_128_MD5                RC4-MD5
+ TLS_RSA_WITH_RC4_128_SHA                RC4-SHA
+ TLS_RSA_WITH_IDEA_CBC_SHA               IDEA-CBC-SHA
+ TLS_RSA_WITH_3DES_EDE_CBC_SHA           DES-CBC3-SHA
    +
    + TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA        Not implemented.
+ TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA        Not implemented.
+ TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA       DHE-DSS-DES-CBC3-SHA
+ TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA       DHE-RSA-DES-CBC3-SHA
    +
    + TLS_DH_anon_WITH_RC4_128_MD5            ADH-RC4-MD5
+ TLS_DH_anon_WITH_3DES_EDE_CBC_SHA       ADH-DES-CBC3-SHA
    +

    +

    +

    AES cipher suites from RFC3268, extending TLS v1.0

    +
    + TLS_RSA_WITH_AES_128_CBC_SHA            AES128-SHA
+ TLS_RSA_WITH_AES_256_CBC_SHA            AES256-SHA
    +
    + TLS_DH_DSS_WITH_AES_128_CBC_SHA         DH-DSS-AES128-SHA
+ TLS_DH_DSS_WITH_AES_256_CBC_SHA         DH-DSS-AES256-SHA
+ TLS_DH_RSA_WITH_AES_128_CBC_SHA         DH-RSA-AES128-SHA
+ TLS_DH_RSA_WITH_AES_256_CBC_SHA         DH-RSA-AES256-SHA
    +
    + TLS_DHE_DSS_WITH_AES_128_CBC_SHA        DHE-DSS-AES128-SHA
+ TLS_DHE_DSS_WITH_AES_256_CBC_SHA        DHE-DSS-AES256-SHA
+ TLS_DHE_RSA_WITH_AES_128_CBC_SHA        DHE-RSA-AES128-SHA
+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA        DHE-RSA-AES256-SHA
    +
    + TLS_DH_anon_WITH_AES_128_CBC_SHA        ADH-AES128-SHA
+ TLS_DH_anon_WITH_AES_256_CBC_SHA        ADH-AES256-SHA
    +

    +

    +

    Camellia cipher suites from RFC4132, extending TLS v1.0

    +
    + TLS_RSA_WITH_CAMELLIA_128_CBC_SHA      CAMELLIA128-SHA
+ TLS_RSA_WITH_CAMELLIA_256_CBC_SHA      CAMELLIA256-SHA
    +
    + TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA   DH-DSS-CAMELLIA128-SHA
+ TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA   DH-DSS-CAMELLIA256-SHA
+ TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA   DH-RSA-CAMELLIA128-SHA
+ TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA   DH-RSA-CAMELLIA256-SHA
    +
    + TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA  DHE-DSS-CAMELLIA128-SHA
+ TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA  DHE-DSS-CAMELLIA256-SHA
+ TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA  DHE-RSA-CAMELLIA128-SHA
+ TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA  DHE-RSA-CAMELLIA256-SHA
    +
    + TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA  ADH-CAMELLIA128-SHA
+ TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA  ADH-CAMELLIA256-SHA
    +

    +

    +

    SEED cipher suites from RFC4162, extending TLS v1.0

    +
    + TLS_RSA_WITH_SEED_CBC_SHA              SEED-SHA
    +
    + TLS_DH_DSS_WITH_SEED_CBC_SHA           DH-DSS-SEED-SHA
+ TLS_DH_RSA_WITH_SEED_CBC_SHA           DH-RSA-SEED-SHA
    +
    + TLS_DHE_DSS_WITH_SEED_CBC_SHA          DHE-DSS-SEED-SHA
+ TLS_DHE_RSA_WITH_SEED_CBC_SHA          DHE-RSA-SEED-SHA
    +
    + TLS_DH_anon_WITH_SEED_CBC_SHA          ADH-SEED-SHA
    +

    +

    +

    GOST cipher suites from draft-chudov-cryptopro-cptls, extending TLS v1.0

    +

    Note: these ciphers require an engine which including GOST cryptographic +algorithms, such as the gost engine, which isn't part of the OpenSSL +distribution.

    +
    + TLS_GOSTR341094_WITH_28147_CNT_IMIT GOST94-GOST89-GOST89
+ TLS_GOSTR341001_WITH_28147_CNT_IMIT GOST2001-GOST89-GOST89
+ TLS_GOSTR341094_WITH_NULL_GOSTR3411 GOST94-NULL-GOST94
+ TLS_GOSTR341001_WITH_NULL_GOSTR3411 GOST2001-NULL-GOST94
    +

    +

    +

    Additional Export 1024 and other cipher suites

    +

    Note: these ciphers can also be used in SSL v3.

    +
    + TLS_DHE_DSS_WITH_RC4_128_SHA            DHE-DSS-RC4-SHA
    +

    +

    +

    Elliptic curve cipher suites

    +
    + TLS_ECDHE_RSA_WITH_NULL_SHA             ECDHE-RSA-NULL-SHA
+ TLS_ECDHE_RSA_WITH_RC4_128_SHA          ECDHE-RSA-RC4-SHA
+ TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA     ECDHE-RSA-DES-CBC3-SHA
+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA      ECDHE-RSA-AES128-SHA
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA      ECDHE-RSA-AES256-SHA
    +
    + TLS_ECDHE_ECDSA_WITH_NULL_SHA           ECDHE-ECDSA-NULL-SHA
+ TLS_ECDHE_ECDSA_WITH_RC4_128_SHA        ECDHE-ECDSA-RC4-SHA
+ TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA   ECDHE-ECDSA-DES-CBC3-SHA
+ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA    ECDHE-ECDSA-AES128-SHA
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA    ECDHE-ECDSA-AES256-SHA
    +
    + TLS_ECDH_anon_WITH_NULL_SHA             AECDH-NULL-SHA
+ TLS_ECDH_anon_WITH_RC4_128_SHA          AECDH-RC4-SHA
+ TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA     AECDH-DES-CBC3-SHA
+ TLS_ECDH_anon_WITH_AES_128_CBC_SHA      AECDH-AES128-SHA
+ TLS_ECDH_anon_WITH_AES_256_CBC_SHA      AECDH-AES256-SHA
    +

    +

    +

    TLS v1.2 cipher suites

    +
    + TLS_RSA_WITH_NULL_SHA256                  NULL-SHA256
    +
    + TLS_RSA_WITH_AES_128_CBC_SHA256           AES128-SHA256
+ TLS_RSA_WITH_AES_256_CBC_SHA256           AES256-SHA256
+ TLS_RSA_WITH_AES_128_GCM_SHA256           AES128-GCM-SHA256
+ TLS_RSA_WITH_AES_256_GCM_SHA384           AES256-GCM-SHA384
    +
    + TLS_DH_RSA_WITH_AES_128_CBC_SHA256        DH-RSA-AES128-SHA256
+ TLS_DH_RSA_WITH_AES_256_CBC_SHA256        DH-RSA-AES256-SHA256
+ TLS_DH_RSA_WITH_AES_128_GCM_SHA256        DH-RSA-AES128-GCM-SHA256
+ TLS_DH_RSA_WITH_AES_256_GCM_SHA384        DH-RSA-AES256-GCM-SHA384
    +
    + TLS_DH_DSS_WITH_AES_128_CBC_SHA256        DH-DSS-AES128-SHA256
+ TLS_DH_DSS_WITH_AES_256_CBC_SHA256        DH-DSS-AES256-SHA256
+ TLS_DH_DSS_WITH_AES_128_GCM_SHA256        DH-DSS-AES128-GCM-SHA256
+ TLS_DH_DSS_WITH_AES_256_GCM_SHA384        DH-DSS-AES256-GCM-SHA384
    +
    + TLS_DHE_RSA_WITH_AES_128_CBC_SHA256       DHE-RSA-AES128-SHA256
+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA256       DHE-RSA-AES256-SHA256
+ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256       DHE-RSA-AES128-GCM-SHA256
+ TLS_DHE_RSA_WITH_AES_256_GCM_SHA384       DHE-RSA-AES256-GCM-SHA384
    +
    + TLS_DHE_DSS_WITH_AES_128_CBC_SHA256       DHE-DSS-AES128-SHA256
+ TLS_DHE_DSS_WITH_AES_256_CBC_SHA256       DHE-DSS-AES256-SHA256
+ TLS_DHE_DSS_WITH_AES_128_GCM_SHA256       DHE-DSS-AES128-GCM-SHA256
+ TLS_DHE_DSS_WITH_AES_256_GCM_SHA384       DHE-DSS-AES256-GCM-SHA384
    +
    + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256     ECDHE-RSA-AES128-SHA256
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384     ECDHE-RSA-AES256-SHA384
+ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256     ECDHE-RSA-AES128-GCM-SHA256
+ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384     ECDHE-RSA-AES256-GCM-SHA384
    +
    + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256   ECDHE-ECDSA-AES128-SHA256
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384   ECDHE-ECDSA-AES256-SHA384
+ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256   ECDHE-ECDSA-AES128-GCM-SHA256
+ TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDHE-ECDSA-AES256-GCM-SHA384
    +
    + TLS_DH_anon_WITH_AES_128_CBC_SHA256       ADH-AES128-SHA256
+ TLS_DH_anon_WITH_AES_256_CBC_SHA256       ADH-AES256-SHA256
+ TLS_DH_anon_WITH_AES_128_GCM_SHA256       ADH-AES128-GCM-SHA256
+ TLS_DH_anon_WITH_AES_256_GCM_SHA384       ADH-AES256-GCM-SHA384
    +
    + RSA_WITH_AES_128_CCM                      AES128-CCM
+ RSA_WITH_AES_256_CCM                      AES256-CCM
+ DHE_RSA_WITH_AES_128_CCM                  DHE-RSA-AES128-CCM
+ DHE_RSA_WITH_AES_256_CCM                  DHE-RSA-AES256-CCM
+ RSA_WITH_AES_128_CCM_8                    AES128-CCM8
+ RSA_WITH_AES_256_CCM_8                    AES256-CCM8
+ DHE_RSA_WITH_AES_128_CCM_8                DHE-RSA-AES128-CCM8
+ DHE_RSA_WITH_AES_256_CCM_8                DHE-RSA-AES256-CCM8
+ ECDHE_ECDSA_WITH_AES_128_CCM              ECDHE-ECDSA-AES128-CCM
+ ECDHE_ECDSA_WITH_AES_256_CCM              ECDHE-ECDSA-AES256-CCM
+ ECDHE_ECDSA_WITH_AES_128_CCM_8            ECDHE-ECDSA-AES128-CCM8
+ ECDHE_ECDSA_WITH_AES_256_CCM_8            ECDHE-ECDSA-AES256-CCM8
    +

    +

    +

    ARIA cipher suites from RFC6209, extending TLS v1.2

    +

    Note: the CBC modes mentioned in this RFC are not supported.

    +
    + TLS_RSA_WITH_ARIA_128_GCM_SHA256          ARIA128-GCM-SHA256
+ TLS_RSA_WITH_ARIA_256_GCM_SHA384          ARIA256-GCM-SHA384
+ TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256      DHE-RSA-ARIA128-GCM-SHA256
+ TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384      DHE-RSA-ARIA256-GCM-SHA384
+ TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256      DHE-DSS-ARIA128-GCM-SHA256
+ TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384      DHE-DSS-ARIA256-GCM-SHA384
+ TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256  ECDHE-ECDSA-ARIA128-GCM-SHA256
+ TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384  ECDHE-ECDSA-ARIA256-GCM-SHA384
+ TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256    ECDHE-ARIA128-GCM-SHA256
+ TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384    ECDHE-ARIA256-GCM-SHA384
+ TLS_PSK_WITH_ARIA_128_GCM_SHA256          PSK-ARIA128-GCM-SHA256
+ TLS_PSK_WITH_ARIA_256_GCM_SHA384          PSK-ARIA256-GCM-SHA384
+ TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256      DHE-PSK-ARIA128-GCM-SHA256
+ TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384      DHE-PSK-ARIA256-GCM-SHA384
+ TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256      RSA-PSK-ARIA128-GCM-SHA256
+ TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384      RSA-PSK-ARIA256-GCM-SHA384
    +

    +

    +

    Camellia HMAC-Based cipher suites from RFC6367, extending TLS v1.2

    +
    + TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-ECDSA-CAMELLIA128-SHA256
+ TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-ECDSA-CAMELLIA256-SHA384
+ TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256   ECDHE-RSA-CAMELLIA128-SHA256
+ TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384   ECDHE-RSA-CAMELLIA256-SHA384
    +

    +

    +

    Pre-shared keying (PSK) cipher suites

    +
    + PSK_WITH_NULL_SHA                         PSK-NULL-SHA
+ DHE_PSK_WITH_NULL_SHA                     DHE-PSK-NULL-SHA
+ RSA_PSK_WITH_NULL_SHA                     RSA-PSK-NULL-SHA
    +
    + PSK_WITH_RC4_128_SHA                      PSK-RC4-SHA
+ PSK_WITH_3DES_EDE_CBC_SHA                 PSK-3DES-EDE-CBC-SHA
+ PSK_WITH_AES_128_CBC_SHA                  PSK-AES128-CBC-SHA
+ PSK_WITH_AES_256_CBC_SHA                  PSK-AES256-CBC-SHA
    +
    + DHE_PSK_WITH_RC4_128_SHA                  DHE-PSK-RC4-SHA
+ DHE_PSK_WITH_3DES_EDE_CBC_SHA             DHE-PSK-3DES-EDE-CBC-SHA
+ DHE_PSK_WITH_AES_128_CBC_SHA              DHE-PSK-AES128-CBC-SHA
+ DHE_PSK_WITH_AES_256_CBC_SHA              DHE-PSK-AES256-CBC-SHA
    +
    + RSA_PSK_WITH_RC4_128_SHA                  RSA-PSK-RC4-SHA
+ RSA_PSK_WITH_3DES_EDE_CBC_SHA             RSA-PSK-3DES-EDE-CBC-SHA
+ RSA_PSK_WITH_AES_128_CBC_SHA              RSA-PSK-AES128-CBC-SHA
+ RSA_PSK_WITH_AES_256_CBC_SHA              RSA-PSK-AES256-CBC-SHA
    +
    + PSK_WITH_AES_128_GCM_SHA256               PSK-AES128-GCM-SHA256
+ PSK_WITH_AES_256_GCM_SHA384               PSK-AES256-GCM-SHA384
+ DHE_PSK_WITH_AES_128_GCM_SHA256           DHE-PSK-AES128-GCM-SHA256
+ DHE_PSK_WITH_AES_256_GCM_SHA384           DHE-PSK-AES256-GCM-SHA384
+ RSA_PSK_WITH_AES_128_GCM_SHA256           RSA-PSK-AES128-GCM-SHA256
+ RSA_PSK_WITH_AES_256_GCM_SHA384           RSA-PSK-AES256-GCM-SHA384
    +
    + PSK_WITH_AES_128_CBC_SHA256               PSK-AES128-CBC-SHA256
+ PSK_WITH_AES_256_CBC_SHA384               PSK-AES256-CBC-SHA384
+ PSK_WITH_NULL_SHA256                      PSK-NULL-SHA256
+ PSK_WITH_NULL_SHA384                      PSK-NULL-SHA384
+ DHE_PSK_WITH_AES_128_CBC_SHA256           DHE-PSK-AES128-CBC-SHA256
+ DHE_PSK_WITH_AES_256_CBC_SHA384           DHE-PSK-AES256-CBC-SHA384
+ DHE_PSK_WITH_NULL_SHA256                  DHE-PSK-NULL-SHA256
+ DHE_PSK_WITH_NULL_SHA384                  DHE-PSK-NULL-SHA384
+ RSA_PSK_WITH_AES_128_CBC_SHA256           RSA-PSK-AES128-CBC-SHA256
+ RSA_PSK_WITH_AES_256_CBC_SHA384           RSA-PSK-AES256-CBC-SHA384
+ RSA_PSK_WITH_NULL_SHA256                  RSA-PSK-NULL-SHA256
+ RSA_PSK_WITH_NULL_SHA384                  RSA-PSK-NULL-SHA384
+ PSK_WITH_AES_128_GCM_SHA256               PSK-AES128-GCM-SHA256
+ PSK_WITH_AES_256_GCM_SHA384               PSK-AES256-GCM-SHA384
    +
    + ECDHE_PSK_WITH_RC4_128_SHA                ECDHE-PSK-RC4-SHA
+ ECDHE_PSK_WITH_3DES_EDE_CBC_SHA           ECDHE-PSK-3DES-EDE-CBC-SHA
+ ECDHE_PSK_WITH_AES_128_CBC_SHA            ECDHE-PSK-AES128-CBC-SHA
+ ECDHE_PSK_WITH_AES_256_CBC_SHA            ECDHE-PSK-AES256-CBC-SHA
+ ECDHE_PSK_WITH_AES_128_CBC_SHA256         ECDHE-PSK-AES128-CBC-SHA256
+ ECDHE_PSK_WITH_AES_256_CBC_SHA384         ECDHE-PSK-AES256-CBC-SHA384
+ ECDHE_PSK_WITH_NULL_SHA                   ECDHE-PSK-NULL-SHA
+ ECDHE_PSK_WITH_NULL_SHA256                ECDHE-PSK-NULL-SHA256
+ ECDHE_PSK_WITH_NULL_SHA384                ECDHE-PSK-NULL-SHA384
    +
    + PSK_WITH_CAMELLIA_128_CBC_SHA256          PSK-CAMELLIA128-SHA256
+ PSK_WITH_CAMELLIA_256_CBC_SHA384          PSK-CAMELLIA256-SHA384
    +
    + DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256      DHE-PSK-CAMELLIA128-SHA256
+ DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384      DHE-PSK-CAMELLIA256-SHA384
    +
    + RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256      RSA-PSK-CAMELLIA128-SHA256
+ RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384      RSA-PSK-CAMELLIA256-SHA384
    +
    + ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256    ECDHE-PSK-CAMELLIA128-SHA256
+ ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384    ECDHE-PSK-CAMELLIA256-SHA384
    +
    + PSK_WITH_AES_128_CCM                      PSK-AES128-CCM
+ PSK_WITH_AES_256_CCM                      PSK-AES256-CCM
+ DHE_PSK_WITH_AES_128_CCM                  DHE-PSK-AES128-CCM
+ DHE_PSK_WITH_AES_256_CCM                  DHE-PSK-AES256-CCM
+ PSK_WITH_AES_128_CCM_8                    PSK-AES128-CCM8
+ PSK_WITH_AES_256_CCM_8                    PSK-AES256-CCM8
+ DHE_PSK_WITH_AES_128_CCM_8                DHE-PSK-AES128-CCM8
+ DHE_PSK_WITH_AES_256_CCM_8                DHE-PSK-AES256-CCM8
    +

    +

    +

    ChaCha20-Poly1305 cipher suites, extending TLS v1.2

    +
    + TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256      ECDHE-RSA-CHACHA20-POLY1305
+ TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256    ECDHE-ECDSA-CHACHA20-POLY1305
+ TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256        DHE-RSA-CHACHA20-POLY1305
+ TLS_PSK_WITH_CHACHA20_POLY1305_SHA256            PSK-CHACHA20-POLY1305
+ TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256      ECDHE-PSK-CHACHA20-POLY1305
+ TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256        DHE-PSK-CHACHA20-POLY1305
+ TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256        RSA-PSK-CHACHA20-POLY1305
    +

    +

    +

    TLS v1.3 cipher suites

    +
    + TLS_AES_128_GCM_SHA256                     TLS_AES_128_GCM_SHA256
+ TLS_AES_256_GCM_SHA384                     TLS_AES_256_GCM_SHA384
+ TLS_CHACHA20_POLY1305_SHA256               TLS_CHACHA20_POLY1305_SHA256
+ TLS_AES_128_CCM_SHA256                     TLS_AES_128_CCM_SHA256
+ TLS_AES_128_CCM_8_SHA256                   TLS_AES_128_CCM_8_SHA256
    +

    +

    +

    Older names used by OpenSSL

    +

    The following names are accepted by older releases:

    +
    + SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA    EDH-RSA-DES-CBC3-SHA (DHE-RSA-DES-CBC3-SHA)
+ SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA    EDH-DSS-DES-CBC3-SHA (DHE-DSS-DES-CBC3-SHA)
    +

    +

    +
    +

    NOTES

    +

    Some compiled versions of OpenSSL may not include all the ciphers +listed here because some ciphers were excluded at compile time.

    +

    +

    +
    +

    EXAMPLES

    +

    Verbose listing of all OpenSSL ciphers including NULL ciphers:

    +
    + openssl ciphers -v 'ALL:eNULL'
    +

    Include all ciphers except NULL and anonymous DH then sort by +strength:

    +
    + openssl ciphers -v 'ALL:!ADH:@STRENGTH'
    +

    Include all ciphers except ones with no encryption (eNULL) or no +authentication (aNULL):

    +
    + openssl ciphers -v 'ALL:!aNULL'
    +

    Include only 3DES ciphers and then place RSA ciphers last:

    +
    + openssl ciphers -v '3DES:+RSA'
    +

    Include all RC4 ciphers but leave out those without authentication:

    +
    + openssl ciphers -v 'RC4:!COMPLEMENTOFDEFAULT'
    +

    Include all ciphers with RSA authentication but leave out ciphers without +encryption.

    +
    + openssl ciphers -v 'RSA:!COMPLEMENTOFALL'
    +

    Set security level to 2 and display all ciphers consistent with level 2:

    +
    + openssl ciphers -s -v 'ALL:@SECLEVEL=2'
    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +openssl-s_client(1), +openssl-s_server(1), +ssl(7)

    +

    +

    +
    +

    HISTORY

    +

    The -V option was added in OpenSSL 1.0.0.

    +

    The -stdname is only available if OpenSSL is built with tracing enabled +(enable-ssl-trace argument to Configure) before OpenSSL 1.1.1.

    +

    The -convert option was added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-cmds.html b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-cmds.html new file mode 100755 index 0000000..a725019 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-cmds.html @@ -0,0 +1,187 @@ + + + + +openssl-cmds + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    asn1parse, +ca, +ciphers, +cms, +crl, +crl2pkcs7, +dgst, +dhparam, +dsa, +dsaparam, +ec, +ecparam, +enc, +engine, +errstr, +gendsa, +genpkey, +genrsa, +info, +kdf, +mac, +nseq, +ocsp, +passwd, +pkcs12, +pkcs7, +pkcs8, +pkey, +pkeyparam, +pkeyutl, +prime, +rand, +rehash, +req, +rsa, +rsautl, +s_client, +s_server, +s_time, +sess_id, +smime, +speed, +spkac, +srp, +storeutl, +ts, +verify, +version, +x509 +- OpenSSL application commands

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl cmd -help | [-option | -option arg] ... [arg] ...

    +

    +

    +
    +

    DESCRIPTION

    +

    Every cmd listed above is a (sub-)command of the openssl(1) application. +It has its own detailed manual page at openssl-cmd(1). For example, to +view the manual page for the openssl dgst command, type man openssl-dgst.

    +

    +

    +
    +

    OPTIONS

    +

    Among others, every subcommand has a help option.

    +
    +
    -help
    + +
    +

    Print out a usage message for the subcommand.

    +
    +
    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +openssl-asn1parse(1), +openssl-ca(1), +openssl-ciphers(1), +openssl-cms(1), +openssl-crl(1), +openssl-crl2pkcs7(1), +openssl-dgst(1), +openssl-dhparam(1), +openssl-dsa(1), +openssl-dsaparam(1), +openssl-ec(1), +openssl-ecparam(1), +openssl-enc(1), +openssl-engine(1), +openssl-errstr(1), +openssl-gendsa(1), +openssl-genpkey(1), +openssl-genrsa(1), +openssl-info(1), +openssl-kdf(1), +openssl-mac(1), +openssl-nseq(1), +openssl-ocsp(1), +openssl-passwd(1), +openssl-pkcs12(1), +openssl-pkcs7(1), +openssl-pkcs8(1), +openssl-pkey(1), +openssl-pkeyparam(1), +openssl-pkeyutl(1), +openssl-prime(1), +openssl-rand(1), +openssl-rehash(1), +openssl-req(1), +openssl-rsa(1), +openssl-rsautl(1), +openssl-s_client(1), +openssl-s_server(1), +openssl-s_time(1), +openssl-sess_id(1), +openssl-smime(1), +openssl-speed(1), +openssl-spkac(1), +openssl-srp(1), +openssl-storeutl(1), +openssl-ts(1), +openssl-verify(1), +openssl-version(1), +openssl-x509(1),

    +

    +

    +
    +

    HISTORY

    +

    Initially, the manual page entry for the openssl cmd command used +to be available at cmd(1). Later, the alias openssl-cmd(1) was +introduced, which made it easier to group the openssl commands using +the apropos(1) command or the shell's tab completion.

    +

    In order to reduce cluttering of the global manual page namespace, +the manual page entries without the 'openssl-' prefix have been +deprecated in OpenSSL 3.0 and will be removed in OpenSSL 4.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-cms.html b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-cms.html new file mode 100755 index 0000000..a400fe7 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-cms.html @@ -0,0 +1,867 @@ + + + + +openssl-cms + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    openssl-cms - CMS utility

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl cms +[-help] +[-encrypt] +[-decrypt] +[-debug_decrypt] +[-sign] +[-verify] +[-verify_retcode] +[-no_attr_verify] +[-nosigs] +[-no_content_verify] +[-cmsout] +[-resign] +[-cades] +[-data_create] +[-data_out] +[-digest_create] +[-digest_verify] +[-compress] +[-uncompress] +[-EncryptedData_decrypt] +[-EncryptedData_encrypt] +[-sign_receipt] +[-verify_receipt receipt] +[-in filename] +[-out filename] +[-inform DER|PEM|SMIME] +[-outform DER|PEM|SMIME] +[-rctform DER|PEM|SMIME] +[-keyform DER|PEM|ENGINE] +[-stream] +[-indef] +[-noindef] +[-content filename] +[-text] +[-noout] +[-print] +[-md digest] +[-cipher] +[-nointern] +[-noverify] +[-nocerts] +[-noattr] +[-nosmimecap] +[-binary] +[-crlfeol] +[-asciicrlf] +[-nodetach] +[-certfile file] +[-certsout file] +[-signer file] +[-recip file] +[-keyid] +[-receipt_request_all] +[-receipt_request_first] +[-receipt_request_from emailaddress] +[-receipt_request_to emailaddress] +[-receipt_request_print] +[-pwri_password password] +[-secretkey key] +[-secretkeyid id] +[-econtent_type type] +[-inkey file] +[-keyopt name:parameter] +[-passin arg] +[-to addr] +[-from addr] +[-subject subj] +[-allow_proxy_certs] +[-attime timestamp] +[-no_check_time] +[-check_ss_sig] +[-crl_check] +[-crl_check_all] +[-explicit_policy] +[-extended_crl] +[-ignore_critical] +[-inhibit_any] +[-inhibit_map] +[-partial_chain] +[-policy arg] +[-policy_check] +[-policy_print] +[-purpose purpose] +[-suiteB_128] +[-suiteB_128_only] +[-suiteB_192] +[-trusted_first] +[-no_alt_chains] +[-use_deltas] +[-auth_level num] +[-verify_depth num] +[-verify_email email] +[-verify_hostname hostname] +[-verify_ip ip] +[-verify_name name] +[-x509_strict] +[-issuer_checks]

    +

    [-CAfile file] +[-no-CAfile] +[-CApath dir] +[-no-CApath] +[-CAstore uri] +[-no-CAstore] +[-rand files] +[-writerand file] +[-engine id] +[cert.pem ...]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command handles S/MIME v3.1 mail. It can encrypt, decrypt, +sign and verify, compress and uncompress S/MIME messages.

    +

    +

    +
    +

    OPTIONS

    +

    There are fourteen operation options that set the type of operation to be +performed. The meaning of the other options varies according to the operation +type.

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -encrypt
    + +
    +

    Encrypt mail for the given recipient certificates. Input file is the message +to be encrypted. The output file is the encrypted mail in MIME format. The +actual CMS type is <B>EnvelopedData<B>.

    +

    Note that no revocation check is done for the recipient cert, so if that +key has been compromised, others may be able to decrypt the text.

    +
    +
    -decrypt
    + +
    +

    Decrypt mail using the supplied certificate and private key. Expects an +encrypted mail message in MIME format for the input file. The decrypted mail +is written to the output file.

    +
    +
    -debug_decrypt
    + +
    +

    This option sets the CMS_DEBUG_DECRYPT flag. This option should be used +with caution: see the notes section below.

    +
    +
    -sign
    + +
    +

    Sign mail using the supplied certificate and private key. Input file is +the message to be signed. The signed message in MIME format is written +to the output file.

    +
    +
    -verify
    + +
    +

    Verify signed mail. Expects a signed mail message on input and outputs +the signed data. Both clear text and opaque signing is supported.

    +
    +
    -verify_retcode
    + +
    +

    Exit nonzero on verification failure.

    +
    +
    -no_attr_verify
    + +
    +

    Do not verify signed attribute signatures.

    +
    +
    -no_content_verify
    + +
    +

    Do not verify signed content signatures.

    +
    +
    -nosigs
    + +
    +

    Don't verify message signature.

    +
    +
    -cmsout
    + +
    +

    Takes an input message and writes out a PEM encoded CMS structure.

    +
    +
    -resign
    + +
    +

    Resign a message: take an existing message and one or more new signers.

    +
    +
    -cades
    + +
    +

    Add an ESS signing-certificate or ESS signing-certificate-v2 signed-attribute to the SignerInfo, in order to make +the signature comply with the requirements for a CAdES Basic Electronic Signature (CAdES-BES). See the NOTES +section for more details.

    +
    +
    -data_create
    + +
    +

    Create a CMS Data type.

    +
    +
    -data_out
    + +
    +

    Data type and output the content.

    +
    +
    -digest_create
    + +
    +

    Create a CMS DigestedData type.

    +
    +
    -digest_verify
    + +
    +

    Verify a CMS DigestedData type and output the content.

    +
    +
    -compress
    + +
    +

    Create a CMS CompressedData type. OpenSSL must be compiled with zlib +support for this option to work, otherwise it will output an error.

    +
    +
    -uncompress
    + +
    +

    Uncompress a CMS CompressedData type and output the content. OpenSSL must be +compiled with zlib support for this option to work, otherwise it will +output an error.

    +
    +
    -EncryptedData_decrypt
    + +
    +

    Decrypt content using supplied symmetric key and algorithm using a CMS +EncryptedData type and output the content.

    +
    +
    -EncryptedData_encrypt
    + +
    +

    Encrypt content using supplied symmetric key and algorithm using a CMS +EncryptedData type and output the content.

    +
    +
    -sign_receipt
    + +
    +

    Generate and output a signed receipt for the supplied message. The input +message must contain a signed receipt request. Functionality is otherwise +similar to the -sign operation.

    +
    +
    -verify_receipt receipt
    + +
    +

    Verify a signed receipt in filename receipt. The input message must +contain the original receipt request. Functionality is otherwise similar +to the -verify operation.

    +
    +
    -in filename
    + +
    +

    The input message to be encrypted or signed or the message to be decrypted +or verified.

    +
    +
    -out filename
    + +
    +

    The message text that has been decrypted or verified or the output MIME +format message that has been signed or verified.

    +
    +
    -inform DER|PEM|SMIME
    + +
    +

    The input format of the CMS structure (if one is being read); +the default is SMIME. +See openssl(1)/Format Options for details.

    +
    +
    -outform DER|PEM|SMIME
    + +
    +

    The output format of the CMS structure (if one is being written); +the default is SMIME. +See openssl(1)/Format Options for details.

    +
    +
    -keyform DER|PEM|ENGINE
    + +
    +

    The format of the private key file; the default is PEM. +See openssl(1)/Format Options for details.

    +
    +
    -rctform DER|PEM|SMIME
    + +
    +

    The signed receipt format for use with the -receipt_verify; the default +is SMIME. +See openssl(1)/Format Options for details.

    +
    +
    -stream, -indef
    + +
    +

    The -stream and -indef options are equivalent and enable streaming I/O +for encoding operations. This permits single pass processing of data without +the need to hold the entire contents in memory, potentially supporting very +large files. Streaming is automatically set for S/MIME signing with detached +data if the output format is SMIME it is currently off by default for all +other operations.

    +
    +
    -noindef
    + +
    +

    Disable streaming I/O where it would produce and indefinite length constructed +encoding. This option currently has no effect. In future streaming will be +enabled by default on all relevant operations and this option will disable it.

    +
    +
    -content filename
    + +
    +

    This specifies a file containing the detached content, this is only +useful with the -verify command. This is only usable if the CMS +structure is using the detached signature form where the content is +not included. This option will override any content if the input format +is S/MIME and it uses the multipart/signed MIME content type.

    +
    +
    -text
    + +
    +

    This option adds plain text (text/plain) MIME headers to the supplied +message if encrypting or signing. If decrypting or verifying it strips +off text headers: if the decrypted or verified message is not of MIME +type text/plain then an error occurs.

    +
    +
    -noout
    + +
    +

    For the -cmsout operation do not output the parsed CMS structure. This +is useful when combined with the -print option or if the syntax of the CMS +structure is being checked.

    +
    +
    -print
    + +
    +

    For the -cmsout operation print out all fields of the CMS structure. This +is mainly useful for testing purposes.

    +
    +
    -md digest
    + +
    +

    Digest algorithm to use when signing or resigning. If not present then the +default digest algorithm for the signing key will be used (usually SHA1).

    +
    +
    -cipher
    + +
    +

    The encryption algorithm to use. For example triple DES (168 bits) - -des3 +or 256 bit AES - -aes256. Any standard algorithm name (as used by the +EVP_get_cipherbyname() function) can also be used preceded by a dash, for +example -aes-128-cbc. See openssl-enc(1) for a list of ciphers +supported by your version of OpenSSL.

    +

    If not specified triple DES is used. Only used with -encrypt and +-EncryptedData_create commands.

    +
    +
    -nointern
    + +
    +

    When verifying a message normally certificates (if any) included in +the message are searched for the signing certificate. With this option +only the certificates specified in the -certfile option are used. +The supplied certificates can still be used as untrusted CAs however.

    +
    +
    -noverify
    + +
    +

    Do not verify the signers certificate of a signed message.

    +
    +
    -nocerts
    + +
    +

    When signing a message the signer's certificate is normally included +with this option it is excluded. This will reduce the size of the +signed message but the verifier must have a copy of the signers certificate +available locally (passed using the -certfile option for example).

    +
    +
    -noattr
    + +
    +

    Normally when a message is signed a set of attributes are included which +include the signing time and supported symmetric algorithms. With this +option they are not included.

    +
    +
    -nosmimecap
    + +
    +

    Exclude the list of supported algorithms from signed attributes, other options +such as signing time and content type are still included.

    +
    +
    -binary
    + +
    +

    Normally the input message is converted to "canonical" format which is +effectively using CR and LF as end of line: as required by the S/MIME +specification. When this option is present no translation occurs. This +is useful when handling binary data which may not be in MIME format.

    +
    +
    -crlfeol
    + +
    +

    Normally the output file uses a single LF as end of line. When this +option is present CRLF is used instead.

    +
    +
    -asciicrlf
    + +
    +

    When signing use ASCII CRLF format canonicalisation. This strips trailing +whitespace from all lines, deletes trailing blank lines at EOF and sets +the encapsulated content type. This option is normally used with detached +content and an output signature format of DER. This option is not normally +needed when verifying as it is enabled automatically if the encapsulated +content format is detected.

    +
    +
    -nodetach
    + +
    +

    When signing a message use opaque signing: this form is more resistant +to translation by mail relays but it cannot be read by mail agents that +do not support S/MIME. Without this option cleartext signing with +the MIME type multipart/signed is used.

    +
    +
    -certfile file
    + +
    +

    Allows additional certificates to be specified. When signing these will +be included with the message. When verifying these will be searched for +the signers certificates. The certificates should be in PEM format.

    +
    +
    -certsout file
    + +
    +

    Any certificates contained in the message are written to file.

    +
    +
    -signer file
    + +
    +

    A signing certificate when signing or resigning a message, this option can be +used multiple times if more than one signer is required. If a message is being +verified then the signers certificates will be written to this file if the +verification was successful.

    +
    +
    -recip file
    + +
    +

    When decrypting a message this specifies the recipients certificate. The +certificate must match one of the recipients of the message or an error +occurs.

    +

    When encrypting a message this option may be used multiple times to specify +each recipient. This form must be used if customised parameters are +required (for example to specify RSA-OAEP).

    +

    Only certificates carrying RSA, Diffie-Hellman or EC keys are supported by this +option.

    +
    +
    -keyid
    + +
    +

    Use subject key identifier to identify certificates instead of issuer name and +serial number. The supplied certificate must include a subject key +identifier extension. Supported by -sign and -encrypt options.

    +
    +
    -receipt_request_all, -receipt_request_first
    + +
    +

    For -sign option include a signed receipt request. Indicate requests should +be provided by all recipient or first tier recipients (those mailed directly +and not from a mailing list). Ignored it -receipt_request_from is included.

    +
    +
    -receipt_request_from emailaddress
    + +
    +

    For -sign option include a signed receipt request. Add an explicit email +address where receipts should be supplied.

    +
    +
    -receipt_request_to emailaddress
    + +
    +

    Add an explicit email address where signed receipts should be sent to. This +option must but supplied if a signed receipt it requested.

    +
    +
    -receipt_request_print
    + +
    +

    For the -verify operation print out the contents of any signed receipt +requests.

    +
    +
    -pwri_password password
    + +
    +

    Specify password for recipient.

    +
    +
    -secretkey key
    + +
    +

    Specify symmetric key to use. The key must be supplied in hex format and be +consistent with the algorithm used. Supported by the -EncryptedData_encrypt +-EncryptedData_decrypt, -encrypt and -decrypt options. When used +with -encrypt or -decrypt the supplied key is used to wrap or unwrap the +content encryption key using an AES key in the KEKRecipientInfo type.

    +
    +
    -secretkeyid id
    + +
    +

    The key identifier for the supplied symmetric key for KEKRecipientInfo type. +This option must be present if the -secretkey option is used with +-encrypt. With -decrypt operations the id is used to locate the +relevant key if it is not supplied then an attempt is used to decrypt any +KEKRecipientInfo structures.

    +
    +
    -econtent_type type
    + +
    +

    Set the encapsulated content type to type if not supplied the Data type +is used. The type argument can be any valid OID name in either text or +numerical format.

    +
    +
    -inkey file
    + +
    +

    The private key to use when signing or decrypting. This must match the +corresponding certificate. If this option is not specified then the +private key must be included in the certificate file specified with +the -recip or -signer file. When signing this option can be used +multiple times to specify successive keys.

    +
    +
    -keyopt name:parameter
    + +
    +

    For signing and encryption this option can be used multiple times to +set customised parameters for the preceding key or certificate. It can +currently be used to set RSA-PSS for signing, RSA-OAEP for encryption +or to modify default parameters for ECDH.

    +
    +
    -passin arg
    + +
    +

    The private key password source. For more information about the format of arg +see openssl(1)/Pass Phrase Options.

    +
    +
    -to, -from, -subject
    + +
    +

    The relevant mail headers. These are included outside the signed +portion of a message so they may be included manually. If signing +then many S/MIME mail clients check the signers certificate's email +address matches that specified in the From: address.

    +
    +
    -allow_proxy_certs, -attime, -no_check_time, +-check_ss_sig, -crl_check, -crl_check_all, +-explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, +-inhibit_map, -no_alt_chains, -partial_chain, -policy, +-policy_check, -policy_print, -purpose, -suiteB_128, +-suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, +-auth_level, -verify_depth, -verify_email, -verify_hostname, +-verify_ip, -verify_name, -x509_strict -issuer_checks
    + +
    +

    Set various options of certificate chain verification. +See openssl(1)/Verification Options for details.

    +

    Any verification errors cause the command to exit.

    +
    +
    -CAfile file, -no-CAfile, -CApath dir, -no-CApath, +-CAstore uri, -no-CAstore
    + +
    +

    See openssl(1)/Trusted Certificate Options for details.

    +
    +
    -rand files, -writerand file
    + +
    +

    See openssl(1)/Random State Options for details.

    +
    +
    -engine id
    + +
    +

    See openssl(1)/Engine Options.

    +
    +
    cert.pem ...
    + +
    +

    One or more certificates of message recipients: used when encrypting +a message.

    +
    +
    +

    +

    +
    +

    NOTES

    +

    The MIME message must be sent without any blank lines between the +headers and the output. Some mail programs will automatically add +a blank line. Piping the mail directly to sendmail is one way to +achieve the correct format.

    +

    The supplied message to be signed or encrypted must include the +necessary MIME headers or many S/MIME clients won't display it +properly (if at all). You can use the -text option to automatically +add plain text headers.

    +

    A "signed and encrypted" message is one where a signed message is +then encrypted. This can be produced by encrypting an already signed +message: see the examples section.

    +

    This version of the program only allows one signer per message but it +will verify multiple signers on received messages. Some S/MIME clients +choke if a message contains multiple signers. It is possible to sign +messages "in parallel" by signing an already signed message.

    +

    The options -encrypt and -decrypt reflect common usage in S/MIME +clients. Strictly speaking these process CMS enveloped data: CMS +encrypted data is used for other purposes.

    +

    The -resign option uses an existing message digest when adding a new +signer. This means that attributes must be present in at least one existing +signer using the same message digest or this operation will fail.

    +

    The -stream and -indef options enable streaming I/O support. +As a result the encoding is BER using indefinite length constructed encoding +and no longer DER. Streaming is supported for the -encrypt operation and the +-sign operation if the content is not detached.

    +

    Streaming is always used for the -sign operation with detached data but +since the content is no longer part of the CMS structure the encoding +remains DER.

    +

    If the -decrypt option is used without a recipient certificate then an +attempt is made to locate the recipient by trying each potential recipient +in turn using the supplied private key. To thwart the MMA attack +(Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) all recipients are +tried whether they succeed or not and if no recipients match the message +is "decrypted" using a random key which will typically output garbage. +The -debug_decrypt option can be used to disable the MMA attack protection +and return an error if no recipient can be found: this option should be used +with caution. For a fuller description see CMS_decrypt(3)).

    +

    +

    +
    +

    CADES BASIC ELECTRONIC SIGNATURE (CADES-BES)

    +

    A CAdES Basic Electronic Signature (CAdES-BES), as defined in the European Standard ETSI EN 319 122-1 V1.1.1, contains:

    +
      +
    • +

      The signed user data as defined in CMS (RFC 3852);

      +
      • +
    • +

      Content-type of the EncapsulatedContentInfo value being signed;

      +
      • +
    • +

      Message-digest of the eContent OCTET STRING within encapContentInfo being signed;

      +
      • +
    • +

      An ESS signing-certificate or ESS signing-certificate-v2 attribute, as defined in Enhanced Security Services (ESS), RFC 2634 and RFC 5035. +An ESS signing-certificate attribute only allows for the use of SHA-1 as a digest algorithm. +An ESS signing-certificate-v2 attribute allows for the use of any digest algorithm.

      +
      • +
    • +

      The digital signature value computed on the user data and, when present, on the signed attributes.

      +

      Note that currently the -cades option applies only to the -sign operation and is ignored during +the -verify operation, i.e. the signing certification is not checked during the verification process. +This feature might be added in a future version.

      +
      • +
    +

    +

    +
    +

    EXIT CODES

    +
      +
    1. +

      The operation was completely successfully.

      +
      2. +
    2. +

      An error occurred parsing the command options.

      +
      3. +
    3. +

      One of the input files could not be read.

      +
      4. +
    4. +

      An error occurred creating the CMS file or when reading the MIME +message.

      +
      5. +
    5. +

      An error occurred decrypting or verifying the message.

      +
      6. +
    6. +

      The message was verified correctly but an error occurred writing out +the signers certificates.

      +
      7. +
    +

    +

    +
    +

    COMPATIBILITY WITH PKCS#7 FORMAT

    +

    openssl-smime(1) can only process the older PKCS#7 format. +openssl cms supports Cryptographic Message Syntax format. +Use of some features will result in messages which cannot be processed by +applications which only support the older format. These are detailed below.

    +

    The use of the -keyid option with -sign or -encrypt.

    +

    The -outform PEM option uses different headers.

    +

    The -compress option.

    +

    The -secretkey option when used with -encrypt.

    +

    The use of PSS with -sign.

    +

    The use of OAEP or non-RSA keys with -encrypt.

    +

    Additionally the -EncryptedData_create and -data_create type cannot +be processed by the older openssl-smime(1) command.

    +

    +

    +
    +

    EXAMPLES

    +

    Create a cleartext signed message:

    +
    + openssl cms -sign -in message.txt -text -out mail.msg \
+        -signer mycert.pem
    +

    Create an opaque signed message

    +
    + openssl cms -sign -in message.txt -text -out mail.msg -nodetach \
+        -signer mycert.pem
    +

    Create a signed message, include some additional certificates and +read the private key from another file:

    +
    + openssl cms -sign -in in.txt -text -out mail.msg \
+        -signer mycert.pem -inkey mykey.pem -certfile mycerts.pem
    +

    Create a signed message with two signers, use key identifier:

    +
    + openssl cms -sign -in message.txt -text -out mail.msg \
+        -signer mycert.pem -signer othercert.pem -keyid
    +

    Send a signed message under Unix directly to sendmail, including headers:

    +
    + openssl cms -sign -in in.txt -text -signer mycert.pem \
+        -from steve@openssl.org -to someone@somewhere \
+        -subject "Signed message" | sendmail someone@somewhere
    +

    Verify a message and extract the signer's certificate if successful:

    +
    + openssl cms -verify -in mail.msg -signer user.pem -out signedtext.txt
    +

    Send encrypted mail using triple DES:

    +
    + openssl cms -encrypt -in in.txt -from steve@openssl.org \
+        -to someone@somewhere -subject "Encrypted message" \
+        -des3 user.pem -out mail.msg
    +

    Sign and encrypt mail:

    +
    + openssl cms -sign -in ml.txt -signer my.pem -text \
+        | openssl cms -encrypt -out mail.msg \
+        -from steve@openssl.org -to someone@somewhere \
+        -subject "Signed and Encrypted message" -des3 user.pem
    +

    Note: the encryption command does not include the -text option because the +message being encrypted already has MIME headers.

    +

    Decrypt mail:

    +
    + openssl cms -decrypt -in mail.msg -recip mycert.pem -inkey key.pem
    +

    The output from Netscape form signing is a PKCS#7 structure with the +detached signature format. You can use this program to verify the +signature by line wrapping the base64 encoded structure and surrounding +it with:

    +
    + -----BEGIN PKCS7-----
+ -----END PKCS7-----
    +

    and using the command,

    +
    + openssl cms -verify -inform PEM -in signature.pem -content content.txt
    +

    alternatively you can base64 decode the signature and use

    +
    + openssl cms -verify -inform DER -in signature.der -content content.txt
    +

    Create an encrypted message using 128 bit Camellia:

    +
    + openssl cms -encrypt -in plain.txt -camellia128 -out mail.msg cert.pem
    +

    Add a signer to an existing message:

    +
    + openssl cms -resign -in mail.msg -signer newsign.pem -out mail2.msg
    +

    Sign mail using RSA-PSS:

    +
    + openssl cms -sign -in message.txt -text -out mail.msg \
+        -signer mycert.pem -keyopt rsa_padding_mode:pss
    +

    Create encrypted mail using RSA-OAEP:

    +
    + openssl cms -encrypt -in plain.txt -out mail.msg \
+        -recip cert.pem -keyopt rsa_padding_mode:oaep
    +

    Use SHA256 KDF with an ECDH certificate:

    +
    + openssl cms -encrypt -in plain.txt -out mail.msg \
+        -recip ecdhcert.pem -keyopt ecdh_kdf_md:sha256
    +

    +

    +
    +

    BUGS

    +

    The MIME parser isn't very clever: it seems to handle most messages that I've +thrown at it but it may choke on others.

    +

    The code currently will only write out the signer's certificate to a file: if +the signer has a separate encryption certificate this must be manually +extracted. There should be some heuristic that determines the correct +encryption certificate.

    +

    Ideally a database should be maintained of a certificates for each email +address.

    +

    The code doesn't currently take note of the permitted symmetric encryption +algorithms as supplied in the SMIMECapabilities signed attribute. this means the +user has to manually include the correct encryption algorithm. It should store +the list of permitted ciphers in a database and only use those.

    +

    No revocation checking is done on the signer's certificate.

    +

    +

    +
    +

    SEE ALSO

    +

    ossl_store-file(7)

    +

    +

    +
    +

    HISTORY

    +

    The use of multiple -signer options and the -resign command were first +added in OpenSSL 1.0.0.

    +

    The -keyopt option was added in OpenSSL 1.0.2.

    +

    Support for RSA-OAEP and RSA-PSS was added in OpenSSL 1.0.2.

    +

    The use of non-RSA keys with -encrypt and -decrypt +was added in OpenSSL 1.0.2.

    +

    The -no_alt_chains option was added in OpenSSL 1.0.2b.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-crl.html b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-crl.html new file mode 100755 index 0000000..b9f8252 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-crl.html @@ -0,0 +1,226 @@ + + + + +openssl-crl + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    openssl-crl - CRL utility

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl crl +[-help] +[-inform DER|PEM] +[-outform DER|PEM] +[-key filename] +[-keyform DER|PEM|ENGINE] +[-text] +[-in filename] +[-out filename] +[-gendelta filename] +[-badsig] +[-verify] +[-noout] +[-hash] +[-hash_old] +[-fingerprint] +[-crlnumber] +[-issuer] +[-lastupdate] +[-nextupdate] +[-nameopt option] +[-CAfile file] +[-no-CAfile] +[-CApath dir] +[-no-CApath] +[-CAstore uri] +[-no-CAstore]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command processes CRL files in DER or PEM format.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -inform DER|PEM, -outform DER|PEM
    + +
    +

    The input and output formats of the CRL; the default is PEM. +See openssl(1)/Format Options for details.

    +
    +
    -key filename
    + +
    +

    The private key to be used to sign the CRL.

    +
    +
    -keyform DER|PEM|ENGINE
    + +
    +

    The format of the private key file; the default is PEM. +See openssl(1)/Format Options for details.

    +
    +
    -in filename
    + +
    +

    This specifies the input filename to read from or standard input if this +option is not specified.

    +
    +
    -out filename
    + +
    +

    Specifies the output filename to write to or standard output by +default.

    +
    +
    -gendelta filename
    + +
    +

    Output a comparison of the main CRL and the one specified here.

    +
    +
    -badsig
    + +
    +

    Corrupt the signature before writing it; this can be useful +for testing.

    +
    +
    -text
    + +
    +

    Print out the CRL in text form.

    +
    +
    -verify
    + +
    +

    Verify the signature in the CRL.

    +
    +
    -noout
    + +
    +

    Don't output the encoded version of the CRL.

    +
    +
    -fingerprint
    + +
    +

    Output the fingerprint of the CRL.

    +
    +
    -crlnumber
    + +
    +

    Output the number of the CRL.

    +
    +
    -hash
    + +
    +

    Output a hash of the issuer name. This can be use to lookup CRLs in +a directory by issuer name.

    +
    +
    -hash_old
    + +
    +

    Outputs the "hash" of the CRL issuer name using the older algorithm +as used by OpenSSL before version 1.0.0.

    +
    +
    -issuer
    + +
    +

    Output the issuer name.

    +
    +
    -lastupdate
    + +
    +

    Output the lastUpdate field.

    +
    +
    -nextupdate
    + +
    +

    Output the nextUpdate field.

    +
    +
    -nameopt option
    + +
    +

    This specifies how the subject or issuer names are displayed. +See openssl(1)/Name Format Options for details.

    +
    +
    -CAfile file, -no-CAfile, -CApath dir, -no-CApath, +-CAstore uri, -no-CAstore
    + +
    +

    See openssl(1)/Trusted Certificate Options for details.

    +
    +
    +

    +

    +
    +

    EXAMPLES

    +

    Convert a CRL file from PEM to DER:

    +
    + openssl crl -in crl.pem -outform DER -out crl.der
    +

    Output the text form of a DER encoded certificate:

    +
    + openssl crl -in crl.der -inform DER -text -noout
    +

    +

    +
    +

    BUGS

    +

    Ideally it should be possible to create a CRL using appropriate options +and files too.

    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +openssl-crl2pkcs7(1), +openssl-ca(1), +openssl-x509(1), +ossl_store-file(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-crl2pkcs7.html b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-crl2pkcs7.html new file mode 100755 index 0000000..719ed17 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-crl2pkcs7.html @@ -0,0 +1,147 @@ + + + + +openssl-crl2pkcs7 + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    openssl-crl2pkcs7 - Create a PKCS#7 structure from a CRL and certificates

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl crl2pkcs7 +[-help] +[-inform DER|PEM] +[-outform DER|PEM] +[-in filename] +[-out filename] +[-certfile filename] +[-nocrl]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command takes an optional CRL and one or more +certificates and converts them into a PKCS#7 degenerate "certificates +only" structure.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -inform DER|PEM
    + +
    +

    The input format of the CRL; the default is PEM. +See openssl(1)/Format Options for details.

    +
    +
    -outform DER|PEM
    + +
    +

    The output format of the PKCS#7 object; the default is PEM. +See openssl(1)/Format Options for details.

    +
    +
    -in filename
    + +
    +

    This specifies the input filename to read a CRL from or standard input if this +option is not specified.

    +
    +
    -out filename
    + +
    +

    Specifies the output filename to write the PKCS#7 structure to or standard +output by default.

    +
    +
    -certfile filename
    + +
    +

    Specifies a filename containing one or more certificates in PEM format. +All certificates in the file will be added to the PKCS#7 structure. This +option can be used more than once to read certificates form multiple +files.

    +
    +
    -nocrl
    + +
    +

    Normally a CRL is included in the output file. With this option no CRL is +included in the output file and a CRL is not read from the input file.

    +
    +
    +

    +

    +
    +

    EXAMPLES

    +

    Create a PKCS#7 structure from a certificate and CRL:

    +
    + openssl crl2pkcs7 -in crl.pem -certfile cert.pem -out p7.pem
    +

    Creates a PKCS#7 structure in DER format with no CRL from several +different certificates:

    +
    + openssl crl2pkcs7 -nocrl -certfile newcert.pem
+        -certfile demoCA/cacert.pem -outform DER -out p7.der
    +

    +

    +
    +

    NOTES

    +

    The output file is a PKCS#7 signed data structure containing no signers and +just certificates and an optional CRL.

    +

    This command can be used to send certificates and CAs to Netscape as part of +the certificate enrollment process. This involves sending the DER encoded output +as MIME type application/x-x509-user-cert.

    +

    The PEM encoded form with the header and footer lines removed can be used to +install user certificates and CAs in MSIE using the Xenroll control.

    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +openssl-pkcs7(1)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-dgst.html b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-dgst.html new file mode 100755 index 0000000..681a8a9 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-dgst.html @@ -0,0 +1,309 @@ + + + + +openssl-dgst + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    openssl-dgst - perform digest operations

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl dgst|digest +[-digest] +[-help] +[-c] +[-d] +[-debug] +[-list] +[-hex] +[-binary] +[-r] +[-out filename] +[-sign filename] +[-keyform DER|PEM|P12|ENGINE] +[-passin arg] +[-verify filename] +[-prverify filename] +[-signature filename] +[-sigopt nm:v] +[-hmac key] +[-mac alg] +[-macopt nm:v] +[-fips-fingerprint] +[-engine id] +[-engine_impl id] +[-rand files] +[-writerand file] +[file ...]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command output the message digest of a supplied file or files +in hexadecimal, and also generates and verifies digital +signatures using message digests.

    +

    The generic name, openssl dgst, may be used with an option specifying the +algorithm to be used. +The default digest is sha256. +A supported digest name may also be used as the sub-command name. +To see the list of supported algorithms, use openssl list -digest-commands

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -digest
    + +
    +

    Specifies name of a supported digest to be used. To see the list of +supported digests, use the command list --digest-commands.

    +
    +
    -c
    + +
    +

    Print out the digest in two digit groups separated by colons, only relevant if +the -hex option is given as well.

    +
    +
    -d, -debug
    + +
    +

    Print out BIO debugging information.

    +
    +
    -list
    + +
    +

    Prints out a list of supported message digests.

    +
    +
    -hex
    + +
    +

    Digest is to be output as a hex dump. This is the default case for a "normal" +digest as opposed to a digital signature. See NOTES below for digital +signatures using -hex.

    +
    +
    -binary
    + +
    +

    Output the digest or signature in binary form.

    +
    +
    -r
    + +
    +

    Output the digest in the "coreutils" format, including newlines. +Used by programs like sha1sum(1).

    +
    +
    -out filename
    + +
    +

    Filename to output to, or standard output by default.

    +
    +
    -sign filename
    + +
    +

    Digitally sign the digest using the private key in "filename". Note this option +does not support Ed25519 or Ed448 private keys. Use the openssl-pkeyutl(1) +command instead for this.

    +
    +
    -keyform DER|PEM|P12|ENGINE
    + +
    +

    The format of the key to sign with; the default is PEM. +See openssl(1)/Format Options for details.

    +
    +
    -sigopt nm:v
    + +
    +

    Pass options to the signature algorithm during sign or verify operations. +Names and values of these options are algorithm-specific.

    +
    +
    -passin arg
    + +
    +

    The private key password source. For more information about the format of arg +see openssl(1)/Pass Phrase Options.

    +
    +
    -verify filename
    + +
    +

    Verify the signature using the public key in "filename". +The output is either "Verification OK" or "Verification Failure".

    +
    +
    -prverify filename
    + +
    +

    Verify the signature using the private key in "filename".

    +
    +
    -signature filename
    + +
    +

    The actual signature to verify.

    +
    +
    -hmac key
    + +
    +

    Create a hashed MAC using "key".

    +

    The openssl-mac(1) command should be preferred to using this command line +option.

    +
    +
    -mac alg
    + +
    +

    Create MAC (keyed Message Authentication Code). The most popular MAC +algorithm is HMAC (hash-based MAC), but there are other MAC algorithms +which are not based on hash, for instance gost-mac algorithm, +supported by the gost engine. MAC keys and other options should be set +via -macopt parameter.

    +

    The openssl-mac(1) command should be preferred to using this command line +option.

    +
    +
    -macopt nm:v
    + +
    +

    Passes options to MAC algorithm, specified by -mac key. +Following options are supported by both by HMAC and gost-mac:

    +
    +
    key:string
    + +
    +

    Specifies MAC key as alphanumeric string (use if key contain printable +characters only). String length must conform to any restrictions of +the MAC algorithm for example exactly 32 chars for gost-mac.

    +
    +
    hexkey:string
    + +
    +

    Specifies MAC key in hexadecimal form (two hex digits per byte). +Key length must conform to any restrictions of the MAC algorithm +for example exactly 32 chars for gost-mac.

    +
    +
    +

    The openssl-mac(1) command should be preferred to using this command line +option.

    +
    +
    -fips-fingerprint
    + +
    +

    Compute HMAC using a specific key for certain OpenSSL-FIPS operations.

    +
    +
    -rand files, -writerand file
    + +
    +

    See openssl(1)/Random State Options for details.

    +
    +
    -engine id
    + +
    +

    See openssl(1)/Engine Options. +The engine is not used for digests unless the -engine_impl option is +used or it is configured to do so, see config(5)/Engine Configuration Module.

    +
    +
    -engine_impl id
    + +
    +

    When used with the -engine option, it specifies to also use +engine id for digest operations.

    +
    +
    file ...
    + +
    +

    File or files to digest. If no files are specified then standard input is +used.

    +
    +
    +

    +

    +
    +

    EXAMPLES

    +

    To create a hex-encoded message digest of a file: + openssl dgst -md5 -hex file.txt

    +

    To sign a file using SHA-256 with binary file output: + openssl dgst -sha256 -sign privatekey.pem -out signature.sign file.txt

    +

    To verify a signature: + openssl dgst -sha256 -verify publickey.pem \ + -signature signature.sign \ + file.txt

    +

    +

    +
    +

    NOTES

    +

    The digest mechanisms that are available will depend on the options +used when building OpenSSL. +The openssl list -digest-commands command can be used to list them.

    +

    New or agile applications should use probably use SHA-256. Other digests, +particularly SHA-1 and MD5, are still widely used for interoperating +with existing formats and protocols.

    +

    When signing a file, this command will automatically determine the algorithm +(RSA, ECC, etc) to use for signing based on the private key's ASN.1 info. +When verifying signatures, it only handles the RSA, DSA, or ECDSA signature +itself, not the related data to identify the signer and algorithm used in +formats such as x.509, CMS, and S/MIME.

    +

    A source of random numbers is required for certain signing algorithms, in +particular ECDSA and DSA.

    +

    The signing and verify options should only be used if a single file is +being signed or verified.

    +

    Hex signatures cannot be verified using openssl. Instead, use "xxd -r" +or similar program to transform the hex signature into a binary signature +prior to verification.

    +

    The openssl-mac(1) command is preferred over the -hmac, -mac and +-macopt command line options.

    +

    +

    +
    +

    SEE ALSO

    +

    openssl-mac(1)

    +

    +

    +
    +

    HISTORY

    +

    The default digest was changed from MD5 to SHA256 in OpenSSL 1.1.0. +The FIPS-related options were removed in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-dhparam.html b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-dhparam.html new file mode 100755 index 0000000..32e462d --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-dhparam.html @@ -0,0 +1,199 @@ + + + + +openssl-dhparam + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    openssl-dhparam - DH parameter manipulation and generation

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl dhparam +[-help] +[-inform DER|PEM] +[-outform DER|PEM] +[-in filename] +[-out filename] +[-dsaparam] +[-check] +[-noout] +[-text] +[-C] +[-2] +[-3] +[-5] +[-engine id] +[-rand files] +[-writerand file] +[numbits]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command has been deprecated. +The openssl-pkeyparam(1) command should be used instead.

    +

    This command is used to manipulate DH parameter files.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -inform DER|PEM, -outform DER|PEM
    + +
    +

    The input format and output format; the default is PEM. +The object is compatible with the PKCS#3 DHparameter structure. +See openssl(1)/Format Options for details.

    +
    +
    -in filename
    + +
    +

    This specifies the input filename to read parameters from or standard input if +this option is not specified.

    +
    +
    -out filename
    + +
    +

    This specifies the output filename parameters to. Standard output is used +if this option is not present. The output filename should not be the same +as the input filename.

    +
    +
    -dsaparam
    + +
    +

    If this option is used, DSA rather than DH parameters are read or created; +they are converted to DH format. Otherwise, "strong" primes (such +that (p-1)/2 is also prime) will be used for DH parameter generation.

    +

    DH parameter generation with the -dsaparam option is much faster, +and the recommended exponent length is shorter, which makes DH key +exchange more efficient. Beware that with such DSA-style DH +parameters, a fresh DH key should be created for each use to +avoid small-subgroup attacks that may be possible otherwise.

    +
    +
    -check
    + +
    +

    Performs numerous checks to see if the supplied parameters are valid and +displays a warning if not.

    +
    +
    -2, -3, -5
    + +
    +

    The generator to use, either 2, 3 or 5. If present then the +input file is ignored and parameters are generated instead. If not +present but numbits is present, parameters are generated with the +default generator 2.

    +
    +
    numbits
    + +
    +

    This option specifies that a parameter set should be generated of size +numbits. It must be the last option. If this option is present then +the input file is ignored and parameters are generated instead. If +this option is not present but a generator (-2, -3 or -5) is +present, parameters are generated with a default length of 2048 bits. +The minimim length is 512 bits. The maximum length is 10000 bits.

    +
    +
    -noout
    + +
    +

    This option inhibits the output of the encoded version of the parameters.

    +
    +
    -text
    + +
    +

    This option prints out the DH parameters in human readable form.

    +
    +
    -C
    + +
    +

    This option converts the parameters into C code. The parameters can then +be loaded by calling the get_dhNNNN() function.

    +
    +
    -engine id
    + +
    +

    See openssl(1)/Engine Options.

    +
    +
    -rand files, -writerand file
    + +
    +

    See openssl(1)/Random State Options for details.

    +
    +
    +

    +

    +
    +

    NOTES

    +

    This command replaces the dh and gendh commands of previous +releases.

    +

    OpenSSL currently only supports the older PKCS#3 DH, not the newer X9.42 +DH.

    +

    This command manipulates DH parameters not keys.

    +

    +

    +
    +

    BUGS

    +

    There should be a way to generate and manipulate DH keys.

    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +openssl-pkeyparam(1), +openssl-dsaparam(1)

    +

    +

    +
    +

    HISTORY

    +

    This command was deprecated in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-dsa.html b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-dsa.html new file mode 100755 index 0000000..5199ef7 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-dsa.html @@ -0,0 +1,213 @@ + + + + +openssl-dsa + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    openssl-dsa - DSA key processing

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl dsa +[-help] +[-inform DER|PEM] +[-outform DER|PEM] +[-in filename] +[-passin arg] +[-out filename] +[-passout arg] +[-aes128] +[-aes192] +[-aes256] +[-aria128] +[-aria192] +[-aria256] +[-camellia128] +[-camellia192] +[-camellia256] +[-des] +[-des3] +[-idea] +[-text] +[-noout] +[-modulus] +[-pubin] +[-pubout] +[-engine id]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command has been deprecated. +The openssl-pkey(1) command should be used instead.

    +

    This command processes DSA keys. They can be converted between various +forms and their components printed out. Note This command uses the +traditional SSLeay compatible format for private key encryption: newer +applications should use the more secure PKCS#8 format using the pkcs8

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -inform DER|PEM, -outform DER|PEM
    + +
    +

    The input and formats; the default is PEM. +See openssl(1)/Format Options for details.

    +

    Private keys are a sequence of ASN.1 INTEGERS: the version (zero), p, +q, g, and the public and and private key components. Public keys +are a SubjectPublicKeyInfo structure with the DSA type.

    +

    The PEM format also accepts PKCS#8 data.

    +
    +
    -in filename
    + +
    +

    This specifies the input filename to read a key from or standard input if this +option is not specified. If the key is encrypted a pass phrase will be +prompted for.

    +
    +
    -out filename
    + +
    +

    This specifies the output filename to write a key to or standard output by +is not specified. If any encryption options are set then a pass phrase will be +prompted for. The output filename should not be the same as the input +filename.

    +
    +
    -passin arg, -passout arg
    + +
    +

    The password source for the input and output file. +For more information about the format of arg +see openssl(1)/Pass Phrase Options.

    +
    +
    -aes128, -aes192, -aes256, -aria128, -aria192, -aria256, -camellia128, -camellia192, -camellia256, -des, -des3, -idea
    + +
    +

    These options encrypt the private key with the specified +cipher before outputting it. A pass phrase is prompted for. +If none of these options is specified the key is written in plain text. This +means that this command can be used to remove the pass phrase from a key +by not giving any encryption option is given, or to add or change the pass +phrase by setting them. +These options can only be used with PEM format output files.

    +
    +
    -text
    + +
    +

    Prints out the public, private key components and parameters.

    +
    +
    -noout
    + +
    +

    This option prevents output of the encoded version of the key.

    +
    +
    -modulus
    + +
    +

    This option prints out the value of the public key component of the key.

    +
    +
    -pubin
    + +
    +

    By default, a private key is read from the input file. With this option a +public key is read instead.

    +
    +
    -pubout
    + +
    +

    By default, a private key is output. With this option a public +key will be output instead. This option is automatically set if the input is +a public key.

    +
    +
    -engine id
    + +
    +

    See openssl(1)/Engine Options.

    +
    +
    +

    +

    +
    +

    EXAMPLES

    +

    Examples equivalent to these can be found in the documentation for the +non-deprecated openssl-pkey(1) command.

    +

    To remove the pass phrase on a DSA private key:

    +
    + openssl dsa -in key.pem -out keyout.pem
    +

    To encrypt a private key using triple DES:

    +
    + openssl dsa -in key.pem -des3 -out keyout.pem
    +

    To convert a private key from PEM to DER format:

    +
    + openssl dsa -in key.pem -outform DER -out keyout.der
    +

    To print out the components of a private key to standard output:

    +
    + openssl dsa -in key.pem -text -noout
    +

    To just output the public part of a private key:

    +
    + openssl dsa -in key.pem -pubout -out pubkey.pem
    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +openssl-pkey(1), +openssl-dsaparam(1), +openssl-gendsa(1), +openssl-rsa(1), +openssl-genrsa(1)

    +

    +

    +
    +

    HISTORY

    +

    This command was deprecated in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-dsaparam.html b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-dsaparam.html new file mode 100755 index 0000000..28c6765 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-dsaparam.html @@ -0,0 +1,169 @@ + + + + +openssl-dsaparam + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    openssl-dsaparam - DSA parameter manipulation and generation

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl dsaparam +[-help] +[-inform DER|PEM] +[-outform DER|PEM] +[-in filename] +[-out filename] +[-noout] +[-text] +[-C] +[-genkey] +[-verbose] +[-rand files] +[-writerand file] +[-engine id] +[numbits]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command has been deprecated. +The openssl-pkeyparam(1) command should be used instead.

    +

    This command is used to manipulate or generate DSA parameter files.

    +

    DSA parameter generation can be a slow process and as a result the same set of +DSA parameters is often used to generate several distinct keys.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -inform DER|PEM, -outform DER|PEM
    + +
    +

    The input and formats; the default is PEM. +See openssl(1)/Format Options for details.

    +

    Parameters are a sequence of ASN.1 INTEGERs: p, q, and g. +This is compatible with RFC 2459 DSS-Parms structure.

    +
    +
    -in filename
    + +
    +

    This specifies the input filename to read parameters from or standard input if +this option is not specified. If the numbits parameter is included then +this option will be ignored.

    +
    +
    -out filename
    + +
    +

    This specifies the output filename parameters to. Standard output is used +if this option is not present. The output filename should not be the same +as the input filename.

    +
    +
    -noout
    + +
    +

    This option inhibits the output of the encoded version of the parameters.

    +
    +
    -text
    + +
    +

    This option prints out the DSA parameters in human readable form.

    +
    +
    -C
    + +
    +

    This option converts the parameters into C code. The parameters can then +be loaded by calling the get_dsaXXX() function.

    +
    +
    -genkey
    + +
    +

    This option will generate a DSA either using the specified or generated +parameters.

    +
    +
    -verbose
    + +
    +

    Print extra details about the operations being performed.

    +
    +
    -rand files, -writerand file
    + +
    +

    See openssl(1)/Random State Options for details.

    +
    +
    -engine id
    + +
    +

    See openssl(1)/Engine Options.

    +
    +
    numbits
    + +
    +

    This option specifies that a parameter set should be generated of size +numbits. It must be the last option. If this option is included then +the input file (if any) is ignored.

    +
    +
    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +openssl-pkeyparam(1), +openssl-gendsa(1), +openssl-dsa(1), +openssl-genrsa(1), +openssl-rsa(1)

    +

    +

    +
    +

    HISTORY

    +

    This command was deprecated in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-ec.html b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-ec.html new file mode 100755 index 0000000..5b1dbb8 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-ec.html @@ -0,0 +1,237 @@ + + + + +openssl-ec + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    openssl-ec - EC key processing

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl ec +[-help] +[-inform DER|PEM] +[-outform DER|PEM] +[-in filename] +[-passin arg] +[-out filename] +[-passout arg] +[-des] +[-des3] +[-idea] +[-text] +[-noout] +[-param_out] +[-pubin] +[-pubout] +[-conv_form arg] +[-param_enc arg] +[-no_public] +[-check] +[-engine id]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command has been deprecated. +The openssl-pkey(1) command should be used instead.

    +

    The openssl-ec(1) command processes EC keys. They can be converted between +various forms and their components printed out. Note OpenSSL uses the +private key format specified in 'SEC 1: Elliptic Curve Cryptography' +(http://www.secg.org/). To convert an OpenSSL EC private key into the +PKCS#8 private key format use the openssl-pkcs8(1) command.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -inform DER|PEM, -outform DER|PEM
    + +
    +

    The input and formats; the default is PEM. +See openssl(1)/Format Options for details.

    +

    Private keys are an SEC1 private key or PKCS#8 format. +Public keys are a SubjectPublicKeyInfo as specified in IETF RFC 3280.

    +
    +
    -in filename
    + +
    +

    This specifies the input filename to read a key from or standard input if this +option is not specified. If the key is encrypted a pass phrase will be +prompted for.

    +
    +
    -out filename
    + +
    +

    This specifies the output filename to write a key to or standard output by +is not specified. If any encryption options are set then a pass phrase will be +prompted for. The output filename should not be the same as the input +filename.

    +
    +
    -passin arg, -passout arg
    + +
    +

    The password source for the input and output file. +For more information about the format of arg +see openssl(1)/Pass Phrase Options.

    +
    +
    -des|-des3|-idea
    + +
    +

    These options encrypt the private key with the DES, triple DES, IDEA or +any other cipher supported by OpenSSL before outputting it. A pass phrase is +prompted for. +If none of these options is specified the key is written in plain text. This +means that using this command to read in an encrypted key with no +encryption option can be used to remove the pass phrase from a key, or by +setting the encryption options it can be use to add or change the pass phrase. +These options can only be used with PEM format output files.

    +
    +
    -text
    + +
    +

    Prints out the public, private key components and parameters.

    +
    +
    -noout
    + +
    +

    This option prevents output of the encoded version of the key.

    +
    +
    -pubin
    + +
    +

    By default, a private key is read from the input file. With this option a +public key is read instead.

    +
    +
    -pubout
    + +
    +

    By default a private key is output. With this option a public +key will be output instead. This option is automatically set if the input is +a public key.

    +
    +
    -conv_form arg
    + +
    +

    This specifies how the points on the elliptic curve are converted +into octet strings. Possible values are: compressed (the default +value), uncompressed and hybrid. For more information regarding +the point conversion forms please read the X9.62 standard. +Note Due to patent issues the compressed option is disabled +by default for binary curves and can be enabled by defining +the preprocessor macro OPENSSL_EC_BIN_PT_COMP at compile time.

    +
    +
    -param_enc arg
    + +
    +

    This specifies how the elliptic curve parameters are encoded. +Possible value are: named_curve, i.e. the ec parameters are +specified by an OID, or explicit where the ec parameters are +explicitly given (see RFC 3279 for the definition of the +EC parameters structures). The default value is named_curve. +Note the implicitlyCA alternative, as specified in RFC 3279, +is currently not implemented in OpenSSL.

    +
    +
    -no_public
    + +
    +

    This option omits the public key components from the private key output.

    +
    +
    -check
    + +
    +

    This option checks the consistency of an EC private or public key.

    +
    +
    -engine id
    + +
    +

    See openssl(1)/Engine Options.

    +
    +
    +

    +

    +
    +

    EXAMPLES

    +

    Examples equivalent to these can be found in the documentation for the +non-deprecated openssl-pkey(1) command.

    +

    To encrypt a private key using triple DES:

    +
    + openssl ec -in key.pem -des3 -out keyout.pem
    +

    To convert a private key from PEM to DER format:

    +
    + openssl ec -in key.pem -outform DER -out keyout.der
    +

    To print out the components of a private key to standard output:

    +
    + openssl ec -in key.pem -text -noout
    +

    To just output the public part of a private key:

    +
    + openssl ec -in key.pem -pubout -out pubkey.pem
    +

    To change the parameters encoding to explicit:

    +
    + openssl ec -in key.pem -param_enc explicit -out keyout.pem
    +

    To change the point conversion form to compressed:

    +
    + openssl ec -in key.pem -conv_form compressed -out keyout.pem
    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +openssl-pkey(1), +openssl-ecparam(1), +openssl-dsa(1), +openssl-rsa(1)

    +

    +

    +
    +

    HISTORY

    +

    This command was deprecated in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2003-2020 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-ecparam.html b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-ecparam.html new file mode 100755 index 0000000..4ad0c41 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-ecparam.html @@ -0,0 +1,234 @@ + + + + +openssl-ecparam + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    openssl-ecparam - EC parameter manipulation and generation

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl ecparam +[-help] +[-inform DER|PEM] +[-outform DER|PEM] +[-in filename] +[-out filename] +[-noout] +[-text] +[-C] +[-check] +[-check_named] +[-name arg] +[-list_curves] +[-conv_form arg] +[-param_enc arg] +[-no_seed] +[-genkey] +[-engine id] +[-rand files] +[-writerand file]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command has been deprecated. +The openssl-genpkey(1) and openssl-pkeyparam(1) commands +should be used instead.

    +

    This command is used to manipulate or generate EC parameter files.

    +

    OpenSSL is currently not able to generate new groups and therefore +this command can only create EC parameters from known (named) curves.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -inform DER|PEM, -outform DER|PEM
    + +
    +

    The input and formats; the default is PEM. +See openssl(1)/Format Options for details.

    +

    Parameters are encoded as EcpkParameters as specified in IETF RFC 3279.

    +
    +
    -in filename
    + +
    +

    This specifies the input filename to read parameters from or standard input if +this option is not specified.

    +
    +
    -out filename
    + +
    +

    This specifies the output filename parameters to. Standard output is used +if this option is not present. The output filename should not be the same +as the input filename.

    +
    +
    -noout
    + +
    +

    This option inhibits the output of the encoded version of the parameters.

    +
    +
    -text
    + +
    +

    This option prints out the EC parameters in human readable form.

    +
    +
    -C
    + +
    +

    This option converts the EC parameters into C code. The parameters can then +be loaded by calling the get_ec_group_XXX() function.

    +
    +
    -check
    + +
    +

    Validate the elliptic curve parameters.

    +
    +
    -check_named
    + +
    +

    Validate the elliptic name curve parameters by checking if the curve parameters +match any built-in curves.

    +
    +
    -name arg
    + +
    +

    Use the EC parameters with the specified 'short' name. Use -list_curves +to get a list of all currently implemented EC parameters.

    +
    +
    -list_curves
    + +
    +

    Print out a list of all currently implemented EC parameters names and exit.

    +
    +
    -conv_form arg
    + +
    +

    This specifies how the points on the elliptic curve are converted +into octet strings. Possible values are: compressed, uncompressed (the +default value) and hybrid. For more information regarding +the point conversion forms please read the X9.62 standard. +Note Due to patent issues the compressed option is disabled +by default for binary curves and can be enabled by defining +the preprocessor macro OPENSSL_EC_BIN_PT_COMP at compile time.

    +
    +
    -param_enc arg
    + +
    +

    This specifies how the elliptic curve parameters are encoded. +Possible value are: named_curve, i.e. the ec parameters are +specified by an OID, or explicit where the ec parameters are +explicitly given (see RFC 3279 for the definition of the +EC parameters structures). The default value is named_curve. +Note the implicitlyCA alternative, as specified in RFC 3279, +is currently not implemented in OpenSSL.

    +
    +
    -no_seed
    + +
    +

    This option inhibits that the 'seed' for the parameter generation +is included in the ECParameters structure (see RFC 3279).

    +
    +
    -genkey
    + +
    +

    This option will generate an EC private key using the specified parameters.

    +
    +
    -engine id
    + +
    +

    See openssl(1)/Engine Options.

    +
    +
    -rand files, -writerand file
    + +
    +

    See openssl(1)/Random State Options for details.

    +
    +
    +

    +

    +
    +

    EXAMPLES

    +

    Examples equivalent to these can be found in the documentation for the +non-deprecated openssl-genpkey(1) and openssl-pkeyparam(1) commands.

    +

    To create EC parameters with the group 'prime192v1':

    +
    +  openssl ecparam -out ec_param.pem -name prime192v1
    +

    To create EC parameters with explicit parameters:

    +
    +  openssl ecparam -out ec_param.pem -name prime192v1 -param_enc explicit
    +

    To validate given EC parameters:

    +
    +  openssl ecparam -in ec_param.pem -check
    +

    To create EC parameters and a private key:

    +
    +  openssl ecparam -out ec_key.pem -name prime192v1 -genkey
    +

    To change the point encoding to 'compressed':

    +
    +  openssl ecparam -in ec_in.pem -out ec_out.pem -conv_form compressed
    +

    To print out the EC parameters to standard output:

    +
    +  openssl ecparam -in ec_param.pem -noout -text
    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +openssl-pkeyparam(1), +openssl-genpkey(1), +openssl-ec(1), +openssl-dsaparam(1)

    +

    +

    +
    +

    HISTORY

    +

    This command was deprecated in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2003-2020 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-enc.html b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-enc.html new file mode 100755 index 0000000..72cbc1b --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-enc.html @@ -0,0 +1,492 @@ + + + + +openssl-enc + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    openssl-enc - symmetric cipher routines

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl enc|cipher +[-cipher] +[-help] +[-list] +[-ciphers] +[-in filename] +[-out filename] +[-pass arg] +[-e] +[-d] +[-a] +[-base64] +[-A] +[-k password] +[-kfile filename] +[-K key] +[-iv IV] +[-S salt] +[-salt] +[-nosalt] +[-z] +[-md digest] +[-iter count] +[-pbkdf2] +[-p] +[-P] +[-bufsize number] +[-nopad] +[-v] +[-debug] +[-none] +[-engine id] +[-rand files] +[-writerand file]

    +

    openssl cipher [...]

    +

    +

    +
    +

    DESCRIPTION

    +

    The symmetric cipher commands allow data to be encrypted or decrypted +using various block and stream ciphers using keys based on passwords +or explicitly provided. Base64 encoding or decoding can also be performed +either by itself or in addition to the encryption or decryption.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -list
    + +
    +

    List all supported ciphers.

    +
    +
    -ciphers
    + +
    +

    Alias of -list to display all supported ciphers.

    +
    +
    -in filename
    + +
    +

    The input filename, standard input by default.

    +
    +
    -out filename
    + +
    +

    The output filename, standard output by default.

    +
    +
    -pass arg
    + +
    +

    The password source. For more information about the format of arg +see openssl(1)/Pass Phrase Options.

    +
    +
    -e
    + +
    +

    Encrypt the input data: this is the default.

    +
    +
    -d
    + +
    +

    Decrypt the input data.

    +
    +
    -a
    + +
    +

    Base64 process the data. This means that if encryption is taking place +the data is base64 encoded after encryption. If decryption is set then +the input data is base64 decoded before being decrypted.

    +
    +
    -base64
    + +
    +

    Same as -a

    +
    +
    -A
    + +
    +

    If the -a option is set then base64 process the data on one line.

    +
    +
    -k password
    + +
    +

    The password to derive the key from. This is for compatibility with previous +versions of OpenSSL. Superseded by the -pass argument.

    +
    +
    -kfile filename
    + +
    +

    Read the password to derive the key from the first line of filename. +This is for compatibility with previous versions of OpenSSL. Superseded by +the -pass argument.

    +
    +
    -md digest
    + +
    +

    Use the specified digest to create the key from the passphrase. +The default algorithm is sha-256.

    +
    +
    -iter count
    + +
    +

    Use a given number of iterations on the password in deriving the encryption key. +High values increase the time required to brute-force the resulting file. +This option enables the use of PBKDF2 algorithm to derive the key.

    +
    +
    -pbkdf2
    + +
    +

    Use PBKDF2 algorithm with default iteration count unless otherwise specified.

    +
    +
    -nosalt
    + +
    +

    Don't use a salt in the key derivation routines. This option SHOULD NOT be +used except for test purposes or compatibility with ancient versions of +OpenSSL.

    +
    +
    -salt
    + +
    +

    Use salt (randomly generated or provide with -S option) when +encrypting, this is the default.

    +
    +
    -S salt
    + +
    +

    The actual salt to use: this must be represented as a string of hex digits.

    +
    +
    -K key
    + +
    +

    The actual key to use: this must be represented as a string comprised only +of hex digits. If only the key is specified, the IV must additionally specified +using the -iv option. When both a key and a password are specified, the +key given with the -K option will be used and the IV generated from the +password will be taken. It does not make much sense to specify both key +and password.

    +
    +
    -iv IV
    + +
    +

    The actual IV to use: this must be represented as a string comprised only +of hex digits. When only the key is specified using the -K option, the +IV must explicitly be defined. When a password is being specified using +one of the other options, the IV is generated from this password.

    +
    +
    -p
    + +
    +

    Print out the key and IV used.

    +
    +
    -P
    + +
    +

    Print out the key and IV used then immediately exit: don't do any encryption +or decryption.

    +
    +
    -bufsize number
    + +
    +

    Set the buffer size for I/O.

    +
    +
    -nopad
    + +
    +

    Disable standard block padding.

    +
    +
    -v
    + +
    +

    Verbose print; display some statistics about I/O and buffer sizes.

    +
    +
    -debug
    + +
    +

    Debug the BIOs used for I/O.

    +
    +
    -z
    + +
    +

    Compress or decompress clear text using zlib before encryption or after +decryption. This option exists only if OpenSSL with compiled with zlib +or zlib-dynamic option.

    +
    +
    -none
    + +
    +

    Use NULL cipher (no encryption or decryption of input).

    +
    +
    -rand files, -writerand file
    + +
    +

    See openssl(1)/Random State Options for details.

    +
    +
    -engine id
    + +
    +

    See openssl(1)/Engine Options.

    +
    +
    +

    +

    +
    +

    NOTES

    +

    The program can be called either as openssl cipher or +openssl enc -cipher. The first form doesn't work with +engine-provided ciphers, because this form is processed before the +configuration file is read and any ENGINEs loaded. +Use the openssl-list(1) command to get a list of supported ciphers.

    +

    Engines which provide entirely new encryption algorithms (such as the ccgost +engine which provides gost89 algorithm) should be configured in the +configuration file. Engines specified on the command line using -engine +option can only be used for hardware-assisted implementations of +ciphers which are supported by the OpenSSL core or another engine specified +in the configuration file.

    +

    When the enc command lists supported ciphers, ciphers provided by engines, +specified in the configuration files are listed too.

    +

    A password will be prompted for to derive the key and IV if necessary.

    +

    The -salt option should ALWAYS be used if the key is being derived +from a password unless you want compatibility with previous versions of +OpenSSL.

    +

    Without the -salt option it is possible to perform efficient dictionary +attacks on the password and to attack stream cipher encrypted data. The reason +for this is that without the salt the same password always generates the same +encryption key. When the salt is being used the first eight bytes of the +encrypted data are reserved for the salt: it is generated at random when +encrypting a file and read from the encrypted file when it is decrypted.

    +

    Some of the ciphers do not have large keys and others have security +implications if not used correctly. A beginner is advised to just use +a strong block cipher, such as AES, in CBC mode.

    +

    All the block ciphers normally use PKCS#5 padding, also known as standard +block padding. This allows a rudimentary integrity or password check to +be performed. However since the chance of random data passing the test +is better than 1 in 256 it isn't a very good test.

    +

    If padding is disabled then the input data must be a multiple of the cipher +block length.

    +

    All RC2 ciphers have the same key and effective key length.

    +

    Blowfish and RC5 algorithms use a 128 bit key.

    +

    +

    +
    +

    SUPPORTED CIPHERS

    +

    Note that some of these ciphers can be disabled at compile time +and some are available only if an appropriate engine is configured +in the configuration file. The output when invoking this command +with the -ciphers option (that is openssl enc -ciphers) is +a list of ciphers, supported by your version of OpenSSL, including +ones provided by configured engines.

    +

    This command does not support authenticated encryption modes +like CCM and GCM, and will not support such modes in the future. +This is due to having to begin streaming output (e.g., to standard output +when -out is not used) before the authentication tag could be validated. +When this command is used in a pipeline, the receiving end will not be +able to roll back upon authentication failure. The AEAD modes currently in +common use also suffer from catastrophic failure of confidentiality and/or +integrity upon reuse of key/iv/nonce, and since openssl enc places the +entire burden of key/iv/nonce management upon the user, the risk of +exposing AEAD modes is too great to allow. These key/iv/nonce +management issues also affect other modes currently exposed in this command, +but the failure modes are less extreme in these cases, and the +functionality cannot be removed with a stable release branch. +For bulk encryption of data, whether using authenticated encryption +modes or other modes, openssl-cms(1) is recommended, as it provides a +standard data format and performs the needed key/iv/nonce management.

    +
    + base64             Base 64
    +
    + bf-cbc             Blowfish in CBC mode
+ bf                 Alias for bf-cbc
+ blowfish           Alias for bf-cbc
+ bf-cfb             Blowfish in CFB mode
+ bf-ecb             Blowfish in ECB mode
+ bf-ofb             Blowfish in OFB mode
    +
    + cast-cbc           CAST in CBC mode
+ cast               Alias for cast-cbc
+ cast5-cbc          CAST5 in CBC mode
+ cast5-cfb          CAST5 in CFB mode
+ cast5-ecb          CAST5 in ECB mode
+ cast5-ofb          CAST5 in OFB mode
    +
    + chacha20           ChaCha20 algorithm
    +
    + des-cbc            DES in CBC mode
+ des                Alias for des-cbc
+ des-cfb            DES in CFB mode
+ des-ofb            DES in OFB mode
+ des-ecb            DES in ECB mode
    +
    + des-ede-cbc        Two key triple DES EDE in CBC mode
+ des-ede            Two key triple DES EDE in ECB mode
+ des-ede-cfb        Two key triple DES EDE in CFB mode
+ des-ede-ofb        Two key triple DES EDE in OFB mode
    +
    + des-ede3-cbc       Three key triple DES EDE in CBC mode
+ des-ede3           Three key triple DES EDE in ECB mode
+ des3               Alias for des-ede3-cbc
+ des-ede3-cfb       Three key triple DES EDE CFB mode
+ des-ede3-ofb       Three key triple DES EDE in OFB mode
    +
    + desx               DESX algorithm.
    +
    + gost89             GOST 28147-89 in CFB mode (provided by ccgost engine)
+ gost89-cnt        `GOST 28147-89 in CNT mode (provided by ccgost engine)
    +
    + idea-cbc           IDEA algorithm in CBC mode
+ idea               same as idea-cbc
+ idea-cfb           IDEA in CFB mode
+ idea-ecb           IDEA in ECB mode
+ idea-ofb           IDEA in OFB mode
    +
    + rc2-cbc            128 bit RC2 in CBC mode
+ rc2                Alias for rc2-cbc
+ rc2-cfb            128 bit RC2 in CFB mode
+ rc2-ecb            128 bit RC2 in ECB mode
+ rc2-ofb            128 bit RC2 in OFB mode
+ rc2-64-cbc         64 bit RC2 in CBC mode
+ rc2-40-cbc         40 bit RC2 in CBC mode
    +
    + rc4                128 bit RC4
+ rc4-64             64 bit RC4
+ rc4-40             40 bit RC4
    +
    + rc5-cbc            RC5 cipher in CBC mode
+ rc5                Alias for rc5-cbc
+ rc5-cfb            RC5 cipher in CFB mode
+ rc5-ecb            RC5 cipher in ECB mode
+ rc5-ofb            RC5 cipher in OFB mode
    +
    + seed-cbc           SEED cipher in CBC mode
+ seed               Alias for seed-cbc
+ seed-cfb           SEED cipher in CFB mode
+ seed-ecb           SEED cipher in ECB mode
+ seed-ofb           SEED cipher in OFB mode
    +
    + sm4-cbc            SM4 cipher in CBC mode
+ sm4                Alias for sm4-cbc
+ sm4-cfb            SM4 cipher in CFB mode
+ sm4-ctr            SM4 cipher in CTR mode
+ sm4-ecb            SM4 cipher in ECB mode
+ sm4-ofb            SM4 cipher in OFB mode
    +
    + aes-[128|192|256]-cbc  128/192/256 bit AES in CBC mode
+ aes[128|192|256]       Alias for aes-[128|192|256]-cbc
+ aes-[128|192|256]-cfb  128/192/256 bit AES in 128 bit CFB mode
+ aes-[128|192|256]-cfb1 128/192/256 bit AES in 1 bit CFB mode
+ aes-[128|192|256]-cfb8 128/192/256 bit AES in 8 bit CFB mode
+ aes-[128|192|256]-ctr  128/192/256 bit AES in CTR mode
+ aes-[128|192|256]-ecb  128/192/256 bit AES in ECB mode
+ aes-[128|192|256]-ofb  128/192/256 bit AES in OFB mode
    +
    + aria-[128|192|256]-cbc  128/192/256 bit ARIA in CBC mode
+ aria[128|192|256]       Alias for aria-[128|192|256]-cbc
+ aria-[128|192|256]-cfb  128/192/256 bit ARIA in 128 bit CFB mode
+ aria-[128|192|256]-cfb1 128/192/256 bit ARIA in 1 bit CFB mode
+ aria-[128|192|256]-cfb8 128/192/256 bit ARIA in 8 bit CFB mode
+ aria-[128|192|256]-ctr  128/192/256 bit ARIA in CTR mode
+ aria-[128|192|256]-ecb  128/192/256 bit ARIA in ECB mode
+ aria-[128|192|256]-ofb  128/192/256 bit ARIA in OFB mode
    +
    + camellia-[128|192|256]-cbc  128/192/256 bit Camellia in CBC mode
+ camellia[128|192|256]       Alias for camellia-[128|192|256]-cbc
+ camellia-[128|192|256]-cfb  128/192/256 bit Camellia in 128 bit CFB mode
+ camellia-[128|192|256]-cfb1 128/192/256 bit Camellia in 1 bit CFB mode
+ camellia-[128|192|256]-cfb8 128/192/256 bit Camellia in 8 bit CFB mode
+ camellia-[128|192|256]-ctr  128/192/256 bit Camellia in CTR mode
+ camellia-[128|192|256]-ecb  128/192/256 bit Camellia in ECB mode
+ camellia-[128|192|256]-ofb  128/192/256 bit Camellia in OFB mode
    +

    +

    +
    +

    EXAMPLES

    +

    Just base64 encode a binary file:

    +
    + openssl base64 -in file.bin -out file.b64
    +

    Decode the same file

    +
    + openssl base64 -d -in file.b64 -out file.bin
    +

    Encrypt a file using AES-128 using a prompted password +and PBKDF2 key derivation:

    +
    + openssl enc -aes128 -pbkdf2 -in file.txt -out file.aes128
    +

    Decrypt a file using a supplied password:

    +
    + openssl enc -aes128 -pbkdf2 -d -in file.aes128 -out file.txt \
+    -pass pass:<password>
    +

    Encrypt a file then base64 encode it (so it can be sent via mail for example) +using AES-256 in CTR mode and PBKDF2 key derivation:

    +
    + openssl enc -aes-256-ctr -pbkdf2 -a -in file.txt -out file.aes256
    +

    Base64 decode a file then decrypt it using a password supplied in a file:

    +
    + openssl enc -aes-256-ctr -pbkdf2 -d -a -in file.aes256 -out file.txt \
+    -pass file:<passfile>;
    +

    +

    +
    +

    BUGS

    +

    The -A option when used with large files doesn't work properly.

    +

    The openssl enc command only supports a fixed number of algorithms with +certain parameters. So if, for example, you want to use RC2 with a +76 bit key or RC4 with an 84 bit key you can't use this program.

    +

    +

    +
    +

    HISTORY

    +

    The default digest was changed from MD5 to SHA256 in OpenSSL 1.1.0.

    +

    The -list option was added in OpenSSL 1.1.1e.

    +

    The -ciphers option was deprecated in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-engine.html b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-engine.html new file mode 100755 index 0000000..d613295 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-engine.html @@ -0,0 +1,168 @@ + + + + +openssl-engine + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    openssl-engine - load and query engines

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl engine +[-help] +[-v] +[-vv] +[-vvv] +[-vvvv] +[-c] +[-t] +[-tt] +[-pre command] ... +[-post command] ... +[engine ...]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command is used to query the status and capabilities +of the specified engines. +Engines may be specified before and after all other command-line flags. +Only those specified are queried.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Display an option summary.

    +
    +
    -v -vv -vvv -vvvv
    + +
    +

    Provides information about each specified engine. The first flag lists +all the possible run-time control commands; the second adds a +description of each command; the third adds the input flags, and the +final option adds the internal input flags.

    +
    +
    -c
    + +
    +

    Lists the capabilities of each engine.

    +
    +
    -t
    + +
    +

    Tests if each specified engine is available, and displays the answer.

    +
    +
    -tt
    + +
    +

    Displays an error trace for any unavailable engine.

    +
    +
    -pre command
    + +
    -post command
    + +
    +

    Command-line configuration of engines. +The -pre command is given to the engine before it is loaded and +the -post command is given after the engine is loaded. +The command is of the form cmd:val where cmd is the command, +and val is the value for the command. +See the example below.

    +

    These two options are cumulative, so they may be given more than once in the +same command.

    +
    +
    +

    +

    +
    +

    EXAMPLES

    +

    To list all the commands available to a dynamic engine:

    +
    + $ openssl engine -t -tt -vvvv dynamic
+ (dynamic) Dynamic engine loading support
+      [ unavailable ]
+      SO_PATH: Specifies the path to the new ENGINE shared library
+           (input flags): STRING
+      NO_VCHECK: Specifies to continue even if version checking fails (boolean)
+           (input flags): NUMERIC
+      ID: Specifies an ENGINE id name for loading
+           (input flags): STRING
+      LIST_ADD: Whether to add a loaded ENGINE to the internal list (0=no,1=yes,2=mandatory)
+           (input flags): NUMERIC
+      DIR_LOAD: Specifies whether to load from 'DIR_ADD' directories (0=no,1=yes,2=mandatory)
+           (input flags): NUMERIC
+      DIR_ADD: Adds a directory from which ENGINEs can be loaded
+           (input flags): STRING
+      LOAD: Load up the ENGINE specified by other settings
+           (input flags): NO_INPUT
    +

    To list the capabilities of the rsax engine:

    +
    + $ openssl engine -c
+ (rsax) RSAX engine support
+  [RSA]
+ (dynamic) Dynamic engine loading support
    +

    +

    +
    +

    ENVIRONMENT

    +
    +
    OPENSSL_ENGINES
    + +
    +

    The path to the engines directory.

    +
    +
    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +config(5)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-errstr.html b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-errstr.html new file mode 100755 index 0000000..25f6b19 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-errstr.html @@ -0,0 +1,87 @@ + + + + +openssl-errstr + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    openssl-errstr - lookup error codes

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl errstr +[-help] +error_code...

    +

    +

    +
    +

    DESCRIPTION

    +

    Sometimes an application will not load error message texts and only +numerical forms will be available. This command can be +used to display the meaning of the hex code. The hex code is the hex digits +after the second colon.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Display a usage message.

    +
    +
    +

    +

    +
    +

    EXAMPLES

    +

    The error code:

    +
    + 27594:error:2006D080:lib(32)::reason(128)::107:
    +

    can be displayed with:

    +
    + openssl errstr 2006D080
    +

    to produce the error message:

    +
    + error:2006D080:BIO routines::no such file
    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2004-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-fipsinstall.html b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-fipsinstall.html new file mode 100755 index 0000000..da3959c --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-fipsinstall.html @@ -0,0 +1,217 @@ + + + + +openssl-fipsinstall + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    openssl-fipsinstall - perform FIPS configuration installation

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl fipsinstall +[-help] +[-in configfilename] +[-out configfilename] +[-module modulefilename] +[-provider_name providername] +[-section_name sectionname] +[-verify] +[-mac_name macname] +[-macopt nm:v] +[-noout] +[-corrupt_desc selftest_description] +[-corrupt_type selftest_type]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command is used to generate a FIPS module configuration file. +The generated configuration file consists of:

    +
    +
    - A mac of the FIPS module file.
    + +
    - A status indicator that indicates if the known answer Self Tests (KAT's) +have successfully run.
    + +
    +

    This configuration file can be used each time a FIPS module is loaded +in order to pass data to the FIPS modules self tests. The FIPS module always +verifies the modules MAC, but only needs to run the KATS once during install.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print a usage message.

    +
    +
    -module filename
    + +
    +

    Filename of a fips module to perform an integrity check on.

    +
    +
    -out configfilename
    + +
    +

    Filename to output the configuration data to, or standard output by default.

    +
    +
    -in configfilename
    + +
    +

    Input filename to load configuration data from. Used with the '-verify' option. +Standard input is used if the filename is '-'.

    +
    +
    -verify
    + +
    +

    Verify that the input configuration file contains the correct information

    +
    +
    -provider_name providername
    + +
    +

    Name of the provider inside the configuration file.

    +
    +
    -section_name sectionname
    + +
    +

    Name of the section inside the configuration file.

    +
    +
    -mac_name name
    + +
    +

    Specifies the name of a supported MAC algorithm which will be used. +To see the list of supported MAC's use the command +openssl list -mac-algorithms. The default is HMAC.

    +
    +
    -macopt nm:v
    + +
    +

    Passes options to the MAC algorithm. +A comprehensive list of controls can be found in the EVP_MAC implementation +documentation. +Common control strings used for fipsinstall are:

    +
    +
    key:string
    + +
    +

    Specifies the MAC key as an alphanumeric string (use if the key contains +printable characters only). +The string length must conform to any restrictions of the MAC algorithm. +A key must be specified for every MAC algorithm.

    +
    +
    hexkey:string
    + +
    +

    Specifies the MAC key in hexadecimal form (two hex digits per byte). +The key length must conform to any restrictions of the MAC algorithm. +A key must be specified for every MAC algorithm.

    +
    +
    digest:string
    + +
    +

    Used by HMAC as an alphanumeric string (use if the key contains printable +characters only). +The string length must conform to any restrictions of the MAC algorithm. +To see the list of supported digests, use the command +openssl list -digest-commands.

    +
    +
    +
    +
    -noout
    + +
    +

    Disable logging of the self tests.

    +
    +
    -corrupt_desc selftest_description
    + +
    -corrupt_type selftest_type
    + +
    +

    The corrupt options can be used to test failure of one or more self test(s) by +name. +Either option or both may be used to select the self test(s) to corrupt. +Refer to the entries for "st-desc" and "st-type" in OSSL_PROVIDER-FIPS(7) for +values that can be used.

    +
    +
    +

    +

    +
    +

    EXAMPLES

    +

    Calculate the mac of a FIPS module fips.so and run a FIPS self test +for the module, and save the fips.conf configuration file:

    +
    + openssl fipsinstall -module ./fips.so -out fips.conf -provider_name fips \
+         -section_name fipsinstall -mac_name HMAC -macopt digest:SHA256 \
+         -macopt hexkey:000102030405060708090A0B0C0D0E0F10111213
    +

    Verify that the configuration file fips.conf contains the correct info:

    +
    + openssl fipsinstall -module ./fips.so -in fips.conf  -provider_name fips \
+          -section_name fips_install -mac_name HMAC -macopt digest:SHA256 \
+          -macopt hexkey:000102030405060708090A0B0C0D0E0F10111213 -verify
    +

    Corrupt any self tests which have the description 'SHA1':

    +
    + openssl fipsinstall -module ./fips.so -out fips.conf -provider_name fips \
+         -section_name fipsinstall -mac_name HMAC -macopt digest:SHA256 \
+         -macopt hexkey:000102030405060708090A0B0C0D0E0F10111213 \
+         -corrupt_desc', 'SHA1'
    +

    +

    +
    +

    NOTES

    +

    The MAC mechanisms that are available will depend on the options +used when building OpenSSL. +The command openssl list -mac-algorithms command can be used to list them.

    +

    +

    +
    +

    SEE ALSO

    +

    fips_config(5), +OSSL_PROVIDER-FIPS(7), +EVP_MAC(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-gendsa.html b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-gendsa.html new file mode 100755 index 0000000..b31743c --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-gendsa.html @@ -0,0 +1,156 @@ + + + + +openssl-gendsa + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    openssl-gendsa - generate a DSA private key from a set of parameters

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl gendsa +[-help] +[-out filename] +[-passout arg] +[-aes128] +[-aes192] +[-aes256] +[-aria128] +[-aria192] +[-aria256] +[-camellia128] +[-camellia192] +[-camellia256] +[-des] +[-des3] +[-idea] +[-verbose] +[-rand files] +[-writerand file] +[-engine id] +[paramfile]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command has been deprecated. +The openssl-genpkey(1) command should be used instead.

    +

    This command generates a DSA private key from a DSA parameter file +(which will be typically generated by the openssl-dsaparam(1) command).

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -out filename
    + +
    +

    Output the key to the specified file. If this argument is not specified then +standard output is used.

    +
    +
    -passout arg
    + +
    +

    The passphrase used for the output file. +See openssl(1)/Pass Phrase Options.

    +
    +
    -aes128, -aes192, -aes256, -aria128, -aria192, -aria256, -camellia128, -camellia192, -camellia256, -des, -des3, -idea
    + +
    +

    These options encrypt the private key with specified +cipher before outputting it. A pass phrase is prompted for. +If none of these options is specified no encryption is used.

    +
    +
    -verbose
    + +
    +

    Print extra details about the operations being performed.

    +
    +
    -rand files, -writerand file
    + +
    +

    See openssl(1)/Random State Options for details.

    +
    +
    -engine id
    + +
    +

    See openssl(1)/Engine Options.

    +
    +
    paramfile
    + +
    +

    The DSA parameter file to use. The parameters in this file determine +the size of the private key. DSA parameters can be generated and +examined using the openssl-dsaparam(1) command.

    +
    +
    +

    +

    +
    +

    NOTES

    +

    DSA key generation is little more than random number generation so it is +much quicker that RSA key generation for example.

    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +openssl-genpkey(1), +openssl-dsaparam(1), +openssl-dsa(1), +openssl-genrsa(1), +openssl-rsa(1)

    +

    +

    +
    +

    HISTORY

    +

    This command was deprecated in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-genpkey.html b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-genpkey.html new file mode 100755 index 0000000..6ef589c --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-genpkey.html @@ -0,0 +1,394 @@ + + + + +openssl-genpkey + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    openssl-genpkey - generate a private key

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl genpkey +[-help] +[-out filename] +[-outform DER|PEM] +[-pass arg] +[-cipher] +[-paramfile file] +[-algorithm alg] +[-pkeyopt opt:value] +[-genparam] +[-text] +[-engine id]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command generates a private key.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -out filename
    + +
    +

    Output the key to the specified file. If this argument is not specified then +standard output is used.

    +
    +
    -outform DER|PEM
    + +
    +

    The output format; the default is PEM. +See openssl(1)/Format Options for details.

    +
    +
    -pass arg
    + +
    +

    The output file password source. For more information about the format of arg +see openssl(1)/Pass Phrase Options.

    +
    +
    -cipher
    + +
    +

    This option encrypts the private key with the supplied cipher. Any algorithm +name accepted by EVP_get_cipherbyname() is acceptable such as des3.

    +
    +
    -algorithm alg
    + +
    +

    Public key algorithm to use such as RSA, DSA or DH. If used this option must +precede any -pkeyopt options. The options -paramfile and -algorithm +are mutually exclusive. Engines may add algorithms in addition to the standard +built-in ones.

    +

    Valid built-in algorithm names for private key generation are RSA, RSA-PSS, EC, +X25519, X448, ED25519 and ED448.

    +

    Valid built-in algorithm names for parameter generation (see the -genparam +option) are DH, DSA and EC.

    +

    Note that the algorithm name X9.42 DH may be used as a synonym for the DH +algorithm. These are identical and do not indicate the type of parameters that +will be generated. Use the dh_paramgen_type option to indicate whether PKCS#3 +or X9.42 DH parameters are required. See DH Parameter Generation Options +below for more details.

    +
    +
    -pkeyopt opt:value
    + +
    +

    Set the public key algorithm option opt to value. The precise set of +options supported depends on the public key algorithm used and its +implementation. See KEY GENERATION OPTIONS and +PARAMETER GENERATION OPTIONS below for more details.

    +
    +
    -genparam
    + +
    +

    Generate a set of parameters instead of a private key. If used this option must +precede any -algorithm, -paramfile or -pkeyopt options.

    +
    +
    -paramfile filename
    + +
    +

    Some public key algorithms generate a private key based on a set of parameters. +They can be supplied using this option. If this option is used the public key +algorithm used is determined by the parameters. If used this option must +precede any -pkeyopt options. The options -paramfile and -algorithm +are mutually exclusive.

    +
    +
    -text
    + +
    +

    Print an (unencrypted) text representation of private and public keys and +parameters along with the PEM or DER structure.

    +
    +
    -engine id
    + +
    +

    See openssl(1)/Engine Options.

    +
    +
    +

    +

    +
    +

    KEY GENERATION OPTIONS

    +

    The options supported by each algorithm and indeed each implementation of an +algorithm can vary. The options for the OpenSSL implementations are detailed +below. There are no key generation options defined for the X25519, X448, ED25519 +or ED448 algorithms.

    +

    +

    +

    RSA Key Generation Options

    +
    +
    rsa_keygen_bits:numbits
    + +
    +

    The number of bits in the generated key. If not specified 2048 is used.

    +
    +
    rsa_keygen_primes:numprimes
    + +
    +

    The number of primes in the generated key. If not specified 2 is used.

    +
    +
    rsa_keygen_pubexp:value
    + +
    +

    The RSA public exponent value. This can be a large decimal or +hexadecimal value if preceded by 0x. Default value is 65537.

    +
    +
    +

    +

    +

    RSA-PSS Key Generation Options

    +

    Note: by default an RSA-PSS key has no parameter restrictions.

    +
    +
    rsa_keygen_bits:numbits, rsa_keygen_primes:numprimes, +rsa_keygen_pubexp:value
    + +
    +

    These options have the same meaning as the RSA algorithm.

    +
    +
    rsa_pss_keygen_md:digest
    + +
    +

    If set the key is restricted and can only use digest for signing.

    +
    +
    rsa_pss_keygen_mgf1_md:digest
    + +
    +

    If set the key is restricted and can only use digest as it's MGF1 +parameter.

    +
    +
    rsa_pss_keygen_saltlen:len
    + +
    +

    If set the key is restricted and len specifies the minimum salt length.

    +
    +
    +

    +

    +

    EC Key Generation Options

    +

    The EC key generation options can also be used for parameter generation.

    +
    +
    ec_paramgen_curve:curve
    + +
    +

    The EC curve to use. OpenSSL supports NIST curve names such as "P-256".

    +
    +
    ec_param_enc:encoding
    + +
    +

    The encoding to use for parameters. The encoding parameter must be either +named_curve or explicit. The default value is named_curve.

    +
    +
    +

    +

    +
    +

    PARAMETER GENERATION OPTIONS

    +

    The options supported by each algorithm and indeed each implementation of an +algorithm can vary. The options for the OpenSSL implementations are detailed +below.

    +

    +

    +

    DSA Parameter Generation Options

    +
    +
    dsa_paramgen_bits:numbits
    + +
    +

    The number of bits in the generated prime. If not specified 2048 is used.

    +
    +
    dsa_paramgen_q_bits:numbits
    + +
    +

    The number of bits in the q parameter. Must be one of 160, 224 or 256. If not +specified 224 is used.

    +
    +
    dsa_paramgen_md:digest
    + +
    +

    The digest to use during parameter generation. Must be one of sha1, sha224 +or sha256. If set, then the number of bits in q will match the output size +of the specified digest and the dsa_paramgen_q_bits parameter will be +ignored. If not set, then a digest will be used that gives an output matching +the number of bits in q, i.e. sha1 if q length is 160, sha224 if it 224 +or sha256 if it is 256.

    +
    +
    +

    +

    +

    DH Parameter Generation Options

    +
    +
    dh_paramgen_prime_len:numbits
    + +
    +

    The number of bits in the prime parameter p. The default is 2048.

    +
    +
    dh_paramgen_subprime_len:numbits
    + +
    +

    The number of bits in the sub prime parameter q. The default is 256 if the +prime is at least 2048 bits long or 160 otherwise. Only relevant if used in +conjunction with the dh_paramgen_type option to generate X9.42 DH parameters.

    +
    +
    dh_paramgen_generator:value
    + +
    +

    The value to use for the generator g. The default is 2.

    +
    +
    dh_paramgen_type:value
    + +
    +

    The type of DH parameters to generate. Use 0 for PKCS#3 DH and 1 for X9.42 DH. +The default is 0.

    +
    +
    dh_rfc5114:num
    + +
    +

    If this option is set, then the appropriate RFC5114 parameters are used +instead of generating new parameters. The value num can be one of +1, 2 or 3 corresponding to RFC5114 DH parameters consisting of +1024 bit group with 160 bit subgroup, 2048 bit group with 224 bit subgroup +and 2048 bit group with 256 bit subgroup as mentioned in RFC5114 sections +2.1, 2.2 and 2.3 respectively. If present this overrides all other DH parameter +options.

    +
    +
    +

    +

    +

    EC Parameter Generation Options

    +

    The EC parameter generation options are the same as for key generation. See +EC Key Generation Options above.

    +

    +

    +
    +

    NOTES

    +

    The use of the genpkey program is encouraged over the algorithm specific +utilities because additional algorithm options and ENGINE provided algorithms +can be used.

    +

    +

    +
    +

    EXAMPLES

    +

    Generate an RSA private key using default parameters:

    +
    + openssl genpkey -algorithm RSA -out key.pem
    +

    Encrypt output private key using 128 bit AES and the passphrase "hello":

    +
    + openssl genpkey -algorithm RSA -out key.pem -aes-128-cbc -pass pass:hello
    +

    Generate a 2048 bit RSA key using 3 as the public exponent:

    +
    + openssl genpkey -algorithm RSA -out key.pem \
+     -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:3
    +

    Generate 2048 bit DSA parameters:

    +
    + openssl genpkey -genparam -algorithm DSA -out dsap.pem \
+     -pkeyopt dsa_paramgen_bits:2048
    +

    Generate DSA key from parameters:

    +
    + openssl genpkey -paramfile dsap.pem -out dsakey.pem
    +

    Generate 2048 bit DH parameters:

    +
    + openssl genpkey -genparam -algorithm DH -out dhp.pem \
+     -pkeyopt dh_paramgen_prime_len:2048
    +

    Generate 2048 bit X9.42 DH parameters:

    +
    + openssl genpkey -genparam -algorithm DH -out dhpx.pem \
+     -pkeyopt dh_paramgen_prime_len:2048 \
+     -pkeyopt dh_paramgen_type:1
    +

    Output RFC5114 2048 bit DH parameters with 224 bit subgroup:

    +
    + openssl genpkey -genparam -algorithm DH -out dhp.pem -pkeyopt dh_rfc5114:2
    +

    Generate DH key from parameters:

    +
    + openssl genpkey -paramfile dhp.pem -out dhkey.pem
    +

    Generate EC parameters:

    +
    + openssl genpkey -genparam -algorithm EC -out ecp.pem \
+        -pkeyopt ec_paramgen_curve:secp384r1 \
+        -pkeyopt ec_param_enc:named_curve
    +

    Generate EC key from parameters:

    +
    + openssl genpkey -paramfile ecp.pem -out eckey.pem
    +

    Generate EC key directly:

    +
    + openssl genpkey -algorithm EC -out eckey.pem \
+        -pkeyopt ec_paramgen_curve:P-384 \
+        -pkeyopt ec_param_enc:named_curve
    +

    Generate an X25519 private key:

    +
    + openssl genpkey -algorithm X25519 -out xkey.pem
    +

    Generate an ED448 private key:

    +
    + openssl genpkey -algorithm ED448 -out xkey.pem
    +

    +

    +
    +

    HISTORY

    +

    The ability to use NIST curve names, and to generate an EC key directly, +were added in OpenSSL 1.0.2. +The ability to generate X25519 keys was added in OpenSSL 1.1.0. +The ability to generate X448, ED25519 and ED448 keys was added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-genrsa.html b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-genrsa.html new file mode 100755 index 0000000..d5df5c6 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-genrsa.html @@ -0,0 +1,177 @@ + + + + +openssl-genrsa + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    openssl-genrsa - generate an RSA private key

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl genrsa +[-help] +[-out filename] +[-passout arg] +[-aes128] +[-aes192] +[-aes256] +[-aria128] +[-aria192] +[-aria256] +[-camellia128] +[-camellia192] +[-camellia256] +[-des] +[-des3] +[-idea] +[-F4] +[-f4] +[-3] +[-primes num] +[-verbose] +[-rand files] +[-writerand file] +[-engine id] +[numbits]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command has been deprecated. +The openssl-genpkey(1) command should be used instead.

    +

    This command generates an RSA private key.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -out filename
    + +
    +

    Output the key to the specified file. If this argument is not specified then +standard output is used.

    +
    +
    -passout arg
    + +
    +

    The output file password source. For more information about the format +see openssl(1)/Pass Phrase Options.

    +
    +
    -aes128, -aes192, -aes256, -aria128, -aria192, -aria256, -camellia128, -camellia192, -camellia256, -des, -des3, -idea
    + +
    +

    These options encrypt the private key with specified +cipher before outputting it. If none of these options is +specified no encryption is used. If encryption is used a pass phrase is prompted +for if it is not supplied via the -passout argument.

    +
    +
    -F4, -f4, -3
    + +
    +

    The public exponent to use, either 65537 or 3. The default is 65537.

    +
    +
    -primes num
    + +
    +

    Specify the number of primes to use while generating the RSA key. The num +parameter must be a positive integer that is greater than 1 and less than 16. +If num is greater than 2, then the generated key is called a 'multi-prime' +RSA key, which is defined in RFC 8017.

    +
    +
    -verbose
    + +
    +

    Print extra details about the operations being performed.

    +
    +
    -rand files, -writerand file
    + +
    +

    See openssl(1)/Random State Options for details.

    +
    +
    -engine id
    + +
    +

    See openssl(1)/Engine Options.

    +
    +
    numbits
    + +
    +

    The size of the private key to generate in bits. This must be the last option +specified. The default is 2048 and values less than 512 are not allowed.

    +
    +
    +

    +

    +
    +

    NOTES

    +

    RSA private key generation essentially involves the generation of two or more +prime numbers. When generating a private key various symbols will be output to +indicate the progress of the generation. A . represents each number which +has passed an initial sieve test, + means a number has passed a single +round of the Miller-Rabin primality test, * means the current prime starts +a regenerating progress due to some failed tests. A newline means that the number +has passed all the prime tests (the actual number depends on the key size).

    +

    Because key generation is a random process the time taken to generate a key +may vary somewhat. But in general, more primes lead to less generation time +of a key.

    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +openssl-genpkey(1), +openssl-gendsa(1)

    +

    +

    +
    +

    HISTORY

    +

    This command was deprecated in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-info.html b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-info.html new file mode 100755 index 0000000..1550ee5 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-info.html @@ -0,0 +1,133 @@ + + + + +openssl-info + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    openssl-info - print OpenSSL built-in information

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl info +[-help] +[-configdir] +[-enginesdir] +[-modulesdir ] +[-dsoext] +[-dirnamesep] +[-listsep] +[-seeds] +[-cpusettings]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command is used to print out information about OpenSSL. +The information is written exactly as it is with no extra text, which +makes useful for scripts.

    +

    As a consequence, only one item may be chosen for each run of this +command.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -configdir
    + +
    +

    Outputs the default directory for OpenSSL configuration files.

    +
    +
    -enginesdir
    + +
    +

    Outputs the default directory for OpenSSL engine modules.

    +
    +
    -modulesdir
    + +
    +

    Outputs the default directory for OpenSSL dynamically loadable modules +other than engine modules.

    +
    +
    -dsoext
    + +
    +

    Outputs the DSO extension OpenSSL uses.

    +
    +
    -dirnamesep
    + +
    +

    Outputs the separator character between a directory specification and +a filename. +Note that on some operating systems, this is not the same as the +separator between directory elements.

    +
    +
    -listsep
    + +
    +

    Outputs the OpenSSL list separator character. +This is typically used to construct $PATH (%PATH% on Windows) +style lists.

    +
    +
    -seeds
    + +
    +

    Outputs the randomness seed sources.

    +
    +
    -cpusettings
    + +
    +

    Outputs the OpenSSL CPU settings info.

    +
    +
    +

    +

    +
    +

    HISTORY

    +

    This command was added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-kdf.html b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-kdf.html new file mode 100755 index 0000000..bd8a73b --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-kdf.html @@ -0,0 +1,214 @@ + + + + +openssl-kdf + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    openssl-kdf - perform Key Derivation Function operations

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl kdf +[-help] +[-kdfopt nm:v] +[-keylen num] +[-out filename] +[-binary] +kdf_name

    +

    +

    +
    +

    DESCRIPTION

    +

    The key derivation functions generate a derived key from either a secret or +password.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print a usage message.

    +
    +
    -keylen num
    + +
    +

    The output size of the derived key. This field is required.

    +
    +
    -out filename
    + +
    +

    Filename to output to, or standard output by default.

    +
    +
    -binary
    + +
    +

    Output the derived key in binary form. Uses hexadecimal text format if not specified.

    +
    +
    -kdfopt nm:v
    + +
    +

    Passes options to the KDF algorithm. +A comprehensive list of parameters can be found in the EVP_KDF_CTX +implementation documentation. +Common parameter names used by EVP_KDF_CTX_set_params() are:

    +
    +
    key:string
    + +
    +

    Specifies the secret key as an alphanumeric string (use if the key contains +printable characters only). +The string length must conform to any restrictions of the KDF algorithm. +A key must be specified for most KDF algorithms.

    +
    +
    hexkey:string
    + +
    +

    Specifies the secret key in hexadecimal form (two hex digits per byte). +The key length must conform to any restrictions of the KDF algorithm. +A key must be specified for most KDF algorithms.

    +
    +
    pass:string
    + +
    +

    Specifies the password as an alphanumeric string (use if the password contains +printable characters only). +The password must be specified for PBKDF2 and scrypt.

    +
    +
    hexpass:string
    + +
    +

    Specifies the password in hexadecimal form (two hex digits per byte). +The password must be specified for PBKDF2 and scrypt.

    +
    +
    digest:string
    + +
    +

    Specifies the name of a digest as an alphanumeric string. +To see the list of supported digests, use the command list -digest-commands.

    +
    +
    +
    +
    kdf_name
    + +
    +

    Specifies the name of a supported KDF algorithm which will be used. +The supported algorithms names include TLS1-PRF, HKDF, SSKDF, PBKDF2, +SSHKDF, X942KDF, X963KDF and SCRYPT.

    +
    +
    +

    +

    +
    +

    EXAMPLES

    +

    Use TLS1-PRF to create a hex-encoded derived key from a secret key and seed:

    +
    +    openssl kdf -keylen 16 -kdfopt digest:SHA2-256 -kdfopt key:secret \
+                -kdfopt seed:seed TLS1-PRF
    +

    Use HKDF to create a hex-encoded derived key from a secret key, salt and info:

    +
    +    openssl kdf -keylen 10 -kdfopt digest:SHA2-256 -kdfopt key:secret \
+                -kdfopt salt:salt -kdfopt info:label HKDF
    +

    Use SSKDF with KMAC to create a hex-encoded derived key from a secret key, salt and info:

    +
    +    openssl kdf -keylen 64 -kdfopt mac:KMAC-128 -kdfopt maclen:20 \
+                -kdfopt hexkey:b74a149a161545 -kdfopt hexinfo:348a37a2 \
+                -kdfopt hexsalt:3638271ccd68a2 SSKDF
    +

    Use SSKDF with HMAC to create a hex-encoded derived key from a secret key, salt and info:

    +
    +    openssl kdf -keylen 16 -kdfopt mac:HMAC -kdfopt digest:SHA2-256 \
+                -kdfopt hexkey:b74a149a -kdfopt hexinfo:348a37a2 \
+                -kdfopt hexsalt:3638271c SSKDF
    +

    Use SSKDF with Hash to create a hex-encoded derived key from a secret key, salt and info:

    +
    +    openssl kdf -keylen 14 -kdfopt digest:SHA2-256 \
+                -kdfopt hexkey:6dbdc23f045488 \
+                -kdfopt hexinfo:a1b2c3d4 SSKDF
    +

    Use SSHKDF to create a hex-encoded derived key from a secret key, hash and session_id:

    +
    +    openssl kdf -keylen 16 -kdfopt digest:SHA2-256 \
+                -kdfopt hexkey:0102030405 \
+                -kdfopt hexxcghash:06090A \
+                -kdfopt hexsession_id:01020304 \
+                -kdfopt type:A SSHKDF
    +

    Use PBKDF2 to create a hex-encoded derived key from a password and salt:

    +
    +    openssl kdf -keylen 32 -kdfopt digest:SHA256 -kdfopt pass:password \
+                -kdfopt salt:salt -kdfopt iter:2 PBKDF2
    +

    Use scrypt to create a hex-encoded derived key from a password and salt:

    +
    +    openssl kdf -keylen 64 -kdfopt pass:password -kdfopt salt:NaCl \
+                -kdfopt N:1024 -kdfopt r:8 -kdfopt p:16 \
+                -kdfopt maxmem_bytes:10485760 SCRYPT
    +

    +

    +
    +

    NOTES

    +

    The KDF mechanisms that are available will depend on the options +used when building OpenSSL.

    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +openssl-pkeyutl(1), +EVP_KDF(3), +EVP_KDF-SCRYPT(7), +EVP_KDF-TLS1_PRF(7), +EVP_KDF-PBKDF2(7), +EVP_KDF-HKDF(7), +EVP_KDF-SS(7), +EVP_KDF-SSHKDF(7), +EVP_KDF-X942(7), +EVP_KDF-X963(7)

    +

    +

    +
    +

    HISTORY

    +

    Added in OpenSSL 3.0

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-list.html b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-list.html new file mode 100755 index 0000000..aa5a2f3 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-list.html @@ -0,0 +1,191 @@ + + + + +openssl-list + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    openssl-list - list algorithms and features

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl list +[-help] +[-verbose] +[-1] +[-commands] +[-digest-commands] +[-digest-algorithms] +[-kdf-algorithms] +[-mac-algorithms] +[-cipher-commands] +[-cipher-algorithms] +[-public-key-algorithms] +[-public-key-methods] +[-engines] +[-disabled] +[-objects] +[-options command]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command is used to generate list of algorithms or disabled +features.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Display a usage message.

    +
    +
    -verbose
    + +
    +

    Displays extra information. +The options below where verbosity applies say a bit more about what that means.

    +
    +
    -1
    + +
    +

    List the commands, digest-commands, or cipher-commands in a single column. +If used, this option must be given first.

    +
    +
    -commands
    + +
    +

    Display a list of standard commands.

    +
    +
    -digest-commands
    + +
    +

    Display a list of message digest commands, which are typically used +as input to the openssl-dgst(1) or openssl-speed(1) commands.

    +
    +
    -cipher-commands
    + +
    +

    Display a list of cipher commands, which are typically used as input +to the openssl-dgst(1) or openssl-speed(1) commands.

    +
    +
    -digest-algorithms, -kdf-algorithms, -mac-algorithms, +-cipher-algorithms
    + +
    +

    Display a list of cipher, digest, kdf and mac algorithms. +See Display of algorithm names for a description of how names are +displayed.

    +

    In verbose mode, the algorithms provided by a provider will get additional +information on what parameters each implementation supports.

    +
    +
    -public-key-algorithms
    + +
    +

    Display a list of public key algorithms, with each algorithm as +a block of multiple lines, all but the first are indented.

    +
    +
    -public-key-methods
    + +
    +

    Display a list of public key method OIDs.

    +
    +
    -engines
    + +
    +

    Display a list of loaded engines.

    +
    +
    -disabled
    + +
    +

    Display a list of disabled features, those that were compiled out +of the installation.

    +
    +
    -objects
    + +
    +

    Display a list of built in objects, i.e. OIDs with names. They're listed in the +format described in config(5)/ASN1 Object Configuration Module.

    +
    +
    -options command
    + +
    +

    Output a two-column list of the options accepted by the specified command. +The first is the option name, and the second is a one-character indication +of what type of parameter it takes, if any. +This is an internal option, used for checking that the documentation +is complete.

    +
    +
    +

    +

    +

    Display of algorithm names

    +

    Algorithm names may be displayed in one of two manners:

    +
    +
    Legacy implementations
    + +
    +

    Legacy implementations will simply display the main name of the +algorithm on a line of its own, or in the form <foo bar>> to show +that foo is an alias for the main name, bar

    +
    +
    Provided implementations
    + +
    +

    Implementations from a provider are displayed like this if the +implementation is labeled with a single name:

    +
    + foo @ bar
    +

    or like this if it's labeled with multiple names:

    +
    + { foo1, foo2 } @bar
    +

    In both cases, bar is the name of the provider.

    +
    +
    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-mac.html b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-mac.html new file mode 100755 index 0000000..d5aba3b --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-mac.html @@ -0,0 +1,208 @@ + + + + +openssl-mac + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    openssl-mac - perform Message Authentication Code operations

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl mac +[-help] +[-macopt] +[-in filename] +[-out filename] +[-binary] +mac_name

    +

    +

    +
    +

    DESCRIPTION

    +

    The message authentication code functions output the MAC of a supplied input +file.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print a usage message.

    +
    +
    -in filename
    + +
    +

    Input filename to calculate a MAC for, or standard input by default. +Standard input is used if the filename is '-'. +Files are expected to be in binary format, standard input uses hexadecimal text +format.

    +
    +
    -out filename
    + +
    +

    Filename to output to, or standard output by default.

    +
    +
    -binary
    + +
    +

    Output the MAC in binary form. Uses hexadecimal text format if not specified.

    +
    +
    -macopt nm:v
    + +
    +

    Passes options to the MAC algorithm. +A comprehensive list of controls can be found in the EVP_MAC implementation +documentation. +Common parameter names used by EVP_MAC_CTX_get_params() are:

    +
    +
    key:string
    + +
    +

    Specifies the MAC key as an alphanumeric string (use if the key contains +printable characters only). +The string length must conform to any restrictions of the MAC algorithm. +A key must be specified for every MAC algorithm.

    +
    +
    hexkey:string
    + +
    +

    Specifies the MAC key in hexadecimal form (two hex digits per byte). +The key length must conform to any restrictions of the MAC algorithm. +A key must be specified for every MAC algorithm.

    +
    +
    digest:string
    + +
    +

    Used by HMAC as an alphanumeric string (use if the key contains printable +characters only). +The string length must conform to any restrictions of the MAC algorithm. +To see the list of supported digests, use openssl list -digest-commands.

    +
    +
    cipher:string
    + +
    +

    Used by CMAC and GMAC to specify the cipher algorithm. +For CMAC it must be one of AES-128-CBC, AES-192-CBC, AES-256-CBC or +DES-EDE3-CBC. +For GMAC it should be a GCM mode cipher e.g. AES-128-GCM.

    +
    +
    iv:string
    + +
    +

    Used by GMAC to specify an IV as an alphanumeric string (use if the IV contains +printable characters only).

    +
    +
    hexiv:string
    + +
    +

    Used by GMAC to specify an IV in hexadecimal form (two hex digits per byte).

    +
    +
    size:int
    + +
    +

    Used by KMAC128 or KMAC256 to specify an output length. +The default sizes are 32 or 64 bytes respectively.

    +
    +
    custom:string
    + +
    +

    Used by KMAC128 or KMAC256 to specify a customization string. +The default is the empty string "".

    +
    +
    +
    +
    mac_name
    + +
    +

    Specifies the name of a supported MAC algorithm which will be used. +To see the list of supported MAC's use the command opensssl list +-mac-algorithms.

    +
    +
    +

    +

    +
    +

    EXAMPLES

    +

    To create a hex-encoded HMAC-SHA1 MAC of a file and write to stdout: \ + openssl mac -macopt digest:SHA1 \ + -macopt hexkey:000102030405060708090A0B0C0D0E0F10111213 \ + -in msg.bin HMAC

    +

    To create a SipHash MAC from a file with a binary file output: \ + openssl mac -macopt hexkey:000102030405060708090A0B0C0D0E0F \ + -in msg.bin -out out.bin -binary SipHash

    +

    To create a hex-encoded CMAC-AES-128-CBC MAC from a file:\ + openssl mac -macopt cipher:AES-128-CBC \ + -macopt hexkey:77A77FAF290C1FA30C683DF16BA7A77B \ + -in msg.bin CMAC

    +

    To create a hex-encoded KMAC128 MAC from a file with a Customisation String +'Tag' and output length of 16: \ + openssl mac -macopt custom:Tag -macopt hexkey:40414243444546 \ + -macopt size:16 -in msg.bin KMAC128

    +

    To create a hex-encoded GMAC-AES-128-GCM with a IV from a file: \ + openssl mac -macopt cipher:AES-128-GCM -macopt hexiv:E0E00F19FED7BA0136A797F3 \ + -macopt hexkey:77A77FAF290C1FA30C683DF16BA7A77B -in msg.bin GMAC

    +

    +

    +
    +

    NOTES

    +

    The MAC mechanisms that are available will depend on the options +used when building OpenSSL. +Use openssl list -mac-algorithms to list them.

    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +EVP_MAC(3), +EVP_MAC-CMAC(7), +EVP_MAC-GMAC(7), +EVP_MAC-HMAC(7), +EVP_MAC-KMAC(7), +EVP_MAC-Siphash(7), +EVP_MAC-Poly1305(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-nseq.html b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-nseq.html new file mode 100755 index 0000000..91ef163 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-nseq.html @@ -0,0 +1,109 @@ + + + + +openssl-nseq + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    openssl-nseq - create or examine a Netscape certificate sequence

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl nseq +[-help] +[-in filename] +[-out filename] +[-toseq]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command takes a file containing a Netscape certificate +sequence and prints out the certificates contained in it or takes a +file of certificates and converts it into a Netscape certificate +sequence.

    +

    A Netscape certificate sequence is an old Netscape-specific format that +can be sometimes be sent to browsers as an alternative to the standard PKCS#7 +format when several certificates are sent to the browser, for example during +certificate enrollment. It was also used by Netscape certificate server.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -in filename
    + +
    +

    This specifies the input filename to read or standard input if this +option is not specified.

    +
    +
    -out filename
    + +
    +

    Specifies the output filename or standard output by default.

    +
    +
    -toseq
    + +
    +

    Normally a Netscape certificate sequence will be input and the output +is the certificates contained in it. With the -toseq option the +situation is reversed: a Netscape certificate sequence is created from +a file of certificates.

    +
    +
    +

    +

    +
    +

    EXAMPLES

    +

    Output the certificates in a Netscape certificate sequence

    +
    + openssl nseq -in nseq.pem -out certs.pem
    +

    Create a Netscape certificate sequence

    +
    + openssl nseq -in certs.pem -toseq -out nseq.pem
    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-ocsp.html b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-ocsp.html new file mode 100755 index 0000000..6162483 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-ocsp.html @@ -0,0 +1,605 @@ + + + + +openssl-ocsp + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    openssl-ocsp - Online Certificate Status Protocol utility

    +

    +

    +
    +

    SYNOPSIS

    +

    +

    +

    OCSP Client

    +

    openssl ocsp +[-help] +[-out file] +[-issuer file] +[-cert file] +[-serial n] +[-signer file] +[-signkey file] +[-sign_other file] +[-nonce] +[-no_nonce] +[-req_text] +[-resp_text] +[-text] +[-no_certs] +[-reqout file] +[-respout file] +[-reqin file] +[-respin file] +[-url URL] +[-host host:port] +[-header] +[-timeout seconds] +[-path] +[-VAfile file] +[-validity_period n] +[-status_age n] +[-noverify] +[-verify_other file] +[-trust_other] +[-no_intern] +[-no_signature_verify] +[-no_cert_verify] +[-no_chain] +[-no_cert_checks] +[-no_explicit] +[-port num] +[-ignore_err]

    +

    +

    +

    OCSP Server

    +

    openssl ocsp +[-index file] +[-CA file] +[-rsigner file] +[-rkey file] +[-passin arg] +[-rother file] +[-rsigopt nm:v] +[-rmd digest] +[-badsig] +[-resp_no_certs] +[-nmin n] +[-ndays n] +[-resp_key_id] +[-nrequest n] +[-multi process-count] +[-rcid digest] +[-digest] +[-CAfile file] +[-no-CAfile] +[-CApath dir] +[-no-CApath] +[-CAstore uri] +[-no-CAstore] +[-allow_proxy_certs] +[-attime timestamp] +[-no_check_time] +[-check_ss_sig] +[-crl_check] +[-crl_check_all] +[-explicit_policy] +[-extended_crl] +[-ignore_critical] +[-inhibit_any] +[-inhibit_map] +[-partial_chain] +[-policy arg] +[-policy_check] +[-policy_print] +[-purpose purpose] +[-suiteB_128] +[-suiteB_128_only] +[-suiteB_192] +[-trusted_first] +[-no_alt_chains] +[-use_deltas] +[-auth_level num] +[-verify_depth num] +[-verify_email email] +[-verify_hostname hostname] +[-verify_ip ip] +[-verify_name name] +[-x509_strict] +[-issuer_checks]

    +

    +

    +
    +

    DESCRIPTION

    +

    The Online Certificate Status Protocol (OCSP) enables applications to +determine the (revocation) state of an identified certificate (RFC 2560).

    +

    This command performs many common OCSP tasks. It can be used +to print out requests and responses, create requests and send queries +to an OCSP responder and behave like a mini OCSP server itself.

    +

    +

    +
    +

    OPTIONS

    +

    This command operates as either a client or a server. +The options are described below, divided into those two modes.

    +

    +

    +

    OCSP Client Options

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -out filename
    + +
    +

    specify output filename, default is standard output.

    +
    +
    -issuer filename
    + +
    +

    This specifies the current issuer certificate. This option can be used +multiple times. The certificate specified in filename must be in +PEM format. This option MUST come before any -cert options.

    +
    +
    -cert filename
    + +
    +

    Add the certificate filename to the request. The issuer certificate +is taken from the previous -issuer option, or an error occurs if no +issuer certificate is specified.

    +
    +
    -serial num
    + +
    +

    Same as the -cert option except the certificate with serial number +num is added to the request. The serial number is interpreted as a +decimal integer unless preceded by 0x. Negative integers can also +be specified by preceding the value by a - sign.

    +
    +
    -signer filename, -signkey filename
    + +
    +

    Sign the OCSP request using the certificate specified in the -signer +option and the private key specified by the -signkey option. If +the -signkey option is not present then the private key is read +from the same file as the certificate. If neither option is specified then +the OCSP request is not signed.

    +
    +
    -sign_other filename
    + +
    +

    Additional certificates to include in the signed request.

    +
    +
    -nonce, -no_nonce
    + +
    +

    Add an OCSP nonce extension to a request or disable OCSP nonce addition. +Normally if an OCSP request is input using the -reqin option no +nonce is added: using the -nonce option will force addition of a nonce. +If an OCSP request is being created (using -cert and -serial options) +a nonce is automatically added specifying -no_nonce overrides this.

    +
    +
    -req_text, -resp_text, -text
    + +
    +

    Print out the text form of the OCSP request, response or both respectively.

    +
    +
    -reqout file, -respout file
    + +
    +

    Write out the DER encoded certificate request or response to file.

    +
    +
    -reqin file, -respin file
    + +
    +

    Read OCSP request or response file from file. These option are ignored +if OCSP request or response creation is implied by other options (for example +with -serial, -cert and -host options).

    +
    +
    -url responder_url
    + +
    +

    Specify the responder URL. Both HTTP and HTTPS (SSL/TLS) URLs can be specified.

    +
    +
    -host hostname:port, -path pathname
    + +
    +

    If the -host option is present then the OCSP request is sent to the host +hostname on port port. The -path option specifies the HTTP pathname +to use or "/" by default. This is equivalent to specifying -url with scheme +http:// and the given hostname, port, and pathname.

    +
    +
    -header name=value
    + +
    +

    Adds the header name with the specified value to the OCSP request +that is sent to the responder. +This may be repeated.

    +
    +
    -timeout seconds
    + +
    +

    Connection timeout to the OCSP responder in seconds. +On POSIX systems, when running as an OCSP responder, this option also limits +the time that the responder is willing to wait for the client request. +This time is measured from the time the responder accepts the connection until +the complete request is received.

    +
    +
    -verify_other file
    + +
    +

    File containing additional certificates to search when attempting to locate +the OCSP response signing certificate. Some responders omit the actual signer's +certificate from the response: this option can be used to supply the necessary +certificate in such cases.

    +
    +
    -trust_other
    + +
    +

    The certificates specified by the -verify_other option should be explicitly +trusted and no additional checks will be performed on them. This is useful +when the complete responder certificate chain is not available or trusting a +root CA is not appropriate.

    +
    +
    -VAfile file
    + +
    +

    File containing explicitly trusted responder certificates. Equivalent to the +-verify_other and -trust_other options.

    +
    +
    -noverify
    + +
    +

    Don't attempt to verify the OCSP response signature or the nonce +values. This option will normally only be used for debugging since it +disables all verification of the responders certificate.

    +
    +
    -no_intern
    + +
    +

    Ignore certificates contained in the OCSP response when searching for the +signers certificate. With this option the signers certificate must be specified +with either the -verify_other or -VAfile options.

    +
    +
    -no_signature_verify
    + +
    +

    Don't check the signature on the OCSP response. Since this option +tolerates invalid signatures on OCSP responses it will normally only be +used for testing purposes.

    +
    +
    -no_cert_verify
    + +
    +

    Don't verify the OCSP response signers certificate at all. Since this +option allows the OCSP response to be signed by any certificate it should +only be used for testing purposes.

    +
    +
    -no_chain
    + +
    +

    Do not use certificates in the response as additional untrusted CA +certificates.

    +
    +
    -no_explicit
    + +
    +

    Do not explicitly trust the root CA if it is set to be trusted for OCSP signing.

    +
    +
    -no_cert_checks
    + +
    +

    Don't perform any additional checks on the OCSP response signers certificate. +That is do not make any checks to see if the signers certificate is authorised +to provide the necessary status information: as a result this option should +only be used for testing purposes.

    +
    +
    -validity_period nsec, -status_age age
    + +
    +

    These options specify the range of times, in seconds, which will be tolerated +in an OCSP response. Each certificate status response includes a notBefore +time and an optional notAfter time. The current time should fall between +these two values, but the interval between the two times may be only a few +seconds. In practice the OCSP responder and clients clocks may not be precisely +synchronised and so such a check may fail. To avoid this the +-validity_period option can be used to specify an acceptable error range in +seconds, the default value is 5 minutes.

    +

    If the notAfter time is omitted from a response then this means that new +status information is immediately available. In this case the age of the +notBefore field is checked to see it is not older than age seconds old. +By default this additional check is not performed.

    +
    +
    -rcid digest
    + +
    +

    This option sets the digest algorithm to use for certificate identification +in the OCSP response. Any digest supported by the openssl-dgst(1) command can +be used. The default is the same digest algorithm used in the request.

    +
    +
    -digest
    + +
    +

    This option sets digest algorithm to use for certificate identification in the +OCSP request. Any digest supported by the OpenSSL dgst command can be used. +The default is SHA-1. This option may be used multiple times to specify the +digest used by subsequent certificate identifiers.

    +
    +
    -CAfile file, -no-CAfile, -CApath dir, -no-CApath, +-CAstore uri, -no-CAstore
    + +
    +

    See openssl(1)/Trusted Certificate Options for details.

    +
    +
    -allow_proxy_certs, -attime, -no_check_time, +-check_ss_sig, -crl_check, -crl_check_all, +-explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, +-inhibit_map, -no_alt_chains, -partial_chain, -policy, +-policy_check, -policy_print, -purpose, -suiteB_128, +-suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, +-auth_level, -verify_depth, -verify_email, -verify_hostname, +-verify_ip, -verify_name, -x509_strict -issuer_checks
    + +
    +

    Set various options of certificate chain verification. +See openssl(1)/Verification Options for details.

    +
    +
    +

    +

    +

    OCSP Server Options

    +
    +
    -index indexfile
    + +
    +

    The indexfile parameter is the name of a text index file in ca +format containing certificate revocation information.

    +

    If the -index option is specified then this command switches to +responder mode, otherwise it is in client mode. The request(s) the responder +processes can be either specified on the command line (using -issuer +and -serial options), supplied in a file (using the -reqin option) +or via external OCSP clients (if -port or -url is specified).

    +

    If the -index option is present then the -CA and -rsigner options +must also be present.

    +
    +
    -CA file
    + +
    +

    CA certificate corresponding to the revocation information in the index +file given with -index.

    +
    +
    -rsigner file
    + +
    +

    The certificate to sign OCSP responses with.

    +
    +
    -rkey file
    + +
    +

    The private key to sign OCSP responses with: if not present the file +specified in the -rsigner option is used.

    +
    +
    -passin arg
    + +
    +

    The private key password source. For more information about the format of arg +see openssl(1)/Pass Phrase Options.

    +
    +
    -rother file
    + +
    +

    Additional certificates to include in the OCSP response.

    +
    +
    -rsigopt nm:v
    + +
    +

    Pass options to the signature algorithm when signing OCSP responses. +Names and values of these options are algorithm-specific.

    +
    +
    -rmd digest
    + +
    +

    The digest to use when signing the response.

    +
    +
    -badsig
    + +
    +

    Corrupt the response signature before writing it; this can be useful +for testing.

    +
    +
    -resp_no_certs
    + +
    +

    Don't include any certificates in the OCSP response.

    +
    +
    -resp_key_id
    + +
    +

    Identify the signer certificate using the key ID, default is to use the +subject name.

    +
    +
    -port portnum
    + +
    +

    Port to listen for OCSP requests on. The port may also be specified +using the url option.

    +
    +
    -ignore_err
    + +
    +

    Ignore malformed requests or responses: When acting as an OCSP client, retry if +a malformed response is received. When acting as an OCSP responder, continue +running instead of terminating upon receiving a malformed request.

    +
    +
    -nrequest number
    + +
    +

    The OCSP server will exit after receiving number requests, default unlimited.

    +
    +
    -multi process-count
    + +
    +

    Run the specified number of OCSP responder child processes, with the parent +process respawning child processes as needed. +Child processes will detect changes in the CA index file and automatically +reload it. +When running as a responder -timeout option is recommended to limit the time +each child is willing to wait for the client's OCSP response. +This option is available on POSIX systems (that support the fork() and other +required unix system-calls).

    +
    +
    -nmin minutes, -ndays days
    + +
    +

    Number of minutes or days when fresh revocation information is available: +used in the nextUpdate field. If neither option is present then the +nextUpdate field is omitted meaning fresh revocation information is +immediately available.

    +
    +
    +

    +

    +
    +

    OCSP RESPONSE VERIFICATION

    +

    OCSP Response follows the rules specified in RFC2560.

    +

    Initially the OCSP responder certificate is located and the signature on +the OCSP request checked using the responder certificate's public key.

    +

    Then a normal certificate verify is performed on the OCSP responder certificate +building up a certificate chain in the process. The locations of the trusted +certificates used to build the chain can be specified by the -CAfile, +-CApath or -CAstore options or they will be looked for in the +standard OpenSSL certificates directory.

    +

    If the initial verify fails then the OCSP verify process halts with an +error.

    +

    Otherwise the issuing CA certificate in the request is compared to the OCSP +responder certificate: if there is a match then the OCSP verify succeeds.

    +

    Otherwise the OCSP responder certificate's CA is checked against the issuing +CA certificate in the request. If there is a match and the OCSPSigning +extended key usage is present in the OCSP responder certificate then the +OCSP verify succeeds.

    +

    Otherwise, if -no_explicit is not set the root CA of the OCSP responders +CA is checked to see if it is trusted for OCSP signing. If it is the OCSP +verify succeeds.

    +

    If none of these checks is successful then the OCSP verify fails.

    +

    What this effectively means if that if the OCSP responder certificate is +authorised directly by the CA it is issuing revocation information about +(and it is correctly configured) then verification will succeed.

    +

    If the OCSP responder is a "global responder" which can give details about +multiple CAs and has its own separate certificate chain then its root +CA can be trusted for OCSP signing. For example:

    +
    + openssl x509 -in ocspCA.pem -addtrust OCSPSigning -out trustedCA.pem
    +

    Alternatively the responder certificate itself can be explicitly trusted +with the -VAfile option.

    +

    +

    +
    +

    NOTES

    +

    As noted, most of the verify options are for testing or debugging purposes. +Normally only the -CApath, -CAfile, -CAstore and (if the responder +is a 'global VA') -VAfile options need to be used.

    +

    The OCSP server is only useful for test and demonstration purposes: it is +not really usable as a full OCSP responder. It contains only a very +simple HTTP request handling and can only handle the POST form of OCSP +queries. It also handles requests serially meaning it cannot respond to +new requests until it has processed the current one. The text index file +format of revocation is also inefficient for large quantities of revocation +data.

    +

    It is possible to run this command in responder mode via a CGI +script using the -reqin and -respout options.

    +

    +

    +
    +

    EXAMPLES

    +

    Create an OCSP request and write it to a file:

    +
    + openssl ocsp -issuer issuer.pem -cert c1.pem -cert c2.pem -reqout req.der
    +

    Send a query to an OCSP responder with URL http://ocsp.myhost.com/ save the +response to a file, print it out in text form, and verify the response:

    +
    + openssl ocsp -issuer issuer.pem -cert c1.pem -cert c2.pem \
+     -url http://ocsp.myhost.com/ -resp_text -respout resp.der
    +

    Read in an OCSP response and print out text form:

    +
    + openssl ocsp -respin resp.der -text -noverify
    +

    OCSP server on port 8888 using a standard ca configuration, and a separate +responder certificate. All requests and responses are printed to a file.

    +
    + openssl ocsp -index demoCA/index.txt -port 8888 -rsigner rcert.pem -CA demoCA/cacert.pem
+        -text -out log.txt
    +

    As above but exit after processing one request:

    +
    + openssl ocsp -index demoCA/index.txt -port 8888 -rsigner rcert.pem -CA demoCA/cacert.pem
+     -nrequest 1
    +

    Query status information using an internally generated request:

    +
    + openssl ocsp -index demoCA/index.txt -rsigner rcert.pem -CA demoCA/cacert.pem
+     -issuer demoCA/cacert.pem -serial 1
    +

    Query status information using request read from a file, and write the response +to a second file.

    +
    + openssl ocsp -index demoCA/index.txt -rsigner rcert.pem -CA demoCA/cacert.pem
+     -reqin req.der -respout resp.der
    +

    +

    +
    +

    HISTORY

    +

    The -no_alt_chains option was added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-passwd.html b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-passwd.html new file mode 100755 index 0000000..63624ef --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-passwd.html @@ -0,0 +1,178 @@ + + + + +openssl-passwd + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    openssl-passwd - compute password hashes

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl passwd +[-help] +[-crypt] +[-1] +[-apr1] +[-aixmd5] +[-5] +[-6] +[-salt string] +[-in file] +[-stdin] +[-noverify] +[-quiet] +[-table] +[-reverse] +[-rand files] +[-writerand file] +[password]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command computes the hash of a password typed at +run-time or the hash of each password in a list. The password list is +taken from the named file for option -in, from stdin for +option -stdin, or from the command line, or from the terminal otherwise. +The Unix standard algorithm -crypt and the MD5-based BSD password +algorithm -1, its Apache variant -apr1, and its AIX variant are +available.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -crypt
    + +
    +

    Use the crypt algorithm (default).

    +
    +
    -1
    + +
    +

    Use the MD5 based BSD password algorithm 1.

    +
    +
    -apr1
    + +
    +

    Use the apr1 algorithm (Apache variant of the BSD algorithm).

    +
    +
    -aixmd5
    + +
    +

    Use the AIX MD5 algorithm (AIX variant of the BSD algorithm).

    +
    +
    -5
    + +
    -6
    + +
    +

    Use the SHA256 / SHA512 based algorithms defined by Ulrich Drepper. +See https://www.akkadia.org/drepper/SHA-crypt.txt.

    +
    +
    -salt string
    + +
    +

    Use the specified salt. +When reading a password from the terminal, this implies -noverify.

    +
    +
    -in file
    + +
    +

    Read passwords from file.

    +
    +
    -stdin
    + +
    +

    Read passwords from stdin.

    +
    +
    -noverify
    + +
    +

    Don't verify when reading a password from the terminal.

    +
    +
    -quiet
    + +
    +

    Don't output warnings when passwords given at the command line are truncated.

    +
    +
    -table
    + +
    +

    In the output list, prepend the cleartext password and a TAB character +to each password hash.

    +
    +
    -reverse
    + +
    +

    When the -table option is used, reverse the order of cleartext and hash.

    +
    +
    -rand files, -writerand file
    + +
    +

    See openssl(1)/Random State Options for details.

    +
    +
    +

    +

    +
    +

    EXAMPLES

    +
    +  % openssl passwd -crypt -salt xx password
+  xxj31ZMTZzkVA
    +
    +  % openssl passwd -1 -salt xxxxxxxx password
+  $1$xxxxxxxx$UYCIxa628.9qXjpQCjM4a.
    +
    +  % openssl passwd -apr1 -salt xxxxxxxx password
+  $apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0
    +
    +  % openssl passwd -aixmd5 -salt xxxxxxxx password
+  xxxxxxxx$8Oaipk/GPKhC64w/YVeFD/
    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-pkcs12.html b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-pkcs12.html new file mode 100755 index 0000000..f225c8d --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-pkcs12.html @@ -0,0 +1,458 @@ + + + + +openssl-pkcs12 + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    openssl-pkcs12 - PKCS#12 file utility

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl pkcs12 +[-help] +[-export] +[-chain] +[-inkey file_or_id] +[-certfile filename] +[-name name] +[-caname name] +[-in filename] +[-out filename] +[-noout] +[-nomacver] +[-nocerts] +[-clcerts] +[-cacerts] +[-nokeys] +[-info] +[-des] +[-des3] +[-idea] +[-aes128] +[-aes192] +[-aes256] +[-aria128] +[-aria192] +[-aria256] +[-camellia128] +[-camellia192] +[-camellia256] +[-nodes] +[-iter count] +[-noiter] +[-nomaciter] +[-maciter] +[-nomac] +[-twopass] +[-descert] +[-certpbe cipher] +[-keypbe cipher] +[-macalg digest] +[-keyex] +[-keysig] +[-password arg] +[-passin arg] +[-passout arg] +[-LMK] +[-CSP name] +[-CAfile file] +[-no-CAfile] +[-CApath dir] +[-no-CApath] +[-CAstore uri] +[-no-CAstore] +[-rand files] +[-writerand file] +[-engine id]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command allows PKCS#12 files (sometimes referred to as +PFX files) to be created and parsed. PKCS#12 files are used by several +programs including Netscape, MSIE and MS Outlook.

    +

    +

    +
    +

    OPTIONS

    +

    There are a lot of options the meaning of some depends of whether a PKCS#12 file +is being created or parsed. By default a PKCS#12 file is parsed. A PKCS#12 +file can be created by using the -export option (see below).

    +

    +

    +
    +

    PARSING OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -in filename
    + +
    +

    This specifies filename of the PKCS#12 file to be parsed. Standard input is used +by default.

    +
    +
    -out filename
    + +
    +

    The filename to write certificates and private keys to, standard output by +default. They are all written in PEM format.

    +
    +
    -password arg
    + +
    +

    With -export, -password is equivalent to -passout, +otherwise it is equivalent to -passin.

    +
    +
    -noout
    + +
    +

    This option inhibits output of the keys and certificates to the output file +version of the PKCS#12 file.

    +
    +
    -clcerts
    + +
    +

    Only output client certificates (not CA certificates).

    +
    +
    -cacerts
    + +
    +

    Only output CA certificates (not client certificates).

    +
    +
    -nocerts
    + +
    +

    No certificates at all will be output.

    +
    +
    -nokeys
    + +
    +

    No private keys will be output.

    +
    +
    -info
    + +
    +

    Output additional information about the PKCS#12 file structure, algorithms +used and iteration counts.

    +
    +
    -des
    + +
    +

    Use DES to encrypt private keys before outputting.

    +
    +
    -des3
    + +
    +

    Use triple DES to encrypt private keys before outputting, this is the default.

    +
    +
    -idea
    + +
    +

    Use IDEA to encrypt private keys before outputting.

    +
    +
    -aes128, -aes192, -aes256
    + +
    +

    Use AES to encrypt private keys before outputting.

    +
    +
    -aria128, -aria192, -aria256
    + +
    +

    Use ARIA to encrypt private keys before outputting.

    +
    +
    -camellia128, -camellia192, -camellia256
    + +
    +

    Use Camellia to encrypt private keys before outputting.

    +
    +
    -nodes
    + +
    +

    Don't encrypt the private keys at all.

    +
    +
    -nomacver
    + +
    +

    Don't attempt to verify the integrity MAC before reading the file.

    +
    +
    -twopass
    + +
    +

    Prompt for separate integrity and encryption passwords: most software +always assumes these are the same so this option will render such +PKCS#12 files unreadable. Cannot be used in combination with the options +-password, -passin if importing, or -passout if exporting.

    +
    +
    +

    +

    +
    +

    FILE CREATION OPTIONS

    +
    +
    -export
    + +
    +

    This option specifies that a PKCS#12 file will be created rather than +parsed.

    +
    +
    -out filename
    + +
    +

    This specifies filename to write the PKCS#12 file to. Standard output is used +by default.

    +
    +
    -in filename
    + +
    +

    The filename to read certificates and private keys from, standard input by +default. They must all be in PEM format. The order doesn't matter but one +private key and its corresponding certificate should be present. If additional +certificates are present they will also be included in the PKCS#12 file.

    +
    +
    -inkey file_or_id
    + +
    +

    File to read private key from. If not present then a private key must be present +in the input file. +If no engine is used, the argument is taken as a file; if an engine is +specified, the argument is given to the engine as a key identifier.

    +
    +
    -name friendlyname
    + +
    +

    This specifies the "friendly name" for the certificate and private key. This +name is typically displayed in list boxes by software importing the file.

    +
    +
    -certfile filename
    + +
    +

    A filename to read additional certificates from.

    +
    +
    -caname friendlyname
    + +
    +

    This specifies the "friendly name" for other certificates. This option may be +used multiple times to specify names for all certificates in the order they +appear. Netscape ignores friendly names on other certificates whereas MSIE +displays them.

    +
    +
    -passin arg, -passout arg
    + +
    +

    The password source for the input, and for encrypting any private keys that +are output. +For more information about the format of arg +see openssl(1)/Pass Phrase Options.

    +
    +
    -chain
    + +
    +

    If this option is present then an attempt is made to include the entire +certificate chain of the user certificate. The standard CA store is used +for this search. If the search fails it is considered a fatal error.

    +
    +
    -descert
    + +
    +

    Encrypt the certificate using triple DES, this may render the PKCS#12 +file unreadable by some "export grade" software. By default the private +key is encrypted using triple DES and the certificate using 40 bit RC2 +unless RC2 is disabled in which case triple DES is used.

    +
    +
    -keypbe alg, -certpbe alg
    + +
    +

    These options allow the algorithm used to encrypt the private key and +certificates to be selected. Any PKCS#5 v1.5 or PKCS#12 PBE algorithm name +can be used (see NOTES section for more information). If a cipher name +(as output by openssl list -cipher-algorithms) is specified then it +is used with PKCS#5 v2.0. For interoperability reasons it is advisable to only +use PKCS#12 algorithms.

    +
    +
    -keyex|-keysig
    + +
    +

    Specifies that the private key is to be used for key exchange or just signing. +This option is only interpreted by MSIE and similar MS software. Normally +"export grade" software will only allow 512 bit RSA keys to be used for +encryption purposes but arbitrary length keys for signing. The -keysig +option marks the key for signing only. Signing only keys can be used for +S/MIME signing, authenticode (ActiveX control signing) and SSL client +authentication, however due to a bug only MSIE 5.0 and later support +the use of signing only keys for SSL client authentication.

    +
    +
    -macalg digest
    + +
    +

    Specify the MAC digest algorithm. If not included them SHA1 will be used.

    +
    +
    -iter count
    + +
    +

    This option specifies the iteration count for the encryption key and MAC. The +default value is 2048.

    +

    To discourage attacks by using large dictionaries of common passwords the +algorithm that derives keys from passwords can have an iteration count applied +to it: this causes a certain part of the algorithm to be repeated and slows it +down. The MAC is used to check the file integrity but since it will normally +have the same password as the keys and certificates it could also be attacked.

    +
    +
    -nomaciter, -noiter
    + +
    +

    By default both MAC and encryption iteration counts are set to 2048, using +these options the MAC and encryption iteration counts can be set to 1, since +this reduces the file security you should not use these options unless you +really have to. Most software supports both MAC and key iteration counts. +MSIE 4.0 doesn't support MAC iteration counts so it needs the -nomaciter +option.

    +
    +
    -maciter
    + +
    +

    This option is included for compatibility with previous versions, it used +to be needed to use MAC iterations counts but they are now used by default.

    +
    +
    -nomac
    + +
    +

    Don't attempt to provide the MAC integrity.

    +
    +
    -LMK
    + +
    +

    Add the "Local Key Set" identifier to the attributes.

    +
    +
    -CSP name
    + +
    +

    Write name as a Microsoft CSP name.

    +
    +
    -CAfile file, -no-CAfile, -CApath dir, -no-CApath, +-CAstore uri, -no-CAstore
    + +
    +

    See openssl(1)/Trusted Certificate Options for details.

    +
    +
    -rand files, -writerand file
    + +
    +

    See openssl(1)/Random State Options for details.

    +
    +
    -engine id
    + +
    +

    See openssl(1)/Engine Options.

    +
    +
    +

    +

    +
    +

    NOTES

    +

    Although there are a large number of options most of them are very rarely +used. For PKCS#12 file parsing only -in and -out need to be used +for PKCS#12 file creation -export and -name are also used.

    +

    If none of the -clcerts, -cacerts or -nocerts options are present +then all certificates will be output in the order they appear in the input +PKCS#12 files. There is no guarantee that the first certificate present is +the one corresponding to the private key. Certain software which requires +a private key and certificate and assumes the first certificate in the +file is the one corresponding to the private key: this may not always +be the case. Using the -clcerts option will solve this problem by only +outputting the certificate corresponding to the private key. If the CA +certificates are required then they can be output to a separate file using +the -nokeys -cacerts options to just output CA certificates.

    +

    The -keypbe and -certpbe algorithms allow the precise encryption +algorithms for private keys and certificates to be specified. Normally +the defaults are fine but occasionally software can't handle triple DES +encrypted private keys, then the option -keypbe PBE-SHA1-RC2-40 can +be used to reduce the private key encryption to 40 bit RC2. A complete +description of all algorithms is contained in openssl-pkcs8(1).

    +

    Prior 1.1 release passwords containing non-ASCII characters were encoded +in non-compliant manner, which limited interoperability, in first hand +with Windows. But switching to standard-compliant password encoding +poses problem accessing old data protected with broken encoding. For +this reason even legacy encodings is attempted when reading the +data. If you use PKCS#12 files in production application you are advised +to convert the data, because implemented heuristic approach is not +MT-safe, its sole goal is to facilitate the data upgrade with this +command.

    +

    +

    +
    +

    EXAMPLES

    +

    Parse a PKCS#12 file and output it to a file:

    +
    + openssl pkcs12 -in file.p12 -out file.pem
    +

    Output only client certificates to a file:

    +
    + openssl pkcs12 -in file.p12 -clcerts -out file.pem
    +

    Don't encrypt the private key:

    +
    + openssl pkcs12 -in file.p12 -out file.pem -nodes
    +

    Print some info about a PKCS#12 file:

    +
    + openssl pkcs12 -in file.p12 -info -noout
    +

    Create a PKCS#12 file:

    +
    + openssl pkcs12 -export -in file.pem -out file.p12 -name "My Certificate"
    +

    Include some extra certificates:

    +
    + openssl pkcs12 -export -in file.pem -out file.p12 -name "My Certificate" \
+  -certfile othercerts.pem
    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +openssl-pkcs8(1), +ossl_store-file(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-pkcs7.html b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-pkcs7.html new file mode 100755 index 0000000..80a96e4 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-pkcs7.html @@ -0,0 +1,145 @@ + + + + +openssl-pkcs7 + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    openssl-pkcs7 - PKCS#7 utility

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl pkcs7 +[-help] +[-inform DER|PEM] +[-outform DER|PEM] +[-in filename] +[-out filename] +[-print] +[-print_certs] +[-text] +[-noout] +[-engine id]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command processes PKCS#7 files. Note that it only understands PKCS#7 +v 1.5 as specified in IETF RFC 2315. It cannot currently parse CMS as +described in IETF RFC 2630.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -inform DER|PEM, -outform DER|PEM
    + +
    +

    The input and formats; the default is PEM. +See openssl(1)/Format Options for details.

    +

    The data is a PKCS#7 Version 1.5 structure.

    +
    +
    -in filename
    + +
    +

    This specifies the input filename to read from or standard input if this +option is not specified.

    +
    +
    -out filename
    + +
    +

    Specifies the output filename to write to or standard output by +default.

    +
    +
    -print
    + +
    +

    Print out the full PKCS7 object.

    +
    +
    -print_certs
    + +
    +

    Prints out any certificates or CRLs contained in the file. They are +preceded by their subject and issuer names in one line format.

    +
    +
    -text
    + +
    +

    Prints out certificate details in full rather than just subject and +issuer names.

    +
    +
    -noout
    + +
    +

    Don't output the encoded version of the PKCS#7 structure (or certificates +if -print_certs is set).

    +
    +
    -engine id
    + +
    +

    See openssl(1)/Engine Options.

    +
    +
    +

    +

    +
    +

    EXAMPLES

    +

    Convert a PKCS#7 file from PEM to DER:

    +
    + openssl pkcs7 -in file.pem -outform DER -out file.der
    +

    Output all certificates in a file:

    +
    + openssl pkcs7 -in file.pem -print_certs -out certs.pem
    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +openssl-crl2pkcs7(1)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-pkcs8.html b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-pkcs8.html new file mode 100755 index 0000000..3b494e6 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-pkcs8.html @@ -0,0 +1,330 @@ + + + + +openssl-pkcs8 + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    openssl-pkcs8 - PKCS#8 format private key conversion tool

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl pkcs8 +[-help] +[-topk8] +[-inform DER|PEM] +[-outform DER|PEM] +[-in filename] +[-passin arg] +[-out filename] +[-passout arg] +[-iter count] +[-noiter] +[-nocrypt] +[-traditional] +[-v2 alg] +[-v2prf alg] +[-v1 alg] +[-scrypt] +[-scrypt_N N] +[-scrypt_r r] +[-scrypt_p p] +[-rand files] +[-writerand file] +[-engine id]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command processes private keys in PKCS#8 format. It can handle +both unencrypted PKCS#8 PrivateKeyInfo format and EncryptedPrivateKeyInfo +format with a variety of PKCS#5 (v1.5 and v2.0) and PKCS#12 algorithms.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -topk8
    + +
    +

    Normally a PKCS#8 private key is expected on input and a private key will be +written to the output file. With the -topk8 option the situation is +reversed: it reads a private key and writes a PKCS#8 format key.

    +
    +
    -inform DER|PEM, -outform DER|PEM
    + +
    +

    The input and formats; the default is PEM. +See openssl(1)/Format Options for details.

    +

    If a key is being converted from PKCS#8 form (i.e. the -topk8 option is +not used) then the input file must be in PKCS#8 format. An encrypted +key is expected unless -nocrypt is included.

    +

    If -topk8 is not used and PEM mode is set the output file will be an +unencrypted private key in PKCS#8 format. If the -traditional option is +used then a traditional format private key is written instead.

    +

    If -topk8 is not used and DER mode is set the output file will be an +unencrypted private key in traditional DER format.

    +

    If -topk8 is used then any supported private key can be used for the input +file in a format specified by -inform. The output file will be encrypted +PKCS#8 format using the specified encryption parameters unless -nocrypt +is included.

    +
    +
    -traditional
    + +
    +

    When this option is present and -topk8 is not a traditional format private +key is written.

    +
    +
    -in filename
    + +
    +

    This specifies the input filename to read a key from or standard input if this +option is not specified. If the key is encrypted a pass phrase will be +prompted for.

    +
    +
    -passin arg, -passout arg
    + +
    +

    The password source for the input and output file. +For more information about the format of arg +see openssl(1)/Pass Phrase Options.

    +
    +
    -out filename
    + +
    +

    This specifies the output filename to write a key to or standard output by +default. If any encryption options are set then a pass phrase will be +prompted for. The output filename should not be the same as the input +filename.

    +
    +
    -iter count
    + +
    +

    When creating new PKCS#8 containers, use a given number of iterations on +the password in deriving the encryption key for the PKCS#8 output. +High values increase the time required to brute-force a PKCS#8 container.

    +
    +
    -nocrypt
    + +
    +

    PKCS#8 keys generated or input are normally PKCS#8 EncryptedPrivateKeyInfo +structures using an appropriate password based encryption algorithm. With +this option an unencrypted PrivateKeyInfo structure is expected or output. +This option does not encrypt private keys at all and should only be used +when absolutely necessary. Certain software such as some versions of Java +code signing software used unencrypted private keys.

    +
    +
    -v2 alg
    + +
    +

    This option sets the PKCS#5 v2.0 algorithm.

    +

    The alg argument is the encryption algorithm to use, valid values include +aes128, aes256 and des3. If this option isn't specified then aes256 +is used.

    +
    +
    -v2prf alg
    + +
    +

    This option sets the PRF algorithm to use with PKCS#5 v2.0. A typical value +value would be hmacWithSHA256. If this option isn't set then the default +for the cipher is used or hmacWithSHA256 if there is no default.

    +

    Some implementations may not support custom PRF algorithms and may require +the hmacWithSHA1 option to work.

    +
    +
    -v1 alg
    + +
    +

    This option indicates a PKCS#5 v1.5 or PKCS#12 algorithm should be used. Some +older implementations may not support PKCS#5 v2.0 and may require this option. +If not specified PKCS#5 v2.0 form is used.

    +
    +
    -scrypt
    + +
    +

    Uses the scrypt algorithm for private key encryption using default +parameters: currently N=16384, r=8 and p=1 and AES in CBC mode with a 256 bit +key. These parameters can be modified using the -scrypt_N, -scrypt_r, +-scrypt_p and -v2 options.

    +
    +
    -scrypt_N N, -scrypt_r r, -scrypt_p p
    + +
    +

    Sets the scrypt N, r or p parameters.

    +
    +
    -rand files, -writerand file
    + +
    +

    See openssl(1)/Random State Options for details.

    +
    +
    -engine id
    + +
    +

    See openssl(1)/Engine Options.

    +
    +
    +

    +

    +
    +

    NOTES

    +

    By default, when converting a key to PKCS#8 format, PKCS#5 v2.0 using 256 bit +AES with HMAC and SHA256 is used.

    +

    Some older implementations do not support PKCS#5 v2.0 format and require +the older PKCS#5 v1.5 form instead, possibly also requiring insecure weak +encryption algorithms such as 56 bit DES.

    +

    Private keys encrypted using PKCS#5 v2.0 algorithms and high iteration +counts are more secure that those encrypted using the traditional +SSLeay compatible formats. So if additional security is considered +important the keys should be converted.

    +

    It is possible to write out DER encoded encrypted private keys in +PKCS#8 format because the encryption details are included at an ASN1 +level whereas the traditional format includes them at a PEM level.

    +

    +

    +
    +

    PKCS#5 V1.5 AND PKCS#12 ALGORITHMS

    +

    Various algorithms can be used with the -v1 command line option, +including PKCS#5 v1.5 and PKCS#12. These are described in more detail +below.

    +
    +
    PBE-MD2-DES PBE-MD5-DES
    + +
    +

    These algorithms were included in the original PKCS#5 v1.5 specification. +They only offer 56 bits of protection since they both use DES.

    +
    +
    PBE-SHA1-RC2-64, PBE-MD2-RC2-64, PBE-MD5-RC2-64, PBE-SHA1-DES
    + +
    +

    These algorithms are not mentioned in the original PKCS#5 v1.5 specification +but they use the same key derivation algorithm and are supported by some +software. They are mentioned in PKCS#5 v2.0. They use either 64 bit RC2 or +56 bit DES.

    +
    +
    PBE-SHA1-RC4-128, PBE-SHA1-RC4-40, PBE-SHA1-3DES, PBE-SHA1-2DES, PBE-SHA1-RC2-128, PBE-SHA1-RC2-40
    + +
    +

    These algorithms use the PKCS#12 password based encryption algorithm and +allow strong encryption algorithms like triple DES or 128 bit RC2 to be used.

    +
    +
    +

    +

    +
    +

    EXAMPLES

    +

    Convert a private key to PKCS#8 format using default parameters (AES with +256 bit key and hmacWithSHA256):

    +
    + openssl pkcs8 -in key.pem -topk8 -out enckey.pem
    +

    Convert a private key to PKCS#8 unencrypted format:

    +
    + openssl pkcs8 -in key.pem -topk8 -nocrypt -out enckey.pem
    +

    Convert a private key to PKCS#5 v2.0 format using triple DES:

    +
    + openssl pkcs8 -in key.pem -topk8 -v2 des3 -out enckey.pem
    +

    Convert a private key to PKCS#5 v2.0 format using AES with 256 bits in CBC +mode and hmacWithSHA512 PRF:

    +
    + openssl pkcs8 -in key.pem -topk8 -v2 aes-256-cbc -v2prf hmacWithSHA512 -out enckey.pem
    +

    Convert a private key to PKCS#8 using a PKCS#5 1.5 compatible algorithm +(DES):

    +
    + openssl pkcs8 -in key.pem -topk8 -v1 PBE-MD5-DES -out enckey.pem
    +

    Convert a private key to PKCS#8 using a PKCS#12 compatible algorithm +(3DES):

    +
    + openssl pkcs8 -in key.pem -topk8 -out enckey.pem -v1 PBE-SHA1-3DES
    +

    Read a DER unencrypted PKCS#8 format private key:

    +
    + openssl pkcs8 -inform DER -nocrypt -in key.der -out key.pem
    +

    Convert a private key from any PKCS#8 encrypted format to traditional format:

    +
    + openssl pkcs8 -in pk8.pem -traditional -out key.pem
    +

    Convert a private key to PKCS#8 format, encrypting with AES-256 and with +one million iterations of the password:

    +
    + openssl pkcs8 -in key.pem -topk8 -v2 aes-256-cbc -iter 1000000 -out pk8.pem
    +

    +

    +
    +

    STANDARDS

    +

    Test vectors from this PKCS#5 v2.0 implementation were posted to the +pkcs-tng mailing list using triple DES, DES and RC2 with high iteration +counts, several people confirmed that they could decrypt the private +keys produced and Therefore it can be assumed that the PKCS#5 v2.0 +implementation is reasonably accurate at least as far as these +algorithms are concerned.

    +

    The format of PKCS#8 DSA (and other) private keys is not well documented: +it is hidden away in PKCS#11 v2.01, section 11.9. OpenSSL's default DSA +PKCS#8 private key format complies with this standard.

    +

    +

    +
    +

    BUGS

    +

    There should be an option that prints out the encryption algorithm +in use and other details such as the iteration count.

    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +openssl-dsa(1), +openssl-rsa(1), +openssl-genrsa(1), +openssl-gendsa(1)

    +

    +

    +
    +

    HISTORY

    +

    The -iter option was added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-pkey.html b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-pkey.html new file mode 100755 index 0000000..23d61b8 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-pkey.html @@ -0,0 +1,240 @@ + + + + +openssl-pkey + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    openssl-pkey - public or private key processing tool

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl pkey +[-help] +[-inform DER|PEM] +[-outform DER|PEM] +[-in filename] +[-passin arg] +[-out filename] +[-passout arg] +[-traditional] +[-cipher] +[-text] +[-text_pub] +[-noout] +[-pubin] +[-pubout] +[-check] +[-pubcheck] +[-ec_conv_form arg] +[-ec_param_enc arg] +[-engine id]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command processes public or private keys. They can be +converted between various forms and their components printed out.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -inform DER|PEM, -outform DER|PEM
    + +
    +

    The input and formats; the default is PEM. +See openssl(1)/Format Options for details.

    +
    +
    -in filename
    + +
    +

    This specifies the input filename to read a key from or standard input if this +option is not specified. If the key is encrypted a pass phrase will be +prompted for.

    +
    +
    -passin arg, -passout arg
    + +
    +

    The password source for the input and output file. +For more information about the format of arg +see openssl(1)/Pass Phrase Options.

    +
    +
    -out filename
    + +
    +

    This specifies the output filename to write a key to or standard output if this +option is not specified. If any encryption options are set then a pass phrase +will be prompted for. The output filename should not be the same as the input +filename.

    +
    +
    -traditional
    + +
    +

    Normally a private key is written using standard format: this is PKCS#8 form +with the appropriate encryption algorithm (if any). If the -traditional +option is specified then the older "traditional" format is used instead.

    +
    +
    -cipher
    + +
    +

    These options encrypt the private key with the supplied cipher. Any algorithm +name accepted by EVP_get_cipherbyname() is acceptable such as des3.

    +
    +
    -text
    + +
    +

    Prints out the various public or private key components in +plain text in addition to the encoded version.

    +
    +
    -text_pub
    + +
    +

    Print out only public key components even if a private key is being processed.

    +
    +
    -noout
    + +
    +

    Do not output the encoded version of the key.

    +
    +
    -pubin
    + +
    +

    By default a private key is read from the input file: with this +option a public key is read instead.

    +
    +
    -pubout
    + +
    +

    By default a private key is output: with this option a public +key will be output instead. This option is automatically set if +the input is a public key.

    +
    +
    -check
    + +
    +

    This option checks the consistency of a key pair for both public and private +components.

    +
    +
    -pubcheck
    + +
    +

    This option checks the correctness of either a public key or the public component +of a key pair.

    +
    +
    -ec_conv_form arg
    + +
    +

    This option only applies to elliptic curve based public and private keys.

    +

    This specifies how the points on the elliptic curve are converted +into octet strings. Possible values are: compressed (the default +value), uncompressed and hybrid. For more information regarding +the point conversion forms please read the X9.62 standard. +Note Due to patent issues the compressed option is disabled +by default for binary curves and can be enabled by defining +the preprocessor macro OPENSSL_EC_BIN_PT_COMP at compile time.

    +
    +
    -ec_param_enc arg
    + +
    +

    This option only applies to elliptic curve based public and private keys.

    +

    This specifies how the elliptic curve parameters are encoded. +Possible value are: named_curve, i.e. the ec parameters are +specified by an OID, or explicit where the ec parameters are +explicitly given (see RFC 3279 for the definition of the +EC parameters structures). The default value is named_curve. +Note the implicitlyCA alternative, as specified in RFC 3279, +is currently not implemented in OpenSSL.

    +
    +
    -engine id
    + +
    +

    See openssl(1)/Engine Options.

    +
    +
    +

    +

    +
    +

    EXAMPLES

    +

    To remove the pass phrase on a private key:

    +
    + openssl pkey -in key.pem -out keyout.pem
    +

    To encrypt a private key using triple DES:

    +
    + openssl pkey -in key.pem -des3 -out keyout.pem
    +

    To convert a private key from PEM to DER format:

    +
    + openssl pkey -in key.pem -outform DER -out keyout.der
    +

    To print out the components of a private key to standard output:

    +
    + openssl pkey -in key.pem -text -noout
    +

    To print out the public components of a private key to standard output:

    +
    + openssl pkey -in key.pem -text_pub -noout
    +

    To just output the public part of a private key:

    +
    + openssl pkey -in key.pem -pubout -out pubkey.pem
    +

    To change the EC parameters encoding to explicit:

    +
    + openssl pkey -in key.pem -ec_param_enc explicit -out keyout.pem
    +

    To change the EC point conversion form to compressed:

    +
    + openssl pkey -in key.pem -ec_conv_form compressed -out keyout.pem
    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +openssl-genpkey(1), +openssl-rsa(1), +openssl-pkcs8(1), +openssl-dsa(1), +openssl-genrsa(1), +openssl-gendsa(1)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-pkeyparam.html b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-pkeyparam.html new file mode 100755 index 0000000..721e5b4 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-pkeyparam.html @@ -0,0 +1,135 @@ + + + + +openssl-pkeyparam + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    openssl-pkeyparam - public key algorithm parameter processing tool

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl pkeyparam +[-help] +[-in filename] +[-out filename] +[-text] +[-noout] +[-check] +[-engine id]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command processes public key algorithm parameters. +They can be checked for correctness and their components printed out.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -in filename
    + +
    +

    This specifies the input filename to read parameters from or standard input if +this option is not specified.

    +
    +
    -out filename
    + +
    +

    This specifies the output filename to write parameters to or standard output if +this option is not specified.

    +
    +
    -text
    + +
    +

    Prints out the parameters in plain text in addition to the encoded version.

    +
    +
    -noout
    + +
    +

    Do not output the encoded version of the parameters.

    +
    +
    -check
    + +
    +

    This option checks the correctness of parameters.

    +
    +
    -engine id
    + +
    +

    See openssl(1)/Engine Options.

    +
    +
    +

    +

    +
    +

    EXAMPLES

    +

    Print out text version of parameters:

    +
    + openssl pkeyparam -in param.pem -text
    +

    +

    +
    +

    NOTES

    +

    There are no -inform or -outform options for this command because only +PEM format is supported because the key type is determined by the PEM headers.

    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +openssl-genpkey(1), +openssl-rsa(1), +openssl-pkcs8(1), +openssl-dsa(1), +openssl-genrsa(1), +openssl-gendsa(1)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-pkeyutl.html b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-pkeyutl.html new file mode 100755 index 0000000..ca01c54 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-pkeyutl.html @@ -0,0 +1,480 @@ + + + + +openssl-pkeyutl + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    openssl-pkeyutl - public key algorithm utility

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl pkeyutl +[-help] +[-in file] +[-rawin] +[-digest algorithm] +[-out file] +[-sigfile file] +[-inkey file] +[-keyform DER|PEM|ENGINE] +[-passin arg] +[-peerkey file] +[-peerform DER|PEM|ENGINE] +[-pubin] +[-certin] +[-rev] +[-sign] +[-verify] +[-verifyrecover] +[-encrypt] +[-decrypt] +[-derive] +[-kdf algorithm] +[-kdflen length] +[-pkeyopt opt:value] +[-pkeyopt_passin opt[:passarg]] +[-hexdump] +[-asn1parse] +[-engine id] +[-engine_impl] +[-rand files] +[-writerand file]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command can be used to perform low level public key +operations using any supported algorithm.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -in filename
    + +
    +

    This specifies the input filename to read data from or standard input +if this option is not specified.

    +
    +
    -rawin
    + +
    +

    This indicates that the input data is raw data, which is not hashed by any +message digest algorithm. The user can specify a digest algorithm by using +the -digest option. This option can only be used with -sign and +-verify and must be used with the Ed25519 and Ed448 algorithms.

    +
    +
    -digest algorithm
    + +
    +

    This specifies the digest algorithm which is used to hash the input data before +signing or verifying it with the input key. This option could be omitted if the +signature algorithm does not require one (for instance, EdDSA). If this option +is omitted but the signature algorithm requires one, a default value will be +used. For signature algorithms like RSA, DSA and ECDSA, SHA-256 will be the +default digest algorithm. For SM2, it will be SM3. If this option is present, +then the -rawin option must be also specified.

    +
    +
    -out filename
    + +
    +

    Specifies the output filename to write to or standard output by +default.

    +
    +
    -sigfile file
    + +
    +

    Signature file, required for -verify operations only

    +
    +
    -inkey file
    + +
    +

    The input key file, by default it should be a private key.

    +
    +
    -keyform DER|PEM|ENGINE
    + +
    +

    The key format; the default is PEM. +See openssl(1)/Format Options for details.

    +
    +
    -passin arg
    + +
    +

    The input key password source. For more information about the format of arg +see openssl(1)/Pass Phrase Options.

    +
    +
    -peerkey file
    + +
    +

    The peer key file, used by key derivation (agreement) operations.

    +
    +
    -peerform DER|PEM|ENGINE
    + +
    +

    The peer key format; the default is PEM. +See openssl(1)/Format Options for details.

    +
    +
    -pubin
    + +
    +

    The input file is a public key.

    +
    +
    -certin
    + +
    +

    The input is a certificate containing a public key.

    +
    +
    -rev
    + +
    +

    Reverse the order of the input buffer. This is useful for some libraries +(such as CryptoAPI) which represent the buffer in little endian format.

    +
    +
    -sign
    + +
    +

    Sign the input data (which must be a hash) and output the signed result. This +requires a private key.

    +
    +
    -verify
    + +
    +

    Verify the input data (which must be a hash) against the signature file and +indicate if the verification succeeded or failed.

    +
    +
    -verifyrecover
    + +
    +

    Verify the input data (which must be a hash) and output the recovered data.

    +
    +
    -encrypt
    + +
    +

    Encrypt the input data using a public key.

    +
    +
    -decrypt
    + +
    +

    Decrypt the input data using a private key.

    +
    +
    -derive
    + +
    +

    Derive a shared secret using the peer key.

    +
    +
    -kdf algorithm
    + +
    +

    Use key derivation function algorithm. The supported algorithms are +at present TLS1-PRF and HKDF. +Note: additional parameters and the KDF output length will normally have to be +set for this to work. +See EVP_PKEY_CTX_set_hkdf_md(3) and EVP_PKEY_CTX_set_tls1_prf_md(3) +for the supported string parameters of each algorithm.

    +
    +
    -kdflen length
    + +
    +

    Set the output length for KDF.

    +
    +
    -pkeyopt opt:value
    + +
    +

    Public key options specified as opt:value. See NOTES below for more details.

    +
    +
    -pkeyopt_passin opt[:passarg]
    + +
    +

    Allows reading a public key option opt from stdin or a password source. +If only opt is specified, the user will be prompted to enter a password on +stdin. Alternatively, passarg can be specified which can be any value +supported by openssl(1)/Pass phrase options.

    +
    +
    -hexdump
    + +
    +

    hex dump the output data.

    +
    +
    -asn1parse
    + +
    +

    Parse the ASN.1 output data, this is useful when combined with the +-verifyrecover option when an ASN1 structure is signed.

    +
    +
    -engine id
    + +
    +

    See openssl(1)/Engine Options.

    +
    +
    -engine_impl
    + +
    +

    When used with the -engine option, it specifies to also use +engine id for crypto operations.

    +
    +
    -rand files, -writerand file
    + +
    +

    See openssl(1)/Random State Options for details.

    +
    +
    +

    +

    +
    +

    NOTES

    +

    The operations and options supported vary according to the key algorithm +and its implementation. The OpenSSL operations and options are indicated below.

    +

    Unless otherwise mentioned all algorithms support the digest:alg option +which specifies the digest in use for sign, verify and verifyrecover operations. +The value alg should represent a digest name as used in the +EVP_get_digestbyname() function for example sha1. This value is not used to +hash the input data. It is used (by some algorithms) for sanity-checking the +lengths of data passed in and for creating the structures that make up the +signature (e.g. DigestInfo in RSASSA PKCS#1 v1.5 signatures).

    +

    This command does not hash the input data (except where -rawin is used) but +rather it will use the data directly as input to the signature algorithm. +Depending on the key type, signature type, and mode of padding, the maximum +acceptable lengths of input data differ. The signed data can't be longer than +the key modulus with RSA. In case of ECDSA and DSA the data shouldn't be longer +than the field size, otherwise it will be silently truncated to the field size. +In any event the input size must not be larger than the largest supported digest +size.

    +

    In other words, if the value of digest is sha1 the input should be the 20 +bytes long binary encoding of the SHA-1 hash function output.

    +

    +

    +
    +

    RSA ALGORITHM

    +

    The RSA algorithm generally supports the encrypt, decrypt, sign, +verify and verifyrecover operations. However, some padding modes +support only a subset of these operations. The following additional +pkeyopt values are supported:

    +
    +
    rsa_padding_mode:mode
    + +
    +

    This sets the RSA padding mode. Acceptable values for mode are pkcs1 for +PKCS#1 padding, sslv23 for SSLv23 padding, none for no padding, oaep +for OAEP mode, x931 for X9.31 mode and pss for PSS.

    +

    In PKCS#1 padding if the message digest is not set then the supplied data is +signed or verified directly instead of using a DigestInfo structure. If a +digest is set then the a DigestInfo structure is used and its the length +must correspond to the digest type.

    +

    For oaep mode only encryption and decryption is supported.

    +

    For x931 if the digest type is set it is used to format the block data +otherwise the first byte is used to specify the X9.31 digest ID. Sign, +verify and verifyrecover are can be performed in this mode.

    +

    For pss mode only sign and verify are supported and the digest type must be +specified.

    +
    +
    rsa_pss_saltlen:len
    + +
    +

    For pss mode only this option specifies the salt length. Three special +values are supported: digest sets the salt length to the digest length, +max sets the salt length to the maximum permissible value. When verifying +auto causes the salt length to be automatically determined based on the +PSS block structure.

    +
    +
    rsa_mgf1_md:digest
    + +
    +

    For PSS and OAEP padding sets the MGF1 digest. If the MGF1 digest is not +explicitly set in PSS mode then the signing digest is used.

    +
    +
    +

    +

    +
    +

    RSA-PSS ALGORITHM

    +

    The RSA-PSS algorithm is a restricted version of the RSA algorithm which only +supports the sign and verify operations with PSS padding. The following +additional -pkeyopt values are supported:

    +
    +
    rsa_padding_mode:mode, rsa_pss_saltlen:len, +rsa_mgf1_md:digest
    + +
    +

    These have the same meaning as the RSA algorithm with some additional +restrictions. The padding mode can only be set to pss which is the +default value.

    +

    If the key has parameter restrictions than the digest, MGF1 +digest and salt length are set to the values specified in the parameters. +The digest and MG cannot be changed and the salt length cannot be set to a +value less than the minimum restriction.

    +
    +
    +

    +

    +
    +

    DSA ALGORITHM

    +

    The DSA algorithm supports signing and verification operations only. Currently +there are no additional -pkeyopt options other than digest. The SHA1 +digest is assumed by default.

    +

    +

    +
    +

    DH ALGORITHM

    +

    The DH algorithm only supports the derivation operation and no additional +-pkeyopt options.

    +

    +

    +
    +

    EC ALGORITHM

    +

    The EC algorithm supports sign, verify and derive operations. The sign and +verify operations use ECDSA and derive uses ECDH. SHA1 is assumed by default for +the -pkeyopt digest option.

    +

    +

    +
    +

    X25519 AND X448 ALGORITHMS

    +

    The X25519 and X448 algorithms support key derivation only. Currently there are +no additional options.

    +

    +

    +
    +

    ED25519 AND ED448 ALGORITHMS

    +

    These algorithms only support signing and verifying. OpenSSL only implements the +"pure" variants of these algorithms so raw data can be passed directly to them +without hashing them first. The option -rawin must be used with these +algorithms with no -digest specified. Additionally OpenSSL only supports +"oneshot" operation with these algorithms. This means that the entire file to +be signed/verified must be read into memory before processing it. Signing or +Verifying very large files should be avoided. Additionally the size of the file +must be known for this to work. If the size of the file cannot be determined +(for example if the input is stdin) then the sign or verify operation will fail.

    +

    +

    +
    +

    SM2

    +

    The SM2 algorithm supports sign, verify, encrypt and decrypt operations. For +the sign and verify operations, SM2 requires an ID string to be passed in. The +following -pkeyopt value is supported:

    +
    +
    sm2_id:string
    + +
    +

    This sets the ID string used in SM2 sign or verify operations. While verifying +an SM2 signature, the ID string must be the same one used when signing the data. +Otherwise the verification will fail.

    +
    +
    sm2_hex_id:hex_string
    + +
    +

    This sets the ID string used in SM2 sign or verify operations. While verifying +an SM2 signature, the ID string must be the same one used when signing the data. +Otherwise the verification will fail. The ID string provided with this option +should be a valid hexadecimal value.

    +
    +
    +

    +

    +
    +

    EXAMPLES

    +

    Sign some data using a private key:

    +
    + openssl pkeyutl -sign -in file -inkey key.pem -out sig
    +

    Recover the signed data (e.g. if an RSA key is used):

    +
    + openssl pkeyutl -verifyrecover -in sig -inkey key.pem
    +

    Verify the signature (e.g. a DSA key):

    +
    + openssl pkeyutl -verify -in file -sigfile sig -inkey key.pem
    +

    Sign data using a message digest value (this is currently only valid for RSA):

    +
    + openssl pkeyutl -sign -in file -inkey key.pem -out sig -pkeyopt digest:sha256
    +

    Derive a shared secret value:

    +
    + openssl pkeyutl -derive -inkey key.pem -peerkey pubkey.pem -out secret
    +

    Hexdump 48 bytes of TLS1 PRF using digest SHA256 and shared secret and +seed consisting of the single byte 0xFF:

    +
    + openssl pkeyutl -kdf TLS1-PRF -kdflen 48 -pkeyopt md:SHA256 \
+    -pkeyopt hexsecret:ff -pkeyopt hexseed:ff -hexdump
    +

    Derive a key using scrypt where the password is read from command line:

    +
    + openssl pkeyutl -kdf scrypt -kdflen 16 -pkeyopt_passin pass \
+    -pkeyopt hexsalt:aabbcc -pkeyopt N:16384 -pkeyopt r:8 -pkeyopt p:1
    +

    Derive using the same algorithm, but read key from environment variable MYPASS:

    +
    + openssl pkeyutl -kdf scrypt -kdflen 16 -pkeyopt_passin pass:env:MYPASS \
+    -pkeyopt hexsalt:aabbcc -pkeyopt N:16384 -pkeyopt r:8 -pkeyopt p:1
    +

    Sign some data using an SM2(7) private key and a specific ID:

    +
    + openssl pkeyutl -sign -in file -inkey sm2.key -out sig -rawin -digest sm3 \
+    -pkeyopt sm2_id:someid
    +

    Verify some data using an SM2(7) certificate and a specific ID:

    +
    + openssl pkeyutl -verify -certin -in file -inkey sm2.cert -sigfile sig \
+    -rawin -digest sm3 -pkeyopt sm2_id:someid
    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +openssl-genpkey(1), +openssl-pkey(1), +openssl-rsautl(1) +openssl-dgst(1), +openssl-rsa(1), +openssl-genrsa(1), +openssl-kdf(1) +EVP_PKEY_CTX_set_hkdf_md(3), +EVP_PKEY_CTX_set_tls1_prf_md(3),

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-prime.html b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-prime.html new file mode 100755 index 0000000..52ebfef --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-prime.html @@ -0,0 +1,104 @@ + + + + +openssl-prime + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    openssl-prime - compute prime numbers

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl prime +[-help] +[-hex] +[-generate] +[-bits num] +[-safe] +[-checks num] +[number ...]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command checks if the specified numbers are prime.

    +

    If no numbers are given on the command line, the -generate flag should +be used to generate primes according to the requirements specified by the +rest of the flags.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Display an option summary.

    +
    +
    -hex
    + +
    +

    Generate hex output.

    +
    +
    -generate
    + +
    +

    Generate a prime number.

    +
    +
    -bits num
    + +
    +

    Generate a prime with num bits.

    +
    +
    -safe
    + +
    +

    When used with -generate, generates a "safe" prime. If the number +generated is n, then check that (n-1)/2 is also prime.

    +
    +
    -checks num
    + +
    +

    This parameter is ignored.

    +
    +
    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-provider.html b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-provider.html new file mode 100755 index 0000000..67b54de --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-provider.html @@ -0,0 +1,101 @@ + + + + +openssl-provider + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    openssl-provider - load and query providers

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl provider +[-help] +[-v] +[-vv] +[-vvv] +[provider ...]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command is used to query the capabilities of the +specified provider's.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -v -vv -vvv
    + +
    +

    Provides information about each specified provider. +The first flag lists the names of all algorithms each provider +implements; the second lists them by category; the third adds +information on what parameters each of them can handle.

    +
    +
    +

    +

    +
    +

    ENVIRONMENT

    +
    +
    OPENSSL_MODULES
    + +
    +

    The path to the modules directory, where one can expect provider +modules to be located.

    +
    +
    +

    +

    +
    +

    SEE ALSO

    +

    config(5)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-rand.html b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-rand.html new file mode 100755 index 0000000..74ac427 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-rand.html @@ -0,0 +1,109 @@ + + + + +openssl-rand + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    openssl-rand - generate pseudo-random bytes

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl rand +[-help] +[-out file] +[-base64] +[-hex] +[-engine id] +[-rand files] +[-writerand file] +num

    +

    +

    +
    +

    DESCRIPTION

    +

    This command outputs num pseudo-random bytes after seeding +the random number generator once.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -out file
    + +
    +

    Write to file instead of standard output.

    +
    +
    -base64
    + +
    +

    Perform base64 encoding on the output.

    +
    +
    -hex
    + +
    +

    Show the output as a hex string.

    +
    +
    -engine id
    + +
    +

    See openssl(1)/Engine Options.

    +
    +
    -rand files, -writerand file
    + +
    +

    See openssl(1)/Random State Options for details.

    +
    +
    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +RAND_bytes(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-rehash.html b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-rehash.html new file mode 100755 index 0000000..674125e --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-rehash.html @@ -0,0 +1,189 @@ + + + + +openssl-rehash + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    openssl-rehash, c_rehash - Create symbolic links to files named by the hash +values

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl +rehash +[-h] +[-help] +[-old] +[-compat] +[-n] +[-v] +[directory] ...

    +

    c_rehash +[-h] +[-help] +[-old] +[-n] +[-v] +[directory] ...

    +

    +

    +
    +

    DESCRIPTION

    +

    This command is generally equivalent to the external +script c_rehash, +except for minor differences noted below.

    +

    openssl rehash scans directories and calculates a hash value of +each .pem, .crt, .cer, or .crl +file in the specified directory list and creates symbolic links +for each file, where the name of the link is the hash value. +(If the platform does not support symbolic links, a copy is made.) +This command is useful as many programs that use OpenSSL require +directories to be set up like this in order to find certificates.

    +

    If any directories are named on the command line, then those are +processed in turn. If not, then the SSL_CERT_DIR environment variable +is consulted; this should be a colon-separated list of directories, +like the Unix PATH variable. +If that is not set then the default directory (installation-specific +but often /usr/local/ssl/certs) is processed.

    +

    In order for a directory to be processed, the user must have write +permissions on that directory, otherwise an error will be generated.

    +

    The links created are of the form HHHHHHHH.D, where each H +is a hexadecimal character and D is a single decimal digit. +When a directory is processed, all links in it that have a name +in that syntax are first removed, even if they are being used for +some other purpose. +To skip the removal step, use the -n flag. +Hashes for CRL's look similar except the letter r appears after +the period, like this: HHHHHHHH.rD.

    +

    Multiple objects may have the same hash; they will be indicated by +incrementing the D value. Duplicates are found by comparing the +full SHA-1 fingerprint. A warning will be displayed if a duplicate +is found.

    +

    A warning will also be displayed if there are files that +cannot be parsed as either a certificate or a CRL or if +more than one such object appears in the file.

    +

    +

    +

    Script Configuration

    +

    The c_rehash script +uses the openssl program to compute the hashes and +fingerprints. If not found in the user's PATH, then set the +OPENSSL environment variable to the full pathname. +Any program can be used, it will be invoked as follows for either +a certificate or CRL:

    +
    +  $OPENSSL x509 -hash -fingerprint -noout -in FILENAME
+  $OPENSSL crl -hash -fingerprint -noout -in FILENAME
    +

    where FILENAME is the filename. It must output the hash of the +file on the first line, and the fingerprint on the second, +optionally prefixed with some text and an equals sign.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help -h
    + +
    +

    Display a brief usage message.

    +
    +
    -old
    + +
    +

    Use old-style hashing (MD5, as opposed to SHA-1) for generating +links to be used for releases before 1.0.0. +Note that current versions will not use the old style.

    +
    +
    -n
    + +
    +

    Do not remove existing links. +This is needed when keeping new and old-style links in the same directory.

    +
    +
    -compat
    + +
    +

    Generate links for both old-style (MD5) and new-style (SHA1) hashing. +This allows releases before 1.0.0 to use these links along-side newer +releases.

    +
    +
    -v
    + +
    +

    Print messages about old links removed and new links created. +By default, this command only lists each directory as it is processed.

    +
    +
    +

    +

    +
    +

    ENVIRONMENT

    +
    +
    OPENSSL
    + +
    +

    The path to an executable to use to generate hashes and +fingerprints (see above).

    +
    +
    SSL_CERT_DIR
    + +
    +

    Colon separated list of directories to operate on. +Ignored if directories are listed on the command line.

    +
    +
    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +openssl-crl(1), +openssl-x509(1)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-req.html b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-req.html new file mode 100755 index 0000000..6934a09 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-req.html @@ -0,0 +1,749 @@ + + + + +openssl-req + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    openssl-req - PKCS#10 certificate request and certificate generating utility

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl req +[-help] +[-inform DER|PEM] +[-outform DER|PEM] +[-in filename] +[-passin arg] +[-out filename] +[-passout arg] +[-text] +[-pubkey] +[-noout] +[-verify] +[-modulus] +[-new] +[-newkey arg] +[-pkeyopt opt:value] +[-nodes] +[-key filename] +[-keyform DER|PEM] +[-keyout filename] +[-keygen_engine id] +[-digest] +[-config filename] +[-multivalue-rdn] +[-x509] +[-days n] +[-set_serial n] +[-newhdr] +[-addext ext] +[-extensions section] +[-reqexts section] +[-precert] +[-utf8] +[-reqopt] +[-subject] +[-subj arg] +[-sigopt nm:v] +[-batch] +[-verbose] +[-sm2-id string] +[-sm2-hex-id hex-string] +[-nameopt option] +[-rand files] +[-writerand file] +[-engine id]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command primarily creates and processes certificate requests +in PKCS#10 format. It can additionally create self signed certificates +for use as root CAs for example.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -inform DER|PEM, -outform DER|PEM
    + +
    +

    The input and formats; the default is PEM. +See openssl(1)/Format Options for details.

    +

    The data is a PKCS#10 object.

    +
    +
    -in filename
    + +
    +

    This specifies the input filename to read a request from or standard input +if this option is not specified. A request is only read if the creation +options (-new and -newkey) are not specified.

    +
    +
    -sigopt nm:v
    + +
    +

    Pass options to the signature algorithm during sign or verify operations. +Names and values of these options are algorithm-specific.

    +
    +
    -passin arg, -passout arg
    + +
    +

    The password source for the input and output file. +For more information about the format of arg +see openssl(1)/Pass Phrase Options.

    +
    +
    -out filename
    + +
    +

    This specifies the output filename to write to or standard output by +default.

    +
    +
    -text
    + +
    +

    Prints out the certificate request in text form.

    +
    +
    -subject
    + +
    +

    Prints out the request subject (or certificate subject if -x509 is +specified)

    +
    +
    -pubkey
    + +
    +

    Outputs the public key.

    +
    +
    -noout
    + +
    +

    This option prevents output of the encoded version of the request.

    +
    +
    -modulus
    + +
    +

    This option prints out the value of the modulus of the public key +contained in the request.

    +
    +
    -verify
    + +
    +

    Verifies the signature on the request.

    +
    +
    -new
    + +
    +

    This option generates a new certificate request. It will prompt +the user for the relevant field values. The actual fields +prompted for and their maximum and minimum sizes are specified +in the configuration file and any requested extensions.

    +

    If the -key option is not used it will generate a new RSA private +key using information specified in the configuration file.

    +
    +
    -newkey arg
    + +
    +

    This option creates a new certificate request and a new private +key. The argument takes one of several forms.

    +

    rsa:nbits, where +nbits is the number of bits, generates an RSA key nbits +in size. If nbits is omitted, i.e. -newkey rsa specified, +the default key size, specified in the configuration file is used.

    +

    All other algorithms support the -newkey alg:file form, where file +may be an algorithm parameter file, created with openssl genpkey -genparam +or an X.509 certificate for a key with appropriate algorithm.

    +

    param:file generates a key using the parameter file or certificate +file, the algorithm is determined by the parameters. algname:file +use algorithm algname and parameter file file: the two algorithms must +match or an error occurs. algname just uses algorithm algname, and +parameters, if necessary should be specified via -pkeyopt parameter.

    +

    dsa:filename generates a DSA key using the parameters +in the file filename. ec:filename generates EC key (usable both with +ECDSA or ECDH algorithms), gost2001:filename generates GOST R +34.10-2001 key (requires gost engine configured in the configuration +file). If just gost2001 is specified a parameter set should be +specified by -pkeyopt paramset:X

    +
    +
    -pkeyopt opt:value
    + +
    +

    Set the public key algorithm option opt to value. The precise set of +options supported depends on the public key algorithm used and its +implementation. +See openssl-genpkey(1)/KEY GENERATION OPTIONS for more details.

    +
    +
    -key filename
    + +
    +

    This specifies the file to read the private key from. It also +accepts PKCS#8 format private keys for PEM format files.

    +
    +
    -keyform DER|PEM
    + +
    +

    The format of the private key; the default is PEM. +See openssl(1)/Format Options for details.

    +
    +
    -keyout filename
    + +
    +

    This gives the filename to write the newly created private key to. +If this option is not specified then the filename present in the +configuration file is used.

    +
    +
    -nodes
    + +
    +

    If this option is specified then if a private key is created it +will not be encrypted.

    +
    +
    -digest
    + +
    +

    This specifies the message digest to sign the request. +Any digest supported by the OpenSSL dgst command can be used. +This overrides the digest algorithm specified in +the configuration file.

    +

    Some public key algorithms may override this choice. For instance, DSA +signatures always use SHA1, GOST R 34.10 signatures always use +GOST R 34.11-94 (-md_gost94), Ed25519 and Ed448 never use any digest.

    +
    +
    -config filename
    + +
    +

    This allows an alternative configuration file to be specified. +Optional; for a description of the default value, +see openssl(1)/COMMAND SUMMARY.

    +
    +
    -subj arg
    + +
    +

    Sets subject name for new request or supersedes the subject name +when processing a request. +The arg must be formatted as /type0=value0/type1=value1/type2=.... +Keyword characters may be escaped by \ (backslash), and whitespace is retained. +Empty values are permitted, but the corresponding type will not be included +in the request.

    +
    +
    -multivalue-rdn
    + +
    +

    This option causes the -subj argument to be interpreted with full +support for multivalued RDNs. Example:

    +

    /DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe

    +

    If -multi-rdn is not used then the UID value is 123456+CN=John Doe.

    +
    +
    -x509
    + +
    +

    This option outputs a self signed certificate instead of a certificate +request. This is typically used to generate a test certificate or +a self signed root CA. The extensions added to the certificate +(if any) are specified in the configuration file. Unless specified +using the -set_serial option, a large random number will be used for +the serial number.

    +

    If existing request is specified with the -in option, it is converted +to the self signed certificate otherwise new request is created.

    +
    +
    -days n
    + +
    +

    When the -x509 option is being used this specifies the number of +days to certify the certificate for, otherwise it is ignored. n should +be a positive integer. The default is 30 days.

    +
    +
    -set_serial n
    + +
    +

    Serial number to use when outputting a self signed certificate. This +may be specified as a decimal value or a hex value if preceded by 0x.

    +
    +
    -addext ext
    + +
    +

    Add a specific extension to the certificate (if the -x509 option is +present) or certificate request. The argument must have the form of +a key=value pair as it would appear in a config file.

    +

    This option can be given multiple times.

    +
    +
    -extensions section
    + +
    -reqexts section
    + +
    +

    These options specify alternative sections to include certificate +extensions (if the -x509 option is present) or certificate +request extensions. This allows several different sections to +be used in the same configuration file to specify requests for +a variety of purposes.

    +
    +
    -precert
    + +
    +

    A poison extension will be added to the certificate, making it a +"pre-certificate" (see RFC6962). This can be submitted to Certificate +Transparency logs in order to obtain signed certificate timestamps (SCTs). +These SCTs can then be embedded into the pre-certificate as an extension, before +removing the poison and signing the certificate.

    +

    This implies the -new flag.

    +
    +
    -utf8
    + +
    +

    This option causes field values to be interpreted as UTF8 strings, by +default they are interpreted as ASCII. This means that the field +values, whether prompted from a terminal or obtained from a +configuration file, must be valid UTF8 strings.

    +
    +
    -reqopt option
    + +
    +

    Customise the output format used with -text. The option argument can be +a single option or multiple options separated by commas.

    +

    See discussion of the -certopt parameter in the openssl-x509(1) +command.

    +
    +
    -newhdr
    + +
    +

    Adds the word NEW to the PEM file header and footer lines on the outputted +request. Some software (Netscape certificate server) and some CAs need this.

    +
    +
    -batch
    + +
    +

    Non-interactive mode.

    +
    +
    -verbose
    + +
    +

    Print extra details about the operations being performed.

    +
    +
    -keygen_engine id
    + +
    +

    Specifies an engine (by its unique id string) which would be used +for key generation operations.

    +
    +
    -sm2-id
    + +
    +

    Specify the ID string to use when verifying an SM2 certificate request. The ID +string is required by the SM2 signature algorithm for signing and verification.

    +
    +
    -sm2-hex-id
    + +
    +

    Specify a binary ID string to use when verifying an SM2 certificate request. The +argument for this option is string of hexadecimal digits.

    +
    +
    -nameopt option
    + +
    +

    This specifies how the subject or issuer names are displayed. +See openssl(1)/Name Format Options for details.

    +
    +
    -rand files, -writerand file
    + +
    +

    See openssl(1)/Random State Options for details.

    +
    +
    -engine id
    + +
    +

    See openssl(1)/Engine Options.

    +
    +
    +

    +

    +
    +

    CONFIGURATION FILE FORMAT

    +

    The configuration options are specified in the req section of +the configuration file. As with all configuration files if no +value is specified in the specific section (i.e. req) then +the initial unnamed or default section is searched too.

    +

    The options available are described in detail below.

    +
    +
    input_password output_password
    + +
    +

    The passwords for the input private key file (if present) and +the output private key file (if one will be created). The +command line options passin and passout override the +configuration file values.

    +
    +
    default_bits
    + +
    +

    Specifies the default key size in bits.

    +

    This option is used in conjunction with the -new option to generate +a new key. It can be overridden by specifying an explicit key size in +the -newkey option. The smallest accepted key size is 512 bits. If +no key size is specified then 2048 bits is used.

    +
    +
    default_keyfile
    + +
    +

    This is the default filename to write a private key to. If not +specified the key is written to standard output. This can be +overridden by the -keyout option.

    +
    +
    oid_file
    + +
    +

    This specifies a file containing additional OBJECT IDENTIFIERS. +Each line of the file should consist of the numerical form of the +object identifier followed by white space then the short name followed +by white space and finally the long name.

    +
    +
    oid_section
    + +
    +

    This specifies a section in the configuration file containing extra +object identifiers. Each line should consist of the short name of the +object identifier followed by = and the numerical form. The short +and long names are the same when this option is used.

    +
    +
    RANDFILE
    + +
    +

    At startup the specified file is loaded into the random number generator, +and at exit 256 bytes will be written to it. +It is used for private key generation.

    +
    +
    encrypt_key
    + +
    +

    If this is set to no then if a private key is generated it is +not encrypted. This is equivalent to the -nodes command line +option. For compatibility encrypt_rsa_key is an equivalent option.

    +
    +
    default_md
    + +
    +

    This option specifies the digest algorithm to use. Any digest supported by the +OpenSSL dgst command can be used. This option can be overridden on the +command line. Certain signing algorithms (i.e. Ed25519 and Ed448) will ignore +any digest that has been set.

    +
    +
    string_mask
    + +
    +

    This option masks out the use of certain string types in certain +fields. Most users will not need to change this option.

    +

    It can be set to several values default which is also the default +option uses PrintableStrings, T61Strings and BMPStrings if the +pkix value is used then only PrintableStrings and BMPStrings will +be used. This follows the PKIX recommendation in RFC2459. If the +utf8only option is used then only UTF8Strings will be used: this +is the PKIX recommendation in RFC2459 after 2003. Finally the nombstr +option just uses PrintableStrings and T61Strings: certain software has +problems with BMPStrings and UTF8Strings: in particular Netscape.

    +
    +
    req_extensions
    + +
    +

    This specifies the configuration file section containing a list of +extensions to add to the certificate request. It can be overridden +by the -reqexts command line switch. See the +x509v3_config(5) manual page for details of the +extension section format.

    +
    +
    x509_extensions
    + +
    +

    This specifies the configuration file section containing a list of +extensions to add to certificate generated when the -x509 switch +is used. It can be overridden by the -extensions command line switch.

    +
    +
    prompt
    + +
    +

    If set to the value no this disables prompting of certificate fields +and just takes values from the config file directly. It also changes the +expected format of the distinguished_name and attributes sections.

    +
    +
    utf8
    + +
    +

    If set to the value yes then field values to be interpreted as UTF8 +strings, by default they are interpreted as ASCII. This means that +the field values, whether prompted from a terminal or obtained from a +configuration file, must be valid UTF8 strings.

    +
    +
    attributes
    + +
    +

    This specifies the section containing any request attributes: its format +is the same as distinguished_name. Typically these may contain the +challengePassword or unstructuredName types. They are currently ignored +by OpenSSL's request signing utilities but some CAs might want them.

    +
    +
    distinguished_name
    + +
    +

    This specifies the section containing the distinguished name fields to +prompt for when generating a certificate or certificate request. The format +is described in the next section.

    +
    +
    +

    +

    +
    +

    DISTINGUISHED NAME AND ATTRIBUTE SECTION FORMAT

    +

    There are two separate formats for the distinguished name and attribute +sections. If the prompt option is set to no then these sections +just consist of field names and values: for example,

    +
    + CN=My Name
+ OU=My Organization
+ emailAddress=someone@somewhere.org
    +

    This allows external programs (e.g. GUI based) to generate a template file with +all the field names and values and just pass it to this command. An example +of this kind of configuration file is contained in the EXAMPLES section.

    +

    Alternatively if the prompt option is absent or not set to no then the +file contains field prompting information. It consists of lines of the form:

    +
    + fieldName="prompt"
+ fieldName_default="default field value"
+ fieldName_min= 2
+ fieldName_max= 4
    +

    "fieldName" is the field name being used, for example commonName (or CN). +The "prompt" string is used to ask the user to enter the relevant +details. If the user enters nothing then the default value is used if no +default value is present then the field is omitted. A field can +still be omitted if a default value is present if the user just +enters the '.' character.

    +

    The number of characters entered must be between the fieldName_min and +fieldName_max limits: there may be additional restrictions based +on the field being used (for example countryName can only ever be +two characters long and must fit in a PrintableString).

    +

    Some fields (such as organizationName) can be used more than once +in a DN. This presents a problem because configuration files will +not recognize the same name occurring twice. To avoid this problem +if the fieldName contains some characters followed by a full stop +they will be ignored. So for example a second organizationName can +be input by calling it "1.organizationName".

    +

    The actual permitted field names are any object identifier short or +long names. These are compiled into OpenSSL and include the usual +values such as commonName, countryName, localityName, organizationName, +organizationalUnitName, stateOrProvinceName. Additionally emailAddress +is included as well as name, surname, givenName, initials, and dnQualifier.

    +

    Additional object identifiers can be defined with the oid_file or +oid_section options in the configuration file. Any additional fields +will be treated as though they were a DirectoryString.

    +

    +

    +
    +

    EXAMPLES

    +

    Examine and verify certificate request:

    +
    + openssl req -in req.pem -text -verify -noout
    +

    Create a private key and then generate a certificate request from it:

    +
    + openssl genrsa -out key.pem 2048
+ openssl req -new -key key.pem -out req.pem
    +

    The same but just using req:

    +
    + openssl req -newkey rsa:2048 -keyout key.pem -out req.pem
    +

    Generate a self signed root certificate:

    +
    + openssl req -x509 -newkey rsa:2048 -keyout key.pem -out req.pem
    +

    Create an SM2 private key and then generate a certificate request from it:

    +
    + openssl ecparam -genkey -name SM2 -out sm2.key
+ openssl req -new -key sm2.key -out sm2.csr -sm3 -sigopt "sm2_id:1234567812345678"
    +

    Examine and verify an SM2 certificate request:

    +
    + openssl req -verify -in sm2.csr -sm3 -sm2-id 1234567812345678
    +

    Example of a file pointed to by the oid_file option:

    +
    + 1.2.3.4        shortName       A longer Name
+ 1.2.3.6        otherName       Other longer Name
    +

    Example of a section pointed to by oid_section making use of variable +expansion:

    +
    + testoid1=1.2.3.5
+ testoid2=${testoid1}.6
    +

    Sample configuration file prompting for field values:

    +
    + [ req ]
+ default_bits           = 2048
+ default_keyfile        = privkey.pem
+ distinguished_name     = req_distinguished_name
+ attributes             = req_attributes
+ req_extensions         = v3_ca
    +
    + dirstring_type = nobmp
    +
    + [ req_distinguished_name ]
+ countryName                    = Country Name (2 letter code)
+ countryName_default            = AU
+ countryName_min                = 2
+ countryName_max                = 2
    +
    + localityName                   = Locality Name (eg, city)
    +
    + organizationalUnitName         = Organizational Unit Name (eg, section)
    +
    + commonName                     = Common Name (eg, YOUR name)
+ commonName_max                 = 64
    +
    + emailAddress                   = Email Address
+ emailAddress_max               = 40
    +
    + [ req_attributes ]
+ challengePassword              = A challenge password
+ challengePassword_min          = 4
+ challengePassword_max          = 20
    +
    + [ v3_ca ]
    +
    + subjectKeyIdentifier=hash
+ authorityKeyIdentifier=keyid:always,issuer:always
+ basicConstraints = critical, CA:true
    +

    Sample configuration containing all field values:

    +
    + [ req ]
+ default_bits           = 2048
+ default_keyfile        = keyfile.pem
+ distinguished_name     = req_distinguished_name
+ attributes             = req_attributes
+ prompt                 = no
+ output_password        = mypass
    +
    + [ req_distinguished_name ]
+ C                      = GB
+ ST                     = Test State or Province
+ L                      = Test Locality
+ O                      = Organization Name
+ OU                     = Organizational Unit Name
+ CN                     = Common Name
+ emailAddress           = test@email.address
    +
    + [ req_attributes ]
+ challengePassword              = A challenge password
    +

    Example of giving the most common attributes (subject and extensions) +on the command line:

    +
    + openssl req -new -subj "/C=GB/CN=foo" \
+                  -addext "subjectAltName = DNS:foo.co.uk" \
+                  -addext "certificatePolicies = 1.2.3.4" \
+                  -newkey rsa:2048 -keyout key.pem -out req.pem
    +

    +

    +
    +

    NOTES

    +

    The certificate requests generated by Xenroll with MSIE have extensions +added. It includes the keyUsage extension which determines the type of +key (signature only or general purpose) and any additional OIDs entered +by the script in an extendedKeyUsage extension.

    +

    +

    +
    +

    DIAGNOSTICS

    +

    The following messages are frequently asked about:

    +
    +        Using configuration from /some/path/openssl.cnf
+        Unable to load config info
    +

    This is followed some time later by:

    +
    +        unable to find 'distinguished_name' in config
+        problems making Certificate Request
    +

    The first error message is the clue: it can't find the configuration +file! Certain operations (like examining a certificate request) don't +need a configuration file so its use isn't enforced. Generation of +certificates or requests however does need a configuration file. This +could be regarded as a bug.

    +

    Another puzzling message is this:

    +
    +        Attributes:
+            a0:00
    +

    this is displayed when no attributes are present and the request includes +the correct empty SET OF structure (the DER encoding of which is 0xa0 +0x00). If you just see:

    +
    +        Attributes:
    +

    then the SET OF is missing and the encoding is technically invalid (but +it is tolerated). See the description of the command line option -asn1-kludge +for more information.

    +

    +

    +
    +

    BUGS

    +

    OpenSSL's handling of T61Strings (aka TeletexStrings) is broken: it effectively +treats them as ISO-8859-1 (Latin 1), Netscape and MSIE have similar behaviour. +This can cause problems if you need characters that aren't available in +PrintableStrings and you don't want to or can't use BMPStrings.

    +

    As a consequence of the T61String handling the only correct way to represent +accented characters in OpenSSL is to use a BMPString: unfortunately Netscape +currently chokes on these. If you have to use accented characters with Netscape +and MSIE then you currently need to use the invalid T61String form.

    +

    The current prompting is not very friendly. It doesn't allow you to confirm what +you've just entered. Other things like extensions in certificate requests are +statically defined in the configuration file. Some of these: like an email +address in subjectAltName should be input by the user.

    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +openssl-x509(1), +openssl-ca(1), +openssl-genrsa(1), +openssl-gendsa(1), +config(5), +x509v3_config(5)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-rsa.html b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-rsa.html new file mode 100755 index 0000000..75fc12e --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-rsa.html @@ -0,0 +1,240 @@ + + + + +openssl-rsa + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    openssl-rsa - RSA key processing tool

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl rsa +[-help] +[-inform DER|PEM] +[-outform DER|PEM] +[-in filename] +[-passin arg] +[-out filename] +[-passout arg] +[-aes128] +[-aes192] +[-aes256] +[-aria128] +[-aria192] +[-aria256] +[-camellia128] +[-camellia192] +[-camellia256] +[-des] +[-des3] +[-idea] +[-text] +[-noout] +[-modulus] +[-check] +[-pubin] +[-pubout] +[-RSAPublicKey_in] +[-RSAPublicKey_out] +[-engine id]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command has been deprecated. +The openssl-pkey(1) command should be used instead.

    +

    This command processes RSA keys. They can be converted between +various forms and their components printed out. Note this command uses the +traditional SSLeay compatible format for private key encryption: newer +applications should use the more secure PKCS#8 format using the +openssl-pkcs8(1) command.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -inform DER|PEM, -outform DER|PEM
    + +
    +

    The input and formats; the default is PEM. +See openssl(1)/Format Options for details.

    +
    +
    -inform DER|PEM
    + +
    +

    The data is a PKCS#1 RSAPrivateKey or SubjectPublicKey object. +On input, PKCS#8 format private keys are also accepted.

    +
    +
    -in filename
    + +
    +

    This specifies the input filename to read a key from or standard input if this +option is not specified. If the key is encrypted a pass phrase will be +prompted for.

    +
    +
    -passin arg, -passout arg
    + +
    +

    The password source for the input and output file. +For more information about the format of arg +see openssl(1)/Pass Phrase Options.

    +
    +
    -out filename
    + +
    +

    This specifies the output filename to write a key to or standard output if this +option is not specified. If any encryption options are set then a pass phrase +will be prompted for. The output filename should not be the same as the input +filename.

    +
    +
    -aes128, -aes192, -aes256, -aria128, -aria192, -aria256, -camellia128, -camellia192, -camellia256, -des, -des3, -idea
    + +
    +

    These options encrypt the private key with the specified +cipher before outputting it. A pass phrase is prompted for. +If none of these options is specified the key is written in plain text. This +means that this command can be used to remove the pass phrase from a key +by not giving any encryption option is given, or to add or change the pass +phrase by setting them. +These options can only be used with PEM format output files.

    +
    +
    -text
    + +
    +

    Prints out the various public or private key components in +plain text in addition to the encoded version.

    +
    +
    -noout
    + +
    +

    This option prevents output of the encoded version of the key.

    +
    +
    -modulus
    + +
    +

    This option prints out the value of the modulus of the key.

    +
    +
    -check
    + +
    +

    This option checks the consistency of an RSA private key.

    +
    +
    -pubin
    + +
    +

    By default a private key is read from the input file: with this +option a public key is read instead.

    +
    +
    -pubout
    + +
    +

    By default a private key is output: with this option a public +key will be output instead. This option is automatically set if +the input is a public key.

    +
    +
    -RSAPublicKey_in, -RSAPublicKey_out
    + +
    +

    Like -pubin and -pubout except RSAPublicKey format is used instead.

    +
    +
    -engine id
    + +
    +

    See openssl(1)/Engine Options.

    +
    +
    +

    +

    +
    +

    EXAMPLES

    +

    Examples equivalent to these can be found in the documentation for the +non-deprecated openssl-pkey(1) command.

    +

    To remove the pass phrase on an RSA private key:

    +
    + openssl rsa -in key.pem -out keyout.pem
    +

    To encrypt a private key using triple DES:

    +
    + openssl rsa -in key.pem -des3 -out keyout.pem
    +

    To convert a private key from PEM to DER format:

    +
    + openssl rsa -in key.pem -outform DER -out keyout.der
    +

    To print out the components of a private key to standard output:

    +
    + openssl rsa -in key.pem -text -noout
    +

    To just output the public part of a private key:

    +
    + openssl rsa -in key.pem -pubout -out pubkey.pem
    +

    Output the public part of a private key in RSAPublicKey format:

    +
    + openssl rsa -in key.pem -RSAPublicKey_out -out pubkey.pem
    +

    +

    +
    +

    BUGS

    +

    There should be an option that automatically handles .key files, +without having to manually edit them.

    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +openssl-pkey(1), +openssl-pkcs8(1), +openssl-dsa(1), +openssl-genrsa(1), +openssl-gendsa(1)

    +

    +

    +
    +

    HISTORY

    +

    This command was deprecated in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-rsautl.html b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-rsautl.html new file mode 100755 index 0000000..78f2685 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-rsautl.html @@ -0,0 +1,294 @@ + + + + +openssl-rsautl + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    openssl-rsautl - RSA utility

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl rsautl +[-help] +[-in file] +[-passin arg] +[-rev] +[-out file] +[-inkey file] +[-keyform DER|PEM|ENGINE] +[-pubin] +[-certin] +[-sign] +[-verify] +[-encrypt] +[-decrypt] +[-pkcs] +[-x931] +[-oaep] +[-ssl] +[-raw] +[-pkcs] +[-ssl] +[-raw] +[-hexdump] +[-asn1parse] +[-engine id] +[-rand files] +[-writerand file]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command has been deprecated. +The openssl-pkeyutl(1) command should be used instead.

    +

    This command can be used to sign, verify, encrypt and decrypt +data using the RSA algorithm.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -in filename
    + +
    +

    This specifies the input filename to read data from or standard input +if this option is not specified.

    +
    +
    -passin arg
    + +
    +

    The passphrase used in the output file. +See see openssl(1)/Pass Phrase Options.

    +
    +
    -rev
    + +
    +

    Reverse the order of the input.

    +
    +
    -out filename
    + +
    +

    Specifies the output filename to write to or standard output by +default.

    +
    +
    -inkey file
    + +
    +

    The input key file, by default it should be an RSA private key.

    +
    +
    -keyform DER|PEM|ENGINE
    + +
    +

    The key format; the default is PEM. +See openssl(1)/Format Options for details.

    +
    +
    -pubin
    + +
    +

    The input file is an RSA public key.

    +
    +
    -certin
    + +
    +

    The input is a certificate containing an RSA public key.

    +
    +
    -sign
    + +
    +

    Sign the input data and output the signed result. This requires +an RSA private key.

    +
    +
    -verify
    + +
    +

    Verify the input data and output the recovered data.

    +
    +
    -encrypt
    + +
    +

    Encrypt the input data using an RSA public key.

    +
    +
    -decrypt
    + +
    +

    Decrypt the input data using an RSA private key.

    +
    +
    -pkcs, -oaep, -x931 -ssl, -raw
    + +
    +

    The padding to use: PKCS#1 v1.5 (the default), PKCS#1 OAEP, +ANSI X9.31, +special padding used in SSL v2 backwards compatible handshakes, +or no padding, respectively. +For signatures, only -pkcs and -raw can be used.

    +
    +
    -hexdump
    + +
    +

    Hex dump the output data.

    +
    +
    -asn1parse
    + +
    +

    Parse the ASN.1 output data, this is useful when combined with the +-verify option.

    +
    +
    -engine id
    + +
    +

    See openssl(1)/Engine Options.

    +
    +
    -rand files, -writerand file
    + +
    +

    See openssl(1)/Random State Options for details.

    +
    +
    +

    +

    +
    +

    NOTES

    +

    Since this command uses the RSA algorithm directly, it can only be +used to sign or verify small pieces of data.

    +

    +

    +
    +

    EXAMPLES

    +

    Examples equivalent to these can be found in the documentation for the +non-deprecated openssl-pkeyutl(1) command.

    +

    Sign some data using a private key:

    +
    + openssl rsautl -sign -in file -inkey key.pem -out sig
    +

    Recover the signed data

    +
    + openssl rsautl -verify -in sig -inkey key.pem
    +

    Examine the raw signed data:

    +
    + openssl rsautl -verify -in sig -inkey key.pem -raw -hexdump
    +
    + 0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+ 0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+ 0020 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+ 0030 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+ 0040 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+ 0050 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+ 0060 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+ 0070 - ff ff ff ff 00 68 65 6c-6c 6f 20 77 6f 72 6c 64   .....hello world
    +

    The PKCS#1 block formatting is evident from this. If this was done using +encrypt and decrypt the block would have been of type 2 (the second byte) +and random padding data visible instead of the 0xff bytes.

    +

    It is possible to analyse the signature of certificates using this +utility in conjunction with openssl-asn1parse(1). Consider the self signed +example in certs/pca-cert.pem. Running openssl-asn1parse(1) as follows +yields:

    +
    + openssl asn1parse -in pca-cert.pem
    +
    +    0:d=0  hl=4 l= 742 cons: SEQUENCE
+    4:d=1  hl=4 l= 591 cons:  SEQUENCE
+    8:d=2  hl=2 l=   3 cons:   cont [ 0 ]
+   10:d=3  hl=2 l=   1 prim:    INTEGER           :02
+   13:d=2  hl=2 l=   1 prim:   INTEGER           :00
+   16:d=2  hl=2 l=  13 cons:   SEQUENCE
+   18:d=3  hl=2 l=   9 prim:    OBJECT            :md5WithRSAEncryption
+   29:d=3  hl=2 l=   0 prim:    NULL
+   31:d=2  hl=2 l=  92 cons:   SEQUENCE
+   33:d=3  hl=2 l=  11 cons:    SET
+   35:d=4  hl=2 l=   9 cons:     SEQUENCE
+   37:d=5  hl=2 l=   3 prim:      OBJECT            :countryName
+   42:d=5  hl=2 l=   2 prim:      PRINTABLESTRING   :AU
+  ....
+  599:d=1  hl=2 l=  13 cons:  SEQUENCE
+  601:d=2  hl=2 l=   9 prim:   OBJECT            :md5WithRSAEncryption
+  612:d=2  hl=2 l=   0 prim:   NULL
+  614:d=1  hl=3 l= 129 prim:  BIT STRING
    +

    The final BIT STRING contains the actual signature. It can be extracted with:

    +
    + openssl asn1parse -in pca-cert.pem -out sig -noout -strparse 614
    +

    The certificate public key can be extracted with:

    +
    + openssl x509 -in test/testx509.pem -pubkey -noout >pubkey.pem
    +

    The signature can be analysed with:

    +
    + openssl rsautl -in sig -verify -asn1parse -inkey pubkey.pem -pubin
    +
    +    0:d=0  hl=2 l=  32 cons: SEQUENCE
+    2:d=1  hl=2 l=  12 cons:  SEQUENCE
+    4:d=2  hl=2 l=   8 prim:   OBJECT            :md5
+   14:d=2  hl=2 l=   0 prim:   NULL
+   16:d=1  hl=2 l=  16 prim:  OCTET STRING
+      0000 - f3 46 9e aa 1a 4a 73 c9-37 ea 93 00 48 25 08 b5   .F...Js.7...H%..
    +

    This is the parsed version of an ASN1 DigestInfo structure. It can be seen that +the digest used was md5. The actual part of the certificate that was signed can +be extracted with:

    +
    + openssl asn1parse -in pca-cert.pem -out tbs -noout -strparse 4
    +

    and its digest computed with:

    +
    + openssl md5 -c tbs
+ MD5(tbs)= f3:46:9e:aa:1a:4a:73:c9:37:ea:93:00:48:25:08:b5
    +

    which it can be seen agrees with the recovered value above.

    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +openssl-pkeyutl(1), +openssl-dgst(1), +openssl-rsa(1), +openssl-genrsa(1)

    +

    +

    +
    +

    HISTORY

    +

    This command was deprecated in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-s_client.html b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-s_client.html new file mode 100755 index 0000000..bf37ab7 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-s_client.html @@ -0,0 +1,1135 @@ + + + + +openssl-s_client + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    openssl-s_client - SSL/TLS client program

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl s_client +[-help] +[-ssl_config section] +[-connect host:port] +[-host hostname] +[-port port] +[-bind host:port] +[-proxy host:port] +[-proxy_user userid] +[-proxy_pass arg] +[-unix path] +[-4] +[-6] +[-servername name] +[-noservername] +[-verify depth] +[-verify_return_error] +[-verify_quiet] +[-verifyCAfile filename] +[-verifyCApath dir] +[-verifyCAstore uri] +[-cert filename] +[-certform DER|PEM] +[-CRL filename] +[-CRLform DER|PEM] +[-crl_download] +[-key filename] +[-keyform DER|PEM] +[-cert_chain filename] +[-build_chain] +[-pass arg] +[-chainCApath directory] +[-chainCAfile filename] +[-chainCAstore uri] +[-requestCAfile filename] +[-dane_tlsa_domain domain] +[-dane_tlsa_rrdata rrdata] +[-dane_ee_no_namechecks] +[-build_chain] +[-reconnect] +[-showcerts] +[-prexit] +[-debug] +[-trace] +[-nocommands] +[-security_debug] +[-security_debug_verbose] +[-msg] +[-timeout] +[-mtu size] +[-keymatexport label] +[-keymatexportlen len] +[-msgfile filename] +[-nbio_test] +[-state] +[-nbio] +[-crlf] +[-ign_eof] +[-no_ign_eof] +[-psk_identity identity] +[-psk key] +[-psk_session file] +[-quiet] +[-sctp] +[-sctp_label_bug] +[-fallback_scsv] +[-async] +[-maxfraglen len] +[-max_send_frag] +[-split_send_frag] +[-max_pipelines] +[-read_buf] +[-bugs] +[-comp] +[-no_comp] +[-brief] +[-allow_no_dhe_kex] +[-sigalgs sigalglist] +[-curves curvelist] +[-cipher cipherlist] +[-ciphersuites val] +[-serverpref] +[-starttls protocol] +[-name hostname] +[-xmpphost hostname] +[-name hostname] +[-tlsextdebug] +[-no_ticket] +[-sess_out filename] +[-serverinfo types] +[-sess_in filename] +[-serverinfo types] +[-status] +[-alpn protocols] +[-nextprotoneg protocols] +[-ct] +[-noct] +[-ctlogfile] +[-keylogfile file] +[-early_data file] +[-enable_pha] +[-use_srtp value] +[-srpuser value] +[-srppass value] +[-srp_lateuser] +[-srp_moregroups] +[-srp_strength number] +[-nameopt option] +[-no_ssl3] +[-no_tls1] +[-no_tls1_1] +[-no_tls1_2] +[-no_tls1_3] +[-ssl3] +[-tls1] +[-tls1_1] +[-tls1_2] +[-tls1_3] +[-dtls] +[-dtls1] +[-dtls1_2] +[-xkey] infile +[-xcert file] +[-xchain] file +[-xchain_build] file +[-xcertform DER|PEM]> +[-xkeyform DER|PEM]> +[-CAfile file] +[-no-CAfile] +[-CApath dir] +[-no-CApath] +[-CAstore uri] +[-no-CAstore] +[-bugs] +[-no_comp] +[-comp] +[-no_ticket] +[-serverpref] +[-legacy_renegotiation] +[-no_renegotiation] +[-no_resumption_on_reneg] +[-legacy_server_connect] +[-no_legacy_server_connect] +[-allow_no_dhe_kex] +[-prioritize_chacha] +[-strict] +[-sigalgs algs] +[-client_sigalgs algs] +[-groups groups] +[-curves curves] +[-named_curve curve] +[-cipher ciphers] +[-ciphersuites 1.3ciphers] +[-min_protocol minprot] +[-max_protocol maxprot] +[-record_padding padding] +[-debug_broken_protocol] +[-no_middlebox] +[-rand files] +[-writerand file] +[-engine id] +[-ssl_client_engine id] +[-allow_proxy_certs] +[-attime timestamp] +[-no_check_time] +[-check_ss_sig] +[-crl_check] +[-crl_check_all] +[-explicit_policy] +[-extended_crl] +[-ignore_critical] +[-inhibit_any] +[-inhibit_map] +[-partial_chain] +[-policy arg] +[-policy_check] +[-policy_print] +[-purpose purpose] +[-suiteB_128] +[-suiteB_128_only] +[-suiteB_192] +[-trusted_first] +[-no_alt_chains] +[-use_deltas] +[-auth_level num] +[-verify_depth num] +[-verify_email email] +[-verify_hostname hostname] +[-verify_ip ip] +[-verify_name name] +[-x509_strict] +[-issuer_checks]

    +

    [host:port]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command implements a generic SSL/TLS client which +connects to a remote host using SSL/TLS. It is a very useful diagnostic +tool for SSL servers.

    +

    +

    +
    +

    OPTIONS

    +

    In addition to the options below, this command also supports the +common and client only options documented +in the "Supported Command Line Commands" section of the SSL_CONF_cmd(3) +manual page.

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -ssl_config section
    + +
    +

    Use the specified section of the configuration file to configure the SSL_CTX object.

    +
    +
    -connect host:port
    + +
    +

    This specifies the host and optional port to connect to. It is possible to +select the host and port using the optional target positional argument instead. +If neither this nor the target positional argument are specified then an attempt +is made to connect to the local host on port 4433.

    +
    +
    -host hostname
    + +
    +

    Host to connect to; use -connect instead.

    +
    +
    -port port
    + +
    +

    Connect to the specified port; use -connect instead.

    +
    +
    -bind host:port
    + +
    +

    This specifies the host address and or port to bind as the source for the +connection. For Unix-domain sockets the port is ignored and the host is +used as the source socket address.

    +
    +
    -proxy host:port
    + +
    +

    When used with the -connect flag, the program uses the host and port +specified with this flag and issues an HTTP CONNECT command to connect +to the desired server.

    +
    +
    -proxy_user userid
    + +
    +

    When used with the -proxy flag, the program will attempt to authenticate +with the specified proxy using basic (base64) authentication. +NB: Basic authentication is insecure; the credentials are sent to the proxy +in easily reversible base64 encoding before any TLS/SSL session is established. +Therefore these credentials are easily recovered by anyone able to sniff/trace +the network. Use with caution.

    +
    +
    -proxy_pass arg
    + +
    +

    The proxy password source, used with the -proxy_user flag. +For more information about the format of arg +see openssl(1)/Pass Phrase Options.

    +
    +
    -unix path
    + +
    +

    Connect over the specified Unix-domain socket.

    +
    +
    -4
    + +
    +

    Use IPv4 only.

    +
    +
    -6
    + +
    +

    Use IPv6 only.

    +
    +
    -servername name
    + +
    +

    Set the TLS SNI (Server Name Indication) extension in the ClientHello message to +the given value. +If -servername is not provided, the TLS SNI extension will be populated with +the name given to -connect if it follows a DNS name format. If -connect is +not provided either, the SNI is set to "localhost". +This is the default since OpenSSL 1.1.1.

    +

    Even though SNI should normally be a DNS name and not an IP address, if +-servername is provided then that name will be sent, regardless of whether +it is a DNS name or not.

    +

    This option cannot be used in conjunction with -noservername.

    +
    +
    -noservername
    + +
    +

    Suppresses sending of the SNI (Server Name Indication) extension in the +ClientHello message. Cannot be used in conjunction with the -servername or +<-dane_tlsa_domain> options.

    +
    +
    -cert certname
    + +
    +

    The certificate to use, if one is requested by the server. The default is +not to use a certificate.

    +
    +
    -certform format
    + +
    +

    The certificate format to use: DER or PEM. PEM is the default.

    +
    +
    -CRL filename
    + +
    +

    CRL file to use to check the server's certificate.

    +
    +
    -CRLform DER|PEM
    + +
    +

    The CRL format; the default is PEM. +See openssl(1)/Format Options for details.

    +
    +
    -crl_download
    + +
    +

    Download CRL from distribution points in the certificate.

    +
    +
    -key keyfile
    + +
    +

    The private key to use. If not specified then the certificate file will +be used.

    +
    +
    -keyform format
    + +
    +

    The key format; the default is PEM. +See openssl(1)/Format Options for details.

    +
    +
    -cert_chain
    + +
    +

    A file containing trusted certificates to use when attempting to build the +client/server certificate chain related to the certificate specified via the +-cert option.

    +
    +
    -build_chain
    + +
    +

    Specify whether the application should build the certificate chain to be +provided to the server.

    +
    +
    -pass arg
    + +
    +

    the private key password source. For more information about the format of arg +see openssl(1)/Pass phrase options.

    +
    +
    -verify depth
    + +
    +

    The verify depth to use. This specifies the maximum length of the +server certificate chain and turns on server certificate verification. +Currently the verify operation continues after errors so all the problems +with a certificate chain can be seen. As a side effect the connection +will never fail due to a server certificate verify failure.

    +
    +
    -verify_return_error
    + +
    +

    Return verification errors instead of continuing. This will typically +abort the handshake with a fatal error.

    +
    +
    -verify_quiet
    + +
    +

    Limit verify output to only errors.

    +
    +
    -verifyCAfile filename
    + +
    +

    CA file for verifying the server's certificate, in PEM format.

    +
    +
    -verifyCApath dir
    + +
    +

    Use the specified directory as a certificate store path to verify +the server's CA certificate.

    +
    +
    -verifyCAstore uri
    + +
    +

    Use the specified URI as a store URI to verify the server's certificate.

    +
    +
    -chainCApath directory
    + +
    +

    The directory to use for building the chain provided to the server. This +directory must be in "hash format", see openssl-verify(1) for more +information.

    +
    +
    -chainCAfile file
    + +
    +

    A file containing trusted certificates to use when attempting to build the +client certificate chain.

    +
    +
    -chainCAstore uri
    + +
    +

    The URI to use when attempting to build the client certificate chain.

    +
    +
    -requestCAfile file
    + +
    +

    A file containing a list of certificates whose subject names will be sent +to the server in the certificate_authorities extension. Only supported +for TLS 1.3

    +
    +
    -dane_tlsa_domain domain
    + +
    +

    Enable RFC6698/RFC7671 DANE TLSA authentication and specify the +TLSA base domain which becomes the default SNI hint and the primary +reference identifier for hostname checks. This must be used in +combination with at least one instance of the -dane_tlsa_rrdata +option below.

    +

    When DANE authentication succeeds, the diagnostic output will include +the lowest (closest to 0) depth at which a TLSA record authenticated +a chain certificate. When that TLSA record is a "2 1 0" trust +anchor public key that signed (rather than matched) the top-most +certificate of the chain, the result is reported as "TA public key +verified". Otherwise, either the TLSA record "matched TA certificate" +at a positive depth or else "matched EE certificate" at depth 0.

    +
    +
    -dane_tlsa_rrdata rrdata
    + +
    +

    Use one or more times to specify the RRDATA fields of the DANE TLSA +RRset associated with the target service. The rrdata value is +specified in "presentation form", that is four whitespace separated +fields that specify the usage, selector, matching type and associated +data, with the last of these encoded in hexadecimal. Optional +whitespace is ignored in the associated data field. For example:

    +
    +  $ openssl s_client -brief -starttls smtp \
+    -connect smtp.example.com:25 \
+    -dane_tlsa_domain smtp.example.com \
+    -dane_tlsa_rrdata "2 1 1
+      B111DD8A1C2091A89BD4FD60C57F0716CCE50FEEFF8137CDBEE0326E 02CF362B" \
+    -dane_tlsa_rrdata "2 1 1
+      60B87575447DCBA2A36B7D11AC09FB24A9DB406FEE12D2CC90180517 616E8A18"
+  ...
+  Verification: OK
+  Verified peername: smtp.example.com
+  DANE TLSA 2 1 1 ...ee12d2cc90180517616e8a18 matched TA certificate at depth 1
+  ...
    +
    +
    -dane_ee_no_namechecks
    + +
    +

    This disables server name checks when authenticating via DANE-EE(3) TLSA +records. +For some applications, primarily web browsers, it is not safe to disable name +checks due to "unknown key share" attacks, in which a malicious server can +convince a client that a connection to a victim server is instead a secure +connection to the malicious server. +The malicious server may then be able to violate cross-origin scripting +restrictions. +Thus, despite the text of RFC7671, name checks are by default enabled for +DANE-EE(3) TLSA records, and can be disabled in applications where it is safe +to do so. +In particular, SMTP and XMPP clients should set this option as SRV and MX +records already make it possible for a remote domain to redirect client +connections to any server of its choice, and in any case SMTP and XMPP clients +do not execute scripts downloaded from remote servers.

    +
    +
    -reconnect
    + +
    +

    Reconnects to the same server 5 times using the same session ID, this can +be used as a test that session caching is working.

    +
    +
    -showcerts
    + +
    +

    Displays the server certificate list as sent by the server: it only consists of +certificates the server has sent (in the order the server has sent them). It is +not a verified chain.

    +
    +
    -prexit
    + +
    +

    Print session information when the program exits. This will always attempt +to print out information even if the connection fails. Normally information +will only be printed out once if the connection succeeds. This option is useful +because the cipher in use may be renegotiated or the connection may fail +because a client certificate is required or is requested only after an +attempt is made to access a certain URL. Note: the output produced by this +option is not always accurate because a connection might never have been +established.

    +
    +
    -state
    + +
    +

    Prints out the SSL session states.

    +
    +
    -debug
    + +
    +

    Print extensive debugging information including a hex dump of all traffic.

    +
    +
    -nocommands
    + +
    +

    Do not use interactive command letters.

    +
    +
    -security_debug
    + +
    +

    Enable security debug messages.

    +
    +
    -security_debug_verbose
    + +
    +

    Output more security debug output.

    +
    +
    -msg
    + +
    +

    Show protocol messages.

    +
    +
    -timeout
    + +
    +

    Enable send/receive timeout on DTLS connections.

    +
    +
    -mtu size
    + +
    +

    Set MTU of the link layer to the specified size.

    +
    +
    -keymatexport label
    + +
    +

    Export keying material using the specified label.

    +
    +
    -keymatexportlen len
    + +
    +

    Export the specified number of bytes of keying material; default is 20.

    +

    Show all protocol messages with hex dump.

    +
    +
    -trace
    + +
    +

    Show verbose trace output of protocol messages. OpenSSL needs to be compiled +with enable-ssl-trace for this option to work.

    +
    +
    -msgfile filename
    + +
    +

    File to send output of -msg or -trace to, default standard output.

    +
    +
    -nbio_test
    + +
    +

    Tests non-blocking I/O

    +
    +
    -nbio
    + +
    +

    Turns on non-blocking I/O

    +
    +
    -crlf
    + +
    +

    This option translated a line feed from the terminal into CR+LF as required +by some servers.

    +
    +
    -ign_eof
    + +
    +

    Inhibit shutting down the connection when end of file is reached in the +input.

    +
    +
    -quiet
    + +
    +

    Inhibit printing of session and certificate information. This implicitly +turns on -ign_eof as well.

    +
    +
    -no_ign_eof
    + +
    +

    Shut down the connection when end of file is reached in the input. +Can be used to override the implicit -ign_eof after -quiet.

    +
    +
    -psk_identity identity
    + +
    +

    Use the PSK identity identity when using a PSK cipher suite. +The default value is "Client_identity" (without the quotes).

    +
    +
    -psk key
    + +
    +

    Use the PSK key key when using a PSK cipher suite. The key is +given as a hexadecimal number without leading 0x, for example -psk +1a2b3c4d. +This option must be provided in order to use a PSK cipher.

    +
    +
    -psk_session file
    + +
    +

    Use the pem encoded SSL_SESSION data stored in file as the basis of a PSK. +Note that this will only work if TLSv1.3 is negotiated.

    +
    +
    -sctp
    + +
    +

    Use SCTP for the transport protocol instead of UDP in DTLS. Must be used in +conjunction with -dtls, -dtls1 or -dtls1_2. This option is only +available where OpenSSL has support for SCTP enabled.

    +
    +
    -sctp_label_bug
    + +
    +

    Use the incorrect behaviour of older OpenSSL implementations when computing +endpoint-pair shared secrets for DTLS/SCTP. This allows communication with +older broken implementations but breaks interoperability with correct +implementations. Must be used in conjunction with -sctp. This option is only +available where OpenSSL has support for SCTP enabled.

    +
    +
    -fallback_scsv
    + +
    +

    Send TLS_FALLBACK_SCSV in the ClientHello.

    +
    +
    -async
    + +
    +

    Switch on asynchronous mode. Cryptographic operations will be performed +asynchronously. This will only have an effect if an asynchronous capable engine +is also used via the -engine option. For test purposes the dummy async engine +(dasync) can be used (if available).

    +
    +
    -maxfraglen len
    + +
    +

    Enable Maximum Fragment Length Negotiation; allowed values are +512, 1024, 2048, and 4096.

    +
    +
    -max_send_frag int
    + +
    +

    The maximum size of data fragment to send. +See SSL_CTX_set_max_send_fragment(3) for further information.

    +
    +
    -split_send_frag int
    + +
    +

    The size used to split data for encrypt pipelines. If more data is written in +one go than this value then it will be split into multiple pipelines, up to the +maximum number of pipelines defined by max_pipelines. This only has an effect if +a suitable cipher suite has been negotiated, an engine that supports pipelining +has been loaded, and max_pipelines is greater than 1. See +SSL_CTX_set_split_send_fragment(3) for further information.

    +
    +
    -max_pipelines int
    + +
    +

    The maximum number of encrypt/decrypt pipelines to be used. This will only have +an effect if an engine has been loaded that supports pipelining (e.g. the dasync +engine) and a suitable cipher suite has been negotiated. The default value is 1. +See SSL_CTX_set_max_pipelines(3) for further information.

    +
    +
    -read_buf int
    + +
    +

    The default read buffer size to be used for connections. This will only have an +effect if the buffer size is larger than the size that would otherwise be used +and pipelining is in use (see SSL_CTX_set_default_read_buffer_len(3) for +further information).

    +
    +
    -bugs
    + +
    +

    There are several known bugs in SSL and TLS implementations. Adding this +option enables various workarounds.

    +
    +
    -comp
    + +
    +

    Enables support for SSL/TLS compression. +This option was introduced in OpenSSL 1.1.0. +TLS compression is not recommended and is off by default as of +OpenSSL 1.1.0.

    +
    +
    -no_comp
    + +
    +

    Disables support for SSL/TLS compression. +TLS compression is not recommended and is off by default as of +OpenSSL 1.1.0.

    +
    +
    -brief
    + +
    +

    Only provide a brief summary of connection parameters instead of the +normal verbose output.

    +
    +
    -sigalgs sigalglist
    + +
    +

    Specifies the list of signature algorithms that are sent by the client. +The server selects one entry in the list based on its preferences. +For example strings, see SSL_CTX_set1_sigalgs(3)

    +
    +
    -curves curvelist
    + +
    +

    Specifies the list of supported curves to be sent by the client. The curve is +ultimately selected by the server. For a list of all curves, use:

    +
    +    $ openssl ecparam -list_curves
    +
    +
    -cipher cipherlist
    + +
    +

    This allows the TLSv1.2 and below cipher list sent by the client to be modified. +This list will be combined with any TLSv1.3 ciphersuites that have been +configured. Although the server determines which ciphersuite is used it should +take the first supported cipher in the list sent by the client. See +openssl-ciphers(1) for more information.

    +
    +
    -ciphersuites val
    + +
    +

    This allows the TLSv1.3 ciphersuites sent by the client to be modified. This +list will be combined with any TLSv1.2 and below ciphersuites that have been +configured. Although the server determines which cipher suite is used it should +take the first supported cipher in the list sent by the client. See +openssl-ciphers(1) for more information. The format for this list is a simple +colon (":") separated list of TLSv1.3 ciphersuite names.

    +
    +
    -starttls protocol
    + +
    +

    Send the protocol-specific message(s) to switch to TLS for communication. +protocol is a keyword for the intended protocol. Currently, the only +supported keywords are "smtp", "pop3", "imap", "ftp", "xmpp", "xmpp-server", +"irc", "postgres", "mysql", "lmtp", "nntp", "sieve" and "ldap".

    +
    +
    -xmpphost hostname
    + +
    +

    This option, when used with "-starttls xmpp" or "-starttls xmpp-server", +specifies the host for the "to" attribute of the stream element. +If this option is not specified, then the host specified with "-connect" +will be used.

    +

    This option is an alias of the -name option for "xmpp" and "xmpp-server".

    +
    +
    -name hostname
    + +
    +

    This option is used to specify hostname information for various protocols +used with -starttls option. Currently only "xmpp", "xmpp-server", +"smtp" and "lmtp" can utilize this -name option.

    +

    If this option is used with "-starttls xmpp" or "-starttls xmpp-server", +if specifies the host for the "to" attribute of the stream element. If this +option is not specified, then the host specified with "-connect" will be used.

    +

    If this option is used with "-starttls lmtp" or "-starttls smtp", it specifies +the name to use in the "LMTP LHLO" or "SMTP EHLO" message, respectively. If +this option is not specified, then "mail.example.com" will be used.

    +
    +
    -tlsextdebug
    + +
    +

    Print out a hex dump of any TLS extensions received from the server.

    +
    +
    -no_ticket
    + +
    +

    Disable RFC4507bis session ticket support.

    +
    +
    -sess_out filename
    + +
    +

    Output SSL session to filename.

    +
    +
    -sess_in filename
    + +
    +

    Load SSL session from filename. The client will attempt to resume a +connection from this session.

    +
    +
    -serverinfo types
    + +
    +

    A list of comma-separated TLS Extension Types (numbers between 0 and +65535). Each type will be sent as an empty ClientHello TLS Extension. +The server's response (if any) will be encoded and displayed as a PEM +file.

    +
    +
    -status
    + +
    +

    Sends a certificate status request to the server (OCSP stapling). The server +response (if any) is printed out.

    +
    +
    -alpn protocols, -nextprotoneg protocols
    + +
    +

    These flags enable the Enable the Application-Layer Protocol Negotiation +or Next Protocol Negotiation (NPN) extension, respectively. ALPN is the +IETF standard and replaces NPN. +The protocols list is a comma-separated list of protocol names that +the client should advertise support for. The list should contain the most +desirable protocols first. Protocol names are printable ASCII strings, +for example "http/1.1" or "spdy/3". +An empty list of protocols is treated specially and will cause the +client to advertise support for the TLS extension but disconnect just +after receiving ServerHello with a list of server supported protocols. +The flag -nextprotoneg cannot be specified if -tls1_3 is used.

    +
    +
    -ct, -noct
    + +
    +

    Use one of these two options to control whether Certificate Transparency (CT) +is enabled (-ct) or disabled (-noct). +If CT is enabled, signed certificate timestamps (SCTs) will be requested from +the server and reported at handshake completion.

    +

    Enabling CT also enables OCSP stapling, as this is one possible delivery method +for SCTs.

    +
    +
    -ctlogfile
    + +
    +

    A file containing a list of known Certificate Transparency logs. See +SSL_CTX_set_ctlog_list_file(3) for the expected file format.

    +
    +
    -keylogfile file
    + +
    +

    Appends TLS secrets to the specified keylog file such that external programs +(like Wireshark) can decrypt TLS connections.

    +
    +
    -early_data file
    + +
    +

    Reads the contents of the specified file and attempts to send it as early data +to the server. This will only work with resumed sessions that support early +data and when the server accepts the early data.

    +
    +
    -enable_pha
    + +
    +

    For TLSv1.3 only, send the Post-Handshake Authentication extension. This will +happen whether or not a certificate has been provided via -cert.

    +
    +
    -use_srtp value
    + +
    +

    Offer SRTP key management, where value is a colon-separated profile list.

    +
    +
    -srpuser value
    + +
    +

    Set the SRP username to the specified value.

    +
    +
    -srppass value
    + +
    +

    Set the SRP password to the specified value.

    +
    +
    -srp_lateuser
    + +
    +

    SRP username for the second ClientHello message.

    +
    +
    -srp_moregroups
    + +
    +

    Tolerate other than the known g and N values.

    +
    +
    -srp_strength number
    + +
    +

    Set the minimal acceptable length, in bits, for N.

    +
    +
    -no_ssl3, -no_tls1, -no_tls1_1, -no_tls1_2, -no_tls1_3, +-ssl3, -tls1, -tls1_1, -tls1_2, -tls1_3
    + +
    +

    See openssl(1)/TLS Version Options.

    +
    +
    -dtls, -dtls1, -dtls1_2
    + +
    +

    These specify the use of DTLS instead of TLS. +See openssl(1)/TLS Version Options.

    +
    +
    -nameopt option
    + +
    +

    This specifies how the subject or issuer names are displayed. +See openssl(1)/Name Format Options for details.

    +
    +
    xkey infile, -xcert file, -xchain file, +-xchain_build file, -xcertform DER|PEM, +-xkeyform DER|PEM
    + +
    +

    Set extended certificate verification options. +See openssl(1)/Extended Verification Options for details.

    +
    +
    -CAfile file, -no-CAfile, -CApath dir, -no-CApath, +-CAstore uri, -no-CAstore
    + +
    +

    See openssl(1)/Trusted Certificate Options for details.

    +
    +
    -bugs, -comp, -no_comp, -no_ticket, -serverpref, +-legacy_renegotiation, -no_renegotiation, -no_resumption_on_reneg, +-legacy_server_connect, -no_legacy_server_connect, +-allow_no_dhe_kex, -prioritize_chacha, -strict, -sigalgs +algs, -client_sigalgs algs, -groups groups, -curves +curves, -named_curve curve, -cipher ciphers, -ciphersuites +1.3ciphers, -min_protocol minprot, -max_protocol maxprot, +-record_padding padding, -debug_broken_protocol, -no_middlebox
    + +
    +

    See SSL_CONF_cmd(3)/SUPPORTED COMMAND LINE COMMANDS for details.

    +
    +
    -rand files, -writerand file
    + +
    +

    See openssl(1)/Random State Options for details.

    +
    +
    -engine id
    + +
    +

    See openssl(1)/Engine Options.

    +
    +
    -ssl_client_engine id
    + +
    +

    Specify engine to be used for client certificate operations.

    +
    +
    -allow_proxy_certs, -attime, -no_check_time, +-check_ss_sig, -crl_check, -crl_check_all, +-explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, +-inhibit_map, -no_alt_chains, -partial_chain, -policy, +-policy_check, -policy_print, -purpose, -suiteB_128, +-suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, +-auth_level, -verify_depth, -verify_email, -verify_hostname, +-verify_ip, -verify_name, -x509_strict -issuer_checks
    + +
    +

    Set various options of certificate chain verification. +See openssl(1)/Verification Options for details.

    +

    Verification errors are displayed, for debugging, but the command will +proceed unless the -verify_return_error option is used.

    +
    +
    host:port
    + +
    +

    Rather than providing -connect, the target hostname and optional port may +be provided as a single positional argument after all options. If neither this +nor -connect are provided, falls back to attempting to connect to +localhost on port 4433.

    +
    +
    +

    +

    +
    +

    CONNECTED COMMANDS

    +

    If a connection is established with an SSL server then any data received +from the server is displayed and any key presses will be sent to the +server. If end of file is reached then the connection will be closed down. When +used interactively (which means neither -quiet nor -ign_eof have been +given), then certain commands are also recognized which perform special +operations. These commands are a letter which must appear at the start of a +line. They are listed below.

    +
    +
    Q
    + +
    +

    End the current SSL connection and exit.

    +
    +
    R
    + +
    +

    Renegotiate the SSL session (TLSv1.2 and below only).

    +
    +
    k
    + +
    +

    Send a key update message to the server (TLSv1.3 only)

    +
    +
    K
    + +
    +

    Send a key update message to the server and request one back (TLSv1.3 only)

    +
    +
    +

    +

    +
    +

    NOTES

    +

    This command can be used to debug SSL servers. To connect to an SSL HTTP +server the command:

    +
    + openssl s_client -connect servername:443
    +

    would typically be used (https uses port 443). If the connection succeeds +then an HTTP command can be given such as "GET /" to retrieve a web page.

    +

    If the handshake fails then there are several possible causes, if it is +nothing obvious like no client certificate then the -bugs, +-ssl3, -tls1, -no_ssl3, -no_tls1 options can be tried +in case it is a buggy server. In particular you should play with these +options before submitting a bug report to an OpenSSL mailing list.

    +

    A frequent problem when attempting to get client certificates working +is that a web client complains it has no certificates or gives an empty +list to choose from. This is normally because the server is not sending +the clients certificate authority in its "acceptable CA list" when it +requests a certificate. By using this command, the CA list can be viewed +and checked. However some servers only request client authentication +after a specific URL is requested. To obtain the list in this case it +is necessary to use the -prexit option and send an HTTP request +for an appropriate page.

    +

    If a certificate is specified on the command line using the -cert +option it will not be used unless the server specifically requests +a client certificate. Therefor merely including a client certificate +on the command line is no guarantee that the certificate works.

    +

    If there are problems verifying a server certificate then the +-showcerts option can be used to show all the certificates sent by the +server.

    +

    This command is a test tool and is designed to continue the +handshake after any certificate verification errors. As a result it will +accept any certificate chain (trusted or not) sent by the peer. None test +applications should not do this as it makes them vulnerable to a MITM +attack. This behaviour can be changed by with the -verify_return_error +option: any verify errors are then returned aborting the handshake.

    +

    The -bind option may be useful if the server or a firewall requires +connections to come from some particular address and or port.

    +

    +

    +
    +

    BUGS

    +

    Because this program has a lot of options and also because some of the +techniques used are rather old, the C source for this command is rather +hard to read and not a model of how things should be done. +A typical SSL client program would be much simpler.

    +

    The -prexit option is a bit of a hack. We should really report +information whenever a session is renegotiated.

    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +openssl-sess_id(1), +openssl-s_server(1), +openssl-ciphers(1), +SSL_CONF_cmd(3), +SSL_CTX_set_max_send_fragment(3), +SSL_CTX_set_split_send_fragment(3), +SSL_CTX_set_max_pipelines(3), +ossl_store-file(7)

    +

    +

    +
    +

    HISTORY

    +

    The -no_alt_chains option was added in OpenSSL 1.1.0. +The -name option was added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-s_server.html b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-s_server.html new file mode 100755 index 0000000..cb6bfb0 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-s_server.html @@ -0,0 +1,1017 @@ + + + + +openssl-s_server + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    openssl-s_server - SSL/TLS server program

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl s_server +[-help] +[-port +int] +[-accept val] +[-unix val] +[-4] +[-6] +[-unlink] +[-context val] +[-verify int] +[-Verify int] +[-cert infile] +[-naccept +int] +[-serverinfo val] +[-certform DER|PEM] +[-key infile] +[-keyform DER|PEM] +[-pass val] +[-dcert infile] +[-dcertform DER|PEM] +[-dkey infile] +[-dkeyform DER|PEM] +[-dpass val] +[-nbio_test] +[-crlf] +[-debug] +[-msg] +[-msgfile outfile] +[-state] +[-nocert] +[-quiet] +[-no_resume_ephemeral] +[-www] +[-WWW] +[-http_server_binmode] +[-servername] +[-servername_fatal] +[-cert2 infile] +[-key2 infile] +[-tlsextdebug] +[-HTTP] +[-id_prefix val] +[-keymatexport val] +[-keymatexportlen +int] +[-CRLform DER|PEM] +[-CRL infile] +[-crl_download] +[-cert_chain infile] +[-dcert_chain infile] +[-chainCApath dir] +[-verifyCApath dir] +[-chainCAstore uri] +[-verifyCAstore uri] +[-no_cache] +[-ext_cache] +[-verify_return_error] +[-verify_quiet] +[-build_chain] +[-chainCAfile infile] +[-verifyCAfile infile] +[-ign_eof] +[-no_ign_eof] +[-status] +[-status_verbose] +[-status_timeout int] +[-status_url val] +[-status_file infile] +[-trace] +[-security_debug] +[-security_debug_verbose] +[-brief] +[-rev] +[-async] +[-ssl_config val] +[-max_send_frag +int] +[-split_send_frag +int] +[-max_pipelines +int] +[-read_buf +int] +[-bugs] +[-no_comp] +[-comp] +[-no_ticket] +[-serverpref] +[-legacy_renegotiation] +[-no_renegotiation] +[-legacy_server_connect] +[-no_resumption_on_reneg] +[-no_legacy_server_connect] +[-allow_no_dhe_kex] +[-prioritize_chacha] +[-strict] +[-sigalgs val] +[-client_sigalgs val] +[-groups val] +[-curves val] +[-named_curve val] +[-cipher val] +[-ciphersuites val] +[-dhparam infile] +[-record_padding val] +[-debug_broken_protocol] +[-nbio] +[-psk_identity val] +[-psk_hint val] +[-psk val] +[-psk_session file] +[-srpvfile infile] +[-srpuserseed val] +[-timeout] +[-mtu +int] +[-listen] +[-sctp] +[-sctp_label_bug] +[-no_dhe] +[-nextprotoneg val] +[-use_srtp val] +[-alpn val] +[-keylogfile outfile] +[-recv_max_early_data int] +[-max_early_data int] +[-early_data] +[-stateless] +[-anti_replay] +[-no_anti_replay] +[-num_tickets] +[-nameopt option] +[-no_ssl3] +[-no_tls1] +[-no_tls1_1] +[-no_tls1_2] +[-no_tls1_3] +[-ssl3] +[-tls1] +[-tls1_1] +[-tls1_2] +[-tls1_3] +[-dtls] +[-dtls1] +[-dtls1_2] +[-allow_proxy_certs] +[-attime timestamp] +[-no_check_time] +[-check_ss_sig] +[-crl_check] +[-crl_check_all] +[-explicit_policy] +[-extended_crl] +[-ignore_critical] +[-inhibit_any] +[-inhibit_map] +[-partial_chain] +[-policy arg] +[-policy_check] +[-policy_print] +[-purpose purpose] +[-suiteB_128] +[-suiteB_128_only] +[-suiteB_192] +[-trusted_first] +[-no_alt_chains] +[-use_deltas] +[-auth_level num] +[-verify_depth num] +[-verify_email email] +[-verify_hostname hostname] +[-verify_ip ip] +[-verify_name name] +[-x509_strict] +[-issuer_checks]

    +

    [-bugs] +[-no_comp] +[-comp] +[-no_ticket] +[-serverpref] +[-legacy_renegotiation] +[-no_renegotiation] +[-no_resumption_on_reneg] +[-legacy_server_connect] +[-no_legacy_server_connect] +[-allow_no_dhe_kex] +[-prioritize_chacha] +[-strict] +[-sigalgs algs] +[-client_sigalgs algs] +[-groups groups] +[-curves curves] +[-named_curve curve] +[-cipher ciphers] +[-ciphersuites 1.3ciphers] +[-min_protocol minprot] +[-max_protocol maxprot] +[-record_padding padding] +[-debug_broken_protocol] +[-no_middlebox] +[-xkey] infile +[-xcert file] +[-xchain] file +[-xchain_build] file +[-xcertform DER|PEM]> +[-xkeyform DER|PEM]> +[-CAfile file] +[-no-CAfile] +[-CApath dir] +[-no-CApath] +[-CAstore uri] +[-no-CAstore] +[-rand files] +[-writerand file] +[-engine id]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command implements a generic SSL/TLS server which +listens for connections on a given port using SSL/TLS.

    +

    +

    +
    +

    OPTIONS

    +

    In addition to the options below, this command also supports +the common and server only options documented +SSL_CONF_cmd(3)/Supported Command Line Commands

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -port +int
    + +
    +

    The TCP port to listen on for connections. If not specified 4433 is used.

    +
    +
    -accept val
    + +
    +

    The optional TCP host and port to listen on for connections. If not specified, *:4433 is used.

    +
    +
    -unix val
    + +
    +

    Unix domain socket to accept on.

    +
    +
    -4
    + +
    +

    Use IPv4 only.

    +
    +
    -6
    + +
    +

    Use IPv6 only.

    +
    +
    -unlink
    + +
    +

    For -unix, unlink any existing socket first.

    +
    +
    -context val
    + +
    +

    Sets the SSL context id. It can be given any string value. If this option +is not present a default value will be used.

    +
    +
    -verify int, -Verify int
    + +
    +

    The verify depth to use. This specifies the maximum length of the +client certificate chain and makes the server request a certificate from +the client. With the -verify option a certificate is requested but the +client does not have to send one, with the -Verify option the client +must supply a certificate or an error occurs.

    +

    If the cipher suite cannot request a client certificate (for example an +anonymous cipher suite or PSK) this option has no effect.

    +
    +
    -cert infile
    + +
    +

    The certificate to use, most servers cipher suites require the use of a +certificate and some require a certificate with a certain public key type: +for example the DSS cipher suites require a certificate containing a DSS +(DSA) key. If not specified then the filename server.pem will be used.

    +
    +
    -cert_chain
    + +
    +

    A file containing trusted certificates to use when attempting to build the +client/server certificate chain related to the certificate specified via the +-cert option.

    +
    +
    -build_chain
    + +
    +

    Specify whether the application should build the certificate chain to be +provided to the client.

    +
    +
    -naccept +int
    + +
    +

    The server will exit after receiving the specified number of connections, +default unlimited.

    +
    +
    -serverinfo val
    + +
    +

    A file containing one or more blocks of PEM data. Each PEM block +must encode a TLS ServerHello extension (2 bytes type, 2 bytes length, +followed by "length" bytes of extension data). If the client sends +an empty TLS ClientHello extension matching the type, the corresponding +ServerHello extension will be returned.

    +
    +
    -certform DER|PEM, -CRLForm DER|PEM
    + +
    +

    The certificate and CRL format; the default is PEM. +See openssl(1)/Format Options for details.

    +
    +
    -key infile
    + +
    +

    The private key to use. If not specified then the certificate file will +be used.

    +
    +
    -keyform DER|PEM
    + +
    +

    The key format; the default is PEM. +See openssl(1)/Format Options for details.

    +
    +
    -pass val
    + +
    +

    The private key password source. +For more information about the format of val, +see openssl(1)/Pass Phrase Options.

    +
    +
    -dcert infile, -dkey infile
    + +
    +

    Specify an additional certificate and private key, these behave in the +same manner as the -cert and -key options except there is no default +if they are not specified (no additional certificate and key is used). As +noted above some cipher suites require a certificate containing a key of +a certain type. Some cipher suites need a certificate carrying an RSA key +and some a DSS (DSA) key. By using RSA and DSS certificates and keys +a server can support clients which only support RSA or DSS cipher suites +by using an appropriate certificate.

    +
    +
    -dcert_chain
    + +
    +

    A file containing trusted certificates to use when attempting to build the +server certificate chain when a certificate specified via the -dcert option +is in use.

    +
    +
    -dcertform DER|PEM, -dkeyform DER|PEM
    + +
    +

    The format of the certificate and private key; the default is PEM +see openssl(1)/Format Options.

    +
    +
    -dpass val
    + +
    +

    The passphrase for the additional private key. +For more information about the format of val, +see openssl(1)/Pass Phrase Options.

    +
    +
    -nbio_test
    + +
    +

    Tests non blocking I/O.

    +
    +
    -crlf
    + +
    +

    This option translated a line feed from the terminal into CR+LF.

    +
    +
    -debug
    + +
    +

    Print extensive debugging information including a hex dump of all traffic.

    +
    +
    -msg
    + +
    +

    Show all protocol messages with hex dump.

    +
    +
    -msgfile outfile
    + +
    +

    File to send output of -msg or -trace to, default standard output.

    +
    +
    -state
    + +
    +

    Prints the SSL session states.

    +
    +
    -chainCApath dir
    + +
    +

    The directory to use for building the chain provided to the client. This +directory must be in "hash format", see openssl-verify(1) for more +information.

    +
    +
    -chainCAfile file
    + +
    +

    A file containing trusted certificates to use when attempting to build the +server certificate chain.

    +
    +
    -chainCAstore uri
    + +
    +

    The URI to a store to use for building the chain provided to the client. +The URI may indicate a single certificate, as well as a collection of +them. +With URIs in the file: scheme, this acts as -chainCAfile or +-chainCApath, depending on if the URI indicates a directory or a +single file. +See ossl_store-file(7) for more information on the file: scheme.

    +
    +
    -nocert
    + +
    +

    If this option is set then no certificate is used. This restricts the +cipher suites available to the anonymous ones (currently just anonymous +DH).

    +
    +
    -quiet
    + +
    +

    Inhibit printing of session and certificate information.

    +
    +
    -tlsextdebug
    + +
    +

    Print a hex dump of any TLS extensions received from the server.

    +
    +
    -www
    + +
    +

    Sends a status message back to the client when it connects. This includes +information about the ciphers used and various session parameters. +The output is in HTML format so this option can be used with a web browser. +The special URL /renegcert turns on client cert validation, and /reneg +tells the server to request renegotiation. +The -early_data option cannot be used with this option.

    +
    +
    -WWW, -HTTP
    + +
    +

    Emulates a simple web server. Pages will be resolved relative to the +current directory, for example if the URL https://myhost/page.html is +requested the file ./page.html will be sent. +If the -HTTP flag is used, the files are sent directly, and should contain +any HTTP response headers (including status response line). +If the -WWW option is used, +the response headers are generated by the server, and the file extension is +examined to determine the Content-Type header. +Extensions of html, htm, and php are text/html and all others are +text/plain. +In addition, the special URL /stats will return status +information like the -www option. +Neither of these options can be used in conjunction with -early_data.

    +
    +
    -http_server_binmode
    + +
    +

    When acting as web-server (using option -WWW or -HTTP) open files requested +by the client in binary mode.

    +
    +
    -id_prefix val
    + +
    +

    Generate SSL/TLS session IDs prefixed by val. This is mostly useful +for testing any SSL/TLS code (eg. proxies) that wish to deal with multiple +servers, when each of which might be generating a unique range of session +IDs (eg. with a certain prefix).

    +
    +
    -verify_return_error
    + +
    +

    Verification errors normally just print a message but allow the +connection to continue, for debugging purposes. +If this option is used, then verification errors close the connection.

    +
    +
    -status
    + +
    +

    Enables certificate status request support (aka OCSP stapling).

    +
    +
    -status_verbose
    + +
    +

    Enables certificate status request support (aka OCSP stapling) and gives +a verbose printout of the OCSP response.

    +
    +
    -status_timeout int
    + +
    +

    Sets the timeout for OCSP response to int seconds.

    +
    +
    -status_url val
    + +
    +

    Sets a fallback responder URL to use if no responder URL is present in the +server certificate. Without this option an error is returned if the server +certificate does not contain a responder address.

    +
    +
    -status_file infile
    + +
    +

    Overrides any OCSP responder URLs from the certificate and always provides the +OCSP Response stored in the file. The file must be in DER format.

    +
    +
    -trace
    + +
    +

    Show verbose trace output of protocol messages. OpenSSL needs to be compiled +with enable-ssl-trace for this option to work.

    +
    +
    -brief
    + +
    +

    Provide a brief summary of connection parameters instead of the normal verbose +output.

    +
    +
    -rev
    + +
    +

    Simple test server which just reverses the text received from the client +and sends it back to the server. Also sets -brief. Cannot be used in +conjunction with -early_data.

    +
    +
    -async
    + +
    +

    Switch on asynchronous mode. Cryptographic operations will be performed +asynchronously. This will only have an effect if an asynchronous capable engine +is also used via the -engine option. For test purposes the dummy async engine +(dasync) can be used (if available).

    +
    +
    -max_send_frag +int
    + +
    +

    The maximum size of data fragment to send. +See SSL_CTX_set_max_send_fragment(3) for further information.

    +
    +
    -split_send_frag +int
    + +
    +

    The size used to split data for encrypt pipelines. If more data is written in +one go than this value then it will be split into multiple pipelines, up to the +maximum number of pipelines defined by max_pipelines. This only has an effect if +a suitable cipher suite has been negotiated, an engine that supports pipelining +has been loaded, and max_pipelines is greater than 1. See +SSL_CTX_set_split_send_fragment(3) for further information.

    +
    +
    -max_pipelines +int
    + +
    +

    The maximum number of encrypt/decrypt pipelines to be used. This will only have +an effect if an engine has been loaded that supports pipelining (e.g. the dasync +engine) and a suitable cipher suite has been negotiated. The default value is 1. +See SSL_CTX_set_max_pipelines(3) for further information.

    +
    +
    -read_buf +int
    + +
    +

    The default read buffer size to be used for connections. This will only have an +effect if the buffer size is larger than the size that would otherwise be used +and pipelining is in use (see SSL_CTX_set_default_read_buffer_len(3) for +further information).

    +
    +
    -bugs
    + +
    +

    There are several known bugs in SSL and TLS implementations. Adding this +option enables various workarounds.

    +
    +
    -no_comp
    + +
    +

    Disable negotiation of TLS compression. +TLS compression is not recommended and is off by default as of +OpenSSL 1.1.0.

    +
    +
    -comp
    + +
    +

    Enable negotiation of TLS compression. +This option was introduced in OpenSSL 1.1.0. +TLS compression is not recommended and is off by default as of +OpenSSL 1.1.0.

    +
    +
    -no_ticket
    + +
    +

    Disable RFC4507bis session ticket support. This option has no effect if TLSv1.3 +is negotiated. See -num_tickets.

    +
    +
    -num_tickets
    + +
    +

    Control the number of tickets that will be sent to the client after a full +handshake in TLSv1.3. The default number of tickets is 2. This option does not +affect the number of tickets sent after a resumption handshake.

    +
    +
    -serverpref
    + +
    +

    Use the server's cipher preferences, rather than the client's preferences.

    +
    +
    -prioritize_chacha
    + +
    +

    Prioritize ChaCha ciphers when preferred by clients. Requires -serverpref.

    +
    +
    -no_resumption_on_reneg
    + +
    +

    Set the SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION option.

    +
    +
    -client_sigalgs val
    + +
    +

    Signature algorithms to support for client certificate authentication +(colon-separated list).

    +
    +
    -named_curve val
    + +
    +

    Specifies the elliptic curve to use. NOTE: this is single curve, not a list. +For a list of all possible curves, use:

    +
    +    $ openssl ecparam -list_curves
    +
    +
    -cipher val
    + +
    +

    This allows the list of TLSv1.2 and below ciphersuites used by the server to be +modified. This list is combined with any TLSv1.3 ciphersuites that have been +configured. When the client sends a list of supported ciphers the first client +cipher also included in the server list is used. Because the client specifies +the preference order, the order of the server cipherlist is irrelevant. See +openssl-ciphers(1) for more information.

    +
    +
    -ciphersuites val
    + +
    +

    This allows the list of TLSv1.3 ciphersuites used by the server to be modified. +This list is combined with any TLSv1.2 and below ciphersuites that have been +configured. When the client sends a list of supported ciphers the first client +cipher also included in the server list is used. Because the client specifies +the preference order, the order of the server cipherlist is irrelevant. See +openssl-ciphers(1) command for more information. The format for this list is +a simple colon (":") separated list of TLSv1.3 ciphersuite names.

    +
    +
    -dhparam infile
    + +
    +

    The DH parameter file to use. The ephemeral DH cipher suites generate keys +using a set of DH parameters. If not specified then an attempt is made to +load the parameters from the server certificate file. +If this fails then a static set of parameters hard coded into this command +will be used.

    +
    +
    -nbio
    + +
    +

    Turns on non blocking I/O.

    +
    +
    -psk_identity val
    + +
    +

    Expect the client to send PSK identity val when using a PSK +cipher suite, and warn if they do not. By default, the expected PSK +identity is the string "Client_identity".

    +
    +
    -psk_hint val
    + +
    +

    Use the PSK identity hint val when using a PSK cipher suite.

    +
    +
    -psk val
    + +
    +

    Use the PSK key val when using a PSK cipher suite. The key is +given as a hexadecimal number without leading 0x, for example -psk +1a2b3c4d. +This option must be provided in order to use a PSK cipher.

    +
    +
    -psk_session file
    + +
    +

    Use the pem encoded SSL_SESSION data stored in file as the basis of a PSK. +Note that this will only work if TLSv1.3 is negotiated.

    +
    +
    -listen
    + +
    +

    This option can only be used in conjunction with one of the DTLS options above. +With this option, this command will listen on a UDP port for incoming +connections. +Any ClientHellos that arrive will be checked to see if they have a cookie in +them or not. +Any without a cookie will be responded to with a HelloVerifyRequest. +If a ClientHello with a cookie is received then this command will +connect to that peer and complete the handshake.

    +
    +
    -sctp
    + +
    +

    Use SCTP for the transport protocol instead of UDP in DTLS. Must be used in +conjunction with -dtls, -dtls1 or -dtls1_2. This option is only +available where OpenSSL has support for SCTP enabled.

    +
    +
    -sctp_label_bug
    + +
    +

    Use the incorrect behaviour of older OpenSSL implementations when computing +endpoint-pair shared secrets for DTLS/SCTP. This allows communication with +older broken implementations but breaks interoperability with correct +implementations. Must be used in conjunction with -sctp. This option is only +available where OpenSSL has support for SCTP enabled.

    +
    +
    -no_dhe
    + +
    +

    If this option is set then no DH parameters will be loaded effectively +disabling the ephemeral DH cipher suites.

    +
    +
    -alpn val, -nextprotoneg val
    + +
    +

    These flags enable the Enable the Application-Layer Protocol Negotiation +or Next Protocol Negotiation (NPN) extension, respectively. ALPN is the +IETF standard and replaces NPN. +The val list is a comma-separated list of supported protocol +names. The list should contain the most desirable protocols first. +Protocol names are printable ASCII strings, for example "http/1.1" or +"spdy/3". +The flag -nextprotoneg cannot be specified if -tls1_3 is used.

    +
    +
    -keylogfile outfile
    + +
    +

    Appends TLS secrets to the specified keylog file such that external programs +(like Wireshark) can decrypt TLS connections.

    +
    +
    -max_early_data int
    + +
    +

    Change the default maximum early data bytes that are specified for new sessions +and any incoming early data (when used in conjunction with the -early_data +flag). The default value is approximately 16k. The argument must be an integer +greater than or equal to 0.

    +
    +
    -recv_max_early_data int
    + +
    +

    Specify the hard limit on the maximum number of early data bytes that will +be accepted.

    +
    +
    -early_data
    + +
    +

    Accept early data where possible. Cannot be used in conjunction with -www, +-WWW, -HTTP or -rev.

    +
    +
    -stateless
    + +
    +

    Require TLSv1.3 cookies.

    +
    +
    -anti_replay, -no_anti_replay
    + +
    +

    Switches replay protection on or off, respectively. Replay protection is on by +default unless overridden by a configuration file. When it is on, OpenSSL will +automatically detect if a session ticket has been used more than once, TLSv1.3 +has been negotiated, and early data is enabled on the server. A full handshake +is forced if a session ticket is used a second or subsequent time. Any early +data that was sent will be rejected.

    +
    +
    -nameopt option
    + +
    +

    This specifies how the subject or issuer names are displayed. +See openssl(1)/Name Format Options for details.

    +
    +
    -no_ssl3, -no_tls1, -no_tls1_1, -no_tls1_2, -no_tls1_3, +-ssl3, -tls1, -tls1_1, -tls1_2, -tls1_3
    + +
    +

    See openssl(1)/TLS Version Options.

    +
    +
    -dtls, -dtls1, -dtls1_2
    + +
    +

    These specify the use of DTLS instead of TLS. +See openssl(1)/TLS Version Options.

    +
    +
    -bugs, -comp, -no_comp, -no_ticket, -serverpref, +-legacy_renegotiation, -no_renegotiation, -no_resumption_on_reneg, +-legacy_server_connect, -no_legacy_server_connect, +-allow_no_dhe_kex, -prioritize_chacha, -strict, -sigalgs +algs, -client_sigalgs algs, -groups groups, -curves +curves, -named_curve curve, -cipher ciphers, -ciphersuites +1.3ciphers, -min_protocol minprot, -max_protocol maxprot, +-record_padding padding, -debug_broken_protocol, -no_middlebox
    + +
    +

    See SSL_CONF_cmd(3)/SUPPORTED COMMAND LINE COMMANDS for details.

    +
    +
    xkey infile, -xcert file, -xchain file, +-xchain_build file, -xcertform DER|PEM, +-xkeyform DER|PEM
    + +
    +

    Set extended certificate verification options. +See openssl(1)/Extended Verification Options for details.

    +
    +
    -CAfile file, -no-CAfile, -CApath dir, -no-CApath, +-CAstore uri, -no-CAstore
    + +
    +

    See openssl(1)/Trusted Certificate Options for details.

    +
    +
    -rand files, -writerand file
    + +
    +

    See openssl(1)/Random State Options for details.

    +
    +
    -engine id
    + +
    +

    See openssl(1)/Engine Options.

    +
    +
    -allow_proxy_certs, -attime, -no_check_time, +-check_ss_sig, -crl_check, -crl_check_all, +-explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, +-inhibit_map, -no_alt_chains, -partial_chain, -policy, +-policy_check, -policy_print, -purpose, -suiteB_128, +-suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, +-auth_level, -verify_depth, -verify_email, -verify_hostname, +-verify_ip, -verify_name, -x509_strict -issuer_checks
    + +
    +

    Set various options of certificate chain verification. +See openssl(1)/Verification Options for details.

    +

    If the server requests a client certificate, then +verification errors are displayed, for debugging, but the command will +proceed unless the -verify_return_error option is used.

    +
    +
    +

    +

    +
    +

    CONNECTED COMMANDS

    +

    If a connection request is established with an SSL client and neither the +-www nor the -WWW option has been used then normally any data received +from the client is displayed and any key presses will be sent to the client.

    +

    Certain commands are also recognized which perform special operations. These +commands are a letter which must appear at the start of a line. They are listed +below.

    +
    +
    q
    + +
    +

    End the current SSL connection but still accept new connections.

    +
    +
    Q
    + +
    +

    End the current SSL connection and exit.

    +
    +
    r
    + +
    +

    Renegotiate the SSL session (TLSv1.2 and below only).

    +
    +
    R
    + +
    +

    Renegotiate the SSL session and request a client certificate (TLSv1.2 and below +only).

    +
    +
    P
    + +
    +

    Send some plain text down the underlying TCP connection: this should +cause the client to disconnect due to a protocol violation.

    +
    +
    S
    + +
    +

    Print out some session cache status information.

    +
    +
    k
    + +
    +

    Send a key update message to the client (TLSv1.3 only)

    +
    +
    K
    + +
    +

    Send a key update message to the client and request one back (TLSv1.3 only)

    +
    +
    c
    + +
    +

    Send a certificate request to the client (TLSv1.3 only)

    +
    +
    +

    +

    +
    +

    NOTES

    +

    This command can be used to debug SSL clients. To accept connections +from a web browser the command:

    +
    + openssl s_server -accept 443 -www
    +

    can be used for example.

    +

    Although specifying an empty list of CAs when requesting a client certificate +is strictly speaking a protocol violation, some SSL clients interpret this to +mean any CA is acceptable. This is useful for debugging purposes.

    +

    The session parameters can printed out using the openssl-sess_id(1) command.

    +

    +

    +
    +

    BUGS

    +

    Because this program has a lot of options and also because some of the +techniques used are rather old, the C source for this command is rather +hard to read and not a model of how things should be done. +A typical SSL server program would be much simpler.

    +

    The output of common ciphers is wrong: it just gives the list of ciphers that +OpenSSL recognizes and the client supports.

    +

    There should be a way for this command to print out details +of any unknown cipher suites a client says it supports.

    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +openssl-sess_id(1), +openssl-s_client(1), +openssl-ciphers(1), +SSL_CONF_cmd(3), +SSL_CTX_set_max_send_fragment(3), +SSL_CTX_set_split_send_fragment(3), +SSL_CTX_set_max_pipelines(3), +ossl_store-file(7)

    +

    +

    +
    +

    HISTORY

    +

    The -no_alt_chains option was added in OpenSSL 1.1.0.

    +

    The +-allow-no-dhe-kex and -prioritize_chacha options were added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-s_time.html b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-s_time.html new file mode 100755 index 0000000..581c431 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-s_time.html @@ -0,0 +1,257 @@ + + + + +openssl-s_time + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    openssl-s_time - SSL/TLS performance timing program

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl s_time +[-help] +[-connect host:port] +[-www page] +[-cert filename] +[-key filename] +[-reuse] +[-new] +[-verify depth] +[-time seconds] +[-ssl3] +[-tls1] +[-tls1_1] +[-tls1_2] +[-tls1_3] +[-bugs] +[-cipher cipherlist] +[-ciphersuites val] +[-nameopt option] +[-cafile file] +[-CAfile file] +[-no-CAfile] +[-CApath dir] +[-no-CApath] +[-CAstore uri] +[-no-CAstore]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command implements a generic SSL/TLS client which +connects to a remote host using SSL/TLS. It can request a page from the server +and includes the time to transfer the payload data in its timing measurements. +It measures the number of connections within a given timeframe, the amount of +data transferred (if any), and calculates the average time spent for one +connection.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -connect host:port
    + +
    +

    This specifies the host and optional port to connect to.

    +
    +
    -www page
    + +
    +

    This specifies the page to GET from the server. A value of '/' gets the +index.html page. If this parameter is not specified, then this command +will only perform the handshake to establish SSL connections but not transfer +any payload data.

    +
    +
    -cert certname
    + +
    +

    The certificate to use, if one is requested by the server. The default is +not to use a certificate. The file is in PEM format.

    +
    +
    -key keyfile
    + +
    +

    The private key to use. If not specified then the certificate file will +be used. The file is in PEM format.

    +
    +
    -verify depth
    + +
    +

    The verify depth to use. This specifies the maximum length of the +server certificate chain and turns on server certificate verification. +Currently the verify operation continues after errors so all the problems +with a certificate chain can be seen. As a side effect the connection +will never fail due to a server certificate verify failure.

    +
    +
    -new
    + +
    +

    Performs the timing test using a new session ID for each connection. +If neither -new nor -reuse are specified, they are both on by default +and executed in sequence.

    +
    +
    -reuse
    + +
    +

    Performs the timing test using the same session ID; this can be used as a test +that session caching is working. If neither -new nor -reuse are +specified, they are both on by default and executed in sequence.

    +
    +
    -bugs
    + +
    +

    There are several known bugs in SSL and TLS implementations. Adding this +option enables various workarounds.

    +
    +
    -cipher cipherlist
    + +
    +

    This allows the TLSv1.2 and below cipher list sent by the client to be modified. +This list will be combined with any TLSv1.3 ciphersuites that have been +configured. Although the server determines which cipher suite is used it should +take the first supported cipher in the list sent by the client. See +openssl-ciphers(1) for more information.

    +
    +
    -ciphersuites val
    + +
    +

    This allows the TLSv1.3 ciphersuites sent by the client to be modified. This +list will be combined with any TLSv1.2 and below ciphersuites that have been +configured. Although the server determines which cipher suite is used it should +take the first supported cipher in the list sent by the client. See +openssl-ciphers(1) for more information. The format for this list is a +simple colon (":") separated list of TLSv1.3 ciphersuite names.

    +
    +
    -time length
    + +
    +

    Specifies how long (in seconds) this command should establish connections +and optionally transfer payload data from a server. Server and client +performance and the link speed determine how many connections it +can establish.

    +
    +
    -nameopt option
    + +
    +

    This specifies how the subject or issuer names are displayed. +See openssl(1)/Name Format Options for details.

    +
    +
    -CAfile file, -no-CAfile, -CApath dir, -no-CApath, +-CAstore uri, -no-CAstore
    + +
    +

    See openssl(1)/Trusted Certificate Options for details.

    +
    +
    -cafile file
    + +
    +

    This is an obsolete synonym for -CAfile.

    +
    +
    -ssl3, -tls1, -tls1_1, -tls1_2, -tls1_3
    + +
    +

    See openssl(1)/TLS Version Options.

    +
    +
    +

    +

    +
    +

    NOTES

    +

    This command can be used to measure the performance of an SSL connection. +To connect to an SSL HTTP server and get the default page the command

    +
    + openssl s_time -connect servername:443 -www / -CApath yourdir -CAfile yourfile.pem -cipher commoncipher [-ssl3]
    +

    would typically be used (https uses port 443). commoncipher is a cipher to +which both client and server can agree, see the openssl-ciphers(1) command +for details.

    +

    If the handshake fails then there are several possible causes, if it is +nothing obvious like no client certificate then the -bugs and +-ssl3 options can be tried +in case it is a buggy server. In particular you should play with these +options before submitting a bug report to an OpenSSL mailing list.

    +

    A frequent problem when attempting to get client certificates working +is that a web client complains it has no certificates or gives an empty +list to choose from. This is normally because the server is not sending +the clients certificate authority in its "acceptable CA list" when it +requests a certificate. By using openssl-s_client(1) the CA list can be +viewed and checked. However some servers only request client authentication +after a specific URL is requested. To obtain the list in this case it +is necessary to use the -prexit option of openssl-s_client(1) and +send an HTTP request for an appropriate page.

    +

    If a certificate is specified on the command line using the -cert +option it will not be used unless the server specifically requests +a client certificate. Therefor merely including a client certificate +on the command line is no guarantee that the certificate works.

    +

    +

    +
    +

    BUGS

    +

    Because this program does not have all the options of the +openssl-s_client(1) program to turn protocols on and off, you may not +be able to measure the performance of all protocols with all servers.

    +

    The -verify option should really exit if the server verification +fails.

    +

    +

    +
    +

    HISTORY

    +

    The -cafile option was deprecated in OpenSSL 3.0.

    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +openssl-s_client(1), +openssl-s_server(1), +openssl-ciphers(1), +ossl_store-file(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2004-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-sess_id.html b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-sess_id.html new file mode 100755 index 0000000..b5b1099 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-sess_id.html @@ -0,0 +1,213 @@ + + + + +openssl-sess_id + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    openssl-sess_id - SSL/TLS session handling utility

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl sess_id +[-help] +[-inform DER|PEM] +[-outform DER|PEM|NSS] +[-in filename] +[-out filename] +[-text] +[-cert] +[-noout] +[-context ID]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command processes the encoded version of the SSL session +structure and optionally prints out SSL session details (for example +the SSL session master key) in human readable format. Since this is a +diagnostic tool that needs some knowledge of the SSL protocol to use +properly, most users will not need to use it.

    +

    The precise format of the data can vary across OpenSSL versions and +is not documented.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -inform DER|PEM, -outform DER|PEM|NSS
    + +
    +

    The input and output formats; the default is PEM. +See openssl(1)/Format Options for details.

    +

    For NSS output, the session ID and master key are reported in NSS "keylog" +format.

    +
    +
    -in filename
    + +
    +

    This specifies the input filename to read session information from or standard +input by default.

    +
    +
    -out filename
    + +
    +

    This specifies the output filename to write session information to or standard +output if this option is not specified.

    +
    +
    -text
    + +
    +

    Prints out the various public or private key components in +plain text in addition to the encoded version.

    +
    +
    -cert
    + +
    +

    If a certificate is present in the session it will be output using this option, +if the -text option is also present then it will be printed out in text form.

    +
    +
    -noout
    + +
    +

    This option prevents output of the encoded version of the session.

    +
    +
    -context ID
    + +
    +

    This option can set the session id so the output session information uses the +supplied ID. The ID can be any string of characters. This option won't normally +be used.

    +
    +
    +

    +

    +
    +

    OUTPUT

    +

    Typical output:

    +
    + SSL-Session:
+     Protocol  : TLSv1
+     Cipher    : 0016
+     Session-ID: 871E62626C554CE95488823752CBD5F3673A3EF3DCE9C67BD916C809914B40ED
+     Session-ID-ctx: 01000000
+     Master-Key: A7CEFC571974BE02CAC305269DC59F76EA9F0B180CB6642697A68251F2D2BB57E51DBBB4C7885573192AE9AEE220FACD
+     Key-Arg   : None
+     Start Time: 948459261
+     Timeout   : 300 (sec)
+     Verify return code 0 (ok)
    +

    These are described below in more detail.

    +
    +
    Protocol
    + +
    +

    This is the protocol in use TLSv1.3, TLSv1.2, TLSv1.1, TLSv1 or SSLv3.

    +
    +
    Cipher
    + +
    +

    The cipher used this is the actual raw SSL or TLS cipher code, see the SSL +or TLS specifications for more information.

    +
    +
    Session-ID
    + +
    +

    The SSL session ID in hex format.

    +
    +
    Session-ID-ctx
    + +
    +

    The session ID context in hex format.

    +
    +
    Master-Key
    + +
    +

    This is the SSL session master key.

    +
    +
    Start Time
    + +
    +

    This is the session start time represented as an integer in standard +Unix format.

    +
    +
    Timeout
    + +
    +

    The timeout in seconds.

    +
    +
    Verify return code
    + +
    +

    This is the return code when an SSL client certificate is verified.

    +
    +
    +

    +

    +
    +

    NOTES

    +

    Since the SSL session output contains the master key it is +possible to read the contents of an encrypted session using this +information. Therefore appropriate security precautions should be taken if +the information is being output by a "real" application. This is however +strongly discouraged and should only be used for debugging purposes.

    +

    +

    +
    +

    BUGS

    +

    The cipher and start time should be printed out in human readable form.

    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +openssl-ciphers(1), +openssl-s_server(1)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-smime.html b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-smime.html new file mode 100755 index 0000000..344b62b --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-smime.html @@ -0,0 +1,585 @@ + + + + +openssl-smime + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    openssl-smime - S/MIME utility

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl smime +[-help] +[-encrypt] +[-decrypt] +[-sign] +[-resign] +[-verify] +[-pk7out] +[-binary] +[-crlfeol] +[-cipher] +[-in file] +[-certfile file] +[-signer file] +[-nointern] +[-noverify] +[-nochain] +[-nosigs] +[-nocerts] +[-noattr] +[-nodetach] +[-nosmimecap] +[-recip file] +[-inform DER|PEM|SMIME] +[-outform DER|PEM|SMIME] +[-keyform DER|PEM|ENGINE] +[-passin arg] +[-inkey file_or_id] +[-out file] +[-content file] +[-to addr] +[-from ad] +[-subject s] +[-text] +[-indef] +[-noindef] +[-stream] +[-md digest] +[-CAfile file] +[-no-CAfile] +[-CApath dir] +[-no-CApath] +[-CAstore uri] +[-no-CAstore] +[-engine id] +[-rand files] +[-writerand file] +[-allow_proxy_certs] +[-attime timestamp] +[-no_check_time] +[-check_ss_sig] +[-crl_check] +[-crl_check_all] +[-explicit_policy] +[-extended_crl] +[-ignore_critical] +[-inhibit_any] +[-inhibit_map] +[-partial_chain] +[-policy arg] +[-policy_check] +[-policy_print] +[-purpose purpose] +[-suiteB_128] +[-suiteB_128_only] +[-suiteB_192] +[-trusted_first] +[-no_alt_chains] +[-use_deltas] +[-auth_level num] +[-verify_depth num] +[-verify_email email] +[-verify_hostname hostname] +[-verify_ip ip] +[-verify_name name] +[-x509_strict] +[-issuer_checks]

    +

    cert.pem ...

    +

    +

    +
    +

    DESCRIPTION

    +

    This command handles S/MIME mail. It can encrypt, decrypt, sign +and verify S/MIME messages.

    +

    +

    +
    +

    OPTIONS

    +

    There are six operation options that set the type of operation to be performed. +The meaning of the other options varies according to the operation type.

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -encrypt
    + +
    +

    Encrypt mail for the given recipient certificates. Input file is the message +to be encrypted. The output file is the encrypted mail in MIME format.

    +

    Note that no revocation check is done for the recipient cert, so if that +key has been compromised, others may be able to decrypt the text.

    +
    +
    -decrypt
    + +
    +

    Decrypt mail using the supplied certificate and private key. Expects an +encrypted mail message in MIME format for the input file. The decrypted mail +is written to the output file.

    +
    +
    -sign
    + +
    +

    Sign mail using the supplied certificate and private key. Input file is +the message to be signed. The signed message in MIME format is written +to the output file.

    +
    +
    -verify
    + +
    +

    Verify signed mail. Expects a signed mail message on input and outputs +the signed data. Both clear text and opaque signing is supported.

    +
    +
    -pk7out
    + +
    +

    Takes an input message and writes out a PEM encoded PKCS#7 structure.

    +
    +
    -resign
    + +
    +

    Resign a message: take an existing message and one or more new signers.

    +
    +
    -in filename
    + +
    +

    The input message to be encrypted or signed or the MIME message to +be decrypted or verified.

    +
    +
    -out filename
    + +
    +

    The message text that has been decrypted or verified or the output MIME +format message that has been signed or verified.

    +
    +
    -inform DER|PEM|SMIME
    + +
    +

    The input format of the PKCS#7 (S/MIME) structure (if one is being read); +the default is SMIME. +See openssl(1)/Format Options for details.

    +
    +
    -outform DER|PEM|SMIME
    + +
    +

    The output format of the PKCS#7 (S/MIME) structure (if one is being written); +the default is SMIME. +See openssl(1)/Format Options for details.

    +
    +
    -keyform DER|PEM
    + +
    +

    The key format; the default is PEM. +See openssl(1)/Format Options for details.

    +
    +
    -stream, -indef, -noindef
    + +
    +

    The -stream and -indef options are equivalent and enable streaming I/O +for encoding operations. This permits single pass processing of data without +the need to hold the entire contents in memory, potentially supporting very +large files. Streaming is automatically set for S/MIME signing with detached +data if the output format is SMIME it is currently off by default for all +other operations.

    +
    +
    -noindef
    + +
    +

    Disable streaming I/O where it would produce and indefinite length constructed +encoding. This option currently has no effect. In future streaming will be +enabled by default on all relevant operations and this option will disable it.

    +
    +
    -content filename
    + +
    +

    This specifies a file containing the detached content, this is only +useful with the -verify command. This is only usable if the PKCS#7 +structure is using the detached signature form where the content is +not included. This option will override any content if the input format +is S/MIME and it uses the multipart/signed MIME content type.

    +
    +
    -text
    + +
    +

    This option adds plain text (text/plain) MIME headers to the supplied +message if encrypting or signing. If decrypting or verifying it strips +off text headers: if the decrypted or verified message is not of MIME +type text/plain then an error occurs.

    +
    +
    -md digest
    + +
    +

    Digest algorithm to use when signing or resigning. If not present then the +default digest algorithm for the signing key will be used (usually SHA1).

    +
    +
    -cipher
    + +
    +

    The encryption algorithm to use. For example DES (56 bits) - -des, +triple DES (168 bits) - -des3, +EVP_get_cipherbyname() function) can also be used preceded by a dash, for +example -aes-128-cbc. See openssl-enc(1) for list of ciphers +supported by your version of OpenSSL.

    +

    If not specified triple DES is used. Only used with -encrypt.

    +
    +
    -nointern
    + +
    +

    When verifying a message normally certificates (if any) included in +the message are searched for the signing certificate. With this option +only the certificates specified in the -certfile option are used. +The supplied certificates can still be used as untrusted CAs however.

    +
    +
    -noverify
    + +
    +

    Do not verify the signers certificate of a signed message.

    +
    +
    -nochain
    + +
    +

    Do not do chain verification of signers certificates; that is, do not +use the certificates in the signed message as untrusted CAs.

    +
    +
    -nosigs
    + +
    +

    Don't try to verify the signatures on the message.

    +
    +
    -nocerts
    + +
    +

    When signing a message the signer's certificate is normally included +with this option it is excluded. This will reduce the size of the +signed message but the verifier must have a copy of the signers certificate +available locally (passed using the -certfile option for example).

    +
    +
    -noattr
    + +
    +

    Normally when a message is signed a set of attributes are included which +include the signing time and supported symmetric algorithms. With this +option they are not included.

    +
    +
    -nodetach
    + +
    +

    When signing a message use opaque signing. This form is more resistant +to translation by mail relays but it cannot be read by mail agents that +do not support S/MIME. Without this option cleartext signing with +the MIME type multipart/signed is used.

    +
    +
    -nosmimecap
    + +
    +

    When signing a message, do not include the SMIMECapabilities attribute.

    +
    +
    -binary
    + +
    +

    Normally the input message is converted to "canonical" format which is +effectively using CR and LF as end of line: as required by the S/MIME +specification. When this option is present no translation occurs. This +is useful when handling binary data which may not be in MIME format.

    +
    +
    -crlfeol
    + +
    +

    Normally the output file uses a single LF as end of line. When this +option is present CRLF is used instead.

    +
    +
    -certfile file
    + +
    +

    Allows additional certificates to be specified. When signing these will +be included with the message. When verifying these will be searched for +the signers certificates. The certificates should be in PEM format.

    +
    +
    -signer file
    + +
    +

    A signing certificate when signing or resigning a message, this option can be +used multiple times if more than one signer is required. If a message is being +verified then the signers certificates will be written to this file if the +verification was successful.

    +
    +
    -nocerts
    + +
    +

    Don't include signers certificate when signing.

    +
    +
    -noattr
    + +
    +

    Don't include any signed attributes when signing.

    +
    +
    -recip file
    + +
    +

    The recipients certificate when decrypting a message. This certificate +must match one of the recipients of the message or an error occurs.

    +
    +
    -inkey file_or_id
    + +
    +

    The private key to use when signing or decrypting. This must match the +corresponding certificate. If this option is not specified then the +private key must be included in the certificate file specified with +the -recip or -signer file. When signing this option can be used +multiple times to specify successive keys. +If no engine is used, the argument is taken as a file; if an engine is +specified, the argument is given to the engine as a key identifier.

    +
    +
    -passin arg
    + +
    +

    The private key password source. For more information about the format of arg +see openssl(1)/Pass Phrase Options.

    +
    +
    -to, -from, -subject
    + +
    +

    The relevant mail headers. These are included outside the signed +portion of a message so they may be included manually. If signing +then many S/MIME mail clients check the signers certificate's email +address matches that specified in the From: address.

    +
    +
    -allow_proxy_certs, -attime, -no_check_time, +-check_ss_sig, -crl_check, -crl_check_all, +-explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, +-inhibit_map, -no_alt_chains, -partial_chain, -policy, +-policy_check, -policy_print, -purpose, -suiteB_128, +-suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, +-auth_level, -verify_depth, -verify_email, -verify_hostname, +-verify_ip, -verify_name, -x509_strict -issuer_checks
    + +
    +

    Set various options of certificate chain verification. +See openssl(1)/Verification Options for details.

    +

    Any verification errors cause the command to exit.

    +
    +
    -CAfile file, -no-CAfile, -CApath dir, -no-CApath, +-CAstore uri, -no-CAstore
    + +
    +

    See openssl(1)/Trusted Certificate Options for details.

    +
    +
    -engine id
    + +
    +

    See openssl(1)/Engine Options.

    +
    +
    -rand files, -writerand file
    + +
    +

    See openssl(1)/Random State Options for details.

    +
    +
    cert.pem ...
    + +
    +

    One or more certificates of message recipients, used when encrypting +a message.

    +
    +
    +

    +

    +
    +

    NOTES

    +

    The MIME message must be sent without any blank lines between the +headers and the output. Some mail programs will automatically add +a blank line. Piping the mail directly to sendmail is one way to +achieve the correct format.

    +

    The supplied message to be signed or encrypted must include the +necessary MIME headers or many S/MIME clients won't display it +properly (if at all). You can use the -text option to automatically +add plain text headers.

    +

    A "signed and encrypted" message is one where a signed message is +then encrypted. This can be produced by encrypting an already signed +message: see the examples section.

    +

    This version of the program only allows one signer per message but it +will verify multiple signers on received messages. Some S/MIME clients +choke if a message contains multiple signers. It is possible to sign +messages "in parallel" by signing an already signed message.

    +

    The options -encrypt and -decrypt reflect common usage in S/MIME +clients. Strictly speaking these process PKCS#7 enveloped data: PKCS#7 +encrypted data is used for other purposes.

    +

    The -resign option uses an existing message digest when adding a new +signer. This means that attributes must be present in at least one existing +signer using the same message digest or this operation will fail.

    +

    The -stream and -indef options enable streaming I/O support. +As a result the encoding is BER using indefinite length constructed encoding +and no longer DER. Streaming is supported for the -encrypt operation and the +-sign operation if the content is not detached.

    +

    Streaming is always used for the -sign operation with detached data but +since the content is no longer part of the PKCS#7 structure the encoding +remains DER.

    +

    +

    +
    +

    EXIT CODES

    +
      +
    1. +

      The operation was completely successfully.

      +
      2. +
    2. +

      An error occurred parsing the command options.

      +
      3. +
    3. +

      One of the input files could not be read.

      +
      4. +
    4. +

      An error occurred creating the PKCS#7 file or when reading the MIME +message.

      +
      5. +
    5. +

      An error occurred decrypting or verifying the message.

      +
      6. +
    6. +

      The message was verified correctly but an error occurred writing out +the signers certificates.

      +
      7. +
    +

    +

    +
    +

    EXAMPLES

    +

    Create a cleartext signed message:

    +
    + openssl smime -sign -in message.txt -text -out mail.msg \
+        -signer mycert.pem
    +

    Create an opaque signed message:

    +
    + openssl smime -sign -in message.txt -text -out mail.msg -nodetach \
+        -signer mycert.pem
    +

    Create a signed message, include some additional certificates and +read the private key from another file:

    +
    + openssl smime -sign -in in.txt -text -out mail.msg \
+        -signer mycert.pem -inkey mykey.pem -certfile mycerts.pem
    +

    Create a signed message with two signers:

    +
    + openssl smime -sign -in message.txt -text -out mail.msg \
+        -signer mycert.pem -signer othercert.pem
    +

    Send a signed message under Unix directly to sendmail, including headers:

    +
    + openssl smime -sign -in in.txt -text -signer mycert.pem \
+        -from steve@openssl.org -to someone@somewhere \
+        -subject "Signed message" | sendmail someone@somewhere
    +

    Verify a message and extract the signer's certificate if successful:

    +
    + openssl smime -verify -in mail.msg -signer user.pem -out signedtext.txt
    +

    Send encrypted mail using triple DES:

    +
    + openssl smime -encrypt -in in.txt -from steve@openssl.org \
+        -to someone@somewhere -subject "Encrypted message" \
+        -des3 user.pem -out mail.msg
    +

    Sign and encrypt mail:

    +
    + openssl smime -sign -in ml.txt -signer my.pem -text \
+        | openssl smime -encrypt -out mail.msg \
+        -from steve@openssl.org -to someone@somewhere \
+        -subject "Signed and Encrypted message" -des3 user.pem
    +

    Note: the encryption command does not include the -text option because the +message being encrypted already has MIME headers.

    +

    Decrypt mail:

    +
    + openssl smime -decrypt -in mail.msg -recip mycert.pem -inkey key.pem
    +

    The output from Netscape form signing is a PKCS#7 structure with the +detached signature format. You can use this program to verify the +signature by line wrapping the base64 encoded structure and surrounding +it with:

    +
    + -----BEGIN PKCS7-----
+ -----END PKCS7-----
    +

    and using the command:

    +
    + openssl smime -verify -inform PEM -in signature.pem -content content.txt
    +

    Alternatively you can base64 decode the signature and use:

    +
    + openssl smime -verify -inform DER -in signature.der -content content.txt
    +

    Create an encrypted message using 128 bit Camellia:

    +
    + openssl smime -encrypt -in plain.txt -camellia128 -out mail.msg cert.pem
    +

    Add a signer to an existing message:

    +
    + openssl smime -resign -in mail.msg -signer newsign.pem -out mail2.msg
    +

    +

    +
    +

    BUGS

    +

    The MIME parser isn't very clever: it seems to handle most messages that I've +thrown at it but it may choke on others.

    +

    The code currently will only write out the signer's certificate to a file: if +the signer has a separate encryption certificate this must be manually +extracted. There should be some heuristic that determines the correct +encryption certificate.

    +

    Ideally a database should be maintained of a certificates for each email +address.

    +

    The code doesn't currently take note of the permitted symmetric encryption +algorithms as supplied in the SMIMECapabilities signed attribute. This means the +user has to manually include the correct encryption algorithm. It should store +the list of permitted ciphers in a database and only use those.

    +

    No revocation checking is done on the signer's certificate.

    +

    The current code can only handle S/MIME v2 messages, the more complex S/MIME v3 +structures may cause parsing errors.

    +

    +

    +
    +

    SEE ALSO

    +

    ossl_store-file(7)

    +

    +

    +
    +

    HISTORY

    +

    The use of multiple -signer options and the -resign command were first +added in OpenSSL 1.0.0

    +

    The -no_alt_chains option was added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-speed.html b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-speed.html new file mode 100755 index 0000000..341f597 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-speed.html @@ -0,0 +1,173 @@ + + + + +openssl-speed + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    openssl-speed - test library performance

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl speed +[-help] +[-elapsed] +[-evp algo] +[-hmac algo] +[-cmac algo] +[-mb] +[-aead] +[-multi num] +[-async_jobs num] +[-misalign num] +[-decrypt] +[-primes num] +[-seconds num] +[-bytes num] +[-mr] +[-rand files] +[-writerand file] +[-engine id] +[algorithm ...]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command is used to test the performance of cryptographic algorithms. +To see the list of supported algorithms, use openssl list -digest-commands +or openssl list -cipher-commands command. The global CSPRNG is denoted by +the rand algorithm name.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -elapsed
    + +
    +

    When calculating operations- or bytes-per-second, use wall-clock time +instead of CPU user time as divisor. It can be useful when testing speed +of hardware engines.

    +
    +
    -evp algo
    + +
    +

    Use the specified cipher or message digest algorithm via the EVP interface. +If algo is an AEAD cipher, then you can pass -aead to benchmark a +TLS-like sequence. And if algo is a multi-buffer capable cipher, e.g. +aes-128-cbc-hmac-sha1, then -mb will time multi-buffer operation.

    +
    +
    -multi num
    + +
    +

    Run multiple operations in parallel.

    +
    +
    -async_jobs num
    + +
    +

    Enable async mode and start specified number of jobs.

    +
    +
    -misalign num
    + +
    +

    Misalign the buffers by the specified number of bytes.

    +
    +
    -hmac digest
    + +
    +

    Time the HMAC algorithm using the specified message digest.

    +
    +
    -cmac cipher
    + +
    +

    Time the CMAC algorithm using the specified cipher e.g. +openssl speed -cmac aes128.

    +
    +
    -decrypt
    + +
    +

    Time the decryption instead of encryption. Affects only the EVP testing.

    +
    +
    -primes num
    + +
    +

    Generate a num-prime RSA key and use it to run the benchmarks. This option +is only effective if RSA algorithm is specified to test.

    +
    +
    -seconds num
    + +
    +

    Run benchmarks for num seconds.

    +
    +
    -bytes num
    + +
    +

    Run benchmarks on num-byte buffers. Affects ciphers, digests and the CSPRNG.

    +
    +
    -mr
    + +
    +

    Produce the summary in a mechanical, machine-readable, format.

    +
    +
    -rand files, -writerand file
    + +
    +

    See openssl(1)/Random State Options for details.

    +
    +
    -engine id
    + +
    +

    See openssl(1)/Engine Options.

    +
    +
    algorithm ...
    + +
    +

    If any algorithm is given, then those algorithms are tested, otherwise a +pre-compiled grand selection is tested.

    +
    +
    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-spkac.html b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-spkac.html new file mode 100755 index 0000000..1037488 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-spkac.html @@ -0,0 +1,199 @@ + + + + +openssl-spkac + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    openssl-spkac - SPKAC printing and generating utility

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl spkac +[-help] +[-in filename] +[-out filename] +[-key keyfile] +[-keyform DER|PEM|ENGINE] +[-passin arg] +[-challenge string] +[-pubkey] +[-spkac spkacname] +[-spksect section] +[-noout] +[-verify] +[-engine id]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command processes Netscape signed public key and challenge +(SPKAC) files. It can print out their contents, verify the signature and +produce its own SPKACs from a supplied private key.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -in filename
    + +
    +

    This specifies the input filename to read from or standard input if this +option is not specified. Ignored if the -key option is used.

    +
    +
    -out filename
    + +
    +

    Specifies the output filename to write to or standard output by +default.

    +
    +
    -key keyfile
    + +
    +

    Create an SPKAC file using the private key in keyfile. The +-in, -noout, -spksect and -verify options are ignored if +present.

    +
    +
    -keyform DER|PEM|ENGINE
    + +
    +

    The key format; the default is PEM. +See openssl(1)/Format Options for details.

    +
    +
    -passin arg
    + +
    +

    The input file password source. For more information about the format of arg +see openssl(1)/Pass Phrase Options.

    +
    +
    -challenge string
    + +
    +

    Specifies the challenge string if an SPKAC is being created.

    +
    +
    -spkac spkacname
    + +
    +

    Allows an alternative name form the variable containing the +SPKAC. The default is "SPKAC". This option affects both +generated and input SPKAC files.

    +
    +
    -spksect section
    + +
    +

    Allows an alternative name form the section containing the +SPKAC. The default is the default section.

    +
    +
    -noout
    + +
    +

    Don't output the text version of the SPKAC (not used if an +SPKAC is being created).

    +
    +
    -pubkey
    + +
    +

    Output the public key of an SPKAC (not used if an SPKAC is +being created).

    +
    +
    -verify
    + +
    +

    Verifies the digital signature on the supplied SPKAC.

    +
    +
    -engine id
    + +
    +

    See openssl(1)/Engine Options.

    +
    +
    +

    +

    +
    +

    EXAMPLES

    +

    Print out the contents of an SPKAC:

    +
    + openssl spkac -in spkac.cnf
    +

    Verify the signature of an SPKAC:

    +
    + openssl spkac -in spkac.cnf -noout -verify
    +

    Create an SPKAC using the challenge string "hello":

    +
    + openssl spkac -key key.pem -challenge hello -out spkac.cnf
    +

    Example of an SPKAC, (long lines split up for clarity):

    +
    + SPKAC=MIG5MGUwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA\
+ 1cCoq2Wa3Ixs47uI7FPVwHVIPDx5yso105Y6zpozam135a\
+ 8R0CpoRvkkigIyXfcCjiVi5oWk+6FfPaD03uPFoQIDAQAB\
+ FgVoZWxsbzANBgkqhkiG9w0BAQQFAANBAFpQtY/FojdwkJ\
+ h1bEIYuc2EeM2KHTWPEepWYeawvHD0gQ3DngSC75YCWnnD\
+ dq+NQ3F+X4deMx9AaEglZtULwV4=
    +

    +

    +
    +

    NOTES

    +

    A created SPKAC with suitable DN components appended can be fed to +openssl-ca(1).

    +

    SPKACs are typically generated by Netscape when a form is submitted +containing the KEYGEN tag as part of the certificate enrollment +process.

    +

    The challenge string permits a primitive form of proof of possession +of private key. By checking the SPKAC signature and a random challenge +string some guarantee is given that the user knows the private key +corresponding to the public key being certified. This is important in +some applications. Without this it is possible for a previous SPKAC +to be used in a "replay attack".

    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +openssl-ca(1)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-srp.html b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-srp.html new file mode 100755 index 0000000..a0249cc --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-srp.html @@ -0,0 +1,129 @@ + + + + +openssl-srp + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    openssl-srp - maintain SRP password file

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl srp +[-help] +[-verbose] +[-add] +[-modify] +[-delete] +[-list] +[-name section] +[-config file] +[-srpvfile file] +[-gn identifier] +[-userinfo text] +[-passin arg] +[-passout arg] +[-engine id] +[-rand files] +[-writerand file] +[user ...]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command is used to maintain an SRP (secure remote password) file. +At most one of the -add, -modify, -delete, and -list options +can be specified. +These options take zero or more usernames as parameters and perform the +appropriate operation on the SRP file. +For -list, if no user is given then all users are displayed.

    +

    The configuration file to use, and the section within the file, can be +specified with the -config and -name flags, respectively.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Display an option summary.

    +
    +
    -verbose
    + +
    +

    Generate verbose output while processing.

    +
    +
    -srpvfile file
    + +
    +

    If the config file is not specified, +-srpvfile can be used to specify the file to operate on.

    +
    +
    -gn
    + +
    +

    Specifies the g and N values, using one of +the strengths defined in IETF RFC 5054.

    +
    +
    -userinfo
    + +
    +

    specifies additional information to add when +adding or modifying a user.

    +
    +
    -passin arg, -passout arg
    + +
    +

    The password source for the input and output file. +For more information about the format of arg +see openssl(1)/Pass Phrase Options.

    +
    +
    -engine id
    + +
    +

    See openssl(1)/Engine Options.

    +

    [-rand files] +[-writerand file]

    +
    +
    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-storeutl.html b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-storeutl.html new file mode 100755 index 0000000..f84372f --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-storeutl.html @@ -0,0 +1,179 @@ + + + + +openssl-storeutl + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    openssl-storeutl - STORE utility

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl storeutl +[-help] +[-out file] +[-noout] +[-passin arg] +[-text arg] +[-r] +[-certs] +[-keys] +[-crls] +[-subject arg] +[-issuer arg] +[-serial arg] +[-alias arg] +[-fingerprint arg] +[-digest] +[-engine id] +uri ...

    +

    +

    +
    +

    DESCRIPTION

    +

    This command can be used to display the contents (after +decryption as the case may be) fetched from the given URIs.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -out filename
    + +
    +

    specifies the output filename to write to or standard output by +default.

    +
    +
    -noout
    + +
    +

    this option prevents output of the PEM data.

    +
    +
    -passin arg
    + +
    +

    the key password source. For more information about the format of arg +see openssl(1)/Pass Phrase Options.

    +
    +
    -text
    + +
    +

    Prints out the objects in text form, similarly to the -text output from +openssl-x509(1), openssl-pkey(1), etc.

    +
    +
    -r
    + +
    +

    Fetch objects recursively when possible.

    +
    +
    -certs
    + +
    -keys
    + +
    -crls
    + +
    +

    Only select the certificates, keys or CRLs from the given URI. +However, if this URI would return a set of names (URIs), those are always +returned.

    +
    +
    -subject arg
    + +
    +

    Search for an object having the subject name arg. +The arg must be formatted as /type0=value0/type1=value1/type2=.... +Keyword characters may be escaped by \ (backslash), and whitespace is retained. +Empty values are permitted but are ignored for the search. That is, +a search with an empty value will have the same effect as not specifying +the type at all.

    +
    +
    -issuer arg
    + +
    -serial arg
    + +
    +

    Search for an object having the given issuer name and serial number. +These two options must be used together. +The issuer arg must be formatted as /type0=value0/type1=value1/type2=..., +characters may be escaped by \ (backslash), no spaces are skipped. +The serial arg may be specified as a decimal value or a hex value if preceded +by 0x.

    +
    +
    -alias arg
    + +
    +

    Search for an object having the given alias.

    +
    +
    -fingerprint arg
    + +
    +

    Search for an object having the given fingerprint.

    +
    +
    -digest
    + +
    +

    The digest that was used to compute the fingerprint given with -fingerprint.

    +
    +
    -engine id
    + +
    +

    See openssl(1)/Engine Options.

    +
    +
    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1)

    +

    +

    +
    +

    HISTORY

    +

    This command was added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-ts.html b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-ts.html new file mode 100755 index 0000000..a45c2e4 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-ts.html @@ -0,0 +1,753 @@ + + + + +openssl-ts + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    openssl-ts - Time Stamping Authority tool (client/server)

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl ts +-help

    +

    openssl ts +-query +[-config configfile] +[-data file_to_hash] +[-digest digest_bytes] +[-digest] +[-tspolicy object_id] +[-no_nonce] +[-cert] +[-in request.tsq] +[-out request.tsq] +[-text] +[-rand files] +[-writerand file]

    +

    openssl ts +-reply +[-config configfile] +[-section tsa_section] +[-queryfile request.tsq] +[-passin password_src] +[-signer tsa_cert.pem] +[-inkey file_or_id] +[-digest] +[-chain certs_file.pem] +[-tspolicy object_id] +[-in response.tsr] +[-untrusted file] +[-token_in] +[-out response.tsr] +[-token_out] +[-text] +[-engine id]

    +

    openssl ts +-verify +[-data file_to_hash] +[-digest digest_bytes] +[-queryfile request.tsq] +[-in response.tsr] +[-token_in] +[-CAfile file] +[-CApath dir] +[-CAstore uri] +[-allow_proxy_certs] +[-attime timestamp] +[-no_check_time] +[-check_ss_sig] +[-crl_check] +[-crl_check_all] +[-explicit_policy] +[-extended_crl] +[-ignore_critical] +[-inhibit_any] +[-inhibit_map] +[-partial_chain] +[-policy arg] +[-policy_check] +[-policy_print] +[-purpose purpose] +[-suiteB_128] +[-suiteB_128_only] +[-suiteB_192] +[-trusted_first] +[-no_alt_chains] +[-use_deltas] +[-auth_level num] +[-verify_depth num] +[-verify_email email] +[-verify_hostname hostname] +[-verify_ip ip] +[-verify_name name] +[-x509_strict] +[-issuer_checks]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command is a basic Time Stamping Authority (TSA) client and +server application as specified in RFC 3161 (Time-Stamp Protocol, TSP). A +TSA can be part of a PKI deployment and its role is to provide long +term proof of the existence of a certain datum before a particular +time. Here is a brief description of the protocol:

    +
      +
    1. +

      The TSA client computes a one-way hash value for a data file and sends +the hash to the TSA.

      +
      2. +
    2. +

      The TSA attaches the current date and time to the received hash value, +signs them and sends the timestamp token back to the client. By +creating this token the TSA certifies the existence of the original +data file at the time of response generation.

      +
      3. +
    3. +

      The TSA client receives the timestamp token and verifies the +signature on it. It also checks if the token contains the same hash +value that it had sent to the TSA.

      +
      4. +
    +

    There is one DER encoded protocol data unit defined for transporting a time +stamp request to the TSA and one for sending the timestamp response +back to the client. This command has three main functions: +creating a timestamp request based on a data file, +creating a timestamp response based on a request, verifying if a +response corresponds to a particular request or a data file.

    +

    There is no support for sending the requests/responses automatically +over HTTP or TCP yet as suggested in RFC 3161. The users must send the +requests either by ftp or e-mail.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    +

    +

    +

    Timestamp Request generation

    +

    The -query switch can be used for creating and printing a timestamp +request with the following options:

    +
    +
    -config configfile
    + +
    +

    The configuration file to use. +Optional; for a description of the default value, +see openssl(1)/COMMAND SUMMARY.

    +
    +
    -data file_to_hash
    + +
    +

    The data file for which the timestamp request needs to be +created. stdin is the default if neither the -data nor the -digest +parameter is specified. (Optional)

    +
    +
    -digest digest_bytes
    + +
    +

    It is possible to specify the message imprint explicitly without the data +file. The imprint must be specified in a hexadecimal format, two characters +per byte, the bytes optionally separated by colons (e.g. 1A:F6:01:... or +1AF601...). The number of bytes must match the message digest algorithm +in use. (Optional)

    +
    +
    -digest
    + +
    +

    The message digest to apply to the data file. +Any digest supported by the openssl-dgst(1) command can be used. +The default is SHA-256. (Optional)

    +
    +
    -tspolicy object_id
    + +
    +

    The policy that the client expects the TSA to use for creating the +timestamp token. Either the dotted OID notation or OID names defined +in the config file can be used. If no policy is requested the TSA will +use its own default policy. (Optional)

    +
    +
    -no_nonce
    + +
    +

    No nonce is specified in the request if this option is +given. Otherwise a 64 bit long pseudo-random none is +included in the request. It is recommended to use nonce to +protect against replay-attacks. (Optional)

    +
    +
    -cert
    + +
    +

    The TSA is expected to include its signing certificate in the +response. (Optional)

    +
    +
    -in request.tsq
    + +
    +

    This option specifies a previously created timestamp request in DER +format that will be printed into the output file. Useful when you need +to examine the content of a request in human-readable +format. (Optional)

    +
    +
    -out request.tsq
    + +
    +

    Name of the output file to which the request will be written. Default +is stdout. (Optional)

    +
    +
    -text
    + +
    +

    If this option is specified the output is human-readable text format +instead of DER. (Optional)

    +
    +
    -rand files, -writerand file
    + +
    +

    See openssl(1)/Random State Options for details.

    +
    +
    +

    +

    +

    Timestamp Response generation

    +

    A timestamp response (TimeStampResp) consists of a response status +and the timestamp token itself (ContentInfo), if the token generation was +successful. The -reply command is for creating a timestamp +response or timestamp token based on a request and printing the +response/token in human-readable format. If -token_out is not +specified the output is always a timestamp response (TimeStampResp), +otherwise it is a timestamp token (ContentInfo).

    +
    +
    -config configfile
    + +
    +

    The configuration file to use. +Optional; for a description of the default value, +see openssl(1)/COMMAND SUMMARY. +See CONFIGURATION FILE OPTIONS for configurable variables.

    +
    +
    -section tsa_section
    + +
    +

    The name of the config file section containing the settings for the +response generation. If not specified the default TSA section is +used, see CONFIGURATION FILE OPTIONS for details. (Optional)

    +
    +
    -queryfile request.tsq
    + +
    +

    The name of the file containing a DER encoded timestamp request. (Optional)

    +
    +
    -passin password_src
    + +
    +

    Specifies the password source for the private key of the TSA. See +description in openssl(1). (Optional)

    +
    +
    -signer tsa_cert.pem
    + +
    +

    The signer certificate of the TSA in PEM format. The TSA signing +certificate must have exactly one extended key usage assigned to it: +timeStamping. The extended key usage must also be critical, otherwise +the certificate is going to be refused. Overrides the signer_cert +variable of the config file. (Optional)

    +
    +
    -inkey file_or_id
    + +
    +

    The signer private key of the TSA in PEM format. Overrides the +signer_key config file option. (Optional) +If no engine is used, the argument is taken as a file; if an engine is +specified, the argument is given to the engine as a key identifier.

    +
    +
    -digest
    + +
    +

    Signing digest to use. Overrides the signer_digest config file +option. (Mandatory unless specified in the config file)

    +
    +
    -chain certs_file.pem
    + +
    +

    The collection of certificates in PEM format that will all +be included in the response in addition to the signer certificate if +the -cert option was used for the request. This file is supposed to +contain the certificate chain for the signer certificate from its +issuer upwards. The -reply command does not build a certificate +chain automatically. (Optional)

    +
    +
    -tspolicy object_id
    + +
    +

    The default policy to use for the response unless the client +explicitly requires a particular TSA policy. The OID can be specified +either in dotted notation or with its name. Overrides the +default_policy config file option. (Optional)

    +
    +
    -in response.tsr
    + +
    +

    Specifies a previously created timestamp response or timestamp token +(if -token_in is also specified) in DER format that will be written +to the output file. This option does not require a request, it is +useful e.g. when you need to examine the content of a response or +token or you want to extract the timestamp token from a response. If +the input is a token and the output is a timestamp response a default +'granted' status info is added to the token. (Optional)

    +
    +
    -token_in
    + +
    +

    This flag can be used together with the -in option and indicates +that the input is a DER encoded timestamp token (ContentInfo) instead +of a timestamp response (TimeStampResp). (Optional)

    +
    +
    -out response.tsr
    + +
    +

    The response is written to this file. The format and content of the +file depends on other options (see -text, -token_out). The default is +stdout. (Optional)

    +
    +
    -token_out
    + +
    +

    The output is a timestamp token (ContentInfo) instead of timestamp +response (TimeStampResp). (Optional)

    +
    +
    -text
    + +
    +

    If this option is specified the output is human-readable text format +instead of DER. (Optional)

    +
    +
    -engine id
    + +
    +

    See openssl(1)/Engine Options.

    +
    +
    +

    +

    +

    Timestamp Response verification

    +

    The -verify command is for verifying if a timestamp response or time +stamp token is valid and matches a particular timestamp request or +data file. The -verify command does not use the configuration file.

    +
    +
    -data file_to_hash
    + +
    +

    The response or token must be verified against file_to_hash. The file +is hashed with the message digest algorithm specified in the token. +The -digest and -queryfile options must not be specified with this one. +(Optional)

    +
    +
    -digest digest_bytes
    + +
    +

    The response or token must be verified against the message digest specified +with this option. The number of bytes must match the message digest algorithm +specified in the token. The -data and -queryfile options must not be +specified with this one. (Optional)

    +
    +
    -queryfile request.tsq
    + +
    +

    The original timestamp request in DER format. The -data and -digest +options must not be specified with this one. (Optional)

    +
    +
    -in response.tsr
    + +
    +

    The timestamp response that needs to be verified in DER format. (Mandatory)

    +
    +
    -token_in
    + +
    +

    This flag can be used together with the -in option and indicates +that the input is a DER encoded timestamp token (ContentInfo) instead +of a timestamp response (TimeStampResp). (Optional)

    +
    +
    -untrusted cert_file.pem
    + +
    +

    Set of additional untrusted certificates in PEM format which may be +needed when building the certificate chain for the TSA's signing +certificate. This file must contain the TSA signing certificate and +all intermediate CA certificates unless the response includes them. +(Optional)

    +
    +
    -CAfile file, -CApath dir, -CAstore uri
    + +
    +

    See openssl(1)/Trusted Certificate Options for details. +At least one of -CApath, -CAfile or -CAstore must be specified.

    +
    +
    -allow_proxy_certs, -attime, -no_check_time, +-check_ss_sig, -crl_check, -crl_check_all, +-explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, +-inhibit_map, -no_alt_chains, -partial_chain, -policy, +-policy_check, -policy_print, -purpose, -suiteB_128, +-suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, +-auth_level, -verify_depth, -verify_email, -verify_hostname, +-verify_ip, -verify_name, -x509_strict -issuer_checks
    + +
    +

    Set various options of certificate chain verification. +See openssl(1)/Verification Options for details.

    +

    Any verification errors cause the command to exit.

    +
    +
    +

    +

    +
    +

    CONFIGURATION FILE OPTIONS

    +

    The -query and -reply commands make use of a configuration file. +See config(5) +for a general description of the syntax of the config file. The +-query command uses only the symbolic OID names section +and it can work without it. However, the -reply command needs the +config file for its operation.

    +

    When there is a command line switch equivalent of a variable the +switch always overrides the settings in the config file.

    +
    +
    tsa section, default_tsa
    + +
    +

    This is the main section and it specifies the name of another section +that contains all the options for the -reply command. This default +section can be overridden with the -section command line switch. (Optional)

    +
    +
    oid_file
    + +
    +

    This specifies a file containing additional OBJECT IDENTIFIERS. +Each line of the file should consist of the numerical form of the +object identifier followed by white space then the short name followed +by white space and finally the long name. (Optional)

    +
    +
    oid_section
    + +
    +

    This specifies a section in the configuration file containing extra +object identifiers. Each line should consist of the short name of the +object identifier followed by = and the numerical form. The short +and long names are the same when this option is used. (Optional)

    +
    +
    RANDFILE
    + +
    +

    At startup the specified file is loaded into the random number generator, +and at exit 256 bytes will be written to it. (Note: Using a RANDFILE is +not necessary anymore, see the HISTORY section.

    +
    +
    serial
    + +
    +

    The name of the file containing the hexadecimal serial number of the +last timestamp response created. This number is incremented by 1 for +each response. If the file does not exist at the time of response +generation a new file is created with serial number 1. (Mandatory)

    +
    +
    crypto_device
    + +
    +

    Specifies the OpenSSL engine that will be set as the default for +all available algorithms. The default value is built-in, you can specify +any other engines supported by OpenSSL (e.g. use chil for the NCipher HSM). +(Optional)

    +
    +
    signer_cert
    + +
    +

    TSA signing certificate in PEM format. The same as the -signer +command line option. (Optional)

    +
    +
    certs
    + +
    +

    A file containing a set of PEM encoded certificates that need to be +included in the response. The same as the -chain command line +option. (Optional)

    +
    +
    signer_key
    + +
    +

    The private key of the TSA in PEM format. The same as the -inkey +command line option. (Optional)

    +
    +
    signer_digest
    + +
    +

    Signing digest to use. The same as the +-digest command line option. (Mandatory unless specified on the command +line)

    +
    +
    default_policy
    + +
    +

    The default policy to use when the request does not mandate any +policy. The same as the -tspolicy command line option. (Optional)

    +
    +
    other_policies
    + +
    +

    Comma separated list of policies that are also acceptable by the TSA +and used only if the request explicitly specifies one of them. (Optional)

    +
    +
    digests
    + +
    +

    The list of message digest algorithms that the TSA accepts. At least +one algorithm must be specified. (Mandatory)

    +
    +
    accuracy
    + +
    +

    The accuracy of the time source of the TSA in seconds, milliseconds +and microseconds. E.g. secs:1, millisecs:500, microsecs:100. If any of +the components is missing zero is assumed for that field. (Optional)

    +
    +
    clock_precision_digits
    + +
    +

    Specifies the maximum number of digits, which represent the fraction of +seconds, that need to be included in the time field. The trailing zeros +must be removed from the time, so there might actually be fewer digits, +or no fraction of seconds at all. Supported only on UNIX platforms. +The maximum value is 6, default is 0. +(Optional)

    +
    +
    ordering
    + +
    +

    If this option is yes the responses generated by this TSA can always +be ordered, even if the time difference between two responses is less +than the sum of their accuracies. Default is no. (Optional)

    +
    +
    tsa_name
    + +
    +

    Set this option to yes if the subject name of the TSA must be included in +the TSA name field of the response. Default is no. (Optional)

    +
    +
    ess_cert_id_chain
    + +
    +

    The SignedData objects created by the TSA always contain the +certificate identifier of the signing certificate in a signed +attribute (see RFC 2634, Enhanced Security Services). If this option +is set to yes and either the certs variable or the -chain option +is specified then the certificate identifiers of the chain will also +be included in the SigningCertificate signed attribute. If this +variable is set to no, only the signing certificate identifier is +included. Default is no. (Optional)

    +
    +
    ess_cert_id_alg
    + +
    +

    This option specifies the hash function to be used to calculate the TSA's +public key certificate identifier. Default is sha256. (Optional)

    +
    +
    +

    +

    +
    +

    EXAMPLES

    +

    All the examples below presume that OPENSSL_CONF is set to a proper +configuration file, e.g. the example configuration file +openssl/apps/openssl.cnf will do.

    +

    +

    +

    Timestamp Request

    +

    To create a timestamp request for design1.txt with SHA-256 digest, +without nonce and policy, and without requirement for a certificate +in the response:

    +
    +  openssl ts -query -data design1.txt -no_nonce \
+        -out design1.tsq
    +

    To create a similar timestamp request with specifying the message imprint +explicitly:

    +
    +  openssl ts -query -digest b7e5d3f93198b38379852f2c04e78d73abdd0f4b \
+         -no_nonce -out design1.tsq
    +

    To print the content of the previous request in human readable format:

    +
    +  openssl ts -query -in design1.tsq -text
    +

    To create a timestamp request which includes the SHA-512 digest +of design2.txt, requests the signer certificate and nonce, and +specifies a policy id (assuming the tsa_policy1 name is defined in the +OID section of the config file):

    +
    +  openssl ts -query -data design2.txt -sha512 \
+        -tspolicy tsa_policy1 -cert -out design2.tsq
    +

    +

    +

    Timestamp Response

    +

    Before generating a response a signing certificate must be created for +the TSA that contains the timeStamping critical extended key usage extension +without any other key usage extensions. You can add this line to the +user certificate section of the config file to generate a proper certificate;

    +
    +   extendedKeyUsage = critical,timeStamping
    +

    See openssl-req(1), openssl-ca(1), and openssl-x509(1) for +instructions. The examples below assume that cacert.pem contains the +certificate of the CA, tsacert.pem is the signing certificate issued +by cacert.pem and tsakey.pem is the private key of the TSA.

    +

    To create a timestamp response for a request:

    +
    +  openssl ts -reply -queryfile design1.tsq -inkey tsakey.pem \
+        -signer tsacert.pem -out design1.tsr
    +

    If you want to use the settings in the config file you could just write:

    +
    +  openssl ts -reply -queryfile design1.tsq -out design1.tsr
    +

    To print a timestamp reply to stdout in human readable format:

    +
    +  openssl ts -reply -in design1.tsr -text
    +

    To create a timestamp token instead of timestamp response:

    +
    +  openssl ts -reply -queryfile design1.tsq -out design1_token.der -token_out
    +

    To print a timestamp token to stdout in human readable format:

    +
    +  openssl ts -reply -in design1_token.der -token_in -text -token_out
    +

    To extract the timestamp token from a response:

    +
    +  openssl ts -reply -in design1.tsr -out design1_token.der -token_out
    +

    To add 'granted' status info to a timestamp token thereby creating a +valid response:

    +
    +  openssl ts -reply -in design1_token.der -token_in -out design1.tsr
    +

    +

    +

    Timestamp Verification

    +

    To verify a timestamp reply against a request:

    +
    +  openssl ts -verify -queryfile design1.tsq -in design1.tsr \
+        -CAfile cacert.pem -untrusted tsacert.pem
    +

    To verify a timestamp reply that includes the certificate chain:

    +
    +  openssl ts -verify -queryfile design2.tsq -in design2.tsr \
+        -CAfile cacert.pem
    +

    To verify a timestamp token against the original data file: + openssl ts -verify -data design2.txt -in design2.tsr \ + -CAfile cacert.pem

    +

    To verify a timestamp token against a message imprint: + openssl ts -verify -digest b7e5d3f93198b38379852f2c04e78d73abdd0f4b \ + -in design2.tsr -CAfile cacert.pem

    +

    You could also look at the 'test' directory for more examples.

    +

    +

    +
    +

    BUGS

    +
      +
    • +

      No support for timestamps over SMTP, though it is quite easy +to implement an automatic e-mail based TSA with procmail(1) +and perl(1). HTTP server support is provided in the form of +a separate apache module. HTTP client support is provided by +tsget(1). Pure TCP/IP protocol is not supported.

      +
      • +
    • +

      The file containing the last serial number of the TSA is not +locked when being read or written. This is a problem if more than one +instance of openssl(1) is trying to create a timestamp +response at the same time. This is not an issue when using the apache +server module, it does proper locking.

      +
      • +
    • +

      Look for the FIXME word in the source files.

      +
      • +
    • +

      The source code should really be reviewed by somebody else, too.

      +
      • +
    • +

      More testing is needed, I have done only some basic tests (see +test/testtsa).

      +
      • +
    +

    +

    +
    +

    HISTORY

    +

    OpenSSL 1.1.1 introduced a new random generator (CSPRNG) with an improved +seeding mechanism. The new seeding mechanism makes it unnecessary to +define a RANDFILE for saving and restoring randomness. This option is +retained mainly for compatibility reasons.

    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +tsget(1), +openssl-req(1), +openssl-x509(1), +openssl-ca(1), +openssl-genrsa(1), +config(5), +ossl_store-file(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-verify.html b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-verify.html new file mode 100755 index 0000000..6d4c0f4 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-verify.html @@ -0,0 +1,270 @@ + + + + +openssl-verify + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    openssl-verify - Utility to verify certificates

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl verify +[-help] +[-CRLfile file] +[-crl_download] +[-show_chain] +[-sm2-id hexstring] +[-sm2-hex-id hexstring] +[-verbose] +[-trusted file] +[-untrusted file] +[-nameopt option] +[-CAfile file] +[-no-CAfile] +[-CApath dir] +[-no-CApath] +[-CAstore uri] +[-no-CAstore] +[-engine id] +[-allow_proxy_certs] +[-attime timestamp] +[-no_check_time] +[-check_ss_sig] +[-crl_check] +[-crl_check_all] +[-explicit_policy] +[-extended_crl] +[-ignore_critical] +[-inhibit_any] +[-inhibit_map] +[-partial_chain] +[-policy arg] +[-policy_check] +[-policy_print] +[-purpose purpose] +[-suiteB_128] +[-suiteB_128_only] +[-suiteB_192] +[-trusted_first] +[-no_alt_chains] +[-use_deltas] +[-auth_level num] +[-verify_depth num] +[-verify_email email] +[-verify_hostname hostname] +[-verify_ip ip] +[-verify_name name] +[-x509_strict] +[-issuer_checks]

    +

    [--] +[certificate ...]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command verifies certificate chains.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -CAfile file, -no-CAfile, -CApath dir, -no-CApath
    + +
    +

    See openssl(1)/Trusted Certificate Options for more information.

    +
    +
    -CRLfile file
    + +
    +

    The file should contain one or more CRLs in PEM format. +This option can be specified more than once to include CRLs from multiple +files.

    +
    +
    -crl_download
    + +
    +

    Attempt to download CRL information for this certificate.

    +
    +
    -show_chain
    + +
    +

    Display information about the certificate chain that has been built (if +successful). Certificates in the chain that came from the untrusted list will be +flagged as "untrusted".

    +
    +
    -sm2-id hexstring
    + +
    +

    Specify the ID string to use when verifying an SM2 certificate. The ID string is +required by the SM2 signature algorithm for signing and verification.

    +
    +
    -sm2-hex-id hexstring
    + +
    +

    Specify a binary ID string to use when signing or verifying using an SM2 +certificate. The argument for this option is string of hexadecimal digits.

    +
    +
    -verbose
    + +
    +

    Print extra information about the operations being performed.

    +
    +
    -trusted file
    + +
    +

    A file of trusted certificates.

    +
    +
    -untrusted file
    + +
    +

    A file of untrusted certificates.

    +
    +
    -nameopt option
    + +
    +

    This specifies how the subject or issuer names are displayed. +See openssl(1)/Name Format Options for details.

    +
    +
    -engine id
    + +
    +

    See openssl(1)/Engine Options. +To load certificates or CRLs that require engine support, specify the +-engine option before any of the +-trusted, -untrusted or -CRLfile options.

    +
    +
    -CAfile file, -no-CAfile, -CApath dir, -no-CApath, +-CAstore uri, -no-CAstore
    + +
    +

    See openssl(1)/Trusted Certificate Options for details.

    +
    +
    -allow_proxy_certs, -attime, -no_check_time, +-check_ss_sig, -crl_check, -crl_check_all, +-explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, +-inhibit_map, -no_alt_chains, -partial_chain, -policy, +-policy_check, -policy_print, -purpose, -suiteB_128, +-suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, +-auth_level, -verify_depth, -verify_email, -verify_hostname, +-verify_ip, -verify_name, -x509_strict -issuer_checks
    + +
    +

    Set various options of certificate chain verification. +See openssl(1)/Verification Options for details.

    +
    +
    --
    + +
    +

    Indicates the last option. All arguments following this are assumed to be +certificate files. This is useful if the first certificate filename begins +with a -.

    +
    +
    certificate ...
    + +
    +

    One or more certificates to verify. If no certificates are given, +this command will attempt to read a certificate from standard input. +Certificates must be in PEM format. +If a certificate chain has multiple problems, this program tries to +display all of them.

    +
    +
    +

    +

    +
    +

    DIAGNOSTICS

    +

    When a verify operation fails the output messages can be somewhat cryptic. The +general form of the error message is:

    +
    + server.pem: /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
+ error 24 at 1 depth lookup:invalid CA certificate
    +

    The first line contains the name of the certificate being verified followed by +the subject name of the certificate. The second line contains the error number +and the depth. The depth is number of the certificate being verified when a +problem was detected starting with zero for the certificate being verified itself +then 1 for the CA that signed the certificate and so on. Finally a text version +of the error number is presented.

    +

    A list of the error codes and messages can be found in +X509_STORE_CTX_get_error(3); the full list is defined in the header file +<openssl/x509_vfy.h >>.

    +

    This command ignores many errors, in order to allow all the problems with a +certificate chain to be determined.

    +

    +

    +
    +

    BUGS

    +

    Although the issuer checks are a considerable improvement over the old +technique they still suffer from limitations in the underlying X509_LOOKUP +API. One consequence of this is that trusted certificates with matching +subject name must either appear in a file (as specified by the -CAfile +option), a directory (as specified by -CApath), or a store (as specified +by -CAstore). If they occur in more than one location then only the +certificates in the file will be recognised.

    +

    Previous versions of OpenSSL assume certificates with matching subject +name are identical and mishandled them.

    +

    Previous versions of this documentation swapped the meaning of the +X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT and +X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY error codes.

    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +openssl-x509(1), +ossl_store-file(7)

    +

    +

    +
    +

    HISTORY

    +

    The -show_chain option was added in OpenSSL 1.1.0.

    +

    The -sm2-id and -sm2-hex-id options were added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-version.html b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-version.html new file mode 100755 index 0000000..40482b3 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-version.html @@ -0,0 +1,142 @@ + + + + +openssl-version + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    openssl-version - print OpenSSL version information

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl version +[-help] +[-a] +[-v] +[-b] +[-o] +[-f] +[-p] +[-d] +[-e] +[-m] +[-r] +[-c]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command is used to print out version information about OpenSSL.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -a
    + +
    +

    All information, this is the same as setting all the other flags.

    +
    +
    -v
    + +
    +

    The current OpenSSL version.

    +
    +
    -b
    + +
    +

    The date the current version of OpenSSL was built.

    +
    +
    -o
    + +
    +

    Option information: various options set when the library was built.

    +
    +
    -f
    + +
    +

    Compilation flags.

    +
    +
    -p
    + +
    +

    Platform setting.

    +
    +
    -d
    + +
    +

    OPENSSLDIR setting.

    +
    +
    -e
    + +
    +

    ENGINESDIR settings.

    +
    +
    -m
    + +
    +

    MODULESDIR settings.

    +
    +
    -r
    + +
    +

    The random number generator source settings.

    +
    +
    -c
    + +
    +

    The OpenSSL CPU settings info.

    +
    +
    +

    +

    +
    +

    NOTES

    +

    The output of openssl version -a would typically be used when sending +in a bug report.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-x509.html b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-x509.html new file mode 100755 index 0000000..9c59ce5 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl-x509.html @@ -0,0 +1,923 @@ + + + + +openssl-x509 + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    openssl-x509 - Certificate display and signing utility

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl x509 +[-help] +[-inform DER|PEM] +[-outform DER|PEM] +[-keyform DER|PEM|ENGINE] +[-CAform DER|PEM] +[-CAkeyform DER|PEM|ENGINE] +[-in filename] +[-out filename] +[-serial] +[-hash] +[-subject_hash] +[-subject_hash_old] +[-issuer_hash] +[-issuer_hash_old] +[-ocspid] +[-subject] +[-issuer] +[-email] +[-ocsp_uri] +[-startdate] +[-enddate] +[-purpose] +[-dates] +[-checkend num] +[-modulus] +[-pubkey] +[-fingerprint] +[-alias] +[-noout] +[-trustout] +[-clrtrust] +[-clrreject] +[-addtrust arg] +[-addreject arg] +[-setalias arg] +[-days arg] +[-set_serial n] +[-signkey arg] +[-badsig] +[-passin arg] +[-x509toreq] +[-req] +[-CA filename] +[-CAkey filename] +[-CAcreateserial] +[-CAserial filename] +[-new] +[-next_serial] +[-nocert] +[-force_pubkey filename] +[-subj arg] +[-text] +[-ext extensions] +[-certopt option] +[-checkhost host] +[-checkemail host] +[-checkip ipaddr] +[-C] +[-digest] +[-clrext] +[-extfile filename] +[-extensions section] +[-sigopt nm:v] +[-preserve_dates] +[-nameopt option] +[-rand files] +[-writerand file] +[-engine id]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command is a multi purpose certificate utility. It can +be used to display certificate information, convert certificates to +various forms, sign certificate requests like a "mini CA" or edit +certificate trust settings.

    +

    Since there are a large number of options they will split up into +various sections.

    +

    +

    +
    +

    OPTIONS

    +

    +

    +

    Input, Output, and General Purpose Options

    +
    +
    -help
    + +
    +

    Print out a usage message.

    +
    +
    -inform DER|PEM, -outform DER|PEM
    + +
    +

    The input and formats; the default is PEM. +See openssl(1)/Format Options for details.

    +

    The input is normally an X.509 certificate, but this can change if other +options such as -req are used.

    +
    +
    -in filename
    + +
    +

    This specifies the input filename to read a certificate from or standard input +if this option is not specified.

    +
    +
    -out filename
    + +
    +

    This specifies the output filename to write to or standard output by +default.

    +
    +
    -digest
    + +
    +

    The digest to use. +This affects any signing or display option that uses a message +digest, such as the -fingerprint, -signkey and -CA options. +Any digest supported by the openssl-dgst(1) command can be used. +If not specified then SHA1 is used with -fingerprint or +the default digest for the signing algorithm is used, typically SHA256.

    +
    +
    -preserve_dates
    + +
    +

    When signing a certificate, preserve the "notBefore" and "notAfter" dates +instead of adjusting them to current time and duration. +Cannot be used with the -days option.

    +

    [-rand files] +[-writerand file]

    +
    +
    -engine id
    + +
    +

    See openssl(1)/Engine Options.

    +
    +
    +

    +

    +

    Display Options

    +

    Note: the -alias and -purpose options are also display options +but are described in the Trust Settings section.

    +
    +
    -text
    + +
    +

    Prints out the certificate in text form. Full details are output including the +public key, signature algorithms, issuer and subject names, serial number +any extensions present and any trust settings.

    +
    +
    -ext extensions
    + +
    +

    Prints out the certificate extensions in text form. Extensions are specified +with a comma separated string, e.g., "subjectAltName,subjectKeyIdentifier". +See the x509v3_config(5) manual page for the extension names.

    +
    +
    -certopt option
    + +
    +

    Customise the output format used with -text. The option argument +can be a single option or multiple options separated by commas. The +-certopt switch may be also be used more than once to set multiple +options. See the Text Options section for more information.

    +
    +
    -checkhost host
    + +
    +

    Check that the certificate matches the specified host.

    +
    +
    -checkemail email
    + +
    +

    Check that the certificate matches the specified email address.

    +
    +
    -checkip ipaddr
    + +
    +

    Check that the certificate matches the specified IP address.

    +
    +
    -noout
    + +
    +

    This option prevents output of the encoded version of the certificate.

    +
    +
    -pubkey
    + +
    +

    Outputs the certificate's SubjectPublicKeyInfo block in PEM format.

    +
    +
    -modulus
    + +
    +

    This option prints out the value of the modulus of the public key +contained in the certificate.

    +
    +
    -serial
    + +
    +

    Outputs the certificate serial number.

    +
    +
    -subject_hash
    + +
    +

    Outputs the "hash" of the certificate subject name. This is used in OpenSSL to +form an index to allow certificates in a directory to be looked up by subject +name.

    +
    +
    -issuer_hash
    + +
    +

    Outputs the "hash" of the certificate issuer name.

    +
    +
    -ocspid
    + +
    +

    Outputs the OCSP hash values for the subject name and public key.

    +
    +
    -hash
    + +
    +

    Synonym for "-subject_hash" for backward compatibility reasons.

    +
    +
    -subject_hash_old
    + +
    +

    Outputs the "hash" of the certificate subject name using the older algorithm +as used by OpenSSL before version 1.0.0.

    +
    +
    -issuer_hash_old
    + +
    +

    Outputs the "hash" of the certificate issuer name using the older algorithm +as used by OpenSSL before version 1.0.0.

    +
    +
    -subject
    + +
    +

    Outputs the subject name.

    +
    +
    -issuer
    + +
    +

    Outputs the issuer name.

    +
    +
    -nameopt option
    + +
    +

    This specifies how the subject or issuer names are displayed. +See openssl(1)/Name Format Options for details.

    +
    +
    -email
    + +
    +

    Outputs the email address(es) if any.

    +
    +
    -ocsp_uri
    + +
    +

    Outputs the OCSP responder address(es) if any.

    +
    +
    -startdate
    + +
    +

    Prints out the start date of the certificate, that is the notBefore date.

    +
    +
    -enddate
    + +
    +

    Prints out the expiry date of the certificate, that is the notAfter date.

    +
    +
    -dates
    + +
    +

    Prints out the start and expiry dates of a certificate.

    +
    +
    -checkend arg
    + +
    +

    Checks if the certificate expires within the next arg seconds and exits +nonzero if yes it will expire or zero if not.

    +
    +
    -fingerprint
    + +
    +

    Calculates and outputs the digest of the DER encoded version of the entire +certificate (see digest options). +This is commonly called a "fingerprint". Because of the nature of message +digests, the fingerprint of a certificate is unique to that certificate and +two certificates with the same fingerprint can be considered to be the same.

    +
    +
    -C
    + +
    +

    This outputs the certificate in the form of a C source file.

    +
    +
    +

    +

    +

    Trust Settings

    +

    A trusted certificate is an ordinary certificate which has several +additional pieces of information attached to it such as the permitted +and prohibited uses of the certificate and an "alias".

    +

    Normally when a certificate is being verified at least one certificate +must be "trusted". By default a trusted certificate must be stored +locally and must be a root CA: any certificate chain ending in this CA +is then usable for any purpose.

    +

    Trust settings currently are only used with a root CA. They allow a finer +control over the purposes the root CA can be used for. For example a CA +may be trusted for SSL client but not SSL server use.

    +

    See the description in openssl-verify(1) for more information +on the meaning of trust settings.

    +

    Future versions of OpenSSL will recognize trust settings on any +certificate: not just root CAs.

    +
    +
    -trustout
    + +
    +

    Output a trusted certificate rather than an ordinary. An ordinary +or trusted certificate can be input but by default an ordinary +certificate is output and any trust settings are discarded. With the +-trustout option a trusted certificate is output. A trusted +certificate is automatically output if any trust settings are modified.

    +
    +
    -setalias arg
    + +
    +

    Sets the alias of the certificate. This will allow the certificate +to be referred to using a nickname for example "Steve's Certificate".

    +
    +
    -alias
    + +
    +

    Outputs the certificate alias, if any.

    +
    +
    -clrtrust
    + +
    +

    Clears all the permitted or trusted uses of the certificate.

    +
    +
    -clrreject
    + +
    +

    Clears all the prohibited or rejected uses of the certificate.

    +
    +
    -addtrust arg
    + +
    +

    Adds a trusted certificate use. +Any object name can be used here but currently only clientAuth (SSL client +use), serverAuth (SSL server use), emailProtection (S/MIME email) and +anyExtendedKeyUsage are used. +As of OpenSSL 1.1.0, the last of these blocks all purposes when rejected or +enables all purposes when trusted. +Other OpenSSL applications may define additional uses.

    +
    +
    -addreject arg
    + +
    +

    Adds a prohibited use. It accepts the same values as the -addtrust +option.

    +
    +
    -purpose
    + +
    +

    This option performs tests on the certificate extensions and outputs +the results. For a more complete description see the +CERTIFICATE EXTENSIONS section.

    +
    +
    +

    +

    +

    Signing Options

    +

    This command can be used to sign certificates and requests: it +can thus behave like a "mini CA".

    +
    +
    -signkey arg
    + +
    +

    This option causes the input file to be self signed using the supplied +private key or engine. The private key's format is specified with the +-keyform option.

    +

    It sets the issuer name to the subject name (i.e., makes it self-issued) +and changes the public key to the supplied value (unless overridden by +-force_pubkey). It sets the validity start date to the current time +and the end date to a value determined by the -days option. +It retains any certificate extensions unless the -clrext option is supplied; +this includes, for example, any existing key identifier extensions.

    +
    +
    -badsig
    + +
    +

    Corrupt the signature before writing it; this can be useful +for testing.

    +
    +
    -sigopt nm:v
    + +
    +

    Pass options to the signature algorithm during sign or verify operations. +Names and values of these options are algorithm-specific.

    +
    +
    -passin arg
    + +
    +

    The key password source. For more information about the format of arg +see openssl(1)/Pass Phrase Options.

    +
    +
    -clrext
    + +
    +

    Delete any extensions from a certificate. This option is used when a +certificate is being created from another certificate (for example with +the -signkey or the -CA options). Normally all extensions are +retained.

    +
    +
    -keyform DER|PEM|ENGINE
    + +
    +

    The key format; the default is PEM. +See openssl(1)/Format Options for details.

    +
    +
    -CAform DER|PEM, -CAkeyform DER|PEM|ENGINE
    + +
    +

    The format for the CA certificate and key; the default is PEM. +See openssl(1)/Format Options for details.

    +
    +
    -days arg
    + +
    +

    Specifies the number of days to make a certificate valid for. The default +is 30 days. Cannot be used with the -preserve_dates option.

    +
    +
    -x509toreq
    + +
    +

    Converts a certificate into a certificate request. The -signkey option +is used to pass the required private key.

    +
    +
    -req
    + +
    +

    By default a certificate is expected on input. With this option a +certificate request is expected instead.

    +
    +
    -set_serial n
    + +
    +

    Specifies the serial number to use. This option can be used with either +the -signkey or -CA options. If used in conjunction with the -CA +option the serial number file (as specified by the -CAserial or +-CAcreateserial options) is not used.

    +

    The serial number can be decimal or hex (if preceded by 0x).

    +
    +
    -CA filename
    + +
    +

    Specifies the CA certificate to be used for signing. When this option is +present, this command behaves like a "mini CA". The input file is signed by +this CA using this option: that is its issuer name is set to the subject name +of the CA and it is digitally signed using the CAs private key.

    +

    This option is normally combined with the -req option. Without the +-req option the input is a certificate which must be self signed.

    +
    +
    -CAkey filename
    + +
    +

    Sets the CA private key to sign a certificate with. If this option is +not specified then it is assumed that the CA private key is present in +the CA certificate file.

    +
    +
    -CAserial filename
    + +
    +

    Sets the CA serial number file to use.

    +

    When the -CA option is used to sign a certificate it uses a serial +number specified in a file. This file consists of one line containing +an even number of hex digits with the serial number to use. After each +use the serial number is incremented and written out to the file again.

    +

    The default filename consists of the CA certificate file base name with +.srl appended. For example if the CA certificate file is called +mycacert.pem it expects to find a serial number file called +mycacert.srl.

    +
    +
    -CAcreateserial
    + +
    +

    With this option the CA serial number file is created if it does not exist: +it will contain the serial number "02" and the certificate being signed will +have the 1 as its serial number. If the -CA option is specified +and the serial number file does not exist a random number is generated; +this is the recommended practice.

    +
    +
    -extfile filename
    + +
    +

    File containing certificate extensions to use. If not specified then +no extensions are added to the certificate.

    +
    +
    -extensions section
    + +
    +

    The section to add certificate extensions from. If this option is not +specified then the extensions should either be contained in the unnamed +(default) section or the default section should contain a variable called +"extensions" which contains the section to use. See the +x509v3_config(5) manual page for details of the +extension section format.

    +
    +
    -new
    + +
    +

    Generate a certificate from scratch, not using an input certificate +or certificate request. So the -in option must not be used in this case. +Instead, the -subj and <-force_pubkey> options need to be given.

    +
    +
    -next_serial
    + +
    +

    Set the serial to be one more than the number in the certificate.

    +
    +
    -nocert
    + +
    +

    Do not generate or output a certificate.

    +
    +
    -force_pubkey filename
    + +
    +

    When a certificate is created set its public key to the key in filename +instead of the key contained in the input or given with the -signkey option.

    +

    This option is useful for creating self-issued certificates that are not +self-signed, for instance when the key cannot be used for signing, such as DH. +It can also be used in conjunction with b<-new> and -subj to directly +generate a certificate containing any desired public key.

    +

    The format of the key file can be specified using the -keyform option.

    +
    +
    -subj arg
    + +
    +

    When a certificate is created set its subject name to the given value. +The arg must be formatted as /type0=value0/type1=value1/type2=.... +Keyword characters may be escaped by \ (backslash), and whitespace is retained. +Empty values are permitted, but the corresponding type will not be included +in the certificate. Giving a single / will lead to an empty sequence of RDNs +(a NULL subject DN).

    +

    Unless the -CA option is given the issuer is set to the same value.

    +

    This option can be used in conjunction with the -force_pubkey option +to create a certificate even without providing an input certificate +or certificate request.

    +
    +
    +

    +

    +

    Text Options

    +

    As well as customising the name output format, it is also possible to +customise the actual fields printed using the certopt options when +the text option is present. The default behaviour is to print all fields.

    +
    +
    compatible
    + +
    +

    Use the old format. This is equivalent to specifying no output options at all.

    +
    +
    no_header
    + +
    +

    Don't print header information: that is the lines saying "Certificate" +and "Data".

    +
    +
    no_version
    + +
    +

    Don't print out the version number.

    +
    +
    no_serial
    + +
    +

    Don't print out the serial number.

    +
    +
    no_signame
    + +
    +

    Don't print out the signature algorithm used.

    +
    +
    no_validity
    + +
    +

    Don't print the validity, that is the notBefore and notAfter fields.

    +
    +
    no_subject
    + +
    +

    Don't print out the subject name.

    +
    +
    no_issuer
    + +
    +

    Don't print out the issuer name.

    +
    +
    no_pubkey
    + +
    +

    Don't print out the public key.

    +
    +
    no_sigdump
    + +
    +

    Don't give a hexadecimal dump of the certificate signature.

    +
    +
    no_aux
    + +
    +

    Don't print out certificate trust information.

    +
    +
    no_extensions
    + +
    +

    Don't print out any X509V3 extensions.

    +
    +
    ext_default
    + +
    +

    Retain default extension behaviour: attempt to print out unsupported +certificate extensions.

    +
    +
    ext_error
    + +
    +

    Print an error message for unsupported certificate extensions.

    +
    +
    ext_parse
    + +
    +

    ASN1 parse unsupported extensions.

    +
    +
    ext_dump
    + +
    +

    Hex dump unsupported extensions.

    +
    +
    ca_default
    + +
    +

    The value used by openssl-ca(1), equivalent to no_issuer, no_pubkey, +no_header, and no_version.

    +
    +
    +

    +

    +
    +

    EXAMPLES

    +

    Note: in these examples the '\' means the example should be all on one +line.

    +

    Display the contents of a certificate:

    +
    + openssl x509 -in cert.pem -noout -text
    +

    Display the "Subject Alternative Name" extension of a certificate:

    +
    + openssl x509 -in cert.pem -noout -ext subjectAltName
    +

    Display more extensions of a certificate:

    +
    + openssl x509 -in cert.pem -noout -ext subjectAltName,nsCertType
    +

    Display the certificate serial number:

    +
    + openssl x509 -in cert.pem -noout -serial
    +

    Display the certificate subject name:

    +
    + openssl x509 -in cert.pem -noout -subject
    +

    Display the certificate subject name in RFC2253 form:

    +
    + openssl x509 -in cert.pem -noout -subject -nameopt RFC2253
    +

    Display the certificate subject name in oneline form on a terminal +supporting UTF8:

    +
    + openssl x509 -in cert.pem -noout -subject -nameopt oneline,-esc_msb
    +

    Display the certificate SHA1 fingerprint:

    +
    + openssl x509 -sha1 -in cert.pem -noout -fingerprint
    +

    Convert a certificate from PEM to DER format:

    +
    + openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER
    +

    Convert a certificate to a certificate request:

    +
    + openssl x509 -x509toreq -in cert.pem -out req.pem -signkey key.pem
    +

    Convert a certificate request into a self signed certificate using +extensions for a CA:

    +
    + openssl x509 -req -in careq.pem -extfile openssl.cnf -extensions v3_ca \
+        -signkey key.pem -out cacert.pem
    +

    Sign a certificate request using the CA certificate above and add user +certificate extensions:

    +
    + openssl x509 -req -in req.pem -extfile openssl.cnf -extensions v3_usr \
+        -CA cacert.pem -CAkey key.pem -CAcreateserial
    +

    Set a certificate to be trusted for SSL client use and change set its alias to +"Steve's Class 1 CA"

    +
    + openssl x509 -in cert.pem -addtrust clientAuth \
+        -setalias "Steve's Class 1 CA" -out trust.pem
    +

    +

    +
    +

    NOTES

    +

    The conversion to UTF8 format used with the name options assumes that +T61Strings use the ISO8859-1 character set. This is wrong but Netscape +and MSIE do this as do many certificates. So although this is incorrect +it is more likely to display the majority of certificates correctly.

    +

    The -email option searches the subject name and the subject alternative +name extension. Only unique email addresses will be printed out: it will +not print the same address more than once.

    +

    +

    +
    +

    CERTIFICATE EXTENSIONS

    +

    The -purpose option checks the certificate extensions and determines +what the certificate can be used for. The actual checks done are rather +complex and include various hacks and workarounds to handle broken +certificates and software.

    +

    The same code is used when verifying untrusted certificates in chains +so this section is useful if a chain is rejected by the verify code.

    +

    The basicConstraints extension CA flag is used to determine whether the +certificate can be used as a CA. If the CA flag is true then it is a CA, +if the CA flag is false then it is not a CA. All CAs should have the +CA flag set to true.

    +

    If the basicConstraints extension is absent then the certificate is +considered to be a "possible CA" other extensions are checked according +to the intended use of the certificate. A warning is given in this case +because the certificate should really not be regarded as a CA: however +it is allowed to be a CA to work around some broken software.

    +

    If the certificate is a V1 certificate (and thus has no extensions) and +it is self signed it is also assumed to be a CA but a warning is again +given: this is to work around the problem of Verisign roots which are V1 +self signed certificates.

    +

    If the keyUsage extension is present then additional restraints are +made on the uses of the certificate. A CA certificate must have the +keyCertSign bit set if the keyUsage extension is present.

    +

    The extended key usage extension places additional restrictions on the +certificate uses. If this extension is present (whether critical or not) +the key can only be used for the purposes specified.

    +

    A complete description of each test is given below. The comments about +basicConstraints and keyUsage and V1 certificates above apply to all +CA certificates.

    +
    +
    SSL Client
    + +
    +

    The extended key usage extension must be absent or include the "web client +authentication" OID. keyUsage must be absent or it must have the +digitalSignature bit set. Netscape certificate type must be absent or it must +have the SSL client bit set.

    +
    +
    SSL Client CA
    + +
    +

    The extended key usage extension must be absent or include the "web client +authentication" OID. Netscape certificate type must be absent or it must have +the SSL CA bit set: this is used as a work around if the basicConstraints +extension is absent.

    +
    +
    SSL Server
    + +
    +

    The extended key usage extension must be absent or include the "web server +authentication" and/or one of the SGC OIDs. keyUsage must be absent or it +must have the digitalSignature, the keyEncipherment set or both bits set. +Netscape certificate type must be absent or have the SSL server bit set.

    +
    +
    SSL Server CA
    + +
    +

    The extended key usage extension must be absent or include the "web server +authentication" and/or one of the SGC OIDs. Netscape certificate type must +be absent or the SSL CA bit must be set: this is used as a work around if the +basicConstraints extension is absent.

    +
    +
    Netscape SSL Server
    + +
    +

    For Netscape SSL clients to connect to an SSL server it must have the +keyEncipherment bit set if the keyUsage extension is present. This isn't +always valid because some cipher suites use the key for digital signing. +Otherwise it is the same as a normal SSL server.

    +
    +
    Common S/MIME Client Tests
    + +
    +

    The extended key usage extension must be absent or include the "email +protection" OID. Netscape certificate type must be absent or should have the +S/MIME bit set. If the S/MIME bit is not set in Netscape certificate type +then the SSL client bit is tolerated as an alternative but a warning is shown: +this is because some Verisign certificates don't set the S/MIME bit.

    +
    +
    S/MIME Signing
    + +
    +

    In addition to the common S/MIME client tests the digitalSignature bit or +the nonRepudiation bit must be set if the keyUsage extension is present.

    +
    +
    S/MIME Encryption
    + +
    +

    In addition to the common S/MIME tests the keyEncipherment bit must be set +if the keyUsage extension is present.

    +
    +
    S/MIME CA
    + +
    +

    The extended key usage extension must be absent or include the "email +protection" OID. Netscape certificate type must be absent or must have the +S/MIME CA bit set: this is used as a work around if the basicConstraints +extension is absent.

    +
    +
    CRL Signing
    + +
    +

    The keyUsage extension must be absent or it must have the CRL signing bit +set.

    +
    +
    CRL Signing CA
    + +
    +

    The normal CA tests apply. Except in this case the basicConstraints extension +must be present.

    +
    +
    +

    +

    +
    +

    BUGS

    +

    Extensions in certificates are not transferred to certificate requests and +vice versa.

    +

    It is possible to produce invalid certificates or requests by specifying the +wrong private key or using inconsistent options in some cases: these should +be checked.

    +

    There should be options to explicitly set such things as start and end +dates rather than an offset from the current time.

    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +openssl-req(1), +openssl-ca(1), +openssl-genrsa(1), +openssl-gendsa(1), +openssl-verify(1), +x509v3_config(5)

    +

    +

    +
    +

    HISTORY

    +

    The hash algorithm used in the -subject_hash and -issuer_hash options +before OpenSSL 1.0.0 was based on the deprecated MD5 algorithm and the encoding +of the distinguished name. In OpenSSL 1.0.0 and later it is based on a canonical +version of the DN using SHA1. This means that any directories using the old +form must have their links rebuilt using openssl-rehash(1) or similar.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man1/openssl.html b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl.html new file mode 100755 index 0000000..76005e5 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man1/openssl.html @@ -0,0 +1,1585 @@ + + + + +openssl + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    openssl - OpenSSL command line tool

    +

    +

    +
    +

    SYNOPSIS

    +

    openssl +command +[ options ... ] +[ parameters ... ]

    +

    openssl +list +-standard-commands | +-digest-commands | +-cipher-commands | +-cipher-algorithms | +-digest-algorithms | +-mac-algorithms | +-public-key-algorithms

    +

    openssl no-XXX [ options ]

    +

    +

    +
    +

    DESCRIPTION

    +

    OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL +v2/v3) and Transport Layer Security (TLS v1) network protocols and related +cryptography standards required by them.

    +

    The openssl program is a command line tool for using the various +cryptography functions of OpenSSL's crypto library from the shell. +It can be used for

    +
    + o  Creation and management of private keys, public keys and parameters
+ o  Public key cryptographic operations
+ o  Creation of X.509 certificates, CSRs and CRLs
+ o  Calculation of Message Digests and Message Authentication Codes
+ o  Encryption and Decryption with Ciphers
+ o  SSL/TLS Client and Server Tests
+ o  Handling of S/MIME signed or encrypted mail
+ o  Timestamp requests, generation and verification
    +

    +

    +
    +

    COMMAND SUMMARY

    +

    The openssl program provides a rich variety of commands (command in +the SYNOPSIS above). +Each command can have many options and argument parameters, shown above as +options and parameters.

    +

    Detailed documentation and use cases for most standard subcommands are available +(e.g., openssl-x509(1)).

    +

    Many commands use an external configuration file for some or all of their +arguments and have a -config option to specify that file. +The default name of the file is openssl.cnf in the default certificate +storage area, which can be determined from the openssl-version(1) +command. +The environment variable OPENSSL_CONF can be used to specify +a different location of the file. +See openssl-env(7).

    +

    The list options -standard-commands, -digest-commands, +and -cipher-commands output a list (one entry per line) of the names +of all standard commands, message digest commands, or cipher commands, +respectively, that are available.

    +

    The list parameters -cipher-algorithms, -digest-algorithms, +and -mac-algorithms list all cipher, message digest, and message +authentication code names, one entry per line. Aliases are listed as:

    +
    + from => to
    +

    The list parameter -public-key-algorithms lists all supported public +key algorithms.

    +

    The command no-XXX tests whether a command of the +specified name is available. If no command named XXX exists, it +returns 0 (success) and prints no-XXX; otherwise it returns 1 +and prints XXX. In both cases, the output goes to stdout and +nothing is printed to stderr. Additional command line arguments +are always ignored. Since for each cipher there is a command of the +same name, this provides an easy way for shell scripts to test for the +availability of ciphers in the openssl program. (no-XXX is +not able to detect pseudo-commands such as quit, +list, or no-XXX itself.)

    +

    +

    +

    Standard Commands

    +
    +
    asn1parse
    + +
    +

    Parse an ASN.1 sequence.

    +
    +
    ca
    + +
    +

    Certificate Authority (CA) Management.

    +
    +
    ciphers
    + +
    +

    Cipher Suite Description Determination.

    +
    +
    cms
    + +
    +

    CMS (Cryptographic Message Syntax) utility.

    +
    +
    crl
    + +
    +

    Certificate Revocation List (CRL) Management.

    +
    +
    crl2pkcs7
    + +
    +

    CRL to PKCS#7 Conversion.

    +
    +
    dgst
    + +
    +

    Message Digest calculation. MAC calculations are superseded by +openssl-mac(1).

    +
    +
    dhparam
    + +
    +

    Generation and Management of Diffie-Hellman Parameters. Superseded by +openssl-genpkey(1) and openssl-pkeyparam(1).

    +
    +
    dsa
    + +
    +

    DSA Data Management.

    +
    +
    dsaparam
    + +
    +

    DSA Parameter Generation and Management. Superseded by +openssl-genpkey(1) and openssl-pkeyparam(1).

    +
    +
    ec
    + +
    +

    EC (Elliptic curve) key processing.

    +
    +
    ecparam
    + +
    +

    EC parameter manipulation and generation.

    +
    +
    enc
    + +
    +

    Encryption, decryption, and encoding.

    +
    +
    engine
    + +
    +

    Engine (loadable module) information and manipulation.

    +
    +
    errstr
    + +
    +

    Error Number to Error String Conversion.

    +
    +
    fipsinstall
    + +
    +

    FIPS configuration installation.

    +
    +
    gendsa
    + +
    +

    Generation of DSA Private Key from Parameters. Superseded by +openssl-genpkey(1) and openssl-pkey(1).

    +
    +
    genpkey
    + +
    +

    Generation of Private Key or Parameters.

    +
    +
    genrsa
    + +
    +

    Generation of RSA Private Key. Superseded by openssl-genpkey(1).

    +
    +
    help
    + +
    +

    Display information about a command's options.

    +
    +
    info
    + +
    +

    Display diverse information built into the OpenSSL libraries.

    +
    +
    kdf
    + +
    +

    Key Derivation Functions.

    +
    +
    list
    + +
    +

    List algorithms and features.

    +
    +
    mac
    + +
    +

    Message Authentication Code Calculation.

    +
    +
    nseq
    + +
    +

    Create or examine a Netscape certificate sequence.

    +
    +
    ocsp
    + +
    +

    Online Certificate Status Protocol utility.

    +
    +
    passwd
    + +
    +

    Generation of hashed passwords.

    +
    +
    pkcs12
    + +
    +

    PKCS#12 Data Management.

    +
    +
    pkcs7
    + +
    +

    PKCS#7 Data Management.

    +
    +
    pkcs8
    + +
    +

    PKCS#8 format private key conversion tool.

    +
    +
    pkey
    + +
    +

    Public and private key management.

    +
    +
    pkeyparam
    + +
    +

    Public key algorithm parameter management.

    +
    +
    pkeyutl
    + +
    +

    Public key algorithm cryptographic operation utility.

    +
    +
    prime
    + +
    +

    Compute prime numbers.

    +
    +
    provider
    + +
    +

    Load and query providers.

    +
    +
    rand
    + +
    +

    Generate pseudo-random bytes.

    +
    +
    rehash
    + +
    +

    Create symbolic links to certificate and CRL files named by the hash values.

    +
    +
    req
    + +
    +

    PKCS#10 X.509 Certificate Signing Request (CSR) Management.

    +
    +
    rsa
    + +
    +

    RSA key management.

    +
    +
    rsautl
    + +
    +

    RSA utility for signing, verification, encryption, and decryption. Superseded +by openssl-pkeyutl(1).

    +
    +
    s_client
    + +
    +

    This implements a generic SSL/TLS client which can establish a transparent +connection to a remote server speaking SSL/TLS. It's intended for testing +purposes only and provides only rudimentary interface functionality but +internally uses mostly all functionality of the OpenSSL ssl library.

    +
    +
    s_server
    + +
    +

    This implements a generic SSL/TLS server which accepts connections from remote +clients speaking SSL/TLS. It's intended for testing purposes only and provides +only rudimentary interface functionality but internally uses mostly all +functionality of the OpenSSL ssl library. It provides both an own command +line oriented protocol for testing SSL functions and a simple HTTP response +facility to emulate an SSL/TLS-aware webserver.

    +
    +
    s_time
    + +
    +

    SSL Connection Timer.

    +
    +
    sess_id
    + +
    +

    SSL Session Data Management.

    +
    +
    smime
    + +
    +

    S/MIME mail processing.

    +
    +
    speed
    + +
    +

    Algorithm Speed Measurement.

    +
    +
    spkac
    + +
    +

    SPKAC printing and generating utility.

    +
    +
    srp
    + +
    +

    Maintain SRP password file.

    +
    +
    storeutl
    + +
    +

    Utility to list and display certificates, keys, CRLs, etc.

    +
    +
    ts
    + +
    +

    Time Stamping Authority tool (client/server).

    +
    +
    verify
    + +
    +

    X.509 Certificate Verification.

    +
    +
    version
    + +
    +

    OpenSSL Version Information.

    +
    +
    x509
    + +
    +

    X.509 Certificate Data Management.

    +
    +
    +

    +

    +

    Message Digest Commands

    +
    +
    blake2b512
    + +
    +

    BLAKE2b-512 Digest

    +
    +
    blake2s256
    + +
    +

    BLAKE2s-256 Digest

    +
    +
    md2
    + +
    +

    MD2 Digest

    +
    +
    md4
    + +
    +

    MD4 Digest

    +
    +
    md5
    + +
    +

    MD5 Digest

    +
    +
    mdc2
    + +
    +

    MDC2 Digest

    +
    +
    rmd160
    + +
    +

    RMD-160 Digest

    +
    +
    sha1
    + +
    +

    SHA-1 Digest

    +
    +
    sha224
    + +
    +

    SHA-2 224 Digest

    +
    +
    sha256
    + +
    +

    SHA-2 256 Digest

    +
    +
    sha384
    + +
    +

    SHA-2 384 Digest

    +
    +
    sha512
    + +
    +

    SHA-2 512 Digest

    +
    +
    sha3-224
    + +
    +

    SHA-3 224 Digest

    +
    +
    sha3-256
    + +
    +

    SHA-3 256 Digest

    +
    +
    sha3-384
    + +
    +

    SHA-3 384 Digest

    +
    +
    sha3-512
    + +
    +

    SHA-3 512 Digest

    +
    +
    shake128
    + +
    +

    SHA-3 SHAKE128 Digest

    +
    +
    shake256
    + +
    +

    SHA-3 SHAKE256 Digest

    +
    +
    sm3
    + +
    +

    SM3 Digest

    +
    +
    +

    +

    +

    Encryption, Decryption, and Encoding Commands

    +

    The following aliases provide convenient access to the most used encodings +and ciphers.

    +

    Depending on how OpenSSL was configured and built, not all ciphers listed +here may be present. See openssl-enc(1) for more information.

    +
    +
    aes128, aes-128-cbc, aes-128-cfb, aes-128-ctr, aes-128-ecb, aes-128-ofb
    + +
    +

    AES-128 Cipher

    +
    +
    aes192, aes-192-cbc, aes-192-cfb, aes-192-ctr, aes-192-ecb, aes-192-ofb
    + +
    +

    AES-192 Cipher

    +
    +
    aes256, aes-256-cbc, aes-256-cfb, aes-256-ctr, aes-256-ecb, aes-256-ofb
    + +
    +

    AES-256 Cipher

    +
    +
    aria128, aria-128-cbc, aria-128-cfb, aria-128-ctr, aria-128-ecb, aria-128-ofb
    + +
    +

    Aria-128 Cipher

    +
    +
    aria192, aria-192-cbc, aria-192-cfb, aria-192-ctr, aria-192-ecb, aria-192-ofb
    + +
    +

    Aria-192 Cipher

    +
    +
    aria256, aria-256-cbc, aria-256-cfb, aria-256-ctr, aria-256-ecb, aria-256-ofb
    + +
    +

    Aria-256 Cipher

    +
    +
    base64
    + +
    +

    Base64 Encoding

    +
    +
    bf, bf-cbc, bf-cfb, bf-ecb, bf-ofb
    + +
    +

    Blowfish Cipher

    +
    +
    camellia128, camellia-128-cbc, camellia-128-cfb, camellia-128-ctr, camellia-128-ecb, camellia-128-ofb
    + +
    +

    Camellia-128 Cipher

    +
    +
    camellia192, camellia-192-cbc, camellia-192-cfb, camellia-192-ctr, camellia-192-ecb, camellia-192-ofb
    + +
    +

    Camellia-192 Cipher

    +
    +
    camellia256, camellia-256-cbc, camellia-256-cfb, camellia-256-ctr, camellia-256-ecb, camellia-256-ofb
    + +
    +

    Camellia-256 Cipher

    +
    +
    cast, cast-cbc
    + +
    +

    CAST Cipher

    +
    +
    cast5-cbc, cast5-cfb, cast5-ecb, cast5-ofb
    + +
    +

    CAST5 Cipher

    +
    +
    chacha20
    + +
    +

    Chacha20 Cipher

    +
    +
    des, des-cbc, des-cfb, des-ecb, des-ede, des-ede-cbc, des-ede-cfb, des-ede-ofb, des-ofb
    + +
    +

    DES Cipher

    +
    +
    des3, desx, des-ede3, des-ede3-cbc, des-ede3-cfb, des-ede3-ofb
    + +
    +

    Triple-DES Cipher

    +
    +
    idea, idea-cbc, idea-cfb, idea-ecb, idea-ofb
    + +
    +

    IDEA Cipher

    +
    +
    rc2, rc2-cbc, rc2-cfb, rc2-ecb, rc2-ofb
    + +
    +

    RC2 Cipher

    +
    +
    rc4
    + +
    +

    RC4 Cipher

    +
    +
    rc5, rc5-cbc, rc5-cfb, rc5-ecb, rc5-ofb
    + +
    +

    RC5 Cipher

    +
    +
    seed, seed-cbc, seed-cfb, seed-ecb, seed-ofb
    + +
    +

    SEED Cipher

    +
    +
    sm4, sm4-cbc, sm4-cfb, sm4-ctr, sm4-ecb, sm4-ofb
    + +
    +

    SM4 Cipher

    +
    +
    +

    +

    +
    +

    OPTIONS

    +

    Details of which options are available depend on the specific command. +This section describes some common options with common behavior.

    +

    +

    +

    Common Options

    +
    +
    -help
    + +
    +

    Provides a terse summary of all options. +If an option takes an argument, the "type" of argument is also given.

    +
    +
    --
    + +
    +

    This terminates the list of options. It is mostly useful if any filename +parameters start with a minus sign:

    +
    + openssl verify [flags...] -- -cert1.pem...
    +
    +
    +

    +

    +

    Format Options

    +

    Several OpenSSL commands can take input or generate output in a variety +of formats. The list of acceptable formats, and the default, is +described in each command documentation. The list of formats is +described below. Both uppercase and lowercase are accepted.

    +
    +
    DER
    + +
    +

    A binary format, encoded or parsed according to Distinguished Encoding Rules +(DER) of the ASN.1 data language.

    +
    +
    ENGINE
    + +
    +

    Used to specify that the cryptographic material is in an OpenSSL engine. +An engine must be configured or specified using the -engine option. +In addition, the -input flag can be used to name a specific object in +the engine. +A password, such as the -passin flag often must be specified as well.

    +
    +
    P12
    + +
    +

    A DER-encoded file containing a PKCS#12 object. +It might be necessary to provide a decryption password to retrieve +the private key.

    +
    +
    PEM
    + +
    +

    A text format defined in IETF RFC 1421 and IETF RFC 7468. Briefly, this is +a block of base-64 encoding (defined in IETF RFC 4648), with specific +lines used to mark the start and end:

    +
    + Text before the BEGIN line is ignored.
+ ----- BEGIN object-type -----
+ OT43gQKBgQC/2OHZoko6iRlNOAQ/tMVFNq7fL81GivoQ9F1U0Qr+DH3ZfaH8eIkX
+ xT0ToMPJUzWAn8pZv0snA0um6SIgvkCuxO84OkANCVbttzXImIsL7pFzfcwV/ERK
+ UM6j0ZuSMFOCr/lGPAoOQU0fskidGEHi1/kW+suSr28TqsyYZpwBDQ==
+ ----- END object-type -----
+ Text after the END line is also ignored
    +

    The object-type must match the type of object that is expected. +For example a BEGIN X509 CERTIFICATE will not match if the command +is trying to read a private key. The types supported include:

    +
    + ANY PRIVATE KEY
+ CERTIFICATE
+ CERTIFICATE REQUEST
+ CMS
+ DH PARAMETERS
+ DSA PARAMETERS
+ DSA PUBLIC KEY
+ EC PARAMETERS
+ EC PRIVATE KEY
+ ECDSA PUBLIC KEY
+ ENCRYPTED PRIVATE KEY
+ PARAMETERS
+ PKCS #7 SIGNED DATA
+ PKCS7
+ PRIVATE KEY
+ PUBLIC KEY
+ RSA PRIVATE KEY
+ SSL SESSION PARAMETERS
+ TRUSTED CERTIFICATE
+ X509 CRL
+ X9.42 DH PARAMETERS
    +

    The following legacy object-type's are also supported for compatibility +with earlier releases:

    +
    + DSA PRIVATE KEY
+ NEW CERTIFICATE REQUEST
+ RSA PUBLIC KEY
+ X509 CERTIFICATE
    +
    +
    SMIME
    + +
    +

    An S/MIME object as described in IETF RFC 8551. +Earlier versions were known as CMS and are compatible. +Note that the parsing is simple and might fail to parse some legal data.

    +
    +
    +

    The options to specify the format are as follows. Refer to the individual +manpage to see which options are accepted.

    +
    +
    -inform format, -outform format
    + +
    +

    The format of the input or output streams.

    +
    +
    -keyform format
    + +
    +

    Format of a private key input source.

    +
    +
    -CRLform format
    + +
    +

    Format of a CRL input source.

    +
    +
    +

    +

    +

    Pass Phrase Options

    +

    Several commands accept password arguments, typically using -passin +and -passout for input and output passwords respectively. These allow +the password to be obtained from a variety of sources. Both of these +options take a single argument whose format is described below. If no +password argument is given and a password is required then the user is +prompted to enter one: this will typically be read from the current +terminal with echoing turned off.

    +

    Note that character encoding may be relevant, please see +passphrase-encoding(7).

    +
    +
    pass:password
    + +
    +

    The actual password is password. Since the password is visible +to utilities (like 'ps' under Unix) this form should only be used +where security is not important.

    +
    +
    env:var
    + +
    +

    Obtain the password from the environment variable var. Since +the environment of other processes is visible on certain platforms +(e.g. ps under certain Unix OSes) this option should be used with caution.

    +
    +
    file:pathname
    + +
    +

    The first line of pathname is the password. If the same pathname +argument is supplied to -passin and -passout arguments then the first +line will be used for the input password and the next line for the output +password. pathname need not refer to a regular file: it could for example +refer to a device or named pipe.

    +
    +
    fd:number
    + +
    +

    Read the password from the file descriptor number. This can be used to +send the data via a pipe for example.

    +
    +
    stdin
    + +
    +

    Read the password from standard input.

    +
    +
    +

    +

    +

    Trusted Certificate Options

    +

    Part of validating a certificate includes verifying that the chain of CA's +can be traced up to an existing trusted root. The following options specify +how to list the trusted roots, also known as trust anchors. A collection +of trusted roots is called a trust store.

    +

    Note that OpenSSL does not provide a default set of trust anchors. Many +Linux distributions include a system default and configure OpenSSL to point +to that. Mozilla maintains an influential trust store that can be found at +https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/.

    +
    +
    -CAfile file
    + +
    +

    Load the specified file which contains one or more PEM-format certificates +of CA's that are trusted.

    +
    +
    -no-CAfile
    + +
    +

    Do not load the default file of trusted certificates.

    +
    +
    -CApath dir
    + +
    +

    Use the specified directory as a list of trust certificates. That is, +files should be named with the hash of the X.509 SubjectName of each +certificate. This is so that the library can extract the IssuerName, +hash it, and directly lookup the file to get the issuer certificate. +See openssl-rehash(1) for information on creating this type of directory.

    +
    +
    -no-CApath
    + +
    +

    Do not use the default directory of trusted certificates.

    +
    +
    -CAstore uri
    + +
    +

    Use uri as a store of trusted CA certificates. The URI may +indicate a single certificate, as well as a collection of them. +With URIs in the file: scheme, this acts as -CAfile or +-CApath, depending on if the URI indicates a single file or +directory. +See ossl_store-file(7) for more information on the file: scheme.

    +

    These certificates are also used when building the server certificate +chain (for example with openssl-s_server(1)) or client certificate +chain (for example with openssl-s_time(1)).

    +
    +
    -no-CAstore
    + +
    +

    Do not use the default store.

    +
    +
    +

    +

    +

    Random State Options

    +

    Prior to OpenSSL 3.0, it was common for applications to store information +about the state of the random-number generator in a file that was loaded +at startup and rewritten upon exit. On modern operating systems, this is +generally no longer necessary as OpenSSL will seed itself from the +appropriate CPU flags, device files, and so on. These flags are still +supported for special platforms or circumstances that might require them.

    +

    It is generally an error to use the same seed file more than once and +every use of -rand should be paired with -writerand.

    +
    +
    -rand files
    + +
    +

    A file or files containing random data used to seed the random number +generator. +Multiple files can be specified separated by an OS-dependent character. +The separator is ; for MS-Windows, , for OpenVMS, and : for +all others. Another way to specify multiple files is to repeat this flag +with different filenames.

    +
    +
    -writerand file
    + +
    +

    Writes the seed data to the specified file upon exit. +This file can be used in a subsequent command invocation.

    +
    +
    +

    +

    +

    Extended Verification Options

    +

    Sometimes there may be more than one certificate chain leading to an +end-entity certificate. +This usually happens when a root or intermediate CA signs a certificate +for another a CA in other organization. +Another reason is when a CA might have intermediates that use two different +signature formats, such as a SHA-1 and a SHA-256 digest.

    +

    The following options can be used to provide data that will allow the +OpenSSL command to generate an alternative chain.

    +
    +
    -xchain_build
    + +
    +

    Specify whether the application should build the certificate chain to be +provided to the server for the extra certificates via the -xkey, +-xcert, and -xchain options.

    +
    +
    -xkey infile, -xcert infile, -xchain
    + +
    +

    Specify an extra certificate, private key and certificate chain. These behave +in the same manner as the -cert, -key and -cert_chain options. When +specified, the callback returning the first valid chain will be in use by the +client.

    +
    +
    -xcertform DER|PEM, -xkeyform DER|PEM
    + +
    +

    The input format for the extra certificate and key, respectively. +See openssl(1)/Format Options for details.

    +
    +
    -xchain_build
    + +
    +

    Specify whether the application should build the certificate chain to be +provided to the server for the extra certificates via the -xkey, +-xcert, and -xchain options.

    +
    +
    -xcertform DER|PEM, -xkeyform DER|PEM
    + +
    +

    The input format for the extra certificate and key, respectively. +See openssl(1)/Format Options for details.

    +
    +
    +

    +

    +

    Verification Options

    +

    Many OpenSSL commands verify certificates. The details of how each +command handles errors are documented on the specific command page.

    +

    Verification is a complicated process, consisting of a number of separate +steps that are detailed in the following paragraphs.

    +

    First, a certificate chain is built up starting from the supplied certificate +and ending in a root CA. It is an error if the whole chain cannot be +built up. The chain is built up by looking up the certificate that +signed (or issued) the certificate. It then repeats the process, until +it gets to a certificate that is self-issued.

    +

    The process of looking up the issuer's certificate itself involves a number +of steps. After all certificates whose subject name matches the issuer +name of the current certificate are subject to further tests. The relevant +authority key identifier components of the current certificate (if present) +must match the subject key identifier (if present) and issuer and serial +number of the candidate issuer, in addition the keyUsage extension of the +candidate issuer (if present) must permit certificate signing.

    +

    The lookup first looks in the list of untrusted certificates and if no match +is found the remaining lookups are from the trusted certificates. The root CA +is always looked up in the trusted certificate list: if the certificate to +verify is a root certificate then an exact match must be found in the trusted +list.

    +

    The second step is to check every untrusted certificate's extensions +for consistency with the supplied purpose. If the -purpose option is +not included then no checks are done. The supplied or "leaf" certificate +must have extensions compatible with the supplied purpose and all other +certificates must also be valid CA certificates. The precise extensions +required are described in more detail in +openssl-x509(1)/CERTIFICATE EXTENSIONS.

    +

    The third step is to check the trust settings on the root CA. The root +CA should be trusted for the supplied purpose. For compatibility with +previous versions of OpenSSL, a certificate with no trust settings is +considered to be valid for all purposes.

    +

    The fourth, and final, step is to check the validity of the certificate +chain. The validity period is checked against the system time +and the notBefore and notAfter dates in the certificate. The certificate +signatures are also checked at this point. The -attime flag may be +used to specify a time other than "now."

    +

    If all operations complete successfully then certificate is considered +valid. If any operation fails then the certificate is not valid.

    +

    The details of the processing steps can be fine-tuned with the +following flags.

    +
    +
    -verbose
    + +
    +

    Print extra information about the operations being performed.

    +
    +
    -attime timestamp
    + +
    +

    Perform validation checks using time specified by timestamp and not +current system time. timestamp is the number of seconds since +January 1, 1970 (i.e., the Unix Epoch).

    +
    +
    -no_check_time
    + +
    +

    This option suppresses checking the validity period of certificates and CRLs +against the current time. If option -attime is used to specify +a verification time, the check is not suppressed.

    +
    +
    -x509_strict
    + +
    +

    This disables non-compliant workarounds for broken certificates.

    +
    +
    -ignore_critical
    + +
    +

    Normally if an unhandled critical extension is present which is not +supported by OpenSSL the certificate is rejected (as required by RFC5280). +If this option is set critical extensions are ignored.

    +
    +
    -issuer_checks
    + +
    +

    Ignored.

    +
    +
    -crl_check
    + +
    +

    Checks end entity certificate validity by attempting to look up a valid CRL. +If a valid CRL cannot be found an error occurs.

    +
    +
    -crl_check_all
    + +
    +

    Checks the validity of all certificates in the chain by attempting +to look up valid CRLs.

    +
    +
    -use_deltas
    + +
    +

    Enable support for delta CRLs.

    +
    +
    -extended_crl
    + +
    +

    Enable extended CRL features such as indirect CRLs and alternate CRL +signing keys.

    +
    +
    -suiteB_128_only, -suiteB_128, -suiteB_192
    + +
    +

    Enable the Suite B mode operation at 128 bit Level of Security, 128 bit or +192 bit, or only 192 bit Level of Security respectively. +See RFC6460 for details. In particular the supported signature algorithms are +reduced to support only ECDSA and SHA256 or SHA384 and only the elliptic curves +P-256 and P-384.

    +
    +
    -auth_level level
    + +
    +

    Set the certificate chain authentication security level to level. +The authentication security level determines the acceptable signature and +public key strength when verifying certificate chains. For a certificate +chain to validate, the public keys of all the certificates must meet the +specified security level. The signature algorithm security level is +enforced for all the certificates in the chain except for the chain's +trust anchor, which is either directly trusted or validated by means +other than its signature. See SSL_CTX_set_security_level(3) for the +definitions of the available levels. The default security level is -1, +or "not set". At security level 0 or lower all algorithms are acceptable. +Security level 1 requires at least 80-bit-equivalent security and is broadly +interoperable, though it will, for example, reject MD5 signatures or RSA +keys shorter than 1024 bits.

    +
    +
    -partial_chain
    + +
    +

    Allow verification to succeed even if a complete chain cannot be built to a +self-signed trust-anchor, provided it is possible to construct a chain to a +trusted certificate that might not be self-signed.

    +
    +
    -check_ss_sig
    + +
    +

    Verify the signature on the self-signed root CA. This is disabled by default +because it doesn't add any security.

    +
    +
    -allow_proxy_certs
    + +
    +

    Allow the verification of proxy certificates.

    +
    +
    -trusted_first
    + +
    +

    As of OpenSSL 1.1.0 this option is on by default and cannot be disabled.

    +
    +
    -no_alt_chains
    + +
    +

    As of OpenSSL 1.1.0, since -trusted_first always on, this option has no +effect.

    +
    +
    -trusted file
    + +
    +

    Parse file as a set of one or more certificates in PEM format. +All certificates must be self-signed, unless the +-partial_chain option is specified. +This option implies the -no-CAfile and -no-CApath options and it +cannot be used with either the -CAfile or -CApath options, so +only certificates in the file are trust anchors. +This option may be used multiple times.

    +
    +
    -untrusted file
    + +
    +

    Parse file as a set of one or more certificates in PEM format. +All certificates are untrusted certificates that may be used to +construct a certificate chain from the subject certificate to a trust anchor. +This option may be used multiple times.

    +
    +
    -policy arg
    + +
    +

    Enable policy processing and add arg to the user-initial-policy-set (see +RFC5280). The policy arg can be an object name an OID in numeric form. +This argument can appear more than once.

    +
    +
    -explicit_policy
    + +
    +

    Set policy variable require-explicit-policy (see RFC5280).

    +
    +
    -policy_check
    + +
    +

    Enables certificate policy processing.

    +
    +
    -policy_print
    + +
    +

    Print out diagnostics related to policy processing.

    +
    +
    -inhibit_any
    + +
    +

    Set policy variable inhibit-any-policy (see RFC5280).

    +
    +
    -inhibit_map
    + +
    +

    Set policy variable inhibit-policy-mapping (see RFC5280).

    +
    +
    -purpose purpose
    + +
    +

    The intended use for the certificate. If this option is not specified, this +command will not consider certificate purpose during chain verification. +Currently accepted uses are sslclient, sslserver, nssslserver, +smimesign, smimeencrypt.

    +
    +
    -verify_depth num
    + +
    +

    Limit the certificate chain to num intermediate CA certificates. +A maximal depth chain can have up to num+2 certificates, since neither the +end-entity certificate nor the trust-anchor certificate count against the +-verify_depth limit.

    +
    +
    -verify_email email
    + +
    +

    Verify if email matches the email address in Subject Alternative Name or +the email in the subject Distinguished Name.

    +
    +
    -verify_hostname hostname
    + +
    +

    Verify if hostname matches DNS name in Subject Alternative Name or +Common Name in the subject certificate.

    +
    +
    -verify_ip ip
    + +
    +

    Verify if ip matches the IP address in Subject Alternative Name of +the subject certificate.

    +
    +
    -verify_name name
    + +
    +

    Use default verification policies like trust model and required certificate +policies identified by name. +The trust model determines which auxiliary trust or reject OIDs are applicable +to verifying the given certificate chain. +See the -addtrust and -addreject options for openssl-x509(1). +Supported policy names include: default, pkcs7, smime_sign, +ssl_client, ssl_server. +These mimics the combinations of purpose and trust settings used in SSL, CMS +and S/MIME. +As of OpenSSL 1.1.0, the trust model is inferred from the purpose when not +specified, so the -verify_name options are functionally equivalent to the +corresponding -purpose settings.

    +
    +
    +

    +

    +

    Name Format Options

    +

    OpenSSL provides fine-grain control over how the subject and issuer DN's are +displayed. +This is specified by using the -nameopt option, which takes a +comma-separated list of options from the following set. +An option may be preceded by a minus sign, -, to turn it off. +The default value is oneline. +The first four are the most commonly used.

    +
    +
    compat
    + +
    +

    Display the name using an old format from previous OpenSSL versions.

    +
    +
    RFC2253
    + +
    +

    Display the name using the format defined in RFC 2253. +It is equivalent to esc_2253, esc_ctrl, esc_msb, utf8, +dump_nostr, dump_unknown, dump_der, sep_comma_plus, dn_rev +and sname.

    +
    +
    oneline
    + +
    +

    Display the name in one line, using a format that is more readable +RFC 2253. +It is equivalent to esc_2253, esc_ctrl, esc_msb, utf8, +dump_nostr, dump_der, use_quote, sep_comma_plus_space, +space_eq and sname options.

    +
    +
    multiline
    + +
    +

    Display the name using multiple lines. +It is equivalent to esc_ctrl, esc_msb, sep_multiline, space_eq, +lname and align.

    +
    +
    esc_2253
    + +
    +

    Escape the "special" characters in a field, as required by RFC 2253. +That is, any of the characters ,+"<>;, # at the beginning of +a string and leading or trailing spaces.

    +
    +
    esc_2254
    + +
    +

    Escape the "special" characters in a field as required by RFC 2254 in a field. +That is, the NUL character and and of ()*.

    +
    +
    esc_ctrl
    + +
    +

    Escape non-printable ASCII characters, codes less than 0x20 (space) +or greater than 0x7F (DELETE). They are displayed using RFC 2253 \XX +notation where XX are the two hex digits representing the character value.

    +
    +
    esc_msb
    + +
    +

    Escape any characters with the most significant bit set, that is with +values larger than 127, as described in esc_ctrl.

    +
    +
    use_quote
    + +
    +

    Escapes some characters by surrounding the entire string with quotation +marks, ". +Without this option, individual special characters are preceeded with +a backslash character, \.

    +
    +
    utf8
    + +
    +

    Convert all strings to UTF-8 format first as required by RFC 2253. +If the output device is UTF-8 compatible, then using this option (and +not setting esc_msb) may give the correct display of multibyte +characters. +If this option is not set, then multibyte characters larger than 0xFF +will be output as \UXXXX for 16 bits or \WXXXXXXXX for 32 bits. +In addition, any UTF8Strings will be converted to their character form first.

    +
    +
    ignore_type
    + +
    +

    This option does not attempt to interpret multibyte characters in any +way. That is, the content octets are merely dumped as though one octet +represents each character. This is useful for diagnostic purposes but +will result in rather odd looking output.

    +
    +
    show_type
    + +
    +

    Display the type of the ASN1 character string before the value, +such as BMPSTRING: Hello World.

    +
    +
    dump_der
    + +
    +

    Any fields that would be output in hex format are displayed using +the DER encoding of the field. +If not set, just the content octets are displayed. +Either way, the #XXXX... format of RFC 2253 is used.

    +
    +
    dump_nostr
    + +
    +

    Dump non-character strings, such as ASN.1 OCTET STRING. +If this option is not set, then non character string types will be displayed +as though each content octet represents a single character.

    +
    +
    dump_all
    + +
    +

    Dump all fields. When this used with dump_der, this allows the +DER encoding of the structure to be unambiguously determined.

    +
    +
    dump_unknown
    + +
    +

    Dump any field whose OID is not recognised by OpenSSL.

    +
    +
    sep_comma_plus, sep_comma_plus_space, sep_semi_plus_space, +sep_multiline
    + +
    +

    Specify the field separators. The first word is used between the +Relative Distinguished Names (RDNs) and the second is between +multiple Attribute Value Assertions (AVAs). Multiple AVAs are +very rare and their use is discouraged. +The options ending in "space" additionally place a space after the separator to make it more readable. +The sep_multiline starts each field on its own line, and uses "plus space" +for the AVA separator. +It also indents the fields by four characters. +The default value is sep_comma_plus_space.

    +
    +
    dn_rev
    + +
    +

    Reverse the fields of the DN as required by RFC 2253. +This also reverses the order of multiple AVAs in a field, but this is +permissible as there is no ordering on values.

    +
    +
    nofname, sname, lname, oid
    + +
    +

    Specify how the field name is displayed. +nofname does not display the field at all. +sname uses the "short name" form (CN for commonName for example). +lname uses the long form. +oid represents the OID in numerical form and is useful for +diagnostic purpose.

    +
    +
    align
    + +
    +

    Align field values for a more readable output. Only usable with +sep_multiline.

    +
    +
    space_eq
    + +
    +

    Places spaces round the equal sign, =, character which follows the field +name.

    +
    +
    +

    +

    +

    TLS Version Options

    +

    Several commands use SSL, TLS, or DTLS. By default, the commands use TLS and +clients will offer the lowest and highest protocol version they support, +and servers will pick the highest version that the client offers that is also +supported by the server.

    +

    The options below can be used to limit which protocol versions are used, +and whether TCP (SSL and TLS) or UDP (DTLS) is used. +Note that not all protocols and flags may be available, depending on how +OpenSSL was built.

    +
    +
    -ssl3, -tls1, -tls1_1, -tls1_2, -tls1_3, -no_ssl3, -no_tls1, -no_tls1_1, -no_tls1_2, -no_tls1_3
    + +
    +

    These options require or disable the use of the specified SSL or TLS protocols. +When a specific TLS version is required, only that version will be offered or +accepted. +Only one specific protocol can be given and it cannot be combined with any of +the no_ options.

    +
    +
    -dtls, -dtls1, -dtls1_2
    + +
    +

    These options specify to use DTLS instead of DLTS. +With -dtls, clients will negotiate any supported DTLS protocol version. +Use the -dtls1 or -dtls1_2 options to support only DTLS1.0 or DTLS1.2, +respectively.

    +
    +
    +

    +

    +

    Engine Options

    +
    +
    -engine id
    + +
    +

    Use the engine identified by id and use all the methods it +implements (algorithms, key storage, etc.), unless specified otherwise in +the command-specific documentation or it is configured to do so, as described +in config(5)/Engine Configuration Module.

    +
    +
    +

    +

    +
    +

    ENVIRONMENT

    +

    The OpenSSL library can be take some configuration parameters from the +environment. Some of these variables are listed below. For information +about specific commands, see openssl-engine(1), openssl-provider(1), +openssl-rehash(1), and tsget(1).

    +

    For information about the use of environment variables in configuration, +see config(5)/ENVIRONMENT.

    +

    For information about querying or specifying CPU architecture flags, see +OPENSSL_ia32cap(3), and OPENSSL_s390xcap(3).

    +

    For information about all environment variables used by the OpenSSL libraries, +see openssl-env(7).

    +
    +
    OPENSSL_TRACE=name[,...]
    + +
    +

    Enable tracing output of OpenSSL library, by name. +This output will only make sense if you know OpenSSL internals well. +Also, it might not give you any output at all, depending on how +OpenSSL was built.

    +

    The value is a comma separated list of names, with the following +available:

    +
    +
    TRACE
    + +
    +

    The tracing functionality.

    +
    +
    TLS
    + +
    +

    General SSL/TLS.

    +
    +
    TLS_CIPHER
    + +
    +

    SSL/TLS cipher.

    +
    +
    ENGINE_CONF
    + +
    +

    ENGINE configuration.

    +
    +
    ENGINE_TABLE
    + +
    +

    The function that is used by RSA, DSA (etc) code to select registered +ENGINEs, cache defaults and functional references (etc), will generate +debugging summaries.

    +
    +
    ENGINE_REF_COUNT
    + +
    +

    Reference counts in the ENGINE structure will be monitored with a line +of generated for each change.

    +
    +
    PKCS5V2
    + +
    +

    PKCS#5 v2 keygen.

    +
    +
    PKCS12_KEYGEN
    + +
    +

    PKCS#12 key generation.

    +
    +
    PKCS12_DECRYPT
    + +
    +

    PKCS#12 decryption.

    +
    +
    X509V3_POLICY
    + +
    +

    Generates the complete policy tree at various point during X.509 v3 +policy evaluation.

    +
    +
    BN_CTX
    + +
    +

    BIGNUM context.

    +
    +
    +
    +
    +

    +

    +
    +

    SEE ALSO

    +

    openssl-asn1parse(1), +openssl-ca(1), +openssl-ciphers(1), +openssl-cms(1), +openssl-crl(1), +openssl-crl2pkcs7(1), +openssl-dgst(1), +openssl-dhparam(1), +openssl-dsa(1), +openssl-dsaparam(1), +openssl-ec(1), +openssl-ecparam(1), +openssl-enc(1), +openssl-engine(1), +openssl-errstr(1), +openssl-gendsa(1), +openssl-genpkey(1), +openssl-genrsa(1), +openssl-kdf(1), +openssl-mac(1), +openssl-nseq(1), +openssl-ocsp(1), +openssl-passwd(1), +openssl-pkcs12(1), +openssl-pkcs7(1), +openssl-pkcs8(1), +openssl-pkey(1), +openssl-pkeyparam(1), +openssl-pkeyutl(1), +openssl-prime(1), +openssl-rand(1), +openssl-rehash(1), +openssl-req(1), +openssl-rsa(1), +openssl-rsautl(1), +openssl-s_client(1), +openssl-s_server(1), +openssl-s_time(1), +openssl-sess_id(1), +openssl-smime(1), +openssl-speed(1), +openssl-spkac(1), +openssl-srp(1), +openssl-storeutl(1), +openssl-ts(1), +openssl-verify(1), +openssl-version(1), +openssl-x509(1), +config(5), +crypto(7), +openssl-env(7). +ssl(7), +x509v3_config(5)

    +

    +

    +
    +

    HISTORY

    +

    The list -XXX-algorithms options were added in OpenSSL 1.0.0; +For notes on the availability of other commands, see their individual +manual pages.

    +

    The -issuer_checks option is deprecated as of OpenSSL 1.1.0 and +is silently ignored.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man1/tsget.html b/linux_amd64/ssl/share/doc/openssl/html/man1/tsget.html new file mode 100755 index 0000000..714c864 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man1/tsget.html @@ -0,0 +1,242 @@ + + + + +tsget + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    tsget - Time Stamping HTTP/HTTPS client

    +

    +

    +
    +

    SYNOPSIS

    +

    tsget +-h server_url +[-e extension] +[-o output] +[-v] +[-d] +[-k private_key.pem] +[-p key_password] +[-c client_cert.pem] +[-C CA_certs.pem] +[-P CA_path] +[-r files] +[-g EGD_socket] +[request ...]

    +

    +

    +
    +

    DESCRIPTION

    +

    This command can be used for sending a timestamp request, as specified +in RFC 3161, to a timestamp server over HTTP or HTTPS and storing the +timestamp response in a file. It cannot be used for creating the requests +and verifying responses, you have to use openssl-ts(1) to do that. This +command can send several requests to the server without closing the TCP +connection if more than one requests are specified on the command line.

    +

    This command sends the following HTTP request for each timestamp request:

    +
    +        POST url HTTP/1.1
+        User-Agent: OpenTSA tsget.pl/<version>
+        Host: <host>:<port>
+        Pragma: no-cache
+        Content-Type: application/timestamp-query
+        Accept: application/timestamp-reply
+        Content-Length: length of body
    +
    +        ...binary request specified by the user...
    +

    It expects a response of type application/timestamp-reply, which is +written to a file without any interpretation.

    +

    +

    +
    +

    OPTIONS

    +
    +
    -h server_url
    + +
    +

    The URL of the HTTP/HTTPS server listening for timestamp requests.

    +
    +
    -e extension
    + +
    +

    If the -o option is not given this argument specifies the extension of the +output files. The base name of the output file will be the same as those of +the input files. Default extension is .tsr. (Optional)

    +
    +
    -o output
    + +
    +

    This option can be specified only when just one request is sent to the +server. The timestamp response will be written to the given output file. '-' +means standard output. In case of multiple timestamp requests or the absence +of this argument the names of the output files will be derived from the names +of the input files and the default or specified extension argument. (Optional)

    +
    +
    -v
    + +
    +

    The name of the currently processed request is printed on standard +error. (Optional)

    +
    +
    -d
    + +
    +

    Switches on verbose mode for the underlying perl module the WWW::Curl::Easy manpage. +You can see detailed debug messages for the connection. (Optional)

    +
    +
    -k private_key.pem
    + +
    +

    (HTTPS) In case of certificate-based client authentication over HTTPS +private_key.pem must contain the private key of the user. The private key +file can optionally be protected by a passphrase. The -c option must also +be specified. (Optional)

    +
    +
    -p key_password
    + +
    +

    (HTTPS) Specifies the passphrase for the private key specified by the -k +argument. If this option is omitted and the key is passphrase protected, +it will be prompted for. (Optional)

    +
    +
    -c client_cert.pem
    + +
    +

    (HTTPS) In case of certificate-based client authentication over HTTPS +client_cert.pem must contain the X.509 certificate of the user. The -k +option must also be specified. If this option is not specified no +certificate-based client authentication will take place. (Optional)

    +
    +
    -C CA_certs.pem
    + +
    +

    (HTTPS) The trusted CA certificate store. The certificate chain of the peer's +certificate must include one of the CA certificates specified in this file. +Either option -C or option -P must be given in case of HTTPS. (Optional)

    +
    +
    -P CA_path
    + +
    +

    (HTTPS) The path containing the trusted CA certificates to verify the peer's +certificate. The directory must be prepared with openssl-rehash(1). Either +option -C or option -P must be given in case of HTTPS. (Optional)

    +
    +
    -r files
    + +
    +

    See openssl(1)/Random State Options for more information.

    +
    +
    -g EGD_socket
    + +
    +

    The name of an EGD socket to get random data from. (Optional)

    +
    +
    request ...
    + +
    +

    List of files containing RFC 3161 DER-encoded timestamp requests. If no +requests are specified only one request will be sent to the server and it will +be read from the standard input. +(Optional)

    +
    +
    +

    +

    +
    +

    ENVIRONMENT VARIABLES

    +

    The TSGET environment variable can optionally contain default +arguments. The content of this variable is added to the list of command line +arguments.

    +

    +

    +
    +

    EXAMPLES

    +

    The examples below presume that file1.tsq and file2.tsq contain valid +timestamp requests, tsa.opentsa.org listens at port 8080 for HTTP requests +and at port 8443 for HTTPS requests, the TSA service is available at the /tsa +absolute path.

    +

    Get a timestamp response for file1.tsq over HTTP, output is written to +file1.tsr:

    +
    +  tsget -h http://tsa.opentsa.org:8080/tsa file1.tsq
    +

    Get a timestamp response for file1.tsq and file2.tsq over HTTP showing +progress, output is written to file1.reply and file2.reply respectively:

    +
    +  tsget -h http://tsa.opentsa.org:8080/tsa -v -e .reply \
+        file1.tsq file2.tsq
    +

    Create a timestamp request, write it to file3.tsq, send it to the server and +write the response to file3.tsr:

    +
    +  openssl ts -query -data file3.txt -cert | tee file3.tsq \
+        | tsget -h http://tsa.opentsa.org:8080/tsa \
+        -o file3.tsr
    +

    Get a timestamp response for file1.tsq over HTTPS without client +authentication:

    +
    +  tsget -h https://tsa.opentsa.org:8443/tsa \
+        -C cacerts.pem file1.tsq
    +

    Get a timestamp response for file1.tsq over HTTPS with certificate-based +client authentication (it will ask for the passphrase if client_key.pem is +protected):

    +
    +  tsget -h https://tsa.opentsa.org:8443/tsa -C cacerts.pem \
+        -k client_key.pem -c client_cert.pem file1.tsq
    +

    You can shorten the previous command line if you make use of the TSGET +environment variable. The following commands do the same as the previous +example:

    +
    +  TSGET='-h https://tsa.opentsa.org:8443/tsa -C cacerts.pem \
+        -k client_key.pem -c client_cert.pem'
+  export TSGET
+  tsget file1.tsq
    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), +openssl-ts(1), +the WWW::Curl::Easy manpage, +https://www.rfc-editor.org/rfc/rfc3161.html

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/ADMISSIONS.html b/linux_amd64/ssl/share/doc/openssl/html/man3/ADMISSIONS.html new file mode 100755 index 0000000..f7571e4 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/ADMISSIONS.html @@ -0,0 +1,210 @@ + + + + +ADMISSIONS + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    ADMISSIONS, +ADMISSIONS_get0_admissionAuthority, +ADMISSIONS_get0_namingAuthority, +ADMISSIONS_get0_professionInfos, +ADMISSIONS_set0_admissionAuthority, +ADMISSIONS_set0_namingAuthority, +ADMISSIONS_set0_professionInfos, +ADMISSION_SYNTAX, +ADMISSION_SYNTAX_get0_admissionAuthority, +ADMISSION_SYNTAX_get0_contentsOfAdmissions, +ADMISSION_SYNTAX_set0_admissionAuthority, +ADMISSION_SYNTAX_set0_contentsOfAdmissions, +NAMING_AUTHORITY, +NAMING_AUTHORITY_get0_authorityId, +NAMING_AUTHORITY_get0_authorityURL, +NAMING_AUTHORITY_get0_authorityText, +NAMING_AUTHORITY_set0_authorityId, +NAMING_AUTHORITY_set0_authorityURL, +NAMING_AUTHORITY_set0_authorityText, +PROFESSION_INFO, +PROFESSION_INFOS, +PROFESSION_INFO_get0_addProfessionInfo, +PROFESSION_INFO_get0_namingAuthority, +PROFESSION_INFO_get0_professionItems, +PROFESSION_INFO_get0_professionOIDs, +PROFESSION_INFO_get0_registrationNumber, +PROFESSION_INFO_set0_addProfessionInfo, +PROFESSION_INFO_set0_namingAuthority, +PROFESSION_INFO_set0_professionItems, +PROFESSION_INFO_set0_professionOIDs, +PROFESSION_INFO_set0_registrationNumber +- Accessors and settors for ADMISSION_SYNTAX

    +

    +

    +
    +

    SYNOPSIS

    +
    + typedef struct NamingAuthority_st NAMING_AUTHORITY;
+ typedef struct ProfessionInfo_st PROFESSION_INFO;
+ typedef STACK_OF(PROFESSION_INFO) PROFESSION_INFOS;
+ typedef struct Admissions_st ADMISSIONS;
+ typedef struct AdmissionSyntax_st ADMISSION_SYNTAX;
    +
    + const ASN1_OBJECT *NAMING_AUTHORITY_get0_authorityId(
+     const NAMING_AUTHORITY *n);
+ void NAMING_AUTHORITY_set0_authorityId(NAMING_AUTHORITY *n,
+     ASN1_OBJECT* namingAuthorityId);
+ const ASN1_IA5STRING *NAMING_AUTHORITY_get0_authorityURL(
+     const NAMING_AUTHORITY *n);
+ void NAMING_AUTHORITY_set0_authorityURL(NAMING_AUTHORITY *n,
+     ASN1_IA5STRING* namingAuthorityUrl);
+ const ASN1_STRING *NAMING_AUTHORITY_get0_authorityText(
+     const NAMING_AUTHORITY *n);
+ void NAMING_AUTHORITY_set0_authorityText(NAMING_AUTHORITY *n,
+     ASN1_STRING* namingAuthorityText);
    +
    + const GENERAL_NAME *ADMISSION_SYNTAX_get0_admissionAuthority(
+     const ADMISSION_SYNTAX *as);
+ void ADMISSION_SYNTAX_set0_admissionAuthority(
+     ADMISSION_SYNTAX *as, GENERAL_NAME *aa);
+ const STACK_OF(ADMISSIONS) *ADMISSION_SYNTAX_get0_contentsOfAdmissions(
+     const ADMISSION_SYNTAX *as);
+ void ADMISSION_SYNTAX_set0_contentsOfAdmissions(
+     ADMISSION_SYNTAX *as, STACK_OF(ADMISSIONS) *a);
    +
    + const GENERAL_NAME *ADMISSIONS_get0_admissionAuthority(const ADMISSIONS *a);
+ void ADMISSIONS_set0_admissionAuthority(ADMISSIONS *a, GENERAL_NAME *aa);
+ const NAMING_AUTHORITY *ADMISSIONS_get0_namingAuthority(const ADMISSIONS *a);
+ void ADMISSIONS_set0_namingAuthority(ADMISSIONS *a, NAMING_AUTHORITY *na);
+ const PROFESSION_INFOS *ADMISSIONS_get0_professionInfos(const ADMISSIONS *a);
+ void ADMISSIONS_set0_professionInfos(ADMISSIONS *a, PROFESSION_INFOS *pi);
    +
    + const ASN1_OCTET_STRING *PROFESSION_INFO_get0_addProfessionInfo(
+     const PROFESSION_INFO *pi);
+ void PROFESSION_INFO_set0_addProfessionInfo(
+     PROFESSION_INFO *pi, ASN1_OCTET_STRING *aos);
+ const NAMING_AUTHORITY *PROFESSION_INFO_get0_namingAuthority(
+     const PROFESSION_INFO *pi);
+ void PROFESSION_INFO_set0_namingAuthority(
+     PROFESSION_INFO *pi, NAMING_AUTHORITY *na);
+ const STACK_OF(ASN1_STRING) *PROFESSION_INFO_get0_professionItems(
+     const PROFESSION_INFO *pi);
+ void PROFESSION_INFO_set0_professionItems(
+     PROFESSION_INFO *pi, STACK_OF(ASN1_STRING) *as);
+ const STACK_OF(ASN1_OBJECT) *PROFESSION_INFO_get0_professionOIDs(
+     const PROFESSION_INFO *pi);
+ void PROFESSION_INFO_set0_professionOIDs(
+     PROFESSION_INFO *pi, STACK_OF(ASN1_OBJECT) *po);
+ const ASN1_PRINTABLESTRING *PROFESSION_INFO_get0_registrationNumber(
+     const PROFESSION_INFO *pi);
+ void PROFESSION_INFO_set0_registrationNumber(
+     PROFESSION_INFO *pi, ASN1_PRINTABLESTRING *rn);
    +

    +

    +
    +

    DESCRIPTION

    +

    The PROFESSION_INFOS, ADMISSION_SYNTAX, ADMISSIONS, and +PROFESSION_INFO types are opaque structures representing the +analogous types defined in the Common PKI Specification published +by https://www.t7ev.org. +Knowledge of those structures and their semantics is assumed.

    +

    The conventional routines to convert between DER and the local format +are described in d2i_X509(3). +The conventional routines to allocate and free the types are defined +in X509_dup(3).

    +

    The PROFESSION_INFOS type is a stack of PROFESSION_INFO; see +DEFINE_STACK_OF(3) for details.

    +

    The NAMING_AUTHORITY type has an authority ID and URL, and text fields. +The NAMING_AUTHORITY_get0_authorityId(), +NAMING_AUTHORITY_get0_get0_authorityURL(), and +NAMING_AUTHORITY_get0_get0_authorityText(), functions return pointers +to those values within the object. +The NAMING_AUTHORITY_set0_authorityId(), +NAMING_AUTHORITY_set0_get0_authorityURL(), and +NAMING_AUTHORITY_set0_get0_authorityText(), +functions free any existing value and set the pointer to the specified value.

    +

    The ADMISSION_SYNTAX type has an authority name and a stack of +ADMISSION objects. +The ADMISSION_SYNTAX_get0_admissionAuthority() +and ADMISSION_SYNTAX_get0_contentsOfAdmissions() functions return pointers +to those values within the object. +The +ADMISSION_SYNTAX_set0_admissionAuthority() and +ADMISSION_SYNTAX_set0_contentsOfAdmissions() +functions free any existing value and set the pointer to the specified value.

    +

    The ADMISSION type has an authority name, authority object, and a +stack of PROFESSION_INFO items. +The ADMISSIONS_get0_admissionAuthority(), ADMISSIONS_get0_namingAuthority(), +and ADMISSIONS_get0_professionInfos() +functions return pointers to those values within the object. +The +ADMISSIONS_set0_admissionAuthority(), +ADMISSIONS_set0_namingAuthority(), and +ADMISSIONS_set0_professionInfos() +functions free any existing value and set the pointer to the specified value.

    +

    The PROFESSION_INFO type has a name authority, stacks of +profession Items and OIDs, a registration number, and additional +profession info. +The functions PROFESSION_INFO_get0_addProfessionInfo(), +PROFESSION_INFO_get0_namingAuthority(), PROFESSION_INFO_get0_professionItems(), +PROFESSION_INFO_get0_professionOIDs(), and +PROFESSION_INFO_get0_registrationNumber() +functions return pointers to those values within the object. +The +PROFESSION_INFO_set0_addProfessionInfo(), +PROFESSION_INFO_set0_namingAuthority(), +PROFESSION_INFO_set0_professionItems(), +PROFESSION_INFO_set0_professionOIDs(), and +PROFESSION_INFO_set0_registrationNumber() +functions free any existing value and set the pointer to the specified value.

    +

    +

    +
    +

    RETURN VALUES

    +

    Described above. +Note that all of the get0 functions return a pointer to the internal data +structure and must not be freed.

    +

    +

    +
    +

    SEE ALSO

    +

    X509_dup(3), +d2i_X509(3),

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/ASN1_INTEGER_get_int64.html b/linux_amd64/ssl/share/doc/openssl/html/man3/ASN1_INTEGER_get_int64.html new file mode 100755 index 0000000..7b32b38 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/ASN1_INTEGER_get_int64.html @@ -0,0 +1,163 @@ + + + + +ASN1_INTEGER_get_int64 + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    ASN1_INTEGER_get_uint64, ASN1_INTEGER_set_uint64, +ASN1_INTEGER_get_int64, ASN1_INTEGER_get, ASN1_INTEGER_set_int64, ASN1_INTEGER_set, BN_to_ASN1_INTEGER, ASN1_INTEGER_to_BN, ASN1_ENUMERATED_get_int64, ASN1_ENUMERATED_get, ASN1_ENUMERATED_set_int64, ASN1_ENUMERATED_set, BN_to_ASN1_ENUMERATED, ASN1_ENUMERATED_to_BN +- ASN.1 INTEGER and ENUMERATED utilities

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/asn1.h>
    +
    + int ASN1_INTEGER_get_int64(int64_t *pr, const ASN1_INTEGER *a);
+ long ASN1_INTEGER_get(const ASN1_INTEGER *a);
    +
    + int ASN1_INTEGER_set_int64(ASN1_INTEGER *a, int64_t r);
+ int ASN1_INTEGER_set(const ASN1_INTEGER *a, long v);
    +
    + int ASN1_INTEGER_get_uint64(uint64_t *pr, const ASN1_INTEGER *a);
+ int ASN1_INTEGER_set_uint64(ASN1_INTEGER *a, uint64_t r);
    +
    + ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai);
+ BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn);
    +
    + int ASN1_ENUMERATED_get_int64(int64_t *pr, const ASN1_ENUMERATED *a);
+ long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a);
    +
    + int ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *a, int64_t r);
+ int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v);
    +
    + ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai);
+ BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn);
    +

    +

    +
    +

    DESCRIPTION

    +

    These functions convert to and from ASN1_INTEGER and ASN1_ENUMERATED +structures.

    +

    ASN1_INTEGER_get_int64() converts an ASN1_INTEGER into an int64_t type +If successful it returns 1 and sets *pr to the value of a. If it fails +(due to invalid type or the value being too big to fit into an int64_t type) +it returns 0.

    +

    ASN1_INTEGER_get_uint64() is similar to ASN1_INTEGER_get_int64_t() except it +converts to a uint64_t type and an error is returned if the passed integer +is negative.

    +

    ASN1_INTEGER_get() also returns the value of a but it returns 0 if a is +NULL and -1 on error (which is ambiguous because -1 is a legitimate value for +an ASN1_INTEGER). New applications should use ASN1_INTEGER_get_int64() +instead.

    +

    ASN1_INTEGER_set_int64() sets the value of ASN1_INTEGER a to the +int64_t value r.

    +

    ASN1_INTEGER_set_uint64() sets the value of ASN1_INTEGER a to the +uint64_t value r.

    +

    ASN1_INTEGER_set() sets the value of ASN1_INTEGER a to the long value +v.

    +

    BN_to_ASN1_INTEGER() converts BIGNUM bn to an ASN1_INTEGER. If ai +is NULL a new ASN1_INTEGER structure is returned. If ai is not NULL then +the existing structure will be used instead.

    +

    ASN1_INTEGER_to_BN() converts ASN1_INTEGER ai into a BIGNUM. If bn is +NULL a new BIGNUM structure is returned. If bn is not NULL then the +existing structure will be used instead.

    +

    ASN1_ENUMERATED_get_int64(), ASN1_ENUMERATED_set_int64(), +ASN1_ENUMERATED_set(), BN_to_ASN1_ENUMERATED() and ASN1_ENUMERATED_to_BN() +behave in an identical way to their ASN1_INTEGER counterparts except they +operate on an ASN1_ENUMERATED value.

    +

    ASN1_ENUMERATED_get() returns the value of a in a similar way to +ASN1_INTEGER_get() but it returns 0xffffffffL if the value of a will not +fit in a long type. New applications should use ASN1_ENUMERATED_get_int64() +instead.

    +

    +

    +
    +

    NOTES

    +

    In general an ASN1_INTEGER or ASN1_ENUMERATED type can contain an +integer of almost arbitrary size and so cannot always be represented by a C +int64_t type. However in many cases (for example version numbers) they +represent small integers which can be more easily manipulated if converted to +an appropriate C integer type.

    +

    +

    +
    +

    BUGS

    +

    The ambiguous return values of ASN1_INTEGER_get() and ASN1_ENUMERATED_get() +mean these functions should be avoided if possible. They are retained for +compatibility. Normally the ambiguous return values are not legitimate +values for the fields they represent.

    +

    +

    +
    +

    RETURN VALUES

    +

    ASN1_INTEGER_set_int64(), ASN1_INTEGER_set(), ASN1_ENUMERATED_set_int64() and +ASN1_ENUMERATED_set() return 1 for success and 0 for failure. They will only +fail if a memory allocation error occurs.

    +

    ASN1_INTEGER_get_int64() and ASN1_ENUMERATED_get_int64() return 1 for success +and 0 for failure. They will fail if the passed type is incorrect (this will +only happen if there is a programming error) or if the value exceeds the range +of an int64_t type.

    +

    BN_to_ASN1_INTEGER() and BN_to_ASN1_ENUMERATED() return an ASN1_INTEGER or +ASN1_ENUMERATED structure respectively or NULL if an error occurs. They will +only fail due to a memory allocation error.

    +

    ASN1_INTEGER_to_BN() and ASN1_ENUMERATED_to_BN() return a BIGNUM structure +of NULL if an error occurs. They can fail if the passed type is incorrect +(due to programming error) or due to a memory allocation failure.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3)

    +

    +

    +
    +

    HISTORY

    +

    ASN1_INTEGER_set_int64(), ASN1_INTEGER_get_int64(), +ASN1_ENUMERATED_set_int64() and ASN1_ENUMERATED_get_int64() +were added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/ASN1_ITEM_lookup.html b/linux_amd64/ssl/share/doc/openssl/html/man3/ASN1_ITEM_lookup.html new file mode 100755 index 0000000..5528ddb --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/ASN1_ITEM_lookup.html @@ -0,0 +1,75 @@ + + + + +ASN1_ITEM_lookup + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    ASN1_ITEM_lookup, ASN1_ITEM_get - lookup ASN.1 structures

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/asn1.h>
    +
    + const ASN1_ITEM *ASN1_ITEM_lookup(const char *name);
+ const ASN1_ITEM *ASN1_ITEM_get(size_t i);
    +

    +

    +
    +

    DESCRIPTION

    +

    ASN1_ITEM_lookup() returns the ASN1_ITEM named name.

    +

    ASN1_ITEM_get() returns the ASN1_ITEM with index i. This function +returns NULL if the index i is out of range.

    +

    +

    +
    +

    RETURN VALUES

    +

    ASN1_ITEM_lookup() and ASN1_ITEM_get() return a valid ASN1_ITEM structure +or NULL if an error occurred.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/ASN1_OBJECT_new.html b/linux_amd64/ssl/share/doc/openssl/html/man3/ASN1_OBJECT_new.html new file mode 100755 index 0000000..b1cf988 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/ASN1_OBJECT_new.html @@ -0,0 +1,87 @@ + + + + +ASN1_OBJECT_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    ASN1_OBJECT_new, ASN1_OBJECT_free - object allocation functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/asn1.h>
    +
    + ASN1_OBJECT *ASN1_OBJECT_new(void);
+ void ASN1_OBJECT_free(ASN1_OBJECT *a);
    +

    +

    +
    +

    DESCRIPTION

    +

    The ASN1_OBJECT allocation routines, allocate and free an +ASN1_OBJECT structure, which represents an ASN1 OBJECT IDENTIFIER.

    +

    ASN1_OBJECT_new() allocates and initializes an ASN1_OBJECT structure.

    +

    ASN1_OBJECT_free() frees up the ASN1_OBJECT structure a. +If a is NULL, nothing is done.

    +

    +

    +
    +

    NOTES

    +

    Although ASN1_OBJECT_new() allocates a new ASN1_OBJECT structure it +is almost never used in applications. The ASN1 object utility functions +such as OBJ_nid2obj() are used instead.

    +

    +

    +
    +

    RETURN VALUES

    +

    If the allocation fails, ASN1_OBJECT_new() returns NULL and sets an error +code that can be obtained by ERR_get_error(3). +Otherwise it returns a pointer to the newly allocated structure.

    +

    ASN1_OBJECT_free() returns no value.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), d2i_ASN1_OBJECT(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/ASN1_STRING_TABLE_add.html b/linux_amd64/ssl/share/doc/openssl/html/man3/ASN1_STRING_TABLE_add.html new file mode 100755 index 0000000..2a7fa1f --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/ASN1_STRING_TABLE_add.html @@ -0,0 +1,104 @@ + + + + +ASN1_STRING_TABLE_add + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    ASN1_STRING_TABLE, ASN1_STRING_TABLE_add, ASN1_STRING_TABLE_get, +ASN1_STRING_TABLE_cleanup - ASN1_STRING_TABLE manipulation functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/asn1.h>
    +
    + typedef struct asn1_string_table_st ASN1_STRING_TABLE;
    +
    + int ASN1_STRING_TABLE_add(int nid, long minsize, long maxsize,
+                           unsigned long mask, unsigned long flags);
+ ASN1_STRING_TABLE * ASN1_STRING_TABLE_get(int nid);
+ void ASN1_STRING_TABLE_cleanup(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    +

    +

    Types

    +

    ASN1_STRING_TABLE is a table which holds string information +(basically minimum size, maximum size, type and etc) for a NID object.

    +

    +

    +

    Functions

    +

    ASN1_STRING_TABLE_add() adds a new ASN1_STRING_TABLE item into the +local ASN1 string table based on the nid along with other parameters.

    +

    If the item is already in the table, fields of ASN1_STRING_TABLE are +updated (depending on the values of those parameters, e.g., minsize +and maxsize >= 0, mask and flags != 0). If the nid is standard, +a copy of the standard ASN1_STRING_TABLE is created and updated with +other parameters.

    +

    ASN1_STRING_TABLE_get() searches for an ASN1_STRING_TABLE item based +on nid. It will search the local table first, then the standard one.

    +

    ASN1_STRING_TABLE_cleanup() frees all ASN1_STRING_TABLE items added +by ASN1_STRING_TABLE_add().

    +

    +

    +
    +

    RETURN VALUES

    +

    ASN1_STRING_TABLE_add() returns 1 on success, 0 if an error occurred.

    +

    ASN1_STRING_TABLE_get() returns a valid ASN1_STRING_TABLE structure +or NULL if nothing is found.

    +

    ASN1_STRING_TABLE_cleanup() does not return a value.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/ASN1_STRING_length.html b/linux_amd64/ssl/share/doc/openssl/html/man3/ASN1_STRING_length.html new file mode 100755 index 0000000..458d81e --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/ASN1_STRING_length.html @@ -0,0 +1,135 @@ + + + + +ASN1_STRING_length + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    ASN1_STRING_dup, ASN1_STRING_cmp, ASN1_STRING_set, ASN1_STRING_length, +ASN1_STRING_type, ASN1_STRING_get0_data, ASN1_STRING_data, +ASN1_STRING_to_UTF8 - ASN1_STRING utility functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/asn1.h>
    +
    + int ASN1_STRING_length(ASN1_STRING *x);
+ const unsigned char * ASN1_STRING_get0_data(const ASN1_STRING *x);
+ unsigned char * ASN1_STRING_data(ASN1_STRING *x);
    +
    + ASN1_STRING * ASN1_STRING_dup(const ASN1_STRING *a);
    +
    + int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b);
    +
    + int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len);
    +
    + int ASN1_STRING_type(const ASN1_STRING *x);
    +
    + int ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in);
    +

    +

    +
    +

    DESCRIPTION

    +

    These functions allow an ASN1_STRING structure to be manipulated.

    +

    ASN1_STRING_length() returns the length of the content of x.

    +

    ASN1_STRING_get0_data() returns an internal pointer to the data of x. +Since this is an internal pointer it should not be freed or +modified in any way.

    +

    ASN1_STRING_data() is similar to ASN1_STRING_get0_data() except the +returned value is not constant. This function is deprecated: +applications should use ASN1_STRING_get0_data() instead.

    +

    ASN1_STRING_dup() returns a copy of the structure a.

    +

    ASN1_STRING_cmp() compares a and b returning 0 if the two +are identical. The string types and content are compared.

    +

    ASN1_STRING_set() sets the data of string str to the buffer +data or length len. The supplied data is copied. If len +is -1 then the length is determined by strlen(data).

    +

    ASN1_STRING_type() returns the type of x, using standard constants +such as V_ASN1_OCTET_STRING.

    +

    ASN1_STRING_to_UTF8() converts the string in to UTF8 format, the +converted data is allocated in a buffer in *out. The length of +out is returned or a negative error code. The buffer *out +should be freed using OPENSSL_free().

    +

    +

    +
    +

    NOTES

    +

    Almost all ASN1 types in OpenSSL are represented as an ASN1_STRING +structure. Other types such as ASN1_OCTET_STRING are simply typedef'ed +to ASN1_STRING and the functions call the ASN1_STRING equivalents. +ASN1_STRING is also used for some CHOICE types which consist +entirely of primitive string types such as DirectoryString and +Time.

    +

    These functions should not be used to examine or modify ASN1_INTEGER +or ASN1_ENUMERATED types: the relevant INTEGER or ENUMERATED +utility functions should be used instead.

    +

    In general it cannot be assumed that the data returned by ASN1_STRING_data() +is null terminated or does not contain embedded nulls. The actual format +of the data will depend on the actual string type itself: for example +for an IA5String the data will be ASCII, for a BMPString two bytes per +character in big endian format, and for an UTF8String it will be in UTF8 format.

    +

    Similar care should be take to ensure the data is in the correct format +when calling ASN1_STRING_set().

    +

    +

    +
    +

    RETURN VALUES

    +

    ASN1_STRING_length() returns the length of the content of x.

    +

    ASN1_STRING_get0_data() and ASN1_STRING_data() return an internal pointer to +the data of x.

    +

    ASN1_STRING_dup() returns a valid ASN1_STRING structure or NULL if an +error occurred.

    +

    ASN1_STRING_cmp() returns an integer greater than, equal to, or less than 0, +according to whether a is greater than, equal to, or less than b.

    +

    ASN1_STRING_set() returns 1 on success or 0 on error.

    +

    ASN1_STRING_type() returns the type of x.

    +

    ASN1_STRING_to_UTF8() returns the number of bytes in output string out or a +negative value if an error occurred.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/ASN1_STRING_new.html b/linux_amd64/ssl/share/doc/openssl/html/man3/ASN1_STRING_new.html new file mode 100755 index 0000000..8884c7f --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/ASN1_STRING_new.html @@ -0,0 +1,88 @@ + + + + +ASN1_STRING_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    ASN1_STRING_new, ASN1_STRING_type_new, ASN1_STRING_free - +ASN1_STRING allocation functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/asn1.h>
    +
    + ASN1_STRING * ASN1_STRING_new(void);
+ ASN1_STRING * ASN1_STRING_type_new(int type);
+ void ASN1_STRING_free(ASN1_STRING *a);
    +

    +

    +
    +

    DESCRIPTION

    +

    ASN1_STRING_new() returns an allocated ASN1_STRING structure. Its type +is undefined.

    +

    ASN1_STRING_type_new() returns an allocated ASN1_STRING structure of +type type.

    +

    ASN1_STRING_free() frees up a. +If a is NULL nothing is done.

    +

    +

    +
    +

    NOTES

    +

    Other string types call the ASN1_STRING functions. For example +ASN1_OCTET_STRING_new() calls ASN1_STRING_type(V_ASN1_OCTET_STRING).

    +

    +

    +
    +

    RETURN VALUES

    +

    ASN1_STRING_new() and ASN1_STRING_type_new() return a valid +ASN1_STRING structure or NULL if an error occurred.

    +

    ASN1_STRING_free() does not return a value.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/ASN1_STRING_print_ex.html b/linux_amd64/ssl/share/doc/openssl/html/man3/ASN1_STRING_print_ex.html new file mode 100755 index 0000000..d28dbb3 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/ASN1_STRING_print_ex.html @@ -0,0 +1,135 @@ + + + + +ASN1_STRING_print_ex + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    ASN1_tag2str, ASN1_STRING_print_ex, ASN1_STRING_print_ex_fp, ASN1_STRING_print +- ASN1_STRING output routines

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/asn1.h>
    +
    + int ASN1_STRING_print_ex(BIO *out, const ASN1_STRING *str, unsigned long flags);
+ int ASN1_STRING_print_ex_fp(FILE *fp, const ASN1_STRING *str, unsigned long flags);
+ int ASN1_STRING_print(BIO *out, const ASN1_STRING *str);
    +
    + const char *ASN1_tag2str(int tag);
    +

    +

    +
    +

    DESCRIPTION

    +

    These functions output an ASN1_STRING structure. ASN1_STRING is used to +represent all the ASN1 string types.

    +

    ASN1_STRING_print_ex() outputs str to out, the format is determined by +the options flags. ASN1_STRING_print_ex_fp() is identical except it outputs +to fp instead.

    +

    ASN1_STRING_print() prints str to out but using a different format to +ASN1_STRING_print_ex(). It replaces unprintable characters (other than CR, LF) +with '.'.

    +

    ASN1_tag2str() returns a human-readable name of the specified ASN.1 tag.

    +

    +

    +
    +

    NOTES

    +

    ASN1_STRING_print() is a deprecated function which should be avoided; use +ASN1_STRING_print_ex() instead.

    +

    Although there are a large number of options frequently ASN1_STRFLGS_RFC2253 is +suitable, or on UTF8 terminals ASN1_STRFLGS_RFC2253 & ~ASN1_STRFLGS_ESC_MSB.

    +

    The complete set of supported options for flags is listed below.

    +

    Various characters can be escaped. If ASN1_STRFLGS_ESC_2253 is set the characters +determined by RFC2253 are escaped. If ASN1_STRFLGS_ESC_CTRL is set control +characters are escaped. If ASN1_STRFLGS_ESC_MSB is set characters with the +MSB set are escaped: this option should not be used if the terminal correctly +interprets UTF8 sequences.

    +

    Escaping takes several forms.

    +

    If the character being escaped is a 16 bit character then the form "\UXXXX" is used +using exactly four characters for the hex representation. If it is 32 bits then +"\WXXXXXXXX" is used using eight characters of its hex representation. These forms +will only be used if UTF8 conversion is not set (see below).

    +

    Printable characters are normally escaped using the backslash '\' character. If +ASN1_STRFLGS_ESC_QUOTE is set then the whole string is instead surrounded by +double quote characters: this is arguably more readable than the backslash +notation. Other characters use the "\XX" using exactly two characters of the hex +representation.

    +

    If ASN1_STRFLGS_UTF8_CONVERT is set then characters are converted to UTF8 +format first. If the terminal supports the display of UTF8 sequences then this +option will correctly display multi byte characters.

    +

    If ASN1_STRFLGS_IGNORE_TYPE is set then the string type is not interpreted at +all: everything is assumed to be one byte per character. This is primarily for +debugging purposes and can result in confusing output in multi character strings.

    +

    If ASN1_STRFLGS_SHOW_TYPE is set then the string type itself is printed out +before its value (for example "BMPSTRING"), this actually uses ASN1_tag2str().

    +

    The content of a string instead of being interpreted can be "dumped": this just +outputs the value of the string using the form #XXXX using hex format for each +octet.

    +

    If ASN1_STRFLGS_DUMP_ALL is set then any type is dumped.

    +

    Normally non character string types (such as OCTET STRING) are assumed to be +one byte per character, if ASN1_STRFLGS_DUMP_UNKNOWN is set then they will +be dumped instead.

    +

    When a type is dumped normally just the content octets are printed, if +ASN1_STRFLGS_DUMP_DER is set then the complete encoding is dumped +instead (including tag and length octets).

    +

    ASN1_STRFLGS_RFC2253 includes all the flags required by RFC2253. It is +equivalent to: + ASN1_STRFLGS_ESC_2253 | ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB | + ASN1_STRFLGS_UTF8_CONVERT | ASN1_STRFLGS_DUMP_UNKNOWN ASN1_STRFLGS_DUMP_DER

    +

    +

    +
    +

    RETURN VALUES

    +

    ASN1_STRING_print_ex() and ASN1_STRING_print_ex_fp() return the number of +characters written or -1 if an error occurred.

    +

    ASN1_STRING_print() returns 1 on success or 0 on error.

    +

    ASN1_tag2str() returns a human-readable name of the specified ASN.1 tag.

    +

    +

    +
    +

    SEE ALSO

    +

    X509_NAME_print_ex(3), +ASN1_tag2str(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/ASN1_TIME_set.html b/linux_amd64/ssl/share/doc/openssl/html/man3/ASN1_TIME_set.html new file mode 100755 index 0000000..22f0e69 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/ASN1_TIME_set.html @@ -0,0 +1,287 @@ + + + + +ASN1_TIME_set + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    ASN1_TIME_set, ASN1_UTCTIME_set, ASN1_GENERALIZEDTIME_set, +ASN1_TIME_adj, ASN1_UTCTIME_adj, ASN1_GENERALIZEDTIME_adj, +ASN1_TIME_check, ASN1_UTCTIME_check, ASN1_GENERALIZEDTIME_check, +ASN1_TIME_set_string, ASN1_UTCTIME_set_string, ASN1_GENERALIZEDTIME_set_string, +ASN1_TIME_set_string_X509, +ASN1_TIME_normalize, +ASN1_TIME_to_tm, +ASN1_TIME_print, ASN1_UTCTIME_print, ASN1_GENERALIZEDTIME_print, +ASN1_TIME_diff, +ASN1_TIME_cmp_time_t, ASN1_UTCTIME_cmp_time_t, +ASN1_TIME_compare, +ASN1_TIME_to_generalizedtime, +ASN1_TIME_dup, ASN1_UTCTIME_dup, ASN1_GENERALIZEDTIME_dup - ASN.1 Time functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t);
+ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t);
+ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
+                                                time_t t);
    +
    + ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t, int offset_day,
+                          long offset_sec);
+ ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
+                                int offset_day, long offset_sec);
+ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s,
+                                                time_t t, int offset_day,
+                                                long offset_sec);
    +
    + int ASN1_TIME_set_string(ASN1_TIME *s, const char *str);
+ int ASN1_TIME_set_string_X509(ASN1_TIME *s, const char *str);
+ int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str);
+ int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s,
+                                     const char *str);
    +
    + int ASN1_TIME_normalize(ASN1_TIME *s);
    +
    + int ASN1_TIME_check(const ASN1_TIME *t);
+ int ASN1_UTCTIME_check(const ASN1_UTCTIME *t);
+ int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *t);
    +
    + int ASN1_TIME_print(BIO *b, const ASN1_TIME *s);
+ int ASN1_UTCTIME_print(BIO *b, const ASN1_UTCTIME *s);
+ int ASN1_GENERALIZEDTIME_print(BIO *b, const ASN1_GENERALIZEDTIME *s);
    +
    + int ASN1_TIME_to_tm(const ASN1_TIME *s, struct tm *tm);
+ int ASN1_TIME_diff(int *pday, int *psec, const ASN1_TIME *from,
+                    const ASN1_TIME *to);
    +
    + int ASN1_TIME_cmp_time_t(const ASN1_TIME *s, time_t t);
+ int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t);
    +
    + int ASN1_TIME_compare(const ASN1_TIME *a, const ASN1_TIME *b);
    +
    + ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t,
+                                                    ASN1_GENERALIZEDTIME **out);
    +
    + ASN1_TIME *ASN1_TIME_dup(const ASN1_TIME *t);
+ ASN1_UTCTIME *ASN1_UTCTIME_dup(const ASN1_UTCTIME *t);
+ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_dup(const ASN1_GENERALIZEDTIME *t);
    +

    +

    +
    +

    DESCRIPTION

    +

    The ASN1_TIME_set(), ASN1_UTCTIME_set() and ASN1_GENERALIZEDTIME_set() +functions set the structure s to the time represented by the time_t +value t. If s is NULL a new time structure is allocated and returned.

    +

    The ASN1_TIME_adj(), ASN1_UTCTIME_adj() and ASN1_GENERALIZEDTIME_adj() +functions set the time structure s to the time represented +by the time offset_day and offset_sec after the time_t value t. +The values of offset_day or offset_sec can be negative to set a +time before t. The offset_sec value can also exceed the number of +seconds in a day. If s is NULL a new structure is allocated +and returned.

    +

    The ASN1_TIME_set_string(), ASN1_UTCTIME_set_string() and +ASN1_GENERALIZEDTIME_set_string() functions set the time structure s +to the time represented by string str which must be in appropriate ASN.1 +time format (for example YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ). If s is NULL +this function performs a format check on str only. The string str +is copied into s.

    +

    ASN1_TIME_set_string_X509() sets ASN1_TIME structure s to the time +represented by string str which must be in appropriate time format +that RFC 5280 requires, which means it only allows YYMMDDHHMMSSZ and +YYYYMMDDHHMMSSZ (leap second is rejected), all other ASN.1 time format +are not allowed. If s is NULL this function performs a format check +on str only.

    +

    The ASN1_TIME_normalize() function converts an ASN1_GENERALIZEDTIME or +ASN1_UTCTIME into a time value that can be used in a certificate. It +should be used after the ASN1_TIME_set_string() functions and before +ASN1_TIME_print() functions to get consistent (i.e. GMT) results.

    +

    The ASN1_TIME_check(), ASN1_UTCTIME_check() and ASN1_GENERALIZEDTIME_check() +functions check the syntax of the time structure s.

    +

    The ASN1_TIME_print(), ASN1_UTCTIME_print() and ASN1_GENERALIZEDTIME_print() +functions print the time structure s to BIO b in human readable +format. It will be of the format MMM DD HH:MM:SS YYYY [GMT], for example +"Feb 3 00:55:52 2015 GMT" it does not include a newline. If the time +structure has invalid format it prints out "Bad time value" and returns +an error. The output for generalized time may include a fractional part +following the second.

    +

    ASN1_TIME_to_tm() converts the time s to the standard tm structure. +If s is NULL, then the current time is converted. The output time is GMT. +The tm_sec, tm_min, tm_hour, tm_mday, tm_wday, tm_yday, +tm_mon and tm_year fields of tm structure are set to proper values, +whereas all other fields are set to 0. If tm is NULL this function performs +a format check on s only. If s is in Generalized format with fractional +seconds, e.g. YYYYMMDDHHMMSS.SSSZ, the fractional seconds will be lost while +converting s to tm structure.

    +

    ASN1_TIME_diff() sets *pday and *psec to the time difference between +from and to. If to represents a time later than from then +one or both (depending on the time difference) of *pday and *psec +will be positive. If to represents a time earlier than from then +one or both of *pday and *psec will be negative. If to and from +represent the same time then *pday and *psec will both be zero. +If both *pday and *psec are nonzero they will always have the same +sign. The value of *psec will always be less than the number of seconds +in a day. If from or to is NULL the current time is used.

    +

    The ASN1_TIME_cmp_time_t() and ASN1_UTCTIME_cmp_time_t() functions compare +the two times represented by the time structure s and the time_t t.

    +

    The ASN1_TIME_compare() function compares the two times represented by the +time structures a and b.

    +

    The ASN1_TIME_to_generalizedtime() function converts an ASN1_TIME to an +ASN1_GENERALIZEDTIME, regardless of year. If either out or +*out are NULL, then a new object is allocated and must be freed after use.

    +

    The ASN1_TIME_dup(), ASN1_UTCTIME_dup() and ASN1_GENERALIZEDTIME_dup() functions +duplicate the time structure t and return the duplicated result +correspondingly.

    +

    +

    +
    +

    NOTES

    +

    The ASN1_TIME structure corresponds to the ASN.1 structure Time +defined in RFC5280 et al. The time setting functions obey the rules outlined +in RFC5280: if the date can be represented by UTCTime it is used, else +GeneralizedTime is used.

    +

    The ASN1_TIME, ASN1_UTCTIME and ASN1_GENERALIZEDTIME structures are +represented as an ASN1_STRING internally and can be freed up using +ASN1_STRING_free().

    +

    The ASN1_TIME structure can represent years from 0000 to 9999 but no attempt +is made to correct ancient calendar changes (for example from Julian to +Gregorian calendars).

    +

    ASN1_UTCTIME is limited to a year range of 1950 through 2049.

    +

    Some applications add offset times directly to a time_t value and pass the +results to ASN1_TIME_set() (or equivalent). This can cause problems as the +time_t value can overflow on some systems resulting in unexpected results. +New applications should use ASN1_TIME_adj() instead and pass the offset value +in the offset_sec and offset_day parameters instead of directly +manipulating a time_t value.

    +

    ASN1_TIME_adj() may change the type from ASN1_GENERALIZEDTIME to +ASN1_UTCTIME, or vice versa, based on the resulting year. +ASN1_GENERALIZEDTIME_adj() and ASN1_UTCTIME_adj() will not modify the type +of the return structure.

    +

    It is recommended that functions starting with ASN1_TIME be used instead of +those starting with ASN1_UTCTIME or ASN1_GENERALIZEDTIME. The functions +starting with ASN1_UTCTIME and ASN1_GENERALIZEDTIME act only on that +specific time format. The functions starting with ASN1_TIME will operate on +either format.

    +

    +

    +
    +

    BUGS

    +

    ASN1_TIME_print(), ASN1_UTCTIME_print() and ASN1_GENERALIZEDTIME_print() +do not print out the timezone: it either prints out "GMT" or nothing. But all +certificates complying with RFC5280 et al use GMT anyway.

    +

    Use the ASN1_TIME_normalize() function to normalize the time value before +printing to get GMT results.

    +

    +

    +
    +

    RETURN VALUES

    +

    ASN1_TIME_set(), ASN1_UTCTIME_set(), ASN1_GENERALIZEDTIME_set(), +ASN1_TIME_adj(), ASN1_UTCTIME_adj() and ASN1_GENERALIZEDTIME_set() return +a pointer to a time structure or NULL if an error occurred.

    +

    ASN1_TIME_set_string(), ASN1_UTCTIME_set_string(), +ASN1_GENERALIZEDTIME_set_string() and ASN1_TIME_set_string_X509() return +1 if the time value is successfully set and 0 otherwise.

    +

    ASN1_TIME_normalize() returns 1 on success, and 0 on error.

    +

    ASN1_TIME_check(), ASN1_UTCTIME_check and ASN1_GENERALIZEDTIME_check() return 1 +if the structure is syntactically correct and 0 otherwise.

    +

    ASN1_TIME_print(), ASN1_UTCTIME_print() and ASN1_GENERALIZEDTIME_print() return +1 if the time is successfully printed out and 0 if an error occurred (I/O error +or invalid time format).

    +

    ASN1_TIME_to_tm() returns 1 if the time is successfully parsed and 0 if an +error occurred (invalid time format).

    +

    ASN1_TIME_diff() returns 1 for success and 0 for failure. It can fail if the +passed-in time structure has invalid syntax, for example.

    +

    ASN1_TIME_cmp_time_t() and ASN1_UTCTIME_cmp_time_t() return -1 if s is +before t, 0 if s equals t, or 1 if s is after t. -2 is returned +on error.

    +

    ASN1_TIME_compare() returns -1 if a is before b, 0 if a equals b, +or 1 if a is after b. -2 is returned on error.

    +

    ASN1_TIME_to_generalizedtime() returns a pointer to the appropriate time +structure on success or NULL if an error occurred.

    +

    ASN1_TIME_dup(), ASN1_UTCTIME_dup() and ASN1_GENERALIZEDTIME_dup() return a +pointer to a time structure or NULL if an error occurred.

    +

    +

    +
    +

    EXAMPLES

    +

    Set a time structure to one hour after the current time and print it out:

    +
    + #include <time.h>
+ #include <openssl/asn1.h>
    +
    + ASN1_TIME *tm;
+ time_t t;
+ BIO *b;
    +
    + t = time(NULL);
+ tm = ASN1_TIME_adj(NULL, t, 0, 60 * 60);
+ b = BIO_new_fp(stdout, BIO_NOCLOSE);
+ ASN1_TIME_print(b, tm);
+ ASN1_STRING_free(tm);
+ BIO_free(b);
    +

    Determine if one time is later or sooner than the current time:

    +
    + int day, sec;
    +
    + if (!ASN1_TIME_diff(&day, &sec, NULL, to))
+     /* Invalid time format */
    +
    + if (day > 0 || sec > 0)
+     printf("Later\n");
+ else if (day < 0 || sec < 0)
+     printf("Sooner\n");
+ else
+     printf("Same\n");
    +

    +

    +
    +

    HISTORY

    +

    The ASN1_TIME_to_tm() function was added in OpenSSL 1.1.1. +The ASN1_TIME_set_string_X509() function was added in OpenSSL 1.1.1. +The ASN1_TIME_normalize() function was added in OpenSSL 1.1.1. +The ASN1_TIME_cmp_time_t() function was added in OpenSSL 1.1.1. +The ASN1_TIME_compare() function was added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/ASN1_TYPE_get.html b/linux_amd64/ssl/share/doc/openssl/html/man3/ASN1_TYPE_get.html new file mode 100755 index 0000000..cd120ca --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/ASN1_TYPE_get.html @@ -0,0 +1,125 @@ + + + + +ASN1_TYPE_get + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    ASN1_TYPE_get, ASN1_TYPE_set, ASN1_TYPE_set1, ASN1_TYPE_cmp, ASN1_TYPE_unpack_sequence, ASN1_TYPE_pack_sequence - ASN1_TYPE utility +functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/asn1.h>
    +
    + int ASN1_TYPE_get(const ASN1_TYPE *a);
+ void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);
+ int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value);
+ int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b);
    +
    + void *ASN1_TYPE_unpack_sequence(const ASN1_ITEM *it, const ASN1_TYPE *t);
+ ASN1_TYPE *ASN1_TYPE_pack_sequence(const ASN1_ITEM *it, void *s,
+                                    ASN1_TYPE **t);
    +

    +

    +
    +

    DESCRIPTION

    +

    These functions allow an ASN1_TYPE structure to be manipulated. The +ASN1_TYPE structure can contain any ASN.1 type or constructed type +such as a SEQUENCE: it is effectively equivalent to the ASN.1 ANY type.

    +

    ASN1_TYPE_get() returns the type of a.

    +

    ASN1_TYPE_set() sets the value of a to type and value. This +function uses the pointer value internally so it must not be freed +up after the call.

    +

    ASN1_TYPE_set1() sets the value of a to type a copy of value.

    +

    ASN1_TYPE_cmp() compares ASN.1 types a and b and returns 0 if +they are identical and nonzero otherwise.

    +

    ASN1_TYPE_unpack_sequence() attempts to parse the SEQUENCE present in +t using the ASN.1 structure it. If successful it returns a pointer +to the ASN.1 structure corresponding to it which must be freed by the +caller. If it fails it return NULL.

    +

    ASN1_TYPE_pack_sequence() attempts to encode the ASN.1 structure s +corresponding to it into an ASN1_TYPE. If successful the encoded +ASN1_TYPE is returned. If t and *t are not NULL the encoded type +is written to t overwriting any existing data. If t is not NULL +but *t is NULL the returned ASN1_TYPE is written to *t.

    +

    +

    +
    +

    NOTES

    +

    The type and meaning of the value parameter for ASN1_TYPE_set() and +ASN1_TYPE_set1() is determined by the type parameter. +If type is V_ASN1_NULL value is ignored. If type is +V_ASN1_BOOLEAN +then the boolean is set to TRUE if value is not NULL. If type is +V_ASN1_OBJECT then value is an ASN1_OBJECT structure. Otherwise type +is and ASN1_STRING structure. If type corresponds to a primitive type +(or a string type) then the contents of the ASN1_STRING contain the content +octets of the type. If type corresponds to a constructed type or +a tagged type (V_ASN1_SEQUENCE, V_ASN1_SET or V_ASN1_OTHER) then the +ASN1_STRING contains the entire ASN.1 encoding verbatim (including tag and +length octets).

    +

    ASN1_TYPE_cmp() may not return zero if two types are equivalent but have +different encodings. For example the single content octet of the boolean TRUE +value under BER can have any nonzero encoding but ASN1_TYPE_cmp() will +only return zero if the values are the same.

    +

    If either or both of the parameters passed to ASN1_TYPE_cmp() is NULL the +return value is nonzero. Technically if both parameters are NULL the two +types could be absent OPTIONAL fields and so should match, however passing +NULL values could also indicate a programming error (for example an +unparsable type which returns NULL) for types which do not match. So +applications should handle the case of two absent values separately.

    +

    +

    +
    +

    RETURN VALUES

    +

    ASN1_TYPE_get() returns the type of the ASN1_TYPE argument.

    +

    ASN1_TYPE_set() does not return a value.

    +

    ASN1_TYPE_set1() returns 1 for success and 0 for failure.

    +

    ASN1_TYPE_cmp() returns 0 if the types are identical and nonzero otherwise.

    +

    ASN1_TYPE_unpack_sequence() returns a pointer to an ASN.1 structure or +NULL on failure.

    +

    ASN1_TYPE_pack_sequence() return an ASN1_TYPE structure if it succeeds or +NULL on failure.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/ASN1_generate_nconf.html b/linux_amd64/ssl/share/doc/openssl/html/man3/ASN1_generate_nconf.html new file mode 100755 index 0000000..9c8cbcf --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/ASN1_generate_nconf.html @@ -0,0 +1,314 @@ + + + + +ASN1_generate_nconf + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    ASN1_generate_nconf, ASN1_generate_v3 - ASN1 generation functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/asn1.h>
    +
    + ASN1_TYPE *ASN1_generate_nconf(const char *str, CONF *nconf);
+ ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf);
    +

    +

    +
    +

    DESCRIPTION

    +

    These functions generate the ASN1 encoding of a string +in an ASN1_TYPE structure.

    +

    str contains the string to encode nconf or cnf contains +the optional configuration information where additional strings +will be read from. nconf will typically come from a config +file whereas cnf is obtained from an X509V3_CTX structure +which will typically be used by X509 v3 certificate extension +functions. cnf or nconf can be set to NULL if no additional +configuration will be used.

    +

    +

    +
    +

    GENERATION STRING FORMAT

    +

    The actual data encoded is determined by the string str and +the configuration information. The general format of the string +is:

    +
    +
    [modifier,]type[:value]
    + +
    +

    That is zero or more comma separated modifiers followed by a type +followed by an optional colon and a value. The formats of type, +value and modifier are explained below.

    +

    +

    +

    Supported Types

    +

    The supported types are listed below. Unless otherwise specified +only the ASCII format is permissible.

    +
    +
    BOOLEAN, BOOL
    + +
    +

    This encodes a boolean type. The value string is mandatory and +should be TRUE or FALSE. Additionally TRUE, true, Y, +y, YES, yes, FALSE, false, N, n, NO and no +are acceptable.

    +
    +
    NULL
    + +
    +

    Encode the NULL type, the value string must not be present.

    +
    +
    INTEGER, INT
    + +
    +

    Encodes an ASN1 INTEGER type. The value string represents +the value of the integer, it can be prefaced by a minus sign and +is normally interpreted as a decimal value unless the prefix 0x +is included.

    +
    +
    ENUMERATED, ENUM
    + +
    +

    Encodes the ASN1 ENUMERATED type, it is otherwise identical to +INTEGER.

    +
    +
    OBJECT, OID
    + +
    +

    Encodes an ASN1 OBJECT IDENTIFIER, the value string can be +a short name, a long name or numerical format.

    +
    +
    UTCTIME, UTC
    + +
    +

    Encodes an ASN1 UTCTime structure, the value should be in +the format YYMMDDHHMMSSZ.

    +
    +
    GENERALIZEDTIME, GENTIME
    + +
    +

    Encodes an ASN1 GeneralizedTime structure, the value should be in +the format YYYYMMDDHHMMSSZ.

    +
    +
    OCTETSTRING, OCT
    + +
    +

    Encodes an ASN1 OCTET STRING. value represents the contents +of this structure, the format strings ASCII and HEX can be +used to specify the format of value.

    +
    +
    BITSTRING, BITSTR
    + +
    +

    Encodes an ASN1 BIT STRING. value represents the contents +of this structure, the format strings ASCII, HEX and BITLIST +can be used to specify the format of value.

    +

    If the format is anything other than BITLIST the number of unused +bits is set to zero.

    +
    +
    UNIVERSALSTRING, UNIV, IA5, IA5STRING, UTF8, +UTF8String, BMP, BMPSTRING, VISIBLESTRING, +VISIBLE, PRINTABLESTRING, PRINTABLE, T61, +T61STRING, TELETEXSTRING, GeneralString, NUMERICSTRING, +NUMERIC
    + +
    +

    These encode the corresponding string types. value represents the +contents of this structure. The format can be ASCII or UTF8.

    +
    +
    SEQUENCE, SEQ, SET
    + +
    +

    Formats the result as an ASN1 SEQUENCE or SET type. value +should be a section name which will contain the contents. The +field names in the section are ignored and the values are in the +generated string format. If value is absent then an empty SEQUENCE +will be encoded.

    +
    +
    +

    +

    +

    Modifiers

    +

    Modifiers affect the following structure, they can be used to +add EXPLICIT or IMPLICIT tagging, add wrappers or to change +the string format of the final type and value. The supported +formats are documented below.

    +
    +
    EXPLICIT, EXP
    + +
    +

    Add an explicit tag to the following structure. This string +should be followed by a colon and the tag value to use as a +decimal value.

    +

    By following the number with U, A, P or C UNIVERSAL, +APPLICATION, PRIVATE or CONTEXT SPECIFIC tagging can be used, +the default is CONTEXT SPECIFIC.

    +
    +
    IMPLICIT, IMP
    + +
    +

    This is the same as EXPLICIT except IMPLICIT tagging is used +instead.

    +
    +
    OCTWRAP, SEQWRAP, SETWRAP, BITWRAP
    + +
    +

    The following structure is surrounded by an OCTET STRING, a SEQUENCE, +a SET or a BIT STRING respectively. For a BIT STRING the number of unused +bits is set to zero.

    +
    +
    FORMAT
    + +
    +

    This specifies the format of the ultimate value. It should be followed +by a colon and one of the strings ASCII, UTF8, HEX or BITLIST.

    +

    If no format specifier is included then ASCII is used. If UTF8 is +specified then the value string must be a valid UTF8 string. For HEX the +output must be a set of hex digits. BITLIST (which is only valid for a BIT +STRING) is a comma separated list of the indices of the set bits, all other +bits are zero.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    ASN1_generate_nconf() and ASN1_generate_v3() return the encoded +data as an ASN1_TYPE structure or NULL if an error occurred.

    +

    The error codes that can be obtained by ERR_get_error(3).

    +

    +

    +
    +

    EXAMPLES

    +

    A simple IA5String:

    +
    + IA5STRING:Hello World
    +

    An IA5String explicitly tagged:

    +
    + EXPLICIT:0,IA5STRING:Hello World
    +

    An IA5String explicitly tagged using APPLICATION tagging:

    +
    + EXPLICIT:0A,IA5STRING:Hello World
    +

    A BITSTRING with bits 1 and 5 set and all others zero:

    +
    + FORMAT:BITLIST,BITSTRING:1,5
    +

    A more complex example using a config file to produce a +SEQUENCE consisting of a BOOL an OID and a UTF8String:

    +
    + asn1 = SEQUENCE:seq_section
    +
    + [seq_section]
    +
    + field1 = BOOLEAN:TRUE
+ field2 = OID:commonName
+ field3 = UTF8:Third field
    +

    This example produces an RSAPrivateKey structure, this is the +key contained in the file client.pem in all OpenSSL distributions +(note: the field names such as 'coeff' are ignored and are present just +for clarity):

    +
    + asn1=SEQUENCE:private_key
+ [private_key]
+ version=INTEGER:0
    +
    + n=INTEGER:0xBB6FE79432CC6EA2D8F970675A5A87BFBE1AFF0BE63E879F2AFFB93644\
+ D4D2C6D000430DEC66ABF47829E74B8C5108623A1C0EE8BE217B3AD8D36D5EB4FCA1D9
    +
    + e=INTEGER:0x010001
    +
    + d=INTEGER:0x6F05EAD2F27FFAEC84BEC360C4B928FD5F3A9865D0FCAAD291E2A52F4A\
+ F810DC6373278C006A0ABBA27DC8C63BF97F7E666E27C5284D7D3B1FFFE16B7A87B51D
    +
    + p=INTEGER:0xF3929B9435608F8A22C208D86795271D54EBDFB09DDEF539AB083DA912\
+ D4BD57
    +
    + q=INTEGER:0xC50016F89DFF2561347ED1186A46E150E28BF2D0F539A1594BBD7FE467\
+ 46EC4F
    +
    + exp1=INTEGER:0x9E7D4326C924AFC1DEA40B45650134966D6F9DFA3A7F9D698CD4ABEA\
+ 9C0A39B9
    +
    + exp2=INTEGER:0xBA84003BB95355AFB7C50DF140C60513D0BA51D637272E355E397779\
+ E7B2458F
    +
    + coeff=INTEGER:0x30B9E4F2AFA5AC679F920FC83F1F2DF1BAF1779CF989447FABC2F5\
+ 628657053A
    +

    This example is the corresponding public key in a SubjectPublicKeyInfo +structure:

    +
    + # Start with a SEQUENCE
+ asn1=SEQUENCE:pubkeyinfo
    +
    + # pubkeyinfo contains an algorithm identifier and the public key wrapped
+ # in a BIT STRING
+ [pubkeyinfo]
+ algorithm=SEQUENCE:rsa_alg
+ pubkey=BITWRAP,SEQUENCE:rsapubkey
    +
    + # algorithm ID for RSA is just an OID and a NULL
+ [rsa_alg]
+ algorithm=OID:rsaEncryption
+ parameter=NULL
    +
    + # Actual public key: modulus and exponent
+ [rsapubkey]
+ n=INTEGER:0xBB6FE79432CC6EA2D8F970675A5A87BFBE1AFF0BE63E879F2AFFB93644\
+ D4D2C6D000430DEC66ABF47829E74B8C5108623A1C0EE8BE217B3AD8D36D5EB4FCA1D9
    +
    + e=INTEGER:0x010001
    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/ASYNC_WAIT_CTX_new.html b/linux_amd64/ssl/share/doc/openssl/html/man3/ASYNC_WAIT_CTX_new.html new file mode 100755 index 0000000..2f26b4a --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/ASYNC_WAIT_CTX_new.html @@ -0,0 +1,252 @@ + + + + +ASYNC_WAIT_CTX_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    ASYNC_WAIT_CTX_new, ASYNC_WAIT_CTX_free, ASYNC_WAIT_CTX_set_wait_fd, +ASYNC_WAIT_CTX_get_fd, ASYNC_WAIT_CTX_get_all_fds, +ASYNC_WAIT_CTX_get_changed_fds, ASYNC_WAIT_CTX_clear_fd, +ASYNC_WAIT_CTX_set_callback, ASYNC_WAIT_CTX_get_callback, +ASYNC_WAIT_CTX_set_status, ASYNC_WAIT_CTX_get_status, ASYNC_callback_fn, +ASYNC_STATUS_UNSUPPORTED, ASYNC_STATUS_ERR, ASYNC_STATUS_OK, +ASYNC_STATUS_EAGAIN +- functions to manage waiting for asynchronous jobs to complete

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/async.h>
    +
    + #define ASYNC_STATUS_UNSUPPORTED    0
+ #define ASYNC_STATUS_ERR            1
+ #define ASYNC_STATUS_OK             2
+ #define ASYNC_STATUS_EAGAIN         3
+ typedef int (*ASYNC_callback_fn)(void *arg);
+ ASYNC_WAIT_CTX *ASYNC_WAIT_CTX_new(void);
+ void ASYNC_WAIT_CTX_free(ASYNC_WAIT_CTX *ctx);
+ int ASYNC_WAIT_CTX_set_wait_fd(ASYNC_WAIT_CTX *ctx, const void *key,
+                                OSSL_ASYNC_FD fd,
+                                void *custom_data,
+                                void (*cleanup)(ASYNC_WAIT_CTX *, const void *,
+                                                OSSL_ASYNC_FD, void *));
+ int ASYNC_WAIT_CTX_get_fd(ASYNC_WAIT_CTX *ctx, const void *key,
+                           OSSL_ASYNC_FD *fd, void **custom_data);
+ int ASYNC_WAIT_CTX_get_all_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *fd,
+                                size_t *numfds);
+ int ASYNC_WAIT_CTX_get_changed_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *addfd,
+                                    size_t *numaddfds, OSSL_ASYNC_FD *delfd,
+                                    size_t *numdelfds);
+ int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key);
+ int ASYNC_WAIT_CTX_set_callback(ASYNC_WAIT_CTX *ctx,
+                                 ASYNC_callback_fn callback,
+                                 void *callback_arg);
+ int ASYNC_WAIT_CTX_get_callback(ASYNC_WAIT_CTX *ctx,
+                                 ASYNC_callback_fn *callback,
+                                 void **callback_arg);
+ int ASYNC_WAIT_CTX_set_status(ASYNC_WAIT_CTX *ctx, int status);
+ int ASYNC_WAIT_CTX_get_status(ASYNC_WAIT_CTX *ctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    For an overview of how asynchronous operations are implemented in OpenSSL see +ASYNC_start_job(3). An ASYNC_WAIT_CTX object represents an asynchronous +"session", i.e. a related set of crypto operations. For example in SSL terms +this would have a one-to-one correspondence with an SSL connection.

    +

    Application code must create an ASYNC_WAIT_CTX using the ASYNC_WAIT_CTX_new() +function prior to calling ASYNC_start_job() (see ASYNC_start_job(3)). When +the job is started it is associated with the ASYNC_WAIT_CTX for the duration +of that job. An ASYNC_WAIT_CTX should only be used for one ASYNC_JOB at +any one time, but can be reused after an ASYNC_JOB has finished for a +subsequent ASYNC_JOB. When the session is complete (e.g. the SSL connection +is closed), application code cleans up with ASYNC_WAIT_CTX_free().

    +

    ASYNC_WAIT_CTXs can have "wait" file descriptors associated with them. +Calling ASYNC_WAIT_CTX_get_all_fds() and passing in a pointer to an +ASYNC_WAIT_CTX in the ctx parameter will return the wait file descriptors +associated with that job in *fd. The number of file descriptors returned will +be stored in *numfds. It is the caller's responsibility to ensure that +sufficient memory has been allocated in *fd to receive all the file +descriptors. Calling ASYNC_WAIT_CTX_get_all_fds() with a NULL fd value will +return no file descriptors but will still populate *numfds. Therefore +application code is typically expected to call this function twice: once to get +the number of fds, and then again when sufficient memory has been allocated. If +only one asynchronous engine is being used then normally this call will only +ever return one fd. If multiple asynchronous engines are being used then more +could be returned.

    +

    The function ASYNC_WAIT_CTX_get_changed_fds() can be used to detect if any fds +have changed since the last call time ASYNC_start_job() returned ASYNC_PAUSE +(or since the ASYNC_WAIT_CTX was created if no ASYNC_PAUSE result has +been received). The numaddfds and numdelfds parameters will be populated +with the number of fds added or deleted respectively. *addfd and *delfd +will be populated with the list of added and deleted fds respectively. Similarly +to ASYNC_WAIT_CTX_get_all_fds() either of these can be NULL, but if they are not +NULL then the caller is responsible for ensuring sufficient memory is allocated.

    +

    Implementors of async aware code (e.g. engines) are encouraged to return a +stable fd for the lifetime of the ASYNC_WAIT_CTX in order to reduce the +"churn" of regularly changing fds - although no guarantees of this are provided +to applications.

    +

    Applications can wait for the file descriptor to be ready for "read" using a +system function call such as select or poll (being ready for "read" indicates +that the job should be resumed). If no file descriptor is made available then an +application will have to periodically "poll" the job by attempting to restart it +to see if it is ready to continue.

    +

    Async aware code (e.g. engines) can get the current ASYNC_WAIT_CTX from the +job via ASYNC_get_wait_ctx(3) and provide a file descriptor to use for +waiting on by calling ASYNC_WAIT_CTX_set_wait_fd(). Typically this would be done +by an engine immediately prior to calling ASYNC_pause_job() and not by end user +code. An existing association with a file descriptor can be obtained using +ASYNC_WAIT_CTX_get_fd() and cleared using ASYNC_WAIT_CTX_clear_fd(). Both of +these functions requires a key value which is unique to the async aware +code. This could be any unique value but a good candidate might be the +ENGINE * for the engine. The custom_data parameter can be any value, and +will be returned in a subsequent call to ASYNC_WAIT_CTX_get_fd(). The +ASYNC_WAIT_CTX_set_wait_fd() function also expects a pointer to a "cleanup" +routine. This can be NULL but if provided will automatically get called when +the ASYNC_WAIT_CTX is freed, and gives the engine the opportunity to close +the fd or any other resources. Note: The "cleanup" routine does not get called +if the fd is cleared directly via a call to ASYNC_WAIT_CTX_clear_fd().

    +

    An example of typical usage might be an async capable engine. User code would +initiate cryptographic operations. The engine would initiate those operations +asynchronously and then call ASYNC_WAIT_CTX_set_wait_fd() followed by +ASYNC_pause_job() to return control to the user code. The user code can then +perform other tasks or wait for the job to be ready by calling "select" or other +similar function on the wait file descriptor. The engine can signal to the user +code that the job should be resumed by making the wait file descriptor +"readable". Once resumed the engine should clear the wake signal on the wait +file descriptor.

    +

    As well as a file descriptor, user code may also be notified via a callback. The +callback and data pointers are stored within the ASYNC_WAIT_CTX along with an +additional status field that can be used for the notification of retries from an +engine. This additional method can be used when the user thinks that a file +descriptor is too costly in terms of CPU cycles or in some context where a file +descriptor is not appropriate.

    +

    ASYNC_WAIT_CTX_set_callback() sets the callback and the callback argument. The +callback will be called to notify user code when an engine completes a +cryptography operation. It is a requirement that the callback function is small +and non-blocking as it will be run in the context of a polling mechanism or an +interrupt.

    +

    ASYNC_WAIT_CTX_get_callback() returns the callback set in the ASYNC_WAIT_CTX +structure.

    +

    ASYNC_WAIT_CTX_set_status() allows an engine to set the current engine status. +The possible status values are the following:

    +
    +
    ASYNC_STATUS_UNSUPPORTED
    + +
    +

    The engine does not support the callback mechanism. This is the default value. +The engine must call ASYNC_WAIT_CTX_set_status() to set the status to some value +other than ASYNC_STATUS_UNSUPPORTED if it intends to enable the callback +mechanism.

    +
    +
    ASYNC_STATUS_ERR
    + +
    +

    The engine has a fatal problem with this request. The user code should clean up +this session.

    +
    +
    ASYNC_STATUS_OK
    + +
    +

    The request has been successfully submitted.

    +
    +
    ASYNC_STATUS_EAGAIN
    + +
    +

    The engine has some problem which will be recovered soon, such as a buffer is +full, so user code should resume the job.

    +
    +
    +

    ASYNC_WAIT_CTX_get_status() allows user code to obtain the current status value. +If the status is any value other than ASYNC_STATUS_OK then the user code +should not expect to receive a callback from the engine even if one has been +set.

    +

    An example of the usage of the callback method might be the following. User +code would initiate cryptographic operations, and the engine code would dispatch +this operation to hardware, and if the dispatch is successful, then the engine +code would call ASYNC_pause_job() to return control to the user code. After +that, user code can perform other tasks. When the hardware completes the +operation, normally it is detected by a polling function or an interrupt, as the +user code set a callback by calling ASYNC_WAIT_CTX_set_callback() previously, +then the registered callback will be called.

    +

    +

    +
    +

    RETURN VALUES

    +

    ASYNC_WAIT_CTX_new() returns a pointer to the newly allocated ASYNC_WAIT_CTX +or NULL on error.

    +

    ASYNC_WAIT_CTX_set_wait_fd, ASYNC_WAIT_CTX_get_fd, ASYNC_WAIT_CTX_get_all_fds, +ASYNC_WAIT_CTX_get_changed_fds, ASYNC_WAIT_CTX_clear_fd, +ASYNC_WAIT_CTX_set_callback, ASYNC_WAIT_CTX_get_callback and +ASYNC_WAIT_CTX_set_status all return 1 on success or 0 on error. +ASYNC_WAIT_CTX_get_status() returns the engine status.

    +

    +

    +
    +

    NOTES

    +

    On Windows platforms the openssl/async.h header is dependent on some +of the types customarily made available by including windows.h. The +application developer is likely to require control over when the latter +is included, commonly as one of the first included headers. Therefore +it is defined as an application developer's responsibility to include +windows.h prior to async.h.

    +

    +

    +
    +

    SEE ALSO

    +

    crypto(7), ASYNC_start_job(3)

    +

    +

    +
    +

    HISTORY

    +

    ASYNC_WAIT_CTX_new(), ASYNC_WAIT_CTX_free(), ASYNC_WAIT_CTX_set_wait_fd(), +ASYNC_WAIT_CTX_get_fd(), ASYNC_WAIT_CTX_get_all_fds(), +ASYNC_WAIT_CTX_get_changed_fds() and ASYNC_WAIT_CTX_clear_fd() +were added in OpenSSL 1.1.0.

    +

    ASYNC_WAIT_CTX_set_callback(), ASYNC_WAIT_CTX_get_callback(), +ASYNC_WAIT_CTX_set_status(), and ASYNC_WAIT_CTX_get_status() +were added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/ASYNC_start_job.html b/linux_amd64/ssl/share/doc/openssl/html/man3/ASYNC_start_job.html new file mode 100755 index 0000000..3928bdc --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/ASYNC_start_job.html @@ -0,0 +1,364 @@ + + + + +ASYNC_start_job + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    ASYNC_get_wait_ctx, +ASYNC_init_thread, ASYNC_cleanup_thread, ASYNC_start_job, ASYNC_pause_job, +ASYNC_get_current_job, ASYNC_block_pause, ASYNC_unblock_pause, ASYNC_is_capable +- asynchronous job management functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/async.h>
    +
    + int ASYNC_init_thread(size_t max_size, size_t init_size);
+ void ASYNC_cleanup_thread(void);
    +
    + int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *ctx, int *ret,
+                     int (*func)(void *), void *args, size_t size);
+ int ASYNC_pause_job(void);
    +
    + ASYNC_JOB *ASYNC_get_current_job(void);
+ ASYNC_WAIT_CTX *ASYNC_get_wait_ctx(ASYNC_JOB *job);
+ void ASYNC_block_pause(void);
+ void ASYNC_unblock_pause(void);
    +
    + int ASYNC_is_capable(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    OpenSSL implements asynchronous capabilities through an ASYNC_JOB. This +represents code that can be started and executes until some event occurs. At +that point the code can be paused and control returns to user code until some +subsequent event indicates that the job can be resumed.

    +

    The creation of an ASYNC_JOB is a relatively expensive operation. Therefore, +for efficiency reasons, jobs can be created up front and reused many times. They +are held in a pool until they are needed, at which point they are removed from +the pool, used, and then returned to the pool when the job completes. If the +user application is multi-threaded, then ASYNC_init_thread() may be called for +each thread that will initiate asynchronous jobs. Before +user code exits per-thread resources need to be cleaned up. This will normally +occur automatically (see OPENSSL_init_crypto(3)) but may be explicitly +initiated by using ASYNC_cleanup_thread(). No asynchronous jobs must be +outstanding for the thread when ASYNC_cleanup_thread() is called. Failing to +ensure this will result in memory leaks.

    +

    The max_size argument limits the number of ASYNC_JOBs that will be held in +the pool. If max_size is set to 0 then no upper limit is set. When an +ASYNC_JOB is needed but there are none available in the pool already then one +will be automatically created, as long as the total of ASYNC_JOBs managed by +the pool does not exceed max_size. When the pool is first initialised +init_size ASYNC_JOBs will be created immediately. If ASYNC_init_thread() +is not called before the pool is first used then it will be called automatically +with a max_size of 0 (no upper limit) and an init_size of 0 (no +ASYNC_JOBs created up front).

    +

    An asynchronous job is started by calling the ASYNC_start_job() function. +Initially *job should be NULL. ctx should point to an ASYNC_WAIT_CTX +object created through the ASYNC_WAIT_CTX_new(3) function. ret should +point to a location where the return value of the asynchronous function should +be stored on completion of the job. func represents the function that should +be started asynchronously. The data pointed to by args and of size size +will be copied and then passed as an argument to func when the job starts. +ASYNC_start_job will return one of the following values:

    +
    +
    ASYNC_ERR
    + +
    +

    An error occurred trying to start the job. Check the OpenSSL error queue (e.g. +see ERR_print_errors(3)) for more details.

    +
    +
    ASYNC_NO_JOBS
    + +
    +

    There are no jobs currently available in the pool. This call can be retried +again at a later time.

    +
    +
    ASYNC_PAUSE
    + +
    +

    The job was successfully started but was "paused" before it completed (see +ASYNC_pause_job() below). A handle to the job is placed in *job. Other work +can be performed (if desired) and the job restarted at a later time. To restart +a job call ASYNC_start_job() again passing the job handle in *job. The +func, args and size parameters will be ignored when restarting a job. +When restarting a job ASYNC_start_job() must be called from the same thread +that the job was originally started from.

    +
    +
    ASYNC_FINISH
    + +
    +

    The job completed. *job will be NULL and the return value from func will +be placed in *ret.

    +
    +
    +

    At any one time there can be a maximum of one job actively running per thread +(you can have many that are paused). ASYNC_get_current_job() can be used to get +a pointer to the currently executing ASYNC_JOB. If no job is currently +executing then this will return NULL.

    +

    If executing within the context of a job (i.e. having been called directly or +indirectly by the function "func" passed as an argument to ASYNC_start_job()) +then ASYNC_pause_job() will immediately return control to the calling +application with ASYNC_PAUSE returned from the ASYNC_start_job() call. A +subsequent call to ASYNC_start_job passing in the relevant ASYNC_JOB in the +*job parameter will resume execution from the ASYNC_pause_job() call. If +ASYNC_pause_job() is called whilst not within the context of a job then no +action is taken and ASYNC_pause_job() returns immediately.

    +

    ASYNC_get_wait_ctx() can be used to get a pointer to the ASYNC_WAIT_CTX +for the job. ASYNC_WAIT_CTXs contain two different ways to notify +applications that a job is ready to be resumed. One is a "wait" file +descriptor, and the other is a "callback" mechanism.

    +

    The "wait" file descriptor associated with ASYNC_WAIT_CTX is used for +applications to wait for the file descriptor to be ready for "read" using a +system function call such as select or poll (being ready for "read" indicates +that the job should be resumed). If no file descriptor is made available then +an application will have to periodically "poll" the job by attempting to restart +it to see if it is ready to continue.

    +

    ASYNC_WAIT_CTXs also have a "callback" mechanism to notify applications. The +callback is set by an application, and it will be automatically called when an +engine completes a cryptography operation, so that the application can resume +the paused work flow without polling. An engine could be written to look whether +the callback has been set. If it has then it would use the callback mechanism +in preference to the file descriptor notifications. If a callback is not set +then the engine may use file descriptor based notifications. Please note that +not all engines may support the callback mechanism, so the callback may not be +used even if it has been set. See ASYNC_WAIT_CTX_new() for more details.

    +

    The ASYNC_block_pause() function will prevent the currently active job from +pausing. The block will remain in place until a subsequent call to +ASYNC_unblock_pause(). These functions can be nested, e.g. if you call +ASYNC_block_pause() twice then you must call ASYNC_unblock_pause() twice in +order to re-enable pausing. If these functions are called while there is no +currently active job then they have no effect. This functionality can be useful +to avoid deadlock scenarios. For example during the execution of an ASYNC_JOB +an application acquires a lock. It then calls some cryptographic function which +invokes ASYNC_pause_job(). This returns control back to the code that created +the ASYNC_JOB. If that code then attempts to acquire the same lock before +resuming the original job then a deadlock can occur. By calling +ASYNC_block_pause() immediately after acquiring the lock and +ASYNC_unblock_pause() immediately before releasing it then this situation cannot +occur.

    +

    Some platforms cannot support async operations. The ASYNC_is_capable() function +can be used to detect whether the current platform is async capable or not.

    +

    +

    +
    +

    RETURN VALUES

    +

    ASYNC_init_thread returns 1 on success or 0 otherwise.

    +

    ASYNC_start_job returns one of ASYNC_ERR, ASYNC_NO_JOBS, ASYNC_PAUSE or +ASYNC_FINISH as described above.

    +

    ASYNC_pause_job returns 0 if an error occurred or 1 on success. If called when +not within the context of an ASYNC_JOB then this is counted as success so 1 +is returned.

    +

    ASYNC_get_current_job returns a pointer to the currently executing ASYNC_JOB +or NULL if not within the context of a job.

    +

    ASYNC_get_wait_ctx() returns a pointer to the ASYNC_WAIT_CTX for the job.

    +

    ASYNC_is_capable() returns 1 if the current platform is async capable or 0 +otherwise.

    +

    +

    +
    +

    NOTES

    +

    On Windows platforms the openssl/async.h header is dependent on some +of the types customarily made available by including windows.h. The +application developer is likely to require control over when the latter +is included, commonly as one of the first included headers. Therefore +it is defined as an application developer's responsibility to include +windows.h prior to async.h.

    +

    +

    +
    +

    EXAMPLES

    +

    The following example demonstrates how to use most of the core async APIs:

    +
    + #ifdef _WIN32
+ # include <windows.h>
+ #endif
+ #include <stdio.h>
+ #include <unistd.h>
+ #include <openssl/async.h>
+ #include <openssl/crypto.h>
    +
    + int unique = 0;
    +
    + void cleanup(ASYNC_WAIT_CTX *ctx, const void *key, OSSL_ASYNC_FD r, void *vw)
+ {
+     OSSL_ASYNC_FD *w = (OSSL_ASYNC_FD *)vw;
    +
    +     close(r);
+     close(*w);
+     OPENSSL_free(w);
+ }
    +
    + int jobfunc(void *arg)
+ {
+     ASYNC_JOB *currjob;
+     unsigned char *msg;
+     int pipefds[2] = {0, 0};
+     OSSL_ASYNC_FD *wptr;
+     char buf = 'X';
    +
    +     currjob = ASYNC_get_current_job();
+     if (currjob != NULL) {
+         printf("Executing within a job\n");
+     } else {
+         printf("Not executing within a job - should not happen\n");
+         return 0;
+     }
    +
    +     msg = (unsigned char *)arg;
+     printf("Passed in message is: %s\n", msg);
    +
    +     if (pipe(pipefds) != 0) {
+         printf("Failed to create pipe\n");
+         return 0;
+     }
+     wptr = OPENSSL_malloc(sizeof(OSSL_ASYNC_FD));
+     if (wptr == NULL) {
+         printf("Failed to malloc\n");
+         return 0;
+     }
+     *wptr = pipefds[1];
+     ASYNC_WAIT_CTX_set_wait_fd(ASYNC_get_wait_ctx(currjob), &unique,
+                                pipefds[0], wptr, cleanup);
    +
    +     /*
+      * Normally some external event would cause this to happen at some
+      * later point - but we do it here for demo purposes, i.e.
+      * immediately signalling that the job is ready to be woken up after
+      * we return to main via ASYNC_pause_job().
+      */
+     write(pipefds[1], &buf, 1);
    +
    +     /* Return control back to main */
+     ASYNC_pause_job();
    +
    +     /* Clear the wake signal */
+     read(pipefds[0], &buf, 1);
    +
    +     printf ("Resumed the job after a pause\n");
    +
    +     return 1;
+ }
    +
    + int main(void)
+ {
+     ASYNC_JOB *job = NULL;
+     ASYNC_WAIT_CTX *ctx = NULL;
+     int ret;
+     OSSL_ASYNC_FD waitfd;
+     fd_set waitfdset;
+     size_t numfds;
+     unsigned char msg[13] = "Hello world!";
    +
    +     printf("Starting...\n");
    +
    +     ctx = ASYNC_WAIT_CTX_new();
+     if (ctx == NULL) {
+         printf("Failed to create ASYNC_WAIT_CTX\n");
+         abort();
+     }
    +
    +     for (;;) {
+         switch (ASYNC_start_job(&job, ctx, &ret, jobfunc, msg, sizeof(msg))) {
+         case ASYNC_ERR:
+         case ASYNC_NO_JOBS:
+             printf("An error occurred\n");
+             goto end;
+         case ASYNC_PAUSE:
+             printf("Job was paused\n");
+             break;
+         case ASYNC_FINISH:
+             printf("Job finished with return value %d\n", ret);
+             goto end;
+         }
    +
    +         /* Wait for the job to be woken */
+         printf("Waiting for the job to be woken up\n");
    +
    +         if (!ASYNC_WAIT_CTX_get_all_fds(ctx, NULL, &numfds)
+                 || numfds > 1) {
+             printf("Unexpected number of fds\n");
+             abort();
+         }
+         ASYNC_WAIT_CTX_get_all_fds(ctx, &waitfd, &numfds);
+         FD_ZERO(&waitfdset);
+         FD_SET(waitfd, &waitfdset);
+         select(waitfd + 1, &waitfdset, NULL, NULL, NULL);
+     }
    +
    + end:
+     ASYNC_WAIT_CTX_free(ctx);
+     printf("Finishing\n");
    +
    +     return 0;
+ }
    +

    The expected output from executing the above example program is:

    +
    + Starting...
+ Executing within a job
+ Passed in message is: Hello world!
+ Job was paused
+ Waiting for the job to be woken up
+ Resumed the job after a pause
+ Job finished with return value 1
+ Finishing
    +

    +

    +
    +

    SEE ALSO

    +

    crypto(7), ERR_print_errors(3)

    +

    +

    +
    +

    HISTORY

    +

    ASYNC_init_thread, ASYNC_cleanup_thread, +ASYNC_start_job, ASYNC_pause_job, ASYNC_get_current_job, ASYNC_get_wait_ctx(), +ASYNC_block_pause(), ASYNC_unblock_pause() and ASYNC_is_capable() were first +added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/BF_encrypt.html b/linux_amd64/ssl/share/doc/openssl/html/man3/BF_encrypt.html new file mode 100755 index 0000000..8eea641 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/BF_encrypt.html @@ -0,0 +1,161 @@ + + + + +BF_encrypt + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BF_set_key, BF_encrypt, BF_decrypt, BF_ecb_encrypt, BF_cbc_encrypt, +BF_cfb64_encrypt, BF_ofb64_encrypt, BF_options - Blowfish encryption

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/blowfish.h>
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + void BF_set_key(BF_KEY *key, int len, const unsigned char *data);
    +
    + void BF_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                     BF_KEY *key, int enc);
+ void BF_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                     long length, BF_KEY *schedule,
+                     unsigned char *ivec, int enc);
+ void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                       long length, BF_KEY *schedule,
+                       unsigned char *ivec, int *num, int enc);
+ void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                       long length, BF_KEY *schedule,
+                       unsigned char *ivec, int *num);
+ const char *BF_options(void);
    +
    + void BF_encrypt(BF_LONG *data, const BF_KEY *key);
+ void BF_decrypt(BF_LONG *data, const BF_KEY *key);
    +

    +

    +
    +

    DESCRIPTION

    +

    All of the functions described on this page are deprecated. Applications should +instead use EVP_EncryptInit_ex(3), EVP_EncryptUpdate(3) and +EVP_EncryptFinal_ex(3) or the equivalently named decrypt functions.

    +

    This library implements the Blowfish cipher, which was invented and described +by Counterpane (see http://www.counterpane.com/blowfish.html ).

    +

    Blowfish is a block cipher that operates on 64 bit (8 byte) blocks of data. +It uses a variable size key, but typically, 128 bit (16 byte) keys are +considered good for strong encryption. Blowfish can be used in the same +modes as DES (see des_modes(7)). Blowfish is currently one +of the faster block ciphers. It is quite a bit faster than DES, and much +faster than IDEA or RC2.

    +

    Blowfish consists of a key setup phase and the actual encryption or decryption +phase.

    +

    BF_set_key() sets up the BF_KEY key using the len bytes long key +at data.

    +

    BF_ecb_encrypt() is the basic Blowfish encryption and decryption function. +It encrypts or decrypts the first 64 bits of in using the key key, +putting the result in out. enc decides if encryption (BF_ENCRYPT) +or decryption (BF_DECRYPT) shall be performed. The vector pointed at by +in and out must be 64 bits in length, no less. If they are larger, +everything after the first 64 bits is ignored.

    +

    The mode functions BF_cbc_encrypt(), BF_cfb64_encrypt() and BF_ofb64_encrypt() +all operate on variable length data. They all take an initialization vector +ivec which needs to be passed along into the next call of the same function +for the same message. ivec may be initialized with anything, but the +recipient needs to know what it was initialized with, or it won't be able +to decrypt. Some programs and protocols simplify this, like SSH, where +ivec is simply initialized to zero. +BF_cbc_encrypt() operates on data that is a multiple of 8 bytes long, while +BF_cfb64_encrypt() and BF_ofb64_encrypt() are used to encrypt an variable +number of bytes (the amount does not have to be an exact multiple of 8). The +purpose of the latter two is to simulate stream ciphers, and therefore, they +need the parameter num, which is a pointer to an integer where the current +offset in ivec is stored between calls. This integer must be initialized +to zero when ivec is initialized.

    +

    BF_cbc_encrypt() is the Cipher Block Chaining function for Blowfish. It +encrypts or decrypts the 64 bits chunks of in using the key schedule, +putting the result in out. enc decides if encryption (BF_ENCRYPT) or +decryption (BF_DECRYPT) shall be performed. ivec must point at an 8 byte +long initialization vector.

    +

    BF_cfb64_encrypt() is the CFB mode for Blowfish with 64 bit feedback. +It encrypts or decrypts the bytes in in using the key schedule, +putting the result in out. enc decides if encryption (BF_ENCRYPT) +or decryption (BF_DECRYPT) shall be performed. ivec must point at an +8 byte long initialization vector. num must point at an integer which must +be initially zero.

    +

    BF_ofb64_encrypt() is the OFB mode for Blowfish with 64 bit feedback. +It uses the same parameters as BF_cfb64_encrypt(), which must be initialized +the same way.

    +

    BF_encrypt() and BF_decrypt() are the lowest level functions for Blowfish +encryption. They encrypt/decrypt the first 64 bits of the vector pointed by +data, using the key key. These functions should not be used unless you +implement 'modes' of Blowfish. The alternative is to use BF_ecb_encrypt(). +If you still want to use these functions, you should be aware that they take +each 32-bit chunk in host-byte order, which is little-endian on little-endian +platforms and big-endian on big-endian ones.

    +

    +

    +
    +

    RETURN VALUES

    +

    None of the functions presented here return any value.

    +

    +

    +
    +

    NOTE

    +

    Applications should use the higher level functions +EVP_EncryptInit(3) etc. instead of calling these +functions directly.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_EncryptInit(3), +des_modes(7)

    +

    +

    +
    +

    HISTORY

    +

    All of these functions were deprecated in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_ADDR.html b/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_ADDR.html new file mode 100755 index 0000000..d6bd1df --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_ADDR.html @@ -0,0 +1,153 @@ + + + + +BIO_ADDR + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BIO_ADDR, BIO_ADDR_new, BIO_ADDR_clear, BIO_ADDR_free, BIO_ADDR_rawmake, +BIO_ADDR_family, BIO_ADDR_rawaddress, BIO_ADDR_rawport, +BIO_ADDR_hostname_string, BIO_ADDR_service_string, +BIO_ADDR_path_string - BIO_ADDR routines

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <sys/types.h>
+ #include <openssl/bio.h>
    +
    + typedef union bio_addr_st BIO_ADDR;
    +
    + BIO_ADDR *BIO_ADDR_new(void);
+ void BIO_ADDR_free(BIO_ADDR *);
+ void BIO_ADDR_clear(BIO_ADDR *ap);
+ int BIO_ADDR_rawmake(BIO_ADDR *ap, int family,
+                      const void *where, size_t wherelen, unsigned short port);
+ int BIO_ADDR_family(const BIO_ADDR *ap);
+ int BIO_ADDR_rawaddress(const BIO_ADDR *ap, void *p, size_t *l);
+ unsigned short BIO_ADDR_rawport(const BIO_ADDR *ap);
+ char *BIO_ADDR_hostname_string(const BIO_ADDR *ap, int numeric);
+ char *BIO_ADDR_service_string(const BIO_ADDR *ap, int numeric);
+ char *BIO_ADDR_path_string(const BIO_ADDR *ap);
    +

    +

    +
    +

    DESCRIPTION

    +

    The BIO_ADDR type is a wrapper around all types of socket +addresses that OpenSSL deals with, currently transparently +supporting AF_INET, AF_INET6 and AF_UNIX according to what's +available on the platform at hand.

    +

    BIO_ADDR_new() creates a new unfilled BIO_ADDR, to be used +with routines that will fill it with information, such as +BIO_accept_ex().

    +

    BIO_ADDR_free() frees a BIO_ADDR created with BIO_ADDR_new().

    +

    BIO_ADDR_clear() clears any data held within the provided BIO_ADDR and sets +it back to an uninitialised state.

    +

    BIO_ADDR_rawmake() takes a protocol family, an byte array of +size wherelen with an address in network byte order pointed at +by where and a port number in network byte order in port (except +for the AF_UNIX protocol family, where port is meaningless and +therefore ignored) and populates the given BIO_ADDR with them. +In case this creates a AF_UNIX BIO_ADDR, wherelen is expected +to be the length of the path string (not including the terminating +NUL, such as the result of a call to strlen()). +Read on about the addresses in RAW ADDRESSES below.

    +

    BIO_ADDR_family() returns the protocol family of the given +BIO_ADDR. The possible non-error results are one of the +constants AF_INET, AF_INET6 and AF_UNIX. It will also return AF_UNSPEC if the +BIO_ADDR has not been initialised.

    +

    BIO_ADDR_rawaddress() will write the raw address of the given +BIO_ADDR in the area pointed at by p if p is non-NULL, +and will set *l to be the amount of bytes the raw address +takes up if l is non-NULL. +A technique to only find out the size of the address is a call +with p set to NULL. The raw address will be in network byte +order, most significant byte first. +In case this is a AF_UNIX BIO_ADDR, l gets the length of the +path string (not including the terminating NUL, such as the result of +a call to strlen()). +Read on about the addresses in RAW ADDRESSES below.

    +

    BIO_ADDR_rawport() returns the raw port of the given BIO_ADDR. +The raw port will be in network byte order.

    +

    BIO_ADDR_hostname_string() returns a character string with the +hostname of the given BIO_ADDR. If numeric is 1, the string +will contain the numerical form of the address. This only works for +BIO_ADDR of the protocol families AF_INET and AF_INET6. The +returned string has been allocated on the heap and must be freed +with OPENSSL_free().

    +

    BIO_ADDR_service_string() returns a character string with the +service name of the port of the given BIO_ADDR. If numeric +is 1, the string will contain the port number. This only works +for BIO_ADDR of the protocol families AF_INET and AF_INET6. The +returned string has been allocated on the heap and must be freed +with OPENSSL_free().

    +

    BIO_ADDR_path_string() returns a character string with the path +of the given BIO_ADDR. This only works for BIO_ADDR of the +protocol family AF_UNIX. The returned string has been allocated +on the heap and must be freed with OPENSSL_free().

    +

    +

    +
    +

    RAW ADDRESSES

    +

    Both BIO_ADDR_rawmake() and BIO_ADDR_rawaddress() take a pointer to a +network byte order address of a specific site. Internally, those are +treated as a pointer to struct in_addr (for AF_INET), struct +in6_addr (for AF_INET6) or char * (for AF_UNIX), all +depending on the protocol family the address is for.

    +

    +

    +
    +

    RETURN VALUES

    +

    The string producing functions BIO_ADDR_hostname_string(), +BIO_ADDR_service_string() and BIO_ADDR_path_string() will +return NULL on error and leave an error indication on the +OpenSSL error stack.

    +

    All other functions described here return 0 or NULL when the +information they should return isn't available.

    +

    +

    +
    +

    SEE ALSO

    +

    BIO_connect(3), BIO_s_connect(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_ADDRINFO.html b/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_ADDRINFO.html new file mode 100755 index 0000000..76da541 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_ADDRINFO.html @@ -0,0 +1,142 @@ + + + + +BIO_ADDRINFO + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BIO_lookup_type, +BIO_ADDRINFO, BIO_ADDRINFO_next, BIO_ADDRINFO_free, +BIO_ADDRINFO_family, BIO_ADDRINFO_socktype, BIO_ADDRINFO_protocol, +BIO_ADDRINFO_address, +BIO_lookup_ex, +BIO_lookup +- BIO_ADDRINFO type and routines

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <sys/types.h>
+ #include <openssl/bio.h>
    +
    + typedef union bio_addrinfo_st BIO_ADDRINFO;
    +
    + enum BIO_lookup_type {
+     BIO_LOOKUP_CLIENT, BIO_LOOKUP_SERVER
+ };
    +
    + int BIO_lookup_ex(const char *host, const char *service, int lookup_type,
+                   int family, int socktype, int protocol, BIO_ADDRINFO **res);
+ int BIO_lookup(const char *node, const char *service,
+                enum BIO_lookup_type lookup_type,
+                int family, int socktype, BIO_ADDRINFO **res);
    +
    + const BIO_ADDRINFO *BIO_ADDRINFO_next(const BIO_ADDRINFO *bai);
+ int BIO_ADDRINFO_family(const BIO_ADDRINFO *bai);
+ int BIO_ADDRINFO_socktype(const BIO_ADDRINFO *bai);
+ int BIO_ADDRINFO_protocol(const BIO_ADDRINFO *bai);
+ const BIO_ADDR *BIO_ADDRINFO_address(const BIO_ADDRINFO *bai);
+ void BIO_ADDRINFO_free(BIO_ADDRINFO *bai);
    +

    +

    +
    +

    DESCRIPTION

    +

    The BIO_ADDRINFO type is a wrapper for address information +types provided on your platform.

    +

    BIO_ADDRINFO normally forms a chain of several that can be +picked at one by one.

    +

    BIO_lookup_ex() looks up a specified host and service, and +uses lookup_type to determine what the default address should +be if host is NULL. family, socktype and protocol are used to +determine what protocol family, socket type and protocol should be used for +the lookup. family can be any of AF_INET, AF_INET6, AF_UNIX and +AF_UNSPEC. socktype can be SOCK_STREAM, SOCK_DGRAM or 0. Specifying 0 +indicates that any type can be used. protocol specifies a protocol such as +IPPROTO_TCP, IPPROTO_UDP or IPPORTO_SCTP. If set to 0 than any protocol can be +used. res points at a pointer to hold the start of a BIO_ADDRINFO +chain.

    +

    For the family AF_UNIX, BIO_lookup_ex() will ignore the service +parameter and expects the node parameter to hold the path to the +socket file.

    +

    BIO_lookup() does the same as BIO_lookup_ex() but does not provide the ability +to select based on the protocol (any protocol may be returned).

    +

    BIO_ADDRINFO_family() returns the family of the given +BIO_ADDRINFO. The result will be one of the constants +AF_INET, AF_INET6 and AF_UNIX.

    +

    BIO_ADDRINFO_socktype() returns the socket type of the given +BIO_ADDRINFO. The result will be one of the constants +SOCK_STREAM and SOCK_DGRAM.

    +

    BIO_ADDRINFO_protocol() returns the protocol id of the given +BIO_ADDRINFO. The result will be one of the constants +IPPROTO_TCP and IPPROTO_UDP.

    +

    BIO_ADDRINFO_address() returns the underlying BIO_ADDR +of the given BIO_ADDRINFO.

    +

    BIO_ADDRINFO_next() returns the next BIO_ADDRINFO in the chain +from the given one.

    +

    BIO_ADDRINFO_free() frees the chain of BIO_ADDRINFO starting +with the given one.

    +

    +

    +
    +

    RETURN VALUES

    +

    BIO_lookup_ex() and BIO_lookup() return 1 on success and 0 when an error +occurred, and will leave an error indication on the OpenSSL error stack in that +case.

    +

    All other functions described here return 0 or NULL when the +information they should return isn't available.

    +

    +

    +
    +

    NOTES

    +

    The BIO_lookup_ex() implementation uses the platform provided getaddrinfo() +function. On Linux it is known that specifying 0 for the protocol will not +return any SCTP based addresses when calling getaddrinfo(). Therefore if an SCTP +address is required then the protocol parameter to BIO_lookup_ex() should be +explicitly set to IPPROTO_SCTP. The same may be true on other platforms.

    +

    +

    +
    +

    HISTORY

    +

    The BIO_lookup_ex() function was added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_connect.html b/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_connect.html new file mode 100755 index 0000000..b6626b0 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_connect.html @@ -0,0 +1,154 @@ + + + + +BIO_connect + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BIO_socket, BIO_bind, BIO_connect, BIO_listen, BIO_accept_ex, BIO_closesocket - BIO +socket communication setup routines

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bio.h>
    +
    + int BIO_socket(int domain, int socktype, int protocol, int options);
+ int BIO_bind(int sock, const BIO_ADDR *addr, int options);
+ int BIO_connect(int sock, const BIO_ADDR *addr, int options);
+ int BIO_listen(int sock, const BIO_ADDR *addr, int options);
+ int BIO_accept_ex(int accept_sock, BIO_ADDR *peer, int options);
+ int BIO_closesocket(int sock);
    +

    +

    +
    +

    DESCRIPTION

    +

    BIO_socket() creates a socket in the domain domain, of type +socktype and protocol. Socket options are currently unused, +but is present for future use.

    +

    BIO_bind() binds the source address and service to a socket and +may be useful before calling BIO_connect(). The options may include +BIO_SOCK_REUSEADDR, which is described in FLAGS below.

    +

    BIO_connect() connects sock to the address and service given by +addr. Connection options may be zero or any combination of +BIO_SOCK_KEEPALIVE, BIO_SOCK_NONBLOCK and BIO_SOCK_NODELAY. +The flags are described in FLAGS below.

    +

    BIO_listen() has sock start listening on the address and service +given by addr. Connection options may be zero or any +combination of BIO_SOCK_KEEPALIVE, BIO_SOCK_NONBLOCK, +BIO_SOCK_NODELAY, BIO_SOCK_REUSEADDR and BIO_SOCK_V6_ONLY. +The flags are described in FLAGS below.

    +

    BIO_accept_ex() waits for an incoming connections on the given +socket accept_sock. When it gets a connection, the address and +port of the peer gets stored in peer if that one is non-NULL. +Accept options may be zero or BIO_SOCK_NONBLOCK, and is applied +on the accepted socket. The flags are described in FLAGS below.

    +

    BIO_closesocket() closes sock.

    +

    +

    +
    +

    FLAGS

    +
    +
    BIO_SOCK_KEEPALIVE
    + +
    +

    Enables regular sending of keep-alive messages.

    +
    +
    BIO_SOCK_NONBLOCK
    + +
    +

    Sets the socket to non-blocking mode.

    +
    +
    BIO_SOCK_NODELAY
    + +
    +

    Corresponds to TCP_NODELAY, and disables the Nagle algorithm. With +this set, any data will be sent as soon as possible instead of being +buffered until there's enough for the socket to send out in one go.

    +
    +
    BIO_SOCK_REUSEADDR
    + +
    +

    Try to reuse the address and port combination for a recently closed +port.

    +
    +
    BIO_SOCK_V6_ONLY
    + +
    +

    When creating an IPv6 socket, make it only listen for IPv6 addresses +and not IPv4 addresses mapped to IPv6.

    +
    +
    +

    These flags are bit flags, so they are to be combined with the +| operator, for example:

    +
    + BIO_connect(sock, addr, BIO_SOCK_KEEPALIVE | BIO_SOCK_NONBLOCK);
    +

    +

    +
    +

    RETURN VALUES

    +

    BIO_socket() returns the socket number on success or INVALID_SOCKET +(-1) on error. When an error has occurred, the OpenSSL error stack +will hold the error data and errno has the system error.

    +

    BIO_bind(), BIO_connect() and BIO_listen() return 1 on success or 0 on error. +When an error has occurred, the OpenSSL error stack will hold the error +data and errno has the system error.

    +

    BIO_accept_ex() returns the accepted socket on success or +INVALID_SOCKET (-1) on error. When an error has occurred, the +OpenSSL error stack will hold the error data and errno has the system +error.

    +

    +

    +
    +

    SEE ALSO

    +

    BIO_ADDR(3)

    +

    +

    +
    +

    HISTORY

    +

    BIO_gethostname(), BIO_get_port(), BIO_get_host_ip(), +BIO_get_accept_socket() and BIO_accept() were deprecated in OpenSSL 1.1.0. +Use the functions described above instead.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_ctrl.html b/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_ctrl.html new file mode 100755 index 0000000..1966fb5 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_ctrl.html @@ -0,0 +1,177 @@ + + + + +BIO_ctrl + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BIO_ctrl, BIO_callback_ctrl, BIO_ptr_ctrl, BIO_int_ctrl, BIO_reset, +BIO_seek, BIO_tell, BIO_flush, BIO_eof, BIO_set_close, BIO_get_close, +BIO_pending, BIO_wpending, BIO_ctrl_pending, BIO_ctrl_wpending, +BIO_get_info_callback, BIO_set_info_callback, BIO_info_cb, BIO_get_ktls_send, +BIO_get_ktls_recv +- BIO control operations

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bio.h>
    +
    + typedef int BIO_info_cb(BIO *b, int state, int res);
    +
    + long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg);
+ long BIO_callback_ctrl(BIO *b, int cmd, BIO_info_cb *cb);
+ char *BIO_ptr_ctrl(BIO *bp, int cmd, long larg);
+ long BIO_int_ctrl(BIO *bp, int cmd, long larg, int iarg);
    +
    + int BIO_reset(BIO *b);
+ int BIO_seek(BIO *b, int ofs);
+ int BIO_tell(BIO *b);
+ int BIO_flush(BIO *b);
+ int BIO_eof(BIO *b);
+ int BIO_set_close(BIO *b, long flag);
+ int BIO_get_close(BIO *b);
+ int BIO_pending(BIO *b);
+ int BIO_wpending(BIO *b);
+ size_t BIO_ctrl_pending(BIO *b);
+ size_t BIO_ctrl_wpending(BIO *b);
    +
    + int BIO_get_info_callback(BIO *b, BIO_info_cb **cbp);
+ int BIO_set_info_callback(BIO *b, BIO_info_cb *cb);
    +
    + int BIO_get_ktls_send(BIO *b);
+ int BIO_get_ktls_recv(BIO *b);
    +

    +

    +
    +

    DESCRIPTION

    +

    BIO_ctrl(), BIO_callback_ctrl(), BIO_ptr_ctrl() and BIO_int_ctrl() +are BIO "control" operations taking arguments of various types. +These functions are not normally called directly, various macros +are used instead. The standard macros are described below, macros +specific to a particular type of BIO are described in the specific +BIOs manual page as well as any special features of the standard +calls.

    +

    BIO_reset() typically resets a BIO to some initial state, in the case +of file related BIOs for example it rewinds the file pointer to the +start of the file.

    +

    BIO_seek() resets a file related BIO's (that is file descriptor and +FILE BIOs) file position pointer to ofs bytes from start of file.

    +

    BIO_tell() returns the current file position of a file related BIO.

    +

    BIO_flush() normally writes out any internally buffered data, in some +cases it is used to signal EOF and that no more data will be written.

    +

    BIO_eof() returns 1 if the BIO has read EOF, the precise meaning of +"EOF" varies according to the BIO type.

    +

    BIO_set_close() sets the BIO b close flag to flag. flag can +take the value BIO_CLOSE or BIO_NOCLOSE. Typically BIO_CLOSE is used +in a source/sink BIO to indicate that the underlying I/O stream should +be closed when the BIO is freed.

    +

    BIO_get_close() returns the BIOs close flag.

    +

    BIO_pending(), BIO_ctrl_pending(), BIO_wpending() and BIO_ctrl_wpending() +return the number of pending characters in the BIOs read and write buffers. +Not all BIOs support these calls. BIO_ctrl_pending() and BIO_ctrl_wpending() +return a size_t type and are functions, BIO_pending() and BIO_wpending() are +macros which call BIO_ctrl().

    +

    BIO_get_ktls_send() returns 1 if the BIO is using the Kernel TLS data-path for +sending. Otherwise, it returns zero. +BIO_get_ktls_recv() returns 1 if the BIO is using the Kernel TLS data-path for +receiving. Otherwise, it returns zero.

    +

    +

    +
    +

    RETURN VALUES

    +

    BIO_reset() normally returns 1 for success and 0 or -1 for failure. File +BIOs are an exception, they return 0 for success and -1 for failure.

    +

    BIO_seek() and BIO_tell() both return the current file position on success +and -1 for failure, except file BIOs which for BIO_seek() always return 0 +for success and -1 for failure.

    +

    BIO_flush() returns 1 for success and 0 or -1 for failure.

    +

    BIO_eof() returns 1 if EOF has been reached 0 otherwise.

    +

    BIO_set_close() always returns 1.

    +

    BIO_get_close() returns the close flag value: BIO_CLOSE or BIO_NOCLOSE.

    +

    BIO_pending(), BIO_ctrl_pending(), BIO_wpending() and BIO_ctrl_wpending() +return the amount of pending data.

    +

    BIO_get_ktls_send() returns 1 if the BIO is using the Kernel TLS data-path for +sending. Otherwise, it returns zero. +BIO_get_ktls_recv() returns 1 if the BIO is using the Kernel TLS data-path for +receiving. Otherwise, it returns zero.

    +

    +

    +
    +

    NOTES

    +

    BIO_flush(), because it can write data may return 0 or -1 indicating +that the call should be retried later in a similar manner to BIO_write_ex(). +The BIO_should_retry() call should be used and appropriate action taken +is the call fails.

    +

    The return values of BIO_pending() and BIO_wpending() may not reliably +determine the amount of pending data in all cases. For example in the +case of a file BIO some data may be available in the FILE structures +internal buffers but it is not possible to determine this in a +portably way. For other types of BIO they may not be supported.

    +

    Filter BIOs if they do not internally handle a particular BIO_ctrl() +operation usually pass the operation to the next BIO in the chain. +This often means there is no need to locate the required BIO for +a particular operation, it can be called on a chain and it will +be automatically passed to the relevant BIO. However this can cause +unexpected results: for example no current filter BIOs implement +BIO_seek(), but this may still succeed if the chain ends in a FILE +or file descriptor BIO.

    +

    Source/sink BIOs return an 0 if they do not recognize the BIO_ctrl() +operation.

    +

    +

    +
    +

    BUGS

    +

    Some of the return values are ambiguous and care should be taken. In +particular a return value of 0 can be returned if an operation is not +supported, if an error occurred, if EOF has not been reached and in +the case of BIO_seek() on a file BIO for a successful operation.

    +

    +

    +
    +

    HISTORY

    +

    The BIO_get_ktls_send() and BIO_get_ktls_recv() functions were added in +OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_f_base64.html b/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_f_base64.html new file mode 100755 index 0000000..3529fe8 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_f_base64.html @@ -0,0 +1,125 @@ + + + + +BIO_f_base64 + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BIO_f_base64 - base64 BIO filter

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bio.h>
+ #include <openssl/evp.h>
    +
    + const BIO_METHOD *BIO_f_base64(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    BIO_f_base64() returns the base64 BIO method. This is a filter +BIO that base64 encodes any data written through it and decodes +any data read through it.

    +

    Base64 BIOs do not support BIO_gets() or BIO_puts().

    +

    BIO_flush() on a base64 BIO that is being written through is +used to signal that no more data is to be encoded: this is used +to flush the final block through the BIO.

    +

    The flag BIO_FLAGS_BASE64_NO_NL can be set with BIO_set_flags() +to encode the data all on one line or expect the data to be all +on one line.

    +

    +

    +
    +

    NOTES

    +

    Because of the format of base64 encoding the end of the encoded +block cannot always be reliably determined.

    +

    +

    +
    +

    RETURN VALUES

    +

    BIO_f_base64() returns the base64 BIO method.

    +

    +

    +
    +

    EXAMPLES

    +

    Base64 encode the string "Hello World\n" and write the result +to standard output:

    +
    + BIO *bio, *b64;
+ char message[] = "Hello World \n";
    +
    + b64 = BIO_new(BIO_f_base64());
+ bio = BIO_new_fp(stdout, BIO_NOCLOSE);
+ BIO_push(b64, bio);
+ BIO_write(b64, message, strlen(message));
+ BIO_flush(b64);
    +
    + BIO_free_all(b64);
    +

    Read Base64 encoded data from standard input and write the decoded +data to standard output:

    +
    + BIO *bio, *b64, *bio_out;
+ char inbuf[512];
+ int inlen;
    +
    + b64 = BIO_new(BIO_f_base64());
+ bio = BIO_new_fp(stdin, BIO_NOCLOSE);
+ bio_out = BIO_new_fp(stdout, BIO_NOCLOSE);
+ BIO_push(b64, bio);
+ while ((inlen = BIO_read(b64, inbuf, 512)) > 0)
+     BIO_write(bio_out, inbuf, inlen);
    +
    + BIO_flush(bio_out);
+ BIO_free_all(b64);
    +

    +

    +
    +

    BUGS

    +

    The ambiguity of EOF in base64 encoded data can cause additional +data following the base64 encoded block to be misinterpreted.

    +

    There should be some way of specifying a test that the BIO can perform +to reliably determine EOF (for example a MIME boundary).

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_f_buffer.html b/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_f_buffer.html new file mode 100755 index 0000000..ce2c0d5 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_f_buffer.html @@ -0,0 +1,130 @@ + + + + +BIO_f_buffer + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BIO_get_buffer_num_lines, +BIO_set_read_buffer_size, +BIO_set_write_buffer_size, +BIO_set_buffer_size, +BIO_set_buffer_read_data, +BIO_f_buffer +- buffering BIO

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bio.h>
    +
    + const BIO_METHOD *BIO_f_buffer(void);
    +
    + long BIO_get_buffer_num_lines(BIO *b);
+ long BIO_set_read_buffer_size(BIO *b, long size);
+ long BIO_set_write_buffer_size(BIO *b, long size);
+ long BIO_set_buffer_size(BIO *b, long size);
+ long BIO_set_buffer_read_data(BIO *b, void *buf, long num);
    +

    +

    +
    +

    DESCRIPTION

    +

    BIO_f_buffer() returns the buffering BIO method.

    +

    Data written to a buffering BIO is buffered and periodically written +to the next BIO in the chain. Data read from a buffering BIO comes from +an internal buffer which is filled from the next BIO in the chain. +Both BIO_gets() and BIO_puts() are supported.

    +

    Calling BIO_reset() on a buffering BIO clears any buffered data.

    +

    BIO_get_buffer_num_lines() returns the number of lines currently buffered.

    +

    BIO_set_read_buffer_size(), BIO_set_write_buffer_size() and BIO_set_buffer_size() +set the read, write or both read and write buffer sizes to size. The initial +buffer size is DEFAULT_BUFFER_SIZE, currently 4096. Any attempt to reduce the +buffer size below DEFAULT_BUFFER_SIZE is ignored. Any buffered data is cleared +when the buffer is resized.

    +

    BIO_set_buffer_read_data() clears the read buffer and fills it with num +bytes of buf. If num is larger than the current buffer size the buffer +is expanded.

    +

    +

    +
    +

    NOTES

    +

    These functions, other than BIO_f_buffer(), are implemented as macros.

    +

    Buffering BIOs implement BIO_read_ex() and BIO_gets() by using +BIO_read_ex() operations on the next BIO in the chain and storing the +result in an internal buffer, from which bytes are given back to the +caller as appropriate for the call; a BIO_gets() is guaranteed to give +the caller a whole line, and BIO_read_ex() is guaranteed to give the +caller the number of bytes it asks for, unless there's an error or end +of communication is reached in the next BIO. By prepending a +buffering BIO to a chain it is therefore possible to provide +BIO_gets() or exact size BIO_read_ex() functionality if the following +BIOs do not support it.

    +

    Do not add more than one BIO_f_buffer() to a BIO chain. The result of +doing so will force a full read of the size of the internal buffer of +the top BIO_f_buffer(), which is 4 KiB at a minimum.

    +

    Data is only written to the next BIO in the chain when the write buffer fills +or when BIO_flush() is called. It is therefore important to call BIO_flush() +whenever any pending data should be written such as when removing a buffering +BIO using BIO_pop(). BIO_flush() may need to be retried if the ultimate +source/sink BIO is non blocking.

    +

    +

    +
    +

    RETURN VALUES

    +

    BIO_f_buffer() returns the buffering BIO method.

    +

    BIO_get_buffer_num_lines() returns the number of lines buffered (may be 0).

    +

    BIO_set_read_buffer_size(), BIO_set_write_buffer_size() and BIO_set_buffer_size() +return 1 if the buffer was successfully resized or 0 for failure.

    +

    BIO_set_buffer_read_data() returns 1 if the data was set correctly or 0 if +there was an error.

    +

    +

    +
    +

    SEE ALSO

    +

    bio(7), +BIO_reset(3), +BIO_flush(3), +BIO_pop(3), +BIO_ctrl(3).

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_f_cipher.html b/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_f_cipher.html new file mode 100755 index 0000000..9d1ff23 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_f_cipher.html @@ -0,0 +1,106 @@ + + + + +BIO_f_cipher + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    BIO_f_cipher, BIO_set_cipher, BIO_get_cipher_status, BIO_get_cipher_ctx - cipher BIO filter

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bio.h>
+ #include <openssl/evp.h>
    +
    + const BIO_METHOD *BIO_f_cipher(void);
+ void BIO_set_cipher(BIO *b, const EVP_CIPHER *cipher,
+                     unsigned char *key, unsigned char *iv, int enc);
+ int BIO_get_cipher_status(BIO *b)
+ int BIO_get_cipher_ctx(BIO *b, EVP_CIPHER_CTX **pctx)
    +

    +

    +
    +

    DESCRIPTION

    +

    BIO_f_cipher() returns the cipher BIO method. This is a filter +BIO that encrypts any data written through it, and decrypts any data +read from it. It is a BIO wrapper for the cipher routines +EVP_CipherInit(), EVP_CipherUpdate() and EVP_CipherFinal().

    +

    Cipher BIOs do not support BIO_gets() or BIO_puts().

    +

    BIO_flush() on an encryption BIO that is being written through is +used to signal that no more data is to be encrypted: this is used +to flush and possibly pad the final block through the BIO.

    +

    BIO_set_cipher() sets the cipher of BIO b to cipher using key key +and IV iv. enc should be set to 1 for encryption and zero for +decryption.

    +

    When reading from an encryption BIO the final block is automatically +decrypted and checked when EOF is detected. BIO_get_cipher_status() +is a BIO_ctrl() macro which can be called to determine whether the +decryption operation was successful.

    +

    BIO_get_cipher_ctx() is a BIO_ctrl() macro which retrieves the internal +BIO cipher context. The retrieved context can be used in conjunction +with the standard cipher routines to set it up. This is useful when +BIO_set_cipher() is not flexible enough for the applications needs.

    +

    +

    +
    +

    NOTES

    +

    When encrypting BIO_flush() must be called to flush the final block +through the BIO. If it is not then the final block will fail a subsequent +decrypt.

    +

    When decrypting an error on the final block is signaled by a zero +return value from the read operation. A successful decrypt followed +by EOF will also return zero for the final read. BIO_get_cipher_status() +should be called to determine if the decrypt was successful.

    +

    As always, if BIO_gets() or BIO_puts() support is needed then it can +be achieved by preceding the cipher BIO with a buffering BIO.

    +

    +

    +
    +

    RETURN VALUES

    +

    BIO_f_cipher() returns the cipher BIO method.

    +

    BIO_set_cipher() does not return a value.

    +

    BIO_get_cipher_status() returns 1 for a successful decrypt and 0 +for failure.

    +

    BIO_get_cipher_ctx() currently always returns 1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_f_md.html b/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_f_md.html new file mode 100755 index 0000000..5c6cbd2 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_f_md.html @@ -0,0 +1,190 @@ + + + + +BIO_f_md + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BIO_f_md, BIO_set_md, BIO_get_md, BIO_get_md_ctx - message digest BIO filter

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bio.h>
+ #include <openssl/evp.h>
    +
    + const BIO_METHOD *BIO_f_md(void);
+ int BIO_set_md(BIO *b, EVP_MD *md);
+ int BIO_get_md(BIO *b, EVP_MD **mdp);
+ int BIO_get_md_ctx(BIO *b, EVP_MD_CTX **mdcp);
    +

    +

    +
    +

    DESCRIPTION

    +

    BIO_f_md() returns the message digest BIO method. This is a filter +BIO that digests any data passed through it, it is a BIO wrapper +for the digest routines EVP_DigestInit(), EVP_DigestUpdate() +and EVP_DigestFinal().

    +

    Any data written or read through a digest BIO using BIO_read_ex() and +BIO_write_ex() is digested.

    +

    BIO_gets(), if its size parameter is large enough finishes the +digest calculation and returns the digest value. BIO_puts() is +not supported.

    +

    BIO_reset() reinitialises a digest BIO.

    +

    BIO_set_md() sets the message digest of BIO b to md: this +must be called to initialize a digest BIO before any data is +passed through it. It is a BIO_ctrl() macro.

    +

    BIO_get_md() places the a pointer to the digest BIOs digest method +in mdp, it is a BIO_ctrl() macro.

    +

    BIO_get_md_ctx() returns the digest BIOs context into mdcp.

    +

    +

    +
    +

    NOTES

    +

    The context returned by BIO_get_md_ctx() can be used in calls +to EVP_DigestFinal() and also the signature routines EVP_SignFinal() +and EVP_VerifyFinal().

    +

    The context returned by BIO_get_md_ctx() is an internal context +structure. Changes made to this context will affect the digest +BIO itself and the context pointer will become invalid when the digest +BIO is freed.

    +

    After the digest has been retrieved from a digest BIO it must be +reinitialized by calling BIO_reset(), or BIO_set_md() before any more +data is passed through it.

    +

    If an application needs to call BIO_gets() or BIO_puts() through +a chain containing digest BIOs then this can be done by prepending +a buffering BIO.

    +

    Calling BIO_get_md_ctx() will return the context and initialize the BIO +state. This allows applications to initialize the context externally +if the standard calls such as BIO_set_md() are not sufficiently flexible.

    +

    +

    +
    +

    RETURN VALUES

    +

    BIO_f_md() returns the digest BIO method.

    +

    BIO_set_md(), BIO_get_md() and BIO_md_ctx() return 1 for success and +0 for failure.

    +

    +

    +
    +

    EXAMPLES

    +

    The following example creates a BIO chain containing an SHA1 and MD5 +digest BIO and passes the string "Hello World" through it. Error +checking has been omitted for clarity.

    +
    + BIO *bio, *mdtmp;
+ char message[] = "Hello World";
    +
    + bio = BIO_new(BIO_s_null());
+ mdtmp = BIO_new(BIO_f_md());
+ BIO_set_md(mdtmp, EVP_sha1());
+ /*
+  * For BIO_push() we want to append the sink BIO and keep a note of
+  * the start of the chain.
+  */
+ bio = BIO_push(mdtmp, bio);
+ mdtmp = BIO_new(BIO_f_md());
+ BIO_set_md(mdtmp, EVP_md5());
+ bio = BIO_push(mdtmp, bio);
+ /* Note: mdtmp can now be discarded */
+ BIO_write(bio, message, strlen(message));
    +

    The next example digests data by reading through a chain instead:

    +
    + BIO *bio, *mdtmp;
+ char buf[1024];
+ int rdlen;
    +
    + bio = BIO_new_file(file, "rb");
+ mdtmp = BIO_new(BIO_f_md());
+ BIO_set_md(mdtmp, EVP_sha1());
+ bio = BIO_push(mdtmp, bio);
+ mdtmp = BIO_new(BIO_f_md());
+ BIO_set_md(mdtmp, EVP_md5());
+ bio = BIO_push(mdtmp, bio);
+ do {
+     rdlen = BIO_read(bio, buf, sizeof(buf));
+     /* Might want to do something with the data here */
+ } while (rdlen > 0);
    +

    This next example retrieves the message digests from a BIO chain and +outputs them. This could be used with the examples above.

    +
    + BIO *mdtmp;
+ unsigned char mdbuf[EVP_MAX_MD_SIZE];
+ int mdlen;
+ int i;
    +
    + mdtmp = bio;   /* Assume bio has previously been set up */
+ do {
+     EVP_MD *md;
    +
    +     mdtmp = BIO_find_type(mdtmp, BIO_TYPE_MD);
+     if (!mdtmp)
+         break;
+     BIO_get_md(mdtmp, &md);
+     printf("%s digest", OBJ_nid2sn(EVP_MD_type(md)));
+     mdlen = BIO_gets(mdtmp, mdbuf, EVP_MAX_MD_SIZE);
+     for (i = 0; i < mdlen; i++) printf(":%02X", mdbuf[i]);
+     printf("\n");
+     mdtmp = BIO_next(mdtmp);
+ } while (mdtmp);
    +
    + BIO_free_all(bio);
    +

    +

    +
    +

    BUGS

    +

    The lack of support for BIO_puts() and the non standard behaviour of +BIO_gets() could be regarded as anomalous. It could be argued that BIO_gets() +and BIO_puts() should be passed to the next BIO in the chain and digest +the data passed through and that digests should be retrieved using a +separate BIO_ctrl() call.

    +

    +

    +
    +

    HISTORY

    +

    Before OpenSSL 1.0.0., the call to BIO_get_md_ctx() would only work if the +BIO was initialized first.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_f_null.html b/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_f_null.html new file mode 100755 index 0000000..d2f58d7 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_f_null.html @@ -0,0 +1,75 @@ + + + + +BIO_f_null + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    BIO_f_null - null filter

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bio.h>
    +
    + const BIO_METHOD *BIO_f_null(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    BIO_f_null() returns the null filter BIO method. This is a filter BIO +that does nothing.

    +

    All requests to a null filter BIO are passed through to the next BIO in +the chain: this means that a BIO chain containing a null filter BIO +behaves just as though the BIO was not there.

    +

    +

    +
    +

    NOTES

    +

    As may be apparent a null filter BIO is not particularly useful.

    +

    +

    +
    +

    RETURN VALUES

    +

    BIO_f_null() returns the null filter BIO method.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_f_prefix.html b/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_f_prefix.html new file mode 100755 index 0000000..07ef7fe --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_f_prefix.html @@ -0,0 +1,101 @@ + + + + +BIO_f_prefix + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BIO_f_prefix, BIO_set_prefix, BIO_set_indent, BIO_get_indent +- prefix BIO filter

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bio.h>
    +
    + const BIO_METHOD *BIO_f_prefix(void);
+ long BIO_set_prefix(BIO *b, const char *prefix);
+ long BIO_set_indent(BIO *b, long indent);
+ long BIO_get_indent(BIO *b);
    +

    +

    +
    +

    DESCRIPTION

    +

    BIO_f_cipher() returns the prefix BIO method. This is a filter for +text output, where each line gets automatically prefixed and indented +according to user input.

    +

    The prefix and the indentation are combined. For each line of output +going through this filter, the prefix is output first, then the amount +of additional spaces indicated by the indentation, and then the line +itself.

    +

    By default, there is no prefix, and indentation is set to 0.

    +

    BIO_set_prefix() sets the prefix to be used for future lines of +text, using prefix. prefix may be NULL, signifying that there +should be no prefix. If prefix isn't NULL, this function makes a +copy of it.

    +

    BIO_set_indent() sets the indentation to be used for future lines of +text, using indent. Negative values are not allowed.

    +

    BIO_get_indent() gets the current indentation.

    +

    +

    +
    +

    NOTES

    +

    BIO_set_prefix(), BIO_set_indent() and BIO_get_indent() are +implemented as macros.

    +

    +

    +
    +

    RETURN VALUES

    +

    BIO_f_prefix() returns the prefix BIO method.

    +

    BIO_set_prefix() returns 1 if the prefix was correctly set, or 0 on +failure.

    +

    BIO_set_indent() returns 1 if the prefix was correctly set, or 0 on +failure.

    +

    BIO_get_indent() returns the current indentation.

    +

    +

    +
    +

    SEE ALSO

    +

    bio(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_f_ssl.html b/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_f_ssl.html new file mode 100755 index 0000000..91ee468 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_f_ssl.html @@ -0,0 +1,322 @@ + + + + +BIO_f_ssl + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BIO_do_handshake, +BIO_f_ssl, BIO_set_ssl, BIO_get_ssl, BIO_set_ssl_mode, +BIO_set_ssl_renegotiate_bytes, +BIO_get_num_renegotiates, BIO_set_ssl_renegotiate_timeout, BIO_new_ssl, +BIO_new_ssl_connect, BIO_new_buffer_ssl_connect, BIO_ssl_copy_session_id, +BIO_ssl_shutdown - SSL BIO

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bio.h>
+ #include <openssl/ssl.h>
    +
    + const BIO_METHOD *BIO_f_ssl(void);
    +
    + long BIO_set_ssl(BIO *b, SSL *ssl, long c);
+ long BIO_get_ssl(BIO *b, SSL **sslp);
+ long BIO_set_ssl_mode(BIO *b, long client);
+ long BIO_set_ssl_renegotiate_bytes(BIO *b, long num);
+ long BIO_set_ssl_renegotiate_timeout(BIO *b, long seconds);
+ long BIO_get_num_renegotiates(BIO *b);
    +
    + BIO *BIO_new_ssl(SSL_CTX *ctx, int client);
+ BIO *BIO_new_ssl_connect(SSL_CTX *ctx);
+ BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx);
+ int BIO_ssl_copy_session_id(BIO *to, BIO *from);
+ void BIO_ssl_shutdown(BIO *bio);
    +
    + long BIO_do_handshake(BIO *b);
    +

    +

    +
    +

    DESCRIPTION

    +

    BIO_f_ssl() returns the SSL BIO method. This is a filter BIO which +is a wrapper round the OpenSSL SSL routines adding a BIO "flavour" to +SSL I/O.

    +

    I/O performed on an SSL BIO communicates using the SSL protocol with +the SSLs read and write BIOs. If an SSL connection is not established +then an attempt is made to establish one on the first I/O call.

    +

    If a BIO is appended to an SSL BIO using BIO_push() it is automatically +used as the SSL BIOs read and write BIOs.

    +

    Calling BIO_reset() on an SSL BIO closes down any current SSL connection +by calling SSL_shutdown(). BIO_reset() is then sent to the next BIO in +the chain: this will typically disconnect the underlying transport. +The SSL BIO is then reset to the initial accept or connect state.

    +

    If the close flag is set when an SSL BIO is freed then the internal +SSL structure is also freed using SSL_free().

    +

    BIO_set_ssl() sets the internal SSL pointer of BIO b to ssl using +the close flag c.

    +

    BIO_get_ssl() retrieves the SSL pointer of BIO b, it can then be +manipulated using the standard SSL library functions.

    +

    BIO_set_ssl_mode() sets the SSL BIO mode to client. If client +is 1 client mode is set. If client is 0 server mode is set.

    +

    BIO_set_ssl_renegotiate_bytes() sets the renegotiate byte count +to num. When set after every num bytes of I/O (read and write) +the SSL session is automatically renegotiated. num must be at +least 512 bytes.

    +

    BIO_set_ssl_renegotiate_timeout() sets the renegotiate timeout to +seconds. When the renegotiate timeout elapses the session is +automatically renegotiated.

    +

    BIO_get_num_renegotiates() returns the total number of session +renegotiations due to I/O or timeout.

    +

    BIO_new_ssl() allocates an SSL BIO using SSL_CTX ctx and using +client mode if client is non zero.

    +

    BIO_new_ssl_connect() creates a new BIO chain consisting of an +SSL BIO (using ctx) followed by a connect BIO.

    +

    BIO_new_buffer_ssl_connect() creates a new BIO chain consisting +of a buffering BIO, an SSL BIO (using ctx) and a connect +BIO.

    +

    BIO_ssl_copy_session_id() copies an SSL session id between +BIO chains from and to. It does this by locating the +SSL BIOs in each chain and calling SSL_copy_session_id() on +the internal SSL pointer.

    +

    BIO_ssl_shutdown() closes down an SSL connection on BIO +chain bio. It does this by locating the SSL BIO in the +chain and calling SSL_shutdown() on its internal SSL +pointer.

    +

    BIO_do_handshake() attempts to complete an SSL handshake on the +supplied BIO and establish the SSL connection. It returns 1 +if the connection was established successfully. A zero or negative +value is returned if the connection could not be established, the +call BIO_should_retry() should be used for non blocking connect BIOs +to determine if the call should be retried. If an SSL connection has +already been established this call has no effect.

    +

    +

    +
    +

    NOTES

    +

    SSL BIOs are exceptional in that if the underlying transport +is non blocking they can still request a retry in exceptional +circumstances. Specifically this will happen if a session +renegotiation takes place during a BIO_read_ex() operation, one +case where this happens is when step up occurs.

    +

    The SSL flag SSL_AUTO_RETRY can be +set to disable this behaviour. That is when this flag is set +an SSL BIO using a blocking transport will never request a +retry.

    +

    Since unknown BIO_ctrl() operations are sent through filter +BIOs the servers name and port can be set using BIO_set_host() +on the BIO returned by BIO_new_ssl_connect() without having +to locate the connect BIO first.

    +

    Applications do not have to call BIO_do_handshake() but may wish +to do so to separate the handshake process from other I/O +processing.

    +

    BIO_set_ssl(), BIO_get_ssl(), BIO_set_ssl_mode(), +BIO_set_ssl_renegotiate_bytes(), BIO_set_ssl_renegotiate_timeout(), +BIO_get_num_renegotiates(), and BIO_do_handshake() are implemented as macros.

    +

    +

    +
    +

    RETURN VALUES

    +

    BIO_f_ssl() returns the SSL BIO_METHOD structure.

    +

    BIO_set_ssl(), BIO_get_ssl(), BIO_set_ssl_mode(), BIO_set_ssl_renegotiate_bytes(), +BIO_set_ssl_renegotiate_timeout() and BIO_get_num_renegotiates() return 1 on +success or a value which is less than or equal to 0 if an error occurred.

    +

    BIO_new_ssl(), BIO_new_ssl_connect() and BIO_new_buffer_ssl_connect() return +a valid BIO structure on success or NULL if an error occurred.

    +

    BIO_ssl_copy_session_id() returns 1 on success or 0 on error.

    +

    BIO_do_handshake() returns 1 if the connection was established successfully. +A zero or negative value is returned if the connection could not be established.

    +

    +

    +
    +

    EXAMPLES

    +

    This SSL/TLS client example attempts to retrieve a page from an +SSL/TLS web server. The I/O routines are identical to those of the +unencrypted example in BIO_s_connect(3).

    +
    + BIO *sbio, *out;
+ int len;
+ char tmpbuf[1024];
+ SSL_CTX *ctx;
+ SSL *ssl;
    +
    + /* XXX Seed the PRNG if needed. */
    +
    + ctx = SSL_CTX_new(TLS_client_method());
    +
    + /* XXX Set verify paths and mode here. */
    +
    + sbio = BIO_new_ssl_connect(ctx);
+ BIO_get_ssl(sbio, &ssl);
+ if (ssl == NULL) {
+     fprintf(stderr, "Can't locate SSL pointer\n");
+     ERR_print_errors_fp(stderr);
+     exit(1);
+ }
    +
    + /* Don't want any retries */
+ SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
    +
    + /* XXX We might want to do other things with ssl here */
    +
    + /* An empty host part means the loopback address */
+ BIO_set_conn_hostname(sbio, ":https");
    +
    + out = BIO_new_fp(stdout, BIO_NOCLOSE);
+ if (BIO_do_connect(sbio) <= 0) {
+     fprintf(stderr, "Error connecting to server\n");
+     ERR_print_errors_fp(stderr);
+     exit(1);
+ }
+ if (BIO_do_handshake(sbio) <= 0) {
+     fprintf(stderr, "Error establishing SSL connection\n");
+     ERR_print_errors_fp(stderr);
+     exit(1);
+ }
    +
    + /* XXX Could examine ssl here to get connection info */
    +
    + BIO_puts(sbio, "GET / HTTP/1.0\n\n");
+ for (;;) {
+     len = BIO_read(sbio, tmpbuf, 1024);
+     if (len <= 0)
+         break;
+     BIO_write(out, tmpbuf, len);
+ }
+ BIO_free_all(sbio);
+ BIO_free(out);
    +

    Here is a simple server example. It makes use of a buffering +BIO to allow lines to be read from the SSL BIO using BIO_gets. +It creates a pseudo web page containing the actual request from +a client and also echoes the request to standard output.

    +
    + BIO *sbio, *bbio, *acpt, *out;
+ int len;
+ char tmpbuf[1024];
+ SSL_CTX *ctx;
+ SSL *ssl;
    +
    + /* XXX Seed the PRNG if needed. */
    +
    + ctx = SSL_CTX_new(TLS_server_method());
+ if (!SSL_CTX_use_certificate_file(ctx, "server.pem", SSL_FILETYPE_PEM)
+         || !SSL_CTX_use_PrivateKey_file(ctx, "server.pem", SSL_FILETYPE_PEM)
+         || !SSL_CTX_check_private_key(ctx)) {
+     fprintf(stderr, "Error setting up SSL_CTX\n");
+     ERR_print_errors_fp(stderr);
+     exit(1);
+ }
    +
    + /* XXX Other things like set verify locations, EDH temp callbacks. */
    +
    + /* New SSL BIO setup as server */
+ sbio = BIO_new_ssl(ctx, 0);
+ BIO_get_ssl(sbio, &ssl);
+ if (ssl == NULL) {
+     fprintf(stderr, "Can't locate SSL pointer\n");
+     ERR_print_errors_fp(stderr);
+     exit(1);
+ }
    +
    + SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
+ bbio = BIO_new(BIO_f_buffer());
+ sbio = BIO_push(bbio, sbio);
+ acpt = BIO_new_accept("4433");
    +
    + /*
+  * By doing this when a new connection is established
+  * we automatically have sbio inserted into it. The
+  * BIO chain is now 'swallowed' by the accept BIO and
+  * will be freed when the accept BIO is freed.
+  */
+ BIO_set_accept_bios(acpt, sbio);
+ out = BIO_new_fp(stdout, BIO_NOCLOSE);
    +
    + /* Setup accept BIO */
+ if (BIO_do_accept(acpt) <= 0) {
+     fprintf(stderr, "Error setting up accept BIO\n");
+     ERR_print_errors_fp(stderr);
+     exit(1);
+ }
    +
    + /* We only want one connection so remove and free accept BIO */
+ sbio = BIO_pop(acpt);
+ BIO_free_all(acpt);
    +
    + if (BIO_do_handshake(sbio) <= 0) {
+     fprintf(stderr, "Error in SSL handshake\n");
+     ERR_print_errors_fp(stderr);
+     exit(1);
+ }
    +
    + BIO_puts(sbio, "HTTP/1.0 200 OK\r\nContent-type: text/plain\r\n\r\n");
+ BIO_puts(sbio, "\r\nConnection Established\r\nRequest headers:\r\n");
+ BIO_puts(sbio, "--------------------------------------------------\r\n");
    +
    + for (;;) {
+     len = BIO_gets(sbio, tmpbuf, 1024);
+     if (len <= 0)
+         break;
+     BIO_write(sbio, tmpbuf, len);
+     BIO_write(out, tmpbuf, len);
+     /* Look for blank line signifying end of headers*/
+     if (tmpbuf[0] == '\r' || tmpbuf[0] == '\n')
+         break;
+ }
    +
    + BIO_puts(sbio, "--------------------------------------------------\r\n");
+ BIO_puts(sbio, "\r\n");
+ BIO_flush(sbio);
+ BIO_free_all(sbio);
    +

    +

    +
    +

    HISTORY

    +

    In OpenSSL before 1.0.0 the BIO_pop() call was handled incorrectly, +the I/O BIO reference count was incorrectly incremented (instead of +decremented) and dissociated with the SSL BIO even if the SSL BIO was not +explicitly being popped (e.g. a pop higher up the chain). Applications which +included workarounds for this bug (e.g. freeing BIOs more than once) should +be modified to handle this fix or they may free up an already freed BIO.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_find_type.html b/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_find_type.html new file mode 100755 index 0000000..fed88bc --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_find_type.html @@ -0,0 +1,100 @@ + + + + +BIO_find_type + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BIO_find_type, BIO_next, BIO_method_type - BIO chain traversal

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bio.h>
    +
    + BIO *BIO_find_type(BIO *b, int bio_type);
+ BIO *BIO_next(BIO *b);
+ int BIO_method_type(const BIO *b);
    +

    +

    +
    +

    DESCRIPTION

    +

    The BIO_find_type() searches for a BIO of a given type in a chain, starting +at BIO b. If type is a specific type (such as BIO_TYPE_MEM) then a search +is made for a BIO of that type. If type is a general type (such as +BIO_TYPE_SOURCE_SINK) then the next matching BIO of the given general type is +searched for. BIO_find_type() returns the next matching BIO or NULL if none is +found.

    +

    The following general types are defined: +BIO_TYPE_DESCRIPTOR, BIO_TYPE_FILTER, and BIO_TYPE_SOURCE_SINK.

    +

    For a list of the specific types, see the openssl/bio.h header file.

    +

    BIO_next() returns the next BIO in a chain. It can be used to traverse all BIOs +in a chain or used in conjunction with BIO_find_type() to find all BIOs of a +certain type.

    +

    BIO_method_type() returns the type of a BIO.

    +

    +

    +
    +

    RETURN VALUES

    +

    BIO_find_type() returns a matching BIO or NULL for no match.

    +

    BIO_next() returns the next BIO in a chain.

    +

    BIO_method_type() returns the type of the BIO b.

    +

    +

    +
    +

    EXAMPLES

    +

    Traverse a chain looking for digest BIOs:

    +
    + BIO *btmp;
    +
    + btmp = in_bio; /* in_bio is chain to search through */
+ do {
+     btmp = BIO_find_type(btmp, BIO_TYPE_MD);
+     if (btmp == NULL)
+         break; /* Not found */
+     /* btmp is a digest BIO, do something with it ...*/
+     ...
    +
    +     btmp = BIO_next(btmp);
+ } while (btmp);
    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_get_data.html b/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_get_data.html new file mode 100755 index 0000000..668578b --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_get_data.html @@ -0,0 +1,99 @@ + + + + +BIO_get_data + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BIO_set_data, BIO_get_data, BIO_set_init, BIO_get_init, BIO_set_shutdown, +BIO_get_shutdown - functions for managing BIO state information

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bio.h>
    +
    + void BIO_set_data(BIO *a, void *ptr);
+ void *BIO_get_data(BIO *a);
+ void BIO_set_init(BIO *a, int init);
+ int BIO_get_init(BIO *a);
+ void BIO_set_shutdown(BIO *a, int shut);
+ int BIO_get_shutdown(BIO *a);
    +

    +

    +
    +

    DESCRIPTION

    +

    These functions are mainly useful when implementing a custom BIO.

    +

    The BIO_set_data() function associates the custom data pointed to by ptr with +the BIO. This data can subsequently be retrieved via a call to BIO_get_data(). +This can be used by custom BIOs for storing implementation specific information.

    +

    The BIO_set_init() function sets the value of the BIO's "init" flag to indicate +whether initialisation has been completed for this BIO or not. A nonzero value +indicates that initialisation is complete, whilst zero indicates that it is not. +Often initialisation will complete during initial construction of the BIO. For +some BIOs however, initialisation may not complete until after additional steps +have occurred (for example through calling custom ctrls). The BIO_get_init() +function returns the value of the "init" flag.

    +

    The BIO_set_shutdown() and BIO_get_shutdown() functions set and get the state of +this BIO's shutdown (i.e. BIO_CLOSE) flag. If set then the underlying resource +is also closed when the BIO is freed.

    +

    +

    +
    +

    RETURN VALUES

    +

    BIO_get_data() returns a pointer to the implementation specific custom data +associated with this BIO, or NULL if none has been set.

    +

    BIO_get_init() returns the state of the BIO's init flag.

    +

    BIO_get_shutdown() returns the stat of the BIO's shutdown (i.e. BIO_CLOSE) flag.

    +

    +

    +
    +

    SEE ALSO

    +

    bio(7), BIO_meth_new(3)

    +

    +

    +
    +

    HISTORY

    +

    The functions described here were added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_get_ex_new_index.html b/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_get_ex_new_index.html new file mode 100755 index 0000000..927aebc --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_get_ex_new_index.html @@ -0,0 +1,124 @@ + + + + +BIO_get_ex_new_index + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BIO_get_ex_new_index, BIO_set_ex_data, BIO_get_ex_data, +BIO_set_app_data, BIO_get_app_data, +DH_get_ex_new_index, DH_set_ex_data, DH_get_ex_data, +DSA_get_ex_new_index, DSA_set_ex_data, DSA_get_ex_data, +ECDH_get_ex_new_index, ECDH_set_ex_data, ECDH_get_ex_data, +EC_KEY_get_ex_new_index, EC_KEY_set_ex_data, EC_KEY_get_ex_data, +ENGINE_get_ex_new_index, ENGINE_set_ex_data, ENGINE_get_ex_data, +RAND_DRBG_set_ex_data, RAND_DRBG_get_ex_data, RAND_DRBG_get_ex_new_index, +RSA_get_ex_new_index, RSA_set_ex_data, RSA_get_ex_data, +RSA_set_app_data, RSA_get_app_data, +SSL_get_ex_new_index, SSL_set_ex_data, SSL_get_ex_data, +SSL_set_app_data, SSL_get_app_data, +SSL_CTX_get_ex_new_index, SSL_CTX_set_ex_data, SSL_CTX_get_ex_data, +SSL_CTX_set_app_data, SSL_CTX_get_app_data, +SSL_SESSION_get_ex_new_index, SSL_SESSION_set_ex_data, SSL_SESSION_get_ex_data, +SSL_SESSION_set_app_data, SSL_SESSION_get_app_data, +UI_get_ex_new_index, UI_set_ex_data, UI_get_ex_data, +UI_set_app_data, UI_get_app_data, +X509_STORE_CTX_get_ex_new_index, X509_STORE_CTX_set_ex_data, X509_STORE_CTX_get_ex_data, +X509_STORE_CTX_set_app_data, X509_STORE_CTX_get_app_data, +X509_STORE_get_ex_new_index, X509_STORE_set_ex_data, X509_STORE_get_ex_data, +X509_get_ex_new_index, X509_set_ex_data, X509_get_ex_data +- application-specific data

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509.h>
    +
    + int TYPE_get_ex_new_index(long argl, void *argp,
+                           CRYPTO_EX_new *new_func,
+                           CRYPTO_EX_dup *dup_func,
+                           CRYPTO_EX_free *free_func);
    +
    + int TYPE_set_ex_data(TYPE *d, int idx, void *arg);
    +
    + void *TYPE_get_ex_data(TYPE *d, int idx);
    +
    + #define TYPE_set_app_data(TYPE *d, void *arg)
+ #define TYPE_get_app_data(TYPE *d)
    +

    +

    +
    +

    DESCRIPTION

    +

    In the description here, TYPE is used a placeholder +for any of the OpenSSL datatypes listed in +CRYPTO_get_ex_new_index(3).

    +

    These functions handle application-specific data for OpenSSL data +structures.

    +

    TYPE_get_new_ex_index() is a macro that calls CRYPTO_get_ex_new_index() +with the correct index value.

    +

    TYPE_set_ex_data() is a function that calls CRYPTO_set_ex_data() with +an offset into the opaque exdata part of the TYPE object.

    +

    TYPE_get_ex_data() is a function that calls CRYPTO_get_ex_data() with +an offset into the opaque exdata part of the TYPE object.

    +

    For compatibility with previous releases, the exdata index of zero is +reserved for "application data." There are two convenience functions for +this. +TYPE_set_app_data() is a macro that invokes TYPE_set_ex_data() with +idx set to zero. +TYPE_get_app_data() is a macro that invokes TYPE_get_ex_data() with +idx set to zero. +Note that these functions are not defined for the RAND_DRBG type because +there are no backward compatibility concerns.

    +

    +

    +
    +

    RETURN VALUES

    +

    TYPE_get_new_ex_index() returns a new index on success or -1 on error.

    +

    TYPE_set_ex_data() returns 1 on success or 0 on error.

    +

    TYPE_get_ex_data() returns the application data or NULL if an error occurred.

    +

    +

    +
    +

    SEE ALSO

    +

    CRYPTO_get_ex_new_index(3).

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_meth_new.html b/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_meth_new.html new file mode 100755 index 0000000..2263809 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_meth_new.html @@ -0,0 +1,189 @@ + + + + +BIO_meth_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BIO_get_new_index, +BIO_meth_new, BIO_meth_free, BIO_meth_get_read_ex, BIO_meth_set_read_ex, +BIO_meth_get_write_ex, BIO_meth_set_write_ex, BIO_meth_get_write, +BIO_meth_set_write, BIO_meth_get_read, BIO_meth_set_read, BIO_meth_get_puts, +BIO_meth_set_puts, BIO_meth_get_gets, BIO_meth_set_gets, BIO_meth_get_ctrl, +BIO_meth_set_ctrl, BIO_meth_get_create, BIO_meth_set_create, +BIO_meth_get_destroy, BIO_meth_set_destroy, BIO_meth_get_callback_ctrl, +BIO_meth_set_callback_ctrl - Routines to build up BIO methods

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bio.h>
    +
    + int BIO_get_new_index(void);
    +
    + BIO_METHOD *BIO_meth_new(int type, const char *name);
    +
    + void BIO_meth_free(BIO_METHOD *biom);
    +
    + int (*BIO_meth_get_write_ex(const BIO_METHOD *biom))(BIO *, const char *, size_t,
+                                                size_t *);
+ int (*BIO_meth_get_write(const BIO_METHOD *biom))(BIO *, const char *, int);
+ int BIO_meth_set_write_ex(BIO_METHOD *biom,
+                           int (*bwrite)(BIO *, const char *, size_t, size_t *));
+ int BIO_meth_set_write(BIO_METHOD *biom,
+                        int (*write)(BIO *, const char *, int));
    +
    + int (*BIO_meth_get_read_ex(const BIO_METHOD *biom))(BIO *, char *, size_t, size_t *);
+ int (*BIO_meth_get_read(const BIO_METHOD *biom))(BIO *, char *, int);
+ int BIO_meth_set_read_ex(BIO_METHOD *biom,
+                          int (*bread)(BIO *, char *, size_t, size_t *));
+ int BIO_meth_set_read(BIO_METHOD *biom, int (*read)(BIO *, char *, int));
    +
    + int (*BIO_meth_get_puts(const BIO_METHOD *biom))(BIO *, const char *);
+ int BIO_meth_set_puts(BIO_METHOD *biom, int (*puts)(BIO *, const char *));
    +
    + int (*BIO_meth_get_gets(const BIO_METHOD *biom))(BIO *, char *, int);
+ int BIO_meth_set_gets(BIO_METHOD *biom,
+                       int (*gets)(BIO *, char *, int));
    +
    + long (*BIO_meth_get_ctrl(const BIO_METHOD *biom))(BIO *, int, long, void *);
+ int BIO_meth_set_ctrl(BIO_METHOD *biom,
+                       long (*ctrl)(BIO *, int, long, void *));
    +
    + int (*BIO_meth_get_create(const BIO_METHOD *bion))(BIO *);
+ int BIO_meth_set_create(BIO_METHOD *biom, int (*create)(BIO *));
    +
    + int (*BIO_meth_get_destroy(const BIO_METHOD *biom))(BIO *);
+ int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy)(BIO *));
    +
    + long (*BIO_meth_get_callback_ctrl(const BIO_METHOD *biom))(BIO *, int, BIO_info_cb *);
+ int BIO_meth_set_callback_ctrl(BIO_METHOD *biom,
+                                long (*callback_ctrl)(BIO *, int, BIO_info_cb *));
    +

    +

    +
    +

    DESCRIPTION

    +

    The BIO_METHOD type is a structure used for the implementation of new BIO +types. It provides a set of functions used by OpenSSL for the implementation +of the various BIO capabilities. See the bio(7) page for more information.

    +

    BIO_meth_new() creates a new BIO_METHOD structure. It should be given a +unique integer type and a string that represents its name. +Use BIO_get_new_index() to get the value for type.

    +

    The set of +standard OpenSSL provided BIO types is provided in bio.h. Some examples +include BIO_TYPE_BUFFER and BIO_TYPE_CIPHER. Filter BIOs should have a +type which have the "filter" bit set (BIO_TYPE_FILTER). Source/sink BIOs +should have the "source/sink" bit set (BIO_TYPE_SOURCE_SINK). File descriptor +based BIOs (e.g. socket, fd, connect, accept etc) should additionally have the +"descriptor" bit set (BIO_TYPE_DESCRIPTOR). See the BIO_find_type(3) page for +more information.

    +

    BIO_meth_free() destroys a BIO_METHOD structure and frees up any memory +associated with it.

    +

    BIO_meth_get_write_ex() and BIO_meth_set_write_ex() get and set the function +used for writing arbitrary length data to the BIO respectively. This function +will be called in response to the application calling BIO_write_ex() or +BIO_write(). The parameters for the function have the same meaning as for +BIO_write_ex(). Older code may call BIO_meth_get_write() and +BIO_meth_set_write() instead. Applications should not call both +BIO_meth_set_write_ex() and BIO_meth_set_write() or call BIO_meth_get_write() +when the function was set with BIO_meth_set_write_ex().

    +

    BIO_meth_get_read_ex() and BIO_meth_set_read_ex() get and set the function used +for reading arbitrary length data from the BIO respectively. This function will +be called in response to the application calling BIO_read_ex() or BIO_read(). +The parameters for the function have the same meaning as for BIO_read_ex(). +Older code may call BIO_meth_get_read() and BIO_meth_set_read() instead. +Applications should not call both BIO_meth_set_read_ex() and BIO_meth_set_read() +or call BIO_meth_get_read() when the function was set with +BIO_meth_set_read_ex().

    +

    BIO_meth_get_puts() and BIO_meth_set_puts() get and set the function used for +writing a NULL terminated string to the BIO respectively. This function will be +called in response to the application calling BIO_puts(). The parameters for +the function have the same meaning as for BIO_puts().

    +

    BIO_meth_get_gets() and BIO_meth_set_gets() get and set the function typically +used for reading a line of data from the BIO respectively (see the BIO_gets(3) +page for more information). This function will be called in response to the +application calling BIO_gets(). The parameters for the function have the same +meaning as for BIO_gets().

    +

    BIO_meth_get_ctrl() and BIO_meth_set_ctrl() get and set the function used for +processing ctrl messages in the BIO respectively. See the BIO_ctrl(3) page for +more information. This function will be called in response to the application +calling BIO_ctrl(). The parameters for the function have the same meaning as for +BIO_ctrl().

    +

    BIO_meth_get_create() and BIO_meth_set_create() get and set the function used +for creating a new instance of the BIO respectively. This function will be +called in response to the application calling BIO_new() and passing +in a pointer to the current BIO_METHOD. The BIO_new() function will allocate the +memory for the new BIO, and a pointer to this newly allocated structure will +be passed as a parameter to the function.

    +

    BIO_meth_get_destroy() and BIO_meth_set_destroy() get and set the function used +for destroying an instance of a BIO respectively. This function will be +called in response to the application calling BIO_free(). A pointer to the BIO +to be destroyed is passed as a parameter. The destroy function should be used +for BIO specific clean up. The memory for the BIO itself should not be freed by +this function.

    +

    BIO_meth_get_callback_ctrl() and BIO_meth_set_callback_ctrl() get and set the +function used for processing callback ctrl messages in the BIO respectively. See +the BIO_callback_ctrl(3) page for more information. This function will be called +in response to the application calling BIO_callback_ctrl(). The parameters for +the function have the same meaning as for BIO_callback_ctrl().

    +

    +

    +
    +

    RETURN VALUES

    +

    BIO_get_new_index() returns the new BIO type value or -1 if an error occurred.

    +

    BIO_meth_new(int type, const char *name) returns a valid BIO_METHOD or NULL +if an error occurred.

    +

    The BIO_meth_set functions return 1 on success or 0 on error.

    +

    The BIO_meth_get functions return the corresponding function pointers.

    +

    +

    +
    +

    SEE ALSO

    +

    bio(7), BIO_find_type(3), BIO_ctrl(3), BIO_read_ex(3), BIO_new(3)

    +

    +

    +
    +

    HISTORY

    +

    The functions described here were added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_new.html b/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_new.html new file mode 100755 index 0000000..4dff444 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_new.html @@ -0,0 +1,106 @@ + + + + +BIO_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BIO_new, BIO_up_ref, BIO_free, BIO_vfree, BIO_free_all +- BIO allocation and freeing functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bio.h>
    +
    + BIO *  BIO_new(const BIO_METHOD *type);
+ int    BIO_up_ref(BIO *a);
+ int    BIO_free(BIO *a);
+ void   BIO_vfree(BIO *a);
+ void   BIO_free_all(BIO *a);
    +

    +

    +
    +

    DESCRIPTION

    +

    The BIO_new() function returns a new BIO using method type.

    +

    BIO_up_ref() increments the reference count associated with the BIO object.

    +

    BIO_free() frees up a single BIO, BIO_vfree() also frees up a single BIO +but it does not return a value. +If a is NULL nothing is done. +Calling BIO_free() may also have some effect +on the underlying I/O structure, for example it may close the file being +referred to under certain circumstances. For more details see the individual +BIO_METHOD descriptions.

    +

    BIO_free_all() frees up an entire BIO chain, it does not halt if an error +occurs freeing up an individual BIO in the chain. +If a is NULL nothing is done.

    +

    +

    +
    +

    RETURN VALUES

    +

    BIO_new() returns a newly created BIO or NULL if the call fails.

    +

    BIO_up_ref() and BIO_free() return 1 for success and 0 for failure.

    +

    BIO_free_all() and BIO_vfree() do not return values.

    +

    +

    +
    +

    NOTES

    +

    If BIO_free() is called on a BIO chain it will only free one BIO resulting +in a memory leak.

    +

    Calling BIO_free_all() on a single BIO has the same effect as calling BIO_free() +on it other than the discarded return value.

    +

    +

    +
    +

    HISTORY

    +

    BIO_set() was removed in OpenSSL 1.1.0 as BIO type is now opaque.

    +

    +

    +
    +

    EXAMPLES

    +

    Create a memory BIO:

    +
    + BIO *mem = BIO_new(BIO_s_mem());
    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_new_CMS.html b/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_new_CMS.html new file mode 100755 index 0000000..f150a9f --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_new_CMS.html @@ -0,0 +1,113 @@ + + + + +BIO_new_CMS + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BIO_new_CMS - CMS streaming filter BIO

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/cms.h>
    +
    + BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms);
    +

    +

    +
    +

    DESCRIPTION

    +

    BIO_new_CMS() returns a streaming filter BIO chain based on cms. The output +of the filter is written to out. Any data written to the chain is +automatically translated to a BER format CMS structure of the appropriate type.

    +

    +

    +
    +

    NOTES

    +

    The chain returned by this function behaves like a standard filter BIO. It +supports non blocking I/O. Content is processed and streamed on the fly and not +all held in memory at once: so it is possible to encode very large structures. +After all content has been written through the chain BIO_flush() must be called +to finalise the structure.

    +

    The CMS_STREAM flag must be included in the corresponding flags +parameter of the cms creation function.

    +

    If an application wishes to write additional data to out BIOs should be +removed from the chain using BIO_pop() and freed with BIO_free() until out +is reached. If no additional data needs to be written BIO_free_all() can be +called to free up the whole chain.

    +

    Any content written through the filter is used verbatim: no canonical +translation is performed.

    +

    It is possible to chain multiple BIOs to, for example, create a triple wrapped +signed, enveloped, signed structure. In this case it is the applications +responsibility to set the inner content type of any outer CMS_ContentInfo +structures.

    +

    Large numbers of small writes through the chain should be avoided as this will +produce an output consisting of lots of OCTET STRING structures. Prepending +a BIO_f_buffer() buffering BIO will prevent this.

    +

    +

    +
    +

    BUGS

    +

    There is currently no corresponding inverse BIO: i.e. one which can decode +a CMS structure on the fly.

    +

    +

    +
    +

    RETURN VALUES

    +

    BIO_new_CMS() returns a BIO chain when successful or NULL if an error +occurred. The error can be obtained from ERR_get_error(3).

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), CMS_sign(3), +CMS_encrypt(3)

    +

    +

    +
    +

    HISTORY

    +

    The BIO_new_CMS() function was added in OpenSSL 1.0.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_parse_hostserv.html b/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_parse_hostserv.html new file mode 100755 index 0000000..82ac841 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_parse_hostserv.html @@ -0,0 +1,111 @@ + + + + +BIO_parse_hostserv + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BIO_hostserv_priorities, +BIO_parse_hostserv +- utility routines to parse a standard host and service string

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bio.h>
    +
    + enum BIO_hostserv_priorities {
+     BIO_PARSE_PRIO_HOST, BIO_PARSE_PRIO_SERV
+ };
+ int BIO_parse_hostserv(const char *hostserv, char **host, char **service,
+                        enum BIO_hostserv_priorities hostserv_prio);
    +

    +

    +
    +

    DESCRIPTION

    +

    BIO_parse_hostserv() will parse the information given in hostserv, +create strings with the hostname and service name and give those +back via host and service. Those will need to be freed after +they are used. hostserv_prio helps determine if hostserv shall +be interpreted primarily as a hostname or a service name in ambiguous +cases.

    +

    The syntax the BIO_parse_hostserv() recognises is:

    +
    + host + ':' + service
+ host + ':' + '*'
+ host + ':'
+        ':' + service
+ '*'  + ':' + service
+ host
+ service
    +

    The host part can be a name or an IP address. If it's a IPv6 +address, it MUST be enclosed in brackets, such as '[::1]'.

    +

    The service part can be a service name or its port number.

    +

    The returned values will depend on the given hostserv string +and hostserv_prio, as follows:

    +
    + host + ':' + service  => *host = "host", *service = "service"
+ host + ':' + '*'      => *host = "host", *service = NULL
+ host + ':'            => *host = "host", *service = NULL
+        ':' + service  => *host = NULL, *service = "service"
+  '*' + ':' + service  => *host = NULL, *service = "service"
    +
    + in case no ':' is present in the string, the result depends on
+ hostserv_prio, as follows:
    +
    + when hostserv_prio == BIO_PARSE_PRIO_HOST
+ host                 => *host = "host", *service untouched
    +
    + when hostserv_prio == BIO_PARSE_PRIO_SERV
+ service              => *host untouched, *service = "service"
    +

    +

    +
    +

    RETURN VALUES

    +

    BIO_parse_hostserv() returns 1 on success or 0 on error.

    +

    +

    +
    +

    SEE ALSO

    +

    BIO_ADDRINFO(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_printf.html b/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_printf.html new file mode 100755 index 0000000..cd3bd53 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_printf.html @@ -0,0 +1,82 @@ + + + + +BIO_printf + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    BIO_printf, BIO_vprintf, BIO_snprintf, BIO_vsnprintf +- formatted output to a BIO

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bio.h>
    +
    + int BIO_printf(BIO *bio, const char *format, ...)
+ int BIO_vprintf(BIO *bio, const char *format, va_list args)
    +
    + int BIO_snprintf(char *buf, size_t n, const char *format, ...)
+ int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
    +

    +

    +
    +

    DESCRIPTION

    +

    BIO_printf() is similar to the standard C printf() function, except that +the output is sent to the specified BIO, bio, rather than standard +output. All common format specifiers are supported.

    +

    BIO_vprintf() is similar to the vprintf() function found on many platforms, +the output is sent to the specified BIO, bio, rather than standard +output. All common format specifiers are supported. The argument +list args is a stdarg argument list.

    +

    BIO_snprintf() is for platforms that do not have the common snprintf() +function. It is like sprintf() except that the size parameter, n, +specifies the size of the output buffer.

    +

    BIO_vsnprintf() is to BIO_snprintf() as BIO_vprintf() is to BIO_printf().

    +

    +

    +
    +

    RETURN VALUES

    +

    All functions return the number of bytes written, or -1 on error. +For BIO_snprintf() and BIO_vsnprintf() this includes when the output +buffer is too small.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_push.html b/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_push.html new file mode 100755 index 0000000..0ebe8f8 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_push.html @@ -0,0 +1,123 @@ + + + + +BIO_push + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BIO_push, BIO_pop, BIO_set_next - add and remove BIOs from a chain

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bio.h>
    +
    + BIO *BIO_push(BIO *b, BIO *append);
+ BIO *BIO_pop(BIO *b);
+ void BIO_set_next(BIO *b, BIO *next);
    +

    +

    +
    +

    DESCRIPTION

    +

    The BIO_push() function appends the BIO append to b, it returns +b.

    +

    BIO_pop() removes the BIO b from a chain and returns the next BIO +in the chain, or NULL if there is no next BIO. The removed BIO then +becomes a single BIO with no association with the original chain, +it can thus be freed or attached to a different chain.

    +

    BIO_set_next() replaces the existing next BIO in a chain with the BIO pointed to +by next. The new chain may include some of the same BIOs from the old chain +or it may be completely different.

    +

    +

    +
    +

    NOTES

    +

    The names of these functions are perhaps a little misleading. BIO_push() +joins two BIO chains whereas BIO_pop() deletes a single BIO from a chain, +the deleted BIO does not need to be at the end of a chain.

    +

    The process of calling BIO_push() and BIO_pop() on a BIO may have additional +consequences (a control call is made to the affected BIOs) any effects will +be noted in the descriptions of individual BIOs.

    +

    +

    +
    +

    RETURN VALUES

    +

    BIO_push() returns the end of the chain, b.

    +

    BIO_pop() returns the next BIO in the chain, or NULL if there is no next +BIO.

    +

    +

    +
    +

    EXAMPLES

    +

    For these examples suppose md1 and md2 are digest BIOs, b64 is +a base64 BIO and f is a file BIO.

    +

    If the call:

    +
    + BIO_push(b64, f);
    +

    is made then the new chain will be b64-f. After making the calls

    +
    + BIO_push(md2, b64);
+ BIO_push(md1, md2);
    +

    the new chain is md1-md2-b64-f. Data written to md1 will be digested +by md1 and md2, base64 encoded and written to f.

    +

    It should be noted that reading causes data to pass in the reverse +direction, that is data is read from f, base64 decoded and digested +by md1 and md2. If the call:

    +
    + BIO_pop(md2);
    +

    The call will return b64 and the new chain will be md1-b64-f data can +be written to md1 as before.

    +

    +

    +
    +

    SEE ALSO

    +

    bio(7)

    +

    +

    +
    +

    HISTORY

    +

    The BIO_set_next() function was added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_read.html b/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_read.html new file mode 100755 index 0000000..9da038e --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_read.html @@ -0,0 +1,129 @@ + + + + +BIO_read + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BIO_read_ex, BIO_write_ex, BIO_read, BIO_write, BIO_gets, BIO_puts +- BIO I/O functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bio.h>
    +
    + int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes);
+ int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written);
    +
    + int BIO_read(BIO *b, void *data, int dlen);
+ int BIO_gets(BIO *b, char *buf, int size);
+ int BIO_write(BIO *b, const void *data, int dlen);
+ int BIO_puts(BIO *b, const char *buf);
    +

    +

    +
    +

    DESCRIPTION

    +

    BIO_read_ex() attempts to read dlen bytes from BIO b and places the data +in data. If any bytes were successfully read then the number of bytes read is +stored in *readbytes.

    +

    BIO_write_ex() attempts to write dlen bytes from data to BIO b. If +successful then the number of bytes written is stored in *written.

    +

    BIO_read() attempts to read len bytes from BIO b and places +the data in buf.

    +

    BIO_gets() performs the BIOs "gets" operation and places the data +in buf. Usually this operation will attempt to read a line of data +from the BIO of maximum length size-1. There are exceptions to this, +however; for example, BIO_gets() on a digest BIO will calculate and +return the digest and other BIOs may not support BIO_gets() at all. +The returned string is always NUL-terminated and the '\n' is preserved +if present in the input data.

    +

    BIO_write() attempts to write len bytes from buf to BIO b.

    +

    BIO_puts() attempts to write a NUL-terminated string buf to BIO b.

    +

    +

    +
    +

    RETURN VALUES

    +

    BIO_read_ex() and BIO_write_ex() return 1 if data was successfully read or +written, and 0 otherwise.

    +

    All other functions return either the amount of data successfully read or +written (if the return value is positive) or that no data was successfully +read or written if the result is 0 or -1. If the return value is -2 then +the operation is not implemented in the specific BIO type. The trailing +NUL is not included in the length returned by BIO_gets().

    +

    +

    +
    +

    NOTES

    +

    A 0 or -1 return is not necessarily an indication of an error. In +particular when the source/sink is non-blocking or of a certain type +it may merely be an indication that no data is currently available and that +the application should retry the operation later.

    +

    One technique sometimes used with blocking sockets is to use a system call +(such as select(), poll() or equivalent) to determine when data is available +and then call read() to read the data. The equivalent with BIOs (that is call +select() on the underlying I/O structure and then call BIO_read() to +read the data) should not be used because a single call to BIO_read() +can cause several reads (and writes in the case of SSL BIOs) on the underlying +I/O structure and may block as a result. Instead select() (or equivalent) +should be combined with non blocking I/O so successive reads will request +a retry instead of blocking.

    +

    See BIO_should_retry(3) for details of how to +determine the cause of a retry and other I/O issues.

    +

    If the BIO_gets() function is not supported by a BIO then it possible to +work around this by adding a buffering BIO BIO_f_buffer(3) +to the chain.

    +

    +

    +
    +

    SEE ALSO

    +

    BIO_should_retry(3)

    +

    +

    +
    +

    HISTORY

    +

    BIO_gets() on 1.1.0 and older when called on BIO_fd() based BIO does not +keep the '\n' at the end of the line in the buffer.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_s_accept.html b/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_s_accept.html new file mode 100755 index 0000000..214105f --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_s_accept.html @@ -0,0 +1,249 @@ + + + + +BIO_s_accept + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BIO_s_accept, BIO_set_accept_name, BIO_set_accept_port, BIO_get_accept_name, +BIO_get_accept_port, BIO_new_accept, BIO_set_nbio_accept, BIO_set_accept_bios, +BIO_get_peer_name, BIO_get_peer_port, +BIO_get_accept_ip_family, BIO_set_accept_ip_family, +BIO_set_bind_mode, BIO_get_bind_mode, BIO_do_accept - accept BIO

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bio.h>
    +
    + const BIO_METHOD *BIO_s_accept(void);
    +
    + long BIO_set_accept_name(BIO *b, char *name);
+ char *BIO_get_accept_name(BIO *b);
    +
    + long BIO_set_accept_port(BIO *b, char *port);
+ char *BIO_get_accept_port(BIO *b);
    +
    + BIO *BIO_new_accept(char *host_port);
    +
    + long BIO_set_nbio_accept(BIO *b, int n);
+ long BIO_set_accept_bios(BIO *b, char *bio);
    +
    + char *BIO_get_peer_name(BIO *b);
+ char *BIO_get_peer_port(BIO *b);
+ long BIO_get_accept_ip_family(BIO *b);
+ long BIO_set_accept_ip_family(BIO *b, long family);
    +
    + long BIO_set_bind_mode(BIO *b, long mode);
+ long BIO_get_bind_mode(BIO *b);
    +
    + int BIO_do_accept(BIO *b);
    +

    +

    +
    +

    DESCRIPTION

    +

    BIO_s_accept() returns the accept BIO method. This is a wrapper +round the platform's TCP/IP socket accept routines.

    +

    Using accept BIOs, TCP/IP connections can be accepted and data +transferred using only BIO routines. In this way any platform +specific operations are hidden by the BIO abstraction.

    +

    Read and write operations on an accept BIO will perform I/O +on the underlying connection. If no connection is established +and the port (see below) is set up properly then the BIO +waits for an incoming connection.

    +

    Accept BIOs support BIO_puts() but not BIO_gets().

    +

    If the close flag is set on an accept BIO then any active +connection on that chain is shutdown and the socket closed when +the BIO is freed.

    +

    Calling BIO_reset() on an accept BIO will close any active +connection and reset the BIO into a state where it awaits another +incoming connection.

    +

    BIO_get_fd() and BIO_set_fd() can be called to retrieve or set +the accept socket. See BIO_s_fd(3)

    +

    BIO_set_accept_name() uses the string name to set the accept +name. The name is represented as a string of the form "host:port", +where "host" is the interface to use and "port" is the port. +The host can be "*" or empty which is interpreted as meaning +any interface. If the host is an IPv6 address, it has to be +enclosed in brackets, for example "[::1]:https". "port" has the +same syntax as the port specified in BIO_set_conn_port() for +connect BIOs, that is it can be a numerical port string or a +string to lookup using getservbyname() and a string table.

    +

    BIO_set_accept_port() uses the string port to set the accept +port. "port" has the same syntax as the port specified in +BIO_set_conn_port() for connect BIOs, that is it can be a numerical +port string or a string to lookup using getservbyname() and a string +table.

    +

    BIO_new_accept() combines BIO_new() and BIO_set_accept_name() into +a single call: that is it creates a new accept BIO with port +host_port.

    +

    BIO_set_nbio_accept() sets the accept socket to blocking mode +(the default) if n is 0 or non blocking mode if n is 1.

    +

    BIO_set_accept_bios() can be used to set a chain of BIOs which +will be duplicated and prepended to the chain when an incoming +connection is received. This is useful if, for example, a +buffering or SSL BIO is required for each connection. The +chain of BIOs must not be freed after this call, they will +be automatically freed when the accept BIO is freed.

    +

    BIO_set_bind_mode() and BIO_get_bind_mode() set and retrieve +the current bind mode. If BIO_BIND_NORMAL (the default) is set +then another socket cannot be bound to the same port. If +BIO_BIND_REUSEADDR is set then other sockets can bind to the +same port. If BIO_BIND_REUSEADDR_IF_UNUSED is set then and +attempt is first made to use BIO_BIN_NORMAL, if this fails +and the port is not in use then a second attempt is made +using BIO_BIND_REUSEADDR.

    +

    BIO_do_accept() serves two functions. When it is first +called, after the accept BIO has been setup, it will attempt +to create the accept socket and bind an address to it. Second +and subsequent calls to BIO_do_accept() will await an incoming +connection, or request a retry in non blocking mode.

    +

    +

    +
    +

    NOTES

    +

    When an accept BIO is at the end of a chain it will await an +incoming connection before processing I/O calls. When an accept +BIO is not at then end of a chain it passes I/O calls to the next +BIO in the chain.

    +

    When a connection is established a new socket BIO is created for +the connection and appended to the chain. That is the chain is now +accept->socket. This effectively means that attempting I/O on +an initial accept socket will await an incoming connection then +perform I/O on it.

    +

    If any additional BIOs have been set using BIO_set_accept_bios() +then they are placed between the socket and the accept BIO, +that is the chain will be accept->otherbios->socket.

    +

    If a server wishes to process multiple connections (as is normally +the case) then the accept BIO must be made available for further +incoming connections. This can be done by waiting for a connection and +then calling:

    +
    + connection = BIO_pop(accept);
    +

    After this call connection will contain a BIO for the recently +established connection and accept will now be a single BIO +again which can be used to await further incoming connections. +If no further connections will be accepted the accept can +be freed using BIO_free().

    +

    If only a single connection will be processed it is possible to +perform I/O using the accept BIO itself. This is often undesirable +however because the accept BIO will still accept additional incoming +connections. This can be resolved by using BIO_pop() (see above) +and freeing up the accept BIO after the initial connection.

    +

    If the underlying accept socket is non-blocking and BIO_do_accept() is +called to await an incoming connection it is possible for +BIO_should_io_special() with the reason BIO_RR_ACCEPT. If this happens +then it is an indication that an accept attempt would block: the application +should take appropriate action to wait until the underlying socket has +accepted a connection and retry the call.

    +

    BIO_set_accept_name(), BIO_get_accept_name(), BIO_set_accept_port(), +BIO_get_accept_port(), BIO_set_nbio_accept(), BIO_set_accept_bios(), +BIO_get_peer_name(), BIO_get_peer_port(), +BIO_get_accept_ip_family(), BIO_set_accept_ip_family(), +BIO_set_bind_mode(), BIO_get_bind_mode() and BIO_do_accept() are macros.

    +

    +

    +
    +

    RETURN VALUES

    +

    BIO_do_accept(), +BIO_set_accept_name(), BIO_set_accept_port(), BIO_set_nbio_accept(), +BIO_set_accept_bios(), BIO_set_accept_ip_family(), and BIO_set_bind_mode() +return 1 for success and 0 or -1 for failure.

    +

    BIO_get_accept_name() returns the accept name or NULL on error. +BIO_get_peer_name() returns the peer name or NULL on error.

    +

    BIO_get_accept_port() returns the accept port as a string or NULL on error. +BIO_get_peer_port() returns the peer port as a string or NULL on error. +BIO_get_accept_ip_family() returns the IP family or -1 on error.

    +

    BIO_get_bind_mode() returns the set of BIO_BIND flags, or -1 on failure.

    +

    BIO_new_accept() returns a BIO or NULL on error.

    +

    +

    +
    +

    EXAMPLES

    +

    This example accepts two connections on port 4444, sends messages +down each and finally closes both down.

    +
    + BIO *abio, *cbio, *cbio2;
    +
    + /* First call to BIO_accept() sets up accept BIO */
+ abio = BIO_new_accept("4444");
+ if (BIO_do_accept(abio) <= 0) {
+     fprintf(stderr, "Error setting up accept\n");
+     ERR_print_errors_fp(stderr);
+     exit(1);
+ }
    +
    + /* Wait for incoming connection */
+ if (BIO_do_accept(abio) <= 0) {
+     fprintf(stderr, "Error accepting connection\n");
+     ERR_print_errors_fp(stderr);
+     exit(1);
+ }
+ fprintf(stderr, "Connection 1 established\n");
    +
    + /* Retrieve BIO for connection */
+ cbio = BIO_pop(abio);
+ BIO_puts(cbio, "Connection 1: Sending out Data on initial connection\n");
+ fprintf(stderr, "Sent out data on connection 1\n");
    +
    + /* Wait for another connection */
+ if (BIO_do_accept(abio) <= 0) {
+     fprintf(stderr, "Error accepting connection\n");
+     ERR_print_errors_fp(stderr);
+     exit(1);
+ }
+ fprintf(stderr, "Connection 2 established\n");
    +
    + /* Close accept BIO to refuse further connections */
+ cbio2 = BIO_pop(abio);
+ BIO_free(abio);
+ BIO_puts(cbio2, "Connection 2: Sending out Data on second\n");
+ fprintf(stderr, "Sent out data on connection 2\n");
    +
    + BIO_puts(cbio, "Connection 1: Second connection established\n");
    +
    + /* Close the two established connections */
+ BIO_free(cbio);
+ BIO_free(cbio2);
    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_s_bio.html b/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_s_bio.html new file mode 100755 index 0000000..be47a61 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_s_bio.html @@ -0,0 +1,222 @@ + + + + +BIO_s_bio + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BIO_s_bio, BIO_make_bio_pair, BIO_destroy_bio_pair, BIO_shutdown_wr, +BIO_set_write_buf_size, BIO_get_write_buf_size, BIO_new_bio_pair, +BIO_get_write_guarantee, BIO_ctrl_get_write_guarantee, BIO_get_read_request, +BIO_ctrl_get_read_request, BIO_ctrl_reset_read_request - BIO pair BIO

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bio.h>
    +
    + const BIO_METHOD *BIO_s_bio(void);
    +
    + int BIO_make_bio_pair(BIO *b1, BIO *b2);
+ int BIO_destroy_bio_pair(BIO *b);
+ int BIO_shutdown_wr(BIO *b);
    +
    + int BIO_set_write_buf_size(BIO *b, long size);
+ size_t BIO_get_write_buf_size(BIO *b, long size);
    +
    + int BIO_new_bio_pair(BIO **bio1, size_t writebuf1, BIO **bio2, size_t writebuf2);
    +
    + int BIO_get_write_guarantee(BIO *b);
+ size_t BIO_ctrl_get_write_guarantee(BIO *b);
+ int BIO_get_read_request(BIO *b);
+ size_t BIO_ctrl_get_read_request(BIO *b);
+ int BIO_ctrl_reset_read_request(BIO *b);
    +

    +

    +
    +

    DESCRIPTION

    +

    BIO_s_bio() returns the method for a BIO pair. A BIO pair is a pair of source/sink +BIOs where data written to either half of the pair is buffered and can be read from +the other half. Both halves must usually by handled by the same application thread +since no locking is done on the internal data structures.

    +

    Since BIO chains typically end in a source/sink BIO it is possible to make this +one half of a BIO pair and have all the data processed by the chain under application +control.

    +

    One typical use of BIO pairs is to place TLS/SSL I/O under application control, this +can be used when the application wishes to use a non standard transport for +TLS/SSL or the normal socket routines are inappropriate.

    +

    Calls to BIO_read_ex() will read data from the buffer or request a retry if no +data is available.

    +

    Calls to BIO_write_ex() will place data in the buffer or request a retry if the +buffer is full.

    +

    The standard calls BIO_ctrl_pending() and BIO_ctrl_wpending() can be used to +determine the amount of pending data in the read or write buffer.

    +

    BIO_reset() clears any data in the write buffer.

    +

    BIO_make_bio_pair() joins two separate BIOs into a connected pair.

    +

    BIO_destroy_pair() destroys the association between two connected BIOs. Freeing +up any half of the pair will automatically destroy the association.

    +

    BIO_shutdown_wr() is used to close down a BIO b. After this call no further +writes on BIO b are allowed (they will return an error). Reads on the other +half of the pair will return any pending data or EOF when all pending data has +been read.

    +

    BIO_set_write_buf_size() sets the write buffer size of BIO b to size. +If the size is not initialized a default value is used. This is currently +17K, sufficient for a maximum size TLS record.

    +

    BIO_get_write_buf_size() returns the size of the write buffer.

    +

    BIO_new_bio_pair() combines the calls to BIO_new(), BIO_make_bio_pair() and +BIO_set_write_buf_size() to create a connected pair of BIOs bio1, bio2 +with write buffer sizes writebuf1 and writebuf2. If either size is +zero then the default size is used. BIO_new_bio_pair() does not check whether +bio1 or bio2 do point to some other BIO, the values are overwritten, +BIO_free() is not called.

    +

    BIO_get_write_guarantee() and BIO_ctrl_get_write_guarantee() return the maximum +length of data that can be currently written to the BIO. Writes larger than this +value will return a value from BIO_write_ex() less than the amount requested or +if the buffer is full request a retry. BIO_ctrl_get_write_guarantee() is a +function whereas BIO_get_write_guarantee() is a macro.

    +

    BIO_get_read_request() and BIO_ctrl_get_read_request() return the +amount of data requested, or the buffer size if it is less, if the +last read attempt at the other half of the BIO pair failed due to an +empty buffer. This can be used to determine how much data should be +written to the BIO so the next read will succeed: this is most useful +in TLS/SSL applications where the amount of data read is usually +meaningful rather than just a buffer size. After a successful read +this call will return zero. It also will return zero once new data +has been written satisfying the read request or part of it. +Note that BIO_get_read_request() never returns an amount larger +than that returned by BIO_get_write_guarantee().

    +

    BIO_ctrl_reset_read_request() can also be used to reset the value returned by +BIO_get_read_request() to zero.

    +

    +

    +
    +

    NOTES

    +

    Both halves of a BIO pair should be freed. That is even if one half is implicit +freed due to a BIO_free_all() or SSL_free() call the other half needs to be freed.

    +

    When used in bidirectional applications (such as TLS/SSL) care should be taken to +flush any data in the write buffer. This can be done by calling BIO_pending() +on the other half of the pair and, if any data is pending, reading it and sending +it to the underlying transport. This must be done before any normal processing +(such as calling select() ) due to a request and BIO_should_read() being true.

    +

    To see why this is important consider a case where a request is sent using +BIO_write_ex() and a response read with BIO_read_ex(), this can occur during an +TLS/SSL handshake for example. BIO_write_ex() will succeed and place data in the +write buffer. BIO_read_ex() will initially fail and BIO_should_read() will be +true. If the application then waits for data to be available on the underlying +transport before flushing the write buffer it will never succeed because the +request was never sent!

    +

    BIO_eof() is true if no data is in the peer BIO and the peer BIO has been +shutdown.

    +

    BIO_make_bio_pair(), BIO_destroy_bio_pair(), BIO_shutdown_wr(), +BIO_set_write_buf_size(), BIO_get_write_buf_size(), +BIO_get_write_guarantee(), and BIO_get_read_request() are implemented +as macros.

    +

    +

    +
    +

    RETURN VALUES

    +

    BIO_new_bio_pair() returns 1 on success, with the new BIOs available in +bio1 and bio2, or 0 on failure, with NULL pointers stored into the +locations for bio1 and bio2. Check the error stack for more information.

    +

    [XXXXX: More return values need to be added here]

    +

    +

    +
    +

    EXAMPLES

    +

    The BIO pair can be used to have full control over the network access of an +application. The application can call select() on the socket as required +without having to go through the SSL-interface.

    +
    + BIO *internal_bio, *network_bio;
    +
    + ...
+ BIO_new_bio_pair(&internal_bio, 0, &network_bio, 0);
+ SSL_set_bio(ssl, internal_bio, internal_bio);
+ SSL_operations(); /* e.g SSL_read and SSL_write */
+ ...
    +
    + application |   TLS-engine
+    |        |
+    +----------> SSL_operations()
+             |     /\    ||
+             |     ||    \/
+             |   BIO-pair (internal_bio)
+             |   BIO-pair (network_bio)
+             |     ||     /\
+             |     \/     ||
+    +-----------< BIO_operations()
+    |        |
+    |        |
+   socket
    +
    +  ...
+  SSL_free(ssl);                /* implicitly frees internal_bio */
+  BIO_free(network_bio);
+  ...
    +

    As the BIO pair will only buffer the data and never directly access the +connection, it behaves non-blocking and will return as soon as the write +buffer is full or the read buffer is drained. Then the application has to +flush the write buffer and/or fill the read buffer.

    +

    Use the BIO_ctrl_pending(), to find out whether data is buffered in the BIO +and must be transferred to the network. Use BIO_ctrl_get_read_request() to +find out, how many bytes must be written into the buffer before the +SSL_operation() can successfully be continued.

    +

    +

    +
    +

    WARNINGS

    +

    As the data is buffered, SSL_operation() may return with an ERROR_SSL_WANT_READ +condition, but there is still data in the write buffer. An application must +not rely on the error value of SSL_operation() but must assure that the +write buffer is always flushed first. Otherwise a deadlock may occur as +the peer might be waiting for the data before being able to continue.

    +

    +

    +
    +

    SEE ALSO

    +

    SSL_set_bio(3), ssl(7), bio(7), +BIO_should_retry(3), BIO_read_ex(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_s_connect.html b/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_s_connect.html new file mode 100755 index 0000000..f5d59bc --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_s_connect.html @@ -0,0 +1,222 @@ + + + + +BIO_s_connect + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BIO_set_conn_address, BIO_get_conn_address, +BIO_s_connect, BIO_new_connect, BIO_set_conn_hostname, BIO_set_conn_port, +BIO_set_conn_ip_family, BIO_get_conn_ip_family, +BIO_get_conn_hostname, BIO_get_conn_port, +BIO_set_nbio, BIO_do_connect - connect BIO

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bio.h>
    +
    + const BIO_METHOD * BIO_s_connect(void);
    +
    + BIO *BIO_new_connect(char *name);
    +
    + long BIO_set_conn_hostname(BIO *b, char *name);
+ long BIO_set_conn_port(BIO *b, char *port);
+ long BIO_set_conn_address(BIO *b, BIO_ADDR *addr);
+ long BIO_set_conn_ip_family(BIO *b, long family);
+ const char *BIO_get_conn_hostname(BIO *b);
+ const char *BIO_get_conn_port(BIO *b);
+ const BIO_ADDR *BIO_get_conn_address(BIO *b);
+ const long BIO_get_conn_ip_family(BIO *b);
    +
    + long BIO_set_nbio(BIO *b, long n);
    +
    + int BIO_do_connect(BIO *b);
    +

    +

    +
    +

    DESCRIPTION

    +

    BIO_s_connect() returns the connect BIO method. This is a wrapper +round the platform's TCP/IP socket connection routines.

    +

    Using connect BIOs, TCP/IP connections can be made and data +transferred using only BIO routines. In this way any platform +specific operations are hidden by the BIO abstraction.

    +

    Read and write operations on a connect BIO will perform I/O +on the underlying connection. If no connection is established +and the port and hostname (see below) is set up properly then +a connection is established first.

    +

    Connect BIOs support BIO_puts() but not BIO_gets().

    +

    If the close flag is set on a connect BIO then any active +connection is shutdown and the socket closed when the BIO +is freed.

    +

    Calling BIO_reset() on a connect BIO will close any active +connection and reset the BIO into a state where it can connect +to the same host again.

    +

    BIO_get_fd() places the underlying socket in c if it is not NULL, +it also returns the socket . If c is not NULL it should be of +type (int *).

    +

    BIO_set_conn_hostname() uses the string name to set the hostname. +The hostname can be an IP address; if the address is an IPv6 one, it +must be enclosed with brackets. The hostname can also include the +port in the form hostname:port.

    +

    BIO_set_conn_port() sets the port to port. port can be the +numerical form or a string such as "http". A string will be looked +up first using getservbyname() on the host platform but if that +fails a standard table of port names will be used. This internal +list is http, telnet, socks, https, ssl, ftp, and gopher.

    +

    BIO_set_conn_address() sets the address and port information using +a BIO_ADDR(3ssl).

    +

    BIO_set_conn_ip_family() sets the IP family.

    +

    BIO_get_conn_hostname() returns the hostname of the connect BIO or +NULL if the BIO is initialized but no hostname is set. +This return value is an internal pointer which should not be modified.

    +

    BIO_get_conn_port() returns the port as a string. +This return value is an internal pointer which should not be modified.

    +

    BIO_get_conn_address() returns the address information as a BIO_ADDR. +This return value is an internal pointer which should not be modified.

    +

    BIO_get_conn_ip_family() returns the IP family of the connect BIO.

    +

    BIO_set_nbio() sets the non blocking I/O flag to n. If n is +zero then blocking I/O is set. If n is 1 then non blocking I/O +is set. Blocking I/O is the default. The call to BIO_set_nbio() +should be made before the connection is established because +non blocking I/O is set during the connect process.

    +

    BIO_new_connect() combines BIO_new() and BIO_set_conn_hostname() into +a single call: that is it creates a new connect BIO with name.

    +

    BIO_do_connect() attempts to connect the supplied BIO. It returns 1 +if the connection was established successfully. A zero or negative +value is returned if the connection could not be established, the +call BIO_should_retry() should be used for non blocking connect BIOs +to determine if the call should be retried.

    +

    +

    +
    +

    NOTES

    +

    If blocking I/O is set then a non positive return value from any +I/O call is caused by an error condition, although a zero return +will normally mean that the connection was closed.

    +

    If the port name is supplied as part of the hostname then this will +override any value set with BIO_set_conn_port(). This may be undesirable +if the application does not wish to allow connection to arbitrary +ports. This can be avoided by checking for the presence of the ':' +character in the passed hostname and either indicating an error or +truncating the string at that point.

    +

    The values returned by BIO_get_conn_hostname(), BIO_get_conn_address(), +and BIO_get_conn_port() are updated when a connection attempt is made. +Before any connection attempt the values returned are those set by the +application itself.

    +

    Applications do not have to call BIO_do_connect() but may wish to do +so to separate the connection process from other I/O processing.

    +

    If non blocking I/O is set then retries will be requested as appropriate.

    +

    It addition to BIO_should_read() and BIO_should_write() it is also +possible for BIO_should_io_special() to be true during the initial +connection process with the reason BIO_RR_CONNECT. If this is returned +then this is an indication that a connection attempt would block, +the application should then take appropriate action to wait until +the underlying socket has connected and retry the call.

    +

    BIO_set_conn_hostname(), BIO_set_conn_port(), BIO_get_conn_hostname(), +BIO_set_conn_address(), BIO_get_conn_port(), BIO_get_conn_address(), +BIO_set_conn_ip_family(), BIO_get_conn_ip_family(), +BIO_set_nbio(), and BIO_do_connect() are macros.

    +

    +

    +
    +

    RETURN VALUES

    +

    BIO_s_connect() returns the connect BIO method.

    +

    BIO_get_fd() returns the socket or -1 if the BIO has not +been initialized.

    +

    BIO_set_conn_address(), BIO_set_conn_port(), and BIO_set_conn_ip_family() +always return 1.

    +

    BIO_set_conn_hostname() returns 1 on success and 0 on failure.

    +

    BIO_get_conn_address() returns the address information or NULL if none +was set.

    +

    BIO_get_conn_hostname() returns the connected hostname or NULL if +none was set.

    +

    BIO_get_conn_ip_family() returns the address family or -1 if none was set.

    +

    BIO_get_conn_port() returns a string representing the connected +port or NULL if not set.

    +

    BIO_set_nbio() always returns 1.

    +

    BIO_do_connect() returns 1 if the connection was successfully +established and 0 or -1 if the connection failed.

    +

    +

    +
    +

    EXAMPLES

    +

    This is example connects to a webserver on the local host and attempts +to retrieve a page and copy the result to standard output.

    +
    + BIO *cbio, *out;
+ int len;
+ char tmpbuf[1024];
    +
    + cbio = BIO_new_connect("localhost:http");
+ out = BIO_new_fp(stdout, BIO_NOCLOSE);
+ if (BIO_do_connect(cbio) <= 0) {
+     fprintf(stderr, "Error connecting to server\n");
+     ERR_print_errors_fp(stderr);
+     exit(1);
+ }
+ BIO_puts(cbio, "GET / HTTP/1.0\n\n");
+ for (;;) {
+     len = BIO_read(cbio, tmpbuf, 1024);
+     if (len <= 0)
+         break;
+     BIO_write(out, tmpbuf, len);
+ }
+ BIO_free(cbio);
+ BIO_free(out);
    +

    +

    +
    +

    SEE ALSO

    +

    BIO_ADDR(3)

    +

    +

    +
    +

    HISTORY

    +

    BIO_set_conn_int_port(), BIO_get_conn_int_port(), BIO_set_conn_ip(), and BIO_get_conn_ip() +were removed in OpenSSL 1.1.0. +Use BIO_set_conn_address() and BIO_get_conn_address() instead.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_s_fd.html b/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_s_fd.html new file mode 100755 index 0000000..d64e8e6 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_s_fd.html @@ -0,0 +1,126 @@ + + + + +BIO_s_fd + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BIO_s_fd, BIO_set_fd, BIO_get_fd, BIO_new_fd - file descriptor BIO

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bio.h>
    +
    + const BIO_METHOD *BIO_s_fd(void);
    +
    + int BIO_set_fd(BIO *b, int fd, int c);
+ int BIO_get_fd(BIO *b, int *c);
    +
    + BIO *BIO_new_fd(int fd, int close_flag);
    +

    +

    +
    +

    DESCRIPTION

    +

    BIO_s_fd() returns the file descriptor BIO method. This is a wrapper +round the platforms file descriptor routines such as read() and write().

    +

    BIO_read_ex() and BIO_write_ex() read or write the underlying descriptor. +BIO_puts() is supported but BIO_gets() is not.

    +

    If the close flag is set then close() is called on the underlying +file descriptor when the BIO is freed.

    +

    BIO_reset() attempts to change the file pointer to the start of file +such as by using lseek(fd, 0, 0).

    +

    BIO_seek() sets the file pointer to position ofs from start of file +such as by using lseek(fd, ofs, 0).

    +

    BIO_tell() returns the current file position such as by calling +lseek(fd, 0, 1).

    +

    BIO_set_fd() sets the file descriptor of BIO b to fd and the close +flag to c.

    +

    BIO_get_fd() places the file descriptor in c if it is not NULL, it also +returns the file descriptor.

    +

    BIO_new_fd() returns a file descriptor BIO using fd and close_flag.

    +

    +

    +
    +

    NOTES

    +

    The behaviour of BIO_read_ex() and BIO_write_ex() depends on the behavior of the +platforms read() and write() calls on the descriptor. If the underlying +file descriptor is in a non blocking mode then the BIO will behave in the +manner described in the BIO_read_ex(3) and BIO_should_retry(3) +manual pages.

    +

    File descriptor BIOs should not be used for socket I/O. Use socket BIOs +instead.

    +

    BIO_set_fd() and BIO_get_fd() are implemented as macros.

    +

    +

    +
    +

    RETURN VALUES

    +

    BIO_s_fd() returns the file descriptor BIO method.

    +

    BIO_set_fd() always returns 1.

    +

    BIO_get_fd() returns the file descriptor or -1 if the BIO has not +been initialized.

    +

    BIO_new_fd() returns the newly allocated BIO or NULL is an error +occurred.

    +

    +

    +
    +

    EXAMPLES

    +

    This is a file descriptor BIO version of "Hello World":

    +
    + BIO *out;
    +
    + out = BIO_new_fd(fileno(stdout), BIO_NOCLOSE);
+ BIO_printf(out, "Hello World\n");
+ BIO_free(out);
    +

    +

    +
    +

    SEE ALSO

    +

    BIO_seek(3), BIO_tell(3), +BIO_reset(3), BIO_read_ex(3), +BIO_write_ex(3), BIO_puts(3), +BIO_gets(3), BIO_printf(3), +BIO_set_close(3), BIO_get_close(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_s_file.html b/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_s_file.html new file mode 100755 index 0000000..b06f618 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_s_file.html @@ -0,0 +1,188 @@ + + + + +BIO_s_file + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BIO_s_file, BIO_new_file, BIO_new_fp, BIO_set_fp, BIO_get_fp, +BIO_read_filename, BIO_write_filename, BIO_append_filename, +BIO_rw_filename - FILE bio

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bio.h>
    +
    + const BIO_METHOD *BIO_s_file(void);
+ BIO *BIO_new_file(const char *filename, const char *mode);
+ BIO *BIO_new_fp(FILE *stream, int flags);
    +
    + BIO_set_fp(BIO *b, FILE *fp, int flags);
+ BIO_get_fp(BIO *b, FILE **fpp);
    +
    + int BIO_read_filename(BIO *b, char *name)
+ int BIO_write_filename(BIO *b, char *name)
+ int BIO_append_filename(BIO *b, char *name)
+ int BIO_rw_filename(BIO *b, char *name)
    +

    +

    +
    +

    DESCRIPTION

    +

    BIO_s_file() returns the BIO file method. As its name implies it +is a wrapper round the stdio FILE structure and it is a +source/sink BIO.

    +

    Calls to BIO_read_ex() and BIO_write_ex() read and write data to the +underlying stream. BIO_gets() and BIO_puts() are supported on file BIOs.

    +

    BIO_flush() on a file BIO calls the fflush() function on the wrapped +stream.

    +

    BIO_reset() attempts to change the file pointer to the start of file +using fseek(stream, 0, 0).

    +

    BIO_seek() sets the file pointer to position ofs from start of file +using fseek(stream, ofs, 0).

    +

    BIO_eof() calls feof().

    +

    Setting the BIO_CLOSE flag calls fclose() on the stream when the BIO +is freed.

    +

    BIO_new_file() creates a new file BIO with mode mode the meaning +of mode is the same as the stdio function fopen(). The BIO_CLOSE +flag is set on the returned BIO.

    +

    BIO_new_fp() creates a file BIO wrapping stream. Flags can be: +BIO_CLOSE, BIO_NOCLOSE (the close flag) BIO_FP_TEXT (sets the underlying +stream to text mode, default is binary: this only has any effect under +Win32).

    +

    BIO_set_fp() sets the fp of a file BIO to fp. flags has the same +meaning as in BIO_new_fp(), it is a macro.

    +

    BIO_get_fp() retrieves the fp of a file BIO, it is a macro.

    +

    BIO_seek() is a macro that sets the position pointer to offset bytes +from the start of file.

    +

    BIO_tell() returns the value of the position pointer.

    +

    BIO_read_filename(), BIO_write_filename(), BIO_append_filename() and +BIO_rw_filename() set the file BIO b to use file name for +reading, writing, append or read write respectively.

    +

    +

    +
    +

    NOTES

    +

    When wrapping stdout, stdin or stderr the underlying stream should not +normally be closed so the BIO_NOCLOSE flag should be set.

    +

    Because the file BIO calls the underlying stdio functions any quirks +in stdio behaviour will be mirrored by the corresponding BIO.

    +

    On Windows BIO_new_files reserves for the filename argument to be +UTF-8 encoded. In other words if you have to make it work in multi- +lingual environment, encode filenames in UTF-8.

    +

    +

    +
    +

    RETURN VALUES

    +

    BIO_s_file() returns the file BIO method.

    +

    BIO_new_file() and BIO_new_fp() return a file BIO or NULL if an error +occurred.

    +

    BIO_set_fp() and BIO_get_fp() return 1 for success or 0 for failure +(although the current implementation never return 0).

    +

    BIO_seek() returns the same value as the underlying fseek() function: +0 for success or -1 for failure.

    +

    BIO_tell() returns the current file position.

    +

    BIO_read_filename(), BIO_write_filename(), BIO_append_filename() and +BIO_rw_filename() return 1 for success or 0 for failure.

    +

    +

    +
    +

    EXAMPLES

    +

    File BIO "hello world":

    +
    + BIO *bio_out;
    +
    + bio_out = BIO_new_fp(stdout, BIO_NOCLOSE);
+ BIO_printf(bio_out, "Hello World\n");
    +

    Alternative technique:

    +
    + BIO *bio_out;
    +
    + bio_out = BIO_new(BIO_s_file());
+ if (bio_out == NULL)
+     /* Error */
+ if (!BIO_set_fp(bio_out, stdout, BIO_NOCLOSE))
+     /* Error */
+ BIO_printf(bio_out, "Hello World\n");
    +

    Write to a file:

    +
    + BIO *out;
    +
    + out = BIO_new_file("filename.txt", "w");
+ if (!out)
+     /* Error */
+ BIO_printf(out, "Hello World\n");
+ BIO_free(out);
    +

    Alternative technique:

    +
    + BIO *out;
    +
    + out = BIO_new(BIO_s_file());
+ if (out == NULL)
+     /* Error */
+ if (!BIO_write_filename(out, "filename.txt"))
+     /* Error */
+ BIO_printf(out, "Hello World\n");
+ BIO_free(out);
    +

    +

    +
    +

    BUGS

    +

    BIO_reset() and BIO_seek() are implemented using fseek() on the underlying +stream. The return value for fseek() is 0 for success or -1 if an error +occurred this differs from other types of BIO which will typically return +1 for success and a non positive value if an error occurred.

    +

    +

    +
    +

    SEE ALSO

    +

    BIO_seek(3), BIO_tell(3), +BIO_reset(3), BIO_flush(3), +BIO_read_ex(3), +BIO_write_ex(3), BIO_puts(3), +BIO_gets(3), BIO_printf(3), +BIO_set_close(3), BIO_get_close(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_s_mem.html b/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_s_mem.html new file mode 100755 index 0000000..023a79c --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_s_mem.html @@ -0,0 +1,179 @@ + + + + +BIO_s_mem + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BIO_s_secmem, +BIO_s_mem, BIO_set_mem_eof_return, BIO_get_mem_data, BIO_set_mem_buf, +BIO_get_mem_ptr, BIO_new_mem_buf - memory BIO

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bio.h>
    +
    + const BIO_METHOD *BIO_s_mem(void);
+ const BIO_METHOD *BIO_s_secmem(void);
    +
    + BIO_set_mem_eof_return(BIO *b, int v)
+ long BIO_get_mem_data(BIO *b, char **pp)
+ BIO_set_mem_buf(BIO *b, BUF_MEM *bm, int c)
+ BIO_get_mem_ptr(BIO *b, BUF_MEM **pp)
    +
    + BIO *BIO_new_mem_buf(const void *buf, int len);
    +

    +

    +
    +

    DESCRIPTION

    +

    BIO_s_mem() returns the memory BIO method function.

    +

    A memory BIO is a source/sink BIO which uses memory for its I/O. Data +written to a memory BIO is stored in a BUF_MEM structure which is extended +as appropriate to accommodate the stored data.

    +

    BIO_s_secmem() is like BIO_s_mem() except that the secure heap is used +for buffer storage.

    +

    Any data written to a memory BIO can be recalled by reading from it. +Unless the memory BIO is read only any data read from it is deleted from +the BIO.

    +

    Memory BIOs support BIO_gets() and BIO_puts().

    +

    If the BIO_CLOSE flag is set when a memory BIO is freed then the underlying +BUF_MEM structure is also freed.

    +

    Calling BIO_reset() on a read write memory BIO clears any data in it if the +flag BIO_FLAGS_NONCLEAR_RST is not set, otherwise it just restores the read +pointer to the state it was just after the last write was performed and the +data can be read again. On a read only BIO it similarly restores the BIO to +its original state and the read only data can be read again.

    +

    BIO_eof() is true if no data is in the BIO.

    +

    BIO_ctrl_pending() returns the number of bytes currently stored.

    +

    BIO_set_mem_eof_return() sets the behaviour of memory BIO b when it is +empty. If the v is zero then an empty memory BIO will return EOF (that is +it will return zero and BIO_should_retry(b) will be false. If v is non +zero then it will return v when it is empty and it will set the read retry +flag (that is BIO_read_retry(b) is true). To avoid ambiguity with a normal +positive return value v should be set to a negative value, typically -1.

    +

    BIO_get_mem_data() sets *pp to a pointer to the start of the memory BIOs data +and returns the total amount of data available. It is implemented as a macro.

    +

    BIO_set_mem_buf() sets the internal BUF_MEM structure to bm and sets the +close flag to c, that is c should be either BIO_CLOSE or BIO_NOCLOSE. +It is a macro.

    +

    BIO_get_mem_ptr() places the underlying BUF_MEM structure in *pp. It is +a macro.

    +

    BIO_new_mem_buf() creates a memory BIO using len bytes of data at buf, +if len is -1 then the buf is assumed to be nul terminated and its +length is determined by strlen. The BIO is set to a read only state and +as a result cannot be written to. This is useful when some data needs to be +made available from a static area of memory in the form of a BIO. The +supplied data is read directly from the supplied buffer: it is not copied +first, so the supplied area of memory must be unchanged until the BIO is freed.

    +

    +

    +
    +

    NOTES

    +

    Writes to memory BIOs will always succeed if memory is available: that is +their size can grow indefinitely.

    +

    Every write after partial read (not all data in the memory buffer was read) +to a read write memory BIO will have to move the unread data with an internal +copy operation, if a BIO contains a lot of data and it is read in small +chunks intertwined with writes the operation can be very slow. Adding +a buffering BIO to the chain can speed up the process.

    +

    Calling BIO_set_mem_buf() on a BIO created with BIO_new_secmem() will +give undefined results, including perhaps a program crash.

    +

    Switching the memory BIO from read write to read only is not supported and +can give undefined results including a program crash. There are two notable +exceptions to the rule. The first one is to assign a static memory buffer +immediately after BIO creation and set the BIO as read only.

    +

    The other supported sequence is to start with read write BIO then temporarily +switch it to read only and call BIO_reset() on the read only BIO immediately +before switching it back to read write. Before the BIO is freed it must be +switched back to the read write mode.

    +

    Calling BIO_get_mem_ptr() on read only BIO will return a BUF_MEM that +contains only the remaining data to be read. If the close status of the +BIO is set to BIO_NOCLOSE, before freeing the BUF_MEM the data pointer +in it must be set to NULL as the data pointer does not point to an +allocated memory.

    +

    Calling BIO_reset() on a read write memory BIO with BIO_FLAGS_NONCLEAR_RST +flag set can have unexpected outcome when the reads and writes to the +BIO are intertwined. As documented above the BIO will be reset to the +state after the last completed write operation. The effects of reads +preceding that write operation cannot be undone.

    +

    Calling BIO_get_mem_ptr() prior to a BIO_reset() call with +BIO_FLAGS_NONCLEAR_RST set has the same effect as a write operation.

    +

    +

    +
    +

    BUGS

    +

    There should be an option to set the maximum size of a memory BIO.

    +

    +

    +
    +

    RETURN VALUES

    +

    BIO_s_mem() and BIO_s_secmem() return a valid memory BIO_METHOD structure.

    +

    BIO_set_mem_eof_return(), BIO_set_mem_buf() and BIO_get_mem_ptr() +return 1 on success or a value which is less than or equal to 0 if an error occurred.

    +

    BIO_get_mem_data() returns the total number of bytes available on success, +0 if b is NULL, or a negative value in case of other errors.

    +

    BIO_new_mem_buf() returns a valid BIO structure on success or NULL on error.

    +

    +

    +
    +

    EXAMPLES

    +

    Create a memory BIO and write some data to it:

    +
    + BIO *mem = BIO_new(BIO_s_mem());
    +
    + BIO_puts(mem, "Hello World\n");
    +

    Create a read only memory BIO:

    +
    + char data[] = "Hello World";
+ BIO *mem = BIO_new_mem_buf(data, -1);
    +

    Extract the BUF_MEM structure from a memory BIO and then free up the BIO:

    +
    + BUF_MEM *bptr;
    +
    + BIO_get_mem_ptr(mem, &bptr);
+ BIO_set_close(mem, BIO_NOCLOSE); /* So BIO_free() leaves BUF_MEM alone */
+ BIO_free(mem);
    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_s_null.html b/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_s_null.html new file mode 100755 index 0000000..a90b256 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_s_null.html @@ -0,0 +1,79 @@ + + + + +BIO_s_null + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    BIO_s_null - null data sink

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bio.h>
    +
    + const BIO_METHOD *BIO_s_null(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    BIO_s_null() returns the null sink BIO method. Data written to +the null sink is discarded, reads return EOF.

    +

    +

    +
    +

    NOTES

    +

    A null sink BIO behaves in a similar manner to the Unix /dev/null +device.

    +

    A null bio can be placed on the end of a chain to discard any data +passed through it.

    +

    A null sink is useful if, for example, an application wishes to digest some +data by writing through a digest bio but not send the digested data anywhere. +Since a BIO chain must normally include a source/sink BIO this can be achieved +by adding a null sink BIO to the end of the chain

    +

    +

    +
    +

    RETURN VALUES

    +

    BIO_s_null() returns the null sink BIO method.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_s_socket.html b/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_s_socket.html new file mode 100755 index 0000000..d586758 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_s_socket.html @@ -0,0 +1,86 @@ + + + + +BIO_s_socket + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    BIO_s_socket, BIO_new_socket - socket BIO

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bio.h>
    +
    + const BIO_METHOD *BIO_s_socket(void);
    +
    + BIO *BIO_new_socket(int sock, int close_flag);
    +

    +

    +
    +

    DESCRIPTION

    +

    BIO_s_socket() returns the socket BIO method. This is a wrapper +round the platform's socket routines.

    +

    BIO_read_ex() and BIO_write_ex() read or write the underlying socket. +BIO_puts() is supported but BIO_gets() is not.

    +

    If the close flag is set then the socket is shut down and closed +when the BIO is freed.

    +

    BIO_new_socket() returns a socket BIO using sock and close_flag.

    +

    +

    +
    +

    NOTES

    +

    Socket BIOs also support any relevant functionality of file descriptor +BIOs.

    +

    The reason for having separate file descriptor and socket BIOs is that on some +platforms sockets are not file descriptors and use distinct I/O routines, +Windows is one such platform. Any code mixing the two will not work on +all platforms.

    +

    +

    +
    +

    RETURN VALUES

    +

    BIO_s_socket() returns the socket BIO method.

    +

    BIO_new_socket() returns the newly allocated BIO or NULL is an error +occurred.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_set_callback.html b/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_set_callback.html new file mode 100755 index 0000000..d524fe2 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_set_callback.html @@ -0,0 +1,263 @@ + + + + +BIO_set_callback + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BIO_set_callback_ex, BIO_get_callback_ex, BIO_set_callback, BIO_get_callback, +BIO_set_callback_arg, BIO_get_callback_arg, BIO_debug_callback, +BIO_callback_fn_ex, BIO_callback_fn +- BIO callback functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bio.h>
    +
    + typedef long (*BIO_callback_fn_ex)(BIO *b, int oper, const char *argp,
+                                    size_t len, int argi,
+                                    long argl, int ret, size_t *processed);
+ typedef long (*BIO_callback_fn)(BIO *b, int oper, const char *argp, int argi,
+                                 long argl, long ret);
    +
    + void BIO_set_callback_ex(BIO *b, BIO_callback_fn_ex callback);
+ BIO_callback_fn_ex BIO_get_callback_ex(const BIO *b);
    +
    + void BIO_set_callback(BIO *b, BIO_callback_fn cb);
+ BIO_callback_fn BIO_get_callback(BIO *b);
+ void BIO_set_callback_arg(BIO *b, char *arg);
+ char *BIO_get_callback_arg(const BIO *b);
    +
    + long BIO_debug_callback(BIO *bio, int cmd, const char *argp, int argi,
+                         long argl, long ret);
    +

    +

    +
    +

    DESCRIPTION

    +

    BIO_set_callback_ex() and BIO_get_callback_ex() set and retrieve the BIO +callback. The callback is called during most high level BIO operations. It can +be used for debugging purposes to trace operations on a BIO or to modify its +operation.

    +

    BIO_set_callback() and BIO_get_callback() set and retrieve the old format BIO +callback. New code should not use these functions, but they are retained for +backwards compatibility. Any callback set via BIO_set_callback_ex() will get +called in preference to any set by BIO_set_callback().

    +

    BIO_set_callback_arg() and BIO_get_callback_arg() are macros which can be +used to set and retrieve an argument for use in the callback.

    +

    BIO_debug_callback() is a standard debugging callback which prints +out information relating to each BIO operation. If the callback +argument is set it is interpreted as a BIO to send the information +to, otherwise stderr is used.

    +

    BIO_callback_fn_ex is the type of the callback function and BIO_callback_fn +is the type of the old format callback function. The meaning of each argument +is described below:

    +
    +
    b
    + +
    +

    The BIO the callback is attached to is passed in b.

    +
    +
    oper
    + +
    +

    oper is set to the operation being performed. For some operations +the callback is called twice, once before and once after the actual +operation, the latter case has oper or'ed with BIO_CB_RETURN.

    +
    +
    len
    + +
    +

    The length of the data requested to be read or written. This is only useful if +oper is BIO_CB_READ, BIO_CB_WRITE or BIO_CB_GETS.

    +
    +
    argp argi argl
    + +
    +

    The meaning of the arguments argp, argi and argl depends on +the value of oper, that is the operation being performed.

    +
    +
    processed
    + +
    +

    processed is a pointer to a location which will be updated with the amount of +data that was actually read or written. Only used for BIO_CB_READ, BIO_CB_WRITE, +BIO_CB_GETS and BIO_CB_PUTS.

    +
    +
    ret
    + +
    +

    ret is the return value that would be returned to the +application if no callback were present. The actual value returned +is the return value of the callback itself. In the case of callbacks +called before the actual BIO operation 1 is placed in ret, if +the return value is not positive it will be immediately returned to +the application and the BIO operation will not be performed.

    +
    +
    +

    The callback should normally simply return ret when it has +finished processing, unless it specifically wishes to modify the +value returned to the application.

    +

    +

    +
    +

    CALLBACK OPERATIONS

    +

    In the notes below, callback defers to the actual callback +function that is called.

    +
    +
    BIO_free(b)
    + +
    +
    + callback_ex(b, BIO_CB_FREE, NULL, 0, 0, 0L, 1L, NULL)
    +

    or

    +
    + callback(b, BIO_CB_FREE, NULL, 0L, 0L, 1L)
    +

    is called before the free operation.

    +
    +
    BIO_read_ex(b, data, dlen, readbytes)
    + +
    +
    + callback_ex(b, BIO_CB_READ, data, dlen, 0, 0L, 1L, NULL)
    +

    or

    +
    + callback(b, BIO_CB_READ, data, dlen, 0L, 1L)
    +

    is called before the read and

    +
    + callback_ex(b, BIO_CB_READ | BIO_CB_RETURN, data, dlen, 0, 0L, retvalue,
+             &readbytes)
    +

    or

    +
    + callback(b, BIO_CB_READ|BIO_CB_RETURN, data, dlen, 0L, retvalue)
    +

    after.

    +
    +
    BIO_write(b, data, dlen, written)
    + +
    +
    + callback_ex(b, BIO_CB_WRITE, data, dlen, 0, 0L, 1L, NULL)
    +

    or

    +
    + callback(b, BIO_CB_WRITE, datat, dlen, 0L, 1L)
    +

    is called before the write and

    +
    + callback_ex(b, BIO_CB_WRITE | BIO_CB_RETURN, data, dlen, 0, 0L, retvalue,
+             &written)
    +

    or

    +
    + callback(b, BIO_CB_WRITE|BIO_CB_RETURN, data, dlen, 0L, retvalue)
    +

    after.

    +
    +
    BIO_gets(b, buf, size)
    + +
    +
    + callback_ex(b, BIO_CB_GETS, buf, size, 0, 0L, 1, NULL, NULL)
    +

    or

    +
    + callback(b, BIO_CB_GETS, buf, size, 0L, 1L)
    +

    is called before the operation and

    +
    + callback_ex(b, BIO_CB_GETS | BIO_CB_RETURN, buf, size, 0, 0L, retvalue,
+             &readbytes)
    +

    or

    +
    + callback(b, BIO_CB_GETS|BIO_CB_RETURN, buf, size, 0L, retvalue)
    +

    after.

    +
    +
    BIO_puts(b, buf)
    + +
    +
    + callback_ex(b, BIO_CB_PUTS, buf, 0, 0, 0L, 1L, NULL);
    +

    or

    +
    + callback(b, BIO_CB_PUTS, buf, 0, 0L, 1L)
    +

    is called before the operation and

    +
    + callback_ex(b, BIO_CB_PUTS | BIO_CB_RETURN, buf, 0, 0, 0L, retvalue, &written)
    +

    or

    +
    + callback(b, BIO_CB_PUTS|BIO_CB_RETURN, buf, 0, 0L, retvalue)
    +

    after.

    +
    +
    BIO_ctrl(BIO *b, int cmd, long larg, void *parg)
    + +
    +
    + callback_ex(b, BIO_CB_CTRL, parg, 0, cmd, larg, 1L, NULL)
    +

    or

    +
    + callback(b, BIO_CB_CTRL, parg, cmd, larg, 1L)
    +

    is called before the call and

    +
    + callback_ex(b, BIO_CB_CTRL | BIO_CB_RETURN, parg, 0, cmd, larg, ret, NULL)
    +

    or

    +
    + callback(b, BIO_CB_CTRL|BIO_CB_RETURN, parg, cmd, larg, ret)
    +

    after.

    +

    Note: cmd == BIO_CTRL_SET_CALLBACK is special, because parg is not the +argument of type BIO_info_cb itself. In this case parg is a pointer to +the actual call parameter, see BIO_callback_ctrl.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    BIO_get_callback_ex() and BIO_get_callback() return the callback function +previously set by a call to BIO_set_callback_ex() and BIO_set_callback() +respectively.

    +

    BIO_get_callback_arg() returns a char pointer to the value previously set +via a call to BIO_set_callback_arg().

    +

    BIO_debug_callback() returns 1 or ret if it's called after specific BIO +operations.

    +

    +

    +
    +

    EXAMPLES

    +

    The BIO_debug_callback() function is a good example, its source is +in crypto/bio/bio_cb.c

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_should_retry.html b/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_should_retry.html new file mode 100755 index 0000000..4def071 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_should_retry.html @@ -0,0 +1,172 @@ + + + + +BIO_should_retry + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BIO_should_read, BIO_should_write, +BIO_should_io_special, BIO_retry_type, BIO_should_retry, +BIO_get_retry_BIO, BIO_get_retry_reason, BIO_set_retry_reason - BIO retry +functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bio.h>
    +
    + int BIO_should_read(BIO *b);
+ int BIO_should_write(BIO *b);
+ int BIO_should_io_special(iBIO *b);
+ int BIO_retry_type(BIO *b);
+ int BIO_should_retry(BIO *b);
    +
    + BIO *BIO_get_retry_BIO(BIO *bio, int *reason);
+ int BIO_get_retry_reason(BIO *bio);
+ void BIO_set_retry_reason(BIO *bio, int reason);
    +

    +

    +
    +

    DESCRIPTION

    +

    These functions determine why a BIO is not able to read or write data. +They will typically be called after a failed BIO_read_ex() or BIO_write_ex() +call.

    +

    BIO_should_retry() is true if the call that produced this condition +should then be retried at a later time.

    +

    If BIO_should_retry() is false then the cause is an error condition.

    +

    BIO_should_read() is true if the cause of the condition is that the BIO +has insufficient data to return. Check for readability and/or retry the +last operation.

    +

    BIO_should_write() is true if the cause of the condition is that the BIO +has pending data to write. Check for writability and/or retry the +last operation.

    +

    BIO_should_io_special() is true if some "special" condition, that is a +reason other than reading or writing is the cause of the condition.

    +

    BIO_retry_type() returns a mask of the cause of a retry condition +consisting of the values BIO_FLAGS_READ, BIO_FLAGS_WRITE, +BIO_FLAGS_IO_SPECIAL though current BIO types will only set one of +these.

    +

    BIO_get_retry_BIO() determines the precise reason for the special +condition, it returns the BIO that caused this condition and if +reason is not NULL it contains the reason code. The meaning of +the reason code and the action that should be taken depends on +the type of BIO that resulted in this condition.

    +

    BIO_get_retry_reason() returns the reason for a special condition if +passed the relevant BIO, for example as returned by BIO_get_retry_BIO().

    +

    BIO_set_retry_reason() sets the retry reason for a special condition for a given +BIO. This would usually only be called by BIO implementations.

    +

    +

    +
    +

    NOTES

    +

    BIO_should_read(), BIO_should_write(), BIO_should_io_special(), +BIO_retry_type(), and BIO_should_retry(), are implemented as macros.

    +

    If BIO_should_retry() returns false then the precise "error condition" +depends on the BIO type that caused it and the return code of the BIO +operation. For example if a call to BIO_read_ex() on a socket BIO returns +0 and BIO_should_retry() is false then the cause will be that the +connection closed. A similar condition on a file BIO will mean that it +has reached EOF. Some BIO types may place additional information on +the error queue. For more details see the individual BIO type manual +pages.

    +

    If the underlying I/O structure is in a blocking mode almost all current +BIO types will not request a retry, because the underlying I/O +calls will not. If the application knows that the BIO type will never +signal a retry then it need not call BIO_should_retry() after a failed +BIO I/O call. This is typically done with file BIOs.

    +

    SSL BIOs are the only current exception to this rule: they can request a +retry even if the underlying I/O structure is blocking, if a handshake +occurs during a call to BIO_read(). An application can retry the failed +call immediately or avoid this situation by setting SSL_MODE_AUTO_RETRY +on the underlying SSL structure.

    +

    While an application may retry a failed non blocking call immediately +this is likely to be very inefficient because the call will fail +repeatedly until data can be processed or is available. An application +will normally wait until the necessary condition is satisfied. How +this is done depends on the underlying I/O structure.

    +

    For example if the cause is ultimately a socket and BIO_should_read() +is true then a call to select() may be made to wait until data is +available and then retry the BIO operation. By combining the retry +conditions of several non blocking BIOs in a single select() call +it is possible to service several BIOs in a single thread, though +the performance may be poor if SSL BIOs are present because long delays +can occur during the initial handshake process.

    +

    It is possible for a BIO to block indefinitely if the underlying I/O +structure cannot process or return any data. This depends on the behaviour of +the platforms I/O functions. This is often not desirable: one solution +is to use non blocking I/O and use a timeout on the select() (or +equivalent) call.

    +

    +

    +
    +

    BUGS

    +

    The OpenSSL ASN1 functions cannot gracefully deal with non blocking I/O: +that is they cannot retry after a partial read or write. This is usually +worked around by only passing the relevant data to ASN1 functions when +the entire structure can be read or written.

    +

    +

    +
    +

    RETURN VALUES

    +

    BIO_should_read(), BIO_should_write(), BIO_should_io_special(), and +BIO_should_retry() return either 1 or 0 based on the actual conditions +of the BIO.

    +

    BIO_retry_type() returns a flag combination presenting the cause of a retry +condition or false if there is no retry condition.

    +

    BIO_get_retry_BIO() returns a valid BIO structure.

    +

    BIO_get_retry_reason() returns the reason for a special condition.

    +

    +

    +
    +

    SEE ALSO

    +

    bio(7)

    +

    +

    +
    +

    HISTORY

    +

    The BIO_get_retry_reason() and BIO_set_retry_reason() functions were added in +OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_socket_wait.html b/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_socket_wait.html new file mode 100755 index 0000000..5fb742f --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/BIO_socket_wait.html @@ -0,0 +1,93 @@ + + + + +BIO_socket_wait + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BIO_socket_wait, +BIO_wait, +BIO_connect_retry +- BIO socket utility functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bio.h>
    +
    + #ifndef OPENSSL_NO_SOCK
+ int BIO_socket_wait(int fd, int for_read, time_t max_time);
+ #endif
+ int BIO_wait(BIO *bio, time_t max_time, unsigned int milliseconds);
+ int BIO_connect_retry(BIO *bio, long timeout);
    +

    +

    +
    +

    DESCRIPTION

    +

    BIO_socket_wait() waits on the socket fd for reading if for_read is not 0, +else for writing, at most until max_time. +It succeeds immediately if max_time == 0 (which means no timeout given).

    +

    BIO_wait() waits at most until max_time on the given bio, +which is typically socket-based, +for reading if bio is supposed to read, else for writing. +It succeeds immediately if max_time == 0 (which means no timeout given). +If sockets are not available it succeeds after waiting at most given +milliseconds in order to help avoiding a tight busy loop at the caller.

    +

    BIO_connect_retry() connects via the given bio, retrying BIO_do_connect() +until success or a timeout or error condition is reached. +If the timeout parameter is > 0 this indicates the maximum number of seconds +to wait until the connection is established. A value of 0 enables waiting +indefinitely, while a value < 0 immediately leads to a timeout condition.

    +

    +

    +
    +

    RETURN VALUES

    +

    BIO_socket_wait(), BIO_wait(), and BIO_connect_retry() +return -1 on error, 0 on timeout, and 1 on success.

    +

    +

    +
    +

    HISTORY

    +

    BIO_socket_wait(), BIO_wait(), and BIO_connect_retry() +were added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/BN_BLINDING_new.html b/linux_amd64/ssl/share/doc/openssl/html/man3/BN_BLINDING_new.html new file mode 100755 index 0000000..60740f6 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/BN_BLINDING_new.html @@ -0,0 +1,147 @@ + + + + +BN_BLINDING_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BN_BLINDING_new, BN_BLINDING_free, BN_BLINDING_update, BN_BLINDING_convert, +BN_BLINDING_invert, BN_BLINDING_convert_ex, BN_BLINDING_invert_ex, +BN_BLINDING_is_current_thread, BN_BLINDING_set_current_thread, +BN_BLINDING_lock, BN_BLINDING_unlock, BN_BLINDING_get_flags, +BN_BLINDING_set_flags, BN_BLINDING_create_param - blinding related BIGNUM functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bn.h>
    +
    + BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai,
+                              BIGNUM *mod);
+ void BN_BLINDING_free(BN_BLINDING *b);
+ int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx);
+ int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
+ int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
+ int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b,
+                            BN_CTX *ctx);
+ int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b,
+                           BN_CTX *ctx);
+ int BN_BLINDING_is_current_thread(BN_BLINDING *b);
+ void BN_BLINDING_set_current_thread(BN_BLINDING *b);
+ int BN_BLINDING_lock(BN_BLINDING *b);
+ int BN_BLINDING_unlock(BN_BLINDING *b);
+ unsigned long BN_BLINDING_get_flags(const BN_BLINDING *);
+ void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long);
+ BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
+                                       const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
+                                       int (*bn_mod_exp)(BIGNUM *r,
+                                                         const BIGNUM *a,
+                                                         const BIGNUM *p,
+                                                         const BIGNUM *m,
+                                                         BN_CTX *ctx,
+                                                         BN_MONT_CTX *m_ctx),
+                                       BN_MONT_CTX *m_ctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    BN_BLINDING_new() allocates a new BN_BLINDING structure and copies +the A and Ai values into the newly created BN_BLINDING object.

    +

    BN_BLINDING_free() frees the BN_BLINDING structure. +If b is NULL, nothing is done.

    +

    BN_BLINDING_update() updates the BN_BLINDING parameters by squaring +the A and Ai or, after specific number of uses and if the +necessary parameters are set, by re-creating the blinding parameters.

    +

    BN_BLINDING_convert_ex() multiplies n with the blinding factor A. +If r is not NULL a copy the inverse blinding factor Ai will be +returned in r (this is useful if a RSA object is shared among +several threads). BN_BLINDING_invert_ex() multiplies n with the +inverse blinding factor Ai. If r is not NULL it will be used as +the inverse blinding.

    +

    BN_BLINDING_convert() and BN_BLINDING_invert() are wrapper +functions for BN_BLINDING_convert_ex() and BN_BLINDING_invert_ex() +with r set to NULL.

    +

    BN_BLINDING_is_current_thread() returns whether the BN_BLINDING +structure is owned by the current thread. This is to help users +provide proper locking if needed for multi-threaded use.

    +

    BN_BLINDING_set_current_thread() sets the current thread as the +owner of the BN_BLINDING structure.

    +

    BN_BLINDING_lock() locks the BN_BLINDING structure.

    +

    BN_BLINDING_unlock() unlocks the BN_BLINDING structure.

    +

    BN_BLINDING_get_flags() returns the BN_BLINDING flags. Currently +there are two supported flags: BN_BLINDING_NO_UPDATE and +BN_BLINDING_NO_RECREATE. BN_BLINDING_NO_UPDATE inhibits the +automatic update of the BN_BLINDING parameters after each use +and BN_BLINDING_NO_RECREATE inhibits the automatic re-creation +of the BN_BLINDING parameters after a fixed number of uses (currently +32). In newly allocated BN_BLINDING objects no flags are set. +BN_BLINDING_set_flags() sets the BN_BLINDING parameters flags.

    +

    BN_BLINDING_create_param() creates new BN_BLINDING parameters +using the exponent e and the modulus m. bn_mod_exp and +m_ctx can be used to pass special functions for exponentiation +(normally BN_mod_exp_mont() and BN_MONT_CTX).

    +

    +

    +
    +

    RETURN VALUES

    +

    BN_BLINDING_new() returns the newly allocated BN_BLINDING structure +or NULL in case of an error.

    +

    BN_BLINDING_update(), BN_BLINDING_convert(), BN_BLINDING_invert(), +BN_BLINDING_convert_ex() and BN_BLINDING_invert_ex() return 1 on +success and 0 if an error occurred.

    +

    BN_BLINDING_is_current_thread() returns 1 if the current thread owns +the BN_BLINDING object, 0 otherwise.

    +

    BN_BLINDING_set_current_thread() doesn't return anything.

    +

    BN_BLINDING_lock(), BN_BLINDING_unlock() return 1 if the operation +succeeded or 0 on error.

    +

    BN_BLINDING_get_flags() returns the currently set BN_BLINDING flags +(a unsigned long value).

    +

    BN_BLINDING_create_param() returns the newly created BN_BLINDING +parameters or NULL on error.

    +

    +

    +
    +

    HISTORY

    +

    BN_BLINDING_thread_id() was first introduced in OpenSSL 1.0.0, and it +deprecates BN_BLINDING_set_thread_id() and BN_BLINDING_get_thread_id().

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2005-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/BN_CTX_new.html b/linux_amd64/ssl/share/doc/openssl/html/man3/BN_CTX_new.html new file mode 100755 index 0000000..db992cd --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/BN_CTX_new.html @@ -0,0 +1,125 @@ + + + + +BN_CTX_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BN_CTX_new_ex, BN_CTX_new, BN_CTX_secure_new_ex, BN_CTX_secure_new, BN_CTX_free +- allocate and free BN_CTX structures

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bn.h>
    +
    + BN_CTX *BN_CTX_new_ex(OPENSSL_CTX *ctx);
+ BN_CTX *BN_CTX_new(void);
    +
    + BN_CTX *BN_CTX_secure_new_ex(OPENSSL_CTX *ctx);
+ BN_CTX *BN_CTX_secure_new(void);
    +
    + void BN_CTX_free(BN_CTX *c);
    +

    +

    +
    +

    DESCRIPTION

    +

    A BN_CTX is a structure that holds BIGNUM temporary variables used by +library functions. Since dynamic memory allocation to create BIGNUMs +is rather expensive when used in conjunction with repeated subroutine +calls, the BN_CTX structure is used.

    +

    BN_CTX_new_ex() allocates and initializes a BN_CTX structure for the given +library context ctx. The <ctx> value may be NULL in which case the default +library context will be used. BN_CTX_new() is the same as BN_CTX_new_ex() except +that the default library context is always used.

    +

    BN_CTX_secure_new_ex() allocates and initializes a BN_CTX structure +but uses the secure heap (see CRYPTO_secure_malloc(3)) to hold the +BIGNUMs for the given library context ctx. The <ctx> value may be NULL in +which case the default library context will be used. BN_CTX_secure_new() is the +same as BN_CTX_secure_new_ex() except that the default library context is always +used.

    +

    BN_CTX_free() frees the components of the BN_CTX and the structure itself. +Since BN_CTX_start() is required in order to obtain BIGNUMs from the +BN_CTX, in most cases BN_CTX_end() must be called before the BN_CTX may +be freed by BN_CTX_free(). If c is NULL, nothing is done.

    +

    A given BN_CTX must only be used by a single thread of execution. No +locking is performed, and the internal pool allocator will not properly handle +multiple threads of execution.

    +

    +

    +
    +

    RETURN VALUES

    +

    BN_CTX_new() and BN_CTX_secure_new() return a pointer to the BN_CTX. +If the allocation fails, +they return NULL and sets an error code that can be obtained by +ERR_get_error(3).

    +

    BN_CTX_free() has no return values.

    +

    +

    +
    +

    REMOVED FUNCTIONALITY

    +
    + void BN_CTX_init(BN_CTX *c);
    +

    BN_CTX_init() is no longer available as of OpenSSL 1.1.0. Applications should +replace use of BN_CTX_init with BN_CTX_new instead:

    +
    + BN_CTX *ctx;
+ ctx = BN_CTX_new();
+ if (!ctx)
+     /* error */
+ ...
+ BN_CTX_free(ctx);
    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), BN_add(3), +BN_CTX_start(3)

    +

    +

    +
    +

    HISTORY

    +

    BN_CTX_init() was removed in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/BN_CTX_start.html b/linux_amd64/ssl/share/doc/openssl/html/man3/BN_CTX_start.html new file mode 100755 index 0000000..79b20e8 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/BN_CTX_start.html @@ -0,0 +1,91 @@ + + + + +BN_CTX_start + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BN_CTX_start, BN_CTX_get, BN_CTX_end - use temporary BIGNUM variables

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bn.h>
    +
    + void BN_CTX_start(BN_CTX *ctx);
    +
    + BIGNUM *BN_CTX_get(BN_CTX *ctx);
    +
    + void BN_CTX_end(BN_CTX *ctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    These functions are used to obtain temporary BIGNUM variables from +a BN_CTX (which can been created by using BN_CTX_new(3)) +in order to save the overhead of repeatedly creating and +freeing BIGNUMs in functions that are called from inside a loop.

    +

    A function must call BN_CTX_start() first. Then, BN_CTX_get() may be +called repeatedly to obtain temporary BIGNUMs. All BN_CTX_get() +calls must be made before calling any other functions that use the +ctx as an argument.

    +

    Finally, BN_CTX_end() must be called before returning from the function. +If ctx is NULL, nothing is done. +When BN_CTX_end() is called, the BIGNUM pointers obtained from +BN_CTX_get() become invalid.

    +

    +

    +
    +

    RETURN VALUES

    +

    BN_CTX_start() and BN_CTX_end() return no values.

    +

    BN_CTX_get() returns a pointer to the BIGNUM, or NULL on error. +Once BN_CTX_get() has failed, the subsequent calls will return NULL +as well, so it is sufficient to check the return value of the last +BN_CTX_get() call. In case of an error, an error code is set, which +can be obtained by ERR_get_error(3).

    +

    +

    +
    +

    SEE ALSO

    +

    BN_CTX_new(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/BN_add.html b/linux_amd64/ssl/share/doc/openssl/html/man3/BN_add.html new file mode 100755 index 0000000..67891ad --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/BN_add.html @@ -0,0 +1,151 @@ + + + + +BN_add + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BN_add, BN_sub, BN_mul, BN_sqr, BN_div, BN_mod, BN_nnmod, BN_mod_add, +BN_mod_sub, BN_mod_mul, BN_mod_sqr, BN_exp, BN_mod_exp, BN_gcd - +arithmetic operations on BIGNUMs

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bn.h>
    +
    + int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
    +
    + int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
    +
    + int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
    +
    + int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx);
    +
    + int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *a, const BIGNUM *d,
+            BN_CTX *ctx);
    +
    + int BN_mod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
    +
    + int BN_nnmod(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
    +
    + int BN_mod_add(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
+                BN_CTX *ctx);
    +
    + int BN_mod_sub(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
+                BN_CTX *ctx);
    +
    + int BN_mod_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
+                BN_CTX *ctx);
    +
    + int BN_mod_sqr(BIGNUM *r, BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
    +
    + int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx);
    +
    + int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+                const BIGNUM *m, BN_CTX *ctx);
    +
    + int BN_gcd(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    BN_add() adds a and b and places the result in r (r=a+b). +r may be the same BIGNUM as a or b.

    +

    BN_sub() subtracts b from a and places the result in r (r=a-b). +r may be the same BIGNUM as a or b.

    +

    BN_mul() multiplies a and b and places the result in r (r=a*b). +r may be the same BIGNUM as a or b. +For multiplication by powers of 2, use BN_lshift(3).

    +

    BN_sqr() takes the square of a and places the result in r +(r=a^2). r and a may be the same BIGNUM. +This function is faster than BN_mul(r,a,a).

    +

    BN_div() divides a by d and places the result in dv and the +remainder in rem (dv=a/d, rem=a%d). Either of dv and rem may +be NULL, in which case the respective value is not returned. +The result is rounded towards zero; thus if a is negative, the +remainder will be zero or negative. +For division by powers of 2, use BN_rshift(3).

    +

    BN_mod() corresponds to BN_div() with dv set to NULL.

    +

    BN_nnmod() reduces a modulo m and places the non-negative +remainder in r.

    +

    BN_mod_add() adds a to b modulo m and places the non-negative +result in r.

    +

    BN_mod_sub() subtracts b from a modulo m and places the +non-negative result in r.

    +

    BN_mod_mul() multiplies a by b and finds the non-negative +remainder respective to modulus m (r=(a*b) mod m). r may be +the same BIGNUM as a or b. For more efficient algorithms for +repeated computations using the same modulus, see +BN_mod_mul_montgomery(3) and +BN_mod_mul_reciprocal(3).

    +

    BN_mod_sqr() takes the square of a modulo m and places the +result in r.

    +

    BN_exp() raises a to the p-th power and places the result in r +(r=a^p). This function is faster than repeated applications of +BN_mul().

    +

    BN_mod_exp() computes a to the p-th power modulo m (r=a^p % +m). This function uses less time and space than BN_exp(). Do not call this +function when m is even and any of the parameters have the +BN_FLG_CONSTTIME flag set.

    +

    BN_gcd() computes the greatest common divisor of a and b and +places the result in r. r may be the same BIGNUM as a or +b.

    +

    For all functions, ctx is a previously allocated BN_CTX used for +temporary variables; see BN_CTX_new(3).

    +

    Unless noted otherwise, the result BIGNUM must be different from +the arguments.

    +

    +

    +
    +

    RETURN VALUES

    +

    For all functions, 1 is returned for success, 0 on error. The return +value should always be checked (e.g., if (!BN_add(r,a,b)) goto err;). +The error codes can be obtained by ERR_get_error(3).

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), BN_CTX_new(3), +BN_add_word(3), BN_set_bit(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/BN_add_word.html b/linux_amd64/ssl/share/doc/openssl/html/man3/BN_add_word.html new file mode 100755 index 0000000..06ac1c8 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/BN_add_word.html @@ -0,0 +1,91 @@ + + + + +BN_add_word + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BN_add_word, BN_sub_word, BN_mul_word, BN_div_word, BN_mod_word - arithmetic +functions on BIGNUMs with integers

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bn.h>
    +
    + int BN_add_word(BIGNUM *a, BN_ULONG w);
    +
    + int BN_sub_word(BIGNUM *a, BN_ULONG w);
    +
    + int BN_mul_word(BIGNUM *a, BN_ULONG w);
    +
    + BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w);
    +
    + BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w);
    +

    +

    +
    +

    DESCRIPTION

    +

    These functions perform arithmetic operations on BIGNUMs with unsigned +integers. They are much more efficient than the normal BIGNUM +arithmetic operations.

    +

    BN_add_word() adds w to a (a+=w).

    +

    BN_sub_word() subtracts w from a (a-=w).

    +

    BN_mul_word() multiplies a and w (a*=w).

    +

    BN_div_word() divides a by w (a/=w) and returns the remainder.

    +

    BN_mod_word() returns the remainder of a divided by w (a%w).

    +

    For BN_div_word() and BN_mod_word(), w must not be 0.

    +

    +

    +
    +

    RETURN VALUES

    +

    BN_add_word(), BN_sub_word() and BN_mul_word() return 1 for success, 0 +on error. The error codes can be obtained by ERR_get_error(3).

    +

    BN_mod_word() and BN_div_word() return a%w on success and +(BN_ULONG)-1 if an error occurred.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), BN_add(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/BN_bn2bin.html b/linux_amd64/ssl/share/doc/openssl/html/man3/BN_bn2bin.html new file mode 100755 index 0000000..3c8e58b --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/BN_bn2bin.html @@ -0,0 +1,146 @@ + + + + +BN_bn2bin + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BN_bn2binpad, +BN_bn2bin, BN_bin2bn, BN_bn2lebinpad, BN_lebin2bn, +BN_bn2nativepad, BN_native2bn, BN_bn2hex, BN_bn2dec, BN_hex2bn, BN_dec2bn, +BN_print, BN_print_fp, BN_bn2mpi, BN_mpi2bn - format conversions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bn.h>
    +
    + int BN_bn2bin(const BIGNUM *a, unsigned char *to);
+ int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen);
+ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
    +
    + int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen);
+ BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
    +
    + int BN_bn2nativepad(const BIGNUM *a, unsigned char *to, int tolen);
+ BIGNUM *BN_native2bn(const unsigned char *s, int len, BIGNUM *ret);
    +
    + char *BN_bn2hex(const BIGNUM *a);
+ char *BN_bn2dec(const BIGNUM *a);
+ int BN_hex2bn(BIGNUM **a, const char *str);
+ int BN_dec2bn(BIGNUM **a, const char *str);
    +
    + int BN_print(BIO *fp, const BIGNUM *a);
+ int BN_print_fp(FILE *fp, const BIGNUM *a);
    +
    + int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
+ BIGNUM *BN_mpi2bn(unsigned char *s, int len, BIGNUM *ret);
    +

    +

    +
    +

    DESCRIPTION

    +

    BN_bn2bin() converts the absolute value of a into big-endian form +and stores it at to. to must point to BN_num_bytes(a) bytes of +memory.

    +

    BN_bn2binpad() also converts the absolute value of a into big-endian form +and stores it at to. tolen indicates the length of the output buffer +to. The result is padded with zeros if necessary. If tolen is less than +BN_num_bytes(a) an error is returned.

    +

    BN_bin2bn() converts the positive integer in big-endian form of length +len at s into a BIGNUM and places it in ret. If ret is +NULL, a new BIGNUM is created.

    +

    BN_bn2lebinpad() and BN_lebin2bn() are identical to BN_bn2binpad() and +BN_bin2bn() except the buffer is in little-endian format.

    +

    BN_bn2nativepad() and BN_native2bn() are identical to BN_bn2binpad() and +BN_bin2bn() except the buffer is in native format, i.e. most significant +byte first on big-endian platforms, and least significant byte first on +little-endian platforms.

    +

    BN_bn2hex() and BN_bn2dec() return printable strings containing the +hexadecimal and decimal encoding of a respectively. For negative +numbers, the string is prefaced with a leading '-'. The string must be +freed later using OPENSSL_free().

    +

    BN_hex2bn() takes as many characters as possible from the string str, +including the leading character '-' which means negative, to form a valid +hexadecimal number representation and converts them to a BIGNUM and +stores it in **a. If *a is NULL, a new BIGNUM is created. If +a is NULL, it only computes the length of valid representation. +A "negative zero" is converted to zero. +BN_dec2bn() is the same using the decimal system.

    +

    BN_print() and BN_print_fp() write the hexadecimal encoding of a, +with a leading '-' for negative numbers, to the BIO or FILE +fp.

    +

    BN_bn2mpi() and BN_mpi2bn() convert BIGNUMs from and to a format +that consists of the number's length in bytes represented as a 4-byte +big-endian number, and the number itself in big-endian format, where +the most significant bit signals a negative number (the representation +of numbers with the MSB set is prefixed with null byte).

    +

    BN_bn2mpi() stores the representation of a at to, where to +must be large enough to hold the result. The size can be determined by +calling BN_bn2mpi(a, NULL).

    +

    BN_mpi2bn() converts the len bytes long representation at s to +a BIGNUM and stores it at ret, or in a newly allocated BIGNUM +if ret is NULL.

    +

    +

    +
    +

    RETURN VALUES

    +

    BN_bn2bin() returns the length of the big-endian number placed at to. +BN_bin2bn() returns the BIGNUM, NULL on error.

    +

    BN_bn2binpad() returns the number of bytes written or -1 if the supplied +buffer is too small.

    +

    BN_bn2hex() and BN_bn2dec() return a null-terminated string, or NULL +on error. BN_hex2bn() and BN_dec2bn() return the number of characters +used in parsing, or 0 on error, in which +case no new BIGNUM will be created.

    +

    BN_print_fp() and BN_print() return 1 on success, 0 on write errors.

    +

    BN_bn2mpi() returns the length of the representation. BN_mpi2bn() +returns the BIGNUM, and NULL on error.

    +

    The error codes can be obtained by ERR_get_error(3).

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), BN_zero(3), +ASN1_INTEGER_to_BN(3), +BN_num_bytes(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/BN_cmp.html b/linux_amd64/ssl/share/doc/openssl/html/man3/BN_cmp.html new file mode 100755 index 0000000..aab28b7 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/BN_cmp.html @@ -0,0 +1,79 @@ + + + + +BN_cmp + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    BN_cmp, BN_ucmp, BN_is_zero, BN_is_one, BN_is_word, BN_is_odd - BIGNUM comparison and test functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bn.h>
    +
    + int BN_cmp(BIGNUM *a, BIGNUM *b);
+ int BN_ucmp(BIGNUM *a, BIGNUM *b);
    +
    + int BN_is_zero(BIGNUM *a);
+ int BN_is_one(BIGNUM *a);
+ int BN_is_word(BIGNUM *a, BN_ULONG w);
+ int BN_is_odd(BIGNUM *a);
    +

    +

    +
    +

    DESCRIPTION

    +

    BN_cmp() compares the numbers a and b. BN_ucmp() compares their +absolute values.

    +

    BN_is_zero(), BN_is_one() and BN_is_word() test if a equals 0, 1, +or w respectively. BN_is_odd() tests if a is odd.

    +

    BN_is_zero(), BN_is_one(), BN_is_word() and BN_is_odd() are macros.

    +

    +

    +
    +

    RETURN VALUES

    +

    BN_cmp() returns -1 if a < b, 0 if a == b and 1 if +a > b. BN_ucmp() is the same using the absolute values +of a and b.

    +

    BN_is_zero(), BN_is_one() BN_is_word() and BN_is_odd() return 1 if +the condition is true, 0 otherwise.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/BN_copy.html b/linux_amd64/ssl/share/doc/openssl/html/man3/BN_copy.html new file mode 100755 index 0000000..78d6b19 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/BN_copy.html @@ -0,0 +1,100 @@ + + + + +BN_copy + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BN_copy, BN_dup, BN_with_flags - copy BIGNUMs

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bn.h>
    +
    + BIGNUM *BN_copy(BIGNUM *to, const BIGNUM *from);
    +
    + BIGNUM *BN_dup(const BIGNUM *from);
    +
    + void BN_with_flags(BIGNUM *dest, const BIGNUM *b, int flags);
    +

    +

    +
    +

    DESCRIPTION

    +

    BN_copy() copies from to to. BN_dup() creates a new BIGNUM +containing the value from.

    +

    BN_with_flags creates a temporary shallow copy of b in dest. It places +significant restrictions on the copied data. Applications that do no adhere to +these restrictions may encounter unexpected side effects or crashes. For that +reason use of this function is discouraged. Any flags provided in flags will +be set in dest in addition to any flags already set in b. For example this +might commonly be used to create a temporary copy of a BIGNUM with the +BN_FLG_CONSTTIME flag set for constant time operations. The temporary copy in +dest will share some internal state with b. For this reason the following +restrictions apply to the use of dest:

    +
      +
    • +

      dest should be a newly allocated BIGNUM obtained via a call to BN_new(). It +should not have been used for other purposes or initialised in any way.

      +
      • +
    • +

      dest must only be used in "read-only" operations, i.e. typically those +functions where the relevant parameter is declared "const".

      +
      • +
    • +

      dest must be used and freed before any further subsequent use of b

      +
      • +
    +

    +

    +
    +

    RETURN VALUES

    +

    BN_copy() returns to on success, NULL on error. BN_dup() returns +the new BIGNUM, and NULL on error. The error codes can be obtained +by ERR_get_error(3).

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/BN_generate_prime.html b/linux_amd64/ssl/share/doc/openssl/html/man3/BN_generate_prime.html new file mode 100755 index 0000000..c43fb7f --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/BN_generate_prime.html @@ -0,0 +1,250 @@ + + + + +BN_generate_prime + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BN_generate_prime_ex2, BN_generate_prime_ex, BN_is_prime_ex, BN_check_prime, +BN_is_prime_fasttest_ex, BN_GENCB_call, BN_GENCB_new, BN_GENCB_free, +BN_GENCB_set_old, BN_GENCB_set, BN_GENCB_get_arg, BN_generate_prime, +BN_is_prime, BN_is_prime_fasttest - generate primes and test for primality

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bn.h>
    +
    + int BN_generate_prime_ex2(BIGNUM *ret, int bits, int safe,
+                           const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb,
+                           BN_CTX *ctx);
    +
    + int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add,
+                          const BIGNUM *rem, BN_GENCB *cb);
    +
    + int BN_check_prime(const BIGNUM *p, BN_CTX *ctx, BN_GENCB *cb);
    +
    + int BN_GENCB_call(BN_GENCB *cb, int a, int b);
    +
    + BN_GENCB *BN_GENCB_new(void);
    +
    + void BN_GENCB_free(BN_GENCB *cb);
    +
    + void BN_GENCB_set_old(BN_GENCB *gencb,
+                       void (*callback)(int, int, void *), void *cb_arg);
    +
    + void BN_GENCB_set(BN_GENCB *gencb,
+                   int (*callback)(int, int, BN_GENCB *), void *cb_arg);
    +
    + void *BN_GENCB_get_arg(BN_GENCB *cb);
    +

    Deprecated since OpenSSL 0.9.8, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + BIGNUM *BN_generate_prime(BIGNUM *ret, int num, int safe, BIGNUM *add,
+                           BIGNUM *rem, void (*callback)(int, int, void *),
+                           void *cb_arg);
    +
    + int BN_is_prime(const BIGNUM *p, int nchecks,
+                 void (*callback)(int, int, void *), BN_CTX *ctx, void *cb_arg);
    +
    + int BN_is_prime_fasttest(const BIGNUM *p, int nchecks,
+                          void (*callback)(int, int, void *), BN_CTX *ctx,
+                          void *cb_arg, int do_trial_division);
    +

    Deprecated since OpenSSL 3.0:

    +
    + int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, BN_GENCB *cb);
    +
    + int BN_is_prime_fasttest_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx,
+                             int do_trial_division, BN_GENCB *cb);
    +

    +

    +
    +

    DESCRIPTION

    +

    BN_generate_prime_ex2() generates a pseudo-random prime number of +at least bit length bits using the BN_CTX provided in ctx. The value of +ctx must not be NULL.

    +

    The returned number is probably prime with a negligible error. +The maximum error rate is 2^-128. +It's 2^-287 for a 512 bit prime, 2^-435 for a 1024 bit prime, +2^-648 for a 2048 bit prime, and lower than 2^-882 for primes larger +than 2048 bit.

    +

    If add is NULL the returned prime number will have exact bit +length bits with the top most two bits set.

    +

    If ret is not NULL, it will be used to store the number.

    +

    If cb is not NULL, it is used as follows:

    +
      +
    • +

      BN_GENCB_call(cb, 0, i) is called after generating the i-th +potential prime number.

      +
      • +
    • +

      While the number is being tested for primality, +BN_GENCB_call(cb, 1, j) is called as described below.

      +
      • +
    • +

      When a prime has been found, BN_GENCB_call(cb, 2, i) is called.

      +
      • +
    • +

      The callers of BN_generate_prime_ex() may call BN_GENCB_call(cb, i, j) with +other values as described in their respective man pages; see SEE ALSO.

      +
      • +
    +

    The prime may have to fulfill additional requirements for use in +Diffie-Hellman key exchange:

    +

    If add is not NULL, the prime will fulfill the condition p % add +== rem (p % add == 1 if rem == NULL) in order to suit a given +generator.

    +

    If safe is true, it will be a safe prime (i.e. a prime p so +that (p-1)/2 is also prime). If safe is true, and rem == NULL +the condition will be p % add == 3. +It is recommended that add is a multiple of 4.

    +

    The random generator must be seeded prior to calling BN_generate_prime_ex(). +If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to +external circumstances (see RAND(7)), the operation will fail. +The random number generator configured for the OPENSSL_CTX associated with +ctx will be used.

    +

    BN_generate_prime_ex() is the same as BN_generate_prime_ex2() except that no +ctx parameter is passed. +In this case the random number generator associated with the default OPENSSL_CTX +will be used.

    +

    BN_check_prime(), BN_is_prime_ex(), BN_is_prime_fasttest_ex(), BN_is_prime() +and BN_is_prime_fasttest() test if the number p is prime. +The functions tests until one of the tests shows that p is composite, +or all the tests passed. +If p passes all these tests, it is considered a probable prime.

    +

    The test performed on p are trial division by a number of small primes +and rounds of the of the Miller-Rabin probabilistic primality test.

    +

    The functions do at least 64 rounds of the Miller-Rabin test giving a maximum +false positive rate of 2^-128. +If the size of p is more than 2048 bits, they do at least 128 rounds +giving a maximum false positive rate of 2^-256.

    +

    If nchecks is larger than the minimum above (64 or 128), nchecks +rounds of the Miller-Rabin test will be done.

    +

    If do_trial_division set to 0, the trial division will be skipped. +BN_is_prime_ex() and BN_is_prime() always skip the trial division.

    +

    BN_is_prime_ex(), BN_is_prime_fasttest_ex(), BN_is_prime() +and BN_is_prime_fasttest() are deprecated.

    +

    BN_is_prime_fasttest() and BN_is_prime() behave just like +BN_is_prime_fasttest_ex() and BN_is_prime_ex() respectively, but with the old +style call back.

    +

    ctx is a pre-allocated BN_CTX (to save the overhead of allocating and +freeing the structure in a loop), or NULL.

    +

    If the trial division is done, and no divisors are found and cb +is not NULL, BN_GENCB_call(cb, 1, -1) is called.

    +

    After each round of the Miller-Rabin probabilistic primality test, +if cb is not NULL, BN_GENCB_call(cb, 1, j) is called +with j the iteration (j = 0, 1, ...).

    +

    BN_GENCB_call() calls the callback function held in the BN_GENCB structure +and passes the ints a and b as arguments. There are two types of +BN_GENCB structure that are supported: "new" style and "old" style. New +programs should prefer the "new" style, whilst the "old" style is provided +for backwards compatibility purposes.

    +

    A BN_GENCB structure should be created through a call to BN_GENCB_new(), +and freed through a call to BN_GENCB_free().

    +

    For "new" style callbacks a BN_GENCB structure should be initialised with a +call to BN_GENCB_set(), where gencb is a BN_GENCB *, callback is of +type int (*callback)(int, int, BN_GENCB *) and cb_arg is a void *. +"Old" style callbacks are the same except they are initialised with a call +to BN_GENCB_set_old() and callback is of type +void (*callback)(int, int, void *).

    +

    A callback is invoked through a call to BN_GENCB_call. This will check +the type of the callback and will invoke callback(a, b, gencb) for new +style callbacks or callback(a, b, cb_arg) for old style.

    +

    It is possible to obtain the argument associated with a BN_GENCB structure +(set via a call to BN_GENCB_set or BN_GENCB_set_old) using BN_GENCB_get_arg.

    +

    BN_generate_prime() (deprecated) works in the same way as +BN_generate_prime_ex() but expects an old-style callback function +directly in the callback parameter, and an argument to pass to it in +the cb_arg. BN_is_prime() and BN_is_prime_fasttest() +can similarly be compared to BN_is_prime_ex() and +BN_is_prime_fasttest_ex(), respectively.

    +

    +

    +
    +

    RETURN VALUES

    +

    BN_generate_prime_ex() return 1 on success or 0 on error.

    +

    BN_is_prime_ex(), BN_is_prime_fasttest_ex(), BN_is_prime(), +BN_is_prime_fasttest() and BN_check_prime return 0 if the number is composite, +1 if it is prime with an error probability of less than 0.25^nchecks, and +-1 on error.

    +

    BN_generate_prime() returns the prime number on success, NULL otherwise.

    +

    BN_GENCB_new returns a pointer to a BN_GENCB structure on success, or NULL +otherwise.

    +

    BN_GENCB_get_arg returns the argument previously associated with a BN_GENCB +structure.

    +

    Callback functions should return 1 on success or 0 on error.

    +

    The error codes can be obtained by ERR_get_error(3).

    +

    +

    +
    +

    REMOVED FUNCTIONALITY

    +

    As of OpenSSL 1.1.0 it is no longer possible to create a BN_GENCB structure +directly, as in:

    +
    + BN_GENCB callback;
    +

    Instead applications should create a BN_GENCB structure using BN_GENCB_new:

    +
    + BN_GENCB *callback;
+ callback = BN_GENCB_new();
+ if (!callback)
+     /* error */
+ ...
+ BN_GENCB_free(callback);
    +

    +

    +
    +

    SEE ALSO

    +

    DH_generate_parameters(3), DSA_generate_parameters(3), +RSA_generate_key(3), ERR_get_error(3), RAND_bytes(3), +RAND(7)

    +

    +

    +
    +

    HISTORY

    +

    The BN_GENCB_new(), BN_GENCB_free(), +and BN_GENCB_get_arg() functions were added in OpenSSL 1.1.0.

    +

    BN_check_prime() was added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/BN_mod_inverse.html b/linux_amd64/ssl/share/doc/openssl/html/man3/BN_mod_inverse.html new file mode 100755 index 0000000..3844a77 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/BN_mod_inverse.html @@ -0,0 +1,77 @@ + + + + +BN_mod_inverse + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BN_mod_inverse - compute inverse modulo n

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bn.h>
    +
    + BIGNUM *BN_mod_inverse(BIGNUM *r, BIGNUM *a, const BIGNUM *n,
+                        BN_CTX *ctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    BN_mod_inverse() computes the inverse of a modulo n +places the result in r ((a*r)%n==1). If r is NULL, +a new BIGNUM is created.

    +

    ctx is a previously allocated BN_CTX used for temporary +variables. r may be the same BIGNUM as a or n.

    +

    +

    +
    +

    RETURN VALUES

    +

    BN_mod_inverse() returns the BIGNUM containing the inverse, and +NULL on error. The error codes can be obtained by ERR_get_error(3).

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), BN_add(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/BN_mod_mul_montgomery.html b/linux_amd64/ssl/share/doc/openssl/html/man3/BN_mod_mul_montgomery.html new file mode 100755 index 0000000..173e96b --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/BN_mod_mul_montgomery.html @@ -0,0 +1,121 @@ + + + + +BN_mod_mul_montgomery + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BN_mod_mul_montgomery, BN_MONT_CTX_new, +BN_MONT_CTX_free, BN_MONT_CTX_set, BN_MONT_CTX_copy, +BN_from_montgomery, BN_to_montgomery - Montgomery multiplication

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bn.h>
    +
    + BN_MONT_CTX *BN_MONT_CTX_new(void);
+ void BN_MONT_CTX_free(BN_MONT_CTX *mont);
    +
    + int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *m, BN_CTX *ctx);
+ BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from);
    +
    + int BN_mod_mul_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *b,
+                           BN_MONT_CTX *mont, BN_CTX *ctx);
    +
    + int BN_from_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont,
+                        BN_CTX *ctx);
    +
    + int BN_to_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont,
+                      BN_CTX *ctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    These functions implement Montgomery multiplication. They are used +automatically when BN_mod_exp(3) is called with suitable input, +but they may be useful when several operations are to be performed +using the same modulus.

    +

    BN_MONT_CTX_new() allocates and initializes a BN_MONT_CTX structure.

    +

    BN_MONT_CTX_set() sets up the mont structure from the modulus m +by precomputing its inverse and a value R.

    +

    BN_MONT_CTX_copy() copies the BN_MONT_CTX from to to.

    +

    BN_MONT_CTX_free() frees the components of the BN_MONT_CTX, and, if +it was created by BN_MONT_CTX_new(), also the structure itself. +If mont is NULL, nothing is done.

    +

    BN_mod_mul_montgomery() computes Mont(a,b):=a*b*R^-1 and places +the result in r.

    +

    BN_from_montgomery() performs the Montgomery reduction r = a*R^-1.

    +

    BN_to_montgomery() computes Mont(a,R^2), i.e. a*R. +Note that a must be non-negative and smaller than the modulus.

    +

    For all functions, ctx is a previously allocated BN_CTX used for +temporary variables.

    +

    +

    +
    +

    RETURN VALUES

    +

    BN_MONT_CTX_new() returns the newly allocated BN_MONT_CTX, and NULL +on error.

    +

    BN_MONT_CTX_free() has no return value.

    +

    For the other functions, 1 is returned for success, 0 on error. +The error codes can be obtained by ERR_get_error(3).

    +

    +

    +
    +

    WARNINGS

    +

    The inputs must be reduced modulo m, otherwise the result will be +outside the expected range.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), BN_add(3), +BN_CTX_new(3)

    +

    +

    +
    +

    HISTORY

    +

    BN_MONT_CTX_init() was removed in OpenSSL 1.1.0

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/BN_mod_mul_reciprocal.html b/linux_amd64/ssl/share/doc/openssl/html/man3/BN_mod_mul_reciprocal.html new file mode 100755 index 0000000..fce4e39 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/BN_mod_mul_reciprocal.html @@ -0,0 +1,108 @@ + + + + +BN_mod_mul_reciprocal + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BN_mod_mul_reciprocal, BN_div_recp, BN_RECP_CTX_new, +BN_RECP_CTX_free, BN_RECP_CTX_set - modular multiplication using +reciprocal

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bn.h>
    +
    + BN_RECP_CTX *BN_RECP_CTX_new(void);
+ void BN_RECP_CTX_free(BN_RECP_CTX *recp);
    +
    + int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *m, BN_CTX *ctx);
    +
    + int BN_div_recp(BIGNUM *dv, BIGNUM *rem, BIGNUM *a, BN_RECP_CTX *recp,
+                 BN_CTX *ctx);
    +
    + int BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *a, BIGNUM *b,
+                           BN_RECP_CTX *recp, BN_CTX *ctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    BN_mod_mul_reciprocal() can be used to perform an efficient +BN_mod_mul(3) operation when the operation will be performed +repeatedly with the same modulus. It computes r=(a*b)%m +using recp=1/m, which is set as described below. ctx is a +previously allocated BN_CTX used for temporary variables.

    +

    BN_RECP_CTX_new() allocates and initializes a BN_RECP structure.

    +

    BN_RECP_CTX_free() frees the components of the BN_RECP, and, if it +was created by BN_RECP_CTX_new(), also the structure itself. +If recp is NULL, nothing is done.

    +

    BN_RECP_CTX_set() stores m in recp and sets it up for computing +1/m and shifting it left by BN_num_bits(m)+1 to make it an +integer. The result and the number of bits it was shifted left will +later be stored in recp.

    +

    BN_div_recp() divides a by m using recp. It places the quotient +in dv and the remainder in rem.

    +

    The BN_RECP_CTX structure cannot be shared between threads.

    +

    +

    +
    +

    RETURN VALUES

    +

    BN_RECP_CTX_new() returns the newly allocated BN_RECP_CTX, and NULL +on error.

    +

    BN_RECP_CTX_free() has no return value.

    +

    For the other functions, 1 is returned for success, 0 on error. +The error codes can be obtained by ERR_get_error(3).

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), BN_add(3), +BN_CTX_new(3)

    +

    +

    +
    +

    HISTORY

    +

    BN_RECP_CTX_init() was removed in OpenSSL 1.1.0

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/BN_new.html b/linux_amd64/ssl/share/doc/openssl/html/man3/BN_new.html new file mode 100755 index 0000000..0f06556 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/BN_new.html @@ -0,0 +1,100 @@ + + + + +BN_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BN_new, BN_secure_new, BN_clear, BN_free, BN_clear_free - allocate and free BIGNUMs

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bn.h>
    +
    + BIGNUM *BN_new(void);
    +
    + BIGNUM *BN_secure_new(void);
    +
    + void BN_clear(BIGNUM *a);
    +
    + void BN_free(BIGNUM *a);
    +
    + void BN_clear_free(BIGNUM *a);
    +

    +

    +
    +

    DESCRIPTION

    +

    BN_new() allocates and initializes a BIGNUM structure. +BN_secure_new() does the same except that the secure heap +OPENSSL_secure_malloc(3) is used to store the value.

    +

    BN_clear() is used to destroy sensitive data such as keys when they +are no longer needed. It erases the memory used by a and sets it +to the value 0. +If a is NULL, nothing is done.

    +

    BN_free() frees the components of the BIGNUM, and if it was created +by BN_new(), also the structure itself. BN_clear_free() additionally +overwrites the data before the memory is returned to the system. +If a is NULL, nothing is done.

    +

    +

    +
    +

    RETURN VALUES

    +

    BN_new() and BN_secure_new() +return a pointer to the BIGNUM initialised to the value 0. +If the allocation fails, +they return NULL and set an error code that can be obtained +by ERR_get_error(3).

    +

    BN_clear(), BN_free() and BN_clear_free() have no return values.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), OPENSSL_secure_malloc(3)

    +

    +

    +
    +

    HISTORY

    +

    BN_init() was removed in OpenSSL 1.1.0; use BN_new() instead.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/BN_num_bytes.html b/linux_amd64/ssl/share/doc/openssl/html/man3/BN_num_bytes.html new file mode 100755 index 0000000..c1b91b3 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/BN_num_bytes.html @@ -0,0 +1,97 @@ + + + + +BN_num_bytes + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BN_num_bits, BN_num_bytes, BN_num_bits_word - get BIGNUM size

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bn.h>
    +
    + int BN_num_bytes(const BIGNUM *a);
    +
    + int BN_num_bits(const BIGNUM *a);
    +
    + int BN_num_bits_word(BN_ULONG w);
    +

    +

    +
    +

    DESCRIPTION

    +

    BN_num_bytes() returns the size of a BIGNUM in bytes.

    +

    BN_num_bits_word() returns the number of significant bits in a word. +If we take 0x00000432 as an example, it returns 11, not 16, not 32. +Basically, except for a zero, it returns floor(log2(w))+1.

    +

    BN_num_bits() returns the number of significant bits in a BIGNUM, +following the same principle as BN_num_bits_word().

    +

    BN_num_bytes() is a macro.

    +

    +

    +
    +

    RETURN VALUES

    +

    The size.

    +

    +

    +
    +

    NOTES

    +

    Some have tried using BN_num_bits() on individual numbers in RSA keys, +DH keys and DSA keys, and found that they don't always come up with +the number of bits they expected (something like 512, 1024, 2048, +...). This is because generating a number with some specific number +of bits doesn't always set the highest bits, thereby making the number +of significant bits a little lower. If you want to know the "key +size" of such a key, either use functions like RSA_size(), DH_size() +and DSA_size(), or use BN_num_bytes() and multiply with 8 (although +there's no real guarantee that will match the "key size", just a lot +more probability).

    +

    +

    +
    +

    SEE ALSO

    +

    DH_size(3), DSA_size(3), +RSA_size(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/BN_rand.html b/linux_amd64/ssl/share/doc/openssl/html/man3/BN_rand.html new file mode 100755 index 0000000..985fbbc --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/BN_rand.html @@ -0,0 +1,153 @@ + + + + +BN_rand + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BN_rand_ex, BN_rand, BN_priv_rand_ex, BN_priv_rand, BN_pseudo_rand, +BN_rand_range_ex, BN_rand_range, BN_priv_rand_range_ex, BN_priv_rand_range, +BN_pseudo_rand_range +- generate pseudo-random number

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bn.h>
    +
    + int BN_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, BN_CTX *ctx);
+ int BN_rand(BIGNUM *rnd, int bits, int top, int bottom);
    +
    + int BN_priv_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, BN_CTX *ctx);
+ int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom);
    +
    + int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
    +
    + int BN_rand_range_ex(BIGNUM *rnd, BIGNUM *range, BN_CTX *ctx);
+ int BN_rand_range(BIGNUM *rnd, BIGNUM *range);
    +
    + int BN_priv_rand_range_ex(BIGNUM *rnd, BIGNUM *range, BN_CTX *ctx);
+ int BN_priv_rand_range(BIGNUM *rnd, BIGNUM *range);
    +
    + int BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range);
    +

    +

    +
    +

    DESCRIPTION

    +

    BN_rand_ex() generate a cryptographically strong pseudo-random +number of bits in length and stores it in rnd using the random number +generator for the library context associated with ctx. The parameter ctx +may be NULL in which case the default library context is used. +If bits is less than zero, or too small to +accommodate the requirements specified by the top and bottom +parameters, an error is returned. +The top parameters specifies +requirements on the most significant bit of the generated number. +If it is BN_RAND_TOP_ANY, there is no constraint. +If it is BN_RAND_TOP_ONE, the top bit must be one. +If it is BN_RAND_TOP_TWO, the two most significant bits of +the number will be set to 1, so that the product of two such random +numbers will always have 2*bits length. +If bottom is BN_RAND_BOTTOM_ODD, the number will be odd; if it +is BN_RAND_BOTTOM_ANY it can be odd or even. +If bits is 1 then top cannot also be BN_RAND_FLG_TOPTWO.

    +

    BN_rand() is the same as BN_rand_ex() except that the default library context +is always used.

    +

    BN_rand_range_ex() generates a cryptographically strong pseudo-random +number rnd in the range 0 <= rnd < range using the random number +generator for the library context associated with ctx. The parameter ctx +may be NULL in which case the default library context is used.

    +

    BN_rand_range() is the same as BN_rand_range_ex() except that the default +library context is always used.

    +

    BN_priv_rand_ex(), BN_priv_rand(), BN_priv_rand_rand_ex() and +BN_priv_rand_range() have the same semantics as BN_rand_ex(), BN_rand(), +BN_rand_range_ex() and BN_rand_range() respectively. They are intended to be +used for generating values that should remain private, and mirror the +same difference between RAND_bytes(3) and RAND_priv_bytes(3).

    +

    +

    +
    +

    NOTES

    +

    Always check the error return value of these functions and do not take +randomness for granted: an error occurs if the CSPRNG has not been +seeded with enough randomness to ensure an unpredictable byte sequence.

    +

    +

    +
    +

    RETURN VALUES

    +

    The functions return 1 on success, 0 on error. +The error codes can be obtained by ERR_get_error(3).

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), +RAND_add(3), +RAND_bytes(3), +RAND_priv_bytes(3), +RAND(7), +RAND_DRBG(7)

    +

    +

    +
    +

    HISTORY

    +
      +
    • +

      Starting with OpenSSL release 1.1.0, BN_pseudo_rand() has been identical +to BN_rand() and BN_pseudo_rand_range() has been identical to +BN_rand_range(). +The "pseudo" functions should not be used and may be deprecated in +a future release.

      +
      • +
    • +

      The +BN_priv_rand() and BN_priv_rand_range() functions were added in OpenSSL 1.1.1.

      +
      • +
    • +

      The BN_rand_ex(), BN_priv_rand_ex(), BN_rand_range_ex() and +BN_priv_rand_range_ex() functions were added in OpenSSL 3.0.

      +
      • +
    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/BN_security_bits.html b/linux_amd64/ssl/share/doc/openssl/html/man3/BN_security_bits.html new file mode 100755 index 0000000..a2d8afd --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/BN_security_bits.html @@ -0,0 +1,92 @@ + + + + +BN_security_bits + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BN_security_bits - returns bits of security based on given numbers

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bn.h>
    +
    + int BN_security_bits(int L, int N);
    +

    +

    +
    +

    DESCRIPTION

    +

    BN_security_bits() returns the number of bits of security provided by a +specific algorithm and a particular key size. The bits of security is +defined in NIST SP800-57. Currently, BN_security_bits() support two types +of asymmetric algorithms: the FFC (Finite Field Cryptography) and IFC +(Integer Factorization Cryptography). For FFC, e.g., DSA and DH, both +parameters L and N are used to decide the bits of security, where +L is the size of the public key and N is the size of the private +key. For IFC, e.g., RSA, only L is used and it's commonly considered +to be the key size (modulus).

    +

    +

    +
    +

    RETURN VALUES

    +

    Number of security bits.

    +

    +

    +
    +

    NOTES

    +

    ECC (Elliptic Curve Cryptography) is not covered by the BN_security_bits() +function. The symmetric algorithms are not covered neither.

    +

    +

    +
    +

    SEE ALSO

    +

    DH_security_bits(3), DSA_security_bits(3), RSA_security_bits(3)

    +

    +

    +
    +

    HISTORY

    +

    The BN_security_bits() function was added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/BN_set_bit.html b/linux_amd64/ssl/share/doc/openssl/html/man3/BN_set_bit.html new file mode 100755 index 0000000..22ed0ba --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/BN_set_bit.html @@ -0,0 +1,99 @@ + + + + +BN_set_bit + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BN_set_bit, BN_clear_bit, BN_is_bit_set, BN_mask_bits, BN_lshift, +BN_lshift1, BN_rshift, BN_rshift1 - bit operations on BIGNUMs

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bn.h>
    +
    + int BN_set_bit(BIGNUM *a, int n);
+ int BN_clear_bit(BIGNUM *a, int n);
    +
    + int BN_is_bit_set(const BIGNUM *a, int n);
    +
    + int BN_mask_bits(BIGNUM *a, int n);
    +
    + int BN_lshift(BIGNUM *r, const BIGNUM *a, int n);
+ int BN_lshift1(BIGNUM *r, BIGNUM *a);
    +
    + int BN_rshift(BIGNUM *r, BIGNUM *a, int n);
+ int BN_rshift1(BIGNUM *r, BIGNUM *a);
    +

    +

    +
    +

    DESCRIPTION

    +

    BN_set_bit() sets bit n in a to 1 (a|=(1<<n)). The +number is expanded if necessary.

    +

    BN_clear_bit() sets bit n in a to 0 (a&=~(1<<n)). An +error occurs if a is shorter than n bits.

    +

    BN_is_bit_set() tests if bit n in a is set.

    +

    BN_mask_bits() truncates a to an n bit number +(a&=~((~0)>>n)). An error occurs if a already is +shorter than n bits.

    +

    BN_lshift() shifts a left by n bits and places the result in +r (r=a*2^n). Note that n must be non-negative. BN_lshift1() shifts +a left by one and places the result in r (r=2*a).

    +

    BN_rshift() shifts a right by n bits and places the result in +r (r=a/2^n). Note that n must be non-negative. BN_rshift1() shifts +a right by one and places the result in r (r=a/2).

    +

    For the shift functions, r and a may be the same variable.

    +

    +

    +
    +

    RETURN VALUES

    +

    BN_is_bit_set() returns 1 if the bit is set, 0 otherwise.

    +

    All other functions return 1 for success, 0 on error. The error codes +can be obtained by ERR_get_error(3).

    +

    +

    +
    +

    SEE ALSO

    +

    BN_num_bytes(3), BN_add(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/BN_swap.html b/linux_amd64/ssl/share/doc/openssl/html/man3/BN_swap.html new file mode 100755 index 0000000..798ecc1 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/BN_swap.html @@ -0,0 +1,65 @@ + + + + +BN_swap + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    BN_swap - exchange BIGNUMs

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bn.h>
    +
    + void BN_swap(BIGNUM *a, BIGNUM *b);
    +

    +

    +
    +

    DESCRIPTION

    +

    BN_swap() exchanges the values of a and b.

    +

    +

    +
    +

    RETURN VALUES

    +

    BN_swap() does not return a value.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/BN_zero.html b/linux_amd64/ssl/share/doc/openssl/html/man3/BN_zero.html new file mode 100755 index 0000000..65bcee6 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/BN_zero.html @@ -0,0 +1,104 @@ + + + + +BN_zero + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BN_zero, BN_one, BN_value_one, BN_set_word, BN_get_word - BIGNUM assignment +operations

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bn.h>
    +
    + void BN_zero(BIGNUM *a);
+ int BN_one(BIGNUM *a);
    +
    + const BIGNUM *BN_value_one(void);
    +
    + int BN_set_word(BIGNUM *a, BN_ULONG w);
+ unsigned BN_ULONG BN_get_word(BIGNUM *a);
    +

    +

    +
    +

    DESCRIPTION

    +

    BN_ULONG is a macro that will be an unsigned integral type optimized +for the most efficient implementation on the local platform.

    +

    BN_zero(), BN_one() and BN_set_word() set a to the values 0, 1 and +w respectively. BN_zero() and BN_one() are macros.

    +

    BN_value_one() returns a BIGNUM constant of value 1. This constant +is useful for use in comparisons and assignment.

    +

    BN_get_word() returns a, if it can be represented as a BN_ULONG.

    +

    +

    +
    +

    RETURN VALUES

    +

    BN_get_word() returns the value a, or all-bits-set if a cannot +be represented as a single integer.

    +

    BN_one() and BN_set_word() return 1 on success, 0 otherwise. +BN_value_one() returns the constant. +BN_zero() never fails and returns no value.

    +

    +

    +
    +

    BUGS

    +

    If a BIGNUM is equal to the value of all-bits-set, it will collide +with the error condition returned by BN_get_word() which uses that +as an error value.

    +

    BN_ULONG should probably be a typedef.

    +

    +

    +
    +

    SEE ALSO

    +

    BN_bn2bin(3)

    +

    +

    +
    +

    HISTORY

    +

    In OpenSSL 0.9.8, BN_zero() was changed to not return a value; previous +versions returned an int.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/BUF_MEM_new.html b/linux_amd64/ssl/share/doc/openssl/html/man3/BUF_MEM_new.html new file mode 100755 index 0000000..fe53a30 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/BUF_MEM_new.html @@ -0,0 +1,106 @@ + + + + +BUF_MEM_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    BUF_MEM_new, BUF_MEM_new_ex, BUF_MEM_free, BUF_MEM_grow, +BUF_MEM_grow_clean, BUF_reverse +- simple character array structure

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/buffer.h>
    +
    + BUF_MEM *BUF_MEM_new(void);
    +
    + BUF_MEM *BUF_MEM_new_ex(unsigned long flags);
    +
    + void BUF_MEM_free(BUF_MEM *a);
    +
    + int BUF_MEM_grow(BUF_MEM *str, int len);
+ size_t BUF_MEM_grow_clean(BUF_MEM *str, size_t len);
    +
    + void BUF_reverse(unsigned char *out, const unsigned char *in, size_t size);
    +

    +

    +
    +

    DESCRIPTION

    +

    The buffer library handles simple character arrays. Buffers are used for +various purposes in the library, most notably memory BIOs.

    +

    BUF_MEM_new() allocates a new buffer of zero size.

    +

    BUF_MEM_new_ex() allocates a buffer with the specified flags. +The flag BUF_MEM_FLAG_SECURE specifies that the data pointer +should be allocated on the secure heap; see CRYPTO_secure_malloc(3).

    +

    BUF_MEM_free() frees up an already existing buffer. The data is zeroed +before freeing up in case the buffer contains sensitive data.

    +

    BUF_MEM_grow() changes the size of an already existing buffer to +len. Any data already in the buffer is preserved if it increases in +size.

    +

    BUF_MEM_grow_clean() is similar to BUF_MEM_grow() but it sets any free'd +or additionally-allocated memory to zero.

    +

    BUF_reverse() reverses size bytes at in into out. If in +is NULL, the array is reversed in-place.

    +

    +

    +
    +

    RETURN VALUES

    +

    BUF_MEM_new() returns the buffer or NULL on error.

    +

    BUF_MEM_free() has no return value.

    +

    BUF_MEM_grow() and BUF_MEM_grow_clean() return +zero on error or the new size (i.e., len).

    +

    +

    +
    +

    SEE ALSO

    +

    bio(7), +CRYPTO_secure_malloc(3).

    +

    +

    +
    +

    HISTORY

    +

    The BUF_MEM_new_ex() function was added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/CMS_add0_cert.html b/linux_amd64/ssl/share/doc/openssl/html/man3/CMS_add0_cert.html new file mode 100755 index 0000000..b474f87 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/CMS_add0_cert.html @@ -0,0 +1,103 @@ + + + + +CMS_add0_cert + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    CMS_add0_cert, CMS_add1_cert, CMS_get1_certs, CMS_add0_crl, CMS_add1_crl, CMS_get1_crls +- CMS certificate and CRL utility functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/cms.h>
    +
    + int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert);
+ int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert);
+ STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms);
    +
    + int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl);
+ int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl);
+ STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms);
    +

    +

    +
    +

    DESCRIPTION

    +

    CMS_add0_cert() and CMS_add1_cert() add certificate cert to cms. +must be of type signed data or enveloped data.

    +

    CMS_get1_certs() returns all certificates in cms.

    +

    CMS_add0_crl() and CMS_add1_crl() add CRL crl to cms. CMS_get1_crls() +returns any CRLs in cms.

    +

    +

    +
    +

    NOTES

    +

    The CMS_ContentInfo structure cms must be of type signed data or enveloped +data or an error will be returned.

    +

    For signed data certificates and CRLs are added to the certificates and +crls fields of SignedData structure. For enveloped data they are added to +OriginatorInfo.

    +

    As the 0 implies CMS_add0_cert() adds cert internally to cms and it +must not be freed up after the call as opposed to CMS_add1_cert() where cert +must be freed up.

    +

    The same certificate or CRL must not be added to the same cms structure more +than once.

    +

    +

    +
    +

    RETURN VALUES

    +

    CMS_add0_cert(), CMS_add1_cert() and CMS_add0_crl() and CMS_add1_crl() return +1 for success and 0 for failure.

    +

    CMS_get1_certs() and CMS_get1_crls() return the STACK of certificates or CRLs +or NULL if there are none or an error occurs. The only error which will occur +in practice is if the cms type is invalid.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), +CMS_sign(3), +CMS_encrypt(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/CMS_add1_recipient_cert.html b/linux_amd64/ssl/share/doc/openssl/html/man3/CMS_add1_recipient_cert.html new file mode 100755 index 0000000..ed09294 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/CMS_add1_recipient_cert.html @@ -0,0 +1,107 @@ + + + + +CMS_add1_recipient_cert + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    CMS_add1_recipient_cert, CMS_add0_recipient_key - add recipients to a CMS enveloped data structure

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/cms.h>
    +
    + CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
+                                            X509 *recip, unsigned int flags);
    +
    + CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
+                                           unsigned char *key, size_t keylen,
+                                           unsigned char *id, size_t idlen,
+                                           ASN1_GENERALIZEDTIME *date,
+                                           ASN1_OBJECT *otherTypeId,
+                                           ASN1_TYPE *otherType);
    +

    +

    +
    +

    DESCRIPTION

    +

    CMS_add1_recipient_cert() adds recipient recip to CMS_ContentInfo enveloped +data structure cms as a KeyTransRecipientInfo structure.

    +

    CMS_add0_recipient_key() adds symmetric key key of length keylen using +wrapping algorithm nid, identifier id of length idlen and optional +values date, otherTypeId and otherType to CMS_ContentInfo enveloped +data structure cms as a KEKRecipientInfo structure.

    +

    The CMS_ContentInfo structure should be obtained from an initial call to +CMS_encrypt() with the flag CMS_PARTIAL set.

    +

    +

    +
    +

    NOTES

    +

    The main purpose of this function is to provide finer control over a CMS +enveloped data structure where the simpler CMS_encrypt() function defaults are +not appropriate. For example if one or more KEKRecipientInfo structures +need to be added. New attributes can also be added using the returned +CMS_RecipientInfo structure and the CMS attribute utility functions.

    +

    OpenSSL will by default identify recipient certificates using issuer name +and serial number. If CMS_USE_KEYID is set it will use the subject key +identifier value instead. An error occurs if all recipient certificates do not +have a subject key identifier extension.

    +

    Currently only AES based key wrapping algorithms are supported for nid, +specifically: NID_id_aes128_wrap, NID_id_aes192_wrap and NID_id_aes256_wrap. +If nid is set to NID_undef then an AES wrap algorithm will be used +consistent with keylen.

    +

    +

    +
    +

    RETURN VALUES

    +

    CMS_add1_recipient_cert() and CMS_add0_recipient_key() return an internal +pointer to the CMS_RecipientInfo structure just added or NULL if an error +occurs.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), CMS_decrypt(3), +CMS_final(3),

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/CMS_add1_signer.html b/linux_amd64/ssl/share/doc/openssl/html/man3/CMS_add1_signer.html new file mode 100755 index 0000000..09cc0a0 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/CMS_add1_signer.html @@ -0,0 +1,134 @@ + + + + +CMS_add1_signer + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    CMS_add1_signer, CMS_SignerInfo_sign - add a signer to a CMS_ContentInfo signed data structure

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/cms.h>
    +
    + CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, X509 *signcert,
+                                 EVP_PKEY *pkey, const EVP_MD *md,
+                                 unsigned int flags);
    +
    + int CMS_SignerInfo_sign(CMS_SignerInfo *si);
    +

    +

    +
    +

    DESCRIPTION

    +

    CMS_add1_signer() adds a signer with certificate signcert and private +key pkey using message digest md to CMS_ContentInfo SignedData +structure cms.

    +

    The CMS_ContentInfo structure should be obtained from an initial call to +CMS_sign() with the flag CMS_PARTIAL set or in the case or re-signing a +valid CMS_ContentInfo SignedData structure.

    +

    If the md parameter is NULL then the default digest for the public +key algorithm will be used.

    +

    Unless the CMS_REUSE_DIGEST flag is set the returned CMS_ContentInfo +structure is not complete and must be finalized either by streaming (if +applicable) or a call to CMS_final().

    +

    The CMS_SignerInfo_sign() function will explicitly sign a CMS_SignerInfo +structure, its main use is when CMS_REUSE_DIGEST and CMS_PARTIAL flags +are both set.

    +

    +

    +
    +

    NOTES

    +

    The main purpose of CMS_add1_signer() is to provide finer control +over a CMS signed data structure where the simpler CMS_sign() function defaults +are not appropriate. For example if multiple signers or non default digest +algorithms are needed. New attributes can also be added using the returned +CMS_SignerInfo structure and the CMS attribute utility functions or the +CMS signed receipt request functions.

    +

    Any of the following flags (ored together) can be passed in the flags +parameter.

    +

    If CMS_REUSE_DIGEST is set then an attempt is made to copy the content +digest value from the CMS_ContentInfo structure: to add a signer to an existing +structure. An error occurs if a matching digest value cannot be found to copy. +The returned CMS_ContentInfo structure will be valid and finalized when this +flag is set.

    +

    If CMS_PARTIAL is set in addition to CMS_REUSE_DIGEST then the +CMS_SignerInfo structure will not be finalized so additional attributes +can be added. In this case an explicit call to CMS_SignerInfo_sign() is +needed to finalize it.

    +

    If CMS_NOCERTS is set the signer's certificate will not be included in the +CMS_ContentInfo structure, the signer's certificate must still be supplied in +the signcert parameter though. This can reduce the size of the signature if +the signers certificate can be obtained by other means: for example a +previously signed message.

    +

    The SignedData structure includes several CMS signedAttributes including the +signing time, the CMS content type and the supported list of ciphers in an +SMIMECapabilities attribute. If CMS_NOATTR is set then no signedAttributes +will be used. If CMS_NOSMIMECAP is set then just the SMIMECapabilities are +omitted.

    +

    OpenSSL will by default identify signing certificates using issuer name +and serial number. If CMS_USE_KEYID is set it will use the subject key +identifier value instead. An error occurs if the signing certificate does not +have a subject key identifier extension.

    +

    If present the SMIMECapabilities attribute indicates support for the following +algorithms in preference order: 256 bit AES, Gost R3411-94, Gost 28147-89, 192 +bit AES, 128 bit AES, triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2. +If any of these algorithms is not available then it will not be included: for example the GOST algorithms will not be included if the GOST ENGINE is +not loaded.

    +

    CMS_add1_signer() returns an internal pointer to the CMS_SignerInfo +structure just added, this can be used to set additional attributes +before it is finalized.

    +

    +

    +
    +

    RETURN VALUES

    +

    CMS_add1_signer() returns an internal pointer to the CMS_SignerInfo +structure just added or NULL if an error occurs.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), CMS_sign(3), +CMS_final(3),

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/CMS_compress.html b/linux_amd64/ssl/share/doc/openssl/html/man3/CMS_compress.html new file mode 100755 index 0000000..f0fea0a --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/CMS_compress.html @@ -0,0 +1,107 @@ + + + + +CMS_compress + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    CMS_compress - create a CMS CompressedData structure

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/cms.h>
    +
    + CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags);
    +

    +

    +
    +

    DESCRIPTION

    +

    CMS_compress() creates and returns a CMS CompressedData structure. comp_nid +is the compression algorithm to use or NID_undef to use the default +algorithm (zlib compression). in is the content to be compressed. +flags is an optional set of flags.

    +

    The only currently supported compression algorithm is zlib using the NID +NID_zlib_compression.

    +

    If zlib support is not compiled into OpenSSL then CMS_compress() will return +an error.

    +

    If the CMS_TEXT flag is set MIME headers for type text/plain are +prepended to the data.

    +

    Normally the supplied content is translated into MIME canonical format (as +required by the S/MIME specifications) if CMS_BINARY is set no translation +occurs. This option should be used if the supplied data is in binary format +otherwise the translation will corrupt it. If CMS_BINARY is set then +CMS_TEXT is ignored.

    +

    If the CMS_STREAM flag is set a partial CMS_ContentInfo structure is +returned suitable for streaming I/O: no data is read from the BIO in.

    +

    The compressed data is included in the CMS_ContentInfo structure, unless +CMS_DETACHED is set in which case it is omitted. This is rarely used in +practice and is not supported by SMIME_write_CMS().

    +

    If the flag CMS_STREAM is set the returned CMS_ContentInfo structure is +not complete and outputting its contents via a function that does not +properly finalize the CMS_ContentInfo structure will give unpredictable +results.

    +

    Several functions including SMIME_write_CMS(), i2d_CMS_bio_stream(), +PEM_write_bio_CMS_stream() finalize the structure. Alternatively finalization +can be performed by obtaining the streaming ASN1 BIO directly using +BIO_new_CMS().

    +

    Additional compression parameters such as the zlib compression level cannot +currently be set.

    +

    +

    +
    +

    RETURN VALUES

    +

    CMS_compress() returns either a CMS_ContentInfo structure or NULL if an error +occurred. The error can be obtained from ERR_get_error(3).

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), CMS_uncompress(3)

    +

    +

    +
    +

    HISTORY

    +

    The CMS_STREAM flag was added in OpenSSL 1.0.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/CMS_decrypt.html b/linux_amd64/ssl/share/doc/openssl/html/man3/CMS_decrypt.html new file mode 100755 index 0000000..684780f --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/CMS_decrypt.html @@ -0,0 +1,117 @@ + + + + +CMS_decrypt + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    CMS_decrypt - decrypt content from a CMS envelopedData structure

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/cms.h>
    +
    + int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
+                 BIO *dcont, BIO *out, unsigned int flags);
    +

    +

    +
    +

    DESCRIPTION

    +

    CMS_decrypt() extracts and decrypts the content from a CMS EnvelopedData +structure. pkey is the private key of the recipient, cert is the +recipient's certificate, out is a BIO to write the content to and +flags is an optional set of flags.

    +

    The dcont parameter is used in the rare case where the encrypted content +is detached. It will normally be set to NULL.

    +

    +

    +
    +

    NOTES

    +

    Although the recipients certificate is not needed to decrypt the data it is +needed to locate the appropriate (of possible several) recipients in the CMS +structure.

    +

    If cert is set to NULL all possible recipients are tried. This case however +is problematic. To thwart the MMA attack (Bleichenbacher's attack on +PKCS #1 v1.5 RSA padding) all recipients are tried whether they succeed or +not. If no recipient succeeds then a random symmetric key is used to decrypt +the content: this will typically output garbage and may (but is not guaranteed +to) ultimately return a padding error only. If CMS_decrypt() just returned an +error when all recipient encrypted keys failed to decrypt an attacker could +use this in a timing attack. If the special flag CMS_DEBUG_DECRYPT is set +then the above behaviour is modified and an error is returned if no +recipient encrypted key can be decrypted without generating a random +content encryption key. Applications should use this flag with +extreme caution especially in automated gateways as it can leave them +open to attack.

    +

    It is possible to determine the correct recipient key by other means (for +example looking them up in a database) and setting them in the CMS structure +in advance using the CMS utility functions such as CMS_set1_pkey(). In this +case both cert and pkey should be set to NULL.

    +

    To process KEKRecipientInfo types CMS_set1_key() or CMS_RecipientInfo_set0_key() +and CMS_RecipientInfo_decrypt() should be called before CMS_decrypt() and +cert and pkey set to NULL.

    +

    The following flags can be passed in the flags parameter.

    +

    If the CMS_TEXT flag is set MIME headers for type text/plain are deleted +from the content. If the content is not of type text/plain then an error is +returned.

    +

    +

    +
    +

    RETURN VALUES

    +

    CMS_decrypt() returns either 1 for success or 0 for failure. +The error can be obtained from ERR_get_error(3)

    +

    +

    +
    +

    BUGS

    +

    The lack of single pass processing and the need to hold all data in memory as +mentioned in CMS_verify() also applies to CMS_decrypt().

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), CMS_encrypt(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/CMS_encrypt.html b/linux_amd64/ssl/share/doc/openssl/html/man3/CMS_encrypt.html new file mode 100755 index 0000000..2e7ef5d --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/CMS_encrypt.html @@ -0,0 +1,124 @@ + + + + +CMS_encrypt + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    CMS_encrypt - create a CMS envelopedData structure

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/cms.h>
    +
    + CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
+                              const EVP_CIPHER *cipher, unsigned int flags);
    +

    +

    +
    +

    DESCRIPTION

    +

    CMS_encrypt() creates and returns a CMS EnvelopedData structure. certs +is a list of recipient certificates. in is the content to be encrypted. +cipher is the symmetric cipher to use. flags is an optional set of flags.

    +

    Only certificates carrying RSA, Diffie-Hellman or EC keys are supported by this +function.

    +

    EVP_des_ede3_cbc() (triple DES) is the algorithm of choice for S/MIME use +because most clients will support it.

    +

    The algorithm passed in the cipher parameter must support ASN1 encoding of +its parameters.

    +

    Many browsers implement a "sign and encrypt" option which is simply an S/MIME +envelopedData containing an S/MIME signed message. This can be readily produced +by storing the S/MIME signed message in a memory BIO and passing it to +CMS_encrypt().

    +

    The following flags can be passed in the flags parameter.

    +

    If the CMS_TEXT flag is set MIME headers for type text/plain are +prepended to the data.

    +

    Normally the supplied content is translated into MIME canonical format (as +required by the S/MIME specifications) if CMS_BINARY is set no translation +occurs. This option should be used if the supplied data is in binary format +otherwise the translation will corrupt it. If CMS_BINARY is set then +CMS_TEXT is ignored.

    +

    OpenSSL will by default identify recipient certificates using issuer name +and serial number. If CMS_USE_KEYID is set it will use the subject key +identifier value instead. An error occurs if all recipient certificates do not +have a subject key identifier extension.

    +

    If the CMS_STREAM flag is set a partial CMS_ContentInfo structure is +returned suitable for streaming I/O: no data is read from the BIO in.

    +

    If the CMS_PARTIAL flag is set a partial CMS_ContentInfo structure is +returned to which additional recipients and attributes can be added before +finalization.

    +

    The data being encrypted is included in the CMS_ContentInfo structure, unless +CMS_DETACHED is set in which case it is omitted. This is rarely used in +practice and is not supported by SMIME_write_CMS().

    +

    If the flag CMS_STREAM is set the returned CMS_ContentInfo structure is +not complete and outputting its contents via a function that does not +properly finalize the CMS_ContentInfo structure will give unpredictable +results.

    +

    Several functions including SMIME_write_CMS(), i2d_CMS_bio_stream(), +PEM_write_bio_CMS_stream() finalize the structure. Alternatively finalization +can be performed by obtaining the streaming ASN1 BIO directly using +BIO_new_CMS().

    +

    The recipients specified in certs use a CMS KeyTransRecipientInfo info +structure. KEKRecipientInfo is also supported using the flag CMS_PARTIAL +and CMS_add0_recipient_key().

    +

    The parameter certs may be NULL if CMS_PARTIAL is set and recipients +added later using CMS_add1_recipient_cert() or CMS_add0_recipient_key().

    +

    +

    +
    +

    RETURN VALUES

    +

    CMS_encrypt() returns either a CMS_ContentInfo structure or NULL if an error +occurred. The error can be obtained from ERR_get_error(3).

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), CMS_decrypt(3)

    +

    +

    +
    +

    HISTORY

    +

    The CMS_STREAM flag was first supported in OpenSSL 1.0.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/CMS_final.html b/linux_amd64/ssl/share/doc/openssl/html/man3/CMS_final.html new file mode 100755 index 0000000..c2e00c5 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/CMS_final.html @@ -0,0 +1,85 @@ + + + + +CMS_final + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    CMS_final - finalise a CMS_ContentInfo structure

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/cms.h>
    +
    + int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags);
    +

    +

    +
    +

    DESCRIPTION

    +

    CMS_final() finalises the structure cms. Its purpose is to perform any +operations necessary on cms (digest computation for example) and set the +appropriate fields. The parameter data contains the content to be +processed. The dcont parameter contains a BIO to write content to after +processing: this is only used with detached data and will usually be set to +NULL.

    +

    +

    +
    +

    NOTES

    +

    This function will normally be called when the CMS_PARTIAL flag is used. It +should only be used when streaming is not performed because the streaming +I/O functions perform finalisation operations internally.

    +

    +

    +
    +

    RETURN VALUES

    +

    CMS_final() returns 1 for success or 0 for failure.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), CMS_sign(3), +CMS_encrypt(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/CMS_get0_RecipientInfos.html b/linux_amd64/ssl/share/doc/openssl/html/man3/CMS_get0_RecipientInfos.html new file mode 100755 index 0000000..e6e30d2 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/CMS_get0_RecipientInfos.html @@ -0,0 +1,164 @@ + + + + +CMS_get0_RecipientInfos + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    CMS_get0_RecipientInfos, CMS_RecipientInfo_type, +CMS_RecipientInfo_ktri_get0_signer_id, CMS_RecipientInfo_ktri_cert_cmp, +CMS_RecipientInfo_set0_pkey, CMS_RecipientInfo_kekri_get0_id, +CMS_RecipientInfo_kekri_id_cmp, CMS_RecipientInfo_set0_key, +CMS_RecipientInfo_decrypt, CMS_RecipientInfo_encrypt +- CMS envelopedData RecipientInfo routines

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/cms.h>
    +
    + STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms);
+ int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
    +
    + int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
+                                           ASN1_OCTET_STRING **keyid,
+                                           X509_NAME **issuer,
+                                           ASN1_INTEGER **sno);
+ int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert);
+ int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey);
    +
    + int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, X509_ALGOR **palg,
+                                     ASN1_OCTET_STRING **pid,
+                                     ASN1_GENERALIZEDTIME **pdate,
+                                     ASN1_OBJECT **potherid,
+                                     ASN1_TYPE **pothertype);
+ int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri,
+                                    const unsigned char *id, size_t idlen);
+ int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri,
+                                unsigned char *key, size_t keylen);
    +
    + int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri);
+ int CMS_RecipientInfo_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri);
    +

    +

    +
    +

    DESCRIPTION

    +

    The function CMS_get0_RecipientInfos() returns all the CMS_RecipientInfo +structures associated with a CMS EnvelopedData structure.

    +

    CMS_RecipientInfo_type() returns the type of CMS_RecipientInfo structure ri. +It will currently return CMS_RECIPINFO_TRANS, CMS_RECIPINFO_AGREE, +CMS_RECIPINFO_KEK, CMS_RECIPINFO_PASS, or CMS_RECIPINFO_OTHER.

    +

    CMS_RecipientInfo_ktri_get0_signer_id() retrieves the certificate recipient +identifier associated with a specific CMS_RecipientInfo structure ri, which +must be of type CMS_RECIPINFO_TRANS. Either the keyidentifier will be set in +keyid or both issuer name and serial number in issuer and sno.

    +

    CMS_RecipientInfo_ktri_cert_cmp() compares the certificate cert against the +CMS_RecipientInfo structure ri, which must be of type CMS_RECIPINFO_TRANS. +It returns zero if the comparison is successful and non zero if not.

    +

    CMS_RecipientInfo_set0_pkey() associates the private key pkey with +the CMS_RecipientInfo structure ri, which must be of type +CMS_RECIPINFO_TRANS.

    +

    CMS_RecipientInfo_kekri_get0_id() retrieves the key information from the +CMS_RecipientInfo structure ri which must be of type CMS_RECIPINFO_KEK. Any +of the remaining parameters can be NULL if the application is not interested in +the value of a field. Where a field is optional and absent NULL will be written +to the corresponding parameter. The keyEncryptionAlgorithm field is written to +palg, the keyIdentifier field is written to pid, the date field if +present is written to pdate, if the other field is present the components +keyAttrId and keyAttr are written to parameters potherid and +pothertype.

    +

    CMS_RecipientInfo_kekri_id_cmp() compares the ID in the id and idlen +parameters against the keyIdentifier CMS_RecipientInfo structure ri, +which must be of type CMS_RECIPINFO_KEK. It returns zero if the comparison is +successful and non zero if not.

    +

    CMS_RecipientInfo_set0_key() associates the symmetric key key of length +keylen with the CMS_RecipientInfo structure ri, which must be of type +CMS_RECIPINFO_KEK.

    +

    CMS_RecipientInfo_decrypt() attempts to decrypt CMS_RecipientInfo structure +ri in structure cms. A key must have been associated with the structure +first.

    +

    CMS_RecipientInfo_encrypt() attempts to encrypt CMS_RecipientInfo structure +ri in structure cms. A key must have been associated with the structure +first and the content encryption key must be available: for example by a +previous call to CMS_RecipientInfo_decrypt().

    +

    +

    +
    +

    NOTES

    +

    The main purpose of these functions is to enable an application to lookup +recipient keys using any appropriate technique when the simpler method +of CMS_decrypt() is not appropriate.

    +

    In typical usage and application will retrieve all CMS_RecipientInfo structures +using CMS_get0_RecipientInfos() and check the type of each using +CMS_RecipientInfo_type(). Depending on the type the CMS_RecipientInfo structure +can be ignored or its key identifier data retrieved using an appropriate +function. Then if the corresponding secret or private key can be obtained by +any appropriate means it can then associated with the structure and +CMS_RecipientInfo_decrypt() called. If successful CMS_decrypt() can be called +with a NULL key to decrypt the enveloped content.

    +

    The CMS_RecipientInfo_encrypt() can be used to add a new recipient to an +existing enveloped data structure. Typically an application will first decrypt +an appropriate CMS_RecipientInfo structure to make the content encrypt key +available, it will then add a new recipient using a function such as +CMS_add1_recipient_cert() and finally encrypt the content encryption key +using CMS_RecipientInfo_encrypt().

    +

    +

    +
    +

    RETURN VALUES

    +

    CMS_get0_RecipientInfos() returns all CMS_RecipientInfo structures, or NULL if +an error occurs.

    +

    CMS_RecipientInfo_ktri_get0_signer_id(), CMS_RecipientInfo_set0_pkey(), +CMS_RecipientInfo_kekri_get0_id(), CMS_RecipientInfo_set0_key() and +CMS_RecipientInfo_decrypt() return 1 for success or 0 if an error occurs. +CMS_RecipientInfo_encrypt() return 1 for success or 0 if an error occurs.

    +

    CMS_RecipientInfo_ktri_cert_cmp() and CMS_RecipientInfo_kekri_cmp() return 0 +for a successful comparison and non zero otherwise.

    +

    Any error can be obtained from ERR_get_error(3).

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), CMS_decrypt(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/CMS_get0_SignerInfos.html b/linux_amd64/ssl/share/doc/openssl/html/man3/CMS_get0_SignerInfos.html new file mode 100755 index 0000000..e3691e5 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/CMS_get0_SignerInfos.html @@ -0,0 +1,118 @@ + + + + +CMS_get0_SignerInfos + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    CMS_SignerInfo_set1_signer_cert, +CMS_get0_SignerInfos, CMS_SignerInfo_get0_signer_id, +CMS_SignerInfo_get0_signature, CMS_SignerInfo_cert_cmp +- CMS signedData signer functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/cms.h>
    +
    + STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms);
    +
    + int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, ASN1_OCTET_STRING **keyid,
+                                   X509_NAME **issuer, ASN1_INTEGER **sno);
+ ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si);
+ int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert);
+ void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer);
    +

    +

    +
    +

    DESCRIPTION

    +

    The function CMS_get0_SignerInfos() returns all the CMS_SignerInfo structures +associated with a CMS signedData structure.

    +

    CMS_SignerInfo_get0_signer_id() retrieves the certificate signer identifier +associated with a specific CMS_SignerInfo structure si. Either the +keyidentifier will be set in keyid or both issuer name and serial number +in issuer and sno.

    +

    CMS_SignerInfo_get0_signature() retrieves the signature associated with +si in a pointer to an ASN1_OCTET_STRING structure. This pointer returned +corresponds to the internal signature value if si so it may be read or +modified.

    +

    CMS_SignerInfo_cert_cmp() compares the certificate cert against the signer +identifier si. It returns zero if the comparison is successful and non zero +if not.

    +

    CMS_SignerInfo_set1_signer_cert() sets the signers certificate of si to +signer.

    +

    +

    +
    +

    NOTES

    +

    The main purpose of these functions is to enable an application to lookup +signers certificates using any appropriate technique when the simpler method +of CMS_verify() is not appropriate.

    +

    In typical usage and application will retrieve all CMS_SignerInfo structures +using CMS_get0_SignerInfo() and retrieve the identifier information using +CMS. It will then obtain the signer certificate by some unspecified means +(or return and error if it cannot be found) and set it using +CMS_SignerInfo_set1_signer_cert().

    +

    Once all signer certificates have been set CMS_verify() can be used.

    +

    Although CMS_get0_SignerInfos() can return NULL if an error occurs or if +there are no signers this is not a problem in practice because the only +error which can occur is if the cms structure is not of type signedData +due to application error.

    +

    +

    +
    +

    RETURN VALUES

    +

    CMS_get0_SignerInfos() returns all CMS_SignerInfo structures, or NULL there +are no signers or an error occurs.

    +

    CMS_SignerInfo_get0_signer_id() returns 1 for success and 0 for failure.

    +

    CMS_SignerInfo_cert_cmp() returns 0 for a successful comparison and non +zero otherwise.

    +

    CMS_SignerInfo_set1_signer_cert() does not return a value.

    +

    Any error can be obtained from ERR_get_error(3)

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), CMS_verify(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/CMS_get0_type.html b/linux_amd64/ssl/share/doc/openssl/html/man3/CMS_get0_type.html new file mode 100755 index 0000000..f14d8d2 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/CMS_get0_type.html @@ -0,0 +1,115 @@ + + + + +CMS_get0_type + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    CMS_get0_type, CMS_set1_eContentType, CMS_get0_eContentType, CMS_get0_content - get and set CMS content types and content

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/cms.h>
    +
    + const ASN1_OBJECT *CMS_get0_type(const CMS_ContentInfo *cms);
+ int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid);
+ const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms);
+ ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms);
    +

    +

    +
    +

    DESCRIPTION

    +

    CMS_get0_type() returns the content type of a CMS_ContentInfo structure as +an ASN1_OBJECT pointer. An application can then decide how to process the +CMS_ContentInfo structure based on this value.

    +

    CMS_set1_eContentType() sets the embedded content type of a CMS_ContentInfo +structure. It should be called with CMS functions (such as CMS_sign(3), +CMS_encrypt(3)) +with the CMS_PARTIAL +flag and before the structure is finalised, otherwise the results are +undefined.

    +

    ASN1_OBJECT *CMS_get0_eContentType() returns a pointer to the embedded +content type.

    +

    CMS_get0_content() returns a pointer to the ASN1_OCTET_STRING pointer +containing the embedded content.

    +

    +

    +
    +

    NOTES

    +

    As the 0 implies CMS_get0_type(), CMS_get0_eContentType() and +CMS_get0_content() return internal pointers which should not be freed up. +CMS_set1_eContentType() copies the supplied OID and it should be freed up +after use.

    +

    The ASN1_OBJECT values returned can be converted to an integer NID value +using OBJ_obj2nid(). For the currently supported content types the following +values are returned:

    +
    + NID_pkcs7_data
+ NID_pkcs7_signed
+ NID_pkcs7_digest
+ NID_id_smime_ct_compressedData:
+ NID_pkcs7_encrypted
+ NID_pkcs7_enveloped
    +

    The return value of CMS_get0_content() is a pointer to the ASN1_OCTET_STRING +content pointer. That means that for example:

    +
    + ASN1_OCTET_STRING **pconf = CMS_get0_content(cms);
    +

    *pconf could be NULL if there is no embedded content. Applications can +access, modify or create the embedded content in a CMS_ContentInfo structure +using this function. Applications usually will not need to modify the +embedded content as it is normally set by higher level functions.

    +

    +

    +
    +

    RETURN VALUES

    +

    CMS_get0_type() and CMS_get0_eContentType() return an ASN1_OBJECT structure.

    +

    CMS_set1_eContentType() returns 1 for success or 0 if an error occurred. The +error can be obtained from ERR_get_error(3).

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/CMS_get1_ReceiptRequest.html b/linux_amd64/ssl/share/doc/openssl/html/man3/CMS_get1_ReceiptRequest.html new file mode 100755 index 0000000..a815a28 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/CMS_get1_ReceiptRequest.html @@ -0,0 +1,111 @@ + + + + +CMS_get1_ReceiptRequest + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    CMS_ReceiptRequest_create0, CMS_add1_ReceiptRequest, CMS_get1_ReceiptRequest, CMS_ReceiptRequest_get0_values - CMS signed receipt request functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/cms.h>
    +
    + CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
+                                                int allorfirst,
+                                                STACK_OF(GENERAL_NAMES) *receiptList,
+                                                STACK_OF(GENERAL_NAMES) *receiptsTo);
+ int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
+ int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr);
+ void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, ASN1_STRING **pcid,
+                                     int *pallorfirst,
+                                     STACK_OF(GENERAL_NAMES) **plist,
+                                     STACK_OF(GENERAL_NAMES) **prto);
    +

    +

    +
    +

    DESCRIPTION

    +

    CMS_ReceiptRequest_create0() creates a signed receipt request structure. The +signedContentIdentifier field is set using id and idlen, or it is set +to 32 bytes of pseudo random data if id is NULL. If receiptList is NULL +the allOrFirstTier option in receiptsFrom is used and set to the value of +the allorfirst parameter. If receiptList is not NULL the receiptList +option in receiptsFrom is used. The receiptsTo parameter specifies the +receiptsTo field value.

    +

    The CMS_add1_ReceiptRequest() function adds a signed receipt request rr +to SignerInfo structure si.

    +

    int CMS_get1_ReceiptRequest() looks for a signed receipt request in si, if +any is found it is decoded and written to prr.

    +

    CMS_ReceiptRequest_get0_values() retrieves the values of a receipt request. +The signedContentIdentifier is copied to pcid. If the allOrFirstTier +option of receiptsFrom is used its value is copied to pallorfirst +otherwise the receiptList field is copied to plist. The receiptsTo +parameter is copied to prto.

    +

    +

    +
    +

    NOTES

    +

    For more details of the meaning of the fields see RFC2634.

    +

    The contents of a signed receipt should only be considered meaningful if the +corresponding CMS_ContentInfo structure can be successfully verified using +CMS_verify().

    +

    +

    +
    +

    RETURN VALUES

    +

    CMS_ReceiptRequest_create0() returns a signed receipt request structure or +NULL if an error occurred.

    +

    CMS_add1_ReceiptRequest() returns 1 for success or 0 if an error occurred.

    +

    CMS_get1_ReceiptRequest() returns 1 is a signed receipt request is found and +decoded. It returns 0 if a signed receipt request is not present and -1 if +it is present but malformed.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), CMS_sign(3), +CMS_sign_receipt(3), CMS_verify(3) +CMS_verify_receipt(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/CMS_sign.html b/linux_amd64/ssl/share/doc/openssl/html/man3/CMS_sign.html new file mode 100755 index 0000000..b979827 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/CMS_sign.html @@ -0,0 +1,156 @@ + + + + +CMS_sign + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    CMS_sign - create a CMS SignedData structure

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/cms.h>
    +
    + CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
+                           BIO *data, unsigned int flags);
    +

    +

    +
    +

    DESCRIPTION

    +

    CMS_sign() creates and returns a CMS SignedData structure. signcert is +the certificate to sign with, pkey is the corresponding private key. +certs is an optional additional set of certificates to include in the CMS +structure (for example any intermediate CAs in the chain). Any or all of +these parameters can be NULL, see NOTES below.

    +

    The data to be signed is read from BIO data.

    +

    flags is an optional set of flags.

    +

    +

    +
    +

    NOTES

    +

    Any of the following flags (ored together) can be passed in the flags +parameter.

    +

    Many S/MIME clients expect the signed content to include valid MIME headers. If +the CMS_TEXT flag is set MIME headers for type text/plain are prepended +to the data.

    +

    If CMS_NOCERTS is set the signer's certificate will not be included in the +CMS_ContentInfo structure, the signer's certificate must still be supplied in +the signcert parameter though. This can reduce the size of the signature if +the signers certificate can be obtained by other means: for example a +previously signed message.

    +

    The data being signed is included in the CMS_ContentInfo structure, unless +CMS_DETACHED is set in which case it is omitted. This is used for +CMS_ContentInfo detached signatures which are used in S/MIME plaintext signed +messages for example.

    +

    Normally the supplied content is translated into MIME canonical format (as +required by the S/MIME specifications) if CMS_BINARY is set no translation +occurs. This option should be used if the supplied data is in binary format +otherwise the translation will corrupt it.

    +

    The SignedData structure includes several CMS signedAttributes including the +signing time, the CMS content type and the supported list of ciphers in an +SMIMECapabilities attribute. If CMS_NOATTR is set then no signedAttributes +will be used. If CMS_NOSMIMECAP is set then just the SMIMECapabilities are +omitted.

    +

    If present the SMIMECapabilities attribute indicates support for the following +algorithms in preference order: 256 bit AES, Gost R3411-94, Gost 28147-89, 192 +bit AES, 128 bit AES, triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2. +If any of these algorithms is not available then it will not be included: for example the GOST algorithms will not be included if the GOST ENGINE is +not loaded.

    +

    OpenSSL will by default identify signing certificates using issuer name +and serial number. If CMS_USE_KEYID is set it will use the subject key +identifier value instead. An error occurs if the signing certificate does not +have a subject key identifier extension.

    +

    If the flags CMS_STREAM is set then the returned CMS_ContentInfo +structure is just initialized ready to perform the signing operation. The +signing is however not performed and the data to be signed is not read from +the data parameter. Signing is deferred until after the data has been +written. In this way data can be signed in a single pass.

    +

    If the CMS_PARTIAL flag is set a partial CMS_ContentInfo structure is +output to which additional signers and capabilities can be added before +finalization.

    +

    If the flag CMS_STREAM is set the returned CMS_ContentInfo structure is +not complete and outputting its contents via a function that does not +properly finalize the CMS_ContentInfo structure will give unpredictable +results.

    +

    Several functions including SMIME_write_CMS(), i2d_CMS_bio_stream(), +PEM_write_bio_CMS_stream() finalize the structure. Alternatively finalization +can be performed by obtaining the streaming ASN1 BIO directly using +BIO_new_CMS().

    +

    If a signer is specified it will use the default digest for the signing +algorithm. This is SHA1 for both RSA and DSA keys.

    +

    If signcert and pkey are NULL then a certificates only CMS structure is +output.

    +

    The function CMS_sign() is a basic CMS signing function whose output will be +suitable for many purposes. For finer control of the output format the +certs, signcert and pkey parameters can all be NULL and the +CMS_PARTIAL flag set. Then one or more signers can be added using the +function CMS_sign_add1_signer(), non default digests can be used and custom +attributes added. CMS_final() must then be called to finalize the +structure if streaming is not enabled.

    +

    +

    +
    +

    BUGS

    +

    Some attributes such as counter signatures are not supported.

    +

    +

    +
    +

    RETURN VALUES

    +

    CMS_sign() returns either a valid CMS_ContentInfo structure or NULL if an error +occurred. The error can be obtained from ERR_get_error(3).

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), CMS_verify(3)

    +

    +

    +
    +

    HISTORY

    +

    The CMS_STREAM flag is only supported for detached data in OpenSSL 0.9.8, +it is supported for embedded data in OpenSSL 1.0.0 and later.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/CMS_sign_receipt.html b/linux_amd64/ssl/share/doc/openssl/html/man3/CMS_sign_receipt.html new file mode 100755 index 0000000..48710b9 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/CMS_sign_receipt.html @@ -0,0 +1,90 @@ + + + + +CMS_sign_receipt + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    CMS_sign_receipt - create a CMS signed receipt

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/cms.h>
    +
    + CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, X509 *signcert,
+                                   EVP_PKEY *pkey, STACK_OF(X509) *certs,
+                                   unsigned int flags);
    +

    +

    +
    +

    DESCRIPTION

    +

    CMS_sign_receipt() creates and returns a CMS signed receipt structure. si is +the CMS_SignerInfo structure containing the signed receipt request. +signcert is the certificate to sign with, pkey is the corresponding +private key. certs is an optional additional set of certificates to include +in the CMS structure (for example any intermediate CAs in the chain).

    +

    flags is an optional set of flags.

    +

    +

    +
    +

    NOTES

    +

    This functions behaves in a similar way to CMS_sign() except the flag values +CMS_DETACHED, CMS_BINARY, CMS_NOATTR, CMS_TEXT and CMS_STREAM +are not supported since they do not make sense in the context of signed +receipts.

    +

    +

    +
    +

    RETURN VALUES

    +

    CMS_sign_receipt() returns either a valid CMS_ContentInfo structure or NULL if +an error occurred. The error can be obtained from ERR_get_error(3).

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), +CMS_verify_receipt(3), +CMS_sign(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/CMS_uncompress.html b/linux_amd64/ssl/share/doc/openssl/html/man3/CMS_uncompress.html new file mode 100755 index 0000000..04cb362 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/CMS_uncompress.html @@ -0,0 +1,96 @@ + + + + +CMS_uncompress + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    CMS_uncompress - uncompress a CMS CompressedData structure

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/cms.h>
    +
    + int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, unsigned int flags);
    +

    +

    +
    +

    DESCRIPTION

    +

    CMS_uncompress() extracts and uncompresses the content from a CMS +CompressedData structure cms. data is a BIO to write the content to and +flags is an optional set of flags.

    +

    The dcont parameter is used in the rare case where the compressed content +is detached. It will normally be set to NULL.

    +

    +

    +
    +

    NOTES

    +

    The only currently supported compression algorithm is zlib: if the structure +indicates the use of any other algorithm an error is returned.

    +

    If zlib support is not compiled into OpenSSL then CMS_uncompress() will always +return an error.

    +

    The following flags can be passed in the flags parameter.

    +

    If the CMS_TEXT flag is set MIME headers for type text/plain are deleted +from the content. If the content is not of type text/plain then an error is +returned.

    +

    +

    +
    +

    RETURN VALUES

    +

    CMS_uncompress() returns either 1 for success or 0 for failure. The error can +be obtained from ERR_get_error(3)

    +

    +

    +
    +

    BUGS

    +

    The lack of single pass processing and the need to hold all data in memory as +mentioned in CMS_verify() also applies to CMS_decompress().

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), CMS_compress(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/CMS_verify.html b/linux_amd64/ssl/share/doc/openssl/html/man3/CMS_verify.html new file mode 100755 index 0000000..2e67e51 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/CMS_verify.html @@ -0,0 +1,155 @@ + + + + +CMS_verify + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    CMS_verify, CMS_get0_signers - verify a CMS SignedData structure

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/cms.h>
    +
    + int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, X509_STORE *store,
+                BIO *indata, BIO *out, unsigned int flags);
    +
    + STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms);
    +

    +

    +
    +

    DESCRIPTION

    +

    CMS_verify() verifies a CMS SignedData structure. cms is the CMS_ContentInfo +structure to verify. certs is a set of certificates in which to search for +the signing certificate(s). store is a trusted certificate store used for +chain verification. indata is the detached content if the content is not +present in cms. The content is written to out if it is not NULL.

    +

    flags is an optional set of flags, which can be used to modify the verify +operation.

    +

    CMS_get0_signers() retrieves the signing certificate(s) from cms, it must +be called after a successful CMS_verify() operation.

    +

    +

    +
    +

    VERIFY PROCESS

    +

    Normally the verify process proceeds as follows.

    +

    Initially some sanity checks are performed on cms. The type of cms must +be SignedData. There must be at least one signature on the data and if +the content is detached indata cannot be NULL.

    +

    An attempt is made to locate all the signing certificate(s), first looking in +the certs parameter (if it is not NULL) and then looking in any +certificates contained in the cms structure itself. If any signing +certificate cannot be located the operation fails.

    +

    Each signing certificate is chain verified using the smimesign purpose and +the supplied trusted certificate store. Any internal certificates in the message +are used as untrusted CAs. If CRL checking is enabled in store any internal +CRLs are used in addition to attempting to look them up in store. If any +chain verify fails an error code is returned.

    +

    Finally the signed content is read (and written to out if it is not NULL) +and the signature's checked.

    +

    If all signature's verify correctly then the function is successful.

    +

    Any of the following flags (ored together) can be passed in the flags +parameter to change the default verify behaviour.

    +

    If CMS_NOINTERN is set the certificates in the message itself are not +searched when locating the signing certificate(s). This means that all the +signing certificates must be in the certs parameter.

    +

    If CMS_NOCRL is set and CRL checking is enabled in store then any +CRLs in the message itself are ignored.

    +

    If the CMS_TEXT flag is set MIME headers for type text/plain are deleted +from the content. If the content is not of type text/plain then an error is +returned.

    +

    If CMS_NO_SIGNER_CERT_VERIFY is set the signing certificates are not +verified.

    +

    If CMS_NO_ATTR_VERIFY is set the signed attributes signature is not +verified.

    +

    If CMS_NO_CONTENT_VERIFY is set then the content digest is not checked.

    +

    +

    +
    +

    NOTES

    +

    One application of CMS_NOINTERN is to only accept messages signed by +a small number of certificates. The acceptable certificates would be passed +in the certs parameter. In this case if the signer is not one of the +certificates supplied in certs then the verify will fail because the +signer cannot be found.

    +

    In some cases the standard techniques for looking up and validating +certificates are not appropriate: for example an application may wish to +lookup certificates in a database or perform customised verification. This +can be achieved by setting and verifying the signers certificates manually +using the signed data utility functions.

    +

    Care should be taken when modifying the default verify behaviour, for example +setting CMS_NO_CONTENT_VERIFY will totally disable all content verification +and any modified content will be considered valid. This combination is however +useful if one merely wishes to write the content to out and its validity +is not considered important.

    +

    Chain verification should arguably be performed using the signing time rather +than the current time. However since the signing time is supplied by the +signer it cannot be trusted without additional evidence (such as a trusted +timestamp).

    +

    +

    +
    +

    RETURN VALUES

    +

    CMS_verify() returns 1 for a successful verification and zero if an error +occurred.

    +

    CMS_get0_signers() returns all signers or NULL if an error occurred.

    +

    The error can be obtained from ERR_get_error(3)

    +

    +

    +
    +

    BUGS

    +

    The trusted certificate store is not searched for the signing certificate, +this is primarily due to the inadequacies of the current X509_STORE +functionality.

    +

    The lack of single pass processing means that the signed content must all +be held in memory if it is not detached.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), CMS_sign(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/CMS_verify_receipt.html b/linux_amd64/ssl/share/doc/openssl/html/man3/CMS_verify_receipt.html new file mode 100755 index 0000000..3d6207c --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/CMS_verify_receipt.html @@ -0,0 +1,91 @@ + + + + +CMS_verify_receipt + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    CMS_verify_receipt - verify a CMS signed receipt

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/cms.h>
    +
    + int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms,
+                        STACK_OF(X509) *certs, X509_STORE *store,
+                        unsigned int flags);
    +

    +

    +
    +

    DESCRIPTION

    +

    CMS_verify_receipt() verifies a CMS signed receipt. rcms is the signed +receipt to verify. ocms is the original SignedData structure containing the +receipt request. certs is a set of certificates in which to search for the +signing certificate. store is a trusted certificate store (used for chain +verification).

    +

    flags is an optional set of flags, which can be used to modify the verify +operation.

    +

    +

    +
    +

    NOTES

    +

    This functions behaves in a similar way to CMS_verify() except the flag values +CMS_DETACHED, CMS_BINARY, CMS_TEXT and CMS_STREAM are not +supported since they do not make sense in the context of signed receipts.

    +

    +

    +
    +

    RETURN VALUES

    +

    CMS_verify_receipt() returns 1 for a successful verification and zero if an +error occurred.

    +

    The error can be obtained from ERR_get_error(3)

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), +CMS_sign_receipt(3), +CMS_verify(3),

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/CONF_modules_free.html b/linux_amd64/ssl/share/doc/openssl/html/man3/CONF_modules_free.html new file mode 100755 index 0000000..5702f2c --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/CONF_modules_free.html @@ -0,0 +1,94 @@ + + + + +CONF_modules_free + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    CONF_modules_free, CONF_modules_finish, CONF_modules_unload - +OpenSSL configuration cleanup functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/conf.h>
    +
    + void CONF_modules_finish(void);
+ void CONF_modules_unload(int all);
    +

    Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + void CONF_modules_free(void)
    +

    +

    +
    +

    DESCRIPTION

    +

    CONF_modules_free() closes down and frees up all memory allocated by all +configuration modules. Normally, in versions of OpenSSL prior to 1.1.0, +applications called +CONF_modules_free() at exit to tidy up any configuration performed.

    +

    CONF_modules_finish() calls each configuration modules finish handler +to free up any configuration that module may have performed.

    +

    CONF_modules_unload() finishes and unloads configuration modules. If +all is set to 0 only modules loaded from DSOs will be unloads. If +all is 1 all modules, including built-in modules will be unloaded.

    +

    +

    +
    +

    RETURN VALUES

    +

    None of the functions return a value.

    +

    +

    +
    +

    SEE ALSO

    +

    config(5), OPENSSL_config(3), +CONF_modules_load_file(3)

    +

    +

    +
    +

    HISTORY

    +

    CONF_modules_free() was deprecated in OpenSSL 1.1.0; do not use it. +For more information see OPENSSL_init_crypto(3).

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/CONF_modules_load_file.html b/linux_amd64/ssl/share/doc/openssl/html/man3/CONF_modules_load_file.html new file mode 100755 index 0000000..6556d6c --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/CONF_modules_load_file.html @@ -0,0 +1,172 @@ + + + + +CONF_modules_load_file + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    CONF_modules_load_file, CONF_modules_load - OpenSSL configuration functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/conf.h>
    +
    + int CONF_modules_load_file(const char *filename, const char *appname,
+                            unsigned long flags);
+ int CONF_modules_load(const CONF *cnf, const char *appname,
+                       unsigned long flags);
    +

    +

    +
    +

    DESCRIPTION

    +

    The function CONF_modules_load_file() configures OpenSSL using file +filename and application name appname. If filename is NULL +the standard OpenSSL configuration file is used. If appname is +NULL the standard OpenSSL application name openssl_conf is used. +The behaviour can be customized using flags.

    +

    CONF_modules_load() is identical to CONF_modules_load_file() except it +reads configuration information from cnf.

    +

    +

    +
    +

    NOTES

    +

    The following flags are currently recognized:

    +

    If CONF_MFLAGS_IGNORE_ERRORS is set errors returned by individual +configuration modules are ignored. If not set the first module error is +considered fatal and no further modules are loaded.

    +

    Normally any modules errors will add error information to the error queue. If +CONF_MFLAGS_SILENT is set no error information is added.

    +

    If CONF_MFLAGS_IGNORE_RETURN_CODES is set the function unconditionally +returns success. +This is used by default in OPENSSL_init_crypto(3) to ignore any errors in +the default system-wide configuration file, as having all OpenSSL applications +fail to start when there are potentially minor issues in the file is too risky. +Applications calling CONF_modules_load_file explicitly should not generally +set this flag.

    +

    If CONF_MFLAGS_NO_DSO is set configuration module loading from DSOs is +disabled.

    +

    CONF_MFLAGS_IGNORE_MISSING_FILE if set will make CONF_load_modules_file() +ignore missing configuration files. Normally a missing configuration file +return an error.

    +

    CONF_MFLAGS_DEFAULT_SECTION if set and appname is not NULL will use the +default section pointed to by openssl_conf if appname does not exist.

    +

    By using CONF_modules_load_file() with appropriate flags an application can +customise application configuration to best suit its needs. In some cases the +use of a configuration file is optional and its absence is not an error: in +this case CONF_MFLAGS_IGNORE_MISSING_FILE would be set.

    +

    Errors during configuration may also be handled differently by different +applications. For example in some cases an error may simply print out a warning +message and the application continue. In other cases an application might +consider a configuration file error as fatal and exit immediately.

    +

    Applications can use the CONF_modules_load() function if they wish to load a +configuration file themselves and have finer control over how errors are +treated.

    +

    +

    +
    +

    RETURN VALUES

    +

    These functions return 1 for success and a zero or negative value for +failure. If module errors are not ignored the return code will reflect the +return value of the failing module (this will always be zero or negative).

    +

    +

    +
    +

    EXAMPLES

    +

    Load a configuration file and print out any errors and exit (missing file +considered fatal):

    +
    + if (CONF_modules_load_file(NULL, NULL, 0) <= 0) {
+     fprintf(stderr, "FATAL: error loading configuration file\n");
+     ERR_print_errors_fp(stderr);
+     exit(1);
+ }
    +

    Load default configuration file using the section indicated by "myapp", +tolerate missing files, but exit on other errors:

    +
    + if (CONF_modules_load_file(NULL, "myapp",
+                            CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) {
+     fprintf(stderr, "FATAL: error loading configuration file\n");
+     ERR_print_errors_fp(stderr);
+     exit(1);
+ }
    +

    Load custom configuration file and section, only print warnings on error, +missing configuration file ignored:

    +
    + if (CONF_modules_load_file("/something/app.cnf", "myapp",
+                            CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) {
+     fprintf(stderr, "WARNING: error loading configuration file\n");
+     ERR_print_errors_fp(stderr);
+ }
    +

    Load and parse configuration file manually, custom error handling:

    +
    + FILE *fp;
+ CONF *cnf = NULL;
+ long eline;
    +
    + fp = fopen("/somepath/app.cnf", "r");
+ if (fp == NULL) {
+     fprintf(stderr, "Error opening configuration file\n");
+     /* Other missing configuration file behaviour */
+ } else {
+     cnf = NCONF_new(NULL);
+     if (NCONF_load_fp(cnf, fp, &eline) == 0) {
+         fprintf(stderr, "Error on line %ld of configuration file\n", eline);
+         ERR_print_errors_fp(stderr);
+         /* Other malformed configuration file behaviour */
+     } else if (CONF_modules_load(cnf, "appname", 0) <= 0) {
+         fprintf(stderr, "Error configuring application\n");
+         ERR_print_errors_fp(stderr);
+         /* Other configuration error behaviour */
+     }
+     fclose(fp);
+     NCONF_free(cnf);
+ }
    +

    +

    +
    +

    SEE ALSO

    +

    config(5), OPENSSL_config(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2004-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/CRYPTO_THREAD_run_once.html b/linux_amd64/ssl/share/doc/openssl/html/man3/CRYPTO_THREAD_run_once.html new file mode 100755 index 0000000..d8706f0 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/CRYPTO_THREAD_run_once.html @@ -0,0 +1,195 @@ + + + + +CRYPTO_THREAD_run_once + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    CRYPTO_THREAD_run_once, +CRYPTO_THREAD_lock_new, CRYPTO_THREAD_read_lock, CRYPTO_THREAD_write_lock, +CRYPTO_THREAD_unlock, CRYPTO_THREAD_lock_free, +CRYPTO_atomic_add - OpenSSL thread support

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/crypto.h>
    +
    + CRYPTO_ONCE CRYPTO_ONCE_STATIC_INIT;
+ int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void));
    +
    + CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void);
+ int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock);
+ int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock);
+ int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock);
+ void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock);
    +
    + int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock);
    +

    +

    +
    +

    DESCRIPTION

    +

    OpenSSL can be safely used in multi-threaded applications provided that +support for the underlying OS threading API is built-in. Currently, OpenSSL +supports the pthread and Windows APIs. OpenSSL can also be built without +any multi-threading support, for example on platforms that don't provide +any threading support or that provide a threading API that is not yet +supported by OpenSSL.

    +

    The following multi-threading function are provided:

    +
      +
    • +

      CRYPTO_THREAD_run_once() can be used to perform one-time initialization. +The once argument must be a pointer to a static object of type +CRYPTO_ONCE that was statically initialized to the value +CRYPTO_ONCE_STATIC_INIT. +The init argument is a pointer to a function that performs the desired +exactly once initialization. +In particular, this can be used to allocate locks in a thread-safe manner, +which can then be used with the locking functions below.

      +
      • +
    • +

      CRYPTO_THREAD_lock_new() allocates, initializes and returns a new read/write +lock.

      +
      • +
    • +

      CRYPTO_THREAD_read_lock() locks the provided lock for reading.

      +
      • +
    • +

      CRYPTO_THREAD_write_lock() locks the provided lock for writing.

      +
      • +
    • +

      CRYPTO_THREAD_unlock() unlocks the previously locked lock.

      +
      • +
    • +

      CRYPTO_THREAD_lock_free() frees the provided lock.

      +
      • +
    • +

      CRYPTO_atomic_add() atomically adds amount to val and returns the +result of the operation in ret. lock will be locked, unless atomic +operations are supported on the specific platform. Because of this, if a +variable is modified by CRYPTO_atomic_add() then CRYPTO_atomic_add() must +be the only way that the variable is modified.

      +
      • +
    +

    +

    +
    +

    RETURN VALUES

    +

    CRYPTO_THREAD_run_once() returns 1 on success, or 0 on error.

    +

    CRYPTO_THREAD_lock_new() returns the allocated lock, or NULL on error.

    +

    CRYPTO_THREAD_lock_free() returns no value.

    +

    The other functions return 1 on success, or 0 on error.

    +

    +

    +
    +

    NOTES

    +

    On Windows platforms the CRYPTO_THREAD_* types and functions in the +openssl/crypto.h header are dependent on some of the types customarily +made available by including windows.h. The application developer is +likely to require control over when the latter is included, commonly as +one of the first included headers. Therefore it is defined as an +application developer's responsibility to include windows.h prior to +crypto.h where use of CRYPTO_THREAD_* types and functions is required.

    +

    +

    +
    +

    EXAMPLES

    +

    You can find out if OpenSSL was configured with thread support:

    +
    + #include <openssl/opensslconf.h>
+ #if defined(OPENSSL_THREADS)
+     /* thread support enabled */
+ #else
+     /* no thread support */
+ #endif
    +

    This example safely initializes and uses a lock.

    +
    + #ifdef _WIN32
+ # include <windows.h>
+ #endif
+ #include <openssl/crypto.h>
    +
    + static CRYPTO_ONCE once = CRYPTO_ONCE_STATIC_INIT;
+ static CRYPTO_RWLOCK *lock;
    +
    + static void myinit(void)
+ {
+     lock = CRYPTO_THREAD_lock_new();
+ }
    +
    + static int mylock(void)
+ {
+     if (!CRYPTO_THREAD_run_once(&once, void init) || lock == NULL)
+         return 0;
+     return CRYPTO_THREAD_write_lock(lock);
+ }
    +
    + static int myunlock(void)
+ {
+     return CRYPTO_THREAD_unlock(lock);
+ }
    +
    + int serialized(void)
+ {
+     int ret = 0;
    +
    +     if (mylock()) {
+         /* Your code here, do not return without releasing the lock! */
+         ret = ... ;
+     }
+     myunlock();
+     return ret;
+ }
    +

    Finalization of locks is an advanced topic, not covered in this example. +This can only be done at process exit or when a dynamically loaded library is +no longer in use and is unloaded. +The simplest solution is to just "leak" the lock in applications and not +repeatedly load/unload shared libraries that allocate locks.

    +

    +

    +
    +

    SEE ALSO

    +

    crypto(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/CRYPTO_get_ex_new_index.html b/linux_amd64/ssl/share/doc/openssl/html/man3/CRYPTO_get_ex_new_index.html new file mode 100755 index 0000000..d60c069 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/CRYPTO_get_ex_new_index.html @@ -0,0 +1,202 @@ + + + + +CRYPTO_get_ex_new_index + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    CRYPTO_EX_new, CRYPTO_EX_free, CRYPTO_EX_dup, +CRYPTO_free_ex_index, CRYPTO_get_ex_new_index, +CRYPTO_alloc_ex_data, CRYPTO_set_ex_data, CRYPTO_get_ex_data, +CRYPTO_free_ex_data, CRYPTO_new_ex_data +- functions supporting application-specific data

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/crypto.h>
    +
    + int CRYPTO_get_ex_new_index(int class_index,
+                             long argl, void *argp,
+                             CRYPTO_EX_new *new_func,
+                             CRYPTO_EX_dup *dup_func,
+                             CRYPTO_EX_free *free_func);
    +
    + typedef void CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+                            int idx, long argl, void *argp);
+ typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+                             int idx, long argl, void *argp);
+ typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
+                           void *from_d, int idx, long argl, void *argp);
    +
    + int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad)
    +
    + int CRYPTO_alloc_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad,
+                          int idx);
    +
    + int CRYPTO_set_ex_data(CRYPTO_EX_DATA *r, int idx, void *arg);
    +
    + void *CRYPTO_get_ex_data(CRYPTO_EX_DATA *r, int idx);
    +
    + void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *r);
    +
    + int CRYPTO_free_ex_index(int class_index, int idx);
    +

    +

    +
    +

    DESCRIPTION

    +

    Several OpenSSL structures can have application-specific data attached to them, +known as "exdata." +The specific structures are:

    +
    +    BIO
+    DH
+    DSA
+    EC_KEY
+    ENGINE
+    RAND_DRBG
+    RSA
+    SSL
+    SSL_CTX
+    SSL_SESSION
+    UI
+    UI_METHOD
+    X509
+    X509_STORE
+    X509_STORE_CTX
    +

    In addition, the APP name is reserved for use by application code.

    +

    Each is identified by an CRYPTO_EX_INDEX_xxx define in the crypto.h +header file. In addition, CRYPTO_EX_INDEX_APP is reserved for +applications to use this facility for their own structures.

    +

    The API described here is used by OpenSSL to manipulate exdata for specific +structures. Since the application data can be anything at all it is passed +and retrieved as a void * type.

    +

    The CRYPTO_EX_DATA type is opaque. To initialize the exdata part of +a structure, call CRYPTO_new_ex_data(). This is only necessary for +CRYPTO_EX_INDEX_APP objects.

    +

    Exdata types are identified by an index, an integer guaranteed to be +unique within structures for the lifetime of the program. Applications +using exdata typically call CRYPTO_get_ex_new_index at startup, and +store the result in a global variable, or write a wrapper function to +provide lazy evaluation. The class_index should be one of the +CRYPTO_EX_INDEX_xxx values. The argl and argp parameters are saved +to be passed to the callbacks but are otherwise not used. In order to +transparently manipulate exdata, three callbacks must be provided. The +semantics of those callbacks are described below.

    +

    When copying or releasing objects with exdata, the callback functions +are called in increasing order of their index value.

    +

    If a dynamic library can be unloaded, it should call CRYPTO_free_ex_index() +when this is done. +This will replace the callbacks with no-ops +so that applications don't crash. Any existing exdata will be leaked.

    +

    To set or get the exdata on an object, the appropriate type-specific +routine must be used. This is because the containing structure is opaque +and the CRYPTO_EX_DATA field is not accessible. In both API's, the +idx parameter should be an already-created index value.

    +

    When setting exdata, the pointer specified with a particular index is saved, +and returned on a subsequent "get" call. If the application is going to +release the data, it must make sure to set a NULL value at the index, +to avoid likely double-free crashes.

    +

    The function CRYPTO_free_ex_data is used to free all exdata attached +to a structure. The appropriate type-specific routine must be used. +The class_index identifies the structure type, the obj is +a pointer to the actual structure, and r is a pointer to the +structure's exdata field.

    +

    +

    +

    Callback Functions

    +

    This section describes how the callback functions are used. Applications +that are defining their own exdata using CYPRTO_EX_INDEX_APP must +call them as described here.

    +

    When a structure is initially allocated (such as RSA_new()) then the +new_func() is called for every defined index. There is no requirement +that the entire parent, or containing, structure has been set up. +The new_func() is typically used only to allocate memory to store the +exdata, and perhaps an "initialized" flag within that memory. +The exdata value may be allocated later on with CRYPTO_alloc_ex_data(), +or may be set by calling CRYPTO_set_ex_data().

    +

    When a structure is free'd (such as SSL_CTX_free()) then the +free_func() is called for every defined index. Again, the state of the +parent structure is not guaranteed. The free_func() may be called with a +NULL pointer.

    +

    Both new_func() and free_func() take the same parameters. +The parent is the pointer to the structure that contains the exdata. +The ptr is the current exdata item; for new_func() this will typically +be NULL. The r parameter is a pointer to the exdata field of the object. +The idx is the index and is the value returned when the callbacks were +initially registered via CRYPTO_get_ex_new_index() and can be used if +the same callback handles different types of exdata.

    +

    dup_func() is called when a structure is being copied. This is only done +for SSL, SSL_SESSION, EC_KEY objects and BIO chains via +BIO_dup_chain(). The to and from parameters +are pointers to the destination and source CRYPTO_EX_DATA structures, +respectively. The from_d parameter needs to be cast to a void **pptr +as the API has currently the wrong signature; that will be changed in a +future version. The *pptr is a pointer to the source exdata. +When the dup_func() returns, the value in *pptr is copied to the +destination ex_data. If the pointer contained in *pptr is not modified +by the dup_func(), then both to and from will point to the same data. +The idx, argl and argp parameters are as described for the other +two callbacks. If the dup_func() returns 0 the whole CRYPTO_dup_ex_data() +will fail.

    +

    +

    +
    +

    RETURN VALUES

    +

    CRYPTO_get_ex_new_index() returns a new index or -1 on failure.

    +

    CRYPTO_free_ex_index(), CRYPTO_alloc_ex_data() and CRYPTO_set_ex_data() +return 1 on success or 0 on failure.

    +

    CRYPTO_get_ex_data() returns the application data or NULL on failure; +note that NULL may be a valid value.

    +

    dup_func() should return 0 for failure and 1 for success.

    +

    +

    +
    +

    HISTORY

    +

    CRYPTO_alloc_ex_data() was added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/CRYPTO_memcmp.html b/linux_amd64/ssl/share/doc/openssl/html/man3/CRYPTO_memcmp.html new file mode 100755 index 0000000..5aa296c --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/CRYPTO_memcmp.html @@ -0,0 +1,76 @@ + + + + +CRYPTO_memcmp + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    CRYPTO_memcmp - Constant time memory comparison

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/crypto.h>
    +
    + int CRYPTO_memcmp(const void *a, const void *b, size_t len);
    +

    +

    +
    +

    DESCRIPTION

    +

    The CRYPTO_memcmp function compares the len bytes pointed to by a and b +for equality. +It takes an amount of time dependent on len, but independent of the +contents of the memory regions pointed to by a and b.

    +

    +

    +
    +

    RETURN VALUES

    +

    CRYPTO_memcmp() returns 0 if the memory regions are equal and nonzero +otherwise.

    +

    +

    +
    +

    NOTES

    +

    Unlike memcmp(2), this function cannot be used to order the two memory regions +as the return value when they differ is undefined, other than being nonzero.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/CTLOG_STORE_get0_log_by_id.html b/linux_amd64/ssl/share/doc/openssl/html/man3/CTLOG_STORE_get0_log_by_id.html new file mode 100755 index 0000000..9a655ef --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/CTLOG_STORE_get0_log_by_id.html @@ -0,0 +1,87 @@ + + + + +CTLOG_STORE_get0_log_by_id + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    CTLOG_STORE_get0_log_by_id - +Get a Certificate Transparency log from a CTLOG_STORE

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ct.h>
    +
    + const CTLOG *CTLOG_STORE_get0_log_by_id(const CTLOG_STORE *store,
+                                         const uint8_t *log_id,
+                                         size_t log_id_len);
    +

    +

    +
    +

    DESCRIPTION

    +

    A Signed Certificate Timestamp (SCT) identifies the Certificate Transparency +(CT) log that issued it using the log's LogID (see RFC 6962, Section 3.2). +Therefore, it is useful to be able to look up more information about a log +(e.g. its public key) using this LogID.

    +

    CTLOG_STORE_get0_log_by_id() provides a way to do this. It will find a CTLOG +in a CTLOG_STORE that has a given LogID.

    +

    +

    +
    +

    RETURN VALUES

    +

    CTLOG_STORE_get0_log_by_id returns a CTLOG with the given LogID, if it +exists in the given CTLOG_STORE, otherwise it returns NULL.

    +

    +

    +
    +

    SEE ALSO

    +

    ct(7), +CTLOG_STORE_new(3)

    +

    +

    +
    +

    HISTORY

    +

    The CTLOG_STORE_get0_log_by_id() function was added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/CTLOG_STORE_new.html b/linux_amd64/ssl/share/doc/openssl/html/man3/CTLOG_STORE_new.html new file mode 100755 index 0000000..04ef05e --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/CTLOG_STORE_new.html @@ -0,0 +1,117 @@ + + + + +CTLOG_STORE_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    CTLOG_STORE_new, CTLOG_STORE_free, +CTLOG_STORE_load_default_file, CTLOG_STORE_load_file - +Create and populate a Certificate Transparency log list

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ct.h>
    +
    + CTLOG_STORE *CTLOG_STORE_new(void);
+ void CTLOG_STORE_free(CTLOG_STORE *store);
    +
    + int CTLOG_STORE_load_default_file(CTLOG_STORE *store);
+ int CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file);
    +

    +

    +
    +

    DESCRIPTION

    +

    A CTLOG_STORE is a container for a list of CTLOGs (Certificate Transparency +logs). The list can be loaded from one or more files and then searched by LogID +(see RFC 6962, Section 3.2, for the definition of a LogID).

    +

    CTLOG_STORE_new() creates an empty list of CT logs. This is then populated +by CTLOG_STORE_load_default_file() or CTLOG_STORE_load_file(). +CTLOG_STORE_load_default_file() loads from the default file, which is named +ct_log_list.cnf in OPENSSLDIR (see the output of openssl-version(1)). +This can be overridden using an environment variable named CTLOG_FILE. +CTLOG_STORE_load_file() loads from a caller-specified file path instead. +Both of these functions append any loaded CT logs to the CTLOG_STORE.

    +

    The expected format of the file is:

    +
    + enabled_logs=foo,bar
    +
    + [foo]
+ description = Log 1
+ key = <base64-encoded DER SubjectPublicKeyInfo here>
    +
    + [bar]
+ description = Log 2
+ key = <base64-encoded DER SubjectPublicKeyInfo here>
    +

    Once a CTLOG_STORE is no longer required, it should be passed to +CTLOG_STORE_free(). This will delete all of the CTLOGs stored within, along +with the CTLOG_STORE itself.

    +

    +

    +
    +

    NOTES

    +

    If there are any invalid CT logs in a file, they are skipped and the remaining +valid logs will still be added to the CTLOG_STORE. A CT log will be considered +invalid if it is missing a "key" or "description" field.

    +

    +

    +
    +

    RETURN VALUES

    +

    Both CTLOG_STORE_load_default_file and CTLOG_STORE_load_file return 1 if +all CT logs in the file are successfully parsed and loaded, 0 otherwise.

    +

    +

    +
    +

    SEE ALSO

    +

    ct(7), +CTLOG_STORE_get0_log_by_id(3), +SSL_CTX_set_ctlog_list_file(3)

    +

    +

    +
    +

    HISTORY

    +

    These functions were added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/CTLOG_new.html b/linux_amd64/ssl/share/doc/openssl/html/man3/CTLOG_new.html new file mode 100755 index 0000000..053e799 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/CTLOG_new.html @@ -0,0 +1,105 @@ + + + + +CTLOG_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    CTLOG_new, CTLOG_new_from_base64, CTLOG_free, +CTLOG_get0_name, CTLOG_get0_log_id, CTLOG_get0_public_key - +encapsulates information about a Certificate Transparency log

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ct.h>
    +
    + CTLOG *CTLOG_new(EVP_PKEY *public_key, const char *name);
+ int CTLOG_new_from_base64(CTLOG ** ct_log,
+                           const char *pkey_base64, const char *name);
+ void CTLOG_free(CTLOG *log);
+ const char *CTLOG_get0_name(const CTLOG *log);
+ void CTLOG_get0_log_id(const CTLOG *log, const uint8_t **log_id,
+                        size_t *log_id_len);
+ EVP_PKEY *CTLOG_get0_public_key(const CTLOG *log);
    +

    +

    +
    +

    DESCRIPTION

    +

    CTLOG_new() returns a new CTLOG that represents the Certificate Transparency +(CT) log with the given public key. A name must also be provided that can be +used to help users identify this log. Ownership of the public key is +transferred.

    +

    CTLOG_new_from_base64() also creates a new CTLOG, but takes the public key in +base64-encoded DER form and sets the ct_log pointer to point to the new CTLOG. +The base64 will be decoded and the public key parsed.

    +

    Regardless of whether CTLOG_new() or CTLOG_new_from_base64() is used, it is the +caller's responsibility to pass the CTLOG to CTLOG_free() once it is no longer +needed. This will delete it and, if created by CTLOG_new(), the EVP_PKEY that +was passed to it.

    +

    CTLOG_get0_name() returns the name of the log, as provided when the CTLOG was +created. Ownership of the string remains with the CTLOG.

    +

    CTLOG_get0_log_id() sets *log_id to point to a string containing that log's +LogID (see RFC 6962). It sets *log_id_len to the length of that LogID. For a +v1 CT log, the LogID will be a SHA-256 hash (i.e. 32 bytes long). Ownership of +the string remains with the CTLOG.

    +

    CTLOG_get0_public_key() returns the public key of the CT log. Ownership of the +EVP_PKEY remains with the CTLOG.

    +

    +

    +
    +

    RETURN VALUES

    +

    CTLOG_new() will return NULL if an error occurs.

    +

    CTLOG_new_from_base64() will return 1 on success, 0 otherwise.

    +

    +

    +
    +

    SEE ALSO

    +

    ct(7)

    +

    +

    +
    +

    HISTORY

    +

    These functions were added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/CT_POLICY_EVAL_CTX_new.html b/linux_amd64/ssl/share/doc/openssl/html/man3/CT_POLICY_EVAL_CTX_new.html new file mode 100755 index 0000000..665928d --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/CT_POLICY_EVAL_CTX_new.html @@ -0,0 +1,148 @@ + + + + +CT_POLICY_EVAL_CTX_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    CT_POLICY_EVAL_CTX_new, CT_POLICY_EVAL_CTX_free, +CT_POLICY_EVAL_CTX_get0_cert, CT_POLICY_EVAL_CTX_set1_cert, +CT_POLICY_EVAL_CTX_get0_issuer, CT_POLICY_EVAL_CTX_set1_issuer, +CT_POLICY_EVAL_CTX_get0_log_store, CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE, +CT_POLICY_EVAL_CTX_get_time, CT_POLICY_EVAL_CTX_set_time - +Encapsulates the data required to evaluate whether SCTs meet a Certificate Transparency policy

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ct.h>
    +
    + CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void);
+ void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx);
+ X509* CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx);
+ int CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert);
+ X509* CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx);
+ int CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer);
+ const CTLOG_STORE *CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX *ctx);
+ void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx,
+                                                CTLOG_STORE *log_store);
+ uint64_t CT_POLICY_EVAL_CTX_get_time(const CT_POLICY_EVAL_CTX *ctx);
+ void CT_POLICY_EVAL_CTX_set_time(CT_POLICY_EVAL_CTX *ctx, uint64_t time_in_ms);
    +

    +

    +
    +

    DESCRIPTION

    +

    A CT_POLICY_EVAL_CTX is used by functions that evaluate whether Signed +Certificate Timestamps (SCTs) fulfil a Certificate Transparency (CT) policy. +This policy may be, for example, that at least one valid SCT is available. To +determine this, an SCT's timestamp and signature must be verified. +This requires:

    +
      +
    • +

      the public key of the log that issued the SCT

      +
      • +
    • +

      the certificate that the SCT was issued for

      +
      • +
    • +

      the issuer certificate (if the SCT was issued for a pre-certificate)

      +
      • +
    • +

      the current time

      +
      • +
    +

    The above requirements are met using the setters described below.

    +

    CT_POLICY_EVAL_CTX_new() creates an empty policy evaluation context. This +should then be populated using:

    +
      +
    • +

      CT_POLICY_EVAL_CTX_set1_cert() to provide the certificate the SCTs were issued for

      +

      Increments the reference count of the certificate.

      +
      • +
    • +

      CT_POLICY_EVAL_CTX_set1_issuer() to provide the issuer certificate

      +

      Increments the reference count of the certificate.

      +
      • +
    • +

      CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE() to provide a list of logs that are trusted as sources of SCTs

      +

      Holds a pointer to the CTLOG_STORE, so the CTLOG_STORE must outlive the +CT_POLICY_EVAL_CTX.

      +
      • +
    • +

      CT_POLICY_EVAL_CTX_set_time() to set the time SCTs should be compared with to determine if they are valid

      +

      The SCT timestamp will be compared to this time to check whether the SCT was +issued in the future. RFC6962 states that "TLS clients MUST reject SCTs whose +timestamp is in the future". By default, this will be set to 5 minutes in the +future (e.g. (time() + 300) * 1000), to allow for clock drift.

      +

      The time should be in milliseconds since the Unix Epoch.

      +
      • +
    +

    Each setter has a matching getter for accessing the current value.

    +

    When no longer required, the CT_POLICY_EVAL_CTX should be passed to +CT_POLICY_EVAL_CTX_free() to delete it.

    +

    +

    +
    +

    NOTES

    +

    The issuer certificate only needs to be provided if at least one of the SCTs +was issued for a pre-certificate. This will be the case for SCTs embedded in a +certificate (i.e. those in an X.509 extension), but may not be the case for SCTs +found in the TLS SCT extension or OCSP response.

    +

    +

    +
    +

    RETURN VALUES

    +

    CT_POLICY_EVAL_CTX_new() will return NULL if malloc fails.

    +

    +

    +
    +

    SEE ALSO

    +

    ct(7)

    +

    +

    +
    +

    HISTORY

    +

    These functions were added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/DEFINE_STACK_OF.html b/linux_amd64/ssl/share/doc/openssl/html/man3/DEFINE_STACK_OF.html new file mode 100755 index 0000000..76f9309 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/DEFINE_STACK_OF.html @@ -0,0 +1,269 @@ + + + + +DEFINE_STACK_OF + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    DEFINE_STACK_OF, DEFINE_STACK_OF_CONST, DEFINE_SPECIAL_STACK_OF, +DEFINE_SPECIAL_STACK_OF_CONST, +sk_TYPE_num, sk_TYPE_value, sk_TYPE_new, sk_TYPE_new_null, +sk_TYPE_reserve, sk_TYPE_free, sk_TYPE_zero, sk_TYPE_delete, +sk_TYPE_delete_ptr, sk_TYPE_push, sk_TYPE_unshift, sk_TYPE_pop, +sk_TYPE_shift, sk_TYPE_pop_free, sk_TYPE_insert, sk_TYPE_set, +sk_TYPE_find, sk_TYPE_find_ex, sk_TYPE_sort, sk_TYPE_is_sorted, +sk_TYPE_dup, sk_TYPE_deep_copy, sk_TYPE_set_cmp_func, sk_TYPE_new_reserve +- stack container

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/safestack.h>
    +
    + STACK_OF(TYPE)
+ DEFINE_STACK_OF(TYPE)
+ DEFINE_STACK_OF_CONST(TYPE)
+ DEFINE_SPECIAL_STACK_OF(FUNCTYPE, TYPE)
+ DEFINE_SPECIAL_STACK_OF_CONST(FUNCTYPE, TYPE)
    +
    + typedef int (*sk_TYPE_compfunc)(const TYPE *const *a, const TYPE *const *b);
+ typedef TYPE * (*sk_TYPE_copyfunc)(const TYPE *a);
+ typedef void (*sk_TYPE_freefunc)(TYPE *a);
    +
    + int sk_TYPE_num(const STACK_OF(TYPE) *sk);
+ TYPE *sk_TYPE_value(const STACK_OF(TYPE) *sk, int idx);
+ STACK_OF(TYPE) *sk_TYPE_new(sk_TYPE_compfunc compare);
+ STACK_OF(TYPE) *sk_TYPE_new_null(void);
+ int sk_TYPE_reserve(STACK_OF(TYPE) *sk, int n);
+ void sk_TYPE_free(const STACK_OF(TYPE) *sk);
+ void sk_TYPE_zero(const STACK_OF(TYPE) *sk);
+ TYPE *sk_TYPE_delete(STACK_OF(TYPE) *sk, int i);
+ TYPE *sk_TYPE_delete_ptr(STACK_OF(TYPE) *sk, TYPE *ptr);
+ int sk_TYPE_push(STACK_OF(TYPE) *sk, const TYPE *ptr);
+ int sk_TYPE_unshift(STACK_OF(TYPE) *sk, const TYPE *ptr);
+ TYPE *sk_TYPE_pop(STACK_OF(TYPE) *sk);
+ TYPE *sk_TYPE_shift(STACK_OF(TYPE) *sk);
+ void sk_TYPE_pop_free(STACK_OF(TYPE) *sk, sk_TYPE_freefunc freefunc);
+ int sk_TYPE_insert(STACK_OF(TYPE) *sk, TYPE *ptr, int idx);
+ TYPE *sk_TYPE_set(STACK_OF(TYPE) *sk, int idx, const TYPE *ptr);
+ int sk_TYPE_find(STACK_OF(TYPE) *sk, TYPE *ptr);
+ int sk_TYPE_find_ex(STACK_OF(TYPE) *sk, TYPE *ptr);
+ void sk_TYPE_sort(const STACK_OF(TYPE) *sk);
+ int sk_TYPE_is_sorted(const STACK_OF(TYPE) *sk);
+ STACK_OF(TYPE) *sk_TYPE_dup(const STACK_OF(TYPE) *sk);
+ STACK_OF(TYPE) *sk_TYPE_deep_copy(const STACK_OF(TYPE) *sk,
+                                   sk_TYPE_copyfunc copyfunc,
+                                   sk_TYPE_freefunc freefunc);
+ sk_TYPE_compfunc (*sk_TYPE_set_cmp_func(STACK_OF(TYPE) *sk,
+                                         sk_TYPE_compfunc compare));
+ STACK_OF(TYPE) *sk_TYPE_new_reserve(sk_TYPE_compfunc compare, int n);
    +

    +

    +
    +

    DESCRIPTION

    +

    Applications can create and use their own stacks by placing any of the macros +described below in a header file. These macros define typesafe inline +functions that wrap around the utility OPENSSL_sk_ API. +In the description here, TYPE is used +as a placeholder for any of the OpenSSL datatypes, such as X509.

    +

    STACK_OF() returns the name for a stack of the specified TYPE. +DEFINE_STACK_OF() creates set of functions for a stack of TYPE. This +will mean that type TYPE is stored in each stack, the type is referenced by +STACK_OF(TYPE) and each function name begins with sk_TYPE_. +For example:

    +
    + TYPE *sk_TYPE_value(STACK_OF(TYPE) *sk, int idx);
    +

    DEFINE_STACK_OF_CONST() is identical to DEFINE_STACK_OF() except +each element is constant. For example:

    +
    + const TYPE *sk_TYPE_value(STACK_OF(TYPE) *sk, int idx);
    +

    DEFINE_SPECIAL_STACK_OF() defines a stack of TYPE but +each function uses FUNCNAME in the function name. For example:

    +
    + TYPE *sk_FUNCNAME_value(STACK_OF(TYPE) *sk, int idx);
    +

    DEFINE_SPECIAL_STACK_OF_CONST() is similar except that each element is +constant:

    +
    + const TYPE *sk_FUNCNAME_value(STACK_OF(TYPE) *sk, int idx);
    +

    sk_TYPE_num() returns the number of elements in sk or -1 if sk is +NULL.

    +

    sk_TYPE_value() returns element idx in sk, where idx starts at +zero. If idx is out of range then NULL is returned.

    +

    sk_TYPE_new() allocates a new empty stack using comparison function +compare. If compare is NULL then no comparison function is used. This +function is equivalent to sk_TYPE_new_reserve(compare, 0).

    +

    sk_TYPE_new_null() allocates a new empty stack with no comparison +function. This function is equivalent to sk_TYPE_new_reserve(NULL, 0).

    +

    sk_TYPE_reserve() allocates additional memory in the sk structure +such that the next n calls to sk_TYPE_insert(), sk_TYPE_push() +or sk_TYPE_unshift() will not fail or cause memory to be allocated +or reallocated. If n is zero, any excess space allocated in the +sk structure is freed. On error sk is unchanged.

    +

    sk_TYPE_new_reserve() allocates a new stack. The new stack will have +additional memory allocated to hold n elements if n is positive. +The next n calls to sk_TYPE_insert(), sk_TYPE_push() or +sk_TYPE_unshift() will not fail or cause memory to be allocated or +reallocated. If n is zero or less than zero, no memory is allocated. +sk_TYPE_new_reserve() also sets the comparison function compare +to the newly created stack. If compare is NULL then no comparison +function is used.

    +

    sk_TYPE_set_cmp_func() sets the comparison function of sk to +compare. The previous comparison function is returned or NULL if there +was no previous comparison function.

    +

    sk_TYPE_free() frees up the sk structure. It does not free up any +elements of sk. After this call sk is no longer valid.

    +

    sk_TYPE_zero() sets the number of elements in sk to zero. It does not +free sk so after this call sk is still valid.

    +

    sk_TYPE_pop_free() frees up all elements of sk and sk itself. The +free function freefunc() is called on each element to free it.

    +

    sk_TYPE_delete() deletes element i from sk. It returns the deleted +element or NULL if i is out of range.

    +

    sk_TYPE_delete_ptr() deletes element matching ptr from sk. It +returns the deleted element or NULL if no element matching ptr was found.

    +

    sk_TYPE_insert() inserts ptr into sk at position idx. Any +existing elements at or after idx are moved downwards. If idx is out +of range the new element is appended to sk. sk_TYPE_insert() either +returns the number of elements in sk after the new element is inserted or +zero if an error (such as memory allocation failure) occurred.

    +

    sk_TYPE_push() appends ptr to sk it is equivalent to:

    +
    + sk_TYPE_insert(sk, ptr, -1);
    +

    sk_TYPE_unshift() inserts ptr at the start of sk it is equivalent +to:

    +
    + sk_TYPE_insert(sk, ptr, 0);
    +

    sk_TYPE_pop() returns and removes the last element from sk.

    +

    sk_TYPE_shift() returns and removes the first element from sk.

    +

    sk_TYPE_set() sets element idx of sk to ptr replacing the current +element. The new element value is returned or NULL if an error occurred: +this will only happen if sk is NULL or idx is out of range.

    +

    sk_TYPE_find() searches sk for the element ptr. In the case +where no comparison function has been specified, the function performs +a linear search for a pointer equal to ptr. The index of the first +matching element is returned or -1 if there is no match. In the case +where a comparison function has been specified, sk is sorted then +sk_TYPE_find() returns the index of a matching element or -1 if there +is no match. Note that, in this case, the matching element returned is +not guaranteed to be the first; the comparison function will usually +compare the values pointed to rather than the pointers themselves and +the order of elements in sk could change.

    +

    sk_TYPE_find_ex() operates like sk_TYPE_find() except when a +comparison function has been specified and no matching element is found. +Instead of returning -1, sk_TYPE_find_ex() returns the index of the +element either before or after the location where ptr would be if it were +present in sk.

    +

    sk_TYPE_sort() sorts sk using the supplied comparison function.

    +

    sk_TYPE_is_sorted() returns 1 if sk is sorted and 0 otherwise.

    +

    sk_TYPE_dup() returns a copy of sk. Note the pointers in the copy +are identical to the original.

    +

    sk_TYPE_deep_copy() returns a new stack where each element has been +copied. Copying is performed by the supplied copyfunc() and freeing by +freefunc(). The function freefunc() is only called if an error occurs.

    +

    +

    +
    +

    NOTES

    +

    Care should be taken when accessing stacks in multi-threaded environments. +Any operation which increases the size of a stack such as sk_TYPE_insert() +or sk_TYPE_push() can "grow" the size of an internal array and cause race +conditions if the same stack is accessed in a different thread. Operations such +as sk_TYPE_find() and sk_TYPE_sort() can also reorder the stack.

    +

    Any comparison function supplied should use a metric suitable +for use in a binary search operation. That is it should return zero, a +positive or negative value if a is equal to, greater than +or less than b respectively.

    +

    Care should be taken when checking the return values of the functions +sk_TYPE_find() and sk_TYPE_find_ex(). They return an index to the +matching element. In particular 0 indicates a matching first element. +A failed search is indicated by a -1 return value.

    +

    STACK_OF(), DEFINE_STACK_OF(), DEFINE_STACK_OF_CONST(), and +DEFINE_SPECIAL_STACK_OF() are implemented as macros.

    +

    The underlying utility OPENSSL_sk_ API should not be used directly. +It defines these functions: OPENSSL_sk_deep_copy(), +OPENSSL_sk_delete(), OPENSSL_sk_delete_ptr(), OPENSSL_sk_dup(), +OPENSSL_sk_find(), OPENSSL_sk_find_ex(), OPENSSL_sk_free(), +OPENSSL_sk_insert(), OPENSSL_sk_is_sorted(), OPENSSL_sk_new(), +OPENSSL_sk_new_null(), OPENSSL_sk_num(), OPENSSL_sk_pop(), +OPENSSL_sk_pop_free(), OPENSSL_sk_push(), OPENSSL_sk_reserve(), +OPENSSL_sk_set(), OPENSSL_sk_set_cmp_func(), OPENSSL_sk_shift(), +OPENSSL_sk_sort(), OPENSSL_sk_unshift(), OPENSSL_sk_value(), +OPENSSL_sk_zero().

    +

    +

    +
    +

    RETURN VALUES

    +

    sk_TYPE_num() returns the number of elements in the stack or -1 if the +passed stack is NULL.

    +

    sk_TYPE_value() returns a pointer to a stack element or NULL if the +index is out of range.

    +

    sk_TYPE_new(), sk_TYPE_new_null() and sk_TYPE_new_reserve() +return an empty stack or NULL if an error occurs.

    +

    sk_TYPE_reserve() returns 1 on successful allocation of the required +memory or 0 on error.

    +

    sk_TYPE_set_cmp_func() returns the old comparison function or NULL if +there was no old comparison function.

    +

    sk_TYPE_free(), sk_TYPE_zero(), sk_TYPE_pop_free() and +sk_TYPE_sort() do not return values.

    +

    sk_TYPE_pop(), sk_TYPE_shift(), sk_TYPE_delete() and +sk_TYPE_delete_ptr() return a pointer to the deleted element or NULL +on error.

    +

    sk_TYPE_insert(), sk_TYPE_push() and sk_TYPE_unshift() return +the total number of elements in the stack and 0 if an error occurred.

    +

    sk_TYPE_set() returns a pointer to the replacement element or NULL on +error.

    +

    sk_TYPE_find() and sk_TYPE_find_ex() return an index to the found +element or -1 on error.

    +

    sk_TYPE_is_sorted() returns 1 if the stack is sorted and 0 if it is +not.

    +

    sk_TYPE_dup() and sk_TYPE_deep_copy() return a pointer to the copy +of the stack.

    +

    +

    +
    +

    HISTORY

    +

    Before OpenSSL 1.1.0, this was implemented via macros and not inline functions +and was not a public API.

    +

    sk_TYPE_reserve() and sk_TYPE_new_reserve() were added in OpenSSL +1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/DES_random_key.html b/linux_amd64/ssl/share/doc/openssl/html/man3/DES_random_key.html new file mode 100755 index 0000000..c6220c5 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/DES_random_key.html @@ -0,0 +1,334 @@ + + + + +DES_random_key + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    DES_random_key, DES_set_key, DES_key_sched, DES_set_key_checked, +DES_set_key_unchecked, DES_set_odd_parity, DES_is_weak_key, +DES_ecb_encrypt, DES_ecb2_encrypt, DES_ecb3_encrypt, DES_ncbc_encrypt, +DES_cfb_encrypt, DES_ofb_encrypt, DES_pcbc_encrypt, DES_cfb64_encrypt, +DES_ofb64_encrypt, DES_xcbc_encrypt, DES_ede2_cbc_encrypt, +DES_ede2_cfb64_encrypt, DES_ede2_ofb64_encrypt, DES_ede3_cbc_encrypt, +DES_ede3_cfb64_encrypt, DES_ede3_ofb64_encrypt, +DES_cbc_cksum, DES_quad_cksum, DES_string_to_key, DES_string_to_2keys, +DES_fcrypt, DES_crypt - DES encryption

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/des.h>
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + void DES_random_key(DES_cblock *ret);
    +
    + int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule);
+ int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule);
+ int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule);
+ void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule);
    +
    + void DES_set_odd_parity(DES_cblock *key);
+ int DES_is_weak_key(const_DES_cblock *key);
    +
    + void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output,
+                      DES_key_schedule *ks, int enc);
+ void DES_ecb2_encrypt(const_DES_cblock *input, DES_cblock *output,
+                       DES_key_schedule *ks1, DES_key_schedule *ks2, int enc);
+ void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output,
+                       DES_key_schedule *ks1, DES_key_schedule *ks2,
+                       DES_key_schedule *ks3, int enc);
    +
    + void DES_ncbc_encrypt(const unsigned char *input, unsigned char *output,
+                       long length, DES_key_schedule *schedule, DES_cblock *ivec,
+                       int enc);
+ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out,
+                      int numbits, long length, DES_key_schedule *schedule,
+                      DES_cblock *ivec, int enc);
+ void DES_ofb_encrypt(const unsigned char *in, unsigned char *out,
+                      int numbits, long length, DES_key_schedule *schedule,
+                      DES_cblock *ivec);
+ void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output,
+                       long length, DES_key_schedule *schedule, DES_cblock *ivec,
+                       int enc);
+ void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                        long length, DES_key_schedule *schedule, DES_cblock *ivec,
+                        int *num, int enc);
+ void DES_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                        long length, DES_key_schedule *schedule, DES_cblock *ivec,
+                        int *num);
    +
    + void DES_xcbc_encrypt(const unsigned char *input, unsigned char *output,
+                       long length, DES_key_schedule *schedule, DES_cblock *ivec,
+                       const_DES_cblock *inw, const_DES_cblock *outw, int enc);
    +
    + void DES_ede2_cbc_encrypt(const unsigned char *input, unsigned char *output,
+                           long length, DES_key_schedule *ks1,
+                           DES_key_schedule *ks2, DES_cblock *ivec, int enc);
+ void DES_ede2_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                             long length, DES_key_schedule *ks1,
+                             DES_key_schedule *ks2, DES_cblock *ivec,
+                             int *num, int enc);
+ void DES_ede2_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                             long length, DES_key_schedule *ks1,
+                             DES_key_schedule *ks2, DES_cblock *ivec, int *num);
    +
    + void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output,
+                           long length, DES_key_schedule *ks1,
+                           DES_key_schedule *ks2, DES_key_schedule *ks3,
+                           DES_cblock *ivec, int enc);
+ void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                             long length, DES_key_schedule *ks1,
+                             DES_key_schedule *ks2, DES_key_schedule *ks3,
+                             DES_cblock *ivec, int *num, int enc);
+ void DES_ede3_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                             long length, DES_key_schedule *ks1,
+                             DES_key_schedule *ks2, DES_key_schedule *ks3,
+                             DES_cblock *ivec, int *num);
    +
    + DES_LONG DES_cbc_cksum(const unsigned char *input, DES_cblock *output,
+                        long length, DES_key_schedule *schedule,
+                        const_DES_cblock *ivec);
+ DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[],
+                         long length, int out_count, DES_cblock *seed);
+ void DES_string_to_key(const char *str, DES_cblock *key);
+ void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2);
    +
    + char *DES_fcrypt(const char *buf, const char *salt, char *ret);
+ char *DES_crypt(const char *buf, const char *salt);
    +

    +

    +
    +

    DESCRIPTION

    +

    All of the functions described on this page are deprecated. Applications should +instead use EVP_EncryptInit_ex(3), EVP_EncryptUpdate(3) and +EVP_EncryptFinal_ex(3) or the equivalently named decrypt functions.

    +

    This library contains a fast implementation of the DES encryption +algorithm.

    +

    There are two phases to the use of DES encryption. The first is the +generation of a DES_key_schedule from a key, the second is the +actual encryption. A DES key is of type DES_cblock. This type +consists of 8 bytes with odd parity. The least significant bit in +each byte is the parity bit. The key schedule is an expanded form of +the key; it is used to speed the encryption process.

    +

    DES_random_key() generates a random key. The random generator must be +seeded when calling this function. +If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to +external circumstances (see RAND(7)), the operation will fail. +If the function fails, 0 is returned.

    +

    Before a DES key can be used, it must be converted into the +architecture dependent DES_key_schedule via the +DES_set_key_checked() or DES_set_key_unchecked() function.

    +

    DES_set_key_checked() will check that the key passed is of odd parity +and is not a weak or semi-weak key. If the parity is wrong, then -1 +is returned. If the key is a weak key, then -2 is returned. If an +error is returned, the key schedule is not generated.

    +

    DES_set_key() works like DES_set_key_checked() and remains for +backward compatibility.

    +

    DES_set_odd_parity() sets the parity of the passed key to odd.

    +

    DES_is_weak_key() returns 1 if the passed key is a weak key, 0 if it +is ok.

    +

    The following routines mostly operate on an input and output stream of +DES_cblocks.

    +

    DES_ecb_encrypt() is the basic DES encryption routine that encrypts or +decrypts a single 8-byte DES_cblock in electronic code book +(ECB) mode. It always transforms the input data, pointed to by +input, into the output data, pointed to by the output argument. +If the encrypt argument is nonzero (DES_ENCRYPT), the input +(cleartext) is encrypted in to the output (ciphertext) using the +key_schedule specified by the schedule argument, previously set via +DES_set_key. If encrypt is zero (DES_DECRYPT), the input (now +ciphertext) is decrypted into the output (now cleartext). Input +and output may overlap. DES_ecb_encrypt() does not return a value.

    +

    DES_ecb3_encrypt() encrypts/decrypts the input block by using +three-key Triple-DES encryption in ECB mode. This involves encrypting +the input with ks1, decrypting with the key schedule ks2, and +then encrypting with ks3. This routine greatly reduces the chances +of brute force breaking of DES and has the advantage of if ks1, +ks2 and ks3 are the same, it is equivalent to just encryption +using ECB mode and ks1 as the key.

    +

    The macro DES_ecb2_encrypt() is provided to perform two-key Triple-DES +encryption by using ks1 for the final encryption.

    +

    DES_ncbc_encrypt() encrypts/decrypts using the cipher-block-chaining +(CBC) mode of DES. If the encrypt argument is nonzero, the +routine cipher-block-chain encrypts the cleartext data pointed to by +the input argument into the ciphertext pointed to by the output +argument, using the key schedule provided by the schedule argument, +and initialization vector provided by the ivec argument. If the +length argument is not an integral multiple of eight bytes, the +last block is copied to a temporary area and zero filled. The output +is always an integral multiple of eight bytes.

    +

    DES_xcbc_encrypt() is RSA's DESX mode of DES. It uses inw and +outw to 'whiten' the encryption. inw and outw are secret +(unlike the iv) and are as such, part of the key. So the key is sort +of 24 bytes. This is much better than CBC DES.

    +

    DES_ede3_cbc_encrypt() implements outer triple CBC DES encryption with +three keys. This means that each DES operation inside the CBC mode is +C=E(ks3,D(ks2,E(ks1,M))). This mode is used by SSL.

    +

    The DES_ede2_cbc_encrypt() macro implements two-key Triple-DES by +reusing ks1 for the final encryption. C=E(ks1,D(ks2,E(ks1,M))). +This form of Triple-DES is used by the RSAREF library.

    +

    DES_pcbc_encrypt() encrypts/decrypts using the propagating cipher block +chaining mode used by Kerberos v4. Its parameters are the same as +DES_ncbc_encrypt().

    +

    DES_cfb_encrypt() encrypts/decrypts using cipher feedback mode. This +method takes an array of characters as input and outputs an array of +characters. It does not require any padding to 8 character groups. +Note: the ivec variable is changed and the new changed value needs to +be passed to the next call to this function. Since this function runs +a complete DES ECB encryption per numbits, this function is only +suggested for use when sending a small number of characters.

    +

    DES_cfb64_encrypt() +implements CFB mode of DES with 64-bit feedback. Why is this +useful you ask? Because this routine will allow you to encrypt an +arbitrary number of bytes, without 8 byte padding. Each call to this +routine will encrypt the input bytes to output and then update ivec +and num. num contains 'how far' we are though ivec. If this does +not make much sense, read more about CFB mode of DES.

    +

    DES_ede3_cfb64_encrypt() and DES_ede2_cfb64_encrypt() is the same as +DES_cfb64_encrypt() except that Triple-DES is used.

    +

    DES_ofb_encrypt() encrypts using output feedback mode. This method +takes an array of characters as input and outputs an array of +characters. It does not require any padding to 8 character groups. +Note: the ivec variable is changed and the new changed value needs to +be passed to the next call to this function. Since this function runs +a complete DES ECB encryption per numbits, this function is only +suggested for use when sending a small number of characters.

    +

    DES_ofb64_encrypt() is the same as DES_cfb64_encrypt() using Output +Feed Back mode.

    +

    DES_ede3_ofb64_encrypt() and DES_ede2_ofb64_encrypt() is the same as +DES_ofb64_encrypt(), using Triple-DES.

    +

    The following functions are included in the DES library for +compatibility with the MIT Kerberos library.

    +

    DES_cbc_cksum() produces an 8 byte checksum based on the input stream +(via CBC encryption). The last 4 bytes of the checksum are returned +and the complete 8 bytes are placed in output. This function is +used by Kerberos v4. Other applications should use +EVP_DigestInit(3) etc. instead.

    +

    DES_quad_cksum() is a Kerberos v4 function. It returns a 4 byte +checksum from the input bytes. The algorithm can be iterated over the +input, depending on out_count, 1, 2, 3 or 4 times. If output is +non-NULL, the 8 bytes generated by each pass are written into +output.

    +

    The following are DES-based transformations:

    +

    DES_fcrypt() is a fast version of the Unix crypt(3) function. This +version takes only a small amount of space relative to other fast +crypt() implementations. This is different to the normal crypt() in +that the third parameter is the buffer that the return value is +written into. It needs to be at least 14 bytes long. This function +is thread safe, unlike the normal crypt().

    +

    DES_crypt() is a faster replacement for the normal system crypt(). +This function calls DES_fcrypt() with a static array passed as the +third parameter. This mostly emulates the normal non-thread-safe semantics +of crypt(3). +The salt must be two ASCII characters.

    +

    The values returned by DES_fcrypt() and DES_crypt() are terminated by NUL +character.

    +

    DES_enc_write() writes len bytes to file descriptor fd from +buffer buf. The data is encrypted via pcbc_encrypt (default) +using sched for the key and iv as a starting vector. The actual +data send down fd consists of 4 bytes (in network byte order) +containing the length of the following encrypted data. The encrypted +data then follows, padded with random data out to a multiple of 8 +bytes.

    +

    +

    +
    +

    BUGS

    +

    DES_cbc_encrypt() does not modify ivec; use DES_ncbc_encrypt() +instead.

    +

    DES_cfb_encrypt() and DES_ofb_encrypt() operates on input of 8 bits. +What this means is that if you set numbits to 12, and length to 2, the +first 12 bits will come from the 1st input byte and the low half of +the second input byte. The second 12 bits will have the low 8 bits +taken from the 3rd input byte and the top 4 bits taken from the 4th +input byte. The same holds for output. This function has been +implemented this way because most people will be using a multiple of 8 +and because once you get into pulling bytes input bytes apart things +get ugly!

    +

    DES_string_to_key() is available for backward compatibility with the +MIT library. New applications should use a cryptographic hash function. +The same applies for DES_string_to_2key().

    +

    +

    +
    +

    NOTES

    +

    The des library was written to be source code compatible with +the MIT Kerberos library.

    +

    Applications should use the higher level functions +EVP_EncryptInit(3) etc. instead of calling these +functions directly.

    +

    Single-key DES is insecure due to its short key size. ECB mode is +not suitable for most applications; see des_modes(7).

    +

    +

    +
    +

    RETURN VALUES

    +

    DES_set_key(), DES_key_sched(), DES_set_key_checked() and DES_is_weak_key() +return 0 on success or negative values on error.

    +

    DES_cbc_cksum() and DES_quad_cksum() return 4-byte integer representing the +last 4 bytes of the checksum of the input.

    +

    DES_fcrypt() returns a pointer to the caller-provided buffer and DES_crypt() - +to a static buffer on success; otherwise they return NULL.

    +

    +

    +
    +

    SEE ALSO

    +

    des_modes(7), +EVP_EncryptInit(3)

    +

    +

    +
    +

    HISTORY

    +

    All of these functions were deprecated in OpenSSL 3.0.

    +

    The requirement that the salt parameter to DES_crypt() and DES_fcrypt() +be two ASCII characters was first enforced in +OpenSSL 1.1.0. Previous versions tried to use the letter uppercase A +if both character were not present, and could crash when given non-ASCII +on some platforms.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/DH_generate_key.html b/linux_amd64/ssl/share/doc/openssl/html/man3/DH_generate_key.html new file mode 100755 index 0000000..99e3a2f --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/DH_generate_key.html @@ -0,0 +1,100 @@ + + + + +DH_generate_key + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    DH_generate_key, DH_compute_key - perform Diffie-Hellman key exchange

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/dh.h>
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + int DH_generate_key(DH *dh);
    +
    + int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh);
    +

    +

    +
    +

    DESCRIPTION

    +

    Both of the functions described on this page are deprecated. +Applications should instead use EVP_PKEY_derive_init(3) +and EVP_PKEY_derive(3).

    +

    DH_generate_key() performs the first step of a Diffie-Hellman key +exchange by generating private and public DH values. By calling +DH_compute_key(), these are combined with the other party's public +value to compute the shared key.

    +

    DH_generate_key() expects dh to contain the shared parameters +dh->p and dh->g. It generates a random private DH value +unless dh->priv_key is already set, and computes the +corresponding public value dh->pub_key, which can then be +published.

    +

    DH_compute_key() computes the shared secret from the private DH value +in dh and the other party's public value in pub_key and stores +it in key. key must point to DH_size(dh) bytes of memory.

    +

    +

    +
    +

    RETURN VALUES

    +

    DH_generate_key() returns 1 on success, 0 otherwise.

    +

    DH_compute_key() returns the size of the shared secret on success, -1 +on error.

    +

    The error codes can be obtained by ERR_get_error(3).

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_PKEY_derive(3), +DH_new(3), ERR_get_error(3), RAND_bytes(3), DH_size(3)

    +

    +

    +
    +

    HISTORY

    +

    Both of these functions were deprecated in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/DH_generate_parameters.html b/linux_amd64/ssl/share/doc/openssl/html/man3/DH_generate_parameters.html new file mode 100755 index 0000000..543284a --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/DH_generate_parameters.html @@ -0,0 +1,203 @@ + + + + +DH_generate_parameters + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    DH_generate_parameters_ex, DH_generate_parameters, +DH_check, DH_check_params, +DH_check_ex, DH_check_params_ex, DH_check_pub_key_ex +- generate and check Diffie-Hellman +parameters

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/dh.h>
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + int DH_generate_parameters_ex(DH *dh, int prime_len, int generator, BN_GENCB *cb);
    +
    + int DH_check(DH *dh, int *codes);
+ int DH_check_params(DH *dh, int *codes);
    +
    + int DH_check_ex(const DH *dh);
+ int DH_check_params_ex(const DH *dh);
+ int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key);
    +

    Deprecated since OpenSSL 0.9.8, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + DH *DH_generate_parameters(int prime_len, int generator,
+                            void (*callback)(int, int, void *), void *cb_arg);
    +

    +

    +
    +

    DESCRIPTION

    +

    All of the functions described on this page are deprecated. +Applications should instead use EVP_PKEY_check(3), +EVP_PKEY_public_check(3), EVP_PKEY_private_check(3) and +EVP_PKEY_param_check(3).

    +

    DH_generate_parameters_ex() generates Diffie-Hellman parameters that can +be shared among a group of users, and stores them in the provided DH +structure. The pseudo-random number generator must be +seeded before calling it. +The parameters generated by DH_generate_parameters_ex() should not be used in +signature schemes.

    +

    prime_len is the length in bits of the safe prime to be generated. +generator is a small number > 1, typically 2 or 5.

    +

    A callback function may be used to provide feedback about the progress +of the key generation. If cb is not NULL, it will be +called as described in BN_generate_prime(3) while a random prime +number is generated, and when a prime has been found, BN_GENCB_call(cb, 3, 0) +is called. See BN_generate_prime_ex(3) for information on +the BN_GENCB_call() function.

    +

    DH_generate_parameters() is similar to DH_generate_prime_ex() but +expects an old-style callback function; see +BN_generate_prime(3) for information on the old-style callback.

    +

    DH_check_params() confirms that the p and g are likely enough to +be valid. +This is a lightweight check, if a more thorough check is needed, use +DH_check(). +The value of *codes is updated with any problems found. +If *codes is zero then no problems were found, otherwise the +following bits may be set:

    +
    +
    DH_CHECK_P_NOT_PRIME
    + +
    +

    The parameter p has been determined to not being an odd prime. +Note that the lack of this bit doesn't guarantee that p is a +prime.

    +
    +
    DH_NOT_SUITABLE_GENERATOR
    + +
    +

    The generator g is not suitable. +Note that the lack of this bit doesn't guarantee that g is +suitable, unless p is known to be a strong prime.

    +
    +
    DH_MODULUS_TOO_SMALL
    + +
    +

    The modulus is too small.

    +
    +
    DH_MODULUS_TOO_LARGE
    + +
    +

    The modulus is too large.

    +
    +
    +

    DH_check() confirms that the Diffie-Hellman parameters dh are valid. The +value of *codes is updated with any problems found. If *codes is zero then +no problems were found, otherwise the following bits may be set:

    +
    +
    DH_CHECK_P_NOT_PRIME
    + +
    +

    The parameter p is not prime.

    +
    +
    DH_CHECK_P_NOT_SAFE_PRIME
    + +
    +

    The parameter p is not a safe prime and no q value is present.

    +
    +
    DH_UNABLE_TO_CHECK_GENERATOR
    + +
    +

    The generator g cannot be checked for suitability.

    +
    +
    DH_NOT_SUITABLE_GENERATOR
    + +
    +

    The generator g is not suitable.

    +
    +
    DH_CHECK_Q_NOT_PRIME
    + +
    +

    The parameter q is not prime.

    +
    +
    DH_CHECK_INVALID_Q_VALUE
    + +
    +

    The parameter q is invalid.

    +
    +
    DH_CHECK_INVALID_J_VALUE
    + +
    +

    The parameter j is invalid.

    +
    +
    +

    DH_check_ex(), DH_check_params() and DH_check_pub_key_ex() are similar to +DH_check() and DH_check_params() respectively, but the error reasons are added +to the thread's error queue instead of provided as return values from the +function.

    +

    +

    +
    +

    RETURN VALUES

    +

    DH_generate_parameters_ex(), DH_check() and DH_check_params() return 1 +if the check could be performed, 0 otherwise.

    +

    DH_generate_parameters() returns a pointer to the DH structure or NULL if +the parameter generation fails.

    +

    DH_check_ex(), DH_check_params() and DH_check_pub_key_ex() return 1 if the +check is successful, 0 for failed.

    +

    The error codes can be obtained by ERR_get_error(3).

    +

    +

    +
    +

    SEE ALSO

    +

    DH_new(3), ERR_get_error(3), RAND_bytes(3), +DH_free(3)

    +

    +

    +
    +

    HISTORY

    +

    All of these functions were deprecated in OpenSSL 3.0.

    +

    DH_generate_parameters() was deprecated in OpenSSL 0.9.8; use +DH_generate_parameters_ex() instead.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/DH_get0_pqg.html b/linux_amd64/ssl/share/doc/openssl/html/man3/DH_get0_pqg.html new file mode 100755 index 0000000..90137dd --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/DH_get0_pqg.html @@ -0,0 +1,164 @@ + + + + +DH_get0_pqg + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    DH_get0_pqg, DH_set0_pqg, DH_get0_key, DH_set0_key, +DH_get0_p, DH_get0_q, DH_get0_g, +DH_get0_priv_key, DH_get0_pub_key, +DH_clear_flags, DH_test_flags, DH_set_flags, DH_get0_engine, +DH_get_length, DH_set_length - Routines for getting and setting data in a DH object

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/dh.h>
    +
    + void DH_get0_pqg(const DH *dh,
+                  const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
+ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
+ void DH_get0_key(const DH *dh,
+                  const BIGNUM **pub_key, const BIGNUM **priv_key);
+ int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key);
+ const BIGNUM *DH_get0_p(const DH *dh);
+ const BIGNUM *DH_get0_q(const DH *dh);
+ const BIGNUM *DH_get0_g(const DH *dh);
+ const BIGNUM *DH_get0_priv_key(const DH *dh);
+ const BIGNUM *DH_get0_pub_key(const DH *dh);
+ void DH_clear_flags(DH *dh, int flags);
+ int DH_test_flags(const DH *dh, int flags);
+ void DH_set_flags(DH *dh, int flags);
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + ENGINE *DH_get0_engine(DH *d);
+ long DH_get_length(const DH *dh);
+ int DH_set_length(DH *dh, long length);
    +

    +

    +
    +

    DESCRIPTION

    +

    A DH object contains the parameters p, q and g. Note that the q +parameter is optional. It also contains a public key (pub_key) and +(optionally) a private key (priv_key).

    +

    The p, q and g parameters can be obtained by calling DH_get0_pqg(). +If the parameters have not yet been set then *p, *q and *g will be set +to NULL. Otherwise they are set to pointers to their respective values. These +point directly to the internal representations of the values and therefore +should not be freed directly. +Any of the out parameters p, q, and g can be NULL, in which case no +value will be returned for that parameter.

    +

    The p, q and g values can be set by calling DH_set0_pqg() and passing +the new values for p, q and g as parameters to the function. Calling +this function transfers the memory management of the values to the DH object, +and therefore the values that have been passed in should not be freed directly +after this function has been called. The q parameter may be NULL.

    +

    To get the public and private key values use the DH_get0_key() function. A +pointer to the public key will be stored in *pub_key, and a pointer to the +private key will be stored in *priv_key. Either may be NULL if they have not +been set yet, although if the private key has been set then the public key must +be. The values point to the internal representation of the public key and +private key values. This memory should not be freed directly. +Any of the out parameters pub_key and priv_key can be NULL, in which case +no value will be returned for that parameter.

    +

    The public and private key values can be set using DH_set0_key(). Either +parameter may be NULL, which means the corresponding DH field is left +untouched. As with DH_set0_pqg() this function transfers the memory management +of the key values to the DH object, and therefore they should not be freed +directly after this function has been called.

    +

    Any of the values p, q, g, priv_key, and pub_key can also be +retrieved separately by the corresponding function DH_get0_p(), DH_get0_q(), +DH_get0_g(), DH_get0_priv_key(), and DH_get0_pub_key(), respectively.

    +

    DH_set_flags() sets the flags in the flags parameter on the DH object. +Multiple flags can be passed in one go (bitwise ORed together). Any flags that +are already set are left set. DH_test_flags() tests to see whether the flags +passed in the flags parameter are currently set in the DH object. Multiple +flags can be tested in one go. All flags that are currently set are returned, or +zero if none of the flags are set. DH_clear_flags() clears the specified flags +within the DH object.

    +

    DH_get0_engine() returns a handle to the ENGINE that has been set for this DH +object, or NULL if no such ENGINE has been set. This function is deprecated.

    +

    The DH_get_length() and DH_set_length() functions get and set the optional +length parameter associated with this DH object. If the length is nonzero then +it is used, otherwise it is ignored. The length parameter indicates the +length of the secret exponent (private key) in bits. These functions are +deprecated.

    +

    +

    +
    +

    NOTES

    +

    Values retrieved with DH_get0_key() are owned by the DH object used +in the call and may therefore not be passed to DH_set0_key(). If +needed, duplicate the received value using BN_dup() and pass the +duplicate. The same applies to DH_get0_pqg() and DH_set0_pqg().

    +

    +

    +
    +

    RETURN VALUES

    +

    DH_set0_pqg() and DH_set0_key() return 1 on success or 0 on failure.

    +

    DH_get0_p(), DH_get0_q(), DH_get0_g(), DH_get0_priv_key(), and DH_get0_pub_key() +return the respective value, or NULL if it is unset.

    +

    DH_test_flags() returns the current state of the flags in the DH object.

    +

    DH_get0_engine() returns the ENGINE set for the DH object or NULL if no ENGINE +has been set.

    +

    DH_get_length() returns the length of the secret exponent (private key) in bits, +or zero if no such length has been explicitly set.

    +

    +

    +
    +

    SEE ALSO

    +

    DH_new(3), DH_new(3), DH_generate_parameters(3), DH_generate_key(3), +DH_set_method(3), DH_size(3), DH_meth_new(3)

    +

    +

    +
    +

    HISTORY

    +

    The DH_get0_engine(), DH_get_length() and DH_set_length() functions were +deprecated in OpenSSL 3.0.

    +

    The functions described here were added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/DH_get_1024_160.html b/linux_amd64/ssl/share/doc/openssl/html/man3/DH_get_1024_160.html new file mode 100755 index 0000000..af5ff21 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/DH_get_1024_160.html @@ -0,0 +1,107 @@ + + + + +DH_get_1024_160 + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    DH_get_1024_160, +DH_get_2048_224, +DH_get_2048_256, +BN_get0_nist_prime_192, +BN_get0_nist_prime_224, +BN_get0_nist_prime_256, +BN_get0_nist_prime_384, +BN_get0_nist_prime_521, +BN_get_rfc2409_prime_768, +BN_get_rfc2409_prime_1024, +BN_get_rfc3526_prime_1536, +BN_get_rfc3526_prime_2048, +BN_get_rfc3526_prime_3072, +BN_get_rfc3526_prime_4096, +BN_get_rfc3526_prime_6144, +BN_get_rfc3526_prime_8192 +- Create standardized public primes or DH pairs

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/dh.h>
+ DH *DH_get_1024_160(void)
+ DH *DH_get_2048_224(void)
+ DH *DH_get_2048_256(void)
    +
    + const BIGNUM *BN_get0_nist_prime_192(void)
+ const BIGNUM *BN_get0_nist_prime_224(void)
+ const BIGNUM *BN_get0_nist_prime_256(void)
+ const BIGNUM *BN_get0_nist_prime_384(void)
+ const BIGNUM *BN_get0_nist_prime_521(void)
    +
    + BIGNUM *BN_get_rfc2409_prime_768(BIGNUM *bn)
+ BIGNUM *BN_get_rfc2409_prime_1024(BIGNUM *bn)
+ BIGNUM *BN_get_rfc3526_prime_1536(BIGNUM *bn)
+ BIGNUM *BN_get_rfc3526_prime_2048(BIGNUM *bn)
+ BIGNUM *BN_get_rfc3526_prime_3072(BIGNUM *bn)
+ BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *bn)
+ BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn)
+ BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn)
    +

    +

    +
    +

    DESCRIPTION

    +

    DH_get_1024_160(), DH_get_2048_224(), and DH_get_2048_256() each return +a DH object for the IETF RFC 5114 value.

    +

    BN_get0_nist_prime_192(), BN_get0_nist_prime_224(), BN_get0_nist_prime_256(), +BN_get0_nist_prime_384(), and BN_get0_nist_prime_521() functions return +a BIGNUM for the specific NIST prime curve (e.g., P-256).

    +

    BN_get_rfc2409_prime_768(), BN_get_rfc2409_prime_1024(), +BN_get_rfc3526_prime_1536(), BN_get_rfc3526_prime_2048(), +BN_get_rfc3526_prime_3072(), BN_get_rfc3526_prime_4096(), +BN_get_rfc3526_prime_6144(), and BN_get_rfc3526_prime_8192() functions +return a BIGNUM for the specified size from IETF RFC 2409. If bn +is not NULL, the BIGNUM will be set into that location as well.

    +

    +

    +
    +

    RETURN VALUES

    +

    Defined above.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/DH_meth_new.html b/linux_amd64/ssl/share/doc/openssl/html/man3/DH_meth_new.html new file mode 100755 index 0000000..bf460bc --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/DH_meth_new.html @@ -0,0 +1,196 @@ + + + + +DH_meth_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    DH_meth_new, DH_meth_free, DH_meth_dup, DH_meth_get0_name, DH_meth_set1_name, +DH_meth_get_flags, DH_meth_set_flags, DH_meth_get0_app_data, +DH_meth_set0_app_data, DH_meth_get_generate_key, DH_meth_set_generate_key, +DH_meth_get_compute_key, DH_meth_set_compute_key, DH_meth_get_bn_mod_exp, +DH_meth_set_bn_mod_exp, DH_meth_get_init, DH_meth_set_init, DH_meth_get_finish, +DH_meth_set_finish, DH_meth_get_generate_params, +DH_meth_set_generate_params - Routines to build up DH methods

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/dh.h>
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + DH_METHOD *DH_meth_new(const char *name, int flags);
    +
    + void DH_meth_free(DH_METHOD *dhm);
    +
    + DH_METHOD *DH_meth_dup(const DH_METHOD *dhm);
    +
    + const char *DH_meth_get0_name(const DH_METHOD *dhm);
+ int DH_meth_set1_name(DH_METHOD *dhm, const char *name);
    +
    + int DH_meth_get_flags(const DH_METHOD *dhm);
+ int DH_meth_set_flags(DH_METHOD *dhm, int flags);
    +
    + void *DH_meth_get0_app_data(const DH_METHOD *dhm);
+ int DH_meth_set0_app_data(DH_METHOD *dhm, void *app_data);
    +
    + int (*DH_meth_get_generate_key(const DH_METHOD *dhm))(DH *);
+ int DH_meth_set_generate_key(DH_METHOD *dhm, int (*generate_key)(DH *));
    +
    + int (*DH_meth_get_compute_key(const DH_METHOD *dhm))
+     (unsigned char *key, const BIGNUM *pub_key, DH *dh);
+ int DH_meth_set_compute_key(DH_METHOD *dhm,
+     int (*compute_key)(unsigned char *key, const BIGNUM *pub_key, DH *dh));
    +
    + int (*DH_meth_get_bn_mod_exp(const DH_METHOD *dhm))
+     (const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+      const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+ int DH_meth_set_bn_mod_exp(DH_METHOD *dhm,
+     int (*bn_mod_exp)(const DH *dh, BIGNUM *r, const BIGNUM *a,
+                       const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+                       BN_MONT_CTX *m_ctx));
    +
    + int (*DH_meth_get_init(const DH_METHOD *dhm))(DH *);
+ int DH_meth_set_init(DH_METHOD *dhm, int (*init)(DH *));
    +
    + int (*DH_meth_get_finish(const DH_METHOD *dhm))(DH *);
+ int DH_meth_set_finish(DH_METHOD *dhm, int (*finish)(DH *));
    +
    + int (*DH_meth_get_generate_params(const DH_METHOD *dhm))
+     (DH *, int, int, BN_GENCB *);
+ int DH_meth_set_generate_params(DH_METHOD *dhm,
+     int (*generate_params)(DH *, int, int, BN_GENCB *));
    +

    +

    +
    +

    DESCRIPTION

    +

    All of the functions described on this page are deprecated. +Applications should instead use the provider APIs.

    +

    The DH_METHOD type is a structure used for the provision of custom DH +implementations. It provides a set of functions used by OpenSSL for the +implementation of the various DH capabilities.

    +

    DH_meth_new() creates a new DH_METHOD structure. It should be given a +unique name and a set of flags. The name should be a NULL terminated +string, which will be duplicated and stored in the DH_METHOD object. It is +the callers responsibility to free the original string. The flags will be used +during the construction of a new DH object based on this DH_METHOD. Any +new DH object will have those flags set by default.

    +

    DH_meth_dup() creates a duplicate copy of the DH_METHOD object passed as a +parameter. This might be useful for creating a new DH_METHOD based on an +existing one, but with some differences.

    +

    DH_meth_free() destroys a DH_METHOD structure and frees up any memory +associated with it.

    +

    DH_meth_get0_name() will return a pointer to the name of this DH_METHOD. This +is a pointer to the internal name string and so should not be freed by the +caller. DH_meth_set1_name() sets the name of the DH_METHOD to name. The +string is duplicated and the copy is stored in the DH_METHOD structure, so the +caller remains responsible for freeing the memory associated with the name.

    +

    DH_meth_get_flags() returns the current value of the flags associated with this +DH_METHOD. DH_meth_set_flags() provides the ability to set these flags.

    +

    The functions DH_meth_get0_app_data() and DH_meth_set0_app_data() provide the +ability to associate implementation specific data with the DH_METHOD. It is +the application's responsibility to free this data before the DH_METHOD is +freed via a call to DH_meth_free().

    +

    DH_meth_get_generate_key() and DH_meth_set_generate_key() get and set the +function used for generating a new DH key pair respectively. This function will +be called in response to the application calling DH_generate_key(). The +parameter for the function has the same meaning as for DH_generate_key().

    +

    DH_meth_get_compute_key() and DH_meth_set_compute_key() get and set the +function used for computing a new DH shared secret respectively. This function +will be called in response to the application calling DH_compute_key(). The +parameters for the function have the same meaning as for DH_compute_key().

    +

    DH_meth_get_bn_mod_exp() and DH_meth_set_bn_mod_exp() get and set the function +used for computing the following value:

    +
    + r = a ^ p mod m
    +

    This function will be called by the default OpenSSL function for +DH_generate_key(). The result is stored in the r parameter. This function +may be NULL unless using the default generate key function, in which case it +must be present.

    +

    DH_meth_get_init() and DH_meth_set_init() get and set the function used +for creating a new DH instance respectively. This function will be +called in response to the application calling DH_new() (if the current default +DH_METHOD is this one) or DH_new_method(). The DH_new() and DH_new_method() +functions will allocate the memory for the new DH object, and a pointer to this +newly allocated structure will be passed as a parameter to the function. This +function may be NULL.

    +

    DH_meth_get_finish() and DH_meth_set_finish() get and set the function used +for destroying an instance of a DH object respectively. This function will be +called in response to the application calling DH_free(). A pointer to the DH +to be destroyed is passed as a parameter. The destroy function should be used +for DH implementation specific clean up. The memory for the DH itself should +not be freed by this function. This function may be NULL.

    +

    DH_meth_get_generate_params() and DH_meth_set_generate_params() get and set the +function used for generating DH parameters respectively. This function will be +called in response to the application calling DH_generate_parameters_ex() (or +DH_generate_parameters()). The parameters for the function have the same +meaning as for DH_generate_parameters_ex(). This function may be NULL.

    +

    +

    +
    +

    RETURN VALUES

    +

    DH_meth_new() and DH_meth_dup() return the newly allocated DH_METHOD object +or NULL on failure.

    +

    DH_meth_get0_name() and DH_meth_get_flags() return the name and flags +associated with the DH_METHOD respectively.

    +

    All other DH_meth_get_*() functions return the appropriate function pointer +that has been set in the DH_METHOD, or NULL if no such pointer has yet been +set.

    +

    DH_meth_set1_name() and all DH_meth_set_*() functions return 1 on success or +0 on failure.

    +

    +

    +
    +

    SEE ALSO

    +

    DH_new(3), DH_new(3), DH_generate_parameters(3), DH_generate_key(3), +DH_set_method(3), DH_size(3), DH_get0_pqg(3)

    +

    +

    +
    +

    HISTORY

    +

    All of these functions were deprecated in OpenSSL 3.0.

    +

    The functions described here were added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/DH_new.html b/linux_amd64/ssl/share/doc/openssl/html/man3/DH_new.html new file mode 100755 index 0000000..5e5d46c --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/DH_new.html @@ -0,0 +1,81 @@ + + + + +DH_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    DH_new, DH_free - allocate and free DH objects

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/dh.h>
    +
    + DH* DH_new(void);
    +
    + void DH_free(DH *dh);
    +

    +

    +
    +

    DESCRIPTION

    +

    DH_new() allocates and initializes a DH structure.

    +

    DH_free() frees the DH structure and its components. The values are +erased before the memory is returned to the system. +If dh is NULL nothing is done.

    +

    +

    +
    +

    RETURN VALUES

    +

    If the allocation fails, DH_new() returns NULL and sets an error +code that can be obtained by ERR_get_error(3). Otherwise it returns +a pointer to the newly allocated structure.

    +

    DH_free() returns no value.

    +

    +

    +
    +

    SEE ALSO

    +

    DH_new(3), ERR_get_error(3), +DH_generate_parameters(3), +DH_generate_key(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/DH_new_by_nid.html b/linux_amd64/ssl/share/doc/openssl/html/man3/DH_new_by_nid.html new file mode 100755 index 0000000..ad004f0 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/DH_new_by_nid.html @@ -0,0 +1,84 @@ + + + + +DH_new_by_nid + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    DH_new_by_nid, DH_get_nid - get or find DH named parameters

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/dh.h>
+ DH *DH_new_by_nid(int nid);
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + int *DH_get_nid(DH *dh);
    +

    +

    +
    +

    DESCRIPTION

    +

    DH_new_by_nid() creates and returns a DH structure containing named parameters +nid. Currently nid must be NID_ffdhe2048, NID_ffdhe3072, +NID_ffdhe4096, NID_ffdhe6144, NID_ffdhe8192, +NID_modp_1536, NID_modp_2048, NID_modp_3072, +NID_modp_4096, NID_modp_6144 or NID_modp_8192.

    +

    DH_get_nid() determines if the parameters contained in dh match +any named set. It returns the NID corresponding to the matching parameters or +NID_undef if there is no match. This function is deprecated.

    +

    +

    +
    +

    RETURN VALUES

    +

    DH_new_by_nid() returns a set of DH parameters or NULL if an error occurred.

    +

    DH_get_nid() returns the NID of the matching set of parameters or +NID_undef if there is no match.

    +

    +

    +
    +

    HISTORY

    +

    The DH_get_nid() function was deprecated in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/DH_set_method.html b/linux_amd64/ssl/share/doc/openssl/html/man3/DH_set_method.html new file mode 100755 index 0000000..2da2b2a --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/DH_set_method.html @@ -0,0 +1,127 @@ + + + + +DH_set_method + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    DH_set_default_method, DH_get_default_method, +DH_set_method, DH_new_method, DH_OpenSSL - select DH method

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/dh.h>
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + void DH_set_default_method(const DH_METHOD *meth);
    +
    + const DH_METHOD *DH_get_default_method(void);
    +
    + int DH_set_method(DH *dh, const DH_METHOD *meth);
    +
    + DH *DH_new_method(ENGINE *engine);
    +
    + const DH_METHOD *DH_OpenSSL(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    All of the functions described on this page are deprecated. +Applications should instead use the provider APIs.

    +

    A DH_METHOD specifies the functions that OpenSSL uses for Diffie-Hellman +operations. By modifying the method, alternative implementations +such as hardware accelerators may be used. IMPORTANT: See the NOTES section for +important information about how these DH API functions are affected by the use +of ENGINE API calls.

    +

    Initially, the default DH_METHOD is the OpenSSL internal implementation, as +returned by DH_OpenSSL().

    +

    DH_set_default_method() makes meth the default method for all DH +structures created later. +NB: This is true only whilst no ENGINE has been set +as a default for DH, so this function is no longer recommended. +This function is not thread-safe and should not be called at the same time +as other OpenSSL functions.

    +

    DH_get_default_method() returns a pointer to the current default DH_METHOD. +However, the meaningfulness of this result is dependent on whether the ENGINE +API is being used, so this function is no longer recommended.

    +

    DH_set_method() selects meth to perform all operations using the key dh. +This will replace the DH_METHOD used by the DH key and if the previous method +was supplied by an ENGINE, the handle to that ENGINE will be released during the +change. It is possible to have DH keys that only work with certain DH_METHOD +implementations (eg. from an ENGINE module that supports embedded +hardware-protected keys), and in such cases attempting to change the DH_METHOD +for the key can have unexpected results.

    +

    DH_new_method() allocates and initializes a DH structure so that engine will +be used for the DH operations. If engine is NULL, the default ENGINE for DH +operations is used, and if no default ENGINE is set, the DH_METHOD controlled by +DH_set_default_method() is used.

    +

    A new DH_METHOD object may be constructed using DH_meth_new() (see +DH_meth_new(3)).

    +

    +

    +
    +

    RETURN VALUES

    +

    DH_OpenSSL() and DH_get_default_method() return pointers to the respective +DH_METHODs.

    +

    DH_set_default_method() returns no value.

    +

    DH_set_method() returns nonzero if the provided meth was successfully set as +the method for dh (including unloading the ENGINE handle if the previous +method was supplied by an ENGINE).

    +

    DH_new_method() returns NULL and sets an error code that can be obtained by +ERR_get_error(3) if the allocation fails. Otherwise it +returns a pointer to the newly allocated structure.

    +

    +

    +
    +

    SEE ALSO

    +

    DH_new(3), DH_new(3), DH_meth_new(3)

    +

    +

    +
    +

    HISTORY

    +

    All of these functions were deprecated in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/DH_size.html b/linux_amd64/ssl/share/doc/openssl/html/man3/DH_size.html new file mode 100755 index 0000000..0c995ec --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/DH_size.html @@ -0,0 +1,99 @@ + + + + +DH_size + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    DH_size, DH_bits, DH_security_bits - get Diffie-Hellman prime size and +security bits

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/dh.h>
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + int DH_size(const DH *dh);
    +
    + int DH_bits(const DH *dh);
    +
    + int DH_security_bits(const DH *dh);
    +

    +

    +
    +

    DESCRIPTION

    +

    All of the functions described on this page are deprecated. +Applications should instead use EVP_PKEY_bits(3), +EVP_PKEY_security_bits(3) and EVP_PKEY_size(3).

    +

    DH_size() returns the Diffie-Hellman prime size in bytes. It can be used +to determine how much memory must be allocated for the shared secret +computed by DH_compute_key(3).

    +

    DH_bits() returns the number of significant bits.

    +

    dh and dh->p must not be NULL.

    +

    DH_security_bits() returns the number of security bits of the given dh +key. See BN_security_bits(3).

    +

    +

    +
    +

    RETURN VALUES

    +

    DH_size() returns the prime size of Diffie-Hellman in bytes.

    +

    DH_bits() returns the number of bits in the key.

    +

    DH_security_bits() returns the number of security bits.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_PKEY_bits(3), +DH_new(3), DH_generate_key(3), +BN_num_bits(3)

    +

    +

    +
    +

    HISTORY

    +

    All of these functions were deprecated in OpenSSL 3.0.

    +

    The DH_bits() function was added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/DSA_SIG_new.html b/linux_amd64/ssl/share/doc/openssl/html/man3/DSA_SIG_new.html new file mode 100755 index 0000000..1b9e0ee --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/DSA_SIG_new.html @@ -0,0 +1,90 @@ + + + + +DSA_SIG_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    DSA_SIG_get0, DSA_SIG_set0, +DSA_SIG_new, DSA_SIG_free - allocate and free DSA signature objects

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/dsa.h>
    +
    + DSA_SIG *DSA_SIG_new(void);
+ void DSA_SIG_free(DSA_SIG *a);
+ void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
+ int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s);
    +

    +

    +
    +

    DESCRIPTION

    +

    DSA_SIG_new() allocates an empty DSA_SIG structure.

    +

    DSA_SIG_free() frees the DSA_SIG structure and its components. The +values are erased before the memory is returned to the system.

    +

    DSA_SIG_get0() returns internal pointers to the r and s values contained +in sig.

    +

    The r and s values can be set by calling DSA_SIG_set0() and passing the +new values for r and s as parameters to the function. Calling this +function transfers the memory management of the values to the DSA_SIG object, +and therefore the values that have been passed in should not be freed directly +after this function has been called.

    +

    +

    +
    +

    RETURN VALUES

    +

    If the allocation fails, DSA_SIG_new() returns NULL and sets an +error code that can be obtained by +ERR_get_error(3). Otherwise it returns a pointer +to the newly allocated structure.

    +

    DSA_SIG_free() returns no value.

    +

    DSA_SIG_set0() returns 1 on success or 0 on failure.

    +

    +

    +
    +

    SEE ALSO

    +

    DSA_new(3), ERR_get_error(3), +DSA_do_sign(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/DSA_do_sign.html b/linux_amd64/ssl/share/doc/openssl/html/man3/DSA_do_sign.html new file mode 100755 index 0000000..d08f6c8 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/DSA_do_sign.html @@ -0,0 +1,87 @@ + + + + +DSA_do_sign + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    DSA_do_sign, DSA_do_verify - raw DSA signature operations

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/dsa.h>
    +
    + DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
    +
    + int DSA_do_verify(const unsigned char *dgst, int dgst_len,
+                   DSA_SIG *sig, DSA *dsa);
    +

    +

    +
    +

    DESCRIPTION

    +

    DSA_do_sign() computes a digital signature on the len byte message +digest dgst using the private key dsa and returns it in a +newly allocated DSA_SIG structure.

    +

    DSA_sign_setup(3) may be used to precompute part +of the signing operation in case signature generation is +time-critical.

    +

    DSA_do_verify() verifies that the signature sig matches a given +message digest dgst of size len. dsa is the signer's public +key.

    +

    +

    +
    +

    RETURN VALUES

    +

    DSA_do_sign() returns the signature, NULL on error. DSA_do_verify() +returns 1 for a valid signature, 0 for an incorrect signature and -1 +on error. The error codes can be obtained by +ERR_get_error(3).

    +

    +

    +
    +

    SEE ALSO

    +

    DSA_new(3), ERR_get_error(3), RAND_bytes(3), +DSA_SIG_new(3), +DSA_sign(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/DSA_dup_DH.html b/linux_amd64/ssl/share/doc/openssl/html/man3/DSA_dup_DH.html new file mode 100755 index 0000000..3fdb671 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/DSA_dup_DH.html @@ -0,0 +1,92 @@ + + + + +DSA_dup_DH + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    DSA_dup_DH - create a DH structure out of DSA structure

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/dsa.h>
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + DH *DSA_dup_DH(const DSA *r);
    +

    +

    +
    +

    DESCRIPTION

    +

    The function described on this page is deprecated. There is no direct +replacement, applications should use the EVP_PKEY APIs for Diffie-Hellman +operations.

    +

    DSA_dup_DH() duplicates DSA parameters/keys as DH parameters/keys. q +is lost during that conversion, but the resulting DH parameters +contain its length.

    +

    +

    +
    +

    RETURN VALUES

    +

    DSA_dup_DH() returns the new DH structure, and NULL on error. The +error codes can be obtained by ERR_get_error(3).

    +

    +

    +
    +

    NOTE

    +

    Be careful to avoid small subgroup attacks when using this.

    +

    +

    +
    +

    SEE ALSO

    +

    DH_new(3), DSA_new(3), ERR_get_error(3)

    +

    +

    +
    +

    HISTORY

    +

    This function was deprecated in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/DSA_generate_key.html b/linux_amd64/ssl/share/doc/openssl/html/man3/DSA_generate_key.html new file mode 100755 index 0000000..8bcb45f --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/DSA_generate_key.html @@ -0,0 +1,77 @@ + + + + +DSA_generate_key + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    DSA_generate_key - generate DSA key pair

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/dsa.h>
    +
    + int DSA_generate_key(DSA *a);
    +

    +

    +
    +

    DESCRIPTION

    +

    DSA_generate_key() expects a to contain DSA parameters. It generates +a new key pair and stores it in a->pub_key and a->priv_key.

    +

    The random generator must be seeded prior to calling DSA_generate_key(). +If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to +external circumstances (see RAND(7)), the operation will fail.

    +

    +

    +
    +

    RETURN VALUES

    +

    DSA_generate_key() returns 1 on success, 0 otherwise. +The error codes can be obtained by ERR_get_error(3).

    +

    +

    +
    +

    SEE ALSO

    +

    DSA_new(3), ERR_get_error(3), RAND_bytes(3), +DSA_generate_parameters_ex(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/DSA_generate_parameters.html b/linux_amd64/ssl/share/doc/openssl/html/man3/DSA_generate_parameters.html new file mode 100755 index 0000000..257d2d4 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/DSA_generate_parameters.html @@ -0,0 +1,151 @@ + + + + +DSA_generate_parameters + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    DSA_generate_parameters_ex, DSA_generate_parameters - generate DSA parameters

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/dsa.h>
    +
    + int DSA_generate_parameters_ex(DSA *dsa, int bits,
+                                const unsigned char *seed, int seed_len,
+                                int *counter_ret, unsigned long *h_ret,
+                                BN_GENCB *cb);
    +

    Deprecated since OpenSSL 0.9.8, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + DSA *DSA_generate_parameters(int bits, unsigned char *seed, int seed_len,
+                              int *counter_ret, unsigned long *h_ret,
+                              void (*callback)(int, int, void *), void *cb_arg);
    +

    +

    +
    +

    DESCRIPTION

    +

    DSA_generate_parameters_ex() generates primes p and q and a generator g +for use in the DSA and stores the result in dsa.

    +

    bits is the length of the prime p to be generated. +For lengths under 2048 bits, the length of q is 160 bits; for lengths +greater than or equal to 2048 bits, the length of q is set to 256 bits.

    +

    If seed is NULL, the primes will be generated at random. +If seed_len is less than the length of q, an error is returned.

    +

    DSA_generate_parameters_ex() places the iteration count in +*counter_ret and a counter used for finding a generator in +*h_ret, unless these are NULL.

    +

    A callback function may be used to provide feedback about the progress +of the key generation. If cb is not NULL, it will be +called as shown below. For information on the BN_GENCB structure and the +BN_GENCB_call function discussed below, refer to +BN_generate_prime(3).

    +

    DSA_generate_prime() is similar to DSA_generate_prime_ex() but +expects an old-style callback function; see +BN_generate_prime(3) for information on the old-style callback.

    +
      +
    • +

      When a candidate for q is generated, BN_GENCB_call(cb, 0, m++) is called +(m is 0 for the first candidate).

      +
      • +
    • +

      When a candidate for q has passed a test by trial division, +BN_GENCB_call(cb, 1, -1) is called. +While a candidate for q is tested by Miller-Rabin primality tests, +BN_GENCB_call(cb, 1, i) is called in the outer loop +(once for each witness that confirms that the candidate may be prime); +i is the loop counter (starting at 0).

      +
      • +
    • +

      When a prime q has been found, BN_GENCB_call(cb, 2, 0) and +BN_GENCB_call(cb, 3, 0) are called.

      +
      • +
    • +

      Before a candidate for p (other than the first) is generated and tested, +BN_GENCB_call(cb, 0, counter) is called.

      +
      • +
    • +

      When a candidate for p has passed the test by trial division, +BN_GENCB_call(cb, 1, -1) is called. +While it is tested by the Miller-Rabin primality test, +BN_GENCB_call(cb, 1, i) is called in the outer loop +(once for each witness that confirms that the candidate may be prime). +i is the loop counter (starting at 0).

      +
      • +
    • +

      When p has been found, BN_GENCB_call(cb, 2, 1) is called.

      +
      • +
    • +

      When the generator has been found, BN_GENCB_call(cb, 3, 1) is called.

      +
      • +
    +

    +

    +
    +

    RETURN VALUES

    +

    DSA_generate_parameters_ex() returns a 1 on success, or 0 otherwise. +The error codes can be obtained by ERR_get_error(3).

    +

    DSA_generate_parameters() returns a pointer to the DSA structure or +NULL if the parameter generation fails.

    +

    +

    +
    +

    BUGS

    +

    Seed lengths greater than 20 are not supported.

    +

    +

    +
    +

    SEE ALSO

    +

    DSA_new(3), ERR_get_error(3), RAND_bytes(3), +DSA_free(3), BN_generate_prime(3)

    +

    +

    +
    +

    HISTORY

    +

    DSA_generate_parameters() was deprecated in OpenSSL 0.9.8; use +DSA_generate_parameters_ex() instead.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/DSA_get0_pqg.html b/linux_amd64/ssl/share/doc/openssl/html/man3/DSA_get0_pqg.html new file mode 100755 index 0000000..f1af70b --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/DSA_get0_pqg.html @@ -0,0 +1,146 @@ + + + + +DSA_get0_pqg + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    DSA_get0_pqg, DSA_set0_pqg, DSA_get0_key, DSA_set0_key, +DSA_get0_p, DSA_get0_q, DSA_get0_g, +DSA_get0_pub_key, DSA_get0_priv_key, +DSA_clear_flags, DSA_test_flags, DSA_set_flags, +DSA_get0_engine - Routines for getting and +setting data in a DSA object

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/dsa.h>
    +
    + void DSA_get0_pqg(const DSA *d,
+                   const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
+ int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g);
+ void DSA_get0_key(const DSA *d,
+                   const BIGNUM **pub_key, const BIGNUM **priv_key);
+ int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key);
+ const BIGNUM *DSA_get0_p(const DSA *d);
+ const BIGNUM *DSA_get0_q(const DSA *d);
+ const BIGNUM *DSA_get0_g(const DSA *d);
+ const BIGNUM *DSA_get0_pub_key(const DSA *d);
+ const BIGNUM *DSA_get0_priv_key(const DSA *d);
+ void DSA_clear_flags(DSA *d, int flags);
+ int DSA_test_flags(const DSA *d, int flags);
+ void DSA_set_flags(DSA *d, int flags);
+ ENGINE *DSA_get0_engine(DSA *d);
    +

    +

    +
    +

    DESCRIPTION

    +

    A DSA object contains the parameters p, q and g. It also contains a +public key (pub_key) and (optionally) a private key (priv_key).

    +

    The p, q and g parameters can be obtained by calling DSA_get0_pqg(). +If the parameters have not yet been set then *p, *q and *g will be set +to NULL. Otherwise they are set to pointers to their respective values. These +point directly to the internal representations of the values and therefore +should not be freed directly.

    +

    The p, q and g values can be set by calling DSA_set0_pqg() and passing +the new values for p, q and g as parameters to the function. Calling +this function transfers the memory management of the values to the DSA object, +and therefore the values that have been passed in should not be freed directly +after this function has been called.

    +

    To get the public and private key values use the DSA_get0_key() function. A +pointer to the public key will be stored in *pub_key, and a pointer to the +private key will be stored in *priv_key. Either may be NULL if they have not +been set yet, although if the private key has been set then the public key must +be. The values point to the internal representation of the public key and +private key values. This memory should not be freed directly.

    +

    The public and private key values can be set using DSA_set0_key(). The public +key must be non-NULL the first time this function is called on a given DSA +object. The private key may be NULL. On subsequent calls, either may be NULL, +which means the corresponding DSA field is left untouched. As for DSA_set0_pqg() +this function transfers the memory management of the key values to the DSA +object, and therefore they should not be freed directly after this function has +been called.

    +

    Any of the values p, q, g, priv_key, and pub_key can also be +retrieved separately by the corresponding function DSA_get0_p(), DSA_get0_q(), +DSA_get0_g(), DSA_get0_priv_key(), and DSA_get0_pub_key(), respectively.

    +

    DSA_set_flags() sets the flags in the flags parameter on the DSA object. +Multiple flags can be passed in one go (bitwise ORed together). Any flags that +are already set are left set. DSA_test_flags() tests to see whether the flags +passed in the flags parameter are currently set in the DSA object. Multiple +flags can be tested in one go. All flags that are currently set are returned, or +zero if none of the flags are set. DSA_clear_flags() clears the specified flags +within the DSA object.

    +

    DSA_get0_engine() returns a handle to the ENGINE that has been set for this DSA +object, or NULL if no such ENGINE has been set.

    +

    +

    +
    +

    NOTES

    +

    Values retrieved with DSA_get0_key() are owned by the DSA object used +in the call and may therefore not be passed to DSA_set0_key(). If +needed, duplicate the received value using BN_dup() and pass the +duplicate. The same applies to DSA_get0_pqg() and DSA_set0_pqg().

    +

    +

    +
    +

    RETURN VALUES

    +

    DSA_set0_pqg() and DSA_set0_key() return 1 on success or 0 on failure.

    +

    DSA_test_flags() returns the current state of the flags in the DSA object.

    +

    DSA_get0_engine() returns the ENGINE set for the DSA object or NULL if no ENGINE +has been set.

    +

    +

    +
    +

    SEE ALSO

    +

    DSA_new(3), DSA_new(3), DSA_generate_parameters(3), DSA_generate_key(3), +DSA_dup_DH(3), DSA_do_sign(3), DSA_set_method(3), DSA_SIG_new(3), +DSA_sign(3), DSA_size(3), DSA_meth_new(3)

    +

    +

    +
    +

    HISTORY

    +

    The functions described here were added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/DSA_meth_new.html b/linux_amd64/ssl/share/doc/openssl/html/man3/DSA_meth_new.html new file mode 100755 index 0000000..be32521 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/DSA_meth_new.html @@ -0,0 +1,240 @@ + + + + +DSA_meth_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    DSA_meth_new, DSA_meth_free, DSA_meth_dup, DSA_meth_get0_name, +DSA_meth_set1_name, DSA_meth_get_flags, DSA_meth_set_flags, +DSA_meth_get0_app_data, DSA_meth_set0_app_data, DSA_meth_get_sign, +DSA_meth_set_sign, DSA_meth_get_sign_setup, DSA_meth_set_sign_setup, +DSA_meth_get_verify, DSA_meth_set_verify, DSA_meth_get_mod_exp, +DSA_meth_set_mod_exp, DSA_meth_get_bn_mod_exp, DSA_meth_set_bn_mod_exp, +DSA_meth_get_init, DSA_meth_set_init, DSA_meth_get_finish, DSA_meth_set_finish, +DSA_meth_get_paramgen, DSA_meth_set_paramgen, DSA_meth_get_keygen, +DSA_meth_set_keygen - Routines to build up DSA methods

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/dsa.h>
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + DSA_METHOD *DSA_meth_new(const char *name, int flags);
    +
    + void DSA_meth_free(DSA_METHOD *dsam);
    +
    + DSA_METHOD *DSA_meth_dup(const DSA_METHOD *meth);
    +
    + const char *DSA_meth_get0_name(const DSA_METHOD *dsam);
+ int DSA_meth_set1_name(DSA_METHOD *dsam, const char *name);
    +
    + int DSA_meth_get_flags(const DSA_METHOD *dsam);
+ int DSA_meth_set_flags(DSA_METHOD *dsam, int flags);
    +
    + void *DSA_meth_get0_app_data(const DSA_METHOD *dsam);
+ int DSA_meth_set0_app_data(DSA_METHOD *dsam, void *app_data);
    +
    + DSA_SIG *(*DSA_meth_get_sign(const DSA_METHOD *dsam))(const unsigned char *,
+                                                       int, DSA *);
+ int DSA_meth_set_sign(DSA_METHOD *dsam, DSA_SIG *(*sign)(const unsigned char *,
+                                                          int, DSA *));
    +
    + int (*DSA_meth_get_sign_setup(const DSA_METHOD *dsam))(DSA *, BN_CTX *,$
+                                                        BIGNUM **, BIGNUM **);
+ int DSA_meth_set_sign_setup(DSA_METHOD *dsam, int (*sign_setup)(DSA *, BN_CTX *,
+                                                                 BIGNUM **, BIGNUM **));
    +
    + int (*DSA_meth_get_verify(const DSA_METHOD *dsam))(const unsigned char *,
+                                                    int, DSA_SIG *, DSA *);
+ int DSA_meth_set_verify(DSA_METHOD *dsam, int (*verify)(const unsigned char *,
+                                                         int, DSA_SIG *, DSA *));
    +
    + int (*DSA_meth_get_mod_exp(const DSA_METHOD *dsam))(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
+                                                     BIGNUM *p1, BIGNUM *a2, BIGNUM *p2,
+                                                     BIGNUM *m, BN_CTX *ctx,
+                                                     BN_MONT_CTX *in_mont);
+ int DSA_meth_set_mod_exp(DSA_METHOD *dsam, int (*mod_exp)(DSA *dsa, BIGNUM *rr,
+                                                           BIGNUM *a1, BIGNUM *p1,
+                                                           BIGNUM *a2, BIGNUM *p2,
+                                                           BIGNUM *m, BN_CTX *ctx,
+                                                           BN_MONT_CTX *mont));
    +
    + int (*DSA_meth_get_bn_mod_exp(const DSA_METHOD *dsam))(DSA *dsa, BIGNUM *r, BIGNUM *a,
+                                                        const BIGNUM *p, const BIGNUM *m,
+                                                        BN_CTX *ctx, BN_MONT_CTX *mont);
+ int DSA_meth_set_bn_mod_exp(DSA_METHOD *dsam, int (*bn_mod_exp)(DSA *dsa,
+                                                                 BIGNUM *r,
+                                                                 BIGNUM *a,
+                                                                 const BIGNUM *p,
+                                                                 const BIGNUM *m,
+                                                                 BN_CTX *ctx,
+                                                                 BN_MONT_CTX *mont));
    +
    + int (*DSA_meth_get_init(const DSA_METHOD *dsam))(DSA *);
+ int DSA_meth_set_init(DSA_METHOD *dsam, int (*init)(DSA *));
    +
    + int (*DSA_meth_get_finish(const DSA_METHOD *dsam))(DSA *);
+ int DSA_meth_set_finish(DSA_METHOD *dsam, int (*finish)(DSA *));
    +
    + int (*DSA_meth_get_paramgen(const DSA_METHOD *dsam))(DSA *, int,
+                                                      const unsigned char *,
+                                                      int, int *, unsigned long *,
+                                                      BN_GENCB *);
+ int DSA_meth_set_paramgen(DSA_METHOD *dsam,
+                           int (*paramgen)(DSA *, int, const unsigned char *,
+                                           int, int *, unsigned long *, BN_GENCB *));
    +
    + int (*DSA_meth_get_keygen(const DSA_METHOD *dsam))(DSA *);
+ int DSA_meth_set_keygen(DSA_METHOD *dsam, int (*keygen)(DSA *));
    +

    +

    +
    +

    DESCRIPTION

    +

    All of the functions described on this page are deprecated. +Applications and extension implementations should instead use the +OSSL_PROVIDER APIs.

    +

    The DSA_METHOD type is a structure used for the provision of custom DSA +implementations. It provides a set of functions used by OpenSSL for the +implementation of the various DSA capabilities.

    +

    DSA_meth_new() creates a new DSA_METHOD structure. It should be given a +unique name and a set of flags. The name should be a NULL terminated +string, which will be duplicated and stored in the DSA_METHOD object. It is +the callers responsibility to free the original string. The flags will be used +during the construction of a new DSA object based on this DSA_METHOD. Any +new DSA object will have those flags set by default.

    +

    DSA_meth_dup() creates a duplicate copy of the DSA_METHOD object passed as a +parameter. This might be useful for creating a new DSA_METHOD based on an +existing one, but with some differences.

    +

    DSA_meth_free() destroys a DSA_METHOD structure and frees up any memory +associated with it.

    +

    DSA_meth_get0_name() will return a pointer to the name of this DSA_METHOD. This +is a pointer to the internal name string and so should not be freed by the +caller. DSA_meth_set1_name() sets the name of the DSA_METHOD to name. The +string is duplicated and the copy is stored in the DSA_METHOD structure, so the +caller remains responsible for freeing the memory associated with the name.

    +

    DSA_meth_get_flags() returns the current value of the flags associated with this +DSA_METHOD. DSA_meth_set_flags() provides the ability to set these flags.

    +

    The functions DSA_meth_get0_app_data() and DSA_meth_set0_app_data() provide the +ability to associate implementation specific data with the DSA_METHOD. It is +the application's responsibility to free this data before the DSA_METHOD is +freed via a call to DSA_meth_free().

    +

    DSA_meth_get_sign() and DSA_meth_set_sign() get and set the function used for +creating a DSA signature respectively. This function will be +called in response to the application calling DSA_do_sign() (or DSA_sign()). The +parameters for the function have the same meaning as for DSA_do_sign().

    +

    DSA_meth_get_sign_setup() and DSA_meth_set_sign_setup() get and set the function +used for precalculating the DSA signature values k^-1 and r. This function +will be called in response to the application calling DSA_sign_setup(). The +parameters for the function have the same meaning as for DSA_sign_setup().

    +

    DSA_meth_get_verify() and DSA_meth_set_verify() get and set the function used +for verifying a DSA signature respectively. This function will be called in +response to the application calling DSA_do_verify() (or DSA_verify()). The +parameters for the function have the same meaning as for DSA_do_verify().

    +

    DSA_meth_get_mod_exp() and DSA_meth_set_mod_exp() get and set the function used +for computing the following value:

    +
    + rr = a1^p1 * a2^p2 mod m
    +

    This function will be called by the default OpenSSL method during verification +of a DSA signature. The result is stored in the rr parameter. This function +may be NULL.

    +

    DSA_meth_get_bn_mod_exp() and DSA_meth_set_bn_mod_exp() get and set the function +used for computing the following value:

    +
    + r = a ^ p mod m
    +

    This function will be called by the default OpenSSL function for +DSA_sign_setup(). The result is stored in the r parameter. This function +may be NULL.

    +

    DSA_meth_get_init() and DSA_meth_set_init() get and set the function used +for creating a new DSA instance respectively. This function will be +called in response to the application calling DSA_new() (if the current default +DSA_METHOD is this one) or DSA_new_method(). The DSA_new() and DSA_new_method() +functions will allocate the memory for the new DSA object, and a pointer to this +newly allocated structure will be passed as a parameter to the function. This +function may be NULL.

    +

    DSA_meth_get_finish() and DSA_meth_set_finish() get and set the function used +for destroying an instance of a DSA object respectively. This function will be +called in response to the application calling DSA_free(). A pointer to the DSA +to be destroyed is passed as a parameter. The destroy function should be used +for DSA implementation specific clean up. The memory for the DSA itself should +not be freed by this function. This function may be NULL.

    +

    DSA_meth_get_paramgen() and DSA_meth_set_paramgen() get and set the function +used for generating DSA parameters respectively. This function will be called in +response to the application calling DSA_generate_parameters_ex() (or +DSA_generate_parameters()). The parameters for the function have the same +meaning as for DSA_generate_parameters_ex().

    +

    DSA_meth_get_keygen() and DSA_meth_set_keygen() get and set the function +used for generating a new DSA key pair respectively. This function will be +called in response to the application calling DSA_generate_key(). The parameter +for the function has the same meaning as for DSA_generate_key().

    +

    +

    +
    +

    RETURN VALUES

    +

    DSA_meth_new() and DSA_meth_dup() return the newly allocated DSA_METHOD object +or NULL on failure.

    +

    DSA_meth_get0_name() and DSA_meth_get_flags() return the name and flags +associated with the DSA_METHOD respectively.

    +

    All other DSA_meth_get_*() functions return the appropriate function pointer +that has been set in the DSA_METHOD, or NULL if no such pointer has yet been +set.

    +

    DSA_meth_set1_name() and all DSA_meth_set_*() functions return 1 on success or +0 on failure.

    +

    +

    +
    +

    SEE ALSO

    +

    DSA_new(3), DSA_new(3), DSA_generate_parameters(3), DSA_generate_key(3), +DSA_dup_DH(3), DSA_do_sign(3), DSA_set_method(3), DSA_SIG_new(3), +DSA_sign(3), DSA_size(3), DSA_get0_pqg(3)

    +

    +

    +
    +

    HISTORY

    +

    The functions described here were deprecated in OpenSSL 3.0.

    +

    The functions described here were added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/DSA_new.html b/linux_amd64/ssl/share/doc/openssl/html/man3/DSA_new.html new file mode 100755 index 0000000..a9574df --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/DSA_new.html @@ -0,0 +1,83 @@ + + + + +DSA_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    DSA_new, DSA_free - allocate and free DSA objects

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/dsa.h>
    +
    + DSA* DSA_new(void);
    +
    + void DSA_free(DSA *dsa);
    +

    +

    +
    +

    DESCRIPTION

    +

    DSA_new() allocates and initializes a DSA structure. It is equivalent to +calling DSA_new_method(NULL).

    +

    DSA_free() frees the DSA structure and its components. The values are +erased before the memory is returned to the system. +If dsa is NULL nothing is done.

    +

    +

    +
    +

    RETURN VALUES

    +

    If the allocation fails, DSA_new() returns NULL and sets an error +code that can be obtained by +ERR_get_error(3). Otherwise it returns a pointer +to the newly allocated structure.

    +

    DSA_free() returns no value.

    +

    +

    +
    +

    SEE ALSO

    +

    DSA_new(3), ERR_get_error(3), +DSA_generate_parameters(3), +DSA_generate_key(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/DSA_set_method.html b/linux_amd64/ssl/share/doc/openssl/html/man3/DSA_set_method.html new file mode 100755 index 0000000..49abd5d --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/DSA_set_method.html @@ -0,0 +1,117 @@ + + + + +DSA_set_method + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    DSA_set_default_method, DSA_get_default_method, +DSA_set_method, DSA_new_method, DSA_OpenSSL - select DSA method

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/dsa.h>
    +
    + void DSA_set_default_method(const DSA_METHOD *meth);
    +
    + const DSA_METHOD *DSA_get_default_method(void);
    +
    + int DSA_set_method(DSA *dsa, const DSA_METHOD *meth);
    +
    + DSA *DSA_new_method(ENGINE *engine);
    +
    + DSA_METHOD *DSA_OpenSSL(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    A DSA_METHOD specifies the functions that OpenSSL uses for DSA +operations. By modifying the method, alternative implementations +such as hardware accelerators may be used. IMPORTANT: See the NOTES section for +important information about how these DSA API functions are affected by the use +of ENGINE API calls.

    +

    Initially, the default DSA_METHOD is the OpenSSL internal implementation, +as returned by DSA_OpenSSL().

    +

    DSA_set_default_method() makes meth the default method for all DSA +structures created later. +NB: This is true only whilst no ENGINE has +been set as a default for DSA, so this function is no longer recommended. +This function is not thread-safe and should not be called at the same time +as other OpenSSL functions.

    +

    DSA_get_default_method() returns a pointer to the current default +DSA_METHOD. However, the meaningfulness of this result is dependent on +whether the ENGINE API is being used, so this function is no longer +recommended.

    +

    DSA_set_method() selects meth to perform all operations using the key +rsa. This will replace the DSA_METHOD used by the DSA key and if the +previous method was supplied by an ENGINE, the handle to that ENGINE will +be released during the change. It is possible to have DSA keys that only +work with certain DSA_METHOD implementations (eg. from an ENGINE module +that supports embedded hardware-protected keys), and in such cases +attempting to change the DSA_METHOD for the key can have unexpected +results. See DSA_meth_new(3) for information on constructing custom DSA_METHOD +objects;

    +

    DSA_new_method() allocates and initializes a DSA structure so that engine +will be used for the DSA operations. If engine is NULL, the default engine +for DSA operations is used, and if no default ENGINE is set, the DSA_METHOD +controlled by DSA_set_default_method() is used.

    +

    +

    +
    +

    RETURN VALUES

    +

    DSA_OpenSSL() and DSA_get_default_method() return pointers to the respective +DSA_METHODs.

    +

    DSA_set_default_method() returns no value.

    +

    DSA_set_method() returns nonzero if the provided meth was successfully set as +the method for dsa (including unloading the ENGINE handle if the previous +method was supplied by an ENGINE).

    +

    DSA_new_method() returns NULL and sets an error code that can be +obtained by ERR_get_error(3) if the allocation +fails. Otherwise it returns a pointer to the newly allocated structure.

    +

    +

    +
    +

    SEE ALSO

    +

    DSA_new(3), DSA_new(3), DSA_meth_new(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/DSA_sign.html b/linux_amd64/ssl/share/doc/openssl/html/man3/DSA_sign.html new file mode 100755 index 0000000..897bcc1 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/DSA_sign.html @@ -0,0 +1,106 @@ + + + + +DSA_sign + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    DSA_sign, DSA_sign_setup, DSA_verify - DSA signatures

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/dsa.h>
    +
    + int DSA_sign(int type, const unsigned char *dgst, int len,
+              unsigned char *sigret, unsigned int *siglen, DSA *dsa);
    +
    + int DSA_sign_setup(DSA *dsa, BN_CTX *ctx, BIGNUM **kinvp, BIGNUM **rp);
    +
    + int DSA_verify(int type, const unsigned char *dgst, int len,
+                unsigned char *sigbuf, int siglen, DSA *dsa);
    +

    +

    +
    +

    DESCRIPTION

    +

    DSA_sign() computes a digital signature on the len byte message +digest dgst using the private key dsa and places its ASN.1 DER +encoding at sigret. The length of the signature is places in +*siglen. sigret must point to DSA_size(dsa) bytes of memory.

    +

    DSA_sign_setup() is defined only for backward binary compatibility and +should not be used. +Since OpenSSL 1.1.0 the DSA type is opaque and the output of +DSA_sign_setup() cannot be used anyway: calling this function will only +cause overhead, and does not affect the actual signature +(pre-)computation.

    +

    DSA_verify() verifies that the signature sigbuf of size siglen +matches a given message digest dgst of size len. +dsa is the signer's public key.

    +

    The type parameter is ignored.

    +

    The random generator must be seeded when DSA_sign() (or DSA_sign_setup()) +is called. +If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to +external circumstances (see RAND(7)), the operation will fail.

    +

    +

    +
    +

    RETURN VALUES

    +

    DSA_sign() and DSA_sign_setup() return 1 on success, 0 on error. +DSA_verify() returns 1 for a valid signature, 0 for an incorrect +signature and -1 on error. The error codes can be obtained by +ERR_get_error(3).

    +

    +

    +
    +

    CONFORMING TO

    +

    US Federal Information Processing Standard FIPS 186 (Digital Signature +Standard, DSS), ANSI X9.30

    +

    +

    +
    +

    SEE ALSO

    +

    DSA_new(3), ERR_get_error(3), RAND_bytes(3), +DSA_do_sign(3), +RAND(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/DSA_size.html b/linux_amd64/ssl/share/doc/openssl/html/man3/DSA_size.html new file mode 100755 index 0000000..b8c4617 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/DSA_size.html @@ -0,0 +1,96 @@ + + + + +DSA_size + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    DSA_size, DSA_bits, DSA_security_bits - get DSA signature size, key bits or security bits

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/dsa.h>
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + int DSA_size(const DSA *dsa);
+ int DSA_bits(const DSA *dsa);
+ int DSA_security_bits(const DSA *dsa);
    +

    +

    +
    +

    DESCRIPTION

    +

    All of the functions described on this page are deprecated. +Applications should instead use EVP_PKEY_bits(3), +EVP_PKEY_security_bits(3) and EVP_PKEY_size(3).

    +

    DSA_size() returns the maximum size of an ASN.1 encoded DSA signature +for key dsa in bytes. It can be used to determine how much memory must +be allocated for a DSA signature.

    +

    dsa->q must not be NULL.

    +

    DSA_bits() returns the number of bits in key dsa: this is the number +of bits in the p parameter.

    +

    DSA_security_bits() returns the number of security bits of the given dsa +key. See BN_security_bits(3).

    +

    +

    +
    +

    RETURN VALUES

    +

    DSA_size() returns the signature size in bytes.

    +

    DSA_bits() returns the number of bits in the key.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_PKEY_bits(3), +EVP_PKEY_security_bits(3), +EVP_PKEY_size(3), +DSA_new(3), DSA_sign(3)

    +

    +

    +
    +

    HISTORY

    +

    All of these functions were deprecated in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/DTLS_get_data_mtu.html b/linux_amd64/ssl/share/doc/openssl/html/man3/DTLS_get_data_mtu.html new file mode 100755 index 0000000..e918265 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/DTLS_get_data_mtu.html @@ -0,0 +1,73 @@ + + + + +DTLS_get_data_mtu + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    DTLS_get_data_mtu - Get maximum data payload size

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + size_t DTLS_get_data_mtu(const SSL *ssl);
    +

    +

    +
    +

    DESCRIPTION

    +

    This function obtains the maximum data payload size for the established +DTLS connection ssl, based on the DTLS record MTU and the overhead +of the DTLS record header, encryption and authentication currently in use.

    +

    +

    +
    +

    RETURN VALUES

    +

    Returns the maximum data payload size on success, or 0 on failure.

    +

    +

    +
    +

    HISTORY

    +

    The DTLS_get_data_mtu() function was added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/DTLS_set_timer_cb.html b/linux_amd64/ssl/share/doc/openssl/html/man3/DTLS_set_timer_cb.html new file mode 100755 index 0000000..b7022b9 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/DTLS_set_timer_cb.html @@ -0,0 +1,77 @@ + + + + +DTLS_set_timer_cb + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    DTLS_timer_cb, +DTLS_set_timer_cb +- Set callback for controlling DTLS timer duration

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + typedef unsigned int (*DTLS_timer_cb)(SSL *s, unsigned int timer_us);
    +
    + void DTLS_set_timer_cb(SSL *s, DTLS_timer_cb cb);
    +

    +

    +
    +

    DESCRIPTION

    +

    This function sets an optional callback function for controlling the +timeout interval on the DTLS protocol. The callback function will be +called by DTLS for every new DTLS packet that is sent.

    +

    +

    +
    +

    RETURN VALUES

    +

    Returns void.

    +

    +

    +
    +

    HISTORY

    +

    The DTLS_set_timer_cb() function was added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/DTLSv1_listen.html b/linux_amd64/ssl/share/doc/openssl/html/man3/DTLSv1_listen.html new file mode 100755 index 0000000..a167a5a --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/DTLSv1_listen.html @@ -0,0 +1,163 @@ + + + + +DTLSv1_listen + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_stateless, +DTLSv1_listen +- Statelessly listen for incoming connections

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_stateless(SSL *s);
+ int DTLSv1_listen(SSL *ssl, BIO_ADDR *peer);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_stateless() statelessly listens for new incoming TLSv1.3 connections. +DTLSv1_listen() statelessly listens for new incoming DTLS connections. If a +ClientHello is received that does not contain a cookie, then they respond with a +request for a new ClientHello that does contain a cookie. If a ClientHello is +received with a cookie that is verified then the function returns in order to +enable the handshake to be completed (for example by using SSL_accept()).

    +

    +

    +
    +

    NOTES

    +

    Some transport protocols (such as UDP) can be susceptible to amplification +attacks. Unlike TCP there is no initial connection setup in UDP that +validates that the client can actually receive messages on its advertised source +address. An attacker could forge its source IP address and then send handshake +initiation messages to the server. The server would then send its response to +the forged source IP. If the response messages are larger than the original +message then the amplification attack has succeeded.

    +

    If DTLS is used over UDP (or any datagram based protocol that does not validate +the source IP) then it is susceptible to this type of attack. TLSv1.3 is +designed to operate over a stream-based transport protocol (such as TCP). +If TCP is being used then there is no need to use SSL_stateless(). However some +stream-based transport protocols (e.g. QUIC) may not validate the source +address. In this case a TLSv1.3 application would be susceptible to this attack.

    +

    As a countermeasure to this issue TLSv1.3 and DTLS include a stateless cookie +mechanism. The idea is that when a client attempts to connect to a server it +sends a ClientHello message. The server responds with a HelloRetryRequest (in +TLSv1.3) or a HelloVerifyRequest (in DTLS) which contains a unique cookie. The +client then resends the ClientHello, but this time includes the cookie in the +message thus proving that the client is capable of receiving messages sent to +that address. All of this can be done by the server without allocating any +state, and thus without consuming expensive resources.

    +

    OpenSSL implements this capability via the SSL_stateless() and DTLSv1_listen() +functions. The ssl parameter should be a newly allocated SSL object with its +read and write BIOs set, in the same way as might be done for a call to +SSL_accept(). Typically, for DTLS, the read BIO will be in an "unconnected" +state and thus capable of receiving messages from any peer.

    +

    When a ClientHello is received that contains a cookie that has been verified, +then these functions will return with the ssl parameter updated into a state +where the handshake can be continued by a call to (for example) SSL_accept(). +Additionally, for DTLSv1_listen(), the BIO_ADDR pointed to by peer will be +filled in with details of the peer that sent the ClientHello. If the underlying +BIO is unable to obtain the BIO_ADDR of the peer (for example because the BIO +does not support this), then *peer will be cleared and the family set to +AF_UNSPEC. Typically user code is expected to "connect" the underlying socket to +the peer and continue the handshake in a connected state.

    +

    Prior to calling DTLSv1_listen() user code must ensure that cookie generation +and verification callbacks have been set up using +SSL_CTX_set_cookie_generate_cb(3) and SSL_CTX_set_cookie_verify_cb(3) +respectively. For SSL_stateless(), SSL_CTX_set_stateless_cookie_generate_cb(3) +and SSL_CTX_set_stateless_cookie_verify_cb(3) must be used instead.

    +

    Since DTLSv1_listen() operates entirely statelessly whilst processing incoming +ClientHellos it is unable to process fragmented messages (since this would +require the allocation of state). An implication of this is that DTLSv1_listen() +only supports ClientHellos that fit inside a single datagram.

    +

    For SSL_stateless() if an entire ClientHello message cannot be read without the +"read" BIO becoming empty then the SSL_stateless() call will fail. It is the +application's responsibility to ensure that data read from the "read" BIO during +a single SSL_stateless() call is all from the same peer.

    +

    SSL_stateless() will fail (with a 0 return value) if some TLS version less than +TLSv1.3 is used.

    +

    Both SSL_stateless() and DTLSv1_listen() will clear the error queue when they +start.

    +

    +

    +
    +

    RETURN VALUES

    +

    For SSL_stateless() a return value of 1 indicates success and the ssl object +will be set up ready to continue the handshake. A return value of 0 or -1 +indicates failure. If the value is 0 then a HelloRetryRequest was sent. A value +of -1 indicates any other error. User code may retry the SSL_stateless() call.

    +

    For DTLSv1_listen() a return value of >= 1 indicates success. The ssl object +will be set up ready to continue the handshake. the peer value will also be +filled in.

    +

    A return value of 0 indicates a non-fatal error. This could (for +example) be because of non-blocking IO, or some invalid message having been +received from a peer. Errors may be placed on the OpenSSL error queue with +further information if appropriate. Typically user code is expected to retry the +call to DTLSv1_listen() in the event of a non-fatal error.

    +

    A return value of <0 indicates a fatal error. This could (for example) be +because of a failure to allocate sufficient memory for the operation.

    +

    For DTLSv1_listen(), prior to OpenSSL 1.1.0, fatal and non-fatal errors both +produce return codes <= 0 (in typical implementations user code treats all +errors as non-fatal), whilst return codes >0 indicate success.

    +

    +

    +
    +

    SEE ALSO

    +

    SSL_CTX_set_cookie_generate_cb(3), SSL_CTX_set_cookie_verify_cb(3), +SSL_CTX_set_stateless_cookie_generate_cb(3), +SSL_CTX_set_stateless_cookie_verify_cb(3), SSL_get_error(3), +SSL_accept(3), ssl(7), bio(7)

    +

    +

    +
    +

    HISTORY

    +

    The SSL_stateless() function was added in OpenSSL 1.1.1.

    +

    The DTLSv1_listen() return codes were clarified in OpenSSL 1.1.0. +The type of "peer" also changed in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/ECDSA_SIG_new.html b/linux_amd64/ssl/share/doc/openssl/html/man3/ECDSA_SIG_new.html new file mode 100755 index 0000000..3754540 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/ECDSA_SIG_new.html @@ -0,0 +1,236 @@ + + + + +ECDSA_SIG_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    ECDSA_SIG_get0, ECDSA_SIG_get0_r, ECDSA_SIG_get0_s, ECDSA_SIG_set0, +ECDSA_SIG_new, ECDSA_SIG_free, ECDSA_size, ECDSA_sign, ECDSA_do_sign, +ECDSA_verify, ECDSA_do_verify, ECDSA_sign_setup, ECDSA_sign_ex, +ECDSA_do_sign_ex - low level elliptic curve digital signature algorithm (ECDSA) +functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ecdsa.h>
    +
    + ECDSA_SIG *ECDSA_SIG_new(void);
+ void ECDSA_SIG_free(ECDSA_SIG *sig);
+ void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
+ const BIGNUM *ECDSA_SIG_get0_r(const ECDSA_SIG *sig);
+ const BIGNUM *ECDSA_SIG_get0_s(const ECDSA_SIG *sig);
+ int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s);
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + int ECDSA_size(const EC_KEY *eckey);
    +
    + int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen,
+                unsigned char *sig, unsigned int *siglen, EC_KEY *eckey);
+ ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dgst_len,
+                          EC_KEY *eckey);
    +
    + int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen,
+                  const unsigned char *sig, int siglen, EC_KEY *eckey);
+ int ECDSA_do_verify(const unsigned char *dgst, int dgst_len,
+                     const ECDSA_SIG *sig, EC_KEY* eckey);
    +
    + ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen,
+                             const BIGNUM *kinv, const BIGNUM *rp,
+                             EC_KEY *eckey);
+ int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **rp);
+ int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen,
+                   unsigned char *sig, unsigned int *siglen,
+                   const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey);
    +

    +

    +
    +

    DESCRIPTION

    +

    ECDSA_SIG is an opaque structure consisting of two BIGNUMs for the +r and s value of an ECDSA signature (see X9.62 or FIPS 186-2).

    +

    ECDSA_SIG_new() allocates an empty ECDSA_SIG structure. Note: before +OpenSSL 1.1.0 the: the r and s components were initialised.

    +

    ECDSA_SIG_free() frees the ECDSA_SIG structure sig.

    +

    ECDSA_SIG_get0() returns internal pointers the r and s values contained +in sig and stores them in *pr and *ps, respectively. +The pointer pr or ps can be NULL, in which case the corresponding value +is not returned.

    +

    The values r, s can also be retrieved separately by the corresponding +function ECDSA_SIG_get0_r() and ECDSA_SIG_get0_s(), respectively.

    +

    The r and s values can be set by calling ECDSA_SIG_set0() and passing the +new values for r and s as parameters to the function. Calling this +function transfers the memory management of the values to the ECDSA_SIG object, +and therefore the values that have been passed in should not be freed directly +after this function has been called.

    +

    See i2d_ECDSA_SIG(3) and d2i_ECDSA_SIG(3) for information about encoding +and decoding ECDSA signatures to/from DER.

    +

    All of the functions described below are deprecated. Applications should +use the higher level EVP interface such as EVP_DigestSignInit(3) +or EVP_DigestVerifyInit(3) instead.

    +

    ECDSA_size() returns the maximum length of a DER encoded ECDSA signature +created with the private EC key eckey. To obtain the actual signature +size use EVP_PKEY_sign(3) with a NULL sig parameter.

    +

    ECDSA_sign() computes a digital signature of the dgstlen bytes hash value +dgst using the private EC key eckey. The DER encoded signatures is +stored in sig and its length is returned in sig_len. Note: sig must +point to ECDSA_size(eckey) bytes of memory. The parameter type is currently +ignored. ECDSA_sign() is wrapper function for ECDSA_sign_ex() with kinv +and rp set to NULL.

    +

    ECDSA_do_sign() is similar to ECDSA_sign() except the signature is returned +as a newly allocated ECDSA_SIG structure (or NULL on error). ECDSA_do_sign() +is a wrapper function for ECDSA_do_sign_ex() with kinv and rp set to +NULL.

    +

    ECDSA_verify() verifies that the signature in sig of size siglen is a +valid ECDSA signature of the hash value dgst of size dgstlen using the +public key eckey. The parameter type is ignored.

    +

    ECDSA_do_verify() is similar to ECDSA_verify() except the signature is +presented in the form of a pointer to an ECDSA_SIG structure.

    +

    The remaining functions utilise the internal kinv and r values used +during signature computation. Most applications will never need to call these +and some external ECDSA ENGINE implementations may not support them at all if +either kinv or r is not NULL.

    +

    ECDSA_sign_setup() may be used to precompute parts of the signing operation. +eckey is the private EC key and ctx is a pointer to BN_CTX structure +(or NULL). The precomputed values or returned in kinv and rp and can be +used in a later call to ECDSA_sign_ex() or ECDSA_do_sign_ex().

    +

    ECDSA_sign_ex() computes a digital signature of the dgstlen bytes hash value +dgst using the private EC key eckey and the optional pre-computed values +kinv and rp. The DER encoded signature is stored in sig and its +length is returned in sig_len. Note: sig must point to ECDSA_size(eckey) +bytes of memory. The parameter type is ignored.

    +

    ECDSA_do_sign_ex() is similar to ECDSA_sign_ex() except the signature is +returned as a newly allocated ECDSA_SIG structure (or NULL on error).

    +

    +

    +
    +

    RETURN VALUES

    +

    ECDSA_SIG_new() returns NULL if the allocation fails.

    +

    ECDSA_SIG_set0() returns 1 on success or 0 on failure.

    +

    ECDSA_SIG_get0_r() and ECDSA_SIG_get0_s() return the corresponding value, +or NULL if it is unset.

    +

    ECDSA_size() returns the maximum length signature or 0 on error.

    +

    ECDSA_sign(), ECDSA_sign_ex() and ECDSA_sign_setup() return 1 if successful +or 0 on error.

    +

    ECDSA_do_sign() and ECDSA_do_sign_ex() return a pointer to an allocated +ECDSA_SIG structure or NULL on error.

    +

    ECDSA_verify() and ECDSA_do_verify() return 1 for a valid +signature, 0 for an invalid signature and -1 on error. +The error codes can be obtained by ERR_get_error(3).

    +

    +

    +
    +

    EXAMPLES

    +

    Creating an ECDSA signature of a given SHA-256 hash value using the +named curve prime256v1 (aka P-256).

    +

    First step: create an EC_KEY object (note: this part is not ECDSA +specific)

    +
    + int ret;
+ ECDSA_SIG *sig;
+ EC_KEY *eckey;
    +
    + eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
+ if (eckey == NULL)
+     /* error */
+ if (EC_KEY_generate_key(eckey) == 0)
+     /* error */
    +

    Second step: compute the ECDSA signature of a SHA-256 hash value +using ECDSA_do_sign():

    +
    + sig = ECDSA_do_sign(digest, 32, eckey);
+ if (sig == NULL)
+     /* error */
    +

    or using ECDSA_sign():

    +
    + unsigned char *buffer, *pp;
+ int buf_len;
    +
    + buf_len = ECDSA_size(eckey);
+ buffer = OPENSSL_malloc(buf_len);
+ pp = buffer;
+ if (ECDSA_sign(0, dgst, dgstlen, pp, &buf_len, eckey) == 0)
+     /* error */
    +

    Third step: verify the created ECDSA signature using ECDSA_do_verify():

    +
    + ret = ECDSA_do_verify(digest, 32, sig, eckey);
    +

    or using ECDSA_verify():

    +
    + ret = ECDSA_verify(0, digest, 32, buffer, buf_len, eckey);
    +

    and finally evaluate the return value:

    +
    + if (ret == 1)
+     /* signature ok */
+ else if (ret == 0)
+     /* incorrect signature */
+ else
+     /* error */
    +

    +

    +
    +

    CONFORMING TO

    +

    ANSI X9.62, US Federal Information Processing Standard FIPS 186-2 +(Digital Signature Standard, DSS)

    +

    +

    +
    +

    SEE ALSO

    +

    EC_KEY_new(3), +EVP_DigestSignInit(3), +EVP_DigestVerifyInit(3), +EVP_PKEY_sign(3) +i2d_ECDSA_SIG(3), +d2i_ECDSA_SIG(3)

    +

    +

    +
    +

    HISTORY

    +

    The ECDSA_size(), ECDSA_sign(), ECDSA_do_sign(), ECDSA_verify(), +ECDSA_do_verify(), ECDSA_sign_setup(), ECDSA_sign_ex() and ECDSA_do_sign_ex() +functions were deprecated in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/ECPKParameters_print.html b/linux_amd64/ssl/share/doc/openssl/html/man3/ECPKParameters_print.html new file mode 100755 index 0000000..dcabd8e --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/ECPKParameters_print.html @@ -0,0 +1,80 @@ + + + + +ECPKParameters_print + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    ECPKParameters_print, ECPKParameters_print_fp - Functions for decoding and +encoding ASN1 representations of elliptic curve entities

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ec.h>
    +
    + int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off);
+ int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off);
    +

    +

    +
    +

    DESCRIPTION

    +

    The ECPKParameters represent the public parameters for an +EC_GROUP structure, which represents a curve.

    +

    The ECPKParameters_print() and ECPKParameters_print_fp() functions print +a human-readable output of the public parameters of the EC_GROUP to bp +or fp. The output lines are indented by off spaces.

    +

    +

    +
    +

    RETURN VALUES

    +

    ECPKParameters_print() and ECPKParameters_print_fp() +return 1 for success and 0 if an error occurs.

    +

    +

    +
    +

    SEE ALSO

    +

    crypto(7), EC_GROUP_new(3), EC_GROUP_copy(3), +EC_POINT_new(3), EC_POINT_add(3), EC_KEY_new(3), +EC_GFp_simple_method(3),

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2013-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EC_GFp_simple_method.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EC_GFp_simple_method.html new file mode 100755 index 0000000..f2615d5 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EC_GFp_simple_method.html @@ -0,0 +1,101 @@ + + + + +EC_GFp_simple_method + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EC_GFp_simple_method, EC_GFp_mont_method, EC_GFp_nist_method, EC_GFp_nistp224_method, EC_GFp_nistp256_method, EC_GFp_nistp521_method, EC_GF2m_simple_method, EC_METHOD_get_field_type - Functions for obtaining EC_METHOD objects

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ec.h>
    +
    + const EC_METHOD *EC_GFp_simple_method(void);
+ const EC_METHOD *EC_GFp_mont_method(void);
+ const EC_METHOD *EC_GFp_nist_method(void);
+ const EC_METHOD *EC_GFp_nistp224_method(void);
+ const EC_METHOD *EC_GFp_nistp256_method(void);
+ const EC_METHOD *EC_GFp_nistp521_method(void);
    +
    + const EC_METHOD *EC_GF2m_simple_method(void);
    +
    + int EC_METHOD_get_field_type(const EC_METHOD *meth);
    +

    +

    +
    +

    DESCRIPTION

    +

    The Elliptic Curve library provides a number of different implementations through a single common interface. +When constructing a curve using EC_GROUP_new (see EC_GROUP_new(3)) an +implementation method must be provided. The functions described here all return a const pointer to an +EC_METHOD structure that can be passed to EC_GROUP_NEW. It is important that the correct implementation +type for the form of curve selected is used.

    +

    For F2^m curves there is only one implementation choice, i.e. EC_GF2_simple_method.

    +

    For Fp curves the lowest common denominator implementation is the EC_GFp_simple_method implementation. All +other implementations are based on this one. EC_GFp_mont_method builds on EC_GFp_simple_method but adds the +use of montgomery multiplication (see BN_mod_mul_montgomery(3)). EC_GFp_nist_method +offers an implementation optimised for use with NIST recommended curves (NIST curves are available through +EC_GROUP_new_by_curve_name as described in EC_GROUP_new(3)).

    +

    The functions EC_GFp_nistp224_method, EC_GFp_nistp256_method and EC_GFp_nistp521_method offer 64 bit +optimised implementations for the NIST P224, P256 and P521 curves respectively. Note, however, that these +implementations are not available on all platforms.

    +

    EC_METHOD_get_field_type identifies what type of field the EC_METHOD structure supports, which will be either +F2^m or Fp. If the field type is Fp then the value NID_X9_62_prime_field is returned. If the field type is +F2^m then the value NID_X9_62_characteristic_two_field is returned. These values are defined in the +obj_mac.h header file.

    +

    +

    +
    +

    RETURN VALUES

    +

    All EC_GFp* functions and EC_GF2m_simple_method always return a const pointer to an EC_METHOD structure.

    +

    EC_METHOD_get_field_type returns an integer that identifies the type of field the EC_METHOD structure supports.

    +

    +

    +
    +

    SEE ALSO

    +

    crypto(7), EC_GROUP_new(3), EC_GROUP_copy(3), +EC_POINT_new(3), EC_POINT_add(3), EC_KEY_new(3), +d2i_ECPKParameters(3), +BN_mod_mul_montgomery(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2013-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EC_GROUP_copy.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EC_GROUP_copy.html new file mode 100755 index 0000000..19d2896 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EC_GROUP_copy.html @@ -0,0 +1,243 @@ + + + + +EC_GROUP_copy + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EC_GROUP_get0_order, EC_GROUP_order_bits, EC_GROUP_get0_cofactor, +EC_GROUP_copy, EC_GROUP_dup, EC_GROUP_method_of, EC_GROUP_set_generator, +EC_GROUP_get0_generator, EC_GROUP_get_order, EC_GROUP_get_cofactor, +EC_GROUP_set_curve_name, EC_GROUP_get_curve_name, EC_GROUP_set_asn1_flag, +EC_GROUP_get_asn1_flag, EC_GROUP_set_point_conversion_form, +EC_GROUP_get_point_conversion_form, EC_GROUP_get0_seed, +EC_GROUP_get_seed_len, EC_GROUP_set_seed, EC_GROUP_get_degree, +EC_GROUP_check, EC_GROUP_check_named_curve, +EC_GROUP_check_discriminant, EC_GROUP_cmp, +EC_GROUP_get_basis_type, EC_GROUP_get_trinomial_basis, +EC_GROUP_get_pentanomial_basis, EC_GROUP_get0_field +- Functions for manipulating EC_GROUP objects

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ec.h>
    +
    + int EC_GROUP_copy(EC_GROUP *dst, const EC_GROUP *src);
+ EC_GROUP *EC_GROUP_dup(const EC_GROUP *src);
    +
    + const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group);
    +
    + int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator,
+                            const BIGNUM *order, const BIGNUM *cofactor);
+ const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group);
    +
    + int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx);
+ const BIGNUM *EC_GROUP_get0_order(const EC_GROUP *group);
+ int EC_GROUP_order_bits(const EC_GROUP *group);
+ int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx);
+ const BIGNUM *EC_GROUP_get0_cofactor(const EC_GROUP *group);
+ const BIGNUM *EC_GROUP_get0_field(const EC_GROUP *group);
    +
    + void EC_GROUP_set_curve_name(EC_GROUP *group, int nid);
+ int EC_GROUP_get_curve_name(const EC_GROUP *group);
    +
    + void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag);
+ int EC_GROUP_get_asn1_flag(const EC_GROUP *group);
    +
    + void EC_GROUP_set_point_conversion_form(EC_GROUP *group, point_conversion_form_t form);
+ point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *group);
    +
    + unsigned char *EC_GROUP_get0_seed(const EC_GROUP *x);
+ size_t EC_GROUP_get_seed_len(const EC_GROUP *);
+ size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len);
    +
    + int EC_GROUP_get_degree(const EC_GROUP *group);
    +
    + int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx);
+ int EC_GROUP_check_named_curve(const EC_GROUP *group, int nist_only,
+                                BN_CTX *ctx);
    +
    + int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx);
    +
    + int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx);
    +
    + int EC_GROUP_get_basis_type(const EC_GROUP *);
+ int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k);
+ int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1,
+                                    unsigned int *k2, unsigned int *k3);
    +

    +

    +
    +

    DESCRIPTION

    +

    EC_GROUP_copy() copies the curve src into dst. Both src and dst must use the same EC_METHOD.

    +

    EC_GROUP_dup() creates a new EC_GROUP object and copies the content from src to the newly created +EC_GROUP object.

    +

    EC_GROUP_method_of() obtains the EC_METHOD of group.

    +

    EC_GROUP_set_generator() sets curve parameters that must be agreed by all participants using the curve. These +parameters include the generator, the order and the cofactor. The generator is a well defined point on the +curve chosen for cryptographic operations. Integers used for point multiplications will be between 0 and +n-1 where n is the order. The order multiplied by the cofactor gives the number of points on the curve.

    +

    EC_GROUP_get0_generator() returns the generator for the identified group.

    +

    EC_GROUP_get_order() retrieves the order of group and copies its value into +order. It fails in case group is not fully initialized (i.e., its order +is not set or set to zero).

    +

    EC_GROUP_get_cofactor() retrieves the cofactor of group and copies its value +into cofactor. It fails in case group is not fully initialized or if the +cofactor is not set (or set to zero).

    +

    The functions EC_GROUP_set_curve_name() and EC_GROUP_get_curve_name(), set and get the NID for the curve respectively +(see EC_GROUP_new(3)). If a curve does not have a NID associated with it, then EC_GROUP_get_curve_name +will return NID_undef.

    +

    The asn1_flag value is used to determine whether the curve encoding uses +explicit parameters or a named curve using an ASN1 OID: many applications only +support the latter form. If asn1_flag is OPENSSL_EC_NAMED_CURVE then the +named curve form is used and the parameters must have a corresponding +named curve NID set. If asn1_flags is OPENSSL_EC_EXPLICIT_CURVE the +parameters are explicitly encoded. The functions EC_GROUP_get_asn1_flag() and +EC_GROUP_set_asn1_flag() get and set the status of the asn1_flag for the curve. +Note: OPENSSL_EC_EXPLICIT_CURVE was added in OpenSSL 1.1.0, for +previous versions of OpenSSL the value 0 must be used instead. Before OpenSSL +1.1.0 the default form was to use explicit parameters (meaning that +applications would have to explicitly set the named curve form) in OpenSSL +1.1.0 and later the named curve form is the default.

    +

    The point_conversion_form for a curve controls how EC_POINT data is encoded as ASN1 as defined in X9.62 (ECDSA). +point_conversion_form_t is an enum defined as follows:

    +
    + typedef enum {
+        /** the point is encoded as z||x, where the octet z specifies
+         *   which solution of the quadratic equation y is  */
+        POINT_CONVERSION_COMPRESSED = 2,
+        /** the point is encoded as z||x||y, where z is the octet 0x04  */
+        POINT_CONVERSION_UNCOMPRESSED = 4,
+        /** the point is encoded as z||x||y, where the octet z specifies
+         *  which solution of the quadratic equation y is  */
+        POINT_CONVERSION_HYBRID = 6
+ } point_conversion_form_t;
    +

    For POINT_CONVERSION_UNCOMPRESSED the point is encoded as an octet signifying the UNCOMPRESSED form has been used followed by +the octets for x, followed by the octets for y.

    +

    For any given x co-ordinate for a point on a curve it is possible to derive two possible y values. For +POINT_CONVERSION_COMPRESSED the point is encoded as an octet signifying that the COMPRESSED form has been used AND which of +the two possible solutions for y has been used, followed by the octets for x.

    +

    For POINT_CONVERSION_HYBRID the point is encoded as an octet signifying the HYBRID form has been used AND which of the two +possible solutions for y has been used, followed by the octets for x, followed by the octets for y.

    +

    The functions EC_GROUP_set_point_conversion_form() and EC_GROUP_get_point_conversion_form(), set and get the point_conversion_form +for the curve respectively.

    +

    ANSI X9.62 (ECDSA standard) defines a method of generating the curve parameter b from a random number. This provides advantages +in that a parameter obtained in this way is highly unlikely to be susceptible to special purpose attacks, or have any trapdoors in it. +If the seed is present for a curve then the b parameter was generated in a verifiable fashion using that seed. The OpenSSL EC library +does not use this seed value but does enable you to inspect it using EC_GROUP_get0_seed(). This returns a pointer to a memory block +containing the seed that was used. The length of the memory block can be obtained using EC_GROUP_get_seed_len(). A number of the +built-in curves within the library provide seed values that can be obtained. It is also possible to set a custom seed using +EC_GROUP_set_seed() and passing a pointer to a memory block, along with the length of the seed. Again, the EC library will not use +this seed value, although it will be preserved in any ASN1 based communications.

    +

    EC_GROUP_get_degree() gets the degree of the field. For Fp fields this will be the number of bits in p. For F2^m fields this will be +the value m.

    +

    The function EC_GROUP_check_discriminant() calculates the discriminant for the curve and verifies that it is valid. +For a curve defined over Fp the discriminant is given by the formula 4*a^3 + 27*b^2 whilst for F2^m curves the discriminant is +simply b. In either case for the curve to be valid the discriminant must be non zero.

    +

    The function EC_GROUP_check() performs a number of checks on a curve to verify that it is valid. Checks performed include +verifying that the discriminant is non zero; that a generator has been defined; that the generator is on the curve and has +the correct order.

    +

    The function EC_GROUP_check_named_curve() determines if the group's domain parameters match one of the built-in curves supported by the library. +The curve name is returned as a NID if it matches. If the group's domain parameters have been modified then no match will be found. +If the curve name of the given group is NID_undef (e.g. it has been created by using explicit parameters with no curve name), +then this method can be used to lookup the name of the curve that matches the group domain parameters. The built-in curves contain +aliases, so that multiple NID's can map to the same domain parameters. For such curves it is unspecified which of the aliases will be +returned if the curve name of the given group is NID_undef. +If nist_only is 1 it will only look for NIST approved curves, otherwise it searches all built-in curves. +This function may be passed a BN_CTX object in the ctx parameter. +The ctx parameter may be NULL.

    +

    EC_GROUP_cmp() compares a and b to determine whether they represent the same curve or not.

    +

    The functions EC_GROUP_get_basis_type(), EC_GROUP_get_trinomial_basis() and EC_GROUP_get_pentanomial_basis() should only be called for curves +defined over an F2^m field. Addition and multiplication operations within an F2^m field are performed using an irreducible polynomial +function f(x). This function is either a trinomial of the form:

    +

    f(x) = x^m + x^k + 1 with m > k >= 1

    +

    or a pentanomial of the form:

    +

    f(x) = x^m + x^k3 + x^k2 + x^k1 + 1 with m > k3 > k2 > k1 >= 1

    +

    The function EC_GROUP_get_basis_type() returns a NID identifying whether a trinomial or pentanomial is in use for the field. The +function EC_GROUP_get_trinomial_basis() must only be called where f(x) is of the trinomial form, and returns the value of k. Similarly +the function EC_GROUP_get_pentanomial_basis() must only be called where f(x) is of the pentanomial form, and returns the values of k1, +k2 and k3 respectively.

    +

    +

    +
    +

    RETURN VALUES

    +

    The following functions return 1 on success or 0 on error: EC_GROUP_copy(), EC_GROUP_set_generator(), EC_GROUP_check(), +EC_GROUP_check_discriminant(), EC_GROUP_get_trinomial_basis() and EC_GROUP_get_pentanomial_basis().

    +

    EC_GROUP_dup() returns a pointer to the duplicated curve, or NULL on error.

    +

    EC_GROUP_method_of() returns the EC_METHOD implementation in use for the given curve or NULL on error.

    +

    EC_GROUP_get0_generator() returns the generator for the given curve or NULL on error.

    +

    EC_GROUP_get_order() returns 0 if the order is not set (or set to zero) for +group or if copying into order fails, 1 otherwise.

    +

    EC_GROUP_get_cofactor() returns 0 if the cofactor is not set (or is set to zero) for group or if copying into cofactor fails, 1 otherwise.

    +

    EC_GROUP_get_curve_name() returns the curve name (NID) for group or will return NID_undef if no curve name is associated.

    +

    EC_GROUP_get_asn1_flag() returns the ASN1 flag for the specified group .

    +

    EC_GROUP_get_point_conversion_form() returns the point_conversion_form for group.

    +

    EC_GROUP_get_degree() returns the degree for group or 0 if the operation is not supported by the underlying group implementation.

    +

    EC_GROUP_check_named_curve() returns the nid of the matching named curve, otherwise it returns 0 for no match, or -1 on error.

    +

    EC_GROUP_get0_order() returns an internal pointer to the group order. +EC_GROUP_order_bits() returns the number of bits in the group order. +EC_GROUP_get0_cofactor() returns an internal pointer to the group cofactor. +EC_GROUP_get0_field() returns an internal pointer to the group field. For curves over GF(p), this is the modulus; for curves +over GF(2^m), this is the irreducible polynomial defining the field.

    +

    EC_GROUP_get0_seed() returns a pointer to the seed that was used to generate the parameter b, or NULL if the seed is not +specified. EC_GROUP_get_seed_len() returns the length of the seed or 0 if the seed is not specified.

    +

    EC_GROUP_set_seed() returns the length of the seed that has been set. If the supplied seed is NULL, or the supplied seed length is +0, the return value will be 1. On error 0 is returned.

    +

    EC_GROUP_cmp() returns 0 if the curves are equal, 1 if they are not equal, or -1 on error.

    +

    EC_GROUP_get_basis_type() returns the values NID_X9_62_tpBasis or NID_X9_62_ppBasis (as defined in <openssl/obj_mac.h>) for a +trinomial or pentanomial respectively. Alternatively in the event of an error a 0 is returned.

    +

    +

    +
    +

    SEE ALSO

    +

    crypto(7), EC_GROUP_new(3), +EC_POINT_new(3), EC_POINT_add(3), EC_KEY_new(3), +EC_GFp_simple_method(3), d2i_ECPKParameters(3)

    +

    +

    +
    +

    HISTORY

    +

    The EC_GROUP_check_named_curve() function was added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2013-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EC_GROUP_new.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EC_GROUP_new.html new file mode 100755 index 0000000..647a984 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EC_GROUP_new.html @@ -0,0 +1,219 @@ + + + + +EC_GROUP_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EC_GROUP_get_ecparameters, +EC_GROUP_get_ecpkparameters, +EC_GROUP_new_ex, +EC_GROUP_new, +EC_GROUP_new_from_ecparameters, +EC_GROUP_new_from_ecpkparameters, +EC_GROUP_free, +EC_GROUP_clear_free, +EC_GROUP_new_curve_GFp, +EC_GROUP_new_curve_GF2m, +EC_GROUP_new_by_curve_name_ex, +EC_GROUP_new_by_curve_name, +EC_GROUP_set_curve, +EC_GROUP_get_curve, +EC_GROUP_set_curve_GFp, +EC_GROUP_get_curve_GFp, +EC_GROUP_set_curve_GF2m, +EC_GROUP_get_curve_GF2m, +EC_get_builtin_curves - Functions for creating and destroying EC_GROUP +objects

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ec.h>
    +
    + EC_GROUP *EC_GROUP_new_ex(OPENSSL_CTX *libctx, const EC_METHOD *meth);
+ EC_GROUP *EC_GROUP_new(const EC_METHOD *meth);
+ EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params)
+ EC_GROUP *EC_GROUP_new_from_ecpkparameters(const ECPKPARAMETERS *params)
+ void EC_GROUP_free(EC_GROUP *group);
    +
    + EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a,
+                                  const BIGNUM *b, BN_CTX *ctx);
+ EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a,
+                                   const BIGNUM *b, BN_CTX *ctx);
+ EC_GROUP *EC_GROUP_new_by_curve_name_ex(OPENSSL_CTX *libctx, int nid);
+ EC_GROUP *EC_GROUP_new_by_curve_name(int nid);
    +
    + int EC_GROUP_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
+                        const BIGNUM *b, BN_CTX *ctx);
+ int EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b,
+                        BN_CTX *ctx);
+ int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p,
+                            const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
+ int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p,
+                            BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
+ int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p,
+                             const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
+ int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p,
+                             BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
    +
    + ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group, ECPARAMETERS *params)
+ ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group, ECPKPARAMETERS *params)
    +
    + size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems);
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + void EC_GROUP_clear_free(EC_GROUP *group);
    +

    +

    +
    +

    DESCRIPTION

    +

    Within the library there are two forms of elliptic curve that are of interest. +The first form is those defined over the prime field Fp. The elements of Fp are +the integers 0 to p-1, where p is a prime number. This gives us a revised +elliptic curve equation as follows:

    +

    y^2 mod p = x^3 +ax + b mod p

    +

    The second form is those defined over a binary field F2^m where the elements of +the field are integers of length at most m bits. For this form the elliptic +curve equation is modified to:

    +

    y^2 + xy = x^3 + ax^2 + b (where b != 0)

    +

    Operations in a binary field are performed relative to an +irreducible polynomial. All such curves with OpenSSL use a trinomial or a +pentanomial for this parameter.

    +

    A new curve can be constructed by calling EC_GROUP_new_ex(), using the +implementation provided by meth (see EC_GFp_simple_method(3)) and +associated with the library context ctx (see OPENSSL_CTX(3)). +The ctx parameter may be NULL in which case the default library context is +used. +It is then necessary to call EC_GROUP_set_curve() to set the curve parameters. +EC_GROUP_new_from_ecparameters() will create a group from the +specified params and +EC_GROUP_new_from_ecpkparameters() will create a group from the specific PK +params.

    +

    EC_GROUP_new() is the same as EC_GROUP_new_ex() except that the library context +used is always the default library context.

    +

    EC_GROUP_set_curve() sets the curve parameters p, a and b. For a curve +over Fp p is the prime for the field. For a curve over F2^m p represents +the irreducible polynomial - each bit represents a term in the polynomial. +Therefore there will either be three or five bits set dependent on whether the +polynomial is a trinomial or a pentanomial. +In either case, a and b represents the coefficients a and b from the +relevant equation introduced above.

    +

    EC_group_get_curve() obtains the previously set curve parameters.

    +

    EC_GROUP_set_curve_GFp() and EC_GROUP_set_curve_GF2m() are synonyms for +EC_GROUP_set_curve(). They are defined for backwards compatibility only and +should not be used.

    +

    EC_GROUP_get_curve_GFp() and EC_GROUP_get_curve_GF2m() are synonyms for +EC_GROUP_get_curve(). They are defined for backwards compatibility only and +should not be used.

    +

    The functions EC_GROUP_new_curve_GFp() and EC_GROUP_new_curve_GF2m() are +shortcuts for calling EC_GROUP_new() and then the EC_GROUP_set_curve() function. +An appropriate default implementation method will be used.

    +

    Whilst the library can be used to create any curve using the functions described +above, there are also a number of predefined curves that are available. In order +to obtain a list of all of the predefined curves, call the function +EC_get_builtin_curves(). The parameter r should be an array of +EC_builtin_curve structures of size nitems. The function will populate the +r array with information about the built-in curves. If nitems is less than +the total number of curves available, then the first nitems curves will be +returned. Otherwise the total number of curves will be provided. The return +value is the total number of curves available (whether that number has been +populated in r or not). Passing a NULL r, or setting nitems to 0 will +do nothing other than return the total number of curves available. +The EC_builtin_curve structure is defined as follows:

    +
    + typedef struct {
+        int nid;
+        const char *comment;
+        } EC_builtin_curve;
    +

    Each EC_builtin_curve item has a unique integer id (nid), and a human +readable comment string describing the curve.

    +

    In order to construct a built-in curve use the function +EC_GROUP_new_by_curve_name_ex() and provide the nid of the curve to be +constructed and the associated library context to be used in ctx (see +OPENSSL_CTX(3)). The ctx value may be NULL in which case the default +library context is used.

    +

    EC_GROUP_new_by_curve_name() is the same as EC_GROUP_new_by_curve_name_ex() +except that the default library context is always used.

    +

    EC_GROUP_free() frees the memory associated with the EC_GROUP. +If group is NULL nothing is done.

    +

    EC_GROUP_clear_free() is deprecated: it was meant to destroy any sensitive data +held within the EC_GROUP and then free its memory, but since all the data stored +in the EC_GROUP is public anyway, this function is unnecessary. +Its use can be safely replaced with EC_GROUP_free(). +If group is NULL nothing is done.

    +

    +

    +
    +

    RETURN VALUES

    +

    All EC_GROUP_new* functions return a pointer to the newly constructed group, or +NULL on error.

    +

    EC_get_builtin_curves() returns the number of built-in curves that are +available.

    +

    EC_GROUP_set_curve_GFp(), EC_GROUP_get_curve_GFp(), EC_GROUP_set_curve_GF2m(), +EC_GROUP_get_curve_GF2m() return 1 on success or 0 on error.

    +

    +

    +
    +

    SEE ALSO

    +

    crypto(7), EC_GROUP_copy(3), +EC_POINT_new(3), EC_POINT_add(3), EC_KEY_new(3), +EC_GFp_simple_method(3), d2i_ECPKParameters(3), +OPENSSL_CTX(3)

    +

    +

    +
    +

    HISTORY

    +
      +
    • +

      EC_GROUP_new_ex() and EC_GROUP_new_by_curve_name_ex() were added in OpenSSL 3.0.

      +
      • +
    • +

      EC_GROUP_clear_free() was deprecated in OpenSSL 3.0; use EC_GROUP_free() +instead.

      +
      • +
    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EC_KEY_get_enc_flags.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EC_KEY_get_enc_flags.html new file mode 100755 index 0000000..a77e62b --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EC_KEY_get_enc_flags.html @@ -0,0 +1,94 @@ + + + + +EC_KEY_get_enc_flags + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EC_KEY_get_enc_flags, EC_KEY_set_enc_flags +- Get and set flags for encoding EC_KEY structures

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ec.h>
    +
    + unsigned int EC_KEY_get_enc_flags(const EC_KEY *key);
+ void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags);
    +

    +

    +
    +

    DESCRIPTION

    +

    The format of the external representation of the public key written by +i2d_ECPrivateKey() (such as whether it is stored in a compressed form or not) is +described by the point_conversion_form. See EC_GROUP_copy(3) +for a description of point_conversion_form.

    +

    When reading a private key encoded without an associated public key (e.g. if +EC_PKEY_NO_PUBKEY has been used - see below), then d2i_ECPrivateKey() generates +the missing public key automatically. Private keys encoded without parameters +(e.g. if EC_PKEY_NO_PARAMETERS has been used - see below) cannot be loaded using +d2i_ECPrivateKey().

    +

    The functions EC_KEY_get_enc_flags() and EC_KEY_set_enc_flags() get and set the +value of the encoding flags for the key. There are two encoding flags +currently defined - EC_PKEY_NO_PARAMETERS and EC_PKEY_NO_PUBKEY. These flags +define the behaviour of how the key is converted into ASN1 in a call to +i2d_ECPrivateKey(). If EC_PKEY_NO_PARAMETERS is set then the public parameters for +the curve are not encoded along with the private key. If EC_PKEY_NO_PUBKEY is +set then the public key is not encoded along with the private key.

    +

    +

    +
    +

    RETURN VALUES

    +

    EC_KEY_get_enc_flags() returns the value of the current encoding flags for the +EC_KEY.

    +

    +

    +
    +

    SEE ALSO

    +

    crypto(7), EC_GROUP_new(3), +EC_GROUP_copy(3), EC_POINT_new(3), +EC_POINT_add(3), +EC_GFp_simple_method(3), +d2i_ECPKParameters(3), +d2i_ECPrivateKey(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EC_KEY_new.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EC_KEY_new.html new file mode 100755 index 0000000..cc7d1b6 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EC_KEY_new.html @@ -0,0 +1,215 @@ + + + + +EC_KEY_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EC_KEY_get_method, EC_KEY_set_method, EC_KEY_new_ex, +EC_KEY_new, EC_KEY_get_flags, EC_KEY_set_flags, EC_KEY_clear_flags, +EC_KEY_new_by_curve_name_ex, EC_KEY_new_by_curve_name, EC_KEY_free, EC_KEY_copy, +EC_KEY_dup, EC_KEY_up_ref, EC_KEY_get0_engine, +EC_KEY_get0_group, EC_KEY_set_group, EC_KEY_get0_private_key, +EC_KEY_set_private_key, EC_KEY_get0_public_key, EC_KEY_set_public_key, +EC_KEY_get_conv_form, +EC_KEY_set_conv_form, EC_KEY_set_asn1_flag, EC_KEY_precompute_mult, +EC_KEY_generate_key, EC_KEY_check_key, EC_KEY_set_public_key_affine_coordinates, +EC_KEY_oct2key, EC_KEY_key2buf, EC_KEY_oct2priv, EC_KEY_priv2oct, +EC_KEY_priv2buf - Functions for creating, destroying and manipulating +EC_KEY objects

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ec.h>
    +
    + EC_KEY *EC_KEY_new_ex(OPENSSL_CTX *ctx);
+ EC_KEY *EC_KEY_new(void);
+ int EC_KEY_get_flags(const EC_KEY *key);
+ void EC_KEY_set_flags(EC_KEY *key, int flags);
+ void EC_KEY_clear_flags(EC_KEY *key, int flags);
+ EC_KEY *EC_KEY_new_by_curve_name_ex(OPENSSL_CTX *ctx, int nid);
+ EC_KEY *EC_KEY_new_by_curve_name(int nid);
+ void EC_KEY_free(EC_KEY *key);
+ EC_KEY *EC_KEY_copy(EC_KEY *dst, const EC_KEY *src);
+ EC_KEY *EC_KEY_dup(const EC_KEY *src);
+ int EC_KEY_up_ref(EC_KEY *key);
+ ENGINE *EC_KEY_get0_engine(const EC_KEY *eckey);
+ const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key);
+ int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group);
+ const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key);
+ int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *prv);
+ const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key);
+ int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub);
+ point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key);
+ void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform);
+ void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag);
+ int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx);
+ int EC_KEY_generate_key(EC_KEY *key);
+ int EC_KEY_check_key(const EC_KEY *key);
+ int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, BIGNUM *y);
+ const EC_KEY_METHOD *EC_KEY_get_method(const EC_KEY *key);
+ int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth);
    +
    + int EC_KEY_oct2key(EC_KEY *eckey, const unsigned char *buf, size_t len, BN_CTX *ctx);
+ size_t EC_KEY_key2buf(const EC_KEY *eckey, point_conversion_form_t form,
+                       unsigned char **pbuf, BN_CTX *ctx);
    +
    + int EC_KEY_oct2priv(EC_KEY *eckey, const unsigned char *buf, size_t len);
+ size_t EC_KEY_priv2oct(const EC_KEY *eckey, unsigned char *buf, size_t len);
    +
    + size_t EC_KEY_priv2buf(const EC_KEY *eckey, unsigned char **pbuf);
    +

    +

    +
    +

    DESCRIPTION

    +

    An EC_KEY represents a public key and, optionally, the associated private +key. +A new EC_KEY with no associated curve can be constructed by calling +EC_KEY_new_ex() and specifying the associated library context in ctx +(see OPENSSL_CTX(3)). +The ctx parameter may be NULL in which case the default library context is +used. +The reference count for the newly created EC_KEY is initially +set to 1. +A curve can be associated with the EC_KEY by calling +EC_KEY_set_group().

    +

    EC_KEY_new() is the same as EC_KEY_new_ex() except that the default library +context is always used.

    +

    Alternatively a new EC_KEY can be constructed by calling +EC_KEY_new_by_curve_name_ex() and supplying the nid of the associated curve and +the library context to be used ctx (see OPENSSL_CTX(3)). +The ctx parameter may be NULL in which case the default library context is +used. +See EC_GROUP_new(3) for a description of curve names. +This function simply wraps calls to EC_KEY_new_ex() and +EC_GROUP_new_by_curve_name_ex().

    +

    EC_KEY_new_by_curve_name() is the same as EC_KEY_new_by_curve_name_ex() except +that the default library context is always used.

    +

    Calling EC_KEY_free() decrements the reference count for the EC_KEY object, +and if it has dropped to zero then frees the memory associated with it. If +key is NULL nothing is done.

    +

    EC_KEY_copy() copies the contents of the EC_KEY in src into dest.

    +

    EC_KEY_dup() creates a new EC_KEY object and copies ec_key into it.

    +

    EC_KEY_up_ref() increments the reference count associated with the EC_KEY +object.

    +

    EC_KEY_get0_engine() returns a handle to the ENGINE that has been set for +this EC_KEY object.

    +

    EC_KEY_generate_key() generates a new public and private key for the supplied +eckey object. eckey must have an EC_GROUP object associated with it +before calling this function. The private key is a random integer (0 < priv_key +< order, where order is the order of the EC_GROUP object). The public key is +an EC_POINT on the curve calculated by multiplying the generator for the +curve by the private key.

    +

    EC_KEY_check_key() performs various sanity checks on the EC_KEY object to +confirm that it is valid.

    +

    EC_KEY_set_public_key_affine_coordinates() sets the public key for key based +on its affine co-ordinates; i.e., it constructs an EC_POINT object based on +the supplied x and y values and sets the public key to be this +EC_POINT. It also performs certain sanity checks on the key to confirm +that it is valid.

    +

    The functions EC_KEY_get0_group(), EC_KEY_set_group(), +EC_KEY_get0_private_key(), EC_KEY_set_private_key(), EC_KEY_get0_public_key(), +and EC_KEY_set_public_key() get and set the EC_GROUP object, the private key, +and the EC_POINT public key for the key respectively.

    +

    The functions EC_KEY_get_conv_form() and EC_KEY_set_conv_form() get and set the +point_conversion_form for the key. For a description of +point_conversion_forms please see EC_POINT_new(3).

    +

    EC_KEY_set_flags() sets the flags in the flags parameter on the EC_KEY +object. Any flags that are already set are left set. The flags currently +defined are EC_FLAG_NON_FIPS_ALLOW and EC_FLAG_FIPS_CHECKED. In +addition there is the flag EC_FLAG_COFACTOR_ECDH which is specific to ECDH. +EC_KEY_get_flags() returns the current flags that are set for this EC_KEY. +EC_KEY_clear_flags() clears the flags indicated by the flags parameter; all +other flags are left in their existing state.

    +

    EC_KEY_set_asn1_flag() sets the asn1_flag on the underlying EC_GROUP object +(if set). Refer to EC_GROUP_copy(3) for further information on the +asn1_flag.

    +

    EC_KEY_precompute_mult() stores multiples of the underlying EC_GROUP generator +for faster point multiplication. See also EC_POINT_add(3).

    +

    EC_KEY_oct2key() and EC_KEY_key2buf() are identical to the functions +EC_POINT_oct2point() and EC_KEY_point2buf() except they use the public key +EC_POINT in eckey.

    +

    EC_KEY_oct2priv() and EC_KEY_priv2oct() convert between the private key +component of eckey and octet form. The octet form consists of the content +octets of the privateKey OCTET STRING in an ECPrivateKey ASN.1 structure.

    +

    The function EC_KEY_priv2oct() must be supplied with a buffer long enough to +store the octet form. The return value provides the number of octets stored. +Calling the function with a NULL buffer will not perform the conversion but +will just return the required buffer length.

    +

    The function EC_KEY_priv2buf() allocates a buffer of suitable length and writes +an EC_KEY to it in octet format. The allocated buffer is written to *pbuf +and its length is returned. The caller must free up the allocated buffer with a +call to OPENSSL_free(). Since the allocated buffer value is written to *pbuf +the pbuf parameter MUST NOT be NULL.

    +

    EC_KEY_priv2buf() converts an EC_KEY private key into an allocated buffer.

    +

    +

    +
    +

    RETURN VALUES

    +

    EC_KEY_new_ex(), EC_KEY_new(), EC_KEY_new_by_curve_name() and EC_KEY_dup() +return a pointer to the newly created EC_KEY object, or NULL on error.

    +

    EC_KEY_get_flags() returns the flags associated with the EC_KEY object as an +integer.

    +

    EC_KEY_copy() returns a pointer to the destination key, or NULL on error.

    +

    EC_KEY_get0_engine() returns a pointer to an ENGINE, or NULL if it wasn't set.

    +

    EC_KEY_up_ref(), EC_KEY_set_group(), EC_KEY_set_private_key(), +EC_KEY_set_public_key(), EC_KEY_precompute_mult(), EC_KEY_generate_key(), +EC_KEY_check_key(), EC_KEY_set_public_key_affine_coordinates(), +EC_KEY_oct2key() and EC_KEY_oct2priv() return 1 on success or 0 on error.

    +

    EC_KEY_get0_group() returns the EC_GROUP associated with the EC_KEY.

    +

    EC_KEY_get0_private_key() returns the private key associated with the EC_KEY.

    +

    EC_KEY_get_conv_form() return the point_conversion_form for the EC_KEY.

    +

    EC_KEY_key2buf(), EC_KEY_priv2oct() and EC_KEY_priv2buf() return the length +of the buffer or 0 on error.

    +

    +

    +
    +

    SEE ALSO

    +

    crypto(7), EC_GROUP_new(3), +EC_GROUP_copy(3), EC_POINT_new(3), +EC_POINT_add(3), +EC_GFp_simple_method(3), +d2i_ECPKParameters(3), +OPENSSL_CTX(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2013-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EC_POINT_add.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EC_POINT_add.html new file mode 100755 index 0000000..0e7ee17 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EC_POINT_add.html @@ -0,0 +1,109 @@ + + + + +EC_POINT_add + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EC_POINT_add, EC_POINT_dbl, EC_POINT_invert, EC_POINT_is_at_infinity, EC_POINT_is_on_curve, EC_POINT_cmp, EC_POINT_make_affine, EC_POINTs_make_affine, EC_POINTs_mul, EC_POINT_mul, EC_GROUP_precompute_mult, EC_GROUP_have_precompute_mult - Functions for performing mathematical operations and tests on EC_POINT objects

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ec.h>
    +
    + int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
+                  const EC_POINT *b, BN_CTX *ctx);
+ int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx);
+ int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx);
+ int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *p);
+ int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx);
+ int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx);
+ int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx);
+ int EC_POINTs_make_affine(const EC_GROUP *group, size_t num,
+                           EC_POINT *points[], BN_CTX *ctx);
+ int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, size_t num,
+                   const EC_POINT *p[], const BIGNUM *m[], BN_CTX *ctx);
+ int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n,
+                  const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx);
+ int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
+ int EC_GROUP_have_precompute_mult(const EC_GROUP *group);
    +

    +

    +
    +

    DESCRIPTION

    +

    EC_POINT_add adds the two points a and b and places the result in r. Similarly EC_POINT_dbl doubles the point a and places the +result in r. In both cases it is valid for r to be one of a or b.

    +

    EC_POINT_invert calculates the inverse of the supplied point a. The result is placed back in a.

    +

    The function EC_POINT_is_at_infinity tests whether the supplied point is at infinity or not.

    +

    EC_POINT_is_on_curve tests whether the supplied point is on the curve or not.

    +

    EC_POINT_cmp compares the two supplied points and tests whether or not they are equal.

    +

    The functions EC_POINT_make_affine and EC_POINTs_make_affine force the internal representation of the EC_POINT(s) into the affine +co-ordinate system. In the case of EC_POINTs_make_affine the value num provides the number of points in the array points to be +forced.

    +

    EC_POINT_mul is a convenient interface to EC_POINTs_mul: it calculates the value generator * n + q * m and stores the result in r. +The value n may be NULL in which case the result is just q * m (variable point multiplication). Alternatively, both q and m may be NULL, and n non-NULL, in which case the result is just generator * n (fixed point multiplication). +When performing a single fixed or variable point multiplication, the underlying implementation uses a constant time algorithm, when the input scalar (either n or m) is in the range [0, ec_group_order).

    +

    EC_POINTs_mul calculates the value generator * n + q[0] * m[0] + ... + q[num-1] * m[num-1]. As for EC_POINT_mul the value n may be NULL or num may be zero. +When performing a fixed point multiplication (n is non-NULL and num is 0) or a variable point multiplication (n is NULL and num is 1), the underlying implementation uses a constant time algorithm, when the input scalar (either n or m[0]) is in the range [0, ec_group_order).

    +

    The function EC_GROUP_precompute_mult stores multiples of the generator for faster point multiplication, whilst +EC_GROUP_have_precompute_mult tests whether precomputation has already been done. See EC_GROUP_copy(3) for information +about the generator.

    +

    +

    +
    +

    RETURN VALUES

    +

    The following functions return 1 on success or 0 on error: EC_POINT_add, EC_POINT_dbl, EC_POINT_invert, EC_POINT_make_affine, +EC_POINTs_make_affine, EC_POINTs_make_affine, EC_POINT_mul, EC_POINTs_mul and EC_GROUP_precompute_mult.

    +

    EC_POINT_is_at_infinity returns 1 if the point is at infinity, or 0 otherwise.

    +

    EC_POINT_is_on_curve returns 1 if the point is on the curve, 0 if not, or -1 on error.

    +

    EC_POINT_cmp returns 1 if the points are not equal, 0 if they are, or -1 on error.

    +

    EC_GROUP_have_precompute_mult return 1 if a precomputation has been done, or 0 if not.

    +

    +

    +
    +

    SEE ALSO

    +

    crypto(7), EC_GROUP_new(3), EC_GROUP_copy(3), +EC_POINT_new(3), EC_KEY_new(3), +EC_GFp_simple_method(3), d2i_ECPKParameters(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EC_POINT_new.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EC_POINT_new.html new file mode 100755 index 0000000..1852787 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EC_POINT_new.html @@ -0,0 +1,262 @@ + + + + +EC_POINT_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EC_POINT_set_Jprojective_coordinates_GFp, +EC_POINT_point2buf, +EC_POINT_new, +EC_POINT_free, +EC_POINT_clear_free, +EC_POINT_copy, +EC_POINT_dup, +EC_POINT_method_of, +EC_POINT_set_to_infinity, +EC_POINT_get_Jprojective_coordinates_GFp, +EC_POINT_set_affine_coordinates, +EC_POINT_get_affine_coordinates, +EC_POINT_set_compressed_coordinates, +EC_POINT_set_affine_coordinates_GFp, +EC_POINT_get_affine_coordinates_GFp, +EC_POINT_set_compressed_coordinates_GFp, +EC_POINT_set_affine_coordinates_GF2m, +EC_POINT_get_affine_coordinates_GF2m, +EC_POINT_set_compressed_coordinates_GF2m, +EC_POINT_point2oct, +EC_POINT_oct2point, +EC_POINT_point2bn, +EC_POINT_bn2point, +EC_POINT_point2hex, +EC_POINT_hex2point +- Functions for creating, destroying and manipulating EC_POINT objects

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ec.h>
    +
    + EC_POINT *EC_POINT_new(const EC_GROUP *group);
+ void EC_POINT_free(EC_POINT *point);
+ void EC_POINT_clear_free(EC_POINT *point);
+ int EC_POINT_copy(EC_POINT *dst, const EC_POINT *src);
+ EC_POINT *EC_POINT_dup(const EC_POINT *src, const EC_GROUP *group);
+ const EC_METHOD *EC_POINT_method_of(const EC_POINT *point);
+ int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point);
+ int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group,
+                                              EC_POINT *p,
+                                              const BIGNUM *x, const BIGNUM *y,
+                                              const BIGNUM *z, BN_CTX *ctx);
+ int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group,
+                                              const EC_POINT *p,
+                                              BIGNUM *x, BIGNUM *y, BIGNUM *z,
+                                              BN_CTX *ctx);
+ int EC_POINT_set_affine_coordinates(const EC_GROUP *group, EC_POINT *p,
+                                     const BIGNUM *x, const BIGNUM *y,
+                                     BN_CTX *ctx);
+ int EC_POINT_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *p,
+                                     BIGNUM *x, BIGNUM *y, BN_CTX *ctx);
+ int EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *p,
+                                         const BIGNUM *x, int y_bit,
+                                         BN_CTX *ctx);
+ int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *p,
+                                         const BIGNUM *x, const BIGNUM *y,
+                                         BN_CTX *ctx);
+ int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group,
+                                         const EC_POINT *p,
+                                         BIGNUM *x, BIGNUM *y, BN_CTX *ctx);
+ int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group,
+                                             EC_POINT *p,
+                                             const BIGNUM *x, int y_bit,
+                                             BN_CTX *ctx);
+ int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p,
+                                          const BIGNUM *x, const BIGNUM *y,
+                                          BN_CTX *ctx);
+ int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group,
+                                          const EC_POINT *p,
+                                          BIGNUM *x, BIGNUM *y, BN_CTX *ctx);
+ int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group,
+                                              EC_POINT *p,
+                                              const BIGNUM *x, int y_bit,
+                                              BN_CTX *ctx);
+ size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *p,
+                           point_conversion_form_t form,
+                           unsigned char *buf, size_t len, BN_CTX *ctx);
+ size_t EC_POINT_point2buf(const EC_GROUP *group, const EC_POINT *point,
+                           point_conversion_form_t form,
+                           unsigned char **pbuf, BN_CTX *ctx);
+ int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *p,
+                        const unsigned char *buf, size_t len, BN_CTX *ctx);
+ BIGNUM *EC_POINT_point2bn(const EC_GROUP *group, const EC_POINT *p,
+                           point_conversion_form_t form, BIGNUM *bn,
+                           BN_CTX *ctx);
+ EC_POINT *EC_POINT_bn2point(const EC_GROUP *group, const BIGNUM *bn,
+                             EC_POINT *p, BN_CTX *ctx);
+ char *EC_POINT_point2hex(const EC_GROUP *group, const EC_POINT *p,
+                          point_conversion_form_t form, BN_CTX *ctx);
+ EC_POINT *EC_POINT_hex2point(const EC_GROUP *group, const char *hex,
+                              EC_POINT *p, BN_CTX *ctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    An EC_POINT structure represents a point on a curve. A new point is +constructed by calling the function EC_POINT_new() and providing the +group object that the point relates to.

    +

    EC_POINT_free() frees the memory associated with the EC_POINT. +if point is NULL nothing is done.

    +

    EC_POINT_clear_free() destroys any sensitive data held within the EC_POINT and +then frees its memory. If point is NULL nothing is done.

    +

    EC_POINT_copy() copies the point src into dst. Both src and dst +must use the same EC_METHOD.

    +

    EC_POINT_dup() creates a new EC_POINT object and copies the content from +src to the newly created EC_POINT object.

    +

    EC_POINT_method_of() obtains the EC_METHOD associated with point.

    +

    A valid point on a curve is the special point at infinity. A point is set to +be at infinity by calling EC_POINT_set_to_infinity().

    +

    The affine co-ordinates for a point describe a point in terms of its x and y +position. The function EC_POINT_set_affine_coordinates() sets the x and y +co-ordinates for the point p defined over the curve given in group. The +function EC_POINT_get_affine_coordinates() sets x and y, either of which +may be NULL, to the corresponding coordinates of p.

    +

    The functions EC_POINT_set_affine_coordinates_GFp() and +EC_POINT_set_affine_coordinates_GF2m() are synonyms for +EC_POINT_set_affine_coordinates(). They are defined for backwards compatibility +only and should not be used.

    +

    The functions EC_POINT_get_affine_coordinates_GFp() and +EC_POINT_get_affine_coordinates_GF2m() are synonyms for +EC_POINT_get_affine_coordinates(). They are defined for backwards compatibility +only and should not be used.

    +

    As well as the affine co-ordinates, a point can alternatively be described in +terms of its Jacobian projective co-ordinates (for Fp curves only). Jacobian +projective co-ordinates are expressed as three values x, y and z. Working in +this co-ordinate system provides more efficient point multiplication +operations. A mapping exists between Jacobian projective co-ordinates and +affine co-ordinates. A Jacobian projective co-ordinate (x, y, z) can be written +as an affine co-ordinate as (x/(z^2), y/(z^3)). Conversion to Jacobian +projective from affine co-ordinates is simple. The co-ordinate (x, y) is mapped +to (x, y, 1). To set or get the projective co-ordinates use +EC_POINT_set_Jprojective_coordinates_GFp() and +EC_POINT_get_Jprojective_coordinates_GFp() respectively.

    +

    Points can also be described in terms of their compressed co-ordinates. For a +point (x, y), for any given value for x such that the point is on the curve +there will only ever be two possible values for y. Therefore a point can be set +using the EC_POINT_set_compressed_coordinates() function where x is the x +co-ordinate and y_bit is a value 0 or 1 to identify which of the two +possible values for y should be used.

    +

    The functions EC_POINT_set_compressed_coordinates_GFp() and +EC_POINT_set_compressed_coordinates_GF2m() are synonyms for +EC_POINT_set_compressed_coordinates(). They are defined for backwards +compatibility only and should not be used.

    +

    In addition EC_POINT can be converted to and from various external +representations. The octet form is the binary encoding of the ECPoint +structure (as defined in RFC5480 and used in certificates and TLS records): +only the content octets are present, the OCTET STRING tag and length are +not included. BIGNUM form is the octet form interpreted as a big endian +integer converted to a BIGNUM structure. Hexadecimal form is the octet +form converted to a NULL terminated character string where each character +is one of the printable values 0-9 or A-F (or a-f).

    +

    The functions EC_POINT_point2oct(), EC_POINT_oct2point(), EC_POINT_point2bn(), +EC_POINT_bn2point(), EC_POINT_point2hex() and EC_POINT_hex2point() convert from +and to EC_POINTs for the formats: octet, BIGNUM and hexadecimal respectively.

    +

    The function EC_POINT_point2oct() encodes the given curve point p as an +octet string into the buffer buf of size len, using the specified +conversion form form. +The encoding conforms with Sec. 2.3.3 of the SECG SEC 1 ("Elliptic Curve +Cryptography") standard. +Similarly the function EC_POINT_oct2point() decodes a curve point into p from +the octet string contained in the given buffer buf of size len, conforming +to Sec. 2.3.4 of the SECG SEC 1 ("Elliptic Curve Cryptography") standard.

    +

    The functions EC_POINT_point2hex() and EC_POINT_point2bn() convert a point p, +respectively, to the hexadecimal or BIGNUM representation of the same +encoding of the function EC_POINT_point2oct(). +Vice versa, similarly to the function EC_POINT_oct2point(), the functions +EC_POINT_hex2point() and EC_POINT_point2bn() decode the hexadecimal or +BIGNUM representation into the EC_POINT p.

    +

    Notice that, according to the standard, the octet string encoding of the point +at infinity for a given curve is fixed to a single octet of value zero and that, +vice versa, a single octet of size zero is decoded as the point at infinity.

    +

    The function EC_POINT_point2oct() must be supplied with a buffer long enough to +store the octet form. The return value provides the number of octets stored. +Calling the function with a NULL buffer will not perform the conversion but +will still return the required buffer length.

    +

    The function EC_POINT_point2buf() allocates a buffer of suitable length and +writes an EC_POINT to it in octet format. The allocated buffer is written to +*pbuf and its length is returned. The caller must free up the allocated +buffer with a call to OPENSSL_free(). Since the allocated buffer value is +written to *pbuf the pbuf parameter MUST NOT be NULL.

    +

    The function EC_POINT_point2hex() will allocate sufficient memory to store the +hexadecimal string. It is the caller's responsibility to free this memory with +a subsequent call to OPENSSL_free().

    +

    +

    +
    +

    RETURN VALUES

    +

    EC_POINT_new() and EC_POINT_dup() return the newly allocated EC_POINT or NULL +on error.

    +

    The following functions return 1 on success or 0 on error: EC_POINT_copy(), +EC_POINT_set_to_infinity(), EC_POINT_set_Jprojective_coordinates_GFp(), +EC_POINT_get_Jprojective_coordinates_GFp(), +EC_POINT_set_affine_coordinates_GFp(), EC_POINT_get_affine_coordinates_GFp(), +EC_POINT_set_compressed_coordinates_GFp(), +EC_POINT_set_affine_coordinates_GF2m(), EC_POINT_get_affine_coordinates_GF2m(), +EC_POINT_set_compressed_coordinates_GF2m() and EC_POINT_oct2point().

    +

    EC_POINT_method_of returns the EC_METHOD associated with the supplied EC_POINT.

    +

    EC_POINT_point2oct() and EC_POINT_point2buf() return the length of the required +buffer or 0 on error.

    +

    EC_POINT_point2bn() returns the pointer to the BIGNUM supplied, or NULL on +error.

    +

    EC_POINT_bn2point() returns the pointer to the EC_POINT supplied, or NULL on +error.

    +

    EC_POINT_point2hex() returns a pointer to the hex string, or NULL on error.

    +

    EC_POINT_hex2point() returns the pointer to the EC_POINT supplied, or NULL on +error.

    +

    +

    +
    +

    SEE ALSO

    +

    crypto(7), EC_GROUP_new(3), EC_GROUP_copy(3), +EC_POINT_add(3), EC_KEY_new(3), +EC_GFp_simple_method(3), d2i_ECPKParameters(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/ENGINE_add.html b/linux_amd64/ssl/share/doc/openssl/html/man3/ENGINE_add.html new file mode 100755 index 0000000..49c60f7 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/ENGINE_add.html @@ -0,0 +1,659 @@ + + + + +ENGINE_add + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    ENGINE_get_DH, ENGINE_get_DSA, +ENGINE_by_id, ENGINE_get_cipher_engine, ENGINE_get_default_DH, +ENGINE_get_default_DSA, +ENGINE_get_default_RAND, +ENGINE_get_default_RSA, ENGINE_get_digest_engine, ENGINE_get_first, +ENGINE_get_last, ENGINE_get_next, ENGINE_get_prev, ENGINE_new, +ENGINE_get_ciphers, ENGINE_get_ctrl_function, ENGINE_get_digests, +ENGINE_get_destroy_function, ENGINE_get_finish_function, +ENGINE_get_init_function, ENGINE_get_load_privkey_function, +ENGINE_get_load_pubkey_function, ENGINE_load_private_key, +ENGINE_load_public_key, ENGINE_get_RAND, ENGINE_get_RSA, ENGINE_get_id, +ENGINE_get_name, ENGINE_get_cmd_defns, ENGINE_get_cipher, +ENGINE_get_digest, ENGINE_add, ENGINE_cmd_is_executable, +ENGINE_ctrl, ENGINE_ctrl_cmd, ENGINE_ctrl_cmd_string, +ENGINE_finish, ENGINE_free, ENGINE_get_flags, ENGINE_init, +ENGINE_register_DH, ENGINE_register_DSA, +ENGINE_register_RAND, ENGINE_register_RSA, +ENGINE_register_all_complete, ENGINE_register_ciphers, +ENGINE_register_complete, ENGINE_register_digests, ENGINE_remove, +ENGINE_set_DH, ENGINE_set_DSA, +ENGINE_set_RAND, ENGINE_set_RSA, ENGINE_set_ciphers, +ENGINE_set_cmd_defns, ENGINE_set_ctrl_function, ENGINE_set_default, +ENGINE_set_default_DH, ENGINE_set_default_DSA, +ENGINE_set_default_RAND, ENGINE_set_default_RSA, +ENGINE_set_default_ciphers, ENGINE_set_default_digests, +ENGINE_set_default_string, ENGINE_set_destroy_function, +ENGINE_set_digests, ENGINE_set_finish_function, ENGINE_set_flags, +ENGINE_set_id, ENGINE_set_init_function, ENGINE_set_load_privkey_function, +ENGINE_set_load_pubkey_function, ENGINE_set_name, ENGINE_up_ref, +ENGINE_get_table_flags, ENGINE_cleanup, +ENGINE_load_builtin_engines, ENGINE_register_all_DH, +ENGINE_register_all_DSA, +ENGINE_register_all_RAND, +ENGINE_register_all_RSA, ENGINE_register_all_ciphers, +ENGINE_register_all_digests, ENGINE_set_table_flags, ENGINE_unregister_DH, +ENGINE_unregister_DSA, +ENGINE_unregister_RAND, ENGINE_unregister_RSA, ENGINE_unregister_ciphers, +ENGINE_unregister_digests +- ENGINE cryptographic module support

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/engine.h>
    +
    + ENGINE *ENGINE_get_first(void);
+ ENGINE *ENGINE_get_last(void);
+ ENGINE *ENGINE_get_next(ENGINE *e);
+ ENGINE *ENGINE_get_prev(ENGINE *e);
    +
    + int ENGINE_add(ENGINE *e);
+ int ENGINE_remove(ENGINE *e);
    +
    + ENGINE *ENGINE_by_id(const char *id);
    +
    + int ENGINE_init(ENGINE *e);
+ int ENGINE_finish(ENGINE *e);
    +
    + void ENGINE_load_builtin_engines(void);
    +
    + ENGINE *ENGINE_get_default_RSA(void);
+ ENGINE *ENGINE_get_default_DSA(void);
+ ENGINE *ENGINE_get_default_DH(void);
+ ENGINE *ENGINE_get_default_RAND(void);
+ ENGINE *ENGINE_get_cipher_engine(int nid);
+ ENGINE *ENGINE_get_digest_engine(int nid);
    +
    + int ENGINE_set_default_RSA(ENGINE *e);
+ int ENGINE_set_default_DSA(ENGINE *e);
+ int ENGINE_set_default_DH(ENGINE *e);
+ int ENGINE_set_default_RAND(ENGINE *e);
+ int ENGINE_set_default_ciphers(ENGINE *e);
+ int ENGINE_set_default_digests(ENGINE *e);
+ int ENGINE_set_default_string(ENGINE *e, const char *list);
    +
    + int ENGINE_set_default(ENGINE *e, unsigned int flags);
    +
    + unsigned int ENGINE_get_table_flags(void);
+ void ENGINE_set_table_flags(unsigned int flags);
    +
    + int ENGINE_register_RSA(ENGINE *e);
+ void ENGINE_unregister_RSA(ENGINE *e);
+ void ENGINE_register_all_RSA(void);
+ int ENGINE_register_DSA(ENGINE *e);
+ void ENGINE_unregister_DSA(ENGINE *e);
+ void ENGINE_register_all_DSA(void);
+ int ENGINE_register_DH(ENGINE *e);
+ void ENGINE_unregister_DH(ENGINE *e);
+ void ENGINE_register_all_DH(void);
+ int ENGINE_register_RAND(ENGINE *e);
+ void ENGINE_unregister_RAND(ENGINE *e);
+ void ENGINE_register_all_RAND(void);
+ int ENGINE_register_ciphers(ENGINE *e);
+ void ENGINE_unregister_ciphers(ENGINE *e);
+ void ENGINE_register_all_ciphers(void);
+ int ENGINE_register_digests(ENGINE *e);
+ void ENGINE_unregister_digests(ENGINE *e);
+ void ENGINE_register_all_digests(void);
+ int ENGINE_register_complete(ENGINE *e);
+ int ENGINE_register_all_complete(void);
    +
    + int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
+ int ENGINE_cmd_is_executable(ENGINE *e, int cmd);
+ int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
+                     long i, void *p, void (*f)(void), int cmd_optional);
+ int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
+                            int cmd_optional);
    +
    + ENGINE *ENGINE_new(void);
+ int ENGINE_free(ENGINE *e);
+ int ENGINE_up_ref(ENGINE *e);
    +
    + int ENGINE_set_id(ENGINE *e, const char *id);
+ int ENGINE_set_name(ENGINE *e, const char *name);
+ int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
+ int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
+ int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth);
+ int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth);
+ int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f);
+ int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f);
+ int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f);
+ int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f);
+ int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f);
+ int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f);
+ int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f);
+ int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f);
+ int ENGINE_set_flags(ENGINE *e, int flags);
+ int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns);
    +
    + const char *ENGINE_get_id(const ENGINE *e);
+ const char *ENGINE_get_name(const ENGINE *e);
+ const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e);
+ const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e);
+ const DH_METHOD *ENGINE_get_DH(const ENGINE *e);
+ const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e);
+ ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e);
+ ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e);
+ ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e);
+ ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e);
+ ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e);
+ ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e);
+ ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e);
+ ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e);
+ const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid);
+ const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid);
+ int ENGINE_get_flags(const ENGINE *e);
+ const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e);
    +
    + EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
+                                   UI_METHOD *ui_method, void *callback_data);
+ EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
+                                  UI_METHOD *ui_method, void *callback_data);
    +

    Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + void ENGINE_cleanup(void)
    +

    +

    +
    +

    DESCRIPTION

    +

    These functions create, manipulate, and use cryptographic modules in the +form of ENGINE objects. These objects act as containers for +implementations of cryptographic algorithms, and support a +reference-counted mechanism to allow them to be dynamically loaded in and +out of the running application.

    +

    The cryptographic functionality that can be provided by an ENGINE +implementation includes the following abstractions;

    +
    + RSA_METHOD - for providing alternative RSA implementations
+ DSA_METHOD, DH_METHOD, RAND_METHOD, ECDH_METHOD, ECDSA_METHOD,
+       - similarly for other OpenSSL APIs
+ EVP_CIPHER - potentially multiple cipher algorithms (indexed by 'nid')
+ EVP_DIGEST - potentially multiple hash algorithms (indexed by 'nid')
+ key-loading - loading public and/or private EVP_PKEY keys
    +

    +

    +

    Reference counting and handles

    +

    Due to the modular nature of the ENGINE API, pointers to ENGINEs need to be +treated as handles - ie. not only as pointers, but also as references to +the underlying ENGINE object. Ie. one should obtain a new reference when +making copies of an ENGINE pointer if the copies will be used (and +released) independently.

    +

    ENGINE objects have two levels of reference-counting to match the way in +which the objects are used. At the most basic level, each ENGINE pointer is +inherently a structural reference - a structural reference is required +to use the pointer value at all, as this kind of reference is a guarantee +that the structure can not be deallocated until the reference is released.

    +

    However, a structural reference provides no guarantee that the ENGINE is +initialised and able to use any of its cryptographic +implementations. Indeed it's quite possible that most ENGINEs will not +initialise at all in typical environments, as ENGINEs are typically used to +support specialised hardware. To use an ENGINE's functionality, you need a +functional reference. This kind of reference can be considered a +specialised form of structural reference, because each functional reference +implicitly contains a structural reference as well - however to avoid +difficult-to-find programming bugs, it is recommended to treat the two +kinds of reference independently. If you have a functional reference to an +ENGINE, you have a guarantee that the ENGINE has been initialised and +is ready to perform cryptographic operations, and will remain initialised +until after you have released your reference.

    +

    Structural references

    +

    This basic type of reference is used for instantiating new ENGINEs, +iterating across OpenSSL's internal linked-list of loaded +ENGINEs, reading information about an ENGINE, etc. Essentially a structural +reference is sufficient if you only need to query or manipulate the data of +an ENGINE implementation rather than use its functionality.

    +

    The ENGINE_new() function returns a structural reference to a new (empty) +ENGINE object. There are other ENGINE API functions that return structural +references such as; ENGINE_by_id(), ENGINE_get_first(), ENGINE_get_last(), +ENGINE_get_next(), ENGINE_get_prev(). All structural references should be +released by a corresponding to call to the ENGINE_free() function - the +ENGINE object itself will only actually be cleaned up and deallocated when +the last structural reference is released.

    +

    It should also be noted that many ENGINE API function calls that accept a +structural reference will internally obtain another reference - typically +this happens whenever the supplied ENGINE will be needed by OpenSSL after +the function has returned. Eg. the function to add a new ENGINE to +OpenSSL's internal list is ENGINE_add() - if this function returns success, +then OpenSSL will have stored a new structural reference internally so the +caller is still responsible for freeing their own reference with +ENGINE_free() when they are finished with it. In a similar way, some +functions will automatically release the structural reference passed to it +if part of the function's job is to do so. Eg. the ENGINE_get_next() and +ENGINE_get_prev() functions are used for iterating across the internal +ENGINE list - they will return a new structural reference to the next (or +previous) ENGINE in the list or NULL if at the end (or beginning) of the +list, but in either case the structural reference passed to the function is +released on behalf of the caller.

    +

    To clarify a particular function's handling of references, one should +always consult that function's documentation "man" page, or failing that +the openssl/engine.h header file includes some hints.

    +

    Functional references

    +

    As mentioned, functional references exist when the cryptographic +functionality of an ENGINE is required to be available. A functional +reference can be obtained in one of two ways; from an existing structural +reference to the required ENGINE, or by asking OpenSSL for the default +operational ENGINE for a given cryptographic purpose.

    +

    To obtain a functional reference from an existing structural reference, +call the ENGINE_init() function. This returns zero if the ENGINE was not +already operational and couldn't be successfully initialised (eg. lack of +system drivers, no special hardware attached, etc), otherwise it will +return nonzero to indicate that the ENGINE is now operational and will +have allocated a new functional reference to the ENGINE. All functional +references are released by calling ENGINE_finish() (which removes the +implicit structural reference as well).

    +

    The second way to get a functional reference is by asking OpenSSL for a +default implementation for a given task, eg. by ENGINE_get_default_RSA(), +ENGINE_get_default_cipher_engine(), etc. These are discussed in the next +section, though they are not usually required by application programmers as +they are used automatically when creating and using the relevant +algorithm-specific types in OpenSSL, such as RSA, DSA, EVP_CIPHER_CTX, etc.

    +

    +

    +

    Default implementations

    +

    For each supported abstraction, the ENGINE code maintains an internal table +of state to control which implementations are available for a given +abstraction and which should be used by default. These implementations are +registered in the tables and indexed by an 'nid' value, because +abstractions like EVP_CIPHER and EVP_DIGEST support many distinct +algorithms and modes, and ENGINEs can support arbitrarily many of them. +In the case of other abstractions like RSA, DSA, etc, there is only one +"algorithm" so all implementations implicitly register using the same 'nid' +index.

    +

    When a default ENGINE is requested for a given abstraction/algorithm/mode, (eg. +when calling RSA_new_method(NULL)), a "get_default" call will be made to the +ENGINE subsystem to process the corresponding state table and return a +functional reference to an initialised ENGINE whose implementation should be +used. If no ENGINE should (or can) be used, it will return NULL and the caller +will operate with a NULL ENGINE handle - this usually equates to using the +conventional software implementation. In the latter case, OpenSSL will from +then on behave the way it used to before the ENGINE API existed.

    +

    Each state table has a flag to note whether it has processed this +"get_default" query since the table was last modified, because to process +this question it must iterate across all the registered ENGINEs in the +table trying to initialise each of them in turn, in case one of them is +operational. If it returns a functional reference to an ENGINE, it will +also cache another reference to speed up processing future queries (without +needing to iterate across the table). Likewise, it will cache a NULL +response if no ENGINE was available so that future queries won't repeat the +same iteration unless the state table changes. This behaviour can also be +changed; if the ENGINE_TABLE_FLAG_NOINIT flag is set (using +ENGINE_set_table_flags()), no attempted initialisations will take place, +instead the only way for the state table to return a non-NULL ENGINE to the +"get_default" query will be if one is expressly set in the table. Eg. +ENGINE_set_default_RSA() does the same job as ENGINE_register_RSA() except +that it also sets the state table's cached response for the "get_default" +query. In the case of abstractions like EVP_CIPHER, where implementations are +indexed by 'nid', these flags and cached-responses are distinct for each 'nid' +value.

    +

    +

    +

    Application requirements

    +

    This section will explain the basic things an application programmer should +support to make the most useful elements of the ENGINE functionality +available to the user. The first thing to consider is whether the +programmer wishes to make alternative ENGINE modules available to the +application and user. OpenSSL maintains an internal linked list of +"visible" ENGINEs from which it has to operate - at start-up, this list is +empty and in fact if an application does not call any ENGINE API calls and +it uses static linking against openssl, then the resulting application +binary will not contain any alternative ENGINE code at all. So the first +consideration is whether any/all available ENGINE implementations should be +made visible to OpenSSL - this is controlled by calling the various "load" +functions.

    +

    The fact that ENGINEs are made visible to OpenSSL (and thus are linked into +the program and loaded into memory at run-time) does not mean they are +"registered" or called into use by OpenSSL automatically - that behaviour +is something for the application to control. Some applications +will want to allow the user to specify exactly which ENGINE they want used +if any is to be used at all. Others may prefer to load all support and have +OpenSSL automatically use at run-time any ENGINE that is able to +successfully initialise - ie. to assume that this corresponds to +acceleration hardware attached to the machine or some such thing. There are +probably numerous other ways in which applications may prefer to handle +things, so we will simply illustrate the consequences as they apply to a +couple of simple cases and leave developers to consider these and the +source code to openssl's built-in utilities as guides.

    +

    If no ENGINE API functions are called within an application, then OpenSSL +will not allocate any internal resources. Prior to OpenSSL 1.1.0, however, +if any ENGINEs are loaded, even if not registered or used, it was necessary to +call ENGINE_cleanup() before the program exits.

    +

    Using a specific ENGINE implementation

    +

    Here we'll assume an application has been configured by its user or admin +to want to use the "ACME" ENGINE if it is available in the version of +OpenSSL the application was compiled with. If it is available, it should be +used by default for all RSA, DSA, and symmetric cipher operations, otherwise +OpenSSL should use its built-in software as per usual. The following code +illustrates how to approach this;

    +
    + ENGINE *e;
+ const char *engine_id = "ACME";
+ ENGINE_load_builtin_engines();
+ e = ENGINE_by_id(engine_id);
+ if (!e)
+     /* the engine isn't available */
+     return;
+ if (!ENGINE_init(e)) {
+     /* the engine couldn't initialise, release 'e' */
+     ENGINE_free(e);
+     return;
+ }
+ if (!ENGINE_set_default_RSA(e))
+     /*
+      * This should only happen when 'e' can't initialise, but the previous
+      * statement suggests it did.
+      */
+     abort();
+ ENGINE_set_default_DSA(e);
+ ENGINE_set_default_ciphers(e);
+ /* Release the functional reference from ENGINE_init() */
+ ENGINE_finish(e);
+ /* Release the structural reference from ENGINE_by_id() */
+ ENGINE_free(e);
    +

    Automatically using built-in ENGINE implementations

    +

    Here we'll assume we want to load and register all ENGINE implementations +bundled with OpenSSL, such that for any cryptographic algorithm required by +OpenSSL - if there is an ENGINE that implements it and can be initialised, +it should be used. The following code illustrates how this can work;

    +
    + /* Load all bundled ENGINEs into memory and make them visible */
+ ENGINE_load_builtin_engines();
+ /* Register all of them for every algorithm they collectively implement */
+ ENGINE_register_all_complete();
    +

    That's all that's required. Eg. the next time OpenSSL tries to set up an +RSA key, any bundled ENGINEs that implement RSA_METHOD will be passed to +ENGINE_init() and if any of those succeed, that ENGINE will be set as the +default for RSA use from then on.

    +

    +

    +

    Advanced configuration support

    +

    There is a mechanism supported by the ENGINE framework that allows each +ENGINE implementation to define an arbitrary set of configuration +"commands" and expose them to OpenSSL and any applications based on +OpenSSL. This mechanism is entirely based on the use of name-value pairs +and assumes ASCII input (no unicode or UTF for now!), so it is ideal if +applications want to provide a transparent way for users to provide +arbitrary configuration "directives" directly to such ENGINEs. It is also +possible for the application to dynamically interrogate the loaded ENGINE +implementations for the names, descriptions, and input flags of their +available "control commands", providing a more flexible configuration +scheme. However, if the user is expected to know which ENGINE device he/she +is using (in the case of specialised hardware, this goes without saying) +then applications may not need to concern themselves with discovering the +supported control commands and simply prefer to pass settings into ENGINEs +exactly as they are provided by the user.

    +

    Before illustrating how control commands work, it is worth mentioning what +they are typically used for. Broadly speaking there are two uses for +control commands; the first is to provide the necessary details to the +implementation (which may know nothing at all specific to the host system) +so that it can be initialised for use. This could include the path to any +driver or config files it needs to load, required network addresses, +smart-card identifiers, passwords to initialise protected devices, +logging information, etc etc. This class of commands typically needs to be +passed to an ENGINE before attempting to initialise it, ie. before +calling ENGINE_init(). The other class of commands consist of settings or +operations that tweak certain behaviour or cause certain operations to take +place, and these commands may work either before or after ENGINE_init(), or +in some cases both. ENGINE implementations should provide indications of +this in the descriptions attached to built-in control commands and/or in +external product documentation.

    +

    Issuing control commands to an ENGINE

    +

    Let's illustrate by example; a function for which the caller supplies the +name of the ENGINE it wishes to use, a table of string-pairs for use before +initialisation, and another table for use after initialisation. Note that +the string-pairs used for control commands consist of a command "name" +followed by the command "parameter" - the parameter could be NULL in some +cases but the name can not. This function should initialise the ENGINE +(issuing the "pre" commands beforehand and the "post" commands afterwards) +and set it as the default for everything except RAND and then return a +boolean success or failure.

    +
    + int generic_load_engine_fn(const char *engine_id,
+                            const char **pre_cmds, int pre_num,
+                            const char **post_cmds, int post_num)
+ {
+     ENGINE *e = ENGINE_by_id(engine_id);
+     if (!e) return 0;
+     while (pre_num--) {
+         if (!ENGINE_ctrl_cmd_string(e, pre_cmds[0], pre_cmds[1], 0)) {
+             fprintf(stderr, "Failed command (%s - %s:%s)\n", engine_id,
+                     pre_cmds[0], pre_cmds[1] ? pre_cmds[1] : "(NULL)");
+             ENGINE_free(e);
+             return 0;
+         }
+         pre_cmds += 2;
+     }
+     if (!ENGINE_init(e)) {
+         fprintf(stderr, "Failed initialisation\n");
+         ENGINE_free(e);
+         return 0;
+     }
+     /*
+      * ENGINE_init() returned a functional reference, so free the structural
+      * reference from ENGINE_by_id().
+      */
+     ENGINE_free(e);
+     while (post_num--) {
+         if (!ENGINE_ctrl_cmd_string(e, post_cmds[0], post_cmds[1], 0)) {
+             fprintf(stderr, "Failed command (%s - %s:%s)\n", engine_id,
+                     post_cmds[0], post_cmds[1] ? post_cmds[1] : "(NULL)");
+             ENGINE_finish(e);
+             return 0;
+         }
+         post_cmds += 2;
+     }
+     ENGINE_set_default(e, ENGINE_METHOD_ALL & ~ENGINE_METHOD_RAND);
+     /* Success */
+     return 1;
+ }
    +

    Note that ENGINE_ctrl_cmd_string() accepts a boolean argument that can +relax the semantics of the function - if set nonzero it will only return +failure if the ENGINE supported the given command name but failed while +executing it, if the ENGINE doesn't support the command name it will simply +return success without doing anything. In this case we assume the user is +only supplying commands specific to the given ENGINE so we set this to +FALSE.

    +

    Discovering supported control commands

    +

    It is possible to discover at run-time the names, numerical-ids, descriptions +and input parameters of the control commands supported by an ENGINE using a +structural reference. Note that some control commands are defined by OpenSSL +itself and it will intercept and handle these control commands on behalf of the +ENGINE, ie. the ENGINE's ctrl() handler is not used for the control command. +openssl/engine.h defines an index, ENGINE_CMD_BASE, that all control commands +implemented by ENGINEs should be numbered from. Any command value lower than +this symbol is considered a "generic" command is handled directly by the +OpenSSL core routines.

    +

    It is using these "core" control commands that one can discover the control +commands implemented by a given ENGINE, specifically the commands:

    +
    + ENGINE_HAS_CTRL_FUNCTION
+ ENGINE_CTRL_GET_FIRST_CMD_TYPE
+ ENGINE_CTRL_GET_NEXT_CMD_TYPE
+ ENGINE_CTRL_GET_CMD_FROM_NAME
+ ENGINE_CTRL_GET_NAME_LEN_FROM_CMD
+ ENGINE_CTRL_GET_NAME_FROM_CMD
+ ENGINE_CTRL_GET_DESC_LEN_FROM_CMD
+ ENGINE_CTRL_GET_DESC_FROM_CMD
+ ENGINE_CTRL_GET_CMD_FLAGS
    +

    Whilst these commands are automatically processed by the OpenSSL framework code, +they use various properties exposed by each ENGINE to process these +queries. An ENGINE has 3 properties it exposes that can affect how this behaves; +it can supply a ctrl() handler, it can specify ENGINE_FLAGS_MANUAL_CMD_CTRL in +the ENGINE's flags, and it can expose an array of control command descriptions. +If an ENGINE specifies the ENGINE_FLAGS_MANUAL_CMD_CTRL flag, then it will +simply pass all these "core" control commands directly to the ENGINE's ctrl() +handler (and thus, it must have supplied one), so it is up to the ENGINE to +reply to these "discovery" commands itself. If that flag is not set, then the +OpenSSL framework code will work with the following rules:

    +
    + if no ctrl() handler supplied;
+     ENGINE_HAS_CTRL_FUNCTION returns FALSE (zero),
+     all other commands fail.
+ if a ctrl() handler was supplied but no array of control commands;
+     ENGINE_HAS_CTRL_FUNCTION returns TRUE,
+     all other commands fail.
+ if a ctrl() handler and array of control commands was supplied;
+     ENGINE_HAS_CTRL_FUNCTION returns TRUE,
+     all other commands proceed processing ...
    +

    If the ENGINE's array of control commands is empty then all other commands will +fail, otherwise; ENGINE_CTRL_GET_FIRST_CMD_TYPE returns the identifier of +the first command supported by the ENGINE, ENGINE_GET_NEXT_CMD_TYPE takes the +identifier of a command supported by the ENGINE and returns the next command +identifier or fails if there are no more, ENGINE_CMD_FROM_NAME takes a string +name for a command and returns the corresponding identifier or fails if no such +command name exists, and the remaining commands take a command identifier and +return properties of the corresponding commands. All except +ENGINE_CTRL_GET_FLAGS return the string length of a command name or description, +or populate a supplied character buffer with a copy of the command name or +description. ENGINE_CTRL_GET_FLAGS returns a bitwise-OR'd mask of the following +possible values:

    +
    + ENGINE_CMD_FLAG_NUMERIC
+ ENGINE_CMD_FLAG_STRING
+ ENGINE_CMD_FLAG_NO_INPUT
+ ENGINE_CMD_FLAG_INTERNAL
    +

    If the ENGINE_CMD_FLAG_INTERNAL flag is set, then any other flags are purely +informational to the caller - this flag will prevent the command being usable +for any higher-level ENGINE functions such as ENGINE_ctrl_cmd_string(). +"INTERNAL" commands are not intended to be exposed to text-based configuration +by applications, administrations, users, etc. These can support arbitrary +operations via ENGINE_ctrl(), including passing to and/or from the control +commands data of any arbitrary type. These commands are supported in the +discovery mechanisms simply to allow applications to determine if an ENGINE +supports certain specific commands it might want to use (eg. application "foo" +might query various ENGINEs to see if they implement "FOO_GET_VENDOR_LOGO_GIF" - +and ENGINE could therefore decide whether or not to support this "foo"-specific +extension).

    +

    +

    +
    +

    ENVIRONMENT

    +
    +
    OPENSSL_ENGINES
    + +
    +

    The path to the engines directory. +Ignored in set-user-ID and set-group-ID programs.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    ENGINE_get_first(), ENGINE_get_last(), ENGINE_get_next() and ENGINE_get_prev() +return a valid ENGINE structure or NULL if an error occurred.

    +

    ENGINE_add() and ENGINE_remove() return 1 on success or 0 on error.

    +

    ENGINE_by_id() returns a valid ENGINE structure or NULL if an error occurred.

    +

    ENGINE_init() and ENGINE_finish() return 1 on success or 0 on error.

    +

    All ENGINE_get_default_TYPE() functions, ENGINE_get_cipher_engine() and +ENGINE_get_digest_engine() return a valid ENGINE structure on success or NULL +if an error occurred.

    +

    All ENGINE_set_default_TYPE() functions return 1 on success or 0 on error.

    +

    ENGINE_set_default() returns 1 on success or 0 on error.

    +

    ENGINE_get_table_flags() returns an unsigned integer value representing the +global table flags which are used to control the registration behaviour of +ENGINE implementations.

    +

    All ENGINE_register_TYPE() functions return 1 on success or 0 on error.

    +

    ENGINE_register_complete() and ENGINE_register_all_complete() return 1 on success +or 0 on error.

    +

    ENGINE_ctrl() returns a positive value on success or others on error.

    +

    ENGINE_cmd_is_executable() returns 1 if cmd is executable or 0 otherwise.

    +

    ENGINE_ctrl_cmd() and ENGINE_ctrl_cmd_string() return 1 on success or 0 on error.

    +

    ENGINE_new() returns a valid ENGINE structure on success or NULL if an error +occurred.

    +

    ENGINE_free() returns 1 on success or 0 on error.

    +

    ENGINE_up_ref() returns 1 on success or 0 on error.

    +

    ENGINE_set_id() and ENGINE_set_name() return 1 on success or 0 on error.

    +

    All other ENGINE_set_* functions return 1 on success or 0 on error.

    +

    ENGINE_get_id() and ENGINE_get_name() return a string representing the identifier +and the name of the ENGINE e respectively.

    +

    ENGINE_get_RSA(), ENGINE_get_DSA(), ENGINE_get_DH() and ENGINE_get_RAND() +return corresponding method structures for each algorithms.

    +

    ENGINE_get_destroy_function(), ENGINE_get_init_function(), +ENGINE_get_finish_function(), ENGINE_get_ctrl_function(), +ENGINE_get_load_privkey_function(), ENGINE_get_load_pubkey_function(), +ENGINE_get_ciphers() and ENGINE_get_digests() return corresponding function +pointers of the callbacks.

    +

    ENGINE_get_cipher() returns a valid EVP_CIPHER structure on success or NULL +if an error occurred.

    +

    ENGINE_get_digest() returns a valid EVP_MD structure on success or NULL if an +error occurred.

    +

    ENGINE_get_flags() returns an integer representing the ENGINE flags which are +used to control various behaviours of an ENGINE.

    +

    ENGINE_get_cmd_defns() returns an ENGINE_CMD_DEFN structure or NULL if it's +not set.

    +

    ENGINE_load_private_key() and ENGINE_load_public_key() return a valid EVP_PKEY +structure on success or NULL if an error occurred.

    +

    +

    +
    +

    SEE ALSO

    +

    OPENSSL_init_crypto(3), RSA_new_method(3), DSA_new(3), DH_new(3), +RAND_bytes(3), config(5)

    +

    +

    +
    +

    HISTORY

    +

    ENGINE_cleanup() was deprecated in OpenSSL 1.1.0 by the automatic cleanup +done by OPENSSL_cleanup() +and should not be used.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/ERR_GET_LIB.html b/linux_amd64/ssl/share/doc/openssl/html/man3/ERR_GET_LIB.html new file mode 100755 index 0000000..1fdee3a --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/ERR_GET_LIB.html @@ -0,0 +1,101 @@ + + + + +ERR_GET_LIB + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    ERR_GET_LIB, ERR_GET_FUNC, ERR_GET_REASON, ERR_FATAL_ERROR +- get information from error codes

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/err.h>
    +
    + int ERR_GET_LIB(unsigned long e);
    +
    + int ERR_GET_FUNC(unsigned long e);
    +
    + int ERR_GET_REASON(unsigned long e);
    +
    + int ERR_FATAL_ERROR(unsigned long e);
    +

    +

    +
    +

    DESCRIPTION

    +

    The error code returned by ERR_get_error() consists of a library +number, function code and reason code. ERR_GET_LIB(), ERR_GET_FUNC() +and ERR_GET_REASON() can be used to extract these.

    +

    ERR_FATAL_ERROR() indicates whether a given error code is a fatal error.

    +

    The library number and function code describe where the error +occurred, the reason code is the information about what went wrong.

    +

    Each sub-library of OpenSSL has a unique library number; function and +reason codes are unique within each sub-library. Note that different +libraries may use the same value to signal different functions and +reasons.

    +

    ERR_R_... reason codes such as ERR_R_MALLOC_FAILURE are globally +unique. However, when checking for sub-library specific reason codes, +be sure to also compare the library number.

    +

    ERR_GET_LIB(), ERR_GET_FUNC(), ERR_GET_REASON(), and ERR_FATAL_ERROR() +are macros.

    +

    +

    +
    +

    RETURN VALUES

    +

    The library number, function code, reason code, and whether the error +is fatal, respectively. +Starting with OpenSSL 3.0.0, the function code is always set to zero.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3)

    +

    +

    +
    +

    HISTORY

    +

    ERR_GET_LIB(), ERR_GET_FUNC() and ERR_GET_REASON() are available in +all versions of OpenSSL.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/ERR_clear_error.html b/linux_amd64/ssl/share/doc/openssl/html/man3/ERR_clear_error.html new file mode 100755 index 0000000..e9edbee --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/ERR_clear_error.html @@ -0,0 +1,71 @@ + + + + +ERR_clear_error + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    ERR_clear_error - clear the error queue

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/err.h>
    +
    + void ERR_clear_error(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    ERR_clear_error() empties the current thread's error queue.

    +

    +

    +
    +

    RETURN VALUES

    +

    ERR_clear_error() has no return value.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/ERR_error_string.html b/linux_amd64/ssl/share/doc/openssl/html/man3/ERR_error_string.html new file mode 100755 index 0000000..c7986d2 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/ERR_error_string.html @@ -0,0 +1,111 @@ + + + + +ERR_error_string + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    ERR_error_string, ERR_error_string_n, ERR_lib_error_string, +ERR_func_error_string, ERR_reason_error_string - obtain human-readable +error message

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/err.h>
    +
    + char *ERR_error_string(unsigned long e, char *buf);
+ void ERR_error_string_n(unsigned long e, char *buf, size_t len);
    +
    + const char *ERR_lib_error_string(unsigned long e);
+ const char *ERR_reason_error_string(unsigned long e);
    +

    Deprecated in OpenSSL 3.0:

    +
    + const char *ERR_func_error_string(unsigned long e);
    +

    +

    +
    +

    DESCRIPTION

    +

    ERR_error_string() generates a human-readable string representing the +error code e, and places it at buf. buf must be at least 256 +bytes long. If buf is NULL, the error string is placed in a +static buffer. +Note that this function is not thread-safe and does no checks on the size +of the buffer; use ERR_error_string_n() instead.

    +

    ERR_error_string_n() is a variant of ERR_error_string() that writes +at most len characters (including the terminating 0) +and truncates the string if necessary. +For ERR_error_string_n(), buf may not be NULL.

    +

    The string will have the following format:

    +
    + error:[error code]:[library name]::[reason string]
    +

    error code is an 8 digit hexadecimal number, library name and +reason string are ASCII text.

    +

    ERR_lib_error_string() and ERR_reason_error_string() return the library +name and reason string respectively.

    +

    If there is no text string registered for the given error code, +the error string will contain the numeric code.

    +

    ERR_print_errors(3) can be used to print +all error codes currently in the queue.

    +

    +

    +
    +

    RETURN VALUES

    +

    ERR_error_string() returns a pointer to a static buffer containing the +string if buf == NULL, buf otherwise.

    +

    ERR_lib_error_string() and ERR_reason_error_string() return the strings, +and NULL if none is registered for the error code.

    +

    ERR_func_error_string() returns NULL.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), +ERR_print_errors(3)

    +

    +

    +
    +

    HISTORY

    +

    ERR_func_error_string() became deprecated in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/ERR_get_error.html b/linux_amd64/ssl/share/doc/openssl/html/man3/ERR_get_error.html new file mode 100755 index 0000000..2c460ab --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/ERR_get_error.html @@ -0,0 +1,162 @@ + + + + +ERR_get_error + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    ERR_get_error, ERR_peek_error, ERR_peek_last_error, +ERR_get_error_line, ERR_peek_error_line, ERR_peek_last_error_line, +ERR_get_error_func, ERR_peek_error_func, ERR_peek_last_error_func, +ERR_get_error_data, ERR_peek_error_data, ERR_peek_last_error_data, +ERR_get_error_all, ERR_peek_error_all, ERR_peek_last_error_all, +ERR_get_error_line_data, ERR_peek_error_line_data, ERR_peek_last_error_line_data +- obtain error code and data

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/err.h>
    +
    + unsigned long ERR_get_error(void);
+ unsigned long ERR_peek_error(void);
+ unsigned long ERR_peek_last_error(void);
    +
    + unsigned long ERR_get_error_line(const char **file, int *line);
+ unsigned long ERR_peek_error_line(const char **file, int *line);
+ unsigned long ERR_peek_last_error_line(const char **file, int *line);
    +
    + unsigned long ERR_get_error_func(const char **func);
+ unsigned long ERR_peek_error_func(const char **func);
+ unsigned long ERR_peek_last_error_func(const char **func);
    +
    + unsigned long ERR_get_error_data(const char **data, int *flags);
+ unsigned long ERR_peek_error_data(const char **data, int *flags);
+ unsigned long ERR_peek_last_error_data(const char **data, int *flags);
    +
    + unsigned long ERR_get_error_all(const char **file, int *line,
+                                 const char *func,
+                                 const char **data, int *flags);
+ unsigned long ERR_peek_error_all(const char **file, int *line,
+                                  const char *func,
+                                  const char **data, int *flags);
+ unsigned long ERR_peek_last_error_all(const char **file, int *line,
+                                       const char *func,
+                                       const char **data, int *flags);
    +

    Deprecated since OpenSSL 3.0:

    +
    + unsigned long ERR_get_error_line_data(const char **file, int *line,
+                                       const char **data, int *flags);
+ unsigned long ERR_peek_error_line_data(const char **file, int *line,
+                                        const char **data, int *flags);
+ unsigned long ERR_peek_last_error_line_data(const char **file, int *line,
+                                             const char **data, int *flags);
    +

    +

    +
    +

    DESCRIPTION

    +

    ERR_get_error() returns the earliest error code from the thread's error +queue and removes the entry. This function can be called repeatedly +until there are no more error codes to return.

    +

    ERR_peek_error() returns the earliest error code from the thread's +error queue without modifying it.

    +

    ERR_peek_last_error() returns the latest error code from the thread's +error queue without modifying it.

    +

    See ERR_GET_LIB(3) for obtaining further specific information +such as the reason of the error, +and ERR_error_string(3) for human-readable error messages.

    +

    ERR_get_error_line(), ERR_peek_error_line() and +ERR_peek_last_error_line() are the same as ERR_get_error(), +ERR_peek_error() and ERR_peek_last_error(), but on success they +additionally store the filename and line number where +the error occurred in *file and *line, as far as they are not NULL. +An unset filename is indicated as "", i.e., an empty string. +An unset line number is indicated as 0.

    +

    A pointer returned this way by these functions and the ones below +is valid until the respective entry is removed from the error queue.

    +

    ERR_get_error_func(), ERR_peek_error_func() and +ERR_peek_last_error_func() are the same as ERR_get_error(), +ERR_peek_error() and ERR_peek_last_error(), but on success they +additionally store the name of the function where the error occurred +in *func, unless it is NULL. +An unset function name is indicated as "".

    +

    ERR_get_error_data(), ERR_peek_error_data() and +ERR_peek_last_error_data() are the same as ERR_get_error(), +ERR_peek_error() and ERR_peek_last_error(), but on success they +additionally store additional data and flags associated with the error +code in *data and *flags, as far as they are not NULL. +Unset data is indicated as "". +In this case the value given for the flag is irrelevant (and equals 0). +*data contains a string if *flags&ERR_TXT_STRING is true.

    +

    ERR_get_error_all(), ERR_peek_error_all() and +ERR_peek_last_error_all() are combinations of all of the above.

    +

    ERR_get_error_line_data(), ERR_peek_error_line_data() and +ERR_peek_last_error_line_data() are older variants of ERR_get_error_all(), +ERR_peek_error_all() and ERR_peek_last_error_all(), and should no longer +be used.

    +

    An application MUST NOT free the *data pointer (or any other pointers +returned by these functions) with OPENSSL_free() as freeing is handled +automatically by the error library.

    +

    +

    +
    +

    RETURN VALUES

    +

    The error code, or 0 if there is no error in the queue.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_error_string(3), +ERR_GET_LIB(3)

    +

    +

    +
    +

    HISTORY

    +

    ERR_get_error_func(), ERR_peek_error_func(), ERR_peek_last_error_func(), +ERR_get_error_data(), ERR_peek_error_data(), ERR_peek_last_error_data(), +ERR_get_error_all(), ERR_peek_error_all() and ERR_peek_last_error_all() +were added in OpenSSL 3.0.

    +

    ERR_get_error_line_data(), ERR_peek_error_line_data() and +ERR_peek_last_error_line_data() became deprecated in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/ERR_load_crypto_strings.html b/linux_amd64/ssl/share/doc/openssl/html/man3/ERR_load_crypto_strings.html new file mode 100755 index 0000000..60f83ef --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/ERR_load_crypto_strings.html @@ -0,0 +1,93 @@ + + + + +ERR_load_crypto_strings + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    ERR_load_crypto_strings, SSL_load_error_strings, ERR_free_strings - +load and free error strings

    +

    +

    +
    +

    SYNOPSIS

    +

    Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + #include <openssl/err.h>
    +
    + void ERR_load_crypto_strings(void);
+ void ERR_free_strings(void);
    +
    + #include <openssl/ssl.h>
    +
    + void SSL_load_error_strings(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    ERR_load_crypto_strings() registers the error strings for all +libcrypto functions. SSL_load_error_strings() does the same, +but also registers the libssl error strings.

    +

    In versions prior to OpenSSL 1.1.0, +ERR_free_strings() releases any resources created by the above functions.

    +

    +

    +
    +

    RETURN VALUES

    +

    ERR_load_crypto_strings(), SSL_load_error_strings() and +ERR_free_strings() return no values.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_error_string(3)

    +

    +

    +
    +

    HISTORY

    +

    The ERR_load_crypto_strings(), SSL_load_error_strings(), and +ERR_free_strings() functions were deprecated in OpenSSL 1.1.0 by +OPENSSL_init_crypto() and OPENSSL_init_ssl() and should not be used.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/ERR_load_strings.html b/linux_amd64/ssl/share/doc/openssl/html/man3/ERR_load_strings.html new file mode 100755 index 0000000..0d7ba13 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/ERR_load_strings.html @@ -0,0 +1,91 @@ + + + + +ERR_load_strings + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    ERR_load_strings, ERR_PACK, ERR_get_next_error_library - load +arbitrary error strings

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/err.h>
    +
    + void ERR_load_strings(int lib, ERR_STRING_DATA str[]);
    +
    + int ERR_get_next_error_library(void);
    +
    + unsigned long ERR_PACK(int lib, int func, int reason);
    +

    +

    +
    +

    DESCRIPTION

    +

    ERR_load_strings() registers error strings for library number lib.

    +

    str is an array of error string data:

    +
    + typedef struct ERR_string_data_st
+ {
+     unsigned long error;
+     char *string;
+ } ERR_STRING_DATA;
    +

    The error code is generated from the library number and a function and +reason code: error = ERR_PACK(lib, func, reason). +ERR_PACK() is a macro.

    +

    The last entry in the array is {0,0}.

    +

    ERR_get_next_error_library() can be used to assign library numbers +to user libraries at run time.

    +

    +

    +
    +

    RETURN VALUES

    +

    ERR_load_strings() returns no value. ERR_PACK() return the error code. +ERR_get_next_error_library() returns zero on failure, otherwise a new +library number.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_load_strings(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/ERR_new.html b/linux_amd64/ssl/share/doc/openssl/html/man3/ERR_new.html new file mode 100755 index 0000000..2bac936 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/ERR_new.html @@ -0,0 +1,111 @@ + + + + +ERR_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    ERR_new, ERR_set_debug, ERR_set_error, ERR_vset_error +- Error recording building blocks

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/err.h>
    +
    + void ERR_new(void);
+ void ERR_set_debug(const char *file, int line, const char *func);
+ void ERR_set_error(int lib, int reason, const char *fmt, ...);
+ void ERR_vset_error(int lib, int reason, const char *fmt, va_list args);
    +

    +

    +
    +

    DESCRIPTION

    +

    The functions described here are generally not used directly, but +rather through macros such as ERR_raise(3). +They can still be useful for anyone that wants to make their own +macros.

    +

    ERR_new() allocates a new slot in the thread's error queue.

    +

    ERR_set_debug() sets the debug information related to the current +error in the thread's error queue. +The values that can be given are the filename file, line in the +file line and the name of the function func where the error +occurred. +The names must be constant, this function will only save away the +pointers, not copy the strings.

    +

    ERR_set_error() sets the error information, which are the library +number lib and the reason code reason, and additional data as a +format string fmt and an arbitrary number of arguments. +The additional data is processed with BIO_snprintf(3) to form the +additional data string, which is allocated and store in the error +record.

    +

    ERR_vset_error() works like ERR_set_error(), but takes a va_list +argument instead of a variable number of arguments.

    +

    +

    +
    +

    RETURN VALUES

    +

    ERR_new, ERR_set_debug, ERR_set_error and ERR_vset_error +do not return any values.

    +

    +

    +
    +

    NOTES

    +

    The library number is unique to each unit that records errors. +OpenSSL has a number of pre-allocated ones for its own uses, but +others may allocate their own library number dynamically with +ERR_get_next_error_library(3).

    +

    Reason codes are unique within each library, and may have an +associated set of strings as a short description of the reason. +For dynamically allocated library numbers, reason strings are recorded +with ERR_load_strings(3).

    +

    Provider authors are supplied with core versions of these functions, +see provider-base(7).

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_raise(3), ERR_get_next_error_library(3), +ERR_load_strings(3), BIO_snprintf(3), provider-base(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/ERR_print_errors.html b/linux_amd64/ssl/share/doc/openssl/html/man3/ERR_print_errors.html new file mode 100755 index 0000000..7559dc8 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/ERR_print_errors.html @@ -0,0 +1,90 @@ + + + + +ERR_print_errors + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    ERR_print_errors, ERR_print_errors_fp, ERR_print_errors_cb +- print error messages

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/err.h>
    +
    + void ERR_print_errors(BIO *bp);
+ void ERR_print_errors_fp(FILE *fp);
+ void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u), void *u)
    +

    +

    +
    +

    DESCRIPTION

    +

    ERR_print_errors() is a convenience function that prints the error +strings for all errors that OpenSSL has recorded to bp, thus +emptying the error queue.

    +

    ERR_print_errors_fp() is the same, except that the output goes to a +FILE.

    +

    ERR_print_errors_cb() is the same, except that the callback function, +cb, is called for each error line with the string, length, and userdata +u as the callback parameters.

    +

    The error strings will have the following format:

    +
    + [pid]:error:[error code]:[library name]:[function name]:[reason string]:[filename]:[line]:[optional text message]
    +

    error code is an 8 digit hexadecimal number. library name, +function name and reason string are ASCII text, as is optional +text message if one was set for the respective error code.

    +

    If there is no text string registered for the given error code, +the error string will contain the numeric code.

    +

    +

    +
    +

    RETURN VALUES

    +

    ERR_print_errors() and ERR_print_errors_fp() return no values.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_error_string(3), +ERR_get_error(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/ERR_put_error.html b/linux_amd64/ssl/share/doc/openssl/html/man3/ERR_put_error.html new file mode 100755 index 0000000..3714130 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/ERR_put_error.html @@ -0,0 +1,155 @@ + + + + +ERR_put_error + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    ERR_raise, ERR_raise_data, +ERR_put_error, ERR_add_error_data, ERR_add_error_vdata, +ERR_add_error_txt, ERR_add_error_mem_bio +- record an error

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/err.h>
    +
    + void ERR_raise(int lib, int reason);
+ void ERR_raise_data(int lib, int reason, const char *fmt, ...);
    +
    + void ERR_add_error_data(int num, ...);
+ void ERR_add_error_vdata(int num, va_list arg);
+ void ERR_add_error_txt(const char *sep, const char *txt);
+ void ERR_add_error_mem_bio(const char *sep, BIO *bio);
    +

    Deprecated since OpenSSL 3.0:

    +
    + void ERR_put_error(int lib, int func, int reason, const char *file, int line);
    +

    +

    +
    +

    DESCRIPTION

    +

    ERR_raise() adds a new error to the thread's error queue. The +error occurred in the library lib for the reason given by the +reason code. Furthermore, the name of the file, the line, and name +of the function where the error occurred is saved with the error +record.

    +

    ERR_raise_data() does the same thing as ERR_raise(), but also lets the +caller specify additional information as a format string fmt and an +arbitrary number of values, which are processed with BIO_snprintf(3).

    +

    ERR_put_error() adds an error code to the thread's error queue. It +signals that the error of reason code reason occurred in function +func of library lib, in line number line of file. +This function is usually called by a macro.

    +

    ERR_add_error_data() associates the concatenation of its num string +arguments as additional data with the error code added last. +ERR_add_error_vdata() is similar except the argument is a va_list. +Multiple calls to these functions append to the current top of the error queue. +The total length of the string data per error is limited to 4096 characters.

    +

    ERR_add_error_txt() appends the given text string as additional data to the +last error queue entry, after inserting the optional separator string if it is +not NULL and the top error entry does not yet have additional data. +In case the separator is at the end of the text it is not appended to the data. +The sep argument may be for instance "\n" to insert a line break when needed. +If the associated data would become more than 4096 characters long +(which is the limit given above) +it is split over sufficiently many new copies of the last error queue entry.

    +

    ERR_add_error_mem_bio() is the same as ERR_add_error_txt() except that +the text string is taken from the given memory BIO. +It appends '\0' to the BIO contents if not already NUL-terminated.

    +

    ERR_load_strings(3) can be used to register +error strings so that the application can a generate human-readable +error messages for the error code.

    +

    +

    +

    Reporting errors

    +

    Each sub-library has a specific macro XXXerr() that is used to report +errors. Its first argument is a function code XXX_F_..., the second +argument is a reason code XXX_R_.... Function codes are derived +from the function names; reason codes consist of textual error +descriptions. For example, the function ssl3_read_bytes() reports a +"handshake failure" as follows:

    +
    + SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
    +

    Function and reason codes should consist of uppercase characters, +numbers and underscores only. The error file generation script translates +function codes into function names by looking in the header files +for an appropriate function name, if none is found it just uses +the capitalized form such as "SSL3_READ_BYTES" in the above example.

    +

    The trailing section of a reason code (after the "_R_") is translated +into lowercase and underscores changed to spaces.

    +

    Although a library will normally report errors using its own specific +XXXerr macro, another library's macro can be used. This is normally +only done when a library wants to include ASN1 code which must use +the ASN1err() macro.

    +

    +

    +
    +

    RETURN VALUES

    +

    ERR_raise(), ERR_put_error(), +ERR_add_error_data(), ERR_add_error_vdata() +ERR_add_error_txt(), and ERR_add_error_mem_bio() +return no values.

    +

    +

    +
    +

    NOTES

    +

    ERR_raise() and ERR_put_error() are implemented as macros.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_load_strings(3)

    +

    +

    +
    +

    HISTORY

    +

    ERR_add_error_txt and ERR_add_error_mem_bio were added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/ERR_remove_state.html b/linux_amd64/ssl/share/doc/openssl/html/man3/ERR_remove_state.html new file mode 100755 index 0000000..6361e20 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/ERR_remove_state.html @@ -0,0 +1,88 @@ + + + + +ERR_remove_state + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    ERR_remove_thread_state, ERR_remove_state - DEPRECATED

    +

    +

    +
    +

    SYNOPSIS

    +

    Deprecated since OpenSSL 1.0.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + void ERR_remove_state(unsigned long tid);
    +

    Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + void ERR_remove_thread_state(void *tid);
    +

    +

    +
    +

    DESCRIPTION

    +

    ERR_remove_state() frees the error queue associated with the specified +thread, identified by tid. +ERR_remove_thread_state() does the same thing, except the identifier is +an opaque pointer.

    +

    +

    +
    +

    RETURN VALUES

    +

    ERR_remove_state() and ERR_remove_thread_state() return no value.

    +

    +

    +
    +

    SEE ALSO

    +

    LOPENSSL_init_crypto(3)

    +

    +

    +
    +

    HISTORY

    +

    ERR_remove_state() was deprecated in OpenSSL 1.0.0 and +ERR_remove_thread_state() was deprecated in OpenSSL 1.1.0; these functions +and should not be used.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/ERR_set_mark.html b/linux_amd64/ssl/share/doc/openssl/html/man3/ERR_set_mark.html new file mode 100755 index 0000000..d71f416 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/ERR_set_mark.html @@ -0,0 +1,72 @@ + + + + +ERR_set_mark + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    ERR_set_mark, ERR_pop_to_mark - set marks and pop errors until mark

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/err.h>
    +
    + int ERR_set_mark(void);
    +
    + int ERR_pop_to_mark(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    ERR_set_mark() sets a mark on the current topmost error record if there +is one.

    +

    ERR_pop_to_mark() will pop the top of the error stack until a mark is found. +The mark is then removed. If there is no mark, the whole stack is removed.

    +

    +

    +
    +

    RETURN VALUES

    +

    ERR_set_mark() returns 0 if the error stack is empty, otherwise 1.

    +

    ERR_pop_to_mark() returns 0 if there was no mark in the error stack, which +implies that the stack became empty, otherwise 1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2003-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_ASYM_CIPHER_free.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_ASYM_CIPHER_free.html new file mode 100755 index 0000000..0f7dab7 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_ASYM_CIPHER_free.html @@ -0,0 +1,118 @@ + + + + +EVP_ASYM_CIPHER_free + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_ASYM_CIPHER_fetch, EVP_ASYM_CIPHER_free, EVP_ASYM_CIPHER_up_ref, +EVP_ASYM_CIPHER_number, EVP_ASYM_CIPHER_is_a, EVP_ASYM_CIPHER_provider, +EVP_ASYM_CIPHER_do_all_provided, EVP_ASYM_CIPHER_names_do_all +- Functions to manage EVP_ASYM_CIPHER algorithm objects

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + EVP_ASYM_CIPHER *EVP_ASYM_CIPHER_fetch(OPENSSL_CTX *ctx, const char *algorithm,
+                                        const char *properties);
+ void EVP_ASYM_CIPHER_free(EVP_ASYM_CIPHER *cipher);
+ int EVP_ASYM_CIPHER_up_ref(EVP_ASYM_CIPHER *cipher);
+ int EVP_ASYM_CIPHER_number(const EVP_ASYM_CIPHER *cipher);
+ int EVP_ASYM_CIPHER_is_a(const EVP_ASYM_CIPHER *cipher, const char *name);
+ OSSL_PROVIDER *EVP_ASYM_CIPHER_provider(const EVP_ASYM_CIPHER *cipher);
+ void EVP_ASYM_CIPHER_do_all_provided(OPENSSL_CTX *libctx,
+                                      void (*fn)(EVP_ASYM_CIPHER *cipher,
+                                                 void *arg),
+                                      void *arg);
+ void EVP_ASYM_CIPHER_names_do_all(const EVP_ASYM_CIPHER *cipher,
+                                   void (*fn)(const char *name, void *data),
+                                   void *data);
    +

    +

    +
    +

    DESCRIPTION

    +

    EVP_ASYM_CIPHER_fetch() fetches the implementation for the given +algorithm from any provider offering it, within the criteria given +by the properties and in the scope of the given library context ctx (see +OPENSSL_CTX(3)). The algorithm will be one offering functions for performing +asymmetric cipher related tasks such as asymmetric encryption and decryption. +See provider(7)/Fetching algorithms for further information.

    +

    The returned value must eventually be freed with EVP_ASYM_CIPHER_free().

    +

    EVP_ASYM_CIPHER_free() decrements the reference count for the EVP_ASYM_CIPHER +structure. Typically this structure will have been obtained from an earlier call +to EVP_ASYM_CIPHER_fetch(). If the reference count drops to 0 then the +structure is freed.

    +

    EVP_ASYM_CIPHER_up_ref() increments the reference count for an +EVP_ASYM_CIPHER structure.

    +

    EVP_ASYM_CIPHER_is_a() returns 1 if cipher is an implementation of an +algorithm that's identifiable with name, otherwise 0.

    +

    EVP_ASYM_CIPHER_provider() returns the provider that cipher was fetched from.

    +

    EVP_ASYM_CIPHER_do_all_provided() traverses all EVP_ASYM_CIPHERs implemented by +all activated providers in the given library context libctx, and for each of +the implementations, calls the given function fn with the implementation +method and the given arg as argument.

    +

    EVP_ASYM_CIPHER_number() returns the internal dynamic number assigned to +cipher.

    +

    EVP_ASYM_CIPHER_names_do_all() traverses all names for cipher, and calls +fn with each name and data.

    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_ASYM_CIPHER_fetch() returns a pointer to an EVP_ASYM_CIPHER for success +or NULL for failure.

    +

    EVP_ASYM_CIPHER_up_ref() returns 1 for success or 0 otherwise.

    +

    +

    +
    +

    SEE ALSO

    +

    provider(7)/Fetching algorithms, OSSL_PROVIDER(3)

    +

    +

    +
    +

    HISTORY

    +

    The functions described here were added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_BytesToKey.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_BytesToKey.html new file mode 100755 index 0000000..4f0b87c --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_BytesToKey.html @@ -0,0 +1,114 @@ + + + + +EVP_BytesToKey + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_BytesToKey - password based encryption routine

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
+                    const unsigned char *salt,
+                    const unsigned char *data, int datal, int count,
+                    unsigned char *key, unsigned char *iv);
    +

    +

    +
    +

    DESCRIPTION

    +

    EVP_BytesToKey() derives a key and IV from various parameters. type is +the cipher to derive the key and IV for. md is the message digest to use. +The salt parameter is used as a salt in the derivation: it should point to +an 8 byte buffer or NULL if no salt is used. data is a buffer containing +datal bytes which is used to derive the keying data. count is the +iteration count to use. The derived key and IV will be written to key +and iv respectively.

    +

    +

    +
    +

    NOTES

    +

    A typical application of this function is to derive keying material for an +encryption algorithm from a password in the data parameter.

    +

    Increasing the count parameter slows down the algorithm which makes it +harder for an attacker to perform a brute force attack using a large number +of candidate passwords.

    +

    If the total key and IV length is less than the digest length and +MD5 is used then the derivation algorithm is compatible with PKCS#5 v1.5 +otherwise a non standard extension is used to derive the extra data.

    +

    Newer applications should use a more modern algorithm such as PBKDF2 as +defined in PKCS#5v2.1 and provided by PKCS5_PBKDF2_HMAC.

    +

    +

    +
    +

    KEY DERIVATION ALGORITHM

    +

    The key and IV is derived by concatenating D_1, D_2, etc until +enough data is available for the key and IV. D_i is defined as:

    +
    +        D_i = HASH^count(D_(i-1) || data || salt)
    +

    where || denotes concatenation, D_0 is empty, HASH is the digest +algorithm in use, HASH^1(data) is simply HASH(data), HASH^2(data) +is HASH(HASH(data)) and so on.

    +

    The initial bytes are used for the key and the subsequent bytes for +the IV.

    +

    +

    +
    +

    RETURN VALUES

    +

    If data is NULL, then EVP_BytesToKey() returns the number of bytes +needed to store the derived key. +Otherwise, EVP_BytesToKey() returns the size of the derived key in bytes, +or 0 on error.

    +

    +

    +
    +

    SEE ALSO

    +

    evp(7), RAND_bytes(3), +PKCS5_PBKDF2_HMAC(3), +EVP_EncryptInit(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_CIPHER_CTX_get_cipher_data.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_CIPHER_CTX_get_cipher_data.html new file mode 100755 index 0000000..cf89172 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_CIPHER_CTX_get_cipher_data.html @@ -0,0 +1,86 @@ + + + + +EVP_CIPHER_CTX_get_cipher_data + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_CIPHER_CTX_get_cipher_data, EVP_CIPHER_CTX_set_cipher_data - Routines to +inspect and modify EVP_CIPHER_CTX objects

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + void *EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx);
+ void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data);
    +

    +

    +
    +

    DESCRIPTION

    +

    The EVP_CIPHER_CTX_get_cipher_data() function returns a pointer to the cipher +data relevant to EVP_CIPHER_CTX. The contents of this data is specific to the +particular implementation of the cipher. For example this data can be used by +engines to store engine specific information. The data is automatically +allocated and freed by OpenSSL, so applications and engines should not normally +free this directly (but see below).

    +

    The EVP_CIPHER_CTX_set_cipher_data() function allows an application or engine to +replace the cipher data with new data. A pointer to any existing cipher data is +returned from this function. If the old data is no longer required then it +should be freed through a call to OPENSSL_free().

    +

    +

    +
    +

    RETURN VALUES

    +

    The EVP_CIPHER_CTX_get_cipher_data() function returns a pointer to the current +cipher data for the EVP_CIPHER_CTX.

    +

    The EVP_CIPHER_CTX_set_cipher_data() function returns a pointer to the old +cipher data for the EVP_CIPHER_CTX.

    +

    +

    +
    +

    HISTORY

    +

    The EVP_CIPHER_CTX_get_cipher_data() and EVP_CIPHER_CTX_set_cipher_data() +functions were added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_CIPHER_meth_new.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_CIPHER_meth_new.html new file mode 100755 index 0000000..201ec1f --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_CIPHER_meth_new.html @@ -0,0 +1,283 @@ + + + + +EVP_CIPHER_meth_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_CIPHER_meth_new, EVP_CIPHER_meth_dup, EVP_CIPHER_meth_free, +EVP_CIPHER_meth_set_iv_length, EVP_CIPHER_meth_set_flags, +EVP_CIPHER_meth_set_impl_ctx_size, EVP_CIPHER_meth_set_init, +EVP_CIPHER_meth_set_do_cipher, EVP_CIPHER_meth_set_cleanup, +EVP_CIPHER_meth_set_set_asn1_params, EVP_CIPHER_meth_set_get_asn1_params, +EVP_CIPHER_meth_set_ctrl, EVP_CIPHER_meth_get_init, +EVP_CIPHER_meth_get_do_cipher, EVP_CIPHER_meth_get_cleanup, +EVP_CIPHER_meth_get_set_asn1_params, EVP_CIPHER_meth_get_get_asn1_params, +EVP_CIPHER_meth_get_ctrl +- Routines to build up EVP_CIPHER methods

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len);
+ EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher);
+ void EVP_CIPHER_meth_free(EVP_CIPHER *cipher);
    +
    + int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len);
+ int EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags);
+ int EVP_CIPHER_meth_set_impl_ctx_size(EVP_CIPHER *cipher, int ctx_size);
+ int EVP_CIPHER_meth_set_init(EVP_CIPHER *cipher,
+                              int (*init)(EVP_CIPHER_CTX *ctx,
+                                          const unsigned char *key,
+                                          const unsigned char *iv,
+                                          int enc));
+ int EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher,
+                                   int (*do_cipher)(EVP_CIPHER_CTX *ctx,
+                                                    unsigned char *out,
+                                                    const unsigned char *in,
+                                                    size_t inl));
+ int EVP_CIPHER_meth_set_cleanup(EVP_CIPHER *cipher,
+                                 int (*cleanup)(EVP_CIPHER_CTX *));
+ int EVP_CIPHER_meth_set_set_asn1_params(EVP_CIPHER *cipher,
+                                         int (*set_asn1_parameters)(EVP_CIPHER_CTX *,
+                                                                    ASN1_TYPE *));
+ int EVP_CIPHER_meth_set_get_asn1_params(EVP_CIPHER *cipher,
+                                         int (*get_asn1_parameters)(EVP_CIPHER_CTX *,
+                                                                    ASN1_TYPE *));
+ int EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher,
+                              int (*ctrl)(EVP_CIPHER_CTX *, int type,
+                                          int arg, void *ptr));
    +
    + int (*EVP_CIPHER_meth_get_init(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx,
+                                                           const unsigned char *key,
+                                                           const unsigned char *iv,
+                                                           int enc);
+ int (*EVP_CIPHER_meth_get_do_cipher(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx,
+                                                                unsigned char *out,
+                                                                const unsigned char *in,
+                                                                size_t inl);
+ int (*EVP_CIPHER_meth_get_cleanup(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *);
+ int (*EVP_CIPHER_meth_get_set_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *,
+                                                                      ASN1_TYPE *);
+ int (*EVP_CIPHER_meth_get_get_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *,
+                                                                      ASN1_TYPE *);
+ int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *,
+                                                           int type, int arg,
+                                                           void *ptr);
    +

    +

    +
    +

    DESCRIPTION

    +

    The EVP_CIPHER type is a structure for symmetric cipher method +implementation.

    +

    EVP_CIPHER_meth_new() creates a new EVP_CIPHER structure.

    +

    EVP_CIPHER_meth_dup() creates a copy of cipher.

    +

    EVP_CIPHER_meth_free() destroys a EVP_CIPHER structure.

    +

    EVP_CIPHER_meth_set_iv_length() sets the length of the IV. +This is only needed when the implemented cipher mode requires it.

    +

    EVP_CIPHER_meth_set_flags() sets the flags to describe optional +behaviours in the particular cipher. +With the exception of cipher modes, of which only one may be present, +several flags can be or'd together. +The available flags are:

    +
    +
    EVP_CIPH_STREAM_CIPHER, EVP_CIPH_ECB_MODE EVP_CIPH_CBC_MODE, +EVP_CIPH_CFB_MODE, EVP_CIPH_OFB_MODE, EVP_CIPH_CTR_MODE, EVP_CIPH_GCM_MODE, +EVP_CIPH_CCM_MODE, EVP_CIPH_XTS_MODE, EVP_CIPH_WRAP_MODE, +EVP_CIPH_OCB_MODE, EVP_CIPH_SIV_MODE
    + +
    +

    The cipher mode.

    +
    +
    EVP_CIPH_VARIABLE_LENGTH
    + +
    +

    This cipher is of variable length.

    +
    +
    EVP_CIPH_CUSTOM_IV
    + +
    +

    Storing and initialising the IV is left entirely to the +implementation.

    +
    +
    EVP_CIPH_ALWAYS_CALL_INIT
    + +
    +

    Set this if the implementation's init() function should be called even +if key is NULL.

    +
    +
    EVP_CIPH_CTRL_INIT
    + +
    +

    Set this to have the implementation's ctrl() function called with +command code EVP_CTRL_INIT early in its setup.

    +
    +
    EVP_CIPH_CUSTOM_KEY_LENGTH
    + +
    +

    Checking and setting the key length after creating the EVP_CIPHER +is left to the implementation. +Whenever someone uses EVP_CIPHER_CTX_set_key_length() on a +EVP_CIPHER with this flag set, the implementation's ctrl() function +will be called with the control code EVP_CTRL_SET_KEY_LENGTH and +the key length in arg.

    +
    +
    EVP_CIPH_NO_PADDING
    + +
    +

    Don't use standard block padding.

    +
    +
    EVP_CIPH_RAND_KEY
    + +
    +

    Making a key with random content is left to the implementation. +This is done by calling the implementation's ctrl() function with the +control code EVP_CTRL_RAND_KEY and the pointer to the key memory +storage in ptr.

    +
    +
    EVP_CIPH_CUSTOM_COPY
    + +
    +

    Set this to have the implementation's ctrl() function called with +command code EVP_CTRL_COPY at the end of EVP_CIPHER_CTX_copy(). +The intended use is for further things to deal with after the +implementation specific data block has been copied. +The destination EVP_CIPHER_CTX is passed to the control with the +ptr parameter. +The implementation specific data block is reached with +EVP_CIPHER_CTX_get_cipher_data().

    +
    +
    EVP_CIPH_FLAG_DEFAULT_ASN1
    + +
    +

    Use the default EVP routines to pass IV to and from ASN.1.

    +
    +
    EVP_CIPH_FLAG_LENGTH_BITS
    + +
    +

    Signals that the length of the input buffer for encryption / +decryption is to be understood as the number of bits instead of +bytes for this implementation. +This is only useful for CFB1 ciphers.

    +
    +
    EVP_CIPH_FLAG_CUSTOM_CIPHER
    + +
    +

    This indicates that the implementation takes care of everything, +including padding, buffering and finalization. +The EVP routines will simply give them control and do nothing more.

    +
    +
    EVP_CIPH_FLAG_AEAD_CIPHER
    + +
    +

    This indicates that this is an AEAD cipher implementation.

    +
    +
    EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
    + +
    +

    Allow interleaving of crypto blocks, a particular optimization only applicable +to certain TLS ciphers.

    +
    +
    +

    EVP_CIPHER_meth_set_impl_ctx_size() sets the size of the EVP_CIPHER's +implementation context so that it can be automatically allocated.

    +

    EVP_CIPHER_meth_set_init() sets the cipher init function for +cipher. +The cipher init function is called by EVP_CipherInit(), +EVP_CipherInit_ex(), EVP_EncryptInit(), EVP_EncryptInit_ex(), +EVP_DecryptInit(), EVP_DecryptInit_ex().

    +

    EVP_CIPHER_meth_set_do_cipher() sets the cipher function for +cipher. +The cipher function is called by EVP_CipherUpdate(), +EVP_EncryptUpdate(), EVP_DecryptUpdate(), EVP_CipherFinal(), +EVP_EncryptFinal(), EVP_EncryptFinal_ex(), EVP_DecryptFinal() and +EVP_DecryptFinal_ex().

    +

    EVP_CIPHER_meth_set_cleanup() sets the function for cipher to do +extra cleanup before the method's private data structure is cleaned +out and freed. +Note that the cleanup function is passed a EVP_CIPHER_CTX *, the +private data structure is then available with +EVP_CIPHER_CTX_get_cipher_data(). +This cleanup function is called by EVP_CIPHER_CTX_reset() and +EVP_CIPHER_CTX_free().

    +

    EVP_CIPHER_meth_set_set_asn1_params() sets the function for cipher +to set the AlgorithmIdentifier "parameter" based on the passed cipher. +This function is called by EVP_CIPHER_param_to_asn1(). +EVP_CIPHER_meth_set_get_asn1_params() sets the function for cipher +that sets the cipher parameters based on an ASN.1 AlgorithmIdentifier +"parameter". +Both these functions are needed when there is a need for custom data +(more or other than the cipher IV). +They are called by EVP_CIPHER_param_to_asn1() and +EVP_CIPHER_asn1_to_param() respectively if defined.

    +

    EVP_CIPHER_meth_set_ctrl() sets the control function for cipher.

    +

    EVP_CIPHER_meth_get_init(), EVP_CIPHER_meth_get_do_cipher(), +EVP_CIPHER_meth_get_cleanup(), EVP_CIPHER_meth_get_set_asn1_params(), +EVP_CIPHER_meth_get_get_asn1_params() and EVP_CIPHER_meth_get_ctrl() +are all used to retrieve the method data given with the +EVP_CIPHER_meth_set_*() functions above.

    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_CIPHER_meth_new() and EVP_CIPHER_meth_dup() return a pointer to a +newly created EVP_CIPHER, or NULL on failure. +All EVP_CIPHER_meth_set_*() functions return 1. +All EVP_CIPHER_meth_get_*() functions return pointers to their +respective cipher function.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_EncryptInit(3)

    +

    +

    +
    +

    HISTORY

    +

    The functions described here were added in OpenSSL 1.1.0. +The EVP_CIPHER structure created with these functions became reference +counted in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_DigestInit.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_DigestInit.html new file mode 100755 index 0000000..374d0ed --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_DigestInit.html @@ -0,0 +1,715 @@ + + + + +EVP_DigestInit + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_MD_fetch, EVP_MD_up_ref, EVP_MD_free, +EVP_MD_get_params, EVP_MD_gettable_params, +EVP_MD_CTX_new, EVP_MD_CTX_reset, EVP_MD_CTX_free, EVP_MD_CTX_copy, +EVP_MD_CTX_copy_ex, EVP_MD_CTX_ctrl, +EVP_MD_CTX_set_params, EVP_MD_CTX_get_params, +EVP_MD_settable_ctx_params, EVP_MD_gettable_ctx_params, +EVP_MD_CTX_settable_params, EVP_MD_CTX_gettable_params, +EVP_MD_CTX_set_flags, EVP_MD_CTX_clear_flags, EVP_MD_CTX_test_flags, +EVP_Digest, EVP_DigestInit_ex, EVP_DigestInit, EVP_DigestUpdate, +EVP_DigestFinal_ex, EVP_DigestFinalXOF, EVP_DigestFinal, +EVP_MD_is_a, EVP_MD_name, EVP_MD_number, EVP_MD_names_do_all, EVP_MD_provider, +EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, EVP_MD_block_size, EVP_MD_flags, +EVP_MD_CTX_name, +EVP_MD_CTX_md, EVP_MD_CTX_type, EVP_MD_CTX_size, EVP_MD_CTX_block_size, +EVP_MD_CTX_md_data, EVP_MD_CTX_update_fn, EVP_MD_CTX_set_update_fn, +EVP_md_null, +EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj, +EVP_MD_CTX_pkey_ctx, EVP_MD_CTX_set_pkey_ctx, +EVP_MD_do_all_provided +- EVP digest routines

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + EVP_MD *EVP_MD_fetch(OPENSSL_CTX *ctx, const char *algorithm,
+                      const char *properties);
+ int EVP_MD_up_ref(EVP_MD *md);
+ void EVP_MD_free(EVP_MD *md);
+ int EVP_MD_get_params(const EVP_MD *digest, OSSL_PARAM params[]);
+ const OSSL_PARAM *EVP_MD_gettable_params(const EVP_MD *digest);
+ EVP_MD_CTX *EVP_MD_CTX_new(void);
+ int EVP_MD_CTX_reset(EVP_MD_CTX *ctx);
+ void EVP_MD_CTX_free(EVP_MD_CTX *ctx);
+ void EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void* p2);
+ int EVP_MD_CTX_get_params(EVP_MD_CTX *ctx, OSSL_PARAM params[]);
+ int EVP_MD_CTX_set_params(EVP_MD_CTX *ctx, const OSSL_PARAM params[]);
+ const OSSL_PARAM *EVP_MD_settable_ctx_params(const EVP_MD *md);
+ const OSSL_PARAM *EVP_MD_gettable_ctx_params(const EVP_MD *md);
+ const OSSL_PARAM *EVP_MD_CTX_settable_params(EVP_MD_CTX *ctx);
+ const OSSL_PARAM *EVP_MD_CTX_gettable_params(EVP_MD_CTX *ctx);
+ void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags);
+ void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags);
+ int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags);
    +
    + int EVP_Digest(const void *data, size_t count, unsigned char *md,
+                unsigned int *size, const EVP_MD *type, ENGINE *impl);
+ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
+ int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt);
+ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s);
+ int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, size_t len);
    +
    + int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in);
    +
    + int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
+ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s);
    +
    + int EVP_MD_CTX_copy(EVP_MD_CTX *out, EVP_MD_CTX *in);
    +
    + const char *EVP_MD_name(const EVP_MD *md);
+ int EVP_MD_number(const EVP_MD *md);
+ int EVP_MD_is_a(const EVP_MD *md, const char *name);
+ void EVP_MD_names_do_all(const EVP_MD *md,
+                          void (*fn)(const char *name, void *data),
+                          void *data);
+ const OSSL_PROVIDER *EVP_MD_provider(const EVP_MD *md);
+ int EVP_MD_type(const EVP_MD *md);
+ int EVP_MD_pkey_type(const EVP_MD *md);
+ int EVP_MD_size(const EVP_MD *md);
+ int EVP_MD_block_size(const EVP_MD *md);
+ unsigned long EVP_MD_flags(const EVP_MD *md);
    +
    + const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx);
+ const char *EVP_MD_CTX_name(const EVP_MD_CTX *ctx);
+ int EVP_MD_CTX_size(const EVP_MD_CTX *ctx);
+ int EVP_MD_CTX_block_size(const EVP_MD_CTX *ctx);
+ int EVP_MD_CTX_type(const EVP_MD_CTX *ctx);
+ void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx);
+ int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx,
+                                              const void *data, size_t count);
+ void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx,
+                               int (*update)(EVP_MD_CTX *ctx,
+                                             const void *data, size_t count));
    +
    + const EVP_MD *EVP_md_null(void);
    +
    + const EVP_MD *EVP_get_digestbyname(const char *name);
+ const EVP_MD *EVP_get_digestbynid(int type);
+ const EVP_MD *EVP_get_digestbyobj(const ASN1_OBJECT *o);
    +
    + EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx);
+ void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx);
    +
    + void EVP_MD_do_all_provided(OPENSSL_CTX *libctx,
+                             void (*fn)(EVP_MD *mac, void *arg),
+                             void *arg);
    +

    +

    +
    +

    DESCRIPTION

    +

    The EVP digest routines are a high level interface to message digests, +and should be used instead of the digest-specific functions.

    +

    The EVP_MD type is a structure for digest method implementation.

    +
    +
    EVP_MD_fetch()
    + +
    +

    Fetches the digest implementation for the given algorithm from any +provider offering it, within the criteria given by the properties. +See provider(7)/Fetching algorithms for further information.

    +

    The returned value must eventually be freed with EVP_MD_free().

    +

    Fetched EVP_MD structures are reference counted.

    +
    +
    EVP_MD_up_ref()
    + +
    +

    Increments the reference count for an EVP_MD structure.

    +
    +
    EVP_MD_free()
    + +
    +

    Decrements the reference count for the fetched EVP_MD structure. +If the reference count drops to 0 then the structure is freed.

    +
    +
    EVP_MD_CTX_new()
    + +
    +

    Allocates and returns a digest context.

    +
    +
    EVP_MD_CTX_reset()
    + +
    +

    Resets the digest context ctx. This can be used to reuse an already +existing context.

    +
    +
    EVP_MD_CTX_free()
    + +
    +

    Cleans up digest context ctx and frees up the space allocated to it.

    +
    +
    EVP_MD_CTX_ctrl()
    + +
    +

    This is a legacy method. EVP_MD_CTX_set_params() and EVP_MD_CTX_get_params() +is the mechanism that should be used to set and get parameters that are used by +providers. +Performs digest-specific control actions on context ctx. The control command +is indicated in cmd and any additional arguments in p1 and p2. +EVP_MD_CTX_ctrl() must be called after EVP_DigestInit_ex(). Other restrictions +may apply depending on the control type and digest implementation. +See CONTROLS below for more information.

    +
    +
    EVP_MD_get_params()
    + +
    +

    Retrieves the requested list of params from a MD md. +See PARAMETERS below for more information.

    +
    +
    EVP_MD_CTX_get_params()
    + +
    +

    Retrieves the requested list of params from a MD context ctx. +See PARAMETERS below for more information.

    +
    +
    EVP_MD_CTX_set_params()
    + +
    +

    Sets the list of params into a MD context ctx. +See PARAMETERS below for more information.

    +
    +
    EVP_MD_gettable_params(), EVP_MD_gettable_ctx_params(), +EVP_MD_settable_ctx_params(), EVP_MD_CTX_gettable_params(), +EVP_MD_CTX_settable_params()
    + +
    +

    Get a OSSL_PARAM array that describes the retrievable and settable +parameters. EVP_MD_gettable_params() returns parameters that can be used with +EVP_MD_get_params(). EVP_MD_gettable_ctx_params() and +EVP_MD_CTX_gettable_params() return parameters that can be used with +EVP_MD_CTX_get_params(). EVP_MD_settable_ctx_params() and +EVP_MD_CTX_settable_params() return parameters that can be used with +EVP_MD_CTX_set_params(). +See OSSL_PARAM(3) for the use of OSSL_PARAM as parameter descriptor.

    +
    +
    EVP_MD_CTX_set_flags(), EVP_MD_CTX_clear_flags(), EVP_MD_CTX_test_flags()
    + +
    +

    Sets, clears and tests ctx flags. See FLAGS below for more information.

    +
    +
    EVP_Digest()
    + +
    +

    A wrapper around the Digest Init_ex, Update and Final_ex functions. +Hashes count bytes of data at data using a digest type from ENGINE +impl. The digest value is placed in md and its length is written at size +if the pointer is not NULL. At most EVP_MAX_MD_SIZE bytes will be written. +If impl is NULL the default implementation of digest type is used.

    +
    +
    EVP_DigestInit_ex()
    + +
    +

    Sets up digest context ctx to use a digest type. +type is typically supplied by a function such as EVP_sha1(), or a +value explicitly fetched with EVP_MD_fetch().

    +

    If impl is non-NULL, its implementation of the digest type is used if +there is one, and if not, the default implementation is used.

    +
    +
    EVP_DigestUpdate()
    + +
    +

    Hashes cnt bytes of data at d into the digest context ctx. This +function can be called several times on the same ctx to hash additional +data.

    +
    +
    EVP_DigestFinal_ex()
    + +
    +

    Retrieves the digest value from ctx and places it in md. If the s +parameter is not NULL then the number of bytes of data written (i.e. the +length of the digest) will be written to the integer at s, at most +EVP_MAX_MD_SIZE bytes will be written. After calling EVP_DigestFinal_ex() +no additional calls to EVP_DigestUpdate() can be made, but +EVP_DigestInit_ex() can be called to initialize a new digest operation.

    +
    +
    EVP_DigestFinalXOF()
    + +
    +

    Interfaces to extendable-output functions, XOFs, such as SHAKE128 and SHAKE256. +It retrieves the digest value from ctx and places it in len-sized <B>md. +After calling this function no additional calls to EVP_DigestUpdate() can be +made, but EVP_DigestInit_ex() can be called to initialize a new operation.

    +
    +
    EVP_MD_CTX_copy_ex()
    + +
    +

    Can be used to copy the message digest state from in to out. This is +useful if large amounts of data are to be hashed which only differ in the last +few bytes.

    +
    +
    EVP_DigestInit()
    + +
    +

    Behaves in the same way as EVP_DigestInit_ex() except it always uses the +default digest implementation and calls EVP_MD_CTX_reset().

    +
    +
    EVP_DigestFinal()
    + +
    +

    Similar to EVP_DigestFinal_ex() except the digest context ctx is +automatically cleaned up.

    +
    +
    EVP_MD_CTX_copy()
    + +
    +

    Similar to EVP_MD_CTX_copy_ex() except the destination out does not have to +be initialized.

    +
    +
    EVP_MD_is_a()
    + +
    +

    Returns 1 if md is an implementation of an algorithm that's +identifiable with name, otherwise 0.

    +

    If md is a legacy digest (it's the return value from the likes of +EVP_sha256() rather than the result of an EVP_MD_fetch()), only cipher +names registered with the default library context (see +OPENSSL_CTX(3)) will be considered.

    +
    +
    EVP_MD_number()
    + +
    +

    Returns the internal dynamic number assigned to the md. This is +only useful with fetched EVP_MDs.

    +
    +
    EVP_MD_name(), +EVP_MD_CTX_name()
    + +
    +

    Return the name of the given message digest. For fetched message +digests with multiple names, only one of them is returned; it's +recommended to use EVP_MD_names_do_all() instead.

    +
    +
    EVP_MD_names_do_all()
    + +
    +

    Traverses all names for the md, and calls fn with each name and +data. This is only useful with fetched EVP_MDs.

    +
    +
    EVP_MD_provider()
    + +
    +

    Returns an OSSL_PROVIDER pointer to the provider that implements the given +EVP_MD.

    +
    +
    EVP_MD_size(), +EVP_MD_CTX_size()
    + +
    +

    Return the size of the message digest when passed an EVP_MD or an +EVP_MD_CTX structure, i.e. the size of the hash.

    +
    +
    EVP_MD_block_size(), +EVP_MD_CTX_block_size()
    + +
    +

    Return the block size of the message digest when passed an EVP_MD or an +EVP_MD_CTX structure.

    +
    +
    EVP_MD_type(), +EVP_MD_CTX_type()
    + +
    +

    Return the NID of the OBJECT IDENTIFIER representing the given message digest +when passed an EVP_MD structure. For example, EVP_MD_type(EVP_sha1()) +returns NID_sha1. This function is normally used when setting ASN1 OIDs.

    +
    +
    EVP_MD_CTX_md_data()
    + +
    +

    Return the digest method private data for the passed EVP_MD_CTX. +The space is allocated by OpenSSL and has the size originally set with +EVP_MD_meth_set_app_datasize().

    +
    +
    EVP_MD_CTX_md()
    + +
    +

    Returns the EVP_MD structure corresponding to the passed EVP_MD_CTX. This +will be the same EVP_MD object originally passed to EVP_DigestInit_ex() (or +other similar function) when the EVP_MD_CTX was first initialised. Note that +where explicit fetch is in use (see EVP_MD_fetch(3)) the value returned from +this function will not have its reference count incremented and therefore it +should not be used after the EVP_MD_CTX is freed.

    +
    +
    EVP_MD_CTX_set_update_fn()
    + +
    +

    Sets the update function for ctx to update. +This is the function that is called by EVP_DigestUpdate. If not set, the +update function from the EVP_MD type specified at initialization is used.

    +
    +
    EVP_MD_CTX_update_fn()
    + +
    +

    Returns the update function for ctx.

    +
    +
    EVP_MD_flags()
    + +
    +

    Returns the md flags. Note that these are different from the EVP_MD_CTX +ones. See EVP_MD_meth_set_flags(3) for more information.

    +
    +
    EVP_MD_pkey_type()
    + +
    +

    Returns the NID of the public key signing algorithm associated with this +digest. For example EVP_sha1() is associated with RSA so this will return +NID_sha1WithRSAEncryption. Since digests and signature algorithms are no +longer linked this function is only retained for compatibility reasons.

    +
    +
    EVP_md_null()
    + +
    +

    A "null" message digest that does nothing: i.e. the hash it returns is of zero +length.

    +
    +
    EVP_get_digestbyname(), +EVP_get_digestbynid(), +EVP_get_digestbyobj()
    + +
    +

    Returns an EVP_MD structure when passed a digest name, a digest NID or an +ASN1_OBJECT structure respectively.

    +
    +
    EVP_MD_CTX_pkey_ctx()
    + +
    +

    Returns the EVP_PKEY_CTX assigned to ctx. The returned pointer should not +be freed by the caller.

    +
    +
    EVP_MD_CTX_set_pkey_ctx()
    + +
    +

    Assigns an EVP_PKEY_CTX to EVP_MD_CTX. This is usually used to provide +a customized EVP_PKEY_CTX to EVP_DigestSignInit(3) or +EVP_DigestVerifyInit(3). The pctx passed to this function should be freed +by the caller. A NULL pctx pointer is also allowed to clear the EVP_PKEY_CTX +assigned to ctx. In such case, freeing the cleared EVP_PKEY_CTX or not +depends on how the EVP_PKEY_CTX is created.

    +
    +
    EVP_MD_do_all_provided()
    + +
    +

    Traverses all messages digests implemented by all activated providers +in the given library context libctx, and for each of the implementations, +calls the given function fn with the implementation method and the given +arg as argument.

    +
    +
    +

    +

    +
    +

    PARAMETERS

    +

    See OSSL_PARAM(3) for information about passing parameters.

    +

    EVP_MD_CTX_set_params() can be used with the following OSSL_PARAM keys:

    +
    +
    "xoflen" (OSSL_PARAM_DIGEST_KEY_XOFLEN) <unsigned integer>
    + +
    +

    Sets the digest length for extendable output functions. +It is used by the SHAKE algorithm and should not exceed what can be given +using a size_t.

    +
    +
    "pad_type" (OSSL_PARAM_DIGEST_KEY_PAD_TYPE) <integer>
    + +
    +

    Sets the pad type. +It is used by the MDC2 algorithm.

    +
    +
    +

    EVP_MD_CTX_get_params() can be used with the following OSSL_PARAM keys:

    +
    +
    "micalg" (OSSL_PARAM_DIGEST_KEY_MICALG) <UTF8 string>.
    + +
    +

    Gets the digest Message Integrity Check algorithm string. This is used when +creating S/MIME multipart/signed messages, as specified in RFC 3851. +It may be used by external engines or providers.

    +
    +
    +

    +

    +
    +

    CONTROLS

    +

    EVP_MD_CTX_ctrl() can be used to send the following standard controls:

    +
    +
    EVP_MD_CTRL_MICALG
    + +
    +

    Gets the digest Message Integrity Check algorithm string. This is used when +creating S/MIME multipart/signed messages, as specified in RFC 3851. +The string value is written to p2.

    +
    +
    EVP_MD_CTRL_XOF_LEN
    + +
    +

    This control sets the digest length for extendable output functions to p1. +Sending this control directly should not be necessary, the use of +EVP_DigestFinalXOF() is preferred. +Currently used by SHAKE.

    +
    +
    +

    +

    +
    +

    FLAGS

    +

    EVP_MD_CTX_set_flags(), EVP_MD_CTX_clear_flags() and EVP_MD_CTX_test_flags() +can be used the manipulate and test these EVP_MD_CTX flags:

    +
    +
    EVP_MD_CTX_FLAG_ONESHOT
    + +
    +

    This flag instructs the digest to optimize for one update only, if possible.

    +
    +
    EVP_MD_CTX_FLAG_NO_INIT
    + +
    +

    This flag instructs EVP_DigestInit() and similar not to initialise the +implementation specific data.

    +
    +
    EVP_MD_CTX_FLAG_FINALISE
    + +
    +

    Some functions such as EVP_DigestSign only finalise copies of internal +contexts so additional data can be included after the finalisation call. +This is inefficient if this functionality is not required, and can be +disabled with this flag.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +
    +
    EVP_MD_fetch()
    + +
    +

    Returns a pointer to a EVP_MD for success or NULL for failure.

    +
    +
    EVP_MD_up_ref()
    + +
    +

    Returns 1 for success or 0 for failure.

    +
    +
    EVP_DigestInit_ex(), +EVP_DigestUpdate(), +EVP_DigestFinal_ex()
    + +
    +

    Returns 1 for +success and 0 for failure.

    +
    +
    EVP_MD_CTX_ctrl()
    + +
    +

    Returns 1 if successful or 0 for failure.

    +
    +
    EVP_MD_CTX_set_params(), +EVP_MD_CTX_get_params()
    + +
    +

    Returns 1 if successful or 0 for failure.

    +
    +
    EVP_MD_CTX_settable_params(), +EVP_MD_CTX_gettable_params()
    + +
    +

    Return an array of constant OSSL_PARAMs, or NULL if there is none +to get.

    +
    +
    EVP_MD_CTX_copy_ex()
    + +
    +

    Returns 1 if successful or 0 for failure.

    +
    +
    EVP_MD_type(), +EVP_MD_pkey_type()
    + +
    +

    Returns the NID of the corresponding OBJECT IDENTIFIER or NID_undef if none +exists.

    +
    +
    EVP_MD_size(), +EVP_MD_block_size(), +EVP_MD_CTX_size(), +EVP_MD_CTX_block_size()
    + +
    +

    Returns the digest or block size in bytes.

    +
    +
    EVP_md_null()
    + +
    +

    Returns a pointer to the EVP_MD structure of the "null" message digest.

    +
    +
    EVP_get_digestbyname(), +EVP_get_digestbynid(), +EVP_get_digestbyobj()
    + +
    +

    Returns either an EVP_MD structure or NULL if an error occurs.

    +
    +
    EVP_MD_CTX_set_pkey_ctx()
    + +
    +

    This function has no return value.

    +
    +
    +

    +

    +
    +

    NOTES

    +

    The EVP interface to message digests should almost always be used in +preference to the low level interfaces. This is because the code then becomes +transparent to the digest used and much more flexible.

    +

    New applications should use the SHA-2 (such as EVP_sha256(3)) or the SHA-3 +digest algorithms (such as EVP_sha3_512(3)). The other digest algorithms +are still in common use.

    +

    For most applications the impl parameter to EVP_DigestInit_ex() will be +set to NULL to use the default digest implementation.

    +

    The functions EVP_DigestInit(), EVP_DigestFinal() and EVP_MD_CTX_copy() are +obsolete but are retained to maintain compatibility with existing code. New +applications should use EVP_DigestInit_ex(), EVP_DigestFinal_ex() and +EVP_MD_CTX_copy_ex() because they can efficiently reuse a digest context +instead of initializing and cleaning it up on each call and allow non default +implementations of digests to be specified.

    +

    If digest contexts are not cleaned up after use, +memory leaks will occur.

    +

    EVP_MD_CTX_name(), EVP_MD_CTX_size(), EVP_MD_CTX_block_size(), +EVP_MD_CTX_type(), EVP_get_digestbynid() and EVP_get_digestbyobj() are defined +as macros.

    +

    EVP_MD_CTX_ctrl() sends commands to message digests for additional configuration +or control.

    +

    +

    +
    +

    EXAMPLES

    +

    This example digests the data "Test Message\n" and "Hello World\n", using the +digest name passed on the command line.

    +
    + #include <stdio.h>
+ #include <string.h>
+ #include <openssl/evp.h>
    +
    + int main(int argc, char *argv[])
+ {
+     EVP_MD_CTX *mdctx;
+     const EVP_MD *md;
+     char mess1[] = "Test Message\n";
+     char mess2[] = "Hello World\n";
+     unsigned char md_value[EVP_MAX_MD_SIZE];
+     unsigned int md_len, i;
    +
    +     if (argv[1] == NULL) {
+         printf("Usage: mdtest digestname\n");
+         exit(1);
+     }
    +
    +     md = EVP_get_digestbyname(argv[1]);
+     if (md == NULL) {
+         printf("Unknown message digest %s\n", argv[1]);
+         exit(1);
+     }
    +
    +     mdctx = EVP_MD_CTX_new();
+     EVP_DigestInit_ex(mdctx, md, NULL);
+     EVP_DigestUpdate(mdctx, mess1, strlen(mess1));
+     EVP_DigestUpdate(mdctx, mess2, strlen(mess2));
+     EVP_DigestFinal_ex(mdctx, md_value, &md_len);
+     EVP_MD_CTX_free(mdctx);
    +
    +     printf("Digest is: ");
+     for (i = 0; i < md_len; i++)
+         printf("%02x", md_value[i]);
+     printf("\n");
    +
    +     exit(0);
+ }
    +

    +

    +
    +

    SEE ALSO

    +

    EVP_MD_meth_new(3), +openssl-dgst(1), +evp(7), +OSSL_PROVIDER(3), +OSSL_PARAM(3)

    +

    The full list of digest algorithms are provided below.

    +

    EVP_blake2b512(3), +EVP_md2(3), +EVP_md4(3), +EVP_md5(3), +EVP_mdc2(3), +EVP_ripemd160(3), +EVP_sha1(3), +EVP_sha224(3), +EVP_sha3_224(3), +EVP_sm3(3), +EVP_whirlpool(3) +provider(7)/Fetching algorithms

    +

    +

    +
    +

    HISTORY

    +

    The EVP_MD_CTX_create() and EVP_MD_CTX_destroy() functions were renamed to +EVP_MD_CTX_new() and EVP_MD_CTX_free() in OpenSSL 1.1.0, respectively.

    +

    The link between digests and signing algorithms was fixed in OpenSSL 1.0 and +later, so now EVP_sha1() can be used with RSA and DSA.

    +

    The EVP_dss1() function was removed in OpenSSL 1.1.0.

    +

    The EVP_MD_CTX_set_pkey_ctx() function was added in 1.1.1.

    +

    The EVP_MD_fetch(), EVP_MD_free(), EVP_MD_up_ref(), EVP_MD_CTX_set_params() +and EVP_MD_CTX_get_params() functions were added in 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_DigestSignInit.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_DigestSignInit.html new file mode 100755 index 0000000..7ff6f4d --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_DigestSignInit.html @@ -0,0 +1,221 @@ + + + + +EVP_DigestSignInit + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_DigestSignInit_ex, EVP_DigestSignInit, EVP_DigestSignUpdate, +EVP_DigestSignFinal, EVP_DigestSign - EVP signing functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+                           const char *mdname, const char *props,
+                           EVP_PKEY *pkey);
+ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+                        const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
+ int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt);
+ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen);
    +
    + int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret,
+                    size_t *siglen, const unsigned char *tbs,
+                    size_t tbslen);
    +

    +

    +
    +

    DESCRIPTION

    +

    The EVP signature routines are a high level interface to digital signatures. +Input data is digested first before the signing takes place.

    +

    EVP_DigestSignInit_ex() sets up signing context ctx to use a digest with the +name mdname and private key pkey. The name of the digest to be used is +passed to the provider of the signature algorithm in use. How that provider +interprets the digest name is provider specific. The provider may implement +that digest directly itself or it may (optionally) choose to fetch it (which +could result in a digest from a different provider being selected). If the +provider supports fetching the digest then it may use the props argument for +the properties to be used during the fetch.

    +

    The pkey algorithm is used to fetch a EVP_SIGNATURE method implicitly, to +be used for the actual signing. See provider(7)/Implicit fetch for +more information about implict fetches.

    +

    The OpenSSL default and legacy providers support fetching digests and can fetch +those digests from any available provider. The OpenSSL fips provider also +supports fetching digests but will only fetch digests that are themselves +implemented inside the fips provider.

    +

    ctx must be created with EVP_MD_CTX_new() before calling this function. If +pctx is not NULL, the EVP_PKEY_CTX of the signing operation will be written +to *pctx: this can be used to set alternative signing options. Note that any +existing value in *pctx is overwritten. The EVP_PKEY_CTX value returned must +not be freed directly by the application if ctx is not assigned an +EVP_PKEY_CTX value before being passed to EVP_DigestSignInit_ex() (which means +the EVP_PKEY_CTX is created inside EVP_DigestSignInit_ex() and it will be freed +automatically when the EVP_MD_CTX is freed).

    +

    The digest mdname may be NULL if the signing algorithm supports it. The +props argument can always be NULL.

    +

    No EVP_PKEY_CTX will be created by EVP_DigestSignInit_ex() if the passed +ctx has already been assigned one via EVP_MD_CTX_set_pkey_ctx(3). See also +SM2(7).

    +

    Only EVP_PKEY types that support signing can be used with these functions. This +includes MAC algorithms where the MAC generation is considered as a form of +"signing". Built-in EVP_PKEY types supported by these functions are CMAC, +Poly1305, DSA, ECDSA, HMAC, RSA, SipHash, Ed25519 and Ed448.

    +

    Not all digests can be used for all key types. The following combinations apply.

    +
    +
    DSA
    + +
    +

    Supports SHA1, SHA224, SHA256, SHA384 and SHA512

    +
    +
    ECDSA
    + +
    +

    Supports SHA1, SHA224, SHA256, SHA384, SHA512 and SM3

    +
    +
    RSA with no padding
    + +
    +

    Supports no digests (the digest type must be NULL)

    +
    +
    RSA with X931 padding
    + +
    +

    Supports SHA1, SHA256, SHA384 and SHA512

    +
    +
    All other RSA padding types
    + +
    +

    Support SHA1, SHA224, SHA256, SHA384, SHA512, MD5, MD5_SHA1, MD2, MD4, MDC2, +SHA3-224, SHA3-256, SHA3-384, SHA3-512

    +
    +
    Ed25519 and Ed448
    + +
    +

    Support no digests (the digest type must be NULL)

    +
    +
    HMAC
    + +
    +

    Supports any digest

    +
    +
    CMAC, Poly1305 and SipHash
    + +
    +

    Will ignore any digest provided.

    +
    +
    +

    If RSA-PSS is used and restrictions apply then the digest must match.

    +

    EVP_DigestSignInit() works in the same way as EVP_DigestSignInit_ex() except +that the mdname parameter will be inferred from the supplied digest type, +and props will be NULL. Where supplied the ENGINE e will be used for the +signing and digest algorithm implementations. e may be NULL.

    +

    EVP_DigestSignUpdate() hashes cnt bytes of data at d into the +signature context ctx. This function can be called several times on the +same ctx to include additional data.

    +

    EVP_DigestSignFinal() signs the data in ctx and places the signature in sig. +If sig is NULL then the maximum size of the output buffer is written to +the siglen parameter. If sig is not NULL then before the call the +siglen parameter should contain the length of the sig buffer. If the +call is successful the signature is written to sig and the amount of data +written to siglen.

    +

    EVP_DigestSign() signs tbslen bytes of data at tbs and places the +signature in sig and its length in siglen in a similar way to +EVP_DigestSignFinal().

    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_DigestSignInit(), EVP_DigestSignUpdate(), EVP_DigestSignFinal() and +EVP_DigestSign() return 1 for success and 0 for failure.

    +

    The error codes can be obtained from ERR_get_error(3).

    +

    +

    +
    +

    NOTES

    +

    The EVP interface to digital signatures should almost always be used in +preference to the low level interfaces. This is because the code then becomes +transparent to the algorithm used and much more flexible.

    +

    EVP_DigestSign() is a one shot operation which signs a single block of data +in one function. For algorithms that support streaming it is equivalent to +calling EVP_DigestSignUpdate() and EVP_DigestSignFinal(). For algorithms which +do not support streaming (e.g. PureEdDSA) it is the only way to sign data.

    +

    In previous versions of OpenSSL there was a link between message digest types +and public key algorithms. This meant that "clone" digests such as EVP_dss1() +needed to be used to sign using SHA1 and DSA. This is no longer necessary and +the use of clone digest is now discouraged.

    +

    For some key types and parameters the random number generator must be seeded. +If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to +external circumstances (see RAND(7)), the operation will fail.

    +

    The call to EVP_DigestSignFinal() internally finalizes a copy of the digest +context. This means that calls to EVP_DigestSignUpdate() and +EVP_DigestSignFinal() can be called later to digest and sign additional data.

    +

    Since only a copy of the digest context is ever finalized, the context must +be cleaned up after use by calling EVP_MD_CTX_free() or a memory leak +will occur.

    +

    The use of EVP_PKEY_size() with these functions is discouraged because some +signature operations may have a signature length which depends on the +parameters set. As a result EVP_PKEY_size() would have to return a value +which indicates the maximum possible signature for any set of parameters.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_DigestVerifyInit(3), +EVP_DigestInit(3), +evp(7), HMAC(3), MD2(3), +MD5(3), MDC2(3), RIPEMD160(3), +SHA1(3), openssl-dgst(1), +RAND(7)

    +

    +

    +
    +

    HISTORY

    +

    EVP_DigestSignInit(), EVP_DigestSignUpdate() and EVP_DigestSignFinal() +were added in OpenSSL 1.0.0.

    +

    EVP_DigestSignInit_ex() was added in OpenSSL 3.0.

    +

    EVP_DigestSignUpdate() was converted from a macro to a function in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_DigestVerifyInit.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_DigestVerifyInit.html new file mode 100755 index 0000000..38ec71f --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_DigestVerifyInit.html @@ -0,0 +1,215 @@ + + + + +EVP_DigestVerifyInit + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_DigestVerifyInit_ex, EVP_DigestVerifyInit, EVP_DigestVerifyUpdate, +EVP_DigestVerifyFinal, EVP_DigestVerify - EVP signature verification functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+                             const char *mdname, const char *props,
+                             EVP_PKEY *pkey, EVP_SIGNATURE *signature);
+ int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+                          const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
+ int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt);
+ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
+                           size_t siglen);
+ int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
+                      size_t siglen, const unsigned char *tbs, size_t tbslen);
    +

    +

    +
    +

    DESCRIPTION

    +

    The EVP signature routines are a high level interface to digital signatures. +Input data is digested first before the signature verification takes place.

    +

    EVP_DigestVerifyInit_ex() sets up verification context ctx to use a digest +with the name mdname and public key pkey. The signature algorithm +signature will be used for the actual signature verification which must be +compatible with the public key. The name of the digest to be used is passed to +the provider of the signature algorithm in use. How that provider interprets the +digest name is provider specific. The provider may implement that digest +directly itself or it may (optionally) choose to fetch it (which could result in +a digest from a different provider being selected). If the provider supports +fetching the digest then it may use the props argument for the properties to +be used during the fetch.

    +

    The signature parameter may be NULL in which case a suitable signature +algorithm implementation will be implicitly fetched based on the type of key in +use. See provider(7) for further information about providers and fetching +algorithms.

    +

    The OpenSSL default and legacy providers support fetching digests and can fetch +those digests from any available provider. The OpenSSL fips provider also +supports fetching digests but will only fetch digests that are themselves +implemented inside the fips provider.

    +

    ctx must be created with EVP_MD_CTX_new() before calling this function. If +pctx is not NULL, the EVP_PKEY_CTX of the verification operation will be +written to *pctx: this can be used to set alternative verification options. +Note that any existing value in *pctx is overwritten. The EVP_PKEY_CTX value +returned must not be freed directly by the application if ctx is not assigned +an EVP_PKEY_CTX value before being passed to EVP_DigestVerifyInit_ex() (which +means the EVP_PKEY_CTX is created inside EVP_DigestVerifyInit_ex() and it will +be freed automatically when the EVP_MD_CTX is freed).

    +

    No EVP_PKEY_CTX will be created by EVP_DigestSignInit_ex() if the passed +ctx has already been assigned one via EVP_MD_CTX_set_pkey_ctx(3). See also +SM2(7).

    +

    Not all digests can be used for all key types. The following combinations apply.

    +
    +
    DSA
    + +
    +

    Supports SHA1, SHA224, SHA256, SHA384 and SHA512

    +
    +
    ECDSA
    + +
    +

    Supports SHA1, SHA224, SHA256, SHA384, SHA512 and SM3

    +
    +
    RSA with no padding
    + +
    +

    Supports no digests (the digest type must be NULL)

    +
    +
    RSA with X931 padding
    + +
    +

    Supports SHA1, SHA256, SHA384 and SHA512

    +
    +
    All other RSA padding types
    + +
    +

    Support SHA1, SHA224, SHA256, SHA384, SHA512, MD5, MD5_SHA1, MD2, MD4, MDC2, +SHA3-224, SHA3-256, SHA3-384, SHA3-512

    +
    +
    Ed25519 and Ed448
    + +
    +

    Support no digests (the digest type must be NULL)

    +
    +
    HMAC
    + +
    +

    Supports any digest

    +
    +
    CMAC, Poly1305 and SipHash
    + +
    +

    Will ignore any digest provided.

    +
    +
    +

    If RSA-PSS is used and restrictions apply then the digest must match.

    +

    EVP_DigestVerifyInit() works in the same way as EVP_DigestVerifyInit_ex() except +that the mdname parameter will be inferred from the supplied digest type, +and props will be NULL. Where supplied the ENGINE e will be used for the +signature verification and digest algorithm implementations. e may be NULL.

    +

    EVP_DigestVerifyUpdate() hashes cnt bytes of data at d into the +verification context ctx. This function can be called several times on the +same ctx to include additional data.

    +

    EVP_DigestVerifyFinal() verifies the data in ctx against the signature in +sig of length siglen.

    +

    EVP_DigestVerify() verifies tbslen bytes at tbs against the signature +in sig of length siglen.

    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_DigestVerifyInit() and EVP_DigestVerifyUpdate() return 1 for success and 0 +for failure.

    +

    EVP_DigestVerifyFinal() and EVP_DigestVerify() return 1 for success; any other +value indicates failure. A return value of zero indicates that the signature +did not verify successfully (that is, tbs did not match the original data or +the signature had an invalid form), while other values indicate a more serious +error (and sometimes also indicate an invalid signature form).

    +

    The error codes can be obtained from ERR_get_error(3).

    +

    +

    +
    +

    NOTES

    +

    The EVP interface to digital signatures should almost always be used in +preference to the low level interfaces. This is because the code then becomes +transparent to the algorithm used and much more flexible.

    +

    EVP_DigestVerify() is a one shot operation which verifies a single block of +data in one function. For algorithms that support streaming it is equivalent +to calling EVP_DigestVerifyUpdate() and EVP_DigestVerifyFinal(). For +algorithms which do not support streaming (e.g. PureEdDSA) it is the only way +to verify data.

    +

    In previous versions of OpenSSL there was a link between message digest types +and public key algorithms. This meant that "clone" digests such as EVP_dss1() +needed to be used to sign using SHA1 and DSA. This is no longer necessary and +the use of clone digest is now discouraged.

    +

    For some key types and parameters the random number generator must be seeded. +If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to +external circumstances (see RAND(7)), the operation will fail.

    +

    The call to EVP_DigestVerifyFinal() internally finalizes a copy of the digest +context. This means that EVP_VerifyUpdate() and EVP_VerifyFinal() can +be called later to digest and verify additional data.

    +

    Since only a copy of the digest context is ever finalized, the context must +be cleaned up after use by calling EVP_MD_CTX_free() or a memory leak +will occur.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_DigestSignInit(3), +EVP_DigestInit(3), +evp(7), HMAC(3), MD2(3), +MD5(3), MDC2(3), RIPEMD160(3), +SHA1(3), openssl-dgst(1), +RAND(7)

    +

    +

    +
    +

    HISTORY

    +

    EVP_DigestVerifyInit(), EVP_DigestVerifyUpdate() and EVP_DigestVerifyFinal() +were added in OpenSSL 1.0.0.

    +

    EVP_DigestVerifyInit_ex() was added in OpenSSL 3.0.

    +

    EVP_DigestVerifyUpdate() was converted from a macro to a function in OpenSSL +3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_EncodeInit.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_EncodeInit.html new file mode 100755 index 0000000..57733f8 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_EncodeInit.html @@ -0,0 +1,179 @@ + + + + +EVP_EncodeInit + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_ENCODE_CTX_new, EVP_ENCODE_CTX_free, EVP_ENCODE_CTX_copy, +EVP_ENCODE_CTX_num, EVP_EncodeInit, EVP_EncodeUpdate, EVP_EncodeFinal, +EVP_EncodeBlock, EVP_DecodeInit, EVP_DecodeUpdate, EVP_DecodeFinal, +EVP_DecodeBlock - EVP base 64 encode/decode routines

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void);
+ void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx);
+ int EVP_ENCODE_CTX_copy(EVP_ENCODE_CTX *dctx, EVP_ENCODE_CTX *sctx);
+ int EVP_ENCODE_CTX_num(EVP_ENCODE_CTX *ctx);
+ void EVP_EncodeInit(EVP_ENCODE_CTX *ctx);
+ int EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
+                      const unsigned char *in, int inl);
+ void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl);
+ int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n);
    +
    + void EVP_DecodeInit(EVP_ENCODE_CTX *ctx);
+ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
+                      const unsigned char *in, int inl);
+ int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl);
+ int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n);
    +

    +

    +
    +

    DESCRIPTION

    +

    The EVP encode routines provide a high level interface to base 64 encoding and +decoding. Base 64 encoding converts binary data into a printable form that uses +the characters A-Z, a-z, 0-9, "+" and "/" to represent the data. For every 3 +bytes of binary data provided 4 bytes of base 64 encoded data will be produced +plus some occasional newlines (see below). If the input data length is not a +multiple of 3 then the output data will be padded at the end using the "=" +character.

    +

    EVP_ENCODE_CTX_new() allocates, initializes and returns a context to be used for +the encode/decode functions.

    +

    EVP_ENCODE_CTX_free() cleans up an encode/decode context ctx and frees up the +space allocated to it.

    +

    Encoding of binary data is performed in blocks of 48 input bytes (or less for +the final block). For each 48 byte input block encoded 64 bytes of base 64 data +is output plus an additional newline character (i.e. 65 bytes in total). The +final block (which may be less than 48 bytes) will output 4 bytes for every 3 +bytes of input. If the data length is not divisible by 3 then a full 4 bytes is +still output for the final 1 or 2 bytes of input. Similarly a newline character +will also be output.

    +

    EVP_EncodeInit() initialises ctx for the start of a new encoding operation.

    +

    EVP_EncodeUpdate() encode inl bytes of data found in the buffer pointed to by +in. The output is stored in the buffer out and the number of bytes output +is stored in *outl. It is the caller's responsibility to ensure that the +buffer at out is sufficiently large to accommodate the output data. Only full +blocks of data (48 bytes) will be immediately processed and output by this +function. Any remainder is held in the ctx object and will be processed by a +subsequent call to EVP_EncodeUpdate() or EVP_EncodeFinal(). To calculate the +required size of the output buffer add together the value of inl with the +amount of unprocessed data held in ctx and divide the result by 48 (ignore +any remainder). This gives the number of blocks of data that will be processed. +Ensure the output buffer contains 65 bytes of storage for each block, plus an +additional byte for a NUL terminator. EVP_EncodeUpdate() may be called +repeatedly to process large amounts of input data. In the event of an error +EVP_EncodeUpdate() will set *outl to 0 and return 0. On success 1 will be +returned.

    +

    EVP_EncodeFinal() must be called at the end of an encoding operation. It will +process any partial block of data remaining in the ctx object. The output +data will be stored in out and the length of the data written will be stored +in *outl. It is the caller's responsibility to ensure that out is +sufficiently large to accommodate the output data which will never be more than +65 bytes plus an additional NUL terminator (i.e. 66 bytes in total).

    +

    EVP_ENCODE_CTX_copy() can be used to copy a context sctx to a context +dctx. dctx must be initialized before calling this function.

    +

    EVP_ENCODE_CTX_num() will return the number of as yet unprocessed bytes still to +be encoded or decoded that are pending in the ctx object.

    +

    EVP_EncodeBlock() encodes a full block of input data in f and of length +dlen and stores it in t. For every 3 bytes of input provided 4 bytes of +output data will be produced. If dlen is not divisible by 3 then the block is +encoded as a final block of data and the output is padded such that it is always +divisible by 4. Additionally a NUL terminator character will be added. For +example if 16 bytes of input data is provided then 24 bytes of encoded data is +created plus 1 byte for a NUL terminator (i.e. 25 bytes in total). The length of +the data generated without the NUL terminator is returned from the function.

    +

    EVP_DecodeInit() initialises ctx for the start of a new decoding operation.

    +

    EVP_DecodeUpdate() decodes inl characters of data found in the buffer pointed +to by in. The output is stored in the buffer out and the number of bytes +output is stored in *outl. It is the caller's responsibility to ensure that +the buffer at out is sufficiently large to accommodate the output data. This +function will attempt to decode as much data as possible in 4 byte chunks. Any +whitespace, newline or carriage return characters are ignored. Any partial chunk +of unprocessed data (1, 2 or 3 bytes) that remains at the end will be held in +the ctx object and processed by a subsequent call to EVP_DecodeUpdate(). If +any illegal base 64 characters are encountered or if the base 64 padding +character "=" is encountered in the middle of the data then the function returns +-1 to indicate an error. A return value of 0 or 1 indicates successful +processing of the data. A return value of 0 additionally indicates that the last +input data characters processed included the base 64 padding character "=" and +therefore no more non-padding character data is expected to be processed. For +every 4 valid base 64 bytes processed (ignoring whitespace, carriage returns and +line feeds), 3 bytes of binary output data will be produced (or less at the end +of the data where the padding character "=" has been used).

    +

    EVP_DecodeFinal() must be called at the end of a decoding operation. If there +is any unprocessed data still in ctx then the input data must not have been +a multiple of 4 and therefore an error has occurred. The function will return -1 +in this case. Otherwise the function returns 1 on success.

    +

    EVP_DecodeBlock() will decode the block of n characters of base 64 data +contained in f and store the result in t. Any leading whitespace will be +trimmed as will any trailing whitespace, newlines, carriage returns or EOF +characters. After such trimming the length of the data in f must be divisible +by 4. For every 4 input bytes exactly 3 output bytes will be produced. The +output will be padded with 0 bits if necessary to ensure that the output is +always 3 bytes for every 4 input bytes. This function will return the length of +the data decoded or -1 on error.

    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_ENCODE_CTX_new() returns a pointer to the newly allocated EVP_ENCODE_CTX +object or NULL on error.

    +

    EVP_ENCODE_CTX_num() returns the number of bytes pending encoding or decoding in +ctx.

    +

    EVP_EncodeUpdate() returns 0 on error or 1 on success.

    +

    EVP_EncodeBlock() returns the number of bytes encoded excluding the NUL +terminator.

    +

    EVP_DecodeUpdate() returns -1 on error and 0 or 1 on success. If 0 is returned +then no more non-padding base 64 characters are expected.

    +

    EVP_DecodeFinal() returns -1 on error or 1 on success.

    +

    EVP_DecodeBlock() returns the length of the data decoded or -1 on error.

    +

    +

    +
    +

    SEE ALSO

    +

    evp(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_EncryptInit.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_EncryptInit.html new file mode 100755 index 0000000..4035870 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_EncryptInit.html @@ -0,0 +1,811 @@ + + + + +EVP_EncryptInit + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_CIPHER_fetch, +EVP_CIPHER_up_ref, +EVP_CIPHER_free, +EVP_CIPHER_CTX_new, +EVP_CIPHER_CTX_reset, +EVP_CIPHER_CTX_free, +EVP_EncryptInit_ex, +EVP_EncryptUpdate, +EVP_EncryptFinal_ex, +EVP_DecryptInit_ex, +EVP_DecryptUpdate, +EVP_DecryptFinal_ex, +EVP_CipherInit_ex, +EVP_CipherUpdate, +EVP_CipherFinal_ex, +EVP_CIPHER_CTX_set_key_length, +EVP_CIPHER_CTX_ctrl, +EVP_EncryptInit, +EVP_EncryptFinal, +EVP_DecryptInit, +EVP_DecryptFinal, +EVP_CipherInit, +EVP_CipherFinal, +EVP_Cipher, +EVP_get_cipherbyname, +EVP_get_cipherbynid, +EVP_get_cipherbyobj, +EVP_CIPHER_is_a, +EVP_CIPHER_name, +EVP_CIPHER_number, +EVP_CIPHER_names_do_all, +EVP_CIPHER_provider, +EVP_CIPHER_nid, +EVP_CIPHER_get_params, +EVP_CIPHER_gettable_params, +EVP_CIPHER_block_size, +EVP_CIPHER_key_length, +EVP_CIPHER_iv_length, +EVP_CIPHER_flags, +EVP_CIPHER_mode, +EVP_CIPHER_type, +EVP_CIPHER_CTX_cipher, +EVP_CIPHER_CTX_name, +EVP_CIPHER_CTX_nid, +EVP_CIPHER_CTX_get_params, +EVP_CIPHER_gettable_ctx_params, +EVP_CIPHER_CTX_set_params, +EVP_CIPHER_settable_ctx_params, +EVP_CIPHER_CTX_block_size, +EVP_CIPHER_CTX_key_length, +EVP_CIPHER_CTX_iv_length, +EVP_CIPHER_CTX_tag_length, +EVP_CIPHER_CTX_get_app_data, +EVP_CIPHER_CTX_set_app_data, +EVP_CIPHER_CTX_type, +EVP_CIPHER_CTX_flags, +EVP_CIPHER_CTX_mode, +EVP_CIPHER_param_to_asn1, +EVP_CIPHER_asn1_to_param, +EVP_CIPHER_CTX_set_padding, +EVP_enc_null, +EVP_CIPHER_do_all_provided +- EVP cipher routines

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + EVP_CIPHER *EVP_CIPHER_fetch(OPENSSL_CTX *ctx, const char *algorithm,
+                              const char *properties);
+ int EVP_CIPHER_up_ref(EVP_CIPHER *cipher);
+ void EVP_CIPHER_free(EVP_CIPHER *cipher);
+ EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void);
+ int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx);
+ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx);
    +
    + int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+                        ENGINE *impl, const unsigned char *key, const unsigned char *iv);
+ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                       int *outl, const unsigned char *in, int inl);
+ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
    +
    + int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+                        ENGINE *impl, const unsigned char *key, const unsigned char *iv);
+ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                       int *outl, const unsigned char *in, int inl);
+ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
    +
    + int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+                       ENGINE *impl, const unsigned char *key, const unsigned char *iv, int enc);
+ int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                      int *outl, const unsigned char *in, int inl);
+ int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
    +
    + int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+                     const unsigned char *key, const unsigned char *iv);
+ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
    +
    + int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+                     const unsigned char *key, const unsigned char *iv);
+ int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
    +
    + int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+                    const unsigned char *key, const unsigned char *iv, int enc);
+ int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
    +
    + int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                const unsigned char *in, unsigned int inl);
    +
    + int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *x, int padding);
+ int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen);
+ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);
+ int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key);
    +
    + const EVP_CIPHER *EVP_get_cipherbyname(const char *name);
+ const EVP_CIPHER *EVP_get_cipherbynid(int nid);
+ const EVP_CIPHER *EVP_get_cipherbyobj(const ASN1_OBJECT *a);
    +
    + int EVP_CIPHER_nid(const EVP_CIPHER *e);
+ int EVP_CIPHER_number(const EVP_CIPHER *e);
+ int EVP_CIPHER_is_a(const EVP_CIPHER *cipher, const char *name);
+ void EVP_CIPHER_names_do_all(const EVP_CIPHER *cipher,
+                              void (*fn)(const char *name, void *data),
+                              void *data);
+ const char *EVP_CIPHER_name(const EVP_CIPHER *cipher);
+ const OSSL_PROVIDER *EVP_CIPHER_provider(const EVP_CIPHER *cipher);
+ int EVP_CIPHER_block_size(const EVP_CIPHER *e);
+ int EVP_CIPHER_key_length(const EVP_CIPHER *e);
+ int EVP_CIPHER_iv_length(const EVP_CIPHER *e);
+ unsigned long EVP_CIPHER_flags(const EVP_CIPHER *e);
+ unsigned long EVP_CIPHER_mode(const EVP_CIPHER *e);
+ int EVP_CIPHER_type(const EVP_CIPHER *ctx);
    +
    + const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx);
+ int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx);
+ const char *EVP_CIPHER_CTX_name(const EVP_CIPHER_CTX *ctx);
    +
    + int EVP_CIPHER_get_params(EVP_CIPHER *cipher, OSSL_PARAM params[]);
+ int EVP_CIPHER_CTX_set_params(EVP_CIPHER_CTX *ctx, const OSSL_PARAM params[]);
+ int EVP_CIPHER_CTX_get_params(EVP_CIPHER_CTX *ctx, OSSL_PARAM params[]);
+ const OSSL_PARAM *EVP_CIPHER_gettable_params(const EVP_CIPHER *cipher);
+ const OSSL_PARAM *EVP_CIPHER_settable_ctx_params(const EVP_CIPHER *cipher);
+ const OSSL_PARAM *EVP_CIPHER_gettable_ctx_params(const EVP_CIPHER *cipher);
+ int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx);
+ int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx);
+ int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx);
+ int EVP_CIPHER_CTX_tag_length(const EVP_CIPHER_CTX *ctx);
+ void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx);
+ void EVP_CIPHER_CTX_set_app_data(const EVP_CIPHER_CTX *ctx, void *data);
+ int EVP_CIPHER_CTX_type(const EVP_CIPHER_CTX *ctx);
+ int EVP_CIPHER_CTX_mode(const EVP_CIPHER_CTX *ctx);
    +
    + int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
    +
    + void EVP_CIPHER_do_all_provided(OPENSSL_CTX *libctx,
+                                 void (*fn)(EVP_CIPHER *cipher, void *arg),
+                                 void *arg);
    +

    +

    +
    +

    DESCRIPTION

    +

    The EVP cipher routines are a high level interface to certain +symmetric ciphers.

    +

    The EVP_CIPHER type is a structure for cipher method implementation.

    +

    EVP_CIPHER_fetch() fetches the cipher implementation for the given +algorithm from any provider offering it, within the criteria given +by the properties. +See provider(7)/Fetching algorithms for further information.

    +

    The returned value must eventually be freed with EVP_CIPHER_free().

    +

    EVP_CIPHER_up_ref() increments the reference count for an EVP_CIPHER +structure.

    +

    EVP_CIPHER_free() decrements the reference count for the EVP_CIPHER +structure. +If the reference count drops to 0 then the structure is freed.

    +

    EVP_CIPHER_CTX_new() creates a cipher context.

    +

    EVP_CIPHER_CTX_free() clears all information from a cipher context +and free up any allocated memory associate with it, including ctx +itself. This function should be called after all operations using a +cipher are complete so sensitive information does not remain in +memory.

    +

    EVP_EncryptInit_ex() sets up cipher context ctx for encryption +with cipher type. type is typically supplied by a function such +as EVP_aes_256_cbc(), or a value explicitly fetched with +EVP_CIPHER_fetch(). If impl is non-NULL, its implementation of the +cipher type is used if there is one, and if not, the default +implementation is used. key is the symmetric key to use +and iv is the IV to use (if necessary), the actual number of bytes +used for the key and IV depends on the cipher. It is possible to set +all parameters to NULL except type in an initial call and supply +the remaining parameters in subsequent calls, all of which have type +set to NULL. This is done when the default cipher parameters are not +appropriate. +For EVP_CIPH_GCM_MODE the IV will be generated internally if it is not +specified.

    +

    EVP_EncryptUpdate() encrypts inl bytes from the buffer in and +writes the encrypted version to out. This function can be called +multiple times to encrypt successive blocks of data. The amount +of data written depends on the block alignment of the encrypted data: +as a result the amount of data written may be anything from zero bytes +to (inl + cipher_block_size - 1) so out should contain sufficient +room. The actual number of bytes written is placed in outl. It also +checks if in and out are partially overlapping, and if they are +0 is returned to indicate failure.

    +

    If padding is enabled (the default) then EVP_EncryptFinal_ex() encrypts +the "final" data, that is any data that remains in a partial block. +It uses standard block padding (aka PKCS padding) as described in +the NOTES section, below. The encrypted +final data is written to out which should have sufficient space for +one cipher block. The number of bytes written is placed in outl. After +this function is called the encryption operation is finished and no further +calls to EVP_EncryptUpdate() should be made.

    +

    If padding is disabled then EVP_EncryptFinal_ex() will not encrypt any more +data and it will return an error if any data remains in a partial block: +that is if the total data length is not a multiple of the block size.

    +

    EVP_DecryptInit_ex(), EVP_DecryptUpdate() and EVP_DecryptFinal_ex() are the +corresponding decryption operations. EVP_DecryptFinal() will return an +error code if padding is enabled and the final block is not correctly +formatted. The parameters and restrictions are identical to the encryption +operations except that if padding is enabled the decrypted data buffer out +passed to EVP_DecryptUpdate() should have sufficient room for +(inl + cipher_block_size) bytes unless the cipher block size is 1 in +which case inl bytes is sufficient.

    +

    EVP_CipherInit_ex(), EVP_CipherUpdate() and EVP_CipherFinal_ex() are +functions that can be used for decryption or encryption. The operation +performed depends on the value of the enc parameter. It should be set +to 1 for encryption, 0 for decryption and -1 to leave the value unchanged +(the actual value of 'enc' being supplied in a previous call).

    +

    EVP_CIPHER_CTX_reset() clears all information from a cipher context +and free up any allocated memory associate with it, except the ctx +itself. This function should be called anytime ctx is to be reused +for another EVP_CipherInit() / EVP_CipherUpdate() / EVP_CipherFinal() +series of calls.

    +

    EVP_EncryptInit(), EVP_DecryptInit() and EVP_CipherInit() behave in a +similar way to EVP_EncryptInit_ex(), EVP_DecryptInit_ex() and +EVP_CipherInit_ex() except they always use the default cipher implementation.

    +

    EVP_EncryptFinal(), EVP_DecryptFinal() and EVP_CipherFinal() are +identical to EVP_EncryptFinal_ex(), EVP_DecryptFinal_ex() and +EVP_CipherFinal_ex(). In previous releases they also cleaned up +the ctx, but this is no longer done and EVP_CIPHER_CTX_clean() +must be called to free any context resources.

    +

    EVP_Cipher() encrypts or decrypts a maximum inl amount of bytes from +in and leaves the result in out. +If the cipher doesn't have the flag EVP_CIPH_FLAG_CUSTOM_CIPHER set, +then inl must be a multiple of EVP_CIPHER_block_size(). If it isn't, +the result is undefined. If the cipher has that flag set, then inl +can be any size. +This function is historic and shouldn't be used in an application, please +consider using EVP_CipherUpdate() and EVP_CipherFinal_ex instead.

    +

    EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj() +return an EVP_CIPHER structure when passed a cipher name, a NID or an +ASN1_OBJECT structure.

    +

    EVP_CIPHER_nid() and EVP_CIPHER_CTX_nid() return the NID of a cipher when +passed an EVP_CIPHER or EVP_CIPHER_CTX structure. The actual NID +value is an internal value which may not have a corresponding OBJECT +IDENTIFIER.

    +

    EVP_CIPHER_CTX_set_padding() enables or disables padding. This +function should be called after the context is set up for encryption +or decryption with EVP_EncryptInit_ex(), EVP_DecryptInit_ex() or +EVP_CipherInit_ex(). By default encryption operations are padded using +standard block padding and the padding is checked and removed when +decrypting. If the pad parameter is zero then no padding is +performed, the total amount of data encrypted or decrypted must then +be a multiple of the block size or an error will occur.

    +

    EVP_CIPHER_get_params() retrieves the requested list of algorithm +params from a cipher.

    +

    EVP_CIPHER_CTX_set_params() Sets the list of operation params into a CIPHER +context ctx.

    +

    EVP_CIPHER_CTX_get_params() retrieves the requested list of operation +params from CIPHER context ctx.

    +

    EVP_CIPHER_gettable_params(), EVP_CIPHER_gettable_ctx_params(), and +EVP_CIPHER_settable_ctx_params() get a constant OSSL_PARAM array +that describes the retrievable and settable parameters, i.e. parameters +that can be used with EVP_CIPHER_get_params(), EVP_CIPHER_CTX_get_params() +and EVP_CIPHER_CTX_set_params(), respectively. +See OSSL_PARAM(3) for the use of OSSL_PARAM as parameter descriptor.

    +

    EVP_CIPHER_key_length() and EVP_CIPHER_CTX_key_length() return the key +length of a cipher when passed an EVP_CIPHER or EVP_CIPHER_CTX +structure. The constant EVP_MAX_KEY_LENGTH is the maximum key length +for all ciphers. Note: although EVP_CIPHER_key_length() is fixed for a +given cipher, the value of EVP_CIPHER_CTX_key_length() may be different +for variable key length ciphers.

    +

    EVP_CIPHER_CTX_set_key_length() sets the key length of the cipher ctx. +If the cipher is a fixed length cipher then attempting to set the key +length to any value other than the fixed value is an error.

    +

    EVP_CIPHER_iv_length() and EVP_CIPHER_CTX_iv_length() return the IV +length of a cipher when passed an EVP_CIPHER or EVP_CIPHER_CTX. +It will return zero if the cipher does not use an IV. The constant +EVP_MAX_IV_LENGTH is the maximum IV length for all ciphers.

    +

    EVP_CIPHER_CTX_tag_length() returns the tag length of a AEAD cipher when passed +a EVP_CIPHER_CTX. It will return zero if the cipher does not support a tag. +It returns a default value if the tag length has not been set.

    +

    EVP_CIPHER_block_size() and EVP_CIPHER_CTX_block_size() return the block +size of a cipher when passed an EVP_CIPHER or EVP_CIPHER_CTX +structure. The constant EVP_MAX_BLOCK_LENGTH is also the maximum block +length for all ciphers.

    +

    EVP_CIPHER_type() and EVP_CIPHER_CTX_type() return the type of the passed +cipher or context. This "type" is the actual NID of the cipher OBJECT +IDENTIFIER as such it ignores the cipher parameters and 40 bit RC2 and +128 bit RC2 have the same NID. If the cipher does not have an object +identifier or does not have ASN1 support this function will return +NID_undef.

    +

    EVP_CIPHER_is_a() returns 1 if cipher is an implementation of an +algorithm that's identifiable with name, otherwise 0. +If cipher is a legacy cipher (it's the return value from the likes +of EVP_aes128() rather than the result of an EVP_CIPHER_fetch()), only +cipher names registered with the default library context (see +OPENSSL_CTX(3)) will be considered.

    +

    EVP_CIPHER_number() returns the internal dynamic number assigned to +the cipher. This is only useful with fetched EVP_CIPHERs.

    +

    EVP_CIPHER_name() and EVP_CIPHER_CTX_name() return the name of the passed +cipher or context. For fetched ciphers with multiple names, only one +of them is returned; it's recommended to use EVP_CIPHER_names_do_all() +instead.

    +

    EVP_CIPHER_names_do_all() traverses all names for the cipher, and +calls fn with each name and data. This is only useful with +fetched EVP_CIPHERs.

    +

    EVP_CIPHER_provider() returns an OSSL_PROVIDER pointer to the provider +that implements the given EVP_CIPHER.

    +

    EVP_CIPHER_CTX_cipher() returns the EVP_CIPHER structure when passed +an EVP_CIPHER_CTX structure.

    +

    EVP_CIPHER_mode() and EVP_CIPHER_CTX_mode() return the block cipher mode: +EVP_CIPH_ECB_MODE, EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE, EVP_CIPH_OFB_MODE, +EVP_CIPH_CTR_MODE, EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE, EVP_CIPH_XTS_MODE, +EVP_CIPH_WRAP_MODE, EVP_CIPH_OCB_MODE or EVP_CIPH_SIV_MODE. If the cipher is a +stream cipher then EVP_CIPH_STREAM_CIPHER is returned.

    +

    EVP_CIPHER_flags() returns any flags associated with the cipher. See +EVP_CIPHER_meth_set_flags() for a list of currently defined flags.

    +

    EVP_CIPHER_param_to_asn1() sets the AlgorithmIdentifier "parameter" based +on the passed cipher. This will typically include any parameters and an +IV. The cipher IV (if any) must be set when this call is made. This call +should be made before the cipher is actually "used" (before any +EVP_EncryptUpdate(), EVP_DecryptUpdate() calls for example). This function +may fail if the cipher does not have any ASN1 support.

    +

    EVP_CIPHER_asn1_to_param() sets the cipher parameters based on an ASN1 +AlgorithmIdentifier "parameter". The precise effect depends on the cipher +In the case of RC2, for example, it will set the IV and effective key length. +This function should be called after the base cipher type is set but before +the key is set. For example EVP_CipherInit() will be called with the IV and +key set to NULL, EVP_CIPHER_asn1_to_param() will be called and finally +EVP_CipherInit() again with all parameters except the key set to NULL. It is +possible for this function to fail if the cipher does not have any ASN1 support +or the parameters cannot be set (for example the RC2 effective key length +is not supported.

    +

    EVP_CIPHER_CTX_ctrl() allows various cipher specific parameters to be determined +and set.

    +

    EVP_CIPHER_CTX_rand_key() generates a random key of the appropriate length +based on the cipher context. The EVP_CIPHER can provide its own random key +generation routine to support keys of a specific form. Key must point to a +buffer at least as big as the value returned by EVP_CIPHER_CTX_key_length().

    +

    EVP_CIPHER_do_all_provided() traverses all ciphers implemented by all activated +providers in the given library context libctx, and for each of the +implementations, calls the given function fn with the implementation method +and the given arg as argument.

    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_CIPHER_fetch() returns a pointer to a EVP_CIPHER for success +and NULL for failure.

    +

    EVP_CIPHER_up_ref() returns 1 for success or 0 otherwise.

    +

    EVP_CIPHER_CTX_new() returns a pointer to a newly created +EVP_CIPHER_CTX for success and NULL for failure.

    +

    EVP_EncryptInit_ex(), EVP_EncryptUpdate() and EVP_EncryptFinal_ex() +return 1 for success and 0 for failure.

    +

    EVP_DecryptInit_ex() and EVP_DecryptUpdate() return 1 for success and 0 for failure. +EVP_DecryptFinal_ex() returns 0 if the decrypt failed or 1 for success.

    +

    EVP_CipherInit_ex() and EVP_CipherUpdate() return 1 for success and 0 for failure. +EVP_CipherFinal_ex() returns 0 for a decryption failure or 1 for success.

    +

    EVP_Cipher() returns the amount of encrypted / decrypted bytes, or -1 +on failure, if the flag EVP_CIPH_FLAG_CUSTOM_CIPHER is set for the +cipher. EVP_Cipher() returns 1 on success or 0 on failure, if the flag +EVP_CIPH_FLAG_CUSTOM_CIPHER is not set for the cipher.

    +

    EVP_CIPHER_CTX_reset() returns 1 for success and 0 for failure.

    +

    EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj() +return an EVP_CIPHER structure or NULL on error.

    +

    EVP_CIPHER_nid() and EVP_CIPHER_CTX_nid() return a NID.

    +

    EVP_CIPHER_block_size() and EVP_CIPHER_CTX_block_size() return the block +size.

    +

    EVP_CIPHER_key_length() and EVP_CIPHER_CTX_key_length() return the key +length.

    +

    EVP_CIPHER_CTX_set_padding() always returns 1.

    +

    EVP_CIPHER_iv_length() and EVP_CIPHER_CTX_iv_length() return the IV +length or zero if the cipher does not use an IV.

    +

    EVP_CIPHER_CTX_tag_length() return the tag length or zero if the cipher does not +use a tag.

    +

    EVP_CIPHER_type() and EVP_CIPHER_CTX_type() return the NID of the cipher's +OBJECT IDENTIFIER or NID_undef if it has no defined OBJECT IDENTIFIER.

    +

    EVP_CIPHER_CTX_cipher() returns an EVP_CIPHER structure.

    +

    EVP_CIPHER_param_to_asn1() and EVP_CIPHER_asn1_to_param() return greater +than zero for success and zero or a negative number on failure.

    +

    EVP_CIPHER_CTX_rand_key() returns 1 for success.

    +

    +

    +
    +

    CIPHER LISTING

    +

    All algorithms have a fixed key length unless otherwise stated.

    +

    Refer to SEE ALSO for the full list of ciphers available through the EVP +interface.

    +
    +
    EVP_enc_null()
    + +
    +

    Null cipher: does nothing.

    +
    +
    +

    +

    +
    +

    AEAD INTERFACE

    +

    The EVP interface for Authenticated Encryption with Associated Data (AEAD) +modes are subtly altered and several additional ctrl operations are supported +depending on the mode specified.

    +

    To specify additional authenticated data (AAD), a call to EVP_CipherUpdate(), +EVP_EncryptUpdate() or EVP_DecryptUpdate() should be made with the output +parameter out set to NULL.

    +

    When decrypting, the return value of EVP_DecryptFinal() or EVP_CipherFinal() +indicates whether the operation was successful. If it does not indicate success, +the authentication operation has failed and any output data MUST NOT be used +as it is corrupted.

    +

    +

    +

    GCM and OCB Modes

    +

    The following ctrls are supported in GCM and OCB modes.

    +
    +
    EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL)
    + +
    +

    Sets the IV length. This call can only be made before specifying an IV. If +not called a default IV length is used.

    +

    For GCM AES and OCB AES the default is 12 (i.e. 96 bits). For OCB mode the +maximum is 15.

    +
    +
    EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag)
    + +
    +

    Writes taglen bytes of the tag value to the buffer indicated by tag. +This call can only be made when encrypting data and after all data has been +processed (e.g. after an EVP_EncryptFinal() call).

    +

    For OCB, taglen must either be 16 or the value previously set via +EVP_CTRL_AEAD_SET_TAG.

    +
    +
    EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag)
    + +
    +

    Sets the expected tag to taglen bytes from tag. +The tag length can only be set before specifying an IV. +taglen must be between 1 and 16 inclusive.

    +

    For GCM, this call is only valid when decrypting data.

    +

    For OCB, this call is valid when decrypting data to set the expected tag, +and before encryption to set the desired tag length.

    +

    In OCB mode, calling this before encryption with tag set to NULL sets the +tag length. If this is not called prior to encryption, a default tag length is +used.

    +

    For OCB AES, the default tag length is 16 (i.e. 128 bits). It is also the +maximum tag length for OCB.

    +
    +
    +

    +

    +

    CCM Mode

    +

    The EVP interface for CCM mode is similar to that of the GCM mode but with a +few additional requirements and different ctrl values.

    +

    For CCM mode, the total plaintext or ciphertext length MUST be passed to +EVP_CipherUpdate(), EVP_EncryptUpdate() or EVP_DecryptUpdate() with the output +and input parameters (in and out) set to NULL and the length passed in +the inl parameter.

    +

    The following ctrls are supported in CCM mode.

    +
    +
    EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag)
    + +
    +

    This call is made to set the expected CCM tag value when decrypting or +the length of the tag (with the tag parameter set to NULL) when encrypting. +The tag length is often referred to as M. If not set a default value is +used (12 for AES). When decrypting, the tag needs to be set before passing +in data to be decrypted, but as in GCM and OCB mode, it can be set after +passing additional authenticated data (see AEAD INTERFACE).

    +
    +
    EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_L, ivlen, NULL)
    + +
    +

    Sets the CCM L value. If not set a default is used (8 for AES).

    +
    +
    EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL)
    + +
    +

    Sets the CCM nonce (IV) length. This call can only be made before specifying an +nonce value. The nonce length is given by 15 - L so it is 7 by default for +AES.

    +
    +
    +

    +

    +

    SIV Mode

    +

    For SIV mode ciphers the behaviour of the EVP interface is subtly +altered and several additional ctrl operations are supported.

    +

    To specify any additional authenticated data (AAD) and/or a Nonce, a call to +EVP_CipherUpdate(), EVP_EncryptUpdate() or EVP_DecryptUpdate() should be made +with the output parameter out set to NULL.

    +

    RFC5297 states that the Nonce is the last piece of AAD before the actual +encrypt/decrypt takes place. The API does not differentiate the Nonce from +other AAD.

    +

    When decrypting the return value of EVP_DecryptFinal() or EVP_CipherFinal() +indicates if the operation was successful. If it does not indicate success +the authentication operation has failed and any output data MUST NOT +be used as it is corrupted.

    +

    The following ctrls are supported in both SIV modes.

    +
    +
    EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag);
    + +
    +

    Writes taglen bytes of the tag value to the buffer indicated by tag. +This call can only be made when encrypting data and after all data has been +processed (e.g. after an EVP_EncryptFinal() call). For SIV mode the taglen must +be 16.

    +
    +
    EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag);
    + +
    +

    Sets the expected tag to taglen bytes from tag. This call is only legal +when decrypting data and must be made before any data is processed (e.g. +before any EVP_DecryptUpdate() call). For SIV mode the taglen must be 16.

    +
    +
    +

    SIV mode makes two passes over the input data, thus, only one call to +EVP_CipherUpdate(), EVP_EncryptUpdate() or EVP_DecryptUpdate() should be made +with out set to a non-NULL value. A call to EVP_Decrypt_Final() or +EVP_CipherFinal() is not required, but will indicate if the update +operation succeeded.

    +

    +

    +

    ChaCha20-Poly1305

    +

    The following ctrls are supported for the ChaCha20-Poly1305 AEAD algorithm.

    +
    +
    EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL)
    + +
    +

    Sets the nonce length. This call can only be made before specifying the nonce. +If not called a default nonce length of 12 (i.e. 96 bits) is used. The maximum +nonce length is 12 bytes (i.e. 96-bits). If a nonce of less than 12 bytes is set +then the nonce is automatically padded with leading 0 bytes to make it 12 bytes +in length.

    +
    +
    EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag)
    + +
    +

    Writes taglen bytes of the tag value to the buffer indicated by tag. +This call can only be made when encrypting data and after all data has been +processed (e.g. after an EVP_EncryptFinal() call).

    +

    taglen specified here must be 16 (POLY1305_BLOCK_SIZE, i.e. 128-bits) or +less.

    +
    +
    EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag)
    + +
    +

    Sets the expected tag to taglen bytes from tag. +The tag length can only be set before specifying an IV. +taglen must be between 1 and 16 (POLY1305_BLOCK_SIZE) inclusive. +This call is only valid when decrypting data.

    +
    +
    +

    +

    +
    +

    NOTES

    +

    Where possible the EVP interface to symmetric ciphers should be used in +preference to the low level interfaces. This is because the code then becomes +transparent to the cipher used and much more flexible. Additionally, the +EVP interface will ensure the use of platform specific cryptographic +acceleration such as AES-NI (the low level interfaces do not provide the +guarantee).

    +

    PKCS padding works by adding n padding bytes of value n to make the total +length of the encrypted data a multiple of the block size. Padding is always +added so if the data is already a multiple of the block size n will equal +the block size. For example if the block size is 8 and 11 bytes are to be +encrypted then 5 padding bytes of value 5 will be added.

    +

    When decrypting the final block is checked to see if it has the correct form.

    +

    Although the decryption operation can produce an error if padding is enabled, +it is not a strong test that the input data or key is correct. A random block +has better than 1 in 256 chance of being of the correct format and problems with +the input data earlier on will not produce a final decrypt error.

    +

    If padding is disabled then the decryption operation will always succeed if +the total amount of data decrypted is a multiple of the block size.

    +

    The functions EVP_EncryptInit(), EVP_EncryptFinal(), EVP_DecryptInit(), +EVP_CipherInit() and EVP_CipherFinal() are obsolete but are retained for +compatibility with existing code. New code should use EVP_EncryptInit_ex(), +EVP_EncryptFinal_ex(), EVP_DecryptInit_ex(), EVP_DecryptFinal_ex(), +EVP_CipherInit_ex() and EVP_CipherFinal_ex() because they can reuse an +existing context without allocating and freeing it up on each call.

    +

    There are some differences between functions EVP_CipherInit() and +EVP_CipherInit_ex(), significant in some circumstances. EVP_CipherInit() fills +the passed context object with zeros. As a consequence, EVP_CipherInit() does +not allow step-by-step initialization of the ctx when the key and iv are +passed in separate calls. It also means that the flags set for the CTX are +removed, and it is especially important for the +EVP_CIPHER_CTX_FLAG_WRAP_ALLOW flag treated specially in +EVP_CipherInit_ex().

    +

    EVP_get_cipherbynid(), and EVP_get_cipherbyobj() are implemented as macros.

    +

    +

    +
    +

    BUGS

    +

    EVP_MAX_KEY_LENGTH and EVP_MAX_IV_LENGTH only refer to the internal +ciphers with default key lengths. If custom ciphers exceed these values the +results are unpredictable. This is because it has become standard practice to +define a generic key as a fixed unsigned char array containing +EVP_MAX_KEY_LENGTH bytes.

    +

    The ASN1 code is incomplete (and sometimes inaccurate) it has only been tested +for certain common S/MIME ciphers (RC2, DES, triple DES) in CBC mode.

    +

    +

    +
    +

    EXAMPLES

    +

    Encrypt a string using IDEA:

    +
    + int do_crypt(char *outfile)
+ {
+     unsigned char outbuf[1024];
+     int outlen, tmplen;
+     /*
+      * Bogus key and IV: we'd normally set these from
+      * another source.
+      */
+     unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15};
+     unsigned char iv[] = {1,2,3,4,5,6,7,8};
+     char intext[] = "Some Crypto Text";
+     EVP_CIPHER_CTX *ctx;
+     FILE *out;
    +
    +     ctx = EVP_CIPHER_CTX_new();
+     EVP_EncryptInit_ex(ctx, EVP_idea_cbc(), NULL, key, iv);
    +
    +     if (!EVP_EncryptUpdate(ctx, outbuf, &outlen, intext, strlen(intext))) {
+         /* Error */
+         EVP_CIPHER_CTX_free(ctx);
+         return 0;
+     }
+     /*
+      * Buffer passed to EVP_EncryptFinal() must be after data just
+      * encrypted to avoid overwriting it.
+      */
+     if (!EVP_EncryptFinal_ex(ctx, outbuf + outlen, &tmplen)) {
+         /* Error */
+         EVP_CIPHER_CTX_free(ctx);
+         return 0;
+     }
+     outlen += tmplen;
+     EVP_CIPHER_CTX_free(ctx);
+     /*
+      * Need binary mode for fopen because encrypted data is
+      * binary data. Also cannot use strlen() on it because
+      * it won't be NUL terminated and may contain embedded
+      * NULs.
+      */
+     out = fopen(outfile, "wb");
+     if (out == NULL) {
+         /* Error */
+         return 0;
+     }
+     fwrite(outbuf, 1, outlen, out);
+     fclose(out);
+     return 1;
+ }
    +

    The ciphertext from the above example can be decrypted using the openssl +utility with the command line (shown on two lines for clarity):

    +
    + openssl idea -d \
+     -K 000102030405060708090A0B0C0D0E0F -iv 0102030405060708 <filename
    +

    General encryption and decryption function example using FILE I/O and AES128 +with a 128-bit key:

    +
    + int do_crypt(FILE *in, FILE *out, int do_encrypt)
+ {
+     /* Allow enough space in output buffer for additional block */
+     unsigned char inbuf[1024], outbuf[1024 + EVP_MAX_BLOCK_LENGTH];
+     int inlen, outlen;
+     EVP_CIPHER_CTX *ctx;
+     /*
+      * Bogus key and IV: we'd normally set these from
+      * another source.
+      */
+     unsigned char key[] = "0123456789abcdeF";
+     unsigned char iv[] = "1234567887654321";
    +
    +     /* Don't set key or IV right away; we want to check lengths */
+     ctx = EVP_CIPHER_CTX_new();
+     EVP_CipherInit_ex(&ctx, EVP_aes_128_cbc(), NULL, NULL, NULL,
+                       do_encrypt);
+     OPENSSL_assert(EVP_CIPHER_CTX_key_length(ctx) == 16);
+     OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) == 16);
    +
    +     /* Now we can set key and IV */
+     EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, do_encrypt);
    +
    +     for (;;) {
+         inlen = fread(inbuf, 1, 1024, in);
+         if (inlen <= 0)
+             break;
+         if (!EVP_CipherUpdate(ctx, outbuf, &outlen, inbuf, inlen)) {
+             /* Error */
+             EVP_CIPHER_CTX_free(ctx);
+             return 0;
+         }
+         fwrite(outbuf, 1, outlen, out);
+     }
+     if (!EVP_CipherFinal_ex(ctx, outbuf, &outlen)) {
+         /* Error */
+         EVP_CIPHER_CTX_free(ctx);
+         return 0;
+     }
+     fwrite(outbuf, 1, outlen, out);
    +
    +     EVP_CIPHER_CTX_free(ctx);
+     return 1;
+ }
    +

    +

    +
    +

    SEE ALSO

    +

    evp(7)

    +

    Supported ciphers are listed in:

    +

    EVP_aes_128_gcm(3), +EVP_aria_128_gcm(3), +EVP_bf_cbc(3), +EVP_camellia_128_ecb(3), +EVP_cast5_cbc(3), +EVP_chacha20(3), +EVP_des_cbc(3), +EVP_desx_cbc(3), +EVP_idea_cbc(3), +EVP_rc2_cbc(3), +EVP_rc4(3), +EVP_rc5_32_12_16_cbc(3), +EVP_seed_cbc(3), +EVP_sm4_cbc(3)

    +

    +

    +
    +

    HISTORY

    +

    Support for OCB mode was added in OpenSSL 1.1.0.

    +

    EVP_CIPHER_CTX was made opaque in OpenSSL 1.1.0. As a result, +EVP_CIPHER_CTX_reset() appeared and EVP_CIPHER_CTX_cleanup() +disappeared. EVP_CIPHER_CTX_init() remains as an alias for +EVP_CIPHER_CTX_reset().

    +

    The EVP_CIPHER_fetch(), EVP_CIPHER_free(), EVP_CIPHER_up_ref(), +EVP_CIPHER_CTX_set_params() and EVP_CIPHER_CTX_get_params() functions +were added in 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_KDF.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_KDF.html new file mode 100755 index 0000000..8bbb4c5 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_KDF.html @@ -0,0 +1,299 @@ + + + + +EVP_KDF + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_KDF, EVP_KDF_fetch, EVP_KDF_free, EVP_KDF_up_ref, +EVP_KDF_CTX, EVP_KDF_CTX_new, EVP_KDF_CTX_free, EVP_KDF_CTX_dup, +EVP_KDF_reset, EVP_KDF_derive, +EVP_KDF_size, EVP_KDF_provider, EVP_KDF_CTX_kdf, EVP_KDF_is_a, +EVP_KDF_number, EVP_KDF_names_do_all, +EVP_KDF_CTX_get_params, EVP_KDF_CTX_set_params, EVP_KDF_do_all_provided, +EVP_KDF_get_params, EVP_KDF_gettable_ctx_params, EVP_KDF_settable_ctx_params, +EVP_KDF_gettable_params - EVP KDF routines

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/kdf.h>
    +
    + typedef struct evp_kdf_st EVP_KDF;
+ typedef struct evp_kdf_ctx_st EVP_KDF_CTX;
    +
    + EVP_KDF_CTX *EVP_KDF_CTX_new(const EVP_KDF *kdf);
+ const EVP_KDF *EVP_KDF_CTX_kdf(EVP_KDF_CTX *ctx);
+ void EVP_KDF_CTX_free(EVP_KDF_CTX *ctx);
+ EVP_KDF_CTX *EVP_KDF_CTX_dup(const EVP_KDF_CTX *src);
+ void EVP_KDF_reset(EVP_KDF_CTX *ctx);
+ size_t EVP_KDF_size(EVP_KDF_CTX *ctx);
+ int EVP_KDF_derive(EVP_KDF_CTX *ctx, unsigned char *key, size_t keylen);
+ int EVP_KDF_up_ref(EVP_KDF *kdf);
+ void EVP_KDF_free(EVP_KDF *kdf);
+ EVP_KDF *EVP_KDF_fetch(OPENSSL_CTX *libctx, const char *algorithm,
+                        const char *properties);
+ int EVP_KDF_number(const EVP_KDF *kdf);
+ int EVP_KDF_is_a(const EVP_KDF *kdf, const char *name);
+ const OSSL_PROVIDER *EVP_KDF_provider(const EVP_KDF *kdf);
+ void EVP_KDF_do_all_provided(OPENSSL_CTX *libctx,
+                              void (*fn)(EVP_KDF *kdf, void *arg),
+                              void *arg);
+ void EVP_KDF_names_do_all(const EVP_KDF *kdf,
+                           void (*fn)(const char *name, void *data),
+                           void *data);
+ int EVP_KDF_get_params(EVP_KDF *kdf, OSSL_PARAM params[]);
+ int EVP_KDF_CTX_get_params(EVP_KDF_CTX *ctx, OSSL_PARAM params[]);
+ int EVP_KDF_CTX_set_params(EVP_KDF_CTX *ctx, const OSSL_PARAM params[]);
+ const OSSL_PARAM *EVP_KDF_gettable_params(const EVP_KDF *kdf);
+ const OSSL_PARAM *EVP_KDF_gettable_ctx_params(const EVP_KDF *kdf);
+ const OSSL_PARAM *EVP_KDF_settable_ctx_params(const EVP_KDF *kdf);
+ const OSSL_PROVIDER *EVP_KDF_provider(const EVP_KDF *kdf);
    +

    +

    +
    +

    DESCRIPTION

    +

    The EVP KDF routines are a high level interface to Key Derivation Function +algorithms and should be used instead of algorithm-specific functions.

    +

    After creating a EVP_KDF_CTX for the required algorithm using +EVP_KDF_CTX_new(), inputs to the algorithm are supplied +using calls to EVP_KDF_CTX_set_params() before +calling EVP_KDF_derive() to derive the key.

    +

    +

    +

    Types

    +

    EVP_KDF is a type that holds the implementation of a KDF.

    +

    EVP_KDF_CTX is a context type that holds the algorithm inputs.

    +

    +

    +

    Algorithm implementation fetching

    +

    EVP_KDF_fetch() fetches an implementation of a KDF algorithm, given +a library context libctx and a set of properties. +See provider(7)/Fetching algorithms for further information.

    +

    The returned value must eventually be freed with +EVP_KDF_free(3).

    +

    EVP_KDF_up_ref() increments the reference count of an already fetched +KDF.

    +

    EVP_KDF_free() frees a fetched algorithm. +NULL is a valid parameter, for which this function is a no-op.

    +

    +

    +

    Context manipulation functions

    +

    EVP_KDF_CTX_new() creates a new context for the KDF implementation kdf.

    +

    EVP_KDF_CTX_free() frees up the context ctx. If ctx is NULL, nothing +is done.

    +

    EVP_KDF_CTX_kdf() returns the EVP_KDF associated with the context +ctx.

    +

    +

    +

    Computing functions

    +

    EVP_KDF_reset() resets the context to the default state as if the context +had just been created.

    +

    EVP_KDF_derive() derives keylen bytes of key material and places it in the +key buffer. If the algorithm produces a fixed amount of output then an +error will occur unless the keylen parameter is equal to that output size, +as returned by EVP_KDF_size().

    +

    EVP_KDF_get_params() retrieves details about the implementation +kdf. +The set of parameters given with params determine exactly what +parameters should be retrieved. +Note that a parameter that is unknown in the underlying context is +simply ignored.

    +

    EVP_KDF_CTX_get_params() retrieves chosen parameters, given the +context ctx and its underlying context. +The set of parameters given with params determine exactly what +parameters should be retrieved. +Note that a parameter that is unknown in the underlying context is +simply ignored.

    +

    EVP_KDF_CTX_set_params() passes chosen parameters to the underlying +context, given a context ctx. +The set of parameters given with params determine exactly what +parameters are passed down. +Note that a parameter that is unknown in the underlying context is +simply ignored. +Also, what happens when a needed parameter isn't passed down is +defined by the implementation.

    +

    EVP_KDF_gettable_params(), EVP_KDF_gettable_ctx_params() and +EVP_KDF_settable_ctx_params() get a constant OSSL_PARAM array that +describes the retrievable and settable parameters, i.e. parameters that +can be used with EVP_KDF_get_params(), EVP_KDF_CTX_get_params() +and EVP_KDF_CTX_set_params(), respectively. +See OSSL_PARAM(3) for the use of OSSL_PARAM as parameter descriptor.

    +

    +

    +

    Information functions

    +

    EVP_KDF_size() returns the output size if the algorithm produces a fixed amount +of output and SIZE_MAX otherwise. If an error occurs then 0 is returned. +For some algorithms an error may result if input parameters necessary to +calculate a fixed output size have not yet been supplied.

    +

    EVP_KDF_is_a() returns 1 if kdf is an implementation of an +algorithm that's identifiable with name, otherwise 0.

    +

    EVP_KDF_provider() returns the provider that holds the implementation +of the given kdf.

    +

    EVP_KDF_do_all_provided() traverses all KDF implemented by all activated +providers in the given library context libctx, and for each of the +implementations, calls the given function fn with the implementation method +and the given arg as argument.

    +

    EVP_KDF_number() returns the internal dynamic number assigned to +kdf.

    +

    EVP_KDF_names_do_all() traverses all names for kdf, and calls +fn with each name and data.

    +

    +

    +
    +

    PARAMETERS

    +

    The standard parameter names are:

    +
    +
    "pass" (OSSL_KDF_PARAM_PASSWORD) <octet string>
    + +
    +

    Some KDF implementations require a password. +For those KDF implementations that support it, this parameter sets the password.

    +
    +
    "salt" (OSSL_KDF_PARAM_SALT) <octet string>
    + +
    +

    Some KDF implementations can take a salt. +For those KDF implementations that support it, this parameter sets the salt.

    +

    The default value, if any, is implementation dependent.

    +
    +
    "iter" (OSSL_KDF_PARAM_ITER) <unsigned integer>
    + +
    +

    Some KDF implementations require an iteration count. +For those KDF implementations that support it, this parameter sets the +iteration count.

    +

    The default value, if any, is implementation dependent.

    +
    +
    "properties" (OSSL_KDF_PARAM_PROPERTIES) <UTF8 string>
    + +
    "mac" (OSSL_KDF_PARAM_MAC) <UTF8 string>
    + +
    "digest" (OSSL_KDF_PARAM_DIGEST) <UTF8 string>
    + +
    "cipher" (OSSL_KDF_PARAM_CIPHER) <UTF8 string>
    + +
    +

    For KDF implementations that use an underlying computation MAC, digest or +cipher, these parameters set what the algorithm should be.

    +

    The value is always the name of the intended algorithm, +or the properties.

    +

    Note that not all algorithms may support all possible underlying +implementations.

    +
    +
    "key" (OSSL_KDF_PARAM_KEY) <octet string>
    + +
    +

    Some KDF implementations require a key. +For those KDF implementations that support it, this octet string parameter +sets the key.

    +
    +
    "maclen" (OSSL_KDF_PARAM_MAC_SIZE) <unsigned integer>
    + +
    +

    Used by implementations that use a MAC with a variable output size (KMAC). +For those KDF implementations that support it, this parameter +sets the MAC output size.

    +

    The default value, if any, is implementation dependent. +The length must never exceed what can be given with a size_t.

    +
    +
    "maxmem_bytes" (OSSL_KDF_PARAM_SCRYPT_MAXMEM) <unsigned integer>
    + +
    +

    Memory-hard password-based KDF algorithms, such as scrypt, use an amount of +memory that depends on the load factors provided as input. +For those KDF implementations that support it, this uint64_t parameter sets +an upper limit on the amount of memory that may be consumed while performing +a key derivation. +If this memory usage limit is exceeded because the load factors are chosen +too high, the key derivation will fail.

    +

    The default value is implementation dependent. +The memory size must never exceed what can be given with a size_t.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_KDF_fetch() returns a pointer to a newly fetched EVP_KDF, or +NULL if allocation failed.

    +

    EVP_KDF_provider() returns a pointer to the provider for the KDF, or +NULL on error.

    +

    EVP_KDF_up_ref() returns 1 on success, 0 on error.

    +

    EVP_KDF_CTX_new() returns either the newly allocated +EVP_KDF_CTX structure or NULL if an error occurred.

    +

    EVP_KDF_CTX_free() and EVP_KDF_reset() do not return a value.

    +

    EVP_KDF_size() returns the output size. SIZE_MAX is returned to indicate +that the algorithm produces a variable amount of output; 0 to indicate failure.

    +

    The remaining functions return 1 for success and 0 or a negative value for +failure. In particular, a return value of -2 indicates the operation is not +supported by the KDF algorithm.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_KDF-SCRYPT(7) +EVP_KDF-TLS1_PRF(7) +EVP_KDF-PBKDF2(7) +EVP_KDF-HKDF(7) +EVP_KDF-SS(7) +EVP_KDF-SSHKDF(7) +EVP_KDF-X963(7) +EVP_KDF-X942(7)

    +

    +

    +
    +

    HISTORY

    +

    This functionality was added to OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_KEYEXCH_free.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_KEYEXCH_free.html new file mode 100755 index 0000000..d362db1 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_KEYEXCH_free.html @@ -0,0 +1,118 @@ + + + + +EVP_KEYEXCH_free + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_KEYEXCH_fetch, EVP_KEYEXCH_free, EVP_KEYEXCH_up_ref, EVP_KEYEXCH_provider, +EVP_KEYEXCH_is_a, EVP_KEYEXCH_do_all_provided, +EVP_KEYEXCH_number, EVP_KEYEXCH_names_do_all +- Functions to manage EVP_KEYEXCH algorithm objects

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + EVP_KEYEXCH *EVP_KEYEXCH_fetch(OPENSSL_CTX *ctx, const char *algorithm,
+                                const char *properties);
+ void EVP_KEYEXCH_free(EVP_KEYEXCH *exchange);
+ int EVP_KEYEXCH_up_ref(EVP_KEYEXCH *exchange);
+ OSSL_PROVIDER *EVP_KEYEXCH_provider(const EVP_KEYEXCH *exchange);
+ int EVP_KEYEXCH_is_a(const EVP_KEYEXCH *exchange, const char *name);
+ int EVP_KEYEXCH_number(const EVP_KEYEXCH *exchange);
+ void EVP_KEYEXCH_do_all_provided(OPENSSL_CTX *libctx,
+                                  void (*fn)(EVP_KEYEXCH *exchange, void *arg),
+                                  void *arg);
+ void EVP_KEYEXCH_names_do_all(const EVP_KEYEXCH *exchange,
+                               void (*fn)(const char *name, void *data),
+                               void *data);
    +

    +

    +
    +

    DESCRIPTION

    +

    EVP_KEYEXCH_fetch() fetches the key exchange implementation for the given +algorithm from any provider offering it, within the criteria given +by the properties. +See provider(7)/Fetching algorithms for further information.

    +

    The returned value must eventually be freed with EVP_KEYEXCH_free().

    +

    EVP_KEYEXCH_free() decrements the reference count for the EVP_KEYEXCH +structure. Typically this structure will have been obtained from an earlier call +to EVP_KEYEXCH_fetch(). If the reference count drops to 0 then the +structure is freed.

    +

    EVP_KEYEXCH_up_ref() increments the reference count for an EVP_KEYEXCH +structure.

    +

    EVP_KEYEXCH_provider() returns the provider that exchange was fetched from.

    +

    EVP_KEYEXCH_is_a() checks if exchange is an implementation of an +algorithm that's identifiable with name.

    +

    EVP_KEYEXCH_number() returns the internal dynamic number assigned to +the exchange.

    +

    EVP_KEYEXCH_names_do_all() traverses all names for the exchange, and +calls fn with each name and data.

    +

    EVP_KEYEXCH_do_all_provided() traverses all key exchange implementations by +all activated providers in the library context libctx, and for each +of the implementations, calls fn with the implementation method and +data as arguments.

    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_KEYEXCH_fetch() returns a pointer to a EVP_KEYEXCH for success +or NULL for failure.

    +

    EVP_KEYEXCH_up_ref() returns 1 for success or 0 otherwise.

    +

    EVP_KEYEXCH_is_a() returns 1 of exchange was identifiable, +otherwise 0.

    +

    EVP_KEYEXCH_number() returns an integer.

    +

    +

    +
    +

    SEE ALSO

    +

    provider(7)/Fetching algorithms, OSSL_PROVIDER(3)

    +

    +

    +
    +

    HISTORY

    +

    The functions described here were added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_KEYMGMT.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_KEYMGMT.html new file mode 100755 index 0000000..f9adc19 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_KEYMGMT.html @@ -0,0 +1,143 @@ + + + + +EVP_KEYMGMT + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_KEYMGMT, +EVP_KEYMGMT_fetch, +EVP_KEYMGMT_up_ref, +EVP_KEYMGMT_free, +EVP_KEYMGMT_provider, +EVP_KEYMGMT_is_a, +EVP_KEYMGMT_number, +EVP_KEYMGMT_do_all_provided, +EVP_KEYMGMT_names_do_all +- EVP key management routines

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + typedef struct evp_keymgmt_st EVP_KEYMGMT;
    +
    + EVP_KEYMGMT *EVP_KEYMGMT_fetch(OPENSSL_CTX *ctx, const char *algorithm,
+                                const char *properties);
+ int EVP_KEYMGMT_up_ref(EVP_KEYMGMT *keymgmt);
+ void EVP_KEYMGMT_free(EVP_KEYMGMT *keymgmt);
+ const OSSL_PROVIDER *EVP_KEYMGMT_provider(const EVP_KEYMGMT *keymgmt);
+ int EVP_KEYMGMT_is_a(const EVP_KEYMGMT *keymgmt, const char *name);
+ int EVP_KEYMGMT_number(const EVP_KEYMGMT *keymgmt);
+ void EVP_KEYMGMT_do_all_provided(OPENSSL_CTX *libctx,
+                                  void (*fn)(EVP_KEYMGMT *keymgmt, void *arg),
+                                  void *arg);
+ void EVP_KEYMGMT_names_do_all(const EVP_KEYMGMT *keymgmt,
+                               void (*fn)(const char *name, void *data),
+                               void *data);
    +

    +

    +
    +

    DESCRIPTION

    +

    EVP_KEYMGMT is a method object that represents key management +implementations for different cryptographic algorithms. +This method object provides functionality to have providers import key +material from the outside, as well as export key material to the +outside. +Most of the functionality can only be used internally and has no +public interface, this object is simply passed into other functions +when needed.

    +

    EVP_KEYMGMT_fetch() looks for an algorithm within the provider that +has been loaded into the OPENSSL_CTX given by ctx, having the +name given by algorithm and the properties given by properties.

    +

    EVP_KEYMGMT_up_ref() increments the reference count for the given +EVP_KEYMGMT keymgmt.

    +

    EVP_KEYMGMT_free() decrements the reference count for the given +EVP_KEYMGMT keymgmt, and when the count reaches zero, frees it.

    +

    EVP_KEYMGMT_provider() returns the provider that has this particular +implementation.

    +

    EVP_KEYMGMT_is_a() checks if keymgmt is an implementation of an +algorithm that's identifiable with name.

    +

    EVP_KEYMGMT_number() returns the internal dynamic number assigned to +the keymgmt.

    +

    EVP_KEYMGMT_names_do_all() traverses all names for the keymgmt, and +calls fn with each name and data.

    +

    EVP_KEYMGMT_do_all_provided() traverses all key keymgmt implementations by +all activated providers in the library context libctx, and for each +of the implementations, calls fn with the implementation method and +data as arguments.

    +

    +

    +
    +

    NOTES

    +

    EVP_KEYMGMT_fetch() may be called implicitly by other fetching +functions, using the same library context and properties. +Any other API that uses keys will typically do this.

    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_KEYMGMT_fetch() returns a pointer to the key management +implementation represented by an EVP_KEYMGMT object, or NULL on +error.

    +

    EVP_KEYMGMT_up_ref() returns 1 on success, or 0 on error.

    +

    EVP_KEYMGMT_free() doesn't return any value.

    +

    EVP_KEYMGMT_provider() returns a pointer to a provider object, or NULL +on error.

    +

    EVP_KEYMGMT_is_a() returns 1 of keymgmt was identifiable, +otherwise 0.

    +

    EVP_KEYMGMT_number() returns an integer.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_MD_fetch(3), OPENSSL_CTX(3)

    +

    +

    +
    +

    HISTORY

    +

    The functions described here were added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_MAC.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_MAC.html new file mode 100755 index 0000000..686cfad --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_MAC.html @@ -0,0 +1,415 @@ + + + + +EVP_MAC + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_MAC, EVP_MAC_fetch, EVP_MAC_up_ref, EVP_MAC_free, +EVP_MAC_is_a, EVP_MAC_number, EVP_MAC_names_do_all, +EVP_MAC_provider, EVP_MAC_get_params, EVP_MAC_gettable_params, +EVP_MAC_CTX, EVP_MAC_CTX_new, EVP_MAC_CTX_free, EVP_MAC_CTX_dup, +EVP_MAC_CTX_mac, EVP_MAC_CTX_get_params, EVP_MAC_CTX_set_params, +EVP_MAC_size, EVP_MAC_init, EVP_MAC_update, EVP_MAC_final, +EVP_MAC_gettable_ctx_params, EVP_MAC_settable_ctx_params, +EVP_MAC_do_all_provided - EVP MAC routines

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + typedef struct evp_mac_st EVP_MAC;
+ typedef struct evp_mac_ctx_st EVP_MAC_CTX;
    +
    + EVP_MAC *EVP_MAC_fetch(OPENSSL_CTX *libctx, const char *algorithm,
+                        const char *properties);
+ int EVP_MAC_up_ref(EVP_MAC *mac);
+ void EVP_MAC_free(EVP_MAC *mac);
+ int EVP_MAC_is_a(const EVP_MAC *mac, const char *name);
+ int EVP_MAC_number(const EVP_MAC *mac);
+ void EVP_MAC_names_do_all(const EVP_MAC *mac,
+                           void (*fn)(const char *name, void *data),
+                           void *data);
+ const OSSL_PROVIDER *EVP_MAC_provider(const EVP_MAC *mac);
+ int EVP_MAC_get_params(EVP_MAC *mac, OSSL_PARAM params[]);
    +
    + EVP_MAC_CTX *EVP_MAC_CTX_new(EVP_MAC *mac);
+ void EVP_MAC_CTX_free(EVP_MAC_CTX *ctx);
+ EVP_MAC_CTX *EVP_MAC_CTX_dup(const EVP_MAC_CTX *src);
+ EVP_MAC *EVP_MAC_CTX_mac(EVP_MAC_CTX *ctx);
+ int EVP_MAC_CTX_get_params(EVP_MAC_CTX *ctx, OSSL_PARAM params[]);
+ int EVP_MAC_CTX_set_params(EVP_MAC_CTX *ctx, const OSSL_PARAM params[]);
    +
    + size_t EVP_MAC_size(EVP_MAC_CTX *ctx);
+ int EVP_MAC_init(EVP_MAC_CTX *ctx);
+ int EVP_MAC_update(EVP_MAC_CTX *ctx, const unsigned char *data, size_t datalen);
+ int EVP_MAC_final(EVP_MAC_CTX *ctx,
+                   unsigned char *out, size_t *outl, size_t outsize);
    +
    + const OSSL_PARAM *EVP_MAC_gettable_params(const EVP_MAC *mac);
+ const OSSL_PARAM *EVP_MAC_gettable_ctx_params(const EVP_MAC *mac);
+ const OSSL_PARAM *EVP_MAC_settable_ctx_params(const EVP_MAC *mac);
    +
    + void EVP_MAC_do_all_provided(OPENSSL_CTX *libctx,
+                              void (*fn)(EVP_MAC *mac, void *arg),
+                              void *arg);
    +

    +

    +
    +

    DESCRIPTION

    +

    These types and functions help the application to calculate MACs of +different types and with different underlying algorithms if there are +any.

    +

    MACs are a bit complex insofar that some of them use other algorithms +for actual computation. HMAC uses a digest, and CMAC uses a cipher. +Therefore, there are sometimes two contexts to keep track of, one for +the MAC algorithm itself and one for the underlying computation +algorithm if there is one.

    +

    To make things less ambiguous, this manual talks about a "context" or +"MAC context", which is to denote the MAC level context, and about a +"underlying context", or "computation context", which is to denote the +context for the underlying computation algorithm if there is one.

    +

    +

    +

    Types

    +

    EVP_MAC is a type that holds the implementation of a MAC.

    +

    EVP_MAC_CTX is a context type that holds internal MAC information +as well as a reference to a computation context, for those MACs that +rely on an underlying computation algorithm.

    +

    +

    +

    Algorithm implementation fetching

    +

    EVP_MAC_fetch() fetches an implementation of a MAC algorithm, given +a library context libctx and a set of properties. +See provider(7)/Fetching algorithms for further information.

    +

    The returned value must eventually be freed with +EVP_MAC_free(3).

    +

    EVP_MAC_up_ref() increments the reference count of an already fetched +MAC.

    +

    EVP_MAC_free() frees a fetched algorithm. +NULL is a valid parameter, for which this function is a no-op.

    +

    +

    +

    Context manipulation functions

    +

    EVP_MAC_CTX_new() creates a new context for the MAC type mac. +The created context can then be used with most other functions +described here.

    +

    EVP_MAC_CTX_free() frees the contents of the context, including an +underlying context if there is one, as well as the context itself. +NULL is a valid parameter, for which this function is a no-op.

    +

    EVP_MAC_CTX_dup() duplicates the src context and returns a newly allocated +context.

    +

    EVP_MAC_CTX_mac() returns the EVP_MAC associated with the context +ctx.

    +

    +

    +

    Computing functions

    +

    EVP_MAC_init() sets up the underlying context with information given +through diverse controls. +This should be called before calling EVP_MAC_update() and +EVP_MAC_final().

    +

    EVP_MAC_update() adds datalen bytes from data to the MAC input.

    +

    EVP_MAC_final() does the final computation and stores the result in +the memory pointed at by out of size outsize, and sets the number +of bytes written in *outl at. +If out is NULL or outsize is too small, then no computation +is made. +To figure out what the output length will be and allocate space for it +dynamically, simply call with out being NULL and outl +pointing at a valid location, then allocate space and make a second +call with out pointing at the allocated space.

    +

    EVP_MAC_get_params() retrieves details about the implementation +mac. +The set of parameters given with params determine exactly what +parameters should be retrieved. +Note that a parameter that is unknown in the underlying context is +simply ignored.

    +

    EVP_MAC_CTX_get_params() retrieves chosen parameters, given the +context ctx and its underlying context. +The set of parameters given with params determine exactly what +parameters should be retrieved. +Note that a parameter that is unknown in the underlying context is +simply ignored.

    +

    EVP_MAC_CTX_set_params() passes chosen parameters to the underlying +context, given a context ctx. +The set of parameters given with params determine exactly what +parameters are passed down. +Note that a parameter that is unknown in the underlying context is +simply ignored. +Also, what happens when a needed parameter isn't passed down is +defined by the implementation.

    +

    EVP_MAC_gettable_params(), EVP_MAC_gettable_ctx_params() and +EVP_MAC_settable_ctx_params() get a constant OSSL_PARAM array that +describes the retrievable and settable parameters, i.e. parameters that +can be used with EVP_MAC_get_params(), EVP_MAC_CTX_get_params() +and EVP_MAC_CTX_set_params(), respectively. +See OSSL_PARAM(3) for the use of OSSL_PARAM as parameter descriptor.

    +

    +

    +

    Information functions

    +

    EVP_MAC_size() returns the MAC output size for the given context.

    +

    EVP_MAC_is_a() checks if the given mac is an implementation of an +algorithm that's identifiable with name.

    +

    EVP_MAC_provider() returns the provider that holds the implementation +of the given mac.

    +

    EVP_MAC_do_all_provided() traverses all MAC implemented by all activated +providers in the given library context libctx, and for each of the +implementations, calls the given function fn with the implementation method +and the given arg as argument.

    +

    EVP_MAC_number() returns the internal dynamic number assigned to +mac.

    +

    EVP_MAC_names_do_all() traverses all names for mac, and calls +fn with each name and data.

    +

    +

    +
    +

    PARAMETERS

    +

    Parameters are identified by name as strings, and have an expected +data type and maximum size. +OpenSSL has a set of macros for parameter names it expects to see in +its own MAC implementations. +Here, we show all three, the OpenSSL macro for the parameter name, the +name in string form, and a type description.

    +

    The standard parameter names are:

    +
    +
    "key" (OSSL_MAC_PARAM_KEY) <octet string>
    + +
    +

    Its value is the MAC key as an array of bytes.

    +

    For MACs that use an underlying computation algorithm, the algorithm +must be set first, see parameter names "algorithm" below.

    +
    +
    "iv" (OSSL_MAC_PARAM_IV) <octet string>
    + +
    +

    Some MAC implementations require an IV, this parameter sets the IV.

    +
    +
    "custom" (OSSL_MAC_PARAM_CUSTOM) <octet string>
    + +
    +

    Some MAC implementations (KMAC, BLAKE2) accept a Customization String, +this parameter sets the Customization String. The default value is the +empty string.

    +
    +
    "salt" (OSSL_MAC_PARAM_SALT) <octet string>
    + +
    +

    This option is used by BLAKE2 MAC.

    +
    +
    "xof" (OSSL_MAC_PARAM_XOF) <integer>
    + +
    +

    It's a simple flag, the value 0 or 1 are expected.

    +

    This option is used by KMAC.

    +
    +
    "flags" (OSSL_MAC_PARAM_FLAGS) <integer>
    + +
    +

    These will set the MAC flags to the given numbers. +Some MACs do not support this option.

    +
    +
    "properties" (OSSL_MAC_PARAM_PROPERTIES) <UTF8 string>
    + +
    "digest" (OSSL_MAC_PARAM_DIGEST) <UTF8 string>
    + +
    "cipher" (OSSL_MAC_PARAM_CIPHER) <UTF8 string>
    + +
    +

    For MAC implementations that use an underlying computation cipher or +digest, these parameters set what the algorithm should be.

    +

    The value is always the name of the intended algorithm, +or the properties.

    +

    Note that not all algorithms may support all digests. +HMAC does not support variable output length digests such as SHAKE128 +or SHAKE256.

    +
    +
    "size" (OSSL_MAC_PARAM_SIZE) <unsigned integer>
    + +
    +

    For MAC implementations that support it, set the output size that +EVP_MAC_final() should produce. +The allowed sizes vary between MAC implementations, but must never exceed +what can be given with a size_t.

    +
    +
    +

    All these parameters should be used before the calls to any of +EVP_MAC_init(), EVP_MAC_update() and EVP_MAC_final() for a full +computation. +Anything else may give undefined results.

    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_MAC_fetch() returns a pointer to a newly fetched EVP_MAC, or +NULL if allocation failed.

    +

    EVP_MAC_up_ref() returns 1 on success, 0 on error.

    +

    EVP_MAC_free() returns nothing at all.

    +

    EVP_MAC_is_a() returns 1 if the given method can be identified with +the given name, otherwise 0.

    +

    EVP_MAC_provider() returns a pointer to the provider for the MAC, or +NULL on error.

    +

    EVP_MAC_CTX_new() and EVP_MAC_CTX_dup() return a pointer to a newly +created EVP_MAC_CTX, or NULL if allocation failed.

    +

    EVP_MAC_CTX_free() returns nothing at all.

    +

    EVP_MAC_CTX_get_params() and EVP_MAC_CTX_set_params() return 1 on +success, 0 on error.

    +

    EVP_MAC_init(), EVP_MAC_update(), and EVP_MAC_final() return 1 on success, 0 +on error.

    +

    EVP_MAC_size() returns the expected output size, or 0 if it isn't +set. +If it isn't set, a call to EVP_MAC_init() should get it set.

    +

    EVP_MAC_do_all_provided() returns nothing at all.

    +

    +

    +
    +

    EXAMPLES

    +
    +  #include <stdlib.h>
+  #include <stdio.h>
+  #include <string.h>
+  #include <stdarg.h>
+  #include <unistd.h>
    +
    +  #include <openssl/evp.h>
+  #include <openssl/err.h>
+  #include <openssl/params.h>
    +
    +  int main() {
+      EVP_MAC *mac = EVP_MAC_fetch(NULL, getenv("MY_MAC"), NULL);
+      const char *cipher = getenv("MY_MAC_CIPHER");
+      const char *digest = getenv("MY_MAC_DIGEST");
+      const char *key = getenv("MY_KEY");
+      EVP_MAC_CTX *ctx = NULL;
    +
    +      unsigned char buf[4096];
+      ssize_t read_l;
+      size_t final_l;
    +
    +      size_t i;
    +
    +      OSSL_PARAM params[4];
+      size_t params_n = 0;
    +
    +      if (cipher != NULL)
+          params[params_n++] =
+              OSSL_PARAM_construct_utf8_string("cipher", cipher, 0, NULL);
+      if (digest != NULL)
+          params[params_n++] =
+              OSSL_PARAM_construct_utf8_string("digest", digest, 0, NULL);
+      params[params_n++] =
+          OSSL_PARAM_construct_octet_string("key", key, strlen(key), NULL);
+      params[params_n] = OSSL_PARAM_construct_end();
    +
    +      if (mac == NULL
+          || key == NULL
+          || (ctx = EVP_MAC_CTX_new(mac)) == NULL
+          || EVP_MAC_CTX_set_params(ctx, params) <= 0)
+          goto err;
    +
    +      if (!EVP_MAC_init(ctx))
+          goto err;
    +
    +      while ( (read_l = read(STDIN_FILENO, buf, sizeof(buf))) > 0) {
+          if (!EVP_MAC_update(ctx, buf, read_l))
+              goto err;
+      }
    +
    +      if (!EVP_MAC_final(ctx, buf, &final_l))
+          goto err;
    +
    +      printf("Result: ");
+      for (i = 0; i < final_l; i++)
+          printf("%02X", buf[i]);
+      printf("\n");
    +
    +      EVP_MAC_CTX_free(ctx);
+      EVP_MAC_free(mac);
+      exit(0);
    +
    +   err:
+      EVP_MAC_CTX_free(ctx);
+      EVP_MAC_free(mac);
+      fprintf(stderr, "Something went wrong\n");
+      ERR_print_errors_fp(stderr);
+      exit (1);
+  }
    +

    A run of this program, called with correct environment variables, can +look like this:

    +
    +  $ MY_MAC=cmac MY_KEY=secret0123456789 MY_MAC_CIPHER=aes-128-cbc \
+    LD_LIBRARY_PATH=. ./foo < foo.c
+  Result: C5C06683CD9DDEF904D754505C560A4E
    +

    (in this example, that program was stored in foo.c and compiled to +./foo)

    +

    +

    +
    +

    SEE ALSO

    +

    property(7) +OSSL_PARAM(3), +EVP_MAC-BLAKE2(7), +EVP_MAC-CMAC(7), +EVP_MAC-GMAC(7), +EVP_MAC-HMAC(7), +EVP_MAC-KMAC(7), +EVP_MAC-Siphash(7), +EVP_MAC-Poly1305(7)

    +

    +

    +
    +

    HISTORY

    +

    These functions were added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_MD_meth_new.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_MD_meth_new.html new file mode 100755 index 0000000..1885977 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_MD_meth_new.html @@ -0,0 +1,224 @@ + + + + +EVP_MD_meth_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_MD_meth_new, EVP_MD_meth_dup, EVP_MD_meth_free, +EVP_MD_meth_set_input_blocksize, +EVP_MD_meth_set_result_size, EVP_MD_meth_set_app_datasize, +EVP_MD_meth_set_flags, EVP_MD_meth_set_init, EVP_MD_meth_set_update, +EVP_MD_meth_set_final, EVP_MD_meth_set_copy, EVP_MD_meth_set_cleanup, +EVP_MD_meth_set_ctrl, EVP_MD_meth_get_input_blocksize, +EVP_MD_meth_get_result_size, EVP_MD_meth_get_app_datasize, +EVP_MD_meth_get_flags, EVP_MD_meth_get_init, EVP_MD_meth_get_update, +EVP_MD_meth_get_final, EVP_MD_meth_get_copy, EVP_MD_meth_get_cleanup, +EVP_MD_meth_get_ctrl +- Routines to build up legacy EVP_MD methods

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type);
+ void EVP_MD_meth_free(EVP_MD *md);
+ EVP_MD *EVP_MD_meth_dup(const EVP_MD *md);
    +
    + int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize);
+ int EVP_MD_meth_set_result_size(EVP_MD *md, int resultsize);
+ int EVP_MD_meth_set_app_datasize(EVP_MD *md, int datasize);
+ int EVP_MD_meth_set_flags(EVP_MD *md, unsigned long flags);
+ int EVP_MD_meth_set_init(EVP_MD *md, int (*init)(EVP_MD_CTX *ctx));
+ int EVP_MD_meth_set_update(EVP_MD *md, int (*update)(EVP_MD_CTX *ctx,
+                                                      const void *data,
+                                                      size_t count));
+ int EVP_MD_meth_set_final(EVP_MD *md, int (*final)(EVP_MD_CTX *ctx,
+                                                    unsigned char *md));
+ int EVP_MD_meth_set_copy(EVP_MD *md, int (*copy)(EVP_MD_CTX *to,
+                                                  const EVP_MD_CTX *from));
+ int EVP_MD_meth_set_cleanup(EVP_MD *md, int (*cleanup)(EVP_MD_CTX *ctx));
+ int EVP_MD_meth_set_ctrl(EVP_MD *md, int (*ctrl)(EVP_MD_CTX *ctx, int cmd,
+                                                  int p1, void *p2));
    +
    + int EVP_MD_meth_get_input_blocksize(const EVP_MD *md);
+ int EVP_MD_meth_get_result_size(const EVP_MD *md);
+ int EVP_MD_meth_get_app_datasize(const EVP_MD *md);
+ unsigned long EVP_MD_meth_get_flags(const EVP_MD *md);
+ int (*EVP_MD_meth_get_init(const EVP_MD *md))(EVP_MD_CTX *ctx);
+ int (*EVP_MD_meth_get_update(const EVP_MD *md))(EVP_MD_CTX *ctx,
+                                                 const void *data,
+                                                 size_t count);
+ int (*EVP_MD_meth_get_final(const EVP_MD *md))(EVP_MD_CTX *ctx,
+                                                unsigned char *md);
+ int (*EVP_MD_meth_get_copy(const EVP_MD *md))(EVP_MD_CTX *to,
+                                               const EVP_MD_CTX *from);
+ int (*EVP_MD_meth_get_cleanup(const EVP_MD *md))(EVP_MD_CTX *ctx);
+ int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd,
+                                               int p1, void *p2);
    +

    +

    +
    +

    DESCRIPTION

    +

    The EVP_MD type is a structure for digest method implementation. +It can also have associated public/private key signing and verifying +routines.

    +

    EVP_MD_meth_new() creates a new EVP_MD structure. +These EVP_MD structures are reference counted.

    +

    EVP_MD_meth_dup() creates a copy of md.

    +

    EVP_MD_meth_free() decrements the reference count for the EVP_MD structure. +If the reference count drops to 0 then the structure is freed.

    +

    EVP_MD_meth_set_input_blocksize() sets the internal input block size +for the method md to blocksize bytes.

    +

    EVP_MD_meth_set_result_size() sets the size of the result that the +digest method in md is expected to produce to resultsize bytes.

    +

    The digest method may have its own private data, which OpenSSL will +allocate for it. EVP_MD_meth_set_app_datasize() should be used to +set the size for it to datasize.

    +

    EVP_MD_meth_set_flags() sets the flags to describe optional +behaviours in the particular md. Several flags can be or'd +together. The available flags are:

    +
    +
    EVP_MD_FLAG_ONESHOT
    + +
    +

    This digest method can only handle one block of input.

    +
    +
    EVP_MD_FLAG_XOF
    + +
    +

    This digest method is an extensible-output function (XOF) and supports +the EVP_MD_CTRL_XOF_LEN control.

    +
    +
    EVP_MD_FLAG_DIGALGID_NULL
    + +
    +

    When setting up a DigestAlgorithmIdentifier, this flag will have the +parameter set to NULL by default. Use this for PKCS#1. Note: if +combined with EVP_MD_FLAG_DIGALGID_ABSENT, the latter will override.

    +
    +
    EVP_MD_FLAG_DIGALGID_ABSENT
    + +
    +

    When setting up a DigestAlgorithmIdentifier, this flag will have the +parameter be left absent by default. Note: if combined with +EVP_MD_FLAG_DIGALGID_NULL, the latter will be overridden.

    +
    +
    EVP_MD_FLAG_DIGALGID_CUSTOM
    + +
    +

    Custom DigestAlgorithmIdentifier handling via ctrl, with +EVP_MD_FLAG_DIGALGID_ABSENT as default. Note: if combined with +EVP_MD_FLAG_DIGALGID_NULL, the latter will be overridden. +Currently unused.

    +
    +
    EVP_MD_FLAG_FIPS
    + +
    +

    This digest method is suitable for use in FIPS mode. +Currently unused.

    +
    +
    +

    EVP_MD_meth_set_init() sets the digest init function for md. +The digest init function is called by EVP_Digest(), EVP_DigestInit(), +EVP_DigestInit_ex(), EVP_SignInit, EVP_SignInit_ex(), EVP_VerifyInit() +and EVP_VerifyInit_ex().

    +

    EVP_MD_meth_set_update() sets the digest update function for md. +The digest update function is called by EVP_Digest(), EVP_DigestUpdate() and +EVP_SignUpdate().

    +

    EVP_MD_meth_set_final() sets the digest final function for md. +The digest final function is called by EVP_Digest(), EVP_DigestFinal(), +EVP_DigestFinal_ex(), EVP_SignFinal() and EVP_VerifyFinal().

    +

    EVP_MD_meth_set_copy() sets the function for md to do extra +computations after the method's private data structure has been copied +from one EVP_MD_CTX to another. If all that's needed is to copy +the data, there is no need for this copy function. +Note that the copy function is passed two EVP_MD_CTX *, the private +data structure is then available with EVP_MD_CTX_md_data(). +This copy function is called by EVP_MD_CTX_copy() and +EVP_MD_CTX_copy_ex().

    +

    EVP_MD_meth_set_cleanup() sets the function for md to do extra +cleanup before the method's private data structure is cleaned out and +freed. +Note that the cleanup function is passed a EVP_MD_CTX *, the +private data structure is then available with EVP_MD_CTX_md_data(). +This cleanup function is called by EVP_MD_CTX_reset() and +EVP_MD_CTX_free().

    +

    EVP_MD_meth_set_ctrl() sets the control function for md. +See EVP_MD_CTX_ctrl(3) for the available controls.

    +

    EVP_MD_meth_get_input_blocksize(), EVP_MD_meth_get_result_size(), +EVP_MD_meth_get_app_datasize(), EVP_MD_meth_get_flags(), +EVP_MD_meth_get_init(), EVP_MD_meth_get_update(), +EVP_MD_meth_get_final(), EVP_MD_meth_get_copy(), +EVP_MD_meth_get_cleanup() and EVP_MD_meth_get_ctrl() are all used +to retrieve the method data given with the EVP_MD_meth_set_*() +functions above.

    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_MD_meth_new() and EVP_MD_meth_dup() return a pointer to a newly +created EVP_MD, or NULL on failure. +All EVP_MD_meth_set_*() functions return 1. +EVP_MD_get_input_blocksize(), EVP_MD_meth_get_result_size(), +EVP_MD_meth_get_app_datasize() and EVP_MD_meth_get_flags() return the +indicated sizes or flags. +All other EVP_CIPHER_meth_get_*() functions return pointers to their +respective md function.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_DigestInit(3), EVP_SignInit(3), EVP_VerifyInit(3)

    +

    +

    +
    +

    HISTORY

    +

    The EVP_MD structure was openly available in OpenSSL before version +1.1. +The functions described here were added in OpenSSL 1.1. +The EVP_MD structure created with these functions became reference +counted in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_OpenInit.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_OpenInit.html new file mode 100755 index 0000000..b8af13e --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_OpenInit.html @@ -0,0 +1,103 @@ + + + + +EVP_OpenInit + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_OpenInit, EVP_OpenUpdate, EVP_OpenFinal - EVP envelope decryption

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + int EVP_OpenInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char *ek,
+                  int ekl, unsigned char *iv, EVP_PKEY *priv);
+ int EVP_OpenUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                    int *outl, unsigned char *in, int inl);
+ int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
    +

    +

    +
    +

    DESCRIPTION

    +

    The EVP envelope routines are a high level interface to envelope +decryption. They decrypt a public key encrypted symmetric key and +then decrypt data using it.

    +

    EVP_OpenInit() initializes a cipher context ctx for decryption +with cipher type. It decrypts the encrypted symmetric key of length +ekl bytes passed in the ek parameter using the private key priv. +The IV is supplied in the iv parameter.

    +

    EVP_OpenUpdate() and EVP_OpenFinal() have exactly the same properties +as the EVP_DecryptUpdate() and EVP_DecryptFinal() routines, as +documented on the EVP_EncryptInit(3) manual +page.

    +

    +

    +
    +

    NOTES

    +

    It is possible to call EVP_OpenInit() twice in the same way as +EVP_DecryptInit(). The first call should have priv set to NULL +and (after setting any cipher parameters) it should be called again +with type set to NULL.

    +

    If the cipher passed in the type parameter is a variable length +cipher then the key length will be set to the value of the recovered +key length. If the cipher is a fixed length cipher then the recovered +key length must match the fixed cipher length.

    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_OpenInit() returns 0 on error or a non zero integer (actually the +recovered secret key size) if successful.

    +

    EVP_OpenUpdate() returns 1 for success or 0 for failure.

    +

    EVP_OpenFinal() returns 0 if the decrypt failed or 1 for success.

    +

    +

    +
    +

    SEE ALSO

    +

    evp(7), RAND_bytes(3), +EVP_EncryptInit(3), +EVP_SealInit(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_ASN1_METHOD.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_ASN1_METHOD.html new file mode 100755 index 0000000..181bc7c --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_ASN1_METHOD.html @@ -0,0 +1,443 @@ + + + + +EVP_PKEY_ASN1_METHOD + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    EVP_PKEY_ASN1_METHOD, +EVP_PKEY_asn1_new, +EVP_PKEY_asn1_copy, +EVP_PKEY_asn1_free, +EVP_PKEY_asn1_add0, +EVP_PKEY_asn1_add_alias, +EVP_PKEY_asn1_set_public, +EVP_PKEY_asn1_set_private, +EVP_PKEY_asn1_set_param, +EVP_PKEY_asn1_set_free, +EVP_PKEY_asn1_set_ctrl, +EVP_PKEY_asn1_set_item, +EVP_PKEY_asn1_set_siginf, +EVP_PKEY_asn1_set_check, +EVP_PKEY_asn1_set_public_check, +EVP_PKEY_asn1_set_param_check, +EVP_PKEY_asn1_set_security_bits, +EVP_PKEY_asn1_set_set_priv_key, +EVP_PKEY_asn1_set_set_pub_key, +EVP_PKEY_asn1_set_get_priv_key, +EVP_PKEY_asn1_set_get_pub_key, +EVP_PKEY_get0_asn1 +- manipulating and registering EVP_PKEY_ASN1_METHOD structure

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD;
    +
    + EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags,
+                                         const char *pem_str,
+                                         const char *info);
+ void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst,
+                         const EVP_PKEY_ASN1_METHOD *src);
+ void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth);
+ int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth);
+ int EVP_PKEY_asn1_add_alias(int to, int from);
    +
    + void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth,
+                               int (*pub_decode) (EVP_PKEY *pk,
+                                                  X509_PUBKEY *pub),
+                               int (*pub_encode) (X509_PUBKEY *pub,
+                                                  const EVP_PKEY *pk),
+                               int (*pub_cmp) (const EVP_PKEY *a,
+                                               const EVP_PKEY *b),
+                               int (*pub_print) (BIO *out,
+                                                 const EVP_PKEY *pkey,
+                                                 int indent, ASN1_PCTX *pctx),
+                               int (*pkey_size) (const EVP_PKEY *pk),
+                               int (*pkey_bits) (const EVP_PKEY *pk));
+ void EVP_PKEY_asn1_set_private(EVP_PKEY_ASN1_METHOD *ameth,
+                                int (*priv_decode) (EVP_PKEY *pk,
+                                                    const PKCS8_PRIV_KEY_INFO
+                                                    *p8inf),
+                                int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8,
+                                                    const EVP_PKEY *pk),
+                                int (*priv_print) (BIO *out,
+                                                   const EVP_PKEY *pkey,
+                                                   int indent,
+                                                   ASN1_PCTX *pctx));
+ void EVP_PKEY_asn1_set_param(EVP_PKEY_ASN1_METHOD *ameth,
+                              int (*param_decode) (EVP_PKEY *pkey,
+                                                   const unsigned char **pder,
+                                                   int derlen),
+                              int (*param_encode) (const EVP_PKEY *pkey,
+                                                   unsigned char **pder),
+                              int (*param_missing) (const EVP_PKEY *pk),
+                              int (*param_copy) (EVP_PKEY *to,
+                                                 const EVP_PKEY *from),
+                              int (*param_cmp) (const EVP_PKEY *a,
+                                                const EVP_PKEY *b),
+                              int (*param_print) (BIO *out,
+                                                  const EVP_PKEY *pkey,
+                                                  int indent,
+                                                  ASN1_PCTX *pctx));
    +
    + void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth,
+                             void (*pkey_free) (EVP_PKEY *pkey));
+ void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth,
+                             int (*pkey_ctrl) (EVP_PKEY *pkey, int op,
+                                               long arg1, void *arg2));
+ void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth,
+                             int (*item_verify) (EVP_MD_CTX *ctx,
+                                                 const ASN1_ITEM *it,
+                                                 void *asn,
+                                                 X509_ALGOR *a,
+                                                 ASN1_BIT_STRING *sig,
+                                                 EVP_PKEY *pkey),
+                             int (*item_sign) (EVP_MD_CTX *ctx,
+                                               const ASN1_ITEM *it,
+                                               void *asn,
+                                               X509_ALGOR *alg1,
+                                               X509_ALGOR *alg2,
+                                               ASN1_BIT_STRING *sig));
    +
    + void EVP_PKEY_asn1_set_siginf(EVP_PKEY_ASN1_METHOD *ameth,
+                               int (*siginf_set) (X509_SIG_INFO *siginf,
+                                                  const X509_ALGOR *alg,
+                                                  const ASN1_STRING *sig));
    +
    + void EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth,
+                              int (*pkey_check) (const EVP_PKEY *pk));
    +
    + void EVP_PKEY_asn1_set_public_check(EVP_PKEY_ASN1_METHOD *ameth,
+                                     int (*pkey_pub_check) (const EVP_PKEY *pk));
    +
    + void EVP_PKEY_asn1_set_param_check(EVP_PKEY_ASN1_METHOD *ameth,
+                                    int (*pkey_param_check) (const EVP_PKEY *pk));
    +
    + void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth,
+                                      int (*pkey_security_bits) (const EVP_PKEY
+                                                                 *pk));
    +
    + void EVP_PKEY_asn1_set_set_priv_key(EVP_PKEY_ASN1_METHOD *ameth,
+                                     int (*set_priv_key) (EVP_PKEY *pk,
+                                                          const unsigned char
+                                                             *priv,
+                                                          size_t len));
    +
    + void EVP_PKEY_asn1_set_set_pub_key(EVP_PKEY_ASN1_METHOD *ameth,
+                                    int (*set_pub_key) (EVP_PKEY *pk,
+                                                        const unsigned char *pub,
+                                                        size_t len));
    +
    + void EVP_PKEY_asn1_set_get_priv_key(EVP_PKEY_ASN1_METHOD *ameth,
+                                     int (*get_priv_key) (const EVP_PKEY *pk,
+                                                          unsigned char *priv,
+                                                          size_t *len));
    +
    + void EVP_PKEY_asn1_set_get_pub_key(EVP_PKEY_ASN1_METHOD *ameth,
+                                    int (*get_pub_key) (const EVP_PKEY *pk,
+                                                        unsigned char *pub,
+                                                        size_t *len));
    +
    + const EVP_PKEY_ASN1_METHOD *EVP_PKEY_get0_asn1(const EVP_PKEY *pkey);
    +

    +

    +
    +

    DESCRIPTION

    +

    EVP_PKEY_ASN1_METHOD is a structure which holds a set of ASN.1 +conversion, printing and information methods for a specific public key +algorithm.

    +

    There are two places where the EVP_PKEY_ASN1_METHOD objects are +stored: one is a built-in array representing the standard methods for +different algorithms, and the other one is a stack of user-defined +application-specific methods, which can be manipulated by using +EVP_PKEY_asn1_add0(3).

    +

    +

    +

    Methods

    +

    The methods are the underlying implementations of a particular public +key algorithm present by the EVP_PKEY object.

    +
    + int (*pub_decode) (EVP_PKEY *pk, X509_PUBKEY *pub);
+ int (*pub_encode) (X509_PUBKEY *pub, const EVP_PKEY *pk);
+ int (*pub_cmp) (const EVP_PKEY *a, const EVP_PKEY *b);
+ int (*pub_print) (BIO *out, const EVP_PKEY *pkey, int indent,
+                   ASN1_PCTX *pctx);
    +

    The pub_decode() and pub_encode() methods are called to decode / +encode X509_PUBKEY ASN.1 parameters to / from pk. +They MUST return 0 on error, 1 on success. +They're called by X509_PUBKEY_get0(3) and X509_PUBKEY_set(3).

    +

    The pub_cmp() method is called when two public keys are to be +compared. +It MUST return 1 when the keys are equal, 0 otherwise. +It's called by EVP_PKEY_cmp(3).

    +

    The pub_print() method is called to print a public key in humanly +readable text to out, indented indent spaces. +It MUST return 0 on error, 1 on success. +It's called by EVP_PKEY_print_public(3).

    +
    + int (*priv_decode) (EVP_PKEY *pk, const PKCS8_PRIV_KEY_INFO *p8inf);
+ int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk);
+ int (*priv_print) (BIO *out, const EVP_PKEY *pkey, int indent,
+                    ASN1_PCTX *pctx);
    +

    The priv_decode() and priv_encode() methods are called to decode / +encode PKCS8_PRIV_KEY_INFO form private key to / from pk. +They MUST return 0 on error, 1 on success. +They're called by EVP_PKCS82PKEY(3) and EVP_PKEY2PKCS8(3).

    +

    The priv_print() method is called to print a private key in humanly +readable text to out, indented indent spaces. +It MUST return 0 on error, 1 on success. +It's called by EVP_PKEY_print_private(3).

    +
    + int (*pkey_size) (const EVP_PKEY *pk);
+ int (*pkey_bits) (const EVP_PKEY *pk);
+ int (*pkey_security_bits) (const EVP_PKEY *pk);
    +

    The pkey_size() method returns the key size in bytes. +It's called by EVP_PKEY_size(3).

    +

    The pkey_bits() method returns the key size in bits. +It's called by EVP_PKEY_bits(3).

    +
    + int (*param_decode) (EVP_PKEY *pkey,
+                      const unsigned char **pder, int derlen);
+ int (*param_encode) (const EVP_PKEY *pkey, unsigned char **pder);
+ int (*param_missing) (const EVP_PKEY *pk);
+ int (*param_copy) (EVP_PKEY *to, const EVP_PKEY *from);
+ int (*param_cmp) (const EVP_PKEY *a, const EVP_PKEY *b);
+ int (*param_print) (BIO *out, const EVP_PKEY *pkey, int indent,
+                     ASN1_PCTX *pctx);
    +

    The param_decode() and param_encode() methods are called to decode / +encode DER formatted parameters to / from pk. +They MUST return 0 on error, 1 on success. +They're called by PEM_read_bio_Parameters(3) and the file: +OSSL_STORE_LOADER(3).

    +

    The param_missing() method returns 0 if a key parameter is missing, +otherwise 1. +It's called by EVP_PKEY_missing_parameters(3).

    +

    The param_copy() method copies key parameters from from to to. +It MUST return 0 on error, 1 on success. +It's called by EVP_PKEY_copy_parameters(3).

    +

    The param_cmp() method compares the parameters of keys a and b. +It MUST return 1 when the keys are equal, 0 when not equal, or a +negative number on error. +It's called by EVP_PKEY_cmp_parameters(3).

    +

    The param_print() method prints the private key parameters in humanly +readable text to out, indented indent spaces. +It MUST return 0 on error, 1 on success. +It's called by EVP_PKEY_print_params(3).

    +
    + int (*sig_print) (BIO *out,
+                   const X509_ALGOR *sigalg, const ASN1_STRING *sig,
+                   int indent, ASN1_PCTX *pctx);
    +

    The sig_print() method prints a signature in humanly readable text to +out, indented indent spaces. +sigalg contains the exact signature algorithm. +If the signature in sig doesn't correspond to what this method +expects, X509_signature_dump() must be used as a last resort. +It MUST return 0 on error, 1 on success. +It's called by X509_signature_print(3).

    +
    + void (*pkey_free) (EVP_PKEY *pkey);
    +

    The pkey_free() method helps freeing the internals of pkey. +It's called by EVP_PKEY_free(3), EVP_PKEY_set_type(3), +EVP_PKEY_set_type_str(3), and EVP_PKEY_assign(3).

    +
    + int (*pkey_ctrl) (EVP_PKEY *pkey, int op, long arg1, void *arg2);
    +

    The pkey_ctrl() method adds extra algorithm specific control. +It's called by EVP_PKEY_get_default_digest_nid(3), +EVP_PKEY_supports_digest_nid(3), +EVP_PKEY_set1_tls_encodedpoint(3), +EVP_PKEY_get1_tls_encodedpoint(3), PKCS7_SIGNER_INFO_set(3), +PKCS7_RECIP_INFO_set(3), ...

    +
    + int (*old_priv_decode) (EVP_PKEY *pkey,
+                         const unsigned char **pder, int derlen);
+ int (*old_priv_encode) (const EVP_PKEY *pkey, unsigned char **pder);
    +

    The old_priv_decode() and old_priv_encode() methods decode / encode +they private key pkey from / to a DER formatted array. +These are exclusively used to help decoding / encoding older (pre +PKCS#8) PEM formatted encrypted private keys. +old_priv_decode() MUST return 0 on error, 1 on success. +old_priv_encode() MUST the return same kind of values as +i2d_PrivateKey(). +They're called by d2i_PrivateKey(3) and i2d_PrivateKey(3).

    +
    + int (*item_verify) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
+                     X509_ALGOR *a, ASN1_BIT_STRING *sig, EVP_PKEY *pkey);
+ int (*item_sign) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
+                   X509_ALGOR *alg1, X509_ALGOR *alg2,
+                   ASN1_BIT_STRING *sig);
    +

    The item_sign() and item_verify() methods make it possible to have +algorithm specific signatures and verification of them.

    +

    item_sign() MUST return one of:

    +
    +
    <=0
    + +
    +

    error

    + +
  • +

    item_sign() did everything, OpenSSL internals just needs to pass the +signature length back.

    +
    • +
  • +

    item_sign() did nothing, OpenSSL internal standard routines are +expected to continue with the default signature production.

    +
    • +
  • +

    item_sign() set the algorithm identifier algor1 and algor2, +OpenSSL internals should just sign using those algorithms.

    +
    • +
    +

    item_verify() MUST return one of:

    +
    +
    <=0
    + +
    +

    error

    + +
  • +

    item_sign() did everything, OpenSSL internals just needs to pass the +signature length back.

    +
    • +
  • +

    item_sign() did nothing, OpenSSL internal standard routines are +expected to continue with the default signature production.

    +
    • +
    +

    item_verify() and item_sign() are called by ASN1_item_verify(3) and +ASN1_item_sign(3), and by extension, X509_verify(3), +X509_REQ_verify(3), X509_sign(3), X509_REQ_sign(3), ...

    +
    + int (*siginf_set) (X509_SIG_INFO *siginf, const X509_ALGOR *alg,
+                    const ASN1_STRING *sig);
    +

    The siginf_set() method is used to set custom X509_SIG_INFO +parameters. +It MUST return 0 on error, or 1 on success. +It's called as part of X509_check_purpose(3), X509_check_ca(3) +and X509_check_issued(3).

    +
    + int (*pkey_check) (const EVP_PKEY *pk);
+ int (*pkey_public_check) (const EVP_PKEY *pk);
+ int (*pkey_param_check) (const EVP_PKEY *pk);
    +

    The pkey_check(), pkey_public_check() and pkey_param_check() methods are used +to check the validity of pk for key-pair, public component and parameters, +respectively. +They MUST return 0 for an invalid key, or 1 for a valid key. +They are called by EVP_PKEY_check(3), EVP_PKEY_public_check(3) and +EVP_PKEY_param_check(3) respectively.

    +
    + int (*set_priv_key) (EVP_PKEY *pk, const unsigned char *priv, size_t len);
+ int (*set_pub_key) (EVP_PKEY *pk, const unsigned char *pub, size_t len);
    +

    The set_priv_key() and set_pub_key() methods are used to set the raw private and +public key data for an EVP_PKEY. They MUST return 0 on error, or 1 on success. +They are called by EVP_PKEY_new_raw_private_key(3), and +EVP_PKEY_new_raw_public_key(3) respectively.

    +
    + size_t (*dirty) (const EVP_PKEY *pk);
+ void *(*export_to) (const EVP_PKEY *pk, EVP_KEYMGMT *keymgmt);
    +

    dirty_cnt() returns the internal key's dirty count. +This can be used to synchronise different copies of the same keys.

    +

    The export_to() method exports the key material from the given key to +a provider, through the EVP_KEYMGMT(3) interface, if that provider +supports importing key material.

    +

    +

    +

    Functions

    +

    EVP_PKEY_asn1_new() creates and returns a new EVP_PKEY_ASN1_METHOD +object, and associates the given id, flags, pem_str and +info. +id is a NID, pem_str is the PEM type string, info is a +descriptive string. +The following flags are supported:

    +
    + ASN1_PKEY_SIGPARAM_NULL
    +

    If ASN1_PKEY_SIGPARAM_NULL is set, then the signature algorithm +parameters are given the type V_ASN1_NULL by default, otherwise +they will be given the type V_ASN1_UNDEF (i.e. the parameter is +omitted). +See X509_ALGOR_set0(3) for more information.

    +

    EVP_PKEY_asn1_copy() copies an EVP_PKEY_ASN1_METHOD object from +src to dst. +This function is not thread safe, it's recommended to only use this +when initializing the application.

    +

    EVP_PKEY_asn1_free() frees an existing EVP_PKEY_ASN1_METHOD pointed +by ameth.

    +

    EVP_PKEY_asn1_add0() adds ameth to the user defined stack of +methods unless another EVP_PKEY_ASN1_METHOD with the same NID is +already there. +This function is not thread safe, it's recommended to only use this +when initializing the application.

    +

    EVP_PKEY_asn1_add_alias() creates an alias with the NID to for the +EVP_PKEY_ASN1_METHOD with NID from unless another +EVP_PKEY_ASN1_METHOD with the same NID is already added. +This function is not thread safe, it's recommended to only use this +when initializing the application.

    +

    EVP_PKEY_asn1_set_public(), EVP_PKEY_asn1_set_private(), +EVP_PKEY_asn1_set_param(), EVP_PKEY_asn1_set_free(), +EVP_PKEY_asn1_set_ctrl(), EVP_PKEY_asn1_set_item(), +EVP_PKEY_asn1_set_siginf(), EVP_PKEY_asn1_set_check(), +EVP_PKEY_asn1_set_public_check(), EVP_PKEY_asn1_set_param_check(), +EVP_PKEY_asn1_set_security_bits(), EVP_PKEY_asn1_set_set_priv_key(), +EVP_PKEY_asn1_set_set_pub_key(), EVP_PKEY_asn1_set_get_priv_key() and +EVP_PKEY_asn1_set_get_pub_key() set the diverse methods of the given +EVP_PKEY_ASN1_METHOD object.

    +

    EVP_PKEY_get0_asn1() finds the EVP_PKEY_ASN1_METHOD associated +with the key pkey.

    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_PKEY_asn1_new() returns NULL on error, or a pointer to an +EVP_PKEY_ASN1_METHOD object otherwise.

    +

    EVP_PKEY_asn1_add0() and EVP_PKEY_asn1_add_alias() return 0 on error, +or 1 on success.

    +

    EVP_PKEY_get0_asn1() returns NULL on error, or a pointer to a constant +EVP_PKEY_ASN1_METHOD object otherwise.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_CTX_ctrl.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_CTX_ctrl.html new file mode 100755 index 0000000..af3083f --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_CTX_ctrl.html @@ -0,0 +1,630 @@ + + + + +EVP_PKEY_CTX_ctrl + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_PKEY_CTX_get_params, +EVP_PKEY_CTX_gettable_params, +EVP_PKEY_CTX_set_params, +EVP_PKEY_CTX_settable_params, +EVP_PKEY_CTX_ctrl, +EVP_PKEY_CTX_ctrl_str, +EVP_PKEY_CTX_ctrl_uint64, +EVP_PKEY_CTX_md, +EVP_PKEY_CTX_set_signature_md, +EVP_PKEY_CTX_get_signature_md, +EVP_PKEY_CTX_set_mac_key, +EVP_PKEY_CTX_set_rsa_padding, +EVP_PKEY_CTX_get_rsa_padding, +EVP_PKEY_CTX_set_rsa_pss_saltlen, +EVP_PKEY_CTX_get_rsa_pss_saltlen, +EVP_PKEY_CTX_set_rsa_keygen_bits, +EVP_PKEY_CTX_set_rsa_keygen_pubexp, +EVP_PKEY_CTX_set_rsa_keygen_primes, +EVP_PKEY_CTX_set_rsa_mgf1_md_name, +EVP_PKEY_CTX_set_rsa_mgf1_md, +EVP_PKEY_CTX_get_rsa_mgf1_md, +EVP_PKEY_CTX_get_rsa_mgf1_md_name, +EVP_PKEY_CTX_set_rsa_oaep_md_name, +EVP_PKEY_CTX_set_rsa_oaep_md, +EVP_PKEY_CTX_get_rsa_oaep_md, +EVP_PKEY_CTX_get_rsa_oaep_md_name, +EVP_PKEY_CTX_set0_rsa_oaep_label, +EVP_PKEY_CTX_get0_rsa_oaep_label, +EVP_PKEY_CTX_set_dsa_paramgen_bits, +EVP_PKEY_CTX_set_dsa_paramgen_q_bits, +EVP_PKEY_CTX_set_dsa_paramgen_md, +EVP_PKEY_CTX_set_dh_paramgen_prime_len, +EVP_PKEY_CTX_set_dh_paramgen_subprime_len, +EVP_PKEY_CTX_set_dh_paramgen_generator, +EVP_PKEY_CTX_set_dh_paramgen_type, +EVP_PKEY_CTX_set_dh_rfc5114, +EVP_PKEY_CTX_set_dhx_rfc5114, +EVP_PKEY_CTX_set_dh_pad, +EVP_PKEY_CTX_set_dh_nid, +EVP_PKEY_CTX_set_dh_kdf_type, +EVP_PKEY_CTX_get_dh_kdf_type, +EVP_PKEY_CTX_set0_dh_kdf_oid, +EVP_PKEY_CTX_get0_dh_kdf_oid, +EVP_PKEY_CTX_set_dh_kdf_md, +EVP_PKEY_CTX_get_dh_kdf_md, +EVP_PKEY_CTX_set_dh_kdf_outlen, +EVP_PKEY_CTX_get_dh_kdf_outlen, +EVP_PKEY_CTX_set0_dh_kdf_ukm, +EVP_PKEY_CTX_get0_dh_kdf_ukm, +EVP_PKEY_CTX_set_ec_paramgen_curve_nid, +EVP_PKEY_CTX_set_ec_param_enc, +EVP_PKEY_CTX_set_ecdh_cofactor_mode, +EVP_PKEY_CTX_get_ecdh_cofactor_mode, +EVP_PKEY_CTX_set_ecdh_kdf_type, +EVP_PKEY_CTX_get_ecdh_kdf_type, +EVP_PKEY_CTX_set_ecdh_kdf_md, +EVP_PKEY_CTX_get_ecdh_kdf_md, +EVP_PKEY_CTX_set_ecdh_kdf_outlen, +EVP_PKEY_CTX_get_ecdh_kdf_outlen, +EVP_PKEY_CTX_set0_ecdh_kdf_ukm, +EVP_PKEY_CTX_get0_ecdh_kdf_ukm, +EVP_PKEY_CTX_set1_id, EVP_PKEY_CTX_get1_id, EVP_PKEY_CTX_get1_id_len +- algorithm specific control operations

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + int EVP_PKEY_CTX_get_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params);
+ const OSSL_PARAM *EVP_PKEY_CTX_gettable_params(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_CTX_set_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params);
+ const OSSL_PARAM *EVP_PKEY_CTX_settable_params(EVP_PKEY_CTX *ctx);
    +
    + int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype,
+                       int cmd, int p1, void *p2);
+ int EVP_PKEY_CTX_ctrl_uint64(EVP_PKEY_CTX *ctx, int keytype, int optype,
+                              int cmd, uint64_t value);
+ int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
+                           const char *value);
    +
    + int EVP_PKEY_CTX_md(EVP_PKEY_CTX *ctx, int optype, int cmd, const char *md);
    +
    + int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
+ int EVP_PKEY_CTX_get_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD **pmd);
    +
    + int EVP_PKEY_CTX_set_mac_key(EVP_PKEY_CTX *ctx, const unsigned char *key,
+                              int len);
    +
    + #include <openssl/rsa.h>
    +
    + int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int pad);
+ int EVP_PKEY_CTX_get_rsa_padding(EVP_PKEY_CTX *ctx, int *pad);
+ int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int saltlen);
+ int EVP_PKEY_CTX_get_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int *saltlen);
+ int EVP_PKEY_CTX_set_rsa_keygen_bits(EVP_PKEY_CTX *ctx, int mbits);
+ int EVP_PKEY_CTX_set_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *pubexp);
+ int EVP_PKEY_CTX_set_rsa_keygen_primes(EVP_PKEY_CTX *ctx, int primes);
+ int EVP_PKEY_CTX_set_rsa_mgf1_md_name(EVP_PKEY_CTX *ctx, const char *mdname,
+                                     const char *mdprops);
+ int EVP_PKEY_CTX_set_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
+ int EVP_PKEY_CTX_get_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD **md);
+ int EVP_PKEY_CTX_get_rsa_mgf1_md_name(EVP_PKEY_CTX *ctx, char *name,
+                                       size_t namelen);
+ int EVP_PKEY_CTX_set_rsa_oaep_md_name(EVP_PKEY_CTX *ctx, const char *mdname,
+                                       const char *mdprops);
+ int EVP_PKEY_CTX_set_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
+ int EVP_PKEY_CTX_get_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD **md);
+ int EVP_PKEY_CTX_get_rsa_oaep_md_name(EVP_PKEY_CTX *ctx, char *name,
+                                       size_t namelen)
+ int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char *label, int len);
+ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
    +
    + #include <openssl/dsa.h>
    +
    + int EVP_PKEY_CTX_set_dsa_paramgen_bits(EVP_PKEY_CTX *ctx, int nbits);
+ int EVP_PKEY_CTX_set_dsa_paramgen_q_bits(EVP_PKEY_CTX *ctx, int qbits);
+ int EVP_PKEY_CTX_set_dsa_paramgen_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
    +
    + #include <openssl/dh.h>
    +
    + int EVP_PKEY_CTX_set_dh_paramgen_prime_len(EVP_PKEY_CTX *ctx, int len);
+ int EVP_PKEY_CTX_set_dh_paramgen_subprime_len(EVP_PKEY_CTX *ctx, int len);
+ int EVP_PKEY_CTX_set_dh_paramgen_generator(EVP_PKEY_CTX *ctx, int gen);
+ int EVP_PKEY_CTX_set_dh_paramgen_type(EVP_PKEY_CTX *ctx, int type);
+ int EVP_PKEY_CTX_set_dh_pad(EVP_PKEY_CTX *ctx, int pad);
+ int EVP_PKEY_CTX_set_dh_nid(EVP_PKEY_CTX *ctx, int nid);
+ int EVP_PKEY_CTX_set_dh_rfc5114(EVP_PKEY_CTX *ctx, int rfc5114);
+ int EVP_PKEY_CTX_set_dhx_rfc5114(EVP_PKEY_CTX *ctx, int rfc5114);
+ int EVP_PKEY_CTX_set_dh_kdf_type(EVP_PKEY_CTX *ctx, int kdf);
+ int EVP_PKEY_CTX_get_dh_kdf_type(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_CTX_set0_dh_kdf_oid(EVP_PKEY_CTX *ctx, ASN1_OBJECT *oid);
+ int EVP_PKEY_CTX_get0_dh_kdf_oid(EVP_PKEY_CTX *ctx, ASN1_OBJECT **oid);
+ int EVP_PKEY_CTX_set_dh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
+ int EVP_PKEY_CTX_get_dh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD **md);
+ int EVP_PKEY_CTX_set_dh_kdf_outlen(EVP_PKEY_CTX *ctx, int len);
+ int EVP_PKEY_CTX_get_dh_kdf_outlen(EVP_PKEY_CTX *ctx, int *len);
+ int EVP_PKEY_CTX_set0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char *ukm, int len);
+ int EVP_PKEY_CTX_get0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm);
    +
    + #include <openssl/ec.h>
    +
    + int EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx, int nid);
+ int EVP_PKEY_CTX_set_ec_param_enc(EVP_PKEY_CTX *ctx, int param_enc);
+ int EVP_PKEY_CTX_set_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx, int cofactor_mode);
+ int EVP_PKEY_CTX_get_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_CTX_set_ecdh_kdf_type(EVP_PKEY_CTX *ctx, int kdf);
+ int EVP_PKEY_CTX_get_ecdh_kdf_type(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_CTX_set_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
+ int EVP_PKEY_CTX_get_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD **md);
+ int EVP_PKEY_CTX_set_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int len);
+ int EVP_PKEY_CTX_get_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int *len);
+ int EVP_PKEY_CTX_set0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char *ukm, int len);
+ int EVP_PKEY_CTX_get0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm);
    +
    + int EVP_PKEY_CTX_set1_id(EVP_PKEY_CTX *ctx, void *id, size_t id_len);
+ int EVP_PKEY_CTX_get1_id(EVP_PKEY_CTX *ctx, void *id);
+ int EVP_PKEY_CTX_get1_id_len(EVP_PKEY_CTX *ctx, size_t *id_len);
    +

    +

    +
    +

    DESCRIPTION

    +

    The EVP_PKEY_CTX_get_params() and EVP_PKEY_CTX_set_params() functions get and +send arbitrary parameters from and to the algorithm implementation respectively. +Not all parameters may be supported by all providers. +See OSSL_PROVIDER(3) for more information on providers. +See OSSL_PARAM(3) for more information on parameters. +These functions must only be called after the EVP_PKEY_CTX has been initialised +for use in an operation.

    +

    The parameters currently supported by the default provider are:

    +
    +
    "pad" (OSSL_EXCHANGE_PARAM_PAD) <unsigned integer>
    + +
    +

    Sets the DH padding mode. +If OSSL_EXCHANGE_PARAM_PAD is 1 then the shared secret is padded with zeros +up to the size of the DH prime p. +If OSSL_EXCHANGE_PARAM_PAD is zero (the default) then no padding is +performed.

    +
    +
    "digest" (OSSL_SIGNATURE_PARAM_DIGEST) <UTF8 string>
    + +
    +

    Gets and sets the name of the digest algorithm used for the input to the +signature functions.

    +
    +
    "digest-size" (OSSL_SIGNATURE_PARAM_DIGEST_SIZE) <unsigned integer>
    + +
    +

    Gets and sets the output size of the digest algorithm used for the input to the +signature functions. +The length of the "digest-size" parameter should not exceed that of a size_t. +The internal algorithm that supports this parameter is DSA.

    +
    +
    +

    EVP_PKEY_CTX_gettable_params() and EVP_PKEY_CTX_settable_params() gets a +constant OSSL_PARAM array that describes the gettable and +settable parameters for the current algorithm implementation, i.e. parameters +that can be used with EVP_PKEY_CTX_get_params() and EVP_PKEY_CTX_set_params() +respectively. +See OSSL_PARAM(3) for the use of OSSL_PARAM as parameter descriptor. +These functions must only be called after the EVP_PKEY_CTX has been initialised +for use in an operation.

    +

    The function EVP_PKEY_CTX_ctrl() sends a control operation to the context +ctx. The key type used must match keytype if it is not -1. The parameter +optype is a mask indicating which operations the control can be applied to. +The control command is indicated in cmd and any additional arguments in +p1 and p2.

    +

    For cmd = EVP_PKEY_CTRL_SET_MAC_KEY, p1 is the length of the MAC key, +and p2 is the MAC key. This is used by Poly1305, SipHash, HMAC and CMAC.

    +

    Applications will not normally call EVP_PKEY_CTX_ctrl() directly but will +instead call one of the algorithm specific macros below.

    +

    The function EVP_PKEY_CTX_ctrl_uint64() is a wrapper that directly passes a +uint64 value as p2 to EVP_PKEY_CTX_ctrl().

    +

    The function EVP_PKEY_CTX_ctrl_str() allows an application to send an algorithm +specific control operation to a context ctx in string form. This is +intended to be used for options specified on the command line or in text +files. The commands supported are documented in the openssl utility +command line pages for the option -pkeyopt which is supported by the +pkeyutl, genpkey and req commands.

    +

    The function EVP_PKEY_CTX_md() sends a message digest control operation +to the context ctx. The message digest is specified by its name md.

    +

    The EVP_PKEY_CTX_set_signature_md() function sets the message digest type used +in a signature. It can be used in the RSA, DSA and ECDSA algorithms.

    +

    The EVP_PKEY_CTX_get_signature_md() function gets the message digest type used +in a signature. It can be used in the RSA, DSA and ECDSA algorithms.

    +

    All the remaining "functions" are implemented as macros.

    +

    Key generation typically involves setting up parameters to be used and +generating the private and public key data. Some algorithm implementations +allow private key data to be set explicitly using the EVP_PKEY_CTX_set_mac_key() +macro. In this case key generation is simply the process of setting up the +parameters for the key and then setting the raw key data to the value explicitly +provided by that macro. Normally applications would call +EVP_PKEY_new_raw_private_key(3) or similar functions instead of this macro.

    +

    The EVP_PKEY_CTX_set_mac_key() macro can be used with any of the algorithms +supported by the EVP_PKEY_new_raw_private_key(3) function.

    +

    +

    +

    RSA parameters

    +

    The EVP_PKEY_CTX_set_rsa_padding() function sets the RSA padding mode for ctx. +The pad parameter can take the value RSA_PKCS1_PADDING for PKCS#1 +padding, RSA_SSLV23_PADDING for SSLv23 padding, RSA_NO_PADDING for +no padding, RSA_PKCS1_OAEP_PADDING for OAEP padding (encrypt and +decrypt only), RSA_X931_PADDING for X9.31 padding (signature operations +only), RSA_PKCS1_PSS_PADDING (sign and verify only) and +RSA_PKCS1_WITH_TLS_PADDING for TLS RSA ClientKeyExchange message padding +(decryption only).

    +

    Two RSA padding modes behave differently if EVP_PKEY_CTX_set_signature_md() +is used. If this macro is called for PKCS#1 padding the plaintext buffer is +an actual digest value and is encapsulated in a DigestInfo structure according +to PKCS#1 when signing and this structure is expected (and stripped off) when +verifying. If this control is not used with RSA and PKCS#1 padding then the +supplied data is used directly and not encapsulated. In the case of X9.31 +padding for RSA the algorithm identifier byte is added or checked and removed +if this control is called. If it is not called then the first byte of the plaintext +buffer is expected to be the algorithm identifier byte.

    +

    The EVP_PKEY_CTX_get_rsa_padding() function gets the RSA padding mode for ctx.

    +

    The EVP_PKEY_CTX_set_rsa_pss_saltlen() function sets the RSA PSS salt +length to saltlen. As its name implies it is only supported for PSS +padding. If this function is not called then the maximum salt length +is used when signing and auto detection when verifying. Three special +values are supported:

    +
    +
    RSA_PSS_SALTLEN_DIGEST
    + +
    +

    sets the salt length to the digest length.

    +
    +
    RSA_PSS_SALTLEN_MAX
    + +
    +

    sets the salt length to the maximum permissible value.

    +
    +
    RSA_PSS_SALTLEN_AUTO
    + +
    +

    causes the salt length to be automatically determined based on the +PSS block structure when verifying. When signing, it has the same +meaning as RSA_PSS_SALTLEN_MAX.

    +
    +
    +

    The EVP_PKEY_CTX_get_rsa_pss_saltlen() function gets the RSA PSS salt length +for ctx. The padding mode must already have been set to +RSA_PKCS1_PSS_PADDING.

    +

    The EVP_PKEY_CTX_set_rsa_keygen_bits() macro sets the RSA key length for +RSA key generation to bits. If not specified 2048 bits is used.

    +

    The EVP_PKEY_CTX_set_rsa_keygen_pubexp() macro sets the public exponent value +for RSA key generation to pubexp. Currently it should be an odd integer. The +pubexp pointer is used internally by this function so it should not be +modified or freed after the call. If not specified 65537 is used.

    +

    The EVP_PKEY_CTX_set_rsa_keygen_primes() macro sets the number of primes for +RSA key generation to primes. If not specified 2 is used.

    +

    The EVP_PKEY_CTX_set_rsa_mgf1_md_name() function sets the MGF1 digest for RSA +padding schemes to the digest named mdname. If the RSA algorithm +implementation for the selected provider supports it then the digest will be +fetched using the properties mdprops. If not explicitly set the signing +digest is used. The padding mode must have been set to RSA_PKCS1_OAEP_PADDING +or RSA_PKCS1_PSS_PADDING.

    +

    The EVP_PKEY_CTX_set_rsa_mgf1_md() function does the same as +EVP_PKEY_CTX_set_rsa_mgf1_md_name() except that the name of the digest is +inferred from the supplied md and it is not possible to specify any +properties.

    +

    The EVP_PKEY_CTX_get_rsa_mgf1_md_name() function gets the name of the MGF1 +digest algorithm for ctx. If not explicitly set the signing digest is used. +The padding mode must have been set to RSA_PKCS1_OAEP_PADDING or +RSA_PKCS1_PSS_PADDING.

    +

    The EVP_PKEY_CTX_get_rsa_mgf1_md() function does the same as +EVP_PKEY_CTX_get_rsa_mgf1_md_name() except that it returns a pointer to an +EVP_MD object instead. Note that only known, built-in EVP_MD objects will be +returned. The EVP_MD object may be NULL if the digest is not one of these (such +as a digest only implemented in a third party provider).

    +

    The EVP_PKEY_CTX_set_rsa_oaep_md_name() function sets the message digest type +used in RSA OAEP to the digest named mdname. If the RSA algorithm +implementation for the selected provider supports it then the digest will be +fetched using the properties mdprops. The padding mode must have been set to +RSA_PKCS1_OAEP_PADDING.

    +

    The EVP_PKEY_CTX_set_rsa_oaep_md() function does the same as +EVP_PKEY_CTX_set_rsa_oaep_md_name() except that the name of the digest is +inferred from the supplied md and it is not possible to specify any +properties.

    +

    The EVP_PKEY_CTX_get_rsa_oaep_md_name() function gets the message digest +algorithm name used in RSA OAEP and stores it in the buffer name which is of +size namelen. The padding mode must have been set to +RSA_PKCS1_OAEP_PADDING. The buffer should be sufficiently large for any +expected digest algorithm names or the function will fail.

    +

    The EVP_PKEY_CTX_get_rsa_oaep_md() function does the same as +EVP_PKEY_CTX_get_rsa_oaep_md_name() except that it returns a pointer to an +EVP_MD object instead. Note that only known, built-in EVP_MD objects will be +returned. The EVP_MD object may be NULL if the digest is not one of these (such +as a digest only implemented in a third party provider).

    +

    The EVP_PKEY_CTX_set0_rsa_oaep_label() function sets the RSA OAEP label to +label and its length to len. If label is NULL or len is 0, +the label is cleared. The library takes ownership of the label so the +caller should not free the original memory pointed to by label. +The padding mode must have been set to RSA_PKCS1_OAEP_PADDING.

    +

    The EVP_PKEY_CTX_get0_rsa_oaep_label() function gets the RSA OAEP label to +label. The return value is the label length. The padding mode +must have been set to RSA_PKCS1_OAEP_PADDING. The resulting pointer is owned +by the library and should not be freed by the caller.

    +

    RSA_PKCS1_WITH_TLS_PADDING is used when decrypting an RSA encrypted TLS +pre-master secret in a TLS ClientKeyExchange message. It is the same as +RSA_PKCS1_PADDING except that it additionally verifies that the result is the +correct length and the first two bytes are the protocol version initially +requested by the client. If the encrypted content is publicly invalid then the +decryption will fail. However, if the padding checks fail then decryption will +still appear to succeed but a random TLS premaster secret will be returned +instead. This padding mode accepts two parameters which can be set using the +EVP_PKEY_CTX_set_params(3) function. These are +OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION and +OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION, both of which are expected to be +unsigned integers. Normally only the first of these will be set and represents +the TLS protocol version that was first requested by the client (e.g. 0x0303 for +TLSv1.2, 0x0302 for TLSv1.1 etc). Historically some buggy clients would use the +negotiated protocol version instead of the protocol version first requested. If +this behaviour should be tolerated then +OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION should be set to the actual +negotiated protocol version. Otherwise it should be left unset.

    +

    +

    +

    DSA parameters

    +

    The EVP_PKEY_CTX_set_dsa_paramgen_bits() macro sets the number of bits used +for DSA parameter generation to nbits. If not specified, 2048 is used.

    +

    The EVP_PKEY_CTX_set_dsa_paramgen_q_bits() macro sets the number of bits in the +subprime parameter q for DSA parameter generation to qbits. If not +specified, 224 is used. If a digest function is specified below, this parameter +is ignored and instead, the number of bits in q matches the size of the +digest.

    +

    The EVP_PKEY_CTX_set_dsa_paramgen_md() macro sets the digest function used for +DSA parameter generation to md. If not specified, one of SHA-1, SHA-224, or +SHA-256 is selected to match the bit length of q above.

    +

    +

    +

    DH parameters

    +

    The EVP_PKEY_CTX_set_dh_paramgen_prime_len() macro sets the length of the DH +prime parameter p for DH parameter generation. If this macro is not called +then 2048 is used. Only accepts lengths greater than or equal to 256.

    +

    The EVP_PKEY_CTX_set_dh_paramgen_subprime_len() macro sets the length of the DH +optional subprime parameter q for DH parameter generation. The default is +256 if the prime is at least 2048 bits long or 160 otherwise. The DH +paramgen type must have been set to DH_PARAMGEN_TYPE_FIPS_186_2 or +DH_PARAMGEN_TYPE_FIPS_186_4.

    +

    The EVP_PKEY_CTX_set_dh_paramgen_generator() macro sets DH generator to gen +for DH parameter generation. If not specified 2 is used.

    +

    The EVP_PKEY_CTX_set_dh_paramgen_type() macro sets the key type for DH +parameter generation. The supported parameters are:

    +
    +
    DH_PARAMGEN_TYPE_GENERATOR
    + +
    +

    Uses a generator g (PKCS#3 format).

    +
    +
    DH_PARAMGEN_TYPE_FIPS_186_2
    + +
    +

    FIPS186-2 FFC parameter generator (X9.42 DH).

    +
    +
    DH_PARAMGEN_TYPE_FIPS_186_4
    + +
    +

    FIPS186-4 FFC parameter generator.

    +
    +
    +

    The default is DH_PARAMGEN_TYPE_GENERATOR.

    +

    The EVP_PKEY_CTX_set_dh_pad() function sets the DH padding mode. +If pad is 1 the shared secret is padded with zeros up to the size of the DH +prime p. +If pad is zero (the default) then no padding is performed.

    +

    EVP_PKEY_CTX_set_dh_nid() sets the DH parameters to values corresponding to +nid as defined in RFC7919 or RFC3526. The nid parameter must be +NID_ffdhe2048, NID_ffdhe3072, NID_ffdhe4096, NID_ffdhe6144, +NID_ffdhe8192, NID_modp_1536, NID_modp_2048, NID_modp_3072, +NID_modp_4096, NID_modp_6144, NID_modp_8192 or NID_undef to clear +the stored value. This macro can be called during parameter or key generation. +The nid parameter and the rfc5114 parameter are mutually exclusive.

    +

    The EVP_PKEY_CTX_set_dh_rfc5114() and EVP_PKEY_CTX_set_dhx_rfc5114() macros are +synonymous. They set the DH parameters to the values defined in RFC5114. The +rfc5114 parameter must be 1, 2 or 3 corresponding to RFC5114 sections +2.1, 2.2 and 2.3. or 0 to clear the stored value. This macro can be called +during parameter generation. The ctx must have a key type of +EVP_PKEY_DHX. +The rfc5114 parameter and the nid parameter are mutually exclusive.

    +

    +

    +

    DH key derivation function parameters

    +

    Note that all of the following functions require that the ctx parameter has +a private key type of EVP_PKEY_DHX. When using key derivation, the output of +EVP_PKEY_derive() is the output of the KDF instead of the DH shared secret. +The KDF output is typically used as a Key Encryption Key (KEK) that in turn +encrypts a Content Encryption Key (CEK).

    +

    The EVP_PKEY_CTX_set_dh_kdf_type() macro sets the key derivation function type +to kdf for DH key derivation. Possible values are EVP_PKEY_DH_KDF_NONE +and EVP_PKEY_DH_KDF_X9_42 which uses the key derivation specified in RFC2631 +(based on the keying algorithm described in X9.42). When using key derivation, +the kdf_oid, kdf_md and kdf_outlen parameters must also be specified.

    +

    The EVP_PKEY_CTX_get_dh_kdf_type() macro gets the key derivation function type +for ctx used for DH key derivation. Possible values are EVP_PKEY_DH_KDF_NONE +and EVP_PKEY_DH_KDF_X9_42.

    +

    The EVP_PKEY_CTX_set0_dh_kdf_oid() macro sets the key derivation function +object identifier to oid for DH key derivation. This OID should identify +the algorithm to be used with the Content Encryption Key. +The library takes ownership of the object identifier so the caller should not +free the original memory pointed to by oid.

    +

    The EVP_PKEY_CTX_get0_dh_kdf_oid() macro gets the key derivation function oid +for ctx used for DH key derivation. The resulting pointer is owned by the +library and should not be freed by the caller.

    +

    The EVP_PKEY_CTX_set_dh_kdf_md() macro sets the key derivation function +message digest to md for DH key derivation. Note that RFC2631 specifies +that this digest should be SHA1 but OpenSSL tolerates other digests.

    +

    The EVP_PKEY_CTX_get_dh_kdf_md() macro gets the key derivation function +message digest for ctx used for DH key derivation.

    +

    The EVP_PKEY_CTX_set_dh_kdf_outlen() macro sets the key derivation function +output length to len for DH key derivation.

    +

    The EVP_PKEY_CTX_get_dh_kdf_outlen() macro gets the key derivation function +output length for ctx used for DH key derivation.

    +

    The EVP_PKEY_CTX_set0_dh_kdf_ukm() macro sets the user key material to +ukm and its length to len for DH key derivation. This parameter is optional +and corresponds to the partyAInfo field in RFC2631 terms. The specification +requires that it is 512 bits long but this is not enforced by OpenSSL. +The library takes ownership of the user key material so the caller should not +free the original memory pointed to by ukm.

    +

    The EVP_PKEY_CTX_get0_dh_kdf_ukm() macro gets the user key material for ctx. +The return value is the user key material length. The resulting pointer is owned +by the library and should not be freed by the caller.

    +

    +

    +

    EC parameters

    +

    The EVP_PKEY_CTX_set_ec_paramgen_curve_nid() sets the EC curve for EC parameter +generation to nid. For EC parameter generation this macro must be called +or an error occurs because there is no default curve. +This function can also be called to set the curve explicitly when +generating an EC key.

    +

    The EVP_PKEY_CTX_set_ec_param_enc() macro sets the EC parameter encoding to +param_enc when generating EC parameters or an EC key. The encoding can be +OPENSSL_EC_EXPLICIT_CURVE for explicit parameters (the default in versions +of OpenSSL before 1.1.0) or OPENSSL_EC_NAMED_CURVE to use named curve form. +For maximum compatibility the named curve form should be used. Note: the +OPENSSL_EC_NAMED_CURVE value was added in OpenSSL 1.1.0; previous +versions should use 0 instead.

    +

    +

    +

    ECDH parameters

    +

    The EVP_PKEY_CTX_set_ecdh_cofactor_mode() macro sets the cofactor mode to +cofactor_mode for ECDH key derivation. Possible values are 1 to enable +cofactor key derivation, 0 to disable it and -1 to clear the stored cofactor +mode and fallback to the private key cofactor mode.

    +

    The EVP_PKEY_CTX_get_ecdh_cofactor_mode() macro returns the cofactor mode for +ctx used for ECDH key derivation. Possible values are 1 when cofactor key +derivation is enabled and 0 otherwise.

    +

    +

    +

    ECDH key derivation function parameters

    +

    The EVP_PKEY_CTX_set_ecdh_kdf_type() macro sets the key derivation function type +to kdf for ECDH key derivation. Possible values are EVP_PKEY_ECDH_KDF_NONE +and EVP_PKEY_ECDH_KDF_X9_63 which uses the key derivation specified in X9.63. +When using key derivation, the kdf_md and kdf_outlen parameters must +also be specified.

    +

    The EVP_PKEY_CTX_get_ecdh_kdf_type() macro returns the key derivation function +type for ctx used for ECDH key derivation. Possible values are +EVP_PKEY_ECDH_KDF_NONE and EVP_PKEY_ECDH_KDF_X9_63.

    +

    The EVP_PKEY_CTX_set_ecdh_kdf_md() macro sets the key derivation function +message digest to md for ECDH key derivation. Note that X9.63 specifies +that this digest should be SHA1 but OpenSSL tolerates other digests.

    +

    The EVP_PKEY_CTX_get_ecdh_kdf_md() macro gets the key derivation function +message digest for ctx used for ECDH key derivation.

    +

    The EVP_PKEY_CTX_set_ecdh_kdf_outlen() macro sets the key derivation function +output length to len for ECDH key derivation.

    +

    The EVP_PKEY_CTX_get_ecdh_kdf_outlen() macro gets the key derivation function +output length for ctx used for ECDH key derivation.

    +

    The EVP_PKEY_CTX_set0_ecdh_kdf_ukm() macro sets the user key material to ukm +for ECDH key derivation. This parameter is optional and corresponds to the +shared info in X9.63 terms. The library takes ownership of the user key material +so the caller should not free the original memory pointed to by ukm.

    +

    The EVP_PKEY_CTX_get0_ecdh_kdf_ukm() macro gets the user key material for ctx. +The return value is the user key material length. The resulting pointer is owned +by the library and should not be freed by the caller.

    +

    +

    +

    Other parameters

    +

    The EVP_PKEY_CTX_set1_id(), EVP_PKEY_CTX_get1_id() and EVP_PKEY_CTX_get1_id_len() +macros are used to manipulate the special identifier field for specific signature +algorithms such as SM2. The EVP_PKEY_CTX_set1_id() sets an ID pointed by id with +the length id_len to the library. The library takes a copy of the id so that +the caller can safely free the original memory pointed to by id. The +EVP_PKEY_CTX_get1_id_len() macro returns the length of the ID set via a previous +call to EVP_PKEY_CTX_set1_id(). The length is usually used to allocate adequate +memory for further calls to EVP_PKEY_CTX_get1_id(). The EVP_PKEY_CTX_get1_id() +macro returns the previously set ID value to caller in id. The caller should +allocate adequate memory space for the id before calling EVP_PKEY_CTX_get1_id().

    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_PKEY_CTX_set_params() returns 1 for success or 0 otherwise. +EVP_PKEY_CTX_settable_params() returns an OSSL_PARAM array on success or NULL on +error. +It may also return NULL if there are no settable parameters available.

    +

    All other functions and macros described on this page return a positive value +for success and 0 or a negative value for failure. In particular a return value +of -2 indicates the operation is not supported by the public key algorithm.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_PKEY_CTX_new(3), +EVP_PKEY_encrypt(3), +EVP_PKEY_decrypt(3), +EVP_PKEY_sign(3), +EVP_PKEY_verify(3), +EVP_PKEY_verify_recover(3), +EVP_PKEY_derive(3), +EVP_PKEY_keygen(3)

    +

    +

    +
    +

    HISTORY

    +

    EVP_PKEY_CTX_get_signature_md(), EVP_PKEY_CTX_set_signature_md(), +EVP_PKEY_CTX_set_dh_pad(), EVP_PKEY_CTX_set_rsa_padding(), +EVP_PKEY_CTX_get_rsa_padding(), EVP_PKEY_CTX_get_rsa_mgf1_md(), +EVP_PKEY_CTX_set_rsa_mgf1_md(), EVP_PKEY_CTX_set_rsa_oaep_md(), +EVP_PKEY_CTX_get_rsa_oaep_md(), EVP_PKEY_CTX_set0_rsa_oaep_label(), +EVP_PKEY_CTX_get0_rsa_oaep_label(), EVP_PKEY_CTX_set_rsa_pss_saltlen(), +EVP_PKEY_CTX_get_rsa_pss_saltlen(), were macros in OpenSSL 1.1.1 and below. +From OpenSSL 3.0 they are functions.

    +

    EVP_PKEY_CTX_get_rsa_oaep_md_name(), EVP_PKEY_CTX_get_rsa_mgf1_md_name(), +EVP_PKEY_CTX_set_rsa_mgf1_md_name() and EVP_PKEY_CTX_set_rsa_oaep_md_name() were +added in OpenSSL 3.0.

    +

    The EVP_PKEY_CTX_set1_id(), EVP_PKEY_CTX_get1_id() and +EVP_PKEY_CTX_get1_id_len() macros were added in 1.1.1, other functions were +added in OpenSSL 1.0.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_CTX_new.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_CTX_new.html new file mode 100755 index 0000000..a4cf383 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_CTX_new.html @@ -0,0 +1,132 @@ + + + + +EVP_PKEY_CTX_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_PKEY_CTX_new, EVP_PKEY_CTX_new_id, EVP_PKEY_CTX_new_from_name, +EVP_PKEY_CTX_new_from_pkey, EVP_PKEY_CTX_dup, EVP_PKEY_CTX_free +- public key algorithm context functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e);
+ EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e);
+ EVP_PKEY_CTX *EVP_PKEY_CTX_new_from_name(OPENSSL_CTX *libctx,
+                                          const char *name,
+                                          const char *propquery);
+ EVP_PKEY_CTX *EVP_PKEY_CTX_new_from_pkey(OPENSSL_CTX *libctx,
+                                          EVP_PKEY *pkey);
+ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *ctx);
+ void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    The EVP_PKEY_CTX_new() function allocates public key algorithm context using +the pkey key type and ENGINE e.

    +

    The EVP_PKEY_CTX_new_id() function allocates public key algorithm context +using the key type specified by id and ENGINE e.

    +

    The EVP_PKEY_CTX_new_from_name() function allocates a public key algorithm +context using the library context libctx (see OPENSSL_CTX(3)), the +key type specified by name and the property query propquery. None +of the arguments are duplicated, so they must remain unchanged for the +lifetime of the returned EVP_PKEY_CTX or of any of its duplicates.

    +

    The EVP_PKEY_CTX_new_from_pkey() function allocates a public key algorithm +context using the library context libctx (see OPENSSL_CTX(3)) and the +algorithm specified by pkey and the property query propquery. None of the +arguments are duplicated, so they must remain unchanged for the lifetime of the +returned EVP_PKEY_CTX or any of its duplicates.

    +

    EVP_PKEY_CTX_new_id() and EVP_PKEY_CTX_new_from_name() are normally +used when no EVP_PKEY structure is associated with the operations, +for example during parameter generation or key generation for some +algorithms.

    +

    EVP_PKEY_CTX_dup() duplicates the context ctx.

    +

    EVP_PKEY_CTX_free() frees up the context ctx. +If ctx is NULL, nothing is done.

    +

    +

    +
    +

    NOTES

    +
      +
    1. +

      The EVP_PKEY_CTX structure is an opaque public key algorithm context used +by the OpenSSL high level public key API. Contexts MUST NOT be shared between +threads: that is it is not permissible to use the same context simultaneously +in two threads.

      +
      2. +
    2. +

      We mention "key type" in this manual, which is the same +as "algorithm" in most cases, allowing either term to be used +interchangeably. There are algorithms where the key type and the +algorithm of the operations that use the keys are not the same, +such as EC keys being used for ECDSA and ECDH operations.

      +
      3. +
    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_PKEY_CTX_new(), EVP_PKEY_CTX_new_id(), EVP_PKEY_CTX_dup() returns either +the newly allocated EVP_PKEY_CTX structure of NULL if an error occurred.

    +

    EVP_PKEY_CTX_free() does not return a value.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_PKEY_new(3)

    +

    +

    +
    +

    HISTORY

    +

    The EVP_PKEY_CTX_new(), EVP_PKEY_CTX_new_id(), EVP_PKEY_CTX_dup() and +EVP_PKEY_CTX_free() functions were added in OpenSSL 1.0.0.

    +

    The EVP_PKEY_CTX_new_from_name() and EVP_PKEY_CTX_new_from_pkey() functions were +added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_CTX_set1_pbe_pass.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_CTX_set1_pbe_pass.html new file mode 100755 index 0000000..9216111 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_CTX_set1_pbe_pass.html @@ -0,0 +1,94 @@ + + + + +EVP_PKEY_CTX_set1_pbe_pass + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_PKEY_CTX_set1_pbe_pass +- generic KDF support functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/kdf.h>
    +
    + int EVP_PKEY_CTX_set1_pbe_pass(EVP_PKEY_CTX *pctx, unsigned char *pass,
+                                int passlen);
    +

    +

    +
    +

    DESCRIPTION

    +

    These functions are generic support functions for all KDF algorithms.

    +

    EVP_PKEY_CTX_set1_pbe_pass() sets the password to the passlen first +bytes from pass.

    +

    +

    +
    +

    STRING CTRLS

    +

    There is also support for string based control operations via +EVP_PKEY_CTX_ctrl_str(3). +The password can be directly specified using the type parameter +"pass" or given in hex encoding using the "hexpass" parameter.

    +

    +

    +
    +

    NOTES

    +

    All these functions are implemented as macros.

    +

    +

    +
    +

    RETURN VALUES

    +

    All these functions return 1 for success and 0 or a negative value for failure. +In particular a return value of -2 indicates the operation is not supported by +the public key algorithm.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_PKEY_CTX_new(3), +EVP_PKEY_CTX_ctrl_str(3), +EVP_PKEY_derive(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_CTX_set_hkdf_md.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_CTX_set_hkdf_md.html new file mode 100755 index 0000000..072ebf9 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_CTX_set_hkdf_md.html @@ -0,0 +1,200 @@ + + + + +EVP_PKEY_CTX_set_hkdf_md + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_PKEY_CTX_set_hkdf_md, EVP_PKEY_CTX_set1_hkdf_salt, +EVP_PKEY_CTX_set1_hkdf_key, EVP_PKEY_CTX_add1_hkdf_info, +EVP_PKEY_CTX_hkdf_mode - +HMAC-based Extract-and-Expand key derivation algorithm

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/kdf.h>
    +
    + int EVP_PKEY_CTX_hkdf_mode(EVP_PKEY_CTX *pctx, int mode);
    +
    + int EVP_PKEY_CTX_set_hkdf_md(EVP_PKEY_CTX *pctx, const EVP_MD *md);
    +
    + int EVP_PKEY_CTX_set1_hkdf_salt(EVP_PKEY_CTX *pctx, unsigned char *salt,
+                                 int saltlen);
    +
    + int EVP_PKEY_CTX_set1_hkdf_key(EVP_PKEY_CTX *pctx, unsigned char *key,
+                                int keylen);
    +
    + int EVP_PKEY_CTX_add1_hkdf_info(EVP_PKEY_CTX *pctx, unsigned char *info,
+                                 int infolen);
    +

    +

    +
    +

    DESCRIPTION

    +

    The EVP_PKEY_HKDF algorithm implements the HKDF key derivation function. +HKDF follows the "extract-then-expand" paradigm, where the KDF logically +consists of two modules. The first stage takes the input keying material +and "extracts" from it a fixed-length pseudorandom key K. The second stage +"expands" the key K into several additional pseudorandom keys (the output +of the KDF).

    +

    EVP_PKEY_CTX_hkdf_mode() sets the mode for the HKDF operation. There are three +modes that are currently defined:

    +
    +
    EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND
    + +
    +

    This is the default mode. Calling EVP_PKEY_derive(3) on an EVP_PKEY_CTX set +up for HKDF will perform an extract followed by an expand operation in one go. +The derived key returned will be the result after the expand operation. The +intermediate fixed-length pseudorandom key K is not returned.

    +

    In this mode the digest, key, salt and info values must be set before a key is +derived or an error occurs.

    +
    +
    EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY
    + +
    +

    In this mode calling EVP_PKEY_derive(3) will just perform the extract +operation. The value returned will be the intermediate fixed-length pseudorandom +key K.

    +

    The digest, key and salt values must be set before a key is derived or an +error occurs.

    +
    +
    EVP_PKEY_HKDEF_MODE_EXPAND_ONLY
    + +
    +

    In this mode calling EVP_PKEY_derive(3) will just perform the expand +operation. The input key should be set to the intermediate fixed-length +pseudorandom key K returned from a previous extract operation.

    +

    The digest, key and info values must be set before a key is derived or an +error occurs.

    +
    +
    +

    EVP_PKEY_CTX_set_hkdf_md() sets the message digest associated with the HKDF.

    +

    EVP_PKEY_CTX_set1_hkdf_salt() sets the salt to saltlen bytes of the +buffer salt. Any existing value is replaced.

    +

    EVP_PKEY_CTX_set1_hkdf_key() sets the key to keylen bytes of the buffer +key. Any existing value is replaced.

    +

    EVP_PKEY_CTX_add1_hkdf_info() sets the info value to infolen bytes of the +buffer info. If a value is already set, it is appended to the existing +value.

    +

    +

    +
    +

    STRING CTRLS

    +

    HKDF also supports string based control operations via +EVP_PKEY_CTX_ctrl_str(3). +The type parameter "md" uses the supplied value as the name of the digest +algorithm to use. +The type parameter "mode" uses the values "EXTRACT_AND_EXPAND", +"EXTRACT_ONLY" and "EXPAND_ONLY" to determine the mode to use. +The type parameters "salt", "key" and "info" use the supplied value +parameter as a seed, key or info value. +The names "hexsalt", "hexkey" and "hexinfo" are similar except they take a hex +string which is converted to binary.

    +

    +

    +
    +

    NOTES

    +

    All these functions are implemented as macros.

    +

    A context for HKDF can be obtained by calling:

    +
    + EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
    +

    The total length of the info buffer cannot exceed 1024 bytes in length: this +should be more than enough for any normal use of HKDF.

    +

    The output length of an HKDF expand operation is specified via the length +parameter to the EVP_PKEY_derive(3) function. +Since the HKDF output length is variable, passing a NULL buffer as a means +to obtain the requisite length is not meaningful with HKDF in any mode that +performs an expand operation. Instead, the caller must allocate a buffer of the +desired length, and pass that buffer to EVP_PKEY_derive(3) along with (a +pointer initialized to) the desired length. Passing a NULL buffer to obtain +the length is allowed when using EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY.

    +

    Optimised versions of HKDF can be implemented in an ENGINE.

    +

    +

    +
    +

    RETURN VALUES

    +

    All these functions return 1 for success and 0 or a negative value for failure. +In particular a return value of -2 indicates the operation is not supported by +the public key algorithm.

    +

    +

    +
    +

    EXAMPLES

    +

    This example derives 10 bytes using SHA-256 with the secret key "secret", +salt value "salt" and info value "label":

    +
    + EVP_PKEY_CTX *pctx;
+ unsigned char out[10];
+ size_t outlen = sizeof(out);
+ pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
    +
    + if (EVP_PKEY_derive_init(pctx) <= 0)
+     /* Error */
+ if (EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()) <= 0)
+     /* Error */
+ if (EVP_PKEY_CTX_set1_hkdf_salt(pctx, "salt", 4) <= 0)
+     /* Error */
+ if (EVP_PKEY_CTX_set1_hkdf_key(pctx, "secret", 6) <= 0)
+     /* Error */
+ if (EVP_PKEY_CTX_add1_hkdf_info(pctx, "label", 5) <= 0)
+     /* Error */
+ if (EVP_PKEY_derive(pctx, out, &outlen) <= 0)
+     /* Error */
    +

    +

    +
    +

    CONFORMING TO

    +

    RFC 5869

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_PKEY_CTX_new(3), +EVP_PKEY_CTX_ctrl_str(3), +EVP_PKEY_derive(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.html new file mode 100755 index 0000000..442ce71 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.html @@ -0,0 +1,133 @@ + + + + +EVP_PKEY_CTX_set_rsa_pss_keygen_md + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_PKEY_CTX_set_rsa_pss_keygen_md, +EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md, +EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen +- EVP_PKEY RSA-PSS algorithm support functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/rsa.h>
    +
    + int EVP_PKEY_CTX_set_rsa_pss_keygen_md(EVP_PKEY_CTX *pctx,
+                                        const EVP_MD *md);
+ int EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(EVP_PKEY_CTX *pctx,
+                                             const EVP_MD *md);
+ int EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(EVP_PKEY_CTX *pctx,
+                                             int saltlen);
    +

    +

    +
    +

    DESCRIPTION

    +

    These are the functions that implement RSA-PSS(7).

    +

    +

    +

    Signing and Verification

    +

    The macro EVP_PKEY_CTX_set_rsa_padding() is supported but an error is +returned if an attempt is made to set the padding mode to anything other +than PSS. It is otherwise similar to the RSA version.

    +

    The EVP_PKEY_CTX_set_rsa_pss_saltlen() macro is used to set the salt length. +If the key has usage restrictions then an error is returned if an attempt is +made to set the salt length below the minimum value. It is otherwise similar +to the RSA operation except detection of the salt length (using +RSA_PSS_SALTLEN_AUTO) is not supported for verification if the key has +usage restrictions.

    +

    The EVP_PKEY_CTX_set_signature_md(3) and EVP_PKEY_CTX_set_rsa_mgf1_md(3) +fuunctions are used to set the digest and MGF1 algorithms respectively. If the +key has usage restrictions then an error is returned if an attempt is made to +set the digest to anything other than the restricted value. Otherwise these are +similar to the RSA versions.

    +

    +

    +

    Key Generation

    +

    As with RSA key generation the EVP_PKEY_CTX_set_rsa_keygen_bits() +and EVP_PKEY_CTX_set_rsa_keygen_pubexp() macros are supported for RSA-PSS: +they have exactly the same meaning as for the RSA algorithm.

    +

    Optional parameter restrictions can be specified when generating a PSS key. +If any restrictions are set (using the macros described below) then all +parameters are restricted. For example, setting a minimum salt length also +restricts the digest and MGF1 algorithms. If any restrictions are in place +then they are reflected in the corresponding parameters of the public key +when (for example) a certificate request is signed.

    +

    EVP_PKEY_CTX_set_rsa_pss_keygen_md() restricts the digest algorithm the +generated key can use to md.

    +

    EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md() restricts the MGF1 algorithm the +generated key can use to md.

    +

    EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen() restricts the minimum salt length +to saltlen.

    +

    +

    +
    +

    NOTES

    +

    A context for the RSA-PSS algorithm can be obtained by calling:

    +
    + EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA_PSS, NULL);
    +

    +

    +
    +

    RETURN VALUES

    +

    All these functions return 1 for success and 0 or a negative value for failure. +In particular a return value of -2 indicates the operation is not supported by +the public key algorithm.

    +

    +

    +
    +

    SEE ALSO

    +

    RSA-PSS(7), +EVP_PKEY_CTX_new(3), +EVP_PKEY_CTX_ctrl_str(3), +EVP_PKEY_derive(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_CTX_set_scrypt_N.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_CTX_set_scrypt_N.html new file mode 100755 index 0000000..7f6c25b --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_CTX_set_scrypt_N.html @@ -0,0 +1,125 @@ + + + + +EVP_PKEY_CTX_set_scrypt_N + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_PKEY_CTX_set1_scrypt_salt, +EVP_PKEY_CTX_set_scrypt_N, +EVP_PKEY_CTX_set_scrypt_r, +EVP_PKEY_CTX_set_scrypt_p, +EVP_PKEY_CTX_set_scrypt_maxmem_bytes +- EVP_PKEY scrypt KDF support functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/kdf.h>
    +
    + int EVP_PKEY_CTX_set1_scrypt_salt(EVP_PKEY_CTX *pctx, unsigned char *salt,
+                                   int saltlen);
    +
    + int EVP_PKEY_CTX_set_scrypt_N(EVP_PKEY_CTX *pctx, uint64_t N);
    +
    + int EVP_PKEY_CTX_set_scrypt_r(EVP_PKEY_CTX *pctx, uint64_t r);
    +
    + int EVP_PKEY_CTX_set_scrypt_p(EVP_PKEY_CTX *pctx, uint64_t p);
    +
    + int EVP_PKEY_CTX_set_scrypt_maxmem_bytes(EVP_PKEY_CTX *pctx,
+                                          uint64_t maxmem);
    +

    +

    +
    +

    DESCRIPTION

    +

    These functions are used to set up the necessary data to use the +scrypt KDF. +For more information on scrypt, see EVP_KDF-SCRYPT(7).

    +

    EVP_PKEY_CTX_set1_scrypt_salt() sets the saltlen bytes long salt +value.

    +

    EVP_PKEY_CTX_set_scrypt_N(), EVP_PKEY_CTX_set_scrypt_r() and +EVP_PKEY_CTX_set_scrypt_p() configure the work factors N, r and p.

    +

    EVP_PKEY_CTX_set_scrypt_maxmem_bytes() sets how much RAM key +derivation may maximally use, given in bytes. +If RAM is exceeded because the load factors are chosen too high, the +key derivation will fail.

    +

    +

    +
    +

    STRING CTRLS

    +

    scrypt also supports string based control operations via +EVP_PKEY_CTX_ctrl_str(3). +Similarly, the salt can either be specified using the type +parameter "salt" or in hex encoding by using the "hexsalt" parameter. +The work factors N, r and p as well as maxmem_bytes can be +set by using the parameters "N", "r", "p" and "maxmem_bytes", +respectively.

    +

    +

    +
    +

    NOTES

    +

    There is a newer generic API for KDFs, EVP_KDF(3), which is +preferred over the EVP_PKEY method.

    +

    The scrypt KDF also uses EVP_PKEY_CTX_set1_pbe_pass() as well as +the value from the string controls "pass" and "hexpass". +See EVP_PKEY_CTX_set1_pbe_pass(3).

    +

    All the functions described here are implemented as macros.

    +

    +

    +
    +

    RETURN VALUES

    +

    All these functions return 1 for success and 0 or a negative value for +failure. +In particular a return value of -2 indicates the operation is not +supported by the public key algorithm.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_KDF(3) +EVP_PKEY_CTX_new(3), +EVP_PKEY_CTX_ctrl_str(3), +EVP_PKEY_derive(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_CTX_set_tls1_prf_md.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_CTX_set_tls1_prf_md.html new file mode 100755 index 0000000..1771392 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_CTX_set_tls1_prf_md.html @@ -0,0 +1,144 @@ + + + + +EVP_PKEY_CTX_set_tls1_prf_md + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_PKEY_CTX_set_tls1_prf_md, +EVP_PKEY_CTX_set1_tls1_prf_secret, EVP_PKEY_CTX_add1_tls1_prf_seed - +TLS PRF key derivation algorithm

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/kdf.h>
    +
    + int EVP_PKEY_CTX_set_tls1_prf_md(EVP_PKEY_CTX *pctx, const EVP_MD *md);
+ int EVP_PKEY_CTX_set1_tls1_prf_secret(EVP_PKEY_CTX *pctx,
+                                       unsigned char *sec, int seclen);
+ int EVP_PKEY_CTX_add1_tls1_prf_seed(EVP_PKEY_CTX *pctx,
+                                     unsigned char *seed, int seedlen);
    +

    +

    +
    +

    DESCRIPTION

    +

    The EVP_PKEY_TLS1_PRF algorithm implements the PRF key derivation function for +TLS. It has no associated private key and only implements key derivation +using EVP_PKEY_derive(3).

    +

    EVP_PKEY_set_tls1_prf_md() sets the message digest associated with the +TLS PRF. EVP_md5_sha1() is treated as a special case which uses the PRF +algorithm using both MD5 and SHA1 as used in TLS 1.0 and 1.1.

    +

    EVP_PKEY_CTX_set_tls1_prf_secret() sets the secret value of the TLS PRF +to seclen bytes of the buffer sec. Any existing secret value is replaced +and any seed is reset.

    +

    EVP_PKEY_CTX_add1_tls1_prf_seed() sets the seed to seedlen bytes of seed. +If a seed is already set it is appended to the existing value.

    +

    +

    +
    +

    STRING CTRLS

    +

    The TLS PRF also supports string based control operations using +EVP_PKEY_CTX_ctrl_str(3). +The type parameter "md" uses the supplied value as the name of the digest +algorithm to use. +The type parameters "secret" and "seed" use the supplied value parameter +as a secret or seed value. +The names "hexsecret" and "hexseed" are similar except they take a hex string +which is converted to binary.

    +

    +

    +
    +

    NOTES

    +

    All these functions are implemented as macros.

    +

    A context for the TLS PRF can be obtained by calling:

    +
    + EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL);
    +

    The digest, secret value and seed must be set before a key is derived or an +error occurs.

    +

    The total length of all seeds cannot exceed 1024 bytes in length: this should +be more than enough for any normal use of the TLS PRF.

    +

    The output length of the PRF is specified by the length parameter in the +EVP_PKEY_derive() function. Since the output length is variable, setting +the buffer to NULL is not meaningful for the TLS PRF.

    +

    Optimised versions of the TLS PRF can be implemented in an ENGINE.

    +

    +

    +
    +

    RETURN VALUES

    +

    All these functions return 1 for success and 0 or a negative value for failure. +In particular a return value of -2 indicates the operation is not supported by +the public key algorithm.

    +

    +

    +
    +

    EXAMPLES

    +

    This example derives 10 bytes using SHA-256 with the secret key "secret" +and seed value "seed":

    +
    + EVP_PKEY_CTX *pctx;
+ unsigned char out[10];
+ size_t outlen = sizeof(out);
    +
    + pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL);
+ if (EVP_PKEY_derive_init(pctx) <= 0)
+     /* Error */
+ if (EVP_PKEY_CTX_set_tls1_prf_md(pctx, EVP_sha256()) <= 0)
+     /* Error */
+ if (EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, "secret", 6) <= 0)
+     /* Error */
+ if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, "seed", 4) <= 0)
+     /* Error */
+ if (EVP_PKEY_derive(pctx, out, &outlen) <= 0)
+     /* Error */
    +

    +

    +
    +

    SEE ALSO

    +

    EVP_PKEY_CTX_new(3), +EVP_PKEY_CTX_ctrl_str(3), +EVP_PKEY_derive(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_asn1_get_count.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_asn1_get_count.html new file mode 100755 index 0000000..c85ccef --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_asn1_get_count.html @@ -0,0 +1,110 @@ + + + + +EVP_PKEY_asn1_get_count + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_PKEY_asn1_find, +EVP_PKEY_asn1_find_str, +EVP_PKEY_asn1_get_count, +EVP_PKEY_asn1_get0, +EVP_PKEY_asn1_get0_info +- enumerate public key ASN.1 methods

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + int EVP_PKEY_asn1_get_count(void);
+ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx);
+ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type);
+ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe,
+                                                    const char *str, int len);
+ int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *pkey_base_id,
+                             int *ppkey_flags, const char **pinfo,
+                             const char **ppem_str,
+                             const EVP_PKEY_ASN1_METHOD *ameth);
    +

    +

    +
    +

    DESCRIPTION

    +

    EVP_PKEY_asn1_count() returns a count of the number of public key +ASN.1 methods available: it includes standard methods and any methods +added by the application.

    +

    EVP_PKEY_asn1_get0() returns the public key ASN.1 method idx. +The value of idx must be between zero and EVP_PKEY_asn1_get_count() +- 1.

    +

    EVP_PKEY_asn1_find() looks up the EVP_PKEY_ASN1_METHOD with NID +type. +If pe isn't NULL, then it will look up an engine implementing a +EVP_PKEY_ASN1_METHOD for the NID type and return that instead, +and also set *pe to point at the engine that implements it.

    +

    EVP_PKEY_asn1_find_str() looks up the EVP_PKEY_ASN1_METHOD with PEM +type string str. +Just like EVP_PKEY_asn1_find(), if pe isn't NULL, then it will +look up an engine implementing a EVP_PKEY_ASN1_METHOD for the NID +type and return that instead, and also set *pe to point at the +engine that implements it.

    +

    EVP_PKEY_asn1_get0_info() returns the public key ID, base public key +ID (both NIDs), any flags, the method description and PEM type string +associated with the public key ASN.1 method *ameth.

    +

    EVP_PKEY_asn1_count(), EVP_PKEY_asn1_get0(), EVP_PKEY_asn1_find() and +EVP_PKEY_asn1_find_str() are not thread safe, but as long as all +EVP_PKEY_ASN1_METHOD objects are added before the application gets +threaded, using them is safe. See EVP_PKEY_asn1_add0(3).

    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_PKEY_asn1_count() returns the number of available public key methods.

    +

    EVP_PKEY_asn1_get0() return a public key method or NULL if idx is +out of range.

    +

    EVP_PKEY_asn1_get0_info() returns 0 on failure, 1 on success.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_PKEY_asn1_new(3), EVP_PKEY_asn1_add0(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_check.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_check.html new file mode 100755 index 0000000..3d061eb --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_check.html @@ -0,0 +1,108 @@ + + + + +EVP_PKEY_check + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_PKEY_check, EVP_PKEY_param_check, EVP_PKEY_public_check, +EVP_PKEY_private_check, EVP_PKEY_pairwise_check +- key and parameter validation functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + int EVP_PKEY_check(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_private_check(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_pairwise_check(EVP_PKEY_CTX *ctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    EVP_PKEY_param_check() validates the parameters component of the key +given by ctx.

    +

    EVP_PKEY_public_check() validates the public component of the key given by ctx.

    +

    EVP_PKEY_private_check() validates the private component of the key given by ctx.

    +

    EVP_PKEY_pairwise_check() validates that the public and private components have +the correct mathematical relationship to each other for the key given by ctx.

    +

    EVP_PKEY_check() validates all components of a key given by ctx.

    +

    +

    +
    +

    NOTES

    +

    Refer to SP800-56A and SP800-56B for rules relating to when these functions +should be called during key establishment. +It is not necessary to call these functions after locally calling an approved key +generation method, but may be required for assurance purposes when receiving +keys from a third party.

    +

    In OpenSSL an EVP_PKEY structure containing a private key also contains the +public key components and parameters (if any). An OpenSSL private key is +equivalent to what some libraries call a "key pair". A private key can be used +in functions which require the use of a public key or parameters.

    +

    +

    +
    +

    RETURN VALUES

    +

    All functions return 1 for success or others for failure. +They return -2 if the operation is not supported for the specific algorithm.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_PKEY_CTX_new(3), +EVP_PKEY_fromdata(3),

    +

    +

    +
    +

    HISTORY

    +

    EVP_PKEY_check(), EVP_PKEY_public_check() and EVP_PKEY_param_check() were added +in OpenSSL 1.1.1.

    +

    EVP_PKEY_private_check() and EVP_PKEY_pairwise_check() were added +in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_cmp.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_cmp.html new file mode 100755 index 0000000..d170a85 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_cmp.html @@ -0,0 +1,106 @@ + + + + +EVP_PKEY_cmp + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_PKEY_copy_parameters, EVP_PKEY_missing_parameters, EVP_PKEY_cmp_parameters, +EVP_PKEY_cmp - public key parameter and comparison functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey);
+ int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from);
    +
    + int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b);
+ int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b);
    +

    +

    +
    +

    DESCRIPTION

    +

    The function EVP_PKEY_missing_parameters() returns 1 if the public key +parameters of pkey are missing and 0 if they are present or the algorithm +doesn't use parameters.

    +

    The function EVP_PKEY_copy_parameters() copies the parameters from key +from to key to. An error is returned if the parameters are missing in +from or present in both from and to and mismatch. If the parameters +in from and to are both present and match this function has no effect.

    +

    The function EVP_PKEY_cmp_parameters() compares the parameters of keys +a and b.

    +

    The function EVP_PKEY_cmp() compares the public key components and parameters +(if present) of keys a and b.

    +

    +

    +
    +

    NOTES

    +

    The main purpose of the functions EVP_PKEY_missing_parameters() and +EVP_PKEY_copy_parameters() is to handle public keys in certificates where the +parameters are sometimes omitted from a public key if they are inherited from +the CA that signed it.

    +

    Since OpenSSL private keys contain public key components too the function +EVP_PKEY_cmp() can also be used to determine if a private key matches +a public key.

    +

    +

    +
    +

    RETURN VALUES

    +

    The function EVP_PKEY_missing_parameters() returns 1 if the public key +parameters of pkey are missing and 0 if they are present or the algorithm +doesn't use parameters.

    +

    These functions EVP_PKEY_copy_parameters() returns 1 for success and 0 for +failure.

    +

    The function EVP_PKEY_cmp_parameters() and EVP_PKEY_cmp() return 1 if the +keys match, 0 if they don't match, -1 if the key types are different and +-2 if the operation is not supported.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_PKEY_CTX_new(3), +EVP_PKEY_keygen(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_decrypt.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_decrypt.html new file mode 100755 index 0000000..e82ced5 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_decrypt.html @@ -0,0 +1,146 @@ + + + + +EVP_PKEY_decrypt + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_PKEY_decrypt_init, EVP_PKEY_decrypt - decrypt using a public key algorithm

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx,
+                      unsigned char *out, size_t *outlen,
+                      const unsigned char *in, size_t inlen);
    +

    +

    +
    +

    DESCRIPTION

    +

    The EVP_PKEY_decrypt_init() function initializes a public key algorithm +context using key pkey for a decryption operation.

    +

    The EVP_PKEY_decrypt() function performs a public key decryption operation +using ctx. The data to be decrypted is specified using the in and +inlen parameters. If out is NULL then the maximum size of the output +buffer is written to the outlen parameter. If out is not NULL then +before the call the outlen parameter should contain the length of the +out buffer, if the call is successful the decrypted data is written to +out and the amount of data written to outlen.

    +

    +

    +
    +

    NOTES

    +

    After the call to EVP_PKEY_decrypt_init() algorithm specific control +operations can be performed to set any appropriate parameters for the +operation.

    +

    The function EVP_PKEY_decrypt() can be called more than once on the same +context if several operations are performed using the same parameters.

    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_PKEY_decrypt_init() and EVP_PKEY_decrypt() return 1 for success and 0 +or a negative value for failure. In particular a return value of -2 +indicates the operation is not supported by the public key algorithm.

    +

    +

    +
    +

    EXAMPLES

    +

    Decrypt data using OAEP (for RSA keys):

    +
    + #include <openssl/evp.h>
+ #include <openssl/rsa.h>
    +
    + EVP_PKEY_CTX *ctx;
+ ENGINE *eng;
+ unsigned char *out, *in;
+ size_t outlen, inlen;
+ EVP_PKEY *key;
    +
    + /*
+  * NB: assumes key, eng, in, inlen are already set up
+  * and that key is an RSA private key
+  */
+ ctx = EVP_PKEY_CTX_new(key, eng);
+ if (!ctx)
+     /* Error occurred */
+ if (EVP_PKEY_decrypt_init(ctx) <= 0)
+     /* Error */
+ if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_OAEP_PADDING) <= 0)
+     /* Error */
    +
    + /* Determine buffer length */
+ if (EVP_PKEY_decrypt(ctx, NULL, &outlen, in, inlen) <= 0)
+     /* Error */
    +
    + out = OPENSSL_malloc(outlen);
    +
    + if (!out)
+     /* malloc failure */
    +
    + if (EVP_PKEY_decrypt(ctx, out, &outlen, in, inlen) <= 0)
+     /* Error */
    +
    + /* Decrypted data is outlen bytes written to buffer out */
    +

    +

    +
    +

    SEE ALSO

    +

    EVP_PKEY_CTX_new(3), +EVP_PKEY_encrypt(3), +EVP_PKEY_sign(3), +EVP_PKEY_verify(3), +EVP_PKEY_verify_recover(3), +EVP_PKEY_derive(3)

    +

    +

    +
    +

    HISTORY

    +

    These functions were added in OpenSSL 1.0.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_derive.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_derive.html new file mode 100755 index 0000000..cd8fa45 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_derive.html @@ -0,0 +1,149 @@ + + + + +EVP_PKEY_derive + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_PKEY_derive_init, EVP_PKEY_derive_set_peer, EVP_PKEY_derive +- derive public key algorithm shared secret

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer);
+ int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
    +

    +

    +
    +

    DESCRIPTION

    +

    EVP_PKEY_derive_init() initializes a public key algorithm context ctx for +shared secret derivation using the algorithm given when the context was created +using EVP_PKEY_CTX_new(3) or variants thereof. The algorithm is used to +fetch a EVP_KEYEXCH method implicitly, see provider(7)/Implicit fetch for +more information about implict fetches.

    +

    EVP_PKEY_derive_set_peer() sets the peer key: this will normally +be a public key.

    +

    EVP_PKEY_derive() derives a shared secret using ctx. +If key is NULL then the maximum size of the output buffer is written to the +keylen parameter. If key is not NULL then before the call the keylen +parameter should contain the length of the key buffer, if the call is +successful the shared secret is written to key and the amount of data +written to keylen.

    +

    +

    +
    +

    NOTES

    +

    After the call to EVP_PKEY_derive_init(), algorithm +specific control operations can be performed to set any appropriate parameters +for the operation.

    +

    The function EVP_PKEY_derive() can be called more than once on the same +context if several operations are performed using the same parameters.

    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_PKEY_derive_init() and EVP_PKEY_derive() return 1 +for success and 0 or a negative value for failure. +In particular a return value of -2 indicates the operation is not supported by +the public key algorithm.

    +

    +

    +
    +

    EXAMPLES

    +

    Derive shared secret (for example DH or EC keys):

    +
    + #include <openssl/evp.h>
+ #include <openssl/rsa.h>
    +
    + EVP_PKEY_CTX *ctx;
+ ENGINE *eng;
+ unsigned char *skey;
+ size_t skeylen;
+ EVP_PKEY *pkey, *peerkey;
+ /* NB: assumes pkey, eng, peerkey have been already set up */
    +
    + ctx = EVP_PKEY_CTX_new(pkey, eng);
+ if (!ctx)
+     /* Error occurred */
+ if (EVP_PKEY_derive_init(ctx) <= 0)
+     /* Error */
+ if (EVP_PKEY_derive_set_peer(ctx, peerkey) <= 0)
+     /* Error */
    +
    + /* Determine buffer length */
+ if (EVP_PKEY_derive(ctx, NULL, &skeylen) <= 0)
+     /* Error */
    +
    + skey = OPENSSL_malloc(skeylen);
    +
    + if (!skey)
+     /* malloc failure */
    +
    + if (EVP_PKEY_derive(ctx, skey, &skeylen) <= 0)
+     /* Error */
    +
    + /* Shared secret is skey bytes written to buffer skey */
    +

    +

    +
    +

    SEE ALSO

    +

    EVP_PKEY_CTX_new(3), +EVP_PKEY_encrypt(3), +EVP_PKEY_decrypt(3), +EVP_PKEY_sign(3), +EVP_PKEY_verify(3), +EVP_PKEY_verify_recover(3), +EVP_KEYEXCH_fetch(3)

    +

    +

    +
    +

    HISTORY

    +

    These functions were added in OpenSSL 1.0.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_encrypt.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_encrypt.html new file mode 100755 index 0000000..9b4097f --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_encrypt.html @@ -0,0 +1,151 @@ + + + + +EVP_PKEY_encrypt + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_PKEY_encrypt_init, EVP_PKEY_encrypt - encrypt using a public key algorithm

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx,
+                      unsigned char *out, size_t *outlen,
+                      const unsigned char *in, size_t inlen);
    +

    +

    +
    +

    DESCRIPTION

    +

    The EVP_PKEY_encrypt_init() function initializes a public key algorithm +context using key pkey for an encryption operation.

    +

    The EVP_PKEY_encrypt() function performs a public key encryption operation +using ctx. The data to be encrypted is specified using the in and +inlen parameters. If out is NULL then the maximum size of the output +buffer is written to the outlen parameter. If out is not NULL then +before the call the outlen parameter should contain the length of the +out buffer, if the call is successful the encrypted data is written to +out and the amount of data written to outlen.

    +

    +

    +
    +

    NOTES

    +

    After the call to EVP_PKEY_encrypt_init() algorithm specific control +operations can be performed to set any appropriate parameters for the +operation.

    +

    The function EVP_PKEY_encrypt() can be called more than once on the same +context if several operations are performed using the same parameters.

    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_PKEY_encrypt_init() and EVP_PKEY_encrypt() return 1 for success and 0 +or a negative value for failure. In particular a return value of -2 +indicates the operation is not supported by the public key algorithm.

    +

    +

    +
    +

    EXAMPLES

    +

    Encrypt data using OAEP (for RSA keys). See also PEM_read_PUBKEY(3) or +d2i_X509(3) for means to load a public key. You may also simply +set 'eng = NULL;' to start with the default OpenSSL RSA implementation:

    +
    + #include <openssl/evp.h>
+ #include <openssl/rsa.h>
+ #include <openssl/engine.h>
    +
    + EVP_PKEY_CTX *ctx;
+ ENGINE *eng;
+ unsigned char *out, *in;
+ size_t outlen, inlen;
+ EVP_PKEY *key;
    +
    + /*
+  * NB: assumes eng, key, in, inlen are already set up,
+  * and that key is an RSA public key
+  */
+ ctx = EVP_PKEY_CTX_new(key, eng);
+ if (!ctx)
+     /* Error occurred */
+ if (EVP_PKEY_encrypt_init(ctx) <= 0)
+     /* Error */
+ if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_OAEP_PADDING) <= 0)
+     /* Error */
    +
    + /* Determine buffer length */
+ if (EVP_PKEY_encrypt(ctx, NULL, &outlen, in, inlen) <= 0)
+     /* Error */
    +
    + out = OPENSSL_malloc(outlen);
    +
    + if (!out)
+     /* malloc failure */
    +
    + if (EVP_PKEY_encrypt(ctx, out, &outlen, in, inlen) <= 0)
+     /* Error */
    +
    + /* Encrypted data is outlen bytes written to buffer out */
    +

    +

    +
    +

    SEE ALSO

    +

    d2i_X509(3), +ENGINE_by_id(3), +EVP_PKEY_CTX_new(3), +EVP_PKEY_decrypt(3), +EVP_PKEY_sign(3), +EVP_PKEY_verify(3), +EVP_PKEY_verify_recover(3), +EVP_PKEY_derive(3)

    +

    +

    +
    +

    HISTORY

    +

    These functions were added in OpenSSL 1.0.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_fromdata.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_fromdata.html new file mode 100755 index 0000000..741cac3 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_fromdata.html @@ -0,0 +1,106 @@ + + + + +EVP_PKEY_fromdata + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_PKEY_param_fromdata_init, EVP_PKEY_key_fromdata_init, EVP_PKEY_fromdata, +EVP_PKEY_param_fromdata_settable, EVP_PKEY_key_fromdata_settable +- functions to create key parameters and keys from user data

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + int EVP_PKEY_param_fromdata_init(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_key_fromdata_init(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_fromdata(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey, OSSL_PARAM params[]);
+ const OSSL_PARAM *EVP_PKEY_param_fromdata_settable(EVP_PKEY_CTX *ctx);
+ const OSSL_PARAM *EVP_PKEY_key_fromdata_settable(EVP_PKEY_CTX *ctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    EVP_PKEY_param_fromdata_init() initializes a public key algorithm context +for creating key parameters from user data.

    +

    EVP_PKEY_key_fromdata_init() initializes a public key algorithm context for +creating a key from user data.

    +

    EVP_PKEY_fromdata() creates key parameters or a key, given data from +params and a context that's been initialized with +EVP_PKEY_param_fromdata_init() or EVP_PKEY_key_fromdata_init(). The result is +written to *ppkey. The parameters that can be used for various types of key +are as described in the "Built-in RSA Import/Export Types" section on the +provider-keymgmt(7) page.

    +

    EVP_PKEY_param_fromdata_settable() and EVP_PKEY_key_fromdata_settable() +get a constant OSSL_PARAM array that describes the settable parameters +that can be used with EVP_PKEY_fromdata(). +See OSSL_PARAM(3) for the use of OSSL_PARAM as parameter descriptor.

    +

    +

    +
    +

    NOTES

    +

    These functions only work with key management methods coming from a +provider.

    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_PKEY_key_fromdata_init(), EVP_PKEY_param_fromdata_init() and +EVP_PKEY_fromdata() return 1 for success and 0 or a negative value for +failure. In particular a return value of -2 indicates the operation is +not supported by the public key algorithm.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_PKEY_CTX_new(3), provider(7)

    +

    +

    +
    +

    HISTORY

    +

    These functions were added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_get_default_digest_nid.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_get_default_digest_nid.html new file mode 100755 index 0000000..5150376 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_get_default_digest_nid.html @@ -0,0 +1,106 @@ + + + + +EVP_PKEY_get_default_digest_nid + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_PKEY_get_default_digest_nid, EVP_PKEY_get_default_digest_name +- get default signature digest

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + int EVP_PKEY_get_default_digest_name(EVP_PKEY *pkey,
+                                      char *mdname, size_t mdname_sz)
+ int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid);
    +

    +

    +
    +

    DESCRIPTION

    +

    EVP_PKEY_get_default_digest_name() fills in the default message digest +name for the public key signature operations associated with key +pkey into mdname, up to at most mdname_sz bytes including the +ending NUL byte.

    +

    EVP_PKEY_get_default_digest_nid() sets pnid to the default message +digest NID for the public key signature operations associated with key +pkey. Note that some signature algorithms (i.e. Ed25519 and Ed448) +do not use a digest during signing. In this case pnid will be set +to NID_undef. This function is only reliable for legacy keys, which +are keys with a EVP_PKEY_ASN1_METHOD; these keys have typically +been loaded from engines, or created with EVP_PKEY_assign_RSA(3) or +similar.

    +

    +

    +
    +

    NOTES

    +

    For all current standard OpenSSL public key algorithms SHA256 is returned.

    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_PKEY_get_default_digest_name() and EVP_PKEY_get_default_digest_nid() +both return 1 if the message digest is advisory (that is other digests +can be used) and 2 if it is mandatory (other digests can not be used). +They return 0 or a negative value for failure. In particular a return +value of -2 indicates the operation is not supported by the public key +algorithm.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_PKEY_CTX_new(3), +EVP_PKEY_sign(3), +EVP_PKEY_supports_digest_nid(3), +EVP_PKEY_verify(3), +EVP_PKEY_verify_recover(3),

    +

    +

    +
    +

    HISTORY

    +

    This function was added in OpenSSL 1.0.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_keygen.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_keygen.html new file mode 100755 index 0000000..a85f863 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_keygen.html @@ -0,0 +1,213 @@ + + + + +EVP_PKEY_keygen + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_PKEY_keygen_init, EVP_PKEY_keygen, EVP_PKEY_paramgen_init, +EVP_PKEY_paramgen, EVP_PKEY_CTX_set_cb, EVP_PKEY_CTX_get_cb, +EVP_PKEY_CTX_get_keygen_info, EVP_PKEY_CTX_set_app_data, +EVP_PKEY_CTX_get_app_data, +EVP_PKEY_gen_cb +- key and parameter generation and check functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
+ int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
    +
    + typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx);
    +
    + void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb);
+ EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx);
    +
    + int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx);
    +
    + void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data);
+ void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    The EVP_PKEY_keygen_init() function initializes a public key algorithm +context using key pkey for a key generation operation.

    +

    The EVP_PKEY_keygen() function performs a key generation operation, the +generated key is written to ppkey.

    +

    The functions EVP_PKEY_paramgen_init() and EVP_PKEY_paramgen() are similar +except parameters are generated.

    +

    The function EVP_PKEY_set_cb() sets the key or parameter generation callback +to cb. The function EVP_PKEY_CTX_get_cb() returns the key or parameter +generation callback.

    +

    The function EVP_PKEY_CTX_get_keygen_info() returns parameters associated +with the generation operation. If idx is -1 the total number of +parameters available is returned. Any non negative value returns the value of +that parameter. EVP_PKEY_CTX_gen_keygen_info() with a non-negative value for +idx should only be called within the generation callback.

    +

    If the callback returns 0 then the key generation operation is aborted and an +error occurs. This might occur during a time consuming operation where +a user clicks on a "cancel" button.

    +

    The functions EVP_PKEY_CTX_set_app_data() and EVP_PKEY_CTX_get_app_data() set +and retrieve an opaque pointer. This can be used to set some application +defined value which can be retrieved in the callback: for example a handle +which is used to update a "progress dialog".

    +

    +

    +
    +

    NOTES

    +

    After the call to EVP_PKEY_keygen_init() or EVP_PKEY_paramgen_init() algorithm +specific control operations can be performed to set any appropriate parameters +for the operation.

    +

    The functions EVP_PKEY_keygen() and EVP_PKEY_paramgen() can be called more than +once on the same context if several operations are performed using the same +parameters.

    +

    The meaning of the parameters passed to the callback will depend on the +algorithm and the specific implementation of the algorithm. Some might not +give any useful information at all during key or parameter generation. Others +might not even call the callback.

    +

    The operation performed by key or parameter generation depends on the algorithm +used. In some cases (e.g. EC with a supplied named curve) the "generation" +option merely sets the appropriate fields in an EVP_PKEY structure.

    +

    In OpenSSL an EVP_PKEY structure containing a private key also contains the +public key components and parameters (if any). An OpenSSL private key is +equivalent to what some libraries call a "key pair". A private key can be used +in functions which require the use of a public key or parameters.

    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_PKEY_keygen_init(), EVP_PKEY_paramgen_init(), EVP_PKEY_keygen() and +EVP_PKEY_paramgen() return 1 for success and 0 or a negative value for failure. +In particular a return value of -2 indicates the operation is not supported by +the public key algorithm.

    +

    +

    +
    +

    EXAMPLES

    +

    Generate a 2048 bit RSA key:

    +
    + #include <openssl/evp.h>
+ #include <openssl/rsa.h>
    +
    + EVP_PKEY_CTX *ctx;
+ EVP_PKEY *pkey = NULL;
    +
    + ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
+ if (!ctx)
+     /* Error occurred */
+ if (EVP_PKEY_keygen_init(ctx) <= 0)
+     /* Error */
+ if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048) <= 0)
+     /* Error */
    +
    + /* Generate key */
+ if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
+     /* Error */
    +

    Generate a key from a set of parameters:

    +
    + #include <openssl/evp.h>
+ #include <openssl/rsa.h>
    +
    + EVP_PKEY_CTX *ctx;
+ ENGINE *eng;
+ EVP_PKEY *pkey = NULL, *param;
    +
    + /* Assumed param, eng are set up already */
+ ctx = EVP_PKEY_CTX_new(param, eng);
+ if (!ctx)
+     /* Error occurred */
+ if (EVP_PKEY_keygen_init(ctx) <= 0)
+     /* Error */
    +
    + /* Generate key */
+ if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
+     /* Error */
    +

    Example of generation callback for OpenSSL public key implementations:

    +
    + /* Application data is a BIO to output status to */
    +
    + EVP_PKEY_CTX_set_app_data(ctx, status_bio);
    +
    + static int genpkey_cb(EVP_PKEY_CTX *ctx)
+ {
+     char c = '*';
+     BIO *b = EVP_PKEY_CTX_get_app_data(ctx);
+     int p = EVP_PKEY_CTX_get_keygen_info(ctx, 0);
    +
    +     if (p == 0)
+         c = '.';
+     if (p == 1)
+         c = '+';
+     if (p == 2)
+         c = '*';
+     if (p == 3)
+         c = '\n';
+     BIO_write(b, &c, 1);
+     (void)BIO_flush(b);
+     return 1;
+ }
    +

    +

    +
    +

    SEE ALSO

    +

    EVP_PKEY_CTX_new(3), +EVP_PKEY_encrypt(3), +EVP_PKEY_decrypt(3), +EVP_PKEY_sign(3), +EVP_PKEY_verify(3), +EVP_PKEY_verify_recover(3), +EVP_PKEY_derive(3)

    +

    +

    +
    +

    HISTORY

    +

    These functions were added in OpenSSL 1.0.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_meth_get_count.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_meth_get_count.html new file mode 100755 index 0000000..3212811 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_meth_get_count.html @@ -0,0 +1,83 @@ + + + + +EVP_PKEY_meth_get_count + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_PKEY_meth_get_count, EVP_PKEY_meth_get0, EVP_PKEY_meth_get0_info - enumerate public key methods

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + size_t EVP_PKEY_meth_get_count(void);
+ const EVP_PKEY_METHOD *EVP_PKEY_meth_get0(size_t idx);
+ void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags,
+                              const EVP_PKEY_METHOD *meth);
    +

    +

    +
    +

    DESCRIPTION

    +

    EVP_PKEY_meth_count() returns a count of the number of public key methods +available: it includes standard methods and any methods added by the +application.

    +

    EVP_PKEY_meth_get0() returns the public key method idx. The value of idx +must be between zero and EVP_PKEY_meth_get_count() - 1.

    +

    EVP_PKEY_meth_get0_info() returns the public key ID (a NID) and any flags +associated with the public key method *meth.

    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_PKEY_meth_count() returns the number of available public key methods.

    +

    EVP_PKEY_meth_get0() return a public key method or NULL if idx is +out of range.

    +

    EVP_PKEY_meth_get0_info() does not return a value.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_PKEY_new(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2002-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_meth_new.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_meth_new.html new file mode 100755 index 0000000..a5f178c --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_meth_new.html @@ -0,0 +1,462 @@ + + + + +EVP_PKEY_meth_new + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    EVP_PKEY_meth_new, EVP_PKEY_meth_free, EVP_PKEY_meth_copy, EVP_PKEY_meth_find, +EVP_PKEY_meth_add0, EVP_PKEY_METHOD, +EVP_PKEY_meth_set_init, EVP_PKEY_meth_set_copy, EVP_PKEY_meth_set_cleanup, +EVP_PKEY_meth_set_paramgen, EVP_PKEY_meth_set_keygen, EVP_PKEY_meth_set_sign, +EVP_PKEY_meth_set_verify, EVP_PKEY_meth_set_verify_recover, EVP_PKEY_meth_set_signctx, +EVP_PKEY_meth_set_verifyctx, EVP_PKEY_meth_set_encrypt, EVP_PKEY_meth_set_decrypt, +EVP_PKEY_meth_set_derive, EVP_PKEY_meth_set_ctrl, +EVP_PKEY_meth_set_digestsign, EVP_PKEY_meth_set_digestverify, +EVP_PKEY_meth_set_check, +EVP_PKEY_meth_set_public_check, EVP_PKEY_meth_set_param_check, +EVP_PKEY_meth_set_digest_custom, +EVP_PKEY_meth_get_init, EVP_PKEY_meth_get_copy, EVP_PKEY_meth_get_cleanup, +EVP_PKEY_meth_get_paramgen, EVP_PKEY_meth_get_keygen, EVP_PKEY_meth_get_sign, +EVP_PKEY_meth_get_verify, EVP_PKEY_meth_get_verify_recover, EVP_PKEY_meth_get_signctx, +EVP_PKEY_meth_get_verifyctx, EVP_PKEY_meth_get_encrypt, EVP_PKEY_meth_get_decrypt, +EVP_PKEY_meth_get_derive, EVP_PKEY_meth_get_ctrl, +EVP_PKEY_meth_get_digestsign, EVP_PKEY_meth_get_digestverify, +EVP_PKEY_meth_get_check, +EVP_PKEY_meth_get_public_check, EVP_PKEY_meth_get_param_check, +EVP_PKEY_meth_get_digest_custom, +EVP_PKEY_meth_remove +- manipulating EVP_PKEY_METHOD structure

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + typedef struct evp_pkey_method_st EVP_PKEY_METHOD;
    +
    + EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags);
+ void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth);
+ void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src);
+ const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type);
+ int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth);
+ int EVP_PKEY_meth_remove(const EVP_PKEY_METHOD *pmeth);
    +
    + void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth,
+                             int (*init) (EVP_PKEY_CTX *ctx));
+ void EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD *pmeth,
+                             int (*copy) (EVP_PKEY_CTX *dst,
+                                          EVP_PKEY_CTX *src));
+ void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD *pmeth,
+                                void (*cleanup) (EVP_PKEY_CTX *ctx));
+ void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD *pmeth,
+                                 int (*paramgen_init) (EVP_PKEY_CTX *ctx),
+                                 int (*paramgen) (EVP_PKEY_CTX *ctx,
+                                                  EVP_PKEY *pkey));
+ void EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD *pmeth,
+                               int (*keygen_init) (EVP_PKEY_CTX *ctx),
+                               int (*keygen) (EVP_PKEY_CTX *ctx,
+                                              EVP_PKEY *pkey));
+ void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth,
+                             int (*sign_init) (EVP_PKEY_CTX *ctx),
+                             int (*sign) (EVP_PKEY_CTX *ctx,
+                                          unsigned char *sig, size_t *siglen,
+                                          const unsigned char *tbs,
+                                          size_t tbslen));
+ void EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD *pmeth,
+                               int (*verify_init) (EVP_PKEY_CTX *ctx),
+                               int (*verify) (EVP_PKEY_CTX *ctx,
+                                              const unsigned char *sig,
+                                              size_t siglen,
+                                              const unsigned char *tbs,
+                                              size_t tbslen));
+ void EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD *pmeth,
+                                       int (*verify_recover_init) (EVP_PKEY_CTX
+                                                                   *ctx),
+                                       int (*verify_recover) (EVP_PKEY_CTX
+                                                              *ctx,
+                                                              unsigned char
+                                                              *sig,
+                                                              size_t *siglen,
+                                                              const unsigned
+                                                              char *tbs,
+                                                              size_t tbslen));
+ void EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD *pmeth,
+                                int (*signctx_init) (EVP_PKEY_CTX *ctx,
+                                                     EVP_MD_CTX *mctx),
+                                int (*signctx) (EVP_PKEY_CTX *ctx,
+                                                unsigned char *sig,
+                                                size_t *siglen,
+                                                EVP_MD_CTX *mctx));
+ void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD *pmeth,
+                                  int (*verifyctx_init) (EVP_PKEY_CTX *ctx,
+                                                         EVP_MD_CTX *mctx),
+                                  int (*verifyctx) (EVP_PKEY_CTX *ctx,
+                                                    const unsigned char *sig,
+                                                    int siglen,
+                                                    EVP_MD_CTX *mctx));
+ void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *pmeth,
+                                int (*encrypt_init) (EVP_PKEY_CTX *ctx),
+                                int (*encryptfn) (EVP_PKEY_CTX *ctx,
+                                                  unsigned char *out,
+                                                  size_t *outlen,
+                                                  const unsigned char *in,
+                                                  size_t inlen));
+ void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *pmeth,
+                                int (*decrypt_init) (EVP_PKEY_CTX *ctx),
+                                int (*decrypt) (EVP_PKEY_CTX *ctx,
+                                                unsigned char *out,
+                                                size_t *outlen,
+                                                const unsigned char *in,
+                                                size_t inlen));
+ void EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD *pmeth,
+                               int (*derive_init) (EVP_PKEY_CTX *ctx),
+                               int (*derive) (EVP_PKEY_CTX *ctx,
+                                              unsigned char *key,
+                                              size_t *keylen));
+ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
+                             int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1,
+                                          void *p2),
+                             int (*ctrl_str) (EVP_PKEY_CTX *ctx,
+                                              const char *type,
+                                              const char *value));
+ void EVP_PKEY_meth_set_digestsign(EVP_PKEY_METHOD *pmeth,
+                                   int (*digestsign) (EVP_MD_CTX *ctx,
+                                                      unsigned char *sig,
+                                                      size_t *siglen,
+                                                      const unsigned char *tbs,
+                                                      size_t tbslen));
+ void EVP_PKEY_meth_set_digestverify(EVP_PKEY_METHOD *pmeth,
+                                     int (*digestverify) (EVP_MD_CTX *ctx,
+                                                          const unsigned char *sig,
+                                                          size_t siglen,
+                                                          const unsigned char *tbs,
+                                                          size_t tbslen));
+ void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth,
+                              int (*check) (EVP_PKEY *pkey));
+ void EVP_PKEY_meth_set_public_check(EVP_PKEY_METHOD *pmeth,
+                                     int (*check) (EVP_PKEY *pkey));
+ void EVP_PKEY_meth_set_param_check(EVP_PKEY_METHOD *pmeth,
+                                    int (*check) (EVP_PKEY *pkey));
+ void EVP_PKEY_meth_set_digest_custom(EVP_PKEY_METHOD *pmeth,
+                                     int (*digest_custom) (EVP_PKEY_CTX *ctx,
+                                                           EVP_MD_CTX *mctx));
    +
    + void EVP_PKEY_meth_get_init(const EVP_PKEY_METHOD *pmeth,
+                             int (**pinit) (EVP_PKEY_CTX *ctx));
+ void EVP_PKEY_meth_get_copy(const EVP_PKEY_METHOD *pmeth,
+                             int (**pcopy) (EVP_PKEY_CTX *dst,
+                                            EVP_PKEY_CTX *src));
+ void EVP_PKEY_meth_get_cleanup(const EVP_PKEY_METHOD *pmeth,
+                                void (**pcleanup) (EVP_PKEY_CTX *ctx));
+ void EVP_PKEY_meth_get_paramgen(const EVP_PKEY_METHOD *pmeth,
+                                 int (**pparamgen_init) (EVP_PKEY_CTX *ctx),
+                                 int (**pparamgen) (EVP_PKEY_CTX *ctx,
+                                                    EVP_PKEY *pkey));
+ void EVP_PKEY_meth_get_keygen(const EVP_PKEY_METHOD *pmeth,
+                               int (**pkeygen_init) (EVP_PKEY_CTX *ctx),
+                               int (**pkeygen) (EVP_PKEY_CTX *ctx,
+                                                EVP_PKEY *pkey));
+ void EVP_PKEY_meth_get_sign(const EVP_PKEY_METHOD *pmeth,
+                             int (**psign_init) (EVP_PKEY_CTX *ctx),
+                             int (**psign) (EVP_PKEY_CTX *ctx,
+                                            unsigned char *sig, size_t *siglen,
+                                            const unsigned char *tbs,
+                                            size_t tbslen));
+ void EVP_PKEY_meth_get_verify(const EVP_PKEY_METHOD *pmeth,
+                               int (**pverify_init) (EVP_PKEY_CTX *ctx),
+                               int (**pverify) (EVP_PKEY_CTX *ctx,
+                                                const unsigned char *sig,
+                                                size_t siglen,
+                                                const unsigned char *tbs,
+                                                size_t tbslen));
+ void EVP_PKEY_meth_get_verify_recover(const EVP_PKEY_METHOD *pmeth,
+                                       int (**pverify_recover_init) (EVP_PKEY_CTX
+                                                                     *ctx),
+                                       int (**pverify_recover) (EVP_PKEY_CTX
+                                                                *ctx,
+                                                                unsigned char
+                                                                *sig,
+                                                                size_t *siglen,
+                                                                const unsigned
+                                                                char *tbs,
+                                                                size_t tbslen));
+ void EVP_PKEY_meth_get_signctx(const EVP_PKEY_METHOD *pmeth,
+                                int (**psignctx_init) (EVP_PKEY_CTX *ctx,
+                                                       EVP_MD_CTX *mctx),
+                                int (**psignctx) (EVP_PKEY_CTX *ctx,
+                                                  unsigned char *sig,
+                                                  size_t *siglen,
+                                                  EVP_MD_CTX *mctx));
+ void EVP_PKEY_meth_get_verifyctx(const EVP_PKEY_METHOD *pmeth,
+                                  int (**pverifyctx_init) (EVP_PKEY_CTX *ctx,
+                                                           EVP_MD_CTX *mctx),
+                                  int (**pverifyctx) (EVP_PKEY_CTX *ctx,
+                                                      const unsigned char *sig,
+                                                      int siglen,
+                                                      EVP_MD_CTX *mctx));
+ void EVP_PKEY_meth_get_encrypt(const EVP_PKEY_METHOD *pmeth,
+                                int (**pencrypt_init) (EVP_PKEY_CTX *ctx),
+                                int (**pencryptfn) (EVP_PKEY_CTX *ctx,
+                                                    unsigned char *out,
+                                                    size_t *outlen,
+                                                    const unsigned char *in,
+                                                    size_t inlen));
+ void EVP_PKEY_meth_get_decrypt(const EVP_PKEY_METHOD *pmeth,
+                                int (**pdecrypt_init) (EVP_PKEY_CTX *ctx),
+                                int (**pdecrypt) (EVP_PKEY_CTX *ctx,
+                                                  unsigned char *out,
+                                                  size_t *outlen,
+                                                  const unsigned char *in,
+                                                  size_t inlen));
+ void EVP_PKEY_meth_get_derive(const EVP_PKEY_METHOD *pmeth,
+                               int (**pderive_init) (EVP_PKEY_CTX *ctx),
+                               int (**pderive) (EVP_PKEY_CTX *ctx,
+                                                unsigned char *key,
+                                                size_t *keylen));
+ void EVP_PKEY_meth_get_ctrl(const EVP_PKEY_METHOD *pmeth,
+                             int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1,
+                                            void *p2),
+                             int (**pctrl_str) (EVP_PKEY_CTX *ctx,
+                                                const char *type,
+                                                const char *value));
+ void EVP_PKEY_meth_get_digestsign(EVP_PKEY_METHOD *pmeth,
+                                   int (**digestsign) (EVP_MD_CTX *ctx,
+                                                       unsigned char *sig,
+                                                       size_t *siglen,
+                                                       const unsigned char *tbs,
+                                                       size_t tbslen));
+ void EVP_PKEY_meth_get_digestverify(EVP_PKEY_METHOD *pmeth,
+                                     int (**digestverify) (EVP_MD_CTX *ctx,
+                                                           const unsigned char *sig,
+                                                           size_t siglen,
+                                                           const unsigned char *tbs,
+                                                           size_t tbslen));
+ void EVP_PKEY_meth_get_check(const EVP_PKEY_METHOD *pmeth,
+                              int (**pcheck) (EVP_PKEY *pkey));
+ void EVP_PKEY_meth_get_public_check(const EVP_PKEY_METHOD *pmeth,
+                                     int (**pcheck) (EVP_PKEY *pkey));
+ void EVP_PKEY_meth_get_param_check(const EVP_PKEY_METHOD *pmeth,
+                                    int (**pcheck) (EVP_PKEY *pkey));
+ void EVP_PKEY_meth_get_digest_custom(EVP_PKEY_METHOD *pmeth,
+                                     int (**pdigest_custom) (EVP_PKEY_CTX *ctx,
+                                                             EVP_MD_CTX *mctx));
    +

    +

    +
    +

    DESCRIPTION

    +

    EVP_PKEY_METHOD is a structure which holds a set of methods for a +specific public key cryptographic algorithm. Those methods are usually +used to perform different jobs, such as generating a key, signing or +verifying, encrypting or decrypting, etc.

    +

    There are two places where the EVP_PKEY_METHOD objects are stored: one +is a built-in static array representing the standard methods for different +algorithms, and the other one is a stack of user-defined application-specific +methods, which can be manipulated by using EVP_PKEY_meth_add0(3).

    +

    The EVP_PKEY_METHOD objects are usually referenced by EVP_PKEY_CTX +objects.

    +

    +

    +

    Methods

    +

    The methods are the underlying implementations of a particular public key +algorithm present by the EVP_PKEY_CTX object.

    +
    + int (*init) (EVP_PKEY_CTX *ctx);
+ int (*copy) (EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src);
+ void (*cleanup) (EVP_PKEY_CTX *ctx);
    +

    The init() method is called to initialize algorithm-specific data when a new +EVP_PKEY_CTX is created. As opposed to init(), the cleanup() method is called +when an EVP_PKEY_CTX is freed. The copy() method is called when an EVP_PKEY_CTX +is being duplicated. Refer to EVP_PKEY_CTX_new(3), EVP_PKEY_CTX_new_id(3), +EVP_PKEY_CTX_free(3) and EVP_PKEY_CTX_dup(3).

    +
    + int (*paramgen_init) (EVP_PKEY_CTX *ctx);
+ int (*paramgen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey);
    +

    The paramgen_init() and paramgen() methods deal with key parameter generation. +They are called by EVP_PKEY_paramgen_init(3) and EVP_PKEY_paramgen(3) to +handle the parameter generation process.

    +
    + int (*keygen_init) (EVP_PKEY_CTX *ctx);
+ int (*keygen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey);
    +

    The keygen_init() and keygen() methods are used to generate the actual key for +the specified algorithm. They are called by EVP_PKEY_keygen_init(3) and +EVP_PKEY_keygen(3).

    +
    + int (*sign_init) (EVP_PKEY_CTX *ctx);
+ int (*sign) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+              const unsigned char *tbs, size_t tbslen);
    +

    The sign_init() and sign() methods are used to generate the signature of a +piece of data using a private key. They are called by EVP_PKEY_sign_init(3) +and EVP_PKEY_sign(3).

    +
    + int (*verify_init) (EVP_PKEY_CTX *ctx);
+ int (*verify) (EVP_PKEY_CTX *ctx,
+                const unsigned char *sig, size_t siglen,
+                const unsigned char *tbs, size_t tbslen);
    +

    The verify_init() and verify() methods are used to verify whether a signature is +valid. They are called by EVP_PKEY_verify_init(3) and EVP_PKEY_verify(3).

    +
    + int (*verify_recover_init) (EVP_PKEY_CTX *ctx);
+ int (*verify_recover) (EVP_PKEY_CTX *ctx,
+                        unsigned char *rout, size_t *routlen,
+                        const unsigned char *sig, size_t siglen);
    +

    The verify_recover_init() and verify_recover() methods are used to verify a +signature and then recover the digest from the signature (for instance, a +signature that was generated by RSA signing algorithm). They are called by +EVP_PKEY_verify_recover_init(3) and EVP_PKEY_verify_recover(3).

    +
    + int (*signctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx);
+ int (*signctx) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+                 EVP_MD_CTX *mctx);
    +

    The signctx_init() and signctx() methods are used to sign a digest present by +a EVP_MD_CTX object. They are called by the EVP_DigestSign functions. See +EVP_DigestSignInit(3) for details.

    +
    + int (*verifyctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx);
+ int (*verifyctx) (EVP_PKEY_CTX *ctx, const unsigned char *sig, int siglen,
+                   EVP_MD_CTX *mctx);
    +

    The verifyctx_init() and verifyctx() methods are used to verify a signature +against the data in a EVP_MD_CTX object. They are called by the various +EVP_DigestVerify functions. See EVP_DigestVerifyInit(3) for details.

    +
    + int (*encrypt_init) (EVP_PKEY_CTX *ctx);
+ int (*encrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
+                 const unsigned char *in, size_t inlen);
    +

    The encrypt_init() and encrypt() methods are used to encrypt a piece of data. +They are called by EVP_PKEY_encrypt_init(3) and EVP_PKEY_encrypt(3).

    +
    + int (*decrypt_init) (EVP_PKEY_CTX *ctx);
+ int (*decrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
+                 const unsigned char *in, size_t inlen);
    +

    The decrypt_init() and decrypt() methods are used to decrypt a piece of data. +They are called by EVP_PKEY_decrypt_init(3) and EVP_PKEY_decrypt(3).

    +
    + int (*derive_init) (EVP_PKEY_CTX *ctx);
+ int (*derive) (EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
    +

    The derive_init() and derive() methods are used to derive the shared secret +from a public key algorithm (for instance, the DH algorithm). They are called by +EVP_PKEY_derive_init(3) and EVP_PKEY_derive(3).

    +
    + int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
+ int (*ctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value);
    +

    The ctrl() and ctrl_str() methods are used to adjust algorithm-specific +settings. See EVP_PKEY_CTX_ctrl(3) and related functions for details.

    +
    + int (*digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
+                    const unsigned char *tbs, size_t tbslen);
+ int (*digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig,
+                      size_t siglen, const unsigned char *tbs,
+                      size_t tbslen);
    +

    The digestsign() and digestverify() methods are used to generate or verify +a signature in a one-shot mode. They could be called by EVP_DigestSign(3) +and EVP_DigestVerify(3).

    +
    + int (*check) (EVP_PKEY *pkey);
+ int (*public_check) (EVP_PKEY *pkey);
+ int (*param_check) (EVP_PKEY *pkey);
    +

    The check(), public_check() and param_check() methods are used to validate a +key-pair, the public component and parameters respectively for a given pkey. +They could be called by EVP_PKEY_check(3), EVP_PKEY_public_check(3) and +EVP_PKEY_param_check(3) respectively.

    +
    + int (*digest_custom) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx);
    +

    The digest_custom() method is used to generate customized digest content before +the real message is passed to functions like EVP_DigestSignUpdate(3) or +EVP_DigestVerifyInit(3). This is usually required by some public key +signature algorithms like SM2 which requires a hashed prefix to the message to +be signed. The digest_custom() function will be called by EVP_DigestSignInit(3) +and EVP_DigestVerifyInit(3).

    +

    +

    +

    Functions

    +

    EVP_PKEY_meth_new() creates and returns a new EVP_PKEY_METHOD object, +and associates the given id and flags. The following flags are +supported:

    +
    + EVP_PKEY_FLAG_AUTOARGLEN
+ EVP_PKEY_FLAG_SIGCTX_CUSTOM
    +

    If an EVP_PKEY_METHOD is set with the EVP_PKEY_FLAG_AUTOARGLEN flag, the +maximum size of the output buffer will be automatically calculated or checked +in corresponding EVP methods by the EVP framework. Thus the implementations of +these methods don't need to care about handling the case of returning output +buffer size by themselves. For details on the output buffer size, refer to +EVP_PKEY_sign(3).

    +

    The EVP_PKEY_FLAG_SIGCTX_CUSTOM is used to indicate the signctx() method +of an EVP_PKEY_METHOD is always called by the EVP framework while doing a +digest signing operation by calling EVP_DigestSignFinal(3).

    +

    EVP_PKEY_meth_free() frees an existing EVP_PKEY_METHOD pointed by +pmeth.

    +

    EVP_PKEY_meth_copy() copies an EVP_PKEY_METHOD object from src +to dst.

    +

    EVP_PKEY_meth_find() finds an EVP_PKEY_METHOD object with the id. +This function first searches through the user-defined method objects and +then the built-in objects.

    +

    EVP_PKEY_meth_add0() adds pmeth to the user defined stack of methods.

    +

    EVP_PKEY_meth_remove() removes an EVP_PKEY_METHOD object added by +EVP_PKEY_meth_add0().

    +

    The EVP_PKEY_meth_set functions set the corresponding fields of +EVP_PKEY_METHOD structure with the arguments passed.

    +

    The EVP_PKEY_meth_get functions get the corresponding fields of +EVP_PKEY_METHOD structure to the arguments provided.

    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_PKEY_meth_new() returns a pointer to a new EVP_PKEY_METHOD +object or returns NULL on error.

    +

    EVP_PKEY_meth_free() and EVP_PKEY_meth_copy() do not return values.

    +

    EVP_PKEY_meth_find() returns a pointer to the found EVP_PKEY_METHOD +object or returns NULL if not found.

    +

    EVP_PKEY_meth_add0() returns 1 if method is added successfully or 0 +if an error occurred.

    +

    EVP_PKEY_meth_remove() returns 1 if method is removed successfully or +0 if an error occurred.

    +

    All EVP_PKEY_meth_set and EVP_PKEY_meth_get functions have no return +values. For the 'get' functions, function pointers are returned by +arguments.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_new.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_new.html new file mode 100755 index 0000000..52edc2c --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_new.html @@ -0,0 +1,165 @@ + + + + +EVP_PKEY_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_PKEY_new, +EVP_PKEY_up_ref, +EVP_PKEY_free, +EVP_PKEY_new_raw_private_key, +EVP_PKEY_new_raw_public_key, +EVP_PKEY_new_CMAC_key, +EVP_PKEY_new_mac_key, +EVP_PKEY_get_raw_private_key, +EVP_PKEY_get_raw_public_key +- public/private key allocation and raw key handling functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + EVP_PKEY *EVP_PKEY_new(void);
+ int EVP_PKEY_up_ref(EVP_PKEY *key);
+ void EVP_PKEY_free(EVP_PKEY *key);
    +
    + EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *e,
+                                        const unsigned char *key, size_t keylen);
+ EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *e,
+                                       const unsigned char *key, size_t keylen);
+ EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv,
+                                 size_t len, const EVP_CIPHER *cipher);
+ EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, const unsigned char *key,
+                                int keylen);
    +
    + int EVP_PKEY_get_raw_private_key(const EVP_PKEY *pkey, unsigned char *priv,
+                                  size_t *len);
+ int EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey, unsigned char *pub,
+                                 size_t *len);
    +

    +

    +
    +

    DESCRIPTION

    +

    The EVP_PKEY_new() function allocates an empty EVP_PKEY structure which is +used by OpenSSL to store public and private keys. The reference count is set to +1.

    +

    EVP_PKEY_up_ref() increments the reference count of key.

    +

    EVP_PKEY_free() decrements the reference count of key and, if the reference +count is zero, frees it up. If key is NULL, nothing is done.

    +

    EVP_PKEY_new_raw_private_key() allocates a new EVP_PKEY. If e is non-NULL +then the new EVP_PKEY structure is associated with the engine e. The +type argument indicates what kind of key this is. The value should be a NID +for a public key algorithm that supports raw private keys, i.e. one of +EVP_PKEY_HMAC, EVP_PKEY_POLY1305, EVP_PKEY_SIPHASH, EVP_PKEY_X25519, +EVP_PKEY_ED25519, EVP_PKEY_X448 or EVP_PKEY_ED448. key points to the +raw private key data for this EVP_PKEY which should be of length keylen. +The length should be appropriate for the type of the key. The public key data +will be automatically derived from the given private key data (if appropriate +for the algorithm type).

    +

    EVP_PKEY_new_raw_public_key() works in the same way as +EVP_PKEY_new_raw_private_key() except that key points to the raw public key +data. The EVP_PKEY structure will be initialised without any private key +information. Algorithm types that support raw public keys are +EVP_PKEY_X25519, EVP_PKEY_ED25519, EVP_PKEY_X448 or EVP_PKEY_ED448.

    +

    EVP_PKEY_new_CMAC_key() works in the same way as EVP_PKEY_new_raw_private_key() +except it is only for the EVP_PKEY_CMAC algorithm type. In addition to the +raw private key data, it also takes a cipher algorithm to be used during +creation of a CMAC in the cipher argument.

    +

    EVP_PKEY_new_mac_key() works in the same way as EVP_PKEY_new_raw_private_key(). +New applications should use EVP_PKEY_new_raw_private_key() instead.

    +

    EVP_PKEY_get_raw_private_key() fills the buffer provided by priv with raw +private key data. The number of bytes written is populated in *len. If the +buffer priv is NULL then *len is populated with the number of bytes +required to hold the key. The calling application is responsible for ensuring +that the buffer is large enough to receive the private key data. This function +only works for algorithms that support raw private keys. Currently this is: +EVP_PKEY_HMAC, EVP_PKEY_POLY1305, EVP_PKEY_SIPHASH, EVP_PKEY_X25519, +EVP_PKEY_ED25519, EVP_PKEY_X448 or EVP_PKEY_ED448.

    +

    EVP_PKEY_get_raw_public_key() fills the buffer provided by pub with raw +public key data. The number of bytes written is populated in *len. If the +buffer pub is NULL then *len is populated with the number of bytes +required to hold the key. The calling application is responsible for ensuring +that the buffer is large enough to receive the public key data. This function +only works for algorithms that support raw public keys. Currently this is: +EVP_PKEY_X25519, EVP_PKEY_ED25519, EVP_PKEY_X448 or EVP_PKEY_ED448.

    +

    +

    +
    +

    NOTES

    +

    The EVP_PKEY structure is used by various OpenSSL functions which require a +general private key without reference to any particular algorithm.

    +

    The structure returned by EVP_PKEY_new() is empty. To add a private or public +key to this empty structure use the appropriate functions described in +EVP_PKEY_set1_RSA(3), EVP_PKEY_set1_DSA(3), EVP_PKEY_set1_DH(3) or +EVP_PKEY_set1_EC_KEY(3).

    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_PKEY_new(), EVP_PKEY_new_raw_private_key(), EVP_PKEY_new_raw_public_key(), +EVP_PKEY_new_CMAC_key() and EVP_PKEY_new_mac_key() return either the newly +allocated EVP_PKEY structure or NULL if an error occurred.

    +

    EVP_PKEY_up_ref(), EVP_PKEY_get_raw_private_key() and +EVP_PKEY_get_raw_public_key() return 1 for success and 0 for failure.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_PKEY_set1_RSA(3), EVP_PKEY_set1_DSA(3), EVP_PKEY_set1_DH(3) or +EVP_PKEY_set1_EC_KEY(3)

    +

    +

    +
    +

    HISTORY

    +

    The +EVP_PKEY_new() and EVP_PKEY_free() functions exist in all versions of OpenSSL.

    +

    The EVP_PKEY_up_ref() function was added in OpenSSL 1.1.0.

    +

    The +EVP_PKEY_new_raw_private_key(), EVP_PKEY_new_raw_public_key(), +EVP_PKEY_new_CMAC_key(), EVP_PKEY_new_raw_private_key() and +EVP_PKEY_get_raw_public_key() functions were added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_print_private.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_print_private.html new file mode 100755 index 0000000..c8fb7ec --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_print_private.html @@ -0,0 +1,100 @@ + + + + +EVP_PKEY_print_private + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_PKEY_print_public, EVP_PKEY_print_private, EVP_PKEY_print_params - public key algorithm printing routines

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey,
+                           int indent, ASN1_PCTX *pctx);
+ int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey,
+                            int indent, ASN1_PCTX *pctx);
+ int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey,
+                           int indent, ASN1_PCTX *pctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    The functions EVP_PKEY_print_public(), EVP_PKEY_print_private() and +EVP_PKEY_print_params() print out the public, private or parameter components +of key pkey respectively. The key is sent to BIO out in human readable +form. The parameter indent indicated how far the printout should be indented.

    +

    The pctx parameter allows the print output to be finely tuned by using +ASN1 printing options. If pctx is set to NULL then default values will +be used.

    +

    +

    +
    +

    NOTES

    +

    Currently no public key algorithms include any options in the pctx parameter.

    +

    If the key does not include all the components indicated by the function then +only those contained in the key will be printed. For example passing a public +key to EVP_PKEY_print_private() will only print the public components.

    +

    +

    +
    +

    RETURN VALUES

    +

    These functions all return 1 for success and 0 or a negative value for failure. +In particular a return value of -2 indicates the operation is not supported by +the public key algorithm.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_PKEY_CTX_new(3), +EVP_PKEY_keygen(3)

    +

    +

    +
    +

    HISTORY

    +

    These functions were added in OpenSSL 1.0.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2006-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_set1_RSA.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_set1_RSA.html new file mode 100755 index 0000000..e40ef51 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_set1_RSA.html @@ -0,0 +1,187 @@ + + + + +EVP_PKEY_set1_RSA + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY, +EVP_PKEY_get1_RSA, EVP_PKEY_get1_DSA, EVP_PKEY_get1_DH, EVP_PKEY_get1_EC_KEY, +EVP_PKEY_get0_RSA, EVP_PKEY_get0_DSA, EVP_PKEY_get0_DH, EVP_PKEY_get0_EC_KEY, +EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH, +EVP_PKEY_assign_EC_KEY, EVP_PKEY_assign_POLY1305, EVP_PKEY_assign_SIPHASH, +EVP_PKEY_get0_hmac, EVP_PKEY_get0_poly1305, EVP_PKEY_get0_siphash, +EVP_PKEY_type, EVP_PKEY_id, EVP_PKEY_base_id, EVP_PKEY_set_alias_type, +EVP_PKEY_set1_engine, EVP_PKEY_get0_engine - EVP_PKEY assignment functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key);
+ int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key);
+ int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key);
+ int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key);
    +
    + RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey);
+ DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey);
+ DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey);
+ EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
    +
    + const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len);
+ const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len);
+ const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len);
+ RSA *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey);
+ DSA *EVP_PKEY_get0_DSA(const EVP_PKEY *pkey);
+ DH *EVP_PKEY_get0_DH(const EVP_PKEY *pkey);
+ EC_KEY *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey);
    +
    + int EVP_PKEY_assign_RSA(EVP_PKEY *pkey, RSA *key);
+ int EVP_PKEY_assign_DSA(EVP_PKEY *pkey, DSA *key);
+ int EVP_PKEY_assign_DH(EVP_PKEY *pkey, DH *key);
+ int EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey, EC_KEY *key);
+ int EVP_PKEY_assign_POLY1305(EVP_PKEY *pkey, ASN1_OCTET_STRING *key);
+ int EVP_PKEY_assign_SIPHASH(EVP_PKEY *pkey, ASN1_OCTET_STRING *key);
    +
    + int EVP_PKEY_id(const EVP_PKEY *pkey);
+ int EVP_PKEY_base_id(const EVP_PKEY *pkey);
+ int EVP_PKEY_type(int type);
+ int EVP_PKEY_set_alias_type(EVP_PKEY *pkey, int type);
    +
    + ENGINE *EVP_PKEY_get0_engine(const EVP_PKEY *pkey);
+ int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *engine);
    +

    +

    +
    +

    DESCRIPTION

    +

    EVP_PKEY_set1_RSA(), EVP_PKEY_set1_DSA(), EVP_PKEY_set1_DH() and +EVP_PKEY_set1_EC_KEY() set the key referenced by pkey to key.

    +

    EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and +EVP_PKEY_get1_EC_KEY() return the referenced key in pkey or +NULL if the key is not of the correct type.

    +

    EVP_PKEY_get0_hmac(), EVP_PKEY_get0_poly1305(), EVP_PKEY_get0_siphash(), +EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(), EVP_PKEY_get0_DH() +and EVP_PKEY_get0_EC_KEY() also return the referenced key in pkey or NULL +if the key is not of the correct type but the reference count of the +returned key is not incremented and so must not be freed up after use.

    +

    EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH(), +EVP_PKEY_assign_EC_KEY(), EVP_PKEY_assign_POLY1305() and +EVP_PKEY_assign_SIPHASH() also set the referenced key to key +however these use the supplied key internally and so key +will be freed when the parent pkey is freed.

    +

    EVP_PKEY_base_id() returns the type of pkey. For example +an RSA key will return EVP_PKEY_RSA.

    +

    EVP_PKEY_id() returns the actual OID associated with pkey. Historically keys +using the same algorithm could use different OIDs. For example an RSA key could +use the OIDs corresponding to the NIDs NID_rsaEncryption (equivalent to +EVP_PKEY_RSA) or NID_rsa (equivalent to EVP_PKEY_RSA2). The use of +alternative non-standard OIDs is now rare so EVP_PKEY_RSA2 et al are not +often seen in practice.

    +

    EVP_PKEY_type() returns the underlying type of the NID type. For example +EVP_PKEY_type(EVP_PKEY_RSA2) will return EVP_PKEY_RSA.

    +

    EVP_PKEY_get0_engine() returns a reference to the ENGINE handling pkey.

    +

    EVP_PKEY_set1_engine() sets the ENGINE handling pkey to engine. It +must be called after the key algorithm and components are set up. +If engine does not include an EVP_PKEY_METHOD for pkey an +error occurs.

    +

    EVP_PKEY_set_alias_type() allows modifying a EVP_PKEY to use a +different set of algorithms than the default.

    +

    +

    +
    +

    NOTES

    +

    In accordance with the OpenSSL naming convention the key obtained +from or assigned to the pkey using the 1 functions must be +freed as well as pkey.

    +

    EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH(), +EVP_PKEY_assign_EC_KEY(), EVP_PKEY_assign_POLY1305() +and EVP_PKEY_assign_SIPHASH() are implemented as macros.

    +

    EVP_PKEY_assign_EC_KEY() looks at the curve name id to determine if +the passed EC_KEY is an SM2(7) key, and will set the EVP_PKEY +type to EVP_PKEY_SM2 in that case, instead of EVP_PKEY_EC.

    +

    It's possible to switch back and forth between the types EVP_PKEY_EC +and EVP_PKEY_SM2 with a call to EVP_PKEY_set_alias_type() on keys +assigned with this macro if it's desirable to do a normal EC +computations with the SM2 curve instead of the special SM2 +computations, and vice versa.

    +

    Most applications wishing to know a key type will simply call +EVP_PKEY_base_id() and will not care about the actual type: +which will be identical in almost all cases.

    +

    Previous versions of this document suggested using EVP_PKEY_type(pkey->type) +to determine the type of a key. Since EVP_PKEY is now opaque this +is no longer possible: the equivalent is EVP_PKEY_base_id(pkey).

    +

    EVP_PKEY_set1_engine() is typically used by an ENGINE returning an HSM +key as part of its routine to load a private key.

    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_PKEY_set1_RSA(), EVP_PKEY_set1_DSA(), EVP_PKEY_set1_DH() and +EVP_PKEY_set1_EC_KEY() return 1 for success or 0 for failure.

    +

    EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and +EVP_PKEY_get1_EC_KEY() return the referenced key or NULL if +an error occurred.

    +

    EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH(), +EVP_PKEY_assign_EC_KEY(), EVP_PKEY_assign_POLY1305() +and EVP_PKEY_assign_SIPHASH() return 1 for success and 0 for failure.

    +

    EVP_PKEY_base_id(), EVP_PKEY_id() and EVP_PKEY_type() return a key +type or NID_undef (equivalently EVP_PKEY_NONE) on error.

    +

    EVP_PKEY_set1_engine() returns 1 for success and 0 for failure.

    +

    EVP_PKEY_set_alias_type() returns 1 for success and 0 for error.

    +

    +

    +
    +

    EXAMPLES

    +

    After loading an ECC key, it is possible to convert it to using SM2 +algorithms with EVP_PKEY_set_alias_type:

    +
    + EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2);
    +

    +

    +
    +

    SEE ALSO

    +

    EVP_PKEY_new(3), SM2(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_sign.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_sign.html new file mode 100755 index 0000000..2895f1d --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_sign.html @@ -0,0 +1,158 @@ + + + + +EVP_PKEY_sign + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_PKEY_sign_init, EVP_PKEY_sign +- sign using a public key algorithm

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_sign(EVP_PKEY_CTX *ctx,
+                   unsigned char *sig, size_t *siglen,
+                   const unsigned char *tbs, size_t tbslen);
    +

    +

    +
    +

    DESCRIPTION

    +

    EVP_PKEY_sign_init() initializes a public key algorithm context ctx for +signing using the algorithm given when the context was created +using EVP_PKEY_CTX_new(3) or variants thereof. The algorithm is used to +fetch a EVP_SIGNATURE method implicitly, see provider(7)/Implicit fetch +for more information about implict fetches.

    +

    The EVP_PKEY_sign() function performs a public key signing operation +using ctx. The data to be signed is specified using the tbs and +tbslen parameters. If sig is NULL then the maximum size of the output +buffer is written to the siglen parameter. If sig is not NULL then +before the call the siglen parameter should contain the length of the +sig buffer, if the call is successful the signature is written to +sig and the amount of data written to siglen.

    +

    +

    +
    +

    NOTES

    +

    EVP_PKEY_sign() does not hash the data to be signed, and therefore is +normally used to sign digests. For signing arbitrary messages, see the +EVP_DigestSignInit(3) and +EVP_SignInit(3) signing interfaces instead.

    +

    After the call to EVP_PKEY_sign_init() algorithm specific control +operations can be performed to set any appropriate parameters for the +operation (see EVP_PKEY_CTX_ctrl(3)).

    +

    The function EVP_PKEY_sign() can be called more than once on the same +context if several operations are performed using the same parameters.

    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_PKEY_sign_init() and EVP_PKEY_sign() return 1 for success and 0 +or a negative value for failure. In particular a return value of -2 +indicates the operation is not supported by the public key algorithm.

    +

    +

    +
    +

    EXAMPLES

    +

    Sign data using RSA with PKCS#1 padding and SHA256 digest:

    +
    + #include <openssl/evp.h>
+ #include <openssl/rsa.h>
    +
    + EVP_PKEY_CTX *ctx;
+ /* md is a SHA-256 digest in this example. */
+ unsigned char *md, *sig;
+ size_t mdlen = 32, siglen;
+ EVP_PKEY *signing_key;
    +
    + /*
+  * NB: assumes signing_key and md are set up before the next
+  * step. signing_key must be an RSA private key and md must
+  * point to the SHA-256 digest to be signed.
+  */
+ ctx = EVP_PKEY_CTX_new(signing_key, NULL /* no engine */);
+ if (!ctx)
+     /* Error occurred */
+ if (EVP_PKEY_sign_init(ctx) <= 0)
+     /* Error */
+ if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
+     /* Error */
+ if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0)
+     /* Error */
    +
    + /* Determine buffer length */
+ if (EVP_PKEY_sign(ctx, NULL, &siglen, md, mdlen) <= 0)
+     /* Error */
    +
    + sig = OPENSSL_malloc(siglen);
    +
    + if (!sig)
+     /* malloc failure */
    +
    + if (EVP_PKEY_sign(ctx, sig, &siglen, md, mdlen) <= 0)
+     /* Error */
    +
    + /* Signature is siglen bytes written to buffer sig */
    +

    +

    +
    +

    SEE ALSO

    +

    EVP_PKEY_CTX_new(3), +EVP_PKEY_CTX_ctrl(3), +EVP_PKEY_encrypt(3), +EVP_PKEY_decrypt(3), +EVP_PKEY_verify(3), +EVP_PKEY_verify_recover(3), +EVP_PKEY_derive(3)

    +

    +

    +
    +

    HISTORY

    +

    These functions were added in OpenSSL 1.0.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_size.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_size.html new file mode 100755 index 0000000..6e99a10 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_size.html @@ -0,0 +1,115 @@ + + + + +EVP_PKEY_size + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_PKEY_size, EVP_PKEY_bits, EVP_PKEY_security_bits +- EVP_PKEY information functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + int EVP_PKEY_size(const EVP_PKEY *pkey);
+ int EVP_PKEY_bits(const EVP_PKEY *pkey);
+ int EVP_PKEY_security_bits(const EVP_PKEY *pkey);
    +

    +

    +
    +

    DESCRIPTION

    +

    EVP_PKEY_size() returns the maximum suitable size for the output +buffers for almost all operations that can be done with pkey. +The primary documented use is with EVP_SignFinal(3) and +EVP_SealInit(3), but it isn't limited there. The returned size is +also large enough for the output buffer of EVP_PKEY_sign(3), +EVP_PKEY_encrypt(3), EVP_PKEY_decrypt(3), EVP_PKEY_derive(3).

    +

    It must be stressed that, unless the documentation for the operation +that's being performed says otherwise, the size returned by +EVP_PKEY_size() is only preliminary and not exact, so the final +contents of the target buffer may be smaller. It is therefore crucial +to take note of the size given back by the function that performs the +operation, such as EVP_PKEY_sign(3) (the siglen argument will +receive that length), to avoid bugs.

    +

    EVP_PKEY_bits() returns the cryptographic length of the cryptosystem +to which the key in pkey belongs, in bits. Note that the definition +of cryptographic length is specific to the key cryptosystem.

    +

    EVP_PKEY_security_bits() returns the number of security bits of the given +pkey, bits of security is defined in NIST SP800-57.

    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_PKEY_size(), EVP_PKEY_bits() and EVP_PKEY_security_bits() return a +positive number, or 0 if this size isn't available.

    +

    +

    +
    +

    NOTES

    +

    Most functions that have an output buffer and are mentioned with +EVP_PKEY_size() have a functionality where you can pass NULL for the +buffer and still pass a pointer to an integer and get the exact size +that this function call delivers in the context that it's called in. +This allows those functions to be called twice, once to find out the +exact buffer size, then allocate the buffer in between, and call that +function again actually output the data. For those functions, it +isn't strictly necessary to call EVP_PKEY_size() to find out the +buffer size, but may be useful in cases where it's desirable to know +the upper limit in advance.

    +

    It should also be especially noted that EVP_PKEY_size() shouldn't be +used to get the output size for EVP_DigestSignFinal(), according to +EVP_DigestSignFinal(3)/NOTES.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_SignFinal(3), +EVP_SealInit(3), +EVP_PKEY_sign(3), +EVP_PKEY_encrypt(3), +EVP_PKEY_decrypt(3), +EVP_PKEY_derive(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_supports_digest_nid.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_supports_digest_nid.html new file mode 100755 index 0000000..c7d4a4e --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_supports_digest_nid.html @@ -0,0 +1,94 @@ + + + + +EVP_PKEY_supports_digest_nid + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_PKEY_supports_digest_nid - indicate support for signature digest

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
+ int EVP_PKEY_supports_digest_nid(EVP_PKEY *pkey, int nid);
    +

    +

    +
    +

    DESCRIPTION

    +

    The EVP_PKEY_supports_digest_nid() function queries whether the message digest +NID nid is supported for public key signature operations associated with key +pkey.

    +

    +

    +
    +

    NOTES

    +

    If the EVP_PKEY implementation does not explicitly support this method, but +EVP_PKEY_get_default_digest_nid(3) returns a mandatory digest result, then +only that mandatory digest will be supported.

    +

    +

    +
    +

    RETURN VALUES

    +

    The EVP_PKEY_supports_digest_nid() function returns 1 if the message digest +algorithm identified by nid can be used for public key signature operations +associated with key pkey and 0 if it cannot be used. It returns a negative +value for failure. In particular a return value of -2 indicates the query +operation is not supported by the public key algorithm.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_PKEY_CTX_new(3), +EVP_PKEY_get_default_digest_nid(3), +EVP_PKEY_sign(3), +EVP_PKEY_verify(3), +EVP_PKEY_verify_recover(3),

    +

    +

    +
    +

    HISTORY

    +

    The EVP_PKEY_supports_digest_nid() function was added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_verify.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_verify.html new file mode 100755 index 0000000..da27073 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_verify.html @@ -0,0 +1,147 @@ + + + + +EVP_PKEY_verify + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_PKEY_verify_init, EVP_PKEY_verify +- signature verification using a public key algorithm

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_verify(EVP_PKEY_CTX *ctx,
+                     const unsigned char *sig, size_t siglen,
+                     const unsigned char *tbs, size_t tbslen);
    +

    +

    +
    +

    DESCRIPTION

    +

    EVP_PKEY_verify_init() initializes a public key algorithm context ctx for +signing using the algorithm given when the context was created +using EVP_PKEY_CTX_new(3) or variants thereof. The algorithm is used to +fetch a EVP_SIGNATURE method implicitly, see provider(7)/Implicit fetch +for more information about implict fetches.

    +

    The EVP_PKEY_verify() function performs a public key verification operation +using ctx. The signature is specified using the sig and +siglen parameters. The verified data (i.e. the data believed originally +signed) is specified using the tbs and tbslen parameters.

    +

    +

    +
    +

    NOTES

    +

    After the call to EVP_PKEY_verify_init() algorithm specific control +operations can be performed to set any appropriate parameters for the +operation.

    +

    The function EVP_PKEY_verify() can be called more than once on the same +context if several operations are performed using the same parameters.

    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_PKEY_verify_init() and EVP_PKEY_verify() return 1 if the verification was +successful and 0 if it failed. Unlike other functions the return value 0 from +EVP_PKEY_verify() only indicates that the signature did not verify +successfully (that is tbs did not match the original data or the signature was +of invalid form) it is not an indication of a more serious error.

    +

    A negative value indicates an error other that signature verification failure. +In particular a return value of -2 indicates the operation is not supported by +the public key algorithm.

    +

    +

    +
    +

    EXAMPLES

    +

    Verify signature using PKCS#1 and SHA256 digest:

    +
    + #include <openssl/evp.h>
+ #include <openssl/rsa.h>
    +
    + EVP_PKEY_CTX *ctx;
+ unsigned char *md, *sig;
+ size_t mdlen, siglen;
+ EVP_PKEY *verify_key;
    +
    + /*
+  * NB: assumes verify_key, sig, siglen md and mdlen are already set up
+  * and that verify_key is an RSA public key
+  */
+ ctx = EVP_PKEY_CTX_new(verify_key, NULL /* no engine */);
+ if (!ctx)
+     /* Error occurred */
+ if (EVP_PKEY_verify_init(ctx) <= 0)
+     /* Error */
+ if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
+     /* Error */
+ if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0)
+     /* Error */
    +
    + /* Perform operation */
+ ret = EVP_PKEY_verify(ctx, sig, siglen, md, mdlen);
    +
    + /*
+  * ret == 1 indicates success, 0 verify failure and < 0 for some
+  * other error.
+  */
    +

    +

    +
    +

    SEE ALSO

    +

    EVP_PKEY_CTX_new(3), +EVP_PKEY_encrypt(3), +EVP_PKEY_decrypt(3), +EVP_PKEY_sign(3), +EVP_PKEY_verify_recover(3), +EVP_PKEY_derive(3)

    +

    +

    +
    +

    HISTORY

    +

    These functions were added in OpenSSL 1.0.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_verify_recover.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_verify_recover.html new file mode 100755 index 0000000..70d84a4 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_PKEY_verify_recover.html @@ -0,0 +1,157 @@ + + + + +EVP_PKEY_verify_recover + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_PKEY_verify_recover_init, EVP_PKEY_verify_recover +- recover signature using a public key algorithm

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx,
+                             unsigned char *rout, size_t *routlen,
+                             const unsigned char *sig, size_t siglen);
    +

    +

    +
    +

    DESCRIPTION

    +

    EVP_PKEY_verify_recover_init() initializes a public key algorithm context +ctx for signing using the algorithm given when the context was created +using EVP_PKEY_CTX_new(3) or variants thereof. The algorithm is used to +fetch a EVP_SIGNATURE method implicitly, see provider(7)/Implicit fetch +for more information about implict fetches.

    +

    The EVP_PKEY_verify_recover() function recovers signed data +using ctx. The signature is specified using the sig and +siglen parameters. If rout is NULL then the maximum size of the output +buffer is written to the routlen parameter. If rout is not NULL then +before the call the routlen parameter should contain the length of the +rout buffer, if the call is successful recovered data is written to +rout and the amount of data written to routlen.

    +

    +

    +
    +

    NOTES

    +

    Normally an application is only interested in whether a signature verification +operation is successful in those cases the EVP_verify() function should be +used.

    +

    Sometimes however it is useful to obtain the data originally signed using a +signing operation. Only certain public key algorithms can recover a signature +in this way (for example RSA in PKCS padding mode).

    +

    After the call to EVP_PKEY_verify_recover_init() algorithm specific control +operations can be performed to set any appropriate parameters for the +operation.

    +

    The function EVP_PKEY_verify_recover() can be called more than once on the same +context if several operations are performed using the same parameters.

    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_PKEY_verify_recover_init() and EVP_PKEY_verify_recover() return 1 for success +and 0 or a negative value for failure. In particular a return value of -2 +indicates the operation is not supported by the public key algorithm.

    +

    +

    +
    +

    EXAMPLES

    +

    Recover digest originally signed using PKCS#1 and SHA256 digest:

    +
    + #include <openssl/evp.h>
+ #include <openssl/rsa.h>
    +
    + EVP_PKEY_CTX *ctx;
+ unsigned char *rout, *sig;
+ size_t routlen, siglen;
+ EVP_PKEY *verify_key;
    +
    + /*
+  * NB: assumes verify_key, sig and siglen are already set up
+  * and that verify_key is an RSA public key
+  */
+ ctx = EVP_PKEY_CTX_new(verify_key, NULL /* no engine */);
+ if (!ctx)
+     /* Error occurred */
+ if (EVP_PKEY_verify_recover_init(ctx) <= 0)
+     /* Error */
+ if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
+     /* Error */
+ if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0)
+     /* Error */
    +
    + /* Determine buffer length */
+ if (EVP_PKEY_verify_recover(ctx, NULL, &routlen, sig, siglen) <= 0)
+     /* Error */
    +
    + rout = OPENSSL_malloc(routlen);
    +
    + if (!rout)
+     /* malloc failure */
    +
    + if (EVP_PKEY_verify_recover(ctx, rout, &routlen, sig, siglen) <= 0)
+     /* Error */
    +
    + /* Recovered data is routlen bytes written to buffer rout */
    +

    +

    +
    +

    SEE ALSO

    +

    EVP_PKEY_CTX_new(3), +EVP_PKEY_encrypt(3), +EVP_PKEY_decrypt(3), +EVP_PKEY_sign(3), +EVP_PKEY_verify(3), +EVP_PKEY_derive(3)

    +

    +

    +
    +

    HISTORY

    +

    These functions were added in OpenSSL 1.0.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_SIGNATURE_free.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_SIGNATURE_free.html new file mode 100755 index 0000000..ff6443a --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_SIGNATURE_free.html @@ -0,0 +1,118 @@ + + + + +EVP_SIGNATURE_free + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_SIGNATURE_fetch, EVP_SIGNATURE_free, EVP_SIGNATURE_up_ref, +EVP_SIGNATURE_number, EVP_SIGNATURE_is_a, EVP_SIGNATURE_provider, +EVP_SIGNATURE_do_all_provided, EVP_SIGNATURE_names_do_all +- Functions to manage EVP_SIGNATURE algorithm objects

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + EVP_SIGNATURE *EVP_SIGNATURE_fetch(OPENSSL_CTX *ctx, const char *algorithm,
+                                    const char *properties);
+ void EVP_SIGNATURE_free(EVP_SIGNATURE *signature);
+ int EVP_SIGNATURE_up_ref(EVP_SIGNATURE *signature);
+ int EVP_SIGNATURE_number(const EVP_SIGNATURE *signature);
+ int EVP_SIGNATURE_is_a(const EVP_SIGNATURE *signature, const char *name);
+ OSSL_PROVIDER *EVP_SIGNATURE_provider(const EVP_SIGNATURE *signature);
+ void EVP_SIGNATURE_do_all_provided(OPENSSL_CTX *libctx,
+                                    void (*fn)(EVP_SIGNATURE *signature,
+                                               void *arg),
+                                    void *arg);
+ void EVP_SIGNATURE_names_do_all(const EVP_SIGNATURE *signature,
+                                 void (*fn)(const char *name, void *data),
+                                 void *data);
    +

    +

    +
    +

    DESCRIPTION

    +

    EVP_SIGNATURE_fetch() fetches the implementation for the given +algorithm from any provider offering it, within the criteria given +by the properties. +The algorithm will be one offering functions for performing signature related +tasks such as signing and verifying. +See provider(7)/Fetching algorithms for further information.

    +

    The returned value must eventually be freed with EVP_SIGNATURE_free().

    +

    EVP_SIGNATURE_free() decrements the reference count for the EVP_SIGNATURE +structure. Typically this structure will have been obtained from an earlier call +to EVP_SIGNATURE_fetch(). If the reference count drops to 0 then the +structure is freed.

    +

    EVP_SIGNATURE_up_ref() increments the reference count for an EVP_SIGNATURE +structure.

    +

    EVP_SIGNATURE_is_a() returns 1 if signature is an implementation of an +algorithm that's identifiable with name, otherwise 0.

    +

    EVP_SIGNATURE_provider() returns the provider that signature was fetched from.

    +

    EVP_SIGNATURE_do_all_provided() traverses all SIGNATURE implemented by all +activated roviders in the given library context libctx, and for each of the +implementations, calls the given function fn with the implementation method +and the given arg as argument.

    +

    EVP_SIGNATURE_number() returns the internal dynamic number assigned to +signature.

    +

    EVP_SIGNATURE_names_do_all() traverses all names for signature, and calls +fn with each name and data.

    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_SIGNATURE_fetch() returns a pointer to an EVP_SIGNATURE for success +or NULL for failure.

    +

    EVP_SIGNATURE_up_ref() returns 1 for success or 0 otherwise.

    +

    +

    +
    +

    SEE ALSO

    +

    provider(7)/Fetching algorithms, OSSL_PROVIDER(3)

    +

    +

    +
    +

    HISTORY

    +

    The functions described here were added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_SealInit.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_SealInit.html new file mode 100755 index 0000000..b227e88 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_SealInit.html @@ -0,0 +1,123 @@ + + + + +EVP_SealInit + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_SealInit, EVP_SealUpdate, EVP_SealFinal - EVP envelope encryption

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+                  unsigned char **ek, int *ekl, unsigned char *iv,
+                  EVP_PKEY **pubk, int npubk);
+ int EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                    int *outl, unsigned char *in, int inl);
+ int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
    +

    +

    +
    +

    DESCRIPTION

    +

    The EVP envelope routines are a high level interface to envelope +encryption. They generate a random key and IV (if required) then +"envelope" it by using public key encryption. Data can then be +encrypted using this key.

    +

    EVP_SealInit() initializes a cipher context ctx for encryption +with cipher type using a random secret key and IV. type is normally +supplied by a function such as EVP_aes_256_cbc(). The secret key is encrypted +using one or more public keys, this allows the same encrypted data to be +decrypted using any of the corresponding private keys. ek is an array of +buffers where the public key encrypted secret key will be written, each buffer +must contain enough room for the corresponding encrypted key: that is +ek[i] must have room for EVP_PKEY_size(pubk[i]) bytes. The actual +size of each encrypted secret key is written to the array ekl. pubk is +an array of npubk public keys.

    +

    The iv parameter is a buffer where the generated IV is written to. It must +contain enough room for the corresponding cipher's IV, as determined by (for +example) EVP_CIPHER_iv_length(type).

    +

    If the cipher does not require an IV then the iv parameter is ignored +and can be NULL.

    +

    EVP_SealUpdate() and EVP_SealFinal() have exactly the same properties +as the EVP_EncryptUpdate() and EVP_EncryptFinal() routines, as +documented on the EVP_EncryptInit(3) manual +page.

    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_SealInit() returns 0 on error or npubk if successful.

    +

    EVP_SealUpdate() and EVP_SealFinal() return 1 for success and 0 for +failure.

    +

    +

    +
    +

    NOTES

    +

    Because a random secret key is generated the random number generator +must be seeded when EVP_SealInit() is called. +If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to +external circumstances (see RAND(7)), the operation will fail.

    +

    The public key must be RSA because it is the only OpenSSL public key +algorithm that supports key transport.

    +

    Envelope encryption is the usual method of using public key encryption +on large amounts of data, this is because public key encryption is slow +but symmetric encryption is fast. So symmetric encryption is used for +bulk encryption and the small random symmetric key used is transferred +using public key encryption.

    +

    It is possible to call EVP_SealInit() twice in the same way as +EVP_EncryptInit(). The first call should have npubk set to 0 +and (after setting any cipher parameters) it should be called again +with type set to NULL.

    +

    +

    +
    +

    SEE ALSO

    +

    evp(7), RAND_bytes(3), +EVP_EncryptInit(3), +EVP_OpenInit(3), +RAND(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_SignInit.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_SignInit.html new file mode 100755 index 0000000..adf88d8 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_SignInit.html @@ -0,0 +1,129 @@ + + + + +EVP_SignInit + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_SignInit, EVP_SignInit_ex, EVP_SignUpdate, EVP_SignFinal +- EVP signing functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + int EVP_SignInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
+ int EVP_SignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
+ int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sig, unsigned int *s, EVP_PKEY *pkey);
    +
    + void EVP_SignInit(EVP_MD_CTX *ctx, const EVP_MD *type);
    +

    +

    +
    +

    DESCRIPTION

    +

    The EVP signature routines are a high level interface to digital +signatures.

    +

    EVP_SignInit_ex() sets up signing context ctx to use digest +type from ENGINE impl. ctx must be created with +EVP_MD_CTX_new() before calling this function.

    +

    EVP_SignUpdate() hashes cnt bytes of data at d into the +signature context ctx. This function can be called several times on the +same ctx to include additional data.

    +

    EVP_SignFinal() signs the data in ctx using the private key pkey and +places the signature in sig. sig must be at least EVP_PKEY_size(pkey) +bytes in size. s is an OUT parameter, and not used as an IN parameter. +The number of bytes of data written (i.e. the length of the signature) +will be written to the integer at s, at most EVP_PKEY_size(pkey) bytes +will be written.

    +

    EVP_SignInit() initializes a signing context ctx to use the default +implementation of digest type.

    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_SignInit_ex(), EVP_SignUpdate() and EVP_SignFinal() return 1 +for success and 0 for failure.

    +

    The error codes can be obtained by ERR_get_error(3).

    +

    +

    +
    +

    NOTES

    +

    The EVP interface to digital signatures should almost always be used in +preference to the low level interfaces. This is because the code then becomes +transparent to the algorithm used and much more flexible.

    +

    When signing with DSA private keys the random number generator must be seeded. +If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to +external circumstances (see RAND(7)), the operation will fail. +This requirement does not hold for RSA signatures.

    +

    The call to EVP_SignFinal() internally finalizes a copy of the digest context. +This means that calls to EVP_SignUpdate() and EVP_SignFinal() can be called +later to digest and sign additional data.

    +

    Since only a copy of the digest context is ever finalized the context must +be cleaned up after use by calling EVP_MD_CTX_free() or a memory leak +will occur.

    +

    +

    +
    +

    BUGS

    +

    Older versions of this documentation wrongly stated that calls to +EVP_SignUpdate() could not be made after calling EVP_SignFinal().

    +

    Since the private key is passed in the call to EVP_SignFinal() any error +relating to the private key (for example an unsuitable key and digest +combination) will not be indicated until after potentially large amounts of +data have been passed through EVP_SignUpdate().

    +

    It is not possible to change the signing parameters using these function.

    +

    The previous two bugs are fixed in the newer EVP_SignDigest*() function.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_PKEY_size(3), EVP_PKEY_bits(3), EVP_PKEY_security_bits(3), +EVP_VerifyInit(3), +EVP_DigestInit(3), +evp(7), HMAC(3), MD2(3), +MD5(3), MDC2(3), RIPEMD160(3), +SHA1(3), openssl-dgst(1)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_VerifyInit.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_VerifyInit.html new file mode 100755 index 0000000..9982076 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_VerifyInit.html @@ -0,0 +1,125 @@ + + + + +EVP_VerifyInit + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_VerifyInit_ex, +EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal +- EVP signature verification functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + int EVP_VerifyInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
+ int EVP_VerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
+ int EVP_VerifyFinal(EVP_MD_CTX *ctx, unsigned char *sigbuf, unsigned int siglen,
+                     EVP_PKEY *pkey);
    +
    + int EVP_VerifyInit(EVP_MD_CTX *ctx, const EVP_MD *type);
    +

    +

    +
    +

    DESCRIPTION

    +

    The EVP signature verification routines are a high level interface to digital +signatures.

    +

    EVP_VerifyInit_ex() sets up verification context ctx to use digest +type from ENGINE impl. ctx must be created by calling +EVP_MD_CTX_new() before calling this function.

    +

    EVP_VerifyUpdate() hashes cnt bytes of data at d into the +verification context ctx. This function can be called several times on the +same ctx to include additional data.

    +

    EVP_VerifyFinal() verifies the data in ctx using the public key pkey +and against the siglen bytes at sigbuf.

    +

    EVP_VerifyInit() initializes verification context ctx to use the default +implementation of digest type.

    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_VerifyInit_ex() and EVP_VerifyUpdate() return 1 for success and 0 for +failure.

    +

    EVP_VerifyFinal() returns 1 for a correct signature, 0 for failure and -1 if some +other error occurred.

    +

    The error codes can be obtained by ERR_get_error(3).

    +

    +

    +
    +

    NOTES

    +

    The EVP interface to digital signatures should almost always be used in +preference to the low level interfaces. This is because the code then becomes +transparent to the algorithm used and much more flexible.

    +

    The call to EVP_VerifyFinal() internally finalizes a copy of the digest context. +This means that calls to EVP_VerifyUpdate() and EVP_VerifyFinal() can be called +later to digest and verify additional data.

    +

    Since only a copy of the digest context is ever finalized the context must +be cleaned up after use by calling EVP_MD_CTX_free() or a memory leak +will occur.

    +

    +

    +
    +

    BUGS

    +

    Older versions of this documentation wrongly stated that calls to +EVP_VerifyUpdate() could not be made after calling EVP_VerifyFinal().

    +

    Since the public key is passed in the call to EVP_SignFinal() any error +relating to the private key (for example an unsuitable key and digest +combination) will not be indicated until after potentially large amounts of +data have been passed through EVP_SignUpdate().

    +

    It is not possible to change the signing parameters using these function.

    +

    The previous two bugs are fixed in the newer EVP_DigestVerify*() function.

    +

    +

    +
    +

    SEE ALSO

    +

    evp(7), +EVP_SignInit(3), +EVP_DigestInit(3), +evp(7), HMAC(3), MD2(3), +MD5(3), MDC2(3), RIPEMD160(3), +SHA1(3), openssl-dgst(1)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_aes_128_gcm.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_aes_128_gcm.html new file mode 100755 index 0000000..f04f7ba --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_aes_128_gcm.html @@ -0,0 +1,221 @@ + + + + +EVP_aes_128_gcm + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_aes_128_cbc, +EVP_aes_192_cbc, +EVP_aes_256_cbc, +EVP_aes_128_cfb, +EVP_aes_192_cfb, +EVP_aes_256_cfb, +EVP_aes_128_cfb1, +EVP_aes_192_cfb1, +EVP_aes_256_cfb1, +EVP_aes_128_cfb8, +EVP_aes_192_cfb8, +EVP_aes_256_cfb8, +EVP_aes_128_cfb128, +EVP_aes_192_cfb128, +EVP_aes_256_cfb128, +EVP_aes_128_ctr, +EVP_aes_192_ctr, +EVP_aes_256_ctr, +EVP_aes_128_ecb, +EVP_aes_192_ecb, +EVP_aes_256_ecb, +EVP_aes_128_ofb, +EVP_aes_192_ofb, +EVP_aes_256_ofb, +EVP_aes_128_cbc_hmac_sha1, +EVP_aes_256_cbc_hmac_sha1, +EVP_aes_128_cbc_hmac_sha256, +EVP_aes_256_cbc_hmac_sha256, +EVP_aes_128_ccm, +EVP_aes_192_ccm, +EVP_aes_256_ccm, +EVP_aes_128_gcm, +EVP_aes_192_gcm, +EVP_aes_256_gcm, +EVP_aes_128_ocb, +EVP_aes_192_ocb, +EVP_aes_256_ocb, +EVP_aes_128_wrap, +EVP_aes_192_wrap, +EVP_aes_256_wrap, +EVP_aes_128_wrap_pad, +EVP_aes_192_wrap_pad, +EVP_aes_256_wrap_pad, +EVP_aes_128_xts, +EVP_aes_256_xts +- EVP AES cipher

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + const EVP_CIPHER *EVP_ciphername(void)
    +

    EVP_ciphername is used a placeholder for any of the described cipher +functions, such as EVP_aes_128_cbc.

    +

    +

    +
    +

    DESCRIPTION

    +

    The AES encryption algorithm for EVP.

    +
    +
    EVP_aes_128_cbc(), +EVP_aes_192_cbc(), +EVP_aes_256_cbc(), +EVP_aes_128_cfb(), +EVP_aes_192_cfb(), +EVP_aes_256_cfb(), +EVP_aes_128_cfb1(), +EVP_aes_192_cfb1(), +EVP_aes_256_cfb1(), +EVP_aes_128_cfb8(), +EVP_aes_192_cfb8(), +EVP_aes_256_cfb8(), +EVP_aes_128_cfb128(), +EVP_aes_192_cfb128(), +EVP_aes_256_cfb128(), +EVP_aes_128_ctr(), +EVP_aes_192_ctr(), +EVP_aes_256_ctr(), +EVP_aes_128_ecb(), +EVP_aes_192_ecb(), +EVP_aes_256_ecb(), +EVP_aes_128_ofb(), +EVP_aes_192_ofb(), +EVP_aes_256_ofb()
    + +
    +

    AES for 128, 192 and 256 bit keys in the following modes: CBC, CFB with 128-bit +shift, CFB with 1-bit shift, CFB with 8-bit shift, CTR, ECB, and OFB.

    +
    +
    EVP_aes_128_cbc_hmac_sha1(), +EVP_aes_256_cbc_hmac_sha1()
    + +
    +

    Authenticated encryption with AES in CBC mode using SHA-1 as HMAC, with keys of +128 and 256 bits length respectively. The authentication tag is 160 bits long.

    +

    WARNING: this is not intended for usage outside of TLS and requires calling of +some undocumented ctrl functions. These ciphers do not conform to the EVP AEAD +interface.

    +
    +
    EVP_aes_128_cbc_hmac_sha256(), +EVP_aes_256_cbc_hmac_sha256()
    + +
    +

    Authenticated encryption with AES in CBC mode using SHA256 (SHA-2, 256-bits) as +HMAC, with keys of 128 and 256 bits length respectively. The authentication tag +is 256 bits long.

    +

    WARNING: this is not intended for usage outside of TLS and requires calling of +some undocumented ctrl functions. These ciphers do not conform to the EVP AEAD +interface.

    +
    +
    EVP_aes_128_ccm(), +EVP_aes_192_ccm(), +EVP_aes_256_ccm(), +EVP_aes_128_gcm(), +EVP_aes_192_gcm(), +EVP_aes_256_gcm(), +EVP_aes_128_ocb(), +EVP_aes_192_ocb(), +EVP_aes_256_ocb()
    + +
    +

    AES for 128, 192 and 256 bit keys in CBC-MAC Mode (CCM), Galois Counter Mode +(GCM) and OCB Mode respectively. These ciphers require additional control +operations to function correctly, see the EVP_EncryptInit(3)/AEAD Interface +section for details.

    +
    +
    EVP_aes_128_wrap(), +EVP_aes_192_wrap(), +EVP_aes_256_wrap(), +EVP_aes_128_wrap_pad(), +EVP_aes_128_wrap(), +EVP_aes_192_wrap(), +EVP_aes_256_wrap(), +EVP_aes_192_wrap_pad(), +EVP_aes_128_wrap(), +EVP_aes_192_wrap(), +EVP_aes_256_wrap(), +EVP_aes_256_wrap_pad()
    + +
    +

    AES key wrap with 128, 192 and 256 bit keys, as according to RFC 3394 section +2.2.1 ("wrap") and RFC 5649 section 4.1 ("wrap with padding") respectively.

    +
    +
    EVP_aes_128_xts(), +EVP_aes_256_xts()
    + +
    +

    AES XTS mode (XTS-AES) is standardized in IEEE Std. 1619-2007 and described in NIST +SP 800-38E. The XTS (XEX-based tweaked-codebook mode with ciphertext stealing) +mode was designed by Prof. Phillip Rogaway of University of California, Davis, +intended for encrypting data on a storage device.

    +

    XTS-AES provides confidentiality but not authentication of data. It also +requires a key of double-length for protection of a certain key size. +In particular, XTS-AES-128 (EVP_aes_128_xts) takes input of a 256-bit key to +achieve AES 128-bit security, and XTS-AES-256 (EVP_aes_256_xts) takes input +of a 512-bit key to achieve AES 256-bit security.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    These functions return an EVP_CIPHER structure that contains the +implementation of the symmetric cipher. See EVP_CIPHER_meth_new(3) for +details of the EVP_CIPHER structure.

    +

    +

    +
    +

    SEE ALSO

    +

    evp(7), +EVP_EncryptInit(3), +EVP_CIPHER_meth_new(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_aria_128_gcm.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_aria_128_gcm.html new file mode 100755 index 0000000..e4c95e7 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_aria_128_gcm.html @@ -0,0 +1,150 @@ + + + + +EVP_aria_128_gcm + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_aria_128_cbc, +EVP_aria_192_cbc, +EVP_aria_256_cbc, +EVP_aria_128_cfb, +EVP_aria_192_cfb, +EVP_aria_256_cfb, +EVP_aria_128_cfb1, +EVP_aria_192_cfb1, +EVP_aria_256_cfb1, +EVP_aria_128_cfb8, +EVP_aria_192_cfb8, +EVP_aria_256_cfb8, +EVP_aria_128_cfb128, +EVP_aria_192_cfb128, +EVP_aria_256_cfb128, +EVP_aria_128_ctr, +EVP_aria_192_ctr, +EVP_aria_256_ctr, +EVP_aria_128_ecb, +EVP_aria_192_ecb, +EVP_aria_256_ecb, +EVP_aria_128_ofb, +EVP_aria_192_ofb, +EVP_aria_256_ofb, +EVP_aria_128_ccm, +EVP_aria_192_ccm, +EVP_aria_256_ccm, +EVP_aria_128_gcm, +EVP_aria_192_gcm, +EVP_aria_256_gcm, +- EVP ARIA cipher

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + const EVP_CIPHER *EVP_ciphername(void)
    +

    EVP_ciphername is used a placeholder for any of the described cipher +functions, such as EVP_aria_128_cbc.

    +

    +

    +
    +

    DESCRIPTION

    +

    The ARIA encryption algorithm for EVP.

    +
    +
    EVP_aria_128_cbc(), +EVP_aria_192_cbc(), +EVP_aria_256_cbc(), +EVP_aria_128_cfb(), +EVP_aria_192_cfb(), +EVP_aria_256_cfb(), +EVP_aria_128_cfb1(), +EVP_aria_192_cfb1(), +EVP_aria_256_cfb1(), +EVP_aria_128_cfb8(), +EVP_aria_192_cfb8(), +EVP_aria_256_cfb8(), +EVP_aria_128_cfb128(), +EVP_aria_192_cfb128(), +EVP_aria_256_cfb128(), +EVP_aria_128_ctr(), +EVP_aria_192_ctr(), +EVP_aria_256_ctr(), +EVP_aria_128_ecb(), +EVP_aria_192_ecb(), +EVP_aria_256_ecb(), +EVP_aria_128_ofb(), +EVP_aria_192_ofb(), +EVP_aria_256_ofb()
    + +
    +

    ARIA for 128, 192 and 256 bit keys in the following modes: CBC, CFB with +128-bit shift, CFB with 1-bit shift, CFB with 8-bit shift, CTR, ECB and OFB.

    +
    +
    EVP_aria_128_ccm(), +EVP_aria_192_ccm(), +EVP_aria_256_ccm(), +EVP_aria_128_gcm(), +EVP_aria_192_gcm(), +EVP_aria_256_gcm(),
    + +
    +

    ARIA for 128, 192 and 256 bit keys in CBC-MAC Mode (CCM) and Galois Counter +Mode (GCM). These ciphers require additional control operations to function +correctly, see the EVP_EncryptInit(3)/AEAD Interface section for details.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    These functions return an EVP_CIPHER structure that contains the +implementation of the symmetric cipher. See EVP_CIPHER_meth_new(3) for +details of the EVP_CIPHER structure.

    +

    +

    +
    +

    SEE ALSO

    +

    evp(7), +EVP_EncryptInit(3), +EVP_CIPHER_meth_new(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_bf_cbc.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_bf_cbc.html new file mode 100755 index 0000000..e4a1b09 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_bf_cbc.html @@ -0,0 +1,96 @@ + + + + +EVP_bf_cbc + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_bf_cbc, +EVP_bf_cfb, +EVP_bf_cfb64, +EVP_bf_ecb, +EVP_bf_ofb +- EVP Blowfish cipher

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + const EVP_CIPHER *EVP_bf_cbc(void)
+ const EVP_CIPHER *EVP_bf_cfb(void)
+ const EVP_CIPHER *EVP_bf_cfb64(void)
+ const EVP_CIPHER *EVP_bf_ecb(void)
+ const EVP_CIPHER *EVP_bf_ofb(void)
    +

    +

    +
    +

    DESCRIPTION

    +

    The Blowfish encryption algorithm for EVP.

    +

    This is a variable key length cipher.

    +
    +
    EVP_bf_cbc(), +EVP_bf_cfb(), +EVP_bf_cfb64(), +EVP_bf_ecb(), +EVP_bf_ofb()
    + +
    +

    Blowfish encryption algorithm in CBC, CFB, ECB and OFB modes respectively.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    These functions return an EVP_CIPHER structure that contains the +implementation of the symmetric cipher. See EVP_CIPHER_meth_new(3) for +details of the EVP_CIPHER structure.

    +

    +

    +
    +

    SEE ALSO

    +

    evp(7), +EVP_EncryptInit(3), +EVP_CIPHER_meth_new(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_blake2b512.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_blake2b512.html new file mode 100755 index 0000000..ec85ebb --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_blake2b512.html @@ -0,0 +1,105 @@ + + + + +EVP_blake2b512 + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_blake2b512, +EVP_blake2s256 +- BLAKE2 For EVP

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + const EVP_MD *EVP_blake2b512(void);
+ const EVP_MD *EVP_blake2s256(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    BLAKE2 is an improved version of BLAKE, which was submitted to the NIST SHA-3 +algorithm competition. The BLAKE2s and BLAKE2b algorithms are described in +RFC 7693.

    +
    +
    EVP_blake2s256()
    + +
    +

    The BLAKE2s algorithm that produces a 256-bit output from a given input.

    +
    +
    EVP_blake2b512()
    + +
    +

    The BLAKE2b algorithm that produces a 512-bit output from a given input.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    These functions return a EVP_MD structure that contains the +implementation of the symmetric cipher. See EVP_MD_meth_new(3) for +details of the EVP_MD structure.

    +

    +

    +
    +

    CONFORMING TO

    +

    RFC 7693.

    +

    +

    +
    +

    NOTES

    +

    While the BLAKE2b and BLAKE2s algorithms supports a variable length digest, +this implementation outputs a digest of a fixed length (the maximum length +supported), which is 512-bits for BLAKE2b and 256-bits for BLAKE2s.

    +

    +

    +
    +

    SEE ALSO

    +

    evp(7), +EVP_DigestInit(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_camellia_128_ecb.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_camellia_128_ecb.html new file mode 100755 index 0000000..185e3cb --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_camellia_128_ecb.html @@ -0,0 +1,132 @@ + + + + +EVP_camellia_128_ecb + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_camellia_128_cbc, +EVP_camellia_192_cbc, +EVP_camellia_256_cbc, +EVP_camellia_128_cfb, +EVP_camellia_192_cfb, +EVP_camellia_256_cfb, +EVP_camellia_128_cfb1, +EVP_camellia_192_cfb1, +EVP_camellia_256_cfb1, +EVP_camellia_128_cfb8, +EVP_camellia_192_cfb8, +EVP_camellia_256_cfb8, +EVP_camellia_128_cfb128, +EVP_camellia_192_cfb128, +EVP_camellia_256_cfb128, +EVP_camellia_128_ctr, +EVP_camellia_192_ctr, +EVP_camellia_256_ctr, +EVP_camellia_128_ecb, +EVP_camellia_192_ecb, +EVP_camellia_256_ecb, +EVP_camellia_128_ofb, +EVP_camellia_192_ofb, +EVP_camellia_256_ofb +- EVP Camellia cipher

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + const EVP_CIPHER *EVP_ciphername(void)
    +

    EVP_ciphername is used a placeholder for any of the described cipher +functions, such as EVP_camellia_128_cbc.

    +

    +

    +
    +

    DESCRIPTION

    +

    The Camellia encryption algorithm for EVP.

    +
    +
    EVP_camellia_128_cbc(), +EVP_camellia_192_cbc(), +EVP_camellia_256_cbc(), +EVP_camellia_128_cfb(), +EVP_camellia_192_cfb(), +EVP_camellia_256_cfb(), +EVP_camellia_128_cfb1(), +EVP_camellia_192_cfb1(), +EVP_camellia_256_cfb1(), +EVP_camellia_128_cfb8(), +EVP_camellia_192_cfb8(), +EVP_camellia_256_cfb8(), +EVP_camellia_128_cfb128(), +EVP_camellia_192_cfb128(), +EVP_camellia_256_cfb128(), +EVP_camellia_128_ctr(), +EVP_camellia_192_ctr(), +EVP_camellia_256_ctr(), +EVP_camellia_128_ecb(), +EVP_camellia_192_ecb(), +EVP_camellia_256_ecb(), +EVP_camellia_128_ofb(), +EVP_camellia_192_ofb(), +EVP_camellia_256_ofb()
    + +
    +

    Camellia for 128, 192 and 256 bit keys in the following modes: CBC, CFB with +128-bit shift, CFB with 1-bit shift, CFB with 8-bit shift, CTR, ECB and OFB.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    These functions return an EVP_CIPHER structure that contains the +implementation of the symmetric cipher. See EVP_CIPHER_meth_new(3) for +details of the EVP_CIPHER structure.

    +

    +

    +
    +

    SEE ALSO

    +

    evp(7), +EVP_EncryptInit(3), +EVP_CIPHER_meth_new(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_cast5_cbc.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_cast5_cbc.html new file mode 100755 index 0000000..ee165f0 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_cast5_cbc.html @@ -0,0 +1,96 @@ + + + + +EVP_cast5_cbc + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_cast5_cbc, +EVP_cast5_cfb, +EVP_cast5_cfb64, +EVP_cast5_ecb, +EVP_cast5_ofb +- EVP CAST cipher

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + const EVP_CIPHER *EVP_cast5_cbc(void)
+ const EVP_CIPHER *EVP_cast5_cfb(void)
+ const EVP_CIPHER *EVP_cast5_cfb64(void)
+ const EVP_CIPHER *EVP_cast5_ecb(void)
+ const EVP_CIPHER *EVP_cast5_ofb(void)
    +

    +

    +
    +

    DESCRIPTION

    +

    The CAST encryption algorithm for EVP.

    +

    This is a variable key length cipher.

    +
    +
    EVP_cast5_cbc(), +EVP_cast5_ecb(), +EVP_cast5_cfb(), +EVP_cast5_cfb64(), +EVP_cast5_ofb()
    + +
    +

    CAST encryption algorithm in CBC, ECB, CFB and OFB modes respectively.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    These functions return an EVP_CIPHER structure that contains the +implementation of the symmetric cipher. See EVP_CIPHER_meth_new(3) for +details of the EVP_CIPHER structure.

    +

    +

    +
    +

    SEE ALSO

    +

    evp(7), +EVP_EncryptInit(3), +EVP_CIPHER_meth_new(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_chacha20.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_chacha20.html new file mode 100755 index 0000000..98a9959 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_chacha20.html @@ -0,0 +1,98 @@ + + + + +EVP_chacha20 + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_chacha20, +EVP_chacha20_poly1305 +- EVP ChaCha20 stream cipher

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + const EVP_CIPHER *EVP_chacha20(void)
+ const EVP_CIPHER *EVP_chacha20_poly1305(void)
    +

    +

    +
    +

    DESCRIPTION

    +

    The ChaCha20 stream cipher for EVP.

    +
    +
    EVP_chacha20()
    + +
    +

    The ChaCha20 stream cipher. The key length is 256 bits, the IV is 128 bits long. +The first 32 bits consists of a counter in little-endian order followed by a 96 +bit nonce. For example a nonce of:

    +

    000000000000000000000002

    +

    With an initial counter of 42 (2a in hex) would be expressed as:

    +

    2a000000000000000000000000000002

    +
    +
    EVP_chacha20_poly1305()
    + +
    +

    Authenticated encryption with ChaCha20-Poly1305. Like EVP_chacha20(), the key +is 256 bits and the IV is 96 bits. This supports additional authenticated data +(AAD) and produces a 128-bit authentication tag. See the +EVP_EncryptInit(3)/AEAD Interface section for more information.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    These functions return an EVP_CIPHER structure that contains the +implementation of the symmetric cipher. See EVP_CIPHER_meth_new(3) for +details of the EVP_CIPHER structure.

    +

    +

    +
    +

    SEE ALSO

    +

    evp(7), +EVP_EncryptInit(3), +EVP_CIPHER_meth_new(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_des_cbc.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_des_cbc.html new file mode 100755 index 0000000..ee11ea0 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_des_cbc.html @@ -0,0 +1,141 @@ + + + + +EVP_des_cbc + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_des_cbc, +EVP_des_cfb, +EVP_des_cfb1, +EVP_des_cfb8, +EVP_des_cfb64, +EVP_des_ecb, +EVP_des_ofb, +EVP_des_ede, +EVP_des_ede_cbc, +EVP_des_ede_cfb, +EVP_des_ede_cfb64, +EVP_des_ede_ecb, +EVP_des_ede_ofb, +EVP_des_ede3, +EVP_des_ede3_cbc, +EVP_des_ede3_cfb, +EVP_des_ede3_cfb1, +EVP_des_ede3_cfb8, +EVP_des_ede3_cfb64, +EVP_des_ede3_ecb, +EVP_des_ede3_ofb, +EVP_des_ede3_wrap +- EVP DES cipher

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + const EVP_CIPHER *EVP_ciphername(void)
    +

    EVP_ciphername is used a placeholder for any of the described cipher +functions, such as EVP_des_cbc.

    +

    +

    +
    +

    DESCRIPTION

    +

    The DES encryption algorithm for EVP.

    +
    +
    EVP_des_cbc(), +EVP_des_ecb(), +EVP_des_cfb(), +EVP_des_cfb1(), +EVP_des_cfb8(), +EVP_des_cfb64(), +EVP_des_ofb()
    + +
    +

    DES in CBC, ECB, CFB with 64-bit shift, CFB with 1-bit shift, CFB with 8-bit +shift and OFB modes.

    +
    +
    EVP_des_ede(), +EVP_des_ede_cbc(), +EVP_des_ede_cfb(), +EVP_des_ede_cfb64(), +EVP_des_ede_ecb(), +EVP_des_ede_ofb()
    + +
    +

    Two key triple DES in ECB, CBC, CFB with 64-bit shift and OFB modes.

    +
    +
    EVP_des_ede3(), +EVP_des_ede3_cbc(), +EVP_des_ede3_cfb(), +EVP_des_ede3_cfb1(), +EVP_des_ede3_cfb8(), +EVP_des_ede3_cfb64(), +EVP_des_ede3_ecb(), +EVP_des_ede3_ofb()
    + +
    +

    Three-key triple DES in ECB, CBC, CFB with 64-bit shift, CFB with 1-bit shift, +CFB with 8-bit shift and OFB modes.

    +
    +
    EVP_des_ede3_wrap()
    + +
    +

    Triple-DES key wrap according to RFC 3217 Section 3.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    These functions return an EVP_CIPHER structure that contains the +implementation of the symmetric cipher. See EVP_CIPHER_meth_new(3) for +details of the EVP_CIPHER structure.

    +

    +

    +
    +

    SEE ALSO

    +

    evp(7), +EVP_EncryptInit(3), +EVP_CIPHER_meth_new(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_desx_cbc.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_desx_cbc.html new file mode 100755 index 0000000..a770216 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_desx_cbc.html @@ -0,0 +1,84 @@ + + + + +EVP_desx_cbc + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_desx_cbc +- EVP DES-X cipher

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + const EVP_CIPHER *EVP_desx_cbc(void)
    +

    +

    +
    +

    DESCRIPTION

    +

    The DES-X encryption algorithm for EVP.

    +

    All modes below use a key length of 128 bits and acts on blocks of 128-bits.

    +
    +
    EVP_desx_cbc()
    + +
    +

    The DES-X algorithm in CBC mode.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    These functions return an EVP_CIPHER structure that contains the +implementation of the symmetric cipher. See EVP_CIPHER_meth_new(3) for +details of the EVP_CIPHER structure.

    +

    +

    +
    +

    SEE ALSO

    +

    evp(7), +EVP_EncryptInit(3), +EVP_CIPHER_meth_new(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_idea_cbc.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_idea_cbc.html new file mode 100755 index 0000000..710bc00 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_idea_cbc.html @@ -0,0 +1,95 @@ + + + + +EVP_idea_cbc + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_idea_cbc, +EVP_idea_cfb, +EVP_idea_cfb64, +EVP_idea_ecb, +EVP_idea_ofb +- EVP IDEA cipher

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + const EVP_CIPHER *EVP_idea_cbc(void)
+ const EVP_CIPHER *EVP_idea_cfb(void)
+ const EVP_CIPHER *EVP_idea_cfb64(void)
+ const EVP_CIPHER *EVP_idea_ecb(void)
+ const EVP_CIPHER *EVP_idea_ofb(void)
    +

    +

    +
    +

    DESCRIPTION

    +

    The IDEA encryption algorithm for EVP.

    +
    +
    EVP_idea_cbc(), +EVP_idea_cfb(), +EVP_idea_cfb64(), +EVP_idea_ecb(), +EVP_idea_ofb()
    + +
    +

    The IDEA encryption algorithm in CBC, CFB, ECB and OFB modes respectively.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    These functions return an EVP_CIPHER structure that contains the +implementation of the symmetric cipher. See EVP_CIPHER_meth_new(3) for +details of the EVP_CIPHER structure.

    +

    +

    +
    +

    SEE ALSO

    +

    evp(7), +EVP_EncryptInit(3), +EVP_CIPHER_meth_new(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_md2.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_md2.html new file mode 100755 index 0000000..fce5681 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_md2.html @@ -0,0 +1,89 @@ + + + + +EVP_md2 + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_md2 +- MD2 For EVP

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + const EVP_MD *EVP_md2(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    MD2 is a cryptographic hash function standardized in RFC 1319 and designed by +Ronald Rivest.

    +
    +
    EVP_md2()
    + +
    +

    The MD2 algorithm which produces a 128-bit output from a given input.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    These functions return a EVP_MD structure that contains the +implementation of the symmetric cipher. See EVP_MD_meth_new(3) for +details of the EVP_MD structure.

    +

    +

    +
    +

    CONFORMING TO

    +

    IETF RFC 1319.

    +

    +

    +
    +

    SEE ALSO

    +

    evp(7), +EVP_DigestInit(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_md4.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_md4.html new file mode 100755 index 0000000..240290b --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_md4.html @@ -0,0 +1,89 @@ + + + + +EVP_md4 + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_md4 +- MD4 For EVP

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + const EVP_MD *EVP_md4(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    MD4 is a cryptographic hash function standardized in RFC 1320 and designed by +Ronald Rivest, first published in 1990.

    +
    +
    EVP_md4()
    + +
    +

    The MD4 algorithm which produces a 128-bit output from a given input.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    These functions return a EVP_MD structure that contains the +implementation of the symmetric cipher. See EVP_MD_meth_new(3) for +details of the EVP_MD structure.

    +

    +

    +
    +

    CONFORMING TO

    +

    IETF RFC 1320.

    +

    +

    +
    +

    SEE ALSO

    +

    evp(7), +EVP_DigestInit(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_md5.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_md5.html new file mode 100755 index 0000000..ec6e6c2 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_md5.html @@ -0,0 +1,100 @@ + + + + +EVP_md5 + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_md5, +EVP_md5_sha1 +- MD5 For EVP

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + const EVP_MD *EVP_md5(void);
+ const EVP_MD *EVP_md5_sha1(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    MD5 is a cryptographic hash function standardized in RFC 1321 and designed by +Ronald Rivest.

    +

    The CMU Software Engineering Institute considers MD5 unsuitable for further +use since its security has been severely compromised.

    +
    +
    EVP_md5()
    + +
    +

    The MD5 algorithm which produces a 128-bit output from a given input.

    +
    +
    EVP_md5_sha1()
    + +
    +

    A hash algorithm of SSL v3 that combines MD5 with SHA-1 as described in RFC +6101.

    +

    WARNING: this algorithm is not intended for non-SSL usage.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    These functions return a EVP_MD structure that contains the +implementation of the symmetric cipher. See EVP_MD_meth_new(3) for +details of the EVP_MD structure.

    +

    +

    +
    +

    CONFORMING TO

    +

    IETF RFC 1321.

    +

    +

    +
    +

    SEE ALSO

    +

    evp(7), +EVP_DigestInit(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_mdc2.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_mdc2.html new file mode 100755 index 0000000..87e4eb1 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_mdc2.html @@ -0,0 +1,90 @@ + + + + +EVP_mdc2 + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_mdc2 +- MDC-2 For EVP

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + const EVP_MD *EVP_mdc2(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    MDC-2 (Modification Detection Code 2 or Meyer-Schilling) is a cryptographic +hash function based on a block cipher.

    +
    +
    EVP_mdc2()
    + +
    +

    The MDC-2DES algorithm of using MDC-2 with the DES block cipher. It produces a +128-bit output from a given input.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    These functions return a EVP_MD structure that contains the +implementation of the symmetric cipher. See EVP_MD_meth_new(3) for +details of the EVP_MD structure.

    +

    +

    +
    +

    CONFORMING TO

    +

    ISO/IEC 10118-2:2000 Hash-Function 2, with DES as the underlying block cipher.

    +

    +

    +
    +

    SEE ALSO

    +

    evp(7), +EVP_DigestInit(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_rc2_cbc.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_rc2_cbc.html new file mode 100755 index 0000000..f16d4c2 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_rc2_cbc.html @@ -0,0 +1,111 @@ + + + + +EVP_rc2_cbc + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_rc2_cbc, +EVP_rc2_cfb, +EVP_rc2_cfb64, +EVP_rc2_ecb, +EVP_rc2_ofb, +EVP_rc2_40_cbc, +EVP_rc2_64_cbc +- EVP RC2 cipher

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + const EVP_CIPHER *EVP_rc2_cbc(void)
+ const EVP_CIPHER *EVP_rc2_cfb(void)
+ const EVP_CIPHER *EVP_rc2_cfb64(void)
+ const EVP_CIPHER *EVP_rc2_ecb(void)
+ const EVP_CIPHER *EVP_rc2_ofb(void)
+ const EVP_CIPHER *EVP_rc2_40_cbc(void)
+ const EVP_CIPHER *EVP_rc2_64_cbc(void)
    +

    +

    +
    +

    DESCRIPTION

    +

    The RC2 encryption algorithm for EVP.

    +
    +
    EVP_rc2_cbc(), +EVP_rc2_cfb(), +EVP_rc2_cfb64(), +EVP_rc2_ecb(), +EVP_rc2_ofb()
    + +
    +

    RC2 encryption algorithm in CBC, CFB, ECB and OFB modes respectively. This is a +variable key length cipher with an additional parameter called "effective key +bits" or "effective key length". By default both are set to 128 bits.

    +
    +
    EVP_rc2_40_cbc(), +EVP_rc2_64_cbc()
    + +
    +

    RC2 algorithm in CBC mode with a default key length and effective key length of +40 and 64 bits.

    +

    WARNING: these functions are obsolete. Their usage should be replaced with the +EVP_rc2_cbc(), EVP_CIPHER_CTX_set_key_length() and EVP_CIPHER_CTX_ctrl() +functions to set the key length and effective key length.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    These functions return an EVP_CIPHER structure that contains the +implementation of the symmetric cipher. See EVP_CIPHER_meth_new(3) for +details of the EVP_CIPHER structure.

    +

    +

    +
    +

    SEE ALSO

    +

    evp(7), +EVP_EncryptInit(3), +EVP_CIPHER_meth_new(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_rc4.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_rc4.html new file mode 100755 index 0000000..4b519d4 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_rc4.html @@ -0,0 +1,103 @@ + + + + +EVP_rc4 + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_rc4, +EVP_rc4_40, +EVP_rc4_hmac_md5 +- EVP RC4 stream cipher

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + const EVP_CIPHER *EVP_rc4(void)
+ const EVP_CIPHER *EVP_rc4_40(void)
+ const EVP_CIPHER *EVP_rc4_hmac_md5(void)
    +

    +

    +
    +

    DESCRIPTION

    +

    The RC4 stream cipher for EVP.

    +
    +
    EVP_rc4()
    + +
    +

    RC4 stream cipher. This is a variable key length cipher with a default key +length of 128 bits.

    +
    +
    EVP_rc4_40()
    + +
    +

    RC4 stream cipher with 40 bit key length.

    +

    WARNING: this function is obsolete. Its usage should be replaced with the +EVP_rc4() and the EVP_CIPHER_CTX_set_key_length() functions.

    +
    +
    EVP_rc4_hmac_md5()
    + +
    +

    Authenticated encryption with the RC4 stream cipher with MD5 as HMAC.

    +

    WARNING: this is not intended for usage outside of TLS and requires calling of +some undocumented ctrl functions. These ciphers do not conform to the EVP AEAD +interface.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    These functions return an EVP_CIPHER structure that contains the +implementation of the symmetric cipher. See EVP_CIPHER_meth_new(3) for +details of the EVP_CIPHER structure.

    +

    +

    +
    +

    SEE ALSO

    +

    evp(7), +EVP_EncryptInit(3), +EVP_CIPHER_meth_new(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_rc5_32_12_16_cbc.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_rc5_32_12_16_cbc.html new file mode 100755 index 0000000..fd63225 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_rc5_32_12_16_cbc.html @@ -0,0 +1,115 @@ + + + + +EVP_rc5_32_12_16_cbc + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_rc5_32_12_16_cbc, +EVP_rc5_32_12_16_cfb, +EVP_rc5_32_12_16_cfb64, +EVP_rc5_32_12_16_ecb, +EVP_rc5_32_12_16_ofb +- EVP RC5 cipher

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + const EVP_CIPHER *EVP_rc5_32_12_16_cbc(void)
+ const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void)
+ const EVP_CIPHER *EVP_rc5_32_12_16_cfb64(void)
+ const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void)
+ const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void)
    +

    +

    +
    +

    DESCRIPTION

    +

    The RC5 encryption algorithm for EVP.

    +
    +
    EVP_rc5_32_12_16_cbc(), +EVP_rc5_32_12_16_cfb(), +EVP_rc5_32_12_16_cfb64(), +EVP_rc5_32_12_16_ecb(), +EVP_rc5_32_12_16_ofb()
    + +
    +

    RC5 encryption algorithm in CBC, CFB, ECB and OFB modes respectively. This is a +variable key length cipher with an additional "number of rounds" parameter. By +default the key length is set to 128 bits and 12 rounds. Alternative key lengths +can be set using EVP_CIPHER_CTX_set_key_length(3). The maximum key length is +2040 bits.

    +

    The following rc5 specific ctrls are supported (see +EVP_CIPHER_CTX_ctrl(3)).

    +
    +
    EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC5_ROUNDS, rounds, NULL)
    + +
    +

    Sets the number of rounds to rounds. This must be one of RC5_8_ROUNDS, +RC5_12_ROUNDS or RC5_16_ROUNDS.

    +
    +
    EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC5_ROUNDS, 0, &rounds)
    + +
    +

    Stores the number of rounds currently configured in *rounds where *rounds +is an int.

    +
    +
    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    These functions return an EVP_CIPHER structure that contains the +implementation of the symmetric cipher. See EVP_CIPHER_meth_new(3) for +details of the EVP_CIPHER structure.

    +

    +

    +
    +

    SEE ALSO

    +

    evp(7), +EVP_EncryptInit(3), +EVP_CIPHER_meth_new(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_ripemd160.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_ripemd160.html new file mode 100755 index 0000000..1a77784 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_ripemd160.html @@ -0,0 +1,89 @@ + + + + +EVP_ripemd160 + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_ripemd160 +- RIPEMD160 For EVP

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + const EVP_MD *EVP_ripemd160(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    RIPEMD-160 is a cryptographic hash function first published in 1996 belonging +to the RIPEMD family (RACE Integrity Primitives Evaluation Message Digest).

    +
    +
    EVP_ripemd160()
    + +
    +

    The RIPEMD-160 algorithm which produces a 160-bit output from a given input.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    These functions return a EVP_MD structure that contains the +implementation of the symmetric cipher. See EVP_MD_meth_new(3) for +details of the EVP_MD structure.

    +

    +

    +
    +

    CONFORMING TO

    +

    ISO/IEC 10118-3:2016 Dedicated Hash-Function 1 (RIPEMD-160).

    +

    +

    +
    +

    SEE ALSO

    +

    evp(7), +EVP_DigestInit(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_seed_cbc.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_seed_cbc.html new file mode 100755 index 0000000..126caa8 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_seed_cbc.html @@ -0,0 +1,96 @@ + + + + +EVP_seed_cbc + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_seed_cbc, +EVP_seed_cfb, +EVP_seed_cfb128, +EVP_seed_ecb, +EVP_seed_ofb +- EVP SEED cipher

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + const EVP_CIPHER *EVP_seed_cbc(void)
+ const EVP_CIPHER *EVP_seed_cfb(void)
+ const EVP_CIPHER *EVP_seed_cfb128(void)
+ const EVP_CIPHER *EVP_seed_ecb(void)
+ const EVP_CIPHER *EVP_seed_ofb(void)
    +

    +

    +
    +

    DESCRIPTION

    +

    The SEED encryption algorithm for EVP.

    +

    All modes below use a key length of 128 bits and acts on blocks of 128-bits.

    +
    +
    EVP_seed_cbc(), +EVP_seed_cfb(), +EVP_seed_cfb128(), +EVP_seed_ecb(), +EVP_seed_ofb()
    + +
    +

    The SEED encryption algorithm in CBC, CFB, ECB and OFB modes respectively.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    These functions return an EVP_CIPHER structure that contains the +implementation of the symmetric cipher. See EVP_CIPHER_meth_new(3) for +details of the EVP_CIPHER structure.

    +

    +

    +
    +

    SEE ALSO

    +

    evp(7), +EVP_EncryptInit(3), +EVP_CIPHER_meth_new(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_set_default_properties.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_set_default_properties.html new file mode 100755 index 0000000..8ccb3d1 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_set_default_properties.html @@ -0,0 +1,85 @@ + + + + +EVP_set_default_properties + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_set_default_properties +- Set default properties for future algorithm fetches

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + int EVP_set_default_properties(OPENSSL_CTX *libctx, const char *propq);
    +

    +

    +
    +

    DESCRIPTION

    +

    EVP_set_default_properties() sets the default properties for all +future EVP algorithm fetches, implicit as well as explicit.

    +

    EVP_set_default_properties stores the properties given with the string +propq among the EVP data that's been stored in the library context +given with libctx (NULL signifies the default library context).

    +

    Any previous default property for the specified library context will +be dropped.

    +

    +

    +
    +

    RETURN VALUES

    +

    EVP_set_default_properties() returns 1 on success, or 0 on failure. +The latter adds an error on the error stack.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_MD_fetch(3)

    +

    +

    +
    +

    HISTORY

    +

    The functions described here were added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_sha1.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_sha1.html new file mode 100755 index 0000000..f8a3746 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_sha1.html @@ -0,0 +1,90 @@ + + + + +EVP_sha1 + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_sha1 +- SHA-1 For EVP

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + const EVP_MD *EVP_sha1(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    SHA-1 (Secure Hash Algorithm 1) is a cryptographic hash function standardized +in NIST FIPS 180-4. The algorithm was designed by the United States National +Security Agency and initially published in 1995.

    +
    +
    EVP_sha1()
    + +
    +

    The SHA-1 algorithm which produces a 160-bit output from a given input.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    These functions return a EVP_MD structure that contains the +implementation of the symmetric cipher. See EVP_MD_meth_new(3) for +details of the EVP_MD structure.

    +

    +

    +
    +

    CONFORMING TO

    +

    NIST FIPS 180-4.

    +

    +

    +
    +

    SEE ALSO

    +

    evp(7), +EVP_DigestInit(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_sha224.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_sha224.html new file mode 100755 index 0000000..e0648cd --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_sha224.html @@ -0,0 +1,109 @@ + + + + +EVP_sha224 + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_sha224, +EVP_sha256, +EVP_sha512_224, +EVP_sha512_256, +EVP_sha384, +EVP_sha512 +- SHA-2 For EVP

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + const EVP_MD *EVP_sha224(void);
+ const EVP_MD *EVP_sha256(void);
+ const EVP_MD *EVP_sha512_224(void);
+ const EVP_MD *EVP_sha512_256(void);
+ const EVP_MD *EVP_sha384(void);
+ const EVP_MD *EVP_sha512(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    SHA-2 (Secure Hash Algorithm 2) is a family of cryptographic hash functions +standardized in NIST FIPS 180-4, first published in 2001.

    +
    +
    EVP_sha224(), +EVP_sha256(), +EVP_sha512_224, +EVP_sha512_256, +EVP_sha384(), +EVP_sha512()
    + +
    +

    The SHA-2 SHA-224, SHA-256, SHA-512/224, SHA512/256, SHA-384 and SHA-512 +algorithms, which generate 224, 256, 224, 256, 384 and 512 bits +respectively of output from a given input.

    +

    The two algorithms: SHA-512/224 and SHA512/256 are truncated forms of the +SHA-512 algorithm. They are distinct from SHA-224 and SHA-256 even though +their outputs are of the same size.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    These functions return a EVP_MD structure that contains the +implementation of the symmetric cipher. See EVP_MD_meth_new(3) for +details of the EVP_MD structure.

    +

    +

    +
    +

    CONFORMING TO

    +

    NIST FIPS 180-4.

    +

    +

    +
    +

    SEE ALSO

    +

    evp(7), +EVP_DigestInit(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_sha3_224.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_sha3_224.html new file mode 100755 index 0000000..8f8807f --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_sha3_224.html @@ -0,0 +1,115 @@ + + + + +EVP_sha3_224 + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_sha3_224, +EVP_sha3_256, +EVP_sha3_384, +EVP_sha3_512, +EVP_shake128, +EVP_shake256 +- SHA-3 For EVP

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + const EVP_MD *EVP_sha3_224(void);
+ const EVP_MD *EVP_sha3_256(void);
+ const EVP_MD *EVP_sha3_384(void);
+ const EVP_MD *EVP_sha3_512(void);
    +
    + const EVP_MD *EVP_shake128(void);
+ const EVP_MD *EVP_shake256(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    SHA-3 (Secure Hash Algorithm 3) is a family of cryptographic hash functions +standardized in NIST FIPS 202, first published in 2015. It is based on the +Keccak algorithm.

    +
    +
    EVP_sha3_224(), +EVP_sha3_256(), +EVP_sha3_384(), +EVP_sha3_512()
    + +
    +

    The SHA-3 SHA-3-224, SHA-3-256, SHA-3-384, and SHA-3-512 algorithms +respectively. They produce 224, 256, 384 and 512 bits of output from a given +input.

    +
    +
    EVP_shake128(), +EVP_shake256()
    + +
    +

    The SHAKE-128 and SHAKE-256 Extendable Output Functions (XOF) that can generate +a variable hash length.

    +

    Specifically, EVP_shake128 provides an overall security of 128 bits, while +EVP_shake256 provides that of 256 bits.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    These functions return a EVP_MD structure that contains the +implementation of the symmetric cipher. See EVP_MD_meth_new(3) for +details of the EVP_MD structure.

    +

    +

    +
    +

    CONFORMING TO

    +

    NIST FIPS 202.

    +

    +

    +
    +

    SEE ALSO

    +

    evp(7), +EVP_DigestInit(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_sm3.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_sm3.html new file mode 100755 index 0000000..b34e265 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_sm3.html @@ -0,0 +1,90 @@ + + + + +EVP_sm3 + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_sm3 +- SM3 for EVP

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + const EVP_MD *EVP_sm3(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    SM3 is a cryptographic hash function with a 256-bit output, defined in GB/T +32905-2016.

    +
    +
    EVP_sm3()
    + +
    +

    The SM3 hash function.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    These functions return a EVP_MD structure that contains the +implementation of the symmetric cipher. See EVP_MD_meth_new(3) for +details of the EVP_MD structure.

    +

    +

    +
    +

    CONFORMING TO

    +

    GB/T 32905-2016 and GM/T 0004-2012.

    +

    +

    +
    +

    SEE ALSO

    +

    evp(7), +EVP_DigestInit(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017 Ribose Inc. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_sm4_cbc.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_sm4_cbc.html new file mode 100755 index 0000000..315f431 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_sm4_cbc.html @@ -0,0 +1,101 @@ + + + + +EVP_sm4_cbc + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_sm4_cbc, +EVP_sm4_ecb, +EVP_sm4_cfb, +EVP_sm4_cfb128, +EVP_sm4_ofb, +EVP_sm4_ctr +- EVP SM4 cipher

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + const EVP_CIPHER *EVP_sm4_cbc(void);
+ const EVP_CIPHER *EVP_sm4_ecb(void);
+ const EVP_CIPHER *EVP_sm4_cfb(void);
+ const EVP_CIPHER *EVP_sm4_cfb128(void);
+ const EVP_CIPHER *EVP_sm4_ofb(void);
+ const EVP_CIPHER *EVP_sm4_ctr(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    The SM4 blockcipher (GB/T 32907-2016) for EVP.

    +

    All modes below use a key length of 128 bits and acts on blocks of 128 bits.

    +
    +
    EVP_sm4_cbc(), +EVP_sm4_ecb(), +EVP_sm4_cfb(), +EVP_sm4_cfb128(), +EVP_sm4_ofb(), +EVP_sm4_ctr()
    + +
    +

    The SM4 blockcipher with a 128-bit key in CBC, ECB, CFB, OFB and CTR modes +respectively.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    These functions return a EVP_CIPHER structure that contains the +implementation of the symmetric cipher. See EVP_CIPHER_meth_new(3) for +details of the EVP_CIPHER structure.

    +

    +

    +
    +

    SEE ALSO

    +

    evp(7), +EVP_EncryptInit(3), +EVP_CIPHER_meth_new(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017 Ribose Inc. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_whirlpool.html b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_whirlpool.html new file mode 100755 index 0000000..aa3a8f6 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/EVP_whirlpool.html @@ -0,0 +1,90 @@ + + + + +EVP_whirlpool + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_whirlpool +- WHIRLPOOL For EVP

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + const EVP_MD *EVP_whirlpool(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    WHIRLPOOL is a cryptographic hash function standardized in ISO/IEC 10118-3:2004 +designed by Vincent Rijmen and Paulo S. L. M. Barreto.

    +
    +
    EVP_whirlpool()
    + +
    +

    The WHIRLPOOL algorithm that produces a message digest of 512-bits from a given +input.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    These functions return a EVP_MD structure that contains the +implementation of the symmetric cipher. See EVP_MD_meth_new(3) for +details of the EVP_MD structure.

    +

    +

    +
    +

    CONFORMING TO

    +

    ISO/IEC 10118-3:2004.

    +

    +

    +
    +

    SEE ALSO

    +

    evp(7), +EVP_DigestInit(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/HMAC.html b/linux_amd64/ssl/share/doc/openssl/html/man3/HMAC.html new file mode 100755 index 0000000..3d16d7f --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/HMAC.html @@ -0,0 +1,183 @@ + + + + +HMAC + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    HMAC, +HMAC_CTX_new, +HMAC_CTX_reset, +HMAC_CTX_free, +HMAC_Init, +HMAC_Init_ex, +HMAC_Update, +HMAC_Final, +HMAC_CTX_copy, +HMAC_CTX_set_flags, +HMAC_CTX_get_md, +HMAC_size +- HMAC message authentication code

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/hmac.h>
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + unsigned char *HMAC(const EVP_MD *evp_md, const void *key,
+                     int key_len, const unsigned char *d, int n,
+                     unsigned char *md, unsigned int *md_len);
    +
    + HMAC_CTX *HMAC_CTX_new(void);
+ int HMAC_CTX_reset(HMAC_CTX *ctx);
    +
    + int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len,
+                  const EVP_MD *md, ENGINE *impl);
+ int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len);
+ int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
    +
    + void HMAC_CTX_free(HMAC_CTX *ctx);
    +
    + int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx);
+ void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags);
+ const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx);
    +
    + size_t HMAC_size(const HMAC_CTX *e);
    +

    Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + int HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len,
+               const EVP_MD *md);
    +

    +

    +
    +

    DESCRIPTION

    +

    All of the functions described on this page are deprecated. Applications should +instead use EVP_MAC_CTX_new(3), EVP_MAC_CTX_free(3), EVP_MAC_init(3), +EVP_MAC_update(3) and EVP_MAC_final(3).

    +

    HMAC is a MAC (message authentication code), i.e. a keyed hash +function used for message authentication, which is based on a hash +function.

    +

    HMAC() computes the message authentication code of the n bytes at +d using the hash function evp_md and the key key which is +key_len bytes long.

    +

    It places the result in md (which must have space for the output of +the hash function, which is no more than EVP_MAX_MD_SIZE bytes). +If md is NULL, the digest is placed in a static array. The size of +the output is placed in md_len, unless it is NULL. Note: passing a NULL +value for md to use the static array is not thread safe.

    +

    evp_md is a message digest such as EVP_sha1(), EVP_ripemd160() etc. HMAC does +not support variable output length digests such as EVP_shake128() and +EVP_shake256().

    +

    HMAC_CTX_new() creates a new HMAC_CTX in heap memory.

    +

    HMAC_CTX_reset() clears an existing HMAC_CTX and associated +resources, making it suitable for new computations as if it was newly +created with HMAC_CTX_new().

    +

    HMAC_CTX_free() erases the key and other data from the HMAC_CTX, +releases any associated resources and finally frees the HMAC_CTX +itself.

    +

    The following functions may be used if the message is not completely +stored in memory:

    +

    HMAC_Init_ex() initializes or reuses a HMAC_CTX structure to use the hash +function evp_md and key key. If both are NULL, or if key is NULL +and evp_md is the same as the previous call, then the +existing key is +reused. ctx must have been created with HMAC_CTX_new() before the first use +of an HMAC_CTX in this function.

    +

    If HMAC_Init_ex() is called with key NULL and evp_md is not the +same as the previous digest used by ctx then an error is returned +because reuse of an existing key with a different digest is not supported.

    +

    HMAC_Init() initializes a HMAC_CTX structure to use the hash +function evp_md and the key key which is key_len bytes +long.

    +

    HMAC_Update() can be called repeatedly with chunks of the message to +be authenticated (len bytes at data).

    +

    HMAC_Final() places the message authentication code in md, which +must have space for the hash function output.

    +

    HMAC_CTX_copy() copies all of the internal state from sctx into dctx.

    +

    HMAC_CTX_set_flags() applies the specified flags to the internal EVP_MD_CTXs. +These flags have the same meaning as for EVP_MD_CTX_set_flags(3).

    +

    HMAC_CTX_get_md() returns the EVP_MD that has previously been set for the +supplied HMAC_CTX.

    +

    HMAC_size() returns the length in bytes of the underlying hash function output.

    +

    +

    +
    +

    RETURN VALUES

    +

    HMAC() returns a pointer to the message authentication code or NULL if +an error occurred.

    +

    HMAC_CTX_new() returns a pointer to a new HMAC_CTX on success or +NULL if an error occurred.

    +

    HMAC_CTX_reset(), HMAC_Init_ex(), HMAC_Update(), HMAC_Final() and +HMAC_CTX_copy() return 1 for success or 0 if an error occurred.

    +

    HMAC_CTX_get_md() return the EVP_MD previously set for the supplied HMAC_CTX or +NULL if no EVP_MD has been set.

    +

    HMAC_size() returns the length in bytes of the underlying hash function output +or zero on error.

    +

    +

    +
    +

    CONFORMING TO

    +

    RFC 2104

    +

    +

    +
    +

    SEE ALSO

    +

    SHA1(3), evp(7)

    +

    +

    +
    +

    HISTORY

    +

    All of these functions were deprecated in OpenSSL 3.0.

    +

    HMAC_CTX_init() was replaced with HMAC_CTX_reset() in OpenSSL 1.1.0.

    +

    HMAC_CTX_cleanup() existed in OpenSSL before version 1.1.0.

    +

    HMAC_CTX_new(), HMAC_CTX_free() and HMAC_CTX_get_md() are new in OpenSSL 1.1.0.

    +

    HMAC_Init_ex(), HMAC_Update() and HMAC_Final() did not return values in +OpenSSL before version 1.0.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/MD5.html b/linux_amd64/ssl/share/doc/openssl/html/man3/MD5.html new file mode 100755 index 0000000..6dcf326 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/MD5.html @@ -0,0 +1,144 @@ + + + + +MD5 + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    MD2, MD4, MD5, MD2_Init, MD2_Update, MD2_Final, MD4_Init, MD4_Update, +MD4_Final, MD5_Init, MD5_Update, MD5_Final - MD2, MD4, and MD5 hash functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/md2.h>
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + unsigned char *MD2(const unsigned char *d, unsigned long n, unsigned char *md);
    +
    + int MD2_Init(MD2_CTX *c);
+ int MD2_Update(MD2_CTX *c, const unsigned char *data, unsigned long len);
+ int MD2_Final(unsigned char *md, MD2_CTX *c);
    +
    + #include <openssl/md4.h>
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + unsigned char *MD4(const unsigned char *d, unsigned long n, unsigned char *md);
    +
    + int MD4_Init(MD4_CTX *c);
+ int MD4_Update(MD4_CTX *c, const void *data, unsigned long len);
+ int MD4_Final(unsigned char *md, MD4_CTX *c);
    +
    + #include <openssl/md5.h>
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + unsigned char *MD5(const unsigned char *d, unsigned long n, unsigned char *md);
    +
    + int MD5_Init(MD5_CTX *c);
+ int MD5_Update(MD5_CTX *c, const void *data, unsigned long len);
+ int MD5_Final(unsigned char *md, MD5_CTX *c);
    +

    +

    +
    +

    DESCRIPTION

    +

    All of the functions described on this page are deprecated. +Applications should instead use EVP_DigestInit_ex(3), EVP_DigestUpdate(3) +and EVP_DigestFinal_ex(3).

    +

    MD2, MD4, and MD5 are cryptographic hash functions with a 128 bit output.

    +

    MD2(), MD4(), and MD5() compute the MD2, MD4, and MD5 message digest +of the n bytes at d and place it in md (which must have space +for MD2_DIGEST_LENGTH == MD4_DIGEST_LENGTH == MD5_DIGEST_LENGTH == 16 +bytes of output). If md is NULL, the digest is placed in a static +array.

    +

    The following functions may be used if the message is not completely +stored in memory:

    +

    MD2_Init() initializes a MD2_CTX structure.

    +

    MD2_Update() can be called repeatedly with chunks of the message to +be hashed (len bytes at data).

    +

    MD2_Final() places the message digest in md, which must have space +for MD2_DIGEST_LENGTH == 16 bytes of output, and erases the MD2_CTX.

    +

    MD4_Init(), MD4_Update(), MD4_Final(), MD5_Init(), MD5_Update(), and +MD5_Final() are analogous using an MD4_CTX and MD5_CTX structure.

    +

    Applications should use the higher level functions +EVP_DigestInit(3) +etc. instead of calling the hash functions directly.

    +

    +

    +
    +

    NOTE

    +

    MD2, MD4, and MD5 are recommended only for compatibility with existing +applications. In new applications, SHA-1 or RIPEMD-160 should be +preferred.

    +

    +

    +
    +

    RETURN VALUES

    +

    MD2(), MD4(), and MD5() return pointers to the hash value.

    +

    MD2_Init(), MD2_Update(), MD2_Final(), MD4_Init(), MD4_Update(), +MD4_Final(), MD5_Init(), MD5_Update(), and MD5_Final() return 1 for +success, 0 otherwise.

    +

    +

    +
    +

    CONFORMING TO

    +

    RFC 1319, RFC 1320, RFC 1321

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_DigestInit(3)

    +

    +

    +
    +

    HISTORY

    +

    All of these functions were deprecated in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/MDC2_Init.html b/linux_amd64/ssl/share/doc/openssl/html/man3/MDC2_Init.html new file mode 100755 index 0000000..31692e6 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/MDC2_Init.html @@ -0,0 +1,112 @@ + + + + +MDC2_Init + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    MDC2, MDC2_Init, MDC2_Update, MDC2_Final - MDC2 hash function

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/mdc2.h>
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + unsigned char *MDC2(const unsigned char *d, unsigned long n,
+                     unsigned char *md);
    +
    + int MDC2_Init(MDC2_CTX *c);
+ int MDC2_Update(MDC2_CTX *c, const unsigned char *data,
+                 unsigned long len);
+ int MDC2_Final(unsigned char *md, MDC2_CTX *c);
    +

    +

    +
    +

    DESCRIPTION

    +

    All of the functions described on this page are deprecated. +Applications should instead use EVP_DigestInit_ex(3), EVP_DigestUpdate(3) +and EVP_DigestFinal_ex(3).

    +

    MDC2 is a method to construct hash functions with 128 bit output from +block ciphers. These functions are an implementation of MDC2 with +DES.

    +

    MDC2() computes the MDC2 message digest of the n +bytes at d and places it in md (which must have space for +MDC2_DIGEST_LENGTH == 16 bytes of output). If md is NULL, the digest +is placed in a static array.

    +

    The following functions may be used if the message is not completely +stored in memory:

    +

    MDC2_Init() initializes a MDC2_CTX structure.

    +

    MDC2_Update() can be called repeatedly with chunks of the message to +be hashed (len bytes at data).

    +

    MDC2_Final() places the message digest in md, which must have space +for MDC2_DIGEST_LENGTH == 16 bytes of output, and erases the MDC2_CTX.

    +

    Applications should use the higher level functions +EVP_DigestInit(3) etc. instead of calling the +hash functions directly.

    +

    +

    +
    +

    RETURN VALUES

    +

    MDC2() returns a pointer to the hash value.

    +

    MDC2_Init(), MDC2_Update() and MDC2_Final() return 1 for success, 0 otherwise.

    +

    +

    +
    +

    CONFORMING TO

    +

    ISO/IEC 10118-2:2000 Hash-Function 2, with DES as the underlying block cipher.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_DigestInit(3)

    +

    +

    +
    +

    HISTORY

    +

    All of these functions were deprecated in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/OBJ_nid2obj.html b/linux_amd64/ssl/share/doc/openssl/html/man3/OBJ_nid2obj.html new file mode 100755 index 0000000..ab300c5 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/OBJ_nid2obj.html @@ -0,0 +1,211 @@ + + + + +OBJ_nid2obj + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    i2t_ASN1_OBJECT, +OBJ_length, OBJ_get0_data, OBJ_nid2obj, OBJ_nid2ln, +OBJ_nid2sn, OBJ_obj2nid, OBJ_txt2nid, OBJ_ln2nid, OBJ_sn2nid, OBJ_cmp, +OBJ_dup, OBJ_txt2obj, OBJ_obj2txt, OBJ_create, OBJ_cleanup +- ASN1 object utility functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/objects.h>
    +
    + ASN1_OBJECT *OBJ_nid2obj(int n);
+ const char *OBJ_nid2ln(int n);
+ const char *OBJ_nid2sn(int n);
    +
    + int OBJ_obj2nid(const ASN1_OBJECT *o);
+ int OBJ_ln2nid(const char *ln);
+ int OBJ_sn2nid(const char *sn);
    +
    + int OBJ_txt2nid(const char *s);
    +
    + ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name);
+ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name);
    +
    + int i2t_ASN1_OBJECT(char *buf, int buf_len, const ASN1_OBJECT *a);
    +
    + int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b);
+ ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o);
    +
    + int OBJ_create(const char *oid, const char *sn, const char *ln);
    +
    + size_t OBJ_length(const ASN1_OBJECT *obj);
+ const unsigned char *OBJ_get0_data(const ASN1_OBJECT *obj);
    +

    Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + void OBJ_cleanup(void)
    +

    +

    +
    +

    DESCRIPTION

    +

    The ASN1 object utility functions process ASN1_OBJECT structures which are +a representation of the ASN1 OBJECT IDENTIFIER (OID) type. +For convenience, OIDs are usually represented in source code as numeric +identifiers, or NIDs. OpenSSL has an internal table of OIDs that +are generated when the library is built, and their corresponding NIDs +are available as defined constants. For the functions below, application +code should treat all returned values -- OIDs, NIDs, or names -- as +constants.

    +

    OBJ_nid2obj(), OBJ_nid2ln() and OBJ_nid2sn() convert the NID n to +an ASN1_OBJECT structure, its long name and its short name respectively, +or NULL if an error occurred.

    +

    OBJ_obj2nid(), OBJ_ln2nid(), OBJ_sn2nid() return the corresponding NID +for the object o, the long name <ln> or the short name <sn> respectively +or NID_undef if an error occurred.

    +

    OBJ_txt2nid() returns NID corresponding to text string <s>. s can be +a long name, a short name or the numerical representation of an object.

    +

    OBJ_txt2obj() converts the text string s into an ASN1_OBJECT structure. +If no_name is 0 then long names and short names will be interpreted +as well as numerical forms. If no_name is 1 only the numerical form +is acceptable.

    +

    OBJ_obj2txt() converts the ASN1_OBJECT a into a textual representation. +The representation is written as a null terminated string to buf +at most buf_len bytes are written, truncating the result if necessary. +The total amount of space required is returned. If no_name is 0 then +if the object has a long or short name then that will be used, otherwise +the numerical form will be used. If no_name is 1 then the numerical +form will always be used.

    +

    i2t_ASN1_OBJECT() is the same as OBJ_obj2txt() with the no_name set to zero.

    +

    OBJ_cmp() compares a to b. If the two are identical 0 is returned.

    +

    OBJ_dup() returns a copy of o.

    +

    OBJ_create() adds a new object to the internal table. oid is the +numerical form of the object, sn the short name and ln the +long name. A new NID is returned for the created object in case of +success and NID_undef in case of failure.

    +

    OBJ_length() returns the size of the content octets of obj.

    +

    OBJ_get0_data() returns a pointer to the content octets of obj. +The returned pointer is an internal pointer which must not be freed.

    +

    OBJ_cleanup() releases any resources allocated by creating new objects.

    +

    +

    +
    +

    NOTES

    +

    Objects in OpenSSL can have a short name, a long name and a numerical +identifier (NID) associated with them. A standard set of objects is +represented in an internal table. The appropriate values are defined +in the header file objects.h.

    +

    For example the OID for commonName has the following definitions:

    +
    + #define SN_commonName                   "CN"
+ #define LN_commonName                   "commonName"
+ #define NID_commonName                  13
    +

    New objects can be added by calling OBJ_create().

    +

    Table objects have certain advantages over other objects: for example +their NIDs can be used in a C language switch statement. They are +also static constant structures which are shared: that is there +is only a single constant structure for each table object.

    +

    Objects which are not in the table have the NID value NID_undef.

    +

    Objects do not need to be in the internal tables to be processed, +the functions OBJ_txt2obj() and OBJ_obj2txt() can process the numerical +form of an OID.

    +

    Some objects are used to represent algorithms which do not have a +corresponding ASN.1 OBJECT IDENTIFIER encoding (for example no OID currently +exists for a particular algorithm). As a result they cannot be encoded or +decoded as part of ASN.1 structures. Applications can determine if there +is a corresponding OBJECT IDENTIFIER by checking OBJ_length() is not zero.

    +

    These functions cannot return const because an ASN1_OBJECT can +represent both an internal, constant, OID and a dynamically-created one. +The latter cannot be constant because it needs to be freed after use.

    +

    +

    +
    +

    RETURN VALUES

    +

    OBJ_nid2obj() returns an ASN1_OBJECT structure or NULL is an +error occurred.

    +

    OBJ_nid2ln() and OBJ_nid2sn() returns a valid string or NULL +on error.

    +

    OBJ_obj2nid(), OBJ_ln2nid(), OBJ_sn2nid() and OBJ_txt2nid() return +a NID or NID_undef on error.

    +

    +

    +
    +

    EXAMPLES

    +

    Create an object for commonName:

    +
    + ASN1_OBJECT *o = OBJ_nid2obj(NID_commonName);
    +

    Check if an object is commonName

    +
    + if (OBJ_obj2nid(obj) == NID_commonName)
+     /* Do something */
    +

    Create a new NID and initialize an object from it:

    +
    + int new_nid = OBJ_create("1.2.3.4", "NewOID", "New Object Identifier");
+ ASN1_OBJECT *obj = OBJ_nid2obj(new_nid);
    +

    Create a new object directly:

    +
    + obj = OBJ_txt2obj("1.2.3.4", 1);
    +

    +

    +
    +

    BUGS

    +

    OBJ_obj2txt() is awkward and messy to use: it doesn't follow the +convention of other OpenSSL functions where the buffer can be set +to NULL to determine the amount of data that should be written. +Instead buf must point to a valid buffer and buf_len should +be set to a positive value. A buffer length of 80 should be more +than enough to handle any OID encountered in practice.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3)

    +

    +

    +
    +

    HISTORY

    +

    OBJ_cleanup() was deprecated in OpenSSL 1.1.0 by OPENSSL_init_crypto(3) +and should not be used.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/OCSP_REQUEST_new.html b/linux_amd64/ssl/share/doc/openssl/html/man3/OCSP_REQUEST_new.html new file mode 100755 index 0000000..150b15d --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/OCSP_REQUEST_new.html @@ -0,0 +1,148 @@ + + + + +OCSP_REQUEST_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OCSP_REQUEST_new, OCSP_REQUEST_free, OCSP_request_add0_id, OCSP_request_sign, +OCSP_request_add1_cert, OCSP_request_onereq_count, +OCSP_request_onereq_get0 - OCSP request functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ocsp.h>
    +
    + OCSP_REQUEST *OCSP_REQUEST_new(void);
+ void OCSP_REQUEST_free(OCSP_REQUEST *req);
    +
    + OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid);
    +
    + int OCSP_request_sign(OCSP_REQUEST *req,
+                       X509 *signer, EVP_PKEY *key, const EVP_MD *dgst,
+                       STACK_OF(X509) *certs, unsigned long flags);
    +
    + int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert);
    +
    + int OCSP_request_onereq_count(OCSP_REQUEST *req);
+ OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i);
    +

    +

    +
    +

    DESCRIPTION

    +

    OCSP_REQUEST_new() allocates and returns an empty OCSP_REQUEST structure.

    +

    OCSP_REQUEST_free() frees up the request structure req.

    +

    OCSP_request_add0_id() adds certificate ID cid to req. It returns +the OCSP_ONEREQ structure added so an application can add additional +extensions to the request. The id parameter MUST NOT be freed up after +the operation.

    +

    OCSP_request_sign() signs OCSP request req using certificate +signer, private key key, digest dgst and additional certificates +certs. If the flags option OCSP_NOCERTS is set then no certificates +will be included in the request.

    +

    OCSP_request_add1_cert() adds certificate cert to request req. The +application is responsible for freeing up cert after use.

    +

    OCSP_request_onereq_count() returns the total number of OCSP_ONEREQ +structures in req.

    +

    OCSP_request_onereq_get0() returns an internal pointer to the OCSP_ONEREQ +contained in req of index i. The index value i runs from 0 to +OCSP_request_onereq_count(req) - 1.

    +

    +

    +
    +

    RETURN VALUES

    +

    OCSP_REQUEST_new() returns an empty OCSP_REQUEST structure or NULL if +an error occurred.

    +

    OCSP_request_add0_id() returns the OCSP_ONEREQ structure containing cid +or NULL if an error occurred.

    +

    OCSP_request_sign() and OCSP_request_add1_cert() return 1 for success and 0 +for failure.

    +

    OCSP_request_onereq_count() returns the total number of OCSP_ONEREQ +structures in req.

    +

    OCSP_request_onereq_get0() returns a pointer to an OCSP_ONEREQ structure +or NULL if the index value is out or range.

    +

    +

    +
    +

    NOTES

    +

    An OCSP request structure contains one or more OCSP_ONEREQ structures +corresponding to each certificate.

    +

    OCSP_request_onereq_count() and OCSP_request_onereq_get0() are mainly used by +OCSP responders.

    +

    +

    +
    +

    EXAMPLES

    +

    Create an OCSP_REQUEST structure for certificate cert with issuer +issuer:

    +
    + OCSP_REQUEST *req;
+ OCSP_ID *cid;
    +
    + req = OCSP_REQUEST_new();
+ if (req == NULL)
+    /* error */
+ cid = OCSP_cert_to_id(EVP_sha1(), cert, issuer);
+ if (cid == NULL)
+    /* error */
    +
    + if (OCSP_REQUEST_add0_id(req, cid) == NULL)
+    /* error */
    +
    + /* Do something with req, e.g. query responder */
    +
    + OCSP_REQUEST_free(req);
    +

    +

    +
    +

    SEE ALSO

    +

    crypto(7), +OCSP_cert_to_id(3), +OCSP_request_add1_nonce(3), +OCSP_resp_find_status(3), +OCSP_response_status(3), +OCSP_sendreq_new(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/OCSP_cert_to_id.html b/linux_amd64/ssl/share/doc/openssl/html/man3/OCSP_cert_to_id.html new file mode 100755 index 0000000..f409827 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/OCSP_cert_to_id.html @@ -0,0 +1,118 @@ + + + + +OCSP_cert_to_id + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OCSP_cert_to_id, OCSP_cert_id_new, OCSP_CERTID_free, OCSP_id_issuer_cmp, +OCSP_id_cmp, OCSP_id_get0_info - OCSP certificate ID utility functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ocsp.h>
    +
    + OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst,
+                              X509 *subject, X509 *issuer);
    +
    + OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
+                               X509_NAME *issuerName,
+                               ASN1_BIT_STRING *issuerKey,
+                               ASN1_INTEGER *serialNumber);
    +
    + void OCSP_CERTID_free(OCSP_CERTID *id);
    +
    + int OCSP_id_issuer_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b);
+ int OCSP_id_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b);
    +
    + int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd,
+                       ASN1_OCTET_STRING **pikeyHash,
+                       ASN1_INTEGER **pserial, OCSP_CERTID *cid);
    +

    +

    +
    +

    DESCRIPTION

    +

    OCSP_cert_to_id() creates and returns a new OCSP_CERTID structure using +message digest dgst for certificate subject with issuer issuer. If +dgst is NULL then SHA1 is used.

    +

    OCSP_cert_id_new() creates and returns a new OCSP_CERTID using dgst and +issuer name issuerName, issuer key hash issuerKey and serial number +serialNumber.

    +

    OCSP_CERTID_free() frees up id.

    +

    OCSP_id_cmp() compares OCSP_CERTID a and b.

    +

    OCSP_id_issuer_cmp() compares only the issuer name of OCSP_CERTID a and b.

    +

    OCSP_id_get0_info() returns the issuer name hash, hash OID, issuer key hash and +serial number contained in cid. If any of the values are not required the +corresponding parameter can be set to NULL.

    +

    +

    +
    +

    RETURN VALUES

    +

    OCSP_cert_to_id() and OCSP_cert_id_new() return either a pointer to a valid +OCSP_CERTID structure or NULL if an error occurred.

    +

    OCSP_id_cmp() and OCSP_id_issuer_cmp() returns zero for a match and nonzero +otherwise.

    +

    OCSP_CERTID_free() does not return a value.

    +

    OCSP_id_get0_info() returns 1 for success and 0 for failure.

    +

    +

    +
    +

    NOTES

    +

    OCSP clients will typically only use OCSP_cert_to_id() or OCSP_cert_id_new(): +the other functions are used by responder applications.

    +

    The values returned by OCSP_id_get0_info() are internal pointers and MUST +NOT be freed up by an application: they will be freed when the corresponding +OCSP_CERTID structure is freed.

    +

    +

    +
    +

    SEE ALSO

    +

    crypto(7), +OCSP_request_add1_nonce(3), +OCSP_REQUEST_new(3), +OCSP_resp_find_status(3), +OCSP_response_status(3), +OCSP_sendreq_new(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/OCSP_request_add1_nonce.html b/linux_amd64/ssl/share/doc/openssl/html/man3/OCSP_request_add1_nonce.html new file mode 100755 index 0000000..a284059 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/OCSP_request_add1_nonce.html @@ -0,0 +1,114 @@ + + + + +OCSP_request_add1_nonce + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OCSP_request_add1_nonce, OCSP_basic_add1_nonce, OCSP_check_nonce, OCSP_copy_nonce - OCSP nonce functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ocsp.h>
    +
    + int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len);
+ int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len);
+ int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req);
+ int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *resp);
    +

    +

    +
    +

    DESCRIPTION

    +

    OCSP_request_add1_nonce() adds a nonce of value val and length len to +OCSP request req. If val is NULL a random nonce is used. If len +is zero or negative a default length will be used (currently 16 bytes).

    +

    OCSP_basic_add1_nonce() is identical to OCSP_request_add1_nonce() except +it adds a nonce to OCSP basic response resp.

    +

    OCSP_check_nonce() compares the nonce value in req and resp.

    +

    OCSP_copy_nonce() copies any nonce value present in req to resp.

    +

    +

    +
    +

    RETURN VALUES

    +

    OCSP_request_add1_nonce() and OCSP_basic_add1_nonce() return 1 for success +and 0 for failure.

    +

    OCSP_copy_nonce() returns 1 if a nonce was successfully copied, 2 if no nonce +was present in req and 0 if an error occurred.

    +

    OCSP_check_nonce() returns the result of the nonce comparison between req +and resp. The return value indicates the result of the comparison. If +nonces are present and equal 1 is returned. If the nonces are absent 2 is +returned. If a nonce is present in the response only 3 is returned. If nonces +are present and unequal 0 is returned. If the nonce is present in the request +only then -1 is returned.

    +

    +

    +
    +

    NOTES

    +

    For most purposes the nonce value in a request is set to a random value so +the val parameter in OCSP_request_add1_nonce() is usually NULL.

    +

    An OCSP nonce is typically added to an OCSP request to thwart replay attacks +by checking the same nonce value appears in the response.

    +

    Some responders may include a nonce in all responses even if one is not +supplied.

    +

    Some responders cache OCSP responses and do not sign each response for +performance reasons. As a result they do not support nonces.

    +

    The return values of OCSP_check_nonce() can be checked to cover each case. A +positive return value effectively indicates success: nonces are both present +and match, both absent or present in the response only. A nonzero return +additionally covers the case where the nonce is present in the request only: +this will happen if the responder doesn't support nonces. A zero return value +indicates present and mismatched nonces: this should be treated as an error +condition.

    +

    +

    +
    +

    SEE ALSO

    +

    crypto(7), +OCSP_cert_to_id(3), +OCSP_REQUEST_new(3), +OCSP_resp_find_status(3), +OCSP_response_status(3), +OCSP_sendreq_new(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/OCSP_resp_find_status.html b/linux_amd64/ssl/share/doc/openssl/html/man3/OCSP_resp_find_status.html new file mode 100755 index 0000000..d3fcf2d --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/OCSP_resp_find_status.html @@ -0,0 +1,217 @@ + + + + +OCSP_resp_find_status + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OCSP_resp_get0_certs, +OCSP_resp_get0_signer, +OCSP_resp_get0_id, +OCSP_resp_get1_id, +OCSP_resp_get0_produced_at, +OCSP_resp_get0_signature, +OCSP_resp_get0_tbs_sigalg, +OCSP_resp_get0_respdata, +OCSP_resp_find_status, OCSP_resp_count, OCSP_resp_get0, OCSP_resp_find, +OCSP_single_get0_status, OCSP_check_validity, +OCSP_basic_verify +- OCSP response utility functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ocsp.h>
    +
    + int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status,
+                           int *reason,
+                           ASN1_GENERALIZEDTIME **revtime,
+                           ASN1_GENERALIZEDTIME **thisupd,
+                           ASN1_GENERALIZEDTIME **nextupd);
    +
    + int OCSP_resp_count(OCSP_BASICRESP *bs);
+ OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx);
+ int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last);
+ int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason,
+                             ASN1_GENERALIZEDTIME **revtime,
+                             ASN1_GENERALIZEDTIME **thisupd,
+                             ASN1_GENERALIZEDTIME **nextupd);
    +
    + const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at(
+                             const OCSP_BASICRESP* single);
    +
    + const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs);
+ const X509_ALGOR *OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *bs);
+ const OCSP_RESPDATA *OCSP_resp_get0_respdata(const OCSP_BASICRESP *bs);
+ const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs);
    +
    + int OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer,
+                           STACK_OF(X509) *extra_certs);
    +
    + int OCSP_resp_get0_id(const OCSP_BASICRESP *bs,
+                       const ASN1_OCTET_STRING **pid,
+                       const X509_NAME **pname);
+ int OCSP_resp_get1_id(const OCSP_BASICRESP *bs,
+                       ASN1_OCTET_STRING **pid,
+                       X509_NAME **pname);
    +
    + int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd,
+                         ASN1_GENERALIZEDTIME *nextupd,
+                         long sec, long maxsec);
    +
    + int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
+                      X509_STORE *st, unsigned long flags);
    +

    +

    +
    +

    DESCRIPTION

    +

    OCSP_resp_find_status() searches bs for an OCSP response for id. If it is +successful the fields of the response are returned in *status, *reason, +*revtime, *thisupd and *nextupd. The *status value will be one of +V_OCSP_CERTSTATUS_GOOD, V_OCSP_CERTSTATUS_REVOKED or +V_OCSP_CERTSTATUS_UNKNOWN. The *reason and *revtime fields are only +set if the status is V_OCSP_CERTSTATUS_REVOKED. If set the *reason field +will be set to the revocation reason which will be one of +OCSP_REVOKED_STATUS_NOSTATUS, OCSP_REVOKED_STATUS_UNSPECIFIED, +OCSP_REVOKED_STATUS_KEYCOMPROMISE, OCSP_REVOKED_STATUS_CACOMPROMISE, +OCSP_REVOKED_STATUS_AFFILIATIONCHANGED, OCSP_REVOKED_STATUS_SUPERSEDED, +OCSP_REVOKED_STATUS_CESSATIONOFOPERATION, +OCSP_REVOKED_STATUS_CERTIFICATEHOLD or OCSP_REVOKED_STATUS_REMOVEFROMCRL.

    +

    OCSP_resp_count() returns the number of OCSP_SINGLERESP structures in bs.

    +

    OCSP_resp_get0() returns the OCSP_SINGLERESP structure in bs +corresponding to index idx. Where idx runs from 0 to +OCSP_resp_count(bs) - 1.

    +

    OCSP_resp_find() searches bs for id and returns the index of the first +matching entry after last or starting from the beginning if last is -1.

    +

    OCSP_single_get0_status() extracts the fields of single in *reason, +*revtime, *thisupd and *nextupd.

    +

    OCSP_resp_get0_produced_at() extracts the producedAt field from the +single response bs.

    +

    OCSP_resp_get0_signature() returns the signature from bs.

    +

    OCSP_resp_get0_tbs_sigalg() returns the signatureAlgorithm from bs.

    +

    OCSP_resp_get0_respdata() returns the tbsResponseData from bs.

    +

    OCSP_resp_get0_certs() returns any certificates included in bs.

    +

    OCSP_resp_get0_signer() attempts to retrieve the certificate that directly +signed bs. The OCSP protocol does not require that this certificate +is included in the certs field of the response, so additional certificates +can be supplied in extra_certs if the certificates that may have +signed the response are known via some out-of-band mechanism.

    +

    OCSP_resp_get0_id() gets the responder id of bs. If the responder ID is +a name then <*pname> is set to the name and *pid is set to NULL. If the +responder ID is by key ID then *pid is set to the key ID and *pname +is set to NULL. OCSP_resp_get1_id() leaves ownership of *pid and *pname +with the caller, who is responsible for freeing them. Both functions return 1 +in case of success and 0 in case of failure. If OCSP_resp_get1_id() returns 0, +no freeing of the results is necessary.

    +

    OCSP_check_validity() checks the validity of thisupd and nextupd values +which will be typically obtained from OCSP_resp_find_status() or +OCSP_single_get0_status(). If sec is nonzero it indicates how many seconds +leeway should be allowed in the check. If maxsec is positive it indicates +the maximum age of thisupd in seconds.

    +

    OCSP_basic_verify() checks that the basic response message bs is correctly +signed and that the signer certificate can be validated. It takes st as +the trusted store and certs as a set of untrusted intermediate certificates. +The function first tries to find the signer certificate of the response +in <certs>. It also searches the certificates the responder may have included +in bs unless the flags contain OCSP_NOINTERN. +It fails if the signer certificate cannot be found. +Next, the function checks the signature of bs and fails on error +unless the flags contain OCSP_NOSIGS. Then the function already returns +success if the flags contain OCSP_NOVERIFY or if the signer certificate +was found in certs and the flags contain OCSP_TRUSTOTHER. +Otherwise the function continues by validating the signer certificate. +To this end, all certificates in cert and in bs are considered as +untrusted certificates for the construction of the validation path for the +signer certificate unless the OCSP_NOCHAIN flag is set. After successful path +validation the function returns success if the OCSP_NOCHECKS flag is set. +Otherwise it verifies that the signer certificate meets the OCSP issuer +criteria including potential delegation. If this does not succeed and the +flags do not contain OCSP_NOEXPLICIT the function checks for explicit +trust for OCSP signing in the root CA certificate.

    +

    +

    +
    +

    RETURN VALUES

    +

    OCSP_resp_find_status() returns 1 if id is found in bs and 0 otherwise.

    +

    OCSP_resp_count() returns the total number of OCSP_SINGLERESP fields in +bs.

    +

    OCSP_resp_get0() returns a pointer to an OCSP_SINGLERESP structure or +NULL if idx is out of range.

    +

    OCSP_resp_find() returns the index of id in bs (which may be 0) or -1 if +id was not found.

    +

    OCSP_single_get0_status() returns the status of single or -1 if an error +occurred.

    +

    OCSP_resp_get0_signer() returns 1 if the signing certificate was located, +or 0 on error.

    +

    OCSP_basic_verify() returns 1 on success, 0 on error, or -1 on fatal error such +as malloc failure.

    +

    +

    +
    +

    NOTES

    +

    Applications will typically call OCSP_resp_find_status() using the certificate +ID of interest and then check its validity using OCSP_check_validity(). They +can then take appropriate action based on the status of the certificate.

    +

    An OCSP response for a certificate contains thisUpdate and nextUpdate +fields. Normally the current time should be between these two values. To +account for clock skew the maxsec field can be set to nonzero in +OCSP_check_validity(). Some responders do not set the nextUpdate field, this +would otherwise mean an ancient response would be considered valid: the +maxsec parameter to OCSP_check_validity() can be used to limit the permitted +age of responses.

    +

    The values written to *revtime, *thisupd and *nextupd by +OCSP_resp_find_status() and OCSP_single_get0_status() are internal pointers +which MUST NOT be freed up by the calling application. Any or all of these +parameters can be set to NULL if their value is not required.

    +

    +

    +
    +

    SEE ALSO

    +

    crypto(7), +OCSP_cert_to_id(3), +OCSP_request_add1_nonce(3), +OCSP_REQUEST_new(3), +OCSP_response_status(3), +OCSP_sendreq_new(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/OCSP_response_status.html b/linux_amd64/ssl/share/doc/openssl/html/man3/OCSP_response_status.html new file mode 100755 index 0000000..333abcf --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/OCSP_response_status.html @@ -0,0 +1,144 @@ + + + + +OCSP_response_status + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OCSP_response_status, OCSP_response_get1_basic, OCSP_response_create, +OCSP_RESPONSE_free, OCSP_RESPID_set_by_name, +OCSP_RESPID_set_by_key, OCSP_RESPID_match, +OCSP_basic_sign, OCSP_basic_sign_ctx - OCSP response functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ocsp.h>
    +
    + int OCSP_response_status(OCSP_RESPONSE *resp);
+ OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp);
+ OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs);
+ void OCSP_RESPONSE_free(OCSP_RESPONSE *resp);
    +
    + int OCSP_RESPID_set_by_name(OCSP_RESPID *respid, X509 *cert);
+ int OCSP_RESPID_set_by_key(OCSP_RESPID *respid, X509 *cert);
+ int OCSP_RESPID_match(OCSP_RESPID *respid, X509 *cert);
    +
    + int OCSP_basic_sign(OCSP_BASICRESP *brsp, X509 *signer, EVP_PKEY *key,
+                     const EVP_MD *dgst, STACK_OF(X509) *certs,
+                     unsigned long flags);
+ int OCSP_basic_sign_ctx(OCSP_BASICRESP *brsp, X509 *signer, EVP_MD_CTX *ctx,
+                         STACK_OF(X509) *certs, unsigned long flags);
    +

    +

    +
    +

    DESCRIPTION

    +

    OCSP_response_status() returns the OCSP response status of resp. It returns +one of the values: OCSP_RESPONSE_STATUS_SUCCESSFUL, +OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, +OCSP_RESPONSE_STATUS_INTERNALERROR, OCSP_RESPONSE_STATUS_TRYLATER +OCSP_RESPONSE_STATUS_SIGREQUIRED, or OCSP_RESPONSE_STATUS_UNAUTHORIZED.

    +

    OCSP_response_get1_basic() decodes and returns the OCSP_BASICRESP structure +contained in resp.

    +

    OCSP_response_create() creates and returns an OCSP_RESPONSE structure for +status and optionally including basic response bs.

    +

    OCSP_RESPONSE_free() frees up OCSP response resp.

    +

    OCSP_RESPID_set_by_name() sets the name of the OCSP_RESPID to be the same as the +subject name in the supplied X509 certificate cert for the OCSP responder.

    +

    OCSP_RESPID_set_by_key() sets the key of the OCSP_RESPID to be the same as the +key in the supplied X509 certificate cert for the OCSP responder. The key is +stored as a SHA1 hash.

    +

    Note that an OCSP_RESPID can only have one of the name, or the key set. Calling +OCSP_RESPID_set_by_name() or OCSP_RESPID_set_by_key() will clear any existing +setting.

    +

    OCSP_RESPID_match() tests whether the OCSP_RESPID given in respid matches +with the X509 certificate cert.

    +

    OCSP_basic_sign() signs OCSP response brsp using certificate signer, private key +key, digest dgst and additional certificates certs. If the flags option +OCSP_NOCERTS is set then no certificates will be included in the response. If the +flags option OCSP_RESPID_KEY is set then the responder is identified by key ID +rather than by name. OCSP_basic_sign_ctx() also signs OCSP response brsp but +uses the parameters contained in digest context ctx.

    +

    +

    +
    +

    RETURN VALUES

    +

    OCSP_RESPONSE_status() returns a status value.

    +

    OCSP_response_get1_basic() returns an OCSP_BASICRESP structure pointer or +NULL if an error occurred.

    +

    OCSP_response_create() returns an OCSP_RESPONSE structure pointer or NULL +if an error occurred.

    +

    OCSP_RESPONSE_free() does not return a value.

    +

    OCSP_RESPID_set_by_name(), OCSP_RESPID_set_by_key(), OCSP_basic_sign(), and +OCSP_basic_sign_ctx() return 1 on success or 0 +on failure.

    +

    OCSP_RESPID_match() returns 1 if the OCSP_RESPID and the X509 certificate match +or 0 otherwise.

    +

    +

    +
    +

    NOTES

    +

    OCSP_response_get1_basic() is only called if the status of a response is +OCSP_RESPONSE_STATUS_SUCCESSFUL.

    +

    +

    +
    +

    SEE ALSO

    +

    crypto(7) +OCSP_cert_to_id(3) +OCSP_request_add1_nonce(3) +OCSP_REQUEST_new(3) +OCSP_resp_find_status(3) +OCSP_sendreq_new(3) +OCSP_RESPID_new(3) +OCSP_RESPID_free(3)

    +

    +

    +
    +

    HISTORY

    +

    The OCSP_RESPID_set_by_name(), OCSP_RESPID_set_by_key() and OCSP_RESPID_match() +functions were added in OpenSSL 1.1.0a.

    +

    The OCSP_basic_sign_ctx() function was added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/OCSP_sendreq_new.html b/linux_amd64/ssl/share/doc/openssl/html/man3/OCSP_sendreq_new.html new file mode 100755 index 0000000..f7b1259 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/OCSP_sendreq_new.html @@ -0,0 +1,141 @@ + + + + +OCSP_sendreq_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OCSP_sendreq_new, OCSP_sendreq_nbio, OCSP_REQ_CTX_free, +OCSP_set_max_response_length, OCSP_REQ_CTX_add1_header, +OCSP_REQ_CTX_set1_req, OCSP_sendreq_bio - OCSP responder query functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ocsp.h>
    +
    + OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path,
+                                OCSP_REQUEST *req, int maxline);
    +
    + int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx);
    +
    + void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx);
    +
    + void OCSP_set_max_response_length(OCSP_REQ_CTX *rctx,
+                                   unsigned long len);
    +
    + int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx,
+                              const char *name, const char *value);
    +
    + int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, const OCSP_REQUEST *req);
    +
    + OCSP_RESPONSE *OCSP_sendreq_bio(BIO *io, const char *path, OCSP_REQUEST *req);
    +

    +

    +
    +

    DESCRIPTION

    +

    The function OCSP_sendreq_new() returns an OCSP_CTX structure using the +responder io, the URL path path, the OCSP request req and with a +response header maximum line length of maxline. If maxline is zero a +default value of 4k is used. The OCSP request req may be set to NULL +and provided later if required.

    +

    OCSP_sendreq_nbio() performs I/O on the OCSP request context rctx. +When the operation is complete it returns the response in *presp.

    +

    OCSP_REQ_CTX_free() frees up the OCSP context rctx.

    +

    OCSP_set_max_response_length() sets the maximum response length +for rctx to len. If the response exceeds this length an error occurs. +If not set a default value of 100k is used.

    +

    OCSP_REQ_CTX_add1_header() adds header name with value value to the +context rctx. It can be called more than once to add multiple headers. +It MUST be called before any calls to OCSP_sendreq_nbio(). The req +parameter in the initial to OCSP_sendreq_new() call MUST be set to NULL if +additional headers are set.

    +

    OCSP_REQ_CTX_set1_req() sets the OCSP request in rctx to req. This +function should be called after any calls to OCSP_REQ_CTX_add1_header().

    +

    OCSP_sendreq_bio() performs an OCSP request using the responder io, the URL +path path, the OCSP request req and with a response header maximum line +length 4k. It waits indefinitely on a response.

    +

    +

    +
    +

    RETURN VALUES

    +

    OCSP_sendreq_new() returns a valid OCSP_REQ_CTX structure or NULL +if an error occurred.

    +

    OCSP_sendreq_nbio(), OCSP_REQ_CTX_add1_header() and OCSP_REQ_CTX_set1_req() +return 1 for success and 0 for failure.

    +

    OCSP_sendreq_bio() returns the OCSP_RESPONSE structure sent by the +responder or NULL if an error occurred.

    +

    OCSP_REQ_CTX_free() and OCSP_set_max_response_length() +do not return values.

    +

    +

    +
    +

    NOTES

    +

    These functions only perform a minimal HTTP query to a responder. If an +application wishes to support more advanced features it should use an +alternative more complete HTTP library.

    +

    Currently only HTTP POST queries to responders are supported.

    +

    The arguments to OCSP_sendreq_new() correspond to the components of the URL. +For example if the responder URL is http://ocsp.com/ocspreq the BIO +io should be connected to host ocsp.com on port 80 and path +should be set to "/ocspreq"

    +

    The headers added with OCSP_REQ_CTX_add1_header() are of the form +"name: value" or just "name" if value is NULL. So to add +a Host header for ocsp.com you would call:

    +
    + OCSP_REQ_CTX_add1_header(ctx, "Host", "ocsp.com");
    +

    OCSP_sendreq_bio() does not support timeout nor setting extra headers. +It is retained for compatibility. +Better use OCSP_sendreq_nbio() instead.

    +

    +

    +
    +

    SEE ALSO

    +

    crypto(7), +OCSP_cert_to_id(3), +OCSP_request_add1_nonce(3), +OCSP_REQUEST_new(3), +OCSP_resp_find_status(3), +OCSP_response_status(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/OPENSSL_Applink.html b/linux_amd64/ssl/share/doc/openssl/html/man3/OPENSSL_Applink.html new file mode 100755 index 0000000..79ed517 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/OPENSSL_Applink.html @@ -0,0 +1,70 @@ + + + + +OPENSSL_Applink + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    OPENSSL_Applink - glue between OpenSSL BIO and Win32 compiler run-time

    +

    +

    +
    +

    SYNOPSIS

    +
    + __declspec(dllexport) void **OPENSSL_Applink();
    +

    +

    +
    +

    DESCRIPTION

    +

    OPENSSL_Applink is application-side interface which provides a glue +between OpenSSL BIO layer and Win32 compiler run-time environment. +Even though it appears at application side, it's essentially OpenSSL +private interface. For this reason application developers are not +expected to implement it, but to compile provided module with +compiler of their choice and link it into the target application. +The referred module is available as applink.c, located alongside +the public header files (only on the platforms where applicable).

    +

    +

    +
    +

    RETURN VALUES

    +

    Not available.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/OPENSSL_CTX.html b/linux_amd64/ssl/share/doc/openssl/html/man3/OPENSSL_CTX.html new file mode 100755 index 0000000..3d136aa --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/OPENSSL_CTX.html @@ -0,0 +1,86 @@ + + + + +OPENSSL_CTX + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OPENSSL_CTX, OPENSSL_CTX_new, OPENSSL_CTX_free - OpenSSL library context

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/crypto.h>
    +
    + typedef struct openssl_ctx_st OPENSSL_CTX;
    +
    + OPENSSL_CTX *OPENSSL_CTX_new(void);
+ void OPENSSL_CTX_free(OPENSSL_CTX *ctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    OPENSSL_CTX is an internal OpenSSL library context type. +Applications may allocate their own, but may also use NULL to use +the internal default context with functions that take a OPENSSL_CTX +argument.

    +

    OPENSSL_CTX_new() creates a new OpenSSL library context. +When a non default library context is in use care should be taken with +multi-threaded applications to properly clean up thread local resources before +the OPENSSL_CTX is freed. +See OPENSSL_thread_stop_ex(3) for more information.

    +

    OPENSSL_CTX_free() frees the given ctx.

    +

    +

    +
    +

    RETURN VALUES

    +

    OPENSSL_CTX_new() return a library context pointer on success, or +NULL on error.

    +

    OPENSSL_CTX_free() doesn't return any value.

    +

    +

    +
    +

    HISTORY

    +

    OPENSSL_CTX, OPENSSL_CTX_new() and OPENSSL_CTX_free() +were added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/OPENSSL_FILE.html b/linux_amd64/ssl/share/doc/openssl/html/man3/OPENSSL_FILE.html new file mode 100755 index 0000000..71d1c7c --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/OPENSSL_FILE.html @@ -0,0 +1,93 @@ + + + + +OPENSSL_FILE + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OPENSSL_FILE, OPENSSL_LINE, OPENSSL_FUNC, +OPENSSL_MSTR, OPENSSL_MSTR_HELPER +- generic C programming utility macros

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/macros.h>
    +
    + #define OPENSSL_FILE /* typically: __FILE__ */
+ #define OPENSSL_LINE /* typically: __LINE__ */
+ #define OPENSSL_FUNC /* typically: __func__ */
    +
    + #define OPENSSL_MSTR_HELPER(x) #x
+ #define OPENSSL_MSTR(x) OPENSSL_MSTR_HELPER(x)
    +

    +

    +
    +

    DESCRIPTION

    +

    The macros OPENSSL_FILE and OPENSSL_LINE +typically yield the current filename and line number during C compilation. +When OPENSSL_NO_FILENAMES is defined they yield "" and 0, respectively.

    +

    The macro OPENSSL_FUNC attempts to yield the name of the C function +currently being compiled, as far as language and compiler versions allow. +Otherwise, it yields "(unknown function)".

    +

    The macro OPENSSL_MSTR yields the expansion of the macro given as argument, +which is useful for concatenation with string constants. +The macro OPENSSL_MSTR_HELPER is an auxiliary macro for this purpose.

    +

    +

    +
    +

    RETURN VALUES

    +

    see above

    +

    +

    +
    +

    SEE ALSO

    +

    crypto(7)

    +

    +

    +
    +

    HISTORY

    +

    OPENSSL_FUNC, OPENSSL_MSTR, and OPENSSL_MSTR_HELPER +were added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/OPENSSL_LH_COMPFUNC.html b/linux_amd64/ssl/share/doc/openssl/html/man3/OPENSSL_LH_COMPFUNC.html new file mode 100755 index 0000000..2463491 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/OPENSSL_LH_COMPFUNC.html @@ -0,0 +1,265 @@ + + + + +OPENSSL_LH_COMPFUNC + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    LHASH, DECLARE_LHASH_OF, +OPENSSL_LH_COMPFUNC, OPENSSL_LH_HASHFUNC, OPENSSL_LH_DOALL_FUNC, +LHASH_DOALL_ARG_FN_TYPE, +IMPLEMENT_LHASH_HASH_FN, IMPLEMENT_LHASH_COMP_FN, +lh_TYPE_new, lh_TYPE_free, lh_TYPE_flush, +lh_TYPE_insert, lh_TYPE_delete, lh_TYPE_retrieve, +lh_TYPE_doall, lh_TYPE_doall_arg, lh_TYPE_error - dynamic hash table

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/lhash.h>
    +
    + DECLARE_LHASH_OF(TYPE);
    +
    + LHASH *lh_TYPE_new(OPENSSL_LH_HASHFUNC hash, OPENSSL_LH_COMPFUNC compare);
+ void lh_TYPE_free(LHASH_OF(TYPE) *table);
+ void lh_TYPE_flush(LHASH_OF(TYPE) *table);
    +
    + TYPE *lh_TYPE_insert(LHASH_OF(TYPE) *table, TYPE *data);
+ TYPE *lh_TYPE_delete(LHASH_OF(TYPE) *table, TYPE *data);
+ TYPE *lh_retrieve(LHASH_OF(TYPE) *table, TYPE *data);
    +
    + void lh_TYPE_doall(LHASH_OF(TYPE) *table, OPENSSL_LH_DOALL_FUNC func);
+ void lh_TYPE_doall_arg(LHASH_OF(TYPE) *table, OPENSSL_LH_DOALL_FUNCARG func,
+                        TYPE *arg);
    +
    + int lh_TYPE_error(LHASH_OF(TYPE) *table);
    +
    + typedef int (*OPENSSL_LH_COMPFUNC)(const void *, const void *);
+ typedef unsigned long (*OPENSSL_LH_HASHFUNC)(const void *);
+ typedef void (*OPENSSL_LH_DOALL_FUNC)(const void *);
+ typedef void (*LHASH_DOALL_ARG_FN_TYPE)(const void *, const void *);
    +

    +

    +
    +

    DESCRIPTION

    +

    This library implements type-checked dynamic hash tables. The hash +table entries can be arbitrary structures. Usually they consist of key +and value fields. In the description here, TYPE is used a placeholder +for any of the OpenSSL datatypes, such as SSL_SESSION.

    +

    lh_TYPE_new() creates a new LHASH_OF(TYPE) structure to store +arbitrary data entries, and specifies the 'hash' and 'compare' +callbacks to be used in organising the table's entries. The hash +callback takes a pointer to a table entry as its argument and returns +an unsigned long hash value for its key field. The hash value is +normally truncated to a power of 2, so make sure that your hash +function returns well mixed low order bits. The compare callback +takes two arguments (pointers to two hash table entries), and returns +0 if their keys are equal, nonzero otherwise.

    +

    If your hash table +will contain items of some particular type and the hash and +compare callbacks hash/compare these types, then the +IMPLEMENT_LHASH_HASH_FN and IMPLEMENT_LHASH_COMP_FN macros can be +used to create callback wrappers of the prototypes required by +lh_TYPE_new() as shown in this example:

    +
    + /*
+  * Implement the hash and compare functions; "stuff" can be any word.
+  */
+ static unsigned long stuff_hash(const TYPE *a)
+ {
+     ...
+ }
+ static int stuff_cmp(const TYPE *a, const TYPE *b)
+ {
+     ...
+ }
    +
    + /*
+  * Implement the wrapper functions.
+  */
+ static IMPLEMENT_LHASH_HASH_FN(stuff, TYPE)
+ static IMPLEMENT_LHASH_COMP_FN(stuff, TYPE)
    +

    If the type is going to be used in several places, the following macros +can be used in a common header file to declare the function wrappers:

    +
    + DECLARE_LHASH_HASH_FN(stuff, TYPE)
+ DECLARE_LHASH_COMP_FN(stuff, TYPE)
    +

    Then a hash table of TYPE objects can be created using this:

    +
    + LHASH_OF(TYPE) *htable;
    +
    + htable = B<lh_I<TYPE>_new>(LHASH_HASH_FN(stuff), LHASH_COMP_FN(stuff));
    +

    lh_TYPE_free() frees the LHASH_OF(TYPE) structure +table. Allocated hash table entries will not be freed; consider +using lh_TYPE_doall() to deallocate any remaining entries in the +hash table (see below).

    +

    lh_TYPE_flush() empties the LHASH_OF(TYPE) structure table. New +entries can be added to the flushed table. Allocated hash table entries +will not be freed; consider using lh_TYPE_doall() to deallocate any +remaining entries in the hash table (see below).

    +

    lh_TYPE_insert() inserts the structure pointed to by data into +table. If there already is an entry with the same key, the old +value is replaced. Note that lh_TYPE_insert() stores pointers, the +data are not copied.

    +

    lh_TYPE_delete() deletes an entry from table.

    +

    lh_TYPE_retrieve() looks up an entry in table. Normally, data +is a structure with the key field(s) set; the function will return a +pointer to a fully populated structure.

    +

    lh_TYPE_doall() will, for every entry in the hash table, call +func with the data item as its parameter. +For example:

    +
    + /* Cleans up resources belonging to 'a' (this is implemented elsewhere) */
+ void TYPE_cleanup_doall(TYPE *a);
    +
    + /* Implement a prototype-compatible wrapper for "TYPE_cleanup" */
+ IMPLEMENT_LHASH_DOALL_FN(TYPE_cleanup, TYPE)
    +
    + /* Call "TYPE_cleanup" against all items in a hash table. */
+ lh_TYPE_doall(hashtable, LHASH_DOALL_FN(TYPE_cleanup));
    +
    + /* Then the hash table itself can be deallocated */
+ lh_TYPE_free(hashtable);
    +

    When doing this, be careful if you delete entries from the hash table +in your callbacks: the table may decrease in size, moving the item +that you are currently on down lower in the hash table - this could +cause some entries to be skipped during the iteration. The second +best solution to this problem is to set hash->down_load=0 before +you start (which will stop the hash table ever decreasing in size). +The best solution is probably to avoid deleting items from the hash +table inside a "doall" callback!

    +

    lh_TYPE_doall_arg() is the same as lh_TYPE_doall() except that +func will be called with arg as the second argument and func +should be of type LHASH_DOALL_ARG_FN(TYPE) (a callback prototype +that is passed both the table entry and an extra argument). As with +lh_doall(), you can instead choose to declare your callback with a +prototype matching the types you are dealing with and use the +declare/implement macros to create compatible wrappers that cast +variables before calling your type-specific callbacks. An example of +this is demonstrated here (printing all hash table entries to a BIO +that is provided by the caller):

    +
    + /* Prints item 'a' to 'output_bio' (this is implemented elsewhere) */
+ void TYPE_print_doall_arg(const TYPE *a, BIO *output_bio);
    +
    + /* Implement a prototype-compatible wrapper for "TYPE_print" */
+ static IMPLEMENT_LHASH_DOALL_ARG_FN(TYPE, const TYPE, BIO)
    +
    + /* Print out the entire hashtable to a particular BIO */
+ lh_TYPE_doall_arg(hashtable, LHASH_DOALL_ARG_FN(TYPE_print), BIO,
+                   logging_bio);
    +

    lh_TYPE_error() can be used to determine if an error occurred in the last +operation.

    +

    +

    +
    +

    RETURN VALUES

    +

    lh_TYPE_new() returns NULL on error, otherwise a pointer to the new +LHASH structure.

    +

    When a hash table entry is replaced, lh_TYPE_insert() returns the value +being replaced. NULL is returned on normal operation and on error.

    +

    lh_TYPE_delete() returns the entry being deleted. NULL is returned if +there is no such value in the hash table.

    +

    lh_TYPE_retrieve() returns the hash table entry if it has been found, +NULL otherwise.

    +

    lh_TYPE_error() returns 1 if an error occurred in the last operation, 0 +otherwise. It's meaningful only after non-retrieve operations.

    +

    lh_TYPE_free(), lh_TYPE_flush(), lh_TYPE_doall() and +lh_TYPE_doall_arg() return no values.

    +

    +

    +
    +

    NOTE

    +

    The LHASH code is not thread safe. All updating operations, as well as +lh_TYPE_error() call must be performed under a write lock. All retrieve +operations should be performed under a read lock, unless accurate +usage statistics are desired. In which case, a write lock should be used +for retrieve operations as well. For output of the usage statistics, +using the functions from OPENSSL_LH_stats(3), a read lock suffices.

    +

    The LHASH code regards table entries as constant data. As such, it +internally represents lh_insert()'d items with a "const void *" +pointer type. This is why callbacks such as those used by lh_doall() +and lh_doall_arg() declare their prototypes with "const", even for the +parameters that pass back the table items' data pointers - for +consistency, user-provided data is "const" at all times as far as the +LHASH code is concerned. However, as callers are themselves providing +these pointers, they can choose whether they too should be treating +all such parameters as constant.

    +

    As an example, a hash table may be maintained by code that, for +reasons of encapsulation, has only "const" access to the data being +indexed in the hash table (ie. it is returned as "const" from +elsewhere in their code) - in this case the LHASH prototypes are +appropriate as-is. Conversely, if the caller is responsible for the +life-time of the data in question, then they may well wish to make +modifications to table item passed back in the lh_doall() or +lh_doall_arg() callbacks (see the "TYPE_cleanup" example above). If +so, the caller can either cast the "const" away (if they're providing +the raw callbacks themselves) or use the macros to declare/implement +the wrapper functions without "const" types.

    +

    Callers that only have "const" access to data they're indexing in a +table, yet declare callbacks without constant types (or cast the +"const" away themselves), are therefore creating their own risks/bugs +without being encouraged to do so by the API. On a related note, +those auditing code should pay special attention to any instances of +DECLARE/IMPLEMENT_LHASH_DOALL_[ARG_]_FN macros that provide types +without any "const" qualifiers.

    +

    +

    +
    +

    BUGS

    +

    lh_TYPE_insert() returns NULL both for success and error.

    +

    +

    +
    +

    SEE ALSO

    +

    OPENSSL_LH_stats(3)

    +

    +

    +
    +

    HISTORY

    +

    In OpenSSL 1.0.0, the lhash interface was revamped for better +type checking.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/OPENSSL_LH_stats.html b/linux_amd64/ssl/share/doc/openssl/html/man3/OPENSSL_LH_stats.html new file mode 100755 index 0000000..9d06eb5 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/OPENSSL_LH_stats.html @@ -0,0 +1,103 @@ + + + + +OPENSSL_LH_stats + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OPENSSL_LH_stats, OPENSSL_LH_node_stats, OPENSSL_LH_node_usage_stats, +OPENSSL_LH_stats_bio, +OPENSSL_LH_node_stats_bio, OPENSSL_LH_node_usage_stats_bio - LHASH statistics

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/lhash.h>
    +
    + void OPENSSL_LH_stats(LHASH *table, FILE *out);
+ void OPENSSL_LH_node_stats(LHASH *table, FILE *out);
+ void OPENSSL_LH_node_usage_stats(LHASH *table, FILE *out);
    +
    + void OPENSSL_LH_stats_bio(LHASH *table, BIO *out);
+ void OPENSSL_LH_node_stats_bio(LHASH *table, BIO *out);
+ void OPENSSL_LH_node_usage_stats_bio(LHASH *table, BIO *out);
    +

    +

    +
    +

    DESCRIPTION

    +

    The LHASH structure records statistics about most aspects of +accessing the hash table.

    +

    OPENSSL_LH_stats() prints out statistics on the size of the hash table, how +many entries are in it, and the number and result of calls to the +routines in this library.

    +

    OPENSSL_LH_node_stats() prints the number of entries for each 'bucket' in the +hash table.

    +

    OPENSSL_LH_node_usage_stats() prints out a short summary of the state of the +hash table. It prints the 'load' and the 'actual load'. The load is +the average number of data items per 'bucket' in the hash table. The +'actual load' is the average number of items per 'bucket', but only +for buckets which contain entries. So the 'actual load' is the +average number of searches that will need to find an item in the hash +table, while the 'load' is the average number that will be done to +record a miss.

    +

    OPENSSL_LH_stats_bio(), OPENSSL_LH_node_stats_bio() and OPENSSL_LH_node_usage_stats_bio() +are the same as the above, except that the output goes to a BIO.

    +

    +

    +
    +

    RETURN VALUES

    +

    These functions do not return values.

    +

    +

    +
    +

    NOTE

    +

    These calls should be made under a read lock. Refer to +OPENSSL_LH_COMPFUNC(3)/NOTE for more details about the locks required +when using the LHASH data structure.

    +

    +

    +
    +

    SEE ALSO

    +

    bio(7), OPENSSL_LH_COMPFUNC(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/OPENSSL_config.html b/linux_amd64/ssl/share/doc/openssl/html/man3/OPENSSL_config.html new file mode 100755 index 0000000..081814b --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/OPENSSL_config.html @@ -0,0 +1,126 @@ + + + + +OPENSSL_config + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OPENSSL_config, OPENSSL_no_config - simple OpenSSL configuration functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/conf.h>
    +

    Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + void OPENSSL_config(const char *appname);
+ void OPENSSL_no_config(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    OPENSSL_config() configures OpenSSL using the standard openssl.cnf and +reads from the application section appname. If appname is NULL then +the default section, openssl_conf, will be used. +Errors are silently ignored. +Multiple calls have no effect.

    +

    OPENSSL_no_config() disables configuration. If called before OPENSSL_config() +no configuration takes place.

    +

    If the application is built with OPENSSL_LOAD_CONF defined, then a +call to OpenSSL_add_all_algorithms() will implicitly call OPENSSL_config() +first.

    +

    +

    +
    +

    NOTES

    +

    The OPENSSL_config() function is designed to be a very simple "call it and +forget it" function. +It is however much better than nothing. Applications which need finer +control over their configuration functionality should use the configuration +functions such as CONF_modules_load() directly. This function is deprecated +and its use should be avoided. +Applications should instead call CONF_modules_load() during +initialization (that is before starting any threads).

    +

    There are several reasons why calling the OpenSSL configuration routines is +advisable. For example, to load dynamic ENGINEs from shared libraries (DSOs). +However very few applications currently support the control interface and so +very few can load and use dynamic ENGINEs. Equally in future more sophisticated +ENGINEs will require certain control operations to customize them. If an +application calls OPENSSL_config() it doesn't need to know or care about +ENGINE control operations because they can be performed by editing a +configuration file.

    +

    +

    +
    +

    ENVIRONMENT

    +
    +
    OPENSSL_CONF
    + +
    +

    The path to the config file. +Ignored in set-user-ID and set-group-ID programs.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    Neither OPENSSL_config() nor OPENSSL_no_config() return a value.

    +

    +

    +
    +

    SEE ALSO

    +

    config(5), +CONF_modules_load_file(3)

    +

    +

    +
    +

    HISTORY

    +

    The OPENSSL_no_config() and OPENSSL_config() functions were +deprecated in OpenSSL 1.1.0 by OPENSSL_init_crypto().

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/OPENSSL_fork_prepare.html b/linux_amd64/ssl/share/doc/openssl/html/man3/OPENSSL_fork_prepare.html new file mode 100755 index 0000000..3c7bd2c --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/OPENSSL_fork_prepare.html @@ -0,0 +1,100 @@ + + + + +OPENSSL_fork_prepare + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OPENSSL_fork_prepare, +OPENSSL_fork_parent, +OPENSSL_fork_child +- OpenSSL fork handlers

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/crypto.h>
    +
    + void OPENSSL_fork_prepare(void);
+ void OPENSSL_fork_parent(void);
+ void OPENSSL_fork_child(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    OpenSSL has state that should be reset when a process forks. For example, +the entropy pool used to generate random numbers (and therefore encryption +keys) should not be shared across multiple programs. +The OPENSSL_fork_prepare(), OPENSSL_fork_parent(), and OPENSSL_fork_child() +functions are used to reset this internal state.

    +

    Platforms without fork(2) will probably not need to use these functions. +Platforms with fork(2) but without pthread_atfork(3) will probably need +to call them manually, as described in the following paragraph. Platforms +such as Linux that have both functions will normally not need to call these +functions as the OpenSSL library will do so automatically.

    +

    OPENSSL_init_crypto(3) will register these functions with the appropriate +handler, when the OPENSSL_INIT_ATFORK flag is used. For other +applications, these functions can be called directly. They should be used +according to the calling sequence described by the pthread_atfork(3) +documentation, which is summarized here. OPENSSL_fork_prepare() should +be called before a fork() is done. After the fork() returns, the parent +process should call OPENSSL_fork_parent() and the child process should +call OPENSSL_fork_child().

    +

    +

    +
    +

    RETURN VALUES

    +

    OPENSSL_fork_prepare(), OPENSSL_fork_parent() and OPENSSL_fork_child() do not +return values.

    +

    +

    +
    +

    SEE ALSO

    +

    OPENSSL_init_crypto(3)

    +

    +

    +
    +

    HISTORY

    +

    These functions were added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/OPENSSL_hexchar2int.html b/linux_amd64/ssl/share/doc/openssl/html/man3/OPENSSL_hexchar2int.html new file mode 100755 index 0000000..1e9bd77 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/OPENSSL_hexchar2int.html @@ -0,0 +1,103 @@ + + + + +OPENSSL_hexchar2int + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    OPENSSL_hexchar2int, +OPENSSL_hexstr2buf_ex, OPENSSL_hexstr2buf, +OPENSSL_buf2hexstr_ex, OPENSSL_buf2hexstr +- Hex encoding and decoding functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/crypto.h>
    +
    + int OPENSSL_hexchar2int(unsigned char c);
+ int OPENSSL_hexstr2buf_ex(unsigned char *buf, size_t buf_n, long *buflen,
+                           const char *str);
+ unsigned char *OPENSSL_hexstr2buf(const char *str, long *len);
+ int OPENSSL_buf2hexstr_ex(char *str, size_t str_n, size_t *strlen,
+                           const unsigned char *buf, long buflen);
+ char *OPENSSL_buf2hexstr(const unsigned char *buf, long buflen);
    +

    +

    +
    +

    DESCRIPTION

    +

    OPENSSL_hexchar2int() converts a hexadecimal character to its numeric +equivalent.

    +

    OPENSSL_hexstr2buf_ex() decodes the hex string str and places the +resulting string of bytes in the given buf. +buf_n gives the size of the buffer. +If buflen is not NULL, it is filled in with the result length. +To find out how large the result will be, call this function with NULL +for buf. +Colons between two-character hex "bytes" are accepted and ignored. +An odd number of hex digits is an error.

    +

    OPENSSL_hexstr2buf() does the same thing as OPENSSL_hexstr2buf_ex(), +but allocates the space for the result, and returns the result. +The memory is allocated by calling OPENSSL_malloc() and should be +released by calling OPENSSL_free().

    +

    OPENSSL_buf2hexstr_ex() encodes the contents of the given buf with +length buflen and places the resulting hexadecimal character string +in the given str. +str_n gives the size of the of the string buffer. +If strlen is not NULL, it is filled in with the result length. +To find out how large the result will be, call this function with NULL +for str.

    +

    OPENSSL_buf2hexstr() does the same thing as OPENSSL_buf2hexstr_ex(), +but allocates the space for the result, and returns the result. +The memory is allocated by calling OPENSSL_malloc() and should be +released by calling OPENSSL_free().

    +

    +

    +
    +

    RETURN VALUES

    +

    OPENSSL_hexchar2int returns the value of a decoded hex character, +or -1 on error.

    +

    OPENSSL_buf2hexstr() and OPENSSL_hexstr2buf() +return a pointer to allocated memory, or NULL on error.

    +

    OPENSSL_buf2hexstr_ex() and OPENSSL_hexstr2buf_ex() return 1 on +success, or 0 on error.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/OPENSSL_ia32cap.html b/linux_amd64/ssl/share/doc/openssl/html/man3/OPENSSL_ia32cap.html new file mode 100755 index 0000000..9508fb0 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/OPENSSL_ia32cap.html @@ -0,0 +1,194 @@ + + + + +OPENSSL_ia32cap + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    OPENSSL_ia32cap - the x86[_64] processor capabilities vector

    +

    +

    +
    +

    SYNOPSIS

    +
    + env OPENSSL_ia32cap=... <application>
    +

    +

    +
    +

    DESCRIPTION

    +

    OpenSSL supports a range of x86[_64] instruction set extensions. These +extensions are denoted by individual bits in capability vector returned +by processor in EDX:ECX register pair after executing CPUID instruction +with EAX=1 input value (see Intel Application Note #241618). This vector +is copied to memory upon toolkit initialization and used to choose +between different code paths to provide optimal performance across wide +range of processors. For the moment of this writing following bits are +significant:

    +
    +
    bit #4 denoting presence of Time-Stamp Counter.
    + +
    bit #19 denoting availability of CLFLUSH instruction;
    + +
    bit #20, reserved by Intel, is used to choose among RC4 code paths;
    + +
    bit #23 denoting MMX support;
    + +
    bit #24, FXSR bit, denoting availability of XMM registers;
    + +
    bit #25 denoting SSE support;
    + +
    bit #26 denoting SSE2 support;
    + +
    bit #28 denoting Hyperthreading, which is used to distinguish +cores with shared cache;
    + +
    bit #30, reserved by Intel, denotes specifically Intel CPUs;
    + +
    bit #33 denoting availability of PCLMULQDQ instruction;
    + +
    bit #41 denoting SSSE3, Supplemental SSE3, support;
    + +
    bit #43 denoting AMD XOP support (forced to zero on non-AMD CPUs);
    + +
    bit #54 denoting availability of MOVBE instruction;
    + +
    bit #57 denoting AES-NI instruction set extension;
    + +
    bit #58, XSAVE bit, lack of which in combination with MOVBE is used +to identify Atom Silvermont core;
    + +
    bit #59, OSXSAVE bit, denoting availability of YMM registers;
    + +
    bit #60 denoting AVX extension;
    + +
    bit #62 denoting availability of RDRAND instruction;
    + +
    +

    For example, in 32-bit application context clearing bit #26 at run-time +disables high-performance SSE2 code present in the crypto library, while +clearing bit #24 disables SSE2 code operating on 128-bit XMM register +bank. You might have to do the latter if target OpenSSL application is +executed on SSE2 capable CPU, but under control of OS that does not +enable XMM registers. Historically address of the capability vector copy +was exposed to application through OPENSSL_ia32cap_loc(), but not +anymore. Now the only way to affect the capability detection is to set +OPENSSL_ia32cap environment variable prior target application start. To +give a specific example, on Intel P4 processor +env OPENSSL_ia32cap=0x16980010 apps/openssl, or better yet +env OPENSSL_ia32cap=~0x1000000 apps/openssl would achieve the desired +effect. Alternatively you can reconfigure the toolkit with no-sse2 +option and recompile.

    +

    Less intuitive is clearing bit #28, or ~0x10000000 in the "environment +variable" terms. The truth is that it's not copied from CPUID output +verbatim, but is adjusted to reflect whether or not the data cache is +actually shared between logical cores. This in turn affects the decision +on whether or not expensive countermeasures against cache-timing attacks +are applied, most notably in AES assembler module.

    +

    The capability vector is further extended with EBX value returned by +CPUID with EAX=7 and ECX=0 as input. Following bits are significant:

    +
    +
    bit #64+3 denoting availability of BMI1 instructions, e.g. ANDN;
    + +
    bit #64+5 denoting availability of AVX2 instructions;
    + +
    bit #64+8 denoting availability of BMI2 instructions, e.g. MULX +and RORX;
    + +
    bit #64+16 denoting availability of AVX512F extension;
    + +
    bit #64+18 denoting availability of RDSEED instruction;
    + +
    bit #64+19 denoting availability of ADCX and ADOX instructions;
    + +
    bit #64+21 denoting availability of VPMADD52[LH]UQ instructions, +a.k.a. AVX512IFMA extension;
    + +
    bit #64+29 denoting availability of SHA extension;
    + +
    bit #64+30 denoting availability of AVX512BW extension;
    + +
    bit #64+31 denoting availability of AVX512VL extension;
    + +
    bit #64+41 denoting availability of VAES extension;
    + +
    bit #64+42 denoting availability of VPCLMULQDQ extension;
    + +
    +

    To control this extended capability word use : as delimiter when +setting up OPENSSL_ia32cap environment variable. For example assigning +:~0x20 would disable AVX2 code paths, and :0 - all post-AVX +extensions.

    +

    It should be noted that whether or not some of the most "fancy" +extension code paths are actually assembled depends on current assembler +version. Base minimum of AES-NI/PCLMULQDQ, SSSE3 and SHA extension code +paths are always assembled. Apart from that, minimum assembler version +requirements are summarized in below table:

    +
    +   Extension   | GNU as | nasm   | llvm
+   ------------+--------+--------+--------
+   AVX         | 2.19   | 2.09   | 3.0
+   AVX2        | 2.22   | 2.10   | 3.1
+   ADCX/ADOX   | 2.23   | 2.10   | 3.3
+   AVX512      | 2.25   | 2.11.8 | see NOTES
+   AVX512IFMA  | 2.26   | 2.11.8 | see NOTES
+   VAES        | 2.30   | 2.13.3 |
    +

    +

    +
    +

    NOTES

    +

    Even though AVX512 support was implemented in llvm 3.6, compilation of +assembly modules apparently requires explicit -march flag. But then +compiler generates processor-specific code, which in turn contradicts +the mere idea of run-time switch execution facilitated by the variable +in question. Till the limitation is lifted, it's possible to work around +the problem by making build procedure use following script:

    +
    +   #!/bin/sh
+   exec clang -no-integrated-as "$@"
    +

    instead of real clang. In which case it doesn't matter which clang +version is used, as it is GNU assembler version that will be checked.

    +

    +

    +
    +

    RETURN VALUES

    +

    Not available.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/OPENSSL_init_crypto.html b/linux_amd64/ssl/share/doc/openssl/html/man3/OPENSSL_init_crypto.html new file mode 100755 index 0000000..d9c6277 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/OPENSSL_init_crypto.html @@ -0,0 +1,335 @@ + + + + +OPENSSL_init_crypto + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OPENSSL_INIT_new, OPENSSL_INIT_set_config_filename, +OPENSSL_INIT_set_config_appname, OPENSSL_INIT_set_config_file_flags, +OPENSSL_INIT_free, OPENSSL_init_crypto, OPENSSL_cleanup, OPENSSL_atexit, +OPENSSL_thread_stop_ex, OPENSSL_thread_stop - OpenSSL initialisation +and deinitialisation functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/crypto.h>
    +
    + void OPENSSL_cleanup(void);
+ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
+ int OPENSSL_atexit(void (*handler)(void));
+ void OPENSSL_thread_stop_ex(OPENSSL_CTX *ctx);
+ void OPENSSL_thread_stop(void);
    +
    + OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void);
+ int OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *init,
+                                      const char* filename);
+ int OPENSSL_INIT_set_config_file_flags(OPENSSL_INIT_SETTINGS *init,
+                                        unsigned long flags);
+ int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *init,
+                                     const char* name);
+ void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *init);
    +

    +

    +
    +

    DESCRIPTION

    +

    During normal operation OpenSSL (libcrypto) will allocate various resources at +start up that must, subsequently, be freed on close down of the library. +Additionally some resources are allocated on a per thread basis (if the +application is multi-threaded), and these resources must be freed prior to the +thread closing.

    +

    As of version 1.1.0 OpenSSL will automatically allocate all resources that it +needs so no explicit initialisation is required. Similarly it will also +automatically deinitialise as required.

    +

    However, there may be situations when explicit initialisation is desirable or +needed, for example when some non-default initialisation is required. The +function OPENSSL_init_crypto() can be used for this purpose for +libcrypto (see also OPENSSL_init_ssl(3) for the libssl +equivalent).

    +

    Numerous internal OpenSSL functions call OPENSSL_init_crypto(). +Therefore, in order to perform non-default initialisation, +OPENSSL_init_crypto() MUST be called by application code prior to +any other OpenSSL function calls.

    +

    The opts parameter specifies which aspects of libcrypto should be +initialised. Valid options are:

    +
    +
    OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS
    + +
    +

    Suppress automatic loading of the libcrypto error strings. This option is +not a default option. Once selected subsequent calls to +OPENSSL_init_crypto() with the option +OPENSSL_INIT_LOAD_CRYPTO_STRINGS will be ignored.

    +
    +
    OPENSSL_INIT_LOAD_CRYPTO_STRINGS
    + +
    +

    Automatic loading of the libcrypto error strings. With this option the +library will automatically load the libcrypto error strings. +This option is a default option. Once selected subsequent calls to +OPENSSL_init_crypto() with the option +OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS will be ignored.

    +
    +
    OPENSSL_INIT_ADD_ALL_CIPHERS
    + +
    +

    With this option the library will automatically load and make available all +libcrypto ciphers. This option is a default option. Once selected subsequent +calls to OPENSSL_init_crypto() with the option +OPENSSL_INIT_NO_ADD_ALL_CIPHERS will be ignored.

    +
    +
    OPENSSL_INIT_ADD_ALL_DIGESTS
    + +
    +

    With this option the library will automatically load and make available all +libcrypto digests. This option is a default option. Once selected subsequent +calls to OPENSSL_init_crypto() with the option +OPENSSL_INIT_NO_ADD_ALL_CIPHERS will be ignored.

    +
    +
    OPENSSL_INIT_NO_ADD_ALL_CIPHERS
    + +
    +

    With this option the library will suppress automatic loading of libcrypto +ciphers. This option is not a default option. Once selected subsequent +calls to OPENSSL_init_crypto() with the option +OPENSSL_INIT_ADD_ALL_CIPHERS will be ignored.

    +
    +
    OPENSSL_INIT_NO_ADD_ALL_DIGESTS
    + +
    +

    With this option the library will suppress automatic loading of libcrypto +digests. This option is not a default option. Once selected subsequent +calls to OPENSSL_init_crypto() with the option +OPENSSL_INIT_ADD_ALL_DIGESTS will be ignored.

    +
    +
    OPENSSL_INIT_LOAD_CONFIG
    + +
    +

    With this option an OpenSSL configuration file will be automatically loaded and +used by calling OPENSSL_config(). This is a default option. +Note that in OpenSSL 1.1.1 this was the default for libssl but not for +libcrypto (see OPENSSL_init_ssl(3) for further details about libssl +initialisation). +In OpenSSL 1.1.0 this was a non-default option for both libssl and libcrypto. +See the description of OPENSSL_INIT_new(), below.

    +
    +
    OPENSSL_INIT_NO_LOAD_CONFIG
    + +
    +

    With this option the loading of OpenSSL configuration files will be suppressed. +It is the equivalent of calling OPENSSL_no_config(). This is not a default +option.

    +
    +
    OPENSSL_INIT_ASYNC
    + +
    +

    With this option the library with automatically initialise the libcrypto async +sub-library (see ASYNC_start_job(3)). This is a default option.

    +
    +
    OPENSSL_INIT_ENGINE_RDRAND
    + +
    +

    With this option the library will automatically load and initialise the +RDRAND engine (if available). This not a default option.

    +
    +
    OPENSSL_INIT_ENGINE_DYNAMIC
    + +
    +

    With this option the library will automatically load and initialise the +dynamic engine. This not a default option.

    +
    +
    OPENSSL_INIT_ENGINE_OPENSSL
    + +
    +

    With this option the library will automatically load and initialise the +openssl engine. This not a default option.

    +
    +
    OPENSSL_INIT_ENGINE_CRYPTODEV
    + +
    +

    With this option the library will automatically load and initialise the +cryptodev engine (if available). This not a default option.

    +
    +
    OPENSSL_INIT_ENGINE_CAPI
    + +
    +

    With this option the library will automatically load and initialise the +CAPI engine (if available). This not a default option.

    +
    +
    OPENSSL_INIT_ENGINE_PADLOCK
    + +
    +

    With this option the library will automatically load and initialise the +padlock engine (if available). This not a default option.

    +
    +
    OPENSSL_INIT_ENGINE_AFALG
    + +
    +

    With this option the library will automatically load and initialise the +AFALG engine. This not a default option.

    +
    +
    OPENSSL_INIT_ENGINE_ALL_BUILTIN
    + +
    +

    With this option the library will automatically load and initialise all the +built in engines listed above with the exception of the openssl and afalg +engines. This not a default option.

    +
    +
    OPENSSL_INIT_ATFORK
    + +
    +

    With this option the library will register its fork handlers. +See OPENSSL_fork_prepare(3) for details.

    +
    +
    OPENSSL_INIT_NO_ATEXIT
    + +
    +

    By default OpenSSL will attempt to clean itself up when the process exits via an +"atexit" handler. Using this option suppresses that behaviour. This means that +the application will have to clean up OpenSSL explicitly using +OPENSSL_cleanup().

    +
    +
    +

    Multiple options may be combined together in a single call to +OPENSSL_init_crypto(). For example:

    +
    + OPENSSL_init_crypto(OPENSSL_INIT_NO_ADD_ALL_CIPHERS
+                     | OPENSSL_INIT_NO_ADD_ALL_DIGESTS, NULL);
    +

    The OPENSSL_cleanup() function deinitialises OpenSSL (both libcrypto +and libssl). All resources allocated by OpenSSL are freed. Typically there +should be no need to call this function directly as it is initiated +automatically on application exit. This is done via the standard C library +atexit() function. In the event that the application will close in a manner +that will not call the registered atexit() handlers then the application should +call OPENSSL_cleanup() directly. Developers of libraries using OpenSSL +are discouraged from calling this function and should instead, typically, rely +on auto-deinitialisation. This is to avoid error conditions where both an +application and a library it depends on both use OpenSSL, and the library +deinitialises it before the application has finished using it.

    +

    Once OPENSSL_cleanup() has been called the library cannot be reinitialised. +Attempts to call OPENSSL_init_crypto() will fail and an ERR_R_INIT_FAIL error +will be added to the error stack. Note that because initialisation has failed +OpenSSL error strings will not be available, only an error code. This code can +be put through the openssl errstr command line application to produce a human +readable error (see openssl-errstr(1)).

    +

    The OPENSSL_atexit() function enables the registration of a +function to be called during OPENSSL_cleanup(). Stop handlers are +called after deinitialisation of resources local to a thread, but before other +process wide resources are freed. In the event that multiple stop handlers are +registered, no guarantees are made about the order of execution.

    +

    The OPENSSL_thread_stop_ex() function deallocates resources associated +with the current thread for the given OPENSSL_CTX ctx. The ctx parameter +can be NULL in which case the default OPENSSL_CTX is used.

    +

    Typically, this function will be called automatically by the library when +the thread exits as long as the OPENSSL_CTX has not been freed before the thread +exits. If OPENSSL_CTX_free() is called OPENSSL_thread_stop_ex will be called +automatically for the current thread (but not any other threads that may have +used this OPENSSL_CTX).

    +

    OPENSSL_thread_stop_ex should be called on all threads that will exit after the +OPENSSL_CTX is freed. +Typically this is not necessary for the default OPENSSL_CTX (because all +resources are cleaned up on library exit) except if thread local resources +should be freed before library exit, or under the circumstances described in +the NOTES section below.

    +

    OPENSSL_thread_stop() is the same as OPENSSL_thread_stop_ex() except that the +default OPENSSL_CTX is always used.

    +

    The OPENSSL_INIT_LOAD_CONFIG flag will load a configuration file, as with +CONF_modules_load_file(3) with NULL filename and application name and the +CONF_MFLAGS_IGNORE_MISSING_FILE, CONF_MFLAGS_IGNORE_RETURN_CODES and +CONF_MFLAGS_DEFAULT_SECTION flags. +The filename, application name, and flags can be customized by providing a +non-null OPENSSL_INIT_SETTINGS object. +The object can be allocated via OPENSSL_INIT_new(). +The OPENSSL_INIT_set_config_filename() function can be used to specify a +non-default filename, which is copied and need not refer to persistent storage. +Similarly, OPENSSL_INIT_set_config_appname() can be used to specify a +non-default application name. +Finally, OPENSSL_INIT_set_file_flags can be used to specify non-default flags. +If the CONF_MFLAGS_IGNORE_RETURN_CODES flag is not included, any errors in +the configuration file will cause an error return from OPENSSL_init_crypto +or indirectly OPENSSL_init_ssl(3). +The object can be released with OPENSSL_INIT_free() when done.

    +

    +

    +
    +

    NOTES

    +

    Resources local to a thread are deallocated automatically when the thread exits +(e.g. in a pthreads environment, when pthread_exit() is called). On Windows +platforms this is done in response to a DLL_THREAD_DETACH message being sent to +the libcrypto32.dll entry point. Some windows functions may cause threads to exit +without sending this message (for example ExitProcess()). If the application +uses such functions, then the application must free up OpenSSL resources +directly via a call to OPENSSL_thread_stop() on each thread. Similarly this +message will also not be sent if OpenSSL is linked statically, and therefore +applications using static linking should also call OPENSSL_thread_stop() on each +thread. Additionally if OpenSSL is loaded dynamically via LoadLibrary() and the +threads are not destroyed until after FreeLibrary() is called then each thread +should call OPENSSL_thread_stop() prior to the FreeLibrary() call.

    +

    On Linux/Unix where OpenSSL has been loaded via dlopen() and the application is +multi-threaded and if dlclose() is subsequently called prior to the threads +being destroyed then OpenSSL will not be able to deallocate resources associated +with those threads. The application should either call OPENSSL_thread_stop() on +each thread prior to the dlclose() call, or alternatively the original dlopen() +call should use the RTLD_NODELETE flag (where available on the platform).

    +

    +

    +
    +

    RETURN VALUES

    +

    The functions OPENSSL_init_crypto, OPENSSL_atexit() and +OPENSSL_INIT_set_config_appname() return 1 on success or 0 on error.

    +

    +

    +
    +

    SEE ALSO

    +

    OPENSSL_init_ssl(3)

    +

    +

    +
    +

    HISTORY

    +

    The OPENSSL_init_crypto(), OPENSSL_cleanup(), OPENSSL_atexit(), +OPENSSL_thread_stop(), OPENSSL_INIT_new(), OPENSSL_INIT_set_config_appname() +and OPENSSL_INIT_free() functions were added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/OPENSSL_init_ssl.html b/linux_amd64/ssl/share/doc/openssl/html/man3/OPENSSL_init_ssl.html new file mode 100755 index 0000000..df977fe --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/OPENSSL_init_ssl.html @@ -0,0 +1,118 @@ + + + + +OPENSSL_init_ssl + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OPENSSL_init_ssl - OpenSSL (libssl and libcrypto) initialisation

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
    +

    +

    +
    +

    DESCRIPTION

    +

    During normal operation OpenSSL (libssl and libcrypto) will allocate various +resources at start up that must, subsequently, be freed on close down of the +library. Additionally some resources are allocated on a per thread basis (if the +application is multi-threaded), and these resources must be freed prior to the +thread closing.

    +

    As of version 1.1.0 OpenSSL will automatically allocate all resources that it +needs so no explicit initialisation is required. Similarly it will also +automatically deinitialise as required.

    +

    However, there may be situations when explicit initialisation is desirable or +needed, for example when some non-default initialisation is required. The +function OPENSSL_init_ssl() can be used for this purpose. Calling +this function will explicitly initialise BOTH libcrypto and libssl. To +explicitly initialise ONLY libcrypto see the +OPENSSL_init_crypto(3) function.

    +

    Numerous internal OpenSSL functions call OPENSSL_init_ssl(). +Therefore, in order to perform non-default initialisation, +OPENSSL_init_ssl() MUST be called by application code prior to +any other OpenSSL function calls.

    +

    The opts parameter specifies which aspects of libssl and libcrypto should be +initialised. Valid options for libcrypto are described on the +OPENSSL_init_crypto(3) page. In addition to any libcrypto +specific option the following libssl options can also be used:

    +
    +
    OPENSSL_INIT_NO_LOAD_SSL_STRINGS
    + +
    +

    Suppress automatic loading of the libssl error strings. This option is +not a default option. Once selected subsequent calls to +OPENSSL_init_ssl() with the option +OPENSSL_INIT_LOAD_SSL_STRINGS will be ignored.

    +
    +
    OPENSSL_INIT_LOAD_SSL_STRINGS
    + +
    +

    Automatic loading of the libssl error strings. This option is a +default option. Once selected subsequent calls to +OPENSSL_init_ssl() with the option +OPENSSL_INIT_LOAD_SSL_STRINGS will be ignored.

    +
    +
    +

    OPENSSL_init_ssl() takes a settings parameter which can be used to +set parameter values. See OPENSSL_init_crypto(3) for details.

    +

    +

    +
    +

    RETURN VALUES

    +

    The function OPENSSL_init_ssl() returns 1 on success or 0 on error.

    +

    +

    +
    +

    SEE ALSO

    +

    OPENSSL_init_crypto(3)

    +

    +

    +
    +

    HISTORY

    +

    The OPENSSL_init_ssl() function was added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/OPENSSL_instrument_bus.html b/linux_amd64/ssl/share/doc/openssl/html/man3/OPENSSL_instrument_bus.html new file mode 100755 index 0000000..56156ce --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/OPENSSL_instrument_bus.html @@ -0,0 +1,85 @@ + + + + +OPENSSL_instrument_bus + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    OPENSSL_instrument_bus, OPENSSL_instrument_bus2 - instrument references to memory bus

    +

    +

    +
    +

    SYNOPSIS

    +
    + #ifdef OPENSSL_CPUID_OBJ
+ size_t OPENSSL_instrument_bus(int *vector, size_t num);
+ size_t OPENSSL_instrument_bus2(int *vector, size_t num, size_t max);
+ #endif
    +

    +

    +
    +

    DESCRIPTION

    +

    It was empirically found that timings of references to primary memory +are subject to irregular, apparently non-deterministic variations. The +subroutines in question instrument these references for purposes of +gathering randomness for random number generator. In order to make it +bus-bound a 'flush cache line' instruction is used between probes. In +addition probes are added to vector elements in atomic or +interlocked manner, which should contribute additional noise on +multi-processor systems. This also means that vector[num] should be +zeroed upon invocation (if you want to retrieve actual probe values).

    +

    OPENSSL_instrument_bus() performs num probes and records the number of +oscillator cycles every probe took.

    +

    OPENSSL_instrument_bus2() on the other hand accumulates consecutive +probes with the same value, i.e. in a way it records duration of +periods when probe values appeared deterministic. The subroutine +performs at most max probes in attempt to fill the vector[num], +with max value of 0 meaning "as many as it takes."

    +

    +

    +
    +

    RETURN VALUES

    +

    Return value of 0 indicates that CPU is not capable of performing the +benchmark, either because oscillator counter or 'flush cache line' is +not available on current platform. For reference, on x86 'flush cache +line' was introduced with the SSE2 extensions.

    +

    Otherwise number of recorded values is returned.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/OPENSSL_load_builtin_modules.html b/linux_amd64/ssl/share/doc/openssl/html/man3/OPENSSL_load_builtin_modules.html new file mode 100755 index 0000000..6762d5f --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/OPENSSL_load_builtin_modules.html @@ -0,0 +1,91 @@ + + + + +OPENSSL_load_builtin_modules + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OPENSSL_load_builtin_modules, ASN1_add_oid_module, ENGINE_add_conf_module - add standard configuration modules

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/conf.h>
    +
    + void OPENSSL_load_builtin_modules(void);
+ void ASN1_add_oid_module(void);
+ void ENGINE_add_conf_module(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    The function OPENSSL_load_builtin_modules() adds all the standard OpenSSL +configuration modules to the internal list. They can then be used by the +OpenSSL configuration code.

    +

    ASN1_add_oid_module() adds just the ASN1 OBJECT module.

    +

    ENGINE_add_conf_module() adds just the ENGINE configuration module.

    +

    +

    +
    +

    NOTES

    +

    If the simple configuration function OPENSSL_config() is called then +OPENSSL_load_builtin_modules() is called automatically.

    +

    Applications which use the configuration functions directly will need to +call OPENSSL_load_builtin_modules() themselves before any other +configuration code.

    +

    Applications should call OPENSSL_load_builtin_modules() to load all +configuration modules instead of adding modules selectively: otherwise +functionality may be missing from the application if an when new +modules are added.

    +

    +

    +
    +

    RETURN VALUES

    +

    None of the functions return a value.

    +

    +

    +
    +

    SEE ALSO

    +

    config(5), OPENSSL_config(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/OPENSSL_malloc.html b/linux_amd64/ssl/share/doc/openssl/html/man3/OPENSSL_malloc.html new file mode 100755 index 0000000..aa1b625 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/OPENSSL_malloc.html @@ -0,0 +1,226 @@ + + + + +OPENSSL_malloc + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OPENSSL_malloc_init, +OPENSSL_malloc, OPENSSL_zalloc, OPENSSL_realloc, OPENSSL_free, +OPENSSL_clear_realloc, OPENSSL_clear_free, OPENSSL_cleanse, +CRYPTO_malloc, CRYPTO_zalloc, CRYPTO_realloc, CRYPTO_free, +OPENSSL_strdup, OPENSSL_strndup, +OPENSSL_memdup, OPENSSL_strlcpy, OPENSSL_strlcat, +CRYPTO_strdup, CRYPTO_strndup, +OPENSSL_mem_debug_push, OPENSSL_mem_debug_pop, +CRYPTO_mem_debug_push, CRYPTO_mem_debug_pop, +CRYPTO_clear_realloc, CRYPTO_clear_free, +CRYPTO_malloc_fn, CRYPTO_realloc_fn, CRYPTO_free_fn, +CRYPTO_get_mem_functions, CRYPTO_set_mem_functions, +CRYPTO_get_alloc_counts, +CRYPTO_set_mem_debug, CRYPTO_mem_ctrl, +CRYPTO_mem_leaks, CRYPTO_mem_leaks_fp, CRYPTO_mem_leaks_cb, +OPENSSL_MALLOC_FAILURES, +OPENSSL_MALLOC_FD +- Memory allocation functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/crypto.h>
    +
    + int OPENSSL_malloc_init(void);
    +
    + void *OPENSSL_malloc(size_t num);
+ void *OPENSSL_zalloc(size_t num);
+ void *OPENSSL_realloc(void *addr, size_t num);
+ void OPENSSL_free(void *addr);
+ char *OPENSSL_strdup(const char *str);
+ char *OPENSSL_strndup(const char *str, size_t s);
+ size_t OPENSSL_strlcat(char *dst, const char *src, size_t size);
+ size_t OPENSSL_strlcpy(char *dst, const char *src, size_t size);
+ void *OPENSSL_memdup(void *data, size_t s);
+ void *OPENSSL_clear_realloc(void *p, size_t old_len, size_t num);
+ void OPENSSL_clear_free(void *str, size_t num);
+ void OPENSSL_cleanse(void *ptr, size_t len);
    +
    + void *CRYPTO_malloc(size_t num, const char *file, int line);
+ void *CRYPTO_zalloc(size_t num, const char *file, int line);
+ void *CRYPTO_realloc(void *p, size_t num, const char *file, int line);
+ void CRYPTO_free(void *str, const char *, int);
+ char *CRYPTO_strdup(const char *p, const char *file, int line);
+ char *CRYPTO_strndup(const char *p, size_t num, const char *file, int line);
+ void *CRYPTO_clear_realloc(void *p, size_t old_len, size_t num,
+                            const char *file, int line);
+ void CRYPTO_clear_free(void *str, size_t num, const char *, int)
    +
    + typedef void *(*CRYPTO_malloc_fn)(size_t num, const char *file, int line);
+ typedef void *(*CRYPTO_realloc_fn)(void *addr, size_t num, const char *file,
+                                    int line);
+ typedef void (*CRYPTO_free_fn)(void *addr, const char *file, int line);
+ void CRYPTO_get_mem_functions(CRYPTO_malloc_fn *malloc_fn,
+                               CRYPTO_realloc_fn *realloc_fn,
+                               CRYPTO_free_fn *free_fn);
+ int CRYPTO_set_mem_functions(CRYPTO_malloc_fn malloc_fn,
+                              CRYPTO_realloc_fn realloc_fn,
+                              CRYPTO_free_fn free_fn);
    +
    + void CRYPTO_get_alloc_counts(int *mcount, int *rcount, int *fcount);
    +
    + env OPENSSL_MALLOC_FAILURES=... <application>
+ env OPENSSL_MALLOC_FD=... <application>
    +

    Deprecated:

    +
    + int CRYPTO_mem_leaks(BIO *b);
+ int CRYPTO_mem_leaks_fp(FILE *fp);
+ int CRYPTO_mem_leaks_cb(int (*cb)(const char *str, size_t len, void *u),
+                         void *u);
    +
    + int CRYPTO_set_mem_debug(int onoff)
+ int CRYPTO_mem_ctrl(int mode);
+ int OPENSSL_mem_debug_push(const char *info)
+ int OPENSSL_mem_debug_pop(void);
+ int CRYPTO_mem_debug_push(const char *info, const char *file, int line);
+ int CRYPTO_mem_debug_pop(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    OpenSSL memory allocation is handled by the OPENSSL_xxx API. These are +generally macro's that add the standard C __FILE__ and __LINE__ +parameters and call a lower-level CRYPTO_xxx API. +Some functions do not add those parameters, but exist for consistency.

    +

    OPENSSL_malloc_init() does nothing and does not need to be called. It is +included for compatibility with older versions of OpenSSL.

    +

    OPENSSL_malloc(), OPENSSL_realloc(), and OPENSSL_free() are like the +C malloc(), realloc(), and free() functions. +OPENSSL_zalloc() calls memset() to zero the memory before returning.

    +

    OPENSSL_clear_realloc() and OPENSSL_clear_free() should be used +when the buffer at addr holds sensitive information. +The old buffer is filled with zero's by calling OPENSSL_cleanse() +before ultimately calling OPENSSL_free().

    +

    OPENSSL_cleanse() fills ptr of size len with a string of 0's. +Use OPENSSL_cleanse() with care if the memory is a mapping of a file. +If the storage controller uses write compression, then its possible +that sensitive tail bytes will survive zeroization because the block of +zeros will be compressed. If the storage controller uses wear leveling, +then the old sensitive data will not be overwritten; rather, a block of +0's will be written at a new physical location.

    +

    OPENSSL_strdup(), OPENSSL_strndup() and OPENSSL_memdup() are like the +equivalent C functions, except that memory is allocated by calling the +OPENSSL_malloc() and should be released by calling OPENSSL_free().

    +

    OPENSSL_strlcpy(), +OPENSSL_strlcat() and OPENSSL_strnlen() are equivalents of the common C +library functions and are provided for portability.

    +

    If no allocations have been done, it is possible to "swap out" the default +implementations for OPENSSL_malloc(), OPENSSL_realloc() and OPENSSL_free() +and replace them with alternate versions. +CRYPTO_get_mem_functions() function fills in the given arguments with the +function pointers for the current implementations. +With CRYPTO_set_mem_functions(), you can specify a different set of functions. +If any of malloc_fn, realloc_fn, or free_fn are NULL, then +the function is not changed. +While it's permitted to swap out only a few and not all the functions +with CRYPTO_set_mem_functions(), it's recommended to swap them all out +at once.

    +

    If the library is built with the crypto-mdebug option, then one +function, CRYPTO_get_alloc_counts(), and two additional environment +variables, OPENSSL_MALLOC_FAILURES and OPENSSL_MALLOC_FD, +are available.

    +

    The function CRYPTO_get_alloc_counts() fills in the number of times +each of CRYPTO_malloc(), CRYPTO_realloc(), and CRYPTO_free() have been +called, into the values pointed to by mcount, rcount, and fcount, +respectively. If a pointer is NULL, then the corresponding count is not stored.

    +

    The variable +OPENSSL_MALLOC_FAILURES controls how often allocations should fail. +It is a set of fields separated by semicolons, which each field is a count +(defaulting to zero) and an optional atsign and percentage (defaulting +to 100). If the count is zero, then it lasts forever. For example, +100;@25 or 100@0;0@25 means the first 100 allocations pass, then all +other allocations (until the program exits or crashes) have a 25% chance of +failing.

    +

    If the variable OPENSSL_MALLOC_FD is parsed as a positive integer, then +it is taken as an open file descriptor, and a record of all allocations is +written to that descriptor. If an allocation will fail, and the platform +supports it, then a backtrace will be written to the descriptor. This can +be useful because a malloc may fail but not be checked, and problems will +only occur later. The following example in classic shell syntax shows how +to use this (will not work on all platforms):

    +
    +  OPENSSL_MALLOC_FAILURES='200;@10'
+  export OPENSSL_MALLOC_FAILURES
+  OPENSSL_MALLOC_FD=3
+  export OPENSSL_MALLOC_FD
+  ...app invocation... 3>/tmp/log$$
    +

    +

    +
    +

    RETURN VALUES

    +

    OPENSSL_malloc_init(), OPENSSL_free(), OPENSSL_clear_free() +CRYPTO_free(), CRYPTO_clear_free() and CRYPTO_get_mem_functions() +return no value.

    +

    OPENSSL_malloc(), OPENSSL_zalloc(), OPENSSL_realloc(), +OPENSSL_clear_realloc(), +CRYPTO_malloc(), CRYPTO_zalloc(), CRYPTO_realloc(), +CRYPTO_clear_realloc(), +OPENSSL_strdup(), and OPENSSL_strndup() +return a pointer to allocated memory or NULL on error.

    +

    CRYPTO_set_mem_functions() returns 1 on success or 0 on failure (almost +always because allocations have already happened).

    +

    CRYPTO_mem_leaks(), CRYPTO_mem_leaks_fp(), CRYPTO_mem_leaks_cb(), +CRYPTO_set_mem_debug(), and CRYPTO_mem_ctrl() are deprecated and return -1. +OPENSSL_mem_debug_push(), OPENSSL_mem_debug_pop(), +CRYPTO_mem_debug_push(), and CRYPTO_mem_debug_pop() +are deprecated and return 0.

    +

    +

    +
    +

    HISTORY

    +

    OPENSSL_mem_debug_push(), OPENSSL_mem_debug_pop(), +CRYPTO_mem_debug_push(), CRYPTO_mem_debug_pop(), +CRYPTO_mem_leaks(), CRYPTO_mem_leaks_fp(), +CRYPTO_mem_leaks_cb(), CRYPTO_set_mem_debug(), CRYPTO_mem_ctrl() +were deprecated in OpenSSL 3.0. +The memory-leak checking has been deprecated in OpenSSL 3.0 in favor of +clang's memory and leak sanitizer.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/OPENSSL_s390xcap.html b/linux_amd64/ssl/share/doc/openssl/html/man3/OPENSSL_s390xcap.html new file mode 100755 index 0000000..6e6bae2 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/OPENSSL_s390xcap.html @@ -0,0 +1,232 @@ + + + + +OPENSSL_s390xcap + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OPENSSL_s390xcap - the IBM z processor capabilities vector

    +

    +

    +
    +

    SYNOPSIS

    +
    + env OPENSSL_s390xcap=... <application>
    +

    +

    +
    +

    DESCRIPTION

    +

    libcrypto supports z/Architecture instruction set extensions. These +extensions are denoted by individual bits in the capabilities vector. +When libcrypto is initialized, the bits returned by the STFLE instruction +and by the QUERY functions are stored in the vector.

    +

    To change the set of instructions available to an application, you can +set the OPENSSL_s390xcap environment variable before you start the +application. After initialization, the capability vector is ANDed bitwise +with a mask which is derived from the environment variable.

    +

    The environment variable is a semicolon-separated list of tokens which is +processed from left to right (whitespace is ignored):

    +
    + OPENSSL_s390xcap="<tok1>;<tok2>;..."
    +

    There are three types of tokens:

    +
    +
    <string>
    + +
    +

    The name of a processor generation. A bit in the environment variable's +mask is set to one if and only if the specified processor generation +implements the corresponding instruction set extension. Possible values +are z900, z990, z9, z10, z196, zEC12, z13, z14 +and z15.

    +
    +
    <string>:<mask>:<mask>
    + +
    +

    The name of an instruction followed by two 64-bit masks. The part of the +environment variable's mask corresponding to the specified instruction is +set to the specified 128-bit mask. Possible values are kimd, klmd, +km, kmc, kmac, kmctr, kmo, kmf, prno, kma, pcc +and kdsa.

    +
    +
    stfle:<mask>:<mask>:<mask>
    + +
    +

    Store-facility-list-extended (stfle) followed by three 64-bit masks. The +part of the environment variable's mask corresponding to the stfle +instruction is set to the specified 192-bit mask.

    +
    +
    +

    The 64-bit masks are specified in hexadecimal notation. The 0x prefix is +optional. Prefix a mask with a tilde, ~, to denote a bitwise NOT operation.

    +

    The following is a list of significant bits for each instruction. Colon +rows separate the individual 64-bit masks. The bit numbers in the first +column are consistent with [1], that is, 0 denotes the leftmost bit and +the numbering is continuous across 64-bit mask boundaries.

    +
    +      Bit     Mask     Facility/Function
    +
    + stfle:
+      # 17    1<<46    message-security assist
+      # 25    1<<38    store-clock-fast facility
+      :
+      # 76    1<<51    message-security assist extension 3
+      # 77    1<<50    message-security assist extension 4
+      :
+      #129    1<<62    vector facility
+      #134    1<<57    vector packed decimal facility
+      #135    1<<56    vector enhancements facility 1
+      #146    1<<45    message-security assist extension 8
+      #155    1<<36    message-security assist extension 9
    +
    + kimd :
+      #  1    1<<62    KIMD-SHA-1
+      #  2    1<<61    KIMD-SHA-256
+      #  3    1<<60    KIMD-SHA-512
+      # 32    1<<31    KIMD-SHA3-224
+      # 33    1<<30    KIMD-SHA3-256
+      # 34    1<<29    KIMD-SHA3-384
+      # 35    1<<28    KIMD-SHA3-512
+      # 36    1<<27    KIMD-SHAKE-128
+      # 37    1<<26    KIMD-SHAKE-256
+      :
+      # 65    1<<62    KIMD-GHASH
    +
    + klmd :
+      # 32    1<<31    KLMD-SHA3-224
+      # 33    1<<30    KLMD-SHA3-256
+      # 34    1<<29    KLMD-SHA3-384
+      # 35    1<<28    KLMD-SHA3-512
+      # 36    1<<27    KLMD-SHAKE-128
+      # 37    1<<26    KLMD-SHAKE-256
+      :
    +
    + km   :
+      # 18    1<<45    KM-AES-128
+      # 19    1<<44    KM-AES-192
+      # 20    1<<43    KM-AES-256
+      # 50    1<<13    KM-XTS-AES-128
+      # 52    1<<11    KM-XTS-AES-256
+      :
    +
    + kmc  :
+      # 18    1<<45    KMC-AES-128
+      # 19    1<<44    KMC-AES-192
+      # 20    1<<43    KMC-AES-256
+      :
    +
    + kmac :
+      # 18    1<<45    KMAC-AES-128
+      # 19    1<<44    KMAC-AES-192
+      # 20    1<<43    KMAC-AES-256
+      :
    +
    + kmctr:
+      :
    +
    + kmo  :
+      # 18    1<<45    KMO-AES-128
+      # 19    1<<44    KMO-AES-192
+      # 20    1<<43    KMO-AES-256
+      :
    +
    + kmf  :
+      # 18    1<<45    KMF-AES-128
+      # 19    1<<44    KMF-AES-192
+      # 20    1<<43    KMF-AES-256
+      :
    +
    + prno :
+      :
    +
    + kma  :
+      # 18    1<<45    KMA-GCM-AES-128
+      # 19    1<<44    KMA-GCM-AES-192
+      # 20    1<<43    KMA-GCM-AES-256
+      :
    +
    + pcc  :
+      :
+      # 64    1<<63    PCC-Scalar-Multiply-P256
+      # 65    1<<62    PCC-Scalar-Multiply-P384
+      # 66    1<<61    PCC-Scalar-Multiply-P521
+      # 72    1<<55    PCC-Scalar-Multiply-Ed25519
+      # 73    1<<54    PCC-Scalar-Multiply-Ed448
+      # 80    1<<47    PCC-Scalar-Multiply-X25519
+      # 81    1<<46    PCC-Scalar-Multiply-X448
    +
    + kdsa :
+      #  1    1<<62    KDSA-ECDSA-Verify-P256
+      #  2    1<<61    KDSA-ECDSA-Verify-P384
+      #  3    1<<60    KDSA-ECDSA-Verify-P521
+      #  9    1<<54    KDSA-ECDSA-Sign-P256
+      # 10    1<<53    KDSA-ECDSA-Sign-P384
+      # 11    1<<52    KDSA-ECDSA-Sign-P521
+      # 32    1<<31    KDSA-EdDSA-Verify-Ed25519
+      # 36    1<<27    KDSA-EdDSA-Verify-Ed448
+      # 40    1<<23    KDSA-EdDSA-Sign-Ed25519
+      # 44    1<<19    KDSA-EdDSA-Sign-Ed448
+      :
    +

    +

    +
    +

    RETURN VALUES

    +

    Not available.

    +

    +

    +
    +

    EXAMPLES

    +

    Disables all instruction set extensions which the z196 processor does not implement:

    +
    + OPENSSL_s390xcap="z196"
    +

    Disables the vector facility:

    +
    + OPENSSL_s390xcap="stfle:~0:~0:~0x4000000000000000"
    +

    Disables the KM-XTS-AES and and the KIMD-SHAKE function codes:

    +
    + OPENSSL_s390xcap="km:~0x2800:~0;kimd:~0xc000000:~0"
    +

    +

    +
    +

    SEE ALSO

    +

    [1] z/Architecture Principles of Operation, SA22-7832-12

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/OPENSSL_secure_malloc.html b/linux_amd64/ssl/share/doc/openssl/html/man3/OPENSSL_secure_malloc.html new file mode 100755 index 0000000..26bbe55 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/OPENSSL_secure_malloc.html @@ -0,0 +1,165 @@ + + + + +OPENSSL_secure_malloc + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    CRYPTO_secure_malloc_init, CRYPTO_secure_malloc_initialized, +CRYPTO_secure_malloc_done, OPENSSL_secure_malloc, CRYPTO_secure_malloc, +OPENSSL_secure_zalloc, CRYPTO_secure_zalloc, OPENSSL_secure_free, +CRYPTO_secure_free, OPENSSL_secure_clear_free, +CRYPTO_secure_clear_free, OPENSSL_secure_actual_size, +CRYPTO_secure_allocated, +CRYPTO_secure_used - secure heap storage

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/crypto.h>
    +
    + int CRYPTO_secure_malloc_init(size_t size, size_t minsize);
    +
    + int CRYPTO_secure_malloc_initialized();
    +
    + int CRYPTO_secure_malloc_done();
    +
    + void *OPENSSL_secure_malloc(size_t num);
+ void *CRYPTO_secure_malloc(size_t num, const char *file, int line);
    +
    + void *OPENSSL_secure_zalloc(size_t num);
+ void *CRYPTO_secure_zalloc(size_t num, const char *file, int line);
    +
    + void OPENSSL_secure_free(void* ptr);
+ void CRYPTO_secure_free(void *ptr, const char *, int);
    +
    + void OPENSSL_secure_clear_free(void* ptr, size_t num);
+ void CRYPTO_secure_clear_free(void *ptr, size_t num, const char *, int);
    +
    + size_t OPENSSL_secure_actual_size(const void *ptr);
    +
    + int CRYPTO_secure_allocated(const void *ptr);
+ size_t CRYPTO_secure_used();
    +

    +

    +
    +

    DESCRIPTION

    +

    In order to help protect applications (particularly long-running servers) +from pointer overruns or underruns that could return arbitrary data from +the program's dynamic memory area, where keys and other sensitive +information might be stored, OpenSSL supports the concept of a "secure heap." +The level and type of security guarantees depend on the operating system. +It is a good idea to review the code and see if it addresses your +threat model and concerns.

    +

    If a secure heap is used, then private key BIGNUM values are stored there. +This protects long-term storage of private keys, but will not necessarily +put all intermediate values and computations there.

    +

    CRYPTO_secure_malloc_init() creates the secure heap, with the specified +size in bytes. The minsize parameter is the minimum size to +allocate from the heap or zero to use a reasonable default value. +Both size and, if specified, minsize must be a power of two and +minsize should generally be small, for example 16 or 32. +minsize must be less than a quarter of size in any case.

    +

    CRYPTO_secure_malloc_initialized() indicates whether or not the secure +heap as been initialized and is available.

    +

    CRYPTO_secure_malloc_done() releases the heap and makes the memory unavailable +to the process if all secure memory has been freed. +It can take noticeably long to complete.

    +

    OPENSSL_secure_malloc() allocates num bytes from the heap. +If CRYPTO_secure_malloc_init() is not called, this is equivalent to +calling OPENSSL_malloc(). +It is a macro that expands to +CRYPTO_secure_malloc() and adds the __FILE__ and __LINE__ parameters.

    +

    OPENSSL_secure_zalloc() and CRYPTO_secure_zalloc() are like +OPENSSL_secure_malloc() and CRYPTO_secure_malloc(), respectively, +except that they call memset() to zero the memory before returning.

    +

    OPENSSL_secure_free() releases the memory at ptr back to the heap. +It must be called with a value previously obtained from +OPENSSL_secure_malloc(). +If CRYPTO_secure_malloc_init() is not called, this is equivalent to +calling OPENSSL_free(). +It exists for consistency with OPENSSL_secure_malloc() , and +is a macro that expands to CRYPTO_secure_free() and adds the __FILE__ +and __LINE__ parameters..

    +

    OPENSSL_secure_clear_free() is similar to OPENSSL_secure_free() except +that it has an additional num parameter which is used to clear +the memory if it was not allocated from the secure heap. +If CRYPTO_secure_malloc_init() is not called, this is equivalent to +calling OPENSSL_clear_free().

    +

    OPENSSL_secure_actual_size() tells the actual size allocated to the +pointer; implementations may allocate more space than initially +requested, in order to "round up" and reduce secure heap fragmentation.

    +

    OPENSSL_secure_allocated() tells if a pointer is allocated in the secure heap.

    +

    CRYPTO_secure_used() returns the number of bytes allocated in the +secure heap.

    +

    +

    +
    +

    RETURN VALUES

    +

    CRYPTO_secure_malloc_init() returns 0 on failure, 1 if successful, +and 2 if successful but the heap could not be protected by memory +mapping.

    +

    CRYPTO_secure_malloc_initialized() returns 1 if the secure heap is +available (that is, if CRYPTO_secure_malloc_init() has been called, +but CRYPTO_secure_malloc_done() has not been called or failed) or 0 if not.

    +

    OPENSSL_secure_malloc() and OPENSSL_secure_zalloc() return a pointer into +the secure heap of the requested size, or NULL if memory could not be +allocated.

    +

    CRYPTO_secure_allocated() returns 1 if the pointer is in the secure heap, or 0 if not.

    +

    CRYPTO_secure_malloc_done() returns 1 if the secure memory area is released, or 0 if not.

    +

    OPENSSL_secure_free() and OPENSSL_secure_clear_free() return no values.

    +

    +

    +
    +

    SEE ALSO

    +

    OPENSSL_malloc(3), +BN_new(3)

    +

    +

    +
    +

    HISTORY

    +

    The OPENSSL_secure_clear_free() function was added in OpenSSL 1.1.0g.

    +

    The second argument to CRYPTO_secure_malloc_init() was changed from an int to +a size_t in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_CMP_CTX_new.html b/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_CMP_CTX_new.html new file mode 100755 index 0000000..aeb36cc --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_CMP_CTX_new.html @@ -0,0 +1,664 @@ + + + + +OSSL_CMP_CTX_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OSSL_CMP_CTX_new, +OSSL_CMP_CTX_free, +OSSL_CMP_CTX_reinit, +OSSL_CMP_CTX_set_option, +OSSL_CMP_CTX_get_option, +OSSL_CMP_CTX_set_log_cb, +OSSL_CMP_CTX_set_log_verbosity, +OSSL_CMP_CTX_print_errors, +OSSL_CMP_CTX_set1_serverPath, +OSSL_CMP_CTX_set1_serverName, +OSSL_CMP_CTX_set_serverPort, +OSSL_CMP_CTX_set1_proxyName, +OSSL_CMP_CTX_set_proxyPort, +OSSL_CMP_DEFAULT_PORT, +OSSL_CMP_CTX_set_http_cb, +OSSL_CMP_CTX_set_http_cb_arg, +OSSL_CMP_CTX_get_http_cb_arg, +OSSL_cmp_transfer_cb_t, +OSSL_CMP_CTX_set_transfer_cb, +OSSL_CMP_CTX_set_transfer_cb_arg, +OSSL_CMP_CTX_get_transfer_cb_arg, +OSSL_CMP_CTX_set1_srvCert, +OSSL_CMP_CTX_set1_expected_sender, +OSSL_CMP_CTX_set0_trustedStore, +OSSL_CMP_CTX_get0_trustedStore, +OSSL_CMP_CTX_set1_untrusted_certs, +OSSL_CMP_CTX_get0_untrusted_certs, +OSSL_CMP_CTX_set1_clCert, +OSSL_CMP_CTX_set1_pkey, +OSSL_CMP_CTX_set1_referenceValue, +OSSL_CMP_CTX_set1_secretValue, +OSSL_CMP_CTX_set1_recipient, +OSSL_CMP_CTX_push0_geninfo_ITAV, +OSSL_CMP_CTX_set1_extraCertsOut, +OSSL_CMP_CTX_set0_newPkey, +OSSL_CMP_CTX_get0_newPkey, +OSSL_CMP_CTX_set1_issuer, +OSSL_CMP_CTX_set1_subjectName, +OSSL_CMP_CTX_push1_subjectAltName, +OSSL_CMP_CTX_set0_reqExtensions, +OSSL_CMP_CTX_reqExtensions_have_SAN, +OSSL_CMP_CTX_push0_policy, +OSSL_CMP_CTX_set1_oldCert, +OSSL_CMP_CTX_set1_p10CSR, +OSSL_CMP_CTX_push0_genm_ITAV, +OSSL_cmp_certConf_cb_t, +OSSL_CMP_CTX_set_certConf_cb, +OSSL_CMP_CTX_set_certConf_cb_arg, +OSSL_CMP_CTX_get_certConf_cb_arg, +OSSL_CMP_CTX_get_status, +OSSL_CMP_CTX_get0_statusString, +OSSL_CMP_CTX_get_failInfoCode, +OSSL_CMP_CTX_get0_newCert, +OSSL_CMP_CTX_get1_caPubs, +OSSL_CMP_CTX_get1_extraCertsIn, +OSSL_CMP_CTX_set1_transactionID, +OSSL_CMP_CTX_set1_senderNonce +- functions for managing the CMP client context data structure

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/cmp.h>
    +
    + OSSL_CMP_CTX *OSSL_CMP_CTX_new(void);
+ void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx);
+ int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx);
+ int OSSL_CMP_CTX_set_option(OSSL_CMP_CTX *ctx, int opt, int val);
+ int OSSL_CMP_CTX_get_option(const OSSL_CMP_CTX *ctx, int opt);
    +
    + /* logging and error reporting: */
+ int OSSL_CMP_CTX_set_log_cb(OSSL_CMP_CTX *ctx, OSSL_cmp_log_cb_t cb);
+ #define OSSL_CMP_CTX_set_log_verbosity(ctx, level)
+ void OSSL_CMP_CTX_print_errors(OSSL_CMP_CTX *ctx);
    +
    + /* message transfer: */
+ int OSSL_CMP_CTX_set1_serverPath(OSSL_CMP_CTX *ctx, const char *path);
+ int OSSL_CMP_CTX_set1_serverName(OSSL_CMP_CTX *ctx, const char *name);
+ int OSSL_CMP_CTX_set_serverPort(OSSL_CMP_CTX *ctx, int port);
+ int OSSL_CMP_CTX_set1_proxyName(OSSL_CMP_CTX *ctx, const char *name);
+ int OSSL_CMP_CTX_set_proxyPort(OSSL_CMP_CTX *ctx, int port);
+ #define OSSL_CMP_DEFAULT_PORT 80
+ int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, HTTP_bio_cb_t cb);
+ int OSSL_CMP_CTX_set_http_cb_arg(OSSL_CMP_CTX *ctx, void *arg);
+ void *OSSL_CMP_CTX_get_http_cb_arg(const OSSL_CMP_CTX *ctx);
+ typedef OSSL_CMP_MSG *(*OSSL_cmp_transfer_cb_t)(OSSL_CMP_CTX *ctx,
+                                                 const OSSL_CMP_MSG *req);
+ int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX *ctx,
+                                  OSSL_cmp_transfer_cb_t cb);
+ int OSSL_CMP_CTX_set_transfer_cb_arg(OSSL_CMP_CTX *ctx, void *arg);
+ void *OSSL_CMP_CTX_get_transfer_cb_arg(const OSSL_CMP_CTX *ctx);
    +
    + /* server authentication: */
+ int OSSL_CMP_CTX_set1_srvCert(OSSL_CMP_CTX *ctx, X509 *cert);
+ int OSSL_CMP_CTX_set1_expected_sender(OSSL_CMP_CTX *ctx,
+                                      const X509_NAME *name);
+ int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX *ctx, X509_STORE *store);
+ X509_STORE *OSSL_CMP_CTX_get0_trustedStore(const OSSL_CMP_CTX *ctx);
+ int OSSL_CMP_CTX_set1_untrusted_certs(OSSL_CMP_CTX *ctx,
+                                       STACK_OF(X509) *certs);
+ STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted_certs(const OSSL_CMP_CTX *ctx);
    +
    + /* client authentication: */
+ int OSSL_CMP_CTX_set1_clCert(OSSL_CMP_CTX *ctx, X509 *cert);
+ int OSSL_CMP_CTX_set1_pkey(OSSL_CMP_CTX *ctx, EVP_PKEY *pkey);
+ int OSSL_CMP_CTX_set1_referenceValue(OSSL_CMP_CTX *ctx,
+                                      const unsigned char *ref, int len);
+ int OSSL_CMP_CTX_set1_secretValue(OSSL_CMP_CTX *ctx, const unsigned char *sec,
+                                   const int len);
    +
    + /* CMP message header and extra certificates: */
+ int OSSL_CMP_CTX_set1_recipient(OSSL_CMP_CTX *ctx, const X509_NAME *name);
+ int OSSL_CMP_CTX_push0_geninfo_ITAV(OSSL_CMP_CTX *ctx, OSSL_CMP_ITAV *itav);
+ int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx,
+                                     STACK_OF(X509) *extraCertsOut);
    +
    + /* certificate template: */
+ int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey);
+ EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv);
+ int OSSL_CMP_CTX_set1_issuer(OSSL_CMP_CTX *ctx, const X509_NAME *name);
+ int OSSL_CMP_CTX_set1_subjectName(OSSL_CMP_CTX *ctx, const X509_NAME *name);
+ int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx,
+                                       const GENERAL_NAME *name);
+ int OSSL_CMP_CTX_set0_reqExtensions(OSSL_CMP_CTX *ctx, X509_EXTENSIONS *exts);
+ int OSSL_CMP_CTX_reqExtensions_have_SAN(OSSL_CMP_CTX *ctx);
+ int OSSL_CMP_CTX_push0_policy(OSSL_CMP_CTX *ctx, POLICYINFO *pinfo);
+ int OSSL_CMP_CTX_set1_oldCert(OSSL_CMP_CTX *ctx, X509 *cert);
+ int OSSL_CMP_CTX_set1_p10CSR(OSSL_CMP_CTX *ctx, const X509_REQ *csr);
    +
    + /* misc body contents: */
+ int OSSL_CMP_CTX_push0_genm_ITAV(OSSL_CMP_CTX *ctx, OSSL_CMP_ITAV *itav);
    +
    + /* certificate confirmation: */
+ typedef int (*OSSL_cmp_certConf_cb_t)(OSSL_CMP_CTX *ctx, X509 *cert,
+                                       int fail_info, const char **txt);
+ int OSSL_CMP_CTX_set_certConf_cb(OSSL_CMP_CTX *ctx, OSSL_cmp_certConf_cb_t cb);
+ int OSSL_CMP_CTX_set_certConf_cb_arg(OSSL_CMP_CTX *ctx, void *arg);
+ void *OSSL_CMP_CTX_get_certConf_cb_arg(const OSSL_CMP_CTX *ctx);
    +
    + /* result fetching: */
+ int OSSL_CMP_CTX_get_status(const OSSL_CMP_CTX *ctx);
+ OSSL_CMP_PKIFREETEXT *OSSL_CMP_CTX_get0_statusString(const OSSL_CMP_CTX *ctx);
+ int OSSL_CMP_CTX_get_failInfoCode(const OSSL_CMP_CTX *ctx);
    +
    + X509 *OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX *ctx);
+ STACK_OF(X509) *OSSL_CMP_CTX_get1_caPubs(const OSSL_CMP_CTX *ctx);
+ STACK_OF(X509) *OSSL_CMP_CTX_get1_extraCertsIn(const OSSL_CMP_CTX *ctx);
    +
    + /* for test purposes only: */
+ int OSSL_CMP_CTX_set1_transactionID(OSSL_CMP_CTX *ctx,
+                                     const ASN1_OCTET_STRING *id);
+ int OSSL_CMP_CTX_set1_senderNonce(OSSL_CMP_CTX *ctx,
+                                   const ASN1_OCTET_STRING *nonce);
    +

    +

    +
    +

    DESCRIPTION

    +

    This is the context API for using CMP (Certificate Management Protocol) with +OpenSSL.

    +

    OSSL_CMP_CTX_new() allocates and initializes an OSSL_CMP_CTX structure to +default values, e.g., proof-of-possession method is set to POPOSigningKey.

    +

    OSSL_CMP_CTX_free() deallocates an OSSL_CMP_CTX structure.

    +

    OSSL_CMP_CTX_reinit() prepares the given ctx for a further transaction by +clearing the internal CMP transaction (aka session) status, PKIStatusInfo, +and any previous results (newCert, caPubs, and extraCertsIn) +from the last executed transaction. +All other field values (i.e., CMP options) are retained for potential re-use.

    +

    OSSL_CMP_CTX_set_option() sets the given value for the given option +(e.g., OSSL_CMP_OPT_IMPLICITCONFIRM) in the given OSSL_CMP_CTX structure.

    +

    The following options can be set:

    +
    +
    OSSL_CMP_OPT_LOG_VERBOSITY
    + +
    +
    +        The level of severity needed for actually outputting log messages
+        due to errors, warnings, general info, debugging, etc.
+        Default is OSSL_CMP_LOG_INFO. See also L<OSSL_CMP_log_open(3)>.
    +
    +
    OSSL_CMP_OPT_MSGTIMEOUT
    + +
    +
    +        Number of seconds (or 0 for infinite) a CMP message round trip is
+        allowed to take before a timeout error is returned. Default is 120.
    +
    +
    OSSL_CMP_OPT_TOTALTIMEOUT
    + +
    +
    +        Maximum total number of seconds an enrollment (including polling)
+        may take. Default is 0 (infinite).
    +
    +
    OSSL_CMP_OPT_VALIDITYDAYS
    + +
    +
    +        Number of days new certificates are asked to be valid for.
    +
    +
    OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT
    + +
    +
    +        Do not take default Subject Alternative Names
+        from the reference certificate.
    +
    +
    OSSL_CMP_OPT_SUBJECTALTNAME_CRITICAL
    + +
    +
    +        Demand that the given Subject Alternative Names are flagged as critical.
    +
    +
    OSSL_CMP_OPT_POLICIES_CRITICAL
    + +
    +
    +        Demand that the given policies are flagged as critical.
    +
    +
    OSSL_CMP_OPT_POPOMETHOD
    + +
    +
    +        Select the proof of possession method to use. Possible values are:
    +
    +            OSSL_CRMF_POPO_NONE       - ProofOfPossession field omitted
+            OSSL_CRMF_POPO_RAVERIFIED - assert that the RA has already
+                                        verified the PoPo
+            OSSL_CRMF_POPO_SIGNATURE  - sign a value with private key,
+                                        which is the default.
+            OSSL_CRMF_POPO_KEYENC     - decrypt the encrypted certificate
+                                        ("indirect method")
    +
    +        Note that a signature-based POPO can only be produced if a private key
+        is provided as the newPkey or client pkey component of the CMP context.
    +
    +
    OSSL_CMP_OPT_DIGEST_ALGNID
    + +
    +
    +        The digest algorithm NID to be used in RFC 4210's MSG_SIG_ALG,
+        if applicable used for message protection and Proof-of-Possession.
+        Default is SHA256.
    +
    +    OSSL_CMP_OPT_OWF_ALGNID
+        The digest algorithm NID to be used as one-way function (OWF)
+        in RFC 4210's MSG_MAC_ALG, if applicable used for message protection.
+        Default is SHA256.
    +
    +    OSSL_CMP_OPT_MAC_ALGNID
+        The MAC algorithm NID to be used in RFC 4210's MSG_MAC_ALG,
+        if applicable used for message protection. 
+        Default is HMAC-SHA1 as per RFC 4210.
    +
    +
    OSSL_CMP_OPT_REVOCATION_REASON
    + +
    +
    +        The reason code to be included in a Revocation Request (RR);
+        values: 0..10 (RFC 5210, 5.3.1) or -1 for none, which is the default.
    +
    +
    OSSL_CMP_OPT_IMPLICITCONFIRM
    + +
    +
    +        Request server to enable implicit confirm mode, where the client
+        does not need to send confirmation upon receiving the
+        certificate. If the server does not enable implicit confirmation
+        in the return message, then confirmation is sent anyway.
    +
    +
    OSSL_CMP_OPT_DISABLECONFIRM
    + +
    +
    +        Do not confirm enrolled certificates, to cope with broken servers
+        not supporting implicit confirmation correctly.
+B<WARNING:> This setting leads to unspecified behavior and it is meant
+exclusively to allow interoperability with server implementations violating
+RFC 4210.
    +
    +
    OSSL_CMP_OPT_UNPROTECTED_SEND
    + +
    +
    +        Send messages without CMP-level protection.
    +
    +
    OSSL_CMP_OPT_UNPROTECTED_ERRORS
    + +
    +
    +        Accept unprotected error responses which are either explicitly
+        unprotected or where protection verification failed. Applies to regular
+        error messages as well as certificate responses (IP/CP/KUP) and
+        revocation responses (RP) with rejection.
+B<WARNING:> This setting leads to unspecified behavior and it is meant
+exclusively to allow interoperability with server implementations violating
+RFC 4210.
    +
    +
    OSSL_CMP_OPT_IGNORE_KEYUSAGE
    + +
    +
    +        Ignore key usage restrictions in signer certificate when
+        validating signature-based protection in received CMP messages.
+        Else, 'digitalSignature' must be allowed by CMP signer certificates.
    +
    +
    OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR
    + +
    +
    +        Allow retrieving a trust anchor from extraCerts and using that
+        to validate the certificate chain of an IP message.
    +
    +
    +

    OSSL_CMP_CTX_get_option() reads the current value of the given option +(e.g., OSSL_CMP_OPT_IMPLICITCONFIRM) from the given OSSL_CMP_CTX structure.

    +

    OSSL_CMP_CTX_set_log_cb() sets in ctx the callback function cb +for handling error queue entries and logging messages. +When cb is NULL errors are printed to STDERR (if available, else ignored) +any log messages are ignored. +Alternatively, OSSL_CMP_log_open(3) may be used to direct logging to STDOUT.

    +

    OSSL_CMP_CTX_set_log_verbosity() is a macro setting the +OSSL_CMP_OPT_LOG_VERBOSITY context option to the given level.

    +

    OSSL_CMP_CTX_print_errors() outputs any entries in the OpenSSL error queue. +It is similar to ERR_print_errors_cb() but uses the CMP log callback function +if set in the ctx for uniformity with CMP logging if given. Otherwise it uses +ERR_print_errors(3) to print to STDERR (unless OPENSSL_NO_STDIO is defined).

    +

    OSSL_CMP_CTX_set1_serverPath() sets the HTTP path of the CMP server on the host.

    +

    OSSL_CMP_CTX_set1_serverName() sets the given server Address (as IP or name) +in the given OSSL_CMP_CTX structure.

    +

    OSSL_CMP_CTX_set_serverPort() sets the port of the CMP server to connect to. +Port defaults to OSSL_CMP_DEFAULT_PORT = 80 if not set explicitly.

    +

    OSSL_CMP_CTX_set1_proxyName() sets the hostname of the HTTP proxy to be used +for connecting to the CA server.

    +

    OSSL_CMP_CTX_set_proxyPort() sets the port of the HTTP proxy. +Port defaults to OSSL_CMP_DEFAULT_PORT = 80 if not set explicitly.

    +

    OSSL_CMP_CTX_set_http_cb() sets the optional BIO connect/disconnect callback +function, which has the prototype

    +
    + typedef BIO *(*HTTP_bio_cb_t) (BIO *bio, void *ctx, int connect, int detail);
    +

    The callback may modify the BIO bio provided by OSSL_CMP_MSG_http_perform(), +whereby it may make use of a custom defined argument ctx +stored in the OSSL_CMP_CTX by means of OSSL_CMP_CTX_set_http_cb_arg(). +During connection establishment, just after calling BIO_connect_retry(), +the function is invoked with the connect argument being 1 and the detail +argument being 1 if HTTPS is requested, i.e., SSL/TLS should be enabled. On +disconnect connect is 0 and detail is 1 in case no error occurred, else 0. +For instance, on connect the function may prepend a TLS BIO to implement HTTPS; +after disconnect it may do some diagnostic output and/or specific cleanup. +The function should return NULL to indicate failure. +After disconnect the modified BIO will be deallocated using BIO_free_all().

    +

    OSSL_CMP_CTX_set_http_cb_arg() sets an argument, respectively a pointer to +a structure containing arguments, +optionally to be used by the http connect/disconnect callback function. +arg is not consumed, and it must therefore explicitly be freed when not +needed any more. arg may be NULL to clear the entry.

    +

    OSSL_CMP_CTX_get_http_cb_arg() gets the argument, respectively the pointer to a +structure containing arguments, previously set by +OSSL_CMP_CTX_set_http_cb_arg() or NULL if unset.

    +

    OSSL_CMP_CTX_set_transfer_cb() sets the message transfer callback function, +which has the type

    +
    + typedef OSSL_CMP_MSG *(*OSSL_cmp_transfer_cb_t) (OSSL_CMP_CTX *ctx,
+                                                  const OSSL_CMP_MSG *req);
    +

    Returns 1 on success, 0 on error.

    +

    Default is NULL, which implies the use of OSSL_CMP_MSG_http_perform(3). +The callback should send the CMP request message it obtains via the req +parameter and on success return the response. +The transfer callback may make use of a custom defined argument stored in +the ctx by means of OSSL_CMP_CTX_set_transfer_cb_arg(), which may be retrieved +again through OSSL_CMP_CTX_get_transfer_cb_arg().

    +

    OSSL_CMP_CTX_set_transfer_cb_arg() sets an argument, respectively a pointer to a +structure containing arguments, optionally to be used by the transfer callback. +arg is not consumed, and it must therefore explicitly be freed when not +needed any more. arg may be NULL to clear the entry.

    +

    OSSL_CMP_CTX_get_transfer_cb_arg() gets the argument, respectively the pointer +to a structure containing arguments, previously set by +OSSL_CMP_CTX_set_transfer_cb_arg() or NULL if unset.

    +

    OSSL_CMP_CTX_set1_srvCert() pins the server certificate to be directly trusted +(even if it is expired) for verifying response messages. +The cert pointer is not consumed. It may be NULL to clear the entry.

    +

    OSSL_CMP_CTX_set1_expected_sender() sets the Distinguished Name (DN) expected to +be given in the sender response for messages protected with MSG_SIG_ALG. This +may be used to enforce that during validation of received messages the given DN +matches the sender field of the PKIMessage header, which in turn is used to +identify the server certificate. +This can be used to ensure that only a particular entity is accepted to act as +CMP server, and attackers are not able to use arbitrary certificates of a +trusted PKI hierarchy to fraudulently pose as server. +This defaults to the subject DN of the certificate set via +OSSL_CMP_CTX_set1_srvCert(), if any.

    +

    OSSL_CMP_CTX_set0_trustedStore() sets the X509_STORE type certificate store +containing trusted (root) CA certificates. The certificate store may also hold +CRLs and a certificate verification callback function used for CMP server +authentication. Any already existing store entry is freed. When given a NULL +parameter the entry is cleared.

    +

    OSSL_CMP_CTX_get0_trustedStore() returns a pointer to the certificate store +containing trusted root CA certificates, which may be empty if unset.

    +

    OSSL_CMP_CTX_set1_untrusted_certs() takes over a list of certificates containing +non-trusted intermediate certs used for path construction in authentication +of the CMP server and potentially others (TLS server, newly enrolled cert). +The reference counts of those certificates handled successfully are increased.

    +

    OSSL_CMP_CTX_get0_untrusted_certs(OSSL_CMP_CTX *ctx) returns a pointer to the +list of untrusted certs, which my be empty if unset.

    +

    OSSL_CMP_CTX_set1_clCert() sets the client certificate in the given +OSSL_CMP_CTX structure. The client certificate will then be used by the +functions to set the "sender" field for outgoing messages and it will be +included in the extraCerts field.

    +

    OSSL_CMP_CTX_set1_pkey() sets the private key corresponding to the client +certificate set with OSSL_CMP_CTX_set1_clCert() in the given CMP context. +Used to create the protection in case of MSG_SIG_ALG.

    +

    OSSL_CMP_CTX_set1_referenceValue() sets the given referenceValue in the given +ctx or clears it if the ref argument is NULL.

    +

    OSSL_CMP_CTX_set1_secretValue() sets the sec with the length len in the +given ctx or clears it if the sec argument is NULL.

    +

    OSSL_CMP_CTX_set1_recipient() sets the recipient name that will be used in the +PKIHeader of a request message, i.e. the X509 name of the (CA) server. +Setting is overruled by subject of srvCert if set. +If neither srvCert nor recipient are set, the recipient of the PKI message is +determined in the following order: issuer, issuer of old cert (oldCert), +issuer of client cert (clCert), else NULL-DN. +When a response is received, its sender must match the recipient of the request.

    +

    OSSL_CMP_CTX_push0_geninfo_ITAV() adds itav to the stack in the ctx to be +added to the GeneralInfo field of the CMP PKIMessage header of a request +message sent with this context. Consumes the pointer to itav.

    +

    OSSL_CMP_CTX_set1_extraCertsOut() sets the stack of extraCerts that will be +sent to remote.

    +

    OSSL_CMP_CTX_set0_newPkey() can be used to explicitly set the given EVP_PKEY +structure as the private or public key to be certified in the CMP context. +The priv parameter must be 0 if and only if the given key is a public key.

    +

    OSSL_CMP_CTX_get0_newPkey() gives the key to use for certificate enrollment +dependent on fields of the CMP context structure: +the newPkey (which may be a private or public key) if present, +else the public key in the p10CSR if present, else the client private key. +If the priv parameter is not 0 and the selected key does not have a +private component then NULL is returned.

    +

    OSSL_CMP_CTX_set1_issuer() sets the name of the intended issuer that +will be set in the CertTemplate, i.e., the X509 name of the CA server.

    +

    OSSL_CMP_CTX_set1_subjectName() sets the subject DN that will be used in +the CertTemplate structure when requesting a new cert. For Key Update Requests +(KUR), it defaults to the subject DN of the reference certificate, +see OSSL_CMP_CTX_set1_oldCert(). This default is used for Initialization +Requests (IR) and Certification Requests (CR) only if no SANs are set.

    +

    If clCert is not set (e.g. in case of IR with MSG_MAC_ALG), the subject DN +is also used as sender of the PKI message.

    +

    OSSL_CMP_CTX_push1_subjectAltName() adds the given X509 name to the list of +alternate names on the certificate template request. This cannot be used if +any Subject Alternative Name extension is set via +OSSL_CMP_CTX_set0_reqExtensions(). +By default, unless OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT has been set, +the Subject Alternative Names are copied from the reference certificate, +see OSSL_CMP_CTX_set1_oldCert().

    +

    If set and the subject DN is not set with OSSL_CMP_CTX_set1_subjectName(), then +the certificate template of an IR and CR will not be filled with the default +subject DN from the reference certificate (see OSSL_CMP_CTX_set1_oldCert(). +If a subject DN is desired it needs to be set explicitly with +OSSL_CMP_CTX_set1_subjectName().

    +

    OSSL_CMP_CTX_set0_reqExtensions() sets the X.509v3 extensions to be used in +IR/CR/KUR.

    +

    OSSL_CMP_CTX_reqExtensions_have_SAN() returns 1 if the context contains +a Subject Alternative Name extension, else 0 or -1 on error.

    +

    OSSL_CMP_CTX_push0_policy() adds the certificate policy info object +to the X509_EXTENSIONS of the requested certificate template.

    +

    OSSL_CMP_CTX_set1_oldCert() sets the old certificate to be updated in +Key Update Requests (KUR) or to be revoked in Revocation Requests (RR). +It must be given for RR, else it defaults to clCert. +The reference certificate determined in this way, if any, is also used for +deriving default subject DN and Subject Alternative Names for IR, CR, and KUR. +Its issuer, if any, is used as default recipient in the CMP message header.

    +

    OSSL_CMP_CTX_set1_p10CSR() sets the PKCS#10 CSR to be used in P10CR.

    +

    OSSL_CMP_CTX_push0_genm_ITAV() adds itav to the stack in the ctx which +will be the body of a General Message sent with this context. +Consumes the pointer to itav.

    +

    OSSL_CMP_CTX_set_certConf_cb() sets the callback used for evaluating the newly +enrolled certificate before the library sends, depending on its result, +a positive or negative certConf message to the server. The callback has type

    +
    + typedef int (*OSSL_cmp_certConf_cb_t) (OSSL_CMP_CTX *ctx, X509 *cert,
+                                        int fail_info, const char **txt);
    +

    and should inspect the certificate it obtains via the cert parameter and may +overrule the pre-decision given in the fail_info and *txt parameters. +If it accepts the certificate it must return 0, indicating success. Else it must +return a bit field reflecting PKIFailureInfo with at least one failure bit and +may set the *txt output parameter to point to a string constant with more +detail. The transfer callback may make use of a custom defined argument stored +in the ctx by means of OSSL_CMP_CTX_set_certConf_cb_arg(), which may be +retrieved again through OSSL_CMP_CTX_get_certConf_cb_arg(). +Typically, the callback will check at least that the certificate can be verified +using a set of trusted certificates. +It also could compare the subject DN and other fields of the newly +enrolled certificate with the certificate template of the request.

    +

    OSSL_CMP_CTX_set_certConf_cb_arg() sets an argument, respectively a pointer to a +structure containing arguments, optionally to be used by the certConf callback. +arg is not consumed, and it must therefore explicitly be freed when not +needed any more. arg may be NULL to clear the entry.

    +

    OSSL_CMP_CTX_get_certConf_cb_arg() gets the argument, respectively the pointer +to a structure containing arguments, previously set by +OSSL_CMP_CTX_set_certConf_cb_arg(), or NULL if unset.

    +

    OSSL_CMP_CTX_get_status() returns the PKIstatus from the last received +CertRepMessage or Revocation Response or error message, or -1 if unset.

    +

    OSSL_CMP_CTX_get0_statusString() returns the statusString from the last received +CertRepMessage or Revocation Response or error message, or NULL if unset.

    +

    OSSL_CMP_CTX_get_failInfoCode() returns the error code from the failInfo field +of the last received CertRepMessage or Revocation Response or error message. +This is a bit field and the flags for it are specified in the header file +<openssl/cmp.h >>. +The flags start with OSSL_CMP_CTX_FAILINFO, for example: +OSSL_CMP_CTX_FAILINFO_badAlg. Returns -1 if the failInfoCode field is unset.

    +

    OSSL_CMP_CTX_get0_newCert() returns the pointer to the newly obtained +certificate in case it is available, else NULL.

    +

    OSSL_CMP_CTX_get1_caPubs() returns a pointer to a duplicate of the stack of +X.509 certificates received in the caPubs field of last received certificate +response message IP/CP/KUP.

    +

    OSSL_CMP_CTX_get1_extraCertsIn() returns a pointer to a duplicate of the stack +of X.509 certificates received in the last received non-empty extraCerts field. +Returns an empty stack if no extraCerts have been received in the current +transaction.

    +

    OSSL_CMP_CTX_set1_transactionID() sets the given transaction ID in the given +OSSL_CMP_CTX structure.

    +

    OSSL_CMP_CTX_set1_senderNonce() stores the last sent sender nonce in +the ctx. This will be used to validate the recipNonce in incoming messages.

    +

    +

    +
    +

    NOTES

    +

    CMP is defined in RFC 4210 (and CRMF in RFC 4211).

    +

    +

    +
    +

    RETURN VALUES

    +

    OSSL_CMP_CTX_free() and OSSL_CMP_CTX_print_errors() do not return anything.

    +

    OSSL_CMP_CTX_new(), +OSSL_CMP_CTX_get_http_cb_arg(), +OSSL_CMP_CTX_get_transfer_cb_arg(), +OSSL_CMP_CTX_get0_trustedStore(), +OSSL_CMP_CTX_get0_untrusted_certs(), +OSSL_CMP_CTX_get0_newPkey(), +OSSL_CMP_CTX_get_certConf_cb_arg(), +OSSL_CMP_CTX_get0_statusString(), +OSSL_CMP_CTX_get0_newCert(), +OSSL_CMP_CTX_get1_caPubs(), and +OSSL_CMP_CTX_get1_extraCertsIn() +return the intended pointer value as described above or NULL on error.

    +

    OSSL_CMP_CTX_get_option(), +OSSL_CMP_CTX_reqExtensions_have_SAN(), +OSSL_CMP_CTX_get_status(), and +OSSL_CMP_CTX_get_failInfoCode() +return the intended value as described above or -1 on error.

    +

    All other functions return 1 on success, 0 on error.

    +

    +

    +
    +

    EXAMPLES

    +

    The following code does an Initialization Request:

    +
    +        cmp_ctx = OSSL_CMP_CTX_new();
+        OSSL_CMP_CTX_set1_serverName(cmp_ctx, opt_serverName);
+        OSSL_CMP_CTX_set1_referenceValue(cmp_ctx, ref, ref_len);
+        OSSL_CMP_CTX_set1_secretValue(cmp_ctx, sec, sec_len);
+        OSSL_CMP_CTX_set0_newPkey(cmp_ctx, new_pkey, 1);
+        OSSL_CMP_CTX_set1_caCert(cmp_ctx, ca_cert);
    +
    +        initialClCert = OSSL_CMP_exec_IR_ses(cmp_ctx);
    +

    The following code does an Initialization Request using an +external identity certificate (RFC 4210, Appendix E.7):

    +
    +        cmp_ctx = OSSL_CMP_CTX_new();
+        OSSL_CMP_CTX_set1_serverName(cmp_ctx, sname);
+        OSSL_CMP_CTX_set1_clCert(cmp_ctx, cl_cert);
+        OSSL_CMP_CTX_set1_pkey(cmp_ctx, pkey);
+        OSSL_CMP_CTX_set0_newPkey(cmp_ctx, new_pkey, 1);
+        OSSL_CMP_CTX_set1_caCert(cmp_ctx, ca_cert);
    +
    +        initialClCert = OSSL_CMP_exec_IR_ses(cmp_ctx);
    +

    Here externalCert is an X509 certificate granted to the EE by another CA +which is trusted by the current CA the code will connect to.

    +

    The following code does a Key Update Request:

    +
    +        cmp_ctx = OSSL_CMP_CTX_new();
+        OSSL_CMP_CTX_set1_serverName(cmp_ctx, sname);
+        OSSL_CMP_CTX_set1_pkey(cmp_ctx, pkey);
+        OSSL_CMP_CTX_set0_newPkey(cmp_ctx, new_pkey, 1);
+        OSSL_CMP_CTX_set1_clCert(cmp_ctx, cl_cert);
+        OSSL_CMP_CTX_set1_caCert(cmp_ctx, ca_cert);
    +
    +        updatedClCert = OSSL_CMP_exec_KUR_ses(cmp_ctx);
    +

    The following code (which omits error handling) sends a General Message +including, as an example, the id-it-signKeyPairTypes OID and prints info on +the General Response contents.

    +
    +    cmp_ctx = OSSL_CMP_CTX_new();
+    OSSL_CMP_CTX_set1_serverName(cmp_ctx, sname);
+    OSSL_CMP_CTX_set1_referenceValue(cmp_ctx, ref, ref_len);
+    OSSL_CMP_CTX_set1_secretValue(cmp_ctx, sec, sec_len);
    +
    +    ASN1_OBJECT *type = OBJ_txt2obj("1.3.6.1.5.5.7.4.2", 1);
+    OSSL_CMP_ITAV *itav = OSSL_CMP_ITAV_new(type, NULL);
+    OSSL_CMP_CTX_push0_genm_ITAV(cmp_ctx, itav);
    +
    +    STACK_OF(OSSL_CMP_ITAV) *itavs;
+    itavs = OSSL_CMP_exec_GENM_ses(cmp_ctx);
+    print_itavs(itavs);
+    sk_OSSL_CMP_ITAV_pop_free(itavs, OSSL_CMP_ITAV_free);
    +

    +

    +
    +

    SEE ALSO

    +

    OSSL_CMP_exec_IR_ses(3), OSSL_CMP_exec_KUR_ses(3), +OSSL_CMP_exec_GENM_ses(3)

    +

    +

    +
    +

    HISTORY

    +

    The OpenSSL CMP support was added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_CMP_CTX_snprint_PKIStatus.html b/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_CMP_CTX_snprint_PKIStatus.html new file mode 100755 index 0000000..086aae4 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_CMP_CTX_snprint_PKIStatus.html @@ -0,0 +1,84 @@ + + + + +OSSL_CMP_CTX_snprint_PKIStatus + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OSSL_CMP_CTX_snprint_PKIStatus +- function(s) for managing the CMP PKIStatus

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/cmp.h>
    +
    + char *OSSL_CMP_CTX_snprint_PKIStatus(OSSL_CMP_CTX *ctx, char *buf, int bufsize);
    +

    +

    +
    +

    DESCRIPTION

    +

    This is the PKIStatus API for using CMP (Certificate Management Protocol) with +OpenSSL.

    +

    OSSL_CMP_CTX_snprint_PKIStatus() takes the PKIStatusInfo components contained +in the given CMP context and places a human-readable string created from them +in the given buffer, with the given maximal length. +On success it returns a copy of the buffer pointer containing the string.

    +

    +

    +
    +

    NOTES

    +

    CMP is defined in RFC 4210 (and CRMF in RFC 4211).

    +

    +

    +
    +

    RETURN VALUES

    +

    OSSL_CMP_CTX_snprint_PKIStatus() +returns the intended pointer value as described above or NULL on error.

    +

    +

    +
    +

    HISTORY

    +

    The OpenSSL CMP support was added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_CMP_HDR_get0_transactionID.html b/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_CMP_HDR_get0_transactionID.html new file mode 100755 index 0000000..9a01779 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_CMP_HDR_get0_transactionID.html @@ -0,0 +1,85 @@ + + + + +OSSL_CMP_HDR_get0_transactionID + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OSSL_CMP_HDR_get0_transactionID, +OSSL_CMP_HDR_get0_recipNonce +- functions manipulating CMP message headers

    +

    +

    +
    +

    SYNOPSIS

    +
    +  #include <openssl/cmp.h>
    +
    +  ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_transactionID(const
+                                                     OSSL_CMP_PKIHEADER *hdr);
+  ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_recipNonce(const
+                                                  OSSL_CMP_PKIHEADER *hdr);
    +

    +

    +
    +

    DESCRIPTION

    +

    OSSL_CMP_HDR_get0_transactionID returns the transaction ID of the given +PKIHeader.

    +

    OSSL_CMP_HDR_get0_recipNonce returns the recipient nonce of the given PKIHeader.

    +

    +

    +
    +

    NOTES

    +

    CMP is defined in RFC 4210.

    +

    +

    +
    +

    RETURN VALUES

    +

    The functions return the intended pointer value as described above +or NULL if the respective entry does not exist and on error.

    +

    +

    +
    +

    HISTORY

    +

    The OpenSSL CMP support was added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_CMP_ITAV_set0.html b/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_CMP_ITAV_set0.html new file mode 100755 index 0000000..e8a9233 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_CMP_ITAV_set0.html @@ -0,0 +1,145 @@ + + + + +OSSL_CMP_ITAV_set0 + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OSSL_CMP_ITAV_create, +OSSL_CMP_ITAV_set0, +OSSL_CMP_ITAV_get0_type, +OSSL_CMP_ITAV_get0_value, +OSSL_CMP_ITAV_push0_stack_item +- OSSL_CMP_ITAV utility functions

    +

    +

    +
    +

    SYNOPSIS

    +
    +  #include <openssl/cmp.h>
+  OSSL_CMP_ITAV *OSSL_CMP_ITAV_create(ASN1_OBJECT *type, ASN1_TYPE *value);
+  void OSSL_CMP_ITAV_set0(OSSL_CMP_ITAV *itav, ASN1_OBJECT *type,
+                          ASN1_TYPE *value);
+  ASN1_OBJECT *OSSL_CMP_ITAV_get0_type(const OSSL_CMP_ITAV *itav);
+  ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav);
    +
    +  int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p,
+                                     OSSL_CMP_ITAV *itav);
    +

    +

    +
    +

    DESCRIPTION

    +

    Certificate Management Protocol (CMP, RFC 4210) extension to OpenSSL

    +

    ITAV is short for InfoTypeAndValue. This type is defined in RFC 4210 +section 5.3.19 and Appendix F. It is used at various places in CMP messages, +e.g., in the generalInfo PKIHeader field, to hold a key-value pair.

    +

    OSSL_CMP_ITAV_create() creates a new OSSL_CMP_ITAV structure and fills it in. +It combines OSSL_CMP_ITAV_new() and OSSL_CMP_ITAV_set0.

    +

    OSSL_CMP_ITAV_set0() sets the itav with an infoType of type and an +infoValue of value. This function uses the pointers type and value +internally, so they must not be freed up after the call.

    +

    OSSL_CMP_ITAV_get0_type() returns a direct pointer to the infoType in the +itav.

    +

    OSSL_CMP_ITAV_get0_value() returns a direct pointer to the infoValue in +the itav as generic ASN1_TYPE*.

    +

    OSSL_CMP_ITAV_push0_stack_item() pushes itav to the stack pointed to +by *itav_sk_p. It creates a new stack if *itav_sk_p points to NULL.

    +

    +

    +
    +

    NOTES

    +

    CMP is defined in RFC 4210 (and CRMF in RFC 4211).

    +

    +

    +
    +

    RETURN VALUES

    +

    OSSL_CMP_ITAV_create() returns a pointer to the ITAV structure on success, +or NULL on error.

    +

    OSSL_CMP_ITAV_set0() does not return a value.

    +

    OSSL_CMP_ITAV_get0_type() and OSSL_CMP_ITAV_get0_value() +return the respective pointer or NULL if their input is NULL.

    +

    OSSL_CMP_ITAV_push0_stack_item() returns 1 on success, 0 on error.

    +

    +

    +
    +

    EXAMPLES

    +

    The following code creates and sets a structure representing a generic +InfoTypeAndValue sequence, using an OID created from text as type, and an +integer as value. Afterwards, it is pushed to the OSSL_CMP_CTX to be later +included in the requests' PKIHeader's genInfo field.

    +
    +    ASN1_OBJECT *type = OBJ_txt2obj("1.2.3.4.5", 1);
+    if (type == NULL) ...
    +
    +    ASN1_INTEGER *asn1int = ASN1_INTEGER_new();
+    if (asn1int == NULL || !ASN1_INTEGER_set(asn1int, 12345)) ...
    +
    +    ASN1_TYPE *val = ASN1_TYPE_new();
+    if (val == NULL) ...
+    ASN1_TYPE_set(val, V_ASN1_INTEGER, asn1int);
    +
    +    OSSL_CMP_ITAV *itav = OSSL_CMP_ITAV_create(type, val);
+    if (itav == NULL) ...
    +
    +    OSSL_CMP_CTX *ctx = OSSL_CMP_CTX_new();
+    if (ctx == NULL || !OSSL_CMP_CTX_geninfo_push0_ITAV(ctx, itav)) {
+        OSSL_CMP_ITAV_free(itav); /* also frees type and val */
+        goto err;
+    }
    +
    +    ...
    +
    +    OSSL_CMP_CTX_free(ctx); /* also frees itav */
    +

    +

    +
    +

    SEE ALSO

    +

    OSSL_CMP_CTX_new(3), OSSL_CMP_CTX_free(3), ASN1_TYPE_set(3)

    +

    +

    +
    +

    HISTORY

    +

    The OpenSSL CMP support was added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_CMP_MSG_get0_header.html b/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_CMP_MSG_get0_header.html new file mode 100755 index 0000000..936669c --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_CMP_MSG_get0_header.html @@ -0,0 +1,79 @@ + + + + +OSSL_CMP_MSG_get0_header + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OSSL_CMP_MSG_get0_header +- function(s) manipulating CMP messages

    +

    +

    +
    +

    SYNOPSIS

    +
    +  #include <openssl/cmp.h>
    +
    +  OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg);
    +

    +

    +
    +

    DESCRIPTION

    +

    OSSL_CMP_MSG_get0_header returns the header of the given CMP message.

    +

    +

    +
    +

    NOTES

    +

    CMP is defined in RFC 4210.

    +

    +

    +
    +

    RETURN VALUES

    +

    CMP_MSG_get0_header() returns the intended pointer value as described above +or NULL if the respective entry does not exist and on error.

    +

    +

    +
    +

    HISTORY

    +

    The OpenSSL CMP support was added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_CMP_log_open.html b/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_CMP_log_open.html new file mode 100755 index 0000000..2f982da --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_CMP_log_open.html @@ -0,0 +1,148 @@ + + + + +OSSL_CMP_log_open + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OSSL_CMP_log_open, +OSSL_CMP_log_close, +OSSL_CMP_severity, +OSSL_CMP_LOG_EMERG, +OSSL_CMP_LOG_ALERT, +OSSL_CMP_LOG_CRIT, +OSSL_CMP_LOG_ERR, +OSSL_CMP_LOG_WARNING, +OSSL_CMP_LOG_NOTICE, +OSSL_CMP_LOG_INFO, +OSSL_CMP_LOG_DEBUG, +OSSL_cmp_log_cb_t, +OSSL_CMP_print_to_bio, +OSSL_CMP_print_errors_cb +- functions for logging and error reporting

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/cmp_util.h>
    +
    + int  OSSL_CMP_log_open(void);
+ void OSSL_CMP_log_close(void);
    +
    + /* severity level declarations resemble those from syslog.h */
+ typedef int OSSL_CMP_severity;
+ #define OSSL_CMP_LOG_EMERG   0
+ #define OSSL_CMP_LOG_ALERT   1
+ #define OSSL_CMP_LOG_CRIT    2
+ #define OSSL_CMP_LOG_ERR     3
+ #define OSSL_CMP_LOG_WARNING 4
+ #define OSSL_CMP_LOG_NOTICE  5
+ #define OSSL_CMP_LOG_INFO    6
+ #define OSSL_CMP_LOG_DEBUG   7
    +
    + typedef int (*OSSL_cmp_log_cb_t)(const char *component,
+                                  const char *file, int line,
+                                  OSSL_CMP_severity level, const char *msg);
+ int OSSL_CMP_print_to_bio(BIO *bio, const char *component, const char *file,
+                           int line, OSSL_CMP_severity level, const char *msg);
+ void OSSL_CMP_print_errors_cb(OSSL_cmp_log_cb_t log_fn);
    +

    +

    +
    +

    DESCRIPTION

    +

    The logging and error reporting facility described here contains +convenience functions for CMP-specific logging, +including a string prefix mirroring the severity levels of syslog.h, +and enhancements of the error queue mechanism needed for large diagnostic +messages produced by the CMP library in case of certificate validation failures.

    +

    When an interesting activity is performed or an error occurs, some detail +should be provided for user information, debugging, and auditing purposes. +A CMP application can obtain this information by providing a callback function +with the following type:

    +
    + typedef int (*OSSL_cmp_log_cb_t)(const char *component,
+                                  const char *file, int line,
+                                  OSSL_CMP_severity level, const char *msg);
    +

    The parameters may provide +some component info (which may be a module name and/or function name) or NULL, +a file pathname or NULL, +a line number or 0 indicating the source code location, +a severity level, and +a message string describing the nature of the event, terminated by '\n'.

    +

    Even when an activity is successful some warnings may be useful and some degree +of auditing may be required. Therefore the logging facility supports a severity +level and the callback function has a level parameter indicating such a +level, such that error, warning, info, debug, etc. can be treated differently. +The callback is activated only when the severity level is sufficient according +to the current level of verbosity, which by default is OSSL_CMP_LOG_INFO.

    +

    The callback function may itself do non-trivial tasks like writing to +a log file or remote stream, which in turn may fail. +Therefore the function should return 1 on success and 0 on failure.

    +

    OSSL_CMP_log_open() initializes the CMP-specific logging facility to output +everything to STDOUT. It fails if the integrated tracing is disabled or STDIO +is not available. It may be called during application startup. +Alternatively, OSSL_CMP_CTX_set_log_cb(3) can be used for more flexibility. +As long as neither if the two is used any logging output is ignored.

    +

    OSSL_CMP_log_close() may be called when all activities are finished to flush +any pending CMP-specific log output and deallocate related resources. +It may be called multiple times. It does get called at OpenSSL stutdown.

    +

    OSSL_CMP_print_to_bio() prints the given component info, filename, line number, +severity level, and log message or error queue message to the given bio. +component usually is a function or module name. +If it is NULL, empty, or "(unknown function)" then "CMP" is used as fallback.

    +

    OSSL_CMP_print_errors_cb() outputs any entries in the OpenSSL error queue. +It is similar to ERR_print_errors_cb() but uses the CMP log callback function +log_fn for uniformity with CMP logging if not NULL. Otherwise it prints to +STDERR using OSSL_CMP_print_to_bio(3) (unless OPENSSL_NO_STDIO is defined).

    +

    +

    +
    +

    RETURN VALUES

    +

    OSSL_CMP_log_close() and OSSL_CMP_print_errors_cb() do not return anything.

    +

    All other functions return 1 on success, 0 on error.

    +

    +

    +
    +

    HISTORY

    +

    The OpenSSL CMP support was added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_CMP_validate_msg.html b/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_CMP_validate_msg.html new file mode 100755 index 0000000..467f54d --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_CMP_validate_msg.html @@ -0,0 +1,121 @@ + + + + +OSSL_CMP_validate_msg + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OSSL_CMP_validate_msg, +OSSL_CMP_validate_cert_path +- functions for verifying CMP message protection

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/cmp.h>
+ int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg);
+ int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX *ctx,
+                                 X509_STORE *trusted_store, X509 *cert);
    +

    +

    +
    +

    DESCRIPTION

    +

    This is the API for validating the protection of CMP messages, +which includes validating CMP message sender certificates and their paths +while optionally checking the revocation status of the certificates(s).

    +

    OSSL_CMP_validate_msg() validates the protection of the given msg +using either password-based mac (PBM) or a signature algorithm.

    +

    In case of signature algorithm, the certificate to use for the signature check +is preferably the one provided by a call to OSSL_CMP_CTX_set1_srvCert(3). +If no such sender cert has been pinned then candidate sender certificates are +taken from the list of certificates received in the msg extraCerts, then any +certificates provided before via OSSL_CMP_CTX_set1_untrusted_certs(3), and +then all trusted certificates provided via OSSL_CMP_CTX_set0_trustedStore(3), +where a candidate is acceptable only if has not expired, its subject DN matches +the msg sender DN (as far as present), and its subject key identifier +is present and matches the senderKID (as far as the latter present). +Each acceptable cert is tried in the given order to see if the message +signature check succeeds and the cert and its path can be verified +using any trust store set via OSSL_CMP_CTX_set0_trustedStore(3).

    +

    If the option OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR was set by calling +OSSL_CMP_CTX_set_option(3), for an Initialization Response (IP) message +any self-issued certificate from the msg extraCerts field may also be used +as trust anchor for the path verification of an acceptable cert if it can be +used also to validate the issued certificate returned in the IP message. This is +according to TS 33.310 [Network Domain Security (NDS); Authentication Framework +(AF)] document specified by the The 3rd Generation Partnership Project (3GPP).

    +

    Any cert that has been found as described above is cached and tried first when +validating the signatures of subsequent messages in the same transaction.

    +

    After successful validation of PBM-based protection of a certificate response +the certificates in the caPubs field (if any) are added to the trusted +certificates provided via OSSL_CMP_CTX_set0_trustedStore(3), such that +they are available for validating subsequent messages in the same context. +Those could apply to any Polling Response (pollRep), error, or PKI Confirmation +(PKIConf) messages following in the same or future transactions.

    +

    OSSL_CMP_validate_cert_path() attempts to validate the given certificate and its +path using the given store of trusted certs (possibly including CRLs and a cert +verification callback) and non-trusted intermediate certs from the ctx.

    +

    +

    +
    +

    NOTES

    +

    CMP is defined in RFC 4210 (and CRMF in RFC 4211).

    +

    +

    +
    +

    RETURN VALUES

    +

    OSSL_CMP_validate_msg() and OSSL_CMP_validate_cert_path() +return 1 on success, 0 on error or validation failed.

    +

    +

    +
    +

    SEE ALSO

    +

    OSSL_CMP_CTX_new(3), OSSL_CMP_exec_IR_ses(3)

    +

    +

    +
    +

    HISTORY

    +

    The OpenSSL CMP support was added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_CRMF_MSG_get0_tmpl.html b/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_CRMF_MSG_get0_tmpl.html new file mode 100755 index 0000000..2b382b0 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_CRMF_MSG_get0_tmpl.html @@ -0,0 +1,111 @@ + + + + +OSSL_CRMF_MSG_get0_tmpl + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OSSL_CRMF_MSG_get0_tmpl, +OSSL_CRMF_CERTTEMPLATE_get0_serialNumber, +OSSL_CRMF_CERTTEMPLATE_get0_issuer, +OSSL_CRMF_CERTID_get0_serialNumber, +OSSL_CRMF_CERTID_get0_issuer, +OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert, +OSSL_CRMF_MSG_get_certReqId +- functions reading from CRMF CertReqMsg structures

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/crmf.h>
    +
    + OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm);
+ ASN1_INTEGER
+     *OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(OSSL_CRMF_CERTTEMPLATE *tmpl);
+ X509_NAME *OSSL_CRMF_CERTTEMPLATE_get0_issuer(OSSL_CRMF_CERTTEMPLATE *tmpl);
    +
    + ASN1_INTEGER *OSSL_CRMF_CERTID_get0_serialNumber(const OSSL_CRMF_CERTID *cid);
+ X509_NAME *OSSL_CRMF_CERTID_get0_issuer(const OSSL_CRMF_CERTID *cid);
    +
    + X509 *OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert(OSSL_CRMF_ENCRYPTEDVALUE *ecert,
+                                             EVP_PKEY *pkey);
    +
    + int OSSL_CRMF_MSG_get_certReqId(OSSL_CRMF_MSG *crm);
    +

    +

    +
    +

    DESCRIPTION

    +

    OSSL_CRMF_MSG_get0_tmpl() retrieves the certificate template of crm.

    +

    OSSL_CRMF_CERTTEMPLATE_get0_serialNumber() retrieves the serialNumber of the +given certificate template tmpl.

    +

    OSSL_CRMF_CERTTEMPLATE_get0_issuer() retrieves the issuer name of the +given certificate template tmpl.

    +

    OSSL_CRMF_CERTID_get0_serialNumber retrieves the serialNumber +of the given CertId cid.

    +

    OSSL_CRMF_CERTID_get0_issuer retrieves the issuer name +of the given CertId cid, which must be of ASN.1 type GEN_DIRNAME.

    +

    OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert() decrypts the certificate in the given +encryptedValue ecert, using the private key pkey. +This is needed for the indirect PoP method as in RFC 4210 section 5.2.8.2. +The function returns the decrypted certificate as a copy, leaving its ownership +with the caller, who is responsible for freeing it.

    +

    OSSL_CRMF_MSG_get_certReqId() retrieves the certReqId of crm.

    +

    +

    +
    +

    RETURN VALUES

    +

    OSSL_CRMF_MSG_get_certReqId() returns the certificate request ID as a +non-negative integer or -1 on error.

    +

    All other functions return a pointer with the intended result or NULL on error.

    +

    +

    +
    +

    SEE ALSO

    +

    RFC 4211

    +

    +

    +
    +

    HISTORY

    +

    The OpenSSL CRMF support was added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.html b/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.html new file mode 100755 index 0000000..0225e50 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.html @@ -0,0 +1,142 @@ + + + + +OSSL_CRMF_MSG_set1_regCtrl_regToken + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OSSL_CRMF_MSG_set1_regCtrl_regToken, +OSSL_CRMF_MSG_set1_regCtrl_authenticator, +OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo, +OSSL_CRMF_MSG_set0_SinglePubInfo, +OSSL_CRMF_MSG_set_PKIPublicationInfo_action, +OSSL_CRMF_MSG_set1_regCtrl_pkiPublicationInfo, +OSSL_CRMF_MSG_set1_regCtrl_protocolEncrKey, +OSSL_CRMF_MSG_set1_regCtrl_oldCertID, +OSSL_CRMF_CERTID_gen +- functions setting CRMF Registration Controls

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/crmf.h>
    +
    + int OSSL_CRMF_MSG_set1_regCtrl_regToken(OSSL_CRMF_MSG *msg,
+                                         const ASN1_UTF8STRING *tok);
+ int OSSL_CRMF_MSG_set1_regCtrl_authenticator(OSSL_CRMF_MSG *msg,
+                                              const ASN1_UTF8STRING *auth);
+ int OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo(
+                                  OSSL_CRMF_PKIPUBLICATIONINFO *pi,
+                                  OSSL_CRMF_SINGLEPUBINFO *spi);
+ int OSSL_CRMF_MSG_set0_SinglePubInfo(OSSL_CRMF_SINGLEPUBINFO *spi,
+                                      int method, GENERAL_NAME *nm);
+ int OSSL_CRMF_MSG_set_PKIPublicationInfo_action(
+                                  OSSL_CRMF_PKIPUBLICATIONINFO *pi, int action);
+ int OSSL_CRMF_MSG_set1_regCtrl_pkiPublicationInfo(OSSL_CRMF_MSG *msg,
+                                        const OSSL_CRMF_PKIPUBLICATIONINFO *pi);
+ int OSSL_CRMF_MSG_set1_regCtrl_protocolEncrKey(OSSL_CRMF_MSG *msg,
+                                                const X509_PUBKEY *pubkey);
+ int OSSL_CRMF_MSG_set1_regCtrl_oldCertID(OSSL_CRMF_MSG *msg,
+                                          const OSSL_CRMF_CERTID *cid);
+ OSSL_CRMF_CERTID *OSSL_CRMF_CERTID_gen(const X509_NAME *issuer,
+                                        const ASN1_INTEGER *serial);
    +

    +

    +
    +

    DESCRIPTION

    +

    OSSL_CRMF_MSG_set1_regCtrl_regToken() sets the regToken control in the given +msg copying the given tok as value. See RFC 4211, section 6.1.

    +

    OSSL_CRMF_MSG_set1_regCtrl_authenticator() sets the authenticator control in +the given msg copying the given auth as value. See RFC 4211, section 6.2.

    +

    OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo() pushes the given spi +to si. Consumes the spi pointer.

    +

    OSSL_CRMF_MSG_set0_SinglePubInfo() sets in the given SinglePubInfo spi +the method and publication location, in the form of a GeneralName, nm. +The publication location is optional, and therefore nm may be NULL. +The function consumes the nm pointer if present. +Available methods are: + # define OSSL_CRMF_PUB_METHOD_DONTCARE 0 + # define OSSL_CRMF_PUB_METHOD_X500 1 + # define OSSL_CRMF_PUB_METHOD_WEB 2 + # define OSSL_CRMF_PUB_METHOD_LDAP 3

    +

    OSSL_CRMF_MSG_set_PKIPublicationInfo_action() sets the action in the given pi +using the given action as value. See RFC 4211, section 6.3. +Available actions are: + # define OSSL_CRMF_PUB_ACTION_DONTPUBLISH 0 + # define OSSL_CRMF_PUB_ACTION_PLEASEPUBLISH 1

    +

    OSSL_CRMF_MSG_set1_regCtrl_pkiPublicationInfo() sets the pkiPublicationInfo +control in the given msg copying the given tok as value. See RFC 4211, +section 6.3.

    +

    OSSL_CRMF_MSG_set1_regCtrl_protocolEncrKey() sets the protocolEncrKey control in +the given msg copying the given pubkey as value. See RFC 4211 section 6.6.

    +

    OSSL_CRMF_MSG_set1_regCtrl_oldCertID() sets the oldCertID control in the given +msg copying the given cid as value. See RFC 4211, section 6.5.

    +

    OSSL_CRMF_CERTID_gen produces an OSSL_CRMF_CERTID_gen structure copying the +given issuer name and serial number.

    +

    +

    +
    +

    RETURN VALUES

    +

    OSSL_CRMF_CERTID_gen returns a pointer to the resulting structure +or NULL on error.

    +

    All other functions return 1 on success, 0 on error.

    +

    +

    +
    +

    NOTES

    +

    A function OSSL_CRMF_MSG_set1_regCtrl_pkiArchiveOptions() for setting an +Archive Options Control is not yet implemented due to missing features to +create the needed OSSL_CRMF_PKIARCHIVEOPTINS content.

    +

    +

    +
    +

    SEE ALSO

    +

    RFC 4211

    +

    +

    +
    +

    HISTORY

    +

    The OpenSSL CRMF support was added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.html b/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.html new file mode 100755 index 0000000..7bc0d9f --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.html @@ -0,0 +1,93 @@ + + + + +OSSL_CRMF_MSG_set1_regInfo_certReq + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OSSL_CRMF_MSG_set1_regInfo_utf8Pairs, +OSSL_CRMF_MSG_set1_regInfo_certReq +- functions setting CRMF Registration Info

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/crmf.h>
    +
    + int OSSL_CRMF_MSG_set1_regInfo_utf8Pairs(OSSL_CRMF_MSG *msg,
+                                          const ASN1_UTF8STRING *utf8pairs);
+ int OSSL_CRMF_MSG_set1_regInfo_certReq(OSSL_CRMF_MSG *msg,
+                                        const OSSL_CRMF_CERTREQUEST *cr);
    +

    +

    +
    +

    DESCRIPTION

    +

    OSSL_CRMF_MSG_set1_regInfo_utf8Pairs() adds a copy of the given utf8pairs +value as utf8Pairs regInfo to the given msg. See RFC 4211 section 7.1.

    +

    OSSL_CRMF_MSG_set1_regInfo_certReq() adds a copy of the given cr value +as certReq regInfo to the given msg. See RFC 4211 section 7.2.

    +

    +

    +
    +

    RETURN VALUES

    +

    All functions return 1 on success, 0 on error.

    +

    +

    +
    +

    NOTES

    +

    Calling these functions multiple times adds multiple instances of the respective +control to the regInfo structure of the given msg. While RFC 4211 expects +multiple utf8Pairs in one regInfo structure, it does not allow multiple certReq.

    +

    +

    +
    +

    SEE ALSO

    +

    RFC 4211

    +

    +

    +
    +

    HISTORY

    +

    The OpenSSL CRMF support was added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_CRMF_MSG_set_validity.html b/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_CRMF_MSG_set_validity.html new file mode 100755 index 0000000..06f113a --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_CRMF_MSG_set_validity.html @@ -0,0 +1,143 @@ + + + + +OSSL_CRMF_MSG_set_validity + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OSSL_CRMF_MSG_set_validity, +OSSL_CRMF_MSG_set_certReqId, +OSSL_CRMF_CERTTEMPLATE_fill, +OSSL_CRMF_MSG_set0_extensions, +OSSL_CRMF_MSG_push0_extension, +OSSL_CRMF_MSG_create_popo, +OSSL_CRMF_MSGS_verify_popo +- functions populating and verifying CRMF CertReqMsg structures

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/crmf.h>
    +
    + int OSSL_CRMF_MSG_set_validity(OSSL_CRMF_MSG *crm, time_t from, time_t to);
    +
    + int OSSL_CRMF_MSG_set_certReqId(OSSL_CRMF_MSG *crm, int rid);
    +
    + int OSSL_CRMF_CERTTEMPLATE_fill(OSSL_CRMF_CERTTEMPLATE *tmpl,
+                                 EVP_PKEY *pubkey,
+                                 const X509_NAME *subject,
+                                 const X509_NAME *issuer,
+                                 const ASN1_INTEGER *serial);
    +
    + int OSSL_CRMF_MSG_set0_extensions(OSSL_CRMF_MSG *crm, X509_EXTENSIONS *exts);
    +
    + int OSSL_CRMF_MSG_push0_extension(OSSL_CRMF_MSG *crm, X509_EXTENSION *ext);
    +
    + int OSSL_CRMF_MSG_create_popo(OSSL_CRMF_MSG *crm, EVP_PKEY *pkey,
+                               int dgst, int ppmtd);
    +
    + int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs,
+                                int rid, int acceptRAVerified);
    +

    +

    +
    +

    DESCRIPTION

    +

    OSSL_CRMF_MSG_set_validity() sets from as notBefore and to as notAfter +as the validity in the certTemplate of crm.

    +

    OSSL_CRMF_MSG_set_certReqId() sets rid as the certReqId of crm.

    +

    OSSL_CRMF_CERTTEMPLATE_fill() sets those fields of the certTemplate tmpl +for which non-NULL values are provided: pubkey, subject, issuer, +and/or serial. +On success the reference counter of the pubkey (if given) is incremented, +while the subject, issuer, and serial structures (if given) are copied.

    +

    OSSL_CRMF_MSG_set0_extensions() sets exts as the extensions in the +certTemplate of crm. Frees any pre-existing ones and consumes exts.

    +

    OSSL_CRMF_MSG_push0_extension() pushes the X509 extension ext to the +extensions in the certTemplate of crm. Consumes ext.

    +

    OSSL_CRMF_MSG_create_popo() creates and sets the Proof-of-Possession (POPO) +according to the method ppmtd in crm. +In case the method is OSSL_CRMF_POPO_SIGNATURE the POPO is calculated +using the private pkey and the digest algorithm NID dgst.

    +

    ppmtd can be one of the following:

    + +

    OSSL_CRMF_MSGS_verify_popo verifies the Proof-of-Possession of the request with +the given rid in the list of reqs. Optionally accepts RAVerified.

    +

    +

    +
    +

    RETURN VALUES

    +

    All functions return 1 on success, 0 on error.

    +

    +

    +
    +

    SEE ALSO

    +

    RFC 4211

    +

    +

    +
    +

    HISTORY

    +

    The OpenSSL CRMF support was added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_CRMF_pbmp_new.html b/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_CRMF_pbmp_new.html new file mode 100755 index 0000000..c091ddf --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_CRMF_pbmp_new.html @@ -0,0 +1,122 @@ + + + + +OSSL_CRMF_pbmp_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OSSL_CRMF_pbm_new, +OSSL_CRMF_pbmp_new +- functions for producing Password-Based MAC (PBM)

    +

    +

    +
    +

    SYNOPSIS

    +
    +  #include <openssl/crmf.h>
    +
    +  int OSSL_CRMF_pbm_new(const OSSL_CRMF_PBMPARAMETER *pbmp,
+                        const unsigned char *msg, size_t msglen,
+                        const unsigned char *sec, size_t seclen,
+                        unsigned char **mac, size_t *maclen);
    +
    +  OSSL_CRMF_PBMPARAMETER *OSSL_CRMF_pbmp_new(size_t saltlen, int owfnid,
+                                             int itercnt, int macnid);
    +

    +

    +
    +

    DESCRIPTION

    +

    OSSL_CRMF_pbm_new() generates a PBM (Password-Based MAC) based on given PBM +parameters pbmp, message msg, and secret sec, along with the respective +lengths msglen and seclen. On success writes the address of the newly +allocated MAC via the mac reference parameter and writes the length via the +maclen reference parameter unless it its NULL.

    +

    The iteration count must be at least 100, as stipulated by RFC 4211, and is +limited to at most 100000 to avoid DoS through manipulated or otherwise +malformed input.

    +

    OSSL_CRMF_pbmp_new() initializes and returns a new PBMParameter +structure with a new random salt of given length saltlen, OWF (one-way +function) NID owfnid, iteration count itercnt, and MAC NID macnid.

    +

    +

    +
    +

    NOTES

    +

    The algorithms for the OWF (one-way function) and for the MAC (message +authentication code) may be any with a NID defined in openssl/objects.h. +As specified by RFC 4210, these should include NID_hmac_sha1.

    +

    RFC 4210 recommends that the salt SHOULD be at least 8 bytes (64 bits) long.

    +

    +

    +
    +

    RETURN VALUES

    +

    OSSL_CRMF_pbm_new() returns 1 on success, 0 on error.

    +

    OSSL_CRMF_pbmp_new() returns a new and initialized OSSL_CRMF_PBMPARAMETER +structure, or NULL on error.

    +

    +

    +
    +

    EXAMPLES

    +
    + OSSL_CRMF_PBMPARAMETER *pbm = NULL;
+ unsigned char *msg = "Hello";
+ unsigned char *sec = "SeCrEt";
+ unsigned char *mac = NULL;
+ size_t maclen;
    +
    + if ((pbm = OSSL_CRMF_pbmp_new(16, NID_sha256, 500, NID_hmac_sha1) == NULL))
+     goto err;
+ if (!OSSL_CRMF_pbm_new(pbm, msg, 5, sec, 6, &mac, &maclen))
+     goto err;
    +

    +

    +
    +

    SEE ALSO

    +

    RFC 4211 section 4.4

    +

    +

    +
    +

    HISTORY

    +

    The OpenSSL CRMF support was added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_HTTP_transfer.html b/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_HTTP_transfer.html new file mode 100755 index 0000000..a423971 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_HTTP_transfer.html @@ -0,0 +1,231 @@ + + + + +OSSL_HTTP_transfer + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OSSL_HTTP_get, +OSSL_HTTP_get_asn1, +OSSL_HTTP_post_asn1, +OSSL_HTTP_transfer, +OSSL_HTTP_bio_cb_t, +OSSL_HTTP_proxy_connect, +OSSL_HTTP_parse_url +- http client functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/http.h>
    +
    + typedef BIO *(*OSSL_HTTP_bio_cb_t)(BIO *bio, void *arg,
+                                    int connect, int detail);
+ BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *proxy_port,
+                    BIO *bio, BIO *rbio,
+                    OSSL_HTTP_bio_cb_t bio_update_fn, void *arg,
+                    const STACK_OF(CONF_VALUE) *headers,
+                    int maxline, unsigned long max_resp_len, int timeout,
+                    const char *expected_content_type, int expect_asn1);
+ ASN1_VALUE *OSSL_HTTP_get_asn1(const char *url,
+                                const char *proxy, const char *proxy_port,
+                                BIO *bio, BIO *rbio,
+                                OSSL_HTTP_bio_cb_t bio_update_fn, void *arg,
+                                const STACK_OF(CONF_VALUE) *headers,
+                                int maxline, unsigned long max_resp_len,
+                                int timeout, const char *expected_content_type,
+                                const ASN1_ITEM *it);
+ ASN1_VALUE *OSSL_HTTP_post_asn1(const char *server, const char *port,
+                                 const char *path, int use_ssl,
+                                 const char *proxy, const char *proxy_port,
+                                 BIO *bio, BIO *rbio,
+                                 OSSL_HTTP_bio_cb_t bio_update_fn, void *arg,
+                                 const STACK_OF(CONF_VALUE) *headers,
+                                 const char *content_type,
+                                 ASN1_VALUE *req, const ASN1_ITEM *req_it,
+                                 int maxline, unsigned long max_resp_len,
+                                 int timeout, const char *expected_ct,
+                                 const ASN1_ITEM *rsp_it);
+ BIO *OSSL_HTTP_transfer(const char *server, const char *port, const char *path,
+                         int use_ssl, const char *proxy, const char *proxy_port,
+                         BIO *bio, BIO *rbio,
+                         OSSL_HTTP_bio_cb_t bio_update_fn, void *arg,
+                         const STACK_OF(CONF_VALUE) *headers,
+                         const char *content_type, BIO *req_mem,
+                         int maxline, unsigned long max_resp_len, int timeout,
+                         const char *expected_ct, int expect_asn1,
+                         char **redirection_url);
+ int OSSL_HTTP_proxy_connect(BIO *bio, const char *server, const char *port,
+                             const char *proxyuser, const char *proxypass,
+                             int timeout, BIO *bio_err, const char *prog);
+ int OSSL_HTTP_parse_url(const char *url, char **phost, char **pport,
+                         char **ppath, int *pssl);
    +

    +

    +
    +

    DESCRIPTION

    +

    OSSL_HTTP_get() uses HTTP GET to obtain data (of any type) from the given url +and returns it as a memory BIO.

    +

    OSSL_HTTP_get_asn1() uses HTTP GET to obtain an ASN.1-encoded value +(e.g., an X.509 certificate) with the expected structure specified by it +(e.g., ASN1_ITEM_rptr(X509)) from the given url +and returns it on success as a pointer to ASN1_VALUE.

    +

    OSSL_HTTP_post_asn1() uses the HTTP POST method to send a request req +with the ASN.1 structure defined in req_it and the given content_type to +the given server and optional port and path, which defaults to "/". +If use_ssl is nonzero a TLS connection is requested and the bio_update_fn +parameter, described below, must be provided. +The optional list headers may contain additional custom HTTP header lines. +The expected structure of the response is specified by rsp_it. +On success it returns the response as a pointer to ASN1_VALUE.

    +

    OSSL_HTTP_transfer() exchanges an HTTP request and response with +the given server and optional port and path, which defaults to "/". +If use_ssl is nonzero a TLS connection is requested and the bio_update_fn +parameter, described below, must be provided. +If req_mem is NULL it uses the HTTP GET method, else it uses HTTP POST to +send a request with the contents of the memory BIO and optional content_type. +The optional list headers may contain additional custom HTTP header lines. +If req_mem is NULL (i.e., the HTTP method is GET) and redirection_url +is not NULL the latter pointer is used to provide any new location that +the server may return with HTTP code 301 (MOVED_PERMANENTLY) or 302 (FOUND). +In this case the caller is responsible for deallocating this URL with +OPENSSL_free(3).

    +

    The above functions have the following parameters in common.

    +

    If the proxy parameter is not NULL the HTTP client functions connect +via the given proxy and the optionally given proxy_port. +Proxying plain HTTP is supported directly, +while using a proxy for HTTPS connections requires a suitable callback function +such as OSSL_HTTP_proxy_connect(), described below.

    +

    Typically the bio and rbio parameters are NULL and the client creates a +network BIO internally for connecting to the given server and port (optionally +via a proxy and its port), and uses it for exchanging the request and response. +If bio is given and rbio is NULL then the client uses this BIO instead. +If both bio and rbio are given (which may be memory BIOs for instance) +then no explicit connection is attempted, +bio is used for writing the request, and rbio for reading the response. +As soon as the client has flushed bio the server must be ready to provide +a response or indicate a waiting condition via rbio.

    +

    The maxline parameter specifies the response header maximum line length, +where 0 indicates the default value, which currently is 4k. +The max_resp_len parameter specifies the maximum response length, +where 0 indicates the default value, which currently is 100k.

    +

    An ASN.1-encoded response is expected by OSSL_HTTP_get_asn1() and +OSSL_HTTP_post_asn1(), while for OSSL_HTTP_get() or OSSL_HTTP_transfer() +this is only the case if the expect_asn1 parameter is nonzero. +If the response header contains one or more Content-Length header lines and/or +an ASN.1-encoded response is expected, which should include a total length, +the length indications received are checked for consistency +and for not exceeding the maximum response length.

    +

    If the parameter expected_content_type (or expected_ct, respectively) +is not NULL then the HTTP client checks that the given content type string +is included in the HTTP header of the response and returns an error if not.

    +

    If the timeout parameter is > 0 this indicates the maximum number of seconds +to wait until the transfer is complete. +A value of 0 enables waiting indefinitely, +while a value < 0 immediately leads to a timeout condition.

    +

    The optional parameter bio_update_fn with its optional argument arg may +be used to modify the connection BIO used by the HTTP client (and cannot be +used when both bio and rbio are given). +bio_update_fn is a BIO connect/disconnect callback function with prototype

    +
    + BIO *(*OSSL_HTTP_bio_cb_t)(BIO *bio, void *arg, int connect, int detail)
    +

    The callback may modify the HTTP BIO provided in the bio argument, +whereby it may make use of a custom defined argument arg, +which may for instance refer to an SSL_CTX structure. +During connection establishment, just after calling BIO_connect_retry(), +the function is invoked with the connect argument being 1 and the detail +argument being 1 if HTTPS is requested, i.e., SSL/TLS should be enabled. +On disconnect connect is 0 and detail is 1 if no error occurred, else 0. +For instance, on connect the function may prepend a TLS BIO to implement HTTPS; +after disconnect it may do some diagnostic output and/or specific cleanup. +The function should return NULL to indicate failure. +Here is a simple example that supports TLS connections (but not via a proxy):

    +
    + BIO *http_tls_cb(BIO *hbio, void *arg, int connect, int detail)
+ {
+     SSL_CTX *ctx = (SSL_CTX *)arg;
    +
    +     if (connect && detail) { /* connecting with TLS */
+         BIO *sbio = BIO_new_ssl(ctx, 1);
+         hbio = sbio != NULL ? BIO_push(sbio, hbio) : NULL;
+     } else if (!connect && !detail) { /* disconnecting after error */
+         /* optionally add diagnostics here */
+     }
+     return hbio;
+ }
    +

    After disconnect the modified BIO will be deallocated using BIO_free_all().

    +

    OSSL_HTTP_proxy_connect() may be used by an above BIO connect callback function +to set up an SSL/TLS connection via an HTTP proxy. +It promotes the given BIO bio representing a connection +pre-established with a TLS proxy using the HTTP CONNECT method, +optionally using proxy client credentials proxyuser and proxypass, +to connect with TLS protection ultimately to server and port. +The timeout parameter is used as described above. +Since this function is typically called by appplications such as +openssl-s_client(1) it uses the bio_err and prog parameters (unless +NULL) to print additional diagnostic information in a user-oriented way.

    +

    OSSL_HTTP_parse_url() parses its input string url as a URL and splits it up +into host, port and path components and a flag whether it begins with 'https'. +The host component may be a DNS name or an IPv4 or an IPv6 address. +The port component is optional and defaults to "443" for HTTPS, else "80". +The path component is also optional and defaults to "/". +As far as the result pointer arguments are not NULL it assigns via +them copies of the respective string components. +The strings returned this way must be deallocated by the caller using +OPENSSL_free(3) unless they are NULL, which is their default value on error.

    +

    +

    +
    +

    RETURN VALUES

    +

    OSSL_HTTP_get(), OSSL_HTTP_get_asn1(), OSSL_HTTP_post_asn1(), and +OSSL_HTTP_transfer() return on success the data received via HTTP, else NULL. +Error conditions include connection/transfer timeout, parse errors, etc.

    +

    OSSL_HTTP_proxy_connect() and OSSL_HTTP_parse_url() +return 1 on success, 0 on error.

    +

    +

    +
    +

    HISTORY

    +

    OSSL_HTTP_get(), OSSL_HTTP_get_asn1(), OSSL_HTTP_post_asn1(), +OSSL_HTTP_proxy_connect(), and OSSL_HTTP_parse_url() were added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_PARAM.html b/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_PARAM.html new file mode 100755 index 0000000..5b0fd60 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_PARAM.html @@ -0,0 +1,363 @@ + + + + +OSSL_PARAM + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OSSL_PARAM - a structure to pass or request object parameters

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/core.h>
    +
    + typedef struct ossl_param_st OSSL_PARAM;
+ struct ossl_param_st {
+     const char *key;             /* the name of the parameter */
+     unsigned char data_type;     /* declare what kind of content is in data */
+     void *data;                  /* value being passed in or out */
+     size_t data_size;            /* data size */
+     size_t return_size;          /* returned size */
+ };
    +

    +

    +
    +

    DESCRIPTION

    +

    OSSL_PARAM is a type that allows passing arbitrary data for some +object between two parties that have no or very little shared +knowledge about their respective internal structures for that object.

    +

    A typical usage example could be an application that wants to set some +parameters for an object, or wants to find out some parameters of an +object.

    +

    Arrays of this type can be used for the following purposes:

    +
      +
    • Setting parameters for some object + +

      The caller sets up the OSSL_PARAM array and calls some function +(the setter) that has intimate knowledge about the object that can +take the data from the OSSL_PARAM array and assign them in a +suitable form for the internal structure of the object.

      +
      • +
    • Request parameters of some object + +

      The caller (the requestor) sets up the OSSL_PARAM array and +calls some function (the responder) that has intimate knowledge +about the object, which can take the internal data of the object and +copy (possibly convert) that to the memory prepared by the +requestor and pointed at with the OSSL_PARAM data.

      +
      • +
    • Request parameter descriptors + +

      The caller gets an array of constant OSSL_PARAM, which describe +available parameters and some of their properties; name, data type and +expected data size. +For a detailed description of each field for this use, see the field +descriptions below.

      +

      The caller may then use the information from this descriptor array to +build up its own OSSL_PARAM array to pass down to a setter or +responder.

      +
      • +
    +

    Normally, the order of the an OSSL_PARAM array is not relevant. +However, if the responder can handle multiple elements with the +same key, those elements must be handled in the order they are in.

    +

    +

    +

    OSSL_PARAM fields

    +
    +
    key
    + +
    +

    The identity of the parameter in the form of a string.

    +
    +
    data_type
    + +
    +

    The data_type is a value that describes the type and organization of +the data. +See Supported types below for a description of the types.

    +
    +
    data
    + +
    data_size
    + +
    +

    data is a pointer to the memory where the parameter data is (when +setting parameters) or shall (when requesting parameters) be stored, +and data_size is its size in bytes. +The organization of the data depends on the parameter type and flag.

    +

    When requesting parameters, it's acceptable for data to be NULL. +This can be used by the requestor to figure out dynamically exactly +how much buffer space is needed to store the parameter data. +In this case, data_size is ignored.

    +

    When the OSSL_PARAM is used as a parameter descriptor, data +should be ignored. +If data_size is zero, it means that an arbitrary data size is +accepted, otherwise it specifies the maximum size allowed.

    +
    +
    return_size
    + +
    +

    When an array of OSSL_PARAM is used to request data, the +responder must set this field to indicate size of the parameter +data, including padding as the case may be. +In case the data_size is an unsuitable size for the data, the +responder must still set this field to indicate the minimum data +size required. +(further notes on this in NOTES below).

    +

    When the OSSL_PARAM is used as a parameter descriptor, +return_size should be ignored.

    +
    +
    +

    NOTE:

    +

    The key names and associated types are defined by the entity that +offers these parameters, i.e. names for parameters provided by the +OpenSSL libraries are defined by the libraries, and names for +parameters provided by providers are defined by those providers, +except for the pointer form of strings (see data type descriptions +below). +Entities that want to set or request parameters need to know what +those keys are and of what type, any functionality between those two +entities should remain oblivious and just pass the OSSL_PARAM array +along.

    +

    +

    +

    Supported types

    +

    The data_type field can be one of the following types:

    +
    +
    OSSL_PARAM_INTEGER
    + +
    OSSL_PARAM_UNSIGNED_INTEGER
    + +
    +

    The parameter data is an integer (signed or unsigned) of arbitrary +length, organized in native form, i.e. most significant byte first on +Big-Endian systems, and least significant byte first on Little-Endian +systems.

    +
    +
    OSSL_PARAM_REAL
    + +
    +

    The parameter data is a floating point value in native form.

    +
    +
    OSSL_PARAM_UTF8_STRING
    + +
    +

    The parameter data is a printable string.

    +
    +
    OSSL_PARAM_OCTET_STRING
    + +
    +

    The parameter data is an arbitrary string of bytes.

    +
    +
    OSSL_PARAM_UTF8_PTR
    + +
    +

    The parameter data is a pointer to a printable string.

    +

    The difference between this and OSSL_PARAM_UTF8_STRING is that data +doesn't point directly at the data, but to a pointer that points to the data.

    +

    This is used to indicate that constant data is or will be passed, +and there is therefore no need to copy the data that is passed, just +the pointer to it.

    +

    data_size must be set to the size of the data, not the size of the +pointer to the data. +If this is used in a parameter request, +data_size is not relevant. However, the responder will set +return_size to the size of the data.

    +

    Note that the use of this type is fragile and can only be safely +used for data that remains constant and in a constant location for a +long enough duration (such as the life-time of the entity that +offers these parameters).

    +
    +
    OSSL_PARAM_OCTET_PTR
    + +
    +

    The parameter data is a pointer to an arbitrary string of bytes.

    +

    The difference between this and OSSL_PARAM_OCTET_STRING is that +data doesn't point directly at the data, but to a pointer that +points to the data.

    +

    This is used to indicate that constant data is or will be passed, and +there is therefore no need to copy the data that is passed, just the +pointer to it.

    +

    data_size must be set to the size of the data, not the size of the +pointer to the data. +If this is used in a parameter request, +data_size is not relevant. However, the responder will set +return_size to the size of the data.

    +

    Note that the use of this type is fragile and can only be safely +used for data that remains constant and in a constant location for a +long enough duration (such as the life-time of the entity that +offers these parameters).

    +
    +
    +

    +

    +
    +

    NOTES

    +

    Both when setting and requesting parameters, the functions that are +called will have to decide what is and what is not an error. +The recommended behaviour is:

    +
      +
    • +

      Keys that a setter or responder doesn't recognise should simply +be ignored. +That in itself isn't an error.

      +
      • +
    • +

      If the keys that a called setter recognises form a consistent +enough set of data, that call should succeed.

      +
      • +
    • +

      Apart from the return_size, a responder must never change the fields +of an OSSL_PARAM. +To return a value, it should change the contents of the memory that +data points at.

      +
      • +
    • +

      If the data type for a key that it's associated with is incorrect, +the called function may return an error.

      +

      The called function may also try to convert the data to a suitable +form (for example, it's plausible to pass a large number as an octet +string, so even though a given key is defined as an +OSSL_PARAM_UNSIGNED_INTEGER, is plausible to pass the value as an +OSSL_PARAM_OCTET_STRING), but this is in no way mandatory.

      +
      • +
    • +

      If a responder finds that some data sizes are too small for the +requested data, it must set return_size for each such +OSSL_PARAM item to the minimum required size, and eventually return +an error.

      +
      • +
    • +

      For the integer type parameters (OSSL_PARAM_UNSIGNED_INTEGER and +OSSL_PARAM_INTEGER), a responder may choose to return an error +if the data_size isn't a suitable size (even if data_size is +bigger than needed). If the responder finds the size suitable, it +must fill all data_size bytes and ensure correct padding for the +native endianness, and set return_size to the same value as +data_size.

      +
      • +
    +

    +

    +
    +

    EXAMPLES

    +

    A couple of examples to just show how OSSL_PARAM arrays could be +set up.

    +

    +

    +

    Example 1

    +

    This example is for setting parameters on some object:

    +
    +    #include <openssl/core.h>
    +
    +    const char *foo = "some string";
+    size_t foo_l = strlen(foo) + 1;
+    const char bar[] = "some other string";
+    OSSL_PARAM set[] = {
+        { "foo", OSSL_PARAM_UTF8_STRING_PTR, &foo, foo_l, 0 },
+        { "bar", OSSL_PARAM_UTF8_STRING, &bar, sizeof(bar), 0 },
+        { NULL, 0, NULL, 0, NULL }
+    };
    +

    +

    +

    Example 2

    +

    This example is for requesting parameters on some object:

    +
    +    const char *foo = NULL;
+    size_t foo_l;
+    char bar[1024];
+    size_t bar_l;
+    OSSL_PARAM request[] = {
+        { "foo", OSSL_PARAM_UTF8_STRING_PTR, &foo, 0 /*irrelevant*/, 0 },
+        { "bar", OSSL_PARAM_UTF8_STRING, &bar, sizeof(bar), 0 },
+        { NULL, 0, NULL, 0, NULL }
+    };
    +

    A responder that receives this array (as params in this example) +could fill in the parameters like this:

    +
    +    /* OSSL_PARAM *params */
    +
    +    int i;
    +
    +    for (i = 0; params[i].key != NULL; i++) {
+        if (strcmp(params[i].key, "foo") == 0) {
+            *(char **)params[i].data = "foo value";
+            params[i].return_size = 10; /* size of "foo value" */
+        } else if (strcmp(params[i].key, "bar") == 0) {
+            memcpy(params[i].data, "bar value", 10);
+            params[i].return_size = 10; /* size of "bar value" */
+        }
+        /* Ignore stuff we don't know */
+    }
    +

    +

    +
    +

    SEE ALSO

    +

    openssl-core.h(7), OSSL_PARAM_get_int(3)

    +

    +

    +
    +

    HISTORY

    +

    OSSL_PARAM was added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_PARAM_allocate_from_text.html b/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_PARAM_allocate_from_text.html new file mode 100755 index 0000000..48e4ed9 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_PARAM_allocate_from_text.html @@ -0,0 +1,194 @@ + + + + +OSSL_PARAM_allocate_from_text + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OSSL_PARAM_allocate_from_text +- OSSL_PARAM construction utilities

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/params.h>
    +
    + int OSSL_PARAM_allocate_from_text(OSSL_PARAM *to,
+                                   const OSSL_PARAM *paramdefs,
+                                   const char *key, const char *value,
+                                   size_t value_n,
+                                   int *found);
    +

    +

    +
    +

    DESCRIPTION

    +

    With OpenSSL before version 3.0, parameters were passed down to or +retrieved from algorithm implementations via control functions. +Some of these control functions existed in variants that took string +parameters, for example EVP_PKEY_CTX_ctrl_str(3).

    +

    OpenSSL 3.0 introduces a new mechanism to do the same thing with an +array of parameters that contain name, value, value type and value +size (see OSSL_PARAM(3) for more information).

    +

    OSSL_PARAM_allocate_from_text() takes a control key, value and +value size value_n, and given a parameter descriptor array +paramdefs, it converts the value to something suitable for +OSSL_PARAM(3) and stores that in the buffer buf, and modifies +the parameter to to match. +buf_n, if not NULL, will be assigned the number of bytes used in +buf. +If buf is NULL, only buf_n will be modified, everything else is +left untouched, allowing a caller to find out how large the buffer +should be. +buf needs to be correctly aligned for the type of the OSSL_PARAM +key. +If <found> is not NULL, it is set to 1 if the parameter can be located and +to 0 otherwise.

    +

    The caller must remember to free the data of to when it's not +useful any more.

    +

    For parameters having the type OSSL_PARAM_INTEGER, +OSSL_PARAM_UNSIGNED_INTEGER, or OSSL_PARAM_OCTET_STRING, both +functions will interpret the value differently if the key starts +with "hex". +In that case, the value is decoded first, and the result will be used +as parameter value.

    +

    +

    +
    +

    RETURN VALUES

    +

    OSSL_PARAM_allocate_from_text() returns 1 on success, and 0 on error.

    +

    +

    +
    +

    NOTES

    +

    The parameter descriptor array comes from functions dedicated to +return them. +The following OSSL_PARAM attributes are used:

    +
    +
    key
    + +
    data
    + +
    data_size
    + +
    +

    All other attributes are ignored.

    +

    The data_size attribute can be zero, meaning that the parameter it +describes expects arbitrary length data.

    +

    +

    +
    +

    EXAMPLES

    +

    Code that looked like this:

    +
    +  int mac_ctrl_string(EVP_PKEY_CTX *ctx, const char *value)
+  {
+      int rv;
+      char *stmp, *vtmp = NULL;
    +
    +      stmp = OPENSSL_strdup(value);
+      if (stmp == NULL)
+          return -1;
+      vtmp = strchr(stmp, ':');
+      if (vtmp != NULL)
+          *vtmp++ = '\0';
+      rv = EVP_MAC_ctrl_str(ctx, stmp, vtmp);
+      OPENSSL_free(stmp);
+      return rv;
+  }
    +
    +  ...
    +
    +  for (i = 0; i < sk_OPENSSL_STRING_num(macopts); i++) {
+      char *macopt = sk_OPENSSL_STRING_value(macopts, i);
    +
    +      if (pkey_ctrl_string(mac_ctx, macopt) <= 0) {
+          BIO_printf(bio_err,
+                     "MAC parameter error \"%s\"\n", macopt);
+          ERR_print_errors(bio_err);
+          goto mac_end;
+      }
+  }
    +

    Can be written like this instead:

    +
    +  OSSL_PARAM *params =
+      OPENSSL_zalloc(sizeof(*params)
+                     * (sk_OPENSSL_STRING_num(opts) + 1));
+  const OSSL_PARAM *paramdefs = EVP_MAC_settable_ctx_params(mac);
+  size_t params_n;
+  char *opt = "<unknown>";
    +
    +  for (params_n = 0; params_n < (size_t)sk_OPENSSL_STRING_num(opts);
+       params_n++) {
+      char *stmp, *vtmp = NULL;
    +
    +      opt = sk_OPENSSL_STRING_value(opts, (int)params_n);
+      if ((stmp = OPENSSL_strdup(opt)) == NULL
+              || (vtmp = strchr(stmp, ':')) == NULL)
+          goto err;
    +
    +      *vtmp++ = '\0';
+      if (!OSSL_PARAM_allocate_from_text(&params[params_n],
+                                         paramdefs, stmp,
+                                         vtmp, strlen(vtmp), NULL))
+          goto err;
+  }
+  params[params_n] = OSSL_PARAM_construct_end();
+  if (!EVP_MAC_CTX_set_params(ctx, params))
+      goto err;
+  while (params_n-- > 0)
+      OPENSSL_free(params[params_n].data);
+  OPENSSL_free(params);
+  /* ... */
+  return;
    +
    + err:
+  BIO_printf(bio_err, "MAC parameter error '%s'\n", opt);
+  ERR_print_errors(bio_err);
    +

    +

    +
    +

    SEE ALSO

    +

    OSSL_PARAM(3), OSSL_PARAM_int(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_PARAM_int.html b/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_PARAM_int.html new file mode 100755 index 0000000..0a5d75e --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_PARAM_int.html @@ -0,0 +1,353 @@ + + + + +OSSL_PARAM_int + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OSSL_PARAM_double, OSSL_PARAM_int, OSSL_PARAM_int32, OSSL_PARAM_int64, +OSSL_PARAM_long, OSSL_PARAM_size_t, OSSL_PARAM_uint, OSSL_PARAM_uint32, +OSSL_PARAM_uint64, OSSL_PARAM_ulong, OSSL_PARAM_BN, OSSL_PARAM_utf8_string, +OSSL_PARAM_octet_string, OSSL_PARAM_utf8_ptr, OSSL_PARAM_octet_ptr, +OSSL_PARAM_END, +OSSL_PARAM_construct_double, OSSL_PARAM_construct_int, +OSSL_PARAM_construct_int32, OSSL_PARAM_construct_int64, +OSSL_PARAM_construct_long, OSSL_PARAM_construct_size_t, +OSSL_PARAM_construct_uint, OSSL_PARAM_construct_uint32, +OSSL_PARAM_construct_uint64, OSSL_PARAM_construct_ulong, +OSSL_PARAM_construct_BN, OSSL_PARAM_construct_utf8_string, +OSSL_PARAM_construct_utf8_ptr, OSSL_PARAM_construct_octet_string, +OSSL_PARAM_construct_octet_ptr, OSSL_PARAM_construct_end, +OSSL_PARAM_locate, OSSL_PARAM_locate_const, +OSSL_PARAM_get_double, OSSL_PARAM_get_int, OSSL_PARAM_get_int32, +OSSL_PARAM_get_int64, OSSL_PARAM_get_long, OSSL_PARAM_get_size_t, +OSSL_PARAM_get_uint, OSSL_PARAM_get_uint32, OSSL_PARAM_get_uint64, +OSSL_PARAM_get_ulong, OSSL_PARAM_get_BN, OSSL_PARAM_get_utf8_string, +OSSL_PARAM_get_octet_string, OSSL_PARAM_get_utf8_ptr, +OSSL_PARAM_get_octet_ptr, +OSSL_PARAM_set_double, OSSL_PARAM_set_int, OSSL_PARAM_set_int32, +OSSL_PARAM_set_int64, OSSL_PARAM_set_long, OSSL_PARAM_set_size_t, +OSSL_PARAM_set_uint, OSSL_PARAM_set_uint32, OSSL_PARAM_set_uint64, +OSSL_PARAM_set_ulong, OSSL_PARAM_set_BN, OSSL_PARAM_set_utf8_string, +OSSL_PARAM_set_octet_string, OSSL_PARAM_set_utf8_ptr, +OSSL_PARAM_set_octet_ptr +- OSSL_PARAM helpers

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/params.h>
    +
    + /*
+  * TYPE in function names is one of:
+  * double, int, int32, int64, long, size_t, uint, uint32, uint64, ulong
+  * Corresponding TYPE in function arguments is one of:
+  * double, int, int32_t, int64_t, long, size_t, unsigned int, uint32_t,
+  * uint64_t, unsigned long
+  */
    +
    + #define OSSL_PARAM_TYPE(key, address)
+ #define OSSL_PARAM_BN(key, address, size)
+ #define OSSL_PARAM_utf8_string(key, address, size)
+ #define OSSL_PARAM_octet_string(key, address, size)
+ #define OSSL_PARAM_utf8_ptr(key, address, size)
+ #define OSSL_PARAM_octet_ptr(key, address, size)
+ #define OSSL_PARAM_END
    +
    + OSSL_PARAM OSSL_PARAM_construct_TYPE(const char *key, TYPE *buf);
+ OSSL_PARAM OSSL_PARAM_construct_BN(const char *key, unsigned char *buf,
+                                    size_t bsize);
+ OSSL_PARAM OSSL_PARAM_construct_utf8_string(const char *key, char *buf,
+                                             size_t bsize);
+ OSSL_PARAM OSSL_PARAM_construct_octet_string(const char *key, void *buf,
+                                              size_t bsize);
+ OSSL_PARAM OSSL_PARAM_construct_utf8_ptr(const char *key, char **buf,
+                                          size_t bsize);
+ OSSL_PARAM OSSL_PARAM_construct_octet_ptr(const char *key, void **buf,
+                                           size_t bsize);
+ OSSL_PARAM OSSL_PARAM_construct_end(void);
    +
    + OSSL_PARAM *OSSL_PARAM_locate(OSSL_PARAM *array, const char *key);
+ const OSSL_PARAM *OSSL_PARAM_locate_const(const OSSL_PARAM *array,
+                                           const char *key);
    +
    + int OSSL_PARAM_get_TYPE(const OSSL_PARAM *p, TYPE *val);
+ int OSSL_PARAM_set_TYPE(OSSL_PARAM *p, TYPE val);
    +
    + int OSSL_PARAM_get_BN(const OSSL_PARAM *p, BIGNUM **val);
+ int OSSL_PARAM_set_BN(OSSL_PARAM *p, const BIGNUM *val);
    +
    + int OSSL_PARAM_get_utf8_string(const OSSL_PARAM *p, char **val,
+                                size_t max_len);
+ int OSSL_PARAM_set_utf8_string(OSSL_PARAM *p, const char *val);
    +
    + int OSSL_PARAM_get_octet_string(const OSSL_PARAM *p, void **val,
+                                 size_t max_len, size_t *used_len);
+ int OSSL_PARAM_set_octet_string(OSSL_PARAM *p, const void *val, size_t len);
    +
    + int OSSL_PARAM_get_utf8_ptr(const OSSL_PARAM *p, const char **val);
+ int OSSL_PARAM_set_utf8_ptr(OSSL_PARAM *p, const char *val);
    +
    + int OSSL_PARAM_get_octet_ptr(const OSSL_PARAM *p, const void **val,
+                              size_t *used_len);
+ int OSSL_PARAM_set_octet_ptr(OSSL_PARAM *p, const void *val,
+                              size_t used_len);
    +

    +

    +
    +

    DESCRIPTION

    +

    A collection of utility functions that simplify and add type safety to the +OSSL_PARAM arrays. The following TYPE names are supported:

    +
      +
    • +

      double

      +
      • +
    • +

      int

      +
      • +
    • +

      int32 (int32_t)

      +
      • +
    • +

      int64 (int64_t)

      +
      • +
    • +

      long int (long)

      +
      • +
    • +

      size_t

      +
      • +
    • +

      uint32 (uint32_t)

      +
      • +
    • +

      uint64 (uint64_t)

      +
      • +
    • +

      unsigned int (uint)

      +
      • +
    • +

      unsigned long int (ulong)

      +
      • +
    +

    OSSL_PARAM_TYPE() are a series of macros designed to assist initialising an +array of OSSL_PARAM structures. +Each of these macros defines a parameter of the specified TYPE with the +provided key and parameter variable address.

    +

    OSSL_PARAM_utf8_string(), OSSL_PARAM_octet_string(), OSSL_PARAM_utf8_ptr(), +OSSL_PARAM_octet_ptr(), OSSL_PARAM_BN() are macros that provide support +for defining UTF8 strings, OCTET strings and big numbers. +A parameter with name key is defined. +The storage for this parameter is at address and is of size bytes.

    +

    OSSL_PARAM_END provides an end of parameter list marker. +This should terminate all OSSL_PARAM arrays.

    +

    OSSL_PARAM_construct_TYPE() are a series of functions that create OSSL_PARAM +records dynamically. +A parameter with name key is created. +The parameter will use storage pointed to by buf and return size of ret.

    +

    OSSL_PARAM_construct_BN() is a function that constructs a large integer +OSSL_PARAM structure. +A parameter with name key, storage buf, size bsize and return +size rsize is created.

    +

    OSSL_PARAM_construct_utf8_string() is a function that constructs a UTF8 +string OSSL_PARAM structure. +A parameter with name key, storage buf and size bsize is created. +If bsize is zero, the string length is determined using strlen(3) + 1 for the +null termination byte. +Generally pass zero for bsize instead of calling strlen(3) yourself.

    +

    OSSL_PARAM_construct_octet_string() is a function that constructs an OCTET +string OSSL_PARAM structure. +A parameter with name key, storage buf and size bsize is created.

    +

    OSSL_PARAM_construct_utf8_ptr() is a function that constructes a UTF string +pointer OSSL_PARAM structure. +A parameter with name key, storage pointer *buf and size bsize +is created.

    +

    OSSL_PARAM_construct_octet_ptr() is a function that constructes an OCTET string +pointer OSSL_PARAM structure. +A parameter with name key, storage pointer *buf and size bsize +is created.

    +

    OSSL_PARAM_construct_end() is a function that constructs the terminating +OSSL_PARAM structure.

    +

    OSSL_PARAM_locate() is a function that searches an array of parameters for +the one matching the key name.

    +

    OSSL_PARAM_locate_const() behaves exactly like OSSL_PARAM_locate() except for +the presence of const for the array argument and its return value.

    +

    OSSL_PARAM_get_TYPE() retrieves a value of type TYPE from the parameter p. +The value is copied to the address val. +Type coercion takes place as discussed in the NOTES section.

    +

    OSSL_PARAM_set_TYPE() stores a value val of type TYPE into the parameter +p. +If the parameter's data field is NULL, then only its return_size field +will be assigned the size the parameter's data buffer should have. +Type coercion takes place as discussed in the NOTES section.

    +

    OSSL_PARAM_get_BN() retrieves a BIGNUM from the parameter pointed to by p. +The BIGNUM referenced by val is updated and is allocated if *val is +NULL.

    +

    OSSL_PARAM_set_BN() stores the BIGNUM val into the parameter p. +If the parameter's data field is NULL, then only its return_size field +will be assigned the size the parameter's data buffer should have.

    +

    OSSL_PARAM_get_utf8_string() retrieves a UTF8 string from the parameter +pointed to by p. +The string is either stored into *val with a length limit of max_len or, +in the case when *val is NULL, memory is allocated for the string and +max_len is ignored. +If memory is allocated by this function, it must be freed by the caller.

    +

    OSSL_PARAM_set_utf8_string() sets a UTF8 string from the parameter pointed to +by p to the value referenced by val. +If the parameter's data field is NULL, then only its return_size field +will be assigned the size the parameter's data buffer should have.

    +

    OSSL_PARAM_get_octet_string() retrieves an OCTET string from the parameter +pointed to by p. +The OCTETs are either stored into *val with a length limit of max_len or, +in the case when *val is NULL, memory is allocated and +max_len is ignored. +If memory is allocated by this function, it must be freed by the caller.

    +

    OSSL_PARAM_set_octet_string() sets an OCTET string from the parameter +pointed to by p to the value referenced by val. +If the parameter's data field is NULL, then only its return_size field +will be assigned the size the parameter's data buffer should have.

    +

    OSSL_PARAM_get_utf8_ptr() retrieves the UTF8 string pointer from the parameter +referenced by p and stores it in *val.

    +

    OSSL_PARAM_set_utf8_ptr() sets the UTF8 string pointer in the parameter +referenced by p to the values val.

    +

    OSSL_PARAM_get_octet_ptr() retrieves the OCTET string pointer from the parameter +referenced by p and stores it in *val. +The length of the OCTET string is stored in *used_len.

    +

    OSSL_PARAM_set_octet_ptr() sets the OCTET string pointer in the parameter +referenced by p to the values val. +The length of the OCTET string is provided by used_len.

    +

    +

    +
    +

    RETURN VALUES

    +

    OSSL_PARAM_construct_TYPE(), OSSL_PARAM_construct_BN(), +OSSL_PARAM_construct_utf8_string(), OSSL_PARAM_construct_octet_string(), +OSSL_PARAM_construct_utf8_ptr() and OSSL_PARAM_construct_octet_ptr() +return a populated OSSL_PARAM structure.

    +

    OSSL_PARAM_locate() and OSSL_PARAM_locate_const() return a pointer to +the matching OSSL_PARAM object. They return NULL on error or when +no object matching key exists in the array.

    +

    All other functions return 1 on success and 0 on failure.

    +

    +

    +
    +

    NOTES

    +

    Native types will be converted as required only if the value is exactly +representable by the target type or parameter. +Apart from that, the functions must be used appropriately for the +expected type of the parameter.

    +

    For OSSL_PARAM_construct_utf8_ptr() and OSSL_PARAM_consstruct_octet_ptr(), +bsize is not relevant if the purpose is to send the OSSL_PARAM array +to a responder, i.e. to get parameter data back. +In that case, bsize can safely be given zero. +See OSSL_PARAM(3)/DESCRIPTION for further information on the +possible purposes.

    +

    +

    +
    +

    EXAMPLES

    +

    Reusing the examples from OSSL_PARAM(3) to just show how +OSSL_PARAM arrays can be handled using the macros and functions +defined herein.

    +

    +

    +

    Example 1

    +

    This example is for setting parameters on some object:

    +
    +    #include <openssl/core.h>
    +
    +    const char *foo = "some string";
+    size_t foo_l = strlen(foo) + 1;
+    const char bar[] = "some other string";
+    const OSSL_PARAM set[] = {
+        OSSL_PARAM_utf8_ptr("foo", foo, foo_l),
+        OSSL_PARAM_utf8_string("bar", bar, sizeof(bar)),
+        OSSL_PARAM_END
+    };
    +

    +

    +

    Example 2

    +

    This example is for requesting parameters on some object, and also +demonstrates that the requestor isn't obligated to request all +available parameters:

    +
    +    const char *foo = NULL;
+    char bar[1024];
+    OSSL_PARAM request[] = {
+        OSSL_PARAM_utf8_ptr("foo", foo, 0),
+        OSSL_PARAM_utf8_string("bar", bar, sizeof(bar)),
+        OSSL_PARAM_END
+    };
    +

    A responder that receives this array (as params in this example) +could fill in the parameters like this:

    +
    +    /* OSSL_PARAM *params */
    +
    +    OSSL_PARAM *p;
    +
    +    if ((p = OSSL_PARAM_locate(params, "foo")) == NULL)
+        OSSL_PARAM_set_utf8_ptr(p, "foo value");
+    if ((p = OSSL_PARAM_locate(params, "bar")) == NULL)
+        OSSL_PARAM_set_utf8_ptr(p, "bar value");
+    if ((p = OSSL_PARAM_locate(params, "cookie")) == NULL)
+        OSSL_PARAM_set_utf8_ptr(p, "cookie value");
    +

    +

    +
    +

    SEE ALSO

    +

    openssl-core.h(7), OSSL_PARAM(3)

    +

    +

    +
    +

    HISTORY

    +

    These APIs were introduced in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_PROVIDER.html b/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_PROVIDER.html new file mode 100755 index 0000000..3b6082b --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_PROVIDER.html @@ -0,0 +1,158 @@ + + + + +OSSL_PROVIDER + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OSSL_PROVIDER, OSSL_PROVIDER_load, OSSL_PROVIDER_unload, +OSSL_PROVIDER_available, +OSSL_PROVIDER_gettable_params, OSSL_PROVIDER_get_params, +OSSL_PROVIDER_add_builtin, OSSL_PROVIDER_name - provider routines

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/provider.h>
    +
    + typedef struct ossl_provider_st OSSL_PROVIDER;
    +
    + OSSL_PROVIDER *OSSL_PROVIDER_load(OPENSSL_CTX *libctx, const char *name);
+ int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov);
+ int OSSL_PROVIDER_available(OPENSSL_CTX *libctx, const char *name);
    +
    + const OSSL_PARAM *OSSL_PROVIDER_gettable_params(OSSL_PROVIDER *prov);
+ int OSSL_PROVIDER_get_params(OSSL_PROVIDER *prov, OSSL_PARAM params[]);
    +
    + int OSSL_PROVIDER_add_builtin(OPENSSL_CTX *libctx, const char *name,
+                               ossl_provider_init_fn *init_fn);
    +
    + const char *OSSL_PROVIDER_name(const OSSL_PROVIDER *prov);
    +

    +

    +
    +

    DESCRIPTION

    +

    OSSL_PROVIDER is a type that holds internal information about +implementation providers (see provider(7) for information on what a +provider is). +A provider can be built in to the application or the OpenSSL +libraries, or can be a loadable module. +The functions described here handle both forms.

    +

    Some of these functions operate within a library context, please see +OPENSSL_CTX(3) for further details.

    +

    +

    +

    Functions

    +

    OSSL_PROVIDER_add_builtin() is used to add a built in provider to +OSSL_PROVIDER store in the given library context, by associating a +provider name with a provider initialization function. +This name can then be used with OSSL_PROVIDER_load().

    +

    OSSL_PROVIDER_load() loads and initializes a provider. +This may simply initialize a provider that was previously added with +OSSL_PROVIDER_add_builtin() and run its given initialization function, +or load a provider module with the given name and run its provider +entry point, OSSL_provider_init.

    +

    OSSL_PROVIDER_unload() unloads the given provider. +For a provider added with OSSL_PROVIDER_add_builtin(), this simply +runs its teardown function.

    +

    OSSL_PROVIDER_available() checks if a named provider is available +for use.

    +

    OSSL_PROVIDER_gettable_params() is used to get a provider parameter +descriptor set as a constant OSSL_PARAM array. +See OSSL_PARAM(3) for more information.

    +

    OSSL_PROVIDER_get_params() is used to get provider parameter values. +The caller must prepare the OSSL_PARAM array before calling this +function, and the variables acting as buffers for this parameter array +should be filled with data when it returns successfully.

    +

    OSSL_PROVIDER_name() returns the name of the given provider.

    +

    +

    +
    +

    RETURN VALUES

    +

    OSSL_PROVIDER_add() returns 1 on success, or 0 on error.

    +

    OSSL_PROVIDER_load() returns a pointer to a provider object on +success, or NULL on error.

    +

    OSSL_PROVIDER_unload() returns 1 on success, or 0 on error.

    +

    OSSL_PROVIDER_available() returns 1 if the named provider is available, +otherwise 0.

    +

    OSSL_PROVIDER_gettable_params() returns a pointer to an array +of constant OSSL_PARAM, or NULL if none is provided.

    +

    OSSL_PROVIDER_get_params() returns 1 on success, or 0 on error.

    +

    +

    +
    +

    EXAMPLES

    +

    This demonstrates how to load the provider module "foo" and ask for +its build number.

    +
    + OSSL_PROVIDER *prov = NULL;
+ const char *build = NULL;
+ size_t built_l = 0;
+ OSSL_PARAM request[] = {
+     { "build", OSSL_PARAM_UTF8_STRING_PTR, &build, 0, &build_l },
+     { NULL, 0, NULL, 0, NULL }
+ };
    +
    + if ((prov = OSSL_PROVIDER_load(NULL, "foo")) != NULL
+     && OSSL_PROVIDER_get_params(prov, request))
+     printf("Provider 'foo' build %s\n", build);
+ else
+     ERR_print_errors_fp(stderr);
    +

    +

    +
    +

    SEE ALSO

    +

    openssl-core.h(7), OPENSSL_CTX(3), provider(7)

    +

    +

    +
    +

    HISTORY

    +

    The type and functions described here were added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_SELF_TEST_set_callback.html b/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_SELF_TEST_set_callback.html new file mode 100755 index 0000000..23c4aee --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_SELF_TEST_set_callback.html @@ -0,0 +1,89 @@ + + + + +OSSL_SELF_TEST_set_callback + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OSSL_SELF_TEST_set_callback, +OSSL_SELF_TEST_get_callback - specify a callback for processing self tests

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/self_test.h>
    +
    + void OSSL_SELF_TEST_set_callback(OPENSSL_CTX *ctx, OSSL_CALLBACK *cb, void *cbarg);
+ void OSSL_SELF_TEST_get_callback(OPENSSL_CTX *ctx, OSSL_CALLBACK **cb, void **cbarg);
    +

    +

    +
    +

    DESCRIPTION

    +

    Set or gets the optional application callback (and the callback argument) that +is called during self testing. +The application callback OSSL_CALLBACK is associated with a OPENSSL_CTX. +The application callback function receives information about a running self test, +and may return a result to the calling self test. +See openssl-core.h(7) for further information on the callback.

    +

    +

    +
    +

    RETURN VALUES

    +

    OSSL_SELF_TEST_get_callback() returns the callback and callback argument that +has been set via OSSL_SELF_TEST_set_callback() for the given library context ctx. +These returned parameters will be NULL if OSSL_SELF_TEST_set_callback() has +not been called.

    +

    +

    +
    +

    SEE ALSO

    +

    openssl-core.h(7), +OSSL_PROVIDER-FIPS(7) +OPENSSL_CTX(3)

    +

    +

    +
    +

    HISTORY

    +

    The functions described here were added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_SERIALIZER.html b/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_SERIALIZER.html new file mode 100755 index 0000000..c25ed73 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_SERIALIZER.html @@ -0,0 +1,153 @@ + + + + +OSSL_SERIALIZER + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OSSL_SERIALIZER, +OSSL_SERIALIZER_fetch, +OSSL_SERIALIZER_up_ref, +OSSL_SERIALIZER_free, +OSSL_SERIALIZER_provider, +OSSL_SERIALIZER_properties, +OSSL_SERIALIZER_is_a, +OSSL_SERIALIZER_number, +OSSL_SERIALIZER_do_all_provided, +OSSL_SERIALIZER_names_do_all +- Serializer method routines

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/serializer.h>
    +
    + typedef struct ossl_serializer_st OSSL_SERIALIZER;
    +
    + OSSL_SERIALIZER *OSSL_SERIALIZER_fetch(OPENSSL_CTX *ctx, const char *name,
+                                        const char *properties);
+ int OSSL_SERIALIZER_up_ref(OSSL_SERIALIZER *serializer);
+ void OSSL_SERIALIZER_free(OSSL_SERIALIZER *serializer);
+ const OSSL_PROVIDER *OSSL_SERIALIZER_provider(const OSSL_SERIALIZER
+                                               *serializer);
+ const char *OSSL_SERIALIZER_properties(const OSSL_SERIALIZER *ser);
+ int OSSL_SERIALIZER_is_a(const OSSL_SERIALIZER *serializer,
+                          const char *name);
+ int OSSL_SERIALIZER_number(const OSSL_SERIALIZER *serializer);
+ void OSSL_SERIALIZER_do_all_provided(OPENSSL_CTX *libctx,
+                                      void (*fn)(OSSL_SERIALIZER *serializer,
+                                                 void *arg),
+                                      void *arg);
+ void OSSL_SERIALIZER_names_do_all(const OSSL_SERIALIZER *serializer,
+                                   void (*fn)(const char *name, void *data),
+                                   void *data);
    +

    +

    +
    +

    DESCRIPTION

    +

    OSSL_SERIALIZER is a method for serializers, which know how to +serialize an object of some kind to a serialized form, such as PEM, +DER, or even human readable text.

    +

    OSSL_SERIALIZER_fetch() looks for an algorithm within the provider that +has been loaded into the OPENSSL_CTX given by ctx, having the +name given by name and the properties given by properties. +The name determines what type of object the fetched serializer +method is expected to be able to serialize, and the properties are +used to determine the expected output type. +For known properties and the values they may have, please have a look +in provider-serializer(7)/Names and properties.

    +

    OSSL_SERIALIZER_up_ref() increments the reference count for the given +serializer.

    +

    OSSL_SERIALIZER_free() decrements the reference count for the given +serializer, and when the count reaches zero, frees it.

    +

    OSSL_SERIALIZER_provider() returns the provider of the given +serializer.

    +

    OSSL_SERIALIZER_provider() returns the property definition associated +with the given serializer.

    +

    OSSL_SERIALIZER_is_a() checks if serializer is an implementation of an +algorithm that's identifiable with name.

    +

    OSSL_SERIALIZER_number() returns the internal dynamic number assigned to +the given serializer.

    +

    OSSL_SERIALIZER_names_do_all() traverses all names for the given +serializer, and calls fn with each name and data.

    +

    OSSL_SERIALIZER_do_all_provided() traverses all serializer +implementations by all activated providers in the library context +libctx, and for each of the implementations, calls fn with the +implementation method and data as arguments.

    +

    +

    +
    +

    NOTES

    +

    OSSL_SERIALIZER_fetch() may be called implicitly by other fetching +functions, using the same library context and properties. +Any other API that uses keys will typically do this.

    +

    +

    +
    +

    RETURN VALUES

    +

    OSSL_SERIALIZER_fetch() returns a pointer to the key management +implementation represented by an OSSL_SERIALIZER object, or NULL on +error.

    +

    OSSL_SERIALIZER_up_ref() returns 1 on success, or 0 on error.

    +

    OSSL_SERIALIZER_free() doesn't return any value.

    +

    OSSL_SERIALIZER_provider() returns a pointer to a provider object, or +NULL on error.

    +

    OSSL_SERIALIZER_properties() returns a pointer to a property +definition string, or NULL on error.

    +

    OSSL_SERIALIZER_is_a() returns 1 of serializer was identifiable, +otherwise 0.

    +

    OSSL_SERIALIZER_number() returns an integer.

    +

    +

    +
    +

    SEE ALSO

    +

    provider(7), OSSL_SERIALIZER_CTX(3), OSSL_SERIALIZER_to_bio(3), +OSSL_SERIALIZER_CTX_new_by_EVP_PKEY(3), OPENSSL_CTX(3)

    +

    +

    +
    +

    HISTORY

    +

    The functions described here were added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_SERIALIZER_CTX.html b/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_SERIALIZER_CTX.html new file mode 100755 index 0000000..54141c6 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_SERIALIZER_CTX.html @@ -0,0 +1,117 @@ + + + + +OSSL_SERIALIZER_CTX + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OSSL_SERIALIZER_CTX, +OSSL_SERIALIZER_CTX_new, +OSSL_SERIALIZER_CTX_get_serializer, +OSSL_SERIALIZER_settable_ctx_params, +OSSL_SERIALIZER_CTX_set_params, +OSSL_SERIALIZER_CTX_free +- Serializer context routines

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/serializer.h>
    +
    + typedef struct ossl_serializer_ctx_st OSSL_SERIALIZER_CTX;
    +
    + OSSL_SERIALIZER_CTX *OSSL_SERIALIZER_CTX_new(OSSL_SERIALIZER *ser);
+ const OSSL_SERIALIZER *
+ OSSL_SERIALIZER_CTX_get_serializer(OSSL_SERIALIZER_CTX *ctx);
+ const OSSL_PARAM *OSSL_SERIALIZER_settable_ctx_params(OSSL_SERIALIZER *ser);
+ int OSSL_SERIALIZER_CTX_set_params(OSSL_SERIALIZER_CTX *ctx,
+                                    const OSSL_PARAM params[]);
+ void OSSL_SERIALIZER_CTX_free(OSSL_SERIALIZER_CTX *ctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    OSSL_SERIALIZER_CTX is a context with which OSSL_SERIALIZER +operations are performed. The context typically holds values, both +internal and supplied by the application, which are useful for the +implementations supplied by providers.

    +

    OSSL_SERIALIZER_CTX_new() creates a OSSL_SERIALIZER_CTX associated +with the serializer ser. NULL is a valid ser, the context will +be created anyway, it's just not very useful. This is intentional, to +distinguish between errors in allocating the context or assigning it +values on one hand, and the lack of serializer support on the other.

    +

    OSSL_SERIALIZER_CTX_get_serializer() gets the serializer method +currently associated with the context ctx.

    +

    OSSL_SERIALIZER_settable_ctx_params() returns an OSSL_PARAM(3) +array of parameter descriptors.

    +

    OSSL_SERIALIZER_CTX_set_params() attempts to set parameters specified +with an OSSL_PARAM(3) array params. Parameters that the +implementation doesn't recognise should be ignored.

    +

    OSSL_SERIALIZER_CTX_free() frees the given context ctx.

    +

    +

    +
    +

    RETURN VALUES

    +

    OSSL_SERIALIZER_CTX_new() returns a pointer to a +OSSL_SERIALIZER_CTX, or NULL if the context structure couldn't be +allocated.

    +

    OSSL_SERIALIZER_CTX_get_serializer() returns a pointer to the +serializer method associated with ctx. NULL is a valid return +value and signifies that there is no associated serializer method.

    +

    OSSL_SERIALIZER_settable_ctx_params() returns an OSSL_PARAM(3) +array, or NULL if none is available.

    +

    OSSL_SERIALIZER_CTX_set_params() returns 1 if all recognised +parameters were valid, or 0 if one of them was invalid or caused some +other failure in the implementation.

    +

    +

    +
    +

    SEE ALSO

    +

    provider(7), OSSL_SERIALIZER(3)

    +

    +

    +
    +

    HISTORY

    +

    The functions described here were added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.html b/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.html new file mode 100755 index 0000000..608f34b --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.html @@ -0,0 +1,174 @@ + + + + +OSSL_SERIALIZER_CTX_new_by_EVP_PKEY + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OSSL_SERIALIZER_CTX_new_by_EVP_PKEY, +OSSL_SERIALIZER_CTX_set_cipher, +OSSL_SERIALIZER_CTX_set_passphrase, +OSSL_SERIALIZER_CTX_set_passphrase_cb, +OSSL_SERIALIZER_CTX_set_passphrase_ui, +OSSL_SERIALIZER_PUBKEY_TO_PEM_PQ, +OSSL_SERIALIZER_PrivateKey_TO_PEM_PQ, +OSSL_SERIALIZER_Parameters_TO_PEM_PQ, +OSSL_SERIALIZER_PUBKEY_TO_DER_PQ, +OSSL_SERIALIZER_PrivateKey_TO_DER_PQ, +OSSL_SERIALIZER_Parameters_TO_DER_PQ, +OSSL_SERIALIZER_PUBKEY_TO_TEXT_PQ, +OSSL_SERIALIZER_PrivateKey_TO_TEXT_PQ, +OSSL_SERIALIZER_Parameters_TO_TEXT_PQ +- Serializer routines to serialize EVP_PKEYs

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/serializer.h>
    +
    + OSSL_SERIALIZER_CTX *OSSL_SERIALIZER_CTX_new_by_EVP_PKEY(const EVP_PKEY *pkey,
+                                                          const char *propquery);
    +
    + int OSSL_SERIALIZER_CTX_set_cipher(OSSL_SERIALIZER_CTX *ctx,
+                                    const char *cipher_name,
+                                    const char *propquery);
+ int OSSL_SERIALIZER_CTX_set_passphrase(OSSL_SERIALIZER_CTX *ctx,
+                                        const unsigned char *kstr,
+                                        size_t klen);
+ int OSSL_SERIALIZER_CTX_set_passphrase_cb(OSSL_SERIALIZER_CTX *ctx, int enc,
+                                           pem_password_cb *cb, void *cbarg);
+ int OSSL_SERIALIZER_CTX_set_passphrase_ui(OSSL_SERIALIZER_CTX *ctx,
+                                           const UI_METHOD *ui_method,
+                                           void *ui_data);
    +
    + #define OSSL_SERIALIZER_PUBKEY_TO_PEM_PQ "format=pem,type=public"
+ #define OSSL_SERIALIZER_PrivateKey_TO_PEM_PQ "format=pem,type=private"
+ #define OSSL_SERIALIZER_Parameters_TO_PEM_PQ "format=pem,type=parameters"
    +
    + #define OSSL_SERIALIZER_PUBKEY_TO_DER_PQ "format=der,type=public"
+ #define OSSL_SERIALIZER_PrivateKey_TO_DER_PQ "format=der,type=private"
+ #define OSSL_SERIALIZER_Parameters_TO_DER_PQ "format=der,type=parameters"
    +
    + #define OSSL_SERIALIZER_PUBKEY_TO_TEXT_PQ "format=text,type=public"
+ #define OSSL_SERIALIZER_PrivateKey_TO_TEXT_PQ "format=text,type=private"
+ #define OSSL_SERIALIZER_Parameters_TO_TEXT_PQ "format=text,type=parameters"
    +

    +

    +
    +

    DESCRIPTION

    +

    OSSL_SERIALIZER_CTX_new_by_EVP_PKEY() creates a OSSL_SERIALIZER_CTX +with a suitable attached output routine for EVP_PKEYs. It will +search for a serializer implementation that matches the algorithm of +the EVP_PKEY and the property query given with propquery. It +will prefer to find a serializer from the same provider as the key +data of the EVP_PKEY itself, but failing that, it will choose the +first serializer that supplies a generic serializing function.

    +

    If no suitable serializer was found, OSSL_SERIALIZER_CTX_new_by_EVP_PKEY() +still creates a OSSL_SERIALIZER_CTX, but with no associated +serializer (OSSL_SERIALIZER_CTX_get_serializer(3) returns NULL). +This helps the caller distinguish between an error when creating +the OSSL_SERIALIZER_CTX, and the lack the serializer support and +act accordingly.

    +

    OSSL_SERIALIZER_CTX_set_cipher() tells the implementation what cipher +should be used to encrypt serialized keys. The cipher is given by +name cipher_name. The interpretation of that cipher_name is +implementation dependent. The implementation may implement the digest +directly itself or by other implementations, or it may choose to fetch +it. If the implementation supports fetching the cipher, then it may +use propquery as properties to be queried for when fetching. +cipher_name may also be NULL, which will result in unencrypted +serialization.

    +

    OSSL_SERIALIZER_CTX_set_passphrase() gives the implementation a +pass phrase to use when encrypting the serialized private key. +Alternatively, a pass phrase callback may be specified with the +following functions.

    +

    OSSL_SERIALIZER_CTX_set_passphrase_cb() and +OSSL_SERIALIZER_CTX_set_passphrase_ui() sets up a callback method that +the implementation can use to prompt for a pass phrase.

    +

    The macros OSSL_SERIALIZER_PUBKEY_TO_PEM_PQ, +OSSL_SERIALIZER_PrivateKey_TO_PEM_PQ, +OSSL_SERIALIZER_Parameters_TO_PEM_PQ, +OSSL_SERIALIZER_PUBKEY_TO_DER_PQ, +OSSL_SERIALIZER_PrivateKey_TO_DER_PQ, +OSSL_SERIALIZER_Parameters_TO_DER_PQ, +OSSL_SERIALIZER_PUBKEY_TO_TEXT_PQ, +OSSL_SERIALIZER_PrivateKey_TO_TEXT_PQ, +OSSL_SERIALIZER_Parameters_TO_TEXT_PQ are convenience macros with +property queries to serialize the EVP_PKEY as a public key, private +key or parameters to PEM, to DER, or to text.

    +

    +

    +
    +

    RETURN VALUES

    +

    OSSL_SERIALIZER_CTX_new_by_EVP_PKEY() returns a pointer to a +OSSL_SERIALIZER_CTX, or NULL if it couldn't be created.

    +

    OSSL_SERIALIZER_CTX_set_cipher(), +OSSL_SERIALIZER_CTX_set_passphrase(), +OSSL_SERIALIZER_CTX_set_passphrase_cb(), and +OSSL_SERIALIZER_CTX_set_passphrase_ui() all return 1 on success, or 0 +on failure.

    +

    +

    +
    +

    NOTES

    +

    Parts of the function and macro names are made to match already +existing OpenSSL names.

    +

    EVP_PKEY in OSSL_SERIALIZER_CTX_new_by_EVP_PKEY() matches the type +name, thus making for the naming pattern +OSSL_SERIALIZER_CTX_new_by_TYPE() when new types are handled.

    +

    PUBKEY, PrivateKey and Parameters in the macro names match +the TYPE part of of PEM_write_bio_TYPE functions as well +as i2d_TYPE_bio functions.

    +

    +

    +
    +

    SEE ALSO

    +

    provider(7), OSSL_SERIALIZER(3), OSSL_SERIALIZER_CTX(3)

    +

    +

    +
    +

    HISTORY

    +

    The functions described here were added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_SERIALIZER_to_bio.html b/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_SERIALIZER_to_bio.html new file mode 100755 index 0000000..75870a9 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_SERIALIZER_to_bio.html @@ -0,0 +1,92 @@ + + + + +OSSL_SERIALIZER_to_bio + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OSSL_SERIALIZER_to_bio, +OSSL_SERIALIZER_to_fp +- Serializer file output routines

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/serializer.h>
    +
    + int OSSL_SERIALIZER_to_bio(OSSL_SERIALIZER_CTX *ctx, BIO *out);
+ int OSSL_SERIALIZER_to_fp(OSSL_SERIALIZER_CTX *ctx, FILE *fp);
    +

    Feature availability macros:

    +
    +
    OSSL_SERIALIZER_to_fp() is only available when OPENSSL_NO_STDIO +is undefined.
    + +
    +

    +

    +
    +

    DESCRIPTION

    +

    OSSL_SERIALIZER_to_bio() runs the serialization process for the +context ctx, with the output going to the BIO out. The +application is required to set up the BIO properly, for example to +have it in text or binary mode if that's appropriate.

    +

    OSSL_SERIALIZER_to_fp() does the same thing as OSSL_SERIALIZER_to_bio(), +except that the output is going to the FILE fp.

    +

    +

    +
    +

    RETURN VALUES

    +

    OSSL_SERIALIZER_to_bio() and OSSL_SERIALIZER_to_fp() return 1 on +success, or 0 on failure.

    +

    +

    +
    +

    SEE ALSO

    +

    provider(7), OSSL_SERIALIZER_CTX(3)

    +

    +

    +
    +

    HISTORY

    +

    The functions described here were added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_STORE_INFO.html b/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_STORE_INFO.html new file mode 100755 index 0000000..5929cbe --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_STORE_INFO.html @@ -0,0 +1,242 @@ + + + + +OSSL_STORE_INFO + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OSSL_STORE_INFO, OSSL_STORE_INFO_get_type, OSSL_STORE_INFO_get0_NAME, +OSSL_STORE_INFO_get0_NAME_description, OSSL_STORE_INFO_get0_PARAMS, +OSSL_STORE_INFO_get0_PKEY, OSSL_STORE_INFO_get0_CERT, OSSL_STORE_INFO_get0_CRL, +OSSL_STORE_INFO_get1_NAME, OSSL_STORE_INFO_get1_NAME_description, +OSSL_STORE_INFO_get1_PARAMS, OSSL_STORE_INFO_get1_PKEY, +OSSL_STORE_INFO_get1_CERT, +OSSL_STORE_INFO_get1_CRL, OSSL_STORE_INFO_type_string, OSSL_STORE_INFO_free, +OSSL_STORE_INFO_new_NAME, OSSL_STORE_INFO_set0_NAME_description, +OSSL_STORE_INFO_new_PARAMS, OSSL_STORE_INFO_new_PKEY, OSSL_STORE_INFO_new_CERT, +OSSL_STORE_INFO_new_CRL - Functions to manipulate OSSL_STORE_INFO objects

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/store.h>
    +
    + typedef struct ossl_store_info_st OSSL_STORE_INFO;
    +
    + int OSSL_STORE_INFO_get_type(const OSSL_STORE_INFO *store_info);
+ const char *OSSL_STORE_INFO_get0_NAME(const OSSL_STORE_INFO *store_info);
+ char *OSSL_STORE_INFO_get1_NAME(const OSSL_STORE_INFO *store_info);
+ const char *OSSL_STORE_INFO_get0_NAME_description(const OSSL_STORE_INFO
+                                                   *store_info);
+ char *OSSL_STORE_INFO_get1_NAME_description(const OSSL_STORE_INFO *store_info);
+ EVP_PKEY *OSSL_STORE_INFO_get0_PARAMS(const OSSL_STORE_INFO *store_info);
+ EVP_PKEY *OSSL_STORE_INFO_get1_PARAMS(const OSSL_STORE_INFO *store_info);
+ EVP_PKEY *OSSL_STORE_INFO_get0_PKEY(const OSSL_STORE_INFO *store_info);
+ EVP_PKEY *OSSL_STORE_INFO_get1_PKEY(const OSSL_STORE_INFO *store_info);
+ X509 *OSSL_STORE_INFO_get0_CERT(const OSSL_STORE_INFO *store_info);
+ X509 *OSSL_STORE_INFO_get1_CERT(const OSSL_STORE_INFO *store_info);
+ X509_CRL *OSSL_STORE_INFO_get0_CRL(const OSSL_STORE_INFO *store_info);
+ X509_CRL *OSSL_STORE_INFO_get1_CRL(const OSSL_STORE_INFO *store_info);
    +
    + const char *OSSL_STORE_INFO_type_string(int type);
    +
    + void OSSL_STORE_INFO_free(OSSL_STORE_INFO *store_info);
    +
    + OSSL_STORE_INFO *OSSL_STORE_INFO_new_NAME(char *name);
+ int OSSL_STORE_INFO_set0_NAME_description(OSSL_STORE_INFO *info, char *desc);
+ OSSL_STORE_INFO *OSSL_STORE_INFO_new_PARAMS(DSA *dsa_params);
+ OSSL_STORE_INFO *OSSL_STORE_INFO_new_PKEY(EVP_PKEY *pkey);
+ OSSL_STORE_INFO *OSSL_STORE_INFO_new_CERT(X509 *x509);
+ OSSL_STORE_INFO *OSSL_STORE_INFO_new_CRL(X509_CRL *crl);
    +

    +

    +
    +

    DESCRIPTION

    +

    These functions are primarily useful for applications to retrieve +supported objects from OSSL_STORE_INFO objects and for scheme specific +loaders to create OSSL_STORE_INFO holders.

    +

    +

    +

    Types

    +

    OSSL_STORE_INFO is an opaque type that's just an intermediary holder for +the objects that have been retrieved by OSSL_STORE_load() and similar +functions. +Supported OpenSSL type object can be extracted using one of +STORE_INFO_get0_TYPE(). +The life time of this extracted object is as long as the life time of +the OSSL_STORE_INFO it was extracted from, so care should be taken not +to free the latter too early. +As an alternative, STORE_INFO_get1_TYPE() extracts a duplicate (or the +same object with its reference count increased), which can be used +after the containing OSSL_STORE_INFO has been freed. +The object returned by STORE_INFO_get1_TYPE() must be freed separately +by the caller. +See SUPPORTED OBJECTS for more information on the types that are +supported.

    +

    +

    +

    Functions

    +

    OSSL_STORE_INFO_get_type() takes a OSSL_STORE_INFO and returns the STORE +type number for the object inside. +STORE_INFO_get_type_string() takes a STORE type number and returns a +short string describing it.

    +

    OSSL_STORE_INFO_get0_NAME(), OSSL_STORE_INFO_get0_NAME_description(), +OSSL_STORE_INFO_get0_PARAMS(), OSSL_STORE_INFO_get0_PKEY(), +OSSL_STORE_INFO_get0_CERT() and OSSL_STORE_INFO_get0_CRL() all take a +OSSL_STORE_INFO and return the held object of the appropriate OpenSSL +type provided that's what's held.

    +

    OSSL_STORE_INFO_get1_NAME(), OSSL_STORE_INFO_get1_NAME_description(), +OSSL_STORE_INFO_get1_PARAMS(), OSSL_STORE_INFO_get1_PKEY(), +OSSL_STORE_INFO_get1_CERT() and OSSL_STORE_INFO_get1_CRL() all take a +OSSL_STORE_INFO and return a duplicate of the held object of the +appropriate OpenSSL type provided that's what's held.

    +

    OSSL_STORE_INFO_free() frees a OSSL_STORE_INFO and its contained type.

    +

    OSSL_STORE_INFO_new_NAME() , OSSL_STORE_INFO_new_PARAMS(), +OSSL_STORE_INFO_new_PKEY(), OSSL_STORE_INFO_new_CERT() and +OSSL_STORE_INFO_new_CRL() create a OSSL_STORE_INFO +object to hold the given input object. +Additionally, for OSSL_STORE_INFO_NAME` objects, +OSSL_STORE_INFO_set0_NAME_description() can be used to add an extra +description. +This description is meant to be human readable and should be used for +information printout.

    +

    +

    +
    +

    SUPPORTED OBJECTS

    +

    Currently supported object types are:

    +
    +
    OSSL_STORE_INFO_NAME
    + +
    +

    A name is exactly that, a name. +It's like a name in a directory, but formatted as a complete URI. +For example, the path in URI file:/foo/bar/ could include a file +named cookie.pem, and in that case, the returned OSSL_STORE_INFO_NAME +object would have the URI file:/foo/bar/cookie.pem, which can be +used by the application to get the objects in that file. +This can be applied to all schemes that can somehow support a listing +of object URIs.

    +

    For file: URIs that are used without the explicit scheme, the +returned name will be the path of each object, so if /foo/bar was +given and that path has the file cookie.pem, the name +/foo/bar/cookie.pem will be returned.

    +

    The returned URI is considered canonical and must be unique and permanent +for the storage where the object (or collection of objects) resides. +Each loader is responsible for ensuring that it only returns canonical +URIs. +However, it's possible that certain schemes allow an object (or collection +thereof) to be reached with alternative URIs; just because one URI is +canonical doesn't mean that other variants can't be used.

    +

    At the discretion of the loader that was used to get these names, an +extra description may be attached as well.

    +
    +
    OSSL_STORE_INFO_PARAMS
    + +
    +

    Key parameters.

    +
    +
    OSSL_STORE_INFO_PKEY
    + +
    +

    A private/public key of some sort.

    +
    +
    OSSL_STORE_INFO_CERT
    + +
    +

    An X.509 certificate.

    +
    +
    OSSL_STORE_INFO_CRL
    + +
    +

    A X.509 certificate revocation list.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    OSSL_STORE_INFO_get_type() returns the STORE type number of the given +OSSL_STORE_INFO. +There is no error value.

    +

    OSSL_STORE_INFO_get0_NAME(), OSSL_STORE_INFO_get0_NAME_description(), +OSSL_STORE_INFO_get0_PARAMS(), OSSL_STORE_INFO_get0_PKEY(), +OSSL_STORE_INFO_get0_CERT() and OSSL_STORE_INFO_get0_CRL() all return +a pointer to the OpenSSL object on success, NULL otherwise.

    +

    OSSL_STORE_INFO_get0_NAME(), OSSL_STORE_INFO_get0_NAME_description(), +OSSL_STORE_INFO_get0_PARAMS(), OSSL_STORE_INFO_get0_PKEY(), +OSSL_STORE_INFO_get0_CERT() and OSSL_STORE_INFO_get0_CRL() all return +a pointer to a duplicate of the OpenSSL object on success, NULL otherwise.

    +

    OSSL_STORE_INFO_type_string() returns a string on success, or NULL on +failure.

    +

    OSSL_STORE_INFO_new_NAME(), OSSL_STORE_INFO_new_PARAMS(), +OSSL_STORE_INFO_new_PKEY(), OSSL_STORE_INFO_new_CERT() and +OSSL_STORE_INFO_new_CRL() return a OSSL_STORE_INFO +pointer on success, or NULL on failure.

    +

    OSSL_STORE_INFO_set0_NAME_description() returns 1 on success, or 0 on +failure.

    +

    +

    +
    +

    SEE ALSO

    +

    ossl_store(7), OSSL_STORE_open(3), OSSL_STORE_register_loader(3)

    +

    +

    +
    +

    HISTORY

    +

    OSSL_STORE_INFO(), OSSL_STORE_INFO_get_type(), OSSL_STORE_INFO_get0_NAME(), +OSSL_STORE_INFO_get0_PARAMS(), OSSL_STORE_INFO_get0_PKEY(), +OSSL_STORE_INFO_get0_CERT(), OSSL_STORE_INFO_get0_CRL(), +OSSL_STORE_INFO_type_string(), OSSL_STORE_INFO_free(), OSSL_STORE_INFO_new_NAME(), +OSSL_STORE_INFO_new_PARAMS(), OSSL_STORE_INFO_new_PKEY(), +OSSL_STORE_INFO_new_CERT() and OSSL_STORE_INFO_new_CRL() +were added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_STORE_LOADER.html b/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_STORE_LOADER.html new file mode 100755 index 0000000..d265762 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_STORE_LOADER.html @@ -0,0 +1,288 @@ + + + + +OSSL_STORE_LOADER + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    OSSL_STORE_LOADER, OSSL_STORE_LOADER_CTX, OSSL_STORE_LOADER_new, +OSSL_STORE_LOADER_get0_engine, OSSL_STORE_LOADER_get0_scheme, +OSSL_STORE_LOADER_set_open, OSSL_STORE_LOADER_set_ctrl, +OSSL_STORE_LOADER_set_expect, OSSL_STORE_LOADER_set_find, +OSSL_STORE_LOADER_set_load, OSSL_STORE_LOADER_set_eof, +OSSL_STORE_LOADER_set_error, OSSL_STORE_LOADER_set_close, +OSSL_STORE_LOADER_free, OSSL_STORE_register_loader, +OSSL_STORE_unregister_loader, OSSL_STORE_open_fn, OSSL_STORE_ctrl_fn, +OSSL_STORE_expect_fn, OSSL_STORE_find_fn, +OSSL_STORE_load_fn, OSSL_STORE_eof_fn, OSSL_STORE_error_fn, +OSSL_STORE_close_fn - Types and functions to manipulate, register and +unregister STORE loaders for different URI schemes

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/store.h>
    +
    + typedef struct ossl_store_loader_st OSSL_STORE_LOADER;
    +
    + OSSL_STORE_LOADER *OSSL_STORE_LOADER_new(ENGINE *e, const char *scheme);
+ const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER
+                                             *store_loader);
+ const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER
+                                           *store_loader);
    +
    + /* struct ossl_store_loader_ctx_st is defined differently by each loader */
+ typedef struct ossl_store_loader_ctx_st OSSL_STORE_LOADER_CTX;
    +
    + typedef OSSL_STORE_LOADER_CTX *(*OSSL_STORE_open_fn)(const char *uri,
+                                                      const UI_METHOD *ui_method,
+                                                      void *ui_data);
+ int OSSL_STORE_LOADER_set_open(OSSL_STORE_LOADER *store_loader,
+                                OSSL_STORE_open_fn store_open_function);
+ typedef int (*OSSL_STORE_ctrl_fn)(OSSL_STORE_LOADER_CTX *ctx, int cmd,
+                                   va_list args);
+ int OSSL_STORE_LOADER_set_ctrl(OSSL_STORE_LOADER *store_loader,
+                                OSSL_STORE_ctrl_fn store_ctrl_function);
+ typedef int (*OSSL_STORE_expect_fn)(OSSL_STORE_LOADER_CTX *ctx, int expected);
+ int OSSL_STORE_LOADER_set_expect(OSSL_STORE_LOADER *loader,
+                                  OSSL_STORE_expect_fn expect_function);
+ typedef int (*OSSL_STORE_find_fn)(OSSL_STORE_LOADER_CTX *ctx,
+                                   OSSL_STORE_SEARCH *criteria);
+ int OSSL_STORE_LOADER_set_find(OSSL_STORE_LOADER *loader,
+                                OSSL_STORE_find_fn find_function);
+ typedef OSSL_STORE_INFO *(*OSSL_STORE_load_fn)(OSSL_STORE_LOADER_CTX *ctx,
+                                                UI_METHOD *ui_method,
+                                                void *ui_data);
+ int OSSL_STORE_LOADER_set_load(OSSL_STORE_LOADER *store_loader,
+                                OSSL_STORE_load_fn store_load_function);
+ typedef int (*OSSL_STORE_eof_fn)(OSSL_STORE_LOADER_CTX *ctx);
+ int OSSL_STORE_LOADER_set_eof(OSSL_STORE_LOADER *store_loader,
+                               OSSL_STORE_eof_fn store_eof_function);
+ typedef int (*OSSL_STORE_error_fn)(OSSL_STORE_LOADER_CTX *ctx);
+ int OSSL_STORE_LOADER_set_error(OSSL_STORE_LOADER *store_loader,
+                                 OSSL_STORE_error_fn store_error_function);
+ typedef int (*OSSL_STORE_close_fn)(OSSL_STORE_LOADER_CTX *ctx);
+ int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *store_loader,
+                                 OSSL_STORE_close_fn store_close_function);
+ void OSSL_STORE_LOADER_free(OSSL_STORE_LOADER *store_loader);
    +
    + int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader);
+ OSSL_STORE_LOADER *OSSL_STORE_unregister_loader(const char *scheme);
    +

    +

    +
    +

    DESCRIPTION

    +

    These functions help applications and engines to create loaders for +schemes they support.

    +

    +

    +

    Types

    +

    OSSL_STORE_LOADER is the type to hold a loader. +It contains a scheme and the functions needed to implement +OSSL_STORE_open(), OSSL_STORE_load(), OSSL_STORE_eof(), OSSL_STORE_error() and +OSSL_STORE_close() for this scheme.

    +

    OSSL_STORE_LOADER_CTX is a type template, to be defined by each loader +using struct ossl_store_loader_ctx_st { ... }.

    +

    OSSL_STORE_open_fn, OSSL_STORE_ctrl_fn, OSSL_STORE_expect_fn, +OSSL_STORE_find_fn, OSSL_STORE_load_fn, OSSL_STORE_eof_fn, +and OSSL_STORE_close_fn +are the function pointer types used within a STORE loader. +The functions pointed at define the functionality of the given loader.

    +
    +
    OSSL_STORE_open_fn
    + +
    +

    This function takes a URI and is expected to interpret it in the best +manner possible according to the scheme the loader implements, it also +takes a UI_METHOD and associated data, to be used any time +something needs to be prompted for. +Furthermore, this function is expected to initialize what needs to be +initialized, to create a private data store (OSSL_STORE_LOADER_CTX, see +above), and to return it. +If something goes wrong, this function is expected to return NULL.

    +
    +
    OSSL_STORE_ctrl_fn
    + +
    +

    This function takes a OSSL_STORE_LOADER_CTX pointer, a command number +cmd and a va_list args and is used to manipulate loader +specific parameters.

    +

    Loader specific command numbers must begin at OSSL_STORE_C_CUSTOM_START. +Any number below that is reserved for future globally known command +numbers.

    +

    This function is expected to return 1 on success, 0 on error.

    +
    +
    OSSL_STORE_expect_fn
    + +
    +

    This function takes a OSSL_STORE_LOADER_CTX pointer and a OSSL_STORE_INFO +identity expected, and is used to tell the loader what object type is +expected. +expected may be zero to signify that no specific object type is expected.

    +

    This function is expected to return 1 on success, 0 on error.

    +
    +
    OSSL_STORE_find_fn
    + +
    +

    This function takes a OSSL_STORE_LOADER_CTX pointer and a +OSSL_STORE_SEARCH search criterion, and is used to tell the loader what +to search for.

    +

    When called with the loader context being NULL, this function is expected +to return 1 if the loader supports the criterion, otherwise 0.

    +

    When called with the loader context being something other than NULL, this +function is expected to return 1 on success, 0 on error.

    +
    +
    OSSL_STORE_load_fn
    + +
    +

    This function takes a OSSL_STORE_LOADER_CTX pointer and a UI_METHOD +with associated data. +It's expected to load the next available data, mold it into a data +structure that can be wrapped in a OSSL_STORE_INFO using one of the +OSSL_STORE_INFO(3) functions. +If no more data is available or an error occurs, this function is +expected to return NULL. +The OSSL_STORE_eof_fn and OSSL_STORE_error_fn functions must indicate if +it was in fact the end of data or if an error occurred.

    +

    Note that this function retrieves one data item only.

    +
    +
    OSSL_STORE_eof_fn
    + +
    +

    This function takes a OSSL_STORE_LOADER_CTX pointer and is expected to +return 1 to indicate that the end of available data has been reached. +It is otherwise expected to return 0.

    +
    +
    OSSL_STORE_error_fn
    + +
    +

    This function takes a OSSL_STORE_LOADER_CTX pointer and is expected to +return 1 to indicate that an error occurred in a previous call to the +OSSL_STORE_load_fn function. +It is otherwise expected to return 0.

    +
    +
    OSSL_STORE_close_fn
    + +
    +

    This function takes a OSSL_STORE_LOADER_CTX pointer and is expected to +close or shut down what needs to be closed, and finally free the +contents of the OSSL_STORE_LOADER_CTX pointer. +It returns 1 on success and 0 on error.

    +
    +
    +

    +

    +

    Functions

    +

    OSSL_STORE_LOADER_new() creates a new OSSL_STORE_LOADER. +It takes an ENGINE e and a string scheme. +scheme must always be set. +Both e and scheme are used as is and must therefore be alive as +long as the created loader is.

    +

    OSSL_STORE_LOADER_get0_engine() returns the engine of the store_loader. +OSSL_STORE_LOADER_get0_scheme() returns the scheme of the store_loader.

    +

    OSSL_STORE_LOADER_set_open() sets the opener function for the +store_loader.

    +

    OSSL_STORE_LOADER_set_ctrl() sets the control function for the +store_loader.

    +

    OSSL_STORE_LOADER_set_expect() sets the expect function for the +store_loader.

    +

    OSSL_STORE_LOADER_set_load() sets the loader function for the +store_loader.

    +

    OSSL_STORE_LOADER_set_eof() sets the end of file checker function for the +store_loader.

    +

    OSSL_STORE_LOADER_set_close() sets the closing function for the +store_loader.

    +

    OSSL_STORE_LOADER_free() frees the given store_loader.

    +

    OSSL_STORE_register_loader() register the given store_loader and thereby +makes it available for use with OSSL_STORE_open(), OSSL_STORE_load(), +OSSL_STORE_eof() and OSSL_STORE_close().

    +

    OSSL_STORE_unregister_loader() unregister the store loader for the given +scheme.

    +

    +

    +
    +

    NOTES

    +

    The file: scheme has built in support.

    +

    +

    +
    +

    RETURN VALUES

    +

    The functions with the types OSSL_STORE_open_fn, OSSL_STORE_ctrl_fn, +OSSL_STORE_expect_fn, +OSSL_STORE_load_fn, OSSL_STORE_eof_fn and OSSL_STORE_close_fn have the +same return values as OSSL_STORE_open(), OSSL_STORE_ctrl(), OSSL_STORE_expect(), +OSSL_STORE_load(), OSSL_STORE_eof() and OSSL_STORE_close(), respectively.

    +

    OSSL_STORE_LOADER_new() returns a pointer to a OSSL_STORE_LOADER on success, +or NULL on failure.

    +

    OSSL_STORE_LOADER_set_open(), OSSL_STORE_LOADER_set_ctrl(), +OSSL_STORE_LOADER_set_load(), OSSL_STORE_LOADER_set_eof() and +OSSL_STORE_LOADER_set_close() return 1 on success, or 0 on failure.

    +

    OSSL_STORE_register_loader() returns 1 on success, or 0 on failure.

    +

    OSSL_STORE_unregister_loader() returns the unregistered loader on success, +or NULL on failure.

    +

    +

    +
    +

    SEE ALSO

    +

    ossl_store(7), OSSL_STORE_open(3)

    +

    +

    +
    +

    HISTORY

    +

    OSSL_STORE_LOADER(), OSSL_STORE_LOADER_CTX(), OSSL_STORE_LOADER_new(), +OSSL_STORE_LOADER_set0_scheme(), OSSL_STORE_LOADER_set_open(), +OSSL_STORE_LOADER_set_ctrl(), OSSL_STORE_LOADER_set_load(), +OSSL_STORE_LOADER_set_eof(), OSSL_STORE_LOADER_set_close(), +OSSL_STORE_LOADER_free(), OSSL_STORE_register_loader(), +OSSL_STORE_unregister_loader(), OSSL_STORE_open_fn(), OSSL_STORE_ctrl_fn(), +OSSL_STORE_load_fn(), OSSL_STORE_eof_fn() and OSSL_STORE_close_fn() +were added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_STORE_SEARCH.html b/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_STORE_SEARCH.html new file mode 100755 index 0000000..d2d3a87 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_STORE_SEARCH.html @@ -0,0 +1,234 @@ + + + + +OSSL_STORE_SEARCH + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OSSL_STORE_SEARCH, +OSSL_STORE_SEARCH_by_name, +OSSL_STORE_SEARCH_by_issuer_serial, +OSSL_STORE_SEARCH_by_key_fingerprint, +OSSL_STORE_SEARCH_by_alias, +OSSL_STORE_SEARCH_free, +OSSL_STORE_SEARCH_get_type, +OSSL_STORE_SEARCH_get0_name, +OSSL_STORE_SEARCH_get0_serial, +OSSL_STORE_SEARCH_get0_bytes, +OSSL_STORE_SEARCH_get0_string, +OSSL_STORE_SEARCH_get0_digest +- Type and functions to create OSSL_STORE search criteria

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/store.h>
    +
    + typedef struct ossl_store_search_st OSSL_STORE_SEARCH;
    +
    + OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_name(X509_NAME *name);
+ OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_issuer_serial(X509_NAME *name,
+                                                       const ASN1_INTEGER
+                                                       *serial);
+ OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_key_fingerprint(const EVP_MD *digest,
+                                                         const unsigned char
+                                                         *bytes, int len);
+ OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_alias(const char *alias);
    +
    + void OSSL_STORE_SEARCH_free(OSSL_STORE_SEARCH *search);
    +
    + int OSSL_STORE_SEARCH_get_type(const OSSL_STORE_SEARCH *criterion);
+ X509_NAME *OSSL_STORE_SEARCH_get0_name(OSSL_STORE_SEARCH *criterion);
+ const ASN1_INTEGER *OSSL_STORE_SEARCH_get0_serial(const OSSL_STORE_SEARCH
+                                                   *criterion);
+ const unsigned char *OSSL_STORE_SEARCH_get0_bytes(const OSSL_STORE_SEARCH
+                                                   *criterion, size_t *length);
+ const char *OSSL_STORE_SEARCH_get0_string(const OSSL_STORE_SEARCH *criterion);
+ const EVP_MD *OSSL_STORE_SEARCH_get0_digest(const OSSL_STORE_SEARCH
+                                             *criterion);
    +

    +

    +
    +

    DESCRIPTION

    +

    These functions are used to specify search criteria to help search for specific +objects through other names than just the URI that's given to OSSL_STORE_open(). +For example, this can be useful for an application that has received a URI +and then wants to add on search criteria in a uniform and supported manner.

    +

    +

    +

    Types

    +

    OSSL_STORE_SEARCH is an opaque type that holds the constructed search +criterion, and that can be given to an OSSL_STORE context with +OSSL_STORE_find().

    +

    The calling application owns the allocation of an OSSL_STORE_SEARCH at all +times, and should therefore be careful not to deallocate it before +OSSL_STORE_close() has been called for the OSSL_STORE context it was given +to.

    +

    +

    +

    Application Functions

    +

    OSSL_STORE_SEARCH_by_name(), +OSSL_STORE_SEARCH_by_issuer_serial(), +OSSL_STORE_SEARCH_by_key_fingerprint(), +and OSSL_STORE_SEARCH_by_alias() +are used to create an OSSL_STORE_SEARCH from a subject name, an issuer name +and serial number pair, a key fingerprint, and an alias (for example a friendly +name). +The parameters that are provided are not copied, only referred to in a +criterion, so they must have at least the same life time as the created +OSSL_STORE_SEARCH.

    +

    OSSL_STORE_SEARCH_free() is used to free the OSSL_STORE_SEARCH.

    +

    +

    +

    Loader Functions

    +

    OSSL_STORE_SEARCH_get_type() returns the criterion type for the given +OSSL_STORE_SEARCH.

    +

    OSSL_STORE_SEARCH_get0_name(), OSSL_STORE_SEARCH_get0_serial(), +OSSL_STORE_SEARCH_get0_bytes(), OSSL_STORE_SEARCH_get0_string(), +and OSSL_STORE_SEARCH_get0_digest() +are used to retrieve different data from a OSSL_STORE_SEARCH, as +available for each type. +For more information, see SUPPORTED CRITERION TYPES below.

    +

    +

    +
    +

    SUPPORTED CRITERION TYPES

    +

    Currently supported criterion types are:

    +
    +
    OSSL_STORE_SEARCH_BY_NAME
    + +
    +

    This criterion supports a search by exact match of subject name. +The subject name itself is a X509_NAME pointer. +A criterion of this type is created with OSSL_STORE_SEARCH_by_name(), +and the actual subject name is retrieved with OSSL_STORE_SEARCH_get0_name().

    +
    +
    OSSL_STORE_SEARCH_BY_ISSUER_SERIAL
    + +
    +

    This criterion supports a search by exact match of both issuer name and serial +number. +The issuer name itself is a X509_NAME pointer, and the serial number is +a ASN1_INTEGER pointer. +A criterion of this type is created with OSSL_STORE_SEARCH_by_issuer_serial() +and the actual issuer name and serial number are retrieved with +OSSL_STORE_SEARCH_get0_name() and OSSL_STORE_SEARCH_get0_serial().

    +
    +
    OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT
    + +
    +

    This criterion supports a search by exact match of key fingerprint. +The key fingerprint in itself is a string of bytes and its length, as +well as the algorithm that was used to compute the fingerprint. +The digest may be left unspecified (NULL), and in that case, the +loader has to decide on a default digest and compare fingerprints +accordingly. +A criterion of this type is created with OSSL_STORE_SEARCH_by_key_fingerprint() +and the actual fingerprint and its length can be retrieved with +OSSL_STORE_SEARCH_get0_bytes(). +The digest can be retrieved with OSSL_STORE_SEARCH_get0_digest().

    +
    +
    OSSL_STORE_SEARCH_BY_ALIAS
    + +
    +

    This criterion supports a search by match of an alias of some kind. +The alias in itself is a simple C string. +A criterion of this type is created with OSSL_STORE_SEARCH_by_alias() +and the actual alias is retrieved with OSSL_STORE_SEARCH_get0_string().

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    OSSL_STORE_SEARCH_by_name(), +OSSL_STORE_SEARCH_by_issuer_serial(), +OSSL_STORE_SEARCH_by_key_fingerprint(), +and OSSL_STORE_SEARCH_by_alias() +return a OSSL_STORE_SEARCH pointer on success, or NULL on failure.

    +

    OSSL_STORE_SEARCH_get_type() returns the criterion type of the given +OSSL_STORE_SEARCH. +There is no error value.

    +

    OSSL_STORE_SEARCH_get0_name() returns a X509_NAME pointer on success, +or NULL when the given OSSL_STORE_SEARCH was of a different type.

    +

    OSSL_STORE_SEARCH_get0_serial() returns a ASN1_INTEGER pointer on success, +or NULL when the given OSSL_STORE_SEARCH was of a different type.

    +

    OSSL_STORE_SEARCH_get0_bytes() returns a const unsigned char pointer and +sets *length to the strings length on success, or NULL when the given +OSSL_STORE_SEARCH was of a different type.

    +

    OSSL_STORE_SEARCH_get0_string() returns a const char pointer on success, +or NULL when the given OSSL_STORE_SEARCH was of a different type.

    +

    OSSL_STORE_SEARCH_get0_digest() returns a const EVP_MD pointer. +NULL is a valid value and means that the store loader default will +be used when applicable.

    +

    +

    +
    +

    SEE ALSO

    +

    ossl_store(7), OSSL_STORE_supports_search(3), OSSL_STORE_find(3)

    +

    +

    +
    +

    HISTORY

    +

    OSSL_STORE_SEARCH, +OSSL_STORE_SEARCH_by_name(), +OSSL_STORE_SEARCH_by_issuer_serial(), +OSSL_STORE_SEARCH_by_key_fingerprint(), +OSSL_STORE_SEARCH_by_alias(), +OSSL_STORE_SEARCH_free(), +OSSL_STORE_SEARCH_get_type(), +OSSL_STORE_SEARCH_get0_name(), +OSSL_STORE_SEARCH_get0_serial(), +OSSL_STORE_SEARCH_get0_bytes(), +and OSSL_STORE_SEARCH_get0_string() +were added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_STORE_expect.html b/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_STORE_expect.html new file mode 100755 index 0000000..a91b49b --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_STORE_expect.html @@ -0,0 +1,114 @@ + + + + +OSSL_STORE_expect + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OSSL_STORE_expect, +OSSL_STORE_supports_search, +OSSL_STORE_find +- Specify what object type is expected

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/store.h>
    +
    + int OSSL_STORE_expect(OSSL_STORE_CTX *ctx, int expected_type);
    +
    + int OSSL_STORE_supports_search(OSSL_STORE_CTX *ctx, int criterion_type);
    +
    + int OSSL_STORE_find(OSSL_STORE_CTX *ctx, OSSL_STORE_SEARCH *search);
    +

    +

    +
    +

    DESCRIPTION

    +

    OSSL_STORE_expect() helps applications filter what OSSL_STORE_load() returns +by specifying a OSSL_STORE_INFO type. +For example, if file:/foo/bar/store.pem contains several different objects +and only the certificates are interesting, the application can simply say +that it expects the type OSSL_STORE_INFO_CERT. +All known object types (see OSSL_STORE_INFO(3)/SUPPORTED OBJECTS) +except for OSSL_STORE_INFO_NAME are supported.

    +

    OSSL_STORE_find() helps applications specify a criterion for a more fine +grained search of objects.

    +

    OSSL_STORE_supports_search() checks if the loader of the given OSSL_STORE +context supports the given search type. +See OSSL_STORE_SEARCH(3)/SUPPORTED CRITERION TYPES for information on the +supported search criterion types.

    +

    OSSL_STORE_expect() and OSSL_STORE_find must be called before the first +OSSL_STORE_load() of a given session, or they will fail.

    +

    +

    +
    +

    NOTES

    +

    If a more elaborate filter is required by the application, a better choice +would be to use a post-processing function. +See OSSL_STORE_open(3) for more information.

    +

    However, some loaders may take advantage of the knowledge of an expected type +to make object retrieval more efficient, so if a single type is expected, this +method is usually preferable.

    +

    +

    +
    +

    RETURN VALUES

    +

    OSSL_STORE_expect() returns 1 on success, or 0 on failure.

    +

    OSSL_STORE_supports_search() returns 1 if the criterion is supported, or 0 +otherwise.

    +

    OSSL_STORE_find() returns 1 on success, or 0 on failure.

    +

    +

    +
    +

    SEE ALSO

    +

    ossl_store(7), OSSL_STORE_INFO(3), OSSL_STORE_SEARCH(3), +OSSL_STORE_load(3)

    +

    +

    +
    +

    HISTORY

    +

    OSSL_STORE_expect(), OSSL_STORE_supports_search() and OSSL_STORE_find() +were added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_STORE_open.html b/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_STORE_open.html new file mode 100755 index 0000000..28015fd --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_STORE_open.html @@ -0,0 +1,196 @@ + + + + +OSSL_STORE_open + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OSSL_STORE_CTX, OSSL_STORE_post_process_info_fn, OSSL_STORE_open, +OSSL_STORE_ctrl, OSSL_STORE_load, OSSL_STORE_eof, OSSL_STORE_error, +OSSL_STORE_close - Types and functions to read objects from a URI

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/store.h>
    +
    + typedef struct ossl_store_ctx_st OSSL_STORE_CTX;
    +
    + typedef OSSL_STORE_INFO *(*OSSL_STORE_post_process_info_fn)(OSSL_STORE_INFO *,
+                                                             void *);
    +
    + OSSL_STORE_CTX *OSSL_STORE_open(const char *uri, const UI_METHOD *ui_method,
+                                 void *ui_data,
+                                 OSSL_STORE_post_process_info_fn post_process,
+                                 void *post_process_data);
+ int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd, ... /* args */);
+ OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx);
+ int OSSL_STORE_eof(OSSL_STORE_CTX *ctx);
+ int OSSL_STORE_error(OSSL_STORE_CTX *ctx);
+ int OSSL_STORE_close(OSSL_STORE_CTX *ctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    These functions help the application to fetch supported objects (see +OSSL_STORE_INFO(3)/SUPPORTED OBJECTS for information on which those are) +from a given URI (see SUPPORTED SCHEMES for more information on +the supported URI schemes). +The general method to do so is to "open" the URI using OSSL_STORE_open(), +read each available and supported object using OSSL_STORE_load() as long as +OSSL_STORE_eof() hasn't been reached, and finish it off with OSSL_STORE_close().

    +

    The retrieved information is stored in a OSSL_STORE_INFO, which is further +described in OSSL_STORE_INFO(3).

    +

    +

    +

    Types

    +

    OSSL_STORE_CTX is a context variable that holds all the internal +information for OSSL_STORE_open(), OSSL_STORE_load(), OSSL_STORE_eof() and +OSSL_STORE_close() to work together.

    +

    +

    +

    Functions

    +

    OSSL_STORE_open() takes a uri or path uri, password UI method +ui_method with associated data ui_data, and post processing +callback post_process with associated data post_process_data, +opens a channel to the data located at that URI and returns a +OSSL_STORE_CTX with all necessary internal information. +The given ui_method and ui_data_data will be reused by all +functions that use OSSL_STORE_CTX when interaction is needed. +The given post_process and post_process_data will be reused by +OSSL_STORE_load() to manipulate or drop the value to be returned. +The post_process function drops values by returning NULL, which +will cause OSSL_STORE_load() to start its process over with loading +the next object, until post_process returns something other than +NULL, or the end of data is reached as indicated by OSSL_STORE_eof().

    +

    OSSL_STORE_ctrl() takes a OSSL_STORE_CTX, and command number cmd and +more arguments not specified here. +The available loader specific command numbers and arguments they each +take depends on the loader that's used and is documented together with +that loader.

    +

    There are also global controls available:

    +
    +
    OSSL_STORE_C_USE_SECMEM
    + +
    +

    Controls if the loader should attempt to use secure memory for any +allocated OSSL_STORE_INFO and its contents. +This control expects one argument, a pointer to an int that is expected to +have the value 1 (yes) or 0 (no). +Any other value is an error.

    +
    +
    +

    OSSL_STORE_load() takes a OSSL_STORE_CTX, tries to load the next available +object and return it wrapped with OSSL_STORE_INFO.

    +

    OSSL_STORE_eof() takes a OSSL_STORE_CTX and checks if we've reached the end +of data.

    +

    OSSL_STORE_error() takes a OSSL_STORE_CTX and checks if an error occurred in +the last OSSL_STORE_load() call. +Note that it may still be meaningful to try and load more objects, unless +OSSL_STORE_eof() shows that the end of data has been reached.

    +

    OSSL_STORE_close() takes a OSSL_STORE_CTX, closes the channel that was opened +by OSSL_STORE_open() and frees all other information that was stored in the +OSSL_STORE_CTX, as well as the OSSL_STORE_CTX itself.

    +

    +

    +
    +

    SUPPORTED SCHEMES

    +

    The basic supported scheme is file:. +Any other scheme can be added dynamically, using +OSSL_STORE_register_loader().

    +

    +

    +
    +

    NOTES

    +

    A string without a scheme prefix (that is, a non-URI string) is +implicitly interpreted as using the file: scheme.

    +

    There are some tools that can be used together with +OSSL_STORE_open() to determine if any failure is caused by an unparsable +URI, or if it's a different error (such as memory allocation +failures); if the URI was parsable but the scheme unregistered, the +top error will have the reason OSSL_STORE_R_UNREGISTERED_SCHEME.

    +

    These functions make no direct assumption regarding the pass phrase received +from the password callback. +The loaders may make assumptions, however. +For example, the file: scheme loader inherits the assumptions made by +OpenSSL functionality that handles the different file types; this is mostly +relevant for PKCS#12 objects. +See passphrase-encoding(7) for further information.

    +

    +

    +
    +

    RETURN VALUES

    +

    OSSL_STORE_open() returns a pointer to a OSSL_STORE_CTX on success, or +NULL on failure.

    +

    OSSL_STORE_load() returns a pointer to a OSSL_STORE_INFO on success, or +NULL on error or when end of data is reached. +Use OSSL_STORE_error() and OSSL_STORE_eof() to determine the meaning of a +returned NULL.

    +

    OSSL_STORE_eof() returns 1 if the end of data has been reached, otherwise +0.

    +

    OSSL_STORE_error() returns 1 if an error occurred in an OSSL_STORE_load() call, +otherwise 0.

    +

    OSSL_STORE_ctrl() and OSSL_STORE_close() returns 1 on success, or 0 on failure.

    +

    +

    +
    +

    SEE ALSO

    +

    ossl_store(7), OSSL_STORE_INFO(3), OSSL_STORE_register_loader(3), +passphrase-encoding(7)

    +

    +

    +
    +

    HISTORY

    +

    OSSL_STORE_CTX(), OSSL_STORE_post_process_info_fn(), OSSL_STORE_open(), +OSSL_STORE_ctrl(), OSSL_STORE_load(), OSSL_STORE_eof() and OSSL_STORE_close() +were added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_trace_enabled.html b/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_trace_enabled.html new file mode 100755 index 0000000..8494680 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_trace_enabled.html @@ -0,0 +1,308 @@ + + + + +OSSL_trace_enabled + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    OSSL_trace_enabled, OSSL_trace_begin, OSSL_trace_end, +OSSL_TRACE_BEGIN, OSSL_TRACE_END, OSSL_TRACE_CANCEL, +OSSL_TRACE, OSSL_TRACE1, OSSL_TRACE2, OSSL_TRACE3, OSSL_TRACE4, +OSSL_TRACE5, OSSL_TRACE6, OSSL_TRACE7, OSSL_TRACE8, OSSL_TRACE9, +OSSL_TRACEV, +OSSL_TRACE_ENABLED +- OpenSSL Tracing API

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/trace.h>
    +
    + int OSSL_trace_enabled(int category);
    +
    + BIO *OSSL_trace_begin(int category);
+ void OSSL_trace_end(int category, BIO *channel);
    +
    + /* trace group macros */
+ OSSL_TRACE_BEGIN(category) {
+     ...
+     if (some_error) {
+         /* Leave trace group prematurely in case of an error */
+         OSSL_TRACE_CANCEL(category);
+         goto err;
+     }
+     ...
+ } OSSL_TRACE_END(category);
    +
    + /* one-shot trace macros */
+ OSSL_TRACE1(category, format, arg1)
+ OSSL_TRACE2(category, format, arg1, arg2)
+ ...
+ OSSL_TRACE9(category, format, arg1, ..., arg9)
    +
    + /* check whether a trace category is enabled */
+ if (OSSL_TRACE_ENABLED(category)) {
+     ...
+ }
    +

    +

    +
    +

    DESCRIPTION

    +

    The functions described here are mainly interesting for those who provide +OpenSSL functionality, either in OpenSSL itself or in engine modules +or similar.

    +

    If tracing is enabled (see NOTES below), these functions are used to +generate free text tracing output.

    +

    The tracing output is divided into types which are enabled +individually by the application. +The tracing types are described in detail in +OSSL_trace_set_callback(3)/Trace types. +The fallback type OSSL_TRACE_CATEGORY_ALL should not be used +with the functions described here.

    +

    Tracing for a specific category is enabled if a so called +trace channel is attached to it. A trace channel is simply a +BIO object to which the application can write its trace output.

    +

    The application has two different ways of registering a trace channel, +either by directly providing a BIO object using OSSL_trace_set_channel(), +or by providing a callback routine using OSSL_trace_set_callback(). +The latter is wrapped internally by a dedicated BIO object, so for the +tracing code both channel types are effectively indistinguishable. +We call them a simple trace channel and a callback trace channel, +respectively.

    +

    To produce trace output, it is necessary to obtain a pointer to the +trace channel (i.e., the BIO object) using OSSL_trace_begin(), write +to it using arbitrary BIO output routines, and finally releases the +channel using OSSL_trace_end(). The OSSL_trace_begin()/OSSL_trace_end() +calls surrounding the trace output create a group, which acts as a +critical section (guarded by a mutex) to ensure that the trace output +of different threads does not get mixed up.

    +

    The tracing code normally does not call OSSL_trace_{begin,end}() directly, +but rather uses a set of convenience macros, see the Macros section below.

    +

    +

    +

    Functions

    +

    OSSL_trace_enabled() can be used to check if tracing for the given +category is enabled.

    +

    OSSL_trace_begin() is used to starts a tracing section, and get the +channel for the given category in form of a BIO. +This BIO can only be used for output.

    +

    OSSL_trace_end() is used to end a tracing section.

    +

    Using OSSL_trace_begin() and OSSL_trace_end() to wrap tracing sections +is mandatory. +The result of trying to produce tracing output outside of such +sections is undefined.

    +

    +

    +

    Macros

    +

    There are a number of convenience macros defined, to make tracing +easy and consistent.

    +

    OSSL_TRACE_BEGIN(category) and OSSL_TRACE_END(category) reserve +the BIO trc_out and are used as follows to wrap a trace section:

    +
    + OSSL_TRACE_BEGIN(TLS) {
    +
    +     BIO_fprintf(trc_out, ... );
    +
    + } OSSL_TRACE_END(TLS);
    +

    This will normally expand to:

    +
    + do {
+     BIO *trc_out = OSSL_trace_begin(OSSL_TRACE_CATEGORY_TLS);
+     if (trc_out != NULL) {
+         ...
+         BIO_fprintf(trc_out, ...);
+     }
+     OSSL_trace_end(OSSL_TRACE_CATEGORY_TLS, trc_out);
+ } while (0);
    +

    OSSL_TRACE_CANCEL(category) must be used before returning from or +jumping out of a trace section:

    +
    + OSSL_TRACE_BEGIN(TLS) {
    +
    +     if (some_error) {
+         OSSL_TRACE_CANCEL(TLS);
+         goto err;
+     }
+     BIO_fprintf(trc_out, ... );
    +
    + } OSSL_TRACE_END(TLS);
    +

    This will normally expand to:

    +
    + do {
+     BIO *trc_out = OSSL_trace_begin(OSSL_TRACE_CATEGORY_TLS);
+     if (trc_out != NULL) {
+         if (some_error) {
+             OSSL_trace_end(OSSL_TRACE_CATEGORY_TLS, trc_out);
+             goto err;
+         }
+         BIO_fprintf(trc_out, ... );
+     }
+     OSSL_trace_end(OSSL_TRACE_CATEGORY_TLS, trc_out);
+ } while (0);
    +

    OSSL_TRACE() and OSSL_TRACE1(), OSSL_TRACE2(), ... OSSL_TRACE9() are +so-called one-shot macros:

    +

    The macro call OSSL_TRACE(category, text), produces literal text trace output.

    +

    The macro call OSSL_TRACEn(category, format, arg1, ..., argn) produces +printf-style trace output with n format field arguments (n=1,...,9). +It expands to:

    +
    + OSSL_TRACE_BEGIN(category) {
+     BIO_printf(trc_out, format, arg1, ..., argN)
+ } OSSL_TRACE_END(category)
    +

    Internally, all one-shot macros are implemented using a generic OSSL_TRACEV() +macro, since C90 does not support variadic macros. This helper macro has a rather +weird synopsis and should not be used directly.

    +

    The OSSL_TRACE_ENABLED(category) macro can be used to conditionally execute +some code only if a specific trace category is enabled. +In some situations this is simpler than entering a trace section using +OSSL_TRACE_BEGIN(category) and OSSL_TRACE_END(category). +For example, the code

    +
    + if (OSSL_TRACE_ENABLED(TLS)) {
+     ...
+ }
    +

    expands to

    +
    + if (OSSL_trace_enabled(OSSL_TRACE_CATEGORY_TLS) {
+     ...
+ }
    +

    +

    +
    +

    NOTES

    +

    If producing the trace output requires carrying out auxiliary calculations, +this auxiliary code should be placed inside a conditional block which is +executed only if the trace category is enabled.

    +

    The most natural way to do this is to place the code inside the trace section +itself because it already introduces such a conditional block.

    +
    + OSSL_TRACE_BEGIN(TLS) {
+     int var = do_some_auxiliary_calculation();
    +
    +     BIO_printf(trc_out, "var = %d\n", var);
    +
    + } OSSL_TRACE_END(TLS);
    +

    In some cases it is more advantageous to use a simple conditional group instead +of a trace section. This is the case if calculations and tracing happen in +different locations of the code, or if the calculations are so time consuming +that placing them inside a (critical) trace section would create too much +contention.

    +
    + if (OSSL_TRACE_ENABLED(TLS)) {
+     int var = do_some_auxiliary_calculation();
    +
    +     OSSL_TRACE1("var = %d\n", var);
+ }
    +

    Note however that premature optimization of tracing code is in general futile +and it's better to keep the tracing code as simple as possible. +Because most often the limiting factor for the application's speed is the time +it takes to print the trace output, not to calculate it.

    +

    +

    +

    Configure Tracing

    +

    By default, the OpenSSL library is built with tracing disabled. To +use the tracing functionality documented here, it is therefore +necessary to configure and build OpenSSL with the 'enable-trace' option.

    +

    When the library is built with tracing disabled:

    +
      +
    • +

      The macro OPENSSL_NO_TRACE is defined in openssl/opensslconf.h.

      +
      • +
    • +

      all functions are still present, bu OSSL_trace_enabled() will always +report the categories as disabled, and all other functions will do +nothing.

      +
      • +
    • +

      the convenience macros are defined to produce dead code. +For example, take this example from Macros section above:

      +
      + OSSL_TRACE_BEGIN(TLS) {
      +
      +     if (condition) {
+         OSSL_TRACE_CANCEL(TLS);
+         goto err;
+     }
+     BIO_fprintf(trc_out, ... );
      +
      + } OSSL_TRACE_END(TLS);
      +

      When the tracing API isn't operational, that will expand to:

      +
      + do {
+     BIO *trc_out = NULL;
+     if (0) {
+         if (condition) {
+             ((void)0);
+             goto err;
+         }
+         BIO_fprintf(trc_out, ... );
+     }
+ } while (0);
      +
      • +
    +

    +

    +
    +

    RETURN VALUES

    +

    OSSL_trace_enabled() returns 1 if tracing for the given type is +operational and enabled, otherwise 0.

    +

    OSSL_trace_begin() returns a BIO * if the given type is enabled, +otherwise NULL.

    +

    +

    +
    +

    HISTORY

    +

    The OpenSSL Tracing API was added ino OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_trace_get_category_num.html b/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_trace_get_category_num.html new file mode 100755 index 0000000..ad78fea --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_trace_get_category_num.html @@ -0,0 +1,79 @@ + + + + +OSSL_trace_get_category_num + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OSSL_trace_get_category_num, OSSL_trace_get_category_name +- OpenSSL tracing information functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/trace.h>
    +
    + int OSSL_trace_get_category_num(const char *name);
+ const char *OSSL_trace_get_category_name(int num);
    +

    +

    +
    +

    DESCRIPTION

    +

    OSSL_trace_get_category_num() gives the category number corresponding +to the given name.

    +

    OSSL_trace_get_category_name() gives the category name corresponding +to the given num.

    +

    +

    +
    +

    RETURN VALUES

    +

    OSSL_trace_get_category_num() returns the category number if the given +name is a recognised category name, otherwise -1.

    +

    OSSL_trace_get_category_name() returns the category name if the given +num is a recognised category number, otherwise NULL.

    +

    +

    +
    +

    HISTORY

    +

    The OpenSSL Tracing API was added ino OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_trace_set_channel.html b/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_trace_set_channel.html new file mode 100755 index 0000000..d2113fd --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/OSSL_trace_set_channel.html @@ -0,0 +1,366 @@ + + + + +OSSL_trace_set_channel + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OSSL_trace_set_channel, OSSL_trace_set_prefix, OSSL_trace_set_suffix, +OSSL_trace_set_callback, OSSL_trace_cb - Enabling trace output

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/trace.h>
    +
    + typedef size_t (*OSSL_trace_cb)(const char *buf, size_t cnt,
+                                 int category, int cmd, void *data);
    +
    + void OSSL_trace_set_channel(int category, BIO *bio);
+ void OSSL_trace_set_prefix(int category, const char *prefix);
+ void OSSL_trace_set_suffix(int category, const char *suffix);
+ void OSSL_trace_set_callback(int category, OSSL_trace_cb cb, void  *data);
    +

    +

    +
    +

    DESCRIPTION

    +

    If available (see NOTES below), the application can request +internal trace output. +This output comes in form of free text for humans to read.

    +

    The trace output is divided into categories which can be +enabled individually. +Every category can be enabled individually by attaching a so called +trace channel to it, which in the simplest case is just a BIO object +to which the application can write the tracing output for this category. +Alternatively, the application can provide a tracer callback in order to +get more finegrained trace information. This callback will be wrapped +internally by a dedicated BIO object.

    +

    For the tracing code, both trace channel types are indistinguishable. +These are called a simple trace channel and a callback trace channel, +respectively.

    +

    +

    +

    Functions

    +

    OSSL_trace_set_channel() is used to enable the given trace category +by attaching the BIO bio object as (simple) trace channel.

    +

    OSSL_trace_set_prefix() and OSSL_trace_set_suffix() can be used to add +an extra line for each channel, to be output before and after group of +tracing output. +What constitues an output group is decided by the code that produces +the output. +The lines given here are considered immutable; for more dynamic +tracing prefixes, consider setting a callback with +OSSL_trace_set_callback() instead.

    +

    OSSL_trace_set_callback() is used to enable the given trace +category by giving it the tracer callback cb with the associated +data data, which will simply be passed through to cb whenever +it's called. The callback function is internally wrapped by a +dedicated BIO object, the so called callback trace channel. +This should be used when it's desirable to do form the trace output to +something suitable for application needs where a prefix and suffix +line aren't enough.

    +

    OSSL_trace_set_channel() and OSSL_trace_set_callback() are mutually +exclusive, calling one of them will clear whatever was set by the +previous call.

    +

    Calling OSSL_trace_set_channel() with NULL for channel or +OSSL_trace_set_callback() with NULL for cb disables tracing for +the given category

    +

    +

    +

    Trace callback

    +

    The tracer callback must return a size_t, which must be zero on +error and otherwise return the number of bytes that were output. +It receives a text buffer buf with cnt bytes of text, as well as +the category, a control number cmd, and the data that was +passed to OSSL_trace_set_callback().

    +

    The possible control numbers are:

    +
    +
    OSSL_TRACE_CTRL_BEGIN
    + +
    +

    The callback is called from OSSL_trace_begin(), which gives the +callback the possibility to output a dynamic starting line, or set a +prefix that should be output at the beginning of each line, or +something other.

    +
    +
    OSSL_TRACE_CTRL_WRITE
    + +
    +

    This callback is called whenever data is written to the BIO by some +regular BIO output routine. +An arbitrary number of OSSL_TRACE_CTRL_WRITE callbacks can occur +inside a group marked by a pair of OSSL_TRACE_CTRL_BEGIN and +OSSL_TRACE_CTRL_END calls, but never outside such a group.

    +
    +
    OSSL_TRACE_CTRL_END
    + +
    +

    The callback is called from OSSL_trace_end(), which gives the callback +the possibility to output a dynamic ending line, or reset the line +prefix that was set with OSSL_TRACE_CTRL_BEGIN, or something other.

    +
    +
    +

    +

    +

    Trace categories

    +

    The trace categories are simple numbers available through macros.

    +
    +
    OSSL_TRACE_CATEGORY_TRACE
    + +
    +

    Traces the OpenSSL trace API itself.

    +

    More precisely, this will generate trace output any time a new +trace hook is set.

    +
    +
    OSSL_TRACE_CATEGORY_INIT
    + +
    +

    Traces OpenSSL library initialization and cleanup.

    +

    This needs special care, as OpenSSL will do automatic cleanup after +exit from main(), and any tracing output done during this cleanup +will be lost if the tracing channel or callback were cleaned away +prematurely. +A suggestion is to make such cleanup part of a function that's +registered very early with atexit(3).

    +
    +
    OSSL_TRACE_CATEGORY_TLS
    + +
    +

    Traces the TLS/SSL protocol.

    +
    +
    OSSL_TRACE_CATEGORY_TLS_CIPHER
    + +
    +

    Traces the ciphers used by the TLS/SSL protocol.

    +
    +
    OSSL_TRACE_CATEGORY_ENGINE_CONF
    + +
    +

    Traces the ENGINE configuration.

    +
    +
    OSSL_TRACE_CATEGORY_ENGINE_TABLE
    + +
    +

    Traces the ENGINE algorithm table selection.

    +

    More precisely, engine_table_select(), the function that is used by +RSA, DSA (etc) code to select registered ENGINEs, cache defaults and +functional references (etc), will generate trace summaries.

    +
    +
    OSSL_TRACE_CATEGORY_ENGINE_REF_COUNT
    + +
    +

    Tracds the ENGINE reference counting.

    +

    More precisely, both reference counts in the ENGINE structure will be +monitored with a line of trace output generated for each change.

    +
    +
    OSSL_TRACE_CATEGORY_PKCS5V2
    + +
    +

    Traces PKCS#5 v2 key generation.

    +
    +
    OSSL_TRACE_CATEGORY_PKCS12_KEYGEN
    + +
    +

    Traces PKCS#12 key generation.

    +
    +
    OSSL_TRACE_CATEGORY_PKCS12_DECRYPT
    + +
    +

    Traces PKCS#12 decryption.

    +
    +
    OSSL_TRACE_CATEGORY_X509V3_POLICY
    + +
    +

    Traces X509v3 policy processing.

    +

    More precisely, this generates the complete policy tree at various +point during evaluation.

    +
    +
    OSSL_TRACE_CATEGORY_BN_CTX
    + +
    +

    Traces BIGNUM context operations.

    +
    +
    OSSL_TRACE_CATEGORY_PROVIDER_CONF
    + +
    +

    Traces the OSSL_PROVIDER configuration.

    +
    +
    +

    There is also OSSL_TRACE_CATEGORY_ALL, which works as a fallback +and can be used to get all trace output.

    +

    Note, however, that in this case all trace output will effectively be +associated with the 'ALL' category, which is undesirable if the +application intends to include the category name in the trace output. +In this case it is better to register separate channels for each +trace category instead.

    +

    +

    +
    +

    RETURN VALUES

    +

    OSSL_trace_set_channel(), OSSL_trace_set_prefix(), +OSSL_trace_set_suffix(), and OSSL_trace_set_callback() return 1 on +success, or 0 on failure.

    +

    +

    +
    +

    EXAMPLES

    +

    In all examples below, the trace producing code is assumed to be +the following:

    +
    + int foo = 42;
+ const char bar[] = { 0,  1,  2,  3,  4,  5,  6,  7,
+                      8,  9, 10, 11, 12, 13, 14, 15 };
    +
    + OSSL_TRACE_BEGIN(TLS) {
+     BIO_puts(trc_out, "foo: ");
+     BIO_printf(trc_out, "%d\n", foo);
+     BIO_dump(trc_out, bar, sizeof(bar));
+ } OSSL_TRACE_END(TLS);
    +

    +

    +

    Simple example

    +

    An example with just a channel and constant prefix / suffix.

    +
    + int main(int argc, char *argv[])
+ {
+     BIO *err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+     OSSL_trace_set_channel(OSSL_TRACE_CATEGORY_SSL, err);
+     OSSL_trace_set_prefix(OSSL_TRACE_CATEGORY_SSL, "BEGIN TRACE[TLS]");
+     OSSL_trace_set_suffix(OSSL_TRACE_CATEGORY_SSL, "END TRACE[TLS]");
    +
    +     /* ... work ... */
+ }
    +

    When the trace producing code above is performed, this will be output +on standard error:

    +
    + BEGIN TRACE[TLS]
+ foo: 42
+ 0000 - 00 01 02 03 04 05 06 07-08 09 0a 0b 0c 0d 0e 0f   ................
+ END TRACE[TLS]
    +

    +

    +

    Advanced example

    +

    This example uses the callback, and depends on pthreads functionality.

    +
    + static size_t cb(const char *buf, size_t cnt,
+                 int category, int cmd, void *vdata)
+ {
+     BIO *bio = vdata;
+     const char *label = NULL;
    +
    +     switch (cmd) {
+     case OSSL_TRACE_CTRL_BEGIN:
+         label = "BEGIN";
+         break;
+     case OSSL_TRACE_CTRL_END:
+         label = "END";
+         break;
+     }
    +
    +     if (label != NULL) {
+         union {
+             pthread_t tid;
+             unsigned long ltid;
+         } tid;
    +
    +         tid.tid = pthread_self();
+         BIO_printf(bio, "%s TRACE[%s]:%lx\n",
+                    label, OSSL_trace_get_category_name(category), tid.ltid);
+     }
+     return (size_t)BIO_puts(bio, buf);
+ }
    +
    + int main(int argc, char *argv[])
+ {
+     BIO *err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+     OSSL_trace_set_callback(OSSL_TRACE_CATEGORY_SSL, cb, err);
    +
    +     /* ... work ... */
+ }
    +

    The output is almost the same as for the simple example above.

    +
    + BEGIN TRACE[TLS]:7f9eb0193b80
+ foo: 42
+ 0000 - 00 01 02 03 04 05 06 07-08 09 0a 0b 0c 0d 0e 0f   ................
+ END TRACE[TLS]:7f9eb0193b80
    +

    +

    +
    +

    NOTES

    +

    +

    +

    Configure Tracing

    +

    By default, the OpenSSL library is built with tracing disabled. To +use the tracing functionality documented here, it is therefore +necessary to configure and build OpenSSL with the 'enable-trace' option.

    +

    When the library is built with tracing disabled, the macro +OPENSSL_NO_TRACE is defined in openssl/opensslconf.h and all +functions described here are inoperational, i.e. will do nothing.

    +

    +

    +
    +

    HISTORY

    +

    OSSL_trace_set_channel(), OSSL_trace_set_prefix(), +OSSL_trace_set_suffix(), and OSSL_trace_set_callback() were all added +in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/OpenSSL_add_all_algorithms.html b/linux_amd64/ssl/share/doc/openssl/html/man3/OpenSSL_add_all_algorithms.html new file mode 100755 index 0000000..6d32474 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/OpenSSL_add_all_algorithms.html @@ -0,0 +1,97 @@ + + + + +OpenSSL_add_all_algorithms + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OpenSSL_add_all_algorithms, OpenSSL_add_all_ciphers, OpenSSL_add_all_digests, EVP_cleanup - +add algorithms to internal table

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +

    Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + void OpenSSL_add_all_algorithms(void);
+ void OpenSSL_add_all_ciphers(void);
+ void OpenSSL_add_all_digests(void);
    +
    + void EVP_cleanup(void)
    +

    +

    +
    +

    DESCRIPTION

    +

    OpenSSL keeps an internal table of digest algorithms and ciphers. It uses +this table to lookup ciphers via functions such as EVP_get_cipher_byname().

    +

    OpenSSL_add_all_digests() adds all digest algorithms to the table.

    +

    OpenSSL_add_all_algorithms() adds all algorithms to the table (digests and +ciphers).

    +

    OpenSSL_add_all_ciphers() adds all encryption algorithms to the table including +password based encryption algorithms.

    +

    In versions prior to 1.1.0 EVP_cleanup() removed all ciphers and digests from +the table. It no longer has any effect in OpenSSL 1.1.0.

    +

    +

    +
    +

    RETURN VALUES

    +

    None of the functions return a value.

    +

    +

    +
    +

    SEE ALSO

    +

    evp(7), EVP_DigestInit(3), +EVP_EncryptInit(3)

    +

    +

    +
    +

    HISTORY

    +

    The OpenSSL_add_all_algorithms(), OpenSSL_add_all_ciphers(), +OpenSSL_add_all_digests(), and EVP_cleanup(), functions +were deprecated in OpenSSL 1.1.0 by OPENSSL_init_crypto() and should +not be used.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/OpenSSL_version.html b/linux_amd64/ssl/share/doc/openssl/html/man3/OpenSSL_version.html new file mode 100755 index 0000000..06f2878 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/OpenSSL_version.html @@ -0,0 +1,309 @@ + + + + +OpenSSL_version + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OPENSSL_VERSION_MAJOR, OPENSSL_VERSION_MINOR, OPENSSL_VERSION_PATCH, +OPENSSL_VERSION_PRE_RELEASE, OPENSSL_VERSION_BUILD_METADATA, +OPENSSL_VERSION_TEXT, +OPENSSL_version_major, OPENSSL_version_minor, OPENSSL_version_patch, +OPENSSL_version_pre_release, OPENSSL_version_build_metadata, OpenSSL_version, +OPENSSL_VERSION_NUMBER, OpenSSL_version_num, OPENSSL_info +- get OpenSSL version number and other information

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/opensslv.h>
    +
    + #define OPENSSL_VERSION_MAJOR  x
+ #define OPENSSL_VERSION_MINOR  y
+ #define OPENSSL_VERSION_PATCH  z
    +
    + /* The definitions here are typical release values */
+ #define OPENSSL_VERSION_PRE_RELEASE ""
+ #define OPENSSL_VERSION_BUILD_METADATA ""
    +
    + #define OPENSSL_VERSION_TEXT "OpenSSL x.y.z xx XXX xxxx"
    +
    + #include <openssl/crypto.h>
    +
    + unsigned int OPENSSL_version_major(void);
+ unsigned int OPENSSL_version_minor(void);
+ unsigned int OPENSSL_version_patch(void);
+ const char *OPENSSL_version_pre_release(void);
+ const char *OPENSSL_version_build_metadata(void);
    +
    + const char *OpenSSL_version(int t);
    +
    + const char *OPENSSL_info(int t);
    +

    Deprecated:

    +
    + /* from openssl/opensslv.h */
+ #define OPENSSL_VERSION_NUMBER 0xnnnnnnnnnL
    +
    + /* from openssl/crypto.h */
+ unsigned long OpenSSL_version_num();
    +

    +

    +
    +

    DESCRIPTION

    +

    +

    +

    Macros

    +

    The three macros OPENSSL_VERSION_MAJOR, OPENSSL_VERSION_MINOR and +OPENSSL_VERSION_PATCH represent the three parts of a version +identifier, MAJOR.MINOR.PATCH.

    +

    The macro OPENSSL_VERSION_PRE_RELEASE is an added bit of text that +indicates that this is a pre-release version, such as "-dev" for an +ongoing development snapshot or "-alpha3" for an alpha release. +The value must be a string.

    +

    The macro OPENSSL_VERSION_BUILD_METADATA is extra information, reserved +for other parties, such as "+fips", or "+vendor.1"). +The OpenSSL project will not touch this macro (will leave it an empty string). +The value must be a string.

    +

    OPENSSL_VERSION_STR is a convenience macro to get the short version +identifier string, "MAJOR.MINOR.PATCH".

    +

    OPENSSL_FULL_VERSION_STR is a convenience macro to get the longer +version identifier string, which combines OPENSSL_VERSION_STR, +OPENSSL_VERSION_PRE_RELEASE and OPENSSL_VERSION_BUILD_METADATA.

    +

    OPENSSL_VERSION_TEXT is a convenience macro to get a full descriptive +version text, which includes OPENSSL_FULL_VERSION_STR and the release +date.

    +

    +

    +

    Functions

    +

    OPENSSL_version_major(), OPENSSL_version_minor(), OPENSSL_version_patch(), +OPENSSL_version_pre_release(), and OPENSSL_version_build_metadata() return +the values of the macros above for the build of the library, respectively.

    +

    OpenSSL_version() returns different strings depending on t:

    +
    +
    OPENSSL_VERSION
    + +
    +

    The value of OPENSSL_VERSION_TEXT

    +
    +
    OPENSSL_VERSION_STRING
    + +
    +

    The value of OPENSSL_VERSION_STR

    +
    +
    OPENSSL_FULL_VERSION_STRING
    + +
    +

    The value of OPENSSL_FULL_VERSION_STR

    +
    +
    OPENSSL_CFLAGS
    + +
    +

    The compiler flags set for the compilation process in the form +compiler: ... if available, or compiler: information not available +otherwise.

    +
    +
    OPENSSL_BUILT_ON
    + +
    +

    The date of the build process in the form built on: ... if available +or built on: date not available otherwise. +The date would not be available in a reproducible build, for example.

    +
    +
    OPENSSL_PLATFORM
    + +
    +

    The "Configure" target of the library build in the form platform: ... +if available, or platform: information not available otherwise.

    +
    +
    OPENSSL_DIR
    + +
    +

    The OPENSSLDIR setting of the library build in the form OPENSSLDIR: "..." +if available, or OPENSSLDIR: N/A otherwise.

    +
    +
    OPENSSL_ENGINES_DIR
    + +
    +

    The ENGINESDIR setting of the library build in the form ENGINESDIR: "..." +if available, or ENGINESDIR: N/A otherwise.

    +
    +
    OPENSSL_MODULES_DIR
    + +
    +

    The MODULESDIR setting of the library build in the form MODULESDIR: "..." +if available, or MODULESDIR: N/A otherwise.

    +
    +
    OPENSSL_CPU_INFO
    + +
    +

    The current OpenSSL cpu settings. +This is the current setting of the cpu capability flags. It is usually +automatically configured but may be set via an environment variable. +The value has the same syntax as the environment variable. +For x86 the string looks like CPUINFO: OPENSSL_ia32cap=0x123:0x456 +or CPUINFO: N/A if not available.

    +
    +
    +

    For an unknown t, the text not available is returned.

    +

    OPENSSL_info() also returns different strings depending on t:

    +
    +
    OPENSSL_INFO_CONFIG_DIR
    + +
    +

    The configured OPENSSLDIR, which is the default location for +OpenSSL configuration files.

    +
    +
    OPENSSL_INFO_ENGINES_DIR
    + +
    +

    The configured ENGINESDIR, which is the default location for +OpenSSL engines.

    +
    +
    OPENSSL_INFO_MODULES_DIR
    + +
    +

    The configured MODULESDIR, which is the default location for +dynamically loadable OpenSSL modules other than engines.

    +
    +
    OPENSSL_INFO_DSO_EXTENSION
    + +
    +

    The configured dynamically loadable module extension.

    +
    +
    OPENSSL_INFO_DIR_FILENAME_SEPARATOR
    + +
    +

    The separator between a directory specification and a filename. +Note that on some operating systems, this is not the same as the +separator between directory elements.

    +
    +
    OPENSSL_INFO_LIST_SEPARATOR
    + +
    +

    The OpenSSL list separator. +This is typically used in strings that are lists of items, such as the +value of the environment variable $PATH on Unix (where the +separator is :) or %PATH% on Windows (where the separator is +;).

    +
    +
    OPENSSL_INFO_CPU_SETTINGS
    + +
    +

    The current OpenSSL cpu settings. +This is the current setting of the cpu capability flags. It is usually +automatically configured but may be set via an environment variable. +The value has the same syntax as the environment variable. +For x86 the string looks like OPENSSL_ia32cap=0x123:0x456.

    +
    +
    +

    For an unknown t, NULL is returned.

    +

    +

    +
    +

    BACKWARD COMPATIBILITY

    +

    For compatibility, some older macros and functions are retained or +synthesised. +They are all considered deprecated.

    +

    +

    +

    Macros

    +

    OPENSSL_VERSION_NUMBER is a combination of the major, minor and +patch version into a single integer 0xMNN00PP0L, where:

    +
    +
    M
    + +
    +

    is the number from OPENSSL_VERSION_MAJOR, in hexadecimal notation

    +
    +
    NN
    + +
    +

    is the number from OPENSSL_VERSION_MINOR, in hexadecimal notation

    +
    +
    PP
    + +
    +

    is the number from OPENSSL_VERSION_PATCH, in hexadecimal notation

    +
    +
    +

    +

    +

    Functions

    +

    OpenSSL_version_num() returns the value of OPENSSL_VERSION_NUMBER.

    +

    +

    +
    +

    RETURN VALUES

    +

    OPENSSL_version_major(), OPENSSL_version_minor() and OPENSSL_version_patch() +return the version number parts as integers.

    +

    OPENSSL_version_pre_release() and OPENSSL_version_build_metadata() return +the values of OPENSSL_VERSION_PRE_RELEASE and +OPENSSL_VERSION_BUILD_METADATA respectively as constant strings. +For any of them that is undefined, the empty string is returned.

    +

    OpenSSL_version() returns constant strings.

    +

    +

    +
    +

    SEE ALSO

    +

    crypto(7)

    +

    +

    +
    +

    HISTORY

    +

    The macros and functions described here were added in OpenSSL 3.0, +with the exception of the BACKWARD COMPATIBILITY ones.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/PEM_bytes_read_bio.html b/linux_amd64/ssl/share/doc/openssl/html/man3/PEM_bytes_read_bio.html new file mode 100755 index 0000000..a4e31f7 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/PEM_bytes_read_bio.html @@ -0,0 +1,122 @@ + + + + +PEM_bytes_read_bio + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    PEM_bytes_read_bio, PEM_bytes_read_bio_secmem - read a PEM-encoded data structure from a BIO

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/pem.h>
    +
    + int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm,
+                        const char *name, BIO *bp, pem_password_cb *cb,
+                        void *u);
+ int PEM_bytes_read_bio_secmem(unsigned char **pdata, long *plen, char **pnm,
+                               const char *name, BIO *bp, pem_password_cb *cb,
+                               void *u);
    +

    +

    +
    +

    DESCRIPTION

    +

    PEM_bytes_read_bio() reads PEM-formatted (IETF RFC 1421 and IETF RFC 7468) +data from the BIO +bp for the data type given in name (RSA PRIVATE KEY, CERTIFICATE, +etc.). If multiple PEM-encoded data structures are present in the same +stream, PEM_bytes_read_bio() will skip non-matching data types and +continue reading. Non-PEM data present in the stream may cause an +error.

    +

    The PEM header may indicate that the following data is encrypted; if so, +the data will be decrypted, waiting on user input to supply a passphrase +if needed. The password callback cb and rock u are used to obtain +the decryption passphrase, if applicable.

    +

    Some data types have compatibility aliases, such as a file containing +X509 CERTIFICATE matching a request for the deprecated type CERTIFICATE. +The actual type indicated by the file is returned in *pnm if pnm is +non-NULL. The caller must free the storage pointed to by *pnm.

    +

    The returned data is the DER-encoded form of the requested type, in +*pdata with length *plen. The caller must free the storage pointed +to by *pdata.

    +

    PEM_bytes_read_bio_secmem() is similar to PEM_bytes_read_bio(), but uses +memory from the secure heap for its temporary buffers and the storage +returned in *pdata and *pnm. Accordingly, the caller must use +OPENSSL_secure_free() to free that storage.

    +

    +

    +
    +

    NOTES

    +

    PEM_bytes_read_bio_secmem() only enforces that the secure heap is used for +storage allocated within the PEM processing stack. The BIO stack from +which input is read may also use temporary buffers, which are not necessarily +allocated from the secure heap. In cases where it is desirable to ensure +that the contents of the PEM file only appears in memory from the secure heap, +care is needed in generating the BIO passed as bp. In particular, the +use of BIO_s_file() indicates the use of the operating system stdio +functionality, which includes buffering as a feature; BIO_s_fd() is likely +to be more appropriate in such cases.

    +

    These functions make no assumption regarding the pass phrase received from the +password callback. +It will simply be treated as a byte sequence.

    +

    +

    +
    +

    RETURN VALUES

    +

    PEM_bytes_read_bio() and PEM_bytes_read_bio_secmem() return 1 for success or +0 for failure.

    +

    +

    +
    +

    SEE ALSO

    +

    PEM_read_bio_ex(3), +passphrase-encoding(7)

    +

    +

    +
    +

    HISTORY

    +

    PEM_bytes_read_bio_secmem() was introduced in OpenSSL 1.1.1

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/PEM_read.html b/linux_amd64/ssl/share/doc/openssl/html/man3/PEM_read.html new file mode 100755 index 0000000..d6c21e1 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/PEM_read.html @@ -0,0 +1,161 @@ + + + + +PEM_read + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    PEM_write, PEM_write_bio, +PEM_read, PEM_read_bio, PEM_do_header, PEM_get_EVP_CIPHER_INFO +- PEM encoding routines

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/pem.h>
    +
    + int PEM_write(FILE *fp, const char *name, const char *header,
+               const unsigned char *data, long len)
+ int PEM_write_bio(BIO *bp, const char *name, const char *header,
+                   const unsigned char *data, long len)
    +
    + int PEM_read(FILE *fp, char **name, char **header,
+              unsigned char **data, long *len);
+ int PEM_read_bio(BIO *bp, char **name, char **header,
+                  unsigned char **data, long *len);
    +
    + int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cinfo);
+ int PEM_do_header(EVP_CIPHER_INFO *cinfo, unsigned char *data, long *len,
+                   pem_password_cb *cb, void *u);
    +

    +

    +
    +

    DESCRIPTION

    +

    These functions read and write PEM-encoded objects, using the PEM +type name, any additional header information, and the raw +data of length len.

    +

    PEM is the term used for binary content encoding first defined in IETF +RFC 1421. The content is a series of base64-encoded lines, surrounded +by begin/end markers each on their own line. For example:

    +
    + -----BEGIN PRIVATE KEY-----
+ MIICdg....
+ ... bhTQ==
+ -----END PRIVATE KEY-----
    +

    Optional header line(s) may appear after the begin line, and their +existence depends on the type of object being written or read.

    +

    PEM_write() writes to the file fp, while PEM_write_bio() writes to +the BIO bp. The name is the name to use in the marker, the +header is the header value or NULL, and data and len specify +the data and its length.

    +

    The final data buffer is typically an ASN.1 object which can be decoded with +the d2i function appropriate to the type name; see d2i_X509(3) +for examples.

    +

    PEM_read() reads from the file fp, while PEM_read_bio() reads +from the BIO bp. +Both skip any non-PEM data that precedes the start of the next PEM object. +When an object is successfully retrieved, the type name from the "----BEGIN +<type>-----" is returned via the name argument, any encapsulation headers +are returned in header and the base64-decoded content and its length are +returned via data and len respectively. +The name, header and data pointers are allocated via OPENSSL_malloc() +and should be freed by the caller via OPENSSL_free() when no longer needed.

    +

    PEM_get_EVP_CIPHER_INFO() can be used to determine the data returned by +PEM_read() or PEM_read_bio() is encrypted and to retrieve the associated cipher +and IV. +The caller passes a pointer to structure of type EVP_CIPHER_INFO via the +cinfo argument and the header returned via PEM_read() or PEM_read_bio(). +If the call is successful 1 is returned and the cipher and IV are stored at the +address pointed to by cinfo. +When the header is malformed, or not supported or when the cipher is unknown +or some internal error happens 0 is returned. +This function is deprecated, see NOTES below.

    +

    PEM_do_header() can then be used to decrypt the data if the header +indicates encryption. +The cinfo argument is a pointer to the structure initialized by the previous +call to PEM_get_EVP_CIPHER_INFO(). +The data and len arguments are those returned by the previous call to +PEM_read() or PEM_read_bio(). +The cb and u arguments make it possible to override the default password +prompt function as described in PEM_read_PrivateKey(3). +On successful completion the data is decrypted in place, and len is +updated to indicate the plaintext length. +This function is deprecated, see NOTES below.

    +

    If the data is a priori known to not be encrypted, then neither PEM_do_header() +nor PEM_get_EVP_CIPHER_INFO() need be called.

    +

    +

    +
    +

    RETURN VALUES

    +

    PEM_read() and PEM_read_bio() return 1 on success and 0 on failure, the latter +includes the case when no more PEM objects remain in the input file. +To distinguish end of file from more serious errors the caller must peek at the +error stack and check for PEM_R_NO_START_LINE, which indicates that no more +PEM objects were found. See ERR_peek_last_error(3), ERR_GET_REASON(3).

    +

    PEM_get_EVP_CIPHER_INFO() and PEM_do_header() return 1 on success, and 0 on +failure. +The data is likely meaningless if these functions fail.

    +

    +

    +
    +

    NOTES

    +

    The PEM_get_EVP_CIPHER_INFO() and PEM_do_header() functions are deprecated. +This is because the underlying PEM encryption format is obsolete, and should +be avoided. +It uses an encryption format with an OpenSSL-specific key-derivation function, +which employs MD5 with an iteration count of 1! +Instead, private keys should be stored in PKCS#8 form, with a strong PKCS#5 +v2.0 PBE. +See PEM_write_PrivateKey(3) and d2i_PKCS8PrivateKey_bio(3).

    +

    PEM_do_header() makes no assumption regarding the pass phrase received from the +password callback. +It will simply be treated as a byte sequence.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_peek_last_error(3), ERR_GET_LIB(3), +d2i_PKCS8PrivateKey_bio(3), +passphrase-encoding(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/PEM_read_CMS.html b/linux_amd64/ssl/share/doc/openssl/html/man3/PEM_read_CMS.html new file mode 100755 index 0000000..1404bcd --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/PEM_read_CMS.html @@ -0,0 +1,142 @@ + + + + +PEM_read_CMS + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    DECLARE_PEM_rw, +PEM_read_CMS, +PEM_read_bio_CMS, +PEM_write_CMS, +PEM_write_bio_CMS, +PEM_write_DHxparams, +PEM_write_bio_DHxparams, +PEM_read_ECPKParameters, +PEM_read_bio_ECPKParameters, +PEM_write_ECPKParameters, +PEM_write_bio_ECPKParameters, +PEM_read_ECPrivateKey, +PEM_write_ECPrivateKey, +PEM_write_bio_ECPrivateKey, +PEM_read_EC_PUBKEY, +PEM_read_bio_EC_PUBKEY, +PEM_write_EC_PUBKEY, +PEM_write_bio_EC_PUBKEY, +PEM_read_NETSCAPE_CERT_SEQUENCE, +PEM_read_bio_NETSCAPE_CERT_SEQUENCE, +PEM_write_NETSCAPE_CERT_SEQUENCE, +PEM_write_bio_NETSCAPE_CERT_SEQUENCE, +PEM_read_PKCS8, +PEM_read_bio_PKCS8, +PEM_write_PKCS8, +PEM_write_bio_PKCS8, +PEM_write_PKCS8_PRIV_KEY_INFO, +PEM_read_bio_PKCS8_PRIV_KEY_INFO, +PEM_read_PKCS8_PRIV_KEY_INFO, +PEM_write_bio_PKCS8_PRIV_KEY_INFO, +PEM_read_SSL_SESSION, +PEM_read_bio_SSL_SESSION, +PEM_write_SSL_SESSION, +PEM_write_bio_SSL_SESSION, +PEM_read_X509_PUBKEY, +PEM_read_bio_X509_PUBKEY, +PEM_write_X509_PUBKEY, +PEM_write_bio_X509_PUBKEY +- PEM object encoding routines

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/pem.h>
    +
    + DECLARE_PEM_rw(name, TYPE)
    +
    + TYPE *PEM_read_TYPE(FILE *fp, TYPE **a, pem_password_cb *cb, void *u);
+ TYPE *PEM_read_bio_TYPE(BIO *bp, TYPE **a, pem_password_cb *cb, void *u);
+ int PEM_write_TYPE(FILE *fp, const TYPE *a);
+ int PEM_write_bio_TYPE(BIO *bp, const TYPE *a);
    +

    +

    +
    +

    DESCRIPTION

    +

    In the description below, TYPE is used +as a placeholder for any of the OpenSSL datatypes, such as X509. +The macro DECLARE_PEM_rw expands to the set of declarations shown in +the next four lines of the synopsis.

    +

    These routines convert between local instances of ASN1 datatypes and +the PEM encoding. For more information on the templates, see +ASN1_ITEM(3). For more information on the lower-level routines used +by the functions here, see PEM_read(3).

    +

    PEM_read_TYPE() reads a PEM-encoded object of TYPE from the file +fp and returns it. The cb and u parameters are as described in +pem_password_cb(3).

    +

    PEM_read_bio_TYPE() is similar to PEM_read_TYPE() but reads from +the BIO bp.

    +

    PEM_write_TYPE() writes the PEM encoding of the object a to the file +fp.

    +

    PEM_write_bio_TYPE() similarly writes to the BIO bp.

    +

    +

    +
    +

    NOTES

    +

    These functions make no assumption regarding the pass phrase received from the +password callback. +It will simply be treated as a byte sequence.

    +

    +

    +
    +

    RETURN VALUES

    +

    PEM_read_TYPE() and PEM_read_bio_TYPE() return a pointer to an +allocated object, which should be released by calling TYPE_free(), or +NULL on error.

    +

    PEM_write_TYPE() and PEM_write_bio_TYPE() return the number of bytes +written or zero on error.

    +

    +

    +
    +

    SEE ALSO

    +

    PEM_read(3), +passphrase-encoding(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/PEM_read_bio_PrivateKey.html b/linux_amd64/ssl/share/doc/openssl/html/man3/PEM_read_bio_PrivateKey.html new file mode 100755 index 0000000..00591aa --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/PEM_read_bio_PrivateKey.html @@ -0,0 +1,493 @@ + + + + +PEM_read_bio_PrivateKey + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    pem_password_cb, +PEM_read_bio_PrivateKey, PEM_read_PrivateKey, PEM_write_bio_PrivateKey, +PEM_write_bio_PrivateKey_traditional, PEM_write_PrivateKey, +PEM_write_bio_PKCS8PrivateKey, PEM_write_PKCS8PrivateKey, +PEM_write_bio_PKCS8PrivateKey_nid, PEM_write_PKCS8PrivateKey_nid, +PEM_read_bio_PUBKEY, PEM_read_PUBKEY, PEM_write_bio_PUBKEY, PEM_write_PUBKEY, +PEM_read_bio_RSAPrivateKey, PEM_read_RSAPrivateKey, +PEM_write_bio_RSAPrivateKey, PEM_write_RSAPrivateKey, +PEM_read_bio_RSAPublicKey, PEM_read_RSAPublicKey, PEM_write_bio_RSAPublicKey, +PEM_write_RSAPublicKey, PEM_read_bio_RSA_PUBKEY, PEM_read_RSA_PUBKEY, +PEM_write_bio_RSA_PUBKEY, PEM_write_RSA_PUBKEY, PEM_read_bio_DSAPrivateKey, +PEM_read_DSAPrivateKey, PEM_write_bio_DSAPrivateKey, PEM_write_DSAPrivateKey, +PEM_read_bio_DSA_PUBKEY, PEM_read_DSA_PUBKEY, PEM_write_bio_DSA_PUBKEY, +PEM_write_DSA_PUBKEY, PEM_read_bio_Parameters, PEM_write_bio_Parameters, +PEM_read_bio_DSAparams, PEM_read_DSAparams, +PEM_write_bio_DSAparams, PEM_write_DSAparams, PEM_read_bio_DHparams, +PEM_read_DHparams, PEM_write_bio_DHparams, PEM_write_DHparams, +PEM_read_bio_X509, PEM_read_X509, PEM_write_bio_X509, PEM_write_X509, +PEM_read_bio_X509_AUX, PEM_read_X509_AUX, PEM_write_bio_X509_AUX, +PEM_write_X509_AUX, PEM_read_bio_X509_REQ, PEM_read_X509_REQ, +PEM_write_bio_X509_REQ, PEM_write_X509_REQ, PEM_write_bio_X509_REQ_NEW, +PEM_write_X509_REQ_NEW, PEM_read_bio_X509_CRL, PEM_read_X509_CRL, +PEM_write_bio_X509_CRL, PEM_write_X509_CRL, PEM_read_bio_PKCS7, PEM_read_PKCS7, +PEM_write_bio_PKCS7, PEM_write_PKCS7 - PEM routines

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/pem.h>
    +
    + typedef int pem_password_cb(char *buf, int size, int rwflag, void *u);
    +
    + EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x,
+                                   pem_password_cb *cb, void *u);
+ EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x,
+                               pem_password_cb *cb, void *u);
+ int PEM_write_bio_PrivateKey(BIO *bp, const EVP_PKEY *x, const EVP_CIPHER *enc,
+                              unsigned char *kstr, int klen,
+                              pem_password_cb *cb, void *u);
+ int PEM_write_bio_PrivateKey_traditional(BIO *bp, EVP_PKEY *x,
+                                          const EVP_CIPHER *enc,
+                                          unsigned char *kstr, int klen,
+                                          pem_password_cb *cb, void *u);
+ int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                          unsigned char *kstr, int klen,
+                          pem_password_cb *cb, void *u);
+ int PEM_write_bio_PKCS8PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                                   char *kstr, int klen,
+                                   pem_password_cb *cb, void *u);
+ int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                               char *kstr, int klen,
+                               pem_password_cb *cb, void *u);
+ int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, const EVP_PKEY *x, int nid,
+                                       char *kstr, int klen,
+                                       pem_password_cb *cb, void *u);
+ int PEM_write_PKCS8PrivateKey_nid(FILE *fp, const EVP_PKEY *x, int nid,
+                                   char *kstr, int klen,
+                                   pem_password_cb *cb, void *u);
    +
    + EVP_PKEY *PEM_read_bio_PUBKEY(BIO *bp, EVP_PKEY **x,
+                               pem_password_cb *cb, void *u);
+ EVP_PKEY *PEM_read_PUBKEY(FILE *fp, EVP_PKEY **x,
+                           pem_password_cb *cb, void *u);
+ int PEM_write_bio_PUBKEY(BIO *bp, EVP_PKEY *x);
+ int PEM_write_PUBKEY(FILE *fp, EVP_PKEY *x);
    +
    + RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **x,
+                                 pem_password_cb *cb, void *u);
+ RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **x,
+                             pem_password_cb *cb, void *u);
+ int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc,
+                                 unsigned char *kstr, int klen,
+                                 pem_password_cb *cb, void *u);
+ int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc,
+                             unsigned char *kstr, int klen,
+                             pem_password_cb *cb, void *u);
    +
    + RSA *PEM_read_bio_RSAPublicKey(BIO *bp, RSA **x,
+                                pem_password_cb *cb, void *u);
+ RSA *PEM_read_RSAPublicKey(FILE *fp, RSA **x,
+                            pem_password_cb *cb, void *u);
+ int PEM_write_bio_RSAPublicKey(BIO *bp, RSA *x);
+ int PEM_write_RSAPublicKey(FILE *fp, RSA *x);
    +
    + RSA *PEM_read_bio_RSA_PUBKEY(BIO *bp, RSA **x,
+                              pem_password_cb *cb, void *u);
+ RSA *PEM_read_RSA_PUBKEY(FILE *fp, RSA **x,
+                          pem_password_cb *cb, void *u);
+ int PEM_write_bio_RSA_PUBKEY(BIO *bp, RSA *x);
+ int PEM_write_RSA_PUBKEY(FILE *fp, RSA *x);
    +
    + DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **x,
+                                 pem_password_cb *cb, void *u);
+ DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **x,
+                             pem_password_cb *cb, void *u);
+ int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc,
+                                 unsigned char *kstr, int klen,
+                                 pem_password_cb *cb, void *u);
+ int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc,
+                             unsigned char *kstr, int klen,
+                             pem_password_cb *cb, void *u);
    +
    + DSA *PEM_read_bio_DSA_PUBKEY(BIO *bp, DSA **x,
+                              pem_password_cb *cb, void *u);
+ DSA *PEM_read_DSA_PUBKEY(FILE *fp, DSA **x,
+                          pem_password_cb *cb, void *u);
+ int PEM_write_bio_DSA_PUBKEY(BIO *bp, DSA *x);
+ int PEM_write_DSA_PUBKEY(FILE *fp, DSA *x);
    +
    + EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x);
+ int PEM_write_bio_Parameters(BIO *bp, const EVP_PKEY *x);
    +
    + DSA *PEM_read_bio_DSAparams(BIO *bp, DSA **x, pem_password_cb *cb, void *u);
+ DSA *PEM_read_DSAparams(FILE *fp, DSA **x, pem_password_cb *cb, void *u);
+ int PEM_write_bio_DSAparams(BIO *bp, DSA *x);
+ int PEM_write_DSAparams(FILE *fp, DSA *x);
    +
    + DH *PEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u);
+ DH *PEM_read_DHparams(FILE *fp, DH **x, pem_password_cb *cb, void *u);
+ int PEM_write_bio_DHparams(BIO *bp, DH *x);
+ int PEM_write_DHparams(FILE *fp, DH *x);
    +
    + X509 *PEM_read_bio_X509(BIO *bp, X509 **x, pem_password_cb *cb, void *u);
+ X509 *PEM_read_X509(FILE *fp, X509 **x, pem_password_cb *cb, void *u);
+ int PEM_write_bio_X509(BIO *bp, X509 *x);
+ int PEM_write_X509(FILE *fp, X509 *x);
    +
    + X509 *PEM_read_bio_X509_AUX(BIO *bp, X509 **x, pem_password_cb *cb, void *u);
+ X509 *PEM_read_X509_AUX(FILE *fp, X509 **x, pem_password_cb *cb, void *u);
+ int PEM_write_bio_X509_AUX(BIO *bp, X509 *x);
+ int PEM_write_X509_AUX(FILE *fp, X509 *x);
    +
    + X509_REQ *PEM_read_bio_X509_REQ(BIO *bp, X509_REQ **x,
+                                 pem_password_cb *cb, void *u);
+ X509_REQ *PEM_read_X509_REQ(FILE *fp, X509_REQ **x,
+                             pem_password_cb *cb, void *u);
+ int PEM_write_bio_X509_REQ(BIO *bp, X509_REQ *x);
+ int PEM_write_X509_REQ(FILE *fp, X509_REQ *x);
+ int PEM_write_bio_X509_REQ_NEW(BIO *bp, X509_REQ *x);
+ int PEM_write_X509_REQ_NEW(FILE *fp, X509_REQ *x);
    +
    + X509_CRL *PEM_read_bio_X509_CRL(BIO *bp, X509_CRL **x,
+                                 pem_password_cb *cb, void *u);
+ X509_CRL *PEM_read_X509_CRL(FILE *fp, X509_CRL **x,
+                             pem_password_cb *cb, void *u);
+ int PEM_write_bio_X509_CRL(BIO *bp, X509_CRL *x);
+ int PEM_write_X509_CRL(FILE *fp, X509_CRL *x);
    +
    + PKCS7 *PEM_read_bio_PKCS7(BIO *bp, PKCS7 **x, pem_password_cb *cb, void *u);
+ PKCS7 *PEM_read_PKCS7(FILE *fp, PKCS7 **x, pem_password_cb *cb, void *u);
+ int PEM_write_bio_PKCS7(BIO *bp, PKCS7 *x);
+ int PEM_write_PKCS7(FILE *fp, PKCS7 *x);
    +

    +

    +
    +

    DESCRIPTION

    +

    The PEM functions read or write structures in PEM format. In +this sense PEM format is simply base64 encoded data surrounded +by header lines.

    +

    For more details about the meaning of arguments see the +PEM FUNCTION ARGUMENTS section.

    +

    Each operation has four functions associated with it. For +brevity the term "TYPE functions" will be used below to collectively +refer to the PEM_read_bio_TYPE(), PEM_read_TYPE(), +PEM_write_bio_TYPE(), and PEM_write_TYPE() functions.

    +

    The PrivateKey functions read or write a private key in PEM format using an +EVP_PKEY structure. The write routines use PKCS#8 private key format and are +equivalent to PEM_write_bio_PKCS8PrivateKey().The read functions transparently +handle traditional and PKCS#8 format encrypted and unencrypted keys.

    +

    PEM_write_bio_PrivateKey_traditional() writes out a private key in the +"traditional" format with a simple private key marker and should only +be used for compatibility with legacy programs.

    +

    PEM_write_bio_PKCS8PrivateKey() and PEM_write_PKCS8PrivateKey() write a private +key in an EVP_PKEY structure in PKCS#8 EncryptedPrivateKeyInfo format using +PKCS#5 v2.0 password based encryption algorithms. The cipher argument +specifies the encryption algorithm to use: unlike some other PEM routines the +encryption is applied at the PKCS#8 level and not in the PEM headers. If +cipher is NULL then no encryption is used and a PKCS#8 PrivateKeyInfo +structure is used instead.

    +

    PEM_write_bio_PKCS8PrivateKey_nid() and PEM_write_PKCS8PrivateKey_nid() +also write out a private key as a PKCS#8 EncryptedPrivateKeyInfo however +it uses PKCS#5 v1.5 or PKCS#12 encryption algorithms instead. The algorithm +to use is specified in the nid parameter and should be the NID of the +corresponding OBJECT IDENTIFIER (see NOTES section).

    +

    The PUBKEY functions process a public key using an EVP_PKEY +structure. The public key is encoded as a SubjectPublicKeyInfo +structure.

    +

    The RSAPrivateKey functions process an RSA private key using an +RSA structure. The write routines uses traditional format. The read +routines handles the same formats as the PrivateKey +functions but an error occurs if the private key is not RSA.

    +

    The RSAPublicKey functions process an RSA public key using an +RSA structure. The public key is encoded using a PKCS#1 RSAPublicKey +structure.

    +

    The RSA_PUBKEY functions also process an RSA public key using +an RSA structure. However the public key is encoded using a +SubjectPublicKeyInfo structure and an error occurs if the public +key is not RSA.

    +

    The DSAPrivateKey functions process a DSA private key using a +DSA structure. The write routines uses traditional format. The read +routines handles the same formats as the PrivateKey +functions but an error occurs if the private key is not DSA.

    +

    The DSA_PUBKEY functions process a DSA public key using +a DSA structure. The public key is encoded using a +SubjectPublicKeyInfo structure and an error occurs if the public +key is not DSA.

    +

    The Parameters functions read or write key parameters in PEM format using +an EVP_PKEY structure. The encoding depends on the type of key; for DSA key +parameters, it will be a Dss-Parms structure as defined in RFC2459, and for DH +key parameters, it will be a PKCS#3 DHparameter structure. These functions +only exist for the BIO type.

    +

    The DSAparams functions process DSA parameters using a DSA +structure. The parameters are encoded using a Dss-Parms structure +as defined in RFC2459.

    +

    The DHparams functions process DH parameters using a DH +structure. The parameters are encoded using a PKCS#3 DHparameter +structure.

    +

    The X509 functions process an X509 certificate using an X509 +structure. They will also process a trusted X509 certificate but +any trust settings are discarded.

    +

    The X509_AUX functions process a trusted X509 certificate using +an X509 structure.

    +

    The X509_REQ and X509_REQ_NEW functions process a PKCS#10 +certificate request using an X509_REQ structure. The X509_REQ +write functions use CERTIFICATE REQUEST in the header whereas +the X509_REQ_NEW functions use NEW CERTIFICATE REQUEST +(as required by some CAs). The X509_REQ read functions will +handle either form so there are no X509_REQ_NEW read functions.

    +

    The X509_CRL functions process an X509 CRL using an X509_CRL +structure.

    +

    The PKCS7 functions process a PKCS#7 ContentInfo using a PKCS7 +structure.

    +

    +

    +
    +

    PEM FUNCTION ARGUMENTS

    +

    The PEM functions have many common arguments.

    +

    The bp BIO parameter (if present) specifies the BIO to read from +or write to.

    +

    The fp FILE parameter (if present) specifies the FILE pointer to +read from or write to.

    +

    The PEM read functions all take an argument TYPE **x and return +a TYPE * pointer. Where TYPE is whatever structure the function +uses. If x is NULL then the parameter is ignored. If x is not +NULL but *x is NULL then the structure returned will be written +to *x. If neither x nor *x is NULL then an attempt is made +to reuse the structure at *x (but see BUGS and EXAMPLES sections). +Irrespective of the value of x a pointer to the structure is always +returned (or NULL if an error occurred).

    +

    The PEM functions which write private keys take an enc parameter +which specifies the encryption algorithm to use, encryption is done +at the PEM level. If this parameter is set to NULL then the private +key is written in unencrypted form.

    +

    The cb argument is the callback to use when querying for the pass +phrase used for encrypted PEM structures (normally only private keys).

    +

    For the PEM write routines if the kstr parameter is not NULL then +klen bytes at kstr are used as the passphrase and cb is +ignored.

    +

    If the cb parameters is set to NULL and the u parameter is not +NULL then the u parameter is interpreted as a null terminated string +to use as the passphrase. If both cb and u are NULL then the +default callback routine is used which will typically prompt for the +passphrase on the current terminal with echoing turned off.

    +

    The default passphrase callback is sometimes inappropriate (for example +in a GUI application) so an alternative can be supplied. The callback +routine has the following form:

    +
    + int cb(char *buf, int size, int rwflag, void *u);
    +

    buf is the buffer to write the passphrase to. size is the maximum +length of the passphrase (i.e. the size of buf). rwflag is a flag +which is set to 0 when reading and 1 when writing. A typical routine +will ask the user to verify the passphrase (for example by prompting +for it twice) if rwflag is 1. The u parameter has the same +value as the u parameter passed to the PEM routine. It allows +arbitrary data to be passed to the callback by the application +(for example a window handle in a GUI application). The callback +must return the number of characters in the passphrase or -1 if +an error occurred.

    +

    +

    +
    +

    NOTES

    +

    The old PrivateKey write routines are retained for compatibility. +New applications should write private keys using the +PEM_write_bio_PKCS8PrivateKey() or PEM_write_PKCS8PrivateKey() routines +because they are more secure (they use an iteration count of 2048 whereas +the traditional routines use a count of 1) unless compatibility with older +versions of OpenSSL is important.

    +

    The PrivateKey read routines can be used in all applications because +they handle all formats transparently.

    +

    A frequent cause of problems is attempting to use the PEM routines like +this:

    +
    + X509 *x;
    +
    + PEM_read_bio_X509(bp, &x, 0, NULL);
    +

    this is a bug because an attempt will be made to reuse the data at x +which is an uninitialised pointer.

    +

    These functions make no assumption regarding the pass phrase received from the +password callback. +It will simply be treated as a byte sequence.

    +

    +

    +
    +

    PEM ENCRYPTION FORMAT

    +

    These old PrivateKey routines use a non standard technique for encryption.

    +

    The private key (or other data) takes the following form:

    +
    + -----BEGIN RSA PRIVATE KEY-----
+ Proc-Type: 4,ENCRYPTED
+ DEK-Info: DES-EDE3-CBC,3F17F5316E2BAC89
    +
    + ...base64 encoded data...
+ -----END RSA PRIVATE KEY-----
    +

    The line beginning with Proc-Type contains the version and the +protection on the encapsulated data. The line beginning DEK-Info +contains two comma separated values: the encryption algorithm name as +used by EVP_get_cipherbyname() and an initialization vector used by the +cipher encoded as a set of hexadecimal digits. After those two lines is +the base64-encoded encrypted data.

    +

    The encryption key is derived using EVP_BytesToKey(). The cipher's +initialization vector is passed to EVP_BytesToKey() as the salt +parameter. Internally, PKCS5_SALT_LEN bytes of the salt are used +(regardless of the size of the initialization vector). The user's +password is passed to EVP_BytesToKey() using the data and datal +parameters. Finally, the library uses an iteration count of 1 for +EVP_BytesToKey().

    +

    The key derived by EVP_BytesToKey() along with the original initialization +vector is then used to decrypt the encrypted data. The iv produced by +EVP_BytesToKey() is not utilized or needed, and NULL should be passed to +the function.

    +

    The pseudo code to derive the key would look similar to:

    +
    + EVP_CIPHER* cipher = EVP_des_ede3_cbc();
+ EVP_MD* md = EVP_md5();
    +
    + unsigned int nkey = EVP_CIPHER_key_length(cipher);
+ unsigned int niv = EVP_CIPHER_iv_length(cipher);
+ unsigned char key[nkey];
+ unsigned char iv[niv];
    +
    + memcpy(iv, HexToBin("3F17F5316E2BAC89"), niv);
+ rc = EVP_BytesToKey(cipher, md, iv /*salt*/, pword, plen, 1, key, NULL /*iv*/);
+ if (rc != nkey)
+     /* Error */
    +
    + /* On success, use key and iv to initialize the cipher */
    +

    +

    +
    +

    BUGS

    +

    The PEM read routines in some versions of OpenSSL will not correctly reuse +an existing structure. Therefore the following:

    +
    + PEM_read_bio_X509(bp, &x, 0, NULL);
    +

    where x already contains a valid certificate, may not work, whereas:

    +
    + X509_free(x);
+ x = PEM_read_bio_X509(bp, NULL, 0, NULL);
    +

    is guaranteed to work.

    +

    +

    +
    +

    RETURN VALUES

    +

    The read routines return either a pointer to the structure read or NULL +if an error occurred.

    +

    The write routines return 1 for success or 0 for failure.

    +

    +

    +
    +

    EXAMPLES

    +

    Although the PEM routines take several arguments in almost all applications +most of them are set to 0 or NULL.

    +

    Read a certificate in PEM format from a BIO:

    +
    + X509 *x;
    +
    + x = PEM_read_bio_X509(bp, NULL, 0, NULL);
+ if (x == NULL)
+     /* Error */
    +

    Alternative method:

    +
    + X509 *x = NULL;
    +
    + if (!PEM_read_bio_X509(bp, &x, 0, NULL))
+     /* Error */
    +

    Write a certificate to a BIO:

    +
    + if (!PEM_write_bio_X509(bp, x))
+     /* Error */
    +

    Write a private key (using traditional format) to a BIO using +triple DES encryption, the pass phrase is prompted for:

    +
    + if (!PEM_write_bio_PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, NULL))
+     /* Error */
    +

    Write a private key (using PKCS#8 format) to a BIO using triple +DES encryption, using the pass phrase "hello":

    +
    + if (!PEM_write_bio_PKCS8PrivateKey(bp, key, EVP_des_ede3_cbc(),
+                                    NULL, 0, 0, "hello"))
+     /* Error */
    +

    Read a private key from a BIO using a pass phrase callback:

    +
    + key = PEM_read_bio_PrivateKey(bp, NULL, pass_cb, "My Private Key");
+ if (key == NULL)
+     /* Error */
    +

    Skeleton pass phrase callback:

    +
    + int pass_cb(char *buf, int size, int rwflag, void *u)
+ {
    +
    +     /* We'd probably do something else if 'rwflag' is 1 */
+     printf("Enter pass phrase for \"%s\"\n", (char *)u);
    +
    +     /* get pass phrase, length 'len' into 'tmp' */
+     char *tmp = "hello";
+     if (tmp == NULL) /* An error occurred */
+         return -1;
    +
    +     size_t len = strlen(tmp);
    +
    +     if (len > size)
+         len = size;
+     memcpy(buf, tmp, len);
+     return len;
+ }
    +

    +

    +
    +

    SEE ALSO

    +

    EVP_EncryptInit(3), EVP_BytesToKey(3), +passphrase-encoding(7)

    +

    +

    +
    +

    HISTORY

    +

    The old Netscape certificate sequences were no longer documented +in OpenSSL 1.1.0; applications should use the PKCS7 standard instead +as they will be formally deprecated in a future releases.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/PEM_read_bio_ex.html b/linux_amd64/ssl/share/doc/openssl/html/man3/PEM_read_bio_ex.html new file mode 100755 index 0000000..540b2ac --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/PEM_read_bio_ex.html @@ -0,0 +1,106 @@ + + + + +PEM_read_bio_ex + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    PEM_read_bio_ex, PEM_FLAG_SECURE, PEM_FLAG_EAY_COMPATIBLE, +PEM_FLAG_ONLY_B64 - read PEM format files with custom processing

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/pem.h>
    +
    + #define PEM_FLAG_SECURE             0x1
+ #define PEM_FLAG_EAY_COMPATIBLE     0x2
+ #define PEM_FLAG_ONLY_B64           0x4
+ int PEM_read_bio_ex(BIO *in, char **name, char **header,
+                     unsigned char **data, long *len, unsigned int flags);
    +

    +

    +
    +

    DESCRIPTION

    +

    PEM_read_bio_ex() reads in PEM formatted data from an input BIO, outputting +the name of the type of contained data, the header information regarding +the possibly encrypted data, and the binary data payload (after base64 decoding). +It should generally only be used to implement PEM_read_bio_-family functions +for specific data types or other usage, but is exposed to allow greater flexibility +over how processing is performed, if needed.

    +

    If PEM_FLAG_SECURE is set, the intermediate buffers used to read in lines of +input are allocated from the secure heap.

    +

    If PEM_FLAG_EAY_COMPATIBLE is set, a simple algorithm is used to remove whitespace +and control characters from the end of each line, so as to be compatible with +the historical behavior of PEM_read_bio().

    +

    If PEM_FLAG_ONLY_B64 is set, all characters are required to be valid base64 +characters (or newlines); non-base64 characters are treated as end of input.

    +

    If neither PEM_FLAG_EAY_COMPATIBLE or PEM_FLAG_ONLY_B64 is set, control characters +are ignored.

    +

    If both PEM_FLAG_EAY_COMPATIBLE and PEM_FLAG_ONLY_B64 are set, an error is returned; +these options are not compatible with each other.

    +

    +

    +
    +

    NOTES

    +

    The caller must release the storage allocated for *name, *header, and *data. +If PEM_FLAG_SECURE was set, use OPENSSL_secure_free(); otherwise, +OPENSSL_free() is used.

    +

    +

    +
    +

    RETURN VALUES

    +

    PEM_read_bio_ex() returns 1 for success or 0 for failure.

    +

    +

    +
    +

    SEE ALSO

    +

    PEM_bytes_read_bio(3)

    +

    +

    +
    +

    HISTORY

    +

    The PEM_read_bio_ex() function was added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/PEM_write_bio_CMS_stream.html b/linux_amd64/ssl/share/doc/openssl/html/man3/PEM_write_bio_CMS_stream.html new file mode 100755 index 0000000..a8799c6 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/PEM_write_bio_CMS_stream.html @@ -0,0 +1,90 @@ + + + + +PEM_write_bio_CMS_stream + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    PEM_write_bio_CMS_stream - output CMS_ContentInfo structure in PEM format

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/cms.h>
    +
    + int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *data, int flags);
    +

    +

    +
    +

    DESCRIPTION

    +

    PEM_write_bio_CMS_stream() outputs a CMS_ContentInfo structure in PEM format.

    +

    It is otherwise identical to the function SMIME_write_CMS().

    +

    +

    +
    +

    NOTES

    +

    This function is effectively a version of the PEM_write_bio_CMS() supporting +streaming.

    +

    +

    +
    +

    RETURN VALUES

    +

    PEM_write_bio_CMS_stream() returns 1 for success or 0 for failure.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), CMS_sign(3), +CMS_verify(3), CMS_encrypt(3) +CMS_decrypt(3), +PEM_write(3), +SMIME_write_CMS(3), +i2d_CMS_bio_stream(3)

    +

    +

    +
    +

    HISTORY

    +

    The PEM_write_bio_CMS_stream() function was added in OpenSSL 1.0.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/PEM_write_bio_PKCS7_stream.html b/linux_amd64/ssl/share/doc/openssl/html/man3/PEM_write_bio_PKCS7_stream.html new file mode 100755 index 0000000..d730d93 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/PEM_write_bio_PKCS7_stream.html @@ -0,0 +1,89 @@ + + + + +PEM_write_bio_PKCS7_stream + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    PEM_write_bio_PKCS7_stream - output PKCS7 structure in PEM format

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/pkcs7.h>
    +
    + int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *data, int flags);
    +

    +

    +
    +

    DESCRIPTION

    +

    PEM_write_bio_PKCS7_stream() outputs a PKCS7 structure in PEM format.

    +

    It is otherwise identical to the function SMIME_write_PKCS7().

    +

    +

    +
    +

    NOTES

    +

    This function is effectively a version of the PEM_write_bio_PKCS7() supporting +streaming.

    +

    +

    +
    +

    RETURN VALUES

    +

    PEM_write_bio_PKCS7_stream() returns 1 for success or 0 for failure.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), PKCS7_sign(3), +PKCS7_verify(3), PKCS7_encrypt(3) +PKCS7_decrypt(3), +SMIME_write_PKCS7(3), +i2d_PKCS7_bio_stream(3)

    +

    +

    +
    +

    HISTORY

    +

    The PEM_write_bio_PKCS7_stream() function was added in OpenSSL 1.0.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/PKCS12_SAFEBAG_get0_attrs.html b/linux_amd64/ssl/share/doc/openssl/html/man3/PKCS12_SAFEBAG_get0_attrs.html new file mode 100755 index 0000000..44f2028 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/PKCS12_SAFEBAG_get0_attrs.html @@ -0,0 +1,83 @@ + + + + +PKCS12_SAFEBAG_get0_attrs + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    PKCS12_SAFEBAG_get0_attrs, PKCS12_get_attr_gen - Retrieve attributes from a PKCS#12 safeBag

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/pkcs12.h>
    +
    + const STACK_OF(X509_ATTRIBUTE) *PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag);
    +
    + ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs,
+                                int attr_nid)
    +

    +

    +
    +

    DESCRIPTION

    +

    PKCS12_SAFEBAG_get0_attrs() retrieves the stack of X509_ATTRIBUTEs from a +PKCS#12 safeBag. bag is the PKCS12_SAFEBAG to retrieve the attributes from.

    +

    PKCS12_get_attr_gen() retrieves an attribute by NID from a stack of +X509_ATTRIBUTEs. attr_nid is the NID of the attribute to retrieve.

    +

    +

    +
    +

    RETURN VALUES

    +

    PKCS12_SAFEBAG_get0_attrs() returns the stack of X509_ATTRIBUTEs from a +PKCS#12 safeBag, which could be empty.

    +

    PKCS12_get_attr_gen() returns an ASN1_TYPE object containing the attribute, +or NULL if the attribute was either not present or an error occurred.

    +

    PKCS12_get_attr_gen() does not allocate a new attribute. The returned attribute +is still owned by the PKCS12_SAFEBAG in which it resides.

    +

    +

    +
    +

    SEE ALSO

    +

    PKCS12_get_friendlyname(3), +PKCS12_add_friendlyname_asc(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/PKCS12_add_CSPName_asc.html b/linux_amd64/ssl/share/doc/openssl/html/man3/PKCS12_add_CSPName_asc.html new file mode 100755 index 0000000..d3df348 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/PKCS12_add_CSPName_asc.html @@ -0,0 +1,72 @@ + + + + +PKCS12_add_CSPName_asc + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    PKCS12_add_CSPName_asc - Add a Microsoft CSP Name attribute to a PKCS#12 safeBag

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/pkcs12.h>
    +
    + int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name, int namelen);
    +

    +

    +
    +

    DESCRIPTION

    +

    PKCS12_add_CSPName_asc() adds an ASCII string representation of the Microsoft CSP Name attribute to a PKCS#12 safeBag.

    +

    bag is the PKCS12_SAFEBAG to add the attribute to.

    +

    +

    +
    +

    RETURN VALUES

    +

    Returns 1 for success or 0 for failure.

    +

    +

    +
    +

    SEE ALSO

    +

    PKCS12_add_friendlyname_asc(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/PKCS12_add_friendlyname_asc.html b/linux_amd64/ssl/share/doc/openssl/html/man3/PKCS12_add_friendlyname_asc.html new file mode 100755 index 0000000..0f6515f --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/PKCS12_add_friendlyname_asc.html @@ -0,0 +1,86 @@ + + + + +PKCS12_add_friendlyname_asc + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    PKCS12_add_friendlyname_asc, PKCS12_add_friendlyname_utf8, +PKCS12_add_friendlyname_uni - Functions to add the friendlyname attribute to a +PKCS#12 safeBag

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/pkcs12.h>
    +
    + int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name,
+                                 int namelen);
    +
    + int PKCS12_add_friendlyname_utf8(PKCS12_SAFEBAG *bag, const char *name,
+                                 int namelen);
    +
    + int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag,
+                                 const unsigned char *name, int namelen);
    +

    +

    +
    +

    DESCRIPTION

    +

    PKCS12_add_friendlyname_asc() adds an ASCII string representation of the PKCS#9 +friendlyName attribute to a PKCS#12 safeBag.

    +

    PKCS12_add_friendlyname_utf8() adds a UTF-8 string representation of the PKCS#9 +friendlyName attribute to a PKCS#12 safeBag.

    +

    PKCS12_add_friendlyname_uni() adds a Unicode string representation of the PKCS#9 +friendlyName attribute to a PKCS#12 safeBag.

    +

    bag is the PKCS12_SAFEBAG to add the attribute to.

    +

    +

    +
    +

    RETURN VALUES

    +

    Returns 1 for success or 0 for failure.

    +

    +

    +
    +

    SEE ALSO

    +

    PKCS12_get_friendlyname(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/PKCS12_add_localkeyid.html b/linux_amd64/ssl/share/doc/openssl/html/man3/PKCS12_add_localkeyid.html new file mode 100755 index 0000000..08c68bc --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/PKCS12_add_localkeyid.html @@ -0,0 +1,74 @@ + + + + +PKCS12_add_localkeyid + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    PKCS12_add_localkeyid - Add the localKeyId attribute to a PKCS#12 safeBag

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/pkcs12.h>
    +
    + int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, const char *name,
+                           int namelen);
    +

    +

    +
    +

    DESCRIPTION

    +

    PKCS12_add_localkeyid() adds an octet string representation of the PKCS#9 +localKeyId attribute to a PKCS#12 safeBag.

    +

    bag is the PKCS12_SAFEBAG to add the attribute to.

    +

    +

    +
    +

    RETURN VALUES

    +

    Returns 1 for success or 0 for failure.

    +

    +

    +
    +

    SEE ALSO

    +

    PKCS12_add_friendlyname_asc(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/PKCS12_create.html b/linux_amd64/ssl/share/doc/openssl/html/man3/PKCS12_create.html new file mode 100755 index 0000000..c60ef5b --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/PKCS12_create.html @@ -0,0 +1,115 @@ + + + + +PKCS12_create + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    PKCS12_create - create a PKCS#12 structure

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/pkcs12.h>
    +
    + PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey,
+                       X509 *cert, STACK_OF(X509) *ca,
+                       int nid_key, int nid_cert, int iter, int mac_iter, int keytype);
    +

    +

    +
    +

    DESCRIPTION

    +

    PKCS12_create() creates a PKCS#12 structure.

    +

    pass is the passphrase to use. name is the friendlyName to use for +the supplied certificate and key. pkey is the private key to include in +the structure and cert its corresponding certificates. ca, if not NULL +is an optional set of certificates to also include in the structure.

    +

    nid_key and nid_cert are the encryption algorithms that should be used +for the key and certificate respectively. The modes +GCM, CCM, XTS, and OCB are unsupported. iter is the encryption algorithm +iteration count to use and mac_iter is the MAC iteration count to use. +keytype is the type of key.

    +

    +

    +
    +

    NOTES

    +

    The parameters nid_key, nid_cert, iter, mac_iter and keytype +can all be set to zero and sensible defaults will be used.

    +

    These defaults are: 40 bit RC2 encryption for certificates, triple DES +encryption for private keys, a key iteration count of PKCS12_DEFAULT_ITER +(currently 2048) and a MAC iteration count of 1.

    +

    The default MAC iteration count is 1 in order to retain compatibility with +old software which did not interpret MAC iteration counts. If such compatibility +is not required then mac_iter should be set to PKCS12_DEFAULT_ITER.

    +

    keytype adds a flag to the store private key. This is a non standard extension +that is only currently interpreted by MSIE. If set to zero the flag is omitted, +if set to KEY_SIG the key can be used for signing only, if set to KEY_EX +it can be used for signing and encryption. This option was useful for old +export grade software which could use signing only keys of arbitrary size but +had restrictions on the permissible sizes of keys which could be used for +encryption.

    +

    If a certificate contains an alias or keyid then this will be +used for the corresponding friendlyName or localKeyID in the +PKCS12 structure.

    +

    Either pkey, cert or both can be NULL to indicate that no key or +certificate is required. In previous versions both had to be present or +a fatal error is returned.

    +

    nid_key or nid_cert can be set to -1 indicating that no encryption +should be used.

    +

    mac_iter can be set to -1 and the MAC will then be omitted entirely.

    +

    PKCS12_create() makes assumptions regarding the encoding of the given pass +phrase. +See passphrase-encoding(7) for more information.

    +

    +

    +
    +

    RETURN VALUES

    +

    PKCS12_create() returns a valid PKCS12 structure or NULL if an error occurred.

    +

    +

    +
    +

    SEE ALSO

    +

    d2i_PKCS12(3), +passphrase-encoding(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/PKCS12_get_friendlyname.html b/linux_amd64/ssl/share/doc/openssl/html/man3/PKCS12_get_friendlyname.html new file mode 100755 index 0000000..83c777d --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/PKCS12_get_friendlyname.html @@ -0,0 +1,74 @@ + + + + +PKCS12_get_friendlyname + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    PKCS12_get_friendlyname - Retrieve the friendlyname attribute from a PKCS#12 safeBag

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/pkcs12.h>
    +
    + char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag);
    +

    +

    +
    +

    DESCRIPTION

    +

    PKCS12_get_friendlyname() retrieves a UTF-8 string representation of the PKCS#9 +friendlyName attribute for a PKCS#12 safeBag item.

    +

    bag is the PKCS12_SAFEBAG to retrieve the attribute from.

    +

    +

    +
    +

    RETURN VALUES

    +

    A UTF-8 string, or NULL if the attribute was either not present or an error occurred.

    +

    The returned string is allocated by OpenSSL and should be freed by the user.

    +

    +

    +
    +

    SEE ALSO

    +

    PKCS12_add_friendlyname_asc(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/PKCS12_newpass.html b/linux_amd64/ssl/share/doc/openssl/html/man3/PKCS12_newpass.html new file mode 100755 index 0000000..83aca33 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/PKCS12_newpass.html @@ -0,0 +1,148 @@ + + + + +PKCS12_newpass + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    PKCS12_newpass - change the password of a PKCS12 structure

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/pkcs12.h>
    +
    + int PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass);
    +

    +

    +
    +

    DESCRIPTION

    +

    PKCS12_newpass() changes the password of a PKCS12 structure.

    +

    p12 is a pointer to a PKCS12 structure. oldpass is the existing password +and newpass is the new password.

    +

    Each of oldpass and newpass is independently interpreted as a string in +the UTF-8 encoding. If it is not valid UTF-8, it is assumed to be ISO8859-1 +instead.

    +

    In particular, this means that passwords in the locale character set +(or code page on Windows) must potentially be converted to UTF-8 before +use. This may include passwords from local text files, or input from +the terminal or command line. Refer to the documentation of +UI_OpenSSL(3), for example.

    +

    If the PKCS#12 structure does not have a password, then you must use the empty +string "" for oldpass. Using NULL for oldpass will result in a +PKCS12_newpass() failure.

    +

    If the wrong password is used for oldpass then the function will fail, +with a MAC verification error. In rare cases the PKCS12 structure does not +contain a MAC: in this case it will usually fail with a decryption padding +error.

    +

    +

    +
    +

    RETURN VALUES

    +

    PKCS12_newpass() returns 1 on success or 0 on failure. Applications can +retrieve the most recent error from PKCS12_newpass() with ERR_get_error().

    +

    +

    +
    +

    EXAMPLES

    +

    This example loads a PKCS#12 file, changes its password and writes out +the result to a new file.

    +
    + #include <stdio.h>
+ #include <stdlib.h>
+ #include <openssl/pem.h>
+ #include <openssl/err.h>
+ #include <openssl/pkcs12.h>
    +
    + int main(int argc, char **argv)
+ {
+     FILE *fp;
+     PKCS12 *p12;
    +
    +     if (argc != 5) {
+         fprintf(stderr, "Usage: pkread p12file password newpass opfile\n");
+         return 1;
+     }
+     if ((fp = fopen(argv[1], "rb")) == NULL) {
+         fprintf(stderr, "Error opening file %s\n", argv[1]);
+         return 1;
+     }
+     p12 = d2i_PKCS12_fp(fp, NULL);
+     fclose(fp);
+     if (p12 == NULL) {
+         fprintf(stderr, "Error reading PKCS#12 file\n");
+         ERR_print_errors_fp(stderr);
+         return 1;
+     }
+     if (PKCS12_newpass(p12, argv[2], argv[3]) == 0) {
+         fprintf(stderr, "Error changing password\n");
+         ERR_print_errors_fp(stderr);
+         PKCS12_free(p12);
+         return 1;
+     }
+     if ((fp = fopen(argv[4], "wb")) == NULL) {
+         fprintf(stderr, "Error opening file %s\n", argv[4]);
+         PKCS12_free(p12);
+         return 1;
+     }
+     i2d_PKCS12_fp(fp, p12);
+     PKCS12_free(p12);
+     fclose(fp);
+     return 0;
+ }
    +

    +

    +
    +

    BUGS

    +

    The password format is a NULL terminated ASCII string which is converted to +Unicode form internally. As a result some passwords cannot be supplied to +this function.

    +

    +

    +
    +

    SEE ALSO

    +

    PKCS12_create(3), ERR_get_error(3), +passphrase-encoding(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/PKCS12_parse.html b/linux_amd64/ssl/share/doc/openssl/html/man3/PKCS12_parse.html new file mode 100755 index 0000000..e0920b2 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/PKCS12_parse.html @@ -0,0 +1,107 @@ + + + + +PKCS12_parse + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    PKCS12_parse - parse a PKCS#12 structure

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/pkcs12.h>
    +
    + int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
+                  STACK_OF(X509) **ca);
    +

    +

    +
    +

    DESCRIPTION

    +

    PKCS12_parse() parses a PKCS12 structure.

    +

    p12 is the PKCS12 structure to parse. pass is the passphrase to use. +If successful the private key will be written to *pkey, the corresponding +certificate to *cert and any additional certificates to *ca.

    +

    +

    +
    +

    NOTES

    +

    The parameters pkey and cert cannot be NULL. ca can be <NULL> in +which case additional certificates will be discarded. *ca can also be a +valid STACK in which case additional certificates are appended to *ca. If +*ca is NULL a new STACK will be allocated.

    +

    The friendlyName and localKeyID attributes (if present) on each +certificate will be stored in the alias and keyid attributes of the +X509 structure.

    +

    The parameter pass is interpreted as a string in the UTF-8 encoding. If it +is not valid UTF-8, then it is assumed to be ISO8859-1 instead.

    +

    In particular, this means that passwords in the locale character set +(or code page on Windows) must potentially be converted to UTF-8 before +use. This may include passwords from local text files, or input from +the terminal or command line. Refer to the documentation of +UI_OpenSSL(3), for example.

    +

    +

    +
    +

    RETURN VALUES

    +

    PKCS12_parse() returns 1 for success and zero if an error occurred.

    +

    The error can be obtained from ERR_get_error(3)

    +

    +

    +
    +

    BUGS

    +

    Only a single private key and corresponding certificate is returned by this +function. More complex PKCS#12 files with multiple private keys will only +return the first match.

    +

    Only friendlyName and localKeyID attributes are currently stored in +certificates. Other attributes are discarded.

    +

    Attributes currently cannot be stored in the private key EVP_PKEY structure.

    +

    +

    +
    +

    SEE ALSO

    +

    d2i_PKCS12(3), +passphrase-encoding(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/PKCS5_PBKDF2_HMAC.html b/linux_amd64/ssl/share/doc/openssl/html/man3/PKCS5_PBKDF2_HMAC.html new file mode 100755 index 0000000..0d880eb --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/PKCS5_PBKDF2_HMAC.html @@ -0,0 +1,109 @@ + + + + +PKCS5_PBKDF2_HMAC + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    PKCS5_PBKDF2_HMAC, PKCS5_PBKDF2_HMAC_SHA1 - password based derivation routines with salt and iteration count

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
+                       const unsigned char *salt, int saltlen, int iter,
+                       const EVP_MD *digest,
+                       int keylen, unsigned char *out);
    +
    + int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
+                            const unsigned char *salt, int saltlen, int iter,
+                            int keylen, unsigned char *out);
    +

    +

    +
    +

    DESCRIPTION

    +

    PKCS5_PBKDF2_HMAC() derives a key from a password using a salt and iteration count +as specified in RFC 2898.

    +

    pass is the password used in the derivation of length passlen. pass +is an optional parameter and can be NULL. If passlen is -1, then the +function will calculate the length of pass using strlen().

    +

    salt is the salt used in the derivation of length saltlen. If the +salt is NULL, then saltlen must be 0. The function will not +attempt to calculate the length of the salt because it is not assumed to +be NULL terminated.

    +

    iter is the iteration count and its value should be greater than or +equal to 1. RFC 2898 suggests an iteration count of at least 1000. Any +iter less than 1 is treated as a single iteration.

    +

    digest is the message digest function used in the derivation. Values include +any of the EVP_* message digests. PKCS5_PBKDF2_HMAC_SHA1() calls +PKCS5_PBKDF2_HMAC() with EVP_sha1().

    +

    The derived key will be written to out. The size of the out buffer +is specified via keylen.

    +

    +

    +
    +

    NOTES

    +

    A typical application of this function is to derive keying material for an +encryption algorithm from a password in the pass, a salt in salt, +and an iteration count.

    +

    Increasing the iter parameter slows down the algorithm which makes it +harder for an attacker to perform a brute force attack using a large number +of candidate passwords.

    +

    These functions make no assumption regarding the given password. +It will simply be treated as a byte sequence.

    +

    +

    +
    +

    RETURN VALUES

    +

    PKCS5_PBKDF2_HMAC() and PBKCS5_PBKDF2_HMAC_SHA1() return 1 on success or 0 on error.

    +

    +

    +
    +

    SEE ALSO

    +

    evp(7), RAND_bytes(3), +EVP_BytesToKey(3), +passphrase-encoding(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/PKCS7_decrypt.html b/linux_amd64/ssl/share/doc/openssl/html/man3/PKCS7_decrypt.html new file mode 100755 index 0000000..1ee7d7e --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/PKCS7_decrypt.html @@ -0,0 +1,95 @@ + + + + +PKCS7_decrypt + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    PKCS7_decrypt - decrypt content from a PKCS#7 envelopedData structure

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/pkcs7.h>
    +
    + int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags);
    +

    +

    +
    +

    DESCRIPTION

    +

    PKCS7_decrypt() extracts and decrypts the content from a PKCS#7 envelopedData +structure. pkey is the private key of the recipient, cert is the +recipients certificate, data is a BIO to write the content to and +flags is an optional set of flags.

    +

    +

    +
    +

    NOTES

    +

    Although the recipients certificate is not needed to decrypt the data it is needed +to locate the appropriate (of possible several) recipients in the PKCS#7 structure.

    +

    The following flags can be passed in the flags parameter.

    +

    If the PKCS7_TEXT flag is set MIME headers for type text/plain are deleted +from the content. If the content is not of type text/plain then an error is +returned.

    +

    +

    +
    +

    RETURN VALUES

    +

    PKCS7_decrypt() returns either 1 for success or 0 for failure. +The error can be obtained from ERR_get_error(3)

    +

    +

    +
    +

    BUGS

    +

    PKCS7_decrypt() must be passed the correct recipient key and certificate. It would +be better if it could look up the correct key and certificate from a database.

    +

    The lack of single pass processing and need to hold all data in memory as +mentioned in PKCS7_sign() also applies to PKCS7_verify().

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), PKCS7_encrypt(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/PKCS7_encrypt.html b/linux_amd64/ssl/share/doc/openssl/html/man3/PKCS7_encrypt.html new file mode 100755 index 0000000..675351d --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/PKCS7_encrypt.html @@ -0,0 +1,113 @@ + + + + +PKCS7_encrypt + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    PKCS7_encrypt - create a PKCS#7 envelopedData structure

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/pkcs7.h>
    +
    + PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
+                      int flags);
    +

    +

    +
    +

    DESCRIPTION

    +

    PKCS7_encrypt() creates and returns a PKCS#7 envelopedData structure. certs +is a list of recipient certificates. in is the content to be encrypted. +cipher is the symmetric cipher to use. flags is an optional set of flags.

    +

    Only RSA keys are supported in PKCS#7 and envelopedData so the recipient +certificates supplied to this function must all contain RSA public keys, though +they do not have to be signed using the RSA algorithm.

    +

    EVP_des_ede3_cbc() (triple DES) is the algorithm of choice for S/MIME use +because most clients will support it.

    +

    Some old "export grade" clients may only support weak encryption using 40 or 64 +bit RC2. These can be used by passing EVP_rc2_40_cbc() and EVP_rc2_64_cbc() +respectively.

    +

    The algorithm passed in the cipher parameter must support ASN1 encoding of +its parameters.

    +

    Many browsers implement a "sign and encrypt" option which is simply an S/MIME +envelopedData containing an S/MIME signed message. This can be readily produced +by storing the S/MIME signed message in a memory BIO and passing it to +PKCS7_encrypt().

    +

    The following flags can be passed in the flags parameter.

    +

    If the PKCS7_TEXT flag is set MIME headers for type text/plain are +prepended to the data.

    +

    Normally the supplied content is translated into MIME canonical format (as +required by the S/MIME specifications) if PKCS7_BINARY is set no translation +occurs. This option should be used if the supplied data is in binary format +otherwise the translation will corrupt it. If PKCS7_BINARY is set then +PKCS7_TEXT is ignored.

    +

    If the PKCS7_STREAM flag is set a partial PKCS7 structure is output +suitable for streaming I/O: no data is read from the BIO in.

    +

    If the flag PKCS7_STREAM is set the returned PKCS7 structure is not +complete and outputting its contents via a function that does not +properly finalize the PKCS7 structure will give unpredictable +results.

    +

    Several functions including SMIME_write_PKCS7(), i2d_PKCS7_bio_stream(), +PEM_write_bio_PKCS7_stream() finalize the structure. Alternatively finalization +can be performed by obtaining the streaming ASN1 BIO directly using +BIO_new_PKCS7().

    +

    +

    +
    +

    RETURN VALUES

    +

    PKCS7_encrypt() returns either a PKCS7 structure or NULL if an error occurred. +The error can be obtained from ERR_get_error(3).

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), PKCS7_decrypt(3)

    +

    +

    +
    +

    HISTORY

    +

    The PKCS7_STREAM flag was added in OpenSSL 1.0.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/PKCS7_sign.html b/linux_amd64/ssl/share/doc/openssl/html/man3/PKCS7_sign.html new file mode 100755 index 0000000..d573da6 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/PKCS7_sign.html @@ -0,0 +1,143 @@ + + + + +PKCS7_sign + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    PKCS7_sign - create a PKCS#7 signedData structure

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/pkcs7.h>
    +
    + PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
+                   BIO *data, int flags);
    +

    +

    +
    +

    DESCRIPTION

    +

    PKCS7_sign() creates and returns a PKCS#7 signedData structure. signcert is +the certificate to sign with, pkey is the corresponding private key. +certs is an optional additional set of certificates to include in the PKCS#7 +structure (for example any intermediate CAs in the chain).

    +

    The data to be signed is read from BIO data.

    +

    flags is an optional set of flags.

    +

    Any of the following flags (ored together) can be passed in the flags +parameter.

    +

    Many S/MIME clients expect the signed content to include valid MIME headers. If +the PKCS7_TEXT flag is set MIME headers for type text/plain are prepended +to the data.

    +

    If PKCS7_NOCERTS is set the signer's certificate will not be included in the +PKCS7 structure, the signer's certificate must still be supplied in the +signcert parameter though. This can reduce the size of the signature if the +signers certificate can be obtained by other means: for example a previously +signed message.

    +

    The data being signed is included in the PKCS7 structure, unless +PKCS7_DETACHED is set in which case it is omitted. This is used for PKCS7 +detached signatures which are used in S/MIME plaintext signed messages for +example.

    +

    Normally the supplied content is translated into MIME canonical format (as +required by the S/MIME specifications) if PKCS7_BINARY is set no translation +occurs. This option should be used if the supplied data is in binary format +otherwise the translation will corrupt it.

    +

    The signedData structure includes several PKCS#7 authenticatedAttributes +including the signing time, the PKCS#7 content type and the supported list of +ciphers in an SMIMECapabilities attribute. If PKCS7_NOATTR is set then no +authenticatedAttributes will be used. If PKCS7_NOSMIMECAP is set then just +the SMIMECapabilities are omitted.

    +

    If present the SMIMECapabilities attribute indicates support for the following +algorithms: triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2. If any of +these algorithms is disabled then it will not be included.

    +

    If the flags PKCS7_STREAM is set then the returned PKCS7 structure is +just initialized ready to perform the signing operation. The signing is however +not performed and the data to be signed is not read from the data +parameter. Signing is deferred until after the data has been written. In this +way data can be signed in a single pass.

    +

    If the PKCS7_PARTIAL flag is set a partial PKCS7 structure is output to +which additional signers and capabilities can be added before finalization.

    +

    If the flag PKCS7_STREAM is set the returned PKCS7 structure is not +complete and outputting its contents via a function that does not properly +finalize the PKCS7 structure will give unpredictable results.

    +

    Several functions including SMIME_write_PKCS7(), i2d_PKCS7_bio_stream(), +PEM_write_bio_PKCS7_stream() finalize the structure. Alternatively finalization +can be performed by obtaining the streaming ASN1 BIO directly using +BIO_new_PKCS7().

    +

    If a signer is specified it will use the default digest for the signing +algorithm. This is SHA1 for both RSA and DSA keys.

    +

    The certs, signcert and pkey parameters can all be +NULL if the PKCS7_PARTIAL flag is set. One or more signers can be added +using the function PKCS7_sign_add_signer(). PKCS7_final() must also be +called to finalize the structure if streaming is not enabled. Alternative +signing digests can also be specified using this method.

    +

    If signcert and pkey are NULL then a certificates only +PKCS#7 structure is output.

    +

    In versions of OpenSSL before 1.0.0 the signcert and pkey parameters must +NOT be NULL.

    +

    +

    +
    +

    BUGS

    +

    Some advanced attributes such as counter signatures are not supported.

    +

    +

    +
    +

    RETURN VALUES

    +

    PKCS7_sign() returns either a valid PKCS7 structure or NULL if an error +occurred. The error can be obtained from ERR_get_error(3).

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), PKCS7_verify(3)

    +

    +

    +
    +

    HISTORY

    +

    The PKCS7_PARTIAL flag, and the ability for certs, signcert, +and pkey parameters to be NULL were added in OpenSSL 1.0.0.

    +

    The PKCS7_STREAM flag was added in OpenSSL 1.0.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/PKCS7_sign_add_signer.html b/linux_amd64/ssl/share/doc/openssl/html/man3/PKCS7_sign_add_signer.html new file mode 100755 index 0000000..e3796ca --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/PKCS7_sign_add_signer.html @@ -0,0 +1,125 @@ + + + + +PKCS7_sign_add_signer + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    PKCS7_sign_add_signer - add a signer PKCS7 signed data structure

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/pkcs7.h>
    +
    + PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert,
+                                          EVP_PKEY *pkey, const EVP_MD *md, int flags);
    +

    +

    +
    +

    DESCRIPTION

    +

    PKCS7_sign_add_signer() adds a signer with certificate signcert and private +key pkey using message digest md to a PKCS7 signed data structure +p7.

    +

    The PKCS7 structure should be obtained from an initial call to PKCS7_sign() +with the flag PKCS7_PARTIAL set or in the case or re-signing a valid PKCS7 +signed data structure.

    +

    If the md parameter is NULL then the default digest for the public +key algorithm will be used.

    +

    Unless the PKCS7_REUSE_DIGEST flag is set the returned PKCS7 structure +is not complete and must be finalized either by streaming (if applicable) or +a call to PKCS7_final().

    +

    +

    +
    +

    NOTES

    +

    The main purpose of this function is to provide finer control over a PKCS#7 +signed data structure where the simpler PKCS7_sign() function defaults are +not appropriate. For example if multiple signers or non default digest +algorithms are needed.

    +

    Any of the following flags (ored together) can be passed in the flags +parameter.

    +

    If PKCS7_REUSE_DIGEST is set then an attempt is made to copy the content +digest value from the PKCS7 structure: to add a signer to an existing structure. +An error occurs if a matching digest value cannot be found to copy. The +returned PKCS7 structure will be valid and finalized when this flag is set.

    +

    If PKCS7_PARTIAL is set in addition to PKCS7_REUSE_DIGEST then the +PKCS7_SIGNER_INO structure will not be finalized so additional attributes +can be added. In this case an explicit call to PKCS7_SIGNER_INFO_sign() is +needed to finalize it.

    +

    If PKCS7_NOCERTS is set the signer's certificate will not be included in the +PKCS7 structure, the signer's certificate must still be supplied in the +signcert parameter though. This can reduce the size of the signature if the +signers certificate can be obtained by other means: for example a previously +signed message.

    +

    The signedData structure includes several PKCS#7 authenticatedAttributes +including the signing time, the PKCS#7 content type and the supported list of +ciphers in an SMIMECapabilities attribute. If PKCS7_NOATTR is set then no +authenticatedAttributes will be used. If PKCS7_NOSMIMECAP is set then just +the SMIMECapabilities are omitted.

    +

    If present the SMIMECapabilities attribute indicates support for the following +algorithms: triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2. If any of +these algorithms is disabled then it will not be included.

    +

    PKCS7_sign_add_signers() returns an internal pointer to the PKCS7_SIGNER_INFO +structure just added, this can be used to set additional attributes +before it is finalized.

    +

    +

    +
    +

    RETURN VALUES

    +

    PKCS7_sign_add_signers() returns an internal pointer to the PKCS7_SIGNER_INFO +structure just added or NULL if an error occurs.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), PKCS7_sign(3), +PKCS7_final(3),

    +

    +

    +
    +

    HISTORY

    +

    The PPKCS7_sign_add_signer() function was added in OpenSSL 1.0.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/PKCS7_verify.html b/linux_amd64/ssl/share/doc/openssl/html/man3/PKCS7_verify.html new file mode 100755 index 0000000..63f56b6 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/PKCS7_verify.html @@ -0,0 +1,154 @@ + + + + +PKCS7_verify + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    PKCS7_verify, PKCS7_get0_signers - verify a PKCS#7 signedData structure

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/pkcs7.h>
    +
    + int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
+                  BIO *indata, BIO *out, int flags);
    +
    + STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags);
    +

    +

    +
    +

    DESCRIPTION

    +

    PKCS7_verify() verifies a PKCS#7 signedData structure. p7 is the PKCS7 +structure to verify. certs is a set of certificates in which to search for +the signer's certificate. store is a trusted certificate store (used for +chain verification). indata is the signed data if the content is not +present in p7 (that is it is detached). The content is written to out +if it is not NULL.

    +

    flags is an optional set of flags, which can be used to modify the verify +operation.

    +

    PKCS7_get0_signers() retrieves the signer's certificates from p7, it does +not check their validity or whether any signatures are valid. The certs +and flags parameters have the same meanings as in PKCS7_verify().

    +

    +

    +
    +

    VERIFY PROCESS

    +

    Normally the verify process proceeds as follows.

    +

    Initially some sanity checks are performed on p7. The type of p7 must +be signedData. There must be at least one signature on the data and if +the content is detached indata cannot be NULL. If the content is +not detached and indata is not NULL, then the structure has both +embedded and external content. To treat this as an error, use the flag +PKCS7_NO_DUAL_CONTENT. +The default behavior allows this, for compatibility with older +versions of OpenSSL.

    +

    An attempt is made to locate all the signer's certificates, first looking in +the certs parameter (if it is not NULL) and then looking in any certificates +contained in the p7 structure itself. If any signer's certificates cannot be +located the operation fails.

    +

    Each signer's certificate is chain verified using the smimesign purpose and +the supplied trusted certificate store. Any internal certificates in the message +are used as untrusted CAs. If any chain verify fails an error code is returned.

    +

    Finally the signed content is read (and written to out is it is not NULL) and +the signature's checked.

    +

    If all signature's verify correctly then the function is successful.

    +

    Any of the following flags (ored together) can be passed in the flags parameter +to change the default verify behaviour. Only the flag PKCS7_NOINTERN is +meaningful to PKCS7_get0_signers().

    +

    If PKCS7_NOINTERN is set the certificates in the message itself are not +searched when locating the signer's certificate. This means that all the signers +certificates must be in the certs parameter.

    +

    If the PKCS7_TEXT flag is set MIME headers for type text/plain are deleted +from the content. If the content is not of type text/plain then an error is +returned.

    +

    If PKCS7_NOVERIFY is set the signer's certificates are not chain verified.

    +

    If PKCS7_NOCHAIN is set then the certificates contained in the message are +not used as untrusted CAs. This means that the whole verify chain (apart from +the signer's certificate) must be contained in the trusted store.

    +

    If PKCS7_NOSIGS is set then the signatures on the data are not checked.

    +

    +

    +
    +

    NOTES

    +

    One application of PKCS7_NOINTERN is to only accept messages signed by +a small number of certificates. The acceptable certificates would be passed +in the certs parameter. In this case if the signer is not one of the +certificates supplied in certs then the verify will fail because the +signer cannot be found.

    +

    Care should be taken when modifying the default verify behaviour, for example +setting PKCS7_NOVERIFY|PKCS7_NOSIGS will totally disable all verification +and any signed message will be considered valid. This combination is however +useful if one merely wishes to write the content to out and its validity +is not considered important.

    +

    Chain verification should arguably be performed using the signing time rather +than the current time. However since the signing time is supplied by the +signer it cannot be trusted without additional evidence (such as a trusted +timestamp).

    +

    +

    +
    +

    RETURN VALUES

    +

    PKCS7_verify() returns one for a successful verification and zero +if an error occurs.

    +

    PKCS7_get0_signers() returns all signers or NULL if an error occurred.

    +

    The error can be obtained from ERR_get_error(3)

    +

    +

    +
    +

    BUGS

    +

    The trusted certificate store is not searched for the signers certificate, +this is primarily due to the inadequacies of the current X509_STORE +functionality.

    +

    The lack of single pass processing and need to hold all data in memory as +mentioned in PKCS7_sign() also applies to PKCS7_verify().

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), PKCS7_sign(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/PKCS8_pkey_add1_attr.html b/linux_amd64/ssl/share/doc/openssl/html/man3/PKCS8_pkey_add1_attr.html new file mode 100755 index 0000000..6f2f646 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/PKCS8_pkey_add1_attr.html @@ -0,0 +1,91 @@ + + + + +PKCS8_pkey_add1_attr + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    PKCS8_pkey_get0_attrs, PKCS8_pkey_add1_attr, PKCS8_pkey_add1_attr_by_NID, PKCS8_pkey_add1_attr_by_OBJ - PKCS8 attribute functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509.h>
    +
    + const STACK_OF(X509_ATTRIBUTE) *
+ PKCS8_pkey_get0_attrs(const PKCS8_PRIV_KEY_INFO *p8);
+ int PKCS8_pkey_add1_attr(PKCS8_PRIV_KEY_INFO *p8, X509_ATTRIBUTE *attr);
+ int PKCS8_pkey_add1_attr_by_NID(PKCS8_PRIV_KEY_INFO *p8, int nid, int type,
+                                 const unsigned char *bytes, int len);
+ int PKCS8_pkey_add1_attr_by_OBJ(PKCS8_PRIV_KEY_INFO *p8, const ASN1_OBJECT *obj,
+                                int type, const unsigned char *bytes, int len);
    +

    +

    +
    +

    DESCRIPTION

    +

    PKCS8_pkey_get0_attrs() returns a const STACK of X509_ATTRIBUTE present in +the passed const PKCS8_PRIV_KEY_INFO structure p8.

    +

    PKCS8_pkey_add1_attr() adds a constructed X509_ATTRIBUTE attr to the +existing PKCS8_PRIV_KEY_INFO structure p8.

    +

    PKCS8_pkey_add1_attr_by_NID() and PKCS8_pkey_add1_attr_by_OBJ() construct a new +X509_ATTRIBUTE from the passed arguments and add it to the existing +PKCS8_PRIV_KEY_INFO structure p8.

    +

    +

    +
    +

    RETURN VALUES

    +

    PKCS8_pkey_add1_attr(), PKCS8_pkey_add1_attr_by_NID(), and +PKCS8_pkey_add1_attr_by_OBJ() return 1 for success and 0 for failure.

    +

    +

    +
    +

    NOTES

    +

    STACK of X509_ATTRIBUTE is present in many X509-related structures and some of +them have the corresponding set of similar functions.

    +

    +

    +
    +

    SEE ALSO

    +

    crypto(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/RAND_DRBG_generate.html b/linux_amd64/ssl/share/doc/openssl/html/man3/RAND_DRBG_generate.html new file mode 100755 index 0000000..f4f1227 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/RAND_DRBG_generate.html @@ -0,0 +1,124 @@ + + + + +RAND_DRBG_generate + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    RAND_DRBG_generate, +RAND_DRBG_bytes +- generate random bytes using the given drbg instance

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/rand_drbg.h>
    +
    + int RAND_DRBG_generate(RAND_DRBG *drbg,
+                        unsigned char *out, size_t outlen,
+                        int prediction_resistance,
+                        const unsigned char *adin, size_t adinlen);
    +
    + int RAND_DRBG_bytes(RAND_DRBG *drbg,
+                     unsigned char *out, size_t outlen);
    +

    +

    +
    +

    DESCRIPTION

    +

    RAND_DRBG_generate() generates outlen random bytes using the given +DRBG instance drbg and stores them in the buffer at out.

    +

    Before generating the output, the DRBG instance checks whether the maximum +number of generate requests (reseed interval) or the maximum timespan +(reseed time interval) since its last seeding have been reached. +If this is the case, the DRBG reseeds automatically. +Additionally, an immediate reseeding can be requested by setting the +prediction_resistance flag to 1. +Requesting prediction resistance is a relative expensive operation. +See NOTES section for more details.

    +

    The caller can optionally provide additional data to be used for reseeding +by passing a pointer adin to a buffer of length adinlen. +This additional data is mixed into the internal state of the random +generator but does not contribute to the entropy count. +The additional data can be omitted by setting adin to NULL and +adinlen to 0;

    +

    RAND_DRBG_bytes() generates outlen random bytes using the given +DRBG instance drbg and stores them in the buffer at out. +This function is a wrapper around the RAND_DRBG_generate() call, +which collects some additional data from low entropy sources +(e.g., a high resolution timer) and calls +RAND_DRBG_generate(drbg, out, outlen, 0, adin, adinlen).

    +

    +

    +
    +

    RETURN VALUES

    +

    RAND_DRBG_generate() and RAND_DRBG_bytes() return 1 on success, +and 0 on failure.

    +

    +

    +
    +

    NOTES

    +

    The reseed interval and reseed time interval of the drbg are set to +reasonable default values, which in general do not have to be adjusted. +If necessary, they can be changed using RAND_DRBG_set_reseed_interval(3) +and RAND_DRBG_set_reseed_time_interval(3), respectively.

    +

    A request for prediction resistance can only be satisfied by pulling fresh +entropy from a live entropy source (section 5.5.2 of [NIST SP 800-90C]). +It is up to the user to ensure that a live entropy source is configured +and is being used.

    +

    +

    +
    +

    SEE ALSO

    +

    RAND_bytes(3), +RAND_DRBG_set_reseed_interval(3), +RAND_DRBG_set_reseed_time_interval(3), +RAND_DRBG(7)

    +

    +

    +
    +

    HISTORY

    +

    The RAND_DRBG functions were added in OpenSSL 1.1.1.

    +

    Prediction resistance is supported from OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/RAND_DRBG_get0_master.html b/linux_amd64/ssl/share/doc/openssl/html/man3/RAND_DRBG_get0_master.html new file mode 100755 index 0000000..ae7997c --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/RAND_DRBG_get0_master.html @@ -0,0 +1,129 @@ + + + + +RAND_DRBG_get0_master + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OPENSSL_CTX_get0_master_drbg, +OPENSSL_CTX_get0_public_drbg, +OPENSSL_CTX_get0_private_drbg, +RAND_DRBG_get0_master, +RAND_DRBG_get0_public, +RAND_DRBG_get0_private +- get access to the global RAND_DRBG instances

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/rand_drbg.h>
    +
    + RAND_DRBG *OPENSSL_CTX_get0_master_drbg(OPENSSL_CTX *ctx);
+ RAND_DRBG *OPENSSL_CTX_get0_public_drbg(OPENSSL_CTX *ctx);
+ RAND_DRBG *OPENSSL_CTX_get0_private_drbg(OPENSSL_CTX *ctx);
+ RAND_DRBG *RAND_DRBG_get0_master(void);
+ RAND_DRBG *RAND_DRBG_get0_public(void);
+ RAND_DRBG *RAND_DRBG_get0_private(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    The default RAND API implementation (RAND_OpenSSL()) utilizes three +shared DRBG instances which are accessed via the RAND API:

    +

    The public and private DRBG are thread-local instances, which are used +by RAND_bytes() and RAND_priv_bytes(), respectively. +The master DRBG is a global instance, which is not intended to be used +directly, but is used internally to reseed the other two instances.

    +

    These functions here provide access to the shared DRBG instances.

    +

    +

    +
    +

    RETURN VALUES

    +

    OPENSSL_CTX_get0_master_drbg() returns a pointer to the master DRBG instance +for the given OPENSSL_CTX ctx.

    +

    OPENSSL_CTX_get0_public_drbg() returns a pointer to the public DRBG instance +for the given OPENSSL_CTX ctx.

    +

    OPENSSL_CTX_get0_private_drbg() returns a pointer to the private DRBG instance +for the given OPENSSL_CTX ctx.

    +

    In all the above cases the ctx parameter can +be NULL in which case the default OPENSSL_CTX is used. RAND_DRBG_get0_master(), +RAND_DRBG_get0_public() and RAND_DRBG_get0_private() are the same as +OPENSSL_CTX_get0_master_drbg(), OPENSSL_CTX_get0_public_drbg() and +OPENSSL_CTX_get0_private_drbg() respectively except that the default OPENSSL_CTX +is always used.

    +

    +

    +
    +

    NOTES

    +

    It is not thread-safe to access the master DRBG instance. +The public and private DRBG instance can be accessed safely, because +they are thread-local. Note however, that changes to these two instances +apply only to the current thread.

    +

    For that reason it is recommended not to change the settings of these +three instances directly. +Instead, an application should change the default settings for new DRBG instances +at initialization time, before creating additional threads.

    +

    During initialization, it is possible to change the reseed interval +and reseed time interval. +It is also possible to exchange the reseeding callbacks entirely.

    +

    +

    +
    +

    SEE ALSO

    +

    RAND_DRBG_set_callbacks(3), +RAND_DRBG_set_reseed_defaults(3), +RAND_DRBG_set_reseed_interval(3), +RAND_DRBG_set_reseed_time_interval(3), +RAND_DRBG_set_callbacks(3), +RAND_DRBG_generate(3), +RAND_DRBG(7)

    +

    +

    +
    +

    HISTORY

    +

    The OPENSSL_CTX_get0_master_drbg(), OPENSSL_CTX_get0_public_drbg() and +OPENSSL_CTX_get0_private_drbg() functions were added in OpenSSL 3.0.

    +

    All other RAND_DRBG functions were added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/RAND_DRBG_new.html b/linux_amd64/ssl/share/doc/openssl/html/man3/RAND_DRBG_new.html new file mode 100755 index 0000000..aef452f --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/RAND_DRBG_new.html @@ -0,0 +1,198 @@ + + + + +RAND_DRBG_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    RAND_DRBG_new_ex, +RAND_DRBG_new, +RAND_DRBG_secure_new_ex, +RAND_DRBG_secure_new, +RAND_DRBG_set, +RAND_DRBG_set_defaults, +RAND_DRBG_instantiate, +RAND_DRBG_uninstantiate, +RAND_DRBG_free +- initialize and cleanup a RAND_DRBG instance

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/rand_drbg.h>
    +
    + RAND_DRBG *RAND_DRBG_new_ex(OPENSSL_CTX *ctx,
+                             int type,
+                             unsigned int flags,
+                             RAND_DRBG *parent);
    +
    + RAND_DRBG *RAND_DRBG_new(int type,
+                          unsigned int flags,
+                          RAND_DRBG *parent);
    +
    + RAND_DRBG *RAND_DRBG_secure_new_ex(OPENSSL_CTX *ctx,
+                                    int type,
+                                    unsigned int flags,
+                                    RAND_DRBG *parent);
    +
    + RAND_DRBG *RAND_DRBG_secure_new(int type,
+                                 unsigned int flags,
+                                 RAND_DRBG *parent);
    +
    + int RAND_DRBG_set(RAND_DRBG *drbg,
+                   int type, unsigned int flags);
    +
    + int RAND_DRBG_set_defaults(int type, unsigned int flags);
    +
    + int RAND_DRBG_instantiate(RAND_DRBG *drbg,
+                           const unsigned char *pers, size_t perslen);
    +
    + int RAND_DRBG_uninstantiate(RAND_DRBG *drbg);
    +
    + void RAND_DRBG_free(RAND_DRBG *drbg);
    +

    +

    +
    +

    DESCRIPTION

    +

    RAND_DRBG_new_ex() and RAND_DRBG_secure_new_ex() +create a new DRBG instance of the given type, allocated from the heap resp. +the secure heap, for the given OPENSSL_CTX <ctx> +(using OPENSSL_zalloc() resp. OPENSSL_secure_zalloc()). The <ctx> parameter can +be NULL in which case the default OPENSSL_CTX is used. RAND_DRBG_new() and +RAND_DRBG_secure_new() are the same as RAND_DRBG_new_ex() and +RAND_DRBG_secure_new_ex() except that the default OPENSSL_CTX is always used.

    +

    RAND_DRBG_set() initializes the drbg with the given type and flags.

    +

    RAND_DRBG_set_defaults() sets the default type and flags for new DRBG +instances.

    +

    The DRBG types are AES-CTR, HMAC and HASH so type can be one of the +following values:

    +

    NID_aes_128_ctr, NID_aes_192_ctr, NID_aes_256_ctr, NID_sha1, NID_sha224, +NID_sha256, NID_sha384, NID_sha512, NID_sha512_224, NID_sha512_256, +NID_sha3_224, NID_sha3_256, NID_sha3_384 or NID_sha3_512.

    +

    If this method is not called then the default type is given by NID_aes_256_ctr +and the default flags are zero.

    +

    Before the DRBG can be used to generate random bits, it is necessary to set +its type and to instantiate it.

    +

    The optional flags argument specifies a set of bit flags which can be +joined using the | operator. The supported flags are:

    +
    +
    RAND_DRBG_FLAG_CTR_NO_DF
    + +
    +

    Disables the use of the derivation function ctr_df. For an explanation, +see [NIST SP 800-90A Rev. 1].

    +
    +
    RAND_DRBG_FLAG_HMAC
    + +
    +

    Enables use of HMAC instead of the HASH DRBG.

    +
    +
    RAND_DRBG_FLAG_MASTER
    + +
    RAND_DRBG_FLAG_PUBLIC
    + +
    RAND_DRBG_FLAG_PRIVATE
    + +
    +

    These 3 flags can be used to set the individual DRBG types created. Multiple +calls are required to set the types to different values. If none of these 3 +flags are used, then the same type and flags are used for all 3 DRBGs in the +drbg chain (<master>, <public> and <private>).

    +
    +
    +

    If a parent instance is specified then this will be used instead of +the default entropy source for reseeding the drbg. It is said that the +drbg is chained to its parent. +For more information, see the NOTES section.

    +

    RAND_DRBG_instantiate() +seeds the drbg instance using random input from trusted entropy sources. +Optionally, a personalization string pers of length perslen can be +specified. +To omit the personalization string, set pers=NULL and perslen=0;

    +

    RAND_DRBG_uninstantiate() +clears the internal state of the drbg and puts it back in the +uninstantiated state.

    +

    +

    +
    +

    RETURN VALUES

    +

    RAND_DRBG_new_ex(), RAND_DRBG_new(), RAND_DRBG_secure_new_ex() and +RAND_DRBG_secure_new() return a pointer to a DRBG instance allocated on the +heap, resp. secure heap.

    +

    RAND_DRBG_set(), +RAND_DRBG_instantiate(), and +RAND_DRBG_uninstantiate() +return 1 on success, and 0 on failure.

    +

    RAND_DRBG_free() does not return a value.

    +

    +

    +
    +

    NOTES

    +

    The DRBG design supports chaining, which means that a DRBG instance can +use another parent DRBG instance instead of the default entropy source +to obtain fresh random input for reseeding, provided that parent DRBG +instance was properly instantiated, either from a trusted entropy source, +or from yet another parent DRBG instance. +For a detailed description of the reseeding process, see RAND_DRBG(7).

    +

    The default DRBG type and flags are applied only during creation of a DRBG +instance. +To ensure that they are applied to the global and thread-local DRBG instances +(<master>, resp. <public> and <private>), it is necessary to call +RAND_DRBG_set_defaults() before creating any thread and before calling any +cryptographic routines that obtain random data directly or indirectly.

    +

    +

    +
    +

    SEE ALSO

    +

    OPENSSL_zalloc(3), +OPENSSL_secure_zalloc(3), +RAND_DRBG_generate(3), +RAND_DRBG(7)

    +

    +

    +
    +

    HISTORY

    +

    The RAND_DRBG functions were added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/RAND_DRBG_reseed.html b/linux_amd64/ssl/share/doc/openssl/html/man3/RAND_DRBG_reseed.html new file mode 100755 index 0000000..fbe6d80 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/RAND_DRBG_reseed.html @@ -0,0 +1,150 @@ + + + + +RAND_DRBG_reseed + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    RAND_DRBG_reseed, +RAND_DRBG_set_reseed_interval, +RAND_DRBG_set_reseed_time_interval, +RAND_DRBG_set_reseed_defaults +- reseed a RAND_DRBG instance

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/rand_drbg.h>
    +
    + int RAND_DRBG_reseed(RAND_DRBG *drbg,
+                      const unsigned char *adin, size_t adinlen,
+                      int prediction_resistance);
    +
    + int RAND_DRBG_set_reseed_interval(RAND_DRBG *drbg,
+                                   unsigned int interval);
    +
    + int RAND_DRBG_set_reseed_time_interval(RAND_DRBG *drbg,
+                                        time_t interval);
    +
    + int RAND_DRBG_set_reseed_defaults(
+                                   unsigned int master_reseed_interval,
+                                   unsigned int slave_reseed_interval,
+                                   time_t master_reseed_time_interval,
+                                   time_t slave_reseed_time_interval
+                                   );
    +

    +

    +
    +

    DESCRIPTION

    +

    RAND_DRBG_reseed() +reseeds the given drbg, obtaining entropy input from its entropy source +and mixing in the specified additional data provided in the buffer adin +of length adinlen. +The additional data can be omitted by setting adin to NULL and adinlen +to 0. +An immediate reseeding can be requested by setting the +prediction_resistance flag to 1. +Requesting prediction resistance is a relative expensive operation. +See NOTES section for more details.

    +

    RAND_DRBG_set_reseed_interval() +sets the reseed interval of the drbg, which is the maximum allowed number +of generate requests between consecutive reseedings. +If interval > 0, then the drbg will reseed automatically whenever the +number of generate requests since its last seeding exceeds the given reseed +interval. +If interval == 0, then this feature is disabled.

    +

    RAND_DRBG_set_reseed_time_interval() +sets the reseed time interval of the drbg, which is the maximum allowed +number of seconds between consecutive reseedings. +If interval > 0, then the drbg will reseed automatically whenever the +elapsed time since its last reseeding exceeds the given reseed time interval. +If interval == 0, then this feature is disabled.

    +

    RAND_DRBG_set_reseed_defaults() sets the default values for the reseed interval +(master_reseed_interval and slave_reseed_interval) +and the reseed time interval +(master_reseed_time_interval and slave_reseed_tme_interval) +of DRBG instances. +The default values are set independently for master DRBG instances (which don't +have a parent) and slave DRBG instances (which are chained to a parent DRBG).

    +

    +

    +
    +

    RETURN VALUES

    +

    RAND_DRBG_reseed(), +RAND_DRBG_set_reseed_interval(), and +RAND_DRBG_set_reseed_time_interval(), +return 1 on success, 0 on failure.

    +

    +

    +
    +

    NOTES

    +

    The default OpenSSL random generator is already set up for automatic reseeding, +so in general it is not necessary to reseed it explicitly, or to modify +its reseeding thresholds.

    +

    Normally, the entropy input for seeding a DRBG is either obtained from a +trusted os entropy source or from a parent DRBG instance, which was seeded +(directly or indirectly) from a trusted os entropy source. +In exceptional cases it is possible to replace the reseeding mechanism entirely +by providing application defined callbacks using RAND_DRBG_set_callbacks().

    +

    The reseeding default values are applied only during creation of a DRBG instance. +To ensure that they are applied to the global and thread-local DRBG instances +(<master>, resp. <public> and <private>), it is necessary to call +RAND_DRBG_set_reseed_defaults() before creating any thread and before calling any + cryptographic routines that obtain random data directly or indirectly.

    +

    +

    +
    +

    SEE ALSO

    +

    RAND_DRBG_generate(3), +RAND_DRBG_bytes(3), +RAND_DRBG_set_callbacks(3). +RAND_DRBG(7)

    +

    +

    +
    +

    HISTORY

    +

    The RAND_DRBG functions were added in OpenSSL 1.1.1.

    +

    Prediction resistance is supported from OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/RAND_DRBG_set_callbacks.html b/linux_amd64/ssl/share/doc/openssl/html/man3/RAND_DRBG_set_callbacks.html new file mode 100755 index 0000000..9cb105e --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/RAND_DRBG_set_callbacks.html @@ -0,0 +1,198 @@ + + + + +RAND_DRBG_set_callbacks + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    RAND_DRBG_set_callbacks, +RAND_DRBG_set_callback_data, +RAND_DRBG_get_callback_data, +RAND_DRBG_get_entropy_fn, +RAND_DRBG_cleanup_entropy_fn, +RAND_DRBG_get_nonce_fn, +RAND_DRBG_cleanup_nonce_fn +- set callbacks for reseeding

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/rand_drbg.h>
    +
    + int RAND_DRBG_set_callbacks(RAND_DRBG *drbg,
+                             RAND_DRBG_get_entropy_fn get_entropy,
+                             RAND_DRBG_cleanup_entropy_fn cleanup_entropy,
+                             RAND_DRBG_get_nonce_fn get_nonce,
+                             RAND_DRBG_cleanup_nonce_fn cleanup_nonce);
    +
    + int RAND_DRBG_set_callback_data(RAND_DRBG *drbg, void *ctx);
    +
    + void *RAND_DRBG_get_callback_data(RAND_DRBG *drbg);
    +

    +

    +

    Callback Functions

    +
    + typedef size_t (*RAND_DRBG_get_entropy_fn)(
+                       RAND_DRBG *drbg,
+                       unsigned char **pout,
+                       int entropy,
+                       size_t min_len, size_t max_len,
+                       int prediction_resistance);
    +
    + typedef void (*RAND_DRBG_cleanup_entropy_fn)(
+                     RAND_DRBG *drbg,
+                     unsigned char *out, size_t outlen);
    +
    + typedef size_t (*RAND_DRBG_get_nonce_fn)(
+                       RAND_DRBG *drbg,
+                       unsigned char **pout,
+                       int entropy,
+                       size_t min_len, size_t max_len);
    +
    + typedef void (*RAND_DRBG_cleanup_nonce_fn)(
+                     RAND_DRBG *drbg,
+                     unsigned char *out, size_t outlen);
    +

    +

    +
    +

    DESCRIPTION

    +

    RAND_DRBG_set_callbacks() sets the callbacks for obtaining fresh entropy and +the nonce when reseeding the given drbg. +The callback functions are implemented and provided by the caller. +Their parameter lists need to match the function prototypes above.

    +

    RAND_DRBG_set_callback_data() can be used to store a pointer to some context +specific data, which can subsequently be retrieved by the entropy and nonce +callbacks using RAND_DRBG_get_callback_data(). +The ownership of the context data remains with the caller, i.e., it is the +caller's responsibility to keep it available as long as it is needed by the +callbacks and free it after use. +For more information about the the callback data see the NOTES section.

    +

    Setting the callbacks or the callback data is allowed only if the DRBG has +not been initialized yet. +Otherwise, the operation will fail. +To change the settings for one of the three shared DRBGs it is necessary to call +RAND_DRBG_uninstantiate() first.

    +

    The get_entropy() callback is called by the drbg when it requests fresh +random input. +It is expected that the callback allocates and fills a random buffer of size +min_len <= size <= max_len (in bytes) which contains at least entropy +bits of randomness. +The prediction_resistance flag indicates whether the reseeding was +triggered by a prediction resistance request.

    +

    The buffer's address is to be returned in *pout and the number of collected +randomness bytes as return value.

    +

    If the callback fails to acquire at least entropy bits of randomness, +it must indicate an error by returning a buffer length of 0.

    +

    If prediction_resistance was requested and the random source of the DRBG +does not satisfy the conditions requested by [NIST SP 800-90C], then +it must also indicate an error by returning a buffer length of 0. +See NOTES section for more details.

    +

    The cleanup_entropy() callback is called from the drbg to to clear and +free the buffer allocated previously by get_entropy(). +The values out and outlen are the random buffer's address and length, +as returned by the get_entropy() callback.

    +

    The get_nonce() and cleanup_nonce() callbacks are used to obtain a nonce +and free it again. A nonce is only required for instantiation (not for reseeding) +and only in the case where the DRBG uses a derivation function. +The callbacks are analogous to get_entropy() and cleanup_entropy(), +except for the missing prediction_resistance flag.

    +

    If the derivation function is disabled, then no nonce is used for instantiation, +and the get_nonce() and cleanup_nonce() callbacks can be omitted by +setting them to NULL.

    +

    +

    +
    +

    RETURN VALUES

    +

    RAND_DRBG_set_callbacks() returns 1 on success, and 0 on failure.

    +

    RAND_DRBG_set_callback_data() returns 1 on success, and 0 on failure.

    +

    RAND_DRBG_get_callback_data() returns the pointer to the callback data, +which is NULL if none has been set previously.

    +

    +

    +
    +

    NOTES

    +

    It is important that cleanup_entropy() and cleanup_nonce() clear the buffer +contents safely before freeing it, in order not to leave sensitive information +about the DRBG's state in memory.

    +

    A request for prediction resistance can only be satisfied by pulling fresh +entropy from a live entropy source (section 5.5.2 of [NIST SP 800-90C]). +It is up to the user to ensure that a live entropy source is configured +and is being used.

    +

    The derivation function is disabled during initialization by calling the +RAND_DRBG_set() function with the RAND_DRBG_FLAG_CTR_NO_DF flag. +For more information on the derivation function and when it can be omitted, +see [NIST SP 800-90A Rev. 1]. Roughly speaking it can be omitted if the random +source has "full entropy", i.e., contains 8 bits of entropy per byte.

    +

    Even if a nonce is required, the get_nonce() and cleanup_nonce() +callbacks can be omitted by setting them to NULL. +In this case the DRBG will automatically request an extra amount of entropy +(using the get_entropy() and cleanup_entropy() callbacks) which it will +utilize for the nonce, following the recommendations of [NIST SP 800-90A Rev. 1], +section 8.6.7.

    +

    The callback data is a rather specialized feature, because in general the +random sources don't (and in fact, they must not) depend on any state provided +by the DRBG. +There are however exceptional cases where this feature is useful, most notably +for implementing known answer tests (KATs) or deterministic signatures like +those specified in RFC6979, which require passing a specified entropy and nonce +for instantiating the DRBG.

    +

    +

    +
    +

    SEE ALSO

    +

    RAND_DRBG_new(3), +RAND_DRBG_reseed(3), +RAND_DRBG(7)

    +

    +

    +
    +

    HISTORY

    +

    The RAND_DRBG functions were added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/RAND_add.html b/linux_amd64/ssl/share/doc/openssl/html/man3/RAND_add.html new file mode 100755 index 0000000..9566a20 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/RAND_add.html @@ -0,0 +1,138 @@ + + + + +RAND_add + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    RAND_add, RAND_poll, RAND_seed, RAND_status, RAND_event, RAND_screen, +RAND_keep_random_devices_open +- add randomness to the PRNG or get its status

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/rand.h>
    +
    + int RAND_status(void);
+ int RAND_poll();
    +
    + void RAND_add(const void *buf, int num, double randomness);
+ void RAND_seed(const void *buf, int num);
    +
    + void RAND_keep_random_devices_open(int keep);
    +

    Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam);
+ void RAND_screen(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    These functions can be used to seed the random generator and to check its +seeded state. +In general, manual (re-)seeding of the default OpenSSL random generator +(RAND_OpenSSL(3)) is not necessary (but allowed), since it does (re-)seed +itself automatically using trusted system entropy sources. +This holds unless the default RAND_METHOD has been replaced or OpenSSL was +built with automatic reseeding disabled, see RAND(7) for more details.

    +

    RAND_status() indicates whether or not the random generator has been sufficiently +seeded. If not, functions such as RAND_bytes(3) will fail.

    +

    RAND_poll() uses the system's capabilities to seed the random generator using +random input obtained from polling various trusted entropy sources. +The default choice of the entropy source can be modified at build time, +see RAND(7) for more details.

    +

    RAND_add() mixes the num bytes at buf into the internal state +of the random generator. +This function will not normally be needed, as mentioned above. +The randomness argument is an estimate of how much randomness is +contained in +buf, in bytes, and should be a number between zero and num. +Details about sources of randomness and how to estimate their randomness +can be found in the literature; for example [NIST SP 800-90B]. +The content of buf cannot be recovered from subsequent random generator output. +Applications that intend to save and restore random state in an external file +should consider using RAND_load_file(3) instead.

    +

    NOTE: In FIPS mode, random data provided by the application is not considered to +be a trusted entropy source. It is mixed into the internal state of the RNG as +additional data only and this does not count as a full reseed. +For more details, see RAND_DRBG(7).

    +

    RAND_seed() is equivalent to RAND_add() with randomness set to num.

    +

    RAND_keep_random_devices_open() is used to control file descriptor +usage by the random seed sources. Some seed sources maintain open file +descriptors by default, which allows such sources to operate in a +chroot(2) jail without the associated device nodes being available. When +the keep argument is zero, this call disables the retention of file +descriptors. Conversely, a nonzero argument enables the retention of +file descriptors. This function is usually called during initialization +and it takes effect immediately.

    +

    RAND_event() and RAND_screen() are equivalent to RAND_poll() and exist +for compatibility reasons only. See HISTORY section below.

    +

    +

    +
    +

    RETURN VALUES

    +

    RAND_status() returns 1 if the random generator has been seeded +with enough data, 0 otherwise.

    +

    RAND_poll() returns 1 if it generated seed data, 0 otherwise.

    +

    RAND_event() returns RAND_status().

    +

    The other functions do not return values.

    +

    +

    +
    +

    SEE ALSO

    +

    RAND_bytes(3), +RAND_egd(3), +RAND_load_file(3), +RAND(7) +RAND_DRBG(7)

    +

    +

    +
    +

    HISTORY

    +

    RAND_event() and RAND_screen() were deprecated in OpenSSL 1.1.0 and should +not be used.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/RAND_bytes.html b/linux_amd64/ssl/share/doc/openssl/html/man3/RAND_bytes.html new file mode 100755 index 0000000..7fd9820 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/RAND_bytes.html @@ -0,0 +1,129 @@ + + + + +RAND_bytes + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    RAND_bytes, RAND_priv_bytes, RAND_bytes_ex, RAND_priv_bytes_ex, +RAND_pseudo_bytes - generate random data

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/rand.h>
    +
    + int RAND_bytes(unsigned char *buf, int num);
+ int RAND_priv_bytes(unsigned char *buf, int num);
    +
    + int RAND_bytes_ex(OPENSSL_CTX *ctx, unsigned char *buf, int num);
+ int RAND_priv_bytes_ex(OPENSSL_CTX *ctx, unsigned char *buf, int num);
    +

    Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + int RAND_pseudo_bytes(unsigned char *buf, int num);
    +

    +

    +
    +

    DESCRIPTION

    +

    RAND_bytes() puts num cryptographically strong pseudo-random bytes +into buf.

    +

    RAND_priv_bytes() has the same semantics as RAND_bytes(). It is intended to +be used for generating values that should remain private. If using the +default RAND_METHOD, this function uses a separate "private" PRNG +instance so that a compromise of the "public" PRNG instance will not +affect the secrecy of these private values, as described in RAND(7) +and RAND_DRBG(7).

    +

    RAND_bytes_ex() and RAND_priv_bytes_ex() are the same as RAND_bytes() and +RAND_priv_bytes() except that they both take an additional ctx parameter. +The DRBG used for the operation is the public or private DRBG associated with +the specified ctx. The parameter can be NULL, in which case +the default library context is used (see OPENSSL_CTX(3). +If the default RAND_METHOD has been changed then for compatibility reasons the +RAND_METHOD will be used in preference and the DRBG of the library context +ignored.

    +

    +

    +
    +

    NOTES

    +

    Always check the error return value of RAND_bytes() and +RAND_priv_bytes() and do not take randomness for granted: an error occurs +if the CSPRNG has not been seeded with enough randomness to ensure an +unpredictable byte sequence.

    +

    +

    +
    +

    RETURN VALUES

    +

    RAND_bytes() and RAND_priv_bytes() +return 1 on success, -1 if not supported by the current +RAND method, or 0 on other failure. The error code can be +obtained by ERR_get_error(3).

    +

    +

    +
    +

    SEE ALSO

    +

    RAND_add(3), +RAND_bytes(3), +RAND_priv_bytes(3), +ERR_get_error(3), +RAND(7), +RAND_DRBG(7)

    +

    +

    +
    +

    HISTORY

    +
      +
    • +

      RAND_pseudo_bytes() was deprecated in OpenSSL 1.1.0; use RAND_bytes() instead.

      +
      • +
    • +

      The RAND_priv_bytes() function was added in OpenSSL 1.1.1.

      +
      • +
    • +

      The RAND_bytes_ex() and RAND_priv_bytes_ex() functions were added in OpenSSL 3.0

      +
      • +
    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/RAND_cleanup.html b/linux_amd64/ssl/share/doc/openssl/html/man3/RAND_cleanup.html new file mode 100755 index 0000000..05eaf9a --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/RAND_cleanup.html @@ -0,0 +1,84 @@ + + + + +RAND_cleanup + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    RAND_cleanup - erase the PRNG state

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/rand.h>
    +

    Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + void RAND_cleanup(void)
    +

    +

    +
    +

    DESCRIPTION

    +

    Prior to OpenSSL 1.1.0, RAND_cleanup() released all resources used by +the PRNG. As of version 1.1.0, it does nothing and should not be called, +since no explicit initialisation or de-initialisation is necessary. See +OPENSSL_init_crypto(3).

    +

    +

    +
    +

    RETURN VALUES

    +

    RAND_cleanup() returns no value.

    +

    +

    +
    +

    SEE ALSO

    +

    RAND(7)

    +

    +

    +
    +

    HISTORY

    +

    RAND_cleanup() was deprecated in OpenSSL 1.1.0; do not use it. +See OPENSSL_init_crypto(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/RAND_egd.html b/linux_amd64/ssl/share/doc/openssl/html/man3/RAND_egd.html new file mode 100755 index 0000000..2d1963b --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/RAND_egd.html @@ -0,0 +1,94 @@ + + + + +RAND_egd + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    RAND_egd, RAND_egd_bytes, RAND_query_egd_bytes - query entropy gathering daemon

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/rand.h>
    +
    + int RAND_egd_bytes(const char *path, int num);
+ int RAND_egd(const char *path);
    +
    + int RAND_query_egd_bytes(const char *path, unsigned char *buf, int num);
    +

    +

    +
    +

    DESCRIPTION

    +

    On older platforms without a good source of randomness such as /dev/urandom, +it is possible to query an Entropy Gathering Daemon (EGD) over a local +socket to obtain randomness and seed the OpenSSL RNG. +The protocol used is defined by the EGDs available at +http://egd.sourceforge.net/ or http://prngd.sourceforge.net.

    +

    RAND_egd_bytes() requests num bytes of randomness from an EGD at the +specified socket path, and passes the data it receives into RAND_add(). +RAND_egd() is equivalent to RAND_egd_bytes() with num set to 255.

    +

    RAND_query_egd_bytes() requests num bytes of randomness from an EGD at +the specified socket path, where num must be less than 256. +If buf is NULL, it is equivalent to RAND_egd_bytes(). +If buf is not NULL, then the data is copied to the buffer and +RAND_add() is not called.

    +

    OpenSSL can be configured at build time to try to use the EGD for seeding +automatically.

    +

    +

    +
    +

    RETURN VALUES

    +

    RAND_egd() and RAND_egd_bytes() return the number of bytes read from the +daemon on success, or -1 if the connection failed or the daemon did not +return enough data to fully seed the PRNG.

    +

    RAND_query_egd_bytes() returns the number of bytes read from the daemon on +success, or -1 if the connection failed.

    +

    +

    +
    +

    SEE ALSO

    +

    RAND_add(3), +RAND_bytes(3), +RAND(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/RAND_load_file.html b/linux_amd64/ssl/share/doc/openssl/html/man3/RAND_load_file.html new file mode 100755 index 0000000..02fbeeb --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/RAND_load_file.html @@ -0,0 +1,122 @@ + + + + +RAND_load_file + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    RAND_load_file, RAND_write_file, RAND_file_name - PRNG seed file

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/rand.h>
    +
    + int RAND_load_file(const char *filename, long max_bytes);
    +
    + int RAND_write_file(const char *filename);
    +
    + const char *RAND_file_name(char *buf, size_t num);
    +

    +

    +
    +

    DESCRIPTION

    +

    RAND_load_file() reads a number of bytes from file filename and +adds them to the PRNG. If max_bytes is non-negative, +up to max_bytes are read; +if max_bytes is -1, the complete file is read. +Do not load the same file multiple times unless its contents have +been updated by RAND_write_file() between reads. +Also, note that filename should be adequately protected so that an +attacker cannot replace or examine the contents. +If filename is not a regular file, then user is considered to be +responsible for any side effects, e.g. non-anticipated blocking or +capture of controlling terminal.

    +

    RAND_write_file() writes a number of random bytes (currently 128) to +file filename which can be used to initialize the PRNG by calling +RAND_load_file() in a later session.

    +

    RAND_file_name() generates a default path for the random seed +file. buf points to a buffer of size num in which to store the +filename.

    +

    On all systems, if the environment variable RANDFILE is set, its +value will be used as the seed filename. +Otherwise, the file is called .rnd, found in platform dependent locations:

    +
    +
    On Windows (in order of preference)
    + +
    +
    + %HOME%, %USERPROFILE%, %SYSTEMROOT%, C:\
    +
    +
    On VMS
    + +
    +
    + SYS$LOGIN:
    +
    +
    On all other systems
    + +
    +
    + $HOME
    +
    +
    +

    If $HOME (on non-Windows and non-VMS system) is not set either, or +num is too small for the pathname, an error occurs.

    +

    +

    +
    +

    RETURN VALUES

    +

    RAND_load_file() returns the number of bytes read or -1 on error.

    +

    RAND_write_file() returns the number of bytes written, or -1 if the +bytes written were generated without appropriate seeding.

    +

    RAND_file_name() returns a pointer to buf on success, and NULL on +error.

    +

    +

    +
    +

    SEE ALSO

    +

    RAND_add(3), +RAND_bytes(3), +RAND(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/RAND_set_rand_method.html b/linux_amd64/ssl/share/doc/openssl/html/man3/RAND_set_rand_method.html new file mode 100755 index 0000000..8f83cfe --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/RAND_set_rand_method.html @@ -0,0 +1,105 @@ + + + + +RAND_set_rand_method + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    RAND_set_rand_method, RAND_get_rand_method, RAND_OpenSSL - select RAND method

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/rand.h>
    +
    + RAND_METHOD *RAND_OpenSSL(void);
    +
    + int RAND_set_rand_method(const RAND_METHOD *meth);
    +
    + const RAND_METHOD *RAND_get_rand_method(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    A RAND_METHOD specifies the functions that OpenSSL uses for random number +generation.

    +

    RAND_OpenSSL() returns the default RAND_METHOD implementation by OpenSSL. +This implementation ensures that the PRNG state is unique for each thread.

    +

    If an ENGINE is loaded that provides the RAND API, however, it will +be used instead of the method returned by RAND_OpenSSL().

    +

    RAND_set_rand_method() makes meth the method for PRNG use. If an +ENGINE was providing the method, it will be released first.

    +

    RAND_get_rand_method() returns a pointer to the current RAND_METHOD.

    +

    +

    +
    +

    THE RAND_METHOD STRUCTURE

    +
    + typedef struct rand_meth_st {
+     void (*seed)(const void *buf, int num);
+     int (*bytes)(unsigned char *buf, int num);
+     void (*cleanup)(void);
+     void (*add)(const void *buf, int num, int randomness);
+     int (*pseudorand)(unsigned char *buf, int num);
+     int (*status)(void);
+ } RAND_METHOD;
    +

    The fields point to functions that are used by, in order, +RAND_seed(), RAND_bytes(), internal RAND cleanup, RAND_add(), RAND_pseudo_rand() +and RAND_status(). +Each pointer may be NULL if the function is not implemented.

    +

    +

    +
    +

    RETURN VALUES

    +

    RAND_set_rand_method() returns 1 on success and 0 on failure. +RAND_get_rand_method() and RAND_OpenSSL() return pointers to the respective +methods.

    +

    +

    +
    +

    SEE ALSO

    +

    RAND_bytes(3), +ENGINE_by_id(3), +RAND(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/RC4_set_key.html b/linux_amd64/ssl/share/doc/openssl/html/man3/RC4_set_key.html new file mode 100755 index 0000000..e1aa83f --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/RC4_set_key.html @@ -0,0 +1,111 @@ + + + + +RC4_set_key + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    RC4_set_key, RC4 - RC4 encryption

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/rc4.h>
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
    +
    + void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,
+          unsigned char *outdata);
    +

    +

    +
    +

    DESCRIPTION

    +

    All of the functions described on this page are deprecated. Applications should +instead use EVP_EncryptInit_ex(3), EVP_EncryptUpdate(3) and +EVP_EncryptFinal_ex(3) or the equivalently named decrypt functions.

    +

    This library implements the Alleged RC4 cipher, which is described for +example in Applied Cryptography. It is believed to be compatible +with RC4[TM], a proprietary cipher of RSA Security Inc.

    +

    RC4 is a stream cipher with variable key length. Typically, 128 bit +(16 byte) keys are used for strong encryption, but shorter insecure +key sizes have been widely used due to export restrictions.

    +

    RC4 consists of a key setup phase and the actual encryption or +decryption phase.

    +

    RC4_set_key() sets up the RC4_KEY key using the len bytes long +key at data.

    +

    RC4() encrypts or decrypts the len bytes of data at indata using +key and places the result at outdata. Repeated RC4() calls with +the same key yield a continuous key stream.

    +

    Since RC4 is a stream cipher (the input is XORed with a pseudo-random +key stream to produce the output), decryption uses the same function +calls as encryption.

    +

    +

    +
    +

    RETURN VALUES

    +

    RC4_set_key() and RC4() do not return values.

    +

    +

    +
    +

    NOTE

    +

    Applications should use the higher level functions +EVP_EncryptInit(3) etc. instead of calling these +functions directly.

    +

    It is difficult to securely use stream ciphers. For example, do not perform +multiple encryptions using the same key stream.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_EncryptInit(3)

    +

    +

    +
    +

    HISTORY

    +

    All of these functions were deprecated in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/RIPEMD160_Init.html b/linux_amd64/ssl/share/doc/openssl/html/man3/RIPEMD160_Init.html new file mode 100755 index 0000000..9368ff3 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/RIPEMD160_Init.html @@ -0,0 +1,118 @@ + + + + +RIPEMD160_Init + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    RIPEMD160, RIPEMD160_Init, RIPEMD160_Update, RIPEMD160_Final - +RIPEMD-160 hash function

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ripemd.h>
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + unsigned char *RIPEMD160(const unsigned char *d, unsigned long n,
+                          unsigned char *md);
    +
    + int RIPEMD160_Init(RIPEMD160_CTX *c);
+ int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, unsigned long len);
+ int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c);
    +

    +

    +
    +

    DESCRIPTION

    +

    All of the functions described on this page are deprecated. +Applications should instead use EVP_DigestInit_ex(3), EVP_DigestUpdate(3) +and EVP_DigestFinal_ex(3).

    +

    RIPEMD-160 is a cryptographic hash function with a +160 bit output.

    +

    RIPEMD160() computes the RIPEMD-160 message digest of the n +bytes at d and places it in md (which must have space for +RIPEMD160_DIGEST_LENGTH == 20 bytes of output). If md is NULL, the digest +is placed in a static array.

    +

    The following functions may be used if the message is not completely +stored in memory:

    +

    RIPEMD160_Init() initializes a RIPEMD160_CTX structure.

    +

    RIPEMD160_Update() can be called repeatedly with chunks of the message to +be hashed (len bytes at data).

    +

    RIPEMD160_Final() places the message digest in md, which must have +space for RIPEMD160_DIGEST_LENGTH == 20 bytes of output, and erases +the RIPEMD160_CTX.

    +

    +

    +
    +

    RETURN VALUES

    +

    RIPEMD160() returns a pointer to the hash value.

    +

    RIPEMD160_Init(), RIPEMD160_Update() and RIPEMD160_Final() return 1 for +success, 0 otherwise.

    +

    +

    +
    +

    NOTE

    +

    Applications should use the higher level functions +EVP_DigestInit(3) etc. instead of calling these +functions directly.

    +

    +

    +
    +

    CONFORMING TO

    +

    ISO/IEC 10118-3:2016 Dedicated Hash-Function 1 (RIPEMD-160).

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_DigestInit(3)

    +

    +

    +
    +

    HISTORY

    +

    All of these functions were deprecated in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/RSA_blinding_on.html b/linux_amd64/ssl/share/doc/openssl/html/man3/RSA_blinding_on.html new file mode 100755 index 0000000..a52bf75 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/RSA_blinding_on.html @@ -0,0 +1,75 @@ + + + + +RSA_blinding_on + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    RSA_blinding_on, RSA_blinding_off - protect the RSA operation from timing attacks

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/rsa.h>
    +
    + int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
    +
    + void RSA_blinding_off(RSA *rsa);
    +

    +

    +
    +

    DESCRIPTION

    +

    RSA is vulnerable to timing attacks. In a setup where attackers can +measure the time of RSA decryption or signature operations, blinding +must be used to protect the RSA operation from that attack.

    +

    RSA_blinding_on() turns blinding on for key rsa and generates a +random blinding factor. ctx is NULL or a pre-allocated and +initialized BN_CTX.

    +

    RSA_blinding_off() turns blinding off and frees the memory used for +the blinding factor.

    +

    +

    +
    +

    RETURN VALUES

    +

    RSA_blinding_on() returns 1 on success, and 0 if an error occurred.

    +

    RSA_blinding_off() returns no value.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/RSA_check_key.html b/linux_amd64/ssl/share/doc/openssl/html/man3/RSA_check_key.html new file mode 100755 index 0000000..2860acd --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/RSA_check_key.html @@ -0,0 +1,130 @@ + + + + +RSA_check_key + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    RSA_check_key_ex, RSA_check_key - validate private RSA keys

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/rsa.h>
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + int RSA_check_key_ex(RSA *rsa, BN_GENCB *cb);
    +
    + int RSA_check_key(RSA *rsa);
    +

    +

    +
    +

    DESCRIPTION

    +

    Both of the functions described on this page are deprecated. +Applications should instead use EVP_PKEY_public_check(3), +EVP_PKEY_private_check(3) and EVP_PKEY_pairwise_check(3).

    +

    RSA_check_key_ex() function validates RSA keys. +It checks that p and q are +in fact prime, and that n = p*q.

    +

    It does not work on RSA public keys that have only the modulus +and public exponent elements populated. +It also checks that d*e = 1 mod (p-1*q-1), +and that dmp1, dmq1 and iqmp are set correctly or are NULL. +It performs integrity checks on all +the RSA key material, so the RSA key structure must contain all the private +key data too. +Therefore, it cannot be used with any arbitrary RSA key object, +even if it is otherwise fit for regular RSA operation.

    +

    The cb parameter is a callback that will be invoked in the same +manner as BN_is_prime_ex(3).

    +

    RSA_check_key() is equivalent to RSA_check_key_ex() with a NULL cb.

    +

    +

    +
    +

    RETURN VALUES

    +

    RSA_check_key_ex() and RSA_check_key() +return 1 if rsa is a valid RSA key, and 0 otherwise. +They return -1 if an error occurs while checking the key.

    +

    If the key is invalid or an error occurred, the reason code can be +obtained using ERR_get_error(3).

    +

    +

    +
    +

    NOTES

    +

    Unlike most other RSA functions, this function does not work +transparently with any underlying ENGINE implementation because it uses the +key data in the RSA structure directly. An ENGINE implementation can +override the way key data is stored and handled, and can even provide +support for HSM keys - in which case the RSA structure may contain no +key data at all! If the ENGINE in question is only being used for +acceleration or analysis purposes, then in all likelihood the RSA key data +is complete and untouched, but this can't be assumed in the general case.

    +

    +

    +
    +

    BUGS

    +

    A method of verifying the RSA key using opaque RSA API functions might need +to be considered. Right now RSA_check_key() simply uses the RSA structure +elements directly, bypassing the RSA_METHOD table altogether (and +completely violating encapsulation and object-orientation in the process). +The best fix will probably be to introduce a "check_key()" handler to the +RSA_METHOD function table so that alternative implementations can also +provide their own verifiers.

    +

    +

    +
    +

    SEE ALSO

    +

    BN_is_prime_ex(3), +ERR_get_error(3)

    +

    +

    +
    +

    HISTORY

    +

    All of these functions were deprecated in OpenSSL 3.0.

    +

    RSA_check_key_ex() appeared after OpenSSL 1.0.2.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/RSA_generate_key.html b/linux_amd64/ssl/share/doc/openssl/html/man3/RSA_generate_key.html new file mode 100755 index 0000000..c5dcd81 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/RSA_generate_key.html @@ -0,0 +1,145 @@ + + + + +RSA_generate_key + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    RSA_generate_key_ex, RSA_generate_key, +RSA_generate_multi_prime_key - generate RSA key pair

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/rsa.h>
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
+ int RSA_generate_multi_prime_key(RSA *rsa, int bits, int primes, BIGNUM *e, BN_GENCB *cb);
    +

    Deprecated since OpenSSL 0.9.8, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + RSA *RSA_generate_key(int bits, unsigned long e,
+                       void (*callback)(int, int, void *), void *cb_arg);
    +

    +

    +
    +

    DESCRIPTION

    +

    All of the functions described on this page are deprecated. +Applications should instead use EVP_PKEY_keygen_init(3) and +EVP_PKEY_keygen(3).

    +

    RSA_generate_key_ex() generates a 2-prime RSA key pair and stores it in the +RSA structure provided in rsa. The pseudo-random number generator must +be seeded prior to calling RSA_generate_key_ex().

    +

    RSA_generate_multi_prime_key() generates a multi-prime RSA key pair and stores +it in the RSA structure provided in rsa. The number of primes is given by +the primes parameter. The random number generator must be seeded when +calling RSA_generate_multi_prime_key(). +If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to +external circumstances (see RAND(7)), the operation will fail.

    +

    The modulus size will be of length bits, the number of primes to form the +modulus will be primes, and the public exponent will be e. Key sizes +with num < 1024 should be considered insecure. The exponent is an odd +number, typically 3, 17 or 65537.

    +

    In order to maintain adequate security level, the maximum number of permitted +primes depends on modulus bit length:

    +
    +   <1024 | >=1024 | >=4096 | >=8192
+   ------+--------+--------+-------
+     2   |   3    |   4    |   5
    +

    A callback function may be used to provide feedback about the +progress of the key generation. If cb is not NULL, it +will be called as follows using the BN_GENCB_call() function +described on the BN_generate_prime(3) page.

    +

    RSA_generate_key() is similar to RSA_generate_key_ex() but +expects an old-style callback function; see +BN_generate_prime(3) for information on the old-style callback.

    +
      +
    • +

      While a random prime number is generated, it is called as +described in BN_generate_prime(3).

      +
      • +
    • +

      When the n-th randomly generated prime is rejected as not +suitable for the key, BN_GENCB_call(cb, 2, n) is called.

      +
      • +
    • +

      When a random p has been found with p-1 relatively prime to e, +it is called as BN_GENCB_call(cb, 3, 0).

      +
      • +
    +

    The process is then repeated for prime q and other primes (if any) +with BN_GENCB_call(cb, 3, i) where i indicates the i-th prime.

    +

    +

    +
    +

    RETURN VALUES

    +

    RSA_generate_multi_prime_key() returns 1 on success or 0 on error. +RSA_generate_key_ex() returns 1 on success or 0 on error. +The error codes can be obtained by ERR_get_error(3).

    +

    RSA_generate_key() returns a pointer to the RSA structure or +NULL if the key generation fails.

    +

    +

    +
    +

    BUGS

    +

    BN_GENCB_call(cb, 2, x) is used with two different meanings.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), RAND_bytes(3), BN_generate_prime(3), +RAND(7)

    +

    +

    +
    +

    HISTORY

    +

    All of these functions were deprecated in OpenSSL 3.0.

    +

    RSA_generate_key() was deprecated in OpenSSL 0.9.8; use +RSA_generate_key_ex() instead.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/RSA_get0_key.html b/linux_amd64/ssl/share/doc/openssl/html/man3/RSA_get0_key.html new file mode 100755 index 0000000..5b91aa6 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/RSA_get0_key.html @@ -0,0 +1,203 @@ + + + + +RSA_get0_key + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    RSA_set0_key, RSA_set0_factors, RSA_set0_crt_params, RSA_get0_key, +RSA_get0_factors, RSA_get0_crt_params, +RSA_get0_n, RSA_get0_e, RSA_get0_d, RSA_get0_p, RSA_get0_q, +RSA_get0_dmp1, RSA_get0_dmq1, RSA_get0_iqmp, RSA_get0_pss_params, +RSA_clear_flags, +RSA_test_flags, RSA_set_flags, RSA_get0_engine, RSA_get_multi_prime_extra_count, +RSA_get0_multi_prime_factors, RSA_get0_multi_prime_crt_params, +RSA_set0_multi_prime_params, RSA_get_version +- Routines for getting and setting data in an RSA object

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/rsa.h>
    +
    + int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
+ int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q);
+ int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp);
+ void RSA_get0_key(const RSA *r,
+                   const BIGNUM **n, const BIGNUM **e, const BIGNUM **d);
+ void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q);
+ void RSA_get0_crt_params(const RSA *r,
+                          const BIGNUM **dmp1, const BIGNUM **dmq1,
+                          const BIGNUM **iqmp);
+ const BIGNUM *RSA_get0_n(const RSA *d);
+ const BIGNUM *RSA_get0_e(const RSA *d);
+ const BIGNUM *RSA_get0_d(const RSA *d);
+ const BIGNUM *RSA_get0_p(const RSA *d);
+ const BIGNUM *RSA_get0_q(const RSA *d);
+ const BIGNUM *RSA_get0_dmp1(const RSA *r);
+ const BIGNUM *RSA_get0_dmq1(const RSA *r);
+ const BIGNUM *RSA_get0_iqmp(const RSA *r);
+ const RSA_PSS_PARAMS *RSA_get0_pss_params(const RSA *r);
+ void RSA_clear_flags(RSA *r, int flags);
+ int RSA_test_flags(const RSA *r, int flags);
+ void RSA_set_flags(RSA *r, int flags);
+ ENGINE *RSA_get0_engine(RSA *r);
+ int RSA_get_multi_prime_extra_count(const RSA *r);
+ int RSA_get0_multi_prime_factors(const RSA *r, const BIGNUM *primes[]);
+ int RSA_get0_multi_prime_crt_params(const RSA *r, const BIGNUM *exps[],
+                                     const BIGNUM *coeffs[]);
+ int RSA_set0_multi_prime_params(RSA *r, BIGNUM *primes[], BIGNUM *exps[],
+                                BIGNUM *coeffs[], int pnum);
+ int RSA_get_version(RSA *r);
    +

    +

    +
    +

    DESCRIPTION

    +

    An RSA object contains the components for the public and private key, +n, e, d, p, q, dmp1, dmq1 and iqmp. n is +the modulus common to both public and private key, e is the public +exponent and d is the private exponent. p, q, dmp1, +dmq1 and iqmp are the factors for the second representation of a +private key (see PKCS#1 section 3 Key Types), where p and q are +the first and second factor of n and dmp1, dmq1 and iqmp +are the exponents and coefficient for CRT calculations.

    +

    For multi-prime RSA (defined in RFC 8017), there are also one or more +'triplet' in an RSA object. A triplet contains three members, r, d +and t. r is the additional prime besides p and q. d and +t are the exponent and coefficient for CRT calculations.

    +

    The n, e and d parameters can be obtained by calling +RSA_get0_key(). If they have not been set yet, then *n, *e and +*d will be set to NULL. Otherwise, they are set to pointers to +their respective values. These point directly to the internal +representations of the values and therefore should not be freed +by the caller.

    +

    The n, e and d parameter values can be set by calling +RSA_set0_key() and passing the new values for n, e and d as +parameters to the function. The values n and e must be non-NULL +the first time this function is called on a given RSA object. The +value d may be NULL. On subsequent calls any of these values may be +NULL which means the corresponding RSA field is left untouched. +Calling this function transfers the memory management of the values to +the RSA object, and therefore the values that have been passed in +should not be freed by the caller after this function has been called.

    +

    In a similar fashion, the p and q parameters can be obtained and +set with RSA_get0_factors() and RSA_set0_factors(), and the dmp1, +dmq1 and iqmp parameters can be obtained and set with +RSA_get0_crt_params() and RSA_set0_crt_params().

    +

    For RSA_get0_key(), RSA_get0_factors(), and RSA_get0_crt_params(), +NULL value BIGNUM ** output parameters are permitted. The functions +ignore NULL parameters but return values for other, non-NULL, parameters.

    +

    For multi-prime RSA, RSA_get0_multi_prime_factors() and RSA_get0_multi_prime_params() +can be used to obtain other primes and related CRT parameters. The +return values are stored in an array of BIGNUM *. RSA_set0_multi_prime_params() +sets a collect of multi-prime 'triplet' members (prime, exponent and coefficient) +into an RSA object.

    +

    Any of the values n, e, d, p, q, dmp1, dmq1, and iqmp can also be +retrieved separately by the corresponding function +RSA_get0_n(), RSA_get0_e(), RSA_get0_d(), RSA_get0_p(), RSA_get0_q(), +RSA_get0_dmp1(), RSA_get0_dmq1(), and RSA_get0_iqmp(), respectively.

    +

    RSA_get0_pss_params() is used to retrieve the RSA-PSS parameters.

    +

    RSA_set_flags() sets the flags in the flags parameter on the RSA +object. Multiple flags can be passed in one go (bitwise ORed together). +Any flags that are already set are left set. RSA_test_flags() tests to +see whether the flags passed in the flags parameter are currently +set in the RSA object. Multiple flags can be tested in one go. All +flags that are currently set are returned, or zero if none of the +flags are set. RSA_clear_flags() clears the specified flags within the +RSA object.

    +

    RSA_get0_engine() returns a handle to the ENGINE that has been set for +this RSA object, or NULL if no such ENGINE has been set.

    +

    RSA_get_version() returns the version of an RSA object r.

    +

    +

    +
    +

    NOTES

    +

    Values retrieved with RSA_get0_key() are owned by the RSA object used +in the call and may therefore not be passed to RSA_set0_key(). If +needed, duplicate the received value using BN_dup() and pass the +duplicate. The same applies to RSA_get0_factors() and RSA_set0_factors() +as well as RSA_get0_crt_params() and RSA_set0_crt_params().

    +

    The caller should obtain the size by calling RSA_get_multi_prime_extra_count() +in advance and allocate sufficient buffer to store the return values before +calling RSA_get0_multi_prime_factors() and RSA_get0_multi_prime_params().

    +

    RSA_set0_multi_prime_params() always clears the original multi-prime +triplets in RSA object r and assign the new set of triplets into it.

    +

    +

    +
    +

    RETURN VALUES

    +

    RSA_set0_key(), RSA_set0_factors(), RSA_set0_crt_params() and +RSA_set0_multi_prime_params() return 1 on success or 0 on failure.

    +

    RSA_get0_n(), RSA_get0_e(), RSA_get0_d(), RSA_get0_p(), RSA_get0_q(), +RSA_get0_dmp1(), RSA_get0_dmq1(), and RSA_get0_iqmp() +return the respective value.

    +

    RSA_get0_pss_params() returns a RSA_PSS_PARAMS pointer, or NULL if +there is none.

    +

    RSA_get0_multi_prime_factors() and RSA_get0_multi_prime_crt_params() return +1 on success or 0 on failure.

    +

    RSA_get_multi_prime_extra_count() returns two less than the number of primes +in use, which is 0 for traditional RSA and the number of extra primes for +multi-prime RSA.

    +

    RSA_get_version() returns RSA_ASN1_VERSION_MULTI for multi-prime RSA and +RSA_ASN1_VERSION_DEFAULT for normal two-prime RSA, as defined in RFC 8017.

    +

    RSA_test_flags() returns the current state of the flags in the RSA object.

    +

    RSA_get0_engine() returns the ENGINE set for the RSA object or NULL if no +ENGINE has been set.

    +

    +

    +
    +

    SEE ALSO

    +

    RSA_new(3), RSA_size(3)

    +

    +

    +
    +

    HISTORY

    +

    The RSA_get0_pss_params() function was added in OpenSSL 1.1.1e.

    +

    The +RSA_get_multi_prime_extra_count(), RSA_get0_multi_prime_factors(), +RSA_get0_multi_prime_crt_params(), RSA_set0_multi_prime_params(), +and RSA_get_version() functions were added in OpenSSL 1.1.1.

    +

    Other functions described here were added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/RSA_meth_new.html b/linux_amd64/ssl/share/doc/openssl/html/man3/RSA_meth_new.html new file mode 100755 index 0000000..6cf9a26 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/RSA_meth_new.html @@ -0,0 +1,285 @@ + + + + +RSA_meth_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    RSA_meth_get0_app_data, RSA_meth_set0_app_data, +RSA_meth_new, RSA_meth_free, RSA_meth_dup, RSA_meth_get0_name, +RSA_meth_set1_name, RSA_meth_get_flags, RSA_meth_set_flags, +RSA_meth_get_pub_enc, +RSA_meth_set_pub_enc, RSA_meth_get_pub_dec, RSA_meth_set_pub_dec, +RSA_meth_get_priv_enc, RSA_meth_set_priv_enc, RSA_meth_get_priv_dec, +RSA_meth_set_priv_dec, RSA_meth_get_mod_exp, RSA_meth_set_mod_exp, +RSA_meth_get_bn_mod_exp, RSA_meth_set_bn_mod_exp, RSA_meth_get_init, +RSA_meth_set_init, RSA_meth_get_finish, RSA_meth_set_finish, +RSA_meth_get_sign, RSA_meth_set_sign, RSA_meth_get_verify, +RSA_meth_set_verify, RSA_meth_get_keygen, RSA_meth_set_keygen, +RSA_meth_get_multi_prime_keygen, RSA_meth_set_multi_prime_keygen +- Routines to build up RSA methods

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/rsa.h>
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + RSA_METHOD *RSA_meth_new(const char *name, int flags);
+ void RSA_meth_free(RSA_METHOD *meth);
    +
    + RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth);
    +
    + const char *RSA_meth_get0_name(const RSA_METHOD *meth);
+ int RSA_meth_set1_name(RSA_METHOD *meth, const char *name);
    +
    + int RSA_meth_get_flags(const RSA_METHOD *meth);
+ int RSA_meth_set_flags(RSA_METHOD *meth, int flags);
    +
    + void *RSA_meth_get0_app_data(const RSA_METHOD *meth);
+ int RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data);
    +
    + int (*RSA_meth_get_pub_enc(const RSA_METHOD *meth))(int flen, const unsigned char *from,
+                                                     unsigned char *to, RSA *rsa, int padding);
+ int RSA_meth_set_pub_enc(RSA_METHOD *rsa,
+                          int (*pub_enc)(int flen, const unsigned char *from,
+                                         unsigned char *to, RSA *rsa,
+                                         int padding));
    +
    + int (*RSA_meth_get_pub_dec(const RSA_METHOD *meth))
+     (int flen, const unsigned char *from,
+      unsigned char *to, RSA *rsa, int padding);
+ int RSA_meth_set_pub_dec(RSA_METHOD *rsa,
+                          int (*pub_dec)(int flen, const unsigned char *from,
+                                         unsigned char *to, RSA *rsa,
+                                         int padding));
    +
    + int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth))(int flen, const unsigned char *from,
+                                                      unsigned char *to, RSA *rsa,
+                                                      int padding);
+ int RSA_meth_set_priv_enc(RSA_METHOD *rsa,
+                           int (*priv_enc)(int flen, const unsigned char *from,
+                                           unsigned char *to, RSA *rsa, int padding));
    +
    + int (*RSA_meth_get_priv_dec(const RSA_METHOD *meth))(int flen, const unsigned char *from,
+                                                      unsigned char *to, RSA *rsa,
+                                                      int padding);
+ int RSA_meth_set_priv_dec(RSA_METHOD *rsa,
+                           int (*priv_dec)(int flen, const unsigned char *from,
+                                           unsigned char *to, RSA *rsa, int padding));
    +
    + /* Can be null */
+ int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth))(BIGNUM *r0, const BIGNUM *i,
+                                                     RSA *rsa, BN_CTX *ctx);
+ int RSA_meth_set_mod_exp(RSA_METHOD *rsa,
+                          int (*mod_exp)(BIGNUM *r0, const BIGNUM *i, RSA *rsa,
+                                         BN_CTX *ctx));
    +
    + /* Can be null */
+ int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth))(BIGNUM *r, const BIGNUM *a,
+                                                        const BIGNUM *p, const BIGNUM *m,
+                                                        BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+ int RSA_meth_set_bn_mod_exp(RSA_METHOD *rsa,
+                             int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a,
+                                               const BIGNUM *p, const BIGNUM *m,
+                                               BN_CTX *ctx, BN_MONT_CTX *m_ctx));
    +
    + /* called at new */
+ int (*RSA_meth_get_init(const RSA_METHOD *meth) (RSA *rsa);
+ int RSA_meth_set_init(RSA_METHOD *rsa, int (*init (RSA *rsa));
    +
    + /* called at free */
+ int (*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa);
+ int RSA_meth_set_finish(RSA_METHOD *rsa, int (*finish)(RSA *rsa));
    +
    + int (*RSA_meth_get_sign(const RSA_METHOD *meth))(int type, const unsigned char *m,
+                                                  unsigned int m_length,
+                                                  unsigned char *sigret,
+                                                  unsigned int *siglen, const RSA *rsa);
+ int RSA_meth_set_sign(RSA_METHOD *rsa,
+                       int (*sign)(int type, const unsigned char *m,
+                                   unsigned int m_length, unsigned char *sigret,
+                                   unsigned int *siglen, const RSA *rsa));
    +
    + int (*RSA_meth_get_verify(const RSA_METHOD *meth))(int dtype, const unsigned char *m,
+                                                    unsigned int m_length,
+                                                    const unsigned char *sigbuf,
+                                                    unsigned int siglen, const RSA *rsa);
+ int RSA_meth_set_verify(RSA_METHOD *rsa,
+                         int (*verify)(int dtype, const unsigned char *m,
+                                       unsigned int m_length,
+                                       const unsigned char *sigbuf,
+                                       unsigned int siglen, const RSA *rsa));
    +
    + int (*RSA_meth_get_keygen(const RSA_METHOD *meth))(RSA *rsa, int bits, BIGNUM *e,
+                                                    BN_GENCB *cb);
+ int RSA_meth_set_keygen(RSA_METHOD *rsa,
+                         int (*keygen)(RSA *rsa, int bits, BIGNUM *e,
+                                       BN_GENCB *cb));
    +
    + int (*RSA_meth_get_multi_prime_keygen(const RSA_METHOD *meth))(RSA *rsa, int bits,
+                                                                int primes, BIGNUM *e,
+                                                                BN_GENCB *cb);
    +
    + int RSA_meth_set_multi_prime_keygen(RSA_METHOD *meth,
+                                     int (*keygen) (RSA *rsa, int bits,
+                                                    int primes, BIGNUM *e,
+                                                    BN_GENCB *cb));
    +

    +

    +
    +

    DESCRIPTION

    +

    All of the functions described on this page are deprecated. +Applications should instead use the OSSL_PROVIDER APIs.

    +

    The RSA_METHOD type is a structure used for the provision of custom +RSA implementations. It provides a set of functions used by OpenSSL +for the implementation of the various RSA capabilities.

    +

    RSA_meth_new() creates a new RSA_METHOD structure. It should be +given a unique name and a set of flags. The name should be a +NULL terminated string, which will be duplicated and stored in the +RSA_METHOD object. It is the callers responsibility to free the +original string. The flags will be used during the construction of a +new RSA object based on this RSA_METHOD. Any new RSA object +will have those flags set by default.

    +

    RSA_meth_dup() creates a duplicate copy of the RSA_METHOD object +passed as a parameter. This might be useful for creating a new +RSA_METHOD based on an existing one, but with some differences.

    +

    RSA_meth_free() destroys an RSA_METHOD structure and frees up any +memory associated with it.

    +

    RSA_meth_get0_name() will return a pointer to the name of this +RSA_METHOD. This is a pointer to the internal name string and so +should not be freed by the caller. RSA_meth_set1_name() sets the name +of the RSA_METHOD to name. The string is duplicated and the copy is +stored in the RSA_METHOD structure, so the caller remains responsible +for freeing the memory associated with the name.

    +

    RSA_meth_get_flags() returns the current value of the flags associated +with this RSA_METHOD. RSA_meth_set_flags() provides the ability to set +these flags.

    +

    The functions RSA_meth_get0_app_data() and RSA_meth_set0_app_data() +provide the ability to associate implementation specific data with the +RSA_METHOD. It is the application's responsibility to free this data +before the RSA_METHOD is freed via a call to RSA_meth_free().

    +

    RSA_meth_get_sign() and RSA_meth_set_sign() get and set the function +used for creating an RSA signature respectively. This function will be +called in response to the application calling RSA_sign(). The +parameters for the function have the same meaning as for RSA_sign().

    +

    RSA_meth_get_verify() and RSA_meth_set_verify() get and set the +function used for verifying an RSA signature respectively. This +function will be called in response to the application calling +RSA_verify(). The parameters for the function have the same meaning as +for RSA_verify().

    +

    RSA_meth_get_mod_exp() and RSA_meth_set_mod_exp() get and set the +function used for CRT computations.

    +

    RSA_meth_get_bn_mod_exp() and RSA_meth_set_bn_mod_exp() get and set +the function used for CRT computations, specifically the following +value:

    +
    + r = a ^ p mod m
    +

    Both the mod_exp() and bn_mod_exp() functions are called by the +default OpenSSL method during encryption, decryption, signing and +verification.

    +

    RSA_meth_get_init() and RSA_meth_set_init() get and set the function +used for creating a new RSA instance respectively. This function will +be called in response to the application calling RSA_new() (if the +current default RSA_METHOD is this one) or RSA_new_method(). The +RSA_new() and RSA_new_method() functions will allocate the memory for +the new RSA object, and a pointer to this newly allocated structure +will be passed as a parameter to the function. This function may be +NULL.

    +

    RSA_meth_get_finish() and RSA_meth_set_finish() get and set the +function used for destroying an instance of an RSA object respectively. +This function will be called in response to the application calling +RSA_free(). A pointer to the RSA to be destroyed is passed as a +parameter. The destroy function should be used for RSA implementation +specific clean up. The memory for the RSA itself should not be freed +by this function. This function may be NULL.

    +

    RSA_meth_get_keygen() and RSA_meth_set_keygen() get and set the +function used for generating a new RSA key pair respectively. This +function will be called in response to the application calling +RSA_generate_key_ex(). The parameter for the function has the same +meaning as for RSA_generate_key_ex().

    +

    RSA_meth_get_multi_prime_keygen() and RSA_meth_set_multi_prime_keygen() get +and set the function used for generating a new multi-prime RSA key pair +respectively. This function will be called in response to the application calling +RSA_generate_multi_prime_key(). The parameter for the function has the same +meaning as for RSA_generate_multi_prime_key().

    +

    RSA_meth_get_pub_enc(), RSA_meth_set_pub_enc(), +RSA_meth_get_pub_dec(), RSA_meth_set_pub_dec(), +RSA_meth_get_priv_enc(), RSA_meth_set_priv_enc(), +RSA_meth_get_priv_dec(), RSA_meth_set_priv_dec() get and set the +functions used for public and private key encryption and decryption. +These functions will be called in response to the application calling +RSA_public_encrypt(), RSA_private_decrypt(), RSA_private_encrypt() and +RSA_public_decrypt() and take the same parameters as those.

    +

    +

    +
    +

    RETURN VALUES

    +

    RSA_meth_new() and RSA_meth_dup() return the newly allocated +RSA_METHOD object or NULL on failure.

    +

    RSA_meth_get0_name() and RSA_meth_get_flags() return the name and +flags associated with the RSA_METHOD respectively.

    +

    All other RSA_meth_get_*() functions return the appropriate function +pointer that has been set in the RSA_METHOD, or NULL if no such +pointer has yet been set.

    +

    RSA_meth_set1_name and all RSA_meth_set_*() functions return 1 on +success or 0 on failure.

    +

    +

    +
    +

    SEE ALSO

    +

    RSA_new(3), RSA_generate_key_ex(3), RSA_sign(3), +RSA_set_method(3), RSA_size(3), RSA_get0_key(3), +RSA_generate_multi_prime_key(3)

    +

    +

    +
    +

    HISTORY

    +

    All of these functions were deprecated in OpenSSL 3.0.

    +

    RSA_meth_get_multi_prime_keygen() and RSA_meth_set_multi_prime_keygen() were +added in OpenSSL 1.1.1.

    +

    Other functions described here were added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/RSA_new.html b/linux_amd64/ssl/share/doc/openssl/html/man3/RSA_new.html new file mode 100755 index 0000000..3bca460 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/RSA_new.html @@ -0,0 +1,82 @@ + + + + +RSA_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    RSA_new, RSA_free - allocate and free RSA objects

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/rsa.h>
    +
    + RSA *RSA_new(void);
    +
    + void RSA_free(RSA *rsa);
    +

    +

    +
    +

    DESCRIPTION

    +

    RSA_new() allocates and initializes an RSA structure. It is equivalent to +calling RSA_new_method(NULL).

    +

    RSA_free() frees the RSA structure and its components. The key is +erased before the memory is returned to the system. +If rsa is NULL nothing is done.

    +

    +

    +
    +

    RETURN VALUES

    +

    If the allocation fails, RSA_new() returns NULL and sets an error +code that can be obtained by ERR_get_error(3). Otherwise it returns +a pointer to the newly allocated structure.

    +

    RSA_free() returns no value.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), +RSA_generate_key(3), +RSA_new_method(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/RSA_padding_add_PKCS1_type_1.html b/linux_amd64/ssl/share/doc/openssl/html/man3/RSA_padding_add_PKCS1_type_1.html new file mode 100755 index 0000000..521f446 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/RSA_padding_add_PKCS1_type_1.html @@ -0,0 +1,206 @@ + + + + +RSA_padding_add_PKCS1_type_1 + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    RSA_padding_add_PKCS1_type_1, RSA_padding_check_PKCS1_type_1, +RSA_padding_add_PKCS1_type_2, RSA_padding_check_PKCS1_type_2, +RSA_padding_add_PKCS1_OAEP, RSA_padding_check_PKCS1_OAEP, +RSA_padding_add_PKCS1_OAEP_mgf1, RSA_padding_check_PKCS1_OAEP_mgf1, +RSA_padding_add_SSLv23, RSA_padding_check_SSLv23, +RSA_padding_add_none, RSA_padding_check_none - asymmetric encryption +padding

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/rsa.h>
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
+                                  const unsigned char *f, int fl);
    +
    + int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
+                                    const unsigned char *f, int fl, int rsa_len);
    +
    + int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
+                                  const unsigned char *f, int fl);
    +
    + int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
+                                    const unsigned char *f, int fl, int rsa_len);
    +
    + int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
+                                const unsigned char *f, int fl,
+                                const unsigned char *p, int pl);
    +
    + int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
+                                  const unsigned char *f, int fl, int rsa_len,
+                                  const unsigned char *p, int pl);
    +
    + int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
+                                     const unsigned char *f, int fl,
+                                     const unsigned char *p, int pl,
+                                     const EVP_MD *md, const EVP_MD *mgf1md);
    +
    + int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
+                                       const unsigned char *f, int fl, int rsa_len,
+                                       const unsigned char *p, int pl,
+                                       const EVP_MD *md, const EVP_MD *mgf1md);
    +
    + int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
+                            const unsigned char *f, int fl);
    +
    + int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
+                              const unsigned char *f, int fl, int rsa_len);
    +
    + int RSA_padding_add_none(unsigned char *to, int tlen,
+                          const unsigned char *f, int fl);
    +
    + int RSA_padding_check_none(unsigned char *to, int tlen,
+                            const unsigned char *f, int fl, int rsa_len);
    +

    +

    +
    +

    DESCRIPTION

    +

    All of the functions described on this page are deprecated. +Applications should instead use the EVP PKEY APIs.

    +

    The RSA_padding_xxx_xxx() functions are called from the RSA encrypt, +decrypt, sign and verify functions. Normally they should not be called +from application programs.

    +

    However, they can also be called directly to implement padding for other +asymmetric ciphers. RSA_padding_add_PKCS1_OAEP() and +RSA_padding_check_PKCS1_OAEP() may be used in an application combined +with RSA_NO_PADDING in order to implement OAEP with an encoding +parameter.

    +

    RSA_padding_add_xxx() encodes fl bytes from f so as to fit into +tlen bytes and stores the result at to. An error occurs if fl +does not meet the size requirements of the encoding method.

    +

    The following encoding methods are implemented:

    +
    +
    PKCS1_type_1
    + +
    +

    PKCS #1 v2.0 EMSA-PKCS1-v1_5 (PKCS #1 v1.5 block type 1); used for signatures

    +
    +
    PKCS1_type_2
    + +
    +

    PKCS #1 v2.0 EME-PKCS1-v1_5 (PKCS #1 v1.5 block type 2)

    +
    +
    PKCS1_OAEP
    + +
    +

    PKCS #1 v2.0 EME-OAEP

    +
    +
    SSLv23
    + +
    +

    PKCS #1 EME-PKCS1-v1_5 with SSL-specific modification

    +
    +
    none
    + +
    +

    simply copy the data

    +
    +
    +

    The random number generator must be seeded prior to calling +RSA_padding_add_xxx(). +If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to +external circumstances (see RAND(7)), the operation will fail.

    +

    RSA_padding_check_xxx() verifies that the fl bytes at f contain +a valid encoding for a rsa_len byte RSA key in the respective +encoding method and stores the recovered data of at most tlen bytes +(for RSA_NO_PADDING: of size tlen) +at to.

    +

    For RSA_padding_xxx_OAEP(), p points to the encoding parameter +of length pl. p may be NULL if pl is 0.

    +

    For RSA_padding_xxx_OAEP_mgf1(), md points to the md hash, +if md is NULL that means md=sha1, and mgf1md points to +the mgf1 hash, if mgf1md is NULL that means mgf1md=md.

    +

    +

    +
    +

    RETURN VALUES

    +

    The RSA_padding_add_xxx() functions return 1 on success, 0 on error. +The RSA_padding_check_xxx() functions return the length of the +recovered data, -1 on error. Error codes can be obtained by calling +ERR_get_error(3).

    +

    +

    +
    +

    WARNINGS

    +

    The result of RSA_padding_check_PKCS1_type_2() is a very sensitive +information which can potentially be used to mount a Bleichenbacher +padding oracle attack. This is an inherent weakness in the PKCS #1 +v1.5 padding design. Prefer PKCS1_OAEP padding. If that is not +possible, the result of RSA_padding_check_PKCS1_type_2() should be +checked in constant time if it matches the expected length of the +plaintext and additionally some application specific consistency +checks on the plaintext need to be performed in constant time. +If the plaintext is rejected it must be kept secret which of the +checks caused the application to reject the message. +Do not remove the zero-padding from the decrypted raw RSA data +which was computed by RSA_private_decrypt() with RSA_NO_PADDING, +as this would create a small timing side channel which could be +used to mount a Bleichenbacher attack against any padding mode +including PKCS1_OAEP.

    +

    +

    +
    +

    SEE ALSO

    +

    RSA_public_encrypt(3), +RSA_private_decrypt(3), +RSA_sign(3), RSA_verify(3), +RAND(7)

    +

    +

    +
    +

    HISTORY

    +

    All of these functions were deprecated in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/RSA_print.html b/linux_amd64/ssl/share/doc/openssl/html/man3/RSA_print.html new file mode 100755 index 0000000..fa8f03c --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/RSA_print.html @@ -0,0 +1,109 @@ + + + + +RSA_print + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    RSA_print, RSA_print_fp, +DSAparams_print, DSAparams_print_fp, DSA_print, DSA_print_fp, +DHparams_print, DHparams_print_fp - print cryptographic parameters

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/rsa.h>
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + int RSA_print(BIO *bp, RSA *x, int offset);
+ int RSA_print_fp(FILE *fp, RSA *x, int offset);
    +
    + #include <openssl/dsa.h>
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + int DSAparams_print(BIO *bp, DSA *x);
+ int DSAparams_print_fp(FILE *fp, DSA *x);
+ int DSA_print(BIO *bp, DSA *x, int offset);
+ int DSA_print_fp(FILE *fp, DSA *x, int offset);
    +
    + #include <openssl/dh.h>
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + int DHparams_print(BIO *bp, DH *x);
+ int DHparams_print_fp(FILE *fp, DH *x);
    +

    +

    +
    +

    DESCRIPTION

    +

    All of the functions described on this page are deprecated. +Applications should instead use EVP_PKEY_print_params(3) and +EVP_PKEY_print_private(3).

    +

    A human-readable hexadecimal output of the components of the RSA +key, DSA parameters or key or DH parameters is printed to bp or fp.

    +

    The output lines are indented by offset spaces.

    +

    +

    +
    +

    RETURN VALUES

    +

    These functions return 1 on success, 0 on error.

    +

    +

    +
    +

    SEE ALSO

    +
    + L<EVP_PKEY_print_params(3)>,
+ L<EVP_PKEY_print_private(3)>,
+ L<BN_bn2bin(3)>
    +

    +

    +
    +

    HISTORY

    +

    All of these functions were deprecated in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/RSA_private_encrypt.html b/linux_amd64/ssl/share/doc/openssl/html/man3/RSA_private_encrypt.html new file mode 100755 index 0000000..a53b41c --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/RSA_private_encrypt.html @@ -0,0 +1,119 @@ + + + + +RSA_private_encrypt + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    RSA_private_encrypt, RSA_public_decrypt - low level signature operations

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/rsa.h>
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + int RSA_private_encrypt(int flen, unsigned char *from,
+                         unsigned char *to, RSA *rsa, int padding);
    +
    + int RSA_public_decrypt(int flen, unsigned char *from,
+                        unsigned char *to, RSA *rsa, int padding);
    +

    +

    +
    +

    DESCRIPTION

    +

    Both of the functions described on this page are deprecated. +Applications should instead use EVP_PKEY_encrypt_init(3), +EVP_PKEY_encrypt(3), EVP_PKEY_decrypt_init(3) and EVP_PKEY_decrypt(3).

    +

    These functions handle RSA signatures at a low level.

    +

    RSA_private_encrypt() signs the flen bytes at from (usually a +message digest with an algorithm identifier) using the private key +rsa and stores the signature in to. to must point to +RSA_size(rsa) bytes of memory.

    +

    padding denotes one of the following modes:

    +
    +
    RSA_PKCS1_PADDING
    + +
    +

    PKCS #1 v1.5 padding. This function does not handle the +algorithmIdentifier specified in PKCS #1. When generating or +verifying PKCS #1 signatures, RSA_sign(3) and RSA_verify(3) should be +used.

    +
    +
    RSA_NO_PADDING
    + +
    +

    Raw RSA signature. This mode should only be used to implement +cryptographically sound padding modes in the application code. +Signing user data directly with RSA is insecure.

    +
    +
    +

    RSA_public_decrypt() recovers the message digest from the flen +bytes long signature at from using the signer's public key +rsa. to must point to a memory section large enough to hold the +message digest (which is smaller than RSA_size(rsa) - +11). padding is the padding mode that was used to sign the data.

    +

    +

    +
    +

    RETURN VALUES

    +

    RSA_private_encrypt() returns the size of the signature (i.e., +RSA_size(rsa)). RSA_public_decrypt() returns the size of the +recovered message digest.

    +

    On error, -1 is returned; the error codes can be +obtained by ERR_get_error(3).

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), +RSA_sign(3), RSA_verify(3)

    +

    +

    +
    +

    HISTORY

    +

    Both of these functions were deprecated in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/RSA_public_encrypt.html b/linux_amd64/ssl/share/doc/openssl/html/man3/RSA_public_encrypt.html new file mode 100755 index 0000000..83d1f97 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/RSA_public_encrypt.html @@ -0,0 +1,160 @@ + + + + +RSA_public_encrypt + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    RSA_public_encrypt, RSA_private_decrypt - RSA public key cryptography

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/rsa.h>
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + int RSA_public_encrypt(int flen, const unsigned char *from,
+                        unsigned char *to, RSA *rsa, int padding);
    +
    + int RSA_private_decrypt(int flen, const unsigned char *from,
+                         unsigned char *to, RSA *rsa, int padding);
    +

    +

    +
    +

    DESCRIPTION

    +

    Both of the functions described on this page are deprecated. +Applications should instead use EVP_PKEY_encrypt_init(3), +EVP_PKEY_encrypt(3), EVP_PKEY_decrypt_init(3) and EVP_PKEY_decrypt(3).

    +

    RSA_public_encrypt() encrypts the flen bytes at from (usually a +session key) using the public key rsa and stores the ciphertext in +to. to must point to RSA_size(rsa) bytes of memory.

    +

    padding denotes one of the following modes:

    +
    +
    RSA_PKCS1_PADDING
    + +
    +

    PKCS #1 v1.5 padding. This currently is the most widely used mode. +However, it is highly recommended to use RSA_PKCS1_OAEP_PADDING in +new applications. SEE WARNING BELOW.

    +
    +
    RSA_PKCS1_OAEP_PADDING
    + +
    +

    EME-OAEP as defined in PKCS #1 v2.0 with SHA-1, MGF1 and an empty +encoding parameter. This mode is recommended for all new applications.

    +
    +
    RSA_SSLV23_PADDING
    + +
    +

    PKCS #1 v1.5 padding with an SSL-specific modification that denotes +that the server is SSL3 capable.

    +
    +
    RSA_NO_PADDING
    + +
    +

    Raw RSA encryption. This mode should only be used to implement +cryptographically sound padding modes in the application code. +Encrypting user data directly with RSA is insecure.

    +
    +
    +

    flen must not be more than RSA_size(rsa) - 11 for the PKCS #1 v1.5 +based padding modes, not more than RSA_size(rsa) - 42 for +RSA_PKCS1_OAEP_PADDING and exactly RSA_size(rsa) for RSA_NO_PADDING. +When a padding mode other than RSA_NO_PADDING is in use, then +RSA_public_encrypt() will include some random bytes into the ciphertext +and therefore the ciphertext will be different each time, even if the +plaintext and the public key are exactly identical. +The returned ciphertext in to will always be zero padded to exactly +RSA_size(rsa) bytes. +to and from may overlap.

    +

    RSA_private_decrypt() decrypts the flen bytes at from using the +private key rsa and stores the plaintext in to. flen should +be equal to RSA_size(rsa) but may be smaller, when leading zero +bytes are in the ciphertext. Those are not important and may be removed, +but RSA_public_encrypt() does not do that. to must point +to a memory section large enough to hold the maximal possible decrypted +data (which is equal to RSA_size(rsa) for RSA_NO_PADDING, +RSA_size(rsa) - 11 for the PKCS #1 v1.5 based padding modes and +RSA_size(rsa) - 42 for RSA_PKCS1_OAEP_PADDING). +padding is the padding mode that was used to encrypt the data. +to and from may overlap.

    +

    +

    +
    +

    RETURN VALUES

    +

    RSA_public_encrypt() returns the size of the encrypted data (i.e., +RSA_size(rsa)). RSA_private_decrypt() returns the size of the +recovered plaintext. A return value of 0 is not an error and +means only that the plaintext was empty.

    +

    On error, -1 is returned; the error codes can be +obtained by ERR_get_error(3).

    +

    +

    +
    +

    WARNINGS

    +

    Decryption failures in the RSA_PKCS1_PADDING mode leak information +which can potentially be used to mount a Bleichenbacher padding oracle +attack. This is an inherent weakness in the PKCS #1 v1.5 padding +design. Prefer RSA_PKCS1_OAEP_PADDING.

    +

    +

    +
    +

    CONFORMING TO

    +

    SSL, PKCS #1 v2.0

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), RAND_bytes(3), +RSA_size(3)

    +

    +

    +
    +

    HISTORY

    +

    Both of these functions were deprecated in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/RSA_set_method.html b/linux_amd64/ssl/share/doc/openssl/html/man3/RSA_set_method.html new file mode 100755 index 0000000..fba214f --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/RSA_set_method.html @@ -0,0 +1,224 @@ + + + + +RSA_set_method + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    RSA_set_default_method, RSA_get_default_method, RSA_set_method, +RSA_get_method, RSA_PKCS1_OpenSSL, RSA_flags, +RSA_new_method - select RSA method

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/rsa.h>
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + void RSA_set_default_method(const RSA_METHOD *meth);
    +
    + RSA_METHOD *RSA_get_default_method(void);
    +
    + int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);
    +
    + RSA_METHOD *RSA_get_method(const RSA *rsa);
    +
    + RSA_METHOD *RSA_PKCS1_OpenSSL(void);
    +
    + int RSA_flags(const RSA *rsa);
    +
    + RSA *RSA_new_method(ENGINE *engine);
    +

    +

    +
    +

    DESCRIPTION

    +

    All of the functions described on this page are deprecated. +Applications should instead use the OSSL_PROVIDER APIs.

    +

    An RSA_METHOD specifies the functions that OpenSSL uses for RSA +operations. By modifying the method, alternative implementations such as +hardware accelerators may be used. IMPORTANT: See the NOTES section for +important information about how these RSA API functions are affected by the +use of ENGINE API calls.

    +

    Initially, the default RSA_METHOD is the OpenSSL internal implementation, +as returned by RSA_PKCS1_OpenSSL().

    +

    RSA_set_default_method() makes meth the default method for all RSA +structures created later. +NB: This is true only whilst no ENGINE has +been set as a default for RSA, so this function is no longer recommended. +This function is not thread-safe and should not be called at the same time +as other OpenSSL functions.

    +

    RSA_get_default_method() returns a pointer to the current default +RSA_METHOD. However, the meaningfulness of this result is dependent on +whether the ENGINE API is being used, so this function is no longer +recommended.

    +

    RSA_set_method() selects meth to perform all operations using the key +rsa. This will replace the RSA_METHOD used by the RSA key and if the +previous method was supplied by an ENGINE, the handle to that ENGINE will +be released during the change. It is possible to have RSA keys that only +work with certain RSA_METHOD implementations (eg. from an ENGINE module +that supports embedded hardware-protected keys), and in such cases +attempting to change the RSA_METHOD for the key can have unexpected +results.

    +

    RSA_get_method() returns a pointer to the RSA_METHOD being used by rsa. +This method may or may not be supplied by an ENGINE implementation, but if +it is, the return value can only be guaranteed to be valid as long as the +RSA key itself is valid and does not have its implementation changed by +RSA_set_method().

    +

    RSA_flags() returns the flags that are set for rsa's current +RSA_METHOD. See the BUGS section.

    +

    RSA_new_method() allocates and initializes an RSA structure so that +engine will be used for the RSA operations. If engine is NULL, the +default ENGINE for RSA operations is used, and if no default ENGINE is set, +the RSA_METHOD controlled by RSA_set_default_method() is used.

    +

    RSA_flags() returns the flags that are set for rsa's current method.

    +

    RSA_new_method() allocates and initializes an RSA structure so that +method will be used for the RSA operations. If method is NULL, +the default method is used.

    +

    +

    +
    +

    THE RSA_METHOD STRUCTURE

    +
    + typedef struct rsa_meth_st
+ {
+     /* name of the implementation */
+     const char *name;
    +
    +     /* encrypt */
+     int (*rsa_pub_enc)(int flen, unsigned char *from,
+                        unsigned char *to, RSA *rsa, int padding);
    +
    +     /* verify arbitrary data */
+     int (*rsa_pub_dec)(int flen, unsigned char *from,
+                        unsigned char *to, RSA *rsa, int padding);
    +
    +     /* sign arbitrary data */
+     int (*rsa_priv_enc)(int flen, unsigned char *from,
+                         unsigned char *to, RSA *rsa, int padding);
    +
    +     /* decrypt */
+     int (*rsa_priv_dec)(int flen, unsigned char *from,
+                         unsigned char *to, RSA *rsa, int padding);
    +
    +     /* compute r0 = r0 ^ I mod rsa->n (May be NULL for some implementations) */
+     int (*rsa_mod_exp)(BIGNUM *r0, BIGNUM *I, RSA *rsa);
    +
    +     /* compute r = a ^ p mod m (May be NULL for some implementations) */
+     int (*bn_mod_exp)(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+                       const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
    +
    +     /* called at RSA_new */
+     int (*init)(RSA *rsa);
    +
    +     /* called at RSA_free */
+     int (*finish)(RSA *rsa);
    +
    +     /*
+      * RSA_FLAG_EXT_PKEY        - rsa_mod_exp is called for private key
+      *                            operations, even if p,q,dmp1,dmq1,iqmp
+      *                            are NULL
+      * RSA_METHOD_FLAG_NO_CHECK - don't check pub/private match
+      */
+     int flags;
    +
    +     char *app_data; /* ?? */
    +
    +     int (*rsa_sign)(int type,
+                     const unsigned char *m, unsigned int m_length,
+                     unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
+     int (*rsa_verify)(int dtype,
+                       const unsigned char *m, unsigned int m_length,
+                       const unsigned char *sigbuf, unsigned int siglen,
+                       const RSA *rsa);
+     /* keygen. If NULL built-in RSA key generation will be used */
+     int (*rsa_keygen)(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
    +
    + } RSA_METHOD;
    +

    +

    +
    +

    RETURN VALUES

    +

    RSA_PKCS1_OpenSSL(), RSA_PKCS1_null_method(), RSA_get_default_method() +and RSA_get_method() return pointers to the respective RSA_METHODs.

    +

    RSA_set_default_method() returns no value.

    +

    RSA_set_method() returns a pointer to the old RSA_METHOD implementation +that was replaced. However, this return value should probably be ignored +because if it was supplied by an ENGINE, the pointer could be invalidated +at any time if the ENGINE is unloaded (in fact it could be unloaded as a +result of the RSA_set_method() function releasing its handle to the +ENGINE). For this reason, the return type may be replaced with a void +declaration in a future release.

    +

    RSA_new_method() returns NULL and sets an error code that can be obtained +by ERR_get_error(3) if the allocation fails. Otherwise +it returns a pointer to the newly allocated structure.

    +

    +

    +
    +

    BUGS

    +

    The behaviour of RSA_flags() is a mis-feature that is left as-is for now +to avoid creating compatibility problems. RSA functionality, such as the +encryption functions, are controlled by the flags value in the RSA key +itself, not by the flags value in the RSA_METHOD attached to the RSA key +(which is what this function returns). If the flags element of an RSA key +is changed, the changes will be honoured by RSA functionality but will not +be reflected in the return value of the RSA_flags() function - in effect +RSA_flags() behaves more like an RSA_default_flags() function (which does +not currently exist).

    +

    +

    +
    +

    SEE ALSO

    +

    RSA_new(3)

    +

    +

    +
    +

    HISTORY

    +

    All of these functions were deprecated in OpenSSL 3.0.

    +

    The RSA_null_method(), which was a partial attempt to avoid patent issues, +was replaced to always return NULL in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/RSA_sign.html b/linux_amd64/ssl/share/doc/openssl/html/man3/RSA_sign.html new file mode 100755 index 0000000..bf5a040 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/RSA_sign.html @@ -0,0 +1,113 @@ + + + + +RSA_sign + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    RSA_sign, RSA_verify - RSA signatures

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/rsa.h>
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
+              unsigned char *sigret, unsigned int *siglen, RSA *rsa);
    +
    + int RSA_verify(int type, const unsigned char *m, unsigned int m_len,
+                unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
    +

    +

    +
    +

    DESCRIPTION

    +

    All of the functions described on this page are deprecated. +Applications should instead use EVP_PKEY_sign_init(3), EVP_PKEY_sign(3), +EVP_PKEY_verify_init(3) and EVP_PKEY_verify(3).

    +

    RSA_sign() signs the message digest m of size m_len using the +private key rsa using RSASSA-PKCS1-v1_5 as specified in RFC 3447. It +stores the signature in sigret and the signature size in siglen. +sigret must point to RSA_size(rsa) bytes of memory. +Note that PKCS #1 adds meta-data, placing limits on the size of the +key that can be used. +See RSA_private_encrypt(3) for lower-level +operations.

    +

    type denotes the message digest algorithm that was used to generate +m. +If type is NID_md5_sha1, +an SSL signature (MD5 and SHA1 message digests with PKCS #1 padding +and no algorithm identifier) is created.

    +

    RSA_verify() verifies that the signature sigbuf of size siglen +matches a given message digest m of size m_len. type denotes +the message digest algorithm that was used to generate the signature. +rsa is the signer's public key.

    +

    +

    +
    +

    RETURN VALUES

    +

    RSA_sign() returns 1 on success. +RSA_verify() returns 1 on successful verification.

    +

    The error codes can be obtained by ERR_get_error(3).

    +

    +

    +
    +

    CONFORMING TO

    +

    SSL, PKCS #1 v2.0

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), +RSA_private_encrypt(3), +RSA_public_decrypt(3)

    +

    +

    +
    +

    HISTORY

    +

    All of these functions were deprecated in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/RSA_sign_ASN1_OCTET_STRING.html b/linux_amd64/ssl/share/doc/openssl/html/man3/RSA_sign_ASN1_OCTET_STRING.html new file mode 100755 index 0000000..aba2d19 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/RSA_sign_ASN1_OCTET_STRING.html @@ -0,0 +1,113 @@ + + + + +RSA_sign_ASN1_OCTET_STRING + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    RSA_sign_ASN1_OCTET_STRING, RSA_verify_ASN1_OCTET_STRING - RSA signatures

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/rsa.h>
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + int RSA_sign_ASN1_OCTET_STRING(int dummy, unsigned char *m,
+                                unsigned int m_len, unsigned char *sigret,
+                                unsigned int *siglen, RSA *rsa);
    +
    + int RSA_verify_ASN1_OCTET_STRING(int dummy, unsigned char *m,
+                                  unsigned int m_len, unsigned char *sigbuf,
+                                  unsigned int siglen, RSA *rsa);
    +

    +

    +
    +

    DESCRIPTION

    +

    All of the functions described on this page are deprecated. +Applications should instead use EVP PKEY APIs.

    +

    RSA_sign_ASN1_OCTET_STRING() signs the octet string m of size +m_len using the private key rsa represented in DER using PKCS #1 +padding. It stores the signature in sigret and the signature size +in siglen. sigret must point to RSA_size(rsa) bytes of +memory.

    +

    dummy is ignored.

    +

    The random number generator must be seeded when calling +RSA_sign_ASN1_OCTET_STRING(). +If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to +external circumstances (see RAND(7)), the operation will fail.

    +

    RSA_verify_ASN1_OCTET_STRING() verifies that the signature sigbuf +of size siglen is the DER representation of a given octet string +m of size m_len. dummy is ignored. rsa is the signer's +public key.

    +

    +

    +
    +

    RETURN VALUES

    +

    RSA_sign_ASN1_OCTET_STRING() returns 1 on success, 0 otherwise. +RSA_verify_ASN1_OCTET_STRING() returns 1 on successful verification, 0 +otherwise.

    +

    The error codes can be obtained by ERR_get_error(3).

    +

    +

    +
    +

    BUGS

    +

    These functions serve no recognizable purpose.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), +RAND_bytes(3), RSA_sign(3), +RSA_verify(3), +RAND(7)

    +

    +

    +
    +

    HISTORY

    +

    All of these functions were deprecated in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/RSA_size.html b/linux_amd64/ssl/share/doc/openssl/html/man3/RSA_size.html new file mode 100755 index 0000000..3ad4c58 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/RSA_size.html @@ -0,0 +1,96 @@ + + + + +RSA_size + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    RSA_size, RSA_bits, RSA_security_bits - get RSA modulus size or security bits

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/rsa.h>
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + int RSA_size(const RSA *rsa);
    +
    + int RSA_bits(const RSA *rsa);
    +
    + int RSA_security_bits(const RSA *rsa)
    +

    +

    +
    +

    DESCRIPTION

    +

    All of the functions described on this page are deprecated. +Applications should instead use EVP_PKEY_size(3), EVP_PKEY_bits(3) +and EVP_PKEY_security_bits(3).

    +

    RSA_size() returns the RSA modulus size in bytes. It can be used to +determine how much memory must be allocated for an RSA encrypted +value.

    +

    RSA_bits() returns the number of significant bits.

    +

    rsa and rsa->n must not be NULL.

    +

    RSA_security_bits() returns the number of security bits of the given rsa +key. See BN_security_bits(3).

    +

    +

    +
    +

    RETURN VALUES

    +

    RSA_size() returns the size of modulus in bytes.

    +

    DSA_bits() returns the number of bits in the key.

    +

    RSA_security_bits() returns the number of security bits.

    +

    +

    +
    +

    SEE ALSO

    +

    BN_num_bits(3)

    +

    +

    +
    +

    HISTORY

    +

    All of these functions were deprecated in OpenSSL 3.0.

    +

    The RSA_bits() function was added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SCT_new.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SCT_new.html new file mode 100755 index 0000000..57f4f86 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SCT_new.html @@ -0,0 +1,228 @@ + + + + +SCT_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SCT_new, SCT_new_from_base64, SCT_free, SCT_LIST_free, +SCT_get_version, SCT_set_version, +SCT_get_log_entry_type, SCT_set_log_entry_type, +SCT_get0_log_id, SCT_set0_log_id, SCT_set1_log_id, +SCT_get_timestamp, SCT_set_timestamp, +SCT_get_signature_nid, SCT_set_signature_nid, +SCT_get0_signature, SCT_set0_signature, SCT_set1_signature, +SCT_get0_extensions, SCT_set0_extensions, SCT_set1_extensions, +SCT_get_source, SCT_set_source +- A Certificate Transparency Signed Certificate Timestamp

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ct.h>
    +
    + typedef enum {
+     CT_LOG_ENTRY_TYPE_NOT_SET = -1,
+     CT_LOG_ENTRY_TYPE_X509 = 0,
+     CT_LOG_ENTRY_TYPE_PRECERT = 1
+ } ct_log_entry_type_t;
    +
    + typedef enum {
+     SCT_VERSION_NOT_SET = -1,
+     SCT_VERSION_V1 = 0
+ } sct_version_t;
    +
    + typedef enum {
+     SCT_SOURCE_UNKNOWN,
+     SCT_SOURCE_TLS_EXTENSION,
+     SCT_SOURCE_X509V3_EXTENSION,
+     SCT_SOURCE_OCSP_STAPLED_RESPONSE
+ } sct_source_t;
    +
    + SCT *SCT_new(void);
+ SCT *SCT_new_from_base64(unsigned char version,
+                          const char *logid_base64,
+                          ct_log_entry_type_t entry_type,
+                          uint64_t timestamp,
+                          const char *extensions_base64,
+                          const char *signature_base64);
    +
    + void SCT_free(SCT *sct);
+ void SCT_LIST_free(STACK_OF(SCT) *a);
    +
    + sct_version_t SCT_get_version(const SCT *sct);
+ int SCT_set_version(SCT *sct, sct_version_t version);
    +
    + ct_log_entry_type_t SCT_get_log_entry_type(const SCT *sct);
+ int SCT_set_log_entry_type(SCT *sct, ct_log_entry_type_t entry_type);
    +
    + size_t SCT_get0_log_id(const SCT *sct, unsigned char **log_id);
+ int SCT_set0_log_id(SCT *sct, unsigned char *log_id, size_t log_id_len);
+ int SCT_set1_log_id(SCT *sct, const unsigned char *log_id, size_t log_id_len);
    +
    + uint64_t SCT_get_timestamp(const SCT *sct);
+ void SCT_set_timestamp(SCT *sct, uint64_t timestamp);
    +
    + int SCT_get_signature_nid(const SCT *sct);
+ int SCT_set_signature_nid(SCT *sct, int nid);
    +
    + size_t SCT_get0_signature(const SCT *sct, unsigned char **sig);
+ void SCT_set0_signature(SCT *sct, unsigned char *sig, size_t sig_len);
+ int SCT_set1_signature(SCT *sct, const unsigned char *sig, size_t sig_len);
    +
    + size_t SCT_get0_extensions(const SCT *sct, unsigned char **ext);
+ void SCT_set0_extensions(SCT *sct, unsigned char *ext, size_t ext_len);
+ int SCT_set1_extensions(SCT *sct, const unsigned char *ext, size_t ext_len);
    +
    + sct_source_t SCT_get_source(const SCT *sct);
+ int SCT_set_source(SCT *sct, sct_source_t source);
    +

    +

    +
    +

    DESCRIPTION

    +

    Signed Certificate Timestamps (SCTs) are defined by RFC 6962, Section 3.2. +They constitute a promise by a Certificate Transparency (CT) log to publicly +record a certificate. By cryptographically verifying that a log did indeed issue +an SCT, some confidence can be gained that the certificate is publicly known.

    +

    An internal representation of an SCT can be created in one of two ways. +The first option is to create a blank SCT, using SCT_new(), and then populate +it using:

    +
      +
    • +

      SCT_set_version() to set the SCT version.

      +

      Only SCT_VERSION_V1 is currently supported.

      +
      • +
    • +

      SCT_set_log_entry_type() to set the type of certificate the SCT was issued for:

      +

      CT_LOG_ENTRY_TYPE_X509 for a normal certificate. +CT_LOG_ENTRY_TYPE_PRECERT for a pre-certificate.

      +
      • +
    • +

      SCT_set0_log_id() or SCT_set1_log_id() to set the LogID of the CT log that the SCT came from.

      +

      The former takes ownership, whereas the latter makes a copy. +See RFC 6962, Section 3.2 for the definition of LogID.

      +
      • +
    • +

      SCT_set_timestamp() to set the time the SCT was issued (time in milliseconds +since the Unix Epoch).

      +
      • +
    • +

      SCT_set_signature_nid() to set the NID of the signature.

      +
      • +
    • +

      SCT_set0_signature() or SCT_set1_signature() to set the raw signature value.

      +

      The former takes ownership, whereas the latter makes a copy.

      +
      • +
    • +

      SCT_set0_extensions() or SCT_set1_extensions to provide SCT extensions.

      +

      The former takes ownership, whereas the latter makes a copy.

      +
      • +
    +

    Alternatively, the SCT can be pre-populated from the following data using +SCT_new_from_base64():

    +
      +
    • +

      The SCT version (only SCT_VERSION_V1 is currently supported).

      +
      • +
    • +

      The LogID (see RFC 6962, Section 3.2), base64 encoded.

      +
      • +
    • +

      The type of certificate the SCT was issued for: +CT_LOG_ENTRY_TYPE_X509 for a normal certificate. +CT_LOG_ENTRY_TYPE_PRECERT for a pre-certificate.

      +
      • +
    • +

      The time that the SCT was issued (time in milliseconds since the Unix Epoch).

      +
      • +
    • +

      The SCT extensions, base64 encoded.

      +
      • +
    • +

      The SCT signature, base64 encoded.

      +
      • +
    +

    SCT_set_source() can be used to record where the SCT was found +(TLS extension, X.509 certificate extension or OCSP response). This is not +required for verifying the SCT.

    +

    +

    +
    +

    NOTES

    +

    Some of the setters return int, instead of void. These will all return 1 on +success, 0 on failure. They will not make changes on failure.

    +

    All of the setters will reset the validation status of the SCT to +SCT_VALIDATION_STATUS_NOT_SET (see SCT_validate(3)).

    +

    SCT_set_source() will call SCT_set_log_entry_type() if the type of +certificate the SCT was issued for can be inferred from where the SCT was found. +For example, an SCT found in an X.509 extension must have been issued for a pre- +certificate.

    +

    SCT_set_source() will not refuse unknown values.

    +

    +

    +
    +

    RETURN VALUES

    +

    SCT_set_version() returns 1 if the specified version is supported, 0 otherwise.

    +

    SCT_set_log_entry_type() returns 1 if the specified log entry type is supported, 0 otherwise.

    +

    SCT_set0_log_id() and SCT_set1_log_id return 1 if the specified LogID is a +valid SHA-256 hash, 0 otherwise. Additionally, SCT_set1_log_id returns 0 if +malloc fails.

    +

    SCT_set_signature_nid returns 1 if the specified NID is supported, 0 otherwise.

    +

    SCT_set1_extensions and SCT_set1_signature return 1 if the supplied buffer +is copied successfully, 0 otherwise (i.e. if malloc fails).

    +

    SCT_set_source returns 1 on success, 0 otherwise.

    +

    +

    +
    +

    SEE ALSO

    +

    ct(7), +SCT_validate(3), +OBJ_nid2obj(3)

    +

    +

    +
    +

    HISTORY

    +

    These functions were added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SCT_print.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SCT_print.html new file mode 100755 index 0000000..89b778c --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SCT_print.html @@ -0,0 +1,94 @@ + + + + +SCT_print + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SCT_print, SCT_LIST_print, SCT_validation_status_string - +Prints Signed Certificate Timestamps in a human-readable way

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ct.h>
    +
    + void SCT_print(const SCT *sct, BIO *out, int indent, const CTLOG_STORE *logs);
+ void SCT_LIST_print(const STACK_OF(SCT) *sct_list, BIO *out, int indent,
+                     const char *separator, const CTLOG_STORE *logs);
+ const char *SCT_validation_status_string(const SCT *sct);
    +

    +

    +
    +

    DESCRIPTION

    +

    SCT_print() prints a single Signed Certificate Timestamp (SCT) to a BIO in +a human-readable format. SCT_LIST_print() prints an entire list of SCTs in a +similar way. A separator can be specified to delimit each SCT in the output.

    +

    The output can be indented by a specified number of spaces. If a CTLOG_STORE +is provided, it will be used to print the description of the CT log that issued +each SCT (if that log is in the CTLOG_STORE). Alternatively, NULL can be passed +as the CTLOG_STORE parameter to disable this feature.

    +

    SCT_validation_status_string() will return the validation status of an SCT as +a human-readable string. Call SCT_validate() or SCT_LIST_validate() +beforehand in order to set the validation status of an SCT first.

    +

    +

    +
    +

    RETURN VALUES

    +

    SCT_validation_status_string() returns a null-terminated string representing +the validation status of an SCT object.

    +

    +

    +
    +

    SEE ALSO

    +

    ct(7), +bio(7), +CTLOG_STORE_new(3), +SCT_validate(3)

    +

    +

    +
    +

    HISTORY

    +

    These functions were added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SCT_validate.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SCT_validate.html new file mode 100755 index 0000000..291ca0f --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SCT_validate.html @@ -0,0 +1,131 @@ + + + + +SCT_validate + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SCT_validate, SCT_LIST_validate, SCT_get_validation_status - +checks Signed Certificate Timestamps (SCTs) are valid

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ct.h>
    +
    + typedef enum {
+     SCT_VALIDATION_STATUS_NOT_SET,
+     SCT_VALIDATION_STATUS_UNKNOWN_LOG,
+     SCT_VALIDATION_STATUS_VALID,
+     SCT_VALIDATION_STATUS_INVALID,
+     SCT_VALIDATION_STATUS_UNVERIFIED,
+     SCT_VALIDATION_STATUS_UNKNOWN_VERSION
+ } sct_validation_status_t;
    +
    + int SCT_validate(SCT *sct, const CT_POLICY_EVAL_CTX *ctx);
+ int SCT_LIST_validate(const STACK_OF(SCT) *scts, CT_POLICY_EVAL_CTX *ctx);
+ sct_validation_status_t SCT_get_validation_status(const SCT *sct);
    +

    +

    +
    +

    DESCRIPTION

    +

    SCT_validate() will check that an SCT is valid and verify its signature. +SCT_LIST_validate() performs the same checks on an entire stack of SCTs. +The result of the validation checks can be obtained by passing the SCT to +SCT_get_validation_status().

    +

    A CT_POLICY_EVAL_CTX must be provided that specifies:

    +
      +
    • +

      The certificate the SCT was issued for.

      +

      Failure to provide the certificate will result in the validation status being +SCT_VALIDATION_STATUS_UNVERIFIED.

      +
      • +
    • +

      The issuer of that certificate.

      +

      This is only required if the SCT was issued for a pre-certificate +(see RFC 6962). If it is required but not provided, the validation status will +be SCT_VALIDATION_STATUS_UNVERIFIED.

      +
      • +
    • +

      A CTLOG_STORE that contains the CT log that issued this SCT.

      +

      If the SCT was issued by a log that is not in this CTLOG_STORE, the validation +status will be SCT_VALIDATION_STATUS_UNKNOWN_LOG.

      +
      • +
    +

    If the SCT is of an unsupported version (only v1 is currently supported), the +validation status will be SCT_VALIDATION_STATUS_UNKNOWN_VERSION.

    +

    If the SCT's signature is incorrect, its timestamp is in the future (relative to +the time in CT_POLICY_EVAL_CTX), or if it is otherwise invalid, the validation +status will be SCT_VALIDATION_STATUS_INVALID.

    +

    If all checks pass, the validation status will be SCT_VALIDATION_STATUS_VALID.

    +

    +

    +
    +

    NOTES

    +

    A return value of 0 from SCT_LIST_validate() should not be interpreted as a +failure. At a minimum, only one valid SCT may provide sufficient confidence +that a certificate has been publicly logged.

    +

    +

    +
    +

    RETURN VALUES

    +

    SCT_validate() returns a negative integer if an internal error occurs, 0 if the +SCT fails validation, or 1 if the SCT passes validation.

    +

    SCT_LIST_validate() returns a negative integer if an internal error occurs, 0 +if any of SCTs fails validation, or 1 if they all pass validation.

    +

    SCT_get_validation_status() returns the validation status of the SCT. +If SCT_validate() or SCT_LIST_validate() have not been passed that SCT, the +returned value will be SCT_VALIDATION_STATUS_NOT_SET.

    +

    +

    +
    +

    SEE ALSO

    +

    ct(7)

    +

    +

    +
    +

    HISTORY

    +

    These functions were added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SHA256_Init.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SHA256_Init.html new file mode 100755 index 0000000..4cf4759 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SHA256_Init.html @@ -0,0 +1,147 @@ + + + + +SHA256_Init + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SHA1, SHA1_Init, SHA1_Update, SHA1_Final, SHA224, SHA224_Init, SHA224_Update, +SHA224_Final, SHA256, SHA256_Init, SHA256_Update, SHA256_Final, SHA384, +SHA384_Init, SHA384_Update, SHA384_Final, SHA512, SHA512_Init, SHA512_Update, +SHA512_Final - Secure Hash Algorithm

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/sha.h>
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + int SHA1_Init(SHA_CTX *c);
+ int SHA1_Update(SHA_CTX *c, const void *data, size_t len);
+ int SHA1_Final(unsigned char *md, SHA_CTX *c);
+ unsigned char *SHA1(const unsigned char *d, size_t n,
+                     unsigned char *md);
    +
    + int SHA224_Init(SHA256_CTX *c);
+ int SHA224_Update(SHA256_CTX *c, const void *data, size_t len);
+ int SHA224_Final(unsigned char *md, SHA256_CTX *c);
+ unsigned char *SHA224(const unsigned char *d, size_t n,
+                       unsigned char *md);
    +
    + int SHA256_Init(SHA256_CTX *c);
+ int SHA256_Update(SHA256_CTX *c, const void *data, size_t len);
+ int SHA256_Final(unsigned char *md, SHA256_CTX *c);
+ unsigned char *SHA256(const unsigned char *d, size_t n,
+                       unsigned char *md);
    +
    + int SHA384_Init(SHA512_CTX *c);
+ int SHA384_Update(SHA512_CTX *c, const void *data, size_t len);
+ int SHA384_Final(unsigned char *md, SHA512_CTX *c);
+ unsigned char *SHA384(const unsigned char *d, size_t n,
+                       unsigned char *md);
    +
    + int SHA512_Init(SHA512_CTX *c);
+ int SHA512_Update(SHA512_CTX *c, const void *data, size_t len);
+ int SHA512_Final(unsigned char *md, SHA512_CTX *c);
+ unsigned char *SHA512(const unsigned char *d, size_t n,
+                       unsigned char *md);
    +

    +

    +
    +

    DESCRIPTION

    +

    All of the functions described on this page are deprecated. +Applications should instead use EVP_DigestInit_ex(3), EVP_DigestUpdate(3) +and EVP_DigestFinal_ex(3).

    +

    SHA-1 (Secure Hash Algorithm) is a cryptographic hash function with a +160 bit output.

    +

    SHA1() computes the SHA-1 message digest of the n +bytes at d and places it in md (which must have space for +SHA_DIGEST_LENGTH == 20 bytes of output). If md is NULL, the digest +is placed in a static array. Note: setting md to NULL is not thread safe.

    +

    The following functions may be used if the message is not completely +stored in memory:

    +

    SHA1_Init() initializes a SHA_CTX structure.

    +

    SHA1_Update() can be called repeatedly with chunks of the message to +be hashed (len bytes at data).

    +

    SHA1_Final() places the message digest in md, which must have space +for SHA_DIGEST_LENGTH == 20 bytes of output, and erases the SHA_CTX.

    +

    The SHA224, SHA256, SHA384 and SHA512 families of functions operate in the +same way as for the SHA1 functions. Note that SHA224 and SHA256 use a +SHA256_CTX object instead of SHA_CTX. SHA384 and SHA512 use SHA512_CTX. +The buffer md must have space for the output from the SHA variant being used +(defined by SHA224_DIGEST_LENGTH, SHA256_DIGEST_LENGTH, SHA384_DIGEST_LENGTH and +SHA512_DIGEST_LENGTH). Also note that, as for the SHA1() function above, the +SHA224(), SHA256(), SHA384() and SHA512() functions are not thread safe if +md is NULL.

    +

    The predecessor of SHA-1, SHA, is also implemented, but it should be +used only when backward compatibility is required.

    +

    +

    +
    +

    RETURN VALUES

    +

    SHA1(), SHA224(), SHA256(), SHA384() and SHA512() return a pointer to the hash +value.

    +

    SHA1_Init(), SHA1_Update() and SHA1_Final() and equivalent SHA224, SHA256, +SHA384 and SHA512 functions return 1 for success, 0 otherwise.

    +

    +

    +
    +

    CONFORMING TO

    +

    US Federal Information Processing Standard FIPS PUB 180-4 (Secure Hash +Standard), +ANSI X9.30

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_DigestInit(3)

    +

    +

    +
    +

    HISTORY

    +

    All of these functions were deprecated in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SMIME_read_CMS.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SMIME_read_CMS.html new file mode 100755 index 0000000..fb6a579 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SMIME_read_CMS.html @@ -0,0 +1,109 @@ + + + + +SMIME_read_CMS + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SMIME_read_CMS - parse S/MIME message

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/cms.h>
    +
    + CMS_ContentInfo *SMIME_read_CMS(BIO *in, BIO **bcont);
    +

    +

    +
    +

    DESCRIPTION

    +

    SMIME_read_CMS() parses a message in S/MIME format.

    +

    in is a BIO to read the message from.

    +

    If cleartext signing is used then the content is saved in a memory bio which is +written to *bcont, otherwise *bcont is set to NULL.

    +

    The parsed CMS_ContentInfo structure is returned or NULL if an +error occurred.

    +

    +

    +
    +

    NOTES

    +

    If *bcont is not NULL then the message is clear text signed. *bcont can +then be passed to CMS_verify() with the CMS_DETACHED flag set.

    +

    Otherwise the type of the returned structure can be determined +using CMS_get0_type().

    +

    To support future functionality if bcont is not NULL *bcont should be +initialized to NULL. For example:

    +
    + BIO *cont = NULL;
+ CMS_ContentInfo *cms;
    +
    + cms = SMIME_read_CMS(in, &cont);
    +

    +

    +
    +

    BUGS

    +

    The MIME parser used by SMIME_read_CMS() is somewhat primitive. While it will +handle most S/MIME messages more complex compound formats may not work.

    +

    The parser assumes that the CMS_ContentInfo structure is always base64 encoded +and will not handle the case where it is in binary format or uses quoted +printable format.

    +

    The use of a memory BIO to hold the signed content limits the size of message +which can be processed due to memory restraints: a streaming single pass option +should be available.

    +

    +

    +
    +

    RETURN VALUES

    +

    SMIME_read_CMS() returns a valid CMS_ContentInfo structure or NULL +if an error occurred. The error can be obtained from ERR_get_error(3).

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), +SMIME_read_CMS(3), CMS_sign(3), +CMS_verify(3), CMS_encrypt(3), +CMS_decrypt(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SMIME_read_PKCS7.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SMIME_read_PKCS7.html new file mode 100755 index 0000000..4e052ff --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SMIME_read_PKCS7.html @@ -0,0 +1,112 @@ + + + + +SMIME_read_PKCS7 + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SMIME_read_PKCS7 - parse S/MIME message

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/pkcs7.h>
    +
    + PKCS7 *SMIME_read_PKCS7(BIO *in, BIO **bcont);
    +

    +

    +
    +

    DESCRIPTION

    +

    SMIME_read_PKCS7() parses a message in S/MIME format.

    +

    in is a BIO to read the message from.

    +

    If cleartext signing is used then the content is saved in +a memory bio which is written to *bcont, otherwise +*bcont is set to NULL.

    +

    The parsed PKCS#7 structure is returned or NULL if an +error occurred.

    +

    +

    +
    +

    NOTES

    +

    If *bcont is not NULL then the message is clear text +signed. *bcont can then be passed to PKCS7_verify() with +the PKCS7_DETACHED flag set.

    +

    Otherwise the type of the returned structure can be determined +using PKCS7_type_is_enveloped(), etc.

    +

    To support future functionality if bcont is not NULL +*bcont should be initialized to NULL. For example:

    +
    + BIO *cont = NULL;
+ PKCS7 *p7;
    +
    + p7 = SMIME_read_PKCS7(in, &cont);
    +

    +

    +
    +

    BUGS

    +

    The MIME parser used by SMIME_read_PKCS7() is somewhat primitive. +While it will handle most S/MIME messages more complex compound +formats may not work.

    +

    The parser assumes that the PKCS7 structure is always base64 +encoded and will not handle the case where it is in binary format +or uses quoted printable format.

    +

    The use of a memory BIO to hold the signed content limits the size +of message which can be processed due to memory restraints: a +streaming single pass option should be available.

    +

    +

    +
    +

    RETURN VALUES

    +

    SMIME_read_PKCS7() returns a valid PKCS7 structure or NULL +if an error occurred. The error can be obtained from ERR_get_error(3).

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), +SMIME_read_PKCS7(3), PKCS7_sign(3), +PKCS7_verify(3), PKCS7_encrypt(3) +PKCS7_decrypt(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SMIME_write_CMS.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SMIME_write_CMS.html new file mode 100755 index 0000000..ef7bee7 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SMIME_write_CMS.html @@ -0,0 +1,104 @@ + + + + +SMIME_write_CMS + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SMIME_write_CMS - convert CMS structure to S/MIME format

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/cms.h>
    +
    + int SMIME_write_CMS(BIO *out, CMS_ContentInfo *cms, BIO *data, int flags);
    +

    +

    +
    +

    DESCRIPTION

    +

    SMIME_write_CMS() adds the appropriate MIME headers to a CMS +structure to produce an S/MIME message.

    +

    out is the BIO to write the data to. cms is the appropriate +CMS_ContentInfo structure. If streaming is enabled then the content must be +supplied in the data argument. flags is an optional set of flags.

    +

    +

    +
    +

    NOTES

    +

    The following flags can be passed in the flags parameter.

    +

    If CMS_DETACHED is set then cleartext signing will be used, this option only +makes sense for SignedData where CMS_DETACHED is also set when CMS_sign() is +called.

    +

    If the CMS_TEXT flag is set MIME headers for type text/plain are added to +the content, this only makes sense if CMS_DETACHED is also set.

    +

    If the CMS_STREAM flag is set streaming is performed. This flag should only +be set if CMS_STREAM was also set in the previous call to a CMS_ContentInfo +creation function.

    +

    If cleartext signing is being used and CMS_STREAM not set then the data must +be read twice: once to compute the signature in CMS_sign() and once to output +the S/MIME message.

    +

    If streaming is performed the content is output in BER format using indefinite +length constructed encoding except in the case of signed data with detached +content where the content is absent and DER format is used.

    +

    +

    +
    +

    BUGS

    +

    SMIME_write_CMS() always base64 encodes CMS structures, there should be an +option to disable this.

    +

    +

    +
    +

    RETURN VALUES

    +

    SMIME_write_CMS() returns 1 for success or 0 for failure.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), CMS_sign(3), +CMS_verify(3), CMS_encrypt(3) +CMS_decrypt(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SMIME_write_PKCS7.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SMIME_write_PKCS7.html new file mode 100755 index 0000000..a43cc65 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SMIME_write_PKCS7.html @@ -0,0 +1,105 @@ + + + + +SMIME_write_PKCS7 + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SMIME_write_PKCS7 - convert PKCS#7 structure to S/MIME format

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/pkcs7.h>
    +
    + int SMIME_write_PKCS7(BIO *out, PKCS7 *p7, BIO *data, int flags);
    +

    +

    +
    +

    DESCRIPTION

    +

    SMIME_write_PKCS7() adds the appropriate MIME headers to a PKCS#7 +structure to produce an S/MIME message.

    +

    out is the BIO to write the data to. p7 is the appropriate PKCS7 +structure. If streaming is enabled then the content must be supplied in the +data argument. flags is an optional set of flags.

    +

    +

    +
    +

    NOTES

    +

    The following flags can be passed in the flags parameter.

    +

    If PKCS7_DETACHED is set then cleartext signing will be used, +this option only makes sense for signedData where PKCS7_DETACHED +is also set when PKCS7_sign() is also called.

    +

    If the PKCS7_TEXT flag is set MIME headers for type text/plain +are added to the content, this only makes sense if PKCS7_DETACHED +is also set.

    +

    If the PKCS7_STREAM flag is set streaming is performed. This flag should +only be set if PKCS7_STREAM was also set in the previous call to +PKCS7_sign() or PKCS7_encrypt().

    +

    If cleartext signing is being used and PKCS7_STREAM not set then +the data must be read twice: once to compute the signature in PKCS7_sign() +and once to output the S/MIME message.

    +

    If streaming is performed the content is output in BER format using indefinite +length constructed encoding except in the case of signed data with detached +content where the content is absent and DER format is used.

    +

    +

    +
    +

    BUGS

    +

    SMIME_write_PKCS7() always base64 encodes PKCS#7 structures, there +should be an option to disable this.

    +

    +

    +
    +

    RETURN VALUES

    +

    SMIME_write_PKCS7() returns 1 for success or 0 for failure.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), PKCS7_sign(3), +PKCS7_verify(3), PKCS7_encrypt(3) +PKCS7_decrypt(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SRP_VBASE_new.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SRP_VBASE_new.html new file mode 100755 index 0000000..5094fb3 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SRP_VBASE_new.html @@ -0,0 +1,132 @@ + + + + +SRP_VBASE_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SRP_VBASE_new, +SRP_VBASE_free, +SRP_VBASE_init, +SRP_VBASE_add0_user, +SRP_VBASE_get1_by_user, +SRP_VBASE_get_by_user +- Functions to create and manage a stack of SRP user verifier information

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/srp.h>
    +
    + SRP_VBASE *SRP_VBASE_new(char *seed_key);
+ void SRP_VBASE_free(SRP_VBASE *vb);
    +
    + int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file);
    +
    + int SRP_VBASE_add0_user(SRP_VBASE *vb, SRP_user_pwd *user_pwd);
+ SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username);
+ SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username);
    +

    +

    +
    +

    DESCRIPTION

    +

    The SRP_VBASE_new() function allocates a structure to store server side SRP +verifier information. +If seed_key is not NULL a copy is stored and used to generate dummy parameters +for users that are not found by SRP_VBASE_get1_by_user(). This allows the server +to hide the fact that it doesn't have a verifier for a particular username, +as described in section 2.5.1.3 'Unknown SRP' of RFC 5054. +The seed string should contain random NUL terminated binary data (therefore +the random data should not contain NUL bytes!).

    +

    The SRP_VBASE_free() function frees up the vb structure. +If vb is NULL, nothing is done.

    +

    The SRP_VBASE_init() function parses the information in a verifier file and +populates the vb structure. +The verifier file is a text file containing multiple entries, whose format is: +flag base64(verifier) base64(salt) username gNid userinfo(optional) +where the flag can be 'V' (valid) or 'R' (revoked). +Note that the base64 encoding used here is non-standard so it is recommended +to use openssl-srp(1) to generate this file.

    +

    The SRP_VBASE_add0_user() function adds the user_pwd verifier information +to the vb structure. See SRP_user_pwd_new(3) to create and populate this +record. +The library takes ownership of user_pwd, it should not be freed by the caller.

    +

    The SRP_VBASE_get1_by_user() function returns the password info for the user +whose username matches username. It replaces the deprecated +SRP_VBASE_get_by_user(). +If no matching user is found but a seed_key and default gN parameters have been +set, dummy authentication information is generated from the seed_key, allowing +the server to hide the fact that it doesn't have a verifier for a particular +username. When using SRP as a TLS authentication mechanism, this will cause +the handshake to proceed normally but the first client will be rejected with +a "bad_record_mac" alert, as if the password was incorrect. +If no matching user is found and the seed_key is not set, NULL is returned. +Ownership of the returned pointer is released to the caller, it must be freed +with SRP_user_pwd_free().

    +

    +

    +
    +

    RETURN VALUES

    +

    SRP_VBASE_init() returns SRP_NO_ERROR (0) on success and a positive value +on failure. +The error codes are SRP_ERR_OPEN_FILE if the file could not be opened, +SRP_ERR_VBASE_INCOMPLETE_FILE if the file could not be parsed, +SRP_ERR_MEMORY on memory allocation failure and SRP_ERR_VBASE_BN_LIB +for invalid decoded parameter values.

    +

    SRP_VBASE_add0_user() returns 1 on success and 0 on failure.

    +

    +

    +
    +

    SEE ALSO

    +

    openssl-srp(1), +SRP_create_verifier(3), +SRP_user_pwd_new(3), +SSL_CTX_set_srp_password(3)

    +

    +

    +
    +

    HISTORY

    +

    The SRP_VBASE_add0_user() function was added in OpenSSL 3.0.

    +

    All other functions were added in OpenSSL 1.0.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SRP_create_verifier.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SRP_create_verifier.html new file mode 100755 index 0000000..442969e --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SRP_create_verifier.html @@ -0,0 +1,145 @@ + + + + +SRP_create_verifier + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SRP_create_verifier, +SRP_create_verifier_BN, +SRP_check_known_gN_param, +SRP_get_default_gN +- SRP authentication primitives

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/srp.h>
    +
    + char *SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,
+                              BIGNUM **verifier, const BIGNUM *N, const BIGNUM *g);
+ char *SRP_create_verifier(const char *user, const char *pass, char **salt,
+                           char **verifier, const char *N, const char *g);
    +
    + char *SRP_check_known_gN_param(const BIGNUM *g, const BIGNUM *N);
+ SRP_gN *SRP_get_default_gN(const char *id);
    +

    +

    +
    +

    DESCRIPTION

    +

    The SRP_create_verifier_BN() function creates an SRP password verifier from +the supplied parameters as defined in section 2.4 of RFC 5054. +On successful exit *verifier will point to a newly allocated BIGNUM containing +the verifier and (if a salt was not provided) *salt will be populated with a +newly allocated BIGNUM containing a random salt. If *salt is not NULL then +the provided salt is used instead. +The caller is responsible for freeing the allocated *salt and *verifier +BIGNUMS (use BN_free(3)).

    +

    The SRP_create_verifier() function is similar to SRP_create_verifier_BN() but +all numeric parameters are in a non-standard base64 encoding originally designed +for compatibility with libsrp. This is mainly present for historical compatibility +and its use is discouraged. +It is possible to pass NULL as N and an SRP group id as g instead to +load the appropriate gN values (see SRP_get_default_gN()). +If both N and g are NULL the 8192-bit SRP group parameters are used. +The caller is responsible for freeing the allocated *salt and *verifier +(use OPENSSL_free(3)).

    +

    The SRP_check_known_gN_param() function checks that g and N are valid +SRP group parameters from RFC 5054 appendix A.

    +

    The SRP_get_default_gN() function returns the gN parameters for the RFC 5054 id +SRP group size. +The known ids are "1024", "1536", "2048", "3072", "4096", "6144" and "8192".

    +

    +

    +
    +

    RETURN VALUES

    +

    SRP_create_verifier_BN() returns 1 on success and 0 on failure.

    +

    SRP_create_verifier() returns NULL on failure and a non-NULL value on success: +"*" if N is not NULL, the selected group id otherwise. This value should +not be freed.

    +

    SRP_check_known_gN_param() returns the text representation of the group id +(ie. the prime bit size) or NULL if the arguments are not valid SRP group parameters. +This value should not be freed.

    +

    SRP_get_default_gN() returns NULL if id is not a valid group size, +or the 8192-bit group parameters if id is NULL.

    +

    +

    +
    +

    EXAMPLES

    +

    Generate and store a 8192 bit password verifier (error handling +omitted for clarity):

    +
    + #include <openssl/bn.h>
+ #include <openssl/srp.h>
    +
    + const char *username = "username";
+ const char *password = "password";
    +
    + SRP_VBASE *srpData = SRP_VBASE_new(NULL);
    +
    + SRP_gN *gN = SRP_get_default_gN("8192");
    +
    + BIGNUM *salt = NULL, *verifier = NULL;
+ SRP_create_verifier_BN(username, password, &salt, &verifier, gN->N, gN->g);
    +
    + SRP_user_pwd *pwd = SRP_user_pwd_new();
+ SRP_user_pwd_set1_ids(pwd, username, NULL);
+ SRP_user_pwd_set0_sv(pwd, salt, verifier);
+ SRP_user_pwd_set_gN(pwd, gN->g, gN->N);
    +
    + SRP_VBASE_add0_user(srpData, pwd);
    +

    +

    +
    +

    SEE ALSO

    +

    openssl-srp(1), +SRP_VBASE_new(3), +SRP_user_pwd_new(3)

    +

    +

    +
    +

    HISTORY

    +

    These functions were added in OpenSSL 1.0.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SRP_user_pwd_new.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SRP_user_pwd_new.html new file mode 100755 index 0000000..1896478 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SRP_user_pwd_new.html @@ -0,0 +1,104 @@ + + + + +SRP_user_pwd_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SRP_user_pwd_new, +SRP_user_pwd_free, +SRP_user_pwd_set1_ids, +SRP_user_pwd_set_gN, +SRP_user_pwd_set0_sv +- Functions to create a record of SRP user verifier information

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/srp.h>
    +
    + SRP_user_pwd *SRP_user_pwd_new(void);
+ void SRP_user_pwd_free(SRP_user_pwd *user_pwd);
    +
    + int SRP_user_pwd_set1_ids(SRP_user_pwd *user_pwd, const char *id, const char *info);
+ void SRP_user_pwd_set_gN(SRP_user_pwd *user_pwd, const BIGNUM *g, const BIGNUM *N);
+ int SRP_user_pwd_set0_sv(SRP_user_pwd *user_pwd, BIGNUM *s, BIGNUM *v);
    +

    +

    +
    +

    DESCRIPTION

    +

    The SRP_user_pwd_new() function allocates a structure to store a user verifier +record.

    +

    The SRP_user_pwd_free() function frees up the user_pwd structure. +If user_pwd is NULL, nothing is done.

    +

    The SRP_user_pwd_set1_ids() function sets the username to id and the optional +user info to info for user_pwd. +The library allocates new copies of id and info, the caller still +owns the original memory.

    +

    The SRP_user_pwd_set0_sv() function sets the user salt to s and the verifier +to v for user_pwd. +The library takes ownership of the values, they should not be freed by the caller.

    +

    The SRP_user_pwd_set_gN() function sets the SRP group parameters for user_pwd. +The memory is not freed by SRP_user_pwd_free(), the caller must make sure it is +freed once it is no longer used.

    +

    +

    +
    +

    RETURN VALUES

    +

    SRP_user_pwd_set1_ids() returns 1 on success and 0 on failure or if id was NULL.

    +

    SRP_user_pwd_set0_sv() returns 1 if both s and v are not NULL, 0 otherwise.

    +

    +

    +
    +

    SEE ALSO

    +

    openssl-srp(1), +SRP_create_verifier(3), +SRP_VBASE_new(3), +SSL_CTX_set_srp_password(3)

    +

    +

    +
    +

    HISTORY

    +

    These functions were made public in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CIPHER_get_name.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CIPHER_get_name.html new file mode 100755 index 0000000..6b96332 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CIPHER_get_name.html @@ -0,0 +1,229 @@ + + + + +SSL_CIPHER_get_name + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CIPHER_get_name, +SSL_CIPHER_standard_name, +OPENSSL_cipher_name, +SSL_CIPHER_get_bits, +SSL_CIPHER_get_version, +SSL_CIPHER_description, +SSL_CIPHER_get_cipher_nid, +SSL_CIPHER_get_digest_nid, +SSL_CIPHER_get_handshake_digest, +SSL_CIPHER_get_kx_nid, +SSL_CIPHER_get_auth_nid, +SSL_CIPHER_is_aead, +SSL_CIPHER_find, +SSL_CIPHER_get_id, +SSL_CIPHER_get_protocol_id +- get SSL_CIPHER properties

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + const char *SSL_CIPHER_get_name(const SSL_CIPHER *cipher);
+ const char *SSL_CIPHER_standard_name(const SSL_CIPHER *cipher);
+ const char *OPENSSL_cipher_name(const char *stdname);
+ int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, int *alg_bits);
+ char *SSL_CIPHER_get_version(const SSL_CIPHER *cipher);
+ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int size);
+ int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c);
+ int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c);
+ const EVP_MD *SSL_CIPHER_get_handshake_digest(const SSL_CIPHER *c);
+ int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c);
+ int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c);
+ int SSL_CIPHER_is_aead(const SSL_CIPHER *c);
+ const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr);
+ uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c);
+ uint32_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *c);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CIPHER_get_name() returns a pointer to the name of cipher. If the +cipher is NULL, it returns "(NONE)".

    +

    SSL_CIPHER_standard_name() returns a pointer to the standard RFC name of +cipher. If the cipher is NULL, it returns "(NONE)". If the cipher +has no standard name, it returns NULL. If cipher was defined in both +SSLv3 and TLS, it returns the TLS name.

    +

    OPENSSL_cipher_name() returns a pointer to the OpenSSL name of stdname. +If the stdname is NULL, or stdname has no corresponding OpenSSL name, +it returns "(NONE)". Where both exist, stdname should be the TLS name rather +than the SSLv3 name.

    +

    SSL_CIPHER_get_bits() returns the number of secret bits used for cipher. +If cipher is NULL, 0 is returned.

    +

    SSL_CIPHER_get_version() returns string which indicates the SSL/TLS protocol +version that first defined the cipher. It returns "(NONE)" if cipher is NULL.

    +

    SSL_CIPHER_get_cipher_nid() returns the cipher NID corresponding to c. +If there is no cipher (e.g. for cipher suites with no encryption) then +NID_undef is returned.

    +

    SSL_CIPHER_get_digest_nid() returns the digest NID corresponding to the MAC +used by c during record encryption/decryption. If there is no digest (e.g. +for AEAD cipher suites) then NID_undef is returned.

    +

    SSL_CIPHER_get_handshake_digest() returns an EVP_MD for the digest used during +the SSL/TLS handshake when using the SSL_CIPHER c. Note that this may be +different to the digest used to calculate the MAC for encrypted records.

    +

    SSL_CIPHER_get_kx_nid() returns the key exchange NID corresponding to the method +used by c. If there is no key exchange, then NID_undef is returned. +If any appropriate key exchange algorithm can be used (as in the case of TLS 1.3 +cipher suites) NID_kx_any is returned. Examples (not comprehensive):

    +
    + NID_kx_rsa
+ NID_kx_ecdhe
+ NID_kx_dhe
+ NID_kx_psk
    +

    SSL_CIPHER_get_auth_nid() returns the authentication NID corresponding to the method +used by c. If there is no authentication, then NID_undef is returned. +If any appropriate authentication algorithm can be used (as in the case of +TLS 1.3 cipher suites) NID_auth_any is returned. Examples (not comprehensive):

    +
    + NID_auth_rsa
+ NID_auth_ecdsa
+ NID_auth_psk
    +

    SSL_CIPHER_is_aead() returns 1 if the cipher c is AEAD (e.g. GCM or +ChaCha20/Poly1305), and 0 if it is not AEAD.

    +

    SSL_CIPHER_find() returns a SSL_CIPHER structure which has the cipher ID stored +in ptr. The ptr parameter is a two element array of char, which stores the +two-byte TLS cipher ID (as allocated by IANA) in network byte order. This parameter +is usually retrieved from a TLS packet by using functions like +SSL_client_hello_get0_ciphers(3). SSL_CIPHER_find() returns NULL if an +error occurs or the indicated cipher is not found.

    +

    SSL_CIPHER_get_id() returns the OpenSSL-specific ID of the given cipher c. That ID is +not the same as the IANA-specific ID.

    +

    SSL_CIPHER_get_protocol_id() returns the two-byte ID used in the TLS protocol of the given +cipher c.

    +

    SSL_CIPHER_description() returns a textual description of the cipher used +into the buffer buf of length len provided. If buf is provided, it +must be at least 128 bytes, otherwise a buffer will be allocated using +OPENSSL_malloc(). If the provided buffer is too small, or the allocation fails, +NULL is returned.

    +

    The string returned by SSL_CIPHER_description() consists of several fields +separated by whitespace:

    +
    +
    <ciphername>
    + +
    +

    Textual representation of the cipher name.

    +
    +
    <protocol version>
    + +
    +

    The minimum protocol version that the ciphersuite supports, such as TLSv1.2. +Note that this is not always the same as the protocol version in which the +ciphersuite was first defined because some ciphersuites are backwards compatible +with earlier protocol versions.

    +
    +
    Kx=<key exchange>
    + +
    +

    Key exchange method such as RSA, ECDHE, etc.

    +
    +
    Au=<authentication>
    + +
    +

    Authentication method such as RSA, None, etc.. None is the +representation of anonymous ciphers.

    +
    +
    Enc=<symmetric encryption method>
    + +
    +

    Encryption method, with number of secret bits, such as AESGCM(128).

    +
    +
    Mac=<message authentication code>
    + +
    +

    Message digest, such as SHA256.

    +
    +
    +

    Some examples for the output of SSL_CIPHER_description():

    +
    + ECDHE-RSA-AES256-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
+ RSA-PSK-AES256-CBC-SHA384 TLSv1.0 Kx=RSAPSK   Au=RSA  Enc=AES(256)  Mac=SHA384
    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CIPHER_get_name(), SSL_CIPHER_standard_name(), OPENSSL_cipher_name(), +SSL_CIPHER_get_version() and SSL_CIPHER_description() return the corresponding +value in a null-terminated string for a specific cipher or "(NONE)" +if the cipher is not found.

    +

    SSL_CIPHER_get_bits() returns a positive integer representing the number of +secret bits or 0 if an error occurred.

    +

    SSL_CIPHER_get_cipher_nid(), SSL_CIPHER_get_digest_nid(), +SSL_CIPHER_get_kx_nid() and SSL_CIPHER_get_auth_nid() return the NID value or +NID_undef if an error occurred.

    +

    SSL_CIPHER_get_handshake_digest() returns a valid EVP_MD structure or NULL +if an error occurred.

    +

    SSL_CIPHER_is_aead() returns 1 if the cipher is AEAD or 0 otherwise.

    +

    SSL_CIPHER_find() returns a valid SSL_CIPHER structure or NULL if an error +occurred.

    +

    SSL_CIPHER_get_id() returns a 4-byte integer representing the OpenSSL-specific ID.

    +

    SSL_CIPHER_get_protocol_id() returns a 2-byte integer representing the TLS +protocol-specific ID.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_get_current_cipher(3), +SSL_get_ciphers(3), openssl-ciphers(1)

    +

    +

    +
    +

    HISTORY

    +

    The SSL_CIPHER_get_version() function was updated to always return the +correct protocol string in OpenSSL 1.1.0.

    +

    The SSL_CIPHER_description() function was changed to return NULL on error, +rather than a fixed string, in OpenSSL 1.1.0.

    +

    The SSL_CIPHER_get_handshake_digest() function was added in OpenSSL 1.1.1.

    +

    The SSL_CIPHER_standard_name() function was globally available in OpenSSL 1.1.1. + Before OpenSSL 1.1.1, tracing (enable-ssl-trace argument to Configure) was +required to enable this function.

    +

    The OPENSSL_cipher_name() function was added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_COMP_add_compression_method.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_COMP_add_compression_method.html new file mode 100755 index 0000000..0d2ddb3 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_COMP_add_compression_method.html @@ -0,0 +1,132 @@ + + + + +SSL_COMP_add_compression_method + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_COMP_add_compression_method, SSL_COMP_get_compression_methods, +SSL_COMP_get0_name, SSL_COMP_get_id, SSL_COMP_free_compression_methods +- handle SSL/TLS integrated compression methods

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm);
+ STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
+ const char *SSL_COMP_get0_name(const SSL_COMP *comp);
+ int SSL_COMP_get_id(const SSL_COMP *comp);
    +

    Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + void SSL_COMP_free_compression_methods(void)
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_COMP_add_compression_method() adds the compression method cm with +the identifier id to the list of available compression methods. This +list is globally maintained for all SSL operations within this application. +It cannot be set for specific SSL_CTX or SSL objects.

    +

    SSL_COMP_get_compression_methods() returns a stack of all of the available +compression methods or NULL on error.

    +

    SSL_COMP_get0_name() returns the name of the compression method comp.

    +

    SSL_COMP_get_id() returns the id of the compression method comp.

    +

    SSL_COMP_free_compression_methods() releases any resources acquired to +maintain the internal table of compression methods.

    +

    +

    +
    +

    NOTES

    +

    The TLS standard (or SSLv3) allows the integration of compression methods +into the communication. The TLS RFC does however not specify compression +methods or their corresponding identifiers, so there is currently no compatible +way to integrate compression with unknown peers. It is therefore currently not +recommended to integrate compression into applications. Applications for +non-public use may agree on certain compression methods. Using different +compression methods with the same identifier will lead to connection failure.

    +

    An OpenSSL client speaking a protocol that allows compression (SSLv3, TLSv1) +will unconditionally send the list of all compression methods enabled with +SSL_COMP_add_compression_method() to the server during the handshake. +Unlike the mechanisms to set a cipher list, there is no method available to +restrict the list of compression method on a per connection basis.

    +

    An OpenSSL server will match the identifiers listed by a client against +its own compression methods and will unconditionally activate compression +when a matching identifier is found. There is no way to restrict the list +of compression methods supported on a per connection basis.

    +

    If enabled during compilation, the OpenSSL library will have the +COMP_zlib() compression method available.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_COMP_add_compression_method() may return the following values:

    +
      +
    1. +

      The operation succeeded.

      +
      2. +
    2. +

      The operation failed. Check the error queue to find out the reason.

      +
      3. +
    +

    SSL_COMP_get_compression_methods() returns the stack of compressions methods or +NULL on error.

    +

    SSL_COMP_get0_name() returns the name of the compression method or NULL on error.

    +

    SSL_COMP_get_id() returns the name of the compression method or -1 on error.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7)

    +

    +

    +
    +

    HISTORY

    +

    The SSL_COMP_free_compression_methods() function was deprecated in OpenSSL 1.1.0. +The SSL_COMP_get0_name() and SSL_comp_get_id() functions were added in OpenSSL 1.1.0d.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CONF_CTX_new.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CONF_CTX_new.html new file mode 100755 index 0000000..fc5f29e --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CONF_CTX_new.html @@ -0,0 +1,88 @@ + + + + +SSL_CONF_CTX_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CONF_CTX_new, SSL_CONF_CTX_free - SSL configuration allocation functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + SSL_CONF_CTX *SSL_CONF_CTX_new(void);
+ void SSL_CONF_CTX_free(SSL_CONF_CTX *cctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    The function SSL_CONF_CTX_new() allocates and initialises an SSL_CONF_CTX +structure for use with the SSL_CONF functions.

    +

    The function SSL_CONF_CTX_free() frees up the context cctx. +If cctx is NULL nothing is done.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CONF_CTX_new() returns either the newly allocated SSL_CONF_CTX structure +or NULL if an error occurs.

    +

    SSL_CONF_CTX_free() does not return a value.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_CONF_CTX_set_flags(3), +SSL_CONF_CTX_set_ssl_ctx(3), +SSL_CONF_CTX_set1_prefix(3), +SSL_CONF_cmd(3), +SSL_CONF_cmd_argv(3)

    +

    +

    +
    +

    HISTORY

    +

    These functions were added in OpenSSL 1.0.2.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CONF_CTX_set1_prefix.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CONF_CTX_set1_prefix.html new file mode 100755 index 0000000..2bf6739 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CONF_CTX_set1_prefix.html @@ -0,0 +1,98 @@ + + + + +SSL_CONF_CTX_set1_prefix + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CONF_CTX_set1_prefix - Set configuration context command prefix

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + unsigned int SSL_CONF_CTX_set1_prefix(SSL_CONF_CTX *cctx, const char *prefix);
    +

    +

    +
    +

    DESCRIPTION

    +

    The function SSL_CONF_CTX_set1_prefix() sets the command prefix of cctx +to prefix. If prefix is NULL it is restored to the default value.

    +

    +

    +
    +

    NOTES

    +

    Command prefixes alter the commands recognised by subsequent SSL_CONF_cmd() +calls. For example for files, if the prefix "SSL" is set then command names +such as "SSLProtocol", "SSLOptions" etc. are recognised instead of "Protocol" +and "Options". Similarly for command lines if the prefix is "--ssl-" then +"--ssl-no_tls1_2" is recognised instead of "-no_tls1_2".

    +

    If the SSL_CONF_FLAG_CMDLINE flag is set then prefix checks are case +sensitive and "-" is the default. In the unlikely even an application +explicitly wants to set no prefix it must be explicitly set to "".

    +

    If the SSL_CONF_FLAG_FILE flag is set then prefix checks are case +insensitive and no prefix is the default.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CONF_CTX_set1_prefix() returns 1 for success and 0 for failure.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_CONF_CTX_new(3), +SSL_CONF_CTX_set_flags(3), +SSL_CONF_CTX_set_ssl_ctx(3), +SSL_CONF_cmd(3), +SSL_CONF_cmd_argv(3)

    +

    +

    +
    +

    HISTORY

    +

    These functions were added in OpenSSL 1.0.2.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CONF_CTX_set_flags.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CONF_CTX_set_flags.html new file mode 100755 index 0000000..7d16045 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CONF_CTX_set_flags.html @@ -0,0 +1,127 @@ + + + + +SSL_CONF_CTX_set_flags + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CONF_CTX_set_flags, SSL_CONF_CTX_clear_flags - Set or clear SSL configuration context flags

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + unsigned int SSL_CONF_CTX_set_flags(SSL_CONF_CTX *cctx, unsigned int flags);
+ unsigned int SSL_CONF_CTX_clear_flags(SSL_CONF_CTX *cctx, unsigned int flags);
    +

    +

    +
    +

    DESCRIPTION

    +

    The function SSL_CONF_CTX_set_flags() sets flags in the context cctx.

    +

    The function SSL_CONF_CTX_clear_flags() clears flags in the context cctx.

    +

    +

    +
    +

    NOTES

    +

    The flags set affect how subsequent calls to SSL_CONF_cmd() or +SSL_CONF_argv() behave.

    +

    Currently the following flags values are recognised:

    +
    +
    SSL_CONF_FLAG_CMDLINE, SSL_CONF_FLAG_FILE
    + +
    +

    recognise options intended for command line or configuration file use. At +least one of these flags must be set.

    +
    +
    SSL_CONF_FLAG_CLIENT, SSL_CONF_FLAG_SERVER
    + +
    +

    recognise options intended for use in SSL/TLS clients or servers. One or +both of these flags must be set.

    +
    +
    SSL_CONF_FLAG_CERTIFICATE
    + +
    +

    recognise certificate and private key options.

    +
    +
    SSL_CONF_FLAG_REQUIRE_PRIVATE
    + +
    +

    If this option is set then if a private key is not specified for a certificate +it will attempt to load a private key from the certificate file when +SSL_CONF_CTX_finish() is called. If a key cannot be loaded from the certificate +file an error occurs.

    +
    +
    SSL_CONF_FLAG_SHOW_ERRORS
    + +
    +

    indicate errors relating to unrecognised options or missing arguments in +the error queue. If this option isn't set such errors are only reflected +in the return values of SSL_CONF_set_cmd() or SSL_CONF_set_argv()

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CONF_CTX_set_flags() and SSL_CONF_CTX_clear_flags() returns the new flags +value after setting or clearing flags.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_CONF_CTX_new(3), +SSL_CONF_CTX_set_ssl_ctx(3), +SSL_CONF_CTX_set1_prefix(3), +SSL_CONF_cmd(3), +SSL_CONF_cmd_argv(3)

    +

    +

    +
    +

    HISTORY

    +

    These functions were added in OpenSSL 1.0.2.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CONF_CTX_set_ssl_ctx.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CONF_CTX_set_ssl_ctx.html new file mode 100755 index 0000000..db65ce7 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CONF_CTX_set_ssl_ctx.html @@ -0,0 +1,97 @@ + + + + +SSL_CONF_CTX_set_ssl_ctx + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CONF_CTX_set_ssl_ctx, SSL_CONF_CTX_set_ssl - set context to configure

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + void SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *cctx, SSL_CTX *ctx);
+ void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CONF_CTX_set_ssl_ctx() sets the context associated with cctx to the +SSL_CTX structure ctx. Any previous SSL or SSL_CTX associated with +cctx is cleared. Subsequent calls to SSL_CONF_cmd() will be sent to +ctx.

    +

    SSL_CONF_CTX_set_ssl() sets the context associated with cctx to the +SSL structure ssl. Any previous SSL or SSL_CTX associated with +cctx is cleared. Subsequent calls to SSL_CONF_cmd() will be sent to +ssl.

    +

    +

    +
    +

    NOTES

    +

    The context need not be set or it can be set to NULL in which case only +syntax checking of commands is performed, where possible.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CONF_CTX_set_ssl_ctx() and SSL_CTX_set_ssl() do not return a value.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_CONF_CTX_new(3), +SSL_CONF_CTX_set_flags(3), +SSL_CONF_CTX_set1_prefix(3), +SSL_CONF_cmd(3), +SSL_CONF_cmd_argv(3)

    +

    +

    +
    +

    HISTORY

    +

    These functions were added in OpenSSL 1.0.2.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CONF_cmd.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CONF_cmd.html new file mode 100755 index 0000000..a5a2deb --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CONF_cmd.html @@ -0,0 +1,746 @@ + + + + +SSL_CONF_cmd + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CONF_cmd_value_type, +SSL_CONF_cmd - send configuration command

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_CONF_cmd(SSL_CONF_CTX *ctx, const char *option, const char *value);
+ int SSL_CONF_cmd_value_type(SSL_CONF_CTX *ctx, const char *option);
    +

    +

    +
    +

    DESCRIPTION

    +

    The function SSL_CONF_cmd() performs configuration operation option with +optional parameter value on ctx. Its purpose is to simplify application +configuration of SSL_CTX or SSL structures by providing a common +framework for command line options or configuration files.

    +

    SSL_CONF_cmd_value_type() returns the type of value that option refers to.

    +

    +

    +
    +

    SUPPORTED COMMAND LINE COMMANDS

    +

    Currently supported option names for command lines (i.e. when the +flag SSL_CONF_CMDLINE is set) are listed below. Note: all option names +are case sensitive. Unless otherwise stated commands can be used by +both clients and servers and the value parameter is not used. The default +prefix for command line commands is - and that is reflected below.

    +
    +
    -bugs
    + +
    +

    Various bug workarounds are set, same as setting SSL_OP_ALL.

    +
    +
    -no_comp
    + +
    +

    Disables support for SSL/TLS compression, same as setting +SSL_OP_NO_COMPRESSION. +As of OpenSSL 1.1.0, compression is off by default.

    +
    +
    -comp
    + +
    +

    Enables support for SSL/TLS compression, same as clearing +SSL_OP_NO_COMPRESSION. +This command was introduced in OpenSSL 1.1.0. +As of OpenSSL 1.1.0, compression is off by default.

    +
    +
    -no_ticket
    + +
    +

    Disables support for session tickets, same as setting SSL_OP_NO_TICKET.

    +
    +
    -serverpref
    + +
    +

    Use server and not client preference order when determining which cipher suite, +signature algorithm or elliptic curve to use for an incoming connection. +Equivalent to SSL_OP_CIPHER_SERVER_PREFERENCE. Only used by servers.

    +
    +
    -legacyrenegotiation
    + +
    +

    permits the use of unsafe legacy renegotiation. Equivalent to setting +SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION.

    +
    +
    -no_renegotiation
    + +
    +

    Disables all attempts at renegotiation in TLSv1.2 and earlier, same as setting +SSL_OP_NO_RENEGOTIATION.

    +
    +
    -no_resumption_on_reneg
    + +
    +

    set SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION flag. Only used by servers.

    +
    +
    -legacy_server_connect, -no_legacy_server_connect
    + +
    +

    permits or prohibits the use of unsafe legacy renegotiation for OpenSSL +clients only. Equivalent to setting or clearing SSL_OP_LEGACY_SERVER_CONNECT. +Set by default.

    +
    +
    -prioritize_chacha
    + +
    +

    Prioritize ChaCha ciphers when the client has a ChaCha20 cipher at the top of +its preference list. This usually indicates a client without AES hardware +acceleration (e.g. mobile) is in use. Equivalent to SSL_OP_PRIORITIZE_CHACHA. +Only used by servers. Requires -serverpref.

    +
    +
    -allow_no_dhe_kex
    + +
    +

    In TLSv1.3 allow a non-(ec)dhe based key exchange mode on resumption. This means +that there will be no forward secrecy for the resumed session.

    +
    +
    -strict
    + +
    +

    enables strict mode protocol handling. Equivalent to setting +SSL_CERT_FLAG_TLS_STRICT.

    +
    +
    -sigalgs algs
    + +
    +

    This sets the supported signature algorithms for TLSv1.2 and TLSv1.3. +For clients this value is used directly for the supported signature +algorithms extension. For servers it is used to determine which signature +algorithms to support.

    +

    The algs argument should be a colon separated list of signature +algorithms in order of decreasing preference of the form algorithm+hash +or signature_scheme. algorithm is one of RSA, DSA or ECDSA and +hash is a supported algorithm OID short name such as SHA1, SHA224, +SHA256, SHA384 of SHA512. Note: algorithm and hash names are case +sensitive. signature_scheme is one of the signature schemes defined in +TLSv1.3, specified using the IETF name, e.g., ecdsa_secp256r1_sha256, +ed25519, or rsa_pss_pss_sha256.

    +

    If this option is not set then all signature algorithms supported by the +OpenSSL library are permissible.

    +

    Note: algorithms which specify a PKCS#1 v1.5 signature scheme (either by +using RSA as the algorithm or by using one of the rsa_pkcs1_* +identifiers) are ignored in TLSv1.3 and will not be negotiated.

    +
    +
    -client_sigalgs algs
    + +
    +

    This sets the supported signature algorithms associated with client +authentication for TLSv1.2 and TLSv1.3. For servers the algs is used +in the signature_algorithms field of a CertificateRequest message. +For clients it is used to determine which signature algorithm to use with +the client certificate. If a server does not request a certificate this +option has no effect.

    +

    The syntax of algs is identical to -sigalgs. If not set, then the +value set for -sigalgs will be used instead.

    +
    +
    -groups groups
    + +
    +

    This sets the supported groups. For clients, the groups are sent using +the supported groups extension. For servers, it is used to determine which +group to use. This setting affects groups used for signatures (in TLSv1.2 +and earlier) and key exchange. The first group listed will also be used +for the key_share sent by a client in a TLSv1.3 ClientHello.

    +

    The groups argument is a colon separated list of groups. The group can +be either the NIST name (e.g. P-256), some other commonly used name +where applicable (e.g. X25519, ffdhe2048) or an OpenSSL OID name +(e.g prime256v1). Group names are case sensitive. The list should be +in order of preference with the most preferred group first.

    +

    Currently supported groups for TLSv1.3 are P-256, P-384, P-521, +X25519, X448, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, +ffdhe8192.

    +
    +
    -curves groups
    + +
    +

    This is a synonym for the -groups command.

    +
    +
    -named_curve curve
    + +
    +

    This sets the temporary curve used for ephemeral ECDH modes. Only used +by servers.

    +

    The groups argument is a curve name or the special value auto which +picks an appropriate curve based on client and server preferences. The +curve can be either the NIST name (e.g. P-256) or an OpenSSL OID name +(e.g prime256v1). Curve names are case sensitive.

    +
    +
    -cipher ciphers
    + +
    +

    Sets the TLSv1.2 and below ciphersuite list to ciphers. This list will be +combined with any configured TLSv1.3 ciphersuites. Note: syntax checking +of ciphers is currently not performed unless a SSL or SSL_CTX +structure is associated with ctx.

    +
    +
    -ciphersuites 1.3ciphers
    + +
    +

    Sets the available ciphersuites for TLSv1.3 to value. This is a +colon-separated list of TLSv1.3 ciphersuite names in order of preference. This +list will be combined any configured TLSv1.2 and below ciphersuites. +See openssl-ciphers(1) for more information.

    +
    +
    -min_protocol minprot, -max_protocol maxprot
    + +
    +

    Sets the minimum and maximum supported protocol. Currently supported +protocol values are SSLv3, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3 +for TLS and DTLSv1, DTLSv1.2 for DTLS, and None for no limit. +If either bound is not specified then only the other bound applies, +if specified. To restrict the supported protocol versions use these +commands rather than the deprecated alternative commands below.

    +
    +
    -record_padding padding
    + +
    +

    Attempts to pad TLSv1.3 records so that they are a multiple of padding +in length on send. A padding of 0 or 1 turns off padding. Otherwise, +the padding must be >1 or <=16384.

    +
    +
    -debug_broken_protocol
    + +
    +

    Ignored.

    +
    +
    -no_middlebox
    + +
    +

    Turn off "middlebox compatibility", as described below.

    +
    +
    +

    +

    +

    Additional Options

    +

    The following options are accepted by SSL_CONF_cmd(), but are not +processed by the OpenSSL commands.

    +
    +
    -cert file
    + +
    +

    Attempts to use file as the certificate for the appropriate context. It +currently uses SSL_CTX_use_certificate_chain_file() if an SSL_CTX +structure is set or SSL_use_certificate_file() with filetype PEM if an +SSL structure is set. This option is only supported if certificate +operations are permitted.

    +
    +
    -key file
    + +
    +

    Attempts to use file as the private key for the appropriate context. This +option is only supported if certificate operations are permitted. Note: +if no -key option is set then a private key is not loaded unless the +flag SSL_CONF_FLAG_REQUIRE_PRIVATE is set.

    +
    +
    -dhparam file
    + +
    +

    Attempts to use file as the set of temporary DH parameters for +the appropriate context. This option is only supported if certificate +operations are permitted.

    +
    +
    -no_ssl3, -no_tls1, -no_tls1_1, -no_tls1_2, -no_tls1_3
    + +
    +

    Disables protocol support for SSLv3, TLSv1.0, TLSv1.1, TLSv1.2 or TLSv1.3 by +setting the corresponding options SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, +SSL_OP_NO_TLSv1_1, SSL_OP_NO_TLSv1_2 and SSL_OP_NO_TLSv1_3 +respectively. These options are deprecated, use -min_protocol and +-max_protocol instead.

    +
    +
    -anti_replay, -no_anti_replay
    + +
    +

    Switches replay protection, on or off respectively. With replay protection on, +OpenSSL will automatically detect if a session ticket has been used more than +once, TLSv1.3 has been negotiated, and early data is enabled on the server. A +full handshake is forced if a session ticket is used a second or subsequent +time. Anti-Replay is on by default unless overridden by a configuration file and +is only used by servers. Anti-replay measures are required for compliance with +the TLSv1.3 specification. Some applications may be able to mitigate the replay +risks in other ways and in such cases the built-in OpenSSL functionality is not +required. Switching off anti-replay is equivalent to SSL_OP_NO_ANTI_REPLAY.

    +
    +
    +

    +

    +
    +

    SUPPORTED CONFIGURATION FILE COMMANDS

    +

    Currently supported option names for configuration files (i.e., when the +flag SSL_CONF_FLAG_FILE is set) are listed below. All configuration file +option names are case insensitive so signaturealgorithms is recognised +as well as SignatureAlgorithms. Unless otherwise stated the value names +are also case insensitive.

    +

    Note: the command prefix (if set) alters the recognised option values.

    +
    +
    CipherString
    + +
    +

    Sets the ciphersuite list for TLSv1.2 and below to value. This list will be +combined with any configured TLSv1.3 ciphersuites. Note: syntax +checking of value is currently not performed unless an SSL or SSL_CTX +structure is associated with ctx.

    +
    +
    Ciphersuites
    + +
    +

    Sets the available ciphersuites for TLSv1.3 to value. This is a +colon-separated list of TLSv1.3 ciphersuite names in order of preference. This +list will be combined any configured TLSv1.2 and below ciphersuites. +See openssl-ciphers(1) for more information.

    +
    +
    Certificate
    + +
    +

    Attempts to use the file value as the certificate for the appropriate +context. It currently uses SSL_CTX_use_certificate_chain_file() if an SSL_CTX +structure is set or SSL_use_certificate_file() with filetype PEM if an SSL +structure is set. This option is only supported if certificate operations +are permitted.

    +
    +
    PrivateKey
    + +
    +

    Attempts to use the file value as the private key for the appropriate +context. This option is only supported if certificate operations +are permitted. Note: if no PrivateKey option is set then a private key is +not loaded unless the SSL_CONF_FLAG_REQUIRE_PRIVATE is set.

    +
    +
    ChainCAFile, ChainCAPath, VerifyCAFile, VerifyCAPath
    + +
    +

    These options indicate a file or directory used for building certificate +chains or verifying certificate chains. These options are only supported +if certificate operations are permitted.

    +
    +
    RequestCAFile
    + +
    +

    This option indicates a file containing a set of certificates in PEM form. +The subject names of the certificates are sent to the peer in the +certificate_authorities extension for TLS 1.3 (in ClientHello or +CertificateRequest) or in a certificate request for previous versions or +TLS.

    +
    +
    ServerInfoFile
    + +
    +

    Attempts to use the file value in the "serverinfo" extension using the +function SSL_CTX_use_serverinfo_file.

    +
    +
    DHParameters
    + +
    +

    Attempts to use the file value as the set of temporary DH parameters for +the appropriate context. This option is only supported if certificate +operations are permitted.

    +
    +
    RecordPadding
    + +
    +

    Attempts to pad TLSv1.3 records so that they are a multiple of value in +length on send. A value of 0 or 1 turns off padding. Otherwise, the +value must be >1 or <=16384.

    +
    +
    SignatureAlgorithms
    + +
    +

    This sets the supported signature algorithms for TLSv1.2 and TLSv1.3. +For clients this +value is used directly for the supported signature algorithms extension. For +servers it is used to determine which signature algorithms to support.

    +

    The value argument should be a colon separated list of signature algorithms +in order of decreasing preference of the form algorithm+hash or +signature_scheme. algorithm +is one of RSA, DSA or ECDSA and hash is a supported algorithm +OID short name such as SHA1, SHA224, SHA256, SHA384 of SHA512. +Note: algorithm and hash names are case sensitive. +signature_scheme is one of the signature schemes defined in TLSv1.3, +specified using the IETF name, e.g., ecdsa_secp256r1_sha256, ed25519, +or rsa_pss_pss_sha256.

    +

    If this option is not set then all signature algorithms supported by the +OpenSSL library are permissible.

    +

    Note: algorithms which specify a PKCS#1 v1.5 signature scheme (either by +using RSA as the algorithm or by using one of the rsa_pkcs1_* +identifiers) are ignored in TLSv1.3 and will not be negotiated.

    +
    +
    ClientSignatureAlgorithms
    + +
    +

    This sets the supported signature algorithms associated with client +authentication for TLSv1.2 and TLSv1.3. +For servers the value is used in the +signature_algorithms field of a CertificateRequest message. +For clients it is +used to determine which signature algorithm to use with the client certificate. +If a server does not request a certificate this option has no effect.

    +

    The syntax of value is identical to SignatureAlgorithms. If not set then +the value set for SignatureAlgorithms will be used instead.

    +
    +
    Groups
    + +
    +

    This sets the supported groups. For clients, the groups are +sent using the supported groups extension. For servers, it is used +to determine which group to use. This setting affects groups used for +signatures (in TLSv1.2 and earlier) and key exchange. The first group listed +will also be used for the key_share sent by a client in a TLSv1.3 +ClientHello.

    +

    The value argument is a colon separated list of groups. The group can be +either the NIST name (e.g. P-256), some other commonly used name where +applicable (e.g. X25519, ffdhe2048) or an OpenSSL OID name +(e.g prime256v1). Group names are case sensitive. The list should be in +order of preference with the most preferred group first.

    +

    Currently supported groups for TLSv1.3 are P-256, P-384, P-521, +X25519, X448, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, +ffdhe8192.

    +
    +
    Curves
    + +
    +

    This is a synonym for the "Groups" command.

    +
    +
    MinProtocol
    + +
    +

    This sets the minimum supported SSL, TLS or DTLS version.

    +

    Currently supported protocol values are SSLv3, TLSv1, TLSv1.1, +TLSv1.2, TLSv1.3, DTLSv1 and DTLSv1.2. +The value None will disable the limit.

    +
    +
    MaxProtocol
    + +
    +

    This sets the maximum supported SSL, TLS or DTLS version.

    +

    Currently supported protocol values are SSLv3, TLSv1, TLSv1.1, +TLSv1.2, TLSv1.3, DTLSv1 and DTLSv1.2. +The value None will disable the limit.

    +
    +
    Protocol
    + +
    +

    This can be used to enable or disable certain versions of the SSL, +TLS or DTLS protocol.

    +

    The value argument is a comma separated list of supported protocols +to enable or disable. +If a protocol is preceded by - that version is disabled.

    +

    All protocol versions are enabled by default. +You need to disable at least one protocol version for this setting have any +effect. +Only enabling some protocol versions does not disable the other protocol +versions.

    +

    Currently supported protocol values are SSLv3, TLSv1, TLSv1.1, +TLSv1.2, TLSv1.3, DTLSv1 and DTLSv1.2. +The special value ALL refers to all supported versions.

    +

    This can't enable protocols that are disabled using MinProtocol +or MaxProtocol, but can disable protocols that are still allowed +by them.

    +

    The Protocol command is fragile and deprecated; do not use it. +Use MinProtocol and MaxProtocol instead. +If you do use Protocol, make sure that the resulting range of enabled +protocols has no "holes", e.g. if TLS 1.0 and TLS 1.2 are both enabled, make +sure to also leave TLS 1.1 enabled.

    +
    +
    Options
    + +
    +

    The value argument is a comma separated list of various flags to set. +If a flag string is preceded - it is disabled. +See the SSL_CTX_set_options(3) function for more details of +individual options.

    +

    Each option is listed below. Where an operation is enabled by default +the -flag syntax is needed to disable it.

    +

    SessionTicket: session ticket support, enabled by default. Inverse of +SSL_OP_NO_TICKET: that is -SessionTicket is the same as setting +SSL_OP_NO_TICKET.

    +

    Compression: SSL/TLS compression support, enabled by default. Inverse +of SSL_OP_NO_COMPRESSION.

    +

    EmptyFragments: use empty fragments as a countermeasure against a +SSL 3.0/TLS 1.0 protocol vulnerability affecting CBC ciphers. It +is set by default. Inverse of SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS.

    +

    Bugs: enable various bug workarounds. Same as SSL_OP_ALL.

    +

    DHSingle: enable single use DH keys, set by default. Inverse of +SSL_OP_DH_SINGLE. Only used by servers.

    +

    ECDHSingle: enable single use ECDH keys, set by default. Inverse of +SSL_OP_ECDH_SINGLE. Only used by servers.

    +

    ServerPreference: use server and not client preference order when +determining which cipher suite, signature algorithm or elliptic curve +to use for an incoming connection. Equivalent to +SSL_OP_CIPHER_SERVER_PREFERENCE. Only used by servers.

    +

    PrioritizeChaCha: prioritizes ChaCha ciphers when the client has a +ChaCha20 cipher at the top of its preference list. This usually indicates +a mobile client is in use. Equivalent to SSL_OP_PRIORITIZE_CHACHA. +Only used by servers.

    +

    NoResumptionOnRenegotiation: set +SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION flag. Only used by servers.

    +

    NoRenegotiation: disables all attempts at renegotiation in TLSv1.2 and +earlier, same as setting SSL_OP_NO_RENEGOTIATION.

    +

    UnsafeLegacyRenegotiation: permits the use of unsafe legacy renegotiation. +Equivalent to SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION.

    +

    UnsafeLegacyServerConnect: permits the use of unsafe legacy renegotiation +for OpenSSL clients only. Equivalent to SSL_OP_LEGACY_SERVER_CONNECT. +Set by default.

    +

    EncryptThenMac: use encrypt-then-mac extension, enabled by +default. Inverse of SSL_OP_NO_ENCRYPT_THEN_MAC: that is, +-EncryptThenMac is the same as setting SSL_OP_NO_ENCRYPT_THEN_MAC.

    +

    AllowNoDHEKEX: In TLSv1.3 allow a non-(ec)dhe based key exchange mode on +resumption. This means that there will be no forward secrecy for the resumed +session. Equivalent to SSL_OP_ALLOW_NO_DHE_KEX.

    +

    MiddleboxCompat: If set then dummy Change Cipher Spec (CCS) messages are sent +in TLSv1.3. This has the effect of making TLSv1.3 look more like TLSv1.2 so that +middleboxes that do not understand TLSv1.3 will not drop the connection. This +option is set by default. A future version of OpenSSL may not set this by +default. Equivalent to SSL_OP_ENABLE_MIDDLEBOX_COMPAT.

    +

    AntiReplay: If set then OpenSSL will automatically detect if a session ticket +has been used more than once, TLSv1.3 has been negotiated, and early data is +enabled on the server. A full handshake is forced if a session ticket is used a +second or subsequent time. This option is set by default and is only used by +servers. Anti-replay measures are required to comply with the TLSv1.3 +specification. Some applications may be able to mitigate the replay risks in +other ways and in such cases the built-in OpenSSL functionality is not required. +Disabling anti-replay is equivalent to setting SSL_OP_NO_ANTI_REPLAY.

    +

    ExtendedMasterSecret: use extended master secret extension, enabled by +default. Inverse of SSL_OP_NO_EXTENDED_MASTER_SECRET: that is, +-ExtendedMasterSecret is the same as setting SSL_OP_NO_EXTENDED_MASTER_SECRET.

    +
    +
    VerifyMode
    + +
    +

    The value argument is a comma separated list of flags to set.

    +

    Peer enables peer verification: for clients only.

    +

    Request requests but does not require a certificate from the client. +Servers only.

    +

    Require requests and requires a certificate from the client: an error +occurs if the client does not present a certificate. Servers only.

    +

    Once requests a certificate from a client only on the initial connection: +not when renegotiating. Servers only.

    +

    RequestPostHandshake configures the connection to support requests but does +not require a certificate from the client post-handshake. A certificate will +not be requested during the initial handshake. The server application must +provide a mechanism to request a certificate post-handshake. Servers only. +TLSv1.3 only.

    +

    RequiresPostHandshake configures the connection to support requests and +requires a certificate from the client post-handshake: an error occurs if the +client does not present a certificate. A certificate will not be requested +during the initial handshake. The server application must provide a mechanism +to request a certificate post-handshake. Servers only. TLSv1.3 only.

    +
    +
    ClientCAFile, ClientCAPath
    + +
    +

    A file or directory of certificates in PEM format whose names are used as the +set of acceptable names for client CAs. Servers only. This option is only +supported if certificate operations are permitted.

    +
    +
    +

    +

    +
    +

    SUPPORTED COMMAND TYPES

    +

    The function SSL_CONF_cmd_value_type() currently returns one of the following +types:

    +
    +
    SSL_CONF_TYPE_UNKNOWN
    + +
    +

    The option string is unrecognised, this return value can be use to flag +syntax errors.

    +
    +
    SSL_CONF_TYPE_STRING
    + +
    +

    The value is a string without any specific structure.

    +
    +
    SSL_CONF_TYPE_FILE
    + +
    +

    The value is a filename.

    +
    +
    SSL_CONF_TYPE_DIR
    + +
    +

    The value is a directory name.

    +
    +
    SSL_CONF_TYPE_NONE
    + +
    +

    The value string is not used e.g. a command line option which doesn't take an +argument.

    +
    +
    +

    +

    +
    +

    NOTES

    +

    The order of operations is significant. This can be used to set either defaults +or values which cannot be overridden. For example if an application calls:

    +
    + SSL_CONF_cmd(ctx, "Protocol", "-SSLv3");
+ SSL_CONF_cmd(ctx, userparam, uservalue);
    +

    it will disable SSLv3 support by default but the user can override it. If +however the call sequence is:

    +
    + SSL_CONF_cmd(ctx, userparam, uservalue);
+ SSL_CONF_cmd(ctx, "Protocol", "-SSLv3");
    +

    SSLv3 is always disabled and attempt to override this by the user are +ignored.

    +

    By checking the return code of SSL_CONF_cmd() it is possible to query if a +given option is recognised, this is useful if SSL_CONF_cmd() values are +mixed with additional application specific operations.

    +

    For example an application might call SSL_CONF_cmd() and if it returns +-2 (unrecognised command) continue with processing of application specific +commands.

    +

    Applications can also use SSL_CONF_cmd() to process command lines though the +utility function SSL_CONF_cmd_argv() is normally used instead. One way +to do this is to set the prefix to an appropriate value using +SSL_CONF_CTX_set1_prefix(), pass the current argument to option and the +following argument to value (which may be NULL).

    +

    In this case if the return value is positive then it is used to skip that +number of arguments as they have been processed by SSL_CONF_cmd(). If -2 is +returned then option is not recognised and application specific arguments +can be checked instead. If -3 is returned a required argument is missing +and an error is indicated. If 0 is returned some other error occurred and +this can be reported back to the user.

    +

    The function SSL_CONF_cmd_value_type() can be used by applications to +check for the existence of a command or to perform additional syntax +checking or translation of the command value. For example if the return +value is SSL_CONF_TYPE_FILE an application could translate a relative +pathname to an absolute pathname.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CONF_cmd() returns 1 if the value of option is recognised and value is +NOT used and 2 if both option and value are used. In other words it +returns the number of arguments processed. This is useful when processing +command lines.

    +

    A return value of -2 means option is not recognised.

    +

    A return value of -3 means option is recognised and the command requires a +value but value is NULL.

    +

    A return code of 0 indicates that both option and value are valid but an +error occurred attempting to perform the operation: for example due to an +error in the syntax of value in this case the error queue may provide +additional information.

    +

    +

    +
    +

    EXAMPLES

    +

    Set supported signature algorithms:

    +
    + SSL_CONF_cmd(ctx, "SignatureAlgorithms", "ECDSA+SHA256:RSA+SHA256:DSA+SHA256");
    +

    There are various ways to select the supported protocols.

    +

    This set the minimum protocol version to TLSv1, and so disables SSLv3. +This is the recommended way to disable protocols.

    +
    + SSL_CONF_cmd(ctx, "MinProtocol", "TLSv1");
    +

    The following also disables SSLv3:

    +
    + SSL_CONF_cmd(ctx, "Protocol", "-SSLv3");
    +

    The following will first enable all protocols, and then disable +SSLv3. +If no protocol versions were disabled before this has the same effect as +"-SSLv3", but if some versions were disables this will re-enable them before +disabling SSLv3.

    +
    + SSL_CONF_cmd(ctx, "Protocol", "ALL,-SSLv3");
    +

    Only enable TLSv1.2:

    +
    + SSL_CONF_cmd(ctx, "MinProtocol", "TLSv1.2");
+ SSL_CONF_cmd(ctx, "MaxProtocol", "TLSv1.2");
    +

    This also only enables TLSv1.2:

    +
    + SSL_CONF_cmd(ctx, "Protocol", "-ALL,TLSv1.2");
    +

    Disable TLS session tickets:

    +
    + SSL_CONF_cmd(ctx, "Options", "-SessionTicket");
    +

    Enable compression:

    +
    + SSL_CONF_cmd(ctx, "Options", "Compression");
    +

    Set supported curves to P-256, P-384:

    +
    + SSL_CONF_cmd(ctx, "Curves", "P-256:P-384");
    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_CONF_CTX_new(3), +SSL_CONF_CTX_set_flags(3), +SSL_CONF_CTX_set1_prefix(3), +SSL_CONF_CTX_set_ssl_ctx(3), +SSL_CONF_cmd_argv(3), +SSL_CTX_set_options(3)

    +

    +

    +
    +

    HISTORY

    +

    The SSL_CONF_cmd() function was added in OpenSSL 1.0.2.

    +

    The SSL_OP_NO_SSL2 option doesn't have effect since 1.1.0, but the macro +is retained for backwards compatibility.

    +

    The SSL_CONF_TYPE_NONE was added in OpenSSL 1.1.0. In earlier versions of +OpenSSL passing a command which didn't take an argument would return +SSL_CONF_TYPE_UNKNOWN.

    +

    MinProtocol and MaxProtocol where added in OpenSSL 1.1.0.

    +

    AllowNoDHEKEX and PrioritizeChaCha were added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CONF_cmd_argv.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CONF_cmd_argv.html new file mode 100755 index 0000000..967643b --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CONF_cmd_argv.html @@ -0,0 +1,89 @@ + + + + +SSL_CONF_cmd_argv + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CONF_cmd_argv - SSL configuration command line processing

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_CONF_cmd_argv(SSL_CONF_CTX *cctx, int *pargc, char ***pargv);
    +

    +

    +
    +

    DESCRIPTION

    +

    The function SSL_CONF_cmd_argv() processes at most two command line +arguments from pargv and pargc. The values of pargv and pargc +are updated to reflect the number of command options processed. The pargc +argument can be set to NULL if it is not used.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CONF_cmd_argv() returns the number of command arguments processed: 0, 1, 2 +or a negative error code.

    +

    If -2 is returned then an argument for a command is missing.

    +

    If -1 is returned the command is recognised but couldn't be processed due +to an error: for example a syntax error in the argument.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_CONF_CTX_new(3), +SSL_CONF_CTX_set_flags(3), +SSL_CONF_CTX_set1_prefix(3), +SSL_CONF_CTX_set_ssl_ctx(3), +SSL_CONF_cmd(3)

    +

    +

    +
    +

    HISTORY

    +

    These functions were added in OpenSSL 1.0.2.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_add1_chain_cert.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_add1_chain_cert.html new file mode 100755 index 0000000..08cca29 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_add1_chain_cert.html @@ -0,0 +1,182 @@ + + + + +SSL_CTX_add1_chain_cert + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set0_chain, SSL_CTX_set1_chain, SSL_CTX_add0_chain_cert, +SSL_CTX_add1_chain_cert, SSL_CTX_get0_chain_certs, SSL_CTX_clear_chain_certs, +SSL_set0_chain, SSL_set1_chain, SSL_add0_chain_cert, SSL_add1_chain_cert, +SSL_get0_chain_certs, SSL_clear_chain_certs, SSL_CTX_build_cert_chain, +SSL_build_cert_chain, SSL_CTX_select_current_cert, +SSL_select_current_cert, SSL_CTX_set_current_cert, SSL_set_current_cert - extra +chain certificate processing

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_CTX_set0_chain(SSL_CTX *ctx, STACK_OF(X509) *sk);
+ int SSL_CTX_set1_chain(SSL_CTX *ctx, STACK_OF(X509) *sk);
+ int SSL_CTX_add0_chain_cert(SSL_CTX *ctx, X509 *x509);
+ int SSL_CTX_add1_chain_cert(SSL_CTX *ctx, X509 *x509);
+ int SSL_CTX_get0_chain_certs(SSL_CTX *ctx, STACK_OF(X509) **sk);
+ int SSL_CTX_clear_chain_certs(SSL_CTX *ctx);
    +
    + int SSL_set0_chain(SSL *ssl, STACK_OF(X509) *sk);
+ int SSL_set1_chain(SSL *ssl, STACK_OF(X509) *sk);
+ int SSL_add0_chain_cert(SSL *ssl, X509 *x509);
+ int SSL_add1_chain_cert(SSL *ssl, X509 *x509);
+ int SSL_get0_chain_certs(SSL *ssl, STACK_OF(X509) **sk);
+ int SSL_clear_chain_certs(SSL *ssl);
    +
    + int SSL_CTX_build_cert_chain(SSL_CTX *ctx, flags);
+ int SSL_build_cert_chain(SSL *ssl, flags);
    +
    + int SSL_CTX_select_current_cert(SSL_CTX *ctx, X509 *x509);
+ int SSL_select_current_cert(SSL *ssl, X509 *x509);
+ int SSL_CTX_set_current_cert(SSL_CTX *ctx, long op);
+ int SSL_set_current_cert(SSL *ssl, long op);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set0_chain() and SSL_CTX_set1_chain() set the certificate chain +associated with the current certificate of ctx to sk.

    +

    SSL_CTX_add0_chain_cert() and SSL_CTX_add1_chain_cert() append the single +certificate x509 to the chain associated with the current certificate of +ctx.

    +

    SSL_CTX_get0_chain_certs() retrieves the chain associated with the current +certificate of ctx.

    +

    SSL_CTX_clear_chain_certs() clears any existing chain associated with the +current certificate of ctx. (This is implemented by calling +SSL_CTX_set0_chain() with sk set to NULL).

    +

    SSL_CTX_build_cert_chain() builds the certificate chain for ctx normally +this uses the chain store or the verify store if the chain store is not set. +If the function is successful the built chain will replace any existing chain. +The flags parameter can be set to SSL_BUILD_CHAIN_FLAG_UNTRUSTED to use +existing chain certificates as untrusted CAs, SSL_BUILD_CHAIN_FLAG_NO_ROOT +to omit the root CA from the built chain, SSL_BUILD_CHAIN_FLAG_CHECK to +use all existing chain certificates only to build the chain (effectively +sanity checking and rearranging them if necessary), the flag +SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR ignores any errors during verification: +if flag SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR is also set verification errors +are cleared from the error queue.

    +

    Each of these functions operates on the current end entity +(i.e. server or client) certificate. This is the last certificate loaded or +selected on the corresponding ctx structure.

    +

    SSL_CTX_select_current_cert() selects x509 as the current end entity +certificate, but only if x509 has already been loaded into ctx using a +function such as SSL_CTX_use_certificate().

    +

    SSL_set0_chain(), SSL_set1_chain(), SSL_add0_chain_cert(), +SSL_add1_chain_cert(), SSL_get0_chain_certs(), SSL_clear_chain_certs(), +SSL_build_cert_chain(), SSL_select_current_cert() and SSL_set_current_cert() +are similar except they apply to SSL structure ssl.

    +

    SSL_CTX_set_current_cert() changes the current certificate to a value based +on the op argument. Currently op can be SSL_CERT_SET_FIRST to use +the first valid certificate or SSL_CERT_SET_NEXT to set the next valid +certificate after the current certificate. These two operations can be +used to iterate over all certificates in an SSL_CTX structure.

    +

    SSL_set_current_cert() also supports the option SSL_CERT_SET_SERVER. +If ssl is a server and has sent a certificate to a connected client +this option sets that certificate to the current certificate and returns 1. +If the negotiated cipher suite is anonymous (and thus no certificate will +be sent) 2 is returned and the current certificate is unchanged. If ssl +is not a server or a certificate has not been sent 0 is returned and +the current certificate is unchanged.

    +

    All these functions are implemented as macros. Those containing a 1 +increment the reference count of the supplied certificate or chain so it must +be freed at some point after the operation. Those containing a 0 do +not increment reference counts and the supplied certificate or chain +MUST NOT be freed after the operation.

    +

    +

    +
    +

    NOTES

    +

    The chains associate with an SSL_CTX structure are copied to any SSL +structures when SSL_new() is called. SSL structures will not be affected +by any chains subsequently changed in the parent SSL_CTX.

    +

    One chain can be set for each key type supported by a server. So, for example, +an RSA and a DSA certificate can (and often will) have different chains.

    +

    The functions SSL_CTX_build_cert_chain() and SSL_build_cert_chain() can +be used to check application configuration and to ensure any necessary +subordinate CAs are sent in the correct order. Misconfigured applications +sending incorrect certificate chains often cause problems with peers.

    +

    For example an application can add any set of certificates using +SSL_CTX_use_certificate_chain_file() then call SSL_CTX_build_cert_chain() +with the option SSL_BUILD_CHAIN_FLAG_CHECK to check and reorder them.

    +

    Applications can issue non fatal warnings when checking chains by setting +the flag SSL_BUILD_CHAIN_FLAG_IGNORE_ERRORS and checking the return +value.

    +

    Calling SSL_CTX_build_cert_chain() or SSL_build_cert_chain() is more +efficient than the automatic chain building as it is only performed once. +Automatic chain building is performed on each new session.

    +

    If any certificates are added using these functions no certificates added +using SSL_CTX_add_extra_chain_cert() will be used.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_set_current_cert() with SSL_CERT_SET_SERVER return 1 for success, 2 if +no server certificate is used because the cipher suites is anonymous and 0 +for failure.

    +

    SSL_CTX_build_cert_chain() and SSL_build_cert_chain() return 1 for success +and 0 for failure. If the flag SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR and +a verification error occurs then 2 is returned.

    +

    All other functions return 1 for success and 0 for failure.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_CTX_add_extra_chain_cert(3)

    +

    +

    +
    +

    HISTORY

    +

    These functions were added in OpenSSL 1.0.2.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_add_extra_chain_cert.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_add_extra_chain_cert.html new file mode 100755 index 0000000..b87569c --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_add_extra_chain_cert.html @@ -0,0 +1,129 @@ + + + + +SSL_CTX_add_extra_chain_cert + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_add_extra_chain_cert, +SSL_CTX_get_extra_chain_certs, +SSL_CTX_get_extra_chain_certs_only, +SSL_CTX_clear_extra_chain_certs +- add, get or clear extra chain certificates

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509);
+ long SSL_CTX_get_extra_chain_certs(SSL_CTX *ctx, STACK_OF(X509) **sk);
+ long SSL_CTX_get_extra_chain_certs_only(SSL_CTX *ctx, STACK_OF(X509) **sk);
+ long SSL_CTX_clear_extra_chain_certs(SSL_CTX *ctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_add_extra_chain_cert() adds the certificate x509 to the extra chain +certificates associated with ctx. Several certificates can be added one +after another.

    +

    SSL_CTX_get_extra_chain_certs() retrieves the extra chain certificates +associated with ctx, or the chain associated with the current certificate +of ctx if the extra chain is empty. +The returned stack should not be freed by the caller.

    +

    SSL_CTX_get_extra_chain_certs_only() retrieves the extra chain certificates +associated with ctx. +The returned stack should not be freed by the caller.

    +

    SSL_CTX_clear_extra_chain_certs() clears all extra chain certificates +associated with ctx.

    +

    These functions are implemented as macros.

    +

    +

    +
    +

    NOTES

    +

    When sending a certificate chain, extra chain certificates are sent in order +following the end entity certificate.

    +

    If no chain is specified, the library will try to complete the chain from the +available CA certificates in the trusted CA storage, see +SSL_CTX_load_verify_locations(3).

    +

    The x509 certificate provided to SSL_CTX_add_extra_chain_cert() will be +freed by the library when the SSL_CTX is destroyed. An application +should not free the x509 object.

    +

    +

    +
    +

    RESTRICTIONS

    +

    Only one set of extra chain certificates can be specified per SSL_CTX +structure. Different chains for different certificates (for example if both +RSA and DSA certificates are specified by the same server) or different SSL +structures with the same parent SSL_CTX cannot be specified using this +function. For more flexibility functions such as SSL_add1_chain_cert() should +be used instead.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_add_extra_chain_cert() and SSL_CTX_clear_extra_chain_certs() return +1 on success and 0 for failure. Check out the error stack to find out the +reason for failure.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_CTX_use_certificate(3), +SSL_CTX_set_client_cert_cb(3), +SSL_CTX_load_verify_locations(3) +SSL_CTX_set0_chain(3) +SSL_CTX_set1_chain(3) +SSL_CTX_add0_chain_cert(3) +SSL_CTX_add1_chain_cert(3) +SSL_set0_chain(3) +SSL_set1_chain(3) +SSL_add0_chain_cert(3) +SSL_add1_chain_cert(3) +SSL_CTX_build_cert_chain(3) +SSL_build_cert_chain(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_add_session.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_add_session.html new file mode 100755 index 0000000..7a74d36 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_add_session.html @@ -0,0 +1,109 @@ + + + + +SSL_CTX_add_session + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_add_session, SSL_CTX_remove_session - manipulate session cache

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c);
    +
    + int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_add_session() adds the session c to the context ctx. The +reference count for session c is incremented by 1. If a session with +the same session id already exists, the old session is removed by calling +SSL_SESSION_free(3).

    +

    SSL_CTX_remove_session() removes the session c from the context ctx and +marks it as non-resumable. SSL_SESSION_free(3) is called once for c.

    +

    +

    +
    +

    NOTES

    +

    When adding a new session to the internal session cache, it is examined +whether a session with the same session id already exists. In this case +it is assumed that both sessions are identical. If the same session is +stored in a different SSL_SESSION object, The old session is +removed and replaced by the new session. If the session is actually +identical (the SSL_SESSION object is identical), SSL_CTX_add_session() +is a no-op, and the return value is 0.

    +

    If a server SSL_CTX is configured with the SSL_SESS_CACHE_NO_INTERNAL_STORE +flag then the internal cache will not be populated automatically by new +sessions negotiated by the SSL/TLS implementation, even though the internal +cache will be searched automatically for session-resume requests (the +latter can be suppressed by SSL_SESS_CACHE_NO_INTERNAL_LOOKUP). So the +application can use SSL_CTX_add_session() directly to have full control +over the sessions that can be resumed if desired.

    +

    +

    +
    +

    RETURN VALUES

    +

    The following values are returned by all functions:

    +
      +
    1. +

      The operation failed. In case of the add operation, it was tried to add +the same (identical) session twice. In case of the remove operation, the +session was not found in the cache.

      +
      2. +
    2. +

      The operation succeeded.

      +
      3. +
    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_CTX_set_session_cache_mode(3), +SSL_SESSION_free(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_config.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_config.html new file mode 100755 index 0000000..279bc15 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_config.html @@ -0,0 +1,132 @@ + + + + +SSL_CTX_config + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_config, SSL_config - configure SSL_CTX or SSL structure

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_CTX_config(SSL_CTX *ctx, const char *name);
+ int SSL_config(SSL *s, const char *name);
    +

    +

    +
    +

    DESCRIPTION

    +

    The functions SSL_CTX_config() and SSL_config() configure an SSL_CTX or +SSL structure using the configuration name.

    +

    +

    +
    +

    NOTES

    +

    By calling SSL_CTX_config() or SSL_config() an application can perform many +complex tasks based on the contents of the configuration file: greatly +simplifying application configuration code. A degree of future proofing +can also be achieved: an application can support configuration features +in newer versions of OpenSSL automatically.

    +

    A configuration file must have been previously loaded, for example using +CONF_modules_load_file(). See config(5) for details of the configuration +file syntax.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_config() and SSL_config() return 1 for success or 0 if an error +occurred.

    +

    +

    +
    +

    EXAMPLES

    +

    If the file "config.cnf" contains the following:

    +
    + testapp = test_sect
    +
    + [test_sect]
+ # list of configuration modules
    +
    + ssl_conf = ssl_sect
    +
    + [ssl_sect]
+ server = server_section
    +
    + [server_section]
+ RSA.Certificate = server-rsa.pem
+ ECDSA.Certificate = server-ecdsa.pem
+ Ciphers = ALL:!RC4
    +

    An application could call:

    +
    + if (CONF_modules_load_file("config.cnf", "testapp", 0) <= 0) {
+     fprintf(stderr, "Error processing config file\n");
+     goto err;
+ }
    +
    + ctx = SSL_CTX_new(TLS_server_method());
    +
    + if (SSL_CTX_config(ctx, "server") == 0) {
+     fprintf(stderr, "Error configuring server.\n");
+     goto err;
+ }
    +

    In this example two certificates and the cipher list are configured without +the need for any additional application code.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +config(5), +SSL_CONF_cmd(3), +CONF_modules_load_file(3)

    +

    +

    +
    +

    HISTORY

    +

    The SSL_CTX_config() and SSL_config() functions were added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_ctrl.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_ctrl.html new file mode 100755 index 0000000..db77f68 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_ctrl.html @@ -0,0 +1,80 @@ + + + + +SSL_CTX_ctrl + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_ctrl, SSL_CTX_callback_ctrl, SSL_ctrl, SSL_callback_ctrl - internal handling functions for SSL_CTX and SSL objects

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg);
+ long SSL_CTX_callback_ctrl(SSL_CTX *, int cmd, void (*fp)());
    +
    + long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg);
+ long SSL_callback_ctrl(SSL *, int cmd, void (*fp)());
    +

    +

    +
    +

    DESCRIPTION

    +

    The SSL_*_ctrl() family of functions is used to manipulate settings of +the SSL_CTX and SSL objects. Depending on the command cmd the arguments +larg, parg, or fp are evaluated. These functions should never +be called directly. All functionalities needed are made available via +other functions or macros.

    +

    +

    +
    +

    RETURN VALUES

    +

    The return values of the SSL*_ctrl() functions depend on the command +supplied via the cmd parameter.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_dane_enable.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_dane_enable.html new file mode 100755 index 0000000..f05c3fb --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_dane_enable.html @@ -0,0 +1,408 @@ + + + + +SSL_CTX_dane_enable + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_dane_enable, SSL_CTX_dane_mtype_set, SSL_dane_enable, +SSL_dane_tlsa_add, SSL_get0_dane_authority, SSL_get0_dane_tlsa, +SSL_CTX_dane_set_flags, SSL_CTX_dane_clear_flags, +SSL_dane_set_flags, SSL_dane_clear_flags +- enable DANE TLS authentication of the remote TLS server in the local +TLS client

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_CTX_dane_enable(SSL_CTX *ctx);
+ int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md,
+                            uint8_t mtype, uint8_t ord);
+ int SSL_dane_enable(SSL *s, const char *basedomain);
+ int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector,
+                       uint8_t mtype, unsigned const char *data, size_t dlen);
+ int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki);
+ int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector,
+                        uint8_t *mtype, unsigned const char **data,
+                        size_t *dlen);
+ unsigned long SSL_CTX_dane_set_flags(SSL_CTX *ctx, unsigned long flags);
+ unsigned long SSL_CTX_dane_clear_flags(SSL_CTX *ctx, unsigned long flags);
+ unsigned long SSL_dane_set_flags(SSL *ssl, unsigned long flags);
+ unsigned long SSL_dane_clear_flags(SSL *ssl, unsigned long flags);
    +

    +

    +
    +

    DESCRIPTION

    +

    These functions implement support for DANE TLSA (RFC6698 and RFC7671) +peer authentication.

    +

    SSL_CTX_dane_enable() must be called first to initialize the shared state +required for DANE support. +Individual connections associated with the context can then enable +per-connection DANE support as appropriate. +DANE authentication is implemented in the X509_verify_cert(3) function, and +applications that override X509_verify_cert(3) via +SSL_CTX_set_cert_verify_callback(3) are responsible to authenticate the peer +chain in whatever manner they see fit.

    +

    SSL_CTX_dane_mtype_set() may then be called zero or more times to adjust the +supported digest algorithms. +This must be done before any SSL handles are created for the context.

    +

    The mtype argument specifies a DANE TLSA matching type and the md +argument specifies the associated digest algorithm handle. +The ord argument specifies a strength ordinal. +Algorithms with a larger strength ordinal are considered more secure. +Strength ordinals are used to implement RFC7671 digest algorithm agility. +Specifying a NULL digest algorithm for a matching type disables +support for that matching type. +Matching type Full(0) cannot be modified or disabled.

    +

    By default, matching type SHA2-256(1) (see RFC7218 for definitions +of the DANE TLSA parameter acronyms) is mapped to EVP_sha256() +with a strength ordinal of 1 and matching type SHA2-512(2) +is mapped to EVP_sha512() with a strength ordinal of 2.

    +

    SSL_dane_enable() must be called before the SSL handshake is initiated with +SSL_connect(3) if (and only if) you want to enable DANE for that connection. +(The connection must be associated with a DANE-enabled SSL context). +The basedomain argument specifies the RFC7671 TLSA base domain, +which will be the primary peer reference identifier for certificate +name checks. +Additional server names can be specified via SSL_add1_host(3). +The basedomain is used as the default SNI hint if none has yet been +specified via SSL_set_tlsext_host_name(3).

    +

    SSL_dane_tlsa_add() may then be called one or more times, to load each of the +TLSA records that apply to the remote TLS peer. +(This too must be done prior to the beginning of the SSL handshake). +The arguments specify the fields of the TLSA record. +The data field is provided in binary (wire RDATA) form, not the hexadecimal +ASCII presentation form, with an explicit length passed via dlen. +The library takes a copy of the data buffer contents and the caller may +free the original data buffer when convenient. +A return value of 0 indicates that "unusable" TLSA records (with invalid or +unsupported parameters) were provided. +A negative return value indicates an internal error in processing the record.

    +

    The caller is expected to check the return value of each SSL_dane_tlsa_add() +call and take appropriate action if none are usable or an internal error +is encountered in processing some records.

    +

    If no TLSA records are added successfully, DANE authentication is not enabled, +and authentication will be based on any configured traditional trust-anchors; +authentication success in this case does not mean that the peer was +DANE-authenticated.

    +

    SSL_get0_dane_authority() can be used to get more detailed information about +the matched DANE trust-anchor after successful connection completion. +The return value is negative if DANE verification failed (or was not enabled), +0 if an EE TLSA record directly matched the leaf certificate, or a positive +number indicating the depth at which a TA record matched an issuer certificate. +The complete verified chain can be retrieved via SSL_get0_verified_chain(3). +The return value is an index into this verified chain, rather than the list of +certificates sent by the peer as returned by SSL_get_peer_cert_chain(3).

    +

    If the mcert argument is not NULL and a TLSA record matched a chain +certificate, a pointer to the matching certificate is returned via mcert. +The returned address is a short-term internal reference to the certificate and +must not be freed by the application. +Applications that want to retain access to the certificate can call +X509_up_ref(3) to obtain a long-term reference which must then be freed via +X509_free(3) once no longer needed.

    +

    If no TLSA records directly matched any elements of the certificate chain, but +a DANE-TA(2) SPKI(1) Full(0) record provided the public key that signed an +element of the chain, then that key is returned via mspki argument (if not +NULL). +In this case the return value is the depth of the top-most element of the +validated certificate chain. +As with mcert this is a short-term internal reference, and +EVP_PKEY_up_ref(3) and EVP_PKEY_free(3) can be used to acquire and +release long-term references respectively.

    +

    SSL_get0_dane_tlsa() can be used to retrieve the fields of the TLSA record that +matched the peer certificate chain. +The return value indicates the match depth or failure to match just as with +SSL_get0_dane_authority(). +When the return value is non-negative, the storage pointed to by the usage, +selector, mtype and data parameters is updated to the corresponding +TLSA record fields. +The data field is in binary wire form, and is therefore not NUL-terminated, +its length is returned via the dlen parameter. +If any of these parameters is NULL, the corresponding field is not returned. +The data parameter is set to a short-term internal-copy of the associated +data field and must not be freed by the application. +Applications that need long-term access to this field need to copy the content.

    +

    SSL_CTX_dane_set_flags() and SSL_dane_set_flags() can be used to enable +optional DANE verification features. +SSL_CTX_dane_clear_flags() and SSL_dane_clear_flags() can be used to disable +the same features. +The flags argument is a bit-mask of the features to enable or disable. +The flags set for an SSL_CTX context are copied to each SSL handle +associated with that context at the time the handle is created. +Subsequent changes in the context's flags have no effect on the flags set +for the handle.

    +

    At present, the only available option is DANE_FLAG_NO_DANE_EE_NAMECHECKS +which can be used to disable server name checks when authenticating via +DANE-EE(3) TLSA records. +For some applications, primarily web browsers, it is not safe to disable name +checks due to "unknown key share" attacks, in which a malicious server can +convince a client that a connection to a victim server is instead a secure +connection to the malicious server. +The malicious server may then be able to violate cross-origin scripting +restrictions. +Thus, despite the text of RFC7671, name checks are by default enabled for +DANE-EE(3) TLSA records, and can be disabled in applications where it is safe +to do so. +In particular, SMTP and XMPP clients should set this option as SRV and MX +records already make it possible for a remote domain to redirect client +connections to any server of its choice, and in any case SMTP and XMPP clients +do not execute scripts downloaded from remote servers.

    +

    +

    +
    +

    RETURN VALUES

    +

    The functions SSL_CTX_dane_enable(), SSL_CTX_dane_mtype_set(), +SSL_dane_enable() and SSL_dane_tlsa_add() return a positive value on success. +Negative return values indicate resource problems (out of memory, etc.) in the +SSL library, while a return value of 0 indicates incorrect usage or invalid +input, such as an unsupported TLSA record certificate usage, selector or +matching type. +Invalid input also includes malformed data, either a digest length that does +not match the digest algorithm, or a Full(0) (binary ASN.1 DER form) +certificate or a public key that fails to parse.

    +

    The functions SSL_get0_dane_authority() and SSL_get0_dane_tlsa() return a +negative value when DANE authentication failed or was not enabled, a +non-negative value indicates the chain depth at which the TLSA record matched a +chain certificate, or the depth of the top-most certificate, when the TLSA +record is a full public key that is its signer.

    +

    The functions SSL_CTX_dane_set_flags(), SSL_CTX_dane_clear_flags(), +SSL_dane_set_flags() and SSL_dane_clear_flags() return the flags in effect +before they were called.

    +

    +

    +
    +

    EXAMPLES

    +

    Suppose "smtp.example.com" is the MX host of the domain "example.com", and has +DNSSEC-validated TLSA records. +The calls below will perform DANE authentication and arrange to match either +the MX hostname or the destination domain name in the SMTP server certificate. +Wildcards are supported, but must match the entire label. +The actual name matched in the certificate (which might be a wildcard) is +retrieved, and must be copied by the application if it is to be retained beyond +the lifetime of the SSL connection.

    +
    + SSL_CTX *ctx;
+ SSL *ssl;
+ int (*verify_cb)(int ok, X509_STORE_CTX *sctx) = NULL;
+ int num_usable = 0;
+ const char *nexthop_domain = "example.com";
+ const char *dane_tlsa_domain = "smtp.example.com";
+ uint8_t usage, selector, mtype;
    +
    + if ((ctx = SSL_CTX_new(TLS_client_method())) == NULL)
+     /* error */
+ if (SSL_CTX_dane_enable(ctx) <= 0)
+     /* error */
+ if ((ssl = SSL_new(ctx)) == NULL)
+     /* error */
+ if (SSL_dane_enable(ssl, dane_tlsa_domain) <= 0)
+     /* error */
    +
    + /*
+  * For many applications it is safe to skip DANE-EE(3) namechecks.  Do not
+  * disable the checks unless "unknown key share" attacks pose no risk for
+  * your application.
+  */
+ SSL_dane_set_flags(ssl, DANE_FLAG_NO_DANE_EE_NAMECHECKS);
    +
    + if (!SSL_add1_host(ssl, nexthop_domain))
+     /* error */
+ SSL_set_hostflags(ssl, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
    +
    + for (... each TLSA record ...) {
+     unsigned char *data;
+     size_t len;
+     int ret;
    +
    +     /* set usage, selector, mtype, data, len */
    +
    +     /*
+      * Opportunistic DANE TLS clients support only DANE-TA(2) or DANE-EE(3).
+      * They treat all other certificate usages, and in particular PKIX-TA(0)
+      * and PKIX-EE(1), as unusable.
+      */
+     switch (usage) {
+     default:
+     case 0:     /* PKIX-TA(0) */
+     case 1:     /* PKIX-EE(1) */
+         continue;
+     case 2:     /* DANE-TA(2) */
+     case 3:     /* DANE-EE(3) */
+         break;
+     }
    +
    +     ret = SSL_dane_tlsa_add(ssl, usage, selector, mtype, data, len);
+     /* free data as appropriate */
    +
    +     if (ret < 0)
+         /* handle SSL library internal error */
+     else if (ret == 0)
+         /* handle unusable TLSA record */
+     else
+         ++num_usable;
+ }
    +
    + /*
+  * At this point, the verification mode is still the default SSL_VERIFY_NONE.
+  * Opportunistic DANE clients use unauthenticated TLS when all TLSA records
+  * are unusable, so continue the handshake even if authentication fails.
+  */
+ if (num_usable == 0) {
+     /* Log all records unusable? */
    +
    +     /* Optionally set verify_cb to a suitable non-NULL callback. */
+     SSL_set_verify(ssl, SSL_VERIFY_NONE, verify_cb);
+ } else {
+     /* At least one usable record.  We expect to verify the peer */
    +
    +     /* Optionally set verify_cb to a suitable non-NULL callback. */
    +
    +     /*
+      * Below we elect to fail the handshake when peer verification fails.
+      * Alternatively, use the permissive SSL_VERIFY_NONE verification mode,
+      * complete the handshake, check the verification status, and if not
+      * verified disconnect gracefully at the application layer, especially if
+      * application protocol supports informing the server that authentication
+      * failed.
+      */
+     SSL_set_verify(ssl, SSL_VERIFY_PEER, verify_cb);
+ }
    +
    + /*
+  * Load any saved session for resumption, making sure that the previous
+  * session applied the same security and authentication requirements that
+  * would be expected of a fresh connection.
+  */
    +
    + /* Perform SSL_connect() handshake and handle errors here */
    +
    + if (SSL_session_reused(ssl)) {
+     if (SSL_get_verify_result(ssl) == X509_V_OK) {
+         /*
+          * Resumed session was originally verified, this connection is
+          * authenticated.
+          */
+     } else {
+         /*
+          * Resumed session was not originally verified, this connection is not
+          * authenticated.
+          */
+     }
+ } else if (SSL_get_verify_result(ssl) == X509_V_OK) {
+     const char *peername = SSL_get0_peername(ssl);
+     EVP_PKEY *mspki = NULL;
    +
    +     int depth = SSL_get0_dane_authority(ssl, NULL, &mspki);
+     if (depth >= 0) {
+         (void) SSL_get0_dane_tlsa(ssl, &usage, &selector, &mtype, NULL, NULL);
+         printf("DANE TLSA %d %d %d %s at depth %d\n", usage, selector, mtype,
+                (mspki != NULL) ? "TA public key verified certificate" :
+                depth ? "matched TA certificate" : "matched EE certificate",
+                depth);
+     }
+     if (peername != NULL) {
+         /* Name checks were in scope and matched the peername */
+         printf("Verified peername: %s\n", peername);
+     }
+ } else {
+     /*
+      * Not authenticated, presumably all TLSA rrs unusable, but possibly a
+      * callback suppressed connection termination despite the presence of
+      * usable TLSA RRs none of which matched.  Do whatever is appropriate for
+      * fresh unauthenticated connections.
+      */
+ }
    +

    +

    +
    +

    NOTES

    +

    It is expected that the majority of clients employing DANE TLS will be doing +"opportunistic DANE TLS" in the sense of RFC7672 and RFC7435. +That is, they will use DANE authentication when DNSSEC-validated TLSA records +are published for a given peer, and otherwise will use unauthenticated TLS or +even cleartext.

    +

    Such applications should generally treat any TLSA records published by the peer +with usages PKIX-TA(0) and PKIX-EE(1) as "unusable", and should not include +them among the TLSA records used to authenticate peer connections. +In addition, some TLSA records with supported usages may be "unusable" as a +result of invalid or unsupported parameters.

    +

    When a peer has TLSA records, but none are "usable", an opportunistic +application must avoid cleartext, but cannot authenticate the peer, +and so should generally proceed with an unauthenticated connection. +Opportunistic applications need to note the return value of each +call to SSL_dane_tlsa_add(), and if all return 0 (due to invalid +or unsupported parameters) disable peer authentication by calling +SSL_set_verify(3) with mode equal to SSL_VERIFY_NONE.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_new(3), +SSL_add1_host(3), +SSL_set_hostflags(3), +SSL_set_tlsext_host_name(3), +SSL_set_verify(3), +SSL_CTX_set_cert_verify_callback(3), +SSL_get0_verified_chain(3), +SSL_get_peer_cert_chain(3), +SSL_get_verify_result(3), +SSL_connect(3), +SSL_get0_peername(3), +X509_verify_cert(3), +X509_up_ref(3), +X509_free(3), +EVP_get_digestbyname(3), +EVP_PKEY_up_ref(3), +EVP_PKEY_free(3)

    +

    +

    +
    +

    HISTORY

    +

    These functions were added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_flush_sessions.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_flush_sessions.html new file mode 100755 index 0000000..2732139 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_flush_sessions.html @@ -0,0 +1,94 @@ + + + + +SSL_CTX_flush_sessions + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_flush_sessions - remove expired sessions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_flush_sessions() causes a run through the session cache of +ctx to remove sessions expired at time tm.

    +

    +

    +
    +

    NOTES

    +

    If enabled, the internal session cache will collect all sessions established +up to the specified maximum number (see SSL_CTX_sess_set_cache_size()). +As sessions will not be reused ones they are expired, they should be +removed from the cache to save resources. This can either be done +automatically whenever 255 new sessions were established (see +SSL_CTX_set_session_cache_mode(3)) +or manually by calling SSL_CTX_flush_sessions().

    +

    The parameter tm specifies the time which should be used for the +expiration test, in most cases the actual time given by time(0) +will be used.

    +

    SSL_CTX_flush_sessions() will only check sessions stored in the internal +cache. When a session is found and removed, the remove_session_cb is however +called to synchronize with the external cache (see +SSL_CTX_sess_set_get_cb(3)).

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_flush_sessions() does not return a value.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_CTX_set_session_cache_mode(3), +SSL_CTX_set_timeout(3), +SSL_CTX_sess_set_get_cb(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_free.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_free.html new file mode 100755 index 0000000..ecf4731 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_free.html @@ -0,0 +1,88 @@ + + + + +SSL_CTX_free + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_free - free an allocated SSL_CTX object

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + void SSL_CTX_free(SSL_CTX *ctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_free() decrements the reference count of ctx, and removes the +SSL_CTX object pointed to by ctx and frees up the allocated memory if the reference count has reached 0.

    +

    It also calls the free()ing procedures for indirectly affected items, if +applicable: the session cache, the list of ciphers, the list of Client CAs, +the certificates and keys.

    +

    If ctx is NULL nothing is done.

    +

    +

    +
    +

    WARNINGS

    +

    If a session-remove callback is set (SSL_CTX_sess_set_remove_cb()), this +callback will be called for each session being freed from ctx's +session cache. This implies, that all corresponding sessions from an +external session cache are removed as well. If this is not desired, the user +should explicitly unset the callback by calling +SSL_CTX_sess_set_remove_cb(ctx, NULL) prior to calling SSL_CTX_free().

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_free() does not provide diagnostic information.

    +

    +

    +
    +

    SEE ALSO

    +

    SSL_CTX_new(3), ssl(7), +SSL_CTX_sess_set_get_cb(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_get0_param.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_get0_param.html new file mode 100755 index 0000000..f32f8b6 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_get0_param.html @@ -0,0 +1,106 @@ + + + + +SSL_CTX_get0_param + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_get0_param, SSL_get0_param, SSL_CTX_set1_param, SSL_set1_param - +get and set verification parameters

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx)
+ X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl)
+ int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm)
+ int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_get0_param() and SSL_get0_param() retrieve an internal pointer to +the verification parameters for ctx or ssl respectively. The returned +pointer must not be freed by the calling application.

    +

    SSL_CTX_set1_param() and SSL_set1_param() set the verification parameters +to vpm for ctx or ssl.

    +

    +

    +
    +

    NOTES

    +

    Typically parameters are retrieved from an SSL_CTX or SSL structure +using SSL_CTX_get0_param() or SSL_get0_param() and an application modifies +them to suit its needs: for example to add a hostname check.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_get0_param() and SSL_get0_param() return a pointer to an +X509_VERIFY_PARAM structure.

    +

    SSL_CTX_set1_param() and SSL_set1_param() return 1 for success and 0 +for failure.

    +

    +

    +
    +

    EXAMPLES

    +

    Check hostname matches "www.foo.com" in peer certificate:

    +
    + X509_VERIFY_PARAM *vpm = SSL_get0_param(ssl);
+ X509_VERIFY_PARAM_set1_host(vpm, "www.foo.com", 0);
    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +X509_VERIFY_PARAM_set_flags(3)

    +

    +

    +
    +

    HISTORY

    +

    These functions were added in OpenSSL 1.0.2.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_get_verify_mode.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_get_verify_mode.html new file mode 100755 index 0000000..0911b70 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_get_verify_mode.html @@ -0,0 +1,91 @@ + + + + +SSL_CTX_get_verify_mode + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_get_verify_mode, SSL_get_verify_mode, SSL_CTX_get_verify_depth, SSL_get_verify_depth, SSL_get_verify_callback, SSL_CTX_get_verify_callback - get currently set verification parameters

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_CTX_get_verify_mode(const SSL_CTX *ctx);
+ int SSL_get_verify_mode(const SSL *ssl);
+ int SSL_CTX_get_verify_depth(const SSL_CTX *ctx);
+ int SSL_get_verify_depth(const SSL *ssl);
+ int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *);
+ int (*SSL_get_verify_callback(const SSL *ssl))(int, X509_STORE_CTX *);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_get_verify_mode() returns the verification mode currently set in +ctx.

    +

    SSL_get_verify_mode() returns the verification mode currently set in +ssl.

    +

    SSL_CTX_get_verify_depth() returns the verification depth limit currently set +in ctx. If no limit has been explicitly set, -1 is returned and the +default value will be used.

    +

    SSL_get_verify_depth() returns the verification depth limit currently set +in ssl. If no limit has been explicitly set, -1 is returned and the +default value will be used.

    +

    SSL_CTX_get_verify_callback() returns a function pointer to the verification +callback currently set in ctx. If no callback was explicitly set, the +NULL pointer is returned and the default callback will be used.

    +

    SSL_get_verify_callback() returns a function pointer to the verification +callback currently set in ssl. If no callback was explicitly set, the +NULL pointer is returned and the default callback will be used.

    +

    +

    +
    +

    RETURN VALUES

    +

    See DESCRIPTION

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_CTX_set_verify(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_has_client_custom_ext.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_has_client_custom_ext.html new file mode 100755 index 0000000..efef14a --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_has_client_custom_ext.html @@ -0,0 +1,74 @@ + + + + +SSL_CTX_has_client_custom_ext + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_has_client_custom_ext - check whether a handler exists for a particular +client extension type

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_CTX_has_client_custom_ext(const SSL_CTX *ctx, unsigned int ext_type);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_has_client_custom_ext() checks whether a handler has been set for a +client extension of type ext_type using SSL_CTX_add_client_custom_ext().

    +

    +

    +
    +

    RETURN VALUES

    +

    Returns 1 if a handler has been set, 0 otherwise.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_CTX_add_client_custom_ext(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_load_verify_locations.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_load_verify_locations.html new file mode 100755 index 0000000..24d9b3a --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_load_verify_locations.html @@ -0,0 +1,210 @@ + + + + +SSL_CTX_load_verify_locations + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_load_verify_dir, SSL_CTX_load_verify_file, +SSL_CTX_load_verify_store, SSL_CTX_set_default_verify_paths, +SSL_CTX_set_default_verify_dir, SSL_CTX_set_default_verify_file, +SSL_CTX_set_default_verify_store, SSL_CTX_load_verify_locations +- set default locations for trusted CA certificates

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_CTX_load_verify_dir(SSL_CTX *ctx, const char *CApath);
+ int SSL_CTX_load_verify_file(SSL_CTX *ctx, const char *CAfile);
+ int SSL_CTX_load_verify_store(SSL_CTX *ctx, const char *CAstore);
    +
    + int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
    +
    + int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx);
+ int SSL_CTX_set_default_verify_file(SSL_CTX *ctx);
+ int SSL_CTX_set_default_verify_store(SSL_CTX *ctx);
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
+                                   const char *CApath);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_load_verify_dir(), SSL_CTX_load_verify_file(), +SSL_CTX_load_verify_store() specifies the locations for ctx, at +which CA certificates for verification purposes are located. The +certificates available via CAfile, CApath and CAstore are +trusted.

    +

    SSL_CTX_set_default_verify_paths() specifies that the default locations from +which CA certificates are loaded should be used. There is one default directory, +one default file and one default store. +The default CA certificates directory is called certs in the default OpenSSL +directory, and this is also the default store. +Alternatively the SSL_CERT_DIR environment variable can be defined to +override this location. +The default CA certificates file is called cert.pem in the default +OpenSSL directory. +Alternatively the SSL_CERT_FILE environment variable can be defined to +override this location.

    +

    SSL_CTX_set_default_verify_dir() is similar to +SSL_CTX_set_default_verify_paths() except that just the default directory is +used.

    +

    SSL_CTX_set_default_verify_file() is similar to +SSL_CTX_set_default_verify_paths() except that just the default file is +used.

    +

    SSL_CTX_set_default_verify_store() is similar to +SSL_CTX_set_default_verify_paths() except that just the default store is +used.

    +

    +

    +
    +

    NOTES

    +

    If CAfile is not NULL, it points to a file of CA certificates in PEM +format. The file can contain several CA certificates identified by

    +
    + -----BEGIN CERTIFICATE-----
+ ... (CA certificate in base64 encoding) ...
+ -----END CERTIFICATE-----
    +

    sequences. Before, between, and after the certificates text is allowed +which can be used e.g. for descriptions of the certificates.

    +

    The CAfile is processed on execution of the SSL_CTX_load_verify_locations() +function.

    +

    If CApath is not NULL, it points to a directory containing CA certificates +in PEM format. The files each contain one CA certificate. The files are +looked up by the CA subject name hash value, which must hence be available. +If more than one CA certificate with the same name hash value exist, the +extension must be different (e.g. 9d66eef0.0, 9d66eef0.1 etc). The search +is performed in the ordering of the extension number, regardless of other +properties of the certificates. +Use the c_rehash utility to create the necessary links.

    +

    The certificates in CApath are only looked up when required, e.g. when +building the certificate chain or when actually performing the verification +of a peer certificate.

    +

    When looking up CA certificates, the OpenSSL library will first search the +certificates in CAfile, then those in CApath. Certificate matching +is done based on the subject name, the key identifier (if present), and the +serial number as taken from the certificate to be verified. If these data +do not match, the next certificate will be tried. If a first certificate +matching the parameters is found, the verification process will be performed; +no other certificates for the same parameters will be searched in case of +failure.

    +

    If CAstore is not NULL, it's a URI for to a store, which may +represent a single container or a whole catalogue of containers. +Apart from the CAstore not necessarily being a local file or +directory, it's generally treated the same way as a CApath.

    +

    In server mode, when requesting a client certificate, the server must send +the list of CAs of which it will accept client certificates. This list +is not influenced by the contents of CAfile or CApath and must +explicitly be set using the +SSL_CTX_set_client_CA_list(3) +family of functions.

    +

    When building its own certificate chain, an OpenSSL client/server will +try to fill in missing certificates from CAfile/CApath, if the +certificate chain was not explicitly specified (see +SSL_CTX_add_extra_chain_cert(3), +SSL_CTX_use_certificate(3).

    +

    +

    +
    +

    WARNINGS

    +

    If several CA certificates matching the name, key identifier, and serial +number condition are available, only the first one will be examined. This +may lead to unexpected results if the same CA certificate is available +with different expiration dates. If a "certificate expired" verification +error occurs, no other certificate will be searched. Make sure to not +have expired certificates mixed with valid ones.

    +

    +

    +
    +

    RETURN VALUES

    +

    For SSL_CTX_load_verify_locations the following return values can occur:

    +
      +
    1. +

      The operation failed because CAfile and CApath are NULL or the +processing at one of the locations specified failed. Check the error +stack to find out the reason.

      +
      2. +
    2. +

      The operation succeeded.

      +
      3. +
    +

    SSL_CTX_set_default_verify_paths(), SSL_CTX_set_default_verify_dir() and +SSL_CTX_set_default_verify_file() all return 1 on success or 0 on failure. A +missing default location is still treated as a success.

    +

    +

    +
    +

    EXAMPLES

    +

    Generate a CA certificate file with descriptive text from the CA certificates +ca1.pem ca2.pem ca3.pem:

    +
    + #!/bin/sh
+ rm CAfile.pem
+ for i in ca1.pem ca2.pem ca3.pem ; do
+     openssl x509 -in $i -text >> CAfile.pem
+ done
    +

    Prepare the directory /some/where/certs containing several CA certificates +for use as CApath:

    +
    + cd /some/where/certs
+ c_rehash .
    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_CTX_set_client_CA_list(3), +SSL_get_client_CA_list(3), +SSL_CTX_use_certificate(3), +SSL_CTX_add_extra_chain_cert(3), +SSL_CTX_set_cert_store(3), +SSL_CTX_set_client_CA_list(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_new.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_new.html new file mode 100755 index 0000000..2ba8971 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_new.html @@ -0,0 +1,275 @@ + + + + +SSL_CTX_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    TLSv1_2_method, TLSv1_2_server_method, TLSv1_2_client_method, +SSL_CTX_new, SSL_CTX_new_with_libctx, SSL_CTX_up_ref, SSLv3_method, +SSLv3_server_method, SSLv3_client_method, TLSv1_method, TLSv1_server_method, +TLSv1_client_method, TLSv1_1_method, TLSv1_1_server_method, +TLSv1_1_client_method, TLS_method, TLS_server_method, TLS_client_method, +SSLv23_method, SSLv23_server_method, SSLv23_client_method, DTLS_method, +DTLS_server_method, DTLS_client_method, DTLSv1_method, DTLSv1_server_method, +DTLSv1_client_method, DTLSv1_2_method, DTLSv1_2_server_method, +DTLSv1_2_client_method +- create a new SSL_CTX object as framework for TLS/SSL or DTLS enabled +functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + SSL_CTX *SSL_CTX_new_with_libctx(OPENSSL_CTX *libctx, const char *propq,
+                                  const SSL_METHOD *method);
+ SSL_CTX *SSL_CTX_new(const SSL_METHOD *method);
+ int SSL_CTX_up_ref(SSL_CTX *ctx);
    +
    + const SSL_METHOD *TLS_method(void);
+ const SSL_METHOD *TLS_server_method(void);
+ const SSL_METHOD *TLS_client_method(void);
    +
    + const SSL_METHOD *SSLv23_method(void);
+ const SSL_METHOD *SSLv23_server_method(void);
+ const SSL_METHOD *SSLv23_client_method(void);
    +
    + #ifndef OPENSSL_NO_SSL3_METHOD
+ const SSL_METHOD *SSLv3_method(void);
+ const SSL_METHOD *SSLv3_server_method(void);
+ const SSL_METHOD *SSLv3_client_method(void);
+ #endif
    +
    + #ifndef OPENSSL_NO_TLS1_METHOD
+ const SSL_METHOD *TLSv1_method(void);
+ const SSL_METHOD *TLSv1_server_method(void);
+ const SSL_METHOD *TLSv1_client_method(void);
+ #endif
    +
    + #ifndef OPENSSL_NO_TLS1_1_METHOD
+ const SSL_METHOD *TLSv1_1_method(void);
+ const SSL_METHOD *TLSv1_1_server_method(void);
+ const SSL_METHOD *TLSv1_1_client_method(void);
+ #endif
    +
    + #ifndef OPENSSL_NO_TLS1_2_METHOD
+ const SSL_METHOD *TLSv1_2_method(void);
+ const SSL_METHOD *TLSv1_2_server_method(void);
+ const SSL_METHOD *TLSv1_2_client_method(void);
+ #endif
    +
    + const SSL_METHOD *DTLS_method(void);
+ const SSL_METHOD *DTLS_server_method(void);
+ const SSL_METHOD *DTLS_client_method(void);
    +
    + #ifndef OPENSSL_NO_DTLS1_METHOD
+ const SSL_METHOD *DTLSv1_method(void);
+ const SSL_METHOD *DTLSv1_server_method(void);
+ const SSL_METHOD *DTLSv1_client_method(void);
+ #endif
    +
    + #ifndef OPENSSL_NO_DTLS1_2_METHOD
+ const SSL_METHOD *DTLSv1_2_method(void);
+ const SSL_METHOD *DTLSv1_2_server_method(void);
+ const SSL_METHOD *DTLSv1_2_client_method(void);
+ #endif
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_new_with_libctx() creates a new SSL_CTX object as a framework to +establish TLS/SSL or DTLS enabled connections using the library context +libctx (see OPENSSL_CTX(3)). Any cryptographic algorithms that are used +by any SSL objects created from this SSL_CTX will be fetched from the +libctx using the property query string propq (see +provider(7)/Fetching algorithms. Either or both the libctx or propq +parameters may be NULL.

    +

    SSL_CTX_new() does the same as SSL_CTX_new_with_libctx() except that the default +library context is used and no property query string is specified.

    +

    An SSL_CTX object is reference counted. Creating an SSL_CTX object for the +first time increments the reference count. Freeing the SSL_CTX (using +SSL_CTX_free) decrements it. When the reference count drops to zero, any memory +or resources allocated to the SSL_CTX object are freed. SSL_CTX_up_ref() +increments the reference count for an existing SSL_CTX structure.

    +

    +

    +
    +

    NOTES

    +

    The SSL_CTX object uses method as the connection method. +The methods exist in a generic type (for client and server use), a server only +type, and a client only type. +method can be one of the following types:

    +
    +
    TLS_method(), TLS_server_method(), TLS_client_method()
    + +
    +

    These are the general-purpose version-flexible SSL/TLS methods. +The actual protocol version used will be negotiated to the highest version +mutually supported by the client and the server. +The supported protocols are SSLv3, TLSv1, TLSv1.1, TLSv1.2 and TLSv1.3. +Applications should use these methods, and avoid the version-specific +methods described below, which are deprecated.

    +
    +
    SSLv23_method(), SSLv23_server_method(), SSLv23_client_method()
    + +
    +

    These functions do not exist anymore, they have been renamed to +TLS_method(), TLS_server_method() and TLS_client_method() respectively. +Currently, the old function calls are renamed to the corresponding new +ones by preprocessor macros, to ensure that existing code which uses the +old function names still compiles. However, using the old function names +is deprecated and new code should call the new functions instead.

    +
    +
    TLSv1_2_method(), TLSv1_2_server_method(), TLSv1_2_client_method()
    + +
    +

    A TLS/SSL connection established with these methods will only understand the +TLSv1.2 protocol. These methods are deprecated.

    +
    +
    TLSv1_1_method(), TLSv1_1_server_method(), TLSv1_1_client_method()
    + +
    +

    A TLS/SSL connection established with these methods will only understand the +TLSv1.1 protocol. These methods are deprecated.

    +
    +
    TLSv1_method(), TLSv1_server_method(), TLSv1_client_method()
    + +
    +

    A TLS/SSL connection established with these methods will only understand the +TLSv1 protocol. These methods are deprecated.

    +
    +
    SSLv3_method(), SSLv3_server_method(), SSLv3_client_method()
    + +
    +

    A TLS/SSL connection established with these methods will only understand the +SSLv3 protocol. +The SSLv3 protocol is deprecated and should not be used.

    +
    +
    DTLS_method(), DTLS_server_method(), DTLS_client_method()
    + +
    +

    These are the version-flexible DTLS methods. +Currently supported protocols are DTLS 1.0 and DTLS 1.2.

    +
    +
    DTLSv1_2_method(), DTLSv1_2_server_method(), DTLSv1_2_client_method()
    + +
    +

    These are the version-specific methods for DTLSv1.2. +These methods are deprecated.

    +
    +
    DTLSv1_method(), DTLSv1_server_method(), DTLSv1_client_method()
    + +
    +

    These are the version-specific methods for DTLSv1. +These methods are deprecated.

    +
    +
    +

    SSL_CTX_new() initializes the list of ciphers, the session cache setting, the +callbacks, the keys and certificates and the options to their default values.

    +

    TLS_method(), TLS_server_method(), TLS_client_method(), DTLS_method(), +DTLS_server_method() and DTLS_client_method() are the version-flexible +methods. +All other methods only support one specific protocol version. +Use the version-flexible methods instead of the version specific methods.

    +

    If you want to limit the supported protocols for the version flexible +methods you can use SSL_CTX_set_min_proto_version(3), +SSL_set_min_proto_version(3), SSL_CTX_set_max_proto_version(3) and +SSL_set_max_proto_version(3) functions. +Using these functions it is possible to choose e.g. TLS_server_method() +and be able to negotiate with all possible clients, but to only +allow newer protocols like TLS 1.0, TLS 1.1, TLS 1.2 or TLS 1.3.

    +

    The list of protocols available can also be limited using the +SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1, +SSL_OP_NO_TLSv1_3, SSL_OP_NO_TLSv1_2 and SSL_OP_NO_TLSv1_3 +options of the +SSL_CTX_set_options(3) or SSL_set_options(3) functions, but this approach +is not recommended. Clients should avoid creating "holes" in the set of +protocols they support. When disabling a protocol, make sure that you also +disable either all previous or all subsequent protocol versions. +In clients, when a protocol version is disabled without disabling all +previous protocol versions, the effect is to also disable all subsequent +protocol versions.

    +

    The SSLv3 protocol is deprecated and should generally not be used. +Applications should typically use SSL_CTX_set_min_proto_version(3) to set +the minimum protocol to at least TLS1_VERSION.

    +

    +

    +
    +

    RETURN VALUES

    +

    The following return values can occur:

    +
    +
    NULL
    + +
    +

    The creation of a new SSL_CTX object failed. Check the error stack to find out +the reason.

    +
    +
    Pointer to an SSL_CTX object
    + +
    +

    The return value points to an allocated SSL_CTX object.

    +

    SSL_CTX_up_ref() returns 1 for success and 0 for failure.

    +
    +
    +

    +

    +
    +

    SEE ALSO

    +

    SSL_CTX_set_options(3), SSL_CTX_free(3), SSL_accept(3), +SSL_CTX_set_min_proto_version(3), ssl(7), SSL_set_connect_state(3)

    +

    +

    +
    +

    HISTORY

    +

    Support for SSLv2 and the corresponding SSLv2_method(), +SSLv2_server_method() and SSLv2_client_method() functions where +removed in OpenSSL 1.1.0.

    +

    SSLv23_method(), SSLv23_server_method() and SSLv23_client_method() +were deprecated and the preferred TLS_method(), TLS_server_method() +and TLS_client_method() functions were added in OpenSSL 1.1.0.

    +

    All version-specific methods were deprecated in OpenSSL 1.1.0.

    +

    SSL_CTX_new_with_libctx() was added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_sess_number.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_sess_number.html new file mode 100755 index 0000000..6447ead --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_sess_number.html @@ -0,0 +1,111 @@ + + + + +SSL_CTX_sess_number + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_sess_number, SSL_CTX_sess_connect, SSL_CTX_sess_connect_good, SSL_CTX_sess_connect_renegotiate, SSL_CTX_sess_accept, SSL_CTX_sess_accept_good, SSL_CTX_sess_accept_renegotiate, SSL_CTX_sess_hits, SSL_CTX_sess_cb_hits, SSL_CTX_sess_misses, SSL_CTX_sess_timeouts, SSL_CTX_sess_cache_full - obtain session cache statistics

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + long SSL_CTX_sess_number(SSL_CTX *ctx);
+ long SSL_CTX_sess_connect(SSL_CTX *ctx);
+ long SSL_CTX_sess_connect_good(SSL_CTX *ctx);
+ long SSL_CTX_sess_connect_renegotiate(SSL_CTX *ctx);
+ long SSL_CTX_sess_accept(SSL_CTX *ctx);
+ long SSL_CTX_sess_accept_good(SSL_CTX *ctx);
+ long SSL_CTX_sess_accept_renegotiate(SSL_CTX *ctx);
+ long SSL_CTX_sess_hits(SSL_CTX *ctx);
+ long SSL_CTX_sess_cb_hits(SSL_CTX *ctx);
+ long SSL_CTX_sess_misses(SSL_CTX *ctx);
+ long SSL_CTX_sess_timeouts(SSL_CTX *ctx);
+ long SSL_CTX_sess_cache_full(SSL_CTX *ctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_sess_number() returns the current number of sessions in the internal +session cache.

    +

    SSL_CTX_sess_connect() returns the number of started SSL/TLS handshakes in +client mode.

    +

    SSL_CTX_sess_connect_good() returns the number of successfully established +SSL/TLS sessions in client mode.

    +

    SSL_CTX_sess_connect_renegotiate() returns the number of started renegotiations +in client mode.

    +

    SSL_CTX_sess_accept() returns the number of started SSL/TLS handshakes in +server mode.

    +

    SSL_CTX_sess_accept_good() returns the number of successfully established +SSL/TLS sessions in server mode.

    +

    SSL_CTX_sess_accept_renegotiate() returns the number of started renegotiations +in server mode.

    +

    SSL_CTX_sess_hits() returns the number of successfully reused sessions. +In client mode a session set with SSL_set_session(3) +successfully reused is counted as a hit. In server mode a session successfully +retrieved from internal or external cache is counted as a hit.

    +

    SSL_CTX_sess_cb_hits() returns the number of successfully retrieved sessions +from the external session cache in server mode.

    +

    SSL_CTX_sess_misses() returns the number of sessions proposed by clients +that were not found in the internal session cache in server mode.

    +

    SSL_CTX_sess_timeouts() returns the number of sessions proposed by clients +and either found in the internal or external session cache in server mode, + but that were invalid due to timeout. These sessions are not included in +the SSL_CTX_sess_hits() count.

    +

    SSL_CTX_sess_cache_full() returns the number of sessions that were removed +because the maximum session cache size was exceeded.

    +

    +

    +
    +

    RETURN VALUES

    +

    The functions return the values indicated in the DESCRIPTION section.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_set_session(3), +SSL_CTX_set_session_cache_mode(3) +SSL_CTX_sess_set_cache_size(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_sess_set_cache_size.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_sess_set_cache_size.html new file mode 100755 index 0000000..c3f5e70 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_sess_set_cache_size.html @@ -0,0 +1,97 @@ + + + + +SSL_CTX_sess_set_cache_size + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_sess_set_cache_size, SSL_CTX_sess_get_cache_size - manipulate session cache size

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + long SSL_CTX_sess_set_cache_size(SSL_CTX *ctx, long t);
+ long SSL_CTX_sess_get_cache_size(SSL_CTX *ctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_sess_set_cache_size() sets the size of the internal session cache +of context ctx to t. +This value is a hint and not an absolute; see the notes below.

    +

    SSL_CTX_sess_get_cache_size() returns the currently valid session cache size.

    +

    +

    +
    +

    NOTES

    +

    The internal session cache size is SSL_SESSION_CACHE_MAX_SIZE_DEFAULT, +currently 1024*20, so that up to 20000 sessions can be held. This size +can be modified using the SSL_CTX_sess_set_cache_size() call. A special +case is the size 0, which is used for unlimited size.

    +

    If adding the session makes the cache exceed its size, then unused +sessions are dropped from the end of the cache. +Cache space may also be reclaimed by calling +SSL_CTX_flush_sessions(3) to remove +expired sessions.

    +

    If the size of the session cache is reduced and more sessions are already +in the session cache, old session will be removed at the next time a +session shall be added. This removal is not synchronized with the +expiration of sessions.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_sess_set_cache_size() returns the previously valid size.

    +

    SSL_CTX_sess_get_cache_size() returns the currently valid size.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_CTX_set_session_cache_mode(3), +SSL_CTX_sess_number(3), +SSL_CTX_flush_sessions(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_sess_set_get_cb.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_sess_set_get_cb.html new file mode 100755 index 0000000..5b7e3a6 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_sess_set_get_cb.html @@ -0,0 +1,151 @@ + + + + +SSL_CTX_sess_set_get_cb + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_sess_set_new_cb, SSL_CTX_sess_set_remove_cb, SSL_CTX_sess_set_get_cb, SSL_CTX_sess_get_new_cb, SSL_CTX_sess_get_remove_cb, SSL_CTX_sess_get_get_cb - provide callback functions for server side external session caching

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
+                              int (*new_session_cb)(SSL *, SSL_SESSION *));
+ void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
+                                 void (*remove_session_cb)(SSL_CTX *ctx,
+                                                           SSL_SESSION *));
+ void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
+                              SSL_SESSION (*get_session_cb)(SSL *,
+                                                            const unsigned char *,
+                                                            int, int *));
    +
    + int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl,
+                                              SSL_SESSION *sess);
+ void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx,
+                                                  SSL_SESSION *sess);
+ SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl,
+                                                       const unsigned char *data,
+                                                       int len, int *copy);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_sess_set_new_cb() sets the callback function, which is automatically +called whenever a new session was negotiated.

    +

    SSL_CTX_sess_set_remove_cb() sets the callback function, which is +automatically called whenever a session is removed by the SSL engine, +because it is considered faulty or the session has become obsolete because +of exceeding the timeout value.

    +

    SSL_CTX_sess_set_get_cb() sets the callback function which is called, +whenever a SSL/TLS client proposed to resume a session but the session +could not be found in the internal session cache (see +SSL_CTX_set_session_cache_mode(3)). +(SSL/TLS server only.)

    +

    SSL_CTX_sess_get_new_cb(), SSL_CTX_sess_get_remove_cb(), and +SSL_CTX_sess_get_get_cb() retrieve the function pointers set by the +corresponding set callback functions. If a callback function has not been +set, the NULL pointer is returned.

    +

    +

    +
    +

    NOTES

    +

    In order to allow external session caching, synchronization with the internal +session cache is realized via callback functions. Inside these callback +functions, session can be saved to disk or put into a database using the +d2i_SSL_SESSION(3) interface.

    +

    The new_session_cb() is called whenever a new session has been negotiated and +session caching is enabled (see SSL_CTX_set_session_cache_mode(3)). The +new_session_cb() is passed the ssl connection and the ssl session sess. +Since sessions are reference-counted objects, the reference count on the +session is incremented before the callback, on behalf of the application. If +the callback returns 0, the session will be immediately removed from the +internal cache and the reference count released. If the callback returns 1, +the application retains the reference (for an entry in the +application-maintained "external session cache"), and is responsible for +calling SSL_SESSION_free() when the session reference is no longer in use.

    +

    Note that in TLSv1.3, sessions are established after the main +handshake has completed. The server decides when to send the client the session +information and this may occur some time after the end of the handshake (or not +at all). This means that applications should expect the new_session_cb() +function to be invoked during the handshake (for <= TLSv1.2) or after the +handshake (for TLSv1.3). It is also possible in TLSv1.3 for multiple sessions to +be established with a single connection. In these case the new_session_cb() +function will be invoked multiple times.

    +

    In TLSv1.3 it is recommended that each SSL_SESSION object is only used for +resumption once. One way of enforcing that is for applications to call +SSL_CTX_remove_session(3) after a session has been used.

    +

    The remove_session_cb() is called, whenever the SSL engine removes a session +from the internal cache. This happens when the session is removed because +it is expired or when a connection was not shutdown cleanly. It also happens +for all sessions in the internal session cache when +SSL_CTX_free(3) is called. The remove_session_cb() is passed +the ctx and the ssl session sess. It does not provide any feedback.

    +

    The get_session_cb() is only called on SSL/TLS servers with the session id +proposed by the client. The get_session_cb() is always called, also when +session caching was disabled. The get_session_cb() is passed the +ssl connection, the session id of length length at the memory location +data. With the parameter copy the callback can require the +SSL engine to increment the reference count of the SSL_SESSION object, +Normally the reference count is not incremented and therefore the +session must not be explicitly freed with +SSL_SESSION_free(3).

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_sess_get_new_cb(), SSL_CTX_sess_get_remove_cb() and SSL_CTX_sess_get_get_cb() +return different callback function pointers respectively.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), d2i_SSL_SESSION(3), +SSL_CTX_set_session_cache_mode(3), +SSL_CTX_flush_sessions(3), +SSL_SESSION_free(3), +SSL_CTX_free(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_sessions.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_sessions.html new file mode 100755 index 0000000..4946bfd --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_sessions.html @@ -0,0 +1,86 @@ + + + + +SSL_CTX_sessions + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_sessions - access internal session cache

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_sessions() returns a pointer to the lhash databases containing the +internal session cache for ctx.

    +

    +

    +
    +

    NOTES

    +

    The sessions in the internal session cache are kept in an +LHASH(3) type database. It is possible to directly +access this database e.g. for searching. In parallel, the sessions +form a linked list which is maintained separately from the +LHASH(3) operations, so that the database must not be +modified directly but by using the +SSL_CTX_add_session(3) family of functions.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_sessions() returns a pointer to the lhash of SSL_SESSION.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), LHASH(3), +SSL_CTX_add_session(3), +SSL_CTX_set_session_cache_mode(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set0_CA_list.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set0_CA_list.html new file mode 100755 index 0000000..dc6c430 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set0_CA_list.html @@ -0,0 +1,205 @@ + + + + +SSL_CTX_set0_CA_list + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_client_CA_list, +SSL_set_client_CA_list, +SSL_get_client_CA_list, +SSL_CTX_get_client_CA_list, +SSL_CTX_add_client_CA, +SSL_add_client_CA, +SSL_set0_CA_list, +SSL_CTX_set0_CA_list, +SSL_get0_CA_list, +SSL_CTX_get0_CA_list, +SSL_add1_to_CA_list, +SSL_CTX_add1_to_CA_list, +SSL_get0_peer_CA_list +- get or set CA list

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list);
+ void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list);
+ STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s);
+ STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx);
+ int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *cacert);
+ int SSL_add_client_CA(SSL *ssl, X509 *cacert);
    +
    + void SSL_CTX_set0_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list);
+ void SSL_set0_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list);
+ const STACK_OF(X509_NAME) *SSL_CTX_get0_CA_list(const SSL_CTX *ctx);
+ const STACK_OF(X509_NAME) *SSL_get0_CA_list(const SSL *s);
+ int SSL_CTX_add1_to_CA_list(SSL_CTX *ctx, const X509 *x);
+ int SSL_add1_to_CA_list(SSL *ssl, const X509 *x);
    +
    + const STACK_OF(X509_NAME) *SSL_get0_peer_CA_list(const SSL *s);
    +

    +

    +
    +

    DESCRIPTION

    +

    The functions described here set and manage the list of CA names that are sent +between two communicating peers.

    +

    For TLS versions 1.2 and earlier the list of CA names is only sent from the +server to the client when requesting a client certificate. So any list of CA +names set is never sent from client to server and the list of CA names retrieved +by SSL_get0_peer_CA_list() is always NULL.

    +

    For TLS 1.3 the list of CA names is sent using the certificate_authorities +extension and may be sent by a client (in the ClientHello message) or by +a server (when requesting a certificate).

    +

    In most cases it is not necessary to set CA names on the client side. The list +of CA names that are acceptable to the client will be sent in plaintext to the +server. This has privacy implications and may also have performance implications +if the list is large. This optional capability was introduced as part of TLSv1.3 +and therefore setting CA names on the client side will have no impact if that +protocol version has been disabled. Most servers do not need this and so this +should be avoided unless required.

    +

    The "client CA list" functions below only have an effect when called on the +server side.

    +

    SSL_CTX_set_client_CA_list() sets the list of CAs sent to the client when +requesting a client certificate for ctx. Ownership of list is transferred +to ctx and it should not be freed by the caller.

    +

    SSL_set_client_CA_list() sets the list of CAs sent to the client when +requesting a client certificate for the chosen ssl, overriding the +setting valid for ssl's SSL_CTX object. Ownership of list is transferred +to s and it should not be freed by the caller.

    +

    SSL_CTX_get_client_CA_list() returns the list of client CAs explicitly set for +ctx using SSL_CTX_set_client_CA_list(). The returned list should not be freed +by the caller.

    +

    SSL_get_client_CA_list() returns the list of client CAs explicitly +set for ssl using SSL_set_client_CA_list() or ssl's SSL_CTX object with +SSL_CTX_set_client_CA_list(), when in server mode. In client mode, +SSL_get_client_CA_list returns the list of client CAs sent from the server, if +any. The returned list should not be freed by the caller.

    +

    SSL_CTX_add_client_CA() adds the CA name extracted from cacert to the +list of CAs sent to the client when requesting a client certificate for +ctx.

    +

    SSL_add_client_CA() adds the CA name extracted from cacert to the +list of CAs sent to the client when requesting a client certificate for +the chosen ssl, overriding the setting valid for ssl's SSL_CTX object.

    +

    SSL_get0_peer_CA_list() retrieves the list of CA names (if any) the peer +has sent. This can be called on either the server or the client side. The +returned list should not be freed by the caller.

    +

    The "generic CA list" functions below are very similar to the "client CA +list" functions except that they have an effect on both the server and client +sides. The lists of CA names managed are separate - so you cannot (for example) +set CA names using the "client CA list" functions and then get them using the +"generic CA list" functions. Where a mix of the two types of functions has been +used on the server side then the "client CA list" functions take precedence. +Typically, on the server side, the "client CA list " functions should be used in +preference. As noted above in most cases it is not necessary to set CA names on +the client side.

    +

    SSL_CTX_set0_CA_list() sets the list of CAs to be sent to the peer to +name_list. Ownership of name_list is transferred to ctx and +it should not be freed by the caller.

    +

    SSL_set0_CA_list() sets the list of CAs to be sent to the peer to name_list +overriding any list set in the parent SSL_CTX of s. Ownership of +name_list is transferred to s and it should not be freed by the caller.

    +

    SSL_CTX_get0_CA_list() retrieves any previously set list of CAs set for +ctx. The returned list should not be freed by the caller.

    +

    SSL_get0_CA_list() retrieves any previously set list of CAs set for +s or if none are set the list from the parent SSL_CTX is retrieved. The +returned list should not be freed by the caller.

    +

    SSL_CTX_add1_to_CA_list() appends the CA subject name extracted from x to the +list of CAs sent to peer for ctx.

    +

    SSL_add1_to_CA_list() appends the CA subject name extracted from x to the +list of CAs sent to the peer for s, overriding the setting in the parent +SSL_CTX.

    +

    +

    +
    +

    NOTES

    +

    When a TLS/SSL server requests a client certificate (see +SSL_CTX_set_verify(3)), it sends a list of CAs, for which it will accept +certificates, to the client.

    +

    This list must explicitly be set using SSL_CTX_set_client_CA_list() or +SSL_CTX_set0_CA_list() for ctx and SSL_set_client_CA_list() or +SSL_set0_CA_list() for the specific ssl. The list specified +overrides the previous setting. The CAs listed do not become trusted (list +only contains the names, not the complete certificates); use +SSL_CTX_load_verify_locations(3) to additionally load them for verification.

    +

    If the list of acceptable CAs is compiled in a file, the +SSL_load_client_CA_file(3) function can be used to help to import the +necessary data.

    +

    SSL_CTX_add_client_CA(), SSL_CTX_add1_to_CA_list(), SSL_add_client_CA() and +SSL_add1_to_CA_list() can be used to add additional items the list of CAs. If no +list was specified before using SSL_CTX_set_client_CA_list(), +SSL_CTX_set0_CA_list(), SSL_set_client_CA_list() or SSL_set0_CA_list(), a +new CA list for ctx or ssl (as appropriate) is opened.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_set_client_CA_list(), SSL_set_client_CA_list(), +SSL_CTX_set_client_CA_list(), SSL_set_client_CA_list(), SSL_CTX_set0_CA_list() +and SSL_set0_CA_list() do not return a value.

    +

    SSL_CTX_get_client_CA_list(), SSL_get_client_CA_list(), SSL_CTX_get0_CA_list() +and SSL_get0_CA_list() return a stack of CA names or NULL is no CA names are +set.

    +

    SSL_CTX_add_client_CA(),SSL_add_client_CA(), SSL_CTX_add1_to_CA_list() and +SSL_add1_to_CA_list() return 1 for success and 0 for failure.

    +

    SSL_get0_peer_CA_list() returns a stack of CA names sent by the peer or +NULL or an empty stack if no list was sent.

    +

    +

    +
    +

    EXAMPLES

    +

    Scan all certificates in CAfile and list them as acceptable CAs:

    +
    + SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile));
    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_load_client_CA_file(3), +SSL_CTX_load_verify_locations(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set1_curves.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set1_curves.html new file mode 100755 index 0000000..42c4047 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set1_curves.html @@ -0,0 +1,156 @@ + + + + +SSL_CTX_set1_curves + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set1_groups, SSL_CTX_set1_groups_list, SSL_set1_groups, +SSL_set1_groups_list, SSL_get1_groups, SSL_get_shared_group, +SSL_get_negotiated_group, SSL_CTX_set1_curves, SSL_CTX_set1_curves_list, +SSL_set1_curves, SSL_set1_curves_list, SSL_get1_curves, SSL_get_shared_curve +- EC supported curve functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_CTX_set1_groups(SSL_CTX *ctx, int *glist, int glistlen);
+ int SSL_CTX_set1_groups_list(SSL_CTX *ctx, char *list);
    +
    + int SSL_set1_groups(SSL *ssl, int *glist, int glistlen);
+ int SSL_set1_groups_list(SSL *ssl, char *list);
    +
    + int SSL_get1_groups(SSL *ssl, int *groups);
+ int SSL_get_shared_group(SSL *s, int n);
+ int SSL_get_negotiated_group(SSL *s);
    +
    + int SSL_CTX_set1_curves(SSL_CTX *ctx, int *clist, int clistlen);
+ int SSL_CTX_set1_curves_list(SSL_CTX *ctx, char *list);
    +
    + int SSL_set1_curves(SSL *ssl, int *clist, int clistlen);
+ int SSL_set1_curves_list(SSL *ssl, char *list);
    +
    + int SSL_get1_curves(SSL *ssl, int *curves);
+ int SSL_get_shared_curve(SSL *s, int n);
    +

    +

    +
    +

    DESCRIPTION

    +

    For all of the functions below that set the supported groups there must be at +least one group in the list.

    +

    SSL_CTX_set1_groups() sets the supported groups for ctx to glistlen +groups in the array glist. The array consist of all NIDs of groups in +preference order. For a TLS client the groups are used directly in the +supported groups extension. For a TLS server the groups are used to +determine the set of shared groups. Currently supported groups for +TLSv1.3 are NID_X9_62_prime256v1, NID_secp384r1, NID_secp521r1, +NID_X25519, NID_X448, NID_ffdhe2048, NID_ffdhe3072, +NID_ffdhe4096, NID_ffdhe6144 and NID_ffdhe8192.

    +

    SSL_CTX_set1_groups_list() sets the supported groups for ctx to +string list. The string is a colon separated list of group NIDs or +names, for example "P-521:P-384:P-256:X25519:ffdhe2048". Currently supported +groups for TLSv1.3 are P-256, P-384, P-521, X25519, X448, +ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192.

    +

    SSL_set1_groups() and SSL_set1_groups_list() are similar except they set +supported groups for the SSL structure ssl.

    +

    SSL_get1_groups() returns the set of supported groups sent by a client +in the supported groups extension. It returns the total number of +supported groups. The groups parameter can be NULL to simply +return the number of groups for memory allocation purposes. The +groups array is in the form of a set of group NIDs in preference +order. It can return zero if the client did not send a supported groups +extension.

    +

    SSL_get_shared_group() returns shared group n for a server-side +SSL ssl. If n is -1 then the total number of shared groups is +returned, which may be zero. Other than for diagnostic purposes, +most applications will only be interested in the first shared group +so n is normally set to zero. If the value n is out of range, +NID_undef is returned.

    +

    SSL_get_negotiated_group() returns the negotiated group on a TLSv1.3 connection +for key exchange. This can be called by either client or server.

    +

    All these functions are implemented as macros.

    +

    The curve functions are synonyms for the equivalently named group functions and +are identical in every respect. They exist because, prior to TLS1.3, there was +only the concept of supported curves. In TLS1.3 this was renamed to supported +groups, and extended to include Diffie Hellman groups. The group functions +should be used in preference.

    +

    +

    +
    +

    NOTES

    +

    If an application wishes to make use of several of these functions for +configuration purposes either on a command line or in a file it should +consider using the SSL_CONF interface instead of manually parsing options.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_set1_groups(), SSL_CTX_set1_groups_list(), SSL_set1_groups() and +SSL_set1_groups_list(), return 1 for success and 0 for failure.

    +

    SSL_get1_groups() returns the number of groups, which may be zero.

    +

    SSL_get_shared_group() returns the NID of shared group n or NID_undef if there +is no shared group n; or the total number of shared groups if n +is -1.

    +

    When called on a client ssl, SSL_get_shared_group() has no meaning and +returns -1.

    +

    SSL_get_negotiated_group() returns the NID of the negotiated group on a +TLSv1.3 connection for key exchange. Or it returns NID_undef if no negotiated +group.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_CTX_add_extra_chain_cert(3)

    +

    +

    +
    +

    HISTORY

    +

    The curve functions were added in OpenSSL 1.0.2. The equivalent group +functions were added in OpenSSL 1.1.1. The SSL_get_negotiated_group() function +was added in OpenSSL 3.0.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set1_sigalgs.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set1_sigalgs.html new file mode 100755 index 0000000..26dfc1f --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set1_sigalgs.html @@ -0,0 +1,146 @@ + + + + +SSL_CTX_set1_sigalgs + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set1_sigalgs, SSL_set1_sigalgs, SSL_CTX_set1_sigalgs_list, +SSL_set1_sigalgs_list, SSL_CTX_set1_client_sigalgs, +SSL_set1_client_sigalgs, SSL_CTX_set1_client_sigalgs_list, +SSL_set1_client_sigalgs_list - set supported signature algorithms

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + long SSL_CTX_set1_sigalgs(SSL_CTX *ctx, const int *slist, long slistlen);
+ long SSL_set1_sigalgs(SSL *ssl, const int *slist, long slistlen);
+ long SSL_CTX_set1_sigalgs_list(SSL_CTX *ctx, const char *str);
+ long SSL_set1_sigalgs_list(SSL *ssl, const char *str);
    +
    + long SSL_CTX_set1_client_sigalgs(SSL_CTX *ctx, const int *slist, long slistlen);
+ long SSL_set1_client_sigalgs(SSL *ssl, const int *slist, long slistlen);
+ long SSL_CTX_set1_client_sigalgs_list(SSL_CTX *ctx, const char *str);
+ long SSL_set1_client_sigalgs_list(SSL *ssl, const char *str);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set1_sigalgs() and SSL_set1_sigalgs() set the supported signature +algorithms for ctx or ssl. The array slist of length slistlen +must consist of pairs of NIDs corresponding to digest and public key +algorithms.

    +

    SSL_CTX_set1_sigalgs_list() and SSL_set1_sigalgs_list() set the supported +signature algorithms for ctx or ssl. The str parameter +must be a null terminated string consisting of a colon separated list of +elements, where each element is either a combination of a public key +algorithm and a digest separated by +, or a TLS 1.3-style named +SignatureScheme such as rsa_pss_pss_sha256.

    +

    SSL_CTX_set1_client_sigalgs(), SSL_set1_client_sigalgs(), +SSL_CTX_set1_client_sigalgs_list() and SSL_set1_client_sigalgs_list() set +signature algorithms related to client authentication, otherwise they are +identical to SSL_CTX_set1_sigalgs(), SSL_set1_sigalgs(), +SSL_CTX_set1_sigalgs_list() and SSL_set1_sigalgs_list().

    +

    All these functions are implemented as macros. The signature algorithm +parameter (integer array or string) is not freed: the application should +free it, if necessary.

    +

    +

    +
    +

    NOTES

    +

    If an application wishes to allow the setting of signature algorithms +as one of many user configurable options it should consider using the more +flexible SSL_CONF API instead.

    +

    The signature algorithms set by a client are used directly in the supported +signature algorithm in the client hello message.

    +

    The supported signature algorithms set by a server are not sent to the +client but are used to determine the set of shared signature algorithms +and (if server preferences are set with SSL_OP_CIPHER_SERVER_PREFERENCE) +their order.

    +

    The client authentication signature algorithms set by a server are sent +in a certificate request message if client authentication is enabled, +otherwise they are unused.

    +

    Similarly client authentication signature algorithms set by a client are +used to determined the set of client authentication shared signature +algorithms.

    +

    Signature algorithms will neither be advertised nor used if the security level +prohibits them (for example SHA1 if the security level is 4 or more).

    +

    Currently the NID_md5, NID_sha1, NID_sha224, NID_sha256, NID_sha384 and +NID_sha512 digest NIDs are supported and the public key algorithm NIDs +EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, EVP_PKEY_DSA and EVP_PKEY_EC.

    +

    The short or long name values for digests can be used in a string (for +example "MD5", "SHA1", "SHA224", "SHA256", "SHA384", "SHA512") and +the public key algorithm strings "RSA", "RSA-PSS", "DSA" or "ECDSA".

    +

    The TLS 1.3 signature scheme names (such as "rsa_pss_pss_sha256") can also +be used with the _list forms of the API.

    +

    The use of MD5 as a digest is strongly discouraged due to security weaknesses.

    +

    +

    +
    +

    RETURN VALUES

    +

    All these functions return 1 for success and 0 for failure.

    +

    +

    +
    +

    EXAMPLES

    +

    Set supported signature algorithms to SHA256 with ECDSA and SHA256 with RSA +using an array:

    +
    + const int slist[] = {NID_sha256, EVP_PKEY_EC, NID_sha256, EVP_PKEY_RSA};
    +
    + SSL_CTX_set1_sigalgs(ctx, slist, 4);
    +

    Set supported signature algorithms to SHA256 with ECDSA and SHA256 with RSA +using a string:

    +
    + SSL_CTX_set1_sigalgs_list(ctx, "ECDSA+SHA256:RSA+SHA256");
    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_get_shared_sigalgs(3), +SSL_CONF_CTX_new(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set1_verify_cert_store.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set1_verify_cert_store.html new file mode 100755 index 0000000..8772c14 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set1_verify_cert_store.html @@ -0,0 +1,134 @@ + + + + +SSL_CTX_set1_verify_cert_store + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set0_verify_cert_store, SSL_CTX_set1_verify_cert_store, +SSL_CTX_set0_chain_cert_store, SSL_CTX_set1_chain_cert_store, +SSL_set0_verify_cert_store, SSL_set1_verify_cert_store, +SSL_set0_chain_cert_store, SSL_set1_chain_cert_store - set certificate +verification or chain store

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_CTX_set0_verify_cert_store(SSL_CTX *ctx, X509_STORE *st);
+ int SSL_CTX_set1_verify_cert_store(SSL_CTX *ctx, X509_STORE *st);
+ int SSL_CTX_set0_chain_cert_store(SSL_CTX *ctx, X509_STORE *st);
+ int SSL_CTX_set1_chain_cert_store(SSL_CTX *ctx, X509_STORE *st);
    +
    + int SSL_set0_verify_cert_store(SSL *ctx, X509_STORE *st);
+ int SSL_set1_verify_cert_store(SSL *ctx, X509_STORE *st);
+ int SSL_set0_chain_cert_store(SSL *ctx, X509_STORE *st);
+ int SSL_set1_chain_cert_store(SSL *ctx, X509_STORE *st);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set0_verify_cert_store() and SSL_CTX_set1_verify_cert_store() +set the certificate store used for certificate verification to st.

    +

    SSL_CTX_set0_chain_cert_store() and SSL_CTX_set1_chain_cert_store() +set the certificate store used for certificate chain building to st.

    +

    SSL_set0_verify_cert_store(), SSL_set1_verify_cert_store(), +SSL_set0_chain_cert_store() and SSL_set1_chain_cert_store() are similar +except they apply to SSL structure ssl.

    +

    All these functions are implemented as macros. Those containing a 1 +increment the reference count of the supplied store so it must +be freed at some point after the operation. Those containing a 0 do +not increment reference counts and the supplied store MUST NOT be freed +after the operation.

    +

    +

    +
    +

    NOTES

    +

    The stores pointers associated with an SSL_CTX structure are copied to any SSL +structures when SSL_new() is called. As a result SSL structures will not be +affected if the parent SSL_CTX store pointer is set to a new value.

    +

    The verification store is used to verify the certificate chain sent by the +peer: that is an SSL/TLS client will use the verification store to verify +the server's certificate chain and a SSL/TLS server will use it to verify +any client certificate chain.

    +

    The chain store is used to build the certificate chain.

    +

    If the mode SSL_MODE_NO_AUTO_CHAIN is set or a certificate chain is +configured already (for example using the functions such as +SSL_CTX_add1_chain_cert(3) or +SSL_CTX_add_extra_chain_cert(3)) then +automatic chain building is disabled.

    +

    If the mode SSL_MODE_NO_AUTO_CHAIN is set then automatic chain building +is disabled.

    +

    If the chain or the verification store is not set then the store associated +with the parent SSL_CTX is used instead to retain compatibility with previous +versions of OpenSSL.

    +

    +

    +
    +

    RETURN VALUES

    +

    All these functions return 1 for success and 0 for failure.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_CTX_add_extra_chain_cert(3) +SSL_CTX_set0_chain(3) +SSL_CTX_set1_chain(3) +SSL_CTX_add0_chain_cert(3) +SSL_CTX_add1_chain_cert(3) +SSL_set0_chain(3) +SSL_set1_chain(3) +SSL_add0_chain_cert(3) +SSL_add1_chain_cert(3) +SSL_CTX_build_cert_chain(3) +SSL_build_cert_chain(3)

    +

    +

    +
    +

    HISTORY

    +

    These functions were added in OpenSSL 1.0.2.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_alpn_select_cb.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_alpn_select_cb.html new file mode 100755 index 0000000..0e6c8a6 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_alpn_select_cb.html @@ -0,0 +1,223 @@ + + + + +SSL_CTX_set_alpn_select_cb + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_alpn_protos, SSL_set_alpn_protos, SSL_CTX_set_alpn_select_cb, +SSL_CTX_set_next_proto_select_cb, SSL_CTX_set_next_protos_advertised_cb, +SSL_select_next_proto, SSL_get0_alpn_selected, SSL_get0_next_proto_negotiated +- handle application layer protocol negotiation (ALPN)

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
+                             unsigned int protos_len);
+ int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,
+                         unsigned int protos_len);
+ void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
+                                 int (*cb) (SSL *ssl,
+                                            const unsigned char **out,
+                                            unsigned char *outlen,
+                                            const unsigned char *in,
+                                            unsigned int inlen,
+                                            void *arg), void *arg);
+ void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
+                             unsigned int *len);
    +
    + void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx,
+                                            int (*cb)(SSL *ssl,
+                                                      const unsigned char **out,
+                                                      unsigned int *outlen,
+                                                      void *arg),
+                                            void *arg);
+ void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx,
+                               int (*cb)(SSL *s,
+                                         unsigned char **out,
+                                         unsigned char *outlen,
+                                         const unsigned char *in,
+                                         unsigned int inlen,
+                                         void *arg),
+                               void *arg);
+ int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
+                           const unsigned char *server,
+                           unsigned int server_len,
+                           const unsigned char *client,
+                           unsigned int client_len)
+ void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
+                             unsigned *len);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set_alpn_protos() and SSL_set_alpn_protos() are used by the client to +set the list of protocols available to be negotiated. The protos must be in +protocol-list format, described below. The length of protos is specified in +protos_len.

    +

    SSL_CTX_set_alpn_select_cb() sets the application callback cb used by a +server to select which protocol to use for the incoming connection. When cb +is NULL, ALPN is not used. The arg value is a pointer which is passed to +the application callback.

    +

    cb is the application defined callback. The in, inlen parameters are a +vector in protocol-list format. The value of the out, outlen vector +should be set to the value of a single protocol selected from the in, +inlen vector. The out buffer may point directly into in, or to a +buffer that outlives the handshake. The arg parameter is the pointer set via +SSL_CTX_set_alpn_select_cb().

    +

    SSL_select_next_proto() is a helper function used to select protocols. It +implements the standard protocol selection. It is expected that this function +is called from the application callback cb. The protocol data in server, +server_len and client, client_len must be in the protocol-list format +described below. The first item in the server, server_len list that +matches an item in the client, client_len list is selected, and returned +in out, outlen. The out value will point into either server or +client, so it should be copied immediately. If no match is found, the first +item in client, client_len is returned in out, outlen. This +function can also be used in the NPN callback.

    +

    SSL_CTX_set_next_proto_select_cb() sets a callback cb that is called when a +client needs to select a protocol from the server's provided list, and a +user-defined pointer argument arg which will be passed to this callback. +For the callback itself, out +must be set to point to the selected protocol (which may be within in). +The length of the protocol name must be written into outlen. The +server's advertised protocols are provided in in and inlen. The +callback can assume that in is syntactically valid. The client must +select a protocol. It is fatal to the connection if this callback returns +a value other than SSL_TLSEXT_ERR_OK. The arg parameter is the pointer +set via SSL_CTX_set_next_proto_select_cb().

    +

    SSL_CTX_set_next_protos_advertised_cb() sets a callback cb that is called +when a TLS server needs a list of supported protocols for Next Protocol +Negotiation. The returned list must be in protocol-list format, described +below. The list is +returned by setting out to point to it and outlen to its length. This +memory will not be modified, but the SSL does keep a +reference to it. The callback should return SSL_TLSEXT_ERR_OK if it +wishes to advertise. Otherwise, no such extension will be included in the +ServerHello.

    +

    SSL_get0_alpn_selected() returns a pointer to the selected protocol in data +with length len. It is not NUL-terminated. data is set to NULL and len +is set to 0 if no protocol has been selected. data must not be freed.

    +

    SSL_get0_next_proto_negotiated() sets data and len to point to the +client's requested protocol for this connection. If the client did not +request any protocol or NPN is not enabled, then data is set to NULL and +len to 0. Note that +the client can request any protocol it chooses. The value returned from +this function need not be a member of the list of supported protocols +provided by the callback.

    +

    +

    +
    +

    NOTES

    +

    The protocol-lists must be in wire-format, which is defined as a vector of +non-empty, 8-bit length-prefixed, byte strings. The length-prefix byte is not +included in the length. Each string is limited to 255 bytes. A byte-string +length of 0 is invalid. A truncated byte-string is invalid. The length of the +vector is not in the vector itself, but in a separate variable.

    +

    Example:

    +
    + unsigned char vector[] = {
+     6, 's', 'p', 'd', 'y', '/', '1',
+     8, 'h', 't', 't', 'p', '/', '1', '.', '1'
+ };
+ unsigned int length = sizeof(vector);
    +

    The ALPN callback is executed after the servername callback; as that servername +callback may update the SSL_CTX, and subsequently, the ALPN callback.

    +

    If there is no ALPN proposed in the ClientHello, the ALPN callback is not +invoked.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_set_alpn_protos() and SSL_set_alpn_protos() return 0 on success, and +non-0 on failure. WARNING: these functions reverse the return value convention.

    +

    SSL_select_next_proto() returns one of the following:

    +
    +
    OPENSSL_NPN_NEGOTIATED
    + +
    +

    A match was found and is returned in out, outlen.

    +
    +
    OPENSSL_NPN_NO_OVERLAP
    + +
    +

    No match was found. The first item in client, client_len is returned in +out, outlen.

    +
    +
    +

    The ALPN select callback cb, must return one of the following:

    +
    +
    SSL_TLSEXT_ERR_OK
    + +
    +

    ALPN protocol selected.

    +
    +
    SSL_TLSEXT_ERR_ALERT_FATAL
    + +
    +

    There was no overlap between the client's supplied list and the server +configuration.

    +
    +
    SSL_TLSEXT_ERR_NOACK
    + +
    +

    ALPN protocol not selected, e.g., because no ALPN protocols are configured for +this connection.

    +
    +
    +

    The callback set using SSL_CTX_set_next_proto_select_cb() should return +SSL_TLSEXT_ERR_OK if successful. Any other value is fatal to the connection.

    +

    The callback set using SSL_CTX_set_next_protos_advertised_cb() should return +SSL_TLSEXT_ERR_OK if it wishes to advertise. Otherwise, no such extension +will be included in the ServerHello.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_CTX_set_tlsext_servername_callback(3), +SSL_CTX_set_tlsext_servername_arg(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_cert_cb.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_cert_cb.html new file mode 100755 index 0000000..1478fef --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_cert_cb.html @@ -0,0 +1,115 @@ + + + + +SSL_CTX_set_cert_cb + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_cert_cb, SSL_set_cert_cb - handle certificate callback function

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cert_cb)(SSL *ssl, void *arg),
+                          void *arg);
+ void SSL_set_cert_cb(SSL *s, int (*cert_cb)(SSL *ssl, void *arg), void *arg);
    +
    + int (*cert_cb)(SSL *ssl, void *arg);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set_cert_cb() and SSL_set_cert_cb() sets the cert_cb() callback, +arg value is pointer which is passed to the application callback.

    +

    When cert_cb() is NULL, no callback function is used.

    +

    cert_cb() is the application defined callback. It is called before a +certificate will be used by a client or server. The callback can then inspect +the passed ssl structure and set or clear any appropriate certificates. If +the callback is successful it MUST return 1 even if no certificates have +been set. A zero is returned on error which will abort the handshake with a +fatal internal error alert. A negative return value will suspend the handshake +and the handshake function will return immediately. +SSL_get_error(3) will return SSL_ERROR_WANT_X509_LOOKUP to +indicate, that the handshake was suspended. The next call to the handshake +function will again lead to the call of cert_cb(). It is the job of the +cert_cb() to store information about the state of the last call, +if required to continue.

    +

    +

    +
    +

    NOTES

    +

    An application will typically call SSL_use_certificate() and +SSL_use_PrivateKey() to set the end entity certificate and private key. +It can add intermediate and optionally the root CA certificates using +SSL_add1_chain_cert().

    +

    It might also call SSL_certs_clear() to delete any certificates associated +with the SSL object.

    +

    The certificate callback functionality supersedes the (largely broken) +functionality provided by the old client certificate callback interface. +It is always called even is a certificate is already set so the callback +can modify or delete the existing certificate.

    +

    A more advanced callback might examine the handshake parameters and set +whatever chain is appropriate. For example a legacy client supporting only +TLSv1.0 might receive a certificate chain signed using SHA1 whereas a +TLSv1.2 or later client which advertises support for SHA256 could receive a +chain using SHA256.

    +

    Normal server sanity checks are performed on any certificates set +by the callback. So if an EC chain is set for a curve the client does not +support it will not be used.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_set_cert_cb() and SSL_set_cert_cb() do not return values.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_use_certificate(3), +SSL_add1_chain_cert(3), +SSL_get_client_CA_list(3), +SSL_clear(3), SSL_free(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_cert_store.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_cert_store.html new file mode 100755 index 0000000..90fa55e --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_cert_store.html @@ -0,0 +1,122 @@ + + + + +SSL_CTX_set_cert_store + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_cert_store, SSL_CTX_set1_cert_store, SSL_CTX_get_cert_store - manipulate X509 certificate verification storage

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store);
+ void SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *store);
+ X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set_cert_store() sets/replaces the certificate verification storage +of ctx to/with store. If another X509_STORE object is currently +set in ctx, it will be X509_STORE_free()ed.

    +

    SSL_CTX_set1_cert_store() sets/replaces the certificate verification storage +of ctx to/with store. The store's reference count is incremented. +If another X509_STORE object is currently set in ctx, it will be X509_STORE_free()ed.

    +

    SSL_CTX_get_cert_store() returns a pointer to the current certificate +verification storage.

    +

    +

    +
    +

    NOTES

    +

    In order to verify the certificates presented by the peer, trusted CA +certificates must be accessed. These CA certificates are made available +via lookup methods, handled inside the X509_STORE. From the X509_STORE +the X509_STORE_CTX used when verifying certificates is created.

    +

    Typically the trusted certificate store is handled indirectly via using +SSL_CTX_load_verify_locations(3). +Using the SSL_CTX_set_cert_store() and SSL_CTX_get_cert_store() functions +it is possible to manipulate the X509_STORE object beyond the +SSL_CTX_load_verify_locations(3) +call.

    +

    Currently no detailed documentation on how to use the X509_STORE +object is available. Not all members of the X509_STORE are used when +the verification takes place. So will e.g. the verify_callback() be +overridden with the verify_callback() set via the +SSL_CTX_set_verify(3) family of functions. +This document must therefore be updated when documentation about the +X509_STORE object and its handling becomes available.

    +

    SSL_CTX_set_cert_store() does not increment the store's reference +count, so it should not be used to assign an X509_STORE that is owned +by another SSL_CTX.

    +

    To share X509_STOREs between two SSL_CTXs, use SSL_CTX_get_cert_store() +to get the X509_STORE from the first SSL_CTX, and then use +SSL_CTX_set1_cert_store() to assign to the second SSL_CTX and +increment the reference count of the X509_STORE.

    +

    +

    +
    +

    RESTRICTIONS

    +

    The X509_STORE structure used by an SSL_CTX is used for verifying peer +certificates and building certificate chains, it is also shared by +every child SSL structure. Applications wanting finer control can use +functions such as SSL_CTX_set1_verify_cert_store() instead.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_set_cert_store() does not return diagnostic output.

    +

    SSL_CTX_set1_cert_store() does not return diagnostic output.

    +

    SSL_CTX_get_cert_store() returns the current setting.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_CTX_load_verify_locations(3), +SSL_CTX_set_verify(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_cert_verify_callback.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_cert_verify_callback.html new file mode 100755 index 0000000..c2bf36d --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_cert_verify_callback.html @@ -0,0 +1,119 @@ + + + + +SSL_CTX_set_cert_verify_callback + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_cert_verify_callback - set peer certificate verification procedure

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,
+                                       int (*callback)(X509_STORE_CTX *, void *),
+                                       void *arg);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set_cert_verify_callback() sets the verification callback function for +ctx. SSL objects that are created from ctx inherit the setting valid at +the time when SSL_new(3) is called.

    +

    +

    +
    +

    NOTES

    +

    Whenever a certificate is verified during a SSL/TLS handshake, a verification +function is called. If the application does not explicitly specify a +verification callback function, the built-in verification function is used. +If a verification callback callback is specified via +SSL_CTX_set_cert_verify_callback(), the supplied callback function is called +instead. By setting callback to NULL, the default behaviour is restored.

    +

    When the verification must be performed, callback will be called with +the arguments callback(X509_STORE_CTX *x509_store_ctx, void *arg). The +argument arg is specified by the application when setting callback.

    +

    callback should return 1 to indicate verification success and 0 to +indicate verification failure. If SSL_VERIFY_PEER is set and callback +returns 0, the handshake will fail. As the verification procedure may +allow the connection to continue in the case of failure (by always +returning 1) the verification result must be set in any case using the +error member of x509_store_ctx so that the calling application +will be informed about the detailed result of the verification procedure!

    +

    Within x509_store_ctx, callback has access to the verify_callback +function set using SSL_CTX_set_verify(3).

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_set_cert_verify_callback() does not return a value.

    +

    +

    +
    +

    WARNINGS

    +

    Do not mix the verification callback described in this function with the +verify_callback function called during the verification process. The +latter is set using the SSL_CTX_set_verify(3) +family of functions.

    +

    Providing a complete verification procedure including certificate purpose +settings etc is a complex task. The built-in procedure is quite powerful +and in most cases it should be sufficient to modify its behaviour using +the verify_callback function.

    +

    +

    +
    +

    BUGS

    +

    SSL_CTX_set_cert_verify_callback() does not provide diagnostic information.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_CTX_set_verify(3), +SSL_get_verify_result(3), +SSL_CTX_load_verify_locations(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_cipher_list.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_cipher_list.html new file mode 100755 index 0000000..07b5c4d --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_cipher_list.html @@ -0,0 +1,156 @@ + + + + +SSL_CTX_set_cipher_list + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_cipher_list, +SSL_set_cipher_list, +SSL_CTX_set_ciphersuites, +SSL_set_ciphersuites, +OSSL_default_cipher_list, +OSSL_default_ciphersuites +- choose list of available SSL_CIPHERs

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str);
+ int SSL_set_cipher_list(SSL *ssl, const char *str);
    +
    + int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str);
+ int SSL_set_ciphersuites(SSL *s, const char *str);
    +
    + const char *OSSL_default_cipher_list(void);
+ const char *OSSL_default_ciphersuites(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set_cipher_list() sets the list of available ciphers (TLSv1.2 and below) +for ctx using the control string str. The format of the string is described +in openssl-ciphers(1). The list of ciphers is inherited by all +ssl objects created from ctx. This function does not impact TLSv1.3 +ciphersuites. Use SSL_CTX_set_ciphersuites() to configure those.

    +

    SSL_set_cipher_list() sets the list of ciphers (TLSv1.2 and below) only for +ssl.

    +

    SSL_CTX_set_ciphersuites() is used to configure the available TLSv1.3 +ciphersuites for ctx. This is a simple colon (":") separated list of TLSv1.3 +ciphersuite names in order of preference. Valid TLSv1.3 ciphersuite names are:

    +
    +
    TLS_AES_128_GCM_SHA256
    + +
    TLS_AES_256_GCM_SHA384
    + +
    TLS_CHACHA20_POLY1305_SHA256
    + +
    TLS_AES_128_CCM_SHA256
    + +
    TLS_AES_128_CCM_8_SHA256
    + +
    +

    An empty list is permissible. The default value for the this setting is:

    +

    "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256"

    +

    SSL_set_ciphersuites() is the same as SSL_CTX_set_ciphersuites() except it +configures the ciphersuites for ssl.

    +

    OSSL_default_cipher_list() returns the default cipher string for TLSv1.2 +(and earlier) ciphers. OSSL_default_ciphersuites() returns the default +cipher string for TLSv1.3 ciphersuites.

    +

    +

    +
    +

    NOTES

    +

    The control string str for SSL_CTX_set_cipher_list() and +SSL_set_cipher_list() should be universally usable and not depend +on details of the library configuration (ciphers compiled in). Thus no +syntax checking takes place. Items that are not recognized, because the +corresponding ciphers are not compiled in or because they are mistyped, +are simply ignored. Failure is only flagged if no ciphers could be collected +at all.

    +

    It should be noted, that inclusion of a cipher to be used into the list is +a necessary condition. On the client side, the inclusion into the list is +also sufficient unless the security level excludes it. On the server side, +additional restrictions apply. All ciphers have additional requirements. +ADH ciphers don't need a certificate, but DH-parameters must have been set. +All other ciphers need a corresponding certificate and key.

    +

    A RSA cipher can only be chosen, when a RSA certificate is available. +RSA ciphers using DHE need a certificate and key and additional DH-parameters +(see SSL_CTX_set_tmp_dh_callback(3)).

    +

    A DSA cipher can only be chosen, when a DSA certificate is available. +DSA ciphers always use DH key exchange and therefore need DH-parameters +(see SSL_CTX_set_tmp_dh_callback(3)).

    +

    When these conditions are not met for any cipher in the list (e.g. a +client only supports export RSA ciphers with an asymmetric key length +of 512 bits and the server is not configured to use temporary RSA +keys), the "no shared cipher" (SSL_R_NO_SHARED_CIPHER) error is generated +and the handshake will fail.

    +

    OSSL_default_cipher_list() and OSSL_default_ciphersuites() replace +SSL_DEFAULT_CIPHER_LIST and TLS_DEFAULT_CIPHERSUITES, respectively. The +cipher list defines are deprecated as of 3.0.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_set_cipher_list() and SSL_set_cipher_list() return 1 if any cipher +could be selected and 0 on complete failure.

    +

    SSL_CTX_set_ciphersuites() and SSL_set_ciphersuites() return 1 if the requested +ciphersuite list was configured, and 0 otherwise.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_get_ciphers(3), +SSL_CTX_use_certificate(3), +SSL_CTX_set_tmp_dh_callback(3), +openssl-ciphers(1)

    +

    +

    +
    +

    HISTORY

    +

    OSSL_default_cipher_list() and OSSL_default_ciphersites() are new in 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_client_cert_cb.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_client_cert_cb.html new file mode 100755 index 0000000..3b62e9b --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_client_cert_cb.html @@ -0,0 +1,146 @@ + + + + +SSL_CTX_set_client_cert_cb + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_client_cert_cb, SSL_CTX_get_client_cert_cb - handle client certificate callback function

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx,
+                                 int (*client_cert_cb)(SSL *ssl, X509 **x509,
+                                                       EVP_PKEY **pkey));
+ int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509,
+                                                 EVP_PKEY **pkey);
+ int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set_client_cert_cb() sets the client_cert_cb() callback, that is +called when a client certificate is requested by a server and no certificate +was yet set for the SSL object.

    +

    When client_cert_cb() is NULL, no callback function is used.

    +

    SSL_CTX_get_client_cert_cb() returns a pointer to the currently set callback +function.

    +

    client_cert_cb() is the application defined callback. If it wants to +set a certificate, a certificate/private key combination must be set +using the x509 and pkey arguments and "1" must be returned. The +certificate will be installed into ssl, see the NOTES and BUGS sections. +If no certificate should be set, "0" has to be returned and no certificate +will be sent. A negative return value will suspend the handshake and the +handshake function will return immediately. SSL_get_error(3) +will return SSL_ERROR_WANT_X509_LOOKUP to indicate, that the handshake was +suspended. The next call to the handshake function will again lead to the call +of client_cert_cb(). It is the job of the client_cert_cb() to store information +about the state of the last call, if required to continue.

    +

    +

    +
    +

    NOTES

    +

    During a handshake (or renegotiation) a server may request a certificate +from the client. A client certificate must only be sent, when the server +did send the request.

    +

    When a certificate was set using the +SSL_CTX_use_certificate(3) family of functions, +it will be sent to the server. The TLS standard requires that only a +certificate is sent, if it matches the list of acceptable CAs sent by the +server. This constraint is violated by the default behavior of the OpenSSL +library. Using the callback function it is possible to implement a proper +selection routine or to allow a user interaction to choose the certificate to +be sent.

    +

    If a callback function is defined and no certificate was yet defined for the +SSL object, the callback function will be called. +If the callback function returns a certificate, the OpenSSL library +will try to load the private key and certificate data into the SSL +object using the SSL_use_certificate() and SSL_use_private_key() functions. +Thus it will permanently install the certificate and key for this SSL +object. It will not be reset by calling SSL_clear(3). +If the callback returns no certificate, the OpenSSL library will not send +a certificate.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_get_client_cert_cb() returns function pointer of client_cert_cb() or +NULL if the callback is not set.

    +

    +

    +
    +

    BUGS

    +

    The client_cert_cb() cannot return a complete certificate chain, it can +only return one client certificate. If the chain only has a length of 2, +the root CA certificate may be omitted according to the TLS standard and +thus a standard conforming answer can be sent to the server. For a +longer chain, the client must send the complete chain (with the option +to leave out the root CA certificate). This can only be accomplished by +either adding the intermediate CA certificates into the trusted +certificate store for the SSL_CTX object (resulting in having to add +CA certificates that otherwise maybe would not be trusted), or by adding +the chain certificates using the +SSL_CTX_add_extra_chain_cert(3) +function, which is only available for the SSL_CTX object as a whole and that +therefore probably can only apply for one client certificate, making +the concept of the callback function (to allow the choice from several +certificates) questionable.

    +

    Once the SSL object has been used in conjunction with the callback function, +the certificate will be set for the SSL object and will not be cleared +even when SSL_clear(3) is being called. It is therefore +mandatory to destroy the SSL object using SSL_free(3) +and create a new one to return to the previous state.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_CTX_use_certificate(3), +SSL_CTX_add_extra_chain_cert(3), +SSL_get_client_CA_list(3), +SSL_clear(3), SSL_free(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_client_hello_cb.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_client_hello_cb.html new file mode 100755 index 0000000..9bc31ac --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_client_hello_cb.html @@ -0,0 +1,163 @@ + + + + +SSL_CTX_set_client_hello_cb + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_client_hello_cb, SSL_client_hello_cb_fn, SSL_client_hello_isv2, SSL_client_hello_get0_legacy_version, SSL_client_hello_get0_random, SSL_client_hello_get0_session_id, SSL_client_hello_get0_ciphers, SSL_client_hello_get0_compression_methods, SSL_client_hello_get1_extensions_present, SSL_client_hello_get0_ext - callback functions for early server-side ClientHello processing

    +

    +

    +
    +

    SYNOPSIS

    +
    + typedef int (*SSL_client_hello_cb_fn)(SSL *s, int *al, void *arg);
+ void SSL_CTX_set_client_hello_cb(SSL_CTX *c, SSL_client_hello_cb_fn *f,
+                                  void *arg);
+ int SSL_client_hello_isv2(SSL *s);
+ unsigned int SSL_client_hello_get0_legacy_version(SSL *s);
+ size_t SSL_client_hello_get0_random(SSL *s, const unsigned char **out);
+ size_t SSL_client_hello_get0_session_id(SSL *s, const unsigned char **out);
+ size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out);
+ size_t SSL_client_hello_get0_compression_methods(SSL *s,
+                                                  const unsigned char **out);
+ int SSL_client_hello_get1_extensions_present(SSL *s, int **out,
+                                              size_t *outlen);
+ int SSL_client_hello_get0_ext(SSL *s, int type, const unsigned char **out,
+                               size_t *outlen);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set_client_hello_cb() sets the callback function, which is automatically +called during the early stages of ClientHello processing on the server. +The argument supplied when setting the callback is passed back to the +callback at run time. A callback that returns failure (0) will cause the +connection to terminate, and callbacks returning failure should indicate +what alert value is to be sent in the al parameter. A callback may +also return a negative value to suspend the handshake, and the handshake +function will return immediately. SSL_get_error(3) will return +SSL_ERROR_WANT_CLIENT_HELLO_CB to indicate that the handshake was suspended. +It is the job of the ClientHello callback to store information about the state +of the last call if needed to continue. On the next call into the handshake +function, the ClientHello callback will be called again, and, if it returns +success, normal handshake processing will continue from that point.

    +

    SSL_client_hello_isv2() indicates whether the ClientHello was carried in a +SSLv2 record and is in the SSLv2 format. The SSLv2 format has substantial +differences from the normal SSLv3 format, including using three bytes per +cipher suite, and not allowing extensions. Additionally, the SSLv2 format +'challenge' field is exposed via SSL_client_hello_get0_random(), padded to +SSL3_RANDOM_SIZE bytes with zeros if needed. For SSLv2 format ClientHellos, +SSL_client_hello_get0_compression_methods() returns a dummy list that only includes +the null compression method, since the SSLv2 format does not include a +mechanism by which to negotiate compression.

    +

    SSL_client_hello_get0_random(), SSL_client_hello_get0_session_id(), +SSL_client_hello_get0_ciphers(), and +SSL_client_hello_get0_compression_methods() provide access to the corresponding +ClientHello fields, returning the field length and optionally setting an out +pointer to the octets of that field.

    +

    Similarly, SSL_client_hello_get0_ext() provides access to individual extensions +from the ClientHello on a per-extension basis. For the provided wire +protocol extension type value, the extension value and length are returned +in the output parameters (if present).

    +

    SSL_client_hello_get1_extensions_present() can be used prior to +SSL_client_hello_get0_ext(), to determine which extensions are present in the +ClientHello before querying for them. The out and outlen parameters are +both required, and on success the caller must release the storage allocated for +*out using OPENSSL_free(). The contents of *out is an array of integers +holding the numerical value of the TLS extension types in the order they appear +in the ClientHello. *outlen contains the number of elements in the array. +In situations when the ClientHello has no extensions, the function will return +success with *out set to NULL and *outlen set to 0.

    +

    +

    +
    +

    NOTES

    +

    The ClientHello callback provides a vast window of possibilities for application +code to affect the TLS handshake. A primary use of the callback is to +allow the server to examine the server name indication extension provided +by the client in order to select an appropriate certificate to present, +and make other configuration adjustments relevant to that server name +and its configuration. Such configuration changes can include swapping out +the associated SSL_CTX pointer, modifying the server's list of permitted TLS +versions, changing the server's cipher list in response to the client's +cipher list, etc.

    +

    It is also recommended that applications utilize a ClientHello callback and +not use a servername callback, in order to avoid unexpected behavior that +occurs due to the relative order of processing between things like session +resumption and the historical servername callback.

    +

    The SSL_client_hello_* family of functions may only be called from code executing +within a ClientHello callback.

    +

    +

    +
    +

    RETURN VALUES

    +

    The application's supplied ClientHello callback returns +SSL_CLIENT_HELLO_SUCCESS on success, SSL_CLIENT_HELLO_ERROR on failure, and +SSL_CLIENT_HELLO_RETRY to suspend processing.

    +

    SSL_client_hello_isv2() returns 1 for SSLv2-format ClientHellos and 0 otherwise.

    +

    SSL_client_hello_get0_random(), SSL_client_hello_get0_session_id(), +SSL_client_hello_get0_ciphers(), and +SSL_client_hello_get0_compression_methods() return the length of the +corresponding ClientHello fields. If zero is returned, the output pointer +should not be assumed to be valid.

    +

    SSL_client_hello_get0_ext() returns 1 if the extension of type 'type' is present, and +0 otherwise.

    +

    SSL_client_hello_get1_extensions_present() returns 1 on success and 0 on failure.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_CTX_set_tlsext_servername_callback(3), +SSL_bytes_to_cipher_list(3)

    +

    +

    +
    +

    HISTORY

    +

    The SSL ClientHello callback, SSL_client_hello_isv2(), +SSL_client_hello_get0_random(), SSL_client_hello_get0_session_id(), +SSL_client_hello_get0_ciphers(), SSL_client_hello_get0_compression_methods(), +SSL_client_hello_get0_ext(), and SSL_client_hello_get1_extensions_present() +were added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_ct_validation_callback.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_ct_validation_callback.html new file mode 100755 index 0000000..556af83 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_ct_validation_callback.html @@ -0,0 +1,175 @@ + + + + +SSL_CTX_set_ct_validation_callback + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    ssl_ct_validation_cb, +SSL_enable_ct, SSL_CTX_enable_ct, SSL_disable_ct, SSL_CTX_disable_ct, +SSL_set_ct_validation_callback, SSL_CTX_set_ct_validation_callback, +SSL_ct_is_enabled, SSL_CTX_ct_is_enabled - +control Certificate Transparency policy

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + typedef int (*ssl_ct_validation_cb)(const CT_POLICY_EVAL_CTX *ctx,
+                                    const STACK_OF(SCT) *scts, void *arg);
    +
    + int SSL_enable_ct(SSL *s, int validation_mode);
+ int SSL_CTX_enable_ct(SSL_CTX *ctx, int validation_mode);
+ int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback,
+                                    void *arg);
+ int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx,
+                                        ssl_ct_validation_cb callback,
+                                        void *arg);
+ void SSL_disable_ct(SSL *s);
+ void SSL_CTX_disable_ct(SSL_CTX *ctx);
+ int SSL_ct_is_enabled(const SSL *s);
+ int SSL_CTX_ct_is_enabled(const SSL_CTX *ctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_enable_ct() and SSL_CTX_enable_ct() enable the processing of signed +certificate timestamps (SCTs) either for a given SSL connection or for all +connections that share the given SSL context, respectively. +This is accomplished by setting a built-in CT validation callback. +The behaviour of the callback is determined by the validation_mode argument, +which can be either of SSL_CT_VALIDATION_PERMISSIVE or +SSL_CT_VALIDATION_STRICT as described below.

    +

    If validation_mode is equal to SSL_CT_VALIDATION_STRICT, then in a full +TLS handshake with the verification mode set to SSL_VERIFY_PEER, if the peer +presents no valid SCTs the handshake will be aborted. +If the verification mode is SSL_VERIFY_NONE, the handshake will continue +despite lack of valid SCTs. +However, in that case if the verification status before the built-in callback +was X509_V_OK it will be set to X509_V_ERR_NO_VALID_SCTS after the +callback. +Applications can call SSL_get_verify_result(3) to check the status at +handshake completion, even after session resumption since the verification +status is part of the saved session state. +See SSL_set_verify(3), <SSL_get_verify_result(3)>, SSL_session_reused(3).

    +

    If validation_mode is equal to SSL_CT_VALIDATION_PERMISSIVE, then the +handshake continues, and the verification status is not modified, regardless of +the validation status of any SCTs. +The application can still inspect the validation status of the SCTs at +handshake completion. +Note that with session resumption there will not be any SCTs presented during +the handshake. +Therefore, in applications that delay SCT policy enforcement until after +handshake completion, such delayed SCT checks should only be performed when the +session is not resumed.

    +

    SSL_set_ct_validation_callback() and SSL_CTX_set_ct_validation_callback() +register a custom callback that may implement a different policy than either of +the above. +This callback can examine the peer's SCTs and determine whether they are +sufficient to allow the connection to continue. +The TLS handshake is aborted if the verification mode is not SSL_VERIFY_NONE +and the callback returns a non-positive result.

    +

    An arbitrary callback data argument, arg, can be passed in when setting +the callback. +This will be passed to the callback whenever it is invoked. +Ownership of this context remains with the caller.

    +

    If no callback is set, SCTs will not be requested and Certificate Transparency +validation will not occur.

    +

    No callback will be invoked when the peer presents no certificate, e.g. by +employing an anonymous (aNULL) cipher suite. +In that case the handshake continues as it would had no callback been +requested. +Callbacks are also not invoked when the peer certificate chain is invalid or +validated via DANE-TA(2) or DANE-EE(3) TLSA records which use a private X.509 +PKI, or no X.509 PKI at all, respectively. +Clients that require SCTs are expected to not have enabled any aNULL ciphers +nor to have specified server verification via DANE-TA(2) or DANE-EE(3) TLSA +records.

    +

    SSL_disable_ct() and SSL_CTX_disable_ct() turn off CT processing, whether +enabled via the built-in or the custom callbacks, by setting a NULL callback. +These may be implemented as macros.

    +

    SSL_ct_is_enabled() and SSL_CTX_ct_is_enabled() return 1 if CT processing is +enabled via either SSL_enable_ct() or a non-null custom callback, and 0 +otherwise.

    +

    +

    +
    +

    NOTES

    +

    When SCT processing is enabled, OCSP stapling will be enabled. This is because +one possible source of SCTs is the OCSP response from a server.

    +

    The time returned by SSL_SESSION_get_time() will be used to evaluate whether any +presented SCTs have timestamps that are in the future (and therefore invalid).

    +

    +

    +
    +

    RESTRICTIONS

    +

    Certificate Transparency validation cannot be enabled and so a callback cannot +be set if a custom client extension handler has been registered to handle SCT +extensions (TLSEXT_TYPE_signed_certificate_timestamp).

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_enable_ct(), SSL_CTX_enable_ct(), SSL_CTX_set_ct_validation_callback() and +SSL_set_ct_validation_callback() return 1 if the callback is successfully +set. +They return 0 if an error occurs, e.g. a custom client extension handler has +been setup to handle SCTs.

    +

    SSL_disable_ct() and SSL_CTX_disable_ct() do not return a result.

    +

    SSL_CTX_ct_is_enabled() and SSL_ct_is_enabled() return a 1 if a non-null CT +validation callback is set, or 0 if no callback (or equivalently a NULL +callback) is set.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +<SSL_get_verify_result(3)>, +SSL_session_reused(3), +SSL_set_verify(3), +SSL_CTX_set_verify(3), +SSL_SESSION_get_time(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_ctlog_list_file.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_ctlog_list_file.html new file mode 100755 index 0000000..0923b4d --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_ctlog_list_file.html @@ -0,0 +1,90 @@ + + + + +SSL_CTX_set_ctlog_list_file + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_default_ctlog_list_file, SSL_CTX_set_ctlog_list_file - +load a Certificate Transparency log list from a file

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_CTX_set_default_ctlog_list_file(SSL_CTX *ctx);
+ int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set_default_ctlog_list_file() loads a list of Certificate Transparency +(CT) logs from the default file location, "ct_log_list.cnf", found in the +directory where OpenSSL is installed.

    +

    SSL_CTX_set_ctlog_list_file() loads a list of CT logs from a specific path. +See CTLOG_STORE_new(3) for the file format.

    +

    +

    +
    +

    NOTES

    +

    These functions will not clear the existing CT log list - it will be appended +to. To replace the existing list, use SSL_CTX_set0_ctlog_store(3) first.

    +

    If an error occurs whilst parsing a particular log entry in the file, that log +entry will be skipped.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_set_default_ctlog_list_file() and SSL_CTX_set_ctlog_list_file() +return 1 if the log list is successfully loaded, and 0 if an error occurs. In +the case of an error, the log list may have been partially loaded.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_CTX_set_ct_validation_callback(3), +CTLOG_STORE_new(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_default_passwd_cb.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_default_passwd_cb.html new file mode 100755 index 0000000..6c6ac37 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_default_passwd_cb.html @@ -0,0 +1,149 @@ + + + + +SSL_CTX_set_default_passwd_cb + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_default_passwd_cb, SSL_CTX_set_default_passwd_cb_userdata, +SSL_CTX_get_default_passwd_cb, SSL_CTX_get_default_passwd_cb_userdata, +SSL_set_default_passwd_cb, SSL_set_default_passwd_cb_userdata, +SSL_get_default_passwd_cb, SSL_get_default_passwd_cb_userdata - set or +get passwd callback for encrypted PEM file handling

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb);
+ void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);
+ pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx);
+ void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx);
    +
    + void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb);
+ void SSL_set_default_passwd_cb_userdata(SSL *s, void *u);
+ pem_password_cb *SSL_get_default_passwd_cb(SSL *s);
+ void *SSL_get_default_passwd_cb_userdata(SSL *s);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set_default_passwd_cb() sets the default password callback called +when loading/storing a PEM certificate with encryption.

    +

    SSL_CTX_set_default_passwd_cb_userdata() sets a pointer to userdata, u, +which will be provided to the password callback on invocation.

    +

    SSL_CTX_get_default_passwd_cb() returns a function pointer to the password +callback currently set in ctx. If no callback was explicitly set, the +NULL pointer is returned.

    +

    SSL_CTX_get_default_passwd_cb_userdata() returns a pointer to the userdata +currently set in ctx. If no userdata was explicitly set, the NULL pointer +is returned.

    +

    SSL_set_default_passwd_cb(), SSL_set_default_passwd_cb_userdata(), +SSL_get_default_passwd_cb() and SSL_get_default_passwd_cb_userdata() perform +the same function as their SSL_CTX counterparts, but using an SSL object.

    +

    The password callback, which must be provided by the application, hands back the +password to be used during decryption. +On invocation a pointer to userdata +is provided. The function must store the password into the provided buffer +buf which is of size size. The actual length of the password must +be returned to the calling function. rwflag indicates whether the +callback is used for reading/decryption (rwflag=0) or writing/encryption +(rwflag=1). +For more details, see pem_password_cb(3).

    +

    +

    +
    +

    NOTES

    +

    When loading or storing private keys, a password might be supplied to +protect the private key. The way this password can be supplied may depend +on the application. If only one private key is handled, it can be practical +to have the callback handle the password dialog interactively. If several +keys have to be handled, it can be practical to ask for the password once, +then keep it in memory and use it several times. In the last case, the +password could be stored into the userdata storage and the +callback only returns the password already stored.

    +

    When asking for the password interactively, the callback can use +rwflag to check, whether an item shall be encrypted (rwflag=1). +In this case the password dialog may ask for the same password twice +for comparison in order to catch typos, that would make decryption +impossible.

    +

    Other items in PEM formatting (certificates) can also be encrypted, it is +however not usual, as certificate information is considered public.

    +

    +

    +
    +

    RETURN VALUES

    +

    These functions do not provide diagnostic information.

    +

    +

    +
    +

    EXAMPLES

    +

    The following example returns the password provided as userdata to the +calling function. The password is considered to be a '\0' terminated +string. If the password does not fit into the buffer, the password is +truncated.

    +
    + int my_cb(char *buf, int size, int rwflag, void *u)
+ {
+     strncpy(buf, (char *)u, size);
+     buf[size - 1] = '\0';
+     return strlen(buf);
+ }
    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_CTX_use_certificate(3)

    +

    +

    +
    +

    HISTORY

    +

    SSL_CTX_get_default_passwd_cb(), SSL_CTX_get_default_passwd_cb_userdata(), +SSL_set_default_passwd_cb() and SSL_set_default_passwd_cb_userdata() were +added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_generate_session_id.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_generate_session_id.html new file mode 100755 index 0000000..0898f35 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_generate_session_id.html @@ -0,0 +1,169 @@ + + + + +SSL_CTX_set_generate_session_id + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_generate_session_id, SSL_set_generate_session_id, +SSL_has_matching_session_id, GEN_SESSION_CB +- manipulate generation of SSL session IDs (server only)

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + typedef int (*GEN_SESSION_CB)(SSL *ssl, unsigned char *id,
+                               unsigned int *id_len);
    +
    + int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb);
+ int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB, cb);
+ int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
+                                 unsigned int id_len);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set_generate_session_id() sets the callback function for generating +new session ids for SSL/TLS sessions for ctx to be cb.

    +

    SSL_set_generate_session_id() sets the callback function for generating +new session ids for SSL/TLS sessions for ssl to be cb.

    +

    SSL_has_matching_session_id() checks, whether a session with id id +(of length id_len) is already contained in the internal session cache +of the parent context of ssl.

    +

    +

    +
    +

    NOTES

    +

    When a new session is established between client and server, the server +generates a session id. The session id is an arbitrary sequence of bytes. +The length of the session id is between 1 and 32 bytes. The session id is not +security critical but must be unique for the server. Additionally, the session id is +transmitted in the clear when reusing the session so it must not contain +sensitive information.

    +

    Without a callback being set, an OpenSSL server will generate a unique +session id from pseudo random numbers of the maximum possible length. +Using the callback function, the session id can be changed to contain +additional information like e.g. a host id in order to improve load balancing +or external caching techniques.

    +

    The callback function receives a pointer to the memory location to put +id into and a pointer to the maximum allowed length id_len. The +buffer at location id is only guaranteed to have the size id_len. +The callback is only allowed to generate a shorter id and reduce id_len; +the callback must never increase id_len or write to the location +id exceeding the given limit.

    +

    The location id is filled with 0x00 before the callback is called, so the +callback may only fill part of the possible length and leave id_len +untouched while maintaining reproducibility.

    +

    Since the sessions must be distinguished, session ids must be unique. +Without the callback a random number is used, so that the probability +of generating the same session id is extremely small (2^256 for SSLv3/TLSv1). +In order to assure the uniqueness of the generated session id, the callback must call +SSL_has_matching_session_id() and generate another id if a conflict occurs. +If an id conflict is not resolved, the handshake will fail. +If the application codes e.g. a unique host id, a unique process number, and +a unique sequence number into the session id, uniqueness could easily be +achieved without randomness added (it should however be taken care that +no confidential information is leaked this way). If the application can not +guarantee uniqueness, it is recommended to use the maximum id_len and +fill in the bytes not used to code special information with random data +to avoid collisions.

    +

    SSL_has_matching_session_id() will only query the internal session cache, +not the external one. Since the session id is generated before the +handshake is completed, it is not immediately added to the cache. If +another thread is using the same internal session cache, a race condition +can occur in that another thread generates the same session id. +Collisions can also occur when using an external session cache, since +the external cache is not tested with SSL_has_matching_session_id() +and the same race condition applies.

    +

    The callback must return 0 if it cannot generate a session id for whatever +reason and return 1 on success.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_set_generate_session_id() and SSL_set_generate_session_id() +always return 1.

    +

    SSL_has_matching_session_id() returns 1 if another session with the +same id is already in the cache.

    +

    +

    +
    +

    EXAMPLES

    +

    The callback function listed will generate a session id with the +server id given, and will fill the rest with pseudo random bytes:

    +
    + const char session_id_prefix = "www-18";
    +
    + #define MAX_SESSION_ID_ATTEMPTS 10
+ static int generate_session_id(SSL *ssl, unsigned char *id,
+                                unsigned int *id_len)
+ {
+     unsigned int count = 0;
    +
    +     do {
+         RAND_pseudo_bytes(id, *id_len);
+         /*
+          * Prefix the session_id with the required prefix. NB: If our
+          * prefix is too long, clip it - but there will be worse effects
+          * anyway, eg. the server could only possibly create 1 session
+          * ID (ie. the prefix!) so all future session negotiations will
+          * fail due to conflicts.
+          */
+         memcpy(id, session_id_prefix, strlen(session_id_prefix) < *id_len ?
+                                       strlen(session_id_prefix) : *id_len);
+     } while (SSL_has_matching_session_id(ssl, id, *id_len)
+               && ++count < MAX_SESSION_ID_ATTEMPTS);
+     if (count >= MAX_SESSION_ID_ATTEMPTS)
+         return 0;
+     return 1;
+ }
    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_get_version(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_info_callback.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_info_callback.html new file mode 100755 index 0000000..17f5761 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_info_callback.html @@ -0,0 +1,204 @@ + + + + +SSL_CTX_set_info_callback + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_info_callback, +SSL_CTX_get_info_callback, +SSL_set_info_callback, +SSL_get_info_callback +- handle information callback for SSL connections

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*callback)());
+ void (*SSL_CTX_get_info_callback(const SSL_CTX *ctx))();
    +
    + void SSL_set_info_callback(SSL *ssl, void (*callback)());
+ void (*SSL_get_info_callback(const SSL *ssl))();
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set_info_callback() sets the callback function, that can be used to +obtain state information for SSL objects created from ctx during connection +setup and use. The setting for ctx is overridden from the setting for +a specific SSL object, if specified. +When callback is NULL, no callback function is used.

    +

    SSL_set_info_callback() sets the callback function, that can be used to +obtain state information for ssl during connection setup and use. +When callback is NULL, the callback setting currently valid for +ctx is used.

    +

    SSL_CTX_get_info_callback() returns a pointer to the currently set information +callback function for ctx.

    +

    SSL_get_info_callback() returns a pointer to the currently set information +callback function for ssl.

    +

    +

    +
    +

    NOTES

    +

    When setting up a connection and during use, it is possible to obtain state +information from the SSL/TLS engine. When set, an information callback function +is called whenever a significant event occurs such as: the state changes, +an alert appears, or an error occurs.

    +

    The callback function is called as callback(SSL *ssl, int where, int ret). +The where argument specifies information about where (in which context) +the callback function was called. If ret is 0, an error condition occurred. +If an alert is handled, SSL_CB_ALERT is set and ret specifies the alert +information.

    +

    where is a bit-mask made up of the following bits:

    +
    +
    SSL_CB_LOOP
    + +
    +

    Callback has been called to indicate state change or some other significant +state machine event. This may mean that the callback gets invoked more than once +per state in some situations.

    +
    +
    SSL_CB_EXIT
    + +
    +

    Callback has been called to indicate exit of a handshake function. This will +happen after the end of a handshake, but may happen at other times too such as +on error or when IO might otherwise block and non-blocking is being used.

    +
    +
    SSL_CB_READ
    + +
    +

    Callback has been called during read operation.

    +
    +
    SSL_CB_WRITE
    + +
    +

    Callback has been called during write operation.

    +
    +
    SSL_CB_ALERT
    + +
    +

    Callback has been called due to an alert being sent or received.

    +
    +
    SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ)
    + +
    SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE)
    + +
    SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP)
    + +
    SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT)
    + +
    SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP)
    + +
    SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT)
    + +
    SSL_CB_HANDSHAKE_START
    + +
    +

    Callback has been called because a new handshake is started. It also occurs when +resuming a handshake following a pause to handle early data.

    +
    +
    SSL_CB_HANDSHAKE_DONE
    + +
    +

    Callback has been called because a handshake is finished. It also occurs if the +handshake is paused to allow the exchange of early data.

    +
    +
    +

    The current state information can be obtained using the +SSL_state_string(3) family of functions.

    +

    The ret information can be evaluated using the +SSL_alert_type_string(3) family of functions.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_set_info_callback() does not provide diagnostic information.

    +

    SSL_get_info_callback() returns the current setting.

    +

    +

    +
    +

    EXAMPLES

    +

    The following example callback function prints state strings, information +about alerts being handled and error messages to the bio_err BIO.

    +
    + void apps_ssl_info_callback(SSL *s, int where, int ret)
+ {
+     const char *str;
+     int w = where & ~SSL_ST_MASK;
    +
    +     if (w & SSL_ST_CONNECT)
+         str = "SSL_connect";
+     else if (w & SSL_ST_ACCEPT)
+         str = "SSL_accept";
+     else
+         str = "undefined";
    +
    +     if (where & SSL_CB_LOOP) {
+         BIO_printf(bio_err, "%s:%s\n", str, SSL_state_string_long(s));
+     } else if (where & SSL_CB_ALERT) {
+         str = (where & SSL_CB_READ) ? "read" : "write";
+         BIO_printf(bio_err, "SSL3 alert %s:%s:%s\n", str,
+                    SSL_alert_type_string_long(ret),
+                    SSL_alert_desc_string_long(ret));
+     } else if (where & SSL_CB_EXIT) {
+         if (ret == 0) {
+             BIO_printf(bio_err, "%s:failed in %s\n",
+                        str, SSL_state_string_long(s));
+         } else if (ret < 0) {
+             BIO_printf(bio_err, "%s:error in %s\n",
+                        str, SSL_state_string_long(s));
+         }
+     }
+ }
    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_state_string(3), +SSL_alert_type_string(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_keylog_callback.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_keylog_callback.html new file mode 100755 index 0000000..e06d2fe --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_keylog_callback.html @@ -0,0 +1,87 @@ + + + + +SSL_CTX_set_keylog_callback + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_keylog_callback, SSL_CTX_get_keylog_callback, +SSL_CTX_keylog_cb_func - logging TLS key material

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + typedef void (*SSL_CTX_keylog_cb_func)(const SSL *ssl, const char *line);
    +
    + void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb);
+ SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set_keylog_callback() sets the TLS key logging callback. This callback +is called whenever TLS key material is generated or received, in order to allow +applications to store this keying material for debugging purposes.

    +

    SSL_CTX_get_keylog_callback() retrieves the previously set TLS key logging +callback. If no callback has been set, this will return NULL. When there is no +key logging callback, or if SSL_CTX_set_keylog_callback is called with NULL as +the value of cb, no logging of key material will be done.

    +

    The key logging callback is called with two items: the ssl object associated +with the connection, and line, a string containing the key material in the +format used by NSS for its SSLKEYLOGFILE debugging output. To recreate that +file, the key logging callback should log line, followed by a newline. +line will always be a NULL-terminated string.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_get_keylog_callback() returns a pointer to SSL_CTX_keylog_cb_func or +NULL if the callback is not set.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_max_cert_list.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_max_cert_list.html new file mode 100755 index 0000000..0144b5c --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_max_cert_list.html @@ -0,0 +1,113 @@ + + + + +SSL_CTX_set_max_cert_list + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_max_cert_list, SSL_CTX_get_max_cert_list, SSL_set_max_cert_list, SSL_get_max_cert_list - manipulate allowed size for the peer's certificate chain

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + long SSL_CTX_set_max_cert_list(SSL_CTX *ctx, long size);
+ long SSL_CTX_get_max_cert_list(SSL_CTX *ctx);
    +
    + long SSL_set_max_cert_list(SSL *ssl, long size);
+ long SSL_get_max_cert_list(SSL *ctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set_max_cert_list() sets the maximum size allowed for the peer's +certificate chain for all SSL objects created from ctx to be <size> bytes. +The SSL objects inherit the setting valid for ctx at the time +SSL_new(3) is being called.

    +

    SSL_CTX_get_max_cert_list() returns the currently set maximum size for ctx.

    +

    SSL_set_max_cert_list() sets the maximum size allowed for the peer's +certificate chain for ssl to be <size> bytes. This setting stays valid +until a new value is set.

    +

    SSL_get_max_cert_list() returns the currently set maximum size for ssl.

    +

    +

    +
    +

    NOTES

    +

    During the handshake process, the peer may send a certificate chain. +The TLS/SSL standard does not give any maximum size of the certificate chain. +The OpenSSL library handles incoming data by a dynamically allocated buffer. +In order to prevent this buffer from growing without bounds due to data +received from a faulty or malicious peer, a maximum size for the certificate +chain is set.

    +

    The default value for the maximum certificate chain size is 100kB (30kB +on the 16bit DOS platform). This should be sufficient for usual certificate +chains (OpenSSL's default maximum chain length is 10, see +SSL_CTX_set_verify(3), and certificates +without special extensions have a typical size of 1-2kB).

    +

    For special applications it can be necessary to extend the maximum certificate +chain size allowed to be sent by the peer, see e.g. the work on +"Internet X.509 Public Key Infrastructure Proxy Certificate Profile" +and "TLS Delegation Protocol" at http://www.ietf.org/ and +http://www.globus.org/ .

    +

    Under normal conditions it should never be necessary to set a value smaller +than the default, as the buffer is handled dynamically and only uses the +memory actually required by the data sent by the peer.

    +

    If the maximum certificate chain size allowed is exceeded, the handshake will +fail with a SSL_R_EXCESSIVE_MESSAGE_SIZE error.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_set_max_cert_list() and SSL_set_max_cert_list() return the previously +set value.

    +

    SSL_CTX_get_max_cert_list() and SSL_get_max_cert_list() return the currently +set value.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_new(3), +SSL_CTX_set_verify(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_min_proto_version.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_min_proto_version.html new file mode 100755 index 0000000..bd345e9 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_min_proto_version.html @@ -0,0 +1,112 @@ + + + + +SSL_CTX_set_min_proto_version + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_min_proto_version, SSL_CTX_set_max_proto_version, +SSL_CTX_get_min_proto_version, SSL_CTX_get_max_proto_version, +SSL_set_min_proto_version, SSL_set_max_proto_version, +SSL_get_min_proto_version, SSL_get_max_proto_version - Get and set minimum +and maximum supported protocol version

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, int version);
+ int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, int version);
+ int SSL_CTX_get_min_proto_version(SSL_CTX *ctx);
+ int SSL_CTX_get_max_proto_version(SSL_CTX *ctx);
    +
    + int SSL_set_min_proto_version(SSL *ssl, int version);
+ int SSL_set_max_proto_version(SSL *ssl, int version);
+ int SSL_get_min_proto_version(SSL *ssl);
+ int SSL_get_max_proto_version(SSL *ssl);
    +

    +

    +
    +

    DESCRIPTION

    +

    The functions get or set the minimum and maximum supported protocol versions +for the ctx or ssl. +This works in combination with the options set via +SSL_CTX_set_options(3) that also make it possible to disable +specific protocol versions. +Use these functions instead of disabling specific protocol versions.

    +

    Setting the minimum or maximum version to 0, will enable protocol +versions down to the lowest version, or up to the highest version +supported by the library, respectively.

    +

    Getters return 0 in case ctx or ssl have been configured to +automatically use the lowest or highest version supported by the library.

    +

    Currently supported versions are SSL3_VERSION, TLS1_VERSION, +TLS1_1_VERSION, TLS1_2_VERSION, TLS1_3_VERSION for TLS and +DTLS1_VERSION, DTLS1_2_VERSION for DTLS.

    +

    +

    +
    +

    RETURN VALUES

    +

    These setter functions return 1 on success and 0 on failure. The getter +functions return the configured version or 0 for auto-configuration of +lowest or highest protocol, respectively.

    +

    +

    +
    +

    NOTES

    +

    All these functions are implemented using macros.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_CTX_set_options(3), SSL_CONF_cmd(3)

    +

    +

    +
    +

    HISTORY

    +

    The setter functions were added in OpenSSL 1.1.0. The getter functions +were added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_mode.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_mode.html new file mode 100755 index 0000000..693cc61 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_mode.html @@ -0,0 +1,201 @@ + + + + +SSL_CTX_set_mode + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_mode, SSL_CTX_clear_mode, SSL_set_mode, SSL_clear_mode, SSL_CTX_get_mode, SSL_get_mode - manipulate SSL engine mode

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + long SSL_CTX_set_mode(SSL_CTX *ctx, long mode);
+ long SSL_CTX_clear_mode(SSL_CTX *ctx, long mode);
+ long SSL_set_mode(SSL *ssl, long mode);
+ long SSL_clear_mode(SSL *ssl, long mode);
    +
    + long SSL_CTX_get_mode(SSL_CTX *ctx);
+ long SSL_get_mode(SSL *ssl);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set_mode() adds the mode set via bit-mask in mode to ctx. +Options already set before are not cleared. +SSL_CTX_clear_mode() removes the mode set via bit-mask in mode from ctx.

    +

    SSL_set_mode() adds the mode set via bit-mask in mode to ssl. +Options already set before are not cleared. +SSL_clear_mode() removes the mode set via bit-mask in mode from ssl.

    +

    SSL_CTX_get_mode() returns the mode set for ctx.

    +

    SSL_get_mode() returns the mode set for ssl.

    +

    +

    +
    +

    NOTES

    +

    The following mode changes are available:

    +
    +
    SSL_MODE_ENABLE_PARTIAL_WRITE
    + +
    +

    Allow SSL_write_ex(..., n, &r) to return with 0 < r < n (i.e. report success +when just a single record has been written). This works in a similar way for +SSL_write(). When not set (the default), SSL_write_ex() or SSL_write() will only +report success once the complete chunk was written. Once SSL_write_ex() or +SSL_write() returns successful, r bytes have been written and the next call +to SSL_write_ex() or SSL_write() must only send the n-r bytes left, imitating +the behaviour of write().

    +
    +
    SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER
    + +
    +

    Make it possible to retry SSL_write_ex() or SSL_write() with changed buffer +location (the buffer contents must stay the same). This is not the default to +avoid the misconception that non-blocking SSL_write() behaves like +non-blocking write().

    +
    +
    SSL_MODE_AUTO_RETRY
    + +
    +

    During normal operations, non-application data records might need to be sent or +received that the application is not aware of. +If a non-application data record was processed, +SSL_read_ex(3) and SSL_read(3) can return with a failure and indicate the +need to retry with SSL_ERROR_WANT_READ. +If such a non-application data record was processed, the flag +SSL_MODE_AUTO_RETRY causes it to try to process the next record instead of +returning.

    +

    In a non-blocking environment applications must be prepared to handle +incomplete read/write operations. +Setting SSL_MODE_AUTO_RETRY for a non-blocking BIO will process +non-application data records until either no more data is available or +an application data record has been processed.

    +

    In a blocking environment, applications are not always prepared to +deal with the functions returning intermediate reports such as retry +requests, and setting the SSL_MODE_AUTO_RETRY flag will cause the functions +to only return after successfully processing an application data record or a +failure.

    +

    Turning off SSL_MODE_AUTO_RETRY can be useful with blocking BIOs in case +they are used in combination with something like select() or poll(). +Otherwise the call to SSL_read() or SSL_read_ex() might hang when a +non-application record was sent and no application data was sent.

    +
    +
    SSL_MODE_RELEASE_BUFFERS
    + +
    +

    When we no longer need a read buffer or a write buffer for a given SSL, +then release the memory we were using to hold it. +Using this flag can +save around 34k per idle SSL connection. +This flag has no effect on SSL v2 connections, or on DTLS connections.

    +
    +
    SSL_MODE_SEND_FALLBACK_SCSV
    + +
    +

    Send TLS_FALLBACK_SCSV in the ClientHello. +To be set only by applications that reconnect with a downgraded protocol +version; see draft-ietf-tls-downgrade-scsv-00 for details.

    +

    DO NOT ENABLE THIS if your application attempts a normal handshake. +Only use this in explicit fallback retries, following the guidance +in draft-ietf-tls-downgrade-scsv-00.

    +
    +
    SSL_MODE_ASYNC
    + +
    +

    Enable asynchronous processing. TLS I/O operations may indicate a retry with +SSL_ERROR_WANT_ASYNC with this mode set if an asynchronous capable engine is +used to perform cryptographic operations. See SSL_get_error(3).

    +
    +
    SSL_MODE_NO_KTLS_TX
    + +
    +

    Disable the use of the kernel TLS egress data-path. +By default kernel TLS is enabled if it is supported by the negotiated ciphersuites +and extensions and OpenSSL has been compiled with support for it. +The kernel TLS data-path implements the record layer, +and the crypto algorithm. The kernel will utilize the best hardware +available for crypto. Using the kernel data-path should reduce the memory +footprint of OpenSSL because no buffering is required. Also, the throughput +should improve because data copy is avoided when user data is encrypted into +kernel memory instead of the usual encrypt than copy to kernel.

    +

    Kernel TLS might not support all the features of OpenSSL. For instance, +renegotiation, and setting the maximum fragment size is not possible as of +Linux 4.20.

    +
    +
    SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG
    + +
    +

    Older versions of OpenSSL had a bug in the computation of the label length +used for computing the endpoint-pair shared secret. The bug was that the +terminating zero was included in the length of the label. Setting this option +enables this behaviour to allow interoperability with such broken +implementations. Please note that setting this option breaks interoperability +with correct implementations. This option only applies to DTLS over SCTP.

    +
    +
    +

    All modes are off by default except for SSL_MODE_AUTO_RETRY which is on by +default since 1.1.1.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_set_mode() and SSL_set_mode() return the new mode bit-mask +after adding mode.

    +

    SSL_CTX_get_mode() and SSL_get_mode() return the current bit-mask.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_read_ex(3), SSL_read(3), SSL_write_ex(3) or +SSL_write(3), SSL_get_error(3)

    +

    +

    +
    +

    HISTORY

    +

    SSL_MODE_ASYNC was added in OpenSSL 1.1.0. +SSL_MODE_NO_KTLS_TX was added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_msg_callback.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_msg_callback.html new file mode 100755 index 0000000..66d11f9 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_msg_callback.html @@ -0,0 +1,182 @@ + + + + +SSL_CTX_set_msg_callback + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_msg_callback, +SSL_CTX_set_msg_callback_arg, +SSL_set_msg_callback, +SSL_set_msg_callback_arg +- install callback for observing protocol messages

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + void SSL_CTX_set_msg_callback(SSL_CTX *ctx,
+                               void (*cb)(int write_p, int version,
+                                          int content_type, const void *buf,
+                                          size_t len, SSL *ssl, void *arg));
+ void SSL_CTX_set_msg_callback_arg(SSL_CTX *ctx, void *arg);
    +
    + void SSL_set_msg_callback(SSL *ssl,
+                           void (*cb)(int write_p, int version,
+                                      int content_type, const void *buf,
+                                      size_t len, SSL *ssl, void *arg));
+ void SSL_set_msg_callback_arg(SSL *ssl, void *arg);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set_msg_callback() or SSL_set_msg_callback() can be used to +define a message callback function cb for observing all SSL/TLS +protocol messages (such as handshake messages) that are received or +sent, as well as other events that occur during processing. +SSL_CTX_set_msg_callback_arg() and SSL_set_msg_callback_arg() +can be used to set argument arg to the callback function, which is +available for arbitrary application use.

    +

    SSL_CTX_set_msg_callback() and SSL_CTX_set_msg_callback_arg() specify +default settings that will be copied to new SSL objects by +SSL_new(3). SSL_set_msg_callback() and +SSL_set_msg_callback_arg() modify the actual settings of an SSL +object. Using a NULL pointer for cb disables the message callback.

    +

    When cb is called by the SSL/TLS library the function arguments have the +following meaning:

    +
    +
    write_p
    + +
    +

    This flag is 0 when a protocol message has been received and 1 +when a protocol message has been sent.

    +
    +
    version
    + +
    +

    The protocol version according to which the protocol message is +interpreted by the library such as TLS1_3_VERSION, TLS1_2_VERSION etc. +This is set to 0 for the SSL3_RT_HEADER pseudo content type (see NOTES below).

    +
    +
    content_type
    + +
    +

    This is one of the content type values defined in the protocol specification +(SSL3_RT_CHANGE_CIPHER_SPEC, SSL3_RT_ALERT, SSL3_RT_HANDSHAKE; but never +SSL3_RT_APPLICATION_DATA because the callback will only be called for protocol +messages). Alternatively it may be a "pseudo" content type. These pseudo +content types are used to signal some other event in the processing of data (see +NOTES below).

    +
    +
    buf, len
    + +
    +

    buf points to a buffer containing the protocol message or other data (in the +case of pseudo content types), which consists of len bytes. The buffer is no +longer valid after the callback function has returned.

    +
    +
    ssl
    + +
    +

    The SSL object that received or sent the message.

    +
    +
    arg
    + +
    +

    The user-defined argument optionally defined by +SSL_CTX_set_msg_callback_arg() or SSL_set_msg_callback_arg().

    +
    +
    +

    +

    +
    +

    NOTES

    +

    Protocol messages are passed to the callback function after decryption +and fragment collection where applicable. (Thus record boundaries are +not visible.)

    +

    If processing a received protocol message results in an error, +the callback function may not be called. For example, the callback +function will never see messages that are considered too large to be +processed.

    +

    Due to automatic protocol version negotiation, version is not +necessarily the protocol version used by the sender of the message: If +a TLS 1.0 ClientHello message is received by an SSL 3.0-only server, +version will be SSL3_VERSION.

    +

    Pseudo content type values may be sent at various points during the processing +of data. The following pseudo content types are currently defined:

    +
    +
    SSL3_RT_HEADER
    + +
    +

    Used when a record is sent or received. The buf contains the record header +bytes only.

    +
    +
    SSL3_RT_INNER_CONTENT_TYPE
    + +
    +

    Used when an encrypted TLSv1.3 record is sent or received. In encrypted TLSv1.3 +records the content type in the record header is always +SSL3_RT_APPLICATION_DATA. The real content type for the record is contained in +an "inner" content type. buf contains the encoded "inner" content type byte.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_set_msg_callback(), SSL_CTX_set_msg_callback_arg(), SSL_set_msg_callback() +and SSL_set_msg_callback_arg() do not return values.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_new(3)

    +

    +

    +
    +

    HISTORY

    +

    The pseudo content type SSL3_RT_INNER_CONTENT_TYPE was added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_num_tickets.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_num_tickets.html new file mode 100755 index 0000000..ea8de90 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_num_tickets.html @@ -0,0 +1,107 @@ + + + + +SSL_CTX_set_num_tickets + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_set_num_tickets, +SSL_get_num_tickets, +SSL_CTX_set_num_tickets, +SSL_CTX_get_num_tickets +- control the number of TLSv1.3 session tickets that are issued

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_set_num_tickets(SSL *s, size_t num_tickets);
+ size_t SSL_get_num_tickets(SSL *s);
+ int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets);
+ size_t SSL_CTX_get_num_tickets(SSL_CTX *ctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set_num_tickets() and SSL_set_num_tickets() can be called for a server +application and set the number of TLSv1.3 session tickets that will be sent to +the client after a full handshake. Set the desired value (which could be 0) in +the num_tickets argument. Typically these functions should be called before +the start of the handshake.

    +

    The default number of tickets is 2; the default number of tickets sent following +a resumption handshake is 1 but this cannot be changed using these functions. +The number of tickets following a resumption handshake can be reduced to 0 using +custom session ticket callbacks (see SSL_CTX_set_session_ticket_cb(3)).

    +

    Tickets are also issued on receipt of a post-handshake certificate from the +client following a request by the server using +SSL_verify_client_post_handshake(3). These new tickets will be associated +with the updated client identity (i.e. including their certificate and +verification status). The number of tickets issued will normally be the same as +was used for the initial handshake. If the initial handshake was a full +handshake then SSL_set_num_tickets() can be called again prior to calling +SSL_verify_client_post_handshake() to update the number of tickets that will be +sent.

    +

    SSL_CTX_get_num_tickets() and SSL_get_num_tickets() return the number of +tickets set by a previous call to SSL_CTX_set_num_tickets() or +SSL_set_num_tickets(), or 2 if no such call has been made.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_set_num_tickets() and SSL_set_num_tickets() return 1 on success or 0 on +failure.

    +

    SSL_CTX_get_num_tickets() and SSL_get_num_tickets() return the number of tickets +that have been previously set.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7)

    +

    +

    +
    +

    HISTORY

    +

    These functions were added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_options.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_options.html new file mode 100755 index 0000000..b49a5cf --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_options.html @@ -0,0 +1,419 @@ + + + + +SSL_CTX_set_options + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_options, SSL_set_options, SSL_CTX_clear_options, +SSL_clear_options, SSL_CTX_get_options, SSL_get_options, +SSL_get_secure_renegotiation_support - manipulate SSL options

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + long SSL_CTX_set_options(SSL_CTX *ctx, long options);
+ long SSL_set_options(SSL *ssl, long options);
    +
    + long SSL_CTX_clear_options(SSL_CTX *ctx, long options);
+ long SSL_clear_options(SSL *ssl, long options);
    +
    + long SSL_CTX_get_options(SSL_CTX *ctx);
+ long SSL_get_options(SSL *ssl);
    +
    + long SSL_get_secure_renegotiation_support(SSL *ssl);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set_options() adds the options set via bit-mask in options to ctx. +Options already set before are not cleared!

    +

    SSL_set_options() adds the options set via bit-mask in options to ssl. +Options already set before are not cleared!

    +

    SSL_CTX_clear_options() clears the options set via bit-mask in options +to ctx.

    +

    SSL_clear_options() clears the options set via bit-mask in options to ssl.

    +

    SSL_CTX_get_options() returns the options set for ctx.

    +

    SSL_get_options() returns the options set for ssl.

    +

    SSL_get_secure_renegotiation_support() indicates whether the peer supports +secure renegotiation. +Note, this is implemented via a macro.

    +

    +

    +
    +

    NOTES

    +

    The behaviour of the SSL library can be changed by setting several options. +The options are coded as bit-masks and can be combined by a bitwise or +operation (|).

    +

    SSL_CTX_set_options() and SSL_set_options() affect the (external) +protocol behaviour of the SSL library. The (internal) behaviour of +the API can be changed by using the similar +SSL_CTX_set_mode(3) and SSL_set_mode() functions.

    +

    During a handshake, the option settings of the SSL object are used. When +a new SSL object is created from a context using SSL_new(), the current +option setting is copied. Changes to ctx do not affect already created +SSL objects. SSL_clear() does not affect the settings.

    +

    The following bug workaround options are available:

    +
    +
    SSL_OP_SAFARI_ECDHE_ECDSA_BUG
    + +
    +

    Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X. +OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.

    +
    +
    SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
    + +
    +

    Disables a countermeasure against a SSL 3.0/TLS 1.0 protocol +vulnerability affecting CBC ciphers, which cannot be handled by some +broken SSL implementations. This option has no effect for connections +using other ciphers.

    +
    +
    SSL_OP_TLSEXT_PADDING
    + +
    +

    Adds a padding extension to ensure the ClientHello size is never between +256 and 511 bytes in length. This is needed as a workaround for some +implementations.

    +
    +
    SSL_OP_ALL
    + +
    +

    All of the above bug workarounds plus SSL_OP_LEGACY_SERVER_CONNECT as +mentioned below.

    +
    +
    +

    It is usually safe to use SSL_OP_ALL to enable the bug workaround +options if compatibility with somewhat broken implementations is +desired.

    +

    The following modifying options are available:

    +
    +
    SSL_OP_TLS_ROLLBACK_BUG
    + +
    +

    Disable version rollback attack detection.

    +

    During the client key exchange, the client must send the same information +about acceptable SSL/TLS protocol levels as during the first hello. Some +clients violate this rule by adapting to the server's answer. (Example: +the client sends a SSLv2 hello and accepts up to SSLv3.1=TLSv1, the server +only understands up to SSLv3. In this case the client must still use the +same SSLv3.1=TLSv1 announcement. Some clients step down to SSLv3 with respect +to the server's answer and violate the version rollback protection.)

    +
    +
    SSL_OP_CIPHER_SERVER_PREFERENCE
    + +
    +

    When choosing a cipher, use the server's preferences instead of the client +preferences. When not set, the SSL server will always follow the clients +preferences. When set, the SSL/TLS server will choose following its +own preferences.

    +
    +
    SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1, +SSL_OP_NO_TLSv1_2, SSL_OP_NO_TLSv1_3, SSL_OP_NO_DTLSv1, SSL_OP_NO_DTLSv1_2
    + +
    +

    These options turn off the SSLv3, TLSv1, TLSv1.1, TLSv1.2 or TLSv1.3 protocol +versions with TLS or the DTLSv1, DTLSv1.2 versions with DTLS, +respectively. +As of OpenSSL 1.1.0, these options are deprecated, use +SSL_CTX_set_min_proto_version(3) and +SSL_CTX_set_max_proto_version(3) instead.

    +
    +
    SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
    + +
    +

    When performing renegotiation as a server, always start a new session +(i.e., session resumption requests are only accepted in the initial +handshake). This option is not needed for clients.

    +
    +
    SSL_OP_NO_COMPRESSION
    + +
    +

    Do not use compression even if it is supported.

    +
    +
    SSL_OP_NO_QUERY_MTU
    + +
    +

    Do not query the MTU. Only affects DTLS connections.

    +
    +
    SSL_OP_COOKIE_EXCHANGE
    + +
    +

    Turn on Cookie Exchange as described in RFC4347 Section 4.2.1. Only affects +DTLS connections.

    +
    +
    SSL_OP_NO_TICKET
    + +
    +

    SSL/TLS supports two mechanisms for resuming sessions: session ids and stateless +session tickets.

    +

    When using session ids a copy of the session information is +cached on the server and a unique id is sent to the client. When the client +wishes to resume it provides the unique id so that the server can retrieve the +session information from its cache.

    +

    When using stateless session tickets the server uses a session ticket encryption +key to encrypt the session information. This encrypted data is sent to the +client as a "ticket". When the client wishes to resume it sends the encrypted +data back to the server. The server uses its key to decrypt the data and resume +the session. In this way the server can operate statelessly - no session +information needs to be cached locally.

    +

    The TLSv1.3 protocol only supports tickets and does not directly support session +ids. However OpenSSL allows two modes of ticket operation in TLSv1.3: stateful +and stateless. Stateless tickets work the same way as in TLSv1.2 and below. +Stateful tickets mimic the session id behaviour available in TLSv1.2 and below. +The session information is cached on the server and the session id is wrapped up +in a ticket and sent back to the client. When the client wishes to resume, it +presents a ticket in the same way as for stateless tickets. The server can then +extract the session id from the ticket and retrieve the session information from +its cache.

    +

    By default OpenSSL will use stateless tickets. The SSL_OP_NO_TICKET option will +cause stateless tickets to not be issued. In TLSv1.2 and below this means no +ticket gets sent to the client at all. In TLSv1.3 a stateful ticket will be +sent. This is a server-side option only.

    +

    In TLSv1.3 it is possible to suppress all tickets (stateful and stateless) from +being sent by calling SSL_CTX_set_num_tickets(3) or +SSL_set_num_tickets(3).

    +
    +
    SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
    + +
    +

    Allow legacy insecure renegotiation between OpenSSL and unpatched clients or +servers. See the SECURE RENEGOTIATION section for more details.

    +
    +
    SSL_OP_LEGACY_SERVER_CONNECT
    + +
    +

    Allow legacy insecure renegotiation between OpenSSL and unpatched servers +only: this option is currently set by default. See the +SECURE RENEGOTIATION section for more details.

    +
    +
    SSL_OP_NO_ENCRYPT_THEN_MAC
    + +
    +

    Normally clients and servers will transparently attempt to negotiate the +RFC7366 Encrypt-then-MAC option on TLS and DTLS connection.

    +

    If this option is set, Encrypt-then-MAC is disabled. Clients will not +propose, and servers will not accept the extension.

    +
    +
    SSL_OP_NO_EXTENDED_MASTER_SECRET
    + +
    +

    Normally clients and servers will transparently attempt to negotiate the +RFC7627 Extended Master Secret option on TLS and DTLS connection.

    +

    If this option is set, Extended Master Secret is disabled. Clients will +not propose, and servers will not accept the extension.

    +
    +
    SSL_OP_NO_RENEGOTIATION
    + +
    +

    Disable all renegotiation in TLSv1.2 and earlier. Do not send HelloRequest +messages, and ignore renegotiation requests via ClientHello.

    +
    +
    SSL_OP_ALLOW_NO_DHE_KEX
    + +
    +

    In TLSv1.3 allow a non-(ec)dhe based key exchange mode on resumption. This means +that there will be no forward secrecy for the resumed session.

    +
    +
    SSL_OP_PRIORITIZE_CHACHA
    + +
    +

    When SSL_OP_CIPHER_SERVER_PREFERENCE is set, temporarily reprioritize +ChaCha20-Poly1305 ciphers to the top of the server cipher list if a +ChaCha20-Poly1305 cipher is at the top of the client cipher list. This helps +those clients (e.g. mobile) use ChaCha20-Poly1305 if that cipher is anywhere +in the server cipher list; but still allows other clients to use AES and other +ciphers. Requires SSL_OP_CIPHER_SERVER_PREFERENCE.

    +
    +
    SSL_OP_ENABLE_MIDDLEBOX_COMPAT
    + +
    +

    If set then dummy Change Cipher Spec (CCS) messages are sent in TLSv1.3. This +has the effect of making TLSv1.3 look more like TLSv1.2 so that middleboxes that +do not understand TLSv1.3 will not drop the connection. Regardless of whether +this option is set or not CCS messages received from the peer will always be +ignored in TLSv1.3. This option is set by default. To switch it off use +SSL_clear_options(). A future version of OpenSSL may not set this by default.

    +
    +
    SSL_OP_NO_ANTI_REPLAY
    + +
    +

    By default, when a server is configured for early data (i.e., max_early_data > 0), +OpenSSL will switch on replay protection. See SSL_read_early_data(3) for a +description of the replay protection feature. Anti-replay measures are required +to comply with the TLSv1.3 specification. Some applications may be able to +mitigate the replay risks in other ways and in such cases the built in OpenSSL +functionality is not required. Those applications can turn this feature off by +setting this option. This is a server-side opton only. It is ignored by +clients.

    +
    +
    +

    The following options no longer have any effect but their identifiers are +retained for compatibility purposes:

    +
    +
    SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
    + +
    SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER
    + +
    SSL_OP_SSLEAY_080_CLIENT_DH_BUG
    + +
    SSL_OP_TLS_D5_BUG
    + +
    SSL_OP_TLS_BLOCK_PADDING_BUG
    + +
    SSL_OP_MSIE_SSLV2_RSA_PADDING
    + +
    SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG
    + +
    SSL_OP_MICROSOFT_SESS_ID_BUG
    + +
    SSL_OP_NETSCAPE_CHALLENGE_BUG
    + +
    SSL_OP_PKCS1_CHECK_1
    + +
    SSL_OP_PKCS1_CHECK_2
    + +
    SSL_OP_SINGLE_DH_USE
    + +
    SSL_OP_SINGLE_ECDH_USE
    + +
    SSL_OP_EPHEMERAL_RSA
    + +
    +

    +

    +
    +

    SECURE RENEGOTIATION

    +

    OpenSSL always attempts to use secure renegotiation as +described in RFC5746. This counters the prefix attack described in +CVE-2009-3555 and elsewhere.

    +

    This attack has far reaching consequences which application writers should be +aware of. In the description below an implementation supporting secure +renegotiation is referred to as patched. A server not supporting secure +renegotiation is referred to as unpatched.

    +

    The following sections describe the operations permitted by OpenSSL's secure +renegotiation implementation.

    +

    +

    +

    Patched client and server

    +

    Connections and renegotiation are always permitted by OpenSSL implementations.

    +

    +

    +

    Unpatched client and patched OpenSSL server

    +

    The initial connection succeeds but client renegotiation is denied by the +server with a no_renegotiation warning alert if TLS v1.0 is used or a fatal +handshake_failure alert in SSL v3.0.

    +

    If the patched OpenSSL server attempts to renegotiate a fatal +handshake_failure alert is sent. This is because the server code may be +unaware of the unpatched nature of the client.

    +

    If the option SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION is set then +renegotiation always succeeds.

    +

    +

    +

    Patched OpenSSL client and unpatched server

    +

    If the option SSL_OP_LEGACY_SERVER_CONNECT or +SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION is set then initial connections +and renegotiation between patched OpenSSL clients and unpatched servers +succeeds. If neither option is set then initial connections to unpatched +servers will fail.

    +

    The option SSL_OP_LEGACY_SERVER_CONNECT is currently set by default even +though it has security implications: otherwise it would be impossible to +connect to unpatched servers (i.e. all of them initially) and this is clearly +not acceptable. Renegotiation is permitted because this does not add any +additional security issues: during an attack clients do not see any +renegotiations anyway.

    +

    As more servers become patched the option SSL_OP_LEGACY_SERVER_CONNECT will +not be set by default in a future version of OpenSSL.

    +

    OpenSSL client applications wishing to ensure they can connect to unpatched +servers should always set SSL_OP_LEGACY_SERVER_CONNECT

    +

    OpenSSL client applications that want to ensure they can not connect to +unpatched servers (and thus avoid any security issues) should always clear +SSL_OP_LEGACY_SERVER_CONNECT using SSL_CTX_clear_options() or +SSL_clear_options().

    +

    The difference between the SSL_OP_LEGACY_SERVER_CONNECT and +SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION options is that +SSL_OP_LEGACY_SERVER_CONNECT enables initial connections and secure +renegotiation between OpenSSL clients and unpatched servers only, while +SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION allows initial connections +and renegotiation between OpenSSL and unpatched clients or servers.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_set_options() and SSL_set_options() return the new options bit-mask +after adding options.

    +

    SSL_CTX_clear_options() and SSL_clear_options() return the new options bit-mask +after clearing options.

    +

    SSL_CTX_get_options() and SSL_get_options() return the current bit-mask.

    +

    SSL_get_secure_renegotiation_support() returns 1 is the peer supports +secure renegotiation and 0 if it does not.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_new(3), SSL_clear(3), +SSL_CTX_set_tmp_dh_callback(3), +SSL_CTX_set_min_proto_version(3), +openssl-dhparam(1)

    +

    +

    +
    +

    HISTORY

    +

    The attempt to always try to use secure renegotiation was added in +OpenSSL 0.9.8m.

    +

    The SSL_OP_PRIORITIZE_CHACHA and SSL_OP_NO_RENEGOTIATION options +were added in OpenSSL 1.1.1.

    +

    The SSL_OP_NO_EXTENDED_MASTER_SECRET option was added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_psk_client_callback.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_psk_client_callback.html new file mode 100755 index 0000000..d89352f --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_psk_client_callback.html @@ -0,0 +1,198 @@ + + + + +SSL_CTX_set_psk_client_callback + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_psk_client_cb_func, +SSL_psk_use_session_cb_func, +SSL_CTX_set_psk_client_callback, +SSL_set_psk_client_callback, +SSL_CTX_set_psk_use_session_callback, +SSL_set_psk_use_session_callback +- set PSK client callback

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + typedef int (*SSL_psk_use_session_cb_func)(SSL *ssl, const EVP_MD *md,
+                                            const unsigned char **id,
+                                            size_t *idlen,
+                                            SSL_SESSION **sess);
    +
    + void SSL_CTX_set_psk_use_session_callback(SSL_CTX *ctx,
+                                           SSL_psk_use_session_cb_func cb);
+ void SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb);
    +
    + typedef unsigned int (*SSL_psk_client_cb_func)(SSL *ssl,
+                                                const char *hint,
+                                                char *identity,
+                                                unsigned int max_identity_len,
+                                                unsigned char *psk,
+                                                unsigned int max_psk_len);
    +
    + void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, SSL_psk_client_cb_func cb);
+ void SSL_set_psk_client_callback(SSL *ssl, SSL_psk_client_cb_func cb);
    +

    +

    +
    +

    DESCRIPTION

    +

    A client application wishing to use TLSv1.3 PSKs should use either +SSL_CTX_set_psk_use_session_callback() or SSL_set_psk_use_session_callback() as +appropriate. These functions cannot be used for TLSv1.2 and below PSKs.

    +

    The callback function is given a pointer to the SSL connection in ssl.

    +

    The first time the callback is called for a connection the md parameter is +NULL. In some circumstances the callback will be called a second time. In that +case the server will have specified a ciphersuite to use already and the PSK +must be compatible with the digest for that ciphersuite. The digest will be +given in md. The PSK returned by the callback is allowed to be different +between the first and second time it is called.

    +

    On successful completion the callback must store a pointer to an identifier for +the PSK in *id. The identifier length in bytes should be stored in *idlen. +The memory pointed to by *id remains owned by the application and should +be freed by it as required at any point after the handshake is complete.

    +

    Additionally the callback should store a pointer to an SSL_SESSION object in +*sess. This is used as the basis for the PSK, and should, at a minimum, have +the following fields set:

    +
    +
    The master key
    + +
    +

    This can be set via a call to SSL_SESSION_set1_master_key(3).

    +
    +
    A ciphersuite
    + +
    +

    Only the handshake digest associated with the ciphersuite is relevant for the +PSK (the server may go on to negotiate any ciphersuite which is compatible with +the digest). The application can use any TLSv1.3 ciphersuite. If md is +not NULL the handshake digest for the ciphersuite should be the same. +The ciphersuite can be set via a call to <SSL_SESSION_set_cipher(3)>. The +handshake digest of an SSL_CIPHER object can be checked using +<SSL_CIPHER_get_handshake_digest(3)>.

    +
    +
    The protocol version
    + +
    +

    This can be set via a call to SSL_SESSION_set_protocol_version(3) and should +be TLS1_3_VERSION.

    +
    +
    +

    Additionally the maximum early data value should be set via a call to +SSL_SESSION_set_max_early_data(3) if the PSK will be used for sending early +data.

    +

    Alternatively an SSL_SESSION created from a previous non-PSK handshake may also +be used as the basis for a PSK.

    +

    Ownership of the SSL_SESSION object is passed to the OpenSSL library and so it +should not be freed by the application.

    +

    It is also possible for the callback to succeed but not supply a PSK. In this +case no PSK will be sent to the server but the handshake will continue. To do +this the callback should return successfully and ensure that *sess is +NULL. The contents of *id and *idlen will be ignored.

    +

    A client application wishing to use PSK ciphersuites for TLSv1.2 and below must +provide a different callback function. This function will be called when the +client is sending the ClientKeyExchange message to the server.

    +

    The purpose of the callback function is to select the PSK identity and +the pre-shared key to use during the connection setup phase.

    +

    The callback is set using functions SSL_CTX_set_psk_client_callback() +or SSL_set_psk_client_callback(). The callback function is given the +connection in parameter ssl, a NULL-terminated PSK identity hint +sent by the server in parameter hint, a buffer identity of +length max_identity_len bytes where the resulting +NUL-terminated identity is to be stored, and a buffer psk of +length max_psk_len bytes where the resulting pre-shared key is to +be stored.

    +

    The callback for use in TLSv1.2 will also work in TLSv1.3 although it is +recommended to use SSL_CTX_set_psk_use_session_callback() +or SSL_set_psk_use_session_callback() for this purpose instead. If TLSv1.3 has +been negotiated then OpenSSL will first check to see if a callback has been set +via SSL_CTX_set_psk_use_session_callback() or SSL_set_psk_use_session_callback() +and it will use that in preference. If no such callback is present then it will +check to see if a callback has been set via SSL_CTX_set_psk_client_callback() or +SSL_set_psk_client_callback() and use that. In this case the hint value will +always be NULL and the handshake digest will default to SHA-256 for any returned +PSK.

    +

    +

    +
    +

    NOTES

    +

    Note that parameter hint given to the callback may be NULL.

    +

    A connection established via a TLSv1.3 PSK will appear as if session resumption +has occurred so that SSL_session_reused(3) will return true.

    +

    There are no known security issues with sharing the same PSK between TLSv1.2 (or +below) and TLSv1.3. However the RFC has this note of caution:

    +

    "While there is no known way in which the same PSK might produce related output +in both versions, only limited analysis has been done. Implementations can +ensure safety from cross-protocol related output by not reusing PSKs between +TLS 1.3 and TLS 1.2."

    +

    +

    +
    +

    RETURN VALUES

    +

    Return values from the SSL_psk_client_cb_func callback are interpreted as +follows:

    +

    On success (callback found a PSK identity and a pre-shared key to use) +the length (> 0) of psk in bytes is returned.

    +

    Otherwise or on errors the callback should return 0. In this case +the connection setup fails.

    +

    The SSL_psk_use_session_cb_func callback should return 1 on success or 0 on +failure. In the event of failure the connection setup fails.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_CTX_set_psk_find_session_callback(3), +SSL_set_psk_find_session_callback(3)

    +

    +

    +
    +

    HISTORY

    +

    SSL_CTX_set_psk_use_session_callback() and SSL_set_psk_use_session_callback() +were added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_quiet_shutdown.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_quiet_shutdown.html new file mode 100755 index 0000000..5bbc341 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_quiet_shutdown.html @@ -0,0 +1,105 @@ + + + + +SSL_CTX_set_quiet_shutdown + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_quiet_shutdown, SSL_CTX_get_quiet_shutdown, SSL_set_quiet_shutdown, SSL_get_quiet_shutdown - manipulate shutdown behaviour

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode);
+ int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);
    +
    + void SSL_set_quiet_shutdown(SSL *ssl, int mode);
+ int SSL_get_quiet_shutdown(const SSL *ssl);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set_quiet_shutdown() sets the "quiet shutdown" flag for ctx to be +mode. SSL objects created from ctx inherit the mode valid at the time +SSL_new(3) is called. mode may be 0 or 1.

    +

    SSL_CTX_get_quiet_shutdown() returns the "quiet shutdown" setting of ctx.

    +

    SSL_set_quiet_shutdown() sets the "quiet shutdown" flag for ssl to be +mode. The setting stays valid until ssl is removed with +SSL_free(3) or SSL_set_quiet_shutdown() is called again. +It is not changed when SSL_clear(3) is called. +mode may be 0 or 1.

    +

    SSL_get_quiet_shutdown() returns the "quiet shutdown" setting of ssl.

    +

    +

    +
    +

    NOTES

    +

    Normally when a SSL connection is finished, the parties must send out +close_notify alert messages using SSL_shutdown(3) +for a clean shutdown.

    +

    When setting the "quiet shutdown" flag to 1, SSL_shutdown(3) +will set the internal flags to SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN. +(SSL_shutdown(3) then behaves like +SSL_set_shutdown(3) called with +SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN.) +The session is thus considered to be shutdown, but no close_notify alert +is sent to the peer. This behaviour violates the TLS standard.

    +

    The default is normal shutdown behaviour as described by the TLS standard.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_set_quiet_shutdown() and SSL_set_quiet_shutdown() do not return +diagnostic information.

    +

    SSL_CTX_get_quiet_shutdown() and SSL_get_quiet_shutdown return the current +setting.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_shutdown(3), +SSL_set_shutdown(3), SSL_new(3), +SSL_clear(3), SSL_free(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_read_ahead.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_read_ahead.html new file mode 100755 index 0000000..7141542 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_read_ahead.html @@ -0,0 +1,110 @@ + + + + +SSL_CTX_set_read_ahead + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_read_ahead, SSL_CTX_get_read_ahead, +SSL_set_read_ahead, SSL_get_read_ahead, +SSL_CTX_get_default_read_ahead +- manage whether to read as many input bytes as possible

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + void SSL_set_read_ahead(SSL *s, int yes);
+ int SSL_get_read_ahead(const SSL *s);
    +
    + SSL_CTX_set_read_ahead(SSL_CTX *ctx, int yes);
+ long SSL_CTX_get_read_ahead(SSL_CTX *ctx);
+ long SSL_CTX_get_default_read_ahead(SSL_CTX *ctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set_read_ahead() and SSL_set_read_ahead() set whether we should read as +many input bytes as possible (for non-blocking reads) or not. For example if +x bytes are currently required by OpenSSL, but y bytes are available from +the underlying BIO (where y > x), then OpenSSL will read all y bytes +into its buffer (providing that the buffer is large enough) if reading ahead is +on, or x bytes otherwise. +Setting the parameter yes to 0 turns reading ahead is off, other values turn +it on. +SSL_CTX_set_default_read_ahead() is identical to SSL_CTX_set_read_ahead().

    +

    SSL_CTX_get_read_ahead() and SSL_get_read_ahead() indicate whether reading +ahead has been set or not. +SSL_CTX_get_default_read_ahead() is identical to SSL_CTX_get_read_ahead().

    +

    +

    +
    +

    NOTES

    +

    These functions have no impact when used with DTLS. The return values for +SSL_CTX_get_read_head() and SSL_get_read_ahead() are undefined for DTLS. Setting +read_ahead can impact the behaviour of the SSL_pending() function +(see SSL_pending(3)).

    +

    Since SSL_read() can return SSL_ERROR_WANT_READ for non-application data +records, and SSL_has_pending() can't tell the difference between processed and +unprocessed data, it's recommended that if read ahead is turned on that +SSL_MODE_AUTO_RETRY is not turned off using SSL_CTX_clear_mode(). +That will prevent getting SSL_ERROR_WANT_READ when there is still a complete +record available that hasn't been processed.

    +

    If the application wants to continue to use the underlying transport (e.g. TCP +connection) after the SSL connection is finished using SSL_shutdown() reading +ahead should be turned off. +Otherwise the SSL structure might read data that it shouldn't.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_get_read_ahead() and SSL_CTX_get_read_ahead() return 0 if reading ahead is off, +and non zero otherwise.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_pending(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_record_padding_callback.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_record_padding_callback.html new file mode 100755 index 0000000..fb86a47 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_record_padding_callback.html @@ -0,0 +1,128 @@ + + + + +SSL_CTX_set_record_padding_callback + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_record_padding_callback, +SSL_set_record_padding_callback, +SSL_CTX_set_record_padding_callback_arg, +SSL_set_record_padding_callback_arg, +SSL_CTX_get_record_padding_callback_arg, +SSL_get_record_padding_callback_arg, +SSL_CTX_set_block_padding, +SSL_set_block_padding - install callback to specify TLS 1.3 record padding

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx, size_t (*cb)(SSL *s, int type, size_t len, void *arg));
+ void SSL_set_record_padding_callback(SSL *ssl, size_t (*cb)(SSL *s, int type, size_t len, void *arg));
    +
    + void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg);
+ void *SSL_CTX_get_record_padding_callback_arg(const SSL_CTX *ctx);
    +
    + void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg);
+ void *SSL_get_record_padding_callback_arg(const SSL *ssl);
    +
    + int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size);
+ int SSL_set_block_padding(SSL *ssl, size_t block_size);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set_record_padding_callback() or SSL_set_record_padding_callback() +can be used to assign a callback function cb to specify the padding +for TLS 1.3 records. The value set in ctx is copied to a new SSL by SSL_new().

    +

    SSL_CTX_set_record_padding_callback_arg() and SSL_set_record_padding_callback_arg() +assign a value arg that is passed to the callback when it is invoked. The value +set in ctx is copied to a new SSL by SSL_new().

    +

    SSL_CTX_get_record_padding_callback_arg() and SSL_get_record_padding_callback_arg() +retrieve the arg value that is passed to the callback.

    +

    SSL_CTX_set_block_padding() and SSL_set_block_padding() pads the record to a multiple +of the block_size. A block_size of 0 or 1 disables block padding. The limit of +block_size is SSL3_RT_MAX_PLAIN_LENGTH.

    +

    The callback is invoked for every record before encryption. +The type parameter is the TLS record type that is being processed; may be +one of SSL3_RT_APPLICATION_DATA, SSL3_RT_HANDSHAKE, or SSL3_RT_ALERT. +The len parameter is the current plaintext length of the record before encryption. +The arg parameter is the value set via SSL_CTX_set_record_padding_callback_arg() +or SSL_set_record_padding_callback_arg().

    +

    +

    +
    +

    RETURN VALUES

    +

    The SSL_CTX_get_record_padding_callback_arg() and SSL_get_record_padding_callback_arg() +functions return the arg value assigned in the corresponding set functions.

    +

    The SSL_CTX_set_block_padding() and SSL_set_block_padding() functions return 1 on success +or 0 if block_size is too large.

    +

    The cb returns the number of padding bytes to add to the record. A return of 0 +indicates no padding will be added. A return value that causes the record to +exceed the maximum record size (SSL3_RT_MAX_PLAIN_LENGTH) will pad out to the +maximum record size.

    +

    +

    +
    +

    NOTES

    +

    The default behavior is to add no padding to the record.

    +

    A user-supplied padding callback function will override the behavior set by +SSL_set_block_padding() or SSL_CTX_set_block_padding(). Setting the user-supplied +callback to NULL will restore the configured block padding behavior.

    +

    These functions only apply to TLS 1.3 records being written.

    +

    Padding bytes are not added in constant-time.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_new(3)

    +

    +

    +
    +

    HISTORY

    +

    The record padding API was added for TLS 1.3 support in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_security_level.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_security_level.html new file mode 100755 index 0000000..565ced5 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_security_level.html @@ -0,0 +1,228 @@ + + + + +SSL_CTX_set_security_level + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_security_level, SSL_set_security_level, SSL_CTX_get_security_level, SSL_get_security_level, SSL_CTX_set_security_callback, SSL_set_security_callback, SSL_CTX_get_security_callback, SSL_get_security_callback, SSL_CTX_set0_security_ex_data, SSL_set0_security_ex_data, SSL_CTX_get0_security_ex_data, SSL_get0_security_ex_data - SSL/TLS security framework

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + void SSL_CTX_set_security_level(SSL_CTX *ctx, int level);
+ void SSL_set_security_level(SSL *s, int level);
    +
    + int SSL_CTX_get_security_level(const SSL_CTX *ctx);
+ int SSL_get_security_level(const SSL *s);
    +
    + void SSL_CTX_set_security_callback(SSL_CTX *ctx,
+                                    int (*cb)(SSL *s, SSL_CTX *ctx, int op,
+                                              int bits, int nid,
+                                              void *other, void *ex));
    +
    + void SSL_set_security_callback(SSL *s, int (*cb)(SSL *s, SSL_CTX *ctx, int op,
+                                                  int bits, int nid,
+                                                  void *other, void *ex));
    +
    + int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx))(SSL *s, SSL_CTX *ctx, int op,
+                                                          int bits, int nid, void *other,
+                                                          void *ex);
+ int (*SSL_get_security_callback(const SSL *s))(SSL *s, SSL_CTX *ctx, int op,
+                                                int bits, int nid, void *other,
+                                                void *ex);
    +
    + void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex);
+ void SSL_set0_security_ex_data(SSL *s, void *ex);
    +
    + void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx);
+ void *SSL_get0_security_ex_data(const SSL *s);
    +

    +

    +
    +

    DESCRIPTION

    +

    The functions SSL_CTX_set_security_level() and SSL_set_security_level() set +the security level to level. If not set the library default security level +is used.

    +

    The functions SSL_CTX_get_security_level() and SSL_get_security_level() +retrieve the current security level.

    +

    SSL_CTX_set_security_callback(), SSL_set_security_callback(), +SSL_CTX_get_security_callback() and SSL_get_security_callback() get or set +the security callback associated with ctx or s. If not set a default +security callback is used. The meaning of the parameters and the behaviour +of the default callbacks is described below.

    +

    SSL_CTX_set0_security_ex_data(), SSL_set0_security_ex_data(), +SSL_CTX_get0_security_ex_data() and SSL_get0_security_ex_data() set the +extra data pointer passed to the ex parameter of the callback. This +value is passed to the callback verbatim and can be set to any convenient +application specific value.

    +

    +

    +
    +

    DEFAULT CALLBACK BEHAVIOUR

    +

    If an application doesn't set its own security callback the default +callback is used. It is intended to provide sane defaults. The meaning +of each level is described below.

    +
    +
    Level 0
    + +
    +

    Everything is permitted. This retains compatibility with previous versions of +OpenSSL.

    +
    +
    Level 1
    + +
    +

    The security level corresponds to a minimum of 80 bits of security. Any +parameters offering below 80 bits of security are excluded. As a result RSA, +DSA and DH keys shorter than 1024 bits and ECC keys shorter than 160 bits +are prohibited. All export cipher suites are prohibited since they all offer +less than 80 bits of security. SSL version 2 is prohibited. Any cipher suite +using MD5 for the MAC is also prohibited.

    +
    +
    Level 2
    + +
    +

    Security level set to 112 bits of security. As a result RSA, DSA and DH keys +shorter than 2048 bits and ECC keys shorter than 224 bits are prohibited. +In addition to the level 1 exclusions any cipher suite using RC4 is also +prohibited. SSL version 3 is also not allowed. Compression is disabled.

    +
    +
    Level 3
    + +
    +

    Security level set to 128 bits of security. As a result RSA, DSA and DH keys +shorter than 3072 bits and ECC keys shorter than 256 bits are prohibited. +In addition to the level 2 exclusions cipher suites not offering forward +secrecy are prohibited. TLS versions below 1.1 are not permitted. Session +tickets are disabled.

    +
    +
    Level 4
    + +
    +

    Security level set to 192 bits of security. As a result RSA, DSA and +DH keys shorter than 7680 bits and ECC keys shorter than 384 bits are +prohibited. Cipher suites using SHA1 for the MAC are prohibited. TLS +versions below 1.2 are not permitted.

    +
    +
    Level 5
    + +
    +

    Security level set to 256 bits of security. As a result RSA, DSA and DH keys +shorter than 15360 bits and ECC keys shorter than 512 bits are prohibited.

    +
    +
    +

    +

    +
    +

    APPLICATION DEFINED SECURITY CALLBACKS

    +

    Documentation to be provided.

    +

    +

    +
    +

    NOTES

    +

    WARNING at this time setting the security level higher than 1 for +general internet use is likely to cause considerable interoperability +issues and is not recommended. This is because the SHA1 algorithm +is very widely used in certificates and will be rejected at levels +higher than 1 because it only offers 80 bits of security.

    +

    The default security level can be configured when OpenSSL is compiled by +setting -DOPENSSL_TLS_SECURITY_LEVEL=level. If not set then 1 is used.

    +

    The security framework disables or reject parameters inconsistent with the +set security level. In the past this was difficult as applications had to set +a number of distinct parameters (supported ciphers, supported curves supported +signature algorithms) to achieve this end and some cases (DH parameter size +for example) could not be checked at all.

    +

    By setting an appropriate security level much of this complexity can be +avoided.

    +

    The bits of security limits affect all relevant parameters including +cipher suite encryption algorithms, supported ECC curves, supported +signature algorithms, DH parameter sizes, certificate key sizes and +signature algorithms. This limit applies no matter what other custom +settings an application has set: so if the cipher suite is set to ALL +then only cipher suites consistent with the security level are permissible.

    +

    See SP800-57 for how the security limits are related to individual +algorithms.

    +

    Some security levels require large key sizes for non-ECC public key +algorithms which can severely degrade performance. For example 256 bits +of security requires the use of RSA keys of at least 15360 bits in size.

    +

    Some restrictions can be gracefully handled: for example cipher suites +offering insufficient security are not sent by the client and will not +be selected by the server. Other restrictions such as the peer certificate +key size or the DH parameter size will abort the handshake with a fatal +alert.

    +

    Attempts to set certificates or parameters with insufficient security are +also blocked. For example trying to set a certificate using a 512 bit RSA +key using SSL_CTX_use_certificate() at level 1. Applications which do not +check the return values for errors will misbehave: for example it might +appear that a certificate is not set at all because it had been rejected.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_set_security_level() and SSL_set_security_level() do not return values.

    +

    SSL_CTX_get_security_level() and SSL_get_security_level() return a integer that +represents the security level with SSL_CTX or SSL, respectively.

    +

    SSL_CTX_set_security_callback() and SSL_set_security_callback() do not return +values.

    +

    SSL_CTX_get_security_callback() and SSL_get_security_callback() return the pointer +to the security callback or NULL if the callback is not set.

    +

    SSL_CTX_get0_security_ex_data() and SSL_get0_security_ex_data() return the extra +data pointer or NULL if the ex data is not set.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7)

    +

    +

    +
    +

    HISTORY

    +

    These functions were added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_session_cache_mode.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_session_cache_mode.html new file mode 100755 index 0000000..dc34e8a --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_session_cache_mode.html @@ -0,0 +1,177 @@ + + + + +SSL_CTX_set_session_cache_mode + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_session_cache_mode, SSL_CTX_get_session_cache_mode - enable/disable session caching

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + long SSL_CTX_set_session_cache_mode(SSL_CTX ctx, long mode);
+ long SSL_CTX_get_session_cache_mode(SSL_CTX ctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set_session_cache_mode() enables/disables session caching +by setting the operational mode for ctx to <mode>.

    +

    SSL_CTX_get_session_cache_mode() returns the currently used cache mode.

    +

    +

    +
    +

    NOTES

    +

    The OpenSSL library can store/retrieve SSL/TLS sessions for later reuse. +The sessions can be held in memory for each ctx, if more than one +SSL_CTX object is being maintained, the sessions are unique for each SSL_CTX +object.

    +

    In order to reuse a session, a client must send the session's id to the +server. It can only send exactly one id. The server then either +agrees to reuse the session or it starts a full handshake (to create a new +session).

    +

    A server will look up the session in its internal session storage. If the +session is not found in internal storage or lookups for the internal storage +have been deactivated (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP), the server will try +the external storage if available.

    +

    Since a client may try to reuse a session intended for use in a different +context, the session id context must be set by the server (see +SSL_CTX_set_session_id_context(3)).

    +

    The following session cache modes and modifiers are available:

    +
    +
    SSL_SESS_CACHE_OFF
    + +
    +

    No session caching for client or server takes place.

    +
    +
    SSL_SESS_CACHE_CLIENT
    + +
    +

    Client sessions are added to the session cache. As there is no reliable way +for the OpenSSL library to know whether a session should be reused or which +session to choose (due to the abstract BIO layer the SSL engine does not +have details about the connection), the application must select the session +to be reused by using the SSL_set_session(3) +function. This option is not activated by default.

    +
    +
    SSL_SESS_CACHE_SERVER
    + +
    +

    Server sessions are added to the session cache. When a client proposes a +session to be reused, the server looks for the corresponding session in (first) +the internal session cache (unless SSL_SESS_CACHE_NO_INTERNAL_LOOKUP is set), +then (second) in the external cache if available. If the session is found, the +server will try to reuse the session. This is the default.

    +
    +
    SSL_SESS_CACHE_BOTH
    + +
    +

    Enable both SSL_SESS_CACHE_CLIENT and SSL_SESS_CACHE_SERVER at the same time.

    +
    +
    SSL_SESS_CACHE_NO_AUTO_CLEAR
    + +
    +

    Normally the session cache is checked for expired sessions every +255 connections using the +SSL_CTX_flush_sessions(3) function. Since +this may lead to a delay which cannot be controlled, the automatic +flushing may be disabled and +SSL_CTX_flush_sessions(3) can be called +explicitly by the application.

    +
    +
    SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
    + +
    +

    By setting this flag, session-resume operations in an SSL/TLS server will not +automatically look up sessions in the internal cache, even if sessions are +automatically stored there. If external session caching callbacks are in use, +this flag guarantees that all lookups are directed to the external cache. +As automatic lookup only applies for SSL/TLS servers, the flag has no effect on +clients.

    +
    +
    SSL_SESS_CACHE_NO_INTERNAL_STORE
    + +
    +

    Depending on the presence of SSL_SESS_CACHE_CLIENT and/or SSL_SESS_CACHE_SERVER, +sessions negotiated in an SSL/TLS handshake may be cached for possible reuse. +Normally a new session is added to the internal cache as well as any external +session caching (callback) that is configured for the SSL_CTX. This flag will +prevent sessions being stored in the internal cache (though the application can +add them manually using SSL_CTX_add_session(3)). Note: +in any SSL/TLS servers where external caching is configured, any successful +session lookups in the external cache (ie. for session-resume requests) would +normally be copied into the local cache before processing continues - this flag +prevents these additions to the internal cache as well.

    +
    +
    SSL_SESS_CACHE_NO_INTERNAL
    + +
    +

    Enable both SSL_SESS_CACHE_NO_INTERNAL_LOOKUP and +SSL_SESS_CACHE_NO_INTERNAL_STORE at the same time.

    +
    +
    +

    The default mode is SSL_SESS_CACHE_SERVER.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_set_session_cache_mode() returns the previously set cache mode.

    +

    SSL_CTX_get_session_cache_mode() returns the currently set cache mode.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_set_session(3), +SSL_session_reused(3), +SSL_CTX_add_session(3), +SSL_CTX_sess_number(3), +SSL_CTX_sess_set_cache_size(3), +SSL_CTX_sess_set_get_cb(3), +SSL_CTX_set_session_id_context(3), +SSL_CTX_set_timeout(3), +SSL_CTX_flush_sessions(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_session_id_context.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_session_id_context.html new file mode 100755 index 0000000..c564da5 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_session_id_context.html @@ -0,0 +1,124 @@ + + + + +SSL_CTX_set_session_id_context + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_session_id_context, SSL_set_session_id_context - set context within which session can be reused (server side only)

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
+                                    unsigned int sid_ctx_len);
+ int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
+                                unsigned int sid_ctx_len);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set_session_id_context() sets the context sid_ctx of length +sid_ctx_len within which a session can be reused for the ctx object.

    +

    SSL_set_session_id_context() sets the context sid_ctx of length +sid_ctx_len within which a session can be reused for the ssl object.

    +

    +

    +
    +

    NOTES

    +

    Sessions are generated within a certain context. When exporting/importing +sessions with i2d_SSL_SESSION/d2i_SSL_SESSION it would be possible, +to re-import a session generated from another context (e.g. another +application), which might lead to malfunctions. Therefore each application +must set its own session id context sid_ctx which is used to distinguish +the contexts and is stored in exported sessions. The sid_ctx can be +any kind of binary data with a given length, it is therefore possible +to use e.g. the name of the application and/or the hostname and/or service +name ...

    +

    The session id context becomes part of the session. The session id context +is set by the SSL/TLS server. The SSL_CTX_set_session_id_context() and +SSL_set_session_id_context() functions are therefore only useful on the +server side.

    +

    OpenSSL clients will check the session id context returned by the server +when reusing a session.

    +

    The maximum length of the sid_ctx is limited to +SSL_MAX_SID_CTX_LENGTH.

    +

    +

    +
    +

    WARNINGS

    +

    If the session id context is not set on an SSL/TLS server and client +certificates are used, stored sessions +will not be reused but a fatal error will be flagged and the handshake +will fail.

    +

    If a server returns a different session id context to an OpenSSL client +when reusing a session, an error will be flagged and the handshake will +fail. OpenSSL servers will always return the correct session id context, +as an OpenSSL server checks the session id context itself before reusing +a session as described above.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_set_session_id_context() and SSL_set_session_id_context() +return the following values:

    +
      +
    1. +

      The length sid_ctx_len of the session id context sid_ctx exceeded +the maximum allowed length of SSL_MAX_SID_CTX_LENGTH. The error +is logged to the error stack.

      +
      2. +
    2. +

      The operation succeeded.

      +
      3. +
    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_session_ticket_cb.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_session_ticket_cb.html new file mode 100755 index 0000000..e006e9d --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_session_ticket_cb.html @@ -0,0 +1,223 @@ + + + + +SSL_CTX_set_session_ticket_cb + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_session_ticket_cb, +SSL_SESSION_get0_ticket_appdata, +SSL_SESSION_set1_ticket_appdata, +SSL_CTX_generate_session_ticket_fn, +SSL_CTX_decrypt_session_ticket_fn - manage session ticket application data

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + typedef int (*SSL_CTX_generate_session_ticket_fn)(SSL *s, void *arg);
+ typedef SSL_TICKET_RETURN (*SSL_CTX_decrypt_session_ticket_fn)(SSL *s, SSL_SESSION *ss,
+                                                                const unsigned char *keyname,
+                                                                size_t keyname_len,
+                                                                SSL_TICKET_STATUS status,
+                                                                void *arg);
+ int SSL_CTX_set_session_ticket_cb(SSL_CTX *ctx,
+                                   SSL_CTX_generate_session_ticket_fn gen_cb,
+                                   SSL_CTX_decrypt_session_ticket_fn dec_cb,
+                                   void *arg);
+ int SSL_SESSION_set1_ticket_appdata(SSL_SESSION *ss, const void *data, size_t len);
+ int SSL_SESSION_get0_ticket_appdata(SSL_SESSION *ss, void **data, size_t *len);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set_set_session_ticket_cb() sets the application callbacks gen_cb +and dec_cb that are used by a server to set and get application data stored +with a session, and placed into a session ticket. Either callback function may +be set to NULL. The value of arg is passed to the callbacks.

    +

    gen_cb is the application defined callback invoked when a session ticket is +about to be created. The application can call SSL_SESSION_set1_ticket_appdata() +at this time to add application data to the session ticket. The value of arg +is the same as that given to SSL_CTX_set_session_ticket_cb(). The gen_cb +callback is defined as type SSL_CTX_generate_session_ticket_fn.

    +

    dec_cb is the application defined callback invoked after session ticket +decryption has been attempted and any session ticket application data is +available. If ticket decryption was successful then the ss argument contains +the session data. The keyname and keyname_len arguments identify the key +used to decrypt the session ticket. The status argument is the result of the +ticket decryption. See the NOTES section below for further details. The value +of arg is the same as that given to SSL_CTX_set_session_ticket_cb(). The +dec_cb callback is defined as type SSL_CTX_decrypt_session_ticket_fn.

    +

    SSL_SESSION_set1_ticket_appdata() sets the application data specified by +data and len into ss which is then placed into any generated session +tickets. It can be called at any time before a session ticket is created to +update the data placed into the session ticket. However, given that sessions +and tickets are created by the handshake, the gen_cb is provided to notify +the application that a session ticket is about to be generated.

    +

    SSL_SESSION_get0_ticket_appdata() assigns data to the session ticket +application data and assigns len to the length of the session ticket +application data from ss. The application data can be set via +SSL_SESSION_set1_ticket_appdata() or by a session ticket. NULL will be assigned +to data and 0 will be assigned to len if there is no session ticket +application data. SSL_SESSION_get0_ticket_appdata() can be called any time +after a session has been created. The dec_cb is provided to notify the +application that a session ticket has just been decrypted.

    +

    +

    +
    +

    NOTES

    +

    When the dec_cb callback is invoked, the SSL_SESSION ss has not yet been +assigned to the SSL s. The status indicates the result of the ticket +decryption. The callback must check the status value before performing any +action, as it is called even if ticket decryption fails.

    +

    The keyname and keyname_len arguments to dec_cb may be used to identify +the key that was used to encrypt the session ticket.

    +

    The status argument can be any of these values:

    +
    +
    SSL_TICKET_EMPTY
    + +
    +

    Empty ticket present. No ticket data will be used and a new ticket should be +sent to the client. This only occurs in TLSv1.2 or below. In TLSv1.3 it is not +valid for a client to send an empty ticket.

    +
    +
    SSL_TICKET_NO_DECRYPT
    + +
    +

    The ticket couldn't be decrypted. No ticket data will be used and a new ticket +should be sent to the client.

    +
    +
    SSL_TICKET_SUCCESS
    + +
    +

    A ticket was successfully decrypted, any session ticket application data should +be available. A new ticket should not be sent to the client.

    +
    +
    SSL_TICKET_SUCCESS_RENEW
    + +
    +

    Same as SSL_TICKET_SUCCESS, but a new ticket should be sent to the client.

    +
    +
    +

    The return value can be any of these values:

    +
    +
    SSL_TICKET_RETURN_ABORT
    + +
    +

    The handshake should be aborted, either because of an error or because of some +policy. Note that in TLSv1.3 a client may send more than one ticket in a single +handshake. Therefore just because one ticket is unacceptable it does not mean +that all of them are. For this reason this option should be used with caution.

    +
    +
    SSL_TICKET_RETURN_IGNORE
    + +
    +

    Do not use a ticket (if one was available). Do not send a renewed ticket to the +client.

    +
    +
    SSL_TICKET_RETURN_IGNORE_RENEW
    + +
    +

    Do not use a ticket (if one was available). Send a renewed ticket to the client.

    +

    If the callback does not wish to change the default ticket behaviour then it +should return this value if status is SSL_TICKET_EMPTY or +SSL_TICKET_NO_DECRYPT.

    +
    +
    SSL_TICKET_RETURN_USE
    + +
    +

    Use the ticket. Do not send a renewed ticket to the client. It is an error for +the callback to return this value if status has a value other than +SSL_TICKET_SUCCESS or SSL_TICKET_SUCCESS_RENEW.

    +

    If the callback does not wish to change the default ticket behaviour then it +should return this value if status is SSL_TICKET_SUCCESS.

    +
    +
    SSL_TICKET_RETURN_USE_RENEW
    + +
    +

    Use the ticket. Send a renewed ticket to the client. It is an error for the +callback to return this value if status has a value other than +SSL_TICKET_SUCCESS or SSL_TICKET_SUCCESS_RENEW.

    +

    If the callback does not wish to change the default ticket behaviour then it +should return this value if status is SSL_TICKET_SUCCESS_RENEW.

    +
    +
    +

    If status has the value SSL_TICKET_EMPTY or SSL_TICKET_NO_DECRYPT then +no session data will be available and the callback must not use the ss +argument. If status has the value SSL_TICKET_SUCCESS or +SSL_TICKET_SUCCESS_RENEW then the application can call +SSL_SESSION_get0_ticket_appdata() using the session provided in the ss +argument to retrieve the application data.

    +

    When the gen_cb callback is invoked, the SSL_get_session() function can be +used to retrieve the SSL_SESSION for SSL_SESSION_set1_ticket_appdata().

    +

    By default, in TLSv1.2 and below, a new session ticket is not issued on a +successful resumption and therefore gen_cb will not be called. In TLSv1.3 the +default behaviour is to always issue a new ticket on resumption. In both cases +this behaviour can be changed if a ticket key callback is in use (see +SSL_CTX_set_tlsext_ticket_key_cb(3)).

    +

    +

    +
    +

    RETURN VALUES

    +

    The SSL_CTX_set_session_ticket_cb(), SSL_SESSION_set1_ticket_appdata() and +SSL_SESSION_get0_ticket_appdata() functions return 1 on success and 0 on +failure.

    +

    The gen_cb callback must return 1 to continue the connection. A return of 0 +will terminate the connection with an INTERNAL_ERROR alert.

    +

    The dec_cb callback must return a value as described in NOTES above.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_get_session(3)

    +

    +

    +
    +

    HISTORY

    +

    The SSL_CTX_set_session_ticket_cb(), SSSL_SESSION_set1_ticket_appdata() +and SSL_SESSION_get_ticket_appdata() functions were added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_split_send_fragment.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_split_send_fragment.html new file mode 100755 index 0000000..7fe30f2 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_split_send_fragment.html @@ -0,0 +1,215 @@ + + + + +SSL_CTX_set_split_send_fragment + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_max_send_fragment, SSL_set_max_send_fragment, +SSL_CTX_set_split_send_fragment, SSL_set_split_send_fragment, +SSL_CTX_set_max_pipelines, SSL_set_max_pipelines, +SSL_CTX_set_default_read_buffer_len, SSL_set_default_read_buffer_len, +SSL_CTX_set_tlsext_max_fragment_length, +SSL_set_tlsext_max_fragment_length, +SSL_SESSION_get_max_fragment_length - Control fragment size settings and pipelining operations

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + long SSL_CTX_set_max_send_fragment(SSL_CTX *ctx, long);
+ long SSL_set_max_send_fragment(SSL *ssl, long m);
    +
    + long SSL_CTX_set_max_pipelines(SSL_CTX *ctx, long m);
+ long SSL_set_max_pipelines(SSL_CTX *ssl, long m);
    +
    + long SSL_CTX_set_split_send_fragment(SSL_CTX *ctx, long m);
+ long SSL_set_split_send_fragment(SSL *ssl, long m);
    +
    + void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len);
+ void SSL_set_default_read_buffer_len(SSL *s, size_t len);
    +
    + int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode);
+ int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode);
+ uint8_t SSL_SESSION_get_max_fragment_length(SSL_SESSION *session);
    +

    +

    +
    +

    DESCRIPTION

    +

    Some engines are able to process multiple simultaneous crypto operations. This +capability could be utilised to parallelise the processing of a single +connection. For example a single write can be split into multiple records and +each one encrypted independently and in parallel. Note: this will only work in +TLS1.1+. There is no support in SSLv3, TLSv1.0 or DTLS (any version). This +capability is known as "pipelining" within OpenSSL.

    +

    In order to benefit from the pipelining capability. You need to have an engine +that provides ciphers that support this. The OpenSSL "dasync" engine provides +AES128-SHA based ciphers that have this capability. However these are for +development and test purposes only.

    +

    SSL_CTX_set_max_send_fragment() and SSL_set_max_send_fragment() set the +max_send_fragment parameter for SSL_CTX and SSL objects respectively. This +value restricts the amount of plaintext bytes that will be sent in any one +SSL/TLS record. By default its value is SSL3_RT_MAX_PLAIN_LENGTH (16384). These +functions will only accept a value in the range 512 - SSL3_RT_MAX_PLAIN_LENGTH.

    +

    SSL_CTX_set_max_pipelines() and SSL_set_max_pipelines() set the maximum number +of pipelines that will be used at any one time. This value applies to both +"read" pipelining and "write" pipelining. By default only one pipeline will be +used (i.e. normal non-parallel operation). The number of pipelines set must be +in the range 1 - SSL_MAX_PIPELINES (32). Setting this to a value > 1 will also +automatically turn on "read_ahead" (see SSL_CTX_set_read_ahead(3)). This is +explained further below. OpenSSL will only every use more than one pipeline if +a cipher suite is negotiated that uses a pipeline capable cipher provided by an +engine.

    +

    Pipelining operates slightly differently for reading encrypted data compared to +writing encrypted data. SSL_CTX_set_split_send_fragment() and +SSL_set_split_send_fragment() define how data is split up into pipelines when +writing encrypted data. The number of pipelines used will be determined by the +amount of data provided to the SSL_write_ex() or SSL_write() call divided by +split_send_fragment.

    +

    For example if split_send_fragment is set to 2000 and max_pipelines is 4 +then:

    +

    SSL_write/SSL_write_ex called with 0-2000 bytes == 1 pipeline used

    +

    SSL_write/SSL_write_ex called with 2001-4000 bytes == 2 pipelines used

    +

    SSL_write/SSL_write_ex called with 4001-6000 bytes == 3 pipelines used

    +

    SSL_write/SSL_write_ex called with 6001+ bytes == 4 pipelines used

    +

    split_send_fragment must always be less than or equal to +max_send_fragment. By default it is set to be equal to max_send_fragment. +This will mean that the same number of records will always be created as would +have been created in the non-parallel case, although the data will be +apportioned differently. In the parallel case data will be spread equally +between the pipelines.

    +

    Read pipelining is controlled in a slightly different way than with write +pipelining. While reading we are constrained by the number of records that the +peer (and the network) can provide to us in one go. The more records we can get +in one go the more opportunity we have to parallelise the processing. As noted +above when setting max_pipelines to a value greater than one, read_ahead +is automatically set. The read_ahead parameter causes OpenSSL to attempt to +read as much data into the read buffer as the network can provide and will fit +into the buffer. Without this set data is read into the read buffer one record +at a time. The more data that can be read, the more opportunity there is for +parallelising the processing at the cost of increased memory overhead per +connection. Setting read_ahead can impact the behaviour of the SSL_pending() +function (see SSL_pending(3)).

    +

    The SSL_CTX_set_default_read_buffer_len() and SSL_set_default_read_buffer_len() +functions control the size of the read buffer that will be used. The len +parameter sets the size of the buffer. The value will only be used if it is +greater than the default that would have been used anyway. The normal default +value depends on a number of factors but it will be at least +SSL3_RT_MAX_PLAIN_LENGTH + SSL3_RT_MAX_ENCRYPTED_OVERHEAD (16704) bytes.

    +

    SSL_CTX_set_tlsext_max_fragment_length() sets the default maximum fragment +length negotiation mode via value mode to ctx. +This setting affects only SSL instances created after this function is called. +It affects the client-side as only its side may initiate this extension use.

    +

    SSL_set_tlsext_max_fragment_length() sets the maximum fragment length +negotiation mode via value mode to ssl. +This setting will be used during a handshake when extensions are exchanged +between client and server. +So it only affects SSL sessions created after this function is called. +It affects the client-side as only its side may initiate this extension use.

    +

    SSL_SESSION_get_max_fragment_length() gets the maximum fragment length +negotiated in session.

    +

    +

    +
    +

    RETURN VALUES

    +

    All non-void functions return 1 on success and 0 on failure.

    +

    +

    +
    +

    NOTES

    +

    The Maximum Fragment Length extension support is optional on the server side. +If the server does not support this extension then +SSL_SESSION_get_max_fragment_length() will return: +TLSEXT_max_fragment_length_DISABLED.

    +

    The following modes are available:

    +
    +
    TLSEXT_max_fragment_length_DISABLED
    + +
    +

    Disables Maximum Fragment Length Negotiation (default).

    +
    +
    TLSEXT_max_fragment_length_512
    + +
    +

    Sets Maximum Fragment Length to 512 bytes.

    +
    +
    TLSEXT_max_fragment_length_1024
    + +
    +

    Sets Maximum Fragment Length to 1024.

    +
    +
    TLSEXT_max_fragment_length_2048
    + +
    +

    Sets Maximum Fragment Length to 2048.

    +
    +
    TLSEXT_max_fragment_length_4096
    + +
    +

    Sets Maximum Fragment Length to 4096.

    +
    +
    +

    With the exception of SSL_CTX_set_default_read_buffer_len() +SSL_set_default_read_buffer_len(), SSL_CTX_set_tlsext_max_fragment_length(), +SSL_set_tlsext_max_fragment_length() and SSL_SESSION_get_max_fragment_length() +all these functions are implemented using macros.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_CTX_set_read_ahead(3), SSL_pending(3)

    +

    +

    +
    +

    HISTORY

    +

    The SSL_CTX_set_max_pipelines(), SSL_set_max_pipelines(), +SSL_CTX_set_split_send_fragment(), SSL_set_split_send_fragment(), +SSL_CTX_set_default_read_buffer_len() and SSL_set_default_read_buffer_len() +functions were added in OpenSSL 1.1.0.

    +

    The SSL_CTX_set_tlsext_max_fragment_length(), SSL_set_tlsext_max_fragment_length() +and SSL_SESSION_get_max_fragment_length() functions were added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_srp_password.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_srp_password.html new file mode 100755 index 0000000..0dda921 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_srp_password.html @@ -0,0 +1,241 @@ + + + + +SSL_CTX_set_srp_password + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_srp_username, +SSL_CTX_set_srp_password, +SSL_CTX_set_srp_strength, +SSL_CTX_set_srp_cb_arg, +SSL_CTX_set_srp_username_callback, +SSL_CTX_set_srp_client_pwd_callback, +SSL_CTX_set_srp_verify_param_callback, +SSL_set_srp_server_param, +SSL_set_srp_server_param_pw, +SSL_get_srp_g, +SSL_get_srp_N, +SSL_get_srp_username, +SSL_get_srp_userinfo +- SRP control operations

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_CTX_set_srp_username(SSL_CTX *ctx, char *name);
+ int SSL_CTX_set_srp_password(SSL_CTX *ctx, char *password);
+ int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength);
+ int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg);
+ int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx,
+                                       int (*cb) (SSL *s, int *ad, void *arg));
+ int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx,
+                                         char *(*cb) (SSL *s, void *arg));
+ int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx,
+                                           int (*cb) (SSL *s, void *arg));
    +
    + int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g,
+                              BIGNUM *sa, BIGNUM *v, char *info);
+ int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass,
+                                 const char *grp);
    +
    + BIGNUM *SSL_get_srp_g(SSL *s);
+ BIGNUM *SSL_get_srp_N(SSL *s);
    +
    + char *SSL_get_srp_username(SSL *s);
+ char *SSL_get_srp_userinfo(SSL *s);
    +

    +

    +
    +

    DESCRIPTION

    +

    These functions provide access to SRP (Secure Remote Password) parameters, +an alternate authentication mechanism for TLS. SRP allows the use of user names +and passwords over unencrypted channels without revealing the password to an +eavesdropper. SRP also supplies a shared secret at the end of the authentication +sequence that can be used to generate encryption keys.

    +

    The SRP protocol, version 3 is specified in RFC 2945. SRP version 6 is described +in RFC 5054 with applications to TLS authentication.

    +

    The SSL_CTX_set_srp_username() function sets the SRP username for ctx. This +should be called on the client prior to creating a connection to the server. +The length of name must be shorter or equal to 255 characters.

    +

    The SSL_CTX_set_srp_password() function sets the SRP password for ctx. This +may be called on the client prior to creating a connection to the server. +This overrides the effect of SSL_CTX_set_srp_client_pwd_callback().

    +

    The SSL_CTX_set_srp_strength() function sets the SRP strength for ctx. This +is the minimal length of the SRP prime in bits. If not specified 1024 is used. +If not satisfied by the server key exchange the connection will be rejected.

    +

    The SSL_CTX_set_srp_cb_arg() function sets an extra parameter that will +be passed to all following callbacks as arg.

    +

    The SSL_CTX_set_srp_username_callback() function sets the server side callback +that is invoked when an SRP username is found in a ClientHello. +The callback parameters are the SSL connection s, a writable error flag ad +and the extra argument arg set by SSL_CTX_set_srp_cb_arg(). +This callback should setup the server for the key exchange by calling +SSL_set_srp_server_param() with the appropriate parameters for the received +username. The username can be obtained by calling SSL_get_srp_username(). +See SRP_VBASE_init(3) to parse the verifier file created by openssl-srp(1) or +SRP_create_verifier(3) to generate it. +The callback should return SSL_ERROR_NONE to proceed with the server key exchange, +SSL3_AL_FATAL for a fatal error or any value < 0 for a retryable error. +In the event of a SSL3_AL_FATAL the alert flag given by *al will be sent +back. By default this will be SSL_AD_UNKNOWN_PSK_IDENTITY.

    +

    The SSL_CTX_set_srp_client_pwd_callback() function sets the client password +callback on the client. +The callback parameters are the SSL connection s and the extra argument arg +set by SSL_CTX_set_srp_cb_arg(). +The callback will be called as part of the generation of the client secrets. +It should return the client password in text form or NULL to abort the connection. +The resulting memory will be freed by the library as part of the callback resolution. +This overrides the effect of SSL_CTX_set_srp_password().

    +

    The SSL_CTX_set_srp_verify_param_callback() sets the SRP gN parameter verification +callback on the client. This allows the client to perform custom verification when +receiving the server SRP proposed parameters. +The callback parameters are the SSL connection s and the extra argument arg +set by SSL_CTX_set_srp_cb_arg(). +The callback should return a positive value to accept the server parameters. +Returning 0 or a negative value will abort the connection. The server parameters +can be obtained by calling SSL_get_srp_N() and SSL_get_srp_g(). +Sanity checks are already performed by the library after the handshake +(B % N non zero, check against the strength parameter) and are not necessary. +If no callback is set the g and N parameters will be checked against +known RFC 5054 values.

    +

    The SSL_set_srp_server_param() function sets all SRP parameters for +the connection s. N and g are the SRP group parameters, sa is the +user salt, v the password verifier and info is the optional user info.

    +

    The SSL_set_srp_server_param_pw() function sets all SRP parameters for the +connection s by generating a random salt and a password verifier. +user is the username, pass the password and grp the SRP group parameters +identifier for SRP_get_default_gN(3).

    +

    The SSL_get_srp_g() function returns the SRP group generator for s, or from +the underlying SSL_CTX if it is NULL.

    +

    The SSL_get_srp_N() function returns the SRP prime for s, or from +the underlying SSL_CTX if it is NULL.

    +

    The SSL_get_srp_username() function returns the SRP username for s, or from +the underlying SSL_CTX if it is NULL.

    +

    The SSL_get_srp_userinfo() function returns the SRP user info for s, or from +the underlying SSL_CTX if it is NULL.

    +

    +

    +
    +

    RETURN VALUES

    +

    All SSL_CTX_set_* functions return 1 on success and 0 on failure.

    +

    SSL_set_srp_server_param() returns 1 on success and -1 on failure.

    +

    The SSL_get_SRP_* functions return a pointer to the requested data, the memory +is owned by the library and should not be freed by the caller.

    +

    +

    +
    +

    EXAMPLES

    +

    Setup SRP parameters on the client:

    +
    + #include <openssl/ssl.h>
    +
    + const char *username = "username";
+ const char *password = "password";
    +
    + SSL_CTX *ctx = SSL_CTX_new(TLS_client_method());
+ if (!ctx)
+     /* Error */
+ if (!SSL_CTX_set_srp_username(ctx, username))
+     /* Error */
+ if (!SSL_CTX_set_srp_password(ctx, password))
+     /* Error */
    +

    Setup SRP server with verifier file:

    +
    + #include <openssl/srp.h>
+ #include <openssl/ssl.h>
    +
    + const char *srpvfile = "password.srpv";
    +
    + int srpServerCallback(SSL *s, int *ad, void *arg)
+ {
+     SRP_VBASE *srpData = (SRP_VBASE*) arg;
+     char *username = SSL_get_srp_username(s);
    +
    +     SRP_user_pwd *user_pwd = SRP_VBASE_get1_by_user(srpData, username);
+     if (!user_pwd)
+         /* Error */
+         return SSL3_AL_FATAL;
    +
    +     if (SSL_set_srp_server_param(s, user_pwd->N, user_pwd->g,
+         user_pwd->s, user_pwd->v, user_pwd->info) < 0)
+         /* Error */
    +
    +     SRP_user_pwd_free(user_pwd);
+     return SSL_ERROR_NONE;
+ }
    +
    + SSL_CTX *ctx = SSL_CTX_new(TLS_server_method());
+ if (!ctx)
+     /* Error */
    +
    + /*
+  * seedKey should contain a NUL terminated sequence
+  * of random non NUL bytes
+  */
+ const char *seedKey;
    +
    + SRP_VBASE *srpData = SRP_VBASE_new(seedKey);
+ if (SRP_VBASE_init(srpData, (char*) srpvfile) != SRP_NO_ERROR)
+    /* Error */
    +
    + SSL_CTX_set_srp_cb_arg(ctx, srpData);
+ SSL_CTX_set_srp_username_callback(ctx, srpServerCallback);
    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +openssl-srp(1), +SRP_VBASE_new(3), +SRP_create_verifier(3)

    +

    +

    +
    +

    HISTORY

    +

    These functions were added in OpenSSL 1.0.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_ssl_version.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_ssl_version.html new file mode 100755 index 0000000..1b5f443 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_ssl_version.html @@ -0,0 +1,102 @@ + + + + +SSL_CTX_set_ssl_version + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_ssl_version, SSL_set_ssl_method, SSL_get_ssl_method +- choose a new TLS/SSL method

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *method);
+ int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method);
+ const SSL_METHOD *SSL_get_ssl_method(const SSL *ssl);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set_ssl_version() sets a new default TLS/SSL method for SSL objects +newly created from this ctx. SSL objects already created with +SSL_new(3) are not affected, except when +SSL_clear(3) is being called.

    +

    SSL_set_ssl_method() sets a new TLS/SSL method for a particular ssl +object. It may be reset, when SSL_clear() is called.

    +

    SSL_get_ssl_method() returns a function pointer to the TLS/SSL method +set in ssl.

    +

    +

    +
    +

    NOTES

    +

    The available method choices are described in +SSL_CTX_new(3).

    +

    When SSL_clear(3) is called and no session is connected to +an SSL object, the method of the SSL object is reset to the method currently +set in the corresponding SSL_CTX object.

    +

    +

    +
    +

    RETURN VALUES

    +

    The following return values can occur for SSL_CTX_set_ssl_version() +and SSL_set_ssl_method():

    +
      +
    1. +

      The new choice failed, check the error stack to find out the reason.

      +
      2. +
    2. +

      The operation succeeded.

      +
      3. +
    +

    +

    +
    +

    SEE ALSO

    +

    SSL_CTX_new(3), SSL_new(3), +SSL_clear(3), ssl(7), +SSL_set_connect_state(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_stateless_cookie_generate_cb.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_stateless_cookie_generate_cb.html new file mode 100755 index 0000000..b6eadbc --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_stateless_cookie_generate_cb.html @@ -0,0 +1,132 @@ + + + + +SSL_CTX_set_stateless_cookie_generate_cb + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_stateless_cookie_generate_cb, +SSL_CTX_set_stateless_cookie_verify_cb, +SSL_CTX_set_cookie_generate_cb, +SSL_CTX_set_cookie_verify_cb +- Callback functions for stateless TLS1.3 cookies

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + void SSL_CTX_set_stateless_cookie_generate_cb(
+     SSL_CTX *ctx,
+     int (*gen_stateless_cookie_cb) (SSL *ssl,
+                                     unsigned char *cookie,
+                                     size_t *cookie_len));
+ void SSL_CTX_set_stateless_cookie_verify_cb(
+     SSL_CTX *ctx,
+     int (*verify_stateless_cookie_cb) (SSL *ssl,
+                                        const unsigned char *cookie,
+                                        size_t cookie_len));
    +
    + void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
+                                     int (*app_gen_cookie_cb) (SSL *ssl,
+                                                               unsigned char
+                                                               *cookie,
+                                                               unsigned int
+                                                               *cookie_len));
+ void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
+                                   int (*app_verify_cookie_cb) (SSL *ssl,
+                                                                const unsigned
+                                                                char *cookie,
+                                                                unsigned int
+                                                                cookie_len));
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set_stateless_cookie_generate_cb() sets the callback used by +SSL_stateless(3) to generate the application-controlled portion of the cookie +provided to clients in the HelloRetryRequest transmitted as a response to a +ClientHello with a missing or invalid cookie. gen_stateless_cookie_cb() must +write at most SSL_COOKIE_LENGTH bytes into cookie, and must write the number +of bytes written to cookie_len. If a cookie cannot be generated, a zero +return value can be used to abort the handshake.

    +

    SSL_CTX_set_stateless_cookie_verify_cb() sets the callback used by +SSL_stateless(3) to determine whether the application-controlled portion of a +ClientHello cookie is valid. The cookie data is pointed to by cookie and is of +length cookie_len. A nonzero return value from verify_stateless_cookie_cb() +communicates that the cookie is valid. The integrity of the entire cookie, +including the application-controlled portion, is automatically verified by HMAC +before verify_stateless_cookie_cb() is called.

    +

    SSL_CTX_set_cookie_generate_cb() sets the callback used by DTLSv1_listen(3) +to generate the cookie provided to clients in the HelloVerifyRequest transmitted +as a response to a ClientHello with a missing or invalid cookie. +app_gen_cookie_cb() must write at most DTLS1_COOKIE_LENGTH bytes into +cookie, and must write the number of bytes written to cookie_len. If a +cookie cannot be generated, a zero return value can be used to abort the +handshake.

    +

    SSL_CTX_set_cookie_verify_cb() sets the callback used by DTLSv1_listen(3) to +determine whether the cookie in a ClientHello is valid. The cookie data is +pointed to by cookie and is of length cookie_len. A nonzero return value +from app_verify_cookie_cb() communicates that the cookie is valid. The +integrity of the cookie is not verified by OpenSSL. This is an application +responsibility.

    +

    +

    +
    +

    RETURN VALUES

    +

    Neither function returns a value.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_stateless(3), +DTLSv1_listen(3)

    +

    +

    +
    +

    HISTORY

    +

    SSL_CTX_set_stateless_cookie_generate_cb() and +SSL_CTX_set_stateless_cookie_verify_cb() were added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_timeout.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_timeout.html new file mode 100755 index 0000000..9d64711 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_timeout.html @@ -0,0 +1,101 @@ + + + + +SSL_CTX_set_timeout + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_timeout, SSL_CTX_get_timeout - manipulate timeout values for session caching

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + long SSL_CTX_set_timeout(SSL_CTX *ctx, long t);
+ long SSL_CTX_get_timeout(SSL_CTX *ctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set_timeout() sets the timeout for newly created sessions for +ctx to t. The timeout value t must be given in seconds.

    +

    SSL_CTX_get_timeout() returns the currently set timeout value for ctx.

    +

    +

    +
    +

    NOTES

    +

    Whenever a new session is created, it is assigned a maximum lifetime. This +lifetime is specified by storing the creation time of the session and the +timeout value valid at this time. If the actual time is later than creation +time plus timeout, the session is not reused.

    +

    Due to this realization, all sessions behave according to the timeout value +valid at the time of the session negotiation. Changes of the timeout value +do not affect already established sessions.

    +

    The expiration time of a single session can be modified using the +SSL_SESSION_get_time(3) family of functions.

    +

    Expired sessions are removed from the internal session cache, whenever +SSL_CTX_flush_sessions(3) is called, either +directly by the application or automatically (see +SSL_CTX_set_session_cache_mode(3))

    +

    The default value for session timeout is decided on a per protocol +basis, see SSL_get_default_timeout(3). +All currently supported protocols have the same default timeout value +of 300 seconds.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_set_timeout() returns the previously set timeout value.

    +

    SSL_CTX_get_timeout() returns the currently set timeout value.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_CTX_set_session_cache_mode(3), +SSL_SESSION_get_time(3), +SSL_CTX_flush_sessions(3), +SSL_get_default_timeout(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_tlsext_servername_callback.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_tlsext_servername_callback.html new file mode 100755 index 0000000..28b39e1 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_tlsext_servername_callback.html @@ -0,0 +1,213 @@ + + + + +SSL_CTX_set_tlsext_servername_callback + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_tlsext_servername_callback, SSL_CTX_set_tlsext_servername_arg, +SSL_get_servername_type, SSL_get_servername, +SSL_set_tlsext_host_name - handle server name indication (SNI)

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + long SSL_CTX_set_tlsext_servername_callback(SSL_CTX *ctx,
+                                   int (*cb)(SSL *s, int *al, void *arg));
+ long SSL_CTX_set_tlsext_servername_arg(SSL_CTX *ctx, void *arg);
    +
    + const char *SSL_get_servername(const SSL *s, const int type);
+ int SSL_get_servername_type(const SSL *s);
    +
    + int SSL_set_tlsext_host_name(const SSL *s, const char *name);
    +

    +

    +
    +

    DESCRIPTION

    +

    The functionality provided by the servername callback is mostly superseded by +the ClientHello callback, which can be set using SSL_CTX_set_client_hello_cb(). +However, even where the ClientHello callback is used, the servername callback is +still necessary in order to acknowledge the servername requested by the client.

    +

    SSL_CTX_set_tlsext_servername_callback() sets the application callback cb +used by a server to perform any actions or configuration required based on +the servername extension received in the incoming connection. When cb +is NULL, SNI is not used.

    +

    The servername callback should return one of the following values:

    +
    +
    SSL_TLSEXT_ERR_OK
    + +
    +

    This is used to indicate that the servername requested by the client has been +accepted. Typically a server will call SSL_set_SSL_CTX() in the callback to set +up a different configuration for the selected servername in this case.

    +
    +
    SSL_TLSEXT_ERR_ALERT_FATAL
    + +
    +

    In this case the servername requested by the client is not accepted and the +handshake will be aborted. The value of the alert to be used should be stored in +the location pointed to by the al parameter to the callback. By default this +value is initialised to SSL_AD_UNRECOGNIZED_NAME.

    +
    +
    SSL_TLSEXT_ERR_ALERT_WARNING
    + +
    +

    If this value is returned then the servername is not accepted by the server. +However the handshake will continue and send a warning alert instead. The value +of the alert should be stored in the location pointed to by the al parameter +as for SSL_TLSEXT_ERR_ALERT_FATAL above. Note that TLSv1.3 does not support +warning alerts, so if TLSv1.3 has been negotiated then this return value is +treated the same way as SSL_TLSEXT_ERR_NOACK.

    +
    +
    SSL_TLSEXT_ERR_NOACK
    + +
    +

    This return value indicates that the servername is not accepted by the server. +No alerts are sent and the server will not acknowledge the requested servername.

    +
    +
    +

    SSL_CTX_set_tlsext_servername_arg() sets a context-specific argument to be +passed into the callback (via the arg parameter) for this SSL_CTX.

    +

    The behaviour of SSL_get_servername() depends on a number of different factors. +In particular note that in TLSv1.3 the servername is negotiated in every +handshake. In TLSv1.2 the servername is only negotiated on initial handshakes +and not on resumption handshakes.

    +
    +
    On the client, before the handshake
    + +
    +

    If a servername has been set via a call to SSL_set_tlsext_host_name() then it +will return that servername.

    +

    If one has not been set, but a TLSv1.2 resumption is being attempted and the +session from the original handshake had a servername accepted by the server then +it will return that servername.

    +

    Otherwise it returns NULL.

    +
    +
    On the client, during or after the handshake and a TLSv1.2 (or below) +resumption occurred
    + +
    +

    If the session from the orignal handshake had a servername accepted by the +server then it will return that servername.

    +

    Otherwise it returns the servername set via SSL_set_tlsext_host_name() or NULL +if it was not called.

    +
    +
    On the client, during or after the handshake and a TLSv1.2 (or below) +resumption did not occur
    + +
    +

    It will return the servername set via SSL_set_tlsext_host_name() or NULL if it +was not called.

    +
    +
    On the server, before the handshake
    + +
    +

    The function will always return NULL before the handshake

    +
    +
    On the server, after the servername extension has been processed and a +TLSv1.2 (or below) resumption occurred
    + +
    +

    If a servername was accepted by the server in the original handshake then it +will return that servername, or NULL otherwise.

    +
    +
    On the server, after the servername extension has been processed and a +TLSv1.2 (or below) resumption did not occur
    + +
    +

    The function will return the servername requested by the client in this +handshake or NULL if none was requested.

    +
    +
    +

    Note that the ClientHello callback occurs before a servername extension from the +client is processed. The servername, certificate and ALPN callbacks occur after +a servername extension from the client is processed.

    +

    SSL_get_servername_type() returns the servername type or -1 if no servername +is present. Currently the only supported type (defined in RFC3546) is +TLSEXT_NAMETYPE_host_name.

    +

    SSL_set_tlsext_host_name() sets the server name indication ClientHello extension +to contain the value name. The type of server name indication extension is set +to TLSEXT_NAMETYPE_host_name (defined in RFC3546).

    +

    +

    +
    +

    NOTES

    +

    Several callbacks are executed during ClientHello processing, including +the ClientHello, ALPN, and servername callbacks. The ClientHello callback is +executed first, then the servername callback, followed by the ALPN callback.

    +

    The SSL_set_tlsext_host_name() function should only be called on SSL objects +that will act as clients; otherwise the configured name will be ignored.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_set_tlsext_servername_callback() and +SSL_CTX_set_tlsext_servername_arg() both always return 1 indicating success. +SSL_set_tlsext_host_name() returns 1 on success, 0 in case of error.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_CTX_set_alpn_select_cb(3), +SSL_get0_alpn_selected(3), SSL_CTX_set_client_hello_cb(3)

    +

    +

    +
    +

    HISTORY

    +

    SSL_get_servername() historically provided some unexpected results in certain +corner cases. This has been fixed from OpenSSL 1.1.1e.

    +

    Prior to 1.1.1e, when the client requested a servername in an initial TLSv1.2 +handshake, the server accepted it, and then the client successfully resumed but +set a different explict servername in the second handshake then when called by +the client it returned the servername from the second handshake. This has now +been changed to return the servername requested in the original handshake.

    +

    Also prior to 1.1.1e, if the client sent a servername in the first handshake but +the server did not accept it, and then a second handshake occured where TLSv1.2 +resumption was successful then when called by the server it returned the +servername requested in the original handshake. This has now been changed to +NULL.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_tlsext_status_cb.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_tlsext_status_cb.html new file mode 100755 index 0000000..67cf517 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_tlsext_status_cb.html @@ -0,0 +1,157 @@ + + + + +SSL_CTX_set_tlsext_status_cb + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_tlsext_status_cb, +SSL_CTX_get_tlsext_status_cb, +SSL_CTX_set_tlsext_status_arg, +SSL_CTX_get_tlsext_status_arg, +SSL_CTX_set_tlsext_status_type, +SSL_CTX_get_tlsext_status_type, +SSL_set_tlsext_status_type, +SSL_get_tlsext_status_type, +SSL_get_tlsext_status_ocsp_resp, +SSL_set_tlsext_status_ocsp_resp +- OCSP Certificate Status Request functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/tls1.h>
    +
    + long SSL_CTX_set_tlsext_status_cb(SSL_CTX *ctx, int (*callback)(SSL *, void *));
+ long SSL_CTX_get_tlsext_status_cb(SSL_CTX *ctx, int (**callback)(SSL *, void *));
    +
    + long SSL_CTX_set_tlsext_status_arg(SSL_CTX *ctx, void *arg);
+ long SSL_CTX_get_tlsext_status_arg(SSL_CTX *ctx, void **arg);
    +
    + long SSL_CTX_set_tlsext_status_type(SSL_CTX *ctx, int type);
+ long SSL_CTX_get_tlsext_status_type(SSL_CTX *ctx);
    +
    + long SSL_set_tlsext_status_type(SSL *s, int type);
+ long SSL_get_tlsext_status_type(SSL *s);
    +
    + long SSL_get_tlsext_status_ocsp_resp(ssl, unsigned char **resp);
+ long SSL_set_tlsext_status_ocsp_resp(ssl, unsigned char *resp, int len);
    +

    +

    +
    +

    DESCRIPTION

    +

    A client application may request that a server send back an OCSP status response +(also known as OCSP stapling). To do so the client should call the +SSL_CTX_set_tlsext_status_type() function prior to the creation of any SSL +objects. Alternatively an application can call the SSL_set_tlsext_status_type() +function on an individual SSL object prior to the start of the handshake. +Currently the only supported type is TLSEXT_STATUSTYPE_ocsp. This value +should be passed in the type argument. Calling +SSL_CTX_get_tlsext_status_type() will return the type TLSEXT_STATUSTYPE_ocsp +previously set via SSL_CTX_set_tlsext_status_type() or -1 if not set.

    +

    The client should additionally provide a callback function to decide what to do +with the returned OCSP response by calling SSL_CTX_set_tlsext_status_cb(). The +callback function should determine whether the returned OCSP response is +acceptable or not. The callback will be passed as an argument the value +previously set via a call to SSL_CTX_set_tlsext_status_arg(). Note that the +callback will not be called in the event of a handshake where session resumption +occurs (because there are no Certificates exchanged in such a handshake). +The callback previously set via SSL_CTX_set_tlsext_status_cb() can be retrieved +by calling SSL_CTX_get_tlsext_status_cb(), and the argument by calling +SSL_CTX_get_tlsext_status_arg().

    +

    On the client side SSL_get_tlsext_status_type() can be used to determine whether +the client has previously called SSL_set_tlsext_status_type(). It will return +TLSEXT_STATUSTYPE_ocsp if it has been called or -1 otherwise. On the server +side SSL_get_tlsext_status_type() can be used to determine whether the client +requested OCSP stapling. If the client requested it then this function will +return TLSEXT_STATUSTYPE_ocsp, or -1 otherwise.

    +

    The response returned by the server can be obtained via a call to +SSL_get_tlsext_status_ocsp_resp(). The value *resp will be updated to point +to the OCSP response data and the return value will be the length of that data. +Typically a callback would obtain an OCSP_RESPONSE object from this data via a +call to the d2i_OCSP_RESPONSE() function. If the server has not provided any +response data then *resp will be NULL and the return value from +SSL_get_tlsext_status_ocsp_resp() will be -1.

    +

    A server application must also call the SSL_CTX_set_tlsext_status_cb() function +if it wants to be able to provide clients with OCSP Certificate Status +responses. Typically the server callback would obtain the server certificate +that is being sent back to the client via a call to SSL_get_certificate(); +obtain the OCSP response to be sent back; and then set that response data by +calling SSL_set_tlsext_status_ocsp_resp(). A pointer to the response data should +be provided in the resp argument, and the length of that data should be in +the len argument.

    +

    +

    +
    +

    RETURN VALUES

    +

    The callback when used on the client side should return a negative value on +error; 0 if the response is not acceptable (in which case the handshake will +fail) or a positive value if it is acceptable.

    +

    The callback when used on the server side should return with either +SSL_TLSEXT_ERR_OK (meaning that the OCSP response that has been set should be +returned), SSL_TLSEXT_ERR_NOACK (meaning that an OCSP response should not be +returned) or SSL_TLSEXT_ERR_ALERT_FATAL (meaning that a fatal error has +occurred).

    +

    SSL_CTX_set_tlsext_status_cb(), SSL_CTX_set_tlsext_status_arg(), +SSL_CTX_set_tlsext_status_type(), SSL_set_tlsext_status_type() and +SSL_set_tlsext_status_ocsp_resp() return 0 on error or 1 on success.

    +

    SSL_CTX_get_tlsext_status_type() returns the value previously set by +SSL_CTX_set_tlsext_status_type(), or -1 if not set.

    +

    SSL_get_tlsext_status_ocsp_resp() returns the length of the OCSP response data +or -1 if there is no OCSP response data.

    +

    SSL_get_tlsext_status_type() returns TLSEXT_STATUSTYPE_ocsp on the client +side if SSL_set_tlsext_status_type() was previously called, or on the server +side if the client requested OCSP stapling. Otherwise -1 is returned.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7)

    +

    +

    +
    +

    HISTORY

    +

    The SSL_get_tlsext_status_type(), SSL_CTX_get_tlsext_status_type() +and SSL_CTX_set_tlsext_status_type() functions were added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_tlsext_ticket_key_cb.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_tlsext_ticket_key_cb.html new file mode 100755 index 0000000..93cba2a --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_tlsext_ticket_key_cb.html @@ -0,0 +1,265 @@ + + + + +SSL_CTX_set_tlsext_ticket_key_cb + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_tlsext_ticket_key_evp_cb, +SSL_CTX_set_tlsext_ticket_key_cb +- set a callback for session ticket processing

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/tls1.h>
    +
    + int SSL_CTX_set_tlsext_ticket_key_evp_cb(SSL_CTX sslctx,
+     int (*cb)(SSL *s, unsigned char key_name[16],
+               unsigned char iv[EVP_MAX_IV_LENGTH],
+               EVP_CIPHER_CTX *ctx, EVP_MAC_CTX *hctx, int enc));
    +

    Deprecated since OpenSSL 3.0, can be hidden entirely by defining +OPENSSL_API_COMPAT with a suitable version value, see +openssl_user_macros(7):

    +
    + int SSL_CTX_set_tlsext_ticket_key_cb(SSL_CTX sslctx,
+     int (*cb)(SSL *s, unsigned char key_name[16],
+               unsigned char iv[EVP_MAX_IV_LENGTH],
+               EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc));
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set_tlsext_ticket_key_evp_cb() sets a callback function cb for handling +session tickets for the ssl context sslctx. Session tickets, defined in +RFC5077 provide an enhanced session resumption capability where the server +implementation is not required to maintain per session state. It only applies +to TLS and there is no SSLv3 implementation.

    +

    The callback function cb will be called for every client instigated TLS +session when session ticket extension is presented in the TLS hello +message. It is the responsibility of this function to create or retrieve the +cryptographic parameters and to maintain their state.

    +

    The OpenSSL library uses your callback function to help implement a common TLS +ticket construction state according to RFC5077 Section 4 such that per session +state is unnecessary and a small set of cryptographic variables needs to be +maintained by the callback function implementation.

    +

    In order to reuse a session, a TLS client must send the a session ticket +extension to the server. The client can only send exactly one session ticket. +The server, through the callback function, either agrees to reuse the session +ticket information or it starts a full TLS handshake to create a new session +ticket.

    +

    Before the callback function is started ctx and hctx have been +initialised with EVP_CIPHER_CTX_reset(3) and EVP_MAC_CTX_new(3) +respectively.

    +

    For new sessions tickets, when the client doesn't present a session ticket, or +an attempted retrieval of the ticket failed, or a renew option was indicated, +the callback function will be called with enc equal to 1. The OpenSSL +library expects that the function will set an arbitrary name, initialize +iv, and set the cipher context ctx and the hash context hctx.

    +

    The name is 16 characters long and is used as a key identifier.

    +

    The iv length is the length of the IV of the corresponding cipher. The +maximum IV length is EVP_MAX_IV_LENGTH bytes defined in evp.h.

    +

    The initialization vector iv should be a random value. The cipher context +ctx should use the initialisation vector iv. The cipher context can be +set using EVP_EncryptInit_ex(3). The hmac context and digest can be set using +EVP_MAC_CTX_set_params(3) with the OSSL_MAC_PARAM_KEY and +OSSL_MAC_PARAM_DIGEST parameters respectively.

    +

    When the client presents a session ticket, the callback function with be called +with enc set to 0 indicating that the cb function should retrieve a set +of parameters. In this case name and iv have already been parsed out of +the session ticket. The OpenSSL library expects that the name will be used +to retrieve a cryptographic parameters and that the cryptographic context +ctx will be set with the retrieved parameters and the initialization vector +iv. using a function like EVP_DecryptInit_ex(3). The key material and +digest for hctx need to be set using EVP_MAC_CTX_set_params(3) with the +OSSL_MAC_PARAM_KEY and OSSL_MAC_PARAM_DIGEST parameters respectively.

    +

    If the name is still valid but a renewal of the ticket is required the +callback function should return 2. The library will call the callback again +with an argument of enc equal to 1 to set the new ticket.

    +

    The return value of the cb function is used by OpenSSL to determine what +further processing will occur. The following return values have meaning:

    +
      +
    1. +

      This indicates that the ctx and hctx have been set and the session can +continue on those parameters. Additionally it indicates that the session +ticket is in a renewal period and should be replaced. The OpenSSL library will +call cb again with an enc argument of 1 to set the new ticket (see RFC5077 +3.3 paragraph 2).

      +
      2. +
    2. +

      This indicates that the ctx and hctx have been set and the session can +continue on those parameters.

      +
      3. +
    3. +

      This indicates that it was not possible to set/retrieve a session ticket and +the SSL/TLS session will continue by negotiating a set of cryptographic +parameters or using the alternate SSL/TLS resumption mechanism, session ids.

      +

      If called with enc equal to 0 the library will call the cb again to get +a new set of parameters.

      + +
      less than 0
      + +
      +

      This indicates an error.

      +
      4. +
    +

    The SSL_CTX_set_tlsext_ticket_key_cb() function is identical to +SSL_CTX_set_tlsext_ticket_key_evp_cb() except that it takes a deprecated +HMAC_CTX pointer instead of an EVP_MAC_CTX one. +Before this callback function is started hctx will have been +initialised with EVP_MAC_CTX_new(3) and the digest set with +EVP_MAC_CTX_set_params(3). +The hctx key material can be set using HMAC_Init_ex(3).

    +

    +

    +
    +

    NOTES

    +

    Session resumption shortcuts the TLS so that the client certificate +negotiation don't occur. It makes up for this by storing client certificate +an all other negotiated state information encrypted within the ticket. In a +resumed session the applications will have all this state information available +exactly as if a full negotiation had occurred.

    +

    If an attacker can obtain the key used to encrypt a session ticket, they can +obtain the master secret for any ticket using that key and decrypt any traffic +using that session: even if the cipher suite supports forward secrecy. As +a result applications may wish to use multiple keys and avoid using long term +keys stored in files.

    +

    Applications can use longer keys to maintain a consistent level of security. +For example if a cipher suite uses 256 bit ciphers but only a 128 bit ticket key +the overall security is only 128 bits because breaking the ticket key will +enable an attacker to obtain the session keys.

    +

    +

    +
    +

    RETURN VALUES

    +

    returns 0 to indicate the callback function was set.

    +

    +

    +
    +

    EXAMPLES

    +

    Reference Implementation:

    +
    + SSL_CTX_set_tlsext_ticket_key_evp_cb(SSL, ssl_tlsext_ticket_key_cb);
+ ...
    +
    + static int ssl_tlsext_ticket_key_cb(SSL *s, unsigned char key_name[16],
+                                     unsigned char *iv, EVP_CIPHER_CTX *ctx,
+                                     EVP_MAC_CTX *hctx, int enc)
+ {
+     OSSL_PARAM params[3];
    +
    +     if (enc) { /* create new session */
+         if (RAND_bytes(iv, EVP_MAX_IV_LENGTH) <= 0)
+             return -1; /* insufficient random */
    +
    +         key = currentkey(); /* something that you need to implement */
+         if (key == NULL) {
+             /* current key doesn't exist or isn't valid */
+             key = createkey(); /*
+                                 * Something that you need to implement.
+                                 * createkey needs to initialise a name,
+                                 * an aes_key, a hmac_key and optionally
+                                 * an expire time.
+                                 */
+             if (key == NULL) /* key couldn't be created */
+                 return 0;
+         }
+         memcpy(key_name, key->name, 16);
    +
    +         EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key->aes_key, iv);
    +
    +         params[0] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY,
+                                                       key->hmac_key, 16);
+         params[1] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST,
+                                                      "sha256", 0);
+         params[2] = OSSL_PARAM_construct_end();
+         EVP_MAC_CTX_set_params(hctx, params);
    +
    +         return 1;
    +
    +     } else { /* retrieve session */
+         key = findkey(name);
    +
    +         if (key == NULL || key->expire < now())
+             return 0;
    +
    +         params[0] = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
+                                                       key->hmac_key, 16);
+         params[1] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST,
+                                                      "sha256", 0);
+         params[2] = OSSL_PARAM_construct_end();
+         EVP_MAC_CTX_set_params(hctx, params);
    +
    +         EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key->aes_key, iv);
    +
    +         if (key->expire < now() - RENEW_TIME) {
+             /*
+              * return 2 - This session will get a new ticket even though the
+              * current one is still valid.
+              */
+             return 2;
+         }
+         return 1;
+     }
+ }
    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_set_session(3), +SSL_session_reused(3), +SSL_CTX_add_session(3), +SSL_CTX_sess_number(3), +SSL_CTX_sess_set_get_cb(3), +SSL_CTX_set_session_id_context(3),

    +

    +

    +
    +

    HISTORY

    +

    The SSL_CTX_set_tlsext_ticket_key_cb() function was deprecated in OpenSSL 3.0.

    +

    The SSL_CTX_set_tlsext_ticket_key_evp_cb() function was introduced in +OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_tlsext_use_srtp.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_tlsext_use_srtp.html new file mode 100755 index 0000000..399c1d7 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_tlsext_use_srtp.html @@ -0,0 +1,142 @@ + + + + +SSL_CTX_set_tlsext_use_srtp + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_tlsext_use_srtp, +SSL_set_tlsext_use_srtp, +SSL_get_srtp_profiles, +SSL_get_selected_srtp_profile +- Configure and query SRTP support

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/srtp.h>
    +
    + int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles);
+ int SSL_set_tlsext_use_srtp(SSL *ssl, const char *profiles);
    +
    + STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl);
+ SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s);
    +

    +

    +
    +

    DESCRIPTION

    +

    SRTP is the Secure Real-Time Transport Protocol. OpenSSL implements support for +the "use_srtp" DTLS extension defined in RFC5764. This provides a mechanism for +establishing SRTP keying material, algorithms and parameters using DTLS. This +capability may be used as part of an implementation that conforms to RFC5763. +OpenSSL does not implement SRTP itself or RFC5763. Note that OpenSSL does not +support the use of SRTP Master Key Identifiers (MKIs). Also note that this +extension is only supported in DTLS. Any SRTP configuration will be ignored if a +TLS connection is attempted.

    +

    An OpenSSL client wishing to send the "use_srtp" extension should call +SSL_CTX_set_tlsext_use_srtp() to set its use for all SSL objects subsequently +created from an SSL_CTX. Alternatively a client may call +SSL_set_tlsext_use_srtp() to set its use for an individual SSL object. The +profiles parameters should point to a NUL-terminated, colon delimited list of +SRTP protection profile names.

    +

    The currently supported protection profile names are:

    +
    +
    SRTP_AES128_CM_SHA1_80
    + +
    +

    This corresponds to SRTP_AES128_CM_HMAC_SHA1_80 defined in RFC5764.

    +
    +
    SRTP_AES128_CM_SHA1_32
    + +
    +

    This corresponds to SRTP_AES128_CM_HMAC_SHA1_32 defined in RFC5764.

    +
    +
    SRTP_AEAD_AES_128_GCM
    + +
    +

    This corresponds to the profile of the same name defined in RFC7714.

    +
    +
    SRTP_AEAD_AES_256_GCM
    + +
    +

    This corresponds to the profile of the same name defined in RFC7714.

    +
    +
    +

    Supplying an unrecognised protection profile name will result in an error.

    +

    An OpenSSL server wishing to support the "use_srtp" extension should also call +SSL_CTX_set_tlsext_use_srtp() or SSL_set_tlsext_use_srtp() to indicate the +protection profiles that it is willing to negotiate.

    +

    The currently configured list of protection profiles for either a client or a +server can be obtained by calling SSL_get_srtp_profiles(). This returns a stack +of SRTP_PROTECTION_PROFILE objects. The memory pointed to in the return value of +this function should not be freed by the caller.

    +

    After a handshake has been completed the negotiated SRTP protection profile (if +any) can be obtained (on the client or the server) by calling +SSL_get_selected_srtp_profile(). This function will return NULL if no SRTP +protection profile was negotiated. The memory returned from this function should +not be freed by the caller.

    +

    If an SRTP protection profile has been successfully negotiated then the SRTP +keying material (on both the client and server) should be obtained via a call to +SSL_export_keying_material(3). This call should provide a label value of +"EXTRACTOR-dtls_srtp" and a NULL context value (use_context is 0). The total +length of keying material obtained should be equal to two times the sum of the +master key length and the salt length as defined for the protection profile in +use. This provides the client write master key, the server write master key, the +client write master salt and the server write master salt in that order.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_set_tlsext_use_srtp() and SSL_set_tlsext_use_srtp() return 0 on success +or 1 on error.

    +

    SSL_get_srtp_profiles() returns a stack of SRTP_PROTECTION_PROFILE objects on +success or NULL on error or if no protection profiles have been configured.

    +

    SSL_get_selected_srtp_profile() returns a pointer to an SRTP_PROTECTION_PROFILE +object if one has been negotiated or NULL otherwise.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_export_keying_material(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_tmp_dh_callback.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_tmp_dh_callback.html new file mode 100755 index 0000000..58c9ba6 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_tmp_dh_callback.html @@ -0,0 +1,163 @@ + + + + +SSL_CTX_set_tmp_dh_callback + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh, SSL_set_tmp_dh_callback, SSL_set_tmp_dh - handle DH keys for ephemeral key exchange

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
+                                  DH *(*tmp_dh_callback)(SSL *ssl, int is_export,
+                                                         int keylength));
+ long SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh);
    +
    + void SSL_set_tmp_dh_callback(SSL *ctx,
+                              DH *(*tmp_dh_callback)(SSL *ssl, int is_export,
+                                                     int keylength));
+ long SSL_set_tmp_dh(SSL *ssl, DH *dh)
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set_tmp_dh_callback() sets the callback function for ctx to be +used when a DH parameters are required to tmp_dh_callback. +The callback is inherited by all ssl objects created from ctx.

    +

    SSL_CTX_set_tmp_dh() sets DH parameters to be used to be dh. +The key is inherited by all ssl objects created from ctx.

    +

    SSL_set_tmp_dh_callback() sets the callback only for ssl.

    +

    SSL_set_tmp_dh() sets the parameters only for ssl.

    +

    These functions apply to SSL/TLS servers only.

    +

    +

    +
    +

    NOTES

    +

    When using a cipher with RSA authentication, an ephemeral DH key exchange +can take place. Ciphers with DSA keys always use ephemeral DH keys as well. +In these cases, the session data are negotiated using the +ephemeral/temporary DH key and the key supplied and certified +by the certificate chain is only used for signing. +Anonymous ciphers (without a permanent server key) also use ephemeral DH keys.

    +

    Using ephemeral DH key exchange yields forward secrecy, as the connection +can only be decrypted, when the DH key is known. By generating a temporary +DH key inside the server application that is lost when the application +is left, it becomes impossible for an attacker to decrypt past sessions, +even if he gets hold of the normal (certified) key, as this key was +only used for signing.

    +

    In order to perform a DH key exchange the server must use a DH group +(DH parameters) and generate a DH key. The server will always generate +a new DH key during the negotiation.

    +

    As generating DH parameters is extremely time consuming, an application +should not generate the parameters on the fly but supply the parameters. +DH parameters can be reused, as the actual key is newly generated during +the negotiation. The risk in reusing DH parameters is that an attacker +may specialize on a very often used DH group. Applications should therefore +generate their own DH parameters during the installation process using the +openssl openssl-dhparam(1) application. This application +guarantees that "strong" primes are used.

    +

    Files dh2048.pem, and dh4096.pem in the 'apps' directory of the current +version of the OpenSSL distribution contain the 'SKIP' DH parameters, +which use safe primes and were generated verifiably pseudo-randomly. +These files can be converted into C code using the -C option of the +openssl-dhparam(1) application. Generation of custom DH +parameters during installation should still be preferred to stop an +attacker from specializing on a commonly used group. File dh1024.pem +contains old parameters that must not be used by applications.

    +

    An application may either directly specify the DH parameters or +can supply the DH parameters via a callback function.

    +

    Previous versions of the callback used is_export and keylength +parameters to control parameter generation for export and non-export +cipher suites. Modern servers that do not support export cipher suites +are advised to either use SSL_CTX_set_tmp_dh() or alternatively, use +the callback but ignore keylength and is_export and simply +supply at least 2048-bit parameters in the callback.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_set_tmp_dh_callback() and SSL_set_tmp_dh_callback() do not return +diagnostic output.

    +

    SSL_CTX_set_tmp_dh() and SSL_set_tmp_dh() do return 1 on success and 0 +on failure. Check the error queue to find out the reason of failure.

    +

    +

    +
    +

    EXAMPLES

    +

    Setup DH parameters with a key length of 2048 bits. (Error handling +partly left out.)

    +

    Command-line parameter generation:

    +
    + $ openssl dhparam -out dh_param_2048.pem 2048
    +

    Code for setting up parameters during server initialization:

    +
    + SSL_CTX ctx = SSL_CTX_new();
    +
    + DH *dh_2048 = NULL;
+ FILE *paramfile = fopen("dh_param_2048.pem", "r");
    +
    + if (paramfile) {
+     dh_2048 = PEM_read_DHparams(paramfile, NULL, NULL, NULL);
+     fclose(paramfile);
+ } else {
+     /* Error. */
+ }
+ if (dh_2048 == NULL)
+     /* Error. */
+ if (SSL_CTX_set_tmp_dh(ctx, dh_2048) != 1)
+     /* Error. */
+ ...
    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_CTX_set_cipher_list(3), +SSL_CTX_set_options(3), +openssl-ciphers(1), openssl-dhparam(1)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_tmp_ecdh.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_tmp_ecdh.html new file mode 100755 index 0000000..719fba0 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_tmp_ecdh.html @@ -0,0 +1,85 @@ + + + + +SSL_CTX_set_tmp_ecdh + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_tmp_ecdh, SSL_set_tmp_ecdh, SSL_CTX_set_ecdh_auto, SSL_set_ecdh_auto +- handle ECDH keys for ephemeral key exchange

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + long SSL_CTX_set_tmp_ecdh(SSL_CTX *ctx, const EC_KEY *ecdh);
+ long SSL_set_tmp_ecdh(SSL *ssl, const EC_KEY *ecdh);
    +
    + long SSL_CTX_set_ecdh_auto(SSL_CTX *ctx, int state);
+ long SSL_set_ecdh_auto(SSL *ssl, int state);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set_tmp_ecdh() sets ECDH parameters to be used to be ecdh. +The key is inherited by all ssl objects created from ctx. +This macro is deprecated in favor of SSL_CTX_set1_groups(3).

    +

    SSL_set_tmp_ecdh() sets the parameters only for ssl. +This macro is deprecated in favor of SSL_set1_groups(3).

    +

    SSL_CTX_set_ecdh_auto() and SSL_set_ecdh_auto() are deprecated and +have no effect.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_set_tmp_ecdh() and SSL_set_tmp_ecdh() return 1 on success and 0 +on failure.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_CTX_set1_curves(3), SSL_CTX_set_cipher_list(3), +SSL_CTX_set_options(3), SSL_CTX_set_tmp_dh_callback(3), +openssl-ciphers(1), openssl-ecparam(1)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_verify.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_verify.html new file mode 100755 index 0000000..72ae85a --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_set_verify.html @@ -0,0 +1,383 @@ + + + + +SSL_CTX_set_verify + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_get_ex_data_X509_STORE_CTX_idx, +SSL_CTX_set_verify, SSL_set_verify, +SSL_CTX_set_verify_depth, SSL_set_verify_depth, +SSL_verify_cb, +SSL_verify_client_post_handshake, +SSL_set_post_handshake_auth, +SSL_CTX_set_post_handshake_auth +- set peer certificate verification parameters

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx);
    +
    + void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, SSL_verify_cb verify_callback);
+ void SSL_set_verify(SSL *ssl, int mode, SSL_verify_cb verify_callback);
+ SSL_get_ex_data_X509_STORE_CTX_idx(void);
    +
    + void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth);
+ void SSL_set_verify_depth(SSL *ssl, int depth);
    +
    + int SSL_verify_client_post_handshake(SSL *ssl);
+ void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val);
+ void SSL_set_post_handshake_auth(SSL *ssl, int val);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set_verify() sets the verification flags for ctx to be mode and +specifies the verify_callback function to be used. If no callback function +shall be specified, the NULL pointer can be used for verify_callback.

    +

    SSL_set_verify() sets the verification flags for ssl to be mode and +specifies the verify_callback function to be used. If no callback function +shall be specified, the NULL pointer can be used for verify_callback. In +this case last verify_callback set specifically for this ssl remains. If +no special callback was set before, the default callback for the underlying +ctx is used, that was valid at the time ssl was created with +SSL_new(3). Within the callback function, +SSL_get_ex_data_X509_STORE_CTX_idx can be called to get the data index +of the current SSL object that is doing the verification.

    +

    SSL_CTX_set_verify_depth() sets the maximum depth for the certificate chain +verification that shall be allowed for ctx.

    +

    SSL_set_verify_depth() sets the maximum depth for the certificate chain +verification that shall be allowed for ssl.

    +

    SSL_CTX_set_post_handshake_auth() and SSL_set_post_handshake_auth() enable the +Post-Handshake Authentication extension to be added to the ClientHello such that +post-handshake authentication can be requested by the server. If val is 0 +then the extension is not sent, otherwise it is. By default the extension is not +sent. A certificate callback will need to be set via +SSL_CTX_set_client_cert_cb() if no certificate is provided at initialization.

    +

    SSL_verify_client_post_handshake() causes a CertificateRequest message to be +sent by a server on the given ssl connection. The SSL_VERIFY_PEER flag must +be set; the SSL_VERIFY_POST_HANDSHAKE flag is optional.

    +

    +

    +
    +

    NOTES

    +

    The verification of certificates can be controlled by a set of logically +or'ed mode flags:

    +
    +
    SSL_VERIFY_NONE
    + +
    +

    Server mode: the server will not send a client certificate request to the +client, so the client will not send a certificate.

    +

    Client mode: if not using an anonymous cipher (by default disabled), the +server will send a certificate which will be checked. The result of the +certificate verification process can be checked after the TLS/SSL handshake +using the SSL_get_verify_result(3) function. +The handshake will be continued regardless of the verification result.

    +
    +
    SSL_VERIFY_PEER
    + +
    +

    Server mode: the server sends a client certificate request to the client. +The certificate returned (if any) is checked. If the verification process +fails, the TLS/SSL handshake is +immediately terminated with an alert message containing the reason for +the verification failure. +The behaviour can be controlled by the additional +SSL_VERIFY_FAIL_IF_NO_PEER_CERT, SSL_VERIFY_CLIENT_ONCE and +SSL_VERIFY_POST_HANDSHAKE flags.

    +

    Client mode: the server certificate is verified. If the verification process +fails, the TLS/SSL handshake is +immediately terminated with an alert message containing the reason for +the verification failure. If no server certificate is sent, because an +anonymous cipher is used, SSL_VERIFY_PEER is ignored.

    +
    +
    SSL_VERIFY_FAIL_IF_NO_PEER_CERT
    + +
    +

    Server mode: if the client did not return a certificate, the TLS/SSL +handshake is immediately terminated with a "handshake failure" alert. +This flag must be used together with SSL_VERIFY_PEER.

    +

    Client mode: ignored (see BUGS)

    +
    +
    SSL_VERIFY_CLIENT_ONCE
    + +
    +

    Server mode: only request a client certificate once during the +connection. Do not ask for a client certificate again during +renegotiation or post-authentication if a certificate was requested +during the initial handshake. This flag must be used together with +SSL_VERIFY_PEER.

    +

    Client mode: ignored (see BUGS)

    +
    +
    SSL_VERIFY_POST_HANDSHAKE
    + +
    +

    Server mode: the server will not send a client certificate request +during the initial handshake, but will send the request via +SSL_verify_client_post_handshake(). This allows the SSL_CTX or SSL +to be configured for post-handshake peer verification before the +handshake occurs. This flag must be used together with +SSL_VERIFY_PEER. TLSv1.3 only; no effect on pre-TLSv1.3 connections.

    +

    Client mode: ignored (see BUGS)

    +
    +
    +

    If the mode is SSL_VERIFY_NONE none of the other flags may be set.

    +

    The actual verification procedure is performed either using the built-in +verification procedure or using another application provided verification +function set with +SSL_CTX_set_cert_verify_callback(3). +The following descriptions apply in the case of the built-in procedure. An +application provided procedure also has access to the verify depth information +and the verify_callback() function, but the way this information is used +may be different.

    +

    SSL_CTX_set_verify_depth() and SSL_set_verify_depth() set a limit on the +number of certificates between the end-entity and trust-anchor certificates. +Neither the +end-entity nor the trust-anchor certificates count against depth. If the +certificate chain needed to reach a trusted issuer is longer than depth+2, +X509_V_ERR_CERT_CHAIN_TOO_LONG will be issued. +The depth count is "level 0:peer certificate", "level 1: CA certificate", +"level 2: higher level CA certificate", and so on. Setting the maximum +depth to 2 allows the levels 0, 1, 2 and 3 (0 being the end-entity and 3 the +trust-anchor). +The default depth limit is 100, +allowing for the peer certificate, at most 100 intermediate CA certificates and +a final trust anchor certificate.

    +

    The verify_callback function is used to control the behaviour when the +SSL_VERIFY_PEER flag is set. It must be supplied by the application and +receives two arguments: preverify_ok indicates, whether the verification of +the certificate in question was passed (preverify_ok=1) or not +(preverify_ok=0). x509_ctx is a pointer to the complete context used +for the certificate chain verification.

    +

    The certificate chain is checked starting with the deepest nesting level +(the root CA certificate) and worked upward to the peer's certificate. +At each level signatures and issuer attributes are checked. Whenever +a verification error is found, the error number is stored in x509_ctx +and verify_callback is called with preverify_ok=0. By applying +X509_CTX_store_* functions verify_callback can locate the certificate +in question and perform additional steps (see EXAMPLES). If no error is +found for a certificate, verify_callback is called with preverify_ok=1 +before advancing to the next level.

    +

    The return value of verify_callback controls the strategy of the further +verification process. If verify_callback returns 0, the verification +process is immediately stopped with "verification failed" state. If +SSL_VERIFY_PEER is set, a verification failure alert is sent to the peer and +the TLS/SSL handshake is terminated. If verify_callback returns 1, +the verification process is continued. If verify_callback always returns +1, the TLS/SSL handshake will not be terminated with respect to verification +failures and the connection will be established. The calling process can +however retrieve the error code of the last verification error using +SSL_get_verify_result(3) or by maintaining its +own error storage managed by verify_callback.

    +

    If no verify_callback is specified, the default callback will be used. +Its return value is identical to preverify_ok, so that any verification +failure will lead to a termination of the TLS/SSL handshake with an +alert message, if SSL_VERIFY_PEER is set.

    +

    After calling SSL_set_post_handshake_auth(), the client will need to add a +certificate or certificate callback to its configuration before it can +successfully authenticate. This must be called before SSL_connect().

    +

    SSL_verify_client_post_handshake() requires that verify flags have been +previously set, and that a client sent the post-handshake authentication +extension. When the client returns a certificate the verify callback will be +invoked. A write operation must take place for the Certificate Request to be +sent to the client, this can be done with SSL_do_handshake() or SSL_write_ex(). +Only one certificate request may be outstanding at any time.

    +

    When post-handshake authentication occurs, a refreshed NewSessionTicket +message is sent to the client.

    +

    +

    +
    +

    BUGS

    +

    In client mode, it is not checked whether the SSL_VERIFY_PEER flag +is set, but whether any flags other than SSL_VERIFY_NONE are set. This can +lead to unexpected behaviour if SSL_VERIFY_PEER and other flags are not used as +required.

    +

    +

    +
    +

    RETURN VALUES

    +

    The SSL*_set_verify*() functions do not provide diagnostic information.

    +

    The SSL_verify_client_post_handshake() function returns 1 if the request +succeeded, and 0 if the request failed. The error stack can be examined +to determine the failure reason.

    +

    +

    +
    +

    EXAMPLES

    +

    The following code sequence realizes an example verify_callback function +that will always continue the TLS/SSL handshake regardless of verification +failure, if wished. The callback realizes a verification depth limit with +more informational output.

    +

    All verification errors are printed; information about the certificate chain +is printed on request. +The example is realized for a server that does allow but not require client +certificates.

    +

    The example makes use of the ex_data technique to store application data +into/retrieve application data from the SSL structure +(see CRYPTO_get_ex_new_index(3), +SSL_get_ex_data_X509_STORE_CTX_idx(3)).

    +
    + ...
+ typedef struct {
+   int verbose_mode;
+   int verify_depth;
+   int always_continue;
+ } mydata_t;
+ int mydata_index;
    +
    + ...
+ static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
+ {
+     char    buf[256];
+     X509   *err_cert;
+     int     err, depth;
+     SSL    *ssl;
+     mydata_t *mydata;
    +
    +     err_cert = X509_STORE_CTX_get_current_cert(ctx);
+     err = X509_STORE_CTX_get_error(ctx);
+     depth = X509_STORE_CTX_get_error_depth(ctx);
    +
    +     /*
+      * Retrieve the pointer to the SSL of the connection currently treated
+      * and the application specific data stored into the SSL object.
+      */
+     ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
+     mydata = SSL_get_ex_data(ssl, mydata_index);
    +
    +     X509_NAME_oneline(X509_get_subject_name(err_cert), buf, 256);
    +
    +     /*
+      * Catch a too long certificate chain. The depth limit set using
+      * SSL_CTX_set_verify_depth() is by purpose set to "limit+1" so
+      * that whenever the "depth>verify_depth" condition is met, we
+      * have violated the limit and want to log this error condition.
+      * We must do it here, because the CHAIN_TOO_LONG error would not
+      * be found explicitly; only errors introduced by cutting off the
+      * additional certificates would be logged.
+      */
+     if (depth > mydata->verify_depth) {
+         preverify_ok = 0;
+         err = X509_V_ERR_CERT_CHAIN_TOO_LONG;
+         X509_STORE_CTX_set_error(ctx, err);
+     }
+     if (!preverify_ok) {
+         printf("verify error:num=%d:%s:depth=%d:%s\n", err,
+                X509_verify_cert_error_string(err), depth, buf);
+     } else if (mydata->verbose_mode) {
+         printf("depth=%d:%s\n", depth, buf);
+     }
    +
    +     /*
+      * At this point, err contains the last verification error. We can use
+      * it for something special
+      */
+     if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT)) {
+         X509_NAME_oneline(X509_get_issuer_name(err_cert), buf, 256);
+         printf("issuer= %s\n", buf);
+     }
    +
    +     if (mydata->always_continue)
+         return 1;
+     else
+         return preverify_ok;
+ }
+ ...
    +
    + mydata_t mydata;
    +
    + ...
+ mydata_index = SSL_get_ex_new_index(0, "mydata index", NULL, NULL, NULL);
    +
    + ...
+ SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE,
+                    verify_callback);
    +
    + /*
+  * Let the verify_callback catch the verify_depth error so that we get
+  * an appropriate error in the logfile.
+  */
+ SSL_CTX_set_verify_depth(verify_depth + 1);
    +
    + /*
+  * Set up the SSL specific data into "mydata" and store it into th SSL
+  * structure.
+  */
+ mydata.verify_depth = verify_depth; ...
+ SSL_set_ex_data(ssl, mydata_index, &mydata);
    +
    + ...
+ SSL_accept(ssl);       /* check of success left out for clarity */
+ if (peer = SSL_get_peer_certificate(ssl)) {
+     if (SSL_get_verify_result(ssl) == X509_V_OK) {
+         /* The client sent a certificate which verified OK */
+     }
+ }
    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_new(3), +SSL_CTX_get_verify_mode(3), +SSL_get_verify_result(3), +SSL_CTX_load_verify_locations(3), +SSL_get_peer_certificate(3), +SSL_CTX_set_cert_verify_callback(3), +SSL_get_ex_data_X509_STORE_CTX_idx(3), +SSL_CTX_set_client_cert_cb(3), +CRYPTO_get_ex_new_index(3)

    +

    +

    +
    +

    HISTORY

    +

    The SSL_VERIFY_POST_HANDSHAKE option, and the SSL_verify_client_post_handshake() +and SSL_set_post_handshake_auth() functions were added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_use_certificate.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_use_certificate.html new file mode 100755 index 0000000..7743c39 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_use_certificate.html @@ -0,0 +1,227 @@ + + + + +SSL_CTX_use_certificate + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_use_certificate, SSL_CTX_use_certificate_ASN1, +SSL_CTX_use_certificate_file, SSL_use_certificate, SSL_use_certificate_ASN1, +SSL_use_certificate_file, SSL_CTX_use_certificate_chain_file, +SSL_use_certificate_chain_file, +SSL_CTX_use_PrivateKey, SSL_CTX_use_PrivateKey_ASN1, +SSL_CTX_use_PrivateKey_file, SSL_CTX_use_RSAPrivateKey, +SSL_CTX_use_RSAPrivateKey_ASN1, SSL_CTX_use_RSAPrivateKey_file, +SSL_use_PrivateKey_file, SSL_use_PrivateKey_ASN1, SSL_use_PrivateKey, +SSL_use_RSAPrivateKey, SSL_use_RSAPrivateKey_ASN1, +SSL_use_RSAPrivateKey_file, SSL_CTX_check_private_key, SSL_check_private_key, +SSL_CTX_use_cert_and_key, SSL_use_cert_and_key +- load certificate and key data

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
+ int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d);
+ int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);
+ int SSL_use_certificate(SSL *ssl, X509 *x);
+ int SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len);
+ int SSL_use_certificate_file(SSL *ssl, const char *file, int type);
    +
    + int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file);
+ int SSL_use_certificate_chain_file(SSL *ssl, const char *file);
    +
    + int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
+ int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, unsigned char *d,
+                                 long len);
+ int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);
+ int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
+ int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len);
+ int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);
+ int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
+ int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, unsigned char *d, long len);
+ int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);
+ int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
+ int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
+ int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
    +
    + int SSL_CTX_check_private_key(const SSL_CTX *ctx);
+ int SSL_check_private_key(const SSL *ssl);
    +
    + int SSL_CTX_use_cert_and_key(SSL_CTX *ctx, X509 *x, EVP_PKEY *pkey, STACK_OF(X509) *chain, int override);
+ int SSL_use_cert_and_key(SSL *ssl, X509 *x, EVP_PKEY *pkey, STACK_OF(X509) *chain, int override);
    +

    +

    +
    +

    DESCRIPTION

    +

    These functions load the certificates and private keys into the SSL_CTX +or SSL object, respectively.

    +

    The SSL_CTX_* class of functions loads the certificates and keys into the +SSL_CTX object ctx. The information is passed to SSL objects ssl +created from ctx with SSL_new(3) by copying, so that +changes applied to ctx do not propagate to already existing SSL objects.

    +

    The SSL_* class of functions only loads certificates and keys into a +specific SSL object. The specific information is kept, when +SSL_clear(3) is called for this SSL object.

    +

    SSL_CTX_use_certificate() loads the certificate x into ctx, +SSL_use_certificate() loads x into ssl. The rest of the +certificates needed to form the complete certificate chain can be +specified using the +SSL_CTX_add_extra_chain_cert(3) +function.

    +

    SSL_CTX_use_certificate_ASN1() loads the ASN1 encoded certificate from +the memory location d (with length len) into ctx, +SSL_use_certificate_ASN1() loads the ASN1 encoded certificate into ssl.

    +

    SSL_CTX_use_certificate_file() loads the first certificate stored in file +into ctx. The formatting type of the certificate must be specified +from the known types SSL_FILETYPE_PEM, SSL_FILETYPE_ASN1. +SSL_use_certificate_file() loads the certificate from file into ssl. +See the NOTES section on why SSL_CTX_use_certificate_chain_file() +should be preferred.

    +

    SSL_CTX_use_certificate_chain_file() loads a certificate chain from +file into ctx. The certificates must be in PEM format and must +be sorted starting with the subject's certificate (actual client or server +certificate), followed by intermediate CA certificates if applicable, and +ending at the highest level (root) CA. SSL_use_certificate_chain_file() is +similar except it loads the certificate chain into ssl.

    +

    SSL_CTX_use_PrivateKey() adds pkey as private key to ctx. +SSL_CTX_use_RSAPrivateKey() adds the private key rsa of type RSA +to ctx. SSL_use_PrivateKey() adds pkey as private key to ssl; +SSL_use_RSAPrivateKey() adds rsa as private key of type RSA to ssl. +If a certificate has already been set and the private does not belong +to the certificate an error is returned. To change a certificate, private +key pair the new certificate needs to be set with SSL_use_certificate() +or SSL_CTX_use_certificate() before setting the private key with +SSL_CTX_use_PrivateKey() or SSL_use_PrivateKey().

    +

    SSL_CTX_use_cert_and_key() and SSL_use_cert_and_key() assign the X.509 +certificate x, private key key, and certificate chain onto the +corresponding ssl or ctx. The pkey argument must be the private +key of the X.509 certificate x. If the override argument is 0, then +x, pkey and chain are set only if all were not previously set. +If override is non-0, then the certificate, private key and chain certs +are always set. If pkey is NULL, then the public key of x is used as +the private key. This is intended to be used with hardware (via the ENGINE +interface) that stores the private key securely, such that it cannot be +accessed by OpenSSL. The reference count of the public key is incremented +(twice if there is no private key); it is not copied nor duplicated. This +allows all private key validations checks to succeed without an actual +private key being assigned via SSL_CTX_use_PrivateKey(), etc.

    +

    SSL_CTX_use_PrivateKey_ASN1() adds the private key of type pk +stored at memory location d (length len) to ctx. +SSL_CTX_use_RSAPrivateKey_ASN1() adds the private key of type RSA +stored at memory location d (length len) to ctx. +SSL_use_PrivateKey_ASN1() and SSL_use_RSAPrivateKey_ASN1() add the private +key to ssl.

    +

    SSL_CTX_use_PrivateKey_file() adds the first private key found in +file to ctx. The formatting type of the private key must be specified +from the known types SSL_FILETYPE_PEM, SSL_FILETYPE_ASN1. +SSL_CTX_use_RSAPrivateKey_file() adds the first private RSA key found in +file to ctx. SSL_use_PrivateKey_file() adds the first private key found +in file to ssl; SSL_use_RSAPrivateKey_file() adds the first private +RSA key found to ssl.

    +

    SSL_CTX_check_private_key() checks the consistency of a private key with +the corresponding certificate loaded into ctx. If more than one +key/certificate pair (RSA/DSA) is installed, the last item installed will +be checked. If e.g. the last item was a RSA certificate or key, the RSA +key/certificate pair will be checked. SSL_check_private_key() performs +the same check for ssl. If no key/certificate was explicitly added for +this ssl, the last item added into ctx will be checked.

    +

    +

    +
    +

    NOTES

    +

    The internal certificate store of OpenSSL can hold several private +key/certificate pairs at a time. The certificate used depends on the +cipher selected, see also SSL_CTX_set_cipher_list(3).

    +

    When reading certificates and private keys from file, files of type +SSL_FILETYPE_ASN1 (also known as DER, binary encoding) can only contain +one certificate or private key, consequently +SSL_CTX_use_certificate_chain_file() is only applicable to PEM formatting. +Files of type SSL_FILETYPE_PEM can contain more than one item.

    +

    SSL_CTX_use_certificate_chain_file() adds the first certificate found +in the file to the certificate store. The other certificates are added +to the store of chain certificates using SSL_CTX_add1_chain_cert(3). Note: versions of OpenSSL before 1.0.2 only had a single +certificate chain store for all certificate types, OpenSSL 1.0.2 and later +have a separate chain store for each type. SSL_CTX_use_certificate_chain_file() +should be used instead of the SSL_CTX_use_certificate_file() function in order +to allow the use of complete certificate chains even when no trusted CA +storage is used or when the CA issuing the certificate shall not be added to +the trusted CA storage.

    +

    If additional certificates are needed to complete the chain during the +TLS negotiation, CA certificates are additionally looked up in the +locations of trusted CA certificates, see +SSL_CTX_load_verify_locations(3).

    +

    The private keys loaded from file can be encrypted. In order to successfully +load encrypted keys, a function returning the passphrase must have been +supplied, see +SSL_CTX_set_default_passwd_cb(3). +(Certificate files might be encrypted as well from the technical point +of view, it however does not make sense as the data in the certificate +is considered public anyway.)

    +

    All of the functions to set a new certificate will replace any existing +certificate of the same type that has already been set. Similarly all of the +functions to set a new private key will replace any private key that has already +been set. Applications should call SSL_CTX_check_private_key(3) or +SSL_check_private_key(3) as appropriate after loading a new certificate and +private key to confirm that the certificate and key match.

    +

    +

    +
    +

    RETURN VALUES

    +

    On success, the functions return 1. +Otherwise check out the error stack to find out the reason.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_new(3), SSL_clear(3), +SSL_CTX_load_verify_locations(3), +SSL_CTX_set_default_passwd_cb(3), +SSL_CTX_set_cipher_list(3), +SSL_CTX_set_client_CA_list(3), +SSL_CTX_set_client_cert_cb(3), +SSL_CTX_add_extra_chain_cert(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_use_psk_identity_hint.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_use_psk_identity_hint.html new file mode 100755 index 0000000..e5f212e --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_use_psk_identity_hint.html @@ -0,0 +1,181 @@ + + + + +SSL_CTX_use_psk_identity_hint + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_psk_server_cb_func, +SSL_psk_find_session_cb_func, +SSL_CTX_use_psk_identity_hint, +SSL_use_psk_identity_hint, +SSL_CTX_set_psk_server_callback, +SSL_set_psk_server_callback, +SSL_CTX_set_psk_find_session_callback, +SSL_set_psk_find_session_callback +- set PSK identity hint to use

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + typedef int (*SSL_psk_find_session_cb_func)(SSL *ssl,
+                                             const unsigned char *identity,
+                                             size_t identity_len,
+                                             SSL_SESSION **sess);
    +
    + void SSL_CTX_set_psk_find_session_callback(SSL_CTX *ctx,
+                                            SSL_psk_find_session_cb_func cb);
+ void SSL_set_psk_find_session_callback(SSL *s, SSL_psk_find_session_cb_func cb);
    +
    + typedef unsigned int (*SSL_psk_server_cb_func)(SSL *ssl,
+                                                const char *identity,
+                                                unsigned char *psk,
+                                                unsigned int max_psk_len);
    +
    + int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *hint);
+ int SSL_use_psk_identity_hint(SSL *ssl, const char *hint);
    +
    + void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb);
+ void SSL_set_psk_server_callback(SSL *ssl, SSL_psk_server_cb_func cb);
    +

    +

    +
    +

    DESCRIPTION

    +

    A server application wishing to use TLSv1.3 PSKs should set a callback +using either SSL_CTX_set_psk_find_session_callback() or +SSL_set_psk_find_session_callback() as appropriate.

    +

    The callback function is given a pointer to the SSL connection in ssl and +an identity in identity of length identity_len. The callback function +should identify an SSL_SESSION object that provides the PSK details and store it +in *sess. The SSL_SESSION object should, as a minimum, set the master key, +the ciphersuite and the protocol version. See +SSL_CTX_set_psk_use_session_callback(3) for details.

    +

    It is also possible for the callback to succeed but not supply a PSK. In this +case no PSK will be used but the handshake will continue. To do this the +callback should return successfully and ensure that *sess is +NULL.

    +

    Identity hints are not relevant for TLSv1.3. A server application wishing to use +PSK ciphersuites for TLSv1.2 and below may call SSL_CTX_use_psk_identity_hint() +to set the given NUL-terminated PSK identity hint hint for SSL context +object ctx. SSL_use_psk_identity_hint() sets the given NUL-terminated PSK +identity hint hint for the SSL connection object ssl. If hint is +NULL the current hint from ctx or ssl is deleted.

    +

    In the case where PSK identity hint is NULL, the server does not send the +ServerKeyExchange message to the client.

    +

    A server application wishing to use PSKs for TLSv1.2 and below must provide a +callback function which is called when the server receives the +ClientKeyExchange message from the client. The purpose of the callback function +is to validate the received PSK identity and to fetch the pre-shared key used +during the connection setup phase. The callback is set using the functions +SSL_CTX_set_psk_server_callback() or SSL_set_psk_server_callback(). The callback +function is given the connection in parameter ssl, NUL-terminated PSK +identity sent by the client in parameter identity, and a buffer psk of +length max_psk_len bytes where the pre-shared key is to be stored.

    +

    The callback for use in TLSv1.2 will also work in TLSv1.3 although it is +recommended to use SSL_CTX_set_psk_find_session_callback() +or SSL_set_psk_find_session_callback() for this purpose instead. If TLSv1.3 has +been negotiated then OpenSSL will first check to see if a callback has been set +via SSL_CTX_set_psk_find_session_callback() or SSL_set_psk_find_session_callback() +and it will use that in preference. If no such callback is present then it will +check to see if a callback has been set via SSL_CTX_set_psk_server_callback() or +SSL_set_psk_server_callback() and use that. In this case the handshake digest +will default to SHA-256 for any returned PSK.

    +

    A connection established via a TLSv1.3 PSK will appear as if session resumption +has occurred so that SSL_session_reused(3) will return true.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_use_psk_identity_hint() and SSL_use_psk_identity_hint() return +1 on success, 0 otherwise.

    +

    Return values from the TLSv1.2 and below server callback are interpreted as +follows:

    +
      +
    1. +

      PSK identity was not found. An "unknown_psk_identity" alert message +will be sent and the connection setup fails.

      + +
      >0
      + +
      +

      PSK identity was found and the server callback has provided the PSK +successfully in parameter psk. Return value is the length of +psk in bytes. It is an error to return a value greater than +max_psk_len.

      +

      If the PSK identity was not found but the callback instructs the +protocol to continue anyway, the callback must provide some random +data to psk and return the length of the random data, so the +connection will fail with decryption_error before it will be finished +completely.

      +
      2. +
    +

    The SSL_psk_find_session_cb_func callback should return 1 on success or 0 on +failure. In the event of failure the connection setup fails.

    +

    +

    +
    +

    NOTES

    +

    There are no known security issues with sharing the same PSK between TLSv1.2 (or +below) and TLSv1.3. However the RFC has this note of caution:

    +

    "While there is no known way in which the same PSK might produce related output +in both versions, only limited analysis has been done. Implementations can +ensure safety from cross-protocol related output by not reusing PSKs between +TLS 1.3 and TLS 1.2."

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_CTX_set_psk_use_session_callback(3), +SSL_set_psk_use_session_callback(3)

    +

    +

    +
    +

    HISTORY

    +

    SSL_CTX_set_psk_find_session_callback() and SSL_set_psk_find_session_callback() +were added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_use_serverinfo.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_use_serverinfo.html new file mode 100755 index 0000000..2da93e7 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_CTX_use_serverinfo.html @@ -0,0 +1,118 @@ + + + + +SSL_CTX_use_serverinfo + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_use_serverinfo_ex, +SSL_CTX_use_serverinfo, +SSL_CTX_use_serverinfo_file +- use serverinfo extension

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_CTX_use_serverinfo_ex(SSL_CTX *ctx, unsigned int version,
+                               const unsigned char *serverinfo,
+                               size_t serverinfo_length);
    +
    + int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo,
+                            size_t serverinfo_length);
    +
    + int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file);
    +

    +

    +
    +

    DESCRIPTION

    +

    These functions load "serverinfo" TLS extensions into the SSL_CTX. A +"serverinfo" extension is returned in response to an empty ClientHello +Extension.

    +

    SSL_CTX_use_serverinfo_ex() loads one or more serverinfo extensions from +a byte array into ctx. The version parameter specifies the format of the +byte array provided in *serverinfo which is of length serverinfo_length.

    +

    If version is SSL_SERVERINFOV2 then the extensions in the array must +consist of a 4-byte context, a 2-byte Extension Type, a 2-byte length, and then +length bytes of extension_data. The context and type values have the same +meaning as for SSL_CTX_add_custom_ext(3). If serverinfo is being loaded for +extensions to be added to a Certificate message, then the extension will only +be added for the first certificate in the message (which is always the +end-entity certificate).

    +

    If version is SSL_SERVERINFOV1 then the extensions in the array must +consist of a 2-byte Extension Type, a 2-byte length, and then length bytes of +extension_data. The type value has the same meaning as for +SSL_CTX_add_custom_ext(3). The following default context value will be used +in this case:

    +
    + SSL_EXT_TLS1_2_AND_BELOW_ONLY | SSL_EXT_CLIENT_HELLO
+ | SSL_EXT_TLS1_2_SERVER_HELLO | SSL_EXT_IGNORE_ON_RESUMPTION
    +

    SSL_CTX_use_serverinfo() does the same thing as SSL_CTX_use_serverinfo_ex() +except that there is no version parameter so a default version of +SSL_SERVERINFOV1 is used instead.

    +

    SSL_CTX_use_serverinfo_file() loads one or more serverinfo extensions from +file into ctx. The extensions must be in PEM format. Each extension +must be in a format as described above for SSL_CTX_use_serverinfo_ex(). Each +PEM extension name must begin with the phrase "BEGIN SERVERINFOV2 FOR " for +SSL_SERVERINFOV2 data or "BEGIN SERVERINFO FOR " for SSL_SERVERINFOV1 data.

    +

    If more than one certificate (RSA/DSA) is installed using +SSL_CTX_use_certificate(), the serverinfo extension will be loaded into the +last certificate installed. If e.g. the last item was a RSA certificate, the +loaded serverinfo extension data will be loaded for that certificate. To +use the serverinfo extension for multiple certificates, +SSL_CTX_use_serverinfo() needs to be called multiple times, once after +each time a certificate is loaded via a call to SSL_CTX_use_certificate().

    +

    +

    +
    +

    RETURN VALUES

    +

    On success, the functions return 1. +On failure, the functions return 0. Check out the error stack to find out +the reason.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2013-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_SESSION_free.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_SESSION_free.html new file mode 100755 index 0000000..429a869 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_SESSION_free.html @@ -0,0 +1,123 @@ + + + + +SSL_SESSION_free + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_SESSION_new, +SSL_SESSION_dup, +SSL_SESSION_up_ref, +SSL_SESSION_free - create, free and manage SSL_SESSION structures

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + SSL_SESSION *SSL_SESSION_new(void);
+ SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src);
+ int SSL_SESSION_up_ref(SSL_SESSION *ses);
+ void SSL_SESSION_free(SSL_SESSION *session);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_SESSION_new() creates a new SSL_SESSION structure and returns a pointer to +it.

    +

    SSL_SESSION_dup() copies the contents of the SSL_SESSION structure in src +and returns a pointer to it.

    +

    SSL_SESSION_up_ref() increments the reference count on the given SSL_SESSION +structure.

    +

    SSL_SESSION_free() decrements the reference count of session and removes +the SSL_SESSION structure pointed to by session and frees up the allocated +memory, if the reference count has reached 0. +If session is NULL nothing is done.

    +

    +

    +
    +

    NOTES

    +

    SSL_SESSION objects are allocated, when a TLS/SSL handshake operation +is successfully completed. Depending on the settings, see +SSL_CTX_set_session_cache_mode(3), +the SSL_SESSION objects are internally referenced by the SSL_CTX and +linked into its session cache. SSL objects may be using the SSL_SESSION object; +as a session may be reused, several SSL objects may be using one SSL_SESSION +object at the same time. It is therefore crucial to keep the reference +count (usage information) correct and not delete a SSL_SESSION object +that is still used, as this may lead to program failures due to +dangling pointers. These failures may also appear delayed, e.g. +when an SSL_SESSION object was completely freed as the reference count +incorrectly became 0, but it is still referenced in the internal +session cache and the cache list is processed during a +SSL_CTX_flush_sessions(3) operation.

    +

    SSL_SESSION_free() must only be called for SSL_SESSION objects, for +which the reference count was explicitly incremented (e.g. +by calling SSL_get1_session(), see SSL_get_session(3)) +or when the SSL_SESSION object was generated outside a TLS handshake +operation, e.g. by using d2i_SSL_SESSION(3). +It must not be called on other SSL_SESSION objects, as this would cause +incorrect reference counts and therefore program failures.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_SESSION_new returns a pointer to the newly allocated SSL_SESSION structure +or NULL on error.

    +

    SSL_SESSION_up_ref returns 1 on success or 0 on error.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_get_session(3), +SSL_CTX_set_session_cache_mode(3), +SSL_CTX_flush_sessions(3), +d2i_SSL_SESSION(3)

    +

    +

    +
    +

    HISTORY

    +

    The SSL_SESSION_dup() function was added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_SESSION_get0_cipher.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_SESSION_get0_cipher.html new file mode 100755 index 0000000..c6b867c --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_SESSION_get0_cipher.html @@ -0,0 +1,94 @@ + + + + +SSL_SESSION_get0_cipher + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_SESSION_get0_cipher, +SSL_SESSION_set_cipher +- set and retrieve the SSL cipher associated with a session

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *s);
+ int SSL_SESSION_set_cipher(SSL_SESSION *s, const SSL_CIPHER *cipher);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_SESSION_get0_cipher() retrieves the cipher that was used by the +connection when the session was created, or NULL if it cannot be determined.

    +

    The value returned is a pointer to an object maintained within s and +should not be released.

    +

    SSL_SESSION_set_cipher() can be used to set the ciphersuite associated with the +SSL_SESSION s to cipher. For example, this could be used to set up a +session based PSK (see SSL_CTX_set_psk_use_session_callback(3)).

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_SESSION_get0_cipher() returns the SSL_CIPHER associated with the SSL_SESSION +or NULL if it cannot be determined.

    +

    SSL_SESSION_set_cipher() returns 1 on success or 0 on failure.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +d2i_SSL_SESSION(3), +SSL_SESSION_get_time(3), +SSL_SESSION_get0_hostname(3), +SSL_SESSION_free(3), +SSL_CTX_set_psk_use_session_callback(3)

    +

    +

    +
    +

    HISTORY

    +

    The SSL_SESSION_get0_cipher() function was added in OpenSSL 1.1.0. +The SSL_SESSION_set_cipher() function was added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_SESSION_get0_hostname.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_SESSION_get0_hostname.html new file mode 100755 index 0000000..3f91b69 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_SESSION_get0_hostname.html @@ -0,0 +1,110 @@ + + + + +SSL_SESSION_get0_hostname + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_SESSION_get0_hostname, +SSL_SESSION_set1_hostname, +SSL_SESSION_get0_alpn_selected, +SSL_SESSION_set1_alpn_selected +- get and set SNI and ALPN data associated with a session

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s);
+ int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname);
    +
    + void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s,
+                                     const unsigned char **alpn,
+                                     size_t *len);
+ int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s, const unsigned char *alpn,
+                                    size_t len);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_SESSION_get0_hostname() retrieves the SNI value that was sent by the +client when the session was created if it was accepted by the server and TLSv1.2 +or below was negotiated. Otherwise NULL is returned. Note that in TLSv1.3 the +SNI hostname is negotiated with each handshake including resumption handshakes +and is therefore never associated with the session.

    +

    The value returned is a pointer to memory maintained within s and +should not be free'd.

    +

    SSL_SESSION_set1_hostname() sets the SNI value for the hostname to a copy of +the string provided in hostname.

    +

    SSL_SESSION_get0_alpn_selected() retrieves the selected ALPN protocol for this +session and its associated length in bytes. The returned value of *alpn is a +pointer to memory maintained within s and should not be free'd.

    +

    SSL_SESSION_set1_alpn_selected() sets the ALPN protocol for this session to the +value in alpn which should be of length len bytes. A copy of the input +value is made, and the caller retains ownership of the memory pointed to by +alpn.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_SESSION_get0_hostname() returns either a string or NULL based on if there +is the SNI value sent by client.

    +

    SSL_SESSION_set1_hostname() returns 1 on success or 0 on error.

    +

    SSL_SESSION_set1_alpn_selected() returns 1 on success or 0 on error.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +d2i_SSL_SESSION(3), +SSL_SESSION_get_time(3), +SSL_SESSION_free(3)

    +

    +

    +
    +

    HISTORY

    +

    The SSL_SESSION_set1_hostname(), SSL_SESSION_get0_alpn_selected() and +SSL_SESSION_set1_alpn_selected() functions were added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_SESSION_get0_id_context.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_SESSION_get0_id_context.html new file mode 100755 index 0000000..dfe0b01 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_SESSION_get0_id_context.html @@ -0,0 +1,92 @@ + + + + +SSL_SESSION_get0_id_context + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_SESSION_get0_id_context, +SSL_SESSION_set1_id_context +- get and set the SSL ID context associated with a session

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s,
+                                                  unsigned int *len)
+ int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx,
+                                unsigned int sid_ctx_len);
    +

    +

    +
    +

    DESCRIPTION

    +

    See SSL_CTX_set_session_id_context(3) for further details on session ID +contexts.

    +

    SSL_SESSION_get0_id_context() returns the ID context associated with +the SSL/TLS session s. The length of the ID context is written to +*len if len is not NULL.

    +

    The value returned is a pointer to an object maintained within s and +should not be released.

    +

    SSL_SESSION_set1_id_context() takes a copy of the provided ID context given in +sid_ctx and associates it with the session s. The length of the ID context +is given by sid_ctx_len which must not exceed SSL_MAX_SID_CTX_LENGTH bytes.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_SESSION_set1_id_context() returns 1 on success or 0 on error.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_set_session_id_context(3)

    +

    +

    +
    +

    HISTORY

    +

    The SSL_SESSION_get0_id_context() function was added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_SESSION_get0_peer.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_SESSION_get0_peer.html new file mode 100755 index 0000000..49f3944 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_SESSION_get0_peer.html @@ -0,0 +1,75 @@ + + + + +SSL_SESSION_get0_peer + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_SESSION_get0_peer +- get details about peer's certificate for a session

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + X509 *SSL_SESSION_get0_peer(SSL_SESSION *s);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_SESSION_get0_peer() returns the peer certificate associated with the session +s or NULL if no peer certificate is available. The caller should not free the +returned value (unless X509_up_ref(3) has also been called).

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_SESSION_get0_peer() returns a pointer to the peer certificate or NULL if +no peer certificate is available.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_SESSION_get_compress_id.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_SESSION_get_compress_id.html new file mode 100755 index 0000000..93587a2 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_SESSION_get_compress_id.html @@ -0,0 +1,76 @@ + + + + +SSL_SESSION_get_compress_id + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_SESSION_get_compress_id +- get details about the compression associated with a session

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s);
    +

    +

    +
    +

    DESCRIPTION

    +

    If compression has been negotiated for an ssl session then +SSL_SESSION_get_compress_id() will return the id for the compression method or +0 otherwise. The only built-in supported compression method is zlib which has an +id of 1.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_SESSION_get_compress_id() returns the id of the compression method or 0 if +none.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_SESSION_get_protocol_version.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_SESSION_get_protocol_version.html new file mode 100755 index 0000000..9f484f8 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_SESSION_get_protocol_version.html @@ -0,0 +1,92 @@ + + + + +SSL_SESSION_get_protocol_version + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_SESSION_get_protocol_version, +SSL_SESSION_set_protocol_version +- get and set the session protocol version

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_SESSION_get_protocol_version(const SSL_SESSION *s);
+ int SSL_SESSION_set_protocol_version(SSL_SESSION *s, int version);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_SESSION_get_protocol_version() returns the protocol version number used +by session s.

    +

    SSL_SESSION_set_protocol_version() sets the protocol version associated with the +SSL_SESSION object s to the value version. This value should be a version +constant such as TLS1_3_VERSION etc. For example, this could be used to set +up a session based PSK (see SSL_CTX_set_psk_use_session_callback(3)).

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_SESSION_get_protocol_version() returns a number indicating the protocol +version used for the session; this number matches the constants e.g. +TLS1_VERSION, TLS1_2_VERSION or TLS1_3_VERSION.

    +

    Note that the SSL_SESSION_get_protocol_version() function +does not perform a null check on the provided session s pointer.

    +

    SSL_SESSION_set_protocol_version() returns 1 on success or 0 on failure.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_CTX_set_psk_use_session_callback(3)

    +

    +

    +
    +

    HISTORY

    +

    The SSL_SESSION_get_protocol_version() function was added in OpenSSL 1.1.0. +The SSL_SESSION_set_protocol_version() function was added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_SESSION_get_time.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_SESSION_get_time.html new file mode 100755 index 0000000..cc4e4b9 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_SESSION_get_time.html @@ -0,0 +1,109 @@ + + + + +SSL_SESSION_get_time + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_SESSION_get_time, SSL_SESSION_set_time, SSL_SESSION_get_timeout, +SSL_SESSION_set_timeout, +SSL_get_time, SSL_set_time, SSL_get_timeout, SSL_set_timeout +- retrieve and manipulate session time and timeout settings

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + long SSL_SESSION_get_time(const SSL_SESSION *s);
+ long SSL_SESSION_set_time(SSL_SESSION *s, long tm);
+ long SSL_SESSION_get_timeout(const SSL_SESSION *s);
+ long SSL_SESSION_set_timeout(SSL_SESSION *s, long tm);
    +
    + long SSL_get_time(const SSL_SESSION *s);
+ long SSL_set_time(SSL_SESSION *s, long tm);
+ long SSL_get_timeout(const SSL_SESSION *s);
+ long SSL_set_timeout(SSL_SESSION *s, long tm);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_SESSION_get_time() returns the time at which the session s was +established. The time is given in seconds since the Epoch and therefore +compatible to the time delivered by the time() call.

    +

    SSL_SESSION_set_time() replaces the creation time of the session s with +the chosen value tm.

    +

    SSL_SESSION_get_timeout() returns the timeout value set for session s +in seconds.

    +

    SSL_SESSION_set_timeout() sets the timeout value for session s in seconds +to tm.

    +

    The SSL_get_time(), SSL_set_time(), SSL_get_timeout(), and SSL_set_timeout() +functions are synonyms for the SSL_SESSION_*() counterparts.

    +

    +

    +
    +

    NOTES

    +

    Sessions are expired by examining the creation time and the timeout value. +Both are set at creation time of the session to the actual time and the +default timeout value at creation, respectively, as set by +SSL_CTX_set_timeout(3). +Using these functions it is possible to extend or shorten the lifetime +of the session.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_SESSION_get_time() and SSL_SESSION_get_timeout() return the currently +valid values.

    +

    SSL_SESSION_set_time() and SSL_SESSION_set_timeout() return 1 on success.

    +

    If any of the function is passed the NULL pointer for the session s, +0 is returned.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_CTX_set_timeout(3), +SSL_get_default_timeout(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_SESSION_has_ticket.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_SESSION_has_ticket.html new file mode 100755 index 0000000..6b63c6b --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_SESSION_has_ticket.html @@ -0,0 +1,95 @@ + + + + +SSL_SESSION_has_ticket + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_SESSION_get0_ticket, +SSL_SESSION_has_ticket, SSL_SESSION_get_ticket_lifetime_hint +- get details about the ticket associated with a session

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_SESSION_has_ticket(const SSL_SESSION *s);
+ unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s);
+ void SSL_SESSION_get0_ticket(const SSL_SESSION *s, const unsigned char **tick,
+                              size_t *len);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_SESSION_has_ticket() returns 1 if there is a Session Ticket associated with +this session, and 0 otherwise.

    +

    SSL_SESSION_get_ticket_lifetime_hint returns the lifetime hint in seconds +associated with the session ticket.

    +

    SSL_SESSION_get0_ticket obtains a pointer to the ticket associated with a +session. The length of the ticket is written to *len. If tick is non +NULL then a pointer to the ticket is written to *tick. The pointer is only +valid while the connection is in use. The session (and hence the ticket pointer) +may also become invalid as a result of a call to SSL_CTX_flush_sessions().

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_SESSION_has_ticket() returns 1 if session ticket exists or 0 otherwise.

    +

    SSL_SESSION_get_ticket_lifetime_hint() returns the number of seconds.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +d2i_SSL_SESSION(3), +SSL_SESSION_get_time(3), +SSL_SESSION_free(3)

    +

    +

    +
    +

    HISTORY

    +

    The SSL_SESSION_has_ticket(), SSL_SESSION_get_ticket_lifetime_hint() +and SSL_SESSION_get0_ticket() functions were added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_SESSION_is_resumable.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_SESSION_is_resumable.html new file mode 100755 index 0000000..315d4c3 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_SESSION_is_resumable.html @@ -0,0 +1,83 @@ + + + + +SSL_SESSION_is_resumable + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_SESSION_is_resumable +- determine whether an SSL_SESSION object can be used for resumption

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_SESSION_is_resumable(const SSL_SESSION *s);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_SESSION_is_resumable() determines whether an SSL_SESSION object can be used +to resume a session or not. Returns 1 if it can or 0 if not. Note that +attempting to resume with a non-resumable session will result in a full +handshake.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_SESSION_is_resumable() returns 1 if the session is resumable or 0 otherwise.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_get_session(3), +SSL_CTX_sess_set_new_cb(3)

    +

    +

    +
    +

    HISTORY

    +

    The SSL_SESSION_is_resumable() function was added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_SESSION_print.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_SESSION_print.html new file mode 100755 index 0000000..4c9663a --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_SESSION_print.html @@ -0,0 +1,82 @@ + + + + +SSL_SESSION_print + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_SESSION_print, +SSL_SESSION_print_fp, +SSL_SESSION_print_keylog +- printf information about a session

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses);
+ int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses);
+ int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_SESSION_print() prints summary information about the session provided in +ses to the BIO fp.

    +

    SSL_SESSION_print_fp() does the same as SSL_SESSION_print() except it prints it +to the FILE fp.

    +

    SSL_SESSION_print_keylog() prints session information to the provided BIO <bp> +in NSS keylog format.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_SESSION_print(), SSL_SESSION_print_fp() and SSL_SESSION_print_keylog return +1 on success or 0 on error.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_SESSION_set1_id.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_SESSION_set1_id.html new file mode 100755 index 0000000..56acfa9 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_SESSION_set1_id.html @@ -0,0 +1,88 @@ + + + + +SSL_SESSION_set1_id + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_SESSION_get_id, +SSL_SESSION_set1_id +- get and set the SSL session ID

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s,
+                                         unsigned int *len)
+ int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid,
+                         unsigned int sid_len);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_SESSION_get_id() returns a pointer to the internal session id value for the +session s. The length of the id in bytes is stored in *len. The length may +be 0. The caller should not free the returned pointer directly.

    +

    SSL_SESSION_set1_id() sets the session ID for the ssl SSL/TLS session +to sid of length sid_len.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_SESSION_get_id() returns a pointer to the session id value. +SSL_SESSION_set1_id() returns 1 for success and 0 for failure, for example +if the supplied session ID length exceeds SSL_MAX_SSL_SESSION_ID_LENGTH.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7)

    +

    +

    +
    +

    HISTORY

    +

    The SSL_SESSION_set1_id() function was added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_accept.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_accept.html new file mode 100755 index 0000000..4e19911 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_accept.html @@ -0,0 +1,116 @@ + + + + +SSL_accept + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_accept - wait for a TLS/SSL client to initiate a TLS/SSL handshake

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_accept(SSL *ssl);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_accept() waits for a TLS/SSL client to initiate the TLS/SSL handshake. +The communication channel must already have been set and assigned to the +ssl by setting an underlying BIO.

    +

    +

    +
    +

    NOTES

    +

    The behaviour of SSL_accept() depends on the underlying BIO.

    +

    If the underlying BIO is blocking, SSL_accept() will only return once the +handshake has been finished or an error occurred.

    +

    If the underlying BIO is non-blocking, SSL_accept() will also return +when the underlying BIO could not satisfy the needs of SSL_accept() +to continue the handshake, indicating the problem by the return value -1. +In this case a call to SSL_get_error() with the +return value of SSL_accept() will yield SSL_ERROR_WANT_READ or +SSL_ERROR_WANT_WRITE. The calling process then must repeat the call after +taking appropriate action to satisfy the needs of SSL_accept(). +The action depends on the underlying BIO. When using a non-blocking socket, +nothing is to be done, but select() can be used to check for the required +condition. When using a buffering BIO, like a BIO pair, data must be written +into or retrieved out of the BIO before being able to continue.

    +

    +

    +
    +

    RETURN VALUES

    +

    The following return values can occur:

    +
      +
    1. +

      The TLS/SSL handshake was not successful but was shut down controlled and +by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the +return value ret to find out the reason.

      +
      2. +
    2. +

      The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been +established.

      + +
      <0
      + +
      +

      The TLS/SSL handshake was not successful because a fatal error occurred either +at the protocol level or a connection failure occurred. The shutdown was +not clean. It can also occur of action is need to continue the operation +for non-blocking BIOs. Call SSL_get_error() with the return value ret +to find out the reason.

      +
      3. +
    +

    +

    +
    +

    SEE ALSO

    +

    SSL_get_error(3), SSL_connect(3), +SSL_shutdown(3), ssl(7), bio(7), +SSL_set_connect_state(3), +SSL_do_handshake(3), +SSL_CTX_new(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_alert_type_string.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_alert_type_string.html new file mode 100755 index 0000000..aec8b5c --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_alert_type_string.html @@ -0,0 +1,298 @@ + + + + +SSL_alert_type_string + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_alert_type_string, SSL_alert_type_string_long, SSL_alert_desc_string, SSL_alert_desc_string_long - get textual description of alert information

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + const char *SSL_alert_type_string(int value);
+ const char *SSL_alert_type_string_long(int value);
    +
    + const char *SSL_alert_desc_string(int value);
+ const char *SSL_alert_desc_string_long(int value);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_alert_type_string() returns a one letter string indicating the +type of the alert specified by value.

    +

    SSL_alert_type_string_long() returns a string indicating the type of the alert +specified by value.

    +

    SSL_alert_desc_string() returns a two letter string as a short form +describing the reason of the alert specified by value.

    +

    SSL_alert_desc_string_long() returns a string describing the reason +of the alert specified by value.

    +

    +

    +
    +

    NOTES

    +

    When one side of an SSL/TLS communication wants to inform the peer about +a special situation, it sends an alert. The alert is sent as a special message +and does not influence the normal data stream (unless its contents results +in the communication being canceled).

    +

    A warning alert is sent, when a non-fatal error condition occurs. The +"close notify" alert is sent as a warning alert. Other examples for +non-fatal errors are certificate errors ("certificate expired", +"unsupported certificate"), for which a warning alert may be sent. +(The sending party may however decide to send a fatal error.) The +receiving side may cancel the connection on reception of a warning +alert on it discretion.

    +

    Several alert messages must be sent as fatal alert messages as specified +by the TLS RFC. A fatal alert always leads to a connection abort.

    +

    +

    +
    +

    RETURN VALUES

    +

    The following strings can occur for SSL_alert_type_string() or +SSL_alert_type_string_long():

    +
    +
    "W"/"warning"
    + +
    "F"/"fatal"
    + +
    "U"/"unknown"
    + +
    +

    This indicates that no support is available for this alert type. +Probably value does not contain a correct alert message.

    +
    +
    +

    The following strings can occur for SSL_alert_desc_string() or +SSL_alert_desc_string_long():

    +
    +
    "CN"/"close notify"
    + +
    +

    The connection shall be closed. This is a warning alert.

    +
    +
    "UM"/"unexpected message"
    + +
    +

    An inappropriate message was received. This alert is always fatal +and should never be observed in communication between proper +implementations.

    +
    +
    "BM"/"bad record mac"
    + +
    +

    This alert is returned if a record is received with an incorrect +MAC. This message is always fatal.

    +
    +
    "DF"/"decompression failure"
    + +
    +

    The decompression function received improper input (e.g. data +that would expand to excessive length). This message is always +fatal.

    +
    +
    "HF"/"handshake failure"
    + +
    +

    Reception of a handshake_failure alert message indicates that the +sender was unable to negotiate an acceptable set of security +parameters given the options available. This is a fatal error.

    +
    +
    "NC"/"no certificate"
    + +
    +

    A client, that was asked to send a certificate, does not send a certificate +(SSLv3 only).

    +
    +
    "BC"/"bad certificate"
    + +
    +

    A certificate was corrupt, contained signatures that did not +verify correctly, etc

    +
    +
    "UC"/"unsupported certificate"
    + +
    +

    A certificate was of an unsupported type.

    +
    +
    "CR"/"certificate revoked"
    + +
    +

    A certificate was revoked by its signer.

    +
    +
    "CE"/"certificate expired"
    + +
    +

    A certificate has expired or is not currently valid.

    +
    +
    "CU"/"certificate unknown"
    + +
    +

    Some other (unspecified) issue arose in processing the +certificate, rendering it unacceptable.

    +
    +
    "IP"/"illegal parameter"
    + +
    +

    A field in the handshake was out of range or inconsistent with +other fields. This is always fatal.

    +
    +
    "DC"/"decryption failed"
    + +
    +

    A TLSCiphertext decrypted in an invalid way: either it wasn't an +even multiple of the block length or its padding values, when +checked, weren't correct. This message is always fatal.

    +
    +
    "RO"/"record overflow"
    + +
    +

    A TLSCiphertext record was received which had a length more than +2^14+2048 bytes, or a record decrypted to a TLSCompressed record +with more than 2^14+1024 bytes. This message is always fatal.

    +
    +
    "CA"/"unknown CA"
    + +
    +

    A valid certificate chain or partial chain was received, but the +certificate was not accepted because the CA certificate could not +be located or couldn't be matched with a known, trusted CA. This +message is always fatal.

    +
    +
    "AD"/"access denied"
    + +
    +

    A valid certificate was received, but when access control was +applied, the sender decided not to proceed with negotiation. +This message is always fatal.

    +
    +
    "DE"/"decode error"
    + +
    +

    A message could not be decoded because some field was out of the +specified range or the length of the message was incorrect. This +message is always fatal.

    +
    +
    "CY"/"decrypt error"
    + +
    +

    A handshake cryptographic operation failed, including being +unable to correctly verify a signature, decrypt a key exchange, +or validate a finished message.

    +
    +
    "ER"/"export restriction"
    + +
    +

    A negotiation not in compliance with export restrictions was +detected; for example, attempting to transfer a 1024 bit +ephemeral RSA key for the RSA_EXPORT handshake method. This +message is always fatal.

    +
    +
    "PV"/"protocol version"
    + +
    +

    The protocol version the client has attempted to negotiate is +recognized, but not supported. (For example, old protocol +versions might be avoided for security reasons). This message is +always fatal.

    +
    +
    "IS"/"insufficient security"
    + +
    +

    Returned instead of handshake_failure when a negotiation has +failed specifically because the server requires ciphers more +secure than those supported by the client. This message is always +fatal.

    +
    +
    "IE"/"internal error"
    + +
    +

    An internal error unrelated to the peer or the correctness of the +protocol makes it impossible to continue (such as a memory +allocation failure). This message is always fatal.

    +
    +
    "US"/"user canceled"
    + +
    +

    This handshake is being canceled for some reason unrelated to a +protocol failure. If the user cancels an operation after the +handshake is complete, just closing the connection by sending a +close_notify is more appropriate. This alert should be followed +by a close_notify. This message is generally a warning.

    +
    +
    "NR"/"no renegotiation"
    + +
    +

    Sent by the client in response to a hello request or by the +server in response to a client hello after initial handshaking. +Either of these would normally lead to renegotiation; when that +is not appropriate, the recipient should respond with this alert; +at that point, the original requester can decide whether to +proceed with the connection. One case where this would be +appropriate would be where a server has spawned a process to +satisfy a request; the process might receive security parameters +(key length, authentication, etc.) at startup and it might be +difficult to communicate changes to these parameters after that +point. This message is always a warning.

    +
    +
    "UP"/"unknown PSK identity"
    + +
    +

    Sent by the server to indicate that it does not recognize a PSK +identity or an SRP identity.

    +
    +
    "UK"/"unknown"
    + +
    +

    This indicates that no description is available for this alert type. +Probably value does not contain a correct alert message.

    +
    +
    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_CTX_set_info_callback(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_alloc_buffers.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_alloc_buffers.html new file mode 100755 index 0000000..b18a975 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_alloc_buffers.html @@ -0,0 +1,101 @@ + + + + +SSL_alloc_buffers + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_free_buffers, SSL_alloc_buffers - manage SSL structure buffers

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_free_buffers(SSL *ssl);
+ int SSL_alloc_buffers(SSL *ssl);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_free_buffers() frees the read and write buffers of the given ssl. +SSL_alloc_buffers() allocates the read and write buffers of the given ssl.

    +

    The SSL_MODE_RELEASE_BUFFERS mode releases read or write buffers whenever +the buffers have been drained. These functions allow applications to manually +control when buffers are freed and allocated.

    +

    After freeing the buffers, the buffers are automatically reallocated upon a +new read or write. The SSL_alloc_buffers() does not need to be called, but +can be used to make sure the buffers are pre-allocated. This can be used to +avoid allocation during data processing or with CRYPTO_set_mem_functions() +to control where and how buffers are allocated.

    +

    +

    +
    +

    RETURN VALUES

    +

    The following return values can occur:

    +
      +
    1. (Failure) + +

      The SSL_free_buffers() function returns 0 when there is pending data to be +read or written. The SSL_alloc_buffers() function returns 0 when there is +an allocation failure.

      +
      2. +
    2. (Success) + +

      The SSL_free_buffers() function returns 1 if the buffers have been freed. This +value is also returned if the buffers had been freed before calling +SSL_free_buffers(). +The SSL_alloc_buffers() function returns 1 if the buffers have been allocated. +This value is also returned if the buffers had been allocated before calling +SSL_alloc_buffers().

      +
      3. +
    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_free(3), SSL_clear(3), +SSL_new(3), SSL_CTX_set_mode(3), +CRYPTO_set_mem_functions(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_check_chain.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_check_chain.html new file mode 100755 index 0000000..7c34064 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_check_chain.html @@ -0,0 +1,119 @@ + + + + +SSL_check_chain + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_check_chain - check certificate chain suitability

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_check_chain() checks whether certificate x, private key pk and +certificate chain chain is suitable for use with the current session +s.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_check_chain() returns a bitmap of flags indicating the validity of the +chain.

    +

    CERT_PKEY_VALID: the chain can be used with the current session. +If this flag is not set then the certificate will never be used even +if the application tries to set it because it is inconsistent with the +peer preferences.

    +

    CERT_PKEY_SIGN: the EE key can be used for signing.

    +

    CERT_PKEY_EE_SIGNATURE: the signature algorithm of the EE certificate is +acceptable.

    +

    CERT_PKEY_CA_SIGNATURE: the signature algorithms of all CA certificates +are acceptable.

    +

    CERT_PKEY_EE_PARAM: the parameters of the end entity certificate are +acceptable (e.g. it is a supported curve).

    +

    CERT_PKEY_CA_PARAM: the parameters of all CA certificates are acceptable.

    +

    CERT_PKEY_EXPLICIT_SIGN: the end entity certificate algorithm +can be used explicitly for signing (i.e. it is mentioned in the signature +algorithms extension).

    +

    CERT_PKEY_ISSUER_NAME: the issuer name is acceptable. This is only +meaningful for client authentication.

    +

    CERT_PKEY_CERT_TYPE: the certificate type is acceptable. Only meaningful +for client authentication.

    +

    CERT_PKEY_SUITEB: chain is suitable for Suite B use.

    +

    +

    +
    +

    NOTES

    +

    SSL_check_chain() must be called in servers after a client hello message or in +clients after a certificate request message. It will typically be called +in the certificate callback.

    +

    An application wishing to support multiple certificate chains may call this +function on each chain in turn: starting with the one it considers the +most secure. It could then use the chain of the first set which returns +suitable flags.

    +

    As a minimum the flag CERT_PKEY_VALID must be set for a chain to be +usable. An application supporting multiple chains with different CA signature +algorithms may also wish to check CERT_PKEY_CA_SIGNATURE too. If no +chain is suitable a server should fall back to the most secure chain which +sets CERT_PKEY_VALID.

    +

    The validity of a chain is determined by checking if it matches a supported +signature algorithm, supported curves and in the case of client authentication +certificate types and issuer names.

    +

    Since the supported signature algorithms extension is only used in TLS 1.2, +TLS 1.3 and DTLS 1.2 the results for earlier versions of TLS and DTLS may not +be very useful. Applications may wish to specify a different "legacy" chain +for earlier versions of TLS or DTLS.

    +

    +

    +
    +

    SEE ALSO

    +

    SSL_CTX_set_cert_cb(3), +ssl(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_clear.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_clear.html new file mode 100755 index 0000000..6412b48 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_clear.html @@ -0,0 +1,117 @@ + + + + +SSL_clear + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_clear - reset SSL object to allow another connection

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_clear(SSL *ssl);
    +

    +

    +
    +

    DESCRIPTION

    +

    Reset ssl to allow another connection. All settings (method, ciphers, +BIOs) are kept.

    +

    +

    +
    +

    NOTES

    +

    SSL_clear is used to prepare an SSL object for a new connection. While all +settings are kept, a side effect is the handling of the current SSL session. +If a session is still open, it is considered bad and will be removed +from the session cache, as required by RFC2246. A session is considered open, +if SSL_shutdown(3) was not called for the connection +or at least SSL_set_shutdown(3) was used to +set the SSL_SENT_SHUTDOWN state.

    +

    If a session was closed cleanly, the session object will be kept and all +settings corresponding. This explicitly means, that e.g. the special method +used during the session will be kept for the next handshake. So if the +session was a TLSv1 session, a SSL client object will use a TLSv1 client +method for the next handshake and a SSL server object will use a TLSv1 +server method, even if TLS_*_methods were chosen on startup. This +will might lead to connection failures (see SSL_new(3)) +for a description of the method's properties.

    +

    +

    +
    +

    WARNINGS

    +

    SSL_clear() resets the SSL object to allow for another connection. The +reset operation however keeps several settings of the last sessions +(some of these settings were made automatically during the last +handshake). It only makes sense for a new connection with the exact +same peer that shares these settings, and may fail if that peer +changes its settings between connections. Use the sequence +SSL_get_session(3); +SSL_new(3); +SSL_set_session(3); +SSL_free(3) +instead to avoid such failures +(or simply SSL_free(3); SSL_new(3) +if session reuse is not desired).

    +

    +

    +
    +

    RETURN VALUES

    +

    The following return values can occur:

    +
      +
    1. +

      The SSL_clear() operation could not be performed. Check the error stack to +find out the reason.

      +
      2. +
    2. +

      The SSL_clear() operation was successful.

      +
      3. +
    +

    SSL_new(3), SSL_free(3), +SSL_shutdown(3), SSL_set_shutdown(3), +SSL_CTX_set_options(3), ssl(7), +SSL_CTX_set_client_cert_cb(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_connect.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_connect.html new file mode 100755 index 0000000..c5404cb --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_connect.html @@ -0,0 +1,129 @@ + + + + +SSL_connect + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_connect - initiate the TLS/SSL handshake with an TLS/SSL server

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_connect(SSL *ssl);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_connect() initiates the TLS/SSL handshake with a server. The communication +channel must already have been set and assigned to the ssl by setting an +underlying BIO.

    +

    +

    +
    +

    NOTES

    +

    The behaviour of SSL_connect() depends on the underlying BIO.

    +

    If the underlying BIO is blocking, SSL_connect() will only return once the +handshake has been finished or an error occurred.

    +

    If the underlying BIO is non-blocking, SSL_connect() will also return +when the underlying BIO could not satisfy the needs of SSL_connect() +to continue the handshake, indicating the problem by the return value -1. +In this case a call to SSL_get_error() with the +return value of SSL_connect() will yield SSL_ERROR_WANT_READ or +SSL_ERROR_WANT_WRITE. The calling process then must repeat the call after +taking appropriate action to satisfy the needs of SSL_connect(). +The action depends on the underlying BIO. When using a non-blocking socket, +nothing is to be done, but select() can be used to check for the required +condition. When using a buffering BIO, like a BIO pair, data must be written +into or retrieved out of the BIO before being able to continue.

    +

    Many systems implement Nagle's algorithm by default which means that it will +buffer outgoing TCP data if a TCP packet has already been sent for which no +corresponding ACK has been received yet from the peer. This can have performance +impacts after a successful TLSv1.3 handshake or a successful TLSv1.2 (or below) +resumption handshake, because the last peer to communicate in the handshake is +the client. If the client is also the first to send application data (as is +typical for many protocols) then this data could be buffered until an ACK has +been received for the final handshake message.

    +

    The TCP_NODELAY socket option is often available to disable Nagle's +algorithm. If an application opts to disable Nagle's algorithm consideration +should be given to turning it back on again later if appropriate. The helper +function BIO_set_tcp_ndelay() can be used to turn on or off the TCP_NODELAY +option.

    +

    +

    +
    +

    RETURN VALUES

    +

    The following return values can occur:

    +
      +
    1. +

      The TLS/SSL handshake was not successful but was shut down controlled and +by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the +return value ret to find out the reason.

      +
      2. +
    2. +

      The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been +established.

      + +
      <0
      + +
      +

      The TLS/SSL handshake was not successful, because a fatal error occurred either +at the protocol level or a connection failure occurred. The shutdown was +not clean. It can also occur of action is need to continue the operation +for non-blocking BIOs. Call SSL_get_error() with the return value ret +to find out the reason.

      +
      3. +
    +

    +

    +
    +

    SEE ALSO

    +

    SSL_get_error(3), SSL_accept(3), +SSL_shutdown(3), ssl(7), bio(7), +SSL_set_connect_state(3), +SSL_do_handshake(3), +SSL_CTX_new(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_do_handshake.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_do_handshake.html new file mode 100755 index 0000000..f356494 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_do_handshake.html @@ -0,0 +1,115 @@ + + + + +SSL_do_handshake + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_do_handshake - perform a TLS/SSL handshake

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_do_handshake(SSL *ssl);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_do_handshake() will wait for a SSL/TLS handshake to take place. If the +connection is in client mode, the handshake will be started. The handshake +routines may have to be explicitly set in advance using either +SSL_set_connect_state(3) or +SSL_set_accept_state(3).

    +

    +

    +
    +

    NOTES

    +

    The behaviour of SSL_do_handshake() depends on the underlying BIO.

    +

    If the underlying BIO is blocking, SSL_do_handshake() will only return +once the handshake has been finished or an error occurred.

    +

    If the underlying BIO is non-blocking, SSL_do_handshake() will also return +when the underlying BIO could not satisfy the needs of SSL_do_handshake() +to continue the handshake. In this case a call to SSL_get_error() with the +return value of SSL_do_handshake() will yield SSL_ERROR_WANT_READ or +SSL_ERROR_WANT_WRITE. The calling process then must repeat the call after +taking appropriate action to satisfy the needs of SSL_do_handshake(). +The action depends on the underlying BIO. When using a non-blocking socket, +nothing is to be done, but select() can be used to check for the required +condition. When using a buffering BIO, like a BIO pair, data must be written +into or retrieved out of the BIO before being able to continue.

    +

    +

    +
    +

    RETURN VALUES

    +

    The following return values can occur:

    +
      +
    1. +

      The TLS/SSL handshake was not successful but was shut down controlled and +by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the +return value ret to find out the reason.

      +
      2. +
    2. +

      The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been +established.

      + +
      <0
      + +
      +

      The TLS/SSL handshake was not successful because a fatal error occurred either +at the protocol level or a connection failure occurred. The shutdown was +not clean. It can also occur of action is need to continue the operation +for non-blocking BIOs. Call SSL_get_error() with the return value ret +to find out the reason.

      +
      3. +
    +

    +

    +
    +

    SEE ALSO

    +

    SSL_get_error(3), SSL_connect(3), +SSL_accept(3), ssl(7), bio(7), +SSL_set_connect_state(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_export_keying_material.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_export_keying_material.html new file mode 100755 index 0000000..ac2d77a --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_export_keying_material.html @@ -0,0 +1,123 @@ + + + + +SSL_export_keying_material + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_export_keying_material, +SSL_export_keying_material_early +- obtain keying material for application use

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
+                                const char *label, size_t llen,
+                                const unsigned char *context,
+                                size_t contextlen, int use_context);
    +
    + int SSL_export_keying_material_early(SSL *s, unsigned char *out, size_t olen,
+                                      const char *label, size_t llen,
+                                      const unsigned char *context,
+                                      size_t contextlen);
    +

    +

    +
    +

    DESCRIPTION

    +

    During the creation of a TLS or DTLS connection shared keying material is +established between the two endpoints. The functions +SSL_export_keying_material() and SSL_export_keying_material_early() enable an +application to use some of this keying material for its own purposes in +accordance with RFC5705 (for TLSv1.2 and below) or RFC8446 (for TLSv1.3).

    +

    SSL_export_keying_material() derives keying material using +the exporter_master_secret established in the handshake.

    +

    SSL_export_keying_material_early() is only usable with TLSv1.3, and derives +keying material using the early_exporter_master_secret (as defined in the +TLS 1.3 RFC). For the client, the early_exporter_master_secret is only +available when the client attempts to send 0-RTT data. For the server, it is +only available when the server accepts 0-RTT data.

    +

    An application may need to securely establish the context within which this +keying material will be used. For example this may include identifiers for the +application session, application algorithms or parameters, or the lifetime of +the context. The context value is left to the application but must be the same +on both sides of the communication.

    +

    For a given SSL connection s, olen bytes of data will be written to +out. The application specific context should be supplied in the location +pointed to by context and should be contextlen bytes long. Provision of +a context is optional. If the context should be omitted entirely then +use_context should be set to 0. Otherwise it should be any other value. If +use_context is 0 then the values of context and contextlen are ignored. +Note that in TLSv1.2 and below a zero length context is treated differently from +no context at all, and will result in different keying material being returned. +In TLSv1.3 a zero length context is that same as no context at all and will +result in the same keying material being returned.

    +

    An application specific label should be provided in the location pointed to by +label and should be llen bytes long. Typically this will be a value from +the IANA Exporter Label Registry +(https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#exporter-labels). +Alternatively labels beginning with "EXPERIMENTAL" are permitted by the standard +to be used without registration. TLSv1.3 imposes a maximum label length of +249 bytes.

    +

    Note that this function is only defined for TLSv1.0 and above, and DTLSv1.0 and +above. Attempting to use it in SSLv3 will result in an error.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_export_keying_material() returns 0 or -1 on failure or 1 on success.

    +

    SSL_export_keying_material_early() returns 0 on failure or 1 on success.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7)

    +

    +

    +
    +

    HISTORY

    +

    The SSL_export_keying_material_early() function was added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_extension_supported.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_extension_supported.html new file mode 100755 index 0000000..6aae891 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_extension_supported.html @@ -0,0 +1,336 @@ + + + + +SSL_extension_supported + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_extension_supported, +SSL_custom_ext_add_cb_ex, +SSL_custom_ext_free_cb_ex, +SSL_custom_ext_parse_cb_ex, +SSL_CTX_add_custom_ext, +SSL_CTX_add_client_custom_ext, SSL_CTX_add_server_custom_ext, +custom_ext_add_cb, custom_ext_free_cb, custom_ext_parse_cb +- custom TLS extension handling

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + typedef int (*SSL_custom_ext_add_cb_ex)(SSL *s, unsigned int ext_type,
+                                         unsigned int context,
+                                         const unsigned char **out,
+                                         size_t *outlen, X509 *x,
+                                         size_t chainidx, int *al,
+                                         void *add_arg);
    +
    + typedef void (*SSL_custom_ext_free_cb_ex)(SSL *s, unsigned int ext_type,
+                                           unsigned int context,
+                                           const unsigned char *out,
+                                           void *add_arg);
    +
    + typedef int (*SSL_custom_ext_parse_cb_ex)(SSL *s, unsigned int ext_type,
+                                           unsigned int context,
+                                           const unsigned char *in,
+                                           size_t inlen, X509 *x,
+                                           size_t chainidx, int *al,
+                                           void *parse_arg);
    +
    + int SSL_CTX_add_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
+                            unsigned int context,
+                            SSL_custom_ext_add_cb_ex add_cb,
+                            SSL_custom_ext_free_cb_ex free_cb,
+                            void *add_arg,
+                            SSL_custom_ext_parse_cb_ex parse_cb,
+                            void *parse_arg);
    +
    + typedef int (*custom_ext_add_cb)(SSL *s, unsigned int ext_type,
+                                  const unsigned char **out,
+                                  size_t *outlen, int *al,
+                                  void *add_arg);
    +
    + typedef void (*custom_ext_free_cb)(SSL *s, unsigned int ext_type,
+                                    const unsigned char *out,
+                                    void *add_arg);
    +
    + typedef int (*custom_ext_parse_cb)(SSL *s, unsigned int ext_type,
+                                    const unsigned char *in,
+                                    size_t inlen, int *al,
+                                    void *parse_arg);
    +
    + int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
+                                   custom_ext_add_cb add_cb,
+                                   custom_ext_free_cb free_cb, void *add_arg,
+                                   custom_ext_parse_cb parse_cb,
+                                   void *parse_arg);
    +
    + int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
+                                   custom_ext_add_cb add_cb,
+                                   custom_ext_free_cb free_cb, void *add_arg,
+                                   custom_ext_parse_cb parse_cb,
+                                   void *parse_arg);
    +
    + int SSL_extension_supported(unsigned int ext_type);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_add_custom_ext() adds a custom extension for a TLS/DTLS client or server +for all supported protocol versions with extension type ext_type and +callbacks add_cb, free_cb and parse_cb (see the +EXTENSION CALLBACKS section below). The context value determines +which messages and under what conditions the extension will be added/parsed (see +the EXTENSION CONTEXTS section below).

    +

    SSL_CTX_add_client_custom_ext() adds a custom extension for a TLS/DTLS client +with extension type ext_type and callbacks add_cb, free_cb and +parse_cb. This function is similar to SSL_CTX_add_custom_ext() except it only +applies to clients, uses the older style of callbacks, and implicitly sets the +context value to:

    +
    + SSL_EXT_TLS1_2_AND_BELOW_ONLY | SSL_EXT_CLIENT_HELLO
+ | SSL_EXT_TLS1_2_SERVER_HELLO | SSL_EXT_IGNORE_ON_RESUMPTION
    +

    SSL_CTX_add_server_custom_ext() adds a custom extension for a TLS/DTLS server +with extension type ext_type and callbacks add_cb, free_cb and +parse_cb. This function is similar to SSL_CTX_add_custom_ext() except it +only applies to servers, uses the older style of callbacks, and implicitly sets +the context value to the same as for SSL_CTX_add_client_custom_ext() above.

    +

    The ext_type parameter corresponds to the extension_type field of +RFC5246 et al. It is not a NID. In all cases the extension type must not be +handled by OpenSSL internally or an error occurs.

    +

    SSL_extension_supported() returns 1 if the extension ext_type is handled +internally by OpenSSL and 0 otherwise.

    +

    +

    +
    +

    EXTENSION CALLBACKS

    +

    The callback add_cb is called to send custom extension data to be +included in various TLS messages. The ext_type parameter is set to the +extension type which will be added and add_arg to the value set when the +extension handler was added. When using the new style callbacks the context +parameter will indicate which message is currently being constructed e.g. for +the ClientHello it will be set to SSL_EXT_CLIENT_HELLO.

    +

    If the application wishes to include the extension ext_type it should +set *out to the extension data, set *outlen to the length of the +extension data and return 1.

    +

    If the add_cb does not wish to include the extension it must return 0.

    +

    If add_cb returns -1 a fatal handshake error occurs using the TLS +alert value specified in *al.

    +

    When constructing the ClientHello, if add_cb is set to NULL a zero length +extension is added for ext_type. For all other messages if add_cb is set +to NULL then no extension is added.

    +

    When constructing a Certificate message the callback will be called for each +certificate in the message. The x parameter will indicate the +current certificate and the chainidx parameter will indicate the position +of the certificate in the message. The first certificate is always the end +entity certificate and has a chainidx value of 0. The certificates are in the +order that they were received in the Certificate message.

    +

    For all messages except the ServerHello and EncryptedExtensions every +registered add_cb is always called to see if the application wishes to add an +extension (as long as all requirements of the specified context are met).

    +

    For the ServerHello and EncryptedExtension messages every registered add_cb +is called once if and only if the requirements of the specified context are +met and the corresponding extension was received in the ClientHello. That is, if +no corresponding extension was received in the ClientHello then add_cb will +not be called.

    +

    If an extension is added (that is add_cb returns 1) free_cb is called +(if it is set) with the value of out set by the add callback. It can be +used to free up any dynamic extension data set by add_cb. Since out is +constant (to permit use of constant data in add_cb) applications may need to +cast away const to free the data.

    +

    The callback parse_cb receives data for TLS extensions. The callback is only +called if the extension is present and relevant for the context (see +EXTENSION CONTEXTS below).

    +

    The extension data consists of inlen bytes in the buffer in for the +extension ext_type.

    +

    If the message being parsed is a TLSv1.3 compatible Certificate message then +parse_cb will be called for each certificate contained within the message. +The x parameter will indicate the current certificate and the chainidx +parameter will indicate the position of the certificate in the message. The +first certificate is always the end entity certificate and has a chainidx +value of 0.

    +

    If the parse_cb considers the extension data acceptable it must return +1. If it returns 0 or a negative value a fatal handshake error occurs +using the TLS alert value specified in *al.

    +

    The buffer in is a temporary internal buffer which will not be valid after +the callback returns.

    +

    +

    +
    +

    EXTENSION CONTEXTS

    +

    An extension context defines which messages and under which conditions an +extension should be added or expected. The context is built up by performing +a bitwise OR of multiple pre-defined values together. The valid context values +are:

    +
    +
    SSL_EXT_TLS_ONLY
    + +
    +

    The extension is only allowed in TLS

    +
    +
    SSL_EXT_DTLS_ONLY
    + +
    +

    The extension is only allowed in DTLS

    +
    +
    SSL_EXT_TLS_IMPLEMENTATION_ONLY
    + +
    +

    The extension is allowed in DTLS, but there is only a TLS implementation +available (so it is ignored in DTLS).

    +
    +
    SSL_EXT_SSL3_ALLOWED
    + +
    +

    Extensions are not typically defined for SSLv3. Setting this value will allow +the extension in SSLv3. Applications will not typically need to use this.

    +
    +
    SSL_EXT_TLS1_2_AND_BELOW_ONLY
    + +
    +

    The extension is only defined for TLSv1.2/DTLSv1.2 and below. Servers will +ignore this extension if it is present in the ClientHello and TLSv1.3 is +negotiated.

    +
    +
    SSL_EXT_TLS1_3_ONLY
    + +
    +

    The extension is only defined for TLS1.3 and above. Servers will ignore this +extension if it is present in the ClientHello and TLSv1.2 or below is +negotiated.

    +
    +
    SSL_EXT_IGNORE_ON_RESUMPTION
    + +
    +

    The extension will be ignored during parsing if a previous session is being +successfully resumed.

    +
    +
    SSL_EXT_CLIENT_HELLO
    + +
    +

    The extension may be present in the ClientHello message.

    +
    +
    SSL_EXT_TLS1_2_SERVER_HELLO
    + +
    +

    The extension may be present in a TLSv1.2 or below compatible ServerHello +message.

    +
    +
    SSL_EXT_TLS1_3_SERVER_HELLO
    + +
    +

    The extension may be present in a TLSv1.3 compatible ServerHello message.

    +
    +
    SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS
    + +
    +

    The extension may be present in an EncryptedExtensions message.

    +
    +
    SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST
    + +
    +

    The extension may be present in a HelloRetryRequest message.

    +
    +
    SSL_EXT_TLS1_3_CERTIFICATE
    + +
    +

    The extension may be present in a TLSv1.3 compatible Certificate message.

    +
    +
    SSL_EXT_TLS1_3_NEW_SESSION_TICKET
    + +
    +

    The extension may be present in a TLSv1.3 compatible NewSessionTicket message.

    +
    +
    SSL_EXT_TLS1_3_CERTIFICATE_REQUEST
    + +
    +

    The extension may be present in a TLSv1.3 compatible CertificateRequest message.

    +
    +
    +

    The context must include at least one message value (otherwise the extension +will never be used).

    +

    +

    +
    +

    NOTES

    +

    The add_arg and parse_arg parameters can be set to arbitrary values +which will be passed to the corresponding callbacks. They can, for example, +be used to store the extension data received in a convenient structure or +pass the extension data to be added or freed when adding extensions.

    +

    If the same custom extension type is received multiple times a fatal +decode_error alert is sent and the handshake aborts. If a custom extension +is received in a ServerHello/EncryptedExtensions message which was not sent in +the ClientHello a fatal unsupported_extension alert is sent and the +handshake is aborted. The ServerHello/EncryptedExtensions add_cb callback is +only called if the corresponding extension was received in the ClientHello. This +is compliant with the TLS specifications. This behaviour ensures that each +callback is called at most once and that an application can never send +unsolicited extensions.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_add_custom_ext(), SSL_CTX_add_client_custom_ext() and +SSL_CTX_add_server_custom_ext() return 1 for success and 0 for failure. A +failure can occur if an attempt is made to add the same ext_type more than +once, if an attempt is made to use an extension type handled internally by +OpenSSL or if an internal error occurs (for example a memory allocation +failure).

    +

    SSL_extension_supported() returns 1 if the extension ext_type is handled +internally by OpenSSL and 0 otherwise.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7)

    +

    +

    +
    +

    HISTORY

    +

    The SSL_CTX_add_custom_ext() function was added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2014-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_free.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_free.html new file mode 100755 index 0000000..e550169 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_free.html @@ -0,0 +1,89 @@ + + + + +SSL_free + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    SSL_free - free an allocated SSL structure

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + void SSL_free(SSL *ssl);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_free() decrements the reference count of ssl, and removes the SSL +structure pointed to by ssl and frees up the allocated memory if the +reference count has reached 0. +If ssl is NULL nothing is done.

    +

    +

    +
    +

    NOTES

    +

    SSL_free() also calls the free()ing procedures for indirectly affected items, if +applicable: the buffering BIO, the read and write BIOs, +cipher lists specially created for this ssl, the SSL_SESSION. +Do not explicitly free these indirectly freed up items before or after +calling SSL_free(), as trying to free things twice may lead to program +failure.

    +

    The ssl session has reference counts from two users: the SSL object, for +which the reference count is removed by SSL_free() and the internal +session cache. If the session is considered bad, because +SSL_shutdown(3) was not called for the connection +and SSL_set_shutdown(3) was not used to set the +SSL_SENT_SHUTDOWN state, the session will also be removed +from the session cache as required by RFC2246.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_free() does not provide diagnostic information.

    +

    SSL_new(3), SSL_clear(3), +SSL_shutdown(3), SSL_set_shutdown(3), +ssl(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_get0_peer_scts.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_get0_peer_scts.html new file mode 100755 index 0000000..6b73630 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_get0_peer_scts.html @@ -0,0 +1,84 @@ + + + + +SSL_get0_peer_scts + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_get0_peer_scts - get SCTs received

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_get0_peer_scts() returns the signed certificate timestamps (SCTs) that have +been received. If this is the first time that this function has been called for +a given SSL instance, it will examine the TLS extensions, OCSP response and +the peer's certificate for SCTs. Future calls will return the same SCTs.

    +

    +

    +
    +

    RESTRICTIONS

    +

    If no Certificate Transparency validation callback has been set (using +SSL_CTX_set_ct_validation_callback or SSL_set_ct_validation_callback), +this function is not guaranteed to return all of the SCTs that the peer is +capable of sending.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_get0_peer_scts() returns a list of SCTs found, or NULL if an error occurs.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_CTX_set_ct_validation_callback(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_get_SSL_CTX.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_get_SSL_CTX.html new file mode 100755 index 0000000..c5a1316 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_get_SSL_CTX.html @@ -0,0 +1,72 @@ + + + + +SSL_get_SSL_CTX + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_get_SSL_CTX - get the SSL_CTX from which an SSL is created

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_get_SSL_CTX() returns a pointer to the SSL_CTX object, from which +ssl was created with SSL_new(3).

    +

    +

    +
    +

    RETURN VALUES

    +

    The pointer to the SSL_CTX object is returned.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_new(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_get_all_async_fds.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_get_all_async_fds.html new file mode 100755 index 0000000..a6eda46 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_get_all_async_fds.html @@ -0,0 +1,125 @@ + + + + +SSL_get_all_async_fds + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_waiting_for_async, +SSL_get_all_async_fds, +SSL_get_changed_async_fds +- manage asynchronous operations

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/async.h>
+ #include <openssl/ssl.h>
    +
    + int SSL_waiting_for_async(SSL *s);
+ int SSL_get_all_async_fds(SSL *s, OSSL_ASYNC_FD *fd, size_t *numfds);
+ int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd, size_t *numaddfds,
+                               OSSL_ASYNC_FD *delfd, size_t *numdelfds);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_waiting_for_async() determines whether an SSL connection is currently +waiting for asynchronous operations to complete (see the SSL_MODE_ASYNC mode +in SSL_CTX_set_mode(3)).

    +

    SSL_get_all_async_fds() returns a list of file descriptor which can be used in a +call to select() or poll() to determine whether the current asynchronous +operation has completed or not. A completed operation will result in data +appearing as "read ready" on the file descriptor (no actual data should be read +from the file descriptor). This function should only be called if the SSL +object is currently waiting for asynchronous work to complete (i.e. +SSL_ERROR_WANT_ASYNC has been received - see SSL_get_error(3)). Typically +the list will only contain one file descriptor. However if multiple asynchronous +capable engines are in use then more than one is possible. The number of file +descriptors returned is stored in *numfds and the file descriptors themselves +are in *fds. The fds parameter may be NULL in which case no file +descriptors are returned but *numfds is still populated. It is the callers +responsibility to ensure sufficient memory is allocated at *fds so typically +this function is called twice (once with a NULL fds parameter and once +without).

    +

    SSL_get_changed_async_fds() returns a list of the asynchronous file descriptors +that have been added and a list that have been deleted since the last +SSL_ERROR_WANT_ASYNC was received (or since the SSL object was created if +no SSL_ERROR_WANT_ASYNC has been received). Similar to SSL_get_all_async_fds() +it is the callers responsibility to ensure that *addfd and *delfd have +sufficient memory allocated, although they may be NULL. The number of added fds +and the number of deleted fds are stored in *numaddfds and *numdelfds +respectively.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_waiting_for_async() will return 1 if the current SSL operation is waiting +for an async operation to complete and 0 otherwise.

    +

    SSL_get_all_async_fds() and SSL_get_changed_async_fds() return 1 on success or +0 on error.

    +

    +

    +
    +

    NOTES

    +

    On Windows platforms the openssl/async.h header is dependent on some +of the types customarily made available by including windows.h. The +application developer is likely to require control over when the latter +is included, commonly as one of the first included headers. Therefore +it is defined as an application developer's responsibility to include +windows.h prior to async.h.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_get_error(3), SSL_CTX_set_mode(3)

    +

    +

    +
    +

    HISTORY

    +

    The SSL_waiting_for_async(), SSL_get_all_async_fds() +and SSL_get_changed_async_fds() functions were added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_get_ciphers.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_get_ciphers.html new file mode 100755 index 0000000..2ff63ec --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_get_ciphers.html @@ -0,0 +1,146 @@ + + + + +SSL_get_ciphers + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_get1_supported_ciphers, +SSL_get_client_ciphers, +SSL_get_ciphers, +SSL_CTX_get_ciphers, +SSL_bytes_to_cipher_list, +SSL_get_cipher_list, +SSL_get_shared_ciphers +- get list of available SSL_CIPHERs

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *ssl);
+ STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx);
+ STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s);
+ STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *ssl);
+ int SSL_bytes_to_cipher_list(SSL *s, const unsigned char *bytes, size_t len,
+                              int isv2format, STACK_OF(SSL_CIPHER) **sk,
+                              STACK_OF(SSL_CIPHER) **scsvs);
+ const char *SSL_get_cipher_list(const SSL *ssl, int priority);
+ char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_get_ciphers() returns the stack of available SSL_CIPHERs for ssl, +sorted by preference. If ssl is NULL or no ciphers are available, NULL +is returned.

    +

    SSL_CTX_get_ciphers() returns the stack of available SSL_CIPHERs for ctx.

    +

    SSL_get1_supported_ciphers() returns the stack of enabled SSL_CIPHERs for +ssl as would be sent in a ClientHello (that is, sorted by preference). +The list depends on settings like the cipher list, the supported protocol +versions, the security level, and the enabled signature algorithms. +SRP and PSK ciphers are only enabled if the appropriate callbacks or settings +have been applied. +The list of ciphers that would be sent in a ClientHello can differ from +the list of ciphers that would be acceptable when acting as a server. +For example, additional ciphers may be usable by a server if there is +a gap in the list of supported protocols, and some ciphers may not be +usable by a server if there is not a suitable certificate configured. +If ssl is NULL or no ciphers are available, NULL is returned.

    +

    SSL_get_client_ciphers() returns the stack of available SSL_CIPHERs matching the +list received from the client on ssl. If ssl is NULL, no ciphers are +available, or ssl is not operating in server mode, NULL is returned.

    +

    SSL_bytes_to_cipher_list() treats the supplied len octets in bytes +as a wire-protocol cipher suite specification (in the three-octet-per-cipher +SSLv2 wire format if isv2format is nonzero; otherwise the two-octet +SSLv3/TLS wire format), and parses the cipher suites supported by the library +into the returned stacks of SSL_CIPHER objects sk and Signalling Cipher-Suite +Values scsvs. Unsupported cipher suites are ignored. Returns 1 on success +and 0 on failure.

    +

    SSL_get_cipher_list() returns a pointer to the name of the SSL_CIPHER +listed for ssl with priority. If ssl is NULL, no ciphers are +available, or there are less ciphers than priority available, NULL +is returned.

    +

    SSL_get_shared_ciphers() creates a colon separated and NUL terminated list of +SSL_CIPHER names that are available in both the client and the server. buf is +the buffer that should be populated with the list of names and size is the +size of that buffer. A pointer to buf is returned on success or NULL on +error. If the supplied buffer is not large enough to contain the complete list +of names then a truncated list of names will be returned. Note that just because +a ciphersuite is available (i.e. it is configured in the cipher list) and shared +by both the client and the server it does not mean that it is enabled (see the +description of SSL_get1_supported_ciphers() above). This function will return +available shared ciphersuites whether or not they are enabled. This is a server +side function only and must only be called after the completion of the initial +handshake.

    +

    +

    +
    +

    NOTES

    +

    The details of the ciphers obtained by SSL_get_ciphers(), SSL_CTX_get_ciphers() +SSL_get1_supported_ciphers() and SSL_get_client_ciphers() can be obtained using +the SSL_CIPHER_get_name(3) family of functions.

    +

    Call SSL_get_cipher_list() with priority starting from 0 to obtain the +sorted list of available ciphers, until NULL is returned.

    +

    Note: SSL_get_ciphers(), SSL_CTX_get_ciphers() and SSL_get_client_ciphers() +return a pointer to an internal cipher stack, which will be freed later on when +the SSL or SSL_SESSION object is freed. Therefore, the calling code MUST NOT +free the return value itself.

    +

    The stack returned by SSL_get1_supported_ciphers() should be freed using +sk_SSL_CIPHER_free().

    +

    The stacks returned by SSL_bytes_to_cipher_list() should be freed using +sk_SSL_CIPHER_free().

    +

    +

    +
    +

    RETURN VALUES

    +

    See DESCRIPTION

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_CTX_set_cipher_list(3), +SSL_CIPHER_get_name(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_get_client_random.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_get_client_random.html new file mode 100755 index 0000000..8c0835a --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_get_client_random.html @@ -0,0 +1,132 @@ + + + + +SSL_get_client_random + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_get_client_random, +SSL_get_server_random, +SSL_SESSION_get_master_key, +SSL_SESSION_set1_master_key +- get internal TLS/SSL random values and get/set master key

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, size_t outlen);
+ size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen);
+ size_t SSL_SESSION_get_master_key(const SSL_SESSION *session,
+                                   unsigned char *out, size_t outlen);
+ int SSL_SESSION_set1_master_key(SSL_SESSION *sess, const unsigned char *in,
+                                 size_t len);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_get_client_random() extracts the random value sent from the client +to the server during the initial SSL/TLS handshake. It copies as many +bytes as it can of this value into the buffer provided in out, +which must have at least outlen bytes available. It returns the +total number of bytes that were actually copied. If outlen is +zero, SSL_get_client_random() copies nothing, and returns the +total size of the client_random value.

    +

    SSL_get_server_random() behaves the same, but extracts the random value +sent from the server to the client during the initial SSL/TLS handshake.

    +

    SSL_SESSION_get_master_key() behaves the same, but extracts the master +secret used to guarantee the security of the SSL/TLS session. This one +can be dangerous if misused; see NOTES below.

    +

    SSL_SESSION_set1_master_key() sets the master key value associated with the +SSL_SESSION sess. For example, this could be used to set up a session based +PSK (see SSL_CTX_set_psk_use_session_callback(3)). The master key of length +len should be provided at in. The supplied master key is copied by the +function, so the caller is responsible for freeing and cleaning any memory +associated with in. The caller must ensure that the length of the key is +suitable for the ciphersuite associated with the SSL_SESSION.

    +

    +

    +
    +

    NOTES

    +

    You probably shouldn't use these functions.

    +

    These functions expose internal values from the TLS handshake, for +use in low-level protocols. You probably should not use them, unless +you are implementing something that needs access to the internal protocol +details.

    +

    Despite the names of SSL_get_client_random() and SSL_get_server_random(), they +ARE NOT random number generators. Instead, they return the mostly-random values that +were already generated and used in the TLS protocol. Using them +in place of RAND_bytes() would be grossly foolish.

    +

    The security of your TLS session depends on keeping the master key secret: +do not expose it, or any information about it, to anybody. +If you need to calculate another secret value that depends on the master +secret, you should probably use SSL_export_keying_material() instead, and +forget that you ever saw these functions.

    +

    In current versions of the TLS protocols, the length of client_random +(and also server_random) is always SSL3_RANDOM_SIZE bytes. Support for +other outlen arguments to the SSL_get_*_random() functions is provided +in case of the unlikely event that a future version or variant of TLS +uses some other length there.

    +

    Finally, though the "client_random" and "server_random" values are called +"random", many TLS implementations will generate four bytes of those +values based on their view of the current time.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_SESSION_set1_master_key() returns 1 on success or 0 on failure.

    +

    For the other functions, if outlen is greater than 0 then these functions +return the number of bytes actually copied, which will be less than or equal to +outlen. If outlen is 0 then these functions return the maximum number +of bytes they would copy -- that is, the length of the underlying field.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +RAND_bytes(3), +SSL_export_keying_material(3), +SSL_CTX_set_psk_use_session_callback(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_get_current_cipher.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_get_current_cipher.html new file mode 100755 index 0000000..dccfe1e --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_get_current_cipher.html @@ -0,0 +1,107 @@ + + + + +SSL_get_current_cipher + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_get_current_cipher, SSL_get_cipher_name, SSL_get_cipher, +SSL_get_cipher_bits, SSL_get_cipher_version, +SSL_get_pending_cipher - get SSL_CIPHER of a connection

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + SSL_CIPHER *SSL_get_current_cipher(const SSL *ssl);
+ SSL_CIPHER *SSL_get_pending_cipher(const SSL *ssl);
    +
    + const char *SSL_get_cipher_name(const SSL *s);
+ const char *SSL_get_cipher(const SSL *s);
+ int SSL_get_cipher_bits(const SSL *s, int *np);
+ const char *SSL_get_cipher_version(const SSL *s);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_get_current_cipher() returns a pointer to an SSL_CIPHER object containing +the description of the actually used cipher of a connection established with +the ssl object. +See SSL_CIPHER_get_name(3) for more details.

    +

    SSL_get_cipher_name() obtains the +name of the currently used cipher. +SSL_get_cipher() is identical to SSL_get_cipher_name(). +SSL_get_cipher_bits() is a +macro to obtain the number of secret/algorithm bits used and +SSL_get_cipher_version() returns the protocol name.

    +

    SSL_get_pending_cipher() returns a pointer to an SSL_CIPHER object containing +the description of the cipher (if any) that has been negotiated for future use +on the connection established with the ssl object, but is not yet in use. +This may be the case during handshake processing, when control flow can be +returned to the application via any of several callback methods. The internal +sequencing of handshake processing and callback invocation is not guaranteed +to be stable from release to release, and at present only the callback set +by SSL_CTX_set_alpn_select_cb() is guaranteed to have a non-NULL return value. +Other callbacks may be added to this list over time.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_get_current_cipher() returns the cipher actually used, or NULL if +no session has been established.

    +

    SSL_get_pending_cipher() returns the cipher to be used at the next change +of cipher suite, or NULL if no such cipher is known.

    +

    +

    +
    +

    NOTES

    +

    SSL_get_cipher, SSL_get_cipher_bits, SSL_get_cipher_version, and +SSL_get_cipher_name are implemented as macros.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_CIPHER_get_name(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_get_default_timeout.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_get_default_timeout.html new file mode 100755 index 0000000..b5f9f1f --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_get_default_timeout.html @@ -0,0 +1,88 @@ + + + + +SSL_get_default_timeout + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_get_default_timeout - get default session timeout value

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + long SSL_get_default_timeout(const SSL *ssl);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_get_default_timeout() returns the default timeout value assigned to +SSL_SESSION objects negotiated for the protocol valid for ssl.

    +

    +

    +
    +

    NOTES

    +

    Whenever a new session is negotiated, it is assigned a timeout value, +after which it will not be accepted for session reuse. If the timeout +value was not explicitly set using +SSL_CTX_set_timeout(3), the hardcoded default +timeout for the protocol will be used.

    +

    SSL_get_default_timeout() return this hardcoded value, which is 300 seconds +for all currently supported protocols.

    +

    +

    +
    +

    RETURN VALUES

    +

    See description.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_CTX_set_session_cache_mode(3), +SSL_SESSION_get_time(3), +SSL_CTX_flush_sessions(3), +SSL_get_default_timeout(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_get_error.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_get_error.html new file mode 100755 index 0000000..c2c0bb3 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_get_error.html @@ -0,0 +1,214 @@ + + + + +SSL_get_error + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_get_error - obtain result code for TLS/SSL I/O operation

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_get_error(const SSL *ssl, int ret);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_get_error() returns a result code (suitable for the C "switch" +statement) for a preceding call to SSL_connect(), SSL_accept(), SSL_do_handshake(), +SSL_read_ex(), SSL_read(), SSL_peek_ex(), SSL_peek(), SSL_shutdown(), +SSL_write_ex() or SSL_write() on ssl. The value returned by that TLS/SSL I/O +function must be passed to SSL_get_error() in parameter ret.

    +

    In addition to ssl and ret, SSL_get_error() inspects the +current thread's OpenSSL error queue. Thus, SSL_get_error() must be +used in the same thread that performed the TLS/SSL I/O operation, and no +other OpenSSL function calls should appear in between. The current +thread's error queue must be empty before the TLS/SSL I/O operation is +attempted, or SSL_get_error() will not work reliably.

    +

    +

    +
    +

    RETURN VALUES

    +

    The following return values can currently occur:

    +
    +
    SSL_ERROR_NONE
    + +
    +

    The TLS/SSL I/O operation completed. This result code is returned +if and only if ret > 0.

    +
    +
    SSL_ERROR_ZERO_RETURN
    + +
    +

    The TLS/SSL peer has closed the connection for writing by sending the +close_notify alert. +No more data can be read. +Note that SSL_ERROR_ZERO_RETURN does not necessarily +indicate that the underlying transport has been closed.

    +
    +
    SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE
    + +
    +

    The operation did not complete and can be retried later.

    +

    SSL_ERROR_WANT_READ is returned when the last operation was a read +operation from a non-blocking BIO. +It means that not enough data was available at this time to complete the +operation. +If at a later time the underlying BIO has data available for reading the same +function can be called again.

    +

    SSL_read() and SSL_read_ex() can also set SSL_ERROR_WANT_READ when there is +still unprocessed data available at either the SSL or the BIO layer, even +for a blocking BIO. +See SSL_read(3) for more information.

    +

    SSL_ERROR_WANT_WRITE is returned when the last operation was a write +to a non-blocking BIO and it was unable to sent all data to the BIO. +When the BIO is writeable again, the same function can be called again.

    +

    Note that the retry may again lead to an SSL_ERROR_WANT_READ or +SSL_ERROR_WANT_WRITE condition. +There is no fixed upper limit for the number of iterations that +may be necessary until progress becomes visible at application +protocol level.

    +

    It is safe to call SSL_read() or SSL_read_ex() when more data is available +even when the call that set this error was an SSL_write() or SSL_write_ex(). +However if the call was an SSL_write() or SSL_write_ex(), it should be called +again to continue sending the application data.

    +

    For socket BIOs (e.g. when SSL_set_fd() was used), select() or +poll() on the underlying socket can be used to find out when the +TLS/SSL I/O function should be retried.

    +

    Caveat: Any TLS/SSL I/O function can lead to either of +SSL_ERROR_WANT_READ and SSL_ERROR_WANT_WRITE. +In particular, +SSL_read_ex(), SSL_read(), SSL_peek_ex(), or SSL_peek() may want to write data +and SSL_write() or SSL_write_ex() may want to read data. +This is mainly because +TLS/SSL handshakes may occur at any time during the protocol (initiated by +either the client or the server); SSL_read_ex(), SSL_read(), SSL_peek_ex(), +SSL_peek(), SSL_write_ex(), and SSL_write() will handle any pending handshakes.

    +
    +
    SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT
    + +
    +

    The operation did not complete; the same TLS/SSL I/O function should be +called again later. The underlying BIO was not connected yet to the peer +and the call would block in connect()/accept(). The SSL function should be +called again when the connection is established. These messages can only +appear with a BIO_s_connect() or BIO_s_accept() BIO, respectively. +In order to find out, when the connection has been successfully established, +on many platforms select() or poll() for writing on the socket file descriptor +can be used.

    +
    +
    SSL_ERROR_WANT_X509_LOOKUP
    + +
    +

    The operation did not complete because an application callback set by +SSL_CTX_set_client_cert_cb() has asked to be called again. +The TLS/SSL I/O function should be called again later. +Details depend on the application.

    +
    +
    SSL_ERROR_WANT_ASYNC
    + +
    +

    The operation did not complete because an asynchronous engine is still +processing data. This will only occur if the mode has been set to SSL_MODE_ASYNC +using SSL_CTX_set_mode(3) or SSL_set_mode(3) and an asynchronous capable +engine is being used. An application can determine whether the engine has +completed its processing using select() or poll() on the asynchronous wait file +descriptor. This file descriptor is available by calling +SSL_get_all_async_fds(3) or SSL_get_changed_async_fds(3). The TLS/SSL I/O +function should be called again later. The function must be called from the +same thread that the original call was made from.

    +
    +
    SSL_ERROR_WANT_ASYNC_JOB
    + +
    +

    The asynchronous job could not be started because there were no async jobs +available in the pool (see ASYNC_init_thread(3)). This will only occur if the +mode has been set to SSL_MODE_ASYNC using SSL_CTX_set_mode(3) or +SSL_set_mode(3) and a maximum limit has been set on the async job pool +through a call to ASYNC_init_thread(3). The application should retry the +operation after a currently executing asynchronous operation for the current +thread has completed.

    +
    +
    SSL_ERROR_WANT_CLIENT_HELLO_CB
    + +
    +

    The operation did not complete because an application callback set by +SSL_CTX_set_client_hello_cb() has asked to be called again. +The TLS/SSL I/O function should be called again later. +Details depend on the application.

    +
    +
    SSL_ERROR_SYSCALL
    + +
    +

    Some non-recoverable, fatal I/O error occurred. The OpenSSL error queue may +contain more information on the error. For socket I/O on Unix systems, consult +errno for details. If this error occurs then no further I/O operations should +be performed on the connection and SSL_shutdown() must not be called.

    +

    This value can also be returned for other errors, check the error queue for +details.

    +
    +
    SSL_ERROR_SSL
    + +
    +

    A non-recoverable, fatal error in the SSL library occurred, usually a protocol +error. The OpenSSL error queue contains more information on the error. If this +error occurs then no further I/O operations should be performed on the +connection and SSL_shutdown() must not be called.

    +
    +
    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7)

    +

    +

    +
    +

    HISTORY

    +

    The SSL_ERROR_WANT_ASYNC error code was added in OpenSSL 1.1.0. +The SSL_ERROR_WANT_CLIENT_HELLO_CB error code was added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_get_extms_support.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_get_extms_support.html new file mode 100755 index 0000000..2d13eb9 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_get_extms_support.html @@ -0,0 +1,76 @@ + + + + +SSL_get_extms_support + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_get_extms_support - extended master secret support

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_get_extms_support(SSL *ssl);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_get_extms_support() indicates whether the current session used extended +master secret.

    +

    This function is implemented as a macro.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_get_extms_support() returns 1 if the current session used extended +master secret, 0 if it did not and -1 if a handshake is currently in +progress i.e. it is not possible to determine if extended master secret +was used.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_get_fd.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_get_fd.html new file mode 100755 index 0000000..6aa6313 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_get_fd.html @@ -0,0 +1,90 @@ + + + + +SSL_get_fd + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_get_fd, SSL_get_rfd, SSL_get_wfd - get file descriptor linked to an SSL object

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_get_fd(const SSL *ssl);
+ int SSL_get_rfd(const SSL *ssl);
+ int SSL_get_wfd(const SSL *ssl);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_get_fd() returns the file descriptor which is linked to ssl. +SSL_get_rfd() and SSL_get_wfd() return the file descriptors for the +read or the write channel, which can be different. If the read and the +write channel are different, SSL_get_fd() will return the file descriptor +of the read channel.

    +

    +

    +
    +

    RETURN VALUES

    +

    The following return values can occur:

    +
    +
    -1
    + +
    +

    The operation failed, because the underlying BIO is not of the correct type +(suitable for file descriptors).

    +
    +
    >=0
    + +
    +

    The file descriptor linked to ssl.

    +
    +
    +

    +

    +
    +

    SEE ALSO

    +

    SSL_set_fd(3), ssl(7) , bio(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_get_peer_cert_chain.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_get_peer_cert_chain.html new file mode 100755 index 0000000..b2c53ba --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_get_peer_cert_chain.html @@ -0,0 +1,113 @@ + + + + +SSL_get_peer_cert_chain + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_get_peer_cert_chain, SSL_get0_verified_chain - get the X509 certificate +chain of the peer

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *ssl);
+ STACK_OF(X509) *SSL_get0_verified_chain(const SSL *ssl);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_get_peer_cert_chain() returns a pointer to STACK_OF(X509) certificates +forming the certificate chain sent by the peer. If called on the client side, +the stack also contains the peer's certificate; if called on the server +side, the peer's certificate must be obtained separately using +SSL_get_peer_certificate(3). +If the peer did not present a certificate, NULL is returned.

    +

    NB: SSL_get_peer_cert_chain() returns the peer chain as sent by the peer: it +only consists of certificates the peer has sent (in the order the peer +has sent them) it is not a verified chain.

    +

    SSL_get0_verified_chain() returns the verified certificate chain +of the peer including the peer's end entity certificate. It must be called +after a session has been successfully established. If peer verification was +not successful (as indicated by SSL_get_verify_result() not returning +X509_V_OK) the chain may be incomplete or invalid.

    +

    +

    +
    +

    NOTES

    +

    If the session is resumed peers do not send certificates so a NULL pointer +is returned by these functions. Applications can call SSL_session_reused() +to determine whether a session is resumed.

    +

    The reference count of each certificate in the returned STACK_OF(X509) object +is not incremented and the returned stack may be invalidated by renegotiation. +If applications wish to use any certificates in the returned chain +indefinitely they must increase the reference counts using X509_up_ref() or +obtain a copy of the whole chain with X509_chain_up_ref().

    +

    +

    +
    +

    RETURN VALUES

    +

    The following return values can occur:

    +
    +
    NULL
    + +
    +

    No certificate was presented by the peer or no connection was established +or the certificate chain is no longer available when a session is reused.

    +
    +
    Pointer to a STACK_OF(X509)
    + +
    +

    The return value points to the certificate chain presented by the peer.

    +
    +
    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_get_peer_certificate(3), X509_up_ref(3), +X509_chain_up_ref(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_get_peer_certificate.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_get_peer_certificate.html new file mode 100755 index 0000000..ab4cd15 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_get_peer_certificate.html @@ -0,0 +1,101 @@ + + + + +SSL_get_peer_certificate + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_get_peer_certificate - get the X509 certificate of the peer

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + X509 *SSL_get_peer_certificate(const SSL *ssl);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_get_peer_certificate() returns a pointer to the X509 certificate the +peer presented. If the peer did not present a certificate, NULL is returned.

    +

    +

    +
    +

    NOTES

    +

    Due to the protocol definition, a TLS/SSL server will always send a +certificate, if present. A client will only send a certificate when +explicitly requested to do so by the server (see +SSL_CTX_set_verify(3)). If an anonymous cipher +is used, no certificates are sent.

    +

    That a certificate is returned does not indicate information about the +verification state, use SSL_get_verify_result(3) +to check the verification state.

    +

    The reference count of the X509 object is incremented by one, so that it +will not be destroyed when the session containing the peer certificate is +freed. The X509 object must be explicitly freed using X509_free().

    +

    +

    +
    +

    RETURN VALUES

    +

    The following return values can occur:

    +
    +
    NULL
    + +
    +

    No certificate was presented by the peer or no connection was established.

    +
    +
    Pointer to an X509 certificate
    + +
    +

    The return value points to the certificate presented by the peer.

    +
    +
    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_get_verify_result(3), +SSL_CTX_set_verify(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_get_peer_signature_nid.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_get_peer_signature_nid.html new file mode 100755 index 0000000..dd3f530 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_get_peer_signature_nid.html @@ -0,0 +1,88 @@ + + + + +SSL_get_peer_signature_nid + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_get_peer_signature_nid, SSL_get_peer_signature_type_nid, +SSL_get_signature_nid, SSL_get_signature_type_nid - get TLS message signing +types

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_get_peer_signature_nid(SSL *ssl, int *psig_nid);
+ int SSL_get_peer_signature_type_nid(const SSL *ssl, int *psigtype_nid);
+ int SSL_get_signature_nid(SSL *ssl, int *psig_nid);
+ int SSL_get_signature_type_nid(const SSL *ssl, int *psigtype_nid);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_get_peer_signature_nid() sets *psig_nid to the NID of the digest used +by the peer to sign TLS messages. It is implemented as a macro.

    +

    SSL_get_peer_signature_type_nid() sets *psigtype_nid to the signature +type used by the peer to sign TLS messages. Currently the signature type +is the NID of the public key type used for signing except for PSS signing +where it is EVP_PKEY_RSA_PSS. To differentiate between +rsa_pss_rsae_* and rsa_pss_pss_* signatures, it's necessary to check +the type of public key in the peer's certificate.

    +

    SSL_get_signature_nid() and SSL_get_signature_type_nid() return the equivalent +information for the local end of the connection.

    +

    +

    +
    +

    RETURN VALUES

    +

    These functions return 1 for success and 0 for failure. There are several +possible reasons for failure: the cipher suite has no signature (e.g. it +uses RSA key exchange or is anonymous), the TLS version is below 1.2 or +the functions were called too early, e.g. before the peer signed a message.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_get_peer_certificate(3),

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_get_peer_tmp_key.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_get_peer_tmp_key.html new file mode 100755 index 0000000..59bbdcd --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_get_peer_tmp_key.html @@ -0,0 +1,90 @@ + + + + +SSL_get_peer_tmp_key + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_get_peer_tmp_key, SSL_get_server_tmp_key, SSL_get_tmp_key - get information +about temporary keys used during a handshake

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + long SSL_get_peer_tmp_key(SSL *ssl, EVP_PKEY **key);
+ long SSL_get_server_tmp_key(SSL *ssl, EVP_PKEY **key);
+ long SSL_get_tmp_key(SSL *ssl, EVP_PKEY **key);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_get_peer_tmp_key() returns the temporary key provided by the peer and +used during key exchange. For example, if ECDHE is in use, then this represents +the peer's public ECDHE key. On success a pointer to the key is stored in +*key. It is the caller's responsibility to free this key after use using +EVP_PKEY_free(3).

    +

    SSL_get_server_tmp_key() is a backwards compatibility alias for +SSL_get_peer_tmp_key(). +Under that name it worked just on the client side of the connection, its +behaviour on the server end is release-dependent.

    +

    SSL_get_tmp_key() returns the equivalent information for the local +end of the connection.

    +

    +

    +
    +

    RETURN VALUES

    +

    All these functions return 1 on success and 0 otherwise.

    +

    +

    +
    +

    NOTES

    +

    This function is implemented as a macro.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), EVP_PKEY_free(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_get_psk_identity.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_get_psk_identity.html new file mode 100755 index 0000000..5ab5eba --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_get_psk_identity.html @@ -0,0 +1,80 @@ + + + + +SSL_get_psk_identity + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_get_psk_identity, SSL_get_psk_identity_hint - get PSK client identity and hint

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + const char *SSL_get_psk_identity_hint(const SSL *ssl);
+ const char *SSL_get_psk_identity(const SSL *ssl);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_get_psk_identity_hint() is used to retrieve the PSK identity hint +used during the connection setup related to SSL object +ssl. Similarly, SSL_get_psk_identity() is used to retrieve the PSK +identity used during the connection setup.

    +

    +

    +
    +

    RETURN VALUES

    +

    If non-NULL, SSL_get_psk_identity_hint() returns the PSK identity +hint and SSL_get_psk_identity() returns the PSK identity. Both are +NULL-terminated. SSL_get_psk_identity_hint() may return NULL if +no PSK identity hint was used during the connection setup.

    +

    Note that the return value is valid only during the lifetime of the +SSL object ssl.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_get_rbio.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_get_rbio.html new file mode 100755 index 0000000..4fcba55 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_get_rbio.html @@ -0,0 +1,86 @@ + + + + +SSL_get_rbio + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_get_rbio, SSL_get_wbio - get BIO linked to an SSL object

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + BIO *SSL_get_rbio(SSL *ssl);
+ BIO *SSL_get_wbio(SSL *ssl);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_get_rbio() and SSL_get_wbio() return pointers to the BIOs for the +read or the write channel, which can be different. The reference count +of the BIO is not incremented.

    +

    +

    +
    +

    RETURN VALUES

    +

    The following return values can occur:

    +
    +
    NULL
    + +
    +

    No BIO was connected to the SSL object

    +
    +
    Any other pointer
    + +
    +

    The BIO linked to ssl.

    +
    +
    +

    +

    +
    +

    SEE ALSO

    +

    SSL_set_bio(3), ssl(7) , bio(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_get_session.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_get_session.html new file mode 100755 index 0000000..d2c515c --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_get_session.html @@ -0,0 +1,140 @@ + + + + +SSL_get_session + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_get_session, SSL_get0_session, SSL_get1_session - retrieve TLS/SSL session data

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + SSL_SESSION *SSL_get_session(const SSL *ssl);
+ SSL_SESSION *SSL_get0_session(const SSL *ssl);
+ SSL_SESSION *SSL_get1_session(SSL *ssl);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_get_session() returns a pointer to the SSL_SESSION actually used in +ssl. The reference count of the SSL_SESSION is not incremented, so +that the pointer can become invalid by other operations.

    +

    SSL_get0_session() is the same as SSL_get_session().

    +

    SSL_get1_session() is the same as SSL_get_session(), but the reference +count of the SSL_SESSION is incremented by one.

    +

    +

    +
    +

    NOTES

    +

    The ssl session contains all information required to re-establish the +connection without a full handshake for SSL versions up to and including +TLSv1.2. In TLSv1.3 the same is true, but sessions are established after the +main handshake has occurred. The server will send the session information to the +client at a time of its choosing, which may be some while after the initial +connection is established (or never). Calling these functions on the client side +in TLSv1.3 before the session has been established will still return an +SSL_SESSION object but that object cannot be used for resuming the session. See +SSL_SESSION_is_resumable(3) for information on how to determine whether an +SSL_SESSION object can be used for resumption or not.

    +

    Additionally, in TLSv1.3, a server can send multiple messages that establish a +session for a single connection. In that case the above functions will only +return information on the last session that was received.

    +

    The preferred way for applications to obtain a resumable SSL_SESSION object is +to use a new session callback as described in SSL_CTX_sess_set_new_cb(3). +The new session callback is only invoked when a session is actually established, +so this avoids the problem described above where an application obtains an +SSL_SESSION object that cannot be used for resumption in TLSv1.3. It also +enables applications to obtain information about all sessions sent by the +server.

    +

    A session will be automatically removed from the session cache and marked as +non-resumable if the connection is not closed down cleanly, e.g. if a fatal +error occurs on the connection or SSL_shutdown(3) is not called prior to +SSL_free(3).

    +

    In TLSv1.3 it is recommended that each SSL_SESSION object is only used for +resumption once.

    +

    SSL_get0_session() returns a pointer to the actual session. As the +reference counter is not incremented, the pointer is only valid while +the connection is in use. If SSL_clear(3) or +SSL_free(3) is called, the session may be removed completely +(if considered bad), and the pointer obtained will become invalid. Even +if the session is valid, it can be removed at any time due to timeout +during SSL_CTX_flush_sessions(3).

    +

    If the data is to be kept, SSL_get1_session() will increment the reference +count, so that the session will not be implicitly removed by other operations +but stays in memory. In order to remove the session +SSL_SESSION_free(3) must be explicitly called once +to decrement the reference count again.

    +

    SSL_SESSION objects keep internal link information about the session cache +list, when being inserted into one SSL_CTX object's session cache. +One SSL_SESSION object, regardless of its reference count, must therefore +only be used with one SSL_CTX object (and the SSL objects created +from this SSL_CTX object).

    +

    +

    +
    +

    RETURN VALUES

    +

    The following return values can occur:

    +
    +
    NULL
    + +
    +

    There is no session available in ssl.

    +
    +
    Pointer to an SSL_SESSION
    + +
    +

    The return value points to the data of an SSL session.

    +
    +
    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_free(3), +SSL_clear(3), +SSL_SESSION_free(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_get_shared_sigalgs.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_get_shared_sigalgs.html new file mode 100755 index 0000000..04e0e4e --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_get_shared_sigalgs.html @@ -0,0 +1,119 @@ + + + + +SSL_get_shared_sigalgs + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_get_shared_sigalgs, SSL_get_sigalgs - get supported signature algorithms

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_get_shared_sigalgs(SSL *s, int idx,
+                            int *psign, int *phash, int *psignhash,
+                            unsigned char *rsig, unsigned char *rhash);
    +
    + int SSL_get_sigalgs(SSL *s, int idx,
+                     int *psign, int *phash, int *psignhash,
+                     unsigned char *rsig, unsigned char *rhash);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_get_shared_sigalgs() returns information about the shared signature +algorithms supported by peer s. The parameter idx indicates the index +of the shared signature algorithm to return starting from zero. The signature +algorithm NID is written to *psign, the hash NID to *phash and the +sign and hash NID to *psignhash. The raw signature and hash values +are written to *rsig and *rhash.

    +

    SSL_get_sigalgs() is similar to SSL_get_shared_sigalgs() except it returns +information about all signature algorithms supported by s in the order +they were sent by the peer.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_get_shared_sigalgs() and SSL_get_sigalgs() return the number of +signature algorithms or 0 if the idx parameter is out of range.

    +

    +

    +
    +

    NOTES

    +

    These functions are typically called for debugging purposes (to report +the peer's preferences) or where an application wants finer control over +certificate selection. Most applications will rely on internal handling +and will not need to call them.

    +

    If an application is only interested in the highest preference shared +signature algorithm it can just set idx to zero.

    +

    Any or all of the parameters psign, phash, psignhash, rsig or +rhash can be set to NULL if the value is not required. By setting +them all to NULL and setting idx to zero the total number of +signature algorithms can be determined: which can be zero.

    +

    These functions must be called after the peer has sent a list of supported +signature algorithms: after a client hello (for servers) or a certificate +request (for clients). They can (for example) be called in the certificate +callback.

    +

    Only TLS 1.2, TLS 1.3 and DTLS 1.2 currently support signature algorithms. +If these +functions are called on an earlier version of TLS or DTLS zero is returned.

    +

    The shared signature algorithms returned by SSL_get_shared_sigalgs() are +ordered according to configuration and peer preferences.

    +

    The raw values correspond to the on the wire form as defined by RFC5246 et al. +The NIDs are OpenSSL equivalents. For example if the peer sent sha256(4) and +rsa(1) then *rhash would be 4, *rsign 1, *phash NID_sha256, *psig +NID_rsaEncryption and *psighash NID_sha256WithRSAEncryption.

    +

    If a signature algorithm is not recognised the corresponding NIDs +will be set to NID_undef. This may be because the value is not supported, +is not an appropriate combination (for example MD5 and DSA) or the +signature algorithm does not use a hash (for example Ed25519).

    +

    +

    +
    +

    SEE ALSO

    +

    SSL_CTX_set_cert_cb(3), +ssl(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_get_verify_result.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_get_verify_result.html new file mode 100755 index 0000000..387c206 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_get_verify_result.html @@ -0,0 +1,106 @@ + + + + +SSL_get_verify_result + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_get_verify_result - get result of peer certificate verification

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + long SSL_get_verify_result(const SSL *ssl);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_get_verify_result() returns the result of the verification of the +X509 certificate presented by the peer, if any.

    +

    +

    +
    +

    NOTES

    +

    SSL_get_verify_result() can only return one error code while the verification +of a certificate can fail because of many reasons at the same time. Only +the last verification error that occurred during the processing is available +from SSL_get_verify_result().

    +

    The verification result is part of the established session and is restored +when a session is reused.

    +

    +

    +
    +

    BUGS

    +

    If no peer certificate was presented, the returned result code is +X509_V_OK. This is because no verification error occurred, it does however +not indicate success. SSL_get_verify_result() is only useful in connection +with SSL_get_peer_certificate(3).

    +

    +

    +
    +

    RETURN VALUES

    +

    The following return values can currently occur:

    +
    +
    X509_V_OK
    + +
    +

    The verification succeeded or no peer certificate was presented.

    +
    +
    Any other value
    + +
    +

    Documented in openssl-verify(1).

    +
    +
    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_set_verify_result(3), +SSL_get_peer_certificate(3), +openssl-verify(1)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_get_version.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_get_version.html new file mode 100755 index 0000000..1e7e48a --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_get_version.html @@ -0,0 +1,154 @@ + + + + +SSL_get_version + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_client_version, SSL_get_version, SSL_is_dtls, SSL_version - get the +protocol information of a connection

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_client_version(const SSL *s);
    +
    + const char *SSL_get_version(const SSL *ssl);
    +
    + int SSL_is_dtls(const SSL *ssl);
    +
    + int SSL_version(const SSL *s);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_client_version() returns the numeric protocol version advertised by the +client in the legacy_version field of the ClientHello when initiating the +connection. Note that, for TLS, this value will never indicate a version greater +than TLSv1.2 even if TLSv1.3 is subsequently negotiated. SSL_get_version() +returns the name of the protocol used for the connection. SSL_version() returns +the numeric protocol version used for the connection. They should only be called +after the initial handshake has been completed. Prior to that the results +returned from these functions may be unreliable.

    +

    SSL_is_dtls() returns one if the connection is using DTLS, zero if not.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_get_version() returns one of the following strings:

    +
    +
    SSLv3
    + +
    +

    The connection uses the SSLv3 protocol.

    +
    +
    TLSv1
    + +
    +

    The connection uses the TLSv1.0 protocol.

    +
    +
    TLSv1.1
    + +
    +

    The connection uses the TLSv1.1 protocol.

    +
    +
    TLSv1.2
    + +
    +

    The connection uses the TLSv1.2 protocol.

    +
    +
    TLSv1.3
    + +
    +

    The connection uses the TLSv1.3 protocol.

    +
    +
    unknown
    + +
    +

    This indicates an unknown protocol version.

    +
    +
    +

    SSL_version() and SSL_client_version() return an integer which could include any +of the following:

    +
    +
    SSL3_VERSION
    + +
    +

    The connection uses the SSLv3 protocol.

    +
    +
    TLS1_VERSION
    + +
    +

    The connection uses the TLSv1.0 protocol.

    +
    +
    TLS1_1_VERSION
    + +
    +

    The connection uses the TLSv1.1 protocol.

    +
    +
    TLS1_2_VERSION
    + +
    +

    The connection uses the TLSv1.2 protocol.

    +
    +
    TLS1_3_VERSION
    + +
    +

    The connection uses the TLSv1.3 protocol (never returned for +SSL_client_version()).

    +
    +
    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7)

    +

    +

    +
    +

    HISTORY

    +

    The SSL_is_dtls() function was added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_in_init.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_in_init.html new file mode 100755 index 0000000..bbe6375 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_in_init.html @@ -0,0 +1,135 @@ + + + + +SSL_in_init + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_in_before, +SSL_in_init, +SSL_is_init_finished, +SSL_in_connect_init, +SSL_in_accept_init, +SSL_get_state +- retrieve information about the handshake state machine

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_in_init(const SSL *s);
+ int SSL_in_before(const SSL *s);
+ int SSL_is_init_finished(const SSL *s);
    +
    + int SSL_in_connect_init(SSL *s);
+ int SSL_in_accept_init(SSL *s);
    +
    + OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_in_init() returns 1 if the SSL/TLS state machine is currently processing or +awaiting handshake messages, or 0 otherwise.

    +

    SSL_in_before() returns 1 if no SSL/TLS handshake has yet been initiated, or 0 +otherwise.

    +

    SSL_is_init_finished() returns 1 if the SSL/TLS connection is in a state where +fully protected application data can be transferred or 0 otherwise.

    +

    Note that in some circumstances (such as when early data is being transferred) +SSL_in_init(), SSL_in_before() and SSL_is_init_finished() can all return 0.

    +

    SSL_in_connect_init() returns 1 if s is acting as a client and SSL_in_init() +would return 1, or 0 otherwise.

    +

    SSL_in_accept_init() returns 1 if s is acting as a server and SSL_in_init() +would return 1, or 0 otherwise.

    +

    SSL_in_connect_init() and SSL_in_accept_init() are implemented as macros.

    +

    SSL_get_state() returns a value indicating the current state of the handshake +state machine. OSSL_HANDSHAKE_STATE is an enumerated type where each value +indicates a discrete state machine state. Note that future versions of OpenSSL +may define more states so applications should expect to receive unrecognised +state values. The naming format is made up of a number of elements as follows:

    +

    protocol_ST_role_message

    +

    protocol is one of TLS or DTLS. DTLS is used where a state is specific to the +DTLS protocol. Otherwise TLS is used.

    +

    role is one of CR, CW, SR or SW to indicate "client reading", +"client writing", "server reading" or "server writing" respectively.

    +

    message is the name of a handshake message that is being or has been sent, or +is being or has been processed.

    +

    Additionally there are some special states that do not conform to the above +format. These are:

    +
    +
    TLS_ST_BEFORE
    + +
    +

    No handshake messages have yet been been sent or received.

    +
    +
    TLS_ST_OK
    + +
    +

    Handshake message sending/processing has completed.

    +
    +
    TLS_ST_EARLY_DATA
    + +
    +

    Early data is being processed

    +
    +
    TLS_ST_PENDING_EARLY_DATA_END
    + +
    +

    Awaiting the end of early data processing

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_in_init(), SSL_in_before(), SSL_is_init_finished(), SSL_in_connect_init() +and SSL_in_accept_init() return values as indicated above.

    +

    SSL_get_state() returns the current handshake state.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +SSL_read_early_data(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_key_update.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_key_update.html new file mode 100755 index 0000000..289475b --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_key_update.html @@ -0,0 +1,139 @@ + + + + +SSL_key_update + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_key_update, +SSL_get_key_update_type, +SSL_renegotiate, +SSL_renegotiate_abbreviated, +SSL_renegotiate_pending +- initiate and obtain information about updating connection keys

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_key_update(SSL *s, int updatetype);
+ int SSL_get_key_update_type(const SSL *s);
    +
    + int SSL_renegotiate(SSL *s);
+ int SSL_renegotiate_abbreviated(SSL *s);
+ int SSL_renegotiate_pending(const SSL *s);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_key_update() schedules an update of the keys for the current TLS connection. +If the updatetype parameter is set to SSL_KEY_UPDATE_NOT_REQUESTED then +the sending keys for this connection will be updated and the peer will be +informed of the change. If the updatetype parameter is set to +SSL_KEY_UPDATE_REQUESTED then the sending keys for this connection will be +updated and the peer will be informed of the change along with a request for the +peer to additionally update its sending keys. It is an error if updatetype is +set to SSL_KEY_UPDATE_NONE.

    +

    SSL_key_update() must only be called after the initial handshake has been +completed and TLSv1.3 has been negotiated. The key update will not take place +until the next time an IO operation such as SSL_read_ex() or SSL_write_ex() +takes place on the connection. Alternatively SSL_do_handshake() can be called to +force the update to take place immediately.

    +

    SSL_get_key_update_type() can be used to determine whether a key update +operation has been scheduled but not yet performed. The type of the pending key +update operation will be returned if there is one, or SSL_KEY_UPDATE_NONE +otherwise.

    +

    SSL_renegotiate() and SSL_renegotiate_abbreviated() should only be called for +connections that have negotiated TLSv1.2 or less. Calling them on any other +connection will result in an error.

    +

    When called from the client side, SSL_renegotiate() schedules a completely new +handshake over an existing SSL/TLS connection. The next time an IO operation +such as SSL_read_ex() or SSL_write_ex() takes place on the connection a check +will be performed to confirm that it is a suitable time to start a +renegotiation. If so, then it will be initiated immediately. OpenSSL will not +attempt to resume any session associated with the connection in the new +handshake.

    +

    When called from the client side, SSL_renegotiate_abbreviated() works in the +same was as SSL_renegotiate() except that OpenSSL will attempt to resume the +session associated with the current connection in the new handshake.

    +

    When called from the server side, SSL_renegotiate() and +SSL_renegotiate_abbreviated() behave identically. They both schedule a request +for a new handshake to be sent to the client. The next time an IO operation is +performed then the same checks as on the client side are performed and then, if +appropriate, the request is sent. The client may or may not respond with a new +handshake and it may or may not attempt to resume an existing session. If +a new handshake is started then this will be handled transparently by calling +any OpenSSL IO function.

    +

    If an OpenSSL client receives a renegotiation request from a server then again +this will be handled transparently through calling any OpenSSL IO function. For +a TLS connection the client will attempt to resume the current session in the +new handshake. For historical reasons, DTLS clients will not attempt to resume +the session in the new handshake.

    +

    The SSL_renegotiate_pending() function returns 1 if a renegotiation or +renegotiation request has been scheduled but not yet acted on, or 0 otherwise.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_key_update(), SSL_renegotiate() and SSL_renegotiate_abbreviated() return 1 +on success or 0 on error.

    +

    SSL_get_key_update_type() returns the update type of the pending key update +operation or SSL_KEY_UPDATE_NONE if there is none.

    +

    SSL_renegotiate_pending() returns 1 if a renegotiation or renegotiation request +has been scheduled but not yet acted on, or 0 otherwise.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_read_ex(3), +SSL_write_ex(3), +SSL_do_handshake(3)

    +

    +

    +
    +

    HISTORY

    +

    The SSL_key_update() and SSL_get_key_update_type() functions were added in +OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_library_init.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_library_init.html new file mode 100755 index 0000000..2ac91b7 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_library_init.html @@ -0,0 +1,99 @@ + + + + +SSL_library_init + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_library_init, OpenSSL_add_ssl_algorithms +- initialize SSL library by registering algorithms

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_library_init(void);
    +
    + int OpenSSL_add_ssl_algorithms(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_library_init() registers the available SSL/TLS ciphers and digests.

    +

    OpenSSL_add_ssl_algorithms() is a synonym for SSL_library_init() and is +implemented as a macro.

    +

    +

    +
    +

    NOTES

    +

    SSL_library_init() must be called before any other action takes place. +SSL_library_init() is not reentrant.

    +

    +

    +
    +

    WARNINGS

    +

    SSL_library_init() adds ciphers and digests used directly and indirectly by +SSL/TLS.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_library_init() always returns "1", so it is safe to discard the return +value.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +RAND_add(3)

    +

    +

    +
    +

    HISTORY

    +

    The SSL_library_init() and OpenSSL_add_ssl_algorithms() functions were +deprecated in OpenSSL 1.1.0 by OPENSSL_init_ssl().

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_load_client_CA_file.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_load_client_CA_file.html new file mode 100755 index 0000000..bfb5bce --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_load_client_CA_file.html @@ -0,0 +1,138 @@ + + + + +SSL_load_client_CA_file + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_load_client_CA_file, +SSL_add_file_cert_subjects_to_stack, +SSL_add_dir_cert_subjects_to_stack, +SSL_add_store_cert_subjects_to_stack +- load certificate names

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
    +
    + int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
+                                         const char *file)
+ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
+                                        const char *dir)
+ int SSL_add_store_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
+                                          const char *store)
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_load_client_CA_file() reads certificates from file and returns +a STACK_OF(X509_NAME) with the subject names found.

    +

    SSL_add_file_cert_subjects_to_stack() reads certificates from file, +and adds their subject name to the already existing stack.

    +

    SSL_add_dir_cert_subjects_to_stack() reads certificates from every +file in the directory dir, and adds their subject name to the +already existing stack.

    +

    SSL_add_store_cert_subjects_to_stack() loads certificates from the +store URI, and adds their subject name to the already existing +stack.

    +

    +

    +
    +

    NOTES

    +

    SSL_load_client_CA_file() reads a file of PEM formatted certificates and +extracts the X509_NAMES of the certificates found. While the name suggests +the specific usage as support function for +SSL_CTX_set_client_CA_list(3), +it is not limited to CA certificates.

    +

    +

    +
    +

    RETURN VALUES

    +

    The following return values can occur:

    +
    +
    NULL
    + +
    +

    The operation failed, check out the error stack for the reason.

    +
    +
    Pointer to STACK_OF(X509_NAME)
    + +
    +

    Pointer to the subject names of the successfully read certificates.

    +
    +
    +

    +

    +
    +

    EXAMPLES

    +

    Load names of CAs from file and use it as a client CA list:

    +
    + SSL_CTX *ctx;
+ STACK_OF(X509_NAME) *cert_names;
    +
    + ...
+ cert_names = SSL_load_client_CA_file("/path/to/CAfile.pem");
+ if (cert_names != NULL)
+     SSL_CTX_set_client_CA_list(ctx, cert_names);
+ else
+     /* error */
+ ...
    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +ossl_store(7), +SSL_CTX_set_client_CA_list(3)

    +

    +

    +
    +

    HISTORY

    +

    SSL_add_store_cert_subjects_to_stack() was added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_new.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_new.html new file mode 100755 index 0000000..2f05543 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_new.html @@ -0,0 +1,115 @@ + + + + +SSL_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_dup, SSL_new, SSL_up_ref - create an SSL structure for a connection

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + SSL *SSL_dup(SSL *s);
+ SSL *SSL_new(SSL_CTX *ctx);
+ int SSL_up_ref(SSL *s);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_new() creates a new SSL structure which is needed to hold the +data for a TLS/SSL connection. The new structure inherits the settings +of the underlying context ctx: connection method, +options, verification settings, timeout settings. An SSL structure is +reference counted. Creating an SSL structure for the first time increments +the reference count. Freeing it (using SSL_free) decrements it. When the +reference count drops to zero, any memory or resources allocated to the SSL +structure are freed.

    +

    SSL_up_ref() increments the reference count for an +existing SSL structure.

    +

    SSL_dup() duplicates an existing SSL structure into a new allocated one +or just increments the reference count if the connection is active. All +settings are inherited from the original SSL structure. Dynamic data (i.e. +existing connection details) are not copied, the new SSL is set into an +initial accept (server) or connect (client) state.

    +

    SSL_dup() allows applications to configure an SSL handle for use in multiple +SSL connections, and then duplicate it prior to initiating each connection +with the duplicated handle. Use of SSL_dup() avoids the need to repeat +the configuration of the handles for each connection.

    +

    For SSL_dup() to work, the connection MUST be in its initial state and +MUST NOT have not yet have started the SSL handshake. For connections +that are not in their initial state SSL_dup() just increments an internal +reference count and returns the same handle. It may be possible to +use SSL_clear(3) to recycle an SSL handle that is not in its initial +state for re-use, but this is best avoided. Instead, save and restore +the session, if desired, and construct a fresh handle for each connection.

    +

    +

    +
    +

    RETURN VALUES

    +

    The following return values can occur:

    +
    +
    NULL
    + +
    +

    The creation of a new SSL structure failed. Check the error stack to +find out the reason.

    +
    +
    Pointer to an SSL structure
    + +
    +

    The return value points to an allocated SSL structure.

    +

    SSL_up_ref() returns 1 for success and 0 for failure.

    +
    +
    +

    +

    +
    +

    SEE ALSO

    +

    SSL_free(3), SSL_clear(3), +SSL_CTX_set_options(3), +SSL_get_SSL_CTX(3), +ssl(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_pending.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_pending.html new file mode 100755 index 0000000..fbb280a --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_pending.html @@ -0,0 +1,105 @@ + + + + +SSL_pending + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_pending, SSL_has_pending - check for readable bytes buffered in an +SSL object

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_pending(const SSL *ssl);
+ int SSL_has_pending(const SSL *s);
    +

    +

    +
    +

    DESCRIPTION

    +

    Data is received in whole blocks known as records from the peer. A whole record +is processed (e.g. decrypted) in one go and is buffered by OpenSSL until it is +read by the application via a call to SSL_read_ex(3) or SSL_read(3).

    +

    SSL_pending() returns the number of bytes which have been processed, buffered +and are available inside ssl for immediate read.

    +

    If the SSL object's read_ahead flag is set (see +SSL_CTX_set_read_ahead(3)), additional protocol bytes (beyond the current +record) may have been read containing more TLS/SSL records. This also applies to +DTLS and pipelining (see SSL_CTX_set_split_send_fragment(3)). These +additional bytes will be buffered by OpenSSL but will remain unprocessed until +they are needed. As these bytes are still in an unprocessed state SSL_pending() +will ignore them. Therefore it is possible for no more bytes to be readable from +the underlying BIO (because OpenSSL has already read them) and for SSL_pending() +to return 0, even though readable application data bytes are available (because +the data is in unprocessed buffered records).

    +

    SSL_has_pending() returns 1 if s has buffered data (whether processed or +unprocessed) and 0 otherwise. Note that it is possible for SSL_has_pending() to +return 1, and then a subsequent call to SSL_read_ex() or SSL_read() to return no +data because the unprocessed buffered data when processed yielded no application +data (for example this can happen during renegotiation). It is also possible in +this scenario for SSL_has_pending() to continue to return 1 even after an +SSL_read_ex() or SSL_read() call because the buffered and unprocessed data is +not yet processable (e.g. because OpenSSL has only received a partial record so +far).

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_pending() returns the number of buffered and processed application data +bytes that are pending and are available for immediate read. SSL_has_pending() +returns 1 if there is buffered record data in the SSL object and 0 otherwise.

    +

    +

    +
    +

    SEE ALSO

    +

    SSL_read_ex(3), SSL_read(3), SSL_CTX_set_read_ahead(3), +SSL_CTX_set_split_send_fragment(3), ssl(7)

    +

    +

    +
    +

    HISTORY

    +

    The SSL_has_pending() function was added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_read.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_read.html new file mode 100755 index 0000000..6664936 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_read.html @@ -0,0 +1,183 @@ + + + + +SSL_read + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_read_ex, SSL_read, SSL_peek_ex, SSL_peek +- read bytes from a TLS/SSL connection

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_read_ex(SSL *ssl, void *buf, size_t num, size_t *readbytes);
+ int SSL_read(SSL *ssl, void *buf, int num);
    +
    + int SSL_peek_ex(SSL *ssl, void *buf, size_t num, size_t *readbytes);
+ int SSL_peek(SSL *ssl, void *buf, int num);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_read_ex() and SSL_read() try to read num bytes from the specified ssl +into the buffer buf. On success SSL_read_ex() will store the number of bytes +actually read in *readbytes.

    +

    SSL_peek_ex() and SSL_peek() are identical to SSL_read_ex() and SSL_read() +respectively except no bytes are actually removed from the underlying BIO during +the read, so that a subsequent call to SSL_read_ex() or SSL_read() will yield +at least the same bytes.

    +

    +

    +
    +

    NOTES

    +

    In the paragraphs below a "read function" is defined as one of SSL_read_ex(), +SSL_read(), SSL_peek_ex() or SSL_peek().

    +

    If necessary, a read function will negotiate a TLS/SSL session, if not already +explicitly performed by SSL_connect(3) or SSL_accept(3). If the +peer requests a re-negotiation, it will be performed transparently during +the read function operation. The behaviour of the read functions depends on the +underlying BIO.

    +

    For the transparent negotiation to succeed, the ssl must have been +initialized to client or server mode. This is being done by calling +SSL_set_connect_state(3) or SSL_set_accept_state() before the first +invocation of a read function.

    +

    The read functions work based on the SSL/TLS records. The data are received in +records (with a maximum record size of 16kB). Only when a record has been +completely received, can it be processed (decryption and check of integrity). +Therefore data that was not retrieved at the last read call can still be +buffered inside the SSL layer and will be retrieved on the next read +call. If num is higher than the number of bytes buffered then the read +functions will return with the bytes buffered. If no more bytes are in the +buffer, the read functions will trigger the processing of the next record. +Only when the record has been received and processed completely will the read +functions return reporting success. At most the contents of one record will +be returned. As the size of an SSL/TLS record may exceed the maximum packet size +of the underlying transport (e.g. TCP), it may be necessary to read several +packets from the transport layer before the record is complete and the read call +can succeed.

    +

    If SSL_MODE_AUTO_RETRY has been switched off and a non-application data +record has been processed, the read function can return and set the error to +SSL_ERROR_WANT_READ. +In this case there might still be unprocessed data available in the BIO. +If read ahead was set using SSL_CTX_set_read_ahead(3), there might also still +be unprocessed data available in the SSL. +This behaviour can be controlled using the SSL_CTX_set_mode(3) call.

    +

    If the underlying BIO is blocking, a read function will only return once the +read operation has been finished or an error occurred, except when a +non-application data record has been processed and SSL_MODE_AUTO_RETRY is +not set. +Note that if SSL_MODE_AUTO_RETRY is set and only non-application data is +available the call will hang.

    +

    If the underlying BIO is non-blocking, a read function will also return when +the underlying BIO could not satisfy the needs of the function to continue the +operation. +In this case a call to SSL_get_error(3) with the +return value of the read function will yield SSL_ERROR_WANT_READ or +SSL_ERROR_WANT_WRITE. +As at any time it's possible that non-application data needs to be sent, +a read function can also cause write operations. +The calling process then must repeat the call after taking appropriate action +to satisfy the needs of the read function. +The action depends on the underlying BIO. +When using a non-blocking socket, nothing is to be done, but select() can be +used to check for the required condition. +When using a buffering BIO, like a BIO pair, data must be written into or +retrieved out of the BIO before being able to continue.

    +

    SSL_pending(3) can be used to find out whether there +are buffered bytes available for immediate retrieval. +In this case the read function can be called without blocking or actually +receiving new data from the underlying socket.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_read_ex() and SSL_peek_ex() will return 1 for success or 0 for failure. +Success means that 1 or more application data bytes have been read from the SSL +connection. +Failure means that no bytes could be read from the SSL connection. +Failures can be retryable (e.g. we are waiting for more bytes to +be delivered by the network) or non-retryable (e.g. a fatal network error). +In the event of a failure call SSL_get_error(3) to find out the reason which +indicates whether the call is retryable or not.

    +

    For SSL_read() and SSL_peek() the following return values can occur:

    +
    +
    > 0
    + +
    +

    The read operation was successful. +The return value is the number of bytes actually read from the TLS/SSL +connection.

    +
    +
    <= 0
    + +
    +

    The read operation was not successful, because either the connection was closed, +an error occurred or action must be taken by the calling process. +Call SSL_get_error(3) with the return value ret to find out the reason.

    +

    Old documentation indicated a difference between 0 and -1, and that -1 was +retryable. +You should instead call SSL_get_error() to find out if it's retryable.

    +
    +
    +

    +

    +
    +

    SEE ALSO

    +

    SSL_get_error(3), SSL_write_ex(3), +SSL_CTX_set_mode(3), SSL_CTX_new(3), +SSL_connect(3), SSL_accept(3) +SSL_set_connect_state(3), +SSL_pending(3), +SSL_shutdown(3), SSL_set_shutdown(3), +ssl(7), bio(7)

    +

    +

    +
    +

    HISTORY

    +

    The SSL_read_ex() and SSL_peek_ex() functions were added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_read_early_data.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_read_early_data.html new file mode 100755 index 0000000..275c035 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_read_early_data.html @@ -0,0 +1,385 @@ + + + + +SSL_read_early_data + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_set_max_early_data, +SSL_CTX_set_max_early_data, +SSL_get_max_early_data, +SSL_CTX_get_max_early_data, +SSL_set_recv_max_early_data, +SSL_CTX_set_recv_max_early_data, +SSL_get_recv_max_early_data, +SSL_CTX_get_recv_max_early_data, +SSL_SESSION_get_max_early_data, +SSL_SESSION_set_max_early_data, +SSL_write_early_data, +SSL_read_early_data, +SSL_get_early_data_status, +SSL_allow_early_data_cb_fn, +SSL_CTX_set_allow_early_data_cb, +SSL_set_allow_early_data_cb +- functions for sending and receiving early data

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_CTX_set_max_early_data(SSL_CTX *ctx, uint32_t max_early_data);
+ uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx);
+ int SSL_set_max_early_data(SSL *s, uint32_t max_early_data);
+ uint32_t SSL_get_max_early_data(const SSL *s);
    +
    + int SSL_CTX_set_recv_max_early_data(SSL_CTX *ctx, uint32_t recv_max_early_data);
+ uint32_t SSL_CTX_get_recv_max_early_data(const SSL_CTX *ctx);
+ int SSL_set_recv_max_early_data(SSL *s, uint32_t recv_max_early_data);
+ uint32_t SSL_get_recv_max_early_data(const SSL *s);
    +
    + uint32_t SSL_SESSION_get_max_early_data(const SSL_SESSION *s);
+ int SSL_SESSION_set_max_early_data(SSL_SESSION *s, uint32_t max_early_data);
    +
    + int SSL_write_early_data(SSL *s, const void *buf, size_t num, size_t *written);
    +
    + int SSL_read_early_data(SSL *s, void *buf, size_t num, size_t *readbytes);
    +
    + int SSL_get_early_data_status(const SSL *s);
    +
    + typedef int (*SSL_allow_early_data_cb_fn)(SSL *s, void *arg);
    +
    + void SSL_CTX_set_allow_early_data_cb(SSL_CTX *ctx,
+                                      SSL_allow_early_data_cb_fn cb,
+                                      void *arg);
+ void SSL_set_allow_early_data_cb(SSL *s,
+                                  SSL_allow_early_data_cb_fn cb,
+                                  void *arg);
    +

    +

    +
    +

    DESCRIPTION

    +

    These functions are used to send and receive early data where TLSv1.3 has been +negotiated. Early data can be sent by the client immediately after its initial +ClientHello without having to wait for the server to complete the handshake. +Early data can only be sent if a session has previously been established with +the server, and the server is known to support it. Additionally these functions +can be used to send data from the server to the client when the client has not +yet completed the authentication stage of the handshake.

    +

    Early data has weaker security properties than other data sent over an SSL/TLS +connection. In particular the data does not have forward secrecy. There are also +additional considerations around replay attacks (see REPLAY PROTECTION +below). For these reasons extreme care should be exercised when using early +data. For specific details, consult the TLS 1.3 specification.

    +

    When a server receives early data it may opt to immediately respond by sending +application data back to the client. Data sent by the server at this stage is +done before the full handshake has been completed. Specifically the client's +authentication messages have not yet been received, i.e. the client is +unauthenticated at this point and care should be taken when using this +capability.

    +

    A server or client can determine whether the full handshake has been completed +or not by calling SSL_is_init_finished(3).

    +

    On the client side, the function SSL_SESSION_get_max_early_data() can be used to +determine if a session established with a server can be used to send early data. +If the session cannot be used then this function will return 0. Otherwise it +will return the maximum number of early data bytes that can be sent.

    +

    The function SSL_SESSION_set_max_early_data() sets the maximum number of early +data bytes that can be sent for a session. This would typically be used when +creating a PSK session file (see SSL_CTX_set_psk_use_session_callback(3)). If +using a ticket based PSK then this is set automatically to the value provided by +the server.

    +

    A client uses the function SSL_write_early_data() to send early data. This +function is similar to the SSL_write_ex(3) function, but with the following +differences. See SSL_write_ex(3) for information on how to write bytes to +the underlying connection, and how to handle any errors that may arise. This +page describes the differences between SSL_write_early_data() and +SSL_write_ex(3).

    +

    When called by a client, SSL_write_early_data() must be the first IO function +called on a new connection, i.e. it must occur before any calls to +SSL_write_ex(3), SSL_read_ex(3), SSL_connect(3), SSL_do_handshake(3) +or other similar functions. It may be called multiple times to stream data to +the server, but the total number of bytes written must not exceed the value +returned from SSL_SESSION_get_max_early_data(). Once the initial +SSL_write_early_data() call has completed successfully the client may interleave +calls to SSL_read_ex(3) and SSL_read(3) with calls to +SSL_write_early_data() as required.

    +

    If SSL_write_early_data() fails you should call SSL_get_error(3) to determine +the correct course of action, as for SSL_write_ex(3).

    +

    When the client no longer wishes to send any more early data then it should +complete the handshake by calling a function such as SSL_connect(3) or +SSL_do_handshake(3). Alternatively you can call a standard write function +such as SSL_write_ex(3), which will transparently complete the connection and +write the requested data.

    +

    A server may choose to ignore early data that has been sent to it. Once the +connection has been completed you can determine whether the server accepted or +rejected the early data by calling SSL_get_early_data_status(). This will return +SSL_EARLY_DATA_ACCEPTED if the data was accepted, SSL_EARLY_DATA_REJECTED if it +was rejected or SSL_EARLY_DATA_NOT_SENT if no early data was sent. This function +may be called by either the client or the server.

    +

    A server uses the SSL_read_early_data() function to receive early data on a +connection for which early data has been enabled using +SSL_CTX_set_max_early_data() or SSL_set_max_early_data(). As for +SSL_write_early_data(), this must be the first IO function +called on a connection, i.e. it must occur before any calls to +SSL_write_ex(3), SSL_read_ex(3), SSL_accept(3), SSL_do_handshake(3), +or other similar functions.

    +

    SSL_read_early_data() is similar to SSL_read_ex(3) with the following +differences. Refer to SSL_read_ex(3) for full details.

    +

    SSL_read_early_data() may return 3 possible values:

    +
    +
    SSL_READ_EARLY_DATA_ERROR
    + +
    +

    This indicates an IO or some other error occurred. This should be treated in the +same way as a 0 return value from SSL_read_ex(3).

    +
    +
    SSL_READ_EARLY_DATA_SUCCESS
    + +
    +

    This indicates that early data was successfully read. This should be treated in +the same way as a 1 return value from SSL_read_ex(3). You should continue to +call SSL_read_early_data() to read more data.

    +
    +
    SSL_READ_EARLY_DATA_FINISH
    + +
    +

    This indicates that no more early data can be read. It may be returned on the +first call to SSL_read_early_data() if the client has not sent any early data, +or if the early data was rejected.

    +
    +
    +

    Once the initial SSL_read_early_data() call has completed successfully (i.e. it +has returned SSL_READ_EARLY_DATA_SUCCESS or SSL_READ_EARLY_DATA_FINISH) then the +server may choose to write data immediately to the unauthenticated client using +SSL_write_early_data(). If SSL_read_early_data() returned +SSL_READ_EARLY_DATA_FINISH then in some situations (e.g. if the client only +supports TLSv1.2) the handshake may have already been completed and calls +to SSL_write_early_data() are not allowed. Call SSL_is_init_finished(3) to +determine whether the handshake has completed or not. If the handshake is still +in progress then the server may interleave calls to SSL_write_early_data() with +calls to SSL_read_early_data() as required.

    +

    Servers must not call SSL_read_ex(3), SSL_read(3), SSL_write_ex(3) or +SSL_write(3) until SSL_read_early_data() has returned with +SSL_READ_EARLY_DATA_FINISH. Once it has done so the connection to the client +still needs to be completed. Complete the connection by calling a function such +as SSL_accept(3) or SSL_do_handshake(3). Alternatively you can call a +standard read function such as SSL_read_ex(3), which will transparently +complete the connection and read the requested data. Note that it is an error to +attempt to complete the connection before SSL_read_early_data() has returned +SSL_READ_EARLY_DATA_FINISH.

    +

    Only servers may call SSL_read_early_data().

    +

    Calls to SSL_read_early_data() may, in certain circumstances, complete the +connection immediately without further need to call a function such as +SSL_accept(3). This can happen if the client is using a protocol version less +than TLSv1.3. Applications can test for this by calling +SSL_is_init_finished(3). Alternatively, applications may choose to call +SSL_accept(3) anyway. Such a call will successfully return immediately with no +further action taken.

    +

    When a session is created between a server and a client the server will specify +the maximum amount of any early data that it will accept on any future +connection attempt. By default the server does not accept early data; a +server may indicate support for early data by calling +SSL_CTX_set_max_early_data() or +SSL_set_max_early_data() to set it for the whole SSL_CTX or an individual SSL +object respectively. The max_early_data parameter specifies the maximum +amount of early data in bytes that is permitted to be sent on a single +connection. Similarly the SSL_CTX_get_max_early_data() and +SSL_get_max_early_data() functions can be used to obtain the current maximum +early data settings for the SSL_CTX and SSL objects respectively. Generally a +server application will either use both of SSL_read_early_data() and +SSL_CTX_set_max_early_data() (or SSL_set_max_early_data()), or neither of them, +since there is no practical benefit from using only one of them. If the maximum +early data setting for a server is nonzero then replay protection is +automatically enabled (see REPLAY PROTECTION below).

    +

    If the server rejects the early data sent by a client then it will skip over +the data that is sent. The maximum amount of received early data that is skipped +is controlled by the recv_max_early_data setting. If a client sends more than +this then the connection will abort. This value can be set by calling +SSL_CTX_set_recv_max_early_data() or SSL_set_recv_max_early_data(). The current +value for this setting can be obtained by calling +SSL_CTX_get_recv_max_early_data() or SSL_get_recv_max_early_data(). The default +value for this setting is 16,384 bytes.

    +

    The recv_max_early_data value also has an impact on early data that is accepted. +The amount of data that is accepted will always be the lower of the +max_early_data for the session and the recv_max_early_data setting for the +server. If a client sends more data than this then the connection will abort.

    +

    The configured value for max_early_data on a server may change over time as +required. However clients may have tickets containing the previously configured +max_early_data value. The recv_max_early_data should always be equal to or +higher than any recently configured max_early_data value in order to avoid +aborted connections. The recv_max_early_data should never be set to less than +the current configured max_early_data value.

    +

    Some server applications may wish to have more control over whether early data +is accepted or not, for example to mitigate replay risks (see REPLAY PROTECTION +below) or to decline early_data when the server is heavily loaded. The functions +SSL_CTX_set_allow_early_data_cb() and SSL_set_allow_early_data_cb() set a +callback which is called at a point in the handshake immediately before a +decision is made to accept or reject early data. The callback is provided with a +pointer to the user data argument that was provided when the callback was first +set. Returning 1 from the callback will allow early data and returning 0 will +reject it. Note that the OpenSSL library may reject early data for other reasons +in which case this callback will not get called. Notably, the built-in replay +protection feature will still be used even if a callback is present unless it +has been explicitly disabled using the SSL_OP_NO_ANTI_REPLAY option. See +REPLAY PROTECTION below.

    +

    +

    +
    +

    NOTES

    +

    The whole purpose of early data is to enable a client to start sending data to +the server before a full round trip of network traffic has occurred. Application +developers should ensure they consider optimisation of the underlying TCP socket +to obtain a performant solution. For example Nagle's algorithm is commonly used +by operating systems in an attempt to avoid lots of small TCP packets. In many +scenarios this is beneficial for performance, but it does not work well with the +early data solution as implemented in OpenSSL. In Nagle's algorithm the OS will +buffer outgoing TCP data if a TCP packet has already been sent which we have not +yet received an ACK for from the peer. The buffered data will only be +transmitted if enough data to fill an entire TCP packet is accumulated, or if +the ACK is received from the peer. The initial ClientHello will be sent in the +first TCP packet along with any data from the first call to +SSL_write_early_data(). If the amount of data written will exceed the size of a +single TCP packet, or if there are more calls to SSL_write_early_data() then +that additional data will be sent in subsequent TCP packets which will be +buffered by the OS and not sent until an ACK is received for the first packet +containing the ClientHello. This means the early data is not actually +sent until a complete round trip with the server has occurred which defeats the +objective of early data.

    +

    In many operating systems the TCP_NODELAY socket option is available to disable +Nagle's algorithm. If an application opts to disable Nagle's algorithm +consideration should be given to turning it back on again after the handshake is +complete if appropriate.

    +

    In rare circumstances, it may be possible for a client to have a session that +reports a max early data value greater than 0, but where the server does not +support this. For example, this can occur if a server has had its configuration +changed to accept a lower max early data value such as by calling +SSL_CTX_set_recv_max_early_data(). Another example is if a server used to +support TLSv1.3 but was later downgraded to TLSv1.2. Sending early data to such +a server will cause the connection to abort. Clients that encounter an aborted +connection while sending early data may want to retry the connection without +sending early data as this does not happen automatically. A client will have to +establish a new transport layer connection to the server and attempt the SSL/TLS +connection again but without sending early data. Note that it is inadvisable to +retry with a lower maximum protocol version.

    +

    +

    +
    +

    REPLAY PROTECTION

    +

    When early data is in use the TLS protocol provides no security guarantees that +the same early data was not replayed across multiple connections. As a +mitigation for this issue OpenSSL automatically enables replay protection if the +server is configured with a nonzero max early data value. With replay +protection enabled sessions are forced to be single use only. If a client +attempts to reuse a session ticket more than once, then the second and +subsequent attempts will fall back to a full handshake (and any early data that +was submitted will be ignored). Note that single use tickets are enforced even +if a client does not send any early data.

    +

    The replay protection mechanism relies on the internal OpenSSL server session +cache (see SSL_CTX_set_session_cache_mode(3)). When replay protection is +being used the server will operate as if the SSL_OP_NO_TICKET option had been +selected (see SSL_CTX_set_options(3)). Sessions will be added to the cache +whenever a session ticket is issued. When a client attempts to resume the +session, OpenSSL will check for its presence in the internal cache. If it exists +then the resumption is allowed and the session is removed from the cache. If it +does not exist then the resumption is not allowed and a full handshake will +occur.

    +

    Note that some applications may maintain an external cache of sessions (see +SSL_CTX_sess_set_new_cb(3) and similar functions). It is the application's +responsibility to ensure that any sessions in the external cache are also +populated in the internal cache and that once removed from the internal cache +they are similarly removed from the external cache. Failing to do this could +result in an application becoming vulnerable to replay attacks. Note that +OpenSSL will lock the internal cache while a session is removed but that lock is +not held when the remove session callback (see SSL_CTX_sess_set_remove_cb(3)) +is called. This could result in a small amount of time where the session has +been removed from the internal cache but is still available in the external +cache. Applications should be designed with this in mind in order to minimise +the possibility of replay attacks.

    +

    The OpenSSL replay protection does not apply to external Pre Shared Keys (PSKs) +(e.g. see SSL_CTX_set_psk_find_session_callback(3)). Therefore extreme caution +should be applied when combining external PSKs with early data.

    +

    Some applications may mitigate the replay risks in other ways. For those +applications it is possible to turn off the built-in replay protection feature +using the SSL_OP_NO_ANTI_REPLAY option. See SSL_CTX_set_options(3) for +details. Applications can also set a callback to make decisions about accepting +early data or not. See SSL_CTX_set_allow_early_data_cb() above for details.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_write_early_data() returns 1 for success or 0 for failure. In the event of a +failure call SSL_get_error(3) to determine the correct course of action.

    +

    SSL_read_early_data() returns SSL_READ_EARLY_DATA_ERROR for failure, +SSL_READ_EARLY_DATA_SUCCESS for success with more data to read and +SSL_READ_EARLY_DATA_FINISH for success with no more to data be read. In the +event of a failure call SSL_get_error(3) to determine the correct course of +action.

    +

    SSL_get_max_early_data(), SSL_CTX_get_max_early_data() and +SSL_SESSION_get_max_early_data() return the maximum number of early data bytes +that may be sent.

    +

    SSL_set_max_early_data(), SSL_CTX_set_max_early_data() and +SSL_SESSION_set_max_early_data() return 1 for success or 0 for failure.

    +

    SSL_get_early_data_status() returns SSL_EARLY_DATA_ACCEPTED if early data was +accepted by the server, SSL_EARLY_DATA_REJECTED if early data was rejected by +the server, or SSL_EARLY_DATA_NOT_SENT if no early data was sent.

    +

    +

    +
    +

    SEE ALSO

    +

    SSL_get_error(3), +SSL_write_ex(3), +SSL_read_ex(3), +SSL_connect(3), +SSL_accept(3), +SSL_do_handshake(3), +SSL_CTX_set_psk_use_session_callback(3), +ssl(7)

    +

    +

    +
    +

    HISTORY

    +

    All of the functions described above were added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_rstate_string.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_rstate_string.html new file mode 100755 index 0000000..6636bef --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_rstate_string.html @@ -0,0 +1,107 @@ + + + + +SSL_rstate_string + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_rstate_string, SSL_rstate_string_long - get textual description of state of an SSL object during read operation

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + const char *SSL_rstate_string(SSL *ssl);
+ const char *SSL_rstate_string_long(SSL *ssl);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_rstate_string() returns a 2 letter string indicating the current read state +of the SSL object ssl.

    +

    SSL_rstate_string_long() returns a string indicating the current read state of +the SSL object ssl.

    +

    +

    +
    +

    NOTES

    +

    When performing a read operation, the SSL/TLS engine must parse the record, +consisting of header and body. When working in a blocking environment, +SSL_rstate_string[_long]() should always return "RD"/"read done".

    +

    This function should only seldom be needed in applications.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_rstate_string() and SSL_rstate_string_long() can return the following +values:

    +
    +
    "RH"/"read header"
    + +
    +

    The header of the record is being evaluated.

    +
    +
    "RB"/"read body"
    + +
    +

    The body of the record is being evaluated.

    +
    +
    "RD"/"read done"
    + +
    +

    The record has been completely processed.

    +
    +
    "unknown"/"unknown"
    + +
    +

    The read state is unknown. This should never happen.

    +
    +
    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_session_reused.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_session_reused.html new file mode 100755 index 0000000..b8dcc3d --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_session_reused.html @@ -0,0 +1,89 @@ + + + + +SSL_session_reused + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_session_reused - query whether a reused session was negotiated during handshake

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_session_reused(const SSL *ssl);
    +

    +

    +
    +

    DESCRIPTION

    +

    Query, whether a reused session was negotiated during the handshake.

    +

    +

    +
    +

    NOTES

    +

    During the negotiation, a client can propose to reuse a session. The server +then looks up the session in its cache. If both client and server agree +on the session, it will be reused and a flag is being set that can be +queried by the application.

    +

    +

    +
    +

    RETURN VALUES

    +

    The following return values can occur:

    +
      +
    1. +

      A new session was negotiated.

      +
      2. +
    2. +

      A session was reused.

      +
      3. +
    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_set_session(3), +SSL_CTX_set_session_cache_mode(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_set1_host.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_set1_host.html new file mode 100755 index 0000000..d88f51c --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_set1_host.html @@ -0,0 +1,154 @@ + + + + +SSL_set1_host + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_set1_host, SSL_add1_host, SSL_set_hostflags, SSL_get0_peername - +SSL server verification parameters

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_set1_host(SSL *s, const char *hostname);
+ int SSL_add1_host(SSL *s, const char *hostname);
+ void SSL_set_hostflags(SSL *s, unsigned int flags);
+ const char *SSL_get0_peername(SSL *s);
    +

    +

    +
    +

    DESCRIPTION

    +

    These functions configure server hostname checks in the SSL client.

    +

    SSL_set1_host() sets the expected DNS hostname to name clearing +any previously specified hostname. If name is NULL +or the empty string, the list of hostnames is cleared and name +checks are not performed on the peer certificate. When a non-empty +name is specified, certificate verification automatically checks +the peer hostname via X509_check_host(3) with flags as specified +via SSL_set_hostflags(). Clients that enable DANE TLSA authentication +via SSL_dane_enable(3) should leave it to that function to set +the primary reference identifier of the peer, and should not call +SSL_set1_host().

    +

    SSL_add1_host() adds name as an additional reference identifier +that can match the peer's certificate. Any previous names set via +SSL_set1_host() or SSL_add1_host() are retained, no change is made +if name is NULL or empty. When multiple names are configured, +the peer is considered verified when any name matches. This function +is required for DANE TLSA in the presence of service name indirection +via CNAME, MX or SRV records as specified in RFC7671, RFC7672 or +RFC7673.

    +

    SSL_set_hostflags() sets the flags that will be passed to +X509_check_host(3) when name checks are applicable, by default +the flags value is 0. See X509_check_host(3) for the list +of available flags and their meaning.

    +

    SSL_get0_peername() returns the DNS hostname or subject CommonName +from the peer certificate that matched one of the reference +identifiers. When wildcard matching is not disabled, the name +matched in the peer certificate may be a wildcard name. When one +of the reference identifiers configured via SSL_set1_host() or +SSL_add1_host() starts with ".", which indicates a parent domain prefix +rather than a fixed name, the matched peer name may be a sub-domain +of the reference identifier. The returned string is allocated by +the library and is no longer valid once the associated ssl handle +is cleared or freed, or a renegotiation takes place. Applications +must not free the return value.

    +

    SSL clients are advised to use these functions in preference to +explicitly calling X509_check_host(3). Hostname checks may be out +of scope with the RFC7671 DANE-EE(3) certificate usage, and the +internal check will be suppressed as appropriate when DANE is +enabled.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_set1_host() and SSL_add1_host() return 1 for success and 0 for +failure.

    +

    SSL_get0_peername() returns NULL if peername verification is not +applicable (as with RFC7671 DANE-EE(3)), or no trusted peername was +matched. Otherwise, it returns the matched peername. To determine +whether verification succeeded call SSL_get_verify_result(3).

    +

    +

    +
    +

    EXAMPLES

    +

    Suppose "smtp.example.com" is the MX host of the domain "example.com". +The calls below will arrange to match either the MX hostname or the +destination domain name in the SMTP server certificate. Wildcards +are supported, but must match the entire label. The actual name +matched in the certificate (which might be a wildcard) is retrieved, +and must be copied by the application if it is to be retained beyond +the lifetime of the SSL connection.

    +
    + SSL_set_hostflags(ssl, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
+ if (!SSL_set1_host(ssl, "smtp.example.com"))
+     /* error */
+ if (!SSL_add1_host(ssl, "example.com"))
+     /* error */
    +
    + /* XXX: Perform SSL_connect() handshake and handle errors here */
    +
    + if (SSL_get_verify_result(ssl) == X509_V_OK) {
+     const char *peername = SSL_get0_peername(ssl);
    +
    +     if (peername != NULL)
+         /* Name checks were in scope and matched the peername */
+ }
    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), +X509_check_host(3), +SSL_get_verify_result(3). +SSL_dane_enable(3).

    +

    +

    +
    +

    HISTORY

    +

    These functions were added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_set_async_callback.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_set_async_callback.html new file mode 100755 index 0000000..646e9fa --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_set_async_callback.html @@ -0,0 +1,152 @@ + + + + +SSL_set_async_callback + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_CTX_set_async_callback, +SSL_CTX_set_async_callback_arg, +SSL_set_async_callback, +SSL_set_async_callback_arg, +SSL_get_async_status, +SSL_async_callback_fn +- manage asynchronous operations

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
+ int SSL_CTX_set_async_callback(SSL_CTX *ctx, SSL_async_callback_fn callback);
+ int SSL_CTX_set_async_callback_arg(SSL_CTX *ctx, void *arg);
+ int SSL_set_async_callback(SSL *s, SSL_async_callback_fn callback);
+ int SSL_set_async_callback_arg(SSL *s, void *arg);
+ int SSL_get_async_status(SSL *s, int *status);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_CTX_set_async_callback() sets an asynchronous callback function. All SSL +objects generated based on this SSL_CTX will get this callback. If an engine +supports the callback mechanism, it will be automatically called if +SSL_MODE_ASYNC has been set and an asynchronous capable engine completes a +cryptography operation to notify the application to resume the paused work flow.

    +

    SSL_CTX_set_async_callback_arg() sets the callback argument.

    +

    SSL_set_async_callback() allows an application to set a callback in an +asynchronous SSL object, so that when an engine completes a cryptography +operation, the callback will be called to notify the application to resume the +paused work flow.

    +

    SSL_set_async_callback_arg() sets an argument for the SSL object when the +above callback is called.

    +

    SSL_get_async_status() returns the engine status. This function facilitates the +communication from the engine to the application. During an SSL session, +cryptographic operations are dispatched to an engine. The engine status is very +useful for an application to know if the operation has been successfully +dispatched. If the engine does not support this additional callback method, +ASYNC_STATUS_UNSUPPORTED will be returned. See ASYNC_WAIT_CTX_set_status() +for a description of all of the status values.

    +

    An example of the above functions would be the following:

    +
      +
    1. +

      Application sets the async callback and callback data on an SSL connection +by calling SSL_set_async_callback().

      +
      2. +
    2. +

      Application sets SSL_MODE_ASYNC and makes an asynchronous SSL call

      +
      3. +
    3. +

      OpenSSL submits the asynchronous request to the engine. If a retry occurs at +this point then the status within the ASYNC_WAIT_CTX would be set and the +async callback function would be called (goto Step 7).

      +
      4. +
    4. +

      The OpenSSL engine pauses the current job and returns, so that the +application can continue processing other connections.

      +
      5. +
    5. +

      At a future point in time (probably via a polling mechanism or via an +interrupt) the engine will become aware that the asynchronous request has +finished processing.

      +
      6. +
    6. +

      The engine will call the application's callback passing the callback data as +a parameter.

      +
      7. +
    7. +

      The callback function should then run. Note: it is a requirement that the +callback function is small and non-blocking as it will be run in the context of +a polling mechanism or an interrupt.

      +
      8. +
    8. +

      It is the application's responsibility via the callback function to schedule +recalling the OpenSSL asynchronous function and to continue processing.

      +
      9. +
    9. +

      The callback function has the option to check the status returned via +SSL_get_async_status() to determine whether a retry happened instead of the +request being submitted, allowing different processing if required.

      +
      10. +
    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_CTX_set_async_callback(), SSL_set_async_callback(), +SSL_CTX_set_async_callback_arg(), SSL_CTX_set_async_callback_arg() and +SSL_get_async_status() return 1 on success or 0 on error.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7)

    +

    +

    +
    +

    HISTORY

    +

    SSL_CTX_set_async_callback(), SSL_CTX_set_async_callback_arg(), +SSL_set_async_callback(), SSL_set_async_callback_arg() and +SSL_get_async_status() were first added to OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_set_bio.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_set_bio.html new file mode 100755 index 0000000..c9470f3 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_set_bio.html @@ -0,0 +1,141 @@ + + + + +SSL_set_bio + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_set_bio, SSL_set0_rbio, SSL_set0_wbio - connect the SSL object with a BIO

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio);
+ void SSL_set0_rbio(SSL *s, BIO *rbio);
+ void SSL_set0_wbio(SSL *s, BIO *wbio);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_set0_rbio() connects the BIO rbio for the read operations of the ssl +object. The SSL engine inherits the behaviour of rbio. If the BIO is +non-blocking then the ssl object will also have non-blocking behaviour. This +function transfers ownership of rbio to ssl. It will be automatically +freed using BIO_free_all(3) when the ssl is freed. On calling this +function, any existing rbio that was previously set will also be freed via a +call to BIO_free_all(3) (this includes the case where the rbio is set to +the same value as previously).

    +

    SSL_set0_wbio() works in the same as SSL_set0_rbio() except that it connects +the BIO wbio for the write operations of the ssl object. Note that if the +rbio and wbio are the same then SSL_set0_rbio() and SSL_set0_wbio() each take +ownership of one reference. Therefore it may be necessary to increment the +number of references available using BIO_up_ref(3) before calling the set0 +functions.

    +

    SSL_set_bio() is similar to SSL_set0_rbio() and SSL_set0_wbio() except +that it connects both the rbio and the wbio at the same time, and +transfers the ownership of rbio and wbio to ssl according to +the following set of rules:

    +
      +
    • +

      If neither the rbio or wbio have changed from their previous values +then nothing is done.

      +
      • +
    • +

      If the rbio and wbio parameters are different and both are different +to their +previously set values then one reference is consumed for the rbio and one +reference is consumed for the wbio.

      +
      • +
    • +

      If the rbio and wbio parameters are the same and the rbio is not +the same as the previously set value then one reference is consumed.

      +
      • +
    • +

      If the rbio and wbio parameters are the same and the rbio is the +same as the previously set value, then no additional references are consumed.

      +
      • +
    • +

      If the rbio and wbio parameters are different and the rbio is the +same as the +previously set value then one reference is consumed for the wbio and no +references are consumed for the rbio.

      +
      • +
    • +

      If the rbio and wbio parameters are different and the wbio is the +same as the previously set value and the old rbio and wbio values +were the same as each other then one reference is consumed for the rbio +and no references are consumed for the wbio.

      +
      • +
    • +

      If the rbio and wbio parameters are different and the wbio +is the same as the +previously set value and the old rbio and wbio values were different +to each +other then one reference is consumed for the rbio and one reference +is consumed +for the wbio.

      +
      • +
    +

    Because of this complexity, this function should be avoided; +use SSL_set0_rbio() and SSL_set0_wbio() instead.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_set_bio(), SSL_set0_rbio() and SSL_set0_wbio() cannot fail.

    +

    +

    +
    +

    SEE ALSO

    +

    SSL_get_rbio(3), +SSL_connect(3), SSL_accept(3), +SSL_shutdown(3), ssl(7), bio(7)

    +

    +

    +
    +

    HISTORY

    +

    SSL_set0_rbio() and SSL_set0_wbio() were added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_set_connect_state.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_set_connect_state.html new file mode 100755 index 0000000..a5972ef --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_set_connect_state.html @@ -0,0 +1,110 @@ + + + + +SSL_set_connect_state + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_set_connect_state, SSL_set_accept_state, SSL_is_server +- functions for manipulating and examining the client or server mode of an SSL object

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + void SSL_set_connect_state(SSL *ssl);
    +
    + void SSL_set_accept_state(SSL *ssl);
    +
    + int SSL_is_server(const SSL *ssl);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_set_connect_state() sets ssl to work in client mode.

    +

    SSL_set_accept_state() sets ssl to work in server mode.

    +

    SSL_is_server() checks if ssl is working in server mode.

    +

    +

    +
    +

    NOTES

    +

    When the SSL_CTX object was created with SSL_CTX_new(3), +it was either assigned a dedicated client method, a dedicated server +method, or a generic method, that can be used for both client and +server connections. (The method might have been changed with +SSL_CTX_set_ssl_version(3) or +SSL_set_ssl_method(3).)

    +

    When beginning a new handshake, the SSL engine must know whether it must +call the connect (client) or accept (server) routines. Even though it may +be clear from the method chosen, whether client or server mode was +requested, the handshake routines must be explicitly set.

    +

    When using the SSL_connect(3) or +SSL_accept(3) routines, the correct handshake +routines are automatically set. When performing a transparent negotiation +using SSL_write_ex(3), SSL_write(3), SSL_read_ex(3), or SSL_read(3), +the handshake routines must be explicitly set in advance using either +SSL_set_connect_state() or SSL_set_accept_state().

    +

    If SSL_is_server() is called before SSL_set_connect_state() or +SSL_set_accept_state() is called (either automatically or explicitly), +the result depends on what method was used when SSL_CTX was created with +SSL_CTX_new(3). If a generic method or a dedicated server method was +passed to SSL_CTX_new(3), SSL_is_server() returns 1; otherwise, it returns 0.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_set_connect_state() and SSL_set_accept_state() do not return diagnostic +information.

    +

    SSL_is_server() returns 1 if ssl is working in server mode or 0 for client mode.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_new(3), SSL_CTX_new(3), +SSL_connect(3), SSL_accept(3), +SSL_write_ex(3), SSL_write(3), SSL_read_ex(3), SSL_read(3), +SSL_do_handshake(3), +SSL_CTX_set_ssl_version(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_set_fd.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_set_fd.html new file mode 100755 index 0000000..1539bdf --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_set_fd.html @@ -0,0 +1,93 @@ + + + + +SSL_set_fd + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_set_fd, SSL_set_rfd, SSL_set_wfd - connect the SSL object with a file descriptor

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_set_fd(SSL *ssl, int fd);
+ int SSL_set_rfd(SSL *ssl, int fd);
+ int SSL_set_wfd(SSL *ssl, int fd);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_set_fd() sets the file descriptor fd as the input/output facility +for the TLS/SSL (encrypted) side of ssl. fd will typically be the +socket file descriptor of a network connection.

    +

    When performing the operation, a socket BIO is automatically created to +interface between the ssl and fd. The BIO and hence the SSL engine +inherit the behaviour of fd. If fd is non-blocking, the ssl will +also have non-blocking behaviour.

    +

    If there was already a BIO connected to ssl, BIO_free() will be called +(for both the reading and writing side, if different).

    +

    SSL_set_rfd() and SSL_set_wfd() perform the respective action, but only +for the read channel or the write channel, which can be set independently.

    +

    +

    +
    +

    RETURN VALUES

    +

    The following return values can occur:

    +
      +
    1. +

      The operation failed. Check the error stack to find out why.

      +
      2. +
    2. +

      The operation succeeded.

      +
      3. +
    +

    +

    +
    +

    SEE ALSO

    +

    SSL_get_fd(3), SSL_set_bio(3), +SSL_connect(3), SSL_accept(3), +SSL_shutdown(3), ssl(7) , bio(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_set_session.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_set_session.html new file mode 100755 index 0000000..f9dd684 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_set_session.html @@ -0,0 +1,104 @@ + + + + +SSL_set_session + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_set_session - set a TLS/SSL session to be used during TLS/SSL connect

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_set_session(SSL *ssl, SSL_SESSION *session);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_set_session() sets session to be used when the TLS/SSL connection +is to be established. SSL_set_session() is only useful for TLS/SSL clients. +When the session is set, the reference count of session is incremented +by 1. If the session is not reused, the reference count is decremented +again during SSL_connect(). Whether the session was reused can be queried +with the SSL_session_reused(3) call.

    +

    If there is already a session set inside ssl (because it was set with +SSL_set_session() before or because the same ssl was already used for +a connection), SSL_SESSION_free() will be called for that session. If that old +session is still open, it is considered bad and will be removed from the +session cache (if used). A session is considered open, if SSL_shutdown(3) was +not called for the connection (or at least SSL_set_shutdown(3) was used to +set the SSL_SENT_SHUTDOWN state).

    +

    +

    +
    +

    NOTES

    +

    SSL_SESSION objects keep internal link information about the session cache +list, when being inserted into one SSL_CTX object's session cache. +One SSL_SESSION object, regardless of its reference count, must therefore +only be used with one SSL_CTX object (and the SSL objects created +from this SSL_CTX object).

    +

    +

    +
    +

    RETURN VALUES

    +

    The following return values can occur:

    +
      +
    1. +

      The operation failed; check the error stack to find out the reason.

      +
      2. +
    2. +

      The operation succeeded.

      +
      3. +
    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_SESSION_free(3), +SSL_get_session(3), +SSL_session_reused(3), +SSL_CTX_set_session_cache_mode(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_set_shutdown.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_set_shutdown.html new file mode 100755 index 0000000..c086a13 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_set_shutdown.html @@ -0,0 +1,114 @@ + + + + +SSL_set_shutdown + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_set_shutdown, SSL_get_shutdown - manipulate shutdown state of an SSL connection

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + void SSL_set_shutdown(SSL *ssl, int mode);
    +
    + int SSL_get_shutdown(const SSL *ssl);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_set_shutdown() sets the shutdown state of ssl to mode.

    +

    SSL_get_shutdown() returns the shutdown mode of ssl.

    +

    +

    +
    +

    NOTES

    +

    The shutdown state of an ssl connection is a bit-mask of:

    +
      +
    1. +

      No shutdown setting, yet.

      + +
      SSL_SENT_SHUTDOWN
      + +
      +

      A close_notify shutdown alert was sent to the peer, the connection is being +considered closed and the session is closed and correct.

      +
      +
      SSL_RECEIVED_SHUTDOWN
      + +
      +

      A shutdown alert was received form the peer, either a normal close_notify +or a fatal error.

      +
      2. +
    +

    SSL_SENT_SHUTDOWN and SSL_RECEIVED_SHUTDOWN can be set at the same time.

    +

    The shutdown state of the connection is used to determine the state of +the ssl session. If the session is still open, when +SSL_clear(3) or SSL_free(3) is called, +it is considered bad and removed according to RFC2246. +The actual condition for a correctly closed session is SSL_SENT_SHUTDOWN +(according to the TLS RFC, it is acceptable to only send the close_notify +alert but to not wait for the peer's answer, when the underlying connection +is closed). +SSL_set_shutdown() can be used to set this state without sending a +close alert to the peer (see SSL_shutdown(3)).

    +

    If a close_notify was received, SSL_RECEIVED_SHUTDOWN will be set, +for setting SSL_SENT_SHUTDOWN the application must however still call +SSL_shutdown(3) or SSL_set_shutdown() itself.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_set_shutdown() does not return diagnostic information.

    +

    SSL_get_shutdown() returns the current setting.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_shutdown(3), +SSL_CTX_set_quiet_shutdown(3), +SSL_clear(3), SSL_free(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_set_verify_result.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_set_verify_result.html new file mode 100755 index 0000000..5af773b --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_set_verify_result.html @@ -0,0 +1,85 @@ + + + + +SSL_set_verify_result + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_set_verify_result - override result of peer certificate verification

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + void SSL_set_verify_result(SSL *ssl, long verify_result);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_set_verify_result() sets verify_result of the object ssl to be the +result of the verification of the X509 certificate presented by the peer, +if any.

    +

    +

    +
    +

    NOTES

    +

    SSL_set_verify_result() overrides the verification result. It only changes +the verification result of the ssl object. It does not become part of the +established session, so if the session is to be reused later, the original +value will reappear.

    +

    The valid codes for verify_result are documented in openssl-verify(1).

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_set_verify_result() does not provide a return value.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_get_verify_result(3), +SSL_get_peer_certificate(3), +openssl-verify(1)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_shutdown.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_shutdown.html new file mode 100755 index 0000000..a5329ae --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_shutdown.html @@ -0,0 +1,187 @@ + + + + +SSL_shutdown + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_shutdown - shut down a TLS/SSL connection

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_shutdown(SSL *ssl);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_shutdown() shuts down an active TLS/SSL connection. It sends the +close_notify shutdown alert to the peer.

    +

    SSL_shutdown() tries to send the close_notify shutdown alert to the peer. +Whether the operation succeeds or not, the SSL_SENT_SHUTDOWN flag is set and +a currently open session is considered closed and good and will be kept in the +session cache for further reuse.

    +

    Note that SSL_shutdown() must not be called if a previous fatal error has +occurred on a connection i.e. if SSL_get_error() has returned SSL_ERROR_SYSCALL +or SSL_ERROR_SSL.

    +

    The shutdown procedure consists of two steps: sending of the close_notify +shutdown alert, and reception of the peer's close_notify shutdown alert. +The order of those two steps depends on the application.

    +

    It is acceptable for an application to only send its shutdown alert and +then close the underlying connection without waiting for the peer's response. +This way resources can be saved, as the process can already terminate or +serve another connection. +This should only be done when it is known that the other side will not send more +data, otherwise there is a risk of a truncation attack.

    +

    When a client only writes and never reads from the connection, and the server +has sent a session ticket to establish a session, the client might not be able +to resume the session because it did not received and process the session ticket +from the server. +In case the application wants to be able to resume the session, it is recommended to +do a complete shutdown procedure (bidirectional close_notify alerts).

    +

    When the underlying connection shall be used for more communications, the +complete shutdown procedure must be performed, so that the peers stay +synchronized.

    +

    SSL_shutdown() only closes the write direction. +It is not possible to call SSL_write() after calling SSL_shutdown(). +The read direction is closed by the peer.

    +

    The behaviour of SSL_shutdown() additionally depends on the underlying BIO. +If the underlying BIO is blocking, SSL_shutdown() will only return once the +handshake step has been finished or an error occurred.

    +

    If the underlying BIO is non-blocking, SSL_shutdown() will also return +when the underlying BIO could not satisfy the needs of SSL_shutdown() +to continue the handshake. In this case a call to SSL_get_error() with the +return value of SSL_shutdown() will yield SSL_ERROR_WANT_READ or +SSL_ERROR_WANT_WRITE. The calling process then must repeat the call after +taking appropriate action to satisfy the needs of SSL_shutdown(). +The action depends on the underlying BIO. When using a non-blocking socket, +nothing is to be done, but select() can be used to check for the required +condition. When using a buffering BIO, like a BIO pair, data must be written +into or retrieved out of the BIO before being able to continue.

    +

    After SSL_shutdown() returned 0, it is possible to call SSL_shutdown() again +to wait for the peer's close_notify alert. +SSL_shutdown() will return 1 in that case. +However, it is recommended to wait for it using SSL_read() instead.

    +

    SSL_shutdown() can be modified to only set the connection to "shutdown" +state but not actually send the close_notify alert messages, +see SSL_CTX_set_quiet_shutdown(3). +When "quiet shutdown" is enabled, SSL_shutdown() will always succeed +and return 1.

    +

    +

    +

    First to close the connection

    +

    When the application is the first party to send the close_notify +alert, SSL_shutdown() will only send the alert and then set the +SSL_SENT_SHUTDOWN flag (so that the session is considered good and will +be kept in the cache). +If successful, SSL_shutdown() will return 0.

    +

    If a unidirectional shutdown is enough (the underlying connection shall be +closed anyway), this first successful call to SSL_shutdown() is sufficient.

    +

    In order to complete the bidirectional shutdown handshake, the peer needs +to send back a close_notify alert. +The SSL_RECEIVED_SHUTDOWN flag will be set after receiving and processing +it.

    +

    The peer is still allowed to send data after receiving the close_notify +event. +When it is done sending data, it will send the close_notify alert. +SSL_read() should be called until all data is received. +SSL_read() will indicate the end of the peer data by returning <= 0 +and SSL_get_error() returning SSL_ERROR_ZERO_RETURN.

    +

    +

    +

    Peer closes the connection

    +

    If the peer already sent the close_notify alert and it was +already processed implicitly inside another function +(SSL_read(3)), the SSL_RECEIVED_SHUTDOWN flag is set. +SSL_read() will return <= 0 in that case, and SSL_get_error() will return +SSL_ERROR_ZERO_RETURN. +SSL_shutdown() will send the close_notify alert, set the SSL_SENT_SHUTDOWN +flag. +If successful, SSL_shutdown() will return 1.

    +

    Whether SSL_RECEIVED_SHUTDOWN is already set can be checked using the +SSL_get_shutdown() (see also SSL_set_shutdown(3) call.

    +

    +

    +
    +

    RETURN VALUES

    +

    The following return values can occur:

    +
      +
    1. +

      The shutdown is not yet finished: the close_notify was sent but the peer +did not send it back yet. +Call SSL_read() to do a bidirectional shutdown. +The output of SSL_get_error(3) may be misleading, as an +erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred.

      +
      2. +
    2. +

      The shutdown was successfully completed. The close_notify alert was sent +and the peer's close_notify alert was received.

      + +
      <0
      + +
      +

      The shutdown was not successful. +Call SSL_get_error(3) with the return value ret to find out the reason. +It can occur if an action is needed to continue the operation for non-blocking +BIOs.

      +

      It can also occur when not all data was read using SSL_read().

      +
      3. +
    +

    +

    +
    +

    SEE ALSO

    +

    SSL_get_error(3), SSL_connect(3), +SSL_accept(3), SSL_set_shutdown(3), +SSL_CTX_set_quiet_shutdown(3), +SSL_clear(3), SSL_free(3), +ssl(7), bio(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_state_string.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_state_string.html new file mode 100755 index 0000000..565e254 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_state_string.html @@ -0,0 +1,90 @@ + + + + +SSL_state_string + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_state_string, SSL_state_string_long - get textual description of state of an SSL object

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + const char *SSL_state_string(const SSL *ssl);
+ const char *SSL_state_string_long(const SSL *ssl);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_state_string() returns a 6 letter string indicating the current state +of the SSL object ssl.

    +

    SSL_state_string_long() returns a string indicating the current state of +the SSL object ssl.

    +

    +

    +
    +

    NOTES

    +

    During its use, an SSL objects passes several states. The state is internally +maintained. Querying the state information is not very informative before +or when a connection has been established. It however can be of significant +interest during the handshake.

    +

    When using non-blocking sockets, the function call performing the handshake +may return with SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE condition, +so that SSL_state_string[_long]() may be called.

    +

    For both blocking or non-blocking sockets, the details state information +can be used within the info_callback function set with the +SSL_set_info_callback() call.

    +

    +

    +
    +

    RETURN VALUES

    +

    Detailed description of possible states to be included later.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_CTX_set_info_callback(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_want.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_want.html new file mode 100755 index 0000000..7739d8c --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_want.html @@ -0,0 +1,159 @@ + + + + +SSL_want + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_want, SSL_want_nothing, SSL_want_read, SSL_want_write, SSL_want_x509_lookup, +SSL_want_async, SSL_want_async_job, SSL_want_client_hello_cb - obtain state +information TLS/SSL I/O operation

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + int SSL_want(const SSL *ssl);
+ int SSL_want_nothing(const SSL *ssl);
+ int SSL_want_read(const SSL *ssl);
+ int SSL_want_write(const SSL *ssl);
+ int SSL_want_x509_lookup(const SSL *ssl);
+ int SSL_want_async(const SSL *ssl);
+ int SSL_want_async_job(const SSL *ssl);
+ int SSL_want_client_hello_cb(const SSL *ssl);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_want() returns state information for the SSL object ssl.

    +

    The other SSL_want_*() calls are shortcuts for the possible states returned +by SSL_want().

    +

    +

    +
    +

    NOTES

    +

    SSL_want() examines the internal state information of the SSL object. Its +return values are similar to that of SSL_get_error(3). +Unlike SSL_get_error(3), which also evaluates the +error queue, the results are obtained by examining an internal state flag +only. The information must therefore only be used for normal operation under +non-blocking I/O. Error conditions are not handled and must be treated +using SSL_get_error(3).

    +

    The result returned by SSL_want() should always be consistent with +the result of SSL_get_error(3).

    +

    +

    +
    +

    RETURN VALUES

    +

    The following return values can currently occur for SSL_want():

    +
    +
    SSL_NOTHING
    + +
    +

    There is no data to be written or to be read.

    +
    +
    SSL_WRITING
    + +
    +

    There are data in the SSL buffer that must be written to the underlying +BIO layer in order to complete the actual SSL_*() operation. +A call to SSL_get_error(3) should return +SSL_ERROR_WANT_WRITE.

    +
    +
    SSL_READING
    + +
    +

    More data must be read from the underlying BIO layer in order to +complete the actual SSL_*() operation. +A call to SSL_get_error(3) should return +SSL_ERROR_WANT_READ.

    +
    +
    SSL_X509_LOOKUP
    + +
    +

    The operation did not complete because an application callback set by +SSL_CTX_set_client_cert_cb() has asked to be called again. +A call to SSL_get_error(3) should return +SSL_ERROR_WANT_X509_LOOKUP.

    +
    +
    SSL_ASYNC_PAUSED
    + +
    +

    An asynchronous operation partially completed and was then paused. See +SSL_get_all_async_fds(3). A call to SSL_get_error(3) should return +SSL_ERROR_WANT_ASYNC.

    +
    +
    SSL_ASYNC_NO_JOBS
    + +
    +

    The asynchronous job could not be started because there were no async jobs +available in the pool (see ASYNC_init_thread(3)). A call to SSL_get_error(3) +should return SSL_ERROR_WANT_ASYNC_JOB.

    +
    +
    SSL_CLIENT_HELLO_CB
    + +
    +

    The operation did not complete because an application callback set by +SSL_CTX_set_client_hello_cb() has asked to be called again. +A call to SSL_get_error(3) should return +SSL_ERROR_WANT_CLIENT_HELLO_CB.

    +
    +
    +

    SSL_want_nothing(), SSL_want_read(), SSL_want_write(), SSL_want_x509_lookup(), +SSL_want_async(), SSL_want_async_job(), and SSL_want_client_hello_cb() return +1, when the corresponding condition is true or 0 otherwise.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_get_error(3)

    +

    +

    +
    +

    HISTORY

    +

    The SSL_want_client_hello_cb() function and the SSL_CLIENT_HELLO_CB return value +were added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_write.html b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_write.html new file mode 100755 index 0000000..c12b4a8 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/SSL_write.html @@ -0,0 +1,188 @@ + + + + +SSL_write + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    SSL_write_ex, SSL_write, SSL_sendfile - write bytes to a TLS/SSL connection

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + ossl_ssize_t SSL_sendfile(SSL *s, int fd, off_t offset, size_t size, int flags);
+ int SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *written);
+ int SSL_write(SSL *ssl, const void *buf, int num);
    +

    +

    +
    +

    DESCRIPTION

    +

    SSL_write_ex() and SSL_write() write num bytes from the buffer buf into +the specified ssl connection. On success SSL_write_ex() will store the number +of bytes written in *written.

    +

    SSL_sendfile() writes size bytes from offset offset in the file +descriptor fd to the specified SSL connection s. This function provides +efficient zero-copy semantics. SSL_sendfile() is available only when +Kernel TLS is enabled, which can be checked by calling BIO_get_ktls_send(). +It is provided here to allow users to maintain the same interface. +The meaning of flags is platform dependent. +Currently, under Linux it is ignored.

    +

    +

    +
    +

    NOTES

    +

    In the paragraphs below a "write function" is defined as one of either +SSL_write_ex(), or SSL_write().

    +

    If necessary, a write function will negotiate a TLS/SSL session, if not already +explicitly performed by SSL_connect(3) or SSL_accept(3). If the peer +requests a re-negotiation, it will be performed transparently during +the write function operation. The behaviour of the write functions depends on the +underlying BIO.

    +

    For the transparent negotiation to succeed, the ssl must have been +initialized to client or server mode. This is being done by calling +SSL_set_connect_state(3) or SSL_set_accept_state() +before the first call to a write function.

    +

    If the underlying BIO is blocking, the write functions will only return, once +the write operation has been finished or an error occurred.

    +

    If the underlying BIO is non-blocking the write functions will also return +when the underlying BIO could not satisfy the needs of the function to continue +the operation. In this case a call to SSL_get_error(3) with the +return value of the write function will yield SSL_ERROR_WANT_READ +or SSL_ERROR_WANT_WRITE. As at any time a re-negotiation is possible, a +call to a write function can also cause read operations! The calling process +then must repeat the call after taking appropriate action to satisfy the needs +of the write function. The action depends on the underlying BIO. When using a +non-blocking socket, nothing is to be done, but select() can be used to check +for the required condition. When using a buffering BIO, like a BIO pair, data +must be written into or retrieved out of the BIO before being able to continue.

    +

    The write functions will only return with success when the complete contents of +buf of length num has been written. This default behaviour can be changed +with the SSL_MODE_ENABLE_PARTIAL_WRITE option of SSL_CTX_set_mode(3). When +this flag is set the write functions will also return with success when a +partial write has been successfully completed. In this case the write function +operation is considered completed. The bytes are sent and a new write call with +a new buffer (with the already sent bytes removed) must be started. A partial +write is performed with the size of a message block, which is 16kB.

    +

    +

    +
    +

    WARNINGS

    +

    When a write function call has to be repeated because SSL_get_error(3) +returned SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE, it must be repeated +with the same arguments. +The data that was passed might have been partially processed. +When SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER was set using SSL_CTX_set_mode(3) +the pointer can be different, but the data and length should still be the same.

    +

    You should not call SSL_write() with num=0, it will return an error. +SSL_write_ex() can be called with num=0, but will not send application data to +the peer.

    +

    +

    +
    +

    RETURN VALUES

    +

    SSL_write_ex() will return 1 for success or 0 for failure. Success means that +all requested application data bytes have been written to the SSL connection or, +if SSL_MODE_ENABLE_PARTIAL_WRITE is in use, at least 1 application data byte has +been written to the SSL connection. Failure means that not all the requested +bytes have been written yet (if SSL_MODE_ENABLE_PARTIAL_WRITE is not in use) or +no bytes could be written to the SSL connection (if +SSL_MODE_ENABLE_PARTIAL_WRITE is in use). Failures can be retryable (e.g. the +network write buffer has temporarily filled up) or non-retryable (e.g. a fatal +network error). In the event of a failure call SSL_get_error(3) to find out +the reason which indicates whether the call is retryable or not.

    +

    For SSL_write() the following return values can occur:

    +
    +
    > 0
    + +
    +

    The write operation was successful, the return value is the number of +bytes actually written to the TLS/SSL connection.

    +
    +
    <= 0
    + +
    +

    The write operation was not successful, because either the connection was +closed, an error occurred or action must be taken by the calling process. +Call SSL_get_error() with the return value ret to find out the reason.

    +

    Old documentation indicated a difference between 0 and -1, and that -1 was +retryable. +You should instead call SSL_get_error() to find out if it's retryable.

    +
    +
    +

    For SSL_sendfile(), the following return values can occur:

    +
    +
    >= 0
    + +
    +

    The write operation was successful, the return value is the number +of bytes of the file written to the TLS/SSL connection.

    +
    +
    < 0
    + +
    +

    The write operation was not successful, because either the connection was +closed, an error occurred or action must be taken by the calling process. +Call SSL_get_error() with the return value to find out the reason.

    +
    +
    +

    +

    +
    +

    SEE ALSO

    +

    SSL_get_error(3), SSL_read_ex(3), SSL_read(3) +SSL_CTX_set_mode(3), SSL_CTX_new(3), +SSL_connect(3), SSL_accept(3) +SSL_set_connect_state(3), BIO_ctrl(3), +ssl(7), bio(7)

    +

    +

    +
    +

    HISTORY

    +

    The SSL_write_ex() function was added in OpenSSL 1.1.1. +The SSL_sendfile() function was added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/TS_VERIFY_CTX_set_certs.html b/linux_amd64/ssl/share/doc/openssl/html/man3/TS_VERIFY_CTX_set_certs.html new file mode 100755 index 0000000..81fafab --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/TS_VERIFY_CTX_set_certs.html @@ -0,0 +1,91 @@ + + + + +TS_VERIFY_CTX_set_certs + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    TS_VERIFY_CTX_set_certs, TS_VERIFY_CTS_set_certs +- set certificates for TS response verification

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ts.h>
    +
    + STACK_OF(X509) *TS_VERIFY_CTX_set_certs(TS_VERIFY_CTX *ctx,
+                                         STACK_OF(X509) *certs);
+ STACK_OF(X509) *TS_VERIFY_CTS_set_certs(TS_VERIFY_CTX *ctx,
+                                         STACK_OF(X509) *certs);
    +

    +

    +
    +

    DESCRIPTION

    +

    The Time-Stamp Protocol (TSP) is defined by RFC 3161. TSP is a protocol used to +provide long term proof of the existence of a certain datum before a particular +time. TSP defines a Time Stamping Authority (TSA) and an entity who shall make +requests to the TSA. Usually the TSA is denoted as the server side and the +requesting entity is denoted as the client.

    +

    In TSP, when a server is sending a response to a client, the server normally +needs to sign the response data - the TimeStampToken (TST) - with its private +key. Then the client shall verify the received TST by the server's certificate +chain.

    +

    TS_VERIFY_CTX_set_certs() is used to set the server's certificate chain when +verifying a TST. ctx is the verification context created in advance and +certs is a stack of X509 certificates.

    +

    TS_VERIFY_CTS_set_certs() is a misspelled version of TS_VERIFY_CTX_set_certs() +which takes the same parameters and returns the same result.

    +

    +

    +
    +

    RETURN VALUES

    +

    TS_VERIFY_CTX_set_certs() returns the stack of X509 certificates the user +passes in via parameter certs.

    +

    +

    +
    +

    HISTORY

    +

    The spelling of TS_VERIFY_CTX_set_certs() was corrected in OpenSSL 3.0.0. +The misspelled version TS_VERIFY_CTS_set_certs() has been retained for +compatibility reasons, but it is deprecated in OpenSSL 3.0.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/UI_STRING.html b/linux_amd64/ssl/share/doc/openssl/html/man3/UI_STRING.html new file mode 100755 index 0000000..0dbf244 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/UI_STRING.html @@ -0,0 +1,166 @@ + + + + +UI_STRING + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    UI_STRING, UI_string_types, UI_get_string_type, +UI_get_input_flags, UI_get0_output_string, +UI_get0_action_string, UI_get0_result_string, UI_get_result_string_length, +UI_get0_test_string, UI_get_result_minsize, +UI_get_result_maxsize, UI_set_result, UI_set_result_ex +- User interface string parsing

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ui.h>
    +
    + typedef struct ui_string_st UI_STRING;
    +
    + enum UI_string_types {
+     UIT_NONE = 0,
+     UIT_PROMPT,                 /* Prompt for a string */
+     UIT_VERIFY,                 /* Prompt for a string and verify */
+     UIT_BOOLEAN,                /* Prompt for a yes/no response */
+     UIT_INFO,                   /* Send info to the user */
+     UIT_ERROR                   /* Send an error message to the user */
+ };
    +
    + enum UI_string_types UI_get_string_type(UI_STRING *uis);
+ int UI_get_input_flags(UI_STRING *uis);
+ const char *UI_get0_output_string(UI_STRING *uis);
+ const char *UI_get0_action_string(UI_STRING *uis);
+ const char *UI_get0_result_string(UI_STRING *uis);
+ int UI_get_result_string_length(UI_STRING *uis);
+ const char *UI_get0_test_string(UI_STRING *uis);
+ int UI_get_result_minsize(UI_STRING *uis);
+ int UI_get_result_maxsize(UI_STRING *uis);
+ int UI_set_result(UI *ui, UI_STRING *uis, const char *result);
+ int UI_set_result_ex(UI *ui, UI_STRING *uis, const char *result, int len);
    +

    +

    +
    +

    DESCRIPTION

    +

    The UI_STRING gets created internally and added to a UI whenever +one of the functions UI_add_input_string(), UI_dup_input_string(), +UI_add_verify_string(), UI_dup_verify_string(), +UI_add_input_boolean(), UI_dup_input_boolean(), UI_add_info_string(), +UI_dup_info_string(), UI_add_error_string() or UI_dup_error_string() +is called. +For a UI_METHOD user, there's no need to know more. +For a UI_METHOD creator, it is of interest to fetch text from these +UI_STRING objects as well as adding results to some of them.

    +

    UI_get_string_type() is used to retrieve the type of the given +UI_STRING.

    +

    UI_get_input_flags() is used to retrieve the flags associated with the +given UI_STRING.

    +

    UI_get0_output_string() is used to retrieve the actual string to +output (prompt, info, error, ...).

    +

    UI_get0_action_string() is used to retrieve the action description +associated with a UIT_BOOLEAN type UI_STRING. +For all other UI_STRING types, NULL is returned. +See UI_add_input_boolean(3).

    +

    UI_get0_result_string() and UI_get_result_string_length() are used to +retrieve the result of a prompt and its length. +This is only useful for UIT_PROMPT and UIT_VERIFY type strings. +For all other UI_STRING types, UI_get0_result_string() returns NULL +and UI_get_result_string_length() returns -1.

    +

    UI_get0_test_string() is used to retrieve the string to compare the +prompt result with. +This is only useful for UIT_VERIFY type strings. +For all other UI_STRING types, NULL is returned.

    +

    UI_get_result_minsize() and UI_get_result_maxsize() are used to +retrieve the minimum and maximum required size of the result. +This is only useful for UIT_PROMPT and UIT_VERIFY type strings. +For all other UI_STRING types, -1 is returned.

    +

    UI_set_result_ex() is used to set the result value of a prompt and its length. +For UIT_PROMPT and UIT_VERIFY type UI strings, this sets the +result retrievable with UI_get0_result_string() by copying the +contents of result if its length fits the minimum and maximum size +requirements. +For UIT_BOOLEAN type UI strings, this sets the first character of +the result retrievable with UI_get0_result_string() to the first +ok_char given with UI_add_input_boolean() or UI_dup_input_boolean() +if the result matched any of them, or the first of the +cancel_chars if the result matched any of them, otherwise it's +set to the NUL char \0. +See UI_add_input_boolean(3) for more information on ok_chars and +cancel_chars.

    +

    UI_set_result() does the same thing as UI_set_result_ex(), but calculates +its length internally. +It expects the string to be terminated with a NUL byte, and is therefore +only useful with normal C strings.

    +

    +

    +
    +

    RETURN VALUES

    +

    UI_get_string_type() returns the UI string type.

    +

    UI_get_input_flags() returns the UI string flags.

    +

    UI_get0_output_string() returns the UI string output string.

    +

    UI_get0_action_string() returns the UI string action description +string for UIT_BOOLEAN type UI strings, NULL for any other type.

    +

    UI_get0_result_string() returns the UI string result buffer for +UIT_PROMPT and UIT_VERIFY type UI strings, NULL for any other +type.

    +

    UI_get_result_string_length() returns the UI string result buffer's +content length for UIT_PROMPT and UIT_VERIFY type UI strings, +-1 for any other type.

    +

    UI_get0_test_string() returns the UI string action description +string for UIT_VERIFY type UI strings, NULL for any other type.

    +

    UI_get_result_minsize() returns the minimum allowed result size for +the UI string for UIT_PROMPT and UIT_VERIFY type strings, +-1 for any other type.

    +

    UI_get_result_maxsize() returns the minimum allowed result size for +the UI string for UIT_PROMPT and UIT_VERIFY type strings, +-1 for any other type.

    +

    UI_set_result() returns 0 on success or when the UI string is of any +type other than UIT_PROMPT, UIT_VERIFY or UIT_BOOLEAN, -1 on +error.

    +

    +

    +
    +

    SEE ALSO

    +

    UI(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/UI_UTIL_read_pw.html b/linux_amd64/ssl/share/doc/openssl/html/man3/UI_UTIL_read_pw.html new file mode 100755 index 0000000..d75c962 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/UI_UTIL_read_pw.html @@ -0,0 +1,107 @@ + + + + +UI_UTIL_read_pw + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    UI_UTIL_read_pw_string, UI_UTIL_read_pw, +UI_UTIL_wrap_read_pem_callback - user interface utilities

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ui.h>
    +
    + int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt,
+                            int verify);
+ int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt,
+                     int verify);
+ UI_METHOD *UI_UTIL_wrap_read_pem_callback(pem_password_cb *cb, int rwflag);
    +

    +

    +
    +

    DESCRIPTION

    +

    UI_UTIL_read_pw_string() asks for a passphrase, using prompt as a +prompt, and stores it in buf. +The maximum allowed size is given with length, including the +terminating NUL byte. +If verify is nonzero, the password will be verified as well.

    +

    UI_UTIL_read_pw() does the same as UI_UTIL_read_pw_string(), the +difference is that you can give it an external buffer buff for the +verification passphrase.

    +

    UI_UTIL_wrap_read_pem_callback() can be used to create a temporary +UI_METHOD that wraps a given PEM password callback cb. +rwflag is used to specify if this method will be used for +passphrase entry without (0) or with (1) verification. +When not used any more, the returned method should be freed with +UI_destroy_method().

    +

    +

    +
    +

    NOTES

    +

    UI_UTIL_read_pw_string() and UI_UTIL_read_pw() use default +UI_METHOD. +See UI_get_default_method(3) and friends for more information.

    +

    The result from the UI_METHOD created by +UI_UTIL_wrap_read_pem_callback() will generate password strings in the +encoding that the given password callback generates. +The default password prompting functions (apart from +UI_UTIL_read_pw_string() and UI_UTIL_read_pw(), there is +PEM_def_callback(), EVP_read_pw_string() and EVP_read_pw_string_min()) +all use the default UI_METHOD.

    +

    +

    +
    +

    RETURN VALUES

    +

    UI_UTIL_read_pw_string() and UI_UTIL_read_pw() return 0 on success or a negative +value on error.

    +

    UI_UTIL_wrap_read_pem_callback() returns a valid UI_METHOD structure or NULL +if an error occurred.

    +

    +

    +
    +

    SEE ALSO

    +

    UI_get_default_method(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/UI_create_method.html b/linux_amd64/ssl/share/doc/openssl/html/man3/UI_create_method.html new file mode 100755 index 0000000..fff408b --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/UI_create_method.html @@ -0,0 +1,238 @@ + + + + +UI_create_method + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    UI_METHOD, +UI_create_method, UI_destroy_method, UI_method_set_opener, +UI_method_set_writer, UI_method_set_flusher, UI_method_set_reader, +UI_method_set_closer, UI_method_set_data_duplicator, +UI_method_set_prompt_constructor, UI_method_set_ex_data, +UI_method_get_opener, UI_method_get_writer, UI_method_get_flusher, +UI_method_get_reader, UI_method_get_closer, +UI_method_get_data_duplicator, UI_method_get_data_destructor, +UI_method_get_prompt_constructor, UI_method_get_ex_data - user +interface method creation and destruction

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ui.h>
    +
    + typedef struct ui_method_st UI_METHOD;
    +
    + UI_METHOD *UI_create_method(const char *name);
+ void UI_destroy_method(UI_METHOD *ui_method);
+ int UI_method_set_opener(UI_METHOD *method, int (*opener) (UI *ui));
+ int UI_method_set_writer(UI_METHOD *method,
+                          int (*writer) (UI *ui, UI_STRING *uis));
+ int UI_method_set_flusher(UI_METHOD *method, int (*flusher) (UI *ui));
+ int UI_method_set_reader(UI_METHOD *method,
+                          int (*reader) (UI *ui, UI_STRING *uis));
+ int UI_method_set_closer(UI_METHOD *method, int (*closer) (UI *ui));
+ int UI_method_set_data_duplicator(UI_METHOD *method,
+                                   void *(*duplicator) (UI *ui, void *ui_data),
+                                   void (*destructor)(UI *ui, void *ui_data));
+ int UI_method_set_prompt_constructor(UI_METHOD *method,
+                                      char *(*prompt_constructor) (UI *ui,
+                                                                   const char
+                                                                   *object_desc,
+                                                                   const char
+                                                                   *object_name));
+ int UI_method_set_ex_data(UI_METHOD *method, int idx, void *data);
+ int (*UI_method_get_opener(const UI_METHOD *method)) (UI *);
+ int (*UI_method_get_writer(const UI_METHOD *method)) (UI *, UI_STRING *);
+ int (*UI_method_get_flusher(const UI_METHOD *method)) (UI *);
+ int (*UI_method_get_reader(const UI_METHOD *method)) (UI *, UI_STRING *);
+ int (*UI_method_get_closer(const UI_METHOD *method)) (UI *);
+ char *(*UI_method_get_prompt_constructor(const UI_METHOD *method))
+     (UI *, const char *, const char *);
+ void *(*UI_method_get_data_duplicator(const UI_METHOD *method)) (UI *, void *);
+ void (*UI_method_get_data_destructor(const UI_METHOD *method)) (UI *, void *);
+ const void *UI_method_get_ex_data(const UI_METHOD *method, int idx);
    +

    +

    +
    +

    DESCRIPTION

    +

    A method contains a few functions that implement the low level of the +User Interface. +These functions are:

    +
    +
    an opener
    + +
    +

    This function takes a reference to a UI and starts a session, for +example by opening a channel to a tty, or by creating a dialog box.

    +
    +
    a writer
    + +
    +

    This function takes a reference to a UI and a UI String, and writes +the string where appropriate, maybe to the tty, maybe added as a field +label in a dialog box. +Note that this gets fed all strings associated with a UI, one after +the other, so care must be taken which ones it actually uses.

    +
    +
    a flusher
    + +
    +

    This function takes a reference to a UI, and flushes everything that +has been output so far. +For example, if the method builds up a dialog box, this can be used to +actually display it and accepting input ended with a pressed button.

    +
    +
    a reader
    + +
    +

    This function takes a reference to a UI and a UI string and reads off +the given prompt, maybe from the tty, maybe from a field in a dialog +box. +Note that this gets fed all strings associated with a UI, one after +the other, so care must be taken which ones it actually uses.

    +
    +
    a closer
    + +
    +

    This function takes a reference to a UI, and closes the session, maybe +by closing the channel to the tty, maybe by destroying a dialog box.

    +
    +
    +

    All of these functions are expected to return 0 on error, 1 on +success, or -1 on out-off-band events, for example if some prompting +has been cancelled (by pressing Ctrl-C, for example). +Only the flusher or the reader are expected to return -1. +If returned by another of the functions, it's treated as if 0 was +returned.

    +

    Regarding the writer and the reader, don't assume the former should +only write and don't assume the latter should only read. +This depends on the needs of the method.

    +

    For example, a typical tty reader wouldn't write the prompts in the +write, but would rather do so in the reader, because of the sequential +nature of prompting on a tty. +This is how the UI_OpenSSL() method does it.

    +

    In contrast, a method that builds up a dialog box would add all prompt +text in the writer, have all input read in the flusher and store the +results in some temporary buffer, and finally have the reader just +fetch those results.

    +

    The central function that uses these method functions is UI_process(), +and it does it in five steps:

    +
      +
    1. +

      Open the session using the opener function if that one's defined. +If an error occurs, jump to 5.

      +
      2. +
    2. +

      For every UI String associated with the UI, call the writer function +if that one's defined. +If an error occurs, jump to 5.

      +
      3. +
    3. +

      Flush everything using the flusher function if that one's defined. +If an error occurs, jump to 5.

      +
      4. +
    4. +

      For every UI String associated with the UI, call the reader function +if that one's defined. +If an error occurs, jump to 5.

      +
      5. +
    5. +

      Close the session using the closer function if that one's defined.

      +
      6. +
    +

    UI_create_method() creates a new UI method with a given name.

    +

    UI_destroy_method() destroys the given UI method ui_method.

    +

    UI_method_set_opener(), UI_method_set_writer(), +UI_method_set_flusher(), UI_method_set_reader() and +UI_method_set_closer() set the five main method function to the given +function pointer.

    +

    UI_method_set_data_duplicator() sets the user data duplicator and destructor. +See UI_dup_user_data(3).

    +

    UI_method_set_prompt_constructor() sets the prompt constructor. +See UI_construct_prompt(3).

    +

    UI_method_set_ex_data() sets application specific data with a given +EX_DATA index. +See CRYPTO_get_ex_new_index(3) for general information on how to +get that index.

    +

    UI_method_get_opener(), UI_method_get_writer(), +UI_method_get_flusher(), UI_method_get_reader(), +UI_method_get_closer(), UI_method_get_data_duplicator(), +UI_method_get_data_destructor() and UI_method_get_prompt_constructor() +return the different method functions.

    +

    UI_method_get_ex_data() returns the application data previously stored +with UI_method_set_ex_data().

    +

    +

    +
    +

    RETURN VALUES

    +

    UI_create_method() returns a UI_METHOD pointer on success, NULL on +error.

    +

    UI_method_set_opener(), UI_method_set_writer(), +UI_method_set_flusher(), UI_method_set_reader(), +UI_method_set_closer(), UI_method_set_data_duplicator() and +UI_method_set_prompt_constructor() +return 0 on success, -1 if the given method is NULL.

    +

    UI_method_set_ex_data() returns 1 on success and 0 on error (because +CRYPTO_set_ex_data() does so).

    +

    UI_method_get_opener(), UI_method_get_writer(), +UI_method_get_flusher(), UI_method_get_reader(), +UI_method_get_closer(), UI_method_get_data_duplicator(), +UI_method_get_data_destructor() and UI_method_get_prompt_constructor() +return the requested function pointer if it's set in the method, +otherwise NULL.

    +

    UI_method_get_ex_data() returns a pointer to the application specific +data associated with the method.

    +

    +

    +
    +

    SEE ALSO

    +

    UI(3), CRYPTO_get_ex_data(3), UI_STRING(3)

    +

    +

    +
    +

    HISTORY

    +

    The UI_method_set_data_duplicator(), UI_method_get_data_duplicator() +and UI_method_get_data_destructor() functions were added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/UI_new.html b/linux_amd64/ssl/share/doc/openssl/html/man3/UI_new.html new file mode 100755 index 0000000..188ed68 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/UI_new.html @@ -0,0 +1,257 @@ + + + + +UI_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    UI, +UI_new, UI_new_method, UI_free, UI_add_input_string, UI_dup_input_string, +UI_add_verify_string, UI_dup_verify_string, UI_add_input_boolean, +UI_dup_input_boolean, UI_add_info_string, UI_dup_info_string, +UI_add_error_string, UI_dup_error_string, UI_construct_prompt, +UI_add_user_data, UI_dup_user_data, UI_get0_user_data, UI_get0_result, +UI_get_result_length, +UI_process, UI_ctrl, UI_set_default_method, UI_get_default_method, +UI_get_method, UI_set_method, UI_OpenSSL, UI_null - user interface

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ui.h>
    +
    + typedef struct ui_st UI;
    +
    + UI *UI_new(void);
+ UI *UI_new_method(const UI_METHOD *method);
+ void UI_free(UI *ui);
    +
    + int UI_add_input_string(UI *ui, const char *prompt, int flags,
+                         char *result_buf, int minsize, int maxsize);
+ int UI_dup_input_string(UI *ui, const char *prompt, int flags,
+                         char *result_buf, int minsize, int maxsize);
+ int UI_add_verify_string(UI *ui, const char *prompt, int flags,
+                          char *result_buf, int minsize, int maxsize,
+                          const char *test_buf);
+ int UI_dup_verify_string(UI *ui, const char *prompt, int flags,
+                          char *result_buf, int minsize, int maxsize,
+                          const char *test_buf);
+ int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc,
+                          const char *ok_chars, const char *cancel_chars,
+                          int flags, char *result_buf);
+ int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc,
+                          const char *ok_chars, const char *cancel_chars,
+                          int flags, char *result_buf);
+ int UI_add_info_string(UI *ui, const char *text);
+ int UI_dup_info_string(UI *ui, const char *text);
+ int UI_add_error_string(UI *ui, const char *text);
+ int UI_dup_error_string(UI *ui, const char *text);
    +
    + char *UI_construct_prompt(UI *ui_method,
+        const char *object_desc, const char *object_name);
    +
    + void *UI_add_user_data(UI *ui, void *user_data);
+ int UI_dup_user_data(UI *ui, void *user_data);
+ void *UI_get0_user_data(UI *ui);
    +
    + const char *UI_get0_result(UI *ui, int i);
+ int UI_get_result_length(UI *ui, int i);
    +
    + int UI_process(UI *ui);
    +
    + int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)());
    +
    + void UI_set_default_method(const UI_METHOD *meth);
+ const UI_METHOD *UI_get_default_method(void);
+ const UI_METHOD *UI_get_method(UI *ui);
+ const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth);
    +
    + UI_METHOD *UI_OpenSSL(void);
+ const UI_METHOD *UI_null(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    UI stands for User Interface, and is general purpose set of routines to +prompt the user for text-based information. Through user-written methods +(see UI_create_method(3)), prompting can be done in any way +imaginable, be it plain text prompting, through dialog boxes or from a +cell phone.

    +

    All the functions work through a context of the type UI. This context +contains all the information needed to prompt correctly as well as a +reference to a UI_METHOD, which is an ordered vector of functions that +carry out the actual prompting.

    +

    The first thing to do is to create a UI with UI_new() or UI_new_method(), +then add information to it with the UI_add or UI_dup functions. Also, +user-defined random data can be passed down to the underlying method +through calls to UI_add_user_data() or UI_dup_user_data(). The default +UI method doesn't care about these data, but other methods might. Finally, +use UI_process() to actually perform the prompting and UI_get0_result() +and UI_get_result_length() to find the result to the prompt and its length.

    +

    A UI can contain more than one prompt, which are performed in the given +sequence. Each prompt gets an index number which is returned by the +UI_add and UI_dup functions, and has to be used to get the corresponding +result with UI_get0_result() and UI_get_result_length().

    +

    UI_process() can be called more than once on the same UI, thereby allowing +a UI to have a long lifetime, but can just as well have a short lifetime.

    +

    The functions are as follows:

    +

    UI_new() creates a new UI using the default UI method. When done with +this UI, it should be freed using UI_free().

    +

    UI_new_method() creates a new UI using the given UI method. When done with +this UI, it should be freed using UI_free().

    +

    UI_OpenSSL() returns the built-in UI method (note: not necessarily the +default one, since the default can be changed. See further on). This +method is the most machine/OS dependent part of OpenSSL and normally +generates the most problems when porting.

    +

    UI_null() returns a UI method that does nothing. Its use is to avoid +getting internal defaults for passed UI_METHOD pointers.

    +

    UI_free() removes a UI from memory, along with all other pieces of memory +that's connected to it, like duplicated input strings, results and others. +If ui is NULL nothing is done.

    +

    UI_add_input_string() and UI_add_verify_string() add a prompt to the UI, +as well as flags and a result buffer and the desired minimum and maximum +sizes of the result, not counting the final NUL character. The given +information is used to prompt for information, for example a password, +and to verify a password (i.e. having the user enter it twice and check +that the same string was entered twice). UI_add_verify_string() takes +and extra argument that should be a pointer to the result buffer of the +input string that it's supposed to verify, or verification will fail.

    +

    UI_add_input_boolean() adds a prompt to the UI that's supposed to be answered +in a boolean way, with a single character for yes and a different character +for no. A set of characters that can be used to cancel the prompt is given +as well. The prompt itself is divided in two, one part being the +descriptive text (given through the prompt argument) and one describing +the possible answers (given through the action_desc argument).

    +

    UI_add_info_string() and UI_add_error_string() add strings that are shown at +the same time as the prompt for extra information or to show an error string. +The difference between the two is only conceptual. With the built-in method, +there's no technical difference between them. Other methods may make a +difference between them, however.

    +

    The flags currently supported are UI_INPUT_FLAG_ECHO, which is relevant for +UI_add_input_string() and will have the users response be echoed (when +prompting for a password, this flag should obviously not be used, and +UI_INPUT_FLAG_DEFAULT_PWD, which means that a default password of some +sort will be used (completely depending on the application and the UI +method).

    +

    UI_dup_input_string(), UI_dup_verify_string(), UI_dup_input_boolean(), +UI_dup_info_string() and UI_dup_error_string() are basically the same +as their UI_add counterparts, except that they make their own copies +of all strings.

    +

    UI_construct_prompt() is a helper function that can be used to create +a prompt from two pieces of information: an description and a name. +The default constructor (if there is none provided by the method used) +creates a string "Enter description for name:". With the +description "pass phrase" and the filename "foo.key", that becomes +"Enter pass phrase for foo.key:". Other methods may create whatever +string and may include encodings that will be processed by the other +method functions.

    +

    UI_add_user_data() adds a user data pointer for the method to use at any +time. The built-in UI method doesn't care about this info. Note that several +calls to this function doesn't add data, it replaces the previous blob +with the one given as argument.

    +

    UI_dup_user_data() duplicates the user data and works as an alternative +to UI_add_user_data() when the user data needs to be preserved for a longer +duration, perhaps even the lifetime of the application. The UI object takes +ownership of this duplicate and will free it whenever it gets replaced or +the UI is destroyed. UI_dup_user_data() returns 0 on success, or -1 on memory +allocation failure or if the method doesn't have a duplicator function.

    +

    UI_get0_user_data() retrieves the data that has last been given to the +UI with UI_add_user_data() or UI_dup_user_data.

    +

    UI_get0_result() returns a pointer to the result buffer associated with +the information indexed by i.

    +

    UI_get_result_length() returns the length of the result buffer associated with +the information indexed by i.

    +

    UI_process() goes through the information given so far, does all the printing +and prompting and returns the final status, which is -2 on out-of-band events +(Interrupt, Cancel, ...), -1 on error and 0 on success.

    +

    UI_ctrl() adds extra control for the application author. For now, it +understands two commands: UI_CTRL_PRINT_ERRORS, which makes UI_process() +print the OpenSSL error stack as part of processing the UI, and +UI_CTRL_IS_REDOABLE, which returns a flag saying if the used UI can +be used again or not.

    +

    UI_set_default_method() changes the default UI method to the one given. +This function is not thread-safe and should not be called at the same time +as other OpenSSL functions.

    +

    UI_get_default_method() returns a pointer to the current default UI method.

    +

    UI_get_method() returns the UI method associated with a given UI.

    +

    UI_set_method() changes the UI method associated with a given UI.

    +

    +

    +
    +

    NOTES

    +

    The resulting strings that the built in method UI_OpenSSL() generate +are assumed to be encoded according to the current locale or (for +Windows) code page. +For applications having different demands, these strings need to be +converted appropriately by the caller. +For Windows, if the OPENSSL_WIN32_UTF8 environment variable is set, +the built-in method UI_OpenSSL() will produce UTF-8 encoded strings +instead.

    +

    +

    +
    +

    RETURN VALUES

    +

    UI_new() and UI_new_method() return a valid UI structure or NULL if an error +occurred.

    +

    UI_add_input_string(), UI_dup_input_string(), UI_add_verify_string(), +UI_dup_verify_string(), UI_add_input_boolean(), UI_dup_input_boolean(), +UI_add_info_string(), UI_dup_info_string(), UI_add_error_string() +and UI_dup_error_string() return a positive number on success or a value which +is less than or equal to 0 otherwise.

    +

    UI_construct_prompt() returns a string or NULL if an error occurred.

    +

    UI_dup_user_data() returns 0 on success or -1 on error.

    +

    UI_get0_result() returns a string or NULL on error.

    +

    UI_get_result_length() returns a positive integer or 0 on success; otherwise it +returns -1 on error.

    +

    UI_process() returns 0 on success or a negative value on error.

    +

    UI_ctrl() returns a mask on success or -1 on error.

    +

    UI_get_default_method(), UI_get_method(), UI_OpenSSL(), UI_null() and +UI_set_method() return either a valid UI_METHOD structure or NULL +respectively.

    +

    +

    +
    +

    HISTORY

    +

    The UI_dup_user_data() function was added in OpenSSL 1.1.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/X509V3_get_d2i.html b/linux_amd64/ssl/share/doc/openssl/html/man3/X509V3_get_d2i.html new file mode 100755 index 0000000..2351eb2 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/X509V3_get_d2i.html @@ -0,0 +1,274 @@ + + + + +X509V3_get_d2i + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_get0_extensions, X509_CRL_get0_extensions, X509_REVOKED_get0_extensions, +X509V3_get_d2i, X509V3_add1_i2d, X509V3_EXT_d2i, X509V3_EXT_i2d, +X509_get_ext_d2i, X509_add1_ext_i2d, X509_CRL_get_ext_d2i, +X509_CRL_add1_ext_i2d, X509_REVOKED_get_ext_d2i, +X509_REVOKED_add1_ext_i2d - X509 extension decode and encode functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509v3.h>
    +
    + void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit,
+                      int *idx);
+ int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
+                     int crit, unsigned long flags);
    +
    + void *X509V3_EXT_d2i(X509_EXTENSION *ext);
+ X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext);
    +
    + void *X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx);
+ int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
+                       unsigned long flags);
    +
    + void *X509_CRL_get_ext_d2i(const X509_CRL *crl, int nid, int *crit, int *idx);
+ int X509_CRL_add1_ext_i2d(X509_CRL *crl, int nid, void *value, int crit,
+                           unsigned long flags);
    +
    + void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *r, int nid, int *crit, int *idx);
+ int X509_REVOKED_add1_ext_i2d(X509_REVOKED *r, int nid, void *value, int crit,
+                               unsigned long flags);
    +
    + const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x);
+ const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(const X509_CRL *crl);
+ const STACK_OF(X509_EXTENSION) *X509_REVOKED_get0_extensions(const X509_REVOKED *r);
    +

    +

    +
    +

    DESCRIPTION

    +

    X509V3_get_ext_d2i() looks for an extension with OID nid in the extensions +x and, if found, decodes it. If idx is NULL then only one +occurrence of an extension is permissible otherwise the first extension after +index *idx is returned and *idx updated to the location of the extension. +If crit is not NULL then *crit is set to a status value: -2 if the +extension occurs multiple times (this is only returned if idx is NULL), +-1 if the extension could not be found, 0 if the extension is found and is +not critical and 1 if critical. A pointer to an extension specific structure +or NULL is returned.

    +

    X509V3_add1_i2d() adds extension value to STACK *x (allocating a new +STACK if necessary) using OID nid and criticality crit according +to flags.

    +

    X509V3_EXT_d2i() attempts to decode the ASN.1 data contained in extension +ext and returns a pointer to an extension specific structure or NULL +if the extension could not be decoded (invalid syntax or not supported).

    +

    X509V3_EXT_i2d() encodes the extension specific structure ext +with OID ext_nid and criticality crit.

    +

    X509_get_ext_d2i() and X509_add1_ext_i2d() operate on the extensions of +certificate x, they are otherwise identical to X509V3_get_d2i() and +X509V3_add_i2d().

    +

    X509_CRL_get_ext_d2i() and X509_CRL_add1_ext_i2d() operate on the extensions +of CRL crl, they are otherwise identical to X509V3_get_d2i() and +X509V3_add_i2d().

    +

    X509_REVOKED_get_ext_d2i() and X509_REVOKED_add1_ext_i2d() operate on the +extensions of X509_REVOKED structure r (i.e for CRL entry extensions), +they are otherwise identical to X509V3_get_d2i() and X509V3_add_i2d().

    +

    X509_get0_extensions(), X509_CRL_get0_extensions() and +X509_REVOKED_get0_extensions() return a stack of all the extensions +of a certificate a CRL or a CRL entry respectively.

    +

    +

    +
    +

    NOTES

    +

    In almost all cases an extension can occur at most once and multiple +occurrences is an error. Therefore the idx parameter is usually NULL.

    +

    The flags parameter may be one of the following values.

    +

    X509V3_ADD_DEFAULT appends a new extension only if the extension does +not already exist. An error is returned if the extension does already +exist.

    +

    X509V3_ADD_APPEND appends a new extension, ignoring whether the extension +already exists.

    +

    X509V3_ADD_REPLACE replaces an extension if it exists otherwise appends +a new extension.

    +

    X509V3_ADD_REPLACE_EXISTING replaces an existing extension if it exists +otherwise returns an error.

    +

    X509V3_ADD_KEEP_EXISTING appends a new extension only if the extension does +not already exist. An error is not returned if the extension does already +exist.

    +

    X509V3_ADD_DELETE extension nid is deleted: no new extension is added.

    +

    If X509V3_ADD_SILENT is ored with flags: any error returned will not +be added to the error queue.

    +

    The function X509V3_get_d2i() will return NULL if the extension is not +found, occurs multiple times or cannot be decoded. It is possible to +determine the precise reason by checking the value of *crit.

    +

    +

    +
    +

    SUPPORTED EXTENSIONS

    +

    The following sections contain a list of all supported extensions +including their name and NID.

    +

    +

    +

    PKIX Certificate Extensions

    +

    The following certificate extensions are defined in PKIX standards such as +RFC5280.

    +
    + Basic Constraints                  NID_basic_constraints
+ Key Usage                          NID_key_usage
+ Extended Key Usage                 NID_ext_key_usage
    +
    + Subject Key Identifier             NID_subject_key_identifier
+ Authority Key Identifier           NID_authority_key_identifier
    +
    + Private Key Usage Period           NID_private_key_usage_period
    +
    + Subject Alternative Name           NID_subject_alt_name
+ Issuer Alternative Name            NID_issuer_alt_name
    +
    + Authority Information Access       NID_info_access
+ Subject Information Access         NID_sinfo_access
    +
    + Name Constraints                   NID_name_constraints
    +
    + Certificate Policies               NID_certificate_policies
+ Policy Mappings                    NID_policy_mappings
+ Policy Constraints                 NID_policy_constraints
+ Inhibit Any Policy                 NID_inhibit_any_policy
    +
    + TLS Feature                        NID_tlsfeature
    +

    +

    +

    Netscape Certificate Extensions

    +

    The following are (largely obsolete) Netscape certificate extensions.

    +
    + Netscape Cert Type                 NID_netscape_cert_type
+ Netscape Base Url                  NID_netscape_base_url
+ Netscape Revocation Url            NID_netscape_revocation_url
+ Netscape CA Revocation Url         NID_netscape_ca_revocation_url
+ Netscape Renewal Url               NID_netscape_renewal_url
+ Netscape CA Policy Url             NID_netscape_ca_policy_url
+ Netscape SSL Server Name           NID_netscape_ssl_server_name
+ Netscape Comment                   NID_netscape_comment
    +

    +

    +

    Miscellaneous Certificate Extensions

    +
    + Strong Extranet ID                 NID_sxnet
+ Proxy Certificate Information      NID_proxyCertInfo
    +

    +

    +

    PKIX CRL Extensions

    +

    The following are CRL extensions from PKIX standards such as RFC5280.

    +
    + CRL Number                         NID_crl_number
+ CRL Distribution Points            NID_crl_distribution_points
+ Delta CRL Indicator                NID_delta_crl
+ Freshest CRL                       NID_freshest_crl
+ Invalidity Date                    NID_invalidity_date
+ Issuing Distribution Point         NID_issuing_distribution_point
    +

    The following are CRL entry extensions from PKIX standards such as RFC5280.

    +
    + CRL Reason Code                    NID_crl_reason
+ Certificate Issuer                 NID_certificate_issuer
    +

    +

    +

    OCSP Extensions

    +
    + OCSP Nonce                         NID_id_pkix_OCSP_Nonce
+ OCSP CRL ID                        NID_id_pkix_OCSP_CrlID
+ Acceptable OCSP Responses          NID_id_pkix_OCSP_acceptableResponses
+ OCSP No Check                      NID_id_pkix_OCSP_noCheck
+ OCSP Archive Cutoff                NID_id_pkix_OCSP_archiveCutoff
+ OCSP Service Locator               NID_id_pkix_OCSP_serviceLocator
+ Hold Instruction Code              NID_hold_instruction_code
    +

    +

    +

    Certificate Transparency Extensions

    +

    The following extensions are used by certificate transparency, RFC6962

    +
    + CT Precertificate SCTs             NID_ct_precert_scts
+ CT Certificate SCTs                NID_ct_cert_scts
    +

    +

    +
    +

    RETURN VALUES

    +

    X509V3_EXT_d2i() and *X509V3_get_d2i() return a pointer to an extension +specific structure of NULL if an error occurs.

    +

    X509V3_EXT_i2d() returns a pointer to an X509_EXTENSION structure +or NULL if an error occurs.

    +

    X509V3_add1_i2d() returns 1 if the operation is successful and 0 if it +fails due to a non-fatal error (extension not found, already exists, +cannot be encoded) or -1 due to a fatal error such as a memory allocation +failure.

    +

    X509_get0_extensions(), X509_CRL_get0_extensions() and +X509_REVOKED_get0_extensions() return a stack of extensions. They return +NULL if no extensions are present.

    +

    +

    +
    +

    SEE ALSO

    +

    d2i_X509(3), +ERR_get_error(3), +X509_CRL_get0_by_serial(3), +X509_get0_signature(3), +X509_get_ext_d2i(3), +X509_get_extension_flags(3), +X509_get_pubkey(3), +X509_get_subject_name(3), +X509_get_version(3), +X509_NAME_add_entry_by_txt(3), +X509_NAME_ENTRY_get_object(3), +X509_NAME_get_index_by_NID(3), +X509_NAME_print_ex(3), +X509_new(3), +X509_sign(3), +X509_verify_cert(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/X509_ALGOR_dup.html b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_ALGOR_dup.html new file mode 100755 index 0000000..3539cdf --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_ALGOR_dup.html @@ -0,0 +1,88 @@ + + + + +X509_ALGOR_dup + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    X509_ALGOR_dup, X509_ALGOR_set0, X509_ALGOR_get0, X509_ALGOR_set_md, X509_ALGOR_cmp - AlgorithmIdentifier functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509.h>
    +
    + X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *alg);
+ int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval);
+ void X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype,
+                      const void **ppval, const X509_ALGOR *alg);
+ void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md);
+ int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b);
    +

    +

    +
    +

    DESCRIPTION

    +

    X509_ALGOR_dup() returns a copy of alg.

    +

    X509_ALGOR_set0() sets the algorithm OID of alg to aobj and the +associated parameter type to ptype with value pval. If ptype is +V_ASN1_UNDEF the parameter is omitted, otherwise ptype and pval have +the same meaning as the type and value parameters to ASN1_TYPE_set(). +All the supplied parameters are used internally so must NOT be freed after +this call.

    +

    X509_ALGOR_get0() is the inverse of X509_ALGOR_set0(): it returns the +algorithm OID in *paobj and the associated parameter in *pptype +and *ppval from the AlgorithmIdentifier alg.

    +

    X509_ALGOR_set_md() sets the AlgorithmIdentifier alg to appropriate +values for the message digest md.

    +

    X509_ALGOR_cmp() compares a and b and returns 0 if they have identical +encodings and nonzero otherwise.

    +

    +

    +
    +

    RETURN VALUES

    +

    X509_ALGOR_dup() returns a valid X509_ALGOR structure or NULL if an error +occurred.

    +

    X509_ALGOR_set0() returns 1 on success or 0 on error.

    +

    X509_ALGOR_get0() and X509_ALGOR_set_md() return no values.

    +

    X509_ALGOR_cmp() returns 0 if the two parameters have identical encodings and +nonzero otherwise.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/X509_CRL_get0_by_serial.html b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_CRL_get0_by_serial.html new file mode 100755 index 0000000..3c89863 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_CRL_get0_by_serial.html @@ -0,0 +1,142 @@ + + + + +X509_CRL_get0_by_serial + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_CRL_get0_by_serial, X509_CRL_get0_by_cert, X509_CRL_get_REVOKED, +X509_REVOKED_get0_serialNumber, X509_REVOKED_get0_revocationDate, +X509_REVOKED_set_serialNumber, X509_REVOKED_set_revocationDate, +X509_CRL_add0_revoked, X509_CRL_sort - CRL revoked entry utility +functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509.h>
    +
    + int X509_CRL_get0_by_serial(X509_CRL *crl,
+                             X509_REVOKED **ret, ASN1_INTEGER *serial);
+ int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x);
    +
    + STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl);
    +
    + const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *r);
+ const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOKED *r);
    +
    + int X509_REVOKED_set_serialNumber(X509_REVOKED *r, ASN1_INTEGER *serial);
+ int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm);
    +
    + int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev);
    +
    + int X509_CRL_sort(X509_CRL *crl);
    +

    +

    +
    +

    DESCRIPTION

    +

    X509_CRL_get0_by_serial() attempts to find a revoked entry in crl for +serial number serial. If it is successful it sets *ret to the internal +pointer of the matching entry, as a result *ret must not be freed up +after the call.

    +

    X509_CRL_get0_by_cert() is similar to X509_get0_by_serial() except it +looks for a revoked entry using the serial number of certificate x.

    +

    X509_CRL_get_REVOKED() returns an internal pointer to a stack of all +revoked entries for crl.

    +

    X509_REVOKED_get0_serialNumber() returns an internal pointer to the +serial number of r.

    +

    X509_REVOKED_get0_revocationDate() returns an internal pointer to the +revocation date of r.

    +

    X509_REVOKED_set_serialNumber() sets the serial number of r to serial. +The supplied serial pointer is not used internally so it should be +freed up after use.

    +

    X509_REVOKED_set_revocationDate() sets the revocation date of r to +tm. The supplied tm pointer is not used internally so it should be +freed up after use.

    +

    X509_CRL_add0_revoked() appends revoked entry rev to CRL crl. The +pointer rev is used internally so it must not be freed up after the call: +it is freed when the parent CRL is freed.

    +

    X509_CRL_sort() sorts the revoked entries of crl into ascending serial +number order.

    +

    +

    +
    +

    NOTES

    +

    Applications can determine the number of revoked entries returned by +X509_CRL_get_revoked() using sk_X509_REVOKED_num() and examine each one +in turn using sk_X509_REVOKED_value().

    +

    +

    +
    +

    RETURN VALUES

    +

    X509_CRL_get0_by_serial() and X509_CRL_get0_by_cert() return 0 for failure, +1 on success except if the revoked entry has the reason removeFromCRL (8), +in which case 2 is returned.

    +

    X509_REVOKED_set_serialNumber(), X509_REVOKED_set_revocationDate(), +X509_CRL_add0_revoked() and X509_CRL_sort() return 1 for success and 0 for +failure.

    +

    X509_REVOKED_get0_serialNumber() returns an ASN1_INTEGER pointer.

    +

    X509_REVOKED_get0_revocationDate() returns an ASN1_TIME value.

    +

    X509_CRL_get_REVOKED() returns a STACK of revoked entries.

    +

    +

    +
    +

    SEE ALSO

    +

    d2i_X509(3), +ERR_get_error(3), +X509_get0_signature(3), +X509_get_ext_d2i(3), +X509_get_extension_flags(3), +X509_get_pubkey(3), +X509_get_subject_name(3), +X509_get_version(3), +X509_NAME_add_entry_by_txt(3), +X509_NAME_ENTRY_get_object(3), +X509_NAME_get_index_by_NID(3), +X509_NAME_print_ex(3), +X509_new(3), +X509_sign(3), +X509V3_get_d2i(3), +X509_verify_cert(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/X509_EXTENSION_set_object.html b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_EXTENSION_set_object.html new file mode 100755 index 0000000..e9cd229 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_EXTENSION_set_object.html @@ -0,0 +1,123 @@ + + + + +X509_EXTENSION_set_object + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_EXTENSION_set_object, X509_EXTENSION_set_critical, +X509_EXTENSION_set_data, X509_EXTENSION_create_by_NID, +X509_EXTENSION_create_by_OBJ, X509_EXTENSION_get_object, +X509_EXTENSION_get_critical, X509_EXTENSION_get_data - extension utility +functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + int X509_EXTENSION_set_object(X509_EXTENSION *ex, const ASN1_OBJECT *obj);
+ int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit);
+ int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data);
    +
    + X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex,
+                                              int nid, int crit,
+                                              ASN1_OCTET_STRING *data);
+ X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex,
+                                              const ASN1_OBJECT *obj, int crit,
+                                              ASN1_OCTET_STRING *data);
    +
    + ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex);
+ int X509_EXTENSION_get_critical(const X509_EXTENSION *ex);
+ ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne);
    +

    +

    +
    +

    DESCRIPTION

    +

    X509_EXTENSION_set_object() sets the extension type of ex to obj. The +obj pointer is duplicated internally so obj should be freed up after use.

    +

    X509_EXTENSION_set_critical() sets the criticality of ex to crit. If +crit is zero the extension in non-critical otherwise it is critical.

    +

    X509_EXTENSION_set_data() sets the data in extension ex to data. The +data pointer is duplicated internally.

    +

    X509_EXTENSION_create_by_NID() creates an extension of type nid, +criticality crit using data data. The created extension is returned and +written to *ex reusing or allocating a new extension if necessary so *ex +should either be NULL or a valid X509_EXTENSION structure it must +not be an uninitialised pointer.

    +

    X509_EXTENSION_create_by_OBJ() is identical to X509_EXTENSION_create_by_NID() +except it creates and extension using obj instead of a NID.

    +

    X509_EXTENSION_get_object() returns the extension type of ex as an +ASN1_OBJECT pointer. The returned pointer is an internal value which must +not be freed up.

    +

    X509_EXTENSION_get_critical() returns the criticality of extension ex it +returns 1 for critical and 0 for non-critical.

    +

    X509_EXTENSION_get_data() returns the data of extension ex. The returned +pointer is an internal value which must not be freed up.

    +

    +

    +
    +

    NOTES

    +

    These functions manipulate the contents of an extension directly. Most +applications will want to parse or encode and add an extension: they should +use the extension encode and decode functions instead such as +X509_add1_ext_i2d() and X509_get_ext_d2i().

    +

    The data associated with an extension is the extension encoding in an +ASN1_OCTET_STRING structure.

    +

    +

    +
    +

    RETURN VALUES

    +

    X509_EXTENSION_set_object() X509_EXTENSION_set_critical() and +X509_EXTENSION_set_data() return 1 for success and 0 for failure.

    +

    X509_EXTENSION_create_by_NID() and X509_EXTENSION_create_by_OBJ() return +an X509_EXTENSION pointer or NULL if an error occurs.

    +

    X509_EXTENSION_get_object() returns an ASN1_OBJECT pointer.

    +

    X509_EXTENSION_get_critical() returns 0 for non-critical and 1 for +critical.

    +

    X509_EXTENSION_get_data() returns an ASN1_OCTET_STRING pointer.

    +

    +

    +
    +

    SEE ALSO

    +

    X509V3_get_d2i(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/X509_LOOKUP.html b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_LOOKUP.html new file mode 100755 index 0000000..88886fc --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_LOOKUP.html @@ -0,0 +1,220 @@ + + + + +X509_LOOKUP + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_LOOKUP, X509_LOOKUP_TYPE, +X509_LOOKUP_new, X509_LOOKUP_free, X509_LOOKUP_init, +X509_LOOKUP_shutdown, +X509_LOOKUP_set_method_data, X509_LOOKUP_get_method_data, +X509_LOOKUP_ctrl, +X509_LOOKUP_load_file, X509_LOOKUP_add_dir, X509_LOOKUP_add_store, +X509_LOOKUP_load_store, +X509_LOOKUP_get_store, X509_LOOKUP_by_subject, +X509_LOOKUP_by_issuer_serial, X509_LOOKUP_by_fingerprint, +X509_LOOKUP_by_alias +- OpenSSL certificate lookup mechanisms

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509_vfy.h>
    +
    + typedef x509_lookup_st X509_LOOKUP;
    +
    + typedef enum X509_LOOKUP_TYPE;
    +
    + X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method);
+ int X509_LOOKUP_init(X509_LOOKUP *ctx);
+ int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
+ void X509_LOOKUP_free(X509_LOOKUP *ctx);
    +
    + int X509_LOOKUP_set_method_data(X509_LOOKUP *ctx, void *data);
+ void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx);
    +
    + int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
+                      long argl, char **ret);
+ int X509_LOOKUP_load_file(X509_LOOKUP *ctx, char *name, long type);
+ int X509_LOOKUP_add_dir(X509_LOOKUP *ctx, char *name, long type);
+ int X509_LOOKUP_add_store(X509_LOOKUP *ctx, char *uri);
+ int X509_LOOKUP_load_store(X509_LOOKUP *ctx, char *uri);
    +
    + X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx);
    +
    + int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                            X509_NAME *name, X509_OBJECT *ret);
+ int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                                  X509_NAME *name, ASN1_INTEGER *serial,
+                                  X509_OBJECT *ret);
+ int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                                const unsigned char *bytes, int len,
+                                X509_OBJECT *ret);
+ int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                          const char *str, int len, X509_OBJECT *ret);
    +

    +

    +
    +

    DESCRIPTION

    +

    The X509_LOOKUP structure holds the information needed to look up +certificates and CRLs according to an associated X509_LOOKUP_METHOD(3). +Multiple X509_LOOKUP instances can be added to an X509_STORE(3) +to enable lookup in that store.

    +

    X509_LOOKUP_new() creates a new X509_LOOKUP using the given lookup +method. +It can also be created by calling X509_STORE_add_lookup(3), which +will associate a X509_STORE with the lookup mechanism.

    +

    X509_LOOKUP_init() initializes the internal state and resources as +needed by the given X509_LOOKUP to do its work.

    +

    X509_LOOKUP_shutdown() tears down the internal state and resources of +the given X509_LOOKUP.

    +

    X509_LOOKUP_free() destructs the given X509_LOOKUP.

    +

    X509_LOOKUP_set_method_data() and X509_LOOKUP_get_method_data() +associates and retrieves a pointer to application data to and from the +given X509_LOOKUP, respectively.

    +

    X509_LOOKUP_ctrl() is used to set or get additional data to or from a +X509_LOOKUP structure or its associated X509_LOOKUP_METHOD(3). +The arguments of the control command are passed via argc and argl, +its return value via *ret. +The meaning of the arguments depends on the cmd number of the +control command. In general, this function is not called directly, but +wrapped by a macro call, see below. +The control cmds known to OpenSSL are discussed in more depth +in Control Commands.

    +

    X509_LOOKUP_load_file() passes a filename to be loaded immediately +into the associated X509_STORE. +type indicates what type of object is expected. +This can only be used with a lookup using the implementation +X509_LOOKUP_file(3).

    +

    X509_LOOKUP_add_dir() passes a directory specification from which +certificates and CRLs are loaded on demand into the associated +X509_STORE. +type indicates what type of object is expected. +This can only be used with a lookup using the implementation +X509_LOOKUP_hash_dir(3).

    +

    X509_LOOKUP_add_store() passes a URI for a directory-like structure +from which containers with certificates and CRLs are loaded on demand +into the associated X509_STORE. +X509_LOOKUP_load_store() passes a URI for a single container from +which certificates and CRLs are immediately loaded into the associated +X509_STORE. +These functions can only be used with a lookup using the +implementation X509_LOOKUP_store(3).

    +

    X509_LOOKUP_load_file(), X509_LOOKUP_add_dir(), +X509_LOOKUP_add_store(), and X509_LOOKUP_load_store() are implemented +as macros that use X509_LOOKUP_ctrl().

    +

    X509_LOOKUP_by_subject(), X509_LOOKUP_by_issuer_serial(), +X509_LOOKUP_by_fingerprint(), and X509_LOOKUP_by_alias() look up +certificates and CRLs in the X509_STORE(3) associated with the +X509_LOOKUP using different criteria, where the looked up object is +stored in ret. +Some of the underlying X509_LOOKUP_METHODs will also cache objects +matching the criteria in the associated X509_STORE, which makes it +possible to handle cases where the criteria have more than one hit.

    +

    +

    +

    Control Commands

    +

    The X509_LOOKUP_METHODs built into OpenSSL recognise the following +X509_LOOKUP_ctrl() cmds:

    +
    +
    X509_L_FILE_LOAD
    + +
    +

    This is the command that X509_LOOKUP_load_file() uses. +The filename is passed in argc, and the type in argl.

    +
    +
    X509_L_ADD_DIR
    + +
    +

    This is the command that X509_LOOKUP_add_dir() uses. +The directory specification is passed in argc, and the type in +argl.

    +
    +
    X509_L_ADD_STORE
    + +
    +

    This is the command that X509_LOOKUP_add_store() uses. +The URI is passed in argc.

    +
    +
    X509_L_LOAD_STORE
    + +
    +

    This is the command that X509_LOOKUP_load_store() uses. +The URI is passed in argc.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    X509_LOOKUP_new() returns a X509_LOOKUP pointer when successful, +or NULL on error.

    +

    X509_LOOKUP_init() and X509_LOOKUP_shutdown() return 1 on success, or +0 on error.

    +

    X509_LOOKUP_ctrl() returns -1 if the X509_LOOKUP doesn't have an +associated X509_LOOKUP_METHOD, or 1 if the +doesn't have a control function. +Otherwise, it returns what the control function in the +X509_LOOKUP_METHOD returns, which is usually 1 on success and 0 in +error.

    +

    X509_LOOKUP_get_store() returns a X509_STORE pointer if there is +one, otherwise NULL.

    +

    X509_LOOKUP_by_subject(), X509_LOOKUP_by_issuer_serial(), +X509_LOOKUP_by_fingerprint(), and X509_LOOKUP_by_alias() all return 0 +if there is no X509_LOOKUP_METHOD or that method doesn't implement +the corresponding function. +Otherwise, it returns what the corresponding function in the +X509_LOOKUP_METHOD returns, which is usually 1 on success and 0 in +error.

    +

    +

    +
    +

    SEE ALSO

    +

    X509_LOOKUP_METHOD(3), X509_STORE(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/X509_LOOKUP_hash_dir.html b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_LOOKUP_hash_dir.html new file mode 100755 index 0000000..ae8719d --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_LOOKUP_hash_dir.html @@ -0,0 +1,187 @@ + + + + +X509_LOOKUP_hash_dir + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_LOOKUP_hash_dir, X509_LOOKUP_file, X509_LOOKUP_store, +X509_load_cert_file, +X509_load_crl_file, +X509_load_cert_crl_file - Default OpenSSL certificate +lookup methods

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509_vfy.h>
    +
    + X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
+ X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
+ X509_LOOKUP_METHOD *X509_LOOKUP_store(void);
    +
    + int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type);
+ int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type);
+ int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type);
    +

    +

    +
    +

    DESCRIPTION

    +

    X509_LOOKUP_hash_dir and X509_LOOKUP_file are two certificate +lookup methods to use with X509_STORE, provided by OpenSSL library.

    +

    Users of the library typically do not need to create instances of these +methods manually, they would be created automatically by +X509_STORE_load_locations(3) or +SSL_CTX_load_verify_locations(3) +functions.

    +

    Internally loading of certificates and CRLs is implemented via functions +X509_load_cert_crl_file, X509_load_cert_file and +X509_load_crl_file. These functions support parameter type, which +can be one of constants FILETYPE_PEM, FILETYPE_ASN1 and +FILETYPE_DEFAULT. They load certificates and/or CRLs from specified +file into memory cache of X509_STORE objects which given ctx +parameter is associated with.

    +

    Functions X509_load_cert_file and +X509_load_crl_file can load both PEM and DER formats depending of +type value. Because DER format cannot contain more than one certificate +or CRL object (while PEM can contain several concatenated PEM objects) +X509_load_cert_crl_file with FILETYPE_ASN1 is equivalent to +X509_load_cert_file.

    +

    Constant FILETYPE_DEFAULT with NULL filename causes these functions +to load default certificate store file (see +X509_STORE_set_default_paths(3).

    +

    Functions return number of objects loaded from file or 0 in case of +error.

    +

    Both methods support adding several certificate locations into one +X509_STORE.

    +

    This page documents certificate store formats used by these methods and +caching policy.

    +

    +

    +

    File Method

    +

    The X509_LOOKUP_file method loads all the certificates or CRLs +present in a file into memory at the time the file is added as a +lookup source.

    +

    File format is ASCII text which contains concatenated PEM certificates +and CRLs.

    +

    This method should be used by applications which work with a small +set of CAs.

    +

    +

    +

    Hashed Directory Method

    +

    X509_LOOKUP_hash_dir is a more advanced method, which loads +certificates and CRLs on demand, and caches them in memory once +they are loaded. As of OpenSSL 1.0.0, it also checks for newer CRLs +upon each lookup, so that newer CRLs are as soon as they appear in +the directory.

    +

    The directory should contain one certificate or CRL per file in PEM format, +with a filename of the form hash.N for a certificate, or +hash.rN for a CRL. +The hash is the value returned by the X509_NAME_hash(3) function applied +to the subject name for certificates or issuer name for CRLs. +The hash can also be obtained via the -hash option of the +openssl-x509(1) or openssl-crl(1) commands.

    +

    The .N or .rN suffix is a sequence number that starts at zero, and is +incremented consecutively for each certificate or CRL with the same hash +value. +Gaps in the sequence numbers are not supported, it is assumed that there are no +more objects with the same hash beyond the first missing number in the +sequence.

    +

    Sequence numbers make it possible for the directory to contain multiple +certificates with same subject name hash value. +For example, it is possible to have in the store several certificates with same +subject or several CRLs with same issuer (and, for example, different validity +period).

    +

    When checking for new CRLs once one CRL for given hash value is +loaded, hash_dir lookup method checks only for certificates with +sequence number greater than that of the already cached CRL.

    +

    Note that the hash algorithm used for subject name hashing changed in OpenSSL +1.0.0, and all certificate stores have to be rehashed when moving from OpenSSL +0.9.8 to 1.0.0.

    +

    OpenSSL includes a openssl-rehash(1) utility which creates symlinks with +hashed names for all files with .pem suffix in a given directory.

    +

    +

    +

    OSSL_STORE Method

    +

    X509_LOOKUP_store is a method that allows access to any store of +certificates and CRLs through any loader supported by +ossl_store(7). +It works with the help of URIs, which can be direct references to +certificates or CRLs, but can also be references to catalogues of such +objects (that behave like directories).

    +

    This method overlaps the File Method and Hashed Directory Method +because of the 'file:' scheme loader. +It does no caching of its own, but can use a caching ossl_store(7) +loader, and therefore depends on the loader's capability.

    +

    +

    +
    +

    RETURN VALUES

    +

    X509_LOOKUP_hash_dir(), X509_LOOKUP_file() and X509_LOOKUP_store() +always return a valid X509_LOOKUP_METHOD structure.

    +

    X509_load_cert_file(), X509_load_crl_file() and X509_load_cert_crl_file() return +the number of loaded objects or 0 on error.

    +

    +

    +
    +

    SEE ALSO

    +

    PEM_read_PrivateKey(3), +X509_STORE_load_locations(3), +X509_store_add_lookup(3), +SSL_CTX_load_verify_locations(3), +X509_LOOKUP_meth_new(3), +ossl_store(7)

    +

    +

    +
    +

    HISTORY

    +

    X509_LOOKUP_store was added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/X509_LOOKUP_meth_new.html b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_LOOKUP_meth_new.html new file mode 100755 index 0000000..f7ba051 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_LOOKUP_meth_new.html @@ -0,0 +1,221 @@ + + + + +X509_LOOKUP_meth_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_LOOKUP_METHOD, +X509_LOOKUP_meth_new, X509_LOOKUP_meth_free, X509_LOOKUP_meth_set_new_item, +X509_LOOKUP_meth_get_new_item, X509_LOOKUP_meth_set_free, +X509_LOOKUP_meth_get_free, X509_LOOKUP_meth_set_init, +X509_LOOKUP_meth_get_init, X509_LOOKUP_meth_set_shutdown, +X509_LOOKUP_meth_get_shutdown, +X509_LOOKUP_ctrl_fn, X509_LOOKUP_meth_set_ctrl, X509_LOOKUP_meth_get_ctrl, +X509_LOOKUP_get_by_subject_fn, X509_LOOKUP_meth_set_get_by_subject, +X509_LOOKUP_meth_get_get_by_subject, +X509_LOOKUP_get_by_issuer_serial_fn, X509_LOOKUP_meth_set_get_by_issuer_serial, +X509_LOOKUP_meth_get_get_by_issuer_serial, +X509_LOOKUP_get_by_fingerprint_fn, X509_LOOKUP_meth_set_get_by_fingerprint, +X509_LOOKUP_meth_get_get_by_fingerprint, +X509_LOOKUP_get_by_alias_fn, X509_LOOKUP_meth_set_get_by_alias, +X509_LOOKUP_meth_get_get_by_alias, +X509_OBJECT_set1_X509, X509_OBJECT_set1_X509_CRL +- Routines to build up X509_LOOKUP methods

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509_vfy.h>
    +
    + typedef x509_lookup_method_st X509_LOOKUP_METHOD;
    +
    + X509_LOOKUP_METHOD *X509_LOOKUP_meth_new(const char *name);
+ void X509_LOOKUP_meth_free(X509_LOOKUP_METHOD *method);
    +
    + int X509_LOOKUP_meth_set_new_item(X509_LOOKUP_METHOD *method,
+                                   int (*new_item) (X509_LOOKUP *ctx));
+ int (*X509_LOOKUP_meth_get_new_item(const X509_LOOKUP_METHOD* method))
+     (X509_LOOKUP *ctx);
    +
    + int X509_LOOKUP_meth_set_free(X509_LOOKUP_METHOD *method,
+                               void (*free) (X509_LOOKUP *ctx));
+ void (*X509_LOOKUP_meth_get_free(const X509_LOOKUP_METHOD* method))
+     (X509_LOOKUP *ctx);
    +
    + int X509_LOOKUP_meth_set_init(X509_LOOKUP_METHOD *method,
+                               int (*init) (X509_LOOKUP *ctx));
+ int (*X509_LOOKUP_meth_get_init(const X509_LOOKUP_METHOD* method))
+     (X509_LOOKUP *ctx);
    +
    + int X509_LOOKUP_meth_set_shutdown(X509_LOOKUP_METHOD *method,
+                                   int (*shutdown) (X509_LOOKUP *ctx));
+ int (*X509_LOOKUP_meth_get_shutdown(const X509_LOOKUP_METHOD* method))
+     (X509_LOOKUP *ctx);
    +
    + typedef int (*X509_LOOKUP_ctrl_fn)(X509_LOOKUP *ctx, int cmd, const char *argc,
+                                    long argl, char **ret);
+ int X509_LOOKUP_meth_set_ctrl(X509_LOOKUP_METHOD *method,
+     X509_LOOKUP_ctrl_fn ctrl_fn);
+ X509_LOOKUP_ctrl_fn X509_LOOKUP_meth_get_ctrl(const X509_LOOKUP_METHOD *method);
    +
    + typedef int (*X509_LOOKUP_get_by_subject_fn)(X509_LOOKUP *ctx,
+                                              X509_LOOKUP_TYPE type,
+                                              X509_NAME *name,
+                                              X509_OBJECT *ret);
+ int X509_LOOKUP_meth_set_get_by_subject(X509_LOOKUP_METHOD *method,
+     X509_LOOKUP_get_by_subject_fn fn);
+ X509_LOOKUP_get_by_subject_fn X509_LOOKUP_meth_get_get_by_subject(
+     const X509_LOOKUP_METHOD *method);
    +
    + typedef int (*X509_LOOKUP_get_by_issuer_serial_fn)(X509_LOOKUP *ctx,
+                                                    X509_LOOKUP_TYPE type,
+                                                    X509_NAME *name,
+                                                    ASN1_INTEGER *serial,
+                                                    X509_OBJECT *ret);
+ int X509_LOOKUP_meth_set_get_by_issuer_serial(
+     X509_LOOKUP_METHOD *method, X509_LOOKUP_get_by_issuer_serial_fn fn);
+ X509_LOOKUP_get_by_issuer_serial_fn X509_LOOKUP_meth_get_get_by_issuer_serial(
+     const X509_LOOKUP_METHOD *method);
    +
    + typedef int (*X509_LOOKUP_get_by_fingerprint_fn)(X509_LOOKUP *ctx,
+                                                  X509_LOOKUP_TYPE type,
+                                                  const unsigned char* bytes,
+                                                  int len,
+                                                  X509_OBJECT *ret);
+ int X509_LOOKUP_meth_set_get_by_fingerprint(X509_LOOKUP_METHOD *method,
+     X509_LOOKUP_get_by_fingerprint_fn fn);
+ X509_LOOKUP_get_by_fingerprint_fn X509_LOOKUP_meth_get_get_by_fingerprint(
+     const X509_LOOKUP_METHOD *method);
    +
    + typedef int (*X509_LOOKUP_get_by_alias_fn)(X509_LOOKUP *ctx,
+                                            X509_LOOKUP_TYPE type,
+                                            const char *str,
+                                            int len,
+                                            X509_OBJECT *ret);
+ int X509_LOOKUP_meth_set_get_by_alias(X509_LOOKUP_METHOD *method,
+     X509_LOOKUP_get_by_alias_fn fn);
+ X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias(
+     const X509_LOOKUP_METHOD *method);
    +
    + int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj);
+ int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj);
    +

    +

    +
    +

    DESCRIPTION

    +

    The X509_LOOKUP_METHOD type is a structure used for the implementation of new +X509_LOOKUP types. It provides a set of functions used by OpenSSL for the +implementation of various X509 and X509_CRL lookup capabilities. One instance +of an X509_LOOKUP_METHOD can be associated to many instantiations of an +X509_LOOKUP structure.

    +

    X509_LOOKUP_meth_new() creates a new X509_LOOKUP_METHOD structure. It should +be given a human-readable string containing a brief description of the lookup +method.

    +

    X509_LOOKUP_meth_free() destroys a X509_LOOKUP_METHOD structure.

    +

    X509_LOOKUP_get_new_item() and X509_LOOKUP_set_new_item() get and set the +function that is called when an X509_LOOKUP object is created with +X509_LOOKUP_new(). If an X509_LOOKUP_METHOD requires any per-X509_LOOKUP +specific data, the supplied new_item function should allocate this data and +invoke X509_LOOKUP_set_method_data(3).

    +

    X509_LOOKUP_get_free() and X509_LOOKUP_set_free() get and set the function +that is used to free any method data that was allocated and set from within +new_item function.

    +

    X509_LOOKUP_meth_get_init() and X509_LOOKUP_meth_set_init() get and set the +function that is used to initialize the method data that was set with +X509_LOOKUP_set_method_data(3) as part of the new_item routine.

    +

    X509_LOOKUP_meth_get_shutdown() and X509_LOOKUP_meth_set_shutdown() get and set +the function that is used to shut down the method data whose state was +previously initialized in the init function.

    +

    X509_LOOKUP_meth_get_ctrl() and X509_LOOKUP_meth_set_ctrl() get and set a +function to be used to handle arbitrary control commands issued by +X509_LOOKUP_ctrl(). The control function is given the X509_LOOKUP +ctx, along with the arguments passed by X509_LOOKUP_ctrl. cmd is +an arbitrary integer that defines some operation. argc is a pointer +to an array of characters. argl is an integer. ret, if set, +points to a location where any return data should be written to. How +argc and argl are used depends entirely on the control function.

    +

    X509_LOOKUP_set_get_by_subject(), X509_LOOKUP_set_get_by_issuer_serial(), +X509_LOOKUP_set_get_by_fingerprint(), X509_LOOKUP_set_get_by_alias() set +the functions used to retrieve an X509 or X509_CRL object by the object's +subject, issuer, fingerprint, and alias respectively. These functions are given +the X509_LOOKUP context, the type of the X509_OBJECT being requested, parameters +related to the lookup, and an X509_OBJECT that will receive the requested +object.

    +

    Implementations must add objects they find to the X509_STORE object +using X509_STORE_add_cert() or X509_STORE_add_crl(). This increments +its reference count. However, the X509_STORE_CTX_get_by_subject() +function also increases the reference count which leads to one too +many references being held. Therefore applications should +additionally call X509_free() or X509_CRL_free() to decrement the +reference count again.

    +

    Implementations should also use either X509_OBJECT_set1_X509() or +X509_OBJECT_set1_X509_CRL() to set the result. Note that this also +increments the result's reference count.

    +

    Any method data that was created as a result of the new_item function +set by X509_LOOKUP_meth_set_new_item() can be accessed with +X509_LOOKUP_get_method_data(3). The X509_STORE object that owns the +X509_LOOKUP may be accessed with X509_LOOKUP_get_store(3). Successful +lookups should return 1, and unsuccessful lookups should return 0.

    +

    X509_LOOKUP_get_get_by_subject(), X509_LOOKUP_get_get_by_issuer_serial(), +X509_LOOKUP_get_get_by_fingerprint(), X509_LOOKUP_get_get_by_alias() retrieve +the function set by the corresponding setter.

    +

    +

    +
    +

    RETURN VALUES

    +

    The X509_LOOKUP_meth_set functions return 1 on success or 0 on error.

    +

    The X509_LOOKUP_meth_get functions return the corresponding function +pointers.

    +

    +

    +
    +

    SEE ALSO

    +

    X509_STORE_new(3), SSL_CTX_set_cert_store(3)

    +

    +

    +
    +

    HISTORY

    +

    The functions described here were added in OpenSSL 1.1.0i.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/X509_NAME_ENTRY_get_object.html b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_NAME_ENTRY_get_object.html new file mode 100755 index 0000000..3b12034 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_NAME_ENTRY_get_object.html @@ -0,0 +1,126 @@ + + + + +X509_NAME_ENTRY_get_object + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_NAME_ENTRY_get_object, X509_NAME_ENTRY_get_data, +X509_NAME_ENTRY_set_object, X509_NAME_ENTRY_set_data, +X509_NAME_ENTRY_create_by_txt, X509_NAME_ENTRY_create_by_NID, +X509_NAME_ENTRY_create_by_OBJ - X509_NAME_ENTRY utility functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509.h>
    +
    + ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne);
+ ASN1_STRING *X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne);
    +
    + int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, const ASN1_OBJECT *obj);
+ int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
+                              const unsigned char *bytes, int len);
    +
    + X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, const char *field,
+                                                int type, const unsigned char *bytes,
+                                                int len);
+ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
+                                                int type, const unsigned char *bytes,
+                                                int len);
+ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
+                                                const ASN1_OBJECT *obj, int type,
+                                                const unsigned char *bytes, int len);
    +

    +

    +
    +

    DESCRIPTION

    +

    X509_NAME_ENTRY_get_object() retrieves the field name of ne in +and ASN1_OBJECT structure.

    +

    X509_NAME_ENTRY_get_data() retrieves the field value of ne in +and ASN1_STRING structure.

    +

    X509_NAME_ENTRY_set_object() sets the field name of ne to obj.

    +

    X509_NAME_ENTRY_set_data() sets the field value of ne to string type +type and value determined by bytes and len.

    +

    X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_NID() +and X509_NAME_ENTRY_create_by_OBJ() create and return an +X509_NAME_ENTRY structure.

    +

    +

    +
    +

    NOTES

    +

    X509_NAME_ENTRY_get_object() and X509_NAME_ENTRY_get_data() can be +used to examine an X509_NAME_ENTRY function as returned by +X509_NAME_get_entry() for example.

    +

    X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_OBJ(), +X509_NAME_ENTRY_create_by_NID() and X509_NAME_ENTRY_set_data() +are seldom used in practice because X509_NAME_ENTRY structures +are almost always part of X509_NAME structures and the +corresponding X509_NAME functions are typically used to +create and add new entries in a single operation.

    +

    The arguments of these functions support similar options to the similarly +named ones of the corresponding X509_NAME functions such as +X509_NAME_add_entry_by_txt(). So for example type can be set to +MBSTRING_ASC but in the case of X509_set_data() the field name must be +set first so the relevant field information can be looked up internally.

    +

    +

    +
    +

    RETURN VALUES

    +

    X509_NAME_ENTRY_get_object() returns a valid ASN1_OBJECT structure if it is +set or NULL if an error occurred.

    +

    X509_NAME_ENTRY_get_data() returns a valid ASN1_STRING structure if it is set +or NULL if an error occurred.

    +

    X509_NAME_ENTRY_set_object() and X509_NAME_ENTRY_set_data() return 1 on success +or 0 on error.

    +

    X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_NID() and +X509_NAME_ENTRY_create_by_OBJ() return a valid X509_NAME_ENTRY on success or +NULL if an error occurred.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), d2i_X509_NAME(3), +OBJ_nid2obj(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/X509_NAME_add_entry_by_txt.html b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_NAME_add_entry_by_txt.html new file mode 100755 index 0000000..21475e1 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_NAME_add_entry_by_txt.html @@ -0,0 +1,159 @@ + + + + +X509_NAME_add_entry_by_txt + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_NAME_add_entry_by_txt, X509_NAME_add_entry_by_OBJ, X509_NAME_add_entry_by_NID, +X509_NAME_add_entry, X509_NAME_delete_entry - X509_NAME modification functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509.h>
    +
    + int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type,
+                                const unsigned char *bytes, int len, int loc, int set);
    +
    + int X509_NAME_add_entry_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int type,
+                                const unsigned char *bytes, int len, int loc, int set);
    +
    + int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type,
+                                const unsigned char *bytes, int len, int loc, int set);
    +
    + int X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *ne, int loc, int set);
    +
    + X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);
    +

    +

    +
    +

    DESCRIPTION

    +

    X509_NAME_add_entry_by_txt(), X509_NAME_add_entry_by_OBJ() and +X509_NAME_add_entry_by_NID() add a field whose name is defined +by a string field, an object obj or a NID nid respectively. +The field value to be added is in bytes of length len. If +len is -1 then the field length is calculated internally using +strlen(bytes).

    +

    The type of field is determined by type which can either be a +definition of the type of bytes (such as MBSTRING_ASC) or a +standard ASN1 type (such as V_ASN1_IA5STRING). The new entry is +added to a position determined by loc and set.

    +

    X509_NAME_add_entry() adds a copy of X509_NAME_ENTRY structure ne +to name. The new entry is added to a position determined by loc +and set. Since a copy of ne is added ne must be freed up after +the call.

    +

    X509_NAME_delete_entry() deletes an entry from name at position +loc. The deleted entry is returned and must be freed up.

    +

    +

    +
    +

    NOTES

    +

    The use of string types such as MBSTRING_ASC or MBSTRING_UTF8 +is strongly recommended for the type parameter. This allows the +internal code to correctly determine the type of the field and to +apply length checks according to the relevant standards. This is +done using ASN1_STRING_set_by_NID().

    +

    If instead an ASN1 type is used no checks are performed and the +supplied data in bytes is used directly.

    +

    In X509_NAME_add_entry_by_txt() the field string represents +the field name using OBJ_txt2obj(field, 0).

    +

    The loc and set parameters determine where a new entry should +be added. For almost all applications loc can be set to -1 and set +to 0. This adds a new entry to the end of name as a single valued +RelativeDistinguishedName (RDN).

    +

    loc actually determines the index where the new entry is inserted: +if it is -1 it is appended.

    +

    set determines how the new type is added. If it is zero a +new RDN is created.

    +

    If set is -1 or 1 it is added to the previous or next RDN +structure respectively. This will then be a multivalued RDN: +since multivalues RDNs are very seldom used set is almost +always set to zero.

    +

    +

    +
    +

    RETURN VALUES

    +

    X509_NAME_add_entry_by_txt(), X509_NAME_add_entry_by_OBJ(), +X509_NAME_add_entry_by_NID() and X509_NAME_add_entry() return 1 for +success of 0 if an error occurred.

    +

    X509_NAME_delete_entry() returns either the deleted X509_NAME_ENTRY +structure of NULL if an error occurred.

    +

    +

    +
    +

    EXAMPLES

    +

    Create an X509_NAME structure:

    +

    "C=UK, O=Disorganized Organization, CN=Joe Bloggs"

    +
    + X509_NAME *nm;
    +
    + nm = X509_NAME_new();
+ if (nm == NULL)
+     /* Some error */
+ if (!X509_NAME_add_entry_by_txt(nm, "C", MBSTRING_ASC,
+                                 "UK", -1, -1, 0))
+     /* Error */
+ if (!X509_NAME_add_entry_by_txt(nm, "O", MBSTRING_ASC,
+                                 "Disorganized Organization", -1, -1, 0))
+     /* Error */
+ if (!X509_NAME_add_entry_by_txt(nm, "CN", MBSTRING_ASC,
+                                 "Joe Bloggs", -1, -1, 0))
+     /* Error */
    +

    +

    +
    +

    BUGS

    +

    type can still be set to V_ASN1_APP_CHOOSE to use a +different algorithm to determine field types. Since this form does +not understand multicharacter types, performs no length checks and +can result in invalid field types its use is strongly discouraged.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), d2i_X509_NAME(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/X509_NAME_get0_der.html b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_NAME_get0_der.html new file mode 100755 index 0000000..786459b --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_NAME_get0_der.html @@ -0,0 +1,76 @@ + + + + +X509_NAME_get0_der + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_NAME_get0_der - get X509_NAME DER encoding

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509.h>
    +
    + int X509_NAME_get0_der(X509_NAME *nm, const unsigned char **pder,
+                        size_t *pderlen)
    +

    +

    +
    +

    DESCRIPTION

    +

    The function X509_NAME_get0_der() returns an internal pointer to the +encoding of an X509_NAME structure in *pder and consisting of +*pderlen bytes. It is useful for applications that wish to examine +the encoding of an X509_NAME structure without copying it.

    +

    +

    +
    +

    RETURN VALUES

    +

    The function X509_NAME_get0_der() returns 1 for success and 0 if an error +occurred.

    +

    +

    +
    +

    SEE ALSO

    +

    d2i_X509(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/X509_NAME_get_index_by_NID.html b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_NAME_get_index_by_NID.html new file mode 100755 index 0000000..45373f3 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_NAME_get_index_by_NID.html @@ -0,0 +1,153 @@ + + + + +X509_NAME_get_index_by_NID + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_NAME_get_index_by_NID, X509_NAME_get_index_by_OBJ, X509_NAME_get_entry, +X509_NAME_entry_count, X509_NAME_get_text_by_NID, X509_NAME_get_text_by_OBJ - +X509_NAME lookup and enumeration functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509.h>
    +
    + int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos);
+ int X509_NAME_get_index_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int lastpos);
    +
    + int X509_NAME_entry_count(const X509_NAME *name);
+ X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc);
    +
    + int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len);
+ int X509_NAME_get_text_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, char *buf, int len);
    +

    +

    +
    +

    DESCRIPTION

    +

    These functions allow an X509_NAME structure to be examined. The +X509_NAME structure is the same as the Name type defined in +RFC2459 (and elsewhere) and used for example in certificate subject +and issuer names.

    +

    X509_NAME_get_index_by_NID() and X509_NAME_get_index_by_OBJ() retrieve +the next index matching nid or obj after lastpos. lastpos +should initially be set to -1. If there are no more entries -1 is returned. +If nid is invalid (doesn't correspond to a valid OID) then -2 is returned.

    +

    X509_NAME_entry_count() returns the total number of entries in name.

    +

    X509_NAME_get_entry() retrieves the X509_NAME_ENTRY from name +corresponding to index loc. Acceptable values for loc run from +0 to (X509_NAME_entry_count(name) - 1). The value returned is an +internal pointer which must not be freed.

    +

    X509_NAME_get_text_by_NID(), X509_NAME_get_text_by_OBJ() retrieve +the "text" from the first entry in name which matches nid or +obj, if no such entry exists -1 is returned. At most len bytes +will be written and the text written to buf will be null +terminated. The length of the output string written is returned +excluding the terminating null. If buf is <NULL> then the amount +of space needed in buf (excluding the final null) is returned.

    +

    +

    +
    +

    NOTES

    +

    X509_NAME_get_text_by_NID() and X509_NAME_get_text_by_OBJ() should be +considered deprecated because they +have various limitations which make them +of minimal use in practice. They can only find the first matching +entry and will copy the contents of the field verbatim: this can +be highly confusing if the target is a multicharacter string type +like a BMPString or a UTF8String.

    +

    For a more general solution X509_NAME_get_index_by_NID() or +X509_NAME_get_index_by_OBJ() should be used followed by +X509_NAME_get_entry() on any matching indices and then the +various X509_NAME_ENTRY utility functions on the result.

    +

    The list of all relevant NID_* and OBJ_* codes can be found in +the source code header files <openssl/obj_mac.h> and/or +<openssl/objects.h>.

    +

    Applications which could pass invalid NIDs to X509_NAME_get_index_by_NID() +should check for the return value of -2. Alternatively the NID validity +can be determined first by checking OBJ_nid2obj(nid) is not NULL.

    +

    +

    +
    +

    RETURN VALUES

    +

    X509_NAME_get_index_by_NID() and X509_NAME_get_index_by_OBJ() +return the index of the next matching entry or -1 if not found. +X509_NAME_get_index_by_NID() can also return -2 if the supplied +NID is invalid.

    +

    X509_NAME_entry_count() returns the total number of entries.

    +

    X509_NAME_get_entry() returns an X509_NAME pointer to the +requested entry or NULL if the index is invalid.

    +

    +

    +
    +

    EXAMPLES

    +

    Process all entries:

    +
    + int i;
+ X509_NAME_ENTRY *e;
    +
    + for (i = 0; i < X509_NAME_entry_count(nm); i++) {
+     e = X509_NAME_get_entry(nm, i);
+     /* Do something with e */
+ }
    +

    Process all commonName entries:

    +
    + int lastpos = -1;
+ X509_NAME_ENTRY *e;
    +
    + for (;;) {
+     lastpos = X509_NAME_get_index_by_NID(nm, NID_commonName, lastpos);
+     if (lastpos == -1)
+         break;
+     e = X509_NAME_get_entry(nm, lastpos);
+     /* Do something with e */
+ }
    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), d2i_X509_NAME(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/X509_NAME_print_ex.html b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_NAME_print_ex.html new file mode 100755 index 0000000..458ccd0 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_NAME_print_ex.html @@ -0,0 +1,140 @@ + + + + +X509_NAME_print_ex + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_NAME_print_ex, X509_NAME_print_ex_fp, X509_NAME_print, +X509_NAME_oneline - X509_NAME printing routines

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509.h>
    +
    + int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent, unsigned long flags);
+ int X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, int indent, unsigned long flags);
+ char *X509_NAME_oneline(const X509_NAME *a, char *buf, int size);
+ int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase);
    +

    +

    +
    +

    DESCRIPTION

    +

    X509_NAME_print_ex() prints a human readable version of nm to BIO out. Each +line (for multiline formats) is indented by indent spaces. The output format +can be extensively customised by use of the flags parameter.

    +

    X509_NAME_print_ex_fp() is identical to X509_NAME_print_ex() except the output is +written to FILE pointer fp.

    +

    X509_NAME_oneline() prints an ASCII version of a to buf. +If buf is NULL then a buffer is dynamically allocated and returned, and +size is ignored. +Otherwise, at most size bytes will be written, including the ending '\0', +and buf is returned.

    +

    X509_NAME_print() prints out name to bp indenting each line by obase +characters. Multiple lines are used if the output (including indent) exceeds +80 characters.

    +

    +

    +
    +

    NOTES

    +

    The functions X509_NAME_oneline() and X509_NAME_print() +produce a non standard output form, they don't handle multi character fields and +have various quirks and inconsistencies. +Their use is strongly discouraged in new applications and they could +be deprecated in a future release.

    +

    Although there are a large number of possible flags for most purposes +XN_FLAG_ONELINE, XN_FLAG_MULTILINE or XN_FLAG_RFC2253 will suffice. +As noted on the ASN1_STRING_print_ex(3) manual page +for UTF8 terminals the ASN1_STRFLGS_ESC_MSB should be unset: so for example +XN_FLAG_ONELINE & ~ASN1_STRFLGS_ESC_MSB would be used.

    +

    The complete set of the flags supported by X509_NAME_print_ex() is listed below.

    +

    Several options can be ored together.

    +

    The options XN_FLAG_SEP_COMMA_PLUS, XN_FLAG_SEP_CPLUS_SPC, +XN_FLAG_SEP_SPLUS_SPC and XN_FLAG_SEP_MULTILINE determine the field separators +to use. Two distinct separators are used between distinct RelativeDistinguishedName +components and separate values in the same RDN for a multi-valued RDN. Multi-valued +RDNs are currently very rare so the second separator will hardly ever be used.

    +

    XN_FLAG_SEP_COMMA_PLUS uses comma and plus as separators. XN_FLAG_SEP_CPLUS_SPC +uses comma and plus with spaces: this is more readable that plain comma and plus. +XN_FLAG_SEP_SPLUS_SPC uses spaced semicolon and plus. XN_FLAG_SEP_MULTILINE uses +spaced newline and plus respectively.

    +

    If XN_FLAG_DN_REV is set the whole DN is printed in reversed order.

    +

    The fields XN_FLAG_FN_SN, XN_FLAG_FN_LN, XN_FLAG_FN_OID, +XN_FLAG_FN_NONE determine how a field name is displayed. It will +use the short name (e.g. CN) the long name (e.g. commonName) always +use OID numerical form (normally OIDs are only used if the field name is not +recognised) and no field name respectively.

    +

    If XN_FLAG_SPC_EQ is set then spaces will be placed around the '=' character +separating field names and values.

    +

    If XN_FLAG_DUMP_UNKNOWN_FIELDS is set then the encoding of unknown fields is +printed instead of the values.

    +

    If XN_FLAG_FN_ALIGN is set then field names are padded to 20 characters: this +is only of use for multiline format.

    +

    Additionally all the options supported by ASN1_STRING_print_ex() can be used to +control how each field value is displayed.

    +

    In addition a number options can be set for commonly used formats.

    +

    XN_FLAG_RFC2253 sets options which produce an output compatible with RFC2253 it +is equivalent to: + ASN1_STRFLGS_RFC2253 | XN_FLAG_SEP_COMMA_PLUS | XN_FLAG_DN_REV | XN_FLAG_FN_SN | XN_FLAG_DUMP_UNKNOWN_FIELDS

    +

    XN_FLAG_ONELINE is a more readable one line format which is the same as: + ASN1_STRFLGS_RFC2253 | ASN1_STRFLGS_ESC_QUOTE | XN_FLAG_SEP_CPLUS_SPC | XN_FLAG_SPC_EQ | XN_FLAG_FN_SN

    +

    XN_FLAG_MULTILINE is a multiline format which is the same as: + ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB | XN_FLAG_SEP_MULTILINE | XN_FLAG_SPC_EQ | XN_FLAG_FN_LN | XN_FLAG_FN_ALIGN

    +

    XN_FLAG_COMPAT uses a format identical to X509_NAME_print(): in fact it calls X509_NAME_print() internally.

    +

    +

    +
    +

    RETURN VALUES

    +

    X509_NAME_oneline() returns a valid string on success or NULL on error.

    +

    X509_NAME_print() returns 1 on success or 0 on error.

    +

    X509_NAME_print_ex() and X509_NAME_print_ex_fp() return 1 on success or 0 on error +if the XN_FLAG_COMPAT is set, which is the same as X509_NAME_print(). Otherwise, +it returns -1 on error or other values on success.

    +

    +

    +
    +

    SEE ALSO

    +

    ASN1_STRING_print_ex(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/X509_PUBKEY_new.html b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_PUBKEY_new.html new file mode 100755 index 0000000..4a637eb --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_PUBKEY_new.html @@ -0,0 +1,147 @@ + + + + +X509_PUBKEY_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_PUBKEY_new, X509_PUBKEY_free, X509_PUBKEY_dup, +X509_PUBKEY_set, X509_PUBKEY_get0, X509_PUBKEY_get, +d2i_PUBKEY, i2d_PUBKEY, d2i_PUBKEY_bio, d2i_PUBKEY_fp, +i2d_PUBKEY_fp, i2d_PUBKEY_bio, X509_PUBKEY_set0_param, +X509_PUBKEY_get0_param - SubjectPublicKeyInfo public key functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509.h>
    +
    + X509_PUBKEY *X509_PUBKEY_new(void);
+ void X509_PUBKEY_free(X509_PUBKEY *a);
+ X509_PUBKEY *X509_PUBKEY_dup(const X509_PUBKEY *a);
    +
    + int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey);
+ EVP_PKEY *X509_PUBKEY_get0(X509_PUBKEY *key);
+ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key);
    +
    + EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length);
+ int i2d_PUBKEY(const EVP_PKEY *a, unsigned char **pp);
    +
    + EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
+ EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
    +
    + int i2d_PUBKEY_fp(const FILE *fp, EVP_PKEY *pkey);
+ int i2d_PUBKEY_bio(BIO *bp, const EVP_PKEY *pkey);
    +
    + int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
+                            int ptype, void *pval,
+                            unsigned char *penc, int penclen);
+ int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg,
+                            const unsigned char **pk, int *ppklen,
+                            X509_ALGOR **pa, X509_PUBKEY *pub);
    +

    +

    +
    +

    DESCRIPTION

    +

    The X509_PUBKEY structure represents the ASN.1 SubjectPublicKeyInfo +structure defined in RFC5280 and used in certificates and certificate requests.

    +

    X509_PUBKEY_new() allocates and initializes an X509_PUBKEY structure.

    +

    X509_PUBKEY_free() frees up X509_PUBKEY structure a. If a is NULL +nothing is done.

    +

    X509_PUBKEY_set() sets the public key in *x to the public key contained +in the EVP_PKEY structure pkey. If *x is not NULL any existing +public key structure will be freed.

    +

    X509_PUBKEY_get0() returns the public key contained in key. The returned +value is an internal pointer which MUST NOT be freed after use.

    +

    X509_PUBKEY_get() is similar to X509_PUBKEY_get0() except the reference +count on the returned key is incremented so it MUST be freed using +EVP_PKEY_free() after use.

    +

    d2i_PUBKEY() and i2d_PUBKEY() decode and encode an EVP_PKEY structure +using SubjectPublicKeyInfo format. They otherwise follow the conventions of +other ASN.1 functions such as d2i_X509().

    +

    d2i_PUBKEY_bio(), d2i_PUBKEY_fp(), i2d_PUBKEY_bio() and i2d_PUBKEY_fp() are +similar to d2i_PUBKEY() and i2d_PUBKEY() except they decode or encode using a +BIO or FILE pointer.

    +

    X509_PUBKEY_set0_param() sets the public key parameters of pub. The +OID associated with the algorithm is set to aobj. The type of the +algorithm parameters is set to type using the structure pval. +The encoding of the public key itself is set to the penclen +bytes contained in buffer penc. On success ownership of all the supplied +parameters is passed to pub so they must not be freed after the +call.

    +

    X509_PUBKEY_get0_param() retrieves the public key parameters from pub, +*ppkalg is set to the associated OID and the encoding consists of +*ppklen bytes at *pk, *pa is set to the associated +AlgorithmIdentifier for the public key. If the value of any of these +parameters is not required it can be set to NULL. All of the +retrieved pointers are internal and must not be freed after the +call.

    +

    +

    +
    +

    NOTES

    +

    The X509_PUBKEY functions can be used to encode and decode public keys +in a standard format.

    +

    In many cases applications will not call the X509_PUBKEY functions +directly: they will instead call wrapper functions such as X509_get0_pubkey().

    +

    +

    +
    +

    RETURN VALUES

    +

    If the allocation fails, X509_PUBKEY_new() returns NULL and sets an error +code that can be obtained by ERR_get_error(3).

    +

    Otherwise it returns a pointer to the newly allocated structure.

    +

    X509_PUBKEY_free() does not return a value.

    +

    X509_PUBKEY_get0() and X509_PUBKEY_get() return a pointer to an EVP_PKEY +structure or NULL if an error occurs.

    +

    X509_PUBKEY_set(), X509_PUBKEY_set0_param() and X509_PUBKEY_get0_param() +return 1 for success and 0 if an error occurred.

    +

    +

    +
    +

    SEE ALSO

    +

    d2i_X509(3), +ERR_get_error(3), +X509_get_pubkey(3),

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/X509_SIG_get0.html b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_SIG_get0.html new file mode 100755 index 0000000..fa48622 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_SIG_get0.html @@ -0,0 +1,77 @@ + + + + +X509_SIG_get0 + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_SIG_get0, X509_SIG_getm - DigestInfo functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509.h>
    +
    + void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg,
+                    const ASN1_OCTET_STRING **pdigest);
+ void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg,
+                    ASN1_OCTET_STRING **pdigest,
    +

    +

    +
    +

    DESCRIPTION

    +

    X509_SIG_get0() returns pointers to the algorithm identifier and digest +value in sig. X509_SIG_getm() is identical to X509_SIG_get0() +except the pointers returned are not constant and can be modified: +for example to initialise them.

    +

    +

    +
    +

    RETURN VALUES

    +

    X509_SIG_get0() and X509_SIG_getm() return no values.

    +

    +

    +
    +

    SEE ALSO

    +

    d2i_X509(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/X509_STORE_CTX_get_error.html b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_STORE_CTX_get_error.html new file mode 100755 index 0000000..bb2183d --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_STORE_CTX_get_error.html @@ -0,0 +1,550 @@ + + + + +X509_STORE_CTX_get_error + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_STORE_CTX_get_error, X509_STORE_CTX_set_error, +X509_STORE_CTX_get_error_depth, X509_STORE_CTX_set_error_depth, +X509_STORE_CTX_get_current_cert, X509_STORE_CTX_set_current_cert, +X509_STORE_CTX_get0_cert, X509_STORE_CTX_get1_chain, +X509_verify_cert_error_string - get or set certificate verification status +information

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509.h>
    +
    + int   X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
+ void  X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s);
+ int   X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
+ void  X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth);
+ X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
+ void  X509_STORE_CTX_set_current_cert(X509_STORE_CTX *ctx, X509 *x);
+ X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx);
    +
    + STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx);
    +
    + const char *X509_verify_cert_error_string(long n);
    +

    +

    +
    +

    DESCRIPTION

    +

    These functions are typically called after X509_verify_cert() has indicated +an error or in a verification callback to determine the nature of an error.

    +

    X509_STORE_CTX_get_error() returns the error code of ctx, see +the ERROR CODES section for a full description of all error codes.

    +

    X509_STORE_CTX_set_error() sets the error code of ctx to s. For example +it might be used in a verification callback to set an error based on additional +checks.

    +

    X509_STORE_CTX_get_error_depth() returns the depth of the error. This is a +non-negative integer representing where in the certificate chain the error +occurred. If it is zero it occurred in the end entity certificate, one if +it is the certificate which signed the end entity certificate and so on.

    +

    X509_STORE_CTX_set_error_depth() sets the error depth. +This can be used in combination with X509_STORE_CTX_set_error() to set the +depth at which an error condition was detected.

    +

    X509_STORE_CTX_get_current_cert() returns the certificate in ctx which +caused the error or NULL if no certificate is relevant.

    +

    X509_STORE_CTX_set_current_cert() sets the certificate x in ctx which +caused the error. +This value is not intended to remain valid for very long, and remains owned by +the caller. +It may be examined by a verification callback invoked to handle each error +encountered during chain verification and is no longer required after such a +callback. +If a callback wishes the save the certificate for use after it returns, it +needs to increment its reference count via X509_up_ref(3). +Once such a saved certificate is no longer needed it can be freed with +X509_free(3).

    +

    X509_STORE_CTX_get0_cert() retrieves an internal pointer to the +certificate being verified by the ctx.

    +

    X509_STORE_CTX_get1_chain() returns a complete validate chain if a previous +call to X509_verify_cert() is successful. If the call to X509_verify_cert() +is not successful the returned chain may be incomplete or invalid. The +returned chain persists after the ctx structure is freed, when it is +no longer needed it should be free up using:

    +
    + sk_X509_pop_free(chain, X509_free);
    +

    X509_verify_cert_error_string() returns a human readable error string for +verification error n.

    +

    +

    +
    +

    RETURN VALUES

    +

    X509_STORE_CTX_get_error() returns X509_V_OK or an error code.

    +

    X509_STORE_CTX_get_error_depth() returns a non-negative error depth.

    +

    X509_STORE_CTX_get_current_cert() returns the certificate which caused the +error or NULL if no certificate is relevant to the error.

    +

    X509_verify_cert_error_string() returns a human readable error string for +verification error n.

    +

    +

    +
    +

    ERROR CODES

    +

    A list of error codes and messages is shown below. Some of the +error codes are defined but currently never returned: these are described as +"unused".

    +
    +
    X509_V_OK: ok
    + +
    +

    The operation was successful.

    +
    +
    X509_V_ERR_UNSPECIFIED: unspecified certificate verification error
    + +
    +

    Unspecified error; should not happen.

    +
    +
    X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certificate
    + +
    +

    The issuer certificate of a locally looked up certificate could not be found. +This normally means the list of trusted certificates is not complete.

    +
    +
    X509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate CRL
    + +
    +

    The CRL of a certificate could not be found.

    +
    +
    X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature
    + +
    +

    The certificate signature could not be decrypted. This means that the actual +signature value could not be determined rather than it not matching the +expected value, this is only meaningful for RSA keys.

    +
    +
    X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt CRL's signature
    + +
    +

    The CRL signature could not be decrypted: this means that the actual signature +value could not be determined rather than it not matching the expected value. +Unused.

    +
    +
    X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: unable to decode issuer public key
    + +
    +

    The public key in the certificate SubjectPublicKeyInfo field could +not be read.

    +
    +
    X509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure
    + +
    +

    The signature of the certificate is invalid.

    +
    +
    X509_V_ERR_CRL_SIGNATURE_FAILURE: CRL signature failure
    + +
    +

    The signature of the certificate is invalid.

    +
    +
    X509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid
    + +
    +

    The certificate is not yet valid: the notBefore date is after the +current time.

    +
    +
    X509_V_ERR_CERT_HAS_EXPIRED: certificate has expired
    + +
    +

    The certificate has expired: that is the notAfter date is before the +current time.

    +
    +
    X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid
    + +
    +

    The CRL is not yet valid.

    +
    +
    X509_V_ERR_CRL_HAS_EXPIRED: CRL has expired
    + +
    +

    The CRL has expired.

    +
    +
    X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field
    + +
    +

    The certificate notBefore field contains an invalid time.

    +
    +
    X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: format error in certificate's notAfter field
    + +
    +

    The certificate notAfter field contains an invalid time.

    +
    +
    X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in CRL's lastUpdate field
    + +
    +

    The CRL lastUpdate field contains an invalid time.

    +
    +
    X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in CRL's nextUpdate field
    + +
    +

    The CRL nextUpdate field contains an invalid time.

    +
    +
    X509_V_ERR_OUT_OF_MEM: out of memory
    + +
    +

    An error occurred trying to allocate memory.

    +
    +
    X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self signed certificate
    + +
    +

    The passed certificate is self-signed and the same certificate cannot be found +in the list of trusted certificates.

    +
    +
    X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain
    + +
    +

    The certificate chain could be built up using the untrusted certificates but +the root could not be found locally.

    +
    +
    X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate
    + +
    +

    The issuer certificate could not be found: this occurs if the issuer certificate +of an untrusted certificate cannot be found.

    +
    +
    X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate
    + +
    +

    No signatures could be verified because the chain contains only one certificate +and it is not self signed.

    +
    +
    X509_V_ERR_CERT_CHAIN_TOO_LONG: certificate chain too long
    + +
    +

    The certificate chain length is greater than the supplied maximum depth. Unused.

    +
    +
    X509_V_ERR_CERT_REVOKED: certificate revoked
    + +
    +

    The certificate has been revoked.

    +
    +
    X509_V_ERR_INVALID_CA: invalid CA certificate
    + +
    +

    A CA certificate is invalid. Either it is not a CA or its extensions are not +consistent with the supplied purpose.

    +
    +
    X509_V_ERR_PATH_LENGTH_EXCEEDED: path length constraint exceeded
    + +
    +

    The basicConstraints path-length parameter has been exceeded.

    +
    +
    X509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose
    + +
    +

    The supplied certificate cannot be used for the specified purpose.

    +
    +
    X509_V_ERR_CERT_UNTRUSTED: certificate not trusted
    + +
    +

    The root CA is not marked as trusted for the specified purpose.

    +
    +
    X509_V_ERR_CERT_REJECTED: certificate rejected
    + +
    +

    The root CA is marked to reject the specified purpose.

    +
    +
    X509_V_ERR_SUBJECT_ISSUER_MISMATCH: subject issuer mismatch
    + +
    +

    The current candidate issuer certificate was rejected because its subject name +did not match the issuer name of the current certificate.

    +
    +
    X509_V_ERR_AKID_SKID_MISMATCH: authority and subject key identifier mismatch
    + +
    +

    The current candidate issuer certificate was rejected because its subject key +identifier was present and did not match the authority key identifier current +certificate. +Not used as of OpenSSL 1.1.0.

    +
    +
    X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: authority and issuer serial number mismatch
    + +
    +

    The current candidate issuer certificate was rejected because its issuer name +and serial number was present and did not match the authority key identifier of +the current certificate. +Not used as of OpenSSL 1.1.0.

    +
    +
    X509_V_ERR_KEYUSAGE_NO_CERTSIGN:key usage does not include certificate signing
    + +
    +

    The current candidate issuer certificate was rejected because its keyUsage +extension does not permit certificate signing. +Not used as of OpenSSL 1.1.0.

    +
    +
    X509_V_ERR_INVALID_EXTENSION: invalid or inconsistent certificate extension
    + +
    +

    A certificate extension had an invalid value (for example an incorrect +encoding) or some value inconsistent with other extensions.

    +
    +
    X509_V_ERR_INVALID_POLICY_EXTENSION: invalid or inconsistent certificate policy extension
    + +
    +

    A certificate policies extension had an invalid value (for example an incorrect +encoding) or some value inconsistent with other extensions. This error only +occurs if policy processing is enabled.

    +
    +
    X509_V_ERR_NO_EXPLICIT_POLICY: no explicit policy
    + +
    +

    The verification flags were set to require and explicit policy but none was +present.

    +
    +
    X509_V_ERR_DIFFERENT_CRL_SCOPE: Different CRL scope
    + +
    +

    The only CRLs that could be found did not match the scope of the certificate.

    +
    +
    X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE: Unsupported extension feature
    + +
    +

    Some feature of a certificate extension is not supported. Unused.

    +
    +
    X509_V_ERR_PERMITTED_VIOLATION: permitted subtree violation
    + +
    +

    A name constraint violation occurred in the permitted subtrees.

    +
    +
    X509_V_ERR_EXCLUDED_VIOLATION: excluded subtree violation
    + +
    +

    A name constraint violation occurred in the excluded subtrees.

    +
    +
    X509_V_ERR_SUBTREE_MINMAX: name constraints minimum and maximum not supported
    + +
    +

    A certificate name constraints extension included a minimum or maximum field: +this is not supported.

    +
    +
    X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: unsupported name constraint type
    + +
    +

    An unsupported name constraint type was encountered. OpenSSL currently only +supports directory name, DNS name, email and URI types.

    +
    +
    X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: unsupported or invalid name constraint syntax
    + +
    +

    The format of the name constraint is not recognised: for example an email +address format of a form not mentioned in RFC3280. This could be caused by +a garbage extension or some new feature not currently supported.

    +
    +
    X509_V_ERR_CRL_PATH_VALIDATION_ERROR: CRL path validation error
    + +
    +

    An error occurred when attempting to verify the CRL path. This error can only +happen if extended CRL checking is enabled.

    +
    +
    X509_V_ERR_APPLICATION_VERIFICATION: application verification failure
    + +
    +

    An application specific error. This will never be returned unless explicitly +set by an application callback.

    +
    +
    X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER: unable to get CRL issuer certificate
    + +
    +

    Unable to get CRL issuer certificate.

    +
    +
    X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION: unhandled critical extension
    + +
    +

    Unhandled critical extension.

    +
    +
    X509_V_ERR_KEYUSAGE_NO_CRL_SIGN: key usage does not include CRL signing
    + +
    +

    Key usage does not include CRL signing.

    +
    +
    X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION: unhandled critical CRL extension
    + +
    +

    Unhandled critical CRL extension.

    +
    +
    X509_V_ERR_INVALID_NON_CA: invalid non-CA certificate (has CA markings)
    + +
    +

    Invalid non-CA certificate has CA markings.

    +
    +
    X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED: proxy path length contraint exceeded
    + +
    +

    Proxy path length constraint exceeded.

    +
    +
    X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE: key usage does not include digital signature
    + +
    +

    Key usage does not include digital signature, and therefore cannot sign +certificates.

    +
    +
    X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED: proxy certificates not allowed, please set the appropriate flag
    + +
    +

    Proxy certificates not allowed unless the -allow_proxy_certs option is used.

    +
    +
    X509_V_ERR_UNNESTED_RESOURCE: RFC 3779 resource not subset of parent's resrouces
    + +
    +

    See RFC 3779 for details.

    +
    +
    X509_V_ERR_UNSUPPORTED_NAME_SYNTAX: unsupported or invalid name syntax
    + +
    +

    Unsupported or invalid name syntax.

    +
    +
    X509_V_ERR_PATH_LOOP: path loop
    + +
    +

    Path loop.

    +
    +
    X509_V_ERR_HOSTNAME_MISMATCH: hostname mismatch
    + +
    +

    Hostname mismatch.

    +
    +
    X509_V_ERR_EMAIL_MISMATCH: email address mismatch
    + +
    +

    Email address mismatch.

    +
    +
    X509_V_ERR_IP_ADDRESS_MISMATCH: IP address mismatch
    + +
    +

    IP address mismatch.

    +
    +
    X509_V_ERR_DANE_NO_MATCH: no matching DANE TLSA records
    + +
    +

    DANE TLSA authentication is enabled, but no TLSA records matched the +certificate chain. +This error is only possible in openssl-s_client(1).

    +
    +
    X509_V_ERR_EE_KEY_TOO_SMALL: EE certificate key too weak
    + +
    +

    EE certificate key too weak.

    +
    +
    X509_ERR_CA_KEY_TOO_SMALL: CA certificate key too weak
    + +
    +

    CA certificate key too weak.

    +
    +
    X509_ERR_CA_MD_TOO_WEAK: CA signature digest algorithm too weak
    + +
    +

    CA signature digest algorithm too weak.

    +
    +
    X509_V_ERR_INVALID_CALL: invalid certificate verification context
    + +
    +

    invalid certificate verification context.

    +
    +
    X509_V_ERR_STORE_LOOKUP: issuer certificate lookup error
    + +
    +

    Issuer certificate lookup error.

    +
    +
    X509_V_ERR_NO_VALID_SCTS: certificate transparency required, but no valid SCTs found
    + +
    +

    Certificate Transparency required, but no valid SCTs found.

    +
    +
    X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION: proxy subject name violation
    + +
    +

    Proxy subject name violation.

    +
    +
    X509_V_ERR_OCSP_VERIFY_NEEDED: OCSP verification needed
    + +
    +

    Returned by the verify callback to indicate an OCSP verification is needed.

    +
    +
    X509_V_ERR_OCSP_VERIFY_FAILED: OCSP verification failed
    + +
    +

    Returned by the verify callback to indicate OCSP verification failed.

    +
    +
    X509_V_ERR_OCSP_CERT_UNKNOWN: OCSP unknown cert
    + +
    +

    Returned by the verify callback to indicate that the certificate is not +recognized by the OCSP responder.

    + +
  • 509_V_ERROR_NO_ISSUER_PUBLI_KEY, issuer certificate doesn't have a public key + +

    The issuer certificate does not have a public key.

    +
    • +
    X509_V_ERROR_SIGNATURE_ALGORITHM_MISMATCH, Subject signature algorithm and issuer public key algoritm mismatch
    + +
    +

    The issuer's public key is not of the type required by the signature in +the subject's certificate.

    +
    +
    +

    +

    +
    +

    NOTES

    +

    The above functions should be used instead of directly referencing the fields +in the X509_VERIFY_CTX structure.

    +

    In versions of OpenSSL before 1.0 the current certificate returned by +X509_STORE_CTX_get_current_cert() was never NULL. Applications should +check the return value before printing out any debugging information relating +to the current certificate.

    +

    If an unrecognised error code is passed to X509_verify_cert_error_string() the +numerical value of the unknown code is returned in a static buffer. This is not +thread safe but will never happen unless an invalid code is passed.

    +

    +

    +
    +

    SEE ALSO

    +

    X509_verify_cert(3), +X509_up_ref(3), +X509_free(3).

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/X509_STORE_CTX_new.html b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_STORE_CTX_new.html new file mode 100755 index 0000000..9cf6ede --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_STORE_CTX_new.html @@ -0,0 +1,195 @@ + + + + +X509_STORE_CTX_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_STORE_CTX_new, X509_STORE_CTX_cleanup, X509_STORE_CTX_free, +X509_STORE_CTX_init, X509_STORE_CTX_set0_trusted_stack, X509_STORE_CTX_set_cert, +X509_STORE_CTX_set0_crls, +X509_STORE_CTX_get0_chain, X509_STORE_CTX_set0_verified_chain, +X509_STORE_CTX_get0_param, X509_STORE_CTX_set0_param, +X509_STORE_CTX_get0_untrusted, X509_STORE_CTX_set0_untrusted, +X509_STORE_CTX_get_num_untrusted, +X509_STORE_CTX_set_default, +X509_STORE_CTX_set_verify, +X509_STORE_CTX_verify_fn +- X509_STORE_CTX initialisation

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509_vfy.h>
    +
    + X509_STORE_CTX *X509_STORE_CTX_new(void);
+ void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
+ void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
    +
    + int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
+                         X509 *x509, STACK_OF(X509) *chain);
    +
    + void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
    +
    + void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x);
+ STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx);
+ void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *chain);
+ void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk);
    +
    + X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx);
+ void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param);
+ int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name);
    +
    + STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx);
+ void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
    +
    + int X509_STORE_CTX_get_num_untrusted(X509_STORE_CTX *ctx);
    +
    + typedef int (*X509_STORE_CTX_verify_fn)(X509_STORE_CTX *);
+ void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, X509_STORE_CTX_verify_fn verify);
    +

    +

    +
    +

    DESCRIPTION

    +

    These functions initialise an X509_STORE_CTX structure for subsequent use +by X509_verify_cert().

    +

    X509_STORE_CTX_new() returns a newly initialised X509_STORE_CTX structure.

    +

    X509_STORE_CTX_cleanup() internally cleans up an X509_STORE_CTX structure. +The context can then be reused with an new call to X509_STORE_CTX_init().

    +

    X509_STORE_CTX_free() completely frees up ctx. After this call ctx +is no longer valid. +If ctx is NULL nothing is done.

    +

    X509_STORE_CTX_init() sets up ctx for a subsequent verification operation. +It must be called before each call to X509_verify_cert(), i.e. a ctx is only +good for one call to X509_verify_cert(); if you want to verify a second +certificate with the same ctx then you must call X509_STORE_CTX_cleanup() +and then X509_STORE_CTX_init() again before the second call to +X509_verify_cert(). The trusted certificate store is set to store, the end +entity certificate to be verified is set to x509 and a set of additional +certificates (which will be untrusted but may be used to build the chain) in +chain. Any or all of the store, x509 and chain parameters can be +NULL.

    +

    X509_STORE_CTX_set0_trusted_stack() sets the set of trusted certificates of +ctx to sk. This is an alternative way of specifying trusted certificates +instead of using an X509_STORE.

    +

    X509_STORE_CTX_set_cert() sets the certificate to be verified in ctx to +x.

    +

    X509_STORE_CTX_set0_verified_chain() sets the validated chain used +by ctx to be chain. +Ownership of the chain is transferred to ctx and should not be +free'd by the caller. +X509_STORE_CTX_get0_chain() returns a the internal pointer used by the +ctx that contains the validated chain.

    +

    X509_STORE_CTX_set0_crls() sets a set of CRLs to use to aid certificate +verification to sk. These CRLs will only be used if CRL verification is +enabled in the associated X509_VERIFY_PARAM structure. This might be +used where additional "useful" CRLs are supplied as part of a protocol, +for example in a PKCS#7 structure.

    +

    X509_STORE_CTX_get0_param() retrieves an internal pointer +to the verification parameters associated with ctx.

    +

    X509_STORE_CTX_get0_untrusted() retrieves an internal pointer to the +stack of untrusted certificates associated with ctx.

    +

    X509_STORE_CTX_set0_untrusted() sets the internal point to the stack +of untrusted certificates associated with ctx to sk.

    +

    X509_STORE_CTX_set0_param() sets the internal verification parameter pointer +to param. After this call param should not be used.

    +

    X509_STORE_CTX_set_default() looks up and sets the default verification +method to name. This uses the function X509_VERIFY_PARAM_lookup() to +find an appropriate set of parameters from name.

    +

    X509_STORE_CTX_get_num_untrusted() returns the number of untrusted certificates +that were used in building the chain following a call to X509_verify_cert().

    +

    X509_STORE_CTX_set_verify() provides the capability for overriding the default +verify function. This function is responsible for verifying chain signatures and +expiration times.

    +

    A verify function is defined as an X509_STORE_CTX_verify type which has the +following signature:

    +
    + int (*verify)(X509_STORE_CTX *);
    +

    This function should receive the current X509_STORE_CTX as a parameter and +return 1 on success or 0 on failure.

    +

    +

    +
    +

    NOTES

    +

    The certificates and CRLs in a store are used internally and should not +be freed up until after the associated X509_STORE_CTX is freed.

    +

    +

    +
    +

    BUGS

    +

    The certificates and CRLs in a context are used internally and should not +be freed up until after the associated X509_STORE_CTX is freed. Copies +should be made or reference counts increased instead.

    +

    +

    +
    +

    RETURN VALUES

    +

    X509_STORE_CTX_new() returns an newly allocates context or NULL is an +error occurred.

    +

    X509_STORE_CTX_init() returns 1 for success or 0 if an error occurred.

    +

    X509_STORE_CTX_get0_param() returns a pointer to an X509_VERIFY_PARAM +structure or NULL if an error occurred.

    +

    X509_STORE_CTX_cleanup(), X509_STORE_CTX_free(), +X509_STORE_CTX_set0_trusted_stack(), +X509_STORE_CTX_set_cert(), +X509_STORE_CTX_set0_crls() and X509_STORE_CTX_set0_param() do not return +values.

    +

    X509_STORE_CTX_set_default() returns 1 for success or 0 if an error occurred.

    +

    X509_STORE_CTX_get_num_untrusted() returns the number of untrusted certificates +used.

    +

    +

    +
    +

    SEE ALSO

    +

    X509_verify_cert(3) +X509_VERIFY_PARAM_set_flags(3)

    +

    +

    +
    +

    HISTORY

    +

    The X509_STORE_CTX_set0_crls() function was added in OpenSSL 1.0.0. +The X509_STORE_CTX_get_num_untrusted() function was added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/X509_STORE_CTX_set_verify_cb.html b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_STORE_CTX_set_verify_cb.html new file mode 100755 index 0000000..b153188 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_STORE_CTX_set_verify_cb.html @@ -0,0 +1,255 @@ + + + + +X509_STORE_CTX_set_verify_cb + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_STORE_CTX_get_cleanup, +X509_STORE_CTX_get_lookup_crls, +X509_STORE_CTX_get_lookup_certs, +X509_STORE_CTX_get_check_policy, +X509_STORE_CTX_get_cert_crl, +X509_STORE_CTX_get_check_crl, +X509_STORE_CTX_get_get_crl, +X509_STORE_CTX_get_check_revocation, +X509_STORE_CTX_get_check_issued, +X509_STORE_CTX_get_get_issuer, +X509_STORE_CTX_get_verify_cb, +X509_STORE_CTX_set_verify_cb, +X509_STORE_CTX_verify_cb, +X509_STORE_CTX_print_verify_cb +- get and set X509_STORE_CTX components such as verification callback

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509_vfy.h>
    +
    + typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *);
+ int X509_STORE_CTX_print_verify_cb(int ok, X509_STORE_CTX *ctx);
    +
    + X509_STORE_CTX_verify_cb X509_STORE_CTX_get_verify_cb(X509_STORE_CTX *ctx);
    +
    + void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
+                                   X509_STORE_CTX_verify_cb verify_cb);
    +
    + X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(X509_STORE_CTX *ctx);
+ X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(X509_STORE_CTX *ctx);
+ X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(X509_STORE_CTX *ctx);
+ X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(X509_STORE_CTX *ctx);
+ X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(X509_STORE_CTX *ctx);
+ X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(X509_STORE_CTX *ctx);
+ X509_STORE_CTX_check_policy_fn X509_STORE_CTX_get_check_policy(X509_STORE_CTX *ctx);
+ X509_STORE_CTX_lookup_certs_fn X509_STORE_CTX_get_lookup_certs(X509_STORE_CTX *ctx);
+ X509_STORE_CTX_lookup_crls_fn X509_STORE_CTX_get_lookup_crls(X509_STORE_CTX *ctx);
+ X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(X509_STORE_CTX *ctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    X509_STORE_CTX_set_verify_cb() sets the verification callback of ctx to +verify_cb overwriting any existing callback.

    +

    The verification callback can be used to customise the operation of certificate +verification, either by overriding error conditions or logging errors for +debugging purposes.

    +

    However a verification callback is not essential and the default operation +is often sufficient.

    +

    The ok parameter to the callback indicates the value the callback should +return to retain the default behaviour. If it is zero then an error condition +is indicated. If it is 1 then no error occurred. If the flag +X509_V_FLAG_NOTIFY_POLICY is set then ok is set to 2 to indicate the +policy checking is complete.

    +

    The ctx parameter to the callback is the X509_STORE_CTX structure that +is performing the verification operation. A callback can examine this +structure and receive additional information about the error, for example +by calling X509_STORE_CTX_get_current_cert(). Additional application data can +be passed to the callback via the ex_data mechanism.

    +

    X509_STORE_CTX_print_verify_cb() is a verification callback function that, +when a certificate verification has failed, adds an entry to the error queue +with code X509_R_CERTIFICATE_VERIFICATION_FAILED and with diagnostic details, +including the most relevant fields of the target certificate that failed to +verify and, if appropriate, of the available untrusted and trusted certificates.

    +

    X509_STORE_CTX_get_verify_cb() returns the value of the current callback +for the specific ctx.

    +

    X509_STORE_CTX_get_get_issuer(), +X509_STORE_CTX_get_check_issued(), X509_STORE_CTX_get_check_revocation(), +X509_STORE_CTX_get_get_crl(), X509_STORE_CTX_get_check_crl(), +X509_STORE_CTX_get_cert_crl(), X509_STORE_CTX_get_check_policy(), +X509_STORE_CTX_get_lookup_certs(), X509_STORE_CTX_get_lookup_crls() +and X509_STORE_CTX_get_cleanup() return the function pointers cached +from the corresponding X509_STORE, please see +X509_STORE_set_verify(3) for more information.

    +

    +

    +
    +

    WARNINGS

    +

    In general a verification callback should NOT unconditionally return 1 in +all circumstances because this will allow verification to succeed no matter +what the error. This effectively removes all security from the application +because any certificate (including untrusted generated ones) will be +accepted.

    +

    +

    +
    +

    NOTES

    +

    The verification callback can be set and inherited from the parent structure +performing the operation. In some cases (such as S/MIME verification) the +X509_STORE_CTX structure is created and destroyed internally and the +only way to set a custom verification callback is by inheriting it from the +associated X509_STORE.

    +

    +

    +
    +

    RETURN VALUES

    +

    X509_STORE_CTX_set_verify_cb() does not return a value.

    +

    +

    +
    +

    EXAMPLES

    +

    Default callback operation:

    +
    + int verify_callback(int ok, X509_STORE_CTX *ctx) {
+     return ok;
+ }
    +

    Simple example, suppose a certificate in the chain is expired and we wish +to continue after this error:

    +
    + int verify_callback(int ok, X509_STORE_CTX *ctx) {
+     /* Tolerate certificate expiration */
+     if (X509_STORE_CTX_get_error(ctx) == X509_V_ERR_CERT_HAS_EXPIRED)
+         return 1;
+     /* Otherwise don't override */
+     return ok;
+ }
    +

    More complex example, we don't wish to continue after any certificate has +expired just one specific case:

    +
    + int verify_callback(int ok, X509_STORE_CTX *ctx)
+ {
+     int err = X509_STORE_CTX_get_error(ctx);
+     X509 *err_cert = X509_STORE_CTX_get_current_cert(ctx);
    +
    +     if (err == X509_V_ERR_CERT_HAS_EXPIRED) {
+         if (check_is_acceptable_expired_cert(err_cert)
+             return 1;
+     }
+     return ok;
+ }
    +

    Full featured logging callback. In this case the bio_err is assumed to be +a global logging BIO, an alternative would to store a BIO in ctx using +ex_data.

    +
    + int verify_callback(int ok, X509_STORE_CTX *ctx)
+ {
+     X509 *err_cert;
+     int err, depth;
    +
    +     err_cert = X509_STORE_CTX_get_current_cert(ctx);
+     err = X509_STORE_CTX_get_error(ctx);
+     depth = X509_STORE_CTX_get_error_depth(ctx);
    +
    +     BIO_printf(bio_err, "depth=%d ", depth);
+     if (err_cert) {
+         X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert),
+                            0, XN_FLAG_ONELINE);
+         BIO_puts(bio_err, "\n");
+     }
+     else
+         BIO_puts(bio_err, "<no cert>\n");
+     if (!ok)
+         BIO_printf(bio_err, "verify error:num=%d:%s\n", err,
+                    X509_verify_cert_error_string(err));
+     switch (err) {
+     case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
+         BIO_puts(bio_err, "issuer= ");
+         X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert),
+                            0, XN_FLAG_ONELINE);
+         BIO_puts(bio_err, "\n");
+         break;
+     case X509_V_ERR_CERT_NOT_YET_VALID:
+     case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
+         BIO_printf(bio_err, "notBefore=");
+         ASN1_TIME_print(bio_err, X509_get_notBefore(err_cert));
+         BIO_printf(bio_err, "\n");
+         break;
+     case X509_V_ERR_CERT_HAS_EXPIRED:
+     case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
+         BIO_printf(bio_err, "notAfter=");
+         ASN1_TIME_print(bio_err, X509_get_notAfter(err_cert));
+         BIO_printf(bio_err, "\n");
+         break;
+     case X509_V_ERR_NO_EXPLICIT_POLICY:
+         policies_print(bio_err, ctx);
+         break;
+     }
+     if (err == X509_V_OK && ok == 2)
+         /* print out policies */
    +
    +     BIO_printf(bio_err, "verify return:%d\n", ok);
+     return(ok);
+ }
    +

    +

    +
    +

    SEE ALSO

    +

    X509_STORE_CTX_get_error(3) +X509_STORE_set_verify_cb_func(3) +X509_STORE_CTX_get_ex_new_index(3)

    +

    +

    +
    +

    HISTORY

    +

    The +X509_STORE_CTX_get_get_issuer(), +X509_STORE_CTX_get_check_issued(), X509_STORE_CTX_get_check_revocation(), +X509_STORE_CTX_get_get_crl(), X509_STORE_CTX_get_check_crl(), +X509_STORE_CTX_get_cert_crl(), X509_STORE_CTX_get_check_policy(), +X509_STORE_CTX_get_lookup_certs(), X509_STORE_CTX_get_lookup_crls() +and X509_STORE_CTX_get_cleanup() functions were added in OpenSSL 1.1.0.

    +

    X509_STORE_CTX_print_verify_cb() was added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/X509_STORE_add_cert.html b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_STORE_add_cert.html new file mode 100755 index 0000000..914bc72 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_STORE_add_cert.html @@ -0,0 +1,161 @@ + + + + +X509_STORE_add_cert + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_STORE, +X509_STORE_add_cert, X509_STORE_add_crl, X509_STORE_set_depth, +X509_STORE_set_flags, X509_STORE_set_purpose, X509_STORE_set_trust, +X509_STORE_add_lookup, +X509_STORE_load_file, X509_STORE_load_path, X509_STORE_load_store, +X509_STORE_set_default_paths, +X509_STORE_load_locations +- X509_STORE manipulation

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509_vfy.h>
    +
    + typedef x509_store_st X509_STORE;
    +
    + int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
+ int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
+ int X509_STORE_set_depth(X509_STORE *store, int depth);
+ int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);
+ int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
+ int X509_STORE_set_trust(X509_STORE *ctx, int trust);
    +
    + X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *store,
+                                    X509_LOOKUP_METHOD *meth);
    +
    + int X509_STORE_set_default_paths(X509_STORE *ctx);
+ int X509_STORE_load_file(X509_STORE *ctx, const char *file);
+ int X509_STORE_load_path(X509_STORE *ctx, const char *dir);
+ int X509_STORE_load_store(X509_STORE *ctx, const char *uri);
    +

    Deprecated:

    +
    + int X509_STORE_load_locations(X509_STORE *ctx,
+                               const char *file, const char *dir);
    +

    +

    +
    +

    DESCRIPTION

    +

    The X509_STORE structure is intended to be a consolidated mechanism for +holding information about X.509 certificates and CRLs, and constructing +and validating chains of certificates terminating in trusted roots. +It admits multiple lookup mechanisms and efficient scaling performance +with large numbers of certificates, and a great deal of flexibility in +how validation and policy checks are performed.

    +

    X509_STORE_new(3) creates an empty X509_STORE structure, which contains +no information about trusted certificates or where such certificates +are located on disk, and is generally not usable. Normally, trusted +certificates will be added to the X509_STORE to prepare it for use, +via mechanisms such as X509_STORE_add_lookup() and X509_LOOKUP_file(), or +PEM_read_bio_X509_AUX() and X509_STORE_add_cert(). CRLs can also be added, +and many behaviors configured as desired.

    +

    Once the X509_STORE is suitably configured, X509_STORE_CTX_new() is +used to instantiate a single-use X509_STORE_CTX for each chain-building +and verification operation. That process includes providing the end-entity +certificate to be verified and an additional set of untrusted certificates +that may be used in chain-building. As such, it is expected that the +certificates included in the X509_STORE are certificates that represent +trusted entities such as root certificate authorities (CAs). +OpenSSL represents these trusted certificates internally as X509 objects +with an associated X509_CERT_AUX, as are produced by +PEM_read_bio_X509_AUX() and similar routines that refer to X509_AUX. +The public interfaces that operate on such trusted certificates still +operate on pointers to X509 objects, though.

    +

    X509_STORE_add_cert() and X509_STORE_add_crl() add the respective object +to the X509_STORE's local storage. Untrusted objects should not be +added in this way. The added object's reference count is incremented by one, +hence the caller retains ownership of the object and needs to free it when it +is no longer needed.

    +

    X509_STORE_set_depth(), X509_STORE_set_flags(), X509_STORE_set_purpose(), +X509_STORE_set_trust(), and X509_STORE_set1_param() set the default values +for the corresponding values used in certificate chain validation. Their +behavior is documented in the corresponding X509_VERIFY_PARAM manual +pages, e.g., X509_VERIFY_PARAM_set_depth(3).

    +

    X509_STORE_add_lookup() finds or creates a X509_LOOKUP(3) with the +X509_LOOKUP_METHOD(3) meth and adds it to the X509_STORE +store. This also associates the X509_STORE with the lookup, so +X509_LOOKUP functions can look up objects in that store.

    +

    X509_STORE_load_file() loads trusted certificate(s) into an +X509_STORE from a given file.

    +

    X509_STORE_load_path() loads trusted certificate(s) into an +X509_STORE from a given directory path. +The certificates in the directory must be in hashed form, as +documented in X509_LOOKUP_hash_dir(3).

    +

    X509_STORE_load_store() loads trusted certificate(s) into an +X509_STORE from a store at a given URI.

    +

    X509_STORE_load_locations() combines X509_STORE_load_file() and +X509_STORE_load_dir() for a given file and/or directory path. +It is permitted to specify just a file, just a directory, or both +paths.

    +

    X509_STORE_set_default_paths() is somewhat misnamed, in that it does not +set what default paths should be used for loading certificates. Instead, +it loads certificates into the X509_STORE from the hardcoded default +paths.

    +

    +

    +
    +

    RETURN VALUES

    +

    X509_STORE_add_cert(), X509_STORE_add_crl(), X509_STORE_set_depth(), +X509_STORE_set_flags(), X509_STORE_set_purpose(), +X509_STORE_set_trust(), X509_STORE_load_file(), +X509_STORE_load_path(), X509_STORE_load_store(), +X509_STORE_load_locations(), and X509_STORE_set_default_paths() return +1 on success or 0 on failure.

    +

    X509_STORE_add_lookup() returns the found or created +X509_LOOKUP(3), or NULL on error.

    +

    +

    +
    +

    SEE ALSO

    +

    X509_LOOKUP_hash_dir(3). +X509_VERIFY_PARAM_set_depth(3). +X509_STORE_new(3), +X509_STORE_get0_param(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/X509_STORE_get0_param.html b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_STORE_get0_param.html new file mode 100755 index 0000000..3ec3448 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_STORE_get0_param.html @@ -0,0 +1,98 @@ + + + + +X509_STORE_get0_param + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_STORE_get0_param, X509_STORE_set1_param, +X509_STORE_get0_objects, X509_STORE_get1_all_certs +- X509_STORE setter and getter functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509_vfy.h>
    +
    + X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx);
+ int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm);
+ STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *ctx);
+ STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *st);
    +

    +

    +
    +

    DESCRIPTION

    +

    X509_STORE_set1_param() sets the verification parameters +to pm for ctx.

    +

    X509_STORE_get0_param() retrieves an internal pointer to the verification +parameters for ctx. The returned pointer must not be freed by the +calling application

    +

    X509_STORE_get0_objects() retrieves an internal pointer to the store's +X509 object cache. The cache contains X509 and X509_CRL objects. The +returned pointer must not be freed by the calling application.

    +

    X509_STORE_get1_all_certs() returns a list of all certificates in the store. +The caller is responsible for freeing the returned list.

    +

    +

    +
    +

    RETURN VALUES

    +

    X509_STORE_get0_param() returns a pointer to an +X509_VERIFY_PARAM structure.

    +

    X509_STORE_set1_param() returns 1 for success and 0 for failure.

    +

    X509_STORE_get0_objects() returns a pointer to a stack of X509_OBJECT.

    +

    X509_STORE_get1_all_certs() returns a pointer to a stack of the retrieved +certificates on success, else NULL.

    +

    +

    +
    +

    SEE ALSO

    +

    X509_STORE_new(3)

    +

    +

    +
    +

    HISTORY

    +

    X509_STORE_get0_param and X509_STORE_get0_objects were added in +OpenSSL 1.1.0. +X509_STORE_get1_certs was added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/X509_STORE_new.html b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_STORE_new.html new file mode 100755 index 0000000..008bfcd --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_STORE_new.html @@ -0,0 +1,92 @@ + + + + +X509_STORE_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_STORE_new, X509_STORE_up_ref, X509_STORE_free, X509_STORE_lock, +X509_STORE_unlock - X509_STORE allocation, freeing and locking functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509_vfy.h>
    +
    + X509_STORE *X509_STORE_new(void);
+ void X509_STORE_free(X509_STORE *v);
+ int X509_STORE_lock(X509_STORE *v);
+ int X509_STORE_unlock(X509_STORE *v);
+ int X509_STORE_up_ref(X509_STORE *v);
    +

    +

    +
    +

    DESCRIPTION

    +

    The X509_STORE_new() function returns a new X509_STORE.

    +

    X509_STORE_up_ref() increments the reference count associated with the +X509_STORE object.

    +

    X509_STORE_lock() locks the store from modification by other threads, +X509_STORE_unlock() unlocks it.

    +

    X509_STORE_free() frees up a single X509_STORE object.

    +

    +

    +
    +

    RETURN VALUES

    +

    X509_STORE_new() returns a newly created X509_STORE or NULL if the call fails.

    +

    X509_STORE_up_ref(), X509_STORE_lock() and X509_STORE_unlock() return +1 for success and 0 for failure.

    +

    X509_STORE_free() does not return values.

    +

    +

    +
    +

    SEE ALSO

    +

    X509_STORE_set_verify_cb_func(3) +X509_STORE_get0_param(3)

    +

    +

    +
    +

    HISTORY

    +

    The X509_STORE_up_ref(), X509_STORE_lock() and X509_STORE_unlock() +functions were added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/X509_STORE_set_verify_cb_func.html b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_STORE_set_verify_cb_func.html new file mode 100755 index 0000000..71413e1 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_STORE_set_verify_cb_func.html @@ -0,0 +1,295 @@ + + + + +X509_STORE_set_verify_cb_func + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_STORE_set_lookup_crls_cb, +X509_STORE_set_verify_func, +X509_STORE_get_cleanup, +X509_STORE_set_cleanup, +X509_STORE_get_lookup_crls, +X509_STORE_set_lookup_crls, +X509_STORE_get_lookup_certs, +X509_STORE_set_lookup_certs, +X509_STORE_get_check_policy, +X509_STORE_set_check_policy, +X509_STORE_get_cert_crl, +X509_STORE_set_cert_crl, +X509_STORE_get_check_crl, +X509_STORE_set_check_crl, +X509_STORE_get_get_crl, +X509_STORE_set_get_crl, +X509_STORE_get_check_revocation, +X509_STORE_set_check_revocation, +X509_STORE_get_check_issued, +X509_STORE_set_check_issued, +X509_STORE_get_get_issuer, +X509_STORE_set_get_issuer, +X509_STORE_CTX_get_verify, +X509_STORE_set_verify, +X509_STORE_get_verify_cb, +X509_STORE_set_verify_cb_func, X509_STORE_set_verify_cb, +X509_STORE_CTX_cert_crl_fn, X509_STORE_CTX_check_crl_fn, +X509_STORE_CTX_check_issued_fn, X509_STORE_CTX_check_policy_fn, +X509_STORE_CTX_check_revocation_fn, X509_STORE_CTX_cleanup_fn, +X509_STORE_CTX_get_crl_fn, X509_STORE_CTX_get_issuer_fn, +X509_STORE_CTX_lookup_certs_fn, X509_STORE_CTX_lookup_crls_fn +- set verification callback

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509_vfy.h>
    +
    + typedef int (*X509_STORE_CTX_get_issuer_fn)(X509 **issuer,
+                                             X509_STORE_CTX *ctx, X509 *x);
+ typedef int (*X509_STORE_CTX_check_issued_fn)(X509_STORE_CTX *ctx,
+                                               X509 *x, X509 *issuer);
+ typedef int (*X509_STORE_CTX_check_revocation_fn)(X509_STORE_CTX *ctx);
+ typedef int (*X509_STORE_CTX_get_crl_fn)(X509_STORE_CTX *ctx,
+                                          X509_CRL **crl, X509 *x);
+ typedef int (*X509_STORE_CTX_check_crl_fn)(X509_STORE_CTX *ctx, X509_CRL *crl);
+ typedef int (*X509_STORE_CTX_cert_crl_fn)(X509_STORE_CTX *ctx,
+                                           X509_CRL *crl, X509 *x);
+ typedef int (*X509_STORE_CTX_check_policy_fn)(X509_STORE_CTX *ctx);
+ typedef STACK_OF(X509) *(*X509_STORE_CTX_lookup_certs_fn)(X509_STORE_CTX *ctx,
+                                                           X509_NAME *nm);
+ typedef STACK_OF(X509_CRL) *(*X509_STORE_CTX_lookup_crls_fn)(X509_STORE_CTX *ctx,
+                                                              X509_NAME *nm);
+ typedef int (*X509_STORE_CTX_cleanup_fn)(X509_STORE_CTX *ctx);
    +
    + void X509_STORE_set_verify_cb(X509_STORE *ctx,
+                               X509_STORE_CTX_verify_cb verify_cb);
+ X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(X509_STORE_CTX *ctx);
    +
    + void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify);
+ X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx);
    +
    + void X509_STORE_set_get_issuer(X509_STORE *ctx,
+                                X509_STORE_CTX_get_issuer_fn get_issuer);
+ X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(X509_STORE_CTX *ctx);
    +
    + void X509_STORE_set_check_issued(X509_STORE *ctx,
+                                  X509_STORE_CTX_check_issued_fn check_issued);
+ X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(X509_STORE_CTX *ctx);
    +
    + void X509_STORE_set_check_revocation(X509_STORE *ctx,
+                                      X509_STORE_CTX_check_revocation_fn check_revocation);
+ X509_STORE_CTX_check_revocation_fn X509_STORE_get_check_revocation(X509_STORE_CTX *ctx);
    +
    + void X509_STORE_set_get_crl(X509_STORE *ctx,
+                             X509_STORE_CTX_get_crl_fn get_crl);
+ X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(X509_STORE_CTX *ctx);
    +
    + void X509_STORE_set_check_crl(X509_STORE *ctx,
+                               X509_STORE_CTX_check_crl_fn check_crl);
+ X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(X509_STORE_CTX *ctx);
    +
    + void X509_STORE_set_cert_crl(X509_STORE *ctx,
+                              X509_STORE_CTX_cert_crl_fn cert_crl);
+ X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(X509_STORE_CTX *ctx);
    +
    + void X509_STORE_set_check_policy(X509_STORE *ctx,
+                                  X509_STORE_CTX_check_policy_fn check_policy);
+ X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(X509_STORE_CTX *ctx);
    +
    + void X509_STORE_set_lookup_certs(X509_STORE *ctx,
+                                  X509_STORE_CTX_lookup_certs_fn lookup_certs);
+ X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(X509_STORE_CTX *ctx);
    +
    + void X509_STORE_set_lookup_crls(X509_STORE *ctx,
+                                 X509_STORE_CTX_lookup_crls_fn lookup_crls);
+ X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(X509_STORE_CTX *ctx);
    +
    + void X509_STORE_set_cleanup(X509_STORE *ctx,
+                             X509_STORE_CTX_cleanup_fn cleanup);
+ X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(X509_STORE_CTX *ctx);
    +
    + /* Aliases */
+ void X509_STORE_set_verify_cb_func(X509_STORE *st,
+                                    X509_STORE_CTX_verify_cb verify_cb);
+ void X509_STORE_set_verify_func(X509_STORE *ctx,
+                                 X509_STORE_CTX_verify_fn verify);
+ void X509_STORE_set_lookup_crls_cb(X509_STORE *ctx,
+                                    X509_STORE_CTX_lookup_crls_fn lookup_crls);
    +

    +

    +
    +

    DESCRIPTION

    +

    X509_STORE_set_verify_cb() sets the verification callback of ctx to +verify_cb overwriting the previous callback. +The callback assigned with this function becomes a default for the one +that can be assigned directly to the corresponding X509_STORE_CTX, +please see X509_STORE_CTX_set_verify_cb(3) for further information.

    +

    X509_STORE_set_verify() sets the final chain verification function for +ctx to verify. +Its purpose is to go through the chain of certificates and check that +all signatures are valid and that the current time is within the +limits of each certificate's first and last validity time. +The final chain verification functions must return 0 on failure and 1 +on success. +If no chain verification function is provided, the internal default +function will be used instead.

    +

    X509_STORE_set_get_issuer() sets the function to get the issuer +certificate that verifies the given certificate x. +When found, the issuer certificate must be assigned to *issuer. +This function must return 0 on failure and 1 on success. +If no function to get the issuer is provided, the internal default +function will be used instead.

    +

    X509_STORE_set_check_issued() sets the function to check that a given +certificate x is issued with the issuer certificate issuer. +This function must return 0 on failure (among others if x hasn't +been issued with issuer) and 1 on success. +If no function to get the issuer is provided, the internal default +function will be used instead.

    +

    X509_STORE_set_check_revocation() sets the revocation checking +function. +Its purpose is to look through the final chain and check the +revocation status for each certificate. +It must return 0 on failure and 1 on success. +If no function to get the issuer is provided, the internal default +function will be used instead.

    +

    X509_STORE_set_get_crl() sets the function to get the crl for a given +certificate x. +When found, the crl must be assigned to *crl. +This function must return 0 on failure and 1 on success. +If no function to get the issuer is provided, the internal default +function will be used instead.

    +

    X509_STORE_set_check_crl() sets the function to check the validity of +the given crl. +This function must return 0 on failure and 1 on success. +If no function to get the issuer is provided, the internal default +function will be used instead.

    +

    X509_STORE_set_cert_crl() sets the function to check the revocation +status of the given certificate x against the given crl. +This function must return 0 on failure and 1 on success. +If no function to get the issuer is provided, the internal default +function will be used instead.

    +

    X509_STORE_set_check_policy() sets the function to check the policies +of all the certificates in the final chain.. +This function must return 0 on failure and 1 on success. +If no function to get the issuer is provided, the internal default +function will be used instead.

    +

    X509_STORE_set_lookup_certs() and X509_STORE_set_lookup_crls() set the +functions to look up all the certs or all the CRLs that match the +given name nm. +These functions return NULL on failure and a pointer to a stack of +certificates (X509) or to a stack of CRLs (X509_CRL) on +success. +If no function to get the issuer is provided, the internal default +function will be used instead.

    +

    X509_STORE_set_cleanup() sets the final cleanup function, which is +called when the context (X509_STORE_CTX) is being torn down. +This function doesn't return any value. +If no function to get the issuer is provided, the internal default +function will be used instead.

    +

    X509_STORE_get_verify_cb(), X509_STORE_CTX_get_verify(), +X509_STORE_get_get_issuer(), X509_STORE_get_check_issued(), +X509_STORE_get_check_revocation(), X509_STORE_get_get_crl(), +X509_STORE_get_check_crl(), X509_STORE_set_verify(), +X509_STORE_set_get_issuer(), X509_STORE_get_cert_crl(), +X509_STORE_get_check_policy(), X509_STORE_get_lookup_certs(), +X509_STORE_get_lookup_crls() and X509_STORE_get_cleanup() all return +the function pointer assigned with X509_STORE_set_check_issued(), +X509_STORE_set_check_revocation(), X509_STORE_set_get_crl(), +X509_STORE_set_check_crl(), X509_STORE_set_cert_crl(), +X509_STORE_set_check_policy(), X509_STORE_set_lookup_certs(), +X509_STORE_set_lookup_crls() and X509_STORE_set_cleanup(), or NULL if +no assignment has been made.

    +

    X509_STORE_set_verify_cb_func(), X509_STORE_set_verify_func() and +X509_STORE_set_lookup_crls_cb() are aliases for +X509_STORE_set_verify_cb(), X509_STORE_set_verify() and +X509_STORE_set_lookup_crls, available as macros for backward +compatibility.

    +

    +

    +
    +

    NOTES

    +

    All the callbacks from a X509_STORE are inherited by the +corresponding X509_STORE_CTX structure when it is initialized. +See X509_STORE_CTX_set_verify_cb(3) for further details.

    +

    +

    +
    +

    BUGS

    +

    The macro version of this function was the only one available before +OpenSSL 1.0.0.

    +

    +

    +
    +

    RETURN VALUES

    +

    The X509_STORE_set_*() functions do not return a value.

    +

    The X509_STORE_get_*() functions return a pointer of the appropriate +function type.

    +

    +

    +
    +

    SEE ALSO

    +

    X509_STORE_CTX_set_verify_cb(3), X509_STORE_CTX_get0_chain(3), +X509_STORE_CTX_verify_cb(3), X509_STORE_CTX_verify_fn(3), +CMS_verify(3)

    +

    +

    +
    +

    HISTORY

    +

    The X509_STORE_set_verify_cb() function was added in OpenSSL 1.0.0.

    +

    The functions +X509_STORE_set_verify_cb(), X509_STORE_get_verify_cb(), +X509_STORE_set_verify(), X509_STORE_CTX_get_verify(), +X509_STORE_set_get_issuer(), X509_STORE_get_get_issuer(), +X509_STORE_set_check_issued(), X509_STORE_get_check_issued(), +X509_STORE_set_check_revocation(), X509_STORE_get_check_revocation(), +X509_STORE_set_get_crl(), X509_STORE_get_get_crl(), +X509_STORE_set_check_crl(), X509_STORE_get_check_crl(), +X509_STORE_set_cert_crl(), X509_STORE_get_cert_crl(), +X509_STORE_set_check_policy(), X509_STORE_get_check_policy(), +X509_STORE_set_lookup_certs(), X509_STORE_get_lookup_certs(), +X509_STORE_set_lookup_crls(), X509_STORE_get_lookup_crls(), +X509_STORE_set_cleanup() and X509_STORE_get_cleanup() +were added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/X509_VERIFY_PARAM_set_flags.html b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_VERIFY_PARAM_set_flags.html new file mode 100755 index 0000000..ab2ed3d --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_VERIFY_PARAM_set_flags.html @@ -0,0 +1,386 @@ + + + + +X509_VERIFY_PARAM_set_flags + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags, +X509_VERIFY_PARAM_get_flags, X509_VERIFY_PARAM_set_purpose, +X509_VERIFY_PARAM_get_inh_flags, X509_VERIFY_PARAM_set_inh_flags, +X509_VERIFY_PARAM_set_trust, X509_VERIFY_PARAM_set_depth, +X509_VERIFY_PARAM_get_depth, X509_VERIFY_PARAM_set_auth_level, +X509_VERIFY_PARAM_get_auth_level, X509_VERIFY_PARAM_set_time, +X509_VERIFY_PARAM_get_time, +X509_VERIFY_PARAM_add0_policy, X509_VERIFY_PARAM_set1_policies, +X509_VERIFY_PARAM_set1_host, X509_VERIFY_PARAM_add1_host, +X509_VERIFY_PARAM_set_hostflags, +X509_VERIFY_PARAM_get_hostflags, +X509_VERIFY_PARAM_get0_peername, +X509_VERIFY_PARAM_set1_email, X509_VERIFY_PARAM_set1_ip, +X509_VERIFY_PARAM_set1_ip_asc +- X509 verification parameters

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509_vfy.h>
    +
    + int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param,
+                                 unsigned long flags);
+ int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param,
+                                   unsigned long flags);
+ unsigned long X509_VERIFY_PARAM_get_flags(const X509_VERIFY_PARAM *param);
    +
    + int X509_VERIFY_PARAM_set_inh_flags(X509_VERIFY_PARAM *param,
+                                     uint32_t flags);
+ uint32_t X509_VERIFY_PARAM_get_inh_flags(const X509_VERIFY_PARAM *param);
    +
    + int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose);
+ int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust);
    +
    + void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t);
+ time_t X509_VERIFY_PARAM_get_time(const X509_VERIFY_PARAM *param);
    +
    + int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
+                                   ASN1_OBJECT *policy);
+ int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
+                                     STACK_OF(ASN1_OBJECT) *policies);
    +
    + void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth);
+ int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param);
    +
    + void X509_VERIFY_PARAM_set_auth_level(X509_VERIFY_PARAM *param,
+                                       int auth_level);
+ int X509_VERIFY_PARAM_get_auth_level(const X509_VERIFY_PARAM *param);
    +
    + int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
+                                 const char *name, size_t namelen);
+ int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param,
+                                 const char *name, size_t namelen);
+ void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
+                                      unsigned int flags);
+ unsigned int X509_VERIFY_PARAM_get_hostflags(const X509_VERIFY_PARAM *param);
+ char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param);
+ int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
+                                  const char *email, size_t emaillen);
+ int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param,
+                               const unsigned char *ip, size_t iplen);
+ int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc);
    +

    +

    +
    +

    DESCRIPTION

    +

    These functions manipulate the X509_VERIFY_PARAM structure associated with +a certificate verification operation.

    +

    The X509_VERIFY_PARAM_set_flags() function sets the flags in param by oring +it with flags. See the VERIFICATION FLAGS section for a complete +description of values the flags parameter can take.

    +

    X509_VERIFY_PARAM_get_flags() returns the flags in param.

    +

    X509_VERIFY_PARAM_get_inh_flags() returns the inheritance flags in param +which specifies how verification flags are copied from one structure to +another. X509_VERIFY_PARAM_set_inh_flags() sets the inheritance flags. +See the INHERITANCE FLAGS section for a description of these bits.

    +

    X509_VERIFY_PARAM_clear_flags() clears the flags flags in param.

    +

    X509_VERIFY_PARAM_set_purpose() sets the verification purpose in param +to purpose. This determines the acceptable purpose of the certificate +chain, for example SSL client or SSL server.

    +

    X509_VERIFY_PARAM_set_trust() sets the trust setting in param to +trust.

    +

    X509_VERIFY_PARAM_set_time() sets the verification time in param to +t. Normally the current time is used.

    +

    X509_VERIFY_PARAM_add0_policy() enables policy checking (it is disabled +by default) and adds policy to the acceptable policy set.

    +

    X509_VERIFY_PARAM_set1_policies() enables policy checking (it is disabled +by default) and sets the acceptable policy set to policies. Any existing +policy set is cleared. The policies parameter can be NULL to clear +an existing policy set.

    +

    X509_VERIFY_PARAM_set_depth() sets the maximum verification depth to depth. +That is the maximum number of intermediate CA certificates that can appear in a +chain. +A maximal depth chain contains 2 more certificates than the limit, since +neither the end-entity certificate nor the trust-anchor count against this +limit. +Thus a depth limit of 0 only allows the end-entity certificate to be signed +directly by the trust-anchor, while with a depth limit of 1 there can be one +intermediate CA certificate between the trust-anchor and the end-entity +certificate.

    +

    X509_VERIFY_PARAM_set_auth_level() sets the authentication security level to +auth_level. +The authentication security level determines the acceptable signature and public +key strength when verifying certificate chains. +For a certificate chain to validate, the public keys of all the certificates +must meet the specified security level. +The signature algorithm security level is not enforced for the chain's trust +anchor certificate, which is either directly trusted or validated by means other +than its signature. +See SSL_CTX_set_security_level(3) for the definitions of the available +levels. +The default security level is -1, or "not set". +At security level 0 or lower all algorithms are acceptable. +Security level 1 requires at least 80-bit-equivalent security and is broadly +interoperable, though it will, for example, reject MD5 signatures or RSA keys +shorter than 1024 bits.

    +

    X509_VERIFY_PARAM_set1_host() sets the expected DNS hostname to +name clearing any previously specified hostname. If +name is NULL, or empty the list of hostnames is cleared, and +name checks are not performed on the peer certificate. If name +is NUL-terminated, namelen may be zero, otherwise namelen +must be set to the length of name.

    +

    When a hostname is specified, +certificate verification automatically invokes X509_check_host(3) +with flags equal to the flags argument given to +X509_VERIFY_PARAM_set_hostflags() (default zero). Applications +are strongly advised to use this interface in preference to explicitly +calling X509_check_host(3), hostname checks may be out of scope +with the DANE-EE(3) certificate usage, and the internal check will +be suppressed as appropriate when DANE verification is enabled.

    +

    When the subject CommonName will not be ignored, whether as a result of the +X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT host flag, or because no DNS subject +alternative names are present in the certificate, any DNS name constraints in +issuer certificates apply to the subject CommonName as well as the subject +alternative name extension.

    +

    When the subject CommonName will be ignored, whether as a result of the +X509_CHECK_FLAG_NEVER_CHECK_SUBJECT host flag, or because some DNS subject +alternative names are present in the certificate, DNS name constraints in +issuer certificates will not be applied to the subject DN. +As described in X509_check_host(3) the X509_CHECK_FLAG_NEVER_CHECK_SUBJECT +flag takes precedence over the X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT flag.

    +

    X509_VERIFY_PARAM_get_hostflags() returns any host flags previously set via a +call to X509_VERIFY_PARAM_set_hostflags().

    +

    X509_VERIFY_PARAM_add1_host() adds name as an additional reference +identifier that can match the peer's certificate. Any previous names +set via X509_VERIFY_PARAM_set1_host() or X509_VERIFY_PARAM_add1_host() +are retained, no change is made if name is NULL or empty. When +multiple names are configured, the peer is considered verified when +any name matches.

    +

    X509_VERIFY_PARAM_get0_peername() returns the DNS hostname or subject +CommonName from the peer certificate that matched one of the reference +identifiers. When wildcard matching is not disabled, or when a +reference identifier specifies a parent domain (starts with ".") +rather than a hostname, the peer name may be a wildcard name or a +sub-domain of the reference identifier respectively. The return +string is allocated by the library and is no longer valid once the +associated param argument is freed. Applications must not free +the return value.

    +

    X509_VERIFY_PARAM_set1_email() sets the expected RFC822 email address to +email. If email is NUL-terminated, emaillen may be zero, otherwise +emaillen must be set to the length of email. When an email address +is specified, certificate verification automatically invokes +X509_check_email(3).

    +

    X509_VERIFY_PARAM_set1_ip() sets the expected IP address to ip. +The ip argument is in binary format, in network byte-order and +iplen must be set to 4 for IPv4 and 16 for IPv6. When an IP +address is specified, certificate verification automatically invokes +X509_check_ip(3).

    +

    X509_VERIFY_PARAM_set1_ip_asc() sets the expected IP address to +ipasc. The ipasc argument is a NUL-terminal ASCII string: +dotted decimal quad for IPv4 and colon-separated hexadecimal for +IPv6. The condensed "::" notation is supported for IPv6 addresses.

    +

    +

    +
    +

    RETURN VALUES

    +

    X509_VERIFY_PARAM_set_flags(), X509_VERIFY_PARAM_clear_flags(), +X509_VERIFY_PARAM_set_inh_flags(), +X509_VERIFY_PARAM_set_purpose(), X509_VERIFY_PARAM_set_trust(), +X509_VERIFY_PARAM_add0_policy() X509_VERIFY_PARAM_set1_policies(), +X509_VERIFY_PARAM_set1_host(), X509_VERIFY_PARAM_add1_host(), +X509_VERIFY_PARAM_set1_email(), X509_VERIFY_PARAM_set1_ip() and +X509_VERIFY_PARAM_set1_ip_asc() return 1 for success and 0 for +failure.

    +

    X509_VERIFY_PARAM_get_flags() returns the current verification flags.

    +

    X509_VERIFY_PARAM_get_hostflags() returns any current host flags.

    +

    X509_VERIFY_PARAM_get_inh_flags() returns the current inheritance flags.

    +

    X509_VERIFY_PARAM_set_time() and X509_VERIFY_PARAM_set_depth() do not return +values.

    +

    X509_VERIFY_PARAM_get_depth() returns the current verification depth.

    +

    X509_VERIFY_PARAM_get_auth_level() returns the current authentication security +level.

    +

    +

    +
    +

    VERIFICATION FLAGS

    +

    The verification flags consists of zero or more of the following flags +ored together.

    +

    X509_V_FLAG_CRL_CHECK enables CRL checking for the certificate chain leaf +certificate. An error occurs if a suitable CRL cannot be found.

    +

    X509_V_FLAG_CRL_CHECK_ALL enables CRL checking for the entire certificate +chain.

    +

    X509_V_FLAG_IGNORE_CRITICAL disabled critical extension checking. By default +any unhandled critical extensions in certificates or (if checked) CRLs results +in a fatal error. If this flag is set unhandled critical extensions are +ignored. WARNING setting this option for anything other than debugging +purposes can be a security risk. Finer control over which extensions are +supported can be performed in the verification callback.

    +

    The X509_V_FLAG_X509_STRICT flag disables workarounds for some broken +certificates and makes the verification strictly apply X509 rules.

    +

    X509_V_FLAG_ALLOW_PROXY_CERTS enables proxy certificate verification.

    +

    X509_V_FLAG_POLICY_CHECK enables certificate policy checking, by default +no policy checking is performed. Additional information is sent to the +verification callback relating to policy checking.

    +

    X509_V_FLAG_EXPLICIT_POLICY, X509_V_FLAG_INHIBIT_ANY and +X509_V_FLAG_INHIBIT_MAP set the require explicit policy, inhibit any +policy and inhibit policy mapping flags respectively as defined in +RFC3280. Policy checking is automatically enabled if any of these flags +are set.

    +

    If X509_V_FLAG_NOTIFY_POLICY is set and the policy checking is successful +a special status code is set to the verification callback. This permits it +to examine the valid policy tree and perform additional checks or simply +log it for debugging purposes.

    +

    By default some additional features such as indirect CRLs and CRLs signed by +different keys are disabled. If X509_V_FLAG_EXTENDED_CRL_SUPPORT is set +they are enabled.

    +

    If X509_V_FLAG_USE_DELTAS is set delta CRLs (if present) are used to +determine certificate status. If not set deltas are ignored.

    +

    X509_V_FLAG_CHECK_SS_SIGNATURE enables checking of the root CA self signed +certificate signature. By default this check is disabled because it doesn't +add any additional security but in some cases applications might want to +check the signature anyway. A side effect of not checking the root CA +signature is that disabled or unsupported message digests on the root CA +are not treated as fatal errors.

    +

    When X509_V_FLAG_TRUSTED_FIRST is set, construction of the certificate chain +in X509_verify_cert(3) will search the trust store for issuer certificates +before searching the provided untrusted certificates. +Local issuer certificates are often more likely to satisfy local security +requirements and lead to a locally trusted root. +This is especially important when some certificates in the trust store have +explicit trust settings (see "TRUST SETTINGS" in openssl-x509(1)). +As of OpenSSL 1.1.0 this option is on by default.

    +

    The X509_V_FLAG_NO_ALT_CHAINS flag suppresses checking for alternative +chains. +By default, unless X509_V_FLAG_TRUSTED_FIRST is set, when building a +certificate chain, if the first certificate chain found is not trusted, then +OpenSSL will attempt to replace untrusted certificates supplied by the peer +with certificates from the trust store to see if an alternative chain can be +found that is trusted. +As of OpenSSL 1.1.0, with X509_V_FLAG_TRUSTED_FIRST always set, this option +has no effect.

    +

    The X509_V_FLAG_PARTIAL_CHAIN flag causes intermediate certificates in the +trust store to be treated as trust-anchors, in the same way as the self-signed +root CA certificates. +This makes it possible to trust certificates issued by an intermediate CA +without having to trust its ancestor root CA. +With OpenSSL 1.1.0 and later and <X509_V_FLAG_PARTIAL_CHAIN> set, chain +construction stops as soon as the first certificate from the trust store is +added to the chain, whether that certificate is a self-signed "root" +certificate or a not self-signed intermediate certificate. +Thus, when an intermediate certificate is found in the trust store, the +verified chain passed to callbacks may be shorter than it otherwise would +be without the X509_V_FLAG_PARTIAL_CHAIN flag.

    +

    The X509_V_FLAG_NO_CHECK_TIME flag suppresses checking the validity period +of certificates and CRLs against the current time. If X509_VERIFY_PARAM_set_time() +is used to specify a verification time, the check is not suppressed.

    +

    +

    +
    +

    INHERITANCE FLAGS

    +

    These flags specify how parameters are "inherited" from one structure to +another.

    +

    If X509_VP_FLAG_ONCE is set then the current setting is zeroed +after the next call.

    +

    If X509_VP_FLAG_LOCKED is set then no values are copied. This overrides +all of the following flags.

    +

    If X509_VP_FLAG_DEFAULT is set then anything set in the source is copied +to the destination. Effectively the values in "to" become default values +which will be used only if nothing new is set in "from". This is the +default.

    +

    If X509_VP_FLAG_OVERWRITE is set then all value are copied across whether +they are set or not. Flags is still Ored though.

    +

    If X509_VP_FLAG_RESET_FLAGS is set then the flags value is copied instead +of ORed.

    +

    +

    +
    +

    NOTES

    +

    The above functions should be used to manipulate verification parameters +instead of functions which work in specific structures such as +X509_STORE_CTX_set_flags() which are likely to be deprecated in a future +release.

    +

    +

    +
    +

    BUGS

    +

    Delta CRL checking is currently primitive. Only a single delta can be used and +(partly due to limitations of X509_STORE) constructed CRLs are not +maintained.

    +

    If CRLs checking is enable CRLs are expected to be available in the +corresponding X509_STORE structure. No attempt is made to download +CRLs from the CRL distribution points extension.

    +

    +

    +
    +

    EXAMPLES

    +

    Enable CRL checking when performing certificate verification during SSL +connections associated with an SSL_CTX structure ctx:

    +
    + X509_VERIFY_PARAM *param;
    +
    + param = X509_VERIFY_PARAM_new();
+ X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK);
+ SSL_CTX_set1_param(ctx, param);
+ X509_VERIFY_PARAM_free(param);
    +

    +

    +
    +

    SEE ALSO

    +

    X509_verify_cert(3), +X509_check_host(3), +X509_check_email(3), +X509_check_ip(3), +openssl-x509(1)

    +

    +

    +
    +

    HISTORY

    +

    The X509_V_FLAG_NO_ALT_CHAINS flag was added in OpenSSL 1.1.0. +The flag X509_V_FLAG_CB_ISSUER_CHECK was deprecated in OpenSSL 1.1.0 +and has no effect.

    +

    The X509_VERIFY_PARAM_get_hostflags() function was added in OpenSSL 1.1.0i.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/X509_check_ca.html b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_check_ca.html new file mode 100755 index 0000000..8222cbc --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_check_ca.html @@ -0,0 +1,81 @@ + + + + +X509_check_ca + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_check_ca - check if given certificate is CA certificate

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509v3.h>
    +
    + int X509_check_ca(X509 *cert);
    +

    +

    +
    +

    DESCRIPTION

    +

    This function checks if given certificate is CA certificate (can be used +to sign other certificates).

    +

    +

    +
    +

    RETURN VALUES

    +

    Function return 0, if it is not CA certificate, 1 if it is proper X509v3 +CA certificate with basicConstraints extension CA:TRUE, +3, if it is self-signed X509 v1 certificate, 4, if it is certificate with +keyUsage extension with bit keyCertSign set, but without +basicConstraints, and 5 if it has outdated Netscape Certificate Type +extension telling that it is CA certificate.

    +

    Actually, any nonzero value means that this certificate could have been +used to sign other certificates.

    +

    +

    +
    +

    SEE ALSO

    +

    X509_verify_cert(3), +X509_check_issued(3), +X509_check_purpose(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/X509_check_host.html b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_check_host.html new file mode 100755 index 0000000..3283cfa --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_check_host.html @@ -0,0 +1,185 @@ + + + + +X509_check_host + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_check_host, X509_check_email, X509_check_ip, X509_check_ip_asc - X.509 certificate matching

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509v3.h>
    +
    + int X509_check_host(X509 *, const char *name, size_t namelen,
+                     unsigned int flags, char **peername);
+ int X509_check_email(X509 *, const char *address, size_t addresslen,
+                      unsigned int flags);
+ int X509_check_ip(X509 *, const unsigned char *address, size_t addresslen,
+                   unsigned int flags);
+ int X509_check_ip_asc(X509 *, const char *address, unsigned int flags);
    +

    +

    +
    +

    DESCRIPTION

    +

    The certificate matching functions are used to check whether a +certificate matches a given hostname, email address, or IP address. +The validity of the certificate and its trust level has to be checked by +other means.

    +

    X509_check_host() checks if the certificate Subject Alternative +Name (SAN) or Subject CommonName (CN) matches the specified host +name, which must be encoded in the preferred name syntax described +in section 3.5 of RFC 1034. By default, wildcards are supported +and they match only in the left-most label; but they may match +part of that label with an explicit prefix or suffix. For example, +by default, the host name "www.example.com" would match a +certificate with a SAN or CN value of "*.example.com", "w*.example.com" +or "*w.example.com".

    +

    Per section 6.4.2 of RFC 6125, name values representing international +domain names must be given in A-label form. The namelen argument +must be the number of characters in the name string or zero in which +case the length is calculated with strlen(name). When name starts +with a dot (e.g ".example.com"), it will be matched by a certificate +valid for any sub-domain of name, (see also +X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS below).

    +

    When the certificate is matched, and peername is not NULL, a +pointer to a copy of the matching SAN or CN from the peer certificate +is stored at the address passed in peername. The application +is responsible for freeing the peername via OPENSSL_free() when it +is no longer needed.

    +

    X509_check_email() checks if the certificate matches the specified +email address. Only the mailbox syntax of RFC 822 is supported, +comments are not allowed, and no attempt is made to normalize quoted +characters. The addresslen argument must be the number of +characters in the address string or zero in which case the length +is calculated with strlen(address).

    +

    X509_check_ip() checks if the certificate matches a specified IPv4 or +IPv6 address. The address array is in binary format, in network +byte order. The length is either 4 (IPv4) or 16 (IPv6). Only +explicitly marked addresses in the certificates are considered; IP +addresses stored in DNS names and Common Names are ignored.

    +

    X509_check_ip_asc() is similar, except that the NUL-terminated +string address is first converted to the internal representation.

    +

    The flags argument is usually 0. It can be the bitwise OR of the +flags:

    +
    +
    X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT,
    + +
    X509_CHECK_FLAG_NEVER_CHECK_SUBJECT,
    + +
    X509_CHECK_FLAG_NO_WILDCARDS,
    + +
    X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS,
    + +
    X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS.
    + +
    X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS.
    + +
    +

    The X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT flag causes the function +to consider the subject DN even if the certificate contains at least +one subject alternative name of the right type (DNS name or email +address as appropriate); the default is to ignore the subject DN +when at least one corresponding subject alternative names is present.

    +

    The X509_CHECK_FLAG_NEVER_CHECK_SUBJECT flag causes the function to never +consider the subject DN even if the certificate contains no subject alternative +names of the right type (DNS name or email address as appropriate); the default +is to use the subject DN when no corresponding subject alternative names are +present. +If both X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT and +X509_CHECK_FLAG_NEVER_CHECK_SUBJECT are specified, the latter takes +precedence and the subject DN is not checked for matching names.

    +

    If set, X509_CHECK_FLAG_NO_WILDCARDS disables wildcard +expansion; this only applies to X509_check_host.

    +

    If set, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS suppresses support +for "*" as wildcard pattern in labels that have a prefix or suffix, +such as: "www*" or "*www"; this only applies to X509_check_host.

    +

    If set, X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS allows a "*" that +constitutes the complete label of a DNS name (e.g. "*.example.com") +to match more than one label in name; this flag only applies +to X509_check_host.

    +

    If set, X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS restricts name +values which start with ".", that would otherwise match any sub-domain +in the peer certificate, to only match direct child sub-domains. +Thus, for instance, with this flag set a name of ".example.com" +would match a peer certificate with a DNS name of "www.example.com", +but would not match a peer certificate with a DNS name of +"www.sub.example.com"; this flag only applies to X509_check_host.

    +

    +

    +
    +

    RETURN VALUES

    +

    The functions return 1 for a successful match, 0 for a failed match +and -1 for an internal error: typically a memory allocation failure +or an ASN.1 decoding error.

    +

    All functions can also return -2 if the input is malformed. For example, +X509_check_host() returns -2 if the provided name contains embedded +NULs.

    +

    +

    +
    +

    NOTES

    +

    Applications are encouraged to use X509_VERIFY_PARAM_set1_host() +rather than explicitly calling X509_check_host(3). Hostname +checks may be out of scope with the DANE-EE(3) certificate usage, +and the internal checks will be suppressed as appropriate when +DANE support is enabled.

    +

    +

    +
    +

    SEE ALSO

    +

    SSL_get_verify_result(3), +X509_VERIFY_PARAM_set1_host(3), +X509_VERIFY_PARAM_add1_host(3), +X509_VERIFY_PARAM_set1_email(3), +X509_VERIFY_PARAM_set1_ip(3), +X509_VERIFY_PARAM_set1_ipasc(3)

    +

    +

    +
    +

    HISTORY

    +

    These functions were added in OpenSSL 1.0.2.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/X509_check_issued.html b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_check_issued.html new file mode 100755 index 0000000..3427e1e --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_check_issued.html @@ -0,0 +1,81 @@ + + + + +X509_check_issued + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_check_issued - checks if certificate is issued by another +certificate

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509v3.h>
    +
    + int X509_check_issued(X509 *issuer, X509 *subject);
    +

    +

    +
    +

    DESCRIPTION

    +

    This function checks if certificate subject was issued using CA +certificate issuer. This function takes into account not only +matching of issuer field of subject with subject field of issuer, +but also compares authorityKeyIdentifier extension of subject with +subjectKeyIdentifier of issuer if authorityKeyIdentifier +present in the subject certificate and checks keyUsage field of +issuer.

    +

    +

    +
    +

    RETURN VALUES

    +

    Function return X509_V_OK if certificate subject is issued by +issuer or some X509_V_ERR* constant to indicate an error.

    +

    +

    +
    +

    SEE ALSO

    +

    X509_verify_cert(3), +X509_check_ca(3), +openssl-verify(1)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/X509_check_private_key.html b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_check_private_key.html new file mode 100755 index 0000000..d94d99a --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_check_private_key.html @@ -0,0 +1,91 @@ + + + + +X509_check_private_key + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_check_private_key, X509_REQ_check_private_key - check the consistency +of a private key with the public key in an X509 certificate or certificate +request

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509.h>
    +
    + int X509_check_private_key(X509 *x, EVP_PKEY *k);
    +
    + int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k);
    +

    +

    +
    +

    DESCRIPTION

    +

    X509_check_private_key() function checks the consistency of private +key k with the public key in x.

    +

    X509_REQ_check_private_key() is equivalent to X509_check_private_key() +except that x represents a certificate request of structure X509_REQ.

    +

    +

    +
    +

    RETURN VALUES

    +

    X509_check_private_key() and X509_REQ_check_private_key() return 1 if +the keys match each other, and 0 if not.

    +

    If the key is invalid or an error occurred, the reason code can be +obtained using ERR_get_error(3).

    +

    +

    +
    +

    BUGS

    +

    The check_private_key functions don't check if k itself is indeed +a private key or not. It merely compares the public materials (e.g. exponent +and modulus of an RSA key) and/or key parameters (e.g. EC params of an EC key) +of a key pair. So if you pass a public key to these functions in k, it will +return success.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/X509_cmp.html b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_cmp.html new file mode 100755 index 0000000..ffc33bc --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_cmp.html @@ -0,0 +1,112 @@ + + + + +X509_cmp + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_cmp, X509_NAME_cmp, +X509_issuer_and_serial_cmp, X509_issuer_name_cmp, X509_subject_name_cmp, +X509_CRL_cmp, X509_CRL_match +- compare X509 certificates and related values

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509.h>
    +
    + int X509_cmp(const X509 *a, const X509 *b);
+ int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b);
+ int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
+ int X509_issuer_name_cmp(const X509 *a, const X509 *b);
+ int X509_subject_name_cmp(const X509 *a, const X509 *b);
+ int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b);
+ int X509_CRL_match(const X509_CRL *a, const X509_CRL *b);
    +

    +

    +
    +

    DESCRIPTION

    +

    This set of functions are used to compare X509 objects, including X509 +certificates, X509 CRL objects and various values in an X509 certificate.

    +

    The X509_cmp() function compares two X509 objects indicated by parameters +a and b. The comparison is based on the memcmp result of the hash +values of two X509 objects and the canonical (DER) encoding values.

    +

    The X509_NAME_cmp() function compares two X509_NAME objects indicated by +parameters a and b. The comparison is based on the memcmp result of +the canonical (DER) encoding values of the two objects. i2d_X509_NAME(3) +has a more detailed description of the DER encoding of the X509_NAME structure.

    +

    The X509_issuer_and_serial_cmp() function compares the serial number and issuer +values in the given X509 objects a and b.

    +

    The X509_issuer_name_cmp(), X509_subject_name_cmp() and X509_CRL_cmp() functions +are effectively wrappers of the X509_NAME_cmp() function. These functions compare +issuer names and subject names of the objects, or issuers of X509_CRL +objects, respectively.

    +

    The X509_CRL_match() function compares two X509_CRL objects. Unlike the +X509_CRL_cmp() function, this function compares the whole CRL content instead +of just the issuer name.

    +

    +

    +
    +

    RETURN VALUES

    +

    Like common memory comparison functions, the X509 comparison functions return +an integer less than, equal to, or greater than zero if object a is found to +be less than, to match, or be greater than object b, respectively.

    +

    X509_NAME_cmp(), X509_issuer_and_serial_cmp(), X509_issuer_name_cmp(), +X509_subject_name_cmp() and X509_CRL_cmp() may return -2 to indicate an error.

    +

    +

    +
    +

    NOTES

    +

    These functions in fact utilize the underlying memcmp of the C library to do +the comparison job. Data to be compared varies from DER encoding data, hash +value or ASN1_STRING. The sign of the comparison can be used to order the +objects but it does not have a special meaning in some cases.

    +

    X509_NAME_cmp() and wrappers utilize the value -2 to indicate errors in some +circumstances, which could cause confusion for the applications.

    +

    +

    +
    +

    SEE ALSO

    +

    i2d_X509_NAME(3), i2d_X509(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/X509_cmp_time.html b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_cmp_time.html new file mode 100755 index 0000000..f7ce58c --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_cmp_time.html @@ -0,0 +1,113 @@ + + + + +X509_cmp_time + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_cmp_time, X509_cmp_current_time, X509_cmp_timeframe, +X509_time_adj, X509_time_adj_ex +- X509 time functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + int X509_cmp_time(const ASN1_TIME *asn1_time, time_t *in_tm);
+ int X509_cmp_current_time(const ASN1_TIME *asn1_time);
+ int X509_cmp_timeframe(const X509_VERIFY_PARAM *vpm,
+                        const ASN1_TIME *start, const ASN1_TIME *end);
+ ASN1_TIME *X509_time_adj(ASN1_TIME *asn1_time, long offset_sec, time_t *in_tm);
+ ASN1_TIME *X509_time_adj_ex(ASN1_TIME *asn1_time, int offset_day, long
+                             offset_sec, time_t *in_tm);
    +

    +

    +
    +

    DESCRIPTION

    +

    X509_cmp_time() compares the ASN1_TIME in asn1_time with the time +in <in_tm>.

    +

    X509_cmp_current_time() compares the ASN1_TIME in +asn1_time with the current time, expressed as time_t.

    +

    X509_cmp_timeframe() compares the given time period with the reference time +included in the verification parameters vpm if they are not NULL and contain +X509_V_FLAG_USE_CHECK_TIME; else the current time is used as reference time.

    +

    X509_time_adj_ex() sets the ASN1_TIME structure asn1_time to the time +offset_day and offset_sec after in_tm.

    +

    X509_time_adj() sets the ASN1_TIME structure asn1_time to the time +offset_sec after in_tm. This method can only handle second +offsets up to the capacity of long, so the newer X509_time_adj_ex() +API should be preferred.

    +

    In both methods, if asn1_time is NULL, a new ASN1_TIME structure +is allocated and returned.

    +

    In all methods, if in_tm is NULL, the current time, expressed as +time_t, is used.

    +

    asn1_time must satisfy the ASN1_TIME format mandated by RFC 5280, +i.e., its format must be either YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ.

    +

    +

    +
    +

    BUGS

    +

    Unlike many standard comparison functions, X509_cmp_time() and +X509_cmp_current_time() return 0 on error.

    +

    +

    +
    +

    RETURN VALUES

    +

    X509_cmp_time() and X509_cmp_current_time() return -1 if asn1_time +is earlier than, or equal to, in_tm (resp. current time), and 1 +otherwise. These methods return 0 on error.

    +

    X509_cmp_timeframe() returns 0 if vpm is not NULL and the verification +parameters do not contain X509_V_FLAG_USE_CHECK_TIME +but do contain X509_V_FLAG_NO_CHECK_TIME. Otherwise it returns +1 if the end time is not NULL and the reference time (which has determined as +stated above) is past the end time, -1 if the start time is not NULL and the +reference time is before, else 0 to indicate that the reference time is in range +(implying that the end time is not before the start time if both are present).

    +

    X509_time_adj() and X509_time_adj_ex() return a pointer to the updated +ASN1_TIME structure, and NULL on error.

    +

    +

    +
    +

    HISTORY

    +

    X509_cmp_timeframe() was added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/X509_digest.html b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_digest.html new file mode 100755 index 0000000..3661b89 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_digest.html @@ -0,0 +1,103 @@ + + + + +X509_digest + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_digest, X509_CRL_digest, +X509_pubkey_digest, +X509_NAME_digest, +X509_REQ_digest, +PKCS7_ISSUER_AND_SERIAL_digest +- get digest of various objects

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509.h>
    +
    + int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
+                 unsigned int *len);
    +
    + int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, unsigned char *md,
+                     unsigned int *len);
    +
    + int X509_pubkey_digest(const X509 *data, const EVP_MD *type,
+                        unsigned char *md, unsigned int *len);
    +
    + int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type,
+                     unsigned char *md, unsigned int *len);
    +
    + int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type,
+                      unsigned char *md, unsigned int *len);
    +
    + #include <openssl/pkcs7.h>
    +
    + int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,
+                                    const EVP_MD *type, unsigned char *md,
+                                    unsigned int *len);
    +

    +

    +
    +

    DESCRIPTION

    +

    X509_pubkey_digest() returns a digest of the DER representation of the public +key in the specified X509 data object. +All other functions described here return a digest of the DER representation +of their entire data objects.

    +

    The type parameter specifies the digest to +be used, such as EVP_sha1(). The md is a pointer to the buffer where the +digest will be copied and is assumed to be large enough; the constant +EVP_MAX_MD_SIZE is suggested. The len parameter, if not NULL, points +to a place where the digest size will be stored.

    +

    +

    +
    +

    RETURN VALUES

    +

    All functions described here return 1 for success and 0 for failure.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_sha1(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/X509_dup.html b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_dup.html new file mode 100755 index 0000000..4148511 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_dup.html @@ -0,0 +1,378 @@ + + + + +X509_dup + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    DECLARE_ASN1_FUNCTIONS, +IMPLEMENT_ASN1_FUNCTIONS, +ASN1_ITEM, +ACCESS_DESCRIPTION_free, +ACCESS_DESCRIPTION_new, +ADMISSIONS_free, +ADMISSIONS_new, +ADMISSION_SYNTAX_free, +ADMISSION_SYNTAX_new, +ASIdOrRange_free, +ASIdOrRange_new, +ASIdentifierChoice_free, +ASIdentifierChoice_new, +ASIdentifiers_free, +ASIdentifiers_new, +ASRange_free, +ASRange_new, +AUTHORITY_INFO_ACCESS_free, +AUTHORITY_INFO_ACCESS_new, +AUTHORITY_KEYID_free, +AUTHORITY_KEYID_new, +BASIC_CONSTRAINTS_free, +BASIC_CONSTRAINTS_new, +CERTIFICATEPOLICIES_free, +CERTIFICATEPOLICIES_new, +CMS_ContentInfo_free, +CMS_ContentInfo_new, +CMS_ContentInfo_print_ctx, +CMS_ReceiptRequest_free, +CMS_ReceiptRequest_new, +CRL_DIST_POINTS_free, +CRL_DIST_POINTS_new, +DIRECTORYSTRING_free, +DIRECTORYSTRING_new, +DISPLAYTEXT_free, +DISPLAYTEXT_new, +DIST_POINT_NAME_free, +DIST_POINT_NAME_new, +DIST_POINT_free, +DIST_POINT_new, +DSAparams_dup, +ECPARAMETERS_free, +ECPARAMETERS_new, +ECPKPARAMETERS_free, +ECPKPARAMETERS_new, +EDIPARTYNAME_free, +EDIPARTYNAME_new, +ESS_CERT_ID_dup, +ESS_CERT_ID_free, +ESS_CERT_ID_new, +ESS_CERT_ID_V2_dup, +ESS_CERT_ID_V2_free, +ESS_CERT_ID_V2_new, +ESS_ISSUER_SERIAL_dup, +ESS_ISSUER_SERIAL_free, +ESS_ISSUER_SERIAL_new, +ESS_SIGNING_CERT_dup, +ESS_SIGNING_CERT_free, +ESS_SIGNING_CERT_new, +ESS_SIGNING_CERT_V2_dup, +ESS_SIGNING_CERT_V2_free, +ESS_SIGNING_CERT_V2_new, +EXTENDED_KEY_USAGE_free, +EXTENDED_KEY_USAGE_new, +GENERAL_NAMES_free, +GENERAL_NAMES_new, +GENERAL_NAME_dup, +GENERAL_NAME_free, +GENERAL_NAME_new, +GENERAL_SUBTREE_free, +GENERAL_SUBTREE_new, +IPAddressChoice_free, +IPAddressChoice_new, +IPAddressFamily_free, +IPAddressFamily_new, +IPAddressOrRange_free, +IPAddressOrRange_new, +IPAddressRange_free, +IPAddressRange_new, +ISSUING_DIST_POINT_free, +ISSUING_DIST_POINT_new, +NAME_CONSTRAINTS_free, +NAME_CONSTRAINTS_new, +NAMING_AUTHORITY_free, +NAMING_AUTHORITY_new, +NETSCAPE_CERT_SEQUENCE_free, +NETSCAPE_CERT_SEQUENCE_new, +NETSCAPE_SPKAC_free, +NETSCAPE_SPKAC_new, +NETSCAPE_SPKI_free, +NETSCAPE_SPKI_new, +NOTICEREF_free, +NOTICEREF_new, +OCSP_BASICRESP_free, +OCSP_BASICRESP_new, +OCSP_CERTID_dup, +OCSP_CERTID_new, +OCSP_CERTSTATUS_free, +OCSP_CERTSTATUS_new, +OCSP_CRLID_free, +OCSP_CRLID_new, +OCSP_ONEREQ_free, +OCSP_ONEREQ_new, +OCSP_REQINFO_free, +OCSP_REQINFO_new, +OCSP_RESPBYTES_free, +OCSP_RESPBYTES_new, +OCSP_RESPDATA_free, +OCSP_RESPDATA_new, +OCSP_RESPID_free, +OCSP_RESPID_new, +OCSP_RESPONSE_new, +OCSP_REVOKEDINFO_free, +OCSP_REVOKEDINFO_new, +OCSP_SERVICELOC_free, +OCSP_SERVICELOC_new, +OCSP_SIGNATURE_free, +OCSP_SIGNATURE_new, +OCSP_SINGLERESP_free, +OCSP_SINGLERESP_new, +OSSL_CMP_ITAV_free, +OSSL_CMP_MSG_it, +OSSL_CMP_MSG_free, +OSSL_CMP_PKIHEADER_free, +OSSL_CMP_PKIHEADER_it, +OSSL_CMP_PKIHEADER_new, +OSSL_CMP_PKISI_free, +OSSL_CMP_PKISI_new, +OSSL_CMP_PKISTATUS_it, +OSSL_CRMF_CERTID_free, +OSSL_CRMF_CERTID_it, +OSSL_CRMF_CERTID_new, +OSSL_CRMF_CERTTEMPLATE_free, +OSSL_CRMF_CERTTEMPLATE_it, +OSSL_CRMF_CERTTEMPLATE_new, +OSSL_CRMF_ENCRYPTEDVALUE_free, +OSSL_CRMF_ENCRYPTEDVALUE_it, +OSSL_CRMF_ENCRYPTEDVALUE_new, +OSSL_CRMF_MSGS_free, +OSSL_CRMF_MSGS_it, +OSSL_CRMF_MSGS_new, +OSSL_CRMF_MSG_free, +OSSL_CRMF_MSG_it, +OSSL_CRMF_MSG_new, +OSSL_CRMF_PBMPARAMETER_free, +OSSL_CRMF_PBMPARAMETER_it, +OSSL_CRMF_PBMPARAMETER_new, +OSSL_CRMF_PKIPUBLICATIONINFO_free, +OSSL_CRMF_PKIPUBLICATIONINFO_it, +OSSL_CRMF_PKIPUBLICATIONINFO_new, +OSSL_CRMF_SINGLEPUBINFO_free, +OSSL_CRMF_SINGLEPUBINFO_it, +OSSL_CRMF_SINGLEPUBINFO_new, +OTHERNAME_free, +OTHERNAME_new, +PBE2PARAM_free, +PBE2PARAM_new, +PBEPARAM_free, +PBEPARAM_new, +PBKDF2PARAM_free, +PBKDF2PARAM_new, +PKCS12_BAGS_free, +PKCS12_BAGS_new, +PKCS12_MAC_DATA_free, +PKCS12_MAC_DATA_new, +PKCS12_SAFEBAG_free, +PKCS12_SAFEBAG_new, +PKCS12_free, +PKCS12_new, +PKCS7_DIGEST_free, +PKCS7_DIGEST_new, +PKCS7_ENCRYPT_free, +PKCS7_ENCRYPT_new, +PKCS7_ENC_CONTENT_free, +PKCS7_ENC_CONTENT_new, +PKCS7_ENVELOPE_free, +PKCS7_ENVELOPE_new, +PKCS7_ISSUER_AND_SERIAL_free, +PKCS7_ISSUER_AND_SERIAL_new, +PKCS7_RECIP_INFO_free, +PKCS7_RECIP_INFO_new, +PKCS7_SIGNED_free, +PKCS7_SIGNED_new, +PKCS7_SIGNER_INFO_free, +PKCS7_SIGNER_INFO_new, +PKCS7_SIGN_ENVELOPE_free, +PKCS7_SIGN_ENVELOPE_new, +PKCS7_dup, +PKCS7_free, +PKCS7_new, +PKCS7_print_ctx, +PKCS8_PRIV_KEY_INFO_free, +PKCS8_PRIV_KEY_INFO_new, +PKEY_USAGE_PERIOD_free, +PKEY_USAGE_PERIOD_new, +POLICYINFO_free, +POLICYINFO_new, +POLICYQUALINFO_free, +POLICYQUALINFO_new, +POLICY_CONSTRAINTS_free, +POLICY_CONSTRAINTS_new, +POLICY_MAPPING_free, +POLICY_MAPPING_new, +PROFESSION_INFOS_free, +PROFESSION_INFOS_new, +PROFESSION_INFO_free, +PROFESSION_INFO_new, +PROXY_CERT_INFO_EXTENSION_free, +PROXY_CERT_INFO_EXTENSION_new, +PROXY_POLICY_free, +PROXY_POLICY_new, +RSAPrivateKey_dup, +RSAPublicKey_dup, +RSA_OAEP_PARAMS_free, +RSA_OAEP_PARAMS_new, +RSA_PSS_PARAMS_free, +RSA_PSS_PARAMS_new, +SCRYPT_PARAMS_free, +SCRYPT_PARAMS_new, +SXNETID_free, +SXNETID_new, +SXNET_free, +SXNET_new, +TLS_FEATURE_free, +TLS_FEATURE_new, +TS_ACCURACY_dup, +TS_ACCURACY_free, +TS_ACCURACY_new, +TS_MSG_IMPRINT_dup, +TS_MSG_IMPRINT_free, +TS_MSG_IMPRINT_new, +TS_REQ_dup, +TS_REQ_free, +TS_REQ_new, +TS_RESP_dup, +TS_RESP_free, +TS_RESP_new, +TS_STATUS_INFO_dup, +TS_STATUS_INFO_free, +TS_STATUS_INFO_new, +TS_TST_INFO_dup, +TS_TST_INFO_free, +TS_TST_INFO_new, +USERNOTICE_free, +USERNOTICE_new, +X509_ALGOR_free, +X509_ALGOR_new, +X509_ATTRIBUTE_dup, +X509_ATTRIBUTE_free, +X509_ATTRIBUTE_new, +X509_CERT_AUX_free, +X509_CERT_AUX_new, +X509_CINF_free, +X509_CINF_new, +X509_CRL_INFO_free, +X509_CRL_INFO_new, +X509_CRL_dup, +X509_CRL_free, +X509_CRL_new, +X509_EXTENSION_dup, +X509_EXTENSION_free, +X509_EXTENSION_new, +X509_NAME_ENTRY_dup, +X509_NAME_ENTRY_free, +X509_NAME_ENTRY_new, +X509_NAME_dup, +X509_NAME_free, +X509_NAME_new, +X509_REQ_INFO_free, +X509_REQ_INFO_new, +X509_REQ_dup, +X509_REQ_free, +X509_REQ_new, +X509_REVOKED_dup, +X509_REVOKED_free, +X509_REVOKED_new, +X509_SIG_free, +X509_SIG_new, +X509_VAL_free, +X509_VAL_new, +X509_dup, +- ASN1 object utilities

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/asn1t.h>
    +
    + DECLARE_ASN1_FUNCTIONS(type)
+ IMPLEMENT_ASN1_FUNCTIONS(stname)
    +
    + typedef struct ASN1_ITEM_st ASN1_ITEM;
    +
    + extern const ASN1_ITEM TYPE_it;
+ TYPE *TYPE_new(void);
+ TYPE *TYPE_dup(const TYPE *a);
+ void TYPE_free(TYPE *a);
+ int TYPE_print_ctx(BIO *out, TYPE *a, int indent, const ASN1_PCTX *pctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    In the description below, TYPE is used +as a placeholder for any of the OpenSSL datatypes, such as X509.

    +

    The OpenSSL ASN1 parsing library templates are like a data-driven bytecode +interpreter. +Every ASN1 object as a global variable, TYPE_it, that describes the item +such as its fields. (On systems which cannot export variables from shared +libraries, the global is instead a function which returns a pointer to a +static variable.

    +

    The macro DECLARE_ASN1_FUNCTIONS() is typically used in header files +to generate the function declarations.

    +

    The macro IMPLEMENT_ASN1_FUNCTIONS() is used once in a source file +to generate the function bodies.

    +

    TYPE_new() allocates an empty object of the indicated type. +The object returned must be released by calling TYPE_free().

    +

    TYPE_dup() copies an existing object, leaving it untouched.

    +

    TYPE_free() releases the object and all pointers and sub-objects +within it.

    +

    TYPE_print_ctx() prints the object a on the specified BIO out. +Each line will be prefixed with indent spaces. +The pctx specifies the printing context and is for internal +use; use NULL to get the default behavior. If a print function is +user-defined, then pass in any pctx down to any nested calls.

    +

    +

    +
    +

    RETURN VALUES

    +

    TYPE_new() and TYPE_dup() return a pointer to the object or NULL on +failure.

    +

    TYPE_print_ctx() returns 1 on success or zero on failure.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/X509_get0_notBefore.html b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_get0_notBefore.html new file mode 100755 index 0000000..e08f234 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_get0_notBefore.html @@ -0,0 +1,135 @@ + + + + +X509_get0_notBefore + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_get0_notBefore, X509_getm_notBefore, X509_get0_notAfter, +X509_getm_notAfter, X509_set1_notBefore, X509_set1_notAfter, +X509_CRL_get0_lastUpdate, X509_CRL_get0_nextUpdate, X509_CRL_set1_lastUpdate, +X509_CRL_set1_nextUpdate - get or set certificate or CRL dates

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509.h>
    +
    + const ASN1_TIME *X509_get0_notBefore(const X509 *x);
+ const ASN1_TIME *X509_get0_notAfter(const X509 *x);
    +
    + ASN1_TIME *X509_getm_notBefore(const X509 *x);
+ ASN1_TIME *X509_getm_notAfter(const X509 *x);
    +
    + int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm);
+ int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm);
    +
    + const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl);
+ const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl);
    +
    + int X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm);
+ int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm);
    +

    +

    +
    +

    DESCRIPTION

    +

    X509_get0_notBefore() and X509_get0_notAfter() return the notBefore +and notAfter fields of certificate x respectively. The value +returned is an internal pointer which must not be freed up after +the call.

    +

    X509_getm_notBefore() and X509_getm_notAfter() are similar to +X509_get0_notBefore() and X509_get0_notAfter() except they return +non-constant mutable references to the associated date field of +the certificate.

    +

    X509_set1_notBefore() and X509_set1_notAfter() set the notBefore +and notAfter fields of x to tm. Ownership of the passed +parameter tm is not transferred by these functions so it must +be freed up after the call.

    +

    X509_CRL_get0_lastUpdate() and X509_CRL_get0_nextUpdate() return the +lastUpdate and nextUpdate fields of crl. The value +returned is an internal pointer which must not be freed up after +the call. If the nextUpdate field is absent from crl then +NULL is returned.

    +

    X509_CRL_set1_lastUpdate() and X509_CRL_set1_nextUpdate() set the lastUpdate +and nextUpdate fields of crl to tm. Ownership of the passed parameter +tm is not transferred by these functions so it must be freed up after the +call.

    +

    +

    +
    +

    RETURN VALUES

    +

    X509_get0_notBefore(), X509_get0_notAfter() and X509_CRL_get0_lastUpdate() +return a pointer to an ASN1_TIME structure.

    +

    X509_CRL_get0_lastUpdate() return a pointer to an ASN1_TIME structure +or NULL if the lastUpdate field is absent.

    +

    X509_set1_notBefore(), X509_set1_notAfter(), X509_CRL_set1_lastUpdate() and +X509_CRL_set1_nextUpdate() return 1 for success or 0 for failure.

    +

    +

    +
    +

    SEE ALSO

    +

    d2i_X509(3), +ERR_get_error(3), +X509_CRL_get0_by_serial(3), +X509_get0_signature(3), +X509_get_ext_d2i(3), +X509_get_extension_flags(3), +X509_get_pubkey(3), +X509_get_subject_name(3), +X509_NAME_add_entry_by_txt(3), +X509_NAME_ENTRY_get_object(3), +X509_NAME_get_index_by_NID(3), +X509_NAME_print_ex(3), +X509_new(3), +X509_sign(3), +X509V3_get_d2i(3), +X509_verify_cert(3)

    +

    +

    +
    +

    HISTORY

    +

    These functions are available in all versions of OpenSSL.

    +

    X509_get_notBefore() and X509_get_notAfter() were deprecated in OpenSSL +1.1.0

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/X509_get0_signature.html b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_get0_signature.html new file mode 100755 index 0000000..0f90428 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_get0_signature.html @@ -0,0 +1,162 @@ + + + + +X509_get0_signature + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_get0_signature, X509_get_signature_nid, X509_get0_tbs_sigalg, +X509_REQ_get0_signature, X509_REQ_get_signature_nid, X509_CRL_get0_signature, +X509_CRL_get_signature_nid, X509_get_signature_info, X509_SIG_INFO_get, +X509_SIG_INFO_set - signature information

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509.h>
    +
    + void X509_get0_signature(const ASN1_BIT_STRING **psig,
+                          const X509_ALGOR **palg,
+                          const X509 *x);
+ int X509_get_signature_nid(const X509 *x);
+ const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x);
    +
    + void X509_REQ_get0_signature(const X509_REQ *crl,
+                              const ASN1_BIT_STRING **psig,
+                              const X509_ALGOR **palg);
+ int X509_REQ_get_signature_nid(const X509_REQ *crl);
    +
    + void X509_CRL_get0_signature(const X509_CRL *crl,
+                              const ASN1_BIT_STRING **psig,
+                              const X509_ALGOR **palg);
+ int X509_CRL_get_signature_nid(const X509_CRL *crl);
    +
    + int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits,
+                             uint32_t *flags);
    +
    + int X509_SIG_INFO_get(const X509_SIG_INFO *siginf, int *mdnid, int *pknid,
+                      int *secbits, uint32_t *flags);
+ void X509_SIG_INFO_set(X509_SIG_INFO *siginf, int mdnid, int pknid,
+                        int secbits, uint32_t flags);
    +

    +

    +
    +

    DESCRIPTION

    +

    X509_get0_signature() sets *psig to the signature of x and *palg +to the signature algorithm of x. The values returned are internal +pointers which MUST NOT be freed up after the call.

    +

    X509_get0_tbs_sigalg() returns the signature algorithm in the signed +portion of x.

    +

    X509_get_signature_nid() returns the NID corresponding to the signature +algorithm of x.

    +

    X509_REQ_get0_signature(), X509_REQ_get_signature_nid() +X509_CRL_get0_signature() and X509_CRL_get_signature_nid() perform the +same function for certificate requests and CRLs.

    +

    X509_get_signature_info() retrieves information about the signature of +certificate x. The NID of the signing digest is written to *mdnid, +the public key algorithm to *pknid, the effective security bits to +*secbits and flag details to *flags. Any of the parameters can +be set to NULL if the information is not required.

    +

    X509_SIG_INFO_get() and X509_SIG_INFO_set() get and set information +about a signature in an X509_SIG_INFO structure. They are only +used by implementations of algorithms which need to set custom +signature information: most applications will never need to call +them.

    +

    +

    +
    +

    NOTES

    +

    These functions provide lower level access to signatures in certificates +where an application wishes to analyse or generate a signature in a form +where X509_sign() et al is not appropriate (for example a non standard +or unsupported format).

    +

    The security bits returned by X509_get_signature_info() refers to information +available from the certificate signature (such as the signing digest). In some +cases the actual security of the signature is less because the signing +key is less secure: for example a certificate signed using SHA-512 and a +1024 bit RSA key.

    +

    +

    +
    +

    RETURN VALUES

    +

    X509_get_signature_nid(), X509_REQ_get_signature_nid() and +X509_CRL_get_signature_nid() return a NID.

    +

    X509_get0_signature(), X509_REQ_get0_signature() and +X509_CRL_get0_signature() do not return values.

    +

    X509_get_signature_info() returns 1 if the signature information +returned is valid or 0 if the information is not available (e.g. +unknown algorithms or malformed parameters).

    +

    +

    +
    +

    SEE ALSO

    +

    d2i_X509(3), +ERR_get_error(3), +X509_CRL_get0_by_serial(3), +X509_get_ext_d2i(3), +X509_get_extension_flags(3), +X509_get_pubkey(3), +X509_get_subject_name(3), +X509_get_version(3), +X509_NAME_add_entry_by_txt(3), +X509_NAME_ENTRY_get_object(3), +X509_NAME_get_index_by_NID(3), +X509_NAME_print_ex(3), +X509_new(3), +X509_sign(3), +X509V3_get_d2i(3), +X509_verify_cert(3)

    +

    +

    +
    +

    HISTORY

    +

    The +X509_get0_signature() and X509_get_signature_nid() functions were +added in OpenSSL 1.0.2.

    +

    The +X509_REQ_get0_signature(), X509_REQ_get_signature_nid(), +X509_CRL_get0_signature() and X509_CRL_get_signature_nid() were +added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/X509_get0_sm2_id.html b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_get0_sm2_id.html new file mode 100755 index 0000000..6e23de4 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_get0_sm2_id.html @@ -0,0 +1,92 @@ + + + + +X509_get0_sm2_id + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_get0_sm2_id, X509_set0_sm2_id, +X509_REQ_get0_sm2_id, X509_REQ_set0_sm2_id +- get or set SM2 ID for certificate operations

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509.h>
    +
    + ASN1_OCTET_STRING *X509_get0_sm2_id(X509 *x);
+ void X509_set0_sm2_id(X509 *x, ASN1_OCTET_STRING *sm2_id);
+ ASN1_OCTET_STRING *X509_REQ_get0_sm2_id(X509_REQ *x);
+ void X509_REQ_set0_sm2_id(X509_REQ *x, ASN1_OCTET_STRING *sm2_id);
    +

    +

    +
    +

    DESCRIPTION

    +

    X509_get0_sm2_id() gets the ID value of an SM2 certificate x by returning an +ASN1_OCTET_STRING object which should not be freed by the caller.

    +

    X509_set0_sm2_id() sets the sm2_id value to an SM2 certificate x. Calling +this function transfers the memory management of the value to the X509 object, +and therefore the value that has been passed in should not be freed by the +caller after this function has been called.

    +

    X509_REQ_get0_sm2_id() and X509_REQ_set0_sm2_id() have the same functionality +as X509_get0_sm2_id() and X509_set0_sm2_id() except that they deal with +X509_REQ objects instead of X509.

    +

    +

    +
    +

    NOTES

    +

    SM2 signature algorithm requires an ID value when generating and verifying a +signature. The functions described in this manual provide the user with the +ability to set and retrieve the SM2 ID value.

    +

    +

    +
    +

    RETURN VALUES

    +

    X509_set0_sm2_id() and X509_REQ_set0_sm2_id() do not return a value.

    +

    +

    +
    +

    SEE ALSO

    +

    X509_verify(3), SM2(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/X509_get0_uids.html b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_get0_uids.html new file mode 100755 index 0000000..c652cff --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_get0_uids.html @@ -0,0 +1,96 @@ + + + + +X509_get0_uids + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_get0_uids - get certificate unique identifiers

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509.h>
    +
    + void X509_get0_uids(const X509 *x, const ASN1_BIT_STRING **piuid,
+                     const ASN1_BIT_STRING **psuid);
    +

    +

    +
    +

    DESCRIPTION

    +

    X509_get0_uids() sets *piuid and *psuid to the issuer and subject unique +identifiers of certificate x or NULL if the fields are not present.

    +

    +

    +
    +

    NOTES

    +

    The issuer and subject unique identifier fields are very rarely encountered in +practice outside test cases.

    +

    +

    +
    +

    RETURN VALUES

    +

    X509_get0_uids() does not return a value.

    +

    +

    +
    +

    SEE ALSO

    +

    d2i_X509(3), +ERR_get_error(3), +X509_CRL_get0_by_serial(3), +X509_get0_signature(3), +X509_get_ext_d2i(3), +X509_get_extension_flags(3), +X509_get_pubkey(3), +X509_get_subject_name(3), +X509_get_version(3), +X509_NAME_add_entry_by_txt(3), +X509_NAME_ENTRY_get_object(3), +X509_NAME_get_index_by_NID(3), +X509_NAME_print_ex(3), +X509_new(3), +X509_sign(3), +X509V3_get_d2i(3), +X509_verify_cert(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/X509_get_extension_flags.html b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_get_extension_flags.html new file mode 100755 index 0000000..4b566a7 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_get_extension_flags.html @@ -0,0 +1,227 @@ + + + + +X509_get_extension_flags + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_get0_subject_key_id, +X509_get0_authority_key_id, +X509_get0_authority_issuer, +X509_get0_authority_serial, +X509_get_pathlen, +X509_get_extension_flags, +X509_get_key_usage, +X509_get_extended_key_usage, +X509_set_proxy_flag, +X509_set_proxy_pathlen, +X509_get_proxy_pathlen - retrieve certificate extension data

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509v3.h>
    +
    + long X509_get_pathlen(X509 *x);
+ uint32_t X509_get_extension_flags(X509 *x);
+ uint32_t X509_get_key_usage(X509 *x);
+ uint32_t X509_get_extended_key_usage(X509 *x);
+ const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x);
+ const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x);
+ const GENERAL_NAMES *X509_get0_authority_issuer(X509 *x);
+ const ASN1_INTEGER *X509_get0_authority_serial(X509 *x);
+ void X509_set_proxy_flag(X509 *x);
+ void X509_set_proxy_pathlen(int l);
+ long X509_get_proxy_pathlen(X509 *x);
    +

    +

    +
    +

    DESCRIPTION

    +

    These functions retrieve information related to commonly used certificate extensions.

    +

    X509_get_pathlen() retrieves the path length extension from a certificate. +This extension is used to limit the length of a cert chain that may be +issued from that CA.

    +

    X509_get_extension_flags() retrieves general information about a certificate, +it will return one or more of the following flags ored together.

    +
    +
    EXFLAG_V1
    + +
    +

    The certificate is an obsolete version 1 certificate.

    +
    +
    EXFLAG_BCONS
    + +
    +

    The certificate contains a basic constraints extension.

    +
    +
    EXFLAG_CA
    + +
    +

    The certificate contains basic constraints and asserts the CA flag.

    +
    +
    EXFLAG_PROXY
    + +
    +

    The certificate is a valid proxy certificate.

    +
    +
    EXFLAG_SI
    + +
    +

    The certificate is self issued (that is subject and issuer names match).

    +
    +
    EXFLAG_SS
    + +
    +

    The subject and issuer names match and extension values imply it is self +signed.

    +
    +
    EXFLAG_FRESHEST
    + +
    +

    The freshest CRL extension is present in the certificate.

    +
    +
    EXFLAG_CRITICAL
    + +
    +

    The certificate contains an unhandled critical extension.

    +
    +
    EXFLAG_INVALID
    + +
    +

    Some certificate extension values are invalid or inconsistent. The +certificate should be rejected.

    +
    +
    EXFLAG_KUSAGE
    + +
    +

    The certificate contains a key usage extension. The value can be retrieved +using X509_get_key_usage().

    +
    +
    EXFLAG_XKUSAGE
    + +
    +

    The certificate contains an extended key usage extension. The value can be +retrieved using X509_get_extended_key_usage().

    +
    +
    +

    X509_get_key_usage() returns the value of the key usage extension. If key +usage is present will return zero or more of the flags: +KU_DIGITAL_SIGNATURE, KU_NON_REPUDIATION, KU_KEY_ENCIPHERMENT, +KU_DATA_ENCIPHERMENT, KU_KEY_AGREEMENT, KU_KEY_CERT_SIGN, +KU_CRL_SIGN, KU_ENCIPHER_ONLY or KU_DECIPHER_ONLY corresponding to +individual key usage bits. If key usage is absent then UINT32_MAX is +returned.

    +

    X509_get_extended_key_usage() returns the value of the extended key usage +extension. If extended key usage is present it will return zero or more of the +flags: XKU_SSL_SERVER, XKU_SSL_CLIENT, XKU_SMIME, XKU_CODE_SIGN +XKU_OCSP_SIGN, XKU_TIMESTAMP, XKU_DVCS or XKU_ANYEKU. These +correspond to the OIDs id-kp-serverAuth, id-kp-clientAuth, +id-kp-emailProtection, id-kp-codeSigning, id-kp-OCSPSigning, +id-kp-timeStamping, id-kp-dvcs and anyExtendedKeyUsage respectively. +Additionally XKU_SGC is set if either Netscape or Microsoft SGC OIDs are +present.

    +

    X509_get0_subject_key_id() returns an internal pointer to the subject key +identifier of x as an ASN1_OCTET_STRING or NULL if the extension +is not present or cannot be parsed.

    +

    X509_get0_authority_key_id() returns an internal pointer to the authority key +identifier of x as an ASN1_OCTET_STRING or NULL if the extension +is not present or cannot be parsed.

    +

    X509_get0_authority_issuer() returns an internal pointer to the authority +certificate issuer of x as a stack of GENERAL_NAME structures or +NULL if the extension is not present or cannot be parsed.

    +

    X509_get0_authority_serial() returns an internal pointer to the authority +certificate serial number of x as an ASN1_INTEGER or NULL if the +extension is not present or cannot be parsed.

    +

    X509_set_proxy_flag() marks the certificate with the EXFLAG_PROXY flag. +This is for the users who need to mark non-RFC3820 proxy certificates as +such, as OpenSSL only detects RFC3820 compliant ones.

    +

    X509_set_proxy_pathlen() sets the proxy certificate path length for the given +certificate x. This is for the users who need to mark non-RFC3820 proxy +certificates as such, as OpenSSL only detects RFC3820 compliant ones.

    +

    X509_get_proxy_pathlen() returns the proxy certificate path length for the +given certificate x if it is a proxy certificate.

    +

    +

    +
    +

    NOTES

    +

    The value of the flags correspond to extension values which are cached +in the X509 structure. If the flags returned do not provide sufficient +information an application should examine extension values directly +for example using X509_get_ext_d2i().

    +

    If the key usage or extended key usage extension is absent then typically usage +is unrestricted. For this reason X509_get_key_usage() and +X509_get_extended_key_usage() return UINT32_MAX when the corresponding +extension is absent. Applications can additionally check the return value of +X509_get_extension_flags() and take appropriate action is an extension is +absent.

    +

    If X509_get0_subject_key_id() returns NULL then the extension may be +absent or malformed. Applications can determine the precise reason using +X509_get_ext_d2i().

    +

    +

    +
    +

    RETURN VALUES

    +

    X509_get_pathlen() returns the path length value, or -1 if the extension +is not present.

    +

    X509_get_extension_flags(), X509_get_key_usage() and +X509_get_extended_key_usage() return sets of flags corresponding to the +certificate extension values.

    +

    X509_get0_subject_key_id() returns the subject key identifier as a +pointer to an ASN1_OCTET_STRING structure or NULL if the extension +is absent or an error occurred during parsing.

    +

    X509_get_proxy_pathlen() returns the path length value if the given +certificate is a proxy one and has a path length set, and -1 otherwise.

    +

    +

    +
    +

    SEE ALSO

    +

    X509_check_purpose(3)

    +

    +

    +
    +

    HISTORY

    +

    X509_get_pathlen(), X509_set_proxy_flag(), X509_set_proxy_pathlen() and +X509_get_proxy_pathlen() were added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/X509_get_pubkey.html b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_get_pubkey.html new file mode 100755 index 0000000..bb14eea --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_get_pubkey.html @@ -0,0 +1,122 @@ + + + + +X509_get_pubkey + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_get_pubkey, X509_get0_pubkey, X509_set_pubkey, X509_get_X509_PUBKEY, +X509_REQ_get_pubkey, X509_REQ_get0_pubkey, X509_REQ_set_pubkey, +X509_REQ_get_X509_PUBKEY - get or set certificate or certificate request +public key

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509.h>
    +
    + EVP_PKEY *X509_get_pubkey(X509 *x);
+ EVP_PKEY *X509_get0_pubkey(const X509 *x);
+ int X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
+ X509_PUBKEY *X509_get_X509_PUBKEY(X509 *x);
    +
    + EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req);
+ EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req);
+ int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
+ X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *x);
    +

    +

    +
    +

    DESCRIPTION

    +

    X509_get_pubkey() attempts to decode the public key for certificate x. If +successful it returns the public key as an EVP_PKEY pointer with its +reference count incremented: this means the returned key must be freed up +after use. X509_get0_pubkey() is similar except it does not increment +the reference count of the returned EVP_PKEY so it must not be freed up +after use.

    +

    X509_get_X509_PUBKEY() returns an internal pointer to the X509_PUBKEY +structure which encodes the certificate of x. The returned value +must not be freed up after use.

    +

    X509_set_pubkey() attempts to set the public key for certificate x to +pkey. The key pkey should be freed up after use.

    +

    X509_REQ_get_pubkey(), X509_REQ_get0_pubkey(), X509_REQ_set_pubkey() and +X509_REQ_get_X509_PUBKEY() are similar but operate on certificate request req.

    +

    +

    +
    +

    NOTES

    +

    The first time a public key is decoded the EVP_PKEY structure is +cached in the certificate or certificate request itself. Subsequent calls +return the cached structure with its reference count incremented to +improve performance.

    +

    +

    +
    +

    RETURN VALUES

    +

    X509_get_pubkey(), X509_get0_pubkey(), X509_get_X509_PUBKEY(), +X509_REQ_get_pubkey() and X509_REQ_get_X509_PUBKEY() return a public key or +NULL if an error occurred.

    +

    X509_set_pubkey() and X509_REQ_set_pubkey() return 1 for success and 0 +for failure.

    +

    +

    +
    +

    SEE ALSO

    +

    d2i_X509(3), +ERR_get_error(3), +X509_CRL_get0_by_serial(3), +X509_get0_signature(3), +X509_get_ext_d2i(3), +X509_get_extension_flags(3), +X509_get_subject_name(3), +X509_get_version(3), +X509_NAME_add_entry_by_txt(3), +X509_NAME_ENTRY_get_object(3), +X509_NAME_get_index_by_NID(3), +X509_NAME_print_ex(3), +X509_new(3), +X509_sign(3), +X509V3_get_d2i(3), +X509_verify_cert(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/X509_get_serialNumber.html b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_get_serialNumber.html new file mode 100755 index 0000000..89e9d0d --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_get_serialNumber.html @@ -0,0 +1,108 @@ + + + + +X509_get_serialNumber + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_get_serialNumber, +X509_get0_serialNumber, +X509_set_serialNumber +- get or set certificate serial number

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509.h>
    +
    + ASN1_INTEGER *X509_get_serialNumber(X509 *x);
+ const ASN1_INTEGER *X509_get0_serialNumber(const X509 *x);
+ int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial);
    +

    +

    +
    +

    DESCRIPTION

    +

    X509_get_serialNumber() returns the serial number of certificate x as an +ASN1_INTEGER structure which can be examined or initialised. The value +returned is an internal pointer which MUST NOT be freed up after the call.

    +

    X509_get0_serialNumber() is the same as X509_get_serialNumber() except it +accepts a const parameter and returns a const result.

    +

    X509_set_serialNumber() sets the serial number of certificate x to +serial. A copy of the serial number is used internally so serial should +be freed up after use.

    +

    +

    +
    +

    RETURN VALUES

    +

    X509_get_serialNumber() and X509_get0_serialNumber() return an ASN1_INTEGER +structure.

    +

    X509_set_serialNumber() returns 1 for success and 0 for failure.

    +

    +

    +
    +

    SEE ALSO

    +

    d2i_X509(3), +ERR_get_error(3), +X509_CRL_get0_by_serial(3), +X509_get0_signature(3), +X509_get_ext_d2i(3), +X509_get_extension_flags(3), +X509_get_pubkey(3), +X509_get_subject_name(3), +X509_NAME_add_entry_by_txt(3), +X509_NAME_ENTRY_get_object(3), +X509_NAME_get_index_by_NID(3), +X509_NAME_print_ex(3), +X509_new(3), +X509_sign(3), +X509V3_get_d2i(3), +X509_verify_cert(3)

    +

    +

    +
    +

    HISTORY

    +

    The X509_get_serialNumber() and X509_set_serialNumber() functions are +available in all versions of OpenSSL. +The X509_get0_serialNumber() function was added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/X509_get_subject_name.html b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_get_subject_name.html new file mode 100755 index 0000000..c65e614 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_get_subject_name.html @@ -0,0 +1,120 @@ + + + + +X509_get_subject_name + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_get_subject_name, X509_set_subject_name, X509_get_issuer_name, +X509_set_issuer_name, X509_REQ_get_subject_name, X509_REQ_set_subject_name, +X509_CRL_get_issuer, X509_CRL_set_issuer_name - get and set issuer or +subject names

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509.h>
    +
    + X509_NAME *X509_get_subject_name(const X509 *x);
+ int X509_set_subject_name(X509 *x, X509_NAME *name);
    +
    + X509_NAME *X509_get_issuer_name(const X509 *x);
+ int X509_set_issuer_name(X509 *x, X509_NAME *name);
    +
    + X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req);
+ int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name);
    +
    + X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl);
+ int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name);
    +

    +

    +
    +

    DESCRIPTION

    +

    X509_get_subject_name() returns the subject name of certificate x. The +returned value is an internal pointer which MUST NOT be freed.

    +

    X509_set_subject_name() sets the issuer name of certificate x to +name. The name parameter is copied internally and should be freed +up when it is no longer needed.

    +

    X509_get_issuer_name() and X509_set_issuer_name() are identical to +X509_get_subject_name() and X509_set_subject_name() except the get and +set the issuer name of x.

    +

    Similarly X509_REQ_get_subject_name(), X509_REQ_set_subject_name(), +X509_CRL_get_issuer() and X509_CRL_set_issuer_name() get or set the subject +or issuer names of certificate requests of CRLs respectively.

    +

    +

    +
    +

    RETURN VALUES

    +

    X509_get_subject_name(), X509_get_issuer_name(), X509_REQ_get_subject_name() +and X509_CRL_get_issuer() return an X509_NAME pointer.

    +

    X509_set_subject_name(), X509_set_issuer_name(), X509_REQ_set_subject_name() +and X509_CRL_set_issuer_name() return 1 for success and 0 for failure.

    +

    +

    +
    +

    SEE ALSO

    +

    d2i_X509(3), +ERR_get_error(3), d2i_X509(3) +X509_CRL_get0_by_serial(3), +X509_get0_signature(3), +X509_get_ext_d2i(3), +X509_get_extension_flags(3), +X509_get_pubkey(3), +X509_NAME_add_entry_by_txt(3), +X509_NAME_ENTRY_get_object(3), +X509_NAME_get_index_by_NID(3), +X509_NAME_print_ex(3), +X509_new(3), +X509_sign(3), +X509V3_get_d2i(3), +X509_verify_cert(3)

    +

    +

    +
    +

    HISTORY

    +

    X509_REQ_get_subject_name() is a function in OpenSSL 1.1.0 and a macro in +earlier versions.

    +

    X509_CRL_get_issuer() is a function in OpenSSL 1.1.0. It was previously +added in OpenSSL 1.0.0 as a macro.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/X509_get_version.html b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_get_version.html new file mode 100755 index 0000000..1aeedfd --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_get_version.html @@ -0,0 +1,121 @@ + + + + +X509_get_version + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_get_version, X509_set_version, X509_REQ_get_version, X509_REQ_set_version, +X509_CRL_get_version, X509_CRL_set_version - get or set certificate, +certificate request or CRL version

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509.h>
    +
    + long X509_get_version(const X509 *x);
+ int X509_set_version(X509 *x, long version);
    +
    + long X509_REQ_get_version(const X509_REQ *req);
+ int X509_REQ_set_version(X509_REQ *x, long version);
    +
    + long X509_CRL_get_version(const X509_CRL *crl);
+ int X509_CRL_set_version(X509_CRL *x, long version);
    +

    +

    +
    +

    DESCRIPTION

    +

    X509_get_version() returns the numerical value of the version field of +certificate x. Note: this is defined by standards (X.509 et al) to be one +less than the certificate version. So a version 3 certificate will return 2 and +a version 1 certificate will return 0.

    +

    X509_set_version() sets the numerical value of the version field of certificate +x to version.

    +

    Similarly X509_REQ_get_version(), X509_REQ_set_version(), +X509_CRL_get_version() and X509_CRL_set_version() get and set the version +number of certificate requests and CRLs.

    +

    +

    +
    +

    NOTES

    +

    The version field of certificates, certificate requests and CRLs has a +DEFAULT value of v1(0) meaning the field should be omitted for version +1. This is handled transparently by these functions.

    +

    +

    +
    +

    RETURN VALUES

    +

    X509_get_version(), X509_REQ_get_version() and X509_CRL_get_version() +return the numerical value of the version field.

    +

    X509_set_version(), X509_REQ_set_version() and X509_CRL_set_version() +return 1 for success and 0 for failure.

    +

    +

    +
    +

    SEE ALSO

    +

    d2i_X509(3), +ERR_get_error(3), +X509_CRL_get0_by_serial(3), +X509_get0_signature(3), +X509_get_ext_d2i(3), +X509_get_extension_flags(3), +X509_get_pubkey(3), +X509_get_subject_name(3), +X509_NAME_add_entry_by_txt(3), +X509_NAME_ENTRY_get_object(3), +X509_NAME_get_index_by_NID(3), +X509_NAME_print_ex(3), +X509_new(3), +X509_sign(3), +X509V3_get_d2i(3), +X509_verify_cert(3)

    +

    +

    +
    +

    HISTORY

    +

    X509_get_version(), X509_REQ_get_version() and X509_CRL_get_version() are +functions in OpenSSL 1.1.0, in previous versions they were macros.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/X509_load_http.html b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_load_http.html new file mode 100755 index 0000000..29ae0d4 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_load_http.html @@ -0,0 +1,99 @@ + + + + +X509_load_http + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_load_http, +X509_http_nbio, +X509_CRL_load_http, +X509_CRL_http_nbio +- certificate and CRL loading functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509.h>
    +
    + X509 *X509_load_http(const char *url, BIO *bio, BIO *rbio, int timeout);
+ X509_CRL *X509_CRL_load_http(const char *url, BIO *bio, BIO *rbio, int timeout);
    +
    + #define X509_http_nbio(url)
+ #define X509_CRL_http_nbio(url)
    +

    +

    +
    +

    DESCRIPTION

    +

    X509_load_http() and X509_CRL_load_http() loads a certificate or a CRL, +respectively, in ASN.1 format using HTTP from the given url.

    +

    If bio is given and rbio is NULL then this BIO is used instead of an +interal one for connecting, writing the request, and reading the response. +If both bio and rbio are given (which may be memory BIOs, for instance) +then no explicit connection is attempted, +bio is used for writing the request, and rbio for reading the response.

    +

    If the timeout parameter is > 0 this indicates the maximum number of seconds +to wait until the transfer is complete. +A value of 0 enables waiting indefinitely, +while a value < 0 immediately leads to a timeout condition.

    +

    X509_http_nbio() and X509_CRL_http_nbio() are macros for backward compatibility +that have the same effect as the functions above but with infinite timeout +and without the possiblity to specify custom BIOs.

    +

    +

    +
    +

    RETURN VALUES

    +

    On success the function yield the loaded value, else NULL. +Error conditions include connection/transfer timeout, parse errors, etc.

    +

    +

    +
    +

    SEE ALSO

    +

    OSSL_HTTP_get_asn1(3)

    +

    +

    +
    +

    HISTORY

    +

    X509_load_http() and X509_CRL_load_http() were added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/X509_new.html b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_new.html new file mode 100755 index 0000000..55867d0 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_new.html @@ -0,0 +1,115 @@ + + + + +X509_new + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_chain_up_ref, +X509_new, X509_free, X509_up_ref - X509 certificate ASN1 allocation functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509.h>
    +
    + X509 *X509_new(void);
+ void X509_free(X509 *a);
+ int X509_up_ref(X509 *a);
+ STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *x);
    +

    +

    +
    +

    DESCRIPTION

    +

    The X509 ASN1 allocation routines, allocate and free an +X509 structure, which represents an X509 certificate.

    +

    X509_new() allocates and initializes a X509 structure with reference count +1.

    +

    X509_free() decrements the reference count of X509 structure a and +frees it up if the reference count is zero. If a is NULL nothing is done.

    +

    X509_up_ref() increments the reference count of a.

    +

    X509_chain_up_ref() increases the reference count of all certificates in +chain x and returns a copy of the stack.

    +

    +

    +
    +

    NOTES

    +

    The function X509_up_ref() if useful if a certificate structure is being +used by several different operations each of which will free it up after +use: this avoids the need to duplicate the entire certificate structure.

    +

    The function X509_chain_up_ref() doesn't just up the reference count of +each certificate it also returns a copy of the stack, using sk_X509_dup(), +but it serves a similar purpose: the returned chain persists after the +original has been freed.

    +

    +

    +
    +

    RETURN VALUES

    +

    If the allocation fails, X509_new() returns NULL and sets an error +code that can be obtained by ERR_get_error(3). +Otherwise it returns a pointer to the newly allocated structure.

    +

    X509_up_ref() returns 1 for success and 0 for failure.

    +

    X509_chain_up_ref() returns a copy of the stack or NULL if an error +occurred.

    +

    +

    +
    +

    SEE ALSO

    +

    d2i_X509(3), +ERR_get_error(3), +X509_CRL_get0_by_serial(3), +X509_get0_signature(3), +X509_get_ext_d2i(3), +X509_get_extension_flags(3), +X509_get_pubkey(3), +X509_get_subject_name(3), +X509_get_version(3), +X509_NAME_add_entry_by_txt(3), +X509_NAME_ENTRY_get_object(3), +X509_NAME_get_index_by_NID(3), +X509_NAME_print_ex(3), +X509_sign(3), +X509V3_get_d2i(3), +X509_verify_cert(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/X509_sign.html b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_sign.html new file mode 100755 index 0000000..37f822c --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_sign.html @@ -0,0 +1,135 @@ + + + + +X509_sign + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_sign, X509_sign_ctx, X509_verify, X509_REQ_sign, X509_REQ_sign_ctx, +X509_REQ_verify, X509_CRL_sign, X509_CRL_sign_ctx, X509_CRL_verify - +sign or verify certificate, certificate request or CRL signature

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509.h>
    +
    + int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
+ int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx);
+ int X509_verify(X509 *a, EVP_PKEY *r);
    +
    + int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md);
+ int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx);
+ int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r);
    +
    + int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md);
+ int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx);
+ int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r);
    +

    +

    +
    +

    DESCRIPTION

    +

    X509_sign() signs certificate x using private key pkey and message +digest md and sets the signature in x. X509_sign_ctx() also signs +certificate x but uses the parameters contained in digest context ctx.

    +

    X509_verify() verifies the signature of certificate x using public key +pkey. Only the signature is checked: no other checks (such as certificate +chain validity) are performed.

    +

    X509_REQ_sign(), X509_REQ_sign_ctx(), X509_REQ_verify(), +X509_CRL_sign(), X509_CRL_sign_ctx() and X509_CRL_verify() sign and verify +certificate requests and CRLs respectively.

    +

    +

    +
    +

    NOTES

    +

    X509_sign_ctx() is used where the default parameters for the corresponding +public key and digest are not suitable. It can be used to sign keys using +RSA-PSS for example.

    +

    For efficiency reasons and to work around ASN.1 encoding issues the encoding +of the signed portion of a certificate, certificate request and CRL is cached +internally. If the signed portion of the structure is modified the encoding +is not always updated meaning a stale version is sometimes used. This is not +normally a problem because modifying the signed portion will invalidate the +signature and signing will always update the encoding.

    +

    +

    +
    +

    RETURN VALUES

    +

    X509_sign(), X509_sign_ctx(), X509_REQ_sign(), X509_REQ_sign_ctx(), +X509_CRL_sign() and X509_CRL_sign_ctx() return the size of the signature +in bytes for success and zero for failure.

    +

    X509_verify(), X509_REQ_verify() and X509_CRL_verify() return 1 if the +signature is valid and 0 if the signature check fails. If the signature +could not be checked at all because it was invalid or some other error +occurred then -1 is returned.

    +

    +

    +
    +

    SEE ALSO

    +

    d2i_X509(3), +ERR_get_error(3), +X509_CRL_get0_by_serial(3), +X509_get0_signature(3), +X509_get_ext_d2i(3), +X509_get_extension_flags(3), +X509_get_pubkey(3), +X509_get_subject_name(3), +X509_get_version(3), +X509_NAME_add_entry_by_txt(3), +X509_NAME_ENTRY_get_object(3), +X509_NAME_get_index_by_NID(3), +X509_NAME_print_ex(3), +X509_new(3), +X509V3_get_d2i(3), +X509_verify_cert(3)

    +

    +

    +
    +

    HISTORY

    +

    The X509_sign(), X509_REQ_sign() and X509_CRL_sign() functions are +available in all versions of OpenSSL.

    +

    The X509_sign_ctx(), X509_REQ_sign_ctx() +and X509_CRL_sign_ctx() functions were added OpenSSL 1.0.1.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/X509_verify_cert.html b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_verify_cert.html new file mode 100755 index 0000000..7b1ea18 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/X509_verify_cert.html @@ -0,0 +1,95 @@ + + + + +X509_verify_cert + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509_verify_cert - discover and verify X509 certificate chain

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509.h>
    +
    + int X509_verify_cert(X509_STORE_CTX *ctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    The X509_verify_cert() function attempts to discover and validate a +certificate chain based on parameters in ctx. A complete description of +the process is contained in the openssl-verify(1) manual page.

    +

    Applications rarely call this function directly but it is used by +OpenSSL internally for certificate validation, in both the S/MIME and +SSL/TLS code.

    +

    A negative return value from X509_verify_cert() can occur if it is invoked +incorrectly, such as with no certificate set in ctx, or when it is called +twice in succession without reinitialising ctx for the second call. +A negative return value can also happen due to internal resource problems or if +a retry operation is requested during internal lookups (which never happens +with standard lookup methods). +Applications must check for <= 0 return value on error.

    +

    +

    +
    +

    RETURN VALUES

    +

    If a complete chain can be built and validated this function returns 1, +otherwise it return zero, in exceptional circumstances it can also +return a negative code.

    +

    If the function fails additional error information can be obtained by +examining ctx using, for example X509_STORE_CTX_get_error().

    +

    +

    +
    +

    BUGS

    +

    This function uses the header <x509.h >> +as opposed to most chain verification +functions which use <x509_vfy.h >>.

    +

    +

    +
    +

    SEE ALSO

    +

    X509_STORE_CTX_get_error(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/X509v3_get_ext_by_NID.html b/linux_amd64/ssl/share/doc/openssl/html/man3/X509v3_get_ext_by_NID.html new file mode 100755 index 0000000..9746773 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/X509v3_get_ext_by_NID.html @@ -0,0 +1,168 @@ + + + + +X509v3_get_ext_by_NID + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    X509v3_get_ext_count, X509v3_get_ext, X509v3_get_ext_by_NID, +X509v3_get_ext_by_OBJ, X509v3_get_ext_by_critical, X509v3_delete_ext, +X509v3_add_ext, X509_get_ext_count, X509_get_ext, +X509_get_ext_by_NID, X509_get_ext_by_OBJ, X509_get_ext_by_critical, +X509_delete_ext, X509_add_ext, X509_CRL_get_ext_count, X509_CRL_get_ext, +X509_CRL_get_ext_by_NID, X509_CRL_get_ext_by_OBJ, X509_CRL_get_ext_by_critical, +X509_CRL_delete_ext, X509_CRL_add_ext, X509_REVOKED_get_ext_count, +X509_REVOKED_get_ext, X509_REVOKED_get_ext_by_NID, X509_REVOKED_get_ext_by_OBJ, +X509_REVOKED_get_ext_by_critical, X509_REVOKED_delete_ext, +X509_REVOKED_add_ext - extension stack utility functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509.h>
    +
    + int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x);
+ X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc);
    +
    + int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x,
+                           int nid, int lastpos);
+ int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x,
+                           const ASN1_OBJECT *obj, int lastpos);
+ int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x,
+                                int crit, int lastpos);
+ X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc);
+ STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
+                                          X509_EXTENSION *ex, int loc);
    +
    + int X509_get_ext_count(const X509 *x);
+ X509_EXTENSION *X509_get_ext(const X509 *x, int loc);
+ int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos);
+ int X509_get_ext_by_OBJ(const X509 *x, const ASN1_OBJECT *obj, int lastpos);
+ int X509_get_ext_by_critical(const X509 *x, int crit, int lastpos);
+ X509_EXTENSION *X509_delete_ext(X509 *x, int loc);
+ int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc);
    +
    + int X509_CRL_get_ext_count(const X509_CRL *x);
+ X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc);
+ int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, int lastpos);
+ int X509_CRL_get_ext_by_OBJ(const X509_CRL *x, const ASN1_OBJECT *obj, int lastpos);
+ int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit, int lastpos);
+ X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc);
+ int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc);
    +
    + int X509_REVOKED_get_ext_count(const X509_REVOKED *x);
+ X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc);
+ int X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid, int lastpos);
+ int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x, const ASN1_OBJECT *obj,
+                                 int lastpos);
+ int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x, int crit, int lastpos);
+ X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc);
+ int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc);
    +

    +

    +
    +

    DESCRIPTION

    +

    X509v3_get_ext_count() retrieves the number of extensions in x.

    +

    X509v3_get_ext() retrieves extension loc from x. The index loc +can take any value from 0 to X509_get_ext_count(x) - 1. The returned +extension is an internal pointer which must not be freed up by the +application.

    +

    X509v3_get_ext_by_NID() and X509v3_get_ext_by_OBJ() look for an extension +with nid or obj from extension stack x. The search starts from the +extension after lastpos or from the beginning if <lastpos> is -1. If +the extension is found its index is returned otherwise -1 is returned.

    +

    X509v3_get_ext_by_critical() is similar to X509v3_get_ext_by_NID() except it +looks for an extension of criticality crit. A zero value for crit +looks for a non-critical extension a nonzero value looks for a critical +extension.

    +

    X509v3_delete_ext() deletes the extension with index loc from x. The +deleted extension is returned and must be freed by the caller. If loc +is in invalid index value NULL is returned.

    +

    X509v3_add_ext() adds extension ex to stack *x at position loc. If +loc is -1 the new extension is added to the end. If *x is NULL +a new stack will be allocated. The passed extension ex is duplicated +internally so it must be freed after use.

    +

    X509_get_ext_count(), X509_get_ext(), X509_get_ext_by_NID(), +X509_get_ext_by_OBJ(), X509_get_ext_by_critical(), X509_delete_ext() +and X509_add_ext() operate on the extensions of certificate x they are +otherwise identical to the X509v3 functions.

    +

    X509_CRL_get_ext_count(), X509_CRL_get_ext(), X509_CRL_get_ext_by_NID(), +X509_CRL_get_ext_by_OBJ(), X509_CRL_get_ext_by_critical(), +X509_CRL_delete_ext() and X509_CRL_add_ext() operate on the extensions of +CRL x they are otherwise identical to the X509v3 functions.

    +

    X509_REVOKED_get_ext_count(), X509_REVOKED_get_ext(), +X509_REVOKED_get_ext_by_NID(), X509_REVOKED_get_ext_by_OBJ(), +X509_REVOKED_get_ext_by_critical(), X509_REVOKED_delete_ext() and +X509_REVOKED_add_ext() operate on the extensions of CRL entry x +they are otherwise identical to the X509v3 functions.

    +

    +

    +
    +

    NOTES

    +

    These functions are used to examine stacks of extensions directly. Many +applications will want to parse or encode and add an extension: they should +use the extension encode and decode functions instead such as +X509_add1_ext_i2d() and X509_get_ext_d2i().

    +

    Extension indices start from zero, so a zero index return value is not an +error. These search functions start from the extension after the lastpos +parameter so it should initially be set to -1, if it is set to zero the +initial extension will not be checked.

    +

    +

    +
    +

    RETURN VALUES

    +

    X509v3_get_ext_count() returns the extension count.

    +

    X509v3_get_ext(), X509v3_delete_ext() and X509_delete_ext() return an +X509_EXTENSION pointer or NULL if an error occurs.

    +

    X509v3_get_ext_by_NID() X509v3_get_ext_by_OBJ() and +X509v3_get_ext_by_critical() return the an extension index or -1 if an +error occurs.

    +

    X509v3_add_ext() returns a stack of extensions or NULL on error.

    +

    X509_add_ext() returns 1 on success and 0 on error.

    +

    +

    +
    +

    SEE ALSO

    +

    X509V3_get_d2i(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/d2i_DHparams.html b/linux_amd64/ssl/share/doc/openssl/html/man3/d2i_DHparams.html new file mode 100755 index 0000000..86b365b --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/d2i_DHparams.html @@ -0,0 +1,77 @@ + + + + +d2i_DHparams + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    d2i_DHparams, i2d_DHparams - PKCS#3 DH parameter functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/dh.h>
    +
    + DH *d2i_DHparams(DH **a, unsigned char **pp, long length);
+ int i2d_DHparams(DH *a, unsigned char **pp);
    +

    +

    +
    +

    DESCRIPTION

    +

    These functions decode and encode PKCS#3 DH parameters using the +DHparameter structure described in PKCS#3.

    +

    Otherwise these behave in a similar way to d2i_X509() and i2d_X509() +described in the d2i_X509(3) manual page.

    +

    +

    +
    +

    RETURN VALUES

    +

    d2i_DHparams() returns a valid DH structure or NULL if an error occurred.

    +

    i2d_DHparams() returns the length of encoded data on success or a value which +is less than or equal to 0 on error.

    +

    +

    +
    +

    SEE ALSO

    +

    d2i_X509(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/d2i_PKCS8PrivateKey_bio.html b/linux_amd64/ssl/share/doc/openssl/html/man3/d2i_PKCS8PrivateKey_bio.html new file mode 100755 index 0000000..0b26170 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/d2i_PKCS8PrivateKey_bio.html @@ -0,0 +1,109 @@ + + + + +d2i_PKCS8PrivateKey_bio + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    d2i_PKCS8PrivateKey_bio, d2i_PKCS8PrivateKey_fp, +i2d_PKCS8PrivateKey_bio, i2d_PKCS8PrivateKey_fp, +i2d_PKCS8PrivateKey_nid_bio, i2d_PKCS8PrivateKey_nid_fp - PKCS#8 format private key functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u);
+ EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u);
    +
    + int i2d_PKCS8PrivateKey_bio(BIO *bp, const EVP_PKEY *x, const EVP_CIPHER *enc,
+                             char *kstr, int klen,
+                             pem_password_cb *cb, void *u);
    +
    + int i2d_PKCS8PrivateKey_fp(FILE *fp, const EVP_PKEY *x, const EVP_CIPHER *enc,
+                            char *kstr, int klen,
+                            pem_password_cb *cb, void *u);
    +
    + int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, const EVP_PKEY *x, int nid,
+                                 char *kstr, int klen,
+                                 pem_password_cb *cb, void *u);
    +
    + int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, const EVP_PKEY *x, int nid,
+                                char *kstr, int klen,
+                                pem_password_cb *cb, void *u);
    +

    +

    +
    +

    DESCRIPTION

    +

    The PKCS#8 functions encode and decode private keys in PKCS#8 format using both +PKCS#5 v1.5 and PKCS#5 v2.0 password based encryption algorithms.

    +

    Other than the use of DER as opposed to PEM these functions are identical to the +corresponding PEM function as described in PEM_read_PrivateKey(3).

    +

    +

    +
    +

    NOTES

    +

    These functions are currently the only way to store encrypted private keys using DER format.

    +

    Currently all the functions use BIOs or FILE pointers, there are no functions which +work directly on memory: this can be readily worked around by converting the buffers +to memory BIOs, see BIO_s_mem(3) for details.

    +

    These functions make no assumption regarding the pass phrase received from the +password callback. +It will simply be treated as a byte sequence.

    +

    +

    +
    +

    RETURN VALUES

    +

    d2i_PKCS8PrivateKey_bio() and d2i_PKCS8PrivateKey_fp() return a valid EVP_PKEY +structure or NULL if an error occurred.

    +

    i2d_PKCS8PrivateKey_bio(), i2d_PKCS8PrivateKey_fp(), i2d_PKCS8PrivateKey_nid_bio() +and i2d_PKCS8PrivateKey_nid_fp() return 1 on success or 0 on error.

    +

    +

    +
    +

    SEE ALSO

    +

    PEM_read_PrivateKey(3), +passphrase-encoding(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/d2i_PrivateKey.html b/linux_amd64/ssl/share/doc/openssl/html/man3/d2i_PrivateKey.html new file mode 100755 index 0000000..4f76e34 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/d2i_PrivateKey.html @@ -0,0 +1,123 @@ + + + + +d2i_PrivateKey + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    d2i_PrivateKey, d2i_PublicKey, d2i_KeyParams, d2i_AutoPrivateKey, +i2d_PrivateKey, i2d_PublicKey, i2d_KeyParams, i2d_KeyParams_bio, +d2i_PrivateKey_bio, d2i_PrivateKey_fp, d2i_KeyParams_bio +- decode and encode functions for reading and saving EVP_PKEY structures

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +
    + EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
+                          long length);
+ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp,
+                         long length);
+ EVP_PKEY *d2i_KeyParams(int type, EVP_PKEY **a, const unsigned char **pp,
+                         long length);
+ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
+                              long length);
    +
    + int i2d_PrivateKey(const EVP_PKEY *a, unsigned char **pp);
+ int i2d_PublicKey(const EVP_PKEY *a, unsigned char **pp);
+ int i2d_KeyParams(const EVP_PKEY *a, unsigned char **pp);
+ int i2d_KeyParams_bio(BIO *bp, const EVP_PKEY *pkey);
    +
    + EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
+ EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a)
+ EVP_PKEY *d2i_KeyParams_bio(int type, EVP_PKEY **a, BIO *in);
    +

    +

    +
    +

    DESCRIPTION

    +

    d2i_PrivateKey() decodes a private key using algorithm type. It attempts to +use any key specific format or PKCS#8 unencrypted PrivateKeyInfo format. The +type parameter should be a public key algorithm constant such as +EVP_PKEY_RSA. An error occurs if the decoded key does not match type. +d2i_PublicKey() does the same for public keys. +d2i_KeyParams() does the same for key parameters.

    +

    d2i_AutoPrivateKey() is similar to d2i_PrivateKey() except it attempts to +automatically detect the private key format.

    +

    i2d_PrivateKey() encodes key. It uses a key specific format or, if none is +defined for that key type, PKCS#8 unencrypted PrivateKeyInfo format. +i2d_PublicKey() does the same for public keys. +i2d_KeyParams() does the same for key parameters. +These functions are similar to the d2i_X509() functions; see d2i_X509(3).

    +

    +

    +
    +

    NOTES

    +

    All these functions use DER format and unencrypted keys. Applications wishing +to encrypt or decrypt private keys should use other functions such as +d2i_PKCS8PrivateKey() instead.

    +

    If the *a is not NULL when calling d2i_PrivateKey() or d2i_AutoPrivateKey() +(i.e. an existing structure is being reused) and the key format is PKCS#8 +then *a will be freed and replaced on a successful call.

    +

    To decode a key with type EVP_PKEY_EC, d2i_PublicKey() requires *a to be +a non-NULL EVP_PKEY structure assigned an EC_KEY structure referencing the proper +EC_GROUP.

    +

    +

    +
    +

    RETURN VALUES

    +

    The d2i_PrivateKey(), d2i_AutoPrivateKey(), d2i_PrivateKey_bio(), d2i_PrivateKey_fp(), +d2i_PublicKey(), d2i_KeyParams() and d2i_KeyParams_bio() functions return a valid +EVP_KEY structure or NULL if an error occurs. The error code can be +obtained by calling ERR_get_error(3).

    +

    i2d_PrivateKey(), i2d_PublicKey(), i2d_KeyParams() i2d_KeyParams_bio() return +the number of bytes successfully encoded or a negative value if an error occurs. +The error code can be obtained by calling ERR_get_error(3).

    +

    +

    +
    +

    SEE ALSO

    +

    crypto(7), +d2i_PKCS8PrivateKey_bio(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/d2i_SSL_SESSION.html b/linux_amd64/ssl/share/doc/openssl/html/man3/d2i_SSL_SESSION.html new file mode 100755 index 0000000..da9c0c5 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/d2i_SSL_SESSION.html @@ -0,0 +1,85 @@ + + + + +d2i_SSL_SESSION + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    d2i_SSL_SESSION, i2d_SSL_SESSION - convert SSL_SESSION object from/to ASN1 representation

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ssl.h>
    +
    + SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
+                              long length);
+ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp);
    +

    +

    +
    +

    DESCRIPTION

    +

    These functions decode and encode an SSL_SESSION object. +For encoding details see d2i_X509(3).

    +

    SSL_SESSION objects keep internal link information about the session cache +list, when being inserted into one SSL_CTX object's session cache. +One SSL_SESSION object, regardless of its reference count, must therefore +only be used with one SSL_CTX object (and the SSL objects created +from this SSL_CTX object).

    +

    +

    +
    +

    RETURN VALUES

    +

    d2i_SSL_SESSION() returns a pointer to the newly allocated SSL_SESSION +object. In case of failure the NULL-pointer is returned and the error message +can be retrieved from the error stack.

    +

    i2d_SSL_SESSION() returns the size of the ASN1 representation in bytes. +When the session is not valid, 0 is returned and no operation is performed.

    +

    +

    +
    +

    SEE ALSO

    +

    ssl(7), SSL_SESSION_free(3), +SSL_CTX_sess_set_get_cb(3), +d2i_X509(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/d2i_X509.html b/linux_amd64/ssl/share/doc/openssl/html/man3/d2i_X509.html new file mode 100755 index 0000000..2d70d4c --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/d2i_X509.html @@ -0,0 +1,676 @@ + + + + +d2i_X509 + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    d2i_ACCESS_DESCRIPTION, +d2i_ADMISSIONS, +d2i_ADMISSION_SYNTAX, +d2i_ASIdOrRange, +d2i_ASIdentifierChoice, +d2i_ASIdentifiers, +d2i_ASN1_BIT_STRING, +d2i_ASN1_BMPSTRING, +d2i_ASN1_ENUMERATED, +d2i_ASN1_GENERALIZEDTIME, +d2i_ASN1_GENERALSTRING, +d2i_ASN1_IA5STRING, +d2i_ASN1_INTEGER, +d2i_ASN1_NULL, +d2i_ASN1_OBJECT, +d2i_ASN1_OCTET_STRING, +d2i_ASN1_PRINTABLE, +d2i_ASN1_PRINTABLESTRING, +d2i_ASN1_SEQUENCE_ANY, +d2i_ASN1_SET_ANY, +d2i_ASN1_T61STRING, +d2i_ASN1_TIME, +d2i_ASN1_TYPE, +d2i_ASN1_UINTEGER, +d2i_ASN1_UNIVERSALSTRING, +d2i_ASN1_UTCTIME, +d2i_ASN1_UTF8STRING, +d2i_ASN1_VISIBLESTRING, +d2i_ASRange, +d2i_AUTHORITY_INFO_ACCESS, +d2i_AUTHORITY_KEYID, +d2i_BASIC_CONSTRAINTS, +d2i_CERTIFICATEPOLICIES, +d2i_CMS_ContentInfo, +d2i_CMS_ReceiptRequest, +d2i_CMS_bio, +d2i_CRL_DIST_POINTS, +d2i_DHxparams, +d2i_DIRECTORYSTRING, +d2i_DISPLAYTEXT, +d2i_DIST_POINT, +d2i_DIST_POINT_NAME, +d2i_DSAPrivateKey, +d2i_DSAPrivateKey_bio, +d2i_DSAPrivateKey_fp, +d2i_DSAPublicKey, +d2i_DSA_PUBKEY, +d2i_DSA_PUBKEY_bio, +d2i_DSA_PUBKEY_fp, +d2i_DSA_SIG, +d2i_DSAparams, +d2i_ECDSA_SIG, +d2i_ECPKParameters, +d2i_ECParameters, +d2i_ECPrivateKey, +d2i_ECPrivateKey_bio, +d2i_ECPrivateKey_fp, +d2i_EC_PUBKEY, +d2i_EC_PUBKEY_bio, +d2i_EC_PUBKEY_fp, +d2i_EDIPARTYNAME, +d2i_ESS_CERT_ID, +d2i_ESS_CERT_ID_V2, +d2i_ESS_ISSUER_SERIAL, +d2i_ESS_SIGNING_CERT, +d2i_ESS_SIGNING_CERT_V2, +d2i_EXTENDED_KEY_USAGE, +d2i_GENERAL_NAME, +d2i_GENERAL_NAMES, +d2i_IPAddressChoice, +d2i_IPAddressFamily, +d2i_IPAddressOrRange, +d2i_IPAddressRange, +d2i_ISSUING_DIST_POINT, +d2i_NAMING_AUTHORITY, +d2i_NETSCAPE_CERT_SEQUENCE, +d2i_NETSCAPE_SPKAC, +d2i_NETSCAPE_SPKI, +d2i_NOTICEREF, +d2i_OCSP_BASICRESP, +d2i_OCSP_CERTID, +d2i_OCSP_CERTSTATUS, +d2i_OCSP_CRLID, +d2i_OCSP_ONEREQ, +d2i_OCSP_REQINFO, +d2i_OCSP_REQUEST, +d2i_OCSP_RESPBYTES, +d2i_OCSP_RESPDATA, +d2i_OCSP_RESPID, +d2i_OCSP_RESPONSE, +d2i_OCSP_REVOKEDINFO, +d2i_OCSP_SERVICELOC, +d2i_OCSP_SIGNATURE, +d2i_OCSP_SINGLERESP, +d2i_OSSL_CMP_MSG, +d2i_OSSL_CMP_PKIHEADER, +d2i_OSSL_CRMF_CERTID, +d2i_OSSL_CRMF_CERTTEMPLATE, +d2i_OSSL_CRMF_ENCRYPTEDVALUE, +d2i_OSSL_CRMF_MSG, +d2i_OSSL_CRMF_MSGS, +d2i_OSSL_CRMF_PBMPARAMETER, +d2i_OSSL_CRMF_PKIPUBLICATIONINFO, +d2i_OSSL_CRMF_SINGLEPUBINFO, +d2i_OTHERNAME, +d2i_PBE2PARAM, +d2i_PBEPARAM, +d2i_PBKDF2PARAM, +d2i_PKCS12, +d2i_PKCS12_BAGS, +d2i_PKCS12_MAC_DATA, +d2i_PKCS12_SAFEBAG, +d2i_PKCS12_bio, +d2i_PKCS12_fp, +d2i_PKCS7, +d2i_PKCS7_DIGEST, +d2i_PKCS7_ENCRYPT, +d2i_PKCS7_ENC_CONTENT, +d2i_PKCS7_ENVELOPE, +d2i_PKCS7_ISSUER_AND_SERIAL, +d2i_PKCS7_RECIP_INFO, +d2i_PKCS7_SIGNED, +d2i_PKCS7_SIGNER_INFO, +d2i_PKCS7_SIGN_ENVELOPE, +d2i_PKCS7_bio, +d2i_PKCS7_fp, +d2i_PKCS8_PRIV_KEY_INFO, +d2i_PKCS8_PRIV_KEY_INFO_bio, +d2i_PKCS8_PRIV_KEY_INFO_fp, +d2i_PKCS8_bio, +d2i_PKCS8_fp, +d2i_PKEY_USAGE_PERIOD, +d2i_POLICYINFO, +d2i_POLICYQUALINFO, +d2i_PROFESSION_INFO, +d2i_PROXY_CERT_INFO_EXTENSION, +d2i_PROXY_POLICY, +d2i_RSAPrivateKey, +d2i_RSAPrivateKey_bio, +d2i_RSAPrivateKey_fp, +d2i_RSAPublicKey, +d2i_RSAPublicKey_bio, +d2i_RSAPublicKey_fp, +d2i_RSA_OAEP_PARAMS, +d2i_RSA_PSS_PARAMS, +d2i_RSA_PUBKEY, +d2i_RSA_PUBKEY_bio, +d2i_RSA_PUBKEY_fp, +d2i_SCRYPT_PARAMS, +d2i_SCT_LIST, +d2i_SXNET, +d2i_SXNETID, +d2i_TS_ACCURACY, +d2i_TS_MSG_IMPRINT, +d2i_TS_MSG_IMPRINT_bio, +d2i_TS_MSG_IMPRINT_fp, +d2i_TS_REQ, +d2i_TS_REQ_bio, +d2i_TS_REQ_fp, +d2i_TS_RESP, +d2i_TS_RESP_bio, +d2i_TS_RESP_fp, +d2i_TS_STATUS_INFO, +d2i_TS_TST_INFO, +d2i_TS_TST_INFO_bio, +d2i_TS_TST_INFO_fp, +d2i_USERNOTICE, +d2i_X509, +d2i_X509_ALGOR, +d2i_X509_ALGORS, +d2i_X509_ATTRIBUTE, +d2i_X509_CERT_AUX, +d2i_X509_CINF, +d2i_X509_CRL, +d2i_X509_CRL_INFO, +d2i_X509_CRL_bio, +d2i_X509_CRL_fp, +d2i_X509_EXTENSION, +d2i_X509_EXTENSIONS, +d2i_X509_NAME, +d2i_X509_NAME_ENTRY, +d2i_X509_PUBKEY, +d2i_X509_PUBKEY_bio, +d2i_X509_PUBKEY_fp, +d2i_X509_REQ, +d2i_X509_REQ_INFO, +d2i_X509_REQ_bio, +d2i_X509_REQ_fp, +d2i_X509_REVOKED, +d2i_X509_SIG, +d2i_X509_VAL, +i2d_ACCESS_DESCRIPTION, +i2d_ADMISSIONS, +i2d_ADMISSION_SYNTAX, +i2d_ASIdOrRange, +i2d_ASIdentifierChoice, +i2d_ASIdentifiers, +i2d_ASN1_BIT_STRING, +i2d_ASN1_BMPSTRING, +i2d_ASN1_ENUMERATED, +i2d_ASN1_GENERALIZEDTIME, +i2d_ASN1_GENERALSTRING, +i2d_ASN1_IA5STRING, +i2d_ASN1_INTEGER, +i2d_ASN1_NULL, +i2d_ASN1_OBJECT, +i2d_ASN1_OCTET_STRING, +i2d_ASN1_PRINTABLE, +i2d_ASN1_PRINTABLESTRING, +i2d_ASN1_SEQUENCE_ANY, +i2d_ASN1_SET_ANY, +i2d_ASN1_T61STRING, +i2d_ASN1_TIME, +i2d_ASN1_TYPE, +i2d_ASN1_UNIVERSALSTRING, +i2d_ASN1_UTCTIME, +i2d_ASN1_UTF8STRING, +i2d_ASN1_VISIBLESTRING, +i2d_ASN1_bio_stream, +i2d_ASRange, +i2d_AUTHORITY_INFO_ACCESS, +i2d_AUTHORITY_KEYID, +i2d_BASIC_CONSTRAINTS, +i2d_CERTIFICATEPOLICIES, +i2d_CMS_ContentInfo, +i2d_CMS_ReceiptRequest, +i2d_CMS_bio, +i2d_CRL_DIST_POINTS, +i2d_DHxparams, +i2d_DIRECTORYSTRING, +i2d_DISPLAYTEXT, +i2d_DIST_POINT, +i2d_DIST_POINT_NAME, +i2d_DSAPrivateKey, +i2d_DSAPrivateKey_bio, +i2d_DSAPrivateKey_fp, +i2d_DSAPublicKey, +i2d_DSA_PUBKEY, +i2d_DSA_PUBKEY_bio, +i2d_DSA_PUBKEY_fp, +i2d_DSA_SIG, +i2d_DSAparams, +i2d_ECDSA_SIG, +i2d_ECPKParameters, +i2d_ECParameters, +i2d_ECPrivateKey, +i2d_ECPrivateKey_bio, +i2d_ECPrivateKey_fp, +i2d_EC_PUBKEY, +i2d_EC_PUBKEY_bio, +i2d_EC_PUBKEY_fp, +i2d_EDIPARTYNAME, +i2d_ESS_CERT_ID, +i2d_ESS_CERT_ID_V2, +i2d_ESS_ISSUER_SERIAL, +i2d_ESS_SIGNING_CERT, +i2d_ESS_SIGNING_CERT_V2, +i2d_EXTENDED_KEY_USAGE, +i2d_GENERAL_NAME, +i2d_GENERAL_NAMES, +i2d_IPAddressChoice, +i2d_IPAddressFamily, +i2d_IPAddressOrRange, +i2d_IPAddressRange, +i2d_ISSUING_DIST_POINT, +i2d_NAMING_AUTHORITY, +i2d_NETSCAPE_CERT_SEQUENCE, +i2d_NETSCAPE_SPKAC, +i2d_NETSCAPE_SPKI, +i2d_NOTICEREF, +i2d_OCSP_BASICRESP, +i2d_OCSP_CERTID, +i2d_OCSP_CERTSTATUS, +i2d_OCSP_CRLID, +i2d_OCSP_ONEREQ, +i2d_OCSP_REQINFO, +i2d_OCSP_REQUEST, +i2d_OCSP_RESPBYTES, +i2d_OCSP_RESPDATA, +i2d_OCSP_RESPID, +i2d_OCSP_RESPONSE, +i2d_OCSP_REVOKEDINFO, +i2d_OCSP_SERVICELOC, +i2d_OCSP_SIGNATURE, +i2d_OCSP_SINGLERESP, +i2d_OSSL_CMP_MSG, +i2d_OSSL_CMP_PKIHEADER, +i2d_OSSL_CRMF_CERTID, +i2d_OSSL_CRMF_CERTTEMPLATE, +i2d_OSSL_CRMF_ENCRYPTEDVALUE, +i2d_OSSL_CRMF_MSG, +i2d_OSSL_CRMF_MSGS, +i2d_OSSL_CRMF_PBMPARAMETER, +i2d_OSSL_CRMF_PKIPUBLICATIONINFO, +i2d_OSSL_CRMF_SINGLEPUBINFO, +i2d_OTHERNAME, +i2d_PBE2PARAM, +i2d_PBEPARAM, +i2d_PBKDF2PARAM, +i2d_PKCS12, +i2d_PKCS12_BAGS, +i2d_PKCS12_MAC_DATA, +i2d_PKCS12_SAFEBAG, +i2d_PKCS12_bio, +i2d_PKCS12_fp, +i2d_PKCS7, +i2d_PKCS7_DIGEST, +i2d_PKCS7_ENCRYPT, +i2d_PKCS7_ENC_CONTENT, +i2d_PKCS7_ENVELOPE, +i2d_PKCS7_ISSUER_AND_SERIAL, +i2d_PKCS7_NDEF, +i2d_PKCS7_RECIP_INFO, +i2d_PKCS7_SIGNED, +i2d_PKCS7_SIGNER_INFO, +i2d_PKCS7_SIGN_ENVELOPE, +i2d_PKCS7_bio, +i2d_PKCS7_fp, +i2d_PKCS8PrivateKeyInfo_bio, +i2d_PKCS8PrivateKeyInfo_fp, +i2d_PKCS8_PRIV_KEY_INFO, +i2d_PKCS8_PRIV_KEY_INFO_bio, +i2d_PKCS8_PRIV_KEY_INFO_fp, +i2d_PKCS8_bio, +i2d_PKCS8_fp, +i2d_PKEY_USAGE_PERIOD, +i2d_POLICYINFO, +i2d_POLICYQUALINFO, +i2d_PROFESSION_INFO, +i2d_PROXY_CERT_INFO_EXTENSION, +i2d_PROXY_POLICY, +i2d_RSAPrivateKey, +i2d_RSAPrivateKey_bio, +i2d_RSAPrivateKey_fp, +i2d_RSAPublicKey, +i2d_RSAPublicKey_bio, +i2d_RSAPublicKey_fp, +i2d_RSA_OAEP_PARAMS, +i2d_RSA_PSS_PARAMS, +i2d_RSA_PUBKEY, +i2d_RSA_PUBKEY_bio, +i2d_RSA_PUBKEY_fp, +i2d_SCRYPT_PARAMS, +i2d_SCT_LIST, +i2d_SXNET, +i2d_SXNETID, +i2d_TS_ACCURACY, +i2d_TS_MSG_IMPRINT, +i2d_TS_MSG_IMPRINT_bio, +i2d_TS_MSG_IMPRINT_fp, +i2d_TS_REQ, +i2d_TS_REQ_bio, +i2d_TS_REQ_fp, +i2d_TS_RESP, +i2d_TS_RESP_bio, +i2d_TS_RESP_fp, +i2d_TS_STATUS_INFO, +i2d_TS_TST_INFO, +i2d_TS_TST_INFO_bio, +i2d_TS_TST_INFO_fp, +i2d_USERNOTICE, +i2d_X509, +i2d_X509_ALGOR, +i2d_X509_ALGORS, +i2d_X509_ATTRIBUTE, +i2d_X509_CERT_AUX, +i2d_X509_CINF, +i2d_X509_CRL, +i2d_X509_CRL_INFO, +i2d_X509_CRL_bio, +i2d_X509_CRL_fp, +i2d_X509_EXTENSION, +i2d_X509_EXTENSIONS, +i2d_X509_NAME, +i2d_X509_NAME_ENTRY, +i2d_X509_PUBKEY, +i2d_X509_PUBKEY_bio, +i2d_X509_PUBKEY_fp, +i2d_X509_REQ, +i2d_X509_REQ_INFO, +i2d_X509_REQ_bio, +i2d_X509_REQ_fp, +i2d_X509_REVOKED, +i2d_X509_SIG, +i2d_X509_VAL, +- convert objects from/to ASN.1/DER representation

    +

    +

    +
    +

    SYNOPSIS

    +
    + TYPE *d2i_TYPE(TYPE **a, unsigned char **ppin, long length);
+ TYPE *d2i_TYPE_bio(BIO *bp, TYPE **a);
+ TYPE *d2i_TYPE_fp(FILE *fp, TYPE **a);
    +
    + int i2d_TYPE(const TYPE *a, unsigned char **ppout);
+ int i2d_TYPE(TYPE *a, unsigned char **ppout);
+ int i2d_TYPE_fp(FILE *fp, const TYPE *a);
+ int i2d_TYPE_fp(FILE *fp, TYPE *a);
+ int i2d_TYPE_bio(BIO *bp, const TYPE *a);
+ int i2d_TYPE_bio(BIO *bp, TYPE *a);
    +

    +

    +
    +

    DESCRIPTION

    +

    In the description here, TYPE is used a placeholder +for any of the OpenSSL datatypes, such as X509_CRL. +The function parameters ppin and ppout are generally +either both named pp in the headers, or in and out.

    +

    These functions convert OpenSSL objects to and from their ASN.1/DER +encoding. Unlike the C structures which can have pointers to sub-objects +within, the DER is a serialized encoding, suitable for sending over the +network, writing to a file, and so on.

    +

    d2i_TYPE() attempts to decode len bytes at *ppin. If successful a +pointer to the TYPE structure is returned and *ppin is incremented to +the byte following the parsed data. If a is not NULL then a pointer +to the returned structure is also written to *a. If an error occurred +then NULL is returned.

    +

    On a successful return, if *a is not NULL then it is assumed that *a +contains a valid TYPE structure and an attempt is made to reuse it. This +"reuse" capability is present for historical compatibility but its use is +strongly discouraged (see BUGS below, and the discussion in the RETURN +VALUES section).

    +

    d2i_TYPE_bio() is similar to d2i_TYPE() except it attempts +to parse data from BIO bp.

    +

    d2i_TYPE_fp() is similar to d2i_TYPE() except it attempts +to parse data from FILE pointer fp.

    +

    i2d_TYPE() encodes the structure pointed to by a into DER format. +If ppout is not NULL, it writes the DER encoded data to the buffer +at *ppout, and increments it to point after the data just written. +If the return value is negative an error occurred, otherwise it +returns the length of the encoded data.

    +

    If *ppout is NULL memory will be allocated for a buffer and the encoded +data written to it. In this case *ppout is not incremented and it points +to the start of the data just written.

    +

    i2d_TYPE_bio() is similar to i2d_TYPE() except it writes +the encoding of the structure a to BIO bp and it +returns 1 for success and 0 for failure.

    +

    i2d_TYPE_fp() is similar to i2d_TYPE() except it writes +the encoding of the structure a to BIO bp and it +returns 1 for success and 0 for failure.

    +

    These routines do not encrypt private keys and therefore offer no +security; use PEM_write_PrivateKey(3) or similar for writing to files.

    +

    +

    +
    +

    NOTES

    +

    The letters i and d in i2d_TYPE() stand for +"internal" (that is, an internal C structure) and "DER" respectively. +So i2d_TYPE() converts from internal to DER.

    +

    The functions can also understand BER forms.

    +

    The actual TYPE structure passed to i2d_TYPE() must be a valid +populated TYPE structure -- it cannot simply be fed with an +empty structure such as that returned by TYPE_new().

    +

    The encoded data is in binary form and may contain embedded zeros. +Therefore any FILE pointers or BIOs should be opened in binary mode. +Functions such as strlen() will not return the correct length +of the encoded structure.

    +

    The ways that *ppin and *ppout are incremented after the operation +can trap the unwary. See the WARNINGS section for some common +errors. +The reason for this-auto increment behaviour is to reflect a typical +usage of ASN1 functions: after one structure is encoded or decoded +another will be processed after it.

    +

    The following points about the data types might be useful:

    +
    +
    ASN1_OBJECT
    + +
    +

    Represents an ASN1 OBJECT IDENTIFIER.

    +
    +
    DHparams
    + +
    +

    Represents a PKCS#3 DH parameters structure.

    +
    +
    DHxparams
    + +
    +

    Represents an ANSI X9.42 DH parameters structure.

    +
    +
    DSA_PUBKEY
    + +
    +

    Represents a DSA public key using a SubjectPublicKeyInfo structure.

    +
    +
    DSAPublicKey, DSAPrivateKey
    + +
    +

    Use a non-standard OpenSSL format and should be avoided; use DSA_PUBKEY, +PEM_write_PrivateKey(3), or similar instead.

    +
    +
    ECDSA_SIG
    + +
    +

    Represents an ECDSA signature.

    +
    +
    RSAPublicKey
    + +
    +

    Represents a PKCS#1 RSA public key structure.

    +
    +
    X509_ALGOR
    + +
    +

    Represents an AlgorithmIdentifier structure as used in IETF RFC 6960 and +elsewhere.

    +
    +
    X509_Name
    + +
    +

    Represents a Name type as used for subject and issuer names in +IETF RFC 6960 and elsewhere.

    +
    +
    X509_REQ
    + +
    +

    Represents a PKCS#10 certificate request.

    +
    +
    X509_SIG
    + +
    +

    Represents the DigestInfo structure defined in PKCS#1 and PKCS#7.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    d2i_TYPE(), d2i_TYPE_bio() and d2i_TYPE_fp() return a valid +TYPE structure or NULL if an error occurs. If the "reuse" capability has +been used with a valid structure being passed in via a, then the object is +freed in the event of error and *a is set to NULL.

    +

    i2d_TYPE() returns the number of bytes successfully encoded or a negative +value if an error occurs.

    +

    i2d_TYPE_bio() and i2d_TYPE_fp() return 1 for success and 0 if an +error occurs.

    +

    +

    +
    +

    EXAMPLES

    +

    Allocate and encode the DER encoding of an X509 structure:

    +
    + int len;
+ unsigned char *buf;
    +
    + buf = NULL;
+ len = i2d_X509(x, &buf);
+ if (len < 0)
+     /* error */
    +

    Attempt to decode a buffer:

    +
    + X509 *x;
+ unsigned char *buf, *p;
+ int len;
    +
    + /* Set up buf and len to point to the input buffer. */
+ p = buf;
+ x = d2i_X509(NULL, &p, len);
+ if (x == NULL)
+     /* error */
    +

    Alternative technique:

    +
    + X509 *x;
+ unsigned char *buf, *p;
+ int len;
    +
    + /* Set up buf and len to point to the input buffer. */
+ p = buf;
+ x = NULL;
    +
    + if (d2i_X509(&x, &p, len) == NULL)
+     /* error */
    +

    +

    +
    +

    WARNINGS

    +

    Using a temporary variable is mandatory. A common +mistake is to attempt to use a buffer directly as follows:

    +
    + int len;
+ unsigned char *buf;
    +
    + len = i2d_X509(x, NULL);
+ buf = OPENSSL_malloc(len);
+ ...
+ i2d_X509(x, &buf);
+ ...
+ OPENSSL_free(buf);
    +

    This code will result in buf apparently containing garbage because +it was incremented after the call to point after the data just written. +Also buf will no longer contain the pointer allocated by OPENSSL_malloc() +and the subsequent call to OPENSSL_free() is likely to crash.

    +

    Another trap to avoid is misuse of the a argument to d2i_TYPE():

    +
    + X509 *x;
    +
    + if (d2i_X509(&x, &p, len) == NULL)
+     /* error */
    +

    This will probably crash somewhere in d2i_X509(). The reason for this +is that the variable x is uninitialized and an attempt will be made to +interpret its (invalid) value as an X509 structure, typically causing +a segmentation violation. If x is set to NULL first then this will not +happen.

    +

    +

    +
    +

    BUGS

    +

    In some versions of OpenSSL the "reuse" behaviour of d2i_TYPE() when +*a is valid is broken and some parts of the reused structure may +persist if they are not present in the new one. Additionally, in versions of +OpenSSL prior to 1.1.0, when the "reuse" behaviour is used and an error occurs +the behaviour is inconsistent. Some functions behaved as described here, while +some did not free *a on error and did not set *a to NULL.

    +

    As a result of the above issues the "reuse" behaviour is strongly discouraged.

    +

    i2d_TYPE() will not return an error in many versions of OpenSSL, +if mandatory fields are not initialized due to a programming error +then the encoded structure may contain invalid data or omit the +fields entirely and will not be parsed by d2i_TYPE(). This may be +fixed in future so code should not assume that i2d_TYPE() will +always succeed.

    +

    Any function which encodes a structure (i2d_TYPE(), +i2d_TYPE() or i2d_TYPE()) may return a stale encoding if the +structure has been modified after deserialization or previous +serialization. This is because some objects cache the encoding for +efficiency reasons.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/i2d_CMS_bio_stream.html b/linux_amd64/ssl/share/doc/openssl/html/man3/i2d_CMS_bio_stream.html new file mode 100755 index 0000000..b353b23 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/i2d_CMS_bio_stream.html @@ -0,0 +1,95 @@ + + + + +i2d_CMS_bio_stream + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    i2d_CMS_bio_stream - output CMS_ContentInfo structure in BER format

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/cms.h>
    +
    + int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *data, int flags);
    +

    +

    +
    +

    DESCRIPTION

    +

    i2d_CMS_bio_stream() outputs a CMS_ContentInfo structure in BER format.

    +

    It is otherwise identical to the function SMIME_write_CMS().

    +

    +

    +
    +

    NOTES

    +

    This function is effectively a version of the i2d_CMS_bio() supporting +streaming.

    +

    +

    +
    +

    BUGS

    +

    The prefix "i2d" is arguably wrong because the function outputs BER format.

    +

    +

    +
    +

    RETURN VALUES

    +

    i2d_CMS_bio_stream() returns 1 for success or 0 for failure.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), CMS_sign(3), +CMS_verify(3), CMS_encrypt(3) +CMS_decrypt(3), +SMIME_write_CMS(3), +PEM_write_bio_CMS_stream(3)

    +

    +

    +
    +

    HISTORY

    +

    The i2d_CMS_bio_stream() function was added in OpenSSL 1.0.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/i2d_PKCS7_bio_stream.html b/linux_amd64/ssl/share/doc/openssl/html/man3/i2d_PKCS7_bio_stream.html new file mode 100755 index 0000000..62faed2 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/i2d_PKCS7_bio_stream.html @@ -0,0 +1,95 @@ + + + + +i2d_PKCS7_bio_stream + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    i2d_PKCS7_bio_stream - output PKCS7 structure in BER format

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/pkcs7.h>
    +
    + int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *data, int flags);
    +

    +

    +
    +

    DESCRIPTION

    +

    i2d_PKCS7_bio_stream() outputs a PKCS7 structure in BER format.

    +

    It is otherwise identical to the function SMIME_write_PKCS7().

    +

    +

    +
    +

    NOTES

    +

    This function is effectively a version of the d2i_PKCS7_bio() supporting +streaming.

    +

    +

    +
    +

    BUGS

    +

    The prefix "i2d" is arguably wrong because the function outputs BER format.

    +

    +

    +
    +

    RETURN VALUES

    +

    i2d_PKCS7_bio_stream() returns 1 for success or 0 for failure.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3), PKCS7_sign(3), +PKCS7_verify(3), PKCS7_encrypt(3) +PKCS7_decrypt(3), +SMIME_write_PKCS7(3), +PEM_write_bio_PKCS7_stream(3)

    +

    +

    +
    +

    HISTORY

    +

    The i2d_PKCS7_bio_stream() function was added in OpenSSL 1.0.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/i2d_re_X509_tbs.html b/linux_amd64/ssl/share/doc/openssl/html/man3/i2d_re_X509_tbs.html new file mode 100755 index 0000000..9b66628 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/i2d_re_X509_tbs.html @@ -0,0 +1,118 @@ + + + + +i2d_re_X509_tbs + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    d2i_X509_AUX, i2d_X509_AUX, +i2d_re_X509_tbs, i2d_re_X509_CRL_tbs, i2d_re_X509_REQ_tbs +- X509 encode and decode functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509.h>
    +
    + X509 *d2i_X509_AUX(X509 **px, const unsigned char **in, long len);
+ int i2d_X509_AUX(X509 *x, unsigned char **out);
+ int i2d_re_X509_tbs(X509 *x, unsigned char **out);
+ int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **pp);
+ int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp);
    +

    +

    +
    +

    DESCRIPTION

    +

    The X509 encode and decode routines encode and parse an +X509 structure, which represents an X509 certificate.

    +

    d2i_X509_AUX() is similar to d2i_X509(3) but the input is expected to +consist of an X509 certificate followed by auxiliary trust information. +This is used by the PEM routines to read "TRUSTED CERTIFICATE" objects. +This function should not be called on untrusted input.

    +

    i2d_X509_AUX() is similar to i2d_X509(3), but the encoded output +contains both the certificate and any auxiliary trust information. +This is used by the PEM routines to write "TRUSTED CERTIFICATE" objects. +Note that this is a non-standard OpenSSL-specific data format.

    +

    i2d_re_X509_tbs() is similar to i2d_X509(3) except it encodes only +the TBSCertificate portion of the certificate. i2d_re_X509_CRL_tbs() +and i2d_re_X509_REQ_tbs() are analogous for CRL and certificate request, +respectively. The "re" in i2d_re_X509_tbs stands for "re-encode", +and ensures that a fresh encoding is generated in case the object has been +modified after creation (see the BUGS section).

    +

    The encoding of the TBSCertificate portion of a certificate is cached +in the X509 structure internally to improve encoding performance +and to ensure certificate signatures are verified correctly in some +certificates with broken (non-DER) encodings.

    +

    If, after modification, the X509 object is re-signed with X509_sign(), +the encoding is automatically renewed. Otherwise, the encoding of the +TBSCertificate portion of the X509 can be manually renewed by calling +i2d_re_X509_tbs().

    +

    +

    +
    +

    RETURN VALUES

    +

    d2i_X509_AUX() returns a valid X509 structure or NULL if an error occurred.

    +

    i2d_X509_AUX() returns the length of encoded data or -1 on error.

    +

    i2d_re_X509_tbs(), i2d_re_X509_CRL_tbs() and i2d_re_X509_REQ_tbs() return the +length of encoded data or 0 on error.

    +

    +

    +
    +

    SEE ALSO

    +

    ERR_get_error(3) +X509_CRL_get0_by_serial(3), +X509_get0_signature(3), +X509_get_ext_d2i(3), +X509_get_extension_flags(3), +X509_get_pubkey(3), +X509_get_subject_name(3), +X509_get_version(3), +X509_NAME_add_entry_by_txt(3), +X509_NAME_ENTRY_get_object(3), +X509_NAME_get_index_by_NID(3), +X509_NAME_print_ex(3), +X509_new(3), +X509_sign(3), +X509V3_get_d2i(3), +X509_verify_cert(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/o2i_SCT_LIST.html b/linux_amd64/ssl/share/doc/openssl/html/man3/o2i_SCT_LIST.html new file mode 100755 index 0000000..a442549 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/o2i_SCT_LIST.html @@ -0,0 +1,88 @@ + + + + +o2i_SCT_LIST + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    o2i_SCT_LIST, i2o_SCT_LIST, o2i_SCT, i2o_SCT - +decode and encode Signed Certificate Timestamp lists in TLS wire format

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ct.h>
    +
    + STACK_OF(SCT) *o2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp,
+                             size_t len);
+ int i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp);
+ SCT *o2i_SCT(SCT **psct, const unsigned char **in, size_t len);
+ int i2o_SCT(const SCT *sct, unsigned char **out);
    +

    +

    +
    +

    DESCRIPTION

    +

    The SCT_LIST and SCT functions are very similar to the i2d and d2i family of +functions, except that they convert to and from TLS wire format, as described in +RFC 6962. See d2i_SCT_LIST(3) for more information about how the parameters are +treated and the return values.

    +

    +

    +
    +

    RETURN VALUES

    +

    All of the functions have return values consistent with those stated for +d2i_SCT_LIST(3) and i2d_SCT_LIST(3).

    +

    +

    +
    +

    SEE ALSO

    +

    ct(7), +d2i_SCT_LIST(3), +i2d_SCT_LIST(3)

    +

    +

    +
    +

    HISTORY

    +

    These functions were added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man3/s2i_ASN1_IA5STRING.html b/linux_amd64/ssl/share/doc/openssl/html/man3/s2i_ASN1_IA5STRING.html new file mode 100755 index 0000000..bc1233b --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man3/s2i_ASN1_IA5STRING.html @@ -0,0 +1,109 @@ + + + + +s2i_ASN1_IA5STRING + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    i2s_ASN1_IA5STRING, +s2i_ASN1_IA5STRING, +i2s_ASN1_INTEGER, +s2i_ASN1_INTEGER, +i2s_ASN1_OCTET_STRING, +s2i_ASN1_OCTET_STRING, +i2s_ASN1_ENUMERATED, +i2s_ASN1_ENUMERATED_TABLE, +- convert objects from/to ASN.1/string representation

    +

    +

    +
    +

    SYNOPSIS

    +
    + char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5);
+ ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
+                                   X509V3_CTX *ctx, const char *str);
+ char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, const ASN1_INTEGER *a);
+ ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, const char *value);
+ char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
+                            const ASN1_OCTET_STRING *oct);
+ ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
+                                         X509V3_CTX *ctx, const char *str);
+ char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *method, const ASN1_ENUMERATED *a);
+ char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method,
+                                const ASN1_ENUMERATED *e);
    +

    +

    +
    +

    DESCRIPTION

    +

    These functions convert OpenSSL objects to and from their ASN.1/string +representation. This function is used for X509v3 extentions.

    +

    +

    +
    +

    NOTES

    +

    The letters i and s in i2s_ASN1_IA5STRING() stand for +"internal" (that is, an internal C structure) and string respectively. +So i2s_ASN1_IA5STRING() converts from internal to string.

    +

    It is the caller's responsibility to free the returned string. +In the i2s_ASN1_IA5STRING() function the string is copied and +the ownership of the original string remains with the caller.

    +

    +

    +
    +

    RETURN VALUES

    +

    i2s_ASN1_IA5STRING() returns the pointer to a IA5 string +or NULL if an error occurs.

    +

    s2i_ASN1_IA5STRING() return a valid +ASN1_IA5STRING structure or NULL if an error occurs.

    +

    i2s_ASN1_INTEGER() return a valid +string or NULL if an error occurs.

    +

    s2i_ASN1_INTEGER() returns the pointer to a ASN1_INTEGER +structure or NULL if an error occurs.

    +

    i2s_ASN1_OCTET_STRING() returns the pointer to a OCTET_STRING string +or NULL if an error occurs.

    +

    s2i_ASN1_OCTET_STRING() return a valid +ASN1_OCTET_STRING structure or NULL if an error occurs.

    +

    i2s_ASN1_ENUMERATED() return a valid +string or NULL if an error occurs.

    +

    s2i_ASN1_ENUMERATED() returns the pointer to a ASN1_ENUMERATED +structure or NULL if an error occurs.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man5/config.html b/linux_amd64/ssl/share/doc/openssl/html/man5/config.html new file mode 100755 index 0000000..5c68d70 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man5/config.html @@ -0,0 +1,583 @@ + + + + +config + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    config - OpenSSL CONF library configuration files

    +

    +

    +
    +

    DESCRIPTION

    +

    The OpenSSL CONF library can be used to read configuration files. +It is used for the OpenSSL master configuration file openssl.cnf +and in a few other places like SPKAC files and certificate extension +files for the x509 utility. OpenSSL applications can also use the +CONF library for their own purposes.

    +

    A configuration file is divided into a number of sections. Each section +starts with a line [section_name] and ends when a new section is +started or end of file is reached. A section name can consist of +alphanumeric characters and underscores. The brackets are required.

    +

    The first section of a configuration file is special and is referred +to as the default section. This section is usually unnamed and spans from the +start of file until the first named section. When a name is being looked up +it is first looked up in a named section (if any) and then the +default section.

    +

    The environment is mapped onto a section called ENV.

    +

    Comments can be included by preceding them with the # character

    +

    Other files can be included using the .include directive followed +by a path. If the path points to a directory all files with +names ending with .cnf or .conf are included from the directory. +Recursive inclusion of directories from files in such directory is not +supported. That means the files in the included directory can also contain +.include directives but only inclusion of regular files is supported +there. The inclusion of directories is not supported on systems without +POSIX IO support.

    +

    It is strongly recommended to use absolute paths with the .include +directive. Relative paths are evaluated based on the application current +working directory so unless the configuration file containing the +.include directive is application specific the inclusion will not +work as expected. The environment variable OPENSSL_CONF_INCLUDE can also be +used to specify the path to prepend to all .include paths.

    +

    There can be optional = character and whitespace characters between +.include directive and the path which can be useful in cases the +configuration file needs to be loaded by old OpenSSL versions which do +not support the .include syntax. They would bail out with error +if the = character is not present but with it they just ignore +the include.

    +

    Pragmas can be specified with the .pragma directive. +See PRAGMAS for more information.

    +

    Each section in a configuration file consists of a number of name and +value pairs of the form name=value

    +

    The name string can contain any alphanumeric characters as well as +a few punctuation symbols such as . , ; and _.

    +

    The value string consists of the string following the = character +until end of line with any leading and trailing white space removed.

    +

    The value string undergoes variable expansion. This can be done by +including the form $var or ${var}: this will substitute the value +of the named variable in the current section. It is also possible to +substitute a value from another section using the syntax $section::name +or ${section::name}. By using the form $ENV::name environment +variables can be substituted. It is also possible to assign values to +environment variables by using the name ENV::name, this will work +if the program looks up environment variables using the CONF library +instead of calling getenv() directly. The value string must not exceed 64k in +length after variable expansion. Otherwise an error will occur.

    +

    It is possible to escape certain characters by using any kind of quote +or the \ character. By making the last character of a line a \ +a value string can be spread across multiple lines. In addition +the sequences \n, \r, \b and \t are recognized.

    +

    All expansion and escape rules as described above that apply to value +also apply to the path of the .include directive.

    +

    +

    +
    +

    PRAGMAS

    +

    Pragmas can be used to change the behavior of the configuration file +parser, among others. Currently supported pragmas are:

    +
    +
    .pragma dollarid:value
    + +
    +

    value can be one of:

    +
    +
    "on" or "true"
    + +
    +

    this signifies that dollar signs are considered an identity character +from this point on and that variable expansion requires the use of +braces or parentheses. In other words, foo$bar will be considered +a name instead of foo followed by the expansion of the variable +bar. +This is suitable for platforms where the dollar sign is commonly used +as part of names.

    +
    +
    "off" or "false"
    + +
    +

    Turns this pragma off, i.e. foo$bar will be interpreted as foo +followed by the expansion of the variable bar.

    +
    +
    +

    By default, this pragma is turned off.

    +
    +
    +

    +

    +
    +

    OPENSSL LIBRARY CONFIGURATION

    +

    Applications can automatically configure certain +aspects of OpenSSL using the master OpenSSL configuration file, or optionally +an alternative configuration file. The openssl utility includes this +functionality: any sub command uses the master OpenSSL configuration file +unless an option is used in the sub command to use an alternative configuration +file.

    +

    To enable library configuration the default section needs to contain an +appropriate line which points to the main configuration section. The default +name is openssl_conf which is used by the openssl utility. Other +applications may use an alternative name such as myapplication_conf. +All library configuration lines appear in the default section at the start +of the configuration file.

    +

    The configuration section should consist of a set of name value pairs which +contain specific module configuration information. The name represents +the name of the configuration module. The meaning of the value is +module specific: it may, for example, represent a further configuration +section containing configuration module specific information. E.g.:

    +
    + # This must be in the default section
+ openssl_conf = openssl_init
    +
    + [openssl_init]
    +
    + oid_section = new_oids
+ engines = engine_section
+ providers = provider_section
    +
    + [new_oids]
    +
    + ... new oids here ...
    +
    + [engine_section]
    +
    + ... engine stuff here ...
    +
    + [provider_section]
    +
    + ... provider stuff here ...
    +

    The features of each configuration module are described below.

    +

    +

    +

    ASN1 Object Configuration Module

    +

    This module has the name oid_section. The value of this variable points +to a section containing name value pairs of OIDs: the name is the OID short +and long name, the value is the numerical form of the OID. Although some of +the openssl utility sub commands already have their own ASN1 OBJECT section +functionality not all do. By using the ASN1 OBJECT configuration module +all the openssl utility sub commands can see the new objects as well +as any compliant applications. For example:

    +
    + [new_oids]
    +
    + some_new_oid = 1.2.3.4
+ some_other_oid = 1.2.3.5
    +

    It is also possible to set the value to the long name followed +by a comma and the numerical OID form. For example:

    +
    + shortName = some object long name, 1.2.3.4
    +

    +

    +

    Engine Configuration Module

    +

    This ENGINE configuration module has the name engines. The value of this +variable points to a section containing further ENGINE configuration +information.

    +

    The section pointed to by engines is a table of engine names (though see +engine_id below) and further sections containing configuration information +specific to each ENGINE.

    +

    Each ENGINE specific section is used to set default algorithms, load +dynamic, perform initialization and send ctrls. The actual operation performed +depends on the command name which is the name of the name value pair. The +currently supported commands are listed below.

    +

    For example:

    +
    + [engine_section]
    +
    + # Configure ENGINE named "foo"
+ foo = foo_section
+ # Configure ENGINE named "bar"
+ bar = bar_section
    +
    + [foo_section]
+ ... foo ENGINE specific commands ...
    +
    + [bar_section]
+ ... "bar" ENGINE specific commands ...
    +

    The command engine_id is used to give the ENGINE name. If used this +command must be first. For example:

    +
    + [engine_section]
+ # This would normally handle an ENGINE named "foo"
+ foo = foo_section
    +
    + [foo_section]
+ # Override default name and use "myfoo" instead.
+ engine_id = myfoo
    +

    The command dynamic_path loads and adds an ENGINE from the given path. It +is equivalent to sending the ctrls SO_PATH with the path argument followed +by LIST_ADD with value 2 and LOAD to the dynamic ENGINE. If this is +not the required behaviour then alternative ctrls can be sent directly +to the dynamic ENGINE using ctrl commands.

    +

    The command init determines whether to initialize the ENGINE. If the value +is 0 the ENGINE will not be initialized, if 1 and attempt it made to +initialized the ENGINE immediately. If the init command is not present +then an attempt will be made to initialize the ENGINE after all commands in +its section have been processed.

    +

    The command default_algorithms sets the default algorithms an ENGINE will +supply using the functions ENGINE_set_default_string().

    +

    If the name matches none of the above command names it is assumed to be a +ctrl command which is sent to the ENGINE. The value of the command is the +argument to the ctrl command. If the value is the string EMPTY then no +value is sent to the command.

    +

    For example:

    +
    + [engine_section]
    +
    + # Configure ENGINE named "foo"
+ foo = foo_section
    +
    + [foo_section]
+ # Load engine from DSO
+ dynamic_path = /some/path/fooengine.so
+ # A foo specific ctrl.
+ some_ctrl = some_value
+ # Another ctrl that doesn't take a value.
+ other_ctrl = EMPTY
+ # Supply all default algorithms
+ default_algorithms = ALL
    +

    +

    +

    Provider Configuration Module

    +

    This provider configuration module has the name providers. The +value of this variable points to a section containing further provider +configuration information.

    +

    The section pointed to by providers is a table of provider names +(though see identity below) and further sections containing +configuration information specific to each provider module.

    +

    Each provider specific section is used to load its module, perform +activation and set parameters to pass to the provider on demand. The +actual operation performed depends on the name of the name value pair. +The currently supported commands are listed below.

    +

    For example:

    +
    + [provider_section]
    +
    + # Configure provider named "foo"
+ foo = foo_section
+ # Configure provider named "bar"
+ bar = bar_section
    +
    + [foo_section]
+ ... "foo" provider specific parameters ...
    +
    + [bar_section]
+ ... "bar" provider specific parameters ...
    +

    The command identity is used to give the provider name. For example:

    +
    + [provider_section]
+ # This would normally handle a provider named "foo"
+ foo = foo_section
    +
    + [foo_section]
+ # Override default name and use "myfoo" instead.
+ identity = myfoo
    +

    The parameter module loads and adds a provider module from the +given module path. That path may be a simple filename, a relative +path or an absolute path.

    +

    The parameter activate determines whether to activate the +provider. The value has no importance, the presence of the parameter +is enough for activation to take place.

    +

    All parameters in the section as well as sub-sections are made +available to the provider.

    +

    +

    +

    EVP Configuration Module

    +

    This module has the name alg_section which points to a section containing +algorithm commands.

    +

    The supported algorithm commands are:

    +
    +
    default_properties
    + +
    +

    The value may be anything that is acceptable as a property query +string for EVP_set_default_properties().

    +
    +
    fips_mode (deprecated)
    + +
    +

    The value is a boolean that can be yes or no. If the value is +yes, this is exactly equivalent to:

    +
    +    default_properties = fips=yes
    +

    If the value is no, nothing happens.

    +
    +
    +

    These two commands should not be used together, as there is no control +over how they affect each other. +The use of fips_mode is strongly discouraged and is only present +for backward compatibility with earlier OpenSSL FIPS modules.

    +

    +

    +

    SSL Configuration Module

    +

    This module has the name ssl_conf which points to a section containing +SSL configurations.

    +

    Each line in the SSL configuration section contains the name of the +configuration and the section containing it.

    +

    Each configuration section consists of command value pairs for SSL_CONF. +Each pair will be passed to a SSL_CTX or SSL structure if it calls +SSL_CTX_config() or SSL_config() with the appropriate configuration name.

    +

    Note: any characters before an initial dot in the configuration section are +ignored so the same command can be used multiple times.

    +

    For example:

    +
    + ssl_conf = ssl_sect
    +
    + [ssl_sect]
    +
    + server = server_section
    +
    + [server_section]
    +
    + RSA.Certificate = server-rsa.pem
+ ECDSA.Certificate = server-ecdsa.pem
+ Ciphers = ALL:!RC4
    +

    The system default configuration with name system_default if present will +be applied during any creation of the SSL_CTX structure.

    +

    Example of a configuration with the system default:

    +
    + ssl_conf = ssl_sect
    +
    + [ssl_sect]
    +
    + system_default = system_default_sect
    +
    + [system_default_sect]
    +
    + MinProtocol = TLSv1.2
    +

    +

    +
    +

    NOTES

    +

    If a configuration file attempts to expand a variable that doesn't exist +then an error is flagged and the file will not load. This can happen +if an attempt is made to expand an environment variable that doesn't +exist. For example in a previous version of OpenSSL the default OpenSSL +master configuration file used the value of HOME which may not be +defined on non Unix systems and would cause an error.

    +

    This can be worked around by including a default section to provide +a default value: then if the environment lookup fails the default value +will be used instead. For this to work properly the default value must +be defined earlier in the configuration file than the expansion. See +the EXAMPLES section for an example of how to do this.

    +

    If the same variable exists in the same section then all but the last +value will be silently ignored. In certain circumstances such as with +DNs the same field may occur multiple times. This is usually worked +around by ignoring any characters before an initial . e.g.

    +
    + 1.OU="My first OU"
+ 2.OU="My Second OU"
    +

    +

    +
    +

    EXAMPLES

    +

    Here is a sample configuration file using some of the features +mentioned above.

    +
    + # This is the default section.
    +
    + HOME=/temp
+ configdir=$ENV::HOME/config
    +
    + [ section_one ]
    +
    + # We are now in section one.
    +
    + # Quotes permit leading and trailing whitespace
+ any = " any variable name "
    +
    + other = A string that can \
+ cover several lines \
+ by including \\ characters
    +
    + message = Hello World\n
    +
    + [ section_two ]
    +
    + greeting = $section_one::message
    +

    This next example shows how to expand environment variables safely.

    +

    Suppose you want a variable called tmpfile to refer to a +temporary filename. The directory it is placed in can determined by +the TEMP or TMP environment variables but they may not be +set to any value at all. If you just include the environment variable +names and the variable doesn't exist then this will cause an error when +an attempt is made to load the configuration file. By making use of the +default section both values can be looked up with TEMP taking +priority and /tmp used if neither is defined:

    +
    + TMP=/tmp
+ # The above value is used if TMP isn't in the environment
+ TEMP=$ENV::TMP
+ # The above value is used if TEMP isn't in the environment
+ tmpfile=${ENV::TEMP}/tmp.filename
    +

    Simple OpenSSL library configuration example to enter FIPS mode:

    +
    + # Default appname: should match "appname" parameter (if any)
+ # supplied to CONF_modules_load_file et al.
+ openssl_conf = openssl_conf_section
    +
    + [openssl_conf_section]
+ # Configuration module list
+ alg_section = evp_sect
    +
    + [evp_sect]
+ # Set to "yes" to enter FIPS mode if supported
+ fips_mode = yes
    +

    Note: in the above example you will get an error in non FIPS capable versions +of OpenSSL.

    +

    Simple OpenSSL library configuration to make TLS 1.3 the system-default +minimum TLS version:

    +
    + # Toplevel section for openssl (including libssl)
+ openssl_conf = default_conf_section
    +
    + [default_conf_section]
+ # We only specify configuration for the "ssl module"
+ ssl_conf = ssl_section
    +
    + [ssl_section]
+ system_default = system_default_section
    +
    + [system_default_section]
+ MinProtocol = TLSv1.3
    +

    More complex OpenSSL library configuration. Add OID and don't enter FIPS mode:

    +
    + # Default appname: should match "appname" parameter (if any)
+ # supplied to CONF_modules_load_file et al.
+ openssl_conf = openssl_conf_section
    +
    + [openssl_conf_section]
+ # Configuration module list
+ alg_section = evp_sect
+ oid_section = new_oids
    +
    + [evp_sect]
+ # This will have no effect as FIPS mode is off by default.
+ # Set to "yes" to enter FIPS mode, if supported
+ fips_mode = no
    +
    + [new_oids]
+ # New OID, just short name
+ newoid1 = 1.2.3.4.1
+ # New OID shortname and long name
+ newoid2 = New OID 2 long name, 1.2.3.4.2
    +

    The above examples can be used with any application supporting library +configuration if "openssl_conf" is modified to match the appropriate "appname".

    +

    For example if the second sample file above is saved to "example.cnf" then +the command line:

    +
    + OPENSSL_CONF=example.cnf openssl asn1parse -genstr OID:1.2.3.4.1
    +

    will output:

    +
    +    0:d=0  hl=2 l=   4 prim: OBJECT            :newoid1
    +

    showing that the OID "newoid1" has been added as "1.2.3.4.1".

    +

    +

    +
    +

    ENVIRONMENT

    +
    +
    OPENSSL_CONF
    + +
    +

    The path to the config file. +Ignored in set-user-ID and set-group-ID programs.

    +
    +
    OPENSSL_ENGINES
    + +
    +

    The path to the engines directory. +Ignored in set-user-ID and set-group-ID programs.

    +
    +
    OPENSSL_MODULES
    + +
    +

    The path to the directory with OpenSSL modules, such as providers. +Ignored in set-user-ID and set-group-ID programs.

    +
    +
    OPENSSL_CONF_INCLUDE
    + +
    +

    The optional path to prepend to all .include paths.

    +
    +
    +

    +

    +
    +

    BUGS

    +

    Currently there is no way to include characters using the octal \nnn +form. Strings are all null terminated so nulls cannot form part of +the value.

    +

    The escaping isn't quite right: if you want to use sequences like \n +you can't use any quote escaping on the same line.

    +

    Files are loaded in a single pass. This means that an variable expansion +will only work if the variables referenced are defined earlier in the +file.

    +

    +

    +
    +

    HISTORY

    +

    An undocumented API, NCONF_WIN32(), used a slightly different set +of parsing rules there were intended to be tailored to +the Microsoft Windows platform. +Specifically, the backslash character was not an escape character and +could be used in pathnames, only the double-quote character was recognized, +and comments began with a semi-colon. +This function was deprecated in OpenSSL 3.0; applications with +configuration files using that syntax will have to be modified.

    +

    +

    +
    +

    SEE ALSO

    +

    openssl-x509(1), openssl-req(1), openssl-ca(1), fips_config(5)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man5/fips_config.html b/linux_amd64/ssl/share/doc/openssl/html/man5/fips_config.html new file mode 100755 index 0000000..d4b5b38 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man5/fips_config.html @@ -0,0 +1,101 @@ + + + + +fips_config + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    fips_config - OpenSSL FIPS configuration

    +

    +

    +
    +

    DESCRIPTION

    +

    A separate configuration file containing data related to FIPS 'self tests' is +written to during installation time. +This data is used for 2 purposes when the fips module is loaded:

    +
    +
    - Verify the module's checksum each time the fips module loads.
    + +
    - Run the startup FIPS self test KATS (known answer tests). +This only needs to be run once during installation.
    + +
    +

    The supported options are:

    +
    +
    module-checksum
    + +
    +

    The calculated MAC of the module file

    +
    +
    install-version
    + +
    +

    A version number for the fips install process. Should be 1.

    +
    +
    install-status
    + +
    +

    The install status indicator description that will be verified. +If this field is not present the FIPS self tests will run when the fips module +loads. +This value should only be written to after the FIPS module has +successfully passed its self tests during installation.

    +
    +
    install-checksum
    + +
    +

    The calculated MAC of the install status indicator. +It is initially empty and is written to at the same time as the install_status.

    +
    +
    +

    For example:

    +
    + [fips_install]
    +
    + install-version = 1
+ module-checksum = 41:D0:FA:C2:5D:41:75:CD:7D:C3:90:55:6F:A4:DC
+ install-checksum = FE:10:13:5A:D3:B4:C7:82:1B:1E:17:4C:AC:84:0C
+ install-status = INSTALL_SELF_TEST_KATS_RUN
    +

    +

    +
    +

    SEE ALSO

    +

    config(5)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man5/x509v3_config.html b/linux_amd64/ssl/share/doc/openssl/html/man5/x509v3_config.html new file mode 100755 index 0000000..4109003 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man5/x509v3_config.html @@ -0,0 +1,528 @@ + + + + +x509v3_config + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    x509v3_config - X509 V3 certificate extension configuration format

    +

    +

    +
    +

    DESCRIPTION

    +

    Several of the OpenSSL utilities can add extensions to a certificate or +certificate request based on the contents of a configuration file.

    +

    Typically the application will contain an option to point to an extension +section. Each line of the extension section takes the form:

    +
    + extension_name=[critical,] extension_options
    +

    If critical is present then the extension will be critical.

    +

    The format of extension_options depends on the value of extension_name.

    +

    There are four main types of extension: string extensions, multi-valued +extensions, raw and arbitrary extensions.

    +

    String extensions simply have a string which contains either the value itself +or how it is obtained.

    +

    For example:

    +
    + nsComment="This is a Comment"
    +

    Multi-valued extensions have a short form and a long form. The short form +is a list of names and values:

    +
    + basicConstraints=critical,CA:true,pathlen:1
    +

    The long form allows the values to be placed in a separate section:

    +
    + basicConstraints=critical,@bs_section
    +
    + [bs_section]
    +
    + CA=true
+ pathlen=1
    +

    Both forms are equivalent.

    +

    The syntax of raw extensions is governed by the extension code: it can +for example contain data in multiple sections. The correct syntax to +use is defined by the extension code itself: check out the certificate +policies extension for an example.

    +

    If an extension type is unsupported then the arbitrary extension syntax +must be used, see the ARBITRARY EXTENSIONS section for more details.

    +

    +

    +
    +

    STANDARD EXTENSIONS

    +

    The following sections describe each supported extension in detail.

    +

    +

    +

    Basic Constraints

    +

    This is a multi valued extension which indicates whether a certificate is +a CA certificate. The first (mandatory) name is CA followed by TRUE or +FALSE. If CA is TRUE then an optional pathlen name followed by a +non-negative value can be included.

    +

    For example:

    +
    + basicConstraints=CA:TRUE
    +
    + basicConstraints=CA:FALSE
    +
    + basicConstraints=critical,CA:TRUE, pathlen:0
    +

    A CA certificate must include the basicConstraints value with the CA field +set to TRUE. An end user certificate must either set CA to FALSE or exclude the +extension entirely. Some software may require the inclusion of basicConstraints +with CA set to FALSE for end entity certificates.

    +

    The pathlen parameter indicates the maximum number of CAs that can appear +below this one in a chain. So if you have a CA with a pathlen of zero it can +only be used to sign end user certificates and not further CAs.

    +

    +

    +

    Key Usage

    +

    Key usage is a multi valued extension consisting of a list of names of the +permitted key usages.

    +

    The supported names are: digitalSignature, nonRepudiation, keyEncipherment, +dataEncipherment, keyAgreement, keyCertSign, cRLSign, encipherOnly +and decipherOnly.

    +

    Examples:

    +
    + keyUsage=digitalSignature, nonRepudiation
    +
    + keyUsage=critical, keyCertSign
    +

    +

    +

    Extended Key Usage

    +

    This extensions consists of a list of usages indicating purposes for which +the certificate public key can be used for,

    +

    These can either be object short names or the dotted numerical form of OIDs. +While any OID can be used only certain values make sense. In particular the +following PKIX, NS and MS values are meaningful:

    +
    + Value                  Meaning
+ -----                  -------
+ serverAuth             SSL/TLS Web Server Authentication.
+ clientAuth             SSL/TLS Web Client Authentication.
+ codeSigning            Code signing.
+ emailProtection        E-mail Protection (S/MIME).
+ timeStamping           Trusted Timestamping
+ OCSPSigning            OCSP Signing
+ ipsecIKE               ipsec Internet Key Exchange
+ msCodeInd              Microsoft Individual Code Signing (authenticode)
+ msCodeCom              Microsoft Commercial Code Signing (authenticode)
+ msCTLSign              Microsoft Trust List Signing
+ msEFS                  Microsoft Encrypted File System
    +

    Examples:

    +
    + extendedKeyUsage=critical,codeSigning,1.2.3.4
+ extendedKeyUsage=serverAuth,clientAuth
    +

    +

    +

    Subject Key Identifier

    +

    This is really a string extension and can take two possible values. Either +the word hash which will automatically follow the guidelines in RFC3280 +or a hex string giving the extension value to include. The use of the hex +string is strongly discouraged.

    +

    Example:

    +
    + subjectKeyIdentifier=hash
    +

    +

    +

    Authority Key Identifier

    +

    The authority key identifier extension permits two options. keyid and issuer: +both can take the optional value "always".

    +

    If the keyid option is present an attempt is made to copy the subject key +identifier from the parent certificate. If the value "always" is present +then an error is returned if the option fails.

    +

    The issuer option copies the issuer and serial number from the issuer +certificate. This will only be done if the keyid option fails or +is not included unless the "always" flag will always include the value.

    +

    Example:

    +
    + authorityKeyIdentifier=keyid,issuer
    +

    +

    +

    Subject Alternative Name

    +

    The subject alternative name extension allows various literal values to be +included in the configuration file. These include email (an email address) +URI a uniform resource indicator, DNS (a DNS domain name), RID (a +registered ID: OBJECT IDENTIFIER), IP (an IP address), dirName +(a distinguished name) and otherName.

    +

    The email option include a special 'copy' value. This will automatically +include any email addresses contained in the certificate subject name in +the extension.

    +

    The IP address used in the IP options can be in either IPv4 or IPv6 format.

    +

    The value of dirName should point to a section containing the distinguished +name to use as a set of name value pairs. Multi values AVAs can be formed by +prefacing the name with a + character.

    +

    otherName can include arbitrary data associated with an OID: the value +should be the OID followed by a semicolon and the content in standard +ASN1_generate_nconf(3) format.

    +

    Examples:

    +
    + subjectAltName=email:copy,email:my@other.address,URI:http://my.url.here/
+ subjectAltName=IP:192.168.7.1
+ subjectAltName=IP:13::17
+ subjectAltName=email:my@other.address,RID:1.2.3.4
+ subjectAltName=otherName:1.2.3.4;UTF8:some other identifier
    +
    + subjectAltName=dirName:dir_sect
    +
    + [dir_sect]
+ C=UK
+ O=My Organization
+ OU=My Unit
+ CN=My Name
    +

    +

    +

    Issuer Alternative Name

    +

    The issuer alternative name option supports all the literal options of +subject alternative name. It does not support the email:copy option because +that would not make sense. It does support an additional issuer:copy option +that will copy all the subject alternative name values from the issuer +certificate (if possible).

    +

    Example:

    +
    + issuerAltName = issuer:copy
    +

    +

    +

    Authority Info Access

    +

    The authority information access extension gives details about how to access +certain information relating to the CA. Its syntax is accessOID;location +where location has the same syntax as subject alternative name (except +that email:copy is not supported). accessOID can be any valid OID but only +certain values are meaningful, for example OCSP and caIssuers.

    +

    Example:

    +
    + authorityInfoAccess = OCSP;URI:http://ocsp.my.host/
+ authorityInfoAccess = caIssuers;URI:http://my.ca/ca.html
    +

    +

    +

    CRL distribution points

    +

    This is a multi-valued extension whose options can be either in name:value pair +using the same form as subject alternative name or a single value representing +a section name containing all the distribution point fields.

    +

    For a name:value pair a new DistributionPoint with the fullName field set to +the given value both the cRLissuer and reasons fields are omitted in this case.

    +

    In the single option case the section indicated contains values for each +field. In this section:

    +

    If the name is "fullname" the value field should contain the full name +of the distribution point in the same format as subject alternative name.

    +

    If the name is "relativename" then the value field should contain a section +name whose contents represent a DN fragment to be placed in this field.

    +

    The name "CRLIssuer" if present should contain a value for this field in +subject alternative name format.

    +

    If the name is "reasons" the value field should consist of a comma +separated field containing the reasons. Valid reasons are: "keyCompromise", +"CACompromise", "affiliationChanged", "superseded", "cessationOfOperation", +"certificateHold", "privilegeWithdrawn" and "AACompromise".

    +

    Simple examples:

    +
    + crlDistributionPoints=URI:http://myhost.com/myca.crl
+ crlDistributionPoints=URI:http://my.com/my.crl,URI:http://oth.com/my.crl
    +

    Full distribution point example:

    +
    + crlDistributionPoints=crldp1_section
    +
    + [crldp1_section]
    +
    + fullname=URI:http://myhost.com/myca.crl
+ CRLissuer=dirName:issuer_sect
+ reasons=keyCompromise, CACompromise
    +
    + [issuer_sect]
+ C=UK
+ O=Organisation
+ CN=Some Name
    +

    +

    +

    Issuing Distribution Point

    +

    This extension should only appear in CRLs. It is a multi valued extension +whose syntax is similar to the "section" pointed to by the CRL distribution +points extension with a few differences.

    +

    The names "reasons" and "CRLissuer" are not recognized.

    +

    The name "onlysomereasons" is accepted which sets this field. The value is +in the same format as the CRL distribution point "reasons" field.

    +

    The names "onlyuser", "onlyCA", "onlyAA" and "indirectCRL" are also accepted +the values should be a boolean value (TRUE or FALSE) to indicate the value of +the corresponding field.

    +

    Example:

    +
    + issuingDistributionPoint=critical, @idp_section
    +
    + [idp_section]
    +
    + fullname=URI:http://myhost.com/myca.crl
+ indirectCRL=TRUE
+ onlysomereasons=keyCompromise, CACompromise
    +
    + [issuer_sect]
+ C=UK
+ O=Organisation
+ CN=Some Name
    +

    +

    +

    Certificate Policies

    +

    This is a raw extension. All the fields of this extension can be set by +using the appropriate syntax.

    +

    If you follow the PKIX recommendations and just using one OID then you just +include the value of that OID. Multiple OIDs can be set separated by commas, +for example:

    +
    + certificatePolicies= 1.2.4.5, 1.1.3.4
    +

    If you wish to include qualifiers then the policy OID and qualifiers need to +be specified in a separate section: this is done by using the @section syntax +instead of a literal OID value.

    +

    The section referred to must include the policy OID using the name +policyIdentifier, cPSuri qualifiers can be included using the syntax:

    +
    + CPS.nnn=value
    +

    userNotice qualifiers can be set using the syntax:

    +
    + userNotice.nnn=@notice
    +

    The value of the userNotice qualifier is specified in the relevant section. +This section can include explicitText, organization and noticeNumbers +options. explicitText and organization are text strings, noticeNumbers is a +comma separated list of numbers. The organization and noticeNumbers options +(if included) must BOTH be present. If you use the userNotice option with IE5 +then you need the 'ia5org' option at the top level to modify the encoding: +otherwise it will not be interpreted properly.

    +

    Example:

    +
    + certificatePolicies=ia5org,1.2.3.4,1.5.6.7.8,@polsect
    +
    + [polsect]
    +
    + policyIdentifier = 1.3.5.8
+ CPS.1="http://my.host.name/";
+ CPS.2="http://my.your.name/";
+ userNotice.1=@notice
    +
    + [notice]
    +
    + explicitText="Explicit Text Here"
+ organization="Organisation Name"
+ noticeNumbers=1,2,3,4
    +

    The ia5org option changes the type of the organization field. In RFC2459 +it can only be of type DisplayText. In RFC3280 IA5String is also permissible. +Some software (for example some versions of MSIE) may require ia5org.

    +

    ASN1 type of explicitText can be specified by prepending UTF8, +BMP or VISIBLE prefix followed by colon. For example:

    +
    + [notice]
+ explicitText="UTF8:Explicit Text Here"
    +

    +

    +

    Policy Constraints

    +

    This is a multi-valued extension which consisting of the names +requireExplicitPolicy or inhibitPolicyMapping and a non negative integer +value. At least one component must be present.

    +

    Example:

    +
    + policyConstraints = requireExplicitPolicy:3
    +

    +

    +

    Inhibit Any Policy

    +

    This is a string extension whose value must be a non negative integer.

    +

    Example:

    +
    + inhibitAnyPolicy = 2
    +

    +

    +

    Name Constraints

    +

    The name constraints extension is a multi-valued extension. The name should +begin with the word permitted or excluded followed by a ;. The rest of +the name and the value follows the syntax of subjectAltName except email:copy +is not supported and the IP form should consist of an IP addresses and +subnet mask separated by a /.

    +

    Examples:

    +
    + nameConstraints=permitted;IP:192.168.0.0/255.255.0.0
    +
    + nameConstraints=permitted;email:.somedomain.com
    +
    + nameConstraints=excluded;email:.com
    +

    +

    +

    OCSP No Check

    +

    The OCSP No Check extension is a string extension but its value is ignored.

    +

    Example:

    +
    + noCheck = ignored
    +

    +

    +

    TLS Feature (aka Must Staple)

    +

    This is a multi-valued extension consisting of a list of TLS extension +identifiers. Each identifier may be a number (0..65535) or a supported name. +When a TLS client sends a listed extension, the TLS server is expected to +include that extension in its reply.

    +

    The supported names are: status_request and status_request_v2.

    +

    Example:

    +
    + tlsfeature = status_request
    +

    +

    +
    +

    DEPRECATED EXTENSIONS

    +

    The following extensions are non standard, Netscape specific and largely +obsolete. Their use in new applications is discouraged.

    +

    +

    +

    Netscape String extensions

    +

    Netscape Comment (nsComment) is a string extension containing a comment +which will be displayed when the certificate is viewed in some browsers.

    +

    Example:

    +
    + nsComment = "Some Random Comment"
    +

    Other supported extensions in this category are: nsBaseUrl, +nsRevocationUrl, nsCaRevocationUrl, nsRenewalUrl, nsCaPolicyUrl +and nsSslServerName.

    +

    +

    +

    Netscape Certificate Type

    +

    This is a multi-valued extensions which consists of a list of flags to be +included. It was used to indicate the purposes for which a certificate could +be used. The basicConstraints, keyUsage and extended key usage extensions are +now used instead.

    +

    Acceptable values for nsCertType are: client, server, email, +objsign, reserved, sslCA, emailCA, objCA.

    +

    +

    +
    +

    ARBITRARY EXTENSIONS

    +

    If an extension is not supported by the OpenSSL code then it must be encoded +using the arbitrary extension format. It is also possible to use the arbitrary +format for supported extensions. Extreme care should be taken to ensure that +the data is formatted correctly for the given extension type.

    +

    There are two ways to encode arbitrary extensions.

    +

    The first way is to use the word ASN1 followed by the extension content +using the same syntax as ASN1_generate_nconf(3). +For example:

    +
    + 1.2.3.4=critical,ASN1:UTF8String:Some random data
    +
    + 1.2.3.4=ASN1:SEQUENCE:seq_sect
    +
    + [seq_sect]
    +
    + field1 = UTF8:field1
+ field2 = UTF8:field2
    +

    It is also possible to use the word DER to include the raw encoded data in any +extension.

    +
    + 1.2.3.4=critical,DER:01:02:03:04
+ 1.2.3.4=DER:01020304
    +

    The value following DER is a hex dump of the DER encoding of the extension +Any extension can be placed in this form to override the default behaviour. +For example:

    +
    + basicConstraints=critical,DER:00:01:02:03
    +

    +

    +
    +

    WARNINGS

    +

    There is no guarantee that a specific implementation will process a given +extension. It may therefore be sometimes possible to use certificates for +purposes prohibited by their extensions because a specific application does +not recognize or honour the values of the relevant extensions.

    +

    The DER and ASN1 options should be used with caution. It is possible to create +totally invalid extensions if they are not used carefully.

    +

    +

    +
    +

    NOTES

    +

    If an extension is multi-value and a field value must contain a comma the long +form must be used otherwise the comma would be misinterpreted as a field +separator. For example:

    +
    + subjectAltName=URI:ldap://somehost.com/CN=foo,OU=bar
    +

    will produce an error but the equivalent form:

    +
    + subjectAltName=@subject_alt_section
    +
    + [subject_alt_section]
+ subjectAltName=URI:ldap://somehost.com/CN=foo,OU=bar
    +

    is valid.

    +

    Due to the behaviour of the OpenSSL conf library the same field name +can only occur once in a section. This means that:

    +
    + subjectAltName=@alt_section
    +
    + [alt_section]
    +
    + email=steve@here
+ email=steve@there
    +

    will only recognize the last value. This can be worked around by using the form:

    +
    + [alt_section]
    +
    + email.1=steve@here
+ email.2=steve@there
    +

    +

    +
    +

    SEE ALSO

    +

    openssl-req(1), openssl-ca(1), openssl-x509(1), +ASN1_generate_nconf(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man7/EVP_KDF-HKDF.html b/linux_amd64/ssl/share/doc/openssl/html/man7/EVP_KDF-HKDF.html new file mode 100755 index 0000000..773c6d7 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man7/EVP_KDF-HKDF.html @@ -0,0 +1,195 @@ + + + + +EVP_KDF-HKDF + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_KDF-HKDF - The HKDF EVP_KDF implementation

    +

    +

    +
    +

    DESCRIPTION

    +

    Support for computing the HKDF KDF through the EVP_KDF API.

    +

    The EVP_KDF-HKDF algorithm implements the HKDF key derivation function. +HKDF follows the "extract-then-expand" paradigm, where the KDF logically +consists of two modules. The first stage takes the input keying material +and "extracts" from it a fixed-length pseudorandom key K. The second stage +"expands" the key K into several additional pseudorandom keys (the output +of the KDF).

    +

    +

    +

    Identity

    +

    "HKDF" is the name for this implementation; it +can be used with the EVP_KDF_fetch() function.

    +

    +

    +

    Supported parameters

    +

    The supported parameters are:

    +
    +
    "properties" (OSSL_KDF_PARAM_PROPERTIES) <UTF8 string>
    + +
    "digest" (OSSL_KDF_PARAM_DIGEST) <UTF8 string>
    + +
    "key" (OSSL_KDF_PARAM_KEY) <octet string>
    + +
    "salt" (OSSL_KDF_PARAM_SALT) <octet string>
    + +
    +

    These parameters work as described in EVP_KDF(3)/PARAMETERS.

    +
    +
    "info" (OSSL_KDF_PARAM_INFO) <octet string>
    + +
    +

    This parameter sets the info value. +The length of the context info buffer cannot exceed 1024 bytes; +this should be more than enough for any normal use of HKDF.

    +
    +
    "mode" (OSSL_KDF_PARAM_MODE) <UTF8 string> or <integer>
    + +
    +

    This parameter sets the mode for the HKDF operation. +There are three modes that are currently defined:

    +
    +
    EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND "EXTRACT_AND_EXPAND"
    + +
    +

    This is the default mode. Calling EVP_KDF_derive(3) on an EVP_KDF_CTX set +up for HKDF will perform an extract followed by an expand operation in one go. +The derived key returned will be the result after the expand operation. The +intermediate fixed-length pseudorandom key K is not returned.

    +

    In this mode the digest, key, salt and info values must be set before a key is +derived otherwise an error will occur.

    +
    +
    EVP_KDF_HKDF_MODE_EXTRACT_ONLY "EXTRACT_ONLY"
    + +
    +

    In this mode calling EVP_KDF_derive(3) will just perform the extract +operation. The value returned will be the intermediate fixed-length pseudorandom +key K. The keylen parameter must match the size of K, which can be looked +up by calling EVP_KDF_size() after setting the mode and digest.

    +

    The digest, key and salt values must be set before a key is derived otherwise +an error will occur.

    +
    +
    EVP_KDF_HKDF_MODE_EXPAND_ONLY "EXPAND_ONLY"
    + +
    +

    In this mode calling EVP_KDF_derive(3) will just perform the expand +operation. The input key should be set to the intermediate fixed-length +pseudorandom key K returned from a previous extract operation.

    +

    The digest, key and info values must be set before a key is derived otherwise +an error will occur.

    +
    +
    +
    +
    +

    +

    +
    +

    NOTES

    +

    A context for HKDF can be obtained by calling:

    +
    + EVP_KDF *kdf = EVP_KDF_fetch(NULL, "HKDF", NULL);
+ EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
    +

    The output length of an HKDF expand operation is specified via the keylen +parameter to the EVP_KDF_derive(3) function. When using +EVP_KDF_HKDF_MODE_EXTRACT_ONLY the keylen parameter must equal the size of +the intermediate fixed-length pseudorandom key otherwise an error will occur. +For that mode, the fixed output size can be looked up by calling EVP_KDF_size() +after setting the mode and digest on the EVP_KDF_CTX.

    +

    +

    +
    +

    EXAMPLES

    +

    This example derives 10 bytes using SHA-256 with the secret key "secret", +salt value "salt" and info value "label":

    +
    + EVP_KDF *kdf;
+ EVP_KDF_CTX *kctx;
+ unsigned char out[10];
+ OSSL_PARAM params[5], *p = params;
    +
    + kdf = EVP_KDF_fetch(NULL, "HKDF", NULL);
+ kctx = EVP_KDF_CTX_new(kdf);
+ EVP_KDF_free(kdf);
    +
    + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
+                                         SN_sha256, strlen(SN_sha256));
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
+                                          "secret", (size_t)6);
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
+                                          "label", (size_t)5);
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
+                                          "salt", (size_t)4);
+ *p = OSSL_PARAM_construct_end();
+ if (EVP_KDF_CTX_set_params(kctx, params) <= 0) {
+     error("EVP_KDF_CTX_set_params");
+ }
+ if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) {
+     error("EVP_KDF_derive");
+ }
    +
    + EVP_KDF_CTX_free(kctx);
    +

    +

    +
    +

    CONFORMING TO

    +

    RFC 5869

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_KDF(3), +EVP_KDF_CTX_new(3), +EVP_KDF_CTX_free(3), +EVP_KDF_size(3), +EVP_KDF_CTX_set_params(3), +EVP_KDF_derive(3), +EVP_KDF(3)/PARAMETERS

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man7/EVP_KDF-KB.html b/linux_amd64/ssl/share/doc/openssl/html/man7/EVP_KDF-KB.html new file mode 100755 index 0000000..e2f261e --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man7/EVP_KDF-KB.html @@ -0,0 +1,196 @@ + + + + +EVP_KDF-KB + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_KDF-KB - The Key-Based EVP_KDF implementation

    +

    +

    +
    +

    DESCRIPTION

    +

    The EVP_KDF-KB algorithm implements the Key-Based key derivation function +(KBKDF). KBKDF derives a key from repeated application of a keyed MAC to an +input secret (and other optional values).

    +

    +

    +

    Identity

    +

    "KBKDF" is the name for this implementation; it can be used with the +EVP_KDF_fetch() function.

    +

    +

    +

    Supported parameters

    +

    The supported parameters are:

    +
    +
    "properties" (OSSL_KDF_PARAM_PROPERTIES) <UTF8 string>
    + +
    "mode" (OSSL_KDF_PARAM_MODE) <UTF8 string>
    + +
    "mac" (OSSL_KDF_PARAM_MAC) <UTF8 string>
    + +
    "digest" (OSSL_KDF_PARAM_DIGEST) <UTF8 string>
    + +
    "cipher" (OSSL_KDF_PARAM_DIGEST) <UTF8 string>
    + +
    "key" (OSSL_KDF_PARAM_KEY) <octet string>
    + +
    "salt" (OSSL_KDF_PARAM_SALT) <octet string>
    + +
    "info (OSSL_KDF_PARAM_INFO) <octet string>
    + +
    "seed" (OSSL_KDF_PARAM_SEED) <octet string>
    + +
    +

    The mode parameter determines which flavor of KBKDF to use - currently the +choices are "counter" and "feedback". Counter is the default, and will be +used if unspecified. The seed parameter is unused in counter mode.

    +

    The parameters key, salt, info, and seed correspond to KI, Label, Context, and +IV (respectively) in SP800-108. As in that document, salt, info, and seed are +optional and may be omitted.

    +

    Depending on whether mac is CMAC or HMAC, either digest or cipher is required +(respectively) and the other is unused.

    +

    +

    +
    +

    NOTES

    +

    A context for KBKDF can be obtained by calling:

    +
    + EVP_KDF *kdf = EVP_KDF_fetch(NULL, "KBKDF", NULL);
+ EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
    +

    The output length of an KBKDF is specified via the keylen +parameter to the EVP_KDF_derive(3) function.

    +

    Note that currently OpenSSL only implements counter and feedback modes. Other +variants may be supported in the future.

    +

    +

    +
    +

    EXAMPLES

    +

    This example derives 10 bytes using COUNTER-HMAC-SHA256, with KI "secret", +Label "label", and Context "context".

    +
    + EVP_KDF *kdf;
+ EVP_KDF_CTX *kctx;
+ unsigned char out[10];
+ OSSL_PARAM params[6], *p = params;
    +
    + kdf = EVP_KDF_fetch(NULL, "KBKDF", NULL);
+ kctx = EVP_KDF_CTX_new(kdf);
+ EVP_KDF_free(kdf);
    +
    + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
+                                         "SHA2-256", 0);
+ *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC,
+                                         "HMAC", 0);
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
+                                          "secret", strlen("secret"))
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
+                                          "label", strlen("label"));
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
+                                          "context", strlen("context"));
+ *p = OSSL_PARAM_construct_end();
+ if (EVP_KDF_CTX_set_params(kctx, params) <= 0)
+     error("EVP_KDF_CTX_set_params");
+ else if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0)
+     error("EVP_KDF_derive");
    +
    + EVP_KDF_CTX_free(kctx);
    +

    This example derives 10 bytes using FEEDBACK-CMAC-AES256, with KI "secret", +Label "label", and IV "sixteen bytes iv".

    +
    + EVP_KDF *kdf;
+ EVP_KDF_CTX *kctx;
+ unsigned char out[10];
+ OSSL_PARAM params[8], *p = params;
+ unsigned char *iv = "sixteen bytes iv";
    +
    + kdf = EVP_KDF_fetch(NULL, "KBKDF", NULL);
+ kctx = EVP_KDF_CTX_new(kdf);
+ EVP_KDF_free(kdf);
    +
    + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CIPHER, "AES256", 0);
+ *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC, "CMAC", 0);
+ *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MODE, "FEEDBACK", 0);
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
+                                          "secret", strlen("secret"));
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
+                                          "label", strlen("label"));
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
+                                          "context", strlen("context"));
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED,
+                                          iv, strlen(iv));
+ *p = OSSL_PARAM_construct_end();
+ if (EVP_KDF_CTX_set_params(kctx, params) <= 0)
+     error("EVP_KDF_CTX_set_params");
+ else if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0)
+     error("EVP_KDF_derive");
    +
    + EVP_KDF_CTX_free(kctx);
    +

    +

    +
    +

    CONFORMING TO

    +

    NIST SP800-108, IETF RFC 6803, IETF RFC 8009.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_KDF(3), +EVP_KDF_CTX_free(3), +EVP_KDF_size(3), +EVP_KDF_derive(3), +EVP_KDF(3)/PARAMETERS

    +

    +

    +
    +

    HISTORY

    +

    This functionality was added to OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019 Red Hat, Inc.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man7/EVP_KDF-KRB5KDF.html b/linux_amd64/ssl/share/doc/openssl/html/man7/EVP_KDF-KRB5KDF.html new file mode 100755 index 0000000..9c35d00 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man7/EVP_KDF-KRB5KDF.html @@ -0,0 +1,162 @@ + + + + +EVP_KDF-KRB5KDF + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_KDF-KRB5KDF - The RFC3961 Krb5 KDF EVP_KDF implementation

    +

    +

    +
    +

    DESCRIPTION

    +

    Support for computing the KRB5KDF KDF through the EVP_KDF API.

    +

    The EVP_KDF-KRB5KDF algorithm implements the key derivation function defined +in RFC 3961, section 5.1 and is used by Krb5 to derive session keys. +Three inputs are required to perform key derivation: a cipher, (for example +AES-128-CBC), the initial key, and a constant.

    +

    +

    +

    Identity

    +

    "KRB5KDF" is the name for this implementation; +it can be used with the EVP_KDF_fetch() function.

    +

    +

    +

    Supported parameters

    +

    The supported parameters are:

    +
    +
    "properties" (OSSL_KDF_PARAM_PROPERTIES) <UTF8 string>
    + +
    "cipher" (OSSL_KDF_PARAM_CIPHER) <UTF8 string>
    + +
    "key" (OSSL_KDF_PARAM_KEY) <octet string>
    + +
    +

    These parameters work as described in EVP_KDF(3)/PARAMETERS.

    +
    +
    "constant" (OSSL_KDF_PARAM_CONSTANT) <octet string>
    + +
    +

    This parameter sets the constant value for the KDF. +If a value is already set, the contents are replaced.

    +
    +
    +

    +

    +
    +

    NOTES

    +

    A context for KRB5KDF can be obtained by calling:

    +
    + EVP_KDF *kdf = EVP_KDF_fetch(NULL, "KRB5KDF", NULL);
+ EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
    +

    The output length of the KRB5KDF derivation is specified via the keylen +parameter to the EVP_KDF_derive(3) function, and MUST match the key +length for the chosen cipher or an error is returned. Moreover the +constant's length must not exceed the block size of the cipher. +Since the KRB5KDF output length depends on the chosen cipher, calling +EVP_KDF_size(3) to obtain the requisite length returns the correct length +only after the cipher is set. Prior to that EVP_MAX_KEY_LENGTH is returned. +The caller must allocate a buffer of the correct length for the chosen +cipher, and pass that buffer to the EVP_KDF_derive(3) function along +with that length.

    +

    +

    +
    +

    EXAMPLES

    +

    This example derives a key using the AES-128-CBC cipher:

    +
    + EVP_KDF *kdf;
+ EVP_KDF_CTX *kctx;
+ unsigned char key[16] = "01234...";
+ unsigned char constant[] = "I'm a constant";
+ unsigned char out[16];
+ size_t outlen = sizeof(out);
+ OSSL_PARAM params[4], *p = params;
    +
    + kdf = EVP_KDF_fetch(NULL, "KRB5KDF", NULL);
+ kctx = EVP_KDF_CTX_new(kdf);
+ EVP_KDF_free(kdf);
    +
    + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CIPHER,
+                                         SN_aes_128_cbc,
+                                         strlen(SN_aes_128_cbc));
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
+                                          key, (size_t)16);
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_CONSTANT,
+                                          constant, strlen(constant));
+ *p = OSSL_PARAM_construct_end();
+ if (EVP_KDF_set_params(kctx, params) <= 0)
+     /* Error */
    +
    + if (EVP_KDF_derive(kctx, out, outlen) <= 0)
+     /* Error */
    +
    + EVP_KDF_CTX_free(kctx);
    +

    +

    +
    +

    CONFORMING TO

    +

    RFC 3961

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_KDF(3), +EVP_KDF_CTX_free(3), +EVP_KDF_ctrl(3), +EVP_KDF_size(3), +EVP_KDF_derive(3), +EVP_KDF(3)/PARAMETERS

    +

    +

    +
    +

    HISTORY

    +

    This functionality was added to OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man7/EVP_KDF-PBKDF2.html b/linux_amd64/ssl/share/doc/openssl/html/man7/EVP_KDF-PBKDF2.html new file mode 100755 index 0000000..48fe946 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man7/EVP_KDF-PBKDF2.html @@ -0,0 +1,141 @@ + + + + +EVP_KDF-PBKDF2 + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_KDF-PBKDF2 - The PBKDF2 EVP_KDF implementation

    +

    +

    +
    +

    DESCRIPTION

    +

    Support for computing the PBKDF2 password-based KDF through the EVP_KDF +API.

    +

    The EVP_KDF-PBKDF2 algorithm implements the PBKDF2 password-based key +derivation function, as described in SP800-132; it derives a key from a password +using a salt and iteration count.

    +

    +

    +

    Identity

    +

    "PBKDF2" is the name for this implementation; it +can be used with the EVP_KDF_fetch() function.

    +

    +

    +

    Supported parameters

    +

    The supported parameters are:

    +
    +
    "pass" (OSSL_KDF_PARAM_PASSWORD) <octet string>
    + +
    "salt" (OSSL_KDF_PARAM_SALT) <octet string>
    + +
    "iter" (OSSL_KDF_PARAM_ITER) <unsigned integer>
    + +
    +

    This parameter has a default value of 2048.

    +
    +
    "properties" (OSSL_KDF_PARAM_PROPERTIES) <UTF8 string>
    + +
    "digest" (OSSL_KDF_PARAM_DIGEST) <UTF8 string>
    + +
    +

    These parameters work as described in EVP_KDF(3)/PARAMETERS.

    +
    +
    "pkcs5" (OSSL_KDF_PARAM_PKCS5) <integer>
    + +
    +

    This parameter can be used to enable or disable SP800-132 compliance checks. +Setting the mode to 0 enables the compliance checks.

    +

    The checks performed are:

    +
    +
    - the iteration count is at least 1000.
    + +
    - the salt length is at least 128 bits.
    + +
    - the derived key length is at least 112 bits.
    + +
    +

    The default provider uses a default mode of 1 for backwards compatibility, +and the fips provider uses a default mode of 0.

    +

    The value string is expected to be a decimal number 0 or 1.

    +
    +
    +

    +

    +
    +

    NOTES

    +

    A typical application of this algorithm is to derive keying material for an +encryption algorithm from a password in the "pass", a salt in "salt", +and an iteration count.

    +

    Increasing the "iter" parameter slows down the algorithm which makes it +harder for an attacker to perform a brute force attack using a large number +of candidate passwords.

    +

    No assumption is made regarding the given password; it is simply treated as a +byte sequence.

    +

    +

    +
    +

    CONFORMING TO

    +

    SP800-132

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_KDF(3), +EVP_KDF_CTX_new(3), +EVP_KDF_CTX_free(3), +EVP_KDF_CTX_set_params(3), +EVP_KDF_derive(3), +EVP_KDF(3)/PARAMETERS

    +

    +

    +
    +

    HISTORY

    +

    This functionality was added to OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man7/EVP_KDF-SCRYPT.html b/linux_amd64/ssl/share/doc/openssl/html/man7/EVP_KDF-SCRYPT.html new file mode 100755 index 0000000..0121b07 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man7/EVP_KDF-SCRYPT.html @@ -0,0 +1,182 @@ + + + + +EVP_KDF-SCRYPT + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_KDF-SCRYPT - The scrypt EVP_KDF implementation

    +

    +

    +
    +

    DESCRIPTION

    +

    Support for computing the scrypt password-based KDF through the EVP_KDF +API.

    +

    The EVP_KDF-SCRYPT algorithm implements the scrypt password-based key +derivation function, as described in RFC 7914. It is memory-hard in the sense +that it deliberately requires a significant amount of RAM for efficient +computation. The intention of this is to render brute forcing of passwords on +systems that lack large amounts of main memory (such as GPUs or ASICs) +computationally infeasible.

    +

    scrypt provides three work factors that can be customized: N, r and p. N, which +has to be a positive power of two, is the general work factor and scales CPU +time in an approximately linear fashion. r is the block size of the internally +used hash function and p is the parallelization factor. Both r and p need to be +greater than zero. The amount of RAM that scrypt requires for its computation +is roughly (128 * N * r * p) bytes.

    +

    In the original paper of Colin Percival ("Stronger Key Derivation via +Sequential Memory-Hard Functions", 2009), the suggested values that give a +computation time of less than 5 seconds on a 2.5 GHz Intel Core 2 Duo are N = +2^20 = 1048576, r = 8, p = 1. Consequently, the required amount of memory for +this computation is roughly 1 GiB. On a more recent CPU (Intel i7-5930K at 3.5 +GHz), this computation takes about 3 seconds. When N, r or p are not specified, +they default to 1048576, 8, and 1, respectively. The maximum amount of RAM that +may be used by scrypt defaults to 1025 MiB.

    +

    +

    +

    Identity

    +

    "SCRYPT" is the name for this implementation; it +can be used with the EVP_KDF_fetch() function.

    +

    +

    +

    Supported parameters

    +

    The supported parameters are:

    +
    +
    "pass" (OSSL_KDF_PARAM_PASSWORD) <octet string>
    + +
    "salt" (OSSL_KDF_PARAM_SALT) <octet string>
    + +
    +

    These parameters work as described in EVP_KDF(3)/PARAMETERS.

    +
    +
    "n" (OSSL_KDF_PARAM_SCRYPT_N) <unsigned integer>
    + +
    "r" (OSSL_KDF_PARAM_SCRYPT_R) <unsigned integer>
    + +
    "p" (OSSL_KDF_PARAM_SCRYPT_P) <unsigned integer>
    + +
    +

    These parameters configure the scrypt work factors N, r and p. +N is a parameter of type uint64_t. +Both r and p are parameters of type uint32_t.

    +
    +
    +

    +

    +
    +

    NOTES

    +

    A context for scrypt can be obtained by calling:

    +
    + EVP_KDF *kdf = EVP_KDF_fetch(NULL, "SCRYPT", NULL);
+ EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
    +

    The output length of an scrypt key derivation is specified via the +"keylen" parameter to the EVP_KDF_derive(3) function.

    +

    +

    +
    +

    EXAMPLES

    +

    This example derives a 64-byte long test vector using scrypt with the password +"password", salt "NaCl" and N = 1024, r = 8, p = 16.

    +
    + EVP_KDF *kdf;
+ EVP_KDF_CTX *kctx;
+ unsigned char out[64];
+ OSSL_PARAM params[6], *p = params;
    +
    + kdf = EVP_KDF_fetch(NULL, "SCRYPT", NULL);
+ kctx = EVP_KDF_CTX_new(kdf);
+ EVP_KDF_free(kdf);
    +
    + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD,
+                                          "password", (size_t)8);
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
+                                          "NaCl", (size_t)4);
+ *p++ = OSSL_PARAM_construct_uint64(OSSL_KDF_PARAM_SCRYPT_N, (uint64_t)1024);
+ *p++ = OSSL_PARAM_construct_uint32(OSSL_KDF_PARAM_SCRYPT_R, (uint32_t)8);
+ *p++ = OSSL_PARAM_construct_uint32(OSSL_KDF_PARAM_SCRYPT_P, (uint32_t)16);
+ *p = OSSL_PARAM_construct_end();
+ if (EVP_KDF_CTX_set_params(kctx, params) <= 0) {
+     error("EVP_KDF_CTX_set_params");
+ }
+ if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) {
+     error("EVP_KDF_derive");
+ }
    +
    + {
+     const unsigned char expected[sizeof(out)] = {
+         0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00,
+         0x78, 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe,
+         0x7c, 0x6a, 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30,
+         0xe7, 0x73, 0x76, 0x63, 0x4b, 0x37, 0x31, 0x62,
+         0x2e, 0xaf, 0x30, 0xd9, 0x2e, 0x22, 0xa3, 0x88,
+         0x6f, 0xf1, 0x09, 0x27, 0x9d, 0x98, 0x30, 0xda,
+         0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d,
+         0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40
+     };
    +
    +     assert(!memcmp(out, expected, sizeof(out)));
+ }
    +
    + EVP_KDF_CTX_free(kctx);
    +

    +

    +
    +

    CONFORMING TO

    +

    RFC 7914

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_KDF(3), +EVP_KDF_CTX_new(3), +EVP_KDF_CTX_free(3), +EVP_KDF_CTX_set_params(3), +EVP_KDF_derive(3), +EVP_KDF(3)/PARAMETERS

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man7/EVP_KDF-SS.html b/linux_amd64/ssl/share/doc/openssl/html/man7/EVP_KDF-SS.html new file mode 100755 index 0000000..78db11d --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man7/EVP_KDF-SS.html @@ -0,0 +1,239 @@ + + + + +EVP_KDF-SS + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_KDF-SS - The Single Step / One Step EVP_KDF implementation

    +

    +

    +
    +

    DESCRIPTION

    +

    The EVP_KDF-SS algorithm implements the Single Step key derivation function (SSKDF). +SSKDF derives a key using input such as a shared secret key (that was generated +during the execution of a key establishment scheme) and fixedinfo. +SSKDF is also informally referred to as 'Concat KDF'.

    +

    +

    +

    Auxiliary function

    +

    The implementation uses a selectable auxiliary function H, which can be one of:

    +
    +
    H(x) = hash(x, digest=md)
    + +
    H(x) = HMAC_hash(x, key=salt, digest=md)
    + +
    H(x) = KMACxxx(x, key=salt, custom="KDF", outlen=mac_size)
    + +
    +

    Both the HMAC and KMAC implementations set the key using the 'salt' value. +The hash and HMAC also require the digest to be set.

    +

    +

    +

    Identity

    +

    "SSKDF" is the name for this implementation; it +can be used with the EVP_KDF_fetch() function.

    +

    +

    +

    Supported parameters

    +

    The supported parameters are:

    +
    +
    "properties" (OSSL_KDF_PARAM_PROPERTIES) <UTF8 string>
    + +
    "digest" (OSSL_KDF_PARAM_DIGEST) <UTF8 string>
    + +
    "mac" (OSSL_KDF_PARAM_MAC) <UTF8 string>
    + +
    "maclen" (OSSL_KDF_PARAM_MAC_SIZE) <unsigned integer>
    + +
    "salt" (OSSL_KDF_PARAM_SALT) <octet string>
    + +
    +

    These parameters work as described in EVP_KDF(3)/PARAMETERS.

    +
    +
    "key" (EVP_KDF_CTRL_SET_KEY) <octet string>
    + +
    +

    This parameter set the shared secret that is used for key derivation.

    +
    +
    "info" (OSSL_KDF_PARAM_INFO) <octet string>
    + +
    +

    This parameter sets an optional value for fixedinfo, also known as otherinfo.

    +
    +
    +

    +

    +
    +

    NOTES

    +

    A context for SSKDF can be obtained by calling:

    +
    + EVP_KDF *kdf = EVP_KDF_fetch(NULL, "SSKDF", NULL);
+ EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
    +

    The output length of an SSKDF is specified via the keylen +parameter to the EVP_KDF_derive(3) function.

    +

    +

    +
    +

    EXAMPLES

    +

    This example derives 10 bytes using H(x) = SHA-256, with the secret key "secret" +and fixedinfo value "label":

    +
    + EVP_KDF *kdf;
+ EVP_KDF_CTX *kctx;
+ unsigned char out[10];
+ OSSL_PARAM params[4], *p = params;
    +
    + kdf = EVP_KDF_fetch(NULL, "SSKDF", NULL);
+ kctx = EVP_KDF_CTX_new(kdf);
+ EVP_KDF_free(kdf);
    +
    + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
+                                         SN_sha256, strlen(SN_sha256));
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
+                                          "secret", (size_t)6);
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
+                                          "label", (size_t)5);
+ *p = OSSL_PARAM_construct_end();
+ if (EVP_KDF_CTX_set_params(kctx, params) <= 0) {
+     error("EVP_KDF_CTX_set_params");
+ }
+ if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) {
+     error("EVP_KDF_derive");
+ }
    +
    + EVP_KDF_CTX_free(kctx);
    +

    This example derives 10 bytes using H(x) = HMAC(SHA-256), with the secret key "secret", +fixedinfo value "label" and salt "salt":

    +
    + EVP_KDF *kdf;
+ EVP_KDF_CTX *kctx;
+ unsigned char out[10];
+ OSSL_PARAM params[6], *p = params;
    +
    + kdf = EVP_KDF_fetch(NULL, "SSKDF", NULL);
+ kctx = EVP_KDF_CTX_new(kdf);
+ EVP_KDF_free(kdf);
    +
    + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC,
+                                         SN_hmac, strlen(SN_hmac));
+ *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
+                                         SN_sha256, strlen(SN_sha256));
+ *p++ = OSSL_PARAM_construct_octet_string(EVP_KDF_CTRL_SET_KEY,
+                                          "secret", (size_t)6);
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
+                                          "label", (size_t)5);
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
+                                          "salt", (size_t)4);
+ *p = OSSL_PARAM_construct_end();
+ if (EVP_KDF_CTX_set_params(kctx, params) <= 0) {
+     error("EVP_KDF_CTX_set_params");
+ }
+ if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) {
+     error("EVP_KDF_derive");
+ }
    +
    + EVP_KDF_CTX_free(kctx);
    +

    This example derives 10 bytes using H(x) = KMAC128(x,salt,outlen), with the secret key "secret" +fixedinfo value "label", salt of "salt" and KMAC outlen of 20:

    +
    + EVP_KDF *kdf;
+ EVP_KDF_CTX *kctx;
+ unsigned char out[10];
+ OSSL_PARAM params[7], *p = params;
    +
    + kdf = EVP_KDF_fetch(NULL, "SSKDF", NULL);
+ kctx = EVP_KDF_CTX_new(kdf);
+ EVP_KDF_free(kdf);
    +
    + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC,
+                                         SN_kmac128, strlen(SN_kmac128));
+ *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
+                                         SN_sha256, strlen(SN_sha256));
+ *p++ = OSSL_PARAM_construct_octet_string(EVP_KDF_CTRL_SET_KEY,
+                                          "secret", (size_t)6);
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
+                                          "label", (size_t)5);
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
+                                          "salt", (size_t)4);
+ *p++ = OSSL_PARAM_construct_size_t(OSSL_KDF_PARAM_MAC_SIZE, (size_t)20);
+ *p = OSSL_PARAM_construct_end();
+ if (EVP_KDF_CTX_set_params(kctx, params) <= 0) {
+     error("EVP_KDF_CTX_set_params");
+ }
+ if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) {
+     error("EVP_KDF_derive");
+ }
    +
    + EVP_KDF_CTX_free(kctx);
    +

    +

    +
    +

    CONFORMING TO

    +

    NIST SP800-56Cr1.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_KDF(3), +EVP_KDF_CTX_new(3), +EVP_KDF_CTX_free(3), +EVP_KDF_CTX_set_params(3), +EVP_KDF_size(3), +EVP_KDF_derive(3), +EVP_KDF(3)/PARAMETERS

    +

    +

    +
    +

    HISTORY

    +

    This functionality was added to OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. Copyright +(c) 2019, Oracle and/or its affiliates. All rights reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man7/EVP_KDF-SSHKDF.html b/linux_amd64/ssl/share/doc/openssl/html/man7/EVP_KDF-SSHKDF.html new file mode 100755 index 0000000..81a601a --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man7/EVP_KDF-SSHKDF.html @@ -0,0 +1,204 @@ + + + + +EVP_KDF-SSHKDF + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_KDF-SSHKDF - The SSHKDF EVP_KDF implementation

    +

    +

    +
    +

    DESCRIPTION

    +

    Support for computing the SSHKDF KDF through the EVP_KDF API.

    +

    The EVP_KDF-SSHKDF algorithm implements the SSHKDF key derivation function. +It is defined in RFC 4253, section 7.2 and is used by SSH to derive IVs, +encryption keys and integrity keys. +Five inputs are required to perform key derivation: The hashing function +(for example SHA256), the Initial Key, the Exchange Hash, the Session ID, +and the derivation key type.

    +

    +

    +

    Identity

    +

    "SSHKDF" is the name for this implementation; it +can be used with the EVP_KDF_fetch() function.

    +

    +

    +

    Supported parameters

    +

    The supported parameters are:

    +
    +
    "properties" (OSSL_KDF_PARAM_PROPERTIES) <UTF8 string>
    + +
    "digest" (OSSL_KDF_PARAM_DIGEST) <UTF8 string>
    + +
    "key" (OSSL_KDF_PARAM_KEY) <octet string>
    + +
    +

    These parameters work as described in EVP_KDF(3)/PARAMETERS.

    +
    +
    "xcghash" (OSSL_KDF_PARAM_SSHKDF_XCGHASH) <octet string>
    + +
    "session_id" (OSSL_KDF_PARAM_SSHKDF_SESSION_ID) <octet string>
    + +
    +

    These parameters set the respective values for the KDF. +If a value is already set, the contents are replaced.

    +
    +
    "type" (OSSL_KDF_PARAM_SSHKDF_TYPE) <integer>
    + +
    +

    This parameter sets the type for the SSHHKDF operation. +There are six supported types:

    +
    +
    EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV
    + +
    +

    The Initial IV from client to server. +A single char of value 65 (ASCII char 'A').

    +
    +
    EVP_KDF_SSHKDF_TYPE_INITIAL_IV_SRV_TO_CLI
    + +
    +

    The Initial IV from server to client +A single char of value 66 (ASCII char 'B').

    +
    +
    EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_CLI_TO_SRV
    + +
    +

    The Encryption Key from client to server +A single char of value 67 (ASCII char 'C').

    +
    +
    EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_SRV_TO_CLI
    + +
    +

    The Encryption Key from server to client +A single char of value 68 (ASCII char 'D').

    +
    +
    EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_CLI_TO_SRV
    + +
    +

    The Integrity Key from client to server +A single char of value 69 (ASCII char 'E').

    +
    +
    EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_SRV_TO_CLI
    + +
    +

    The Integrity Key from client to server +A single char of value 70 (ASCII char 'F').

    +
    +
    +
    +
    +

    +

    +
    +

    NOTES

    +

    A context for SSHKDF can be obtained by calling:

    +
    + EVP_KDF *kdf = EVP_KDF_fetch(NULL, "SSHKDF", NULL);
+ EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
    +

    The output length of the SSHKDF derivation is specified via the keylen +parameter to the EVP_KDF_derive(3) function. +Since the SSHKDF output length is variable, calling EVP_KDF_size(3) +to obtain the requisite length is not meaningful. The caller must +allocate a buffer of the desired length, and pass that buffer to the +EVP_KDF_derive(3) function along with the desired length.

    +

    +

    +
    +

    EXAMPLES

    +

    This example derives an 8 byte IV using SHA-256 with a 1K "key" and appropriate +"xcghash" and "session_id" values:

    +
    + EVP_KDF *kdf;
+ EVP_KDF_CTX *kctx;
+ unsigned char key[1024] = "01234...";
+ unsigned char xcghash[32] = "012345...";
+ unsigned char session_id[32] = "012345...";
+ unsigned char out[8];
+ size_t outlen = sizeof(out);
+ OSSL_PARAM params[6], *p = params;
    +
    + kdf = EVP_KDF_fetch(NULL, "SSHKDF", NULL);
+ kctx = EVP_KDF_CTX_new(kdf);
+ EVP_KDF_free(kdf);
    +
    + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
+                                         SN_sha256, strlen(SN_sha256));
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
+                                          key, (size_t)1024);
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SSHKDF_XCGHASH,
+                                          xcghash, (size_t)32);
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
+                                          session_id, (size_t)32);
+ *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_SSHKDF_TYPE,
+                                 EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV);
+ *p = OSSL_PARAM_construct_end();
+ if (EVP_KDF_CTX_set_params(kctx, params) <= 0)
+     /* Error */
    +
    + if (EVP_KDF_derive(kctx, out, &outlen) <= 0)
+     /* Error */
    +

    +

    +
    +

    CONFORMING TO

    +

    RFC 4253

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_KDF(3), +EVP_KDF_CTX_new(3), +EVP_KDF_CTX_free(3), +EVP_KDF_CTX_set_params(3), +EVP_KDF_size(3), +EVP_KDF_derive(3), +EVP_KDF(3)/PARAMETERS

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man7/EVP_KDF-TLS1_PRF.html b/linux_amd64/ssl/share/doc/openssl/html/man7/EVP_KDF-TLS1_PRF.html new file mode 100755 index 0000000..058ff26 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man7/EVP_KDF-TLS1_PRF.html @@ -0,0 +1,154 @@ + + + + +EVP_KDF-TLS1_PRF + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_KDF-TLS1_PRF - The TLS1 PRF EVP_KDF implementation

    +

    +

    +
    +

    DESCRIPTION

    +

    Support for computing the TLS1 PRF through the EVP_KDF API.

    +

    The EVP_KDF-TLS1_PRF algorithm implements the PRF used by TLS versions up to +and including TLS 1.2.

    +

    +

    +

    Identity

    +

    "TLS1-PRF" is the name for this implementation; it +can be used with the EVP_KDF_fetch() function.

    +

    +

    +

    Supported parameters

    +

    The supported parameters are:

    +
    +
    "properties" (OSSL_KDF_PARAM_PROPERTIES) <UTF8 string>
    + +
    "digest" (OSSL_KDF_PARAM_DIGEST) <UTF8 string>
    + +
    +

    These parameters work as described in EVP_KDF(3)/PARAMETERS.

    +

    The OSSL_KDF_PARAM_DIGEST parameter is used to set the message digest +associated with the TLS PRF. +EVP_md5_sha1() is treated as a special case which uses the +PRF algorithm using both MD5 and SHA1 as used in TLS 1.0 and 1.1.

    +
    +
    "secret" (OSSL_KDF_PARAM_SECRET) <octet string>
    + +
    +

    This parameter sets the secret value of the TLS PRF. +Any existing secret value is replaced.

    +
    +
    "seed" (OSSL_KDF_PARAM_SEED) <octet string>
    + +
    +

    This parameter sets the context seed. +The length of the context seed cannot exceed 1024 bytes; +this should be more than enough for any normal use of the TLS PRF.

    +
    +
    +

    +

    +
    +

    NOTES

    +

    A context for the TLS PRF can be obtained by calling:

    +
    + EVP_KDF *kdf = EVP_KDF_fetch(NULL, "TLS1-PRF", NULL);
+ EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
    +

    The digest, secret value and seed must be set before a key is derived otherwise +an error will occur.

    +

    The output length of the PRF is specified by the keylen parameter to the +EVP_KDF_derive() function.

    +

    +

    +
    +

    EXAMPLES

    +

    This example derives 10 bytes using SHA-256 with the secret key "secret" +and seed value "seed":

    +
    + EVP_KDF *kdf;
+ EVP_KDF_CTX *kctx;
+ unsigned char out[10];
+ OSSL_PARAM params[4], *p = params;
    +
    + kdf = EVP_KDF_fetch(NULL, "TLS1-PRF", NULL);
+ kctx = EVP_KDF_CTX_new(kdf);
+ EVP_KDF_free(kdf);
    +
    + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
+                                         SN_sha256, strlen(SN_sha256));
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET,
+                                          "secret", (size_t)6);
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED,
+                                          "seed", (size_t)4);
+ *p = OSSL_PARAM_construct_end();
+ if (EVP_KDF_CTX_set_params(kctx, params) <= 0) {
+     error("EVP_KDF_CTX_set_params");
+ }
+ if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) {
+     error("EVP_KDF_derive");
+ }
+ EVP_KDF_CTX_free(kctx);
    +

    +

    +
    +

    CONFORMING TO

    +

    RFC 2246, RFC 5246 and NIST SP 800-135 r1

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_KDF(3), +EVP_KDF_CTX_new(3), +EVP_KDF_CTX_free(3), +EVP_KDF_CTX_set_params(3), +EVP_KDF_derive(3), +EVP_KDF(3)/PARAMETERS

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man7/EVP_KDF-X942.html b/linux_amd64/ssl/share/doc/openssl/html/man7/EVP_KDF-X942.html new file mode 100755 index 0000000..e583276 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man7/EVP_KDF-X942.html @@ -0,0 +1,169 @@ + + + + +EVP_KDF-X942 + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_KDF-X942 - The X9.42-2001 asn1 EVP_KDF implementation

    +

    +

    +
    +

    DESCRIPTION

    +

    The EVP_KDF-X942 algorithm implements the key derivation function (X942KDF). +X942KDF is used by Cryptographic Message Syntax (CMS) for DH KeyAgreement, to +derive a key using input such as a shared secret key and other info. The other +info is DER encoded data that contains a 32 bit counter.

    +

    +

    +

    Identity

    +

    "X942KDF" is the name for this implementation; it +can be used with the EVP_KDF_fetch() function.

    +

    +

    +

    Supported parameters

    +

    The supported parameters are:

    +
    +
    "properties" (OSSL_KDF_PARAM_PROPERTIES) <UTF8 string>
    + +
    "digest" (OSSL_KDF_PARAM_DIGEST) <UTF8 string>
    + +
    +

    These parameters work as described in EVP_KDF(3)/PARAMETERS.

    +
    +
    "key" (OSSL_KDF_PARAM_KEY) <octet string>
    + +
    +

    The shared secret used for key derivation. This parameter sets the secret.

    +
    +
    "ukm" (OSSL_KDF_PARAM_UKM) <octet string>
    + +
    +

    This parameter is an optional random string that is provided +by the sender called "partyAInfo". +In CMS this is the user keying material.

    +
    +
    "cekalg" (OSSL_KDF_PARAM_CEK_ALG) <UTF8 string>
    + +
    +

    This parameter sets the CEK wrapping algorithm name.

    +
    +
    +

    +

    +
    +

    NOTES

    +

    A context for X942KDF can be obtained by calling:

    +
    + EVP_KDF *kdf = EVP_KDF_fetch(NULL, "X942KDF", NULL);
+ EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
    +

    The output length of an X942KDF is specified via the keylen +parameter to the EVP_KDF_derive(3) function.

    +

    +

    +
    +

    EXAMPLES

    +

    This example derives 24 bytes, with the secret key "secret" and a random user +keying material:

    +
    +  EVP_KDF_CTX *kctx;
+  EVP_KDF_CTX *kctx;
+  unsigned char out[192/8];
+  unsignred char ukm[64];
+ OSSL_PARAM params[5], *p = params;
    +
    +  if (RAND_bytes(ukm, sizeof(ukm)) <= 0)
+      error("RAND_bytes");
    +
    + kdf = EVP_KDF_fetch(NULL, "X942KDF", NULL);
+ if (kctx == NULL)
+     error("EVP_KDF_fetch");
+ kctx = EVP_KDF_CTX_new(kdf);
+ if (kctx == NULL)
+     error("EVP_KDF_CTX_new");
+ EVP_KDF_free(kdf);
    +
    + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
+                                         SN_sha256, strlen(SN_sha256));
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET,
+                                          "secret", (size_t)6);
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_UKM, ukm, sizeof(ukm));
+ *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CEK_ALG,
+                                         SN_id_smime_alg_CMS3DESwrap,
+                                         strlen(SN_id_smime_alg_CMS3DESwrap));
+ *p = OSSL_PARAM_construct_end();
+ if (EVP_KDF_CTX_set_params(kctx, params) <= 0)
+     error("EVP_KDF_CTX_set_params");
+ if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0)
+     error("EVP_KDF_derive");
    +
    + EVP_KDF_CTX_free(kctx);
    +

    +

    +
    +

    CONFORMING TO

    +

    RFC 2631

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_KDF(3), +EVP_KDF_CTX_new(3), +EVP_KDF_CTX_free(3), +EVP_KDF_CTX_set_params(3), +EVP_KDF_size(3), +EVP_KDF_derive(3), +EVP_KDF(3)/PARAMETERS

    +

    +

    +
    +

    HISTORY

    +

    This functionality was added to OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man7/EVP_KDF-X963.html b/linux_amd64/ssl/share/doc/openssl/html/man7/EVP_KDF-X963.html new file mode 100755 index 0000000..8cd1d99 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man7/EVP_KDF-X963.html @@ -0,0 +1,156 @@ + + + + +EVP_KDF-X963 + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    EVP_KDF-X963 - The X9.63-2001 EVP_KDF implementation

    +

    +

    +
    +

    DESCRIPTION

    +

    The EVP_KDF-X963 algorithm implements the key derivation function (X963KDF). +X963KDF is used by Cryptographic Message Syntax (CMS) for EC KeyAgreement, to +derive a key using input such as a shared secret key and shared info.

    +

    +

    +

    Identity

    +

    "X963KDF" is the name for this implementation; it +can be used with the EVP_KDF_fetch() function.

    +

    +

    +

    Supported parameters

    +

    The supported parameters are:

    +
    +
    "properties" (OSSL_KDF_PARAM_PROPERTIES) <UTF8 string>
    + +
    "digest" (OSSL_KDF_PARAM_DIGEST) <UTF8 string>
    + +
    +

    These parameters work as described in EVP_KDF(3)/PARAMETERS.

    +
    +
    "key" (OSSL_KDF_PARAM_KEY) <octet string>
    + +
    +

    The shared secret used for key derivation. +This parameter sets the secret.

    +
    +
    "info" (OSSL_KDF_PARAM_INFO) <octet string>
    + +
    +

    This parameter specifies an optional value for shared info.

    +
    +
    +

    +

    +
    +

    NOTES

    +

    X963KDF is very similar to the SSKDF that uses a digest as the auxiliary function, +X963KDF appends the counter to the secret, whereas SSKDF prepends the counter.

    +

    A context for X963KDF can be obtained by calling:

    +
    + EVP_KDF *kdf = EVP_KDF_fetch(NULL, "X963KDF", NULL);
+ EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
    +

    The output length of an X963KDF is specified via the keylen +parameter to the EVP_KDF_derive(3) function.

    +

    +

    +
    +

    EXAMPLES

    +

    This example derives 10 bytes, with the secret key "secret" and sharedinfo +value "label":

    +
    + EVP_KDF *kdf;
+ EVP_KDF_CTX *kctx;
+ unsigned char out[10];
+ OSSL_PARAM params[4], *p = params;
    +
    + kdf = EVP_KDF_fetch(NULL, "X963KDF", NULL);
+ kctx = EVP_KDF_CTX_new(kdf);
+ EVP_KDF_free(kdf);
    +
    + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
+                                         SN_sha256, strlen(SN_sha256));
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET,
+                                          "secret", (size_t)6);
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
+                                          "label", (size_t)5);
+ *p = OSSL_PARAM_construct_end();
+ if (EVP_KDF_CTX_set_params(kctx, params) <= 0) {
+     error("EVP_KDF_CTX_set_params");
+ }
+ if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) {
+     error("EVP_KDF_derive");
+ }
    +
    + EVP_KDF_CTX_free(kctx);
    +

    +

    +
    +

    CONFORMING TO

    +

    "SEC 1: Elliptic Curve Cryptography"

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_KDF(3), +EVP_KDF_CTX_new(3), +EVP_KDF_CTX_free(3), +EVP_KDF_CTX_set_params(3), +EVP_KDF_size(3), +EVP_KDF_derive(3), +EVP_KDF(3)/PARAMETERS

    +

    +

    +
    +

    HISTORY

    +

    This functionality was added to OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man7/EVP_MAC-BLAKE2.html b/linux_amd64/ssl/share/doc/openssl/html/man7/EVP_MAC-BLAKE2.html new file mode 100755 index 0000000..2c3ce20 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man7/EVP_MAC-BLAKE2.html @@ -0,0 +1,119 @@ + + + + +EVP_MAC-BLAKE2 + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    EVP_MAC-BLAKE2, EVP_MAC-BLAKE2BMAC, EVP_MAC-BLAKE2SMAC +- The BLAKE2 EVP_MAC implementations

    +

    +

    +
    +

    DESCRIPTION

    +

    Support for computing BLAKE2 MACs through the EVP_MAC API.

    +

    +

    +

    Identity

    +

    These implementations are identified with one of these names and +properties, to be used with EVP_MAC_fetch():

    +
    +
    "BLAKE2BMAC", "provider=default"
    + +
    "BLAKE2SMAC", "provider=default"
    + +
    +

    +

    +

    Supported parameters

    +

    The general description of these parameters can be found in +EVP_MAC(3)/PARAMETERS.

    +

    All these parameters can be set with EVP_MAC_CTX_set_params(). +Furthermore, the "size" parameter can be retrieved with +EVP_MAC_CTX_get_params(), or with EVP_MAC_size(). +The length of the "size" parameter should not exceed that of a size_t.

    +
    +
    "key" (OSSL_MAC_PARAM_KEY) <octet string>
    + +
    +

    This may be at most 64 bytes for BLAKE2BMAC or 32 for BLAKE2SMAC and +at least 1 byte in both cases.

    +
    +
    "custom" (OSSL_MAC_PARAM_CUSTOM) <octet string>
    + +
    +

    This is an optional value of at most 16 bytes for BLAKE2BMAC or 8 for +BLAKE2SMAC. +It is empty by default.

    +
    +
    "salt" (OSSL_MAC_PARAM_SALT) <octet string>
    + +
    +

    This is an optional value of at most 16 bytes for BLAKE2BMAC or 8 for +BLAKE2SMAC. +It is empty by default.

    +
    +
    "size" (OSSL_MAC_PARAM_SIZE) <unsigned integer>
    + +
    +

    When set, this can be any number between between 1 and 32 for +EVP_MAC_BLAKE2S or 64 for EVP_MAC_BLAKE2B. +It is 32 and 64 respectively by default.

    +
    +
    +

    +

    +
    +

    SEE ALSO

    +

    EVP_MAC_CTX_get_params(3), EVP_MAC_CTX_set_params(3), +EVP_MAC(3)/PARAMETERS, OSSL_PARAM(3)

    +

    +

    +
    +

    HISTORY

    +

    The macros and functions described here were added to OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man7/EVP_MAC-CMAC.html b/linux_amd64/ssl/share/doc/openssl/html/man7/EVP_MAC-CMAC.html new file mode 100755 index 0000000..8cae2fc --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man7/EVP_MAC-CMAC.html @@ -0,0 +1,94 @@ + + + + +EVP_MAC-CMAC + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    EVP_MAC-CMAC - The CMAC EVP_MAC implementation

    +

    +

    +
    +

    DESCRIPTION

    +

    Support for computing CMAC MACs through the EVP_MAC API.

    +

    +

    +

    Identity

    +

    This implementation is identified with this name and properties, to be +used with EVP_MAC_fetch():

    +
    +
    "CMAC", "provider=default" or "provider=fips"
    + +
    +

    +

    +

    Supported parameters

    +

    The general description of these parameters can be found in +EVP_MAC(3)/PARAMETERS.

    +

    The following parameter can be set with EVP_MAC_CTX_set_params():

    +
    +
    "key" (OSSL_MAC_PARAM_KEY) <octet string>
    + +
    "cipher" (OSSL_MAC_PARAM_CIPHER) <UTF8 string>
    + +
    "properties" (OSSL_MAC_PARAM_PROPERTIES) <UTF8 string>
    + +
    +

    The following parameters can be retrieved with +EVP_MAC_CTX_get_params():

    +
    +
    "size" (OSSL_MAC_PARAM_SIZE) <unsigned integer>
    + +
    +

    The "size" parameter can also be retrieved with with EVP_MAC_size(). +The length of the "size" parameter is equal to that of an unsigned int.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_MAC_CTX_get_params(3), EVP_MAC_CTX_set_params(3), +EVP_MAC(3)/PARAMETERS, OSSL_PARAM(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man7/EVP_MAC-GMAC.html b/linux_amd64/ssl/share/doc/openssl/html/man7/EVP_MAC-GMAC.html new file mode 100755 index 0000000..2f7fe60 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man7/EVP_MAC-GMAC.html @@ -0,0 +1,96 @@ + + + + +EVP_MAC-GMAC + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    EVP_MAC-GMAC - The GMAC EVP_MAC implementation

    +

    +

    +
    +

    DESCRIPTION

    +

    Support for computing GMAC MACs through the EVP_MAC API.

    +

    +

    +

    Identity

    +

    This implementation is identified with this name and properties, to be +used with EVP_MAC_fetch():

    +
    +
    "GMAC", "provider=default" or "provider=fips"
    + +
    +

    +

    +

    Supported parameters

    +

    The general description of these parameters can be found in +EVP_MAC(3)/PARAMETERS.

    +

    The following parameter can be set with EVP_MAC_CTX_set_params():

    +
    +
    "key" (OSSL_MAC_PARAM_KEY) <octet string>
    + +
    "iv" (OSSL_MAC_PARAM_IV) <octet string>
    + +
    "cipher" (OSSL_MAC_PARAM_CIPHER) <UTF8 string>
    + +
    "properties" (OSSL_MAC_PARAM_PROPERTIES) <UTF8 string>
    + +
    +

    The following parameters can be retrieved with +EVP_MAC_CTX_get_params():

    +
    +
    "size" (OSSL_MAC_PARAM_SIZE) <unsigned integer>
    + +
    +

    The "size" parameter can also be retrieved with EVP_MAC_size(). +The length of the "size" parameter is equal to that of an unsigned int.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_MAC_CTX_get_params(3), EVP_MAC_CTX_set_params(3), +EVP_MAC(3)/PARAMETERS, OSSL_PARAM(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man7/EVP_MAC-HMAC.html b/linux_amd64/ssl/share/doc/openssl/html/man7/EVP_MAC-HMAC.html new file mode 100755 index 0000000..5029fbd --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man7/EVP_MAC-HMAC.html @@ -0,0 +1,97 @@ + + + + +EVP_MAC-HMAC + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    EVP_MAC-HMAC - The HMAC EVP_MAC implementation

    +

    +

    +
    +

    DESCRIPTION

    +

    Support for computing HMAC MACs through the EVP_MAC API.

    +

    +

    +

    Identity

    +

    This implementation is identified with this name and properties, to be +used with EVP_MAC_fetch():

    +
    +
    "HMAC", "provider=default" or "provider=fips"
    + +
    +

    +

    +

    Supported parameters

    +

    The general description of these parameters can be found in +EVP_MAC(3)/PARAMETERS.

    +

    The following parameter can be set with EVP_MAC_CTX_set_params():

    +
    +
    "key" (OSSL_MAC_PARAM_KEY) <octet string>
    + +
    "flags" (OSSL_MAC_PARAM_FLAGS) <octet string>
    + +
    "digest" (OSSL_MAC_PARAM_DIGEST) <UTF8 string>
    + +
    "properties" (OSSL_MAC_PARAM_PROPERTIES) <UTF8 string>
    + +
    +

    The "flags" parameter is passed directly to HMAC_CTX_set_flags().

    +

    The following parameter can be retrieved with +EVP_MAC_CTX_get_params():

    +
    +
    "size" (OSSL_MAC_PARAM_SIZE) <unsigned integer>
    + +
    +

    The "size" parameter can also be retrieved with EVP_MAC_size(). +The length of the "size" parameter is equal to that of an unsigned int.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_MAC_CTX_get_params(3), EVP_MAC_CTX_set_params(3), +EVP_MAC(3)/PARAMETERS, OSSL_PARAM(3), HMAC(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man7/EVP_MAC-KMAC.html b/linux_amd64/ssl/share/doc/openssl/html/man7/EVP_MAC-KMAC.html new file mode 100755 index 0000000..15d86e7 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man7/EVP_MAC-KMAC.html @@ -0,0 +1,97 @@ + + + + +EVP_MAC-KMAC + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    EVP_MAC-KMAC, EVP_MAC-KMAC128, EVP_MAC-KMAC256 +- The KMAC EVP_MAC implementations

    +

    +

    +
    +

    DESCRIPTION

    +

    Support for computing KMAC MACs through the EVP_MAC API.

    +

    +

    +

    Identity

    +

    These implementations are identified with one of these names and +properties, to be used with EVP_MAC_fetch():

    +
    +
    "KMAC-128", "provider=default" or "provider=fips"
    + +
    "KMAC-256", "provider=default" or "provider=fips"
    + +
    +

    +

    +

    Supported parameters

    +

    The general description of these parameters can be found in +EVP_MAC(3)/PARAMETERS.

    +

    All these parameters can be set with EVP_MAC_CTX_set_params(). +Furthermore, the "size" parameter can be retrieved with +EVP_MAC_CTX_get_params(), or with EVP_MAC_size(). +The length of the "size" parameter should not exceed that of a size_t.

    +
    +
    "key" (OSSL_MAC_PARAM_KEY) <octet string>
    + +
    "custom" (OSSL_MAC_PARAM_CUSTOM) <octet string>
    + +
    "size" (OSSL_MAC_PARAM_SIZE) <unsigned integer>
    + +
    "xof" (OSSL_MAC_PARAM_XOF) <integer>
    + +
    +

    The "xof" parameter value is expected to be 1 or 0. Use 1 to enable XOF +mode. If XOF is enabled then the output length that is encoded as part of +the input stream is set to zero.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_MAC_CTX_get_params(3), EVP_MAC_CTX_set_params(3), +EVP_MAC(3)/PARAMETERS, OSSL_PARAM(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man7/EVP_MAC-Poly1305.html b/linux_amd64/ssl/share/doc/openssl/html/man7/EVP_MAC-Poly1305.html new file mode 100755 index 0000000..9ba3218 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man7/EVP_MAC-Poly1305.html @@ -0,0 +1,90 @@ + + + + +EVP_MAC-Poly1305 + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    EVP_MAC-Poly1305 - The Poly1305 EVP_MAC implementation

    +

    +

    +
    +

    DESCRIPTION

    +

    Support for computing Poly1305 MACs through the EVP_MAC API.

    +

    +

    +

    Identity

    +

    This implementation is identified with this name and properties, to be +used with EVP_MAC_fetch():

    +
    +
    "POLY1305", "provider=default"
    + +
    +

    +

    +

    Supported parameters

    +

    The general description of these parameters can be found in +EVP_MAC(3)/PARAMETERS.

    +

    The following parameter can be set with EVP_MAC_CTX_set_params():

    +
    +
    "key" (OSSL_MAC_PARAM_KEY) <octet string>
    + +
    +

    The following parameters can be retrieved with +EVP_MAC_CTX_get_params():

    +
    +
    "size" (OSSL_MAC_PARAM_SIZE) <unsigned integer>
    + +
    +

    The "size" parameter can also be retrieved with with EVP_MAC_size(). +The length of the "size" parameter should not exceed that of an unsigned int.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_MAC_CTX_get_params(3), EVP_MAC_CTX_set_params(3), +EVP_MAC(3)/PARAMETERS, OSSL_PARAM(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man7/EVP_MAC-Siphash.html b/linux_amd64/ssl/share/doc/openssl/html/man7/EVP_MAC-Siphash.html new file mode 100755 index 0000000..62b7063 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man7/EVP_MAC-Siphash.html @@ -0,0 +1,87 @@ + + + + +EVP_MAC-Siphash + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    EVP_MAC-Siphash - The SipHash EVP_MAC implementation

    +

    +

    +
    +

    DESCRIPTION

    +

    Support for computing SipHash MACs through the EVP_MAC API.

    +

    +

    +

    Identity

    +

    This implementation is identified with this name and properties, to be +used with EVP_MAC_fetch():

    +
    +
    "SIPHASH", "provider=default"
    + +
    +

    +

    +

    Supported parameters

    +

    The general description of these parameters can be found in +EVP_MAC(3)/PARAMETERS.

    +

    All these parameters can be set with EVP_MAC_CTX_set_params(). +Furthermore, the "size" parameter can be retrieved with +EVP_MAC_CTX_get_params(), or with EVP_MAC_size(). +The length of the "size" parameter should not exceed that of a size_t.

    +
    +
    "key" (OSSL_MAC_PARAM_KEY) <octet string>
    + +
    "size" (OSSL_MAC_PARAM_SIZE) <unsigned integer>
    + +
    +

    +

    +
    +

    SEE ALSO

    +

    EVP_MAC_CTX_get_params(3), EVP_MAC_CTX_set_params(3), +EVP_MAC(3)/PARAMETERS, OSSL_PARAM(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man7/Ed25519.html b/linux_amd64/ssl/share/doc/openssl/html/man7/Ed25519.html new file mode 100755 index 0000000..6917aba --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man7/Ed25519.html @@ -0,0 +1,116 @@ + + + + +Ed25519 + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    Ed25519, +Ed448 +- EVP_PKEY Ed25519 and Ed448 support

    +

    +

    +
    +

    DESCRIPTION

    +

    The Ed25519 and Ed448 EVP_PKEY implementation supports key generation, +one-shot digest sign and digest verify using PureEdDSA and Ed25519 or Ed448 +(see RFC8032). It has associated private and public key formats compatible with +draft-ietf-curdle-pkix-04.

    +

    No additional parameters can be set during key generation, one-shot signing or +verification. In particular, because PureEdDSA is used, a digest must NOT be +specified when signing or verifying.

    +

    +

    +
    +

    NOTES

    +

    The PureEdDSA algorithm does not support the streaming mechanism +of other signature algorithms using, for example, EVP_DigestUpdate(). +The message to sign or verify must be passed using the one-shot +EVP_DigestSign() and EVP_DigestVerify() functions.

    +

    When calling EVP_DigestSignInit() or EVP_DigestVerifyInit(), the +digest type parameter MUST be set to NULL.

    +

    Applications wishing to sign certificates (or other structures such as +CRLs or certificate requests) using Ed25519 or Ed448 can either use X509_sign() +or X509_sign_ctx() in the usual way.

    +

    A context for the Ed25519 algorithm can be obtained by calling:

    +
    + EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_ED25519, NULL);
    +

    For the Ed448 algorithm a context can be obtained by calling:

    +
    + EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_ED448, NULL);
    +

    Ed25519 or Ed448 private keys can be set directly using +EVP_PKEY_new_raw_private_key(3) or loaded from a PKCS#8 private key file +using PEM_read_bio_PrivateKey(3) (or similar function). Completely new keys +can also be generated (see the example below). Setting a private key also sets +the associated public key.

    +

    Ed25519 or Ed448 public keys can be set directly using +EVP_PKEY_new_raw_public_key(3) or loaded from a SubjectPublicKeyInfo +structure in a PEM file using PEM_read_bio_PUBKEY(3) (or similar function).

    +

    Ed25519 and Ed448 can be tested with the openssl-speed(1) application +since version 1.1.1. +Valid algorithm names are ed25519, ed448 and eddsa. If eddsa is +specified, then both Ed25519 and Ed448 are benchmarked.

    +

    +

    +
    +

    EXAMPLES

    +

    This example generates an ED25519 private key and writes it to standard +output in PEM format:

    +
    + #include <openssl/evp.h>
+ #include <openssl/pem.h>
+ ...
+ EVP_PKEY *pkey = NULL;
+ EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_ED25519, NULL);
+ EVP_PKEY_keygen_init(pctx);
+ EVP_PKEY_keygen(pctx, &pkey);
+ EVP_PKEY_CTX_free(pctx);
+ PEM_write_PrivateKey(stdout, pkey, NULL, NULL, 0, NULL, NULL);
    +

    +

    +
    +

    SEE ALSO

    +

    EVP_PKEY_CTX_new(3), +EVP_PKEY_keygen(3), +EVP_DigestSignInit(3), +EVP_DigestVerifyInit(3),

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man7/OSSL_PROVIDER-FIPS.html b/linux_amd64/ssl/share/doc/openssl/html/man7/OSSL_PROVIDER-FIPS.html new file mode 100755 index 0000000..c24f3f9 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man7/OSSL_PROVIDER-FIPS.html @@ -0,0 +1,307 @@ + + + + +OSSL_PROVIDER-FIPS + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    OSSL_PROVIDER-FIPS - OPENSSL FIPS provider

    +

    +

    +
    +

    DESCRIPTION

    +

    The OPENSSL FIPS provider is a special provider that conforms to the Federal +Information Processing Standards (FIPS) specified in FIPS 140-2. This 'module' +contains an approved set of cryptographic algorithms that is validated by an +accredited testing laboratory.

    +

    +

    +
    +

    SELF TESTING

    +

    One of the requirements for the FIPS module is self testing. An optional callback +mechanism is available to return information to the user using +OSSL_SELF_TEST_set_callback(3).

    +

    The OPENSSL FIPS module uses the following mechanism to provide information +about the self tests as they run. +This is useful for debugging if a self test is failing. +The callback also allows forcing any self test to fail, in order to check that +it operates correctly on failure.

    +

    The 'args' parameter of OSSL_CALLBACK contains the OPENSSL_CTX associated +with the provider that is triggering the self test. This may be useful if +multiple fips providers are present.

    +

    The OSSL_PARAM names used are:

    +
    +
    "st-phase" (OSSL_PROV_PARAM_SELF_TEST_PHASE) <UTF8 string>
    + +
    +

    Each self test calls the callback 3 times with the following string values +for the phase.

    +
    +
    "Start" (OSSL_SELF_TEST_PHASE_START)
    + +
    +

    This is the initial phase before the self test has run. +This is used for informational purposes only. +The value returned by the callback is ignored.

    +
    +
    "Corrupt" (OSSL_SELF_TEST_PHASE_CORRUPT)
    + +
    +

    The corrupt phase is run after the self test has calculated its known value. +The callback may be used to force the self test to fail by returning a value +of 0 from the callback during this phase. +Returning any other value from the callback causes the self test to run normally.

    +
    +
    "Pass" (OSSL_SELF_TEST_PHASE_PASS)
    + +
    "Fail" (OSSL_SELF_TEST_PHASE_FAIL)
    + +
    +

    The final phase runs after the self test is complete and indicates if a self +test passed or failed. This is used for informational purposes only. +The value returned by the callback is ignored. +"Fail" should normally only be returned if any self test was forced to fail +during the "Corrupt" phase (or if there was an error such as the integrity +check of the module failed).

    +

    Note that all self tests run even if a self test failure occurs.

    +
    +
    +
    +
    "st-type" (OSSL_PROV_PARAM_SELF_TEST_TYPE) <UTF8 string>
    + +
    +

    Used as a category to identify the type of self test being run. +It includes the following string values:

    +
    +
    "Module_Integrity" (OSSL_SELF_TEST_TYPE_MODULE_INTEGRITY)
    + +
    +

    Uses HMAC SHA256 on the module file to validate that the module has not been +modified. The integrity value is compared to a value written to a configuration +file during installation.

    +
    +
    "Install_Integrity" (OSSL_SELF_TEST_TYPE_INSTALL_INTEGRITY)
    + +
    +

    Uses HMAC SHA256 on a fixed string to validate that the installation process +has already been performed and the self test KATS have already been tested, +The integrity value is compared to a value written to a configuration +file after successfully running the self tests during installation.

    +
    +
    "KAT_Cipher" (OSSL_SELF_TEST_TYPE_KAT_CIPHER)
    + +
    +

    Known answer test for a symmetric cipher.

    +
    +
    "KAT_Digest" (OSSL_SELF_TEST_TYPE_KAT_DIGEST)
    + +
    +

    Known answer test for a digest.

    +
    +
    "KAT_Signature" (OSSL_SELF_TEST_TYPE_KAT_SIGNATURE)
    + +
    +

    Known answer test for a signature.

    +
    +
    "KAT_KDF" (OSSL_SELF_TEST_TYPE_KAT_KDF)
    + +
    +

    Known answer test for a key derivation function.

    +
    +
    "KAT_KA" (OSSL_SELF_TEST_TYPE_KAT_KA)
    + +
    +

    Known answer test for key agreement.

    +
    +
    "DRBG" (OSSL_SELF_TEST_TYPE_DRBG)
    + +
    +

    Known answer test for a Deterministic Random Bit Generator.

    +
    +
    "Pairwise_Consistency_Test" (OSSL_SELF_TEST_TYPE_PCT)
    + +
    +

    Conditional test that is run during the generation of key pairs.

    +
    +
    +

    The "Module_Integrity" self test is always run at startup. +The "Install_Integrity" self test is used to check if the self tests have +already been run at installation time. If they have already run then the +self tests are not run on subsequent startups. +All other self test categories are run once at installation time, except for the +"Pairwise_Consistency_Test".

    +

    There is only one instance of the "Module_Integrity" and "Install_Integrity" +self tests. All other self tests may have multiple instances.

    +
    +
    "st-desc" (OSSL_PROV_PARAM_SELF_TEST_DESC) <UTF8 string>
    + +
    +

    Used as a sub category to identify an individual self test. +The following description strings are used.

    +
    +
    "HMAC" (OSSL_SELF_TEST_DESC_INTEGRITY_HMAC)
    + +
    +

    "Module_Integrity" and "Install_Integrity" use this.

    +
    +
    "RSA" (OSSL_SELF_TEST_DESC_PCT_RSA_PKCS1)
    + +
    "ECDSA" (OSSL_SELF_TEST_DESC_PCT_ECDSA)
    + +
    "DSA" (OSSL_SELF_TEST_DESC_PCT_DSA)
    + +
    +

    Key generation tests used with the "Pairwise_Consistency_Test" type.

    +
    +
    "AES_GCM" (OSSL_SELF_TEST_DESC_CIPHER_AES_GCM)
    + +
    "TDES" (OSSL_SELF_TEST_DESC_CIPHER_TDES)
    + +
    +

    Symmetric cipher tests used with the "KAT_Cipher" type.

    +
    +
    "SHA1" (OSSL_SELF_TEST_DESC_MD_SHA1)
    + +
    "SHA2" (OSSL_SELF_TEST_DESC_MD_SHA2)
    + +
    "SHA3" (OSSL_SELF_TEST_DESC_MD_SHA3)
    + +
    +

    Digest tests used with the "KAT_Digest" type.

    +
    +
    "DSA" (OSSL_SELF_TEST_DESC_SIGN_DSA)
    + +
    "RSA" (OSSL_SELF_TEST_DESC_SIGN_RSA)
    + +
    "ECDSA" (OSSL_SELF_TEST_DESC_SIGN_ECDSA)
    + +
    +

    Signature tests used with the "KAT_Signature" type.

    +
    +
    "ECDH" (OSSL_SELF_TEST_DESC_KA_ECDH)
    + +
    "ECDSA" (OSSL_SELF_TEST_DESC_KA_ECDSA)
    + +
    +

    Key agreement tests used with the "KAT_KA" type.

    +
    +
    "HKDF" (OSSL_SELF_TEST_DESC_KDF_HKDF)
    + +
    +

    Key Derivation Function tests used with the "KAT_KDF" type.

    +
    +
    "CTR" (OSSL_SELF_TEST_DESC_DRBG_CTR)
    + +
    "HASH" (OSSL_SELF_TEST_DESC_DRBG_HASH)
    + +
    "HMAC" (OSSL_SELF_TEST_DESC_DRBG_HMAC)
    + +
    +

    DRBG tests used with the "DRBG" type.

    +
    +
    +
    +
    +

    +

    +
    +

    EXAMPLES

    +

    A simple self test callback is shown below for illustrative purposes.

    +
    +  #include <openssl/self_test.h>
    +
    +  static OSSL_CALLBACK self_test_cb;
    +
    +  static int self_test_cb(const OSSL_PARAM params[], void *arg)
+  {
+    int ret = 0;
+    const OSSL_PARAM *p = NULL;
+    const char *phase = NULL, *type = NULL, *desc = NULL;
    +
    +    p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_PHASE);
+    if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING)
+        goto err;
+    phase = (const char *)p->data;
    +
    +    p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_DESC);
+    if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING)
+        goto err;
+    desc = (const char *)p->data;
    +
    +    p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_TYPE);
+    if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING)
+        goto err;
+    type = (const char *)p->data;
    +
    +    /* Do some logging */
+    if (strcmp(phase, OSSL_SELF_TEST_PHASE_START) == 0)
+        BIO_printf(bio_out, "%s : (%s) : ", desc, type);
+    if (strcmp(phase, OSSL_SELF_TEST_PHASE_PASS) == 0
+            || strcmp(phase, OSSL_SELF_TEST_PHASE_FAIL) == 0)
+        BIO_printf(bio_out, "%s\n", phase);
    +
    +    /* Corrupt the SHA1 self test during the 'corrupt' phase by returning 0 */
+    if (strcmp(phase, OSSL_SELF_TEST_PHASE_CORRUPT) == 0
+            && strcmp(desc, OSSL_SELF_TEST_DESC_MD_SHA1) == 0) {
+        BIO_printf(bio_out, "%s %s", phase, desc);
+        return 0;
+    }
+    ret = 1;
+  err:
+    return ret;
+  }
    +

    +

    +
    +

    SEE ALSO

    +

    openssl-fipsinstall(1), +fips_config(5), +OSSL_SELF_TEST_set_callback(3), +OSSL_PARAM(3), +openssl-core.h(7)

    +

    +

    +
    +

    HISTORY

    +

    The type and functions described here were added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man7/RAND.html b/linux_amd64/ssl/share/doc/openssl/html/man7/RAND.html new file mode 100755 index 0000000..bc6d71b --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man7/RAND.html @@ -0,0 +1,110 @@ + + + + +RAND + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    RAND +- the OpenSSL random generator

    +

    +

    +
    +

    DESCRIPTION

    +

    Random numbers are a vital part of cryptography, they are needed to provide +unpredictability for tasks like key generation, creating salts, and many more. +Software-based generators must be seeded with external randomness before they +can be used as a cryptographically-secure pseudo-random number generator +(CSPRNG). +The availability of common hardware with special instructions and +modern operating systems, which may use items such as interrupt jitter +and network packet timings, can be reasonable sources of seeding material.

    +

    OpenSSL comes with a default implementation of the RAND API which is based on +the deterministic random bit generator (DRBG) model as described in +[NIST SP 800-90A Rev. 1]. The default random generator will initialize +automatically on first use and will be fully functional without having +to be initialized ('seeded') explicitly. +It seeds and reseeds itself automatically using trusted random sources +provided by the operating system.

    +

    As a normal application developer, you do not have to worry about any details, +just use RAND_bytes(3) to obtain random data. +Having said that, there is one important rule to obey: Always check the error +return value of RAND_bytes(3) and do not take randomness for granted. +Although (re-)seeding is automatic, it can fail because no trusted random source +is available or the trusted source(s) temporarily fail to provide sufficient +random seed material. +In this case the CSPRNG enters an error state and ceases to provide output, +until it is able to recover from the error by reseeding itself. +For more details on reseeding and error recovery, see RAND_DRBG(7).

    +

    For values that should remain secret, you can use RAND_priv_bytes(3) +instead. +This method does not provide 'better' randomness, it uses the same type of CSPRNG. +The intention behind using a dedicated CSPRNG exclusively for private +values is that none of its output should be visible to an attacker (e.g., +used as salt value), in order to reveal as little information as +possible about its internal state, and that a compromise of the "public" +CSPRNG instance will not affect the secrecy of these private values.

    +

    In the rare case where the default implementation does not satisfy your special +requirements, there are two options:

    +
      +
    • +

      Replace the default RAND method by your own RAND method using +RAND_set_rand_method(3).

      +
      • +
    • +

      Modify the default settings of the OpenSSL RAND method by modifying the security +parameters of the underlying DRBG, which is described in detail in RAND_DRBG(7).

      +
      • +
    +

    Changing the default random generator or its default parameters should be necessary +only in exceptional cases and is not recommended, unless you have a profound knowledge +of cryptographic principles and understand the implications of your changes.

    +

    +

    +
    +

    SEE ALSO

    +

    RAND_add(3), +RAND_bytes(3), +RAND_priv_bytes(3), +RAND_get_rand_method(3), +RAND_set_rand_method(3), +RAND_OpenSSL(3), +RAND_DRBG(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man7/RAND_DRBG.html b/linux_amd64/ssl/share/doc/openssl/html/man7/RAND_DRBG.html new file mode 100755 index 0000000..3e24b70 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man7/RAND_DRBG.html @@ -0,0 +1,344 @@ + + + + +RAND_DRBG + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    RAND_DRBG - the deterministic random bit generator

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/rand_drbg.h>
    +

    +

    +
    +

    DESCRIPTION

    +

    The default OpenSSL RAND method is based on the RAND_DRBG class, +which implements a deterministic random bit generator (DRBG). +A DRBG is a certain type of cryptographically-secure pseudo-random +number generator (CSPRNG), which is described in +[NIST SP 800-90A Rev. 1].

    +

    While the RAND API is the 'frontend' which is intended to be used by +application developers for obtaining random bytes, the RAND_DRBG API +serves as the 'backend', connecting the former with the operating +systems's entropy sources and providing access to the DRBG's +configuration parameters.

    +

    +

    +

    Disclaimer

    +

    Unless you have very specific requirements for your random generator, +it is in general not necessary to utilize the RAND_DRBG API directly. +The usual way to obtain random bytes is to use RAND_bytes(3) or +RAND_priv_bytes(3), see also RAND(7).

    +

    +

    +

    Typical Use Cases

    +

    Typical examples for such special use cases are the following:

    +
      +
    • +

      You want to use your own private DRBG instances. +Multiple DRBG instances which are accessed only by a single thread provide +additional security (because their internal states are independent) and +better scalability in multithreaded applications (because they don't need +to be locked).

      +
      • +
    • +

      You need to integrate a previously unsupported entropy source.

      +
      • +
    • +

      You need to change the default settings of the standard OpenSSL RAND +implementation to meet specific requirements.

      +
      • +
    +

    +

    +
    +

    CHAINING

    +

    A DRBG instance can be used as the entropy source of another DRBG instance, +provided it has itself access to a valid entropy source. +The DRBG instance which acts as entropy source is called the parent DRBG, +the other instance the child DRBG.

    +

    This is called chaining. A chained DRBG instance is created by passing +a pointer to the parent DRBG as argument to the RAND_DRBG_new() call. +It is possible to create chains of more than two DRBG in a row.

    +

    +

    +
    +

    THE THREE SHARED DRBG INSTANCES

    +

    Currently, there are three shared DRBG instances, +the <master>, <public>, and <private> DRBG. +While the <master> DRBG is a single global instance, the <public> and <private> +DRBG are created per thread and accessed through thread-local storage.

    +

    By default, the functions RAND_bytes(3) and RAND_priv_bytes(3) use +the thread-local <public> and <private> DRBG instance, respectively.

    +

    +

    +

    The <master> DRBG instance

    +

    The <master> DRBG is not used directly by the application, only for reseeding +the two other two DRBG instances. It reseeds itself by obtaining randomness +either from os entropy sources or by consuming randomness which was added +previously by RAND_add(3).

    +

    +

    +

    The <public> DRBG instance

    +

    This instance is used per default by RAND_bytes(3).

    +

    +

    +

    The <private> DRBG instance

    +

    This instance is used per default by RAND_priv_bytes(3)

    +

    +

    +
    +

    LOCKING

    +

    The <master> DRBG is intended to be accessed concurrently for reseeding +by its child DRBG instances. The necessary locking is done internally. +It is not thread-safe to access the <master> DRBG directly via the +RAND_DRBG interface. +The <public> and <private> DRBG are thread-local, i.e. there is an +instance of each per thread. So they can safely be accessed without +locking via the RAND_DRBG interface.

    +

    Pointers to these DRBG instances can be obtained using +RAND_DRBG_get0_master(), +RAND_DRBG_get0_public(), and +RAND_DRBG_get0_private(), respectively. +Note that it is not allowed to store a pointer to one of the thread-local +DRBG instances in a variable or other memory location where it will be +accessed and used by multiple threads.

    +

    All other DRBG instances created by an application don't support locking, +because they are intended to be used by a single thread. +Instead of accessing a single DRBG instance concurrently from different +threads, it is recommended to instantiate a separate DRBG instance per +thread. Using the <master> DRBG as entropy source for multiple DRBG +instances on different threads is thread-safe, because the DRBG instance +will lock the <master> DRBG automatically for obtaining random input.

    +

    +

    +
    +

    THE OVERALL PICTURE

    +

    The following picture gives an overview over how the DRBG instances work +together and are being used.

    +
    +               +--------------------+
+               | os entropy sources |
+               +--------------------+
+                        |
+                        v           +-----------------------------+
+      RAND_add() ==> <master>     <-| shared DRBG (with locking)  |
+                      /   \         +-----------------------------+
+                     /     \              +---------------------------+
+              <public>     <private>   <- | per-thread DRBG instances |
+                 |             |          +---------------------------+
+                 v             v
+               RAND_bytes()   RAND_priv_bytes()
+                    |               ^
+                    |               |
+    +------------------+      +------------------------------------+
+    | general purpose  |      | used for secrets like session keys |
+    | random generator |      | and private keys for certificates  |
+    +------------------+      +------------------------------------+
    +

    The usual way to obtain random bytes is to call RAND_bytes(...) or +RAND_priv_bytes(...). These calls are roughly equivalent to calling +RAND_DRBG_bytes(<public>, ...) and RAND_DRBG_bytes(<private>, ...), +respectively. The method RAND_DRBG_bytes(3) is a convenience method +wrapping the RAND_DRBG_generate(3) function, which serves the actual +request for random data.

    +

    +

    +
    +

    RESEEDING

    +

    A DRBG instance seeds itself automatically, pulling random input from +its entropy source. The entropy source can be either a trusted operating +system entropy source, or another DRBG with access to such a source.

    +

    Automatic reseeding occurs after a predefined number of generate requests. +The selection of the trusted entropy sources is configured at build +time using the --with-rand-seed option. The following sections explain +the reseeding process in more detail.

    +

    +

    +

    Automatic Reseeding

    +

    Before satisfying a generate request (RAND_DRBG_generate(3)), the DRBG +reseeds itself automatically, if one of the following conditions holds:

    +

    - the DRBG was not instantiated (=seeded) yet or has been uninstantiated.

    +

    - the number of generate requests since the last reseeding exceeds a +certain threshold, the so called reseed_interval. +This behaviour can be disabled by setting the reseed_interval to 0.

    +

    - the time elapsed since the last reseeding exceeds a certain time +interval, the so called reseed_time_interval. +This can be disabled by setting the reseed_time_interval to 0.

    +

    - the DRBG is in an error state.

    +

    Note: An error state is entered if the entropy source fails while +the DRBG is seeding or reseeding. +The last case ensures that the DRBG automatically recovers +from the error as soon as the entropy source is available again.

    +

    +

    +

    Manual Reseeding

    +

    In addition to automatic reseeding, the caller can request an immediate +reseeding of the DRBG with fresh entropy by setting the +prediction resistance parameter to 1 when calling RAND_DRBG_generate(3).

    +

    The document [NIST SP 800-90C] describes prediction resistance requests +in detail and imposes strict conditions on the entropy sources that are +approved for providing prediction resistance. +A request for prediction resistance can only be satisfied by pulling fresh +entropy from a live entropy source (section 5.5.2 of [NIST SP 800-90C]). +It is up to the user to ensure that a live entropy source is configured +and is being used.

    +

    For the three shared DRBGs (and only for these) there is another way to +reseed them manually: +If RAND_add(3) is called with a positive randomness argument +(or RAND_seed(3)), then this will immediately reseed the <master> DRBG. +The <public> and <private> DRBG will detect this on their next generate +call and reseed, pulling randomness from <master>.

    +

    The last feature has been added to support the common practice used with +previous OpenSSL versions to call RAND_add() before calling RAND_bytes().

    +

    +

    +

    Entropy Input and Additional Data

    +

    The DRBG distinguishes two different types of random input: entropy, +which comes from a trusted source, and additional input', +which can optionally be added by the user and is considered untrusted. +It is possible to add additional input not only during reseeding, +but also for every generate request. +This is in fact done automatically by RAND_DRBG_bytes(3).

    +

    +

    +

    Configuring the Random Seed Source

    +

    In most cases OpenSSL will automatically choose a suitable seed source +for automatically seeding and reseeding its <master> DRBG. In some cases +however, it will be necessary to explicitly specify a seed source during +configuration, using the --with-rand-seed option. For more information, +see the INSTALL instructions. There are also operating systems where no +seed source is available and automatic reseeding is disabled by default.

    +

    The following two sections describe the reseeding process of the master +DRBG, depending on whether automatic reseeding is available or not.

    +

    +

    +

    Reseeding the master DRBG with automatic seeding enabled

    +

    Calling RAND_poll() or RAND_add() is not necessary, because the DRBG +pulls the necessary entropy from its source automatically. +However, both calls are permitted, and do reseed the RNG.

    +

    RAND_add() can be used to add both kinds of random input, depending on the +value of the randomness argument:

    +
    +
    randomness == 0:
    + +
    +

    The random bytes are mixed as additional input into the current state of +the DRBG. +Mixing in additional input is not considered a full reseeding, hence the +reseed counter is not reset.

    +
    +
    randomness > 0:
    + +
    +

    The random bytes are used as entropy input for a full reseeding +(resp. reinstantiation) if the DRBG is instantiated +(resp. uninstantiated or in an error state). +The number of random bits required for reseeding is determined by the +security strength of the DRBG. Currently it defaults to 256 bits (32 bytes). +It is possible to provide less randomness than required. +In this case the missing randomness will be obtained by pulling random input +from the trusted entropy sources.

    +
    +
    +

    NOTE: Manual reseeding is *not allowed* in FIPS mode, because +[NIST SP-800-90Ar1] mandates that entropy *shall not* be provided by +the consuming application for instantiation (Section 9.1) or +reseeding (Section 9.2). For that reason, the randomness +argument is ignored and the random bytes provided by the RAND_add(3) and +RAND_seed(3) calls are treated as additional data.

    +

    +

    +

    Reseeding the master DRBG with automatic seeding disabled

    +

    Calling RAND_poll() will always fail.

    +

    RAND_add() needs to be called for initial seeding and periodic reseeding. +At least 48 bytes (384 bits) of randomness have to be provided, otherwise +the (re-)seeding of the DRBG will fail. This corresponds to one and a half +times the security strength of the DRBG. The extra half is used for the +nonce during instantiation.

    +

    More precisely, the number of bytes needed for seeding depend on the +security strength of the DRBG, which is set to 256 by default.

    +

    +

    +
    +

    SEE ALSO

    +

    RAND_DRBG_bytes(3), +RAND_DRBG_generate(3), +RAND_DRBG_reseed(3), +RAND_DRBG_get0_master(3), +RAND_DRBG_get0_public(3), +RAND_DRBG_get0_private(3), +RAND_DRBG_set_reseed_interval(3), +RAND_DRBG_set_reseed_time_interval(3), +RAND_DRBG_set_reseed_defaults(3), +RAND(7),

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man7/RSA-PSS.html b/linux_amd64/ssl/share/doc/openssl/html/man7/RSA-PSS.html new file mode 100755 index 0000000..d49c474 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man7/RSA-PSS.html @@ -0,0 +1,100 @@ + + + + +RSA-PSS + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    RSA-PSS - EVP_PKEY RSA-PSS algorithm support

    +

    +

    +
    +

    DESCRIPTION

    +

    The RSA-PSS EVP_PKEY implementation is a restricted version of the RSA +algorithm which only supports signing, verification and key generation +using PSS padding modes with optional parameter restrictions.

    +

    It has associated private key and public key formats.

    +

    This algorithm shares several control operations with the RSA algorithm +but with some restrictions described below.

    +

    +

    +

    Signing and Verification

    +

    Signing and verification is similar to the RSA algorithm except the +padding mode is always PSS. If the key in use has parameter restrictions then +the corresponding signature parameters are set to the restrictions: +for example, if the key can only be used with digest SHA256, MGF1 SHA256 +and minimum salt length 32 then the digest, MGF1 digest and salt length +will be set to SHA256, SHA256 and 32 respectively.

    +

    +

    +

    Key Generation

    +

    By default no parameter restrictions are placed on the generated key.

    +

    +

    +
    +

    NOTES

    +

    The public key format is documented in RFC4055.

    +

    The PKCS#8 private key format used for RSA-PSS keys is similar to the RSA +format except it uses the id-RSASSA-PSS OID and the parameters field, if +present, restricts the key parameters in the same way as the public key.

    +

    +

    +
    +

    CONFORMING TO

    +

    RFC 4055

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_PKEY_CTX_set_rsa_pss_keygen_md(3), +EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(3), +EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(3), +EVP_PKEY_CTX_new(3), +EVP_PKEY_CTX_ctrl_str(3), +EVP_PKEY_derive(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man7/SM2.html b/linux_amd64/ssl/share/doc/openssl/html/man7/SM2.html new file mode 100755 index 0000000..e95f7cb --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man7/SM2.html @@ -0,0 +1,103 @@ + + + + +SM2 + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    SM2 - Chinese SM2 signature and encryption algorithm support

    +

    +

    +
    +

    DESCRIPTION

    +

    The SM2 algorithm was first defined by the Chinese national standard GM/T +0003-2012 and was later standardized by ISO as ISO/IEC 14888. SM2 is actually +an elliptic curve based algorithm. The current implementation in OpenSSL supports +both signature and encryption schemes via the EVP interface.

    +

    When doing the SM2 signature algorithm, it requires a distinguishing identifier +to form the message prefix which is hashed before the real message is hashed.

    +

    +

    +
    +

    NOTES

    +

    SM2 signatures can be generated by using the 'DigestSign' series of APIs, for +instance, EVP_DigestSignInit(), EVP_DigestSignUpdate() and EVP_DigestSignFinal(). +Ditto for the verification process by calling the 'DigestVerify' series of APIs.

    +

    Before computing an SM2 signature, an EVP_PKEY_CTX needs to be created, +and an SM2 ID must be set for it, like this:

    +
    + EVP_PKEY_CTX_set1_id(pctx, id, id_len);
    +

    Before calling the EVP_DigestSignInit() or EVP_DigestVerifyInit() functions, +that EVP_PKEY_CTX should be assigned to the EVP_MD_CTX, like this:

    +
    + EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
    +

    There is normally no need to pass a pctx parameter to EVP_DigestSignInit() +or EVP_DigestVerifyInit() in such a scenario.

    +

    SM2 can be tested with the openssl-speed(1) application since version 3.0.0. +Currently, the only valid algorithm name is sm2.

    +

    +

    +
    +

    EXAMPLES

    +

    This example demonstrates the calling sequence for using an EVP_PKEY to verify +a message with the SM2 signature algorithm and the SM3 hash algorithm:

    +
    + #include <openssl/evp.h>
    +
    + /* obtain an EVP_PKEY using whatever methods... */
+ mctx = EVP_MD_CTX_new();
+ pctx = EVP_PKEY_CTX_new(pkey, NULL);
+ EVP_PKEY_CTX_set1_id(pctx, id, id_len);
+ EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
+ EVP_DigestVerifyInit(mctx, NULL, EVP_sm3(), NULL, pkey);
+ EVP_DigestVerifyUpdate(mctx, msg, msg_len);
+ EVP_DigestVerifyFinal(mctx, sig, sig_len)
    +

    +

    +
    +

    SEE ALSO

    +

    EVP_PKEY_CTX_new(3), +EVP_DigestSignInit(3), +EVP_DigestVerifyInit(3), +EVP_PKEY_CTX_set1_id(3), +EVP_MD_CTX_set_pkey_ctx(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man7/X25519.html b/linux_amd64/ssl/share/doc/openssl/html/man7/X25519.html new file mode 100755 index 0000000..1f3989b --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man7/X25519.html @@ -0,0 +1,104 @@ + + + + +X25519 + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    X25519, +X448 +- EVP_PKEY X25519 and X448 support

    +

    +

    +
    +

    DESCRIPTION

    +

    The X25519 and X448 EVP_PKEY implementation supports key generation and +key derivation using X25519 and X448. It has associated private and public +key formats compatible with draft-ietf-curdle-pkix-03.

    +

    No additional parameters can be set during key generation.

    +

    The peer public key must be set using EVP_PKEY_derive_set_peer() when +performing key derivation.

    +

    +

    +
    +

    NOTES

    +

    A context for the X25519 algorithm can be obtained by calling:

    +
    + EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_X25519, NULL);
    +

    For the X448 algorithm a context can be obtained by calling:

    +
    + EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_X448, NULL);
    +

    X25519 or X448 private keys can be set directly using +EVP_PKEY_new_raw_private_key(3) or loaded from a PKCS#8 private key file +using PEM_read_bio_PrivateKey(3) (or similar function). Completely new keys +can also be generated (see the example below). Setting a private key also sets +the associated public key.

    +

    X25519 or X448 public keys can be set directly using +EVP_PKEY_new_raw_public_key(3) or loaded from a SubjectPublicKeyInfo +structure in a PEM file using PEM_read_bio_PUBKEY(3) (or similar function).

    +

    +

    +
    +

    EXAMPLES

    +

    This example generates an X25519 private key and writes it to standard +output in PEM format:

    +
    + #include <openssl/evp.h>
+ #include <openssl/pem.h>
+ ...
+ EVP_PKEY *pkey = NULL;
+ EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_X25519, NULL);
+ EVP_PKEY_keygen_init(pctx);
+ EVP_PKEY_keygen(pctx, &pkey);
+ EVP_PKEY_CTX_free(pctx);
+ PEM_write_PrivateKey(stdout, pkey, NULL, NULL, 0, NULL, NULL);
    +

    The key derivation example in EVP_PKEY_derive(3) can be used with +X25519 and X448.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_PKEY_CTX_new(3), +EVP_PKEY_keygen(3), +EVP_PKEY_derive(3), +EVP_PKEY_derive_set_peer(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man7/bio.html b/linux_amd64/ssl/share/doc/openssl/html/man7/bio.html new file mode 100755 index 0000000..af078f5 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man7/bio.html @@ -0,0 +1,112 @@ + + + + +bio + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    bio - Basic I/O abstraction

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/bio.h>
    +

    +

    +
    +

    DESCRIPTION

    +

    A BIO is an I/O abstraction, it hides many of the underlying I/O +details from an application. If an application uses a BIO for its +I/O it can transparently handle SSL connections, unencrypted network +connections and file I/O.

    +

    There are two type of BIO, a source/sink BIO and a filter BIO.

    +

    As its name implies a source/sink BIO is a source and/or sink of data, +examples include a socket BIO and a file BIO.

    +

    A filter BIO takes data from one BIO and passes it through to +another, or the application. The data may be left unmodified (for +example a message digest BIO) or translated (for example an +encryption BIO). The effect of a filter BIO may change according +to the I/O operation it is performing: for example an encryption +BIO will encrypt data if it is being written to and decrypt data +if it is being read from.

    +

    BIOs can be joined together to form a chain (a single BIO is a chain +with one component). A chain normally consist of one source/sink +BIO and one or more filter BIOs. Data read from or written to the +first BIO then traverses the chain to the end (normally a source/sink +BIO).

    +

    Some BIOs (such as memory BIOs) can be used immediately after calling +BIO_new(). Others (such as file BIOs) need some additional initialization, +and frequently a utility function exists to create and initialize such BIOs.

    +

    If BIO_free() is called on a BIO chain it will only free one BIO resulting +in a memory leak.

    +

    Calling BIO_free_all() on a single BIO has the same effect as calling +BIO_free() on it other than the discarded return value.

    +

    Normally the type argument is supplied by a function which returns a +pointer to a BIO_METHOD. There is a naming convention for such functions: +a source/sink BIO typically starts with BIO_s_ and +a filter BIO with BIO_f_.

    +

    +

    +
    +

    EXAMPLES

    +

    Create a memory BIO:

    +
    + BIO *mem = BIO_new(BIO_s_mem());
    +

    +

    +
    +

    SEE ALSO

    +

    BIO_ctrl(3), +BIO_f_base64(3), BIO_f_buffer(3), +BIO_f_cipher(3), BIO_f_md(3), +BIO_f_null(3), BIO_f_ssl(3), +BIO_find_type(3), BIO_new(3), +BIO_new_bio_pair(3), +BIO_push(3), BIO_read_ex(3), +BIO_s_accept(3), BIO_s_bio(3), +BIO_s_connect(3), BIO_s_fd(3), +BIO_s_file(3), BIO_s_mem(3), +BIO_s_null(3), BIO_s_socket(3), +BIO_set_callback(3), +BIO_should_retry(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man7/crypto.html b/linux_amd64/ssl/share/doc/openssl/html/man7/crypto.html new file mode 100755 index 0000000..5f2b748 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man7/crypto.html @@ -0,0 +1,94 @@ + + + + +crypto + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    crypto - OpenSSL cryptographic library

    +

    +

    +
    +

    SYNOPSIS

    +

    See the individual manual pages for details.

    +

    +

    +
    +

    DESCRIPTION

    +

    The OpenSSL crypto library (libcrypto) implements a wide range of +cryptographic algorithms used in various Internet standards. The services +provided by this library are used by the OpenSSL implementations of SSL, TLS +and S/MIME, and they have also been used to implement SSH, OpenPGP, and +other cryptographic standards.

    +

    libcrypto consists of a number of sub-libraries that implement the +individual algorithms.

    +

    The functionality includes symmetric encryption, public key +cryptography and key agreement, certificate handling, cryptographic +hash functions, cryptographic pseudo-random number generator, and +various utilities.

    +

    +

    +
    +

    NOTES

    +

    Some of the newer functions follow a naming convention using the numbers +0 and 1. For example the functions:

    +
    + int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev);
+ int X509_add1_trust_object(X509 *x, const ASN1_OBJECT *obj);
    +

    The 0 version uses the supplied structure pointer directly +in the parent and it will be freed up when the parent is freed. +In the above example crl would be freed but rev would not.

    +

    The 1 function uses a copy of the supplied structure pointer +(or in some cases increases its link count) in the parent and +so both (x and obj above) should be freed up.

    +

    +

    +
    +

    RETURN VALUES

    +

    See the individual manual pages for details.

    +

    +

    +
    +

    SEE ALSO

    +

    openssl(1), ssl(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man7/ct.html b/linux_amd64/ssl/share/doc/openssl/html/man7/ct.html new file mode 100755 index 0000000..cba29a4 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man7/ct.html @@ -0,0 +1,88 @@ + + + + +ct + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    ct - Certificate Transparency

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/ct.h>
    +

    +

    +
    +

    DESCRIPTION

    +

    This library implements Certificate Transparency (CT) verification for TLS +clients, as defined in RFC 6962. This verification can provide some confidence +that a certificate has been publicly logged in a set of CT logs.

    +

    By default, these checks are disabled. They can be enabled using +SSL_CTX_enable_ct(3) or SSL_enable_ct(3).

    +

    This library can also be used to parse and examine CT data structures, such as +Signed Certificate Timestamps (SCTs), or to read a list of CT logs. There are +functions for: +- decoding and encoding SCTs in DER and TLS wire format. +- printing SCTs. +- verifying the authenticity of SCTs. +- loading a CT log list from a CONF file.

    +

    +

    +
    +

    SEE ALSO

    +

    d2i_SCT_LIST(3), +CTLOG_STORE_new(3), +CTLOG_STORE_get0_log_by_id(3), +SCT_new(3), +SCT_print(3), +SCT_validate(3), +SCT_validate(3), +CT_POLICY_EVAL_CTX_new(3), +SSL_CTX_set_ct_validation_callback(3)

    +

    +

    +
    +

    HISTORY

    +

    The ct library was added in OpenSSL 1.1.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man7/des_modes.html b/linux_amd64/ssl/share/doc/openssl/html/man7/des_modes.html new file mode 100755 index 0000000..b095db4 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man7/des_modes.html @@ -0,0 +1,260 @@ + + + + +des_modes + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    des_modes - the variants of DES and other crypto algorithms of OpenSSL

    +

    +

    +
    +

    DESCRIPTION

    +

    Several crypto algorithms for OpenSSL can be used in a number of modes. Those +are used for using block ciphers in a way similar to stream ciphers, among +other things.

    +

    +

    +
    +

    OVERVIEW

    +

    +

    +

    Electronic Codebook Mode (ECB)

    +

    Normally, this is found as the function algorithm_ecb_encrypt().

    +
      +
    • +

      64 bits are enciphered at a time.

      +
      • +
    • +

      The order of the blocks can be rearranged without detection.

      +
      • +
    • +

      The same plaintext block always produces the same ciphertext block +(for the same key) making it vulnerable to a 'dictionary attack'.

      +
      • +
    • +

      An error will only affect one ciphertext block.

      +
      • +
    +

    +

    +

    Cipher Block Chaining Mode (CBC)

    +

    Normally, this is found as the function algorithm_cbc_encrypt(). +Be aware that des_cbc_encrypt() is not really DES CBC (it does +not update the IV); use des_ncbc_encrypt() instead.

    +
      +
    • +

      a multiple of 64 bits are enciphered at a time.

      +
      • +
    • +

      The CBC mode produces the same ciphertext whenever the same +plaintext is encrypted using the same key and starting variable.

      +
      • +
    • +

      The chaining operation makes the ciphertext blocks dependent on the +current and all preceding plaintext blocks and therefore blocks can not +be rearranged.

      +
      • +
    • +

      The use of different starting variables prevents the same plaintext +enciphering to the same ciphertext.

      +
      • +
    • +

      An error will affect the current and the following ciphertext blocks.

      +
      • +
    +

    +

    +

    Cipher Feedback Mode (CFB)

    +

    Normally, this is found as the function algorithm_cfb_encrypt().

    +
      +
    • +

      a number of bits (j) <= 64 are enciphered at a time.

      +
      • +
    • +

      The CFB mode produces the same ciphertext whenever the same +plaintext is encrypted using the same key and starting variable.

      +
      • +
    • +

      The chaining operation makes the ciphertext variables dependent on the +current and all preceding variables and therefore j-bit variables are +chained together and can not be rearranged.

      +
      • +
    • +

      The use of different starting variables prevents the same plaintext +enciphering to the same ciphertext.

      +
      • +
    • +

      The strength of the CFB mode depends on the size of k (maximal if +j == k). In my implementation this is always the case.

      +
      • +
    • +

      Selection of a small value for j will require more cycles through +the encipherment algorithm per unit of plaintext and thus cause +greater processing overheads.

      +
      • +
    • +

      Only multiples of j bits can be enciphered.

      +
      • +
    • +

      An error will affect the current and the following ciphertext variables.

      +
      • +
    +

    +

    +

    Output Feedback Mode (OFB)

    +

    Normally, this is found as the function algorithm_ofb_encrypt().

    +
      +
    • +

      a number of bits (j) <= 64 are enciphered at a time.

      +
      • +
    • +

      The OFB mode produces the same ciphertext whenever the same +plaintext enciphered using the same key and starting variable. More +over, in the OFB mode the same key stream is produced when the same +key and start variable are used. Consequently, for security reasons +a specific start variable should be used only once for a given key.

      +
      • +
    • +

      The absence of chaining makes the OFB more vulnerable to specific attacks.

      +
      • +
    • +

      The use of different start variables values prevents the same +plaintext enciphering to the same ciphertext, by producing different +key streams.

      +
      • +
    • +

      Selection of a small value for j will require more cycles through +the encipherment algorithm per unit of plaintext and thus cause +greater processing overheads.

      +
      • +
    • +

      Only multiples of j bits can be enciphered.

      +
      • +
    • +

      OFB mode of operation does not extend ciphertext errors in the +resultant plaintext output. Every bit error in the ciphertext causes +only one bit to be in error in the deciphered plaintext.

      +
      • +
    • +

      OFB mode is not self-synchronizing. If the two operation of +encipherment and decipherment get out of synchronism, the system needs +to be re-initialized.

      +
      • +
    • +

      Each re-initialization should use a value of the start variable +different from the start variable values used before with the same +key. The reason for this is that an identical bit stream would be +produced each time from the same parameters. This would be +susceptible to a 'known plaintext' attack.

      +
      • +
    +

    +

    +

    Triple ECB Mode

    +

    Normally, this is found as the function algorithm_ecb3_encrypt().

    +
      +
    • +

      Encrypt with key1, decrypt with key2 and encrypt with key3 again.

      +
      • +
    • +

      As for ECB encryption but increases the key length to 168 bits. +There are theoretic attacks that can be used that make the effective +key length 112 bits, but this attack also requires 2^56 blocks of +memory, not very likely, even for the NSA.

      +
      • +
    • +

      If both keys are the same it is equivalent to encrypting once with +just one key.

      +
      • +
    • +

      If the first and last key are the same, the key length is 112 bits. +There are attacks that could reduce the effective key strength +to only slightly more than 56 bits, but these require a lot of memory.

      +
      • +
    • +

      If all 3 keys are the same, this is effectively the same as normal +ecb mode.

      +
      • +
    +

    +

    +

    Triple CBC Mode

    +

    Normally, this is found as the function algorithm_ede3_cbc_encrypt().

    +
      +
    • +

      Encrypt with key1, decrypt with key2 and then encrypt with key3.

      +
      • +
    • +

      As for CBC encryption but increases the key length to 168 bits with +the same restrictions as for triple ecb mode.

      +
      • +
    +

    +

    +
    +

    NOTES

    +

    This text was been written in large parts by Eric Young in his original +documentation for SSLeay, the predecessor of OpenSSL. In turn, he attributed +it to:

    +
    +        AS 2805.5.2
+        Australian Standard
+        Electronic funds transfer - Requirements for interfaces,
+        Part 5.2: Modes of operation for an n-bit block cipher algorithm
+        Appendix A
    +

    +

    +
    +

    SEE ALSO

    +

    BF_encrypt(3), DES_crypt(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man7/evp.html b/linux_amd64/ssl/share/doc/openssl/html/man7/evp.html new file mode 100755 index 0000000..9959345 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man7/evp.html @@ -0,0 +1,138 @@ + + + + +evp + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    evp - high-level cryptographic functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/evp.h>
    +

    +

    +
    +

    DESCRIPTION

    +

    The EVP library provides a high-level interface to cryptographic +functions.

    +

    The EVP_SealXXX and EVP_OpenXXX +functions provide public key encryption and decryption to implement digital "envelopes".

    +

    The EVP_DigestSignXXX and +EVP_DigestVerifyXXX functions implement +digital signatures and Message Authentication Codes (MACs). Also see the older +EVP_SignXXX and EVP_VerifyXXX +functions.

    +

    Symmetric encryption is available with the EVP_EncryptXXX +functions. The EVP_DigestXXX functions provide message digests.

    +

    The EVP_PKEYXXX functions provide a high level interface to +asymmetric algorithms. To create a new EVP_PKEY see +EVP_PKEY_new(3). EVP_PKEYs can be associated +with a private key of a particular algorithm by using the functions +described on the EVP_PKEY_set1_RSA(3) page, or +new keys can be generated using EVP_PKEY_keygen(3). +EVP_PKEYs can be compared using EVP_PKEY_cmp(3), or printed using +EVP_PKEY_print_private(3).

    +

    The EVP_PKEY functions support the full range of asymmetric algorithm operations:

    +
    +
    For key agreement see EVP_PKEY_derive(3)
    + +
    For signing and verifying see EVP_PKEY_sign(3), +EVP_PKEY_verify(3) and EVP_PKEY_verify_recover(3). +However, note that +these functions do not perform a digest of the data to be signed. Therefore +normally you would use the EVP_DigestSignInit(3) +functions for this purpose.
    + +
    For encryption and decryption see EVP_PKEY_encrypt(3) +and EVP_PKEY_decrypt(3) respectively. However, note that +these functions perform encryption and decryption only. As public key +encryption is an expensive operation, normally you would wrap +an encrypted message in a "digital envelope" using the EVP_SealInit(3) and +EVP_OpenInit(3) functions.
    + +
    +

    The EVP_BytesToKey(3) function provides some limited support for password +based encryption. Careful selection of the parameters will provide a PKCS#5 PBKDF1 compatible +implementation. However, new applications should not typically use this (preferring, for example, +PBKDF2 from PCKS#5).

    +

    The EVP_EncodeXXX and +EVP_DecodeXXX functions implement base 64 encoding +and decoding.

    +

    All the symmetric algorithms (ciphers), digests and asymmetric algorithms +(public key algorithms) can be replaced by ENGINE modules providing alternative +implementations. If ENGINE implementations of ciphers or digests are registered +as defaults, then the various EVP functions will automatically use those +implementations automatically in preference to built in software +implementations. For more information, consult the engine(3) man page.

    +

    Although low level algorithm specific functions exist for many algorithms +their use is discouraged. They cannot be used with an ENGINE and ENGINE +versions of new algorithms cannot be accessed using the low level functions. +Also makes code harder to adapt to new algorithms and some options are not +cleanly supported at the low level and some operations are more efficient +using the high level interface.

    +

    +

    +
    +

    SEE ALSO

    +

    EVP_DigestInit(3), +EVP_EncryptInit(3), +EVP_OpenInit(3), +EVP_SealInit(3), +EVP_DigestSignInit(3), +EVP_SignInit(3), +EVP_VerifyInit(3), +EVP_EncodeInit(3), +EVP_PKEY_new(3), +EVP_PKEY_set1_RSA(3), +EVP_PKEY_keygen(3), +EVP_PKEY_print_private(3), +EVP_PKEY_decrypt(3), +EVP_PKEY_encrypt(3), +EVP_PKEY_sign(3), +EVP_PKEY_verify(3), +EVP_PKEY_verify_recover(3), +EVP_PKEY_derive(3), +EVP_BytesToKey(3), +ENGINE_by_id(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man7/openssl-core.h.html b/linux_amd64/ssl/share/doc/openssl/html/man7/openssl-core.h.html new file mode 100755 index 0000000..98dc360 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man7/openssl-core.h.html @@ -0,0 +1,160 @@ + + + + +openssl-core.h + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    openssl/core.h - OpenSSL Core types

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/core.h>
    +

    +

    +
    +

    DESCRIPTION

    +

    The <openssl/core.h >> header defines a number of public types that +are used to communicate between the OpenSSL libraries and +implementation providers. +These types are designed to minimise the need for intimate knowledge +of internal structures between the OpenSSL libraries and the providers.

    +

    The types are:

    +
    +
    OSSL_DISPATCH
    + +
    +

    This type is a tuple of function identity and function pointer. +Arrays of this type are passed between the OpenSSL libraries and the +providers to describe what functionality one side provides to the +other. +Arrays of this type must be terminated with a tuple having function +identity zero and function pointer NULL.

    +

    The available function identities and corresponding function +signatures are defined in openssl-core_numbers.h(7).

    +

    Any function identity not recognised by the recipient of this type +will be ignored. +This ensures that providers built with one OpenSSL version in mind +will work together with any other OpenSSL version that supports this +mechanism.

    +
    +
    OSSL_ITEM
    + +
    +

    This type is a tuple of integer and pointer. +It's a generic type used as a generic descriptor, its exact meaning +being defined by how it's used. +Arrays of this type are passed between the OpenSSL libraries and the +providers, and must be terminated with a tuple where the integer is +zero and the pointer NULL.

    +
    +
    OSSL_ALGORITHM
    + +
    +

    This type is a tuple of an algorithm name (string), a property +definition (string) and a dispatch table (array of OSSL_DISPATCH). +Arrays of this type are passed on demand from the providers to the +OpenSSL libraries to describe what algorithms the providers provide +implementations of, and with what properties. +Arrays of this type must be terminated with a tuple having function +identity zero and function pointer NULL.

    +

    The algorithm names and property definitions are defined by the +providers.

    +
    +
    OSSL_PARAM
    + +
    +

    This type is a structure that allows passing arbitrary object data +between two parties that have no or very little shared knowledge about +their respective internal structures for that object. +It's normally passed in arrays, where the array is terminated with an +element where all fields are zero (for non-pointers) or NULL (for +pointers).

    +

    These arrays can be used to set parameters for some object, to request +parameters, and to describe parameters.

    +

    OSSL_PARAM is further described in OSSL_PARAM(3)

    +
    +
    OSSL_CALLBACK
    + +
    +

    This is a function type for a generic feedback callback function:

    +
    +    typedef int (OSSL_CALLBACK)(const OSSL_PARAM params[], void *arg);
    +

    A function that takes a pointer of this type should also take a +pointer to caller data. When calling this callback, the function is +expected to build an OSSL_PARAM array of data it wants or is +expected to pass back, and pass that as params, as well as +the caller data pointer it received, as arg.

    +
    +
    OSSL_PASSPHRASE_CALLBACK
    + +
    +

    This is a function type for a generic pass phrase callback function:

    +
    +    typedef int (OSSL_PASSPHRASE_CALLBACK)(char *pass, size_t pass_size,
+                                           size_t *pass_len,
+                                           const OSSL_PARAM params[],
+                                           void *arg);
    +

    This callback can be used to prompt the user for a passphrase. When +calling it, a buffer to store the pass phrase needs to be given with +pass, and its size with pass_size. The length of the prompted +pass phrase will be given back in *pass_len.

    +

    Additional parameters can be passed with the OSSL_PARAM array +params.

    +

    A function that takes a pointer of this type should also take a +pointer to caller data, which should be passed as arg to this +callback.

    +
    +
    +

    +

    +
    +

    SEE ALSO

    +

    openssl-core_numbers.h(7)

    +

    +

    +
    +

    HISTORY

    +

    The types described here were added in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man7/openssl-env.html b/linux_amd64/ssl/share/doc/openssl/html/man7/openssl-env.html new file mode 100755 index 0000000..1d14975 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man7/openssl-env.html @@ -0,0 +1,119 @@ + + + + +openssl-env + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    openssl-env - OpenSSL environment variables

    +

    +

    +
    +

    DESCRIPTION

    +

    The OpenSSL libraries use environment variables to override the +compiled-in default paths for various data. +To avoid security risks, the environment is usually not consulted when +the executable is set-user-ID or set-group-ID.

    +
    +
    CTLOG_FILE
    + +
    +

    Specifies the path to a certificate transparency log list. +See CTLOG_STORE_new(3).

    +
    +
    OPENSSL
    + +
    +

    Specifies the path to the openssl executable. Only used by +the rehash script. +See openssl-rehash(1)/Script Configuration.

    +
    +
    OPENSSL_CONF
    + +
    +

    Specifies the path to a configuration file. +See openssl(1) and config(5).

    +
    +
    OPENSSL_ENGINES
    + +
    +

    Specifies the directory from which dynamic engines are loaded. +See openssl-engine(1).

    +
    +
    OPENSSL_MALLOC_FD, OPENSSL_MALLOC_FAILURES
    + +
    +

    If built with debugging, this allows memory allocation to fail. +See OPENSSL_malloc(3).

    +
    +
    OPENSSL_MODULES
    + +
    +

    Specifies the directory from which cryptographic providers are loaded. +See openssl-provider(1).

    +
    +
    OPENSSL_WIN32_UTF8
    + +
    +

    If set, then UI_OpenSSL(3) returns UTF-8 encoded strings, rather than +ones encoded in the current code page, and +the openssl(1) program also transcodes the command-line parameters +from the current code page to UTF-8. +This environment variable is only checked on Microsoft Windows platforms.

    +
    +
    RANDFILE
    + +
    +

    The state file for the random number generator. +This should not be needed in normal use. +See RAND_load_file(3).

    +
    +
    SSL_CERT_DIR, SSL_CERT_FILE
    + +
    +

    Specify the default directory or file containing CA certificates. +See SSL_CTX_load_verify_locations(3).

    +
    +
    TSGET
    + +
    +

    Additional arguments for the tsget(1) command.

    +
    +
    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man7/openssl_user_macros.html b/linux_amd64/ssl/share/doc/openssl/html/man7/openssl_user_macros.html new file mode 100755 index 0000000..90e00ca --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man7/openssl_user_macros.html @@ -0,0 +1,126 @@ + + + + +openssl_user_macros + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    openssl_user_macros, OPENSSL_API_COMPAT - User defined macros

    +

    +

    +
    +

    DESCRIPTION

    +

    User defined macros allow the programmer to control certain aspects of +what is exposed by the OpenSSL headers.

    +

    NOTE: to be effective, a user defined macro must be defined +before including any header file that depends on it, either in the +compilation command (cc -DMACRO=value) or by defining the macro in +source before including any headers.

    +

    Other manual pages may refer to this page when declarations depend on +user defined macros.

    +

    +

    +

    The macros

    +
    +
    OPENSSL_API_COMPAT
    + +
    +

    The value is a version number, given in one of the following two forms:

    +
      +
    1. 0xMNNFF000L + +

      This is the form supported for all versions up to 1.1.x, where M +represents the major number, NN represents the minor number, and +FF represents the fix number, as a hexadecimal number. For version +1.1.0, that's 0x10100000L.

      +

      Any version number may be given, but these numbers are +the current known major deprecation points, making them the most +meaningful:

      +
        +
      1. 0x00908000L (version 0.9.8) + +
        2. +
      2. 0x10000000L (version 1.0.0) + +
        3. +
      3. 0x10100000L (version 1.1.0) + +
        4. +
      +

      For convenience, higher numbers are accepted as well, as long as +feasible. For example, 0x60000000L will work as expected. +However, it is recommended to start using the second form instead:

      +
    +
    mmnnpp
    + +
    +

    This form is a simple decimal number calculated with this formula:

    +

    major * 10000 + minor * 100 + patch

    +

    where major, minor and patch are the desired major, +minor and patch components of the version number. For example:

    +
      +
    1. corresponds to version 3.0.0 + +
      2. +
    2. corresponds to version 1.0.2 + +
      3. +
    3. corresponds to version 42.1.1 + +
      4. +
    + + +

    If not set, this macro will default to +30000.

    +
    +
    OPENSSL_NO_DEPRECATED
    + +
    +

    If this macro is defined, all deprecated public symbols in all OpenSSL +versions up to and including the version given by OPENSSL_API_COMPAT +will be hidden.

    +
    +
    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man7/ossl_store-file.html b/linux_amd64/ssl/share/doc/openssl/html/man7/ossl_store-file.html new file mode 100755 index 0000000..06e918b --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man7/ossl_store-file.html @@ -0,0 +1,94 @@ + + + + +ossl_store-file + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    ossl_store-file - The store 'file' scheme loader

    +

    +

    +
    +

    SYNOPSIS

    +

    #include <openssl/store.h>

    +

    +

    +
    +

    DESCRIPTION

    +

    Support for the 'file' scheme is built into libcrypto. +Since files come in all kinds of formats and content types, the 'file' +scheme has its own layer of functionality called "file handlers", +which are used to try to decode diverse types of file contents.

    +

    In case a file is formatted as PEM, each called file handler receives +the PEM name (everything following any '-----BEGIN ') as well as +possible PEM headers, together with the decoded PEM body. Since PEM +formatted files can contain more than one object, the file handlers +are called upon for each such object.

    +

    If the file isn't determined to be formatted as PEM, the content is +loaded in raw form in its entirety and passed to the available file +handlers as is, with no PEM name or headers.

    +

    Each file handler is expected to handle PEM and non-PEM content as +appropriate. Some may refuse non-PEM content for the sake of +determinism (for example, there are keys out in the wild that are +represented as an ASN.1 OCTET STRING. In raw form, it's not easily +possible to distinguish those from any other data coming as an ASN.1 +OCTET STRING, so such keys would naturally be accepted as PEM files +only).

    +

    +

    +
    +

    NOTES

    +

    When needed, the 'file' scheme loader will require a pass phrase by +using the UI_METHOD that was passed via OSSL_STORE_open(). +This pass phrase is expected to be UTF-8 encoded, anything else will +give an undefined result. +The files made accessible through this loader are expected to be +standard compliant with regards to pass phrase encoding. +Files that aren't should be re-generated with a correctly encoded pass +phrase. +See passphrase-encoding(7) for more information.

    +

    +

    +
    +

    SEE ALSO

    +

    ossl_store(7), passphrase-encoding(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man7/ossl_store.html b/linux_amd64/ssl/share/doc/openssl/html/man7/ossl_store.html new file mode 100755 index 0000000..3b29523 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man7/ossl_store.html @@ -0,0 +1,133 @@ + + + + +ossl_store + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    ossl_store - Store retrieval functions

    +

    +

    +
    +

    SYNOPSIS

    +

    #include <openssl/store.h>

    +

    +

    +
    +

    DESCRIPTION

    +

    +

    +

    General

    +

    A STORE is a layer of functionality to retrieve a number of supported +objects from a repository of any kind, addressable as a filename or +as a URI.

    +

    The functionality supports the pattern "open a channel to the +repository", "loop and retrieve one object at a time", and "finish up +by closing the channel".

    +

    The retrieved objects are returned as a wrapper type OSSL_STORE_INFO, +from which an OpenSSL type can be retrieved.

    +

    +

    +

    URI schemes and loaders

    +

    Support for a URI scheme is called a STORE "loader", and can be added +dynamically from the calling application or from a loadable engine.

    +

    Support for the 'file' scheme is built into libcrypto. +See ossl_store-file(7) for more information.

    +

    +

    +

    UI_METHOD and pass phrases

    +

    The OSS_STORE API does nothing to enforce any specific format or +encoding on the pass phrase that the UI_METHOD provides. However, +the pass phrase is expected to be UTF-8 encoded. The result of any +other encoding is undefined.

    +

    +

    +
    +

    EXAMPLES

    +

    +

    +

    A generic call

    +
    + OSSL_STORE_CTX *ctx = OSSL_STORE_open("file:/foo/bar/data.pem";);
    +
    + /*
+  * OSSL_STORE_eof() simulates file semantics for any repository to signal
+  * that no more data can be expected
+  */
+ while (!OSSL_STORE_eof(ctx)) {
+     OSSL_STORE_INFO *info = OSSL_STORE_load(ctx);
    +
    +     /*
+      * Do whatever is necessary with the OSSL_STORE_INFO,
+      * here just one example
+      */
+     switch (OSSL_STORE_INFO_get_type(info)) {
+     case OSSL_STORE_INFO_X509:
+         /* Print the X.509 certificate text */
+         X509_print_fp(stdout, OSSL_STORE_INFO_get0_CERT(info));
+         /* Print the X.509 certificate PEM output */
+         PEM_write_X509(stdout, OSSL_STORE_INFO_get0_CERT(info));
+         break;
+     }
+ }
    +
    + OSSL_STORE_close(ctx);
    +

    +

    +
    +

    SEE ALSO

    +

    OSSL_STORE_INFO(3), OSSL_STORE_LOADER(3), +OSSL_STORE_open(3), OSSL_STORE_expect(3), +OSSL_STORE_SEARCH(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man7/passphrase-encoding.html b/linux_amd64/ssl/share/doc/openssl/html/man7/passphrase-encoding.html new file mode 100755 index 0000000..b5d4a4b --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man7/passphrase-encoding.html @@ -0,0 +1,207 @@ + + + + +passphrase-encoding + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    passphrase-encoding +- How diverse parts of OpenSSL treat pass phrases character encoding

    +

    +

    +
    +

    DESCRIPTION

    +

    In a modern world with all sorts of character encodings, the treatment of pass +phrases has become increasingly complex. +This manual page attempts to give an overview over how this problem is +currently addressed in different parts of the OpenSSL library.

    +

    +

    +

    The general case

    +

    The OpenSSL library doesn't treat pass phrases in any special way as a general +rule, and trusts the application or user to choose a suitable character set +and stick to that throughout the lifetime of affected objects. +This means that for an object that was encrypted using a pass phrase encoded in +ISO-8859-1, that object needs to be decrypted using a pass phrase encoded in +ISO-8859-1. +Using the wrong encoding is expected to cause a decryption failure.

    +

    +

    +

    PKCS#12

    +

    PKCS#12 is a bit different regarding pass phrase encoding. +The standard stipulates that the pass phrase shall be encoded as an ASN.1 +BMPString, which consists of the code points of the basic multilingual plane, +encoded in big endian (UCS-2 BE).

    +

    OpenSSL tries to adapt to this requirements in one of the following manners:

    +
      +
    1. +

      Treats the received pass phrase as UTF-8 encoded and tries to re-encode it to +UTF-16 (which is the same as UCS-2 for characters U+0000 to U+D7FF and U+E000 +to U+FFFF, but becomes an expansion for any other character), or failing that, +proceeds with step 2.

      +
      2. +
    2. +

      Assumes that the pass phrase is encoded in ASCII or ISO-8859-1 and +opportunistically prepends each byte with a zero byte to obtain the UCS-2 +encoding of the characters, which it stores as a BMPString.

      +

      Note that since there is no check of your locale, this may produce UCS-2 / +UTF-16 characters that do not correspond to the original pass phrase characters +for other character sets, such as any ISO-8859-X encoding other than +ISO-8859-1 (or for Windows, CP 1252 with exception for the extra "graphical" +characters in the 0x80-0x9F range).

      +
      3. +
    +

    OpenSSL versions older than 1.1.0 do variant 2 only, and that is the reason why +OpenSSL still does this, to be able to read files produced with older versions.

    +

    It should be noted that this approach isn't entirely fault free.

    +

    A pass phrase encoded in ISO-8859-2 could very well have a sequence such as +0xC3 0xAF (which is the two characters "LATIN CAPITAL LETTER A WITH BREVE" +and "LATIN CAPITAL LETTER Z WITH DOT ABOVE" in ISO-8859-2 encoding), but would +be misinterpreted as the perfectly valid UTF-8 encoded code point U+00EF (LATIN +SMALL LETTER I WITH DIAERESIS) if the pass phrase doesn't contain anything that +would be invalid UTF-8. +A pass phrase that contains this kind of byte sequence will give a different +outcome in OpenSSL 1.1.0 and newer than in OpenSSL older than 1.1.0.

    +
    + 0x00 0xC3 0x00 0xAF                    # OpenSSL older than 1.1.0
+ 0x00 0xEF                              # OpenSSL 1.1.0 and newer
    +

    On the same accord, anything encoded in UTF-8 that was given to OpenSSL older +than 1.1.0 was misinterpreted as ISO-8859-1 sequences.

    +

    +

    +

    OSSL_STORE

    +

    ossl_store(7) acts as a general interface to access all kinds of objects, +potentially protected with a pass phrase, a PIN or something else. +This API stipulates that pass phrases should be UTF-8 encoded, and that any +other pass phrase encoding may give undefined results. +This API relies on the application to ensure UTF-8 encoding, and doesn't check +that this is the case, so what it gets, it will also pass to the underlying +loader.

    +

    +

    +
    +

    RECOMMENDATIONS

    +

    This section assumes that you know what pass phrase was used for encryption, +but that it may have been encoded in a different character encoding than the +one used by your current input method. +For example, the pass phrase may have been used at a time when your default +encoding was ISO-8859-1 (i.e. "naïve" resulting in the byte sequence 0x6E 0x61 +0xEF 0x76 0x65), and you're now in an environment where your default encoding +is UTF-8 (i.e. "naïve" resulting in the byte sequence 0x6E 0x61 0xC3 0xAF 0x76 +0x65). +Whenever it's mentioned that you should use a certain character encoding, it +should be understood that you either change the input method to use the +mentioned encoding when you type in your pass phrase, or use some suitable tool +to convert your pass phrase from your default encoding to the target encoding.

    +

    Also note that the sub-sections below discuss human readable pass phrases. +This is particularly relevant for PKCS#12 objects, where human readable pass +phrases are assumed. +For other objects, it's as legitimate to use any byte sequence (such as a +sequence of bytes from `/dev/urandom` that's been saved away), which makes any +character encoding discussion irrelevant; in such cases, simply use the same +byte sequence as it is.

    +

    +

    +

    Creating new objects

    +

    For creating new pass phrase protected objects, make sure the pass phrase is +encoded using UTF-8. +This is default on most modern Unixes, but may involve an effort on other +platforms. +Specifically for Windows, setting the environment variable +OPENSSL_WIN32_UTF8 will have anything entered on [Windows] console prompt +converted to UTF-8 (command line and separately prompted pass phrases alike).

    +

    +

    +

    Opening existing objects

    +

    For opening pass phrase protected objects where you know what character +encoding was used for the encryption pass phrase, make sure to use the same +encoding again.

    +

    For opening pass phrase protected objects where the character encoding that was +used is unknown, or where the producing application is unknown, try one of the +following:

    +
      +
    1. +

      Try the pass phrase that you have as it is in the character encoding of your +environment. +It's possible that its byte sequence is exactly right.

      +
      2. +
    2. +

      Convert the pass phrase to UTF-8 and try with the result. +Specifically with PKCS#12, this should open up any object that was created +according to the specification.

      +
      3. +
    3. +

      Do a naïve (i.e. purely mathematical) ISO-8859-1 to UTF-8 conversion and try +with the result. +This differs from the previous attempt because ISO-8859-1 maps directly to +U+0000 to U+00FF, which other non-UTF-8 character sets do not.

      +

      This also takes care of the case when a UTF-8 encoded string was used with +OpenSSL older than 1.1.0. +(for example, ï, which is 0xC3 0xAF when encoded in UTF-8, would become 0xC3 +0x83 0xC2 0xAF when re-encoded in the naïve manner. +The conversion to BMPString would then yield 0x00 0xC3 0x00 0xA4 0x00 0x00, the +erroneous/non-compliant encoding used by OpenSSL older than 1.1.0)

      +
      4. +
    +

    +

    +
    +

    SEE ALSO

    +

    evp(7), +ossl_store(7), +EVP_BytesToKey(3), EVP_DecryptInit(3), +PEM_do_header(3), +PKCS12_parse(3), PKCS12_newpass(3), +d2i_PKCS8PrivateKey_bio(3)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man7/property.html b/linux_amd64/ssl/share/doc/openssl/html/man7/property.html new file mode 100755 index 0000000..f9c0fa8 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man7/property.html @@ -0,0 +1,205 @@ + + + + +property + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    property - Properties, a selection mechanism for algorithm implementations

    +

    +

    +
    +

    DESCRIPTION

    +

    As of OpenSSL 3.0, a new method has been introduced to decide which of +multiple implementations of an algorithm will be used. +The method is centered around the concept of properties. +Each implementation defines a number of properties and when an algorithm +is being selected, filters based on these properties can be used to +choose the most appropriate implementation of the algorithm.

    +

    Properties are like variables, they are referenced by name and have a value +assigned.

    +

    +

    +

    Property Names

    +

    Property names fall into two categories: those reserved by the OpenSSL +project and user defined names. +A reserved property name consists of a single C-style identifier +(except for leading underscores not being permitted), which begins +with a letter and can be followed by any number of letters, numbers +and underscores. +Property names are case-insensitive, but OpenSSL will only use lowercase +letters.

    +

    A user defined property name is similar, but it must consist of +two or more C-style identifiers, separated by periods. +The last identifier in the name can be considered the 'true' property +name, which is prefixed by some sort of 'namespace'. +Providers for example could include their name in the prefix and use +property names like

    +
    +  <provider_name>.<property_name>
+  <provider_name>.<algorithm_name>.<property_name>
    +

    +

    +

    Properties

    +

    A property is a name=value pair. +A property definition is a sequence of comma separated properties. +There can be any number of properties in a definition. +For example: "" defines a null property definition; "my.foo=bar" +defines a property named my.foo which has a string value bar and +"iteration.count=3" defines a property named iteration.count which +has a numeric value of 3. +The full syntax for property definitions appears below.

    +

    +

    +

    Implementations

    +

    Each implementation of an algorithm can define any number of +properties. +For example, the default provider defines the property provider=default +for all of its algorithms. +Likewise, OpenSSL's FIPS provider defines provider=fips and the legacy +provider defines provider=legacy for all of their algorithms.

    +

    +

    +

    Queries

    +

    A property query clause is a single conditional test. +For example, "fips=yes", "provider!=default" or "?iteration.count!=3". +The first two represent mandatory clauses, such clauses must match +for any algorithm to even be under consideration. +The third clause represents an optional clause. +Matching such clauses is not a requirement, but any additional optional +match counts in favor of the algorithm. +More details about that in the Lookups section. +A property query is a sequence of comma separated property query clauses. +The full syntax for property queries appears below, but the available syntactic +features are:

    +
      +
    • +

      = is an infix operator providing an equality test.

      +
      • +
    • +

      != is an infix operator providing an inequality test.

      +
      • +
    • +

      ? is a prefix operator that means that the following clause is optional +but preferred.

      +
      • +
    • +

      - is a prefix operator that means any global query clause involving the +following property name should be ignored.

      +
      • +
    • +

      "..." is a quoted string. +The quotes are not included in the body of the string.

      +
      • +
    • +

      '...' is a quoted string. +The quotes are not included in the body of the string.

      +
      • +
    +

    +

    +

    Lookups

    +

    When an algorithm is looked up, a property query is used to determine +the best matching algorithm. +All mandatory query clauses must be present and the implementation +that additionally has the largest number of matching optional query +clauses will be used. +If there is more than one such optimal candidate, the result will be +chosen from amongst those in an indeterminate way. +Ordering of optional clauses is not significant.

    +

    +

    +

    Shortcut

    +

    In order to permit a more concise expression of boolean properties, there +is one short cut: a property name alone (e.g. "my.property") is +exactly equivalent to "my.property=yes" in both definitions and queries.

    +

    +

    +

    Global and Local

    +

    Two levels of property query are supported. +A context based property query that applies to all fetch operations and a local +property query. +Where both the context and local queries include a clause with the same name, +the local clause overrides the context clause.

    +

    It is possible for a local property query to remove a clause in the context +property query by preceding the property name with a '-'. +For example, a context property query that contains "fips=yes" would normally +result in implementations that have "fips=yes".

    +

    However, if the setting of the "fips" property is irrelevant to the +operations being performed, the local property query can include the +clause "-fips". +Note that the local property query could not use "fips=no" because that would +disallow any implementations with "fips=yes" rather than not caring about the +setting.

    +

    +

    +
    +

    SYNTAX

    +

    The lexical syntax in EBNF is given by:

    +
    + Definition     ::= PropertyName ( '=' Value )? 
+                        ( ',' PropertyName ( '=' Value )? )*
+ Query          ::= PropertyQuery ( ',' PropertyQuery )*
+ PropertyQuery  ::= '-' PropertyName
+                  | '?'? ( PropertyName (( '=' | '!=' ) Value)?)
+ Value          ::= NumberLiteral | StringLiteral
+ StringLiteral  ::= QuotedString | UnquotedString
+ QuotedString   ::= '"' [^"]* '"' | "'" [^']* "'"
+ UnquotedString ::= [^{space},]+
+ NumberLiteral  ::= '0' ( [0-7]* | 'x' [0-9A-Fa-f]+ ) | '-'? [1-9] [0-9]+
+ PropertyName   ::= [A-Z] [A-Z0-9_]* ( '.' [A-Z] [A-Z0-9_]* )*
    +

    +

    +
    +

    HISTORY

    +

    Properties were added in OpenSSL 3.0

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man7/provider-asym_cipher.html b/linux_amd64/ssl/share/doc/openssl/html/man7/provider-asym_cipher.html new file mode 100755 index 0000000..5e2f166 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man7/provider-asym_cipher.html @@ -0,0 +1,297 @@ + + + + +provider-asym_cipher + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    provider-asym_cipher - The asym_cipher library <-> provider functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/core_numbers.h>
+ #include <openssl/core_names.h>
    +
    + /*
+  * None of these are actual functions, but are displayed like this for
+  * the function signatures for functions that are offered as function
+  * pointers in OSSL_DISPATCH arrays.
+  */
    +
    + /* Context management */
+ void *OP_asym_cipher_newctx(void *provctx);
+ void OP_asym_cipher_freectx(void *ctx);
+ void *OP_asym_cipher_dupctx(void *ctx);
    +
    + /* Encryption */
+ int OP_asym_cipher_encrypt_init(void *ctx, void *provkey);
+ int OP_asym_cipher_encrypt(void *ctx, unsigned char *out, size_t *outlen,
+                            size_t outsize, const unsigned char *in,
+                            size_t inlen);
    +
    + /* Decryption */
+ int OP_asym_cipher_decrypt_init(void *ctx, void *provkey);
+ int OP_asym_cipher_decrypt(void *ctx, unsigned char *out, size_t *outlen,
+                            size_t outsize, const unsigned char *in,
+                            size_t inlen);
    +
    + /* Asymmetric Cipher parameters */
+ int OP_asym_cipher_get_ctx_params(void *ctx, OSSL_PARAM params[]);
+ const OSSL_PARAM *OP_asym_cipher_gettable_ctx_params(void);
+ int OP_asym_cipher_set_ctx_params(void *ctx, const OSSL_PARAM params[]);
+ const OSSL_PARAM *OP_asym_cipher_settable_ctx_params(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    This documentation is primarily aimed at provider authors. See provider(7) +for further information.

    +

    The asymmetric cipher (OSSL_OP_ASYM_CIPHER) operation enables providers to +implement asymmetric cipher algorithms and make them available to applications +via the API functions EVP_PKEY_encrypt(3), +EVP_PKEY_decrypt(3) and +other related functions).

    +

    All "functions" mentioned here are passed as function pointers between +libcrypto and the provider in OSSL_DISPATCH arrays via +OSSL_ALGORITHM arrays that are returned by the provider's +provider_query_operation() function +(see provider-base(7)/Provider Functions).

    +

    All these "functions" have a corresponding function type definition +named OSSL_{name}_fn, and a helper function to retrieve the +function pointer from an OSSL_DISPATCH element named +OSSL_get_{name}. +For example, the "function" OP_asym_cipher_newctx() has these:

    +
    + typedef void *(OSSL_OP_asym_cipher_newctx_fn)(void *provctx);
+ static ossl_inline OSSL_OP_asym_cipher_newctx_fn
+     OSSL_get_OP_asym_cipher_newctx(const OSSL_DISPATCH *opf);
    +

    OSSL_DISPATCH arrays are indexed by numbers that are provided as +macros in openssl-core_numbers.h(7), as follows:

    +
    + OP_asym_cipher_newctx               OSSL_FUNC_ASYM_CIPHER_NEWCTX
+ OP_asym_cipher_freectx              OSSL_FUNC_ASYM_CIPHER_FREECTX
+ OP_asym_cipher_dupctx               OSSL_FUNC_ASYM_CIPHER_DUPCTX
    +
    + OP_asym_cipher_encrypt_init         OSSL_FUNC_ASYM_CIPHER_ENCRYPT_INIT
+ OP_asym_cipher_encrypt              OSSL_FUNC_ASYM_CIPHER_ENCRYPT
    +
    + OP_asym_cipher_decrypt_init         OSSL_FUNC_ASYM_CIPHER_DECRYPT_INIT
+ OP_asym_cipher_decrypt              OSSL_FUNC_ASYM_CIPHER_DECRYPT
    +
    + OP_asym_cipher_get_ctx_params       OSSL_FUNC_ASYM_CIPHER_GET_CTX_PARAMS
+ OP_asym_cipher_gettable_ctx_params  OSSL_FUNC_ASYM_CIPHER_GETTABLE_CTX_PARAMS
+ OP_asym_cipher_set_ctx_params       OSSL_FUNC_ASYM_CIPHER_SET_CTX_PARAMS
+ OP_asym_cipher_settable_ctx_params  OSSL_FUNC_ASYM_CIPHER_SETTABLE_CTX_PARAMS
    +

    An asymmetric cipher algorithm implementation may not implement all of these +functions. +In order to be a consistent set of functions a provider must implement +OP_asym_cipher_newctx and OP_asym_cipher_freectx. +It must also implement both of OP_asym_cipher_encrypt_init and +OP_asym_cipher_encrypt, or both of OP_asym_cipher_decrypt_init and +OP_asym_cipher_decrypt. +OP_asym_cipher_get_ctx_params is optional but if it is present then so must +OP_asym_cipher_gettable_ctx_params. +Similarly, OP_asym_cipher_set_ctx_params is optional but if it is present then +so must OP_asym_cipher_settable_ctx_params.

    +

    An asymmetric cipher algorithm must also implement some mechanism for generating, +loading or importing keys via the key management (OSSL_OP_KEYMGMT) operation. +See provider-keymgmt(7) for further details.

    +

    +

    +

    Context Management Functions

    +

    OP_asym_cipher_newctx() should create and return a pointer to a provider side +structure for holding context information during an asymmetric cipher operation. +A pointer to this context will be passed back in a number of the other +asymmetric cipher operation function calls. +The parameter provctx is the provider context generated during provider +initialisation (see provider(7)).

    +

    OP_asym_cipher_freectx() is passed a pointer to the provider side asymmetric +cipher context in the ctx parameter. +This function should free any resources associated with that context.

    +

    OP_asym_cipher_dupctx() should duplicate the provider side asymmetric cipher +context in the ctx parameter and return the duplicate copy.

    +

    +

    +

    Encryption Functions

    +

    OP_asym_cipher_encrypt_init() initialises a context for an asymmetric encryption +given a provider side asymmetric cipher context in the ctx parameter, and a +pointer to a provider key object in the provkey parameter. +The key object should have been previously generated, loaded or imported into +the provider using the key management (OSSL_OP_KEYMGMT) operation (see +provider-keymgmt(7)>.

    +

    OP_asym_cipher_encrypt() performs the actual encryption itself. +A previously initialised asymmetric cipher context is passed in the ctx +parameter. +The data to be encrypted is pointed to by the in parameter which is inlen +bytes long. +Unless out is NULL, the encrypted data should be written to the location +pointed to by the out parameter and it should not exceed outsize bytes in +length. +The length of the encrypted data should be written to *outlen. +If out is NULL then the maximum length of the encrypted data should be +written to *outlen.

    +

    +

    +

    Decryption Functions

    +

    OP_asym_cipher_decrypt_init() initialises a context for an asymmetric decryption +given a provider side asymmetric cipher context in the ctx parameter, and a +pointer to a provider key object in the provkey parameter. +The key object should have been previously generated, loaded or imported into +the provider using the key management (OSSL_OP_KEYMGMT) operation (see +provider-keymgmt(7)>.

    +

    OP_asym_cipher_decrypt() performs the actual decryption itself. +A previously initialised asymmetric cipher context is passed in the ctx +parameter. +The data to be decrypted is pointed to by the in parameter which is inlen +bytes long. +Unless out is NULL, the decrypted data should be written to the location +pointed to by the out parameter and it should not exceed outsize bytes in +length. +The length of the decrypted data should be written to *outlen. +If out is NULL then the maximum length of the decrypted data should be +written to *outlen.

    +

    +

    +

    Asymmetric Cipher Parameters

    +

    See OSSL_PARAM(3) for further details on the parameters structure used by +the OP_asym_cipher_get_ctx_params() and OP_asym_cipher_set_ctx_params() +functions.

    +

    OP_asym_cipher_get_ctx_params() gets asymmetric cipher parameters associated +with the given provider side asymmetric cipher context ctx and stores them in +params. +OP_asym_cipher_set_ctx_params() sets the asymmetric cipher parameters associated +with the given provider side asymmetric cipher context ctx to params. +Any parameter settings are additional to any that were previously set.

    +

    Parameters currently recognised by built-in asymmetric cipher algorithms are as +follows. +Not all parameters are relevant to, or are understood by all asymmetric cipher +algorithms:

    +
    +
    "pad-mode" (OSSL_ASYM_CIPHER_PARAM_PAD_MODE) <integer>
    + +
    +

    The type of padding to be used. The interpretation of this value will depend +on the algorithm in use. The default provider understands these RSA padding +modes: 1 (RSA_PKCS1_PADDING), 2 (RSA_SSLV23_PADDING), 3 (RSA_NO_PADDING), +4 (RSA_PKCS1_OAEP_PADDING), 5 (RSA_X931_PADDING), 6 (RSA_PKCS1_PSS_PADDING) and +7 (RSA_PKCS1_WITH_TLS_PADDING). See EVP_PKEY_CTX_set_rsa_padding(3) for +further details.

    +
    +
    "digest" (OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST) <UTF8 string>
    + +
    +

    Gets or sets the name of the OAEP digest algorithm used when OAEP padding is in +use.

    +
    +
    "digest-props" (OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS) <UTF8 string>
    + +
    +

    Gets or sets the properties to use when fetching the OAEP digest algorithm.

    +
    +
    "mgf1-digest" (OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST) <UTF8 string>
    + +
    +

    Gets or sets the name of the MGF1 digest algorithm used when OAEP or PSS padding +is in use.

    +
    +
    "mgf1-digest-props" (OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS) <UTF8 string>
    + +
    +

    Gets or sets the properties to use when fetching the MGF1 digest algorithm.

    +
    +
    "oaep-label" (OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL) <octet string>
    + +
    +

    Gets or sets the OAEP label used when OAEP padding is in use.

    +
    +
    "oaep-label-len" (OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL_LEN) <size_t>
    + +
    +

    Gets the length of an OAEP label when OAEP padding is in use.

    +
    +
    "tls-client-version" (OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION) <unsigned integer>
    + +
    +

    The TLS protocol version first requested by the client. See +RSA_PKCS1_WITH_TLS_PADDING on the page EVP_PKEY_CTX_set_rsa_padding(3).

    +
    +
    "tls-negotiated-version" (OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION) <unsigned integer>
    + +
    +

    The negotiated TLS protocol version. See +RSA_PKCS1_WITH_TLS_PADDING on the page EVP_PKEY_CTX_set_rsa_padding(3).

    +
    +
    +

    OP_asym_cipher_gettable_ctx_params() and OP_asym_cipher_settable_ctx_params() +get a constant OSSL_PARAM array that describes the gettable and settable +parameters, i.e. parameters that can be used with OP_asym_cipherget_ctx_params() +and OP_asym_cipher_set_ctx_params() respectively. +See OSSL_PARAM(3) for the use of OSSL_PARAM as parameter descriptor.

    +

    +

    +
    +

    RETURN VALUES

    +

    OP_asym_cipher_newctx() and OP_asym_cipher_dupctx() should return the newly +created provider side asymmetric cipher context, or NULL on failure.

    +

    All other functions should return 1 for success or 0 on error.

    +

    +

    +
    +

    SEE ALSO

    +

    provider(7)

    +

    +

    +
    +

    HISTORY

    +

    The provider ASYM_CIPHER interface was introduced in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man7/provider-base.html b/linux_amd64/ssl/share/doc/openssl/html/man7/provider-base.html new file mode 100755 index 0000000..b05a1b6 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man7/provider-base.html @@ -0,0 +1,523 @@ + + + + +provider-base + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    provider-base +- The basic OpenSSL library <-> provider functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/core_numbers.h>
    +
    + /*
+  * None of these are actual functions, but are displayed like this for
+  * the function signatures for functions that are offered as function
+  * pointers in OSSL_DISPATCH arrays.
+  */
    +
    + /* Functions offered by libcrypto to the providers */
+ const OSSL_ITEM *core_gettable_params(const OSSL_PROVIDER *prov);
+ int core_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[]);
+ int core_thread_start(const OSSL_PROVIDER *prov,
+                       OSSL_thread_stop_handler_fn handfn);
+ OPENSSL_CTX *core_get_library_context(const OSSL_PROVIDER *prov);
+ void core_new_error(const OSSL_PROVIDER *prov);
+ void core_set_error_debug(const OSSL_PROVIDER *prov,
+                           const char *file, int line, const char *func);
+ void core_vset_error(const OSSL_PROVIDER *prov,
+                      uint32_t reason, const char *fmt, va_list args);
    +
    + /*
+  * Some OpenSSL functionality is directly offered to providers via
+  * dispatch
+  */
+ void *CRYPTO_malloc(size_t num, const char *file, int line);
+ void *CRYPTO_zalloc(size_t num, const char *file, int line);
+ void *CRYPTO_memdup(const void *str, size_t siz,
+                     const char *file, int line);
+ char *CRYPTO_strdup(const char *str, const char *file, int line);
+ char *CRYPTO_strndup(const char *str, size_t s,
+                      const char *file, int line);
+ void CRYPTO_free(void *ptr, const char *file, int line);
+ void CRYPTO_clear_free(void *ptr, size_t num,
+                        const char *file, int line);
+ void *CRYPTO_realloc(void *addr, size_t num,
+                      const char *file, int line);
+ void *CRYPTO_clear_realloc(void *addr, size_t old_num, size_t num,
+                            const char *file, int line);
+ void *CRYPTO_secure_malloc(size_t num, const char *file, int line);
+ void *CRYPTO_secure_zalloc(size_t num, const char *file, int line);
+ void CRYPTO_secure_free(void *ptr, const char *file, int line);
+ void CRYPTO_secure_clear_free(void *ptr, size_t num,
+                               const char *file, int line);
+ int CRYPTO_secure_allocated(const void *ptr);
+ void OPENSSL_cleanse(void *ptr, size_t len);
+ unsigned char *OPENSSL_hexstr2buf(const char *str, long *len);
    +
    + /* Functions offered by the provider to libcrypto */
+ void provider_teardown(void *provctx);
+ const OSSL_ITEM *provider_gettable_params(void *provctx);
+ int provider_get_params(void *provctx, OSSL_PARAM params[]);
+ const OSSL_ALGORITHM *provider_query_operation(void *provctx,
+                                                int operation_id,
+                                                const int *no_store);
+ const OSSL_ITEM *provider_get_reason_strings(void *provctx);
    +

    +

    +
    +

    DESCRIPTION

    +

    All "functions" mentioned here are passed as function pointers between +libcrypto and the provider in OSSL_DISPATCH arrays, in the call +of the provider initialization function. See provider(7)/Provider +for a description of the initialization function.

    +

    All these "functions" have a corresponding function type definition +named OSSL_{name}_fn, and a helper function to retrieve the +function pointer from a OSSL_DISPATCH element named +OSSL_get_{name}. +For example, the "function" core_gettable_params() has these:

    +
    + typedef OSSL_ITEM *
+     (OSSL_core_gettable_params_fn)(const OSSL_PROVIDER *prov);
+ static ossl_inline OSSL_NAME_core_gettable_params_fn
+     OSSL_get_core_gettable_params(const OSSL_DISPATCH *opf);
    +

    OSSL_DISPATCH arrays are indexed by numbers that are provided as +macros in openssl-core_numbers.h(7), as follows:

    +

    For in (the OSSL_DISPATCH array passed from libcrypto to the +provider):

    +
    + core_gettable_params           OSSL_FUNC_CORE_GETTABLE_PARAMS
+ core_get_params                OSSL_FUNC_CORE_GET_PARAMS
+ core_thread_start              OSSL_FUNC_CORE_THREAD_START
+ core_get_library_context       OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT
+ core_new_error                 OSSL_FUNC_CORE_NEW_ERROR
+ core_set_error_debug           OSSL_FUNC_CORE_SET_ERROR_DEBUG
+ core_set_error                 OSSL_FUNC_CORE_SET_ERROR
+ CRYPTO_malloc                  OSSL_FUNC_CRYPTO_MALLOC
+ CRYPTO_zalloc                  OSSL_FUNC_CRYPTO_ZALLOC
+ CRYPTO_memdup                  OSSL_FUNC_CRYPTO_MEMDUP
+ CRYPTO_strdup                  OSSL_FUNC_CRYPTO_STRDUP
+ CRYPTO_strndup                 OSSL_FUNC_CRYPTO_STRNDUP
+ CRYPTO_free                    OSSL_FUNC_CRYPTO_FREE
+ CRYPTO_clear_free              OSSL_FUNC_CRYPTO_CLEAR_FREE
+ CRYPTO_realloc                 OSSL_FUNC_CRYPTO_REALLOC
+ CRYPTO_clear_realloc           OSSL_FUNC_CRYPTO_CLEAR_REALLOC
+ CRYPTO_secure_malloc           OSSL_FUNC_CRYPTO_SECURE_MALLOC
+ CRYPTO_secure_zalloc           OSSL_FUNC_CRYPTO_SECURE_ZALLOC
+ CRYPTO_secure_free             OSSL_FUNC_CRYPTO_SECURE_FREE
+ CRYPTO_secure_clear_free       OSSL_FUNC_CRYPTO_SECURE_CLEAR_FREE
+ CRYPTO_secure_allocated        OSSL_FUNC_CRYPTO_SECURE_ALLOCATED
+ BIO_new_file                   OSSL_FUNC_BIO_NEW_FILE
+ BIO_new_mem_buf                OSSL_FUNC_BIO_NEW_MEMBUF
+ BIO_read_ex                    OSSL_FUNC_BIO_READ_EX
+ BIO_free                       OSSL_FUNC_BIO_FREE
+ BIO_vprintf                    OSSL_FUNC_BIO_VPRINTF
+ OPENSSL_cleanse                OSSL_FUNC_OPENSSL_CLEANSE
+ OPENSSL_hexstr2buf             OSSL_FUNC_OPENSSL_HEXSTR2BUF
+ OSSL_SELF_TEST_set_callback    OSSL_FUNC_SELF_TEST_CB
    +

    For *out (the OSSL_DISPATCH array passed from the provider to +libcrypto):

    +
    + provider_teardown              OSSL_FUNC_PROVIDER_TEARDOWN
+ provider_gettable_params       OSSL_FUNC_PROVIDER_GETTABLE_PARAMS
+ provider_get_params            OSSL_FUNC_PROVIDER_GET_PARAMS
+ provider_query_operation       OSSL_FUNC_PROVIDER_QUERY_OPERATION
+ provider_get_reason_strings    OSSL_FUNC_PROVIDER_GET_REASON_STRINGS
    +

    +

    +

    Core functions

    +

    core_gettable_params() returns a constant array of descriptor +OSSL_PARAM, for parameters that core_get_params() can handle.

    +

    core_get_params() retrieves prov parameters from the core. +See Core parameters below for a description of currently known +parameters.

    +

    core_get_library_context() retrieves the library context in which the +OSSL_PROVIDER object prov is stored. +This may sometimes be useful if the provider wishes to store a +reference to its context in the same library context.

    +

    core_new_error(), core_set_error_debug() and core_set_error() are +building blocks for reporting an error back to the core, with +reference to the provider object prov.

    +
    +
    core_new_error()
    + +
    +

    allocates a new thread specific error record.

    +

    This corresponds to the OpenSSL function ERR_new(3).

    +
    +
    core_set_error_debug()
    + +
    +

    sets debugging information in the current thread specific error +record. +The debugging information includes the name of the file file, the +line line and the function name func where the error occurred.

    +

    This corresponds to the OpenSSL function ERR_set_debug(3).

    +
    +
    core_set_error()
    + +
    +

    sets the reason for the error, along with any addition data. +The reason is a number defined by the provider and used to index +the reason strings table that's returned by +provider_get_reason_strings(). +The additional data is given as a format string fmt and a set of +arguments args, which are treated in the same manner as with +BIO_vsnprintf(). +file and line may also be passed to indicate exactly where the +error occurred or was reported.

    +

    This corresponds to the OpenSSL function ERR_vset_error(3).

    +
    +
    +

    CRYPTO_malloc(), CRYPTO_zalloc(), CRYPTO_memdup(), CRYPTO_strdup(), +CRYPTO_strndup(), CRYPTO_free(), CRYPTO_clear_free(), +CRYPTO_realloc(), CRYPTO_clear_realloc(), CRYPTO_secure_malloc(), +CRYPTO_secure_zalloc(), CRYPTO_secure_free(), +CRYPTO_secure_clear_free(), CRYPTO_secure_allocated(), +BIO_new_file(), BIO_new_mem_buf(), BIO_read_ex(), BIO_free(), +BIO_vprintf(), OPENSSL_cleanse(), and OPENSSL_hexstr2buf() +correspond exactly to the public functions with the same name. +As a matter of fact, the pointers in the OSSL_DISPATCH array are +direct pointers to those public functions. +OSSL_SELF_TEST_set_callback() is used to set an optional callback that can be +passed into a provider. This may be ignored by a provider.

    +

    +

    +

    Provider functions

    +

    provider_teardown() is called when a provider is shut down and removed +from the core's provider store. +It must free the passed provctx.

    +

    provider_gettable_params() should return a constant array of +descriptor OSSL_PARAM, for parameters that provider_get_params() +can handle.

    +

    provider_get_params() should process the OSSL_PARAM array +params, setting the values of the parameters it understands.

    +

    provider_query_operation() should return a constant OSSL_ALGORITHM +that corresponds to the given operation_id. +It should indicate if the core may store a reference to this array by +setting *no_store to 0 (core may store a reference) or 1 (core may +not store a reference).

    +

    provider_get_reason_strings() should return a constant OSSL_ITEM +array that provides reason strings for reason codes the provider may +use when reporting errors using core_put_error().

    +

    None of these functions are mandatory, but a provider is fairly +useless without at least provider_query_operation(), and +provider_gettable_params() is fairly useless if not accompanied by +provider_get_params().

    +

    +

    +

    Core parameters

    +

    core_get_params() understands the following known parameters:

    +
    +
    "openssl-version"
    + +
    +

    This is a OSSL_PARAM_UTF8_PTR type of parameter, pointing at the +OpenSSL libraries' full version string, i.e. the string expanded from +the macro OPENSSL_VERSION_STR.

    +
    +
    "provider-name"
    + +
    +

    This is a OSSL_PARAM_UTF8_PTR type of parameter, pointing at the +OpenSSL libraries' idea of what the calling provider is called.

    +
    +
    +

    Additionally, provider specific configuration parameters from the +config file are available, in dotted name form. +The dotted name form is a concatenation of section names and final +config command name separated by periods.

    +

    For example, let's say we have the following config example:

    +
    + openssl_conf = openssl_init
    +
    + [openssl_init]
+ providers = providers_sect
    +
    + [providers_sect]
+ foo = foo_sect
    +
    + [foo_sect]
+ activate = 1
+ data1 = 2
+ data2 = str
+ more = foo_more
    +
    + [foo_more]
+ data3 = foo,bar
    +

    The provider will have these additional parameters available:

    +
    +
    "activate"
    + +
    +

    pointing at the string "1"

    +
    +
    "data1"
    + +
    +

    pointing at the string "2"

    +
    +
    "data2"
    + +
    +

    pointing at the string "str"

    +
    +
    "more.data3"
    + +
    +

    pointing at the string "foo,bar"

    +
    +
    +

    For more information on handling parameters, see OSSL_PARAM(3) as +OSSL_PARAM_int(3).

    +

    +

    +
    +

    EXAMPLES

    +

    This is an example of a simple provider made available as a +dynamically loadable module. +It implements the fictitious algorithm FOO for the fictitious +operation BAR.

    +
    + #include <malloc.h>
+ #include <openssl/core.h>
+ #include <openssl/core_numbers.h>
    +
    + /* Errors used in this provider */
+ #define E_MALLOC       1
    +
    + static const OSSL_ITEM reasons[] = {
+     { E_MALLOC, "memory allocation failure" }.
+     { 0, NULL } /* Termination */
+ };
    +
    + /*
+  * To ensure we get the function signature right, forward declare
+  * them using function types provided by openssl/core_numbers.h
+  */
+ OSSL_OP_bar_newctx_fn foo_newctx;
+ OSSL_OP_bar_freectx_fn foo_freectx;
+ OSSL_OP_bar_init_fn foo_init;
+ OSSL_OP_bar_update_fn foo_update;
+ OSSL_OP_bar_final_fn foo_final;
    +
    + OSSL_provider_query_operation_fn p_query;
+ OSSL_provider_get_reason_strings_fn p_reasons;
+ OSSL_provider_teardown_fn p_teardown;
    +
    + OSSL_provider_init_fn OSSL_provider_init;
    +
    + OSSL_core_put_error *c_put_error = NULL;
    +
    + /* Provider context */
+ struct prov_ctx_st {
+     OSSL_PROVIDER *prov;
+ }
    +
    + /* operation context for the algorithm FOO */
+ struct foo_ctx_st {
+     struct prov_ctx_st *provctx;
+     int b;
+ };
    +
    + static void *foo_newctx(void *provctx)
+ {
+     struct foo_ctx_st *fooctx = malloc(sizeof(*fooctx));
    +
    +     if (fooctx != NULL)
+         fooctx->provctx = provctx;
+     else
+         c_put_error(provctx->prov, E_MALLOC, __FILE__, __LINE__);
+     return fooctx;
+ }
    +
    + static void foo_freectx(void *fooctx)
+ {
+     free(fooctx);
+ }
    +
    + static int foo_init(void *vfooctx)
+ {
+     struct foo_ctx_st *fooctx = vfooctx;
    +
    +     fooctx->b = 0x33;
+ }
    +
    + static int foo_update(void *vfooctx, unsigned char *in, size_t inl)
+ {
+     struct foo_ctx_st *fooctx = vfooctx;
    +
    +     /* did you expect something serious? */
+     if (inl == 0)
+         return 1;
+     for (; inl-- > 0; in++)
+         *in ^= fooctx->b;
+     return 1;
+ }
    +
    + static int foo_final(void *vfooctx)
+ {
+     struct foo_ctx_st *fooctx = vfooctx;
    +
    +     fooctx->b = 0x66;
+ }
    +
    + static const OSSL_DISPATCH foo_fns[] = {
+     { OSSL_FUNC_BAR_NEWCTX, (void (*)(void))foo_newctx },
+     { OSSL_FUNC_BAR_FREECTX, (void (*)(void))foo_freectx },
+     { OSSL_FUNC_BAR_INIT, (void (*)(void))foo_init },
+     { OSSL_FUNC_BAR_UPDATE, (void (*)(void))foo_update },
+     { OSSL_FUNC_BAR_FINAL, (void (*)(void))foo_final },
+     { 0, NULL }
+ };
    +
    + static const OSSL_ALGORITHM bars[] = {
+     { "FOO", "provider=chumbawamba", foo_fns },
+     { NULL, NULL, NULL }
+ };
    +
    + static const OSSL_ALGORITHM *p_query(void *provctx, int operation_id,
+                                      int *no_store)
+ {
+     switch (operation_id) {
+     case OSSL_OP_BAR:
+         return bars;
+     }
+     return NULL;
+ }
    +
    + static const OSSL_ITEM *p_reasons(void *provctx)
+ {
+     return reasons;
+ }
    +
    + static void p_teardown(void *provctx)
+ {
+     free(provctx);
+ }
    +
    + static const OSSL_DISPATCH prov_fns[] = {
+     { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))p_teardown },
+     { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))p_query },
+     { OSSL_FUNC_PROVIDER_GET_REASON_STRINGS, (void (*)(void))p_reasons },
+     { 0, NULL }
+ };
    +
    + int OSSL_provider_init(const OSSL_PROVIDER *provider,
+                        const OSSL_DISPATCH *in,
+                        const OSSL_DISPATCH **out,
+                        void **provctx)
+ {
+     struct prov_ctx_st *pctx = NULL;
    +
    +     for (; in->function_id != 0; in++)
+         switch (in->function_id) {
+         case OSSL_FUNC_CORE_PUT_ERROR:
+             c_put_error = OSSL_get_core_put_error(in);
+             break;
+         }
    +
    +     *out = prov_fns;
    +
    +     if ((pctx = malloc(sizeof(*pctx))) == NULL) {
+         /*
+          * ALEA IACTA EST, if the core retrieves the reason table
+          * regardless, that string will be displayed, otherwise not.
+          */
+         c_put_error(provider, E_MALLOC, __FILE__, __LINE__);
+         return 0;
+     }
+     return 1;
+ }
    +

    This relies on a few things existing in openssl/core_numbers.h:

    +
    + #define OSSL_OP_BAR            4711
    +
    + #define OSSL_FUNC_BAR_NEWCTX      1
+ typedef void *(OSSL_OP_bar_newctx_fn)(void *provctx);
+ static ossl_inline OSSL_get_bar_newctx(const OSSL_DISPATCH *opf)
+ { return (OSSL_OP_bar_newctx_fn *)opf->function; }
    +
    + #define OSSL_FUNC_BAR_FREECTX     2
+ typedef void (OSSL_OP_bar_freectx_fn)(void *ctx);
+ static ossl_inline OSSL_get_bar_newctx(const OSSL_DISPATCH *opf)
+ { return (OSSL_OP_bar_freectx_fn *)opf->function; }
    +
    + #define OSSL_FUNC_BAR_INIT        3
+ typedef void *(OSSL_OP_bar_init_fn)(void *ctx);
+ static ossl_inline OSSL_get_bar_init(const OSSL_DISPATCH *opf)
+ { return (OSSL_OP_bar_init_fn *)opf->function; }
    +
    + #define OSSL_FUNC_BAR_UPDATE      4
+ typedef void *(OSSL_OP_bar_update_fn)(void *ctx,
+                                       unsigned char *in, size_t inl);
+ static ossl_inline OSSL_get_bar_update(const OSSL_DISPATCH *opf)
+ { return (OSSL_OP_bar_update_fn *)opf->function; }
    +
    + #define OSSL_FUNC_BAR_FINAL       5
+ typedef void *(OSSL_OP_bar_final_fn)(void *ctx);
+ static ossl_inline OSSL_get_bar_final(const OSSL_DISPATCH *opf)
+ { return (OSSL_OP_bar_final_fn *)opf->function; }
    +

    +

    +
    +

    SEE ALSO

    +

    provider(7)

    +

    +

    +
    +

    HISTORY

    +

    The concept of providers and everything surrounding them was +introduced in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man7/provider-cipher.html b/linux_amd64/ssl/share/doc/openssl/html/man7/provider-cipher.html new file mode 100755 index 0000000..a8e3014 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man7/provider-cipher.html @@ -0,0 +1,491 @@ + + + + +provider-cipher + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    provider-cipher - The cipher library <-> provider functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/core_numbers.h>
+ #include <openssl/core_names.h>
    +
    + /*
+  * None of these are actual functions, but are displayed like this for
+  * the function signatures for functions that are offered as function
+  * pointers in OSSL_DISPATCH arrays.
+  */
    +
    + /* Context management */
+ void *OP_cipher_newctx(void *provctx);
+ void OP_cipher_freectx(void *cctx);
+ void *OP_cipher_dupctx(void *cctx);
    +
    + /* Encryption/decryption */
+ int OP_cipher_encrypt_init(void *cctx, const unsigned char *key,
+                            size_t keylen, const unsigned char *iv,
+                            size_t ivlen);
+ int OP_cipher_decrypt_init(void *cctx, const unsigned char *key,
+                            size_t keylen, const unsigned char *iv,
+                            size_t ivlen);
+ int OP_cipher_update(void *cctx, unsigned char *out, size_t *outl,
+                      size_t outsize, const unsigned char *in, size_t inl);
+ int OP_cipher_final(void *cctx, unsigned char *out, size_t *outl,
+                     size_t outsize);
+ int OP_cipher_cipher(void *cctx, unsigned char *out, size_t *outl,
+                      size_t outsize, const unsigned char *in, size_t inl);
    +
    + /* Cipher parameter descriptors */
+ const OSSL_PARAM *OP_cipher_gettable_params(void);
    +
    + /* Cipher operation parameter descriptors */
+ const OSSL_PARAM *OP_cipher_gettable_ctx_params(void);
+ const OSSL_PARAM *OP_cipher_settable_ctx_params(void);
    +
    + /* Cipher parameters */
+ int OP_cipher_get_params(OSSL_PARAM params[]);
    +
    + /* Cipher operation parameters */
+ int OP_cipher_get_ctx_params(void *cctx, OSSL_PARAM params[]);
+ int OP_cipher_set_ctx_params(void *cctx, const OSSL_PARAM params[]);
    +

    +

    +
    +

    DESCRIPTION

    +

    This documentation is primarily aimed at provider authors. See provider(7) +for further information.

    +

    The CIPHER operation enables providers to implement cipher algorithms and make +them available to applications via the API functions EVP_EncryptInit_ex(3), +EVP_EncryptUpdate(3) and EVP_EncryptFinal(3) (as well as the decrypt +equivalents and other related functions).

    +

    All "functions" mentioned here are passed as function pointers between +libcrypto and the provider in OSSL_DISPATCH arrays via +OSSL_ALGORITHM arrays that are returned by the provider's +provider_query_operation() function +(see provider-base(7)/Provider Functions).

    +

    All these "functions" have a corresponding function type definition +named OSSL_{name}_fn, and a helper function to retrieve the +function pointer from an OSSL_DISPATCH element named +OSSL_get_{name}. +For example, the "function" OP_cipher_newctx() has these:

    +
    + typedef void *(OSSL_OP_cipher_newctx_fn)(void *provctx);
+ static ossl_inline OSSL_OP_cipher_newctx_fn
+     OSSL_get_OP_cipher_newctx(const OSSL_DISPATCH *opf);
    +

    OSSL_DISPATCH arrays are indexed by numbers that are provided as +macros in openssl-core_numbers.h(7), as follows:

    +
    + OP_cipher_newctx               OSSL_FUNC_CIPHER_NEWCTX
+ OP_cipher_freectx              OSSL_FUNC_CIPHER_FREECTX
+ OP_cipher_dupctx               OSSL_FUNC_CIPHER_DUPCTX
    +
    + OP_cipher_encrypt_init         OSSL_FUNC_CIPHER_ENCRYPT_INIT
+ OP_cipher_decrypt_init         OSSL_FUNC_CIPHER_DECRYPT_INIT
+ OP_cipher_update               OSSL_FUNC_CIPHER_UPDATE
+ OP_cipher_final                OSSL_FUNC_CIPHER_FINAL
+ OP_cipher_cipher               OSSL_FUNC_CIPHER_CIPHER
    +
    + OP_cipher_get_params           OSSL_FUNC_CIPHER_GET_PARAMS
+ OP_cipher_get_ctx_params       OSSL_FUNC_CIPHER_GET_CTX_PARAMS
+ OP_cipher_set_ctx_params       OSSL_FUNC_CIPHER_SET_CTX_PARAMS
    +
    + OP_cipher_gettable_params      OSSL_FUNC_CIPHER_GETTABLE_PARAMS
+ OP_cipher_gettable_ctx_params  OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS
+ OP_cipher_settable_ctx_params  OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS
    +

    A cipher algorithm implementation may not implement all of these functions. +In order to be a consistent set of functions there must at least be a complete +set of "encrypt" functions, or a complete set of "decrypt" functions, or a +single "cipher" function. +In all cases both the OP_cipher_newctx and OP_cipher_freectx functions must be +present. +All other functions are optional.

    +

    +

    +

    Context Management Functions

    +

    OP_cipher_newctx() should create and return a pointer to a provider side +structure for holding context information during a cipher operation. +A pointer to this context will be passed back in a number of the other cipher +operation function calls. +The parameter provctx is the provider context generated during provider +initialisation (see provider(7)).

    +

    OP_cipher_freectx() is passed a pointer to the provider side cipher context in +the cctx parameter. +This function should free any resources associated with that context.

    +

    OP_cipher_dupctx() should duplicate the provider side cipher context in the +cctx parameter and return the duplicate copy.

    +

    +

    +

    Encryption/Decryption Functions

    +

    OP_cipher_encrypt_init() initialises a cipher operation for encryption given a +newly created provider side cipher context in the cctx parameter. +The key to be used is given in key which is keylen bytes long. +The IV to be used is given in iv which is ivlen bytes long.

    +

    OP_cipher_decrypt_init() is the same as OP_cipher_encrypt_init() except that it +initialises the context for a decryption operation.

    +

    OP_cipher_update() is called to supply data to be encrypted/decrypted as part of +a previously initialised cipher operation. +The cctx parameter contains a pointer to a previously initialised provider +side context. +OP_cipher_update() should encrypt/decrypt inl bytes of data at the location +pointed to by in. +The encrypted data should be stored in out and the amount of data written to +*outl which should not exceed outsize bytes. +OP_cipher_update() may be called multiple times for a single cipher operation. +It is the responsibility of the cipher implementation to handle input lengths +that are not multiples of the block length. +In such cases a cipher implementation will typically cache partial blocks of +input data until a complete block is obtained. +out may be the same location as in but it should not partially overlap. +The same expectations apply to outsize as documented for +EVP_EncryptUpdate(3) and EVP_DecryptUpdate(3).

    +

    OP_cipher_final() completes an encryption or decryption started through previous +OP_cipher_encrypt_init() or OP_cipher_decrypt_init(), and OP_cipher_update() +calls. +The cctx parameter contains a pointer to the provider side context. +Any final encryption/decryption output should be written to out and the +amount of data written to *outl which should not exceed outsize bytes. +The same expectations apply to outsize as documented for +EVP_EncryptFinal(3) and EVP_DecryptFinal(3).

    +

    OP_cipher_cipher() performs encryption/decryption using the provider side cipher +context in the cctx parameter that should have been previously initialised via +a call to OP_cipher_encrypt_init() or OP_cipher_decrypt_init(). +This should call the raw underlying cipher function without any padding. +This will be invoked in the provider as a result of the application calling +EVP_Cipher(3). +The application is responsible for ensuring that the input is a multiple of the +block length. +The data to be encrypted/decrypted will be in in, and it will be inl bytes +in length. +The output from the encryption/decryption should be stored in out and the +amount of data stored should be put in *outl which should be no more than +outsize bytes.

    +

    +

    +

    Cipher Parameters

    +

    See OSSL_PARAM(3) for further details on the parameters structure used by +these functions.

    +

    OP_cipher_get_params() gets details of the algorithm implementation +and stores them in params.

    +

    OP_cipher_set_ctx_params() sets cipher operation parameters for the +provider side cipher context cctx to params. +Any parameter settings are additional to any that were previously set.

    +

    OP_cipher_get_ctx_params() gets cipher operation details details from +the given provider side cipher context cctx and stores them in params.

    +

    OP_cipher_gettable_params(), OP_cipher_gettable_ctx_params(), and +OP_cipher_settable_ctx_params() all return constant OSSL_PARAM arrays +as descriptors of the parameters that OP_cipher_get_params(), +OP_cipher_get_ctx_params(), and OP_cipher_set_ctx_params() can handle, +respectively.

    +

    Parameters currently recognised by built-in ciphers are as follows. Not all +parameters are relevant to, or are understood by all ciphers:

    +
    +
    "padding" (OSSL_CIPHER_PARAM_PADDING) <unsigned integer>
    + +
    +

    Sets the padding mode for the associated cipher ctx. +Setting a value of 1 will turn padding on. +Setting a value of 0 will turn padding off.

    +
    +
    "mode" (OSSL_CIPHER_PARAM_MODE) <unsigned integer>
    + +
    +

    Gets the mode for the associated cipher algorithm. +See EVP_CIPHER_mode(3) for a list of valid modes.

    +
    +
    "blocksize" (OSSL_CIPHER_PARAM_BLOCK_SIZE) <unsigned integer>
    + +
    +

    Gets the block size for the associated cipher algorithm. +The block size should be 1 for stream ciphers. +Note that the block size for a cipher may be different to the block size for +the underlying encryption/decryption primitive. +For example AES in CTR mode has a block size of 1 (because it operates like a +stream cipher), even though AES has a block size of 16. +The length of the "blocksize" parameter should not exceed that of a size_t.

    +
    +
    "flags" (OSSL_CIPHER_PARAM_FLAGS) <unsigned integer>
    + +
    +

    Gets any flags for the associated cipher algorithm. +See EVP_CIPHER_meth_set_flags(3) for a list of currently defined cipher +flags. +The length of the "flags" parameter should equal that of an +unsigned long int.

    +
    +
    "keylen" (OSSL_CIPHER_PARAM_KEYLEN) <unsigned integer>
    + +
    +

    Gets the key length for the associated cipher algorithm. +This can also be used to get or set the key length for the associated cipher +ctx. +The length of the "keylen" parameter should not exceed that of a size_t.

    +
    +
    "ivlen" (OSSL_CIPHER_PARAM_IVLEN) <unsigned integer>
    + +
    +

    Gets the IV length for the associated cipher algorithm. +The length of the "ivlen" parameter should not exceed that of a size_t.

    +
    +
    "iv" (OSSL_CIPHER_PARAM_IV) <octet string OR octet ptr>
    + +
    +

    Gets the IV for the associated cipher ctx.

    +
    +
    "num" (OSSL_CIPHER_PARAM_NUM) <unsigned integer>
    + +
    +

    Gets or sets the cipher specific "num" parameter for the associated cipher ctx. +Built-in ciphers typically use this to track how much of the current underlying +block has been "used" already.

    +
    +
    "tag" (OSSL_CIPHER_PARAM_AEAD_TAG) <octet string>
    + +
    +

    Gets or sets the AEAD tag for the associated cipher ctx. +See EVP_EncryptInit(3)/AEAD Interface.

    +
    +
    "taglen" (OSSL_CIPHER_PARAM_AEAD_TAGLEN) <unsigned integer>
    + +
    +

    Gets the tag length to be used for an AEAD cipher for the associated cipher ctx. +It returns a default value if it has not been set. +The length of the "taglen" parameter should not exceed that of a size_t.

    +
    +
    "tlsaad" (OSSL_CIPHER_PARAM_AEAD_TLS1_AAD) <octet string>
    + +
    +

    Sets TLSv1.2 AAD information for the associated cipher ctx. +TLSv1.2 AAD information is always 13 bytes in length and is as defined for the +"additional_data" field described in section 6.2.3.3 of RFC5246.

    +
    +
    "tlsaadpad" (OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD) <unsigned integer>
    + +
    +

    Gets the length of the tag that will be added to a TLS record for the AEAD +tag for the associated cipher ctx. +The length of the "tlsaadpad" parameter should not exceed that of a size_t.

    +
    +
    "tlsivfixed" (OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED) <octet string>
    + +
    +

    Sets the fixed portion of an IV for an AEAD cipher used in a TLS record +encryption/ decryption for the associated cipher ctx. +TLS record encryption/decryption always occurs "in place" so that the input and +output buffers are always the same memory location. +AEAD IVs in TLSv1.2 consist of an implicit "fixed" part and an explicit part +that varies with every record. +Setting a TLS fixed IV changes a cipher to encrypt/decrypt TLS records. +TLS records are encrypted/decrypted using a single OP_cipher_cipher call per +record. +For a record decryption the first bytes of the input buffer will be the explicit +part of the IV and the final bytes of the input buffer will be the AEAD tag. +The length of the explicit part of the IV and the tag length will depend on the +cipher in use and will be defined in the RFC for the relevant ciphersuite. +In order to allow for "in place" decryption the plaintext output should be +written to the same location in the output buffer that the ciphertext payload +was read from, i.e. immediately after the explicit IV.

    +

    When encrypting a record the first bytes of the input buffer will be empty to +allow space for the explicit IV, as will the final bytes where the tag will +be written. +The length of the input buffer will include the length of the explicit IV, the +payload, and the tag bytes. +The cipher implementation should generate the explicit IV and write it to the +beginning of the output buffer, do "in place" encryption of the payload and +write that to the output buffer, and finally add the tag onto the end of the +output buffer.

    +

    Whether encrypting or decrypting the value written to *outl in the +OP_cipher_cipher call should be the length of the payload excluding the explicit +IV length and the tag length.

    +
    +
    "ivlen" (OSSL_CIPHER_PARAM_AEAD_IVLEN) <unsigned integer>
    + +
    +

    Sets the IV length to be used for an AEAD cipher for the associated cipher ctx. +The length of the "ivlen" parameter should not exceed that of a size_t.

    +
    +
    "mackey" (OSSL_CIPHER_PARAM_AEAD_MAC_KEY) <octet string>
    + +
    +

    Sets the MAC key used by composite AEAD ciphers such as AES-CBC-HMAC-SHA256.

    +
    +
    "randkey" (OSSL_CIPHER_PARAM_RANDOM_KEY) <octet string>
    + +
    +

    Gets a implementation specific randomly generated key for the associated +cipher ctx. This is currently only supported by 3DES (which sets the key to +odd parity).

    +
    +
    "alg_id_param" (OSSL_CIPHER_PARAM_ALG_ID) <octet string>
    + +
    +

    Used to pass the DER encoded AlgorithmIdentifier parameter to or from +the cipher implementation. Functions like EVP_CIPHER_param_to_asn1(3) +and EVP_CIPHER_asn1_to_param(3) use this parameter for any implementation +that has the flag EVP_CIPH_FLAG_CUSTOM_ASN1 set.

    +
    +
    "rounds" (OSSL_CIPHER_PARAM_ROUNDS) <unsigned integer>
    + +
    +

    Sets or gets the number of rounds to be used for a cipher. +This is used by the RC5 cipher.

    +
    +
    "keybits" (OSSL_CIPHER_PARAM_RC2_KEYBITS) <unsigned integer>
    + +
    +

    Gets or sets the effective keybits used for a RC2 cipher. +The length of the "keybits" parameter should not exceed that of a size_t.

    +
    +
    "speed" (OSSL_CIPHER_PARAM_SPEED) <unsigned integer>
    + +
    +

    Sets the speed option for the associated cipher ctx. This is only supported +by AES SIV ciphers which disallow multiple operations by default. +Setting "speed" to 1 allows another encrypt or decrypt operation to be +performed. This is used for performance testing.

    +
    +
    "tlsivgen" (OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN) <octet string>
    + +
    +

    Gets the invocation field generated for encryption. +Can only be called after "tlsivfixed" is set. +This is only used for GCM mode.

    +
    +
    "tlsivinv" (OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV) <octet string>
    + +
    +

    Sets the invocation field used for decryption. +Can only be called after "tlsivfixed" is set. +This is only used for GCM mode.

    +
    +
    "tls1multi_enc" (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC) <octet string>
    + +
    +

    Triggers a multiblock tls1 encrypt operation for a tls1 aware cipher that supports +sending 4 or 8 records in one go. +The cipher performs both the MAC and encrypt stages and constructs the record +headers itself. +"tls1multi_enc" supplies the output buffer for the encrypt operation, +"tls1multi_encin" & "tls1multi_interleave" must also be set in order to supply +values to the encrypt operation.

    +
    +
    "tls1multi_enclen" (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN) <unsigned integer>
    + +
    +

    Get the total length of the record returned from the "tls1multi_enc" operation.

    +
    +
    "tls1multi_interleave" (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE) <unsigned integer>
    + +
    +

    Sets or gets the number of records being sent in one go for a tls1 multiblock +cipher operation (either 4 or 8 records).

    +
    +
    "tls1multi_encin" (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN) <octet string>
    + +
    +

    Supplies the data to encrypt for a tls1 multiblock cipher operation.

    +
    +
    "tls1multi_maxsndfrag" (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT) <unsigned integer>
    + +
    +

    Sets the maximum send fragment size for a tls1 multiblock cipher operation. +It must be set before using "tls1multi_maxbufsz". +The length of the "tls1multi_maxsndfrag" parameter should not exceed that of a size_t.

    +
    +
    "tls1multi_maxbufsz" (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE) <unsigned integer>
    + +
    +

    Gets the maximum record length for a tls1 multiblock cipher operation. +The length of the "tls1multi_maxbufsz" parameter should not exceed that of a size_t.

    +
    +
    "tls1multi_aad" (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD) <octet string>
    + +
    +

    Sets the authenticated additional data used by a tls1 multiblock cipher operation. +The supplied data consists of 13 bytes of record data containing: +Bytes 0-7: The sequence number of the first record +Byte 8: The record type +Byte 9-10: The protocol version +Byte 11-12: Input length (Always 0)

    +

    "tls1multi_interleave" must also be set for this operation.

    +
    +
    "tls1multi_aadpacklen" (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN) <unsigned integer>
    + +
    +

    Gets the result of running the "tls1multi_aad" operation.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    OP_cipher_newctx() and OP_cipher_dupctx() should return the newly created +provider side cipher context, or NULL on failure.

    +

    OP_cipher_encrypt_init(), OP_cipher_decrypt_init(), OP_cipher_update(), +OP_cipher_final(), OP_cipher_cipher(), OP_cipher_get_params(), +OP_cipher_get_ctx_params() and OP_cipher_set_ctx_params() should return 1 for +success or 0 on error.

    +

    OP_cipher_gettable_params(), OP_cipher_gettable_ctx_params() and +OP_cipher_settable_ctx_params() should return a constant OSSL_PARAM +array, or NULL if none is offered.

    +

    +

    +
    +

    SEE ALSO

    +

    provider(7)

    +

    +

    +
    +

    HISTORY

    +

    The provider CIPHER interface was introduced in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man7/provider-digest.html b/linux_amd64/ssl/share/doc/openssl/html/man7/provider-digest.html new file mode 100755 index 0000000..e26b7a4 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man7/provider-digest.html @@ -0,0 +1,329 @@ + + + + +provider-digest + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    provider-digest - The digest library <-> provider functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/core_numbers.h>
+ #include <openssl/core_names.h>
    +
    + /*
+  * Digests support the following function signatures in OSSL_DISPATCH arrays.
+  * (The function signatures are not actual functions).
+  */
    +
    + /* Context management */
+ void *OP_digest_newctx(void *provctx);
+ void OP_digest_freectx(void *dctx);
+ void *OP_digest_dupctx(void *dctx);
    +
    + /* Digest generation */
+ int OP_digest_init(void *dctx);
+ int OP_digest_update(void *dctx, const unsigned char *in, size_t inl);
+ int OP_digest_final(void *dctx, unsigned char *out, size_t *outl,
+                     size_t outsz);
+ int OP_digest_digest(void *provctx, const unsigned char *in, size_t inl,
+                      unsigned char *out, size_t *outl, size_t outsz);
    +
    + /* Digest parameter descriptors */
+ const OSSL_PARAM *OP_digest_gettable_params(void);
    +
    + /* Digest operation parameter descriptors */
+ const OSSL_PARAM *OP_digest_gettable_ctx_params(void);
+ const OSSL_PARAM *OP_digest_settable_ctx_params(void);
    +
    + /* Digest parameters */
+ int OP_digest_get_params(OSSL_PARAM params[]);
    +
    + /* Digest operation parameters */
+ int OP_digest_set_ctx_params(void *dctx, const OSSL_PARAM params[]);
+ int OP_digest_get_ctx_params(void *dctx, OSSL_PARAM params[]);
    +

    +

    +
    +

    DESCRIPTION

    +

    This documentation is primarily aimed at provider authors. See provider(7) +for further information.

    +

    The DIGEST operation enables providers to implement digest algorithms and make +them available to applications via the API functions EVP_DigestInit_ex(3), +EVP_DigestUpdate(3) and EVP_DigestFinal(3) (and other related functions).

    +

    All "functions" mentioned here are passed as function pointers between +libcrypto and the provider in OSSL_DISPATCH arrays via +OSSL_ALGORITHM arrays that are returned by the provider's +provider_query_operation() function +(see provider-base(7)/Provider Functions).

    +

    All these "functions" have a corresponding function type definition +named OSSL_{name}_fn, and a helper function to retrieve the +function pointer from an OSSL_DISPATCH element named +OSSL_get_{name}. +For example, the "function" OP_digest_newctx() has these:

    +
    + typedef void *(OSSL_OP_digest_newctx_fn)(void *provctx);
+ static ossl_inline OSSL_OP_digest_newctx_fn
+     OSSL_get_OP_digest_newctx(const OSSL_DISPATCH *opf);
    +

    OSSL_DISPATCH arrays are indexed by numbers that are provided as +macros in openssl-core_numbers.h(7), as follows:

    +
    + OP_digest_newctx               OSSL_FUNC_DIGEST_NEWCTX
+ OP_digest_freectx              OSSL_FUNC_DIGEST_FREECTX
+ OP_digest_dupctx               OSSL_FUNC_DIGEST_DUPCTX
    +
    + OP_digest_init                 OSSL_FUNC_DIGEST_INIT
+ OP_digest_update               OSSL_FUNC_DIGEST_UPDATE
+ OP_digest_final                OSSL_FUNC_DIGEST_FINAL
+ OP_digest_digest               OSSL_FUNC_DIGEST_DIGEST
    +
    + OP_digest_get_params           OSSL_FUNC_DIGEST_GET_PARAMS
+ OP_digest_get_ctx_params       OSSL_FUNC_DIGEST_GET_CTX_PARAMS
+ OP_digest_set_ctx_params       OSSL_FUNC_DIGEST_SET_CTX_PARAMS
    +
    + OP_digest_gettable_params      OSSL_FUNC_DIGEST_GETTABLE_PARAMS
+ OP_digest_gettable_ctx_params  OSSL_FUNC_DIGEST_GETTABLE_CTX_PARAMS
+ OP_digest_settable_ctx_params  OSSL_FUNC_DIGEST_SETTABLE_CTX_PARAMS
    +

    A digest algorithm implementation may not implement all of these functions. +In order to be usable all or none of OP_digest_newctx, OP_digest_freectx, +OP_digest_init, OP_digest_update and OP_digest_final should be implemented. +All other functions are optional.

    +

    +

    +

    Context Management Functions

    +

    OP_digest_newctx() should create and return a pointer to a provider side +structure for holding context information during a digest operation. +A pointer to this context will be passed back in a number of the other digest +operation function calls. +The parameter provctx is the provider context generated during provider +initialisation (see provider(7)).

    +

    OP_digest_freectx() is passed a pointer to the provider side digest context in +the dctx parameter. +This function should free any resources associated with that context.

    +

    OP_digest_dupctx() should duplicate the provider side digest context in the +dctx parameter and return the duplicate copy.

    +

    +

    +

    Digest Generation Functions

    +

    OP_digest_init() initialises a digest operation given a newly created +provider side digest context in the dctx parameter.

    +

    OP_digest_update() is called to supply data to be digested as part of a +previously initialised digest operation. +The dctx parameter contains a pointer to a previously initialised provider +side context. +OP_digest_update() should digest inl bytes of data at the location pointed to +by in. +OP_digest_update() may be called multiple times for a single digest operation.

    +

    OP_digest_final() generates a digest started through previous OP_digest_init() +and OP_digest_update() calls. +The dctx parameter contains a pointer to the provider side context. +The digest should be written to *out and the length of the digest to +*outl. +The digest should not exceed outsz bytes.

    +

    OP_digest_digest() is a "oneshot" digest function. +No provider side digest context is used. +Instead the provider context that was created during provider initialisation is +passed in the provctx parameter (see provider(7)). +inl bytes at in should be digested and the result should be stored at +out. The length of the digest should be stored in *outl which should not +exceed outsz bytes.

    +

    +

    +

    Digest Parameters

    +

    See OSSL_PARAM(3) for further details on the parameters structure used by +these functions.

    +

    OP_digest_get_params() gets details of the algorithm implementation +and stores them in params.

    +

    OP_digest_set_ctx_params() sets digest operation parameters for the +provider side digest context dctx to params. +Any parameter settings are additional to any that were previously set.

    +

    OP_digest_get_ctx_params() gets digest operation details details from +the given provider side digest context dctx and stores them in params.

    +

    OP_digest_gettable_params(), OP_digest_gettable_ctx_params(), and +OP_digest_settable_ctx_params() all return constant OSSL_PARAM arrays +as descriptors of the parameters that OP_digest_get_params(), +OP_digest_get_ctx_params(), and OP_digest_set_ctx_params() can handle, +respectively.

    +

    Parameters currently recognised by built-in digests with this function +are as follows. Not all parameters are relevant to, or are understood +by all digests:

    +
    +
    "blocksize" (OSSL_DIGEST_PARAM_BLOCK_SIZE) <unsigned integer>
    + +
    +

    The digest block size. +The length of the "blocksize" parameter should not exceed that of a size_t.

    +
    +
    "size" (OSSL_DIGEST_PARAM_SIZE) <unsigned integer>
    + +
    +

    The digest output size. +The length of the "size" parameter should not exceed that of a size_t.

    +
    +
    "flags" (OSSL_DIGEST_PARAM_FLAGS) <unsigned integer>
    + +
    +

    Diverse flags that describe exceptional behaviour for the digest:

    +
    +
    EVP_MD_FLAG_ONESHOT
    + +
    +

    This digest method can only handle one block of input.

    +
    +
    EVP_MD_FLAG_XOF
    + +
    +

    This digest method is an extensible-output function (XOF) and supports +setting the OSSL_DIGEST_PARAM_XOFLEN parameter.

    +
    +
    EVP_MD_FLAG_DIGALGID_NULL
    + +
    +

    When setting up a DigestAlgorithmIdentifier, this flag will have the +parameter set to NULL by default. Use this for PKCS#1. Note: if +combined with EVP_MD_FLAG_DIGALGID_ABSENT, the latter will override.

    +
    +
    EVP_MD_FLAG_DIGALGID_ABSENT
    + +
    +

    When setting up a DigestAlgorithmIdentifier, this flag will have the +parameter be left absent by default. Note: if combined with +EVP_MD_FLAG_DIGALGID_NULL, the latter will be overridden.

    +
    +
    EVP_MD_FLAG_DIGALGID_CUSTOM
    + +
    +

    Custom DigestAlgorithmIdentifier handling via ctrl, with +EVP_MD_FLAG_DIGALGID_ABSENT as default. Note: if combined with +EVP_MD_FLAG_DIGALGID_NULL, the latter will be overridden. +Currently unused.

    +
    +
    +

    The length of the "flags" parameter should equal that of an +unsigned long int.

    +
    +
    +

    +

    +

    Digest Context Parameters

    +

    OP_digest_set_ctx_params() sets digest parameters associated with the +given provider side digest context dctx to params. +Any parameter settings are additional to any that were previously set. +See OSSL_PARAM(3) for further details on the parameters structure.

    +

    OP_digest_get_ctx_params() gets details of currently set parameters +values associated with the give provider side digest context dctx +and stores them in params. +See OSSL_PARAM(3) for further details on the parameters structure.

    +

    Parameters currently recognised by built-in digests are as follows. Not all +parameters are relevant to, or are understood by all digests:

    +
    +
    "xoflen" (OSSL_DIGEST_PARAM_XOFLEN) <unsigned integer>
    + +
    +

    Sets the digest length for extendable output functions. +The length of the "xoflen" parameter should not exceed that of a size_t.

    +
    +
    "ssl3-ms" (OSSL_DIGEST_PARAM_SSL3_MS) <octet string>
    + +
    +

    This parameter is set by libssl in order to calculate a signature hash for an +SSLv3 CertificateVerify message as per RFC6101. +It is only set after all handshake messages have already been digested via +OP_digest_update() calls. +The parameter provides the master secret value to be added to the digest. +The digest implementation should calculate the complete digest as per RFC6101 +section 5.6.8. +The next call after setting this parameter will be OP_digest_final(). +This is only relevant for implementations of SHA1 or MD5_SHA1.

    +
    +
    "pad_type" (OSSL_DIGEST_PARAM_PAD_TYPE) <unsigned integer>
    + +
    +

    Sets the pad type to be used. +The only built-in digest that uses this is MDC2. +Normally the final MDC2 block is padded with 0s. +If the pad type is set to 2 then the final block is padded with 0x80 followed by +0s.

    +
    +
    "micalg" (OSSL_DIGEST_PARAM_MICALG) <UTF8 string>
    + +
    +

    Gets the digest Message Integrity Check algorithm string. +This is used when creating S/MIME multipart/signed messages, as specified in +RFC 5751.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    OP_digest_newctx() and OP_digest_dupctx() should return the newly created +provider side digest context, or NULL on failure.

    +

    OP_digest_init(), OP_digest_update(), OP_digest_final(), OP_digest_digest(), +OP_digest_set_params() and OP_digest_get_params() should return 1 for success or +0 on error.

    +

    OP_digest_size() should return the digest size.

    +

    OP_digest_block_size() should return the block size of the underlying digest +algorithm.

    +

    +

    +
    +

    SEE ALSO

    +

    provider(7)

    +

    +

    +
    +

    HISTORY

    +

    The provider DIGEST interface was introduced in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man7/provider-keyexch.html b/linux_amd64/ssl/share/doc/openssl/html/man7/provider-keyexch.html new file mode 100755 index 0000000..f62386e --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man7/provider-keyexch.html @@ -0,0 +1,290 @@ + + + + +provider-keyexch + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    provider-keyexch - The keyexch library <-> provider functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/core_numbers.h>
+ #include <openssl/core_names.h>
    +
    + /*
+  * None of these are actual functions, but are displayed like this for
+  * the function signatures for functions that are offered as function
+  * pointers in OSSL_DISPATCH arrays.
+  */
    +
    + /* Context management */
+ void *OP_keyexch_newctx(void *provctx);
+ void OP_keyexch_freectx(void *ctx);
+ void *OP_keyexch_dupctx(void *ctx);
    +
    + /* Shared secret derivation */
+ int OP_keyexch_init(void *ctx, void *provkey);
+ int OP_keyexch_set_peer(void *ctx, void *provkey);
+ int OP_keyexch_derive(void *ctx, unsigned char *secret, size_t *secretlen,
+                       size_t outlen);
    +
    + /* Key Exchange parameters */
+ int OP_keyexch_set_ctx_params(void *ctx, const OSSL_PARAM params[]);
+ const OSSL_PARAM *OP_keyexch_settable_ctx_params(void);
+ int OP_keyexch_get_ctx_params(void *ctx, OSSL_PARAM params[]);
+ const OSSL_PARAM *OP_keyexch_gettable_ctx_params(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    This documentation is primarily aimed at provider authors. See provider(7) +for further information.

    +

    The key exchange (OSSL_OP_KEYEXCH) operation enables providers to implement key +exchange algorithms and make them available to applications via +EVP_PKEY_derive(3) and +other related functions).

    +

    All "functions" mentioned here are passed as function pointers between +libcrypto and the provider in OSSL_DISPATCH arrays via +OSSL_ALGORITHM arrays that are returned by the provider's +provider_query_operation() function +(see provider-base(7)/Provider Functions).

    +

    All these "functions" have a corresponding function type definition +named OSSL_{name}_fn, and a helper function to retrieve the +function pointer from an OSSL_DISPATCH element named +OSSL_get_{name}. +For example, the "function" OP_keyexch_newctx() has these:

    +
    + typedef void *(OSSL_OP_keyexch_newctx_fn)(void *provctx);
+ static ossl_inline OSSL_OP_keyexch_newctx_fn
+     OSSL_get_OP_keyexch_newctx(const OSSL_DISPATCH *opf);
    +

    OSSL_DISPATCH arrays are indexed by numbers that are provided as +macros in openssl-core_numbers.h(7), as follows:

    +
    + OP_keyexch_newctx                OSSL_FUNC_KEYEXCH_NEWCTX
+ OP_keyexch_freectx               OSSL_FUNC_KEYEXCH_FREECTX
+ OP_keyexch_dupctx                OSSL_FUNC_KEYEXCH_DUPCTX
    +
    + OP_keyexch_init                  OSSL_FUNC_KEYEXCH_INIT
+ OP_keyexch_set_peer              OSSL_FUNC_KEYEXCH_SET_PEER
+ OP_keyexch_derive                OSSL_FUNC_KEYEXCH_DERIVE
    +
    + OP_keyexch_set_ctx_params        OSSL_FUNC_KEYEXCH_SET_CTX_PARAMS
+ OP_keyexch_settable_ctx_params   OSSL_FUNC_KEYEXCH_SETTABLE_CTX_PARAMS
+ OP_keyexch_get_ctx_params        OSSL_FUNC_KEYEXCH_GET_CTX_PARAMS
+ OP_keyexch_gettable_ctx_params   OSSL_FUNC_KEYEXCH_GETTABLE_CTX_PARAMS
    +

    A key exchange algorithm implementation may not implement all of these functions. +In order to be a consistent set of functions a provider must implement +OP_keyexch_newctx, OP_keyexch_freectx, OP_keyexch_init and OP_keyexch_derive. +All other functions are optional.

    +

    A key exchange algorithm must also implement some mechanism for generating, +loading or importing keys via the key management (OSSL_OP_KEYMGMT) operation. +See provider-keymgmt(7) for further details.

    +

    +

    +

    Context Management Functions

    +

    OP_keyexch_newctx() should create and return a pointer to a provider side +structure for holding context information during a key exchange operation. +A pointer to this context will be passed back in a number of the other key +exchange operation function calls. +The parameter provctx is the provider context generated during provider +initialisation (see provider(7)).

    +

    OP_keyexch_freectx() is passed a pointer to the provider side key exchange +context in the ctx parameter. +This function should free any resources associated with that context.

    +

    OP_keyexch_dupctx() should duplicate the provider side key exchange context in +the ctx parameter and return the duplicate copy.

    +

    +

    +

    Shared Secret Derivation Functions

    +

    OP_keyexch_init() initialises a key exchange operation given a provider side key +exchange context in the ctx parameter, and a pointer to a provider key object +in the provkey parameter. The key object should have been previously +generated, loaded or imported into the provider using the key management +(OSSL_OP_KEYMGMT) operation (see provider-keymgmt(7)>.

    +

    OP_keyexch_set_peer() is called to supply the peer's public key (in the +provkey parameter) to be used when deriving the shared secret. +It is also passed a previously initialised key exchange context in the ctx +parameter. +The key object should have been previously generated, loaded or imported into +the provider using the key management (OSSL_OP_KEYMGMT) operation (see +provider-keymgmt(7)>.

    +

    OP_keyexch_derive() performs the actual key exchange itself by deriving a shared +secret. +A previously initialised key exchange context is passed in the ctx +parameter. +The derived secret should be written to the location secret which should not +exceed outlen bytes. +The length of the shared secret should be written to *secretlen. +If secret is NULL then the maximum length of the shared secret should be +written to *secretlen.

    +

    +

    +

    Key Exchange Parameters Functions

    +

    OP_keyexch_set_ctx_params() sets key exchange parameters associated with the +given provider side key exchange context ctx to params, +see Key Exchange Parameters. +Any parameter settings are additional to any that were previously set.

    +

    OP_keyexch_get_ctx_params() gets key exchange parameters associated with the +given provider side key exchange context ctx into params, +see Key Exchange Parameters.

    +

    OP_keyexch_settable_ctx_params() yields a constant OSSL_PARAM array that +describes the settable parameters, i.e. parameters that can be used with +OP_signature_set_ctx_params(). +If OP_keyexch_settable_ctx_params() is present, OP_keyexch_set_ctx_params() must +also be present, and vice versa. +Similarly, OP_keyexch_gettable_ctx_params() yields a constant OSSL_PARAM +array that describes the gettable parameters, i.e. parameters that can be +handled by OP_signature_get_ctx_params(). +If OP_keyexch_gettable_ctx_params() is present, OP_keyexch_get_ctx_params() must +also be present, and vice versa. +See OSSL_PARAM(3) for the use of OSSL_PARAM as parameter descriptor.

    +

    Notice that not all settable parameters are also gettable, and vice versa.

    +

    +

    +

    Key Exchange Parameters

    +

    See OSSL_PARAM(3) for further details on the parameters structure used by +the OP_keyexch_set_ctx_params() and OP_keyexch_get_ctx_params() functions.

    +

    Parameters currently recognised by built-in key exchange algorithms are as +follows. +Not all parameters are relevant to, or are understood by all key exchange +algorithms:

    +
    +
    "pad" (OSSL_EXCHANGE_PARAM_PAD) <unsigned integer>
    + +
    +

    Sets the padding mode for the associated key exchange ctx. +Setting a value of 1 will turn padding on. +Setting a vlue of 0 will turn padding off. +If padding is off then the derived shared secret may be smaller than the largest +possible secret size. +If padding is on then the derived shared secret will have its first bytes filled +with 0s where necessary to make the shared secret the same size as the largest +possible secret size.

    +
    +
    "ecdh-cofactor-mode" (OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE) <integer>
    + +
    +

    Sets/gets the ECDH mode of operation for the associated key exchange ctx.

    +

    In the context of an Elliptic Curve Diffie-Hellman key exchange, this parameter +can be used to select between the plain Diffie-Hellman (DH) or Cofactor +Diffie-Hellman (CDH) variants of the key exchange algorithm.

    +

    When setting, the value should be 1, 0 or -1, respectively forcing cofactor mode +on, off, or resetting it to the default for the private key associated with the +given key exchange ctx.

    +

    When getting, the value should be either 1 or 0, respectively signaling if the +cofactor mode is on or off.

    +

    See also provider-keymgmt(7) for the related +OSSL_PKEY_PARAM_USE_COFACTOR_ECDH parameter that can be set on a +per-key basis.

    +
    +
    "kdf-type" (OSSL_EXCHANGE_PARAM_KDF_TYPE) <utf8_string>
    + +
    +

    Sets/gets the Key Derivation Function type to apply within the associated key +exchange ctx.

    +
    +
    "kdf-digest" (OSSL_EXCHANGE_PARAM_KDF_DIGEST) <utf8_string>
    + +
    +

    Sets/gets the Digest algorithm to be used as part of the Key Derivation Function +associated with the given key exchange ctx.

    +
    +
    "kdf-digest-props" (OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS) <utf8_string>
    + +
    +

    Sets properties to be used upon look up of the implementation for the selected +Digest algorithm for the Key Derivation Function associated with the given key +exchange ctx.

    +
    +
    "kdf-outlen" (OSSL_EXCHANGE_PARAM_KDF_OUTLEN) <size_t>
    + +
    +

    Sets/gets the desired size for the output of the chosen Key Derivation Function +associated with the given key exchange ctx.

    +
    +
    "kdf-ukm" (OSSL_EXCHANGE_PARAM_KDF_UKM) <octet_string>
    + +
    +

    Sets/gets User Key Material to be used as part of the selected Key Derivation +Function associated with the given key exchange ctx.

    +
    +
    "kdf-ukm-len" (OSSL_EXCHANGE_PARAM_KDF_UKM_LEN) <size_t>
    + +
    +

    Sets/gets the size of the User Key Material to be used as part of the selected +Key Derivation Function associated with the given key exchange ctx.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    OP_keyexch_newctx() and OP_keyexch_dupctx() should return the newly created +provider side key exchange context, or NULL on failure.

    +

    OP_keyexch_init(), OP_keyexch_set_peer(), OP_keyexch_derive(), +OP_keyexch_set_params(), and OP_keyexch_get_params() should return 1 for success +or 0 on error.

    +

    OP_keyexch_settable_ctx_params() and OP_keyexch_gettable_ctx_params() should +always return a constant OSSL_PARAM array.

    +

    +

    +
    +

    SEE ALSO

    +

    provider(7)

    +

    +

    +
    +

    HISTORY

    +

    The provider KEYEXCH interface was introduced in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man7/provider-keymgmt.html b/linux_amd64/ssl/share/doc/openssl/html/man7/provider-keymgmt.html new file mode 100755 index 0000000..5b6952e --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man7/provider-keymgmt.html @@ -0,0 +1,461 @@ + + + + +provider-keymgmt + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    provider-keymgmt - The KEYMGMT library <-> provider functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/core_numbers.h>
    +
    + /*
+  * None of these are actual functions, but are displayed like this for
+  * the function signatures for functions that are offered as function
+  * pointers in OSSL_DISPATCH arrays.
+  */
    +
    + /* Key object (keydata) creation and destruction */
+ void *OP_keymgmt_new(void *provctx);
+ void OP_keymgmt_free(void *keydata);
    +
    + /* Key object information */
+ int OP_keymgmt_get_params(void *keydata, OSSL_PARAM params[]);
+ const OSSL_PARAM *OP_keymgmt_gettable_params(void);
+ int OP_keymgmt_set_params(void *keydata, const OSSL_PARAM params[]);
+ const OSSL_PARAM *OP_keymgmt_settable_params(void);
    +
    + /* Key object content checks */
+ int OP_keymgmt_has(void *keydata, int selection);
+ int OP_keymgmt_match(const void *keydata1, const void *keydata2,
+                      int selection);
    +
    + /* Discovery of supported operations */
+ const char *OP_keymgmt_query_operation_name(int operation_id);
    +
    + /* Key object import and export functions */
+ int OP_keymgmt_import(int selection, void *keydata, const OSSL_PARAM params[]);
+ const OSSL_PARAM *OP_keymgmt_import_types(int selection);
+ int OP_keymgmt_export(int selection, void *keydata,
+                       OSSL_CALLBACK *param_cb, void *cbarg);
+ const OSSL_PARAM *OP_keymgmt_export_types(int selection);
    +
    + /* Key object copy */
+ int OP_keymgmt_copy(void *keydata_to, const void *keydata_from, int selection);
    +
    + /* Key object validation */
+ int OP_keymgmt_validate(void *keydata, int selection);
    +

    +

    +
    +

    DESCRIPTION

    +

    The KEYMGMT operation doesn't have much public visibility in OpenSSL +libraries, it's rather an internal operation that's designed to work +in tandem with operations that use private/public key pairs.

    +

    Because the KEYMGMT operation shares knowledge with the operations it +works with in tandem, they must belong to the same provider. +The OpenSSL libraries will ensure that they do.

    +

    The primary responsibility of the KEYMGMT operation is to hold the +provider side key data for the OpenSSL library EVP_PKEY structure.

    +

    All "functions" mentioned here are passed as function pointers between +libcrypto and the provider in OSSL_DISPATCH arrays via +OSSL_ALGORITHM arrays that are returned by the provider's +provider_query_operation() function +(see provider-base(7)/Provider Functions).

    +

    All these "functions" have a corresponding function type definition +named OSSL_{name}_fn, and a helper function to retrieve the +function pointer from a OSSL_DISPATCH element named +OSSL_get_{name}. +For example, the "function" OP_keymgmt_new() has these:

    +
    + typedef void *(OSSL_OP_keymgmt_new_fn)(void *provctx);
+ static ossl_inline OSSL_OP_keymgmt_new_fn
+     OSSL_get_OP_keymgmt_new(const OSSL_DISPATCH *opf);
    +

    OSSL_DISPATCH arrays are indexed by numbers that are provided as +macros in openssl-core_numbers.h(7), as follows:

    +
    + OP_keymgmt_new                  OSSL_FUNC_KEYMGMT_NEW
+ OP_keymgmt_free                 OSSL_FUNC_KEYMGMT_FREE
    +
    + OP_keymgmt_get_params           OSSL_FUNC_KEYMGMT_GET_PARAMS
+ OP_keymgmt_gettable_params      OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS
+ OP_keymgmt_set_params           OSSL_FUNC_KEYMGMT_SET_PARAMS
+ OP_keymgmt_settable_params      OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS
    +
    + OP_keymgmt_query_operation_name OSSL_FUNC_KEYMGMT_QUERY_OPERATION_NAME
    +
    + OP_keymgmt_has                  OSSL_FUNC_KEYMGMT_HAS
+ OP_keymgmt_validate             OSSL_FUNC_KEYMGMT_VALIDATE
+ OP_keymgmt_match                OSSL_FUNC_KEYMGMT_MATCH
    +
    + OP_keymgmt_import               OSSL_FUNC_KEYMGMT_IMPORT
+ OP_keymgmt_import_types         OSSL_FUNC_KEYMGMT_IMPORT_TYPES
+ OP_keymgmt_export               OSSL_FUNC_KEYMGMT_EXPORT
+ OP_keymgmt_export_types         OSSL_FUNC_KEYMGMT_EXPORT_TYPES
    +
    + OP_keymgmt_copy                 OSSL_FUNC_KEYMGMT_COPY
    +

    +

    +

    Key Objects

    +

    A key object is a collection of data for an asymmetric key, and is +represented as keydata in this manual.

    +

    The exact contents of a key object are defined by the provider, and it +is assumed that different operations in one and the same provider use +the exact same structure to represent this collection of data, so that +for example, a key object that has been created using the KEYMGMT +interface that we document here can be passed as is to other provider +operations, such as OP_signature_sign_init() (see +provider-signature(7)).

    +

    With some of the KEYMGMT functions, it's possible to select a specific +subset of data to handle, governed by the bits in a selection +indicator. The bits are:

    +
    +
    OSSL_KEYMGMT_SELECT_PRIVATE_KEY
    + +
    +

    Indicating that the private key data in a key object should be +considered.

    +
    +
    OSSL_KEYMGMT_SELECT_PUBLIC_KEY
    + +
    +

    Indicating that the public key data in a key object should be +considered.

    +
    +
    OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS
    + +
    +

    Indicating that the domain parameters in a key object should be +considered.

    +
    +
    OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS
    + +
    +

    Indicating that other parameters in a key object should be +considered.

    +

    Other parameters are key parameters that don't fit any other +classification. In other words, this particular selector bit works as +a last resort bit bucket selector.

    +
    +
    +

    Some selector bits have also been combined for easier use:

    +
    +
    OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
    + +
    +

    Indicating that all key object parameters should be considered, +regardless of their more granular classification.

    +

    This is a combination of OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS and +OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS.

    +
    +
    OSSL_KEYMGMT_SELECT_KEYPAIR
    + +
    +

    Indicating that both the whole key pair in a key object should be +considered, i.e. the combination of public and private key.

    +

    This is a combination of OSSL_KEYMGMT_SELECT_PRIVATE_KEY and +OSSL_KEYMGMT_SELECT_PUBLIC_KEY.

    +
    +
    OSSL_KEYMGMT_SELECT_ALL
    + +
    +

    Indicating that everything in a key object should be considered.

    +
    +
    +

    The exact interpretation of those bits or how they combine is left to +each function where you can specify a selector.

    +

    +

    +

    Constructing and Destructing Functions

    +

    OP_keymgmt_new() should create a provider side key object. The +provider context provctx is passed and may be incorporated in the +key object, but that is not mandatory.

    +

    OP_keymgmt_free() should free the passed keydata.

    +

    The constructor and destructor are mandatory, a KEYMGMT implementation +without them will not be accepted.

    +

    +

    +

    Key Object Information Functions

    +

    OP_keymgmt_get_params() should extract information data associated +with the given keydata, see Information Parameters.

    +

    OP_keymgmt_gettable_params() should return a constant array of +descriptor OSSL_PARAM, for parameters that OP_keymgmt_get_params() +can handle.

    +

    If OP_keymgmt_gettable_params() is present, OP_keymgmt_get_params() +must also be present, and vice versa.

    +

    OP_keymgmt_set_params() should update information data associated +with the given keydata, see Information Parameters.

    +

    OP_keymgmt_settable_params() should return a constant array of +descriptor OSSL_PARAM, for parameters that OP_keymgmt_set_params() +can handle.

    +

    If OP_keymgmt_settable_params() is present, OP_keymgmt_set_params() +must also be present, and vice versa.

    +

    +

    +

    Key Object Checking Functions

    +

    OP_keymgmt_query_operation_name() should return the name of the +supported algorithm for the operation operation_id. This is +similar to provider_query_operation() (see provider-base(7)), +but only works as an advisory. If this function is not present, or +returns NULL, the caller is free to assume that there's an algorithm +from the same provider, of the same name as the one used to fetch the +keymgmt and try to use that.

    +

    OP_keymgmt_has() should check whether the given keydata contains the subsets +of data indicated by the selector. A combination of several +selector bits must consider all those subsets, not just one. An +implementation is, however, free to consider an empty subset of data +to still be a valid subset.

    +

    OP_keymgmt_validate() should check if the keydata contains valid +data subsets indicated by selection. Some combined selections of +data subsets may cause validation of the combined data. +For example, the combination of OSSL_KEYMGMT_SELECT_PRIVATE_KEY and +OSSL_KEYMGMT_SELECT_PUBLIC_KEY (or OSSL_KEYMGMT_SELECT_KEYPAIR +for short) is expected to check that the pairwise consistency of +keydata is valid.

    +

    OP_keymgmt_match() should check if the data subset indicated by +selection in keydata1 and keydata2 match. It is assumed that +the caller has ensured that keydata1 and keydata2 are both owned +by the implementation of this function.

    +

    +

    +

    Key Object Import, Export and Copy Functions

    +

    OP_keymgmt_import() should import data indicated by selection into +keydata with values taken from the OSSL_PARAM array params.

    +

    OP_keymgmt_export() should extract values indicated by selection +from keydata, create an OSSL_PARAM array with them and call +param_cb with that array as well as the given cbarg.

    +

    OP_keymgmt_import_types() should return a constant array of descriptor +OSSL_PARAM for data indicated by selection, for parameters that +OP_keymgmt_import() can handle.

    +

    OP_keymgmt_export_types() should return a constant array of descriptor +OSSL_PARAM for data indicated by selection, that the +OP_keymgmt_export() callback can expect to receive.

    +

    OP_keymgmt_copy() should copy data subsets indicated by selection +from keydata_from to keydata_to. It is assumed that the caller +has ensured that keydata_to and keydata_from are both owned by +the implementation of this function.

    +

    +

    +

    Built-in RSA Import/Export Types

    +

    The following Import/Export types are available for the built-in RSA algorithm:

    +
    +
    "n" (OSSL_PKEY_PARAM_RSA_N) <integer>
    + +
    +

    The RSA "n" value.

    +
    +
    "e" (OSSL_PKEY_PARAM_RSA_E) <integer>
    + +
    +

    The RSA "e" value.

    +
    +
    "d" (OSSL_PKEY_PARAM_RSA_D) <integer>
    + +
    +

    The RSA "d" value.

    +
    +
    "rsa-factor" (OSSL_PKEY_PARAM_RSA_FACTOR) <integer>
    + +
    +

    An RSA factor. In 2 prime RSA these are often known as "p" or "q". This value +may be repeated up to 10 times in a single key.

    +
    +
    "rsa-exponent" (OSSL_PKEY_PARAM_RSA_EXPONENT) <integer>
    + +
    +

    An RSA CRT (Chinese Remainder Theorem) exponent. This value may be repeated up +to 10 times in a single key.

    +
    +
    "rsa-coefficient" (OSSL_PKEY_PARAM_RSA_COEFFICIENT) <integer>
    + +
    +

    An RSA CRT (Chinese Remainder Theorem) coefficient. This value may be repeated +up to 9 times in a single key.

    +
    +
    +

    +

    +

    Built-in DSA and Diffie-Hellman Import/Export Types

    +

    The following Import/Export types are available for the built-in DSA and +Diffie-Hellman algorithms:

    +
    +
    "pub" (OSSL_PKEY_PARAM_PUB_KEY) <integer> or <octet string>
    + +
    +

    The public key value.

    +
    +
    "priv" (OSSL_PKEY_PARAM_PRIV_KEY) <integer> or <octet string>
    + +
    +

    The private key value.

    +
    +
    "p" (OSSL_PKEY_PARAM_FFC_P) <integer>
    + +
    +

    A DSA or Diffie-Hellman "p" value.

    +
    +
    "q" (OSSL_PKEY_PARAM_FFC_Q) <integer>
    + +
    +

    A DSA or Diffie-Hellman "q" value.

    +
    +
    "g" (OSSL_PKEY_PARAM_FFC_G) <integer>
    + +
    +

    A DSA or Diffie-Hellman "g" value.

    +
    +
    +

    +

    +

    Built-in X25519, X448, ED25519 and ED448 Import/Export Types

    +

    The following Import/Export types are available for the built-in X25519, X448, +ED25519 and X448 algorithms:

    +
    +
    "pub" (OSSL_PKEY_PARAM_PUB_KEY) <octet string>
    + +
    +

    The public key value.

    +
    +
    "priv" (OSSL_PKEY_PARAM_PRIV_KEY) <octet string>
    + +
    +

    The private key value.

    +
    +
    +

    +

    +

    Information Parameters

    +

    See OSSL_PARAM(3) for further details on the parameters structure.

    +

    Parameters currently recognised by built-in keymgmt algorithms +are as follows. +Not all parameters are relevant to, or are understood by all keymgmt +algorithms:

    +
    +
    "bits" (OSSL_PKEY_PARAM_BITS) <integer>
    + +
    +

    The value should be the cryptographic length of the cryptosystem to +which the key belongs, in bits. The definition of cryptographic +length is specific to the key cryptosystem.

    +
    +
    "max-size" (OSSL_PKEY_PARAM_MAX_SIZE) <integer>
    + +
    +

    The value should be the maximum size that a caller should allocate to +safely store a signature (called sig in provider-signature(7)), +the result of asymmmetric encryption / decryption (out in +provider-asym_cipher(7), a derived secret (secret in +provider-keyexch(7), and similar data).

    +

    Because an EVP_KEYMGMT method is always tightly bound to another method +(signature, asymmetric cipher, key exchange, ...) and must be of the +same provider, this number only needs to be synchronised with the +dimensions handled in the rest of the same provider.

    +
    +
    "security-bits" (OSSL_PKEY_PARAM_SECURITY_BITS) <integer>
    + +
    +

    The value should be the number of security bits of the given key. +Bits of security is defined in SP800-57.

    +
    +
    "use-cofactor-flag" (OSSL_PKEY_PARAM_USE_COFACTOR_FLAG, +OSSL_PKEY_PARAM_USE_COFACTOR_ECDH) <integer>
    + +
    +

    The value should be either 1 or 0, to respectively enable or disable +use of the cofactor in operations using this key.

    +

    In the context of a key that can be used to perform an Elliptic Curve +Diffie-Hellman key exchange, this parameter can be used to mark a requirement +for using the Cofactor Diffie-Hellman (CDH) variant of the key exchange +algorithm.

    +

    See also provider-keyexch(7) for the related +OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE parameter that can be set on a +per-operation basis.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    OP_keymgmt_new() should return a valid reference to the newly created provider +side key object, or NULL on failure.

    +

    OP_keymgmt_import(), OP_keymgmt_export(), OP_keymgmt_get_params() and +OP_keymgmt_set_params() should return 1 for success or 0 on error.

    +

    OP_keymgmt_validate() should return 1 on successful validation, or 0 on +failure.

    +

    OP_keymgmt_has() should return 1 if all the selected data subsets are contained +in the given keydata or 0 otherwise.

    +

    OP_keymgmt_query_operation_name() should return a pointer to a string matching +the requested operation, or NULL if the same name used to fetch the keymgmt +applies.

    +

    OP_keymgmt_gettable_params() and OP_keymgmt_settable_params() +OP_keymgmt_import_types(), OP_keymgmt_export_types() +should +always return a constant OSSL_PARAM array.

    +

    +

    +
    +

    SEE ALSO

    +

    provider(7)

    +

    +

    +
    +

    HISTORY

    +

    The KEYMGMT interface was introduced in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man7/provider-mac.html b/linux_amd64/ssl/share/doc/openssl/html/man7/provider-mac.html new file mode 100755 index 0000000..4011f1f --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man7/provider-mac.html @@ -0,0 +1,266 @@ + + + + +provider-mac + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    provider-mac - The mac library <-> provider functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/core_numbers.h>
+ #include <openssl/core_names.h>
    +
    + /*
+  * None of these are actual functions, but are displayed like this for
+  * the function signatures for functions that are offered as function
+  * pointers in OSSL_DISPATCH arrays.
+  */
    +
    + /* Context management */
+ void *OP_mac_newctx(void *provctx);
+ void OP_mac_freectx(void *mctx);
+ void *OP_mac_dupctx(void *src);
    +
    + /* Encryption/decryption */
+ int OP_mac_init(void *mctx);
+ int OP_mac_update(void *mctx, const unsigned char *in, size_t inl);
+ int OP_mac_final(void *mctx, unsigned char *out, size_t *outl, size_t outsize);
    +
    + /* MAC parameter descriptors */
+ const OSSL_PARAM *OP_mac_get_params(void);
+ const OSSL_PARAM *OP_mac_get_ctx_params(void);
+ const OSSL_PARAM *OP_mac_set_ctx_params(void);
    +
    + /* MAC parameters */
+ int OP_mac_get_params(OSSL_PARAM params[]);
+ int OP_mac_get_ctx_params(void *mctx, OSSL_PARAM params[]);
+ int OP_mac_set_ctx_params(void *mctx, const OSSL_PARAM params[]);
    +

    +

    +
    +

    DESCRIPTION

    +

    This documentation is primarily aimed at provider authors. See provider(7) +for further information.

    +

    The MAC operation enables providers to implement mac algorithms and make +them available to applications via the API functions EVP_MAC_init(3), +EVP_MAC_update(3) and EVP_MAC_final(3).

    +

    All "functions" mentioned here are passed as function pointers between +libcrypto and the provider in OSSL_DISPATCH arrays via +OSSL_ALGORITHM arrays that are returned by the provider's +provider_query_operation() function +(see provider-base(7)/Provider Functions).

    +

    All these "functions" have a corresponding function type definition +named OSSL_{name}_fn, and a helper function to retrieve the +function pointer from an OSSL_DISPATCH element named +OSSL_get_{name}. +For example, the "function" OP_mac_newctx() has these:

    +
    + typedef void *(OSSL_OP_mac_newctx_fn)(void *provctx);
+ static ossl_inline OSSL_OP_mac_newctx_fn
+     OSSL_get_OP_mac_newctx(const OSSL_DISPATCH *opf);
    +

    OSSL_DISPATCH arrays are indexed by numbers that are provided as +macros in openssl-core_numbers.h(7), as follows:

    +
    + OP_mac_newctx               OSSL_FUNC_MAC_NEWCTX
+ OP_mac_freectx              OSSL_FUNC_MAC_FREECTX
+ OP_mac_dupctx               OSSL_FUNC_MAC_DUPCTX
    +
    + OP_mac_init                 OSSL_FUNC_MAC_INIT
+ OP_mac_update               OSSL_FUNC_MAC_UPDATE
+ OP_mac_final                OSSL_FUNC_MAC_FINAL
    +
    + OP_mac_get_params           OSSL_FUNC_MAC_GET_PARAMS
+ OP_mac_get_ctx_params       OSSL_FUNC_MAC_GET_CTX_PARAMS
+ OP_mac_set_ctx_params       OSSL_FUNC_MAC_SET_CTX_PARAMS
    +
    + OP_mac_gettable_params      OSSL_FUNC_MAC_GETTABLE_PARAMS
+ OP_mac_gettable_ctx_params  OSSL_FUNC_MAC_GETTABLE_CTX_PARAMS
+ OP_mac_settable_ctx_params  OSSL_FUNC_MAC_SETTABLE_CTX_PARAMS
    +

    A mac algorithm implementation may not implement all of these functions. +In order to be a consistent set of functions, at least the following functions +must be implemented: OP_mac_newctx(), OP_mac_freectx(), OP_mac_init(), +OP_mac_update(), OP_mac_final(). +All other functions are optional.

    +

    +

    +

    Context Management Functions

    +

    OP_mac_newctx() should create and return a pointer to a provider side +structure for holding context information during a mac operation. +A pointer to this context will be passed back in a number of the other mac +operation function calls. +The parameter provctx is the provider context generated during provider +initialisation (see provider(7)).

    +

    OP_mac_freectx() is passed a pointer to the provider side mac context in +the mctx parameter. +If it receives NULL as mctx value, it should not do anything other than +return. +This function should free any resources associated with that context.

    +

    OP_mac_dupctx() should duplicate the provider side mac context in the +mctx parameter and return the duplicate copy.

    +

    +

    +

    Encryption/Decryption Functions

    +

    OP_mac_init() initialises a mac operation given a newly created provider +side mac context in the mctx parameter.

    +

    OP_mac_update() is called to supply data for MAC computation of a previously +initialised mac operation. +The mctx parameter contains a pointer to a previously initialised provider +side context. +OP_mac_update() may be called multiple times for a single mac operation.

    +

    OP_mac_final() completes the MAC computation started through previous +OP_mac_init() and OP_mac_update() calls. +The mctx parameter contains a pointer to the provider side context. +The resulting MAC should be written to out and the amount of data written +to *outl, which should not exceed outsize bytes. +The same expectations apply to outsize as documented for +EVP_MAC_final(3).

    +

    +

    +

    Mac Parameters

    +

    See OSSL_PARAM(3) for further details on the parameters structure used by +these functions.

    +

    OP_mac_get_params() gets details of parameter values associated with the +provider algorithm and stores them in params.

    +

    OP_mac_set_ctx_params() sets mac parameters associated with the given +provider side mac context mctx to params. +Any parameter settings are additional to any that were previously set.

    +

    OP_mac_get_ctx_params() gets details of currently set parameter values +associated with the given provider side mac context mctx and stores them +in params.

    +

    OP_mac_gettable_params(), OP_mac_gettable_ctx_params(), and +OP_mac_settable_ctx_params() all return constant OSSL_PARAM arrays +as descriptors of the parameters that OP_mac_get_params(), +OP_mac_get_ctx_params(), and OP_mac_set_ctx_params() can handle, +respectively.

    +

    Parameters currently recognised by built-in macs are as follows. Not all +parameters are relevant to, or are understood by all macs:

    +
    +
    "key" (OSSL_MAC_PARAM_KEY) <octet string>
    + +
    +

    Sets the key in the associated MAC ctx.

    +
    +
    "iv" (OSSL_MAC_PARAM_IV) <octet string>
    + +
    +

    Sets the IV of the underlying cipher, when applicable.

    +
    +
    "custom" (OSSL_MAC_PARAM_CUSTOM) <UTF8 string>
    + +
    +

    Sets the custom string in the associated MAC ctx.

    +
    +
    "salt" (OSSL_MAC_PARAM_SALT) <octet string>
    + +
    +

    Sets the salt of the underlying cipher, when applicable.

    +
    +
    "xof" (OSSL_MAC_PARAM_BLOCK_XOF) <integer>
    + +
    +

    Sets XOF mode in the associated MAC ctx. +0 means no XOF mode, 1 means XOF mode.

    +
    +
    "flags" (OSSL_MAC_PARAM_FLAGS) <integer>
    + +
    +

    Gets flags associated with the MAC.

    +
    +
    "cipher" (OSSL_MAC_PARAM_CIPHER) <UTF8 string>
    + +
    "digest" (OSSL_MAC_PARAM_DIGEST) <UTF8 string>
    + +
    +

    Sets the name of the underlying cipher or digest to be used. +It must name a suitable algorithm for the MAC that's being used.

    +
    +
    "properties" (OSSL_MAC_PARAM_PROPERTIES) <UTF8 string>
    + +
    +

    Sets the properties to be queried when trying to fetch the underlying algorithm. +This must be given together with the algorithm naming parameter to be +considered valid.

    +
    +
    "size" (OSSL_MAC_PARAM_SIZE) <integer>
    + +
    +

    Can be used to get the resulting MAC size.

    +

    With some MAC algorithms, it can also be used to set the size that the +resulting MAC should have. +Allowable sizes are decided within each implementation.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    OP_mac_newctx() and OP_mac_dupctx() should return the newly created +provider side mac context, or NULL on failure.

    +

    OP_mac_init(), OP_mac_update(), OP_mac_final(), OP_mac_get_params(), +OP_mac_get_ctx_params() and OP_mac_set_ctx_params() should return 1 for +success or 0 on error.

    +

    OP_mac_gettable_params(), OP_mac_gettable_ctx_params() and +OP_mac_settable_ctx_params() should return a constant OSSL_PARAM +array, or NULL if none is offered.

    +

    +

    +
    +

    SEE ALSO

    +

    provider(7)

    +

    +

    +
    +

    HISTORY

    +

    The provider MAC interface was introduced in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man7/provider-serializer.html b/linux_amd64/ssl/share/doc/openssl/html/man7/provider-serializer.html new file mode 100755 index 0000000..0d5d770 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man7/provider-serializer.html @@ -0,0 +1,297 @@ + + + + +provider-serializer + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    provider-serializer - The SERIALIZER library <-> provider functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/core_numbers.h>
    +
    + /*
+  * None of these are actual functions, but are displayed like this for
+  * the function signatures for functions that are offered as function
+  * pointers in OSSL_DISPATCH arrays.
+  */
    +
    + /* Functions to construct / destruct / manipulate the serializer context */
+ void *OP_serializer_newctx(void *provctx);
+ void OP_serializer_freectx(void *ctx);
+ int OP_serializer_set_ctx_params(void *ctx, const OSSL_PARAM params[]);
+ const OSSL_PARAM *OP_serializer_settable_ctx_params(void)
    +
    + /* Functions to serialize object data */
+ int OP_serializer_serialize_data(void *ctx, const OSSL_PARAM *data,
+                                  BIO *out,
+                                  OSSL_PASSPHRASE_CALLBACK *cb,
+                                  void *cbarg);
+ int OP_serializer_serialize_object(void *ctx, void *obj, BIO *out,
+                                    OSSL_PASSPHRASE_CALLBACK *cb,
+                                    void *cbarg);
    +

    +

    +
    +

    DESCRIPTION

    +

    The SERIALIZER is a generic method to serialize any set of object data +in OSSL_PARAM(3) array form, or any provider side object into +serialized form, and write it to the given BIO. If the caller wants +to get the serialized stream to memory, it should provide a +BIO_s_membuf(3).

    +

    The serializer doesn't need to know more about the BIO pointer than +being able to pass it to the appropriate BIO upcalls (see +provider-base(7)/Core functions).

    +

    The serialization using the OSSL_PARAM(3) array form allows a +serializer to be used for data that's been exported from another +provider, and thereby allow them to exist independently of each +other.

    +

    The serialization using a provider side object can only be safely used +with provider data coming from the same provider, for example keys +with the KEYMGMT provider.

    +

    All "functions" mentioned here are passed as function pointers between +libcrypto and the provider in OSSL_DISPATCH arrays via +OSSL_ALGORITHM arrays that are returned by the provider's +provider_query_operation() function +(see provider-base(7)/Provider Functions).

    +

    All these "functions" have a corresponding function type definition +named OSSL_{name}_fn, and a helper function to retrieve the +function pointer from a OSSL_DISPATCH element named +OSSL_get_{name}. +For example, the "function" OP_serializer_serialize_data() has these:

    +
    + typedef int
+     (OSSL_OP_serializer_serialize_data_fn)(void *provctx,
+                                            const OSSL_PARAM params[],
+                                            BIO *out);
+ static ossl_inline OSSL_OP_serializer_serialize_data_fn
+     OSSL_get_OP_serializer_serialize_data(const OSSL_DISPATCH *opf);
    +

    OSSL_DISPATCH arrays are indexed by numbers that are provided as +macros in openssl-core_numbers.h(7), as follows:

    +
    + OP_serializer_newctx              OSSL_FUNC_SERIALIZER_NEWCTX
+ OP_serializer_freectx             OSSL_FUNC_SERIALIZER_FREECTX
+ OP_serializer_set_ctx_params      OSSL_FUNC_SERIALIZER_SET_CTX_PARAMS
+ OP_serializer_settable_ctx_params OSSL_FUNC_SERIALIZER_SETTABLE_CTX_PARAMS
    +
    + OP_serializer_serialize_data      OSSL_FUNC_SERIALIZER_SERIALIZE_DATA
+ OP_serializer_serialize_object    OSSL_FUNC_SERIALIZER_SERIALIZE_OBJECT
    +

    +

    +

    Names and properties

    +

    The name of an implementation should match the type of object it +handles. For example, an implementation that serializes an RSA key +should be named accordingly.

    +

    To be able to specify exactly what serialization format and what type +of data a serializer implementation is expected to handle, two +additional properties may be given:

    +
    +
    format
    + +
    +

    This property is used to specify what kind of output format the +implementation produces. Currently known formats are:

    +
    +
    text
    + +
    +

    An implementation with that format property value outputs human +readable text, making that implementation suitable for -text output +in diverse openssl(1) commands.

    +
    +
    pem
    + +
    +

    An implementation with that format property value outputs PEM +formatted data.

    +
    +
    der
    + +
    +

    An implementation with that format property value outputs DER +formatted data.

    +
    +
    +
    +
    type
    + +
    +

    With objects that have multiple purposes, this can be used to specify +the purpose type. The currently known use cases are asymmetric keys +and key parameters, where the type can be one of:

    +
    +
    private
    + +
    +

    An implementation with that format property value outputs a private +key.

    +
    +
    public
    + +
    +

    An implementation with that format property value outputs a public +key.

    +
    +
    parameters
    + +
    +

    An implementation with that format property value outputs key +parameters.

    +
    +
    +
    +
    +

    The possible values of both these properties is open ended. A +provider may very well specify other formats that libcrypto doesn't +know anything about.

    +

    +

    +

    Context functions

    +

    OP_serializer_newctx() returns a context to be used with the rest of +the functions.

    +

    OP_serializer_freectx() frees the given ctx, if it was created by +OP_serializer_newctx().

    +

    OP_serializer_set_ctx_params() sets context data according to +parameters from params that it recognises. Unrecognised parameters +should be ignored.

    +

    OP_serializer_settable_ctx_params() returns a constant OSSL_PARAM +array describing the parameters that OP_serializer_set_ctx_params() +can handle.

    +

    See OSSL_PARAM(3) for further details on the parameters structure used +by OP_serializer_set_ctx_params() and OP_serializer_settable_ctx_params().

    +

    +

    +

    Serializing functions

    +

    OP_serializer_serialize_data() should take an array of OSSL_PARAM, +data, and if it contains the data necessary for the object type +that the implementation handles, it should output the object in +serialized form to the BIO.

    +

    OP_serializer_serialize_object() should take a pointer to an object +that it knows intimately, and output that object in serialized form to +the BIO. The caller must ensure that this function is called +with a pointer that the provider of this function is familiar with. +It is not suitable to use with object pointers coming from other +providers.

    +

    Both serialization functions also take an OSSL_PASSPHRASE_CALLBACK +function pointer along with a pointer to application data cbarg, +which should be used when a pass phrase prompt is needed.

    +

    +

    +

    Serializer parameters

    +

    Parameters currently recognised by built-in serializers are as +follows:

    +
    +
    "cipher" (OSSL_SERIALIZER_PARAM_CIPHER) <UTF8 string>
    + +
    +

    The name of the encryption cipher to be used when generating encrypted +serialization. This is used when serializing private keys, as well as +other objects that need protection.

    +

    If this name is invalid for the serialization implementation, the +implementation should refuse to perform the serialization, i.e. +OP_serializer_serialize_data() and OP_serializer_serialize_object() +should return an error.

    +
    +
    "properties" (OSSL_SERIALIZER_PARAM_PROPERTIES) <UTF8 string>
    + +
    +

    The properties to be queried when trying to fetch the algorithm given +with the "cipher" parameter. +This must be given together with the "cipher" parameter to be +considered valid.

    +

    The serialization implementation isn't obligated to use this value. +However, it is recommended that implementations that do not handle +property strings return an error on receiving this parameter unless +its value NULL or the empty string.

    +
    +
    "passphrase" (OSSL_SERIALIZER_PARAM_PASS) <octet string>
    + +
    +

    A pass phrase provided by the application. When this is given, the +built-in serializers will not attempt to use the passphrase callback.

    +
    +
    +

    Parameters currently recognised by the built-in pass phrase callback:

    +
    +
    "info" (OSSL_PASSPHRASE_PARAM_INFO) <UTF8 string>
    + +
    +

    A string of information that will become part of the pass phrase +prompt. This could be used to give the user information on what kind +of object it's being prompted for.

    +
    +
    +

    +

    +
    +

    RETURN VALUES

    +

    OP_serializer_newctx() returns a pointer to a context, or NULL on +failure.

    +

    OP_serializer_set_ctx_params() returns 1, unless a recognised +parameters was invalid or caused an error, for which 0 is returned.

    +

    OP_serializer_settable_ctx_params() returns a pointer to an array of +constant OSSL_PARAM elements.

    +

    OP_serializer_serialize_data() and OP_serializer_serialize_object() +return 1 on success, or 0 on failure.

    +

    +

    +
    +

    SEE ALSO

    +

    provider(7)

    +

    +

    +
    +

    HISTORY

    +

    The SERIALIZER interface was introduced in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man7/provider-signature.html b/linux_amd64/ssl/share/doc/openssl/html/man7/provider-signature.html new file mode 100755 index 0000000..c961dd2 --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man7/provider-signature.html @@ -0,0 +1,271 @@ + + + + +provider-signature + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    provider-signature - The signature library <-> provider functions

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/core_numbers.h>
+ #include <openssl/core_names.h>
    +
    + /*
+  * None of these are actual functions, but are displayed like this for
+  * the function signatures for functions that are offered as function
+  * pointers in OSSL_DISPATCH arrays.
+  */
    +
    + /* Context management */
+ void *OP_signature_newctx(void *provctx);
+ void OP_signature_freectx(void *ctx);
+ void *OP_signature_dupctx(void *ctx);
    +
    + /* Signing */
+ int OP_signature_sign_init(void *ctx, void *provkey);
+ int OP_signature_sign(void *ctx, unsigned char *sig, size_t *siglen,
+                       size_t sigsize, const unsigned char *tbs, size_t tbslen);
    +
    + /* Verifying */
+ int OP_signature_verify_init(void *ctx, void *provkey);
+ int OP_signature_verify(void *ctx, const unsigned char *sig, size_t siglen,
+                         const unsigned char *tbs, size_t tbslen);
    +
    + /* Verify Recover */
+ int OP_signature_verify_recover_init(void *ctx, void *provkey);
+ int OP_signature_verify_recover(void *ctx, unsigned char *rout,
+                                 size_t *routlen, size_t routsize,
+                                 const unsigned char *sig, size_t siglen);
    +
    + /* Signature parameters */
+ int OP_signature_get_ctx_params(void *ctx, OSSL_PARAM params[]);
+ const OSSL_PARAM *OP_signature_gettable_ctx_params(void);
+ int OP_signature_set_ctx_params(void *ctx, const OSSL_PARAM params[]);
+ const OSSL_PARAM *OP_signature_settable_ctx_params(void);
    +

    +

    +
    +

    DESCRIPTION

    +

    This documentation is primarily aimed at provider authors. See provider(7) +for further information.

    +

    The signature (OSSL_OP_SIGNATURE) operation enables providers to implement +signature algorithms and make them available to applications via the API +functions EVP_PKEY_sign(3), +EVP_PKEY_verify(3), +and EVP_PKEY_verify_recover(3) (as well +as other related functions).

    +

    All "functions" mentioned here are passed as function pointers between +libcrypto and the provider in OSSL_DISPATCH arrays via +OSSL_ALGORITHM arrays that are returned by the provider's +provider_query_operation() function +(see provider-base(7)/Provider Functions).

    +

    All these "functions" have a corresponding function type definition +named OSSL_{name}_fn, and a helper function to retrieve the +function pointer from an OSSL_DISPATCH element named +OSSL_get_{name}. +For example, the "function" OP_signature_newctx() has these:

    +
    + typedef void *(OSSL_OP_signature_newctx_fn)(void *provctx);
+ static ossl_inline OSSL_OP_signature_newctx_fn
+     OSSL_get_OP_signature_newctx(const OSSL_DISPATCH *opf);
    +

    OSSL_DISPATCH arrays are indexed by numbers that are provided as +macros in openssl-core_numbers.h(7), as follows:

    +
    + OP_signature_newctx                 OSSL_FUNC_SIGNATURE_NEWCTX
+ OP_signature_freectx                OSSL_FUNC_SIGNATURE_FREECTX
+ OP_signature_dupctx                 OSSL_FUNC_SIGNATURE_DUPCTX
    +
    + OP_signature_sign_init              OSSL_FUNC_SIGNATURE_SIGN_INIT
+ OP_signature_sign                   OSSL_FUNC_SIGNATURE_SIGN
    +
    + OP_signature_verify_init            OSSL_FUNC_SIGNATURE_VERIFY_INIT
+ OP_signature_verify                 OSSL_FUNC_SIGNATURE_VERIFY
    +
    + OP_signature_verify_recover_init    OSSL_FUNC_SIGNATURE_VERIFY_RECOVER_INIT
+ OP_signature_verify_recover         OSSL_FUNC_SIGNATURE_VERIFY_RECOVER
    +
    + OP_signature_get_ctx_params         OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS
+ OP_signature_gettable_ctx_params    OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS
+ OP_signature_set_ctx_params         OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS
+ OP_signature_settable_ctx_params    OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS
    +

    A signature algorithm implementation may not implement all of these functions. +In order to be a consistent set of functions a provider must implement +OP_signature_newctx and OP_signature_freectx. +It must also implement both of OP_signature_sign_init and OP_signature_sign, +or both of OP_signature_verify_init and OP_signature_verify, or both of +OP_signature_verify_recover_init and OP_signature_verify_recover. +All other functions are optional.

    +

    A signature algorithm must also implement some mechanism for generating, +loading or importing keys via the key management (OSSL_OP_KEYMGMT) operation. +See provider-keymgmt(7) for further details.

    +

    +

    +

    Context Management Functions

    +

    OP_signature_newctx() should create and return a pointer to a provider side +structure for holding context information during a signature operation. +A pointer to this context will be passed back in a number of the other signature +operation function calls. +The parameter provctx is the provider context generated during provider +initialisation (see provider(7)).

    +

    OP_signature_freectx() is passed a pointer to the provider side signature +context in the ctx parameter. +This function should free any resources associated with that context.

    +

    OP_signature_dupctx() should duplicate the provider side signature context in +the ctx parameter and return the duplicate copy.

    +

    +

    +

    Signing Functions

    +

    OP_signature_sign_init() initialises a context for signing given a provider side +signature context in the ctx parameter, and a pointer to a provider key object +in the provkey parameter. +The key object should have been previously generated, loaded or imported into +the provider using the key management (OSSL_OP_KEYMGMT) operation (see +provider-keymgmt(7)>.

    +

    OP_signature_sign() performs the actual signing itself. +A previously initialised signature context is passed in the ctx +parameter. +The data to be signed is pointed to be the tbs parameter which is tbslen +bytes long. +Unless sig is NULL, the signature should be written to the location pointed +to by the sig parameter and it should not exceed sigsize bytes in length. +The length of the signature should be written to *siglen. +If sig is NULL then the maximum length of the signature should be written to +*siglen.

    +

    +

    +

    Verify Functions

    +

    OP_signature_verify_init() initialises a context for verifying a signature given +a provider side signature context in the ctx parameter, and a pointer to a +provider key object in the provkey parameter. +The key object should have been previously generated, loaded or imported into +the provider using the key management (OSSL_OP_KEYMGMT) operation (see +provider-keymgmt(7)>.

    +

    OP_signature_verify() performs the actual verification itself. +A previously initialised signature context is passed in the ctx parameter. +The data that the signature covers is pointed to be the tbs parameter which +is tbslen bytes long. +The signature is pointed to by the sig parameter which is siglen bytes +long.

    +

    +

    +

    Verify Recover Functions

    +

    OP_signature_verify_recover_init() initialises a context for recovering the +signed data given a provider side signature context in the ctx parameter, and +a pointer to a provider key object in the provkey parameter. +The key object should have been previously generated, loaded or imported into +the provider using the key management (OSSL_OP_KEYMGMT) operation (see +provider-keymgmt(7)>.

    +

    OP_signature_verify_recover() performs the actual verify recover itself. +A previously initialised signature context is passed in the ctx parameter. +The signature is pointed to by the sig parameter which is siglen bytes +long. +Unless rout is NULL, the recovered data should be written to the location +pointed to by rout which should not exceed routsize bytes in length. +The length of the recovered data should be written to *routlen. +If rout is NULL then the maximum size of the output buffer is written to +the routlen parameter.

    +

    +

    +

    Signature Parameters

    +

    See OSSL_PARAM(3) for further details on the parameters structure used by +the OP_signature_get_ctx_params() and OP_signature_set_ctx_params() functions.

    +

    OP_signature_get_ctx_params() gets signature parameters associated with the +given provider side signature context ctx and stored them in params. +OP_signature_set_ctx_params() sets the signature parameters associated with the +given provider side signature context ctx to params. +Any parameter settings are additional to any that were previously set.

    +

    Parameters currently recognised by built-in signature algorithms are as +follows. +Not all parameters are relevant to, or are understood by all signature +algorithms:

    +
    +
    "digest" (OSSL_SIGNATURE_PARAM_DIGEST) <UTF8 string>
    + +
    +

    Get or sets the name of the digest algorithm used for the input to the signature +functions.

    +
    +
    "digest-size" (OSSL_SIGNATURE_PARAM_DIGEST_SIZE) <unsigned integer>
    + +
    +

    Gets or sets the output size of the digest algorithm used for the input to the +signature functions. +The length of the "digest-size" parameter should not exceed that of a size_t.

    +
    +
    +

    OP_signature_gettable_ctx_params() and OP_signature_settable_ctx_params() get a +constant OSSL_PARAM array that describes the gettable and settable parameters, +i.e. parameters that can be used with OP_signature_get_ctx_params() and +OP_signature_set_ctx_params() respectively. +See OSSL_PARAM(3) for the use of OSSL_PARAM as parameter descriptor.

    +

    +

    +
    +

    RETURN VALUES

    +

    OP_signature_newctx() and OP_signature_dupctx() should return the newly created +provider side signature, or NULL on failure.

    +

    All other functions should return 1 for success or 0 on error.

    +

    +

    +
    +

    SEE ALSO

    +

    provider(7)

    +

    +

    +
    +

    HISTORY

    +

    The provider SIGNATURE interface was introduced in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man7/provider.html b/linux_amd64/ssl/share/doc/openssl/html/man7/provider.html new file mode 100755 index 0000000..ba16dfa --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man7/provider.html @@ -0,0 +1,415 @@ + + + + +provider + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    provider - OpenSSL operation implementation providers

    +

    +

    +
    +

    SYNOPSIS

    +

    #include <openssl/provider.h>

    +

    +

    +
    +

    DESCRIPTION

    +

    +

    +

    General

    +

    A provider, in OpenSSL terms, is a unit of code that provides one +or more implementations for various operations for diverse algorithms +that one might want to perform.

    +

    An operation is something one wants to do, such as encryption and +decryption, key derivation, MAC calculation, signing and verification, +etc.

    +

    An algorithm is a named method to perform an operation. +Very often, the algorithms revolve around cryptographic operations, +but may also revolve around other types of operation, such as managing +certain types of objects.

    +

    +

    +

    Provider

    +

    NOTE: This section is mostly interesting for provider authors.

    +

    A provider offers an initialization function, as a set of base +functions in the form of an OSSL_DISPATCH array, and by extension, +a set of OSSL_ALGORITHMs (see openssl-core.h(7)). +It may be a dynamically loadable module, or may be built-in, in +OpenSSL libraries or in the application. +If it's a dynamically loadable module, the initialization function +must be named OSSL_provider_init and must be exported. +If it's built-in, the initialization function may have any name.

    +

    The initialization function must have the following signature:

    +
    + int NAME(const OSSL_PROVIDER *provider,
+          const OSSL_DISPATCH *in, const OSSL_DISPATCH **out,
+          void **provctx);
    +

    provider is the OpenSSL library object for the provider, and works +as a handle for everything the OpenSSL libraries need to know about +the provider. +For the provider itself, it may hold some interesting information, +and is also passed to some of the functions given in the dispatch +array in.

    +

    in is a dispatch array of base functions offered by the OpenSSL +libraries, and the available functions are further described in +provider-base(7).

    +

    *out must be assigned a dispatch array of base functions that the +provider offers to the OpenSSL libraries. +The functions that may be offered are further described in +provider-base(7), and they are the central means of communication +between the OpenSSL libraries and the provider.

    +

    *provctx should be assigned a provider specific context to allow +the provider multiple simultaneous uses. +This pointer will be passed to various operation functions offered by +the provider.

    +

    One of the functions the provider offers to the OpenSSL libraries is +the central mechanism for the OpenSSL libraries to get access to +operation implementations for diverse algorithms. +Its referred to with the number OSSL_FUNC_PROVIDER_QUERY_OPERATION +and has the following signature:

    +
    + const OSSL_ALGORITHM *provider_query_operation(void *provctx,
+                                                int operation_id,
+                                                const int *no_store);
    +

    provctx is the provider specific context that was passed back by +the initialization function.

    +

    operation_id is an operation identity (see Operations below).

    +

    no_store is a flag back to the OpenSSL libraries which, when +nonzero, signifies that the OpenSSL libraries will not store a +reference to the returned data in their internal store of +implementations.

    +

    The returned OSSL_ALGORITHM is the foundation of any OpenSSL +library API that uses providers for their implementation, most +commonly in the fetching type of functions +(see Fetching algorithms below).

    +

    +

    +

    Operations

    +

    NOTE: This section is mostly interesting for provider authors.

    +

    Operations are referred to with numbers, via macros with names +starting with OSSL_OP_.

    +

    With each operation comes a set of defined function types that a +provider may or may not offer, depending on its needs.

    +

    Currently available operations are:

    +
    +
    Digests
    + +
    +

    In the OpenSSL libraries, the corresponding method object is +EVP_MD. +The number for this operation is OSSL_OP_DIGEST. +The functions the provider can offer are described in +provider-digest(7)

    +
    +
    Symmetric ciphers
    + +
    +

    In the OpenSSL libraries, the corresponding method object is +EVP_CIPHER. +The number for this operation is OSSL_OP_CIPHER. +The functions the provider can offer are described in +provider-cipher(7)

    +
    +
    Message Authentication Code (MAC)
    + +
    +

    In the OpenSSL libraries, the corresponding method object is +EVP_MAC. +The number for this operation is OSSL_OP_MAC. +The functions the provider can offer are described in +provider-mac(7)

    +
    +
    Key Derivation Function (KDF)
    + +
    +

    In the OpenSSL libraries, the corresponding method object is +EVP_KDF. +The number for this operation is OSSL_OP_KDF. +The functions the provider can offer are described in +provider-kdf(7)

    +
    +
    Key Exchange
    + +
    +

    In the OpenSSL libraries, the corresponding method object is +EVP_KEYEXCH. +The number for this operation is OSSL_OP_KEYEXCH. +The functions the provider can offer are described in +provider-keyexch(7)

    +
    +
    Serialization
    + +
    +

    In the OpenSSL libraries, the corresponding method object is +OSSL_SERIALIZER. +The number for this operation is OSSL_OP_SERIALIZER. +The functions the provider can offer are described in +provider-serializer(7)

    +
    +
    +

    +

    +

    Fetching algorithms

    +

    +

    +

    Explicit fetch

    +

    NOTE: This section is mostly interesting to OpenSSL users.

    +

    Users of the OpenSSL libraries never query the provider directly for +its diverse implementations and dispatch tables. +Instead, the diverse OpenSSL APIs often have fetching functions that +do the work, and they return an appropriate method object back to the +user. +These functions usually have the name APINAME_fetch, where +APINAME is the name of the API, for example EVP_MD_fetch(3).

    +

    These fetching functions follow a fairly common pattern, where three +arguments are passed:

    +
    +
    The library context
    + +
    +

    See OPENSSL_CTX(3) for a more detailed description. +This may be NULL to signify the default (global) library context, or a +context created by the user. +Only providers loaded in this library context (see +OSSL_PROVIDER_load(3)) will be considered by the fetching +function.

    +
    +
    An identifier
    + +
    +

    This is most commonly an algorithm name (this is the case for all EVP +methods), but may also be called something else.

    +
    +
    A property query string
    + +
    +

    See property(7) for a more detailed description. +This is used to select more exactly which providers will get to offer +an implementation.

    +
    +
    +

    The method object that is fetched can then be used with diverse other +functions that use them, for example EVP_DigestInit_ex(3).

    +

    +

    +

    Implicit fetch

    +

    NOTE: This section is mostly interesting to OpenSSL users.

    +

    OpenSSL has a number of functions that return a method object with no +associated implementation, such as EVP_sha256(3), +EVP_blake2b512(3) or EVP_aes_128_cbc(3), which are present for +compatibility with OpenSSL before version 3.0.

    +

    When they are used with functions like EVP_DigestInit_ex(3) or +EVP_CipherInit_ex(3), the actual implementation to be used is +fetched implicitly using default search criteria.

    +

    Implicit fetching can also occur when a NULL algorithm parameter is +supplied. +In this case an algorithm implementation is implicitly fetched using +default search criteria and an algorithm name that is consistent with +the type of EVP_PKEY being used.

    +

    +

    +

    Algorithm naming

    +

    Algorithm names are case insensitive. Any particular algorithm can have multiple +aliases associated with it. The canonical OpenSSL naming scheme follows this +format:

    +

    ALGNAME[VERSION?][-SUBNAME[VERSION?]?][-SIZE?][-MODE?]

    +

    VERSION is only present if there are multiple versions of an algorithm (e.g. +MD2, MD4, MD5). It may be omitted if there is only one version.

    +

    SUBNAME may be present where multiple algorithms are combined together, +e.g. MD5-SHA1.

    +

    SIZE is only present if multiple versions of an algorithm exist with different +sizes (e.g. AES-128-CBC, AES-256-CBC)

    +

    MODE is only present where applicable.

    +

    Other aliases may exist for example where standards bodies or common practice +use alternative names or names that OpenSSL has used historically.

    +

    +

    +
    +

    OPENSSL PROVIDERS

    +

    OpenSSL comes with a set of providers.

    +

    The algorithms available in each of these providers may vary due to build time +configuration options. The openssl-list(1) command can be used to list the +currently available algorithms.

    +

    The names of the algorithms shown from openssl-list(1) can be used as an +algorithm identifier to the appropriate fetching function.

    +

    +

    +

    Default provider

    +

    The default provider is built in as part of the libcrypto library. +Should it be needed (if other providers are loaded and offer +implementations of the same algorithms), the property "provider=default" +can be used as a search criterion for these implementations. Some +non-cryptographic algorithms (such as serializers for loading keys and +parameters from files) are not FIPS algorithm implementations in themselves but +support algorithms from the FIPS provider and are allowed for use in "FIPS +mode". The property "fips=yes" can be used to select such algorithms.

    +

    +

    +

    FIPS provider

    +

    The FIPS provider is a dynamically loadable module, and must therefore +be loaded explicitly, either in code or through OpenSSL configuration +(see config(5)). +Should it be needed (if other providers are loaded and offer +implementations of the same algorithms), the property "provider=fips" can +be used as a search criterion for these implementations. All algorithm +implementations in the FIPS provider can also be selected with the property +"fips=yes".

    +

    +

    +

    Legacy provider

    +

    The legacy provider is a dynamically loadable module, and must therefore +be loaded explicitly, either in code or through OpenSSL configuration +(see config(5)). +Should it be needed (if other providers are loaded and offer +implementations of the same algorithms), the property "provider=legacy" can be +used as a search criterion for these implementations.

    +

    +

    +
    +

    EXAMPLES

    +

    +

    +

    Fetching

    +

    Fetch any available implementation of SHA2-256 in the default context:

    +
    + EVP_MD *md = EVP_MD_fetch(NULL, "SHA2-256", NULL);
+ ...
+ EVP_MD_meth_free(md);
    +

    Fetch any available implementation of AES-128-CBC in the default context:

    +
    + EVP_CIPHER *cipher = EVP_CIPHER_fetch(NULL, "AES-128-CBC", NULL);
+ ...
+ EVP_CIPHER_meth_free(cipher);
    +

    Fetch an implementation of SHA2-256 from the default provider in the default +context:

    +
    + EVP_MD *md = EVP_MD_fetch(NULL, "SHA2-256", "provider=default");
+ ...
+ EVP_MD_meth_free(md);
    +

    Fetch an implementation of SHA2-256 that is not from the default provider in the +default context:

    +
    + EVP_MD *md = EVP_MD_fetch(NULL, "SHA2-256", "provider!=default");
+ ...
+ EVP_MD_meth_free(md);
    +

    Fetch an implementation of SHA2-256 from the default provider in the specified +context:

    +
    + EVP_MD *md = EVP_MD_fetch(ctx, "SHA2-256", "provider=default");
+ ...
+ EVP_MD_meth_free(md);
    +

    Load the legacy provider into the default context and then fetch an +implementation of WHIRLPOOL from it:

    +
    + /* This only needs to be done once - usually at application start up */
+ OSSL_PROVIDER *legacy = OSSL_PROVIDER_load(NULL, "legacy");
    +
    + EVP_MD *md = EVP_MD_fetch(NULL, "WHIRLPOOL", "provider=legacy");
+ ...
+ EVP_MD_meth_free(md);
    +

    Note that in the above example the property string "provider=legacy" is optional +since, assuming no other providers have been loaded, the only implementation of +the "whirlpool" algorithm is in the "legacy" provider. Also note that the +default provider should be explicitly loaded if it is required in addition to +other providers:

    +
    + /* This only needs to be done once - usually at application start up */
+ OSSL_PROVIDER *legacy = OSSL_PROVIDER_load(NULL, "legacy");
+ OSSL_PROVIDER *default = OSSL_PROVIDER_load(NULL, "default");
    +
    + EVP_MD *md_whirlpool = EVP_MD_fetch(NULL, "whirlpool", NULL);
+ EVP_MD *md_sha256 = EVP_MD_fetch(NULL, "SHA2-256", NULL);
+ ...
+ EVP_MD_meth_free(md_whirlpool);
+ EVP_MD_meth_free(md_sha256);
    +

    +

    +
    +

    SEE ALSO

    +

    EVP_DigestInit_ex(3), EVP_EncryptInit_ex(3), +OPENSSL_CTX(3), +EVP_set_default_properties(3), +EVP_MD_fetch(3), +EVP_CIPHER_fetch(3), +EVP_KEYMGMT_fetch(3), +openssl-core.h(7), +provider-base(7), +provider-digest(7), +provider-cipher(7), +provider-keyexch(7)

    +

    +

    +
    +

    HISTORY

    +

    The concept of providers and everything surrounding them was +introduced in OpenSSL 3.0.

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man7/proxy-certificates.html b/linux_amd64/ssl/share/doc/openssl/html/man7/proxy-certificates.html new file mode 100755 index 0000000..257043e --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man7/proxy-certificates.html @@ -0,0 +1,377 @@ + + + + +proxy-certificates + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    proxy-certificates - Proxy certificates in OpenSSL

    +

    +

    +
    +

    DESCRIPTION

    +

    Proxy certificates are defined in RFC 3820. They are used to +extend rights to some other entity (a computer process, typically, or +sometimes to the user itself). This allows the entity to perform +operations on behalf of the owner of the EE (End Entity) certificate.

    +

    The requirements for a valid proxy certificate are:

    +
      +
    • +

      They are issued by an End Entity, either a normal EE certificate, or +another proxy certificate.

      +
      • +
    • +

      They must not have the subjectAltName or issuerAltName +extensions.

      +
      • +
    • +

      They must have the proxyCertInfo extension.

      +
      • +
    • +

      They must have the subject of their issuer, with one commonName +added.

      +
      • +
    +

    +

    +

    Enabling proxy certificate verification

    +

    OpenSSL expects applications that want to use proxy certificates to be +specially aware of them, and make that explicit. This is done by +setting an X509 verification flag:

    +
    +    X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS);
    +

    or

    +
    +    X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_ALLOW_PROXY_CERTS);
    +

    See NOTES for a discussion on this requirement.

    +

    +

    +

    Creating proxy certificates

    +

    Creating proxy certificates can be done using the openssl-x509(1) +command, with some extra extensions:

    +
    +    [ v3_proxy ]
+    # A proxy certificate MUST NEVER be a CA certificate.
+    basicConstraints=CA:FALSE
    +
    +    # Usual authority key ID
+    authorityKeyIdentifier=keyid,issuer:always
    +
    +    # The extension which marks this certificate as a proxy
+    proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:1,policy:text:AB
    +

    It's also possible to specify the proxy extension in a separate section:

    +
    +    proxyCertInfo=critical,@proxy_ext
    +
    +    [ proxy_ext ]
+    language=id-ppl-anyLanguage
+    pathlen=0
+    policy=text:BC
    +

    The policy value has a specific syntax, syntag:string, where the +syntag determines what will be done with the string. The following +syntags are recognised:

    +
    +
    text
    + +
    +

    indicates that the string is a byte sequence, without any encoding:

    +
    +    policy=text:räksmörgås
    +
    +
    hex
    + +
    +

    indicates the string is encoded hexadecimal encoded binary data, with +colons between each byte (every second hex digit):

    +
    +    policy=hex:72:E4:6B:73:6D:F6:72:67:E5:73
    +
    +
    file
    + +
    +

    indicates that the text of the policy should be taken from a file. +The string is then a filename. This is useful for policies that are +large (more than a few lines, e.g. XML documents).

    +
    +
    +

    NOTE: The proxy policy value is what determines the rights granted +to the process during the proxy certificate. It's up to the +application to interpret and combine these policies.

    +

    With a proxy extension, creating a proxy certificate is a matter of +two commands:

    +
    +    openssl req -new -config proxy.cnf \
+        -out proxy.req -keyout proxy.key \
+        -subj "/DC=org/DC=openssl/DC=users/CN=proxy 1"
    +
    +    openssl x509 -req -CAcreateserial -in proxy.req -out proxy.crt \
+        -CA user.crt -CAkey user.key -days 7 \
+        -extfile proxy.cnf -extensions v3_proxy1
    +

    You can also create a proxy certificate using another proxy +certificate as issuer (note: using a different configuration +section for the proxy extensions):

    +
    +    openssl req -new -config proxy.cnf \
+        -out proxy2.req -keyout proxy2.key \
+        -subj "/DC=org/DC=openssl/DC=users/CN=proxy 1/CN=proxy 2"
    +
    +    openssl x509 -req -CAcreateserial -in proxy2.req -out proxy2.crt \
+        -CA proxy.crt -CAkey proxy.key -days 7 \
+        -extfile proxy.cnf -extensions v3_proxy2
    +

    +

    +

    Using proxy certs in applications

    +

    To interpret proxy policies, the application would normally start with +some default rights (perhaps none at all), then compute the resulting +rights by checking the rights against the chain of proxy certificates, +user certificate and CA certificates.

    +

    The complicated part is figuring out how to pass data between your +application and the certificate validation procedure.

    +

    The following ingredients are needed for such processing:

    +
      +
    • +

      a callback function that will be called for every certificate being +validated. The callback is called several times for each certificate, +so you must be careful to do the proxy policy interpretation at the +right time. You also need to fill in the defaults when the EE +certificate is checked.

      +
      • +
    • +

      a data structure that is shared between your application code and the +callback.

      +
      • +
    • +

      a wrapper function that sets it all up.

      +
      • +
    • +

      an ex_data index function that creates an index into the generic +ex_data store that is attached to an X509 validation context.

      +
      • +
    +

    The following skeleton code can be used as a starting point:

    +
    +    #include <string.h>
+    #include <netdb.h>
+    #include <openssl/x509.h>
+    #include <openssl/x509v3.h>
    +
    +    #define total_rights 25
    +
    +    /*
+     * In this example, I will use a view of granted rights as a bit
+     * array, one bit for each possible right.
+     */
+    typedef struct your_rights {
+        unsigned char rights[(total_rights + 7) / 8];
+    } YOUR_RIGHTS;
    +
    +    /*
+     * The following procedure will create an index for the ex_data
+     * store in the X509 validation context the first time it's
+     * called.  Subsequent calls will return the same index.
+     */
+    static int get_proxy_auth_ex_data_idx(X509_STORE_CTX *ctx)
+    {
+        static volatile int idx = -1;
    +
    +        if (idx < 0) {
+            X509_STORE_lock(X509_STORE_CTX_get0_store(ctx));
+            if (idx < 0) {
+                idx = X509_STORE_CTX_get_ex_new_index(0,
+                                                      "for verify callback",
+                                                      NULL,NULL,NULL);
+            }
+            X509_STORE_unlock(X509_STORE_CTX_get0_store(ctx));
+        }
+        return idx;
+    }
    +
    +    /* Callback to be given to the X509 validation procedure.  */
+    static int verify_callback(int ok, X509_STORE_CTX *ctx)
+    {
+        if (ok == 1) {
+            /*
+             * It's REALLY important you keep the proxy policy check
+             * within this section.  It's important to know that when
+             * ok is 1, the certificates are checked from top to
+             * bottom.  You get the CA root first, followed by the
+             * possible chain of intermediate CAs, followed by the EE
+             * certificate, followed by the possible proxy
+             * certificates. 
+             */
+            X509 *xs = X509_STORE_CTX_get_current_cert(ctx);
    +
    +            if (X509_get_extension_flags(xs) & EXFLAG_PROXY) {
+                YOUR_RIGHTS *rights =
+                    (YOUR_RIGHTS *)X509_STORE_CTX_get_ex_data(ctx,
+                        get_proxy_auth_ex_data_idx(ctx));
+                PROXY_CERT_INFO_EXTENSION *pci =
+                    X509_get_ext_d2i(xs, NID_proxyCertInfo, NULL, NULL);
    +
    +                switch (OBJ_obj2nid(pci->proxyPolicy->policyLanguage)) {
+                case NID_Independent:
+                    /*
+                     * Do whatever you need to grant explicit rights
+                     * to this particular proxy certificate, usually
+                     * by pulling them from some database.  If there
+                     * are none to be found, clear all rights (making
+                     * this and any subsequent proxy certificate void
+                     * of any rights). 
+                     */
+                    memset(rights->rights, 0, sizeof(rights->rights));
+                    break;
+                case NID_id_ppl_inheritAll:
+                    /*
+                     * This is basically a NOP, we simply let the
+                     * current rights stand as they are.
+                     */
+                    break;
+                default:
+                    /*
+                     * This is usually the most complex section of
+                     * code.  You really do whatever you want as long
+                     * as you follow RFC 3820.  In the example we use
+                     * here, the simplest thing to do is to build
+                     * another, temporary bit array and fill it with
+                     * the rights granted by the current proxy
+                     * certificate, then use it as a mask on the
+                     * accumulated rights bit array, and voilà, you
+                     * now have a new accumulated rights bit array.
+                     */
+                    {
+                        int i;
+                        YOUR_RIGHTS tmp_rights;
+                        memset(tmp_rights.rights, 0,
+                               sizeof(tmp_rights.rights));
    +
    +                        /*
+                         * process_rights() is supposed to be a
+                         * procedure that takes a string and its
+                         * length, interprets it and sets the bits
+                         * in the YOUR_RIGHTS pointed at by the
+                         * third argument.
+                         */
+                        process_rights((char *) pci->proxyPolicy->policy->data,
+                                       pci->proxyPolicy->policy->length,
+                                       &tmp_rights);
    +
    +                        for(i = 0; i < total_rights / 8; i++)
+                            rights->rights[i] &= tmp_rights.rights[i];
+                    }
+                    break;
+                }
+                PROXY_CERT_INFO_EXTENSION_free(pci);
+            } else if (!(X509_get_extension_flags(xs) & EXFLAG_CA)) {
+                /* We have an EE certificate, let's use it to set default! */
+                YOUR_RIGHTS *rights =
+                    (YOUR_RIGHTS *)X509_STORE_CTX_get_ex_data(ctx,
+                        get_proxy_auth_ex_data_idx(ctx));
    +
    +                /*
+                 * The following procedure finds out what rights the
+                 * owner of the current certificate has, and sets them
+                 * in the YOUR_RIGHTS structure pointed at by the
+                 * second argument.
+                 */
+                set_default_rights(xs, rights);
+            }
+        }
+        return ok;
+    }
    +
    +    static int my_X509_verify_cert(X509_STORE_CTX *ctx,
+                                   YOUR_RIGHTS *needed_rights)
+    {
+        int ok;
+        int (*save_verify_cb)(int ok,X509_STORE_CTX *ctx) =
+            X509_STORE_CTX_get_verify_cb(ctx);
+        YOUR_RIGHTS rights;
    +
    +        X509_STORE_CTX_set_verify_cb(ctx, verify_callback);
+        X509_STORE_CTX_set_ex_data(ctx, get_proxy_auth_ex_data_idx(ctx),
+                                   &rights);
+        X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS);
+        ok = X509_verify_cert(ctx);
    +
    +        if (ok == 1) {
+            ok = check_needed_rights(rights, needed_rights);
+        }
    +
    +        X509_STORE_CTX_set_verify_cb(ctx, save_verify_cb);
    +
    +        return ok;
+    }
    +

    If you use SSL or TLS, you can easily set up a callback to have the +certificates checked properly, using the code above:

    +
    +    SSL_CTX_set_cert_verify_callback(s_ctx, my_X509_verify_cert,
+                                     &needed_rights);
    +

    +

    +
    +

    NOTES

    +

    To this date, it seems that proxy certificates have only been used in +environments that are aware of them, and no one seems to have +investigated how they can be used or misused outside of such an +environment.

    +

    For that reason, OpenSSL requires that applications aware of proxy +certificates must also make that explicit.

    +

    subjectAltName and issuerAltName are forbidden in proxy +certificates, and this is enforced in OpenSSL. The subject must be +the same as the issuer, with one commonName added on.

    +

    +

    +
    +

    SEE ALSO

    +

    X509_STORE_CTX_set_flags(3), +X509_STORE_CTX_set_verify_cb(3), +X509_VERIFY_PARAM_set_flags(3), +SSL_CTX_set_cert_verify_callback(3), +openssl-req(1), openssl-x509(1), +RFC 3820

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man7/ssl.html b/linux_amd64/ssl/share/doc/openssl/html/man7/ssl.html new file mode 100755 index 0000000..fa37a3a --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man7/ssl.html @@ -0,0 +1,154 @@ + + + + +ssl + + + + + + + + + + + +

    +

    +
    +

    NAME

    +

    ssl - OpenSSL SSL/TLS library

    +

    +

    +
    +

    SYNOPSIS

    +

    See the individual manual pages for details.

    +

    +

    +
    +

    DESCRIPTION

    +

    The OpenSSL ssl library implements several versions of the +Secure Sockets Layer, Transport Layer Security, and Datagram Transport Layer +Security protocols. +This page gives a brief overview of the extensive API and data types +provided by the library.

    +

    An SSL_CTX object is created as a framework to establish +TLS/SSL enabled connections (see SSL_CTX_new(3)). +Various options regarding certificates, algorithms etc. can be set +in this object.

    +

    When a network connection has been created, it can be assigned to an +SSL object. After the SSL object has been created using +SSL_new(3), SSL_set_fd(3) or +SSL_set_bio(3) can be used to associate the network +connection with the object.

    +

    When the TLS/SSL handshake is performed using +SSL_accept(3) or SSL_connect(3) +respectively. +SSL_read_ex(3), SSL_read(3), SSL_write_ex(3) and SSL_write(3) are +used to read and write data on the TLS/SSL connection. +SSL_shutdown(3) can be used to shut down the +TLS/SSL connection.

    +

    +

    +
    +

    DATA STRUCTURES

    +

    Here are some of the main data structures in the library.

    +
    +
    SSL_METHOD (SSL Method)
    + +
    +

    This is a dispatch structure describing the internal ssl library +methods/functions which implement the various protocol versions (SSLv3 +TLSv1, ...). It's needed to create an SSL_CTX.

    +
    +
    SSL_CIPHER (SSL Cipher)
    + +
    +

    This structure holds the algorithm information for a particular cipher which +are a core part of the SSL/TLS protocol. The available ciphers are configured +on a SSL_CTX basis and the actual ones used are then part of the +SSL_SESSION.

    +
    +
    SSL_CTX (SSL Context)
    + +
    +

    This is the global context structure which is created by a server or client +once per program life-time and which holds mainly default values for the +SSL structures which are later created for the connections.

    +
    +
    SSL_SESSION (SSL Session)
    + +
    +

    This is a structure containing the current TLS/SSL session details for a +connection: SSL_CIPHERs, client and server certificates, keys, etc.

    +
    +
    SSL (SSL Connection)
    + +
    +

    This is the main SSL/TLS structure which is created by a server or client per +established connection. This actually is the core structure in the SSL API. +At run-time the application usually deals with this structure which has +links to mostly all other structures.

    +
    +
    +

    +

    +
    +

    HEADER FILES

    +

    Currently the OpenSSL ssl library provides the following C header files +containing the prototypes for the data structures and functions:

    +
    +
    <openssl/ssl.h >>
    + +
    +

    This is the common header file for the SSL/TLS API. Include it into your +program to make the API of the ssl library available. It internally +includes both more private SSL headers and headers from the crypto library. +Whenever you need hard-core details on the internals of the SSL API, look +inside this header file. +This file also includes the others listed below.

    +
    +
    <openssl/ssl2.h >>
    + +
    +

    Unused. Present for backwards compatibility only.

    +
    +
    <openssl/ssl3.h >>
    + +
    +

    This is the sub header file dealing with the SSLv3 protocol only.

    +
    +
    <openssl/tls1.h >>
    + +
    +

    This is the sub header file dealing with the TLSv1 protocol only.

    +
    +
    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/doc/openssl/html/man7/x509.html b/linux_amd64/ssl/share/doc/openssl/html/man7/x509.html new file mode 100755 index 0000000..cd28c2d --- /dev/null +++ b/linux_amd64/ssl/share/doc/openssl/html/man7/x509.html @@ -0,0 +1,98 @@ + + + + +x509 + + + + + + + + +
    +

    + + + +
    +
    + + +

    +

    +
    +

    NAME

    +

    x509 - X.509 certificate handling

    +

    +

    +
    +

    SYNOPSIS

    +
    + #include <openssl/x509.h>
    +

    +

    +
    +

    DESCRIPTION

    +

    An X.509 certificate is a structured grouping of information about +an individual, a device, or anything one can imagine. A X.509 CRL +(certificate revocation list) is a tool to help determine if a +certificate is still valid. The exact definition of those can be +found in the X.509 document from ITU-T, or in RFC3280 from PKIX. +In OpenSSL, the type X509 is used to express such a certificate, and +the type X509_CRL is used to express a CRL.

    +

    A related structure is a certificate request, defined in PKCS#10 from +RSA Security, Inc, also reflected in RFC2896. In OpenSSL, the type +X509_REQ is used to express such a certificate request.

    +

    To handle some complex parts of a certificate, there are the types +X509_NAME (to express a certificate name), X509_ATTRIBUTE (to express +a certificate attributes), X509_EXTENSION (to express a certificate +extension) and a few more.

    +

    Finally, there's the supertype X509_INFO, which can contain a CRL, a +certificate and a corresponding private key.

    +

    X509_XXX, d2i_X509_XXX, and i2d_X509_XXX functions +handle X.509 certificates, with some exceptions, shown below.

    +

    X509_CRL_XXX, d2i_X509_CRL_XXX, and i2d_X509_CRL_XXX +functions handle X.509 CRLs.

    +

    X509_REQ_XXX, d2i_X509_REQ_XXX, and i2d_X509_REQ_XXX +functions handle PKCS#10 certificate requests.

    +

    X509_NAME_XXX functions handle certificate names.

    +

    X509_ATTRIBUTE_XXX functions handle certificate attributes.

    +

    X509_EXTENSION_XXX functions handle certificate extensions.

    +

    +

    +
    +

    SEE ALSO

    +

    X509_NAME_ENTRY_get_object(3), +X509_NAME_add_entry_by_txt(3), +X509_NAME_add_entry_by_NID(3), +X509_NAME_print_ex(3), +X509_NAME_new(3), +d2i_X509(3), +d2i_X509_ALGOR(3), +d2i_X509_CRL(3), +d2i_X509_NAME(3), +d2i_X509_REQ(3), +d2i_X509_SIG(3), +crypto(7)

    +

    +

    +
    +

    COPYRIGHT

    +

    Copyright 2003-2017 The OpenSSL Project Authors. All Rights Reserved.

    +

    Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +https://www.openssl.org/source/license.html.

    + + + + diff --git a/linux_amd64/ssl/share/man/man1/CA.pl.1 b/linux_amd64/ssl/share/man/man1/CA.pl.1 new file mode 100755 index 0000000..5bbe052 --- /dev/null +++ b/linux_amd64/ssl/share/man/man1/CA.pl.1 @@ -0,0 +1,336 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CA.PL 1" +.TH CA.PL 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CA.pl \- friendlier interface for OpenSSL certificate programs +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fB\s-1CA\s0.pl\fR +\&\fB\-?\fR | +\&\fB\-h\fR | +\&\fB\-help\fR +.PP +\&\fB\s-1CA\s0.pl\fR +\&\fB\-newcert\fR | +\&\fB\-newreq\fR | +\&\fB\-newreq\-nodes\fR | +\&\fB\-xsign\fR | +\&\fB\-sign\fR | +\&\fB\-signCA\fR | +\&\fB\-signcert\fR | +\&\fB\-crl\fR | +\&\fB\-newca\fR +[\fB\-extra\-cmd\fR \fIextra-params\fR] +.PP +\&\fB\s-1CA\s0.pl\fR \fB\-pkcs12\fR [\fB\-extra\-pkcs12\fR \fIextra-params\fR] [\fIcertname\fR] +.PP +\&\fB\s-1CA\s0.pl\fR \fB\-verify\fR [\fB\-extra\-verify\fR \fIextra-params\fR] \fIcertfile\fR ... +.PP +\&\fB\s-1CA\s0.pl\fR \fB\-revoke\fR [\fB\-extra\-ca\fR \fIextra-params\fR] \fIcertfile\fR [\fIreason\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1CA\s0.pl\fR script is a perl script that supplies the relevant command line +arguments to the \fIopenssl\fR\|(1) command for some common certificate operations. +It is intended to simplify the process of certificate creation and management +by the use of some simple options. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB?\fR, \fB\-h\fR, \fB\-help\fR" 4 +.IX Item "?, -h, -help" +Prints a usage message. +.IP "\fB\-newcert\fR" 4 +.IX Item "-newcert" +Creates a new self signed certificate. The private key is written to the file +\&\fInewkey.pem\fR and the request written to the file \fInewreq.pem\fR. +Invokes \fIopenssl\-req\fR\|(1). +.IP "\fB\-newreq\fR" 4 +.IX Item "-newreq" +Creates a new certificate request. The private key is written to the file +\&\fInewkey.pem\fR and the request written to the file \fInewreq.pem\fR. +Executes \fIopenssl\-req\fR\|(1) under the hood. +.IP "\fB\-newreq\-nodes\fR" 4 +.IX Item "-newreq-nodes" +Is like \fB\-newreq\fR except that the private key will not be encrypted. +Uses \fIopenssl\-req\fR\|(1). +.IP "\fB\-newca\fR" 4 +.IX Item "-newca" +Creates a new \s-1CA\s0 hierarchy for use with the \fBca\fR program (or the \fB\-signcert\fR +and \fB\-xsign\fR options). The user is prompted to enter the filename of the \s-1CA\s0 +certificates (which should also contain the private key) or by hitting \s-1ENTER\s0 +details of the \s-1CA\s0 will be prompted for. The relevant files and directories +are created in a directory called \fIdemoCA\fR in the current directory. +Uses \fIopenssl\-req\fR\|(1) and \fIopenssl\-ca\fR\|(1). +.IP "\fB\-pkcs12\fR" 4 +.IX Item "-pkcs12" +Create a PKCS#12 file containing the user certificate, private key and \s-1CA\s0 +certificate. It expects the user certificate and private key to be in the +file \fInewcert.pem\fR and the \s-1CA\s0 certificate to be in the file \fIdemoCA/cacert.pem\fR, +it creates a file \fInewcert.p12\fR. This command can thus be called after the +\&\fB\-sign\fR option. The PKCS#12 file can be imported directly into a browser. +If there is an additional argument on the command line it will be used as the +\&\*(L"friendly name\*(R" for the certificate (which is typically displayed in the browser +list box), otherwise the name \*(L"My Certificate\*(R" is used. +Delegates work to \fIopenssl\-pkcs12\fR\|(1). +.IP "\fB\-sign\fR, \fB\-signcert\fR, \fB\-xsign\fR" 4 +.IX Item "-sign, -signcert, -xsign" +Calls the \fIopenssl\-ca\fR\|(1) command to sign a certificate request. It expects the +request to be in the file \fInewreq.pem\fR. The new certificate is written to the +file \fInewcert.pem\fR except in the case of the \fB\-xsign\fR option when it is +written to standard output. +.IP "\fB\-signCA\fR" 4 +.IX Item "-signCA" +This option is the same as the \fB\-signreq\fR option except it uses the +configuration file section \fBv3_ca\fR and so makes the signed request a +valid \s-1CA\s0 certificate. This is useful when creating intermediate \s-1CA\s0 from +a root \s-1CA\s0. Extra params are passed to \fIopenssl\-ca\fR\|(1). +.IP "\fB\-signcert\fR" 4 +.IX Item "-signcert" +This option is the same as \fB\-sign\fR except it expects a self signed certificate +to be present in the file \fInewreq.pem\fR. +Extra params are passed to \fIopenssl\-x509\fR\|(1) and \fIopenssl\-ca\fR\|(1). +.IP "\fB\-crl\fR" 4 +.IX Item "-crl" +Generate a \s-1CRL\s0. Executes \fIopenssl\-ca\fR\|(1). +.IP "\fB\-revoke\fR \fIcertfile\fR [\fIreason\fR]" 4 +.IX Item "-revoke certfile [reason]" +Revoke the certificate contained in the specified \fBcertfile\fR. An optional +reason may be specified, and must be one of: \fBunspecified\fR, +\&\fBkeyCompromise\fR, \fBCACompromise\fR, \fBaffiliationChanged\fR, \fBsuperseded\fR, +\&\fBcessationOfOperation\fR, \fBcertificateHold\fR, or \fBremoveFromCRL\fR. +Leverages \fIopenssl\-ca\fR\|(1). +.IP "\fB\-verify\fR" 4 +.IX Item "-verify" +Verifies certificates against the \s-1CA\s0 certificate for \fIdemoCA\fR. If no +certificates are specified on the command line it tries to verify the file +\&\fInewcert.pem\fR. Invokes \fIopenssl\-verify\fR\|(1). +.IP "\fB\-extra\-req\fR | \fB\-extra\-ca\fR | \fB\-extra\-pkcs12\fR | \fB\-extra\-x509\fR | \fB\-extra\-verify\fR \fIextra-params\fR" 4 +.IX Item "-extra-req | -extra-ca | -extra-pkcs12 | -extra-x509 | -extra-verify extra-params" +For each option \fBextra\-\f(BIcmd\fB\fR, pass \fIextra-params\fR to the \fIopenssl\fR\|(1) +sub-command with the same name as \fIcmd\fR, if that sub-command is invoked. +For example, if \fIopenssl\-req\fR\|(1) is invoked, the \fIextra-params\fR given with +\&\fB\-extra\-req\fR will be passed to it. +Users should consult \fIopenssl\fR\|(1) command documentation for more information. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Create a \s-1CA\s0 hierarchy: +.PP +.Vb 1 +\& CA.pl \-newca +.Ve +.PP +Complete certificate creation example: create a \s-1CA\s0, create a request, sign +the request and finally create a PKCS#12 file containing it. +.PP +.Vb 4 +\& CA.pl \-newca +\& CA.pl \-newreq +\& CA.pl \-signreq +\& CA.pl \-pkcs12 "My Test Certificate" +.Ve +.SH "DSA CERTIFICATES" +.IX Header "DSA CERTIFICATES" +Although the \fB\s-1CA\s0.pl\fR creates \s-1RSA\s0 CAs and requests it is still possible to +use it with \s-1DSA\s0 certificates and requests using the \fIopenssl\-req\fR\|(1) command +directly. The following example shows the steps that would typically be taken. +.PP +Create some \s-1DSA\s0 parameters: +.PP +.Vb 1 +\& openssl dsaparam \-out dsap.pem 1024 +.Ve +.PP +Create a \s-1DSA\s0 \s-1CA\s0 certificate and private key: +.PP +.Vb 1 +\& openssl req \-x509 \-newkey dsa:dsap.pem \-keyout cacert.pem \-out cacert.pem +.Ve +.PP +Create the \s-1CA\s0 directories and files: +.PP +.Vb 1 +\& CA.pl \-newca +.Ve +.PP +enter a filename (for example, \fIcacert.pem\fR) when prompted for the \s-1CA\s0 file +name. +.PP +Create a \s-1DSA\s0 certificate request and private key (a different set of parameters +can optionally be created first): +.PP +.Vb 1 +\& openssl req \-out newreq.pem \-newkey dsa:dsap.pem +.Ve +.PP +Sign the request: +.PP +.Vb 1 +\& CA.pl \-signreq +.Ve +.SH "NOTES" +.IX Header "NOTES" +Most of the filenames mentioned can be modified by editing the \fB\s-1CA\s0.pl\fR script. +.PP +If the demoCA directory already exists then the \fB\-newca\fR command will not +overwrite it and will do nothing. This can happen if a previous call using +the \fB\-newca\fR option terminated abnormally. To get the correct behaviour +delete the demoCA directory if it already exists. +.PP +Under some environments it may not be possible to run the \fB\s-1CA\s0.pl\fR script +directly (for example Win32) and the default configuration file location may +be wrong. In this case the command: +.PP +.Vb 1 +\& perl \-S CA.pl +.Ve +.PP +can be used and the \fB\s-1OPENSSL_CONF\s0\fR environment variable changed to point to +the correct path of the configuration file. +.PP +The script is intended as a simple front end for the \fIopenssl\fR\|(1) program for +use by a beginner. Its behaviour isn't always what is wanted. For more control +over the behaviour of the certificate commands call the \fIopenssl\fR\|(1) command +directly. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIopenssl\-x509\fR\|(1), +\&\fIopenssl\-ca\fR\|(1), +\&\fIopenssl\-req\fR\|(1), +\&\fIopenssl\-pkcs12\fR\|(1), +\&\fIconfig\fR\|(5) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man1/openssl-asn1parse.1 b/linux_amd64/ssl/share/man/man1/openssl-asn1parse.1 new file mode 100755 index 0000000..8605a1d --- /dev/null +++ b/linux_amd64/ssl/share/man/man1/openssl-asn1parse.1 @@ -0,0 +1,335 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-ASN1PARSE 1" +.TH OPENSSL-ASN1PARSE 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-asn1parse \- ASN.1 parsing tool +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBasn1parse\fR +[\fB\-help\fR] +[\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-in\fR \fIfilename\fR] +[\fB\-out\fR \fIfilename\fR] +[\fB\-noout\fR] +[\fB\-offset\fR \fInumber\fR] +[\fB\-length\fR \fInumber\fR] +[\fB\-i\fR] +[\fB\-oid\fR \fIfilename\fR] +[\fB\-dump\fR] +[\fB\-dlimit\fR \fInum\fR] +[\fB\-strparse\fR \fIoffset\fR] +[\fB\-genstr\fR \fIstring\fR] +[\fB\-genconf\fR \fIfile\fR] +[\fB\-strictpem\fR] +[\fB\-item\fR \fIname\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command is a diagnostic utility that can parse \s-1ASN\s0.1 structures. +It can also be used to extract data from \s-1ASN\s0.1 formatted data. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IX Item "-inform DER|PEM" +The input format; the default is \fB\s-1PEM\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-in\fR \fIfilename\fR" 4 +.IX Item "-in filename" +The input file, default is standard input. +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +Output file to place the \s-1DER\s0 encoded data into. If this +option is not present then no data will be output. This is most useful when +combined with the \fB\-strparse\fR option. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +Don't output the parsed version of the input file. +.IP "\fB\-offset\fR \fInumber\fR" 4 +.IX Item "-offset number" +Starting offset to begin parsing, default is start of file. +.IP "\fB\-length\fR \fInumber\fR" 4 +.IX Item "-length number" +Number of bytes to parse, default is until end of file. +.IP "\fB\-i\fR" 4 +.IX Item "-i" +Indents the output according to the \*(L"depth\*(R" of the structures. +.IP "\fB\-oid\fR \fIfilename\fR" 4 +.IX Item "-oid filename" +A file containing additional \s-1OBJECT\s0 IDENTIFIERs (OIDs). The format of this +file is described in the \s-1NOTES\s0 section below. +.IP "\fB\-dump\fR" 4 +.IX Item "-dump" +Dump unknown data in hex format. +.IP "\fB\-dlimit\fR \fInum\fR" 4 +.IX Item "-dlimit num" +Like \fB\-dump\fR, but only the first \fBnum\fR bytes are output. +.IP "\fB\-strparse\fR \fIoffset\fR" 4 +.IX Item "-strparse offset" +Parse the contents octets of the \s-1ASN\s0.1 object starting at \fBoffset\fR. This +option can be used multiple times to \*(L"drill down\*(R" into a nested structure. +.IP "\fB\-genstr\fR \fIstring\fR, \fB\-genconf\fR \fIfile\fR" 4 +.IX Item "-genstr string, -genconf file" +Generate encoded data based on \fIstring\fR, \fIfile\fR or both using +\&\fIASN1_generate_nconf\fR\|(3) format. If \fIfile\fR only is +present then the string is obtained from the default section using the name +\&\fBasn1\fR. The encoded data is passed through the \s-1ASN1\s0 parser and printed out as +though it came from a file, the contents can thus be examined and written to a +file using the \fB\-out\fR option. +.IP "\fB\-strictpem\fR" 4 +.IX Item "-strictpem" +If this option is used then \fB\-inform\fR will be ignored. Without this option any +data in a \s-1PEM\s0 format input file will be treated as being base64 encoded and +processed whether it has the normal \s-1PEM\s0 \s-1BEGIN\s0 and \s-1END\s0 markers or not. This +option will ignore any data prior to the start of the \s-1BEGIN\s0 marker, or after an +\&\s-1END\s0 marker in a \s-1PEM\s0 file. +.IP "\fB\-item\fR \fIname\fR" 4 +.IX Item "-item name" +Attempt to decode and print the data as an \fB\s-1ASN1_ITEM\s0\fR \fIname\fR. This can be +used to print out the fields of any supported \s-1ASN\s0.1 structure if the type is +known. +.SS "Output" +.IX Subsection "Output" +The output will typically contain lines like this: +.PP +.Vb 1 +\& 0:d=0 hl=4 l= 681 cons: SEQUENCE +.Ve +.PP +\&..... +.PP +.Vb 10 +\& 229:d=3 hl=3 l= 141 prim: BIT STRING +\& 373:d=2 hl=3 l= 162 cons: cont [ 3 ] +\& 376:d=3 hl=3 l= 159 cons: SEQUENCE +\& 379:d=4 hl=2 l= 29 cons: SEQUENCE +\& 381:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier +\& 386:d=5 hl=2 l= 22 prim: OCTET STRING +\& 410:d=4 hl=2 l= 112 cons: SEQUENCE +\& 412:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier +\& 417:d=5 hl=2 l= 105 prim: OCTET STRING +\& 524:d=4 hl=2 l= 12 cons: SEQUENCE +.Ve +.PP +\&..... +.PP +This example is part of a self-signed certificate. Each line starts with the +offset in decimal. \f(CW\*(C`d=XX\*(C'\fR specifies the current depth. The depth is increased +within the scope of any \s-1SET\s0 or \s-1SEQUENCE\s0. \f(CW\*(C`hl=XX\*(C'\fR gives the header length +(tag and length octets) of the current type. \f(CW\*(C`l=XX\*(C'\fR gives the length of +the contents octets. +.PP +The \fB\-i\fR option can be used to make the output more readable. +.PP +Some knowledge of the \s-1ASN\s0.1 structure is needed to interpret the output. +.PP +In this example the \s-1BIT\s0 \s-1STRING\s0 at offset 229 is the certificate public key. +The contents octets of this will contain the public key information. This can +be examined using the option \f(CW\*(C`\-strparse 229\*(C'\fR to yield: +.PP +.Vb 3 +\& 0:d=0 hl=3 l= 137 cons: SEQUENCE +\& 3:d=1 hl=3 l= 129 prim: INTEGER :E5D21E1F5C8D208EA7A2166C7FAF9F6BDF2059669C60876DDB70840F1A5AAFA59699FE471F379F1DD6A487E7D5409AB6A88D4A9746E24B91D8CF55DB3521015460C8EDE44EE8A4189F7A7BE77D6CD3A9AF2696F486855CF58BF0EDF2B4068058C7A947F52548DDF7E15E96B385F86422BEA9064A3EE9E1158A56E4A6F47E5897 +\& 135:d=1 hl=2 l= 3 prim: INTEGER :010001 +.Ve +.SH "NOTES" +.IX Header "NOTES" +If an \s-1OID\s0 is not part of OpenSSL's internal table it will be represented in +numerical form (for example 1.2.3.4). The file passed to the \fB\-oid\fR option +allows additional OIDs to be included. Each line consists of three columns, +the first column is the \s-1OID\s0 in numerical format and should be followed by white +space. The second column is the \*(L"short name\*(R" which is a single word followed +by white space. The final column is the rest of the line and is the +\&\*(L"long name\*(R". Example: +.PP +\&\f(CW\*(C`1.2.3.4 shortName A long name\*(C'\fR +.PP +For any \s-1OID\s0 with an associated short and long name, this command will display +the long name. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Parse a file: +.PP +.Vb 1 +\& openssl asn1parse \-in file.pem +.Ve +.PP +Parse a \s-1DER\s0 file: +.PP +.Vb 1 +\& openssl asn1parse \-inform DER \-in file.der +.Ve +.PP +Generate a simple UTF8String: +.PP +.Vb 1 +\& openssl asn1parse \-genstr \*(AqUTF8:Hello World\*(Aq +.Ve +.PP +Generate and write out a UTF8String, don't print parsed output: +.PP +.Vb 1 +\& openssl asn1parse \-genstr \*(AqUTF8:Hello World\*(Aq \-noout \-out utf8.der +.Ve +.PP +Generate using a config file: +.PP +.Vb 1 +\& openssl asn1parse \-genconf asn1.cnf \-noout \-out asn1.der +.Ve +.PP +Example config file: +.PP +.Vb 1 +\& asn1=SEQUENCE:seq_sect +\& +\& [seq_sect] +\& +\& field1=BOOL:TRUE +\& field2=EXP:0, UTF8:some random string +.Ve +.SH "BUGS" +.IX Header "BUGS" +There should be options to change the format of output lines. The output of some +\&\s-1ASN\s0.1 types is not well handled (if at all). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIASN1_generate_nconf\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man1/openssl-ca.1 b/linux_amd64/ssl/share/man/man1/openssl-ca.1 new file mode 100755 index 0000000..9875d67 --- /dev/null +++ b/linux_amd64/ssl/share/man/man1/openssl-ca.1 @@ -0,0 +1,837 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-CA 1" +.TH OPENSSL-CA 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-ca \- sample minimal CA application +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBca\fR +[\fB\-help\fR] +[\fB\-verbose\fR] +[\fB\-config\fR \fIfilename\fR] +[\fB\-name\fR \fIsection\fR] +[\fB\-gencrl\fR] +[\fB\-revoke\fR \fIfile\fR] +[\fB\-valid\fR \fIfile\fR] +[\fB\-status\fR \fIserial\fR] +[\fB\-updatedb\fR] +[\fB\-crl_reason\fR \fIreason\fR] +[\fB\-crl_hold\fR \fIinstruction\fR] +[\fB\-crl_compromise\fR \fItime\fR] +[\fB\-crl_CA_compromise\fR \fItime\fR] +[\fB\-crldays\fR \fIdays\fR] +[\fB\-crlhours\fR \fIhours\fR] +[\fB\-crlsec\fR \fIseconds\fR] +[\fB\-crlexts\fR \fIsection\fR] +[\fB\-startdate\fR \fIdate\fR] +[\fB\-enddate\fR \fIdate\fR] +[\fB\-days\fR \fIarg\fR] +[\fB\-md\fR \fIarg\fR] +[\fB\-policy\fR \fIarg\fR] +[\fB\-keyfile\fR \fIarg\fR] +[\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-key\fR \fIarg\fR] +[\fB\-passin\fR \fIarg\fR] +[\fB\-cert\fR \fIfile\fR] +[\fB\-selfsign\fR] +[\fB\-in\fR \fIfile\fR] +[\fB\-out\fR \fIfile\fR] +[\fB\-notext\fR] +[\fB\-outdir\fR \fIdir\fR] +[\fB\-infiles\fR] +[\fB\-spkac\fR \fIfile\fR] +[\fB\-ss_cert\fR \fIfile\fR] +[\fB\-preserveDN\fR] +[\fB\-noemailDN\fR] +[\fB\-batch\fR] +[\fB\-msie_hack\fR] +[\fB\-extensions\fR \fIsection\fR] +[\fB\-extfile\fR \fIsection\fR] +[\fB\-subj\fR \fIarg\fR] +[\fB\-utf8\fR] +[\fB\-sigopt\fR \fInm\fR:\fIv\fR] +[\fB\-create_serial\fR] +[\fB\-rand_serial\fR] +[\fB\-multivalue\-rdn\fR] +[\fB\-sm2\-id\fR \fIstring\fR] +[\fB\-sm2\-hex\-id\fR \fIhex-string\fR] +[\fB\-rand\fR \fIfiles\fR] +[\fB\-writerand\fR \fIfile\fR] +[\fB\-engine\fR \fIid\fR] +[\fIcertreq\fR...] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command is a minimal \s-1CA\s0 application. It can be used +to sign certificate requests in a variety of forms and generate +CRLs. It also maintains a text database of issued certificates +and their status. +When signing certificates, a single certificate request can be specified +with the \fB\-in\fR option, or multiple requests can be processed by +specifying a set of \fBcertreq\fR files after all options. +.PP +The options descriptions will be divided into each purpose. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-verbose\fR" 4 +.IX Item "-verbose" +This prints extra details about the operations being performed. +.IP "\fB\-config\fR \fIfilename\fR" 4 +.IX Item "-config filename" +Specifies the configuration file to use. +Optional; for a description of the default value, +see \*(L"\s-1COMMAND\s0 \s-1SUMMARY\s0\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-name\fR \fIsection\fR" 4 +.IX Item "-name section" +Specifies the configuration file section to use (overrides +\&\fBdefault_ca\fR in the \fBca\fR section). +.IP "\fB\-in\fR \fIfilename\fR" 4 +.IX Item "-in filename" +An input filename containing a single certificate request to be +signed by the \s-1CA\s0. +.IP "\fB\-ss_cert\fR \fIfilename\fR" 4 +.IX Item "-ss_cert filename" +A single self-signed certificate to be signed by the \s-1CA\s0. +.IP "\fB\-spkac\fR \fIfilename\fR" 4 +.IX Item "-spkac filename" +A file containing a single Netscape signed public key and challenge +and additional field values to be signed by the \s-1CA\s0. See the \fB\s-1SPKAC\s0 \s-1FORMAT\s0\fR +section for information on the required input and output format. +.IP "\fB\-infiles\fR" 4 +.IX Item "-infiles" +If present this should be the last option, all subsequent arguments +are taken as the names of files containing certificate requests. +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +The output file to output certificates to. The default is standard +output. The certificate details will also be printed out to this +file in \s-1PEM\s0 format (except that \fB\-spkac\fR outputs \s-1DER\s0 format). +.IP "\fB\-outdir\fR \fIdirectory\fR" 4 +.IX Item "-outdir directory" +The directory to output certificates to. The certificate will be +written to a filename consisting of the serial number in hex with +\&\fI.pem\fR appended. +.IP "\fB\-cert\fR" 4 +.IX Item "-cert" +The \s-1CA\s0 certificate file. +.IP "\fB\-keyfile\fR \fIfilename\fR" 4 +.IX Item "-keyfile filename" +The private key to sign requests with. +.IP "\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IX Item "-keyform DER|PEM" +The format of the private key file; the default is \fB\s-1PEM\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-sigopt\fR \fInm\fR:\fIv\fR" 4 +.IX Item "-sigopt nm:v" +Pass options to the signature algorithm during sign or verify operations. +Names and values of these options are algorithm-specific. +.IP "\fB\-key\fR \fIpassword\fR" 4 +.IX Item "-key password" +The password used to encrypt the private key. Since on some +systems the command line arguments are visible (e.g. Unix with +the \fIps\fR\|(1) utility) this option should be used with caution. +.IP "\fB\-selfsign\fR" 4 +.IX Item "-selfsign" +Indicates the issued certificates are to be signed with the key +the certificate requests were signed with (given with \fB\-keyfile\fR). +Certificate requests signed with a different key are ignored. If +\&\fB\-spkac\fR, \fB\-ss_cert\fR or \fB\-gencrl\fR are given, \fB\-selfsign\fR is +ignored. +.Sp +A consequence of using \fB\-selfsign\fR is that the self-signed +certificate appears among the entries in the certificate database +(see the configuration option \fBdatabase\fR), and uses the same +serial number counter as all other certificates sign with the +self-signed certificate. +.IP "\fB\-passin\fR \fIarg\fR" 4 +.IX Item "-passin arg" +The key password source. For more information about the format of \fBarg\fR +see \*(L"Pass Phrase Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-notext\fR" 4 +.IX Item "-notext" +Don't output the text form of a certificate to the output file. +.IP "\fB\-startdate\fR \fIdate\fR" 4 +.IX Item "-startdate date" +This allows the start date to be explicitly set. The format of the +date is \s-1YYMMDDHHMMSSZ\s0 (the same as an \s-1ASN1\s0 UTCTime structure), or +\&\s-1YYYYMMDDHHMMSSZ\s0 (the same as an \s-1ASN1\s0 GeneralizedTime structure). In +both formats, seconds \s-1SS\s0 and timezone Z must be present. +.IP "\fB\-enddate\fR \fIdate\fR" 4 +.IX Item "-enddate date" +This allows the expiry date to be explicitly set. The format of the +date is \s-1YYMMDDHHMMSSZ\s0 (the same as an \s-1ASN1\s0 UTCTime structure), or +\&\s-1YYYYMMDDHHMMSSZ\s0 (the same as an \s-1ASN1\s0 GeneralizedTime structure). In +both formats, seconds \s-1SS\s0 and timezone Z must be present. +.IP "\fB\-days\fR \fIarg\fR" 4 +.IX Item "-days arg" +The number of days to certify the certificate for. +.IP "\fB\-md\fR \fIalg\fR" 4 +.IX Item "-md alg" +The message digest to use. +Any digest supported by the \fIopenssl\-dgst\fR\|(1) command can be used. For signing +algorithms that do not support a digest (i.e. Ed25519 and Ed448) any message +digest that is set is ignored. This option also applies to CRLs. +.IP "\fB\-policy\fR \fIarg\fR" 4 +.IX Item "-policy arg" +This option defines the \s-1CA\s0 \*(L"policy\*(R" to use. This is a section in +the configuration file which decides which fields should be mandatory +or match the \s-1CA\s0 certificate. Check out the \fB\s-1POLICY\s0 \s-1FORMAT\s0\fR section +for more information. +.IP "\fB\-msie_hack\fR" 4 +.IX Item "-msie_hack" +This is a deprecated option to make this command work with very old versions +of the \s-1IE\s0 certificate enrollment control \*(L"certenr3\*(R". It used UniversalStrings +for almost everything. Since the old control has various security bugs +its use is strongly discouraged. +.IP "\fB\-preserveDN\fR" 4 +.IX Item "-preserveDN" +Normally the \s-1DN\s0 order of a certificate is the same as the order of the +fields in the relevant policy section. When this option is set the order +is the same as the request. This is largely for compatibility with the +older \s-1IE\s0 enrollment control which would only accept certificates if their +DNs match the order of the request. This is not needed for Xenroll. +.IP "\fB\-noemailDN\fR" 4 +.IX Item "-noemailDN" +The \s-1DN\s0 of a certificate can contain the \s-1EMAIL\s0 field if present in the +request \s-1DN\s0, however it is good policy just having the e\-mail set into +the altName extension of the certificate. When this option is set the +\&\s-1EMAIL\s0 field is removed from the certificate' subject and set only in +the, eventually present, extensions. The \fBemail_in_dn\fR keyword can be +used in the configuration file to enable this behaviour. +.IP "\fB\-batch\fR" 4 +.IX Item "-batch" +This sets the batch mode. In this mode no questions will be asked +and all certificates will be certified automatically. +.IP "\fB\-extensions\fR \fIsection\fR" 4 +.IX Item "-extensions section" +The section of the configuration file containing certificate extensions +to be added when a certificate is issued (defaults to \fBx509_extensions\fR +unless the \fB\-extfile\fR option is used). If no extension section is +present then, a V1 certificate is created. If the extension section +is present (even if it is empty), then a V3 certificate is created. See the +\&\fIx509v3_config\fR\|(5) manual page for details of the +extension section format. +.IP "\fB\-extfile\fR \fIfile\fR" 4 +.IX Item "-extfile file" +An additional configuration file to read certificate extensions from +(using the default section unless the \fB\-extensions\fR option is also +used). +.IP "\fB\-subj\fR \fIarg\fR" 4 +.IX Item "-subj arg" +Supersedes subject name given in the request. +The arg must be formatted as \f(CW\*(C`/type0=value0/type1=value1/type2=...\*(C'\fR. +Keyword characters may be escaped by \f(CW\*(C`\e\*(C'\fR (backslash), and whitespace is +retained. +Empty values are permitted, but the corresponding type will not be included +in the resulting certificate. +.IP "\fB\-utf8\fR" 4 +.IX Item "-utf8" +This option causes field values to be interpreted as \s-1UTF8\s0 strings, by +default they are interpreted as \s-1ASCII\s0. This means that the field +values, whether prompted from a terminal or obtained from a +configuration file, must be valid \s-1UTF8\s0 strings. +.IP "\fB\-create_serial\fR" 4 +.IX Item "-create_serial" +If reading serial from the text file as specified in the configuration +fails, specifying this option creates a new random serial to be used as next +serial number. +To get random serial numbers, use the \fB\-rand_serial\fR flag instead; this +should only be used for simple error-recovery. +.IP "\fB\-rand_serial\fR" 4 +.IX Item "-rand_serial" +Generate a large random number to use as the serial number. +This overrides any option or configuration to use a serial number file. +.IP "\fB\-multivalue\-rdn\fR" 4 +.IX Item "-multivalue-rdn" +This option causes the \-subj argument to be interpreted with full +support for multivalued RDNs. Example: +.Sp +\&\f(CW\*(C`/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe\*(C'\fR +.Sp +If \fB\-multi\-rdn\fR is not used then the \s-1UID\s0 value is \f(CW\*(C`123456+CN=John Doe\*(C'\fR. +.IP "\fB\-sm2\-id\fR \fIstring\fR" 4 +.IX Item "-sm2-id string" +Specify the \s-1ID\s0 string to use when verifying an \s-1SM2\s0 certificate. The \s-1ID\s0 string is +required by the \s-1SM2\s0 signature algorithm for signing and verification. +.IP "\fB\-sm2\-hex\-id\fR \fIhex-string\fR" 4 +.IX Item "-sm2-hex-id hex-string" +Specify a binary \s-1ID\s0 string to use when signing or verifying using an \s-1SM2\s0 +certificate. The argument for this option is string of hexadecimal digits. +.IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 +.IX Item "-rand files, -writerand file" +See \*(L"Random State Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +See \*(L"Engine Options\*(R" in \fIopenssl\fR\|(1). +.SH "CRL OPTIONS" +.IX Header "CRL OPTIONS" +.IP "\fB\-gencrl\fR" 4 +.IX Item "-gencrl" +This option generates a \s-1CRL\s0 based on information in the index file. +.IP "\fB\-crldays\fR \fInum\fR" 4 +.IX Item "-crldays num" +The number of days before the next \s-1CRL\s0 is due. That is the days from +now to place in the \s-1CRL\s0 nextUpdate field. +.IP "\fB\-crlhours\fR \fInum\fR" 4 +.IX Item "-crlhours num" +The number of hours before the next \s-1CRL\s0 is due. +.IP "\fB\-crlsec\fR \fInum\fR" 4 +.IX Item "-crlsec num" +The number of seconds before the next \s-1CRL\s0 is due. +.IP "\fB\-revoke\fR \fIfilename\fR" 4 +.IX Item "-revoke filename" +A filename containing a certificate to revoke. +.IP "\fB\-valid\fR \fIfilename\fR" 4 +.IX Item "-valid filename" +A filename containing a certificate to add a Valid certificate entry. +.IP "\fB\-status\fR \fIserial\fR" 4 +.IX Item "-status serial" +Displays the revocation status of the certificate with the specified +serial number and exits. +.IP "\fB\-updatedb\fR" 4 +.IX Item "-updatedb" +Updates the database index to purge expired certificates. +.IP "\fB\-crl_reason\fR \fIreason\fR" 4 +.IX Item "-crl_reason reason" +Revocation reason, where \fIreason\fR is one of: \fBunspecified\fR, \fBkeyCompromise\fR, +\&\fBCACompromise\fR, \fBaffiliationChanged\fR, \fBsuperseded\fR, \fBcessationOfOperation\fR, +\&\fBcertificateHold\fR or \fBremoveFromCRL\fR. The matching of \fIreason\fR is case +insensitive. Setting any revocation reason will make the \s-1CRL\s0 v2. +.Sp +In practice \fBremoveFromCRL\fR is not particularly useful because it is only used +in delta CRLs which are not currently implemented. +.IP "\fB\-crl_hold\fR \fIinstruction\fR" 4 +.IX Item "-crl_hold instruction" +This sets the \s-1CRL\s0 revocation reason code to \fBcertificateHold\fR and the hold +instruction to \fIinstruction\fR which must be an \s-1OID\s0. Although any \s-1OID\s0 can be +used only \fBholdInstructionNone\fR (the use of which is discouraged by \s-1RFC2459\s0) +\&\fBholdInstructionCallIssuer\fR or \fBholdInstructionReject\fR will normally be used. +.IP "\fB\-crl_compromise\fR \fItime\fR" 4 +.IX Item "-crl_compromise time" +This sets the revocation reason to \fBkeyCompromise\fR and the compromise time to +\&\fItime\fR. \fItime\fR should be in GeneralizedTime format that is \fI\s-1YYYYMMDDHHMMSSZ\s0\fR. +.IP "\fB\-crl_CA_compromise\fR \fItime\fR" 4 +.IX Item "-crl_CA_compromise time" +This is the same as \fBcrl_compromise\fR except the revocation reason is set to +\&\fBCACompromise\fR. +.IP "\fB\-crlexts\fR \fIsection\fR" 4 +.IX Item "-crlexts section" +The section of the configuration file containing \s-1CRL\s0 extensions to +include. If no \s-1CRL\s0 extension section is present then a V1 \s-1CRL\s0 is +created, if the \s-1CRL\s0 extension section is present (even if it is +empty) then a V2 \s-1CRL\s0 is created. The \s-1CRL\s0 extensions specified are +\&\s-1CRL\s0 extensions and \fBnot\fR \s-1CRL\s0 entry extensions. It should be noted +that some software (for example Netscape) can't handle V2 CRLs. See +\&\fIx509v3_config\fR\|(5) manual page for details of the +extension section format. +.SH "CONFIGURATION FILE OPTIONS" +.IX Header "CONFIGURATION FILE OPTIONS" +The section of the configuration file containing options for this command +is found as follows: If the \fB\-name\fR command line option is used, +then it names the section to be used. Otherwise the section to +be used must be named in the \fBdefault_ca\fR option of the \fBca\fR section +of the configuration file (or in the default section of the +configuration file). Besides \fBdefault_ca\fR, the following options are +read directly from the \fBca\fR section: + \s-1RANDFILE\s0 + preserve + msie_hack +With the exception of \fB\s-1RANDFILE\s0\fR, this is probably a bug and may +change in future releases. +.PP +Many of the configuration file options are identical to command line +options. Where the option is present in the configuration file +and the command line the command line value is used. Where an +option is described as mandatory then it must be present in +the configuration file or the command line equivalent (if +any) used. +.IP "\fBoid_file\fR" 4 +.IX Item "oid_file" +This specifies a file containing additional \fB\s-1OBJECT\s0 \s-1IDENTIFIERS\s0\fR. +Each line of the file should consist of the numerical form of the +object identifier followed by white space then the short name followed +by white space and finally the long name. +.IP "\fBoid_section\fR" 4 +.IX Item "oid_section" +This specifies a section in the configuration file containing extra +object identifiers. Each line should consist of the short name of the +object identifier followed by \fB=\fR and the numerical form. The short +and long names are the same when this option is used. +.IP "\fBnew_certs_dir\fR" 4 +.IX Item "new_certs_dir" +The same as the \fB\-outdir\fR command line option. It specifies +the directory where new certificates will be placed. Mandatory. +.IP "\fBcertificate\fR" 4 +.IX Item "certificate" +The same as \fB\-cert\fR. It gives the file containing the \s-1CA\s0 +certificate. Mandatory. +.IP "\fBprivate_key\fR" 4 +.IX Item "private_key" +Same as the \fB\-keyfile\fR option. The file containing the +\&\s-1CA\s0 private key. Mandatory. +.IP "\fB\s-1RANDFILE\s0\fR" 4 +.IX Item "RANDFILE" +At startup the specified file is loaded into the random number generator, +and at exit 256 bytes will be written to it. (Note: Using a \s-1RANDFILE\s0 is +not necessary anymore, see the \*(L"\s-1HISTORY\s0\*(R" section. +.IP "\fBdefault_days\fR" 4 +.IX Item "default_days" +The same as the \fB\-days\fR option. The number of days to certify +a certificate for. +.IP "\fBdefault_startdate\fR" 4 +.IX Item "default_startdate" +The same as the \fB\-startdate\fR option. The start date to certify +a certificate for. If not set the current time is used. +.IP "\fBdefault_enddate\fR" 4 +.IX Item "default_enddate" +The same as the \fB\-enddate\fR option. Either this option or +\&\fBdefault_days\fR (or the command line equivalents) must be +present. +.IP "\fBdefault_crl_hours default_crl_days\fR" 4 +.IX Item "default_crl_hours default_crl_days" +The same as the \fB\-crlhours\fR and the \fB\-crldays\fR options. These +will only be used if neither command line option is present. At +least one of these must be present to generate a \s-1CRL\s0. +.IP "\fBdefault_md\fR" 4 +.IX Item "default_md" +The same as the \fB\-md\fR option. Mandatory except where the signing algorithm does +not require a digest (i.e. Ed25519 and Ed448). +.IP "\fBdatabase\fR" 4 +.IX Item "database" +The text database file to use. Mandatory. This file must be present +though initially it will be empty. +.IP "\fBunique_subject\fR" 4 +.IX Item "unique_subject" +If the value \fByes\fR is given, the valid certificate entries in the +database must have unique subjects. if the value \fBno\fR is given, +several valid certificate entries may have the exact same subject. +The default value is \fByes\fR, to be compatible with older (pre 0.9.8) +versions of OpenSSL. However, to make \s-1CA\s0 certificate roll-over easier, +it's recommended to use the value \fBno\fR, especially if combined with +the \fB\-selfsign\fR command line option. +.Sp +Note that it is valid in some circumstances for certificates to be created +without any subject. In the case where there are multiple certificates without +subjects this does not count as a duplicate. +.IP "\fBserial\fR" 4 +.IX Item "serial" +A text file containing the next serial number to use in hex. Mandatory. +This file must be present and contain a valid serial number. +.IP "\fBcrlnumber\fR" 4 +.IX Item "crlnumber" +A text file containing the next \s-1CRL\s0 number to use in hex. The crl number +will be inserted in the CRLs only if this file exists. If this file is +present, it must contain a valid \s-1CRL\s0 number. +.IP "\fBx509_extensions\fR" 4 +.IX Item "x509_extensions" +The same as \fB\-extensions\fR. +.IP "\fBcrl_extensions\fR" 4 +.IX Item "crl_extensions" +The same as \fB\-crlexts\fR. +.IP "\fBpreserve\fR" 4 +.IX Item "preserve" +The same as \fB\-preserveDN\fR +.IP "\fBemail_in_dn\fR" 4 +.IX Item "email_in_dn" +The same as \fB\-noemailDN\fR. If you want the \s-1EMAIL\s0 field to be removed +from the \s-1DN\s0 of the certificate simply set this to 'no'. If not present +the default is to allow for the \s-1EMAIL\s0 filed in the certificate's \s-1DN\s0. +.IP "\fBmsie_hack\fR" 4 +.IX Item "msie_hack" +The same as \fB\-msie_hack\fR +.IP "\fBpolicy\fR" 4 +.IX Item "policy" +The same as \fB\-policy\fR. Mandatory. See the \fB\s-1POLICY\s0 \s-1FORMAT\s0\fR section +for more information. +.IP "\fBname_opt\fR, \fBcert_opt\fR" 4 +.IX Item "name_opt, cert_opt" +These options allow the format used to display the certificate details +when asking the user to confirm signing. All the options supported by +the \fBx509\fR utilities \fB\-nameopt\fR and \fB\-certopt\fR switches can be used +here, except the \fBno_signame\fR and \fBno_sigdump\fR are permanently set +and cannot be disabled (this is because the certificate signature cannot +be displayed because the certificate has not been signed at this point). +.Sp +For convenience the values \fBca_default\fR are accepted by both to produce +a reasonable output. +.Sp +If neither option is present the format used in earlier versions of +OpenSSL is used. Use of the old format is \fBstrongly\fR discouraged because +it only displays fields mentioned in the \fBpolicy\fR section, mishandles +multicharacter string types and does not display extensions. +.IP "\fBcopy_extensions\fR" 4 +.IX Item "copy_extensions" +Determines how extensions in certificate requests should be handled. +If set to \fBnone\fR or this option is not present then extensions are +ignored and not copied to the certificate. If set to \fBcopy\fR then any +extensions present in the request that are not already present are copied +to the certificate. If set to \fBcopyall\fR then all extensions in the +request are copied to the certificate: if the extension is already present +in the certificate it is deleted first. See the \fB\s-1WARNINGS\s0\fR section before +using this option. +.Sp +The main use of this option is to allow a certificate request to supply +values for certain extensions such as subjectAltName. +.SH "POLICY FORMAT" +.IX Header "POLICY FORMAT" +The policy section consists of a set of variables corresponding to +certificate \s-1DN\s0 fields. If the value is \*(L"match\*(R" then the field value +must match the same field in the \s-1CA\s0 certificate. If the value is +\&\*(L"supplied\*(R" then it must be present. If the value is \*(L"optional\*(R" then +it may be present. Any fields not mentioned in the policy section +are silently deleted, unless the \fB\-preserveDN\fR option is set but +this can be regarded more of a quirk than intended behaviour. +.SH "SPKAC FORMAT" +.IX Header "SPKAC FORMAT" +The input to the \fB\-spkac\fR command line option is a Netscape +signed public key and challenge. This will usually come from +the \fB\s-1KEYGEN\s0\fR tag in an \s-1HTML\s0 form to create a new private key. +It is however possible to create SPKACs using \fIopenssl\-spkac\fR\|(1). +.PP +The file should contain the variable \s-1SPKAC\s0 set to the value of +the \s-1SPKAC\s0 and also the required \s-1DN\s0 components as name value pairs. +If you need to include the same component twice then it can be +preceded by a number and a '.'. +.PP +When processing \s-1SPKAC\s0 format, the output is \s-1DER\s0 if the \fB\-out\fR +flag is used, but \s-1PEM\s0 format if sending to stdout or the \fB\-outdir\fR +flag is used. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Note: these examples assume that the directory structure this command +assumes is already set up and the relevant files already exist. This +usually involves creating a \s-1CA\s0 certificate and private key with +\&\fIopenssl\-req\fR\|(1), a serial number file and an empty index file and +placing them in the relevant directories. +.PP +To use the sample configuration file below the directories \fIdemoCA\fR, +\&\fIdemoCA/private\fR and \fIdemoCA/newcerts\fR would be created. The \s-1CA\s0 +certificate would be copied to \fIdemoCA/cacert.pem\fR and its private +key to \fIdemoCA/private/cakey.pem\fR. A file \fIdemoCA/serial\fR would be +created containing for example \*(L"01\*(R" and the empty index file +\&\fIdemoCA/index.txt\fR. +.PP +Sign a certificate request: +.PP +.Vb 1 +\& openssl ca \-in req.pem \-out newcert.pem +.Ve +.PP +Sign an \s-1SM2\s0 certificate request: +.PP +.Vb 1 +\& openssl ca \-in sm2.csr \-out sm2.crt \-md sm3 \-sigopt "sm2_id:1234567812345678" \-sm2\-id "1234567812345678" +.Ve +.PP +Sign a certificate request, using \s-1CA\s0 extensions: +.PP +.Vb 1 +\& openssl ca \-in req.pem \-extensions v3_ca \-out newcert.pem +.Ve +.PP +Generate a \s-1CRL\s0 +.PP +.Vb 1 +\& openssl ca \-gencrl \-out crl.pem +.Ve +.PP +Sign several requests: +.PP +.Vb 1 +\& openssl ca \-infiles req1.pem req2.pem req3.pem +.Ve +.PP +Certify a Netscape \s-1SPKAC:\s0 +.PP +.Vb 1 +\& openssl ca \-spkac spkac.txt +.Ve +.PP +A sample \s-1SPKAC\s0 file (the \s-1SPKAC\s0 line has been truncated for clarity): +.PP +.Vb 5 +\& SPKAC=MIG0MGAwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAn7PDhCeV/xIxUg8V70YRxK2A5 +\& CN=Steve Test +\& emailAddress=steve@openssl.org +\& 0.OU=OpenSSL Group +\& 1.OU=Another Group +.Ve +.PP +A sample configuration file with the relevant sections for this command: +.PP +.Vb 2 +\& [ ca ] +\& default_ca = CA_default # The default ca section +\& +\& [ CA_default ] +\& +\& dir = ./demoCA # top dir +\& database = $dir/index.txt # index file. +\& new_certs_dir = $dir/newcerts # new certs dir +\& +\& certificate = $dir/cacert.pem # The CA cert +\& serial = $dir/serial # serial no file +\& #rand_serial = yes # for random serial#\*(Aqs +\& private_key = $dir/private/cakey.pem# CA private key +\& +\& default_days = 365 # how long to certify for +\& default_crl_days= 30 # how long before next CRL +\& default_md = md5 # md to use +\& +\& policy = policy_any # default policy +\& email_in_dn = no # Don\*(Aqt add the email into cert DN +\& +\& name_opt = ca_default # Subject name display option +\& cert_opt = ca_default # Certificate display option +\& copy_extensions = none # Don\*(Aqt copy extensions from request +\& +\& [ policy_any ] +\& countryName = supplied +\& stateOrProvinceName = optional +\& organizationName = optional +\& organizationalUnitName = optional +\& commonName = supplied +\& emailAddress = optional +.Ve +.SH "FILES" +.IX Header "FILES" +Note: the location of all files can change either by compile time options, +configuration file entries, environment variables or command line options. +The values below reflect the default values. +.PP +.Vb 9 +\& /usr/local/ssl/lib/openssl.cnf \- master configuration file +\& ./demoCA \- main CA directory +\& ./demoCA/cacert.pem \- CA certificate +\& ./demoCA/private/cakey.pem \- CA private key +\& ./demoCA/serial \- CA serial number file +\& ./demoCA/serial.old \- CA serial number backup file +\& ./demoCA/index.txt \- CA text database file +\& ./demoCA/index.txt.old \- CA text database backup file +\& ./demoCA/certs \- certificate output file +.Ve +.SH "RESTRICTIONS" +.IX Header "RESTRICTIONS" +The text database index file is a critical part of the process and +if corrupted it can be difficult to fix. It is theoretically possible +to rebuild the index file from all the issued certificates and a current +\&\s-1CRL:\s0 however there is no option to do this. +.PP +V2 \s-1CRL\s0 features like delta CRLs are not currently supported. +.PP +Although several requests can be input and handled at once it is only +possible to include one \s-1SPKAC\s0 or self-signed certificate. +.SH "BUGS" +.IX Header "BUGS" +The use of an in-memory text database can cause problems when large +numbers of certificates are present because, as the name implies +the database has to be kept in memory. +.PP +This command really needs rewriting or the required functionality +exposed at either a command or interface level so a more friendly utility +(perl script or \s-1GUI\s0) can handle things properly. The script +\&\fB\s-1CA\s0.pl\fR helps a little but not very much. +.PP +Any fields in a request that are not present in a policy are silently +deleted. This does not happen if the \fB\-preserveDN\fR option is used. To +enforce the absence of the \s-1EMAIL\s0 field within the \s-1DN\s0, as suggested by +RFCs, regardless the contents of the request' subject the \fB\-noemailDN\fR +option can be used. The behaviour should be more friendly and +configurable. +.PP +Canceling some commands by refusing to certify a certificate can +create an empty file. +.SH "WARNINGS" +.IX Header "WARNINGS" +This command is quirky and at times downright unfriendly. +.PP +This command was originally meant as an example of how to do +things in a \s-1CA\s0. It was not supposed to be used as a full blown \s-1CA\s0 itself: +nevertheless some people are using it for this purpose. +.PP +This command command is effectively a single user command: no locking +is done on the various files and attempts to run more than one \fBopenssl ca\fR +command on the same database can have unpredictable results. +.PP +The \fBcopy_extensions\fR option should be used with caution. If care is +not taken then it can be a security risk. For example if a certificate +request contains a basicConstraints extension with \s-1CA:TRUE\s0 and the +\&\fBcopy_extensions\fR value is set to \fBcopyall\fR and the user does not spot +this when the certificate is displayed then this will hand the requester +a valid \s-1CA\s0 certificate. +.PP +This situation can be avoided by setting \fBcopy_extensions\fR to \fBcopy\fR +and including basicConstraints with \s-1CA:FALSE\s0 in the configuration file. +Then if the request contains a basicConstraints extension it will be +ignored. +.PP +It is advisable to also include values for other extensions such +as \fBkeyUsage\fR to prevent a request supplying its own values. +.PP +Additional restrictions can be placed on the \s-1CA\s0 certificate itself. +For example if the \s-1CA\s0 certificate has: +.PP +.Vb 1 +\& basicConstraints = CA:TRUE, pathlen:0 +.Ve +.PP +then even if a certificate is issued with \s-1CA:TRUE\s0 it will not be valid. +.SH "HISTORY" +.IX Header "HISTORY" +Since OpenSSL 1.1.1, the program follows \s-1RFC5280\s0. Specifically, +certificate validity period (specified by any of \fB\-startdate\fR, +\&\fB\-enddate\fR and \fB\-days\fR) will be encoded as UTCTime if the dates are +earlier than year 2049 (included), and as GeneralizedTime if the dates +are in year 2050 or later. +.PP +OpenSSL 1.1.1 introduced a new random generator (\s-1CSPRNG\s0) with an improved +seeding mechanism. The new seeding mechanism makes it unnecessary to +define a \s-1RANDFILE\s0 for saving and restoring randomness. This option is +retained mainly for compatibility reasons. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIopenssl\-req\fR\|(1), +\&\fIopenssl\-spkac\fR\|(1), +\&\fIopenssl\-x509\fR\|(1), +\&\s-1\fICA\s0.pl\fR\|(1), +\&\fIconfig\fR\|(5), +\&\fIx509v3_config\fR\|(5) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man1/openssl-ciphers.1 b/linux_amd64/ssl/share/man/man1/openssl-ciphers.1 new file mode 100755 index 0000000..0bec55a --- /dev/null +++ b/linux_amd64/ssl/share/man/man1/openssl-ciphers.1 @@ -0,0 +1,863 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-CIPHERS 1" +.TH OPENSSL-CIPHERS 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-ciphers \- SSL cipher display and cipher list tool +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBciphers\fR +[\fB\-help\fR] +[\fB\-s\fR] +[\fB\-v\fR] +[\fB\-V\fR] +[\fB\-ssl3\fR] +[\fB\-tls1\fR] +[\fB\-tls1_1\fR] +[\fB\-tls1_2\fR] +[\fB\-tls1_3\fR] +[\fB\-s\fR] +[\fB\-psk\fR] +[\fB\-srp\fR] +[\fB\-stdname\fR] +[\fB\-convert\fR \fIname\fR] +[\fB\-ciphersuites\fR \fIval\fR] +[\fIcipherlist\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command converts textual OpenSSL cipher lists into +ordered \s-1SSL\s0 cipher preference lists. It can be used as a test tool to +determine the appropriate cipherlist. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print a usage message. +.IP "\fB\-s\fR" 4 +.IX Item "-s" +Only list supported ciphers: those consistent with the security level, and +minimum and maximum protocol version. This is closer to the actual cipher list +an application will support. +.Sp +\&\s-1PSK\s0 and \s-1SRP\s0 ciphers are not enabled by default: they require \fB\-psk\fR or \fB\-srp\fR +to enable them. +.Sp +It also does not change the default list of supported signature algorithms. +.Sp +On a server the list of supported ciphers might also exclude other ciphers +depending on the configured certificates and presence of \s-1DH\s0 parameters. +.Sp +If this option is not used then all ciphers that match the cipherlist will be +listed. +.IP "\fB\-psk\fR" 4 +.IX Item "-psk" +When combined with \fB\-s\fR includes cipher suites which require \s-1PSK\s0. +.IP "\fB\-srp\fR" 4 +.IX Item "-srp" +When combined with \fB\-s\fR includes cipher suites which require \s-1SRP\s0. +.IP "\fB\-v\fR" 4 +.IX Item "-v" +Verbose output: For each cipher suite, list details as provided by +\&\fISSL_CIPHER_description\fR\|(3). +.IP "\fB\-V\fR" 4 +.IX Item "-V" +Like \fB\-v\fR, but include the official cipher suite values in hex. +.IP "\fB\-tls1_3\fR, \fB\-tls1_2\fR, \fB\-tls1_1\fR, \fB\-tls1\fR, \fB\-ssl3\fR" 4 +.IX Item "-tls1_3, -tls1_2, -tls1_1, -tls1, -ssl3" +In combination with the \fB\-s\fR option, list the ciphers which could be used if +the specified protocol were negotiated. +Note that not all protocols and flags may be available, depending on how +OpenSSL was built. +.IP "\fB\-stdname\fR" 4 +.IX Item "-stdname" +Precede each cipher suite by its standard name. +.IP "\fB\-convert\fR \fIname\fR" 4 +.IX Item "-convert name" +Convert a standard cipher \fIname\fR to its OpenSSL name. +.IP "\fB\-ciphersuites\fR \fIval\fR" 4 +.IX Item "-ciphersuites val" +Sets the list of TLSv1.3 ciphersuites. This list will be combined with any +TLSv1.2 and below ciphersuites that have been configured. The format for this +list is a simple colon (\*(L":\*(R") separated list of TLSv1.3 ciphersuite names. By +default this value is: +.Sp +.Vb 1 +\& TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 +.Ve +.IP "\fBcipherlist\fR" 4 +.IX Item "cipherlist" +A cipher list of TLSv1.2 and below ciphersuites to convert to a cipher +preference list. This list will be combined with any TLSv1.3 ciphersuites that +have been configured. If it is not included then the default cipher list will be +used. The format is described below. +.SH "CIPHER LIST FORMAT" +.IX Header "CIPHER LIST FORMAT" +The cipher list consists of one or more \fIcipher strings\fR separated by colons. +Commas or spaces are also acceptable separators but colons are normally used. +.PP +The actual cipher string can take several different forms. +.PP +It can consist of a single cipher suite such as \fB\s-1RC4\-SHA\s0\fR. +.PP +It can represent a list of cipher suites containing a certain algorithm, or +cipher suites of a certain type. For example \fB\s-1SHA1\s0\fR represents all ciphers +suites using the digest algorithm \s-1SHA1\s0 and \fBSSLv3\fR represents all \s-1SSL\s0 v3 +algorithms. +.PP +Lists of cipher suites can be combined in a single cipher string using the +\&\fB+\fR character. This is used as a logical \fBand\fR operation. For example +\&\fB\s-1SHA1+DES\s0\fR represents all cipher suites containing the \s-1SHA1\s0 \fBand\fR the \s-1DES\s0 +algorithms. +.PP +Each cipher string can be optionally preceded by the characters \fB!\fR, +\&\fB\-\fR or \fB+\fR. +.PP +If \fB!\fR is used then the ciphers are permanently deleted from the list. +The ciphers deleted can never reappear in the list even if they are +explicitly stated. +.PP +If \fB\-\fR is used then the ciphers are deleted from the list, but some or +all of the ciphers can be added again by later options. +.PP +If \fB+\fR is used then the ciphers are moved to the end of the list. This +option doesn't add any new ciphers it just moves matching existing ones. +.PP +If none of these characters is present then the string is just interpreted +as a list of ciphers to be appended to the current preference list. If the +list includes any ciphers already present they will be ignored: that is they +will not moved to the end of the list. +.PP +The cipher string \fB\f(CB@STRENGTH\fB\fR can be used at any point to sort the current +cipher list in order of encryption algorithm key length. +.PP +The cipher string \fB\f(CB@SECLEVEL\fB\fR=\fIn\fR can be used at any point to set the security +level to \fIn\fR, which should be a number between zero and five, inclusive. +See \fISSL_CTX_set_security_level\fR\|(3) for a description of what each level means. +.PP +The cipher list can be prefixed with the \fB\s-1DEFAULT\s0\fR keyword, which enables +the default cipher list as defined below. Unlike cipher strings, +this prefix may not be combined with other strings using \fB+\fR character. +For example, \fB\s-1DEFAULT+DES\s0\fR is not valid. +.PP +The content of the default list is determined at compile time and normally +corresponds to \fB\s-1ALL:\s0!COMPLEMENTOFDEFAULT:!eNULL\fR. +.SH "CIPHER STRINGS" +.IX Header "CIPHER STRINGS" +The following is a list of all permitted cipher strings and their meanings. +.IP "\fB\s-1COMPLEMENTOFDEFAULT\s0\fR" 4 +.IX Item "COMPLEMENTOFDEFAULT" +The ciphers included in \fB\s-1ALL\s0\fR, but not enabled by default. Currently +this includes all \s-1RC4\s0 and anonymous ciphers. Note that this rule does +not cover \fBeNULL\fR, which is not included by \fB\s-1ALL\s0\fR (use \fB\s-1COMPLEMENTOFALL\s0\fR if +necessary). Note that \s-1RC4\s0 based cipher suites are not built into OpenSSL by +default (see the enable-weak-ssl-ciphers option to Configure). +.IP "\fB\s-1ALL\s0\fR" 4 +.IX Item "ALL" +All cipher suites except the \fBeNULL\fR ciphers (which must be explicitly enabled +if needed). +As of OpenSSL 1.0.0, the \fB\s-1ALL\s0\fR cipher suites are sensibly ordered by default. +.IP "\fB\s-1COMPLEMENTOFALL\s0\fR" 4 +.IX Item "COMPLEMENTOFALL" +The cipher suites not enabled by \fB\s-1ALL\s0\fR, currently \fBeNULL\fR. +.IP "\fB\s-1HIGH\s0\fR" 4 +.IX Item "HIGH" +\&\*(L"High\*(R" encryption cipher suites. This currently means those with key lengths +larger than 128 bits, and some cipher suites with 128\-bit keys. +.IP "\fB\s-1MEDIUM\s0\fR" 4 +.IX Item "MEDIUM" +\&\*(L"Medium\*(R" encryption cipher suites, currently some of those using 128 bit +encryption. +.IP "\fB\s-1LOW\s0\fR" 4 +.IX Item "LOW" +\&\*(L"Low\*(R" encryption cipher suites, currently those using 64 or 56 bit +encryption algorithms but excluding export cipher suites. All these +cipher suites have been removed as of OpenSSL 1.1.0. +.IP "\fBeNULL\fR, \fB\s-1NULL\s0\fR" 4 +.IX Item "eNULL, NULL" +The \*(L"\s-1NULL\s0\*(R" ciphers that is those offering no encryption. Because these offer no +encryption at all and are a security risk they are not enabled via either the +\&\fB\s-1DEFAULT\s0\fR or \fB\s-1ALL\s0\fR cipher strings. +Be careful when building cipherlists out of lower-level primitives such as +\&\fBkRSA\fR or \fBaECDSA\fR as these do overlap with the \fBeNULL\fR ciphers. When in +doubt, include \fB!eNULL\fR in your cipherlist. +.IP "\fBaNULL\fR" 4 +.IX Item "aNULL" +The cipher suites offering no authentication. This is currently the anonymous +\&\s-1DH\s0 algorithms and anonymous \s-1ECDH\s0 algorithms. These cipher suites are vulnerable +to \*(L"man in the middle\*(R" attacks and so their use is discouraged. +These are excluded from the \fB\s-1DEFAULT\s0\fR ciphers, but included in the \fB\s-1ALL\s0\fR +ciphers. +Be careful when building cipherlists out of lower-level primitives such as +\&\fBkDHE\fR or \fB\s-1AES\s0\fR as these do overlap with the \fBaNULL\fR ciphers. +When in doubt, include \fB!aNULL\fR in your cipherlist. +.IP "\fBkRSA\fR, \fBaRSA\fR, \fB\s-1RSA\s0\fR" 4 +.IX Item "kRSA, aRSA, RSA" +Cipher suites using \s-1RSA\s0 key exchange or authentication. \fB\s-1RSA\s0\fR is an alias for +\&\fBkRSA\fR. +.IP "\fBkDHr\fR, \fBkDHd\fR, \fBkDH\fR" 4 +.IX Item "kDHr, kDHd, kDH" +Cipher suites using static \s-1DH\s0 key agreement and \s-1DH\s0 certificates signed by CAs +with \s-1RSA\s0 and \s-1DSS\s0 keys or either respectively. +All these cipher suites have been removed in OpenSSL 1.1.0. +.IP "\fBkDHE\fR, \fBkEDH\fR, \fB\s-1DH\s0\fR" 4 +.IX Item "kDHE, kEDH, DH" +Cipher suites using ephemeral \s-1DH\s0 key agreement, including anonymous cipher +suites. +.IP "\fB\s-1DHE\s0\fR, \fB\s-1EDH\s0\fR" 4 +.IX Item "DHE, EDH" +Cipher suites using authenticated ephemeral \s-1DH\s0 key agreement. +.IP "\fB\s-1ADH\s0\fR" 4 +.IX Item "ADH" +Anonymous \s-1DH\s0 cipher suites, note that this does not include anonymous Elliptic +Curve \s-1DH\s0 (\s-1ECDH\s0) cipher suites. +.IP "\fBkEECDH\fR, \fBkECDHE\fR, \fB\s-1ECDH\s0\fR" 4 +.IX Item "kEECDH, kECDHE, ECDH" +Cipher suites using ephemeral \s-1ECDH\s0 key agreement, including anonymous +cipher suites. +.IP "\fB\s-1ECDHE\s0\fR, \fB\s-1EECDH\s0\fR" 4 +.IX Item "ECDHE, EECDH" +Cipher suites using authenticated ephemeral \s-1ECDH\s0 key agreement. +.IP "\fB\s-1AECDH\s0\fR" 4 +.IX Item "AECDH" +Anonymous Elliptic Curve Diffie-Hellman cipher suites. +.IP "\fBaDSS\fR, \fB\s-1DSS\s0\fR" 4 +.IX Item "aDSS, DSS" +Cipher suites using \s-1DSS\s0 authentication, i.e. the certificates carry \s-1DSS\s0 keys. +.IP "\fBaDH\fR" 4 +.IX Item "aDH" +Cipher suites effectively using \s-1DH\s0 authentication, i.e. the certificates carry +\&\s-1DH\s0 keys. +All these cipher suites have been removed in OpenSSL 1.1.0. +.IP "\fBaECDSA\fR, \fB\s-1ECDSA\s0\fR" 4 +.IX Item "aECDSA, ECDSA" +Cipher suites using \s-1ECDSA\s0 authentication, i.e. the certificates carry \s-1ECDSA\s0 +keys. +.IP "\fBTLSv1.2\fR, \fBTLSv1.0\fR, \fBSSLv3\fR" 4 +.IX Item "TLSv1.2, TLSv1.0, SSLv3" +Lists cipher suites which are only supported in at least \s-1TLS\s0 v1.2, \s-1TLS\s0 v1.0 or +\&\s-1SSL\s0 v3.0 respectively. +Note: there are no cipher suites specific to \s-1TLS\s0 v1.1. +Since this is only the minimum version, if, for example, TLSv1.0 is negotiated +then both TLSv1.0 and SSLv3.0 cipher suites are available. +.Sp +Note: these cipher strings \fBdo not\fR change the negotiated version of \s-1SSL\s0 or +\&\s-1TLS\s0, they only affect the list of available cipher suites. +.IP "\fB\s-1AES128\s0\fR, \fB\s-1AES256\s0\fR, \fB\s-1AES\s0\fR" 4 +.IX Item "AES128, AES256, AES" +cipher suites using 128 bit \s-1AES\s0, 256 bit \s-1AES\s0 or either 128 or 256 bit \s-1AES\s0. +.IP "\fB\s-1AESGCM\s0\fR" 4 +.IX Item "AESGCM" +\&\s-1AES\s0 in Galois Counter Mode (\s-1GCM\s0): these cipher suites are only supported +in \s-1TLS\s0 v1.2. +.IP "\fB\s-1AESCCM\s0\fR, \fB\s-1AESCCM8\s0\fR" 4 +.IX Item "AESCCM, AESCCM8" +\&\s-1AES\s0 in Cipher Block Chaining \- Message Authentication Mode (\s-1CCM\s0): these +cipher suites are only supported in \s-1TLS\s0 v1.2. \fB\s-1AESCCM\s0\fR references \s-1CCM\s0 +cipher suites using both 16 and 8 octet Integrity Check Value (\s-1ICV\s0) +while \fB\s-1AESCCM8\s0\fR only references 8 octet \s-1ICV\s0. +.IP "\fB\s-1ARIA128\s0\fR, \fB\s-1ARIA256\s0\fR, \fB\s-1ARIA\s0\fR" 4 +.IX Item "ARIA128, ARIA256, ARIA" +Cipher suites using 128 bit \s-1ARIA\s0, 256 bit \s-1ARIA\s0 or either 128 or 256 bit +\&\s-1ARIA\s0. +.IP "\fB\s-1CAMELLIA128\s0\fR, \fB\s-1CAMELLIA256\s0\fR, \fB\s-1CAMELLIA\s0\fR" 4 +.IX Item "CAMELLIA128, CAMELLIA256, CAMELLIA" +Cipher suites using 128 bit \s-1CAMELLIA\s0, 256 bit \s-1CAMELLIA\s0 or either 128 or 256 bit +\&\s-1CAMELLIA\s0. +.IP "\fB\s-1CHACHA20\s0\fR" 4 +.IX Item "CHACHA20" +Cipher suites using ChaCha20. +.IP "\fB3DES\fR" 4 +.IX Item "3DES" +Cipher suites using triple \s-1DES\s0. +.IP "\fB\s-1DES\s0\fR" 4 +.IX Item "DES" +Cipher suites using \s-1DES\s0 (not triple \s-1DES\s0). +All these cipher suites have been removed in OpenSSL 1.1.0. +.IP "\fB\s-1RC4\s0\fR" 4 +.IX Item "RC4" +Cipher suites using \s-1RC4\s0. +.IP "\fB\s-1RC2\s0\fR" 4 +.IX Item "RC2" +Cipher suites using \s-1RC2\s0. +.IP "\fB\s-1IDEA\s0\fR" 4 +.IX Item "IDEA" +Cipher suites using \s-1IDEA\s0. +.IP "\fB\s-1SEED\s0\fR" 4 +.IX Item "SEED" +Cipher suites using \s-1SEED\s0. +.IP "\fB\s-1MD5\s0\fR" 4 +.IX Item "MD5" +Cipher suites using \s-1MD5\s0. +.IP "\fB\s-1SHA1\s0\fR, \fB\s-1SHA\s0\fR" 4 +.IX Item "SHA1, SHA" +Cipher suites using \s-1SHA1\s0. +.IP "\fB\s-1SHA256\s0\fR, \fB\s-1SHA384\s0\fR" 4 +.IX Item "SHA256, SHA384" +Cipher suites using \s-1SHA256\s0 or \s-1SHA384\s0. +.IP "\fBaGOST\fR" 4 +.IX Item "aGOST" +Cipher suites using \s-1GOST\s0 R 34.10 (either 2001 or 94) for authentication +(needs an engine supporting \s-1GOST\s0 algorithms). +.IP "\fBaGOST01\fR" 4 +.IX Item "aGOST01" +Cipher suites using \s-1GOST\s0 R 34.10\-2001 authentication. +.IP "\fBkGOST\fR" 4 +.IX Item "kGOST" +Cipher suites, using \s-1VKO\s0 34.10 key exchange, specified in the \s-1RFC\s0 4357. +.IP "\fB\s-1GOST94\s0\fR" 4 +.IX Item "GOST94" +Cipher suites, using \s-1HMAC\s0 based on \s-1GOST\s0 R 34.11\-94. +.IP "\fB\s-1GOST89MAC\s0\fR" 4 +.IX Item "GOST89MAC" +Cipher suites using \s-1GOST\s0 28147\-89 \s-1MAC\s0 \fBinstead of\fR \s-1HMAC\s0. +.IP "\fB\s-1PSK\s0\fR" 4 +.IX Item "PSK" +All cipher suites using pre-shared keys (\s-1PSK\s0). +.IP "\fBkPSK\fR, \fBkECDHEPSK\fR, \fBkDHEPSK\fR, \fBkRSAPSK\fR" 4 +.IX Item "kPSK, kECDHEPSK, kDHEPSK, kRSAPSK" +Cipher suites using \s-1PSK\s0 key exchange, \s-1ECDHE_PSK\s0, \s-1DHE_PSK\s0 or \s-1RSA_PSK\s0. +.IP "\fBaPSK\fR" 4 +.IX Item "aPSK" +Cipher suites using \s-1PSK\s0 authentication (currently all \s-1PSK\s0 modes apart from +\&\s-1RSA_PSK\s0). +.IP "\fB\s-1SUITEB128\s0\fR, \fB\s-1SUITEB128ONLY\s0\fR, \fB\s-1SUITEB192\s0\fR" 4 +.IX Item "SUITEB128, SUITEB128ONLY, SUITEB192" +Enables suite B mode of operation using 128 (permitting 192 bit mode by peer) +128 bit (not permitting 192 bit by peer) or 192 bit level of security +respectively. +If used these cipherstrings should appear first in the cipher +list and anything after them is ignored. +Setting Suite B mode has additional consequences required to comply with +\&\s-1RFC6460\s0. +In particular the supported signature algorithms is reduced to support only +\&\s-1ECDSA\s0 and \s-1SHA256\s0 or \s-1SHA384\s0, only the elliptic curves P\-256 and P\-384 can be +used and only the two suite B compliant cipher suites +(\s-1ECDHE\-ECDSA\-AES128\-GCM\-SHA256\s0 and \s-1ECDHE\-ECDSA\-AES256\-GCM\-SHA384\s0) are +permissible. +.SH "CIPHER SUITE NAMES" +.IX Header "CIPHER SUITE NAMES" +The following lists give the \s-1SSL\s0 or \s-1TLS\s0 cipher suites names from the +relevant specification and their OpenSSL equivalents. It should be noted, +that several cipher suite names do not include the authentication used, +e.g. \s-1DES\-CBC3\-SHA\s0. In these cases, \s-1RSA\s0 authentication is used. +.SS "\s-1SSL\s0 v3.0 cipher suites" +.IX Subsection "SSL v3.0 cipher suites" +.Vb 6 +\& SSL_RSA_WITH_NULL_MD5 NULL\-MD5 +\& SSL_RSA_WITH_NULL_SHA NULL\-SHA +\& SSL_RSA_WITH_RC4_128_MD5 RC4\-MD5 +\& SSL_RSA_WITH_RC4_128_SHA RC4\-SHA +\& SSL_RSA_WITH_IDEA_CBC_SHA IDEA\-CBC\-SHA +\& SSL_RSA_WITH_3DES_EDE_CBC_SHA DES\-CBC3\-SHA +\& +\& SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA DH\-DSS\-DES\-CBC3\-SHA +\& SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA DH\-RSA\-DES\-CBC3\-SHA +\& SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA DHE\-DSS\-DES\-CBC3\-SHA +\& SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA DHE\-RSA\-DES\-CBC3\-SHA +\& +\& SSL_DH_anon_WITH_RC4_128_MD5 ADH\-RC4\-MD5 +\& SSL_DH_anon_WITH_3DES_EDE_CBC_SHA ADH\-DES\-CBC3\-SHA +\& +\& SSL_FORTEZZA_KEA_WITH_NULL_SHA Not implemented. +\& SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA Not implemented. +\& SSL_FORTEZZA_KEA_WITH_RC4_128_SHA Not implemented. +.Ve +.SS "\s-1TLS\s0 v1.0 cipher suites" +.IX Subsection "TLS v1.0 cipher suites" +.Vb 6 +\& TLS_RSA_WITH_NULL_MD5 NULL\-MD5 +\& TLS_RSA_WITH_NULL_SHA NULL\-SHA +\& TLS_RSA_WITH_RC4_128_MD5 RC4\-MD5 +\& TLS_RSA_WITH_RC4_128_SHA RC4\-SHA +\& TLS_RSA_WITH_IDEA_CBC_SHA IDEA\-CBC\-SHA +\& TLS_RSA_WITH_3DES_EDE_CBC_SHA DES\-CBC3\-SHA +\& +\& TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA Not implemented. +\& TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA Not implemented. +\& TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA DHE\-DSS\-DES\-CBC3\-SHA +\& TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA DHE\-RSA\-DES\-CBC3\-SHA +\& +\& TLS_DH_anon_WITH_RC4_128_MD5 ADH\-RC4\-MD5 +\& TLS_DH_anon_WITH_3DES_EDE_CBC_SHA ADH\-DES\-CBC3\-SHA +.Ve +.SS "\s-1AES\s0 cipher suites from \s-1RFC3268\s0, extending \s-1TLS\s0 v1.0" +.IX Subsection "AES cipher suites from RFC3268, extending TLS v1.0" +.Vb 2 +\& TLS_RSA_WITH_AES_128_CBC_SHA AES128\-SHA +\& TLS_RSA_WITH_AES_256_CBC_SHA AES256\-SHA +\& +\& TLS_DH_DSS_WITH_AES_128_CBC_SHA DH\-DSS\-AES128\-SHA +\& TLS_DH_DSS_WITH_AES_256_CBC_SHA DH\-DSS\-AES256\-SHA +\& TLS_DH_RSA_WITH_AES_128_CBC_SHA DH\-RSA\-AES128\-SHA +\& TLS_DH_RSA_WITH_AES_256_CBC_SHA DH\-RSA\-AES256\-SHA +\& +\& TLS_DHE_DSS_WITH_AES_128_CBC_SHA DHE\-DSS\-AES128\-SHA +\& TLS_DHE_DSS_WITH_AES_256_CBC_SHA DHE\-DSS\-AES256\-SHA +\& TLS_DHE_RSA_WITH_AES_128_CBC_SHA DHE\-RSA\-AES128\-SHA +\& TLS_DHE_RSA_WITH_AES_256_CBC_SHA DHE\-RSA\-AES256\-SHA +\& +\& TLS_DH_anon_WITH_AES_128_CBC_SHA ADH\-AES128\-SHA +\& TLS_DH_anon_WITH_AES_256_CBC_SHA ADH\-AES256\-SHA +.Ve +.SS "Camellia cipher suites from \s-1RFC4132\s0, extending \s-1TLS\s0 v1.0" +.IX Subsection "Camellia cipher suites from RFC4132, extending TLS v1.0" +.Vb 2 +\& TLS_RSA_WITH_CAMELLIA_128_CBC_SHA CAMELLIA128\-SHA +\& TLS_RSA_WITH_CAMELLIA_256_CBC_SHA CAMELLIA256\-SHA +\& +\& TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA DH\-DSS\-CAMELLIA128\-SHA +\& TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA DH\-DSS\-CAMELLIA256\-SHA +\& TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA DH\-RSA\-CAMELLIA128\-SHA +\& TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA DH\-RSA\-CAMELLIA256\-SHA +\& +\& TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA DHE\-DSS\-CAMELLIA128\-SHA +\& TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA DHE\-DSS\-CAMELLIA256\-SHA +\& TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA DHE\-RSA\-CAMELLIA128\-SHA +\& TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA DHE\-RSA\-CAMELLIA256\-SHA +\& +\& TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA ADH\-CAMELLIA128\-SHA +\& TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA ADH\-CAMELLIA256\-SHA +.Ve +.SS "\s-1SEED\s0 cipher suites from \s-1RFC4162\s0, extending \s-1TLS\s0 v1.0" +.IX Subsection "SEED cipher suites from RFC4162, extending TLS v1.0" +.Vb 1 +\& TLS_RSA_WITH_SEED_CBC_SHA SEED\-SHA +\& +\& TLS_DH_DSS_WITH_SEED_CBC_SHA DH\-DSS\-SEED\-SHA +\& TLS_DH_RSA_WITH_SEED_CBC_SHA DH\-RSA\-SEED\-SHA +\& +\& TLS_DHE_DSS_WITH_SEED_CBC_SHA DHE\-DSS\-SEED\-SHA +\& TLS_DHE_RSA_WITH_SEED_CBC_SHA DHE\-RSA\-SEED\-SHA +\& +\& TLS_DH_anon_WITH_SEED_CBC_SHA ADH\-SEED\-SHA +.Ve +.SS "\s-1GOST\s0 cipher suites from draft-chudov-cryptopro-cptls, extending \s-1TLS\s0 v1.0" +.IX Subsection "GOST cipher suites from draft-chudov-cryptopro-cptls, extending TLS v1.0" +Note: these ciphers require an engine which including \s-1GOST\s0 cryptographic +algorithms, such as the \fBgost\fR engine, which isn't part of the OpenSSL +distribution. +.PP +.Vb 4 +\& TLS_GOSTR341094_WITH_28147_CNT_IMIT GOST94\-GOST89\-GOST89 +\& TLS_GOSTR341001_WITH_28147_CNT_IMIT GOST2001\-GOST89\-GOST89 +\& TLS_GOSTR341094_WITH_NULL_GOSTR3411 GOST94\-NULL\-GOST94 +\& TLS_GOSTR341001_WITH_NULL_GOSTR3411 GOST2001\-NULL\-GOST94 +.Ve +.SS "Additional Export 1024 and other cipher suites" +.IX Subsection "Additional Export 1024 and other cipher suites" +Note: these ciphers can also be used in \s-1SSL\s0 v3. +.PP +.Vb 1 +\& TLS_DHE_DSS_WITH_RC4_128_SHA DHE\-DSS\-RC4\-SHA +.Ve +.SS "Elliptic curve cipher suites" +.IX Subsection "Elliptic curve cipher suites" +.Vb 5 +\& TLS_ECDHE_RSA_WITH_NULL_SHA ECDHE\-RSA\-NULL\-SHA +\& TLS_ECDHE_RSA_WITH_RC4_128_SHA ECDHE\-RSA\-RC4\-SHA +\& TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA ECDHE\-RSA\-DES\-CBC3\-SHA +\& TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ECDHE\-RSA\-AES128\-SHA +\& TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDHE\-RSA\-AES256\-SHA +\& +\& TLS_ECDHE_ECDSA_WITH_NULL_SHA ECDHE\-ECDSA\-NULL\-SHA +\& TLS_ECDHE_ECDSA_WITH_RC4_128_SHA ECDHE\-ECDSA\-RC4\-SHA +\& TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA ECDHE\-ECDSA\-DES\-CBC3\-SHA +\& TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA ECDHE\-ECDSA\-AES128\-SHA +\& TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA ECDHE\-ECDSA\-AES256\-SHA +\& +\& TLS_ECDH_anon_WITH_NULL_SHA AECDH\-NULL\-SHA +\& TLS_ECDH_anon_WITH_RC4_128_SHA AECDH\-RC4\-SHA +\& TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA AECDH\-DES\-CBC3\-SHA +\& TLS_ECDH_anon_WITH_AES_128_CBC_SHA AECDH\-AES128\-SHA +\& TLS_ECDH_anon_WITH_AES_256_CBC_SHA AECDH\-AES256\-SHA +.Ve +.SS "\s-1TLS\s0 v1.2 cipher suites" +.IX Subsection "TLS v1.2 cipher suites" +.Vb 1 +\& TLS_RSA_WITH_NULL_SHA256 NULL\-SHA256 +\& +\& TLS_RSA_WITH_AES_128_CBC_SHA256 AES128\-SHA256 +\& TLS_RSA_WITH_AES_256_CBC_SHA256 AES256\-SHA256 +\& TLS_RSA_WITH_AES_128_GCM_SHA256 AES128\-GCM\-SHA256 +\& TLS_RSA_WITH_AES_256_GCM_SHA384 AES256\-GCM\-SHA384 +\& +\& TLS_DH_RSA_WITH_AES_128_CBC_SHA256 DH\-RSA\-AES128\-SHA256 +\& TLS_DH_RSA_WITH_AES_256_CBC_SHA256 DH\-RSA\-AES256\-SHA256 +\& TLS_DH_RSA_WITH_AES_128_GCM_SHA256 DH\-RSA\-AES128\-GCM\-SHA256 +\& TLS_DH_RSA_WITH_AES_256_GCM_SHA384 DH\-RSA\-AES256\-GCM\-SHA384 +\& +\& TLS_DH_DSS_WITH_AES_128_CBC_SHA256 DH\-DSS\-AES128\-SHA256 +\& TLS_DH_DSS_WITH_AES_256_CBC_SHA256 DH\-DSS\-AES256\-SHA256 +\& TLS_DH_DSS_WITH_AES_128_GCM_SHA256 DH\-DSS\-AES128\-GCM\-SHA256 +\& TLS_DH_DSS_WITH_AES_256_GCM_SHA384 DH\-DSS\-AES256\-GCM\-SHA384 +\& +\& TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 DHE\-RSA\-AES128\-SHA256 +\& TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 DHE\-RSA\-AES256\-SHA256 +\& TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 DHE\-RSA\-AES128\-GCM\-SHA256 +\& TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DHE\-RSA\-AES256\-GCM\-SHA384 +\& +\& TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 DHE\-DSS\-AES128\-SHA256 +\& TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 DHE\-DSS\-AES256\-SHA256 +\& TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 DHE\-DSS\-AES128\-GCM\-SHA256 +\& TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 DHE\-DSS\-AES256\-GCM\-SHA384 +\& +\& TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDHE\-RSA\-AES128\-SHA256 +\& TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDHE\-RSA\-AES256\-SHA384 +\& TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDHE\-RSA\-AES128\-GCM\-SHA256 +\& TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDHE\-RSA\-AES256\-GCM\-SHA384 +\& +\& TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 ECDHE\-ECDSA\-AES128\-SHA256 +\& TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 ECDHE\-ECDSA\-AES256\-SHA384 +\& TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDHE\-ECDSA\-AES128\-GCM\-SHA256 +\& TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDHE\-ECDSA\-AES256\-GCM\-SHA384 +\& +\& TLS_DH_anon_WITH_AES_128_CBC_SHA256 ADH\-AES128\-SHA256 +\& TLS_DH_anon_WITH_AES_256_CBC_SHA256 ADH\-AES256\-SHA256 +\& TLS_DH_anon_WITH_AES_128_GCM_SHA256 ADH\-AES128\-GCM\-SHA256 +\& TLS_DH_anon_WITH_AES_256_GCM_SHA384 ADH\-AES256\-GCM\-SHA384 +\& +\& RSA_WITH_AES_128_CCM AES128\-CCM +\& RSA_WITH_AES_256_CCM AES256\-CCM +\& DHE_RSA_WITH_AES_128_CCM DHE\-RSA\-AES128\-CCM +\& DHE_RSA_WITH_AES_256_CCM DHE\-RSA\-AES256\-CCM +\& RSA_WITH_AES_128_CCM_8 AES128\-CCM8 +\& RSA_WITH_AES_256_CCM_8 AES256\-CCM8 +\& DHE_RSA_WITH_AES_128_CCM_8 DHE\-RSA\-AES128\-CCM8 +\& DHE_RSA_WITH_AES_256_CCM_8 DHE\-RSA\-AES256\-CCM8 +\& ECDHE_ECDSA_WITH_AES_128_CCM ECDHE\-ECDSA\-AES128\-CCM +\& ECDHE_ECDSA_WITH_AES_256_CCM ECDHE\-ECDSA\-AES256\-CCM +\& ECDHE_ECDSA_WITH_AES_128_CCM_8 ECDHE\-ECDSA\-AES128\-CCM8 +\& ECDHE_ECDSA_WITH_AES_256_CCM_8 ECDHE\-ECDSA\-AES256\-CCM8 +.Ve +.SS "\s-1ARIA\s0 cipher suites from \s-1RFC6209\s0, extending \s-1TLS\s0 v1.2" +.IX Subsection "ARIA cipher suites from RFC6209, extending TLS v1.2" +Note: the \s-1CBC\s0 modes mentioned in this \s-1RFC\s0 are not supported. +.PP +.Vb 10 +\& TLS_RSA_WITH_ARIA_128_GCM_SHA256 ARIA128\-GCM\-SHA256 +\& TLS_RSA_WITH_ARIA_256_GCM_SHA384 ARIA256\-GCM\-SHA384 +\& TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 DHE\-RSA\-ARIA128\-GCM\-SHA256 +\& TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 DHE\-RSA\-ARIA256\-GCM\-SHA384 +\& TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256 DHE\-DSS\-ARIA128\-GCM\-SHA256 +\& TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384 DHE\-DSS\-ARIA256\-GCM\-SHA384 +\& TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 ECDHE\-ECDSA\-ARIA128\-GCM\-SHA256 +\& TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 ECDHE\-ECDSA\-ARIA256\-GCM\-SHA384 +\& TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 ECDHE\-ARIA128\-GCM\-SHA256 +\& TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 ECDHE\-ARIA256\-GCM\-SHA384 +\& TLS_PSK_WITH_ARIA_128_GCM_SHA256 PSK\-ARIA128\-GCM\-SHA256 +\& TLS_PSK_WITH_ARIA_256_GCM_SHA384 PSK\-ARIA256\-GCM\-SHA384 +\& TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 DHE\-PSK\-ARIA128\-GCM\-SHA256 +\& TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 DHE\-PSK\-ARIA256\-GCM\-SHA384 +\& TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 RSA\-PSK\-ARIA128\-GCM\-SHA256 +\& TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 RSA\-PSK\-ARIA256\-GCM\-SHA384 +.Ve +.SS "Camellia HMAC-Based cipher suites from \s-1RFC6367\s0, extending \s-1TLS\s0 v1.2" +.IX Subsection "Camellia HMAC-Based cipher suites from RFC6367, extending TLS v1.2" +.Vb 4 +\& TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 ECDHE\-ECDSA\-CAMELLIA128\-SHA256 +\& TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 ECDHE\-ECDSA\-CAMELLIA256\-SHA384 +\& TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 ECDHE\-RSA\-CAMELLIA128\-SHA256 +\& TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 ECDHE\-RSA\-CAMELLIA256\-SHA384 +.Ve +.SS "Pre-shared keying (\s-1PSK\s0) cipher suites" +.IX Subsection "Pre-shared keying (PSK) cipher suites" +.Vb 3 +\& PSK_WITH_NULL_SHA PSK\-NULL\-SHA +\& DHE_PSK_WITH_NULL_SHA DHE\-PSK\-NULL\-SHA +\& RSA_PSK_WITH_NULL_SHA RSA\-PSK\-NULL\-SHA +\& +\& PSK_WITH_RC4_128_SHA PSK\-RC4\-SHA +\& PSK_WITH_3DES_EDE_CBC_SHA PSK\-3DES\-EDE\-CBC\-SHA +\& PSK_WITH_AES_128_CBC_SHA PSK\-AES128\-CBC\-SHA +\& PSK_WITH_AES_256_CBC_SHA PSK\-AES256\-CBC\-SHA +\& +\& DHE_PSK_WITH_RC4_128_SHA DHE\-PSK\-RC4\-SHA +\& DHE_PSK_WITH_3DES_EDE_CBC_SHA DHE\-PSK\-3DES\-EDE\-CBC\-SHA +\& DHE_PSK_WITH_AES_128_CBC_SHA DHE\-PSK\-AES128\-CBC\-SHA +\& DHE_PSK_WITH_AES_256_CBC_SHA DHE\-PSK\-AES256\-CBC\-SHA +\& +\& RSA_PSK_WITH_RC4_128_SHA RSA\-PSK\-RC4\-SHA +\& RSA_PSK_WITH_3DES_EDE_CBC_SHA RSA\-PSK\-3DES\-EDE\-CBC\-SHA +\& RSA_PSK_WITH_AES_128_CBC_SHA RSA\-PSK\-AES128\-CBC\-SHA +\& RSA_PSK_WITH_AES_256_CBC_SHA RSA\-PSK\-AES256\-CBC\-SHA +\& +\& PSK_WITH_AES_128_GCM_SHA256 PSK\-AES128\-GCM\-SHA256 +\& PSK_WITH_AES_256_GCM_SHA384 PSK\-AES256\-GCM\-SHA384 +\& DHE_PSK_WITH_AES_128_GCM_SHA256 DHE\-PSK\-AES128\-GCM\-SHA256 +\& DHE_PSK_WITH_AES_256_GCM_SHA384 DHE\-PSK\-AES256\-GCM\-SHA384 +\& RSA_PSK_WITH_AES_128_GCM_SHA256 RSA\-PSK\-AES128\-GCM\-SHA256 +\& RSA_PSK_WITH_AES_256_GCM_SHA384 RSA\-PSK\-AES256\-GCM\-SHA384 +\& +\& PSK_WITH_AES_128_CBC_SHA256 PSK\-AES128\-CBC\-SHA256 +\& PSK_WITH_AES_256_CBC_SHA384 PSK\-AES256\-CBC\-SHA384 +\& PSK_WITH_NULL_SHA256 PSK\-NULL\-SHA256 +\& PSK_WITH_NULL_SHA384 PSK\-NULL\-SHA384 +\& DHE_PSK_WITH_AES_128_CBC_SHA256 DHE\-PSK\-AES128\-CBC\-SHA256 +\& DHE_PSK_WITH_AES_256_CBC_SHA384 DHE\-PSK\-AES256\-CBC\-SHA384 +\& DHE_PSK_WITH_NULL_SHA256 DHE\-PSK\-NULL\-SHA256 +\& DHE_PSK_WITH_NULL_SHA384 DHE\-PSK\-NULL\-SHA384 +\& RSA_PSK_WITH_AES_128_CBC_SHA256 RSA\-PSK\-AES128\-CBC\-SHA256 +\& RSA_PSK_WITH_AES_256_CBC_SHA384 RSA\-PSK\-AES256\-CBC\-SHA384 +\& RSA_PSK_WITH_NULL_SHA256 RSA\-PSK\-NULL\-SHA256 +\& RSA_PSK_WITH_NULL_SHA384 RSA\-PSK\-NULL\-SHA384 +\& PSK_WITH_AES_128_GCM_SHA256 PSK\-AES128\-GCM\-SHA256 +\& PSK_WITH_AES_256_GCM_SHA384 PSK\-AES256\-GCM\-SHA384 +\& +\& ECDHE_PSK_WITH_RC4_128_SHA ECDHE\-PSK\-RC4\-SHA +\& ECDHE_PSK_WITH_3DES_EDE_CBC_SHA ECDHE\-PSK\-3DES\-EDE\-CBC\-SHA +\& ECDHE_PSK_WITH_AES_128_CBC_SHA ECDHE\-PSK\-AES128\-CBC\-SHA +\& ECDHE_PSK_WITH_AES_256_CBC_SHA ECDHE\-PSK\-AES256\-CBC\-SHA +\& ECDHE_PSK_WITH_AES_128_CBC_SHA256 ECDHE\-PSK\-AES128\-CBC\-SHA256 +\& ECDHE_PSK_WITH_AES_256_CBC_SHA384 ECDHE\-PSK\-AES256\-CBC\-SHA384 +\& ECDHE_PSK_WITH_NULL_SHA ECDHE\-PSK\-NULL\-SHA +\& ECDHE_PSK_WITH_NULL_SHA256 ECDHE\-PSK\-NULL\-SHA256 +\& ECDHE_PSK_WITH_NULL_SHA384 ECDHE\-PSK\-NULL\-SHA384 +\& +\& PSK_WITH_CAMELLIA_128_CBC_SHA256 PSK\-CAMELLIA128\-SHA256 +\& PSK_WITH_CAMELLIA_256_CBC_SHA384 PSK\-CAMELLIA256\-SHA384 +\& +\& DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 DHE\-PSK\-CAMELLIA128\-SHA256 +\& DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 DHE\-PSK\-CAMELLIA256\-SHA384 +\& +\& RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 RSA\-PSK\-CAMELLIA128\-SHA256 +\& RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 RSA\-PSK\-CAMELLIA256\-SHA384 +\& +\& ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 ECDHE\-PSK\-CAMELLIA128\-SHA256 +\& ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 ECDHE\-PSK\-CAMELLIA256\-SHA384 +\& +\& PSK_WITH_AES_128_CCM PSK\-AES128\-CCM +\& PSK_WITH_AES_256_CCM PSK\-AES256\-CCM +\& DHE_PSK_WITH_AES_128_CCM DHE\-PSK\-AES128\-CCM +\& DHE_PSK_WITH_AES_256_CCM DHE\-PSK\-AES256\-CCM +\& PSK_WITH_AES_128_CCM_8 PSK\-AES128\-CCM8 +\& PSK_WITH_AES_256_CCM_8 PSK\-AES256\-CCM8 +\& DHE_PSK_WITH_AES_128_CCM_8 DHE\-PSK\-AES128\-CCM8 +\& DHE_PSK_WITH_AES_256_CCM_8 DHE\-PSK\-AES256\-CCM8 +.Ve +.SS "ChaCha20\-Poly1305 cipher suites, extending \s-1TLS\s0 v1.2" +.IX Subsection "ChaCha20-Poly1305 cipher suites, extending TLS v1.2" +.Vb 7 +\& TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 ECDHE\-RSA\-CHACHA20\-POLY1305 +\& TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 ECDHE\-ECDSA\-CHACHA20\-POLY1305 +\& TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 DHE\-RSA\-CHACHA20\-POLY1305 +\& TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 PSK\-CHACHA20\-POLY1305 +\& TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 ECDHE\-PSK\-CHACHA20\-POLY1305 +\& TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 DHE\-PSK\-CHACHA20\-POLY1305 +\& TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 RSA\-PSK\-CHACHA20\-POLY1305 +.Ve +.SS "\s-1TLS\s0 v1.3 cipher suites" +.IX Subsection "TLS v1.3 cipher suites" +.Vb 5 +\& TLS_AES_128_GCM_SHA256 TLS_AES_128_GCM_SHA256 +\& TLS_AES_256_GCM_SHA384 TLS_AES_256_GCM_SHA384 +\& TLS_CHACHA20_POLY1305_SHA256 TLS_CHACHA20_POLY1305_SHA256 +\& TLS_AES_128_CCM_SHA256 TLS_AES_128_CCM_SHA256 +\& TLS_AES_128_CCM_8_SHA256 TLS_AES_128_CCM_8_SHA256 +.Ve +.SS "Older names used by OpenSSL" +.IX Subsection "Older names used by OpenSSL" +The following names are accepted by older releases: +.PP +.Vb 2 +\& SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA EDH\-RSA\-DES\-CBC3\-SHA (DHE\-RSA\-DES\-CBC3\-SHA) +\& SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA EDH\-DSS\-DES\-CBC3\-SHA (DHE\-DSS\-DES\-CBC3\-SHA) +.Ve +.SH "NOTES" +.IX Header "NOTES" +Some compiled versions of OpenSSL may not include all the ciphers +listed here because some ciphers were excluded at compile time. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Verbose listing of all OpenSSL ciphers including \s-1NULL\s0 ciphers: +.PP +.Vb 1 +\& openssl ciphers \-v \*(AqALL:eNULL\*(Aq +.Ve +.PP +Include all ciphers except \s-1NULL\s0 and anonymous \s-1DH\s0 then sort by +strength: +.PP +.Vb 1 +\& openssl ciphers \-v \*(AqALL:!ADH:@STRENGTH\*(Aq +.Ve +.PP +Include all ciphers except ones with no encryption (eNULL) or no +authentication (aNULL): +.PP +.Vb 1 +\& openssl ciphers \-v \*(AqALL:!aNULL\*(Aq +.Ve +.PP +Include only 3DES ciphers and then place \s-1RSA\s0 ciphers last: +.PP +.Vb 1 +\& openssl ciphers \-v \*(Aq3DES:+RSA\*(Aq +.Ve +.PP +Include all \s-1RC4\s0 ciphers but leave out those without authentication: +.PP +.Vb 1 +\& openssl ciphers \-v \*(AqRC4:!COMPLEMENTOFDEFAULT\*(Aq +.Ve +.PP +Include all ciphers with \s-1RSA\s0 authentication but leave out ciphers without +encryption. +.PP +.Vb 1 +\& openssl ciphers \-v \*(AqRSA:!COMPLEMENTOFALL\*(Aq +.Ve +.PP +Set security level to 2 and display all ciphers consistent with level 2: +.PP +.Vb 1 +\& openssl ciphers \-s \-v \*(AqALL:@SECLEVEL=2\*(Aq +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIopenssl\-s_client\fR\|(1), +\&\fIopenssl\-s_server\fR\|(1), +\&\fIssl\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \fB\-V\fR option was added in OpenSSL 1.0.0. +.PP +The \fB\-stdname\fR is only available if OpenSSL is built with tracing enabled +(\fBenable-ssl-trace\fR argument to Configure) before OpenSSL 1.1.1. +.PP +The \fB\-convert\fR option was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man1/openssl-cmds.1 b/linux_amd64/ssl/share/man/man1/openssl-cmds.1 new file mode 100755 index 0000000..55f3840 --- /dev/null +++ b/linux_amd64/ssl/share/man/man1/openssl-cmds.1 @@ -0,0 +1,266 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-CMDS 1" +.TH OPENSSL-CMDS 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +asn1parse, +ca, +ciphers, +cms, +crl, +crl2pkcs7, +dgst, +dhparam, +dsa, +dsaparam, +ec, +ecparam, +enc, +engine, +errstr, +gendsa, +genpkey, +genrsa, +info, +kdf, +mac, +nseq, +ocsp, +passwd, +pkcs12, +pkcs7, +pkcs8, +pkey, +pkeyparam, +pkeyutl, +prime, +rand, +rehash, +req, +rsa, +rsautl, +s_client, +s_server, +s_time, +sess_id, +smime, +speed, +spkac, +srp, +storeutl, +ts, +verify, +version, +x509 +\&\- OpenSSL application commands +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fIcmd\fR \fB\-help\fR | [\fI\-option\fR | \fI\-option\fR \fIarg\fR] ... [\fIarg\fR] ... +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Every \fIcmd\fR listed above is a (sub\-)command of the \fIopenssl\fR\|(1) application. +It has its own detailed manual page at \fBopenssl\-\f(BIcmd\fB\fR(1). For example, to +view the manual page for the \fBopenssl dgst\fR command, type \f(CW\*(C`man openssl\-dgst\*(C'\fR. +.SH "OPTIONS" +.IX Header "OPTIONS" +Among others, every subcommand has a help option. +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message for the subcommand. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIopenssl\-asn1parse\fR\|(1), +\&\fIopenssl\-ca\fR\|(1), +\&\fIopenssl\-ciphers\fR\|(1), +\&\fIopenssl\-cms\fR\|(1), +\&\fIopenssl\-crl\fR\|(1), +\&\fIopenssl\-crl2pkcs7\fR\|(1), +\&\fIopenssl\-dgst\fR\|(1), +\&\fIopenssl\-dhparam\fR\|(1), +\&\fIopenssl\-dsa\fR\|(1), +\&\fIopenssl\-dsaparam\fR\|(1), +\&\fIopenssl\-ec\fR\|(1), +\&\fIopenssl\-ecparam\fR\|(1), +\&\fIopenssl\-enc\fR\|(1), +\&\fIopenssl\-engine\fR\|(1), +\&\fIopenssl\-errstr\fR\|(1), +\&\fIopenssl\-gendsa\fR\|(1), +\&\fIopenssl\-genpkey\fR\|(1), +\&\fIopenssl\-genrsa\fR\|(1), +\&\fIopenssl\-info\fR\|(1), +\&\fIopenssl\-kdf\fR\|(1), +\&\fIopenssl\-mac\fR\|(1), +\&\fIopenssl\-nseq\fR\|(1), +\&\fIopenssl\-ocsp\fR\|(1), +\&\fIopenssl\-passwd\fR\|(1), +\&\fIopenssl\-pkcs12\fR\|(1), +\&\fIopenssl\-pkcs7\fR\|(1), +\&\fIopenssl\-pkcs8\fR\|(1), +\&\fIopenssl\-pkey\fR\|(1), +\&\fIopenssl\-pkeyparam\fR\|(1), +\&\fIopenssl\-pkeyutl\fR\|(1), +\&\fIopenssl\-prime\fR\|(1), +\&\fIopenssl\-rand\fR\|(1), +\&\fIopenssl\-rehash\fR\|(1), +\&\fIopenssl\-req\fR\|(1), +\&\fIopenssl\-rsa\fR\|(1), +\&\fIopenssl\-rsautl\fR\|(1), +\&\fIopenssl\-s_client\fR\|(1), +\&\fIopenssl\-s_server\fR\|(1), +\&\fIopenssl\-s_time\fR\|(1), +\&\fIopenssl\-sess_id\fR\|(1), +\&\fIopenssl\-smime\fR\|(1), +\&\fIopenssl\-speed\fR\|(1), +\&\fIopenssl\-spkac\fR\|(1), +\&\fIopenssl\-srp\fR\|(1), +\&\fIopenssl\-storeutl\fR\|(1), +\&\fIopenssl\-ts\fR\|(1), +\&\fIopenssl\-verify\fR\|(1), +\&\fIopenssl\-version\fR\|(1), +\&\fIopenssl\-x509\fR\|(1), +.SH "HISTORY" +.IX Header "HISTORY" +Initially, the manual page entry for the \f(CW\*(C`openssl \f(CIcmd\f(CW\*(C'\fR command used +to be available at \fIcmd\fR(1). Later, the alias \fBopenssl\-\f(BIcmd\fB\fR(1) was +introduced, which made it easier to group the openssl commands using +the \fIapropos\fR\|(1) command or the shell's tab completion. +.PP +In order to reduce cluttering of the global manual page namespace, +the manual page entries without the 'openssl\-' prefix have been +deprecated in OpenSSL 3.0 and will be removed in OpenSSL 4.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man1/openssl-cms.1 b/linux_amd64/ssl/share/man/man1/openssl-cms.1 new file mode 100755 index 0000000..4408e7d --- /dev/null +++ b/linux_amd64/ssl/share/man/man1/openssl-cms.1 @@ -0,0 +1,856 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-CMS 1" +.TH OPENSSL-CMS 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-cms \- CMS utility +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBcms\fR +[\fB\-help\fR] +[\fB\-encrypt\fR] +[\fB\-decrypt\fR] +[\fB\-debug_decrypt\fR] +[\fB\-sign\fR] +[\fB\-verify\fR] +[\fB\-verify_retcode\fR] +[\fB\-no_attr_verify\fR] +[\fB\-nosigs\fR] +[\fB\-no_content_verify\fR] +[\fB\-cmsout\fR] +[\fB\-resign\fR] +[\fB\-cades\fR] +[\fB\-data_create\fR] +[\fB\-data_out\fR] +[\fB\-digest_create\fR] +[\fB\-digest_verify\fR] +[\fB\-compress\fR] +[\fB\-uncompress\fR] +[\fB\-EncryptedData_decrypt\fR] +[\fB\-EncryptedData_encrypt\fR] +[\fB\-sign_receipt\fR] +[\fB\-verify_receipt\fR \fIreceipt\fR] +[\fB\-in\fR \fIfilename\fR] +[\fB\-out\fR \fIfilename\fR] +[\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1SMIME\s0\fR] +[\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1SMIME\s0\fR] +[\fB\-rctform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1SMIME\s0\fR] +[\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1ENGINE\s0\fR] +[\fB\-stream\fR] +[\fB\-indef\fR] +[\fB\-noindef\fR] +[\fB\-content\fR \fIfilename\fR] +[\fB\-text\fR] +[\fB\-noout\fR] +[\fB\-print\fR] +[\fB\-md\fR \fIdigest\fR] +[\fB\-\f(BIcipher\fB\fR] +[\fB\-nointern\fR] +[\fB\-noverify\fR] +[\fB\-nocerts\fR] +[\fB\-noattr\fR] +[\fB\-nosmimecap\fR] +[\fB\-binary\fR] +[\fB\-crlfeol\fR] +[\fB\-asciicrlf\fR] +[\fB\-nodetach\fR] +[\fB\-certfile\fR \fIfile\fR] +[\fB\-certsout\fR \fIfile\fR] +[\fB\-signer\fR \fIfile\fR] +[\fB\-recip\fR \fIfile\fR] +[\fB\-keyid\fR] +[\fB\-receipt_request_all\fR] +[\fB\-receipt_request_first\fR] +[\fB\-receipt_request_from\fR \fIemailaddress\fR] +[\fB\-receipt_request_to\fR \fIemailaddress\fR] +[\fB\-receipt_request_print\fR] +[\fB\-pwri_password\fR \fIpassword\fR] +[\fB\-secretkey\fR \fIkey\fR] +[\fB\-secretkeyid\fR \fIid\fR] +[\fB\-econtent_type\fR \fItype\fR] +[\fB\-inkey\fR \fIfile\fR] +[\fB\-keyopt\fR \fIname\fR:\fIparameter\fR] +[\fB\-passin\fR \fIarg\fR] +[\fB\-to\fR \fIaddr\fR] +[\fB\-from\fR \fIaddr\fR] +[\fB\-subject\fR \fIsubj\fR] +[\fB\-allow_proxy_certs\fR] +[\fB\-attime\fR \fItimestamp\fR] +[\fB\-no_check_time\fR] +[\fB\-check_ss_sig\fR] +[\fB\-crl_check\fR] +[\fB\-crl_check_all\fR] +[\fB\-explicit_policy\fR] +[\fB\-extended_crl\fR] +[\fB\-ignore_critical\fR] +[\fB\-inhibit_any\fR] +[\fB\-inhibit_map\fR] +[\fB\-partial_chain\fR] +[\fB\-policy\fR \fIarg\fR] +[\fB\-policy_check\fR] +[\fB\-policy_print\fR] +[\fB\-purpose\fR \fIpurpose\fR] +[\fB\-suiteB_128\fR] +[\fB\-suiteB_128_only\fR] +[\fB\-suiteB_192\fR] +[\fB\-trusted_first\fR] +[\fB\-no_alt_chains\fR] +[\fB\-use_deltas\fR] +[\fB\-auth_level\fR \fInum\fR] +[\fB\-verify_depth\fR \fInum\fR] +[\fB\-verify_email\fR \fIemail\fR] +[\fB\-verify_hostname\fR \fIhostname\fR] +[\fB\-verify_ip\fR \fIip\fR] +[\fB\-verify_name\fR \fIname\fR] +[\fB\-x509_strict\fR] +[\fB\-issuer_checks\fR] +.PP +[\fB\-CAfile\fR \fIfile\fR] +[\fB\-no\-CAfile\fR] +[\fB\-CApath\fR \fIdir\fR] +[\fB\-no\-CApath\fR] +[\fB\-CAstore\fR \fIuri\fR] +[\fB\-no\-CAstore\fR] +[\fB\-rand\fR \fIfiles\fR] +[\fB\-writerand\fR \fIfile\fR] +[\fB\-engine\fR \fIid\fR] +[\fIcert.pem\fR ...] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command handles S/MIME v3.1 mail. It can encrypt, decrypt, +sign and verify, compress and uncompress S/MIME messages. +.SH "OPTIONS" +.IX Header "OPTIONS" +There are fourteen operation options that set the type of operation to be +performed. The meaning of the other options varies according to the operation +type. +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-encrypt\fR" 4 +.IX Item "-encrypt" +Encrypt mail for the given recipient certificates. Input file is the message +to be encrypted. The output file is the encrypted mail in \s-1MIME\s0 format. The +actual \s-1CMS\s0 type is EnvelopedData. +.Sp +Note that no revocation check is done for the recipient cert, so if that +key has been compromised, others may be able to decrypt the text. +.IP "\fB\-decrypt\fR" 4 +.IX Item "-decrypt" +Decrypt mail using the supplied certificate and private key. Expects an +encrypted mail message in \s-1MIME\s0 format for the input file. The decrypted mail +is written to the output file. +.IP "\fB\-debug_decrypt\fR" 4 +.IX Item "-debug_decrypt" +This option sets the \fB\s-1CMS_DEBUG_DECRYPT\s0\fR flag. This option should be used +with caution: see the notes section below. +.IP "\fB\-sign\fR" 4 +.IX Item "-sign" +Sign mail using the supplied certificate and private key. Input file is +the message to be signed. The signed message in \s-1MIME\s0 format is written +to the output file. +.IP "\fB\-verify\fR" 4 +.IX Item "-verify" +Verify signed mail. Expects a signed mail message on input and outputs +the signed data. Both clear text and opaque signing is supported. +.IP "\fB\-verify_retcode\fR" 4 +.IX Item "-verify_retcode" +Exit nonzero on verification failure. +.IP "\fB\-no_attr_verify\fR" 4 +.IX Item "-no_attr_verify" +Do not verify signed attribute signatures. +.IP "\fB\-no_content_verify\fR" 4 +.IX Item "-no_content_verify" +Do not verify signed content signatures. +.IP "\fB\-nosigs\fR" 4 +.IX Item "-nosigs" +Don't verify message signature. +.IP "\fB\-cmsout\fR" 4 +.IX Item "-cmsout" +Takes an input message and writes out a \s-1PEM\s0 encoded \s-1CMS\s0 structure. +.IP "\fB\-resign\fR" 4 +.IX Item "-resign" +Resign a message: take an existing message and one or more new signers. +.IP "\fB\-cades\fR" 4 +.IX Item "-cades" +Add an \s-1ESS\s0 signing-certificate or \s-1ESS\s0 signing\-certificate\-v2 signed-attribute to the SignerInfo, in order to make +the signature comply with the requirements for a CAdES Basic Electronic Signature (CAdES-BES). See the \s-1NOTES\s0 +section for more details. +.IP "\fB\-data_create\fR" 4 +.IX Item "-data_create" +Create a \s-1CMS\s0 \fBData\fR type. +.IP "\fB\-data_out\fR" 4 +.IX Item "-data_out" +\&\fBData\fR type and output the content. +.IP "\fB\-digest_create\fR" 4 +.IX Item "-digest_create" +Create a \s-1CMS\s0 \fBDigestedData\fR type. +.IP "\fB\-digest_verify\fR" 4 +.IX Item "-digest_verify" +Verify a \s-1CMS\s0 \fBDigestedData\fR type and output the content. +.IP "\fB\-compress\fR" 4 +.IX Item "-compress" +Create a \s-1CMS\s0 \fBCompressedData\fR type. OpenSSL must be compiled with \fBzlib\fR +support for this option to work, otherwise it will output an error. +.IP "\fB\-uncompress\fR" 4 +.IX Item "-uncompress" +Uncompress a \s-1CMS\s0 \fBCompressedData\fR type and output the content. OpenSSL must be +compiled with \fBzlib\fR support for this option to work, otherwise it will +output an error. +.IP "\fB\-EncryptedData_decrypt\fR" 4 +.IX Item "-EncryptedData_decrypt" +Decrypt content using supplied symmetric key and algorithm using a \s-1CMS\s0 +\&\fBEncryptedData\fR type and output the content. +.IP "\fB\-EncryptedData_encrypt\fR" 4 +.IX Item "-EncryptedData_encrypt" +Encrypt content using supplied symmetric key and algorithm using a \s-1CMS\s0 +\&\fBEncryptedData\fR type and output the content. +.IP "\fB\-sign_receipt\fR" 4 +.IX Item "-sign_receipt" +Generate and output a signed receipt for the supplied message. The input +message \fBmust\fR contain a signed receipt request. Functionality is otherwise +similar to the \fB\-sign\fR operation. +.IP "\fB\-verify_receipt\fR \fIreceipt\fR" 4 +.IX Item "-verify_receipt receipt" +Verify a signed receipt in filename \fBreceipt\fR. The input message \fBmust\fR +contain the original receipt request. Functionality is otherwise similar +to the \fB\-verify\fR operation. +.IP "\fB\-in\fR \fIfilename\fR" 4 +.IX Item "-in filename" +The input message to be encrypted or signed or the message to be decrypted +or verified. +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +The message text that has been decrypted or verified or the output \s-1MIME\s0 +format message that has been signed or verified. +.IP "\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1SMIME\s0\fR" 4 +.IX Item "-inform DER|PEM|SMIME" +The input format of the \s-1CMS\s0 structure (if one is being read); +the default is \fB\s-1SMIME\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1SMIME\s0\fR" 4 +.IX Item "-outform DER|PEM|SMIME" +The output format of the \s-1CMS\s0 structure (if one is being written); +the default is \fB\s-1SMIME\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1ENGINE\s0\fR" 4 +.IX Item "-keyform DER|PEM|ENGINE" +The format of the private key file; the default is \fB\s-1PEM\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-rctform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1SMIME\s0\fR" 4 +.IX Item "-rctform DER|PEM|SMIME" +The signed receipt format for use with the \fB\-receipt_verify\fR; the default +is \fB\s-1SMIME\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-stream\fR, \fB\-indef\fR" 4 +.IX Item "-stream, -indef" +The \fB\-stream\fR and \fB\-indef\fR options are equivalent and enable streaming I/O +for encoding operations. This permits single pass processing of data without +the need to hold the entire contents in memory, potentially supporting very +large files. Streaming is automatically set for S/MIME signing with detached +data if the output format is \fB\s-1SMIME\s0\fR it is currently off by default for all +other operations. +.IP "\fB\-noindef\fR" 4 +.IX Item "-noindef" +Disable streaming I/O where it would produce and indefinite length constructed +encoding. This option currently has no effect. In future streaming will be +enabled by default on all relevant operations and this option will disable it. +.IP "\fB\-content\fR \fIfilename\fR" 4 +.IX Item "-content filename" +This specifies a file containing the detached content, this is only +useful with the \fB\-verify\fR command. This is only usable if the \s-1CMS\s0 +structure is using the detached signature form where the content is +not included. This option will override any content if the input format +is S/MIME and it uses the multipart/signed \s-1MIME\s0 content type. +.IP "\fB\-text\fR" 4 +.IX Item "-text" +This option adds plain text (text/plain) \s-1MIME\s0 headers to the supplied +message if encrypting or signing. If decrypting or verifying it strips +off text headers: if the decrypted or verified message is not of \s-1MIME\s0 +type text/plain then an error occurs. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +For the \fB\-cmsout\fR operation do not output the parsed \s-1CMS\s0 structure. This +is useful when combined with the \fB\-print\fR option or if the syntax of the \s-1CMS\s0 +structure is being checked. +.IP "\fB\-print\fR" 4 +.IX Item "-print" +For the \fB\-cmsout\fR operation print out all fields of the \s-1CMS\s0 structure. This +is mainly useful for testing purposes. +.IP "\fB\-md\fR \fIdigest\fR" 4 +.IX Item "-md digest" +Digest algorithm to use when signing or resigning. If not present then the +default digest algorithm for the signing key will be used (usually \s-1SHA1\s0). +.IP "\fB\-\f(BIcipher\fB\fR" 4 +.IX Item "-cipher" +The encryption algorithm to use. For example triple \s-1DES\s0 (168 bits) \- \fB\-des3\fR +or 256 bit \s-1AES\s0 \- \fB\-aes256\fR. Any standard algorithm name (as used by the +\&\fIEVP_get_cipherbyname()\fR function) can also be used preceded by a dash, for +example \fB\-aes\-128\-cbc\fR. See \fIopenssl\-enc\fR\|(1) for a list of ciphers +supported by your version of OpenSSL. +.Sp +If not specified triple \s-1DES\s0 is used. Only used with \fB\-encrypt\fR and +\&\fB\-EncryptedData_create\fR commands. +.IP "\fB\-nointern\fR" 4 +.IX Item "-nointern" +When verifying a message normally certificates (if any) included in +the message are searched for the signing certificate. With this option +only the certificates specified in the \fB\-certfile\fR option are used. +The supplied certificates can still be used as untrusted CAs however. +.IP "\fB\-noverify\fR" 4 +.IX Item "-noverify" +Do not verify the signers certificate of a signed message. +.IP "\fB\-nocerts\fR" 4 +.IX Item "-nocerts" +When signing a message the signer's certificate is normally included +with this option it is excluded. This will reduce the size of the +signed message but the verifier must have a copy of the signers certificate +available locally (passed using the \fB\-certfile\fR option for example). +.IP "\fB\-noattr\fR" 4 +.IX Item "-noattr" +Normally when a message is signed a set of attributes are included which +include the signing time and supported symmetric algorithms. With this +option they are not included. +.IP "\fB\-nosmimecap\fR" 4 +.IX Item "-nosmimecap" +Exclude the list of supported algorithms from signed attributes, other options +such as signing time and content type are still included. +.IP "\fB\-binary\fR" 4 +.IX Item "-binary" +Normally the input message is converted to \*(L"canonical\*(R" format which is +effectively using \s-1CR\s0 and \s-1LF\s0 as end of line: as required by the S/MIME +specification. When this option is present no translation occurs. This +is useful when handling binary data which may not be in \s-1MIME\s0 format. +.IP "\fB\-crlfeol\fR" 4 +.IX Item "-crlfeol" +Normally the output file uses a single \fB\s-1LF\s0\fR as end of line. When this +option is present \fB\s-1CRLF\s0\fR is used instead. +.IP "\fB\-asciicrlf\fR" 4 +.IX Item "-asciicrlf" +When signing use \s-1ASCII\s0 \s-1CRLF\s0 format canonicalisation. This strips trailing +whitespace from all lines, deletes trailing blank lines at \s-1EOF\s0 and sets +the encapsulated content type. This option is normally used with detached +content and an output signature format of \s-1DER\s0. This option is not normally +needed when verifying as it is enabled automatically if the encapsulated +content format is detected. +.IP "\fB\-nodetach\fR" 4 +.IX Item "-nodetach" +When signing a message use opaque signing: this form is more resistant +to translation by mail relays but it cannot be read by mail agents that +do not support S/MIME. Without this option cleartext signing with +the \s-1MIME\s0 type multipart/signed is used. +.IP "\fB\-certfile\fR \fIfile\fR" 4 +.IX Item "-certfile file" +Allows additional certificates to be specified. When signing these will +be included with the message. When verifying these will be searched for +the signers certificates. The certificates should be in \s-1PEM\s0 format. +.IP "\fB\-certsout\fR \fIfile\fR" 4 +.IX Item "-certsout file" +Any certificates contained in the message are written to \fIfile\fR. +.IP "\fB\-signer\fR \fIfile\fR" 4 +.IX Item "-signer file" +A signing certificate when signing or resigning a message, this option can be +used multiple times if more than one signer is required. If a message is being +verified then the signers certificates will be written to this file if the +verification was successful. +.IP "\fB\-recip\fR \fIfile\fR" 4 +.IX Item "-recip file" +When decrypting a message this specifies the recipients certificate. The +certificate must match one of the recipients of the message or an error +occurs. +.Sp +When encrypting a message this option may be used multiple times to specify +each recipient. This form \fBmust\fR be used if customised parameters are +required (for example to specify RSA-OAEP). +.Sp +Only certificates carrying \s-1RSA\s0, Diffie-Hellman or \s-1EC\s0 keys are supported by this +option. +.IP "\fB\-keyid\fR" 4 +.IX Item "-keyid" +Use subject key identifier to identify certificates instead of issuer name and +serial number. The supplied certificate \fBmust\fR include a subject key +identifier extension. Supported by \fB\-sign\fR and \fB\-encrypt\fR options. +.IP "\fB\-receipt_request_all\fR, \fB\-receipt_request_first\fR" 4 +.IX Item "-receipt_request_all, -receipt_request_first" +For \fB\-sign\fR option include a signed receipt request. Indicate requests should +be provided by all recipient or first tier recipients (those mailed directly +and not from a mailing list). Ignored it \fB\-receipt_request_from\fR is included. +.IP "\fB\-receipt_request_from\fR \fIemailaddress\fR" 4 +.IX Item "-receipt_request_from emailaddress" +For \fB\-sign\fR option include a signed receipt request. Add an explicit email +address where receipts should be supplied. +.IP "\fB\-receipt_request_to\fR \fIemailaddress\fR" 4 +.IX Item "-receipt_request_to emailaddress" +Add an explicit email address where signed receipts should be sent to. This +option \fBmust\fR but supplied if a signed receipt it requested. +.IP "\fB\-receipt_request_print\fR" 4 +.IX Item "-receipt_request_print" +For the \fB\-verify\fR operation print out the contents of any signed receipt +requests. +.IP "\fB\-pwri_password\fR \fIpassword\fR" 4 +.IX Item "-pwri_password password" +Specify password for recipient. +.IP "\fB\-secretkey\fR \fIkey\fR" 4 +.IX Item "-secretkey key" +Specify symmetric key to use. The key must be supplied in hex format and be +consistent with the algorithm used. Supported by the \fB\-EncryptedData_encrypt\fR +\&\fB\-EncryptedData_decrypt\fR, \fB\-encrypt\fR and \fB\-decrypt\fR options. When used +with \fB\-encrypt\fR or \fB\-decrypt\fR the supplied key is used to wrap or unwrap the +content encryption key using an \s-1AES\s0 key in the \fBKEKRecipientInfo\fR type. +.IP "\fB\-secretkeyid\fR \fIid\fR" 4 +.IX Item "-secretkeyid id" +The key identifier for the supplied symmetric key for \fBKEKRecipientInfo\fR type. +This option \fBmust\fR be present if the \fB\-secretkey\fR option is used with +\&\fB\-encrypt\fR. With \fB\-decrypt\fR operations the \fIid\fR is used to locate the +relevant key if it is not supplied then an attempt is used to decrypt any +\&\fBKEKRecipientInfo\fR structures. +.IP "\fB\-econtent_type\fR \fItype\fR" 4 +.IX Item "-econtent_type type" +Set the encapsulated content type to \fItype\fR if not supplied the \fBData\fR type +is used. The \fItype\fR argument can be any valid \s-1OID\s0 name in either text or +numerical format. +.IP "\fB\-inkey\fR \fIfile\fR" 4 +.IX Item "-inkey file" +The private key to use when signing or decrypting. This must match the +corresponding certificate. If this option is not specified then the +private key must be included in the certificate file specified with +the \fB\-recip\fR or \fB\-signer\fR file. When signing this option can be used +multiple times to specify successive keys. +.IP "\fB\-keyopt\fR \fIname\fR:\fIparameter\fR" 4 +.IX Item "-keyopt name:parameter" +For signing and encryption this option can be used multiple times to +set customised parameters for the preceding key or certificate. It can +currently be used to set RSA-PSS for signing, RSA-OAEP for encryption +or to modify default parameters for \s-1ECDH\s0. +.IP "\fB\-passin\fR \fIarg\fR" 4 +.IX Item "-passin arg" +The private key password source. For more information about the format of \fBarg\fR +see \*(L"Pass Phrase Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-to\fR, \fB\-from\fR, \fB\-subject\fR" 4 +.IX Item "-to, -from, -subject" +The relevant mail headers. These are included outside the signed +portion of a message so they may be included manually. If signing +then many S/MIME mail clients check the signers certificate's email +address matches that specified in the From: address. +.IP "\fB\-allow_proxy_certs\fR, \fB\-attime\fR, \fB\-no_check_time\fR, \fB\-check_ss_sig\fR, \fB\-crl_check\fR, \fB\-crl_check_all\fR, \fB\-explicit_policy\fR, \fB\-extended_crl\fR, \fB\-ignore_critical\fR, \fB\-inhibit_any\fR, \fB\-inhibit_map\fR, \fB\-no_alt_chains\fR, \fB\-partial_chain\fR, \fB\-policy\fR, \fB\-policy_check\fR, \fB\-policy_print\fR, \fB\-purpose\fR, \fB\-suiteB_128\fR, \fB\-suiteB_128_only\fR, \fB\-suiteB_192\fR, \fB\-trusted_first\fR, \fB\-use_deltas\fR, \fB\-auth_level\fR, \fB\-verify_depth\fR, \fB\-verify_email\fR, \fB\-verify_hostname\fR, \fB\-verify_ip\fR, \fB\-verify_name\fR, \fB\-x509_strict\fR \fB\-issuer_checks\fR" 4 +.IX Item "-allow_proxy_certs, -attime, -no_check_time, -check_ss_sig, -crl_check, -crl_check_all, -explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, -inhibit_map, -no_alt_chains, -partial_chain, -policy, -policy_check, -policy_print, -purpose, -suiteB_128, -suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, -auth_level, -verify_depth, -verify_email, -verify_hostname, -verify_ip, -verify_name, -x509_strict -issuer_checks" +Set various options of certificate chain verification. +See \*(L"Verification Options\*(R" in \fIopenssl\fR\|(1) for details. +.Sp +Any verification errors cause the command to exit. +.IP "\fB\-CAfile\fR \fIfile\fR, \fB\-no\-CAfile\fR, \fB\-CApath\fR \fIdir\fR, \fB\-no\-CApath\fR, \fB\-CAstore\fR \fIuri\fR, \fB\-no\-CAstore\fR" 4 +.IX Item "-CAfile file, -no-CAfile, -CApath dir, -no-CApath, -CAstore uri, -no-CAstore" +See \*(L"Trusted Certificate Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 +.IX Item "-rand files, -writerand file" +See \*(L"Random State Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +See \*(L"Engine Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fIcert.pem\fR ..." 4 +.IX Item "cert.pem ..." +One or more certificates of message recipients: used when encrypting +a message. +.SH "NOTES" +.IX Header "NOTES" +The \s-1MIME\s0 message must be sent without any blank lines between the +headers and the output. Some mail programs will automatically add +a blank line. Piping the mail directly to sendmail is one way to +achieve the correct format. +.PP +The supplied message to be signed or encrypted must include the +necessary \s-1MIME\s0 headers or many S/MIME clients won't display it +properly (if at all). You can use the \fB\-text\fR option to automatically +add plain text headers. +.PP +A \*(L"signed and encrypted\*(R" message is one where a signed message is +then encrypted. This can be produced by encrypting an already signed +message: see the examples section. +.PP +This version of the program only allows one signer per message but it +will verify multiple signers on received messages. Some S/MIME clients +choke if a message contains multiple signers. It is possible to sign +messages \*(L"in parallel\*(R" by signing an already signed message. +.PP +The options \fB\-encrypt\fR and \fB\-decrypt\fR reflect common usage in S/MIME +clients. Strictly speaking these process \s-1CMS\s0 enveloped data: \s-1CMS\s0 +encrypted data is used for other purposes. +.PP +The \fB\-resign\fR option uses an existing message digest when adding a new +signer. This means that attributes must be present in at least one existing +signer using the same message digest or this operation will fail. +.PP +The \fB\-stream\fR and \fB\-indef\fR options enable streaming I/O support. +As a result the encoding is \s-1BER\s0 using indefinite length constructed encoding +and no longer \s-1DER\s0. Streaming is supported for the \fB\-encrypt\fR operation and the +\&\fB\-sign\fR operation if the content is not detached. +.PP +Streaming is always used for the \fB\-sign\fR operation with detached data but +since the content is no longer part of the \s-1CMS\s0 structure the encoding +remains \s-1DER\s0. +.PP +If the \fB\-decrypt\fR option is used without a recipient certificate then an +attempt is made to locate the recipient by trying each potential recipient +in turn using the supplied private key. To thwart the \s-1MMA\s0 attack +(Bleichenbacher's attack on \s-1PKCS\s0 #1 v1.5 \s-1RSA\s0 padding) all recipients are +tried whether they succeed or not and if no recipients match the message +is \*(L"decrypted\*(R" using a random key which will typically output garbage. +The \fB\-debug_decrypt\fR option can be used to disable the \s-1MMA\s0 attack protection +and return an error if no recipient can be found: this option should be used +with caution. For a fuller description see \fICMS_decrypt\fR\|(3)). +.SH "CADES BASIC ELECTRONIC SIGNATURE (CADES-BES)" +.IX Header "CADES BASIC ELECTRONIC SIGNATURE (CADES-BES)" +A CAdES Basic Electronic Signature (CAdES-BES), as defined in the European Standard \s-1ETSI\s0 \s-1EN\s0 319 122\-1 V1.1.1, contains: +.IP "\(bu" 4 +The signed user data as defined in \s-1CMS\s0 (\s-1RFC\s0 3852); +.IP "\(bu" 4 +Content-type of the EncapsulatedContentInfo value being signed; +.IP "\(bu" 4 +Message-digest of the eContent \s-1OCTET\s0 \s-1STRING\s0 within encapContentInfo being signed; +.IP "\(bu" 4 +An \s-1ESS\s0 signing-certificate or \s-1ESS\s0 signing\-certificate\-v2 attribute, as defined in Enhanced Security Services (\s-1ESS\s0), \s-1RFC\s0 2634 and \s-1RFC\s0 5035. +An \s-1ESS\s0 signing-certificate attribute only allows for the use of \s-1SHA\-1\s0 as a digest algorithm. +An \s-1ESS\s0 signing\-certificate\-v2 attribute allows for the use of any digest algorithm. +.IP "\(bu" 4 +The digital signature value computed on the user data and, when present, on the signed attributes. +.Sp +Note that currently the \fB\-cades\fR option applies only to the \fB\-sign\fR operation and is ignored during +the \fB\-verify\fR operation, i.e. the signing certification is not checked during the verification process. +This feature might be added in a future version. +.SH "EXIT CODES" +.IX Header "EXIT CODES" +.IP "0" 4 +The operation was completely successfully. +.IP "1" 4 +.IX Item "1" +An error occurred parsing the command options. +.IP "2" 4 +.IX Item "2" +One of the input files could not be read. +.IP "3" 4 +.IX Item "3" +An error occurred creating the \s-1CMS\s0 file or when reading the \s-1MIME\s0 +message. +.IP "4" 4 +.IX Item "4" +An error occurred decrypting or verifying the message. +.IP "5" 4 +.IX Item "5" +The message was verified correctly but an error occurred writing out +the signers certificates. +.SH "COMPATIBILITY WITH PKCS#7 FORMAT" +.IX Header "COMPATIBILITY WITH PKCS#7 FORMAT" +\&\fIopenssl\-smime\fR\|(1) can only process the older \fBPKCS#7\fR format. +\&\fBopenssl cms\fR supports Cryptographic Message Syntax format. +Use of some features will result in messages which cannot be processed by +applications which only support the older format. These are detailed below. +.PP +The use of the \fB\-keyid\fR option with \fB\-sign\fR or \fB\-encrypt\fR. +.PP +The \fB\-outform\fR \fI\s-1PEM\s0\fR option uses different headers. +.PP +The \fB\-compress\fR option. +.PP +The \fB\-secretkey\fR option when used with \fB\-encrypt\fR. +.PP +The use of \s-1PSS\s0 with \fB\-sign\fR. +.PP +The use of \s-1OAEP\s0 or non-RSA keys with \fB\-encrypt\fR. +.PP +Additionally the \fB\-EncryptedData_create\fR and \fB\-data_create\fR type cannot +be processed by the older \fIopenssl\-smime\fR\|(1) command. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Create a cleartext signed message: +.PP +.Vb 2 +\& openssl cms \-sign \-in message.txt \-text \-out mail.msg \e +\& \-signer mycert.pem +.Ve +.PP +Create an opaque signed message +.PP +.Vb 2 +\& openssl cms \-sign \-in message.txt \-text \-out mail.msg \-nodetach \e +\& \-signer mycert.pem +.Ve +.PP +Create a signed message, include some additional certificates and +read the private key from another file: +.PP +.Vb 2 +\& openssl cms \-sign \-in in.txt \-text \-out mail.msg \e +\& \-signer mycert.pem \-inkey mykey.pem \-certfile mycerts.pem +.Ve +.PP +Create a signed message with two signers, use key identifier: +.PP +.Vb 2 +\& openssl cms \-sign \-in message.txt \-text \-out mail.msg \e +\& \-signer mycert.pem \-signer othercert.pem \-keyid +.Ve +.PP +Send a signed message under Unix directly to sendmail, including headers: +.PP +.Vb 3 +\& openssl cms \-sign \-in in.txt \-text \-signer mycert.pem \e +\& \-from steve@openssl.org \-to someone@somewhere \e +\& \-subject "Signed message" | sendmail someone@somewhere +.Ve +.PP +Verify a message and extract the signer's certificate if successful: +.PP +.Vb 1 +\& openssl cms \-verify \-in mail.msg \-signer user.pem \-out signedtext.txt +.Ve +.PP +Send encrypted mail using triple \s-1DES:\s0 +.PP +.Vb 3 +\& openssl cms \-encrypt \-in in.txt \-from steve@openssl.org \e +\& \-to someone@somewhere \-subject "Encrypted message" \e +\& \-des3 user.pem \-out mail.msg +.Ve +.PP +Sign and encrypt mail: +.PP +.Vb 4 +\& openssl cms \-sign \-in ml.txt \-signer my.pem \-text \e +\& | openssl cms \-encrypt \-out mail.msg \e +\& \-from steve@openssl.org \-to someone@somewhere \e +\& \-subject "Signed and Encrypted message" \-des3 user.pem +.Ve +.PP +Note: the encryption command does not include the \fB\-text\fR option because the +message being encrypted already has \s-1MIME\s0 headers. +.PP +Decrypt mail: +.PP +.Vb 1 +\& openssl cms \-decrypt \-in mail.msg \-recip mycert.pem \-inkey key.pem +.Ve +.PP +The output from Netscape form signing is a PKCS#7 structure with the +detached signature format. You can use this program to verify the +signature by line wrapping the base64 encoded structure and surrounding +it with: +.PP +.Vb 2 +\& \-\-\-\-\-BEGIN PKCS7\-\-\-\-\- +\& \-\-\-\-\-END PKCS7\-\-\-\-\- +.Ve +.PP +and using the command, +.PP +.Vb 1 +\& openssl cms \-verify \-inform PEM \-in signature.pem \-content content.txt +.Ve +.PP +alternatively you can base64 decode the signature and use +.PP +.Vb 1 +\& openssl cms \-verify \-inform DER \-in signature.der \-content content.txt +.Ve +.PP +Create an encrypted message using 128 bit Camellia: +.PP +.Vb 1 +\& openssl cms \-encrypt \-in plain.txt \-camellia128 \-out mail.msg cert.pem +.Ve +.PP +Add a signer to an existing message: +.PP +.Vb 1 +\& openssl cms \-resign \-in mail.msg \-signer newsign.pem \-out mail2.msg +.Ve +.PP +Sign mail using RSA-PSS: +.PP +.Vb 2 +\& openssl cms \-sign \-in message.txt \-text \-out mail.msg \e +\& \-signer mycert.pem \-keyopt rsa_padding_mode:pss +.Ve +.PP +Create encrypted mail using RSA-OAEP: +.PP +.Vb 2 +\& openssl cms \-encrypt \-in plain.txt \-out mail.msg \e +\& \-recip cert.pem \-keyopt rsa_padding_mode:oaep +.Ve +.PP +Use \s-1SHA256\s0 \s-1KDF\s0 with an \s-1ECDH\s0 certificate: +.PP +.Vb 2 +\& openssl cms \-encrypt \-in plain.txt \-out mail.msg \e +\& \-recip ecdhcert.pem \-keyopt ecdh_kdf_md:sha256 +.Ve +.SH "BUGS" +.IX Header "BUGS" +The \s-1MIME\s0 parser isn't very clever: it seems to handle most messages that I've +thrown at it but it may choke on others. +.PP +The code currently will only write out the signer's certificate to a file: if +the signer has a separate encryption certificate this must be manually +extracted. There should be some heuristic that determines the correct +encryption certificate. +.PP +Ideally a database should be maintained of a certificates for each email +address. +.PP +The code doesn't currently take note of the permitted symmetric encryption +algorithms as supplied in the SMIMECapabilities signed attribute. this means the +user has to manually include the correct encryption algorithm. It should store +the list of permitted ciphers in a database and only use those. +.PP +No revocation checking is done on the signer's certificate. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIossl_store\-file\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The use of multiple \fB\-signer\fR options and the \fB\-resign\fR command were first +added in OpenSSL 1.0.0. +.PP +The \fB\-keyopt\fR option was added in OpenSSL 1.0.2. +.PP +Support for RSA-OAEP and RSA-PSS was added in OpenSSL 1.0.2. +.PP +The use of non-RSA keys with \fB\-encrypt\fR and \fB\-decrypt\fR +was added in OpenSSL 1.0.2. +.PP +The \-no_alt_chains option was added in OpenSSL 1.0.2b. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man1/openssl-crl.1 b/linux_amd64/ssl/share/man/man1/openssl-crl.1 new file mode 100755 index 0000000..cfe34c1 --- /dev/null +++ b/linux_amd64/ssl/share/man/man1/openssl-crl.1 @@ -0,0 +1,267 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-CRL 1" +.TH OPENSSL-CRL 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-crl \- CRL utility +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBcrl\fR +[\fB\-help\fR] +[\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-key\fR \fIfilename\fR] +[\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1ENGINE\s0\fR] +[\fB\-text\fR] +[\fB\-in\fR \fIfilename\fR] +[\fB\-out\fR \fIfilename\fR] +[\fB\-gendelta\fR \fIfilename\fR] +[\fB\-badsig\fR] +[\fB\-verify\fR] +[\fB\-noout\fR] +[\fB\-hash\fR] +[\fB\-hash_old\fR] +[\fB\-fingerprint\fR] +[\fB\-crlnumber\fR] +[\fB\-issuer\fR] +[\fB\-lastupdate\fR] +[\fB\-nextupdate\fR] +[\fB\-nameopt\fR \fIoption\fR] +[\fB\-CAfile\fR \fIfile\fR] +[\fB\-no\-CAfile\fR] +[\fB\-CApath\fR \fIdir\fR] +[\fB\-no\-CApath\fR] +[\fB\-CAstore\fR \fIuri\fR] +[\fB\-no\-CAstore\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command processes \s-1CRL\s0 files in \s-1DER\s0 or \s-1PEM\s0 format. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR, \fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IX Item "-inform DER|PEM, -outform DER|PEM" +The input and output formats of the \s-1CRL\s0; the default is \fB\s-1PEM\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-key\fR \fIfilename\fR" 4 +.IX Item "-key filename" +The private key to be used to sign the \s-1CRL\s0. +.IP "\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1ENGINE\s0\fR" 4 +.IX Item "-keyform DER|PEM|ENGINE" +The format of the private key file; the default is \fB\s-1PEM\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-in\fR \fIfilename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read from or standard input if this +option is not specified. +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +Specifies the output filename to write to or standard output by +default. +.IP "\fB\-gendelta\fR \fIfilename\fR" 4 +.IX Item "-gendelta filename" +Output a comparison of the main \s-1CRL\s0 and the one specified here. +.IP "\fB\-badsig\fR" 4 +.IX Item "-badsig" +Corrupt the signature before writing it; this can be useful +for testing. +.IP "\fB\-text\fR" 4 +.IX Item "-text" +Print out the \s-1CRL\s0 in text form. +.IP "\fB\-verify\fR" 4 +.IX Item "-verify" +Verify the signature in the \s-1CRL\s0. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +Don't output the encoded version of the \s-1CRL\s0. +.IP "\fB\-fingerprint\fR" 4 +.IX Item "-fingerprint" +Output the fingerprint of the \s-1CRL\s0. +.IP "\fB\-crlnumber\fR" 4 +.IX Item "-crlnumber" +Output the number of the \s-1CRL\s0. +.IP "\fB\-hash\fR" 4 +.IX Item "-hash" +Output a hash of the issuer name. This can be use to lookup CRLs in +a directory by issuer name. +.IP "\fB\-hash_old\fR" 4 +.IX Item "-hash_old" +Outputs the \*(L"hash\*(R" of the \s-1CRL\s0 issuer name using the older algorithm +as used by OpenSSL before version 1.0.0. +.IP "\fB\-issuer\fR" 4 +.IX Item "-issuer" +Output the issuer name. +.IP "\fB\-lastupdate\fR" 4 +.IX Item "-lastupdate" +Output the lastUpdate field. +.IP "\fB\-nextupdate\fR" 4 +.IX Item "-nextupdate" +Output the nextUpdate field. +.IP "\fB\-nameopt\fR \fIoption\fR" 4 +.IX Item "-nameopt option" +This specifies how the subject or issuer names are displayed. +See \*(L"Name Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-CAfile\fR \fIfile\fR, \fB\-no\-CAfile\fR, \fB\-CApath\fR \fIdir\fR, \fB\-no\-CApath\fR, \fB\-CAstore\fR \fIuri\fR, \fB\-no\-CAstore\fR" 4 +.IX Item "-CAfile file, -no-CAfile, -CApath dir, -no-CApath, -CAstore uri, -no-CAstore" +See \*(L"Trusted Certificate Options\*(R" in \fIopenssl\fR\|(1) for details. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Convert a \s-1CRL\s0 file from \s-1PEM\s0 to \s-1DER:\s0 +.PP +.Vb 1 +\& openssl crl \-in crl.pem \-outform DER \-out crl.der +.Ve +.PP +Output the text form of a \s-1DER\s0 encoded certificate: +.PP +.Vb 1 +\& openssl crl \-in crl.der \-inform DER \-text \-noout +.Ve +.SH "BUGS" +.IX Header "BUGS" +Ideally it should be possible to create a \s-1CRL\s0 using appropriate options +and files too. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIopenssl\-crl2pkcs7\fR\|(1), +\&\fIopenssl\-ca\fR\|(1), +\&\fIopenssl\-x509\fR\|(1), +\&\fIossl_store\-file\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man1/openssl-crl2pkcs7.1 b/linux_amd64/ssl/share/man/man1/openssl-crl2pkcs7.1 new file mode 100755 index 0000000..0e609cb --- /dev/null +++ b/linux_amd64/ssl/share/man/man1/openssl-crl2pkcs7.1 @@ -0,0 +1,217 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-CRL2PKCS7 1" +.TH OPENSSL-CRL2PKCS7 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-crl2pkcs7 \- Create a PKCS#7 structure from a CRL and certificates +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBcrl2pkcs7\fR +[\fB\-help\fR] +[\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-in\fR \fIfilename\fR] +[\fB\-out\fR \fIfilename\fR] +[\fB\-certfile\fR \fIfilename\fR] +[\fB\-nocrl\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command takes an optional \s-1CRL\s0 and one or more +certificates and converts them into a PKCS#7 degenerate \*(L"certificates +only\*(R" structure. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IX Item "-inform DER|PEM" +The input format of the \s-1CRL\s0; the default is \fB\s-1PEM\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IX Item "-outform DER|PEM" +The output format of the PKCS#7 object; the default is \fB\s-1PEM\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-in\fR \fIfilename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read a \s-1CRL\s0 from or standard input if this +option is not specified. +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +Specifies the output filename to write the PKCS#7 structure to or standard +output by default. +.IP "\fB\-certfile\fR \fIfilename\fR" 4 +.IX Item "-certfile filename" +Specifies a filename containing one or more certificates in \fB\s-1PEM\s0\fR format. +All certificates in the file will be added to the PKCS#7 structure. This +option can be used more than once to read certificates form multiple +files. +.IP "\fB\-nocrl\fR" 4 +.IX Item "-nocrl" +Normally a \s-1CRL\s0 is included in the output file. With this option no \s-1CRL\s0 is +included in the output file and a \s-1CRL\s0 is not read from the input file. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Create a PKCS#7 structure from a certificate and \s-1CRL:\s0 +.PP +.Vb 1 +\& openssl crl2pkcs7 \-in crl.pem \-certfile cert.pem \-out p7.pem +.Ve +.PP +Creates a PKCS#7 structure in \s-1DER\s0 format with no \s-1CRL\s0 from several +different certificates: +.PP +.Vb 2 +\& openssl crl2pkcs7 \-nocrl \-certfile newcert.pem +\& \-certfile demoCA/cacert.pem \-outform DER \-out p7.der +.Ve +.SH "NOTES" +.IX Header "NOTES" +The output file is a PKCS#7 signed data structure containing no signers and +just certificates and an optional \s-1CRL\s0. +.PP +This command can be used to send certificates and CAs to Netscape as part of +the certificate enrollment process. This involves sending the \s-1DER\s0 encoded output +as \s-1MIME\s0 type application/x\-x509\-user\-cert. +.PP +The \fB\s-1PEM\s0\fR encoded form with the header and footer lines removed can be used to +install user certificates and CAs in \s-1MSIE\s0 using the Xenroll control. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIopenssl\-pkcs7\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man1/openssl-dgst.1 b/linux_amd64/ssl/share/man/man1/openssl-dgst.1 new file mode 100755 index 0000000..e3d4525 --- /dev/null +++ b/linux_amd64/ssl/share/man/man1/openssl-dgst.1 @@ -0,0 +1,345 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-DGST 1" +.TH OPENSSL-DGST 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-dgst \- perform digest operations +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBdgst\fR|\fIdigest\fR +[\fB\-\f(BIdigest\fB\fR] +[\fB\-help\fR] +[\fB\-c\fR] +[\fB\-d\fR] +[\fB\-debug\fR] +[\fB\-list\fR] +[\fB\-hex\fR] +[\fB\-binary\fR] +[\fB\-r\fR] +[\fB\-out\fR \fIfilename\fR] +[\fB\-sign\fR \fIfilename\fR] +[\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fBP12\fR|\fB\s-1ENGINE\s0\fR] +[\fB\-passin\fR \fIarg\fR] +[\fB\-verify\fR \fIfilename\fR] +[\fB\-prverify\fR \fIfilename\fR] +[\fB\-signature\fR \fIfilename\fR] +[\fB\-sigopt\fR \fInm\fR:\fIv\fR] +[\fB\-hmac\fR \fIkey\fR] +[\fB\-mac\fR \fIalg\fR] +[\fB\-macopt\fR \fInm\fR:\fIv\fR] +[\fB\-fips\-fingerprint\fR] +[\fB\-engine\fR \fIid\fR] +[\fB\-engine_impl\fR \fIid\fR] +[\fB\-rand\fR \fIfiles\fR] +[\fB\-writerand\fR \fIfile\fR] +[\fIfile\fR ...] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command output the message digest of a supplied file or files +in hexadecimal, and also generates and verifies digital +signatures using message digests. +.PP +The generic name, \fBopenssl dgst\fR, may be used with an option specifying the +algorithm to be used. +The default digest is \fBsha256\fR. +A supported \fIdigest\fR name may also be used as the sub-command name. +To see the list of supported algorithms, use \f(CW\*(C`openssl list \-digest\-commands\*(C'\fR +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-\f(BIdigest\fB\fR" 4 +.IX Item "-digest" +Specifies name of a supported digest to be used. To see the list of +supported digests, use the command \f(CW\*(C`list \-\-digest\-commands\*(C'\fR. +.IP "\fB\-c\fR" 4 +.IX Item "-c" +Print out the digest in two digit groups separated by colons, only relevant if +the \fB\-hex\fR option is given as well. +.IP "\fB\-d\fR, \fB\-debug\fR" 4 +.IX Item "-d, -debug" +Print out \s-1BIO\s0 debugging information. +.IP "\fB\-list\fR" 4 +.IX Item "-list" +Prints out a list of supported message digests. +.IP "\fB\-hex\fR" 4 +.IX Item "-hex" +Digest is to be output as a hex dump. This is the default case for a \*(L"normal\*(R" +digest as opposed to a digital signature. See \s-1NOTES\s0 below for digital +signatures using \fB\-hex\fR. +.IP "\fB\-binary\fR" 4 +.IX Item "-binary" +Output the digest or signature in binary form. +.IP "\fB\-r\fR" 4 +.IX Item "-r" +Output the digest in the \*(L"coreutils\*(R" format, including newlines. +Used by programs like \fIsha1sum\fR\|(1). +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +Filename to output to, or standard output by default. +.IP "\fB\-sign\fR \fIfilename\fR" 4 +.IX Item "-sign filename" +Digitally sign the digest using the private key in \*(L"filename\*(R". Note this option +does not support Ed25519 or Ed448 private keys. Use the \fIopenssl\-pkeyutl\fR\|(1) +command instead for this. +.IP "\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fBP12\fR|\fB\s-1ENGINE\s0\fR" 4 +.IX Item "-keyform DER|PEM|P12|ENGINE" +The format of the key to sign with; the default is \fB\s-1PEM\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-sigopt\fR \fInm\fR:\fIv\fR" 4 +.IX Item "-sigopt nm:v" +Pass options to the signature algorithm during sign or verify operations. +Names and values of these options are algorithm-specific. +.IP "\fB\-passin\fR \fIarg\fR" 4 +.IX Item "-passin arg" +The private key password source. For more information about the format of \fIarg\fR +see \*(L"Pass Phrase Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-verify\fR \fIfilename\fR" 4 +.IX Item "-verify filename" +Verify the signature using the public key in \*(L"filename\*(R". +The output is either \*(L"Verification \s-1OK\s0\*(R" or \*(L"Verification Failure\*(R". +.IP "\fB\-prverify\fR \fIfilename\fR" 4 +.IX Item "-prverify filename" +Verify the signature using the private key in \*(L"filename\*(R". +.IP "\fB\-signature\fR \fIfilename\fR" 4 +.IX Item "-signature filename" +The actual signature to verify. +.IP "\fB\-hmac\fR \fIkey\fR" 4 +.IX Item "-hmac key" +Create a hashed \s-1MAC\s0 using \*(L"key\*(R". +.Sp +The \fIopenssl\-mac\fR\|(1) command should be preferred to using this command line +option. +.IP "\fB\-mac\fR \fIalg\fR" 4 +.IX Item "-mac alg" +Create \s-1MAC\s0 (keyed Message Authentication Code). The most popular \s-1MAC\s0 +algorithm is \s-1HMAC\s0 (hash-based \s-1MAC\s0), but there are other \s-1MAC\s0 algorithms +which are not based on hash, for instance \fBgost-mac\fR algorithm, +supported by the \fBgost\fR engine. \s-1MAC\s0 keys and other options should be set +via \fB\-macopt\fR parameter. +.Sp +The \fIopenssl\-mac\fR\|(1) command should be preferred to using this command line +option. +.IP "\fB\-macopt\fR \fInm\fR:\fIv\fR" 4 +.IX Item "-macopt nm:v" +Passes options to \s-1MAC\s0 algorithm, specified by \fB\-mac\fR key. +Following options are supported by both by \fB\s-1HMAC\s0\fR and \fBgost-mac\fR: +.RS 4 +.IP "\fBkey\fR:\fIstring\fR" 4 +.IX Item "key:string" +Specifies \s-1MAC\s0 key as alphanumeric string (use if key contain printable +characters only). String length must conform to any restrictions of +the \s-1MAC\s0 algorithm for example exactly 32 chars for gost-mac. +.IP "\fBhexkey\fR:\fIstring\fR" 4 +.IX Item "hexkey:string" +Specifies \s-1MAC\s0 key in hexadecimal form (two hex digits per byte). +Key length must conform to any restrictions of the \s-1MAC\s0 algorithm +for example exactly 32 chars for gost-mac. +.RE +.RS 4 +.Sp +The \fIopenssl\-mac\fR\|(1) command should be preferred to using this command line +option. +.RE +.IP "\fB\-fips\-fingerprint\fR" 4 +.IX Item "-fips-fingerprint" +Compute \s-1HMAC\s0 using a specific key for certain OpenSSL-FIPS operations. +.IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 +.IX Item "-rand files, -writerand file" +See \*(L"Random State Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +See \*(L"Engine Options\*(R" in \fIopenssl\fR\|(1). +The engine is not used for digests unless the \fB\-engine_impl\fR option is +used or it is configured to do so, see \*(L"Engine Configuration Module\*(R" in \fIconfig\fR\|(5). +.IP "\fB\-engine_impl\fR \fIid\fR" 4 +.IX Item "-engine_impl id" +When used with the \fB\-engine\fR option, it specifies to also use +engine \fIid\fR for digest operations. +.IP "\fIfile\fR ..." 4 +.IX Item "file ..." +File or files to digest. If no files are specified then standard input is +used. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +To create a hex-encoded message digest of a file: + openssl dgst \-md5 \-hex file.txt +.PP +To sign a file using \s-1SHA\-256\s0 with binary file output: + openssl dgst \-sha256 \-sign privatekey.pem \-out signature.sign file.txt +.PP +To verify a signature: + openssl dgst \-sha256 \-verify publickey.pem \e + \-signature signature.sign \e + file.txt +.SH "NOTES" +.IX Header "NOTES" +The digest mechanisms that are available will depend on the options +used when building OpenSSL. +The \f(CW\*(C`openssl list \-digest\-commands\*(C'\fR command can be used to list them. +.PP +New or agile applications should use probably use \s-1SHA\-256\s0. Other digests, +particularly \s-1SHA\-1\s0 and \s-1MD5\s0, are still widely used for interoperating +with existing formats and protocols. +.PP +When signing a file, this command will automatically determine the algorithm +(\s-1RSA\s0, \s-1ECC\s0, etc) to use for signing based on the private key's \s-1ASN\s0.1 info. +When verifying signatures, it only handles the \s-1RSA\s0, \s-1DSA\s0, or \s-1ECDSA\s0 signature +itself, not the related data to identify the signer and algorithm used in +formats such as x.509, \s-1CMS\s0, and S/MIME. +.PP +A source of random numbers is required for certain signing algorithms, in +particular \s-1ECDSA\s0 and \s-1DSA\s0. +.PP +The signing and verify options should only be used if a single file is +being signed or verified. +.PP +Hex signatures cannot be verified using \fBopenssl\fR. Instead, use \*(L"xxd \-r\*(R" +or similar program to transform the hex signature into a binary signature +prior to verification. +.PP +The \fIopenssl\-mac\fR\|(1) command is preferred over the \fB\-hmac\fR, \fB\-mac\fR and +\&\fB\-macopt\fR command line options. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\-mac\fR\|(1) +.SH "HISTORY" +.IX Header "HISTORY" +The default digest was changed from \s-1MD5\s0 to \s-1SHA256\s0 in OpenSSL 1.1.0. +The FIPS-related options were removed in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man1/openssl-dhparam.1 b/linux_amd64/ssl/share/man/man1/openssl-dhparam.1 new file mode 100755 index 0000000..395a809 --- /dev/null +++ b/linux_amd64/ssl/share/man/man1/openssl-dhparam.1 @@ -0,0 +1,251 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-DHPARAM 1" +.TH OPENSSL-DHPARAM 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-dhparam \- DH parameter manipulation and generation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl dhparam\fR +[\fB\-help\fR] +[\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-in\fR \fIfilename\fR] +[\fB\-out\fR \fIfilename\fR] +[\fB\-dsaparam\fR] +[\fB\-check\fR] +[\fB\-noout\fR] +[\fB\-text\fR] +[\fB\-C\fR] +[\fB\-2\fR] +[\fB\-3\fR] +[\fB\-5\fR] +[\fB\-engine\fR \fIid\fR] +[\fB\-rand\fR \fIfiles\fR] +[\fB\-writerand\fR \fIfile\fR] +[\fInumbits\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command has been deprecated. +The \fIopenssl\-pkeyparam\fR\|(1) command should be used instead. +.PP +This command is used to manipulate \s-1DH\s0 parameter files. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR, \fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IX Item "-inform DER|PEM, -outform DER|PEM" +The input format and output format; the default is \fB\s-1PEM\s0\fR. +The object is compatible with the PKCS#3 \fBDHparameter\fR structure. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-in\fR \fIfilename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read parameters from or standard input if +this option is not specified. +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +This specifies the output filename parameters to. Standard output is used +if this option is not present. The output filename should \fBnot\fR be the same +as the input filename. +.IP "\fB\-dsaparam\fR" 4 +.IX Item "-dsaparam" +If this option is used, \s-1DSA\s0 rather than \s-1DH\s0 parameters are read or created; +they are converted to \s-1DH\s0 format. Otherwise, \*(L"strong\*(R" primes (such +that (p\-1)/2 is also prime) will be used for \s-1DH\s0 parameter generation. +.Sp +\&\s-1DH\s0 parameter generation with the \fB\-dsaparam\fR option is much faster, +and the recommended exponent length is shorter, which makes \s-1DH\s0 key +exchange more efficient. Beware that with such DSA-style \s-1DH\s0 +parameters, a fresh \s-1DH\s0 key should be created for each use to +avoid small-subgroup attacks that may be possible otherwise. +.IP "\fB\-check\fR" 4 +.IX Item "-check" +Performs numerous checks to see if the supplied parameters are valid and +displays a warning if not. +.IP "\fB\-2\fR, \fB\-3\fR, \fB\-5\fR" 4 +.IX Item "-2, -3, -5" +The generator to use, either 2, 3 or 5. If present then the +input file is ignored and parameters are generated instead. If not +present but \fInumbits\fR is present, parameters are generated with the +default generator 2. +.IP "\fInumbits\fR" 4 +.IX Item "numbits" +This option specifies that a parameter set should be generated of size +\&\fInumbits\fR. It must be the last option. If this option is present then +the input file is ignored and parameters are generated instead. If +this option is not present but a generator (\fB\-2\fR, \fB\-3\fR or \fB\-5\fR) is +present, parameters are generated with a default length of 2048 bits. +The minimim length is 512 bits. The maximum length is 10000 bits. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +This option inhibits the output of the encoded version of the parameters. +.IP "\fB\-text\fR" 4 +.IX Item "-text" +This option prints out the \s-1DH\s0 parameters in human readable form. +.IP "\fB\-C\fR" 4 +.IX Item "-C" +This option converts the parameters into C code. The parameters can then +be loaded by calling the \fIget_dhNNNN()\fR function. +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +See \*(L"Engine Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 +.IX Item "-rand files, -writerand file" +See \*(L"Random State Options\*(R" in \fIopenssl\fR\|(1) for details. +.SH "NOTES" +.IX Header "NOTES" +This command replaces the \fBdh\fR and \fBgendh\fR commands of previous +releases. +.PP +OpenSSL currently only supports the older PKCS#3 \s-1DH\s0, not the newer X9.42 +\&\s-1DH\s0. +.PP +This command manipulates \s-1DH\s0 parameters not keys. +.SH "BUGS" +.IX Header "BUGS" +There should be a way to generate and manipulate \s-1DH\s0 keys. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIopenssl\-pkeyparam\fR\|(1), +\&\fIopenssl\-dsaparam\fR\|(1) +.SH "HISTORY" +.IX Header "HISTORY" +This command was deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man1/openssl-dsa.1 b/linux_amd64/ssl/share/man/man1/openssl-dsa.1 new file mode 100755 index 0000000..3ffabde --- /dev/null +++ b/linux_amd64/ssl/share/man/man1/openssl-dsa.1 @@ -0,0 +1,284 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-DSA 1" +.TH OPENSSL-DSA 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-dsa \- DSA key processing +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBdsa\fR +[\fB\-help\fR] +[\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-in\fR \fIfilename\fR] +[\fB\-passin\fR \fIarg\fR] +[\fB\-out\fR \fIfilename\fR] +[\fB\-passout\fR \fIarg\fR] +[\fB\-aes128\fR] +[\fB\-aes192\fR] +[\fB\-aes256\fR] +[\fB\-aria128\fR] +[\fB\-aria192\fR] +[\fB\-aria256\fR] +[\fB\-camellia128\fR] +[\fB\-camellia192\fR] +[\fB\-camellia256\fR] +[\fB\-des\fR] +[\fB\-des3\fR] +[\fB\-idea\fR] +[\fB\-text\fR] +[\fB\-noout\fR] +[\fB\-modulus\fR] +[\fB\-pubin\fR] +[\fB\-pubout\fR] +[\fB\-engine\fR \fIid\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command has been deprecated. +The \fIopenssl\-pkey\fR\|(1) command should be used instead. +.PP +This command processes \s-1DSA\s0 keys. They can be converted between various +forms and their components printed out. \fBNote\fR This command uses the +traditional SSLeay compatible format for private key encryption: newer +applications should use the more secure PKCS#8 format using the \fBpkcs8\fR +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR, \fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IX Item "-inform DER|PEM, -outform DER|PEM" +The input and formats; the default is \fB\s-1PEM\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.Sp +Private keys are a sequence of \fB\s-1ASN\s0.1 \s-1INTEGERS\s0\fR: the version (zero), \fBp\fR, +\&\fBq\fR, \fBg\fR, and the public and and private key components. Public keys +are a \fBSubjectPublicKeyInfo\fR structure with the \fB\s-1DSA\s0\fR type. +.Sp +The \fB\s-1PEM\s0\fR format also accepts PKCS#8 data. +.IP "\fB\-in\fR \fIfilename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read a key from or standard input if this +option is not specified. If the key is encrypted a pass phrase will be +prompted for. +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +This specifies the output filename to write a key to or standard output by +is not specified. If any encryption options are set then a pass phrase will be +prompted for. The output filename should \fBnot\fR be the same as the input +filename. +.IP "\fB\-passin\fR \fIarg\fR, \fB\-passout\fR \fIarg\fR" 4 +.IX Item "-passin arg, -passout arg" +The password source for the input and output file. +For more information about the format of \fBarg\fR +see \*(L"Pass Phrase Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-aes128\fR, \fB\-aes192\fR, \fB\-aes256\fR, \fB\-aria128\fR, \fB\-aria192\fR, \fB\-aria256\fR, \fB\-camellia128\fR, \fB\-camellia192\fR, \fB\-camellia256\fR, \fB\-des\fR, \fB\-des3\fR, \fB\-idea\fR" 4 +.IX Item "-aes128, -aes192, -aes256, -aria128, -aria192, -aria256, -camellia128, -camellia192, -camellia256, -des, -des3, -idea" +These options encrypt the private key with the specified +cipher before outputting it. A pass phrase is prompted for. +If none of these options is specified the key is written in plain text. This +means that this command can be used to remove the pass phrase from a key +by not giving any encryption option is given, or to add or change the pass +phrase by setting them. +These options can only be used with \s-1PEM\s0 format output files. +.IP "\fB\-text\fR" 4 +.IX Item "-text" +Prints out the public, private key components and parameters. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +This option prevents output of the encoded version of the key. +.IP "\fB\-modulus\fR" 4 +.IX Item "-modulus" +This option prints out the value of the public key component of the key. +.IP "\fB\-pubin\fR" 4 +.IX Item "-pubin" +By default, a private key is read from the input file. With this option a +public key is read instead. +.IP "\fB\-pubout\fR" 4 +.IX Item "-pubout" +By default, a private key is output. With this option a public +key will be output instead. This option is automatically set if the input is +a public key. +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +See \*(L"Engine Options\*(R" in \fIopenssl\fR\|(1). +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Examples equivalent to these can be found in the documentation for the +non-deprecated \fIopenssl\-pkey\fR\|(1) command. +.PP +To remove the pass phrase on a \s-1DSA\s0 private key: +.PP +.Vb 1 +\& openssl dsa \-in key.pem \-out keyout.pem +.Ve +.PP +To encrypt a private key using triple \s-1DES:\s0 +.PP +.Vb 1 +\& openssl dsa \-in key.pem \-des3 \-out keyout.pem +.Ve +.PP +To convert a private key from \s-1PEM\s0 to \s-1DER\s0 format: +.PP +.Vb 1 +\& openssl dsa \-in key.pem \-outform DER \-out keyout.der +.Ve +.PP +To print out the components of a private key to standard output: +.PP +.Vb 1 +\& openssl dsa \-in key.pem \-text \-noout +.Ve +.PP +To just output the public part of a private key: +.PP +.Vb 1 +\& openssl dsa \-in key.pem \-pubout \-out pubkey.pem +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIopenssl\-pkey\fR\|(1), +\&\fIopenssl\-dsaparam\fR\|(1), +\&\fIopenssl\-gendsa\fR\|(1), +\&\fIopenssl\-rsa\fR\|(1), +\&\fIopenssl\-genrsa\fR\|(1) +.SH "HISTORY" +.IX Header "HISTORY" +This command was deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man1/openssl-dsaparam.1 b/linux_amd64/ssl/share/man/man1/openssl-dsaparam.1 new file mode 100755 index 0000000..8a74344 --- /dev/null +++ b/linux_amd64/ssl/share/man/man1/openssl-dsaparam.1 @@ -0,0 +1,228 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-DSAPARAM 1" +.TH OPENSSL-DSAPARAM 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-dsaparam \- DSA parameter manipulation and generation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl dsaparam\fR +[\fB\-help\fR] +[\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-in\fR \fIfilename\fR] +[\fB\-out\fR \fIfilename\fR] +[\fB\-noout\fR] +[\fB\-text\fR] +[\fB\-C\fR] +[\fB\-genkey\fR] +[\fB\-verbose\fR] +[\fB\-rand\fR \fIfiles\fR] +[\fB\-writerand\fR \fIfile\fR] +[\fB\-engine\fR \fIid\fR] +[\fInumbits\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command has been deprecated. +The \fIopenssl\-pkeyparam\fR\|(1) command should be used instead. +.PP +This command is used to manipulate or generate \s-1DSA\s0 parameter files. +.PP +\&\s-1DSA\s0 parameter generation can be a slow process and as a result the same set of +\&\s-1DSA\s0 parameters is often used to generate several distinct keys. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR, \fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IX Item "-inform DER|PEM, -outform DER|PEM" +The input and formats; the default is \fB\s-1PEM\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.Sp +Parameters are a sequence of \fB\s-1ASN\s0.1 \s-1INTEGER\s0\fRs: \fBp\fR, \fBq\fR, and \fBg\fR. +This is compatible with \s-1RFC\s0 2459 \fBDSS-Parms\fR structure. +.IP "\fB\-in\fR \fIfilename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read parameters from or standard input if +this option is not specified. If the \fInumbits\fR parameter is included then +this option will be ignored. +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +This specifies the output filename parameters to. Standard output is used +if this option is not present. The output filename should \fBnot\fR be the same +as the input filename. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +This option inhibits the output of the encoded version of the parameters. +.IP "\fB\-text\fR" 4 +.IX Item "-text" +This option prints out the \s-1DSA\s0 parameters in human readable form. +.IP "\fB\-C\fR" 4 +.IX Item "-C" +This option converts the parameters into C code. The parameters can then +be loaded by calling the \fIget_dsaXXX()\fR function. +.IP "\fB\-genkey\fR" 4 +.IX Item "-genkey" +This option will generate a \s-1DSA\s0 either using the specified or generated +parameters. +.IP "\fB\-verbose\fR" 4 +.IX Item "-verbose" +Print extra details about the operations being performed. +.IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 +.IX Item "-rand files, -writerand file" +See \*(L"Random State Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +See \*(L"Engine Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fInumbits\fR" 4 +.IX Item "numbits" +This option specifies that a parameter set should be generated of size +\&\fInumbits\fR. It must be the last option. If this option is included then +the input file (if any) is ignored. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIopenssl\-pkeyparam\fR\|(1), +\&\fIopenssl\-gendsa\fR\|(1), +\&\fIopenssl\-dsa\fR\|(1), +\&\fIopenssl\-genrsa\fR\|(1), +\&\fIopenssl\-rsa\fR\|(1) +.SH "HISTORY" +.IX Header "HISTORY" +This command was deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man1/openssl-ec.1 b/linux_amd64/ssl/share/man/man1/openssl-ec.1 new file mode 100755 index 0000000..4792623 --- /dev/null +++ b/linux_amd64/ssl/share/man/man1/openssl-ec.1 @@ -0,0 +1,304 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-EC 1" +.TH OPENSSL-EC 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-ec \- EC key processing +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBec\fR +[\fB\-help\fR] +[\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-in\fR \fIfilename\fR] +[\fB\-passin\fR \fIarg\fR] +[\fB\-out\fR \fIfilename\fR] +[\fB\-passout\fR \fIarg\fR] +[\fB\-des\fR] +[\fB\-des3\fR] +[\fB\-idea\fR] +[\fB\-text\fR] +[\fB\-noout\fR] +[\fB\-param_out\fR] +[\fB\-pubin\fR] +[\fB\-pubout\fR] +[\fB\-conv_form\fR \fIarg\fR] +[\fB\-param_enc\fR \fIarg\fR] +[\fB\-no_public\fR] +[\fB\-check\fR] +[\fB\-engine\fR \fIid\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command has been deprecated. +The \fIopenssl\-pkey\fR\|(1) command should be used instead. +.PP +The \fIopenssl\-ec\fR\|(1) command processes \s-1EC\s0 keys. They can be converted between +various forms and their components printed out. \fBNote\fR OpenSSL uses the +private key format specified in '\s-1SEC\s0 1: Elliptic Curve Cryptography' +(http://www.secg.org/). To convert an OpenSSL \s-1EC\s0 private key into the +PKCS#8 private key format use the \fIopenssl\-pkcs8\fR\|(1) command. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR, \fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IX Item "-inform DER|PEM, -outform DER|PEM" +The input and formats; the default is \fB\s-1PEM\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.Sp +Private keys are an \s-1SEC1\s0 private key or PKCS#8 format. +Public keys are a \fBSubjectPublicKeyInfo\fR as specified in \s-1IETF\s0 \s-1RFC\s0 3280. +.IP "\fB\-in\fR \fIfilename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read a key from or standard input if this +option is not specified. If the key is encrypted a pass phrase will be +prompted for. +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +This specifies the output filename to write a key to or standard output by +is not specified. If any encryption options are set then a pass phrase will be +prompted for. The output filename should \fBnot\fR be the same as the input +filename. +.IP "\fB\-passin\fR \fIarg\fR, \fB\-passout\fR \fIarg\fR" 4 +.IX Item "-passin arg, -passout arg" +The password source for the input and output file. +For more information about the format of \fBarg\fR +see \*(L"Pass Phrase Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-des\fR|\fB\-des3\fR|\fB\-idea\fR" 4 +.IX Item "-des|-des3|-idea" +These options encrypt the private key with the \s-1DES\s0, triple \s-1DES\s0, \s-1IDEA\s0 or +any other cipher supported by OpenSSL before outputting it. A pass phrase is +prompted for. +If none of these options is specified the key is written in plain text. This +means that using this command to read in an encrypted key with no +encryption option can be used to remove the pass phrase from a key, or by +setting the encryption options it can be use to add or change the pass phrase. +These options can only be used with \s-1PEM\s0 format output files. +.IP "\fB\-text\fR" 4 +.IX Item "-text" +Prints out the public, private key components and parameters. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +This option prevents output of the encoded version of the key. +.IP "\fB\-pubin\fR" 4 +.IX Item "-pubin" +By default, a private key is read from the input file. With this option a +public key is read instead. +.IP "\fB\-pubout\fR" 4 +.IX Item "-pubout" +By default a private key is output. With this option a public +key will be output instead. This option is automatically set if the input is +a public key. +.IP "\fB\-conv_form\fR \fIarg\fR" 4 +.IX Item "-conv_form arg" +This specifies how the points on the elliptic curve are converted +into octet strings. Possible values are: \fBcompressed\fR (the default +value), \fBuncompressed\fR and \fBhybrid\fR. For more information regarding +the point conversion forms please read the X9.62 standard. +\&\fBNote\fR Due to patent issues the \fBcompressed\fR option is disabled +by default for binary curves and can be enabled by defining +the preprocessor macro \fB\s-1OPENSSL_EC_BIN_PT_COMP\s0\fR at compile time. +.IP "\fB\-param_enc\fR \fIarg\fR" 4 +.IX Item "-param_enc arg" +This specifies how the elliptic curve parameters are encoded. +Possible value are: \fBnamed_curve\fR, i.e. the ec parameters are +specified by an \s-1OID\s0, or \fBexplicit\fR where the ec parameters are +explicitly given (see \s-1RFC\s0 3279 for the definition of the +\&\s-1EC\s0 parameters structures). The default value is \fBnamed_curve\fR. +\&\fBNote\fR the \fBimplicitlyCA\fR alternative, as specified in \s-1RFC\s0 3279, +is currently not implemented in OpenSSL. +.IP "\fB\-no_public\fR" 4 +.IX Item "-no_public" +This option omits the public key components from the private key output. +.IP "\fB\-check\fR" 4 +.IX Item "-check" +This option checks the consistency of an \s-1EC\s0 private or public key. +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +See \*(L"Engine Options\*(R" in \fIopenssl\fR\|(1). +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Examples equivalent to these can be found in the documentation for the +non-deprecated \fIopenssl\-pkey\fR\|(1) command. +.PP +To encrypt a private key using triple \s-1DES:\s0 +.PP +.Vb 1 +\& openssl ec \-in key.pem \-des3 \-out keyout.pem +.Ve +.PP +To convert a private key from \s-1PEM\s0 to \s-1DER\s0 format: +.PP +.Vb 1 +\& openssl ec \-in key.pem \-outform DER \-out keyout.der +.Ve +.PP +To print out the components of a private key to standard output: +.PP +.Vb 1 +\& openssl ec \-in key.pem \-text \-noout +.Ve +.PP +To just output the public part of a private key: +.PP +.Vb 1 +\& openssl ec \-in key.pem \-pubout \-out pubkey.pem +.Ve +.PP +To change the parameters encoding to \fBexplicit\fR: +.PP +.Vb 1 +\& openssl ec \-in key.pem \-param_enc explicit \-out keyout.pem +.Ve +.PP +To change the point conversion form to \fBcompressed\fR: +.PP +.Vb 1 +\& openssl ec \-in key.pem \-conv_form compressed \-out keyout.pem +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIopenssl\-pkey\fR\|(1), +\&\fIopenssl\-ecparam\fR\|(1), +\&\fIopenssl\-dsa\fR\|(1), +\&\fIopenssl\-rsa\fR\|(1) +.SH "HISTORY" +.IX Header "HISTORY" +This command was deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2003\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man1/openssl-ecparam.1 b/linux_amd64/ssl/share/man/man1/openssl-ecparam.1 new file mode 100755 index 0000000..ad16ae7 --- /dev/null +++ b/linux_amd64/ssl/share/man/man1/openssl-ecparam.1 @@ -0,0 +1,298 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-ECPARAM 1" +.TH OPENSSL-ECPARAM 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-ecparam \- EC parameter manipulation and generation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl ecparam\fR +[\fB\-help\fR] +[\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-in\fR \fIfilename\fR] +[\fB\-out\fR \fIfilename\fR] +[\fB\-noout\fR] +[\fB\-text\fR] +[\fB\-C\fR] +[\fB\-check\fR] +[\fB\-check_named\fR] +[\fB\-name\fR \fIarg\fR] +[\fB\-list_curves\fR] +[\fB\-conv_form\fR \fIarg\fR] +[\fB\-param_enc\fR \fIarg\fR] +[\fB\-no_seed\fR] +[\fB\-genkey\fR] +[\fB\-engine\fR \fIid\fR] +[\fB\-rand\fR \fIfiles\fR] +[\fB\-writerand\fR \fIfile\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command has been deprecated. +The \fIopenssl\-genpkey\fR\|(1) and \fIopenssl\-pkeyparam\fR\|(1) commands +should be used instead. +.PP +This command is used to manipulate or generate \s-1EC\s0 parameter files. +.PP +OpenSSL is currently not able to generate new groups and therefore +this command can only create \s-1EC\s0 parameters from known (named) curves. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR, \fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IX Item "-inform DER|PEM, -outform DER|PEM" +The input and formats; the default is \fB\s-1PEM\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.Sp +Parameters are encoded as \fBEcpkParameters\fR as specified in \s-1IETF\s0 \s-1RFC\s0 3279. +.IP "\fB\-in\fR \fIfilename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read parameters from or standard input if +this option is not specified. +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +This specifies the output filename parameters to. Standard output is used +if this option is not present. The output filename should \fBnot\fR be the same +as the input filename. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +This option inhibits the output of the encoded version of the parameters. +.IP "\fB\-text\fR" 4 +.IX Item "-text" +This option prints out the \s-1EC\s0 parameters in human readable form. +.IP "\fB\-C\fR" 4 +.IX Item "-C" +This option converts the \s-1EC\s0 parameters into C code. The parameters can then +be loaded by calling the \fIget_ec_group_XXX()\fR function. +.IP "\fB\-check\fR" 4 +.IX Item "-check" +Validate the elliptic curve parameters. +.IP "\fB\-check_named\fR" 4 +.IX Item "-check_named" +Validate the elliptic name curve parameters by checking if the curve parameters +match any built-in curves. +.IP "\fB\-name\fR \fIarg\fR" 4 +.IX Item "-name arg" +Use the \s-1EC\s0 parameters with the specified 'short' name. Use \fB\-list_curves\fR +to get a list of all currently implemented \s-1EC\s0 parameters. +.IP "\fB\-list_curves\fR" 4 +.IX Item "-list_curves" +Print out a list of all currently implemented \s-1EC\s0 parameters names and exit. +.IP "\fB\-conv_form\fR \fIarg\fR" 4 +.IX Item "-conv_form arg" +This specifies how the points on the elliptic curve are converted +into octet strings. Possible values are: \fBcompressed\fR, \fBuncompressed\fR (the +default value) and \fBhybrid\fR. For more information regarding +the point conversion forms please read the X9.62 standard. +\&\fBNote\fR Due to patent issues the \fBcompressed\fR option is disabled +by default for binary curves and can be enabled by defining +the preprocessor macro \fB\s-1OPENSSL_EC_BIN_PT_COMP\s0\fR at compile time. +.IP "\fB\-param_enc\fR \fIarg\fR" 4 +.IX Item "-param_enc arg" +This specifies how the elliptic curve parameters are encoded. +Possible value are: \fBnamed_curve\fR, i.e. the ec parameters are +specified by an \s-1OID\s0, or \fBexplicit\fR where the ec parameters are +explicitly given (see \s-1RFC\s0 3279 for the definition of the +\&\s-1EC\s0 parameters structures). The default value is \fBnamed_curve\fR. +\&\fBNote\fR the \fBimplicitlyCA\fR alternative, as specified in \s-1RFC\s0 3279, +is currently not implemented in OpenSSL. +.IP "\fB\-no_seed\fR" 4 +.IX Item "-no_seed" +This option inhibits that the 'seed' for the parameter generation +is included in the ECParameters structure (see \s-1RFC\s0 3279). +.IP "\fB\-genkey\fR" 4 +.IX Item "-genkey" +This option will generate an \s-1EC\s0 private key using the specified parameters. +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +See \*(L"Engine Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 +.IX Item "-rand files, -writerand file" +See \*(L"Random State Options\*(R" in \fIopenssl\fR\|(1) for details. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Examples equivalent to these can be found in the documentation for the +non-deprecated \fIopenssl\-genpkey\fR\|(1) and \fIopenssl\-pkeyparam\fR\|(1) commands. +.PP +To create \s-1EC\s0 parameters with the group 'prime192v1': +.PP +.Vb 1 +\& openssl ecparam \-out ec_param.pem \-name prime192v1 +.Ve +.PP +To create \s-1EC\s0 parameters with explicit parameters: +.PP +.Vb 1 +\& openssl ecparam \-out ec_param.pem \-name prime192v1 \-param_enc explicit +.Ve +.PP +To validate given \s-1EC\s0 parameters: +.PP +.Vb 1 +\& openssl ecparam \-in ec_param.pem \-check +.Ve +.PP +To create \s-1EC\s0 parameters and a private key: +.PP +.Vb 1 +\& openssl ecparam \-out ec_key.pem \-name prime192v1 \-genkey +.Ve +.PP +To change the point encoding to 'compressed': +.PP +.Vb 1 +\& openssl ecparam \-in ec_in.pem \-out ec_out.pem \-conv_form compressed +.Ve +.PP +To print out the \s-1EC\s0 parameters to standard output: +.PP +.Vb 1 +\& openssl ecparam \-in ec_param.pem \-noout \-text +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIopenssl\-pkeyparam\fR\|(1), +\&\fIopenssl\-genpkey\fR\|(1), +\&\fIopenssl\-ec\fR\|(1), +\&\fIopenssl\-dsaparam\fR\|(1) +.SH "HISTORY" +.IX Header "HISTORY" +This command was deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2003\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man1/openssl-enc.1 b/linux_amd64/ssl/share/man/man1/openssl-enc.1 new file mode 100755 index 0000000..4da47e1 --- /dev/null +++ b/linux_amd64/ssl/share/man/man1/openssl-enc.1 @@ -0,0 +1,535 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-ENC 1" +.TH OPENSSL-ENC 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-enc \- symmetric cipher routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBenc\fR|\fIcipher\fR +[\fB\-\f(BIcipher\fB\fR] +[\fB\-help\fR] +[\fB\-list\fR] +[\fB\-ciphers\fR] +[\fB\-in\fR \fIfilename\fR] +[\fB\-out\fR \fIfilename\fR] +[\fB\-pass\fR \fIarg\fR] +[\fB\-e\fR] +[\fB\-d\fR] +[\fB\-a\fR] +[\fB\-base64\fR] +[\fB\-A\fR] +[\fB\-k\fR \fIpassword\fR] +[\fB\-kfile\fR \fIfilename\fR] +[\fB\-K\fR \fIkey\fR] +[\fB\-iv\fR \fI\s-1IV\s0\fR] +[\fB\-S\fR \fIsalt\fR] +[\fB\-salt\fR] +[\fB\-nosalt\fR] +[\fB\-z\fR] +[\fB\-md\fR \fIdigest\fR] +[\fB\-iter\fR \fIcount\fR] +[\fB\-pbkdf2\fR] +[\fB\-p\fR] +[\fB\-P\fR] +[\fB\-bufsize\fR \fInumber\fR] +[\fB\-nopad\fR] +[\fB\-v\fR] +[\fB\-debug\fR] +[\fB\-none\fR] +[\fB\-engine\fR \fIid\fR] +[\fB\-rand\fR \fIfiles\fR] +[\fB\-writerand\fR \fIfile\fR] +.PP +\&\fBopenssl\fR \fIcipher\fR [\fB...\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The symmetric cipher commands allow data to be encrypted or decrypted +using various block and stream ciphers using keys based on passwords +or explicitly provided. Base64 encoding or decoding can also be performed +either by itself or in addition to the encryption or decryption. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-list\fR" 4 +.IX Item "-list" +List all supported ciphers. +.IP "\fB\-ciphers\fR" 4 +.IX Item "-ciphers" +Alias of \-list to display all supported ciphers. +.IP "\fB\-in\fR \fIfilename\fR" 4 +.IX Item "-in filename" +The input filename, standard input by default. +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +The output filename, standard output by default. +.IP "\fB\-pass\fR \fIarg\fR" 4 +.IX Item "-pass arg" +The password source. For more information about the format of \fIarg\fR +see \*(L"Pass Phrase Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-e\fR" 4 +.IX Item "-e" +Encrypt the input data: this is the default. +.IP "\fB\-d\fR" 4 +.IX Item "-d" +Decrypt the input data. +.IP "\fB\-a\fR" 4 +.IX Item "-a" +Base64 process the data. This means that if encryption is taking place +the data is base64 encoded after encryption. If decryption is set then +the input data is base64 decoded before being decrypted. +.IP "\fB\-base64\fR" 4 +.IX Item "-base64" +Same as \fB\-a\fR +.IP "\fB\-A\fR" 4 +.IX Item "-A" +If the \fB\-a\fR option is set then base64 process the data on one line. +.IP "\fB\-k\fR \fIpassword\fR" 4 +.IX Item "-k password" +The password to derive the key from. This is for compatibility with previous +versions of OpenSSL. Superseded by the \fB\-pass\fR argument. +.IP "\fB\-kfile\fR \fIfilename\fR" 4 +.IX Item "-kfile filename" +Read the password to derive the key from the first line of \fIfilename\fR. +This is for compatibility with previous versions of OpenSSL. Superseded by +the \fB\-pass\fR argument. +.IP "\fB\-md\fR \fIdigest\fR" 4 +.IX Item "-md digest" +Use the specified digest to create the key from the passphrase. +The default algorithm is sha\-256. +.IP "\fB\-iter\fR \fIcount\fR" 4 +.IX Item "-iter count" +Use a given number of iterations on the password in deriving the encryption key. +High values increase the time required to brute-force the resulting file. +This option enables the use of \s-1PBKDF2\s0 algorithm to derive the key. +.IP "\fB\-pbkdf2\fR" 4 +.IX Item "-pbkdf2" +Use \s-1PBKDF2\s0 algorithm with default iteration count unless otherwise specified. +.IP "\fB\-nosalt\fR" 4 +.IX Item "-nosalt" +Don't use a salt in the key derivation routines. This option \fB\s-1SHOULD\s0 \s-1NOT\s0\fR be +used except for test purposes or compatibility with ancient versions of +OpenSSL. +.IP "\fB\-salt\fR" 4 +.IX Item "-salt" +Use salt (randomly generated or provide with \fB\-S\fR option) when +encrypting, this is the default. +.IP "\fB\-S\fR \fIsalt\fR" 4 +.IX Item "-S salt" +The actual salt to use: this must be represented as a string of hex digits. +.IP "\fB\-K\fR \fIkey\fR" 4 +.IX Item "-K key" +The actual key to use: this must be represented as a string comprised only +of hex digits. If only the key is specified, the \s-1IV\s0 must additionally specified +using the \fB\-iv\fR option. When both a key and a password are specified, the +key given with the \fB\-K\fR option will be used and the \s-1IV\s0 generated from the +password will be taken. It does not make much sense to specify both key +and password. +.IP "\fB\-iv\fR \fI\s-1IV\s0\fR" 4 +.IX Item "-iv IV" +The actual \s-1IV\s0 to use: this must be represented as a string comprised only +of hex digits. When only the key is specified using the \fB\-K\fR option, the +\&\s-1IV\s0 must explicitly be defined. When a password is being specified using +one of the other options, the \s-1IV\s0 is generated from this password. +.IP "\fB\-p\fR" 4 +.IX Item "-p" +Print out the key and \s-1IV\s0 used. +.IP "\fB\-P\fR" 4 +.IX Item "-P" +Print out the key and \s-1IV\s0 used then immediately exit: don't do any encryption +or decryption. +.IP "\fB\-bufsize\fR \fInumber\fR" 4 +.IX Item "-bufsize number" +Set the buffer size for I/O. +.IP "\fB\-nopad\fR" 4 +.IX Item "-nopad" +Disable standard block padding. +.IP "\fB\-v\fR" 4 +.IX Item "-v" +Verbose print; display some statistics about I/O and buffer sizes. +.IP "\fB\-debug\fR" 4 +.IX Item "-debug" +Debug the BIOs used for I/O. +.IP "\fB\-z\fR" 4 +.IX Item "-z" +Compress or decompress clear text using zlib before encryption or after +decryption. This option exists only if OpenSSL with compiled with zlib +or zlib-dynamic option. +.IP "\fB\-none\fR" 4 +.IX Item "-none" +Use \s-1NULL\s0 cipher (no encryption or decryption of input). +.IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 +.IX Item "-rand files, -writerand file" +See \*(L"Random State Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +See \*(L"Engine Options\*(R" in \fIopenssl\fR\|(1). +.SH "NOTES" +.IX Header "NOTES" +The program can be called either as \f(CW\*(C`openssl \f(CIcipher\f(CW\*(C'\fR or +\&\f(CW\*(C`openssl enc \-\f(CIcipher\f(CW\*(C'\fR. The first form doesn't work with +engine-provided ciphers, because this form is processed before the +configuration file is read and any ENGINEs loaded. +Use the \fIopenssl\-list\fR\|(1) command to get a list of supported ciphers. +.PP +Engines which provide entirely new encryption algorithms (such as the ccgost +engine which provides gost89 algorithm) should be configured in the +configuration file. Engines specified on the command line using \fB\-engine\fR +option can only be used for hardware-assisted implementations of +ciphers which are supported by the OpenSSL core or another engine specified +in the configuration file. +.PP +When the enc command lists supported ciphers, ciphers provided by engines, +specified in the configuration files are listed too. +.PP +A password will be prompted for to derive the key and \s-1IV\s0 if necessary. +.PP +The \fB\-salt\fR option should \fB\s-1ALWAYS\s0\fR be used if the key is being derived +from a password unless you want compatibility with previous versions of +OpenSSL. +.PP +Without the \fB\-salt\fR option it is possible to perform efficient dictionary +attacks on the password and to attack stream cipher encrypted data. The reason +for this is that without the salt the same password always generates the same +encryption key. When the salt is being used the first eight bytes of the +encrypted data are reserved for the salt: it is generated at random when +encrypting a file and read from the encrypted file when it is decrypted. +.PP +Some of the ciphers do not have large keys and others have security +implications if not used correctly. A beginner is advised to just use +a strong block cipher, such as \s-1AES\s0, in \s-1CBC\s0 mode. +.PP +All the block ciphers normally use PKCS#5 padding, also known as standard +block padding. This allows a rudimentary integrity or password check to +be performed. However since the chance of random data passing the test +is better than 1 in 256 it isn't a very good test. +.PP +If padding is disabled then the input data must be a multiple of the cipher +block length. +.PP +All \s-1RC2\s0 ciphers have the same key and effective key length. +.PP +Blowfish and \s-1RC5\s0 algorithms use a 128 bit key. +.SH "SUPPORTED CIPHERS" +.IX Header "SUPPORTED CIPHERS" +Note that some of these ciphers can be disabled at compile time +and some are available only if an appropriate engine is configured +in the configuration file. The output when invoking this command +with the \fB\-ciphers\fR option (that is \f(CW\*(C`openssl enc \-ciphers\*(C'\fR) is +a list of ciphers, supported by your version of OpenSSL, including +ones provided by configured engines. +.PP +This command does not support authenticated encryption modes +like \s-1CCM\s0 and \s-1GCM\s0, and will not support such modes in the future. +This is due to having to begin streaming output (e.g., to standard output +when \fB\-out\fR is not used) before the authentication tag could be validated. +When this command is used in a pipeline, the receiving end will not be +able to roll back upon authentication failure. The \s-1AEAD\s0 modes currently in +common use also suffer from catastrophic failure of confidentiality and/or +integrity upon reuse of key/iv/nonce, and since \fBopenssl enc\fR places the +entire burden of key/iv/nonce management upon the user, the risk of +exposing \s-1AEAD\s0 modes is too great to allow. These key/iv/nonce +management issues also affect other modes currently exposed in this command, +but the failure modes are less extreme in these cases, and the +functionality cannot be removed with a stable release branch. +For bulk encryption of data, whether using authenticated encryption +modes or other modes, \fIopenssl\-cms\fR\|(1) is recommended, as it provides a +standard data format and performs the needed key/iv/nonce management. +.PP +.Vb 1 +\& base64 Base 64 +\& +\& bf\-cbc Blowfish in CBC mode +\& bf Alias for bf\-cbc +\& blowfish Alias for bf\-cbc +\& bf\-cfb Blowfish in CFB mode +\& bf\-ecb Blowfish in ECB mode +\& bf\-ofb Blowfish in OFB mode +\& +\& cast\-cbc CAST in CBC mode +\& cast Alias for cast\-cbc +\& cast5\-cbc CAST5 in CBC mode +\& cast5\-cfb CAST5 in CFB mode +\& cast5\-ecb CAST5 in ECB mode +\& cast5\-ofb CAST5 in OFB mode +\& +\& chacha20 ChaCha20 algorithm +\& +\& des\-cbc DES in CBC mode +\& des Alias for des\-cbc +\& des\-cfb DES in CFB mode +\& des\-ofb DES in OFB mode +\& des\-ecb DES in ECB mode +\& +\& des\-ede\-cbc Two key triple DES EDE in CBC mode +\& des\-ede Two key triple DES EDE in ECB mode +\& des\-ede\-cfb Two key triple DES EDE in CFB mode +\& des\-ede\-ofb Two key triple DES EDE in OFB mode +\& +\& des\-ede3\-cbc Three key triple DES EDE in CBC mode +\& des\-ede3 Three key triple DES EDE in ECB mode +\& des3 Alias for des\-ede3\-cbc +\& des\-ede3\-cfb Three key triple DES EDE CFB mode +\& des\-ede3\-ofb Three key triple DES EDE in OFB mode +\& +\& desx DESX algorithm. +\& +\& gost89 GOST 28147\-89 in CFB mode (provided by ccgost engine) +\& gost89\-cnt \`GOST 28147\-89 in CNT mode (provided by ccgost engine) +\& +\& idea\-cbc IDEA algorithm in CBC mode +\& idea same as idea\-cbc +\& idea\-cfb IDEA in CFB mode +\& idea\-ecb IDEA in ECB mode +\& idea\-ofb IDEA in OFB mode +\& +\& rc2\-cbc 128 bit RC2 in CBC mode +\& rc2 Alias for rc2\-cbc +\& rc2\-cfb 128 bit RC2 in CFB mode +\& rc2\-ecb 128 bit RC2 in ECB mode +\& rc2\-ofb 128 bit RC2 in OFB mode +\& rc2\-64\-cbc 64 bit RC2 in CBC mode +\& rc2\-40\-cbc 40 bit RC2 in CBC mode +\& +\& rc4 128 bit RC4 +\& rc4\-64 64 bit RC4 +\& rc4\-40 40 bit RC4 +\& +\& rc5\-cbc RC5 cipher in CBC mode +\& rc5 Alias for rc5\-cbc +\& rc5\-cfb RC5 cipher in CFB mode +\& rc5\-ecb RC5 cipher in ECB mode +\& rc5\-ofb RC5 cipher in OFB mode +\& +\& seed\-cbc SEED cipher in CBC mode +\& seed Alias for seed\-cbc +\& seed\-cfb SEED cipher in CFB mode +\& seed\-ecb SEED cipher in ECB mode +\& seed\-ofb SEED cipher in OFB mode +\& +\& sm4\-cbc SM4 cipher in CBC mode +\& sm4 Alias for sm4\-cbc +\& sm4\-cfb SM4 cipher in CFB mode +\& sm4\-ctr SM4 cipher in CTR mode +\& sm4\-ecb SM4 cipher in ECB mode +\& sm4\-ofb SM4 cipher in OFB mode +\& +\& aes\-[128|192|256]\-cbc 128/192/256 bit AES in CBC mode +\& aes[128|192|256] Alias for aes\-[128|192|256]\-cbc +\& aes\-[128|192|256]\-cfb 128/192/256 bit AES in 128 bit CFB mode +\& aes\-[128|192|256]\-cfb1 128/192/256 bit AES in 1 bit CFB mode +\& aes\-[128|192|256]\-cfb8 128/192/256 bit AES in 8 bit CFB mode +\& aes\-[128|192|256]\-ctr 128/192/256 bit AES in CTR mode +\& aes\-[128|192|256]\-ecb 128/192/256 bit AES in ECB mode +\& aes\-[128|192|256]\-ofb 128/192/256 bit AES in OFB mode +\& +\& aria\-[128|192|256]\-cbc 128/192/256 bit ARIA in CBC mode +\& aria[128|192|256] Alias for aria\-[128|192|256]\-cbc +\& aria\-[128|192|256]\-cfb 128/192/256 bit ARIA in 128 bit CFB mode +\& aria\-[128|192|256]\-cfb1 128/192/256 bit ARIA in 1 bit CFB mode +\& aria\-[128|192|256]\-cfb8 128/192/256 bit ARIA in 8 bit CFB mode +\& aria\-[128|192|256]\-ctr 128/192/256 bit ARIA in CTR mode +\& aria\-[128|192|256]\-ecb 128/192/256 bit ARIA in ECB mode +\& aria\-[128|192|256]\-ofb 128/192/256 bit ARIA in OFB mode +\& +\& camellia\-[128|192|256]\-cbc 128/192/256 bit Camellia in CBC mode +\& camellia[128|192|256] Alias for camellia\-[128|192|256]\-cbc +\& camellia\-[128|192|256]\-cfb 128/192/256 bit Camellia in 128 bit CFB mode +\& camellia\-[128|192|256]\-cfb1 128/192/256 bit Camellia in 1 bit CFB mode +\& camellia\-[128|192|256]\-cfb8 128/192/256 bit Camellia in 8 bit CFB mode +\& camellia\-[128|192|256]\-ctr 128/192/256 bit Camellia in CTR mode +\& camellia\-[128|192|256]\-ecb 128/192/256 bit Camellia in ECB mode +\& camellia\-[128|192|256]\-ofb 128/192/256 bit Camellia in OFB mode +.Ve +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Just base64 encode a binary file: +.PP +.Vb 1 +\& openssl base64 \-in file.bin \-out file.b64 +.Ve +.PP +Decode the same file +.PP +.Vb 1 +\& openssl base64 \-d \-in file.b64 \-out file.bin +.Ve +.PP +Encrypt a file using \s-1AES\-128\s0 using a prompted password +and \s-1PBKDF2\s0 key derivation: +.PP +.Vb 1 +\& openssl enc \-aes128 \-pbkdf2 \-in file.txt \-out file.aes128 +.Ve +.PP +Decrypt a file using a supplied password: +.PP +.Vb 2 +\& openssl enc \-aes128 \-pbkdf2 \-d \-in file.aes128 \-out file.txt \e +\& \-pass pass: +.Ve +.PP +Encrypt a file then base64 encode it (so it can be sent via mail for example) +using \s-1AES\-256\s0 in \s-1CTR\s0 mode and \s-1PBKDF2\s0 key derivation: +.PP +.Vb 1 +\& openssl enc \-aes\-256\-ctr \-pbkdf2 \-a \-in file.txt \-out file.aes256 +.Ve +.PP +Base64 decode a file then decrypt it using a password supplied in a file: +.PP +.Vb 2 +\& openssl enc \-aes\-256\-ctr \-pbkdf2 \-d \-a \-in file.aes256 \-out file.txt \e +\& \-pass file: +.Ve +.SH "BUGS" +.IX Header "BUGS" +The \fB\-A\fR option when used with large files doesn't work properly. +.PP +The \fBopenssl enc\fR command only supports a fixed number of algorithms with +certain parameters. So if, for example, you want to use \s-1RC2\s0 with a +76 bit key or \s-1RC4\s0 with an 84 bit key you can't use this program. +.SH "HISTORY" +.IX Header "HISTORY" +The default digest was changed from \s-1MD5\s0 to \s-1SHA256\s0 in OpenSSL 1.1.0. +.PP +The \fB\-list\fR option was added in OpenSSL 1.1.1e. +.PP +The \fB\-ciphers\fR option was deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man1/openssl-engine.1 b/linux_amd64/ssl/share/man/man1/openssl-engine.1 new file mode 100755 index 0000000..55beab9 --- /dev/null +++ b/linux_amd64/ssl/share/man/man1/openssl-engine.1 @@ -0,0 +1,237 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-ENGINE 1" +.TH OPENSSL-ENGINE 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-engine \- load and query engines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl engine\fR +[\fB\-help\fR] +[\fB\-v\fR] +[\fB\-vv\fR] +[\fB\-vvv\fR] +[\fB\-vvvv\fR] +[\fB\-c\fR] +[\fB\-t\fR] +[\fB\-tt\fR] +[\fB\-pre\fR \fIcommand\fR] ... +[\fB\-post\fR \fIcommand\fR] ... +[\fIengine\fR ...] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command is used to query the status and capabilities +of the specified \fIengine\fRs. +Engines may be specified before and after all other command-line flags. +Only those specified are queried. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Display an option summary. +.IP "\fB\-v\fR \fB\-vv\fR \fB\-vvv\fR \fB\-vvvv\fR" 4 +.IX Item "-v -vv -vvv -vvvv" +Provides information about each specified engine. The first flag lists +all the possible run-time control commands; the second adds a +description of each command; the third adds the input flags, and the +final option adds the internal input flags. +.IP "\fB\-c\fR" 4 +.IX Item "-c" +Lists the capabilities of each engine. +.IP "\fB\-t\fR" 4 +.IX Item "-t" +Tests if each specified engine is available, and displays the answer. +.IP "\fB\-tt\fR" 4 +.IX Item "-tt" +Displays an error trace for any unavailable engine. +.IP "\fB\-pre\fR \fIcommand\fR" 4 +.IX Item "-pre command" +.PD 0 +.IP "\fB\-post\fR \fIcommand\fR" 4 +.IX Item "-post command" +.PD +Command-line configuration of engines. +The \fB\-pre\fR command is given to the engine before it is loaded and +the \fB\-post\fR command is given after the engine is loaded. +The \fIcommand\fR is of the form \fIcmd\fR:\fIval\fR where \fIcmd\fR is the command, +and \fIval\fR is the value for the command. +See the example below. +.Sp +These two options are cumulative, so they may be given more than once in the +same command. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +To list all the commands available to a dynamic engine: +.PP +.Vb 10 +\& $ openssl engine \-t \-tt \-vvvv dynamic +\& (dynamic) Dynamic engine loading support +\& [ unavailable ] +\& SO_PATH: Specifies the path to the new ENGINE shared library +\& (input flags): STRING +\& NO_VCHECK: Specifies to continue even if version checking fails (boolean) +\& (input flags): NUMERIC +\& ID: Specifies an ENGINE id name for loading +\& (input flags): STRING +\& LIST_ADD: Whether to add a loaded ENGINE to the internal list (0=no,1=yes,2=mandatory) +\& (input flags): NUMERIC +\& DIR_LOAD: Specifies whether to load from \*(AqDIR_ADD\*(Aq directories (0=no,1=yes,2=mandatory) +\& (input flags): NUMERIC +\& DIR_ADD: Adds a directory from which ENGINEs can be loaded +\& (input flags): STRING +\& LOAD: Load up the ENGINE specified by other settings +\& (input flags): NO_INPUT +.Ve +.PP +To list the capabilities of the \fBrsax\fR engine: +.PP +.Vb 4 +\& $ openssl engine \-c +\& (rsax) RSAX engine support +\& [RSA] +\& (dynamic) Dynamic engine loading support +.Ve +.SH "ENVIRONMENT" +.IX Header "ENVIRONMENT" +.IP "\fB\s-1OPENSSL_ENGINES\s0\fR" 4 +.IX Item "OPENSSL_ENGINES" +The path to the engines directory. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIconfig\fR\|(5) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man1/openssl-errstr.1 b/linux_amd64/ssl/share/man/man1/openssl-errstr.1 new file mode 100755 index 0000000..1da9f14 --- /dev/null +++ b/linux_amd64/ssl/share/man/man1/openssl-errstr.1 @@ -0,0 +1,176 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-ERRSTR 1" +.TH OPENSSL-ERRSTR 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-errstr \- lookup error codes +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl errstr\fR +[\fB\-help\fR] +\&\fIerror_code...\fR +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Sometimes an application will not load error message texts and only +numerical forms will be available. This command can be +used to display the meaning of the hex code. The hex code is the hex digits +after the second colon. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Display a usage message. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The error code: +.PP +.Vb 1 +\& 27594:error:2006D080:lib(32)::reason(128)::107: +.Ve +.PP +can be displayed with: +.PP +.Vb 1 +\& openssl errstr 2006D080 +.Ve +.PP +to produce the error message: +.PP +.Vb 1 +\& error:2006D080:BIO routines::no such file +.Ve +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2004\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man1/openssl-fipsinstall.1 b/linux_amd64/ssl/share/man/man1/openssl-fipsinstall.1 new file mode 100755 index 0000000..a75ec5c --- /dev/null +++ b/linux_amd64/ssl/share/man/man1/openssl-fipsinstall.1 @@ -0,0 +1,278 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-FIPSINSTALL 1" +.TH OPENSSL-FIPSINSTALL 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-fipsinstall \- perform FIPS configuration installation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl fipsinstall\fR +[\fB\-help\fR] +[\fB\-in\fR \fIconfigfilename\fR] +[\fB\-out\fR \fIconfigfilename\fR] +[\fB\-module\fR \fImodulefilename\fR] +[\fB\-provider_name\fR \fIprovidername\fR] +[\fB\-section_name\fR \fIsectionname\fR] +[\fB\-verify\fR] +[\fB\-mac_name\fR \fImacname\fR] +[\fB\-macopt\fR \fInm\fR:\fIv\fR] +[\fB\-noout\fR] +[\fB\-corrupt_desc\fR \fIselftest_description\fR] +[\fB\-corrupt_type\fR \fIselftest_type\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command is used to generate a \s-1FIPS\s0 module configuration file. +The generated configuration file consists of: +.IP "\- A mac of the \s-1FIPS\s0 module file." 4 +.IX Item "- A mac of the FIPS module file." +.PD 0 +.IP "\- A status indicator that indicates if the known answer Self Tests (\s-1KAT\s0's) have successfully run." 4 +.IX Item "- A status indicator that indicates if the known answer Self Tests (KAT's) have successfully run." +.PD +.PP +This configuration file can be used each time a \s-1FIPS\s0 module is loaded +in order to pass data to the \s-1FIPS\s0 modules self tests. The \s-1FIPS\s0 module always +verifies the modules \s-1MAC\s0, but only needs to run the \s-1KATS\s0 once during install. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print a usage message. +.IP "\fB\-module\fR \fIfilename\fR" 4 +.IX Item "-module filename" +Filename of a fips module to perform an integrity check on. +.IP "\fB\-out\fR \fIconfigfilename\fR" 4 +.IX Item "-out configfilename" +Filename to output the configuration data to, or standard output by default. +.IP "\fB\-in\fR \fIconfigfilename\fR" 4 +.IX Item "-in configfilename" +Input filename to load configuration data from. Used with the '\-verify' option. +Standard input is used if the filename is '\-'. +.IP "\fB\-verify\fR" 4 +.IX Item "-verify" +Verify that the input configuration file contains the correct information +.IP "\fB\-provider_name\fR \fIprovidername\fR" 4 +.IX Item "-provider_name providername" +Name of the provider inside the configuration file. +.IP "\fB\-section_name\fR \fIsectionname\fR" 4 +.IX Item "-section_name sectionname" +Name of the section inside the configuration file. +.IP "\fB\-mac_name\fR \fIname\fR" 4 +.IX Item "-mac_name name" +Specifies the name of a supported \s-1MAC\s0 algorithm which will be used. +To see the list of supported \s-1MAC\s0's use the command +\&\f(CW\*(C`openssl list \-mac\-algorithms\*(C'\fR. The default is \fB\s-1HMAC\s0\fR. +.IP "\fB\-macopt\fR \fInm\fR:\fIv\fR" 4 +.IX Item "-macopt nm:v" +Passes options to the \s-1MAC\s0 algorithm. +A comprehensive list of controls can be found in the \s-1EVP_MAC\s0 implementation +documentation. +Common control strings used for fipsinstall are: +.RS 4 +.IP "\fBkey\fR:\fIstring\fR" 4 +.IX Item "key:string" +Specifies the \s-1MAC\s0 key as an alphanumeric string (use if the key contains +printable characters only). +The string length must conform to any restrictions of the \s-1MAC\s0 algorithm. +A key must be specified for every \s-1MAC\s0 algorithm. +.IP "\fBhexkey\fR:\fIstring\fR" 4 +.IX Item "hexkey:string" +Specifies the \s-1MAC\s0 key in hexadecimal form (two hex digits per byte). +The key length must conform to any restrictions of the \s-1MAC\s0 algorithm. +A key must be specified for every \s-1MAC\s0 algorithm. +.IP "\fBdigest\fR:\fIstring\fR" 4 +.IX Item "digest:string" +Used by \s-1HMAC\s0 as an alphanumeric string (use if the key contains printable +characters only). +The string length must conform to any restrictions of the \s-1MAC\s0 algorithm. +To see the list of supported digests, use the command +\&\f(CW\*(C`openssl list \-digest\-commands\*(C'\fR. +.RE +.RS 4 +.RE +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +Disable logging of the self tests. +.IP "\fB\-corrupt_desc\fR \fIselftest_description\fR" 4 +.IX Item "-corrupt_desc selftest_description" +.PD 0 +.IP "\fB\-corrupt_type\fR \fIselftest_type\fR" 4 +.IX Item "-corrupt_type selftest_type" +.PD +The corrupt options can be used to test failure of one or more self test(s) by +name. +Either option or both may be used to select the self test(s) to corrupt. +Refer to the entries for \*(L"st-desc\*(R" and \*(L"st-type\*(R" in \s-1\fIOSSL_PROVIDER\-FIPS\s0\fR\|(7) for +values that can be used. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Calculate the mac of a \s-1FIPS\s0 module \fIfips.so\fR and run a \s-1FIPS\s0 self test +for the module, and save the \fIfips.conf\fR configuration file: +.PP +.Vb 3 +\& openssl fipsinstall \-module ./fips.so \-out fips.conf \-provider_name fips \e +\& \-section_name fipsinstall \-mac_name HMAC \-macopt digest:SHA256 \e +\& \-macopt hexkey:000102030405060708090A0B0C0D0E0F10111213 +.Ve +.PP +Verify that the configuration file \fIfips.conf\fR contains the correct info: +.PP +.Vb 3 +\& openssl fipsinstall \-module ./fips.so \-in fips.conf \-provider_name fips \e +\& \-section_name fips_install \-mac_name HMAC \-macopt digest:SHA256 \e +\& \-macopt hexkey:000102030405060708090A0B0C0D0E0F10111213 \-verify +.Ve +.PP +Corrupt any self tests which have the description '\s-1SHA1\s0': +.PP +.Vb 4 +\& openssl fipsinstall \-module ./fips.so \-out fips.conf \-provider_name fips \e +\& \-section_name fipsinstall \-mac_name HMAC \-macopt digest:SHA256 \e +\& \-macopt hexkey:000102030405060708090A0B0C0D0E0F10111213 \e +\& \-corrupt_desc\*(Aq, \*(AqSHA1\*(Aq +.Ve +.SH "NOTES" +.IX Header "NOTES" +The \s-1MAC\s0 mechanisms that are available will depend on the options +used when building OpenSSL. +The command \f(CW\*(C`openssl list \-mac\-algorithms\*(C'\fR command can be used to list them. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIfips_config\fR\|(5), +\&\s-1\fIOSSL_PROVIDER\-FIPS\s0\fR\|(7), +\&\s-1\fIEVP_MAC\s0\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man1/openssl-gendsa.1 b/linux_amd64/ssl/share/man/man1/openssl-gendsa.1 new file mode 100755 index 0000000..f70013d --- /dev/null +++ b/linux_amd64/ssl/share/man/man1/openssl-gendsa.1 @@ -0,0 +1,218 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-GENDSA 1" +.TH OPENSSL-GENDSA 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-gendsa \- generate a DSA private key from a set of parameters +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBgendsa\fR +[\fB\-help\fR] +[\fB\-out\fR \fIfilename\fR] +[\fB\-passout\fR \fIarg\fR] +[\fB\-aes128\fR] +[\fB\-aes192\fR] +[\fB\-aes256\fR] +[\fB\-aria128\fR] +[\fB\-aria192\fR] +[\fB\-aria256\fR] +[\fB\-camellia128\fR] +[\fB\-camellia192\fR] +[\fB\-camellia256\fR] +[\fB\-des\fR] +[\fB\-des3\fR] +[\fB\-idea\fR] +[\fB\-verbose\fR] +[\fB\-rand\fR \fIfiles\fR] +[\fB\-writerand\fR \fIfile\fR] +[\fB\-engine\fR \fIid\fR] +[\fIparamfile\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command has been deprecated. +The \fIopenssl\-genpkey\fR\|(1) command should be used instead. +.PP +This command generates a \s-1DSA\s0 private key from a \s-1DSA\s0 parameter file +(which will be typically generated by the \fIopenssl\-dsaparam\fR\|(1) command). +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +Output the key to the specified file. If this argument is not specified then +standard output is used. +.IP "\fB\-passout\fR \fIarg\fR" 4 +.IX Item "-passout arg" +The passphrase used for the output file. +See \*(L"Pass Phrase Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-aes128\fR, \fB\-aes192\fR, \fB\-aes256\fR, \fB\-aria128\fR, \fB\-aria192\fR, \fB\-aria256\fR, \fB\-camellia128\fR, \fB\-camellia192\fR, \fB\-camellia256\fR, \fB\-des\fR, \fB\-des3\fR, \fB\-idea\fR" 4 +.IX Item "-aes128, -aes192, -aes256, -aria128, -aria192, -aria256, -camellia128, -camellia192, -camellia256, -des, -des3, -idea" +These options encrypt the private key with specified +cipher before outputting it. A pass phrase is prompted for. +If none of these options is specified no encryption is used. +.IP "\fB\-verbose\fR" 4 +.IX Item "-verbose" +Print extra details about the operations being performed. +.IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 +.IX Item "-rand files, -writerand file" +See \*(L"Random State Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +See \*(L"Engine Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fIparamfile\fR" 4 +.IX Item "paramfile" +The \s-1DSA\s0 parameter file to use. The parameters in this file determine +the size of the private key. \s-1DSA\s0 parameters can be generated and +examined using the \fIopenssl\-dsaparam\fR\|(1) command. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1DSA\s0 key generation is little more than random number generation so it is +much quicker that \s-1RSA\s0 key generation for example. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIopenssl\-genpkey\fR\|(1), +\&\fIopenssl\-dsaparam\fR\|(1), +\&\fIopenssl\-dsa\fR\|(1), +\&\fIopenssl\-genrsa\fR\|(1), +\&\fIopenssl\-rsa\fR\|(1) +.SH "HISTORY" +.IX Header "HISTORY" +This command was deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man1/openssl-genpkey.1 b/linux_amd64/ssl/share/man/man1/openssl-genpkey.1 new file mode 100755 index 0000000..b0834ed --- /dev/null +++ b/linux_amd64/ssl/share/man/man1/openssl-genpkey.1 @@ -0,0 +1,422 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-GENPKEY 1" +.TH OPENSSL-GENPKEY 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-genpkey \- generate a private key +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBgenpkey\fR +[\fB\-help\fR] +[\fB\-out\fR \fIfilename\fR] +[\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-pass\fR \fIarg\fR] +[\fB\-\f(BIcipher\fB\fR] +[\fB\-paramfile\fR \fIfile\fR] +[\fB\-algorithm\fR \fIalg\fR] +[\fB\-pkeyopt\fR \fIopt\fR:\fIvalue\fR] +[\fB\-genparam\fR] +[\fB\-text\fR] +[\fB\-engine\fR \fIid\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command generates a private key. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +Output the key to the specified file. If this argument is not specified then +standard output is used. +.IP "\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IX Item "-outform DER|PEM" +The output format; the default is \fB\s-1PEM\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-pass\fR \fIarg\fR" 4 +.IX Item "-pass arg" +The output file password source. For more information about the format of \fIarg\fR +see \*(L"Pass Phrase Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-\f(BIcipher\fB\fR" 4 +.IX Item "-cipher" +This option encrypts the private key with the supplied cipher. Any algorithm +name accepted by \fIEVP_get_cipherbyname()\fR is acceptable such as \fBdes3\fR. +.IP "\fB\-algorithm\fR \fIalg\fR" 4 +.IX Item "-algorithm alg" +Public key algorithm to use such as \s-1RSA\s0, \s-1DSA\s0 or \s-1DH\s0. If used this option must +precede any \fB\-pkeyopt\fR options. The options \fB\-paramfile\fR and \fB\-algorithm\fR +are mutually exclusive. Engines may add algorithms in addition to the standard +built-in ones. +.Sp +Valid built-in algorithm names for private key generation are \s-1RSA\s0, RSA-PSS, \s-1EC\s0, +X25519, X448, \s-1ED25519\s0 and \s-1ED448\s0. +.Sp +Valid built-in algorithm names for parameter generation (see the \fB\-genparam\fR +option) are \s-1DH\s0, \s-1DSA\s0 and \s-1EC\s0. +.Sp +Note that the algorithm name X9.42 \s-1DH\s0 may be used as a synonym for the \s-1DH\s0 +algorithm. These are identical and do not indicate the type of parameters that +will be generated. Use the \fBdh_paramgen_type\fR option to indicate whether PKCS#3 +or X9.42 \s-1DH\s0 parameters are required. See \*(L"\s-1DH\s0 Parameter Generation Options\*(R" +below for more details. +.IP "\fB\-pkeyopt\fR \fIopt\fR:\fIvalue\fR" 4 +.IX Item "-pkeyopt opt:value" +Set the public key algorithm option \fIopt\fR to \fIvalue\fR. The precise set of +options supported depends on the public key algorithm used and its +implementation. See \*(L"\s-1KEY\s0 \s-1GENERATION\s0 \s-1OPTIONS\s0\*(R" and +\&\*(L"\s-1PARAMETER\s0 \s-1GENERATION\s0 \s-1OPTIONS\s0\*(R" below for more details. +.IP "\fB\-genparam\fR" 4 +.IX Item "-genparam" +Generate a set of parameters instead of a private key. If used this option must +precede any \fB\-algorithm\fR, \fB\-paramfile\fR or \fB\-pkeyopt\fR options. +.IP "\fB\-paramfile\fR \fIfilename\fR" 4 +.IX Item "-paramfile filename" +Some public key algorithms generate a private key based on a set of parameters. +They can be supplied using this option. If this option is used the public key +algorithm used is determined by the parameters. If used this option must +precede any \fB\-pkeyopt\fR options. The options \fB\-paramfile\fR and \fB\-algorithm\fR +are mutually exclusive. +.IP "\fB\-text\fR" 4 +.IX Item "-text" +Print an (unencrypted) text representation of private and public keys and +parameters along with the \s-1PEM\s0 or \s-1DER\s0 structure. +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +See \*(L"Engine Options\*(R" in \fIopenssl\fR\|(1). +.SH "KEY GENERATION OPTIONS" +.IX Header "KEY GENERATION OPTIONS" +The options supported by each algorithm and indeed each implementation of an +algorithm can vary. The options for the OpenSSL implementations are detailed +below. There are no key generation options defined for the X25519, X448, \s-1ED25519\s0 +or \s-1ED448\s0 algorithms. +.SS "\s-1RSA\s0 Key Generation Options" +.IX Subsection "RSA Key Generation Options" +.IP "\fBrsa_keygen_bits:numbits\fR" 4 +.IX Item "rsa_keygen_bits:numbits" +The number of bits in the generated key. If not specified 2048 is used. +.IP "\fBrsa_keygen_primes:numprimes\fR" 4 +.IX Item "rsa_keygen_primes:numprimes" +The number of primes in the generated key. If not specified 2 is used. +.IP "\fBrsa_keygen_pubexp:value\fR" 4 +.IX Item "rsa_keygen_pubexp:value" +The \s-1RSA\s0 public exponent value. This can be a large decimal or +hexadecimal value if preceded by \f(CW\*(C`0x\*(C'\fR. Default value is 65537. +.SS "RSA-PSS Key Generation Options" +.IX Subsection "RSA-PSS Key Generation Options" +Note: by default an \fBRSA-PSS\fR key has no parameter restrictions. +.IP "\fBrsa_keygen_bits\fR:\fInumbits\fR, \fBrsa_keygen_primes\fR:\fInumprimes\fR, \fBrsa_keygen_pubexp\fR:\fIvalue\fR" 4 +.IX Item "rsa_keygen_bits:numbits, rsa_keygen_primes:numprimes, rsa_keygen_pubexp:value" +These options have the same meaning as the \fB\s-1RSA\s0\fR algorithm. +.IP "\fBrsa_pss_keygen_md\fR:\fIdigest\fR" 4 +.IX Item "rsa_pss_keygen_md:digest" +If set the key is restricted and can only use \fIdigest\fR for signing. +.IP "\fBrsa_pss_keygen_mgf1_md\fR:\fIdigest\fR" 4 +.IX Item "rsa_pss_keygen_mgf1_md:digest" +If set the key is restricted and can only use \fIdigest\fR as it's \s-1MGF1\s0 +parameter. +.IP "\fBrsa_pss_keygen_saltlen\fR:\fIlen\fR" 4 +.IX Item "rsa_pss_keygen_saltlen:len" +If set the key is restricted and \fIlen\fR specifies the minimum salt length. +.SS "\s-1EC\s0 Key Generation Options" +.IX Subsection "EC Key Generation Options" +The \s-1EC\s0 key generation options can also be used for parameter generation. +.IP "\fBec_paramgen_curve\fR:\fIcurve\fR" 4 +.IX Item "ec_paramgen_curve:curve" +The \s-1EC\s0 curve to use. OpenSSL supports \s-1NIST\s0 curve names such as \*(L"P\-256\*(R". +.IP "\fBec_param_enc\fR:\fIencoding\fR" 4 +.IX Item "ec_param_enc:encoding" +The encoding to use for parameters. The \fIencoding\fR parameter must be either +\&\fBnamed_curve\fR or \fBexplicit\fR. The default value is \fBnamed_curve\fR. +.SH "PARAMETER GENERATION OPTIONS" +.IX Header "PARAMETER GENERATION OPTIONS" +The options supported by each algorithm and indeed each implementation of an +algorithm can vary. The options for the OpenSSL implementations are detailed +below. +.SS "\s-1DSA\s0 Parameter Generation Options" +.IX Subsection "DSA Parameter Generation Options" +.IP "\fBdsa_paramgen_bits\fR:\fInumbits\fR" 4 +.IX Item "dsa_paramgen_bits:numbits" +The number of bits in the generated prime. If not specified 2048 is used. +.IP "\fBdsa_paramgen_q_bits\fR:\fInumbits\fR" 4 +.IX Item "dsa_paramgen_q_bits:numbits" +The number of bits in the q parameter. Must be one of 160, 224 or 256. If not +specified 224 is used. +.IP "\fBdsa_paramgen_md\fR:\fIdigest\fR" 4 +.IX Item "dsa_paramgen_md:digest" +The digest to use during parameter generation. Must be one of \fBsha1\fR, \fBsha224\fR +or \fBsha256\fR. If set, then the number of bits in \fBq\fR will match the output size +of the specified digest and the \fBdsa_paramgen_q_bits\fR parameter will be +ignored. If not set, then a digest will be used that gives an output matching +the number of bits in \fBq\fR, i.e. \fBsha1\fR if q length is 160, \fBsha224\fR if it 224 +or \fBsha256\fR if it is 256. +.SS "\s-1DH\s0 Parameter Generation Options" +.IX Subsection "DH Parameter Generation Options" +.IP "\fBdh_paramgen_prime_len\fR:\fInumbits\fR" 4 +.IX Item "dh_paramgen_prime_len:numbits" +The number of bits in the prime parameter \fIp\fR. The default is 2048. +.IP "\fBdh_paramgen_subprime_len\fR:\fInumbits\fR" 4 +.IX Item "dh_paramgen_subprime_len:numbits" +The number of bits in the sub prime parameter \fIq\fR. The default is 256 if the +prime is at least 2048 bits long or 160 otherwise. Only relevant if used in +conjunction with the \fBdh_paramgen_type\fR option to generate X9.42 \s-1DH\s0 parameters. +.IP "\fBdh_paramgen_generator\fR:\fIvalue\fR" 4 +.IX Item "dh_paramgen_generator:value" +The value to use for the generator \fIg\fR. The default is 2. +.IP "\fBdh_paramgen_type\fR:\fIvalue\fR" 4 +.IX Item "dh_paramgen_type:value" +The type of \s-1DH\s0 parameters to generate. Use 0 for PKCS#3 \s-1DH\s0 and 1 for X9.42 \s-1DH\s0. +The default is 0. +.IP "\fBdh_rfc5114\fR:\fInum\fR" 4 +.IX Item "dh_rfc5114:num" +If this option is set, then the appropriate \s-1RFC5114\s0 parameters are used +instead of generating new parameters. The value \fInum\fR can be one of +1, 2 or 3 corresponding to \s-1RFC5114\s0 \s-1DH\s0 parameters consisting of +1024 bit group with 160 bit subgroup, 2048 bit group with 224 bit subgroup +and 2048 bit group with 256 bit subgroup as mentioned in \s-1RFC5114\s0 sections +2.1, 2.2 and 2.3 respectively. If present this overrides all other \s-1DH\s0 parameter +options. +.SS "\s-1EC\s0 Parameter Generation Options" +.IX Subsection "EC Parameter Generation Options" +The \s-1EC\s0 parameter generation options are the same as for key generation. See +\&\*(L"\s-1EC\s0 Key Generation Options\*(R" above. +.SH "NOTES" +.IX Header "NOTES" +The use of the genpkey program is encouraged over the algorithm specific +utilities because additional algorithm options and \s-1ENGINE\s0 provided algorithms +can be used. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Generate an \s-1RSA\s0 private key using default parameters: +.PP +.Vb 1 +\& openssl genpkey \-algorithm RSA \-out key.pem +.Ve +.PP +Encrypt output private key using 128 bit \s-1AES\s0 and the passphrase \*(L"hello\*(R": +.PP +.Vb 1 +\& openssl genpkey \-algorithm RSA \-out key.pem \-aes\-128\-cbc \-pass pass:hello +.Ve +.PP +Generate a 2048 bit \s-1RSA\s0 key using 3 as the public exponent: +.PP +.Vb 2 +\& openssl genpkey \-algorithm RSA \-out key.pem \e +\& \-pkeyopt rsa_keygen_bits:2048 \-pkeyopt rsa_keygen_pubexp:3 +.Ve +.PP +Generate 2048 bit \s-1DSA\s0 parameters: +.PP +.Vb 2 +\& openssl genpkey \-genparam \-algorithm DSA \-out dsap.pem \e +\& \-pkeyopt dsa_paramgen_bits:2048 +.Ve +.PP +Generate \s-1DSA\s0 key from parameters: +.PP +.Vb 1 +\& openssl genpkey \-paramfile dsap.pem \-out dsakey.pem +.Ve +.PP +Generate 2048 bit \s-1DH\s0 parameters: +.PP +.Vb 2 +\& openssl genpkey \-genparam \-algorithm DH \-out dhp.pem \e +\& \-pkeyopt dh_paramgen_prime_len:2048 +.Ve +.PP +Generate 2048 bit X9.42 \s-1DH\s0 parameters: +.PP +.Vb 3 +\& openssl genpkey \-genparam \-algorithm DH \-out dhpx.pem \e +\& \-pkeyopt dh_paramgen_prime_len:2048 \e +\& \-pkeyopt dh_paramgen_type:1 +.Ve +.PP +Output \s-1RFC5114\s0 2048 bit \s-1DH\s0 parameters with 224 bit subgroup: +.PP +.Vb 1 +\& openssl genpkey \-genparam \-algorithm DH \-out dhp.pem \-pkeyopt dh_rfc5114:2 +.Ve +.PP +Generate \s-1DH\s0 key from parameters: +.PP +.Vb 1 +\& openssl genpkey \-paramfile dhp.pem \-out dhkey.pem +.Ve +.PP +Generate \s-1EC\s0 parameters: +.PP +.Vb 3 +\& openssl genpkey \-genparam \-algorithm EC \-out ecp.pem \e +\& \-pkeyopt ec_paramgen_curve:secp384r1 \e +\& \-pkeyopt ec_param_enc:named_curve +.Ve +.PP +Generate \s-1EC\s0 key from parameters: +.PP +.Vb 1 +\& openssl genpkey \-paramfile ecp.pem \-out eckey.pem +.Ve +.PP +Generate \s-1EC\s0 key directly: +.PP +.Vb 3 +\& openssl genpkey \-algorithm EC \-out eckey.pem \e +\& \-pkeyopt ec_paramgen_curve:P\-384 \e +\& \-pkeyopt ec_param_enc:named_curve +.Ve +.PP +Generate an X25519 private key: +.PP +.Vb 1 +\& openssl genpkey \-algorithm X25519 \-out xkey.pem +.Ve +.PP +Generate an \s-1ED448\s0 private key: +.PP +.Vb 1 +\& openssl genpkey \-algorithm ED448 \-out xkey.pem +.Ve +.SH "HISTORY" +.IX Header "HISTORY" +The ability to use \s-1NIST\s0 curve names, and to generate an \s-1EC\s0 key directly, +were added in OpenSSL 1.0.2. +The ability to generate X25519 keys was added in OpenSSL 1.1.0. +The ability to generate X448, \s-1ED25519\s0 and \s-1ED448\s0 keys was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man1/openssl-genrsa.1 b/linux_amd64/ssl/share/man/man1/openssl-genrsa.1 new file mode 100755 index 0000000..5010f01 --- /dev/null +++ b/linux_amd64/ssl/share/man/man1/openssl-genrsa.1 @@ -0,0 +1,236 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-GENRSA 1" +.TH OPENSSL-GENRSA 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-genrsa \- generate an RSA private key +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBgenrsa\fR +[\fB\-help\fR] +[\fB\-out\fR \fIfilename\fR] +[\fB\-passout\fR \fIarg\fR] +[\fB\-aes128\fR] +[\fB\-aes192\fR] +[\fB\-aes256\fR] +[\fB\-aria128\fR] +[\fB\-aria192\fR] +[\fB\-aria256\fR] +[\fB\-camellia128\fR] +[\fB\-camellia192\fR] +[\fB\-camellia256\fR] +[\fB\-des\fR] +[\fB\-des3\fR] +[\fB\-idea\fR] +[\fB\-F4\fR] +[\fB\-f4\fR] +[\fB\-3\fR] +[\fB\-primes\fR \fInum\fR] +[\fB\-verbose\fR] +[\fB\-rand\fR \fIfiles\fR] +[\fB\-writerand\fR \fIfile\fR] +[\fB\-engine\fR \fIid\fR] +[\fBnumbits\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command has been deprecated. +The \fIopenssl\-genpkey\fR\|(1) command should be used instead. +.PP +This command generates an \s-1RSA\s0 private key. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +Output the key to the specified file. If this argument is not specified then +standard output is used. +.IP "\fB\-passout\fR \fIarg\fR" 4 +.IX Item "-passout arg" +The output file password source. For more information about the format +see \*(L"Pass Phrase Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-aes128\fR, \fB\-aes192\fR, \fB\-aes256\fR, \fB\-aria128\fR, \fB\-aria192\fR, \fB\-aria256\fR, \fB\-camellia128\fR, \fB\-camellia192\fR, \fB\-camellia256\fR, \fB\-des\fR, \fB\-des3\fR, \fB\-idea\fR" 4 +.IX Item "-aes128, -aes192, -aes256, -aria128, -aria192, -aria256, -camellia128, -camellia192, -camellia256, -des, -des3, -idea" +These options encrypt the private key with specified +cipher before outputting it. If none of these options is +specified no encryption is used. If encryption is used a pass phrase is prompted +for if it is not supplied via the \fB\-passout\fR argument. +.IP "\fB\-F4\fR, \fB\-f4\fR, \fB\-3\fR" 4 +.IX Item "-F4, -f4, -3" +The public exponent to use, either 65537 or 3. The default is 65537. +.IP "\fB\-primes\fR \fInum\fR" 4 +.IX Item "-primes num" +Specify the number of primes to use while generating the \s-1RSA\s0 key. The \fInum\fR +parameter must be a positive integer that is greater than 1 and less than 16. +If \fInum\fR is greater than 2, then the generated key is called a 'multi\-prime' +\&\s-1RSA\s0 key, which is defined in \s-1RFC\s0 8017. +.IP "\fB\-verbose\fR" 4 +.IX Item "-verbose" +Print extra details about the operations being performed. +.IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 +.IX Item "-rand files, -writerand file" +See \*(L"Random State Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +See \*(L"Engine Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fBnumbits\fR" 4 +.IX Item "numbits" +The size of the private key to generate in bits. This must be the last option +specified. The default is 2048 and values less than 512 are not allowed. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1RSA\s0 private key generation essentially involves the generation of two or more +prime numbers. When generating a private key various symbols will be output to +indicate the progress of the generation. A \fB.\fR represents each number which +has passed an initial sieve test, \fB+\fR means a number has passed a single +round of the Miller-Rabin primality test, \fB*\fR means the current prime starts +a regenerating progress due to some failed tests. A newline means that the number +has passed all the prime tests (the actual number depends on the key size). +.PP +Because key generation is a random process the time taken to generate a key +may vary somewhat. But in general, more primes lead to less generation time +of a key. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIopenssl\-genpkey\fR\|(1), +\&\fIopenssl\-gendsa\fR\|(1) +.SH "HISTORY" +.IX Header "HISTORY" +This command was deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man1/openssl-info.1 b/linux_amd64/ssl/share/man/man1/openssl-info.1 new file mode 100755 index 0000000..cf0013d --- /dev/null +++ b/linux_amd64/ssl/share/man/man1/openssl-info.1 @@ -0,0 +1,199 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-INFO 1" +.TH OPENSSL-INFO 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-info \- print OpenSSL built\-in information +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl info\fR +[\fB\-help\fR] +[\fB\-configdir\fR] +[\fB\-enginesdir\fR] +[\fB\-modulesdir\fR ] +[\fB\-dsoext\fR] +[\fB\-dirnamesep\fR] +[\fB\-listsep\fR] +[\fB\-seeds\fR] +[\fB\-cpusettings\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command is used to print out information about OpenSSL. +The information is written exactly as it is with no extra text, which +makes useful for scripts. +.PP +As a consequence, only one item may be chosen for each run of this +command. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-configdir\fR" 4 +.IX Item "-configdir" +Outputs the default directory for OpenSSL configuration files. +.IP "\fB\-enginesdir\fR" 4 +.IX Item "-enginesdir" +Outputs the default directory for OpenSSL engine modules. +.IP "\fB\-modulesdir\fR" 4 +.IX Item "-modulesdir" +Outputs the default directory for OpenSSL dynamically loadable modules +other than engine modules. +.IP "\fB\-dsoext\fR" 4 +.IX Item "-dsoext" +Outputs the \s-1DSO\s0 extension OpenSSL uses. +.IP "\fB\-dirnamesep\fR" 4 +.IX Item "-dirnamesep" +Outputs the separator character between a directory specification and +a filename. +Note that on some operating systems, this is not the same as the +separator between directory elements. +.IP "\fB\-listsep\fR" 4 +.IX Item "-listsep" +Outputs the OpenSSL list separator character. +This is typically used to construct \f(CW$PATH\fR (\f(CW\*(C`%PATH%\*(C'\fR on Windows) +style lists. +.IP "\fB\-seeds\fR" 4 +.IX Item "-seeds" +Outputs the randomness seed sources. +.IP "\fB\-cpusettings\fR" 4 +.IX Item "-cpusettings" +Outputs the OpenSSL \s-1CPU\s0 settings info. +.SH "HISTORY" +.IX Header "HISTORY" +This command was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man1/openssl-kdf.1 b/linux_amd64/ssl/share/man/man1/openssl-kdf.1 new file mode 100755 index 0000000..dc6a050 --- /dev/null +++ b/linux_amd64/ssl/share/man/man1/openssl-kdf.1 @@ -0,0 +1,291 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-KDF 1" +.TH OPENSSL-KDF 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-kdf \- perform Key Derivation Function operations +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl kdf\fR +[\fB\-help\fR] +[\fB\-kdfopt\fR \fInm\fR:\fIv\fR] +[\fB\-keylen\fR \fInum\fR] +[\fB\-out\fR \fIfilename\fR] +[\fB\-binary\fR] +\&\fIkdf_name\fR +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The key derivation functions generate a derived key from either a secret or +password. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print a usage message. +.IP "\fB\-keylen\fR \fInum\fR" 4 +.IX Item "-keylen num" +The output size of the derived key. This field is required. +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +Filename to output to, or standard output by default. +.IP "\fB\-binary\fR" 4 +.IX Item "-binary" +Output the derived key in binary form. Uses hexadecimal text format if not specified. +.IP "\fB\-kdfopt\fR \fInm\fR:\fIv\fR" 4 +.IX Item "-kdfopt nm:v" +Passes options to the \s-1KDF\s0 algorithm. +A comprehensive list of parameters can be found in the \s-1EVP_KDF_CTX\s0 +implementation documentation. +Common parameter names used by \fIEVP_KDF_CTX_set_params()\fR are: +.RS 4 +.IP "\fBkey:\fR\fIstring\fR" 4 +.IX Item "key:string" +Specifies the secret key as an alphanumeric string (use if the key contains +printable characters only). +The string length must conform to any restrictions of the \s-1KDF\s0 algorithm. +A key must be specified for most \s-1KDF\s0 algorithms. +.IP "\fBhexkey:\fR\fIstring\fR" 4 +.IX Item "hexkey:string" +Specifies the secret key in hexadecimal form (two hex digits per byte). +The key length must conform to any restrictions of the \s-1KDF\s0 algorithm. +A key must be specified for most \s-1KDF\s0 algorithms. +.IP "\fBpass:\fR\fIstring\fR" 4 +.IX Item "pass:string" +Specifies the password as an alphanumeric string (use if the password contains +printable characters only). +The password must be specified for \s-1PBKDF2\s0 and scrypt. +.IP "\fBhexpass:\fR\fIstring\fR" 4 +.IX Item "hexpass:string" +Specifies the password in hexadecimal form (two hex digits per byte). +The password must be specified for \s-1PBKDF2\s0 and scrypt. +.IP "\fBdigest:\fR\fIstring\fR" 4 +.IX Item "digest:string" +Specifies the name of a digest as an alphanumeric string. +To see the list of supported digests, use the command \fIlist \-digest\-commands\fR. +.RE +.RS 4 +.RE +.IP "\fIkdf_name\fR" 4 +.IX Item "kdf_name" +Specifies the name of a supported \s-1KDF\s0 algorithm which will be used. +The supported algorithms names include \s-1TLS1\-PRF\s0, \s-1HKDF\s0, \s-1SSKDF\s0, \s-1PBKDF2\s0, +\&\s-1SSHKDF\s0, X942KDF, X963KDF and \s-1SCRYPT\s0. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Use \s-1TLS1\-PRF\s0 to create a hex-encoded derived key from a secret key and seed: +.PP +.Vb 2 +\& openssl kdf \-keylen 16 \-kdfopt digest:SHA2\-256 \-kdfopt key:secret \e +\& \-kdfopt seed:seed TLS1\-PRF +.Ve +.PP +Use \s-1HKDF\s0 to create a hex-encoded derived key from a secret key, salt and info: +.PP +.Vb 2 +\& openssl kdf \-keylen 10 \-kdfopt digest:SHA2\-256 \-kdfopt key:secret \e +\& \-kdfopt salt:salt \-kdfopt info:label HKDF +.Ve +.PP +Use \s-1SSKDF\s0 with \s-1KMAC\s0 to create a hex-encoded derived key from a secret key, salt and info: +.PP +.Vb 3 +\& openssl kdf \-keylen 64 \-kdfopt mac:KMAC\-128 \-kdfopt maclen:20 \e +\& \-kdfopt hexkey:b74a149a161545 \-kdfopt hexinfo:348a37a2 \e +\& \-kdfopt hexsalt:3638271ccd68a2 SSKDF +.Ve +.PP +Use \s-1SSKDF\s0 with \s-1HMAC\s0 to create a hex-encoded derived key from a secret key, salt and info: +.PP +.Vb 3 +\& openssl kdf \-keylen 16 \-kdfopt mac:HMAC \-kdfopt digest:SHA2\-256 \e +\& \-kdfopt hexkey:b74a149a \-kdfopt hexinfo:348a37a2 \e +\& \-kdfopt hexsalt:3638271c SSKDF +.Ve +.PP +Use \s-1SSKDF\s0 with Hash to create a hex-encoded derived key from a secret key, salt and info: +.PP +.Vb 3 +\& openssl kdf \-keylen 14 \-kdfopt digest:SHA2\-256 \e +\& \-kdfopt hexkey:6dbdc23f045488 \e +\& \-kdfopt hexinfo:a1b2c3d4 SSKDF +.Ve +.PP +Use \s-1SSHKDF\s0 to create a hex-encoded derived key from a secret key, hash and session_id: +.PP +.Vb 5 +\& openssl kdf \-keylen 16 \-kdfopt digest:SHA2\-256 \e +\& \-kdfopt hexkey:0102030405 \e +\& \-kdfopt hexxcghash:06090A \e +\& \-kdfopt hexsession_id:01020304 \e +\& \-kdfopt type:A SSHKDF +.Ve +.PP +Use \s-1PBKDF2\s0 to create a hex-encoded derived key from a password and salt: +.PP +.Vb 2 +\& openssl kdf \-keylen 32 \-kdfopt digest:SHA256 \-kdfopt pass:password \e +\& \-kdfopt salt:salt \-kdfopt iter:2 PBKDF2 +.Ve +.PP +Use scrypt to create a hex-encoded derived key from a password and salt: +.PP +.Vb 3 +\& openssl kdf \-keylen 64 \-kdfopt pass:password \-kdfopt salt:NaCl \e +\& \-kdfopt N:1024 \-kdfopt r:8 \-kdfopt p:16 \e +\& \-kdfopt maxmem_bytes:10485760 SCRYPT +.Ve +.SH "NOTES" +.IX Header "NOTES" +The \s-1KDF\s0 mechanisms that are available will depend on the options +used when building OpenSSL. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIopenssl\-pkeyutl\fR\|(1), +\&\s-1\fIEVP_KDF\s0\fR\|(3), +\&\s-1\fIEVP_KDF\-SCRYPT\s0\fR\|(7), +\&\s-1\fIEVP_KDF\-TLS1_PRF\s0\fR\|(7), +\&\s-1\fIEVP_KDF\-PBKDF2\s0\fR\|(7), +\&\s-1\fIEVP_KDF\-HKDF\s0\fR\|(7), +\&\s-1\fIEVP_KDF\-SS\s0\fR\|(7), +\&\s-1\fIEVP_KDF\-SSHKDF\s0\fR\|(7), +\&\s-1\fIEVP_KDF\-X942\s0\fR\|(7), +\&\s-1\fIEVP_KDF\-X963\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +Added in OpenSSL 3.0 +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man1/openssl-list.1 b/linux_amd64/ssl/share/man/man1/openssl-list.1 new file mode 100755 index 0000000..fe182d2 --- /dev/null +++ b/linux_amd64/ssl/share/man/man1/openssl-list.1 @@ -0,0 +1,245 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-LIST 1" +.TH OPENSSL-LIST 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-list \- list algorithms and features +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl list\fR +[\fB\-help\fR] +[\fB\-verbose\fR] +[\fB\-1\fR] +[\fB\-commands\fR] +[\fB\-digest\-commands\fR] +[\fB\-digest\-algorithms\fR] +[\fB\-kdf\-algorithms\fR] +[\fB\-mac\-algorithms\fR] +[\fB\-cipher\-commands\fR] +[\fB\-cipher\-algorithms\fR] +[\fB\-public\-key\-algorithms\fR] +[\fB\-public\-key\-methods\fR] +[\fB\-engines\fR] +[\fB\-disabled\fR] +[\fB\-objects\fR] +[\fB\-options\fR \fIcommand\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command is used to generate list of algorithms or disabled +features. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Display a usage message. +.IP "\fB\-verbose\fR" 4 +.IX Item "-verbose" +Displays extra information. +The options below where verbosity applies say a bit more about what that means. +.IP "\fB\-1\fR" 4 +.IX Item "-1" +List the commands, digest-commands, or cipher-commands in a single column. +If used, this option must be given first. +.IP "\fB\-commands\fR" 4 +.IX Item "-commands" +Display a list of standard commands. +.IP "\fB\-digest\-commands\fR" 4 +.IX Item "-digest-commands" +Display a list of message digest commands, which are typically used +as input to the \fIopenssl\-dgst\fR\|(1) or \fIopenssl\-speed\fR\|(1) commands. +.IP "\fB\-cipher\-commands\fR" 4 +.IX Item "-cipher-commands" +Display a list of cipher commands, which are typically used as input +to the \fIopenssl\-dgst\fR\|(1) or \fIopenssl\-speed\fR\|(1) commands. +.IP "\fB\-digest\-algorithms\fR, \fB\-kdf\-algorithms\fR, \fB\-mac\-algorithms\fR, \fB\-cipher\-algorithms\fR" 4 +.IX Item "-digest-algorithms, -kdf-algorithms, -mac-algorithms, -cipher-algorithms" +Display a list of cipher, digest, kdf and mac algorithms. +See \*(L"Display of algorithm names\*(R" for a description of how names are +displayed. +.Sp +In verbose mode, the algorithms provided by a provider will get additional +information on what parameters each implementation supports. +.IP "\fB\-public\-key\-algorithms\fR" 4 +.IX Item "-public-key-algorithms" +Display a list of public key algorithms, with each algorithm as +a block of multiple lines, all but the first are indented. +.IP "\fB\-public\-key\-methods\fR" 4 +.IX Item "-public-key-methods" +Display a list of public key method OIDs. +.IP "\fB\-engines\fR" 4 +.IX Item "-engines" +Display a list of loaded engines. +.IP "\fB\-disabled\fR" 4 +.IX Item "-disabled" +Display a list of disabled features, those that were compiled out +of the installation. +.IP "\fB\-objects\fR" 4 +.IX Item "-objects" +Display a list of built in objects, i.e. OIDs with names. They're listed in the +format described in \*(L"\s-1ASN1\s0 Object Configuration Module\*(R" in \fIconfig\fR\|(5). +.IP "\fB\-options\fR \fIcommand\fR" 4 +.IX Item "-options command" +Output a two-column list of the options accepted by the specified \fIcommand\fR. +The first is the option name, and the second is a one-character indication +of what type of parameter it takes, if any. +This is an internal option, used for checking that the documentation +is complete. +.SS "Display of algorithm names" +.IX Subsection "Display of algorithm names" +Algorithm names may be displayed in one of two manners: +.IP "Legacy implementations" 4 +.IX Item "Legacy implementations" +Legacy implementations will simply display the main name of the +algorithm on a line of its own, or in the form \f(CW\*(C`> to show +that \f(CW\*(C`foo\*(C'\fR is an alias for the main name, \f(CW\*(C`bar\*(C'\fR +.IP "Provided implementations" 4 +.IX Item "Provided implementations" +Implementations from a provider are displayed like this if the +implementation is labeled with a single name: +.Sp +.Vb 1 +\& foo @ bar +.Ve +.Sp +or like this if it's labeled with multiple names: +.Sp +.Vb 1 +\& { foo1, foo2 } @bar +.Ve +.Sp +In both cases, \f(CW\*(C`bar\*(C'\fR is the name of the provider. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man1/openssl-mac.1 b/linux_amd64/ssl/share/man/man1/openssl-mac.1 new file mode 100755 index 0000000..9d1e597 --- /dev/null +++ b/linux_amd64/ssl/share/man/man1/openssl-mac.1 @@ -0,0 +1,263 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-MAC 1" +.TH OPENSSL-MAC 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-mac \- perform Message Authentication Code operations +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl mac\fR +[\fB\-help\fR] +[\fB\-macopt\fR] +[\fB\-in\fR \fIfilename\fR] +[\fB\-out\fR \fIfilename\fR] +[\fB\-binary\fR] +\&\fImac_name\fR +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The message authentication code functions output the \s-1MAC\s0 of a supplied input +file. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print a usage message. +.IP "\fB\-in\fR \fIfilename\fR" 4 +.IX Item "-in filename" +Input filename to calculate a \s-1MAC\s0 for, or standard input by default. +Standard input is used if the filename is '\-'. +Files are expected to be in binary format, standard input uses hexadecimal text +format. +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +Filename to output to, or standard output by default. +.IP "\fB\-binary\fR" 4 +.IX Item "-binary" +Output the \s-1MAC\s0 in binary form. Uses hexadecimal text format if not specified. +.IP "\fB\-macopt\fR \fInm\fR:\fIv\fR" 4 +.IX Item "-macopt nm:v" +Passes options to the \s-1MAC\s0 algorithm. +A comprehensive list of controls can be found in the \s-1EVP_MAC\s0 implementation +documentation. +Common parameter names used by \fIEVP_MAC_CTX_get_params()\fR are: +.RS 4 +.IP "\fBkey:\fR\fIstring\fR" 4 +.IX Item "key:string" +Specifies the \s-1MAC\s0 key as an alphanumeric string (use if the key contains +printable characters only). +The string length must conform to any restrictions of the \s-1MAC\s0 algorithm. +A key must be specified for every \s-1MAC\s0 algorithm. +.IP "\fBhexkey:\fR\fIstring\fR" 4 +.IX Item "hexkey:string" +Specifies the \s-1MAC\s0 key in hexadecimal form (two hex digits per byte). +The key length must conform to any restrictions of the \s-1MAC\s0 algorithm. +A key must be specified for every \s-1MAC\s0 algorithm. +.IP "\fBdigest:\fR\fIstring\fR" 4 +.IX Item "digest:string" +Used by \s-1HMAC\s0 as an alphanumeric string (use if the key contains printable +characters only). +The string length must conform to any restrictions of the \s-1MAC\s0 algorithm. +To see the list of supported digests, use \f(CW\*(C`openssl list \-digest\-commands\*(C'\fR. +.IP "\fBcipher:\fR\fIstring\fR" 4 +.IX Item "cipher:string" +Used by \s-1CMAC\s0 and \s-1GMAC\s0 to specify the cipher algorithm. +For \s-1CMAC\s0 it must be one of \s-1AES\-128\-CBC\s0, \s-1AES\-192\-CBC\s0, \s-1AES\-256\-CBC\s0 or +\&\s-1DES\-EDE3\-CBC\s0. +For \s-1GMAC\s0 it should be a \s-1GCM\s0 mode cipher e.g. \s-1AES\-128\-GCM\s0. +.IP "\fBiv:\fR\fIstring\fR" 4 +.IX Item "iv:string" +Used by \s-1GMAC\s0 to specify an \s-1IV\s0 as an alphanumeric string (use if the \s-1IV\s0 contains +printable characters only). +.IP "\fBhexiv:\fR\fIstring\fR" 4 +.IX Item "hexiv:string" +Used by \s-1GMAC\s0 to specify an \s-1IV\s0 in hexadecimal form (two hex digits per byte). +.IP "\fBsize:\fR\fIint\fR" 4 +.IX Item "size:int" +Used by \s-1KMAC128\s0 or \s-1KMAC256\s0 to specify an output length. +The default sizes are 32 or 64 bytes respectively. +.IP "\fBcustom:\fR\fIstring\fR" 4 +.IX Item "custom:string" +Used by \s-1KMAC128\s0 or \s-1KMAC256\s0 to specify a customization string. +The default is the empty string "". +.RE +.RS 4 +.RE +.IP "\fImac_name\fR" 4 +.IX Item "mac_name" +Specifies the name of a supported \s-1MAC\s0 algorithm which will be used. +To see the list of supported \s-1MAC\s0's use the command \f(CW\*(C`opensssl list +\&\-mac\-algorithms\*(C'\fR. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +To create a hex-encoded \s-1HMAC\-SHA1\s0 \s-1MAC\s0 of a file and write to stdout: \e + openssl mac \-macopt digest:SHA1 \e + \-macopt hexkey:000102030405060708090A0B0C0D0E0F10111213 \e + \-in msg.bin \s-1HMAC\s0 +.PP +To create a SipHash \s-1MAC\s0 from a file with a binary file output: \e + openssl mac \-macopt hexkey:000102030405060708090A0B0C0D0E0F \e + \-in msg.bin \-out out.bin \-binary SipHash +.PP +To create a hex-encoded \s-1CMAC\-AES\-128\-CBC\s0 \s-1MAC\s0 from a file:\e + openssl mac \-macopt cipher:AES\-128\-CBC \e + \-macopt hexkey:77A77FAF290C1FA30C683DF16BA7A77B \e + \-in msg.bin \s-1CMAC\s0 +.PP +To create a hex-encoded \s-1KMAC128\s0 \s-1MAC\s0 from a file with a Customisation String +\&'Tag' and output length of 16: \e + openssl mac \-macopt custom:Tag \-macopt hexkey:40414243444546 \e + \-macopt size:16 \-in msg.bin \s-1KMAC128\s0 +.PP +To create a hex-encoded \s-1GMAC\-AES\-128\-GCM\s0 with a \s-1IV\s0 from a file: \e + openssl mac \-macopt cipher:AES\-128\-GCM \-macopt hexiv:E0E00F19FED7BA0136A797F3 \e + \-macopt hexkey:77A77FAF290C1FA30C683DF16BA7A77B \-in msg.bin \s-1GMAC\s0 +.SH "NOTES" +.IX Header "NOTES" +The \s-1MAC\s0 mechanisms that are available will depend on the options +used when building OpenSSL. +Use \f(CW\*(C`openssl list \-mac\-algorithms\*(C'\fR to list them. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\s-1\fIEVP_MAC\s0\fR\|(3), +\&\s-1\fIEVP_MAC\-CMAC\s0\fR\|(7), +\&\s-1\fIEVP_MAC\-GMAC\s0\fR\|(7), +\&\s-1\fIEVP_MAC\-HMAC\s0\fR\|(7), +\&\s-1\fIEVP_MAC\-KMAC\s0\fR\|(7), +\&\fIEVP_MAC\-Siphash\fR\|(7), +\&\fIEVP_MAC\-Poly1305\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man1/openssl-nseq.1 b/linux_amd64/ssl/share/man/man1/openssl-nseq.1 new file mode 100755 index 0000000..e9d4a26 --- /dev/null +++ b/linux_amd64/ssl/share/man/man1/openssl-nseq.1 @@ -0,0 +1,190 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-NSEQ 1" +.TH OPENSSL-NSEQ 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-nseq \- create or examine a Netscape certificate sequence +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBnseq\fR +[\fB\-help\fR] +[\fB\-in\fR \fIfilename\fR] +[\fB\-out\fR \fIfilename\fR] +[\fB\-toseq\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command takes a file containing a Netscape certificate +sequence and prints out the certificates contained in it or takes a +file of certificates and converts it into a Netscape certificate +sequence. +.PP +A Netscape certificate sequence is an old Netscape-specific format that +can be sometimes be sent to browsers as an alternative to the standard PKCS#7 +format when several certificates are sent to the browser, for example during +certificate enrollment. It was also used by Netscape certificate server. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-in\fR \fIfilename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read or standard input if this +option is not specified. +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +Specifies the output filename or standard output by default. +.IP "\fB\-toseq\fR" 4 +.IX Item "-toseq" +Normally a Netscape certificate sequence will be input and the output +is the certificates contained in it. With the \fB\-toseq\fR option the +situation is reversed: a Netscape certificate sequence is created from +a file of certificates. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Output the certificates in a Netscape certificate sequence +.PP +.Vb 1 +\& openssl nseq \-in nseq.pem \-out certs.pem +.Ve +.PP +Create a Netscape certificate sequence +.PP +.Vb 1 +\& openssl nseq \-in certs.pem \-toseq \-out nseq.pem +.Ve +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man1/openssl-ocsp.1 b/linux_amd64/ssl/share/man/man1/openssl-ocsp.1 new file mode 100755 index 0000000..c405d75 --- /dev/null +++ b/linux_amd64/ssl/share/man/man1/openssl-ocsp.1 @@ -0,0 +1,599 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-OCSP 1" +.TH OPENSSL-OCSP 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-ocsp \- Online Certificate Status Protocol utility +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.SS "\s-1OCSP\s0 Client" +.IX Subsection "OCSP Client" +\&\fBopenssl\fR \fBocsp\fR +[\fB\-help\fR] +[\fB\-out\fR \fIfile\fR] +[\fB\-issuer\fR \fIfile\fR] +[\fB\-cert\fR \fIfile\fR] +[\fB\-serial\fR \fIn\fR] +[\fB\-signer\fR \fIfile\fR] +[\fB\-signkey\fR \fIfile\fR] +[\fB\-sign_other\fR \fIfile\fR] +[\fB\-nonce\fR] +[\fB\-no_nonce\fR] +[\fB\-req_text\fR] +[\fB\-resp_text\fR] +[\fB\-text\fR] +[\fB\-no_certs\fR] +[\fB\-reqout\fR \fIfile\fR] +[\fB\-respout\fR \fIfile\fR] +[\fB\-reqin\fR \fIfile\fR] +[\fB\-respin\fR \fIfile\fR] +[\fB\-url\fR \fI\s-1URL\s0\fR] +[\fB\-host\fR \fIhost\fR:\fIport\fR] +[\fB\-header\fR] +[\fB\-timeout\fR \fIseconds\fR] +[\fB\-path\fR] +[\fB\-VAfile\fR \fIfile\fR] +[\fB\-validity_period\fR \fIn\fR] +[\fB\-status_age\fR \fIn\fR] +[\fB\-noverify\fR] +[\fB\-verify_other\fR \fIfile\fR] +[\fB\-trust_other\fR] +[\fB\-no_intern\fR] +[\fB\-no_signature_verify\fR] +[\fB\-no_cert_verify\fR] +[\fB\-no_chain\fR] +[\fB\-no_cert_checks\fR] +[\fB\-no_explicit\fR] +[\fB\-port\fR \fInum\fR] +[\fB\-ignore_err\fR] +.SS "\s-1OCSP\s0 Server" +.IX Subsection "OCSP Server" +\&\fBopenssl\fR \fBocsp\fR +[\fB\-index\fR \fIfile\fR] +[\fB\-CA\fR \fIfile\fR] +[\fB\-rsigner\fR \fIfile\fR] +[\fB\-rkey\fR \fIfile\fR] +[\fB\-passin\fR \fIarg\fR] +[\fB\-rother\fR \fIfile\fR] +[\fB\-rsigopt\fR \fInm\fR:\fIv\fR] +[\fB\-rmd\fR \fIdigest\fR] +[\fB\-badsig\fR] +[\fB\-resp_no_certs\fR] +[\fB\-nmin\fR \fIn\fR] +[\fB\-ndays\fR \fIn\fR] +[\fB\-resp_key_id\fR] +[\fB\-nrequest\fR \fIn\fR] +[\fB\-multi\fR \fIprocess-count\fR] +[\fB\-rcid\fR \fIdigest\fR] +[\fB\-\f(BIdigest\fB\fR] +[\fB\-CAfile\fR \fIfile\fR] +[\fB\-no\-CAfile\fR] +[\fB\-CApath\fR \fIdir\fR] +[\fB\-no\-CApath\fR] +[\fB\-CAstore\fR \fIuri\fR] +[\fB\-no\-CAstore\fR] +[\fB\-allow_proxy_certs\fR] +[\fB\-attime\fR \fItimestamp\fR] +[\fB\-no_check_time\fR] +[\fB\-check_ss_sig\fR] +[\fB\-crl_check\fR] +[\fB\-crl_check_all\fR] +[\fB\-explicit_policy\fR] +[\fB\-extended_crl\fR] +[\fB\-ignore_critical\fR] +[\fB\-inhibit_any\fR] +[\fB\-inhibit_map\fR] +[\fB\-partial_chain\fR] +[\fB\-policy\fR \fIarg\fR] +[\fB\-policy_check\fR] +[\fB\-policy_print\fR] +[\fB\-purpose\fR \fIpurpose\fR] +[\fB\-suiteB_128\fR] +[\fB\-suiteB_128_only\fR] +[\fB\-suiteB_192\fR] +[\fB\-trusted_first\fR] +[\fB\-no_alt_chains\fR] +[\fB\-use_deltas\fR] +[\fB\-auth_level\fR \fInum\fR] +[\fB\-verify_depth\fR \fInum\fR] +[\fB\-verify_email\fR \fIemail\fR] +[\fB\-verify_hostname\fR \fIhostname\fR] +[\fB\-verify_ip\fR \fIip\fR] +[\fB\-verify_name\fR \fIname\fR] +[\fB\-x509_strict\fR] +[\fB\-issuer_checks\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The Online Certificate Status Protocol (\s-1OCSP\s0) enables applications to +determine the (revocation) state of an identified certificate (\s-1RFC\s0 2560). +.PP +This command performs many common \s-1OCSP\s0 tasks. It can be used +to print out requests and responses, create requests and send queries +to an \s-1OCSP\s0 responder and behave like a mini \s-1OCSP\s0 server itself. +.SH "OPTIONS" +.IX Header "OPTIONS" +This command operates as either a client or a server. +The options are described below, divided into those two modes. +.SS "\s-1OCSP\s0 Client Options" +.IX Subsection "OCSP Client Options" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +specify output filename, default is standard output. +.IP "\fB\-issuer\fR \fIfilename\fR" 4 +.IX Item "-issuer filename" +This specifies the current issuer certificate. This option can be used +multiple times. The certificate specified in \fIfilename\fR must be in +\&\s-1PEM\s0 format. This option \fB\s-1MUST\s0\fR come before any \fB\-cert\fR options. +.IP "\fB\-cert\fR \fIfilename\fR" 4 +.IX Item "-cert filename" +Add the certificate \fIfilename\fR to the request. The issuer certificate +is taken from the previous \fB\-issuer\fR option, or an error occurs if no +issuer certificate is specified. +.IP "\fB\-serial\fR \fInum\fR" 4 +.IX Item "-serial num" +Same as the \fB\-cert\fR option except the certificate with serial number +\&\fBnum\fR is added to the request. The serial number is interpreted as a +decimal integer unless preceded by \f(CW\*(C`0x\*(C'\fR. Negative integers can also +be specified by preceding the value by a \f(CW\*(C`\-\*(C'\fR sign. +.IP "\fB\-signer\fR \fIfilename\fR, \fB\-signkey\fR \fIfilename\fR" 4 +.IX Item "-signer filename, -signkey filename" +Sign the \s-1OCSP\s0 request using the certificate specified in the \fB\-signer\fR +option and the private key specified by the \fB\-signkey\fR option. If +the \fB\-signkey\fR option is not present then the private key is read +from the same file as the certificate. If neither option is specified then +the \s-1OCSP\s0 request is not signed. +.IP "\fB\-sign_other\fR \fIfilename\fR" 4 +.IX Item "-sign_other filename" +Additional certificates to include in the signed request. +.IP "\fB\-nonce\fR, \fB\-no_nonce\fR" 4 +.IX Item "-nonce, -no_nonce" +Add an \s-1OCSP\s0 nonce extension to a request or disable \s-1OCSP\s0 nonce addition. +Normally if an \s-1OCSP\s0 request is input using the \fB\-reqin\fR option no +nonce is added: using the \fB\-nonce\fR option will force addition of a nonce. +If an \s-1OCSP\s0 request is being created (using \fB\-cert\fR and \fB\-serial\fR options) +a nonce is automatically added specifying \fB\-no_nonce\fR overrides this. +.IP "\fB\-req_text\fR, \fB\-resp_text\fR, \fB\-text\fR" 4 +.IX Item "-req_text, -resp_text, -text" +Print out the text form of the \s-1OCSP\s0 request, response or both respectively. +.IP "\fB\-reqout\fR \fIfile\fR, \fB\-respout\fR \fIfile\fR" 4 +.IX Item "-reqout file, -respout file" +Write out the \s-1DER\s0 encoded certificate request or response to \fIfile\fR. +.IP "\fB\-reqin\fR \fIfile\fR, \fB\-respin\fR \fIfile\fR" 4 +.IX Item "-reqin file, -respin file" +Read \s-1OCSP\s0 request or response file from \fIfile\fR. These option are ignored +if \s-1OCSP\s0 request or response creation is implied by other options (for example +with \fB\-serial\fR, \fB\-cert\fR and \fB\-host\fR options). +.IP "\fB\-url\fR \fIresponder_url\fR" 4 +.IX Item "-url responder_url" +Specify the responder \s-1URL\s0. Both \s-1HTTP\s0 and \s-1HTTPS\s0 (\s-1SSL/TLS\s0) URLs can be specified. +.IP "\fB\-host\fR \fIhostname\fR:\fIport\fR, \fB\-path\fR \fIpathname\fR" 4 +.IX Item "-host hostname:port, -path pathname" +If the \fB\-host\fR option is present then the \s-1OCSP\s0 request is sent to the host +\&\fIhostname\fR on port \fIport\fR. The \fB\-path\fR option specifies the \s-1HTTP\s0 pathname +to use or \*(L"/\*(R" by default. This is equivalent to specifying \fB\-url\fR with scheme +http:// and the given hostname, port, and pathname. +.IP "\fB\-header\fR \fIname\fR=\fIvalue\fR" 4 +.IX Item "-header name=value" +Adds the header \fIname\fR with the specified \fIvalue\fR to the \s-1OCSP\s0 request +that is sent to the responder. +This may be repeated. +.IP "\fB\-timeout\fR \fIseconds\fR" 4 +.IX Item "-timeout seconds" +Connection timeout to the \s-1OCSP\s0 responder in seconds. +On \s-1POSIX\s0 systems, when running as an \s-1OCSP\s0 responder, this option also limits +the time that the responder is willing to wait for the client request. +This time is measured from the time the responder accepts the connection until +the complete request is received. +.IP "\fB\-verify_other\fR \fIfile\fR" 4 +.IX Item "-verify_other file" +File containing additional certificates to search when attempting to locate +the \s-1OCSP\s0 response signing certificate. Some responders omit the actual signer's +certificate from the response: this option can be used to supply the necessary +certificate in such cases. +.IP "\fB\-trust_other\fR" 4 +.IX Item "-trust_other" +The certificates specified by the \fB\-verify_other\fR option should be explicitly +trusted and no additional checks will be performed on them. This is useful +when the complete responder certificate chain is not available or trusting a +root \s-1CA\s0 is not appropriate. +.IP "\fB\-VAfile\fR \fIfile\fR" 4 +.IX Item "-VAfile file" +File containing explicitly trusted responder certificates. Equivalent to the +\&\fB\-verify_other\fR and \fB\-trust_other\fR options. +.IP "\fB\-noverify\fR" 4 +.IX Item "-noverify" +Don't attempt to verify the \s-1OCSP\s0 response signature or the nonce +values. This option will normally only be used for debugging since it +disables all verification of the responders certificate. +.IP "\fB\-no_intern\fR" 4 +.IX Item "-no_intern" +Ignore certificates contained in the \s-1OCSP\s0 response when searching for the +signers certificate. With this option the signers certificate must be specified +with either the \fB\-verify_other\fR or \fB\-VAfile\fR options. +.IP "\fB\-no_signature_verify\fR" 4 +.IX Item "-no_signature_verify" +Don't check the signature on the \s-1OCSP\s0 response. Since this option +tolerates invalid signatures on \s-1OCSP\s0 responses it will normally only be +used for testing purposes. +.IP "\fB\-no_cert_verify\fR" 4 +.IX Item "-no_cert_verify" +Don't verify the \s-1OCSP\s0 response signers certificate at all. Since this +option allows the \s-1OCSP\s0 response to be signed by any certificate it should +only be used for testing purposes. +.IP "\fB\-no_chain\fR" 4 +.IX Item "-no_chain" +Do not use certificates in the response as additional untrusted \s-1CA\s0 +certificates. +.IP "\fB\-no_explicit\fR" 4 +.IX Item "-no_explicit" +Do not explicitly trust the root \s-1CA\s0 if it is set to be trusted for \s-1OCSP\s0 signing. +.IP "\fB\-no_cert_checks\fR" 4 +.IX Item "-no_cert_checks" +Don't perform any additional checks on the \s-1OCSP\s0 response signers certificate. +That is do not make any checks to see if the signers certificate is authorised +to provide the necessary status information: as a result this option should +only be used for testing purposes. +.IP "\fB\-validity_period\fR \fInsec\fR, \fB\-status_age\fR \fIage\fR" 4 +.IX Item "-validity_period nsec, -status_age age" +These options specify the range of times, in seconds, which will be tolerated +in an \s-1OCSP\s0 response. Each certificate status response includes a \fBnotBefore\fR +time and an optional \fBnotAfter\fR time. The current time should fall between +these two values, but the interval between the two times may be only a few +seconds. In practice the \s-1OCSP\s0 responder and clients clocks may not be precisely +synchronised and so such a check may fail. To avoid this the +\&\fB\-validity_period\fR option can be used to specify an acceptable error range in +seconds, the default value is 5 minutes. +.Sp +If the \fBnotAfter\fR time is omitted from a response then this means that new +status information is immediately available. In this case the age of the +\&\fBnotBefore\fR field is checked to see it is not older than \fIage\fR seconds old. +By default this additional check is not performed. +.IP "\fB\-rcid\fR \fIdigest\fR" 4 +.IX Item "-rcid digest" +This option sets the digest algorithm to use for certificate identification +in the \s-1OCSP\s0 response. Any digest supported by the \fIopenssl\-dgst\fR\|(1) command can +be used. The default is the same digest algorithm used in the request. +.IP "\fB\-\f(BIdigest\fB\fR" 4 +.IX Item "-digest" +This option sets digest algorithm to use for certificate identification in the +\&\s-1OCSP\s0 request. Any digest supported by the OpenSSL \fBdgst\fR command can be used. +The default is \s-1SHA\-1\s0. This option may be used multiple times to specify the +digest used by subsequent certificate identifiers. +.IP "\fB\-CAfile\fR \fIfile\fR, \fB\-no\-CAfile\fR, \fB\-CApath\fR \fIdir\fR, \fB\-no\-CApath\fR, \fB\-CAstore\fR \fIuri\fR, \fB\-no\-CAstore\fR" 4 +.IX Item "-CAfile file, -no-CAfile, -CApath dir, -no-CApath, -CAstore uri, -no-CAstore" +See \*(L"Trusted Certificate Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-allow_proxy_certs\fR, \fB\-attime\fR, \fB\-no_check_time\fR, \fB\-check_ss_sig\fR, \fB\-crl_check\fR, \fB\-crl_check_all\fR, \fB\-explicit_policy\fR, \fB\-extended_crl\fR, \fB\-ignore_critical\fR, \fB\-inhibit_any\fR, \fB\-inhibit_map\fR, \fB\-no_alt_chains\fR, \fB\-partial_chain\fR, \fB\-policy\fR, \fB\-policy_check\fR, \fB\-policy_print\fR, \fB\-purpose\fR, \fB\-suiteB_128\fR, \fB\-suiteB_128_only\fR, \fB\-suiteB_192\fR, \fB\-trusted_first\fR, \fB\-use_deltas\fR, \fB\-auth_level\fR, \fB\-verify_depth\fR, \fB\-verify_email\fR, \fB\-verify_hostname\fR, \fB\-verify_ip\fR, \fB\-verify_name\fR, \fB\-x509_strict\fR \fB\-issuer_checks\fR" 4 +.IX Item "-allow_proxy_certs, -attime, -no_check_time, -check_ss_sig, -crl_check, -crl_check_all, -explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, -inhibit_map, -no_alt_chains, -partial_chain, -policy, -policy_check, -policy_print, -purpose, -suiteB_128, -suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, -auth_level, -verify_depth, -verify_email, -verify_hostname, -verify_ip, -verify_name, -x509_strict -issuer_checks" +Set various options of certificate chain verification. +See \*(L"Verification Options\*(R" in \fIopenssl\fR\|(1) for details. +.SS "\s-1OCSP\s0 Server Options" +.IX Subsection "OCSP Server Options" +.IP "\fB\-index\fR \fIindexfile\fR" 4 +.IX Item "-index indexfile" +The \fIindexfile\fR parameter is the name of a text index file in \fBca\fR +format containing certificate revocation information. +.Sp +If the \fB\-index\fR option is specified then this command switches to +responder mode, otherwise it is in client mode. The request(s) the responder +processes can be either specified on the command line (using \fB\-issuer\fR +and \fB\-serial\fR options), supplied in a file (using the \fB\-reqin\fR option) +or via external \s-1OCSP\s0 clients (if \fB\-port\fR or \fB\-url\fR is specified). +.Sp +If the \fB\-index\fR option is present then the \fB\-CA\fR and \fB\-rsigner\fR options +must also be present. +.IP "\fB\-CA\fR \fIfile\fR" 4 +.IX Item "-CA file" +\&\s-1CA\s0 certificate corresponding to the revocation information in the index +file given with \fB\-index\fR. +.IP "\fB\-rsigner\fR \fIfile\fR" 4 +.IX Item "-rsigner file" +The certificate to sign \s-1OCSP\s0 responses with. +.IP "\fB\-rkey\fR \fIfile\fR" 4 +.IX Item "-rkey file" +The private key to sign \s-1OCSP\s0 responses with: if not present the file +specified in the \fB\-rsigner\fR option is used. +.IP "\fB\-passin\fR \fIarg\fR" 4 +.IX Item "-passin arg" +The private key password source. For more information about the format of \fIarg\fR +see \*(L"Pass Phrase Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-rother\fR \fIfile\fR" 4 +.IX Item "-rother file" +Additional certificates to include in the \s-1OCSP\s0 response. +.IP "\fB\-rsigopt\fR \fInm\fR:\fIv\fR" 4 +.IX Item "-rsigopt nm:v" +Pass options to the signature algorithm when signing \s-1OCSP\s0 responses. +Names and values of these options are algorithm-specific. +.IP "\fB\-rmd\fR \fIdigest\fR" 4 +.IX Item "-rmd digest" +The digest to use when signing the response. +.IP "\fB\-badsig\fR" 4 +.IX Item "-badsig" +Corrupt the response signature before writing it; this can be useful +for testing. +.IP "\fB\-resp_no_certs\fR" 4 +.IX Item "-resp_no_certs" +Don't include any certificates in the \s-1OCSP\s0 response. +.IP "\fB\-resp_key_id\fR" 4 +.IX Item "-resp_key_id" +Identify the signer certificate using the key \s-1ID\s0, default is to use the +subject name. +.IP "\fB\-port\fR \fIportnum\fR" 4 +.IX Item "-port portnum" +Port to listen for \s-1OCSP\s0 requests on. The port may also be specified +using the \fBurl\fR option. +.IP "\fB\-ignore_err\fR" 4 +.IX Item "-ignore_err" +Ignore malformed requests or responses: When acting as an \s-1OCSP\s0 client, retry if +a malformed response is received. When acting as an \s-1OCSP\s0 responder, continue +running instead of terminating upon receiving a malformed request. +.IP "\fB\-nrequest\fR \fInumber\fR" 4 +.IX Item "-nrequest number" +The \s-1OCSP\s0 server will exit after receiving \fInumber\fR requests, default unlimited. +.IP "\fB\-multi\fR \fIprocess-count\fR" 4 +.IX Item "-multi process-count" +Run the specified number of \s-1OCSP\s0 responder child processes, with the parent +process respawning child processes as needed. +Child processes will detect changes in the \s-1CA\s0 index file and automatically +reload it. +When running as a responder \fB\-timeout\fR option is recommended to limit the time +each child is willing to wait for the client's \s-1OCSP\s0 response. +This option is available on \s-1POSIX\s0 systems (that support the \fIfork()\fR and other +required unix system-calls). +.IP "\fB\-nmin\fR \fIminutes\fR, \fB\-ndays\fR \fIdays\fR" 4 +.IX Item "-nmin minutes, -ndays days" +Number of minutes or days when fresh revocation information is available: +used in the \fBnextUpdate\fR field. If neither option is present then the +\&\fBnextUpdate\fR field is omitted meaning fresh revocation information is +immediately available. +.SH "OCSP RESPONSE VERIFICATION" +.IX Header "OCSP RESPONSE VERIFICATION" +\&\s-1OCSP\s0 Response follows the rules specified in \s-1RFC2560\s0. +.PP +Initially the \s-1OCSP\s0 responder certificate is located and the signature on +the \s-1OCSP\s0 request checked using the responder certificate's public key. +.PP +Then a normal certificate verify is performed on the \s-1OCSP\s0 responder certificate +building up a certificate chain in the process. The locations of the trusted +certificates used to build the chain can be specified by the \fB\-CAfile\fR, +\&\fB\-CApath\fR or \fB\-CAstore\fR options or they will be looked for in the +standard OpenSSL certificates directory. +.PP +If the initial verify fails then the \s-1OCSP\s0 verify process halts with an +error. +.PP +Otherwise the issuing \s-1CA\s0 certificate in the request is compared to the \s-1OCSP\s0 +responder certificate: if there is a match then the \s-1OCSP\s0 verify succeeds. +.PP +Otherwise the \s-1OCSP\s0 responder certificate's \s-1CA\s0 is checked against the issuing +\&\s-1CA\s0 certificate in the request. If there is a match and the OCSPSigning +extended key usage is present in the \s-1OCSP\s0 responder certificate then the +\&\s-1OCSP\s0 verify succeeds. +.PP +Otherwise, if \fB\-no_explicit\fR is \fBnot\fR set the root \s-1CA\s0 of the \s-1OCSP\s0 responders +\&\s-1CA\s0 is checked to see if it is trusted for \s-1OCSP\s0 signing. If it is the \s-1OCSP\s0 +verify succeeds. +.PP +If none of these checks is successful then the \s-1OCSP\s0 verify fails. +.PP +What this effectively means if that if the \s-1OCSP\s0 responder certificate is +authorised directly by the \s-1CA\s0 it is issuing revocation information about +(and it is correctly configured) then verification will succeed. +.PP +If the \s-1OCSP\s0 responder is a \*(L"global responder\*(R" which can give details about +multiple CAs and has its own separate certificate chain then its root +\&\s-1CA\s0 can be trusted for \s-1OCSP\s0 signing. For example: +.PP +.Vb 1 +\& openssl x509 \-in ocspCA.pem \-addtrust OCSPSigning \-out trustedCA.pem +.Ve +.PP +Alternatively the responder certificate itself can be explicitly trusted +with the \fB\-VAfile\fR option. +.SH "NOTES" +.IX Header "NOTES" +As noted, most of the verify options are for testing or debugging purposes. +Normally only the \fB\-CApath\fR, \fB\-CAfile\fR, \fB\-CAstore\fR and (if the responder +is a 'global \s-1VA\s0') \fB\-VAfile\fR options need to be used. +.PP +The \s-1OCSP\s0 server is only useful for test and demonstration purposes: it is +not really usable as a full \s-1OCSP\s0 responder. It contains only a very +simple \s-1HTTP\s0 request handling and can only handle the \s-1POST\s0 form of \s-1OCSP\s0 +queries. It also handles requests serially meaning it cannot respond to +new requests until it has processed the current one. The text index file +format of revocation is also inefficient for large quantities of revocation +data. +.PP +It is possible to run this command in responder mode via a \s-1CGI\s0 +script using the \fB\-reqin\fR and \fB\-respout\fR options. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Create an \s-1OCSP\s0 request and write it to a file: +.PP +.Vb 1 +\& openssl ocsp \-issuer issuer.pem \-cert c1.pem \-cert c2.pem \-reqout req.der +.Ve +.PP +Send a query to an \s-1OCSP\s0 responder with \s-1URL\s0 http://ocsp.myhost.com/ save the +response to a file, print it out in text form, and verify the response: +.PP +.Vb 2 +\& openssl ocsp \-issuer issuer.pem \-cert c1.pem \-cert c2.pem \e +\& \-url http://ocsp.myhost.com/ \-resp_text \-respout resp.der +.Ve +.PP +Read in an \s-1OCSP\s0 response and print out text form: +.PP +.Vb 1 +\& openssl ocsp \-respin resp.der \-text \-noverify +.Ve +.PP +\&\s-1OCSP\s0 server on port 8888 using a standard \fBca\fR configuration, and a separate +responder certificate. All requests and responses are printed to a file. +.PP +.Vb 2 +\& openssl ocsp \-index demoCA/index.txt \-port 8888 \-rsigner rcert.pem \-CA demoCA/cacert.pem +\& \-text \-out log.txt +.Ve +.PP +As above but exit after processing one request: +.PP +.Vb 2 +\& openssl ocsp \-index demoCA/index.txt \-port 8888 \-rsigner rcert.pem \-CA demoCA/cacert.pem +\& \-nrequest 1 +.Ve +.PP +Query status information using an internally generated request: +.PP +.Vb 2 +\& openssl ocsp \-index demoCA/index.txt \-rsigner rcert.pem \-CA demoCA/cacert.pem +\& \-issuer demoCA/cacert.pem \-serial 1 +.Ve +.PP +Query status information using request read from a file, and write the response +to a second file. +.PP +.Vb 2 +\& openssl ocsp \-index demoCA/index.txt \-rsigner rcert.pem \-CA demoCA/cacert.pem +\& \-reqin req.der \-respout resp.der +.Ve +.SH "HISTORY" +.IX Header "HISTORY" +The \-no_alt_chains option was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man1/openssl-passwd.1 b/linux_amd64/ssl/share/man/man1/openssl-passwd.1 new file mode 100755 index 0000000..47b07ae --- /dev/null +++ b/linux_amd64/ssl/share/man/man1/openssl-passwd.1 @@ -0,0 +1,236 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-PASSWD 1" +.TH OPENSSL-PASSWD 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-passwd \- compute password hashes +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl passwd\fR +[\fB\-help\fR] +[\fB\-crypt\fR] +[\fB\-1\fR] +[\fB\-apr1\fR] +[\fB\-aixmd5\fR] +[\fB\-5\fR] +[\fB\-6\fR] +[\fB\-salt\fR \fIstring\fR] +[\fB\-in\fR \fIfile\fR] +[\fB\-stdin\fR] +[\fB\-noverify\fR] +[\fB\-quiet\fR] +[\fB\-table\fR] +[\fB\-reverse\fR] +[\fB\-rand\fR \fIfiles\fR] +[\fB\-writerand\fR \fIfile\fR] +[\fIpassword\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command computes the hash of a password typed at +run-time or the hash of each password in a list. The password list is +taken from the named file for option \fB\-in\fR, from stdin for +option \fB\-stdin\fR, or from the command line, or from the terminal otherwise. +The Unix standard algorithm \fB\-crypt\fR and the MD5\-based \s-1BSD\s0 password +algorithm \fB\-1\fR, its Apache variant \fB\-apr1\fR, and its \s-1AIX\s0 variant are +available. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-crypt\fR" 4 +.IX Item "-crypt" +Use the \fBcrypt\fR algorithm (default). +.IP "\fB\-1\fR" 4 +.IX Item "-1" +Use the \s-1MD5\s0 based \s-1BSD\s0 password algorithm \fB1\fR. +.IP "\fB\-apr1\fR" 4 +.IX Item "-apr1" +Use the \fBapr1\fR algorithm (Apache variant of the \s-1BSD\s0 algorithm). +.IP "\fB\-aixmd5\fR" 4 +.IX Item "-aixmd5" +Use the \fB\s-1AIX\s0 \s-1MD5\s0\fR algorithm (\s-1AIX\s0 variant of the \s-1BSD\s0 algorithm). +.IP "\fB\-5\fR" 4 +.IX Item "-5" +.PD 0 +.IP "\fB\-6\fR" 4 +.IX Item "-6" +.PD +Use the \fB\s-1SHA256\s0\fR / \fB\s-1SHA512\s0\fR based algorithms defined by Ulrich Drepper. +See https://www.akkadia.org/drepper/SHA\-crypt.txt . +.IP "\fB\-salt\fR \fIstring\fR" 4 +.IX Item "-salt string" +Use the specified salt. +When reading a password from the terminal, this implies \fB\-noverify\fR. +.IP "\fB\-in\fR \fIfile\fR" 4 +.IX Item "-in file" +Read passwords from \fIfile\fR. +.IP "\fB\-stdin\fR" 4 +.IX Item "-stdin" +Read passwords from \fBstdin\fR. +.IP "\fB\-noverify\fR" 4 +.IX Item "-noverify" +Don't verify when reading a password from the terminal. +.IP "\fB\-quiet\fR" 4 +.IX Item "-quiet" +Don't output warnings when passwords given at the command line are truncated. +.IP "\fB\-table\fR" 4 +.IX Item "-table" +In the output list, prepend the cleartext password and a \s-1TAB\s0 character +to each password hash. +.IP "\fB\-reverse\fR" 4 +.IX Item "-reverse" +When the \fB\-table\fR option is used, reverse the order of cleartext and hash. +.IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 +.IX Item "-rand files, -writerand file" +See \*(L"Random State Options\*(R" in \fIopenssl\fR\|(1) for details. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +.Vb 2 +\& % openssl passwd \-crypt \-salt xx password +\& xxj31ZMTZzkVA +\& +\& % openssl passwd \-1 \-salt xxxxxxxx password +\& $1$xxxxxxxx$UYCIxa628.9qXjpQCjM4a. +\& +\& % openssl passwd \-apr1 \-salt xxxxxxxx password +\& $apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0 +\& +\& % openssl passwd \-aixmd5 \-salt xxxxxxxx password +\& xxxxxxxx$8Oaipk/GPKhC64w/YVeFD/ +.Ve +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man1/openssl-pkcs12.1 b/linux_amd64/ssl/share/man/man1/openssl-pkcs12.1 new file mode 100755 index 0000000..fa5a3d4 --- /dev/null +++ b/linux_amd64/ssl/share/man/man1/openssl-pkcs12.1 @@ -0,0 +1,465 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-PKCS12 1" +.TH OPENSSL-PKCS12 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-pkcs12 \- PKCS#12 file utility +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBpkcs12\fR +[\fB\-help\fR] +[\fB\-export\fR] +[\fB\-chain\fR] +[\fB\-inkey\fR \fIfile_or_id\fR] +[\fB\-certfile\fR \fIfilename\fR] +[\fB\-name\fR \fIname\fR] +[\fB\-caname\fR \fIname\fR] +[\fB\-in\fR \fIfilename\fR] +[\fB\-out\fR \fIfilename\fR] +[\fB\-noout\fR] +[\fB\-nomacver\fR] +[\fB\-nocerts\fR] +[\fB\-clcerts\fR] +[\fB\-cacerts\fR] +[\fB\-nokeys\fR] +[\fB\-info\fR] +[\fB\-des\fR] +[\fB\-des3\fR] +[\fB\-idea\fR] +[\fB\-aes128\fR] +[\fB\-aes192\fR] +[\fB\-aes256\fR] +[\fB\-aria128\fR] +[\fB\-aria192\fR] +[\fB\-aria256\fR] +[\fB\-camellia128\fR] +[\fB\-camellia192\fR] +[\fB\-camellia256\fR] +[\fB\-nodes\fR] +[\fB\-iter\fR \fIcount\fR] +[\fB\-noiter\fR] +[\fB\-nomaciter\fR] +[\fB\-maciter\fR] +[\fB\-nomac\fR] +[\fB\-twopass\fR] +[\fB\-descert\fR] +[\fB\-certpbe\fR \fIcipher\fR] +[\fB\-keypbe\fR \fIcipher\fR] +[\fB\-macalg\fR \fIdigest\fR] +[\fB\-keyex\fR] +[\fB\-keysig\fR] +[\fB\-password\fR \fIarg\fR] +[\fB\-passin\fR \fIarg\fR] +[\fB\-passout\fR \fIarg\fR] +[\fB\-LMK\fR] +[\fB\-CSP\fR \fIname\fR] +[\fB\-CAfile\fR \fIfile\fR] +[\fB\-no\-CAfile\fR] +[\fB\-CApath\fR \fIdir\fR] +[\fB\-no\-CApath\fR] +[\fB\-CAstore\fR \fIuri\fR] +[\fB\-no\-CAstore\fR] +[\fB\-rand\fR \fIfiles\fR] +[\fB\-writerand\fR \fIfile\fR] +[\fB\-engine\fR \fIid\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command allows PKCS#12 files (sometimes referred to as +\&\s-1PFX\s0 files) to be created and parsed. PKCS#12 files are used by several +programs including Netscape, \s-1MSIE\s0 and \s-1MS\s0 Outlook. +.SH "OPTIONS" +.IX Header "OPTIONS" +There are a lot of options the meaning of some depends of whether a PKCS#12 file +is being created or parsed. By default a PKCS#12 file is parsed. A PKCS#12 +file can be created by using the \fB\-export\fR option (see below). +.SH "PARSING OPTIONS" +.IX Header "PARSING OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-in\fR \fIfilename\fR" 4 +.IX Item "-in filename" +This specifies filename of the PKCS#12 file to be parsed. Standard input is used +by default. +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +The filename to write certificates and private keys to, standard output by +default. They are all written in \s-1PEM\s0 format. +.IP "\fB\-password\fR \fIarg\fR" 4 +.IX Item "-password arg" +With \fB\-export\fR, \fB\-password\fR is equivalent to \fB\-passout\fR, +otherwise it is equivalent to \fB\-passin\fR. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +This option inhibits output of the keys and certificates to the output file +version of the PKCS#12 file. +.IP "\fB\-clcerts\fR" 4 +.IX Item "-clcerts" +Only output client certificates (not \s-1CA\s0 certificates). +.IP "\fB\-cacerts\fR" 4 +.IX Item "-cacerts" +Only output \s-1CA\s0 certificates (not client certificates). +.IP "\fB\-nocerts\fR" 4 +.IX Item "-nocerts" +No certificates at all will be output. +.IP "\fB\-nokeys\fR" 4 +.IX Item "-nokeys" +No private keys will be output. +.IP "\fB\-info\fR" 4 +.IX Item "-info" +Output additional information about the PKCS#12 file structure, algorithms +used and iteration counts. +.IP "\fB\-des\fR" 4 +.IX Item "-des" +Use \s-1DES\s0 to encrypt private keys before outputting. +.IP "\fB\-des3\fR" 4 +.IX Item "-des3" +Use triple \s-1DES\s0 to encrypt private keys before outputting, this is the default. +.IP "\fB\-idea\fR" 4 +.IX Item "-idea" +Use \s-1IDEA\s0 to encrypt private keys before outputting. +.IP "\fB\-aes128\fR, \fB\-aes192\fR, \fB\-aes256\fR" 4 +.IX Item "-aes128, -aes192, -aes256" +Use \s-1AES\s0 to encrypt private keys before outputting. +.IP "\fB\-aria128\fR, \fB\-aria192\fR, \fB\-aria256\fR" 4 +.IX Item "-aria128, -aria192, -aria256" +Use \s-1ARIA\s0 to encrypt private keys before outputting. +.IP "\fB\-camellia128\fR, \fB\-camellia192\fR, \fB\-camellia256\fR" 4 +.IX Item "-camellia128, -camellia192, -camellia256" +Use Camellia to encrypt private keys before outputting. +.IP "\fB\-nodes\fR" 4 +.IX Item "-nodes" +Don't encrypt the private keys at all. +.IP "\fB\-nomacver\fR" 4 +.IX Item "-nomacver" +Don't attempt to verify the integrity \s-1MAC\s0 before reading the file. +.IP "\fB\-twopass\fR" 4 +.IX Item "-twopass" +Prompt for separate integrity and encryption passwords: most software +always assumes these are the same so this option will render such +PKCS#12 files unreadable. Cannot be used in combination with the options +\&\fB\-password\fR, \fB\-passin\fR if importing, or \fB\-passout\fR if exporting. +.SH "FILE CREATION OPTIONS" +.IX Header "FILE CREATION OPTIONS" +.IP "\fB\-export\fR" 4 +.IX Item "-export" +This option specifies that a PKCS#12 file will be created rather than +parsed. +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +This specifies filename to write the PKCS#12 file to. Standard output is used +by default. +.IP "\fB\-in\fR \fIfilename\fR" 4 +.IX Item "-in filename" +The filename to read certificates and private keys from, standard input by +default. They must all be in \s-1PEM\s0 format. The order doesn't matter but one +private key and its corresponding certificate should be present. If additional +certificates are present they will also be included in the PKCS#12 file. +.IP "\fB\-inkey\fR \fIfile_or_id\fR" 4 +.IX Item "-inkey file_or_id" +File to read private key from. If not present then a private key must be present +in the input file. +If no engine is used, the argument is taken as a file; if an engine is +specified, the argument is given to the engine as a key identifier. +.IP "\fB\-name\fR \fIfriendlyname\fR" 4 +.IX Item "-name friendlyname" +This specifies the \*(L"friendly name\*(R" for the certificate and private key. This +name is typically displayed in list boxes by software importing the file. +.IP "\fB\-certfile\fR \fIfilename\fR" 4 +.IX Item "-certfile filename" +A filename to read additional certificates from. +.IP "\fB\-caname\fR \fIfriendlyname\fR" 4 +.IX Item "-caname friendlyname" +This specifies the \*(L"friendly name\*(R" for other certificates. This option may be +used multiple times to specify names for all certificates in the order they +appear. Netscape ignores friendly names on other certificates whereas \s-1MSIE\s0 +displays them. +.IP "\fB\-passin\fR \fIarg\fR, \fB\-passout\fR \fIarg\fR" 4 +.IX Item "-passin arg, -passout arg" +The password source for the input, and for encrypting any private keys that +are output. +For more information about the format of \fBarg\fR +see \*(L"Pass Phrase Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-chain\fR" 4 +.IX Item "-chain" +If this option is present then an attempt is made to include the entire +certificate chain of the user certificate. The standard \s-1CA\s0 store is used +for this search. If the search fails it is considered a fatal error. +.IP "\fB\-descert\fR" 4 +.IX Item "-descert" +Encrypt the certificate using triple \s-1DES\s0, this may render the PKCS#12 +file unreadable by some \*(L"export grade\*(R" software. By default the private +key is encrypted using triple \s-1DES\s0 and the certificate using 40 bit \s-1RC2\s0 +unless \s-1RC2\s0 is disabled in which case triple \s-1DES\s0 is used. +.IP "\fB\-keypbe\fR \fIalg\fR, \fB\-certpbe\fR \fIalg\fR" 4 +.IX Item "-keypbe alg, -certpbe alg" +These options allow the algorithm used to encrypt the private key and +certificates to be selected. Any PKCS#5 v1.5 or PKCS#12 \s-1PBE\s0 algorithm name +can be used (see \*(L"\s-1NOTES\s0\*(R" section for more information). If a cipher name +(as output by \f(CW\*(C`openssl list \-cipher\-algorithms\*(C'\fR) is specified then it +is used with PKCS#5 v2.0. For interoperability reasons it is advisable to only +use PKCS#12 algorithms. +.IP "\fB\-keyex\fR|\fB\-keysig\fR" 4 +.IX Item "-keyex|-keysig" +Specifies that the private key is to be used for key exchange or just signing. +This option is only interpreted by \s-1MSIE\s0 and similar \s-1MS\s0 software. Normally +\&\*(L"export grade\*(R" software will only allow 512 bit \s-1RSA\s0 keys to be used for +encryption purposes but arbitrary length keys for signing. The \fB\-keysig\fR +option marks the key for signing only. Signing only keys can be used for +S/MIME signing, authenticode (ActiveX control signing) and \s-1SSL\s0 client +authentication, however due to a bug only \s-1MSIE\s0 5.0 and later support +the use of signing only keys for \s-1SSL\s0 client authentication. +.IP "\fB\-macalg\fR \fIdigest\fR" 4 +.IX Item "-macalg digest" +Specify the \s-1MAC\s0 digest algorithm. If not included them \s-1SHA1\s0 will be used. +.IP "\fB\-iter\fR \fIcount\fR" 4 +.IX Item "-iter count" +This option specifies the iteration count for the encryption key and \s-1MAC\s0. The +default value is 2048. +.Sp +To discourage attacks by using large dictionaries of common passwords the +algorithm that derives keys from passwords can have an iteration count applied +to it: this causes a certain part of the algorithm to be repeated and slows it +down. The \s-1MAC\s0 is used to check the file integrity but since it will normally +have the same password as the keys and certificates it could also be attacked. +.IP "\fB\-nomaciter\fR, \fB\-noiter\fR" 4 +.IX Item "-nomaciter, -noiter" +By default both \s-1MAC\s0 and encryption iteration counts are set to 2048, using +these options the \s-1MAC\s0 and encryption iteration counts can be set to 1, since +this reduces the file security you should not use these options unless you +really have to. Most software supports both \s-1MAC\s0 and key iteration counts. +\&\s-1MSIE\s0 4.0 doesn't support \s-1MAC\s0 iteration counts so it needs the \fB\-nomaciter\fR +option. +.IP "\fB\-maciter\fR" 4 +.IX Item "-maciter" +This option is included for compatibility with previous versions, it used +to be needed to use \s-1MAC\s0 iterations counts but they are now used by default. +.IP "\fB\-nomac\fR" 4 +.IX Item "-nomac" +Don't attempt to provide the \s-1MAC\s0 integrity. +.IP "\fB\-LMK\fR" 4 +.IX Item "-LMK" +Add the \*(L"Local Key Set\*(R" identifier to the attributes. +.IP "\fB\-CSP\fR \fIname\fR" 4 +.IX Item "-CSP name" +Write \fIname\fR as a Microsoft \s-1CSP\s0 name. +.IP "\fB\-CAfile\fR \fIfile\fR, \fB\-no\-CAfile\fR, \fB\-CApath\fR \fIdir\fR, \fB\-no\-CApath\fR, \fB\-CAstore\fR \fIuri\fR, \fB\-no\-CAstore\fR" 4 +.IX Item "-CAfile file, -no-CAfile, -CApath dir, -no-CApath, -CAstore uri, -no-CAstore" +See \*(L"Trusted Certificate Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 +.IX Item "-rand files, -writerand file" +See \*(L"Random State Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +See \*(L"Engine Options\*(R" in \fIopenssl\fR\|(1). +.SH "NOTES" +.IX Header "NOTES" +Although there are a large number of options most of them are very rarely +used. For PKCS#12 file parsing only \fB\-in\fR and \fB\-out\fR need to be used +for PKCS#12 file creation \fB\-export\fR and \fB\-name\fR are also used. +.PP +If none of the \fB\-clcerts\fR, \fB\-cacerts\fR or \fB\-nocerts\fR options are present +then all certificates will be output in the order they appear in the input +PKCS#12 files. There is no guarantee that the first certificate present is +the one corresponding to the private key. Certain software which requires +a private key and certificate and assumes the first certificate in the +file is the one corresponding to the private key: this may not always +be the case. Using the \fB\-clcerts\fR option will solve this problem by only +outputting the certificate corresponding to the private key. If the \s-1CA\s0 +certificates are required then they can be output to a separate file using +the \fB\-nokeys\fR \fB\-cacerts\fR options to just output \s-1CA\s0 certificates. +.PP +The \fB\-keypbe\fR and \fB\-certpbe\fR algorithms allow the precise encryption +algorithms for private keys and certificates to be specified. Normally +the defaults are fine but occasionally software can't handle triple \s-1DES\s0 +encrypted private keys, then the option \fB\-keypbe\fR \fI\s-1PBE\-SHA1\-RC2\-40\s0\fR can +be used to reduce the private key encryption to 40 bit \s-1RC2\s0. A complete +description of all algorithms is contained in \fIopenssl\-pkcs8\fR\|(1). +.PP +Prior 1.1 release passwords containing non-ASCII characters were encoded +in non-compliant manner, which limited interoperability, in first hand +with Windows. But switching to standard-compliant password encoding +poses problem accessing old data protected with broken encoding. For +this reason even legacy encodings is attempted when reading the +data. If you use PKCS#12 files in production application you are advised +to convert the data, because implemented heuristic approach is not +MT-safe, its sole goal is to facilitate the data upgrade with this +command. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Parse a PKCS#12 file and output it to a file: +.PP +.Vb 1 +\& openssl pkcs12 \-in file.p12 \-out file.pem +.Ve +.PP +Output only client certificates to a file: +.PP +.Vb 1 +\& openssl pkcs12 \-in file.p12 \-clcerts \-out file.pem +.Ve +.PP +Don't encrypt the private key: +.PP +.Vb 1 +\& openssl pkcs12 \-in file.p12 \-out file.pem \-nodes +.Ve +.PP +Print some info about a PKCS#12 file: +.PP +.Vb 1 +\& openssl pkcs12 \-in file.p12 \-info \-noout +.Ve +.PP +Create a PKCS#12 file: +.PP +.Vb 1 +\& openssl pkcs12 \-export \-in file.pem \-out file.p12 \-name "My Certificate" +.Ve +.PP +Include some extra certificates: +.PP +.Vb 2 +\& openssl pkcs12 \-export \-in file.pem \-out file.p12 \-name "My Certificate" \e +\& \-certfile othercerts.pem +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIopenssl\-pkcs8\fR\|(1), +\&\fIossl_store\-file\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man1/openssl-pkcs7.1 b/linux_amd64/ssl/share/man/man1/openssl-pkcs7.1 new file mode 100755 index 0000000..9f9021a --- /dev/null +++ b/linux_amd64/ssl/share/man/man1/openssl-pkcs7.1 @@ -0,0 +1,213 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-PKCS7 1" +.TH OPENSSL-PKCS7 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-pkcs7 \- PKCS#7 utility +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBpkcs7\fR +[\fB\-help\fR] +[\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-in\fR \fIfilename\fR] +[\fB\-out\fR \fIfilename\fR] +[\fB\-print\fR] +[\fB\-print_certs\fR] +[\fB\-text\fR] +[\fB\-noout\fR] +[\fB\-engine\fR \fIid\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command processes PKCS#7 files. Note that it only understands PKCS#7 +v 1.5 as specified in \s-1IETF\s0 \s-1RFC\s0 2315. It cannot currently parse \s-1CMS\s0 as +described in \s-1IETF\s0 \s-1RFC\s0 2630. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR, \fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IX Item "-inform DER|PEM, -outform DER|PEM" +The input and formats; the default is \fB\s-1PEM\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.Sp +The data is a PKCS#7 Version 1.5 structure. +.IP "\fB\-in\fR \fIfilename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read from or standard input if this +option is not specified. +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +Specifies the output filename to write to or standard output by +default. +.IP "\fB\-print\fR" 4 +.IX Item "-print" +Print out the full \s-1PKCS7\s0 object. +.IP "\fB\-print_certs\fR" 4 +.IX Item "-print_certs" +Prints out any certificates or CRLs contained in the file. They are +preceded by their subject and issuer names in one line format. +.IP "\fB\-text\fR" 4 +.IX Item "-text" +Prints out certificate details in full rather than just subject and +issuer names. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +Don't output the encoded version of the PKCS#7 structure (or certificates +if \fB\-print_certs\fR is set). +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +See \*(L"Engine Options\*(R" in \fIopenssl\fR\|(1). +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Convert a PKCS#7 file from \s-1PEM\s0 to \s-1DER:\s0 +.PP +.Vb 1 +\& openssl pkcs7 \-in file.pem \-outform DER \-out file.der +.Ve +.PP +Output all certificates in a file: +.PP +.Vb 1 +\& openssl pkcs7 \-in file.pem \-print_certs \-out certs.pem +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIopenssl\-crl2pkcs7\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man1/openssl-pkcs8.1 b/linux_amd64/ssl/share/man/man1/openssl-pkcs8.1 new file mode 100755 index 0000000..795a4ec --- /dev/null +++ b/linux_amd64/ssl/share/man/man1/openssl-pkcs8.1 @@ -0,0 +1,391 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-PKCS8 1" +.TH OPENSSL-PKCS8 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-pkcs8 \- PKCS#8 format private key conversion tool +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBpkcs8\fR +[\fB\-help\fR] +[\fB\-topk8\fR] +[\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-in\fR \fIfilename\fR] +[\fB\-passin\fR \fIarg\fR] +[\fB\-out\fR \fIfilename\fR] +[\fB\-passout\fR \fIarg\fR] +[\fB\-iter\fR \fIcount\fR] +[\fB\-noiter\fR] +[\fB\-nocrypt\fR] +[\fB\-traditional\fR] +[\fB\-v2\fR \fIalg\fR] +[\fB\-v2prf\fR \fIalg\fR] +[\fB\-v1\fR \fIalg\fR] +[\fB\-scrypt\fR] +[\fB\-scrypt_N\fR \fIN\fR] +[\fB\-scrypt_r\fR \fIr\fR] +[\fB\-scrypt_p\fR \fIp\fR] +[\fB\-rand\fR \fIfiles\fR] +[\fB\-writerand\fR \fIfile\fR] +[\fB\-engine\fR \fIid\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command processes private keys in PKCS#8 format. It can handle +both unencrypted PKCS#8 PrivateKeyInfo format and EncryptedPrivateKeyInfo +format with a variety of PKCS#5 (v1.5 and v2.0) and PKCS#12 algorithms. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-topk8\fR" 4 +.IX Item "-topk8" +Normally a PKCS#8 private key is expected on input and a private key will be +written to the output file. With the \fB\-topk8\fR option the situation is +reversed: it reads a private key and writes a PKCS#8 format key. +.IP "\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR, \fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IX Item "-inform DER|PEM, -outform DER|PEM" +The input and formats; the default is \fB\s-1PEM\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.Sp +If a key is being converted from PKCS#8 form (i.e. the \fB\-topk8\fR option is +not used) then the input file must be in PKCS#8 format. An encrypted +key is expected unless \fB\-nocrypt\fR is included. +.Sp +If \fB\-topk8\fR is not used and \fB\s-1PEM\s0\fR mode is set the output file will be an +unencrypted private key in PKCS#8 format. If the \fB\-traditional\fR option is +used then a traditional format private key is written instead. +.Sp +If \fB\-topk8\fR is not used and \fB\s-1DER\s0\fR mode is set the output file will be an +unencrypted private key in traditional \s-1DER\s0 format. +.Sp +If \fB\-topk8\fR is used then any supported private key can be used for the input +file in a format specified by \fB\-inform\fR. The output file will be encrypted +PKCS#8 format using the specified encryption parameters unless \fB\-nocrypt\fR +is included. +.IP "\fB\-traditional\fR" 4 +.IX Item "-traditional" +When this option is present and \fB\-topk8\fR is not a traditional format private +key is written. +.IP "\fB\-in\fR \fIfilename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read a key from or standard input if this +option is not specified. If the key is encrypted a pass phrase will be +prompted for. +.IP "\fB\-passin\fR \fIarg\fR, \fB\-passout\fR \fIarg\fR" 4 +.IX Item "-passin arg, -passout arg" +The password source for the input and output file. +For more information about the format of \fBarg\fR +see \*(L"Pass Phrase Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +This specifies the output filename to write a key to or standard output by +default. If any encryption options are set then a pass phrase will be +prompted for. The output filename should \fBnot\fR be the same as the input +filename. +.IP "\fB\-iter\fR \fIcount\fR" 4 +.IX Item "-iter count" +When creating new PKCS#8 containers, use a given number of iterations on +the password in deriving the encryption key for the PKCS#8 output. +High values increase the time required to brute-force a PKCS#8 container. +.IP "\fB\-nocrypt\fR" 4 +.IX Item "-nocrypt" +PKCS#8 keys generated or input are normally PKCS#8 EncryptedPrivateKeyInfo +structures using an appropriate password based encryption algorithm. With +this option an unencrypted PrivateKeyInfo structure is expected or output. +This option does not encrypt private keys at all and should only be used +when absolutely necessary. Certain software such as some versions of Java +code signing software used unencrypted private keys. +.IP "\fB\-v2\fR \fIalg\fR" 4 +.IX Item "-v2 alg" +This option sets the PKCS#5 v2.0 algorithm. +.Sp +The \fIalg\fR argument is the encryption algorithm to use, valid values include +\&\fBaes128\fR, \fBaes256\fR and \fBdes3\fR. If this option isn't specified then \fBaes256\fR +is used. +.IP "\fB\-v2prf\fR \fIalg\fR" 4 +.IX Item "-v2prf alg" +This option sets the \s-1PRF\s0 algorithm to use with PKCS#5 v2.0. A typical value +value would be \fBhmacWithSHA256\fR. If this option isn't set then the default +for the cipher is used or \fBhmacWithSHA256\fR if there is no default. +.Sp +Some implementations may not support custom \s-1PRF\s0 algorithms and may require +the \fBhmacWithSHA1\fR option to work. +.IP "\fB\-v1\fR \fIalg\fR" 4 +.IX Item "-v1 alg" +This option indicates a PKCS#5 v1.5 or PKCS#12 algorithm should be used. Some +older implementations may not support PKCS#5 v2.0 and may require this option. +If not specified PKCS#5 v2.0 form is used. +.IP "\fB\-scrypt\fR" 4 +.IX Item "-scrypt" +Uses the \fBscrypt\fR algorithm for private key encryption using default +parameters: currently N=16384, r=8 and p=1 and \s-1AES\s0 in \s-1CBC\s0 mode with a 256 bit +key. These parameters can be modified using the \fB\-scrypt_N\fR, \fB\-scrypt_r\fR, +\&\fB\-scrypt_p\fR and \fB\-v2\fR options. +.IP "\fB\-scrypt_N\fR \fIN\fR, \fB\-scrypt_r\fR \fIr\fR, \fB\-scrypt_p\fR \fIp\fR" 4 +.IX Item "-scrypt_N N, -scrypt_r r, -scrypt_p p" +Sets the scrypt \fIN\fR, \fIr\fR or \fIp\fR parameters. +.IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 +.IX Item "-rand files, -writerand file" +See \*(L"Random State Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +See \*(L"Engine Options\*(R" in \fIopenssl\fR\|(1). +.SH "NOTES" +.IX Header "NOTES" +By default, when converting a key to PKCS#8 format, PKCS#5 v2.0 using 256 bit +\&\s-1AES\s0 with \s-1HMAC\s0 and \s-1SHA256\s0 is used. +.PP +Some older implementations do not support PKCS#5 v2.0 format and require +the older PKCS#5 v1.5 form instead, possibly also requiring insecure weak +encryption algorithms such as 56 bit \s-1DES\s0. +.PP +Private keys encrypted using PKCS#5 v2.0 algorithms and high iteration +counts are more secure that those encrypted using the traditional +SSLeay compatible formats. So if additional security is considered +important the keys should be converted. +.PP +It is possible to write out \s-1DER\s0 encoded encrypted private keys in +PKCS#8 format because the encryption details are included at an \s-1ASN1\s0 +level whereas the traditional format includes them at a \s-1PEM\s0 level. +.SH "PKCS#5 V1.5 AND PKCS#12 ALGORITHMS" +.IX Header "PKCS#5 V1.5 AND PKCS#12 ALGORITHMS" +Various algorithms can be used with the \fB\-v1\fR command line option, +including PKCS#5 v1.5 and PKCS#12. These are described in more detail +below. +.IP "\fB\s-1PBE\-MD2\-DES\s0 \s-1PBE\-MD5\-DES\s0\fR" 4 +.IX Item "PBE-MD2-DES PBE-MD5-DES" +These algorithms were included in the original PKCS#5 v1.5 specification. +They only offer 56 bits of protection since they both use \s-1DES\s0. +.IP "\fB\s-1PBE\-SHA1\-RC2\-64\s0\fR, \fB\s-1PBE\-MD2\-RC2\-64\s0\fR, \fB\s-1PBE\-MD5\-RC2\-64\s0\fR, \fB\s-1PBE\-SHA1\-DES\s0\fR" 4 +.IX Item "PBE-SHA1-RC2-64, PBE-MD2-RC2-64, PBE-MD5-RC2-64, PBE-SHA1-DES" +These algorithms are not mentioned in the original PKCS#5 v1.5 specification +but they use the same key derivation algorithm and are supported by some +software. They are mentioned in PKCS#5 v2.0. They use either 64 bit \s-1RC2\s0 or +56 bit \s-1DES\s0. +.IP "\fB\s-1PBE\-SHA1\-RC4\-128\s0\fR, \fB\s-1PBE\-SHA1\-RC4\-40\s0\fR, \fB\s-1PBE\-SHA1\-3DES\s0\fR, \fB\s-1PBE\-SHA1\-2DES\s0\fR, \fB\s-1PBE\-SHA1\-RC2\-128\s0\fR, \fB\s-1PBE\-SHA1\-RC2\-40\s0\fR" 4 +.IX Item "PBE-SHA1-RC4-128, PBE-SHA1-RC4-40, PBE-SHA1-3DES, PBE-SHA1-2DES, PBE-SHA1-RC2-128, PBE-SHA1-RC2-40" +These algorithms use the PKCS#12 password based encryption algorithm and +allow strong encryption algorithms like triple \s-1DES\s0 or 128 bit \s-1RC2\s0 to be used. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Convert a private key to PKCS#8 format using default parameters (\s-1AES\s0 with +256 bit key and \fBhmacWithSHA256\fR): +.PP +.Vb 1 +\& openssl pkcs8 \-in key.pem \-topk8 \-out enckey.pem +.Ve +.PP +Convert a private key to PKCS#8 unencrypted format: +.PP +.Vb 1 +\& openssl pkcs8 \-in key.pem \-topk8 \-nocrypt \-out enckey.pem +.Ve +.PP +Convert a private key to PKCS#5 v2.0 format using triple \s-1DES:\s0 +.PP +.Vb 1 +\& openssl pkcs8 \-in key.pem \-topk8 \-v2 des3 \-out enckey.pem +.Ve +.PP +Convert a private key to PKCS#5 v2.0 format using \s-1AES\s0 with 256 bits in \s-1CBC\s0 +mode and \fBhmacWithSHA512\fR \s-1PRF:\s0 +.PP +.Vb 1 +\& openssl pkcs8 \-in key.pem \-topk8 \-v2 aes\-256\-cbc \-v2prf hmacWithSHA512 \-out enckey.pem +.Ve +.PP +Convert a private key to PKCS#8 using a PKCS#5 1.5 compatible algorithm +(\s-1DES\s0): +.PP +.Vb 1 +\& openssl pkcs8 \-in key.pem \-topk8 \-v1 PBE\-MD5\-DES \-out enckey.pem +.Ve +.PP +Convert a private key to PKCS#8 using a PKCS#12 compatible algorithm +(3DES): +.PP +.Vb 1 +\& openssl pkcs8 \-in key.pem \-topk8 \-out enckey.pem \-v1 PBE\-SHA1\-3DES +.Ve +.PP +Read a \s-1DER\s0 unencrypted PKCS#8 format private key: +.PP +.Vb 1 +\& openssl pkcs8 \-inform DER \-nocrypt \-in key.der \-out key.pem +.Ve +.PP +Convert a private key from any PKCS#8 encrypted format to traditional format: +.PP +.Vb 1 +\& openssl pkcs8 \-in pk8.pem \-traditional \-out key.pem +.Ve +.PP +Convert a private key to PKCS#8 format, encrypting with \s-1AES\-256\s0 and with +one million iterations of the password: +.PP +.Vb 1 +\& openssl pkcs8 \-in key.pem \-topk8 \-v2 aes\-256\-cbc \-iter 1000000 \-out pk8.pem +.Ve +.SH "STANDARDS" +.IX Header "STANDARDS" +Test vectors from this PKCS#5 v2.0 implementation were posted to the +pkcs-tng mailing list using triple \s-1DES\s0, \s-1DES\s0 and \s-1RC2\s0 with high iteration +counts, several people confirmed that they could decrypt the private +keys produced and Therefore it can be assumed that the PKCS#5 v2.0 +implementation is reasonably accurate at least as far as these +algorithms are concerned. +.PP +The format of PKCS#8 \s-1DSA\s0 (and other) private keys is not well documented: +it is hidden away in PKCS#11 v2.01, section 11.9. OpenSSL's default \s-1DSA\s0 +PKCS#8 private key format complies with this standard. +.SH "BUGS" +.IX Header "BUGS" +There should be an option that prints out the encryption algorithm +in use and other details such as the iteration count. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIopenssl\-dsa\fR\|(1), +\&\fIopenssl\-rsa\fR\|(1), +\&\fIopenssl\-genrsa\fR\|(1), +\&\fIopenssl\-gendsa\fR\|(1) +.SH "HISTORY" +.IX Header "HISTORY" +The \fB\-iter\fR option was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man1/openssl-pkey.1 b/linux_amd64/ssl/share/man/man1/openssl-pkey.1 new file mode 100755 index 0000000..7c4bbe0 --- /dev/null +++ b/linux_amd64/ssl/share/man/man1/openssl-pkey.1 @@ -0,0 +1,311 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-PKEY 1" +.TH OPENSSL-PKEY 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-pkey \- public or private key processing tool +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBpkey\fR +[\fB\-help\fR] +[\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-in\fR \fIfilename\fR] +[\fB\-passin\fR \fIarg\fR] +[\fB\-out\fR \fIfilename\fR] +[\fB\-passout\fR \fIarg\fR] +[\fB\-traditional\fR] +[\fB\-\f(BIcipher\fB\fR] +[\fB\-text\fR] +[\fB\-text_pub\fR] +[\fB\-noout\fR] +[\fB\-pubin\fR] +[\fB\-pubout\fR] +[\fB\-check\fR] +[\fB\-pubcheck\fR] +[\fB\-ec_conv_form\fR \fIarg\fR] +[\fB\-ec_param_enc\fR \fIarg\fR] +[\fB\-engine\fR \fIid\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command processes public or private keys. They can be +converted between various forms and their components printed out. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR, \fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IX Item "-inform DER|PEM, -outform DER|PEM" +The input and formats; the default is \fB\s-1PEM\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-in\fR \fIfilename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read a key from or standard input if this +option is not specified. If the key is encrypted a pass phrase will be +prompted for. +.IP "\fB\-passin\fR \fIarg\fR, \fB\-passout\fR \fIarg\fR" 4 +.IX Item "-passin arg, -passout arg" +The password source for the input and output file. +For more information about the format of \fBarg\fR +see \*(L"Pass Phrase Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +This specifies the output filename to write a key to or standard output if this +option is not specified. If any encryption options are set then a pass phrase +will be prompted for. The output filename should \fBnot\fR be the same as the input +filename. +.IP "\fB\-traditional\fR" 4 +.IX Item "-traditional" +Normally a private key is written using standard format: this is PKCS#8 form +with the appropriate encryption algorithm (if any). If the \fB\-traditional\fR +option is specified then the older \*(L"traditional\*(R" format is used instead. +.IP "\fB\-\f(BIcipher\fB\fR" 4 +.IX Item "-cipher" +These options encrypt the private key with the supplied cipher. Any algorithm +name accepted by \fIEVP_get_cipherbyname()\fR is acceptable such as \fBdes3\fR. +.IP "\fB\-text\fR" 4 +.IX Item "-text" +Prints out the various public or private key components in +plain text in addition to the encoded version. +.IP "\fB\-text_pub\fR" 4 +.IX Item "-text_pub" +Print out only public key components even if a private key is being processed. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +Do not output the encoded version of the key. +.IP "\fB\-pubin\fR" 4 +.IX Item "-pubin" +By default a private key is read from the input file: with this +option a public key is read instead. +.IP "\fB\-pubout\fR" 4 +.IX Item "-pubout" +By default a private key is output: with this option a public +key will be output instead. This option is automatically set if +the input is a public key. +.IP "\fB\-check\fR" 4 +.IX Item "-check" +This option checks the consistency of a key pair for both public and private +components. +.IP "\fB\-pubcheck\fR" 4 +.IX Item "-pubcheck" +This option checks the correctness of either a public key or the public component +of a key pair. +.IP "\fB\-ec_conv_form\fR \fIarg\fR" 4 +.IX Item "-ec_conv_form arg" +This option only applies to elliptic curve based public and private keys. +.Sp +This specifies how the points on the elliptic curve are converted +into octet strings. Possible values are: \fBcompressed\fR (the default +value), \fBuncompressed\fR and \fBhybrid\fR. For more information regarding +the point conversion forms please read the X9.62 standard. +\&\fBNote\fR Due to patent issues the \fBcompressed\fR option is disabled +by default for binary curves and can be enabled by defining +the preprocessor macro \fB\s-1OPENSSL_EC_BIN_PT_COMP\s0\fR at compile time. +.IP "\fB\-ec_param_enc\fR \fIarg\fR" 4 +.IX Item "-ec_param_enc arg" +This option only applies to elliptic curve based public and private keys. +.Sp +This specifies how the elliptic curve parameters are encoded. +Possible value are: \fBnamed_curve\fR, i.e. the ec parameters are +specified by an \s-1OID\s0, or \fBexplicit\fR where the ec parameters are +explicitly given (see \s-1RFC\s0 3279 for the definition of the +\&\s-1EC\s0 parameters structures). The default value is \fBnamed_curve\fR. +\&\fBNote\fR the \fBimplicitlyCA\fR alternative, as specified in \s-1RFC\s0 3279, +is currently not implemented in OpenSSL. +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +See \*(L"Engine Options\*(R" in \fIopenssl\fR\|(1). +.SH "EXAMPLES" +.IX Header "EXAMPLES" +To remove the pass phrase on a private key: +.PP +.Vb 1 +\& openssl pkey \-in key.pem \-out keyout.pem +.Ve +.PP +To encrypt a private key using triple \s-1DES:\s0 +.PP +.Vb 1 +\& openssl pkey \-in key.pem \-des3 \-out keyout.pem +.Ve +.PP +To convert a private key from \s-1PEM\s0 to \s-1DER\s0 format: +.PP +.Vb 1 +\& openssl pkey \-in key.pem \-outform DER \-out keyout.der +.Ve +.PP +To print out the components of a private key to standard output: +.PP +.Vb 1 +\& openssl pkey \-in key.pem \-text \-noout +.Ve +.PP +To print out the public components of a private key to standard output: +.PP +.Vb 1 +\& openssl pkey \-in key.pem \-text_pub \-noout +.Ve +.PP +To just output the public part of a private key: +.PP +.Vb 1 +\& openssl pkey \-in key.pem \-pubout \-out pubkey.pem +.Ve +.PP +To change the \s-1EC\s0 parameters encoding to \fBexplicit\fR: +.PP +.Vb 1 +\& openssl pkey \-in key.pem \-ec_param_enc explicit \-out keyout.pem +.Ve +.PP +To change the \s-1EC\s0 point conversion form to \fBcompressed\fR: +.PP +.Vb 1 +\& openssl pkey \-in key.pem \-ec_conv_form compressed \-out keyout.pem +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIopenssl\-genpkey\fR\|(1), +\&\fIopenssl\-rsa\fR\|(1), +\&\fIopenssl\-pkcs8\fR\|(1), +\&\fIopenssl\-dsa\fR\|(1), +\&\fIopenssl\-genrsa\fR\|(1), +\&\fIopenssl\-gendsa\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man1/openssl-pkeyparam.1 b/linux_amd64/ssl/share/man/man1/openssl-pkeyparam.1 new file mode 100755 index 0000000..6e15c06 --- /dev/null +++ b/linux_amd64/ssl/share/man/man1/openssl-pkeyparam.1 @@ -0,0 +1,200 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-PKEYPARAM 1" +.TH OPENSSL-PKEYPARAM 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-pkeyparam \- public key algorithm parameter processing tool +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBpkeyparam\fR +[\fB\-help\fR] +[\fB\-in\fR \fIfilename\fR] +[\fB\-out\fR \fIfilename\fR] +[\fB\-text\fR] +[\fB\-noout\fR] +[\fB\-check\fR] +[\fB\-engine\fR \fIid\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command processes public key algorithm parameters. +They can be checked for correctness and their components printed out. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-in\fR \fIfilename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read parameters from or standard input if +this option is not specified. +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +This specifies the output filename to write parameters to or standard output if +this option is not specified. +.IP "\fB\-text\fR" 4 +.IX Item "-text" +Prints out the parameters in plain text in addition to the encoded version. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +Do not output the encoded version of the parameters. +.IP "\fB\-check\fR" 4 +.IX Item "-check" +This option checks the correctness of parameters. +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +See \*(L"Engine Options\*(R" in \fIopenssl\fR\|(1). +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Print out text version of parameters: +.PP +.Vb 1 +\& openssl pkeyparam \-in param.pem \-text +.Ve +.SH "NOTES" +.IX Header "NOTES" +There are no \fB\-inform\fR or \fB\-outform\fR options for this command because only +\&\s-1PEM\s0 format is supported because the key type is determined by the \s-1PEM\s0 headers. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIopenssl\-genpkey\fR\|(1), +\&\fIopenssl\-rsa\fR\|(1), +\&\fIopenssl\-pkcs8\fR\|(1), +\&\fIopenssl\-dsa\fR\|(1), +\&\fIopenssl\-genrsa\fR\|(1), +\&\fIopenssl\-gendsa\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man1/openssl-pkeyutl.1 b/linux_amd64/ssl/share/man/man1/openssl-pkeyutl.1 new file mode 100755 index 0000000..b1eb79a --- /dev/null +++ b/linux_amd64/ssl/share/man/man1/openssl-pkeyutl.1 @@ -0,0 +1,493 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-PKEYUTL 1" +.TH OPENSSL-PKEYUTL 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-pkeyutl \- public key algorithm utility +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBpkeyutl\fR +[\fB\-help\fR] +[\fB\-in\fR \fIfile\fR] +[\fB\-rawin\fR] +[\fB\-digest\fR \fIalgorithm\fR] +[\fB\-out\fR \fIfile\fR] +[\fB\-sigfile\fR \fIfile\fR] +[\fB\-inkey\fR \fIfile\fR] +[\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1ENGINE\s0\fR] +[\fB\-passin\fR \fIarg\fR] +[\fB\-peerkey\fR \fIfile\fR] +[\fB\-peerform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1ENGINE\s0\fR] +[\fB\-pubin\fR] +[\fB\-certin\fR] +[\fB\-rev\fR] +[\fB\-sign\fR] +[\fB\-verify\fR] +[\fB\-verifyrecover\fR] +[\fB\-encrypt\fR] +[\fB\-decrypt\fR] +[\fB\-derive\fR] +[\fB\-kdf\fR \fIalgorithm\fR] +[\fB\-kdflen\fR \fIlength\fR] +[\fB\-pkeyopt\fR \fIopt\fR:\fIvalue\fR] +[\fB\-pkeyopt_passin\fR \fIopt\fR[:\fIpassarg\fR]] +[\fB\-hexdump\fR] +[\fB\-asn1parse\fR] +[\fB\-engine\fR \fIid\fR] +[\fB\-engine_impl\fR] +[\fB\-rand\fR \fIfiles\fR] +[\fB\-writerand\fR \fIfile\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command can be used to perform low level public key +operations using any supported algorithm. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-in\fR \fIfilename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read data from or standard input +if this option is not specified. +.IP "\fB\-rawin\fR" 4 +.IX Item "-rawin" +This indicates that the input data is raw data, which is not hashed by any +message digest algorithm. The user can specify a digest algorithm by using +the \fB\-digest\fR option. This option can only be used with \fB\-sign\fR and +\&\fB\-verify\fR and must be used with the Ed25519 and Ed448 algorithms. +.IP "\fB\-digest\fR \fIalgorithm\fR" 4 +.IX Item "-digest algorithm" +This specifies the digest algorithm which is used to hash the input data before +signing or verifying it with the input key. This option could be omitted if the +signature algorithm does not require one (for instance, EdDSA). If this option +is omitted but the signature algorithm requires one, a default value will be +used. For signature algorithms like \s-1RSA\s0, \s-1DSA\s0 and \s-1ECDSA\s0, \s-1SHA\-256\s0 will be the +default digest algorithm. For \s-1SM2\s0, it will be \s-1SM3\s0. If this option is present, +then the \fB\-rawin\fR option must be also specified. +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +Specifies the output filename to write to or standard output by +default. +.IP "\fB\-sigfile\fR \fIfile\fR" 4 +.IX Item "-sigfile file" +Signature file, required for \fB\-verify\fR operations only +.IP "\fB\-inkey\fR \fIfile\fR" 4 +.IX Item "-inkey file" +The input key file, by default it should be a private key. +.IP "\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1ENGINE\s0\fR" 4 +.IX Item "-keyform DER|PEM|ENGINE" +The key format; the default is \fB\s-1PEM\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-passin\fR \fIarg\fR" 4 +.IX Item "-passin arg" +The input key password source. For more information about the format of \fIarg\fR +see \*(L"Pass Phrase Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-peerkey\fR \fIfile\fR" 4 +.IX Item "-peerkey file" +The peer key file, used by key derivation (agreement) operations. +.IP "\fB\-peerform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1ENGINE\s0\fR" 4 +.IX Item "-peerform DER|PEM|ENGINE" +The peer key format; the default is \fB\s-1PEM\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-pubin\fR" 4 +.IX Item "-pubin" +The input file is a public key. +.IP "\fB\-certin\fR" 4 +.IX Item "-certin" +The input is a certificate containing a public key. +.IP "\fB\-rev\fR" 4 +.IX Item "-rev" +Reverse the order of the input buffer. This is useful for some libraries +(such as CryptoAPI) which represent the buffer in little endian format. +.IP "\fB\-sign\fR" 4 +.IX Item "-sign" +Sign the input data (which must be a hash) and output the signed result. This +requires a private key. +.IP "\fB\-verify\fR" 4 +.IX Item "-verify" +Verify the input data (which must be a hash) against the signature file and +indicate if the verification succeeded or failed. +.IP "\fB\-verifyrecover\fR" 4 +.IX Item "-verifyrecover" +Verify the input data (which must be a hash) and output the recovered data. +.IP "\fB\-encrypt\fR" 4 +.IX Item "-encrypt" +Encrypt the input data using a public key. +.IP "\fB\-decrypt\fR" 4 +.IX Item "-decrypt" +Decrypt the input data using a private key. +.IP "\fB\-derive\fR" 4 +.IX Item "-derive" +Derive a shared secret using the peer key. +.IP "\fB\-kdf\fR \fIalgorithm\fR" 4 +.IX Item "-kdf algorithm" +Use key derivation function \fIalgorithm\fR. The supported algorithms are +at present \fB\s-1TLS1\-PRF\s0\fR and \fB\s-1HKDF\s0\fR. +Note: additional parameters and the \s-1KDF\s0 output length will normally have to be +set for this to work. +See \fIEVP_PKEY_CTX_set_hkdf_md\fR\|(3) and \fIEVP_PKEY_CTX_set_tls1_prf_md\fR\|(3) +for the supported string parameters of each algorithm. +.IP "\fB\-kdflen\fR \fIlength\fR" 4 +.IX Item "-kdflen length" +Set the output length for \s-1KDF\s0. +.IP "\fB\-pkeyopt\fR \fIopt\fR:\fIvalue\fR" 4 +.IX Item "-pkeyopt opt:value" +Public key options specified as opt:value. See \s-1NOTES\s0 below for more details. +.IP "\fB\-pkeyopt_passin\fR \fIopt\fR[:\fIpassarg\fR]" 4 +.IX Item "-pkeyopt_passin opt[:passarg]" +Allows reading a public key option \fIopt\fR from stdin or a password source. +If only \fIopt\fR is specified, the user will be prompted to enter a password on +stdin. Alternatively, \fIpassarg\fR can be specified which can be any value +supported by \*(L"Pass phrase options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-hexdump\fR" 4 +.IX Item "-hexdump" +hex dump the output data. +.IP "\fB\-asn1parse\fR" 4 +.IX Item "-asn1parse" +Parse the \s-1ASN\s0.1 output data, this is useful when combined with the +\&\fB\-verifyrecover\fR option when an \s-1ASN1\s0 structure is signed. +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +See \*(L"Engine Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-engine_impl\fR" 4 +.IX Item "-engine_impl" +When used with the \fB\-engine\fR option, it specifies to also use +engine \fIid\fR for crypto operations. +.IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 +.IX Item "-rand files, -writerand file" +See \*(L"Random State Options\*(R" in \fIopenssl\fR\|(1) for details. +.SH "NOTES" +.IX Header "NOTES" +The operations and options supported vary according to the key algorithm +and its implementation. The OpenSSL operations and options are indicated below. +.PP +Unless otherwise mentioned all algorithms support the \fBdigest:\fR\fIalg\fR option +which specifies the digest in use for sign, verify and verifyrecover operations. +The value \fIalg\fR should represent a digest name as used in the +\&\fIEVP_get_digestbyname()\fR function for example \fBsha1\fR. This value is not used to +hash the input data. It is used (by some algorithms) for sanity-checking the +lengths of data passed in and for creating the structures that make up the +signature (e.g. \fBDigestInfo\fR in \s-1RSASSA\s0 PKCS#1 v1.5 signatures). +.PP +This command does not hash the input data (except where \-rawin is used) but +rather it will use the data directly as input to the signature algorithm. +Depending on the key type, signature type, and mode of padding, the maximum +acceptable lengths of input data differ. The signed data can't be longer than +the key modulus with \s-1RSA\s0. In case of \s-1ECDSA\s0 and \s-1DSA\s0 the data shouldn't be longer +than the field size, otherwise it will be silently truncated to the field size. +In any event the input size must not be larger than the largest supported digest +size. +.PP +In other words, if the value of digest is \fBsha1\fR the input should be the 20 +bytes long binary encoding of the \s-1SHA\-1\s0 hash function output. +.SH "RSA ALGORITHM" +.IX Header "RSA ALGORITHM" +The \s-1RSA\s0 algorithm generally supports the encrypt, decrypt, sign, +verify and verifyrecover operations. However, some padding modes +support only a subset of these operations. The following additional +\&\fBpkeyopt\fR values are supported: +.IP "\fBrsa_padding_mode:\fR\fImode\fR" 4 +.IX Item "rsa_padding_mode:mode" +This sets the \s-1RSA\s0 padding mode. Acceptable values for \fImode\fR are \fBpkcs1\fR for +PKCS#1 padding, \fBsslv23\fR for SSLv23 padding, \fBnone\fR for no padding, \fBoaep\fR +for \fB\s-1OAEP\s0\fR mode, \fBx931\fR for X9.31 mode and \fBpss\fR for \s-1PSS\s0. +.Sp +In PKCS#1 padding if the message digest is not set then the supplied data is +signed or verified directly instead of using a \fBDigestInfo\fR structure. If a +digest is set then the a \fBDigestInfo\fR structure is used and its the length +must correspond to the digest type. +.Sp +For \fBoaep\fR mode only encryption and decryption is supported. +.Sp +For \fBx931\fR if the digest type is set it is used to format the block data +otherwise the first byte is used to specify the X9.31 digest \s-1ID\s0. Sign, +verify and verifyrecover are can be performed in this mode. +.Sp +For \fBpss\fR mode only sign and verify are supported and the digest type must be +specified. +.IP "\fBrsa_pss_saltlen:\fR\fIlen\fR" 4 +.IX Item "rsa_pss_saltlen:len" +For \fBpss\fR mode only this option specifies the salt length. Three special +values are supported: \fBdigest\fR sets the salt length to the digest length, +\&\fBmax\fR sets the salt length to the maximum permissible value. When verifying +\&\fBauto\fR causes the salt length to be automatically determined based on the +\&\fB\s-1PSS\s0\fR block structure. +.IP "\fBrsa_mgf1_md:\fR\fIdigest\fR" 4 +.IX Item "rsa_mgf1_md:digest" +For \s-1PSS\s0 and \s-1OAEP\s0 padding sets the \s-1MGF1\s0 digest. If the \s-1MGF1\s0 digest is not +explicitly set in \s-1PSS\s0 mode then the signing digest is used. +.SH "RSA-PSS ALGORITHM" +.IX Header "RSA-PSS ALGORITHM" +The RSA-PSS algorithm is a restricted version of the \s-1RSA\s0 algorithm which only +supports the sign and verify operations with \s-1PSS\s0 padding. The following +additional \fB\-pkeyopt\fR values are supported: +.IP "\fBrsa_padding_mode:\fR\fImode\fR, \fBrsa_pss_saltlen:\fR\fIlen\fR, \fBrsa_mgf1_md:\fR\fIdigest\fR" 4 +.IX Item "rsa_padding_mode:mode, rsa_pss_saltlen:len, rsa_mgf1_md:digest" +These have the same meaning as the \fB\s-1RSA\s0\fR algorithm with some additional +restrictions. The padding mode can only be set to \fBpss\fR which is the +default value. +.Sp +If the key has parameter restrictions than the digest, \s-1MGF1\s0 +digest and salt length are set to the values specified in the parameters. +The digest and \s-1MG\s0 cannot be changed and the salt length cannot be set to a +value less than the minimum restriction. +.SH "DSA ALGORITHM" +.IX Header "DSA ALGORITHM" +The \s-1DSA\s0 algorithm supports signing and verification operations only. Currently +there are no additional \fB\-pkeyopt\fR options other than \fBdigest\fR. The \s-1SHA1\s0 +digest is assumed by default. +.SH "DH ALGORITHM" +.IX Header "DH ALGORITHM" +The \s-1DH\s0 algorithm only supports the derivation operation and no additional +\&\fB\-pkeyopt\fR options. +.SH "EC ALGORITHM" +.IX Header "EC ALGORITHM" +The \s-1EC\s0 algorithm supports sign, verify and derive operations. The sign and +verify operations use \s-1ECDSA\s0 and derive uses \s-1ECDH\s0. \s-1SHA1\s0 is assumed by default for +the \fB\-pkeyopt\fR \fBdigest\fR option. +.SH "X25519 AND X448 ALGORITHMS" +.IX Header "X25519 AND X448 ALGORITHMS" +The X25519 and X448 algorithms support key derivation only. Currently there are +no additional options. +.SH "ED25519 AND ED448 ALGORITHMS" +.IX Header "ED25519 AND ED448 ALGORITHMS" +These algorithms only support signing and verifying. OpenSSL only implements the +\&\*(L"pure\*(R" variants of these algorithms so raw data can be passed directly to them +without hashing them first. The option \fB\-rawin\fR must be used with these +algorithms with no \fB\-digest\fR specified. Additionally OpenSSL only supports +\&\*(L"oneshot\*(R" operation with these algorithms. This means that the entire file to +be signed/verified must be read into memory before processing it. Signing or +Verifying very large files should be avoided. Additionally the size of the file +must be known for this to work. If the size of the file cannot be determined +(for example if the input is stdin) then the sign or verify operation will fail. +.SH "SM2" +.IX Header "SM2" +The \s-1SM2\s0 algorithm supports sign, verify, encrypt and decrypt operations. For +the sign and verify operations, \s-1SM2\s0 requires an \s-1ID\s0 string to be passed in. The +following \fB\-pkeyopt\fR value is supported: +.IP "\fBsm2_id:\fR\fIstring\fR" 4 +.IX Item "sm2_id:string" +This sets the \s-1ID\s0 string used in \s-1SM2\s0 sign or verify operations. While verifying +an \s-1SM2\s0 signature, the \s-1ID\s0 string must be the same one used when signing the data. +Otherwise the verification will fail. +.IP "\fBsm2_hex_id:\fR\fIhex_string\fR" 4 +.IX Item "sm2_hex_id:hex_string" +This sets the \s-1ID\s0 string used in \s-1SM2\s0 sign or verify operations. While verifying +an \s-1SM2\s0 signature, the \s-1ID\s0 string must be the same one used when signing the data. +Otherwise the verification will fail. The \s-1ID\s0 string provided with this option +should be a valid hexadecimal value. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Sign some data using a private key: +.PP +.Vb 1 +\& openssl pkeyutl \-sign \-in file \-inkey key.pem \-out sig +.Ve +.PP +Recover the signed data (e.g. if an \s-1RSA\s0 key is used): +.PP +.Vb 1 +\& openssl pkeyutl \-verifyrecover \-in sig \-inkey key.pem +.Ve +.PP +Verify the signature (e.g. a \s-1DSA\s0 key): +.PP +.Vb 1 +\& openssl pkeyutl \-verify \-in file \-sigfile sig \-inkey key.pem +.Ve +.PP +Sign data using a message digest value (this is currently only valid for \s-1RSA\s0): +.PP +.Vb 1 +\& openssl pkeyutl \-sign \-in file \-inkey key.pem \-out sig \-pkeyopt digest:sha256 +.Ve +.PP +Derive a shared secret value: +.PP +.Vb 1 +\& openssl pkeyutl \-derive \-inkey key.pem \-peerkey pubkey.pem \-out secret +.Ve +.PP +Hexdump 48 bytes of \s-1TLS1\s0 \s-1PRF\s0 using digest \fB\s-1SHA256\s0\fR and shared secret and +seed consisting of the single byte 0xFF: +.PP +.Vb 2 +\& openssl pkeyutl \-kdf TLS1\-PRF \-kdflen 48 \-pkeyopt md:SHA256 \e +\& \-pkeyopt hexsecret:ff \-pkeyopt hexseed:ff \-hexdump +.Ve +.PP +Derive a key using \fBscrypt\fR where the password is read from command line: +.PP +.Vb 2 +\& openssl pkeyutl \-kdf scrypt \-kdflen 16 \-pkeyopt_passin pass \e +\& \-pkeyopt hexsalt:aabbcc \-pkeyopt N:16384 \-pkeyopt r:8 \-pkeyopt p:1 +.Ve +.PP +Derive using the same algorithm, but read key from environment variable \s-1MYPASS:\s0 +.PP +.Vb 2 +\& openssl pkeyutl \-kdf scrypt \-kdflen 16 \-pkeyopt_passin pass:env:MYPASS \e +\& \-pkeyopt hexsalt:aabbcc \-pkeyopt N:16384 \-pkeyopt r:8 \-pkeyopt p:1 +.Ve +.PP +Sign some data using an \s-1\fISM2\s0\fR\|(7) private key and a specific \s-1ID:\s0 +.PP +.Vb 2 +\& openssl pkeyutl \-sign \-in file \-inkey sm2.key \-out sig \-rawin \-digest sm3 \e +\& \-pkeyopt sm2_id:someid +.Ve +.PP +Verify some data using an \s-1\fISM2\s0\fR\|(7) certificate and a specific \s-1ID:\s0 +.PP +.Vb 2 +\& openssl pkeyutl \-verify \-certin \-in file \-inkey sm2.cert \-sigfile sig \e +\& \-rawin \-digest sm3 \-pkeyopt sm2_id:someid +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIopenssl\-genpkey\fR\|(1), +\&\fIopenssl\-pkey\fR\|(1), +\&\fIopenssl\-rsautl\fR\|(1) +\&\fIopenssl\-dgst\fR\|(1), +\&\fIopenssl\-rsa\fR\|(1), +\&\fIopenssl\-genrsa\fR\|(1), +\&\fIopenssl\-kdf\fR\|(1) +\&\fIEVP_PKEY_CTX_set_hkdf_md\fR\|(3), +\&\fIEVP_PKEY_CTX_set_tls1_prf_md\fR\|(3), +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man1/openssl-prime.1 b/linux_amd64/ssl/share/man/man1/openssl-prime.1 new file mode 100755 index 0000000..f7daeca --- /dev/null +++ b/linux_amd64/ssl/share/man/man1/openssl-prime.1 @@ -0,0 +1,179 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-PRIME 1" +.TH OPENSSL-PRIME 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-prime \- compute prime numbers +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl prime\fR +[\fB\-help\fR] +[\fB\-hex\fR] +[\fB\-generate\fR] +[\fB\-bits\fR \fInum\fR] +[\fB\-safe\fR] +[\fB\-checks\fR \fInum\fR] +[\fInumber\fR ...] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command checks if the specified numbers are prime. +.PP +If no numbers are given on the command line, the \fB\-generate\fR flag should +be used to generate primes according to the requirements specified by the +rest of the flags. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Display an option summary. +.IP "\fB\-hex\fR" 4 +.IX Item "-hex" +Generate hex output. +.IP "\fB\-generate\fR" 4 +.IX Item "-generate" +Generate a prime number. +.IP "\fB\-bits\fR \fInum\fR" 4 +.IX Item "-bits num" +Generate a prime with \fInum\fR bits. +.IP "\fB\-safe\fR" 4 +.IX Item "-safe" +When used with \fB\-generate\fR, generates a \*(L"safe\*(R" prime. If the number +generated is \fIn\fR, then check that \f(CW\*(C`(\f(CIn\f(CW\-1)/2\*(C'\fR is also prime. +.IP "\fB\-checks\fR \fInum\fR" 4 +.IX Item "-checks num" +This parameter is ignored. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man1/openssl-provider.1 b/linux_amd64/ssl/share/man/man1/openssl-provider.1 new file mode 100755 index 0000000..7b8e3a9 --- /dev/null +++ b/linux_amd64/ssl/share/man/man1/openssl-provider.1 @@ -0,0 +1,173 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-PROVIDER 1" +.TH OPENSSL-PROVIDER 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-provider \- load and query providers +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl provider\fR +[\fB\-help\fR] +[\fB\-v\fR] +[\fB\-vv\fR] +[\fB\-vvv\fR] +[\fIprovider\fR ...] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command is used to query the capabilities of the +specified \fIprovider\fR's. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-v\fR \fB\-vv\fR \fB\-vvv\fR" 4 +.IX Item "-v -vv -vvv" +Provides information about each specified provider. +The first flag lists the names of all algorithms each provider +implements; the second lists them by category; the third adds +information on what parameters each of them can handle. +.SH "ENVIRONMENT" +.IX Header "ENVIRONMENT" +.IP "\fB\s-1OPENSSL_MODULES\s0\fR" 4 +.IX Item "OPENSSL_MODULES" +The path to the modules directory, where one can expect provider +modules to be located. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIconfig\fR\|(5) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man1/openssl-rand.1 b/linux_amd64/ssl/share/man/man1/openssl-rand.1 new file mode 100755 index 0000000..09f2ace --- /dev/null +++ b/linux_amd64/ssl/share/man/man1/openssl-rand.1 @@ -0,0 +1,180 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-RAND 1" +.TH OPENSSL-RAND 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-rand \- generate pseudo\-random bytes +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl rand\fR +[\fB\-help\fR] +[\fB\-out\fR \fIfile\fR] +[\fB\-base64\fR] +[\fB\-hex\fR] +[\fB\-engine\fR \fIid\fR] +[\fB\-rand\fR \fIfiles\fR] +[\fB\-writerand\fR \fIfile\fR] +\&\fInum\fR +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command outputs \fInum\fR pseudo-random bytes after seeding +the random number generator once. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-out\fR \fIfile\fR" 4 +.IX Item "-out file" +Write to \fIfile\fR instead of standard output. +.IP "\fB\-base64\fR" 4 +.IX Item "-base64" +Perform base64 encoding on the output. +.IP "\fB\-hex\fR" 4 +.IX Item "-hex" +Show the output as a hex string. +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +See \*(L"Engine Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 +.IX Item "-rand files, -writerand file" +See \*(L"Random State Options\*(R" in \fIopenssl\fR\|(1) for details. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIRAND_bytes\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man1/openssl-rehash.1 b/linux_amd64/ssl/share/man/man1/openssl-rehash.1 new file mode 100755 index 0000000..02c2537 --- /dev/null +++ b/linux_amd64/ssl/share/man/man1/openssl-rehash.1 @@ -0,0 +1,257 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-REHASH 1" +.TH OPENSSL-REHASH 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-rehash, c_rehash \- Create symbolic links to files named by the hash +values +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR +\&\fBrehash\fR +[\fB\-h\fR] +[\fB\-help\fR] +[\fB\-old\fR] +[\fB\-compat\fR] +[\fB\-n\fR] +[\fB\-v\fR] +[\fIdirectory\fR] ... +.PP +\&\fBc_rehash\fR +[\fB\-h\fR] +[\fB\-help\fR] +[\fB\-old\fR] +[\fB\-n\fR] +[\fB\-v\fR] +[\fIdirectory\fR] ... +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command is generally equivalent to the external +script \fBc_rehash\fR, +except for minor differences noted below. +.PP +\&\fBopenssl rehash\fR scans directories and calculates a hash value of +each \fI.pem\fR, \fI.crt\fR, \fI.cer\fR, or \fI.crl\fR +file in the specified directory list and creates symbolic links +for each file, where the name of the link is the hash value. +(If the platform does not support symbolic links, a copy is made.) +This command is useful as many programs that use OpenSSL require +directories to be set up like this in order to find certificates. +.PP +If any directories are named on the command line, then those are +processed in turn. If not, then the \fB\s-1SSL_CERT_DIR\s0\fR environment variable +is consulted; this should be a colon-separated list of directories, +like the Unix \fB\s-1PATH\s0\fR variable. +If that is not set then the default directory (installation-specific +but often \fI/usr/local/ssl/certs\fR) is processed. +.PP +In order for a directory to be processed, the user must have write +permissions on that directory, otherwise an error will be generated. +.PP +The links created are of the form \fI\s-1HHHHHHHH\s0.D\fR, where each \fIH\fR +is a hexadecimal character and \fID\fR is a single decimal digit. +When a directory is processed, all links in it that have a name +in that syntax are first removed, even if they are being used for +some other purpose. +To skip the removal step, use the \fB\-n\fR flag. +Hashes for \s-1CRL\s0's look similar except the letter \fBr\fR appears after +the period, like this: \fI\s-1HHHHHHHH\s0.\fR\fBr\fR\fID\fR. +.PP +Multiple objects may have the same hash; they will be indicated by +incrementing the \fID\fR value. Duplicates are found by comparing the +full \s-1SHA\-1\s0 fingerprint. A warning will be displayed if a duplicate +is found. +.PP +A warning will also be displayed if there are files that +cannot be parsed as either a certificate or a \s-1CRL\s0 or if +more than one such object appears in the file. +.SS "Script Configuration" +.IX Subsection "Script Configuration" +The \fBc_rehash\fR script +uses the \fBopenssl\fR program to compute the hashes and +fingerprints. If not found in the user's \fB\s-1PATH\s0\fR, then set the +\&\fB\s-1OPENSSL\s0\fR environment variable to the full pathname. +Any program can be used, it will be invoked as follows for either +a certificate or \s-1CRL:\s0 +.PP +.Vb 2 +\& $OPENSSL x509 \-hash \-fingerprint \-noout \-in FILENAME +\& $OPENSSL crl \-hash \-fingerprint \-noout \-in FILENAME +.Ve +.PP +where \fI\s-1FILENAME\s0\fR is the filename. It must output the hash of the +file on the first line, and the fingerprint on the second, +optionally prefixed with some text and an equals sign. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR \fB\-h\fR" 4 +.IX Item "-help -h" +Display a brief usage message. +.IP "\fB\-old\fR" 4 +.IX Item "-old" +Use old-style hashing (\s-1MD5\s0, as opposed to \s-1SHA\-1\s0) for generating +links to be used for releases before 1.0.0. +Note that current versions will not use the old style. +.IP "\fB\-n\fR" 4 +.IX Item "-n" +Do not remove existing links. +This is needed when keeping new and old-style links in the same directory. +.IP "\fB\-compat\fR" 4 +.IX Item "-compat" +Generate links for both old-style (\s-1MD5\s0) and new-style (\s-1SHA1\s0) hashing. +This allows releases before 1.0.0 to use these links along-side newer +releases. +.IP "\fB\-v\fR" 4 +.IX Item "-v" +Print messages about old links removed and new links created. +By default, this command only lists each directory as it is processed. +.SH "ENVIRONMENT" +.IX Header "ENVIRONMENT" +.IP "\fB\s-1OPENSSL\s0\fR" 4 +.IX Item "OPENSSL" +The path to an executable to use to generate hashes and +fingerprints (see above). +.IP "\fB\s-1SSL_CERT_DIR\s0\fR" 4 +.IX Item "SSL_CERT_DIR" +Colon separated list of directories to operate on. +Ignored if directories are listed on the command line. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIopenssl\-crl\fR\|(1), +\&\fIopenssl\-x509\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man1/openssl-req.1 b/linux_amd64/ssl/share/man/man1/openssl-req.1 new file mode 100755 index 0000000..610ab3e --- /dev/null +++ b/linux_amd64/ssl/share/man/man1/openssl-req.1 @@ -0,0 +1,778 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-REQ 1" +.TH OPENSSL-REQ 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-req \- PKCS#10 certificate request and certificate generating utility +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBreq\fR +[\fB\-help\fR] +[\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-in\fR \fIfilename\fR] +[\fB\-passin\fR \fIarg\fR] +[\fB\-out\fR \fIfilename\fR] +[\fB\-passout\fR \fIarg\fR] +[\fB\-text\fR] +[\fB\-pubkey\fR] +[\fB\-noout\fR] +[\fB\-verify\fR] +[\fB\-modulus\fR] +[\fB\-new\fR] +[\fB\-newkey\fR \fIarg\fR] +[\fB\-pkeyopt\fR \fIopt\fR:\fIvalue\fR] +[\fB\-nodes\fR] +[\fB\-key\fR \fIfilename\fR] +[\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-keyout\fR \fIfilename\fR] +[\fB\-keygen_engine\fR \fIid\fR] +[\fB\-\f(BIdigest\fB\fR] +[\fB\-config\fR \fIfilename\fR] +[\fB\-multivalue\-rdn\fR] +[\fB\-x509\fR] +[\fB\-days\fR \fIn\fR] +[\fB\-set_serial\fR \fIn\fR] +[\fB\-newhdr\fR] +[\fB\-addext\fR \fIext\fR] +[\fB\-extensions\fR \fIsection\fR] +[\fB\-reqexts\fR \fIsection\fR] +[\fB\-precert\fR] +[\fB\-utf8\fR] +[\fB\-reqopt\fR] +[\fB\-subject\fR] +[\fB\-subj\fR \fIarg\fR] +[\fB\-sigopt\fR \fInm\fR:\fIv\fR] +[\fB\-batch\fR] +[\fB\-verbose\fR] +[\fB\-sm2\-id\fR \fIstring\fR] +[\fB\-sm2\-hex\-id\fR \fIhex-string\fR] +[\fB\-nameopt\fR \fIoption\fR] +[\fB\-rand\fR \fIfiles\fR] +[\fB\-writerand\fR \fIfile\fR] +[\fB\-engine\fR \fIid\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command primarily creates and processes certificate requests +in PKCS#10 format. It can additionally create self signed certificates +for use as root CAs for example. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR, \fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IX Item "-inform DER|PEM, -outform DER|PEM" +The input and formats; the default is \fB\s-1PEM\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.Sp +The data is a PKCS#10 object. +.IP "\fB\-in\fR \fIfilename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read a request from or standard input +if this option is not specified. A request is only read if the creation +options (\fB\-new\fR and \fB\-newkey\fR) are not specified. +.IP "\fB\-sigopt\fR \fInm\fR:\fIv\fR" 4 +.IX Item "-sigopt nm:v" +Pass options to the signature algorithm during sign or verify operations. +Names and values of these options are algorithm-specific. +.IP "\fB\-passin\fR \fIarg\fR, \fB\-passout\fR \fIarg\fR" 4 +.IX Item "-passin arg, -passout arg" +The password source for the input and output file. +For more information about the format of \fBarg\fR +see \*(L"Pass Phrase Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +This specifies the output filename to write to or standard output by +default. +.IP "\fB\-text\fR" 4 +.IX Item "-text" +Prints out the certificate request in text form. +.IP "\fB\-subject\fR" 4 +.IX Item "-subject" +Prints out the request subject (or certificate subject if \fB\-x509\fR is +specified) +.IP "\fB\-pubkey\fR" 4 +.IX Item "-pubkey" +Outputs the public key. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +This option prevents output of the encoded version of the request. +.IP "\fB\-modulus\fR" 4 +.IX Item "-modulus" +This option prints out the value of the modulus of the public key +contained in the request. +.IP "\fB\-verify\fR" 4 +.IX Item "-verify" +Verifies the signature on the request. +.IP "\fB\-new\fR" 4 +.IX Item "-new" +This option generates a new certificate request. It will prompt +the user for the relevant field values. The actual fields +prompted for and their maximum and minimum sizes are specified +in the configuration file and any requested extensions. +.Sp +If the \fB\-key\fR option is not used it will generate a new \s-1RSA\s0 private +key using information specified in the configuration file. +.IP "\fB\-newkey\fR \fIarg\fR" 4 +.IX Item "-newkey arg" +This option creates a new certificate request and a new private +key. The argument takes one of several forms. +.Sp +\&\fBrsa:\fR\fInbits\fR, where +\&\fInbits\fR is the number of bits, generates an \s-1RSA\s0 key \fInbits\fR +in size. If \fInbits\fR is omitted, i.e. \fB\-newkey\fR \fIrsa\fR specified, +the default key size, specified in the configuration file is used. +.Sp +All other algorithms support the \fB\-newkey\fR \fIalg\fR:\fIfile\fR form, where file +may be an algorithm parameter file, created with \f(CW\*(C`openssl genpkey \-genparam\*(C'\fR +or an X.509 certificate for a key with appropriate algorithm. +.Sp +\&\fBparam:\fR\fIfile\fR generates a key using the parameter file or certificate +\&\fIfile\fR, the algorithm is determined by the parameters. \fIalgname\fR:\fIfile\fR +use algorithm \fIalgname\fR and parameter file \fIfile\fR: the two algorithms must +match or an error occurs. \fIalgname\fR just uses algorithm \fIalgname\fR, and +parameters, if necessary should be specified via \fB\-pkeyopt\fR parameter. +.Sp +\&\fBdsa:\fR\fIfilename\fR generates a \s-1DSA\s0 key using the parameters +in the file \fIfilename\fR. \fBec:\fR\fIfilename\fR generates \s-1EC\s0 key (usable both with +\&\s-1ECDSA\s0 or \s-1ECDH\s0 algorithms), \fBgost2001:\fR\fIfilename\fR generates \s-1GOST\s0 R +34.10\-2001 key (requires \fBgost\fR engine configured in the configuration +file). If just \fBgost2001\fR is specified a parameter set should be +specified by \fB\-pkeyopt\fR \fIparamset:X\fR +.IP "\fB\-pkeyopt\fR \fIopt\fR:\fIvalue\fR" 4 +.IX Item "-pkeyopt opt:value" +Set the public key algorithm option \fIopt\fR to \fIvalue\fR. The precise set of +options supported depends on the public key algorithm used and its +implementation. +See \*(L"\s-1KEY\s0 \s-1GENERATION\s0 \s-1OPTIONS\s0\*(R" in \fIopenssl\-genpkey\fR\|(1) for more details. +.IP "\fB\-key\fR \fIfilename\fR" 4 +.IX Item "-key filename" +This specifies the file to read the private key from. It also +accepts PKCS#8 format private keys for \s-1PEM\s0 format files. +.IP "\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IX Item "-keyform DER|PEM" +The format of the private key; the default is \fB\s-1PEM\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-keyout\fR \fIfilename\fR" 4 +.IX Item "-keyout filename" +This gives the filename to write the newly created private key to. +If this option is not specified then the filename present in the +configuration file is used. +.IP "\fB\-nodes\fR" 4 +.IX Item "-nodes" +If this option is specified then if a private key is created it +will not be encrypted. +.IP "\fB\-\f(BIdigest\fB\fR" 4 +.IX Item "-digest" +This specifies the message digest to sign the request. +Any digest supported by the OpenSSL \fBdgst\fR command can be used. +This overrides the digest algorithm specified in +the configuration file. +.Sp +Some public key algorithms may override this choice. For instance, \s-1DSA\s0 +signatures always use \s-1SHA1\s0, \s-1GOST\s0 R 34.10 signatures always use +\&\s-1GOST\s0 R 34.11\-94 (\fB\-md_gost94\fR), Ed25519 and Ed448 never use any digest. +.IP "\fB\-config\fR \fIfilename\fR" 4 +.IX Item "-config filename" +This allows an alternative configuration file to be specified. +Optional; for a description of the default value, +see \*(L"\s-1COMMAND\s0 \s-1SUMMARY\s0\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-subj\fR \fIarg\fR" 4 +.IX Item "-subj arg" +Sets subject name for new request or supersedes the subject name +when processing a request. +The arg must be formatted as \f(CW\*(C`/type0=value0/type1=value1/type2=...\*(C'\fR. +Keyword characters may be escaped by \e (backslash), and whitespace is retained. +Empty values are permitted, but the corresponding type will not be included +in the request. +.IP "\fB\-multivalue\-rdn\fR" 4 +.IX Item "-multivalue-rdn" +This option causes the \-subj argument to be interpreted with full +support for multivalued RDNs. Example: +.Sp +\&\f(CW\*(C`/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe\*(C'\fR +.Sp +If \-multi\-rdn is not used then the \s-1UID\s0 value is \f(CW\*(C`123456+CN=John Doe\*(C'\fR. +.IP "\fB\-x509\fR" 4 +.IX Item "-x509" +This option outputs a self signed certificate instead of a certificate +request. This is typically used to generate a test certificate or +a self signed root \s-1CA\s0. The extensions added to the certificate +(if any) are specified in the configuration file. Unless specified +using the \fB\-set_serial\fR option, a large random number will be used for +the serial number. +.Sp +If existing request is specified with the \fB\-in\fR option, it is converted +to the self signed certificate otherwise new request is created. +.IP "\fB\-days\fR \fIn\fR" 4 +.IX Item "-days n" +When the \fB\-x509\fR option is being used this specifies the number of +days to certify the certificate for, otherwise it is ignored. \fIn\fR should +be a positive integer. The default is 30 days. +.IP "\fB\-set_serial\fR \fIn\fR" 4 +.IX Item "-set_serial n" +Serial number to use when outputting a self signed certificate. This +may be specified as a decimal value or a hex value if preceded by \f(CW\*(C`0x\*(C'\fR. +.IP "\fB\-addext\fR \fIext\fR" 4 +.IX Item "-addext ext" +Add a specific extension to the certificate (if the \fB\-x509\fR option is +present) or certificate request. The argument must have the form of +a key=value pair as it would appear in a config file. +.Sp +This option can be given multiple times. +.IP "\fB\-extensions\fR \fIsection\fR" 4 +.IX Item "-extensions section" +.PD 0 +.IP "\fB\-reqexts\fR \fIsection\fR" 4 +.IX Item "-reqexts section" +.PD +These options specify alternative sections to include certificate +extensions (if the \fB\-x509\fR option is present) or certificate +request extensions. This allows several different sections to +be used in the same configuration file to specify requests for +a variety of purposes. +.IP "\fB\-precert\fR" 4 +.IX Item "-precert" +A poison extension will be added to the certificate, making it a +\&\*(L"pre-certificate\*(R" (see \s-1RFC6962\s0). This can be submitted to Certificate +Transparency logs in order to obtain signed certificate timestamps (SCTs). +These SCTs can then be embedded into the pre-certificate as an extension, before +removing the poison and signing the certificate. +.Sp +This implies the \fB\-new\fR flag. +.IP "\fB\-utf8\fR" 4 +.IX Item "-utf8" +This option causes field values to be interpreted as \s-1UTF8\s0 strings, by +default they are interpreted as \s-1ASCII\s0. This means that the field +values, whether prompted from a terminal or obtained from a +configuration file, must be valid \s-1UTF8\s0 strings. +.IP "\fB\-reqopt\fR \fIoption\fR" 4 +.IX Item "-reqopt option" +Customise the output format used with \fB\-text\fR. The \fIoption\fR argument can be +a single option or multiple options separated by commas. +.Sp +See discussion of the \fB\-certopt\fR parameter in the \fIopenssl\-x509\fR\|(1) +command. +.IP "\fB\-newhdr\fR" 4 +.IX Item "-newhdr" +Adds the word \fB\s-1NEW\s0\fR to the \s-1PEM\s0 file header and footer lines on the outputted +request. Some software (Netscape certificate server) and some CAs need this. +.IP "\fB\-batch\fR" 4 +.IX Item "-batch" +Non-interactive mode. +.IP "\fB\-verbose\fR" 4 +.IX Item "-verbose" +Print extra details about the operations being performed. +.IP "\fB\-keygen_engine\fR \fIid\fR" 4 +.IX Item "-keygen_engine id" +Specifies an engine (by its unique \fIid\fR string) which would be used +for key generation operations. +.IP "\fB\-sm2\-id\fR" 4 +.IX Item "-sm2-id" +Specify the \s-1ID\s0 string to use when verifying an \s-1SM2\s0 certificate request. The \s-1ID\s0 +string is required by the \s-1SM2\s0 signature algorithm for signing and verification. +.IP "\fB\-sm2\-hex\-id\fR" 4 +.IX Item "-sm2-hex-id" +Specify a binary \s-1ID\s0 string to use when verifying an \s-1SM2\s0 certificate request. The +argument for this option is string of hexadecimal digits. +.IP "\fB\-nameopt\fR \fIoption\fR" 4 +.IX Item "-nameopt option" +This specifies how the subject or issuer names are displayed. +See \*(L"Name Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 +.IX Item "-rand files, -writerand file" +See \*(L"Random State Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +See \*(L"Engine Options\*(R" in \fIopenssl\fR\|(1). +.SH "CONFIGURATION FILE FORMAT" +.IX Header "CONFIGURATION FILE FORMAT" +The configuration options are specified in the \fBreq\fR section of +the configuration file. As with all configuration files if no +value is specified in the specific section (i.e. \fBreq\fR) then +the initial unnamed or \fBdefault\fR section is searched too. +.PP +The options available are described in detail below. +.IP "\fBinput_password output_password\fR" 4 +.IX Item "input_password output_password" +The passwords for the input private key file (if present) and +the output private key file (if one will be created). The +command line options \fBpassin\fR and \fBpassout\fR override the +configuration file values. +.IP "\fBdefault_bits\fR" 4 +.IX Item "default_bits" +Specifies the default key size in bits. +.Sp +This option is used in conjunction with the \fB\-new\fR option to generate +a new key. It can be overridden by specifying an explicit key size in +the \fB\-newkey\fR option. The smallest accepted key size is 512 bits. If +no key size is specified then 2048 bits is used. +.IP "\fBdefault_keyfile\fR" 4 +.IX Item "default_keyfile" +This is the default filename to write a private key to. If not +specified the key is written to standard output. This can be +overridden by the \fB\-keyout\fR option. +.IP "\fBoid_file\fR" 4 +.IX Item "oid_file" +This specifies a file containing additional \fB\s-1OBJECT\s0 \s-1IDENTIFIERS\s0\fR. +Each line of the file should consist of the numerical form of the +object identifier followed by white space then the short name followed +by white space and finally the long name. +.IP "\fBoid_section\fR" 4 +.IX Item "oid_section" +This specifies a section in the configuration file containing extra +object identifiers. Each line should consist of the short name of the +object identifier followed by \fB=\fR and the numerical form. The short +and long names are the same when this option is used. +.IP "\fB\s-1RANDFILE\s0\fR" 4 +.IX Item "RANDFILE" +At startup the specified file is loaded into the random number generator, +and at exit 256 bytes will be written to it. +It is used for private key generation. +.IP "\fBencrypt_key\fR" 4 +.IX Item "encrypt_key" +If this is set to \fBno\fR then if a private key is generated it is +\&\fBnot\fR encrypted. This is equivalent to the \fB\-nodes\fR command line +option. For compatibility \fBencrypt_rsa_key\fR is an equivalent option. +.IP "\fBdefault_md\fR" 4 +.IX Item "default_md" +This option specifies the digest algorithm to use. Any digest supported by the +OpenSSL \fBdgst\fR command can be used. This option can be overridden on the +command line. Certain signing algorithms (i.e. Ed25519 and Ed448) will ignore +any digest that has been set. +.IP "\fBstring_mask\fR" 4 +.IX Item "string_mask" +This option masks out the use of certain string types in certain +fields. Most users will not need to change this option. +.Sp +It can be set to several values \fBdefault\fR which is also the default +option uses PrintableStrings, T61Strings and BMPStrings if the +\&\fBpkix\fR value is used then only PrintableStrings and BMPStrings will +be used. This follows the \s-1PKIX\s0 recommendation in \s-1RFC2459\s0. If the +\&\fButf8only\fR option is used then only UTF8Strings will be used: this +is the \s-1PKIX\s0 recommendation in \s-1RFC2459\s0 after 2003. Finally the \fBnombstr\fR +option just uses PrintableStrings and T61Strings: certain software has +problems with BMPStrings and UTF8Strings: in particular Netscape. +.IP "\fBreq_extensions\fR" 4 +.IX Item "req_extensions" +This specifies the configuration file section containing a list of +extensions to add to the certificate request. It can be overridden +by the \fB\-reqexts\fR command line switch. See the +\&\fIx509v3_config\fR\|(5) manual page for details of the +extension section format. +.IP "\fBx509_extensions\fR" 4 +.IX Item "x509_extensions" +This specifies the configuration file section containing a list of +extensions to add to certificate generated when the \fB\-x509\fR switch +is used. It can be overridden by the \fB\-extensions\fR command line switch. +.IP "\fBprompt\fR" 4 +.IX Item "prompt" +If set to the value \fBno\fR this disables prompting of certificate fields +and just takes values from the config file directly. It also changes the +expected format of the \fBdistinguished_name\fR and \fBattributes\fR sections. +.IP "\fButf8\fR" 4 +.IX Item "utf8" +If set to the value \fByes\fR then field values to be interpreted as \s-1UTF8\s0 +strings, by default they are interpreted as \s-1ASCII\s0. This means that +the field values, whether prompted from a terminal or obtained from a +configuration file, must be valid \s-1UTF8\s0 strings. +.IP "\fBattributes\fR" 4 +.IX Item "attributes" +This specifies the section containing any request attributes: its format +is the same as \fBdistinguished_name\fR. Typically these may contain the +challengePassword or unstructuredName types. They are currently ignored +by OpenSSL's request signing utilities but some CAs might want them. +.IP "\fBdistinguished_name\fR" 4 +.IX Item "distinguished_name" +This specifies the section containing the distinguished name fields to +prompt for when generating a certificate or certificate request. The format +is described in the next section. +.SH "DISTINGUISHED NAME AND ATTRIBUTE SECTION FORMAT" +.IX Header "DISTINGUISHED NAME AND ATTRIBUTE SECTION FORMAT" +There are two separate formats for the distinguished name and attribute +sections. If the \fBprompt\fR option is set to \fBno\fR then these sections +just consist of field names and values: for example, +.PP +.Vb 3 +\& CN=My Name +\& OU=My Organization +\& emailAddress=someone@somewhere.org +.Ve +.PP +This allows external programs (e.g. \s-1GUI\s0 based) to generate a template file with +all the field names and values and just pass it to this command. An example +of this kind of configuration file is contained in the \fB\s-1EXAMPLES\s0\fR section. +.PP +Alternatively if the \fBprompt\fR option is absent or not set to \fBno\fR then the +file contains field prompting information. It consists of lines of the form: +.PP +.Vb 4 +\& fieldName="prompt" +\& fieldName_default="default field value" +\& fieldName_min= 2 +\& fieldName_max= 4 +.Ve +.PP +\&\*(L"fieldName\*(R" is the field name being used, for example commonName (or \s-1CN\s0). +The \*(L"prompt\*(R" string is used to ask the user to enter the relevant +details. If the user enters nothing then the default value is used if no +default value is present then the field is omitted. A field can +still be omitted if a default value is present if the user just +enters the '.' character. +.PP +The number of characters entered must be between the fieldName_min and +fieldName_max limits: there may be additional restrictions based +on the field being used (for example countryName can only ever be +two characters long and must fit in a PrintableString). +.PP +Some fields (such as organizationName) can be used more than once +in a \s-1DN\s0. This presents a problem because configuration files will +not recognize the same name occurring twice. To avoid this problem +if the fieldName contains some characters followed by a full stop +they will be ignored. So for example a second organizationName can +be input by calling it \*(L"1.organizationName\*(R". +.PP +The actual permitted field names are any object identifier short or +long names. These are compiled into OpenSSL and include the usual +values such as commonName, countryName, localityName, organizationName, +organizationalUnitName, stateOrProvinceName. Additionally emailAddress +is included as well as name, surname, givenName, initials, and dnQualifier. +.PP +Additional object identifiers can be defined with the \fBoid_file\fR or +\&\fBoid_section\fR options in the configuration file. Any additional fields +will be treated as though they were a DirectoryString. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Examine and verify certificate request: +.PP +.Vb 1 +\& openssl req \-in req.pem \-text \-verify \-noout +.Ve +.PP +Create a private key and then generate a certificate request from it: +.PP +.Vb 2 +\& openssl genrsa \-out key.pem 2048 +\& openssl req \-new \-key key.pem \-out req.pem +.Ve +.PP +The same but just using req: +.PP +.Vb 1 +\& openssl req \-newkey rsa:2048 \-keyout key.pem \-out req.pem +.Ve +.PP +Generate a self signed root certificate: +.PP +.Vb 1 +\& openssl req \-x509 \-newkey rsa:2048 \-keyout key.pem \-out req.pem +.Ve +.PP +Create an \s-1SM2\s0 private key and then generate a certificate request from it: +.PP +.Vb 2 +\& openssl ecparam \-genkey \-name SM2 \-out sm2.key +\& openssl req \-new \-key sm2.key \-out sm2.csr \-sm3 \-sigopt "sm2_id:1234567812345678" +.Ve +.PP +Examine and verify an \s-1SM2\s0 certificate request: +.PP +.Vb 1 +\& openssl req \-verify \-in sm2.csr \-sm3 \-sm2\-id 1234567812345678 +.Ve +.PP +Example of a file pointed to by the \fBoid_file\fR option: +.PP +.Vb 2 +\& 1.2.3.4 shortName A longer Name +\& 1.2.3.6 otherName Other longer Name +.Ve +.PP +Example of a section pointed to by \fBoid_section\fR making use of variable +expansion: +.PP +.Vb 2 +\& testoid1=1.2.3.5 +\& testoid2=${testoid1}.6 +.Ve +.PP +Sample configuration file prompting for field values: +.PP +.Vb 6 +\& [ req ] +\& default_bits = 2048 +\& default_keyfile = privkey.pem +\& distinguished_name = req_distinguished_name +\& attributes = req_attributes +\& req_extensions = v3_ca +\& +\& dirstring_type = nobmp +\& +\& [ req_distinguished_name ] +\& countryName = Country Name (2 letter code) +\& countryName_default = AU +\& countryName_min = 2 +\& countryName_max = 2 +\& +\& localityName = Locality Name (eg, city) +\& +\& organizationalUnitName = Organizational Unit Name (eg, section) +\& +\& commonName = Common Name (eg, YOUR name) +\& commonName_max = 64 +\& +\& emailAddress = Email Address +\& emailAddress_max = 40 +\& +\& [ req_attributes ] +\& challengePassword = A challenge password +\& challengePassword_min = 4 +\& challengePassword_max = 20 +\& +\& [ v3_ca ] +\& +\& subjectKeyIdentifier=hash +\& authorityKeyIdentifier=keyid:always,issuer:always +\& basicConstraints = critical, CA:true +.Ve +.PP +Sample configuration containing all field values: +.PP +.Vb 7 +\& [ req ] +\& default_bits = 2048 +\& default_keyfile = keyfile.pem +\& distinguished_name = req_distinguished_name +\& attributes = req_attributes +\& prompt = no +\& output_password = mypass +\& +\& [ req_distinguished_name ] +\& C = GB +\& ST = Test State or Province +\& L = Test Locality +\& O = Organization Name +\& OU = Organizational Unit Name +\& CN = Common Name +\& emailAddress = test@email.address +\& +\& [ req_attributes ] +\& challengePassword = A challenge password +.Ve +.PP +Example of giving the most common attributes (subject and extensions) +on the command line: +.PP +.Vb 4 +\& openssl req \-new \-subj "/C=GB/CN=foo" \e +\& \-addext "subjectAltName = DNS:foo.co.uk" \e +\& \-addext "certificatePolicies = 1.2.3.4" \e +\& \-newkey rsa:2048 \-keyout key.pem \-out req.pem +.Ve +.SH "NOTES" +.IX Header "NOTES" +The certificate requests generated by \fBXenroll\fR with \s-1MSIE\s0 have extensions +added. It includes the \fBkeyUsage\fR extension which determines the type of +key (signature only or general purpose) and any additional OIDs entered +by the script in an \fBextendedKeyUsage\fR extension. +.SH "DIAGNOSTICS" +.IX Header "DIAGNOSTICS" +The following messages are frequently asked about: +.PP +.Vb 2 +\& Using configuration from /some/path/openssl.cnf +\& Unable to load config info +.Ve +.PP +This is followed some time later by: +.PP +.Vb 2 +\& unable to find \*(Aqdistinguished_name\*(Aq in config +\& problems making Certificate Request +.Ve +.PP +The first error message is the clue: it can't find the configuration +file! Certain operations (like examining a certificate request) don't +need a configuration file so its use isn't enforced. Generation of +certificates or requests however does need a configuration file. This +could be regarded as a bug. +.PP +Another puzzling message is this: +.PP +.Vb 2 +\& Attributes: +\& a0:00 +.Ve +.PP +this is displayed when no attributes are present and the request includes +the correct empty \fB\s-1SET\s0 \s-1OF\s0\fR structure (the \s-1DER\s0 encoding of which is 0xa0 +0x00). If you just see: +.PP +.Vb 1 +\& Attributes: +.Ve +.PP +then the \fB\s-1SET\s0 \s-1OF\s0\fR is missing and the encoding is technically invalid (but +it is tolerated). See the description of the command line option \fB\-asn1\-kludge\fR +for more information. +.SH "BUGS" +.IX Header "BUGS" +OpenSSL's handling of T61Strings (aka TeletexStrings) is broken: it effectively +treats them as \s-1ISO\-8859\-1\s0 (Latin 1), Netscape and \s-1MSIE\s0 have similar behaviour. +This can cause problems if you need characters that aren't available in +PrintableStrings and you don't want to or can't use BMPStrings. +.PP +As a consequence of the T61String handling the only correct way to represent +accented characters in OpenSSL is to use a BMPString: unfortunately Netscape +currently chokes on these. If you have to use accented characters with Netscape +and \s-1MSIE\s0 then you currently need to use the invalid T61String form. +.PP +The current prompting is not very friendly. It doesn't allow you to confirm what +you've just entered. Other things like extensions in certificate requests are +statically defined in the configuration file. Some of these: like an email +address in subjectAltName should be input by the user. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIopenssl\-x509\fR\|(1), +\&\fIopenssl\-ca\fR\|(1), +\&\fIopenssl\-genrsa\fR\|(1), +\&\fIopenssl\-gendsa\fR\|(1), +\&\fIconfig\fR\|(5), +\&\fIx509v3_config\fR\|(5) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man1/openssl-rsa.1 b/linux_amd64/ssl/share/man/man1/openssl-rsa.1 new file mode 100755 index 0000000..cfdbeb4 --- /dev/null +++ b/linux_amd64/ssl/share/man/man1/openssl-rsa.1 @@ -0,0 +1,303 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-RSA 1" +.TH OPENSSL-RSA 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-rsa \- RSA key processing tool +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBrsa\fR +[\fB\-help\fR] +[\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-in\fR \fIfilename\fR] +[\fB\-passin\fR \fIarg\fR] +[\fB\-out\fR \fIfilename\fR] +[\fB\-passout\fR \fIarg\fR] +[\fB\-aes128\fR] +[\fB\-aes192\fR] +[\fB\-aes256\fR] +[\fB\-aria128\fR] +[\fB\-aria192\fR] +[\fB\-aria256\fR] +[\fB\-camellia128\fR] +[\fB\-camellia192\fR] +[\fB\-camellia256\fR] +[\fB\-des\fR] +[\fB\-des3\fR] +[\fB\-idea\fR] +[\fB\-text\fR] +[\fB\-noout\fR] +[\fB\-modulus\fR] +[\fB\-check\fR] +[\fB\-pubin\fR] +[\fB\-pubout\fR] +[\fB\-RSAPublicKey_in\fR] +[\fB\-RSAPublicKey_out\fR] +[\fB\-engine\fR \fIid\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command has been deprecated. +The \fIopenssl\-pkey\fR\|(1) command should be used instead. +.PP +This command processes \s-1RSA\s0 keys. They can be converted between +various forms and their components printed out. \fBNote\fR this command uses the +traditional SSLeay compatible format for private key encryption: newer +applications should use the more secure PKCS#8 format using the +\&\fIopenssl\-pkcs8\fR\|(1) command. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR, \fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IX Item "-inform DER|PEM, -outform DER|PEM" +The input and formats; the default is \fB\s-1PEM\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IX Item "-inform DER|PEM" +The data is a PKCS#1 \fBRSAPrivateKey\fR or \fBSubjectPublicKey\fR object. +On input, PKCS#8 format private keys are also accepted. +.IP "\fB\-in\fR \fIfilename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read a key from or standard input if this +option is not specified. If the key is encrypted a pass phrase will be +prompted for. +.IP "\fB\-passin\fR \fIarg\fR, \fB\-passout\fR \fIarg\fR" 4 +.IX Item "-passin arg, -passout arg" +The password source for the input and output file. +For more information about the format of \fBarg\fR +see \*(L"Pass Phrase Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +This specifies the output filename to write a key to or standard output if this +option is not specified. If any encryption options are set then a pass phrase +will be prompted for. The output filename should \fBnot\fR be the same as the input +filename. +.IP "\fB\-aes128\fR, \fB\-aes192\fR, \fB\-aes256\fR, \fB\-aria128\fR, \fB\-aria192\fR, \fB\-aria256\fR, \fB\-camellia128\fR, \fB\-camellia192\fR, \fB\-camellia256\fR, \fB\-des\fR, \fB\-des3\fR, \fB\-idea\fR" 4 +.IX Item "-aes128, -aes192, -aes256, -aria128, -aria192, -aria256, -camellia128, -camellia192, -camellia256, -des, -des3, -idea" +These options encrypt the private key with the specified +cipher before outputting it. A pass phrase is prompted for. +If none of these options is specified the key is written in plain text. This +means that this command can be used to remove the pass phrase from a key +by not giving any encryption option is given, or to add or change the pass +phrase by setting them. +These options can only be used with \s-1PEM\s0 format output files. +.IP "\fB\-text\fR" 4 +.IX Item "-text" +Prints out the various public or private key components in +plain text in addition to the encoded version. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +This option prevents output of the encoded version of the key. +.IP "\fB\-modulus\fR" 4 +.IX Item "-modulus" +This option prints out the value of the modulus of the key. +.IP "\fB\-check\fR" 4 +.IX Item "-check" +This option checks the consistency of an \s-1RSA\s0 private key. +.IP "\fB\-pubin\fR" 4 +.IX Item "-pubin" +By default a private key is read from the input file: with this +option a public key is read instead. +.IP "\fB\-pubout\fR" 4 +.IX Item "-pubout" +By default a private key is output: with this option a public +key will be output instead. This option is automatically set if +the input is a public key. +.IP "\fB\-RSAPublicKey_in\fR, \fB\-RSAPublicKey_out\fR" 4 +.IX Item "-RSAPublicKey_in, -RSAPublicKey_out" +Like \fB\-pubin\fR and \fB\-pubout\fR except \fBRSAPublicKey\fR format is used instead. +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +See \*(L"Engine Options\*(R" in \fIopenssl\fR\|(1). +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Examples equivalent to these can be found in the documentation for the +non-deprecated \fIopenssl\-pkey\fR\|(1) command. +.PP +To remove the pass phrase on an \s-1RSA\s0 private key: +.PP +.Vb 1 +\& openssl rsa \-in key.pem \-out keyout.pem +.Ve +.PP +To encrypt a private key using triple \s-1DES:\s0 +.PP +.Vb 1 +\& openssl rsa \-in key.pem \-des3 \-out keyout.pem +.Ve +.PP +To convert a private key from \s-1PEM\s0 to \s-1DER\s0 format: +.PP +.Vb 1 +\& openssl rsa \-in key.pem \-outform DER \-out keyout.der +.Ve +.PP +To print out the components of a private key to standard output: +.PP +.Vb 1 +\& openssl rsa \-in key.pem \-text \-noout +.Ve +.PP +To just output the public part of a private key: +.PP +.Vb 1 +\& openssl rsa \-in key.pem \-pubout \-out pubkey.pem +.Ve +.PP +Output the public part of a private key in \fBRSAPublicKey\fR format: +.PP +.Vb 1 +\& openssl rsa \-in key.pem \-RSAPublicKey_out \-out pubkey.pem +.Ve +.SH "BUGS" +.IX Header "BUGS" +There should be an option that automatically handles \fI.key\fR files, +without having to manually edit them. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIopenssl\-pkey\fR\|(1), +\&\fIopenssl\-pkcs8\fR\|(1), +\&\fIopenssl\-dsa\fR\|(1), +\&\fIopenssl\-genrsa\fR\|(1), +\&\fIopenssl\-gendsa\fR\|(1) +.SH "HISTORY" +.IX Header "HISTORY" +This command was deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man1/openssl-rsautl.1 b/linux_amd64/ssl/share/man/man1/openssl-rsautl.1 new file mode 100755 index 0000000..b98b35b --- /dev/null +++ b/linux_amd64/ssl/share/man/man1/openssl-rsautl.1 @@ -0,0 +1,362 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-RSAUTL 1" +.TH OPENSSL-RSAUTL 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-rsautl \- RSA utility +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBrsautl\fR +[\fB\-help\fR] +[\fB\-in\fR \fIfile\fR] +[\fB\-passin\fR \fIarg\fR] +[\fB\-rev\fR] +[\fB\-out\fR \fIfile\fR] +[\fB\-inkey\fR \fIfile\fR] +[\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1ENGINE\s0\fR] +[\fB\-pubin\fR] +[\fB\-certin\fR] +[\fB\-sign\fR] +[\fB\-verify\fR] +[\fB\-encrypt\fR] +[\fB\-decrypt\fR] +[\fB\-pkcs\fR] +[\fB\-x931\fR] +[\fB\-oaep\fR] +[\fB\-ssl\fR] +[\fB\-raw\fR] +[\fB\-pkcs\fR] +[\fB\-ssl\fR] +[\fB\-raw\fR] +[\fB\-hexdump\fR] +[\fB\-asn1parse\fR] +[\fB\-engine\fR \fIid\fR] +[\fB\-rand\fR \fIfiles\fR] +[\fB\-writerand\fR \fIfile\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command has been deprecated. +The \fIopenssl\-pkeyutl\fR\|(1) command should be used instead. +.PP +This command can be used to sign, verify, encrypt and decrypt +data using the \s-1RSA\s0 algorithm. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-in\fR \fIfilename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read data from or standard input +if this option is not specified. +.IP "\fB\-passin\fR \fIarg\fR" 4 +.IX Item "-passin arg" +The passphrase used in the output file. +See see \*(L"Pass Phrase Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-rev\fR" 4 +.IX Item "-rev" +Reverse the order of the input. +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +Specifies the output filename to write to or standard output by +default. +.IP "\fB\-inkey\fR \fIfile\fR" 4 +.IX Item "-inkey file" +The input key file, by default it should be an \s-1RSA\s0 private key. +.IP "\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1ENGINE\s0\fR" 4 +.IX Item "-keyform DER|PEM|ENGINE" +The key format; the default is \fB\s-1PEM\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-pubin\fR" 4 +.IX Item "-pubin" +The input file is an \s-1RSA\s0 public key. +.IP "\fB\-certin\fR" 4 +.IX Item "-certin" +The input is a certificate containing an \s-1RSA\s0 public key. +.IP "\fB\-sign\fR" 4 +.IX Item "-sign" +Sign the input data and output the signed result. This requires +an \s-1RSA\s0 private key. +.IP "\fB\-verify\fR" 4 +.IX Item "-verify" +Verify the input data and output the recovered data. +.IP "\fB\-encrypt\fR" 4 +.IX Item "-encrypt" +Encrypt the input data using an \s-1RSA\s0 public key. +.IP "\fB\-decrypt\fR" 4 +.IX Item "-decrypt" +Decrypt the input data using an \s-1RSA\s0 private key. +.IP "\fB\-pkcs\fR, \fB\-oaep\fR, \fB\-x931\fR \fB\-ssl\fR, \fB\-raw\fR" 4 +.IX Item "-pkcs, -oaep, -x931 -ssl, -raw" +The padding to use: PKCS#1 v1.5 (the default), PKCS#1 \s-1OAEP\s0, +\&\s-1ANSI\s0 X9.31, +special padding used in \s-1SSL\s0 v2 backwards compatible handshakes, +or no padding, respectively. +For signatures, only \fB\-pkcs\fR and \fB\-raw\fR can be used. +.IP "\fB\-hexdump\fR" 4 +.IX Item "-hexdump" +Hex dump the output data. +.IP "\fB\-asn1parse\fR" 4 +.IX Item "-asn1parse" +Parse the \s-1ASN\s0.1 output data, this is useful when combined with the +\&\fB\-verify\fR option. +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +See \*(L"Engine Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 +.IX Item "-rand files, -writerand file" +See \*(L"Random State Options\*(R" in \fIopenssl\fR\|(1) for details. +.SH "NOTES" +.IX Header "NOTES" +Since this command uses the \s-1RSA\s0 algorithm directly, it can only be +used to sign or verify small pieces of data. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Examples equivalent to these can be found in the documentation for the +non-deprecated \fIopenssl\-pkeyutl\fR\|(1) command. +.PP +Sign some data using a private key: +.PP +.Vb 1 +\& openssl rsautl \-sign \-in file \-inkey key.pem \-out sig +.Ve +.PP +Recover the signed data +.PP +.Vb 1 +\& openssl rsautl \-verify \-in sig \-inkey key.pem +.Ve +.PP +Examine the raw signed data: +.PP +.Vb 1 +\& openssl rsautl \-verify \-in sig \-inkey key.pem \-raw \-hexdump +\& +\& 0000 \- 00 01 ff ff ff ff ff ff\-ff ff ff ff ff ff ff ff ................ +\& 0010 \- ff ff ff ff ff ff ff ff\-ff ff ff ff ff ff ff ff ................ +\& 0020 \- ff ff ff ff ff ff ff ff\-ff ff ff ff ff ff ff ff ................ +\& 0030 \- ff ff ff ff ff ff ff ff\-ff ff ff ff ff ff ff ff ................ +\& 0040 \- ff ff ff ff ff ff ff ff\-ff ff ff ff ff ff ff ff ................ +\& 0050 \- ff ff ff ff ff ff ff ff\-ff ff ff ff ff ff ff ff ................ +\& 0060 \- ff ff ff ff ff ff ff ff\-ff ff ff ff ff ff ff ff ................ +\& 0070 \- ff ff ff ff 00 68 65 6c\-6c 6f 20 77 6f 72 6c 64 .....hello world +.Ve +.PP +The PKCS#1 block formatting is evident from this. If this was done using +encrypt and decrypt the block would have been of type 2 (the second byte) +and random padding data visible instead of the 0xff bytes. +.PP +It is possible to analyse the signature of certificates using this +utility in conjunction with \fIopenssl\-asn1parse\fR\|(1). Consider the self signed +example in \fIcerts/pca\-cert.pem\fR. Running \fIopenssl\-asn1parse\fR\|(1) as follows +yields: +.PP +.Vb 1 +\& openssl asn1parse \-in pca\-cert.pem +\& +\& 0:d=0 hl=4 l= 742 cons: SEQUENCE +\& 4:d=1 hl=4 l= 591 cons: SEQUENCE +\& 8:d=2 hl=2 l= 3 cons: cont [ 0 ] +\& 10:d=3 hl=2 l= 1 prim: INTEGER :02 +\& 13:d=2 hl=2 l= 1 prim: INTEGER :00 +\& 16:d=2 hl=2 l= 13 cons: SEQUENCE +\& 18:d=3 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption +\& 29:d=3 hl=2 l= 0 prim: NULL +\& 31:d=2 hl=2 l= 92 cons: SEQUENCE +\& 33:d=3 hl=2 l= 11 cons: SET +\& 35:d=4 hl=2 l= 9 cons: SEQUENCE +\& 37:d=5 hl=2 l= 3 prim: OBJECT :countryName +\& 42:d=5 hl=2 l= 2 prim: PRINTABLESTRING :AU +\& .... +\& 599:d=1 hl=2 l= 13 cons: SEQUENCE +\& 601:d=2 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption +\& 612:d=2 hl=2 l= 0 prim: NULL +\& 614:d=1 hl=3 l= 129 prim: BIT STRING +.Ve +.PP +The final \s-1BIT\s0 \s-1STRING\s0 contains the actual signature. It can be extracted with: +.PP +.Vb 1 +\& openssl asn1parse \-in pca\-cert.pem \-out sig \-noout \-strparse 614 +.Ve +.PP +The certificate public key can be extracted with: +.PP +.Vb 1 +\& openssl x509 \-in test/testx509.pem \-pubkey \-noout >pubkey.pem +.Ve +.PP +The signature can be analysed with: +.PP +.Vb 1 +\& openssl rsautl \-in sig \-verify \-asn1parse \-inkey pubkey.pem \-pubin +\& +\& 0:d=0 hl=2 l= 32 cons: SEQUENCE +\& 2:d=1 hl=2 l= 12 cons: SEQUENCE +\& 4:d=2 hl=2 l= 8 prim: OBJECT :md5 +\& 14:d=2 hl=2 l= 0 prim: NULL +\& 16:d=1 hl=2 l= 16 prim: OCTET STRING +\& 0000 \- f3 46 9e aa 1a 4a 73 c9\-37 ea 93 00 48 25 08 b5 .F...Js.7...H%.. +.Ve +.PP +This is the parsed version of an \s-1ASN1\s0 DigestInfo structure. It can be seen that +the digest used was md5. The actual part of the certificate that was signed can +be extracted with: +.PP +.Vb 1 +\& openssl asn1parse \-in pca\-cert.pem \-out tbs \-noout \-strparse 4 +.Ve +.PP +and its digest computed with: +.PP +.Vb 2 +\& openssl md5 \-c tbs +\& MD5(tbs)= f3:46:9e:aa:1a:4a:73:c9:37:ea:93:00:48:25:08:b5 +.Ve +.PP +which it can be seen agrees with the recovered value above. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIopenssl\-pkeyutl\fR\|(1), +\&\fIopenssl\-dgst\fR\|(1), +\&\fIopenssl\-rsa\fR\|(1), +\&\fIopenssl\-genrsa\fR\|(1) +.SH "HISTORY" +.IX Header "HISTORY" +This command was deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man1/openssl-s_client.1 b/linux_amd64/ssl/share/man/man1/openssl-s_client.1 new file mode 100755 index 0000000..65ed2f5 --- /dev/null +++ b/linux_amd64/ssl/share/man/man1/openssl-s_client.1 @@ -0,0 +1,982 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-S_CLIENT 1" +.TH OPENSSL-S_CLIENT 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-s_client \- SSL/TLS client program +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBs_client\fR +[\fB\-help\fR] +[\fB\-ssl_config\fR \fIsection\fR] +[\fB\-connect\fR \fIhost:port\fR] +[\fB\-host\fR \fIhostname\fR] +[\fB\-port\fR \fIport\fR] +[\fB\-bind\fR \fIhost:port\fR] +[\fB\-proxy\fR \fIhost:port\fR] +[\fB\-proxy_user\fR \fIuserid\fR] +[\fB\-proxy_pass\fR \fIarg\fR] +[\fB\-unix\fR \fIpath\fR] +[\fB\-4\fR] +[\fB\-6\fR] +[\fB\-servername\fR \fIname\fR] +[\fB\-noservername\fR] +[\fB\-verify\fR \fIdepth\fR] +[\fB\-verify_return_error\fR] +[\fB\-verify_quiet\fR] +[\fB\-verifyCAfile\fR \fIfilename\fR] +[\fB\-verifyCApath\fR \fIdir\fR] +[\fB\-verifyCAstore\fR \fIuri\fR] +[\fB\-cert\fR \fIfilename\fR] +[\fB\-certform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-CRL\fR \fIfilename\fR] +[\fB\-CRLform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-crl_download\fR] +[\fB\-key\fR \fIfilename\fR] +[\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-cert_chain\fR \fIfilename\fR] +[\fB\-build_chain\fR] +[\fB\-pass\fR \fIarg\fR] +[\fB\-chainCApath\fR \fIdirectory\fR] +[\fB\-chainCAfile\fR \fIfilename\fR] +[\fB\-chainCAstore\fR \fIuri\fR] +[\fB\-requestCAfile\fR \fIfilename\fR] +[\fB\-dane_tlsa_domain\fR \fIdomain\fR] +[\fB\-dane_tlsa_rrdata\fR \fIrrdata\fR] +[\fB\-dane_ee_no_namechecks\fR] +[\fB\-build_chain\fR] +[\fB\-reconnect\fR] +[\fB\-showcerts\fR] +[\fB\-prexit\fR] +[\fB\-debug\fR] +[\fB\-trace\fR] +[\fB\-nocommands\fR] +[\fB\-security_debug\fR] +[\fB\-security_debug_verbose\fR] +[\fB\-msg\fR] +[\fB\-timeout\fR] +[\fB\-mtu\fR \fIsize\fR] +[\fB\-keymatexport\fR \fIlabel\fR] +[\fB\-keymatexportlen\fR \fIlen\fR] +[\fB\-msgfile\fR \fIfilename\fR] +[\fB\-nbio_test\fR] +[\fB\-state\fR] +[\fB\-nbio\fR] +[\fB\-crlf\fR] +[\fB\-ign_eof\fR] +[\fB\-no_ign_eof\fR] +[\fB\-psk_identity\fR \fIidentity\fR] +[\fB\-psk\fR \fIkey\fR] +[\fB\-psk_session\fR \fIfile\fR] +[\fB\-quiet\fR] +[\fB\-sctp\fR] +[\fB\-sctp_label_bug\fR] +[\fB\-fallback_scsv\fR] +[\fB\-async\fR] +[\fB\-maxfraglen\fR \fIlen\fR] +[\fB\-max_send_frag\fR] +[\fB\-split_send_frag\fR] +[\fB\-max_pipelines\fR] +[\fB\-read_buf\fR] +[\fB\-bugs\fR] +[\fB\-comp\fR] +[\fB\-no_comp\fR] +[\fB\-brief\fR] +[\fB\-allow_no_dhe_kex\fR] +[\fB\-sigalgs\fR \fIsigalglist\fR] +[\fB\-curves\fR \fIcurvelist\fR] +[\fB\-cipher\fR \fIcipherlist\fR] +[\fB\-ciphersuites\fR \fIval\fR] +[\fB\-serverpref\fR] +[\fB\-starttls\fR \fIprotocol\fR] +[\fB\-name\fR \fIhostname\fR] +[\fB\-xmpphost\fR \fIhostname\fR] +[\fB\-name\fR \fIhostname\fR] +[\fB\-tlsextdebug\fR] +[\fB\-no_ticket\fR] +[\fB\-sess_out\fR \fIfilename\fR] +[\fB\-serverinfo\fR \fItypes\fR] +[\fB\-sess_in\fR \fIfilename\fR] +[\fB\-serverinfo\fR \fItypes\fR] +[\fB\-status\fR] +[\fB\-alpn\fR \fIprotocols\fR] +[\fB\-nextprotoneg\fR \fIprotocols\fR] +[\fB\-ct\fR] +[\fB\-noct\fR] +[\fB\-ctlogfile\fR] +[\fB\-keylogfile\fR \fIfile\fR] +[\fB\-early_data\fR \fIfile\fR] +[\fB\-enable_pha\fR] +[\fB\-use_srtp\fR \fIvalue\fR] +[\fB\-srpuser\fR \fIvalue\fR] +[\fB\-srppass\fR \fIvalue\fR] +[\fB\-srp_lateuser\fR] +[\fB\-srp_moregroups\fR] +[\fB\-srp_strength\fR \fInumber\fR] +[\fB\-nameopt\fR \fIoption\fR] +[\fB\-no_ssl3\fR] +[\fB\-no_tls1\fR] +[\fB\-no_tls1_1\fR] +[\fB\-no_tls1_2\fR] +[\fB\-no_tls1_3\fR] +[\fB\-ssl3\fR] +[\fB\-tls1\fR] +[\fB\-tls1_1\fR] +[\fB\-tls1_2\fR] +[\fB\-tls1_3\fR] +[\fB\-dtls\fR] +[\fB\-dtls1\fR] +[\fB\-dtls1_2\fR] +[\fB\-xkey\fR] \fIinfile\fR +[\fB\-xcert\fR \fIfile\fR] +[\fB\-xchain\fR] \fIfile\fR +[\fB\-xchain_build\fR] \fIfile\fR +[\fB\-xcertform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR]> +[\fB\-xkeyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR]> +[\fB\-CAfile\fR \fIfile\fR] +[\fB\-no\-CAfile\fR] +[\fB\-CApath\fR \fIdir\fR] +[\fB\-no\-CApath\fR] +[\fB\-CAstore\fR \fIuri\fR] +[\fB\-no\-CAstore\fR] +[\fB\-bugs\fR] +[\fB\-no_comp\fR] +[\fB\-comp\fR] +[\fB\-no_ticket\fR] +[\fB\-serverpref\fR] +[\fB\-legacy_renegotiation\fR] +[\fB\-no_renegotiation\fR] +[\fB\-no_resumption_on_reneg\fR] +[\fB\-legacy_server_connect\fR] +[\fB\-no_legacy_server_connect\fR] +[\fB\-allow_no_dhe_kex\fR] +[\fB\-prioritize_chacha\fR] +[\fB\-strict\fR] +[\fB\-sigalgs\fR \fIalgs\fR] +[\fB\-client_sigalgs\fR \fIalgs\fR] +[\fB\-groups\fR \fIgroups\fR] +[\fB\-curves\fR \fIcurves\fR] +[\fB\-named_curve\fR \fIcurve\fR] +[\fB\-cipher\fR \fIciphers\fR] +[\fB\-ciphersuites\fR \fI1.3ciphers\fR] +[\fB\-min_protocol\fR \fIminprot\fR] +[\fB\-max_protocol\fR \fImaxprot\fR] +[\fB\-record_padding\fR \fIpadding\fR] +[\fB\-debug_broken_protocol\fR] +[\fB\-no_middlebox\fR] +[\fB\-rand\fR \fIfiles\fR] +[\fB\-writerand\fR \fIfile\fR] +[\fB\-engine\fR \fIid\fR] +[\fB\-ssl_client_engine\fR \fIid\fR] +[\fB\-allow_proxy_certs\fR] +[\fB\-attime\fR \fItimestamp\fR] +[\fB\-no_check_time\fR] +[\fB\-check_ss_sig\fR] +[\fB\-crl_check\fR] +[\fB\-crl_check_all\fR] +[\fB\-explicit_policy\fR] +[\fB\-extended_crl\fR] +[\fB\-ignore_critical\fR] +[\fB\-inhibit_any\fR] +[\fB\-inhibit_map\fR] +[\fB\-partial_chain\fR] +[\fB\-policy\fR \fIarg\fR] +[\fB\-policy_check\fR] +[\fB\-policy_print\fR] +[\fB\-purpose\fR \fIpurpose\fR] +[\fB\-suiteB_128\fR] +[\fB\-suiteB_128_only\fR] +[\fB\-suiteB_192\fR] +[\fB\-trusted_first\fR] +[\fB\-no_alt_chains\fR] +[\fB\-use_deltas\fR] +[\fB\-auth_level\fR \fInum\fR] +[\fB\-verify_depth\fR \fInum\fR] +[\fB\-verify_email\fR \fIemail\fR] +[\fB\-verify_hostname\fR \fIhostname\fR] +[\fB\-verify_ip\fR \fIip\fR] +[\fB\-verify_name\fR \fIname\fR] +[\fB\-x509_strict\fR] +[\fB\-issuer_checks\fR] +.PP +[\fIhost\fR:\fIport\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command implements a generic \s-1SSL/TLS\s0 client which +connects to a remote host using \s-1SSL/TLS\s0. It is a \fIvery\fR useful diagnostic +tool for \s-1SSL\s0 servers. +.SH "OPTIONS" +.IX Header "OPTIONS" +In addition to the options below, this command also supports the +common and client only options documented +in the \*(L"Supported Command Line Commands\*(R" section of the \fISSL_CONF_cmd\fR\|(3) +manual page. +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-ssl_config\fR \fIsection\fR" 4 +.IX Item "-ssl_config section" +Use the specified section of the configuration file to configure the \fB\s-1SSL_CTX\s0\fR object. +.IP "\fB\-connect\fR \fIhost\fR:\fIport\fR" 4 +.IX Item "-connect host:port" +This specifies the host and optional port to connect to. It is possible to +select the host and port using the optional target positional argument instead. +If neither this nor the target positional argument are specified then an attempt +is made to connect to the local host on port 4433. +.IP "\fB\-host\fR \fIhostname\fR" 4 +.IX Item "-host hostname" +Host to connect to; use \fB\-connect\fR instead. +.IP "\fB\-port\fR \fIport\fR" 4 +.IX Item "-port port" +Connect to the specified port; use \fB\-connect\fR instead. +.IP "\fB\-bind\fR \fIhost:port\fR" 4 +.IX Item "-bind host:port" +This specifies the host address and or port to bind as the source for the +connection. For Unix-domain sockets the port is ignored and the host is +used as the source socket address. +.IP "\fB\-proxy\fR \fIhost:port\fR" 4 +.IX Item "-proxy host:port" +When used with the \fB\-connect\fR flag, the program uses the host and port +specified with this flag and issues an \s-1HTTP\s0 \s-1CONNECT\s0 command to connect +to the desired server. +.IP "\fB\-proxy_user\fR \fIuserid\fR" 4 +.IX Item "-proxy_user userid" +When used with the \fB\-proxy\fR flag, the program will attempt to authenticate +with the specified proxy using basic (base64) authentication. +\&\s-1NB:\s0 Basic authentication is insecure; the credentials are sent to the proxy +in easily reversible base64 encoding before any \s-1TLS/SSL\s0 session is established. +Therefore these credentials are easily recovered by anyone able to sniff/trace +the network. Use with caution. +.IP "\fB\-proxy_pass\fR \fIarg\fR" 4 +.IX Item "-proxy_pass arg" +The proxy password source, used with the \fB\-proxy_user\fR flag. +For more information about the format of \fBarg\fR +see \*(L"Pass Phrase Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-unix\fR \fIpath\fR" 4 +.IX Item "-unix path" +Connect over the specified Unix-domain socket. +.IP "\fB\-4\fR" 4 +.IX Item "-4" +Use IPv4 only. +.IP "\fB\-6\fR" 4 +.IX Item "-6" +Use IPv6 only. +.IP "\fB\-servername\fR \fIname\fR" 4 +.IX Item "-servername name" +Set the \s-1TLS\s0 \s-1SNI\s0 (Server Name Indication) extension in the ClientHello message to +the given value. +If \fB\-servername\fR is not provided, the \s-1TLS\s0 \s-1SNI\s0 extension will be populated with +the name given to \fB\-connect\fR if it follows a \s-1DNS\s0 name format. If \fB\-connect\fR is +not provided either, the \s-1SNI\s0 is set to \*(L"localhost\*(R". +This is the default since OpenSSL 1.1.1. +.Sp +Even though \s-1SNI\s0 should normally be a \s-1DNS\s0 name and not an \s-1IP\s0 address, if +\&\fB\-servername\fR is provided then that name will be sent, regardless of whether +it is a \s-1DNS\s0 name or not. +.Sp +This option cannot be used in conjunction with \fB\-noservername\fR. +.IP "\fB\-noservername\fR" 4 +.IX Item "-noservername" +Suppresses sending of the \s-1SNI\s0 (Server Name Indication) extension in the +ClientHello message. Cannot be used in conjunction with the \fB\-servername\fR or +<\-dane_tlsa_domain> options. +.IP "\fB\-cert\fR \fIcertname\fR" 4 +.IX Item "-cert certname" +The certificate to use, if one is requested by the server. The default is +not to use a certificate. +.IP "\fB\-certform\fR \fIformat\fR" 4 +.IX Item "-certform format" +The certificate format to use: \s-1DER\s0 or \s-1PEM\s0. \s-1PEM\s0 is the default. +.IP "\fB\-CRL\fR \fIfilename\fR" 4 +.IX Item "-CRL filename" +\&\s-1CRL\s0 file to use to check the server's certificate. +.IP "\fB\-CRLform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IX Item "-CRLform DER|PEM" +The \s-1CRL\s0 format; the default is \fB\s-1PEM\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-crl_download\fR" 4 +.IX Item "-crl_download" +Download \s-1CRL\s0 from distribution points in the certificate. +.IP "\fB\-key\fR \fIkeyfile\fR" 4 +.IX Item "-key keyfile" +The private key to use. If not specified then the certificate file will +be used. +.IP "\fB\-keyform\fR \fIformat\fR" 4 +.IX Item "-keyform format" +The key format; the default is \fB\s-1PEM\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-cert_chain\fR" 4 +.IX Item "-cert_chain" +A file containing trusted certificates to use when attempting to build the +client/server certificate chain related to the certificate specified via the +\&\fB\-cert\fR option. +.IP "\fB\-build_chain\fR" 4 +.IX Item "-build_chain" +Specify whether the application should build the certificate chain to be +provided to the server. +.IP "\fB\-pass\fR \fIarg\fR" 4 +.IX Item "-pass arg" +the private key password source. For more information about the format of \fIarg\fR +see \*(L"Pass phrase options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-verify\fR \fIdepth\fR" 4 +.IX Item "-verify depth" +The verify depth to use. This specifies the maximum length of the +server certificate chain and turns on server certificate verification. +Currently the verify operation continues after errors so all the problems +with a certificate chain can be seen. As a side effect the connection +will never fail due to a server certificate verify failure. +.IP "\fB\-verify_return_error\fR" 4 +.IX Item "-verify_return_error" +Return verification errors instead of continuing. This will typically +abort the handshake with a fatal error. +.IP "\fB\-verify_quiet\fR" 4 +.IX Item "-verify_quiet" +Limit verify output to only errors. +.IP "\fB\-verifyCAfile\fR \fIfilename\fR" 4 +.IX Item "-verifyCAfile filename" +\&\s-1CA\s0 file for verifying the server's certificate, in \s-1PEM\s0 format. +.IP "\fB\-verifyCApath\fR \fIdir\fR" 4 +.IX Item "-verifyCApath dir" +Use the specified directory as a certificate store path to verify +the server's \s-1CA\s0 certificate. +.IP "\fB\-verifyCAstore\fR \fIuri\fR" 4 +.IX Item "-verifyCAstore uri" +Use the specified \s-1URI\s0 as a store \s-1URI\s0 to verify the server's certificate. +.IP "\fB\-chainCApath\fR \fIdirectory\fR" 4 +.IX Item "-chainCApath directory" +The directory to use for building the chain provided to the server. This +directory must be in \*(L"hash format\*(R", see \fIopenssl\-verify\fR\|(1) for more +information. +.IP "\fB\-chainCAfile\fR \fIfile\fR" 4 +.IX Item "-chainCAfile file" +A file containing trusted certificates to use when attempting to build the +client certificate chain. +.IP "\fB\-chainCAstore\fR \fIuri\fR" 4 +.IX Item "-chainCAstore uri" +The \s-1URI\s0 to use when attempting to build the client certificate chain. +.IP "\fB\-requestCAfile\fR \fIfile\fR" 4 +.IX Item "-requestCAfile file" +A file containing a list of certificates whose subject names will be sent +to the server in the \fBcertificate_authorities\fR extension. Only supported +for \s-1TLS\s0 1.3 +.IP "\fB\-dane_tlsa_domain\fR \fIdomain\fR" 4 +.IX Item "-dane_tlsa_domain domain" +Enable \s-1RFC6698/RFC7671\s0 \s-1DANE\s0 \s-1TLSA\s0 authentication and specify the +\&\s-1TLSA\s0 base domain which becomes the default \s-1SNI\s0 hint and the primary +reference identifier for hostname checks. This must be used in +combination with at least one instance of the \fB\-dane_tlsa_rrdata\fR +option below. +.Sp +When \s-1DANE\s0 authentication succeeds, the diagnostic output will include +the lowest (closest to 0) depth at which a \s-1TLSA\s0 record authenticated +a chain certificate. When that \s-1TLSA\s0 record is a \*(L"2 1 0\*(R" trust +anchor public key that signed (rather than matched) the top-most +certificate of the chain, the result is reported as \*(L"\s-1TA\s0 public key +verified\*(R". Otherwise, either the \s-1TLSA\s0 record \*(L"matched \s-1TA\s0 certificate\*(R" +at a positive depth or else \*(L"matched \s-1EE\s0 certificate\*(R" at depth 0. +.IP "\fB\-dane_tlsa_rrdata\fR \fIrrdata\fR" 4 +.IX Item "-dane_tlsa_rrdata rrdata" +Use one or more times to specify the \s-1RRDATA\s0 fields of the \s-1DANE\s0 \s-1TLSA\s0 +RRset associated with the target service. The \fIrrdata\fR value is +specified in \*(L"presentation form\*(R", that is four whitespace separated +fields that specify the usage, selector, matching type and associated +data, with the last of these encoded in hexadecimal. Optional +whitespace is ignored in the associated data field. For example: +.Sp +.Vb 12 +\& $ openssl s_client \-brief \-starttls smtp \e +\& \-connect smtp.example.com:25 \e +\& \-dane_tlsa_domain smtp.example.com \e +\& \-dane_tlsa_rrdata "2 1 1 +\& B111DD8A1C2091A89BD4FD60C57F0716CCE50FEEFF8137CDBEE0326E 02CF362B" \e +\& \-dane_tlsa_rrdata "2 1 1 +\& 60B87575447DCBA2A36B7D11AC09FB24A9DB406FEE12D2CC90180517 616E8A18" +\& ... +\& Verification: OK +\& Verified peername: smtp.example.com +\& DANE TLSA 2 1 1 ...ee12d2cc90180517616e8a18 matched TA certificate at depth 1 +\& ... +.Ve +.IP "\fB\-dane_ee_no_namechecks\fR" 4 +.IX Item "-dane_ee_no_namechecks" +This disables server name checks when authenticating via \s-1\fIDANE\-EE\s0\fR\|(3) \s-1TLSA\s0 +records. +For some applications, primarily web browsers, it is not safe to disable name +checks due to \*(L"unknown key share\*(R" attacks, in which a malicious server can +convince a client that a connection to a victim server is instead a secure +connection to the malicious server. +The malicious server may then be able to violate cross-origin scripting +restrictions. +Thus, despite the text of \s-1RFC7671\s0, name checks are by default enabled for +\&\s-1\fIDANE\-EE\s0\fR\|(3) \s-1TLSA\s0 records, and can be disabled in applications where it is safe +to do so. +In particular, \s-1SMTP\s0 and \s-1XMPP\s0 clients should set this option as \s-1SRV\s0 and \s-1MX\s0 +records already make it possible for a remote domain to redirect client +connections to any server of its choice, and in any case \s-1SMTP\s0 and \s-1XMPP\s0 clients +do not execute scripts downloaded from remote servers. +.IP "\fB\-reconnect\fR" 4 +.IX Item "-reconnect" +Reconnects to the same server 5 times using the same session \s-1ID\s0, this can +be used as a test that session caching is working. +.IP "\fB\-showcerts\fR" 4 +.IX Item "-showcerts" +Displays the server certificate list as sent by the server: it only consists of +certificates the server has sent (in the order the server has sent them). It is +\&\fBnot\fR a verified chain. +.IP "\fB\-prexit\fR" 4 +.IX Item "-prexit" +Print session information when the program exits. This will always attempt +to print out information even if the connection fails. Normally information +will only be printed out once if the connection succeeds. This option is useful +because the cipher in use may be renegotiated or the connection may fail +because a client certificate is required or is requested only after an +attempt is made to access a certain \s-1URL\s0. Note: the output produced by this +option is not always accurate because a connection might never have been +established. +.IP "\fB\-state\fR" 4 +.IX Item "-state" +Prints out the \s-1SSL\s0 session states. +.IP "\fB\-debug\fR" 4 +.IX Item "-debug" +Print extensive debugging information including a hex dump of all traffic. +.IP "\fB\-nocommands\fR" 4 +.IX Item "-nocommands" +Do not use interactive command letters. +.IP "\fB\-security_debug\fR" 4 +.IX Item "-security_debug" +Enable security debug messages. +.IP "\fB\-security_debug_verbose\fR" 4 +.IX Item "-security_debug_verbose" +Output more security debug output. +.IP "\fB\-msg\fR" 4 +.IX Item "-msg" +Show protocol messages. +.IP "\fB\-timeout\fR" 4 +.IX Item "-timeout" +Enable send/receive timeout on \s-1DTLS\s0 connections. +.IP "\fB\-mtu\fR \fIsize\fR" 4 +.IX Item "-mtu size" +Set \s-1MTU\s0 of the link layer to the specified size. +.IP "\fB\-keymatexport\fR \fIlabel\fR" 4 +.IX Item "-keymatexport label" +Export keying material using the specified label. +.IP "\fB\-keymatexportlen\fR \fIlen\fR" 4 +.IX Item "-keymatexportlen len" +Export the specified number of bytes of keying material; default is 20. +.Sp +Show all protocol messages with hex dump. +.IP "\fB\-trace\fR" 4 +.IX Item "-trace" +Show verbose trace output of protocol messages. OpenSSL needs to be compiled +with \fBenable-ssl-trace\fR for this option to work. +.IP "\fB\-msgfile\fR \fIfilename\fR" 4 +.IX Item "-msgfile filename" +File to send output of \fB\-msg\fR or \fB\-trace\fR to, default standard output. +.IP "\fB\-nbio_test\fR" 4 +.IX Item "-nbio_test" +Tests non-blocking I/O +.IP "\fB\-nbio\fR" 4 +.IX Item "-nbio" +Turns on non-blocking I/O +.IP "\fB\-crlf\fR" 4 +.IX Item "-crlf" +This option translated a line feed from the terminal into \s-1CR+LF\s0 as required +by some servers. +.IP "\fB\-ign_eof\fR" 4 +.IX Item "-ign_eof" +Inhibit shutting down the connection when end of file is reached in the +input. +.IP "\fB\-quiet\fR" 4 +.IX Item "-quiet" +Inhibit printing of session and certificate information. This implicitly +turns on \fB\-ign_eof\fR as well. +.IP "\fB\-no_ign_eof\fR" 4 +.IX Item "-no_ign_eof" +Shut down the connection when end of file is reached in the input. +Can be used to override the implicit \fB\-ign_eof\fR after \fB\-quiet\fR. +.IP "\fB\-psk_identity\fR \fIidentity\fR" 4 +.IX Item "-psk_identity identity" +Use the \s-1PSK\s0 identity \fIidentity\fR when using a \s-1PSK\s0 cipher suite. +The default value is \*(L"Client_identity\*(R" (without the quotes). +.IP "\fB\-psk\fR \fIkey\fR" 4 +.IX Item "-psk key" +Use the \s-1PSK\s0 key \fIkey\fR when using a \s-1PSK\s0 cipher suite. The key is +given as a hexadecimal number without leading 0x, for example \-psk +1a2b3c4d. +This option must be provided in order to use a \s-1PSK\s0 cipher. +.IP "\fB\-psk_session\fR \fIfile\fR" 4 +.IX Item "-psk_session file" +Use the pem encoded \s-1SSL_SESSION\s0 data stored in \fIfile\fR as the basis of a \s-1PSK\s0. +Note that this will only work if TLSv1.3 is negotiated. +.IP "\fB\-sctp\fR" 4 +.IX Item "-sctp" +Use \s-1SCTP\s0 for the transport protocol instead of \s-1UDP\s0 in \s-1DTLS\s0. Must be used in +conjunction with \fB\-dtls\fR, \fB\-dtls1\fR or \fB\-dtls1_2\fR. This option is only +available where OpenSSL has support for \s-1SCTP\s0 enabled. +.IP "\fB\-sctp_label_bug\fR" 4 +.IX Item "-sctp_label_bug" +Use the incorrect behaviour of older OpenSSL implementations when computing +endpoint-pair shared secrets for \s-1DTLS/SCTP\s0. This allows communication with +older broken implementations but breaks interoperability with correct +implementations. Must be used in conjunction with \fB\-sctp\fR. This option is only +available where OpenSSL has support for \s-1SCTP\s0 enabled. +.IP "\fB\-fallback_scsv\fR" 4 +.IX Item "-fallback_scsv" +Send \s-1TLS_FALLBACK_SCSV\s0 in the ClientHello. +.IP "\fB\-async\fR" 4 +.IX Item "-async" +Switch on asynchronous mode. Cryptographic operations will be performed +asynchronously. This will only have an effect if an asynchronous capable engine +is also used via the \fB\-engine\fR option. For test purposes the dummy async engine +(dasync) can be used (if available). +.IP "\fB\-maxfraglen\fR \fIlen\fR" 4 +.IX Item "-maxfraglen len" +Enable Maximum Fragment Length Negotiation; allowed values are +\&\f(CW512\fR, \f(CW1024\fR, \f(CW2048\fR, and \f(CW4096\fR. +.IP "\fB\-max_send_frag\fR \fIint\fR" 4 +.IX Item "-max_send_frag int" +The maximum size of data fragment to send. +See \fISSL_CTX_set_max_send_fragment\fR\|(3) for further information. +.IP "\fB\-split_send_frag\fR \fIint\fR" 4 +.IX Item "-split_send_frag int" +The size used to split data for encrypt pipelines. If more data is written in +one go than this value then it will be split into multiple pipelines, up to the +maximum number of pipelines defined by max_pipelines. This only has an effect if +a suitable cipher suite has been negotiated, an engine that supports pipelining +has been loaded, and max_pipelines is greater than 1. See +\&\fISSL_CTX_set_split_send_fragment\fR\|(3) for further information. +.IP "\fB\-max_pipelines\fR \fIint\fR" 4 +.IX Item "-max_pipelines int" +The maximum number of encrypt/decrypt pipelines to be used. This will only have +an effect if an engine has been loaded that supports pipelining (e.g. the dasync +engine) and a suitable cipher suite has been negotiated. The default value is 1. +See \fISSL_CTX_set_max_pipelines\fR\|(3) for further information. +.IP "\fB\-read_buf\fR \fIint\fR" 4 +.IX Item "-read_buf int" +The default read buffer size to be used for connections. This will only have an +effect if the buffer size is larger than the size that would otherwise be used +and pipelining is in use (see \fISSL_CTX_set_default_read_buffer_len\fR\|(3) for +further information). +.IP "\fB\-bugs\fR" 4 +.IX Item "-bugs" +There are several known bugs in \s-1SSL\s0 and \s-1TLS\s0 implementations. Adding this +option enables various workarounds. +.IP "\fB\-comp\fR" 4 +.IX Item "-comp" +Enables support for \s-1SSL/TLS\s0 compression. +This option was introduced in OpenSSL 1.1.0. +\&\s-1TLS\s0 compression is not recommended and is off by default as of +OpenSSL 1.1.0. +.IP "\fB\-no_comp\fR" 4 +.IX Item "-no_comp" +Disables support for \s-1SSL/TLS\s0 compression. +\&\s-1TLS\s0 compression is not recommended and is off by default as of +OpenSSL 1.1.0. +.IP "\fB\-brief\fR" 4 +.IX Item "-brief" +Only provide a brief summary of connection parameters instead of the +normal verbose output. +.IP "\fB\-sigalgs\fR \fIsigalglist\fR" 4 +.IX Item "-sigalgs sigalglist" +Specifies the list of signature algorithms that are sent by the client. +The server selects one entry in the list based on its preferences. +For example strings, see \fISSL_CTX_set1_sigalgs\fR\|(3) +.IP "\fB\-curves\fR \fIcurvelist\fR" 4 +.IX Item "-curves curvelist" +Specifies the list of supported curves to be sent by the client. The curve is +ultimately selected by the server. For a list of all curves, use: +.Sp +.Vb 1 +\& $ openssl ecparam \-list_curves +.Ve +.IP "\fB\-cipher\fR \fIcipherlist\fR" 4 +.IX Item "-cipher cipherlist" +This allows the TLSv1.2 and below cipher list sent by the client to be modified. +This list will be combined with any TLSv1.3 ciphersuites that have been +configured. Although the server determines which ciphersuite is used it should +take the first supported cipher in the list sent by the client. See +\&\fIopenssl\-ciphers\fR\|(1) for more information. +.IP "\fB\-ciphersuites\fR \fIval\fR" 4 +.IX Item "-ciphersuites val" +This allows the TLSv1.3 ciphersuites sent by the client to be modified. This +list will be combined with any TLSv1.2 and below ciphersuites that have been +configured. Although the server determines which cipher suite is used it should +take the first supported cipher in the list sent by the client. See +\&\fIopenssl\-ciphers\fR\|(1) for more information. The format for this list is a simple +colon (\*(L":\*(R") separated list of TLSv1.3 ciphersuite names. +.IP "\fB\-starttls\fR \fIprotocol\fR" 4 +.IX Item "-starttls protocol" +Send the protocol-specific message(s) to switch to \s-1TLS\s0 for communication. +\&\fIprotocol\fR is a keyword for the intended protocol. Currently, the only +supported keywords are \*(L"smtp\*(R", \*(L"pop3\*(R", \*(L"imap\*(R", \*(L"ftp\*(R", \*(L"xmpp\*(R", \*(L"xmpp-server\*(R", +\&\*(L"irc\*(R", \*(L"postgres\*(R", \*(L"mysql\*(R", \*(L"lmtp\*(R", \*(L"nntp\*(R", \*(L"sieve\*(R" and \*(L"ldap\*(R". +.IP "\fB\-xmpphost\fR \fIhostname\fR" 4 +.IX Item "-xmpphost hostname" +This option, when used with \*(L"\-starttls xmpp\*(R" or \*(L"\-starttls xmpp-server\*(R", +specifies the host for the \*(L"to\*(R" attribute of the stream element. +If this option is not specified, then the host specified with \*(L"\-connect\*(R" +will be used. +.Sp +This option is an alias of the \fB\-name\fR option for \*(L"xmpp\*(R" and \*(L"xmpp-server\*(R". +.IP "\fB\-name\fR \fIhostname\fR" 4 +.IX Item "-name hostname" +This option is used to specify hostname information for various protocols +used with \fB\-starttls\fR option. Currently only \*(L"xmpp\*(R", \*(L"xmpp-server\*(R", +\&\*(L"smtp\*(R" and \*(L"lmtp\*(R" can utilize this \fB\-name\fR option. +.Sp +If this option is used with \*(L"\-starttls xmpp\*(R" or \*(L"\-starttls xmpp-server\*(R", +if specifies the host for the \*(L"to\*(R" attribute of the stream element. If this +option is not specified, then the host specified with \*(L"\-connect\*(R" will be used. +.Sp +If this option is used with \*(L"\-starttls lmtp\*(R" or \*(L"\-starttls smtp\*(R", it specifies +the name to use in the \*(L"\s-1LMTP\s0 \s-1LHLO\s0\*(R" or \*(L"\s-1SMTP\s0 \s-1EHLO\s0\*(R" message, respectively. If +this option is not specified, then \*(L"mail.example.com\*(R" will be used. +.IP "\fB\-tlsextdebug\fR" 4 +.IX Item "-tlsextdebug" +Print out a hex dump of any \s-1TLS\s0 extensions received from the server. +.IP "\fB\-no_ticket\fR" 4 +.IX Item "-no_ticket" +Disable RFC4507bis session ticket support. +.IP "\fB\-sess_out\fR \fIfilename\fR" 4 +.IX Item "-sess_out filename" +Output \s-1SSL\s0 session to \fIfilename\fR. +.IP "\fB\-sess_in\fR \fIfilename\fR" 4 +.IX Item "-sess_in filename" +Load \s-1SSL\s0 session from \fIfilename\fR. The client will attempt to resume a +connection from this session. +.IP "\fB\-serverinfo\fR \fItypes\fR" 4 +.IX Item "-serverinfo types" +A list of comma-separated \s-1TLS\s0 Extension Types (numbers between 0 and +65535). Each type will be sent as an empty ClientHello \s-1TLS\s0 Extension. +The server's response (if any) will be encoded and displayed as a \s-1PEM\s0 +file. +.IP "\fB\-status\fR" 4 +.IX Item "-status" +Sends a certificate status request to the server (\s-1OCSP\s0 stapling). The server +response (if any) is printed out. +.IP "\fB\-alpn\fR \fIprotocols\fR, \fB\-nextprotoneg\fR \fIprotocols\fR" 4 +.IX Item "-alpn protocols, -nextprotoneg protocols" +These flags enable the Enable the Application-Layer Protocol Negotiation +or Next Protocol Negotiation (\s-1NPN\s0) extension, respectively. \s-1ALPN\s0 is the +\&\s-1IETF\s0 standard and replaces \s-1NPN\s0. +The \fIprotocols\fR list is a comma-separated list of protocol names that +the client should advertise support for. The list should contain the most +desirable protocols first. Protocol names are printable \s-1ASCII\s0 strings, +for example \*(L"http/1.1\*(R" or \*(L"spdy/3\*(R". +An empty list of protocols is treated specially and will cause the +client to advertise support for the \s-1TLS\s0 extension but disconnect just +after receiving ServerHello with a list of server supported protocols. +The flag \fB\-nextprotoneg\fR cannot be specified if \fB\-tls1_3\fR is used. +.IP "\fB\-ct\fR, \fB\-noct\fR" 4 +.IX Item "-ct, -noct" +Use one of these two options to control whether Certificate Transparency (\s-1CT\s0) +is enabled (\fB\-ct\fR) or disabled (\fB\-noct\fR). +If \s-1CT\s0 is enabled, signed certificate timestamps (SCTs) will be requested from +the server and reported at handshake completion. +.Sp +Enabling \s-1CT\s0 also enables \s-1OCSP\s0 stapling, as this is one possible delivery method +for SCTs. +.IP "\fB\-ctlogfile\fR" 4 +.IX Item "-ctlogfile" +A file containing a list of known Certificate Transparency logs. See +\&\fISSL_CTX_set_ctlog_list_file\fR\|(3) for the expected file format. +.IP "\fB\-keylogfile\fR \fIfile\fR" 4 +.IX Item "-keylogfile file" +Appends \s-1TLS\s0 secrets to the specified keylog file such that external programs +(like Wireshark) can decrypt \s-1TLS\s0 connections. +.IP "\fB\-early_data\fR \fIfile\fR" 4 +.IX Item "-early_data file" +Reads the contents of the specified file and attempts to send it as early data +to the server. This will only work with resumed sessions that support early +data and when the server accepts the early data. +.IP "\fB\-enable_pha\fR" 4 +.IX Item "-enable_pha" +For TLSv1.3 only, send the Post-Handshake Authentication extension. This will +happen whether or not a certificate has been provided via \fB\-cert\fR. +.IP "\fB\-use_srtp\fR \fIvalue\fR" 4 +.IX Item "-use_srtp value" +Offer \s-1SRTP\s0 key management, where \fBvalue\fR is a colon-separated profile list. +.IP "\fB\-srpuser\fR \fIvalue\fR" 4 +.IX Item "-srpuser value" +Set the \s-1SRP\s0 username to the specified value. +.IP "\fB\-srppass\fR \fIvalue\fR" 4 +.IX Item "-srppass value" +Set the \s-1SRP\s0 password to the specified value. +.IP "\fB\-srp_lateuser\fR" 4 +.IX Item "-srp_lateuser" +\&\s-1SRP\s0 username for the second ClientHello message. +.IP "\fB\-srp_moregroups\fR" 4 +.IX Item "-srp_moregroups" +Tolerate other than the known \fBg\fR and \fBN\fR values. +.IP "\fB\-srp_strength\fR \fInumber\fR" 4 +.IX Item "-srp_strength number" +Set the minimal acceptable length, in bits, for \fBN\fR. +.IP "\fB\-no_ssl3\fR, \fB\-no_tls1\fR, \fB\-no_tls1_1\fR, \fB\-no_tls1_2\fR, \fB\-no_tls1_3\fR, \fB\-ssl3\fR, \fB\-tls1\fR, \fB\-tls1_1\fR, \fB\-tls1_2\fR, \fB\-tls1_3\fR" 4 +.IX Item "-no_ssl3, -no_tls1, -no_tls1_1, -no_tls1_2, -no_tls1_3, -ssl3, -tls1, -tls1_1, -tls1_2, -tls1_3" +See \*(L"\s-1TLS\s0 Version Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-dtls\fR, \fB\-dtls1\fR, \fB\-dtls1_2\fR" 4 +.IX Item "-dtls, -dtls1, -dtls1_2" +These specify the use of \s-1DTLS\s0 instead of \s-1TLS\s0. +See \*(L"\s-1TLS\s0 Version Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-nameopt\fR \fIoption\fR" 4 +.IX Item "-nameopt option" +This specifies how the subject or issuer names are displayed. +See \*(L"Name Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fBxkey\fR \fIinfile\fR, \fB\-xcert\fR \fIfile\fR, \fB\-xchain\fR \fIfile\fR, \fB\-xchain_build\fR \fIfile\fR, \fB\-xcertform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR, \fB\-xkeyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IX Item "xkey infile, -xcert file, -xchain file, -xchain_build file, -xcertform DER|PEM, -xkeyform DER|PEM" +Set extended certificate verification options. +See \*(L"Extended Verification Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-CAfile\fR \fIfile\fR, \fB\-no\-CAfile\fR, \fB\-CApath\fR \fIdir\fR, \fB\-no\-CApath\fR, \fB\-CAstore\fR \fIuri\fR, \fB\-no\-CAstore\fR" 4 +.IX Item "-CAfile file, -no-CAfile, -CApath dir, -no-CApath, -CAstore uri, -no-CAstore" +See \*(L"Trusted Certificate Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-bugs\fR, \fB\-comp\fR, \fB\-no_comp\fR, \fB\-no_ticket\fR, \fB\-serverpref\fR, \fB\-legacy_renegotiation\fR, \fB\-no_renegotiation\fR, \fB\-no_resumption_on_reneg\fR, \fB\-legacy_server_connect\fR, \fB\-no_legacy_server_connect\fR, \fB\-allow_no_dhe_kex\fR, \fB\-prioritize_chacha\fR, \fB\-strict\fR, \fB\-sigalgs\fR \fIalgs\fR, \fB\-client_sigalgs\fR \fIalgs\fR, \fB\-groups\fR \fIgroups\fR, \fB\-curves\fR \fIcurves\fR, \fB\-named_curve\fR \fIcurve\fR, \fB\-cipher\fR \fIciphers\fR, \fB\-ciphersuites\fR \fI1.3ciphers\fR, \fB\-min_protocol\fR \fIminprot\fR, \fB\-max_protocol\fR \fImaxprot\fR, \fB\-record_padding\fR \fIpadding\fR, \fB\-debug_broken_protocol\fR, \fB\-no_middlebox\fR" 4 +.IX Item "-bugs, -comp, -no_comp, -no_ticket, -serverpref, -legacy_renegotiation, -no_renegotiation, -no_resumption_on_reneg, -legacy_server_connect, -no_legacy_server_connect, -allow_no_dhe_kex, -prioritize_chacha, -strict, -sigalgs algs, -client_sigalgs algs, -groups groups, -curves curves, -named_curve curve, -cipher ciphers, -ciphersuites 1.3ciphers, -min_protocol minprot, -max_protocol maxprot, -record_padding padding, -debug_broken_protocol, -no_middlebox" +See \*(L"\s-1SUPPORTED\s0 \s-1COMMAND\s0 \s-1LINE\s0 \s-1COMMANDS\s0\*(R" in \fISSL_CONF_cmd\fR\|(3) for details. +.IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 +.IX Item "-rand files, -writerand file" +See \*(L"Random State Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +See \*(L"Engine Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-ssl_client_engine\fR \fIid\fR" 4 +.IX Item "-ssl_client_engine id" +Specify engine to be used for client certificate operations. +.IP "\fB\-allow_proxy_certs\fR, \fB\-attime\fR, \fB\-no_check_time\fR, \fB\-check_ss_sig\fR, \fB\-crl_check\fR, \fB\-crl_check_all\fR, \fB\-explicit_policy\fR, \fB\-extended_crl\fR, \fB\-ignore_critical\fR, \fB\-inhibit_any\fR, \fB\-inhibit_map\fR, \fB\-no_alt_chains\fR, \fB\-partial_chain\fR, \fB\-policy\fR, \fB\-policy_check\fR, \fB\-policy_print\fR, \fB\-purpose\fR, \fB\-suiteB_128\fR, \fB\-suiteB_128_only\fR, \fB\-suiteB_192\fR, \fB\-trusted_first\fR, \fB\-use_deltas\fR, \fB\-auth_level\fR, \fB\-verify_depth\fR, \fB\-verify_email\fR, \fB\-verify_hostname\fR, \fB\-verify_ip\fR, \fB\-verify_name\fR, \fB\-x509_strict\fR \fB\-issuer_checks\fR" 4 +.IX Item "-allow_proxy_certs, -attime, -no_check_time, -check_ss_sig, -crl_check, -crl_check_all, -explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, -inhibit_map, -no_alt_chains, -partial_chain, -policy, -policy_check, -policy_print, -purpose, -suiteB_128, -suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, -auth_level, -verify_depth, -verify_email, -verify_hostname, -verify_ip, -verify_name, -x509_strict -issuer_checks" +Set various options of certificate chain verification. +See \*(L"Verification Options\*(R" in \fIopenssl\fR\|(1) for details. +.Sp +Verification errors are displayed, for debugging, but the command will +proceed unless the \fB\-verify_return_error\fR option is used. +.IP "\fIhost\fR:\fIport\fR" 4 +.IX Item "host:port" +Rather than providing \fB\-connect\fR, the target hostname and optional port may +be provided as a single positional argument after all options. If neither this +nor \fB\-connect\fR are provided, falls back to attempting to connect to +\&\fIlocalhost\fR on port \fI4433\fR. +.SH "CONNECTED COMMANDS" +.IX Header "CONNECTED COMMANDS" +If a connection is established with an \s-1SSL\s0 server then any data received +from the server is displayed and any key presses will be sent to the +server. If end of file is reached then the connection will be closed down. When +used interactively (which means neither \fB\-quiet\fR nor \fB\-ign_eof\fR have been +given), then certain commands are also recognized which perform special +operations. These commands are a letter which must appear at the start of a +line. They are listed below. +.IP "\fBQ\fR" 4 +.IX Item "Q" +End the current \s-1SSL\s0 connection and exit. +.IP "\fBR\fR" 4 +.IX Item "R" +Renegotiate the \s-1SSL\s0 session (TLSv1.2 and below only). +.IP "\fBk\fR" 4 +.IX Item "k" +Send a key update message to the server (TLSv1.3 only) +.IP "\fBK\fR" 4 +.IX Item "K" +Send a key update message to the server and request one back (TLSv1.3 only) +.SH "NOTES" +.IX Header "NOTES" +This command can be used to debug \s-1SSL\s0 servers. To connect to an \s-1SSL\s0 \s-1HTTP\s0 +server the command: +.PP +.Vb 1 +\& openssl s_client \-connect servername:443 +.Ve +.PP +would typically be used (https uses port 443). If the connection succeeds +then an \s-1HTTP\s0 command can be given such as \*(L"\s-1GET\s0 /\*(R" to retrieve a web page. +.PP +If the handshake fails then there are several possible causes, if it is +nothing obvious like no client certificate then the \fB\-bugs\fR, +\&\fB\-ssl3\fR, \fB\-tls1\fR, \fB\-no_ssl3\fR, \fB\-no_tls1\fR options can be tried +in case it is a buggy server. In particular you should play with these +options \fBbefore\fR submitting a bug report to an OpenSSL mailing list. +.PP +A frequent problem when attempting to get client certificates working +is that a web client complains it has no certificates or gives an empty +list to choose from. This is normally because the server is not sending +the clients certificate authority in its \*(L"acceptable \s-1CA\s0 list\*(R" when it +requests a certificate. By using this command, the \s-1CA\s0 list can be viewed +and checked. However some servers only request client authentication +after a specific \s-1URL\s0 is requested. To obtain the list in this case it +is necessary to use the \fB\-prexit\fR option and send an \s-1HTTP\s0 request +for an appropriate page. +.PP +If a certificate is specified on the command line using the \fB\-cert\fR +option it will not be used unless the server specifically requests +a client certificate. Therefor merely including a client certificate +on the command line is no guarantee that the certificate works. +.PP +If there are problems verifying a server certificate then the +\&\fB\-showcerts\fR option can be used to show all the certificates sent by the +server. +.PP +This command is a test tool and is designed to continue the +handshake after any certificate verification errors. As a result it will +accept any certificate chain (trusted or not) sent by the peer. None test +applications should \fBnot\fR do this as it makes them vulnerable to a \s-1MITM\s0 +attack. This behaviour can be changed by with the \fB\-verify_return_error\fR +option: any verify errors are then returned aborting the handshake. +.PP +The \fB\-bind\fR option may be useful if the server or a firewall requires +connections to come from some particular address and or port. +.SH "BUGS" +.IX Header "BUGS" +Because this program has a lot of options and also because some of the +techniques used are rather old, the C source for this command is rather +hard to read and not a model of how things should be done. +A typical \s-1SSL\s0 client program would be much simpler. +.PP +The \fB\-prexit\fR option is a bit of a hack. We should really report +information whenever a session is renegotiated. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIopenssl\-sess_id\fR\|(1), +\&\fIopenssl\-s_server\fR\|(1), +\&\fIopenssl\-ciphers\fR\|(1), +\&\fISSL_CONF_cmd\fR\|(3), +\&\fISSL_CTX_set_max_send_fragment\fR\|(3), +\&\fISSL_CTX_set_split_send_fragment\fR\|(3), +\&\fISSL_CTX_set_max_pipelines\fR\|(3), +\&\fIossl_store\-file\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \fB\-no_alt_chains\fR option was added in OpenSSL 1.1.0. +The \fB\-name\fR option was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man1/openssl-s_server.1 b/linux_amd64/ssl/share/man/man1/openssl-s_server.1 new file mode 100755 index 0000000..5b531de --- /dev/null +++ b/linux_amd64/ssl/share/man/man1/openssl-s_server.1 @@ -0,0 +1,884 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-S_SERVER 1" +.TH OPENSSL-S_SERVER 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-s_server \- SSL/TLS server program +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBs_server\fR +[\fB\-help\fR] +[\fB\-port\fR \fI+int\fR] +[\fB\-accept\fR \fIval\fR] +[\fB\-unix\fR \fIval\fR] +[\fB\-4\fR] +[\fB\-6\fR] +[\fB\-unlink\fR] +[\fB\-context\fR \fIval\fR] +[\fB\-verify\fR \fIint\fR] +[\fB\-Verify\fR \fIint\fR] +[\fB\-cert\fR \fIinfile\fR] +[\fB\-naccept\fR \fI+int\fR] +[\fB\-serverinfo\fR \fIval\fR] +[\fB\-certform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-key\fR \fIinfile\fR] +[\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-pass\fR \fIval\fR] +[\fB\-dcert\fR \fIinfile\fR] +[\fB\-dcertform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-dkey\fR \fIinfile\fR] +[\fB\-dkeyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-dpass\fR \fIval\fR] +[\fB\-nbio_test\fR] +[\fB\-crlf\fR] +[\fB\-debug\fR] +[\fB\-msg\fR] +[\fB\-msgfile\fR \fIoutfile\fR] +[\fB\-state\fR] +[\fB\-nocert\fR] +[\fB\-quiet\fR] +[\fB\-no_resume_ephemeral\fR] +[\fB\-www\fR] +[\fB\-WWW\fR] +[\fB\-http_server_binmode\fR] +[\fB\-servername\fR] +[\fB\-servername_fatal\fR] +[\fB\-cert2\fR \fIinfile\fR] +[\fB\-key2\fR \fIinfile\fR] +[\fB\-tlsextdebug\fR] +[\fB\-HTTP\fR] +[\fB\-id_prefix\fR \fIval\fR] +[\fB\-keymatexport\fR \fIval\fR] +[\fB\-keymatexportlen\fR \fI+int\fR] +[\fB\-CRLform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-CRL\fR \fIinfile\fR] +[\fB\-crl_download\fR] +[\fB\-cert_chain\fR \fIinfile\fR] +[\fB\-dcert_chain\fR \fIinfile\fR] +[\fB\-chainCApath\fR \fIdir\fR] +[\fB\-verifyCApath\fR \fIdir\fR] +[\fB\-chainCAstore\fR \fIuri\fR] +[\fB\-verifyCAstore\fR \fIuri\fR] +[\fB\-no_cache\fR] +[\fB\-ext_cache\fR] +[\fB\-verify_return_error\fR] +[\fB\-verify_quiet\fR] +[\fB\-build_chain\fR] +[\fB\-chainCAfile\fR \fIinfile\fR] +[\fB\-verifyCAfile\fR \fIinfile\fR] +[\fB\-ign_eof\fR] +[\fB\-no_ign_eof\fR] +[\fB\-status\fR] +[\fB\-status_verbose\fR] +[\fB\-status_timeout\fR \fIint\fR] +[\fB\-status_url\fR \fIval\fR] +[\fB\-status_file\fR \fIinfile\fR] +[\fB\-trace\fR] +[\fB\-security_debug\fR] +[\fB\-security_debug_verbose\fR] +[\fB\-brief\fR] +[\fB\-rev\fR] +[\fB\-async\fR] +[\fB\-ssl_config\fR \fIval\fR] +[\fB\-max_send_frag\fR \fI+int\fR] +[\fB\-split_send_frag\fR \fI+int\fR] +[\fB\-max_pipelines\fR \fI+int\fR] +[\fB\-read_buf\fR \fI+int\fR] +[\fB\-bugs\fR] +[\fB\-no_comp\fR] +[\fB\-comp\fR] +[\fB\-no_ticket\fR] +[\fB\-serverpref\fR] +[\fB\-legacy_renegotiation\fR] +[\fB\-no_renegotiation\fR] +[\fB\-legacy_server_connect\fR] +[\fB\-no_resumption_on_reneg\fR] +[\fB\-no_legacy_server_connect\fR] +[\fB\-allow_no_dhe_kex\fR] +[\fB\-prioritize_chacha\fR] +[\fB\-strict\fR] +[\fB\-sigalgs\fR \fIval\fR] +[\fB\-client_sigalgs\fR \fIval\fR] +[\fB\-groups\fR \fIval\fR] +[\fB\-curves\fR \fIval\fR] +[\fB\-named_curve\fR \fIval\fR] +[\fB\-cipher\fR \fIval\fR] +[\fB\-ciphersuites\fR \fIval\fR] +[\fB\-dhparam\fR \fIinfile\fR] +[\fB\-record_padding\fR \fIval\fR] +[\fB\-debug_broken_protocol\fR] +[\fB\-nbio\fR] +[\fB\-psk_identity\fR \fIval\fR] +[\fB\-psk_hint\fR \fIval\fR] +[\fB\-psk\fR \fIval\fR] +[\fB\-psk_session\fR \fIfile\fR] +[\fB\-srpvfile\fR \fIinfile\fR] +[\fB\-srpuserseed\fR \fIval\fR] +[\fB\-timeout\fR] +[\fB\-mtu\fR \fI+int\fR] +[\fB\-listen\fR] +[\fB\-sctp\fR] +[\fB\-sctp_label_bug\fR] +[\fB\-no_dhe\fR] +[\fB\-nextprotoneg\fR \fIval\fR] +[\fB\-use_srtp\fR \fIval\fR] +[\fB\-alpn\fR \fIval\fR] +[\fB\-keylogfile\fR \fIoutfile\fR] +[\fB\-recv_max_early_data\fR \fIint\fR] +[\fB\-max_early_data\fR \fIint\fR] +[\fB\-early_data\fR] +[\fB\-stateless\fR] +[\fB\-anti_replay\fR] +[\fB\-no_anti_replay\fR] +[\fB\-num_tickets\fR] +[\fB\-nameopt\fR \fIoption\fR] +[\fB\-no_ssl3\fR] +[\fB\-no_tls1\fR] +[\fB\-no_tls1_1\fR] +[\fB\-no_tls1_2\fR] +[\fB\-no_tls1_3\fR] +[\fB\-ssl3\fR] +[\fB\-tls1\fR] +[\fB\-tls1_1\fR] +[\fB\-tls1_2\fR] +[\fB\-tls1_3\fR] +[\fB\-dtls\fR] +[\fB\-dtls1\fR] +[\fB\-dtls1_2\fR] +[\fB\-allow_proxy_certs\fR] +[\fB\-attime\fR \fItimestamp\fR] +[\fB\-no_check_time\fR] +[\fB\-check_ss_sig\fR] +[\fB\-crl_check\fR] +[\fB\-crl_check_all\fR] +[\fB\-explicit_policy\fR] +[\fB\-extended_crl\fR] +[\fB\-ignore_critical\fR] +[\fB\-inhibit_any\fR] +[\fB\-inhibit_map\fR] +[\fB\-partial_chain\fR] +[\fB\-policy\fR \fIarg\fR] +[\fB\-policy_check\fR] +[\fB\-policy_print\fR] +[\fB\-purpose\fR \fIpurpose\fR] +[\fB\-suiteB_128\fR] +[\fB\-suiteB_128_only\fR] +[\fB\-suiteB_192\fR] +[\fB\-trusted_first\fR] +[\fB\-no_alt_chains\fR] +[\fB\-use_deltas\fR] +[\fB\-auth_level\fR \fInum\fR] +[\fB\-verify_depth\fR \fInum\fR] +[\fB\-verify_email\fR \fIemail\fR] +[\fB\-verify_hostname\fR \fIhostname\fR] +[\fB\-verify_ip\fR \fIip\fR] +[\fB\-verify_name\fR \fIname\fR] +[\fB\-x509_strict\fR] +[\fB\-issuer_checks\fR] +.PP +[\fB\-bugs\fR] +[\fB\-no_comp\fR] +[\fB\-comp\fR] +[\fB\-no_ticket\fR] +[\fB\-serverpref\fR] +[\fB\-legacy_renegotiation\fR] +[\fB\-no_renegotiation\fR] +[\fB\-no_resumption_on_reneg\fR] +[\fB\-legacy_server_connect\fR] +[\fB\-no_legacy_server_connect\fR] +[\fB\-allow_no_dhe_kex\fR] +[\fB\-prioritize_chacha\fR] +[\fB\-strict\fR] +[\fB\-sigalgs\fR \fIalgs\fR] +[\fB\-client_sigalgs\fR \fIalgs\fR] +[\fB\-groups\fR \fIgroups\fR] +[\fB\-curves\fR \fIcurves\fR] +[\fB\-named_curve\fR \fIcurve\fR] +[\fB\-cipher\fR \fIciphers\fR] +[\fB\-ciphersuites\fR \fI1.3ciphers\fR] +[\fB\-min_protocol\fR \fIminprot\fR] +[\fB\-max_protocol\fR \fImaxprot\fR] +[\fB\-record_padding\fR \fIpadding\fR] +[\fB\-debug_broken_protocol\fR] +[\fB\-no_middlebox\fR] +[\fB\-xkey\fR] \fIinfile\fR +[\fB\-xcert\fR \fIfile\fR] +[\fB\-xchain\fR] \fIfile\fR +[\fB\-xchain_build\fR] \fIfile\fR +[\fB\-xcertform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR]> +[\fB\-xkeyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR]> +[\fB\-CAfile\fR \fIfile\fR] +[\fB\-no\-CAfile\fR] +[\fB\-CApath\fR \fIdir\fR] +[\fB\-no\-CApath\fR] +[\fB\-CAstore\fR \fIuri\fR] +[\fB\-no\-CAstore\fR] +[\fB\-rand\fR \fIfiles\fR] +[\fB\-writerand\fR \fIfile\fR] +[\fB\-engine\fR \fIid\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command implements a generic \s-1SSL/TLS\s0 server which +listens for connections on a given port using \s-1SSL/TLS\s0. +.SH "OPTIONS" +.IX Header "OPTIONS" +In addition to the options below, this command also supports +the common and server only options documented +\&\*(L"Supported Command Line Commands\*(R" in \fISSL_CONF_cmd\fR\|(3) +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-port\fR \fI+int\fR" 4 +.IX Item "-port +int" +The \s-1TCP\s0 port to listen on for connections. If not specified 4433 is used. +.IP "\fB\-accept\fR \fIval\fR" 4 +.IX Item "-accept val" +The optional \s-1TCP\s0 host and port to listen on for connections. If not specified, *:4433 is used. +.IP "\fB\-unix\fR \fIval\fR" 4 +.IX Item "-unix val" +Unix domain socket to accept on. +.IP "\fB\-4\fR" 4 +.IX Item "-4" +Use IPv4 only. +.IP "\fB\-6\fR" 4 +.IX Item "-6" +Use IPv6 only. +.IP "\fB\-unlink\fR" 4 +.IX Item "-unlink" +For \-unix, unlink any existing socket first. +.IP "\fB\-context\fR \fIval\fR" 4 +.IX Item "-context val" +Sets the \s-1SSL\s0 context id. It can be given any string value. If this option +is not present a default value will be used. +.IP "\fB\-verify\fR \fIint\fR, \fB\-Verify\fR \fIint\fR" 4 +.IX Item "-verify int, -Verify int" +The verify depth to use. This specifies the maximum length of the +client certificate chain and makes the server request a certificate from +the client. With the \fB\-verify\fR option a certificate is requested but the +client does not have to send one, with the \fB\-Verify\fR option the client +must supply a certificate or an error occurs. +.Sp +If the cipher suite cannot request a client certificate (for example an +anonymous cipher suite or \s-1PSK\s0) this option has no effect. +.IP "\fB\-cert\fR \fIinfile\fR" 4 +.IX Item "-cert infile" +The certificate to use, most servers cipher suites require the use of a +certificate and some require a certificate with a certain public key type: +for example the \s-1DSS\s0 cipher suites require a certificate containing a \s-1DSS\s0 +(\s-1DSA\s0) key. If not specified then the filename \fIserver.pem\fR will be used. +.IP "\fB\-cert_chain\fR" 4 +.IX Item "-cert_chain" +A file containing trusted certificates to use when attempting to build the +client/server certificate chain related to the certificate specified via the +\&\fB\-cert\fR option. +.IP "\fB\-build_chain\fR" 4 +.IX Item "-build_chain" +Specify whether the application should build the certificate chain to be +provided to the client. +.IP "\fB\-naccept\fR \fI+int\fR" 4 +.IX Item "-naccept +int" +The server will exit after receiving the specified number of connections, +default unlimited. +.IP "\fB\-serverinfo\fR \fIval\fR" 4 +.IX Item "-serverinfo val" +A file containing one or more blocks of \s-1PEM\s0 data. Each \s-1PEM\s0 block +must encode a \s-1TLS\s0 ServerHello extension (2 bytes type, 2 bytes length, +followed by \*(L"length\*(R" bytes of extension data). If the client sends +an empty \s-1TLS\s0 ClientHello extension matching the type, the corresponding +ServerHello extension will be returned. +.IP "\fB\-certform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR, \fB\-CRLForm\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IX Item "-certform DER|PEM, -CRLForm DER|PEM" +The certificate and \s-1CRL\s0 format; the default is \s-1PEM\s0. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-key\fR \fIinfile\fR" 4 +.IX Item "-key infile" +The private key to use. If not specified then the certificate file will +be used. +.IP "\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IX Item "-keyform DER|PEM" +The key format; the default is \fB\s-1PEM\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-pass\fR \fIval\fR" 4 +.IX Item "-pass val" +The private key password source. +For more information about the format of \fIval\fR, +see \*(L"Pass Phrase Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-dcert\fR \fIinfile\fR, \fB\-dkey\fR \fIinfile\fR" 4 +.IX Item "-dcert infile, -dkey infile" +Specify an additional certificate and private key, these behave in the +same manner as the \fB\-cert\fR and \fB\-key\fR options except there is no default +if they are not specified (no additional certificate and key is used). As +noted above some cipher suites require a certificate containing a key of +a certain type. Some cipher suites need a certificate carrying an \s-1RSA\s0 key +and some a \s-1DSS\s0 (\s-1DSA\s0) key. By using \s-1RSA\s0 and \s-1DSS\s0 certificates and keys +a server can support clients which only support \s-1RSA\s0 or \s-1DSS\s0 cipher suites +by using an appropriate certificate. +.IP "\fB\-dcert_chain\fR" 4 +.IX Item "-dcert_chain" +A file containing trusted certificates to use when attempting to build the +server certificate chain when a certificate specified via the \fB\-dcert\fR option +is in use. +.IP "\fB\-dcertform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR, \fB\-dkeyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IX Item "-dcertform DER|PEM, -dkeyform DER|PEM" +The format of the certificate and private key; the default is \fB\s-1PEM\s0\fR +see \*(L"Format Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-dpass\fR \fIval\fR" 4 +.IX Item "-dpass val" +The passphrase for the additional private key. +For more information about the format of \fIval\fR, +see \*(L"Pass Phrase Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-nbio_test\fR" 4 +.IX Item "-nbio_test" +Tests non blocking I/O. +.IP "\fB\-crlf\fR" 4 +.IX Item "-crlf" +This option translated a line feed from the terminal into \s-1CR+LF\s0. +.IP "\fB\-debug\fR" 4 +.IX Item "-debug" +Print extensive debugging information including a hex dump of all traffic. +.IP "\fB\-msg\fR" 4 +.IX Item "-msg" +Show all protocol messages with hex dump. +.IP "\fB\-msgfile\fR \fIoutfile\fR" 4 +.IX Item "-msgfile outfile" +File to send output of \fB\-msg\fR or \fB\-trace\fR to, default standard output. +.IP "\fB\-state\fR" 4 +.IX Item "-state" +Prints the \s-1SSL\s0 session states. +.IP "\fB\-chainCApath\fR \fIdir\fR" 4 +.IX Item "-chainCApath dir" +The directory to use for building the chain provided to the client. This +directory must be in \*(L"hash format\*(R", see \fIopenssl\-verify\fR\|(1) for more +information. +.IP "\fB\-chainCAfile\fR \fIfile\fR" 4 +.IX Item "-chainCAfile file" +A file containing trusted certificates to use when attempting to build the +server certificate chain. +.IP "\fB\-chainCAstore\fR \fIuri\fR" 4 +.IX Item "-chainCAstore uri" +The \s-1URI\s0 to a store to use for building the chain provided to the client. +The \s-1URI\s0 may indicate a single certificate, as well as a collection of +them. +With URIs in the \f(CW\*(C`file:\*(C'\fR scheme, this acts as \fB\-chainCAfile\fR or +\&\fB\-chainCApath\fR, depending on if the \s-1URI\s0 indicates a directory or a +single file. +See \fIossl_store\-file\fR\|(7) for more information on the \f(CW\*(C`file:\*(C'\fR scheme. +.IP "\fB\-nocert\fR" 4 +.IX Item "-nocert" +If this option is set then no certificate is used. This restricts the +cipher suites available to the anonymous ones (currently just anonymous +\&\s-1DH\s0). +.IP "\fB\-quiet\fR" 4 +.IX Item "-quiet" +Inhibit printing of session and certificate information. +.IP "\fB\-tlsextdebug\fR" 4 +.IX Item "-tlsextdebug" +Print a hex dump of any \s-1TLS\s0 extensions received from the server. +.IP "\fB\-www\fR" 4 +.IX Item "-www" +Sends a status message back to the client when it connects. This includes +information about the ciphers used and various session parameters. +The output is in \s-1HTML\s0 format so this option can be used with a web browser. +The special \s-1URL\s0 \f(CW\*(C`/renegcert\*(C'\fR turns on client cert validation, and \f(CW\*(C`/reneg\*(C'\fR +tells the server to request renegotiation. +The \fB\-early_data\fR option cannot be used with this option. +.IP "\fB\-WWW\fR, \fB\-HTTP\fR" 4 +.IX Item "-WWW, -HTTP" +Emulates a simple web server. Pages will be resolved relative to the +current directory, for example if the \s-1URL\s0 \f(CW\*(C`https://myhost/page.html\*(C'\fR is +requested the file \fI./page.html\fR will be sent. +If the \fB\-HTTP\fR flag is used, the files are sent directly, and should contain +any \s-1HTTP\s0 response headers (including status response line). +If the \fB\-WWW\fR option is used, +the response headers are generated by the server, and the file extension is +examined to determine the \fBContent-Type\fR header. +Extensions of \f(CW\*(C`html\*(C'\fR, \f(CW\*(C`htm\*(C'\fR, and \f(CW\*(C`php\*(C'\fR are \f(CW\*(C`text/html\*(C'\fR and all others are +\&\f(CW\*(C`text/plain\*(C'\fR. +In addition, the special \s-1URL\s0 \f(CW\*(C`/stats\*(C'\fR will return status +information like the \fB\-www\fR option. +Neither of these options can be used in conjunction with \fB\-early_data\fR. +.IP "\fB\-http_server_binmode\fR" 4 +.IX Item "-http_server_binmode" +When acting as web-server (using option \fB\-WWW\fR or \fB\-HTTP\fR) open files requested +by the client in binary mode. +.IP "\fB\-id_prefix\fR \fIval\fR" 4 +.IX Item "-id_prefix val" +Generate \s-1SSL/TLS\s0 session IDs prefixed by \fIval\fR. This is mostly useful +for testing any \s-1SSL/TLS\s0 code (eg. proxies) that wish to deal with multiple +servers, when each of which might be generating a unique range of session +IDs (eg. with a certain prefix). +.IP "\fB\-verify_return_error\fR" 4 +.IX Item "-verify_return_error" +Verification errors normally just print a message but allow the +connection to continue, for debugging purposes. +If this option is used, then verification errors close the connection. +.IP "\fB\-status\fR" 4 +.IX Item "-status" +Enables certificate status request support (aka \s-1OCSP\s0 stapling). +.IP "\fB\-status_verbose\fR" 4 +.IX Item "-status_verbose" +Enables certificate status request support (aka \s-1OCSP\s0 stapling) and gives +a verbose printout of the \s-1OCSP\s0 response. +.IP "\fB\-status_timeout\fR \fIint\fR" 4 +.IX Item "-status_timeout int" +Sets the timeout for \s-1OCSP\s0 response to \fIint\fR seconds. +.IP "\fB\-status_url\fR \fIval\fR" 4 +.IX Item "-status_url val" +Sets a fallback responder \s-1URL\s0 to use if no responder \s-1URL\s0 is present in the +server certificate. Without this option an error is returned if the server +certificate does not contain a responder address. +.IP "\fB\-status_file\fR \fIinfile\fR" 4 +.IX Item "-status_file infile" +Overrides any \s-1OCSP\s0 responder URLs from the certificate and always provides the +\&\s-1OCSP\s0 Response stored in the file. The file must be in \s-1DER\s0 format. +.IP "\fB\-trace\fR" 4 +.IX Item "-trace" +Show verbose trace output of protocol messages. OpenSSL needs to be compiled +with \fBenable-ssl-trace\fR for this option to work. +.IP "\fB\-brief\fR" 4 +.IX Item "-brief" +Provide a brief summary of connection parameters instead of the normal verbose +output. +.IP "\fB\-rev\fR" 4 +.IX Item "-rev" +Simple test server which just reverses the text received from the client +and sends it back to the server. Also sets \fB\-brief\fR. Cannot be used in +conjunction with \fB\-early_data\fR. +.IP "\fB\-async\fR" 4 +.IX Item "-async" +Switch on asynchronous mode. Cryptographic operations will be performed +asynchronously. This will only have an effect if an asynchronous capable engine +is also used via the \fB\-engine\fR option. For test purposes the dummy async engine +(dasync) can be used (if available). +.IP "\fB\-max_send_frag\fR \fI+int\fR" 4 +.IX Item "-max_send_frag +int" +The maximum size of data fragment to send. +See \fISSL_CTX_set_max_send_fragment\fR\|(3) for further information. +.IP "\fB\-split_send_frag\fR \fI+int\fR" 4 +.IX Item "-split_send_frag +int" +The size used to split data for encrypt pipelines. If more data is written in +one go than this value then it will be split into multiple pipelines, up to the +maximum number of pipelines defined by max_pipelines. This only has an effect if +a suitable cipher suite has been negotiated, an engine that supports pipelining +has been loaded, and max_pipelines is greater than 1. See +\&\fISSL_CTX_set_split_send_fragment\fR\|(3) for further information. +.IP "\fB\-max_pipelines\fR \fI+int\fR" 4 +.IX Item "-max_pipelines +int" +The maximum number of encrypt/decrypt pipelines to be used. This will only have +an effect if an engine has been loaded that supports pipelining (e.g. the dasync +engine) and a suitable cipher suite has been negotiated. The default value is 1. +See \fISSL_CTX_set_max_pipelines\fR\|(3) for further information. +.IP "\fB\-read_buf\fR \fI+int\fR" 4 +.IX Item "-read_buf +int" +The default read buffer size to be used for connections. This will only have an +effect if the buffer size is larger than the size that would otherwise be used +and pipelining is in use (see \fISSL_CTX_set_default_read_buffer_len\fR\|(3) for +further information). +.IP "\fB\-bugs\fR" 4 +.IX Item "-bugs" +There are several known bugs in \s-1SSL\s0 and \s-1TLS\s0 implementations. Adding this +option enables various workarounds. +.IP "\fB\-no_comp\fR" 4 +.IX Item "-no_comp" +Disable negotiation of \s-1TLS\s0 compression. +\&\s-1TLS\s0 compression is not recommended and is off by default as of +OpenSSL 1.1.0. +.IP "\fB\-comp\fR" 4 +.IX Item "-comp" +Enable negotiation of \s-1TLS\s0 compression. +This option was introduced in OpenSSL 1.1.0. +\&\s-1TLS\s0 compression is not recommended and is off by default as of +OpenSSL 1.1.0. +.IP "\fB\-no_ticket\fR" 4 +.IX Item "-no_ticket" +Disable RFC4507bis session ticket support. This option has no effect if TLSv1.3 +is negotiated. See \fB\-num_tickets\fR. +.IP "\fB\-num_tickets\fR" 4 +.IX Item "-num_tickets" +Control the number of tickets that will be sent to the client after a full +handshake in TLSv1.3. The default number of tickets is 2. This option does not +affect the number of tickets sent after a resumption handshake. +.IP "\fB\-serverpref\fR" 4 +.IX Item "-serverpref" +Use the server's cipher preferences, rather than the client's preferences. +.IP "\fB\-prioritize_chacha\fR" 4 +.IX Item "-prioritize_chacha" +Prioritize ChaCha ciphers when preferred by clients. Requires \fB\-serverpref\fR. +.IP "\fB\-no_resumption_on_reneg\fR" 4 +.IX Item "-no_resumption_on_reneg" +Set the \fB\s-1SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION\s0\fR option. +.IP "\fB\-client_sigalgs\fR \fIval\fR" 4 +.IX Item "-client_sigalgs val" +Signature algorithms to support for client certificate authentication +(colon-separated list). +.IP "\fB\-named_curve\fR \fIval\fR" 4 +.IX Item "-named_curve val" +Specifies the elliptic curve to use. \s-1NOTE:\s0 this is single curve, not a list. +For a list of all possible curves, use: +.Sp +.Vb 1 +\& $ openssl ecparam \-list_curves +.Ve +.IP "\fB\-cipher\fR \fIval\fR" 4 +.IX Item "-cipher val" +This allows the list of TLSv1.2 and below ciphersuites used by the server to be +modified. This list is combined with any TLSv1.3 ciphersuites that have been +configured. When the client sends a list of supported ciphers the first client +cipher also included in the server list is used. Because the client specifies +the preference order, the order of the server cipherlist is irrelevant. See +\&\fIopenssl\-ciphers\fR\|(1) for more information. +.IP "\fB\-ciphersuites\fR \fIval\fR" 4 +.IX Item "-ciphersuites val" +This allows the list of TLSv1.3 ciphersuites used by the server to be modified. +This list is combined with any TLSv1.2 and below ciphersuites that have been +configured. When the client sends a list of supported ciphers the first client +cipher also included in the server list is used. Because the client specifies +the preference order, the order of the server cipherlist is irrelevant. See +\&\fIopenssl\-ciphers\fR\|(1) command for more information. The format for this list is +a simple colon (\*(L":\*(R") separated list of TLSv1.3 ciphersuite names. +.IP "\fB\-dhparam\fR \fIinfile\fR" 4 +.IX Item "-dhparam infile" +The \s-1DH\s0 parameter file to use. The ephemeral \s-1DH\s0 cipher suites generate keys +using a set of \s-1DH\s0 parameters. If not specified then an attempt is made to +load the parameters from the server certificate file. +If this fails then a static set of parameters hard coded into this command +will be used. +.IP "\fB\-nbio\fR" 4 +.IX Item "-nbio" +Turns on non blocking I/O. +.IP "\fB\-psk_identity\fR \fIval\fR" 4 +.IX Item "-psk_identity val" +Expect the client to send \s-1PSK\s0 identity \fIval\fR when using a \s-1PSK\s0 +cipher suite, and warn if they do not. By default, the expected \s-1PSK\s0 +identity is the string \*(L"Client_identity\*(R". +.IP "\fB\-psk_hint\fR \fIval\fR" 4 +.IX Item "-psk_hint val" +Use the \s-1PSK\s0 identity hint \fIval\fR when using a \s-1PSK\s0 cipher suite. +.IP "\fB\-psk\fR \fIval\fR" 4 +.IX Item "-psk val" +Use the \s-1PSK\s0 key \fIval\fR when using a \s-1PSK\s0 cipher suite. The key is +given as a hexadecimal number without leading 0x, for example \-psk +1a2b3c4d. +This option must be provided in order to use a \s-1PSK\s0 cipher. +.IP "\fB\-psk_session\fR \fIfile\fR" 4 +.IX Item "-psk_session file" +Use the pem encoded \s-1SSL_SESSION\s0 data stored in \fIfile\fR as the basis of a \s-1PSK\s0. +Note that this will only work if TLSv1.3 is negotiated. +.IP "\fB\-listen\fR" 4 +.IX Item "-listen" +This option can only be used in conjunction with one of the \s-1DTLS\s0 options above. +With this option, this command will listen on a \s-1UDP\s0 port for incoming +connections. +Any ClientHellos that arrive will be checked to see if they have a cookie in +them or not. +Any without a cookie will be responded to with a HelloVerifyRequest. +If a ClientHello with a cookie is received then this command will +connect to that peer and complete the handshake. +.IP "\fB\-sctp\fR" 4 +.IX Item "-sctp" +Use \s-1SCTP\s0 for the transport protocol instead of \s-1UDP\s0 in \s-1DTLS\s0. Must be used in +conjunction with \fB\-dtls\fR, \fB\-dtls1\fR or \fB\-dtls1_2\fR. This option is only +available where OpenSSL has support for \s-1SCTP\s0 enabled. +.IP "\fB\-sctp_label_bug\fR" 4 +.IX Item "-sctp_label_bug" +Use the incorrect behaviour of older OpenSSL implementations when computing +endpoint-pair shared secrets for \s-1DTLS/SCTP\s0. This allows communication with +older broken implementations but breaks interoperability with correct +implementations. Must be used in conjunction with \fB\-sctp\fR. This option is only +available where OpenSSL has support for \s-1SCTP\s0 enabled. +.IP "\fB\-no_dhe\fR" 4 +.IX Item "-no_dhe" +If this option is set then no \s-1DH\s0 parameters will be loaded effectively +disabling the ephemeral \s-1DH\s0 cipher suites. +.IP "\fB\-alpn\fR \fIval\fR, \fB\-nextprotoneg\fR \fIval\fR" 4 +.IX Item "-alpn val, -nextprotoneg val" +These flags enable the Enable the Application-Layer Protocol Negotiation +or Next Protocol Negotiation (\s-1NPN\s0) extension, respectively. \s-1ALPN\s0 is the +\&\s-1IETF\s0 standard and replaces \s-1NPN\s0. +The \fIval\fR list is a comma-separated list of supported protocol +names. The list should contain the most desirable protocols first. +Protocol names are printable \s-1ASCII\s0 strings, for example \*(L"http/1.1\*(R" or +\&\*(L"spdy/3\*(R". +The flag \fB\-nextprotoneg\fR cannot be specified if \fB\-tls1_3\fR is used. +.IP "\fB\-keylogfile\fR \fIoutfile\fR" 4 +.IX Item "-keylogfile outfile" +Appends \s-1TLS\s0 secrets to the specified keylog file such that external programs +(like Wireshark) can decrypt \s-1TLS\s0 connections. +.IP "\fB\-max_early_data\fR \fIint\fR" 4 +.IX Item "-max_early_data int" +Change the default maximum early data bytes that are specified for new sessions +and any incoming early data (when used in conjunction with the \fB\-early_data\fR +flag). The default value is approximately 16k. The argument must be an integer +greater than or equal to 0. +.IP "\fB\-recv_max_early_data\fR \fIint\fR" 4 +.IX Item "-recv_max_early_data int" +Specify the hard limit on the maximum number of early data bytes that will +be accepted. +.IP "\fB\-early_data\fR" 4 +.IX Item "-early_data" +Accept early data where possible. Cannot be used in conjunction with \fB\-www\fR, +\&\fB\-WWW\fR, \fB\-HTTP\fR or \fB\-rev\fR. +.IP "\fB\-stateless\fR" 4 +.IX Item "-stateless" +Require TLSv1.3 cookies. +.IP "\fB\-anti_replay\fR, \fB\-no_anti_replay\fR" 4 +.IX Item "-anti_replay, -no_anti_replay" +Switches replay protection on or off, respectively. Replay protection is on by +default unless overridden by a configuration file. When it is on, OpenSSL will +automatically detect if a session ticket has been used more than once, TLSv1.3 +has been negotiated, and early data is enabled on the server. A full handshake +is forced if a session ticket is used a second or subsequent time. Any early +data that was sent will be rejected. +.IP "\fB\-nameopt\fR \fIoption\fR" 4 +.IX Item "-nameopt option" +This specifies how the subject or issuer names are displayed. +See \*(L"Name Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-no_ssl3\fR, \fB\-no_tls1\fR, \fB\-no_tls1_1\fR, \fB\-no_tls1_2\fR, \fB\-no_tls1_3\fR, \fB\-ssl3\fR, \fB\-tls1\fR, \fB\-tls1_1\fR, \fB\-tls1_2\fR, \fB\-tls1_3\fR" 4 +.IX Item "-no_ssl3, -no_tls1, -no_tls1_1, -no_tls1_2, -no_tls1_3, -ssl3, -tls1, -tls1_1, -tls1_2, -tls1_3" +See \*(L"\s-1TLS\s0 Version Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-dtls\fR, \fB\-dtls1\fR, \fB\-dtls1_2\fR" 4 +.IX Item "-dtls, -dtls1, -dtls1_2" +These specify the use of \s-1DTLS\s0 instead of \s-1TLS\s0. +See \*(L"\s-1TLS\s0 Version Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-bugs\fR, \fB\-comp\fR, \fB\-no_comp\fR, \fB\-no_ticket\fR, \fB\-serverpref\fR, \fB\-legacy_renegotiation\fR, \fB\-no_renegotiation\fR, \fB\-no_resumption_on_reneg\fR, \fB\-legacy_server_connect\fR, \fB\-no_legacy_server_connect\fR, \fB\-allow_no_dhe_kex\fR, \fB\-prioritize_chacha\fR, \fB\-strict\fR, \fB\-sigalgs\fR \fIalgs\fR, \fB\-client_sigalgs\fR \fIalgs\fR, \fB\-groups\fR \fIgroups\fR, \fB\-curves\fR \fIcurves\fR, \fB\-named_curve\fR \fIcurve\fR, \fB\-cipher\fR \fIciphers\fR, \fB\-ciphersuites\fR \fI1.3ciphers\fR, \fB\-min_protocol\fR \fIminprot\fR, \fB\-max_protocol\fR \fImaxprot\fR, \fB\-record_padding\fR \fIpadding\fR, \fB\-debug_broken_protocol\fR, \fB\-no_middlebox\fR" 4 +.IX Item "-bugs, -comp, -no_comp, -no_ticket, -serverpref, -legacy_renegotiation, -no_renegotiation, -no_resumption_on_reneg, -legacy_server_connect, -no_legacy_server_connect, -allow_no_dhe_kex, -prioritize_chacha, -strict, -sigalgs algs, -client_sigalgs algs, -groups groups, -curves curves, -named_curve curve, -cipher ciphers, -ciphersuites 1.3ciphers, -min_protocol minprot, -max_protocol maxprot, -record_padding padding, -debug_broken_protocol, -no_middlebox" +See \*(L"\s-1SUPPORTED\s0 \s-1COMMAND\s0 \s-1LINE\s0 \s-1COMMANDS\s0\*(R" in \fISSL_CONF_cmd\fR\|(3) for details. +.IP "\fBxkey\fR \fIinfile\fR, \fB\-xcert\fR \fIfile\fR, \fB\-xchain\fR \fIfile\fR, \fB\-xchain_build\fR \fIfile\fR, \fB\-xcertform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR, \fB\-xkeyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IX Item "xkey infile, -xcert file, -xchain file, -xchain_build file, -xcertform DER|PEM, -xkeyform DER|PEM" +Set extended certificate verification options. +See \*(L"Extended Verification Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-CAfile\fR \fIfile\fR, \fB\-no\-CAfile\fR, \fB\-CApath\fR \fIdir\fR, \fB\-no\-CApath\fR, \fB\-CAstore\fR \fIuri\fR, \fB\-no\-CAstore\fR" 4 +.IX Item "-CAfile file, -no-CAfile, -CApath dir, -no-CApath, -CAstore uri, -no-CAstore" +See \*(L"Trusted Certificate Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 +.IX Item "-rand files, -writerand file" +See \*(L"Random State Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +See \*(L"Engine Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-allow_proxy_certs\fR, \fB\-attime\fR, \fB\-no_check_time\fR, \fB\-check_ss_sig\fR, \fB\-crl_check\fR, \fB\-crl_check_all\fR, \fB\-explicit_policy\fR, \fB\-extended_crl\fR, \fB\-ignore_critical\fR, \fB\-inhibit_any\fR, \fB\-inhibit_map\fR, \fB\-no_alt_chains\fR, \fB\-partial_chain\fR, \fB\-policy\fR, \fB\-policy_check\fR, \fB\-policy_print\fR, \fB\-purpose\fR, \fB\-suiteB_128\fR, \fB\-suiteB_128_only\fR, \fB\-suiteB_192\fR, \fB\-trusted_first\fR, \fB\-use_deltas\fR, \fB\-auth_level\fR, \fB\-verify_depth\fR, \fB\-verify_email\fR, \fB\-verify_hostname\fR, \fB\-verify_ip\fR, \fB\-verify_name\fR, \fB\-x509_strict\fR \fB\-issuer_checks\fR" 4 +.IX Item "-allow_proxy_certs, -attime, -no_check_time, -check_ss_sig, -crl_check, -crl_check_all, -explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, -inhibit_map, -no_alt_chains, -partial_chain, -policy, -policy_check, -policy_print, -purpose, -suiteB_128, -suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, -auth_level, -verify_depth, -verify_email, -verify_hostname, -verify_ip, -verify_name, -x509_strict -issuer_checks" +Set various options of certificate chain verification. +See \*(L"Verification Options\*(R" in \fIopenssl\fR\|(1) for details. +.Sp +If the server requests a client certificate, then +verification errors are displayed, for debugging, but the command will +proceed unless the \fB\-verify_return_error\fR option is used. +.SH "CONNECTED COMMANDS" +.IX Header "CONNECTED COMMANDS" +If a connection request is established with an \s-1SSL\s0 client and neither the +\&\fB\-www\fR nor the \fB\-WWW\fR option has been used then normally any data received +from the client is displayed and any key presses will be sent to the client. +.PP +Certain commands are also recognized which perform special operations. These +commands are a letter which must appear at the start of a line. They are listed +below. +.IP "\fBq\fR" 4 +.IX Item "q" +End the current \s-1SSL\s0 connection but still accept new connections. +.IP "\fBQ\fR" 4 +.IX Item "Q" +End the current \s-1SSL\s0 connection and exit. +.IP "\fBr\fR" 4 +.IX Item "r" +Renegotiate the \s-1SSL\s0 session (TLSv1.2 and below only). +.IP "\fBR\fR" 4 +.IX Item "R" +Renegotiate the \s-1SSL\s0 session and request a client certificate (TLSv1.2 and below +only). +.IP "\fBP\fR" 4 +.IX Item "P" +Send some plain text down the underlying \s-1TCP\s0 connection: this should +cause the client to disconnect due to a protocol violation. +.IP "\fBS\fR" 4 +.IX Item "S" +Print out some session cache status information. +.IP "\fBk\fR" 4 +.IX Item "k" +Send a key update message to the client (TLSv1.3 only) +.IP "\fBK\fR" 4 +.IX Item "K" +Send a key update message to the client and request one back (TLSv1.3 only) +.IP "\fBc\fR" 4 +.IX Item "c" +Send a certificate request to the client (TLSv1.3 only) +.SH "NOTES" +.IX Header "NOTES" +This command can be used to debug \s-1SSL\s0 clients. To accept connections +from a web browser the command: +.PP +.Vb 1 +\& openssl s_server \-accept 443 \-www +.Ve +.PP +can be used for example. +.PP +Although specifying an empty list of CAs when requesting a client certificate +is strictly speaking a protocol violation, some \s-1SSL\s0 clients interpret this to +mean any \s-1CA\s0 is acceptable. This is useful for debugging purposes. +.PP +The session parameters can printed out using the \fIopenssl\-sess_id\fR\|(1) command. +.SH "BUGS" +.IX Header "BUGS" +Because this program has a lot of options and also because some of the +techniques used are rather old, the C source for this command is rather +hard to read and not a model of how things should be done. +A typical \s-1SSL\s0 server program would be much simpler. +.PP +The output of common ciphers is wrong: it just gives the list of ciphers that +OpenSSL recognizes and the client supports. +.PP +There should be a way for this command to print out details +of any unknown cipher suites a client says it supports. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIopenssl\-sess_id\fR\|(1), +\&\fIopenssl\-s_client\fR\|(1), +\&\fIopenssl\-ciphers\fR\|(1), +\&\fISSL_CONF_cmd\fR\|(3), +\&\fISSL_CTX_set_max_send_fragment\fR\|(3), +\&\fISSL_CTX_set_split_send_fragment\fR\|(3), +\&\fISSL_CTX_set_max_pipelines\fR\|(3), +\&\fIossl_store\-file\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \-no_alt_chains option was added in OpenSSL 1.1.0. +.PP +The +\&\-allow\-no\-dhe\-kex and \-prioritize_chacha options were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man1/openssl-s_time.1 b/linux_amd64/ssl/share/man/man1/openssl-s_time.1 new file mode 100755 index 0000000..cdf8cbe --- /dev/null +++ b/linux_amd64/ssl/share/man/man1/openssl-s_time.1 @@ -0,0 +1,305 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-S_TIME 1" +.TH OPENSSL-S_TIME 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-s_time \- SSL/TLS performance timing program +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBs_time\fR +[\fB\-help\fR] +[\fB\-connect\fR \fIhost\fR:\fIport\fR] +[\fB\-www\fR \fIpage\fR] +[\fB\-cert\fR \fIfilename\fR] +[\fB\-key\fR \fIfilename\fR] +[\fB\-reuse\fR] +[\fB\-new\fR] +[\fB\-verify\fR \fIdepth\fR] +[\fB\-time\fR \fIseconds\fR] +[\fB\-ssl3\fR] +[\fB\-tls1\fR] +[\fB\-tls1_1\fR] +[\fB\-tls1_2\fR] +[\fB\-tls1_3\fR] +[\fB\-bugs\fR] +[\fB\-cipher\fR \fIcipherlist\fR] +[\fB\-ciphersuites\fR \fIval\fR] +[\fB\-nameopt\fR \fIoption\fR] +[\fB\-cafile\fR \fIfile\fR] +[\fB\-CAfile\fR \fIfile\fR] +[\fB\-no\-CAfile\fR] +[\fB\-CApath\fR \fIdir\fR] +[\fB\-no\-CApath\fR] +[\fB\-CAstore\fR \fIuri\fR] +[\fB\-no\-CAstore\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command implements a generic \s-1SSL/TLS\s0 client which +connects to a remote host using \s-1SSL/TLS\s0. It can request a page from the server +and includes the time to transfer the payload data in its timing measurements. +It measures the number of connections within a given timeframe, the amount of +data transferred (if any), and calculates the average time spent for one +connection. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-connect\fR \fIhost\fR:\fIport\fR" 4 +.IX Item "-connect host:port" +This specifies the host and optional port to connect to. +.IP "\fB\-www\fR \fIpage\fR" 4 +.IX Item "-www page" +This specifies the page to \s-1GET\s0 from the server. A value of '/' gets the +\&\fIindex.html\fR page. If this parameter is not specified, then this command +will only perform the handshake to establish \s-1SSL\s0 connections but not transfer +any payload data. +.IP "\fB\-cert\fR \fIcertname\fR" 4 +.IX Item "-cert certname" +The certificate to use, if one is requested by the server. The default is +not to use a certificate. The file is in \s-1PEM\s0 format. +.IP "\fB\-key\fR \fIkeyfile\fR" 4 +.IX Item "-key keyfile" +The private key to use. If not specified then the certificate file will +be used. The file is in \s-1PEM\s0 format. +.IP "\fB\-verify\fR \fIdepth\fR" 4 +.IX Item "-verify depth" +The verify depth to use. This specifies the maximum length of the +server certificate chain and turns on server certificate verification. +Currently the verify operation continues after errors so all the problems +with a certificate chain can be seen. As a side effect the connection +will never fail due to a server certificate verify failure. +.IP "\fB\-new\fR" 4 +.IX Item "-new" +Performs the timing test using a new session \s-1ID\s0 for each connection. +If neither \fB\-new\fR nor \fB\-reuse\fR are specified, they are both on by default +and executed in sequence. +.IP "\fB\-reuse\fR" 4 +.IX Item "-reuse" +Performs the timing test using the same session \s-1ID\s0; this can be used as a test +that session caching is working. If neither \fB\-new\fR nor \fB\-reuse\fR are +specified, they are both on by default and executed in sequence. +.IP "\fB\-bugs\fR" 4 +.IX Item "-bugs" +There are several known bugs in \s-1SSL\s0 and \s-1TLS\s0 implementations. Adding this +option enables various workarounds. +.IP "\fB\-cipher\fR \fIcipherlist\fR" 4 +.IX Item "-cipher cipherlist" +This allows the TLSv1.2 and below cipher list sent by the client to be modified. +This list will be combined with any TLSv1.3 ciphersuites that have been +configured. Although the server determines which cipher suite is used it should +take the first supported cipher in the list sent by the client. See +\&\fIopenssl\-ciphers\fR\|(1) for more information. +.IP "\fB\-ciphersuites\fR \fIval\fR" 4 +.IX Item "-ciphersuites val" +This allows the TLSv1.3 ciphersuites sent by the client to be modified. This +list will be combined with any TLSv1.2 and below ciphersuites that have been +configured. Although the server determines which cipher suite is used it should +take the first supported cipher in the list sent by the client. See +\&\fIopenssl\-ciphers\fR\|(1) for more information. The format for this list is a +simple colon (\*(L":\*(R") separated list of TLSv1.3 ciphersuite names. +.IP "\fB\-time\fR \fIlength\fR" 4 +.IX Item "-time length" +Specifies how long (in seconds) this command should establish connections +and optionally transfer payload data from a server. Server and client +performance and the link speed determine how many connections it +can establish. +.IP "\fB\-nameopt\fR \fIoption\fR" 4 +.IX Item "-nameopt option" +This specifies how the subject or issuer names are displayed. +See \*(L"Name Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-CAfile\fR \fIfile\fR, \fB\-no\-CAfile\fR, \fB\-CApath\fR \fIdir\fR, \fB\-no\-CApath\fR, \fB\-CAstore\fR \fIuri\fR, \fB\-no\-CAstore\fR" 4 +.IX Item "-CAfile file, -no-CAfile, -CApath dir, -no-CApath, -CAstore uri, -no-CAstore" +See \*(L"Trusted Certificate Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-cafile\fR \fIfile\fR" 4 +.IX Item "-cafile file" +This is an obsolete synonym for \fB\-CAfile\fR. +.IP "\fB\-ssl3\fR, \fB\-tls1\fR, \fB\-tls1_1\fR, \fB\-tls1_2\fR, \fB\-tls1_3\fR" 4 +.IX Item "-ssl3, -tls1, -tls1_1, -tls1_2, -tls1_3" +See \*(L"\s-1TLS\s0 Version Options\*(R" in \fIopenssl\fR\|(1). +.SH "NOTES" +.IX Header "NOTES" +This command can be used to measure the performance of an \s-1SSL\s0 connection. +To connect to an \s-1SSL\s0 \s-1HTTP\s0 server and get the default page the command +.PP +.Vb 1 +\& openssl s_time \-connect servername:443 \-www / \-CApath yourdir \-CAfile yourfile.pem \-cipher commoncipher [\-ssl3] +.Ve +.PP +would typically be used (https uses port 443). \fIcommoncipher\fR is a cipher to +which both client and server can agree, see the \fIopenssl\-ciphers\fR\|(1) command +for details. +.PP +If the handshake fails then there are several possible causes, if it is +nothing obvious like no client certificate then the \fB\-bugs\fR and +\&\fB\-ssl3\fR options can be tried +in case it is a buggy server. In particular you should play with these +options \fBbefore\fR submitting a bug report to an OpenSSL mailing list. +.PP +A frequent problem when attempting to get client certificates working +is that a web client complains it has no certificates or gives an empty +list to choose from. This is normally because the server is not sending +the clients certificate authority in its \*(L"acceptable \s-1CA\s0 list\*(R" when it +requests a certificate. By using \fIopenssl\-s_client\fR\|(1) the \s-1CA\s0 list can be +viewed and checked. However some servers only request client authentication +after a specific \s-1URL\s0 is requested. To obtain the list in this case it +is necessary to use the \fB\-prexit\fR option of \fIopenssl\-s_client\fR\|(1) and +send an \s-1HTTP\s0 request for an appropriate page. +.PP +If a certificate is specified on the command line using the \fB\-cert\fR +option it will not be used unless the server specifically requests +a client certificate. Therefor merely including a client certificate +on the command line is no guarantee that the certificate works. +.SH "BUGS" +.IX Header "BUGS" +Because this program does not have all the options of the +\&\fIopenssl\-s_client\fR\|(1) program to turn protocols on and off, you may not +be able to measure the performance of all protocols with all servers. +.PP +The \fB\-verify\fR option should really exit if the server verification +fails. +.SH "HISTORY" +.IX Header "HISTORY" +The \fB\-cafile\fR option was deprecated in OpenSSL 3.0. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIopenssl\-s_client\fR\|(1), +\&\fIopenssl\-s_server\fR\|(1), +\&\fIopenssl\-ciphers\fR\|(1), +\&\fIossl_store\-file\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2004\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man1/openssl-sess_id.1 b/linux_amd64/ssl/share/man/man1/openssl-sess_id.1 new file mode 100755 index 0000000..dd9d979 --- /dev/null +++ b/linux_amd64/ssl/share/man/man1/openssl-sess_id.1 @@ -0,0 +1,258 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-SESS_ID 1" +.TH OPENSSL-SESS_ID 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-sess_id \- SSL/TLS session handling utility +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBsess_id\fR +[\fB\-help\fR] +[\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1NSS\s0\fR] +[\fB\-in\fR \fIfilename\fR] +[\fB\-out\fR \fIfilename\fR] +[\fB\-text\fR] +[\fB\-cert\fR] +[\fB\-noout\fR] +[\fB\-context\fR \fI\s-1ID\s0\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command processes the encoded version of the \s-1SSL\s0 session +structure and optionally prints out \s-1SSL\s0 session details (for example +the \s-1SSL\s0 session master key) in human readable format. Since this is a +diagnostic tool that needs some knowledge of the \s-1SSL\s0 protocol to use +properly, most users will not need to use it. +.PP +The precise format of the data can vary across OpenSSL versions and +is not documented. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR, \fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1NSS\s0\fR" 4 +.IX Item "-inform DER|PEM, -outform DER|PEM|NSS" +The input and output formats; the default is \s-1PEM\s0. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.Sp +For \fB\s-1NSS\s0\fR output, the session \s-1ID\s0 and master key are reported in \s-1NSS\s0 \*(L"keylog\*(R" +format. +.IP "\fB\-in\fR \fIfilename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read session information from or standard +input by default. +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +This specifies the output filename to write session information to or standard +output if this option is not specified. +.IP "\fB\-text\fR" 4 +.IX Item "-text" +Prints out the various public or private key components in +plain text in addition to the encoded version. +.IP "\fB\-cert\fR" 4 +.IX Item "-cert" +If a certificate is present in the session it will be output using this option, +if the \fB\-text\fR option is also present then it will be printed out in text form. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +This option prevents output of the encoded version of the session. +.IP "\fB\-context\fR \fI\s-1ID\s0\fR" 4 +.IX Item "-context ID" +This option can set the session id so the output session information uses the +supplied \s-1ID\s0. The \s-1ID\s0 can be any string of characters. This option won't normally +be used. +.SH "OUTPUT" +.IX Header "OUTPUT" +Typical output: +.PP +.Vb 10 +\& SSL\-Session: +\& Protocol : TLSv1 +\& Cipher : 0016 +\& Session\-ID: 871E62626C554CE95488823752CBD5F3673A3EF3DCE9C67BD916C809914B40ED +\& Session\-ID\-ctx: 01000000 +\& Master\-Key: A7CEFC571974BE02CAC305269DC59F76EA9F0B180CB6642697A68251F2D2BB57E51DBBB4C7885573192AE9AEE220FACD +\& Key\-Arg : None +\& Start Time: 948459261 +\& Timeout : 300 (sec) +\& Verify return code 0 (ok) +.Ve +.PP +These are described below in more detail. +.IP "\fBProtocol\fR" 4 +.IX Item "Protocol" +This is the protocol in use TLSv1.3, TLSv1.2, TLSv1.1, TLSv1 or SSLv3. +.IP "\fBCipher\fR" 4 +.IX Item "Cipher" +The cipher used this is the actual raw \s-1SSL\s0 or \s-1TLS\s0 cipher code, see the \s-1SSL\s0 +or \s-1TLS\s0 specifications for more information. +.IP "\fBSession-ID\fR" 4 +.IX Item "Session-ID" +The \s-1SSL\s0 session \s-1ID\s0 in hex format. +.IP "\fBSession-ID-ctx\fR" 4 +.IX Item "Session-ID-ctx" +The session \s-1ID\s0 context in hex format. +.IP "\fBMaster-Key\fR" 4 +.IX Item "Master-Key" +This is the \s-1SSL\s0 session master key. +.IP "\fBStart Time\fR" 4 +.IX Item "Start Time" +This is the session start time represented as an integer in standard +Unix format. +.IP "\fBTimeout\fR" 4 +.IX Item "Timeout" +The timeout in seconds. +.IP "\fBVerify return code\fR" 4 +.IX Item "Verify return code" +This is the return code when an \s-1SSL\s0 client certificate is verified. +.SH "NOTES" +.IX Header "NOTES" +Since the \s-1SSL\s0 session output contains the master key it is +possible to read the contents of an encrypted session using this +information. Therefore appropriate security precautions should be taken if +the information is being output by a \*(L"real\*(R" application. This is however +strongly discouraged and should only be used for debugging purposes. +.SH "BUGS" +.IX Header "BUGS" +The cipher and start time should be printed out in human readable form. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIopenssl\-ciphers\fR\|(1), +\&\fIopenssl\-s_server\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man1/openssl-smime.1 b/linux_amd64/ssl/share/man/man1/openssl-smime.1 new file mode 100755 index 0000000..3af13b2 --- /dev/null +++ b/linux_amd64/ssl/share/man/man1/openssl-smime.1 @@ -0,0 +1,619 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-SMIME 1" +.TH OPENSSL-SMIME 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-smime \- S/MIME utility +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBsmime\fR +[\fB\-help\fR] +[\fB\-encrypt\fR] +[\fB\-decrypt\fR] +[\fB\-sign\fR] +[\fB\-resign\fR] +[\fB\-verify\fR] +[\fB\-pk7out\fR] +[\fB\-binary\fR] +[\fB\-crlfeol\fR] +[\fB\-\f(BIcipher\fB\fR] +[\fB\-in\fR \fIfile\fR] +[\fB\-certfile\fR \fIfile\fR] +[\fB\-signer\fR \fIfile\fR] +[\fB\-nointern\fR] +[\fB\-noverify\fR] +[\fB\-nochain\fR] +[\fB\-nosigs\fR] +[\fB\-nocerts\fR] +[\fB\-noattr\fR] +[\fB\-nodetach\fR] +[\fB\-nosmimecap\fR] +[\fB\-recip\fR \fI file\fR] +[\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1SMIME\s0\fR] +[\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1SMIME\s0\fR] +[\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1ENGINE\s0\fR] +[\fB\-passin\fR \fIarg\fR] +[\fB\-inkey\fR \fIfile_or_id\fR] +[\fB\-out\fR \fIfile\fR] +[\fB\-content\fR \fIfile\fR] +[\fB\-to\fR \fIaddr\fR] +[\fB\-from\fR \fIad\fR] +[\fB\-subject\fR \fIs\fR] +[\fB\-text\fR] +[\fB\-indef\fR] +[\fB\-noindef\fR] +[\fB\-stream\fR] +[\fB\-md\fR \fIdigest\fR] +[\fB\-CAfile\fR \fIfile\fR] +[\fB\-no\-CAfile\fR] +[\fB\-CApath\fR \fIdir\fR] +[\fB\-no\-CApath\fR] +[\fB\-CAstore\fR \fIuri\fR] +[\fB\-no\-CAstore\fR] +[\fB\-engine\fR \fIid\fR] +[\fB\-rand\fR \fIfiles\fR] +[\fB\-writerand\fR \fIfile\fR] +[\fB\-allow_proxy_certs\fR] +[\fB\-attime\fR \fItimestamp\fR] +[\fB\-no_check_time\fR] +[\fB\-check_ss_sig\fR] +[\fB\-crl_check\fR] +[\fB\-crl_check_all\fR] +[\fB\-explicit_policy\fR] +[\fB\-extended_crl\fR] +[\fB\-ignore_critical\fR] +[\fB\-inhibit_any\fR] +[\fB\-inhibit_map\fR] +[\fB\-partial_chain\fR] +[\fB\-policy\fR \fIarg\fR] +[\fB\-policy_check\fR] +[\fB\-policy_print\fR] +[\fB\-purpose\fR \fIpurpose\fR] +[\fB\-suiteB_128\fR] +[\fB\-suiteB_128_only\fR] +[\fB\-suiteB_192\fR] +[\fB\-trusted_first\fR] +[\fB\-no_alt_chains\fR] +[\fB\-use_deltas\fR] +[\fB\-auth_level\fR \fInum\fR] +[\fB\-verify_depth\fR \fInum\fR] +[\fB\-verify_email\fR \fIemail\fR] +[\fB\-verify_hostname\fR \fIhostname\fR] +[\fB\-verify_ip\fR \fIip\fR] +[\fB\-verify_name\fR \fIname\fR] +[\fB\-x509_strict\fR] +[\fB\-issuer_checks\fR] +.PP +\&\fIcert.pem\fR ... +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command handles S/MIME mail. It can encrypt, decrypt, sign +and verify S/MIME messages. +.SH "OPTIONS" +.IX Header "OPTIONS" +There are six operation options that set the type of operation to be performed. +The meaning of the other options varies according to the operation type. +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-encrypt\fR" 4 +.IX Item "-encrypt" +Encrypt mail for the given recipient certificates. Input file is the message +to be encrypted. The output file is the encrypted mail in \s-1MIME\s0 format. +.Sp +Note that no revocation check is done for the recipient cert, so if that +key has been compromised, others may be able to decrypt the text. +.IP "\fB\-decrypt\fR" 4 +.IX Item "-decrypt" +Decrypt mail using the supplied certificate and private key. Expects an +encrypted mail message in \s-1MIME\s0 format for the input file. The decrypted mail +is written to the output file. +.IP "\fB\-sign\fR" 4 +.IX Item "-sign" +Sign mail using the supplied certificate and private key. Input file is +the message to be signed. The signed message in \s-1MIME\s0 format is written +to the output file. +.IP "\fB\-verify\fR" 4 +.IX Item "-verify" +Verify signed mail. Expects a signed mail message on input and outputs +the signed data. Both clear text and opaque signing is supported. +.IP "\fB\-pk7out\fR" 4 +.IX Item "-pk7out" +Takes an input message and writes out a \s-1PEM\s0 encoded PKCS#7 structure. +.IP "\fB\-resign\fR" 4 +.IX Item "-resign" +Resign a message: take an existing message and one or more new signers. +.IP "\fB\-in\fR \fIfilename\fR" 4 +.IX Item "-in filename" +The input message to be encrypted or signed or the \s-1MIME\s0 message to +be decrypted or verified. +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +The message text that has been decrypted or verified or the output \s-1MIME\s0 +format message that has been signed or verified. +.IP "\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1SMIME\s0\fR" 4 +.IX Item "-inform DER|PEM|SMIME" +The input format of the PKCS#7 (S/MIME) structure (if one is being read); +the default is \fB\s-1SMIME\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1SMIME\s0\fR" 4 +.IX Item "-outform DER|PEM|SMIME" +The output format of the PKCS#7 (S/MIME) structure (if one is being written); +the default is \fB\s-1SMIME\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IX Item "-keyform DER|PEM" +The key format; the default is \fB\s-1PEM\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-stream\fR, \fB\-indef\fR, \fB\-noindef\fR" 4 +.IX Item "-stream, -indef, -noindef" +The \fB\-stream\fR and \fB\-indef\fR options are equivalent and enable streaming I/O +for encoding operations. This permits single pass processing of data without +the need to hold the entire contents in memory, potentially supporting very +large files. Streaming is automatically set for S/MIME signing with detached +data if the output format is \fB\s-1SMIME\s0\fR it is currently off by default for all +other operations. +.IP "\fB\-noindef\fR" 4 +.IX Item "-noindef" +Disable streaming I/O where it would produce and indefinite length constructed +encoding. This option currently has no effect. In future streaming will be +enabled by default on all relevant operations and this option will disable it. +.IP "\fB\-content\fR \fIfilename\fR" 4 +.IX Item "-content filename" +This specifies a file containing the detached content, this is only +useful with the \fB\-verify\fR command. This is only usable if the PKCS#7 +structure is using the detached signature form where the content is +not included. This option will override any content if the input format +is S/MIME and it uses the multipart/signed \s-1MIME\s0 content type. +.IP "\fB\-text\fR" 4 +.IX Item "-text" +This option adds plain text (text/plain) \s-1MIME\s0 headers to the supplied +message if encrypting or signing. If decrypting or verifying it strips +off text headers: if the decrypted or verified message is not of \s-1MIME\s0 +type text/plain then an error occurs. +.IP "\fB\-md\fR \fIdigest\fR" 4 +.IX Item "-md digest" +Digest algorithm to use when signing or resigning. If not present then the +default digest algorithm for the signing key will be used (usually \s-1SHA1\s0). +.IP "\fB\-\f(BIcipher\fB\fR" 4 +.IX Item "-cipher" +The encryption algorithm to use. For example \s-1DES\s0 (56 bits) \- \fB\-des\fR, +triple \s-1DES\s0 (168 bits) \- \fB\-des3\fR, +\&\fIEVP_get_cipherbyname()\fR function) can also be used preceded by a dash, for +example \fB\-aes\-128\-cbc\fR. See \fIopenssl\-enc\fR\|(1) for list of ciphers +supported by your version of OpenSSL. +.Sp +If not specified triple \s-1DES\s0 is used. Only used with \fB\-encrypt\fR. +.IP "\fB\-nointern\fR" 4 +.IX Item "-nointern" +When verifying a message normally certificates (if any) included in +the message are searched for the signing certificate. With this option +only the certificates specified in the \fB\-certfile\fR option are used. +The supplied certificates can still be used as untrusted CAs however. +.IP "\fB\-noverify\fR" 4 +.IX Item "-noverify" +Do not verify the signers certificate of a signed message. +.IP "\fB\-nochain\fR" 4 +.IX Item "-nochain" +Do not do chain verification of signers certificates; that is, do not +use the certificates in the signed message as untrusted CAs. +.IP "\fB\-nosigs\fR" 4 +.IX Item "-nosigs" +Don't try to verify the signatures on the message. +.IP "\fB\-nocerts\fR" 4 +.IX Item "-nocerts" +When signing a message the signer's certificate is normally included +with this option it is excluded. This will reduce the size of the +signed message but the verifier must have a copy of the signers certificate +available locally (passed using the \fB\-certfile\fR option for example). +.IP "\fB\-noattr\fR" 4 +.IX Item "-noattr" +Normally when a message is signed a set of attributes are included which +include the signing time and supported symmetric algorithms. With this +option they are not included. +.IP "\fB\-nodetach\fR" 4 +.IX Item "-nodetach" +When signing a message use opaque signing. This form is more resistant +to translation by mail relays but it cannot be read by mail agents that +do not support S/MIME. Without this option cleartext signing with +the \s-1MIME\s0 type multipart/signed is used. +.IP "\fB\-nosmimecap\fR" 4 +.IX Item "-nosmimecap" +When signing a message, do not include the \fBSMIMECapabilities\fR attribute. +.IP "\fB\-binary\fR" 4 +.IX Item "-binary" +Normally the input message is converted to \*(L"canonical\*(R" format which is +effectively using \s-1CR\s0 and \s-1LF\s0 as end of line: as required by the S/MIME +specification. When this option is present no translation occurs. This +is useful when handling binary data which may not be in \s-1MIME\s0 format. +.IP "\fB\-crlfeol\fR" 4 +.IX Item "-crlfeol" +Normally the output file uses a single \fB\s-1LF\s0\fR as end of line. When this +option is present \fB\s-1CRLF\s0\fR is used instead. +.IP "\fB\-certfile\fR \fIfile\fR" 4 +.IX Item "-certfile file" +Allows additional certificates to be specified. When signing these will +be included with the message. When verifying these will be searched for +the signers certificates. The certificates should be in \s-1PEM\s0 format. +.IP "\fB\-signer\fR \fIfile\fR" 4 +.IX Item "-signer file" +A signing certificate when signing or resigning a message, this option can be +used multiple times if more than one signer is required. If a message is being +verified then the signers certificates will be written to this file if the +verification was successful. +.IP "\fB\-nocerts\fR" 4 +.IX Item "-nocerts" +Don't include signers certificate when signing. +.IP "\fB\-noattr\fR" 4 +.IX Item "-noattr" +Don't include any signed attributes when signing. +.IP "\fB\-recip\fR \fIfile\fR" 4 +.IX Item "-recip file" +The recipients certificate when decrypting a message. This certificate +must match one of the recipients of the message or an error occurs. +.IP "\fB\-inkey\fR \fIfile_or_id\fR" 4 +.IX Item "-inkey file_or_id" +The private key to use when signing or decrypting. This must match the +corresponding certificate. If this option is not specified then the +private key must be included in the certificate file specified with +the \fB\-recip\fR or \fB\-signer\fR file. When signing this option can be used +multiple times to specify successive keys. +If no engine is used, the argument is taken as a file; if an engine is +specified, the argument is given to the engine as a key identifier. +.IP "\fB\-passin\fR \fIarg\fR" 4 +.IX Item "-passin arg" +The private key password source. For more information about the format of \fIarg\fR +see \*(L"Pass Phrase Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-to\fR, \fB\-from\fR, \fB\-subject\fR" 4 +.IX Item "-to, -from, -subject" +The relevant mail headers. These are included outside the signed +portion of a message so they may be included manually. If signing +then many S/MIME mail clients check the signers certificate's email +address matches that specified in the From: address. +.IP "\fB\-allow_proxy_certs\fR, \fB\-attime\fR, \fB\-no_check_time\fR, \fB\-check_ss_sig\fR, \fB\-crl_check\fR, \fB\-crl_check_all\fR, \fB\-explicit_policy\fR, \fB\-extended_crl\fR, \fB\-ignore_critical\fR, \fB\-inhibit_any\fR, \fB\-inhibit_map\fR, \fB\-no_alt_chains\fR, \fB\-partial_chain\fR, \fB\-policy\fR, \fB\-policy_check\fR, \fB\-policy_print\fR, \fB\-purpose\fR, \fB\-suiteB_128\fR, \fB\-suiteB_128_only\fR, \fB\-suiteB_192\fR, \fB\-trusted_first\fR, \fB\-use_deltas\fR, \fB\-auth_level\fR, \fB\-verify_depth\fR, \fB\-verify_email\fR, \fB\-verify_hostname\fR, \fB\-verify_ip\fR, \fB\-verify_name\fR, \fB\-x509_strict\fR \fB\-issuer_checks\fR" 4 +.IX Item "-allow_proxy_certs, -attime, -no_check_time, -check_ss_sig, -crl_check, -crl_check_all, -explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, -inhibit_map, -no_alt_chains, -partial_chain, -policy, -policy_check, -policy_print, -purpose, -suiteB_128, -suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, -auth_level, -verify_depth, -verify_email, -verify_hostname, -verify_ip, -verify_name, -x509_strict -issuer_checks" +Set various options of certificate chain verification. +See \*(L"Verification Options\*(R" in \fIopenssl\fR\|(1) for details. +.Sp +Any verification errors cause the command to exit. +.IP "\fB\-CAfile\fR \fIfile\fR, \fB\-no\-CAfile\fR, \fB\-CApath\fR \fIdir\fR, \fB\-no\-CApath\fR, \fB\-CAstore\fR \fIuri\fR, \fB\-no\-CAstore\fR" 4 +.IX Item "-CAfile file, -no-CAfile, -CApath dir, -no-CApath, -CAstore uri, -no-CAstore" +See \*(L"Trusted Certificate Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +See \*(L"Engine Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 +.IX Item "-rand files, -writerand file" +See \*(L"Random State Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fIcert.pem\fR ..." 4 +.IX Item "cert.pem ..." +One or more certificates of message recipients, used when encrypting +a message. +.SH "NOTES" +.IX Header "NOTES" +The \s-1MIME\s0 message must be sent without any blank lines between the +headers and the output. Some mail programs will automatically add +a blank line. Piping the mail directly to sendmail is one way to +achieve the correct format. +.PP +The supplied message to be signed or encrypted must include the +necessary \s-1MIME\s0 headers or many S/MIME clients won't display it +properly (if at all). You can use the \fB\-text\fR option to automatically +add plain text headers. +.PP +A \*(L"signed and encrypted\*(R" message is one where a signed message is +then encrypted. This can be produced by encrypting an already signed +message: see the examples section. +.PP +This version of the program only allows one signer per message but it +will verify multiple signers on received messages. Some S/MIME clients +choke if a message contains multiple signers. It is possible to sign +messages \*(L"in parallel\*(R" by signing an already signed message. +.PP +The options \fB\-encrypt\fR and \fB\-decrypt\fR reflect common usage in S/MIME +clients. Strictly speaking these process PKCS#7 enveloped data: PKCS#7 +encrypted data is used for other purposes. +.PP +The \fB\-resign\fR option uses an existing message digest when adding a new +signer. This means that attributes must be present in at least one existing +signer using the same message digest or this operation will fail. +.PP +The \fB\-stream\fR and \fB\-indef\fR options enable streaming I/O support. +As a result the encoding is \s-1BER\s0 using indefinite length constructed encoding +and no longer \s-1DER\s0. Streaming is supported for the \fB\-encrypt\fR operation and the +\&\fB\-sign\fR operation if the content is not detached. +.PP +Streaming is always used for the \fB\-sign\fR operation with detached data but +since the content is no longer part of the PKCS#7 structure the encoding +remains \s-1DER\s0. +.SH "EXIT CODES" +.IX Header "EXIT CODES" +.IP "0" 4 +The operation was completely successfully. +.IP "1" 4 +.IX Item "1" +An error occurred parsing the command options. +.IP "2" 4 +.IX Item "2" +One of the input files could not be read. +.IP "3" 4 +.IX Item "3" +An error occurred creating the PKCS#7 file or when reading the \s-1MIME\s0 +message. +.IP "4" 4 +.IX Item "4" +An error occurred decrypting or verifying the message. +.IP "5" 4 +.IX Item "5" +The message was verified correctly but an error occurred writing out +the signers certificates. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Create a cleartext signed message: +.PP +.Vb 2 +\& openssl smime \-sign \-in message.txt \-text \-out mail.msg \e +\& \-signer mycert.pem +.Ve +.PP +Create an opaque signed message: +.PP +.Vb 2 +\& openssl smime \-sign \-in message.txt \-text \-out mail.msg \-nodetach \e +\& \-signer mycert.pem +.Ve +.PP +Create a signed message, include some additional certificates and +read the private key from another file: +.PP +.Vb 2 +\& openssl smime \-sign \-in in.txt \-text \-out mail.msg \e +\& \-signer mycert.pem \-inkey mykey.pem \-certfile mycerts.pem +.Ve +.PP +Create a signed message with two signers: +.PP +.Vb 2 +\& openssl smime \-sign \-in message.txt \-text \-out mail.msg \e +\& \-signer mycert.pem \-signer othercert.pem +.Ve +.PP +Send a signed message under Unix directly to sendmail, including headers: +.PP +.Vb 3 +\& openssl smime \-sign \-in in.txt \-text \-signer mycert.pem \e +\& \-from steve@openssl.org \-to someone@somewhere \e +\& \-subject "Signed message" | sendmail someone@somewhere +.Ve +.PP +Verify a message and extract the signer's certificate if successful: +.PP +.Vb 1 +\& openssl smime \-verify \-in mail.msg \-signer user.pem \-out signedtext.txt +.Ve +.PP +Send encrypted mail using triple \s-1DES:\s0 +.PP +.Vb 3 +\& openssl smime \-encrypt \-in in.txt \-from steve@openssl.org \e +\& \-to someone@somewhere \-subject "Encrypted message" \e +\& \-des3 user.pem \-out mail.msg +.Ve +.PP +Sign and encrypt mail: +.PP +.Vb 4 +\& openssl smime \-sign \-in ml.txt \-signer my.pem \-text \e +\& | openssl smime \-encrypt \-out mail.msg \e +\& \-from steve@openssl.org \-to someone@somewhere \e +\& \-subject "Signed and Encrypted message" \-des3 user.pem +.Ve +.PP +Note: the encryption command does not include the \fB\-text\fR option because the +message being encrypted already has \s-1MIME\s0 headers. +.PP +Decrypt mail: +.PP +.Vb 1 +\& openssl smime \-decrypt \-in mail.msg \-recip mycert.pem \-inkey key.pem +.Ve +.PP +The output from Netscape form signing is a PKCS#7 structure with the +detached signature format. You can use this program to verify the +signature by line wrapping the base64 encoded structure and surrounding +it with: +.PP +.Vb 2 +\& \-\-\-\-\-BEGIN PKCS7\-\-\-\-\- +\& \-\-\-\-\-END PKCS7\-\-\-\-\- +.Ve +.PP +and using the command: +.PP +.Vb 1 +\& openssl smime \-verify \-inform PEM \-in signature.pem \-content content.txt +.Ve +.PP +Alternatively you can base64 decode the signature and use: +.PP +.Vb 1 +\& openssl smime \-verify \-inform DER \-in signature.der \-content content.txt +.Ve +.PP +Create an encrypted message using 128 bit Camellia: +.PP +.Vb 1 +\& openssl smime \-encrypt \-in plain.txt \-camellia128 \-out mail.msg cert.pem +.Ve +.PP +Add a signer to an existing message: +.PP +.Vb 1 +\& openssl smime \-resign \-in mail.msg \-signer newsign.pem \-out mail2.msg +.Ve +.SH "BUGS" +.IX Header "BUGS" +The \s-1MIME\s0 parser isn't very clever: it seems to handle most messages that I've +thrown at it but it may choke on others. +.PP +The code currently will only write out the signer's certificate to a file: if +the signer has a separate encryption certificate this must be manually +extracted. There should be some heuristic that determines the correct +encryption certificate. +.PP +Ideally a database should be maintained of a certificates for each email +address. +.PP +The code doesn't currently take note of the permitted symmetric encryption +algorithms as supplied in the SMIMECapabilities signed attribute. This means the +user has to manually include the correct encryption algorithm. It should store +the list of permitted ciphers in a database and only use those. +.PP +No revocation checking is done on the signer's certificate. +.PP +The current code can only handle S/MIME v2 messages, the more complex S/MIME v3 +structures may cause parsing errors. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIossl_store\-file\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The use of multiple \fB\-signer\fR options and the \fB\-resign\fR command were first +added in OpenSSL 1.0.0 +.PP +The \-no_alt_chains option was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man1/openssl-speed.1 b/linux_amd64/ssl/share/man/man1/openssl-speed.1 new file mode 100755 index 0000000..8cb3d66 --- /dev/null +++ b/linux_amd64/ssl/share/man/man1/openssl-speed.1 @@ -0,0 +1,227 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-SPEED 1" +.TH OPENSSL-SPEED 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-speed \- test library performance +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl speed\fR +[\fB\-help\fR] +[\fB\-elapsed\fR] +[\fB\-evp\fR \fIalgo\fR] +[\fB\-hmac\fR \fIalgo\fR] +[\fB\-cmac\fR \fIalgo\fR] +[\fB\-mb\fR] +[\fB\-aead\fR] +[\fB\-multi\fR \fInum\fR] +[\fB\-async_jobs\fR \fInum\fR] +[\fB\-misalign\fR \fInum\fR] +[\fB\-decrypt\fR] +[\fB\-primes\fR \fInum\fR] +[\fB\-seconds\fR \fInum\fR] +[\fB\-bytes\fR \fInum\fR] +[\fB\-mr\fR] +[\fB\-rand\fR \fIfiles\fR] +[\fB\-writerand\fR \fIfile\fR] +[\fB\-engine\fR \fIid\fR] +[\fIalgorithm\fR ...] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command is used to test the performance of cryptographic algorithms. +To see the list of supported algorithms, use \f(CW\*(C`openssl list \-digest\-commands\*(C'\fR +or \f(CW\*(C`openssl list \-cipher\-commands\*(C'\fR command. The global \s-1CSPRNG\s0 is denoted by +the \fBrand\fR algorithm name. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-elapsed\fR" 4 +.IX Item "-elapsed" +When calculating operations\- or bytes-per-second, use wall-clock time +instead of \s-1CPU\s0 user time as divisor. It can be useful when testing speed +of hardware engines. +.IP "\fB\-evp\fR \fIalgo\fR" 4 +.IX Item "-evp algo" +Use the specified cipher or message digest algorithm via the \s-1EVP\s0 interface. +If \fIalgo\fR is an \s-1AEAD\s0 cipher, then you can pass \fB\-aead\fR to benchmark a +TLS-like sequence. And if \fIalgo\fR is a multi-buffer capable cipher, e.g. +aes\-128\-cbc\-hmac\-sha1, then \fB\-mb\fR will time multi-buffer operation. +.IP "\fB\-multi\fR \fInum\fR" 4 +.IX Item "-multi num" +Run multiple operations in parallel. +.IP "\fB\-async_jobs\fR \fInum\fR" 4 +.IX Item "-async_jobs num" +Enable async mode and start specified number of jobs. +.IP "\fB\-misalign\fR \fInum\fR" 4 +.IX Item "-misalign num" +Misalign the buffers by the specified number of bytes. +.IP "\fB\-hmac\fR \fIdigest\fR" 4 +.IX Item "-hmac digest" +Time the \s-1HMAC\s0 algorithm using the specified message digest. +.IP "\fB\-cmac\fR \fIcipher\fR" 4 +.IX Item "-cmac cipher" +Time the \s-1CMAC\s0 algorithm using the specified cipher e.g. +\&\f(CW\*(C`openssl speed \-cmac aes128\*(C'\fR. +.IP "\fB\-decrypt\fR" 4 +.IX Item "-decrypt" +Time the decryption instead of encryption. Affects only the \s-1EVP\s0 testing. +.IP "\fB\-primes\fR \fInum\fR" 4 +.IX Item "-primes num" +Generate a \fInum\fR\-prime \s-1RSA\s0 key and use it to run the benchmarks. This option +is only effective if \s-1RSA\s0 algorithm is specified to test. +.IP "\fB\-seconds\fR \fInum\fR" 4 +.IX Item "-seconds num" +Run benchmarks for \fInum\fR seconds. +.IP "\fB\-bytes\fR \fInum\fR" 4 +.IX Item "-bytes num" +Run benchmarks on \fInum\fR\-byte buffers. Affects ciphers, digests and the \s-1CSPRNG\s0. +.IP "\fB\-mr\fR" 4 +.IX Item "-mr" +Produce the summary in a mechanical, machine-readable, format. +.IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 +.IX Item "-rand files, -writerand file" +See \*(L"Random State Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +See \*(L"Engine Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fIalgorithm\fR ..." 4 +.IX Item "algorithm ..." +If any \fIalgorithm\fR is given, then those algorithms are tested, otherwise a +pre-compiled grand selection is tested. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man1/openssl-spkac.1 b/linux_amd64/ssl/share/man/man1/openssl-spkac.1 new file mode 100755 index 0000000..f01af99 --- /dev/null +++ b/linux_amd64/ssl/share/man/man1/openssl-spkac.1 @@ -0,0 +1,263 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-SPKAC 1" +.TH OPENSSL-SPKAC 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-spkac \- SPKAC printing and generating utility +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBspkac\fR +[\fB\-help\fR] +[\fB\-in\fR \fIfilename\fR] +[\fB\-out\fR \fIfilename\fR] +[\fB\-key\fR \fIkeyfile\fR] +[\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1ENGINE\s0\fR] +[\fB\-passin\fR \fIarg\fR] +[\fB\-challenge\fR \fIstring\fR] +[\fB\-pubkey\fR] +[\fB\-spkac\fR \fIspkacname\fR] +[\fB\-spksect\fR \fIsection\fR] +[\fB\-noout\fR] +[\fB\-verify\fR] +[\fB\-engine\fR \fIid\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command processes Netscape signed public key and challenge +(\s-1SPKAC\s0) files. It can print out their contents, verify the signature and +produce its own SPKACs from a supplied private key. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-in\fR \fIfilename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read from or standard input if this +option is not specified. Ignored if the \fB\-key\fR option is used. +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +Specifies the output filename to write to or standard output by +default. +.IP "\fB\-key\fR \fIkeyfile\fR" 4 +.IX Item "-key keyfile" +Create an \s-1SPKAC\s0 file using the private key in \fIkeyfile\fR. The +\&\fB\-in\fR, \fB\-noout\fR, \fB\-spksect\fR and \fB\-verify\fR options are ignored if +present. +.IP "\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1ENGINE\s0\fR" 4 +.IX Item "-keyform DER|PEM|ENGINE" +The key format; the default is \fB\s-1PEM\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-passin\fR \fIarg\fR" 4 +.IX Item "-passin arg" +The input file password source. For more information about the format of \fIarg\fR +see \*(L"Pass Phrase Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-challenge\fR \fIstring\fR" 4 +.IX Item "-challenge string" +Specifies the challenge string if an \s-1SPKAC\s0 is being created. +.IP "\fB\-spkac\fR \fIspkacname\fR" 4 +.IX Item "-spkac spkacname" +Allows an alternative name form the variable containing the +\&\s-1SPKAC\s0. The default is \*(L"\s-1SPKAC\s0\*(R". This option affects both +generated and input \s-1SPKAC\s0 files. +.IP "\fB\-spksect\fR \fIsection\fR" 4 +.IX Item "-spksect section" +Allows an alternative name form the section containing the +\&\s-1SPKAC\s0. The default is the default section. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +Don't output the text version of the \s-1SPKAC\s0 (not used if an +\&\s-1SPKAC\s0 is being created). +.IP "\fB\-pubkey\fR" 4 +.IX Item "-pubkey" +Output the public key of an \s-1SPKAC\s0 (not used if an \s-1SPKAC\s0 is +being created). +.IP "\fB\-verify\fR" 4 +.IX Item "-verify" +Verifies the digital signature on the supplied \s-1SPKAC\s0. +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +See \*(L"Engine Options\*(R" in \fIopenssl\fR\|(1). +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Print out the contents of an \s-1SPKAC:\s0 +.PP +.Vb 1 +\& openssl spkac \-in spkac.cnf +.Ve +.PP +Verify the signature of an \s-1SPKAC:\s0 +.PP +.Vb 1 +\& openssl spkac \-in spkac.cnf \-noout \-verify +.Ve +.PP +Create an \s-1SPKAC\s0 using the challenge string \*(L"hello\*(R": +.PP +.Vb 1 +\& openssl spkac \-key key.pem \-challenge hello \-out spkac.cnf +.Ve +.PP +Example of an \s-1SPKAC\s0, (long lines split up for clarity): +.PP +.Vb 6 +\& SPKAC=MIG5MGUwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA\e +\& 1cCoq2Wa3Ixs47uI7FPVwHVIPDx5yso105Y6zpozam135a\e +\& 8R0CpoRvkkigIyXfcCjiVi5oWk+6FfPaD03uPFoQIDAQAB\e +\& FgVoZWxsbzANBgkqhkiG9w0BAQQFAANBAFpQtY/FojdwkJ\e +\& h1bEIYuc2EeM2KHTWPEepWYeawvHD0gQ3DngSC75YCWnnD\e +\& dq+NQ3F+X4deMx9AaEglZtULwV4= +.Ve +.SH "NOTES" +.IX Header "NOTES" +A created \s-1SPKAC\s0 with suitable \s-1DN\s0 components appended can be fed to +\&\fIopenssl\-ca\fR\|(1). +.PP +SPKACs are typically generated by Netscape when a form is submitted +containing the \fB\s-1KEYGEN\s0\fR tag as part of the certificate enrollment +process. +.PP +The challenge string permits a primitive form of proof of possession +of private key. By checking the \s-1SPKAC\s0 signature and a random challenge +string some guarantee is given that the user knows the private key +corresponding to the public key being certified. This is important in +some applications. Without this it is possible for a previous \s-1SPKAC\s0 +to be used in a \*(L"replay attack\*(R". +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIopenssl\-ca\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man1/openssl-srp.1 b/linux_amd64/ssl/share/man/man1/openssl-srp.1 new file mode 100755 index 0000000..2115f9d --- /dev/null +++ b/linux_amd64/ssl/share/man/man1/openssl-srp.1 @@ -0,0 +1,203 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-SRP 1" +.TH OPENSSL-SRP 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-srp \- maintain SRP password file +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl srp\fR +[\fB\-help\fR] +[\fB\-verbose\fR] +[\fB\-add\fR] +[\fB\-modify\fR] +[\fB\-delete\fR] +[\fB\-list\fR] +[\fB\-name\fR \fIsection\fR] +[\fB\-config\fR \fIfile\fR] +[\fB\-srpvfile\fR \fIfile\fR] +[\fB\-gn\fR \fIidentifier\fR] +[\fB\-userinfo\fR \fItext\fR] +[\fB\-passin\fR \fIarg\fR] +[\fB\-passout\fR \fIarg\fR] +[\fB\-engine\fR \fIid\fR] +[\fB\-rand\fR \fIfiles\fR] +[\fB\-writerand\fR \fIfile\fR] +[\fIuser\fR ...] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command is used to maintain an \s-1SRP\s0 (secure remote password) file. +At most one of the \fB\-add\fR, \fB\-modify\fR, \fB\-delete\fR, and \fB\-list\fR options +can be specified. +These options take zero or more usernames as parameters and perform the +appropriate operation on the \s-1SRP\s0 file. +For \fB\-list\fR, if no \fIuser\fR is given then all users are displayed. +.PP +The configuration file to use, and the section within the file, can be +specified with the \fB\-config\fR and \fB\-name\fR flags, respectively. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Display an option summary. +.IP "\fB\-verbose\fR" 4 +.IX Item "-verbose" +Generate verbose output while processing. +.IP "\fB\-srpvfile\fR \fIfile\fR" 4 +.IX Item "-srpvfile file" +If the config file is not specified, +\&\fB\-srpvfile\fR can be used to specify the file to operate on. +.IP "\fB\-gn\fR" 4 +.IX Item "-gn" +Specifies the \fBg\fR and \fBN\fR values, using one of +the strengths defined in \s-1IETF\s0 \s-1RFC\s0 5054. +.IP "\fB\-userinfo\fR" 4 +.IX Item "-userinfo" +specifies additional information to add when +adding or modifying a user. +.IP "\fB\-passin\fR \fIarg\fR, \fB\-passout\fR \fIarg\fR" 4 +.IX Item "-passin arg, -passout arg" +The password source for the input and output file. +For more information about the format of \fBarg\fR +see \*(L"Pass Phrase Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +See \*(L"Engine Options\*(R" in \fIopenssl\fR\|(1). +.Sp +[\fB\-rand\fR \fIfiles\fR] +[\fB\-writerand\fR \fIfile\fR] +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man1/openssl-storeutl.1 b/linux_amd64/ssl/share/man/man1/openssl-storeutl.1 new file mode 100755 index 0000000..1190a3a --- /dev/null +++ b/linux_amd64/ssl/share/man/man1/openssl-storeutl.1 @@ -0,0 +1,237 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-STOREUTL 1" +.TH OPENSSL-STOREUTL 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-storeutl \- STORE utility +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBstoreutl\fR +[\fB\-help\fR] +[\fB\-out\fR \fIfile\fR] +[\fB\-noout\fR] +[\fB\-passin\fR \fIarg\fR] +[\fB\-text\fR \fIarg\fR] +[\fB\-r\fR] +[\fB\-certs\fR] +[\fB\-keys\fR] +[\fB\-crls\fR] +[\fB\-subject\fR \fIarg\fR] +[\fB\-issuer\fR \fIarg\fR] +[\fB\-serial\fR \fIarg\fR] +[\fB\-alias\fR \fIarg\fR] +[\fB\-fingerprint\fR \fIarg\fR] +[\fB\-\f(BIdigest\fB\fR] +[\fB\-engine\fR \fIid\fR] +\&\fIuri\fR ... +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command can be used to display the contents (after +decryption as the case may be) fetched from the given URIs. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +specifies the output filename to write to or standard output by +default. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +this option prevents output of the \s-1PEM\s0 data. +.IP "\fB\-passin\fR \fIarg\fR" 4 +.IX Item "-passin arg" +the key password source. For more information about the format of \fIarg\fR +see \*(L"Pass Phrase Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-text\fR" 4 +.IX Item "-text" +Prints out the objects in text form, similarly to the \fB\-text\fR output from +\&\fIopenssl\-x509\fR\|(1), \fIopenssl\-pkey\fR\|(1), etc. +.IP "\fB\-r\fR" 4 +.IX Item "-r" +Fetch objects recursively when possible. +.IP "\fB\-certs\fR" 4 +.IX Item "-certs" +.PD 0 +.IP "\fB\-keys\fR" 4 +.IX Item "-keys" +.IP "\fB\-crls\fR" 4 +.IX Item "-crls" +.PD +Only select the certificates, keys or CRLs from the given \s-1URI\s0. +However, if this \s-1URI\s0 would return a set of names (URIs), those are always +returned. +.IP "\fB\-subject\fR \fIarg\fR" 4 +.IX Item "-subject arg" +Search for an object having the subject name \fIarg\fR. +The arg must be formatted as \f(CW\*(C`/type0=value0/type1=value1/type2=...\*(C'\fR. +Keyword characters may be escaped by \e (backslash), and whitespace is retained. +Empty values are permitted but are ignored for the search. That is, +a search with an empty value will have the same effect as not specifying +the type at all. +.IP "\fB\-issuer\fR \fIarg\fR" 4 +.IX Item "-issuer arg" +.PD 0 +.IP "\fB\-serial\fR \fIarg\fR" 4 +.IX Item "-serial arg" +.PD +Search for an object having the given issuer name and serial number. +These two options \fImust\fR be used together. +The issuer arg must be formatted as \f(CW\*(C`/type0=value0/type1=value1/type2=...\*(C'\fR, +characters may be escaped by \e (backslash), no spaces are skipped. +The serial arg may be specified as a decimal value or a hex value if preceded +by \f(CW\*(C`0x\*(C'\fR. +.IP "\fB\-alias\fR \fIarg\fR" 4 +.IX Item "-alias arg" +Search for an object having the given alias. +.IP "\fB\-fingerprint\fR \fIarg\fR" 4 +.IX Item "-fingerprint arg" +Search for an object having the given fingerprint. +.IP "\fB\-\f(BIdigest\fB\fR" 4 +.IX Item "-digest" +The digest that was used to compute the fingerprint given with \fB\-fingerprint\fR. +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +See \*(L"Engine Options\*(R" in \fIopenssl\fR\|(1). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1) +.SH "HISTORY" +.IX Header "HISTORY" +This command was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man1/openssl-ts.1 b/linux_amd64/ssl/share/man/man1/openssl-ts.1 new file mode 100755 index 0000000..755eeee --- /dev/null +++ b/linux_amd64/ssl/share/man/man1/openssl-ts.1 @@ -0,0 +1,719 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-TS 1" +.TH OPENSSL-TS 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-ts \- Time Stamping Authority tool (client/server) +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBts\fR +\&\fB\-help\fR +.PP +\&\fBopenssl\fR \fBts\fR +\&\fB\-query\fR +[\fB\-config\fR \fIconfigfile\fR] +[\fB\-data\fR \fIfile_to_hash\fR] +[\fB\-digest\fR \fIdigest_bytes\fR] +[\fB\-\f(BIdigest\fB\fR] +[\fB\-tspolicy\fR \fIobject_id\fR] +[\fB\-no_nonce\fR] +[\fB\-cert\fR] +[\fB\-in\fR \fIrequest.tsq\fR] +[\fB\-out\fR \fIrequest.tsq\fR] +[\fB\-text\fR] +[\fB\-rand\fR \fIfiles\fR] +[\fB\-writerand\fR \fIfile\fR] +.PP +\&\fBopenssl\fR \fBts\fR +\&\fB\-reply\fR +[\fB\-config\fR \fIconfigfile\fR] +[\fB\-section\fR \fItsa_section\fR] +[\fB\-queryfile\fR \fIrequest.tsq\fR] +[\fB\-passin\fR \fIpassword_src\fR] +[\fB\-signer\fR \fItsa_cert.pem\fR] +[\fB\-inkey\fR \fIfile_or_id\fR] +[\fB\-\f(BIdigest\fB\fR] +[\fB\-chain\fR \fIcerts_file.pem\fR] +[\fB\-tspolicy\fR \fIobject_id\fR] +[\fB\-in\fR \fIresponse.tsr\fR] +[\fB\-untrusted\fR \fIfile\fR] +[\fB\-token_in\fR] +[\fB\-out\fR \fIresponse.tsr\fR] +[\fB\-token_out\fR] +[\fB\-text\fR] +[\fB\-engine\fR \fIid\fR] +.PP +\&\fBopenssl\fR \fBts\fR +\&\fB\-verify\fR +[\fB\-data\fR \fIfile_to_hash\fR] +[\fB\-digest\fR \fIdigest_bytes\fR] +[\fB\-queryfile\fR \fIrequest.tsq\fR] +[\fB\-in\fR \fIresponse.tsr\fR] +[\fB\-token_in\fR] +[\fB\-CAfile\fR \fIfile\fR] +[\fB\-CApath\fR \fIdir\fR] +[\fB\-CAstore\fR \fIuri\fR] +[\fB\-allow_proxy_certs\fR] +[\fB\-attime\fR \fItimestamp\fR] +[\fB\-no_check_time\fR] +[\fB\-check_ss_sig\fR] +[\fB\-crl_check\fR] +[\fB\-crl_check_all\fR] +[\fB\-explicit_policy\fR] +[\fB\-extended_crl\fR] +[\fB\-ignore_critical\fR] +[\fB\-inhibit_any\fR] +[\fB\-inhibit_map\fR] +[\fB\-partial_chain\fR] +[\fB\-policy\fR \fIarg\fR] +[\fB\-policy_check\fR] +[\fB\-policy_print\fR] +[\fB\-purpose\fR \fIpurpose\fR] +[\fB\-suiteB_128\fR] +[\fB\-suiteB_128_only\fR] +[\fB\-suiteB_192\fR] +[\fB\-trusted_first\fR] +[\fB\-no_alt_chains\fR] +[\fB\-use_deltas\fR] +[\fB\-auth_level\fR \fInum\fR] +[\fB\-verify_depth\fR \fInum\fR] +[\fB\-verify_email\fR \fIemail\fR] +[\fB\-verify_hostname\fR \fIhostname\fR] +[\fB\-verify_ip\fR \fIip\fR] +[\fB\-verify_name\fR \fIname\fR] +[\fB\-x509_strict\fR] +[\fB\-issuer_checks\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command is a basic Time Stamping Authority (\s-1TSA\s0) client and +server application as specified in \s-1RFC\s0 3161 (Time-Stamp Protocol, \s-1TSP\s0). A +\&\s-1TSA\s0 can be part of a \s-1PKI\s0 deployment and its role is to provide long +term proof of the existence of a certain datum before a particular +time. Here is a brief description of the protocol: +.IP "1." 4 +The \s-1TSA\s0 client computes a one-way hash value for a data file and sends +the hash to the \s-1TSA\s0. +.IP "2." 4 +The \s-1TSA\s0 attaches the current date and time to the received hash value, +signs them and sends the timestamp token back to the client. By +creating this token the \s-1TSA\s0 certifies the existence of the original +data file at the time of response generation. +.IP "3." 4 +The \s-1TSA\s0 client receives the timestamp token and verifies the +signature on it. It also checks if the token contains the same hash +value that it had sent to the \s-1TSA\s0. +.PP +There is one \s-1DER\s0 encoded protocol data unit defined for transporting a time +stamp request to the \s-1TSA\s0 and one for sending the timestamp response +back to the client. This command has three main functions: +creating a timestamp request based on a data file, +creating a timestamp response based on a request, verifying if a +response corresponds to a particular request or a data file. +.PP +There is no support for sending the requests/responses automatically +over \s-1HTTP\s0 or \s-1TCP\s0 yet as suggested in \s-1RFC\s0 3161. The users must send the +requests either by ftp or e\-mail. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.SS "Timestamp Request generation" +.IX Subsection "Timestamp Request generation" +The \fB\-query\fR switch can be used for creating and printing a timestamp +request with the following options: +.IP "\fB\-config\fR \fIconfigfile\fR" 4 +.IX Item "-config configfile" +The configuration file to use. +Optional; for a description of the default value, +see \*(L"\s-1COMMAND\s0 \s-1SUMMARY\s0\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-data\fR \fIfile_to_hash\fR" 4 +.IX Item "-data file_to_hash" +The data file for which the timestamp request needs to be +created. stdin is the default if neither the \fB\-data\fR nor the \fB\-digest\fR +parameter is specified. (Optional) +.IP "\fB\-digest\fR \fIdigest_bytes\fR" 4 +.IX Item "-digest digest_bytes" +It is possible to specify the message imprint explicitly without the data +file. The imprint must be specified in a hexadecimal format, two characters +per byte, the bytes optionally separated by colons (e.g. 1A:F6:01:... or +1AF601...). The number of bytes must match the message digest algorithm +in use. (Optional) +.IP "\fB\-\f(BIdigest\fB\fR" 4 +.IX Item "-digest" +The message digest to apply to the data file. +Any digest supported by the \fIopenssl\-dgst\fR\|(1) command can be used. +The default is \s-1SHA\-256\s0. (Optional) +.IP "\fB\-tspolicy\fR \fIobject_id\fR" 4 +.IX Item "-tspolicy object_id" +The policy that the client expects the \s-1TSA\s0 to use for creating the +timestamp token. Either the dotted \s-1OID\s0 notation or \s-1OID\s0 names defined +in the config file can be used. If no policy is requested the \s-1TSA\s0 will +use its own default policy. (Optional) +.IP "\fB\-no_nonce\fR" 4 +.IX Item "-no_nonce" +No nonce is specified in the request if this option is +given. Otherwise a 64 bit long pseudo-random none is +included in the request. It is recommended to use nonce to +protect against replay-attacks. (Optional) +.IP "\fB\-cert\fR" 4 +.IX Item "-cert" +The \s-1TSA\s0 is expected to include its signing certificate in the +response. (Optional) +.IP "\fB\-in\fR \fIrequest.tsq\fR" 4 +.IX Item "-in request.tsq" +This option specifies a previously created timestamp request in \s-1DER\s0 +format that will be printed into the output file. Useful when you need +to examine the content of a request in human-readable +format. (Optional) +.IP "\fB\-out\fR \fIrequest.tsq\fR" 4 +.IX Item "-out request.tsq" +Name of the output file to which the request will be written. Default +is stdout. (Optional) +.IP "\fB\-text\fR" 4 +.IX Item "-text" +If this option is specified the output is human-readable text format +instead of \s-1DER\s0. (Optional) +.IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4 +.IX Item "-rand files, -writerand file" +See \*(L"Random State Options\*(R" in \fIopenssl\fR\|(1) for details. +.SS "Timestamp Response generation" +.IX Subsection "Timestamp Response generation" +A timestamp response (TimeStampResp) consists of a response status +and the timestamp token itself (ContentInfo), if the token generation was +successful. The \fB\-reply\fR command is for creating a timestamp +response or timestamp token based on a request and printing the +response/token in human-readable format. If \fB\-token_out\fR is not +specified the output is always a timestamp response (TimeStampResp), +otherwise it is a timestamp token (ContentInfo). +.IP "\fB\-config\fR \fIconfigfile\fR" 4 +.IX Item "-config configfile" +The configuration file to use. +Optional; for a description of the default value, +see \*(L"\s-1COMMAND\s0 \s-1SUMMARY\s0\*(R" in \fIopenssl\fR\|(1). +See \*(L"\s-1CONFIGURATION\s0 \s-1FILE\s0 \s-1OPTIONS\s0\*(R" for configurable variables. +.IP "\fB\-section\fR \fItsa_section\fR" 4 +.IX Item "-section tsa_section" +The name of the config file section containing the settings for the +response generation. If not specified the default \s-1TSA\s0 section is +used, see \*(L"\s-1CONFIGURATION\s0 \s-1FILE\s0 \s-1OPTIONS\s0\*(R" for details. (Optional) +.IP "\fB\-queryfile\fR \fIrequest.tsq\fR" 4 +.IX Item "-queryfile request.tsq" +The name of the file containing a \s-1DER\s0 encoded timestamp request. (Optional) +.IP "\fB\-passin\fR \fIpassword_src\fR" 4 +.IX Item "-passin password_src" +Specifies the password source for the private key of the \s-1TSA\s0. See +description in \fIopenssl\fR\|(1). (Optional) +.IP "\fB\-signer\fR \fItsa_cert.pem\fR" 4 +.IX Item "-signer tsa_cert.pem" +The signer certificate of the \s-1TSA\s0 in \s-1PEM\s0 format. The \s-1TSA\s0 signing +certificate must have exactly one extended key usage assigned to it: +timeStamping. The extended key usage must also be critical, otherwise +the certificate is going to be refused. Overrides the \fBsigner_cert\fR +variable of the config file. (Optional) +.IP "\fB\-inkey\fR \fIfile_or_id\fR" 4 +.IX Item "-inkey file_or_id" +The signer private key of the \s-1TSA\s0 in \s-1PEM\s0 format. Overrides the +\&\fBsigner_key\fR config file option. (Optional) +If no engine is used, the argument is taken as a file; if an engine is +specified, the argument is given to the engine as a key identifier. +.IP "\fB\-\f(BIdigest\fB\fR" 4 +.IX Item "-digest" +Signing digest to use. Overrides the \fBsigner_digest\fR config file +option. (Mandatory unless specified in the config file) +.IP "\fB\-chain\fR \fIcerts_file.pem\fR" 4 +.IX Item "-chain certs_file.pem" +The collection of certificates in \s-1PEM\s0 format that will all +be included in the response in addition to the signer certificate if +the \fB\-cert\fR option was used for the request. This file is supposed to +contain the certificate chain for the signer certificate from its +issuer upwards. The \fB\-reply\fR command does not build a certificate +chain automatically. (Optional) +.IP "\fB\-tspolicy\fR \fIobject_id\fR" 4 +.IX Item "-tspolicy object_id" +The default policy to use for the response unless the client +explicitly requires a particular \s-1TSA\s0 policy. The \s-1OID\s0 can be specified +either in dotted notation or with its name. Overrides the +\&\fBdefault_policy\fR config file option. (Optional) +.IP "\fB\-in\fR \fIresponse.tsr\fR" 4 +.IX Item "-in response.tsr" +Specifies a previously created timestamp response or timestamp token +(if \fB\-token_in\fR is also specified) in \s-1DER\s0 format that will be written +to the output file. This option does not require a request, it is +useful e.g. when you need to examine the content of a response or +token or you want to extract the timestamp token from a response. If +the input is a token and the output is a timestamp response a default +\&'granted' status info is added to the token. (Optional) +.IP "\fB\-token_in\fR" 4 +.IX Item "-token_in" +This flag can be used together with the \fB\-in\fR option and indicates +that the input is a \s-1DER\s0 encoded timestamp token (ContentInfo) instead +of a timestamp response (TimeStampResp). (Optional) +.IP "\fB\-out\fR \fIresponse.tsr\fR" 4 +.IX Item "-out response.tsr" +The response is written to this file. The format and content of the +file depends on other options (see \fB\-text\fR, \fB\-token_out\fR). The default is +stdout. (Optional) +.IP "\fB\-token_out\fR" 4 +.IX Item "-token_out" +The output is a timestamp token (ContentInfo) instead of timestamp +response (TimeStampResp). (Optional) +.IP "\fB\-text\fR" 4 +.IX Item "-text" +If this option is specified the output is human-readable text format +instead of \s-1DER\s0. (Optional) +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +See \*(L"Engine Options\*(R" in \fIopenssl\fR\|(1). +.SS "Timestamp Response verification" +.IX Subsection "Timestamp Response verification" +The \fB\-verify\fR command is for verifying if a timestamp response or time +stamp token is valid and matches a particular timestamp request or +data file. The \fB\-verify\fR command does not use the configuration file. +.IP "\fB\-data\fR \fIfile_to_hash\fR" 4 +.IX Item "-data file_to_hash" +The response or token must be verified against file_to_hash. The file +is hashed with the message digest algorithm specified in the token. +The \fB\-digest\fR and \fB\-queryfile\fR options must not be specified with this one. +(Optional) +.IP "\fB\-digest\fR \fIdigest_bytes\fR" 4 +.IX Item "-digest digest_bytes" +The response or token must be verified against the message digest specified +with this option. The number of bytes must match the message digest algorithm +specified in the token. The \fB\-data\fR and \fB\-queryfile\fR options must not be +specified with this one. (Optional) +.IP "\fB\-queryfile\fR \fIrequest.tsq\fR" 4 +.IX Item "-queryfile request.tsq" +The original timestamp request in \s-1DER\s0 format. The \fB\-data\fR and \fB\-digest\fR +options must not be specified with this one. (Optional) +.IP "\fB\-in\fR \fIresponse.tsr\fR" 4 +.IX Item "-in response.tsr" +The timestamp response that needs to be verified in \s-1DER\s0 format. (Mandatory) +.IP "\fB\-token_in\fR" 4 +.IX Item "-token_in" +This flag can be used together with the \fB\-in\fR option and indicates +that the input is a \s-1DER\s0 encoded timestamp token (ContentInfo) instead +of a timestamp response (TimeStampResp). (Optional) +.IP "\fB\-untrusted\fR \fIcert_file.pem\fR" 4 +.IX Item "-untrusted cert_file.pem" +Set of additional untrusted certificates in \s-1PEM\s0 format which may be +needed when building the certificate chain for the \s-1TSA\s0's signing +certificate. This file must contain the \s-1TSA\s0 signing certificate and +all intermediate \s-1CA\s0 certificates unless the response includes them. +(Optional) +.IP "\fB\-CAfile\fR \fIfile\fR, \fB\-CApath\fR \fIdir\fR, \fB\-CAstore\fR \fIuri\fR" 4 +.IX Item "-CAfile file, -CApath dir, -CAstore uri" +See \*(L"Trusted Certificate Options\*(R" in \fIopenssl\fR\|(1) for details. +At least one of \fB\-CApath\fR, \fB\-CAfile\fR or \fB\-CAstore\fR must be specified. +.IP "\fB\-allow_proxy_certs\fR, \fB\-attime\fR, \fB\-no_check_time\fR, \fB\-check_ss_sig\fR, \fB\-crl_check\fR, \fB\-crl_check_all\fR, \fB\-explicit_policy\fR, \fB\-extended_crl\fR, \fB\-ignore_critical\fR, \fB\-inhibit_any\fR, \fB\-inhibit_map\fR, \fB\-no_alt_chains\fR, \fB\-partial_chain\fR, \fB\-policy\fR, \fB\-policy_check\fR, \fB\-policy_print\fR, \fB\-purpose\fR, \fB\-suiteB_128\fR, \fB\-suiteB_128_only\fR, \fB\-suiteB_192\fR, \fB\-trusted_first\fR, \fB\-use_deltas\fR, \fB\-auth_level\fR, \fB\-verify_depth\fR, \fB\-verify_email\fR, \fB\-verify_hostname\fR, \fB\-verify_ip\fR, \fB\-verify_name\fR, \fB\-x509_strict\fR \fB\-issuer_checks\fR" 4 +.IX Item "-allow_proxy_certs, -attime, -no_check_time, -check_ss_sig, -crl_check, -crl_check_all, -explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, -inhibit_map, -no_alt_chains, -partial_chain, -policy, -policy_check, -policy_print, -purpose, -suiteB_128, -suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, -auth_level, -verify_depth, -verify_email, -verify_hostname, -verify_ip, -verify_name, -x509_strict -issuer_checks" +Set various options of certificate chain verification. +See \*(L"Verification Options\*(R" in \fIopenssl\fR\|(1) for details. +.Sp +Any verification errors cause the command to exit. +.SH "CONFIGURATION FILE OPTIONS" +.IX Header "CONFIGURATION FILE OPTIONS" +The \fB\-query\fR and \fB\-reply\fR commands make use of a configuration file. +See \fIconfig\fR\|(5) +for a general description of the syntax of the config file. The +\&\fB\-query\fR command uses only the symbolic \s-1OID\s0 names section +and it can work without it. However, the \fB\-reply\fR command needs the +config file for its operation. +.PP +When there is a command line switch equivalent of a variable the +switch always overrides the settings in the config file. +.IP "\fBtsa\fR section, \fBdefault_tsa\fR" 4 +.IX Item "tsa section, default_tsa" +This is the main section and it specifies the name of another section +that contains all the options for the \fB\-reply\fR command. This default +section can be overridden with the \fB\-section\fR command line switch. (Optional) +.IP "\fBoid_file\fR" 4 +.IX Item "oid_file" +This specifies a file containing additional \fB\s-1OBJECT\s0 \s-1IDENTIFIERS\s0\fR. +Each line of the file should consist of the numerical form of the +object identifier followed by white space then the short name followed +by white space and finally the long name. (Optional) +.IP "\fBoid_section\fR" 4 +.IX Item "oid_section" +This specifies a section in the configuration file containing extra +object identifiers. Each line should consist of the short name of the +object identifier followed by \fB=\fR and the numerical form. The short +and long names are the same when this option is used. (Optional) +.IP "\fB\s-1RANDFILE\s0\fR" 4 +.IX Item "RANDFILE" +At startup the specified file is loaded into the random number generator, +and at exit 256 bytes will be written to it. (Note: Using a \s-1RANDFILE\s0 is +not necessary anymore, see the \*(L"\s-1HISTORY\s0\*(R" section. +.IP "\fBserial\fR" 4 +.IX Item "serial" +The name of the file containing the hexadecimal serial number of the +last timestamp response created. This number is incremented by 1 for +each response. If the file does not exist at the time of response +generation a new file is created with serial number 1. (Mandatory) +.IP "\fBcrypto_device\fR" 4 +.IX Item "crypto_device" +Specifies the OpenSSL engine that will be set as the default for +all available algorithms. The default value is built-in, you can specify +any other engines supported by OpenSSL (e.g. use chil for the NCipher \s-1HSM\s0). +(Optional) +.IP "\fBsigner_cert\fR" 4 +.IX Item "signer_cert" +\&\s-1TSA\s0 signing certificate in \s-1PEM\s0 format. The same as the \fB\-signer\fR +command line option. (Optional) +.IP "\fBcerts\fR" 4 +.IX Item "certs" +A file containing a set of \s-1PEM\s0 encoded certificates that need to be +included in the response. The same as the \fB\-chain\fR command line +option. (Optional) +.IP "\fBsigner_key\fR" 4 +.IX Item "signer_key" +The private key of the \s-1TSA\s0 in \s-1PEM\s0 format. The same as the \fB\-inkey\fR +command line option. (Optional) +.IP "\fBsigner_digest\fR" 4 +.IX Item "signer_digest" +Signing digest to use. The same as the +\&\fB\-\f(BIdigest\fB\fR command line option. (Mandatory unless specified on the command +line) +.IP "\fBdefault_policy\fR" 4 +.IX Item "default_policy" +The default policy to use when the request does not mandate any +policy. The same as the \fB\-tspolicy\fR command line option. (Optional) +.IP "\fBother_policies\fR" 4 +.IX Item "other_policies" +Comma separated list of policies that are also acceptable by the \s-1TSA\s0 +and used only if the request explicitly specifies one of them. (Optional) +.IP "\fBdigests\fR" 4 +.IX Item "digests" +The list of message digest algorithms that the \s-1TSA\s0 accepts. At least +one algorithm must be specified. (Mandatory) +.IP "\fBaccuracy\fR" 4 +.IX Item "accuracy" +The accuracy of the time source of the \s-1TSA\s0 in seconds, milliseconds +and microseconds. E.g. secs:1, millisecs:500, microsecs:100. If any of +the components is missing zero is assumed for that field. (Optional) +.IP "\fBclock_precision_digits\fR" 4 +.IX Item "clock_precision_digits" +Specifies the maximum number of digits, which represent the fraction of +seconds, that need to be included in the time field. The trailing zeros +must be removed from the time, so there might actually be fewer digits, +or no fraction of seconds at all. Supported only on \s-1UNIX\s0 platforms. +The maximum value is 6, default is 0. +(Optional) +.IP "\fBordering\fR" 4 +.IX Item "ordering" +If this option is yes the responses generated by this \s-1TSA\s0 can always +be ordered, even if the time difference between two responses is less +than the sum of their accuracies. Default is no. (Optional) +.IP "\fBtsa_name\fR" 4 +.IX Item "tsa_name" +Set this option to yes if the subject name of the \s-1TSA\s0 must be included in +the \s-1TSA\s0 name field of the response. Default is no. (Optional) +.IP "\fBess_cert_id_chain\fR" 4 +.IX Item "ess_cert_id_chain" +The SignedData objects created by the \s-1TSA\s0 always contain the +certificate identifier of the signing certificate in a signed +attribute (see \s-1RFC\s0 2634, Enhanced Security Services). If this option +is set to yes and either the \fBcerts\fR variable or the \fB\-chain\fR option +is specified then the certificate identifiers of the chain will also +be included in the SigningCertificate signed attribute. If this +variable is set to no, only the signing certificate identifier is +included. Default is no. (Optional) +.IP "\fBess_cert_id_alg\fR" 4 +.IX Item "ess_cert_id_alg" +This option specifies the hash function to be used to calculate the \s-1TSA\s0's +public key certificate identifier. Default is sha256. (Optional) +.SH "EXAMPLES" +.IX Header "EXAMPLES" +All the examples below presume that \fB\s-1OPENSSL_CONF\s0\fR is set to a proper +configuration file, e.g. the example configuration file +\&\fIopenssl/apps/openssl.cnf\fR will do. +.SS "Timestamp Request" +.IX Subsection "Timestamp Request" +To create a timestamp request for \fIdesign1.txt\fR with \s-1SHA\-256\s0 digest, +without nonce and policy, and without requirement for a certificate +in the response: +.PP +.Vb 2 +\& openssl ts \-query \-data design1.txt \-no_nonce \e +\& \-out design1.tsq +.Ve +.PP +To create a similar timestamp request with specifying the message imprint +explicitly: +.PP +.Vb 2 +\& openssl ts \-query \-digest b7e5d3f93198b38379852f2c04e78d73abdd0f4b \e +\& \-no_nonce \-out design1.tsq +.Ve +.PP +To print the content of the previous request in human readable format: +.PP +.Vb 1 +\& openssl ts \-query \-in design1.tsq \-text +.Ve +.PP +To create a timestamp request which includes the \s-1SHA\-512\s0 digest +of \fIdesign2.txt\fR, requests the signer certificate and nonce, and +specifies a policy id (assuming the tsa_policy1 name is defined in the +\&\s-1OID\s0 section of the config file): +.PP +.Vb 2 +\& openssl ts \-query \-data design2.txt \-sha512 \e +\& \-tspolicy tsa_policy1 \-cert \-out design2.tsq +.Ve +.SS "Timestamp Response" +.IX Subsection "Timestamp Response" +Before generating a response a signing certificate must be created for +the \s-1TSA\s0 that contains the \fBtimeStamping\fR critical extended key usage extension +without any other key usage extensions. You can add this line to the +user certificate section of the config file to generate a proper certificate; +.PP +.Vb 1 +\& extendedKeyUsage = critical,timeStamping +.Ve +.PP +See \fIopenssl\-req\fR\|(1), \fIopenssl\-ca\fR\|(1), and \fIopenssl\-x509\fR\|(1) for +instructions. The examples below assume that \fIcacert.pem\fR contains the +certificate of the \s-1CA\s0, \fItsacert.pem\fR is the signing certificate issued +by \fIcacert.pem\fR and \fItsakey.pem\fR is the private key of the \s-1TSA\s0. +.PP +To create a timestamp response for a request: +.PP +.Vb 2 +\& openssl ts \-reply \-queryfile design1.tsq \-inkey tsakey.pem \e +\& \-signer tsacert.pem \-out design1.tsr +.Ve +.PP +If you want to use the settings in the config file you could just write: +.PP +.Vb 1 +\& openssl ts \-reply \-queryfile design1.tsq \-out design1.tsr +.Ve +.PP +To print a timestamp reply to stdout in human readable format: +.PP +.Vb 1 +\& openssl ts \-reply \-in design1.tsr \-text +.Ve +.PP +To create a timestamp token instead of timestamp response: +.PP +.Vb 1 +\& openssl ts \-reply \-queryfile design1.tsq \-out design1_token.der \-token_out +.Ve +.PP +To print a timestamp token to stdout in human readable format: +.PP +.Vb 1 +\& openssl ts \-reply \-in design1_token.der \-token_in \-text \-token_out +.Ve +.PP +To extract the timestamp token from a response: +.PP +.Vb 1 +\& openssl ts \-reply \-in design1.tsr \-out design1_token.der \-token_out +.Ve +.PP +To add 'granted' status info to a timestamp token thereby creating a +valid response: +.PP +.Vb 1 +\& openssl ts \-reply \-in design1_token.der \-token_in \-out design1.tsr +.Ve +.SS "Timestamp Verification" +.IX Subsection "Timestamp Verification" +To verify a timestamp reply against a request: +.PP +.Vb 2 +\& openssl ts \-verify \-queryfile design1.tsq \-in design1.tsr \e +\& \-CAfile cacert.pem \-untrusted tsacert.pem +.Ve +.PP +To verify a timestamp reply that includes the certificate chain: +.PP +.Vb 2 +\& openssl ts \-verify \-queryfile design2.tsq \-in design2.tsr \e +\& \-CAfile cacert.pem +.Ve +.PP +To verify a timestamp token against the original data file: + openssl ts \-verify \-data design2.txt \-in design2.tsr \e + \-CAfile cacert.pem +.PP +To verify a timestamp token against a message imprint: + openssl ts \-verify \-digest b7e5d3f93198b38379852f2c04e78d73abdd0f4b \e + \-in design2.tsr \-CAfile cacert.pem +.PP +You could also look at the 'test' directory for more examples. +.SH "BUGS" +.IX Header "BUGS" +.IP "\(bu" 2 +No support for timestamps over \s-1SMTP\s0, though it is quite easy +to implement an automatic e\-mail based \s-1TSA\s0 with \fIprocmail\fR\|(1) +and \fIperl\fR\|(1). \s-1HTTP\s0 server support is provided in the form of +a separate apache module. \s-1HTTP\s0 client support is provided by +\&\fItsget\fR\|(1). Pure \s-1TCP/IP\s0 protocol is not supported. +.IP "\(bu" 2 +The file containing the last serial number of the \s-1TSA\s0 is not +locked when being read or written. This is a problem if more than one +instance of \fIopenssl\fR\|(1) is trying to create a timestamp +response at the same time. This is not an issue when using the apache +server module, it does proper locking. +.IP "\(bu" 2 +Look for the \s-1FIXME\s0 word in the source files. +.IP "\(bu" 2 +The source code should really be reviewed by somebody else, too. +.IP "\(bu" 2 +More testing is needed, I have done only some basic tests (see +test/testtsa). +.SH "HISTORY" +.IX Header "HISTORY" +OpenSSL 1.1.1 introduced a new random generator (\s-1CSPRNG\s0) with an improved +seeding mechanism. The new seeding mechanism makes it unnecessary to +define a \s-1RANDFILE\s0 for saving and restoring randomness. This option is +retained mainly for compatibility reasons. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fItsget\fR\|(1), +\&\fIopenssl\-req\fR\|(1), +\&\fIopenssl\-x509\fR\|(1), +\&\fIopenssl\-ca\fR\|(1), +\&\fIopenssl\-genrsa\fR\|(1), +\&\fIconfig\fR\|(5), +\&\fIossl_store\-file\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man1/openssl-verify.1 b/linux_amd64/ssl/share/man/man1/openssl-verify.1 new file mode 100755 index 0000000..74fa28a --- /dev/null +++ b/linux_amd64/ssl/share/man/man1/openssl-verify.1 @@ -0,0 +1,313 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-VERIFY 1" +.TH OPENSSL-VERIFY 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-verify \- Utility to verify certificates +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBverify\fR +[\fB\-help\fR] +[\fB\-CRLfile\fR \fIfile\fR] +[\fB\-crl_download\fR] +[\fB\-show_chain\fR] +[\fB\-sm2\-id\fR \fIhexstring\fR] +[\fB\-sm2\-hex\-id\fR \fIhexstring\fR] +[\fB\-verbose\fR] +[\fB\-trusted\fR \fIfile\fR] +[\fB\-untrusted\fR \fIfile\fR] +[\fB\-nameopt\fR \fIoption\fR] +[\fB\-CAfile\fR \fIfile\fR] +[\fB\-no\-CAfile\fR] +[\fB\-CApath\fR \fIdir\fR] +[\fB\-no\-CApath\fR] +[\fB\-CAstore\fR \fIuri\fR] +[\fB\-no\-CAstore\fR] +[\fB\-engine\fR \fIid\fR] +[\fB\-allow_proxy_certs\fR] +[\fB\-attime\fR \fItimestamp\fR] +[\fB\-no_check_time\fR] +[\fB\-check_ss_sig\fR] +[\fB\-crl_check\fR] +[\fB\-crl_check_all\fR] +[\fB\-explicit_policy\fR] +[\fB\-extended_crl\fR] +[\fB\-ignore_critical\fR] +[\fB\-inhibit_any\fR] +[\fB\-inhibit_map\fR] +[\fB\-partial_chain\fR] +[\fB\-policy\fR \fIarg\fR] +[\fB\-policy_check\fR] +[\fB\-policy_print\fR] +[\fB\-purpose\fR \fIpurpose\fR] +[\fB\-suiteB_128\fR] +[\fB\-suiteB_128_only\fR] +[\fB\-suiteB_192\fR] +[\fB\-trusted_first\fR] +[\fB\-no_alt_chains\fR] +[\fB\-use_deltas\fR] +[\fB\-auth_level\fR \fInum\fR] +[\fB\-verify_depth\fR \fInum\fR] +[\fB\-verify_email\fR \fIemail\fR] +[\fB\-verify_hostname\fR \fIhostname\fR] +[\fB\-verify_ip\fR \fIip\fR] +[\fB\-verify_name\fR \fIname\fR] +[\fB\-x509_strict\fR] +[\fB\-issuer_checks\fR] +.PP +[\fB\-\-\fR] +[\fIcertificate\fR ...] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command verifies certificate chains. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-CAfile\fR \fIfile\fR, \fB\-no\-CAfile\fR, \fB\-CApath\fR \fIdir\fR, \fB\-no\-CApath\fR" 4 +.IX Item "-CAfile file, -no-CAfile, -CApath dir, -no-CApath" +See \*(L"Trusted Certificate Options\*(R" in \fIopenssl\fR\|(1) for more information. +.IP "\fB\-CRLfile\fR \fIfile\fR" 4 +.IX Item "-CRLfile file" +The \fIfile\fR should contain one or more CRLs in \s-1PEM\s0 format. +This option can be specified more than once to include CRLs from multiple +\&\fIfile\fRs. +.IP "\fB\-crl_download\fR" 4 +.IX Item "-crl_download" +Attempt to download \s-1CRL\s0 information for this certificate. +.IP "\fB\-show_chain\fR" 4 +.IX Item "-show_chain" +Display information about the certificate chain that has been built (if +successful). Certificates in the chain that came from the untrusted list will be +flagged as \*(L"untrusted\*(R". +.IP "\fB\-sm2\-id\fR \fIhexstring\fR" 4 +.IX Item "-sm2-id hexstring" +Specify the \s-1ID\s0 string to use when verifying an \s-1SM2\s0 certificate. The \s-1ID\s0 string is +required by the \s-1SM2\s0 signature algorithm for signing and verification. +.IP "\fB\-sm2\-hex\-id\fR \fIhexstring\fR" 4 +.IX Item "-sm2-hex-id hexstring" +Specify a binary \s-1ID\s0 string to use when signing or verifying using an \s-1SM2\s0 +certificate. The argument for this option is string of hexadecimal digits. +.IP "\fB\-verbose\fR" 4 +.IX Item "-verbose" +Print extra information about the operations being performed. +.IP "\fB\-trusted\fR \fIfile\fR" 4 +.IX Item "-trusted file" +A file of trusted certificates. +.IP "\fB\-untrusted\fR \fIfile\fR" 4 +.IX Item "-untrusted file" +A file of untrusted certificates. +.IP "\fB\-nameopt\fR \fIoption\fR" 4 +.IX Item "-nameopt option" +This specifies how the subject or issuer names are displayed. +See \*(L"Name Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +See \*(L"Engine Options\*(R" in \fIopenssl\fR\|(1). +To load certificates or CRLs that require engine support, specify the +\&\fB\-engine\fR option before any of the +\&\fB\-trusted\fR, \fB\-untrusted\fR or \fB\-CRLfile\fR options. +.IP "\fB\-CAfile\fR \fIfile\fR, \fB\-no\-CAfile\fR, \fB\-CApath\fR \fIdir\fR, \fB\-no\-CApath\fR, \fB\-CAstore\fR \fIuri\fR, \fB\-no\-CAstore\fR" 4 +.IX Item "-CAfile file, -no-CAfile, -CApath dir, -no-CApath, -CAstore uri, -no-CAstore" +See \*(L"Trusted Certificate Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-allow_proxy_certs\fR, \fB\-attime\fR, \fB\-no_check_time\fR, \fB\-check_ss_sig\fR, \fB\-crl_check\fR, \fB\-crl_check_all\fR, \fB\-explicit_policy\fR, \fB\-extended_crl\fR, \fB\-ignore_critical\fR, \fB\-inhibit_any\fR, \fB\-inhibit_map\fR, \fB\-no_alt_chains\fR, \fB\-partial_chain\fR, \fB\-policy\fR, \fB\-policy_check\fR, \fB\-policy_print\fR, \fB\-purpose\fR, \fB\-suiteB_128\fR, \fB\-suiteB_128_only\fR, \fB\-suiteB_192\fR, \fB\-trusted_first\fR, \fB\-use_deltas\fR, \fB\-auth_level\fR, \fB\-verify_depth\fR, \fB\-verify_email\fR, \fB\-verify_hostname\fR, \fB\-verify_ip\fR, \fB\-verify_name\fR, \fB\-x509_strict\fR \fB\-issuer_checks\fR" 4 +.IX Item "-allow_proxy_certs, -attime, -no_check_time, -check_ss_sig, -crl_check, -crl_check_all, -explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, -inhibit_map, -no_alt_chains, -partial_chain, -policy, -policy_check, -policy_print, -purpose, -suiteB_128, -suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, -auth_level, -verify_depth, -verify_email, -verify_hostname, -verify_ip, -verify_name, -x509_strict -issuer_checks" +Set various options of certificate chain verification. +See \*(L"Verification Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-\-\fR" 4 +.IX Item "--" +Indicates the last option. All arguments following this are assumed to be +certificate files. This is useful if the first certificate filename begins +with a \fB\-\fR. +.IP "\fIcertificate\fR ..." 4 +.IX Item "certificate ..." +One or more certificates to verify. If no certificates are given, +this command will attempt to read a certificate from standard input. +Certificates must be in \s-1PEM\s0 format. +If a certificate chain has multiple problems, this program tries to +display all of them. +.SH "DIAGNOSTICS" +.IX Header "DIAGNOSTICS" +When a verify operation fails the output messages can be somewhat cryptic. The +general form of the error message is: +.PP +.Vb 2 +\& server.pem: /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit) +\& error 24 at 1 depth lookup:invalid CA certificate +.Ve +.PP +The first line contains the name of the certificate being verified followed by +the subject name of the certificate. The second line contains the error number +and the depth. The depth is number of the certificate being verified when a +problem was detected starting with zero for the certificate being verified itself +then 1 for the \s-1CA\s0 that signed the certificate and so on. Finally a text version +of the error number is presented. +.PP +A list of the error codes and messages can be found in +\&\fIX509_STORE_CTX_get_error\fR\|(3); the full list is defined in the header file +\&\fI\fR. +.PP +This command ignores many errors, in order to allow all the problems with a +certificate chain to be determined. +.SH "BUGS" +.IX Header "BUGS" +Although the issuer checks are a considerable improvement over the old +technique they still suffer from limitations in the underlying X509_LOOKUP +\&\s-1API\s0. One consequence of this is that trusted certificates with matching +subject name must either appear in a file (as specified by the \fB\-CAfile\fR +option), a directory (as specified by \fB\-CApath\fR), or a store (as specified +by \fB\-CAstore\fR). If they occur in more than one location then only the +certificates in the file will be recognised. +.PP +Previous versions of OpenSSL assume certificates with matching subject +name are identical and mishandled them. +.PP +Previous versions of this documentation swapped the meaning of the +\&\fBX509_V_ERR_UNABLE_TO_GET_ISSUER_CERT\fR and +\&\fBX509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY\fR error codes. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIopenssl\-x509\fR\|(1), +\&\fIossl_store\-file\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \fB\-show_chain\fR option was added in OpenSSL 1.1.0. +.PP +The \fB\-sm2\-id\fR and \fB\-sm2\-hex\-id\fR options were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man1/openssl-version.1 b/linux_amd64/ssl/share/man/man1/openssl-version.1 new file mode 100755 index 0000000..c047a4a --- /dev/null +++ b/linux_amd64/ssl/share/man/man1/openssl-version.1 @@ -0,0 +1,201 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-VERSION 1" +.TH OPENSSL-VERSION 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-version \- print OpenSSL version information +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl version\fR +[\fB\-help\fR] +[\fB\-a\fR] +[\fB\-v\fR] +[\fB\-b\fR] +[\fB\-o\fR] +[\fB\-f\fR] +[\fB\-p\fR] +[\fB\-d\fR] +[\fB\-e\fR] +[\fB\-m\fR] +[\fB\-r\fR] +[\fB\-c\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command is used to print out version information about OpenSSL. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-a\fR" 4 +.IX Item "-a" +All information, this is the same as setting all the other flags. +.IP "\fB\-v\fR" 4 +.IX Item "-v" +The current OpenSSL version. +.IP "\fB\-b\fR" 4 +.IX Item "-b" +The date the current version of OpenSSL was built. +.IP "\fB\-o\fR" 4 +.IX Item "-o" +Option information: various options set when the library was built. +.IP "\fB\-f\fR" 4 +.IX Item "-f" +Compilation flags. +.IP "\fB\-p\fR" 4 +.IX Item "-p" +Platform setting. +.IP "\fB\-d\fR" 4 +.IX Item "-d" +\&\s-1OPENSSLDIR\s0 setting. +.IP "\fB\-e\fR" 4 +.IX Item "-e" +\&\s-1ENGINESDIR\s0 settings. +.IP "\fB\-m\fR" 4 +.IX Item "-m" +\&\s-1MODULESDIR\s0 settings. +.IP "\fB\-r\fR" 4 +.IX Item "-r" +The random number generator source settings. +.IP "\fB\-c\fR" 4 +.IX Item "-c" +The OpenSSL \s-1CPU\s0 settings info. +.SH "NOTES" +.IX Header "NOTES" +The output of \f(CW\*(C`openssl version \-a\*(C'\fR would typically be used when sending +in a bug report. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man1/openssl-x509.1 b/linux_amd64/ssl/share/man/man1/openssl-x509.1 new file mode 100755 index 0000000..3d879c8 --- /dev/null +++ b/linux_amd64/ssl/share/man/man1/openssl-x509.1 @@ -0,0 +1,848 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-X509 1" +.TH OPENSSL-X509 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-x509 \- Certificate display and signing utility +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBx509\fR +[\fB\-help\fR] +[\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1ENGINE\s0\fR] +[\fB\-CAform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR] +[\fB\-CAkeyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1ENGINE\s0\fR] +[\fB\-in\fR \fIfilename\fR] +[\fB\-out\fR \fIfilename\fR] +[\fB\-serial\fR] +[\fB\-hash\fR] +[\fB\-subject_hash\fR] +[\fB\-subject_hash_old\fR] +[\fB\-issuer_hash\fR] +[\fB\-issuer_hash_old\fR] +[\fB\-ocspid\fR] +[\fB\-subject\fR] +[\fB\-issuer\fR] +[\fB\-email\fR] +[\fB\-ocsp_uri\fR] +[\fB\-startdate\fR] +[\fB\-enddate\fR] +[\fB\-purpose\fR] +[\fB\-dates\fR] +[\fB\-checkend\fR \fInum\fR] +[\fB\-modulus\fR] +[\fB\-pubkey\fR] +[\fB\-fingerprint\fR] +[\fB\-alias\fR] +[\fB\-noout\fR] +[\fB\-trustout\fR] +[\fB\-clrtrust\fR] +[\fB\-clrreject\fR] +[\fB\-addtrust\fR \fIarg\fR] +[\fB\-addreject\fR \fIarg\fR] +[\fB\-setalias\fR \fIarg\fR] +[\fB\-days\fR \fIarg\fR] +[\fB\-set_serial\fR \fIn\fR] +[\fB\-signkey\fR \fIarg\fR] +[\fB\-badsig\fR] +[\fB\-passin\fR \fIarg\fR] +[\fB\-x509toreq\fR] +[\fB\-req\fR] +[\fB\-CA\fR \fIfilename\fR] +[\fB\-CAkey\fR \fIfilename\fR] +[\fB\-CAcreateserial\fR] +[\fB\-CAserial\fR \fIfilename\fR] +[\fB\-new\fR] +[\fB\-next_serial\fR] +[\fB\-nocert\fR] +[\fB\-force_pubkey\fR \fIfilename\fR] +[\fB\-subj\fR \fIarg\fR] +[\fB\-text\fR] +[\fB\-ext\fR \fIextensions\fR] +[\fB\-certopt\fR \fIoption\fR] +[\fB\-checkhost\fR \fIhost\fR] +[\fB\-checkemail\fR \fIhost\fR] +[\fB\-checkip\fR \fIipaddr\fR] +[\fB\-C\fR] +[\fB\-\f(BIdigest\fB\fR] +[\fB\-clrext\fR] +[\fB\-extfile\fR \fIfilename\fR] +[\fB\-extensions\fR \fIsection\fR] +[\fB\-sigopt\fR \fInm\fR:\fIv\fR] +[\fB\-preserve_dates\fR] +[\fB\-nameopt\fR \fIoption\fR] +[\fB\-rand\fR \fIfiles\fR] +[\fB\-writerand\fR \fIfile\fR] +[\fB\-engine\fR \fIid\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command is a multi purpose certificate utility. It can +be used to display certificate information, convert certificates to +various forms, sign certificate requests like a \*(L"mini \s-1CA\s0\*(R" or edit +certificate trust settings. +.PP +Since there are a large number of options they will split up into +various sections. +.SH "OPTIONS" +.IX Header "OPTIONS" +.SS "Input, Output, and General Purpose Options" +.IX Subsection "Input, Output, and General Purpose Options" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Print out a usage message. +.IP "\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR, \fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IX Item "-inform DER|PEM, -outform DER|PEM" +The input and formats; the default is \fB\s-1PEM\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.Sp +The input is normally an X.509 certificate, but this can change if other +options such as \fB\-req\fR are used. +.IP "\fB\-in\fR \fIfilename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read a certificate from or standard input +if this option is not specified. +.IP "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +This specifies the output filename to write to or standard output by +default. +.IP "\fB\-\f(BIdigest\fB\fR" 4 +.IX Item "-digest" +The digest to use. +This affects any signing or display option that uses a message +digest, such as the \fB\-fingerprint\fR, \fB\-signkey\fR and \fB\-CA\fR options. +Any digest supported by the \fIopenssl\-dgst\fR\|(1) command can be used. +If not specified then \s-1SHA1\s0 is used with \fB\-fingerprint\fR or +the default digest for the signing algorithm is used, typically \s-1SHA256\s0. +.IP "\fB\-preserve_dates\fR" 4 +.IX Item "-preserve_dates" +When signing a certificate, preserve the \*(L"notBefore\*(R" and \*(L"notAfter\*(R" dates +instead of adjusting them to current time and duration. +Cannot be used with the \fB\-days\fR option. +.Sp +[\fB\-rand\fR \fIfiles\fR] +[\fB\-writerand\fR \fIfile\fR] +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +See \*(L"Engine Options\*(R" in \fIopenssl\fR\|(1). +.SS "Display Options" +.IX Subsection "Display Options" +Note: the \fB\-alias\fR and \fB\-purpose\fR options are also display options +but are described in the \*(L"Trust Settings\*(R" section. +.IP "\fB\-text\fR" 4 +.IX Item "-text" +Prints out the certificate in text form. Full details are output including the +public key, signature algorithms, issuer and subject names, serial number +any extensions present and any trust settings. +.IP "\fB\-ext\fR \fIextensions\fR" 4 +.IX Item "-ext extensions" +Prints out the certificate extensions in text form. Extensions are specified +with a comma separated string, e.g., \*(L"subjectAltName,subjectKeyIdentifier\*(R". +See the \fIx509v3_config\fR\|(5) manual page for the extension names. +.IP "\fB\-certopt\fR \fIoption\fR" 4 +.IX Item "-certopt option" +Customise the output format used with \fB\-text\fR. The \fIoption\fR argument +can be a single option or multiple options separated by commas. The +\&\fB\-certopt\fR switch may be also be used more than once to set multiple +options. See the \*(L"Text Options\*(R" section for more information. +.IP "\fB\-checkhost\fR \fIhost\fR" 4 +.IX Item "-checkhost host" +Check that the certificate matches the specified host. +.IP "\fB\-checkemail\fR \fIemail\fR" 4 +.IX Item "-checkemail email" +Check that the certificate matches the specified email address. +.IP "\fB\-checkip\fR \fIipaddr\fR" 4 +.IX Item "-checkip ipaddr" +Check that the certificate matches the specified \s-1IP\s0 address. +.IP "\fB\-noout\fR" 4 +.IX Item "-noout" +This option prevents output of the encoded version of the certificate. +.IP "\fB\-pubkey\fR" 4 +.IX Item "-pubkey" +Outputs the certificate's SubjectPublicKeyInfo block in \s-1PEM\s0 format. +.IP "\fB\-modulus\fR" 4 +.IX Item "-modulus" +This option prints out the value of the modulus of the public key +contained in the certificate. +.IP "\fB\-serial\fR" 4 +.IX Item "-serial" +Outputs the certificate serial number. +.IP "\fB\-subject_hash\fR" 4 +.IX Item "-subject_hash" +Outputs the \*(L"hash\*(R" of the certificate subject name. This is used in OpenSSL to +form an index to allow certificates in a directory to be looked up by subject +name. +.IP "\fB\-issuer_hash\fR" 4 +.IX Item "-issuer_hash" +Outputs the \*(L"hash\*(R" of the certificate issuer name. +.IP "\fB\-ocspid\fR" 4 +.IX Item "-ocspid" +Outputs the \s-1OCSP\s0 hash values for the subject name and public key. +.IP "\fB\-hash\fR" 4 +.IX Item "-hash" +Synonym for \*(L"\-subject_hash\*(R" for backward compatibility reasons. +.IP "\fB\-subject_hash_old\fR" 4 +.IX Item "-subject_hash_old" +Outputs the \*(L"hash\*(R" of the certificate subject name using the older algorithm +as used by OpenSSL before version 1.0.0. +.IP "\fB\-issuer_hash_old\fR" 4 +.IX Item "-issuer_hash_old" +Outputs the \*(L"hash\*(R" of the certificate issuer name using the older algorithm +as used by OpenSSL before version 1.0.0. +.IP "\fB\-subject\fR" 4 +.IX Item "-subject" +Outputs the subject name. +.IP "\fB\-issuer\fR" 4 +.IX Item "-issuer" +Outputs the issuer name. +.IP "\fB\-nameopt\fR \fIoption\fR" 4 +.IX Item "-nameopt option" +This specifies how the subject or issuer names are displayed. +See \*(L"Name Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-email\fR" 4 +.IX Item "-email" +Outputs the email address(es) if any. +.IP "\fB\-ocsp_uri\fR" 4 +.IX Item "-ocsp_uri" +Outputs the \s-1OCSP\s0 responder address(es) if any. +.IP "\fB\-startdate\fR" 4 +.IX Item "-startdate" +Prints out the start date of the certificate, that is the notBefore date. +.IP "\fB\-enddate\fR" 4 +.IX Item "-enddate" +Prints out the expiry date of the certificate, that is the notAfter date. +.IP "\fB\-dates\fR" 4 +.IX Item "-dates" +Prints out the start and expiry dates of a certificate. +.IP "\fB\-checkend\fR \fIarg\fR" 4 +.IX Item "-checkend arg" +Checks if the certificate expires within the next \fIarg\fR seconds and exits +nonzero if yes it will expire or zero if not. +.IP "\fB\-fingerprint\fR" 4 +.IX Item "-fingerprint" +Calculates and outputs the digest of the \s-1DER\s0 encoded version of the entire +certificate (see digest options). +This is commonly called a \*(L"fingerprint\*(R". Because of the nature of message +digests, the fingerprint of a certificate is unique to that certificate and +two certificates with the same fingerprint can be considered to be the same. +.IP "\fB\-C\fR" 4 +.IX Item "-C" +This outputs the certificate in the form of a C source file. +.SS "Trust Settings" +.IX Subsection "Trust Settings" +A \fBtrusted certificate\fR is an ordinary certificate which has several +additional pieces of information attached to it such as the permitted +and prohibited uses of the certificate and an \*(L"alias\*(R". +.PP +Normally when a certificate is being verified at least one certificate +must be \*(L"trusted\*(R". By default a trusted certificate must be stored +locally and must be a root \s-1CA:\s0 any certificate chain ending in this \s-1CA\s0 +is then usable for any purpose. +.PP +Trust settings currently are only used with a root \s-1CA\s0. They allow a finer +control over the purposes the root \s-1CA\s0 can be used for. For example a \s-1CA\s0 +may be trusted for \s-1SSL\s0 client but not \s-1SSL\s0 server use. +.PP +See the description in \fIopenssl\-verify\fR\|(1) for more information +on the meaning of trust settings. +.PP +Future versions of OpenSSL will recognize trust settings on any +certificate: not just root CAs. +.IP "\fB\-trustout\fR" 4 +.IX Item "-trustout" +Output a \fBtrusted\fR certificate rather than an ordinary. An ordinary +or trusted certificate can be input but by default an ordinary +certificate is output and any trust settings are discarded. With the +\&\fB\-trustout\fR option a trusted certificate is output. A trusted +certificate is automatically output if any trust settings are modified. +.IP "\fB\-setalias\fR \fIarg\fR" 4 +.IX Item "-setalias arg" +Sets the alias of the certificate. This will allow the certificate +to be referred to using a nickname for example \*(L"Steve's Certificate\*(R". +.IP "\fB\-alias\fR" 4 +.IX Item "-alias" +Outputs the certificate alias, if any. +.IP "\fB\-clrtrust\fR" 4 +.IX Item "-clrtrust" +Clears all the permitted or trusted uses of the certificate. +.IP "\fB\-clrreject\fR" 4 +.IX Item "-clrreject" +Clears all the prohibited or rejected uses of the certificate. +.IP "\fB\-addtrust\fR \fIarg\fR" 4 +.IX Item "-addtrust arg" +Adds a trusted certificate use. +Any object name can be used here but currently only \fBclientAuth\fR (\s-1SSL\s0 client +use), \fBserverAuth\fR (\s-1SSL\s0 server use), \fBemailProtection\fR (S/MIME email) and +\&\fBanyExtendedKeyUsage\fR are used. +As of OpenSSL 1.1.0, the last of these blocks all purposes when rejected or +enables all purposes when trusted. +Other OpenSSL applications may define additional uses. +.IP "\fB\-addreject\fR \fIarg\fR" 4 +.IX Item "-addreject arg" +Adds a prohibited use. It accepts the same values as the \fB\-addtrust\fR +option. +.IP "\fB\-purpose\fR" 4 +.IX Item "-purpose" +This option performs tests on the certificate extensions and outputs +the results. For a more complete description see the +\&\*(L"\s-1CERTIFICATE\s0 \s-1EXTENSIONS\s0\*(R" section. +.SS "Signing Options" +.IX Subsection "Signing Options" +This command can be used to sign certificates and requests: it +can thus behave like a \*(L"mini \s-1CA\s0\*(R". +.IP "\fB\-signkey\fR \fIarg\fR" 4 +.IX Item "-signkey arg" +This option causes the input file to be self signed using the supplied +private key or engine. The private key's format is specified with the +\&\fB\-keyform\fR option. +.Sp +It sets the issuer name to the subject name (i.e., makes it self-issued) +and changes the public key to the supplied value (unless overridden by +\&\fB\-force_pubkey\fR). It sets the validity start date to the current time +and the end date to a value determined by the \fB\-days\fR option. +It retains any certificate extensions unless the \fB\-clrext\fR option is supplied; +this includes, for example, any existing key identifier extensions. +.IP "\fB\-badsig\fR" 4 +.IX Item "-badsig" +Corrupt the signature before writing it; this can be useful +for testing. +.IP "\fB\-sigopt\fR \fInm\fR:\fIv\fR" 4 +.IX Item "-sigopt nm:v" +Pass options to the signature algorithm during sign or verify operations. +Names and values of these options are algorithm-specific. +.IP "\fB\-passin\fR \fIarg\fR" 4 +.IX Item "-passin arg" +The key password source. For more information about the format of \fIarg\fR +see \*(L"Pass Phrase Options\*(R" in \fIopenssl\fR\|(1). +.IP "\fB\-clrext\fR" 4 +.IX Item "-clrext" +Delete any extensions from a certificate. This option is used when a +certificate is being created from another certificate (for example with +the \fB\-signkey\fR or the \fB\-CA\fR options). Normally all extensions are +retained. +.IP "\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1ENGINE\s0\fR" 4 +.IX Item "-keyform DER|PEM|ENGINE" +The key format; the default is \fB\s-1PEM\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-CAform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR, \fB\-CAkeyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1ENGINE\s0\fR" 4 +.IX Item "-CAform DER|PEM, -CAkeyform DER|PEM|ENGINE" +The format for the \s-1CA\s0 certificate and key; the default is \fB\s-1PEM\s0\fR. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-days\fR \fIarg\fR" 4 +.IX Item "-days arg" +Specifies the number of days to make a certificate valid for. The default +is 30 days. Cannot be used with the \fB\-preserve_dates\fR option. +.IP "\fB\-x509toreq\fR" 4 +.IX Item "-x509toreq" +Converts a certificate into a certificate request. The \fB\-signkey\fR option +is used to pass the required private key. +.IP "\fB\-req\fR" 4 +.IX Item "-req" +By default a certificate is expected on input. With this option a +certificate request is expected instead. +.IP "\fB\-set_serial\fR \fIn\fR" 4 +.IX Item "-set_serial n" +Specifies the serial number to use. This option can be used with either +the \fB\-signkey\fR or \fB\-CA\fR options. If used in conjunction with the \fB\-CA\fR +option the serial number file (as specified by the \fB\-CAserial\fR or +\&\fB\-CAcreateserial\fR options) is not used. +.Sp +The serial number can be decimal or hex (if preceded by \f(CW\*(C`0x\*(C'\fR). +.IP "\fB\-CA\fR \fIfilename\fR" 4 +.IX Item "-CA filename" +Specifies the \s-1CA\s0 certificate to be used for signing. When this option is +present, this command behaves like a \*(L"mini \s-1CA\s0\*(R". The input file is signed by +this \s-1CA\s0 using this option: that is its issuer name is set to the subject name +of the \s-1CA\s0 and it is digitally signed using the CAs private key. +.Sp +This option is normally combined with the \fB\-req\fR option. Without the +\&\fB\-req\fR option the input is a certificate which must be self signed. +.IP "\fB\-CAkey\fR \fIfilename\fR" 4 +.IX Item "-CAkey filename" +Sets the \s-1CA\s0 private key to sign a certificate with. If this option is +not specified then it is assumed that the \s-1CA\s0 private key is present in +the \s-1CA\s0 certificate file. +.IP "\fB\-CAserial\fR \fIfilename\fR" 4 +.IX Item "-CAserial filename" +Sets the \s-1CA\s0 serial number file to use. +.Sp +When the \fB\-CA\fR option is used to sign a certificate it uses a serial +number specified in a file. This file consists of one line containing +an even number of hex digits with the serial number to use. After each +use the serial number is incremented and written out to the file again. +.Sp +The default filename consists of the \s-1CA\s0 certificate file base name with +\&\fI.srl\fR appended. For example if the \s-1CA\s0 certificate file is called +\&\fImycacert.pem\fR it expects to find a serial number file called +\&\fImycacert.srl\fR. +.IP "\fB\-CAcreateserial\fR" 4 +.IX Item "-CAcreateserial" +With this option the \s-1CA\s0 serial number file is created if it does not exist: +it will contain the serial number \*(L"02\*(R" and the certificate being signed will +have the 1 as its serial number. If the \fB\-CA\fR option is specified +and the serial number file does not exist a random number is generated; +this is the recommended practice. +.IP "\fB\-extfile\fR \fIfilename\fR" 4 +.IX Item "-extfile filename" +File containing certificate extensions to use. If not specified then +no extensions are added to the certificate. +.IP "\fB\-extensions\fR \fIsection\fR" 4 +.IX Item "-extensions section" +The section to add certificate extensions from. If this option is not +specified then the extensions should either be contained in the unnamed +(default) section or the default section should contain a variable called +\&\*(L"extensions\*(R" which contains the section to use. See the +\&\fIx509v3_config\fR\|(5) manual page for details of the +extension section format. +.IP "\fB\-new\fR" 4 +.IX Item "-new" +Generate a certificate from scratch, not using an input certificate +or certificate request. So the \fB\-in\fR option must not be used in this case. +Instead, the \fB\-subj\fR and <\-force_pubkey> options need to be given. +.IP "\fB\-next_serial\fR" 4 +.IX Item "-next_serial" +Set the serial to be one more than the number in the certificate. +.IP "\fB\-nocert\fR" 4 +.IX Item "-nocert" +Do not generate or output a certificate. +.IP "\fB\-force_pubkey\fR \fIfilename\fR" 4 +.IX Item "-force_pubkey filename" +When a certificate is created set its public key to the key in \fIfilename\fR +instead of the key contained in the input or given with the \fB\-signkey\fR option. +.Sp +This option is useful for creating self-issued certificates that are not +self-signed, for instance when the key cannot be used for signing, such as \s-1DH\s0. +It can also be used in conjunction with b<\-new> and \fB\-subj\fR to directly +generate a certificate containing any desired public key. +.Sp +The format of the key file can be specified using the \fB\-keyform\fR option. +.IP "\fB\-subj\fR \fIarg\fR" 4 +.IX Item "-subj arg" +When a certificate is created set its subject name to the given value. +The arg must be formatted as \f(CW\*(C`/type0=value0/type1=value1/type2=...\*(C'\fR. +Keyword characters may be escaped by \e (backslash), and whitespace is retained. +Empty values are permitted, but the corresponding type will not be included +in the certificate. Giving a single \f(CW\*(C`/\*(C'\fR will lead to an empty sequence of RDNs +(a \s-1NULL\s0 subject \s-1DN\s0). +.Sp +Unless the \fB\-CA\fR option is given the issuer is set to the same value. +.Sp +This option can be used in conjunction with the \fB\-force_pubkey\fR option +to create a certificate even without providing an input certificate +or certificate request. +.SS "Text Options" +.IX Subsection "Text Options" +As well as customising the name output format, it is also possible to +customise the actual fields printed using the \fBcertopt\fR options when +the \fBtext\fR option is present. The default behaviour is to print all fields. +.IP "\fBcompatible\fR" 4 +.IX Item "compatible" +Use the old format. This is equivalent to specifying no output options at all. +.IP "\fBno_header\fR" 4 +.IX Item "no_header" +Don't print header information: that is the lines saying \*(L"Certificate\*(R" +and \*(L"Data\*(R". +.IP "\fBno_version\fR" 4 +.IX Item "no_version" +Don't print out the version number. +.IP "\fBno_serial\fR" 4 +.IX Item "no_serial" +Don't print out the serial number. +.IP "\fBno_signame\fR" 4 +.IX Item "no_signame" +Don't print out the signature algorithm used. +.IP "\fBno_validity\fR" 4 +.IX Item "no_validity" +Don't print the validity, that is the \fBnotBefore\fR and \fBnotAfter\fR fields. +.IP "\fBno_subject\fR" 4 +.IX Item "no_subject" +Don't print out the subject name. +.IP "\fBno_issuer\fR" 4 +.IX Item "no_issuer" +Don't print out the issuer name. +.IP "\fBno_pubkey\fR" 4 +.IX Item "no_pubkey" +Don't print out the public key. +.IP "\fBno_sigdump\fR" 4 +.IX Item "no_sigdump" +Don't give a hexadecimal dump of the certificate signature. +.IP "\fBno_aux\fR" 4 +.IX Item "no_aux" +Don't print out certificate trust information. +.IP "\fBno_extensions\fR" 4 +.IX Item "no_extensions" +Don't print out any X509V3 extensions. +.IP "\fBext_default\fR" 4 +.IX Item "ext_default" +Retain default extension behaviour: attempt to print out unsupported +certificate extensions. +.IP "\fBext_error\fR" 4 +.IX Item "ext_error" +Print an error message for unsupported certificate extensions. +.IP "\fBext_parse\fR" 4 +.IX Item "ext_parse" +\&\s-1ASN1\s0 parse unsupported extensions. +.IP "\fBext_dump\fR" 4 +.IX Item "ext_dump" +Hex dump unsupported extensions. +.IP "\fBca_default\fR" 4 +.IX Item "ca_default" +The value used by \fIopenssl\-ca\fR\|(1), equivalent to \fBno_issuer\fR, \fBno_pubkey\fR, +\&\fBno_header\fR, and \fBno_version\fR. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Note: in these examples the '\e' means the example should be all on one +line. +.PP +Display the contents of a certificate: +.PP +.Vb 1 +\& openssl x509 \-in cert.pem \-noout \-text +.Ve +.PP +Display the \*(L"Subject Alternative Name\*(R" extension of a certificate: +.PP +.Vb 1 +\& openssl x509 \-in cert.pem \-noout \-ext subjectAltName +.Ve +.PP +Display more extensions of a certificate: +.PP +.Vb 1 +\& openssl x509 \-in cert.pem \-noout \-ext subjectAltName,nsCertType +.Ve +.PP +Display the certificate serial number: +.PP +.Vb 1 +\& openssl x509 \-in cert.pem \-noout \-serial +.Ve +.PP +Display the certificate subject name: +.PP +.Vb 1 +\& openssl x509 \-in cert.pem \-noout \-subject +.Ve +.PP +Display the certificate subject name in \s-1RFC2253\s0 form: +.PP +.Vb 1 +\& openssl x509 \-in cert.pem \-noout \-subject \-nameopt RFC2253 +.Ve +.PP +Display the certificate subject name in oneline form on a terminal +supporting \s-1UTF8:\s0 +.PP +.Vb 1 +\& openssl x509 \-in cert.pem \-noout \-subject \-nameopt oneline,\-esc_msb +.Ve +.PP +Display the certificate \s-1SHA1\s0 fingerprint: +.PP +.Vb 1 +\& openssl x509 \-sha1 \-in cert.pem \-noout \-fingerprint +.Ve +.PP +Convert a certificate from \s-1PEM\s0 to \s-1DER\s0 format: +.PP +.Vb 1 +\& openssl x509 \-in cert.pem \-inform PEM \-out cert.der \-outform DER +.Ve +.PP +Convert a certificate to a certificate request: +.PP +.Vb 1 +\& openssl x509 \-x509toreq \-in cert.pem \-out req.pem \-signkey key.pem +.Ve +.PP +Convert a certificate request into a self signed certificate using +extensions for a \s-1CA:\s0 +.PP +.Vb 2 +\& openssl x509 \-req \-in careq.pem \-extfile openssl.cnf \-extensions v3_ca \e +\& \-signkey key.pem \-out cacert.pem +.Ve +.PP +Sign a certificate request using the \s-1CA\s0 certificate above and add user +certificate extensions: +.PP +.Vb 2 +\& openssl x509 \-req \-in req.pem \-extfile openssl.cnf \-extensions v3_usr \e +\& \-CA cacert.pem \-CAkey key.pem \-CAcreateserial +.Ve +.PP +Set a certificate to be trusted for \s-1SSL\s0 client use and change set its alias to +\&\*(L"Steve's Class 1 \s-1CA\s0\*(R" +.PP +.Vb 2 +\& openssl x509 \-in cert.pem \-addtrust clientAuth \e +\& \-setalias "Steve\*(Aqs Class 1 CA" \-out trust.pem +.Ve +.SH "NOTES" +.IX Header "NOTES" +The conversion to \s-1UTF8\s0 format used with the name options assumes that +T61Strings use the \s-1ISO8859\-1\s0 character set. This is wrong but Netscape +and \s-1MSIE\s0 do this as do many certificates. So although this is incorrect +it is more likely to display the majority of certificates correctly. +.PP +The \fB\-email\fR option searches the subject name and the subject alternative +name extension. Only unique email addresses will be printed out: it will +not print the same address more than once. +.SH "CERTIFICATE EXTENSIONS" +.IX Header "CERTIFICATE EXTENSIONS" +The \fB\-purpose\fR option checks the certificate extensions and determines +what the certificate can be used for. The actual checks done are rather +complex and include various hacks and workarounds to handle broken +certificates and software. +.PP +The same code is used when verifying untrusted certificates in chains +so this section is useful if a chain is rejected by the verify code. +.PP +The basicConstraints extension \s-1CA\s0 flag is used to determine whether the +certificate can be used as a \s-1CA\s0. If the \s-1CA\s0 flag is true then it is a \s-1CA\s0, +if the \s-1CA\s0 flag is false then it is not a \s-1CA\s0. \fBAll\fR CAs should have the +\&\s-1CA\s0 flag set to true. +.PP +If the basicConstraints extension is absent then the certificate is +considered to be a \*(L"possible \s-1CA\s0\*(R" other extensions are checked according +to the intended use of the certificate. A warning is given in this case +because the certificate should really not be regarded as a \s-1CA:\s0 however +it is allowed to be a \s-1CA\s0 to work around some broken software. +.PP +If the certificate is a V1 certificate (and thus has no extensions) and +it is self signed it is also assumed to be a \s-1CA\s0 but a warning is again +given: this is to work around the problem of Verisign roots which are V1 +self signed certificates. +.PP +If the keyUsage extension is present then additional restraints are +made on the uses of the certificate. A \s-1CA\s0 certificate \fBmust\fR have the +keyCertSign bit set if the keyUsage extension is present. +.PP +The extended key usage extension places additional restrictions on the +certificate uses. If this extension is present (whether critical or not) +the key can only be used for the purposes specified. +.PP +A complete description of each test is given below. The comments about +basicConstraints and keyUsage and V1 certificates above apply to \fBall\fR +\&\s-1CA\s0 certificates. +.IP "\fB\s-1SSL\s0 Client\fR" 4 +.IX Item "SSL Client" +The extended key usage extension must be absent or include the \*(L"web client +authentication\*(R" \s-1OID\s0. keyUsage must be absent or it must have the +digitalSignature bit set. Netscape certificate type must be absent or it must +have the \s-1SSL\s0 client bit set. +.IP "\fB\s-1SSL\s0 Client \s-1CA\s0\fR" 4 +.IX Item "SSL Client CA" +The extended key usage extension must be absent or include the \*(L"web client +authentication\*(R" \s-1OID\s0. Netscape certificate type must be absent or it must have +the \s-1SSL\s0 \s-1CA\s0 bit set: this is used as a work around if the basicConstraints +extension is absent. +.IP "\fB\s-1SSL\s0 Server\fR" 4 +.IX Item "SSL Server" +The extended key usage extension must be absent or include the \*(L"web server +authentication\*(R" and/or one of the \s-1SGC\s0 OIDs. keyUsage must be absent or it +must have the digitalSignature, the keyEncipherment set or both bits set. +Netscape certificate type must be absent or have the \s-1SSL\s0 server bit set. +.IP "\fB\s-1SSL\s0 Server \s-1CA\s0\fR" 4 +.IX Item "SSL Server CA" +The extended key usage extension must be absent or include the \*(L"web server +authentication\*(R" and/or one of the \s-1SGC\s0 OIDs. Netscape certificate type must +be absent or the \s-1SSL\s0 \s-1CA\s0 bit must be set: this is used as a work around if the +basicConstraints extension is absent. +.IP "\fBNetscape \s-1SSL\s0 Server\fR" 4 +.IX Item "Netscape SSL Server" +For Netscape \s-1SSL\s0 clients to connect to an \s-1SSL\s0 server it must have the +keyEncipherment bit set if the keyUsage extension is present. This isn't +always valid because some cipher suites use the key for digital signing. +Otherwise it is the same as a normal \s-1SSL\s0 server. +.IP "\fBCommon S/MIME Client Tests\fR" 4 +.IX Item "Common S/MIME Client Tests" +The extended key usage extension must be absent or include the \*(L"email +protection\*(R" \s-1OID\s0. Netscape certificate type must be absent or should have the +S/MIME bit set. If the S/MIME bit is not set in Netscape certificate type +then the \s-1SSL\s0 client bit is tolerated as an alternative but a warning is shown: +this is because some Verisign certificates don't set the S/MIME bit. +.IP "\fBS/MIME Signing\fR" 4 +.IX Item "S/MIME Signing" +In addition to the common S/MIME client tests the digitalSignature bit or +the nonRepudiation bit must be set if the keyUsage extension is present. +.IP "\fBS/MIME Encryption\fR" 4 +.IX Item "S/MIME Encryption" +In addition to the common S/MIME tests the keyEncipherment bit must be set +if the keyUsage extension is present. +.IP "\fBS/MIME \s-1CA\s0\fR" 4 +.IX Item "S/MIME CA" +The extended key usage extension must be absent or include the \*(L"email +protection\*(R" \s-1OID\s0. Netscape certificate type must be absent or must have the +S/MIME \s-1CA\s0 bit set: this is used as a work around if the basicConstraints +extension is absent. +.IP "\fB\s-1CRL\s0 Signing\fR" 4 +.IX Item "CRL Signing" +The keyUsage extension must be absent or it must have the \s-1CRL\s0 signing bit +set. +.IP "\fB\s-1CRL\s0 Signing \s-1CA\s0\fR" 4 +.IX Item "CRL Signing CA" +The normal \s-1CA\s0 tests apply. Except in this case the basicConstraints extension +must be present. +.SH "BUGS" +.IX Header "BUGS" +Extensions in certificates are not transferred to certificate requests and +vice versa. +.PP +It is possible to produce invalid certificates or requests by specifying the +wrong private key or using inconsistent options in some cases: these should +be checked. +.PP +There should be options to explicitly set such things as start and end +dates rather than an offset from the current time. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIopenssl\-req\fR\|(1), +\&\fIopenssl\-ca\fR\|(1), +\&\fIopenssl\-genrsa\fR\|(1), +\&\fIopenssl\-gendsa\fR\|(1), +\&\fIopenssl\-verify\fR\|(1), +\&\fIx509v3_config\fR\|(5) +.SH "HISTORY" +.IX Header "HISTORY" +The hash algorithm used in the \fB\-subject_hash\fR and \fB\-issuer_hash\fR options +before OpenSSL 1.0.0 was based on the deprecated \s-1MD5\s0 algorithm and the encoding +of the distinguished name. In OpenSSL 1.0.0 and later it is based on a canonical +version of the \s-1DN\s0 using \s-1SHA1\s0. This means that any directories using the old +form must have their links rebuilt using \fIopenssl\-rehash\fR\|(1) or similar. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man1/openssl.1 b/linux_amd64/ssl/share/man/man1/openssl.1 new file mode 100755 index 0000000..20b458e --- /dev/null +++ b/linux_amd64/ssl/share/man/man1/openssl.1 @@ -0,0 +1,1265 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL 1" +.TH OPENSSL 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl \- OpenSSL command line tool +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR +\&\fIcommand\fR +[ \fIoptions\fR ... ] +[ \fIparameters\fR ... ] +.PP +\&\fBopenssl\fR +\&\fBlist\fR +\&\fB\-standard\-commands\fR | +\&\fB\-digest\-commands\fR | +\&\fB\-cipher\-commands\fR | +\&\fB\-cipher\-algorithms\fR | +\&\fB\-digest\-algorithms\fR | +\&\fB\-mac\-algorithms\fR | +\&\fB\-public\-key\-algorithms\fR +.PP +\&\fBopenssl\fR \fBno\-\fR\fI\s-1XXX\s0\fR [ \fIoptions\fR ] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (\s-1SSL\s0 +v2/v3) and Transport Layer Security (\s-1TLS\s0 v1) network protocols and related +cryptography standards required by them. +.PP +The \fBopenssl\fR program is a command line tool for using the various +cryptography functions of OpenSSL's \fBcrypto\fR library from the shell. +It can be used for +.PP +.Vb 8 +\& o Creation and management of private keys, public keys and parameters +\& o Public key cryptographic operations +\& o Creation of X.509 certificates, CSRs and CRLs +\& o Calculation of Message Digests and Message Authentication Codes +\& o Encryption and Decryption with Ciphers +\& o SSL/TLS Client and Server Tests +\& o Handling of S/MIME signed or encrypted mail +\& o Timestamp requests, generation and verification +.Ve +.SH "COMMAND SUMMARY" +.IX Header "COMMAND SUMMARY" +The \fBopenssl\fR program provides a rich variety of commands (\fIcommand\fR in +the \*(L"\s-1SYNOPSIS\s0\*(R" above). +Each command can have many options and argument parameters, shown above as +\&\fIoptions\fR and \fIparameters\fR. +.PP +Detailed documentation and use cases for most standard subcommands are available +(e.g., \fIopenssl\-x509\fR\|(1)). +.PP +Many commands use an external configuration file for some or all of their +arguments and have a \fB\-config\fR option to specify that file. +The default name of the file is \fIopenssl.cnf\fR in the default certificate +storage area, which can be determined from the \fIopenssl\-version\fR\|(1) +command. +The environment variable \fB\s-1OPENSSL_CONF\s0\fR can be used to specify +a different location of the file. +See \fIopenssl\-env\fR\|(7). +.PP +The list options \fB\-standard\-commands\fR, \fB\-digest\-commands\fR, +and \fB\-cipher\-commands\fR output a list (one entry per line) of the names +of all standard commands, message digest commands, or cipher commands, +respectively, that are available. +.PP +The list parameters \fB\-cipher\-algorithms\fR, \fB\-digest\-algorithms\fR, +and \fB\-mac\-algorithms\fR list all cipher, message digest, and message +authentication code names, one entry per line. Aliases are listed as: +.PP +.Vb 1 +\& from => to +.Ve +.PP +The list parameter \fB\-public\-key\-algorithms\fR lists all supported public +key algorithms. +.PP +The command \fBno\-\fR\fI\s-1XXX\s0\fR tests whether a command of the +specified name is available. If no command named \fI\s-1XXX\s0\fR exists, it +returns 0 (success) and prints \fBno\-\fR\fI\s-1XXX\s0\fR; otherwise it returns 1 +and prints \fI\s-1XXX\s0\fR. In both cases, the output goes to \fBstdout\fR and +nothing is printed to \fBstderr\fR. Additional command line arguments +are always ignored. Since for each cipher there is a command of the +same name, this provides an easy way for shell scripts to test for the +availability of ciphers in the \fBopenssl\fR program. (\fBno\-\fR\fI\s-1XXX\s0\fR is +not able to detect pseudo-commands such as \fBquit\fR, +\&\fBlist\fR, or \fBno\-\fR\fI\s-1XXX\s0\fR itself.) +.SS "Standard Commands" +.IX Subsection "Standard Commands" +.IP "\fBasn1parse\fR" 4 +.IX Item "asn1parse" +Parse an \s-1ASN\s0.1 sequence. +.IP "\fBca\fR" 4 +.IX Item "ca" +Certificate Authority (\s-1CA\s0) Management. +.IP "\fBciphers\fR" 4 +.IX Item "ciphers" +Cipher Suite Description Determination. +.IP "\fBcms\fR" 4 +.IX Item "cms" +\&\s-1CMS\s0 (Cryptographic Message Syntax) utility. +.IP "\fBcrl\fR" 4 +.IX Item "crl" +Certificate Revocation List (\s-1CRL\s0) Management. +.IP "\fBcrl2pkcs7\fR" 4 +.IX Item "crl2pkcs7" +\&\s-1CRL\s0 to PKCS#7 Conversion. +.IP "\fBdgst\fR" 4 +.IX Item "dgst" +Message Digest calculation. \s-1MAC\s0 calculations are superseded by +\&\fIopenssl\-mac\fR\|(1). +.IP "\fBdhparam\fR" 4 +.IX Item "dhparam" +Generation and Management of Diffie-Hellman Parameters. Superseded by +\&\fIopenssl\-genpkey\fR\|(1) and \fIopenssl\-pkeyparam\fR\|(1). +.IP "\fBdsa\fR" 4 +.IX Item "dsa" +\&\s-1DSA\s0 Data Management. +.IP "\fBdsaparam\fR" 4 +.IX Item "dsaparam" +\&\s-1DSA\s0 Parameter Generation and Management. Superseded by +\&\fIopenssl\-genpkey\fR\|(1) and \fIopenssl\-pkeyparam\fR\|(1). +.IP "\fBec\fR" 4 +.IX Item "ec" +\&\s-1EC\s0 (Elliptic curve) key processing. +.IP "\fBecparam\fR" 4 +.IX Item "ecparam" +\&\s-1EC\s0 parameter manipulation and generation. +.IP "\fBenc\fR" 4 +.IX Item "enc" +Encryption, decryption, and encoding. +.IP "\fBengine\fR" 4 +.IX Item "engine" +Engine (loadable module) information and manipulation. +.IP "\fBerrstr\fR" 4 +.IX Item "errstr" +Error Number to Error String Conversion. +.IP "\fBfipsinstall\fR" 4 +.IX Item "fipsinstall" +\&\s-1FIPS\s0 configuration installation. +.IP "\fBgendsa\fR" 4 +.IX Item "gendsa" +Generation of \s-1DSA\s0 Private Key from Parameters. Superseded by +\&\fIopenssl\-genpkey\fR\|(1) and \fIopenssl\-pkey\fR\|(1). +.IP "\fBgenpkey\fR" 4 +.IX Item "genpkey" +Generation of Private Key or Parameters. +.IP "\fBgenrsa\fR" 4 +.IX Item "genrsa" +Generation of \s-1RSA\s0 Private Key. Superseded by \fIopenssl\-genpkey\fR\|(1). +.IP "\fBhelp\fR" 4 +.IX Item "help" +Display information about a command's options. +.IP "\fBinfo\fR" 4 +.IX Item "info" +Display diverse information built into the OpenSSL libraries. +.IP "\fBkdf\fR" 4 +.IX Item "kdf" +Key Derivation Functions. +.IP "\fBlist\fR" 4 +.IX Item "list" +List algorithms and features. +.IP "\fBmac\fR" 4 +.IX Item "mac" +Message Authentication Code Calculation. +.IP "\fBnseq\fR" 4 +.IX Item "nseq" +Create or examine a Netscape certificate sequence. +.IP "\fBocsp\fR" 4 +.IX Item "ocsp" +Online Certificate Status Protocol utility. +.IP "\fBpasswd\fR" 4 +.IX Item "passwd" +Generation of hashed passwords. +.IP "\fBpkcs12\fR" 4 +.IX Item "pkcs12" +PKCS#12 Data Management. +.IP "\fBpkcs7\fR" 4 +.IX Item "pkcs7" +PKCS#7 Data Management. +.IP "\fBpkcs8\fR" 4 +.IX Item "pkcs8" +PKCS#8 format private key conversion tool. +.IP "\fBpkey\fR" 4 +.IX Item "pkey" +Public and private key management. +.IP "\fBpkeyparam\fR" 4 +.IX Item "pkeyparam" +Public key algorithm parameter management. +.IP "\fBpkeyutl\fR" 4 +.IX Item "pkeyutl" +Public key algorithm cryptographic operation utility. +.IP "\fBprime\fR" 4 +.IX Item "prime" +Compute prime numbers. +.IP "\fBprovider\fR" 4 +.IX Item "provider" +Load and query providers. +.IP "\fBrand\fR" 4 +.IX Item "rand" +Generate pseudo-random bytes. +.IP "\fBrehash\fR" 4 +.IX Item "rehash" +Create symbolic links to certificate and \s-1CRL\s0 files named by the hash values. +.IP "\fBreq\fR" 4 +.IX Item "req" +PKCS#10 X.509 Certificate Signing Request (\s-1CSR\s0) Management. +.IP "\fBrsa\fR" 4 +.IX Item "rsa" +\&\s-1RSA\s0 key management. +.IP "\fBrsautl\fR" 4 +.IX Item "rsautl" +\&\s-1RSA\s0 utility for signing, verification, encryption, and decryption. Superseded +by \fIopenssl\-pkeyutl\fR\|(1). +.IP "\fBs_client\fR" 4 +.IX Item "s_client" +This implements a generic \s-1SSL/TLS\s0 client which can establish a transparent +connection to a remote server speaking \s-1SSL/TLS\s0. It's intended for testing +purposes only and provides only rudimentary interface functionality but +internally uses mostly all functionality of the OpenSSL \fBssl\fR library. +.IP "\fBs_server\fR" 4 +.IX Item "s_server" +This implements a generic \s-1SSL/TLS\s0 server which accepts connections from remote +clients speaking \s-1SSL/TLS\s0. It's intended for testing purposes only and provides +only rudimentary interface functionality but internally uses mostly all +functionality of the OpenSSL \fBssl\fR library. It provides both an own command +line oriented protocol for testing \s-1SSL\s0 functions and a simple \s-1HTTP\s0 response +facility to emulate an SSL/TLS\-aware webserver. +.IP "\fBs_time\fR" 4 +.IX Item "s_time" +\&\s-1SSL\s0 Connection Timer. +.IP "\fBsess_id\fR" 4 +.IX Item "sess_id" +\&\s-1SSL\s0 Session Data Management. +.IP "\fBsmime\fR" 4 +.IX Item "smime" +S/MIME mail processing. +.IP "\fBspeed\fR" 4 +.IX Item "speed" +Algorithm Speed Measurement. +.IP "\fBspkac\fR" 4 +.IX Item "spkac" +\&\s-1SPKAC\s0 printing and generating utility. +.IP "\fBsrp\fR" 4 +.IX Item "srp" +Maintain \s-1SRP\s0 password file. +.IP "\fBstoreutl\fR" 4 +.IX Item "storeutl" +Utility to list and display certificates, keys, CRLs, etc. +.IP "\fBts\fR" 4 +.IX Item "ts" +Time Stamping Authority tool (client/server). +.IP "\fBverify\fR" 4 +.IX Item "verify" +X.509 Certificate Verification. +.IP "\fBversion\fR" 4 +.IX Item "version" +OpenSSL Version Information. +.IP "\fBx509\fR" 4 +.IX Item "x509" +X.509 Certificate Data Management. +.SS "Message Digest Commands" +.IX Subsection "Message Digest Commands" +.IP "\fBblake2b512\fR" 4 +.IX Item "blake2b512" +BLAKE2b\-512 Digest +.IP "\fBblake2s256\fR" 4 +.IX Item "blake2s256" +BLAKE2s\-256 Digest +.IP "\fBmd2\fR" 4 +.IX Item "md2" +\&\s-1MD2\s0 Digest +.IP "\fBmd4\fR" 4 +.IX Item "md4" +\&\s-1MD4\s0 Digest +.IP "\fBmd5\fR" 4 +.IX Item "md5" +\&\s-1MD5\s0 Digest +.IP "\fBmdc2\fR" 4 +.IX Item "mdc2" +\&\s-1MDC2\s0 Digest +.IP "\fBrmd160\fR" 4 +.IX Item "rmd160" +\&\s-1RMD\-160\s0 Digest +.IP "\fBsha1\fR" 4 +.IX Item "sha1" +\&\s-1SHA\-1\s0 Digest +.IP "\fBsha224\fR" 4 +.IX Item "sha224" +\&\s-1SHA\-2\s0 224 Digest +.IP "\fBsha256\fR" 4 +.IX Item "sha256" +\&\s-1SHA\-2\s0 256 Digest +.IP "\fBsha384\fR" 4 +.IX Item "sha384" +\&\s-1SHA\-2\s0 384 Digest +.IP "\fBsha512\fR" 4 +.IX Item "sha512" +\&\s-1SHA\-2\s0 512 Digest +.IP "\fBsha3\-224\fR" 4 +.IX Item "sha3-224" +\&\s-1SHA\-3\s0 224 Digest +.IP "\fBsha3\-256\fR" 4 +.IX Item "sha3-256" +\&\s-1SHA\-3\s0 256 Digest +.IP "\fBsha3\-384\fR" 4 +.IX Item "sha3-384" +\&\s-1SHA\-3\s0 384 Digest +.IP "\fBsha3\-512\fR" 4 +.IX Item "sha3-512" +\&\s-1SHA\-3\s0 512 Digest +.IP "\fBshake128\fR" 4 +.IX Item "shake128" +\&\s-1SHA\-3\s0 \s-1SHAKE128\s0 Digest +.IP "\fBshake256\fR" 4 +.IX Item "shake256" +\&\s-1SHA\-3\s0 \s-1SHAKE256\s0 Digest +.IP "\fBsm3\fR" 4 +.IX Item "sm3" +\&\s-1SM3\s0 Digest +.SS "Encryption, Decryption, and Encoding Commands" +.IX Subsection "Encryption, Decryption, and Encoding Commands" +The following aliases provide convenient access to the most used encodings +and ciphers. +.PP +Depending on how OpenSSL was configured and built, not all ciphers listed +here may be present. See \fIopenssl\-enc\fR\|(1) for more information. +.IP "\fBaes128\fR, \fBaes\-128\-cbc\fR, \fBaes\-128\-cfb\fR, \fBaes\-128\-ctr\fR, \fBaes\-128\-ecb\fR, \fBaes\-128\-ofb\fR" 4 +.IX Item "aes128, aes-128-cbc, aes-128-cfb, aes-128-ctr, aes-128-ecb, aes-128-ofb" +\&\s-1AES\-128\s0 Cipher +.IP "\fBaes192\fR, \fBaes\-192\-cbc\fR, \fBaes\-192\-cfb\fR, \fBaes\-192\-ctr\fR, \fBaes\-192\-ecb\fR, \fBaes\-192\-ofb\fR" 4 +.IX Item "aes192, aes-192-cbc, aes-192-cfb, aes-192-ctr, aes-192-ecb, aes-192-ofb" +\&\s-1AES\-192\s0 Cipher +.IP "\fBaes256\fR, \fBaes\-256\-cbc\fR, \fBaes\-256\-cfb\fR, \fBaes\-256\-ctr\fR, \fBaes\-256\-ecb\fR, \fBaes\-256\-ofb\fR" 4 +.IX Item "aes256, aes-256-cbc, aes-256-cfb, aes-256-ctr, aes-256-ecb, aes-256-ofb" +\&\s-1AES\-256\s0 Cipher +.IP "\fBaria128\fR, \fBaria\-128\-cbc\fR, \fBaria\-128\-cfb\fR, \fBaria\-128\-ctr\fR, \fBaria\-128\-ecb\fR, \fBaria\-128\-ofb\fR" 4 +.IX Item "aria128, aria-128-cbc, aria-128-cfb, aria-128-ctr, aria-128-ecb, aria-128-ofb" +Aria\-128 Cipher +.IP "\fBaria192\fR, \fBaria\-192\-cbc\fR, \fBaria\-192\-cfb\fR, \fBaria\-192\-ctr\fR, \fBaria\-192\-ecb\fR, \fBaria\-192\-ofb\fR" 4 +.IX Item "aria192, aria-192-cbc, aria-192-cfb, aria-192-ctr, aria-192-ecb, aria-192-ofb" +Aria\-192 Cipher +.IP "\fBaria256\fR, \fBaria\-256\-cbc\fR, \fBaria\-256\-cfb\fR, \fBaria\-256\-ctr\fR, \fBaria\-256\-ecb\fR, \fBaria\-256\-ofb\fR" 4 +.IX Item "aria256, aria-256-cbc, aria-256-cfb, aria-256-ctr, aria-256-ecb, aria-256-ofb" +Aria\-256 Cipher +.IP "\fBbase64\fR" 4 +.IX Item "base64" +Base64 Encoding +.IP "\fBbf\fR, \fBbf-cbc\fR, \fBbf-cfb\fR, \fBbf-ecb\fR, \fBbf-ofb\fR" 4 +.IX Item "bf, bf-cbc, bf-cfb, bf-ecb, bf-ofb" +Blowfish Cipher +.IP "\fBcamellia128\fR, \fBcamellia\-128\-cbc\fR, \fBcamellia\-128\-cfb\fR, \fBcamellia\-128\-ctr\fR, \fBcamellia\-128\-ecb\fR, \fBcamellia\-128\-ofb\fR" 4 +.IX Item "camellia128, camellia-128-cbc, camellia-128-cfb, camellia-128-ctr, camellia-128-ecb, camellia-128-ofb" +Camellia\-128 Cipher +.IP "\fBcamellia192\fR, \fBcamellia\-192\-cbc\fR, \fBcamellia\-192\-cfb\fR, \fBcamellia\-192\-ctr\fR, \fBcamellia\-192\-ecb\fR, \fBcamellia\-192\-ofb\fR" 4 +.IX Item "camellia192, camellia-192-cbc, camellia-192-cfb, camellia-192-ctr, camellia-192-ecb, camellia-192-ofb" +Camellia\-192 Cipher +.IP "\fBcamellia256\fR, \fBcamellia\-256\-cbc\fR, \fBcamellia\-256\-cfb\fR, \fBcamellia\-256\-ctr\fR, \fBcamellia\-256\-ecb\fR, \fBcamellia\-256\-ofb\fR" 4 +.IX Item "camellia256, camellia-256-cbc, camellia-256-cfb, camellia-256-ctr, camellia-256-ecb, camellia-256-ofb" +Camellia\-256 Cipher +.IP "\fBcast\fR, \fBcast-cbc\fR" 4 +.IX Item "cast, cast-cbc" +\&\s-1CAST\s0 Cipher +.IP "\fBcast5\-cbc\fR, \fBcast5\-cfb\fR, \fBcast5\-ecb\fR, \fBcast5\-ofb\fR" 4 +.IX Item "cast5-cbc, cast5-cfb, cast5-ecb, cast5-ofb" +\&\s-1CAST5\s0 Cipher +.IP "\fBchacha20\fR" 4 +.IX Item "chacha20" +Chacha20 Cipher +.IP "\fBdes\fR, \fBdes-cbc\fR, \fBdes-cfb\fR, \fBdes-ecb\fR, \fBdes-ede\fR, \fBdes-ede-cbc\fR, \fBdes-ede-cfb\fR, \fBdes-ede-ofb\fR, \fBdes-ofb\fR" 4 +.IX Item "des, des-cbc, des-cfb, des-ecb, des-ede, des-ede-cbc, des-ede-cfb, des-ede-ofb, des-ofb" +\&\s-1DES\s0 Cipher +.IP "\fBdes3\fR, \fBdesx\fR, \fBdes\-ede3\fR, \fBdes\-ede3\-cbc\fR, \fBdes\-ede3\-cfb\fR, \fBdes\-ede3\-ofb\fR" 4 +.IX Item "des3, desx, des-ede3, des-ede3-cbc, des-ede3-cfb, des-ede3-ofb" +Triple-DES Cipher +.IP "\fBidea\fR, \fBidea-cbc\fR, \fBidea-cfb\fR, \fBidea-ecb\fR, \fBidea-ofb\fR" 4 +.IX Item "idea, idea-cbc, idea-cfb, idea-ecb, idea-ofb" +\&\s-1IDEA\s0 Cipher +.IP "\fBrc2\fR, \fBrc2\-cbc\fR, \fBrc2\-cfb\fR, \fBrc2\-ecb\fR, \fBrc2\-ofb\fR" 4 +.IX Item "rc2, rc2-cbc, rc2-cfb, rc2-ecb, rc2-ofb" +\&\s-1RC2\s0 Cipher +.IP "\fBrc4\fR" 4 +.IX Item "rc4" +\&\s-1RC4\s0 Cipher +.IP "\fBrc5\fR, \fBrc5\-cbc\fR, \fBrc5\-cfb\fR, \fBrc5\-ecb\fR, \fBrc5\-ofb\fR" 4 +.IX Item "rc5, rc5-cbc, rc5-cfb, rc5-ecb, rc5-ofb" +\&\s-1RC5\s0 Cipher +.IP "\fBseed\fR, \fBseed-cbc\fR, \fBseed-cfb\fR, \fBseed-ecb\fR, \fBseed-ofb\fR" 4 +.IX Item "seed, seed-cbc, seed-cfb, seed-ecb, seed-ofb" +\&\s-1SEED\s0 Cipher +.IP "\fBsm4\fR, \fBsm4\-cbc\fR, \fBsm4\-cfb\fR, \fBsm4\-ctr\fR, \fBsm4\-ecb\fR, \fBsm4\-ofb\fR" 4 +.IX Item "sm4, sm4-cbc, sm4-cfb, sm4-ctr, sm4-ecb, sm4-ofb" +\&\s-1SM4\s0 Cipher +.SH "OPTIONS" +.IX Header "OPTIONS" +Details of which options are available depend on the specific command. +This section describes some common options with common behavior. +.SS "Common Options" +.IX Subsection "Common Options" +.IP "\fB\-help\fR" 4 +.IX Item "-help" +Provides a terse summary of all options. +If an option takes an argument, the \*(L"type\*(R" of argument is also given. +.IP "\fB\-\-\fR" 4 +.IX Item "--" +This terminates the list of options. It is mostly useful if any filename +parameters start with a minus sign: +.Sp +.Vb 1 +\& openssl verify [flags...] \-\- \-cert1.pem... +.Ve +.SS "Format Options" +.IX Subsection "Format Options" +Several OpenSSL commands can take input or generate output in a variety +of formats. The list of acceptable formats, and the default, is +described in each command documentation. The list of formats is +described below. Both uppercase and lowercase are accepted. +.IP "\fB\s-1DER\s0\fR" 4 +.IX Item "DER" +A binary format, encoded or parsed according to Distinguished Encoding Rules +(\s-1DER\s0) of the \s-1ASN\s0.1 data language. +.IP "\fB\s-1ENGINE\s0\fR" 4 +.IX Item "ENGINE" +Used to specify that the cryptographic material is in an OpenSSL \fBengine\fR. +An engine must be configured or specified using the \fB\-engine\fR option. +In addition, the \fB\-input\fR flag can be used to name a specific object in +the engine. +A password, such as the \fB\-passin\fR flag often must be specified as well. +.IP "\fBP12\fR" 4 +.IX Item "P12" +A DER-encoded file containing a PKCS#12 object. +It might be necessary to provide a decryption password to retrieve +the private key. +.IP "\fB\s-1PEM\s0\fR" 4 +.IX Item "PEM" +A text format defined in \s-1IETF\s0 \s-1RFC\s0 1421 and \s-1IETF\s0 \s-1RFC\s0 7468. Briefly, this is +a block of base\-64 encoding (defined in \s-1IETF\s0 \s-1RFC\s0 4648), with specific +lines used to mark the start and end: +.Sp +.Vb 7 +\& Text before the BEGIN line is ignored. +\& \-\-\-\-\- BEGIN object\-type \-\-\-\-\- +\& OT43gQKBgQC/2OHZoko6iRlNOAQ/tMVFNq7fL81GivoQ9F1U0Qr+DH3ZfaH8eIkX +\& xT0ToMPJUzWAn8pZv0snA0um6SIgvkCuxO84OkANCVbttzXImIsL7pFzfcwV/ERK +\& UM6j0ZuSMFOCr/lGPAoOQU0fskidGEHi1/kW+suSr28TqsyYZpwBDQ== +\& \-\-\-\-\- END object\-type \-\-\-\-\- +\& Text after the END line is also ignored +.Ve +.Sp +The \fIobject-type\fR must match the type of object that is expected. +For example a \f(CW\*(C`BEGIN X509 CERTIFICATE\*(C'\fR will not match if the command +is trying to read a private key. The types supported include: +.Sp +.Vb 10 +\& ANY PRIVATE KEY +\& CERTIFICATE +\& CERTIFICATE REQUEST +\& CMS +\& DH PARAMETERS +\& DSA PARAMETERS +\& DSA PUBLIC KEY +\& EC PARAMETERS +\& EC PRIVATE KEY +\& ECDSA PUBLIC KEY +\& ENCRYPTED PRIVATE KEY +\& PARAMETERS +\& PKCS #7 SIGNED DATA +\& PKCS7 +\& PRIVATE KEY +\& PUBLIC KEY +\& RSA PRIVATE KEY +\& SSL SESSION PARAMETERS +\& TRUSTED CERTIFICATE +\& X509 CRL +\& X9.42 DH PARAMETERS +.Ve +.Sp +The following legacy \fIobject-type\fR's are also supported for compatibility +with earlier releases: +.Sp +.Vb 4 +\& DSA PRIVATE KEY +\& NEW CERTIFICATE REQUEST +\& RSA PUBLIC KEY +\& X509 CERTIFICATE +.Ve +.IP "\fB\s-1SMIME\s0\fR" 4 +.IX Item "SMIME" +An S/MIME object as described in \s-1IETF\s0 \s-1RFC\s0 8551. +Earlier versions were known as \s-1CMS\s0 and are compatible. +Note that the parsing is simple and might fail to parse some legal data. +.PP +The options to specify the format are as follows. Refer to the individual +manpage to see which options are accepted. +.IP "\fB\-inform\fR \fIformat\fR, \fB\-outform\fR \fIformat\fR" 4 +.IX Item "-inform format, -outform format" +The format of the input or output streams. +.IP "\fB\-keyform\fR \fIformat\fR" 4 +.IX Item "-keyform format" +Format of a private key input source. +.IP "\fB\-CRLform\fR \fIformat\fR" 4 +.IX Item "-CRLform format" +Format of a \s-1CRL\s0 input source. +.SS "Pass Phrase Options" +.IX Subsection "Pass Phrase Options" +Several commands accept password arguments, typically using \fB\-passin\fR +and \fB\-passout\fR for input and output passwords respectively. These allow +the password to be obtained from a variety of sources. Both of these +options take a single argument whose format is described below. If no +password argument is given and a password is required then the user is +prompted to enter one: this will typically be read from the current +terminal with echoing turned off. +.PP +Note that character encoding may be relevant, please see +\&\fIpassphrase\-encoding\fR\|(7). +.IP "\fBpass:\fR\fIpassword\fR" 4 +.IX Item "pass:password" +The actual password is \fIpassword\fR. Since the password is visible +to utilities (like 'ps' under Unix) this form should only be used +where security is not important. +.IP "\fBenv:\fR\fIvar\fR" 4 +.IX Item "env:var" +Obtain the password from the environment variable \fIvar\fR. Since +the environment of other processes is visible on certain platforms +(e.g. ps under certain Unix OSes) this option should be used with caution. +.IP "\fBfile:\fR\fIpathname\fR" 4 +.IX Item "file:pathname" +The first line of \fIpathname\fR is the password. If the same \fIpathname\fR +argument is supplied to \fB\-passin\fR and \fB\-passout\fR arguments then the first +line will be used for the input password and the next line for the output +password. \fIpathname\fR need not refer to a regular file: it could for example +refer to a device or named pipe. +.IP "\fBfd:\fR\fInumber\fR" 4 +.IX Item "fd:number" +Read the password from the file descriptor \fInumber\fR. This can be used to +send the data via a pipe for example. +.IP "\fBstdin\fR" 4 +.IX Item "stdin" +Read the password from standard input. +.SS "Trusted Certificate Options" +.IX Subsection "Trusted Certificate Options" +Part of validating a certificate includes verifying that the chain of \s-1CA\s0's +can be traced up to an existing trusted root. The following options specify +how to list the trusted roots, also known as trust anchors. A collection +of trusted roots is called a \fItrust store\fR. +.PP +Note that OpenSSL does not provide a default set of trust anchors. Many +Linux distributions include a system default and configure OpenSSL to point +to that. Mozilla maintains an influential trust store that can be found at +https://www.mozilla.org/en\-US/about/governance/policies/security\-group/certs/ . +.IP "\fB\-CAfile\fR \fIfile\fR" 4 +.IX Item "-CAfile file" +Load the specified file which contains one or more PEM-format certificates +of \s-1CA\s0's that are trusted. +.IP "\fB\-no\-CAfile\fR" 4 +.IX Item "-no-CAfile" +Do not load the default file of trusted certificates. +.IP "\fB\-CApath\fR \fIdir\fR" 4 +.IX Item "-CApath dir" +Use the specified directory as a list of trust certificates. That is, +files should be named with the hash of the X.509 SubjectName of each +certificate. This is so that the library can extract the IssuerName, +hash it, and directly lookup the file to get the issuer certificate. +See \fIopenssl\-rehash\fR\|(1) for information on creating this type of directory. +.IP "\fB\-no\-CApath\fR" 4 +.IX Item "-no-CApath" +Do not use the default directory of trusted certificates. +.IP "\fB\-CAstore\fR \fIuri\fR" 4 +.IX Item "-CAstore uri" +Use \fIuri\fR as a store of trusted \s-1CA\s0 certificates. The \s-1URI\s0 may +indicate a single certificate, as well as a collection of them. +With URIs in the \f(CW\*(C`file:\*(C'\fR scheme, this acts as \fB\-CAfile\fR or +\&\fB\-CApath\fR, depending on if the \s-1URI\s0 indicates a single file or +directory. +See \fIossl_store\-file\fR\|(7) for more information on the \f(CW\*(C`file:\*(C'\fR scheme. +.Sp +These certificates are also used when building the server certificate +chain (for example with \fIopenssl\-s_server\fR\|(1)) or client certificate +chain (for example with \fIopenssl\-s_time\fR\|(1)). +.IP "\fB\-no\-CAstore\fR" 4 +.IX Item "-no-CAstore" +Do not use the default store. +.SS "Random State Options" +.IX Subsection "Random State Options" +Prior to OpenSSL 3.0, it was common for applications to store information +about the state of the random-number generator in a file that was loaded +at startup and rewritten upon exit. On modern operating systems, this is +generally no longer necessary as OpenSSL will seed itself from the +appropriate \s-1CPU\s0 flags, device files, and so on. These flags are still +supported for special platforms or circumstances that might require them. +.PP +It is generally an error to use the same seed file more than once and +every use of \fB\-rand\fR should be paired with \fB\-writerand\fR. +.IP "\fB\-rand\fR \fIfiles\fR" 4 +.IX Item "-rand files" +A file or files containing random data used to seed the random number +generator. +Multiple files can be specified separated by an OS-dependent character. +The separator is \f(CW\*(C`;\*(C'\fR for MS-Windows, \f(CW\*(C`,\*(C'\fR for OpenVMS, and \f(CW\*(C`:\*(C'\fR for +all others. Another way to specify multiple files is to repeat this flag +with different filenames. +.IP "\fB\-writerand\fR \fIfile\fR" 4 +.IX Item "-writerand file" +Writes the seed data to the specified \fIfile\fR upon exit. +This file can be used in a subsequent command invocation. +.SS "Extended Verification Options" +.IX Subsection "Extended Verification Options" +Sometimes there may be more than one certificate chain leading to an +end-entity certificate. +This usually happens when a root or intermediate \s-1CA\s0 signs a certificate +for another a \s-1CA\s0 in other organization. +Another reason is when a \s-1CA\s0 might have intermediates that use two different +signature formats, such as a \s-1SHA\-1\s0 and a \s-1SHA\-256\s0 digest. +.PP +The following options can be used to provide data that will allow the +OpenSSL command to generate an alternative chain. +.IP "\fB\-xchain_build\fR" 4 +.IX Item "-xchain_build" +Specify whether the application should build the certificate chain to be +provided to the server for the extra certificates via the \fB\-xkey\fR, +\&\fB\-xcert\fR, and \fB\-xchain\fR options. +.IP "\fB\-xkey\fR \fIinfile\fR, \fB\-xcert\fR \fIinfile\fR, \fB\-xchain\fR" 4 +.IX Item "-xkey infile, -xcert infile, -xchain" +Specify an extra certificate, private key and certificate chain. These behave +in the same manner as the \fB\-cert\fR, \fB\-key\fR and \fB\-cert_chain\fR options. When +specified, the callback returning the first valid chain will be in use by the +client. +.IP "\fB\-xcertform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR, \fB\-xkeyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IX Item "-xcertform DER|PEM, -xkeyform DER|PEM" +The input format for the extra certificate and key, respectively. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.IP "\fB\-xchain_build\fR" 4 +.IX Item "-xchain_build" +Specify whether the application should build the certificate chain to be +provided to the server for the extra certificates via the \fB\-xkey\fR, +\&\fB\-xcert\fR, and \fB\-xchain\fR options. +.IP "\fB\-xcertform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR, \fB\-xkeyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4 +.IX Item "-xcertform DER|PEM, -xkeyform DER|PEM" +The input format for the extra certificate and key, respectively. +See \*(L"Format Options\*(R" in \fIopenssl\fR\|(1) for details. +.SS "Verification Options" +.IX Subsection "Verification Options" +Many OpenSSL commands verify certificates. The details of how each +command handles errors are documented on the specific command page. +.PP +Verification is a complicated process, consisting of a number of separate +steps that are detailed in the following paragraphs. +.PP +First, a certificate chain is built up starting from the supplied certificate +and ending in a root \s-1CA\s0. It is an error if the whole chain cannot be +built up. The chain is built up by looking up the certificate that +signed (or issued) the certificate. It then repeats the process, until +it gets to a certificate that is self-issued. +.PP +The process of looking up the issuer's certificate itself involves a number +of steps. After all certificates whose subject name matches the issuer +name of the current certificate are subject to further tests. The relevant +authority key identifier components of the current certificate (if present) +must match the subject key identifier (if present) and issuer and serial +number of the candidate issuer, in addition the keyUsage extension of the +candidate issuer (if present) must permit certificate signing. +.PP +The lookup first looks in the list of untrusted certificates and if no match +is found the remaining lookups are from the trusted certificates. The root \s-1CA\s0 +is always looked up in the trusted certificate list: if the certificate to +verify is a root certificate then an exact match must be found in the trusted +list. +.PP +The second step is to check every untrusted certificate's extensions +for consistency with the supplied purpose. If the \fB\-purpose\fR option is +not included then no checks are done. The supplied or \*(L"leaf\*(R" certificate +must have extensions compatible with the supplied purpose and all other +certificates must also be valid \s-1CA\s0 certificates. The precise extensions +required are described in more detail in +\&\*(L"\s-1CERTIFICATE\s0 \s-1EXTENSIONS\s0\*(R" in \fIopenssl\-x509\fR\|(1). +.PP +The third step is to check the trust settings on the root \s-1CA\s0. The root +\&\s-1CA\s0 should be trusted for the supplied purpose. For compatibility with +previous versions of OpenSSL, a certificate with no trust settings is +considered to be valid for all purposes. +.PP +The fourth, and final, step is to check the validity of the certificate +chain. The validity period is checked against the system time +and the \f(CW\*(C`notBefore\*(C'\fR and \f(CW\*(C`notAfter\*(C'\fR dates in the certificate. The certificate +signatures are also checked at this point. The \fB\-attime\fR flag may be +used to specify a time other than \*(L"now.\*(R" +.PP +If all operations complete successfully then certificate is considered +valid. If any operation fails then the certificate is not valid. +.PP +The details of the processing steps can be fine-tuned with the +following flags. +.IP "\fB\-verbose\fR" 4 +.IX Item "-verbose" +Print extra information about the operations being performed. +.IP "\fB\-attime\fR \fItimestamp\fR" 4 +.IX Item "-attime timestamp" +Perform validation checks using time specified by \fItimestamp\fR and not +current system time. \fItimestamp\fR is the number of seconds since +January 1, 1970 (i.e., the Unix Epoch). +.IP "\fB\-no_check_time\fR" 4 +.IX Item "-no_check_time" +This option suppresses checking the validity period of certificates and CRLs +against the current time. If option \fB\-attime\fR is used to specify +a verification time, the check is not suppressed. +.IP "\fB\-x509_strict\fR" 4 +.IX Item "-x509_strict" +This disables non-compliant workarounds for broken certificates. +.IP "\fB\-ignore_critical\fR" 4 +.IX Item "-ignore_critical" +Normally if an unhandled critical extension is present which is not +supported by OpenSSL the certificate is rejected (as required by \s-1RFC5280\s0). +If this option is set critical extensions are ignored. +.IP "\fB\-issuer_checks\fR" 4 +.IX Item "-issuer_checks" +Ignored. +.IP "\fB\-crl_check\fR" 4 +.IX Item "-crl_check" +Checks end entity certificate validity by attempting to look up a valid \s-1CRL\s0. +If a valid \s-1CRL\s0 cannot be found an error occurs. +.IP "\fB\-crl_check_all\fR" 4 +.IX Item "-crl_check_all" +Checks the validity of \fBall\fR certificates in the chain by attempting +to look up valid CRLs. +.IP "\fB\-use_deltas\fR" 4 +.IX Item "-use_deltas" +Enable support for delta CRLs. +.IP "\fB\-extended_crl\fR" 4 +.IX Item "-extended_crl" +Enable extended \s-1CRL\s0 features such as indirect CRLs and alternate \s-1CRL\s0 +signing keys. +.IP "\fB\-suiteB_128_only\fR, \fB\-suiteB_128\fR, \fB\-suiteB_192\fR" 4 +.IX Item "-suiteB_128_only, -suiteB_128, -suiteB_192" +Enable the Suite B mode operation at 128 bit Level of Security, 128 bit or +192 bit, or only 192 bit Level of Security respectively. +See \s-1RFC6460\s0 for details. In particular the supported signature algorithms are +reduced to support only \s-1ECDSA\s0 and \s-1SHA256\s0 or \s-1SHA384\s0 and only the elliptic curves +P\-256 and P\-384. +.IP "\fB\-auth_level\fR \fIlevel\fR" 4 +.IX Item "-auth_level level" +Set the certificate chain authentication security level to \fIlevel\fR. +The authentication security level determines the acceptable signature and +public key strength when verifying certificate chains. For a certificate +chain to validate, the public keys of all the certificates must meet the +specified security \fIlevel\fR. The signature algorithm security level is +enforced for all the certificates in the chain except for the chain's +\&\fItrust anchor\fR, which is either directly trusted or validated by means +other than its signature. See \fISSL_CTX_set_security_level\fR\|(3) for the +definitions of the available levels. The default security level is \-1, +or \*(L"not set\*(R". At security level 0 or lower all algorithms are acceptable. +Security level 1 requires at least 80\-bit\-equivalent security and is broadly +interoperable, though it will, for example, reject \s-1MD5\s0 signatures or \s-1RSA\s0 +keys shorter than 1024 bits. +.IP "\fB\-partial_chain\fR" 4 +.IX Item "-partial_chain" +Allow verification to succeed even if a \fIcomplete\fR chain cannot be built to a +self-signed trust-anchor, provided it is possible to construct a chain to a +trusted certificate that might not be self-signed. +.IP "\fB\-check_ss_sig\fR" 4 +.IX Item "-check_ss_sig" +Verify the signature on the self-signed root \s-1CA\s0. This is disabled by default +because it doesn't add any security. +.IP "\fB\-allow_proxy_certs\fR" 4 +.IX Item "-allow_proxy_certs" +Allow the verification of proxy certificates. +.IP "\fB\-trusted_first\fR" 4 +.IX Item "-trusted_first" +As of OpenSSL 1.1.0 this option is on by default and cannot be disabled. +.IP "\fB\-no_alt_chains\fR" 4 +.IX Item "-no_alt_chains" +As of OpenSSL 1.1.0, since \fB\-trusted_first\fR always on, this option has no +effect. +.IP "\fB\-trusted\fR \fIfile\fR" 4 +.IX Item "-trusted file" +Parse \fIfile\fR as a set of one or more certificates in \s-1PEM\s0 format. +All certificates must be self-signed, unless the +\&\fB\-partial_chain\fR option is specified. +This option implies the \fB\-no\-CAfile\fR and \fB\-no\-CApath\fR options and it +cannot be used with either the \fB\-CAfile\fR or \fB\-CApath\fR options, so +only certificates in the file are trust anchors. +This option may be used multiple times. +.IP "\fB\-untrusted\fR \fIfile\fR" 4 +.IX Item "-untrusted file" +Parse \fIfile\fR as a set of one or more certificates in \s-1PEM\s0 format. +All certificates are untrusted certificates that may be used to +construct a certificate chain from the subject certificate to a trust anchor. +This option may be used multiple times. +.IP "\fB\-policy\fR \fIarg\fR" 4 +.IX Item "-policy arg" +Enable policy processing and add \fIarg\fR to the user-initial-policy-set (see +\&\s-1RFC5280\s0). The policy \fIarg\fR can be an object name an \s-1OID\s0 in numeric form. +This argument can appear more than once. +.IP "\fB\-explicit_policy\fR" 4 +.IX Item "-explicit_policy" +Set policy variable require-explicit-policy (see \s-1RFC5280\s0). +.IP "\fB\-policy_check\fR" 4 +.IX Item "-policy_check" +Enables certificate policy processing. +.IP "\fB\-policy_print\fR" 4 +.IX Item "-policy_print" +Print out diagnostics related to policy processing. +.IP "\fB\-inhibit_any\fR" 4 +.IX Item "-inhibit_any" +Set policy variable inhibit-any-policy (see \s-1RFC5280\s0). +.IP "\fB\-inhibit_map\fR" 4 +.IX Item "-inhibit_map" +Set policy variable inhibit-policy-mapping (see \s-1RFC5280\s0). +.IP "\fB\-purpose\fR \fIpurpose\fR" 4 +.IX Item "-purpose purpose" +The intended use for the certificate. If this option is not specified, this +command will not consider certificate purpose during chain verification. +Currently accepted uses are \fBsslclient\fR, \fBsslserver\fR, \fBnssslserver\fR, +\&\fBsmimesign\fR, \fBsmimeencrypt\fR. +.IP "\fB\-verify_depth\fR \fInum\fR" 4 +.IX Item "-verify_depth num" +Limit the certificate chain to \fInum\fR intermediate \s-1CA\s0 certificates. +A maximal depth chain can have up to \fInum\fR+2 certificates, since neither the +end-entity certificate nor the trust-anchor certificate count against the +\&\fB\-verify_depth\fR limit. +.IP "\fB\-verify_email\fR \fIemail\fR" 4 +.IX Item "-verify_email email" +Verify if \fIemail\fR matches the email address in Subject Alternative Name or +the email in the subject Distinguished Name. +.IP "\fB\-verify_hostname\fR \fIhostname\fR" 4 +.IX Item "-verify_hostname hostname" +Verify if \fIhostname\fR matches \s-1DNS\s0 name in Subject Alternative Name or +Common Name in the subject certificate. +.IP "\fB\-verify_ip\fR \fIip\fR" 4 +.IX Item "-verify_ip ip" +Verify if \fIip\fR matches the \s-1IP\s0 address in Subject Alternative Name of +the subject certificate. +.IP "\fB\-verify_name\fR \fIname\fR" 4 +.IX Item "-verify_name name" +Use default verification policies like trust model and required certificate +policies identified by \fIname\fR. +The trust model determines which auxiliary trust or reject OIDs are applicable +to verifying the given certificate chain. +See the \fB\-addtrust\fR and \fB\-addreject\fR options for \fIopenssl\-x509\fR\|(1). +Supported policy names include: \fBdefault\fR, \fBpkcs7\fR, \fBsmime_sign\fR, +\&\fBssl_client\fR, \fBssl_server\fR. +These mimics the combinations of purpose and trust settings used in \s-1SSL\s0, \s-1CMS\s0 +and S/MIME. +As of OpenSSL 1.1.0, the trust model is inferred from the purpose when not +specified, so the \fB\-verify_name\fR options are functionally equivalent to the +corresponding \fB\-purpose\fR settings. +.SS "Name Format Options" +.IX Subsection "Name Format Options" +OpenSSL provides fine-grain control over how the subject and issuer \s-1DN\s0's are +displayed. +This is specified by using the \fB\-nameopt\fR option, which takes a +comma-separated list of options from the following set. +An option may be preceded by a minus sign, \f(CW\*(C`\-\*(C'\fR, to turn it off. +The default value is \f(CW\*(C`oneline\*(C'\fR. +The first four are the most commonly used. +.IP "\fBcompat\fR" 4 +.IX Item "compat" +Display the name using an old format from previous OpenSSL versions. +.IP "\fB\s-1RFC2253\s0\fR" 4 +.IX Item "RFC2253" +Display the name using the format defined in \s-1RFC\s0 2253. +It is equivalent to \fBesc_2253\fR, \fBesc_ctrl\fR, \fBesc_msb\fR, \fButf8\fR, +\&\fBdump_nostr\fR, \fBdump_unknown\fR, \fBdump_der\fR, \fBsep_comma_plus\fR, \fBdn_rev\fR +and \fBsname\fR. +.IP "\fBoneline\fR" 4 +.IX Item "oneline" +Display the name in one line, using a format that is more readable +\&\s-1RFC\s0 2253. +It is equivalent to \fBesc_2253\fR, \fBesc_ctrl\fR, \fBesc_msb\fR, \fButf8\fR, +\&\fBdump_nostr\fR, \fBdump_der\fR, \fBuse_quote\fR, \fBsep_comma_plus_space\fR, +\&\fBspace_eq\fR and \fBsname\fR options. +.IP "\fBmultiline\fR" 4 +.IX Item "multiline" +Display the name using multiple lines. +It is equivalent to \fBesc_ctrl\fR, \fBesc_msb\fR, \fBsep_multiline\fR, \fBspace_eq\fR, +\&\fBlname\fR and \fBalign\fR. +.IP "\fBesc_2253\fR" 4 +.IX Item "esc_2253" +Escape the \*(L"special\*(R" characters in a field, as required by \s-1RFC\s0 2253. +That is, any of the characters \f(CW\*(C`,+"<>;\*(C'\fR, \f(CW\*(C`#\*(C'\fR at the beginning of +a string and leading or trailing spaces. +.IP "\fBesc_2254\fR" 4 +.IX Item "esc_2254" +Escape the \*(L"special\*(R" characters in a field as required by \s-1RFC\s0 2254 in a field. +That is, the \fB\s-1NUL\s0\fR character and and of \f(CW\*(C`()*\*(C'\fR. +.IP "\fBesc_ctrl\fR" 4 +.IX Item "esc_ctrl" +Escape non-printable \s-1ASCII\s0 characters, codes less than 0x20 (space) +or greater than 0x7F (\s-1DELETE\s0). They are displayed using \s-1RFC\s0 2253 \f(CW\*(C`\eXX\*(C'\fR +notation where \fB\s-1XX\s0\fR are the two hex digits representing the character value. +.IP "\fBesc_msb\fR" 4 +.IX Item "esc_msb" +Escape any characters with the most significant bit set, that is with +values larger than 127, as described in \fBesc_ctrl\fR. +.IP "\fBuse_quote\fR" 4 +.IX Item "use_quote" +Escapes some characters by surrounding the entire string with quotation +marks, \f(CW\*(C`"\*(C'\fR. +Without this option, individual special characters are preceeded with +a backslash character, \f(CW\*(C`\e\*(C'\fR. +.IP "\fButf8\fR" 4 +.IX Item "utf8" +Convert all strings to \s-1UTF\-8\s0 format first as required by \s-1RFC\s0 2253. +If the output device is \s-1UTF\-8\s0 compatible, then using this option (and +not setting \fBesc_msb\fR) may give the correct display of multibyte +characters. +If this option is not set, then multibyte characters larger than 0xFF +will be output as \f(CW\*(C`\eUXXXX\*(C'\fR for 16 bits or \f(CW\*(C`\eWXXXXXXXX\*(C'\fR for 32 bits. +In addition, any UTF8Strings will be converted to their character form first. +.IP "\fBignore_type\fR" 4 +.IX Item "ignore_type" +This option does not attempt to interpret multibyte characters in any +way. That is, the content octets are merely dumped as though one octet +represents each character. This is useful for diagnostic purposes but +will result in rather odd looking output. +.IP "\fBshow_type\fR" 4 +.IX Item "show_type" +Display the type of the \s-1ASN1\s0 character string before the value, +such as \f(CW\*(C`BMPSTRING: Hello World\*(C'\fR. +.IP "\fBdump_der\fR" 4 +.IX Item "dump_der" +Any fields that would be output in hex format are displayed using +the \s-1DER\s0 encoding of the field. +If not set, just the content octets are displayed. +Either way, the \fB#XXXX...\fR format of \s-1RFC\s0 2253 is used. +.IP "\fBdump_nostr\fR" 4 +.IX Item "dump_nostr" +Dump non-character strings, such as \s-1ASN\s0.1 \fB\s-1OCTET\s0 \s-1STRING\s0\fR. +If this option is not set, then non character string types will be displayed +as though each content octet represents a single character. +.IP "\fBdump_all\fR" 4 +.IX Item "dump_all" +Dump all fields. When this used with \fBdump_der\fR, this allows the +\&\s-1DER\s0 encoding of the structure to be unambiguously determined. +.IP "\fBdump_unknown\fR" 4 +.IX Item "dump_unknown" +Dump any field whose \s-1OID\s0 is not recognised by OpenSSL. +.IP "\fBsep_comma_plus\fR, \fBsep_comma_plus_space\fR, \fBsep_semi_plus_space\fR, \fBsep_multiline\fR" 4 +.IX Item "sep_comma_plus, sep_comma_plus_space, sep_semi_plus_space, sep_multiline" +Specify the field separators. The first word is used between the +Relative Distinguished Names (RDNs) and the second is between +multiple Attribute Value Assertions (AVAs). Multiple AVAs are +very rare and their use is discouraged. +The options ending in \*(L"space\*(R" additionally place a space after the separator to make it more readable. +The \fBsep_multiline\fR starts each field on its own line, and uses \*(L"plus space\*(R" +for the \s-1AVA\s0 separator. +It also indents the fields by four characters. +The default value is \fBsep_comma_plus_space\fR. +.IP "\fBdn_rev\fR" 4 +.IX Item "dn_rev" +Reverse the fields of the \s-1DN\s0 as required by \s-1RFC\s0 2253. +This also reverses the order of multiple AVAs in a field, but this is +permissible as there is no ordering on values. +.IP "\fBnofname\fR, \fBsname\fR, \fBlname\fR, \fBoid\fR" 4 +.IX Item "nofname, sname, lname, oid" +Specify how the field name is displayed. +\&\fBnofname\fR does not display the field at all. +\&\fBsname\fR uses the \*(L"short name\*(R" form (\s-1CN\s0 for commonName for example). +\&\fBlname\fR uses the long form. +\&\fBoid\fR represents the \s-1OID\s0 in numerical form and is useful for +diagnostic purpose. +.IP "\fBalign\fR" 4 +.IX Item "align" +Align field values for a more readable output. Only usable with +\&\fBsep_multiline\fR. +.IP "\fBspace_eq\fR" 4 +.IX Item "space_eq" +Places spaces round the equal sign, \f(CW\*(C`=\*(C'\fR, character which follows the field +name. +.SS "\s-1TLS\s0 Version Options" +.IX Subsection "TLS Version Options" +Several commands use \s-1SSL\s0, \s-1TLS\s0, or \s-1DTLS\s0. By default, the commands use \s-1TLS\s0 and +clients will offer the lowest and highest protocol version they support, +and servers will pick the highest version that the client offers that is also +supported by the server. +.PP +The options below can be used to limit which protocol versions are used, +and whether \s-1TCP\s0 (\s-1SSL\s0 and \s-1TLS\s0) or \s-1UDP\s0 (\s-1DTLS\s0) is used. +Note that not all protocols and flags may be available, depending on how +OpenSSL was built. +.IP "\fB\-ssl3\fR, \fB\-tls1\fR, \fB\-tls1_1\fR, \fB\-tls1_2\fR, \fB\-tls1_3\fR, \fB\-no_ssl3\fR, \fB\-no_tls1\fR, \fB\-no_tls1_1\fR, \fB\-no_tls1_2\fR, \fB\-no_tls1_3\fR" 4 +.IX Item "-ssl3, -tls1, -tls1_1, -tls1_2, -tls1_3, -no_ssl3, -no_tls1, -no_tls1_1, -no_tls1_2, -no_tls1_3" +These options require or disable the use of the specified \s-1SSL\s0 or \s-1TLS\s0 protocols. +When a specific \s-1TLS\s0 version is required, only that version will be offered or +accepted. +Only one specific protocol can be given and it cannot be combined with any of +the \fBno_\fR options. +.IP "\fB\-dtls\fR, \fB\-dtls1\fR, \fB\-dtls1_2\fR" 4 +.IX Item "-dtls, -dtls1, -dtls1_2" +These options specify to use \s-1DTLS\s0 instead of \s-1DLTS\s0. +With \fB\-dtls\fR, clients will negotiate any supported \s-1DTLS\s0 protocol version. +Use the \fB\-dtls1\fR or \fB\-dtls1_2\fR options to support only \s-1DTLS1\s0.0 or \s-1DTLS1\s0.2, +respectively. +.SS "Engine Options" +.IX Subsection "Engine Options" +.IP "\fB\-engine\fR \fIid\fR" 4 +.IX Item "-engine id" +Use the engine identified by \fIid\fR and use all the methods it +implements (algorithms, key storage, etc.), unless specified otherwise in +the command-specific documentation or it is configured to do so, as described +in \*(L"Engine Configuration Module\*(R" in \fIconfig\fR\|(5). +.SH "ENVIRONMENT" +.IX Header "ENVIRONMENT" +The OpenSSL library can be take some configuration parameters from the +environment. Some of these variables are listed below. For information +about specific commands, see \fIopenssl\-engine\fR\|(1), \fIopenssl\-provider\fR\|(1), +\&\fIopenssl\-rehash\fR\|(1), and \fItsget\fR\|(1). +.PP +For information about the use of environment variables in configuration, +see \*(L"\s-1ENVIRONMENT\s0\*(R" in \fIconfig\fR\|(5). +.PP +For information about querying or specifying \s-1CPU\s0 architecture flags, see +\&\fIOPENSSL_ia32cap\fR\|(3), and \fIOPENSSL_s390xcap\fR\|(3). +.PP +For information about all environment variables used by the OpenSSL libraries, +see \fIopenssl\-env\fR\|(7). +.IP "\fBOPENSSL_TRACE=\fR\fIname\fR[,...]" 4 +.IX Item "OPENSSL_TRACE=name[,...]" +Enable tracing output of OpenSSL library, by name. +This output will only make sense if you know OpenSSL internals well. +Also, it might not give you any output at all, depending on how +OpenSSL was built. +.Sp +The value is a comma separated list of names, with the following +available: +.RS 4 +.IP "\fB\s-1TRACE\s0\fR" 4 +.IX Item "TRACE" +The tracing functionality. +.IP "\fB\s-1TLS\s0\fR" 4 +.IX Item "TLS" +General \s-1SSL/TLS\s0. +.IP "\fB\s-1TLS_CIPHER\s0\fR" 4 +.IX Item "TLS_CIPHER" +\&\s-1SSL/TLS\s0 cipher. +.IP "\fB\s-1ENGINE_CONF\s0\fR" 4 +.IX Item "ENGINE_CONF" +\&\s-1ENGINE\s0 configuration. +.IP "\fB\s-1ENGINE_TABLE\s0\fR" 4 +.IX Item "ENGINE_TABLE" +The function that is used by \s-1RSA\s0, \s-1DSA\s0 (etc) code to select registered +ENGINEs, cache defaults and functional references (etc), will generate +debugging summaries. +.IP "\fB\s-1ENGINE_REF_COUNT\s0\fR" 4 +.IX Item "ENGINE_REF_COUNT" +Reference counts in the \s-1ENGINE\s0 structure will be monitored with a line +of generated for each change. +.IP "\fB\s-1PKCS5V2\s0\fR" 4 +.IX Item "PKCS5V2" +PKCS#5 v2 keygen. +.IP "\fB\s-1PKCS12_KEYGEN\s0\fR" 4 +.IX Item "PKCS12_KEYGEN" +PKCS#12 key generation. +.IP "\fB\s-1PKCS12_DECRYPT\s0\fR" 4 +.IX Item "PKCS12_DECRYPT" +PKCS#12 decryption. +.IP "\fBX509V3_POLICY\fR" 4 +.IX Item "X509V3_POLICY" +Generates the complete policy tree at various point during X.509 v3 +policy evaluation. +.IP "\fB\s-1BN_CTX\s0\fR" 4 +.IX Item "BN_CTX" +\&\s-1BIGNUM\s0 context. +.RE +.RS 4 +.RE +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\-asn1parse\fR\|(1), +\&\fIopenssl\-ca\fR\|(1), +\&\fIopenssl\-ciphers\fR\|(1), +\&\fIopenssl\-cms\fR\|(1), +\&\fIopenssl\-crl\fR\|(1), +\&\fIopenssl\-crl2pkcs7\fR\|(1), +\&\fIopenssl\-dgst\fR\|(1), +\&\fIopenssl\-dhparam\fR\|(1), +\&\fIopenssl\-dsa\fR\|(1), +\&\fIopenssl\-dsaparam\fR\|(1), +\&\fIopenssl\-ec\fR\|(1), +\&\fIopenssl\-ecparam\fR\|(1), +\&\fIopenssl\-enc\fR\|(1), +\&\fIopenssl\-engine\fR\|(1), +\&\fIopenssl\-errstr\fR\|(1), +\&\fIopenssl\-gendsa\fR\|(1), +\&\fIopenssl\-genpkey\fR\|(1), +\&\fIopenssl\-genrsa\fR\|(1), +\&\fIopenssl\-kdf\fR\|(1), +\&\fIopenssl\-mac\fR\|(1), +\&\fIopenssl\-nseq\fR\|(1), +\&\fIopenssl\-ocsp\fR\|(1), +\&\fIopenssl\-passwd\fR\|(1), +\&\fIopenssl\-pkcs12\fR\|(1), +\&\fIopenssl\-pkcs7\fR\|(1), +\&\fIopenssl\-pkcs8\fR\|(1), +\&\fIopenssl\-pkey\fR\|(1), +\&\fIopenssl\-pkeyparam\fR\|(1), +\&\fIopenssl\-pkeyutl\fR\|(1), +\&\fIopenssl\-prime\fR\|(1), +\&\fIopenssl\-rand\fR\|(1), +\&\fIopenssl\-rehash\fR\|(1), +\&\fIopenssl\-req\fR\|(1), +\&\fIopenssl\-rsa\fR\|(1), +\&\fIopenssl\-rsautl\fR\|(1), +\&\fIopenssl\-s_client\fR\|(1), +\&\fIopenssl\-s_server\fR\|(1), +\&\fIopenssl\-s_time\fR\|(1), +\&\fIopenssl\-sess_id\fR\|(1), +\&\fIopenssl\-smime\fR\|(1), +\&\fIopenssl\-speed\fR\|(1), +\&\fIopenssl\-spkac\fR\|(1), +\&\fIopenssl\-srp\fR\|(1), +\&\fIopenssl\-storeutl\fR\|(1), +\&\fIopenssl\-ts\fR\|(1), +\&\fIopenssl\-verify\fR\|(1), +\&\fIopenssl\-version\fR\|(1), +\&\fIopenssl\-x509\fR\|(1), +\&\fIconfig\fR\|(5), +\&\fIcrypto\fR\|(7), +\&\fIopenssl\-env\fR\|(7). +\&\fIssl\fR\|(7), +\&\fIx509v3_config\fR\|(5) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBlist\fR \-\fI\s-1XXX\s0\fR\fB\-algorithms\fR options were added in OpenSSL 1.0.0; +For notes on the availability of other commands, see their individual +manual pages. +.PP +The \fB\-issuer_checks\fR option is deprecated as of OpenSSL 1.1.0 and +is silently ignored. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man1/tsget.1 b/linux_amd64/ssl/share/man/man1/tsget.1 new file mode 100755 index 0000000..5354416 --- /dev/null +++ b/linux_amd64/ssl/share/man/man1/tsget.1 @@ -0,0 +1,315 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "TSGET 1" +.TH TSGET 1 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +tsget \- Time Stamping HTTP/HTTPS client +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBtsget\fR +\&\fB\-h\fR \fIserver_url\fR +[\fB\-e\fR \fIextension\fR] +[\fB\-o\fR \fIoutput\fR] +[\fB\-v\fR] +[\fB\-d\fR] +[\fB\-k\fR \fIprivate_key.pem\fR] +[\fB\-p\fR \fIkey_password\fR] +[\fB\-c\fR \fIclient_cert.pem\fR] +[\fB\-C\fR \fICA_certs.pem\fR] +[\fB\-P\fR \fICA_path\fR] +[\fB\-r\fR \fIfiles\fR] +[\fB\-g\fR \fIEGD_socket\fR] +[\fIrequest\fR ...] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command can be used for sending a timestamp request, as specified +in \s-1RFC\s0 3161, to a timestamp server over \s-1HTTP\s0 or \s-1HTTPS\s0 and storing the +timestamp response in a file. It cannot be used for creating the requests +and verifying responses, you have to use \fIopenssl\-ts\fR\|(1) to do that. This +command can send several requests to the server without closing the \s-1TCP\s0 +connection if more than one requests are specified on the command line. +.PP +This command sends the following \s-1HTTP\s0 request for each timestamp request: +.PP +.Vb 7 +\& POST url HTTP/1.1 +\& User\-Agent: OpenTSA tsget.pl/ +\& Host: : +\& Pragma: no\-cache +\& Content\-Type: application/timestamp\-query +\& Accept: application/timestamp\-reply +\& Content\-Length: length of body +\& +\& ...binary request specified by the user... +.Ve +.PP +It expects a response of type application/timestamp\-reply, which is +written to a file without any interpretation. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-h\fR \fIserver_url\fR" 4 +.IX Item "-h server_url" +The \s-1URL\s0 of the \s-1HTTP/HTTPS\s0 server listening for timestamp requests. +.IP "\fB\-e\fR \fIextension\fR" 4 +.IX Item "-e extension" +If the \fB\-o\fR option is not given this argument specifies the extension of the +output files. The base name of the output file will be the same as those of +the input files. Default extension is \fI.tsr\fR. (Optional) +.IP "\fB\-o\fR \fIoutput\fR" 4 +.IX Item "-o output" +This option can be specified only when just one request is sent to the +server. The timestamp response will be written to the given output file. '\-' +means standard output. In case of multiple timestamp requests or the absence +of this argument the names of the output files will be derived from the names +of the input files and the default or specified extension argument. (Optional) +.IP "\fB\-v\fR" 4 +.IX Item "-v" +The name of the currently processed request is printed on standard +error. (Optional) +.IP "\fB\-d\fR" 4 +.IX Item "-d" +Switches on verbose mode for the underlying perl module WWW::Curl::Easy. +You can see detailed debug messages for the connection. (Optional) +.IP "\fB\-k\fR \fIprivate_key.pem\fR" 4 +.IX Item "-k private_key.pem" +(\s-1HTTPS\s0) In case of certificate-based client authentication over \s-1HTTPS\s0 +\&\fIprivate_key.pem\fR must contain the private key of the user. The private key +file can optionally be protected by a passphrase. The \fB\-c\fR option must also +be specified. (Optional) +.IP "\fB\-p\fR \fIkey_password\fR" 4 +.IX Item "-p key_password" +(\s-1HTTPS\s0) Specifies the passphrase for the private key specified by the \fB\-k\fR +argument. If this option is omitted and the key is passphrase protected, +it will be prompted for. (Optional) +.IP "\fB\-c\fR \fIclient_cert.pem\fR" 4 +.IX Item "-c client_cert.pem" +(\s-1HTTPS\s0) In case of certificate-based client authentication over \s-1HTTPS\s0 +\&\fIclient_cert.pem\fR must contain the X.509 certificate of the user. The \fB\-k\fR +option must also be specified. If this option is not specified no +certificate-based client authentication will take place. (Optional) +.IP "\fB\-C\fR \fICA_certs.pem\fR" 4 +.IX Item "-C CA_certs.pem" +(\s-1HTTPS\s0) The trusted \s-1CA\s0 certificate store. The certificate chain of the peer's +certificate must include one of the \s-1CA\s0 certificates specified in this file. +Either option \fB\-C\fR or option \fB\-P\fR must be given in case of \s-1HTTPS\s0. (Optional) +.IP "\fB\-P\fR \fICA_path\fR" 4 +.IX Item "-P CA_path" +(\s-1HTTPS\s0) The path containing the trusted \s-1CA\s0 certificates to verify the peer's +certificate. The directory must be prepared with \fIopenssl\-rehash\fR\|(1). Either +option \fB\-C\fR or option \fB\-P\fR must be given in case of \s-1HTTPS\s0. (Optional) +.IP "\fB\-r\fR \fIfiles\fR" 4 +.IX Item "-r files" +See \*(L"Random State Options\*(R" in \fIopenssl\fR\|(1) for more information. +.IP "\fB\-g\fR \fIEGD_socket\fR" 4 +.IX Item "-g EGD_socket" +The name of an \s-1EGD\s0 socket to get random data from. (Optional) +.IP "\fIrequest\fR ..." 4 +.IX Item "request ..." +List of files containing \s-1RFC\s0 3161 DER-encoded timestamp requests. If no +requests are specified only one request will be sent to the server and it will +be read from the standard input. +(Optional) +.SH "ENVIRONMENT VARIABLES" +.IX Header "ENVIRONMENT VARIABLES" +The \fB\s-1TSGET\s0\fR environment variable can optionally contain default +arguments. The content of this variable is added to the list of command line +arguments. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The examples below presume that \fIfile1.tsq\fR and \fIfile2.tsq\fR contain valid +timestamp requests, tsa.opentsa.org listens at port 8080 for \s-1HTTP\s0 requests +and at port 8443 for \s-1HTTPS\s0 requests, the \s-1TSA\s0 service is available at the /tsa +absolute path. +.PP +Get a timestamp response for \fIfile1.tsq\fR over \s-1HTTP\s0, output is written to +\&\fIfile1.tsr\fR: +.PP +.Vb 1 +\& tsget \-h http://tsa.opentsa.org:8080/tsa file1.tsq +.Ve +.PP +Get a timestamp response for \fIfile1.tsq\fR and \fIfile2.tsq\fR over \s-1HTTP\s0 showing +progress, output is written to \fIfile1.reply\fR and \fIfile2.reply\fR respectively: +.PP +.Vb 2 +\& tsget \-h http://tsa.opentsa.org:8080/tsa \-v \-e .reply \e +\& file1.tsq file2.tsq +.Ve +.PP +Create a timestamp request, write it to \fIfile3.tsq\fR, send it to the server and +write the response to \fIfile3.tsr\fR: +.PP +.Vb 3 +\& openssl ts \-query \-data file3.txt \-cert | tee file3.tsq \e +\& | tsget \-h http://tsa.opentsa.org:8080/tsa \e +\& \-o file3.tsr +.Ve +.PP +Get a timestamp response for \fIfile1.tsq\fR over \s-1HTTPS\s0 without client +authentication: +.PP +.Vb 2 +\& tsget \-h https://tsa.opentsa.org:8443/tsa \e +\& \-C cacerts.pem file1.tsq +.Ve +.PP +Get a timestamp response for \fIfile1.tsq\fR over \s-1HTTPS\s0 with certificate-based +client authentication (it will ask for the passphrase if \fIclient_key.pem\fR is +protected): +.PP +.Vb 2 +\& tsget \-h https://tsa.opentsa.org:8443/tsa \-C cacerts.pem \e +\& \-k client_key.pem \-c client_cert.pem file1.tsq +.Ve +.PP +You can shorten the previous command line if you make use of the \fB\s-1TSGET\s0\fR +environment variable. The following commands do the same as the previous +example: +.PP +.Vb 4 +\& TSGET=\*(Aq\-h https://tsa.opentsa.org:8443/tsa \-C cacerts.pem \e +\& \-k client_key.pem \-c client_cert.pem\*(Aq +\& export TSGET +\& tsget file1.tsq +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIopenssl\-ts\fR\|(1), +WWW::Curl::Easy, +https://www.rfc\-editor.org/rfc/rfc3161.html +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/ADMISSIONS.3 b/linux_amd64/ssl/share/man/man3/ADMISSIONS.3 new file mode 100755 index 0000000..fe4a09f --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/ADMISSIONS.3 @@ -0,0 +1,302 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ADMISSIONS 3" +.TH ADMISSIONS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ADMISSIONS, +ADMISSIONS_get0_admissionAuthority, +ADMISSIONS_get0_namingAuthority, +ADMISSIONS_get0_professionInfos, +ADMISSIONS_set0_admissionAuthority, +ADMISSIONS_set0_namingAuthority, +ADMISSIONS_set0_professionInfos, +ADMISSION_SYNTAX, +ADMISSION_SYNTAX_get0_admissionAuthority, +ADMISSION_SYNTAX_get0_contentsOfAdmissions, +ADMISSION_SYNTAX_set0_admissionAuthority, +ADMISSION_SYNTAX_set0_contentsOfAdmissions, +NAMING_AUTHORITY, +NAMING_AUTHORITY_get0_authorityId, +NAMING_AUTHORITY_get0_authorityURL, +NAMING_AUTHORITY_get0_authorityText, +NAMING_AUTHORITY_set0_authorityId, +NAMING_AUTHORITY_set0_authorityURL, +NAMING_AUTHORITY_set0_authorityText, +PROFESSION_INFO, +PROFESSION_INFOS, +PROFESSION_INFO_get0_addProfessionInfo, +PROFESSION_INFO_get0_namingAuthority, +PROFESSION_INFO_get0_professionItems, +PROFESSION_INFO_get0_professionOIDs, +PROFESSION_INFO_get0_registrationNumber, +PROFESSION_INFO_set0_addProfessionInfo, +PROFESSION_INFO_set0_namingAuthority, +PROFESSION_INFO_set0_professionItems, +PROFESSION_INFO_set0_professionOIDs, +PROFESSION_INFO_set0_registrationNumber +\&\- Accessors and settors for ADMISSION_SYNTAX +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 5 +\& typedef struct NamingAuthority_st NAMING_AUTHORITY; +\& typedef struct ProfessionInfo_st PROFESSION_INFO; +\& typedef STACK_OF(PROFESSION_INFO) PROFESSION_INFOS; +\& typedef struct Admissions_st ADMISSIONS; +\& typedef struct AdmissionSyntax_st ADMISSION_SYNTAX; +\& +\& const ASN1_OBJECT *NAMING_AUTHORITY_get0_authorityId( +\& const NAMING_AUTHORITY *n); +\& void NAMING_AUTHORITY_set0_authorityId(NAMING_AUTHORITY *n, +\& ASN1_OBJECT* namingAuthorityId); +\& const ASN1_IA5STRING *NAMING_AUTHORITY_get0_authorityURL( +\& const NAMING_AUTHORITY *n); +\& void NAMING_AUTHORITY_set0_authorityURL(NAMING_AUTHORITY *n, +\& ASN1_IA5STRING* namingAuthorityUrl); +\& const ASN1_STRING *NAMING_AUTHORITY_get0_authorityText( +\& const NAMING_AUTHORITY *n); +\& void NAMING_AUTHORITY_set0_authorityText(NAMING_AUTHORITY *n, +\& ASN1_STRING* namingAuthorityText); +\& +\& const GENERAL_NAME *ADMISSION_SYNTAX_get0_admissionAuthority( +\& const ADMISSION_SYNTAX *as); +\& void ADMISSION_SYNTAX_set0_admissionAuthority( +\& ADMISSION_SYNTAX *as, GENERAL_NAME *aa); +\& const STACK_OF(ADMISSIONS) *ADMISSION_SYNTAX_get0_contentsOfAdmissions( +\& const ADMISSION_SYNTAX *as); +\& void ADMISSION_SYNTAX_set0_contentsOfAdmissions( +\& ADMISSION_SYNTAX *as, STACK_OF(ADMISSIONS) *a); +\& +\& const GENERAL_NAME *ADMISSIONS_get0_admissionAuthority(const ADMISSIONS *a); +\& void ADMISSIONS_set0_admissionAuthority(ADMISSIONS *a, GENERAL_NAME *aa); +\& const NAMING_AUTHORITY *ADMISSIONS_get0_namingAuthority(const ADMISSIONS *a); +\& void ADMISSIONS_set0_namingAuthority(ADMISSIONS *a, NAMING_AUTHORITY *na); +\& const PROFESSION_INFOS *ADMISSIONS_get0_professionInfos(const ADMISSIONS *a); +\& void ADMISSIONS_set0_professionInfos(ADMISSIONS *a, PROFESSION_INFOS *pi); +\& +\& const ASN1_OCTET_STRING *PROFESSION_INFO_get0_addProfessionInfo( +\& const PROFESSION_INFO *pi); +\& void PROFESSION_INFO_set0_addProfessionInfo( +\& PROFESSION_INFO *pi, ASN1_OCTET_STRING *aos); +\& const NAMING_AUTHORITY *PROFESSION_INFO_get0_namingAuthority( +\& const PROFESSION_INFO *pi); +\& void PROFESSION_INFO_set0_namingAuthority( +\& PROFESSION_INFO *pi, NAMING_AUTHORITY *na); +\& const STACK_OF(ASN1_STRING) *PROFESSION_INFO_get0_professionItems( +\& const PROFESSION_INFO *pi); +\& void PROFESSION_INFO_set0_professionItems( +\& PROFESSION_INFO *pi, STACK_OF(ASN1_STRING) *as); +\& const STACK_OF(ASN1_OBJECT) *PROFESSION_INFO_get0_professionOIDs( +\& const PROFESSION_INFO *pi); +\& void PROFESSION_INFO_set0_professionOIDs( +\& PROFESSION_INFO *pi, STACK_OF(ASN1_OBJECT) *po); +\& const ASN1_PRINTABLESTRING *PROFESSION_INFO_get0_registrationNumber( +\& const PROFESSION_INFO *pi); +\& void PROFESSION_INFO_set0_registrationNumber( +\& PROFESSION_INFO *pi, ASN1_PRINTABLESTRING *rn); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1PROFESSION_INFOS\s0\fR, \fB\s-1ADMISSION_SYNTAX\s0\fR, \fB\s-1ADMISSIONS\s0\fR, and +\&\fB\s-1PROFESSION_INFO\s0\fR types are opaque structures representing the +analogous types defined in the Common \s-1PKI\s0 Specification published +by . +Knowledge of those structures and their semantics is assumed. +.PP +The conventional routines to convert between \s-1DER\s0 and the local format +are described in \fId2i_X509\fR\|(3). +The conventional routines to allocate and free the types are defined +in \fIX509_dup\fR\|(3). +.PP +The \fB\s-1PROFESSION_INFOS\s0\fR type is a stack of \fB\s-1PROFESSION_INFO\s0\fR; see +\&\s-1\fIDEFINE_STACK_OF\s0\fR\|(3) for details. +.PP +The \fB\s-1NAMING_AUTHORITY\s0\fR type has an authority \s-1ID\s0 and \s-1URL\s0, and text fields. +The \fINAMING_AUTHORITY_get0_authorityId()\fR, +\&\fINAMING_AUTHORITY_get0_get0_authorityURL()\fR, and +\&\fINAMING_AUTHORITY_get0_get0_authorityText()\fR, functions return pointers +to those values within the object. +The \fINAMING_AUTHORITY_set0_authorityId()\fR, +\&\fINAMING_AUTHORITY_set0_get0_authorityURL()\fR, and +\&\fINAMING_AUTHORITY_set0_get0_authorityText()\fR, +functions free any existing value and set the pointer to the specified value. +.PP +The \fB\s-1ADMISSION_SYNTAX\s0\fR type has an authority name and a stack of +\&\fB\s-1ADMISSION\s0\fR objects. +The \fIADMISSION_SYNTAX_get0_admissionAuthority()\fR +and \fIADMISSION_SYNTAX_get0_contentsOfAdmissions()\fR functions return pointers +to those values within the object. +The +\&\fIADMISSION_SYNTAX_set0_admissionAuthority()\fR and +\&\fIADMISSION_SYNTAX_set0_contentsOfAdmissions()\fR +functions free any existing value and set the pointer to the specified value. +.PP +The \fB\s-1ADMISSION\s0\fR type has an authority name, authority object, and a +stack of \fB\s-1PROFESSION_INFO\s0\fR items. +The \fIADMISSIONS_get0_admissionAuthority()\fR, \fIADMISSIONS_get0_namingAuthority()\fR, +and \fIADMISSIONS_get0_professionInfos()\fR +functions return pointers to those values within the object. +The +\&\fIADMISSIONS_set0_admissionAuthority()\fR, +\&\fIADMISSIONS_set0_namingAuthority()\fR, and +\&\fIADMISSIONS_set0_professionInfos()\fR +functions free any existing value and set the pointer to the specified value. +.PP +The \fB\s-1PROFESSION_INFO\s0\fR type has a name authority, stacks of +profession Items and OIDs, a registration number, and additional +profession info. +The functions \fIPROFESSION_INFO_get0_addProfessionInfo()\fR, +\&\fIPROFESSION_INFO_get0_namingAuthority()\fR, \fIPROFESSION_INFO_get0_professionItems()\fR, +\&\fIPROFESSION_INFO_get0_professionOIDs()\fR, and +\&\fIPROFESSION_INFO_get0_registrationNumber()\fR +functions return pointers to those values within the object. +The +\&\fIPROFESSION_INFO_set0_addProfessionInfo()\fR, +\&\fIPROFESSION_INFO_set0_namingAuthority()\fR, +\&\fIPROFESSION_INFO_set0_professionItems()\fR, +\&\fIPROFESSION_INFO_set0_professionOIDs()\fR, and +\&\fIPROFESSION_INFO_set0_registrationNumber()\fR +functions free any existing value and set the pointer to the specified value. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Described above. +Note that all of the \fIget0\fR functions return a pointer to the internal data +structure and must not be freed. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIX509_dup\fR\|(3), +\&\fId2i_X509\fR\|(3), +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/ASN1_INTEGER_get_int64.3 b/linux_amd64/ssl/share/man/man3/ASN1_INTEGER_get_int64.3 new file mode 100755 index 0000000..567ec63 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/ASN1_INTEGER_get_int64.3 @@ -0,0 +1,253 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASN1_INTEGER_GET_INT64 3" +.TH ASN1_INTEGER_GET_INT64 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ASN1_INTEGER_get_uint64, ASN1_INTEGER_set_uint64, +ASN1_INTEGER_get_int64, ASN1_INTEGER_get, ASN1_INTEGER_set_int64, ASN1_INTEGER_set, BN_to_ASN1_INTEGER, ASN1_INTEGER_to_BN, ASN1_ENUMERATED_get_int64, ASN1_ENUMERATED_get, ASN1_ENUMERATED_set_int64, ASN1_ENUMERATED_set, BN_to_ASN1_ENUMERATED, ASN1_ENUMERATED_to_BN +\&\- ASN.1 INTEGER and ENUMERATED utilities +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int ASN1_INTEGER_get_int64(int64_t *pr, const ASN1_INTEGER *a); +\& long ASN1_INTEGER_get(const ASN1_INTEGER *a); +\& +\& int ASN1_INTEGER_set_int64(ASN1_INTEGER *a, int64_t r); +\& int ASN1_INTEGER_set(const ASN1_INTEGER *a, long v); +\& +\& int ASN1_INTEGER_get_uint64(uint64_t *pr, const ASN1_INTEGER *a); +\& int ASN1_INTEGER_set_uint64(ASN1_INTEGER *a, uint64_t r); +\& +\& ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai); +\& BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn); +\& +\& int ASN1_ENUMERATED_get_int64(int64_t *pr, const ASN1_ENUMERATED *a); +\& long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a); +\& +\& int ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *a, int64_t r); +\& int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v); +\& +\& ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai); +\& BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions convert to and from \fB\s-1ASN1_INTEGER\s0\fR and \fB\s-1ASN1_ENUMERATED\s0\fR +structures. +.PP +\&\fIASN1_INTEGER_get_int64()\fR converts an \fB\s-1ASN1_INTEGER\s0\fR into an \fBint64_t\fR type +If successful it returns 1 and sets \fI*pr\fR to the value of \fIa\fR. If it fails +(due to invalid type or the value being too big to fit into an \fBint64_t\fR type) +it returns 0. +.PP +\&\fIASN1_INTEGER_get_uint64()\fR is similar to \fIASN1_INTEGER_get_int64_t()\fR except it +converts to a \fBuint64_t\fR type and an error is returned if the passed integer +is negative. +.PP +\&\fIASN1_INTEGER_get()\fR also returns the value of \fIa\fR but it returns 0 if \fIa\fR is +\&\s-1NULL\s0 and \-1 on error (which is ambiguous because \-1 is a legitimate value for +an \fB\s-1ASN1_INTEGER\s0\fR). New applications should use \fIASN1_INTEGER_get_int64()\fR +instead. +.PP +\&\fIASN1_INTEGER_set_int64()\fR sets the value of \fB\s-1ASN1_INTEGER\s0\fR \fIa\fR to the +\&\fBint64_t\fR value \fIr\fR. +.PP +\&\fIASN1_INTEGER_set_uint64()\fR sets the value of \fB\s-1ASN1_INTEGER\s0\fR \fIa\fR to the +\&\fBuint64_t\fR value \fIr\fR. +.PP +\&\fIASN1_INTEGER_set()\fR sets the value of \fB\s-1ASN1_INTEGER\s0\fR \fIa\fR to the \fIlong\fR value +\&\fIv\fR. +.PP +\&\fIBN_to_ASN1_INTEGER()\fR converts \fB\s-1BIGNUM\s0\fR \fIbn\fR to an \fB\s-1ASN1_INTEGER\s0\fR. If \fIai\fR +is \s-1NULL\s0 a new \fB\s-1ASN1_INTEGER\s0\fR structure is returned. If \fIai\fR is not \s-1NULL\s0 then +the existing structure will be used instead. +.PP +\&\fIASN1_INTEGER_to_BN()\fR converts \s-1ASN1_INTEGER\s0 \fIai\fR into a \fB\s-1BIGNUM\s0\fR. If \fIbn\fR is +\&\s-1NULL\s0 a new \fB\s-1BIGNUM\s0\fR structure is returned. If \fIbn\fR is not \s-1NULL\s0 then the +existing structure will be used instead. +.PP +\&\fIASN1_ENUMERATED_get_int64()\fR, \fIASN1_ENUMERATED_set_int64()\fR, +\&\fIASN1_ENUMERATED_set()\fR, \fIBN_to_ASN1_ENUMERATED()\fR and \fIASN1_ENUMERATED_to_BN()\fR +behave in an identical way to their \s-1ASN1_INTEGER\s0 counterparts except they +operate on an \fB\s-1ASN1_ENUMERATED\s0\fR value. +.PP +\&\fIASN1_ENUMERATED_get()\fR returns the value of \fIa\fR in a similar way to +\&\fIASN1_INTEGER_get()\fR but it returns \fB0xffffffffL\fR if the value of \fIa\fR will not +fit in a long type. New applications should use \fIASN1_ENUMERATED_get_int64()\fR +instead. +.SH "NOTES" +.IX Header "NOTES" +In general an \fB\s-1ASN1_INTEGER\s0\fR or \fB\s-1ASN1_ENUMERATED\s0\fR type can contain an +integer of almost arbitrary size and so cannot always be represented by a C +\&\fBint64_t\fR type. However in many cases (for example version numbers) they +represent small integers which can be more easily manipulated if converted to +an appropriate C integer type. +.SH "BUGS" +.IX Header "BUGS" +The ambiguous return values of \fIASN1_INTEGER_get()\fR and \fIASN1_ENUMERATED_get()\fR +mean these functions should be avoided if possible. They are retained for +compatibility. Normally the ambiguous return values are not legitimate +values for the fields they represent. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIASN1_INTEGER_set_int64()\fR, \fIASN1_INTEGER_set()\fR, \fIASN1_ENUMERATED_set_int64()\fR and +\&\fIASN1_ENUMERATED_set()\fR return 1 for success and 0 for failure. They will only +fail if a memory allocation error occurs. +.PP +\&\fIASN1_INTEGER_get_int64()\fR and \fIASN1_ENUMERATED_get_int64()\fR return 1 for success +and 0 for failure. They will fail if the passed type is incorrect (this will +only happen if there is a programming error) or if the value exceeds the range +of an \fBint64_t\fR type. +.PP +\&\fIBN_to_ASN1_INTEGER()\fR and \fIBN_to_ASN1_ENUMERATED()\fR return an \fB\s-1ASN1_INTEGER\s0\fR or +\&\fB\s-1ASN1_ENUMERATED\s0\fR structure respectively or \s-1NULL\s0 if an error occurs. They will +only fail due to a memory allocation error. +.PP +\&\fIASN1_INTEGER_to_BN()\fR and \fIASN1_ENUMERATED_to_BN()\fR return a \fB\s-1BIGNUM\s0\fR structure +of \s-1NULL\s0 if an error occurs. They can fail if the passed type is incorrect +(due to programming error) or due to a memory allocation failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIASN1_INTEGER_set_int64()\fR, \fIASN1_INTEGER_get_int64()\fR, +\&\fIASN1_ENUMERATED_set_int64()\fR and \fIASN1_ENUMERATED_get_int64()\fR +were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/ASN1_ITEM_lookup.3 b/linux_amd64/ssl/share/man/man3/ASN1_ITEM_lookup.3 new file mode 100755 index 0000000..349bd52 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/ASN1_ITEM_lookup.3 @@ -0,0 +1,162 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASN1_ITEM_LOOKUP 3" +.TH ASN1_ITEM_LOOKUP 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ASN1_ITEM_lookup, ASN1_ITEM_get \- lookup ASN.1 structures +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const ASN1_ITEM *ASN1_ITEM_lookup(const char *name); +\& const ASN1_ITEM *ASN1_ITEM_get(size_t i); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIASN1_ITEM_lookup()\fR returns the \fB\s-1ASN1_ITEM\s0\fR named \fIname\fR. +.PP +\&\fIASN1_ITEM_get()\fR returns the \fB\s-1ASN1_ITEM\s0\fR with index \fIi\fR. This function +returns \s-1NULL\s0 if the index \fIi\fR is out of range. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIASN1_ITEM_lookup()\fR and \fIASN1_ITEM_get()\fR return a valid \fB\s-1ASN1_ITEM\s0\fR structure +or \s-1NULL\s0 if an error occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/ASN1_OBJECT_new.3 b/linux_amd64/ssl/share/man/man3/ASN1_OBJECT_new.3 new file mode 100755 index 0000000..9558b6a --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/ASN1_OBJECT_new.3 @@ -0,0 +1,173 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASN1_OBJECT_NEW 3" +.TH ASN1_OBJECT_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ASN1_OBJECT_new, ASN1_OBJECT_free \- object allocation functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& ASN1_OBJECT *ASN1_OBJECT_new(void); +\& void ASN1_OBJECT_free(ASN1_OBJECT *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1ASN1_OBJECT\s0\fR allocation routines, allocate and free an +\&\fB\s-1ASN1_OBJECT\s0\fR structure, which represents an \s-1ASN1\s0 \s-1OBJECT\s0 \s-1IDENTIFIER\s0. +.PP +\&\fIASN1_OBJECT_new()\fR allocates and initializes an \fB\s-1ASN1_OBJECT\s0\fR structure. +.PP +\&\fIASN1_OBJECT_free()\fR frees up the \fB\s-1ASN1_OBJECT\s0\fR structure \fIa\fR. +If \fIa\fR is \s-1NULL\s0, nothing is done. +.SH "NOTES" +.IX Header "NOTES" +Although \fIASN1_OBJECT_new()\fR allocates a new \fB\s-1ASN1_OBJECT\s0\fR structure it +is almost never used in applications. The \s-1ASN1\s0 object utility functions +such as \fIOBJ_nid2obj()\fR are used instead. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +If the allocation fails, \fIASN1_OBJECT_new()\fR returns \s-1NULL\s0 and sets an error +code that can be obtained by \fIERR_get_error\fR\|(3). +Otherwise it returns a pointer to the newly allocated structure. +.PP +\&\fIASN1_OBJECT_free()\fR returns no value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fId2i_ASN1_OBJECT\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/ASN1_STRING_TABLE_add.3 b/linux_amd64/ssl/share/man/man3/ASN1_STRING_TABLE_add.3 new file mode 100755 index 0000000..545b0b1 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/ASN1_STRING_TABLE_add.3 @@ -0,0 +1,187 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASN1_STRING_TABLE_ADD 3" +.TH ASN1_STRING_TABLE_ADD 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ASN1_STRING_TABLE, ASN1_STRING_TABLE_add, ASN1_STRING_TABLE_get, +ASN1_STRING_TABLE_cleanup \- ASN1_STRING_TABLE manipulation functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct asn1_string_table_st ASN1_STRING_TABLE; +\& +\& int ASN1_STRING_TABLE_add(int nid, long minsize, long maxsize, +\& unsigned long mask, unsigned long flags); +\& ASN1_STRING_TABLE * ASN1_STRING_TABLE_get(int nid); +\& void ASN1_STRING_TABLE_cleanup(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +.SS "Types" +.IX Subsection "Types" +\&\fB\s-1ASN1_STRING_TABLE\s0\fR is a table which holds string information +(basically minimum size, maximum size, type and etc) for a \s-1NID\s0 object. +.SS "Functions" +.IX Subsection "Functions" +\&\fIASN1_STRING_TABLE_add()\fR adds a new \fB\s-1ASN1_STRING_TABLE\s0\fR item into the +local \s-1ASN1\s0 string table based on the \fInid\fR along with other parameters. +.PP +If the item is already in the table, fields of \fB\s-1ASN1_STRING_TABLE\s0\fR are +updated (depending on the values of those parameters, e.g., \fIminsize\fR +and \fImaxsize\fR >= 0, \fImask\fR and \fIflags\fR != 0). If the \fInid\fR is standard, +a copy of the standard \fB\s-1ASN1_STRING_TABLE\s0\fR is created and updated with +other parameters. +.PP +\&\fIASN1_STRING_TABLE_get()\fR searches for an \fB\s-1ASN1_STRING_TABLE\s0\fR item based +on \fInid\fR. It will search the local table first, then the standard one. +.PP +\&\fIASN1_STRING_TABLE_cleanup()\fR frees all \fB\s-1ASN1_STRING_TABLE\s0\fR items added +by \fIASN1_STRING_TABLE_add()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIASN1_STRING_TABLE_add()\fR returns 1 on success, 0 if an error occurred. +.PP +\&\fIASN1_STRING_TABLE_get()\fR returns a valid \fB\s-1ASN1_STRING_TABLE\s0\fR structure +or \s-1NULL\s0 if nothing is found. +.PP +\&\fIASN1_STRING_TABLE_cleanup()\fR does not return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/ASN1_STRING_length.3 b/linux_amd64/ssl/share/man/man3/ASN1_STRING_length.3 new file mode 100755 index 0000000..3c1f3c8 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/ASN1_STRING_length.3 @@ -0,0 +1,235 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASN1_STRING_LENGTH 3" +.TH ASN1_STRING_LENGTH 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ASN1_STRING_dup, ASN1_STRING_cmp, ASN1_STRING_set, ASN1_STRING_length, +ASN1_STRING_type, ASN1_STRING_get0_data, ASN1_STRING_data, +ASN1_STRING_to_UTF8 \- ASN1_STRING utility functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int ASN1_STRING_length(ASN1_STRING *x); +\& const unsigned char * ASN1_STRING_get0_data(const ASN1_STRING *x); +\& unsigned char * ASN1_STRING_data(ASN1_STRING *x); +\& +\& ASN1_STRING * ASN1_STRING_dup(const ASN1_STRING *a); +\& +\& int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b); +\& +\& int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len); +\& +\& int ASN1_STRING_type(const ASN1_STRING *x); +\& +\& int ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions allow an \fB\s-1ASN1_STRING\s0\fR structure to be manipulated. +.PP +\&\fIASN1_STRING_length()\fR returns the length of the content of \fIx\fR. +.PP +\&\fIASN1_STRING_get0_data()\fR returns an internal pointer to the data of \fIx\fR. +Since this is an internal pointer it should \fBnot\fR be freed or +modified in any way. +.PP +\&\fIASN1_STRING_data()\fR is similar to \fIASN1_STRING_get0_data()\fR except the +returned value is not constant. This function is deprecated: +applications should use \fIASN1_STRING_get0_data()\fR instead. +.PP +\&\fIASN1_STRING_dup()\fR returns a copy of the structure \fIa\fR. +.PP +\&\fIASN1_STRING_cmp()\fR compares \fIa\fR and \fIb\fR returning 0 if the two +are identical. The string types and content are compared. +.PP +\&\fIASN1_STRING_set()\fR sets the data of string \fIstr\fR to the buffer +\&\fIdata\fR or length \fIlen\fR. The supplied data is copied. If \fIlen\fR +is \-1 then the length is determined by strlen(data). +.PP +\&\fIASN1_STRING_type()\fR returns the type of \fIx\fR, using standard constants +such as \fBV_ASN1_OCTET_STRING\fR. +.PP +\&\fIASN1_STRING_to_UTF8()\fR converts the string \fIin\fR to \s-1UTF8\s0 format, the +converted data is allocated in a buffer in \fI*out\fR. The length of +\&\fIout\fR is returned or a negative error code. The buffer \fI*out\fR +should be freed using \fIOPENSSL_free()\fR. +.SH "NOTES" +.IX Header "NOTES" +Almost all \s-1ASN1\s0 types in OpenSSL are represented as an \fB\s-1ASN1_STRING\s0\fR +structure. Other types such as \fB\s-1ASN1_OCTET_STRING\s0\fR are simply typedef'ed +to \fB\s-1ASN1_STRING\s0\fR and the functions call the \fB\s-1ASN1_STRING\s0\fR equivalents. +\&\fB\s-1ASN1_STRING\s0\fR is also used for some \fB\s-1CHOICE\s0\fR types which consist +entirely of primitive string types such as \fBDirectoryString\fR and +\&\fBTime\fR. +.PP +These functions should \fBnot\fR be used to examine or modify \fB\s-1ASN1_INTEGER\s0\fR +or \fB\s-1ASN1_ENUMERATED\s0\fR types: the relevant \fB\s-1INTEGER\s0\fR or \fB\s-1ENUMERATED\s0\fR +utility functions should be used instead. +.PP +In general it cannot be assumed that the data returned by \fIASN1_STRING_data()\fR +is null terminated or does not contain embedded nulls. The actual format +of the data will depend on the actual string type itself: for example +for an IA5String the data will be \s-1ASCII\s0, for a BMPString two bytes per +character in big endian format, and for an UTF8String it will be in \s-1UTF8\s0 format. +.PP +Similar care should be take to ensure the data is in the correct format +when calling \fIASN1_STRING_set()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIASN1_STRING_length()\fR returns the length of the content of \fIx\fR. +.PP +\&\fIASN1_STRING_get0_data()\fR and \fIASN1_STRING_data()\fR return an internal pointer to +the data of \fIx\fR. +.PP +\&\fIASN1_STRING_dup()\fR returns a valid \fB\s-1ASN1_STRING\s0\fR structure or \s-1NULL\s0 if an +error occurred. +.PP +\&\fIASN1_STRING_cmp()\fR returns an integer greater than, equal to, or less than 0, +according to whether \fIa\fR is greater than, equal to, or less than \fIb\fR. +.PP +\&\fIASN1_STRING_set()\fR returns 1 on success or 0 on error. +.PP +\&\fIASN1_STRING_type()\fR returns the type of \fIx\fR. +.PP +\&\fIASN1_STRING_to_UTF8()\fR returns the number of bytes in output string \fIout\fR or a +negative value if an error occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/ASN1_STRING_new.3 b/linux_amd64/ssl/share/man/man3/ASN1_STRING_new.3 new file mode 100755 index 0000000..c391206 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/ASN1_STRING_new.3 @@ -0,0 +1,174 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASN1_STRING_NEW 3" +.TH ASN1_STRING_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ASN1_STRING_new, ASN1_STRING_type_new, ASN1_STRING_free \- +ASN1_STRING allocation functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& ASN1_STRING * ASN1_STRING_new(void); +\& ASN1_STRING * ASN1_STRING_type_new(int type); +\& void ASN1_STRING_free(ASN1_STRING *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIASN1_STRING_new()\fR returns an allocated \fB\s-1ASN1_STRING\s0\fR structure. Its type +is undefined. +.PP +\&\fIASN1_STRING_type_new()\fR returns an allocated \fB\s-1ASN1_STRING\s0\fR structure of +type \fItype\fR. +.PP +\&\fIASN1_STRING_free()\fR frees up \fIa\fR. +If \fIa\fR is \s-1NULL\s0 nothing is done. +.SH "NOTES" +.IX Header "NOTES" +Other string types call the \fB\s-1ASN1_STRING\s0\fR functions. For example +\&\fIASN1_OCTET_STRING_new()\fR calls ASN1_STRING_type(V_ASN1_OCTET_STRING). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIASN1_STRING_new()\fR and \fIASN1_STRING_type_new()\fR return a valid +\&\fB\s-1ASN1_STRING\s0\fR structure or \s-1NULL\s0 if an error occurred. +.PP +\&\fIASN1_STRING_free()\fR does not return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/ASN1_STRING_print_ex.3 b/linux_amd64/ssl/share/man/man3/ASN1_STRING_print_ex.3 new file mode 100755 index 0000000..a7b9cee --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/ASN1_STRING_print_ex.3 @@ -0,0 +1,237 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASN1_STRING_PRINT_EX 3" +.TH ASN1_STRING_PRINT_EX 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ASN1_tag2str, ASN1_STRING_print_ex, ASN1_STRING_print_ex_fp, ASN1_STRING_print +\&\- ASN1_STRING output routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int ASN1_STRING_print_ex(BIO *out, const ASN1_STRING *str, unsigned long flags); +\& int ASN1_STRING_print_ex_fp(FILE *fp, const ASN1_STRING *str, unsigned long flags); +\& int ASN1_STRING_print(BIO *out, const ASN1_STRING *str); +\& +\& const char *ASN1_tag2str(int tag); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions output an \fB\s-1ASN1_STRING\s0\fR structure. \fB\s-1ASN1_STRING\s0\fR is used to +represent all the \s-1ASN1\s0 string types. +.PP +\&\fIASN1_STRING_print_ex()\fR outputs \fIstr\fR to \fIout\fR, the format is determined by +the options \fIflags\fR. \fIASN1_STRING_print_ex_fp()\fR is identical except it outputs +to \fIfp\fR instead. +.PP +\&\fIASN1_STRING_print()\fR prints \fIstr\fR to \fIout\fR but using a different format to +\&\fIASN1_STRING_print_ex()\fR. It replaces unprintable characters (other than \s-1CR\s0, \s-1LF\s0) +with '.'. +.PP +\&\fIASN1_tag2str()\fR returns a human-readable name of the specified \s-1ASN\s0.1 \fItag\fR. +.SH "NOTES" +.IX Header "NOTES" +\&\fIASN1_STRING_print()\fR is a deprecated function which should be avoided; use +\&\fIASN1_STRING_print_ex()\fR instead. +.PP +Although there are a large number of options frequently \fB\s-1ASN1_STRFLGS_RFC2253\s0\fR is +suitable, or on \s-1UTF8\s0 terminals \fB\s-1ASN1_STRFLGS_RFC2253\s0 & ~ASN1_STRFLGS_ESC_MSB\fR. +.PP +The complete set of supported options for \fIflags\fR is listed below. +.PP +Various characters can be escaped. If \fB\s-1ASN1_STRFLGS_ESC_2253\s0\fR is set the characters +determined by \s-1RFC2253\s0 are escaped. If \fB\s-1ASN1_STRFLGS_ESC_CTRL\s0\fR is set control +characters are escaped. If \fB\s-1ASN1_STRFLGS_ESC_MSB\s0\fR is set characters with the +\&\s-1MSB\s0 set are escaped: this option should \fBnot\fR be used if the terminal correctly +interprets \s-1UTF8\s0 sequences. +.PP +Escaping takes several forms. +.PP +If the character being escaped is a 16 bit character then the form \*(L"\eUXXXX\*(R" is used +using exactly four characters for the hex representation. If it is 32 bits then +\&\*(L"\eWXXXXXXXX\*(R" is used using eight characters of its hex representation. These forms +will only be used if \s-1UTF8\s0 conversion is not set (see below). +.PP +Printable characters are normally escaped using the backslash '\e' character. If +\&\fB\s-1ASN1_STRFLGS_ESC_QUOTE\s0\fR is set then the whole string is instead surrounded by +double quote characters: this is arguably more readable than the backslash +notation. Other characters use the \*(L"\eXX\*(R" using exactly two characters of the hex +representation. +.PP +If \fB\s-1ASN1_STRFLGS_UTF8_CONVERT\s0\fR is set then characters are converted to \s-1UTF8\s0 +format first. If the terminal supports the display of \s-1UTF8\s0 sequences then this +option will correctly display multi byte characters. +.PP +If \fB\s-1ASN1_STRFLGS_IGNORE_TYPE\s0\fR is set then the string type is not interpreted at +all: everything is assumed to be one byte per character. This is primarily for +debugging purposes and can result in confusing output in multi character strings. +.PP +If \fB\s-1ASN1_STRFLGS_SHOW_TYPE\s0\fR is set then the string type itself is printed out +before its value (for example \*(L"\s-1BMPSTRING\s0\*(R"), this actually uses \fIASN1_tag2str()\fR. +.PP +The content of a string instead of being interpreted can be \*(L"dumped\*(R": this just +outputs the value of the string using the form #XXXX using hex format for each +octet. +.PP +If \fB\s-1ASN1_STRFLGS_DUMP_ALL\s0\fR is set then any type is dumped. +.PP +Normally non character string types (such as \s-1OCTET\s0 \s-1STRING\s0) are assumed to be +one byte per character, if \fB\s-1ASN1_STRFLGS_DUMP_UNKNOWN\s0\fR is set then they will +be dumped instead. +.PP +When a type is dumped normally just the content octets are printed, if +\&\fB\s-1ASN1_STRFLGS_DUMP_DER\s0\fR is set then the complete encoding is dumped +instead (including tag and length octets). +.PP +\&\fB\s-1ASN1_STRFLGS_RFC2253\s0\fR includes all the flags required by \s-1RFC2253\s0. It is +equivalent to: + \s-1ASN1_STRFLGS_ESC_2253\s0 | \s-1ASN1_STRFLGS_ESC_CTRL\s0 | \s-1ASN1_STRFLGS_ESC_MSB\s0 | + \s-1ASN1_STRFLGS_UTF8_CONVERT\s0 | \s-1ASN1_STRFLGS_DUMP_UNKNOWN\s0 \s-1ASN1_STRFLGS_DUMP_DER\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIASN1_STRING_print_ex()\fR and \fIASN1_STRING_print_ex_fp()\fR return the number of +characters written or \-1 if an error occurred. +.PP +\&\fIASN1_STRING_print()\fR returns 1 on success or 0 on error. +.PP +\&\fIASN1_tag2str()\fR returns a human-readable name of the specified \s-1ASN\s0.1 \fItag\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIX509_NAME_print_ex\fR\|(3), +\&\fIASN1_tag2str\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/ASN1_TIME_set.3 b/linux_amd64/ssl/share/man/man3/ASN1_TIME_set.3 new file mode 100755 index 0000000..984e455 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/ASN1_TIME_set.3 @@ -0,0 +1,398 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASN1_TIME_SET 3" +.TH ASN1_TIME_SET 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ASN1_TIME_set, ASN1_UTCTIME_set, ASN1_GENERALIZEDTIME_set, +ASN1_TIME_adj, ASN1_UTCTIME_adj, ASN1_GENERALIZEDTIME_adj, +ASN1_TIME_check, ASN1_UTCTIME_check, ASN1_GENERALIZEDTIME_check, +ASN1_TIME_set_string, ASN1_UTCTIME_set_string, ASN1_GENERALIZEDTIME_set_string, +ASN1_TIME_set_string_X509, +ASN1_TIME_normalize, +ASN1_TIME_to_tm, +ASN1_TIME_print, ASN1_UTCTIME_print, ASN1_GENERALIZEDTIME_print, +ASN1_TIME_diff, +ASN1_TIME_cmp_time_t, ASN1_UTCTIME_cmp_time_t, +ASN1_TIME_compare, +ASN1_TIME_to_generalizedtime, +ASN1_TIME_dup, ASN1_UTCTIME_dup, ASN1_GENERALIZEDTIME_dup \- ASN.1 Time functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 4 +\& ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t); +\& ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t); +\& ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s, +\& time_t t); +\& +\& ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t, int offset_day, +\& long offset_sec); +\& ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, +\& int offset_day, long offset_sec); +\& ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s, +\& time_t t, int offset_day, +\& long offset_sec); +\& +\& int ASN1_TIME_set_string(ASN1_TIME *s, const char *str); +\& int ASN1_TIME_set_string_X509(ASN1_TIME *s, const char *str); +\& int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str); +\& int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, +\& const char *str); +\& +\& int ASN1_TIME_normalize(ASN1_TIME *s); +\& +\& int ASN1_TIME_check(const ASN1_TIME *t); +\& int ASN1_UTCTIME_check(const ASN1_UTCTIME *t); +\& int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *t); +\& +\& int ASN1_TIME_print(BIO *b, const ASN1_TIME *s); +\& int ASN1_UTCTIME_print(BIO *b, const ASN1_UTCTIME *s); +\& int ASN1_GENERALIZEDTIME_print(BIO *b, const ASN1_GENERALIZEDTIME *s); +\& +\& int ASN1_TIME_to_tm(const ASN1_TIME *s, struct tm *tm); +\& int ASN1_TIME_diff(int *pday, int *psec, const ASN1_TIME *from, +\& const ASN1_TIME *to); +\& +\& int ASN1_TIME_cmp_time_t(const ASN1_TIME *s, time_t t); +\& int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t); +\& +\& int ASN1_TIME_compare(const ASN1_TIME *a, const ASN1_TIME *b); +\& +\& ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, +\& ASN1_GENERALIZEDTIME **out); +\& +\& ASN1_TIME *ASN1_TIME_dup(const ASN1_TIME *t); +\& ASN1_UTCTIME *ASN1_UTCTIME_dup(const ASN1_UTCTIME *t); +\& ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_dup(const ASN1_GENERALIZEDTIME *t); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fIASN1_TIME_set()\fR, \fIASN1_UTCTIME_set()\fR and \fIASN1_GENERALIZEDTIME_set()\fR +functions set the structure \fIs\fR to the time represented by the time_t +value \fIt\fR. If \fIs\fR is \s-1NULL\s0 a new time structure is allocated and returned. +.PP +The \fIASN1_TIME_adj()\fR, \fIASN1_UTCTIME_adj()\fR and \fIASN1_GENERALIZEDTIME_adj()\fR +functions set the time structure \fIs\fR to the time represented +by the time \fIoffset_day\fR and \fIoffset_sec\fR after the time_t value \fIt\fR. +The values of \fIoffset_day\fR or \fIoffset_sec\fR can be negative to set a +time before \fIt\fR. The \fIoffset_sec\fR value can also exceed the number of +seconds in a day. If \fIs\fR is \s-1NULL\s0 a new structure is allocated +and returned. +.PP +The \fIASN1_TIME_set_string()\fR, \fIASN1_UTCTIME_set_string()\fR and +\&\fIASN1_GENERALIZEDTIME_set_string()\fR functions set the time structure \fIs\fR +to the time represented by string \fIstr\fR which must be in appropriate \s-1ASN\s0.1 +time format (for example \s-1YYMMDDHHMMSSZ\s0 or \s-1YYYYMMDDHHMMSSZ\s0). If \fIs\fR is \s-1NULL\s0 +this function performs a format check on \fIstr\fR only. The string \fIstr\fR +is copied into \fIs\fR. +.PP +\&\fIASN1_TIME_set_string_X509()\fR sets \fB\s-1ASN1_TIME\s0\fR structure \fIs\fR to the time +represented by string \fIstr\fR which must be in appropriate time format +that \s-1RFC\s0 5280 requires, which means it only allows \s-1YYMMDDHHMMSSZ\s0 and +\&\s-1YYYYMMDDHHMMSSZ\s0 (leap second is rejected), all other \s-1ASN\s0.1 time format +are not allowed. If \fIs\fR is \s-1NULL\s0 this function performs a format check +on \fIstr\fR only. +.PP +The \fIASN1_TIME_normalize()\fR function converts an \fB\s-1ASN1_GENERALIZEDTIME\s0\fR or +\&\fB\s-1ASN1_UTCTIME\s0\fR into a time value that can be used in a certificate. It +should be used after the \fIASN1_TIME_set_string()\fR functions and before +\&\fIASN1_TIME_print()\fR functions to get consistent (i.e. \s-1GMT\s0) results. +.PP +The \fIASN1_TIME_check()\fR, \fIASN1_UTCTIME_check()\fR and \fIASN1_GENERALIZEDTIME_check()\fR +functions check the syntax of the time structure \fIs\fR. +.PP +The \fIASN1_TIME_print()\fR, \fIASN1_UTCTIME_print()\fR and \fIASN1_GENERALIZEDTIME_print()\fR +functions print the time structure \fIs\fR to \s-1BIO\s0 \fIb\fR in human readable +format. It will be of the format \s-1MMM\s0 \s-1DD\s0 \s-1HH:MM:SS\s0 \s-1YYYY\s0 [\s-1GMT\s0], for example +\&\*(L"Feb 3 00:55:52 2015 \s-1GMT\s0\*(R" it does not include a newline. If the time +structure has invalid format it prints out \*(L"Bad time value\*(R" and returns +an error. The output for generalized time may include a fractional part +following the second. +.PP +\&\fIASN1_TIME_to_tm()\fR converts the time \fIs\fR to the standard \fItm\fR structure. +If \fIs\fR is \s-1NULL\s0, then the current time is converted. The output time is \s-1GMT\s0. +The \fItm_sec\fR, \fItm_min\fR, \fItm_hour\fR, \fItm_mday\fR, \fItm_wday\fR, \fItm_yday\fR, +\&\fItm_mon\fR and \fItm_year\fR fields of \fItm\fR structure are set to proper values, +whereas all other fields are set to 0. If \fItm\fR is \s-1NULL\s0 this function performs +a format check on \fIs\fR only. If \fIs\fR is in Generalized format with fractional +seconds, e.g. \s-1YYYYMMDDHHMMSS\s0.SSSZ, the fractional seconds will be lost while +converting \fIs\fR to \fItm\fR structure. +.PP +\&\fIASN1_TIME_diff()\fR sets \fI*pday\fR and \fI*psec\fR to the time difference between +\&\fIfrom\fR and \fIto\fR. If \fIto\fR represents a time later than \fIfrom\fR then +one or both (depending on the time difference) of \fI*pday\fR and \fI*psec\fR +will be positive. If \fIto\fR represents a time earlier than \fIfrom\fR then +one or both of \fI*pday\fR and \fI*psec\fR will be negative. If \fIto\fR and \fIfrom\fR +represent the same time then \fI*pday\fR and \fI*psec\fR will both be zero. +If both \fI*pday\fR and \fI*psec\fR are nonzero they will always have the same +sign. The value of \fI*psec\fR will always be less than the number of seconds +in a day. If \fIfrom\fR or \fIto\fR is \s-1NULL\s0 the current time is used. +.PP +The \fIASN1_TIME_cmp_time_t()\fR and \fIASN1_UTCTIME_cmp_time_t()\fR functions compare +the two times represented by the time structure \fIs\fR and the time_t \fIt\fR. +.PP +The \fIASN1_TIME_compare()\fR function compares the two times represented by the +time structures \fIa\fR and \fIb\fR. +.PP +The \fIASN1_TIME_to_generalizedtime()\fR function converts an \fB\s-1ASN1_TIME\s0\fR to an +\&\fB\s-1ASN1_GENERALIZEDTIME\s0\fR, regardless of year. If either \fIout\fR or +\&\fI*out\fR are \s-1NULL\s0, then a new object is allocated and must be freed after use. +.PP +The \fIASN1_TIME_dup()\fR, \fIASN1_UTCTIME_dup()\fR and \fIASN1_GENERALIZEDTIME_dup()\fR functions +duplicate the time structure \fIt\fR and return the duplicated result +correspondingly. +.SH "NOTES" +.IX Header "NOTES" +The \fB\s-1ASN1_TIME\s0\fR structure corresponds to the \s-1ASN\s0.1 structure \fBTime\fR +defined in \s-1RFC5280\s0 et al. The time setting functions obey the rules outlined +in \s-1RFC5280:\s0 if the date can be represented by UTCTime it is used, else +GeneralizedTime is used. +.PP +The \fB\s-1ASN1_TIME\s0\fR, \fB\s-1ASN1_UTCTIME\s0\fR and \fB\s-1ASN1_GENERALIZEDTIME\s0\fR structures are +represented as an \fB\s-1ASN1_STRING\s0\fR internally and can be freed up using +\&\fIASN1_STRING_free()\fR. +.PP +The \fB\s-1ASN1_TIME\s0\fR structure can represent years from 0000 to 9999 but no attempt +is made to correct ancient calendar changes (for example from Julian to +Gregorian calendars). +.PP +\&\fB\s-1ASN1_UTCTIME\s0\fR is limited to a year range of 1950 through 2049. +.PP +Some applications add offset times directly to a time_t value and pass the +results to \fIASN1_TIME_set()\fR (or equivalent). This can cause problems as the +time_t value can overflow on some systems resulting in unexpected results. +New applications should use \fIASN1_TIME_adj()\fR instead and pass the offset value +in the \fIoffset_sec\fR and \fIoffset_day\fR parameters instead of directly +manipulating a time_t value. +.PP +\&\fIASN1_TIME_adj()\fR may change the type from \fB\s-1ASN1_GENERALIZEDTIME\s0\fR to +\&\fB\s-1ASN1_UTCTIME\s0\fR, or vice versa, based on the resulting year. +\&\fIASN1_GENERALIZEDTIME_adj()\fR and \fIASN1_UTCTIME_adj()\fR will not modify the type +of the return structure. +.PP +It is recommended that functions starting with \fB\s-1ASN1_TIME\s0\fR be used instead of +those starting with \fB\s-1ASN1_UTCTIME\s0\fR or \fB\s-1ASN1_GENERALIZEDTIME\s0\fR. The functions +starting with \fB\s-1ASN1_UTCTIME\s0\fR and \fB\s-1ASN1_GENERALIZEDTIME\s0\fR act only on that +specific time format. The functions starting with \fB\s-1ASN1_TIME\s0\fR will operate on +either format. +.SH "BUGS" +.IX Header "BUGS" +\&\fIASN1_TIME_print()\fR, \fIASN1_UTCTIME_print()\fR and \fIASN1_GENERALIZEDTIME_print()\fR +do not print out the timezone: it either prints out \*(L"\s-1GMT\s0\*(R" or nothing. But all +certificates complying with \s-1RFC5280\s0 et al use \s-1GMT\s0 anyway. +.PP +Use the \fIASN1_TIME_normalize()\fR function to normalize the time value before +printing to get \s-1GMT\s0 results. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIASN1_TIME_set()\fR, \fIASN1_UTCTIME_set()\fR, \fIASN1_GENERALIZEDTIME_set()\fR, +\&\fIASN1_TIME_adj()\fR, \fIASN1_UTCTIME_adj()\fR and \fIASN1_GENERALIZEDTIME_set()\fR return +a pointer to a time structure or \s-1NULL\s0 if an error occurred. +.PP +\&\fIASN1_TIME_set_string()\fR, \fIASN1_UTCTIME_set_string()\fR, +\&\fIASN1_GENERALIZEDTIME_set_string()\fR and \fIASN1_TIME_set_string_X509()\fR return +1 if the time value is successfully set and 0 otherwise. +.PP +\&\fIASN1_TIME_normalize()\fR returns 1 on success, and 0 on error. +.PP +\&\fIASN1_TIME_check()\fR, ASN1_UTCTIME_check and \fIASN1_GENERALIZEDTIME_check()\fR return 1 +if the structure is syntactically correct and 0 otherwise. +.PP +\&\fIASN1_TIME_print()\fR, \fIASN1_UTCTIME_print()\fR and \fIASN1_GENERALIZEDTIME_print()\fR return +1 if the time is successfully printed out and 0 if an error occurred (I/O error +or invalid time format). +.PP +\&\fIASN1_TIME_to_tm()\fR returns 1 if the time is successfully parsed and 0 if an +error occurred (invalid time format). +.PP +\&\fIASN1_TIME_diff()\fR returns 1 for success and 0 for failure. It can fail if the +passed-in time structure has invalid syntax, for example. +.PP +\&\fIASN1_TIME_cmp_time_t()\fR and \fIASN1_UTCTIME_cmp_time_t()\fR return \-1 if \fIs\fR is +before \fIt\fR, 0 if \fIs\fR equals \fIt\fR, or 1 if \fIs\fR is after \fIt\fR. \-2 is returned +on error. +.PP +\&\fIASN1_TIME_compare()\fR returns \-1 if \fIa\fR is before \fIb\fR, 0 if \fIa\fR equals \fIb\fR, +or 1 if \fIa\fR is after \fIb\fR. \-2 is returned on error. +.PP +\&\fIASN1_TIME_to_generalizedtime()\fR returns a pointer to the appropriate time +structure on success or \s-1NULL\s0 if an error occurred. +.PP +\&\fIASN1_TIME_dup()\fR, \fIASN1_UTCTIME_dup()\fR and \fIASN1_GENERALIZEDTIME_dup()\fR return a +pointer to a time structure or \s-1NULL\s0 if an error occurred. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Set a time structure to one hour after the current time and print it out: +.PP +.Vb 2 +\& #include +\& #include +\& +\& ASN1_TIME *tm; +\& time_t t; +\& BIO *b; +\& +\& t = time(NULL); +\& tm = ASN1_TIME_adj(NULL, t, 0, 60 * 60); +\& b = BIO_new_fp(stdout, BIO_NOCLOSE); +\& ASN1_TIME_print(b, tm); +\& ASN1_STRING_free(tm); +\& BIO_free(b); +.Ve +.PP +Determine if one time is later or sooner than the current time: +.PP +.Vb 1 +\& int day, sec; +\& +\& if (!ASN1_TIME_diff(&day, &sec, NULL, to)) +\& /* Invalid time format */ +\& +\& if (day > 0 || sec > 0) +\& printf("Later\en"); +\& else if (day < 0 || sec < 0) +\& printf("Sooner\en"); +\& else +\& printf("Same\en"); +.Ve +.SH "HISTORY" +.IX Header "HISTORY" +The \fIASN1_TIME_to_tm()\fR function was added in OpenSSL 1.1.1. +The \fIASN1_TIME_set_string_X509()\fR function was added in OpenSSL 1.1.1. +The \fIASN1_TIME_normalize()\fR function was added in OpenSSL 1.1.1. +The \fIASN1_TIME_cmp_time_t()\fR function was added in OpenSSL 1.1.1. +The \fIASN1_TIME_compare()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/ASN1_TYPE_get.3 b/linux_amd64/ssl/share/man/man3/ASN1_TYPE_get.3 new file mode 100755 index 0000000..feb9ab8 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/ASN1_TYPE_get.3 @@ -0,0 +1,224 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASN1_TYPE_GET 3" +.TH ASN1_TYPE_GET 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ASN1_TYPE_get, ASN1_TYPE_set, ASN1_TYPE_set1, ASN1_TYPE_cmp, ASN1_TYPE_unpack_sequence, ASN1_TYPE_pack_sequence \- ASN1_TYPE utility +functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int ASN1_TYPE_get(const ASN1_TYPE *a); +\& void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value); +\& int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value); +\& int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b); +\& +\& void *ASN1_TYPE_unpack_sequence(const ASN1_ITEM *it, const ASN1_TYPE *t); +\& ASN1_TYPE *ASN1_TYPE_pack_sequence(const ASN1_ITEM *it, void *s, +\& ASN1_TYPE **t); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions allow an \fB\s-1ASN1_TYPE\s0\fR structure to be manipulated. The +\&\fB\s-1ASN1_TYPE\s0\fR structure can contain any \s-1ASN\s0.1 type or constructed type +such as a \s-1SEQUENCE:\s0 it is effectively equivalent to the \s-1ASN\s0.1 \s-1ANY\s0 type. +.PP +\&\fIASN1_TYPE_get()\fR returns the type of \fIa\fR. +.PP +\&\fIASN1_TYPE_set()\fR sets the value of \fIa\fR to \fItype\fR and \fIvalue\fR. This +function uses the pointer \fIvalue\fR internally so it must \fBnot\fR be freed +up after the call. +.PP +\&\fIASN1_TYPE_set1()\fR sets the value of \fIa\fR to \fItype\fR a copy of \fIvalue\fR. +.PP +\&\fIASN1_TYPE_cmp()\fR compares \s-1ASN\s0.1 types \fIa\fR and \fIb\fR and returns 0 if +they are identical and nonzero otherwise. +.PP +\&\fIASN1_TYPE_unpack_sequence()\fR attempts to parse the \s-1SEQUENCE\s0 present in +\&\fIt\fR using the \s-1ASN\s0.1 structure \fIit\fR. If successful it returns a pointer +to the \s-1ASN\s0.1 structure corresponding to \fIit\fR which must be freed by the +caller. If it fails it return \s-1NULL\s0. +.PP +\&\fIASN1_TYPE_pack_sequence()\fR attempts to encode the \s-1ASN\s0.1 structure \fIs\fR +corresponding to \fIit\fR into an \fB\s-1ASN1_TYPE\s0\fR. If successful the encoded +\&\fB\s-1ASN1_TYPE\s0\fR is returned. If \fIt\fR and \fI*t\fR are not \s-1NULL\s0 the encoded type +is written to \fIt\fR overwriting any existing data. If \fIt\fR is not \s-1NULL\s0 +but \fI*t\fR is \s-1NULL\s0 the returned \fB\s-1ASN1_TYPE\s0\fR is written to \fI*t\fR. +.SH "NOTES" +.IX Header "NOTES" +The type and meaning of the \fIvalue\fR parameter for \fIASN1_TYPE_set()\fR and +\&\fIASN1_TYPE_set1()\fR is determined by the \fItype\fR parameter. +If \fItype\fR is \fBV_ASN1_NULL\fR \fIvalue\fR is ignored. If \fItype\fR is +\&\fBV_ASN1_BOOLEAN\fR +then the boolean is set to \s-1TRUE\s0 if \fIvalue\fR is not \s-1NULL\s0. If \fItype\fR is +\&\fBV_ASN1_OBJECT\fR then value is an \fB\s-1ASN1_OBJECT\s0\fR structure. Otherwise \fItype\fR +is and \fB\s-1ASN1_STRING\s0\fR structure. If \fItype\fR corresponds to a primitive type +(or a string type) then the contents of the \fB\s-1ASN1_STRING\s0\fR contain the content +octets of the type. If \fItype\fR corresponds to a constructed type or +a tagged type (\fBV_ASN1_SEQUENCE\fR, \fBV_ASN1_SET\fR or \fBV_ASN1_OTHER\fR) then the +\&\fB\s-1ASN1_STRING\s0\fR contains the entire \s-1ASN\s0.1 encoding verbatim (including tag and +length octets). +.PP +\&\fIASN1_TYPE_cmp()\fR may not return zero if two types are equivalent but have +different encodings. For example the single content octet of the boolean \s-1TRUE\s0 +value under \s-1BER\s0 can have any nonzero encoding but \fIASN1_TYPE_cmp()\fR will +only return zero if the values are the same. +.PP +If either or both of the parameters passed to \fIASN1_TYPE_cmp()\fR is \s-1NULL\s0 the +return value is nonzero. Technically if both parameters are \s-1NULL\s0 the two +types could be absent \s-1OPTIONAL\s0 fields and so should match, however passing +\&\s-1NULL\s0 values could also indicate a programming error (for example an +unparsable type which returns \s-1NULL\s0) for types which do \fBnot\fR match. So +applications should handle the case of two absent values separately. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIASN1_TYPE_get()\fR returns the type of the \fB\s-1ASN1_TYPE\s0\fR argument. +.PP +\&\fIASN1_TYPE_set()\fR does not return a value. +.PP +\&\fIASN1_TYPE_set1()\fR returns 1 for success and 0 for failure. +.PP +\&\fIASN1_TYPE_cmp()\fR returns 0 if the types are identical and nonzero otherwise. +.PP +\&\fIASN1_TYPE_unpack_sequence()\fR returns a pointer to an \s-1ASN\s0.1 structure or +\&\s-1NULL\s0 on failure. +.PP +\&\fIASN1_TYPE_pack_sequence()\fR return an \fB\s-1ASN1_TYPE\s0\fR structure if it succeeds or +\&\s-1NULL\s0 on failure. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/ASN1_generate_nconf.3 b/linux_amd64/ssl/share/man/man3/ASN1_generate_nconf.3 new file mode 100755 index 0000000..08eb3f8 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/ASN1_generate_nconf.3 @@ -0,0 +1,372 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASN1_GENERATE_NCONF 3" +.TH ASN1_GENERATE_NCONF 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ASN1_generate_nconf, ASN1_generate_v3 \- ASN1 generation functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& ASN1_TYPE *ASN1_generate_nconf(const char *str, CONF *nconf); +\& ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions generate the \s-1ASN1\s0 encoding of a string +in an \fB\s-1ASN1_TYPE\s0\fR structure. +.PP +\&\fIstr\fR contains the string to encode \fInconf\fR or \fIcnf\fR contains +the optional configuration information where additional strings +will be read from. \fInconf\fR will typically come from a config +file whereas \fIcnf\fR is obtained from an \fBX509V3_CTX\fR structure +which will typically be used by X509 v3 certificate extension +functions. \fIcnf\fR or \fInconf\fR can be set to \s-1NULL\s0 if no additional +configuration will be used. +.SH "GENERATION STRING FORMAT" +.IX Header "GENERATION STRING FORMAT" +The actual data encoded is determined by the string \fIstr\fR and +the configuration information. The general format of the string +is: +.IP "[\fImodifier\fR,]\fItype\fR[:\fIvalue\fR]" 4 +.IX Item "[modifier,]type[:value]" +.PP +That is zero or more comma separated modifiers followed by a type +followed by an optional colon and a value. The formats of \fItype\fR, +\&\fIvalue\fR and \fImodifier\fR are explained below. +.SS "Supported Types" +.IX Subsection "Supported Types" +The supported types are listed below. Unless otherwise specified +only the \fB\s-1ASCII\s0\fR format is permissible. +.IP "\fB\s-1BOOLEAN\s0\fR, \fB\s-1BOOL\s0\fR" 4 +.IX Item "BOOLEAN, BOOL" +This encodes a boolean type. The \fIvalue\fR string is mandatory and +should be \fB\s-1TRUE\s0\fR or \fB\s-1FALSE\s0\fR. Additionally \fB\s-1TRUE\s0\fR, \fBtrue\fR, \fBY\fR, +\&\fBy\fR, \fB\s-1YES\s0\fR, \fByes\fR, \fB\s-1FALSE\s0\fR, \fBfalse\fR, \fBN\fR, \fBn\fR, \fB\s-1NO\s0\fR and \fBno\fR +are acceptable. +.IP "\fB\s-1NULL\s0\fR" 4 +.IX Item "NULL" +Encode the \fB\s-1NULL\s0\fR type, the \fIvalue\fR string must not be present. +.IP "\fB\s-1INTEGER\s0\fR, \fB\s-1INT\s0\fR" 4 +.IX Item "INTEGER, INT" +Encodes an \s-1ASN1\s0 \fB\s-1INTEGER\s0\fR type. The \fIvalue\fR string represents +the value of the integer, it can be prefaced by a minus sign and +is normally interpreted as a decimal value unless the prefix \fB0x\fR +is included. +.IP "\fB\s-1ENUMERATED\s0\fR, \fB\s-1ENUM\s0\fR" 4 +.IX Item "ENUMERATED, ENUM" +Encodes the \s-1ASN1\s0 \fB\s-1ENUMERATED\s0\fR type, it is otherwise identical to +\&\fB\s-1INTEGER\s0\fR. +.IP "\fB\s-1OBJECT\s0\fR, \fB\s-1OID\s0\fR" 4 +.IX Item "OBJECT, OID" +Encodes an \s-1ASN1\s0 \fB\s-1OBJECT\s0 \s-1IDENTIFIER\s0\fR, the \fIvalue\fR string can be +a short name, a long name or numerical format. +.IP "\fB\s-1UTCTIME\s0\fR, \fB\s-1UTC\s0\fR" 4 +.IX Item "UTCTIME, UTC" +Encodes an \s-1ASN1\s0 \fBUTCTime\fR structure, the value should be in +the format \fB\s-1YYMMDDHHMMSSZ\s0\fR. +.IP "\fB\s-1GENERALIZEDTIME\s0\fR, \fB\s-1GENTIME\s0\fR" 4 +.IX Item "GENERALIZEDTIME, GENTIME" +Encodes an \s-1ASN1\s0 \fBGeneralizedTime\fR structure, the value should be in +the format \fB\s-1YYYYMMDDHHMMSSZ\s0\fR. +.IP "\fB\s-1OCTETSTRING\s0\fR, \fB\s-1OCT\s0\fR" 4 +.IX Item "OCTETSTRING, OCT" +Encodes an \s-1ASN1\s0 \fB\s-1OCTET\s0 \s-1STRING\s0\fR. \fIvalue\fR represents the contents +of this structure, the format strings \fB\s-1ASCII\s0\fR and \fB\s-1HEX\s0\fR can be +used to specify the format of \fIvalue\fR. +.IP "\fB\s-1BITSTRING\s0\fR, \fB\s-1BITSTR\s0\fR" 4 +.IX Item "BITSTRING, BITSTR" +Encodes an \s-1ASN1\s0 \fB\s-1BIT\s0 \s-1STRING\s0\fR. \fIvalue\fR represents the contents +of this structure, the format strings \fB\s-1ASCII\s0\fR, \fB\s-1HEX\s0\fR and \fB\s-1BITLIST\s0\fR +can be used to specify the format of \fIvalue\fR. +.Sp +If the format is anything other than \fB\s-1BITLIST\s0\fR the number of unused +bits is set to zero. +.IP "\fB\s-1UNIVERSALSTRING\s0\fR, \fB\s-1UNIV\s0\fR, \fB\s-1IA5\s0\fR, \fB\s-1IA5STRING\s0\fR, \fB\s-1UTF8\s0\fR, \fBUTF8String\fR, \fB\s-1BMP\s0\fR, \fB\s-1BMPSTRING\s0\fR, \fB\s-1VISIBLESTRING\s0\fR, \fB\s-1VISIBLE\s0\fR, \fB\s-1PRINTABLESTRING\s0\fR, \fB\s-1PRINTABLE\s0\fR, \fBT61\fR, \fBT61STRING\fR, \fB\s-1TELETEXSTRING\s0\fR, \fBGeneralString\fR, \fB\s-1NUMERICSTRING\s0\fR, \fB\s-1NUMERIC\s0\fR" 4 +.IX Item "UNIVERSALSTRING, UNIV, IA5, IA5STRING, UTF8, UTF8String, BMP, BMPSTRING, VISIBLESTRING, VISIBLE, PRINTABLESTRING, PRINTABLE, T61, T61STRING, TELETEXSTRING, GeneralString, NUMERICSTRING, NUMERIC" +These encode the corresponding string types. \fIvalue\fR represents the +contents of this structure. The format can be \fB\s-1ASCII\s0\fR or \fB\s-1UTF8\s0\fR. +.IP "\fB\s-1SEQUENCE\s0\fR, \fB\s-1SEQ\s0\fR, \fB\s-1SET\s0\fR" 4 +.IX Item "SEQUENCE, SEQ, SET" +Formats the result as an \s-1ASN1\s0 \fB\s-1SEQUENCE\s0\fR or \fB\s-1SET\s0\fR type. \fIvalue\fR +should be a section name which will contain the contents. The +field names in the section are ignored and the values are in the +generated string format. If \fIvalue\fR is absent then an empty \s-1SEQUENCE\s0 +will be encoded. +.SS "Modifiers" +.IX Subsection "Modifiers" +Modifiers affect the following structure, they can be used to +add \s-1EXPLICIT\s0 or \s-1IMPLICIT\s0 tagging, add wrappers or to change +the string format of the final type and value. The supported +formats are documented below. +.IP "\fB\s-1EXPLICIT\s0\fR, \fB\s-1EXP\s0\fR" 4 +.IX Item "EXPLICIT, EXP" +Add an explicit tag to the following structure. This string +should be followed by a colon and the tag value to use as a +decimal value. +.Sp +By following the number with \fBU\fR, \fBA\fR, \fBP\fR or \fBC\fR \s-1UNIVERSAL\s0, +\&\s-1APPLICATION\s0, \s-1PRIVATE\s0 or \s-1CONTEXT\s0 \s-1SPECIFIC\s0 tagging can be used, +the default is \s-1CONTEXT\s0 \s-1SPECIFIC\s0. +.IP "\fB\s-1IMPLICIT\s0\fR, \fB\s-1IMP\s0\fR" 4 +.IX Item "IMPLICIT, IMP" +This is the same as \fB\s-1EXPLICIT\s0\fR except \s-1IMPLICIT\s0 tagging is used +instead. +.IP "\fB\s-1OCTWRAP\s0\fR, \fB\s-1SEQWRAP\s0\fR, \fB\s-1SETWRAP\s0\fR, \fB\s-1BITWRAP\s0\fR" 4 +.IX Item "OCTWRAP, SEQWRAP, SETWRAP, BITWRAP" +The following structure is surrounded by an \s-1OCTET\s0 \s-1STRING\s0, a \s-1SEQUENCE\s0, +a \s-1SET\s0 or a \s-1BIT\s0 \s-1STRING\s0 respectively. For a \s-1BIT\s0 \s-1STRING\s0 the number of unused +bits is set to zero. +.IP "\fB\s-1FORMAT\s0\fR" 4 +.IX Item "FORMAT" +This specifies the format of the ultimate value. It should be followed +by a colon and one of the strings \fB\s-1ASCII\s0\fR, \fB\s-1UTF8\s0\fR, \fB\s-1HEX\s0\fR or \fB\s-1BITLIST\s0\fR. +.Sp +If no format specifier is included then \fB\s-1ASCII\s0\fR is used. If \fB\s-1UTF8\s0\fR is +specified then the value string must be a valid \fB\s-1UTF8\s0\fR string. For \fB\s-1HEX\s0\fR the +output must be a set of hex digits. \fB\s-1BITLIST\s0\fR (which is only valid for a \s-1BIT\s0 +\&\s-1STRING\s0) is a comma separated list of the indices of the set bits, all other +bits are zero. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIASN1_generate_nconf()\fR and \fIASN1_generate_v3()\fR return the encoded +data as an \fB\s-1ASN1_TYPE\s0\fR structure or \s-1NULL\s0 if an error occurred. +.PP +The error codes that can be obtained by \fIERR_get_error\fR\|(3). +.SH "EXAMPLES" +.IX Header "EXAMPLES" +A simple IA5String: +.PP +.Vb 1 +\& IA5STRING:Hello World +.Ve +.PP +An IA5String explicitly tagged: +.PP +.Vb 1 +\& EXPLICIT:0,IA5STRING:Hello World +.Ve +.PP +An IA5String explicitly tagged using \s-1APPLICATION\s0 tagging: +.PP +.Vb 1 +\& EXPLICIT:0A,IA5STRING:Hello World +.Ve +.PP +A \s-1BITSTRING\s0 with bits 1 and 5 set and all others zero: +.PP +.Vb 1 +\& FORMAT:BITLIST,BITSTRING:1,5 +.Ve +.PP +A more complex example using a config file to produce a +\&\s-1SEQUENCE\s0 consisting of a \s-1BOOL\s0 an \s-1OID\s0 and a UTF8String: +.PP +.Vb 1 +\& asn1 = SEQUENCE:seq_section +\& +\& [seq_section] +\& +\& field1 = BOOLEAN:TRUE +\& field2 = OID:commonName +\& field3 = UTF8:Third field +.Ve +.PP +This example produces an RSAPrivateKey structure, this is the +key contained in the file client.pem in all OpenSSL distributions +(note: the field names such as 'coeff' are ignored and are present just +for clarity): +.PP +.Vb 3 +\& asn1=SEQUENCE:private_key +\& [private_key] +\& version=INTEGER:0 +\& +\& n=INTEGER:0xBB6FE79432CC6EA2D8F970675A5A87BFBE1AFF0BE63E879F2AFFB93644\e +\& D4D2C6D000430DEC66ABF47829E74B8C5108623A1C0EE8BE217B3AD8D36D5EB4FCA1D9 +\& +\& e=INTEGER:0x010001 +\& +\& d=INTEGER:0x6F05EAD2F27FFAEC84BEC360C4B928FD5F3A9865D0FCAAD291E2A52F4A\e +\& F810DC6373278C006A0ABBA27DC8C63BF97F7E666E27C5284D7D3B1FFFE16B7A87B51D +\& +\& p=INTEGER:0xF3929B9435608F8A22C208D86795271D54EBDFB09DDEF539AB083DA912\e +\& D4BD57 +\& +\& q=INTEGER:0xC50016F89DFF2561347ED1186A46E150E28BF2D0F539A1594BBD7FE467\e +\& 46EC4F +\& +\& exp1=INTEGER:0x9E7D4326C924AFC1DEA40B45650134966D6F9DFA3A7F9D698CD4ABEA\e +\& 9C0A39B9 +\& +\& exp2=INTEGER:0xBA84003BB95355AFB7C50DF140C60513D0BA51D637272E355E397779\e +\& E7B2458F +\& +\& coeff=INTEGER:0x30B9E4F2AFA5AC679F920FC83F1F2DF1BAF1779CF989447FABC2F5\e +\& 628657053A +.Ve +.PP +This example is the corresponding public key in a SubjectPublicKeyInfo +structure: +.PP +.Vb 2 +\& # Start with a SEQUENCE +\& asn1=SEQUENCE:pubkeyinfo +\& +\& # pubkeyinfo contains an algorithm identifier and the public key wrapped +\& # in a BIT STRING +\& [pubkeyinfo] +\& algorithm=SEQUENCE:rsa_alg +\& pubkey=BITWRAP,SEQUENCE:rsapubkey +\& +\& # algorithm ID for RSA is just an OID and a NULL +\& [rsa_alg] +\& algorithm=OID:rsaEncryption +\& parameter=NULL +\& +\& # Actual public key: modulus and exponent +\& [rsapubkey] +\& n=INTEGER:0xBB6FE79432CC6EA2D8F970675A5A87BFBE1AFF0BE63E879F2AFFB93644\e +\& D4D2C6D000430DEC66ABF47829E74B8C5108623A1C0EE8BE217B3AD8D36D5EB4FCA1D9 +\& +\& e=INTEGER:0x010001 +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/ASYNC_WAIT_CTX_new.3 b/linux_amd64/ssl/share/man/man3/ASYNC_WAIT_CTX_new.3 new file mode 100755 index 0000000..f491df7 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/ASYNC_WAIT_CTX_new.3 @@ -0,0 +1,337 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASYNC_WAIT_CTX_NEW 3" +.TH ASYNC_WAIT_CTX_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ASYNC_WAIT_CTX_new, ASYNC_WAIT_CTX_free, ASYNC_WAIT_CTX_set_wait_fd, +ASYNC_WAIT_CTX_get_fd, ASYNC_WAIT_CTX_get_all_fds, +ASYNC_WAIT_CTX_get_changed_fds, ASYNC_WAIT_CTX_clear_fd, +ASYNC_WAIT_CTX_set_callback, ASYNC_WAIT_CTX_get_callback, +ASYNC_WAIT_CTX_set_status, ASYNC_WAIT_CTX_get_status, ASYNC_callback_fn, +ASYNC_STATUS_UNSUPPORTED, ASYNC_STATUS_ERR, ASYNC_STATUS_OK, +ASYNC_STATUS_EAGAIN +\&\- functions to manage waiting for asynchronous jobs to complete +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& #define ASYNC_STATUS_UNSUPPORTED 0 +\& #define ASYNC_STATUS_ERR 1 +\& #define ASYNC_STATUS_OK 2 +\& #define ASYNC_STATUS_EAGAIN 3 +\& typedef int (*ASYNC_callback_fn)(void *arg); +\& ASYNC_WAIT_CTX *ASYNC_WAIT_CTX_new(void); +\& void ASYNC_WAIT_CTX_free(ASYNC_WAIT_CTX *ctx); +\& int ASYNC_WAIT_CTX_set_wait_fd(ASYNC_WAIT_CTX *ctx, const void *key, +\& OSSL_ASYNC_FD fd, +\& void *custom_data, +\& void (*cleanup)(ASYNC_WAIT_CTX *, const void *, +\& OSSL_ASYNC_FD, void *)); +\& int ASYNC_WAIT_CTX_get_fd(ASYNC_WAIT_CTX *ctx, const void *key, +\& OSSL_ASYNC_FD *fd, void **custom_data); +\& int ASYNC_WAIT_CTX_get_all_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *fd, +\& size_t *numfds); +\& int ASYNC_WAIT_CTX_get_changed_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *addfd, +\& size_t *numaddfds, OSSL_ASYNC_FD *delfd, +\& size_t *numdelfds); +\& int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key); +\& int ASYNC_WAIT_CTX_set_callback(ASYNC_WAIT_CTX *ctx, +\& ASYNC_callback_fn callback, +\& void *callback_arg); +\& int ASYNC_WAIT_CTX_get_callback(ASYNC_WAIT_CTX *ctx, +\& ASYNC_callback_fn *callback, +\& void **callback_arg); +\& int ASYNC_WAIT_CTX_set_status(ASYNC_WAIT_CTX *ctx, int status); +\& int ASYNC_WAIT_CTX_get_status(ASYNC_WAIT_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +For an overview of how asynchronous operations are implemented in OpenSSL see +\&\fIASYNC_start_job\fR\|(3). An \fB\s-1ASYNC_WAIT_CTX\s0\fR object represents an asynchronous +\&\*(L"session\*(R", i.e. a related set of crypto operations. For example in \s-1SSL\s0 terms +this would have a one-to-one correspondence with an \s-1SSL\s0 connection. +.PP +Application code must create an \fB\s-1ASYNC_WAIT_CTX\s0\fR using the \fIASYNC_WAIT_CTX_new()\fR +function prior to calling \fIASYNC_start_job()\fR (see \fIASYNC_start_job\fR\|(3)). When +the job is started it is associated with the \fB\s-1ASYNC_WAIT_CTX\s0\fR for the duration +of that job. An \fB\s-1ASYNC_WAIT_CTX\s0\fR should only be used for one \fB\s-1ASYNC_JOB\s0\fR at +any one time, but can be reused after an \fB\s-1ASYNC_JOB\s0\fR has finished for a +subsequent \fB\s-1ASYNC_JOB\s0\fR. When the session is complete (e.g. the \s-1SSL\s0 connection +is closed), application code cleans up with \fIASYNC_WAIT_CTX_free()\fR. +.PP +\&\fB\s-1ASYNC_WAIT_CTX\s0\fRs can have \*(L"wait\*(R" file descriptors associated with them. +Calling \fIASYNC_WAIT_CTX_get_all_fds()\fR and passing in a pointer to an +\&\fB\s-1ASYNC_WAIT_CTX\s0\fR in the \fIctx\fR parameter will return the wait file descriptors +associated with that job in \fI*fd\fR. The number of file descriptors returned will +be stored in \fI*numfds\fR. It is the caller's responsibility to ensure that +sufficient memory has been allocated in \fI*fd\fR to receive all the file +descriptors. Calling \fIASYNC_WAIT_CTX_get_all_fds()\fR with a \s-1NULL\s0 \fIfd\fR value will +return no file descriptors but will still populate \fI*numfds\fR. Therefore +application code is typically expected to call this function twice: once to get +the number of fds, and then again when sufficient memory has been allocated. If +only one asynchronous engine is being used then normally this call will only +ever return one fd. If multiple asynchronous engines are being used then more +could be returned. +.PP +The function \fIASYNC_WAIT_CTX_get_changed_fds()\fR can be used to detect if any fds +have changed since the last call time \fIASYNC_start_job()\fR returned \fB\s-1ASYNC_PAUSE\s0\fR +(or since the \fB\s-1ASYNC_WAIT_CTX\s0\fR was created if no \fB\s-1ASYNC_PAUSE\s0\fR result has +been received). The \fInumaddfds\fR and \fInumdelfds\fR parameters will be populated +with the number of fds added or deleted respectively. \fI*addfd\fR and \fI*delfd\fR +will be populated with the list of added and deleted fds respectively. Similarly +to \fIASYNC_WAIT_CTX_get_all_fds()\fR either of these can be \s-1NULL\s0, but if they are not +\&\s-1NULL\s0 then the caller is responsible for ensuring sufficient memory is allocated. +.PP +Implementors of async aware code (e.g. engines) are encouraged to return a +stable fd for the lifetime of the \fB\s-1ASYNC_WAIT_CTX\s0\fR in order to reduce the +\&\*(L"churn\*(R" of regularly changing fds \- although no guarantees of this are provided +to applications. +.PP +Applications can wait for the file descriptor to be ready for \*(L"read\*(R" using a +system function call such as select or poll (being ready for \*(L"read\*(R" indicates +that the job should be resumed). If no file descriptor is made available then an +application will have to periodically \*(L"poll\*(R" the job by attempting to restart it +to see if it is ready to continue. +.PP +Async aware code (e.g. engines) can get the current \fB\s-1ASYNC_WAIT_CTX\s0\fR from the +job via \fIASYNC_get_wait_ctx\fR\|(3) and provide a file descriptor to use for +waiting on by calling \fIASYNC_WAIT_CTX_set_wait_fd()\fR. Typically this would be done +by an engine immediately prior to calling \fIASYNC_pause_job()\fR and not by end user +code. An existing association with a file descriptor can be obtained using +\&\fIASYNC_WAIT_CTX_get_fd()\fR and cleared using \fIASYNC_WAIT_CTX_clear_fd()\fR. Both of +these functions requires a \fIkey\fR value which is unique to the async aware +code. This could be any unique value but a good candidate might be the +\&\fB\s-1ENGINE\s0 *\fR for the engine. The \fIcustom_data\fR parameter can be any value, and +will be returned in a subsequent call to \fIASYNC_WAIT_CTX_get_fd()\fR. The +\&\fIASYNC_WAIT_CTX_set_wait_fd()\fR function also expects a pointer to a \*(L"cleanup\*(R" +routine. This can be \s-1NULL\s0 but if provided will automatically get called when +the \fB\s-1ASYNC_WAIT_CTX\s0\fR is freed, and gives the engine the opportunity to close +the fd or any other resources. Note: The \*(L"cleanup\*(R" routine does not get called +if the fd is cleared directly via a call to \fIASYNC_WAIT_CTX_clear_fd()\fR. +.PP +An example of typical usage might be an async capable engine. User code would +initiate cryptographic operations. The engine would initiate those operations +asynchronously and then call \fIASYNC_WAIT_CTX_set_wait_fd()\fR followed by +\&\fIASYNC_pause_job()\fR to return control to the user code. The user code can then +perform other tasks or wait for the job to be ready by calling \*(L"select\*(R" or other +similar function on the wait file descriptor. The engine can signal to the user +code that the job should be resumed by making the wait file descriptor +\&\*(L"readable\*(R". Once resumed the engine should clear the wake signal on the wait +file descriptor. +.PP +As well as a file descriptor, user code may also be notified via a callback. The +callback and data pointers are stored within the \fB\s-1ASYNC_WAIT_CTX\s0\fR along with an +additional status field that can be used for the notification of retries from an +engine. This additional method can be used when the user thinks that a file +descriptor is too costly in terms of \s-1CPU\s0 cycles or in some context where a file +descriptor is not appropriate. +.PP +\&\fIASYNC_WAIT_CTX_set_callback()\fR sets the callback and the callback argument. The +callback will be called to notify user code when an engine completes a +cryptography operation. It is a requirement that the callback function is small +and non-blocking as it will be run in the context of a polling mechanism or an +interrupt. +.PP +\&\fIASYNC_WAIT_CTX_get_callback()\fR returns the callback set in the \fB\s-1ASYNC_WAIT_CTX\s0\fR +structure. +.PP +\&\fIASYNC_WAIT_CTX_set_status()\fR allows an engine to set the current engine status. +The possible status values are the following: +.IP "\fB\s-1ASYNC_STATUS_UNSUPPORTED\s0\fR" 4 +.IX Item "ASYNC_STATUS_UNSUPPORTED" +The engine does not support the callback mechanism. This is the default value. +The engine must call \fIASYNC_WAIT_CTX_set_status()\fR to set the status to some value +other than \fB\s-1ASYNC_STATUS_UNSUPPORTED\s0\fR if it intends to enable the callback +mechanism. +.IP "\fB\s-1ASYNC_STATUS_ERR\s0\fR" 4 +.IX Item "ASYNC_STATUS_ERR" +The engine has a fatal problem with this request. The user code should clean up +this session. +.IP "\fB\s-1ASYNC_STATUS_OK\s0\fR" 4 +.IX Item "ASYNC_STATUS_OK" +The request has been successfully submitted. +.IP "\fB\s-1ASYNC_STATUS_EAGAIN\s0\fR" 4 +.IX Item "ASYNC_STATUS_EAGAIN" +The engine has some problem which will be recovered soon, such as a buffer is +full, so user code should resume the job. +.PP +\&\fIASYNC_WAIT_CTX_get_status()\fR allows user code to obtain the current status value. +If the status is any value other than \fB\s-1ASYNC_STATUS_OK\s0\fR then the user code +should not expect to receive a callback from the engine even if one has been +set. +.PP +An example of the usage of the callback method might be the following. User +code would initiate cryptographic operations, and the engine code would dispatch +this operation to hardware, and if the dispatch is successful, then the engine +code would call \fIASYNC_pause_job()\fR to return control to the user code. After +that, user code can perform other tasks. When the hardware completes the +operation, normally it is detected by a polling function or an interrupt, as the +user code set a callback by calling \fIASYNC_WAIT_CTX_set_callback()\fR previously, +then the registered callback will be called. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIASYNC_WAIT_CTX_new()\fR returns a pointer to the newly allocated \fB\s-1ASYNC_WAIT_CTX\s0\fR +or \s-1NULL\s0 on error. +.PP +ASYNC_WAIT_CTX_set_wait_fd, ASYNC_WAIT_CTX_get_fd, ASYNC_WAIT_CTX_get_all_fds, +ASYNC_WAIT_CTX_get_changed_fds, ASYNC_WAIT_CTX_clear_fd, +ASYNC_WAIT_CTX_set_callback, ASYNC_WAIT_CTX_get_callback and +ASYNC_WAIT_CTX_set_status all return 1 on success or 0 on error. +\&\fIASYNC_WAIT_CTX_get_status()\fR returns the engine status. +.SH "NOTES" +.IX Header "NOTES" +On Windows platforms the openssl/async.h header is dependent on some +of the types customarily made available by including windows.h. The +application developer is likely to require control over when the latter +is included, commonly as one of the first included headers. Therefore +it is defined as an application developer's responsibility to include +windows.h prior to async.h. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIcrypto\fR\|(7), \fIASYNC_start_job\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIASYNC_WAIT_CTX_new()\fR, \fIASYNC_WAIT_CTX_free()\fR, \fIASYNC_WAIT_CTX_set_wait_fd()\fR, +\&\fIASYNC_WAIT_CTX_get_fd()\fR, \fIASYNC_WAIT_CTX_get_all_fds()\fR, +\&\fIASYNC_WAIT_CTX_get_changed_fds()\fR and \fIASYNC_WAIT_CTX_clear_fd()\fR +were added in OpenSSL 1.1.0. +.PP +\&\fIASYNC_WAIT_CTX_set_callback()\fR, \fIASYNC_WAIT_CTX_get_callback()\fR, +\&\fIASYNC_WAIT_CTX_set_status()\fR, and \fIASYNC_WAIT_CTX_get_status()\fR +were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/ASYNC_start_job.3 b/linux_amd64/ssl/share/man/man3/ASYNC_start_job.3 new file mode 100755 index 0000000..6e9ee25 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/ASYNC_start_job.3 @@ -0,0 +1,451 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASYNC_START_JOB 3" +.TH ASYNC_START_JOB 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ASYNC_get_wait_ctx, +ASYNC_init_thread, ASYNC_cleanup_thread, ASYNC_start_job, ASYNC_pause_job, +ASYNC_get_current_job, ASYNC_block_pause, ASYNC_unblock_pause, ASYNC_is_capable +\&\- asynchronous job management functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int ASYNC_init_thread(size_t max_size, size_t init_size); +\& void ASYNC_cleanup_thread(void); +\& +\& int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *ctx, int *ret, +\& int (*func)(void *), void *args, size_t size); +\& int ASYNC_pause_job(void); +\& +\& ASYNC_JOB *ASYNC_get_current_job(void); +\& ASYNC_WAIT_CTX *ASYNC_get_wait_ctx(ASYNC_JOB *job); +\& void ASYNC_block_pause(void); +\& void ASYNC_unblock_pause(void); +\& +\& int ASYNC_is_capable(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +OpenSSL implements asynchronous capabilities through an \fB\s-1ASYNC_JOB\s0\fR. This +represents code that can be started and executes until some event occurs. At +that point the code can be paused and control returns to user code until some +subsequent event indicates that the job can be resumed. +.PP +The creation of an \fB\s-1ASYNC_JOB\s0\fR is a relatively expensive operation. Therefore, +for efficiency reasons, jobs can be created up front and reused many times. They +are held in a pool until they are needed, at which point they are removed from +the pool, used, and then returned to the pool when the job completes. If the +user application is multi-threaded, then \fIASYNC_init_thread()\fR may be called for +each thread that will initiate asynchronous jobs. Before +user code exits per-thread resources need to be cleaned up. This will normally +occur automatically (see \fIOPENSSL_init_crypto\fR\|(3)) but may be explicitly +initiated by using \fIASYNC_cleanup_thread()\fR. No asynchronous jobs must be +outstanding for the thread when \fIASYNC_cleanup_thread()\fR is called. Failing to +ensure this will result in memory leaks. +.PP +The \fImax_size\fR argument limits the number of \fB\s-1ASYNC_JOB\s0\fRs that will be held in +the pool. If \fImax_size\fR is set to 0 then no upper limit is set. When an +\&\fB\s-1ASYNC_JOB\s0\fR is needed but there are none available in the pool already then one +will be automatically created, as long as the total of \fB\s-1ASYNC_JOB\s0\fRs managed by +the pool does not exceed \fImax_size\fR. When the pool is first initialised +\&\fIinit_size\fR \fB\s-1ASYNC_JOB\s0\fRs will be created immediately. If \fIASYNC_init_thread()\fR +is not called before the pool is first used then it will be called automatically +with a \fImax_size\fR of 0 (no upper limit) and an \fIinit_size\fR of 0 (no +\&\fB\s-1ASYNC_JOB\s0\fRs created up front). +.PP +An asynchronous job is started by calling the \fIASYNC_start_job()\fR function. +Initially \fI*job\fR should be \s-1NULL\s0. \fIctx\fR should point to an \fB\s-1ASYNC_WAIT_CTX\s0\fR +object created through the \fIASYNC_WAIT_CTX_new\fR\|(3) function. \fIret\fR should +point to a location where the return value of the asynchronous function should +be stored on completion of the job. \fIfunc\fR represents the function that should +be started asynchronously. The data pointed to by \fIargs\fR and of size \fIsize\fR +will be copied and then passed as an argument to \fIfunc\fR when the job starts. +ASYNC_start_job will return one of the following values: +.IP "\fB\s-1ASYNC_ERR\s0\fR" 4 +.IX Item "ASYNC_ERR" +An error occurred trying to start the job. Check the OpenSSL error queue (e.g. +see \fIERR_print_errors\fR\|(3)) for more details. +.IP "\fB\s-1ASYNC_NO_JOBS\s0\fR" 4 +.IX Item "ASYNC_NO_JOBS" +There are no jobs currently available in the pool. This call can be retried +again at a later time. +.IP "\fB\s-1ASYNC_PAUSE\s0\fR" 4 +.IX Item "ASYNC_PAUSE" +The job was successfully started but was \*(L"paused\*(R" before it completed (see +\&\fIASYNC_pause_job()\fR below). A handle to the job is placed in \fI*job\fR. Other work +can be performed (if desired) and the job restarted at a later time. To restart +a job call \fIASYNC_start_job()\fR again passing the job handle in \fI*job\fR. The +\&\fIfunc\fR, \fIargs\fR and \fIsize\fR parameters will be ignored when restarting a job. +When restarting a job \fIASYNC_start_job()\fR \fBmust\fR be called from the same thread +that the job was originally started from. +.IP "\fB\s-1ASYNC_FINISH\s0\fR" 4 +.IX Item "ASYNC_FINISH" +The job completed. \fI*job\fR will be \s-1NULL\s0 and the return value from \fIfunc\fR will +be placed in \fI*ret\fR. +.PP +At any one time there can be a maximum of one job actively running per thread +(you can have many that are paused). \fIASYNC_get_current_job()\fR can be used to get +a pointer to the currently executing \fB\s-1ASYNC_JOB\s0\fR. If no job is currently +executing then this will return \s-1NULL\s0. +.PP +If executing within the context of a job (i.e. having been called directly or +indirectly by the function \*(L"func\*(R" passed as an argument to \fIASYNC_start_job()\fR) +then \fIASYNC_pause_job()\fR will immediately return control to the calling +application with \fB\s-1ASYNC_PAUSE\s0\fR returned from the \fIASYNC_start_job()\fR call. A +subsequent call to ASYNC_start_job passing in the relevant \fB\s-1ASYNC_JOB\s0\fR in the +\&\fI*job\fR parameter will resume execution from the \fIASYNC_pause_job()\fR call. If +\&\fIASYNC_pause_job()\fR is called whilst not within the context of a job then no +action is taken and \fIASYNC_pause_job()\fR returns immediately. +.PP +\&\fIASYNC_get_wait_ctx()\fR can be used to get a pointer to the \fB\s-1ASYNC_WAIT_CTX\s0\fR +for the \fIjob\fR. \fB\s-1ASYNC_WAIT_CTX\s0\fRs contain two different ways to notify +applications that a job is ready to be resumed. One is a \*(L"wait\*(R" file +descriptor, and the other is a \*(L"callback\*(R" mechanism. +.PP +The \*(L"wait\*(R" file descriptor associated with \fB\s-1ASYNC_WAIT_CTX\s0\fR is used for +applications to wait for the file descriptor to be ready for \*(L"read\*(R" using a +system function call such as select or poll (being ready for \*(L"read\*(R" indicates +that the job should be resumed). If no file descriptor is made available then +an application will have to periodically \*(L"poll\*(R" the job by attempting to restart +it to see if it is ready to continue. +.PP +\&\fB\s-1ASYNC_WAIT_CTX\s0\fRs also have a \*(L"callback\*(R" mechanism to notify applications. The +callback is set by an application, and it will be automatically called when an +engine completes a cryptography operation, so that the application can resume +the paused work flow without polling. An engine could be written to look whether +the callback has been set. If it has then it would use the callback mechanism +in preference to the file descriptor notifications. If a callback is not set +then the engine may use file descriptor based notifications. Please note that +not all engines may support the callback mechanism, so the callback may not be +used even if it has been set. See \fIASYNC_WAIT_CTX_new()\fR for more details. +.PP +The \fIASYNC_block_pause()\fR function will prevent the currently active job from +pausing. The block will remain in place until a subsequent call to +\&\fIASYNC_unblock_pause()\fR. These functions can be nested, e.g. if you call +\&\fIASYNC_block_pause()\fR twice then you must call \fIASYNC_unblock_pause()\fR twice in +order to re-enable pausing. If these functions are called while there is no +currently active job then they have no effect. This functionality can be useful +to avoid deadlock scenarios. For example during the execution of an \fB\s-1ASYNC_JOB\s0\fR +an application acquires a lock. It then calls some cryptographic function which +invokes \fIASYNC_pause_job()\fR. This returns control back to the code that created +the \fB\s-1ASYNC_JOB\s0\fR. If that code then attempts to acquire the same lock before +resuming the original job then a deadlock can occur. By calling +\&\fIASYNC_block_pause()\fR immediately after acquiring the lock and +\&\fIASYNC_unblock_pause()\fR immediately before releasing it then this situation cannot +occur. +.PP +Some platforms cannot support async operations. The \fIASYNC_is_capable()\fR function +can be used to detect whether the current platform is async capable or not. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +ASYNC_init_thread returns 1 on success or 0 otherwise. +.PP +ASYNC_start_job returns one of \fB\s-1ASYNC_ERR\s0\fR, \fB\s-1ASYNC_NO_JOBS\s0\fR, \fB\s-1ASYNC_PAUSE\s0\fR or +\&\fB\s-1ASYNC_FINISH\s0\fR as described above. +.PP +ASYNC_pause_job returns 0 if an error occurred or 1 on success. If called when +not within the context of an \fB\s-1ASYNC_JOB\s0\fR then this is counted as success so 1 +is returned. +.PP +ASYNC_get_current_job returns a pointer to the currently executing \fB\s-1ASYNC_JOB\s0\fR +or \s-1NULL\s0 if not within the context of a job. +.PP +\&\fIASYNC_get_wait_ctx()\fR returns a pointer to the \fB\s-1ASYNC_WAIT_CTX\s0\fR for the job. +.PP +\&\fIASYNC_is_capable()\fR returns 1 if the current platform is async capable or 0 +otherwise. +.SH "NOTES" +.IX Header "NOTES" +On Windows platforms the openssl/async.h header is dependent on some +of the types customarily made available by including windows.h. The +application developer is likely to require control over when the latter +is included, commonly as one of the first included headers. Therefore +it is defined as an application developer's responsibility to include +windows.h prior to async.h. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The following example demonstrates how to use most of the core async APIs: +.PP +.Vb 7 +\& #ifdef _WIN32 +\& # include +\& #endif +\& #include +\& #include +\& #include +\& #include +\& +\& int unique = 0; +\& +\& void cleanup(ASYNC_WAIT_CTX *ctx, const void *key, OSSL_ASYNC_FD r, void *vw) +\& { +\& OSSL_ASYNC_FD *w = (OSSL_ASYNC_FD *)vw; +\& +\& close(r); +\& close(*w); +\& OPENSSL_free(w); +\& } +\& +\& int jobfunc(void *arg) +\& { +\& ASYNC_JOB *currjob; +\& unsigned char *msg; +\& int pipefds[2] = {0, 0}; +\& OSSL_ASYNC_FD *wptr; +\& char buf = \*(AqX\*(Aq; +\& +\& currjob = ASYNC_get_current_job(); +\& if (currjob != NULL) { +\& printf("Executing within a job\en"); +\& } else { +\& printf("Not executing within a job \- should not happen\en"); +\& return 0; +\& } +\& +\& msg = (unsigned char *)arg; +\& printf("Passed in message is: %s\en", msg); +\& +\& if (pipe(pipefds) != 0) { +\& printf("Failed to create pipe\en"); +\& return 0; +\& } +\& wptr = OPENSSL_malloc(sizeof(OSSL_ASYNC_FD)); +\& if (wptr == NULL) { +\& printf("Failed to malloc\en"); +\& return 0; +\& } +\& *wptr = pipefds[1]; +\& ASYNC_WAIT_CTX_set_wait_fd(ASYNC_get_wait_ctx(currjob), &unique, +\& pipefds[0], wptr, cleanup); +\& +\& /* +\& * Normally some external event would cause this to happen at some +\& * later point \- but we do it here for demo purposes, i.e. +\& * immediately signalling that the job is ready to be woken up after +\& * we return to main via ASYNC_pause_job(). +\& */ +\& write(pipefds[1], &buf, 1); +\& +\& /* Return control back to main */ +\& ASYNC_pause_job(); +\& +\& /* Clear the wake signal */ +\& read(pipefds[0], &buf, 1); +\& +\& printf ("Resumed the job after a pause\en"); +\& +\& return 1; +\& } +\& +\& int main(void) +\& { +\& ASYNC_JOB *job = NULL; +\& ASYNC_WAIT_CTX *ctx = NULL; +\& int ret; +\& OSSL_ASYNC_FD waitfd; +\& fd_set waitfdset; +\& size_t numfds; +\& unsigned char msg[13] = "Hello world!"; +\& +\& printf("Starting...\en"); +\& +\& ctx = ASYNC_WAIT_CTX_new(); +\& if (ctx == NULL) { +\& printf("Failed to create ASYNC_WAIT_CTX\en"); +\& abort(); +\& } +\& +\& for (;;) { +\& switch (ASYNC_start_job(&job, ctx, &ret, jobfunc, msg, sizeof(msg))) { +\& case ASYNC_ERR: +\& case ASYNC_NO_JOBS: +\& printf("An error occurred\en"); +\& goto end; +\& case ASYNC_PAUSE: +\& printf("Job was paused\en"); +\& break; +\& case ASYNC_FINISH: +\& printf("Job finished with return value %d\en", ret); +\& goto end; +\& } +\& +\& /* Wait for the job to be woken */ +\& printf("Waiting for the job to be woken up\en"); +\& +\& if (!ASYNC_WAIT_CTX_get_all_fds(ctx, NULL, &numfds) +\& || numfds > 1) { +\& printf("Unexpected number of fds\en"); +\& abort(); +\& } +\& ASYNC_WAIT_CTX_get_all_fds(ctx, &waitfd, &numfds); +\& FD_ZERO(&waitfdset); +\& FD_SET(waitfd, &waitfdset); +\& select(waitfd + 1, &waitfdset, NULL, NULL, NULL); +\& } +\& +\& end: +\& ASYNC_WAIT_CTX_free(ctx); +\& printf("Finishing\en"); +\& +\& return 0; +\& } +.Ve +.PP +The expected output from executing the above example program is: +.PP +.Vb 8 +\& Starting... +\& Executing within a job +\& Passed in message is: Hello world! +\& Job was paused +\& Waiting for the job to be woken up +\& Resumed the job after a pause +\& Job finished with return value 1 +\& Finishing +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIcrypto\fR\|(7), \fIERR_print_errors\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +ASYNC_init_thread, ASYNC_cleanup_thread, +ASYNC_start_job, ASYNC_pause_job, ASYNC_get_current_job, \fIASYNC_get_wait_ctx()\fR, +\&\fIASYNC_block_pause()\fR, \fIASYNC_unblock_pause()\fR and \fIASYNC_is_capable()\fR were first +added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/BF_encrypt.3 b/linux_amd64/ssl/share/man/man3/BF_encrypt.3 new file mode 100755 index 0000000..3821967 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/BF_encrypt.3 @@ -0,0 +1,254 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BF_ENCRYPT 3" +.TH BF_ENCRYPT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BF_set_key, BF_encrypt, BF_decrypt, BF_ecb_encrypt, BF_cbc_encrypt, +BF_cfb64_encrypt, BF_ofb64_encrypt, BF_options \- Blowfish encryption +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& void BF_set_key(BF_KEY *key, int len, const unsigned char *data); +\& +\& void BF_ecb_encrypt(const unsigned char *in, unsigned char *out, +\& BF_KEY *key, int enc); +\& void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, +\& long length, BF_KEY *schedule, +\& unsigned char *ivec, int enc); +\& void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out, +\& long length, BF_KEY *schedule, +\& unsigned char *ivec, int *num, int enc); +\& void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out, +\& long length, BF_KEY *schedule, +\& unsigned char *ivec, int *num); +\& const char *BF_options(void); +\& +\& void BF_encrypt(BF_LONG *data, const BF_KEY *key); +\& void BF_decrypt(BF_LONG *data, const BF_KEY *key); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. Applications should +instead use \fIEVP_EncryptInit_ex\fR\|(3), \fIEVP_EncryptUpdate\fR\|(3) and +\&\fIEVP_EncryptFinal_ex\fR\|(3) or the equivalently named decrypt functions. +.PP +This library implements the Blowfish cipher, which was invented and described +by Counterpane (see http://www.counterpane.com/blowfish.html ). +.PP +Blowfish is a block cipher that operates on 64 bit (8 byte) blocks of data. +It uses a variable size key, but typically, 128 bit (16 byte) keys are +considered good for strong encryption. Blowfish can be used in the same +modes as \s-1DES\s0 (see \fIdes_modes\fR\|(7)). Blowfish is currently one +of the faster block ciphers. It is quite a bit faster than \s-1DES\s0, and much +faster than \s-1IDEA\s0 or \s-1RC2\s0. +.PP +Blowfish consists of a key setup phase and the actual encryption or decryption +phase. +.PP +\&\fIBF_set_key()\fR sets up the \fB\s-1BF_KEY\s0\fR \fBkey\fR using the \fBlen\fR bytes long key +at \fBdata\fR. +.PP +\&\fIBF_ecb_encrypt()\fR is the basic Blowfish encryption and decryption function. +It encrypts or decrypts the first 64 bits of \fBin\fR using the key \fBkey\fR, +putting the result in \fBout\fR. \fBenc\fR decides if encryption (\fB\s-1BF_ENCRYPT\s0\fR) +or decryption (\fB\s-1BF_DECRYPT\s0\fR) shall be performed. The vector pointed at by +\&\fBin\fR and \fBout\fR must be 64 bits in length, no less. If they are larger, +everything after the first 64 bits is ignored. +.PP +The mode functions \fIBF_cbc_encrypt()\fR, \fIBF_cfb64_encrypt()\fR and \fIBF_ofb64_encrypt()\fR +all operate on variable length data. They all take an initialization vector +\&\fBivec\fR which needs to be passed along into the next call of the same function +for the same message. \fBivec\fR may be initialized with anything, but the +recipient needs to know what it was initialized with, or it won't be able +to decrypt. Some programs and protocols simplify this, like \s-1SSH\s0, where +\&\fBivec\fR is simply initialized to zero. +\&\fIBF_cbc_encrypt()\fR operates on data that is a multiple of 8 bytes long, while +\&\fIBF_cfb64_encrypt()\fR and \fIBF_ofb64_encrypt()\fR are used to encrypt an variable +number of bytes (the amount does not have to be an exact multiple of 8). The +purpose of the latter two is to simulate stream ciphers, and therefore, they +need the parameter \fBnum\fR, which is a pointer to an integer where the current +offset in \fBivec\fR is stored between calls. This integer must be initialized +to zero when \fBivec\fR is initialized. +.PP +\&\fIBF_cbc_encrypt()\fR is the Cipher Block Chaining function for Blowfish. It +encrypts or decrypts the 64 bits chunks of \fBin\fR using the key \fBschedule\fR, +putting the result in \fBout\fR. \fBenc\fR decides if encryption (\s-1BF_ENCRYPT\s0) or +decryption (\s-1BF_DECRYPT\s0) shall be performed. \fBivec\fR must point at an 8 byte +long initialization vector. +.PP +\&\fIBF_cfb64_encrypt()\fR is the \s-1CFB\s0 mode for Blowfish with 64 bit feedback. +It encrypts or decrypts the bytes in \fBin\fR using the key \fBschedule\fR, +putting the result in \fBout\fR. \fBenc\fR decides if encryption (\fB\s-1BF_ENCRYPT\s0\fR) +or decryption (\fB\s-1BF_DECRYPT\s0\fR) shall be performed. \fBivec\fR must point at an +8 byte long initialization vector. \fBnum\fR must point at an integer which must +be initially zero. +.PP +\&\fIBF_ofb64_encrypt()\fR is the \s-1OFB\s0 mode for Blowfish with 64 bit feedback. +It uses the same parameters as \fIBF_cfb64_encrypt()\fR, which must be initialized +the same way. +.PP +\&\fIBF_encrypt()\fR and \fIBF_decrypt()\fR are the lowest level functions for Blowfish +encryption. They encrypt/decrypt the first 64 bits of the vector pointed by +\&\fBdata\fR, using the key \fBkey\fR. These functions should not be used unless you +implement 'modes' of Blowfish. The alternative is to use \fIBF_ecb_encrypt()\fR. +If you still want to use these functions, you should be aware that they take +each 32\-bit chunk in host-byte order, which is little-endian on little-endian +platforms and big-endian on big-endian ones. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +None of the functions presented here return any value. +.SH "NOTE" +.IX Header "NOTE" +Applications should use the higher level functions +\&\fIEVP_EncryptInit\fR\|(3) etc. instead of calling these +functions directly. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_EncryptInit\fR\|(3), +\&\fIdes_modes\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/BIO_ADDR.3 b/linux_amd64/ssl/share/man/man3/BIO_ADDR.3 new file mode 100755 index 0000000..393294c --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/BIO_ADDR.3 @@ -0,0 +1,247 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_ADDR 3" +.TH BIO_ADDR 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_ADDR, BIO_ADDR_new, BIO_ADDR_clear, BIO_ADDR_free, BIO_ADDR_rawmake, +BIO_ADDR_family, BIO_ADDR_rawaddress, BIO_ADDR_rawport, +BIO_ADDR_hostname_string, BIO_ADDR_service_string, +BIO_ADDR_path_string \- BIO_ADDR routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& #include +\& #include +\& +\& typedef union bio_addr_st BIO_ADDR; +\& +\& BIO_ADDR *BIO_ADDR_new(void); +\& void BIO_ADDR_free(BIO_ADDR *); +\& void BIO_ADDR_clear(BIO_ADDR *ap); +\& int BIO_ADDR_rawmake(BIO_ADDR *ap, int family, +\& const void *where, size_t wherelen, unsigned short port); +\& int BIO_ADDR_family(const BIO_ADDR *ap); +\& int BIO_ADDR_rawaddress(const BIO_ADDR *ap, void *p, size_t *l); +\& unsigned short BIO_ADDR_rawport(const BIO_ADDR *ap); +\& char *BIO_ADDR_hostname_string(const BIO_ADDR *ap, int numeric); +\& char *BIO_ADDR_service_string(const BIO_ADDR *ap, int numeric); +\& char *BIO_ADDR_path_string(const BIO_ADDR *ap); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1BIO_ADDR\s0\fR type is a wrapper around all types of socket +addresses that OpenSSL deals with, currently transparently +supporting \s-1AF_INET\s0, \s-1AF_INET6\s0 and \s-1AF_UNIX\s0 according to what's +available on the platform at hand. +.PP +\&\fIBIO_ADDR_new()\fR creates a new unfilled \fB\s-1BIO_ADDR\s0\fR, to be used +with routines that will fill it with information, such as +\&\fIBIO_accept_ex()\fR. +.PP +\&\fIBIO_ADDR_free()\fR frees a \fB\s-1BIO_ADDR\s0\fR created with \fIBIO_ADDR_new()\fR. +.PP +\&\fIBIO_ADDR_clear()\fR clears any data held within the provided \fB\s-1BIO_ADDR\s0\fR and sets +it back to an uninitialised state. +.PP +\&\fIBIO_ADDR_rawmake()\fR takes a protocol \fBfamily\fR, an byte array of +size \fBwherelen\fR with an address in network byte order pointed at +by \fBwhere\fR and a port number in network byte order in \fBport\fR (except +for the \fB\s-1AF_UNIX\s0\fR protocol family, where \fBport\fR is meaningless and +therefore ignored) and populates the given \fB\s-1BIO_ADDR\s0\fR with them. +In case this creates a \fB\s-1AF_UNIX\s0\fR \fB\s-1BIO_ADDR\s0\fR, \fBwherelen\fR is expected +to be the length of the path string (not including the terminating +\&\s-1NUL\s0, such as the result of a call to \fIstrlen()\fR). +Read on about the addresses in \*(L"\s-1RAW\s0 \s-1ADDRESSES\s0\*(R" below. +.PP +\&\fIBIO_ADDR_family()\fR returns the protocol family of the given +\&\fB\s-1BIO_ADDR\s0\fR. The possible non-error results are one of the +constants \s-1AF_INET\s0, \s-1AF_INET6\s0 and \s-1AF_UNIX\s0. It will also return \s-1AF_UNSPEC\s0 if the +\&\s-1BIO_ADDR\s0 has not been initialised. +.PP +\&\fIBIO_ADDR_rawaddress()\fR will write the raw address of the given +\&\fB\s-1BIO_ADDR\s0\fR in the area pointed at by \fBp\fR if \fBp\fR is non-NULL, +and will set \fB*l\fR to be the amount of bytes the raw address +takes up if \fBl\fR is non-NULL. +A technique to only find out the size of the address is a call +with \fBp\fR set to \fB\s-1NULL\s0\fR. The raw address will be in network byte +order, most significant byte first. +In case this is a \fB\s-1AF_UNIX\s0\fR \fB\s-1BIO_ADDR\s0\fR, \fBl\fR gets the length of the +path string (not including the terminating \s-1NUL\s0, such as the result of +a call to \fIstrlen()\fR). +Read on about the addresses in \*(L"\s-1RAW\s0 \s-1ADDRESSES\s0\*(R" below. +.PP +\&\fIBIO_ADDR_rawport()\fR returns the raw port of the given \fB\s-1BIO_ADDR\s0\fR. +The raw port will be in network byte order. +.PP +\&\fIBIO_ADDR_hostname_string()\fR returns a character string with the +hostname of the given \fB\s-1BIO_ADDR\s0\fR. If \fBnumeric\fR is 1, the string +will contain the numerical form of the address. This only works for +\&\fB\s-1BIO_ADDR\s0\fR of the protocol families \s-1AF_INET\s0 and \s-1AF_INET6\s0. The +returned string has been allocated on the heap and must be freed +with \fIOPENSSL_free()\fR. +.PP +\&\fIBIO_ADDR_service_string()\fR returns a character string with the +service name of the port of the given \fB\s-1BIO_ADDR\s0\fR. If \fBnumeric\fR +is 1, the string will contain the port number. This only works +for \fB\s-1BIO_ADDR\s0\fR of the protocol families \s-1AF_INET\s0 and \s-1AF_INET6\s0. The +returned string has been allocated on the heap and must be freed +with \fIOPENSSL_free()\fR. +.PP +\&\fIBIO_ADDR_path_string()\fR returns a character string with the path +of the given \fB\s-1BIO_ADDR\s0\fR. This only works for \fB\s-1BIO_ADDR\s0\fR of the +protocol family \s-1AF_UNIX\s0. The returned string has been allocated +on the heap and must be freed with \fIOPENSSL_free()\fR. +.SH "RAW ADDRESSES" +.IX Header "RAW ADDRESSES" +Both \fIBIO_ADDR_rawmake()\fR and \fIBIO_ADDR_rawaddress()\fR take a pointer to a +network byte order address of a specific site. Internally, those are +treated as a pointer to \fBstruct in_addr\fR (for \fB\s-1AF_INET\s0\fR), \fBstruct +in6_addr\fR (for \fB\s-1AF_INET6\s0\fR) or \fBchar *\fR (for \fB\s-1AF_UNIX\s0\fR), all +depending on the protocol family the address is for. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The string producing functions \fIBIO_ADDR_hostname_string()\fR, +\&\fIBIO_ADDR_service_string()\fR and \fIBIO_ADDR_path_string()\fR will +return \fB\s-1NULL\s0\fR on error and leave an error indication on the +OpenSSL error stack. +.PP +All other functions described here return 0 or \fB\s-1NULL\s0\fR when the +information they should return isn't available. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIBIO_connect\fR\|(3), \fIBIO_s_connect\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/BIO_ADDRINFO.3 b/linux_amd64/ssl/share/man/man3/BIO_ADDRINFO.3 new file mode 100755 index 0000000..6b561b4 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/BIO_ADDRINFO.3 @@ -0,0 +1,236 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_ADDRINFO 3" +.TH BIO_ADDRINFO 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_lookup_type, +BIO_ADDRINFO, BIO_ADDRINFO_next, BIO_ADDRINFO_free, +BIO_ADDRINFO_family, BIO_ADDRINFO_socktype, BIO_ADDRINFO_protocol, +BIO_ADDRINFO_address, +BIO_lookup_ex, +BIO_lookup +\&\- BIO_ADDRINFO type and routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& #include +\& #include +\& +\& typedef union bio_addrinfo_st BIO_ADDRINFO; +\& +\& enum BIO_lookup_type { +\& BIO_LOOKUP_CLIENT, BIO_LOOKUP_SERVER +\& }; +\& +\& int BIO_lookup_ex(const char *host, const char *service, int lookup_type, +\& int family, int socktype, int protocol, BIO_ADDRINFO **res); +\& int BIO_lookup(const char *node, const char *service, +\& enum BIO_lookup_type lookup_type, +\& int family, int socktype, BIO_ADDRINFO **res); +\& +\& const BIO_ADDRINFO *BIO_ADDRINFO_next(const BIO_ADDRINFO *bai); +\& int BIO_ADDRINFO_family(const BIO_ADDRINFO *bai); +\& int BIO_ADDRINFO_socktype(const BIO_ADDRINFO *bai); +\& int BIO_ADDRINFO_protocol(const BIO_ADDRINFO *bai); +\& const BIO_ADDR *BIO_ADDRINFO_address(const BIO_ADDRINFO *bai); +\& void BIO_ADDRINFO_free(BIO_ADDRINFO *bai); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1BIO_ADDRINFO\s0\fR type is a wrapper for address information +types provided on your platform. +.PP +\&\fB\s-1BIO_ADDRINFO\s0\fR normally forms a chain of several that can be +picked at one by one. +.PP +\&\fIBIO_lookup_ex()\fR looks up a specified \fBhost\fR and \fBservice\fR, and +uses \fBlookup_type\fR to determine what the default address should +be if \fBhost\fR is \fB\s-1NULL\s0\fR. \fBfamily\fR, \fBsocktype\fR and \fBprotocol\fR are used to +determine what protocol family, socket type and protocol should be used for +the lookup. \fBfamily\fR can be any of \s-1AF_INET\s0, \s-1AF_INET6\s0, \s-1AF_UNIX\s0 and +\&\s-1AF_UNSPEC\s0. \fBsocktype\fR can be \s-1SOCK_STREAM\s0, \s-1SOCK_DGRAM\s0 or 0. Specifying 0 +indicates that any type can be used. \fBprotocol\fR specifies a protocol such as +\&\s-1IPPROTO_TCP\s0, \s-1IPPROTO_UDP\s0 or \s-1IPPORTO_SCTP\s0. If set to 0 than any protocol can be +used. \fBres\fR points at a pointer to hold the start of a \fB\s-1BIO_ADDRINFO\s0\fR +chain. +.PP +For the family \fB\s-1AF_UNIX\s0\fR, \fIBIO_lookup_ex()\fR will ignore the \fBservice\fR +parameter and expects the \fBnode\fR parameter to hold the path to the +socket file. +.PP +\&\fIBIO_lookup()\fR does the same as \fIBIO_lookup_ex()\fR but does not provide the ability +to select based on the protocol (any protocol may be returned). +.PP +\&\fIBIO_ADDRINFO_family()\fR returns the family of the given +\&\fB\s-1BIO_ADDRINFO\s0\fR. The result will be one of the constants +\&\s-1AF_INET\s0, \s-1AF_INET6\s0 and \s-1AF_UNIX\s0. +.PP +\&\fIBIO_ADDRINFO_socktype()\fR returns the socket type of the given +\&\fB\s-1BIO_ADDRINFO\s0\fR. The result will be one of the constants +\&\s-1SOCK_STREAM\s0 and \s-1SOCK_DGRAM\s0. +.PP +\&\fIBIO_ADDRINFO_protocol()\fR returns the protocol id of the given +\&\fB\s-1BIO_ADDRINFO\s0\fR. The result will be one of the constants +\&\s-1IPPROTO_TCP\s0 and \s-1IPPROTO_UDP\s0. +.PP +\&\fIBIO_ADDRINFO_address()\fR returns the underlying \fB\s-1BIO_ADDR\s0\fR +of the given \fB\s-1BIO_ADDRINFO\s0\fR. +.PP +\&\fIBIO_ADDRINFO_next()\fR returns the next \fB\s-1BIO_ADDRINFO\s0\fR in the chain +from the given one. +.PP +\&\fIBIO_ADDRINFO_free()\fR frees the chain of \fB\s-1BIO_ADDRINFO\s0\fR starting +with the given one. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_lookup_ex()\fR and \fIBIO_lookup()\fR return 1 on success and 0 when an error +occurred, and will leave an error indication on the OpenSSL error stack in that +case. +.PP +All other functions described here return 0 or \fB\s-1NULL\s0\fR when the +information they should return isn't available. +.SH "NOTES" +.IX Header "NOTES" +The \fIBIO_lookup_ex()\fR implementation uses the platform provided \fIgetaddrinfo()\fR +function. On Linux it is known that specifying 0 for the protocol will not +return any \s-1SCTP\s0 based addresses when calling \fIgetaddrinfo()\fR. Therefore if an \s-1SCTP\s0 +address is required then the \fBprotocol\fR parameter to \fIBIO_lookup_ex()\fR should be +explicitly set to \s-1IPPROTO_SCTP\s0. The same may be true on other platforms. +.SH "HISTORY" +.IX Header "HISTORY" +The \fIBIO_lookup_ex()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/BIO_connect.3 b/linux_amd64/ssl/share/man/man3/BIO_connect.3 new file mode 100755 index 0000000..6f5f38b --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/BIO_connect.3 @@ -0,0 +1,232 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_CONNECT 3" +.TH BIO_CONNECT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_socket, BIO_bind, BIO_connect, BIO_listen, BIO_accept_ex, BIO_closesocket \- BIO +socket communication setup routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BIO_socket(int domain, int socktype, int protocol, int options); +\& int BIO_bind(int sock, const BIO_ADDR *addr, int options); +\& int BIO_connect(int sock, const BIO_ADDR *addr, int options); +\& int BIO_listen(int sock, const BIO_ADDR *addr, int options); +\& int BIO_accept_ex(int accept_sock, BIO_ADDR *peer, int options); +\& int BIO_closesocket(int sock); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBIO_socket()\fR creates a socket in the domain \fBdomain\fR, of type +\&\fBsocktype\fR and \fBprotocol\fR. Socket \fBoptions\fR are currently unused, +but is present for future use. +.PP +\&\fIBIO_bind()\fR binds the source address and service to a socket and +may be useful before calling \fIBIO_connect()\fR. The options may include +\&\fB\s-1BIO_SOCK_REUSEADDR\s0\fR, which is described in \*(L"\s-1FLAGS\s0\*(R" below. +.PP +\&\fIBIO_connect()\fR connects \fBsock\fR to the address and service given by +\&\fBaddr\fR. Connection \fBoptions\fR may be zero or any combination of +\&\fB\s-1BIO_SOCK_KEEPALIVE\s0\fR, \fB\s-1BIO_SOCK_NONBLOCK\s0\fR and \fB\s-1BIO_SOCK_NODELAY\s0\fR. +The flags are described in \*(L"\s-1FLAGS\s0\*(R" below. +.PP +\&\fIBIO_listen()\fR has \fBsock\fR start listening on the address and service +given by \fBaddr\fR. Connection \fBoptions\fR may be zero or any +combination of \fB\s-1BIO_SOCK_KEEPALIVE\s0\fR, \fB\s-1BIO_SOCK_NONBLOCK\s0\fR, +\&\fB\s-1BIO_SOCK_NODELAY\s0\fR, \fB\s-1BIO_SOCK_REUSEADDR\s0\fR and \fB\s-1BIO_SOCK_V6_ONLY\s0\fR. +The flags are described in \*(L"\s-1FLAGS\s0\*(R" below. +.PP +\&\fIBIO_accept_ex()\fR waits for an incoming connections on the given +socket \fBaccept_sock\fR. When it gets a connection, the address and +port of the peer gets stored in \fBpeer\fR if that one is non-NULL. +Accept \fBoptions\fR may be zero or \fB\s-1BIO_SOCK_NONBLOCK\s0\fR, and is applied +on the accepted socket. The flags are described in \*(L"\s-1FLAGS\s0\*(R" below. +.PP +\&\fIBIO_closesocket()\fR closes \fBsock\fR. +.SH "FLAGS" +.IX Header "FLAGS" +.IP "\s-1BIO_SOCK_KEEPALIVE\s0" 4 +.IX Item "BIO_SOCK_KEEPALIVE" +Enables regular sending of keep-alive messages. +.IP "\s-1BIO_SOCK_NONBLOCK\s0" 4 +.IX Item "BIO_SOCK_NONBLOCK" +Sets the socket to non-blocking mode. +.IP "\s-1BIO_SOCK_NODELAY\s0" 4 +.IX Item "BIO_SOCK_NODELAY" +Corresponds to \fB\s-1TCP_NODELAY\s0\fR, and disables the Nagle algorithm. With +this set, any data will be sent as soon as possible instead of being +buffered until there's enough for the socket to send out in one go. +.IP "\s-1BIO_SOCK_REUSEADDR\s0" 4 +.IX Item "BIO_SOCK_REUSEADDR" +Try to reuse the address and port combination for a recently closed +port. +.IP "\s-1BIO_SOCK_V6_ONLY\s0" 4 +.IX Item "BIO_SOCK_V6_ONLY" +When creating an IPv6 socket, make it only listen for IPv6 addresses +and not IPv4 addresses mapped to IPv6. +.PP +These flags are bit flags, so they are to be combined with the +\&\f(CW\*(C`|\*(C'\fR operator, for example: +.PP +.Vb 1 +\& BIO_connect(sock, addr, BIO_SOCK_KEEPALIVE | BIO_SOCK_NONBLOCK); +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_socket()\fR returns the socket number on success or \fB\s-1INVALID_SOCKET\s0\fR +(\-1) on error. When an error has occurred, the OpenSSL error stack +will hold the error data and errno has the system error. +.PP +\&\fIBIO_bind()\fR, \fIBIO_connect()\fR and \fIBIO_listen()\fR return 1 on success or 0 on error. +When an error has occurred, the OpenSSL error stack will hold the error +data and errno has the system error. +.PP +\&\fIBIO_accept_ex()\fR returns the accepted socket on success or +\&\fB\s-1INVALID_SOCKET\s0\fR (\-1) on error. When an error has occurred, the +OpenSSL error stack will hold the error data and errno has the system +error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fIBIO_ADDR\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIBIO_gethostname()\fR, \fIBIO_get_port()\fR, \fIBIO_get_host_ip()\fR, +\&\fIBIO_get_accept_socket()\fR and \fIBIO_accept()\fR were deprecated in OpenSSL 1.1.0. +Use the functions described above instead. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/BIO_ctrl.3 b/linux_amd64/ssl/share/man/man3/BIO_ctrl.3 new file mode 100755 index 0000000..e1623c4 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/BIO_ctrl.3 @@ -0,0 +1,276 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_CTRL 3" +.TH BIO_CTRL 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_ctrl, BIO_callback_ctrl, BIO_ptr_ctrl, BIO_int_ctrl, BIO_reset, +BIO_seek, BIO_tell, BIO_flush, BIO_eof, BIO_set_close, BIO_get_close, +BIO_pending, BIO_wpending, BIO_ctrl_pending, BIO_ctrl_wpending, +BIO_get_info_callback, BIO_set_info_callback, BIO_info_cb, BIO_get_ktls_send, +BIO_get_ktls_recv +\&\- BIO control operations +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef int BIO_info_cb(BIO *b, int state, int res); +\& +\& long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg); +\& long BIO_callback_ctrl(BIO *b, int cmd, BIO_info_cb *cb); +\& char *BIO_ptr_ctrl(BIO *bp, int cmd, long larg); +\& long BIO_int_ctrl(BIO *bp, int cmd, long larg, int iarg); +\& +\& int BIO_reset(BIO *b); +\& int BIO_seek(BIO *b, int ofs); +\& int BIO_tell(BIO *b); +\& int BIO_flush(BIO *b); +\& int BIO_eof(BIO *b); +\& int BIO_set_close(BIO *b, long flag); +\& int BIO_get_close(BIO *b); +\& int BIO_pending(BIO *b); +\& int BIO_wpending(BIO *b); +\& size_t BIO_ctrl_pending(BIO *b); +\& size_t BIO_ctrl_wpending(BIO *b); +\& +\& int BIO_get_info_callback(BIO *b, BIO_info_cb **cbp); +\& int BIO_set_info_callback(BIO *b, BIO_info_cb *cb); +\& +\& int BIO_get_ktls_send(BIO *b); +\& int BIO_get_ktls_recv(BIO *b); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBIO_ctrl()\fR, \fIBIO_callback_ctrl()\fR, \fIBIO_ptr_ctrl()\fR and \fIBIO_int_ctrl()\fR +are \s-1BIO\s0 \*(L"control\*(R" operations taking arguments of various types. +These functions are not normally called directly, various macros +are used instead. The standard macros are described below, macros +specific to a particular type of \s-1BIO\s0 are described in the specific +BIOs manual page as well as any special features of the standard +calls. +.PP +\&\fIBIO_reset()\fR typically resets a \s-1BIO\s0 to some initial state, in the case +of file related BIOs for example it rewinds the file pointer to the +start of the file. +.PP +\&\fIBIO_seek()\fR resets a file related \s-1BIO\s0's (that is file descriptor and +\&\s-1FILE\s0 BIOs) file position pointer to \fBofs\fR bytes from start of file. +.PP +\&\fIBIO_tell()\fR returns the current file position of a file related \s-1BIO\s0. +.PP +\&\fIBIO_flush()\fR normally writes out any internally buffered data, in some +cases it is used to signal \s-1EOF\s0 and that no more data will be written. +.PP +\&\fIBIO_eof()\fR returns 1 if the \s-1BIO\s0 has read \s-1EOF\s0, the precise meaning of +\&\*(L"\s-1EOF\s0\*(R" varies according to the \s-1BIO\s0 type. +.PP +\&\fIBIO_set_close()\fR sets the \s-1BIO\s0 \fBb\fR close flag to \fBflag\fR. \fBflag\fR can +take the value \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE\s0. Typically \s-1BIO_CLOSE\s0 is used +in a source/sink \s-1BIO\s0 to indicate that the underlying I/O stream should +be closed when the \s-1BIO\s0 is freed. +.PP +\&\fIBIO_get_close()\fR returns the BIOs close flag. +.PP +\&\fIBIO_pending()\fR, \fIBIO_ctrl_pending()\fR, \fIBIO_wpending()\fR and \fIBIO_ctrl_wpending()\fR +return the number of pending characters in the BIOs read and write buffers. +Not all BIOs support these calls. \fIBIO_ctrl_pending()\fR and \fIBIO_ctrl_wpending()\fR +return a size_t type and are functions, \fIBIO_pending()\fR and \fIBIO_wpending()\fR are +macros which call \fIBIO_ctrl()\fR. +.PP +\&\fIBIO_get_ktls_send()\fR returns 1 if the \s-1BIO\s0 is using the Kernel \s-1TLS\s0 data-path for +sending. Otherwise, it returns zero. +\&\fIBIO_get_ktls_recv()\fR returns 1 if the \s-1BIO\s0 is using the Kernel \s-1TLS\s0 data-path for +receiving. Otherwise, it returns zero. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_reset()\fR normally returns 1 for success and 0 or \-1 for failure. File +BIOs are an exception, they return 0 for success and \-1 for failure. +.PP +\&\fIBIO_seek()\fR and \fIBIO_tell()\fR both return the current file position on success +and \-1 for failure, except file BIOs which for \fIBIO_seek()\fR always return 0 +for success and \-1 for failure. +.PP +\&\fIBIO_flush()\fR returns 1 for success and 0 or \-1 for failure. +.PP +\&\fIBIO_eof()\fR returns 1 if \s-1EOF\s0 has been reached 0 otherwise. +.PP +\&\fIBIO_set_close()\fR always returns 1. +.PP +\&\fIBIO_get_close()\fR returns the close flag value: \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE\s0. +.PP +\&\fIBIO_pending()\fR, \fIBIO_ctrl_pending()\fR, \fIBIO_wpending()\fR and \fIBIO_ctrl_wpending()\fR +return the amount of pending data. +.PP +\&\fIBIO_get_ktls_send()\fR returns 1 if the \s-1BIO\s0 is using the Kernel \s-1TLS\s0 data-path for +sending. Otherwise, it returns zero. +\&\fIBIO_get_ktls_recv()\fR returns 1 if the \s-1BIO\s0 is using the Kernel \s-1TLS\s0 data-path for +receiving. Otherwise, it returns zero. +.SH "NOTES" +.IX Header "NOTES" +\&\fIBIO_flush()\fR, because it can write data may return 0 or \-1 indicating +that the call should be retried later in a similar manner to \fIBIO_write_ex()\fR. +The \fIBIO_should_retry()\fR call should be used and appropriate action taken +is the call fails. +.PP +The return values of \fIBIO_pending()\fR and \fIBIO_wpending()\fR may not reliably +determine the amount of pending data in all cases. For example in the +case of a file \s-1BIO\s0 some data may be available in the \s-1FILE\s0 structures +internal buffers but it is not possible to determine this in a +portably way. For other types of \s-1BIO\s0 they may not be supported. +.PP +Filter BIOs if they do not internally handle a particular \fIBIO_ctrl()\fR +operation usually pass the operation to the next \s-1BIO\s0 in the chain. +This often means there is no need to locate the required \s-1BIO\s0 for +a particular operation, it can be called on a chain and it will +be automatically passed to the relevant \s-1BIO\s0. However this can cause +unexpected results: for example no current filter BIOs implement +\&\fIBIO_seek()\fR, but this may still succeed if the chain ends in a \s-1FILE\s0 +or file descriptor \s-1BIO\s0. +.PP +Source/sink BIOs return an 0 if they do not recognize the \fIBIO_ctrl()\fR +operation. +.SH "BUGS" +.IX Header "BUGS" +Some of the return values are ambiguous and care should be taken. In +particular a return value of 0 can be returned if an operation is not +supported, if an error occurred, if \s-1EOF\s0 has not been reached and in +the case of \fIBIO_seek()\fR on a file \s-1BIO\s0 for a successful operation. +.SH "HISTORY" +.IX Header "HISTORY" +The \fIBIO_get_ktls_send()\fR and \fIBIO_get_ktls_recv()\fR functions were added in +OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/BIO_f_base64.3 b/linux_amd64/ssl/share/man/man3/BIO_f_base64.3 new file mode 100755 index 0000000..a273249 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/BIO_f_base64.3 @@ -0,0 +1,214 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_F_BASE64 3" +.TH BIO_F_BASE64 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_f_base64 \- base64 BIO filter +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& #include +\& #include +\& +\& const BIO_METHOD *BIO_f_base64(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBIO_f_base64()\fR returns the base64 \s-1BIO\s0 method. This is a filter +\&\s-1BIO\s0 that base64 encodes any data written through it and decodes +any data read through it. +.PP +Base64 BIOs do not support \fIBIO_gets()\fR or \fIBIO_puts()\fR. +.PP +\&\fIBIO_flush()\fR on a base64 \s-1BIO\s0 that is being written through is +used to signal that no more data is to be encoded: this is used +to flush the final block through the \s-1BIO\s0. +.PP +The flag \s-1BIO_FLAGS_BASE64_NO_NL\s0 can be set with \fIBIO_set_flags()\fR +to encode the data all on one line or expect the data to be all +on one line. +.SH "NOTES" +.IX Header "NOTES" +Because of the format of base64 encoding the end of the encoded +block cannot always be reliably determined. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_f_base64()\fR returns the base64 \s-1BIO\s0 method. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Base64 encode the string \*(L"Hello World\en\*(R" and write the result +to standard output: +.PP +.Vb 2 +\& BIO *bio, *b64; +\& char message[] = "Hello World \en"; +\& +\& b64 = BIO_new(BIO_f_base64()); +\& bio = BIO_new_fp(stdout, BIO_NOCLOSE); +\& BIO_push(b64, bio); +\& BIO_write(b64, message, strlen(message)); +\& BIO_flush(b64); +\& +\& BIO_free_all(b64); +.Ve +.PP +Read Base64 encoded data from standard input and write the decoded +data to standard output: +.PP +.Vb 3 +\& BIO *bio, *b64, *bio_out; +\& char inbuf[512]; +\& int inlen; +\& +\& b64 = BIO_new(BIO_f_base64()); +\& bio = BIO_new_fp(stdin, BIO_NOCLOSE); +\& bio_out = BIO_new_fp(stdout, BIO_NOCLOSE); +\& BIO_push(b64, bio); +\& while ((inlen = BIO_read(b64, inbuf, 512)) > 0) +\& BIO_write(bio_out, inbuf, inlen); +\& +\& BIO_flush(bio_out); +\& BIO_free_all(b64); +.Ve +.SH "BUGS" +.IX Header "BUGS" +The ambiguity of \s-1EOF\s0 in base64 encoded data can cause additional +data following the base64 encoded block to be misinterpreted. +.PP +There should be some way of specifying a test that the \s-1BIO\s0 can perform +to reliably determine \s-1EOF\s0 (for example a \s-1MIME\s0 boundary). +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/BIO_f_buffer.3 b/linux_amd64/ssl/share/man/man3/BIO_f_buffer.3 new file mode 100755 index 0000000..a53b1c6 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/BIO_f_buffer.3 @@ -0,0 +1,224 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_F_BUFFER 3" +.TH BIO_F_BUFFER 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_get_buffer_num_lines, +BIO_set_read_buffer_size, +BIO_set_write_buffer_size, +BIO_set_buffer_size, +BIO_set_buffer_read_data, +BIO_f_buffer +\&\- buffering BIO +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const BIO_METHOD *BIO_f_buffer(void); +\& +\& long BIO_get_buffer_num_lines(BIO *b); +\& long BIO_set_read_buffer_size(BIO *b, long size); +\& long BIO_set_write_buffer_size(BIO *b, long size); +\& long BIO_set_buffer_size(BIO *b, long size); +\& long BIO_set_buffer_read_data(BIO *b, void *buf, long num); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBIO_f_buffer()\fR returns the buffering \s-1BIO\s0 method. +.PP +Data written to a buffering \s-1BIO\s0 is buffered and periodically written +to the next \s-1BIO\s0 in the chain. Data read from a buffering \s-1BIO\s0 comes from +an internal buffer which is filled from the next \s-1BIO\s0 in the chain. +Both \fIBIO_gets()\fR and \fIBIO_puts()\fR are supported. +.PP +Calling \fIBIO_reset()\fR on a buffering \s-1BIO\s0 clears any buffered data. +.PP +\&\fIBIO_get_buffer_num_lines()\fR returns the number of lines currently buffered. +.PP +\&\fIBIO_set_read_buffer_size()\fR, \fIBIO_set_write_buffer_size()\fR and \fIBIO_set_buffer_size()\fR +set the read, write or both read and write buffer sizes to \fBsize\fR. The initial +buffer size is \s-1DEFAULT_BUFFER_SIZE\s0, currently 4096. Any attempt to reduce the +buffer size below \s-1DEFAULT_BUFFER_SIZE\s0 is ignored. Any buffered data is cleared +when the buffer is resized. +.PP +\&\fIBIO_set_buffer_read_data()\fR clears the read buffer and fills it with \fBnum\fR +bytes of \fBbuf\fR. If \fBnum\fR is larger than the current buffer size the buffer +is expanded. +.SH "NOTES" +.IX Header "NOTES" +These functions, other than \fIBIO_f_buffer()\fR, are implemented as macros. +.PP +Buffering BIOs implement \fIBIO_read_ex()\fR and \fIBIO_gets()\fR by using +\&\fIBIO_read_ex()\fR operations on the next \s-1BIO\s0 in the chain and storing the +result in an internal buffer, from which bytes are given back to the +caller as appropriate for the call; a \fIBIO_gets()\fR is guaranteed to give +the caller a whole line, and \fIBIO_read_ex()\fR is guaranteed to give the +caller the number of bytes it asks for, unless there's an error or end +of communication is reached in the next \s-1BIO\s0. By prepending a +buffering \s-1BIO\s0 to a chain it is therefore possible to provide +\&\fIBIO_gets()\fR or exact size \fIBIO_read_ex()\fR functionality if the following +BIOs do not support it. +.PP +Do not add more than one \fIBIO_f_buffer()\fR to a \s-1BIO\s0 chain. The result of +doing so will force a full read of the size of the internal buffer of +the top \fIBIO_f_buffer()\fR, which is 4 KiB at a minimum. +.PP +Data is only written to the next \s-1BIO\s0 in the chain when the write buffer fills +or when \fIBIO_flush()\fR is called. It is therefore important to call \fIBIO_flush()\fR +whenever any pending data should be written such as when removing a buffering +\&\s-1BIO\s0 using \fIBIO_pop()\fR. \fIBIO_flush()\fR may need to be retried if the ultimate +source/sink \s-1BIO\s0 is non blocking. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_f_buffer()\fR returns the buffering \s-1BIO\s0 method. +.PP +\&\fIBIO_get_buffer_num_lines()\fR returns the number of lines buffered (may be 0). +.PP +\&\fIBIO_set_read_buffer_size()\fR, \fIBIO_set_write_buffer_size()\fR and \fIBIO_set_buffer_size()\fR +return 1 if the buffer was successfully resized or 0 for failure. +.PP +\&\fIBIO_set_buffer_read_data()\fR returns 1 if the data was set correctly or 0 if +there was an error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIbio\fR\|(7), +\&\fIBIO_reset\fR\|(3), +\&\fIBIO_flush\fR\|(3), +\&\fIBIO_pop\fR\|(3), +\&\fIBIO_ctrl\fR\|(3). +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/BIO_f_cipher.3 b/linux_amd64/ssl/share/man/man3/BIO_f_cipher.3 new file mode 100755 index 0000000..fbf9c55 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/BIO_f_cipher.3 @@ -0,0 +1,202 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_F_CIPHER 3" +.TH BIO_F_CIPHER 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_f_cipher, BIO_set_cipher, BIO_get_cipher_status, BIO_get_cipher_ctx \- cipher BIO filter +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& #include +\& #include +\& +\& const BIO_METHOD *BIO_f_cipher(void); +\& void BIO_set_cipher(BIO *b, const EVP_CIPHER *cipher, +\& unsigned char *key, unsigned char *iv, int enc); +\& int BIO_get_cipher_status(BIO *b) +\& int BIO_get_cipher_ctx(BIO *b, EVP_CIPHER_CTX **pctx) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBIO_f_cipher()\fR returns the cipher \s-1BIO\s0 method. This is a filter +\&\s-1BIO\s0 that encrypts any data written through it, and decrypts any data +read from it. It is a \s-1BIO\s0 wrapper for the cipher routines +\&\fIEVP_CipherInit()\fR, \fIEVP_CipherUpdate()\fR and \fIEVP_CipherFinal()\fR. +.PP +Cipher BIOs do not support \fIBIO_gets()\fR or \fIBIO_puts()\fR. +.PP +\&\fIBIO_flush()\fR on an encryption \s-1BIO\s0 that is being written through is +used to signal that no more data is to be encrypted: this is used +to flush and possibly pad the final block through the \s-1BIO\s0. +.PP +\&\fIBIO_set_cipher()\fR sets the cipher of \s-1BIO\s0 \fBb\fR to \fBcipher\fR using key \fBkey\fR +and \s-1IV\s0 \fBiv\fR. \fBenc\fR should be set to 1 for encryption and zero for +decryption. +.PP +When reading from an encryption \s-1BIO\s0 the final block is automatically +decrypted and checked when \s-1EOF\s0 is detected. \fIBIO_get_cipher_status()\fR +is a \fIBIO_ctrl()\fR macro which can be called to determine whether the +decryption operation was successful. +.PP +\&\fIBIO_get_cipher_ctx()\fR is a \fIBIO_ctrl()\fR macro which retrieves the internal +\&\s-1BIO\s0 cipher context. The retrieved context can be used in conjunction +with the standard cipher routines to set it up. This is useful when +\&\fIBIO_set_cipher()\fR is not flexible enough for the applications needs. +.SH "NOTES" +.IX Header "NOTES" +When encrypting \fIBIO_flush()\fR \fBmust\fR be called to flush the final block +through the \s-1BIO\s0. If it is not then the final block will fail a subsequent +decrypt. +.PP +When decrypting an error on the final block is signaled by a zero +return value from the read operation. A successful decrypt followed +by \s-1EOF\s0 will also return zero for the final read. \fIBIO_get_cipher_status()\fR +should be called to determine if the decrypt was successful. +.PP +As always, if \fIBIO_gets()\fR or \fIBIO_puts()\fR support is needed then it can +be achieved by preceding the cipher \s-1BIO\s0 with a buffering \s-1BIO\s0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_f_cipher()\fR returns the cipher \s-1BIO\s0 method. +.PP +\&\fIBIO_set_cipher()\fR does not return a value. +.PP +\&\fIBIO_get_cipher_status()\fR returns 1 for a successful decrypt and 0 +for failure. +.PP +\&\fIBIO_get_cipher_ctx()\fR currently always returns 1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/BIO_f_md.3 b/linux_amd64/ssl/share/man/man3/BIO_f_md.3 new file mode 100755 index 0000000..cfd2878 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/BIO_f_md.3 @@ -0,0 +1,286 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_F_MD 3" +.TH BIO_F_MD 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_f_md, BIO_set_md, BIO_get_md, BIO_get_md_ctx \- message digest BIO filter +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& #include +\& #include +\& +\& const BIO_METHOD *BIO_f_md(void); +\& int BIO_set_md(BIO *b, EVP_MD *md); +\& int BIO_get_md(BIO *b, EVP_MD **mdp); +\& int BIO_get_md_ctx(BIO *b, EVP_MD_CTX **mdcp); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBIO_f_md()\fR returns the message digest \s-1BIO\s0 method. This is a filter +\&\s-1BIO\s0 that digests any data passed through it, it is a \s-1BIO\s0 wrapper +for the digest routines \fIEVP_DigestInit()\fR, \fIEVP_DigestUpdate()\fR +and \fIEVP_DigestFinal()\fR. +.PP +Any data written or read through a digest \s-1BIO\s0 using \fIBIO_read_ex()\fR and +\&\fIBIO_write_ex()\fR is digested. +.PP +\&\fIBIO_gets()\fR, if its \fBsize\fR parameter is large enough finishes the +digest calculation and returns the digest value. \fIBIO_puts()\fR is +not supported. +.PP +\&\fIBIO_reset()\fR reinitialises a digest \s-1BIO\s0. +.PP +\&\fIBIO_set_md()\fR sets the message digest of \s-1BIO\s0 \fBb\fR to \fBmd\fR: this +must be called to initialize a digest \s-1BIO\s0 before any data is +passed through it. It is a \fIBIO_ctrl()\fR macro. +.PP +\&\fIBIO_get_md()\fR places the a pointer to the digest BIOs digest method +in \fBmdp\fR, it is a \fIBIO_ctrl()\fR macro. +.PP +\&\fIBIO_get_md_ctx()\fR returns the digest BIOs context into \fBmdcp\fR. +.SH "NOTES" +.IX Header "NOTES" +The context returned by \fIBIO_get_md_ctx()\fR can be used in calls +to \fIEVP_DigestFinal()\fR and also the signature routines \fIEVP_SignFinal()\fR +and \fIEVP_VerifyFinal()\fR. +.PP +The context returned by \fIBIO_get_md_ctx()\fR is an internal context +structure. Changes made to this context will affect the digest +\&\s-1BIO\s0 itself and the context pointer will become invalid when the digest +\&\s-1BIO\s0 is freed. +.PP +After the digest has been retrieved from a digest \s-1BIO\s0 it must be +reinitialized by calling \fIBIO_reset()\fR, or \fIBIO_set_md()\fR before any more +data is passed through it. +.PP +If an application needs to call \fIBIO_gets()\fR or \fIBIO_puts()\fR through +a chain containing digest BIOs then this can be done by prepending +a buffering \s-1BIO\s0. +.PP +Calling \fIBIO_get_md_ctx()\fR will return the context and initialize the \s-1BIO\s0 +state. This allows applications to initialize the context externally +if the standard calls such as \fIBIO_set_md()\fR are not sufficiently flexible. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_f_md()\fR returns the digest \s-1BIO\s0 method. +.PP +\&\fIBIO_set_md()\fR, \fIBIO_get_md()\fR and \fIBIO_md_ctx()\fR return 1 for success and +0 for failure. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The following example creates a \s-1BIO\s0 chain containing an \s-1SHA1\s0 and \s-1MD5\s0 +digest \s-1BIO\s0 and passes the string \*(L"Hello World\*(R" through it. Error +checking has been omitted for clarity. +.PP +.Vb 2 +\& BIO *bio, *mdtmp; +\& char message[] = "Hello World"; +\& +\& bio = BIO_new(BIO_s_null()); +\& mdtmp = BIO_new(BIO_f_md()); +\& BIO_set_md(mdtmp, EVP_sha1()); +\& /* +\& * For BIO_push() we want to append the sink BIO and keep a note of +\& * the start of the chain. +\& */ +\& bio = BIO_push(mdtmp, bio); +\& mdtmp = BIO_new(BIO_f_md()); +\& BIO_set_md(mdtmp, EVP_md5()); +\& bio = BIO_push(mdtmp, bio); +\& /* Note: mdtmp can now be discarded */ +\& BIO_write(bio, message, strlen(message)); +.Ve +.PP +The next example digests data by reading through a chain instead: +.PP +.Vb 3 +\& BIO *bio, *mdtmp; +\& char buf[1024]; +\& int rdlen; +\& +\& bio = BIO_new_file(file, "rb"); +\& mdtmp = BIO_new(BIO_f_md()); +\& BIO_set_md(mdtmp, EVP_sha1()); +\& bio = BIO_push(mdtmp, bio); +\& mdtmp = BIO_new(BIO_f_md()); +\& BIO_set_md(mdtmp, EVP_md5()); +\& bio = BIO_push(mdtmp, bio); +\& do { +\& rdlen = BIO_read(bio, buf, sizeof(buf)); +\& /* Might want to do something with the data here */ +\& } while (rdlen > 0); +.Ve +.PP +This next example retrieves the message digests from a \s-1BIO\s0 chain and +outputs them. This could be used with the examples above. +.PP +.Vb 4 +\& BIO *mdtmp; +\& unsigned char mdbuf[EVP_MAX_MD_SIZE]; +\& int mdlen; +\& int i; +\& +\& mdtmp = bio; /* Assume bio has previously been set up */ +\& do { +\& EVP_MD *md; +\& +\& mdtmp = BIO_find_type(mdtmp, BIO_TYPE_MD); +\& if (!mdtmp) +\& break; +\& BIO_get_md(mdtmp, &md); +\& printf("%s digest", OBJ_nid2sn(EVP_MD_type(md))); +\& mdlen = BIO_gets(mdtmp, mdbuf, EVP_MAX_MD_SIZE); +\& for (i = 0; i < mdlen; i++) printf(":%02X", mdbuf[i]); +\& printf("\en"); +\& mdtmp = BIO_next(mdtmp); +\& } while (mdtmp); +\& +\& BIO_free_all(bio); +.Ve +.SH "BUGS" +.IX Header "BUGS" +The lack of support for \fIBIO_puts()\fR and the non standard behaviour of +\&\fIBIO_gets()\fR could be regarded as anomalous. It could be argued that \fIBIO_gets()\fR +and \fIBIO_puts()\fR should be passed to the next \s-1BIO\s0 in the chain and digest +the data passed through and that digests should be retrieved using a +separate \fIBIO_ctrl()\fR call. +.SH "HISTORY" +.IX Header "HISTORY" +Before OpenSSL 1.0.0., the call to \fIBIO_get_md_ctx()\fR would only work if the +\&\s-1BIO\s0 was initialized first. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/BIO_f_null.3 b/linux_amd64/ssl/share/man/man3/BIO_f_null.3 new file mode 100755 index 0000000..996f112 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/BIO_f_null.3 @@ -0,0 +1,162 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_F_NULL 3" +.TH BIO_F_NULL 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_f_null \- null filter +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const BIO_METHOD *BIO_f_null(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBIO_f_null()\fR returns the null filter \s-1BIO\s0 method. This is a filter \s-1BIO\s0 +that does nothing. +.PP +All requests to a null filter \s-1BIO\s0 are passed through to the next \s-1BIO\s0 in +the chain: this means that a \s-1BIO\s0 chain containing a null filter \s-1BIO\s0 +behaves just as though the \s-1BIO\s0 was not there. +.SH "NOTES" +.IX Header "NOTES" +As may be apparent a null filter \s-1BIO\s0 is not particularly useful. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_f_null()\fR returns the null filter \s-1BIO\s0 method. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/BIO_f_prefix.3 b/linux_amd64/ssl/share/man/man3/BIO_f_prefix.3 new file mode 100755 index 0000000..5e480dd --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/BIO_f_prefix.3 @@ -0,0 +1,192 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_F_PREFIX 3" +.TH BIO_F_PREFIX 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_f_prefix, BIO_set_prefix, BIO_set_indent, BIO_get_indent +\&\- prefix BIO filter +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const BIO_METHOD *BIO_f_prefix(void); +\& long BIO_set_prefix(BIO *b, const char *prefix); +\& long BIO_set_indent(BIO *b, long indent); +\& long BIO_get_indent(BIO *b); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBIO_f_cipher()\fR returns the prefix \s-1BIO\s0 method. This is a filter for +text output, where each line gets automatically prefixed and indented +according to user input. +.PP +The prefix and the indentation are combined. For each line of output +going through this filter, the prefix is output first, then the amount +of additional spaces indicated by the indentation, and then the line +itself. +.PP +By default, there is no prefix, and indentation is set to 0. +.PP +\&\fIBIO_set_prefix()\fR sets the prefix to be used for future lines of +text, using \fIprefix\fR. \fIprefix\fR may be \s-1NULL\s0, signifying that there +should be no prefix. If \fIprefix\fR isn't \s-1NULL\s0, this function makes a +copy of it. +.PP +\&\fIBIO_set_indent()\fR sets the indentation to be used for future lines of +text, using \fIindent\fR. Negative values are not allowed. +.PP +\&\fIBIO_get_indent()\fR gets the current indentation. +.SH "NOTES" +.IX Header "NOTES" +\&\fIBIO_set_prefix()\fR, \fIBIO_set_indent()\fR and \fIBIO_get_indent()\fR are +implemented as macros. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_f_prefix()\fR returns the prefix \s-1BIO\s0 method. +.PP +\&\fIBIO_set_prefix()\fR returns 1 if the prefix was correctly set, or 0 on +failure. +.PP +\&\fIBIO_set_indent()\fR returns 1 if the prefix was correctly set, or 0 on +failure. +.PP +\&\fIBIO_get_indent()\fR returns the current indentation. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIbio\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/BIO_f_ssl.3 b/linux_amd64/ssl/share/man/man3/BIO_f_ssl.3 new file mode 100755 index 0000000..5e62cba --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/BIO_f_ssl.3 @@ -0,0 +1,431 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_F_SSL 3" +.TH BIO_F_SSL 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_do_handshake, +BIO_f_ssl, BIO_set_ssl, BIO_get_ssl, BIO_set_ssl_mode, +BIO_set_ssl_renegotiate_bytes, +BIO_get_num_renegotiates, BIO_set_ssl_renegotiate_timeout, BIO_new_ssl, +BIO_new_ssl_connect, BIO_new_buffer_ssl_connect, BIO_ssl_copy_session_id, +BIO_ssl_shutdown \- SSL BIO +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& #include +\& #include +\& +\& const BIO_METHOD *BIO_f_ssl(void); +\& +\& long BIO_set_ssl(BIO *b, SSL *ssl, long c); +\& long BIO_get_ssl(BIO *b, SSL **sslp); +\& long BIO_set_ssl_mode(BIO *b, long client); +\& long BIO_set_ssl_renegotiate_bytes(BIO *b, long num); +\& long BIO_set_ssl_renegotiate_timeout(BIO *b, long seconds); +\& long BIO_get_num_renegotiates(BIO *b); +\& +\& BIO *BIO_new_ssl(SSL_CTX *ctx, int client); +\& BIO *BIO_new_ssl_connect(SSL_CTX *ctx); +\& BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx); +\& int BIO_ssl_copy_session_id(BIO *to, BIO *from); +\& void BIO_ssl_shutdown(BIO *bio); +\& +\& long BIO_do_handshake(BIO *b); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBIO_f_ssl()\fR returns the \s-1SSL\s0 \s-1BIO\s0 method. This is a filter \s-1BIO\s0 which +is a wrapper round the OpenSSL \s-1SSL\s0 routines adding a \s-1BIO\s0 \*(L"flavour\*(R" to +\&\s-1SSL\s0 I/O. +.PP +I/O performed on an \s-1SSL\s0 \s-1BIO\s0 communicates using the \s-1SSL\s0 protocol with +the SSLs read and write BIOs. If an \s-1SSL\s0 connection is not established +then an attempt is made to establish one on the first I/O call. +.PP +If a \s-1BIO\s0 is appended to an \s-1SSL\s0 \s-1BIO\s0 using \fIBIO_push()\fR it is automatically +used as the \s-1SSL\s0 BIOs read and write BIOs. +.PP +Calling \fIBIO_reset()\fR on an \s-1SSL\s0 \s-1BIO\s0 closes down any current \s-1SSL\s0 connection +by calling \fISSL_shutdown()\fR. \fIBIO_reset()\fR is then sent to the next \s-1BIO\s0 in +the chain: this will typically disconnect the underlying transport. +The \s-1SSL\s0 \s-1BIO\s0 is then reset to the initial accept or connect state. +.PP +If the close flag is set when an \s-1SSL\s0 \s-1BIO\s0 is freed then the internal +\&\s-1SSL\s0 structure is also freed using \fISSL_free()\fR. +.PP +\&\fIBIO_set_ssl()\fR sets the internal \s-1SSL\s0 pointer of \s-1BIO\s0 \fBb\fR to \fBssl\fR using +the close flag \fBc\fR. +.PP +\&\fIBIO_get_ssl()\fR retrieves the \s-1SSL\s0 pointer of \s-1BIO\s0 \fBb\fR, it can then be +manipulated using the standard \s-1SSL\s0 library functions. +.PP +\&\fIBIO_set_ssl_mode()\fR sets the \s-1SSL\s0 \s-1BIO\s0 mode to \fBclient\fR. If \fBclient\fR +is 1 client mode is set. If \fBclient\fR is 0 server mode is set. +.PP +\&\fIBIO_set_ssl_renegotiate_bytes()\fR sets the renegotiate byte count +to \fBnum\fR. When set after every \fBnum\fR bytes of I/O (read and write) +the \s-1SSL\s0 session is automatically renegotiated. \fBnum\fR must be at +least 512 bytes. +.PP +\&\fIBIO_set_ssl_renegotiate_timeout()\fR sets the renegotiate timeout to +\&\fBseconds\fR. When the renegotiate timeout elapses the session is +automatically renegotiated. +.PP +\&\fIBIO_get_num_renegotiates()\fR returns the total number of session +renegotiations due to I/O or timeout. +.PP +\&\fIBIO_new_ssl()\fR allocates an \s-1SSL\s0 \s-1BIO\s0 using \s-1SSL_CTX\s0 \fBctx\fR and using +client mode if \fBclient\fR is non zero. +.PP +\&\fIBIO_new_ssl_connect()\fR creates a new \s-1BIO\s0 chain consisting of an +\&\s-1SSL\s0 \s-1BIO\s0 (using \fBctx\fR) followed by a connect \s-1BIO\s0. +.PP +\&\fIBIO_new_buffer_ssl_connect()\fR creates a new \s-1BIO\s0 chain consisting +of a buffering \s-1BIO\s0, an \s-1SSL\s0 \s-1BIO\s0 (using \fBctx\fR) and a connect +\&\s-1BIO\s0. +.PP +\&\fIBIO_ssl_copy_session_id()\fR copies an \s-1SSL\s0 session id between +\&\s-1BIO\s0 chains \fBfrom\fR and \fBto\fR. It does this by locating the +\&\s-1SSL\s0 BIOs in each chain and calling \fISSL_copy_session_id()\fR on +the internal \s-1SSL\s0 pointer. +.PP +\&\fIBIO_ssl_shutdown()\fR closes down an \s-1SSL\s0 connection on \s-1BIO\s0 +chain \fBbio\fR. It does this by locating the \s-1SSL\s0 \s-1BIO\s0 in the +chain and calling \fISSL_shutdown()\fR on its internal \s-1SSL\s0 +pointer. +.PP +\&\fIBIO_do_handshake()\fR attempts to complete an \s-1SSL\s0 handshake on the +supplied \s-1BIO\s0 and establish the \s-1SSL\s0 connection. It returns 1 +if the connection was established successfully. A zero or negative +value is returned if the connection could not be established, the +call \fIBIO_should_retry()\fR should be used for non blocking connect BIOs +to determine if the call should be retried. If an \s-1SSL\s0 connection has +already been established this call has no effect. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1SSL\s0 BIOs are exceptional in that if the underlying transport +is non blocking they can still request a retry in exceptional +circumstances. Specifically this will happen if a session +renegotiation takes place during a \fIBIO_read_ex()\fR operation, one +case where this happens is when step up occurs. +.PP +The \s-1SSL\s0 flag \s-1SSL_AUTO_RETRY\s0 can be +set to disable this behaviour. That is when this flag is set +an \s-1SSL\s0 \s-1BIO\s0 using a blocking transport will never request a +retry. +.PP +Since unknown \fIBIO_ctrl()\fR operations are sent through filter +BIOs the servers name and port can be set using \fIBIO_set_host()\fR +on the \s-1BIO\s0 returned by \fIBIO_new_ssl_connect()\fR without having +to locate the connect \s-1BIO\s0 first. +.PP +Applications do not have to call \fIBIO_do_handshake()\fR but may wish +to do so to separate the handshake process from other I/O +processing. +.PP +\&\fIBIO_set_ssl()\fR, \fIBIO_get_ssl()\fR, \fIBIO_set_ssl_mode()\fR, +\&\fIBIO_set_ssl_renegotiate_bytes()\fR, \fIBIO_set_ssl_renegotiate_timeout()\fR, +\&\fIBIO_get_num_renegotiates()\fR, and \fIBIO_do_handshake()\fR are implemented as macros. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_f_ssl()\fR returns the \s-1SSL\s0 \fB\s-1BIO_METHOD\s0\fR structure. +.PP +\&\fIBIO_set_ssl()\fR, \fIBIO_get_ssl()\fR, \fIBIO_set_ssl_mode()\fR, \fIBIO_set_ssl_renegotiate_bytes()\fR, +\&\fIBIO_set_ssl_renegotiate_timeout()\fR and \fIBIO_get_num_renegotiates()\fR return 1 on +success or a value which is less than or equal to 0 if an error occurred. +.PP +\&\fIBIO_new_ssl()\fR, \fIBIO_new_ssl_connect()\fR and \fIBIO_new_buffer_ssl_connect()\fR return +a valid \fB\s-1BIO\s0\fR structure on success or \fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fIBIO_ssl_copy_session_id()\fR returns 1 on success or 0 on error. +.PP +\&\fIBIO_do_handshake()\fR returns 1 if the connection was established successfully. +A zero or negative value is returned if the connection could not be established. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This \s-1SSL/TLS\s0 client example attempts to retrieve a page from an +\&\s-1SSL/TLS\s0 web server. The I/O routines are identical to those of the +unencrypted example in \fIBIO_s_connect\fR\|(3). +.PP +.Vb 5 +\& BIO *sbio, *out; +\& int len; +\& char tmpbuf[1024]; +\& SSL_CTX *ctx; +\& SSL *ssl; +\& +\& /* XXX Seed the PRNG if needed. */ +\& +\& ctx = SSL_CTX_new(TLS_client_method()); +\& +\& /* XXX Set verify paths and mode here. */ +\& +\& sbio = BIO_new_ssl_connect(ctx); +\& BIO_get_ssl(sbio, &ssl); +\& if (ssl == NULL) { +\& fprintf(stderr, "Can\*(Aqt locate SSL pointer\en"); +\& ERR_print_errors_fp(stderr); +\& exit(1); +\& } +\& +\& /* Don\*(Aqt want any retries */ +\& SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); +\& +\& /* XXX We might want to do other things with ssl here */ +\& +\& /* An empty host part means the loopback address */ +\& BIO_set_conn_hostname(sbio, ":https"); +\& +\& out = BIO_new_fp(stdout, BIO_NOCLOSE); +\& if (BIO_do_connect(sbio) <= 0) { +\& fprintf(stderr, "Error connecting to server\en"); +\& ERR_print_errors_fp(stderr); +\& exit(1); +\& } +\& if (BIO_do_handshake(sbio) <= 0) { +\& fprintf(stderr, "Error establishing SSL connection\en"); +\& ERR_print_errors_fp(stderr); +\& exit(1); +\& } +\& +\& /* XXX Could examine ssl here to get connection info */ +\& +\& BIO_puts(sbio, "GET / HTTP/1.0\en\en"); +\& for (;;) { +\& len = BIO_read(sbio, tmpbuf, 1024); +\& if (len <= 0) +\& break; +\& BIO_write(out, tmpbuf, len); +\& } +\& BIO_free_all(sbio); +\& BIO_free(out); +.Ve +.PP +Here is a simple server example. It makes use of a buffering +\&\s-1BIO\s0 to allow lines to be read from the \s-1SSL\s0 \s-1BIO\s0 using BIO_gets. +It creates a pseudo web page containing the actual request from +a client and also echoes the request to standard output. +.PP +.Vb 5 +\& BIO *sbio, *bbio, *acpt, *out; +\& int len; +\& char tmpbuf[1024]; +\& SSL_CTX *ctx; +\& SSL *ssl; +\& +\& /* XXX Seed the PRNG if needed. */ +\& +\& ctx = SSL_CTX_new(TLS_server_method()); +\& if (!SSL_CTX_use_certificate_file(ctx, "server.pem", SSL_FILETYPE_PEM) +\& || !SSL_CTX_use_PrivateKey_file(ctx, "server.pem", SSL_FILETYPE_PEM) +\& || !SSL_CTX_check_private_key(ctx)) { +\& fprintf(stderr, "Error setting up SSL_CTX\en"); +\& ERR_print_errors_fp(stderr); +\& exit(1); +\& } +\& +\& /* XXX Other things like set verify locations, EDH temp callbacks. */ +\& +\& /* New SSL BIO setup as server */ +\& sbio = BIO_new_ssl(ctx, 0); +\& BIO_get_ssl(sbio, &ssl); +\& if (ssl == NULL) { +\& fprintf(stderr, "Can\*(Aqt locate SSL pointer\en"); +\& ERR_print_errors_fp(stderr); +\& exit(1); +\& } +\& +\& SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); +\& bbio = BIO_new(BIO_f_buffer()); +\& sbio = BIO_push(bbio, sbio); +\& acpt = BIO_new_accept("4433"); +\& +\& /* +\& * By doing this when a new connection is established +\& * we automatically have sbio inserted into it. The +\& * BIO chain is now \*(Aqswallowed\*(Aq by the accept BIO and +\& * will be freed when the accept BIO is freed. +\& */ +\& BIO_set_accept_bios(acpt, sbio); +\& out = BIO_new_fp(stdout, BIO_NOCLOSE); +\& +\& /* Setup accept BIO */ +\& if (BIO_do_accept(acpt) <= 0) { +\& fprintf(stderr, "Error setting up accept BIO\en"); +\& ERR_print_errors_fp(stderr); +\& exit(1); +\& } +\& +\& /* We only want one connection so remove and free accept BIO */ +\& sbio = BIO_pop(acpt); +\& BIO_free_all(acpt); +\& +\& if (BIO_do_handshake(sbio) <= 0) { +\& fprintf(stderr, "Error in SSL handshake\en"); +\& ERR_print_errors_fp(stderr); +\& exit(1); +\& } +\& +\& BIO_puts(sbio, "HTTP/1.0 200 OK\er\enContent\-type: text/plain\er\en\er\en"); +\& BIO_puts(sbio, "\er\enConnection Established\er\enRequest headers:\er\en"); +\& BIO_puts(sbio, "\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\er\en"); +\& +\& for (;;) { +\& len = BIO_gets(sbio, tmpbuf, 1024); +\& if (len <= 0) +\& break; +\& BIO_write(sbio, tmpbuf, len); +\& BIO_write(out, tmpbuf, len); +\& /* Look for blank line signifying end of headers*/ +\& if (tmpbuf[0] == \*(Aq\er\*(Aq || tmpbuf[0] == \*(Aq\en\*(Aq) +\& break; +\& } +\& +\& BIO_puts(sbio, "\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\er\en"); +\& BIO_puts(sbio, "\er\en"); +\& BIO_flush(sbio); +\& BIO_free_all(sbio); +.Ve +.SH "HISTORY" +.IX Header "HISTORY" +In OpenSSL before 1.0.0 the \fIBIO_pop()\fR call was handled incorrectly, +the I/O \s-1BIO\s0 reference count was incorrectly incremented (instead of +decremented) and dissociated with the \s-1SSL\s0 \s-1BIO\s0 even if the \s-1SSL\s0 \s-1BIO\s0 was not +explicitly being popped (e.g. a pop higher up the chain). Applications which +included workarounds for this bug (e.g. freeing BIOs more than once) should +be modified to handle this fix or they may free up an already freed \s-1BIO\s0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/BIO_find_type.3 b/linux_amd64/ssl/share/man/man3/BIO_find_type.3 new file mode 100755 index 0000000..5090bb6 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/BIO_find_type.3 @@ -0,0 +1,194 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_FIND_TYPE 3" +.TH BIO_FIND_TYPE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_find_type, BIO_next, BIO_method_type \- BIO chain traversal +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& BIO *BIO_find_type(BIO *b, int bio_type); +\& BIO *BIO_next(BIO *b); +\& int BIO_method_type(const BIO *b); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fIBIO_find_type()\fR searches for a \s-1BIO\s0 of a given type in a chain, starting +at \s-1BIO\s0 \fBb\fR. If \fBtype\fR is a specific type (such as \fB\s-1BIO_TYPE_MEM\s0\fR) then a search +is made for a \s-1BIO\s0 of that type. If \fBtype\fR is a general type (such as +\&\fB\s-1BIO_TYPE_SOURCE_SINK\s0\fR) then the next matching \s-1BIO\s0 of the given general type is +searched for. \fIBIO_find_type()\fR returns the next matching \s-1BIO\s0 or \s-1NULL\s0 if none is +found. +.PP +The following general types are defined: +\&\fB\s-1BIO_TYPE_DESCRIPTOR\s0\fR, \fB\s-1BIO_TYPE_FILTER\s0\fR, and \fB\s-1BIO_TYPE_SOURCE_SINK\s0\fR. +.PP +For a list of the specific types, see the \fBopenssl/bio.h\fR header file. +.PP +\&\fIBIO_next()\fR returns the next \s-1BIO\s0 in a chain. It can be used to traverse all BIOs +in a chain or used in conjunction with \fIBIO_find_type()\fR to find all BIOs of a +certain type. +.PP +\&\fIBIO_method_type()\fR returns the type of a \s-1BIO\s0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_find_type()\fR returns a matching \s-1BIO\s0 or \s-1NULL\s0 for no match. +.PP +\&\fIBIO_next()\fR returns the next \s-1BIO\s0 in a chain. +.PP +\&\fIBIO_method_type()\fR returns the type of the \s-1BIO\s0 \fBb\fR. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Traverse a chain looking for digest BIOs: +.PP +.Vb 1 +\& BIO *btmp; +\& +\& btmp = in_bio; /* in_bio is chain to search through */ +\& do { +\& btmp = BIO_find_type(btmp, BIO_TYPE_MD); +\& if (btmp == NULL) +\& break; /* Not found */ +\& /* btmp is a digest BIO, do something with it ...*/ +\& ... +\& +\& btmp = BIO_next(btmp); +\& } while (btmp); +.Ve +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/BIO_get_data.3 b/linux_amd64/ssl/share/man/man3/BIO_get_data.3 new file mode 100755 index 0000000..2fd9d74 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/BIO_get_data.3 @@ -0,0 +1,187 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_GET_DATA 3" +.TH BIO_GET_DATA 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_set_data, BIO_get_data, BIO_set_init, BIO_get_init, BIO_set_shutdown, +BIO_get_shutdown \- functions for managing BIO state information +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void BIO_set_data(BIO *a, void *ptr); +\& void *BIO_get_data(BIO *a); +\& void BIO_set_init(BIO *a, int init); +\& int BIO_get_init(BIO *a); +\& void BIO_set_shutdown(BIO *a, int shut); +\& int BIO_get_shutdown(BIO *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions are mainly useful when implementing a custom \s-1BIO\s0. +.PP +The \fIBIO_set_data()\fR function associates the custom data pointed to by \fBptr\fR with +the \s-1BIO\s0. This data can subsequently be retrieved via a call to \fIBIO_get_data()\fR. +This can be used by custom BIOs for storing implementation specific information. +.PP +The \fIBIO_set_init()\fR function sets the value of the \s-1BIO\s0's \*(L"init\*(R" flag to indicate +whether initialisation has been completed for this \s-1BIO\s0 or not. A nonzero value +indicates that initialisation is complete, whilst zero indicates that it is not. +Often initialisation will complete during initial construction of the \s-1BIO\s0. For +some BIOs however, initialisation may not complete until after additional steps +have occurred (for example through calling custom ctrls). The \fIBIO_get_init()\fR +function returns the value of the \*(L"init\*(R" flag. +.PP +The \fIBIO_set_shutdown()\fR and \fIBIO_get_shutdown()\fR functions set and get the state of +this \s-1BIO\s0's shutdown (i.e. \s-1BIO_CLOSE\s0) flag. If set then the underlying resource +is also closed when the \s-1BIO\s0 is freed. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_get_data()\fR returns a pointer to the implementation specific custom data +associated with this \s-1BIO\s0, or \s-1NULL\s0 if none has been set. +.PP +\&\fIBIO_get_init()\fR returns the state of the \s-1BIO\s0's init flag. +.PP +\&\fIBIO_get_shutdown()\fR returns the stat of the \s-1BIO\s0's shutdown (i.e. \s-1BIO_CLOSE\s0) flag. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIbio\fR\|(7), \fIBIO_meth_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/BIO_get_ex_new_index.3 b/linux_amd64/ssl/share/man/man3/BIO_get_ex_new_index.3 new file mode 100755 index 0000000..576f4a5 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/BIO_get_ex_new_index.3 @@ -0,0 +1,217 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_GET_EX_NEW_INDEX 3" +.TH BIO_GET_EX_NEW_INDEX 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_get_ex_new_index, BIO_set_ex_data, BIO_get_ex_data, +BIO_set_app_data, BIO_get_app_data, +DH_get_ex_new_index, DH_set_ex_data, DH_get_ex_data, +DSA_get_ex_new_index, DSA_set_ex_data, DSA_get_ex_data, +ECDH_get_ex_new_index, ECDH_set_ex_data, ECDH_get_ex_data, +EC_KEY_get_ex_new_index, EC_KEY_set_ex_data, EC_KEY_get_ex_data, +ENGINE_get_ex_new_index, ENGINE_set_ex_data, ENGINE_get_ex_data, +RAND_DRBG_set_ex_data, RAND_DRBG_get_ex_data, RAND_DRBG_get_ex_new_index, +RSA_get_ex_new_index, RSA_set_ex_data, RSA_get_ex_data, +RSA_set_app_data, RSA_get_app_data, +SSL_get_ex_new_index, SSL_set_ex_data, SSL_get_ex_data, +SSL_set_app_data, SSL_get_app_data, +SSL_CTX_get_ex_new_index, SSL_CTX_set_ex_data, SSL_CTX_get_ex_data, +SSL_CTX_set_app_data, SSL_CTX_get_app_data, +SSL_SESSION_get_ex_new_index, SSL_SESSION_set_ex_data, SSL_SESSION_get_ex_data, +SSL_SESSION_set_app_data, SSL_SESSION_get_app_data, +UI_get_ex_new_index, UI_set_ex_data, UI_get_ex_data, +UI_set_app_data, UI_get_app_data, +X509_STORE_CTX_get_ex_new_index, X509_STORE_CTX_set_ex_data, X509_STORE_CTX_get_ex_data, +X509_STORE_CTX_set_app_data, X509_STORE_CTX_get_app_data, +X509_STORE_get_ex_new_index, X509_STORE_set_ex_data, X509_STORE_get_ex_data, +X509_get_ex_new_index, X509_set_ex_data, X509_get_ex_data +\&\- application\-specific data +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int TYPE_get_ex_new_index(long argl, void *argp, +\& CRYPTO_EX_new *new_func, +\& CRYPTO_EX_dup *dup_func, +\& CRYPTO_EX_free *free_func); +\& +\& int TYPE_set_ex_data(TYPE *d, int idx, void *arg); +\& +\& void *TYPE_get_ex_data(TYPE *d, int idx); +\& +\& #define TYPE_set_app_data(TYPE *d, void *arg) +\& #define TYPE_get_app_data(TYPE *d) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +In the description here, \fI\s-1TYPE\s0\fR is used a placeholder +for any of the OpenSSL datatypes listed in +\&\fICRYPTO_get_ex_new_index\fR\|(3). +.PP +These functions handle application-specific data for OpenSSL data +structures. +.PP +\&\fITYPE_get_new_ex_index()\fR is a macro that calls \fICRYPTO_get_ex_new_index()\fR +with the correct \fBindex\fR value. +.PP +\&\fITYPE_set_ex_data()\fR is a function that calls \fICRYPTO_set_ex_data()\fR with +an offset into the opaque exdata part of the \s-1TYPE\s0 object. +.PP +\&\fITYPE_get_ex_data()\fR is a function that calls \fICRYPTO_get_ex_data()\fR with +an offset into the opaque exdata part of the \s-1TYPE\s0 object. +.PP +For compatibility with previous releases, the exdata index of zero is +reserved for \*(L"application data.\*(R" There are two convenience functions for +this. +\&\fITYPE_set_app_data()\fR is a macro that invokes \fITYPE_set_ex_data()\fR with +\&\fBidx\fR set to zero. +\&\fITYPE_get_app_data()\fR is a macro that invokes \fITYPE_get_ex_data()\fR with +\&\fBidx\fR set to zero. +Note that these functions are not defined for the \fB\s-1RAND_DRBG\s0\fR type because +there are no backward compatibility concerns. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fITYPE_get_new_ex_index()\fR returns a new index on success or \-1 on error. +.PP +\&\fITYPE_set_ex_data()\fR returns 1 on success or 0 on error. +.PP +\&\fITYPE_get_ex_data()\fR returns the application data or \s-1NULL\s0 if an error occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fICRYPTO_get_ex_new_index\fR\|(3). +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/BIO_meth_new.3 b/linux_amd64/ssl/share/man/man3/BIO_meth_new.3 new file mode 100755 index 0000000..21787cb --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/BIO_meth_new.3 @@ -0,0 +1,286 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_METH_NEW 3" +.TH BIO_METH_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_get_new_index, +BIO_meth_new, BIO_meth_free, BIO_meth_get_read_ex, BIO_meth_set_read_ex, +BIO_meth_get_write_ex, BIO_meth_set_write_ex, BIO_meth_get_write, +BIO_meth_set_write, BIO_meth_get_read, BIO_meth_set_read, BIO_meth_get_puts, +BIO_meth_set_puts, BIO_meth_get_gets, BIO_meth_set_gets, BIO_meth_get_ctrl, +BIO_meth_set_ctrl, BIO_meth_get_create, BIO_meth_set_create, +BIO_meth_get_destroy, BIO_meth_set_destroy, BIO_meth_get_callback_ctrl, +BIO_meth_set_callback_ctrl \- Routines to build up BIO methods +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BIO_get_new_index(void); +\& +\& BIO_METHOD *BIO_meth_new(int type, const char *name); +\& +\& void BIO_meth_free(BIO_METHOD *biom); +\& +\& int (*BIO_meth_get_write_ex(const BIO_METHOD *biom))(BIO *, const char *, size_t, +\& size_t *); +\& int (*BIO_meth_get_write(const BIO_METHOD *biom))(BIO *, const char *, int); +\& int BIO_meth_set_write_ex(BIO_METHOD *biom, +\& int (*bwrite)(BIO *, const char *, size_t, size_t *)); +\& int BIO_meth_set_write(BIO_METHOD *biom, +\& int (*write)(BIO *, const char *, int)); +\& +\& int (*BIO_meth_get_read_ex(const BIO_METHOD *biom))(BIO *, char *, size_t, size_t *); +\& int (*BIO_meth_get_read(const BIO_METHOD *biom))(BIO *, char *, int); +\& int BIO_meth_set_read_ex(BIO_METHOD *biom, +\& int (*bread)(BIO *, char *, size_t, size_t *)); +\& int BIO_meth_set_read(BIO_METHOD *biom, int (*read)(BIO *, char *, int)); +\& +\& int (*BIO_meth_get_puts(const BIO_METHOD *biom))(BIO *, const char *); +\& int BIO_meth_set_puts(BIO_METHOD *biom, int (*puts)(BIO *, const char *)); +\& +\& int (*BIO_meth_get_gets(const BIO_METHOD *biom))(BIO *, char *, int); +\& int BIO_meth_set_gets(BIO_METHOD *biom, +\& int (*gets)(BIO *, char *, int)); +\& +\& long (*BIO_meth_get_ctrl(const BIO_METHOD *biom))(BIO *, int, long, void *); +\& int BIO_meth_set_ctrl(BIO_METHOD *biom, +\& long (*ctrl)(BIO *, int, long, void *)); +\& +\& int (*BIO_meth_get_create(const BIO_METHOD *bion))(BIO *); +\& int BIO_meth_set_create(BIO_METHOD *biom, int (*create)(BIO *)); +\& +\& int (*BIO_meth_get_destroy(const BIO_METHOD *biom))(BIO *); +\& int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy)(BIO *)); +\& +\& long (*BIO_meth_get_callback_ctrl(const BIO_METHOD *biom))(BIO *, int, BIO_info_cb *); +\& int BIO_meth_set_callback_ctrl(BIO_METHOD *biom, +\& long (*callback_ctrl)(BIO *, int, BIO_info_cb *)); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1BIO_METHOD\s0\fR type is a structure used for the implementation of new \s-1BIO\s0 +types. It provides a set of functions used by OpenSSL for the implementation +of the various \s-1BIO\s0 capabilities. See the \fIbio\fR\|(7) page for more information. +.PP +\&\fIBIO_meth_new()\fR creates a new \fB\s-1BIO_METHOD\s0\fR structure. It should be given a +unique integer \fBtype\fR and a string that represents its \fBname\fR. +Use \fIBIO_get_new_index()\fR to get the value for \fBtype\fR. +.PP +The set of +standard OpenSSL provided \s-1BIO\s0 types is provided in \fBbio.h\fR. Some examples +include \fB\s-1BIO_TYPE_BUFFER\s0\fR and \fB\s-1BIO_TYPE_CIPHER\s0\fR. Filter BIOs should have a +type which have the \*(L"filter\*(R" bit set (\fB\s-1BIO_TYPE_FILTER\s0\fR). Source/sink BIOs +should have the \*(L"source/sink\*(R" bit set (\fB\s-1BIO_TYPE_SOURCE_SINK\s0\fR). File descriptor +based BIOs (e.g. socket, fd, connect, accept etc) should additionally have the +\&\*(L"descriptor\*(R" bit set (\fB\s-1BIO_TYPE_DESCRIPTOR\s0\fR). See the \fIBIO_find_type\fR\|(3) page for +more information. +.PP +\&\fIBIO_meth_free()\fR destroys a \fB\s-1BIO_METHOD\s0\fR structure and frees up any memory +associated with it. +.PP +\&\fIBIO_meth_get_write_ex()\fR and \fIBIO_meth_set_write_ex()\fR get and set the function +used for writing arbitrary length data to the \s-1BIO\s0 respectively. This function +will be called in response to the application calling \fIBIO_write_ex()\fR or +\&\fIBIO_write()\fR. The parameters for the function have the same meaning as for +\&\fIBIO_write_ex()\fR. Older code may call \fIBIO_meth_get_write()\fR and +\&\fIBIO_meth_set_write()\fR instead. Applications should not call both +\&\fIBIO_meth_set_write_ex()\fR and \fIBIO_meth_set_write()\fR or call \fIBIO_meth_get_write()\fR +when the function was set with \fIBIO_meth_set_write_ex()\fR. +.PP +\&\fIBIO_meth_get_read_ex()\fR and \fIBIO_meth_set_read_ex()\fR get and set the function used +for reading arbitrary length data from the \s-1BIO\s0 respectively. This function will +be called in response to the application calling \fIBIO_read_ex()\fR or \fIBIO_read()\fR. +The parameters for the function have the same meaning as for \fIBIO_read_ex()\fR. +Older code may call \fIBIO_meth_get_read()\fR and \fIBIO_meth_set_read()\fR instead. +Applications should not call both \fIBIO_meth_set_read_ex()\fR and \fIBIO_meth_set_read()\fR +or call \fIBIO_meth_get_read()\fR when the function was set with +\&\fIBIO_meth_set_read_ex()\fR. +.PP +\&\fIBIO_meth_get_puts()\fR and \fIBIO_meth_set_puts()\fR get and set the function used for +writing a \s-1NULL\s0 terminated string to the \s-1BIO\s0 respectively. This function will be +called in response to the application calling \fIBIO_puts()\fR. The parameters for +the function have the same meaning as for \fIBIO_puts()\fR. +.PP +\&\fIBIO_meth_get_gets()\fR and \fIBIO_meth_set_gets()\fR get and set the function typically +used for reading a line of data from the \s-1BIO\s0 respectively (see the \fIBIO_gets\fR\|(3) +page for more information). This function will be called in response to the +application calling \fIBIO_gets()\fR. The parameters for the function have the same +meaning as for \fIBIO_gets()\fR. +.PP +\&\fIBIO_meth_get_ctrl()\fR and \fIBIO_meth_set_ctrl()\fR get and set the function used for +processing ctrl messages in the \s-1BIO\s0 respectively. See the \fIBIO_ctrl\fR\|(3) page for +more information. This function will be called in response to the application +calling \fIBIO_ctrl()\fR. The parameters for the function have the same meaning as for +\&\fIBIO_ctrl()\fR. +.PP +\&\fIBIO_meth_get_create()\fR and \fIBIO_meth_set_create()\fR get and set the function used +for creating a new instance of the \s-1BIO\s0 respectively. This function will be +called in response to the application calling \fIBIO_new()\fR and passing +in a pointer to the current \s-1BIO_METHOD\s0. The \fIBIO_new()\fR function will allocate the +memory for the new \s-1BIO\s0, and a pointer to this newly allocated structure will +be passed as a parameter to the function. +.PP +\&\fIBIO_meth_get_destroy()\fR and \fIBIO_meth_set_destroy()\fR get and set the function used +for destroying an instance of a \s-1BIO\s0 respectively. This function will be +called in response to the application calling \fIBIO_free()\fR. A pointer to the \s-1BIO\s0 +to be destroyed is passed as a parameter. The destroy function should be used +for \s-1BIO\s0 specific clean up. The memory for the \s-1BIO\s0 itself should not be freed by +this function. +.PP +\&\fIBIO_meth_get_callback_ctrl()\fR and \fIBIO_meth_set_callback_ctrl()\fR get and set the +function used for processing callback ctrl messages in the \s-1BIO\s0 respectively. See +the \fIBIO_callback_ctrl\fR\|(3) page for more information. This function will be called +in response to the application calling \fIBIO_callback_ctrl()\fR. The parameters for +the function have the same meaning as for \fIBIO_callback_ctrl()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_get_new_index()\fR returns the new \s-1BIO\s0 type value or \-1 if an error occurred. +.PP +BIO_meth_new(int type, const char *name) returns a valid \fB\s-1BIO_METHOD\s0\fR or \s-1NULL\s0 +if an error occurred. +.PP +The \fBBIO_meth_set\fR functions return 1 on success or 0 on error. +.PP +The \fBBIO_meth_get\fR functions return the corresponding function pointers. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIbio\fR\|(7), \fIBIO_find_type\fR\|(3), \fIBIO_ctrl\fR\|(3), \fIBIO_read_ex\fR\|(3), \fIBIO_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/BIO_new.3 b/linux_amd64/ssl/share/man/man3/BIO_new.3 new file mode 100755 index 0000000..f86f014 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/BIO_new.3 @@ -0,0 +1,194 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_NEW 3" +.TH BIO_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_new, BIO_up_ref, BIO_free, BIO_vfree, BIO_free_all +\&\- BIO allocation and freeing functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& BIO * BIO_new(const BIO_METHOD *type); +\& int BIO_up_ref(BIO *a); +\& int BIO_free(BIO *a); +\& void BIO_vfree(BIO *a); +\& void BIO_free_all(BIO *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fIBIO_new()\fR function returns a new \s-1BIO\s0 using method \fBtype\fR. +.PP +\&\fIBIO_up_ref()\fR increments the reference count associated with the \s-1BIO\s0 object. +.PP +\&\fIBIO_free()\fR frees up a single \s-1BIO\s0, \fIBIO_vfree()\fR also frees up a single \s-1BIO\s0 +but it does not return a value. +If \fBa\fR is \s-1NULL\s0 nothing is done. +Calling \fIBIO_free()\fR may also have some effect +on the underlying I/O structure, for example it may close the file being +referred to under certain circumstances. For more details see the individual +\&\s-1BIO_METHOD\s0 descriptions. +.PP +\&\fIBIO_free_all()\fR frees up an entire \s-1BIO\s0 chain, it does not halt if an error +occurs freeing up an individual \s-1BIO\s0 in the chain. +If \fBa\fR is \s-1NULL\s0 nothing is done. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_new()\fR returns a newly created \s-1BIO\s0 or \s-1NULL\s0 if the call fails. +.PP +\&\fIBIO_up_ref()\fR and \fIBIO_free()\fR return 1 for success and 0 for failure. +.PP +\&\fIBIO_free_all()\fR and \fIBIO_vfree()\fR do not return values. +.SH "NOTES" +.IX Header "NOTES" +If \fIBIO_free()\fR is called on a \s-1BIO\s0 chain it will only free one \s-1BIO\s0 resulting +in a memory leak. +.PP +Calling \fIBIO_free_all()\fR on a single \s-1BIO\s0 has the same effect as calling \fIBIO_free()\fR +on it other than the discarded return value. +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIBIO_set()\fR was removed in OpenSSL 1.1.0 as \s-1BIO\s0 type is now opaque. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Create a memory \s-1BIO:\s0 +.PP +.Vb 1 +\& BIO *mem = BIO_new(BIO_s_mem()); +.Ve +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/BIO_new_CMS.3 b/linux_amd64/ssl/share/man/man3/BIO_new_CMS.3 new file mode 100755 index 0000000..c2b3226 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/BIO_new_CMS.3 @@ -0,0 +1,195 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_NEW_CMS 3" +.TH BIO_NEW_CMS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_new_CMS \- CMS streaming filter BIO +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBIO_new_CMS()\fR returns a streaming filter \s-1BIO\s0 chain based on \fBcms\fR. The output +of the filter is written to \fBout\fR. Any data written to the chain is +automatically translated to a \s-1BER\s0 format \s-1CMS\s0 structure of the appropriate type. +.SH "NOTES" +.IX Header "NOTES" +The chain returned by this function behaves like a standard filter \s-1BIO\s0. It +supports non blocking I/O. Content is processed and streamed on the fly and not +all held in memory at once: so it is possible to encode very large structures. +After all content has been written through the chain \fIBIO_flush()\fR must be called +to finalise the structure. +.PP +The \fB\s-1CMS_STREAM\s0\fR flag must be included in the corresponding \fBflags\fR +parameter of the \fBcms\fR creation function. +.PP +If an application wishes to write additional data to \fBout\fR BIOs should be +removed from the chain using \fIBIO_pop()\fR and freed with \fIBIO_free()\fR until \fBout\fR +is reached. If no additional data needs to be written \fIBIO_free_all()\fR can be +called to free up the whole chain. +.PP +Any content written through the filter is used verbatim: no canonical +translation is performed. +.PP +It is possible to chain multiple BIOs to, for example, create a triple wrapped +signed, enveloped, signed structure. In this case it is the applications +responsibility to set the inner content type of any outer CMS_ContentInfo +structures. +.PP +Large numbers of small writes through the chain should be avoided as this will +produce an output consisting of lots of \s-1OCTET\s0 \s-1STRING\s0 structures. Prepending +a \fIBIO_f_buffer()\fR buffering \s-1BIO\s0 will prevent this. +.SH "BUGS" +.IX Header "BUGS" +There is currently no corresponding inverse \s-1BIO:\s0 i.e. one which can decode +a \s-1CMS\s0 structure on the fly. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_new_CMS()\fR returns a \s-1BIO\s0 chain when successful or \s-1NULL\s0 if an error +occurred. The error can be obtained from \fIERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3), +\&\fICMS_encrypt\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fIBIO_new_CMS()\fR function was added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/BIO_parse_hostserv.3 b/linux_amd64/ssl/share/man/man3/BIO_parse_hostserv.3 new file mode 100755 index 0000000..70e9192 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/BIO_parse_hostserv.3 @@ -0,0 +1,205 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_PARSE_HOSTSERV 3" +.TH BIO_PARSE_HOSTSERV 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_hostserv_priorities, +BIO_parse_hostserv +\&\- utility routines to parse a standard host and service string +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& enum BIO_hostserv_priorities { +\& BIO_PARSE_PRIO_HOST, BIO_PARSE_PRIO_SERV +\& }; +\& int BIO_parse_hostserv(const char *hostserv, char **host, char **service, +\& enum BIO_hostserv_priorities hostserv_prio); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBIO_parse_hostserv()\fR will parse the information given in \fBhostserv\fR, +create strings with the hostname and service name and give those +back via \fBhost\fR and \fBservice\fR. Those will need to be freed after +they are used. \fBhostserv_prio\fR helps determine if \fBhostserv\fR shall +be interpreted primarily as a hostname or a service name in ambiguous +cases. +.PP +The syntax the \fIBIO_parse_hostserv()\fR recognises is: +.PP +.Vb 7 +\& host + \*(Aq:\*(Aq + service +\& host + \*(Aq:\*(Aq + \*(Aq*\*(Aq +\& host + \*(Aq:\*(Aq +\& \*(Aq:\*(Aq + service +\& \*(Aq*\*(Aq + \*(Aq:\*(Aq + service +\& host +\& service +.Ve +.PP +The host part can be a name or an \s-1IP\s0 address. If it's a IPv6 +address, it \s-1MUST\s0 be enclosed in brackets, such as '[::1]'. +.PP +The service part can be a service name or its port number. +.PP +The returned values will depend on the given \fBhostserv\fR string +and \fBhostserv_prio\fR, as follows: +.PP +.Vb 5 +\& host + \*(Aq:\*(Aq + service => *host = "host", *service = "service" +\& host + \*(Aq:\*(Aq + \*(Aq*\*(Aq => *host = "host", *service = NULL +\& host + \*(Aq:\*(Aq => *host = "host", *service = NULL +\& \*(Aq:\*(Aq + service => *host = NULL, *service = "service" +\& \*(Aq*\*(Aq + \*(Aq:\*(Aq + service => *host = NULL, *service = "service" +\& +\& in case no \*(Aq:\*(Aq is present in the string, the result depends on +\& hostserv_prio, as follows: +\& +\& when hostserv_prio == BIO_PARSE_PRIO_HOST +\& host => *host = "host", *service untouched +\& +\& when hostserv_prio == BIO_PARSE_PRIO_SERV +\& service => *host untouched, *service = "service" +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_parse_hostserv()\fR returns 1 on success or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fIBIO_ADDRINFO\s0\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/BIO_printf.3 b/linux_amd64/ssl/share/man/man3/BIO_printf.3 new file mode 100755 index 0000000..0b2aefc --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/BIO_printf.3 @@ -0,0 +1,174 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_PRINTF 3" +.TH BIO_PRINTF 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_printf, BIO_vprintf, BIO_snprintf, BIO_vsnprintf +\&\- formatted output to a BIO +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BIO_printf(BIO *bio, const char *format, ...) +\& int BIO_vprintf(BIO *bio, const char *format, va_list args) +\& +\& int BIO_snprintf(char *buf, size_t n, const char *format, ...) +\& int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBIO_printf()\fR is similar to the standard C \fIprintf()\fR function, except that +the output is sent to the specified \s-1BIO\s0, \fBbio\fR, rather than standard +output. All common format specifiers are supported. +.PP +\&\fIBIO_vprintf()\fR is similar to the \fIvprintf()\fR function found on many platforms, +the output is sent to the specified \s-1BIO\s0, \fBbio\fR, rather than standard +output. All common format specifiers are supported. The argument +list \fBargs\fR is a stdarg argument list. +.PP +\&\fIBIO_snprintf()\fR is for platforms that do not have the common \fIsnprintf()\fR +function. It is like \fIsprintf()\fR except that the size parameter, \fBn\fR, +specifies the size of the output buffer. +.PP +\&\fIBIO_vsnprintf()\fR is to \fIBIO_snprintf()\fR as \fIBIO_vprintf()\fR is to \fIBIO_printf()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All functions return the number of bytes written, or \-1 on error. +For \fIBIO_snprintf()\fR and \fIBIO_vsnprintf()\fR this includes when the output +buffer is too small. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/BIO_push.3 b/linux_amd64/ssl/share/man/man3/BIO_push.3 new file mode 100755 index 0000000..979b3e9 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/BIO_push.3 @@ -0,0 +1,215 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_PUSH 3" +.TH BIO_PUSH 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_push, BIO_pop, BIO_set_next \- add and remove BIOs from a chain +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& BIO *BIO_push(BIO *b, BIO *append); +\& BIO *BIO_pop(BIO *b); +\& void BIO_set_next(BIO *b, BIO *next); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fIBIO_push()\fR function appends the \s-1BIO\s0 \fBappend\fR to \fBb\fR, it returns +\&\fBb\fR. +.PP +\&\fIBIO_pop()\fR removes the \s-1BIO\s0 \fBb\fR from a chain and returns the next \s-1BIO\s0 +in the chain, or \s-1NULL\s0 if there is no next \s-1BIO\s0. The removed \s-1BIO\s0 then +becomes a single \s-1BIO\s0 with no association with the original chain, +it can thus be freed or attached to a different chain. +.PP +\&\fIBIO_set_next()\fR replaces the existing next \s-1BIO\s0 in a chain with the \s-1BIO\s0 pointed to +by \fBnext\fR. The new chain may include some of the same BIOs from the old chain +or it may be completely different. +.SH "NOTES" +.IX Header "NOTES" +The names of these functions are perhaps a little misleading. \fIBIO_push()\fR +joins two \s-1BIO\s0 chains whereas \fIBIO_pop()\fR deletes a single \s-1BIO\s0 from a chain, +the deleted \s-1BIO\s0 does not need to be at the end of a chain. +.PP +The process of calling \fIBIO_push()\fR and \fIBIO_pop()\fR on a \s-1BIO\s0 may have additional +consequences (a control call is made to the affected BIOs) any effects will +be noted in the descriptions of individual BIOs. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_push()\fR returns the end of the chain, \fBb\fR. +.PP +\&\fIBIO_pop()\fR returns the next \s-1BIO\s0 in the chain, or \s-1NULL\s0 if there is no next +\&\s-1BIO\s0. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +For these examples suppose \fBmd1\fR and \fBmd2\fR are digest BIOs, \fBb64\fR is +a base64 \s-1BIO\s0 and \fBf\fR is a file \s-1BIO\s0. +.PP +If the call: +.PP +.Vb 1 +\& BIO_push(b64, f); +.Ve +.PP +is made then the new chain will be \fBb64\-f\fR. After making the calls +.PP +.Vb 2 +\& BIO_push(md2, b64); +\& BIO_push(md1, md2); +.Ve +.PP +the new chain is \fBmd1\-md2\-b64\-f\fR. Data written to \fBmd1\fR will be digested +by \fBmd1\fR and \fBmd2\fR, \fBbase64\fR encoded and written to \fBf\fR. +.PP +It should be noted that reading causes data to pass in the reverse +direction, that is data is read from \fBf\fR, base64 \fBdecoded\fR and digested +by \fBmd1\fR and \fBmd2\fR. If the call: +.PP +.Vb 1 +\& BIO_pop(md2); +.Ve +.PP +The call will return \fBb64\fR and the new chain will be \fBmd1\-b64\-f\fR data can +be written to \fBmd1\fR as before. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIbio\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \fIBIO_set_next()\fR function was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/BIO_read.3 b/linux_amd64/ssl/share/man/man3/BIO_read.3 new file mode 100755 index 0000000..b9a6ad2 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/BIO_read.3 @@ -0,0 +1,218 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_READ 3" +.TH BIO_READ 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_read_ex, BIO_write_ex, BIO_read, BIO_write, BIO_gets, BIO_puts +\&\- BIO I/O functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes); +\& int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written); +\& +\& int BIO_read(BIO *b, void *data, int dlen); +\& int BIO_gets(BIO *b, char *buf, int size); +\& int BIO_write(BIO *b, const void *data, int dlen); +\& int BIO_puts(BIO *b, const char *buf); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBIO_read_ex()\fR attempts to read \fBdlen\fR bytes from \s-1BIO\s0 \fBb\fR and places the data +in \fBdata\fR. If any bytes were successfully read then the number of bytes read is +stored in \fB*readbytes\fR. +.PP +\&\fIBIO_write_ex()\fR attempts to write \fBdlen\fR bytes from \fBdata\fR to \s-1BIO\s0 \fBb\fR. If +successful then the number of bytes written is stored in \fB*written\fR. +.PP +\&\fIBIO_read()\fR attempts to read \fBlen\fR bytes from \s-1BIO\s0 \fBb\fR and places +the data in \fBbuf\fR. +.PP +\&\fIBIO_gets()\fR performs the BIOs \*(L"gets\*(R" operation and places the data +in \fBbuf\fR. Usually this operation will attempt to read a line of data +from the \s-1BIO\s0 of maximum length \fBsize\-1\fR. There are exceptions to this, +however; for example, \fIBIO_gets()\fR on a digest \s-1BIO\s0 will calculate and +return the digest and other BIOs may not support \fIBIO_gets()\fR at all. +The returned string is always NUL-terminated and the '\en' is preserved +if present in the input data. +.PP +\&\fIBIO_write()\fR attempts to write \fBlen\fR bytes from \fBbuf\fR to \s-1BIO\s0 \fBb\fR. +.PP +\&\fIBIO_puts()\fR attempts to write a NUL-terminated string \fBbuf\fR to \s-1BIO\s0 \fBb\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_read_ex()\fR and \fIBIO_write_ex()\fR return 1 if data was successfully read or +written, and 0 otherwise. +.PP +All other functions return either the amount of data successfully read or +written (if the return value is positive) or that no data was successfully +read or written if the result is 0 or \-1. If the return value is \-2 then +the operation is not implemented in the specific \s-1BIO\s0 type. The trailing +\&\s-1NUL\s0 is not included in the length returned by \fIBIO_gets()\fR. +.SH "NOTES" +.IX Header "NOTES" +A 0 or \-1 return is not necessarily an indication of an error. In +particular when the source/sink is non-blocking or of a certain type +it may merely be an indication that no data is currently available and that +the application should retry the operation later. +.PP +One technique sometimes used with blocking sockets is to use a system call +(such as \fIselect()\fR, \fIpoll()\fR or equivalent) to determine when data is available +and then call \fIread()\fR to read the data. The equivalent with BIOs (that is call +\&\fIselect()\fR on the underlying I/O structure and then call \fIBIO_read()\fR to +read the data) should \fBnot\fR be used because a single call to \fIBIO_read()\fR +can cause several reads (and writes in the case of \s-1SSL\s0 BIOs) on the underlying +I/O structure and may block as a result. Instead \fIselect()\fR (or equivalent) +should be combined with non blocking I/O so successive reads will request +a retry instead of blocking. +.PP +See \fIBIO_should_retry\fR\|(3) for details of how to +determine the cause of a retry and other I/O issues. +.PP +If the \fIBIO_gets()\fR function is not supported by a \s-1BIO\s0 then it possible to +work around this by adding a buffering \s-1BIO\s0 \fIBIO_f_buffer\fR\|(3) +to the chain. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIBIO_should_retry\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIBIO_gets()\fR on 1.1.0 and older when called on \fIBIO_fd()\fR based \s-1BIO\s0 does not +keep the '\en' at the end of the line in the buffer. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/BIO_s_accept.3 b/linux_amd64/ssl/share/man/man3/BIO_s_accept.3 new file mode 100755 index 0000000..44cbb71 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/BIO_s_accept.3 @@ -0,0 +1,360 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_S_ACCEPT 3" +.TH BIO_S_ACCEPT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_s_accept, BIO_set_accept_name, BIO_set_accept_port, BIO_get_accept_name, +BIO_get_accept_port, BIO_new_accept, BIO_set_nbio_accept, BIO_set_accept_bios, +BIO_get_peer_name, BIO_get_peer_port, +BIO_get_accept_ip_family, BIO_set_accept_ip_family, +BIO_set_bind_mode, BIO_get_bind_mode, BIO_do_accept \- accept BIO +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const BIO_METHOD *BIO_s_accept(void); +\& +\& long BIO_set_accept_name(BIO *b, char *name); +\& char *BIO_get_accept_name(BIO *b); +\& +\& long BIO_set_accept_port(BIO *b, char *port); +\& char *BIO_get_accept_port(BIO *b); +\& +\& BIO *BIO_new_accept(char *host_port); +\& +\& long BIO_set_nbio_accept(BIO *b, int n); +\& long BIO_set_accept_bios(BIO *b, char *bio); +\& +\& char *BIO_get_peer_name(BIO *b); +\& char *BIO_get_peer_port(BIO *b); +\& long BIO_get_accept_ip_family(BIO *b); +\& long BIO_set_accept_ip_family(BIO *b, long family); +\& +\& long BIO_set_bind_mode(BIO *b, long mode); +\& long BIO_get_bind_mode(BIO *b); +\& +\& int BIO_do_accept(BIO *b); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBIO_s_accept()\fR returns the accept \s-1BIO\s0 method. This is a wrapper +round the platform's \s-1TCP/IP\s0 socket accept routines. +.PP +Using accept BIOs, \s-1TCP/IP\s0 connections can be accepted and data +transferred using only \s-1BIO\s0 routines. In this way any platform +specific operations are hidden by the \s-1BIO\s0 abstraction. +.PP +Read and write operations on an accept \s-1BIO\s0 will perform I/O +on the underlying connection. If no connection is established +and the port (see below) is set up properly then the \s-1BIO\s0 +waits for an incoming connection. +.PP +Accept BIOs support \fIBIO_puts()\fR but not \fIBIO_gets()\fR. +.PP +If the close flag is set on an accept \s-1BIO\s0 then any active +connection on that chain is shutdown and the socket closed when +the \s-1BIO\s0 is freed. +.PP +Calling \fIBIO_reset()\fR on an accept \s-1BIO\s0 will close any active +connection and reset the \s-1BIO\s0 into a state where it awaits another +incoming connection. +.PP +\&\fIBIO_get_fd()\fR and \fIBIO_set_fd()\fR can be called to retrieve or set +the accept socket. See \fIBIO_s_fd\fR\|(3) +.PP +\&\fIBIO_set_accept_name()\fR uses the string \fBname\fR to set the accept +name. The name is represented as a string of the form \*(L"host:port\*(R", +where \*(L"host\*(R" is the interface to use and \*(L"port\*(R" is the port. +The host can be \*(L"*\*(R" or empty which is interpreted as meaning +any interface. If the host is an IPv6 address, it has to be +enclosed in brackets, for example \*(L"[::1]:https\*(R". \*(L"port\*(R" has the +same syntax as the port specified in \fIBIO_set_conn_port()\fR for +connect BIOs, that is it can be a numerical port string or a +string to lookup using \fIgetservbyname()\fR and a string table. +.PP +\&\fIBIO_set_accept_port()\fR uses the string \fBport\fR to set the accept +port. \*(L"port\*(R" has the same syntax as the port specified in +\&\fIBIO_set_conn_port()\fR for connect BIOs, that is it can be a numerical +port string or a string to lookup using \fIgetservbyname()\fR and a string +table. +.PP +\&\fIBIO_new_accept()\fR combines \fIBIO_new()\fR and \fIBIO_set_accept_name()\fR into +a single call: that is it creates a new accept \s-1BIO\s0 with port +\&\fBhost_port\fR. +.PP +\&\fIBIO_set_nbio_accept()\fR sets the accept socket to blocking mode +(the default) if \fBn\fR is 0 or non blocking mode if \fBn\fR is 1. +.PP +\&\fIBIO_set_accept_bios()\fR can be used to set a chain of BIOs which +will be duplicated and prepended to the chain when an incoming +connection is received. This is useful if, for example, a +buffering or \s-1SSL\s0 \s-1BIO\s0 is required for each connection. The +chain of BIOs must not be freed after this call, they will +be automatically freed when the accept \s-1BIO\s0 is freed. +.PP +\&\fIBIO_set_bind_mode()\fR and \fIBIO_get_bind_mode()\fR set and retrieve +the current bind mode. If \fB\s-1BIO_BIND_NORMAL\s0\fR (the default) is set +then another socket cannot be bound to the same port. If +\&\fB\s-1BIO_BIND_REUSEADDR\s0\fR is set then other sockets can bind to the +same port. If \fB\s-1BIO_BIND_REUSEADDR_IF_UNUSED\s0\fR is set then and +attempt is first made to use \s-1BIO_BIN_NORMAL\s0, if this fails +and the port is not in use then a second attempt is made +using \fB\s-1BIO_BIND_REUSEADDR\s0\fR. +.PP +\&\fIBIO_do_accept()\fR serves two functions. When it is first +called, after the accept \s-1BIO\s0 has been setup, it will attempt +to create the accept socket and bind an address to it. Second +and subsequent calls to \fIBIO_do_accept()\fR will await an incoming +connection, or request a retry in non blocking mode. +.SH "NOTES" +.IX Header "NOTES" +When an accept \s-1BIO\s0 is at the end of a chain it will await an +incoming connection before processing I/O calls. When an accept +\&\s-1BIO\s0 is not at then end of a chain it passes I/O calls to the next +\&\s-1BIO\s0 in the chain. +.PP +When a connection is established a new socket \s-1BIO\s0 is created for +the connection and appended to the chain. That is the chain is now +accept\->socket. This effectively means that attempting I/O on +an initial accept socket will await an incoming connection then +perform I/O on it. +.PP +If any additional BIOs have been set using \fIBIO_set_accept_bios()\fR +then they are placed between the socket and the accept \s-1BIO\s0, +that is the chain will be accept\->otherbios\->socket. +.PP +If a server wishes to process multiple connections (as is normally +the case) then the accept \s-1BIO\s0 must be made available for further +incoming connections. This can be done by waiting for a connection and +then calling: +.PP +.Vb 1 +\& connection = BIO_pop(accept); +.Ve +.PP +After this call \fBconnection\fR will contain a \s-1BIO\s0 for the recently +established connection and \fBaccept\fR will now be a single \s-1BIO\s0 +again which can be used to await further incoming connections. +If no further connections will be accepted the \fBaccept\fR can +be freed using \fIBIO_free()\fR. +.PP +If only a single connection will be processed it is possible to +perform I/O using the accept \s-1BIO\s0 itself. This is often undesirable +however because the accept \s-1BIO\s0 will still accept additional incoming +connections. This can be resolved by using \fIBIO_pop()\fR (see above) +and freeing up the accept \s-1BIO\s0 after the initial connection. +.PP +If the underlying accept socket is non-blocking and \fIBIO_do_accept()\fR is +called to await an incoming connection it is possible for +\&\fIBIO_should_io_special()\fR with the reason \s-1BIO_RR_ACCEPT\s0. If this happens +then it is an indication that an accept attempt would block: the application +should take appropriate action to wait until the underlying socket has +accepted a connection and retry the call. +.PP +\&\fIBIO_set_accept_name()\fR, \fIBIO_get_accept_name()\fR, \fIBIO_set_accept_port()\fR, +\&\fIBIO_get_accept_port()\fR, \fIBIO_set_nbio_accept()\fR, \fIBIO_set_accept_bios()\fR, +\&\fIBIO_get_peer_name()\fR, \fIBIO_get_peer_port()\fR, +\&\fIBIO_get_accept_ip_family()\fR, \fIBIO_set_accept_ip_family()\fR, +\&\fIBIO_set_bind_mode()\fR, \fIBIO_get_bind_mode()\fR and \fIBIO_do_accept()\fR are macros. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_do_accept()\fR, +\&\fIBIO_set_accept_name()\fR, \fIBIO_set_accept_port()\fR, \fIBIO_set_nbio_accept()\fR, +\&\fIBIO_set_accept_bios()\fR, \fIBIO_set_accept_ip_family()\fR, and \fIBIO_set_bind_mode()\fR +return 1 for success and 0 or \-1 for failure. +.PP +\&\fIBIO_get_accept_name()\fR returns the accept name or \s-1NULL\s0 on error. +\&\fIBIO_get_peer_name()\fR returns the peer name or \s-1NULL\s0 on error. +.PP +\&\fIBIO_get_accept_port()\fR returns the accept port as a string or \s-1NULL\s0 on error. +\&\fIBIO_get_peer_port()\fR returns the peer port as a string or \s-1NULL\s0 on error. +\&\fIBIO_get_accept_ip_family()\fR returns the \s-1IP\s0 family or \-1 on error. +.PP +\&\fIBIO_get_bind_mode()\fR returns the set of \fB\s-1BIO_BIND\s0\fR flags, or \-1 on failure. +.PP +\&\fIBIO_new_accept()\fR returns a \s-1BIO\s0 or \s-1NULL\s0 on error. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This example accepts two connections on port 4444, sends messages +down each and finally closes both down. +.PP +.Vb 1 +\& BIO *abio, *cbio, *cbio2; +\& +\& /* First call to BIO_accept() sets up accept BIO */ +\& abio = BIO_new_accept("4444"); +\& if (BIO_do_accept(abio) <= 0) { +\& fprintf(stderr, "Error setting up accept\en"); +\& ERR_print_errors_fp(stderr); +\& exit(1); +\& } +\& +\& /* Wait for incoming connection */ +\& if (BIO_do_accept(abio) <= 0) { +\& fprintf(stderr, "Error accepting connection\en"); +\& ERR_print_errors_fp(stderr); +\& exit(1); +\& } +\& fprintf(stderr, "Connection 1 established\en"); +\& +\& /* Retrieve BIO for connection */ +\& cbio = BIO_pop(abio); +\& BIO_puts(cbio, "Connection 1: Sending out Data on initial connection\en"); +\& fprintf(stderr, "Sent out data on connection 1\en"); +\& +\& /* Wait for another connection */ +\& if (BIO_do_accept(abio) <= 0) { +\& fprintf(stderr, "Error accepting connection\en"); +\& ERR_print_errors_fp(stderr); +\& exit(1); +\& } +\& fprintf(stderr, "Connection 2 established\en"); +\& +\& /* Close accept BIO to refuse further connections */ +\& cbio2 = BIO_pop(abio); +\& BIO_free(abio); +\& BIO_puts(cbio2, "Connection 2: Sending out Data on second\en"); +\& fprintf(stderr, "Sent out data on connection 2\en"); +\& +\& BIO_puts(cbio, "Connection 1: Second connection established\en"); +\& +\& /* Close the two established connections */ +\& BIO_free(cbio); +\& BIO_free(cbio2); +.Ve +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/BIO_s_bio.3 b/linux_amd64/ssl/share/man/man3/BIO_s_bio.3 new file mode 100755 index 0000000..02d3c83 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/BIO_s_bio.3 @@ -0,0 +1,323 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_S_BIO 3" +.TH BIO_S_BIO 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_s_bio, BIO_make_bio_pair, BIO_destroy_bio_pair, BIO_shutdown_wr, +BIO_set_write_buf_size, BIO_get_write_buf_size, BIO_new_bio_pair, +BIO_get_write_guarantee, BIO_ctrl_get_write_guarantee, BIO_get_read_request, +BIO_ctrl_get_read_request, BIO_ctrl_reset_read_request \- BIO pair BIO +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const BIO_METHOD *BIO_s_bio(void); +\& +\& int BIO_make_bio_pair(BIO *b1, BIO *b2); +\& int BIO_destroy_bio_pair(BIO *b); +\& int BIO_shutdown_wr(BIO *b); +\& +\& int BIO_set_write_buf_size(BIO *b, long size); +\& size_t BIO_get_write_buf_size(BIO *b, long size); +\& +\& int BIO_new_bio_pair(BIO **bio1, size_t writebuf1, BIO **bio2, size_t writebuf2); +\& +\& int BIO_get_write_guarantee(BIO *b); +\& size_t BIO_ctrl_get_write_guarantee(BIO *b); +\& int BIO_get_read_request(BIO *b); +\& size_t BIO_ctrl_get_read_request(BIO *b); +\& int BIO_ctrl_reset_read_request(BIO *b); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBIO_s_bio()\fR returns the method for a \s-1BIO\s0 pair. A \s-1BIO\s0 pair is a pair of source/sink +BIOs where data written to either half of the pair is buffered and can be read from +the other half. Both halves must usually by handled by the same application thread +since no locking is done on the internal data structures. +.PP +Since \s-1BIO\s0 chains typically end in a source/sink \s-1BIO\s0 it is possible to make this +one half of a \s-1BIO\s0 pair and have all the data processed by the chain under application +control. +.PP +One typical use of \s-1BIO\s0 pairs is to place \s-1TLS/SSL\s0 I/O under application control, this +can be used when the application wishes to use a non standard transport for +\&\s-1TLS/SSL\s0 or the normal socket routines are inappropriate. +.PP +Calls to \fIBIO_read_ex()\fR will read data from the buffer or request a retry if no +data is available. +.PP +Calls to \fIBIO_write_ex()\fR will place data in the buffer or request a retry if the +buffer is full. +.PP +The standard calls \fIBIO_ctrl_pending()\fR and \fIBIO_ctrl_wpending()\fR can be used to +determine the amount of pending data in the read or write buffer. +.PP +\&\fIBIO_reset()\fR clears any data in the write buffer. +.PP +\&\fIBIO_make_bio_pair()\fR joins two separate BIOs into a connected pair. +.PP +\&\fIBIO_destroy_pair()\fR destroys the association between two connected BIOs. Freeing +up any half of the pair will automatically destroy the association. +.PP +\&\fIBIO_shutdown_wr()\fR is used to close down a \s-1BIO\s0 \fBb\fR. After this call no further +writes on \s-1BIO\s0 \fBb\fR are allowed (they will return an error). Reads on the other +half of the pair will return any pending data or \s-1EOF\s0 when all pending data has +been read. +.PP +\&\fIBIO_set_write_buf_size()\fR sets the write buffer size of \s-1BIO\s0 \fBb\fR to \fBsize\fR. +If the size is not initialized a default value is used. This is currently +17K, sufficient for a maximum size \s-1TLS\s0 record. +.PP +\&\fIBIO_get_write_buf_size()\fR returns the size of the write buffer. +.PP +\&\fIBIO_new_bio_pair()\fR combines the calls to \fIBIO_new()\fR, \fIBIO_make_bio_pair()\fR and +\&\fIBIO_set_write_buf_size()\fR to create a connected pair of BIOs \fBbio1\fR, \fBbio2\fR +with write buffer sizes \fBwritebuf1\fR and \fBwritebuf2\fR. If either size is +zero then the default size is used. \fIBIO_new_bio_pair()\fR does not check whether +\&\fBbio1\fR or \fBbio2\fR do point to some other \s-1BIO\s0, the values are overwritten, +\&\fIBIO_free()\fR is not called. +.PP +\&\fIBIO_get_write_guarantee()\fR and \fIBIO_ctrl_get_write_guarantee()\fR return the maximum +length of data that can be currently written to the \s-1BIO\s0. Writes larger than this +value will return a value from \fIBIO_write_ex()\fR less than the amount requested or +if the buffer is full request a retry. \fIBIO_ctrl_get_write_guarantee()\fR is a +function whereas \fIBIO_get_write_guarantee()\fR is a macro. +.PP +\&\fIBIO_get_read_request()\fR and \fIBIO_ctrl_get_read_request()\fR return the +amount of data requested, or the buffer size if it is less, if the +last read attempt at the other half of the \s-1BIO\s0 pair failed due to an +empty buffer. This can be used to determine how much data should be +written to the \s-1BIO\s0 so the next read will succeed: this is most useful +in \s-1TLS/SSL\s0 applications where the amount of data read is usually +meaningful rather than just a buffer size. After a successful read +this call will return zero. It also will return zero once new data +has been written satisfying the read request or part of it. +Note that \fIBIO_get_read_request()\fR never returns an amount larger +than that returned by \fIBIO_get_write_guarantee()\fR. +.PP +\&\fIBIO_ctrl_reset_read_request()\fR can also be used to reset the value returned by +\&\fIBIO_get_read_request()\fR to zero. +.SH "NOTES" +.IX Header "NOTES" +Both halves of a \s-1BIO\s0 pair should be freed. That is even if one half is implicit +freed due to a \fIBIO_free_all()\fR or \fISSL_free()\fR call the other half needs to be freed. +.PP +When used in bidirectional applications (such as \s-1TLS/SSL\s0) care should be taken to +flush any data in the write buffer. This can be done by calling \fIBIO_pending()\fR +on the other half of the pair and, if any data is pending, reading it and sending +it to the underlying transport. This must be done before any normal processing +(such as calling \fIselect()\fR ) due to a request and \fIBIO_should_read()\fR being true. +.PP +To see why this is important consider a case where a request is sent using +\&\fIBIO_write_ex()\fR and a response read with \fIBIO_read_ex()\fR, this can occur during an +\&\s-1TLS/SSL\s0 handshake for example. \fIBIO_write_ex()\fR will succeed and place data in the +write buffer. \fIBIO_read_ex()\fR will initially fail and \fIBIO_should_read()\fR will be +true. If the application then waits for data to be available on the underlying +transport before flushing the write buffer it will never succeed because the +request was never sent! +.PP +\&\fIBIO_eof()\fR is true if no data is in the peer \s-1BIO\s0 and the peer \s-1BIO\s0 has been +shutdown. +.PP +\&\fIBIO_make_bio_pair()\fR, \fIBIO_destroy_bio_pair()\fR, \fIBIO_shutdown_wr()\fR, +\&\fIBIO_set_write_buf_size()\fR, \fIBIO_get_write_buf_size()\fR, +\&\fIBIO_get_write_guarantee()\fR, and \fIBIO_get_read_request()\fR are implemented +as macros. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_new_bio_pair()\fR returns 1 on success, with the new BIOs available in +\&\fBbio1\fR and \fBbio2\fR, or 0 on failure, with \s-1NULL\s0 pointers stored into the +locations for \fBbio1\fR and \fBbio2\fR. Check the error stack for more information. +.PP +[\s-1XXXXX:\s0 More return values need to be added here] +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The \s-1BIO\s0 pair can be used to have full control over the network access of an +application. The application can call \fIselect()\fR on the socket as required +without having to go through the SSL-interface. +.PP +.Vb 1 +\& BIO *internal_bio, *network_bio; +\& +\& ... +\& BIO_new_bio_pair(&internal_bio, 0, &network_bio, 0); +\& SSL_set_bio(ssl, internal_bio, internal_bio); +\& SSL_operations(); /* e.g SSL_read and SSL_write */ +\& ... +\& +\& application | TLS\-engine +\& | | +\& +\-\-\-\-\-\-\-\-\-\-> SSL_operations() +\& | /\e || +\& | || \e/ +\& | BIO\-pair (internal_bio) +\& | BIO\-pair (network_bio) +\& | || /\e +\& | \e/ || +\& +\-\-\-\-\-\-\-\-\-\-\-< BIO_operations() +\& | | +\& | | +\& socket +\& +\& ... +\& SSL_free(ssl); /* implicitly frees internal_bio */ +\& BIO_free(network_bio); +\& ... +.Ve +.PP +As the \s-1BIO\s0 pair will only buffer the data and never directly access the +connection, it behaves non-blocking and will return as soon as the write +buffer is full or the read buffer is drained. Then the application has to +flush the write buffer and/or fill the read buffer. +.PP +Use the \fIBIO_ctrl_pending()\fR, to find out whether data is buffered in the \s-1BIO\s0 +and must be transferred to the network. Use \fIBIO_ctrl_get_read_request()\fR to +find out, how many bytes must be written into the buffer before the +\&\fISSL_operation()\fR can successfully be continued. +.SH "WARNINGS" +.IX Header "WARNINGS" +As the data is buffered, \fISSL_operation()\fR may return with an \s-1ERROR_SSL_WANT_READ\s0 +condition, but there is still data in the write buffer. An application must +not rely on the error value of \fISSL_operation()\fR but must assure that the +write buffer is always flushed first. Otherwise a deadlock may occur as +the peer might be waiting for the data before being able to continue. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fISSL_set_bio\fR\|(3), \fIssl\fR\|(7), \fIbio\fR\|(7), +\&\fIBIO_should_retry\fR\|(3), \fIBIO_read_ex\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/BIO_s_connect.3 b/linux_amd64/ssl/share/man/man3/BIO_s_connect.3 new file mode 100755 index 0000000..0c0dcf5 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/BIO_s_connect.3 @@ -0,0 +1,333 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_S_CONNECT 3" +.TH BIO_S_CONNECT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_set_conn_address, BIO_get_conn_address, +BIO_s_connect, BIO_new_connect, BIO_set_conn_hostname, BIO_set_conn_port, +BIO_set_conn_ip_family, BIO_get_conn_ip_family, +BIO_get_conn_hostname, BIO_get_conn_port, +BIO_set_nbio, BIO_do_connect \- connect BIO +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const BIO_METHOD * BIO_s_connect(void); +\& +\& BIO *BIO_new_connect(char *name); +\& +\& long BIO_set_conn_hostname(BIO *b, char *name); +\& long BIO_set_conn_port(BIO *b, char *port); +\& long BIO_set_conn_address(BIO *b, BIO_ADDR *addr); +\& long BIO_set_conn_ip_family(BIO *b, long family); +\& const char *BIO_get_conn_hostname(BIO *b); +\& const char *BIO_get_conn_port(BIO *b); +\& const BIO_ADDR *BIO_get_conn_address(BIO *b); +\& const long BIO_get_conn_ip_family(BIO *b); +\& +\& long BIO_set_nbio(BIO *b, long n); +\& +\& int BIO_do_connect(BIO *b); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBIO_s_connect()\fR returns the connect \s-1BIO\s0 method. This is a wrapper +round the platform's \s-1TCP/IP\s0 socket connection routines. +.PP +Using connect BIOs, \s-1TCP/IP\s0 connections can be made and data +transferred using only \s-1BIO\s0 routines. In this way any platform +specific operations are hidden by the \s-1BIO\s0 abstraction. +.PP +Read and write operations on a connect \s-1BIO\s0 will perform I/O +on the underlying connection. If no connection is established +and the port and hostname (see below) is set up properly then +a connection is established first. +.PP +Connect BIOs support \fIBIO_puts()\fR but not \fIBIO_gets()\fR. +.PP +If the close flag is set on a connect \s-1BIO\s0 then any active +connection is shutdown and the socket closed when the \s-1BIO\s0 +is freed. +.PP +Calling \fIBIO_reset()\fR on a connect \s-1BIO\s0 will close any active +connection and reset the \s-1BIO\s0 into a state where it can connect +to the same host again. +.PP +\&\fIBIO_get_fd()\fR places the underlying socket in \fBc\fR if it is not \s-1NULL\s0, +it also returns the socket . If \fBc\fR is not \s-1NULL\s0 it should be of +type (int *). +.PP +\&\fIBIO_set_conn_hostname()\fR uses the string \fBname\fR to set the hostname. +The hostname can be an \s-1IP\s0 address; if the address is an IPv6 one, it +must be enclosed with brackets. The hostname can also include the +port in the form hostname:port. +.PP +\&\fIBIO_set_conn_port()\fR sets the port to \fBport\fR. \fBport\fR can be the +numerical form or a string such as \*(L"http\*(R". A string will be looked +up first using \fIgetservbyname()\fR on the host platform but if that +fails a standard table of port names will be used. This internal +list is http, telnet, socks, https, ssl, ftp, and gopher. +.PP +\&\fIBIO_set_conn_address()\fR sets the address and port information using +a \s-1\fIBIO_ADDR\s0\fR\|(3ssl). +.PP +\&\fIBIO_set_conn_ip_family()\fR sets the \s-1IP\s0 family. +.PP +\&\fIBIO_get_conn_hostname()\fR returns the hostname of the connect \s-1BIO\s0 or +\&\s-1NULL\s0 if the \s-1BIO\s0 is initialized but no hostname is set. +This return value is an internal pointer which should not be modified. +.PP +\&\fIBIO_get_conn_port()\fR returns the port as a string. +This return value is an internal pointer which should not be modified. +.PP +\&\fIBIO_get_conn_address()\fR returns the address information as a \s-1BIO_ADDR\s0. +This return value is an internal pointer which should not be modified. +.PP +\&\fIBIO_get_conn_ip_family()\fR returns the \s-1IP\s0 family of the connect \s-1BIO\s0. +.PP +\&\fIBIO_set_nbio()\fR sets the non blocking I/O flag to \fBn\fR. If \fBn\fR is +zero then blocking I/O is set. If \fBn\fR is 1 then non blocking I/O +is set. Blocking I/O is the default. The call to \fIBIO_set_nbio()\fR +should be made before the connection is established because +non blocking I/O is set during the connect process. +.PP +\&\fIBIO_new_connect()\fR combines \fIBIO_new()\fR and \fIBIO_set_conn_hostname()\fR into +a single call: that is it creates a new connect \s-1BIO\s0 with \fBname\fR. +.PP +\&\fIBIO_do_connect()\fR attempts to connect the supplied \s-1BIO\s0. It returns 1 +if the connection was established successfully. A zero or negative +value is returned if the connection could not be established, the +call \fIBIO_should_retry()\fR should be used for non blocking connect BIOs +to determine if the call should be retried. +.SH "NOTES" +.IX Header "NOTES" +If blocking I/O is set then a non positive return value from any +I/O call is caused by an error condition, although a zero return +will normally mean that the connection was closed. +.PP +If the port name is supplied as part of the hostname then this will +override any value set with \fIBIO_set_conn_port()\fR. This may be undesirable +if the application does not wish to allow connection to arbitrary +ports. This can be avoided by checking for the presence of the ':' +character in the passed hostname and either indicating an error or +truncating the string at that point. +.PP +The values returned by \fIBIO_get_conn_hostname()\fR, \fIBIO_get_conn_address()\fR, +and \fIBIO_get_conn_port()\fR are updated when a connection attempt is made. +Before any connection attempt the values returned are those set by the +application itself. +.PP +Applications do not have to call \fIBIO_do_connect()\fR but may wish to do +so to separate the connection process from other I/O processing. +.PP +If non blocking I/O is set then retries will be requested as appropriate. +.PP +It addition to \fIBIO_should_read()\fR and \fIBIO_should_write()\fR it is also +possible for \fIBIO_should_io_special()\fR to be true during the initial +connection process with the reason \s-1BIO_RR_CONNECT\s0. If this is returned +then this is an indication that a connection attempt would block, +the application should then take appropriate action to wait until +the underlying socket has connected and retry the call. +.PP +\&\fIBIO_set_conn_hostname()\fR, \fIBIO_set_conn_port()\fR, \fIBIO_get_conn_hostname()\fR, +\&\fIBIO_set_conn_address()\fR, \fIBIO_get_conn_port()\fR, \fIBIO_get_conn_address()\fR, +\&\fIBIO_set_conn_ip_family()\fR, \fIBIO_get_conn_ip_family()\fR, +\&\fIBIO_set_nbio()\fR, and \fIBIO_do_connect()\fR are macros. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_s_connect()\fR returns the connect \s-1BIO\s0 method. +.PP +\&\fIBIO_get_fd()\fR returns the socket or \-1 if the \s-1BIO\s0 has not +been initialized. +.PP +\&\fIBIO_set_conn_address()\fR, \fIBIO_set_conn_port()\fR, and \fIBIO_set_conn_ip_family()\fR +always return 1. +.PP +\&\fIBIO_set_conn_hostname()\fR returns 1 on success and 0 on failure. +.PP +\&\fIBIO_get_conn_address()\fR returns the address information or \s-1NULL\s0 if none +was set. +.PP +\&\fIBIO_get_conn_hostname()\fR returns the connected hostname or \s-1NULL\s0 if +none was set. +.PP +\&\fIBIO_get_conn_ip_family()\fR returns the address family or \-1 if none was set. +.PP +\&\fIBIO_get_conn_port()\fR returns a string representing the connected +port or \s-1NULL\s0 if not set. +.PP +\&\fIBIO_set_nbio()\fR always returns 1. +.PP +\&\fIBIO_do_connect()\fR returns 1 if the connection was successfully +established and 0 or \-1 if the connection failed. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This is example connects to a webserver on the local host and attempts +to retrieve a page and copy the result to standard output. +.PP +.Vb 3 +\& BIO *cbio, *out; +\& int len; +\& char tmpbuf[1024]; +\& +\& cbio = BIO_new_connect("localhost:http"); +\& out = BIO_new_fp(stdout, BIO_NOCLOSE); +\& if (BIO_do_connect(cbio) <= 0) { +\& fprintf(stderr, "Error connecting to server\en"); +\& ERR_print_errors_fp(stderr); +\& exit(1); +\& } +\& BIO_puts(cbio, "GET / HTTP/1.0\en\en"); +\& for (;;) { +\& len = BIO_read(cbio, tmpbuf, 1024); +\& if (len <= 0) +\& break; +\& BIO_write(out, tmpbuf, len); +\& } +\& BIO_free(cbio); +\& BIO_free(out); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fIBIO_ADDR\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIBIO_set_conn_int_port()\fR, \fIBIO_get_conn_int_port()\fR, \fIBIO_set_conn_ip()\fR, and \fIBIO_get_conn_ip()\fR +were removed in OpenSSL 1.1.0. +Use \fIBIO_set_conn_address()\fR and \fIBIO_get_conn_address()\fR instead. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/BIO_s_fd.3 b/linux_amd64/ssl/share/man/man3/BIO_s_fd.3 new file mode 100755 index 0000000..a0b1c2d --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/BIO_s_fd.3 @@ -0,0 +1,221 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_S_FD 3" +.TH BIO_S_FD 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_s_fd, BIO_set_fd, BIO_get_fd, BIO_new_fd \- file descriptor BIO +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const BIO_METHOD *BIO_s_fd(void); +\& +\& int BIO_set_fd(BIO *b, int fd, int c); +\& int BIO_get_fd(BIO *b, int *c); +\& +\& BIO *BIO_new_fd(int fd, int close_flag); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBIO_s_fd()\fR returns the file descriptor \s-1BIO\s0 method. This is a wrapper +round the platforms file descriptor routines such as \fIread()\fR and \fIwrite()\fR. +.PP +\&\fIBIO_read_ex()\fR and \fIBIO_write_ex()\fR read or write the underlying descriptor. +\&\fIBIO_puts()\fR is supported but \fIBIO_gets()\fR is not. +.PP +If the close flag is set then \fIclose()\fR is called on the underlying +file descriptor when the \s-1BIO\s0 is freed. +.PP +\&\fIBIO_reset()\fR attempts to change the file pointer to the start of file +such as by using \fBlseek(fd, 0, 0)\fR. +.PP +\&\fIBIO_seek()\fR sets the file pointer to position \fBofs\fR from start of file +such as by using \fBlseek(fd, ofs, 0)\fR. +.PP +\&\fIBIO_tell()\fR returns the current file position such as by calling +\&\fBlseek(fd, 0, 1)\fR. +.PP +\&\fIBIO_set_fd()\fR sets the file descriptor of \s-1BIO\s0 \fBb\fR to \fBfd\fR and the close +flag to \fBc\fR. +.PP +\&\fIBIO_get_fd()\fR places the file descriptor in \fBc\fR if it is not \s-1NULL\s0, it also +returns the file descriptor. +.PP +\&\fIBIO_new_fd()\fR returns a file descriptor \s-1BIO\s0 using \fBfd\fR and \fBclose_flag\fR. +.SH "NOTES" +.IX Header "NOTES" +The behaviour of \fIBIO_read_ex()\fR and \fIBIO_write_ex()\fR depends on the behavior of the +platforms \fIread()\fR and \fIwrite()\fR calls on the descriptor. If the underlying +file descriptor is in a non blocking mode then the \s-1BIO\s0 will behave in the +manner described in the \fIBIO_read_ex\fR\|(3) and \fIBIO_should_retry\fR\|(3) +manual pages. +.PP +File descriptor BIOs should not be used for socket I/O. Use socket BIOs +instead. +.PP +\&\fIBIO_set_fd()\fR and \fIBIO_get_fd()\fR are implemented as macros. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_s_fd()\fR returns the file descriptor \s-1BIO\s0 method. +.PP +\&\fIBIO_set_fd()\fR always returns 1. +.PP +\&\fIBIO_get_fd()\fR returns the file descriptor or \-1 if the \s-1BIO\s0 has not +been initialized. +.PP +\&\fIBIO_new_fd()\fR returns the newly allocated \s-1BIO\s0 or \s-1NULL\s0 is an error +occurred. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This is a file descriptor \s-1BIO\s0 version of \*(L"Hello World\*(R": +.PP +.Vb 1 +\& BIO *out; +\& +\& out = BIO_new_fd(fileno(stdout), BIO_NOCLOSE); +\& BIO_printf(out, "Hello World\en"); +\& BIO_free(out); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIBIO_seek\fR\|(3), \fIBIO_tell\fR\|(3), +\&\fIBIO_reset\fR\|(3), \fIBIO_read_ex\fR\|(3), +\&\fIBIO_write_ex\fR\|(3), \fIBIO_puts\fR\|(3), +\&\fIBIO_gets\fR\|(3), \fIBIO_printf\fR\|(3), +\&\fIBIO_set_close\fR\|(3), \fIBIO_get_close\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/BIO_s_file.3 b/linux_amd64/ssl/share/man/man3/BIO_s_file.3 new file mode 100755 index 0000000..f031903 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/BIO_s_file.3 @@ -0,0 +1,296 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_S_FILE 3" +.TH BIO_S_FILE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_s_file, BIO_new_file, BIO_new_fp, BIO_set_fp, BIO_get_fp, +BIO_read_filename, BIO_write_filename, BIO_append_filename, +BIO_rw_filename \- FILE bio +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const BIO_METHOD *BIO_s_file(void); +\& BIO *BIO_new_file(const char *filename, const char *mode); +\& BIO *BIO_new_fp(FILE *stream, int flags); +\& +\& BIO_set_fp(BIO *b, FILE *fp, int flags); +\& BIO_get_fp(BIO *b, FILE **fpp); +\& +\& int BIO_read_filename(BIO *b, char *name) +\& int BIO_write_filename(BIO *b, char *name) +\& int BIO_append_filename(BIO *b, char *name) +\& int BIO_rw_filename(BIO *b, char *name) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBIO_s_file()\fR returns the \s-1BIO\s0 file method. As its name implies it +is a wrapper round the stdio \s-1FILE\s0 structure and it is a +source/sink \s-1BIO\s0. +.PP +Calls to \fIBIO_read_ex()\fR and \fIBIO_write_ex()\fR read and write data to the +underlying stream. \fIBIO_gets()\fR and \fIBIO_puts()\fR are supported on file BIOs. +.PP +\&\fIBIO_flush()\fR on a file \s-1BIO\s0 calls the \fIfflush()\fR function on the wrapped +stream. +.PP +\&\fIBIO_reset()\fR attempts to change the file pointer to the start of file +using fseek(stream, 0, 0). +.PP +\&\fIBIO_seek()\fR sets the file pointer to position \fBofs\fR from start of file +using fseek(stream, ofs, 0). +.PP +\&\fIBIO_eof()\fR calls \fIfeof()\fR. +.PP +Setting the \s-1BIO_CLOSE\s0 flag calls \fIfclose()\fR on the stream when the \s-1BIO\s0 +is freed. +.PP +\&\fIBIO_new_file()\fR creates a new file \s-1BIO\s0 with mode \fBmode\fR the meaning +of \fBmode\fR is the same as the stdio function \fIfopen()\fR. The \s-1BIO_CLOSE\s0 +flag is set on the returned \s-1BIO\s0. +.PP +\&\fIBIO_new_fp()\fR creates a file \s-1BIO\s0 wrapping \fBstream\fR. Flags can be: +\&\s-1BIO_CLOSE\s0, \s-1BIO_NOCLOSE\s0 (the close flag) \s-1BIO_FP_TEXT\s0 (sets the underlying +stream to text mode, default is binary: this only has any effect under +Win32). +.PP +\&\fIBIO_set_fp()\fR sets the fp of a file \s-1BIO\s0 to \fBfp\fR. \fBflags\fR has the same +meaning as in \fIBIO_new_fp()\fR, it is a macro. +.PP +\&\fIBIO_get_fp()\fR retrieves the fp of a file \s-1BIO\s0, it is a macro. +.PP +\&\fIBIO_seek()\fR is a macro that sets the position pointer to \fBoffset\fR bytes +from the start of file. +.PP +\&\fIBIO_tell()\fR returns the value of the position pointer. +.PP +\&\fIBIO_read_filename()\fR, \fIBIO_write_filename()\fR, \fIBIO_append_filename()\fR and +\&\fIBIO_rw_filename()\fR set the file \s-1BIO\s0 \fBb\fR to use file \fBname\fR for +reading, writing, append or read write respectively. +.SH "NOTES" +.IX Header "NOTES" +When wrapping stdout, stdin or stderr the underlying stream should not +normally be closed so the \s-1BIO_NOCLOSE\s0 flag should be set. +.PP +Because the file \s-1BIO\s0 calls the underlying stdio functions any quirks +in stdio behaviour will be mirrored by the corresponding \s-1BIO\s0. +.PP +On Windows BIO_new_files reserves for the filename argument to be +\&\s-1UTF\-8\s0 encoded. In other words if you have to make it work in multi\- +lingual environment, encode filenames in \s-1UTF\-8\s0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_s_file()\fR returns the file \s-1BIO\s0 method. +.PP +\&\fIBIO_new_file()\fR and \fIBIO_new_fp()\fR return a file \s-1BIO\s0 or \s-1NULL\s0 if an error +occurred. +.PP +\&\fIBIO_set_fp()\fR and \fIBIO_get_fp()\fR return 1 for success or 0 for failure +(although the current implementation never return 0). +.PP +\&\fIBIO_seek()\fR returns the same value as the underlying \fIfseek()\fR function: +0 for success or \-1 for failure. +.PP +\&\fIBIO_tell()\fR returns the current file position. +.PP +\&\fIBIO_read_filename()\fR, \fIBIO_write_filename()\fR, \fIBIO_append_filename()\fR and +\&\fIBIO_rw_filename()\fR return 1 for success or 0 for failure. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +File \s-1BIO\s0 \*(L"hello world\*(R": +.PP +.Vb 1 +\& BIO *bio_out; +\& +\& bio_out = BIO_new_fp(stdout, BIO_NOCLOSE); +\& BIO_printf(bio_out, "Hello World\en"); +.Ve +.PP +Alternative technique: +.PP +.Vb 1 +\& BIO *bio_out; +\& +\& bio_out = BIO_new(BIO_s_file()); +\& if (bio_out == NULL) +\& /* Error */ +\& if (!BIO_set_fp(bio_out, stdout, BIO_NOCLOSE)) +\& /* Error */ +\& BIO_printf(bio_out, "Hello World\en"); +.Ve +.PP +Write to a file: +.PP +.Vb 1 +\& BIO *out; +\& +\& out = BIO_new_file("filename.txt", "w"); +\& if (!out) +\& /* Error */ +\& BIO_printf(out, "Hello World\en"); +\& BIO_free(out); +.Ve +.PP +Alternative technique: +.PP +.Vb 1 +\& BIO *out; +\& +\& out = BIO_new(BIO_s_file()); +\& if (out == NULL) +\& /* Error */ +\& if (!BIO_write_filename(out, "filename.txt")) +\& /* Error */ +\& BIO_printf(out, "Hello World\en"); +\& BIO_free(out); +.Ve +.SH "BUGS" +.IX Header "BUGS" +\&\fIBIO_reset()\fR and \fIBIO_seek()\fR are implemented using \fIfseek()\fR on the underlying +stream. The return value for \fIfseek()\fR is 0 for success or \-1 if an error +occurred this differs from other types of \s-1BIO\s0 which will typically return +1 for success and a non positive value if an error occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIBIO_seek\fR\|(3), \fIBIO_tell\fR\|(3), +\&\fIBIO_reset\fR\|(3), \fIBIO_flush\fR\|(3), +\&\fIBIO_read_ex\fR\|(3), +\&\fIBIO_write_ex\fR\|(3), \fIBIO_puts\fR\|(3), +\&\fIBIO_gets\fR\|(3), \fIBIO_printf\fR\|(3), +\&\fIBIO_set_close\fR\|(3), \fIBIO_get_close\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/BIO_s_mem.3 b/linux_amd64/ssl/share/man/man3/BIO_s_mem.3 new file mode 100755 index 0000000..e38659e --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/BIO_s_mem.3 @@ -0,0 +1,290 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_S_MEM 3" +.TH BIO_S_MEM 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_s_secmem, +BIO_s_mem, BIO_set_mem_eof_return, BIO_get_mem_data, BIO_set_mem_buf, +BIO_get_mem_ptr, BIO_new_mem_buf \- memory BIO +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const BIO_METHOD *BIO_s_mem(void); +\& const BIO_METHOD *BIO_s_secmem(void); +\& +\& BIO_set_mem_eof_return(BIO *b, int v) +\& long BIO_get_mem_data(BIO *b, char **pp) +\& BIO_set_mem_buf(BIO *b, BUF_MEM *bm, int c) +\& BIO_get_mem_ptr(BIO *b, BUF_MEM **pp) +\& +\& BIO *BIO_new_mem_buf(const void *buf, int len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBIO_s_mem()\fR returns the memory \s-1BIO\s0 method function. +.PP +A memory \s-1BIO\s0 is a source/sink \s-1BIO\s0 which uses memory for its I/O. Data +written to a memory \s-1BIO\s0 is stored in a \s-1BUF_MEM\s0 structure which is extended +as appropriate to accommodate the stored data. +.PP +\&\fIBIO_s_secmem()\fR is like \fIBIO_s_mem()\fR except that the secure heap is used +for buffer storage. +.PP +Any data written to a memory \s-1BIO\s0 can be recalled by reading from it. +Unless the memory \s-1BIO\s0 is read only any data read from it is deleted from +the \s-1BIO\s0. +.PP +Memory BIOs support \fIBIO_gets()\fR and \fIBIO_puts()\fR. +.PP +If the \s-1BIO_CLOSE\s0 flag is set when a memory \s-1BIO\s0 is freed then the underlying +\&\s-1BUF_MEM\s0 structure is also freed. +.PP +Calling \fIBIO_reset()\fR on a read write memory \s-1BIO\s0 clears any data in it if the +flag \s-1BIO_FLAGS_NONCLEAR_RST\s0 is not set, otherwise it just restores the read +pointer to the state it was just after the last write was performed and the +data can be read again. On a read only \s-1BIO\s0 it similarly restores the \s-1BIO\s0 to +its original state and the read only data can be read again. +.PP +\&\fIBIO_eof()\fR is true if no data is in the \s-1BIO\s0. +.PP +\&\fIBIO_ctrl_pending()\fR returns the number of bytes currently stored. +.PP +\&\fIBIO_set_mem_eof_return()\fR sets the behaviour of memory \s-1BIO\s0 \fBb\fR when it is +empty. If the \fBv\fR is zero then an empty memory \s-1BIO\s0 will return \s-1EOF\s0 (that is +it will return zero and BIO_should_retry(b) will be false. If \fBv\fR is non +zero then it will return \fBv\fR when it is empty and it will set the read retry +flag (that is BIO_read_retry(b) is true). To avoid ambiguity with a normal +positive return value \fBv\fR should be set to a negative value, typically \-1. +.PP +\&\fIBIO_get_mem_data()\fR sets *\fBpp\fR to a pointer to the start of the memory BIOs data +and returns the total amount of data available. It is implemented as a macro. +.PP +\&\fIBIO_set_mem_buf()\fR sets the internal \s-1BUF_MEM\s0 structure to \fBbm\fR and sets the +close flag to \fBc\fR, that is \fBc\fR should be either \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE\s0. +It is a macro. +.PP +\&\fIBIO_get_mem_ptr()\fR places the underlying \s-1BUF_MEM\s0 structure in *\fBpp\fR. It is +a macro. +.PP +\&\fIBIO_new_mem_buf()\fR creates a memory \s-1BIO\s0 using \fBlen\fR bytes of data at \fBbuf\fR, +if \fBlen\fR is \-1 then the \fBbuf\fR is assumed to be nul terminated and its +length is determined by \fBstrlen\fR. The \s-1BIO\s0 is set to a read only state and +as a result cannot be written to. This is useful when some data needs to be +made available from a static area of memory in the form of a \s-1BIO\s0. The +supplied data is read directly from the supplied buffer: it is \fBnot\fR copied +first, so the supplied area of memory must be unchanged until the \s-1BIO\s0 is freed. +.SH "NOTES" +.IX Header "NOTES" +Writes to memory BIOs will always succeed if memory is available: that is +their size can grow indefinitely. +.PP +Every write after partial read (not all data in the memory buffer was read) +to a read write memory \s-1BIO\s0 will have to move the unread data with an internal +copy operation, if a \s-1BIO\s0 contains a lot of data and it is read in small +chunks intertwined with writes the operation can be very slow. Adding +a buffering \s-1BIO\s0 to the chain can speed up the process. +.PP +Calling \fIBIO_set_mem_buf()\fR on a \s-1BIO\s0 created with \fIBIO_new_secmem()\fR will +give undefined results, including perhaps a program crash. +.PP +Switching the memory \s-1BIO\s0 from read write to read only is not supported and +can give undefined results including a program crash. There are two notable +exceptions to the rule. The first one is to assign a static memory buffer +immediately after \s-1BIO\s0 creation and set the \s-1BIO\s0 as read only. +.PP +The other supported sequence is to start with read write \s-1BIO\s0 then temporarily +switch it to read only and call \fIBIO_reset()\fR on the read only \s-1BIO\s0 immediately +before switching it back to read write. Before the \s-1BIO\s0 is freed it must be +switched back to the read write mode. +.PP +Calling \fIBIO_get_mem_ptr()\fR on read only \s-1BIO\s0 will return a \s-1BUF_MEM\s0 that +contains only the remaining data to be read. If the close status of the +\&\s-1BIO\s0 is set to \s-1BIO_NOCLOSE\s0, before freeing the \s-1BUF_MEM\s0 the data pointer +in it must be set to \s-1NULL\s0 as the data pointer does not point to an +allocated memory. +.PP +Calling \fIBIO_reset()\fR on a read write memory \s-1BIO\s0 with \s-1BIO_FLAGS_NONCLEAR_RST\s0 +flag set can have unexpected outcome when the reads and writes to the +\&\s-1BIO\s0 are intertwined. As documented above the \s-1BIO\s0 will be reset to the +state after the last completed write operation. The effects of reads +preceding that write operation cannot be undone. +.PP +Calling \fIBIO_get_mem_ptr()\fR prior to a \fIBIO_reset()\fR call with +\&\s-1BIO_FLAGS_NONCLEAR_RST\s0 set has the same effect as a write operation. +.SH "BUGS" +.IX Header "BUGS" +There should be an option to set the maximum size of a memory \s-1BIO\s0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_s_mem()\fR and \fIBIO_s_secmem()\fR return a valid memory \fB\s-1BIO_METHOD\s0\fR structure. +.PP +\&\fIBIO_set_mem_eof_return()\fR, \fIBIO_set_mem_buf()\fR and \fIBIO_get_mem_ptr()\fR +return 1 on success or a value which is less than or equal to 0 if an error occurred. +.PP +\&\fIBIO_get_mem_data()\fR returns the total number of bytes available on success, +0 if b is \s-1NULL\s0, or a negative value in case of other errors. +.PP +\&\fIBIO_new_mem_buf()\fR returns a valid \fB\s-1BIO\s0\fR structure on success or \s-1NULL\s0 on error. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Create a memory \s-1BIO\s0 and write some data to it: +.PP +.Vb 1 +\& BIO *mem = BIO_new(BIO_s_mem()); +\& +\& BIO_puts(mem, "Hello World\en"); +.Ve +.PP +Create a read only memory \s-1BIO:\s0 +.PP +.Vb 2 +\& char data[] = "Hello World"; +\& BIO *mem = BIO_new_mem_buf(data, \-1); +.Ve +.PP +Extract the \s-1BUF_MEM\s0 structure from a memory \s-1BIO\s0 and then free up the \s-1BIO:\s0 +.PP +.Vb 1 +\& BUF_MEM *bptr; +\& +\& BIO_get_mem_ptr(mem, &bptr); +\& BIO_set_close(mem, BIO_NOCLOSE); /* So BIO_free() leaves BUF_MEM alone */ +\& BIO_free(mem); +.Ve +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/BIO_s_null.3 b/linux_amd64/ssl/share/man/man3/BIO_s_null.3 new file mode 100755 index 0000000..f92a489 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/BIO_s_null.3 @@ -0,0 +1,167 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_S_NULL 3" +.TH BIO_S_NULL 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_s_null \- null data sink +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const BIO_METHOD *BIO_s_null(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBIO_s_null()\fR returns the null sink \s-1BIO\s0 method. Data written to +the null sink is discarded, reads return \s-1EOF\s0. +.SH "NOTES" +.IX Header "NOTES" +A null sink \s-1BIO\s0 behaves in a similar manner to the Unix /dev/null +device. +.PP +A null bio can be placed on the end of a chain to discard any data +passed through it. +.PP +A null sink is useful if, for example, an application wishes to digest some +data by writing through a digest bio but not send the digested data anywhere. +Since a \s-1BIO\s0 chain must normally include a source/sink \s-1BIO\s0 this can be achieved +by adding a null sink \s-1BIO\s0 to the end of the chain +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_s_null()\fR returns the null sink \s-1BIO\s0 method. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/BIO_s_socket.3 b/linux_amd64/ssl/share/man/man3/BIO_s_socket.3 new file mode 100755 index 0000000..3a34ae5 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/BIO_s_socket.3 @@ -0,0 +1,177 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_S_SOCKET 3" +.TH BIO_S_SOCKET 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_s_socket, BIO_new_socket \- socket BIO +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const BIO_METHOD *BIO_s_socket(void); +\& +\& BIO *BIO_new_socket(int sock, int close_flag); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBIO_s_socket()\fR returns the socket \s-1BIO\s0 method. This is a wrapper +round the platform's socket routines. +.PP +\&\fIBIO_read_ex()\fR and \fIBIO_write_ex()\fR read or write the underlying socket. +\&\fIBIO_puts()\fR is supported but \fIBIO_gets()\fR is not. +.PP +If the close flag is set then the socket is shut down and closed +when the \s-1BIO\s0 is freed. +.PP +\&\fIBIO_new_socket()\fR returns a socket \s-1BIO\s0 using \fBsock\fR and \fBclose_flag\fR. +.SH "NOTES" +.IX Header "NOTES" +Socket BIOs also support any relevant functionality of file descriptor +BIOs. +.PP +The reason for having separate file descriptor and socket BIOs is that on some +platforms sockets are not file descriptors and use distinct I/O routines, +Windows is one such platform. Any code mixing the two will not work on +all platforms. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_s_socket()\fR returns the socket \s-1BIO\s0 method. +.PP +\&\fIBIO_new_socket()\fR returns the newly allocated \s-1BIO\s0 or \s-1NULL\s0 is an error +occurred. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/BIO_set_callback.3 b/linux_amd64/ssl/share/man/man3/BIO_set_callback.3 new file mode 100755 index 0000000..35eccd6 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/BIO_set_callback.3 @@ -0,0 +1,386 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_SET_CALLBACK 3" +.TH BIO_SET_CALLBACK 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_set_callback_ex, BIO_get_callback_ex, BIO_set_callback, BIO_get_callback, +BIO_set_callback_arg, BIO_get_callback_arg, BIO_debug_callback, +BIO_callback_fn_ex, BIO_callback_fn +\&\- BIO callback functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef long (*BIO_callback_fn_ex)(BIO *b, int oper, const char *argp, +\& size_t len, int argi, +\& long argl, int ret, size_t *processed); +\& typedef long (*BIO_callback_fn)(BIO *b, int oper, const char *argp, int argi, +\& long argl, long ret); +\& +\& void BIO_set_callback_ex(BIO *b, BIO_callback_fn_ex callback); +\& BIO_callback_fn_ex BIO_get_callback_ex(const BIO *b); +\& +\& void BIO_set_callback(BIO *b, BIO_callback_fn cb); +\& BIO_callback_fn BIO_get_callback(BIO *b); +\& void BIO_set_callback_arg(BIO *b, char *arg); +\& char *BIO_get_callback_arg(const BIO *b); +\& +\& long BIO_debug_callback(BIO *bio, int cmd, const char *argp, int argi, +\& long argl, long ret); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBIO_set_callback_ex()\fR and \fIBIO_get_callback_ex()\fR set and retrieve the \s-1BIO\s0 +callback. The callback is called during most high level \s-1BIO\s0 operations. It can +be used for debugging purposes to trace operations on a \s-1BIO\s0 or to modify its +operation. +.PP +\&\fIBIO_set_callback()\fR and \fIBIO_get_callback()\fR set and retrieve the old format \s-1BIO\s0 +callback. New code should not use these functions, but they are retained for +backwards compatibility. Any callback set via \fIBIO_set_callback_ex()\fR will get +called in preference to any set by \fIBIO_set_callback()\fR. +.PP +\&\fIBIO_set_callback_arg()\fR and \fIBIO_get_callback_arg()\fR are macros which can be +used to set and retrieve an argument for use in the callback. +.PP +\&\fIBIO_debug_callback()\fR is a standard debugging callback which prints +out information relating to each \s-1BIO\s0 operation. If the callback +argument is set it is interpreted as a \s-1BIO\s0 to send the information +to, otherwise stderr is used. +.PP +BIO_callback_fn_ex is the type of the callback function and BIO_callback_fn +is the type of the old format callback function. The meaning of each argument +is described below: +.IP "\fBb\fR" 4 +.IX Item "b" +The \s-1BIO\s0 the callback is attached to is passed in \fBb\fR. +.IP "\fBoper\fR" 4 +.IX Item "oper" +\&\fBoper\fR is set to the operation being performed. For some operations +the callback is called twice, once before and once after the actual +operation, the latter case has \fBoper\fR or'ed with \s-1BIO_CB_RETURN\s0. +.IP "\fBlen\fR" 4 +.IX Item "len" +The length of the data requested to be read or written. This is only useful if +\&\fBoper\fR is \s-1BIO_CB_READ\s0, \s-1BIO_CB_WRITE\s0 or \s-1BIO_CB_GETS\s0. +.IP "\fBargp\fR \fBargi\fR \fBargl\fR" 4 +.IX Item "argp argi argl" +The meaning of the arguments \fBargp\fR, \fBargi\fR and \fBargl\fR depends on +the value of \fBoper\fR, that is the operation being performed. +.IP "\fBprocessed\fR" 4 +.IX Item "processed" +\&\fBprocessed\fR is a pointer to a location which will be updated with the amount of +data that was actually read or written. Only used for \s-1BIO_CB_READ\s0, \s-1BIO_CB_WRITE\s0, +\&\s-1BIO_CB_GETS\s0 and \s-1BIO_CB_PUTS\s0. +.IP "\fBret\fR" 4 +.IX Item "ret" +\&\fBret\fR is the return value that would be returned to the +application if no callback were present. The actual value returned +is the return value of the callback itself. In the case of callbacks +called before the actual \s-1BIO\s0 operation 1 is placed in \fBret\fR, if +the return value is not positive it will be immediately returned to +the application and the \s-1BIO\s0 operation will not be performed. +.PP +The callback should normally simply return \fBret\fR when it has +finished processing, unless it specifically wishes to modify the +value returned to the application. +.SH "CALLBACK OPERATIONS" +.IX Header "CALLBACK OPERATIONS" +In the notes below, \fBcallback\fR defers to the actual callback +function that is called. +.IP "\fBBIO_free(b)\fR" 4 +.IX Item "BIO_free(b)" +.Vb 1 +\& callback_ex(b, BIO_CB_FREE, NULL, 0, 0, 0L, 1L, NULL) +.Ve +.Sp +or +.Sp +.Vb 1 +\& callback(b, BIO_CB_FREE, NULL, 0L, 0L, 1L) +.Ve +.Sp +is called before the free operation. +.IP "\fBBIO_read_ex(b, data, dlen, readbytes)\fR" 4 +.IX Item "BIO_read_ex(b, data, dlen, readbytes)" +.Vb 1 +\& callback_ex(b, BIO_CB_READ, data, dlen, 0, 0L, 1L, NULL) +.Ve +.Sp +or +.Sp +.Vb 1 +\& callback(b, BIO_CB_READ, data, dlen, 0L, 1L) +.Ve +.Sp +is called before the read and +.Sp +.Vb 2 +\& callback_ex(b, BIO_CB_READ | BIO_CB_RETURN, data, dlen, 0, 0L, retvalue, +\& &readbytes) +.Ve +.Sp +or +.Sp +.Vb 1 +\& callback(b, BIO_CB_READ|BIO_CB_RETURN, data, dlen, 0L, retvalue) +.Ve +.Sp +after. +.IP "\fBBIO_write(b, data, dlen, written)\fR" 4 +.IX Item "BIO_write(b, data, dlen, written)" +.Vb 1 +\& callback_ex(b, BIO_CB_WRITE, data, dlen, 0, 0L, 1L, NULL) +.Ve +.Sp +or +.Sp +.Vb 1 +\& callback(b, BIO_CB_WRITE, datat, dlen, 0L, 1L) +.Ve +.Sp +is called before the write and +.Sp +.Vb 2 +\& callback_ex(b, BIO_CB_WRITE | BIO_CB_RETURN, data, dlen, 0, 0L, retvalue, +\& &written) +.Ve +.Sp +or +.Sp +.Vb 1 +\& callback(b, BIO_CB_WRITE|BIO_CB_RETURN, data, dlen, 0L, retvalue) +.Ve +.Sp +after. +.IP "\fBBIO_gets(b, buf, size)\fR" 4 +.IX Item "BIO_gets(b, buf, size)" +.Vb 1 +\& callback_ex(b, BIO_CB_GETS, buf, size, 0, 0L, 1, NULL, NULL) +.Ve +.Sp +or +.Sp +.Vb 1 +\& callback(b, BIO_CB_GETS, buf, size, 0L, 1L) +.Ve +.Sp +is called before the operation and +.Sp +.Vb 2 +\& callback_ex(b, BIO_CB_GETS | BIO_CB_RETURN, buf, size, 0, 0L, retvalue, +\& &readbytes) +.Ve +.Sp +or +.Sp +.Vb 1 +\& callback(b, BIO_CB_GETS|BIO_CB_RETURN, buf, size, 0L, retvalue) +.Ve +.Sp +after. +.IP "\fBBIO_puts(b, buf)\fR" 4 +.IX Item "BIO_puts(b, buf)" +.Vb 1 +\& callback_ex(b, BIO_CB_PUTS, buf, 0, 0, 0L, 1L, NULL); +.Ve +.Sp +or +.Sp +.Vb 1 +\& callback(b, BIO_CB_PUTS, buf, 0, 0L, 1L) +.Ve +.Sp +is called before the operation and +.Sp +.Vb 1 +\& callback_ex(b, BIO_CB_PUTS | BIO_CB_RETURN, buf, 0, 0, 0L, retvalue, &written) +.Ve +.Sp +or +.Sp +.Vb 1 +\& callback(b, BIO_CB_PUTS|BIO_CB_RETURN, buf, 0, 0L, retvalue) +.Ve +.Sp +after. +.IP "\fBBIO_ctrl(\s-1BIO\s0 *b, int cmd, long larg, void *parg)\fR" 4 +.IX Item "BIO_ctrl(BIO *b, int cmd, long larg, void *parg)" +.Vb 1 +\& callback_ex(b, BIO_CB_CTRL, parg, 0, cmd, larg, 1L, NULL) +.Ve +.Sp +or +.Sp +.Vb 1 +\& callback(b, BIO_CB_CTRL, parg, cmd, larg, 1L) +.Ve +.Sp +is called before the call and +.Sp +.Vb 1 +\& callback_ex(b, BIO_CB_CTRL | BIO_CB_RETURN, parg, 0, cmd, larg, ret, NULL) +.Ve +.Sp +or +.Sp +.Vb 1 +\& callback(b, BIO_CB_CTRL|BIO_CB_RETURN, parg, cmd, larg, ret) +.Ve +.Sp +after. +.Sp +Note: \fBcmd\fR == \fB\s-1BIO_CTRL_SET_CALLBACK\s0\fR is special, because \fBparg\fR is not the +argument of type \fBBIO_info_cb\fR itself. In this case \fBparg\fR is a pointer to +the actual call parameter, see \fBBIO_callback_ctrl\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_get_callback_ex()\fR and \fIBIO_get_callback()\fR return the callback function +previously set by a call to \fIBIO_set_callback_ex()\fR and \fIBIO_set_callback()\fR +respectively. +.PP +\&\fIBIO_get_callback_arg()\fR returns a \fBchar\fR pointer to the value previously set +via a call to \fIBIO_set_callback_arg()\fR. +.PP +\&\fIBIO_debug_callback()\fR returns 1 or \fBret\fR if it's called after specific \s-1BIO\s0 +operations. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The \fIBIO_debug_callback()\fR function is a good example, its source is +in crypto/bio/bio_cb.c +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/BIO_should_retry.3 b/linux_amd64/ssl/share/man/man3/BIO_should_retry.3 new file mode 100755 index 0000000..4dc6d12 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/BIO_should_retry.3 @@ -0,0 +1,267 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_SHOULD_RETRY 3" +.TH BIO_SHOULD_RETRY 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_should_read, BIO_should_write, +BIO_should_io_special, BIO_retry_type, BIO_should_retry, +BIO_get_retry_BIO, BIO_get_retry_reason, BIO_set_retry_reason \- BIO retry +functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BIO_should_read(BIO *b); +\& int BIO_should_write(BIO *b); +\& int BIO_should_io_special(iBIO *b); +\& int BIO_retry_type(BIO *b); +\& int BIO_should_retry(BIO *b); +\& +\& BIO *BIO_get_retry_BIO(BIO *bio, int *reason); +\& int BIO_get_retry_reason(BIO *bio); +\& void BIO_set_retry_reason(BIO *bio, int reason); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions determine why a \s-1BIO\s0 is not able to read or write data. +They will typically be called after a failed \fIBIO_read_ex()\fR or \fIBIO_write_ex()\fR +call. +.PP +\&\fIBIO_should_retry()\fR is true if the call that produced this condition +should then be retried at a later time. +.PP +If \fIBIO_should_retry()\fR is false then the cause is an error condition. +.PP +\&\fIBIO_should_read()\fR is true if the cause of the condition is that the \s-1BIO\s0 +has insufficient data to return. Check for readability and/or retry the +last operation. +.PP +\&\fIBIO_should_write()\fR is true if the cause of the condition is that the \s-1BIO\s0 +has pending data to write. Check for writability and/or retry the +last operation. +.PP +\&\fIBIO_should_io_special()\fR is true if some \*(L"special\*(R" condition, that is a +reason other than reading or writing is the cause of the condition. +.PP +\&\fIBIO_retry_type()\fR returns a mask of the cause of a retry condition +consisting of the values \fB\s-1BIO_FLAGS_READ\s0\fR, \fB\s-1BIO_FLAGS_WRITE\s0\fR, +\&\fB\s-1BIO_FLAGS_IO_SPECIAL\s0\fR though current \s-1BIO\s0 types will only set one of +these. +.PP +\&\fIBIO_get_retry_BIO()\fR determines the precise reason for the special +condition, it returns the \s-1BIO\s0 that caused this condition and if +\&\fBreason\fR is not \s-1NULL\s0 it contains the reason code. The meaning of +the reason code and the action that should be taken depends on +the type of \s-1BIO\s0 that resulted in this condition. +.PP +\&\fIBIO_get_retry_reason()\fR returns the reason for a special condition if +passed the relevant \s-1BIO\s0, for example as returned by \fIBIO_get_retry_BIO()\fR. +.PP +\&\fIBIO_set_retry_reason()\fR sets the retry reason for a special condition for a given +\&\s-1BIO\s0. This would usually only be called by \s-1BIO\s0 implementations. +.SH "NOTES" +.IX Header "NOTES" +\&\fIBIO_should_read()\fR, \fIBIO_should_write()\fR, \fIBIO_should_io_special()\fR, +\&\fIBIO_retry_type()\fR, and \fIBIO_should_retry()\fR, are implemented as macros. +.PP +If \fIBIO_should_retry()\fR returns false then the precise \*(L"error condition\*(R" +depends on the \s-1BIO\s0 type that caused it and the return code of the \s-1BIO\s0 +operation. For example if a call to \fIBIO_read_ex()\fR on a socket \s-1BIO\s0 returns +0 and \fIBIO_should_retry()\fR is false then the cause will be that the +connection closed. A similar condition on a file \s-1BIO\s0 will mean that it +has reached \s-1EOF\s0. Some \s-1BIO\s0 types may place additional information on +the error queue. For more details see the individual \s-1BIO\s0 type manual +pages. +.PP +If the underlying I/O structure is in a blocking mode almost all current +\&\s-1BIO\s0 types will not request a retry, because the underlying I/O +calls will not. If the application knows that the \s-1BIO\s0 type will never +signal a retry then it need not call \fIBIO_should_retry()\fR after a failed +\&\s-1BIO\s0 I/O call. This is typically done with file BIOs. +.PP +\&\s-1SSL\s0 BIOs are the only current exception to this rule: they can request a +retry even if the underlying I/O structure is blocking, if a handshake +occurs during a call to \fIBIO_read()\fR. An application can retry the failed +call immediately or avoid this situation by setting \s-1SSL_MODE_AUTO_RETRY\s0 +on the underlying \s-1SSL\s0 structure. +.PP +While an application may retry a failed non blocking call immediately +this is likely to be very inefficient because the call will fail +repeatedly until data can be processed or is available. An application +will normally wait until the necessary condition is satisfied. How +this is done depends on the underlying I/O structure. +.PP +For example if the cause is ultimately a socket and \fIBIO_should_read()\fR +is true then a call to \fIselect()\fR may be made to wait until data is +available and then retry the \s-1BIO\s0 operation. By combining the retry +conditions of several non blocking BIOs in a single \fIselect()\fR call +it is possible to service several BIOs in a single thread, though +the performance may be poor if \s-1SSL\s0 BIOs are present because long delays +can occur during the initial handshake process. +.PP +It is possible for a \s-1BIO\s0 to block indefinitely if the underlying I/O +structure cannot process or return any data. This depends on the behaviour of +the platforms I/O functions. This is often not desirable: one solution +is to use non blocking I/O and use a timeout on the \fIselect()\fR (or +equivalent) call. +.SH "BUGS" +.IX Header "BUGS" +The OpenSSL \s-1ASN1\s0 functions cannot gracefully deal with non blocking I/O: +that is they cannot retry after a partial read or write. This is usually +worked around by only passing the relevant data to \s-1ASN1\s0 functions when +the entire structure can be read or written. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_should_read()\fR, \fIBIO_should_write()\fR, \fIBIO_should_io_special()\fR, and +\&\fIBIO_should_retry()\fR return either 1 or 0 based on the actual conditions +of the \fB\s-1BIO\s0\fR. +.PP +\&\fIBIO_retry_type()\fR returns a flag combination presenting the cause of a retry +condition or false if there is no retry condition. +.PP +\&\fIBIO_get_retry_BIO()\fR returns a valid \fB\s-1BIO\s0\fR structure. +.PP +\&\fIBIO_get_retry_reason()\fR returns the reason for a special condition. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIbio\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \fIBIO_get_retry_reason()\fR and \fIBIO_set_retry_reason()\fR functions were added in +OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/BIO_socket_wait.3 b/linux_amd64/ssl/share/man/man3/BIO_socket_wait.3 new file mode 100755 index 0000000..163fe27 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/BIO_socket_wait.3 @@ -0,0 +1,181 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_SOCKET_WAIT 3" +.TH BIO_SOCKET_WAIT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_socket_wait, +BIO_wait, +BIO_connect_retry +\&\- BIO socket utility functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& #ifndef OPENSSL_NO_SOCK +\& int BIO_socket_wait(int fd, int for_read, time_t max_time); +\& #endif +\& int BIO_wait(BIO *bio, time_t max_time, unsigned int milliseconds); +\& int BIO_connect_retry(BIO *bio, long timeout); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBIO_socket_wait()\fR waits on the socket \fBfd\fR for reading if \fBfor_read\fR is not 0, +else for writing, at most until \fBmax_time\fR. +It succeeds immediately if \fBmax_time\fR == 0 (which means no timeout given). +.PP +\&\fIBIO_wait()\fR waits at most until \fBmax_time\fR on the given \fBbio\fR, +which is typically socket-based, +for reading if \fBbio\fR is supposed to read, else for writing. +It succeeds immediately if \fBmax_time\fR == 0 (which means no timeout given). +If sockets are not available it succeeds after waiting at most given +\&\fBmilliseconds\fR in order to help avoiding a tight busy loop at the caller. +.PP +\&\fIBIO_connect_retry()\fR connects via the given \fBbio\fR, retrying \fIBIO_do_connect()\fR +until success or a timeout or error condition is reached. +If the \fBtimeout\fR parameter is > 0 this indicates the maximum number of seconds +to wait until the connection is established. A value of 0 enables waiting +indefinitely, while a value < 0 immediately leads to a timeout condition. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_socket_wait()\fR, \fIBIO_wait()\fR, and \fIBIO_connect_retry()\fR +return \-1 on error, 0 on timeout, and 1 on success. +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIBIO_socket_wait()\fR, \fIBIO_wait()\fR, and \fIBIO_connect_retry()\fR +were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/BN_BLINDING_new.3 b/linux_amd64/ssl/share/man/man3/BN_BLINDING_new.3 new file mode 100755 index 0000000..80339fd --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/BN_BLINDING_new.3 @@ -0,0 +1,249 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_BLINDING_NEW 3" +.TH BN_BLINDING_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_BLINDING_new, BN_BLINDING_free, BN_BLINDING_update, BN_BLINDING_convert, +BN_BLINDING_invert, BN_BLINDING_convert_ex, BN_BLINDING_invert_ex, +BN_BLINDING_is_current_thread, BN_BLINDING_set_current_thread, +BN_BLINDING_lock, BN_BLINDING_unlock, BN_BLINDING_get_flags, +BN_BLINDING_set_flags, BN_BLINDING_create_param \- blinding related BIGNUM functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, +\& BIGNUM *mod); +\& void BN_BLINDING_free(BN_BLINDING *b); +\& int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx); +\& int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); +\& int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); +\& int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, +\& BN_CTX *ctx); +\& int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, +\& BN_CTX *ctx); +\& int BN_BLINDING_is_current_thread(BN_BLINDING *b); +\& void BN_BLINDING_set_current_thread(BN_BLINDING *b); +\& int BN_BLINDING_lock(BN_BLINDING *b); +\& int BN_BLINDING_unlock(BN_BLINDING *b); +\& unsigned long BN_BLINDING_get_flags(const BN_BLINDING *); +\& void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long); +\& BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, +\& const BIGNUM *e, BIGNUM *m, BN_CTX *ctx, +\& int (*bn_mod_exp)(BIGNUM *r, +\& const BIGNUM *a, +\& const BIGNUM *p, +\& const BIGNUM *m, +\& BN_CTX *ctx, +\& BN_MONT_CTX *m_ctx), +\& BN_MONT_CTX *m_ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBN_BLINDING_new()\fR allocates a new \fB\s-1BN_BLINDING\s0\fR structure and copies +the \fBA\fR and \fBAi\fR values into the newly created \fB\s-1BN_BLINDING\s0\fR object. +.PP +\&\fIBN_BLINDING_free()\fR frees the \fB\s-1BN_BLINDING\s0\fR structure. +If \fBb\fR is \s-1NULL\s0, nothing is done. +.PP +\&\fIBN_BLINDING_update()\fR updates the \fB\s-1BN_BLINDING\s0\fR parameters by squaring +the \fBA\fR and \fBAi\fR or, after specific number of uses and if the +necessary parameters are set, by re-creating the blinding parameters. +.PP +\&\fIBN_BLINDING_convert_ex()\fR multiplies \fBn\fR with the blinding factor \fBA\fR. +If \fBr\fR is not \s-1NULL\s0 a copy the inverse blinding factor \fBAi\fR will be +returned in \fBr\fR (this is useful if a \fB\s-1RSA\s0\fR object is shared among +several threads). \fIBN_BLINDING_invert_ex()\fR multiplies \fBn\fR with the +inverse blinding factor \fBAi\fR. If \fBr\fR is not \s-1NULL\s0 it will be used as +the inverse blinding. +.PP +\&\fIBN_BLINDING_convert()\fR and \fIBN_BLINDING_invert()\fR are wrapper +functions for \fIBN_BLINDING_convert_ex()\fR and \fIBN_BLINDING_invert_ex()\fR +with \fBr\fR set to \s-1NULL\s0. +.PP +\&\fIBN_BLINDING_is_current_thread()\fR returns whether the \fB\s-1BN_BLINDING\s0\fR +structure is owned by the current thread. This is to help users +provide proper locking if needed for multi-threaded use. +.PP +\&\fIBN_BLINDING_set_current_thread()\fR sets the current thread as the +owner of the \fB\s-1BN_BLINDING\s0\fR structure. +.PP +\&\fIBN_BLINDING_lock()\fR locks the \fB\s-1BN_BLINDING\s0\fR structure. +.PP +\&\fIBN_BLINDING_unlock()\fR unlocks the \fB\s-1BN_BLINDING\s0\fR structure. +.PP +\&\fIBN_BLINDING_get_flags()\fR returns the \s-1BN_BLINDING\s0 flags. Currently +there are two supported flags: \fB\s-1BN_BLINDING_NO_UPDATE\s0\fR and +\&\fB\s-1BN_BLINDING_NO_RECREATE\s0\fR. \fB\s-1BN_BLINDING_NO_UPDATE\s0\fR inhibits the +automatic update of the \fB\s-1BN_BLINDING\s0\fR parameters after each use +and \fB\s-1BN_BLINDING_NO_RECREATE\s0\fR inhibits the automatic re-creation +of the \fB\s-1BN_BLINDING\s0\fR parameters after a fixed number of uses (currently +32). In newly allocated \fB\s-1BN_BLINDING\s0\fR objects no flags are set. +\&\fIBN_BLINDING_set_flags()\fR sets the \fB\s-1BN_BLINDING\s0\fR parameters flags. +.PP +\&\fIBN_BLINDING_create_param()\fR creates new \fB\s-1BN_BLINDING\s0\fR parameters +using the exponent \fBe\fR and the modulus \fBm\fR. \fBbn_mod_exp\fR and +\&\fBm_ctx\fR can be used to pass special functions for exponentiation +(normally \fIBN_mod_exp_mont()\fR and \fB\s-1BN_MONT_CTX\s0\fR). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBN_BLINDING_new()\fR returns the newly allocated \fB\s-1BN_BLINDING\s0\fR structure +or \s-1NULL\s0 in case of an error. +.PP +\&\fIBN_BLINDING_update()\fR, \fIBN_BLINDING_convert()\fR, \fIBN_BLINDING_invert()\fR, +\&\fIBN_BLINDING_convert_ex()\fR and \fIBN_BLINDING_invert_ex()\fR return 1 on +success and 0 if an error occurred. +.PP +\&\fIBN_BLINDING_is_current_thread()\fR returns 1 if the current thread owns +the \fB\s-1BN_BLINDING\s0\fR object, 0 otherwise. +.PP +\&\fIBN_BLINDING_set_current_thread()\fR doesn't return anything. +.PP +\&\fIBN_BLINDING_lock()\fR, \fIBN_BLINDING_unlock()\fR return 1 if the operation +succeeded or 0 on error. +.PP +\&\fIBN_BLINDING_get_flags()\fR returns the currently set \fB\s-1BN_BLINDING\s0\fR flags +(a \fBunsigned long\fR value). +.PP +\&\fIBN_BLINDING_create_param()\fR returns the newly created \fB\s-1BN_BLINDING\s0\fR +parameters or \s-1NULL\s0 on error. +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIBN_BLINDING_thread_id()\fR was first introduced in OpenSSL 1.0.0, and it +deprecates \fIBN_BLINDING_set_thread_id()\fR and \fIBN_BLINDING_get_thread_id()\fR. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2005\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/BN_CTX_new.3 b/linux_amd64/ssl/share/man/man3/BN_CTX_new.3 new file mode 100755 index 0000000..fd9089f --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/BN_CTX_new.3 @@ -0,0 +1,214 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_CTX_NEW 3" +.TH BN_CTX_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_CTX_new_ex, BN_CTX_new, BN_CTX_secure_new_ex, BN_CTX_secure_new, BN_CTX_free +\&\- allocate and free BN_CTX structures +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& BN_CTX *BN_CTX_new_ex(OPENSSL_CTX *ctx); +\& BN_CTX *BN_CTX_new(void); +\& +\& BN_CTX *BN_CTX_secure_new_ex(OPENSSL_CTX *ctx); +\& BN_CTX *BN_CTX_secure_new(void); +\& +\& void BN_CTX_free(BN_CTX *c); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A \fB\s-1BN_CTX\s0\fR is a structure that holds \fB\s-1BIGNUM\s0\fR temporary variables used by +library functions. Since dynamic memory allocation to create \fB\s-1BIGNUM\s0\fRs +is rather expensive when used in conjunction with repeated subroutine +calls, the \fB\s-1BN_CTX\s0\fR structure is used. +.PP +\&\fIBN_CTX_new_ex()\fR allocates and initializes a \fB\s-1BN_CTX\s0\fR structure for the given +library context \fBctx\fR. The value may be \s-1NULL\s0 in which case the default +library context will be used. \fIBN_CTX_new()\fR is the same as \fIBN_CTX_new_ex()\fR except +that the default library context is always used. +.PP +\&\fIBN_CTX_secure_new_ex()\fR allocates and initializes a \fB\s-1BN_CTX\s0\fR structure +but uses the secure heap (see \fICRYPTO_secure_malloc\fR\|(3)) to hold the +\&\fB\s-1BIGNUM\s0\fRs for the given library context \fBctx\fR. The value may be \s-1NULL\s0 in +which case the default library context will be used. \fIBN_CTX_secure_new()\fR is the +same as \fIBN_CTX_secure_new_ex()\fR except that the default library context is always +used. +.PP +\&\fIBN_CTX_free()\fR frees the components of the \fB\s-1BN_CTX\s0\fR and the structure itself. +Since \fIBN_CTX_start()\fR is required in order to obtain \fB\s-1BIGNUM\s0\fRs from the +\&\fB\s-1BN_CTX\s0\fR, in most cases \fIBN_CTX_end()\fR must be called before the \fB\s-1BN_CTX\s0\fR may +be freed by \fIBN_CTX_free()\fR. If \fBc\fR is \s-1NULL\s0, nothing is done. +.PP +A given \fB\s-1BN_CTX\s0\fR must only be used by a single thread of execution. No +locking is performed, and the internal pool allocator will not properly handle +multiple threads of execution. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBN_CTX_new()\fR and \fIBN_CTX_secure_new()\fR return a pointer to the \fB\s-1BN_CTX\s0\fR. +If the allocation fails, +they return \fB\s-1NULL\s0\fR and sets an error code that can be obtained by +\&\fIERR_get_error\fR\|(3). +.PP +\&\fIBN_CTX_free()\fR has no return values. +.SH "REMOVED FUNCTIONALITY" +.IX Header "REMOVED FUNCTIONALITY" +.Vb 1 +\& void BN_CTX_init(BN_CTX *c); +.Ve +.PP +\&\fIBN_CTX_init()\fR is no longer available as of OpenSSL 1.1.0. Applications should +replace use of BN_CTX_init with BN_CTX_new instead: +.PP +.Vb 6 +\& BN_CTX *ctx; +\& ctx = BN_CTX_new(); +\& if (!ctx) +\& /* error */ +\& ... +\& BN_CTX_free(ctx); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fIBN_add\fR\|(3), +\&\fIBN_CTX_start\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIBN_CTX_init()\fR was removed in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/BN_CTX_start.3 b/linux_amd64/ssl/share/man/man3/BN_CTX_start.3 new file mode 100755 index 0000000..2ebc28a --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/BN_CTX_start.3 @@ -0,0 +1,180 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_CTX_START 3" +.TH BN_CTX_START 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_CTX_start, BN_CTX_get, BN_CTX_end \- use temporary BIGNUM variables +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void BN_CTX_start(BN_CTX *ctx); +\& +\& BIGNUM *BN_CTX_get(BN_CTX *ctx); +\& +\& void BN_CTX_end(BN_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions are used to obtain temporary \fB\s-1BIGNUM\s0\fR variables from +a \fB\s-1BN_CTX\s0\fR (which can been created by using \fIBN_CTX_new\fR\|(3)) +in order to save the overhead of repeatedly creating and +freeing \fB\s-1BIGNUM\s0\fRs in functions that are called from inside a loop. +.PP +A function must call \fIBN_CTX_start()\fR first. Then, \fIBN_CTX_get()\fR may be +called repeatedly to obtain temporary \fB\s-1BIGNUM\s0\fRs. All \fIBN_CTX_get()\fR +calls must be made before calling any other functions that use the +\&\fBctx\fR as an argument. +.PP +Finally, \fIBN_CTX_end()\fR must be called before returning from the function. +If \fBctx\fR is \s-1NULL\s0, nothing is done. +When \fIBN_CTX_end()\fR is called, the \fB\s-1BIGNUM\s0\fR pointers obtained from +\&\fIBN_CTX_get()\fR become invalid. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBN_CTX_start()\fR and \fIBN_CTX_end()\fR return no values. +.PP +\&\fIBN_CTX_get()\fR returns a pointer to the \fB\s-1BIGNUM\s0\fR, or \fB\s-1NULL\s0\fR on error. +Once \fIBN_CTX_get()\fR has failed, the subsequent calls will return \fB\s-1NULL\s0\fR +as well, so it is sufficient to check the return value of the last +\&\fIBN_CTX_get()\fR call. In case of an error, an error code is set, which +can be obtained by \fIERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIBN_CTX_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/BN_add.3 b/linux_amd64/ssl/share/man/man3/BN_add.3 new file mode 100755 index 0000000..7214009 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/BN_add.3 @@ -0,0 +1,252 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_ADD 3" +.TH BN_ADD 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_add, BN_sub, BN_mul, BN_sqr, BN_div, BN_mod, BN_nnmod, BN_mod_add, +BN_mod_sub, BN_mod_mul, BN_mod_sqr, BN_exp, BN_mod_exp, BN_gcd \- +arithmetic operations on BIGNUMs +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +\& +\& int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +\& +\& int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); +\& +\& int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx); +\& +\& int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *a, const BIGNUM *d, +\& BN_CTX *ctx); +\& +\& int BN_mod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); +\& +\& int BN_nnmod(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); +\& +\& int BN_mod_add(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m, +\& BN_CTX *ctx); +\& +\& int BN_mod_sub(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m, +\& BN_CTX *ctx); +\& +\& int BN_mod_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m, +\& BN_CTX *ctx); +\& +\& int BN_mod_sqr(BIGNUM *r, BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); +\& +\& int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx); +\& +\& int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, +\& const BIGNUM *m, BN_CTX *ctx); +\& +\& int BN_gcd(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBN_add()\fR adds \fIa\fR and \fIb\fR and places the result in \fIr\fR (\f(CW\*(C`r=a+b\*(C'\fR). +\&\fIr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or \fIb\fR. +.PP +\&\fIBN_sub()\fR subtracts \fIb\fR from \fIa\fR and places the result in \fIr\fR (\f(CW\*(C`r=a\-b\*(C'\fR). +\&\fIr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or \fIb\fR. +.PP +\&\fIBN_mul()\fR multiplies \fIa\fR and \fIb\fR and places the result in \fIr\fR (\f(CW\*(C`r=a*b\*(C'\fR). +\&\fIr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or \fIb\fR. +For multiplication by powers of 2, use \fIBN_lshift\fR\|(3). +.PP +\&\fIBN_sqr()\fR takes the square of \fIa\fR and places the result in \fIr\fR +(\f(CW\*(C`r=a^2\*(C'\fR). \fIr\fR and \fIa\fR may be the same \fB\s-1BIGNUM\s0\fR. +This function is faster than BN_mul(r,a,a). +.PP +\&\fIBN_div()\fR divides \fIa\fR by \fId\fR and places the result in \fIdv\fR and the +remainder in \fIrem\fR (\f(CW\*(C`dv=a/d, rem=a%d\*(C'\fR). Either of \fIdv\fR and \fIrem\fR may +be \fB\s-1NULL\s0\fR, in which case the respective value is not returned. +The result is rounded towards zero; thus if \fIa\fR is negative, the +remainder will be zero or negative. +For division by powers of 2, use \fIBN_rshift\fR\|(3). +.PP +\&\fIBN_mod()\fR corresponds to \fIBN_div()\fR with \fIdv\fR set to \fB\s-1NULL\s0\fR. +.PP +\&\fIBN_nnmod()\fR reduces \fIa\fR modulo \fIm\fR and places the non-negative +remainder in \fIr\fR. +.PP +\&\fIBN_mod_add()\fR adds \fIa\fR to \fIb\fR modulo \fIm\fR and places the non-negative +result in \fIr\fR. +.PP +\&\fIBN_mod_sub()\fR subtracts \fIb\fR from \fIa\fR modulo \fIm\fR and places the +non-negative result in \fIr\fR. +.PP +\&\fIBN_mod_mul()\fR multiplies \fIa\fR by \fIb\fR and finds the non-negative +remainder respective to modulus \fIm\fR (\f(CW\*(C`r=(a*b) mod m\*(C'\fR). \fIr\fR may be +the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or \fIb\fR. For more efficient algorithms for +repeated computations using the same modulus, see +\&\fIBN_mod_mul_montgomery\fR\|(3) and +\&\fIBN_mod_mul_reciprocal\fR\|(3). +.PP +\&\fIBN_mod_sqr()\fR takes the square of \fIa\fR modulo \fBm\fR and places the +result in \fIr\fR. +.PP +\&\fIBN_exp()\fR raises \fIa\fR to the \fIp\fR\-th power and places the result in \fIr\fR +(\f(CW\*(C`r=a^p\*(C'\fR). This function is faster than repeated applications of +\&\fIBN_mul()\fR. +.PP +\&\fIBN_mod_exp()\fR computes \fIa\fR to the \fIp\fR\-th power modulo \fIm\fR (\f(CW\*(C`r=a^p % +m\*(C'\fR). This function uses less time and space than \fIBN_exp()\fR. Do not call this +function when \fBm\fR is even and any of the parameters have the +\&\fB\s-1BN_FLG_CONSTTIME\s0\fR flag set. +.PP +\&\fIBN_gcd()\fR computes the greatest common divisor of \fIa\fR and \fIb\fR and +places the result in \fIr\fR. \fIr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or +\&\fIb\fR. +.PP +For all functions, \fIctx\fR is a previously allocated \fB\s-1BN_CTX\s0\fR used for +temporary variables; see \fIBN_CTX_new\fR\|(3). +.PP +Unless noted otherwise, the result \fB\s-1BIGNUM\s0\fR must be different from +the arguments. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +For all functions, 1 is returned for success, 0 on error. The return +value should always be checked (e.g., \f(CW\*(C`if (!BN_add(r,a,b)) goto err;\*(C'\fR). +The error codes can be obtained by \fIERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fIBN_CTX_new\fR\|(3), +\&\fIBN_add_word\fR\|(3), \fIBN_set_bit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/BN_add_word.3 b/linux_amd64/ssl/share/man/man3/BN_add_word.3 new file mode 100755 index 0000000..1309a95 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/BN_add_word.3 @@ -0,0 +1,184 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_ADD_WORD 3" +.TH BN_ADD_WORD 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_add_word, BN_sub_word, BN_mul_word, BN_div_word, BN_mod_word \- arithmetic +functions on BIGNUMs with integers +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BN_add_word(BIGNUM *a, BN_ULONG w); +\& +\& int BN_sub_word(BIGNUM *a, BN_ULONG w); +\& +\& int BN_mul_word(BIGNUM *a, BN_ULONG w); +\& +\& BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w); +\& +\& BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions perform arithmetic operations on BIGNUMs with unsigned +integers. They are much more efficient than the normal \s-1BIGNUM\s0 +arithmetic operations. +.PP +\&\fIBN_add_word()\fR adds \fBw\fR to \fBa\fR (\f(CW\*(C`a+=w\*(C'\fR). +.PP +\&\fIBN_sub_word()\fR subtracts \fBw\fR from \fBa\fR (\f(CW\*(C`a\-=w\*(C'\fR). +.PP +\&\fIBN_mul_word()\fR multiplies \fBa\fR and \fBw\fR (\f(CW\*(C`a*=w\*(C'\fR). +.PP +\&\fIBN_div_word()\fR divides \fBa\fR by \fBw\fR (\f(CW\*(C`a/=w\*(C'\fR) and returns the remainder. +.PP +\&\fIBN_mod_word()\fR returns the remainder of \fBa\fR divided by \fBw\fR (\f(CW\*(C`a%w\*(C'\fR). +.PP +For \fIBN_div_word()\fR and \fIBN_mod_word()\fR, \fBw\fR must not be 0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBN_add_word()\fR, \fIBN_sub_word()\fR and \fIBN_mul_word()\fR return 1 for success, 0 +on error. The error codes can be obtained by \fIERR_get_error\fR\|(3). +.PP +\&\fIBN_mod_word()\fR and \fIBN_div_word()\fR return \fBa\fR%\fBw\fR on success and +\&\fB(\s-1BN_ULONG\s0)\-1\fR if an error occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fIBN_add\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/BN_bn2bin.3 b/linux_amd64/ssl/share/man/man3/BN_bn2bin.3 new file mode 100755 index 0000000..6cfda22 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/BN_bn2bin.3 @@ -0,0 +1,247 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_BN2BIN 3" +.TH BN_BN2BIN 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_bn2binpad, +BN_bn2bin, BN_bin2bn, BN_bn2lebinpad, BN_lebin2bn, +BN_bn2nativepad, BN_native2bn, BN_bn2hex, BN_bn2dec, BN_hex2bn, BN_dec2bn, +BN_print, BN_print_fp, BN_bn2mpi, BN_mpi2bn \- format conversions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BN_bn2bin(const BIGNUM *a, unsigned char *to); +\& int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen); +\& BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret); +\& +\& int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen); +\& BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret); +\& +\& int BN_bn2nativepad(const BIGNUM *a, unsigned char *to, int tolen); +\& BIGNUM *BN_native2bn(const unsigned char *s, int len, BIGNUM *ret); +\& +\& char *BN_bn2hex(const BIGNUM *a); +\& char *BN_bn2dec(const BIGNUM *a); +\& int BN_hex2bn(BIGNUM **a, const char *str); +\& int BN_dec2bn(BIGNUM **a, const char *str); +\& +\& int BN_print(BIO *fp, const BIGNUM *a); +\& int BN_print_fp(FILE *fp, const BIGNUM *a); +\& +\& int BN_bn2mpi(const BIGNUM *a, unsigned char *to); +\& BIGNUM *BN_mpi2bn(unsigned char *s, int len, BIGNUM *ret); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBN_bn2bin()\fR converts the absolute value of \fBa\fR into big-endian form +and stores it at \fBto\fR. \fBto\fR must point to BN_num_bytes(\fBa\fR) bytes of +memory. +.PP +\&\fIBN_bn2binpad()\fR also converts the absolute value of \fBa\fR into big-endian form +and stores it at \fBto\fR. \fBtolen\fR indicates the length of the output buffer +\&\fBto\fR. The result is padded with zeros if necessary. If \fBtolen\fR is less than +BN_num_bytes(\fBa\fR) an error is returned. +.PP +\&\fIBN_bin2bn()\fR converts the positive integer in big-endian form of length +\&\fBlen\fR at \fBs\fR into a \fB\s-1BIGNUM\s0\fR and places it in \fBret\fR. If \fBret\fR is +\&\s-1NULL\s0, a new \fB\s-1BIGNUM\s0\fR is created. +.PP +\&\fIBN_bn2lebinpad()\fR and \fIBN_lebin2bn()\fR are identical to \fIBN_bn2binpad()\fR and +\&\fIBN_bin2bn()\fR except the buffer is in little-endian format. +.PP +\&\fIBN_bn2nativepad()\fR and \fIBN_native2bn()\fR are identical to \fIBN_bn2binpad()\fR and +\&\fIBN_bin2bn()\fR except the buffer is in native format, i.e. most significant +byte first on big-endian platforms, and least significant byte first on +little-endian platforms. +.PP +\&\fIBN_bn2hex()\fR and \fIBN_bn2dec()\fR return printable strings containing the +hexadecimal and decimal encoding of \fBa\fR respectively. For negative +numbers, the string is prefaced with a leading '\-'. The string must be +freed later using \fIOPENSSL_free()\fR. +.PP +\&\fIBN_hex2bn()\fR takes as many characters as possible from the string \fBstr\fR, +including the leading character '\-' which means negative, to form a valid +hexadecimal number representation and converts them to a \fB\s-1BIGNUM\s0\fR and +stores it in **\fBa\fR. If *\fBa\fR is \s-1NULL\s0, a new \fB\s-1BIGNUM\s0\fR is created. If +\&\fBa\fR is \s-1NULL\s0, it only computes the length of valid representation. +A \*(L"negative zero\*(R" is converted to zero. +\&\fIBN_dec2bn()\fR is the same using the decimal system. +.PP +\&\fIBN_print()\fR and \fIBN_print_fp()\fR write the hexadecimal encoding of \fBa\fR, +with a leading '\-' for negative numbers, to the \fB\s-1BIO\s0\fR or \fB\s-1FILE\s0\fR +\&\fBfp\fR. +.PP +\&\fIBN_bn2mpi()\fR and \fIBN_mpi2bn()\fR convert \fB\s-1BIGNUM\s0\fRs from and to a format +that consists of the number's length in bytes represented as a 4\-byte +big-endian number, and the number itself in big-endian format, where +the most significant bit signals a negative number (the representation +of numbers with the \s-1MSB\s0 set is prefixed with null byte). +.PP +\&\fIBN_bn2mpi()\fR stores the representation of \fBa\fR at \fBto\fR, where \fBto\fR +must be large enough to hold the result. The size can be determined by +calling BN_bn2mpi(\fBa\fR, \s-1NULL\s0). +.PP +\&\fIBN_mpi2bn()\fR converts the \fBlen\fR bytes long representation at \fBs\fR to +a \fB\s-1BIGNUM\s0\fR and stores it at \fBret\fR, or in a newly allocated \fB\s-1BIGNUM\s0\fR +if \fBret\fR is \s-1NULL\s0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBN_bn2bin()\fR returns the length of the big-endian number placed at \fBto\fR. +\&\fIBN_bin2bn()\fR returns the \fB\s-1BIGNUM\s0\fR, \s-1NULL\s0 on error. +.PP +\&\fIBN_bn2binpad()\fR returns the number of bytes written or \-1 if the supplied +buffer is too small. +.PP +\&\fIBN_bn2hex()\fR and \fIBN_bn2dec()\fR return a null-terminated string, or \s-1NULL\s0 +on error. \fIBN_hex2bn()\fR and \fIBN_dec2bn()\fR return the number of characters +used in parsing, or 0 on error, in which +case no new \fB\s-1BIGNUM\s0\fR will be created. +.PP +\&\fIBN_print_fp()\fR and \fIBN_print()\fR return 1 on success, 0 on write errors. +.PP +\&\fIBN_bn2mpi()\fR returns the length of the representation. \fIBN_mpi2bn()\fR +returns the \fB\s-1BIGNUM\s0\fR, and \s-1NULL\s0 on error. +.PP +The error codes can be obtained by \fIERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fIBN_zero\fR\|(3), +\&\fIASN1_INTEGER_to_BN\fR\|(3), +\&\fIBN_num_bytes\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/BN_cmp.3 b/linux_amd64/ssl/share/man/man3/BN_cmp.3 new file mode 100755 index 0000000..11e83a2 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/BN_cmp.3 @@ -0,0 +1,171 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_CMP 3" +.TH BN_CMP 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_cmp, BN_ucmp, BN_is_zero, BN_is_one, BN_is_word, BN_is_odd \- BIGNUM comparison and test functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BN_cmp(BIGNUM *a, BIGNUM *b); +\& int BN_ucmp(BIGNUM *a, BIGNUM *b); +\& +\& int BN_is_zero(BIGNUM *a); +\& int BN_is_one(BIGNUM *a); +\& int BN_is_word(BIGNUM *a, BN_ULONG w); +\& int BN_is_odd(BIGNUM *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBN_cmp()\fR compares the numbers \fBa\fR and \fBb\fR. \fIBN_ucmp()\fR compares their +absolute values. +.PP +\&\fIBN_is_zero()\fR, \fIBN_is_one()\fR and \fIBN_is_word()\fR test if \fBa\fR equals 0, 1, +or \fBw\fR respectively. \fIBN_is_odd()\fR tests if a is odd. +.PP +\&\fIBN_is_zero()\fR, \fIBN_is_one()\fR, \fIBN_is_word()\fR and \fIBN_is_odd()\fR are macros. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBN_cmp()\fR returns \-1 if \fBa\fR < \fBb\fR, 0 if \fBa\fR == \fBb\fR and 1 if +\&\fBa\fR > \fBb\fR. \fIBN_ucmp()\fR is the same using the absolute values +of \fBa\fR and \fBb\fR. +.PP +\&\fIBN_is_zero()\fR, \fIBN_is_one()\fR \fIBN_is_word()\fR and \fIBN_is_odd()\fR return 1 if +the condition is true, 0 otherwise. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/BN_copy.3 b/linux_amd64/ssl/share/man/man3/BN_copy.3 new file mode 100755 index 0000000..e7edcab --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/BN_copy.3 @@ -0,0 +1,182 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_COPY 3" +.TH BN_COPY 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_copy, BN_dup, BN_with_flags \- copy BIGNUMs +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& BIGNUM *BN_copy(BIGNUM *to, const BIGNUM *from); +\& +\& BIGNUM *BN_dup(const BIGNUM *from); +\& +\& void BN_with_flags(BIGNUM *dest, const BIGNUM *b, int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBN_copy()\fR copies \fBfrom\fR to \fBto\fR. \fIBN_dup()\fR creates a new \fB\s-1BIGNUM\s0\fR +containing the value \fBfrom\fR. +.PP +BN_with_flags creates a \fBtemporary\fR shallow copy of \fBb\fR in \fBdest\fR. It places +significant restrictions on the copied data. Applications that do no adhere to +these restrictions may encounter unexpected side effects or crashes. For that +reason use of this function is discouraged. Any flags provided in \fBflags\fR will +be set in \fBdest\fR in addition to any flags already set in \fBb\fR. For example this +might commonly be used to create a temporary copy of a \s-1BIGNUM\s0 with the +\&\fB\s-1BN_FLG_CONSTTIME\s0\fR flag set for constant time operations. The temporary copy in +\&\fBdest\fR will share some internal state with \fBb\fR. For this reason the following +restrictions apply to the use of \fBdest\fR: +.IP "\(bu" 2 +\&\fBdest\fR should be a newly allocated \s-1BIGNUM\s0 obtained via a call to \fIBN_new()\fR. It +should not have been used for other purposes or initialised in any way. +.IP "\(bu" 2 +\&\fBdest\fR must only be used in \*(L"read-only\*(R" operations, i.e. typically those +functions where the relevant parameter is declared \*(L"const\*(R". +.IP "\(bu" 2 +\&\fBdest\fR must be used and freed before any further subsequent use of \fBb\fR +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBN_copy()\fR returns \fBto\fR on success, \s-1NULL\s0 on error. \fIBN_dup()\fR returns +the new \fB\s-1BIGNUM\s0\fR, and \s-1NULL\s0 on error. The error codes can be obtained +by \fIERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/BN_generate_prime.3 b/linux_amd64/ssl/share/man/man3/BN_generate_prime.3 new file mode 100755 index 0000000..1b376c5 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/BN_generate_prime.3 @@ -0,0 +1,367 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_GENERATE_PRIME 3" +.TH BN_GENERATE_PRIME 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_generate_prime_ex2, BN_generate_prime_ex, BN_is_prime_ex, BN_check_prime, +BN_is_prime_fasttest_ex, BN_GENCB_call, BN_GENCB_new, BN_GENCB_free, +BN_GENCB_set_old, BN_GENCB_set, BN_GENCB_get_arg, BN_generate_prime, +BN_is_prime, BN_is_prime_fasttest \- generate primes and test for primality +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BN_generate_prime_ex2(BIGNUM *ret, int bits, int safe, +\& const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb, +\& BN_CTX *ctx); +\& +\& int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add, +\& const BIGNUM *rem, BN_GENCB *cb); +\& +\& int BN_check_prime(const BIGNUM *p, BN_CTX *ctx, BN_GENCB *cb); +\& +\& int BN_GENCB_call(BN_GENCB *cb, int a, int b); +\& +\& BN_GENCB *BN_GENCB_new(void); +\& +\& void BN_GENCB_free(BN_GENCB *cb); +\& +\& void BN_GENCB_set_old(BN_GENCB *gencb, +\& void (*callback)(int, int, void *), void *cb_arg); +\& +\& void BN_GENCB_set(BN_GENCB *gencb, +\& int (*callback)(int, int, BN_GENCB *), void *cb_arg); +\& +\& void *BN_GENCB_get_arg(BN_GENCB *cb); +.Ve +.PP +Deprecated since OpenSSL 0.9.8, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 3 +\& BIGNUM *BN_generate_prime(BIGNUM *ret, int num, int safe, BIGNUM *add, +\& BIGNUM *rem, void (*callback)(int, int, void *), +\& void *cb_arg); +\& +\& int BN_is_prime(const BIGNUM *p, int nchecks, +\& void (*callback)(int, int, void *), BN_CTX *ctx, void *cb_arg); +\& +\& int BN_is_prime_fasttest(const BIGNUM *p, int nchecks, +\& void (*callback)(int, int, void *), BN_CTX *ctx, +\& void *cb_arg, int do_trial_division); +.Ve +.PP +Deprecated since OpenSSL 3.0: +.PP +.Vb 1 +\& int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, BN_GENCB *cb); +\& +\& int BN_is_prime_fasttest_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, +\& int do_trial_division, BN_GENCB *cb); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBN_generate_prime_ex2()\fR generates a pseudo-random prime number of +at least bit length \fBbits\fR using the \s-1BN_CTX\s0 provided in \fBctx\fR. The value of +\&\fBctx\fR must not be \s-1NULL\s0. +.PP +The returned number is probably prime with a negligible error. +The maximum error rate is 2^\-128. +It's 2^\-287 for a 512 bit prime, 2^\-435 for a 1024 bit prime, +2^\-648 for a 2048 bit prime, and lower than 2^\-882 for primes larger +than 2048 bit. +.PP +If \fBadd\fR is \fB\s-1NULL\s0\fR the returned prime number will have exact bit +length \fBbits\fR with the top most two bits set. +.PP +If \fBret\fR is not \fB\s-1NULL\s0\fR, it will be used to store the number. +.PP +If \fBcb\fR is not \fB\s-1NULL\s0\fR, it is used as follows: +.IP "\(bu" 2 +\&\fBBN_GENCB_call(cb, 0, i)\fR is called after generating the i\-th +potential prime number. +.IP "\(bu" 2 +While the number is being tested for primality, +\&\fBBN_GENCB_call(cb, 1, j)\fR is called as described below. +.IP "\(bu" 2 +When a prime has been found, \fBBN_GENCB_call(cb, 2, i)\fR is called. +.IP "\(bu" 2 +The callers of \fIBN_generate_prime_ex()\fR may call \fBBN_GENCB_call(cb, i, j)\fR with +other values as described in their respective man pages; see \*(L"\s-1SEE\s0 \s-1ALSO\s0\*(R". +.PP +The prime may have to fulfill additional requirements for use in +Diffie-Hellman key exchange: +.PP +If \fBadd\fR is not \fB\s-1NULL\s0\fR, the prime will fulfill the condition p % \fBadd\fR +== \fBrem\fR (p % \fBadd\fR == 1 if \fBrem\fR == \fB\s-1NULL\s0\fR) in order to suit a given +generator. +.PP +If \fBsafe\fR is true, it will be a safe prime (i.e. a prime p so +that (p\-1)/2 is also prime). If \fBsafe\fR is true, and \fBrem\fR == \fB\s-1NULL\s0\fR +the condition will be p % \fBadd\fR == 3. +It is recommended that \fBadd\fR is a multiple of 4. +.PP +The random generator must be seeded prior to calling \fIBN_generate_prime_ex()\fR. +If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to +external circumstances (see \s-1\fIRAND\s0\fR\|(7)), the operation will fail. +The random number generator configured for the \s-1OPENSSL_CTX\s0 associated with +\&\fBctx\fR will be used. +.PP +\&\fIBN_generate_prime_ex()\fR is the same as \fIBN_generate_prime_ex2()\fR except that no +\&\fBctx\fR parameter is passed. +In this case the random number generator associated with the default \s-1OPENSSL_CTX\s0 +will be used. +.PP +\&\fIBN_check_prime()\fR, \fIBN_is_prime_ex()\fR, \fIBN_is_prime_fasttest_ex()\fR, \fIBN_is_prime()\fR +and \fIBN_is_prime_fasttest()\fR test if the number \fBp\fR is prime. +The functions tests until one of the tests shows that \fBp\fR is composite, +or all the tests passed. +If \fBp\fR passes all these tests, it is considered a probable prime. +.PP +The test performed on \fBp\fR are trial division by a number of small primes +and rounds of the of the Miller-Rabin probabilistic primality test. +.PP +The functions do at least 64 rounds of the Miller-Rabin test giving a maximum +false positive rate of 2^\-128. +If the size of \fBp\fR is more than 2048 bits, they do at least 128 rounds +giving a maximum false positive rate of 2^\-256. +.PP +If \fBnchecks\fR is larger than the minimum above (64 or 128), \fBnchecks\fR +rounds of the Miller-Rabin test will be done. +.PP +If \fBdo_trial_division\fR set to \fB0\fR, the trial division will be skipped. +\&\fIBN_is_prime_ex()\fR and \fIBN_is_prime()\fR always skip the trial division. +.PP +\&\fIBN_is_prime_ex()\fR, \fIBN_is_prime_fasttest_ex()\fR, \fIBN_is_prime()\fR +and \fIBN_is_prime_fasttest()\fR are deprecated. +.PP +\&\fIBN_is_prime_fasttest()\fR and \fIBN_is_prime()\fR behave just like +\&\fIBN_is_prime_fasttest_ex()\fR and \fIBN_is_prime_ex()\fR respectively, but with the old +style call back. +.PP +\&\fBctx\fR is a pre-allocated \fB\s-1BN_CTX\s0\fR (to save the overhead of allocating and +freeing the structure in a loop), or \fB\s-1NULL\s0\fR. +.PP +If the trial division is done, and no divisors are found and \fBcb\fR +is not \fB\s-1NULL\s0\fR, \fBBN_GENCB_call(cb, 1, \-1)\fR is called. +.PP +After each round of the Miller-Rabin probabilistic primality test, +if \fBcb\fR is not \fB\s-1NULL\s0\fR, \fBBN_GENCB_call(cb, 1, j)\fR is called +with \fBj\fR the iteration (j = 0, 1, ...). +.PP +\&\fIBN_GENCB_call()\fR calls the callback function held in the \fB\s-1BN_GENCB\s0\fR structure +and passes the ints \fBa\fR and \fBb\fR as arguments. There are two types of +\&\fB\s-1BN_GENCB\s0\fR structure that are supported: \*(L"new\*(R" style and \*(L"old\*(R" style. New +programs should prefer the \*(L"new\*(R" style, whilst the \*(L"old\*(R" style is provided +for backwards compatibility purposes. +.PP +A \fB\s-1BN_GENCB\s0\fR structure should be created through a call to \fIBN_GENCB_new()\fR, +and freed through a call to \fIBN_GENCB_free()\fR. +.PP +For \*(L"new\*(R" style callbacks a \s-1BN_GENCB\s0 structure should be initialised with a +call to \fIBN_GENCB_set()\fR, where \fBgencb\fR is a \fB\s-1BN_GENCB\s0 *\fR, \fBcallback\fR is of +type \fBint (*callback)(int, int, \s-1BN_GENCB\s0 *)\fR and \fBcb_arg\fR is a \fBvoid *\fR. +\&\*(L"Old\*(R" style callbacks are the same except they are initialised with a call +to \fIBN_GENCB_set_old()\fR and \fBcallback\fR is of type +\&\fBvoid (*callback)(int, int, void *)\fR. +.PP +A callback is invoked through a call to \fBBN_GENCB_call\fR. This will check +the type of the callback and will invoke \fBcallback(a, b, gencb)\fR for new +style callbacks or \fBcallback(a, b, cb_arg)\fR for old style. +.PP +It is possible to obtain the argument associated with a \s-1BN_GENCB\s0 structure +(set via a call to BN_GENCB_set or BN_GENCB_set_old) using BN_GENCB_get_arg. +.PP +\&\fIBN_generate_prime()\fR (deprecated) works in the same way as +\&\fIBN_generate_prime_ex()\fR but expects an old-style callback function +directly in the \fBcallback\fR parameter, and an argument to pass to it in +the \fBcb_arg\fR. \fIBN_is_prime()\fR and \fIBN_is_prime_fasttest()\fR +can similarly be compared to \fIBN_is_prime_ex()\fR and +\&\fIBN_is_prime_fasttest_ex()\fR, respectively. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBN_generate_prime_ex()\fR return 1 on success or 0 on error. +.PP +\&\fIBN_is_prime_ex()\fR, \fIBN_is_prime_fasttest_ex()\fR, \fIBN_is_prime()\fR, +\&\fIBN_is_prime_fasttest()\fR and BN_check_prime return 0 if the number is composite, +1 if it is prime with an error probability of less than 0.25^\fBnchecks\fR, and +\&\-1 on error. +.PP +\&\fIBN_generate_prime()\fR returns the prime number on success, \fB\s-1NULL\s0\fR otherwise. +.PP +BN_GENCB_new returns a pointer to a \s-1BN_GENCB\s0 structure on success, or \fB\s-1NULL\s0\fR +otherwise. +.PP +BN_GENCB_get_arg returns the argument previously associated with a \s-1BN_GENCB\s0 +structure. +.PP +Callback functions should return 1 on success or 0 on error. +.PP +The error codes can be obtained by \fIERR_get_error\fR\|(3). +.SH "REMOVED FUNCTIONALITY" +.IX Header "REMOVED FUNCTIONALITY" +As of OpenSSL 1.1.0 it is no longer possible to create a \s-1BN_GENCB\s0 structure +directly, as in: +.PP +.Vb 1 +\& BN_GENCB callback; +.Ve +.PP +Instead applications should create a \s-1BN_GENCB\s0 structure using BN_GENCB_new: +.PP +.Vb 6 +\& BN_GENCB *callback; +\& callback = BN_GENCB_new(); +\& if (!callback) +\& /* error */ +\& ... +\& BN_GENCB_free(callback); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIDH_generate_parameters\fR\|(3), \fIDSA_generate_parameters\fR\|(3), +\&\fIRSA_generate_key\fR\|(3), \fIERR_get_error\fR\|(3), \fIRAND_bytes\fR\|(3), +\&\s-1\fIRAND\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \fIBN_GENCB_new()\fR, \fIBN_GENCB_free()\fR, +and \fIBN_GENCB_get_arg()\fR functions were added in OpenSSL 1.1.0. +.PP +\&\fIBN_check_prime()\fR was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/BN_mod_inverse.3 b/linux_amd64/ssl/share/man/man3/BN_mod_inverse.3 new file mode 100755 index 0000000..d61c234 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/BN_mod_inverse.3 @@ -0,0 +1,164 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_MOD_INVERSE 3" +.TH BN_MOD_INVERSE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_mod_inverse \- compute inverse modulo n +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& BIGNUM *BN_mod_inverse(BIGNUM *r, BIGNUM *a, const BIGNUM *n, +\& BN_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBN_mod_inverse()\fR computes the inverse of \fBa\fR modulo \fBn\fR +places the result in \fBr\fR (\f(CW\*(C`(a*r)%n==1\*(C'\fR). If \fBr\fR is \s-1NULL\s0, +a new \fB\s-1BIGNUM\s0\fR is created. +.PP +\&\fBctx\fR is a previously allocated \fB\s-1BN_CTX\s0\fR used for temporary +variables. \fBr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fBa\fR or \fBn\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBN_mod_inverse()\fR returns the \fB\s-1BIGNUM\s0\fR containing the inverse, and +\&\s-1NULL\s0 on error. The error codes can be obtained by \fIERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fIBN_add\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/BN_mod_mul_montgomery.3 b/linux_amd64/ssl/share/man/man3/BN_mod_mul_montgomery.3 new file mode 100755 index 0000000..d3e88c3 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/BN_mod_mul_montgomery.3 @@ -0,0 +1,211 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_MOD_MUL_MONTGOMERY 3" +.TH BN_MOD_MUL_MONTGOMERY 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_mod_mul_montgomery, BN_MONT_CTX_new, +BN_MONT_CTX_free, BN_MONT_CTX_set, BN_MONT_CTX_copy, +BN_from_montgomery, BN_to_montgomery \- Montgomery multiplication +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& BN_MONT_CTX *BN_MONT_CTX_new(void); +\& void BN_MONT_CTX_free(BN_MONT_CTX *mont); +\& +\& int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *m, BN_CTX *ctx); +\& BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from); +\& +\& int BN_mod_mul_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *b, +\& BN_MONT_CTX *mont, BN_CTX *ctx); +\& +\& int BN_from_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont, +\& BN_CTX *ctx); +\& +\& int BN_to_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont, +\& BN_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions implement Montgomery multiplication. They are used +automatically when \fIBN_mod_exp\fR\|(3) is called with suitable input, +but they may be useful when several operations are to be performed +using the same modulus. +.PP +\&\fIBN_MONT_CTX_new()\fR allocates and initializes a \fB\s-1BN_MONT_CTX\s0\fR structure. +.PP +\&\fIBN_MONT_CTX_set()\fR sets up the \fImont\fR structure from the modulus \fIm\fR +by precomputing its inverse and a value R. +.PP +\&\fIBN_MONT_CTX_copy()\fR copies the \fB\s-1BN_MONT_CTX\s0\fR \fIfrom\fR to \fIto\fR. +.PP +\&\fIBN_MONT_CTX_free()\fR frees the components of the \fB\s-1BN_MONT_CTX\s0\fR, and, if +it was created by \fIBN_MONT_CTX_new()\fR, also the structure itself. +If \fBmont\fR is \s-1NULL\s0, nothing is done. +.PP +\&\fIBN_mod_mul_montgomery()\fR computes Mont(\fIa\fR,\fIb\fR):=\fIa\fR*\fIb\fR*R^\-1 and places +the result in \fIr\fR. +.PP +\&\fIBN_from_montgomery()\fR performs the Montgomery reduction \fIr\fR = \fIa\fR*R^\-1. +.PP +\&\fIBN_to_montgomery()\fR computes Mont(\fIa\fR,R^2), i.e. \fIa\fR*R. +Note that \fIa\fR must be non-negative and smaller than the modulus. +.PP +For all functions, \fIctx\fR is a previously allocated \fB\s-1BN_CTX\s0\fR used for +temporary variables. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBN_MONT_CTX_new()\fR returns the newly allocated \fB\s-1BN_MONT_CTX\s0\fR, and \s-1NULL\s0 +on error. +.PP +\&\fIBN_MONT_CTX_free()\fR has no return value. +.PP +For the other functions, 1 is returned for success, 0 on error. +The error codes can be obtained by \fIERR_get_error\fR\|(3). +.SH "WARNINGS" +.IX Header "WARNINGS" +The inputs must be reduced modulo \fBm\fR, otherwise the result will be +outside the expected range. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fIBN_add\fR\|(3), +\&\fIBN_CTX_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIBN_MONT_CTX_init()\fR was removed in OpenSSL 1.1.0 +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/BN_mod_mul_reciprocal.3 b/linux_amd64/ssl/share/man/man3/BN_mod_mul_reciprocal.3 new file mode 100755 index 0000000..1e0666c --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/BN_mod_mul_reciprocal.3 @@ -0,0 +1,198 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_MOD_MUL_RECIPROCAL 3" +.TH BN_MOD_MUL_RECIPROCAL 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_mod_mul_reciprocal, BN_div_recp, BN_RECP_CTX_new, +BN_RECP_CTX_free, BN_RECP_CTX_set \- modular multiplication using +reciprocal +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& BN_RECP_CTX *BN_RECP_CTX_new(void); +\& void BN_RECP_CTX_free(BN_RECP_CTX *recp); +\& +\& int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *m, BN_CTX *ctx); +\& +\& int BN_div_recp(BIGNUM *dv, BIGNUM *rem, BIGNUM *a, BN_RECP_CTX *recp, +\& BN_CTX *ctx); +\& +\& int BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *a, BIGNUM *b, +\& BN_RECP_CTX *recp, BN_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBN_mod_mul_reciprocal()\fR can be used to perform an efficient +\&\fIBN_mod_mul\fR\|(3) operation when the operation will be performed +repeatedly with the same modulus. It computes \fBr\fR=(\fBa\fR*\fBb\fR)%\fBm\fR +using \fBrecp\fR=1/\fBm\fR, which is set as described below. \fBctx\fR is a +previously allocated \fB\s-1BN_CTX\s0\fR used for temporary variables. +.PP +\&\fIBN_RECP_CTX_new()\fR allocates and initializes a \fB\s-1BN_RECP\s0\fR structure. +.PP +\&\fIBN_RECP_CTX_free()\fR frees the components of the \fB\s-1BN_RECP\s0\fR, and, if it +was created by \fIBN_RECP_CTX_new()\fR, also the structure itself. +If \fBrecp\fR is \s-1NULL\s0, nothing is done. +.PP +\&\fIBN_RECP_CTX_set()\fR stores \fBm\fR in \fBrecp\fR and sets it up for computing +1/\fBm\fR and shifting it left by BN_num_bits(\fBm\fR)+1 to make it an +integer. The result and the number of bits it was shifted left will +later be stored in \fBrecp\fR. +.PP +\&\fIBN_div_recp()\fR divides \fBa\fR by \fBm\fR using \fBrecp\fR. It places the quotient +in \fBdv\fR and the remainder in \fBrem\fR. +.PP +The \fB\s-1BN_RECP_CTX\s0\fR structure cannot be shared between threads. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBN_RECP_CTX_new()\fR returns the newly allocated \fB\s-1BN_RECP_CTX\s0\fR, and \s-1NULL\s0 +on error. +.PP +\&\fIBN_RECP_CTX_free()\fR has no return value. +.PP +For the other functions, 1 is returned for success, 0 on error. +The error codes can be obtained by \fIERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fIBN_add\fR\|(3), +\&\fIBN_CTX_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIBN_RECP_CTX_init()\fR was removed in OpenSSL 1.1.0 +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/BN_new.3 b/linux_amd64/ssl/share/man/man3/BN_new.3 new file mode 100755 index 0000000..7a73963 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/BN_new.3 @@ -0,0 +1,186 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_NEW 3" +.TH BN_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_new, BN_secure_new, BN_clear, BN_free, BN_clear_free \- allocate and free BIGNUMs +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& BIGNUM *BN_new(void); +\& +\& BIGNUM *BN_secure_new(void); +\& +\& void BN_clear(BIGNUM *a); +\& +\& void BN_free(BIGNUM *a); +\& +\& void BN_clear_free(BIGNUM *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBN_new()\fR allocates and initializes a \fB\s-1BIGNUM\s0\fR structure. +\&\fIBN_secure_new()\fR does the same except that the secure heap +\&\fIOPENSSL_secure_malloc\fR\|(3) is used to store the value. +.PP +\&\fIBN_clear()\fR is used to destroy sensitive data such as keys when they +are no longer needed. It erases the memory used by \fBa\fR and sets it +to the value 0. +If \fBa\fR is \s-1NULL\s0, nothing is done. +.PP +\&\fIBN_free()\fR frees the components of the \fB\s-1BIGNUM\s0\fR, and if it was created +by \fIBN_new()\fR, also the structure itself. \fIBN_clear_free()\fR additionally +overwrites the data before the memory is returned to the system. +If \fBa\fR is \s-1NULL\s0, nothing is done. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBN_new()\fR and \fIBN_secure_new()\fR +return a pointer to the \fB\s-1BIGNUM\s0\fR initialised to the value 0. +If the allocation fails, +they return \fB\s-1NULL\s0\fR and set an error code that can be obtained +by \fIERR_get_error\fR\|(3). +.PP +\&\fIBN_clear()\fR, \fIBN_free()\fR and \fIBN_clear_free()\fR have no return values. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fIOPENSSL_secure_malloc\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIBN_init()\fR was removed in OpenSSL 1.1.0; use \fIBN_new()\fR instead. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/BN_num_bytes.3 b/linux_amd64/ssl/share/man/man3/BN_num_bytes.3 new file mode 100755 index 0000000..dbee722 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/BN_num_bytes.3 @@ -0,0 +1,183 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_NUM_BYTES 3" +.TH BN_NUM_BYTES 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_num_bits, BN_num_bytes, BN_num_bits_word \- get BIGNUM size +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BN_num_bytes(const BIGNUM *a); +\& +\& int BN_num_bits(const BIGNUM *a); +\& +\& int BN_num_bits_word(BN_ULONG w); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBN_num_bytes()\fR returns the size of a \fB\s-1BIGNUM\s0\fR in bytes. +.PP +\&\fIBN_num_bits_word()\fR returns the number of significant bits in a word. +If we take 0x00000432 as an example, it returns 11, not 16, not 32. +Basically, except for a zero, it returns \fIfloor(log2(w))+1\fR. +.PP +\&\fIBN_num_bits()\fR returns the number of significant bits in a \fB\s-1BIGNUM\s0\fR, +following the same principle as \fIBN_num_bits_word()\fR. +.PP +\&\fIBN_num_bytes()\fR is a macro. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The size. +.SH "NOTES" +.IX Header "NOTES" +Some have tried using \fIBN_num_bits()\fR on individual numbers in \s-1RSA\s0 keys, +\&\s-1DH\s0 keys and \s-1DSA\s0 keys, and found that they don't always come up with +the number of bits they expected (something like 512, 1024, 2048, +\&...). This is because generating a number with some specific number +of bits doesn't always set the highest bits, thereby making the number +of \fIsignificant\fR bits a little lower. If you want to know the \*(L"key +size\*(R" of such a key, either use functions like \fIRSA_size()\fR, \fIDH_size()\fR +and \fIDSA_size()\fR, or use \fIBN_num_bytes()\fR and multiply with 8 (although +there's no real guarantee that will match the \*(L"key size\*(R", just a lot +more probability). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIDH_size\fR\|(3), \fIDSA_size\fR\|(3), +\&\fIRSA_size\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/BN_rand.3 b/linux_amd64/ssl/share/man/man3/BN_rand.3 new file mode 100755 index 0000000..7fa4f14 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/BN_rand.3 @@ -0,0 +1,232 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_RAND 3" +.TH BN_RAND 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_rand_ex, BN_rand, BN_priv_rand_ex, BN_priv_rand, BN_pseudo_rand, +BN_rand_range_ex, BN_rand_range, BN_priv_rand_range_ex, BN_priv_rand_range, +BN_pseudo_rand_range +\&\- generate pseudo\-random number +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BN_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, BN_CTX *ctx); +\& int BN_rand(BIGNUM *rnd, int bits, int top, int bottom); +\& +\& int BN_priv_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, BN_CTX *ctx); +\& int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom); +\& +\& int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom); +\& +\& int BN_rand_range_ex(BIGNUM *rnd, BIGNUM *range, BN_CTX *ctx); +\& int BN_rand_range(BIGNUM *rnd, BIGNUM *range); +\& +\& int BN_priv_rand_range_ex(BIGNUM *rnd, BIGNUM *range, BN_CTX *ctx); +\& int BN_priv_rand_range(BIGNUM *rnd, BIGNUM *range); +\& +\& int BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBN_rand_ex()\fR generate a cryptographically strong pseudo-random +number of \fBbits\fR in length and stores it in \fBrnd\fR using the random number +generator for the library context associated with \fBctx\fR. The parameter \fBctx\fR +may be \s-1NULL\s0 in which case the default library context is used. +If \fBbits\fR is less than zero, or too small to +accommodate the requirements specified by the \fBtop\fR and \fBbottom\fR +parameters, an error is returned. +The \fBtop\fR parameters specifies +requirements on the most significant bit of the generated number. +If it is \fB\s-1BN_RAND_TOP_ANY\s0\fR, there is no constraint. +If it is \fB\s-1BN_RAND_TOP_ONE\s0\fR, the top bit must be one. +If it is \fB\s-1BN_RAND_TOP_TWO\s0\fR, the two most significant bits of +the number will be set to 1, so that the product of two such random +numbers will always have 2*\fBbits\fR length. +If \fBbottom\fR is \fB\s-1BN_RAND_BOTTOM_ODD\s0\fR, the number will be odd; if it +is \fB\s-1BN_RAND_BOTTOM_ANY\s0\fR it can be odd or even. +If \fBbits\fR is 1 then \fBtop\fR cannot also be \fB\s-1BN_RAND_FLG_TOPTWO\s0\fR. +.PP +\&\fIBN_rand()\fR is the same as \fIBN_rand_ex()\fR except that the default library context +is always used. +.PP +\&\fIBN_rand_range_ex()\fR generates a cryptographically strong pseudo-random +number \fBrnd\fR in the range 0 <= \fBrnd\fR < \fBrange\fR using the random number +generator for the library context associated with \fBctx\fR. The parameter \fBctx\fR +may be \s-1NULL\s0 in which case the default library context is used. +.PP +\&\fIBN_rand_range()\fR is the same as \fIBN_rand_range_ex()\fR except that the default +library context is always used. +.PP +\&\fIBN_priv_rand_ex()\fR, \fIBN_priv_rand()\fR, \fIBN_priv_rand_rand_ex()\fR and +\&\fIBN_priv_rand_range()\fR have the same semantics as \fIBN_rand_ex()\fR, \fIBN_rand()\fR, +\&\fIBN_rand_range_ex()\fR and \fIBN_rand_range()\fR respectively. They are intended to be +used for generating values that should remain private, and mirror the +same difference between \fIRAND_bytes\fR\|(3) and \fIRAND_priv_bytes\fR\|(3). +.SH "NOTES" +.IX Header "NOTES" +Always check the error return value of these functions and do not take +randomness for granted: an error occurs if the \s-1CSPRNG\s0 has not been +seeded with enough randomness to ensure an unpredictable byte sequence. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The functions return 1 on success, 0 on error. +The error codes can be obtained by \fIERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), +\&\fIRAND_add\fR\|(3), +\&\fIRAND_bytes\fR\|(3), +\&\fIRAND_priv_bytes\fR\|(3), +\&\s-1\fIRAND\s0\fR\|(7), +\&\s-1\fIRAND_DRBG\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +.IP "\(bu" 2 +Starting with OpenSSL release 1.1.0, \fIBN_pseudo_rand()\fR has been identical +to \fIBN_rand()\fR and \fIBN_pseudo_rand_range()\fR has been identical to +\&\fIBN_rand_range()\fR. +The \*(L"pseudo\*(R" functions should not be used and may be deprecated in +a future release. +.IP "\(bu" 2 +The +\&\fIBN_priv_rand()\fR and \fIBN_priv_rand_range()\fR functions were added in OpenSSL 1.1.1. +.IP "\(bu" 2 +The \fIBN_rand_ex()\fR, \fIBN_priv_rand_ex()\fR, \fIBN_rand_range_ex()\fR and +\&\fIBN_priv_rand_range_ex()\fR functions were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/BN_security_bits.3 b/linux_amd64/ssl/share/man/man3/BN_security_bits.3 new file mode 100755 index 0000000..7a8e69e --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/BN_security_bits.3 @@ -0,0 +1,172 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_SECURITY_BITS 3" +.TH BN_SECURITY_BITS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_security_bits \- returns bits of security based on given numbers +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BN_security_bits(int L, int N); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBN_security_bits()\fR returns the number of bits of security provided by a +specific algorithm and a particular key size. The bits of security is +defined in \s-1NIST\s0 \s-1SP800\-57\s0. Currently, \fIBN_security_bits()\fR support two types +of asymmetric algorithms: the \s-1FFC\s0 (Finite Field Cryptography) and \s-1IFC\s0 +(Integer Factorization Cryptography). For \s-1FFC\s0, e.g., \s-1DSA\s0 and \s-1DH\s0, both +parameters \fBL\fR and \fBN\fR are used to decide the bits of security, where +\&\fBL\fR is the size of the public key and \fBN\fR is the size of the private +key. For \s-1IFC\s0, e.g., \s-1RSA\s0, only \fBL\fR is used and it's commonly considered +to be the key size (modulus). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Number of security bits. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1ECC\s0 (Elliptic Curve Cryptography) is not covered by the \fIBN_security_bits()\fR +function. The symmetric algorithms are not covered neither. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIDH_security_bits\fR\|(3), \fIDSA_security_bits\fR\|(3), \fIRSA_security_bits\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fIBN_security_bits()\fR function was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/BN_set_bit.3 b/linux_amd64/ssl/share/man/man3/BN_set_bit.3 new file mode 100755 index 0000000..7d4de8c --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/BN_set_bit.3 @@ -0,0 +1,192 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_SET_BIT 3" +.TH BN_SET_BIT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_set_bit, BN_clear_bit, BN_is_bit_set, BN_mask_bits, BN_lshift, +BN_lshift1, BN_rshift, BN_rshift1 \- bit operations on BIGNUMs +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BN_set_bit(BIGNUM *a, int n); +\& int BN_clear_bit(BIGNUM *a, int n); +\& +\& int BN_is_bit_set(const BIGNUM *a, int n); +\& +\& int BN_mask_bits(BIGNUM *a, int n); +\& +\& int BN_lshift(BIGNUM *r, const BIGNUM *a, int n); +\& int BN_lshift1(BIGNUM *r, BIGNUM *a); +\& +\& int BN_rshift(BIGNUM *r, BIGNUM *a, int n); +\& int BN_rshift1(BIGNUM *r, BIGNUM *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBN_set_bit()\fR sets bit \fBn\fR in \fBa\fR to 1 (\f(CW\*(C`a|=(1<>n)\*(C'\fR). An error occurs if \fBa\fR already is +shorter than \fBn\fR bits. +.PP +\&\fIBN_lshift()\fR shifts \fBa\fR left by \fBn\fR bits and places the result in +\&\fBr\fR (\f(CW\*(C`r=a*2^n\*(C'\fR). Note that \fBn\fR must be non-negative. \fIBN_lshift1()\fR shifts +\&\fBa\fR left by one and places the result in \fBr\fR (\f(CW\*(C`r=2*a\*(C'\fR). +.PP +\&\fIBN_rshift()\fR shifts \fBa\fR right by \fBn\fR bits and places the result in +\&\fBr\fR (\f(CW\*(C`r=a/2^n\*(C'\fR). Note that \fBn\fR must be non-negative. \fIBN_rshift1()\fR shifts +\&\fBa\fR right by one and places the result in \fBr\fR (\f(CW\*(C`r=a/2\*(C'\fR). +.PP +For the shift functions, \fBr\fR and \fBa\fR may be the same variable. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBN_is_bit_set()\fR returns 1 if the bit is set, 0 otherwise. +.PP +All other functions return 1 for success, 0 on error. The error codes +can be obtained by \fIERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIBN_num_bytes\fR\|(3), \fIBN_add\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/BN_swap.3 b/linux_amd64/ssl/share/man/man3/BN_swap.3 new file mode 100755 index 0000000..7398491 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/BN_swap.3 @@ -0,0 +1,154 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_SWAP 3" +.TH BN_SWAP 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_swap \- exchange BIGNUMs +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void BN_swap(BIGNUM *a, BIGNUM *b); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBN_swap()\fR exchanges the values of \fIa\fR and \fIb\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBN_swap()\fR does not return a value. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/BN_zero.3 b/linux_amd64/ssl/share/man/man3/BN_zero.3 new file mode 100755 index 0000000..be22461 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/BN_zero.3 @@ -0,0 +1,189 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_ZERO 3" +.TH BN_ZERO 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_zero, BN_one, BN_value_one, BN_set_word, BN_get_word \- BIGNUM assignment +operations +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void BN_zero(BIGNUM *a); +\& int BN_one(BIGNUM *a); +\& +\& const BIGNUM *BN_value_one(void); +\& +\& int BN_set_word(BIGNUM *a, BN_ULONG w); +\& unsigned BN_ULONG BN_get_word(BIGNUM *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fB\s-1BN_ULONG\s0\fR is a macro that will be an unsigned integral type optimized +for the most efficient implementation on the local platform. +.PP +\&\fIBN_zero()\fR, \fIBN_one()\fR and \fIBN_set_word()\fR set \fBa\fR to the values 0, 1 and +\&\fBw\fR respectively. \fIBN_zero()\fR and \fIBN_one()\fR are macros. +.PP +\&\fIBN_value_one()\fR returns a \fB\s-1BIGNUM\s0\fR constant of value 1. This constant +is useful for use in comparisons and assignment. +.PP +\&\fIBN_get_word()\fR returns \fBa\fR, if it can be represented as a \fB\s-1BN_ULONG\s0\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBN_get_word()\fR returns the value \fBa\fR, or all-bits-set if \fBa\fR cannot +be represented as a single integer. +.PP +\&\fIBN_one()\fR and \fIBN_set_word()\fR return 1 on success, 0 otherwise. +\&\fIBN_value_one()\fR returns the constant. +\&\fIBN_zero()\fR never fails and returns no value. +.SH "BUGS" +.IX Header "BUGS" +If a \fB\s-1BIGNUM\s0\fR is equal to the value of all-bits-set, it will collide +with the error condition returned by \fIBN_get_word()\fR which uses that +as an error value. +.PP +\&\fB\s-1BN_ULONG\s0\fR should probably be a typedef. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIBN_bn2bin\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +In OpenSSL 0.9.8, \fIBN_zero()\fR was changed to not return a value; previous +versions returned an int. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/BUF_MEM_new.3 b/linux_amd64/ssl/share/man/man3/BUF_MEM_new.3 new file mode 100755 index 0000000..328d3b5 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/BUF_MEM_new.3 @@ -0,0 +1,197 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BUF_MEM_NEW 3" +.TH BUF_MEM_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BUF_MEM_new, BUF_MEM_new_ex, BUF_MEM_free, BUF_MEM_grow, +BUF_MEM_grow_clean, BUF_reverse +\&\- simple character array structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& BUF_MEM *BUF_MEM_new(void); +\& +\& BUF_MEM *BUF_MEM_new_ex(unsigned long flags); +\& +\& void BUF_MEM_free(BUF_MEM *a); +\& +\& int BUF_MEM_grow(BUF_MEM *str, int len); +\& size_t BUF_MEM_grow_clean(BUF_MEM *str, size_t len); +\& +\& void BUF_reverse(unsigned char *out, const unsigned char *in, size_t size); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The buffer library handles simple character arrays. Buffers are used for +various purposes in the library, most notably memory BIOs. +.PP +\&\fIBUF_MEM_new()\fR allocates a new buffer of zero size. +.PP +\&\fIBUF_MEM_new_ex()\fR allocates a buffer with the specified flags. +The flag \fB\s-1BUF_MEM_FLAG_SECURE\s0\fR specifies that the \fBdata\fR pointer +should be allocated on the secure heap; see \fICRYPTO_secure_malloc\fR\|(3). +.PP +\&\fIBUF_MEM_free()\fR frees up an already existing buffer. The data is zeroed +before freeing up in case the buffer contains sensitive data. +.PP +\&\fIBUF_MEM_grow()\fR changes the size of an already existing buffer to +\&\fBlen\fR. Any data already in the buffer is preserved if it increases in +size. +.PP +\&\fIBUF_MEM_grow_clean()\fR is similar to \fIBUF_MEM_grow()\fR but it sets any free'd +or additionally-allocated memory to zero. +.PP +\&\fIBUF_reverse()\fR reverses \fBsize\fR bytes at \fBin\fR into \fBout\fR. If \fBin\fR +is \s-1NULL\s0, the array is reversed in-place. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBUF_MEM_new()\fR returns the buffer or \s-1NULL\s0 on error. +.PP +\&\fIBUF_MEM_free()\fR has no return value. +.PP +\&\fIBUF_MEM_grow()\fR and \fIBUF_MEM_grow_clean()\fR return +zero on error or the new size (i.e., \fBlen\fR). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIbio\fR\|(7), +\&\fICRYPTO_secure_malloc\fR\|(3). +.SH "HISTORY" +.IX Header "HISTORY" +The \fIBUF_MEM_new_ex()\fR function was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/CMS_add0_cert.3 b/linux_amd64/ssl/share/man/man3/CMS_add0_cert.3 new file mode 100755 index 0000000..8d8a17c --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/CMS_add0_cert.3 @@ -0,0 +1,192 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_ADD0_CERT 3" +.TH CMS_ADD0_CERT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_add0_cert, CMS_add1_cert, CMS_get1_certs, CMS_add0_crl, CMS_add1_crl, CMS_get1_crls +\&\- CMS certificate and CRL utility functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert); +\& int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert); +\& STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms); +\& +\& int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl); +\& int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl); +\& STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fICMS_add0_cert()\fR and \fICMS_add1_cert()\fR add certificate \fBcert\fR to \fBcms\fR. +must be of type signed data or enveloped data. +.PP +\&\fICMS_get1_certs()\fR returns all certificates in \fBcms\fR. +.PP +\&\fICMS_add0_crl()\fR and \fICMS_add1_crl()\fR add \s-1CRL\s0 \fBcrl\fR to \fBcms\fR. \fICMS_get1_crls()\fR +returns any CRLs in \fBcms\fR. +.SH "NOTES" +.IX Header "NOTES" +The CMS_ContentInfo structure \fBcms\fR must be of type signed data or enveloped +data or an error will be returned. +.PP +For signed data certificates and CRLs are added to the \fBcertificates\fR and +\&\fBcrls\fR fields of SignedData structure. For enveloped data they are added to +\&\fBOriginatorInfo\fR. +.PP +As the \fB0\fR implies \fICMS_add0_cert()\fR adds \fBcert\fR internally to \fBcms\fR and it +must not be freed up after the call as opposed to \fICMS_add1_cert()\fR where \fBcert\fR +must be freed up. +.PP +The same certificate or \s-1CRL\s0 must not be added to the same cms structure more +than once. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fICMS_add0_cert()\fR, \fICMS_add1_cert()\fR and \fICMS_add0_crl()\fR and \fICMS_add1_crl()\fR return +1 for success and 0 for failure. +.PP +\&\fICMS_get1_certs()\fR and \fICMS_get1_crls()\fR return the \s-1STACK\s0 of certificates or CRLs +or \s-1NULL\s0 if there are none or an error occurs. The only error which will occur +in practice is if the \fBcms\fR type is invalid. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), +\&\fICMS_sign\fR\|(3), +\&\fICMS_encrypt\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/CMS_add1_recipient_cert.3 b/linux_amd64/ssl/share/man/man3/CMS_add1_recipient_cert.3 new file mode 100755 index 0000000..cba72ea --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/CMS_add1_recipient_cert.3 @@ -0,0 +1,194 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_ADD1_RECIPIENT_CERT 3" +.TH CMS_ADD1_RECIPIENT_CERT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_add1_recipient_cert, CMS_add0_recipient_key \- add recipients to a CMS enveloped data structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, +\& X509 *recip, unsigned int flags); +\& +\& CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid, +\& unsigned char *key, size_t keylen, +\& unsigned char *id, size_t idlen, +\& ASN1_GENERALIZEDTIME *date, +\& ASN1_OBJECT *otherTypeId, +\& ASN1_TYPE *otherType); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fICMS_add1_recipient_cert()\fR adds recipient \fBrecip\fR to CMS_ContentInfo enveloped +data structure \fBcms\fR as a KeyTransRecipientInfo structure. +.PP +\&\fICMS_add0_recipient_key()\fR adds symmetric key \fBkey\fR of length \fBkeylen\fR using +wrapping algorithm \fBnid\fR, identifier \fBid\fR of length \fBidlen\fR and optional +values \fBdate\fR, \fBotherTypeId\fR and \fBotherType\fR to CMS_ContentInfo enveloped +data structure \fBcms\fR as a KEKRecipientInfo structure. +.PP +The CMS_ContentInfo structure should be obtained from an initial call to +\&\fICMS_encrypt()\fR with the flag \fB\s-1CMS_PARTIAL\s0\fR set. +.SH "NOTES" +.IX Header "NOTES" +The main purpose of this function is to provide finer control over a \s-1CMS\s0 +enveloped data structure where the simpler \fICMS_encrypt()\fR function defaults are +not appropriate. For example if one or more KEKRecipientInfo structures +need to be added. New attributes can also be added using the returned +CMS_RecipientInfo structure and the \s-1CMS\s0 attribute utility functions. +.PP +OpenSSL will by default identify recipient certificates using issuer name +and serial number. If \fB\s-1CMS_USE_KEYID\s0\fR is set it will use the subject key +identifier value instead. An error occurs if all recipient certificates do not +have a subject key identifier extension. +.PP +Currently only \s-1AES\s0 based key wrapping algorithms are supported for \fBnid\fR, +specifically: NID_id_aes128_wrap, NID_id_aes192_wrap and NID_id_aes256_wrap. +If \fBnid\fR is set to \fBNID_undef\fR then an \s-1AES\s0 wrap algorithm will be used +consistent with \fBkeylen\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fICMS_add1_recipient_cert()\fR and \fICMS_add0_recipient_key()\fR return an internal +pointer to the CMS_RecipientInfo structure just added or \s-1NULL\s0 if an error +occurs. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fICMS_decrypt\fR\|(3), +\&\fICMS_final\fR\|(3), +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/CMS_add1_signer.3 b/linux_amd64/ssl/share/man/man3/CMS_add1_signer.3 new file mode 100755 index 0000000..2ad0b74 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/CMS_add1_signer.3 @@ -0,0 +1,229 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_ADD1_SIGNER 3" +.TH CMS_ADD1_SIGNER 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_add1_signer, CMS_SignerInfo_sign \- add a signer to a CMS_ContentInfo signed data structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, X509 *signcert, +\& EVP_PKEY *pkey, const EVP_MD *md, +\& unsigned int flags); +\& +\& int CMS_SignerInfo_sign(CMS_SignerInfo *si); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fICMS_add1_signer()\fR adds a signer with certificate \fBsigncert\fR and private +key \fBpkey\fR using message digest \fBmd\fR to CMS_ContentInfo SignedData +structure \fBcms\fR. +.PP +The CMS_ContentInfo structure should be obtained from an initial call to +\&\fICMS_sign()\fR with the flag \fB\s-1CMS_PARTIAL\s0\fR set or in the case or re-signing a +valid CMS_ContentInfo SignedData structure. +.PP +If the \fBmd\fR parameter is \fB\s-1NULL\s0\fR then the default digest for the public +key algorithm will be used. +.PP +Unless the \fB\s-1CMS_REUSE_DIGEST\s0\fR flag is set the returned CMS_ContentInfo +structure is not complete and must be finalized either by streaming (if +applicable) or a call to \fICMS_final()\fR. +.PP +The \fICMS_SignerInfo_sign()\fR function will explicitly sign a CMS_SignerInfo +structure, its main use is when \fB\s-1CMS_REUSE_DIGEST\s0\fR and \fB\s-1CMS_PARTIAL\s0\fR flags +are both set. +.SH "NOTES" +.IX Header "NOTES" +The main purpose of \fICMS_add1_signer()\fR is to provide finer control +over a \s-1CMS\s0 signed data structure where the simpler \fICMS_sign()\fR function defaults +are not appropriate. For example if multiple signers or non default digest +algorithms are needed. New attributes can also be added using the returned +CMS_SignerInfo structure and the \s-1CMS\s0 attribute utility functions or the +\&\s-1CMS\s0 signed receipt request functions. +.PP +Any of the following flags (ored together) can be passed in the \fBflags\fR +parameter. +.PP +If \fB\s-1CMS_REUSE_DIGEST\s0\fR is set then an attempt is made to copy the content +digest value from the CMS_ContentInfo structure: to add a signer to an existing +structure. An error occurs if a matching digest value cannot be found to copy. +The returned CMS_ContentInfo structure will be valid and finalized when this +flag is set. +.PP +If \fB\s-1CMS_PARTIAL\s0\fR is set in addition to \fB\s-1CMS_REUSE_DIGEST\s0\fR then the +CMS_SignerInfo structure will not be finalized so additional attributes +can be added. In this case an explicit call to \fICMS_SignerInfo_sign()\fR is +needed to finalize it. +.PP +If \fB\s-1CMS_NOCERTS\s0\fR is set the signer's certificate will not be included in the +CMS_ContentInfo structure, the signer's certificate must still be supplied in +the \fBsigncert\fR parameter though. This can reduce the size of the signature if +the signers certificate can be obtained by other means: for example a +previously signed message. +.PP +The SignedData structure includes several \s-1CMS\s0 signedAttributes including the +signing time, the \s-1CMS\s0 content type and the supported list of ciphers in an +SMIMECapabilities attribute. If \fB\s-1CMS_NOATTR\s0\fR is set then no signedAttributes +will be used. If \fB\s-1CMS_NOSMIMECAP\s0\fR is set then just the SMIMECapabilities are +omitted. +.PP +OpenSSL will by default identify signing certificates using issuer name +and serial number. If \fB\s-1CMS_USE_KEYID\s0\fR is set it will use the subject key +identifier value instead. An error occurs if the signing certificate does not +have a subject key identifier extension. +.PP +If present the SMIMECapabilities attribute indicates support for the following +algorithms in preference order: 256 bit \s-1AES\s0, Gost R3411\-94, Gost 28147\-89, 192 +bit \s-1AES\s0, 128 bit \s-1AES\s0, triple \s-1DES\s0, 128 bit \s-1RC2\s0, 64 bit \s-1RC2\s0, \s-1DES\s0 and 40 bit \s-1RC2\s0. +If any of these algorithms is not available then it will not be included: for example the \s-1GOST\s0 algorithms will not be included if the \s-1GOST\s0 \s-1ENGINE\s0 is +not loaded. +.PP +\&\fICMS_add1_signer()\fR returns an internal pointer to the CMS_SignerInfo +structure just added, this can be used to set additional attributes +before it is finalized. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fICMS_add1_signer()\fR returns an internal pointer to the CMS_SignerInfo +structure just added or \s-1NULL\s0 if an error occurs. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3), +\&\fICMS_final\fR\|(3), +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2014\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/CMS_compress.3 b/linux_amd64/ssl/share/man/man3/CMS_compress.3 new file mode 100755 index 0000000..b5fe069 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/CMS_compress.3 @@ -0,0 +1,199 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_COMPRESS 3" +.TH CMS_COMPRESS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_compress \- create a CMS CompressedData structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fICMS_compress()\fR creates and returns a \s-1CMS\s0 CompressedData structure. \fBcomp_nid\fR +is the compression algorithm to use or \fBNID_undef\fR to use the default +algorithm (zlib compression). \fBin\fR is the content to be compressed. +\&\fBflags\fR is an optional set of flags. +.PP +The only currently supported compression algorithm is zlib using the \s-1NID\s0 +NID_zlib_compression. +.PP +If zlib support is not compiled into OpenSSL then \fICMS_compress()\fR will return +an error. +.PP +If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are +prepended to the data. +.PP +Normally the supplied content is translated into \s-1MIME\s0 canonical format (as +required by the S/MIME specifications) if \fB\s-1CMS_BINARY\s0\fR is set no translation +occurs. This option should be used if the supplied data is in binary format +otherwise the translation will corrupt it. If \fB\s-1CMS_BINARY\s0\fR is set then +\&\fB\s-1CMS_TEXT\s0\fR is ignored. +.PP +If the \fB\s-1CMS_STREAM\s0\fR flag is set a partial \fBCMS_ContentInfo\fR structure is +returned suitable for streaming I/O: no data is read from the \s-1BIO\s0 \fBin\fR. +.PP +The compressed data is included in the CMS_ContentInfo structure, unless +\&\fB\s-1CMS_DETACHED\s0\fR is set in which case it is omitted. This is rarely used in +practice and is not supported by \fISMIME_write_CMS()\fR. +.PP +If the flag \fB\s-1CMS_STREAM\s0\fR is set the returned \fBCMS_ContentInfo\fR structure is +\&\fBnot\fR complete and outputting its contents via a function that does not +properly finalize the \fBCMS_ContentInfo\fR structure will give unpredictable +results. +.PP +Several functions including \fISMIME_write_CMS()\fR, \fIi2d_CMS_bio_stream()\fR, +\&\fIPEM_write_bio_CMS_stream()\fR finalize the structure. Alternatively finalization +can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using +\&\fIBIO_new_CMS()\fR. +.PP +Additional compression parameters such as the zlib compression level cannot +currently be set. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fICMS_compress()\fR returns either a CMS_ContentInfo structure or \s-1NULL\s0 if an error +occurred. The error can be obtained from \fIERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fICMS_uncompress\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fB\s-1CMS_STREAM\s0\fR flag was added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/CMS_decrypt.3 b/linux_amd64/ssl/share/man/man3/CMS_decrypt.3 new file mode 100755 index 0000000..2b45e06 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/CMS_decrypt.3 @@ -0,0 +1,203 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_DECRYPT 3" +.TH CMS_DECRYPT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_decrypt \- decrypt content from a CMS envelopedData structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert, +\& BIO *dcont, BIO *out, unsigned int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fICMS_decrypt()\fR extracts and decrypts the content from a \s-1CMS\s0 EnvelopedData +structure. \fBpkey\fR is the private key of the recipient, \fBcert\fR is the +recipient's certificate, \fBout\fR is a \s-1BIO\s0 to write the content to and +\&\fBflags\fR is an optional set of flags. +.PP +The \fBdcont\fR parameter is used in the rare case where the encrypted content +is detached. It will normally be set to \s-1NULL\s0. +.SH "NOTES" +.IX Header "NOTES" +Although the recipients certificate is not needed to decrypt the data it is +needed to locate the appropriate (of possible several) recipients in the \s-1CMS\s0 +structure. +.PP +If \fBcert\fR is set to \s-1NULL\s0 all possible recipients are tried. This case however +is problematic. To thwart the \s-1MMA\s0 attack (Bleichenbacher's attack on +\&\s-1PKCS\s0 #1 v1.5 \s-1RSA\s0 padding) all recipients are tried whether they succeed or +not. If no recipient succeeds then a random symmetric key is used to decrypt +the content: this will typically output garbage and may (but is not guaranteed +to) ultimately return a padding error only. If \fICMS_decrypt()\fR just returned an +error when all recipient encrypted keys failed to decrypt an attacker could +use this in a timing attack. If the special flag \fB\s-1CMS_DEBUG_DECRYPT\s0\fR is set +then the above behaviour is modified and an error \fBis\fR returned if no +recipient encrypted key can be decrypted \fBwithout\fR generating a random +content encryption key. Applications should use this flag with +\&\fBextreme caution\fR especially in automated gateways as it can leave them +open to attack. +.PP +It is possible to determine the correct recipient key by other means (for +example looking them up in a database) and setting them in the \s-1CMS\s0 structure +in advance using the \s-1CMS\s0 utility functions such as \fICMS_set1_pkey()\fR. In this +case both \fBcert\fR and \fBpkey\fR should be set to \s-1NULL\s0. +.PP +To process KEKRecipientInfo types \fICMS_set1_key()\fR or \fICMS_RecipientInfo_set0_key()\fR +and \fICMS_RecipientInfo_decrypt()\fR should be called before \fICMS_decrypt()\fR and +\&\fBcert\fR and \fBpkey\fR set to \s-1NULL\s0. +.PP +The following flags can be passed in the \fBflags\fR parameter. +.PP +If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are deleted +from the content. If the content is not of type \fBtext/plain\fR then an error is +returned. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fICMS_decrypt()\fR returns either 1 for success or 0 for failure. +The error can be obtained from \fIERR_get_error\fR\|(3) +.SH "BUGS" +.IX Header "BUGS" +The lack of single pass processing and the need to hold all data in memory as +mentioned in \fICMS_verify()\fR also applies to \fICMS_decrypt()\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fICMS_encrypt\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/CMS_encrypt.3 b/linux_amd64/ssl/share/man/man3/CMS_encrypt.3 new file mode 100755 index 0000000..ffdeb88 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/CMS_encrypt.3 @@ -0,0 +1,222 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_ENCRYPT 3" +.TH CMS_ENCRYPT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_encrypt \- create a CMS envelopedData structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in, +\& const EVP_CIPHER *cipher, unsigned int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fICMS_encrypt()\fR creates and returns a \s-1CMS\s0 EnvelopedData structure. \fBcerts\fR +is a list of recipient certificates. \fBin\fR is the content to be encrypted. +\&\fBcipher\fR is the symmetric cipher to use. \fBflags\fR is an optional set of flags. +.PP +Only certificates carrying \s-1RSA\s0, Diffie-Hellman or \s-1EC\s0 keys are supported by this +function. +.PP +\&\fIEVP_des_ede3_cbc()\fR (triple \s-1DES\s0) is the algorithm of choice for S/MIME use +because most clients will support it. +.PP +The algorithm passed in the \fBcipher\fR parameter must support \s-1ASN1\s0 encoding of +its parameters. +.PP +Many browsers implement a \*(L"sign and encrypt\*(R" option which is simply an S/MIME +envelopedData containing an S/MIME signed message. This can be readily produced +by storing the S/MIME signed message in a memory \s-1BIO\s0 and passing it to +\&\fICMS_encrypt()\fR. +.PP +The following flags can be passed in the \fBflags\fR parameter. +.PP +If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are +prepended to the data. +.PP +Normally the supplied content is translated into \s-1MIME\s0 canonical format (as +required by the S/MIME specifications) if \fB\s-1CMS_BINARY\s0\fR is set no translation +occurs. This option should be used if the supplied data is in binary format +otherwise the translation will corrupt it. If \fB\s-1CMS_BINARY\s0\fR is set then +\&\fB\s-1CMS_TEXT\s0\fR is ignored. +.PP +OpenSSL will by default identify recipient certificates using issuer name +and serial number. If \fB\s-1CMS_USE_KEYID\s0\fR is set it will use the subject key +identifier value instead. An error occurs if all recipient certificates do not +have a subject key identifier extension. +.PP +If the \fB\s-1CMS_STREAM\s0\fR flag is set a partial \fBCMS_ContentInfo\fR structure is +returned suitable for streaming I/O: no data is read from the \s-1BIO\s0 \fBin\fR. +.PP +If the \fB\s-1CMS_PARTIAL\s0\fR flag is set a partial \fBCMS_ContentInfo\fR structure is +returned to which additional recipients and attributes can be added before +finalization. +.PP +The data being encrypted is included in the CMS_ContentInfo structure, unless +\&\fB\s-1CMS_DETACHED\s0\fR is set in which case it is omitted. This is rarely used in +practice and is not supported by \fISMIME_write_CMS()\fR. +.PP +If the flag \fB\s-1CMS_STREAM\s0\fR is set the returned \fBCMS_ContentInfo\fR structure is +\&\fBnot\fR complete and outputting its contents via a function that does not +properly finalize the \fBCMS_ContentInfo\fR structure will give unpredictable +results. +.PP +Several functions including \fISMIME_write_CMS()\fR, \fIi2d_CMS_bio_stream()\fR, +\&\fIPEM_write_bio_CMS_stream()\fR finalize the structure. Alternatively finalization +can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using +\&\fIBIO_new_CMS()\fR. +.PP +The recipients specified in \fBcerts\fR use a \s-1CMS\s0 KeyTransRecipientInfo info +structure. KEKRecipientInfo is also supported using the flag \fB\s-1CMS_PARTIAL\s0\fR +and \fICMS_add0_recipient_key()\fR. +.PP +The parameter \fBcerts\fR may be \s-1NULL\s0 if \fB\s-1CMS_PARTIAL\s0\fR is set and recipients +added later using \fICMS_add1_recipient_cert()\fR or \fICMS_add0_recipient_key()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fICMS_encrypt()\fR returns either a CMS_ContentInfo structure or \s-1NULL\s0 if an error +occurred. The error can be obtained from \fIERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fICMS_decrypt\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fB\s-1CMS_STREAM\s0\fR flag was first supported in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/CMS_final.3 b/linux_amd64/ssl/share/man/man3/CMS_final.3 new file mode 100755 index 0000000..8b0060f --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/CMS_final.3 @@ -0,0 +1,168 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_FINAL 3" +.TH CMS_FINAL 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_final \- finalise a CMS_ContentInfo structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fICMS_final()\fR finalises the structure \fBcms\fR. Its purpose is to perform any +operations necessary on \fBcms\fR (digest computation for example) and set the +appropriate fields. The parameter \fBdata\fR contains the content to be +processed. The \fBdcont\fR parameter contains a \s-1BIO\s0 to write content to after +processing: this is only used with detached data and will usually be set to +\&\s-1NULL\s0. +.SH "NOTES" +.IX Header "NOTES" +This function will normally be called when the \fB\s-1CMS_PARTIAL\s0\fR flag is used. It +should only be used when streaming is not performed because the streaming +I/O functions perform finalisation operations internally. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fICMS_final()\fR returns 1 for success or 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3), +\&\fICMS_encrypt\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/CMS_get0_RecipientInfos.3 b/linux_amd64/ssl/share/man/man3/CMS_get0_RecipientInfos.3 new file mode 100755 index 0000000..e72ecaf --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/CMS_get0_RecipientInfos.3 @@ -0,0 +1,261 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_GET0_RECIPIENTINFOS 3" +.TH CMS_GET0_RECIPIENTINFOS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_get0_RecipientInfos, CMS_RecipientInfo_type, +CMS_RecipientInfo_ktri_get0_signer_id, CMS_RecipientInfo_ktri_cert_cmp, +CMS_RecipientInfo_set0_pkey, CMS_RecipientInfo_kekri_get0_id, +CMS_RecipientInfo_kekri_id_cmp, CMS_RecipientInfo_set0_key, +CMS_RecipientInfo_decrypt, CMS_RecipientInfo_encrypt +\&\- CMS envelopedData RecipientInfo routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms); +\& int CMS_RecipientInfo_type(CMS_RecipientInfo *ri); +\& +\& int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri, +\& ASN1_OCTET_STRING **keyid, +\& X509_NAME **issuer, +\& ASN1_INTEGER **sno); +\& int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert); +\& int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey); +\& +\& int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, X509_ALGOR **palg, +\& ASN1_OCTET_STRING **pid, +\& ASN1_GENERALIZEDTIME **pdate, +\& ASN1_OBJECT **potherid, +\& ASN1_TYPE **pothertype); +\& int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, +\& const unsigned char *id, size_t idlen); +\& int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, +\& unsigned char *key, size_t keylen); +\& +\& int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri); +\& int CMS_RecipientInfo_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fICMS_get0_RecipientInfos()\fR returns all the CMS_RecipientInfo +structures associated with a \s-1CMS\s0 EnvelopedData structure. +.PP +\&\fICMS_RecipientInfo_type()\fR returns the type of CMS_RecipientInfo structure \fBri\fR. +It will currently return \s-1CMS_RECIPINFO_TRANS\s0, \s-1CMS_RECIPINFO_AGREE\s0, +\&\s-1CMS_RECIPINFO_KEK\s0, \s-1CMS_RECIPINFO_PASS\s0, or \s-1CMS_RECIPINFO_OTHER\s0. +.PP +\&\fICMS_RecipientInfo_ktri_get0_signer_id()\fR retrieves the certificate recipient +identifier associated with a specific CMS_RecipientInfo structure \fBri\fR, which +must be of type \s-1CMS_RECIPINFO_TRANS\s0. Either the keyidentifier will be set in +\&\fBkeyid\fR or \fBboth\fR issuer name and serial number in \fBissuer\fR and \fBsno\fR. +.PP +\&\fICMS_RecipientInfo_ktri_cert_cmp()\fR compares the certificate \fBcert\fR against the +CMS_RecipientInfo structure \fBri\fR, which must be of type \s-1CMS_RECIPINFO_TRANS\s0. +It returns zero if the comparison is successful and non zero if not. +.PP +\&\fICMS_RecipientInfo_set0_pkey()\fR associates the private key \fBpkey\fR with +the CMS_RecipientInfo structure \fBri\fR, which must be of type +\&\s-1CMS_RECIPINFO_TRANS\s0. +.PP +\&\fICMS_RecipientInfo_kekri_get0_id()\fR retrieves the key information from the +CMS_RecipientInfo structure \fBri\fR which must be of type \s-1CMS_RECIPINFO_KEK\s0. Any +of the remaining parameters can be \s-1NULL\s0 if the application is not interested in +the value of a field. Where a field is optional and absent \s-1NULL\s0 will be written +to the corresponding parameter. The keyEncryptionAlgorithm field is written to +\&\fBpalg\fR, the \fBkeyIdentifier\fR field is written to \fBpid\fR, the \fBdate\fR field if +present is written to \fBpdate\fR, if the \fBother\fR field is present the components +\&\fBkeyAttrId\fR and \fBkeyAttr\fR are written to parameters \fBpotherid\fR and +\&\fBpothertype\fR. +.PP +\&\fICMS_RecipientInfo_kekri_id_cmp()\fR compares the \s-1ID\s0 in the \fBid\fR and \fBidlen\fR +parameters against the \fBkeyIdentifier\fR CMS_RecipientInfo structure \fBri\fR, +which must be of type \s-1CMS_RECIPINFO_KEK\s0. It returns zero if the comparison is +successful and non zero if not. +.PP +\&\fICMS_RecipientInfo_set0_key()\fR associates the symmetric key \fBkey\fR of length +\&\fBkeylen\fR with the CMS_RecipientInfo structure \fBri\fR, which must be of type +\&\s-1CMS_RECIPINFO_KEK\s0. +.PP +\&\fICMS_RecipientInfo_decrypt()\fR attempts to decrypt CMS_RecipientInfo structure +\&\fBri\fR in structure \fBcms\fR. A key must have been associated with the structure +first. +.PP +\&\fICMS_RecipientInfo_encrypt()\fR attempts to encrypt CMS_RecipientInfo structure +\&\fBri\fR in structure \fBcms\fR. A key must have been associated with the structure +first and the content encryption key must be available: for example by a +previous call to \fICMS_RecipientInfo_decrypt()\fR. +.SH "NOTES" +.IX Header "NOTES" +The main purpose of these functions is to enable an application to lookup +recipient keys using any appropriate technique when the simpler method +of \fICMS_decrypt()\fR is not appropriate. +.PP +In typical usage and application will retrieve all CMS_RecipientInfo structures +using \fICMS_get0_RecipientInfos()\fR and check the type of each using +\&\fICMS_RecipientInfo_type()\fR. Depending on the type the CMS_RecipientInfo structure +can be ignored or its key identifier data retrieved using an appropriate +function. Then if the corresponding secret or private key can be obtained by +any appropriate means it can then associated with the structure and +\&\fICMS_RecipientInfo_decrypt()\fR called. If successful \fICMS_decrypt()\fR can be called +with a \s-1NULL\s0 key to decrypt the enveloped content. +.PP +The \fICMS_RecipientInfo_encrypt()\fR can be used to add a new recipient to an +existing enveloped data structure. Typically an application will first decrypt +an appropriate CMS_RecipientInfo structure to make the content encrypt key +available, it will then add a new recipient using a function such as +\&\fICMS_add1_recipient_cert()\fR and finally encrypt the content encryption key +using \fICMS_RecipientInfo_encrypt()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fICMS_get0_RecipientInfos()\fR returns all CMS_RecipientInfo structures, or \s-1NULL\s0 if +an error occurs. +.PP +\&\fICMS_RecipientInfo_ktri_get0_signer_id()\fR, \fICMS_RecipientInfo_set0_pkey()\fR, +\&\fICMS_RecipientInfo_kekri_get0_id()\fR, \fICMS_RecipientInfo_set0_key()\fR and +\&\fICMS_RecipientInfo_decrypt()\fR return 1 for success or 0 if an error occurs. +\&\fICMS_RecipientInfo_encrypt()\fR return 1 for success or 0 if an error occurs. +.PP +\&\fICMS_RecipientInfo_ktri_cert_cmp()\fR and \fICMS_RecipientInfo_kekri_cmp()\fR return 0 +for a successful comparison and non zero otherwise. +.PP +Any error can be obtained from \fIERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fICMS_decrypt\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/CMS_get0_SignerInfos.3 b/linux_amd64/ssl/share/man/man3/CMS_get0_SignerInfos.3 new file mode 100755 index 0000000..d31b8d5 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/CMS_get0_SignerInfos.3 @@ -0,0 +1,212 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_GET0_SIGNERINFOS 3" +.TH CMS_GET0_SIGNERINFOS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_SignerInfo_set1_signer_cert, +CMS_get0_SignerInfos, CMS_SignerInfo_get0_signer_id, +CMS_SignerInfo_get0_signature, CMS_SignerInfo_cert_cmp +\&\- CMS signedData signer functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms); +\& +\& int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, ASN1_OCTET_STRING **keyid, +\& X509_NAME **issuer, ASN1_INTEGER **sno); +\& ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si); +\& int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert); +\& void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fICMS_get0_SignerInfos()\fR returns all the CMS_SignerInfo structures +associated with a \s-1CMS\s0 signedData structure. +.PP +\&\fICMS_SignerInfo_get0_signer_id()\fR retrieves the certificate signer identifier +associated with a specific CMS_SignerInfo structure \fBsi\fR. Either the +keyidentifier will be set in \fBkeyid\fR or \fBboth\fR issuer name and serial number +in \fBissuer\fR and \fBsno\fR. +.PP +\&\fICMS_SignerInfo_get0_signature()\fR retrieves the signature associated with +\&\fBsi\fR in a pointer to an \s-1ASN1_OCTET_STRING\s0 structure. This pointer returned +corresponds to the internal signature value if \fBsi\fR so it may be read or +modified. +.PP +\&\fICMS_SignerInfo_cert_cmp()\fR compares the certificate \fBcert\fR against the signer +identifier \fBsi\fR. It returns zero if the comparison is successful and non zero +if not. +.PP +\&\fICMS_SignerInfo_set1_signer_cert()\fR sets the signers certificate of \fBsi\fR to +\&\fBsigner\fR. +.SH "NOTES" +.IX Header "NOTES" +The main purpose of these functions is to enable an application to lookup +signers certificates using any appropriate technique when the simpler method +of \fICMS_verify()\fR is not appropriate. +.PP +In typical usage and application will retrieve all CMS_SignerInfo structures +using \fICMS_get0_SignerInfo()\fR and retrieve the identifier information using +\&\s-1CMS\s0. It will then obtain the signer certificate by some unspecified means +(or return and error if it cannot be found) and set it using +\&\fICMS_SignerInfo_set1_signer_cert()\fR. +.PP +Once all signer certificates have been set \fICMS_verify()\fR can be used. +.PP +Although \fICMS_get0_SignerInfos()\fR can return \s-1NULL\s0 if an error occurs \fBor\fR if +there are no signers this is not a problem in practice because the only +error which can occur is if the \fBcms\fR structure is not of type signedData +due to application error. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fICMS_get0_SignerInfos()\fR returns all CMS_SignerInfo structures, or \s-1NULL\s0 there +are no signers or an error occurs. +.PP +\&\fICMS_SignerInfo_get0_signer_id()\fR returns 1 for success and 0 for failure. +.PP +\&\fICMS_SignerInfo_cert_cmp()\fR returns 0 for a successful comparison and non +zero otherwise. +.PP +\&\fICMS_SignerInfo_set1_signer_cert()\fR does not return a value. +.PP +Any error can be obtained from \fIERR_get_error\fR\|(3) +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fICMS_verify\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/CMS_get0_type.3 b/linux_amd64/ssl/share/man/man3/CMS_get0_type.3 new file mode 100755 index 0000000..893e685 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/CMS_get0_type.3 @@ -0,0 +1,209 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_GET0_TYPE 3" +.TH CMS_GET0_TYPE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_get0_type, CMS_set1_eContentType, CMS_get0_eContentType, CMS_get0_content \- get and set CMS content types and content +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const ASN1_OBJECT *CMS_get0_type(const CMS_ContentInfo *cms); +\& int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid); +\& const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms); +\& ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fICMS_get0_type()\fR returns the content type of a CMS_ContentInfo structure as +an \s-1ASN1_OBJECT\s0 pointer. An application can then decide how to process the +CMS_ContentInfo structure based on this value. +.PP +\&\fICMS_set1_eContentType()\fR sets the embedded content type of a CMS_ContentInfo +structure. It should be called with \s-1CMS\s0 functions (such as \fICMS_sign\fR\|(3), +\&\fICMS_encrypt\fR\|(3)) +with the \fB\s-1CMS_PARTIAL\s0\fR +flag and \fBbefore\fR the structure is finalised, otherwise the results are +undefined. +.PP +\&\s-1ASN1_OBJECT\s0 *\fICMS_get0_eContentType()\fR returns a pointer to the embedded +content type. +.PP +\&\fICMS_get0_content()\fR returns a pointer to the \fB\s-1ASN1_OCTET_STRING\s0\fR pointer +containing the embedded content. +.SH "NOTES" +.IX Header "NOTES" +As the \fB0\fR implies \fICMS_get0_type()\fR, \fICMS_get0_eContentType()\fR and +\&\fICMS_get0_content()\fR return internal pointers which should \fBnot\fR be freed up. +\&\fICMS_set1_eContentType()\fR copies the supplied \s-1OID\s0 and it \fBshould\fR be freed up +after use. +.PP +The \fB\s-1ASN1_OBJECT\s0\fR values returned can be converted to an integer \fB\s-1NID\s0\fR value +using \fIOBJ_obj2nid()\fR. For the currently supported content types the following +values are returned: +.PP +.Vb 6 +\& NID_pkcs7_data +\& NID_pkcs7_signed +\& NID_pkcs7_digest +\& NID_id_smime_ct_compressedData: +\& NID_pkcs7_encrypted +\& NID_pkcs7_enveloped +.Ve +.PP +The return value of \fICMS_get0_content()\fR is a pointer to the \fB\s-1ASN1_OCTET_STRING\s0\fR +content pointer. That means that for example: +.PP +.Vb 1 +\& ASN1_OCTET_STRING **pconf = CMS_get0_content(cms); +.Ve +.PP +\&\fB*pconf\fR could be \s-1NULL\s0 if there is no embedded content. Applications can +access, modify or create the embedded content in a \fBCMS_ContentInfo\fR structure +using this function. Applications usually will not need to modify the +embedded content as it is normally set by higher level functions. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fICMS_get0_type()\fR and \fICMS_get0_eContentType()\fR return an \s-1ASN1_OBJECT\s0 structure. +.PP +\&\fICMS_set1_eContentType()\fR returns 1 for success or 0 if an error occurred. The +error can be obtained from \fIERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/CMS_get1_ReceiptRequest.3 b/linux_amd64/ssl/share/man/man3/CMS_get1_ReceiptRequest.3 new file mode 100755 index 0000000..e2ed414 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/CMS_get1_ReceiptRequest.3 @@ -0,0 +1,200 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_GET1_RECEIPTREQUEST 3" +.TH CMS_GET1_RECEIPTREQUEST 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_ReceiptRequest_create0, CMS_add1_ReceiptRequest, CMS_get1_ReceiptRequest, CMS_ReceiptRequest_get0_values \- CMS signed receipt request functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen, +\& int allorfirst, +\& STACK_OF(GENERAL_NAMES) *receiptList, +\& STACK_OF(GENERAL_NAMES) *receiptsTo); +\& int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr); +\& int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr); +\& void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, ASN1_STRING **pcid, +\& int *pallorfirst, +\& STACK_OF(GENERAL_NAMES) **plist, +\& STACK_OF(GENERAL_NAMES) **prto); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fICMS_ReceiptRequest_create0()\fR creates a signed receipt request structure. The +\&\fBsignedContentIdentifier\fR field is set using \fBid\fR and \fBidlen\fR, or it is set +to 32 bytes of pseudo random data if \fBid\fR is \s-1NULL\s0. If \fBreceiptList\fR is \s-1NULL\s0 +the allOrFirstTier option in \fBreceiptsFrom\fR is used and set to the value of +the \fBallorfirst\fR parameter. If \fBreceiptList\fR is not \s-1NULL\s0 the \fBreceiptList\fR +option in \fBreceiptsFrom\fR is used. The \fBreceiptsTo\fR parameter specifies the +\&\fBreceiptsTo\fR field value. +.PP +The \fICMS_add1_ReceiptRequest()\fR function adds a signed receipt request \fBrr\fR +to SignerInfo structure \fBsi\fR. +.PP +int \fICMS_get1_ReceiptRequest()\fR looks for a signed receipt request in \fBsi\fR, if +any is found it is decoded and written to \fBprr\fR. +.PP +\&\fICMS_ReceiptRequest_get0_values()\fR retrieves the values of a receipt request. +The signedContentIdentifier is copied to \fBpcid\fR. If the \fBallOrFirstTier\fR +option of \fBreceiptsFrom\fR is used its value is copied to \fBpallorfirst\fR +otherwise the \fBreceiptList\fR field is copied to \fBplist\fR. The \fBreceiptsTo\fR +parameter is copied to \fBprto\fR. +.SH "NOTES" +.IX Header "NOTES" +For more details of the meaning of the fields see \s-1RFC2634\s0. +.PP +The contents of a signed receipt should only be considered meaningful if the +corresponding CMS_ContentInfo structure can be successfully verified using +\&\fICMS_verify()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fICMS_ReceiptRequest_create0()\fR returns a signed receipt request structure or +\&\s-1NULL\s0 if an error occurred. +.PP +\&\fICMS_add1_ReceiptRequest()\fR returns 1 for success or 0 if an error occurred. +.PP +\&\fICMS_get1_ReceiptRequest()\fR returns 1 is a signed receipt request is found and +decoded. It returns 0 if a signed receipt request is not present and \-1 if +it is present but malformed. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3), +\&\fICMS_sign_receipt\fR\|(3), \fICMS_verify\fR\|(3) +\&\fICMS_verify_receipt\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/CMS_sign.3 b/linux_amd64/ssl/share/man/man3/CMS_sign.3 new file mode 100755 index 0000000..e55b9fb --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/CMS_sign.3 @@ -0,0 +1,249 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_SIGN 3" +.TH CMS_SIGN 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_sign \- create a CMS SignedData structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, +\& BIO *data, unsigned int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fICMS_sign()\fR creates and returns a \s-1CMS\s0 SignedData structure. \fBsigncert\fR is +the certificate to sign with, \fBpkey\fR is the corresponding private key. +\&\fBcerts\fR is an optional additional set of certificates to include in the \s-1CMS\s0 +structure (for example any intermediate CAs in the chain). Any or all of +these parameters can be \fB\s-1NULL\s0\fR, see \fB\s-1NOTES\s0\fR below. +.PP +The data to be signed is read from \s-1BIO\s0 \fBdata\fR. +.PP +\&\fBflags\fR is an optional set of flags. +.SH "NOTES" +.IX Header "NOTES" +Any of the following flags (ored together) can be passed in the \fBflags\fR +parameter. +.PP +Many S/MIME clients expect the signed content to include valid \s-1MIME\s0 headers. If +the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are prepended +to the data. +.PP +If \fB\s-1CMS_NOCERTS\s0\fR is set the signer's certificate will not be included in the +CMS_ContentInfo structure, the signer's certificate must still be supplied in +the \fBsigncert\fR parameter though. This can reduce the size of the signature if +the signers certificate can be obtained by other means: for example a +previously signed message. +.PP +The data being signed is included in the CMS_ContentInfo structure, unless +\&\fB\s-1CMS_DETACHED\s0\fR is set in which case it is omitted. This is used for +CMS_ContentInfo detached signatures which are used in S/MIME plaintext signed +messages for example. +.PP +Normally the supplied content is translated into \s-1MIME\s0 canonical format (as +required by the S/MIME specifications) if \fB\s-1CMS_BINARY\s0\fR is set no translation +occurs. This option should be used if the supplied data is in binary format +otherwise the translation will corrupt it. +.PP +The SignedData structure includes several \s-1CMS\s0 signedAttributes including the +signing time, the \s-1CMS\s0 content type and the supported list of ciphers in an +SMIMECapabilities attribute. If \fB\s-1CMS_NOATTR\s0\fR is set then no signedAttributes +will be used. If \fB\s-1CMS_NOSMIMECAP\s0\fR is set then just the SMIMECapabilities are +omitted. +.PP +If present the SMIMECapabilities attribute indicates support for the following +algorithms in preference order: 256 bit \s-1AES\s0, Gost R3411\-94, Gost 28147\-89, 192 +bit \s-1AES\s0, 128 bit \s-1AES\s0, triple \s-1DES\s0, 128 bit \s-1RC2\s0, 64 bit \s-1RC2\s0, \s-1DES\s0 and 40 bit \s-1RC2\s0. +If any of these algorithms is not available then it will not be included: for example the \s-1GOST\s0 algorithms will not be included if the \s-1GOST\s0 \s-1ENGINE\s0 is +not loaded. +.PP +OpenSSL will by default identify signing certificates using issuer name +and serial number. If \fB\s-1CMS_USE_KEYID\s0\fR is set it will use the subject key +identifier value instead. An error occurs if the signing certificate does not +have a subject key identifier extension. +.PP +If the flags \fB\s-1CMS_STREAM\s0\fR is set then the returned \fBCMS_ContentInfo\fR +structure is just initialized ready to perform the signing operation. The +signing is however \fBnot\fR performed and the data to be signed is not read from +the \fBdata\fR parameter. Signing is deferred until after the data has been +written. In this way data can be signed in a single pass. +.PP +If the \fB\s-1CMS_PARTIAL\s0\fR flag is set a partial \fBCMS_ContentInfo\fR structure is +output to which additional signers and capabilities can be added before +finalization. +.PP +If the flag \fB\s-1CMS_STREAM\s0\fR is set the returned \fBCMS_ContentInfo\fR structure is +\&\fBnot\fR complete and outputting its contents via a function that does not +properly finalize the \fBCMS_ContentInfo\fR structure will give unpredictable +results. +.PP +Several functions including \fISMIME_write_CMS()\fR, \fIi2d_CMS_bio_stream()\fR, +\&\fIPEM_write_bio_CMS_stream()\fR finalize the structure. Alternatively finalization +can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using +\&\fIBIO_new_CMS()\fR. +.PP +If a signer is specified it will use the default digest for the signing +algorithm. This is \fB\s-1SHA1\s0\fR for both \s-1RSA\s0 and \s-1DSA\s0 keys. +.PP +If \fBsigncert\fR and \fBpkey\fR are \s-1NULL\s0 then a certificates only \s-1CMS\s0 structure is +output. +.PP +The function \fICMS_sign()\fR is a basic \s-1CMS\s0 signing function whose output will be +suitable for many purposes. For finer control of the output format the +\&\fBcerts\fR, \fBsigncert\fR and \fBpkey\fR parameters can all be \fB\s-1NULL\s0\fR and the +\&\fB\s-1CMS_PARTIAL\s0\fR flag set. Then one or more signers can be added using the +function \fICMS_sign_add1_signer()\fR, non default digests can be used and custom +attributes added. \fICMS_final()\fR must then be called to finalize the +structure if streaming is not enabled. +.SH "BUGS" +.IX Header "BUGS" +Some attributes such as counter signatures are not supported. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fICMS_sign()\fR returns either a valid CMS_ContentInfo structure or \s-1NULL\s0 if an error +occurred. The error can be obtained from \fIERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fICMS_verify\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fB\s-1CMS_STREAM\s0\fR flag is only supported for detached data in OpenSSL 0.9.8, +it is supported for embedded data in OpenSSL 1.0.0 and later. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/CMS_sign_receipt.3 b/linux_amd64/ssl/share/man/man3/CMS_sign_receipt.3 new file mode 100755 index 0000000..fe0a05a --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/CMS_sign_receipt.3 @@ -0,0 +1,174 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_SIGN_RECEIPT 3" +.TH CMS_SIGN_RECEIPT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_sign_receipt \- create a CMS signed receipt +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, X509 *signcert, +\& EVP_PKEY *pkey, STACK_OF(X509) *certs, +\& unsigned int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fICMS_sign_receipt()\fR creates and returns a \s-1CMS\s0 signed receipt structure. \fBsi\fR is +the \fBCMS_SignerInfo\fR structure containing the signed receipt request. +\&\fBsigncert\fR is the certificate to sign with, \fBpkey\fR is the corresponding +private key. \fBcerts\fR is an optional additional set of certificates to include +in the \s-1CMS\s0 structure (for example any intermediate CAs in the chain). +.PP +\&\fBflags\fR is an optional set of flags. +.SH "NOTES" +.IX Header "NOTES" +This functions behaves in a similar way to \fICMS_sign()\fR except the flag values +\&\fB\s-1CMS_DETACHED\s0\fR, \fB\s-1CMS_BINARY\s0\fR, \fB\s-1CMS_NOATTR\s0\fR, \fB\s-1CMS_TEXT\s0\fR and \fB\s-1CMS_STREAM\s0\fR +are not supported since they do not make sense in the context of signed +receipts. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fICMS_sign_receipt()\fR returns either a valid CMS_ContentInfo structure or \s-1NULL\s0 if +an error occurred. The error can be obtained from \fIERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), +\&\fICMS_verify_receipt\fR\|(3), +\&\fICMS_sign\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/CMS_uncompress.3 b/linux_amd64/ssl/share/man/man3/CMS_uncompress.3 new file mode 100755 index 0000000..9555782 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/CMS_uncompress.3 @@ -0,0 +1,180 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_UNCOMPRESS 3" +.TH CMS_UNCOMPRESS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_uncompress \- uncompress a CMS CompressedData structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, unsigned int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fICMS_uncompress()\fR extracts and uncompresses the content from a \s-1CMS\s0 +CompressedData structure \fBcms\fR. \fBdata\fR is a \s-1BIO\s0 to write the content to and +\&\fBflags\fR is an optional set of flags. +.PP +The \fBdcont\fR parameter is used in the rare case where the compressed content +is detached. It will normally be set to \s-1NULL\s0. +.SH "NOTES" +.IX Header "NOTES" +The only currently supported compression algorithm is zlib: if the structure +indicates the use of any other algorithm an error is returned. +.PP +If zlib support is not compiled into OpenSSL then \fICMS_uncompress()\fR will always +return an error. +.PP +The following flags can be passed in the \fBflags\fR parameter. +.PP +If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are deleted +from the content. If the content is not of type \fBtext/plain\fR then an error is +returned. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fICMS_uncompress()\fR returns either 1 for success or 0 for failure. The error can +be obtained from \fIERR_get_error\fR\|(3) +.SH "BUGS" +.IX Header "BUGS" +The lack of single pass processing and the need to hold all data in memory as +mentioned in \fICMS_verify()\fR also applies to \fICMS_decompress()\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fICMS_compress\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/CMS_verify.3 b/linux_amd64/ssl/share/man/man3/CMS_verify.3 new file mode 100755 index 0000000..c221515 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/CMS_verify.3 @@ -0,0 +1,252 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_VERIFY 3" +.TH CMS_VERIFY 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_verify, CMS_get0_signers \- verify a CMS SignedData structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, X509_STORE *store, +\& BIO *indata, BIO *out, unsigned int flags); +\& +\& STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fICMS_verify()\fR verifies a \s-1CMS\s0 SignedData structure. \fBcms\fR is the CMS_ContentInfo +structure to verify. \fBcerts\fR is a set of certificates in which to search for +the signing certificate(s). \fBstore\fR is a trusted certificate store used for +chain verification. \fBindata\fR is the detached content if the content is not +present in \fBcms\fR. The content is written to \fBout\fR if it is not \s-1NULL\s0. +.PP +\&\fBflags\fR is an optional set of flags, which can be used to modify the verify +operation. +.PP +\&\fICMS_get0_signers()\fR retrieves the signing certificate(s) from \fBcms\fR, it must +be called after a successful \fICMS_verify()\fR operation. +.SH "VERIFY PROCESS" +.IX Header "VERIFY PROCESS" +Normally the verify process proceeds as follows. +.PP +Initially some sanity checks are performed on \fBcms\fR. The type of \fBcms\fR must +be SignedData. There must be at least one signature on the data and if +the content is detached \fBindata\fR cannot be \fB\s-1NULL\s0\fR. +.PP +An attempt is made to locate all the signing certificate(s), first looking in +the \fBcerts\fR parameter (if it is not \s-1NULL\s0) and then looking in any +certificates contained in the \fBcms\fR structure itself. If any signing +certificate cannot be located the operation fails. +.PP +Each signing certificate is chain verified using the \fBsmimesign\fR purpose and +the supplied trusted certificate store. Any internal certificates in the message +are used as untrusted CAs. If \s-1CRL\s0 checking is enabled in \fBstore\fR any internal +CRLs are used in addition to attempting to look them up in \fBstore\fR. If any +chain verify fails an error code is returned. +.PP +Finally the signed content is read (and written to \fBout\fR if it is not \s-1NULL\s0) +and the signature's checked. +.PP +If all signature's verify correctly then the function is successful. +.PP +Any of the following flags (ored together) can be passed in the \fBflags\fR +parameter to change the default verify behaviour. +.PP +If \fB\s-1CMS_NOINTERN\s0\fR is set the certificates in the message itself are not +searched when locating the signing certificate(s). This means that all the +signing certificates must be in the \fBcerts\fR parameter. +.PP +If \fB\s-1CMS_NOCRL\s0\fR is set and \s-1CRL\s0 checking is enabled in \fBstore\fR then any +CRLs in the message itself are ignored. +.PP +If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are deleted +from the content. If the content is not of type \fBtext/plain\fR then an error is +returned. +.PP +If \fB\s-1CMS_NO_SIGNER_CERT_VERIFY\s0\fR is set the signing certificates are not +verified. +.PP +If \fB\s-1CMS_NO_ATTR_VERIFY\s0\fR is set the signed attributes signature is not +verified. +.PP +If \fB\s-1CMS_NO_CONTENT_VERIFY\s0\fR is set then the content digest is not checked. +.SH "NOTES" +.IX Header "NOTES" +One application of \fB\s-1CMS_NOINTERN\s0\fR is to only accept messages signed by +a small number of certificates. The acceptable certificates would be passed +in the \fBcerts\fR parameter. In this case if the signer is not one of the +certificates supplied in \fBcerts\fR then the verify will fail because the +signer cannot be found. +.PP +In some cases the standard techniques for looking up and validating +certificates are not appropriate: for example an application may wish to +lookup certificates in a database or perform customised verification. This +can be achieved by setting and verifying the signers certificates manually +using the signed data utility functions. +.PP +Care should be taken when modifying the default verify behaviour, for example +setting \fB\s-1CMS_NO_CONTENT_VERIFY\s0\fR will totally disable all content verification +and any modified content will be considered valid. This combination is however +useful if one merely wishes to write the content to \fBout\fR and its validity +is not considered important. +.PP +Chain verification should arguably be performed using the signing time rather +than the current time. However since the signing time is supplied by the +signer it cannot be trusted without additional evidence (such as a trusted +timestamp). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fICMS_verify()\fR returns 1 for a successful verification and zero if an error +occurred. +.PP +\&\fICMS_get0_signers()\fR returns all signers or \s-1NULL\s0 if an error occurred. +.PP +The error can be obtained from \fIERR_get_error\fR\|(3) +.SH "BUGS" +.IX Header "BUGS" +The trusted certificate store is not searched for the signing certificate, +this is primarily due to the inadequacies of the current \fBX509_STORE\fR +functionality. +.PP +The lack of single pass processing means that the signed content must all +be held in memory if it is not detached. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/CMS_verify_receipt.3 b/linux_amd64/ssl/share/man/man3/CMS_verify_receipt.3 new file mode 100755 index 0000000..76159b6 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/CMS_verify_receipt.3 @@ -0,0 +1,176 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_VERIFY_RECEIPT 3" +.TH CMS_VERIFY_RECEIPT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_verify_receipt \- verify a CMS signed receipt +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms, +\& STACK_OF(X509) *certs, X509_STORE *store, +\& unsigned int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fICMS_verify_receipt()\fR verifies a \s-1CMS\s0 signed receipt. \fBrcms\fR is the signed +receipt to verify. \fBocms\fR is the original SignedData structure containing the +receipt request. \fBcerts\fR is a set of certificates in which to search for the +signing certificate. \fBstore\fR is a trusted certificate store (used for chain +verification). +.PP +\&\fBflags\fR is an optional set of flags, which can be used to modify the verify +operation. +.SH "NOTES" +.IX Header "NOTES" +This functions behaves in a similar way to \fICMS_verify()\fR except the flag values +\&\fB\s-1CMS_DETACHED\s0\fR, \fB\s-1CMS_BINARY\s0\fR, \fB\s-1CMS_TEXT\s0\fR and \fB\s-1CMS_STREAM\s0\fR are not +supported since they do not make sense in the context of signed receipts. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fICMS_verify_receipt()\fR returns 1 for a successful verification and zero if an +error occurred. +.PP +The error can be obtained from \fIERR_get_error\fR\|(3) +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), +\&\fICMS_sign_receipt\fR\|(3), +\&\fICMS_verify\fR\|(3), +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/CONF_modules_free.3 b/linux_amd64/ssl/share/man/man3/CONF_modules_free.3 new file mode 100755 index 0000000..00c585d --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/CONF_modules_free.3 @@ -0,0 +1,182 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CONF_MODULES_FREE 3" +.TH CONF_MODULES_FREE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CONF_modules_free, CONF_modules_finish, CONF_modules_unload \- +OpenSSL configuration cleanup functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void CONF_modules_finish(void); +\& void CONF_modules_unload(int all); +.Ve +.PP +Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& void CONF_modules_free(void) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fICONF_modules_free()\fR closes down and frees up all memory allocated by all +configuration modules. Normally, in versions of OpenSSL prior to 1.1.0, +applications called +\&\fICONF_modules_free()\fR at exit to tidy up any configuration performed. +.PP +\&\fICONF_modules_finish()\fR calls each configuration modules \fBfinish\fR handler +to free up any configuration that module may have performed. +.PP +\&\fICONF_modules_unload()\fR finishes and unloads configuration modules. If +\&\fBall\fR is set to \fB0\fR only modules loaded from DSOs will be unloads. If +\&\fBall\fR is \fB1\fR all modules, including built-in modules will be unloaded. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +None of the functions return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIconfig\fR\|(5), \fIOPENSSL_config\fR\|(3), +\&\fICONF_modules_load_file\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fICONF_modules_free()\fR was deprecated in OpenSSL 1.1.0; do not use it. +For more information see \fIOPENSSL_init_crypto\fR\|(3). +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2004\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/CONF_modules_load_file.3 b/linux_amd64/ssl/share/man/man3/CONF_modules_load_file.3 new file mode 100755 index 0000000..8d22c63 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/CONF_modules_load_file.3 @@ -0,0 +1,273 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CONF_MODULES_LOAD_FILE 3" +.TH CONF_MODULES_LOAD_FILE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CONF_modules_load_file, CONF_modules_load \- OpenSSL configuration functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int CONF_modules_load_file(const char *filename, const char *appname, +\& unsigned long flags); +\& int CONF_modules_load(const CONF *cnf, const char *appname, +\& unsigned long flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fICONF_modules_load_file()\fR configures OpenSSL using file +\&\fBfilename\fR and application name \fBappname\fR. If \fBfilename\fR is \s-1NULL\s0 +the standard OpenSSL configuration file is used. If \fBappname\fR is +\&\s-1NULL\s0 the standard OpenSSL application name \fBopenssl_conf\fR is used. +The behaviour can be customized using \fBflags\fR. +.PP +\&\fICONF_modules_load()\fR is identical to \fICONF_modules_load_file()\fR except it +reads configuration information from \fBcnf\fR. +.SH "NOTES" +.IX Header "NOTES" +The following \fBflags\fR are currently recognized: +.PP +If \fB\s-1CONF_MFLAGS_IGNORE_ERRORS\s0\fR is set errors returned by individual +configuration modules are ignored. If not set the first module error is +considered fatal and no further modules are loaded. +.PP +Normally any modules errors will add error information to the error queue. If +\&\fB\s-1CONF_MFLAGS_SILENT\s0\fR is set no error information is added. +.PP +If \fB\s-1CONF_MFLAGS_IGNORE_RETURN_CODES\s0\fR is set the function unconditionally +returns success. +This is used by default in \fIOPENSSL_init_crypto\fR\|(3) to ignore any errors in +the default system-wide configuration file, as having all OpenSSL applications +fail to start when there are potentially minor issues in the file is too risky. +Applications calling \fBCONF_modules_load_file\fR explicitly should not generally +set this flag. +.PP +If \fB\s-1CONF_MFLAGS_NO_DSO\s0\fR is set configuration module loading from DSOs is +disabled. +.PP +\&\fB\s-1CONF_MFLAGS_IGNORE_MISSING_FILE\s0\fR if set will make \fICONF_load_modules_file()\fR +ignore missing configuration files. Normally a missing configuration file +return an error. +.PP +\&\fB\s-1CONF_MFLAGS_DEFAULT_SECTION\s0\fR if set and \fBappname\fR is not \s-1NULL\s0 will use the +default section pointed to by \fBopenssl_conf\fR if \fBappname\fR does not exist. +.PP +By using \fICONF_modules_load_file()\fR with appropriate flags an application can +customise application configuration to best suit its needs. In some cases the +use of a configuration file is optional and its absence is not an error: in +this case \fB\s-1CONF_MFLAGS_IGNORE_MISSING_FILE\s0\fR would be set. +.PP +Errors during configuration may also be handled differently by different +applications. For example in some cases an error may simply print out a warning +message and the application continue. In other cases an application might +consider a configuration file error as fatal and exit immediately. +.PP +Applications can use the \fICONF_modules_load()\fR function if they wish to load a +configuration file themselves and have finer control over how errors are +treated. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return 1 for success and a zero or negative value for +failure. If module errors are not ignored the return code will reflect the +return value of the failing module (this will always be zero or negative). +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Load a configuration file and print out any errors and exit (missing file +considered fatal): +.PP +.Vb 5 +\& if (CONF_modules_load_file(NULL, NULL, 0) <= 0) { +\& fprintf(stderr, "FATAL: error loading configuration file\en"); +\& ERR_print_errors_fp(stderr); +\& exit(1); +\& } +.Ve +.PP +Load default configuration file using the section indicated by \*(L"myapp\*(R", +tolerate missing files, but exit on other errors: +.PP +.Vb 6 +\& if (CONF_modules_load_file(NULL, "myapp", +\& CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) { +\& fprintf(stderr, "FATAL: error loading configuration file\en"); +\& ERR_print_errors_fp(stderr); +\& exit(1); +\& } +.Ve +.PP +Load custom configuration file and section, only print warnings on error, +missing configuration file ignored: +.PP +.Vb 5 +\& if (CONF_modules_load_file("/something/app.cnf", "myapp", +\& CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) { +\& fprintf(stderr, "WARNING: error loading configuration file\en"); +\& ERR_print_errors_fp(stderr); +\& } +.Ve +.PP +Load and parse configuration file manually, custom error handling: +.PP +.Vb 3 +\& FILE *fp; +\& CONF *cnf = NULL; +\& long eline; +\& +\& fp = fopen("/somepath/app.cnf", "r"); +\& if (fp == NULL) { +\& fprintf(stderr, "Error opening configuration file\en"); +\& /* Other missing configuration file behaviour */ +\& } else { +\& cnf = NCONF_new(NULL); +\& if (NCONF_load_fp(cnf, fp, &eline) == 0) { +\& fprintf(stderr, "Error on line %ld of configuration file\en", eline); +\& ERR_print_errors_fp(stderr); +\& /* Other malformed configuration file behaviour */ +\& } else if (CONF_modules_load(cnf, "appname", 0) <= 0) { +\& fprintf(stderr, "Error configuring application\en"); +\& ERR_print_errors_fp(stderr); +\& /* Other configuration error behaviour */ +\& } +\& fclose(fp); +\& NCONF_free(cnf); +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIconfig\fR\|(5), \fIOPENSSL_config\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2004\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/CRYPTO_THREAD_run_once.3 b/linux_amd64/ssl/share/man/man3/CRYPTO_THREAD_run_once.3 new file mode 100755 index 0000000..72c055a --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/CRYPTO_THREAD_run_once.3 @@ -0,0 +1,276 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CRYPTO_THREAD_RUN_ONCE 3" +.TH CRYPTO_THREAD_RUN_ONCE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CRYPTO_THREAD_run_once, +CRYPTO_THREAD_lock_new, CRYPTO_THREAD_read_lock, CRYPTO_THREAD_write_lock, +CRYPTO_THREAD_unlock, CRYPTO_THREAD_lock_free, +CRYPTO_atomic_add \- OpenSSL thread support +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& CRYPTO_ONCE CRYPTO_ONCE_STATIC_INIT; +\& int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void)); +\& +\& CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void); +\& int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock); +\& int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock); +\& int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock); +\& void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock); +\& +\& int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +OpenSSL can be safely used in multi-threaded applications provided that +support for the underlying \s-1OS\s0 threading \s-1API\s0 is built-in. Currently, OpenSSL +supports the pthread and Windows APIs. OpenSSL can also be built without +any multi-threading support, for example on platforms that don't provide +any threading support or that provide a threading \s-1API\s0 that is not yet +supported by OpenSSL. +.PP +The following multi-threading function are provided: +.IP "\(bu" 2 +\&\fICRYPTO_THREAD_run_once()\fR can be used to perform one-time initialization. +The \fBonce\fR argument must be a pointer to a static object of type +\&\fB\s-1CRYPTO_ONCE\s0\fR that was statically initialized to the value +\&\fB\s-1CRYPTO_ONCE_STATIC_INIT\s0\fR. +The \fBinit\fR argument is a pointer to a function that performs the desired +exactly once initialization. +In particular, this can be used to allocate locks in a thread-safe manner, +which can then be used with the locking functions below. +.IP "\(bu" 2 +\&\fICRYPTO_THREAD_lock_new()\fR allocates, initializes and returns a new read/write +lock. +.IP "\(bu" 2 +\&\fICRYPTO_THREAD_read_lock()\fR locks the provided \fBlock\fR for reading. +.IP "\(bu" 2 +\&\fICRYPTO_THREAD_write_lock()\fR locks the provided \fBlock\fR for writing. +.IP "\(bu" 2 +\&\fICRYPTO_THREAD_unlock()\fR unlocks the previously locked \fBlock\fR. +.IP "\(bu" 2 +\&\fICRYPTO_THREAD_lock_free()\fR frees the provided \fBlock\fR. +.IP "\(bu" 2 +\&\fICRYPTO_atomic_add()\fR atomically adds \fBamount\fR to \fBval\fR and returns the +result of the operation in \fBret\fR. \fBlock\fR will be locked, unless atomic +operations are supported on the specific platform. Because of this, if a +variable is modified by \fICRYPTO_atomic_add()\fR then \fICRYPTO_atomic_add()\fR must +be the only way that the variable is modified. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fICRYPTO_THREAD_run_once()\fR returns 1 on success, or 0 on error. +.PP +\&\fICRYPTO_THREAD_lock_new()\fR returns the allocated lock, or \s-1NULL\s0 on error. +.PP +\&\fICRYPTO_THREAD_lock_free()\fR returns no value. +.PP +The other functions return 1 on success, or 0 on error. +.SH "NOTES" +.IX Header "NOTES" +On Windows platforms the CRYPTO_THREAD_* types and functions in the +openssl/crypto.h header are dependent on some of the types customarily +made available by including windows.h. The application developer is +likely to require control over when the latter is included, commonly as +one of the first included headers. Therefore it is defined as an +application developer's responsibility to include windows.h prior to +crypto.h where use of CRYPTO_THREAD_* types and functions is required. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +You can find out if OpenSSL was configured with thread support: +.PP +.Vb 6 +\& #include +\& #if defined(OPENSSL_THREADS) +\& /* thread support enabled */ +\& #else +\& /* no thread support */ +\& #endif +.Ve +.PP +This example safely initializes and uses a lock. +.PP +.Vb 4 +\& #ifdef _WIN32 +\& # include +\& #endif +\& #include +\& +\& static CRYPTO_ONCE once = CRYPTO_ONCE_STATIC_INIT; +\& static CRYPTO_RWLOCK *lock; +\& +\& static void myinit(void) +\& { +\& lock = CRYPTO_THREAD_lock_new(); +\& } +\& +\& static int mylock(void) +\& { +\& if (!CRYPTO_THREAD_run_once(&once, void init) || lock == NULL) +\& return 0; +\& return CRYPTO_THREAD_write_lock(lock); +\& } +\& +\& static int myunlock(void) +\& { +\& return CRYPTO_THREAD_unlock(lock); +\& } +\& +\& int serialized(void) +\& { +\& int ret = 0; +\& +\& if (mylock()) { +\& /* Your code here, do not return without releasing the lock! */ +\& ret = ... ; +\& } +\& myunlock(); +\& return ret; +\& } +.Ve +.PP +Finalization of locks is an advanced topic, not covered in this example. +This can only be done at process exit or when a dynamically loaded library is +no longer in use and is unloaded. +The simplest solution is to just \*(L"leak\*(R" the lock in applications and not +repeatedly load/unload shared libraries that allocate locks. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIcrypto\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/CRYPTO_get_ex_new_index.3 b/linux_amd64/ssl/share/man/man3/CRYPTO_get_ex_new_index.3 new file mode 100755 index 0000000..b0ddd75 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/CRYPTO_get_ex_new_index.3 @@ -0,0 +1,301 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CRYPTO_GET_EX_NEW_INDEX 3" +.TH CRYPTO_GET_EX_NEW_INDEX 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CRYPTO_EX_new, CRYPTO_EX_free, CRYPTO_EX_dup, +CRYPTO_free_ex_index, CRYPTO_get_ex_new_index, +CRYPTO_alloc_ex_data, CRYPTO_set_ex_data, CRYPTO_get_ex_data, +CRYPTO_free_ex_data, CRYPTO_new_ex_data +\&\- functions supporting application\-specific data +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int CRYPTO_get_ex_new_index(int class_index, +\& long argl, void *argp, +\& CRYPTO_EX_new *new_func, +\& CRYPTO_EX_dup *dup_func, +\& CRYPTO_EX_free *free_func); +\& +\& typedef void CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad, +\& int idx, long argl, void *argp); +\& typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, +\& int idx, long argl, void *argp); +\& typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, +\& void *from_d, int idx, long argl, void *argp); +\& +\& int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) +\& +\& int CRYPTO_alloc_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad, +\& int idx); +\& +\& int CRYPTO_set_ex_data(CRYPTO_EX_DATA *r, int idx, void *arg); +\& +\& void *CRYPTO_get_ex_data(CRYPTO_EX_DATA *r, int idx); +\& +\& void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *r); +\& +\& int CRYPTO_free_ex_index(int class_index, int idx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Several OpenSSL structures can have application-specific data attached to them, +known as \*(L"exdata.\*(R" +The specific structures are: +.PP +.Vb 10 +\& BIO +\& DH +\& DSA +\& EC_KEY +\& ENGINE +\& RAND_DRBG +\& RSA +\& SSL +\& SSL_CTX +\& SSL_SESSION +\& UI +\& UI_METHOD +\& X509 +\& X509_STORE +\& X509_STORE_CTX +.Ve +.PP +In addition, the \fB\s-1APP\s0\fR name is reserved for use by application code. +.PP +Each is identified by an \fBCRYPTO_EX_INDEX_xxx\fR define in the \fBcrypto.h\fR +header file. In addition, \fB\s-1CRYPTO_EX_INDEX_APP\s0\fR is reserved for +applications to use this facility for their own structures. +.PP +The \s-1API\s0 described here is used by OpenSSL to manipulate exdata for specific +structures. Since the application data can be anything at all it is passed +and retrieved as a \fBvoid *\fR type. +.PP +The \fB\s-1CRYPTO_EX_DATA\s0\fR type is opaque. To initialize the exdata part of +a structure, call \fICRYPTO_new_ex_data()\fR. This is only necessary for +\&\fB\s-1CRYPTO_EX_INDEX_APP\s0\fR objects. +.PP +Exdata types are identified by an \fBindex\fR, an integer guaranteed to be +unique within structures for the lifetime of the program. Applications +using exdata typically call \fBCRYPTO_get_ex_new_index\fR at startup, and +store the result in a global variable, or write a wrapper function to +provide lazy evaluation. The \fBclass_index\fR should be one of the +\&\fBCRYPTO_EX_INDEX_xxx\fR values. The \fBargl\fR and \fBargp\fR parameters are saved +to be passed to the callbacks but are otherwise not used. In order to +transparently manipulate exdata, three callbacks must be provided. The +semantics of those callbacks are described below. +.PP +When copying or releasing objects with exdata, the callback functions +are called in increasing order of their \fBindex\fR value. +.PP +If a dynamic library can be unloaded, it should call \fICRYPTO_free_ex_index()\fR +when this is done. +This will replace the callbacks with no-ops +so that applications don't crash. Any existing exdata will be leaked. +.PP +To set or get the exdata on an object, the appropriate type-specific +routine must be used. This is because the containing structure is opaque +and the \fB\s-1CRYPTO_EX_DATA\s0\fR field is not accessible. In both \s-1API\s0's, the +\&\fBidx\fR parameter should be an already-created index value. +.PP +When setting exdata, the pointer specified with a particular index is saved, +and returned on a subsequent \*(L"get\*(R" call. If the application is going to +release the data, it must make sure to set a \fB\s-1NULL\s0\fR value at the index, +to avoid likely double-free crashes. +.PP +The function \fBCRYPTO_free_ex_data\fR is used to free all exdata attached +to a structure. The appropriate type-specific routine must be used. +The \fBclass_index\fR identifies the structure type, the \fBobj\fR is +a pointer to the actual structure, and \fBr\fR is a pointer to the +structure's exdata field. +.SS "Callback Functions" +.IX Subsection "Callback Functions" +This section describes how the callback functions are used. Applications +that are defining their own exdata using \fB\s-1CYPRTO_EX_INDEX_APP\s0\fR must +call them as described here. +.PP +When a structure is initially allocated (such as \fIRSA_new()\fR) then the +\&\fInew_func()\fR is called for every defined index. There is no requirement +that the entire parent, or containing, structure has been set up. +The \fInew_func()\fR is typically used only to allocate memory to store the +exdata, and perhaps an \*(L"initialized\*(R" flag within that memory. +The exdata value may be allocated later on with \fICRYPTO_alloc_ex_data()\fR, +or may be set by calling \fICRYPTO_set_ex_data()\fR. +.PP +When a structure is free'd (such as \fISSL_CTX_free()\fR) then the +\&\fIfree_func()\fR is called for every defined index. Again, the state of the +parent structure is not guaranteed. The \fIfree_func()\fR may be called with a +\&\s-1NULL\s0 pointer. +.PP +Both \fInew_func()\fR and \fIfree_func()\fR take the same parameters. +The \fBparent\fR is the pointer to the structure that contains the exdata. +The \fBptr\fR is the current exdata item; for \fInew_func()\fR this will typically +be \s-1NULL\s0. The \fBr\fR parameter is a pointer to the exdata field of the object. +The \fBidx\fR is the index and is the value returned when the callbacks were +initially registered via \fICRYPTO_get_ex_new_index()\fR and can be used if +the same callback handles different types of exdata. +.PP +\&\fIdup_func()\fR is called when a structure is being copied. This is only done +for \fB\s-1SSL\s0\fR, \fB\s-1SSL_SESSION\s0\fR, \fB\s-1EC_KEY\s0\fR objects and \fB\s-1BIO\s0\fR chains via +\&\fIBIO_dup_chain()\fR. The \fBto\fR and \fBfrom\fR parameters +are pointers to the destination and source \fB\s-1CRYPTO_EX_DATA\s0\fR structures, +respectively. The \fBfrom_d\fR parameter needs to be cast to a \fBvoid **pptr\fR +as the \s-1API\s0 has currently the wrong signature; that will be changed in a +future version. The \fB*pptr\fR is a pointer to the source exdata. +When the \fIdup_func()\fR returns, the value in \fB*pptr\fR is copied to the +destination ex_data. If the pointer contained in \fB*pptr\fR is not modified +by the \fIdup_func()\fR, then both \fBto\fR and \fBfrom\fR will point to the same data. +The \fBidx\fR, \fBargl\fR and \fBargp\fR parameters are as described for the other +two callbacks. If the \fIdup_func()\fR returns \fB0\fR the whole \fICRYPTO_dup_ex_data()\fR +will fail. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fICRYPTO_get_ex_new_index()\fR returns a new index or \-1 on failure. +.PP +\&\fICRYPTO_free_ex_index()\fR, \fICRYPTO_alloc_ex_data()\fR and \fICRYPTO_set_ex_data()\fR +return 1 on success or 0 on failure. +.PP +\&\fICRYPTO_get_ex_data()\fR returns the application data or \s-1NULL\s0 on failure; +note that \s-1NULL\s0 may be a valid value. +.PP +\&\fIdup_func()\fR should return 0 for failure and 1 for success. +.SH "HISTORY" +.IX Header "HISTORY" +\&\fICRYPTO_alloc_ex_data()\fR was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/CRYPTO_memcmp.3 b/linux_amd64/ssl/share/man/man3/CRYPTO_memcmp.3 new file mode 100755 index 0000000..93bf9e6 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/CRYPTO_memcmp.3 @@ -0,0 +1,162 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CRYPTO_MEMCMP 3" +.TH CRYPTO_MEMCMP 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CRYPTO_memcmp \- Constant time memory comparison +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int CRYPTO_memcmp(const void *a, const void *b, size_t len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The CRYPTO_memcmp function compares the \fBlen\fR bytes pointed to by \fBa\fR and \fBb\fR +for equality. +It takes an amount of time dependent on \fBlen\fR, but independent of the +contents of the memory regions pointed to by \fBa\fR and \fBb\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fICRYPTO_memcmp()\fR returns 0 if the memory regions are equal and nonzero +otherwise. +.SH "NOTES" +.IX Header "NOTES" +Unlike \fImemcmp\fR\|(2), this function cannot be used to order the two memory regions +as the return value when they differ is undefined, other than being nonzero. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/CTLOG_STORE_get0_log_by_id.3 b/linux_amd64/ssl/share/man/man3/CTLOG_STORE_get0_log_by_id.3 new file mode 100755 index 0000000..465108f --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/CTLOG_STORE_get0_log_by_id.3 @@ -0,0 +1,171 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CTLOG_STORE_GET0_LOG_BY_ID 3" +.TH CTLOG_STORE_GET0_LOG_BY_ID 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CTLOG_STORE_get0_log_by_id \- +Get a Certificate Transparency log from a CTLOG_STORE +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const CTLOG *CTLOG_STORE_get0_log_by_id(const CTLOG_STORE *store, +\& const uint8_t *log_id, +\& size_t log_id_len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A Signed Certificate Timestamp (\s-1SCT\s0) identifies the Certificate Transparency +(\s-1CT\s0) log that issued it using the log's LogID (see \s-1RFC\s0 6962, Section 3.2). +Therefore, it is useful to be able to look up more information about a log +(e.g. its public key) using this LogID. +.PP +\&\fICTLOG_STORE_get0_log_by_id()\fR provides a way to do this. It will find a \s-1CTLOG\s0 +in a \s-1CTLOG_STORE\s0 that has a given LogID. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCTLOG_STORE_get0_log_by_id\fR returns a \s-1CTLOG\s0 with the given LogID, if it +exists in the given \s-1CTLOG_STORE\s0, otherwise it returns \s-1NULL\s0. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIct\fR\|(7), +\&\fICTLOG_STORE_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fICTLOG_STORE_get0_log_by_id()\fR function was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/CTLOG_STORE_new.3 b/linux_amd64/ssl/share/man/man3/CTLOG_STORE_new.3 new file mode 100755 index 0000000..3cd830e --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/CTLOG_STORE_new.3 @@ -0,0 +1,202 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CTLOG_STORE_NEW 3" +.TH CTLOG_STORE_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CTLOG_STORE_new, CTLOG_STORE_free, +CTLOG_STORE_load_default_file, CTLOG_STORE_load_file \- +Create and populate a Certificate Transparency log list +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& CTLOG_STORE *CTLOG_STORE_new(void); +\& void CTLOG_STORE_free(CTLOG_STORE *store); +\& +\& int CTLOG_STORE_load_default_file(CTLOG_STORE *store); +\& int CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A \s-1CTLOG_STORE\s0 is a container for a list of CTLOGs (Certificate Transparency +logs). The list can be loaded from one or more files and then searched by LogID +(see \s-1RFC\s0 6962, Section 3.2, for the definition of a LogID). +.PP +\&\fICTLOG_STORE_new()\fR creates an empty list of \s-1CT\s0 logs. This is then populated +by \fICTLOG_STORE_load_default_file()\fR or \fICTLOG_STORE_load_file()\fR. +\&\fICTLOG_STORE_load_default_file()\fR loads from the default file, which is named +\&\fIct_log_list.cnf\fR in \s-1OPENSSLDIR\s0 (see the output of \fIopenssl\-version\fR\|(1)). +This can be overridden using an environment variable named \fB\s-1CTLOG_FILE\s0\fR. +\&\fICTLOG_STORE_load_file()\fR loads from a caller-specified file path instead. +Both of these functions append any loaded \s-1CT\s0 logs to the \s-1CTLOG_STORE\s0. +.PP +The expected format of the file is: +.PP +.Vb 1 +\& enabled_logs=foo,bar +\& +\& [foo] +\& description = Log 1 +\& key = +\& +\& [bar] +\& description = Log 2 +\& key = +.Ve +.PP +Once a \s-1CTLOG_STORE\s0 is no longer required, it should be passed to +\&\fICTLOG_STORE_free()\fR. This will delete all of the CTLOGs stored within, along +with the \s-1CTLOG_STORE\s0 itself. +.SH "NOTES" +.IX Header "NOTES" +If there are any invalid \s-1CT\s0 logs in a file, they are skipped and the remaining +valid logs will still be added to the \s-1CTLOG_STORE\s0. A \s-1CT\s0 log will be considered +invalid if it is missing a \*(L"key\*(R" or \*(L"description\*(R" field. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Both \fBCTLOG_STORE_load_default_file\fR and \fBCTLOG_STORE_load_file\fR return 1 if +all \s-1CT\s0 logs in the file are successfully parsed and loaded, 0 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIct\fR\|(7), +\&\fICTLOG_STORE_get0_log_by_id\fR\|(3), +\&\fISSL_CTX_set_ctlog_list_file\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/CTLOG_new.3 b/linux_amd64/ssl/share/man/man3/CTLOG_new.3 new file mode 100755 index 0000000..bb26811 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/CTLOG_new.3 @@ -0,0 +1,194 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CTLOG_NEW 3" +.TH CTLOG_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CTLOG_new, CTLOG_new_from_base64, CTLOG_free, +CTLOG_get0_name, CTLOG_get0_log_id, CTLOG_get0_public_key \- +encapsulates information about a Certificate Transparency log +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& CTLOG *CTLOG_new(EVP_PKEY *public_key, const char *name); +\& int CTLOG_new_from_base64(CTLOG ** ct_log, +\& const char *pkey_base64, const char *name); +\& void CTLOG_free(CTLOG *log); +\& const char *CTLOG_get0_name(const CTLOG *log); +\& void CTLOG_get0_log_id(const CTLOG *log, const uint8_t **log_id, +\& size_t *log_id_len); +\& EVP_PKEY *CTLOG_get0_public_key(const CTLOG *log); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fICTLOG_new()\fR returns a new \s-1CTLOG\s0 that represents the Certificate Transparency +(\s-1CT\s0) log with the given public key. A name must also be provided that can be +used to help users identify this log. Ownership of the public key is +transferred. +.PP +\&\fICTLOG_new_from_base64()\fR also creates a new \s-1CTLOG\s0, but takes the public key in +base64\-encoded \s-1DER\s0 form and sets the ct_log pointer to point to the new \s-1CTLOG\s0. +The base64 will be decoded and the public key parsed. +.PP +Regardless of whether \fICTLOG_new()\fR or \fICTLOG_new_from_base64()\fR is used, it is the +caller's responsibility to pass the \s-1CTLOG\s0 to \fICTLOG_free()\fR once it is no longer +needed. This will delete it and, if created by \fICTLOG_new()\fR, the \s-1EVP_PKEY\s0 that +was passed to it. +.PP +\&\fICTLOG_get0_name()\fR returns the name of the log, as provided when the \s-1CTLOG\s0 was +created. Ownership of the string remains with the \s-1CTLOG\s0. +.PP +\&\fICTLOG_get0_log_id()\fR sets *log_id to point to a string containing that log's +LogID (see \s-1RFC\s0 6962). It sets *log_id_len to the length of that LogID. For a +v1 \s-1CT\s0 log, the LogID will be a \s-1SHA\-256\s0 hash (i.e. 32 bytes long). Ownership of +the string remains with the \s-1CTLOG\s0. +.PP +\&\fICTLOG_get0_public_key()\fR returns the public key of the \s-1CT\s0 log. Ownership of the +\&\s-1EVP_PKEY\s0 remains with the \s-1CTLOG\s0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fICTLOG_new()\fR will return \s-1NULL\s0 if an error occurs. +.PP +\&\fICTLOG_new_from_base64()\fR will return 1 on success, 0 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIct\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/CT_POLICY_EVAL_CTX_new.3 b/linux_amd64/ssl/share/man/man3/CT_POLICY_EVAL_CTX_new.3 new file mode 100755 index 0000000..5a41bb8 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/CT_POLICY_EVAL_CTX_new.3 @@ -0,0 +1,225 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CT_POLICY_EVAL_CTX_NEW 3" +.TH CT_POLICY_EVAL_CTX_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CT_POLICY_EVAL_CTX_new, CT_POLICY_EVAL_CTX_free, +CT_POLICY_EVAL_CTX_get0_cert, CT_POLICY_EVAL_CTX_set1_cert, +CT_POLICY_EVAL_CTX_get0_issuer, CT_POLICY_EVAL_CTX_set1_issuer, +CT_POLICY_EVAL_CTX_get0_log_store, CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE, +CT_POLICY_EVAL_CTX_get_time, CT_POLICY_EVAL_CTX_set_time \- +Encapsulates the data required to evaluate whether SCTs meet a Certificate Transparency policy +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void); +\& void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx); +\& X509* CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx); +\& int CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert); +\& X509* CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx); +\& int CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer); +\& const CTLOG_STORE *CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX *ctx); +\& void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx, +\& CTLOG_STORE *log_store); +\& uint64_t CT_POLICY_EVAL_CTX_get_time(const CT_POLICY_EVAL_CTX *ctx); +\& void CT_POLICY_EVAL_CTX_set_time(CT_POLICY_EVAL_CTX *ctx, uint64_t time_in_ms); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A \fB\s-1CT_POLICY_EVAL_CTX\s0\fR is used by functions that evaluate whether Signed +Certificate Timestamps (SCTs) fulfil a Certificate Transparency (\s-1CT\s0) policy. +This policy may be, for example, that at least one valid \s-1SCT\s0 is available. To +determine this, an \s-1SCT\s0's timestamp and signature must be verified. +This requires: +.IP "\(bu" 2 +the public key of the log that issued the \s-1SCT\s0 +.IP "\(bu" 2 +the certificate that the \s-1SCT\s0 was issued for +.IP "\(bu" 2 +the issuer certificate (if the \s-1SCT\s0 was issued for a pre-certificate) +.IP "\(bu" 2 +the current time +.PP +The above requirements are met using the setters described below. +.PP +\&\fICT_POLICY_EVAL_CTX_new()\fR creates an empty policy evaluation context. This +should then be populated using: +.IP "\(bu" 2 +\&\fICT_POLICY_EVAL_CTX_set1_cert()\fR to provide the certificate the SCTs were issued for +.Sp +Increments the reference count of the certificate. +.IP "\(bu" 2 +\&\fICT_POLICY_EVAL_CTX_set1_issuer()\fR to provide the issuer certificate +.Sp +Increments the reference count of the certificate. +.IP "\(bu" 2 +\&\fICT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE()\fR to provide a list of logs that are trusted as sources of SCTs +.Sp +Holds a pointer to the \s-1CTLOG_STORE\s0, so the \s-1CTLOG_STORE\s0 must outlive the +\&\s-1CT_POLICY_EVAL_CTX\s0. +.IP "\(bu" 2 +\&\fICT_POLICY_EVAL_CTX_set_time()\fR to set the time SCTs should be compared with to determine if they are valid +.Sp +The \s-1SCT\s0 timestamp will be compared to this time to check whether the \s-1SCT\s0 was +issued in the future. \s-1RFC6962\s0 states that \*(L"\s-1TLS\s0 clients \s-1MUST\s0 reject SCTs whose +timestamp is in the future\*(R". By default, this will be set to 5 minutes in the +future (e.g. (\fItime()\fR + 300) * 1000), to allow for clock drift. +.Sp +The time should be in milliseconds since the Unix Epoch. +.PP +Each setter has a matching getter for accessing the current value. +.PP +When no longer required, the \fB\s-1CT_POLICY_EVAL_CTX\s0\fR should be passed to +\&\fICT_POLICY_EVAL_CTX_free()\fR to delete it. +.SH "NOTES" +.IX Header "NOTES" +The issuer certificate only needs to be provided if at least one of the SCTs +was issued for a pre-certificate. This will be the case for SCTs embedded in a +certificate (i.e. those in an X.509 extension), but may not be the case for SCTs +found in the \s-1TLS\s0 \s-1SCT\s0 extension or \s-1OCSP\s0 response. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fICT_POLICY_EVAL_CTX_new()\fR will return \s-1NULL\s0 if malloc fails. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIct\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/DEFINE_STACK_OF.3 b/linux_amd64/ssl/share/man/man3/DEFINE_STACK_OF.3 new file mode 100755 index 0000000..3c08e33 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/DEFINE_STACK_OF.3 @@ -0,0 +1,408 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DEFINE_STACK_OF 3" +.TH DEFINE_STACK_OF 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DEFINE_STACK_OF, DEFINE_STACK_OF_CONST, DEFINE_SPECIAL_STACK_OF, +DEFINE_SPECIAL_STACK_OF_CONST, +sk_TYPE_num, sk_TYPE_value, sk_TYPE_new, sk_TYPE_new_null, +sk_TYPE_reserve, sk_TYPE_free, sk_TYPE_zero, sk_TYPE_delete, +sk_TYPE_delete_ptr, sk_TYPE_push, sk_TYPE_unshift, sk_TYPE_pop, +sk_TYPE_shift, sk_TYPE_pop_free, sk_TYPE_insert, sk_TYPE_set, +sk_TYPE_find, sk_TYPE_find_ex, sk_TYPE_sort, sk_TYPE_is_sorted, +sk_TYPE_dup, sk_TYPE_deep_copy, sk_TYPE_set_cmp_func, sk_TYPE_new_reserve +\&\- stack container +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& STACK_OF(TYPE) +\& DEFINE_STACK_OF(TYPE) +\& DEFINE_STACK_OF_CONST(TYPE) +\& DEFINE_SPECIAL_STACK_OF(FUNCTYPE, TYPE) +\& DEFINE_SPECIAL_STACK_OF_CONST(FUNCTYPE, TYPE) +\& +\& typedef int (*sk_TYPE_compfunc)(const TYPE *const *a, const TYPE *const *b); +\& typedef TYPE * (*sk_TYPE_copyfunc)(const TYPE *a); +\& typedef void (*sk_TYPE_freefunc)(TYPE *a); +\& +\& int sk_TYPE_num(const STACK_OF(TYPE) *sk); +\& TYPE *sk_TYPE_value(const STACK_OF(TYPE) *sk, int idx); +\& STACK_OF(TYPE) *sk_TYPE_new(sk_TYPE_compfunc compare); +\& STACK_OF(TYPE) *sk_TYPE_new_null(void); +\& int sk_TYPE_reserve(STACK_OF(TYPE) *sk, int n); +\& void sk_TYPE_free(const STACK_OF(TYPE) *sk); +\& void sk_TYPE_zero(const STACK_OF(TYPE) *sk); +\& TYPE *sk_TYPE_delete(STACK_OF(TYPE) *sk, int i); +\& TYPE *sk_TYPE_delete_ptr(STACK_OF(TYPE) *sk, TYPE *ptr); +\& int sk_TYPE_push(STACK_OF(TYPE) *sk, const TYPE *ptr); +\& int sk_TYPE_unshift(STACK_OF(TYPE) *sk, const TYPE *ptr); +\& TYPE *sk_TYPE_pop(STACK_OF(TYPE) *sk); +\& TYPE *sk_TYPE_shift(STACK_OF(TYPE) *sk); +\& void sk_TYPE_pop_free(STACK_OF(TYPE) *sk, sk_TYPE_freefunc freefunc); +\& int sk_TYPE_insert(STACK_OF(TYPE) *sk, TYPE *ptr, int idx); +\& TYPE *sk_TYPE_set(STACK_OF(TYPE) *sk, int idx, const TYPE *ptr); +\& int sk_TYPE_find(STACK_OF(TYPE) *sk, TYPE *ptr); +\& int sk_TYPE_find_ex(STACK_OF(TYPE) *sk, TYPE *ptr); +\& void sk_TYPE_sort(const STACK_OF(TYPE) *sk); +\& int sk_TYPE_is_sorted(const STACK_OF(TYPE) *sk); +\& STACK_OF(TYPE) *sk_TYPE_dup(const STACK_OF(TYPE) *sk); +\& STACK_OF(TYPE) *sk_TYPE_deep_copy(const STACK_OF(TYPE) *sk, +\& sk_TYPE_copyfunc copyfunc, +\& sk_TYPE_freefunc freefunc); +\& sk_TYPE_compfunc (*sk_TYPE_set_cmp_func(STACK_OF(TYPE) *sk, +\& sk_TYPE_compfunc compare)); +\& STACK_OF(TYPE) *sk_TYPE_new_reserve(sk_TYPE_compfunc compare, int n); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Applications can create and use their own stacks by placing any of the macros +described below in a header file. These macros define typesafe inline +functions that wrap around the utility \fBOPENSSL_sk_\fR \s-1API\s0. +In the description here, \fB\f(BI\s-1TYPE\s0\fB\fR is used +as a placeholder for any of the OpenSSL datatypes, such as \fBX509\fR. +.PP +\&\s-1\fISTACK_OF\s0()\fR returns the name for a stack of the specified \fB\f(BI\s-1TYPE\s0\fB\fR. +\&\s-1\fIDEFINE_STACK_OF\s0()\fR creates set of functions for a stack of \fB\f(BI\s-1TYPE\s0\fB\fR. This +will mean that type \fB\f(BI\s-1TYPE\s0\fB\fR is stored in each stack, the type is referenced by +\&\fB\s-1STACK_OF\s0\fR(\fB\f(BI\s-1TYPE\s0\fB\fR) and each function name begins with \fBsk_\f(BI\s-1TYPE\s0\fB_\fR. +For example: +.PP +.Vb 1 +\& TYPE *sk_TYPE_value(STACK_OF(TYPE) *sk, int idx); +.Ve +.PP +\&\s-1\fIDEFINE_STACK_OF_CONST\s0()\fR is identical to \s-1\fIDEFINE_STACK_OF\s0()\fR except +each element is constant. For example: +.PP +.Vb 1 +\& const TYPE *sk_TYPE_value(STACK_OF(TYPE) *sk, int idx); +.Ve +.PP +\&\s-1\fIDEFINE_SPECIAL_STACK_OF\s0()\fR defines a stack of \fB\f(BI\s-1TYPE\s0\fB\fR but +each function uses \fB\s-1FUNCNAME\s0\fR in the function name. For example: +.PP +.Vb 1 +\& TYPE *sk_FUNCNAME_value(STACK_OF(TYPE) *sk, int idx); +.Ve +.PP +\&\s-1\fIDEFINE_SPECIAL_STACK_OF_CONST\s0()\fR is similar except that each element is +constant: +.PP +.Vb 1 +\& const TYPE *sk_FUNCNAME_value(STACK_OF(TYPE) *sk, int idx); +.Ve +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_num\fR() returns the number of elements in \fIsk\fR or \-1 if \fIsk\fR is +\&\s-1NULL\s0. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_value\fR() returns element \fIidx\fR in \fIsk\fR, where \fIidx\fR starts at +zero. If \fIidx\fR is out of range then \s-1NULL\s0 is returned. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_new\fR() allocates a new empty stack using comparison function +\&\fIcompare\fR. If \fIcompare\fR is \s-1NULL\s0 then no comparison function is used. This +function is equivalent to \fBsk_\f(BI\s-1TYPE\s0\fB_new_reserve\fR(\fIcompare\fR, 0). +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_new_null\fR() allocates a new empty stack with no comparison +function. This function is equivalent to \fBsk_\f(BI\s-1TYPE\s0\fB_new_reserve\fR(\s-1NULL\s0, 0). +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_reserve\fR() allocates additional memory in the \fIsk\fR structure +such that the next \fIn\fR calls to \fBsk_\f(BI\s-1TYPE\s0\fB_insert\fR(), \fBsk_\f(BI\s-1TYPE\s0\fB_push\fR() +or \fBsk_\f(BI\s-1TYPE\s0\fB_unshift\fR() will not fail or cause memory to be allocated +or reallocated. If \fIn\fR is zero, any excess space allocated in the +\&\fIsk\fR structure is freed. On error \fIsk\fR is unchanged. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_new_reserve\fR() allocates a new stack. The new stack will have +additional memory allocated to hold \fIn\fR elements if \fIn\fR is positive. +The next \fIn\fR calls to \fBsk_\f(BI\s-1TYPE\s0\fB_insert\fR(), \fBsk_\f(BI\s-1TYPE\s0\fB_push\fR() or +\&\fBsk_\f(BI\s-1TYPE\s0\fB_unshift\fR() will not fail or cause memory to be allocated or +reallocated. If \fIn\fR is zero or less than zero, no memory is allocated. +\&\fBsk_\f(BI\s-1TYPE\s0\fB_new_reserve\fR() also sets the comparison function \fIcompare\fR +to the newly created stack. If \fIcompare\fR is \s-1NULL\s0 then no comparison +function is used. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_set_cmp_func\fR() sets the comparison function of \fIsk\fR to +\&\fIcompare\fR. The previous comparison function is returned or \s-1NULL\s0 if there +was no previous comparison function. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_free\fR() frees up the \fIsk\fR structure. It does \fInot\fR free up any +elements of \fIsk\fR. After this call \fIsk\fR is no longer valid. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_zero\fR() sets the number of elements in \fIsk\fR to zero. It does not +free \fIsk\fR so after this call \fIsk\fR is still valid. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_pop_free\fR() frees up all elements of \fIsk\fR and \fIsk\fR itself. The +free function \fIfreefunc()\fR is called on each element to free it. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_delete\fR() deletes element \fIi\fR from \fIsk\fR. It returns the deleted +element or \s-1NULL\s0 if \fIi\fR is out of range. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_delete_ptr\fR() deletes element matching \fIptr\fR from \fIsk\fR. It +returns the deleted element or \s-1NULL\s0 if no element matching \fIptr\fR was found. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_insert\fR() inserts \fIptr\fR into \fIsk\fR at position \fIidx\fR. Any +existing elements at or after \fIidx\fR are moved downwards. If \fIidx\fR is out +of range the new element is appended to \fIsk\fR. \fBsk_\f(BI\s-1TYPE\s0\fB_insert\fR() either +returns the number of elements in \fIsk\fR after the new element is inserted or +zero if an error (such as memory allocation failure) occurred. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_push\fR() appends \fIptr\fR to \fIsk\fR it is equivalent to: +.PP +.Vb 1 +\& sk_TYPE_insert(sk, ptr, \-1); +.Ve +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_unshift\fR() inserts \fIptr\fR at the start of \fIsk\fR it is equivalent +to: +.PP +.Vb 1 +\& sk_TYPE_insert(sk, ptr, 0); +.Ve +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_pop\fR() returns and removes the last element from \fIsk\fR. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_shift\fR() returns and removes the first element from \fIsk\fR. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_set\fR() sets element \fIidx\fR of \fIsk\fR to \fIptr\fR replacing the current +element. The new element value is returned or \s-1NULL\s0 if an error occurred: +this will only happen if \fIsk\fR is \s-1NULL\s0 or \fIidx\fR is out of range. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_find\fR() searches \fIsk\fR for the element \fIptr\fR. In the case +where no comparison function has been specified, the function performs +a linear search for a pointer equal to \fIptr\fR. The index of the first +matching element is returned or \fB\-1\fR if there is no match. In the case +where a comparison function has been specified, \fIsk\fR is sorted then +\&\fBsk_\f(BI\s-1TYPE\s0\fB_find\fR() returns the index of a matching element or \fB\-1\fR if there +is no match. Note that, in this case, the matching element returned is +not guaranteed to be the first; the comparison function will usually +compare the values pointed to rather than the pointers themselves and +the order of elements in \fIsk\fR could change. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_find_ex\fR() operates like \fBsk_\f(BI\s-1TYPE\s0\fB_find\fR() except when a +comparison function has been specified and no matching element is found. +Instead of returning \fB\-1\fR, \fBsk_\f(BI\s-1TYPE\s0\fB_find_ex\fR() returns the index of the +element either before or after the location where \fIptr\fR would be if it were +present in \fIsk\fR. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_sort\fR() sorts \fIsk\fR using the supplied comparison function. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_is_sorted\fR() returns \fB1\fR if \fIsk\fR is sorted and \fB0\fR otherwise. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_dup\fR() returns a copy of \fIsk\fR. Note the pointers in the copy +are identical to the original. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_deep_copy\fR() returns a new stack where each element has been +copied. Copying is performed by the supplied \fIcopyfunc()\fR and freeing by +\&\fIfreefunc()\fR. The function \fIfreefunc()\fR is only called if an error occurs. +.SH "NOTES" +.IX Header "NOTES" +Care should be taken when accessing stacks in multi-threaded environments. +Any operation which increases the size of a stack such as \fBsk_\f(BI\s-1TYPE\s0\fB_insert\fR() +or \fBsk_\f(BI\s-1TYPE\s0\fB_push\fR() can \*(L"grow\*(R" the size of an internal array and cause race +conditions if the same stack is accessed in a different thread. Operations such +as \fBsk_\f(BI\s-1TYPE\s0\fB_find\fR() and \fBsk_\f(BI\s-1TYPE\s0\fB_sort\fR() can also reorder the stack. +.PP +Any comparison function supplied should use a metric suitable +for use in a binary search operation. That is it should return zero, a +positive or negative value if \fIa\fR is equal to, greater than +or less than \fIb\fR respectively. +.PP +Care should be taken when checking the return values of the functions +\&\fBsk_\f(BI\s-1TYPE\s0\fB_find\fR() and \fBsk_\f(BI\s-1TYPE\s0\fB_find_ex\fR(). They return an index to the +matching element. In particular \fB0\fR indicates a matching first element. +A failed search is indicated by a \fB\-1\fR return value. +.PP +\&\s-1\fISTACK_OF\s0()\fR, \s-1\fIDEFINE_STACK_OF\s0()\fR, \s-1\fIDEFINE_STACK_OF_CONST\s0()\fR, and +\&\s-1\fIDEFINE_SPECIAL_STACK_OF\s0()\fR are implemented as macros. +.PP +The underlying utility \fBOPENSSL_sk_\fR \s-1API\s0 should not be used directly. +It defines these functions: \fIOPENSSL_sk_deep_copy()\fR, +\&\fIOPENSSL_sk_delete()\fR, \fIOPENSSL_sk_delete_ptr()\fR, \fIOPENSSL_sk_dup()\fR, +\&\fIOPENSSL_sk_find()\fR, \fIOPENSSL_sk_find_ex()\fR, \fIOPENSSL_sk_free()\fR, +\&\fIOPENSSL_sk_insert()\fR, \fIOPENSSL_sk_is_sorted()\fR, \fIOPENSSL_sk_new()\fR, +\&\fIOPENSSL_sk_new_null()\fR, \fIOPENSSL_sk_num()\fR, \fIOPENSSL_sk_pop()\fR, +\&\fIOPENSSL_sk_pop_free()\fR, \fIOPENSSL_sk_push()\fR, \fIOPENSSL_sk_reserve()\fR, +\&\fIOPENSSL_sk_set()\fR, \fIOPENSSL_sk_set_cmp_func()\fR, \fIOPENSSL_sk_shift()\fR, +\&\fIOPENSSL_sk_sort()\fR, \fIOPENSSL_sk_unshift()\fR, \fIOPENSSL_sk_value()\fR, +\&\fIOPENSSL_sk_zero()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBsk_\f(BI\s-1TYPE\s0\fB_num\fR() returns the number of elements in the stack or \fB\-1\fR if the +passed stack is \s-1NULL\s0. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_value\fR() returns a pointer to a stack element or \s-1NULL\s0 if the +index is out of range. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_new\fR(), \fBsk_\f(BI\s-1TYPE\s0\fB_new_null\fR() and \fBsk_\f(BI\s-1TYPE\s0\fB_new_reserve\fR() +return an empty stack or \s-1NULL\s0 if an error occurs. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_reserve\fR() returns \fB1\fR on successful allocation of the required +memory or \fB0\fR on error. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_set_cmp_func\fR() returns the old comparison function or \s-1NULL\s0 if +there was no old comparison function. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_free\fR(), \fBsk_\f(BI\s-1TYPE\s0\fB_zero\fR(), \fBsk_\f(BI\s-1TYPE\s0\fB_pop_free\fR() and +\&\fBsk_\f(BI\s-1TYPE\s0\fB_sort\fR() do not return values. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_pop\fR(), \fBsk_\f(BI\s-1TYPE\s0\fB_shift\fR(), \fBsk_\f(BI\s-1TYPE\s0\fB_delete\fR() and +\&\fBsk_\f(BI\s-1TYPE\s0\fB_delete_ptr\fR() return a pointer to the deleted element or \s-1NULL\s0 +on error. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_insert\fR(), \fBsk_\f(BI\s-1TYPE\s0\fB_push\fR() and \fBsk_\f(BI\s-1TYPE\s0\fB_unshift\fR() return +the total number of elements in the stack and 0 if an error occurred. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_set\fR() returns a pointer to the replacement element or \s-1NULL\s0 on +error. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_find\fR() and \fBsk_\f(BI\s-1TYPE\s0\fB_find_ex\fR() return an index to the found +element or \fB\-1\fR on error. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_is_sorted\fR() returns \fB1\fR if the stack is sorted and \fB0\fR if it is +not. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_dup\fR() and \fBsk_\f(BI\s-1TYPE\s0\fB_deep_copy\fR() return a pointer to the copy +of the stack. +.SH "HISTORY" +.IX Header "HISTORY" +Before OpenSSL 1.1.0, this was implemented via macros and not inline functions +and was not a public \s-1API\s0. +.PP +\&\fBsk_\f(BI\s-1TYPE\s0\fB_reserve\fR() and \fBsk_\f(BI\s-1TYPE\s0\fB_new_reserve\fR() were added in OpenSSL +1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/DES_random_key.3 b/linux_amd64/ssl/share/man/man3/DES_random_key.3 new file mode 100755 index 0000000..75b67d6 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/DES_random_key.3 @@ -0,0 +1,452 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DES_RANDOM_KEY 3" +.TH DES_RANDOM_KEY 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DES_random_key, DES_set_key, DES_key_sched, DES_set_key_checked, +DES_set_key_unchecked, DES_set_odd_parity, DES_is_weak_key, +DES_ecb_encrypt, DES_ecb2_encrypt, DES_ecb3_encrypt, DES_ncbc_encrypt, +DES_cfb_encrypt, DES_ofb_encrypt, DES_pcbc_encrypt, DES_cfb64_encrypt, +DES_ofb64_encrypt, DES_xcbc_encrypt, DES_ede2_cbc_encrypt, +DES_ede2_cfb64_encrypt, DES_ede2_ofb64_encrypt, DES_ede3_cbc_encrypt, +DES_ede3_cfb64_encrypt, DES_ede3_ofb64_encrypt, +DES_cbc_cksum, DES_quad_cksum, DES_string_to_key, DES_string_to_2keys, +DES_fcrypt, DES_crypt \- DES encryption +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& void DES_random_key(DES_cblock *ret); +\& +\& int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule); +\& int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule); +\& int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule); +\& void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule); +\& +\& void DES_set_odd_parity(DES_cblock *key); +\& int DES_is_weak_key(const_DES_cblock *key); +\& +\& void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output, +\& DES_key_schedule *ks, int enc); +\& void DES_ecb2_encrypt(const_DES_cblock *input, DES_cblock *output, +\& DES_key_schedule *ks1, DES_key_schedule *ks2, int enc); +\& void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output, +\& DES_key_schedule *ks1, DES_key_schedule *ks2, +\& DES_key_schedule *ks3, int enc); +\& +\& void DES_ncbc_encrypt(const unsigned char *input, unsigned char *output, +\& long length, DES_key_schedule *schedule, DES_cblock *ivec, +\& int enc); +\& void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, +\& int numbits, long length, DES_key_schedule *schedule, +\& DES_cblock *ivec, int enc); +\& void DES_ofb_encrypt(const unsigned char *in, unsigned char *out, +\& int numbits, long length, DES_key_schedule *schedule, +\& DES_cblock *ivec); +\& void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output, +\& long length, DES_key_schedule *schedule, DES_cblock *ivec, +\& int enc); +\& void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out, +\& long length, DES_key_schedule *schedule, DES_cblock *ivec, +\& int *num, int enc); +\& void DES_ofb64_encrypt(const unsigned char *in, unsigned char *out, +\& long length, DES_key_schedule *schedule, DES_cblock *ivec, +\& int *num); +\& +\& void DES_xcbc_encrypt(const unsigned char *input, unsigned char *output, +\& long length, DES_key_schedule *schedule, DES_cblock *ivec, +\& const_DES_cblock *inw, const_DES_cblock *outw, int enc); +\& +\& void DES_ede2_cbc_encrypt(const unsigned char *input, unsigned char *output, +\& long length, DES_key_schedule *ks1, +\& DES_key_schedule *ks2, DES_cblock *ivec, int enc); +\& void DES_ede2_cfb64_encrypt(const unsigned char *in, unsigned char *out, +\& long length, DES_key_schedule *ks1, +\& DES_key_schedule *ks2, DES_cblock *ivec, +\& int *num, int enc); +\& void DES_ede2_ofb64_encrypt(const unsigned char *in, unsigned char *out, +\& long length, DES_key_schedule *ks1, +\& DES_key_schedule *ks2, DES_cblock *ivec, int *num); +\& +\& void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output, +\& long length, DES_key_schedule *ks1, +\& DES_key_schedule *ks2, DES_key_schedule *ks3, +\& DES_cblock *ivec, int enc); +\& void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out, +\& long length, DES_key_schedule *ks1, +\& DES_key_schedule *ks2, DES_key_schedule *ks3, +\& DES_cblock *ivec, int *num, int enc); +\& void DES_ede3_ofb64_encrypt(const unsigned char *in, unsigned char *out, +\& long length, DES_key_schedule *ks1, +\& DES_key_schedule *ks2, DES_key_schedule *ks3, +\& DES_cblock *ivec, int *num); +\& +\& DES_LONG DES_cbc_cksum(const unsigned char *input, DES_cblock *output, +\& long length, DES_key_schedule *schedule, +\& const_DES_cblock *ivec); +\& DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[], +\& long length, int out_count, DES_cblock *seed); +\& void DES_string_to_key(const char *str, DES_cblock *key); +\& void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2); +\& +\& char *DES_fcrypt(const char *buf, const char *salt, char *ret); +\& char *DES_crypt(const char *buf, const char *salt); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. Applications should +instead use \fIEVP_EncryptInit_ex\fR\|(3), \fIEVP_EncryptUpdate\fR\|(3) and +\&\fIEVP_EncryptFinal_ex\fR\|(3) or the equivalently named decrypt functions. +.PP +This library contains a fast implementation of the \s-1DES\s0 encryption +algorithm. +.PP +There are two phases to the use of \s-1DES\s0 encryption. The first is the +generation of a \fIDES_key_schedule\fR from a key, the second is the +actual encryption. A \s-1DES\s0 key is of type \fIDES_cblock\fR. This type +consists of 8 bytes with odd parity. The least significant bit in +each byte is the parity bit. The key schedule is an expanded form of +the key; it is used to speed the encryption process. +.PP +\&\fIDES_random_key()\fR generates a random key. The random generator must be +seeded when calling this function. +If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to +external circumstances (see \s-1\fIRAND\s0\fR\|(7)), the operation will fail. +If the function fails, 0 is returned. +.PP +Before a \s-1DES\s0 key can be used, it must be converted into the +architecture dependent \fIDES_key_schedule\fR via the +\&\fIDES_set_key_checked()\fR or \fIDES_set_key_unchecked()\fR function. +.PP +\&\fIDES_set_key_checked()\fR will check that the key passed is of odd parity +and is not a weak or semi-weak key. If the parity is wrong, then \-1 +is returned. If the key is a weak key, then \-2 is returned. If an +error is returned, the key schedule is not generated. +.PP +\&\fIDES_set_key()\fR works like \fIDES_set_key_checked()\fR and remains for +backward compatibility. +.PP +\&\fIDES_set_odd_parity()\fR sets the parity of the passed \fIkey\fR to odd. +.PP +\&\fIDES_is_weak_key()\fR returns 1 if the passed key is a weak key, 0 if it +is ok. +.PP +The following routines mostly operate on an input and output stream of +\&\fIDES_cblock\fRs. +.PP +\&\fIDES_ecb_encrypt()\fR is the basic \s-1DES\s0 encryption routine that encrypts or +decrypts a single 8\-byte \fIDES_cblock\fR in \fIelectronic code book\fR +(\s-1ECB\s0) mode. It always transforms the input data, pointed to by +\&\fIinput\fR, into the output data, pointed to by the \fIoutput\fR argument. +If the \fIencrypt\fR argument is nonzero (\s-1DES_ENCRYPT\s0), the \fIinput\fR +(cleartext) is encrypted in to the \fIoutput\fR (ciphertext) using the +key_schedule specified by the \fIschedule\fR argument, previously set via +\&\fIDES_set_key\fR. If \fIencrypt\fR is zero (\s-1DES_DECRYPT\s0), the \fIinput\fR (now +ciphertext) is decrypted into the \fIoutput\fR (now cleartext). Input +and output may overlap. \fIDES_ecb_encrypt()\fR does not return a value. +.PP +\&\fIDES_ecb3_encrypt()\fR encrypts/decrypts the \fIinput\fR block by using +three-key Triple-DES encryption in \s-1ECB\s0 mode. This involves encrypting +the input with \fIks1\fR, decrypting with the key schedule \fIks2\fR, and +then encrypting with \fIks3\fR. This routine greatly reduces the chances +of brute force breaking of \s-1DES\s0 and has the advantage of if \fIks1\fR, +\&\fIks2\fR and \fIks3\fR are the same, it is equivalent to just encryption +using \s-1ECB\s0 mode and \fIks1\fR as the key. +.PP +The macro \fIDES_ecb2_encrypt()\fR is provided to perform two-key Triple-DES +encryption by using \fIks1\fR for the final encryption. +.PP +\&\fIDES_ncbc_encrypt()\fR encrypts/decrypts using the \fIcipher-block-chaining\fR +(\s-1CBC\s0) mode of \s-1DES\s0. If the \fIencrypt\fR argument is nonzero, the +routine cipher-block-chain encrypts the cleartext data pointed to by +the \fIinput\fR argument into the ciphertext pointed to by the \fIoutput\fR +argument, using the key schedule provided by the \fIschedule\fR argument, +and initialization vector provided by the \fIivec\fR argument. If the +\&\fIlength\fR argument is not an integral multiple of eight bytes, the +last block is copied to a temporary area and zero filled. The output +is always an integral multiple of eight bytes. +.PP +\&\fIDES_xcbc_encrypt()\fR is \s-1RSA\s0's \s-1DESX\s0 mode of \s-1DES\s0. It uses \fIinw\fR and +\&\fIoutw\fR to 'whiten' the encryption. \fIinw\fR and \fIoutw\fR are secret +(unlike the iv) and are as such, part of the key. So the key is sort +of 24 bytes. This is much better than \s-1CBC\s0 \s-1DES\s0. +.PP +\&\fIDES_ede3_cbc_encrypt()\fR implements outer triple \s-1CBC\s0 \s-1DES\s0 encryption with +three keys. This means that each \s-1DES\s0 operation inside the \s-1CBC\s0 mode is +\&\f(CW\*(C`C=E(ks3,D(ks2,E(ks1,M)))\*(C'\fR. This mode is used by \s-1SSL\s0. +.PP +The \fIDES_ede2_cbc_encrypt()\fR macro implements two-key Triple-DES by +reusing \fIks1\fR for the final encryption. \f(CW\*(C`C=E(ks1,D(ks2,E(ks1,M)))\*(C'\fR. +This form of Triple-DES is used by the \s-1RSAREF\s0 library. +.PP +\&\fIDES_pcbc_encrypt()\fR encrypts/decrypts using the propagating cipher block +chaining mode used by Kerberos v4. Its parameters are the same as +\&\fIDES_ncbc_encrypt()\fR. +.PP +\&\fIDES_cfb_encrypt()\fR encrypts/decrypts using cipher feedback mode. This +method takes an array of characters as input and outputs an array of +characters. It does not require any padding to 8 character groups. +Note: the \fIivec\fR variable is changed and the new changed value needs to +be passed to the next call to this function. Since this function runs +a complete \s-1DES\s0 \s-1ECB\s0 encryption per \fInumbits\fR, this function is only +suggested for use when sending a small number of characters. +.PP +\&\fIDES_cfb64_encrypt()\fR +implements \s-1CFB\s0 mode of \s-1DES\s0 with 64\-bit feedback. Why is this +useful you ask? Because this routine will allow you to encrypt an +arbitrary number of bytes, without 8 byte padding. Each call to this +routine will encrypt the input bytes to output and then update ivec +and num. num contains 'how far' we are though ivec. If this does +not make much sense, read more about \s-1CFB\s0 mode of \s-1DES\s0. +.PP +\&\fIDES_ede3_cfb64_encrypt()\fR and \fIDES_ede2_cfb64_encrypt()\fR is the same as +\&\fIDES_cfb64_encrypt()\fR except that Triple-DES is used. +.PP +\&\fIDES_ofb_encrypt()\fR encrypts using output feedback mode. This method +takes an array of characters as input and outputs an array of +characters. It does not require any padding to 8 character groups. +Note: the \fIivec\fR variable is changed and the new changed value needs to +be passed to the next call to this function. Since this function runs +a complete \s-1DES\s0 \s-1ECB\s0 encryption per \fInumbits\fR, this function is only +suggested for use when sending a small number of characters. +.PP +\&\fIDES_ofb64_encrypt()\fR is the same as \fIDES_cfb64_encrypt()\fR using Output +Feed Back mode. +.PP +\&\fIDES_ede3_ofb64_encrypt()\fR and \fIDES_ede2_ofb64_encrypt()\fR is the same as +\&\fIDES_ofb64_encrypt()\fR, using Triple-DES. +.PP +The following functions are included in the \s-1DES\s0 library for +compatibility with the \s-1MIT\s0 Kerberos library. +.PP +\&\fIDES_cbc_cksum()\fR produces an 8 byte checksum based on the input stream +(via \s-1CBC\s0 encryption). The last 4 bytes of the checksum are returned +and the complete 8 bytes are placed in \fIoutput\fR. This function is +used by Kerberos v4. Other applications should use +\&\fIEVP_DigestInit\fR\|(3) etc. instead. +.PP +\&\fIDES_quad_cksum()\fR is a Kerberos v4 function. It returns a 4 byte +checksum from the input bytes. The algorithm can be iterated over the +input, depending on \fIout_count\fR, 1, 2, 3 or 4 times. If \fIoutput\fR is +non-NULL, the 8 bytes generated by each pass are written into +\&\fIoutput\fR. +.PP +The following are DES-based transformations: +.PP +\&\fIDES_fcrypt()\fR is a fast version of the Unix \fIcrypt\fR\|(3) function. This +version takes only a small amount of space relative to other fast +\&\fIcrypt()\fR implementations. This is different to the normal \fIcrypt()\fR in +that the third parameter is the buffer that the return value is +written into. It needs to be at least 14 bytes long. This function +is thread safe, unlike the normal \fIcrypt()\fR. +.PP +\&\fIDES_crypt()\fR is a faster replacement for the normal system \fIcrypt()\fR. +This function calls \fIDES_fcrypt()\fR with a static array passed as the +third parameter. This mostly emulates the normal non-thread-safe semantics +of \fIcrypt\fR\|(3). +The \fBsalt\fR must be two \s-1ASCII\s0 characters. +.PP +The values returned by \fIDES_fcrypt()\fR and \fIDES_crypt()\fR are terminated by \s-1NUL\s0 +character. +.PP +\&\fIDES_enc_write()\fR writes \fIlen\fR bytes to file descriptor \fIfd\fR from +buffer \fIbuf\fR. The data is encrypted via \fIpcbc_encrypt\fR (default) +using \fIsched\fR for the key and \fIiv\fR as a starting vector. The actual +data send down \fIfd\fR consists of 4 bytes (in network byte order) +containing the length of the following encrypted data. The encrypted +data then follows, padded with random data out to a multiple of 8 +bytes. +.SH "BUGS" +.IX Header "BUGS" +\&\fIDES_cbc_encrypt()\fR does not modify \fBivec\fR; use \fIDES_ncbc_encrypt()\fR +instead. +.PP +\&\fIDES_cfb_encrypt()\fR and \fIDES_ofb_encrypt()\fR operates on input of 8 bits. +What this means is that if you set numbits to 12, and length to 2, the +first 12 bits will come from the 1st input byte and the low half of +the second input byte. The second 12 bits will have the low 8 bits +taken from the 3rd input byte and the top 4 bits taken from the 4th +input byte. The same holds for output. This function has been +implemented this way because most people will be using a multiple of 8 +and because once you get into pulling bytes input bytes apart things +get ugly! +.PP +\&\fIDES_string_to_key()\fR is available for backward compatibility with the +\&\s-1MIT\s0 library. New applications should use a cryptographic hash function. +The same applies for \fIDES_string_to_2key()\fR. +.SH "NOTES" +.IX Header "NOTES" +The \fBdes\fR library was written to be source code compatible with +the \s-1MIT\s0 Kerberos library. +.PP +Applications should use the higher level functions +\&\fIEVP_EncryptInit\fR\|(3) etc. instead of calling these +functions directly. +.PP +Single-key \s-1DES\s0 is insecure due to its short key size. \s-1ECB\s0 mode is +not suitable for most applications; see \fIdes_modes\fR\|(7). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIDES_set_key()\fR, \fIDES_key_sched()\fR, \fIDES_set_key_checked()\fR and \fIDES_is_weak_key()\fR +return 0 on success or negative values on error. +.PP +\&\fIDES_cbc_cksum()\fR and \fIDES_quad_cksum()\fR return 4\-byte integer representing the +last 4 bytes of the checksum of the input. +.PP +\&\fIDES_fcrypt()\fR returns a pointer to the caller-provided buffer and \fIDES_crypt()\fR \- +to a static buffer on success; otherwise they return \s-1NULL\s0. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIdes_modes\fR\|(7), +\&\fIEVP_EncryptInit\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. +.PP +The requirement that the \fBsalt\fR parameter to \fIDES_crypt()\fR and \fIDES_fcrypt()\fR +be two \s-1ASCII\s0 characters was first enforced in +OpenSSL 1.1.0. Previous versions tried to use the letter uppercase \fBA\fR +if both character were not present, and could crash when given non-ASCII +on some platforms. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/DH_generate_key.3 b/linux_amd64/ssl/share/man/man3/DH_generate_key.3 new file mode 100755 index 0000000..57f2dc1 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/DH_generate_key.3 @@ -0,0 +1,191 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DH_GENERATE_KEY 3" +.TH DH_GENERATE_KEY 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DH_generate_key, DH_compute_key \- perform Diffie\-Hellman key exchange +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& int DH_generate_key(DH *dh); +\& +\& int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Both of the functions described on this page are deprecated. +Applications should instead use \fIEVP_PKEY_derive_init\fR\|(3) +and \fIEVP_PKEY_derive\fR\|(3). +.PP +\&\fIDH_generate_key()\fR performs the first step of a Diffie-Hellman key +exchange by generating private and public \s-1DH\s0 values. By calling +\&\fIDH_compute_key()\fR, these are combined with the other party's public +value to compute the shared key. +.PP +\&\fIDH_generate_key()\fR expects \fBdh\fR to contain the shared parameters +\&\fBdh\->p\fR and \fBdh\->g\fR. It generates a random private \s-1DH\s0 value +unless \fBdh\->priv_key\fR is already set, and computes the +corresponding public value \fBdh\->pub_key\fR, which can then be +published. +.PP +\&\fIDH_compute_key()\fR computes the shared secret from the private \s-1DH\s0 value +in \fBdh\fR and the other party's public value in \fBpub_key\fR and stores +it in \fBkey\fR. \fBkey\fR must point to \fBDH_size(dh)\fR bytes of memory. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIDH_generate_key()\fR returns 1 on success, 0 otherwise. +.PP +\&\fIDH_compute_key()\fR returns the size of the shared secret on success, \-1 +on error. +.PP +The error codes can be obtained by \fIERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_PKEY_derive\fR\|(3), +\&\fIDH_new\fR\|(3), \fIERR_get_error\fR\|(3), \fIRAND_bytes\fR\|(3), \fIDH_size\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +Both of these functions were deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/DH_generate_parameters.3 b/linux_amd64/ssl/share/man/man3/DH_generate_parameters.3 new file mode 100755 index 0000000..b7e3753 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/DH_generate_parameters.3 @@ -0,0 +1,277 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DH_GENERATE_PARAMETERS 3" +.TH DH_GENERATE_PARAMETERS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DH_generate_parameters_ex, DH_generate_parameters, +DH_check, DH_check_params, +DH_check_ex, DH_check_params_ex, DH_check_pub_key_ex +\&\- generate and check Diffie\-Hellman +parameters +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& int DH_generate_parameters_ex(DH *dh, int prime_len, int generator, BN_GENCB *cb); +\& +\& int DH_check(DH *dh, int *codes); +\& int DH_check_params(DH *dh, int *codes); +\& +\& int DH_check_ex(const DH *dh); +\& int DH_check_params_ex(const DH *dh); +\& int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key); +.Ve +.PP +Deprecated since OpenSSL 0.9.8, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 2 +\& DH *DH_generate_parameters(int prime_len, int generator, +\& void (*callback)(int, int, void *), void *cb_arg); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. +Applications should instead use \fIEVP_PKEY_check\fR\|(3), +\&\fIEVP_PKEY_public_check\fR\|(3), \fIEVP_PKEY_private_check\fR\|(3) and +\&\fIEVP_PKEY_param_check\fR\|(3). +.PP +\&\fIDH_generate_parameters_ex()\fR generates Diffie-Hellman parameters that can +be shared among a group of users, and stores them in the provided \fB\s-1DH\s0\fR +structure. The pseudo-random number generator must be +seeded before calling it. +The parameters generated by \fIDH_generate_parameters_ex()\fR should not be used in +signature schemes. +.PP +\&\fBprime_len\fR is the length in bits of the safe prime to be generated. +\&\fBgenerator\fR is a small number > 1, typically 2 or 5. +.PP +A callback function may be used to provide feedback about the progress +of the key generation. If \fBcb\fR is not \fB\s-1NULL\s0\fR, it will be +called as described in \fIBN_generate_prime\fR\|(3) while a random prime +number is generated, and when a prime has been found, \fBBN_GENCB_call(cb, 3, 0)\fR +is called. See \fIBN_generate_prime_ex\fR\|(3) for information on +the \fIBN_GENCB_call()\fR function. +.PP +\&\fIDH_generate_parameters()\fR is similar to \fIDH_generate_prime_ex()\fR but +expects an old-style callback function; see +\&\fIBN_generate_prime\fR\|(3) for information on the old-style callback. +.PP +\&\fIDH_check_params()\fR confirms that the \fBp\fR and \fBg\fR are likely enough to +be valid. +This is a lightweight check, if a more thorough check is needed, use +\&\fIDH_check()\fR. +The value of \fB*codes\fR is updated with any problems found. +If \fB*codes\fR is zero then no problems were found, otherwise the +following bits may be set: +.IP "\s-1DH_CHECK_P_NOT_PRIME\s0" 4 +.IX Item "DH_CHECK_P_NOT_PRIME" +The parameter \fBp\fR has been determined to not being an odd prime. +Note that the lack of this bit doesn't guarantee that \fBp\fR is a +prime. +.IP "\s-1DH_NOT_SUITABLE_GENERATOR\s0" 4 +.IX Item "DH_NOT_SUITABLE_GENERATOR" +The generator \fBg\fR is not suitable. +Note that the lack of this bit doesn't guarantee that \fBg\fR is +suitable, unless \fBp\fR is known to be a strong prime. +.IP "\s-1DH_MODULUS_TOO_SMALL\s0" 4 +.IX Item "DH_MODULUS_TOO_SMALL" +The modulus is too small. +.IP "\s-1DH_MODULUS_TOO_LARGE\s0" 4 +.IX Item "DH_MODULUS_TOO_LARGE" +The modulus is too large. +.PP +\&\fIDH_check()\fR confirms that the Diffie-Hellman parameters \fBdh\fR are valid. The +value of \fB*codes\fR is updated with any problems found. If \fB*codes\fR is zero then +no problems were found, otherwise the following bits may be set: +.IP "\s-1DH_CHECK_P_NOT_PRIME\s0" 4 +.IX Item "DH_CHECK_P_NOT_PRIME" +The parameter \fBp\fR is not prime. +.IP "\s-1DH_CHECK_P_NOT_SAFE_PRIME\s0" 4 +.IX Item "DH_CHECK_P_NOT_SAFE_PRIME" +The parameter \fBp\fR is not a safe prime and no \fBq\fR value is present. +.IP "\s-1DH_UNABLE_TO_CHECK_GENERATOR\s0" 4 +.IX Item "DH_UNABLE_TO_CHECK_GENERATOR" +The generator \fBg\fR cannot be checked for suitability. +.IP "\s-1DH_NOT_SUITABLE_GENERATOR\s0" 4 +.IX Item "DH_NOT_SUITABLE_GENERATOR" +The generator \fBg\fR is not suitable. +.IP "\s-1DH_CHECK_Q_NOT_PRIME\s0" 4 +.IX Item "DH_CHECK_Q_NOT_PRIME" +The parameter \fBq\fR is not prime. +.IP "\s-1DH_CHECK_INVALID_Q_VALUE\s0" 4 +.IX Item "DH_CHECK_INVALID_Q_VALUE" +The parameter \fBq\fR is invalid. +.IP "\s-1DH_CHECK_INVALID_J_VALUE\s0" 4 +.IX Item "DH_CHECK_INVALID_J_VALUE" +The parameter \fBj\fR is invalid. +.PP +\&\fIDH_check_ex()\fR, \fIDH_check_params()\fR and \fIDH_check_pub_key_ex()\fR are similar to +\&\fIDH_check()\fR and \fIDH_check_params()\fR respectively, but the error reasons are added +to the thread's error queue instead of provided as return values from the +function. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIDH_generate_parameters_ex()\fR, \fIDH_check()\fR and \fIDH_check_params()\fR return 1 +if the check could be performed, 0 otherwise. +.PP +\&\fIDH_generate_parameters()\fR returns a pointer to the \s-1DH\s0 structure or \s-1NULL\s0 if +the parameter generation fails. +.PP +\&\fIDH_check_ex()\fR, \fIDH_check_params()\fR and \fIDH_check_pub_key_ex()\fR return 1 if the +check is successful, 0 for failed. +.PP +The error codes can be obtained by \fIERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIDH_new\fR\|(3), \fIERR_get_error\fR\|(3), \fIRAND_bytes\fR\|(3), +\&\fIDH_free\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. +.PP +\&\fIDH_generate_parameters()\fR was deprecated in OpenSSL 0.9.8; use +\&\fIDH_generate_parameters_ex()\fR instead. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/DH_get0_pqg.3 b/linux_amd64/ssl/share/man/man3/DH_get0_pqg.3 new file mode 100755 index 0000000..26728dd --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/DH_get0_pqg.3 @@ -0,0 +1,260 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DH_GET0_PQG 3" +.TH DH_GET0_PQG 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DH_get0_pqg, DH_set0_pqg, DH_get0_key, DH_set0_key, +DH_get0_p, DH_get0_q, DH_get0_g, +DH_get0_priv_key, DH_get0_pub_key, +DH_clear_flags, DH_test_flags, DH_set_flags, DH_get0_engine, +DH_get_length, DH_set_length \- Routines for getting and setting data in a DH object +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void DH_get0_pqg(const DH *dh, +\& const BIGNUM **p, const BIGNUM **q, const BIGNUM **g); +\& int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); +\& void DH_get0_key(const DH *dh, +\& const BIGNUM **pub_key, const BIGNUM **priv_key); +\& int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key); +\& const BIGNUM *DH_get0_p(const DH *dh); +\& const BIGNUM *DH_get0_q(const DH *dh); +\& const BIGNUM *DH_get0_g(const DH *dh); +\& const BIGNUM *DH_get0_priv_key(const DH *dh); +\& const BIGNUM *DH_get0_pub_key(const DH *dh); +\& void DH_clear_flags(DH *dh, int flags); +\& int DH_test_flags(const DH *dh, int flags); +\& void DH_set_flags(DH *dh, int flags); +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 3 +\& ENGINE *DH_get0_engine(DH *d); +\& long DH_get_length(const DH *dh); +\& int DH_set_length(DH *dh, long length); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A \s-1DH\s0 object contains the parameters \fBp\fR, \fBq\fR and \fBg\fR. Note that the \fBq\fR +parameter is optional. It also contains a public key (\fBpub_key\fR) and +(optionally) a private key (\fBpriv_key\fR). +.PP +The \fBp\fR, \fBq\fR and \fBg\fR parameters can be obtained by calling \fIDH_get0_pqg()\fR. +If the parameters have not yet been set then \fB*p\fR, \fB*q\fR and \fB*g\fR will be set +to \s-1NULL\s0. Otherwise they are set to pointers to their respective values. These +point directly to the internal representations of the values and therefore +should not be freed directly. +Any of the out parameters \fBp\fR, \fBq\fR, and \fBg\fR can be \s-1NULL\s0, in which case no +value will be returned for that parameter. +.PP +The \fBp\fR, \fBq\fR and \fBg\fR values can be set by calling \fIDH_set0_pqg()\fR and passing +the new values for \fBp\fR, \fBq\fR and \fBg\fR as parameters to the function. Calling +this function transfers the memory management of the values to the \s-1DH\s0 object, +and therefore the values that have been passed in should not be freed directly +after this function has been called. The \fBq\fR parameter may be \s-1NULL\s0. +.PP +To get the public and private key values use the \fIDH_get0_key()\fR function. A +pointer to the public key will be stored in \fB*pub_key\fR, and a pointer to the +private key will be stored in \fB*priv_key\fR. Either may be \s-1NULL\s0 if they have not +been set yet, although if the private key has been set then the public key must +be. The values point to the internal representation of the public key and +private key values. This memory should not be freed directly. +Any of the out parameters \fBpub_key\fR and \fBpriv_key\fR can be \s-1NULL\s0, in which case +no value will be returned for that parameter. +.PP +The public and private key values can be set using \fIDH_set0_key()\fR. Either +parameter may be \s-1NULL\s0, which means the corresponding \s-1DH\s0 field is left +untouched. As with \fIDH_set0_pqg()\fR this function transfers the memory management +of the key values to the \s-1DH\s0 object, and therefore they should not be freed +directly after this function has been called. +.PP +Any of the values \fBp\fR, \fBq\fR, \fBg\fR, \fBpriv_key\fR, and \fBpub_key\fR can also be +retrieved separately by the corresponding function \fIDH_get0_p()\fR, \fIDH_get0_q()\fR, +\&\fIDH_get0_g()\fR, \fIDH_get0_priv_key()\fR, and \fIDH_get0_pub_key()\fR, respectively. +.PP +\&\fIDH_set_flags()\fR sets the flags in the \fBflags\fR parameter on the \s-1DH\s0 object. +Multiple flags can be passed in one go (bitwise ORed together). Any flags that +are already set are left set. \fIDH_test_flags()\fR tests to see whether the flags +passed in the \fBflags\fR parameter are currently set in the \s-1DH\s0 object. Multiple +flags can be tested in one go. All flags that are currently set are returned, or +zero if none of the flags are set. \fIDH_clear_flags()\fR clears the specified flags +within the \s-1DH\s0 object. +.PP +\&\fIDH_get0_engine()\fR returns a handle to the \s-1ENGINE\s0 that has been set for this \s-1DH\s0 +object, or \s-1NULL\s0 if no such \s-1ENGINE\s0 has been set. This function is deprecated. +.PP +The \fIDH_get_length()\fR and \fIDH_set_length()\fR functions get and set the optional +length parameter associated with this \s-1DH\s0 object. If the length is nonzero then +it is used, otherwise it is ignored. The \fBlength\fR parameter indicates the +length of the secret exponent (private key) in bits. These functions are +deprecated. +.SH "NOTES" +.IX Header "NOTES" +Values retrieved with \fIDH_get0_key()\fR are owned by the \s-1DH\s0 object used +in the call and may therefore \fInot\fR be passed to \fIDH_set0_key()\fR. If +needed, duplicate the received value using \fIBN_dup()\fR and pass the +duplicate. The same applies to \fIDH_get0_pqg()\fR and \fIDH_set0_pqg()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIDH_set0_pqg()\fR and \fIDH_set0_key()\fR return 1 on success or 0 on failure. +.PP +\&\fIDH_get0_p()\fR, \fIDH_get0_q()\fR, \fIDH_get0_g()\fR, \fIDH_get0_priv_key()\fR, and \fIDH_get0_pub_key()\fR +return the respective value, or \s-1NULL\s0 if it is unset. +.PP +\&\fIDH_test_flags()\fR returns the current state of the flags in the \s-1DH\s0 object. +.PP +\&\fIDH_get0_engine()\fR returns the \s-1ENGINE\s0 set for the \s-1DH\s0 object or \s-1NULL\s0 if no \s-1ENGINE\s0 +has been set. +.PP +\&\fIDH_get_length()\fR returns the length of the secret exponent (private key) in bits, +or zero if no such length has been explicitly set. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIDH_new\fR\|(3), \fIDH_new\fR\|(3), \fIDH_generate_parameters\fR\|(3), \fIDH_generate_key\fR\|(3), +\&\fIDH_set_method\fR\|(3), \fIDH_size\fR\|(3), \fIDH_meth_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fIDH_get0_engine()\fR, \fIDH_get_length()\fR and \fIDH_set_length()\fR functions were +deprecated in OpenSSL 3.0. +.PP +The functions described here were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/DH_get_1024_160.3 b/linux_amd64/ssl/share/man/man3/DH_get_1024_160.3 new file mode 100755 index 0000000..6654847 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/DH_get_1024_160.3 @@ -0,0 +1,198 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DH_GET_1024_160 3" +.TH DH_GET_1024_160 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DH_get_1024_160, +DH_get_2048_224, +DH_get_2048_256, +BN_get0_nist_prime_192, +BN_get0_nist_prime_224, +BN_get0_nist_prime_256, +BN_get0_nist_prime_384, +BN_get0_nist_prime_521, +BN_get_rfc2409_prime_768, +BN_get_rfc2409_prime_1024, +BN_get_rfc3526_prime_1536, +BN_get_rfc3526_prime_2048, +BN_get_rfc3526_prime_3072, +BN_get_rfc3526_prime_4096, +BN_get_rfc3526_prime_6144, +BN_get_rfc3526_prime_8192 +\&\- Create standardized public primes or DH pairs +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 4 +\& #include +\& DH *DH_get_1024_160(void) +\& DH *DH_get_2048_224(void) +\& DH *DH_get_2048_256(void) +\& +\& const BIGNUM *BN_get0_nist_prime_192(void) +\& const BIGNUM *BN_get0_nist_prime_224(void) +\& const BIGNUM *BN_get0_nist_prime_256(void) +\& const BIGNUM *BN_get0_nist_prime_384(void) +\& const BIGNUM *BN_get0_nist_prime_521(void) +\& +\& BIGNUM *BN_get_rfc2409_prime_768(BIGNUM *bn) +\& BIGNUM *BN_get_rfc2409_prime_1024(BIGNUM *bn) +\& BIGNUM *BN_get_rfc3526_prime_1536(BIGNUM *bn) +\& BIGNUM *BN_get_rfc3526_prime_2048(BIGNUM *bn) +\& BIGNUM *BN_get_rfc3526_prime_3072(BIGNUM *bn) +\& BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *bn) +\& BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn) +\& BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIDH_get_1024_160()\fR, \fIDH_get_2048_224()\fR, and \fIDH_get_2048_256()\fR each return +a \s-1DH\s0 object for the \s-1IETF\s0 \s-1RFC\s0 5114 value. +.PP +\&\fIBN_get0_nist_prime_192()\fR, \fIBN_get0_nist_prime_224()\fR, \fIBN_get0_nist_prime_256()\fR, +\&\fIBN_get0_nist_prime_384()\fR, and \fIBN_get0_nist_prime_521()\fR functions return +a \s-1BIGNUM\s0 for the specific \s-1NIST\s0 prime curve (e.g., P\-256). +.PP +\&\fIBN_get_rfc2409_prime_768()\fR, \fIBN_get_rfc2409_prime_1024()\fR, +\&\fIBN_get_rfc3526_prime_1536()\fR, \fIBN_get_rfc3526_prime_2048()\fR, +\&\fIBN_get_rfc3526_prime_3072()\fR, \fIBN_get_rfc3526_prime_4096()\fR, +\&\fIBN_get_rfc3526_prime_6144()\fR, and \fIBN_get_rfc3526_prime_8192()\fR functions +return a \s-1BIGNUM\s0 for the specified size from \s-1IETF\s0 \s-1RFC\s0 2409. If \fBbn\fR +is not \s-1NULL\s0, the \s-1BIGNUM\s0 will be set into that location as well. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Defined above. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/DH_meth_new.3 b/linux_amd64/ssl/share/man/man3/DH_meth_new.3 new file mode 100755 index 0000000..6f2bb09 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/DH_meth_new.3 @@ -0,0 +1,302 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DH_METH_NEW 3" +.TH DH_METH_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DH_meth_new, DH_meth_free, DH_meth_dup, DH_meth_get0_name, DH_meth_set1_name, +DH_meth_get_flags, DH_meth_set_flags, DH_meth_get0_app_data, +DH_meth_set0_app_data, DH_meth_get_generate_key, DH_meth_set_generate_key, +DH_meth_get_compute_key, DH_meth_set_compute_key, DH_meth_get_bn_mod_exp, +DH_meth_set_bn_mod_exp, DH_meth_get_init, DH_meth_set_init, DH_meth_get_finish, +DH_meth_set_finish, DH_meth_get_generate_params, +DH_meth_set_generate_params \- Routines to build up DH methods +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& DH_METHOD *DH_meth_new(const char *name, int flags); +\& +\& void DH_meth_free(DH_METHOD *dhm); +\& +\& DH_METHOD *DH_meth_dup(const DH_METHOD *dhm); +\& +\& const char *DH_meth_get0_name(const DH_METHOD *dhm); +\& int DH_meth_set1_name(DH_METHOD *dhm, const char *name); +\& +\& int DH_meth_get_flags(const DH_METHOD *dhm); +\& int DH_meth_set_flags(DH_METHOD *dhm, int flags); +\& +\& void *DH_meth_get0_app_data(const DH_METHOD *dhm); +\& int DH_meth_set0_app_data(DH_METHOD *dhm, void *app_data); +\& +\& int (*DH_meth_get_generate_key(const DH_METHOD *dhm))(DH *); +\& int DH_meth_set_generate_key(DH_METHOD *dhm, int (*generate_key)(DH *)); +\& +\& int (*DH_meth_get_compute_key(const DH_METHOD *dhm)) +\& (unsigned char *key, const BIGNUM *pub_key, DH *dh); +\& int DH_meth_set_compute_key(DH_METHOD *dhm, +\& int (*compute_key)(unsigned char *key, const BIGNUM *pub_key, DH *dh)); +\& +\& int (*DH_meth_get_bn_mod_exp(const DH_METHOD *dhm)) +\& (const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, +\& const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +\& int DH_meth_set_bn_mod_exp(DH_METHOD *dhm, +\& int (*bn_mod_exp)(const DH *dh, BIGNUM *r, const BIGNUM *a, +\& const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, +\& BN_MONT_CTX *m_ctx)); +\& +\& int (*DH_meth_get_init(const DH_METHOD *dhm))(DH *); +\& int DH_meth_set_init(DH_METHOD *dhm, int (*init)(DH *)); +\& +\& int (*DH_meth_get_finish(const DH_METHOD *dhm))(DH *); +\& int DH_meth_set_finish(DH_METHOD *dhm, int (*finish)(DH *)); +\& +\& int (*DH_meth_get_generate_params(const DH_METHOD *dhm)) +\& (DH *, int, int, BN_GENCB *); +\& int DH_meth_set_generate_params(DH_METHOD *dhm, +\& int (*generate_params)(DH *, int, int, BN_GENCB *)); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. +Applications should instead use the provider APIs. +.PP +The \fB\s-1DH_METHOD\s0\fR type is a structure used for the provision of custom \s-1DH\s0 +implementations. It provides a set of functions used by OpenSSL for the +implementation of the various \s-1DH\s0 capabilities. +.PP +\&\fIDH_meth_new()\fR creates a new \fB\s-1DH_METHOD\s0\fR structure. It should be given a +unique \fBname\fR and a set of \fBflags\fR. The \fBname\fR should be a \s-1NULL\s0 terminated +string, which will be duplicated and stored in the \fB\s-1DH_METHOD\s0\fR object. It is +the callers responsibility to free the original string. The flags will be used +during the construction of a new \fB\s-1DH\s0\fR object based on this \fB\s-1DH_METHOD\s0\fR. Any +new \fB\s-1DH\s0\fR object will have those flags set by default. +.PP +\&\fIDH_meth_dup()\fR creates a duplicate copy of the \fB\s-1DH_METHOD\s0\fR object passed as a +parameter. This might be useful for creating a new \fB\s-1DH_METHOD\s0\fR based on an +existing one, but with some differences. +.PP +\&\fIDH_meth_free()\fR destroys a \fB\s-1DH_METHOD\s0\fR structure and frees up any memory +associated with it. +.PP +\&\fIDH_meth_get0_name()\fR will return a pointer to the name of this \s-1DH_METHOD\s0. This +is a pointer to the internal name string and so should not be freed by the +caller. \fIDH_meth_set1_name()\fR sets the name of the \s-1DH_METHOD\s0 to \fBname\fR. The +string is duplicated and the copy is stored in the \s-1DH_METHOD\s0 structure, so the +caller remains responsible for freeing the memory associated with the name. +.PP +\&\fIDH_meth_get_flags()\fR returns the current value of the flags associated with this +\&\s-1DH_METHOD\s0. \fIDH_meth_set_flags()\fR provides the ability to set these flags. +.PP +The functions \fIDH_meth_get0_app_data()\fR and \fIDH_meth_set0_app_data()\fR provide the +ability to associate implementation specific data with the \s-1DH_METHOD\s0. It is +the application's responsibility to free this data before the \s-1DH_METHOD\s0 is +freed via a call to \fIDH_meth_free()\fR. +.PP +\&\fIDH_meth_get_generate_key()\fR and \fIDH_meth_set_generate_key()\fR get and set the +function used for generating a new \s-1DH\s0 key pair respectively. This function will +be called in response to the application calling \fIDH_generate_key()\fR. The +parameter for the function has the same meaning as for \fIDH_generate_key()\fR. +.PP +\&\fIDH_meth_get_compute_key()\fR and \fIDH_meth_set_compute_key()\fR get and set the +function used for computing a new \s-1DH\s0 shared secret respectively. This function +will be called in response to the application calling \fIDH_compute_key()\fR. The +parameters for the function have the same meaning as for \fIDH_compute_key()\fR. +.PP +\&\fIDH_meth_get_bn_mod_exp()\fR and \fIDH_meth_set_bn_mod_exp()\fR get and set the function +used for computing the following value: +.PP +.Vb 1 +\& r = a ^ p mod m +.Ve +.PP +This function will be called by the default OpenSSL function for +\&\fIDH_generate_key()\fR. The result is stored in the \fBr\fR parameter. This function +may be \s-1NULL\s0 unless using the default generate key function, in which case it +must be present. +.PP +\&\fIDH_meth_get_init()\fR and \fIDH_meth_set_init()\fR get and set the function used +for creating a new \s-1DH\s0 instance respectively. This function will be +called in response to the application calling \fIDH_new()\fR (if the current default +\&\s-1DH_METHOD\s0 is this one) or \fIDH_new_method()\fR. The \fIDH_new()\fR and \fIDH_new_method()\fR +functions will allocate the memory for the new \s-1DH\s0 object, and a pointer to this +newly allocated structure will be passed as a parameter to the function. This +function may be \s-1NULL\s0. +.PP +\&\fIDH_meth_get_finish()\fR and \fIDH_meth_set_finish()\fR get and set the function used +for destroying an instance of a \s-1DH\s0 object respectively. This function will be +called in response to the application calling \fIDH_free()\fR. A pointer to the \s-1DH\s0 +to be destroyed is passed as a parameter. The destroy function should be used +for \s-1DH\s0 implementation specific clean up. The memory for the \s-1DH\s0 itself should +not be freed by this function. This function may be \s-1NULL\s0. +.PP +\&\fIDH_meth_get_generate_params()\fR and \fIDH_meth_set_generate_params()\fR get and set the +function used for generating \s-1DH\s0 parameters respectively. This function will be +called in response to the application calling \fIDH_generate_parameters_ex()\fR (or +\&\fIDH_generate_parameters()\fR). The parameters for the function have the same +meaning as for \fIDH_generate_parameters_ex()\fR. This function may be \s-1NULL\s0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIDH_meth_new()\fR and \fIDH_meth_dup()\fR return the newly allocated \s-1DH_METHOD\s0 object +or \s-1NULL\s0 on failure. +.PP +\&\fIDH_meth_get0_name()\fR and \fIDH_meth_get_flags()\fR return the name and flags +associated with the \s-1DH_METHOD\s0 respectively. +.PP +All other DH_meth_get_*() functions return the appropriate function pointer +that has been set in the \s-1DH_METHOD\s0, or \s-1NULL\s0 if no such pointer has yet been +set. +.PP +\&\fIDH_meth_set1_name()\fR and all DH_meth_set_*() functions return 1 on success or +0 on failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIDH_new\fR\|(3), \fIDH_new\fR\|(3), \fIDH_generate_parameters\fR\|(3), \fIDH_generate_key\fR\|(3), +\&\fIDH_set_method\fR\|(3), \fIDH_size\fR\|(3), \fIDH_get0_pqg\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. +.PP +The functions described here were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/DH_new.3 b/linux_amd64/ssl/share/man/man3/DH_new.3 new file mode 100755 index 0000000..e939ec6 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/DH_new.3 @@ -0,0 +1,169 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DH_NEW 3" +.TH DH_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DH_new, DH_free \- allocate and free DH objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& DH* DH_new(void); +\& +\& void DH_free(DH *dh); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIDH_new()\fR allocates and initializes a \fB\s-1DH\s0\fR structure. +.PP +\&\fIDH_free()\fR frees the \fB\s-1DH\s0\fR structure and its components. The values are +erased before the memory is returned to the system. +If \fBdh\fR is \s-1NULL\s0 nothing is done. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +If the allocation fails, \fIDH_new()\fR returns \fB\s-1NULL\s0\fR and sets an error +code that can be obtained by \fIERR_get_error\fR\|(3). Otherwise it returns +a pointer to the newly allocated structure. +.PP +\&\fIDH_free()\fR returns no value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIDH_new\fR\|(3), \fIERR_get_error\fR\|(3), +\&\fIDH_generate_parameters\fR\|(3), +\&\fIDH_generate_key\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/DH_new_by_nid.3 b/linux_amd64/ssl/share/man/man3/DH_new_by_nid.3 new file mode 100755 index 0000000..f48cd6b --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/DH_new_by_nid.3 @@ -0,0 +1,175 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DH_NEW_BY_NID 3" +.TH DH_NEW_BY_NID 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DH_new_by_nid, DH_get_nid \- get or find DH named parameters +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& #include +\& DH *DH_new_by_nid(int nid); +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& int *DH_get_nid(DH *dh); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIDH_new_by_nid()\fR creates and returns a \s-1DH\s0 structure containing named parameters +\&\fBnid\fR. Currently \fBnid\fR must be \fBNID_ffdhe2048\fR, \fBNID_ffdhe3072\fR, +\&\fBNID_ffdhe4096\fR, \fBNID_ffdhe6144\fR, \fBNID_ffdhe8192\fR, +\&\fBNID_modp_1536\fR, \fBNID_modp_2048\fR, \fBNID_modp_3072\fR, +\&\fBNID_modp_4096\fR, \fBNID_modp_6144\fR or \fBNID_modp_8192\fR. +.PP +\&\fIDH_get_nid()\fR determines if the parameters contained in \fBdh\fR match +any named set. It returns the \s-1NID\s0 corresponding to the matching parameters or +\&\fBNID_undef\fR if there is no match. This function is deprecated. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIDH_new_by_nid()\fR returns a set of \s-1DH\s0 parameters or \fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fIDH_get_nid()\fR returns the \s-1NID\s0 of the matching set of parameters or +\&\fBNID_undef\fR if there is no match. +.SH "HISTORY" +.IX Header "HISTORY" +The \fIDH_get_nid()\fR function was deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/DH_set_method.3 b/linux_amd64/ssl/share/man/man3/DH_set_method.3 new file mode 100755 index 0000000..71281b2 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/DH_set_method.3 @@ -0,0 +1,223 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DH_SET_METHOD 3" +.TH DH_SET_METHOD 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DH_set_default_method, DH_get_default_method, +DH_set_method, DH_new_method, DH_OpenSSL \- select DH method +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& void DH_set_default_method(const DH_METHOD *meth); +\& +\& const DH_METHOD *DH_get_default_method(void); +\& +\& int DH_set_method(DH *dh, const DH_METHOD *meth); +\& +\& DH *DH_new_method(ENGINE *engine); +\& +\& const DH_METHOD *DH_OpenSSL(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. +Applications should instead use the provider APIs. +.PP +A \fB\s-1DH_METHOD\s0\fR specifies the functions that OpenSSL uses for Diffie-Hellman +operations. By modifying the method, alternative implementations +such as hardware accelerators may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for +important information about how these \s-1DH\s0 \s-1API\s0 functions are affected by the use +of \fB\s-1ENGINE\s0\fR \s-1API\s0 calls. +.PP +Initially, the default \s-1DH_METHOD\s0 is the OpenSSL internal implementation, as +returned by \fIDH_OpenSSL()\fR. +.PP +\&\fIDH_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1DH\s0 +structures created later. +\&\fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has been set +as a default for \s-1DH\s0, so this function is no longer recommended. +This function is not thread-safe and should not be called at the same time +as other OpenSSL functions. +.PP +\&\fIDH_get_default_method()\fR returns a pointer to the current default \s-1DH_METHOD\s0. +However, the meaningfulness of this result is dependent on whether the \s-1ENGINE\s0 +\&\s-1API\s0 is being used, so this function is no longer recommended. +.PP +\&\fIDH_set_method()\fR selects \fBmeth\fR to perform all operations using the key \fBdh\fR. +This will replace the \s-1DH_METHOD\s0 used by the \s-1DH\s0 key and if the previous method +was supplied by an \s-1ENGINE\s0, the handle to that \s-1ENGINE\s0 will be released during the +change. It is possible to have \s-1DH\s0 keys that only work with certain \s-1DH_METHOD\s0 +implementations (eg. from an \s-1ENGINE\s0 module that supports embedded +hardware-protected keys), and in such cases attempting to change the \s-1DH_METHOD\s0 +for the key can have unexpected results. +.PP +\&\fIDH_new_method()\fR allocates and initializes a \s-1DH\s0 structure so that \fBengine\fR will +be used for the \s-1DH\s0 operations. If \fBengine\fR is \s-1NULL\s0, the default \s-1ENGINE\s0 for \s-1DH\s0 +operations is used, and if no default \s-1ENGINE\s0 is set, the \s-1DH_METHOD\s0 controlled by +\&\fIDH_set_default_method()\fR is used. +.PP +A new \s-1DH_METHOD\s0 object may be constructed using \fIDH_meth_new()\fR (see +\&\fIDH_meth_new\fR\|(3)). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIDH_OpenSSL()\fR and \fIDH_get_default_method()\fR return pointers to the respective +\&\fB\s-1DH_METHOD\s0\fRs. +.PP +\&\fIDH_set_default_method()\fR returns no value. +.PP +\&\fIDH_set_method()\fR returns nonzero if the provided \fBmeth\fR was successfully set as +the method for \fBdh\fR (including unloading the \s-1ENGINE\s0 handle if the previous +method was supplied by an \s-1ENGINE\s0). +.PP +\&\fIDH_new_method()\fR returns \s-1NULL\s0 and sets an error code that can be obtained by +\&\fIERR_get_error\fR\|(3) if the allocation fails. Otherwise it +returns a pointer to the newly allocated structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIDH_new\fR\|(3), \fIDH_new\fR\|(3), \fIDH_meth_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/DH_size.3 b/linux_amd64/ssl/share/man/man3/DH_size.3 new file mode 100755 index 0000000..f28ae4c --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/DH_size.3 @@ -0,0 +1,192 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DH_SIZE 3" +.TH DH_SIZE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DH_size, DH_bits, DH_security_bits \- get Diffie\-Hellman prime size and +security bits +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& int DH_size(const DH *dh); +\& +\& int DH_bits(const DH *dh); +\& +\& int DH_security_bits(const DH *dh); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. +Applications should instead use \fIEVP_PKEY_bits\fR\|(3), +\&\fIEVP_PKEY_security_bits\fR\|(3) and \fIEVP_PKEY_size\fR\|(3). +.PP +\&\fIDH_size()\fR returns the Diffie-Hellman prime size in bytes. It can be used +to determine how much memory must be allocated for the shared secret +computed by \fIDH_compute_key\fR\|(3). +.PP +\&\fIDH_bits()\fR returns the number of significant bits. +.PP +\&\fBdh\fR and \fBdh\->p\fR must not be \fB\s-1NULL\s0\fR. +.PP +\&\fIDH_security_bits()\fR returns the number of security bits of the given \fBdh\fR +key. See \fIBN_security_bits\fR\|(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIDH_size()\fR returns the prime size of Diffie-Hellman in bytes. +.PP +\&\fIDH_bits()\fR returns the number of bits in the key. +.PP +\&\fIDH_security_bits()\fR returns the number of security bits. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_PKEY_bits\fR\|(3), +\&\fIDH_new\fR\|(3), \fIDH_generate_key\fR\|(3), +\&\fIBN_num_bits\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. +.PP +The \fIDH_bits()\fR function was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/DSA_SIG_new.3 b/linux_amd64/ssl/share/man/man3/DSA_SIG_new.3 new file mode 100755 index 0000000..f49206c --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/DSA_SIG_new.3 @@ -0,0 +1,181 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DSA_SIG_NEW 3" +.TH DSA_SIG_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DSA_SIG_get0, DSA_SIG_set0, +DSA_SIG_new, DSA_SIG_free \- allocate and free DSA signature objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& DSA_SIG *DSA_SIG_new(void); +\& void DSA_SIG_free(DSA_SIG *a); +\& void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); +\& int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIDSA_SIG_new()\fR allocates an empty \fB\s-1DSA_SIG\s0\fR structure. +.PP +\&\fIDSA_SIG_free()\fR frees the \fB\s-1DSA_SIG\s0\fR structure and its components. The +values are erased before the memory is returned to the system. +.PP +\&\fIDSA_SIG_get0()\fR returns internal pointers to the \fBr\fR and \fBs\fR values contained +in \fBsig\fR. +.PP +The \fBr\fR and \fBs\fR values can be set by calling \fIDSA_SIG_set0()\fR and passing the +new values for \fBr\fR and \fBs\fR as parameters to the function. Calling this +function transfers the memory management of the values to the \s-1DSA_SIG\s0 object, +and therefore the values that have been passed in should not be freed directly +after this function has been called. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +If the allocation fails, \fIDSA_SIG_new()\fR returns \fB\s-1NULL\s0\fR and sets an +error code that can be obtained by +\&\fIERR_get_error\fR\|(3). Otherwise it returns a pointer +to the newly allocated structure. +.PP +\&\fIDSA_SIG_free()\fR returns no value. +.PP +\&\fIDSA_SIG_set0()\fR returns 1 on success or 0 on failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIDSA_new\fR\|(3), \fIERR_get_error\fR\|(3), +\&\fIDSA_do_sign\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/DSA_do_sign.3 b/linux_amd64/ssl/share/man/man3/DSA_do_sign.3 new file mode 100755 index 0000000..0a039eb --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/DSA_do_sign.3 @@ -0,0 +1,175 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DSA_DO_SIGN 3" +.TH DSA_DO_SIGN 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DSA_do_sign, DSA_do_verify \- raw DSA signature operations +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); +\& +\& int DSA_do_verify(const unsigned char *dgst, int dgst_len, +\& DSA_SIG *sig, DSA *dsa); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIDSA_do_sign()\fR computes a digital signature on the \fBlen\fR byte message +digest \fBdgst\fR using the private key \fBdsa\fR and returns it in a +newly allocated \fB\s-1DSA_SIG\s0\fR structure. +.PP +\&\fIDSA_sign_setup\fR\|(3) may be used to precompute part +of the signing operation in case signature generation is +time-critical. +.PP +\&\fIDSA_do_verify()\fR verifies that the signature \fBsig\fR matches a given +message digest \fBdgst\fR of size \fBlen\fR. \fBdsa\fR is the signer's public +key. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIDSA_do_sign()\fR returns the signature, \s-1NULL\s0 on error. \fIDSA_do_verify()\fR +returns 1 for a valid signature, 0 for an incorrect signature and \-1 +on error. The error codes can be obtained by +\&\fIERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIDSA_new\fR\|(3), \fIERR_get_error\fR\|(3), \fIRAND_bytes\fR\|(3), +\&\fIDSA_SIG_new\fR\|(3), +\&\fIDSA_sign\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/DSA_dup_DH.3 b/linux_amd64/ssl/share/man/man3/DSA_dup_DH.3 new file mode 100755 index 0000000..e53793a --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/DSA_dup_DH.3 @@ -0,0 +1,176 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DSA_DUP_DH 3" +.TH DSA_DUP_DH 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DSA_dup_DH \- create a DH structure out of DSA structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& DH *DSA_dup_DH(const DSA *r); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function described on this page is deprecated. There is no direct +replacement, applications should use the \s-1EVP_PKEY\s0 APIs for Diffie-Hellman +operations. +.PP +\&\fIDSA_dup_DH()\fR duplicates \s-1DSA\s0 parameters/keys as \s-1DH\s0 parameters/keys. q +is lost during that conversion, but the resulting \s-1DH\s0 parameters +contain its length. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIDSA_dup_DH()\fR returns the new \fB\s-1DH\s0\fR structure, and \s-1NULL\s0 on error. The +error codes can be obtained by \fIERR_get_error\fR\|(3). +.SH "NOTE" +.IX Header "NOTE" +Be careful to avoid small subgroup attacks when using this. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIDH_new\fR\|(3), \fIDSA_new\fR\|(3), \fIERR_get_error\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +This function was deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/DSA_generate_key.3 b/linux_amd64/ssl/share/man/man3/DSA_generate_key.3 new file mode 100755 index 0000000..a7f22fe --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/DSA_generate_key.3 @@ -0,0 +1,164 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DSA_GENERATE_KEY 3" +.TH DSA_GENERATE_KEY 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DSA_generate_key \- generate DSA key pair +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int DSA_generate_key(DSA *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIDSA_generate_key()\fR expects \fBa\fR to contain \s-1DSA\s0 parameters. It generates +a new key pair and stores it in \fBa\->pub_key\fR and \fBa\->priv_key\fR. +.PP +The random generator must be seeded prior to calling \fIDSA_generate_key()\fR. +If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to +external circumstances (see \s-1\fIRAND\s0\fR\|(7)), the operation will fail. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIDSA_generate_key()\fR returns 1 on success, 0 otherwise. +The error codes can be obtained by \fIERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIDSA_new\fR\|(3), \fIERR_get_error\fR\|(3), \fIRAND_bytes\fR\|(3), +\&\fIDSA_generate_parameters_ex\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/DSA_generate_parameters.3 b/linux_amd64/ssl/share/man/man3/DSA_generate_parameters.3 new file mode 100755 index 0000000..517c6b5 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/DSA_generate_parameters.3 @@ -0,0 +1,231 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DSA_GENERATE_PARAMETERS 3" +.TH DSA_GENERATE_PARAMETERS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DSA_generate_parameters_ex, DSA_generate_parameters \- generate DSA parameters +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int DSA_generate_parameters_ex(DSA *dsa, int bits, +\& const unsigned char *seed, int seed_len, +\& int *counter_ret, unsigned long *h_ret, +\& BN_GENCB *cb); +.Ve +.PP +Deprecated since OpenSSL 0.9.8, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 3 +\& DSA *DSA_generate_parameters(int bits, unsigned char *seed, int seed_len, +\& int *counter_ret, unsigned long *h_ret, +\& void (*callback)(int, int, void *), void *cb_arg); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIDSA_generate_parameters_ex()\fR generates primes p and q and a generator g +for use in the \s-1DSA\s0 and stores the result in \fBdsa\fR. +.PP +\&\fBbits\fR is the length of the prime p to be generated. +For lengths under 2048 bits, the length of q is 160 bits; for lengths +greater than or equal to 2048 bits, the length of q is set to 256 bits. +.PP +If \fBseed\fR is \s-1NULL\s0, the primes will be generated at random. +If \fBseed_len\fR is less than the length of q, an error is returned. +.PP +\&\fIDSA_generate_parameters_ex()\fR places the iteration count in +*\fBcounter_ret\fR and a counter used for finding a generator in +*\fBh_ret\fR, unless these are \fB\s-1NULL\s0\fR. +.PP +A callback function may be used to provide feedback about the progress +of the key generation. If \fBcb\fR is not \fB\s-1NULL\s0\fR, it will be +called as shown below. For information on the \s-1BN_GENCB\s0 structure and the +BN_GENCB_call function discussed below, refer to +\&\fIBN_generate_prime\fR\|(3). +.PP +\&\fIDSA_generate_prime()\fR is similar to \fIDSA_generate_prime_ex()\fR but +expects an old-style callback function; see +\&\fIBN_generate_prime\fR\|(3) for information on the old-style callback. +.IP "\(bu" 2 +When a candidate for q is generated, \fBBN_GENCB_call(cb, 0, m++)\fR is called +(m is 0 for the first candidate). +.IP "\(bu" 2 +When a candidate for q has passed a test by trial division, +\&\fBBN_GENCB_call(cb, 1, \-1)\fR is called. +While a candidate for q is tested by Miller-Rabin primality tests, +\&\fBBN_GENCB_call(cb, 1, i)\fR is called in the outer loop +(once for each witness that confirms that the candidate may be prime); +i is the loop counter (starting at 0). +.IP "\(bu" 2 +When a prime q has been found, \fBBN_GENCB_call(cb, 2, 0)\fR and +\&\fBBN_GENCB_call(cb, 3, 0)\fR are called. +.IP "\(bu" 2 +Before a candidate for p (other than the first) is generated and tested, +\&\fBBN_GENCB_call(cb, 0, counter)\fR is called. +.IP "\(bu" 2 +When a candidate for p has passed the test by trial division, +\&\fBBN_GENCB_call(cb, 1, \-1)\fR is called. +While it is tested by the Miller-Rabin primality test, +\&\fBBN_GENCB_call(cb, 1, i)\fR is called in the outer loop +(once for each witness that confirms that the candidate may be prime). +i is the loop counter (starting at 0). +.IP "\(bu" 2 +When p has been found, \fBBN_GENCB_call(cb, 2, 1)\fR is called. +.IP "\(bu" 2 +When the generator has been found, \fBBN_GENCB_call(cb, 3, 1)\fR is called. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIDSA_generate_parameters_ex()\fR returns a 1 on success, or 0 otherwise. +The error codes can be obtained by \fIERR_get_error\fR\|(3). +.PP +\&\fIDSA_generate_parameters()\fR returns a pointer to the \s-1DSA\s0 structure or +\&\fB\s-1NULL\s0\fR if the parameter generation fails. +.SH "BUGS" +.IX Header "BUGS" +Seed lengths greater than 20 are not supported. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIDSA_new\fR\|(3), \fIERR_get_error\fR\|(3), \fIRAND_bytes\fR\|(3), +\&\fIDSA_free\fR\|(3), \fIBN_generate_prime\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIDSA_generate_parameters()\fR was deprecated in OpenSSL 0.9.8; use +\&\fIDSA_generate_parameters_ex()\fR instead. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/DSA_get0_pqg.3 b/linux_amd64/ssl/share/man/man3/DSA_get0_pqg.3 new file mode 100755 index 0000000..5861f69 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/DSA_get0_pqg.3 @@ -0,0 +1,235 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DSA_GET0_PQG 3" +.TH DSA_GET0_PQG 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DSA_get0_pqg, DSA_set0_pqg, DSA_get0_key, DSA_set0_key, +DSA_get0_p, DSA_get0_q, DSA_get0_g, +DSA_get0_pub_key, DSA_get0_priv_key, +DSA_clear_flags, DSA_test_flags, DSA_set_flags, +DSA_get0_engine \- Routines for getting and +setting data in a DSA object +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void DSA_get0_pqg(const DSA *d, +\& const BIGNUM **p, const BIGNUM **q, const BIGNUM **g); +\& int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g); +\& void DSA_get0_key(const DSA *d, +\& const BIGNUM **pub_key, const BIGNUM **priv_key); +\& int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key); +\& const BIGNUM *DSA_get0_p(const DSA *d); +\& const BIGNUM *DSA_get0_q(const DSA *d); +\& const BIGNUM *DSA_get0_g(const DSA *d); +\& const BIGNUM *DSA_get0_pub_key(const DSA *d); +\& const BIGNUM *DSA_get0_priv_key(const DSA *d); +\& void DSA_clear_flags(DSA *d, int flags); +\& int DSA_test_flags(const DSA *d, int flags); +\& void DSA_set_flags(DSA *d, int flags); +\& ENGINE *DSA_get0_engine(DSA *d); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A \s-1DSA\s0 object contains the parameters \fBp\fR, \fBq\fR and \fBg\fR. It also contains a +public key (\fBpub_key\fR) and (optionally) a private key (\fBpriv_key\fR). +.PP +The \fBp\fR, \fBq\fR and \fBg\fR parameters can be obtained by calling \fIDSA_get0_pqg()\fR. +If the parameters have not yet been set then \fB*p\fR, \fB*q\fR and \fB*g\fR will be set +to \s-1NULL\s0. Otherwise they are set to pointers to their respective values. These +point directly to the internal representations of the values and therefore +should not be freed directly. +.PP +The \fBp\fR, \fBq\fR and \fBg\fR values can be set by calling \fIDSA_set0_pqg()\fR and passing +the new values for \fBp\fR, \fBq\fR and \fBg\fR as parameters to the function. Calling +this function transfers the memory management of the values to the \s-1DSA\s0 object, +and therefore the values that have been passed in should not be freed directly +after this function has been called. +.PP +To get the public and private key values use the \fIDSA_get0_key()\fR function. A +pointer to the public key will be stored in \fB*pub_key\fR, and a pointer to the +private key will be stored in \fB*priv_key\fR. Either may be \s-1NULL\s0 if they have not +been set yet, although if the private key has been set then the public key must +be. The values point to the internal representation of the public key and +private key values. This memory should not be freed directly. +.PP +The public and private key values can be set using \fIDSA_set0_key()\fR. The public +key must be non-NULL the first time this function is called on a given \s-1DSA\s0 +object. The private key may be \s-1NULL\s0. On subsequent calls, either may be \s-1NULL\s0, +which means the corresponding \s-1DSA\s0 field is left untouched. As for \fIDSA_set0_pqg()\fR +this function transfers the memory management of the key values to the \s-1DSA\s0 +object, and therefore they should not be freed directly after this function has +been called. +.PP +Any of the values \fBp\fR, \fBq\fR, \fBg\fR, \fBpriv_key\fR, and \fBpub_key\fR can also be +retrieved separately by the corresponding function \fIDSA_get0_p()\fR, \fIDSA_get0_q()\fR, +\&\fIDSA_get0_g()\fR, \fIDSA_get0_priv_key()\fR, and \fIDSA_get0_pub_key()\fR, respectively. +.PP +\&\fIDSA_set_flags()\fR sets the flags in the \fBflags\fR parameter on the \s-1DSA\s0 object. +Multiple flags can be passed in one go (bitwise ORed together). Any flags that +are already set are left set. \fIDSA_test_flags()\fR tests to see whether the flags +passed in the \fBflags\fR parameter are currently set in the \s-1DSA\s0 object. Multiple +flags can be tested in one go. All flags that are currently set are returned, or +zero if none of the flags are set. \fIDSA_clear_flags()\fR clears the specified flags +within the \s-1DSA\s0 object. +.PP +\&\fIDSA_get0_engine()\fR returns a handle to the \s-1ENGINE\s0 that has been set for this \s-1DSA\s0 +object, or \s-1NULL\s0 if no such \s-1ENGINE\s0 has been set. +.SH "NOTES" +.IX Header "NOTES" +Values retrieved with \fIDSA_get0_key()\fR are owned by the \s-1DSA\s0 object used +in the call and may therefore \fInot\fR be passed to \fIDSA_set0_key()\fR. If +needed, duplicate the received value using \fIBN_dup()\fR and pass the +duplicate. The same applies to \fIDSA_get0_pqg()\fR and \fIDSA_set0_pqg()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIDSA_set0_pqg()\fR and \fIDSA_set0_key()\fR return 1 on success or 0 on failure. +.PP +\&\fIDSA_test_flags()\fR returns the current state of the flags in the \s-1DSA\s0 object. +.PP +\&\fIDSA_get0_engine()\fR returns the \s-1ENGINE\s0 set for the \s-1DSA\s0 object or \s-1NULL\s0 if no \s-1ENGINE\s0 +has been set. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIDSA_new\fR\|(3), \fIDSA_new\fR\|(3), \fIDSA_generate_parameters\fR\|(3), \fIDSA_generate_key\fR\|(3), +\&\fIDSA_dup_DH\fR\|(3), \fIDSA_do_sign\fR\|(3), \fIDSA_set_method\fR\|(3), \fIDSA_SIG_new\fR\|(3), +\&\fIDSA_sign\fR\|(3), \fIDSA_size\fR\|(3), \fIDSA_meth_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/DSA_meth_new.3 b/linux_amd64/ssl/share/man/man3/DSA_meth_new.3 new file mode 100755 index 0000000..ef6b33f --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/DSA_meth_new.3 @@ -0,0 +1,352 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DSA_METH_NEW 3" +.TH DSA_METH_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DSA_meth_new, DSA_meth_free, DSA_meth_dup, DSA_meth_get0_name, +DSA_meth_set1_name, DSA_meth_get_flags, DSA_meth_set_flags, +DSA_meth_get0_app_data, DSA_meth_set0_app_data, DSA_meth_get_sign, +DSA_meth_set_sign, DSA_meth_get_sign_setup, DSA_meth_set_sign_setup, +DSA_meth_get_verify, DSA_meth_set_verify, DSA_meth_get_mod_exp, +DSA_meth_set_mod_exp, DSA_meth_get_bn_mod_exp, DSA_meth_set_bn_mod_exp, +DSA_meth_get_init, DSA_meth_set_init, DSA_meth_get_finish, DSA_meth_set_finish, +DSA_meth_get_paramgen, DSA_meth_set_paramgen, DSA_meth_get_keygen, +DSA_meth_set_keygen \- Routines to build up DSA methods +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& DSA_METHOD *DSA_meth_new(const char *name, int flags); +\& +\& void DSA_meth_free(DSA_METHOD *dsam); +\& +\& DSA_METHOD *DSA_meth_dup(const DSA_METHOD *meth); +\& +\& const char *DSA_meth_get0_name(const DSA_METHOD *dsam); +\& int DSA_meth_set1_name(DSA_METHOD *dsam, const char *name); +\& +\& int DSA_meth_get_flags(const DSA_METHOD *dsam); +\& int DSA_meth_set_flags(DSA_METHOD *dsam, int flags); +\& +\& void *DSA_meth_get0_app_data(const DSA_METHOD *dsam); +\& int DSA_meth_set0_app_data(DSA_METHOD *dsam, void *app_data); +\& +\& DSA_SIG *(*DSA_meth_get_sign(const DSA_METHOD *dsam))(const unsigned char *, +\& int, DSA *); +\& int DSA_meth_set_sign(DSA_METHOD *dsam, DSA_SIG *(*sign)(const unsigned char *, +\& int, DSA *)); +\& +\& int (*DSA_meth_get_sign_setup(const DSA_METHOD *dsam))(DSA *, BN_CTX *,$ +\& BIGNUM **, BIGNUM **); +\& int DSA_meth_set_sign_setup(DSA_METHOD *dsam, int (*sign_setup)(DSA *, BN_CTX *, +\& BIGNUM **, BIGNUM **)); +\& +\& int (*DSA_meth_get_verify(const DSA_METHOD *dsam))(const unsigned char *, +\& int, DSA_SIG *, DSA *); +\& int DSA_meth_set_verify(DSA_METHOD *dsam, int (*verify)(const unsigned char *, +\& int, DSA_SIG *, DSA *)); +\& +\& int (*DSA_meth_get_mod_exp(const DSA_METHOD *dsam))(DSA *dsa, BIGNUM *rr, BIGNUM *a1, +\& BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, +\& BIGNUM *m, BN_CTX *ctx, +\& BN_MONT_CTX *in_mont); +\& int DSA_meth_set_mod_exp(DSA_METHOD *dsam, int (*mod_exp)(DSA *dsa, BIGNUM *rr, +\& BIGNUM *a1, BIGNUM *p1, +\& BIGNUM *a2, BIGNUM *p2, +\& BIGNUM *m, BN_CTX *ctx, +\& BN_MONT_CTX *mont)); +\& +\& int (*DSA_meth_get_bn_mod_exp(const DSA_METHOD *dsam))(DSA *dsa, BIGNUM *r, BIGNUM *a, +\& const BIGNUM *p, const BIGNUM *m, +\& BN_CTX *ctx, BN_MONT_CTX *mont); +\& int DSA_meth_set_bn_mod_exp(DSA_METHOD *dsam, int (*bn_mod_exp)(DSA *dsa, +\& BIGNUM *r, +\& BIGNUM *a, +\& const BIGNUM *p, +\& const BIGNUM *m, +\& BN_CTX *ctx, +\& BN_MONT_CTX *mont)); +\& +\& int (*DSA_meth_get_init(const DSA_METHOD *dsam))(DSA *); +\& int DSA_meth_set_init(DSA_METHOD *dsam, int (*init)(DSA *)); +\& +\& int (*DSA_meth_get_finish(const DSA_METHOD *dsam))(DSA *); +\& int DSA_meth_set_finish(DSA_METHOD *dsam, int (*finish)(DSA *)); +\& +\& int (*DSA_meth_get_paramgen(const DSA_METHOD *dsam))(DSA *, int, +\& const unsigned char *, +\& int, int *, unsigned long *, +\& BN_GENCB *); +\& int DSA_meth_set_paramgen(DSA_METHOD *dsam, +\& int (*paramgen)(DSA *, int, const unsigned char *, +\& int, int *, unsigned long *, BN_GENCB *)); +\& +\& int (*DSA_meth_get_keygen(const DSA_METHOD *dsam))(DSA *); +\& int DSA_meth_set_keygen(DSA_METHOD *dsam, int (*keygen)(DSA *)); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. +Applications and extension implementations should instead use the +\&\s-1OSSL_PROVIDER\s0 APIs. +.PP +The \fB\s-1DSA_METHOD\s0\fR type is a structure used for the provision of custom \s-1DSA\s0 +implementations. It provides a set of functions used by OpenSSL for the +implementation of the various \s-1DSA\s0 capabilities. +.PP +\&\fIDSA_meth_new()\fR creates a new \fB\s-1DSA_METHOD\s0\fR structure. It should be given a +unique \fBname\fR and a set of \fBflags\fR. The \fBname\fR should be a \s-1NULL\s0 terminated +string, which will be duplicated and stored in the \fB\s-1DSA_METHOD\s0\fR object. It is +the callers responsibility to free the original string. The flags will be used +during the construction of a new \fB\s-1DSA\s0\fR object based on this \fB\s-1DSA_METHOD\s0\fR. Any +new \fB\s-1DSA\s0\fR object will have those flags set by default. +.PP +\&\fIDSA_meth_dup()\fR creates a duplicate copy of the \fB\s-1DSA_METHOD\s0\fR object passed as a +parameter. This might be useful for creating a new \fB\s-1DSA_METHOD\s0\fR based on an +existing one, but with some differences. +.PP +\&\fIDSA_meth_free()\fR destroys a \fB\s-1DSA_METHOD\s0\fR structure and frees up any memory +associated with it. +.PP +\&\fIDSA_meth_get0_name()\fR will return a pointer to the name of this \s-1DSA_METHOD\s0. This +is a pointer to the internal name string and so should not be freed by the +caller. \fIDSA_meth_set1_name()\fR sets the name of the \s-1DSA_METHOD\s0 to \fBname\fR. The +string is duplicated and the copy is stored in the \s-1DSA_METHOD\s0 structure, so the +caller remains responsible for freeing the memory associated with the name. +.PP +\&\fIDSA_meth_get_flags()\fR returns the current value of the flags associated with this +\&\s-1DSA_METHOD\s0. \fIDSA_meth_set_flags()\fR provides the ability to set these flags. +.PP +The functions \fIDSA_meth_get0_app_data()\fR and \fIDSA_meth_set0_app_data()\fR provide the +ability to associate implementation specific data with the \s-1DSA_METHOD\s0. It is +the application's responsibility to free this data before the \s-1DSA_METHOD\s0 is +freed via a call to \fIDSA_meth_free()\fR. +.PP +\&\fIDSA_meth_get_sign()\fR and \fIDSA_meth_set_sign()\fR get and set the function used for +creating a \s-1DSA\s0 signature respectively. This function will be +called in response to the application calling \fIDSA_do_sign()\fR (or \fIDSA_sign()\fR). The +parameters for the function have the same meaning as for \fIDSA_do_sign()\fR. +.PP +\&\fIDSA_meth_get_sign_setup()\fR and \fIDSA_meth_set_sign_setup()\fR get and set the function +used for precalculating the \s-1DSA\s0 signature values \fBk^\-1\fR and \fBr\fR. This function +will be called in response to the application calling \fIDSA_sign_setup()\fR. The +parameters for the function have the same meaning as for \fIDSA_sign_setup()\fR. +.PP +\&\fIDSA_meth_get_verify()\fR and \fIDSA_meth_set_verify()\fR get and set the function used +for verifying a \s-1DSA\s0 signature respectively. This function will be called in +response to the application calling \fIDSA_do_verify()\fR (or \fIDSA_verify()\fR). The +parameters for the function have the same meaning as for \fIDSA_do_verify()\fR. +.PP +\&\fIDSA_meth_get_mod_exp()\fR and \fIDSA_meth_set_mod_exp()\fR get and set the function used +for computing the following value: +.PP +.Vb 1 +\& rr = a1^p1 * a2^p2 mod m +.Ve +.PP +This function will be called by the default OpenSSL method during verification +of a \s-1DSA\s0 signature. The result is stored in the \fBrr\fR parameter. This function +may be \s-1NULL\s0. +.PP +\&\fIDSA_meth_get_bn_mod_exp()\fR and \fIDSA_meth_set_bn_mod_exp()\fR get and set the function +used for computing the following value: +.PP +.Vb 1 +\& r = a ^ p mod m +.Ve +.PP +This function will be called by the default OpenSSL function for +\&\fIDSA_sign_setup()\fR. The result is stored in the \fBr\fR parameter. This function +may be \s-1NULL\s0. +.PP +\&\fIDSA_meth_get_init()\fR and \fIDSA_meth_set_init()\fR get and set the function used +for creating a new \s-1DSA\s0 instance respectively. This function will be +called in response to the application calling \fIDSA_new()\fR (if the current default +\&\s-1DSA_METHOD\s0 is this one) or \fIDSA_new_method()\fR. The \fIDSA_new()\fR and \fIDSA_new_method()\fR +functions will allocate the memory for the new \s-1DSA\s0 object, and a pointer to this +newly allocated structure will be passed as a parameter to the function. This +function may be \s-1NULL\s0. +.PP +\&\fIDSA_meth_get_finish()\fR and \fIDSA_meth_set_finish()\fR get and set the function used +for destroying an instance of a \s-1DSA\s0 object respectively. This function will be +called in response to the application calling \fIDSA_free()\fR. A pointer to the \s-1DSA\s0 +to be destroyed is passed as a parameter. The destroy function should be used +for \s-1DSA\s0 implementation specific clean up. The memory for the \s-1DSA\s0 itself should +not be freed by this function. This function may be \s-1NULL\s0. +.PP +\&\fIDSA_meth_get_paramgen()\fR and \fIDSA_meth_set_paramgen()\fR get and set the function +used for generating \s-1DSA\s0 parameters respectively. This function will be called in +response to the application calling \fIDSA_generate_parameters_ex()\fR (or +\&\fIDSA_generate_parameters()\fR). The parameters for the function have the same +meaning as for \fIDSA_generate_parameters_ex()\fR. +.PP +\&\fIDSA_meth_get_keygen()\fR and \fIDSA_meth_set_keygen()\fR get and set the function +used for generating a new \s-1DSA\s0 key pair respectively. This function will be +called in response to the application calling \fIDSA_generate_key()\fR. The parameter +for the function has the same meaning as for \fIDSA_generate_key()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIDSA_meth_new()\fR and \fIDSA_meth_dup()\fR return the newly allocated \s-1DSA_METHOD\s0 object +or \s-1NULL\s0 on failure. +.PP +\&\fIDSA_meth_get0_name()\fR and \fIDSA_meth_get_flags()\fR return the name and flags +associated with the \s-1DSA_METHOD\s0 respectively. +.PP +All other DSA_meth_get_*() functions return the appropriate function pointer +that has been set in the \s-1DSA_METHOD\s0, or \s-1NULL\s0 if no such pointer has yet been +set. +.PP +\&\fIDSA_meth_set1_name()\fR and all DSA_meth_set_*() functions return 1 on success or +0 on failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIDSA_new\fR\|(3), \fIDSA_new\fR\|(3), \fIDSA_generate_parameters\fR\|(3), \fIDSA_generate_key\fR\|(3), +\&\fIDSA_dup_DH\fR\|(3), \fIDSA_do_sign\fR\|(3), \fIDSA_set_method\fR\|(3), \fIDSA_SIG_new\fR\|(3), +\&\fIDSA_sign\fR\|(3), \fIDSA_size\fR\|(3), \fIDSA_get0_pqg\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were deprecated in OpenSSL 3.0. +.PP +The functions described here were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/DSA_new.3 b/linux_amd64/ssl/share/man/man3/DSA_new.3 new file mode 100755 index 0000000..fa0be1b --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/DSA_new.3 @@ -0,0 +1,171 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DSA_NEW 3" +.TH DSA_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DSA_new, DSA_free \- allocate and free DSA objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& DSA* DSA_new(void); +\& +\& void DSA_free(DSA *dsa); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIDSA_new()\fR allocates and initializes a \fB\s-1DSA\s0\fR structure. It is equivalent to +calling DSA_new_method(\s-1NULL\s0). +.PP +\&\fIDSA_free()\fR frees the \fB\s-1DSA\s0\fR structure and its components. The values are +erased before the memory is returned to the system. +If \fBdsa\fR is \s-1NULL\s0 nothing is done. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +If the allocation fails, \fIDSA_new()\fR returns \fB\s-1NULL\s0\fR and sets an error +code that can be obtained by +\&\fIERR_get_error\fR\|(3). Otherwise it returns a pointer +to the newly allocated structure. +.PP +\&\fIDSA_free()\fR returns no value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIDSA_new\fR\|(3), \fIERR_get_error\fR\|(3), +\&\fIDSA_generate_parameters\fR\|(3), +\&\fIDSA_generate_key\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/DSA_set_method.3 b/linux_amd64/ssl/share/man/man3/DSA_set_method.3 new file mode 100755 index 0000000..8e74b5d --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/DSA_set_method.3 @@ -0,0 +1,211 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DSA_SET_METHOD 3" +.TH DSA_SET_METHOD 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DSA_set_default_method, DSA_get_default_method, +DSA_set_method, DSA_new_method, DSA_OpenSSL \- select DSA method +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void DSA_set_default_method(const DSA_METHOD *meth); +\& +\& const DSA_METHOD *DSA_get_default_method(void); +\& +\& int DSA_set_method(DSA *dsa, const DSA_METHOD *meth); +\& +\& DSA *DSA_new_method(ENGINE *engine); +\& +\& DSA_METHOD *DSA_OpenSSL(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A \fB\s-1DSA_METHOD\s0\fR specifies the functions that OpenSSL uses for \s-1DSA\s0 +operations. By modifying the method, alternative implementations +such as hardware accelerators may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for +important information about how these \s-1DSA\s0 \s-1API\s0 functions are affected by the use +of \fB\s-1ENGINE\s0\fR \s-1API\s0 calls. +.PP +Initially, the default \s-1DSA_METHOD\s0 is the OpenSSL internal implementation, +as returned by \fIDSA_OpenSSL()\fR. +.PP +\&\fIDSA_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1DSA\s0 +structures created later. +\&\fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has +been set as a default for \s-1DSA\s0, so this function is no longer recommended. +This function is not thread-safe and should not be called at the same time +as other OpenSSL functions. +.PP +\&\fIDSA_get_default_method()\fR returns a pointer to the current default +\&\s-1DSA_METHOD\s0. However, the meaningfulness of this result is dependent on +whether the \s-1ENGINE\s0 \s-1API\s0 is being used, so this function is no longer +recommended. +.PP +\&\fIDSA_set_method()\fR selects \fBmeth\fR to perform all operations using the key +\&\fBrsa\fR. This will replace the \s-1DSA_METHOD\s0 used by the \s-1DSA\s0 key and if the +previous method was supplied by an \s-1ENGINE\s0, the handle to that \s-1ENGINE\s0 will +be released during the change. It is possible to have \s-1DSA\s0 keys that only +work with certain \s-1DSA_METHOD\s0 implementations (eg. from an \s-1ENGINE\s0 module +that supports embedded hardware-protected keys), and in such cases +attempting to change the \s-1DSA_METHOD\s0 for the key can have unexpected +results. See \fIDSA_meth_new\fR\|(3) for information on constructing custom \s-1DSA_METHOD\s0 +objects; +.PP +\&\fIDSA_new_method()\fR allocates and initializes a \s-1DSA\s0 structure so that \fBengine\fR +will be used for the \s-1DSA\s0 operations. If \fBengine\fR is \s-1NULL\s0, the default engine +for \s-1DSA\s0 operations is used, and if no default \s-1ENGINE\s0 is set, the \s-1DSA_METHOD\s0 +controlled by \fIDSA_set_default_method()\fR is used. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIDSA_OpenSSL()\fR and \fIDSA_get_default_method()\fR return pointers to the respective +\&\fB\s-1DSA_METHOD\s0\fRs. +.PP +\&\fIDSA_set_default_method()\fR returns no value. +.PP +\&\fIDSA_set_method()\fR returns nonzero if the provided \fBmeth\fR was successfully set as +the method for \fBdsa\fR (including unloading the \s-1ENGINE\s0 handle if the previous +method was supplied by an \s-1ENGINE\s0). +.PP +\&\fIDSA_new_method()\fR returns \s-1NULL\s0 and sets an error code that can be +obtained by \fIERR_get_error\fR\|(3) if the allocation +fails. Otherwise it returns a pointer to the newly allocated structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIDSA_new\fR\|(3), \fIDSA_new\fR\|(3), \fIDSA_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/DSA_sign.3 b/linux_amd64/ssl/share/man/man3/DSA_sign.3 new file mode 100755 index 0000000..821ea20 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/DSA_sign.3 @@ -0,0 +1,193 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DSA_SIGN 3" +.TH DSA_SIGN 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DSA_sign, DSA_sign_setup, DSA_verify \- DSA signatures +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int DSA_sign(int type, const unsigned char *dgst, int len, +\& unsigned char *sigret, unsigned int *siglen, DSA *dsa); +\& +\& int DSA_sign_setup(DSA *dsa, BN_CTX *ctx, BIGNUM **kinvp, BIGNUM **rp); +\& +\& int DSA_verify(int type, const unsigned char *dgst, int len, +\& unsigned char *sigbuf, int siglen, DSA *dsa); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIDSA_sign()\fR computes a digital signature on the \fBlen\fR byte message +digest \fBdgst\fR using the private key \fBdsa\fR and places its \s-1ASN\s0.1 \s-1DER\s0 +encoding at \fBsigret\fR. The length of the signature is places in +*\fBsiglen\fR. \fBsigret\fR must point to DSA_size(\fBdsa\fR) bytes of memory. +.PP +\&\fIDSA_sign_setup()\fR is defined only for backward binary compatibility and +should not be used. +Since OpenSSL 1.1.0 the \s-1DSA\s0 type is opaque and the output of +\&\fIDSA_sign_setup()\fR cannot be used anyway: calling this function will only +cause overhead, and does not affect the actual signature +(pre\-)computation. +.PP +\&\fIDSA_verify()\fR verifies that the signature \fBsigbuf\fR of size \fBsiglen\fR +matches a given message digest \fBdgst\fR of size \fBlen\fR. +\&\fBdsa\fR is the signer's public key. +.PP +The \fBtype\fR parameter is ignored. +.PP +The random generator must be seeded when \fIDSA_sign()\fR (or \fIDSA_sign_setup()\fR) +is called. +If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to +external circumstances (see \s-1\fIRAND\s0\fR\|(7)), the operation will fail. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIDSA_sign()\fR and \fIDSA_sign_setup()\fR return 1 on success, 0 on error. +\&\fIDSA_verify()\fR returns 1 for a valid signature, 0 for an incorrect +signature and \-1 on error. The error codes can be obtained by +\&\fIERR_get_error\fR\|(3). +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1US\s0 Federal Information Processing Standard \s-1FIPS\s0 186 (Digital Signature +Standard, \s-1DSS\s0), \s-1ANSI\s0 X9.30 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIDSA_new\fR\|(3), \fIERR_get_error\fR\|(3), \fIRAND_bytes\fR\|(3), +\&\fIDSA_do_sign\fR\|(3), +\&\s-1\fIRAND\s0\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/DSA_size.3 b/linux_amd64/ssl/share/man/man3/DSA_size.3 new file mode 100755 index 0000000..2484eb6 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/DSA_size.3 @@ -0,0 +1,187 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DSA_SIZE 3" +.TH DSA_SIZE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DSA_size, DSA_bits, DSA_security_bits \- get DSA signature size, key bits or security bits +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 3 +\& int DSA_size(const DSA *dsa); +\& int DSA_bits(const DSA *dsa); +\& int DSA_security_bits(const DSA *dsa); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. +Applications should instead use \fIEVP_PKEY_bits\fR\|(3), +\&\fIEVP_PKEY_security_bits\fR\|(3) and \fIEVP_PKEY_size\fR\|(3). +.PP +\&\fIDSA_size()\fR returns the maximum size of an \s-1ASN\s0.1 encoded \s-1DSA\s0 signature +for key \fBdsa\fR in bytes. It can be used to determine how much memory must +be allocated for a \s-1DSA\s0 signature. +.PP +\&\fBdsa\->q\fR must not be \fB\s-1NULL\s0\fR. +.PP +\&\fIDSA_bits()\fR returns the number of bits in key \fBdsa\fR: this is the number +of bits in the \fBp\fR parameter. +.PP +\&\fIDSA_security_bits()\fR returns the number of security bits of the given \fBdsa\fR +key. See \fIBN_security_bits\fR\|(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIDSA_size()\fR returns the signature size in bytes. +.PP +\&\fIDSA_bits()\fR returns the number of bits in the key. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_PKEY_bits\fR\|(3), +\&\fIEVP_PKEY_security_bits\fR\|(3), +\&\fIEVP_PKEY_size\fR\|(3), +\&\fIDSA_new\fR\|(3), \fIDSA_sign\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/DTLS_get_data_mtu.3 b/linux_amd64/ssl/share/man/man3/DTLS_get_data_mtu.3 new file mode 100755 index 0000000..47cb475 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/DTLS_get_data_mtu.3 @@ -0,0 +1,159 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DTLS_GET_DATA_MTU 3" +.TH DTLS_GET_DATA_MTU 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DTLS_get_data_mtu \- Get maximum data payload size +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& size_t DTLS_get_data_mtu(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This function obtains the maximum data payload size for the established +\&\s-1DTLS\s0 connection \fBssl\fR, based on the \s-1DTLS\s0 record \s-1MTU\s0 and the overhead +of the \s-1DTLS\s0 record header, encryption and authentication currently in use. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Returns the maximum data payload size on success, or 0 on failure. +.SH "HISTORY" +.IX Header "HISTORY" +The \fIDTLS_get_data_mtu()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/DTLS_set_timer_cb.3 b/linux_amd64/ssl/share/man/man3/DTLS_set_timer_cb.3 new file mode 100755 index 0000000..df4c0ae --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/DTLS_set_timer_cb.3 @@ -0,0 +1,163 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DTLS_SET_TIMER_CB 3" +.TH DTLS_SET_TIMER_CB 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DTLS_timer_cb, +DTLS_set_timer_cb +\&\- Set callback for controlling DTLS timer duration +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef unsigned int (*DTLS_timer_cb)(SSL *s, unsigned int timer_us); +\& +\& void DTLS_set_timer_cb(SSL *s, DTLS_timer_cb cb); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This function sets an optional callback function for controlling the +timeout interval on the \s-1DTLS\s0 protocol. The callback function will be +called by \s-1DTLS\s0 for every new \s-1DTLS\s0 packet that is sent. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Returns void. +.SH "HISTORY" +.IX Header "HISTORY" +The \fIDTLS_set_timer_cb()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/DTLSv1_listen.3 b/linux_amd64/ssl/share/man/man3/DTLSv1_listen.3 new file mode 100755 index 0000000..6eb095d --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/DTLSv1_listen.3 @@ -0,0 +1,257 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DTLSV1_LISTEN 3" +.TH DTLSV1_LISTEN 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_stateless, +DTLSv1_listen +\&\- Statelessly listen for incoming connections +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_stateless(SSL *s); +\& int DTLSv1_listen(SSL *ssl, BIO_ADDR *peer); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_stateless()\fR statelessly listens for new incoming TLSv1.3 connections. +\&\fIDTLSv1_listen()\fR statelessly listens for new incoming \s-1DTLS\s0 connections. If a +ClientHello is received that does not contain a cookie, then they respond with a +request for a new ClientHello that does contain a cookie. If a ClientHello is +received with a cookie that is verified then the function returns in order to +enable the handshake to be completed (for example by using \fISSL_accept()\fR). +.SH "NOTES" +.IX Header "NOTES" +Some transport protocols (such as \s-1UDP\s0) can be susceptible to amplification +attacks. Unlike \s-1TCP\s0 there is no initial connection setup in \s-1UDP\s0 that +validates that the client can actually receive messages on its advertised source +address. An attacker could forge its source \s-1IP\s0 address and then send handshake +initiation messages to the server. The server would then send its response to +the forged source \s-1IP\s0. If the response messages are larger than the original +message then the amplification attack has succeeded. +.PP +If \s-1DTLS\s0 is used over \s-1UDP\s0 (or any datagram based protocol that does not validate +the source \s-1IP\s0) then it is susceptible to this type of attack. TLSv1.3 is +designed to operate over a stream-based transport protocol (such as \s-1TCP\s0). +If \s-1TCP\s0 is being used then there is no need to use \fISSL_stateless()\fR. However some +stream-based transport protocols (e.g. \s-1QUIC\s0) may not validate the source +address. In this case a TLSv1.3 application would be susceptible to this attack. +.PP +As a countermeasure to this issue TLSv1.3 and \s-1DTLS\s0 include a stateless cookie +mechanism. The idea is that when a client attempts to connect to a server it +sends a ClientHello message. The server responds with a HelloRetryRequest (in +TLSv1.3) or a HelloVerifyRequest (in \s-1DTLS\s0) which contains a unique cookie. The +client then resends the ClientHello, but this time includes the cookie in the +message thus proving that the client is capable of receiving messages sent to +that address. All of this can be done by the server without allocating any +state, and thus without consuming expensive resources. +.PP +OpenSSL implements this capability via the \fISSL_stateless()\fR and \fIDTLSv1_listen()\fR +functions. The \fBssl\fR parameter should be a newly allocated \s-1SSL\s0 object with its +read and write BIOs set, in the same way as might be done for a call to +\&\fISSL_accept()\fR. Typically, for \s-1DTLS\s0, the read \s-1BIO\s0 will be in an \*(L"unconnected\*(R" +state and thus capable of receiving messages from any peer. +.PP +When a ClientHello is received that contains a cookie that has been verified, +then these functions will return with the \fBssl\fR parameter updated into a state +where the handshake can be continued by a call to (for example) \fISSL_accept()\fR. +Additionally, for \fIDTLSv1_listen()\fR, the \fB\s-1BIO_ADDR\s0\fR pointed to by \fBpeer\fR will be +filled in with details of the peer that sent the ClientHello. If the underlying +\&\s-1BIO\s0 is unable to obtain the \fB\s-1BIO_ADDR\s0\fR of the peer (for example because the \s-1BIO\s0 +does not support this), then \fB*peer\fR will be cleared and the family set to +\&\s-1AF_UNSPEC\s0. Typically user code is expected to \*(L"connect\*(R" the underlying socket to +the peer and continue the handshake in a connected state. +.PP +Prior to calling \fIDTLSv1_listen()\fR user code must ensure that cookie generation +and verification callbacks have been set up using +\&\fISSL_CTX_set_cookie_generate_cb\fR\|(3) and \fISSL_CTX_set_cookie_verify_cb\fR\|(3) +respectively. For \fISSL_stateless()\fR, \fISSL_CTX_set_stateless_cookie_generate_cb\fR\|(3) +and \fISSL_CTX_set_stateless_cookie_verify_cb\fR\|(3) must be used instead. +.PP +Since \fIDTLSv1_listen()\fR operates entirely statelessly whilst processing incoming +ClientHellos it is unable to process fragmented messages (since this would +require the allocation of state). An implication of this is that \fIDTLSv1_listen()\fR +\&\fBonly\fR supports ClientHellos that fit inside a single datagram. +.PP +For \fISSL_stateless()\fR if an entire ClientHello message cannot be read without the +\&\*(L"read\*(R" \s-1BIO\s0 becoming empty then the \fISSL_stateless()\fR call will fail. It is the +application's responsibility to ensure that data read from the \*(L"read\*(R" \s-1BIO\s0 during +a single \fISSL_stateless()\fR call is all from the same peer. +.PP +\&\fISSL_stateless()\fR will fail (with a 0 return value) if some \s-1TLS\s0 version less than +TLSv1.3 is used. +.PP +Both \fISSL_stateless()\fR and \fIDTLSv1_listen()\fR will clear the error queue when they +start. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +For \fISSL_stateless()\fR a return value of 1 indicates success and the \fBssl\fR object +will be set up ready to continue the handshake. A return value of 0 or \-1 +indicates failure. If the value is 0 then a HelloRetryRequest was sent. A value +of \-1 indicates any other error. User code may retry the \fISSL_stateless()\fR call. +.PP +For \fIDTLSv1_listen()\fR a return value of >= 1 indicates success. The \fBssl\fR object +will be set up ready to continue the handshake. the \fBpeer\fR value will also be +filled in. +.PP +A return value of 0 indicates a non-fatal error. This could (for +example) be because of non-blocking \s-1IO\s0, or some invalid message having been +received from a peer. Errors may be placed on the OpenSSL error queue with +further information if appropriate. Typically user code is expected to retry the +call to \fIDTLSv1_listen()\fR in the event of a non-fatal error. +.PP +A return value of <0 indicates a fatal error. This could (for example) be +because of a failure to allocate sufficient memory for the operation. +.PP +For \fIDTLSv1_listen()\fR, prior to OpenSSL 1.1.0, fatal and non-fatal errors both +produce return codes <= 0 (in typical implementations user code treats all +errors as non-fatal), whilst return codes >0 indicate success. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fISSL_CTX_set_cookie_generate_cb\fR\|(3), \fISSL_CTX_set_cookie_verify_cb\fR\|(3), +\&\fISSL_CTX_set_stateless_cookie_generate_cb\fR\|(3), +\&\fISSL_CTX_set_stateless_cookie_verify_cb\fR\|(3), \fISSL_get_error\fR\|(3), +\&\fISSL_accept\fR\|(3), \fIssl\fR\|(7), \fIbio\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \fISSL_stateless()\fR function was added in OpenSSL 1.1.1. +.PP +The \fIDTLSv1_listen()\fR return codes were clarified in OpenSSL 1.1.0. +The type of \*(L"peer\*(R" also changed in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/ECDSA_SIG_new.3 b/linux_amd64/ssl/share/man/man3/ECDSA_SIG_new.3 new file mode 100755 index 0000000..da5ac91 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/ECDSA_SIG_new.3 @@ -0,0 +1,356 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ECDSA_SIG_NEW 3" +.TH ECDSA_SIG_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ECDSA_SIG_get0, ECDSA_SIG_get0_r, ECDSA_SIG_get0_s, ECDSA_SIG_set0, +ECDSA_SIG_new, ECDSA_SIG_free, ECDSA_size, ECDSA_sign, ECDSA_do_sign, +ECDSA_verify, ECDSA_do_verify, ECDSA_sign_setup, ECDSA_sign_ex, +ECDSA_do_sign_ex \- low level elliptic curve digital signature algorithm (ECDSA) +functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& ECDSA_SIG *ECDSA_SIG_new(void); +\& void ECDSA_SIG_free(ECDSA_SIG *sig); +\& void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); +\& const BIGNUM *ECDSA_SIG_get0_r(const ECDSA_SIG *sig); +\& const BIGNUM *ECDSA_SIG_get0_s(const ECDSA_SIG *sig); +\& int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s); +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& int ECDSA_size(const EC_KEY *eckey); +\& +\& int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen, +\& unsigned char *sig, unsigned int *siglen, EC_KEY *eckey); +\& ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dgst_len, +\& EC_KEY *eckey); +\& +\& int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen, +\& const unsigned char *sig, int siglen, EC_KEY *eckey); +\& int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, +\& const ECDSA_SIG *sig, EC_KEY* eckey); +\& +\& ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen, +\& const BIGNUM *kinv, const BIGNUM *rp, +\& EC_KEY *eckey); +\& int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **rp); +\& int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen, +\& unsigned char *sig, unsigned int *siglen, +\& const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fB\s-1ECDSA_SIG\s0\fR is an opaque structure consisting of two BIGNUMs for the +\&\fBr\fR and \fBs\fR value of an \s-1ECDSA\s0 signature (see X9.62 or \s-1FIPS\s0 186\-2). +.PP +\&\fIECDSA_SIG_new()\fR allocates an empty \fB\s-1ECDSA_SIG\s0\fR structure. Note: before +OpenSSL 1.1.0 the: the \fBr\fR and \fBs\fR components were initialised. +.PP +\&\fIECDSA_SIG_free()\fR frees the \fB\s-1ECDSA_SIG\s0\fR structure \fBsig\fR. +.PP +\&\fIECDSA_SIG_get0()\fR returns internal pointers the \fBr\fR and \fBs\fR values contained +in \fBsig\fR and stores them in \fB*pr\fR and \fB*ps\fR, respectively. +The pointer \fBpr\fR or \fBps\fR can be \s-1NULL\s0, in which case the corresponding value +is not returned. +.PP +The values \fBr\fR, \fBs\fR can also be retrieved separately by the corresponding +function \fIECDSA_SIG_get0_r()\fR and \fIECDSA_SIG_get0_s()\fR, respectively. +.PP +The \fBr\fR and \fBs\fR values can be set by calling \fIECDSA_SIG_set0()\fR and passing the +new values for \fBr\fR and \fBs\fR as parameters to the function. Calling this +function transfers the memory management of the values to the \s-1ECDSA_SIG\s0 object, +and therefore the values that have been passed in should not be freed directly +after this function has been called. +.PP +See \fIi2d_ECDSA_SIG\fR\|(3) and \fId2i_ECDSA_SIG\fR\|(3) for information about encoding +and decoding \s-1ECDSA\s0 signatures to/from \s-1DER\s0. +.PP +All of the functions described below are deprecated. Applications should +use the higher level \fB\s-1EVP\s0\fR interface such as \fIEVP_DigestSignInit\fR\|(3) +or \fIEVP_DigestVerifyInit\fR\|(3) instead. +.PP +\&\fIECDSA_size()\fR returns the maximum length of a \s-1DER\s0 encoded \s-1ECDSA\s0 signature +created with the private \s-1EC\s0 key \fBeckey\fR. To obtain the actual signature +size use \fIEVP_PKEY_sign\fR\|(3) with a \s-1NULL\s0 \fBsig\fR parameter. +.PP +\&\fIECDSA_sign()\fR computes a digital signature of the \fBdgstlen\fR bytes hash value +\&\fBdgst\fR using the private \s-1EC\s0 key \fBeckey\fR. The \s-1DER\s0 encoded signatures is +stored in \fBsig\fR and its length is returned in \fBsig_len\fR. Note: \fBsig\fR must +point to ECDSA_size(eckey) bytes of memory. The parameter \fBtype\fR is currently +ignored. \fIECDSA_sign()\fR is wrapper function for \fIECDSA_sign_ex()\fR with \fBkinv\fR +and \fBrp\fR set to \s-1NULL\s0. +.PP +\&\fIECDSA_do_sign()\fR is similar to \fIECDSA_sign()\fR except the signature is returned +as a newly allocated \fB\s-1ECDSA_SIG\s0\fR structure (or \s-1NULL\s0 on error). \fIECDSA_do_sign()\fR +is a wrapper function for \fIECDSA_do_sign_ex()\fR with \fBkinv\fR and \fBrp\fR set to +\&\s-1NULL\s0. +.PP +\&\fIECDSA_verify()\fR verifies that the signature in \fBsig\fR of size \fBsiglen\fR is a +valid \s-1ECDSA\s0 signature of the hash value \fBdgst\fR of size \fBdgstlen\fR using the +public key \fBeckey\fR. The parameter \fBtype\fR is ignored. +.PP +\&\fIECDSA_do_verify()\fR is similar to \fIECDSA_verify()\fR except the signature is +presented in the form of a pointer to an \fB\s-1ECDSA_SIG\s0\fR structure. +.PP +The remaining functions utilise the internal \fBkinv\fR and \fBr\fR values used +during signature computation. Most applications will never need to call these +and some external \s-1ECDSA\s0 \s-1ENGINE\s0 implementations may not support them at all if +either \fBkinv\fR or \fBr\fR is not \fB\s-1NULL\s0\fR. +.PP +\&\fIECDSA_sign_setup()\fR may be used to precompute parts of the signing operation. +\&\fBeckey\fR is the private \s-1EC\s0 key and \fBctx\fR is a pointer to \fB\s-1BN_CTX\s0\fR structure +(or \s-1NULL\s0). The precomputed values or returned in \fBkinv\fR and \fBrp\fR and can be +used in a later call to \fIECDSA_sign_ex()\fR or \fIECDSA_do_sign_ex()\fR. +.PP +\&\fIECDSA_sign_ex()\fR computes a digital signature of the \fBdgstlen\fR bytes hash value +\&\fBdgst\fR using the private \s-1EC\s0 key \fBeckey\fR and the optional pre-computed values +\&\fBkinv\fR and \fBrp\fR. The \s-1DER\s0 encoded signature is stored in \fBsig\fR and its +length is returned in \fBsig_len\fR. Note: \fBsig\fR must point to ECDSA_size(eckey) +bytes of memory. The parameter \fBtype\fR is ignored. +.PP +\&\fIECDSA_do_sign_ex()\fR is similar to \fIECDSA_sign_ex()\fR except the signature is +returned as a newly allocated \fB\s-1ECDSA_SIG\s0\fR structure (or \s-1NULL\s0 on error). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIECDSA_SIG_new()\fR returns \s-1NULL\s0 if the allocation fails. +.PP +\&\fIECDSA_SIG_set0()\fR returns 1 on success or 0 on failure. +.PP +\&\fIECDSA_SIG_get0_r()\fR and \fIECDSA_SIG_get0_s()\fR return the corresponding value, +or \s-1NULL\s0 if it is unset. +.PP +\&\fIECDSA_size()\fR returns the maximum length signature or 0 on error. +.PP +\&\fIECDSA_sign()\fR, \fIECDSA_sign_ex()\fR and \fIECDSA_sign_setup()\fR return 1 if successful +or 0 on error. +.PP +\&\fIECDSA_do_sign()\fR and \fIECDSA_do_sign_ex()\fR return a pointer to an allocated +\&\fB\s-1ECDSA_SIG\s0\fR structure or \s-1NULL\s0 on error. +.PP +\&\fIECDSA_verify()\fR and \fIECDSA_do_verify()\fR return 1 for a valid +signature, 0 for an invalid signature and \-1 on error. +The error codes can be obtained by \fIERR_get_error\fR\|(3). +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Creating an \s-1ECDSA\s0 signature of a given \s-1SHA\-256\s0 hash value using the +named curve prime256v1 (aka P\-256). +.PP +First step: create an \s-1EC_KEY\s0 object (note: this part is \fBnot\fR \s-1ECDSA\s0 +specific) +.PP +.Vb 3 +\& int ret; +\& ECDSA_SIG *sig; +\& EC_KEY *eckey; +\& +\& eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); +\& if (eckey == NULL) +\& /* error */ +\& if (EC_KEY_generate_key(eckey) == 0) +\& /* error */ +.Ve +.PP +Second step: compute the \s-1ECDSA\s0 signature of a \s-1SHA\-256\s0 hash value +using \fIECDSA_do_sign()\fR: +.PP +.Vb 3 +\& sig = ECDSA_do_sign(digest, 32, eckey); +\& if (sig == NULL) +\& /* error */ +.Ve +.PP +or using \fIECDSA_sign()\fR: +.PP +.Vb 2 +\& unsigned char *buffer, *pp; +\& int buf_len; +\& +\& buf_len = ECDSA_size(eckey); +\& buffer = OPENSSL_malloc(buf_len); +\& pp = buffer; +\& if (ECDSA_sign(0, dgst, dgstlen, pp, &buf_len, eckey) == 0) +\& /* error */ +.Ve +.PP +Third step: verify the created \s-1ECDSA\s0 signature using \fIECDSA_do_verify()\fR: +.PP +.Vb 1 +\& ret = ECDSA_do_verify(digest, 32, sig, eckey); +.Ve +.PP +or using \fIECDSA_verify()\fR: +.PP +.Vb 1 +\& ret = ECDSA_verify(0, digest, 32, buffer, buf_len, eckey); +.Ve +.PP +and finally evaluate the return value: +.PP +.Vb 6 +\& if (ret == 1) +\& /* signature ok */ +\& else if (ret == 0) +\& /* incorrect signature */ +\& else +\& /* error */ +.Ve +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1ANSI\s0 X9.62, \s-1US\s0 Federal Information Processing Standard \s-1FIPS\s0 186\-2 +(Digital Signature Standard, \s-1DSS\s0) +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEC_KEY_new\fR\|(3), +\&\fIEVP_DigestSignInit\fR\|(3), +\&\fIEVP_DigestVerifyInit\fR\|(3), +\&\fIEVP_PKEY_sign\fR\|(3) +\&\fIi2d_ECDSA_SIG\fR\|(3), +\&\fId2i_ECDSA_SIG\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fIECDSA_size()\fR, \fIECDSA_sign()\fR, \fIECDSA_do_sign()\fR, \fIECDSA_verify()\fR, +\&\fIECDSA_do_verify()\fR, \fIECDSA_sign_setup()\fR, \fIECDSA_sign_ex()\fR and \fIECDSA_do_sign_ex()\fR +functions were deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2004\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/ECPKParameters_print.3 b/linux_amd64/ssl/share/man/man3/ECPKParameters_print.3 new file mode 100755 index 0000000..b960043 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/ECPKParameters_print.3 @@ -0,0 +1,167 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ECPKPARAMETERS_PRINT 3" +.TH ECPKPARAMETERS_PRINT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ECPKParameters_print, ECPKParameters_print_fp \- Functions for decoding and +encoding ASN1 representations of elliptic curve entities +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off); +\& int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The ECPKParameters represent the public parameters for an +\&\fB\s-1EC_GROUP\s0\fR structure, which represents a curve. +.PP +The \fIECPKParameters_print()\fR and \fIECPKParameters_print_fp()\fR functions print +a human-readable output of the public parameters of the \s-1EC_GROUP\s0 to \fBbp\fR +or \fBfp\fR. The output lines are indented by \fBoff\fR spaces. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIECPKParameters_print()\fR and \fIECPKParameters_print_fp()\fR +return 1 for success and 0 if an error occurs. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIcrypto\fR\|(7), \fIEC_GROUP_new\fR\|(3), \fIEC_GROUP_copy\fR\|(3), +\&\fIEC_POINT_new\fR\|(3), \fIEC_POINT_add\fR\|(3), \fIEC_KEY_new\fR\|(3), +\&\fIEC_GFp_simple_method\fR\|(3), +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2013\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EC_GFp_simple_method.3 b/linux_amd64/ssl/share/man/man3/EC_GFp_simple_method.3 new file mode 100755 index 0000000..34bb831 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EC_GFp_simple_method.3 @@ -0,0 +1,192 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EC_GFP_SIMPLE_METHOD 3" +.TH EC_GFP_SIMPLE_METHOD 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EC_GFp_simple_method, EC_GFp_mont_method, EC_GFp_nist_method, EC_GFp_nistp224_method, EC_GFp_nistp256_method, EC_GFp_nistp521_method, EC_GF2m_simple_method, EC_METHOD_get_field_type \- Functions for obtaining EC_METHOD objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EC_METHOD *EC_GFp_simple_method(void); +\& const EC_METHOD *EC_GFp_mont_method(void); +\& const EC_METHOD *EC_GFp_nist_method(void); +\& const EC_METHOD *EC_GFp_nistp224_method(void); +\& const EC_METHOD *EC_GFp_nistp256_method(void); +\& const EC_METHOD *EC_GFp_nistp521_method(void); +\& +\& const EC_METHOD *EC_GF2m_simple_method(void); +\& +\& int EC_METHOD_get_field_type(const EC_METHOD *meth); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The Elliptic Curve library provides a number of different implementations through a single common interface. +When constructing a curve using EC_GROUP_new (see \fIEC_GROUP_new\fR\|(3)) an +implementation method must be provided. The functions described here all return a const pointer to an +\&\fB\s-1EC_METHOD\s0\fR structure that can be passed to \s-1EC_GROUP_NEW\s0. It is important that the correct implementation +type for the form of curve selected is used. +.PP +For F2^m curves there is only one implementation choice, i.e. EC_GF2_simple_method. +.PP +For Fp curves the lowest common denominator implementation is the EC_GFp_simple_method implementation. All +other implementations are based on this one. EC_GFp_mont_method builds on EC_GFp_simple_method but adds the +use of montgomery multiplication (see \fIBN_mod_mul_montgomery\fR\|(3)). EC_GFp_nist_method +offers an implementation optimised for use with \s-1NIST\s0 recommended curves (\s-1NIST\s0 curves are available through +EC_GROUP_new_by_curve_name as described in \fIEC_GROUP_new\fR\|(3)). +.PP +The functions EC_GFp_nistp224_method, EC_GFp_nistp256_method and EC_GFp_nistp521_method offer 64 bit +optimised implementations for the \s-1NIST\s0 P224, P256 and P521 curves respectively. Note, however, that these +implementations are not available on all platforms. +.PP +EC_METHOD_get_field_type identifies what type of field the \s-1EC_METHOD\s0 structure supports, which will be either +F2^m or Fp. If the field type is Fp then the value \fBNID_X9_62_prime_field\fR is returned. If the field type is +F2^m then the value \fBNID_X9_62_characteristic_two_field\fR is returned. These values are defined in the +obj_mac.h header file. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All EC_GFp* functions and EC_GF2m_simple_method always return a const pointer to an \s-1EC_METHOD\s0 structure. +.PP +EC_METHOD_get_field_type returns an integer that identifies the type of field the \s-1EC_METHOD\s0 structure supports. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIcrypto\fR\|(7), \fIEC_GROUP_new\fR\|(3), \fIEC_GROUP_copy\fR\|(3), +\&\fIEC_POINT_new\fR\|(3), \fIEC_POINT_add\fR\|(3), \fIEC_KEY_new\fR\|(3), +\&\fId2i_ECPKParameters\fR\|(3), +\&\fIBN_mod_mul_montgomery\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2013\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EC_GROUP_copy.3 b/linux_amd64/ssl/share/man/man3/EC_GROUP_copy.3 new file mode 100755 index 0000000..fc9881b --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EC_GROUP_copy.3 @@ -0,0 +1,367 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EC_GROUP_COPY 3" +.TH EC_GROUP_COPY 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EC_GROUP_get0_order, EC_GROUP_order_bits, EC_GROUP_get0_cofactor, +EC_GROUP_copy, EC_GROUP_dup, EC_GROUP_method_of, EC_GROUP_set_generator, +EC_GROUP_get0_generator, EC_GROUP_get_order, EC_GROUP_get_cofactor, +EC_GROUP_set_curve_name, EC_GROUP_get_curve_name, EC_GROUP_set_asn1_flag, +EC_GROUP_get_asn1_flag, EC_GROUP_set_point_conversion_form, +EC_GROUP_get_point_conversion_form, EC_GROUP_get0_seed, +EC_GROUP_get_seed_len, EC_GROUP_set_seed, EC_GROUP_get_degree, +EC_GROUP_check, EC_GROUP_check_named_curve, +EC_GROUP_check_discriminant, EC_GROUP_cmp, +EC_GROUP_get_basis_type, EC_GROUP_get_trinomial_basis, +EC_GROUP_get_pentanomial_basis, EC_GROUP_get0_field +\&\- Functions for manipulating EC_GROUP objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EC_GROUP_copy(EC_GROUP *dst, const EC_GROUP *src); +\& EC_GROUP *EC_GROUP_dup(const EC_GROUP *src); +\& +\& const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group); +\& +\& int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, +\& const BIGNUM *order, const BIGNUM *cofactor); +\& const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group); +\& +\& int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx); +\& const BIGNUM *EC_GROUP_get0_order(const EC_GROUP *group); +\& int EC_GROUP_order_bits(const EC_GROUP *group); +\& int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx); +\& const BIGNUM *EC_GROUP_get0_cofactor(const EC_GROUP *group); +\& const BIGNUM *EC_GROUP_get0_field(const EC_GROUP *group); +\& +\& void EC_GROUP_set_curve_name(EC_GROUP *group, int nid); +\& int EC_GROUP_get_curve_name(const EC_GROUP *group); +\& +\& void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag); +\& int EC_GROUP_get_asn1_flag(const EC_GROUP *group); +\& +\& void EC_GROUP_set_point_conversion_form(EC_GROUP *group, point_conversion_form_t form); +\& point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *group); +\& +\& unsigned char *EC_GROUP_get0_seed(const EC_GROUP *x); +\& size_t EC_GROUP_get_seed_len(const EC_GROUP *); +\& size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len); +\& +\& int EC_GROUP_get_degree(const EC_GROUP *group); +\& +\& int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx); +\& int EC_GROUP_check_named_curve(const EC_GROUP *group, int nist_only, +\& BN_CTX *ctx); +\& +\& int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx); +\& +\& int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx); +\& +\& int EC_GROUP_get_basis_type(const EC_GROUP *); +\& int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k); +\& int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1, +\& unsigned int *k2, unsigned int *k3); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIEC_GROUP_copy()\fR copies the curve \fBsrc\fR into \fBdst\fR. Both \fBsrc\fR and \fBdst\fR must use the same \s-1EC_METHOD\s0. +.PP +\&\fIEC_GROUP_dup()\fR creates a new \s-1EC_GROUP\s0 object and copies the content from \fBsrc\fR to the newly created +\&\s-1EC_GROUP\s0 object. +.PP +\&\fIEC_GROUP_method_of()\fR obtains the \s-1EC_METHOD\s0 of \fBgroup\fR. +.PP +\&\fIEC_GROUP_set_generator()\fR sets curve parameters that must be agreed by all participants using the curve. These +parameters include the \fBgenerator\fR, the \fBorder\fR and the \fBcofactor\fR. The \fBgenerator\fR is a well defined point on the +curve chosen for cryptographic operations. Integers used for point multiplications will be between 0 and +n\-1 where n is the \fBorder\fR. The \fBorder\fR multiplied by the \fBcofactor\fR gives the number of points on the curve. +.PP +\&\fIEC_GROUP_get0_generator()\fR returns the generator for the identified \fBgroup\fR. +.PP +\&\fIEC_GROUP_get_order()\fR retrieves the order of \fBgroup\fR and copies its value into +\&\fBorder\fR. It fails in case \fBgroup\fR is not fully initialized (i.e., its order +is not set or set to zero). +.PP +\&\fIEC_GROUP_get_cofactor()\fR retrieves the cofactor of \fBgroup\fR and copies its value +into \fBcofactor\fR. It fails in case \fBgroup\fR is not fully initialized or if the +cofactor is not set (or set to zero). +.PP +The functions \fIEC_GROUP_set_curve_name()\fR and \fIEC_GROUP_get_curve_name()\fR, set and get the \s-1NID\s0 for the curve respectively +(see \fIEC_GROUP_new\fR\|(3)). If a curve does not have a \s-1NID\s0 associated with it, then EC_GROUP_get_curve_name +will return NID_undef. +.PP +The asn1_flag value is used to determine whether the curve encoding uses +explicit parameters or a named curve using an \s-1ASN1\s0 \s-1OID:\s0 many applications only +support the latter form. If asn1_flag is \fB\s-1OPENSSL_EC_NAMED_CURVE\s0\fR then the +named curve form is used and the parameters must have a corresponding +named curve \s-1NID\s0 set. If asn1_flags is \fB\s-1OPENSSL_EC_EXPLICIT_CURVE\s0\fR the +parameters are explicitly encoded. The functions \fIEC_GROUP_get_asn1_flag()\fR and +\&\fIEC_GROUP_set_asn1_flag()\fR get and set the status of the asn1_flag for the curve. +Note: \fB\s-1OPENSSL_EC_EXPLICIT_CURVE\s0\fR was added in OpenSSL 1.1.0, for +previous versions of OpenSSL the value 0 must be used instead. Before OpenSSL +1.1.0 the default form was to use explicit parameters (meaning that +applications would have to explicitly set the named curve form) in OpenSSL +1.1.0 and later the named curve form is the default. +.PP +The point_conversion_form for a curve controls how \s-1EC_POINT\s0 data is encoded as \s-1ASN1\s0 as defined in X9.62 (\s-1ECDSA\s0). +point_conversion_form_t is an enum defined as follows: +.PP +.Vb 10 +\& typedef enum { +\& /** the point is encoded as z||x, where the octet z specifies +\& * which solution of the quadratic equation y is */ +\& POINT_CONVERSION_COMPRESSED = 2, +\& /** the point is encoded as z||x||y, where z is the octet 0x04 */ +\& POINT_CONVERSION_UNCOMPRESSED = 4, +\& /** the point is encoded as z||x||y, where the octet z specifies +\& * which solution of the quadratic equation y is */ +\& POINT_CONVERSION_HYBRID = 6 +\& } point_conversion_form_t; +.Ve +.PP +For \s-1POINT_CONVERSION_UNCOMPRESSED\s0 the point is encoded as an octet signifying the \s-1UNCOMPRESSED\s0 form has been used followed by +the octets for x, followed by the octets for y. +.PP +For any given x co-ordinate for a point on a curve it is possible to derive two possible y values. For +\&\s-1POINT_CONVERSION_COMPRESSED\s0 the point is encoded as an octet signifying that the \s-1COMPRESSED\s0 form has been used \s-1AND\s0 which of +the two possible solutions for y has been used, followed by the octets for x. +.PP +For \s-1POINT_CONVERSION_HYBRID\s0 the point is encoded as an octet signifying the \s-1HYBRID\s0 form has been used \s-1AND\s0 which of the two +possible solutions for y has been used, followed by the octets for x, followed by the octets for y. +.PP +The functions \fIEC_GROUP_set_point_conversion_form()\fR and \fIEC_GROUP_get_point_conversion_form()\fR, set and get the point_conversion_form +for the curve respectively. +.PP +\&\s-1ANSI\s0 X9.62 (\s-1ECDSA\s0 standard) defines a method of generating the curve parameter b from a random number. This provides advantages +in that a parameter obtained in this way is highly unlikely to be susceptible to special purpose attacks, or have any trapdoors in it. +If the seed is present for a curve then the b parameter was generated in a verifiable fashion using that seed. The OpenSSL \s-1EC\s0 library +does not use this seed value but does enable you to inspect it using \fIEC_GROUP_get0_seed()\fR. This returns a pointer to a memory block +containing the seed that was used. The length of the memory block can be obtained using \fIEC_GROUP_get_seed_len()\fR. A number of the +built-in curves within the library provide seed values that can be obtained. It is also possible to set a custom seed using +\&\fIEC_GROUP_set_seed()\fR and passing a pointer to a memory block, along with the length of the seed. Again, the \s-1EC\s0 library will not use +this seed value, although it will be preserved in any \s-1ASN1\s0 based communications. +.PP +\&\fIEC_GROUP_get_degree()\fR gets the degree of the field. For Fp fields this will be the number of bits in p. For F2^m fields this will be +the value m. +.PP +The function \fIEC_GROUP_check_discriminant()\fR calculates the discriminant for the curve and verifies that it is valid. +For a curve defined over Fp the discriminant is given by the formula 4*a^3 + 27*b^2 whilst for F2^m curves the discriminant is +simply b. In either case for the curve to be valid the discriminant must be non zero. +.PP +The function \fIEC_GROUP_check()\fR performs a number of checks on a curve to verify that it is valid. Checks performed include +verifying that the discriminant is non zero; that a generator has been defined; that the generator is on the curve and has +the correct order. +.PP +The function \fIEC_GROUP_check_named_curve()\fR determines if the group's domain parameters match one of the built-in curves supported by the library. +The curve name is returned as a \fB\s-1NID\s0\fR if it matches. If the group's domain parameters have been modified then no match will be found. +If the curve name of the given group is \fBNID_undef\fR (e.g. it has been created by using explicit parameters with no curve name), +then this method can be used to lookup the name of the curve that matches the group domain parameters. The built-in curves contain +aliases, so that multiple \s-1NID\s0's can map to the same domain parameters. For such curves it is unspecified which of the aliases will be +returned if the curve name of the given group is NID_undef. +If \fBnist_only\fR is 1 it will only look for \s-1NIST\s0 approved curves, otherwise it searches all built-in curves. +This function may be passed a \s-1BN_CTX\s0 object in the \fBctx\fR parameter. +The \fBctx\fR parameter may be \s-1NULL\s0. +.PP +\&\fIEC_GROUP_cmp()\fR compares \fBa\fR and \fBb\fR to determine whether they represent the same curve or not. +.PP +The functions \fIEC_GROUP_get_basis_type()\fR, \fIEC_GROUP_get_trinomial_basis()\fR and \fIEC_GROUP_get_pentanomial_basis()\fR should only be called for curves +defined over an F2^m field. Addition and multiplication operations within an F2^m field are performed using an irreducible polynomial +function f(x). This function is either a trinomial of the form: +.PP +f(x) = x^m + x^k + 1 with m > k >= 1 +.PP +or a pentanomial of the form: +.PP +f(x) = x^m + x^k3 + x^k2 + x^k1 + 1 with m > k3 > k2 > k1 >= 1 +.PP +The function \fIEC_GROUP_get_basis_type()\fR returns a \s-1NID\s0 identifying whether a trinomial or pentanomial is in use for the field. The +function \fIEC_GROUP_get_trinomial_basis()\fR must only be called where f(x) is of the trinomial form, and returns the value of \fBk\fR. Similarly +the function \fIEC_GROUP_get_pentanomial_basis()\fR must only be called where f(x) is of the pentanomial form, and returns the values of \fBk1\fR, +\&\fBk2\fR and \fBk3\fR respectively. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following functions return 1 on success or 0 on error: \fIEC_GROUP_copy()\fR, \fIEC_GROUP_set_generator()\fR, \fIEC_GROUP_check()\fR, +\&\fIEC_GROUP_check_discriminant()\fR, \fIEC_GROUP_get_trinomial_basis()\fR and \fIEC_GROUP_get_pentanomial_basis()\fR. +.PP +\&\fIEC_GROUP_dup()\fR returns a pointer to the duplicated curve, or \s-1NULL\s0 on error. +.PP +\&\fIEC_GROUP_method_of()\fR returns the \s-1EC_METHOD\s0 implementation in use for the given curve or \s-1NULL\s0 on error. +.PP +\&\fIEC_GROUP_get0_generator()\fR returns the generator for the given curve or \s-1NULL\s0 on error. +.PP +\&\fIEC_GROUP_get_order()\fR returns 0 if the order is not set (or set to zero) for +\&\fBgroup\fR or if copying into \fBorder\fR fails, 1 otherwise. +.PP +\&\fIEC_GROUP_get_cofactor()\fR returns 0 if the cofactor is not set (or is set to zero) for \fBgroup\fR or if copying into \fBcofactor\fR fails, 1 otherwise. +.PP +\&\fIEC_GROUP_get_curve_name()\fR returns the curve name (\s-1NID\s0) for \fBgroup\fR or will return NID_undef if no curve name is associated. +.PP +\&\fIEC_GROUP_get_asn1_flag()\fR returns the \s-1ASN1\s0 flag for the specified \fBgroup\fR . +.PP +\&\fIEC_GROUP_get_point_conversion_form()\fR returns the point_conversion_form for \fBgroup\fR. +.PP +\&\fIEC_GROUP_get_degree()\fR returns the degree for \fBgroup\fR or 0 if the operation is not supported by the underlying group implementation. +.PP +\&\fIEC_GROUP_check_named_curve()\fR returns the nid of the matching named curve, otherwise it returns 0 for no match, or \-1 on error. +.PP +\&\fIEC_GROUP_get0_order()\fR returns an internal pointer to the group order. +\&\fIEC_GROUP_order_bits()\fR returns the number of bits in the group order. +\&\fIEC_GROUP_get0_cofactor()\fR returns an internal pointer to the group cofactor. +\&\fIEC_GROUP_get0_field()\fR returns an internal pointer to the group field. For curves over \s-1GF\s0(p), this is the modulus; for curves +over \s-1GF\s0(2^m), this is the irreducible polynomial defining the field. +.PP +\&\fIEC_GROUP_get0_seed()\fR returns a pointer to the seed that was used to generate the parameter b, or \s-1NULL\s0 if the seed is not +specified. \fIEC_GROUP_get_seed_len()\fR returns the length of the seed or 0 if the seed is not specified. +.PP +\&\fIEC_GROUP_set_seed()\fR returns the length of the seed that has been set. If the supplied seed is \s-1NULL\s0, or the supplied seed length is +0, the return value will be 1. On error 0 is returned. +.PP +\&\fIEC_GROUP_cmp()\fR returns 0 if the curves are equal, 1 if they are not equal, or \-1 on error. +.PP +\&\fIEC_GROUP_get_basis_type()\fR returns the values NID_X9_62_tpBasis or NID_X9_62_ppBasis (as defined in ) for a +trinomial or pentanomial respectively. Alternatively in the event of an error a 0 is returned. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIcrypto\fR\|(7), \fIEC_GROUP_new\fR\|(3), +\&\fIEC_POINT_new\fR\|(3), \fIEC_POINT_add\fR\|(3), \fIEC_KEY_new\fR\|(3), +\&\fIEC_GFp_simple_method\fR\|(3), \fId2i_ECPKParameters\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fIEC_GROUP_check_named_curve()\fR function was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2013\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EC_GROUP_new.3 b/linux_amd64/ssl/share/man/man3/EC_GROUP_new.3 new file mode 100755 index 0000000..4301a5e --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EC_GROUP_new.3 @@ -0,0 +1,322 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EC_GROUP_NEW 3" +.TH EC_GROUP_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EC_GROUP_get_ecparameters, +EC_GROUP_get_ecpkparameters, +EC_GROUP_new_ex, +EC_GROUP_new, +EC_GROUP_new_from_ecparameters, +EC_GROUP_new_from_ecpkparameters, +EC_GROUP_free, +EC_GROUP_clear_free, +EC_GROUP_new_curve_GFp, +EC_GROUP_new_curve_GF2m, +EC_GROUP_new_by_curve_name_ex, +EC_GROUP_new_by_curve_name, +EC_GROUP_set_curve, +EC_GROUP_get_curve, +EC_GROUP_set_curve_GFp, +EC_GROUP_get_curve_GFp, +EC_GROUP_set_curve_GF2m, +EC_GROUP_get_curve_GF2m, +EC_get_builtin_curves \- Functions for creating and destroying EC_GROUP +objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EC_GROUP *EC_GROUP_new_ex(OPENSSL_CTX *libctx, const EC_METHOD *meth); +\& EC_GROUP *EC_GROUP_new(const EC_METHOD *meth); +\& EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params) +\& EC_GROUP *EC_GROUP_new_from_ecpkparameters(const ECPKPARAMETERS *params) +\& void EC_GROUP_free(EC_GROUP *group); +\& +\& EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, +\& const BIGNUM *b, BN_CTX *ctx); +\& EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, +\& const BIGNUM *b, BN_CTX *ctx); +\& EC_GROUP *EC_GROUP_new_by_curve_name_ex(OPENSSL_CTX *libctx, int nid); +\& EC_GROUP *EC_GROUP_new_by_curve_name(int nid); +\& +\& int EC_GROUP_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, +\& const BIGNUM *b, BN_CTX *ctx); +\& int EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, +\& BN_CTX *ctx); +\& int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, +\& const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); +\& int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, +\& BIGNUM *a, BIGNUM *b, BN_CTX *ctx); +\& int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, +\& const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); +\& int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, +\& BIGNUM *a, BIGNUM *b, BN_CTX *ctx); +\& +\& ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group, ECPARAMETERS *params) +\& ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group, ECPKPARAMETERS *params) +\& +\& size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems); +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& void EC_GROUP_clear_free(EC_GROUP *group); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Within the library there are two forms of elliptic curve that are of interest. +The first form is those defined over the prime field Fp. The elements of Fp are +the integers 0 to p\-1, where p is a prime number. This gives us a revised +elliptic curve equation as follows: +.PP +y^2 mod p = x^3 +ax + b mod p +.PP +The second form is those defined over a binary field F2^m where the elements of +the field are integers of length at most m bits. For this form the elliptic +curve equation is modified to: +.PP +y^2 + xy = x^3 + ax^2 + b (where b != 0) +.PP +Operations in a binary field are performed relative to an +\&\fBirreducible polynomial\fR. All such curves with OpenSSL use a trinomial or a +pentanomial for this parameter. +.PP +A new curve can be constructed by calling \fIEC_GROUP_new_ex()\fR, using the +implementation provided by \fBmeth\fR (see \fIEC_GFp_simple_method\fR\|(3)) and +associated with the library context \fBctx\fR (see \s-1\fIOPENSSL_CTX\s0\fR\|(3)). +The \fBctx\fR parameter may be \s-1NULL\s0 in which case the default library context is +used. +It is then necessary to call \fIEC_GROUP_set_curve()\fR to set the curve parameters. +\&\fIEC_GROUP_new_from_ecparameters()\fR will create a group from the +specified \fBparams\fR and +\&\fIEC_GROUP_new_from_ecpkparameters()\fR will create a group from the specific \s-1PK\s0 +\&\fBparams\fR. +.PP +\&\fIEC_GROUP_new()\fR is the same as \fIEC_GROUP_new_ex()\fR except that the library context +used is always the default library context. +.PP +\&\fIEC_GROUP_set_curve()\fR sets the curve parameters \fBp\fR, \fBa\fR and \fBb\fR. For a curve +over Fp \fBp\fR is the prime for the field. For a curve over F2^m \fBp\fR represents +the irreducible polynomial \- each bit represents a term in the polynomial. +Therefore there will either be three or five bits set dependent on whether the +polynomial is a trinomial or a pentanomial. +In either case, \fBa\fR and \fBb\fR represents the coefficients a and b from the +relevant equation introduced above. +.PP +\&\fIEC_group_get_curve()\fR obtains the previously set curve parameters. +.PP +\&\fIEC_GROUP_set_curve_GFp()\fR and \fIEC_GROUP_set_curve_GF2m()\fR are synonyms for +\&\fIEC_GROUP_set_curve()\fR. They are defined for backwards compatibility only and +should not be used. +.PP +\&\fIEC_GROUP_get_curve_GFp()\fR and \fIEC_GROUP_get_curve_GF2m()\fR are synonyms for +\&\fIEC_GROUP_get_curve()\fR. They are defined for backwards compatibility only and +should not be used. +.PP +The functions \fIEC_GROUP_new_curve_GFp()\fR and \fIEC_GROUP_new_curve_GF2m()\fR are +shortcuts for calling \fIEC_GROUP_new()\fR and then the \fIEC_GROUP_set_curve()\fR function. +An appropriate default implementation method will be used. +.PP +Whilst the library can be used to create any curve using the functions described +above, there are also a number of predefined curves that are available. In order +to obtain a list of all of the predefined curves, call the function +\&\fIEC_get_builtin_curves()\fR. The parameter \fBr\fR should be an array of +EC_builtin_curve structures of size \fBnitems\fR. The function will populate the +\&\fBr\fR array with information about the built-in curves. If \fBnitems\fR is less than +the total number of curves available, then the first \fBnitems\fR curves will be +returned. Otherwise the total number of curves will be provided. The return +value is the total number of curves available (whether that number has been +populated in \fBr\fR or not). Passing a \s-1NULL\s0 \fBr\fR, or setting \fBnitems\fR to 0 will +do nothing other than return the total number of curves available. +The EC_builtin_curve structure is defined as follows: +.PP +.Vb 4 +\& typedef struct { +\& int nid; +\& const char *comment; +\& } EC_builtin_curve; +.Ve +.PP +Each EC_builtin_curve item has a unique integer id (\fBnid\fR), and a human +readable comment string describing the curve. +.PP +In order to construct a built-in curve use the function +\&\fIEC_GROUP_new_by_curve_name_ex()\fR and provide the \fBnid\fR of the curve to be +constructed and the associated library context to be used in \fBctx\fR (see +\&\s-1\fIOPENSSL_CTX\s0\fR\|(3)). The \fBctx\fR value may be \s-1NULL\s0 in which case the default +library context is used. +.PP +\&\fIEC_GROUP_new_by_curve_name()\fR is the same as \fIEC_GROUP_new_by_curve_name_ex()\fR +except that the default library context is always used. +.PP +\&\fIEC_GROUP_free()\fR frees the memory associated with the \s-1EC_GROUP\s0. +If \fBgroup\fR is \s-1NULL\s0 nothing is done. +.PP +\&\fIEC_GROUP_clear_free()\fR is deprecated: it was meant to destroy any sensitive data +held within the \s-1EC_GROUP\s0 and then free its memory, but since all the data stored +in the \s-1EC_GROUP\s0 is public anyway, this function is unnecessary. +Its use can be safely replaced with \fIEC_GROUP_free()\fR. +If \fBgroup\fR is \s-1NULL\s0 nothing is done. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All EC_GROUP_new* functions return a pointer to the newly constructed group, or +\&\s-1NULL\s0 on error. +.PP +\&\fIEC_get_builtin_curves()\fR returns the number of built-in curves that are +available. +.PP +\&\fIEC_GROUP_set_curve_GFp()\fR, \fIEC_GROUP_get_curve_GFp()\fR, \fIEC_GROUP_set_curve_GF2m()\fR, +\&\fIEC_GROUP_get_curve_GF2m()\fR return 1 on success or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIcrypto\fR\|(7), \fIEC_GROUP_copy\fR\|(3), +\&\fIEC_POINT_new\fR\|(3), \fIEC_POINT_add\fR\|(3), \fIEC_KEY_new\fR\|(3), +\&\fIEC_GFp_simple_method\fR\|(3), \fId2i_ECPKParameters\fR\|(3), +\&\s-1\fIOPENSSL_CTX\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +.IP "\(bu" 2 +\&\fIEC_GROUP_new_ex()\fR and \fIEC_GROUP_new_by_curve_name_ex()\fR were added in OpenSSL 3.0. +.IP "\(bu" 2 +\&\fIEC_GROUP_clear_free()\fR was deprecated in OpenSSL 3.0; use \fIEC_GROUP_free()\fR +instead. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2013\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EC_KEY_get_enc_flags.3 b/linux_amd64/ssl/share/man/man3/EC_KEY_get_enc_flags.3 new file mode 100755 index 0000000..f67ecd0 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EC_KEY_get_enc_flags.3 @@ -0,0 +1,182 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EC_KEY_GET_ENC_FLAGS 3" +.TH EC_KEY_GET_ENC_FLAGS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EC_KEY_get_enc_flags, EC_KEY_set_enc_flags +\&\- Get and set flags for encoding EC_KEY structures +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& unsigned int EC_KEY_get_enc_flags(const EC_KEY *key); +\& void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The format of the external representation of the public key written by +\&\fIi2d_ECPrivateKey()\fR (such as whether it is stored in a compressed form or not) is +described by the point_conversion_form. See \fIEC_GROUP_copy\fR\|(3) +for a description of point_conversion_form. +.PP +When reading a private key encoded without an associated public key (e.g. if +\&\s-1EC_PKEY_NO_PUBKEY\s0 has been used \- see below), then \fId2i_ECPrivateKey()\fR generates +the missing public key automatically. Private keys encoded without parameters +(e.g. if \s-1EC_PKEY_NO_PARAMETERS\s0 has been used \- see below) cannot be loaded using +\&\fId2i_ECPrivateKey()\fR. +.PP +The functions \fIEC_KEY_get_enc_flags()\fR and \fIEC_KEY_set_enc_flags()\fR get and set the +value of the encoding flags for the \fBkey\fR. There are two encoding flags +currently defined \- \s-1EC_PKEY_NO_PARAMETERS\s0 and \s-1EC_PKEY_NO_PUBKEY\s0. These flags +define the behaviour of how the \fBkey\fR is converted into \s-1ASN1\s0 in a call to +\&\fIi2d_ECPrivateKey()\fR. If \s-1EC_PKEY_NO_PARAMETERS\s0 is set then the public parameters for +the curve are not encoded along with the private key. If \s-1EC_PKEY_NO_PUBKEY\s0 is +set then the public key is not encoded along with the private key. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEC_KEY_get_enc_flags()\fR returns the value of the current encoding flags for the +\&\s-1EC_KEY\s0. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIcrypto\fR\|(7), \fIEC_GROUP_new\fR\|(3), +\&\fIEC_GROUP_copy\fR\|(3), \fIEC_POINT_new\fR\|(3), +\&\fIEC_POINT_add\fR\|(3), +\&\fIEC_GFp_simple_method\fR\|(3), +\&\fId2i_ECPKParameters\fR\|(3), +\&\fId2i_ECPrivateKey\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EC_KEY_new.3 b/linux_amd64/ssl/share/man/man3/EC_KEY_new.3 new file mode 100755 index 0000000..720f301 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EC_KEY_new.3 @@ -0,0 +1,330 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EC_KEY_NEW 3" +.TH EC_KEY_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EC_KEY_get_method, EC_KEY_set_method, EC_KEY_new_ex, +EC_KEY_new, EC_KEY_get_flags, EC_KEY_set_flags, EC_KEY_clear_flags, +EC_KEY_new_by_curve_name_ex, EC_KEY_new_by_curve_name, EC_KEY_free, EC_KEY_copy, +EC_KEY_dup, EC_KEY_up_ref, EC_KEY_get0_engine, +EC_KEY_get0_group, EC_KEY_set_group, EC_KEY_get0_private_key, +EC_KEY_set_private_key, EC_KEY_get0_public_key, EC_KEY_set_public_key, +EC_KEY_get_conv_form, +EC_KEY_set_conv_form, EC_KEY_set_asn1_flag, EC_KEY_precompute_mult, +EC_KEY_generate_key, EC_KEY_check_key, EC_KEY_set_public_key_affine_coordinates, +EC_KEY_oct2key, EC_KEY_key2buf, EC_KEY_oct2priv, EC_KEY_priv2oct, +EC_KEY_priv2buf \- Functions for creating, destroying and manipulating +EC_KEY objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EC_KEY *EC_KEY_new_ex(OPENSSL_CTX *ctx); +\& EC_KEY *EC_KEY_new(void); +\& int EC_KEY_get_flags(const EC_KEY *key); +\& void EC_KEY_set_flags(EC_KEY *key, int flags); +\& void EC_KEY_clear_flags(EC_KEY *key, int flags); +\& EC_KEY *EC_KEY_new_by_curve_name_ex(OPENSSL_CTX *ctx, int nid); +\& EC_KEY *EC_KEY_new_by_curve_name(int nid); +\& void EC_KEY_free(EC_KEY *key); +\& EC_KEY *EC_KEY_copy(EC_KEY *dst, const EC_KEY *src); +\& EC_KEY *EC_KEY_dup(const EC_KEY *src); +\& int EC_KEY_up_ref(EC_KEY *key); +\& ENGINE *EC_KEY_get0_engine(const EC_KEY *eckey); +\& const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key); +\& int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group); +\& const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key); +\& int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *prv); +\& const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key); +\& int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub); +\& point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key); +\& void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform); +\& void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag); +\& int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx); +\& int EC_KEY_generate_key(EC_KEY *key); +\& int EC_KEY_check_key(const EC_KEY *key); +\& int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, BIGNUM *y); +\& const EC_KEY_METHOD *EC_KEY_get_method(const EC_KEY *key); +\& int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth); +\& +\& int EC_KEY_oct2key(EC_KEY *eckey, const unsigned char *buf, size_t len, BN_CTX *ctx); +\& size_t EC_KEY_key2buf(const EC_KEY *eckey, point_conversion_form_t form, +\& unsigned char **pbuf, BN_CTX *ctx); +\& +\& int EC_KEY_oct2priv(EC_KEY *eckey, const unsigned char *buf, size_t len); +\& size_t EC_KEY_priv2oct(const EC_KEY *eckey, unsigned char *buf, size_t len); +\& +\& size_t EC_KEY_priv2buf(const EC_KEY *eckey, unsigned char **pbuf); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +An \s-1EC_KEY\s0 represents a public key and, optionally, the associated private +key. +A new \s-1EC_KEY\s0 with no associated curve can be constructed by calling +\&\fIEC_KEY_new_ex()\fR and specifying the associated library context in \fBctx\fR +(see \s-1\fIOPENSSL_CTX\s0\fR\|(3)). +The \fBctx\fR parameter may be \s-1NULL\s0 in which case the default library context is +used. +The reference count for the newly created \s-1EC_KEY\s0 is initially +set to 1. +A curve can be associated with the \s-1EC_KEY\s0 by calling +\&\fIEC_KEY_set_group()\fR. +.PP +\&\fIEC_KEY_new()\fR is the same as \fIEC_KEY_new_ex()\fR except that the default library +context is always used. +.PP +Alternatively a new \s-1EC_KEY\s0 can be constructed by calling +\&\fIEC_KEY_new_by_curve_name_ex()\fR and supplying the nid of the associated curve and +the library context to be used \fBctx\fR (see \s-1\fIOPENSSL_CTX\s0\fR\|(3)). +The \fBctx\fR parameter may be \s-1NULL\s0 in which case the default library context is +used. +See \fIEC_GROUP_new\fR\|(3) for a description of curve names. +This function simply wraps calls to \fIEC_KEY_new_ex()\fR and +\&\fIEC_GROUP_new_by_curve_name_ex()\fR. +.PP +\&\fIEC_KEY_new_by_curve_name()\fR is the same as \fIEC_KEY_new_by_curve_name_ex()\fR except +that the default library context is always used. +.PP +Calling \fIEC_KEY_free()\fR decrements the reference count for the \s-1EC_KEY\s0 object, +and if it has dropped to zero then frees the memory associated with it. If +\&\fBkey\fR is \s-1NULL\s0 nothing is done. +.PP +\&\fIEC_KEY_copy()\fR copies the contents of the \s-1EC_KEY\s0 in \fBsrc\fR into \fBdest\fR. +.PP +\&\fIEC_KEY_dup()\fR creates a new \s-1EC_KEY\s0 object and copies \fBec_key\fR into it. +.PP +\&\fIEC_KEY_up_ref()\fR increments the reference count associated with the \s-1EC_KEY\s0 +object. +.PP +\&\fIEC_KEY_get0_engine()\fR returns a handle to the \s-1ENGINE\s0 that has been set for +this \s-1EC_KEY\s0 object. +.PP +\&\fIEC_KEY_generate_key()\fR generates a new public and private key for the supplied +\&\fBeckey\fR object. \fBeckey\fR must have an \s-1EC_GROUP\s0 object associated with it +before calling this function. The private key is a random integer (0 < priv_key +< order, where \fIorder\fR is the order of the \s-1EC_GROUP\s0 object). The public key is +an \s-1EC_POINT\s0 on the curve calculated by multiplying the generator for the +curve by the private key. +.PP +\&\fIEC_KEY_check_key()\fR performs various sanity checks on the \s-1EC_KEY\s0 object to +confirm that it is valid. +.PP +\&\fIEC_KEY_set_public_key_affine_coordinates()\fR sets the public key for \fBkey\fR based +on its affine co-ordinates; i.e., it constructs an \s-1EC_POINT\s0 object based on +the supplied \fBx\fR and \fBy\fR values and sets the public key to be this +\&\s-1EC_POINT\s0. It also performs certain sanity checks on the key to confirm +that it is valid. +.PP +The functions \fIEC_KEY_get0_group()\fR, \fIEC_KEY_set_group()\fR, +\&\fIEC_KEY_get0_private_key()\fR, \fIEC_KEY_set_private_key()\fR, \fIEC_KEY_get0_public_key()\fR, +and \fIEC_KEY_set_public_key()\fR get and set the \s-1EC_GROUP\s0 object, the private key, +and the \s-1EC_POINT\s0 public key for the \fBkey\fR respectively. +.PP +The functions \fIEC_KEY_get_conv_form()\fR and \fIEC_KEY_set_conv_form()\fR get and set the +point_conversion_form for the \fBkey\fR. For a description of +point_conversion_forms please see \fIEC_POINT_new\fR\|(3). +.PP +\&\fIEC_KEY_set_flags()\fR sets the flags in the \fBflags\fR parameter on the \s-1EC_KEY\s0 +object. Any flags that are already set are left set. The flags currently +defined are \s-1EC_FLAG_NON_FIPS_ALLOW\s0 and \s-1EC_FLAG_FIPS_CHECKED\s0. In +addition there is the flag \s-1EC_FLAG_COFACTOR_ECDH\s0 which is specific to \s-1ECDH\s0. +\&\fIEC_KEY_get_flags()\fR returns the current flags that are set for this \s-1EC_KEY\s0. +\&\fIEC_KEY_clear_flags()\fR clears the flags indicated by the \fBflags\fR parameter; all +other flags are left in their existing state. +.PP +\&\fIEC_KEY_set_asn1_flag()\fR sets the asn1_flag on the underlying \s-1EC_GROUP\s0 object +(if set). Refer to \fIEC_GROUP_copy\fR\|(3) for further information on the +asn1_flag. +.PP +\&\fIEC_KEY_precompute_mult()\fR stores multiples of the underlying \s-1EC_GROUP\s0 generator +for faster point multiplication. See also \fIEC_POINT_add\fR\|(3). +.PP +\&\fIEC_KEY_oct2key()\fR and \fIEC_KEY_key2buf()\fR are identical to the functions +\&\fIEC_POINT_oct2point()\fR and \fIEC_KEY_point2buf()\fR except they use the public key +\&\s-1EC_POINT\s0 in \fBeckey\fR. +.PP +\&\fIEC_KEY_oct2priv()\fR and \fIEC_KEY_priv2oct()\fR convert between the private key +component of \fBeckey\fR and octet form. The octet form consists of the content +octets of the \fBprivateKey\fR \s-1OCTET\s0 \s-1STRING\s0 in an \fBECPrivateKey\fR \s-1ASN\s0.1 structure. +.PP +The function \fIEC_KEY_priv2oct()\fR must be supplied with a buffer long enough to +store the octet form. The return value provides the number of octets stored. +Calling the function with a \s-1NULL\s0 buffer will not perform the conversion but +will just return the required buffer length. +.PP +The function \fIEC_KEY_priv2buf()\fR allocates a buffer of suitable length and writes +an \s-1EC_KEY\s0 to it in octet format. The allocated buffer is written to \fB*pbuf\fR +and its length is returned. The caller must free up the allocated buffer with a +call to \fIOPENSSL_free()\fR. Since the allocated buffer value is written to \fB*pbuf\fR +the \fBpbuf\fR parameter \fB\s-1MUST\s0 \s-1NOT\s0\fR be \fB\s-1NULL\s0\fR. +.PP +\&\fIEC_KEY_priv2buf()\fR converts an \s-1EC_KEY\s0 private key into an allocated buffer. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEC_KEY_new_ex()\fR, \fIEC_KEY_new()\fR, \fIEC_KEY_new_by_curve_name()\fR and \fIEC_KEY_dup()\fR +return a pointer to the newly created \s-1EC_KEY\s0 object, or \s-1NULL\s0 on error. +.PP +\&\fIEC_KEY_get_flags()\fR returns the flags associated with the \s-1EC_KEY\s0 object as an +integer. +.PP +\&\fIEC_KEY_copy()\fR returns a pointer to the destination key, or \s-1NULL\s0 on error. +.PP +\&\fIEC_KEY_get0_engine()\fR returns a pointer to an \s-1ENGINE\s0, or \s-1NULL\s0 if it wasn't set. +.PP +\&\fIEC_KEY_up_ref()\fR, \fIEC_KEY_set_group()\fR, \fIEC_KEY_set_private_key()\fR, +\&\fIEC_KEY_set_public_key()\fR, \fIEC_KEY_precompute_mult()\fR, \fIEC_KEY_generate_key()\fR, +\&\fIEC_KEY_check_key()\fR, \fIEC_KEY_set_public_key_affine_coordinates()\fR, +\&\fIEC_KEY_oct2key()\fR and \fIEC_KEY_oct2priv()\fR return 1 on success or 0 on error. +.PP +\&\fIEC_KEY_get0_group()\fR returns the \s-1EC_GROUP\s0 associated with the \s-1EC_KEY\s0. +.PP +\&\fIEC_KEY_get0_private_key()\fR returns the private key associated with the \s-1EC_KEY\s0. +.PP +\&\fIEC_KEY_get_conv_form()\fR return the point_conversion_form for the \s-1EC_KEY\s0. +.PP +\&\fIEC_KEY_key2buf()\fR, \fIEC_KEY_priv2oct()\fR and \fIEC_KEY_priv2buf()\fR return the length +of the buffer or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIcrypto\fR\|(7), \fIEC_GROUP_new\fR\|(3), +\&\fIEC_GROUP_copy\fR\|(3), \fIEC_POINT_new\fR\|(3), +\&\fIEC_POINT_add\fR\|(3), +\&\fIEC_GFp_simple_method\fR\|(3), +\&\fId2i_ECPKParameters\fR\|(3), +\&\s-1\fIOPENSSL_CTX\s0\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2013\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EC_POINT_add.3 b/linux_amd64/ssl/share/man/man3/EC_POINT_add.3 new file mode 100755 index 0000000..eb0ccdd --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EC_POINT_add.3 @@ -0,0 +1,207 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EC_POINT_ADD 3" +.TH EC_POINT_ADD 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EC_POINT_add, EC_POINT_dbl, EC_POINT_invert, EC_POINT_is_at_infinity, EC_POINT_is_on_curve, EC_POINT_cmp, EC_POINT_make_affine, EC_POINTs_make_affine, EC_POINTs_mul, EC_POINT_mul, EC_GROUP_precompute_mult, EC_GROUP_have_precompute_mult \- Functions for performing mathematical operations and tests on EC_POINT objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, +\& const EC_POINT *b, BN_CTX *ctx); +\& int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx); +\& int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx); +\& int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *p); +\& int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx); +\& int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx); +\& int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx); +\& int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, +\& EC_POINT *points[], BN_CTX *ctx); +\& int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, size_t num, +\& const EC_POINT *p[], const BIGNUM *m[], BN_CTX *ctx); +\& int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, +\& const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx); +\& int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx); +\& int EC_GROUP_have_precompute_mult(const EC_GROUP *group); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +EC_POINT_add adds the two points \fBa\fR and \fBb\fR and places the result in \fBr\fR. Similarly EC_POINT_dbl doubles the point \fBa\fR and places the +result in \fBr\fR. In both cases it is valid for \fBr\fR to be one of \fBa\fR or \fBb\fR. +.PP +EC_POINT_invert calculates the inverse of the supplied point \fBa\fR. The result is placed back in \fBa\fR. +.PP +The function EC_POINT_is_at_infinity tests whether the supplied point is at infinity or not. +.PP +EC_POINT_is_on_curve tests whether the supplied point is on the curve or not. +.PP +EC_POINT_cmp compares the two supplied points and tests whether or not they are equal. +.PP +The functions EC_POINT_make_affine and EC_POINTs_make_affine force the internal representation of the \s-1EC_POINT\s0(s) into the affine +co-ordinate system. In the case of EC_POINTs_make_affine the value \fBnum\fR provides the number of points in the array \fBpoints\fR to be +forced. +.PP +EC_POINT_mul is a convenient interface to EC_POINTs_mul: it calculates the value generator * \fBn\fR + \fBq\fR * \fBm\fR and stores the result in \fBr\fR. +The value \fBn\fR may be \s-1NULL\s0 in which case the result is just \fBq\fR * \fBm\fR (variable point multiplication). Alternatively, both \fBq\fR and \fBm\fR may be \s-1NULL\s0, and \fBn\fR non-NULL, in which case the result is just generator * \fBn\fR (fixed point multiplication). +When performing a single fixed or variable point multiplication, the underlying implementation uses a constant time algorithm, when the input scalar (either \fBn\fR or \fBm\fR) is in the range [0, ec_group_order). +.PP +EC_POINTs_mul calculates the value generator * \fBn\fR + \fBq[0]\fR * \fBm[0]\fR + ... + \fBq[num\-1]\fR * \fBm[num\-1]\fR. As for EC_POINT_mul the value \fBn\fR may be \s-1NULL\s0 or \fBnum\fR may be zero. +When performing a fixed point multiplication (\fBn\fR is non-NULL and \fBnum\fR is 0) or a variable point multiplication (\fBn\fR is \s-1NULL\s0 and \fBnum\fR is 1), the underlying implementation uses a constant time algorithm, when the input scalar (either \fBn\fR or \fBm[0]\fR) is in the range [0, ec_group_order). +.PP +The function EC_GROUP_precompute_mult stores multiples of the generator for faster point multiplication, whilst +EC_GROUP_have_precompute_mult tests whether precomputation has already been done. See \fIEC_GROUP_copy\fR\|(3) for information +about the generator. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following functions return 1 on success or 0 on error: EC_POINT_add, EC_POINT_dbl, EC_POINT_invert, EC_POINT_make_affine, +EC_POINTs_make_affine, EC_POINTs_make_affine, EC_POINT_mul, EC_POINTs_mul and EC_GROUP_precompute_mult. +.PP +EC_POINT_is_at_infinity returns 1 if the point is at infinity, or 0 otherwise. +.PP +EC_POINT_is_on_curve returns 1 if the point is on the curve, 0 if not, or \-1 on error. +.PP +EC_POINT_cmp returns 1 if the points are not equal, 0 if they are, or \-1 on error. +.PP +EC_GROUP_have_precompute_mult return 1 if a precomputation has been done, or 0 if not. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIcrypto\fR\|(7), \fIEC_GROUP_new\fR\|(3), \fIEC_GROUP_copy\fR\|(3), +\&\fIEC_POINT_new\fR\|(3), \fIEC_KEY_new\fR\|(3), +\&\fIEC_GFp_simple_method\fR\|(3), \fId2i_ECPKParameters\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2013\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EC_POINT_new.3 b/linux_amd64/ssl/share/man/man3/EC_POINT_new.3 new file mode 100755 index 0000000..c7b0d17 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EC_POINT_new.3 @@ -0,0 +1,375 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EC_POINT_NEW 3" +.TH EC_POINT_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EC_POINT_set_Jprojective_coordinates_GFp, +EC_POINT_point2buf, +EC_POINT_new, +EC_POINT_free, +EC_POINT_clear_free, +EC_POINT_copy, +EC_POINT_dup, +EC_POINT_method_of, +EC_POINT_set_to_infinity, +EC_POINT_get_Jprojective_coordinates_GFp, +EC_POINT_set_affine_coordinates, +EC_POINT_get_affine_coordinates, +EC_POINT_set_compressed_coordinates, +EC_POINT_set_affine_coordinates_GFp, +EC_POINT_get_affine_coordinates_GFp, +EC_POINT_set_compressed_coordinates_GFp, +EC_POINT_set_affine_coordinates_GF2m, +EC_POINT_get_affine_coordinates_GF2m, +EC_POINT_set_compressed_coordinates_GF2m, +EC_POINT_point2oct, +EC_POINT_oct2point, +EC_POINT_point2bn, +EC_POINT_bn2point, +EC_POINT_point2hex, +EC_POINT_hex2point +\&\- Functions for creating, destroying and manipulating EC_POINT objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EC_POINT *EC_POINT_new(const EC_GROUP *group); +\& void EC_POINT_free(EC_POINT *point); +\& void EC_POINT_clear_free(EC_POINT *point); +\& int EC_POINT_copy(EC_POINT *dst, const EC_POINT *src); +\& EC_POINT *EC_POINT_dup(const EC_POINT *src, const EC_GROUP *group); +\& const EC_METHOD *EC_POINT_method_of(const EC_POINT *point); +\& int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point); +\& int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, +\& EC_POINT *p, +\& const BIGNUM *x, const BIGNUM *y, +\& const BIGNUM *z, BN_CTX *ctx); +\& int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, +\& const EC_POINT *p, +\& BIGNUM *x, BIGNUM *y, BIGNUM *z, +\& BN_CTX *ctx); +\& int EC_POINT_set_affine_coordinates(const EC_GROUP *group, EC_POINT *p, +\& const BIGNUM *x, const BIGNUM *y, +\& BN_CTX *ctx); +\& int EC_POINT_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *p, +\& BIGNUM *x, BIGNUM *y, BN_CTX *ctx); +\& int EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *p, +\& const BIGNUM *x, int y_bit, +\& BN_CTX *ctx); +\& int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *p, +\& const BIGNUM *x, const BIGNUM *y, +\& BN_CTX *ctx); +\& int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, +\& const EC_POINT *p, +\& BIGNUM *x, BIGNUM *y, BN_CTX *ctx); +\& int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, +\& EC_POINT *p, +\& const BIGNUM *x, int y_bit, +\& BN_CTX *ctx); +\& int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p, +\& const BIGNUM *x, const BIGNUM *y, +\& BN_CTX *ctx); +\& int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, +\& const EC_POINT *p, +\& BIGNUM *x, BIGNUM *y, BN_CTX *ctx); +\& int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, +\& EC_POINT *p, +\& const BIGNUM *x, int y_bit, +\& BN_CTX *ctx); +\& size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *p, +\& point_conversion_form_t form, +\& unsigned char *buf, size_t len, BN_CTX *ctx); +\& size_t EC_POINT_point2buf(const EC_GROUP *group, const EC_POINT *point, +\& point_conversion_form_t form, +\& unsigned char **pbuf, BN_CTX *ctx); +\& int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *p, +\& const unsigned char *buf, size_t len, BN_CTX *ctx); +\& BIGNUM *EC_POINT_point2bn(const EC_GROUP *group, const EC_POINT *p, +\& point_conversion_form_t form, BIGNUM *bn, +\& BN_CTX *ctx); +\& EC_POINT *EC_POINT_bn2point(const EC_GROUP *group, const BIGNUM *bn, +\& EC_POINT *p, BN_CTX *ctx); +\& char *EC_POINT_point2hex(const EC_GROUP *group, const EC_POINT *p, +\& point_conversion_form_t form, BN_CTX *ctx); +\& EC_POINT *EC_POINT_hex2point(const EC_GROUP *group, const char *hex, +\& EC_POINT *p, BN_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +An \fB\s-1EC_POINT\s0\fR structure represents a point on a curve. A new point is +constructed by calling the function \fIEC_POINT_new()\fR and providing the +\&\fBgroup\fR object that the point relates to. +.PP +\&\fIEC_POINT_free()\fR frees the memory associated with the \fB\s-1EC_POINT\s0\fR. +if \fBpoint\fR is \s-1NULL\s0 nothing is done. +.PP +\&\fIEC_POINT_clear_free()\fR destroys any sensitive data held within the \s-1EC_POINT\s0 and +then frees its memory. If \fBpoint\fR is \s-1NULL\s0 nothing is done. +.PP +\&\fIEC_POINT_copy()\fR copies the point \fBsrc\fR into \fBdst\fR. Both \fBsrc\fR and \fBdst\fR +must use the same \fB\s-1EC_METHOD\s0\fR. +.PP +\&\fIEC_POINT_dup()\fR creates a new \fB\s-1EC_POINT\s0\fR object and copies the content from +\&\fBsrc\fR to the newly created \fB\s-1EC_POINT\s0\fR object. +.PP +\&\fIEC_POINT_method_of()\fR obtains the \fB\s-1EC_METHOD\s0\fR associated with \fBpoint\fR. +.PP +A valid point on a curve is the special point at infinity. A point is set to +be at infinity by calling \fIEC_POINT_set_to_infinity()\fR. +.PP +The affine co-ordinates for a point describe a point in terms of its x and y +position. The function \fIEC_POINT_set_affine_coordinates()\fR sets the \fBx\fR and \fBy\fR +co-ordinates for the point \fBp\fR defined over the curve given in \fBgroup\fR. The +function \fIEC_POINT_get_affine_coordinates()\fR sets \fBx\fR and \fBy\fR, either of which +may be \s-1NULL\s0, to the corresponding coordinates of \fBp\fR. +.PP +The functions \fIEC_POINT_set_affine_coordinates_GFp()\fR and +\&\fIEC_POINT_set_affine_coordinates_GF2m()\fR are synonyms for +\&\fIEC_POINT_set_affine_coordinates()\fR. They are defined for backwards compatibility +only and should not be used. +.PP +The functions \fIEC_POINT_get_affine_coordinates_GFp()\fR and +\&\fIEC_POINT_get_affine_coordinates_GF2m()\fR are synonyms for +\&\fIEC_POINT_get_affine_coordinates()\fR. They are defined for backwards compatibility +only and should not be used. +.PP +As well as the affine co-ordinates, a point can alternatively be described in +terms of its Jacobian projective co-ordinates (for Fp curves only). Jacobian +projective co-ordinates are expressed as three values x, y and z. Working in +this co-ordinate system provides more efficient point multiplication +operations. A mapping exists between Jacobian projective co-ordinates and +affine co-ordinates. A Jacobian projective co-ordinate (x, y, z) can be written +as an affine co-ordinate as (x/(z^2), y/(z^3)). Conversion to Jacobian +projective from affine co-ordinates is simple. The co-ordinate (x, y) is mapped +to (x, y, 1). To set or get the projective co-ordinates use +\&\fIEC_POINT_set_Jprojective_coordinates_GFp()\fR and +\&\fIEC_POINT_get_Jprojective_coordinates_GFp()\fR respectively. +.PP +Points can also be described in terms of their compressed co-ordinates. For a +point (x, y), for any given value for x such that the point is on the curve +there will only ever be two possible values for y. Therefore a point can be set +using the \fIEC_POINT_set_compressed_coordinates()\fR function where \fBx\fR is the x +co-ordinate and \fBy_bit\fR is a value 0 or 1 to identify which of the two +possible values for y should be used. +.PP +The functions \fIEC_POINT_set_compressed_coordinates_GFp()\fR and +\&\fIEC_POINT_set_compressed_coordinates_GF2m()\fR are synonyms for +\&\fIEC_POINT_set_compressed_coordinates()\fR. They are defined for backwards +compatibility only and should not be used. +.PP +In addition \fB\s-1EC_POINT\s0\fR can be converted to and from various external +representations. The octet form is the binary encoding of the \fBECPoint\fR +structure (as defined in \s-1RFC5480\s0 and used in certificates and \s-1TLS\s0 records): +only the content octets are present, the \fB\s-1OCTET\s0 \s-1STRING\s0\fR tag and length are +not included. \fB\s-1BIGNUM\s0\fR form is the octet form interpreted as a big endian +integer converted to a \fB\s-1BIGNUM\s0\fR structure. Hexadecimal form is the octet +form converted to a \s-1NULL\s0 terminated character string where each character +is one of the printable values 0\-9 or A\-F (or a\-f). +.PP +The functions \fIEC_POINT_point2oct()\fR, \fIEC_POINT_oct2point()\fR, \fIEC_POINT_point2bn()\fR, +\&\fIEC_POINT_bn2point()\fR, \fIEC_POINT_point2hex()\fR and \fIEC_POINT_hex2point()\fR convert from +and to EC_POINTs for the formats: octet, \s-1BIGNUM\s0 and hexadecimal respectively. +.PP +The function \fIEC_POINT_point2oct()\fR encodes the given curve point \fBp\fR as an +octet string into the buffer \fBbuf\fR of size \fBlen\fR, using the specified +conversion form \fBform\fR. +The encoding conforms with Sec. 2.3.3 of the \s-1SECG\s0 \s-1SEC\s0 1 (\*(L"Elliptic Curve +Cryptography\*(R") standard. +Similarly the function \fIEC_POINT_oct2point()\fR decodes a curve point into \fBp\fR from +the octet string contained in the given buffer \fBbuf\fR of size \fBlen\fR, conforming +to Sec. 2.3.4 of the \s-1SECG\s0 \s-1SEC\s0 1 (\*(L"Elliptic Curve Cryptography\*(R") standard. +.PP +The functions \fIEC_POINT_point2hex()\fR and \fIEC_POINT_point2bn()\fR convert a point \fBp\fR, +respectively, to the hexadecimal or \s-1BIGNUM\s0 representation of the same +encoding of the function \fIEC_POINT_point2oct()\fR. +Vice versa, similarly to the function \fIEC_POINT_oct2point()\fR, the functions +\&\fIEC_POINT_hex2point()\fR and \fIEC_POINT_point2bn()\fR decode the hexadecimal or +\&\s-1BIGNUM\s0 representation into the \s-1EC_POINT\s0 \fBp\fR. +.PP +Notice that, according to the standard, the octet string encoding of the point +at infinity for a given curve is fixed to a single octet of value zero and that, +vice versa, a single octet of size zero is decoded as the point at infinity. +.PP +The function \fIEC_POINT_point2oct()\fR must be supplied with a buffer long enough to +store the octet form. The return value provides the number of octets stored. +Calling the function with a \s-1NULL\s0 buffer will not perform the conversion but +will still return the required buffer length. +.PP +The function \fIEC_POINT_point2buf()\fR allocates a buffer of suitable length and +writes an \s-1EC_POINT\s0 to it in octet format. The allocated buffer is written to +\&\fB*pbuf\fR and its length is returned. The caller must free up the allocated +buffer with a call to \fIOPENSSL_free()\fR. Since the allocated buffer value is +written to \fB*pbuf\fR the \fBpbuf\fR parameter \fB\s-1MUST\s0 \s-1NOT\s0\fR be \fB\s-1NULL\s0\fR. +.PP +The function \fIEC_POINT_point2hex()\fR will allocate sufficient memory to store the +hexadecimal string. It is the caller's responsibility to free this memory with +a subsequent call to \fIOPENSSL_free()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEC_POINT_new()\fR and \fIEC_POINT_dup()\fR return the newly allocated \s-1EC_POINT\s0 or \s-1NULL\s0 +on error. +.PP +The following functions return 1 on success or 0 on error: \fIEC_POINT_copy()\fR, +\&\fIEC_POINT_set_to_infinity()\fR, \fIEC_POINT_set_Jprojective_coordinates_GFp()\fR, +\&\fIEC_POINT_get_Jprojective_coordinates_GFp()\fR, +\&\fIEC_POINT_set_affine_coordinates_GFp()\fR, \fIEC_POINT_get_affine_coordinates_GFp()\fR, +\&\fIEC_POINT_set_compressed_coordinates_GFp()\fR, +\&\fIEC_POINT_set_affine_coordinates_GF2m()\fR, \fIEC_POINT_get_affine_coordinates_GF2m()\fR, +\&\fIEC_POINT_set_compressed_coordinates_GF2m()\fR and \fIEC_POINT_oct2point()\fR. +.PP +EC_POINT_method_of returns the \s-1EC_METHOD\s0 associated with the supplied \s-1EC_POINT\s0. +.PP +\&\fIEC_POINT_point2oct()\fR and \fIEC_POINT_point2buf()\fR return the length of the required +buffer or 0 on error. +.PP +\&\fIEC_POINT_point2bn()\fR returns the pointer to the \s-1BIGNUM\s0 supplied, or \s-1NULL\s0 on +error. +.PP +\&\fIEC_POINT_bn2point()\fR returns the pointer to the \s-1EC_POINT\s0 supplied, or \s-1NULL\s0 on +error. +.PP +\&\fIEC_POINT_point2hex()\fR returns a pointer to the hex string, or \s-1NULL\s0 on error. +.PP +\&\fIEC_POINT_hex2point()\fR returns the pointer to the \s-1EC_POINT\s0 supplied, or \s-1NULL\s0 on +error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIcrypto\fR\|(7), \fIEC_GROUP_new\fR\|(3), \fIEC_GROUP_copy\fR\|(3), +\&\fIEC_POINT_add\fR\|(3), \fIEC_KEY_new\fR\|(3), +\&\fIEC_GFp_simple_method\fR\|(3), \fId2i_ECPKParameters\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2013\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/ENGINE_add.3 b/linux_amd64/ssl/share/man/man3/ENGINE_add.3 new file mode 100755 index 0000000..1c86381 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/ENGINE_add.3 @@ -0,0 +1,796 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ENGINE_ADD 3" +.TH ENGINE_ADD 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ENGINE_get_DH, ENGINE_get_DSA, +ENGINE_by_id, ENGINE_get_cipher_engine, ENGINE_get_default_DH, +ENGINE_get_default_DSA, +ENGINE_get_default_RAND, +ENGINE_get_default_RSA, ENGINE_get_digest_engine, ENGINE_get_first, +ENGINE_get_last, ENGINE_get_next, ENGINE_get_prev, ENGINE_new, +ENGINE_get_ciphers, ENGINE_get_ctrl_function, ENGINE_get_digests, +ENGINE_get_destroy_function, ENGINE_get_finish_function, +ENGINE_get_init_function, ENGINE_get_load_privkey_function, +ENGINE_get_load_pubkey_function, ENGINE_load_private_key, +ENGINE_load_public_key, ENGINE_get_RAND, ENGINE_get_RSA, ENGINE_get_id, +ENGINE_get_name, ENGINE_get_cmd_defns, ENGINE_get_cipher, +ENGINE_get_digest, ENGINE_add, ENGINE_cmd_is_executable, +ENGINE_ctrl, ENGINE_ctrl_cmd, ENGINE_ctrl_cmd_string, +ENGINE_finish, ENGINE_free, ENGINE_get_flags, ENGINE_init, +ENGINE_register_DH, ENGINE_register_DSA, +ENGINE_register_RAND, ENGINE_register_RSA, +ENGINE_register_all_complete, ENGINE_register_ciphers, +ENGINE_register_complete, ENGINE_register_digests, ENGINE_remove, +ENGINE_set_DH, ENGINE_set_DSA, +ENGINE_set_RAND, ENGINE_set_RSA, ENGINE_set_ciphers, +ENGINE_set_cmd_defns, ENGINE_set_ctrl_function, ENGINE_set_default, +ENGINE_set_default_DH, ENGINE_set_default_DSA, +ENGINE_set_default_RAND, ENGINE_set_default_RSA, +ENGINE_set_default_ciphers, ENGINE_set_default_digests, +ENGINE_set_default_string, ENGINE_set_destroy_function, +ENGINE_set_digests, ENGINE_set_finish_function, ENGINE_set_flags, +ENGINE_set_id, ENGINE_set_init_function, ENGINE_set_load_privkey_function, +ENGINE_set_load_pubkey_function, ENGINE_set_name, ENGINE_up_ref, +ENGINE_get_table_flags, ENGINE_cleanup, +ENGINE_load_builtin_engines, ENGINE_register_all_DH, +ENGINE_register_all_DSA, +ENGINE_register_all_RAND, +ENGINE_register_all_RSA, ENGINE_register_all_ciphers, +ENGINE_register_all_digests, ENGINE_set_table_flags, ENGINE_unregister_DH, +ENGINE_unregister_DSA, +ENGINE_unregister_RAND, ENGINE_unregister_RSA, ENGINE_unregister_ciphers, +ENGINE_unregister_digests +\&\- ENGINE cryptographic module support +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& ENGINE *ENGINE_get_first(void); +\& ENGINE *ENGINE_get_last(void); +\& ENGINE *ENGINE_get_next(ENGINE *e); +\& ENGINE *ENGINE_get_prev(ENGINE *e); +\& +\& int ENGINE_add(ENGINE *e); +\& int ENGINE_remove(ENGINE *e); +\& +\& ENGINE *ENGINE_by_id(const char *id); +\& +\& int ENGINE_init(ENGINE *e); +\& int ENGINE_finish(ENGINE *e); +\& +\& void ENGINE_load_builtin_engines(void); +\& +\& ENGINE *ENGINE_get_default_RSA(void); +\& ENGINE *ENGINE_get_default_DSA(void); +\& ENGINE *ENGINE_get_default_DH(void); +\& ENGINE *ENGINE_get_default_RAND(void); +\& ENGINE *ENGINE_get_cipher_engine(int nid); +\& ENGINE *ENGINE_get_digest_engine(int nid); +\& +\& int ENGINE_set_default_RSA(ENGINE *e); +\& int ENGINE_set_default_DSA(ENGINE *e); +\& int ENGINE_set_default_DH(ENGINE *e); +\& int ENGINE_set_default_RAND(ENGINE *e); +\& int ENGINE_set_default_ciphers(ENGINE *e); +\& int ENGINE_set_default_digests(ENGINE *e); +\& int ENGINE_set_default_string(ENGINE *e, const char *list); +\& +\& int ENGINE_set_default(ENGINE *e, unsigned int flags); +\& +\& unsigned int ENGINE_get_table_flags(void); +\& void ENGINE_set_table_flags(unsigned int flags); +\& +\& int ENGINE_register_RSA(ENGINE *e); +\& void ENGINE_unregister_RSA(ENGINE *e); +\& void ENGINE_register_all_RSA(void); +\& int ENGINE_register_DSA(ENGINE *e); +\& void ENGINE_unregister_DSA(ENGINE *e); +\& void ENGINE_register_all_DSA(void); +\& int ENGINE_register_DH(ENGINE *e); +\& void ENGINE_unregister_DH(ENGINE *e); +\& void ENGINE_register_all_DH(void); +\& int ENGINE_register_RAND(ENGINE *e); +\& void ENGINE_unregister_RAND(ENGINE *e); +\& void ENGINE_register_all_RAND(void); +\& int ENGINE_register_ciphers(ENGINE *e); +\& void ENGINE_unregister_ciphers(ENGINE *e); +\& void ENGINE_register_all_ciphers(void); +\& int ENGINE_register_digests(ENGINE *e); +\& void ENGINE_unregister_digests(ENGINE *e); +\& void ENGINE_register_all_digests(void); +\& int ENGINE_register_complete(ENGINE *e); +\& int ENGINE_register_all_complete(void); +\& +\& int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)); +\& int ENGINE_cmd_is_executable(ENGINE *e, int cmd); +\& int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, +\& long i, void *p, void (*f)(void), int cmd_optional); +\& int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg, +\& int cmd_optional); +\& +\& ENGINE *ENGINE_new(void); +\& int ENGINE_free(ENGINE *e); +\& int ENGINE_up_ref(ENGINE *e); +\& +\& int ENGINE_set_id(ENGINE *e, const char *id); +\& int ENGINE_set_name(ENGINE *e, const char *name); +\& int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth); +\& int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth); +\& int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth); +\& int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth); +\& int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f); +\& int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f); +\& int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f); +\& int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f); +\& int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f); +\& int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f); +\& int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f); +\& int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f); +\& int ENGINE_set_flags(ENGINE *e, int flags); +\& int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns); +\& +\& const char *ENGINE_get_id(const ENGINE *e); +\& const char *ENGINE_get_name(const ENGINE *e); +\& const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e); +\& const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e); +\& const DH_METHOD *ENGINE_get_DH(const ENGINE *e); +\& const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e); +\& ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e); +\& ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e); +\& ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e); +\& ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e); +\& ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e); +\& ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e); +\& ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e); +\& ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e); +\& const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid); +\& const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid); +\& int ENGINE_get_flags(const ENGINE *e); +\& const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e); +\& +\& EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, +\& UI_METHOD *ui_method, void *callback_data); +\& EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id, +\& UI_METHOD *ui_method, void *callback_data); +.Ve +.PP +Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& void ENGINE_cleanup(void) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions create, manipulate, and use cryptographic modules in the +form of \fB\s-1ENGINE\s0\fR objects. These objects act as containers for +implementations of cryptographic algorithms, and support a +reference-counted mechanism to allow them to be dynamically loaded in and +out of the running application. +.PP +The cryptographic functionality that can be provided by an \fB\s-1ENGINE\s0\fR +implementation includes the following abstractions; +.PP +.Vb 6 +\& RSA_METHOD \- for providing alternative RSA implementations +\& DSA_METHOD, DH_METHOD, RAND_METHOD, ECDH_METHOD, ECDSA_METHOD, +\& \- similarly for other OpenSSL APIs +\& EVP_CIPHER \- potentially multiple cipher algorithms (indexed by \*(Aqnid\*(Aq) +\& EVP_DIGEST \- potentially multiple hash algorithms (indexed by \*(Aqnid\*(Aq) +\& key\-loading \- loading public and/or private EVP_PKEY keys +.Ve +.SS "Reference counting and handles" +.IX Subsection "Reference counting and handles" +Due to the modular nature of the \s-1ENGINE\s0 \s-1API\s0, pointers to ENGINEs need to be +treated as handles \- ie. not only as pointers, but also as references to +the underlying \s-1ENGINE\s0 object. Ie. one should obtain a new reference when +making copies of an \s-1ENGINE\s0 pointer if the copies will be used (and +released) independently. +.PP +\&\s-1ENGINE\s0 objects have two levels of reference-counting to match the way in +which the objects are used. At the most basic level, each \s-1ENGINE\s0 pointer is +inherently a \fBstructural\fR reference \- a structural reference is required +to use the pointer value at all, as this kind of reference is a guarantee +that the structure can not be deallocated until the reference is released. +.PP +However, a structural reference provides no guarantee that the \s-1ENGINE\s0 is +initialised and able to use any of its cryptographic +implementations. Indeed it's quite possible that most ENGINEs will not +initialise at all in typical environments, as ENGINEs are typically used to +support specialised hardware. To use an \s-1ENGINE\s0's functionality, you need a +\&\fBfunctional\fR reference. This kind of reference can be considered a +specialised form of structural reference, because each functional reference +implicitly contains a structural reference as well \- however to avoid +difficult-to-find programming bugs, it is recommended to treat the two +kinds of reference independently. If you have a functional reference to an +\&\s-1ENGINE\s0, you have a guarantee that the \s-1ENGINE\s0 has been initialised and +is ready to perform cryptographic operations, and will remain initialised +until after you have released your reference. +.PP +\&\fIStructural references\fR +.PP +This basic type of reference is used for instantiating new ENGINEs, +iterating across OpenSSL's internal linked-list of loaded +ENGINEs, reading information about an \s-1ENGINE\s0, etc. Essentially a structural +reference is sufficient if you only need to query or manipulate the data of +an \s-1ENGINE\s0 implementation rather than use its functionality. +.PP +The \fIENGINE_new()\fR function returns a structural reference to a new (empty) +\&\s-1ENGINE\s0 object. There are other \s-1ENGINE\s0 \s-1API\s0 functions that return structural +references such as; \fIENGINE_by_id()\fR, \fIENGINE_get_first()\fR, \fIENGINE_get_last()\fR, +\&\fIENGINE_get_next()\fR, \fIENGINE_get_prev()\fR. All structural references should be +released by a corresponding to call to the \fIENGINE_free()\fR function \- the +\&\s-1ENGINE\s0 object itself will only actually be cleaned up and deallocated when +the last structural reference is released. +.PP +It should also be noted that many \s-1ENGINE\s0 \s-1API\s0 function calls that accept a +structural reference will internally obtain another reference \- typically +this happens whenever the supplied \s-1ENGINE\s0 will be needed by OpenSSL after +the function has returned. Eg. the function to add a new \s-1ENGINE\s0 to +OpenSSL's internal list is \fIENGINE_add()\fR \- if this function returns success, +then OpenSSL will have stored a new structural reference internally so the +caller is still responsible for freeing their own reference with +\&\fIENGINE_free()\fR when they are finished with it. In a similar way, some +functions will automatically release the structural reference passed to it +if part of the function's job is to do so. Eg. the \fIENGINE_get_next()\fR and +\&\fIENGINE_get_prev()\fR functions are used for iterating across the internal +\&\s-1ENGINE\s0 list \- they will return a new structural reference to the next (or +previous) \s-1ENGINE\s0 in the list or \s-1NULL\s0 if at the end (or beginning) of the +list, but in either case the structural reference passed to the function is +released on behalf of the caller. +.PP +To clarify a particular function's handling of references, one should +always consult that function's documentation \*(L"man\*(R" page, or failing that +the openssl/engine.h header file includes some hints. +.PP +\&\fIFunctional references\fR +.PP +As mentioned, functional references exist when the cryptographic +functionality of an \s-1ENGINE\s0 is required to be available. A functional +reference can be obtained in one of two ways; from an existing structural +reference to the required \s-1ENGINE\s0, or by asking OpenSSL for the default +operational \s-1ENGINE\s0 for a given cryptographic purpose. +.PP +To obtain a functional reference from an existing structural reference, +call the \fIENGINE_init()\fR function. This returns zero if the \s-1ENGINE\s0 was not +already operational and couldn't be successfully initialised (eg. lack of +system drivers, no special hardware attached, etc), otherwise it will +return nonzero to indicate that the \s-1ENGINE\s0 is now operational and will +have allocated a new \fBfunctional\fR reference to the \s-1ENGINE\s0. All functional +references are released by calling \fIENGINE_finish()\fR (which removes the +implicit structural reference as well). +.PP +The second way to get a functional reference is by asking OpenSSL for a +default implementation for a given task, eg. by \fIENGINE_get_default_RSA()\fR, +\&\fIENGINE_get_default_cipher_engine()\fR, etc. These are discussed in the next +section, though they are not usually required by application programmers as +they are used automatically when creating and using the relevant +algorithm-specific types in OpenSSL, such as \s-1RSA\s0, \s-1DSA\s0, \s-1EVP_CIPHER_CTX\s0, etc. +.SS "Default implementations" +.IX Subsection "Default implementations" +For each supported abstraction, the \s-1ENGINE\s0 code maintains an internal table +of state to control which implementations are available for a given +abstraction and which should be used by default. These implementations are +registered in the tables and indexed by an 'nid' value, because +abstractions like \s-1EVP_CIPHER\s0 and \s-1EVP_DIGEST\s0 support many distinct +algorithms and modes, and ENGINEs can support arbitrarily many of them. +In the case of other abstractions like \s-1RSA\s0, \s-1DSA\s0, etc, there is only one +\&\*(L"algorithm\*(R" so all implementations implicitly register using the same 'nid' +index. +.PP +When a default \s-1ENGINE\s0 is requested for a given abstraction/algorithm/mode, (eg. +when calling RSA_new_method(\s-1NULL\s0)), a \*(L"get_default\*(R" call will be made to the +\&\s-1ENGINE\s0 subsystem to process the corresponding state table and return a +functional reference to an initialised \s-1ENGINE\s0 whose implementation should be +used. If no \s-1ENGINE\s0 should (or can) be used, it will return \s-1NULL\s0 and the caller +will operate with a \s-1NULL\s0 \s-1ENGINE\s0 handle \- this usually equates to using the +conventional software implementation. In the latter case, OpenSSL will from +then on behave the way it used to before the \s-1ENGINE\s0 \s-1API\s0 existed. +.PP +Each state table has a flag to note whether it has processed this +\&\*(L"get_default\*(R" query since the table was last modified, because to process +this question it must iterate across all the registered ENGINEs in the +table trying to initialise each of them in turn, in case one of them is +operational. If it returns a functional reference to an \s-1ENGINE\s0, it will +also cache another reference to speed up processing future queries (without +needing to iterate across the table). Likewise, it will cache a \s-1NULL\s0 +response if no \s-1ENGINE\s0 was available so that future queries won't repeat the +same iteration unless the state table changes. This behaviour can also be +changed; if the \s-1ENGINE_TABLE_FLAG_NOINIT\s0 flag is set (using +\&\fIENGINE_set_table_flags()\fR), no attempted initialisations will take place, +instead the only way for the state table to return a non-NULL \s-1ENGINE\s0 to the +\&\*(L"get_default\*(R" query will be if one is expressly set in the table. Eg. +\&\fIENGINE_set_default_RSA()\fR does the same job as \fIENGINE_register_RSA()\fR except +that it also sets the state table's cached response for the \*(L"get_default\*(R" +query. In the case of abstractions like \s-1EVP_CIPHER\s0, where implementations are +indexed by 'nid', these flags and cached-responses are distinct for each 'nid' +value. +.SS "Application requirements" +.IX Subsection "Application requirements" +This section will explain the basic things an application programmer should +support to make the most useful elements of the \s-1ENGINE\s0 functionality +available to the user. The first thing to consider is whether the +programmer wishes to make alternative \s-1ENGINE\s0 modules available to the +application and user. OpenSSL maintains an internal linked list of +\&\*(L"visible\*(R" ENGINEs from which it has to operate \- at start-up, this list is +empty and in fact if an application does not call any \s-1ENGINE\s0 \s-1API\s0 calls and +it uses static linking against openssl, then the resulting application +binary will not contain any alternative \s-1ENGINE\s0 code at all. So the first +consideration is whether any/all available \s-1ENGINE\s0 implementations should be +made visible to OpenSSL \- this is controlled by calling the various \*(L"load\*(R" +functions. +.PP +The fact that ENGINEs are made visible to OpenSSL (and thus are linked into +the program and loaded into memory at run-time) does not mean they are +\&\*(L"registered\*(R" or called into use by OpenSSL automatically \- that behaviour +is something for the application to control. Some applications +will want to allow the user to specify exactly which \s-1ENGINE\s0 they want used +if any is to be used at all. Others may prefer to load all support and have +OpenSSL automatically use at run-time any \s-1ENGINE\s0 that is able to +successfully initialise \- ie. to assume that this corresponds to +acceleration hardware attached to the machine or some such thing. There are +probably numerous other ways in which applications may prefer to handle +things, so we will simply illustrate the consequences as they apply to a +couple of simple cases and leave developers to consider these and the +source code to openssl's built-in utilities as guides. +.PP +If no \s-1ENGINE\s0 \s-1API\s0 functions are called within an application, then OpenSSL +will not allocate any internal resources. Prior to OpenSSL 1.1.0, however, +if any ENGINEs are loaded, even if not registered or used, it was necessary to +call \fIENGINE_cleanup()\fR before the program exits. +.PP +\&\fIUsing a specific \s-1ENGINE\s0 implementation\fR +.PP +Here we'll assume an application has been configured by its user or admin +to want to use the \*(L"\s-1ACME\s0\*(R" \s-1ENGINE\s0 if it is available in the version of +OpenSSL the application was compiled with. If it is available, it should be +used by default for all \s-1RSA\s0, \s-1DSA\s0, and symmetric cipher operations, otherwise +OpenSSL should use its built-in software as per usual. The following code +illustrates how to approach this; +.PP +.Vb 10 +\& ENGINE *e; +\& const char *engine_id = "ACME"; +\& ENGINE_load_builtin_engines(); +\& e = ENGINE_by_id(engine_id); +\& if (!e) +\& /* the engine isn\*(Aqt available */ +\& return; +\& if (!ENGINE_init(e)) { +\& /* the engine couldn\*(Aqt initialise, release \*(Aqe\*(Aq */ +\& ENGINE_free(e); +\& return; +\& } +\& if (!ENGINE_set_default_RSA(e)) +\& /* +\& * This should only happen when \*(Aqe\*(Aq can\*(Aqt initialise, but the previous +\& * statement suggests it did. +\& */ +\& abort(); +\& ENGINE_set_default_DSA(e); +\& ENGINE_set_default_ciphers(e); +\& /* Release the functional reference from ENGINE_init() */ +\& ENGINE_finish(e); +\& /* Release the structural reference from ENGINE_by_id() */ +\& ENGINE_free(e); +.Ve +.PP +\&\fIAutomatically using built-in \s-1ENGINE\s0 implementations\fR +.PP +Here we'll assume we want to load and register all \s-1ENGINE\s0 implementations +bundled with OpenSSL, such that for any cryptographic algorithm required by +OpenSSL \- if there is an \s-1ENGINE\s0 that implements it and can be initialised, +it should be used. The following code illustrates how this can work; +.PP +.Vb 4 +\& /* Load all bundled ENGINEs into memory and make them visible */ +\& ENGINE_load_builtin_engines(); +\& /* Register all of them for every algorithm they collectively implement */ +\& ENGINE_register_all_complete(); +.Ve +.PP +That's all that's required. Eg. the next time OpenSSL tries to set up an +\&\s-1RSA\s0 key, any bundled ENGINEs that implement \s-1RSA_METHOD\s0 will be passed to +\&\fIENGINE_init()\fR and if any of those succeed, that \s-1ENGINE\s0 will be set as the +default for \s-1RSA\s0 use from then on. +.SS "Advanced configuration support" +.IX Subsection "Advanced configuration support" +There is a mechanism supported by the \s-1ENGINE\s0 framework that allows each +\&\s-1ENGINE\s0 implementation to define an arbitrary set of configuration +\&\*(L"commands\*(R" and expose them to OpenSSL and any applications based on +OpenSSL. This mechanism is entirely based on the use of name-value pairs +and assumes \s-1ASCII\s0 input (no unicode or \s-1UTF\s0 for now!), so it is ideal if +applications want to provide a transparent way for users to provide +arbitrary configuration \*(L"directives\*(R" directly to such ENGINEs. It is also +possible for the application to dynamically interrogate the loaded \s-1ENGINE\s0 +implementations for the names, descriptions, and input flags of their +available \*(L"control commands\*(R", providing a more flexible configuration +scheme. However, if the user is expected to know which \s-1ENGINE\s0 device he/she +is using (in the case of specialised hardware, this goes without saying) +then applications may not need to concern themselves with discovering the +supported control commands and simply prefer to pass settings into ENGINEs +exactly as they are provided by the user. +.PP +Before illustrating how control commands work, it is worth mentioning what +they are typically used for. Broadly speaking there are two uses for +control commands; the first is to provide the necessary details to the +implementation (which may know nothing at all specific to the host system) +so that it can be initialised for use. This could include the path to any +driver or config files it needs to load, required network addresses, +smart-card identifiers, passwords to initialise protected devices, +logging information, etc etc. This class of commands typically needs to be +passed to an \s-1ENGINE\s0 \fBbefore\fR attempting to initialise it, ie. before +calling \fIENGINE_init()\fR. The other class of commands consist of settings or +operations that tweak certain behaviour or cause certain operations to take +place, and these commands may work either before or after \fIENGINE_init()\fR, or +in some cases both. \s-1ENGINE\s0 implementations should provide indications of +this in the descriptions attached to built-in control commands and/or in +external product documentation. +.PP +\&\fIIssuing control commands to an \s-1ENGINE\s0\fR +.PP +Let's illustrate by example; a function for which the caller supplies the +name of the \s-1ENGINE\s0 it wishes to use, a table of string-pairs for use before +initialisation, and another table for use after initialisation. Note that +the string-pairs used for control commands consist of a command \*(L"name\*(R" +followed by the command \*(L"parameter\*(R" \- the parameter could be \s-1NULL\s0 in some +cases but the name can not. This function should initialise the \s-1ENGINE\s0 +(issuing the \*(L"pre\*(R" commands beforehand and the \*(L"post\*(R" commands afterwards) +and set it as the default for everything except \s-1RAND\s0 and then return a +boolean success or failure. +.PP +.Vb 10 +\& int generic_load_engine_fn(const char *engine_id, +\& const char **pre_cmds, int pre_num, +\& const char **post_cmds, int post_num) +\& { +\& ENGINE *e = ENGINE_by_id(engine_id); +\& if (!e) return 0; +\& while (pre_num\-\-) { +\& if (!ENGINE_ctrl_cmd_string(e, pre_cmds[0], pre_cmds[1], 0)) { +\& fprintf(stderr, "Failed command (%s \- %s:%s)\en", engine_id, +\& pre_cmds[0], pre_cmds[1] ? pre_cmds[1] : "(NULL)"); +\& ENGINE_free(e); +\& return 0; +\& } +\& pre_cmds += 2; +\& } +\& if (!ENGINE_init(e)) { +\& fprintf(stderr, "Failed initialisation\en"); +\& ENGINE_free(e); +\& return 0; +\& } +\& /* +\& * ENGINE_init() returned a functional reference, so free the structural +\& * reference from ENGINE_by_id(). +\& */ +\& ENGINE_free(e); +\& while (post_num\-\-) { +\& if (!ENGINE_ctrl_cmd_string(e, post_cmds[0], post_cmds[1], 0)) { +\& fprintf(stderr, "Failed command (%s \- %s:%s)\en", engine_id, +\& post_cmds[0], post_cmds[1] ? post_cmds[1] : "(NULL)"); +\& ENGINE_finish(e); +\& return 0; +\& } +\& post_cmds += 2; +\& } +\& ENGINE_set_default(e, ENGINE_METHOD_ALL & ~ENGINE_METHOD_RAND); +\& /* Success */ +\& return 1; +\& } +.Ve +.PP +Note that \fIENGINE_ctrl_cmd_string()\fR accepts a boolean argument that can +relax the semantics of the function \- if set nonzero it will only return +failure if the \s-1ENGINE\s0 supported the given command name but failed while +executing it, if the \s-1ENGINE\s0 doesn't support the command name it will simply +return success without doing anything. In this case we assume the user is +only supplying commands specific to the given \s-1ENGINE\s0 so we set this to +\&\s-1FALSE\s0. +.PP +\&\fIDiscovering supported control commands\fR +.PP +It is possible to discover at run-time the names, numerical-ids, descriptions +and input parameters of the control commands supported by an \s-1ENGINE\s0 using a +structural reference. Note that some control commands are defined by OpenSSL +itself and it will intercept and handle these control commands on behalf of the +\&\s-1ENGINE\s0, ie. the \s-1ENGINE\s0's \fIctrl()\fR handler is not used for the control command. +openssl/engine.h defines an index, \s-1ENGINE_CMD_BASE\s0, that all control commands +implemented by ENGINEs should be numbered from. Any command value lower than +this symbol is considered a \*(L"generic\*(R" command is handled directly by the +OpenSSL core routines. +.PP +It is using these \*(L"core\*(R" control commands that one can discover the control +commands implemented by a given \s-1ENGINE\s0, specifically the commands: +.PP +.Vb 9 +\& ENGINE_HAS_CTRL_FUNCTION +\& ENGINE_CTRL_GET_FIRST_CMD_TYPE +\& ENGINE_CTRL_GET_NEXT_CMD_TYPE +\& ENGINE_CTRL_GET_CMD_FROM_NAME +\& ENGINE_CTRL_GET_NAME_LEN_FROM_CMD +\& ENGINE_CTRL_GET_NAME_FROM_CMD +\& ENGINE_CTRL_GET_DESC_LEN_FROM_CMD +\& ENGINE_CTRL_GET_DESC_FROM_CMD +\& ENGINE_CTRL_GET_CMD_FLAGS +.Ve +.PP +Whilst these commands are automatically processed by the OpenSSL framework code, +they use various properties exposed by each \s-1ENGINE\s0 to process these +queries. An \s-1ENGINE\s0 has 3 properties it exposes that can affect how this behaves; +it can supply a \fIctrl()\fR handler, it can specify \s-1ENGINE_FLAGS_MANUAL_CMD_CTRL\s0 in +the \s-1ENGINE\s0's flags, and it can expose an array of control command descriptions. +If an \s-1ENGINE\s0 specifies the \s-1ENGINE_FLAGS_MANUAL_CMD_CTRL\s0 flag, then it will +simply pass all these \*(L"core\*(R" control commands directly to the \s-1ENGINE\s0's \fIctrl()\fR +handler (and thus, it must have supplied one), so it is up to the \s-1ENGINE\s0 to +reply to these \*(L"discovery\*(R" commands itself. If that flag is not set, then the +OpenSSL framework code will work with the following rules: +.PP +.Vb 9 +\& if no ctrl() handler supplied; +\& ENGINE_HAS_CTRL_FUNCTION returns FALSE (zero), +\& all other commands fail. +\& if a ctrl() handler was supplied but no array of control commands; +\& ENGINE_HAS_CTRL_FUNCTION returns TRUE, +\& all other commands fail. +\& if a ctrl() handler and array of control commands was supplied; +\& ENGINE_HAS_CTRL_FUNCTION returns TRUE, +\& all other commands proceed processing ... +.Ve +.PP +If the \s-1ENGINE\s0's array of control commands is empty then all other commands will +fail, otherwise; \s-1ENGINE_CTRL_GET_FIRST_CMD_TYPE\s0 returns the identifier of +the first command supported by the \s-1ENGINE\s0, \s-1ENGINE_GET_NEXT_CMD_TYPE\s0 takes the +identifier of a command supported by the \s-1ENGINE\s0 and returns the next command +identifier or fails if there are no more, \s-1ENGINE_CMD_FROM_NAME\s0 takes a string +name for a command and returns the corresponding identifier or fails if no such +command name exists, and the remaining commands take a command identifier and +return properties of the corresponding commands. All except +\&\s-1ENGINE_CTRL_GET_FLAGS\s0 return the string length of a command name or description, +or populate a supplied character buffer with a copy of the command name or +description. \s-1ENGINE_CTRL_GET_FLAGS\s0 returns a bitwise-OR'd mask of the following +possible values: +.PP +.Vb 4 +\& ENGINE_CMD_FLAG_NUMERIC +\& ENGINE_CMD_FLAG_STRING +\& ENGINE_CMD_FLAG_NO_INPUT +\& ENGINE_CMD_FLAG_INTERNAL +.Ve +.PP +If the \s-1ENGINE_CMD_FLAG_INTERNAL\s0 flag is set, then any other flags are purely +informational to the caller \- this flag will prevent the command being usable +for any higher-level \s-1ENGINE\s0 functions such as \fIENGINE_ctrl_cmd_string()\fR. +\&\*(L"\s-1INTERNAL\s0\*(R" commands are not intended to be exposed to text-based configuration +by applications, administrations, users, etc. These can support arbitrary +operations via \fIENGINE_ctrl()\fR, including passing to and/or from the control +commands data of any arbitrary type. These commands are supported in the +discovery mechanisms simply to allow applications to determine if an \s-1ENGINE\s0 +supports certain specific commands it might want to use (eg. application \*(L"foo\*(R" +might query various ENGINEs to see if they implement \*(L"\s-1FOO_GET_VENDOR_LOGO_GIF\s0\*(R" \- +and \s-1ENGINE\s0 could therefore decide whether or not to support this \*(L"foo\*(R"\-specific +extension). +.SH "ENVIRONMENT" +.IX Header "ENVIRONMENT" +.IP "\fB\s-1OPENSSL_ENGINES\s0\fR" 4 +.IX Item "OPENSSL_ENGINES" +The path to the engines directory. +Ignored in set-user-ID and set-group-ID programs. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIENGINE_get_first()\fR, \fIENGINE_get_last()\fR, \fIENGINE_get_next()\fR and \fIENGINE_get_prev()\fR +return a valid \fB\s-1ENGINE\s0\fR structure or \s-1NULL\s0 if an error occurred. +.PP +\&\fIENGINE_add()\fR and \fIENGINE_remove()\fR return 1 on success or 0 on error. +.PP +\&\fIENGINE_by_id()\fR returns a valid \fB\s-1ENGINE\s0\fR structure or \s-1NULL\s0 if an error occurred. +.PP +\&\fIENGINE_init()\fR and \fIENGINE_finish()\fR return 1 on success or 0 on error. +.PP +All \fIENGINE_get_default_TYPE()\fR functions, \fIENGINE_get_cipher_engine()\fR and +\&\fIENGINE_get_digest_engine()\fR return a valid \fB\s-1ENGINE\s0\fR structure on success or \s-1NULL\s0 +if an error occurred. +.PP +All \fIENGINE_set_default_TYPE()\fR functions return 1 on success or 0 on error. +.PP +\&\fIENGINE_set_default()\fR returns 1 on success or 0 on error. +.PP +\&\fIENGINE_get_table_flags()\fR returns an unsigned integer value representing the +global table flags which are used to control the registration behaviour of +\&\fB\s-1ENGINE\s0\fR implementations. +.PP +All \fIENGINE_register_TYPE()\fR functions return 1 on success or 0 on error. +.PP +\&\fIENGINE_register_complete()\fR and \fIENGINE_register_all_complete()\fR return 1 on success +or 0 on error. +.PP +\&\fIENGINE_ctrl()\fR returns a positive value on success or others on error. +.PP +\&\fIENGINE_cmd_is_executable()\fR returns 1 if \fBcmd\fR is executable or 0 otherwise. +.PP +\&\fIENGINE_ctrl_cmd()\fR and \fIENGINE_ctrl_cmd_string()\fR return 1 on success or 0 on error. +.PP +\&\fIENGINE_new()\fR returns a valid \fB\s-1ENGINE\s0\fR structure on success or \s-1NULL\s0 if an error +occurred. +.PP +\&\fIENGINE_free()\fR returns 1 on success or 0 on error. +.PP +\&\fIENGINE_up_ref()\fR returns 1 on success or 0 on error. +.PP +\&\fIENGINE_set_id()\fR and \fIENGINE_set_name()\fR return 1 on success or 0 on error. +.PP +All other \fBENGINE_set_*\fR functions return 1 on success or 0 on error. +.PP +\&\fIENGINE_get_id()\fR and \fIENGINE_get_name()\fR return a string representing the identifier +and the name of the \s-1ENGINE\s0 \fBe\fR respectively. +.PP +\&\fIENGINE_get_RSA()\fR, \fIENGINE_get_DSA()\fR, \fIENGINE_get_DH()\fR and \fIENGINE_get_RAND()\fR +return corresponding method structures for each algorithms. +.PP +\&\fIENGINE_get_destroy_function()\fR, \fIENGINE_get_init_function()\fR, +\&\fIENGINE_get_finish_function()\fR, \fIENGINE_get_ctrl_function()\fR, +\&\fIENGINE_get_load_privkey_function()\fR, \fIENGINE_get_load_pubkey_function()\fR, +\&\fIENGINE_get_ciphers()\fR and \fIENGINE_get_digests()\fR return corresponding function +pointers of the callbacks. +.PP +\&\fIENGINE_get_cipher()\fR returns a valid \fB\s-1EVP_CIPHER\s0\fR structure on success or \s-1NULL\s0 +if an error occurred. +.PP +\&\fIENGINE_get_digest()\fR returns a valid \fB\s-1EVP_MD\s0\fR structure on success or \s-1NULL\s0 if an +error occurred. +.PP +\&\fIENGINE_get_flags()\fR returns an integer representing the \s-1ENGINE\s0 flags which are +used to control various behaviours of an \s-1ENGINE\s0. +.PP +\&\fIENGINE_get_cmd_defns()\fR returns an \fB\s-1ENGINE_CMD_DEFN\s0\fR structure or \s-1NULL\s0 if it's +not set. +.PP +\&\fIENGINE_load_private_key()\fR and \fIENGINE_load_public_key()\fR return a valid \fB\s-1EVP_PKEY\s0\fR +structure on success or \s-1NULL\s0 if an error occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIOPENSSL_init_crypto\fR\|(3), \fIRSA_new_method\fR\|(3), \fIDSA_new\fR\|(3), \fIDH_new\fR\|(3), +\&\fIRAND_bytes\fR\|(3), \fIconfig\fR\|(5) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIENGINE_cleanup()\fR was deprecated in OpenSSL 1.1.0 by the automatic cleanup +done by \fIOPENSSL_cleanup()\fR +and should not be used. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/ERR_GET_LIB.3 b/linux_amd64/ssl/share/man/man3/ERR_GET_LIB.3 new file mode 100755 index 0000000..719ea1d --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/ERR_GET_LIB.3 @@ -0,0 +1,189 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ERR_GET_LIB 3" +.TH ERR_GET_LIB 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ERR_GET_LIB, ERR_GET_FUNC, ERR_GET_REASON, ERR_FATAL_ERROR +\&\- get information from error codes +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int ERR_GET_LIB(unsigned long e); +\& +\& int ERR_GET_FUNC(unsigned long e); +\& +\& int ERR_GET_REASON(unsigned long e); +\& +\& int ERR_FATAL_ERROR(unsigned long e); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The error code returned by \fIERR_get_error()\fR consists of a library +number, function code and reason code. \s-1\fIERR_GET_LIB\s0()\fR, \s-1\fIERR_GET_FUNC\s0()\fR +and \s-1\fIERR_GET_REASON\s0()\fR can be used to extract these. +.PP +\&\s-1\fIERR_FATAL_ERROR\s0()\fR indicates whether a given error code is a fatal error. +.PP +The library number and function code describe where the error +occurred, the reason code is the information about what went wrong. +.PP +Each sub-library of OpenSSL has a unique library number; function and +reason codes are unique within each sub-library. Note that different +libraries may use the same value to signal different functions and +reasons. +.PP +\&\fB\s-1ERR_R_\s0...\fR reason codes such as \fB\s-1ERR_R_MALLOC_FAILURE\s0\fR are globally +unique. However, when checking for sub-library specific reason codes, +be sure to also compare the library number. +.PP +\&\s-1\fIERR_GET_LIB\s0()\fR, \s-1\fIERR_GET_FUNC\s0()\fR, \s-1\fIERR_GET_REASON\s0()\fR, and \s-1\fIERR_FATAL_ERROR\s0()\fR +are macros. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The library number, function code, reason code, and whether the error +is fatal, respectively. +Starting with OpenSSL 3.0.0, the function code is always set to zero. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1\fIERR_GET_LIB\s0()\fR, \s-1\fIERR_GET_FUNC\s0()\fR and \s-1\fIERR_GET_REASON\s0()\fR are available in +all versions of OpenSSL. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/ERR_clear_error.3 b/linux_amd64/ssl/share/man/man3/ERR_clear_error.3 new file mode 100755 index 0000000..124bab9 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/ERR_clear_error.3 @@ -0,0 +1,157 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ERR_CLEAR_ERROR 3" +.TH ERR_CLEAR_ERROR 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ERR_clear_error \- clear the error queue +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void ERR_clear_error(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIERR_clear_error()\fR empties the current thread's error queue. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIERR_clear_error()\fR has no return value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/ERR_error_string.3 b/linux_amd64/ssl/share/man/man3/ERR_error_string.3 new file mode 100755 index 0000000..7d0182e --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/ERR_error_string.3 @@ -0,0 +1,207 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ERR_ERROR_STRING 3" +.TH ERR_ERROR_STRING 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ERR_error_string, ERR_error_string_n, ERR_lib_error_string, +ERR_func_error_string, ERR_reason_error_string \- obtain human\-readable +error message +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& char *ERR_error_string(unsigned long e, char *buf); +\& void ERR_error_string_n(unsigned long e, char *buf, size_t len); +\& +\& const char *ERR_lib_error_string(unsigned long e); +\& const char *ERR_reason_error_string(unsigned long e); +.Ve +.PP +Deprecated in OpenSSL 3.0: +.PP +.Vb 1 +\& const char *ERR_func_error_string(unsigned long e); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIERR_error_string()\fR generates a human-readable string representing the +error code \fIe\fR, and places it at \fIbuf\fR. \fIbuf\fR must be at least 256 +bytes long. If \fIbuf\fR is \fB\s-1NULL\s0\fR, the error string is placed in a +static buffer. +Note that this function is not thread-safe and does no checks on the size +of the buffer; use \fIERR_error_string_n()\fR instead. +.PP +\&\fIERR_error_string_n()\fR is a variant of \fIERR_error_string()\fR that writes +at most \fIlen\fR characters (including the terminating 0) +and truncates the string if necessary. +For \fIERR_error_string_n()\fR, \fIbuf\fR may not be \fB\s-1NULL\s0\fR. +.PP +The string will have the following format: +.PP +.Vb 1 +\& error:[error code]:[library name]::[reason string] +.Ve +.PP +\&\fIerror code\fR is an 8 digit hexadecimal number, \fIlibrary name\fR and +\&\fIreason string\fR are \s-1ASCII\s0 text. +.PP +\&\fIERR_lib_error_string()\fR and \fIERR_reason_error_string()\fR return the library +name and reason string respectively. +.PP +If there is no text string registered for the given error code, +the error string will contain the numeric code. +.PP +\&\fIERR_print_errors\fR\|(3) can be used to print +all error codes currently in the queue. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIERR_error_string()\fR returns a pointer to a static buffer containing the +string if \fIbuf\fR \fB== \s-1NULL\s0\fR, \fIbuf\fR otherwise. +.PP +\&\fIERR_lib_error_string()\fR and \fIERR_reason_error_string()\fR return the strings, +and \fB\s-1NULL\s0\fR if none is registered for the error code. +.PP +\&\fIERR_func_error_string()\fR returns \s-1NULL\s0. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), +\&\fIERR_print_errors\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIERR_func_error_string()\fR became deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/ERR_get_error.3 b/linux_amd64/ssl/share/man/man3/ERR_get_error.3 new file mode 100755 index 0000000..b0689c4 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/ERR_get_error.3 @@ -0,0 +1,259 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ERR_GET_ERROR 3" +.TH ERR_GET_ERROR 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ERR_get_error, ERR_peek_error, ERR_peek_last_error, +ERR_get_error_line, ERR_peek_error_line, ERR_peek_last_error_line, +ERR_get_error_func, ERR_peek_error_func, ERR_peek_last_error_func, +ERR_get_error_data, ERR_peek_error_data, ERR_peek_last_error_data, +ERR_get_error_all, ERR_peek_error_all, ERR_peek_last_error_all, +ERR_get_error_line_data, ERR_peek_error_line_data, ERR_peek_last_error_line_data +\&\- obtain error code and data +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& unsigned long ERR_get_error(void); +\& unsigned long ERR_peek_error(void); +\& unsigned long ERR_peek_last_error(void); +\& +\& unsigned long ERR_get_error_line(const char **file, int *line); +\& unsigned long ERR_peek_error_line(const char **file, int *line); +\& unsigned long ERR_peek_last_error_line(const char **file, int *line); +\& +\& unsigned long ERR_get_error_func(const char **func); +\& unsigned long ERR_peek_error_func(const char **func); +\& unsigned long ERR_peek_last_error_func(const char **func); +\& +\& unsigned long ERR_get_error_data(const char **data, int *flags); +\& unsigned long ERR_peek_error_data(const char **data, int *flags); +\& unsigned long ERR_peek_last_error_data(const char **data, int *flags); +\& +\& unsigned long ERR_get_error_all(const char **file, int *line, +\& const char *func, +\& const char **data, int *flags); +\& unsigned long ERR_peek_error_all(const char **file, int *line, +\& const char *func, +\& const char **data, int *flags); +\& unsigned long ERR_peek_last_error_all(const char **file, int *line, +\& const char *func, +\& const char **data, int *flags); +.Ve +.PP +Deprecated since OpenSSL 3.0: +.PP +.Vb 6 +\& unsigned long ERR_get_error_line_data(const char **file, int *line, +\& const char **data, int *flags); +\& unsigned long ERR_peek_error_line_data(const char **file, int *line, +\& const char **data, int *flags); +\& unsigned long ERR_peek_last_error_line_data(const char **file, int *line, +\& const char **data, int *flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIERR_get_error()\fR returns the earliest error code from the thread's error +queue and removes the entry. This function can be called repeatedly +until there are no more error codes to return. +.PP +\&\fIERR_peek_error()\fR returns the earliest error code from the thread's +error queue without modifying it. +.PP +\&\fIERR_peek_last_error()\fR returns the latest error code from the thread's +error queue without modifying it. +.PP +See \s-1\fIERR_GET_LIB\s0\fR\|(3) for obtaining further specific information +such as the reason of the error, +and \fIERR_error_string\fR\|(3) for human-readable error messages. +.PP +\&\fIERR_get_error_line()\fR, \fIERR_peek_error_line()\fR and +\&\fIERR_peek_last_error_line()\fR are the same as \fIERR_get_error()\fR, +\&\fIERR_peek_error()\fR and \fIERR_peek_last_error()\fR, but on success they +additionally store the filename and line number where +the error occurred in *\fBfile\fR and *\fBline\fR, as far as they are not \fB\s-1NULL\s0\fR. +An unset filename is indicated as \fB""\fR, i.e., an empty string. +An unset line number is indicated as \fB0\fR. +.PP +A pointer returned this way by these functions and the ones below +is valid until the respective entry is removed from the error queue. +.PP +\&\fIERR_get_error_func()\fR, \fIERR_peek_error_func()\fR and +\&\fIERR_peek_last_error_func()\fR are the same as \fIERR_get_error()\fR, +\&\fIERR_peek_error()\fR and \fIERR_peek_last_error()\fR, but on success they +additionally store the name of the function where the error occurred +in *\fBfunc\fR, unless it is \fB\s-1NULL\s0\fR. +An unset function name is indicated as \fB""\fR. +.PP +\&\fIERR_get_error_data()\fR, \fIERR_peek_error_data()\fR and +\&\fIERR_peek_last_error_data()\fR are the same as \fIERR_get_error()\fR, +\&\fIERR_peek_error()\fR and \fIERR_peek_last_error()\fR, but on success they +additionally store additional data and flags associated with the error +code in *\fBdata\fR and *\fBflags\fR, as far as they are not \fB\s-1NULL\s0\fR. +Unset data is indicated as \fB""\fR. +In this case the value given for the flag is irrelevant (and equals \fB0\fR). +*\fBdata\fR contains a string if *\fBflags\fR&\fB\s-1ERR_TXT_STRING\s0\fR is true. +.PP +\&\fIERR_get_error_all()\fR, \fIERR_peek_error_all()\fR and +\&\fIERR_peek_last_error_all()\fR are combinations of all of the above. +.PP +\&\fIERR_get_error_line_data()\fR, \fIERR_peek_error_line_data()\fR and +\&\fIERR_peek_last_error_line_data()\fR are older variants of \fIERR_get_error_all()\fR, +\&\fIERR_peek_error_all()\fR and \fIERR_peek_last_error_all()\fR, and should no longer +be used. +.PP +An application \fB\s-1MUST\s0 \s-1NOT\s0\fR free the *\fBdata\fR pointer (or any other pointers +returned by these functions) with \fIOPENSSL_free()\fR as freeing is handled +automatically by the error library. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The error code, or 0 if there is no error in the queue. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_error_string\fR\|(3), +\&\s-1\fIERR_GET_LIB\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIERR_get_error_func()\fR, \fIERR_peek_error_func()\fR, \fIERR_peek_last_error_func()\fR, +\&\fIERR_get_error_data()\fR, \fIERR_peek_error_data()\fR, \fIERR_peek_last_error_data()\fR, +\&\fIERR_get_error_all()\fR, \fIERR_peek_error_all()\fR and \fIERR_peek_last_error_all()\fR +were added in OpenSSL 3.0. +.PP +\&\fIERR_get_error_line_data()\fR, \fIERR_peek_error_line_data()\fR and +\&\fIERR_peek_last_error_line_data()\fR became deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/ERR_load_crypto_strings.3 b/linux_amd64/ssl/share/man/man3/ERR_load_crypto_strings.3 new file mode 100755 index 0000000..60d043a --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/ERR_load_crypto_strings.3 @@ -0,0 +1,178 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ERR_LOAD_CRYPTO_STRINGS 3" +.TH ERR_LOAD_CRYPTO_STRINGS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ERR_load_crypto_strings, SSL_load_error_strings, ERR_free_strings \- +load and free error strings +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& #include +\& +\& void ERR_load_crypto_strings(void); +\& void ERR_free_strings(void); +\& +\& #include +\& +\& void SSL_load_error_strings(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIERR_load_crypto_strings()\fR registers the error strings for all +\&\fBlibcrypto\fR functions. \fISSL_load_error_strings()\fR does the same, +but also registers the \fBlibssl\fR error strings. +.PP +In versions prior to OpenSSL 1.1.0, +\&\fIERR_free_strings()\fR releases any resources created by the above functions. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIERR_load_crypto_strings()\fR, \fISSL_load_error_strings()\fR and +\&\fIERR_free_strings()\fR return no values. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_error_string\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fIERR_load_crypto_strings()\fR, \fISSL_load_error_strings()\fR, and +\&\fIERR_free_strings()\fR functions were deprecated in OpenSSL 1.1.0 by +\&\fIOPENSSL_init_crypto()\fR and \fIOPENSSL_init_ssl()\fR and should not be used. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/ERR_load_strings.3 b/linux_amd64/ssl/share/man/man3/ERR_load_strings.3 new file mode 100755 index 0000000..ab7a4ed --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/ERR_load_strings.3 @@ -0,0 +1,183 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ERR_LOAD_STRINGS 3" +.TH ERR_LOAD_STRINGS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ERR_load_strings, ERR_PACK, ERR_get_next_error_library \- load +arbitrary error strings +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void ERR_load_strings(int lib, ERR_STRING_DATA str[]); +\& +\& int ERR_get_next_error_library(void); +\& +\& unsigned long ERR_PACK(int lib, int func, int reason); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIERR_load_strings()\fR registers error strings for library number \fBlib\fR. +.PP +\&\fBstr\fR is an array of error string data: +.PP +.Vb 5 +\& typedef struct ERR_string_data_st +\& { +\& unsigned long error; +\& char *string; +\& } ERR_STRING_DATA; +.Ve +.PP +The error code is generated from the library number and a function and +reason code: \fBerror\fR = \s-1ERR_PACK\s0(\fBlib\fR, \fBfunc\fR, \fBreason\fR). +\&\s-1\fIERR_PACK\s0()\fR is a macro. +.PP +The last entry in the array is {0,0}. +.PP +\&\fIERR_get_next_error_library()\fR can be used to assign library numbers +to user libraries at run time. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIERR_load_strings()\fR returns no value. \s-1\fIERR_PACK\s0()\fR return the error code. +\&\fIERR_get_next_error_library()\fR returns zero on failure, otherwise a new +library number. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_load_strings\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/ERR_new.3 b/linux_amd64/ssl/share/man/man3/ERR_new.3 new file mode 100755 index 0000000..0fe3a9c --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/ERR_new.3 @@ -0,0 +1,200 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ERR_NEW 3" +.TH ERR_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ERR_new, ERR_set_debug, ERR_set_error, ERR_vset_error +\&\- Error recording building blocks +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void ERR_new(void); +\& void ERR_set_debug(const char *file, int line, const char *func); +\& void ERR_set_error(int lib, int reason, const char *fmt, ...); +\& void ERR_vset_error(int lib, int reason, const char *fmt, va_list args); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The functions described here are generally not used directly, but +rather through macros such as \fIERR_raise\fR\|(3). +They can still be useful for anyone that wants to make their own +macros. +.PP +\&\fIERR_new()\fR allocates a new slot in the thread's error queue. +.PP +\&\fIERR_set_debug()\fR sets the debug information related to the current +error in the thread's error queue. +The values that can be given are the filename \fIfile\fR, line in the +file \fIline\fR and the name of the function \fIfunc\fR where the error +occurred. +The names must be constant, this function will only save away the +pointers, not copy the strings. +.PP +\&\fIERR_set_error()\fR sets the error information, which are the library +number \fIlib\fR and the reason code \fIreason\fR, and additional data as a +format string \fIfmt\fR and an arbitrary number of arguments. +The additional data is processed with \fIBIO_snprintf\fR\|(3) to form the +additional data string, which is allocated and store in the error +record. +.PP +\&\fIERR_vset_error()\fR works like \fIERR_set_error()\fR, but takes a \fBva_list\fR +argument instead of a variable number of arguments. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +ERR_new, ERR_set_debug, ERR_set_error and ERR_vset_error +do not return any values. +.SH "NOTES" +.IX Header "NOTES" +The library number is unique to each unit that records errors. +OpenSSL has a number of pre-allocated ones for its own uses, but +others may allocate their own library number dynamically with +\&\fIERR_get_next_error_library\fR\|(3). +.PP +Reason codes are unique within each library, and may have an +associated set of strings as a short description of the reason. +For dynamically allocated library numbers, reason strings are recorded +with \fIERR_load_strings\fR\|(3). +.PP +Provider authors are supplied with core versions of these functions, +see \fIprovider\-base\fR\|(7). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_raise\fR\|(3), \fIERR_get_next_error_library\fR\|(3), +\&\fIERR_load_strings\fR\|(3), \fIBIO_snprintf\fR\|(3), \fIprovider\-base\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/ERR_print_errors.3 b/linux_amd64/ssl/share/man/man3/ERR_print_errors.3 new file mode 100755 index 0000000..044c07c --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/ERR_print_errors.3 @@ -0,0 +1,183 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ERR_PRINT_ERRORS 3" +.TH ERR_PRINT_ERRORS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ERR_print_errors, ERR_print_errors_fp, ERR_print_errors_cb +\&\- print error messages +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void ERR_print_errors(BIO *bp); +\& void ERR_print_errors_fp(FILE *fp); +\& void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u), void *u) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIERR_print_errors()\fR is a convenience function that prints the error +strings for all errors that OpenSSL has recorded to \fBbp\fR, thus +emptying the error queue. +.PP +\&\fIERR_print_errors_fp()\fR is the same, except that the output goes to a +\&\fB\s-1FILE\s0\fR. +.PP +\&\fIERR_print_errors_cb()\fR is the same, except that the callback function, +\&\fBcb\fR, is called for each error line with the string, length, and userdata +\&\fBu\fR as the callback parameters. +.PP +The error strings will have the following format: +.PP +.Vb 1 +\& [pid]:error:[error code]:[library name]:[function name]:[reason string]:[filename]:[line]:[optional text message] +.Ve +.PP +\&\fIerror code\fR is an 8 digit hexadecimal number. \fIlibrary name\fR, +\&\fIfunction name\fR and \fIreason string\fR are \s-1ASCII\s0 text, as is \fIoptional +text message\fR if one was set for the respective error code. +.PP +If there is no text string registered for the given error code, +the error string will contain the numeric code. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIERR_print_errors()\fR and \fIERR_print_errors_fp()\fR return no values. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_error_string\fR\|(3), +\&\fIERR_get_error\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/ERR_put_error.3 b/linux_amd64/ssl/share/man/man3/ERR_put_error.3 new file mode 100755 index 0000000..a881b34 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/ERR_put_error.3 @@ -0,0 +1,243 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ERR_PUT_ERROR 3" +.TH ERR_PUT_ERROR 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ERR_raise, ERR_raise_data, +ERR_put_error, ERR_add_error_data, ERR_add_error_vdata, +ERR_add_error_txt, ERR_add_error_mem_bio +\&\- record an error +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void ERR_raise(int lib, int reason); +\& void ERR_raise_data(int lib, int reason, const char *fmt, ...); +\& +\& void ERR_add_error_data(int num, ...); +\& void ERR_add_error_vdata(int num, va_list arg); +\& void ERR_add_error_txt(const char *sep, const char *txt); +\& void ERR_add_error_mem_bio(const char *sep, BIO *bio); +.Ve +.PP +Deprecated since OpenSSL 3.0: +.PP +.Vb 1 +\& void ERR_put_error(int lib, int func, int reason, const char *file, int line); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIERR_raise()\fR adds a new error to the thread's error queue. The +error occurred in the library \fBlib\fR for the reason given by the +\&\fBreason\fR code. Furthermore, the name of the file, the line, and name +of the function where the error occurred is saved with the error +record. +.PP +\&\fIERR_raise_data()\fR does the same thing as \fIERR_raise()\fR, but also lets the +caller specify additional information as a format string \fBfmt\fR and an +arbitrary number of values, which are processed with \fIBIO_snprintf\fR\|(3). +.PP +\&\fIERR_put_error()\fR adds an error code to the thread's error queue. It +signals that the error of reason code \fBreason\fR occurred in function +\&\fBfunc\fR of library \fBlib\fR, in line number \fBline\fR of \fBfile\fR. +This function is usually called by a macro. +.PP +\&\fIERR_add_error_data()\fR associates the concatenation of its \fBnum\fR string +arguments as additional data with the error code added last. +\&\fIERR_add_error_vdata()\fR is similar except the argument is a \fBva_list\fR. +Multiple calls to these functions append to the current top of the error queue. +The total length of the string data per error is limited to 4096 characters. +.PP +\&\fIERR_add_error_txt()\fR appends the given text string as additional data to the +last error queue entry, after inserting the optional separator string if it is +not \s-1NULL\s0 and the top error entry does not yet have additional data. +In case the separator is at the end of the text it is not appended to the data. +The \fBsep\fR argument may be for instance \*(L"\en\*(R" to insert a line break when needed. +If the associated data would become more than 4096 characters long +(which is the limit given above) +it is split over sufficiently many new copies of the last error queue entry. +.PP +\&\fIERR_add_error_mem_bio()\fR is the same as \fIERR_add_error_txt()\fR except that +the text string is taken from the given memory \s-1BIO\s0. +It appends '\e0' to the \s-1BIO\s0 contents if not already NUL-terminated. +.PP +\&\fIERR_load_strings\fR\|(3) can be used to register +error strings so that the application can a generate human-readable +error messages for the error code. +.SS "Reporting errors" +.IX Subsection "Reporting errors" +Each sub-library has a specific macro \fIXXXerr()\fR that is used to report +errors. Its first argument is a function code \fB\s-1XXX_F_\s0...\fR, the second +argument is a reason code \fB\s-1XXX_R_\s0...\fR. Function codes are derived +from the function names; reason codes consist of textual error +descriptions. For example, the function \fIssl3_read_bytes()\fR reports a +\&\*(L"handshake failure\*(R" as follows: +.PP +.Vb 1 +\& SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); +.Ve +.PP +Function and reason codes should consist of uppercase characters, +numbers and underscores only. The error file generation script translates +function codes into function names by looking in the header files +for an appropriate function name, if none is found it just uses +the capitalized form such as \*(L"\s-1SSL3_READ_BYTES\s0\*(R" in the above example. +.PP +The trailing section of a reason code (after the \*(L"_R_\*(R") is translated +into lowercase and underscores changed to spaces. +.PP +Although a library will normally report errors using its own specific +XXXerr macro, another library's macro can be used. This is normally +only done when a library wants to include \s-1ASN1\s0 code which must use +the \fIASN1err()\fR macro. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIERR_raise()\fR, \fIERR_put_error()\fR, +\&\fIERR_add_error_data()\fR, \fIERR_add_error_vdata()\fR +\&\fIERR_add_error_txt()\fR, and \fIERR_add_error_mem_bio()\fR +return no values. +.SH "NOTES" +.IX Header "NOTES" +\&\fIERR_raise()\fR and \fIERR_put_error()\fR are implemented as macros. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_load_strings\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBERR_add_error_txt\fR and \fBERR_add_error_mem_bio\fR were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/ERR_remove_state.3 b/linux_amd64/ssl/share/man/man3/ERR_remove_state.3 new file mode 100755 index 0000000..fc78aa4 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/ERR_remove_state.3 @@ -0,0 +1,175 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ERR_REMOVE_STATE 3" +.TH ERR_REMOVE_STATE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ERR_remove_thread_state, ERR_remove_state \- DEPRECATED +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +Deprecated since OpenSSL 1.0.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& void ERR_remove_state(unsigned long tid); +.Ve +.PP +Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& void ERR_remove_thread_state(void *tid); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIERR_remove_state()\fR frees the error queue associated with the specified +thread, identified by \fBtid\fR. +\&\fIERR_remove_thread_state()\fR does the same thing, except the identifier is +an opaque pointer. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIERR_remove_state()\fR and \fIERR_remove_thread_state()\fR return no value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +L\fIOPENSSL_init_crypto\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIERR_remove_state()\fR was deprecated in OpenSSL 1.0.0 and +\&\fIERR_remove_thread_state()\fR was deprecated in OpenSSL 1.1.0; these functions +and should not be used. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/ERR_set_mark.3 b/linux_amd64/ssl/share/man/man3/ERR_set_mark.3 new file mode 100755 index 0000000..5951618 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/ERR_set_mark.3 @@ -0,0 +1,163 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ERR_SET_MARK 3" +.TH ERR_SET_MARK 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ERR_set_mark, ERR_pop_to_mark \- set marks and pop errors until mark +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int ERR_set_mark(void); +\& +\& int ERR_pop_to_mark(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIERR_set_mark()\fR sets a mark on the current topmost error record if there +is one. +.PP +\&\fIERR_pop_to_mark()\fR will pop the top of the error stack until a mark is found. +The mark is then removed. If there is no mark, the whole stack is removed. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIERR_set_mark()\fR returns 0 if the error stack is empty, otherwise 1. +.PP +\&\fIERR_pop_to_mark()\fR returns 0 if there was no mark in the error stack, which +implies that the stack became empty, otherwise 1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2003\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_ASYM_CIPHER_free.3 b/linux_amd64/ssl/share/man/man3/EVP_ASYM_CIPHER_free.3 new file mode 100755 index 0000000..71aa45e --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_ASYM_CIPHER_free.3 @@ -0,0 +1,210 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_ASYM_CIPHER_FREE 3" +.TH EVP_ASYM_CIPHER_FREE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_ASYM_CIPHER_fetch, EVP_ASYM_CIPHER_free, EVP_ASYM_CIPHER_up_ref, +EVP_ASYM_CIPHER_number, EVP_ASYM_CIPHER_is_a, EVP_ASYM_CIPHER_provider, +EVP_ASYM_CIPHER_do_all_provided, EVP_ASYM_CIPHER_names_do_all +\&\- Functions to manage EVP_ASYM_CIPHER algorithm objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EVP_ASYM_CIPHER *EVP_ASYM_CIPHER_fetch(OPENSSL_CTX *ctx, const char *algorithm, +\& const char *properties); +\& void EVP_ASYM_CIPHER_free(EVP_ASYM_CIPHER *cipher); +\& int EVP_ASYM_CIPHER_up_ref(EVP_ASYM_CIPHER *cipher); +\& int EVP_ASYM_CIPHER_number(const EVP_ASYM_CIPHER *cipher); +\& int EVP_ASYM_CIPHER_is_a(const EVP_ASYM_CIPHER *cipher, const char *name); +\& OSSL_PROVIDER *EVP_ASYM_CIPHER_provider(const EVP_ASYM_CIPHER *cipher); +\& void EVP_ASYM_CIPHER_do_all_provided(OPENSSL_CTX *libctx, +\& void (*fn)(EVP_ASYM_CIPHER *cipher, +\& void *arg), +\& void *arg); +\& void EVP_ASYM_CIPHER_names_do_all(const EVP_ASYM_CIPHER *cipher, +\& void (*fn)(const char *name, void *data), +\& void *data); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIEVP_ASYM_CIPHER_fetch()\fR fetches the implementation for the given +\&\fBalgorithm\fR from any provider offering it, within the criteria given +by the \fBproperties\fR and in the scope of the given library context \fBctx\fR (see +\&\s-1\fIOPENSSL_CTX\s0\fR\|(3)). The algorithm will be one offering functions for performing +asymmetric cipher related tasks such as asymmetric encryption and decryption. +See \*(L"Fetching algorithms\*(R" in \fIprovider\fR\|(7) for further information. +.PP +The returned value must eventually be freed with \fIEVP_ASYM_CIPHER_free()\fR. +.PP +\&\fIEVP_ASYM_CIPHER_free()\fR decrements the reference count for the \fB\s-1EVP_ASYM_CIPHER\s0\fR +structure. Typically this structure will have been obtained from an earlier call +to \fIEVP_ASYM_CIPHER_fetch()\fR. If the reference count drops to 0 then the +structure is freed. +.PP +\&\fIEVP_ASYM_CIPHER_up_ref()\fR increments the reference count for an +\&\fB\s-1EVP_ASYM_CIPHER\s0\fR structure. +.PP +\&\fIEVP_ASYM_CIPHER_is_a()\fR returns 1 if \fIcipher\fR is an implementation of an +algorithm that's identifiable with \fIname\fR, otherwise 0. +.PP +\&\fIEVP_ASYM_CIPHER_provider()\fR returns the provider that \fIcipher\fR was fetched from. +.PP +\&\fIEVP_ASYM_CIPHER_do_all_provided()\fR traverses all EVP_ASYM_CIPHERs implemented by +all activated providers in the given library context \fIlibctx\fR, and for each of +the implementations, calls the given function \fIfn\fR with the implementation +method and the given \fIarg\fR as argument. +.PP +\&\fIEVP_ASYM_CIPHER_number()\fR returns the internal dynamic number assigned to +\&\fIcipher\fR. +.PP +\&\fIEVP_ASYM_CIPHER_names_do_all()\fR traverses all names for \fIcipher\fR, and calls +\&\fIfn\fR with each name and \fIdata\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_ASYM_CIPHER_fetch()\fR returns a pointer to an \fB\s-1EVP_ASYM_CIPHER\s0\fR for success +or \fB\s-1NULL\s0\fR for failure. +.PP +\&\fIEVP_ASYM_CIPHER_up_ref()\fR returns 1 for success or 0 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\*(L"Fetching algorithms\*(R" in \fIprovider\fR\|(7), \s-1\fIOSSL_PROVIDER\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_BytesToKey.3 b/linux_amd64/ssl/share/man/man3/EVP_BytesToKey.3 new file mode 100755 index 0000000..b3856e9 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_BytesToKey.3 @@ -0,0 +1,201 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_BYTESTOKEY 3" +.TH EVP_BYTESTOKEY 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_BytesToKey \- password based encryption routine +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, +\& const unsigned char *salt, +\& const unsigned char *data, int datal, int count, +\& unsigned char *key, unsigned char *iv); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIEVP_BytesToKey()\fR derives a key and \s-1IV\s0 from various parameters. \fBtype\fR is +the cipher to derive the key and \s-1IV\s0 for. \fBmd\fR is the message digest to use. +The \fBsalt\fR parameter is used as a salt in the derivation: it should point to +an 8 byte buffer or \s-1NULL\s0 if no salt is used. \fBdata\fR is a buffer containing +\&\fBdatal\fR bytes which is used to derive the keying data. \fBcount\fR is the +iteration count to use. The derived key and \s-1IV\s0 will be written to \fBkey\fR +and \fBiv\fR respectively. +.SH "NOTES" +.IX Header "NOTES" +A typical application of this function is to derive keying material for an +encryption algorithm from a password in the \fBdata\fR parameter. +.PP +Increasing the \fBcount\fR parameter slows down the algorithm which makes it +harder for an attacker to perform a brute force attack using a large number +of candidate passwords. +.PP +If the total key and \s-1IV\s0 length is less than the digest length and +\&\fB\s-1MD5\s0\fR is used then the derivation algorithm is compatible with PKCS#5 v1.5 +otherwise a non standard extension is used to derive the extra data. +.PP +Newer applications should use a more modern algorithm such as \s-1PBKDF2\s0 as +defined in PKCS#5v2.1 and provided by \s-1PKCS5_PBKDF2_HMAC\s0. +.SH "KEY DERIVATION ALGORITHM" +.IX Header "KEY DERIVATION ALGORITHM" +The key and \s-1IV\s0 is derived by concatenating D_1, D_2, etc until +enough data is available for the key and \s-1IV\s0. D_i is defined as: +.PP +.Vb 1 +\& D_i = HASH^count(D_(i\-1) || data || salt) +.Ve +.PP +where || denotes concatenation, D_0 is empty, \s-1HASH\s0 is the digest +algorithm in use, HASH^1(data) is simply \s-1HASH\s0(data), HASH^2(data) +is \s-1HASH\s0(\s-1HASH\s0(data)) and so on. +.PP +The initial bytes are used for the key and the subsequent bytes for +the \s-1IV\s0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +If \fBdata\fR is \s-1NULL\s0, then \fIEVP_BytesToKey()\fR returns the number of bytes +needed to store the derived key. +Otherwise, \fIEVP_BytesToKey()\fR returns the size of the derived key in bytes, +or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIevp\fR\|(7), \fIRAND_bytes\fR\|(3), +\&\s-1\fIPKCS5_PBKDF2_HMAC\s0\fR\|(3), +\&\fIEVP_EncryptInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 b/linux_amd64/ssl/share/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 new file mode 100755 index 0000000..f9a243c --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 @@ -0,0 +1,174 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_CIPHER_CTX_GET_CIPHER_DATA 3" +.TH EVP_CIPHER_CTX_GET_CIPHER_DATA 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_CIPHER_CTX_get_cipher_data, EVP_CIPHER_CTX_set_cipher_data \- Routines to +inspect and modify EVP_CIPHER_CTX objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void *EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx); +\& void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fIEVP_CIPHER_CTX_get_cipher_data()\fR function returns a pointer to the cipher +data relevant to \s-1EVP_CIPHER_CTX\s0. The contents of this data is specific to the +particular implementation of the cipher. For example this data can be used by +engines to store engine specific information. The data is automatically +allocated and freed by OpenSSL, so applications and engines should not normally +free this directly (but see below). +.PP +The \fIEVP_CIPHER_CTX_set_cipher_data()\fR function allows an application or engine to +replace the cipher data with new data. A pointer to any existing cipher data is +returned from this function. If the old data is no longer required then it +should be freed through a call to \fIOPENSSL_free()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The \fIEVP_CIPHER_CTX_get_cipher_data()\fR function returns a pointer to the current +cipher data for the \s-1EVP_CIPHER_CTX\s0. +.PP +The \fIEVP_CIPHER_CTX_set_cipher_data()\fR function returns a pointer to the old +cipher data for the \s-1EVP_CIPHER_CTX\s0. +.SH "HISTORY" +.IX Header "HISTORY" +The \fIEVP_CIPHER_CTX_get_cipher_data()\fR and \fIEVP_CIPHER_CTX_set_cipher_data()\fR +functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_CIPHER_meth_new.3 b/linux_amd64/ssl/share/man/man3/EVP_CIPHER_meth_new.3 new file mode 100755 index 0000000..b86add2 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_CIPHER_meth_new.3 @@ -0,0 +1,345 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_CIPHER_METH_NEW 3" +.TH EVP_CIPHER_METH_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_CIPHER_meth_new, EVP_CIPHER_meth_dup, EVP_CIPHER_meth_free, +EVP_CIPHER_meth_set_iv_length, EVP_CIPHER_meth_set_flags, +EVP_CIPHER_meth_set_impl_ctx_size, EVP_CIPHER_meth_set_init, +EVP_CIPHER_meth_set_do_cipher, EVP_CIPHER_meth_set_cleanup, +EVP_CIPHER_meth_set_set_asn1_params, EVP_CIPHER_meth_set_get_asn1_params, +EVP_CIPHER_meth_set_ctrl, EVP_CIPHER_meth_get_init, +EVP_CIPHER_meth_get_do_cipher, EVP_CIPHER_meth_get_cleanup, +EVP_CIPHER_meth_get_set_asn1_params, EVP_CIPHER_meth_get_get_asn1_params, +EVP_CIPHER_meth_get_ctrl +\&\- Routines to build up EVP_CIPHER methods +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len); +\& EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher); +\& void EVP_CIPHER_meth_free(EVP_CIPHER *cipher); +\& +\& int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len); +\& int EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags); +\& int EVP_CIPHER_meth_set_impl_ctx_size(EVP_CIPHER *cipher, int ctx_size); +\& int EVP_CIPHER_meth_set_init(EVP_CIPHER *cipher, +\& int (*init)(EVP_CIPHER_CTX *ctx, +\& const unsigned char *key, +\& const unsigned char *iv, +\& int enc)); +\& int EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher, +\& int (*do_cipher)(EVP_CIPHER_CTX *ctx, +\& unsigned char *out, +\& const unsigned char *in, +\& size_t inl)); +\& int EVP_CIPHER_meth_set_cleanup(EVP_CIPHER *cipher, +\& int (*cleanup)(EVP_CIPHER_CTX *)); +\& int EVP_CIPHER_meth_set_set_asn1_params(EVP_CIPHER *cipher, +\& int (*set_asn1_parameters)(EVP_CIPHER_CTX *, +\& ASN1_TYPE *)); +\& int EVP_CIPHER_meth_set_get_asn1_params(EVP_CIPHER *cipher, +\& int (*get_asn1_parameters)(EVP_CIPHER_CTX *, +\& ASN1_TYPE *)); +\& int EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher, +\& int (*ctrl)(EVP_CIPHER_CTX *, int type, +\& int arg, void *ptr)); +\& +\& int (*EVP_CIPHER_meth_get_init(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx, +\& const unsigned char *key, +\& const unsigned char *iv, +\& int enc); +\& int (*EVP_CIPHER_meth_get_do_cipher(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx, +\& unsigned char *out, +\& const unsigned char *in, +\& size_t inl); +\& int (*EVP_CIPHER_meth_get_cleanup(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *); +\& int (*EVP_CIPHER_meth_get_set_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, +\& ASN1_TYPE *); +\& int (*EVP_CIPHER_meth_get_get_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, +\& ASN1_TYPE *); +\& int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, +\& int type, int arg, +\& void *ptr); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1EVP_CIPHER\s0\fR type is a structure for symmetric cipher method +implementation. +.PP +\&\fIEVP_CIPHER_meth_new()\fR creates a new \fB\s-1EVP_CIPHER\s0\fR structure. +.PP +\&\fIEVP_CIPHER_meth_dup()\fR creates a copy of \fBcipher\fR. +.PP +\&\fIEVP_CIPHER_meth_free()\fR destroys a \fB\s-1EVP_CIPHER\s0\fR structure. +.PP +\&\fIEVP_CIPHER_meth_set_iv_length()\fR sets the length of the \s-1IV\s0. +This is only needed when the implemented cipher mode requires it. +.PP +\&\fIEVP_CIPHER_meth_set_flags()\fR sets the flags to describe optional +behaviours in the particular \fBcipher\fR. +With the exception of cipher modes, of which only one may be present, +several flags can be or'd together. +The available flags are: +.IP "\s-1EVP_CIPH_STREAM_CIPHER\s0, \s-1EVP_CIPH_ECB_MODE\s0 \s-1EVP_CIPH_CBC_MODE\s0, \s-1EVP_CIPH_CFB_MODE\s0, \s-1EVP_CIPH_OFB_MODE\s0, \s-1EVP_CIPH_CTR_MODE\s0, \s-1EVP_CIPH_GCM_MODE\s0, \s-1EVP_CIPH_CCM_MODE\s0, \s-1EVP_CIPH_XTS_MODE\s0, \s-1EVP_CIPH_WRAP_MODE\s0, \s-1EVP_CIPH_OCB_MODE\s0, \s-1EVP_CIPH_SIV_MODE\s0" 4 +.IX Item "EVP_CIPH_STREAM_CIPHER, EVP_CIPH_ECB_MODE EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE, EVP_CIPH_OFB_MODE, EVP_CIPH_CTR_MODE, EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE, EVP_CIPH_XTS_MODE, EVP_CIPH_WRAP_MODE, EVP_CIPH_OCB_MODE, EVP_CIPH_SIV_MODE" +The cipher mode. +.IP "\s-1EVP_CIPH_VARIABLE_LENGTH\s0" 4 +.IX Item "EVP_CIPH_VARIABLE_LENGTH" +This cipher is of variable length. +.IP "\s-1EVP_CIPH_CUSTOM_IV\s0" 4 +.IX Item "EVP_CIPH_CUSTOM_IV" +Storing and initialising the \s-1IV\s0 is left entirely to the +implementation. +.IP "\s-1EVP_CIPH_ALWAYS_CALL_INIT\s0" 4 +.IX Item "EVP_CIPH_ALWAYS_CALL_INIT" +Set this if the implementation's \fIinit()\fR function should be called even +if \fBkey\fR is \fB\s-1NULL\s0\fR. +.IP "\s-1EVP_CIPH_CTRL_INIT\s0" 4 +.IX Item "EVP_CIPH_CTRL_INIT" +Set this to have the implementation's \fIctrl()\fR function called with +command code \fB\s-1EVP_CTRL_INIT\s0\fR early in its setup. +.IP "\s-1EVP_CIPH_CUSTOM_KEY_LENGTH\s0" 4 +.IX Item "EVP_CIPH_CUSTOM_KEY_LENGTH" +Checking and setting the key length after creating the \fB\s-1EVP_CIPHER\s0\fR +is left to the implementation. +Whenever someone uses \fIEVP_CIPHER_CTX_set_key_length()\fR on a +\&\fB\s-1EVP_CIPHER\s0\fR with this flag set, the implementation's \fIctrl()\fR function +will be called with the control code \fB\s-1EVP_CTRL_SET_KEY_LENGTH\s0\fR and +the key length in \fBarg\fR. +.IP "\s-1EVP_CIPH_NO_PADDING\s0" 4 +.IX Item "EVP_CIPH_NO_PADDING" +Don't use standard block padding. +.IP "\s-1EVP_CIPH_RAND_KEY\s0" 4 +.IX Item "EVP_CIPH_RAND_KEY" +Making a key with random content is left to the implementation. +This is done by calling the implementation's \fIctrl()\fR function with the +control code \fB\s-1EVP_CTRL_RAND_KEY\s0\fR and the pointer to the key memory +storage in \fBptr\fR. +.IP "\s-1EVP_CIPH_CUSTOM_COPY\s0" 4 +.IX Item "EVP_CIPH_CUSTOM_COPY" +Set this to have the implementation's \fIctrl()\fR function called with +command code \fB\s-1EVP_CTRL_COPY\s0\fR at the end of \fIEVP_CIPHER_CTX_copy()\fR. +The intended use is for further things to deal with after the +implementation specific data block has been copied. +The destination \fB\s-1EVP_CIPHER_CTX\s0\fR is passed to the control with the +\&\fBptr\fR parameter. +The implementation specific data block is reached with +\&\fIEVP_CIPHER_CTX_get_cipher_data()\fR. +.IP "\s-1EVP_CIPH_FLAG_DEFAULT_ASN1\s0" 4 +.IX Item "EVP_CIPH_FLAG_DEFAULT_ASN1" +Use the default \s-1EVP\s0 routines to pass \s-1IV\s0 to and from \s-1ASN\s0.1. +.IP "\s-1EVP_CIPH_FLAG_LENGTH_BITS\s0" 4 +.IX Item "EVP_CIPH_FLAG_LENGTH_BITS" +Signals that the length of the input buffer for encryption / +decryption is to be understood as the number of bits instead of +bytes for this implementation. +This is only useful for \s-1CFB1\s0 ciphers. +.IP "\s-1EVP_CIPH_FLAG_CUSTOM_CIPHER\s0" 4 +.IX Item "EVP_CIPH_FLAG_CUSTOM_CIPHER" +This indicates that the implementation takes care of everything, +including padding, buffering and finalization. +The \s-1EVP\s0 routines will simply give them control and do nothing more. +.IP "\s-1EVP_CIPH_FLAG_AEAD_CIPHER\s0" 4 +.IX Item "EVP_CIPH_FLAG_AEAD_CIPHER" +This indicates that this is an \s-1AEAD\s0 cipher implementation. +.IP "\s-1EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK\s0" 4 +.IX Item "EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK" +Allow interleaving of crypto blocks, a particular optimization only applicable +to certain \s-1TLS\s0 ciphers. +.PP +\&\fIEVP_CIPHER_meth_set_impl_ctx_size()\fR sets the size of the \s-1EVP_CIPHER\s0's +implementation context so that it can be automatically allocated. +.PP +\&\fIEVP_CIPHER_meth_set_init()\fR sets the cipher init function for +\&\fBcipher\fR. +The cipher init function is called by \fIEVP_CipherInit()\fR, +\&\fIEVP_CipherInit_ex()\fR, \fIEVP_EncryptInit()\fR, \fIEVP_EncryptInit_ex()\fR, +\&\fIEVP_DecryptInit()\fR, \fIEVP_DecryptInit_ex()\fR. +.PP +\&\fIEVP_CIPHER_meth_set_do_cipher()\fR sets the cipher function for +\&\fBcipher\fR. +The cipher function is called by \fIEVP_CipherUpdate()\fR, +\&\fIEVP_EncryptUpdate()\fR, \fIEVP_DecryptUpdate()\fR, \fIEVP_CipherFinal()\fR, +\&\fIEVP_EncryptFinal()\fR, \fIEVP_EncryptFinal_ex()\fR, \fIEVP_DecryptFinal()\fR and +\&\fIEVP_DecryptFinal_ex()\fR. +.PP +\&\fIEVP_CIPHER_meth_set_cleanup()\fR sets the function for \fBcipher\fR to do +extra cleanup before the method's private data structure is cleaned +out and freed. +Note that the cleanup function is passed a \fB\s-1EVP_CIPHER_CTX\s0 *\fR, the +private data structure is then available with +\&\fIEVP_CIPHER_CTX_get_cipher_data()\fR. +This cleanup function is called by \fIEVP_CIPHER_CTX_reset()\fR and +\&\fIEVP_CIPHER_CTX_free()\fR. +.PP +\&\fIEVP_CIPHER_meth_set_set_asn1_params()\fR sets the function for \fBcipher\fR +to set the AlgorithmIdentifier \*(L"parameter\*(R" based on the passed cipher. +This function is called by \fIEVP_CIPHER_param_to_asn1()\fR. +\&\fIEVP_CIPHER_meth_set_get_asn1_params()\fR sets the function for \fBcipher\fR +that sets the cipher parameters based on an \s-1ASN\s0.1 AlgorithmIdentifier +\&\*(L"parameter\*(R". +Both these functions are needed when there is a need for custom data +(more or other than the cipher \s-1IV\s0). +They are called by \fIEVP_CIPHER_param_to_asn1()\fR and +\&\fIEVP_CIPHER_asn1_to_param()\fR respectively if defined. +.PP +\&\fIEVP_CIPHER_meth_set_ctrl()\fR sets the control function for \fBcipher\fR. +.PP +\&\fIEVP_CIPHER_meth_get_init()\fR, \fIEVP_CIPHER_meth_get_do_cipher()\fR, +\&\fIEVP_CIPHER_meth_get_cleanup()\fR, \fIEVP_CIPHER_meth_get_set_asn1_params()\fR, +\&\fIEVP_CIPHER_meth_get_get_asn1_params()\fR and \fIEVP_CIPHER_meth_get_ctrl()\fR +are all used to retrieve the method data given with the +EVP_CIPHER_meth_set_*() functions above. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_CIPHER_meth_new()\fR and \fIEVP_CIPHER_meth_dup()\fR return a pointer to a +newly created \fB\s-1EVP_CIPHER\s0\fR, or \s-1NULL\s0 on failure. +All EVP_CIPHER_meth_set_*() functions return 1. +All EVP_CIPHER_meth_get_*() functions return pointers to their +respective \fBcipher\fR function. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_EncryptInit\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 1.1.0. +The \fB\s-1EVP_CIPHER\s0\fR structure created with these functions became reference +counted in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_DigestInit.3 b/linux_amd64/ssl/share/man/man3/EVP_DigestInit.3 new file mode 100755 index 0000000..e58fcdb --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_DigestInit.3 @@ -0,0 +1,657 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_DIGESTINIT 3" +.TH EVP_DIGESTINIT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_MD_fetch, EVP_MD_up_ref, EVP_MD_free, +EVP_MD_get_params, EVP_MD_gettable_params, +EVP_MD_CTX_new, EVP_MD_CTX_reset, EVP_MD_CTX_free, EVP_MD_CTX_copy, +EVP_MD_CTX_copy_ex, EVP_MD_CTX_ctrl, +EVP_MD_CTX_set_params, EVP_MD_CTX_get_params, +EVP_MD_settable_ctx_params, EVP_MD_gettable_ctx_params, +EVP_MD_CTX_settable_params, EVP_MD_CTX_gettable_params, +EVP_MD_CTX_set_flags, EVP_MD_CTX_clear_flags, EVP_MD_CTX_test_flags, +EVP_Digest, EVP_DigestInit_ex, EVP_DigestInit, EVP_DigestUpdate, +EVP_DigestFinal_ex, EVP_DigestFinalXOF, EVP_DigestFinal, +EVP_MD_is_a, EVP_MD_name, EVP_MD_number, EVP_MD_names_do_all, EVP_MD_provider, +EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, EVP_MD_block_size, EVP_MD_flags, +EVP_MD_CTX_name, +EVP_MD_CTX_md, EVP_MD_CTX_type, EVP_MD_CTX_size, EVP_MD_CTX_block_size, +EVP_MD_CTX_md_data, EVP_MD_CTX_update_fn, EVP_MD_CTX_set_update_fn, +EVP_md_null, +EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj, +EVP_MD_CTX_pkey_ctx, EVP_MD_CTX_set_pkey_ctx, +EVP_MD_do_all_provided +\&\- EVP digest routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EVP_MD *EVP_MD_fetch(OPENSSL_CTX *ctx, const char *algorithm, +\& const char *properties); +\& int EVP_MD_up_ref(EVP_MD *md); +\& void EVP_MD_free(EVP_MD *md); +\& int EVP_MD_get_params(const EVP_MD *digest, OSSL_PARAM params[]); +\& const OSSL_PARAM *EVP_MD_gettable_params(const EVP_MD *digest); +\& EVP_MD_CTX *EVP_MD_CTX_new(void); +\& int EVP_MD_CTX_reset(EVP_MD_CTX *ctx); +\& void EVP_MD_CTX_free(EVP_MD_CTX *ctx); +\& void EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void* p2); +\& int EVP_MD_CTX_get_params(EVP_MD_CTX *ctx, OSSL_PARAM params[]); +\& int EVP_MD_CTX_set_params(EVP_MD_CTX *ctx, const OSSL_PARAM params[]); +\& const OSSL_PARAM *EVP_MD_settable_ctx_params(const EVP_MD *md); +\& const OSSL_PARAM *EVP_MD_gettable_ctx_params(const EVP_MD *md); +\& const OSSL_PARAM *EVP_MD_CTX_settable_params(EVP_MD_CTX *ctx); +\& const OSSL_PARAM *EVP_MD_CTX_gettable_params(EVP_MD_CTX *ctx); +\& void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags); +\& void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags); +\& int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags); +\& +\& int EVP_Digest(const void *data, size_t count, unsigned char *md, +\& unsigned int *size, const EVP_MD *type, ENGINE *impl); +\& int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); +\& int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt); +\& int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s); +\& int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, size_t len); +\& +\& int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in); +\& +\& int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); +\& int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s); +\& +\& int EVP_MD_CTX_copy(EVP_MD_CTX *out, EVP_MD_CTX *in); +\& +\& const char *EVP_MD_name(const EVP_MD *md); +\& int EVP_MD_number(const EVP_MD *md); +\& int EVP_MD_is_a(const EVP_MD *md, const char *name); +\& void EVP_MD_names_do_all(const EVP_MD *md, +\& void (*fn)(const char *name, void *data), +\& void *data); +\& const OSSL_PROVIDER *EVP_MD_provider(const EVP_MD *md); +\& int EVP_MD_type(const EVP_MD *md); +\& int EVP_MD_pkey_type(const EVP_MD *md); +\& int EVP_MD_size(const EVP_MD *md); +\& int EVP_MD_block_size(const EVP_MD *md); +\& unsigned long EVP_MD_flags(const EVP_MD *md); +\& +\& const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx); +\& const char *EVP_MD_CTX_name(const EVP_MD_CTX *ctx); +\& int EVP_MD_CTX_size(const EVP_MD_CTX *ctx); +\& int EVP_MD_CTX_block_size(const EVP_MD_CTX *ctx); +\& int EVP_MD_CTX_type(const EVP_MD_CTX *ctx); +\& void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx); +\& int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx, +\& const void *data, size_t count); +\& void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx, +\& int (*update)(EVP_MD_CTX *ctx, +\& const void *data, size_t count)); +\& +\& const EVP_MD *EVP_md_null(void); +\& +\& const EVP_MD *EVP_get_digestbyname(const char *name); +\& const EVP_MD *EVP_get_digestbynid(int type); +\& const EVP_MD *EVP_get_digestbyobj(const ASN1_OBJECT *o); +\& +\& EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx); +\& void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx); +\& +\& void EVP_MD_do_all_provided(OPENSSL_CTX *libctx, +\& void (*fn)(EVP_MD *mac, void *arg), +\& void *arg); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP\s0 digest routines are a high level interface to message digests, +and should be used instead of the digest-specific functions. +.PP +The \fB\s-1EVP_MD\s0\fR type is a structure for digest method implementation. +.IP "\fIEVP_MD_fetch()\fR" 4 +.IX Item "EVP_MD_fetch()" +Fetches the digest implementation for the given \fBalgorithm\fR from any +provider offering it, within the criteria given by the \fBproperties\fR. +See \*(L"Fetching algorithms\*(R" in \fIprovider\fR\|(7) for further information. +.Sp +The returned value must eventually be freed with \fIEVP_MD_free()\fR. +.Sp +Fetched \fB\s-1EVP_MD\s0\fR structures are reference counted. +.IP "\fIEVP_MD_up_ref()\fR" 4 +.IX Item "EVP_MD_up_ref()" +Increments the reference count for an \fB\s-1EVP_MD\s0\fR structure. +.IP "\fIEVP_MD_free()\fR" 4 +.IX Item "EVP_MD_free()" +Decrements the reference count for the fetched \fB\s-1EVP_MD\s0\fR structure. +If the reference count drops to 0 then the structure is freed. +.IP "\fIEVP_MD_CTX_new()\fR" 4 +.IX Item "EVP_MD_CTX_new()" +Allocates and returns a digest context. +.IP "\fIEVP_MD_CTX_reset()\fR" 4 +.IX Item "EVP_MD_CTX_reset()" +Resets the digest context \fBctx\fR. This can be used to reuse an already +existing context. +.IP "\fIEVP_MD_CTX_free()\fR" 4 +.IX Item "EVP_MD_CTX_free()" +Cleans up digest context \fBctx\fR and frees up the space allocated to it. +.IP "\fIEVP_MD_CTX_ctrl()\fR" 4 +.IX Item "EVP_MD_CTX_ctrl()" +This is a legacy method. \fIEVP_MD_CTX_set_params()\fR and \fIEVP_MD_CTX_get_params()\fR +is the mechanism that should be used to set and get parameters that are used by +providers. +Performs digest-specific control actions on context \fBctx\fR. The control command +is indicated in \fBcmd\fR and any additional arguments in \fBp1\fR and \fBp2\fR. +\&\fIEVP_MD_CTX_ctrl()\fR must be called after \fIEVP_DigestInit_ex()\fR. Other restrictions +may apply depending on the control type and digest implementation. +See \*(L"\s-1CONTROLS\s0\*(R" below for more information. +.IP "\fIEVP_MD_get_params()\fR" 4 +.IX Item "EVP_MD_get_params()" +Retrieves the requested list of \fBparams\fR from a \s-1MD\s0 \fBmd\fR. +See \*(L"\s-1PARAMETERS\s0\*(R" below for more information. +.IP "\fIEVP_MD_CTX_get_params()\fR" 4 +.IX Item "EVP_MD_CTX_get_params()" +Retrieves the requested list of \fBparams\fR from a \s-1MD\s0 context \fBctx\fR. +See \*(L"\s-1PARAMETERS\s0\*(R" below for more information. +.IP "\fIEVP_MD_CTX_set_params()\fR" 4 +.IX Item "EVP_MD_CTX_set_params()" +Sets the list of \fBparams\fR into a \s-1MD\s0 context \fBctx\fR. +See \*(L"\s-1PARAMETERS\s0\*(R" below for more information. +.IP "\fIEVP_MD_gettable_params()\fR, \fIEVP_MD_gettable_ctx_params()\fR, \fIEVP_MD_settable_ctx_params()\fR, \fIEVP_MD_CTX_gettable_params()\fR, \fIEVP_MD_CTX_settable_params()\fR" 4 +.IX Item "EVP_MD_gettable_params(), EVP_MD_gettable_ctx_params(), EVP_MD_settable_ctx_params(), EVP_MD_CTX_gettable_params(), EVP_MD_CTX_settable_params()" +Get a \fB\s-1OSSL_PARAM\s0\fR array that describes the retrievable and settable +parameters. \fIEVP_MD_gettable_params()\fR returns parameters that can be used with +\&\fIEVP_MD_get_params()\fR. \fIEVP_MD_gettable_ctx_params()\fR and +\&\fIEVP_MD_CTX_gettable_params()\fR return parameters that can be used with +\&\fIEVP_MD_CTX_get_params()\fR. \fIEVP_MD_settable_ctx_params()\fR and +\&\fIEVP_MD_CTX_settable_params()\fR return parameters that can be used with +\&\fIEVP_MD_CTX_set_params()\fR. +See \s-1\fIOSSL_PARAM\s0\fR\|(3) for the use of \fB\s-1OSSL_PARAM\s0\fR as parameter descriptor. +.IP "\fIEVP_MD_CTX_set_flags()\fR, \fIEVP_MD_CTX_clear_flags()\fR, \fIEVP_MD_CTX_test_flags()\fR" 4 +.IX Item "EVP_MD_CTX_set_flags(), EVP_MD_CTX_clear_flags(), EVP_MD_CTX_test_flags()" +Sets, clears and tests \fBctx\fR flags. See \*(L"\s-1FLAGS\s0\*(R" below for more information. +.IP "\fIEVP_Digest()\fR" 4 +.IX Item "EVP_Digest()" +A wrapper around the Digest Init_ex, Update and Final_ex functions. +Hashes \fBcount\fR bytes of data at \fBdata\fR using a digest \fBtype\fR from \s-1ENGINE\s0 +\&\fBimpl\fR. The digest value is placed in \fBmd\fR and its length is written at \fBsize\fR +if the pointer is not \s-1NULL\s0. At most \fB\s-1EVP_MAX_MD_SIZE\s0\fR bytes will be written. +If \fBimpl\fR is \s-1NULL\s0 the default implementation of digest \fBtype\fR is used. +.IP "\fIEVP_DigestInit_ex()\fR" 4 +.IX Item "EVP_DigestInit_ex()" +Sets up digest context \fBctx\fR to use a digest \fBtype\fR. +\&\fBtype\fR is typically supplied by a function such as \fIEVP_sha1()\fR, or a +value explicitly fetched with \fIEVP_MD_fetch()\fR. +.Sp +If \fBimpl\fR is non-NULL, its implementation of the digest \fBtype\fR is used if +there is one, and if not, the default implementation is used. +.IP "\fIEVP_DigestUpdate()\fR" 4 +.IX Item "EVP_DigestUpdate()" +Hashes \fBcnt\fR bytes of data at \fBd\fR into the digest context \fBctx\fR. This +function can be called several times on the same \fBctx\fR to hash additional +data. +.IP "\fIEVP_DigestFinal_ex()\fR" 4 +.IX Item "EVP_DigestFinal_ex()" +Retrieves the digest value from \fBctx\fR and places it in \fBmd\fR. If the \fBs\fR +parameter is not \s-1NULL\s0 then the number of bytes of data written (i.e. the +length of the digest) will be written to the integer at \fBs\fR, at most +\&\fB\s-1EVP_MAX_MD_SIZE\s0\fR bytes will be written. After calling \fIEVP_DigestFinal_ex()\fR +no additional calls to \fIEVP_DigestUpdate()\fR can be made, but +\&\fIEVP_DigestInit_ex()\fR can be called to initialize a new digest operation. +.IP "\fIEVP_DigestFinalXOF()\fR" 4 +.IX Item "EVP_DigestFinalXOF()" +Interfaces to extendable-output functions, XOFs, such as \s-1SHAKE128\s0 and \s-1SHAKE256\s0. +It retrieves the digest value from \fBctx\fR and places it in \fBlen\fR\-sized md. +After calling this function no additional calls to \fIEVP_DigestUpdate()\fR can be +made, but \fIEVP_DigestInit_ex()\fR can be called to initialize a new operation. +.IP "\fIEVP_MD_CTX_copy_ex()\fR" 4 +.IX Item "EVP_MD_CTX_copy_ex()" +Can be used to copy the message digest state from \fBin\fR to \fBout\fR. This is +useful if large amounts of data are to be hashed which only differ in the last +few bytes. +.IP "\fIEVP_DigestInit()\fR" 4 +.IX Item "EVP_DigestInit()" +Behaves in the same way as \fIEVP_DigestInit_ex()\fR except it always uses the +default digest implementation and calls \fIEVP_MD_CTX_reset()\fR. +.IP "\fIEVP_DigestFinal()\fR" 4 +.IX Item "EVP_DigestFinal()" +Similar to \fIEVP_DigestFinal_ex()\fR except the digest context \fBctx\fR is +automatically cleaned up. +.IP "\fIEVP_MD_CTX_copy()\fR" 4 +.IX Item "EVP_MD_CTX_copy()" +Similar to \fIEVP_MD_CTX_copy_ex()\fR except the destination \fBout\fR does not have to +be initialized. +.IP "\fIEVP_MD_is_a()\fR" 4 +.IX Item "EVP_MD_is_a()" +Returns 1 if \fImd\fR is an implementation of an algorithm that's +identifiable with \fIname\fR, otherwise 0. +.Sp +If \fImd\fR is a legacy digest (it's the return value from the likes of +\&\fIEVP_sha256()\fR rather than the result of an \fIEVP_MD_fetch()\fR), only cipher +names registered with the default library context (see +\&\s-1\fIOPENSSL_CTX\s0\fR\|(3)) will be considered. +.IP "\fIEVP_MD_number()\fR" 4 +.IX Item "EVP_MD_number()" +Returns the internal dynamic number assigned to the \fImd\fR. This is +only useful with fetched \fB\s-1EVP_MD\s0\fRs. +.IP "\fIEVP_MD_name()\fR, \fIEVP_MD_CTX_name()\fR" 4 +.IX Item "EVP_MD_name(), EVP_MD_CTX_name()" +Return the name of the given message digest. For fetched message +digests with multiple names, only one of them is returned; it's +recommended to use \fIEVP_MD_names_do_all()\fR instead. +.IP "\fIEVP_MD_names_do_all()\fR" 4 +.IX Item "EVP_MD_names_do_all()" +Traverses all names for the \fImd\fR, and calls \fIfn\fR with each name and +\&\fIdata\fR. This is only useful with fetched \fB\s-1EVP_MD\s0\fRs. +.IP "\fIEVP_MD_provider()\fR" 4 +.IX Item "EVP_MD_provider()" +Returns an \fB\s-1OSSL_PROVIDER\s0\fR pointer to the provider that implements the given +\&\fB\s-1EVP_MD\s0\fR. +.IP "\fIEVP_MD_size()\fR, \fIEVP_MD_CTX_size()\fR" 4 +.IX Item "EVP_MD_size(), EVP_MD_CTX_size()" +Return the size of the message digest when passed an \fB\s-1EVP_MD\s0\fR or an +\&\fB\s-1EVP_MD_CTX\s0\fR structure, i.e. the size of the hash. +.IP "\fIEVP_MD_block_size()\fR, \fIEVP_MD_CTX_block_size()\fR" 4 +.IX Item "EVP_MD_block_size(), EVP_MD_CTX_block_size()" +Return the block size of the message digest when passed an \fB\s-1EVP_MD\s0\fR or an +\&\fB\s-1EVP_MD_CTX\s0\fR structure. +.IP "\fIEVP_MD_type()\fR, \fIEVP_MD_CTX_type()\fR" 4 +.IX Item "EVP_MD_type(), EVP_MD_CTX_type()" +Return the \s-1NID\s0 of the \s-1OBJECT\s0 \s-1IDENTIFIER\s0 representing the given message digest +when passed an \fB\s-1EVP_MD\s0\fR structure. For example, \f(CW\*(C`EVP_MD_type(EVP_sha1())\*(C'\fR +returns \fBNID_sha1\fR. This function is normally used when setting \s-1ASN1\s0 OIDs. +.IP "\fIEVP_MD_CTX_md_data()\fR" 4 +.IX Item "EVP_MD_CTX_md_data()" +Return the digest method private data for the passed \fB\s-1EVP_MD_CTX\s0\fR. +The space is allocated by OpenSSL and has the size originally set with +\&\fIEVP_MD_meth_set_app_datasize()\fR. +.IP "\fIEVP_MD_CTX_md()\fR" 4 +.IX Item "EVP_MD_CTX_md()" +Returns the \fB\s-1EVP_MD\s0\fR structure corresponding to the passed \fB\s-1EVP_MD_CTX\s0\fR. This +will be the same \fB\s-1EVP_MD\s0\fR object originally passed to \fIEVP_DigestInit_ex()\fR (or +other similar function) when the \s-1EVP_MD_CTX\s0 was first initialised. Note that +where explicit fetch is in use (see \fIEVP_MD_fetch\fR\|(3)) the value returned from +this function will not have its reference count incremented and therefore it +should not be used after the \s-1EVP_MD_CTX\s0 is freed. +.IP "\fIEVP_MD_CTX_set_update_fn()\fR" 4 +.IX Item "EVP_MD_CTX_set_update_fn()" +Sets the update function for \fBctx\fR to \fBupdate\fR. +This is the function that is called by EVP_DigestUpdate. If not set, the +update function from the \fB\s-1EVP_MD\s0\fR type specified at initialization is used. +.IP "\fIEVP_MD_CTX_update_fn()\fR" 4 +.IX Item "EVP_MD_CTX_update_fn()" +Returns the update function for \fBctx\fR. +.IP "\fIEVP_MD_flags()\fR" 4 +.IX Item "EVP_MD_flags()" +Returns the \fBmd\fR flags. Note that these are different from the \fB\s-1EVP_MD_CTX\s0\fR +ones. See \fIEVP_MD_meth_set_flags\fR\|(3) for more information. +.IP "\fIEVP_MD_pkey_type()\fR" 4 +.IX Item "EVP_MD_pkey_type()" +Returns the \s-1NID\s0 of the public key signing algorithm associated with this +digest. For example \fIEVP_sha1()\fR is associated with \s-1RSA\s0 so this will return +\&\fBNID_sha1WithRSAEncryption\fR. Since digests and signature algorithms are no +longer linked this function is only retained for compatibility reasons. +.IP "\fIEVP_md_null()\fR" 4 +.IX Item "EVP_md_null()" +A \*(L"null\*(R" message digest that does nothing: i.e. the hash it returns is of zero +length. +.IP "\fIEVP_get_digestbyname()\fR, \fIEVP_get_digestbynid()\fR, \fIEVP_get_digestbyobj()\fR" 4 +.IX Item "EVP_get_digestbyname(), EVP_get_digestbynid(), EVP_get_digestbyobj()" +Returns an \fB\s-1EVP_MD\s0\fR structure when passed a digest name, a digest \fB\s-1NID\s0\fR or an +\&\fB\s-1ASN1_OBJECT\s0\fR structure respectively. +.IP "\fIEVP_MD_CTX_pkey_ctx()\fR" 4 +.IX Item "EVP_MD_CTX_pkey_ctx()" +Returns the \fB\s-1EVP_PKEY_CTX\s0\fR assigned to \fBctx\fR. The returned pointer should not +be freed by the caller. +.IP "\fIEVP_MD_CTX_set_pkey_ctx()\fR" 4 +.IX Item "EVP_MD_CTX_set_pkey_ctx()" +Assigns an \fB\s-1EVP_PKEY_CTX\s0\fR to \fB\s-1EVP_MD_CTX\s0\fR. This is usually used to provide +a customized \fB\s-1EVP_PKEY_CTX\s0\fR to \fIEVP_DigestSignInit\fR\|(3) or +\&\fIEVP_DigestVerifyInit\fR\|(3). The \fBpctx\fR passed to this function should be freed +by the caller. A \s-1NULL\s0 \fBpctx\fR pointer is also allowed to clear the \fB\s-1EVP_PKEY_CTX\s0\fR +assigned to \fBctx\fR. In such case, freeing the cleared \fB\s-1EVP_PKEY_CTX\s0\fR or not +depends on how the \fB\s-1EVP_PKEY_CTX\s0\fR is created. +.IP "\fIEVP_MD_do_all_provided()\fR" 4 +.IX Item "EVP_MD_do_all_provided()" +Traverses all messages digests implemented by all activated providers +in the given library context \fIlibctx\fR, and for each of the implementations, +calls the given function \fIfn\fR with the implementation method and the given +\&\fIarg\fR as argument. +.SH "PARAMETERS" +.IX Header "PARAMETERS" +See \s-1\fIOSSL_PARAM\s0\fR\|(3) for information about passing parameters. +.PP +\&\fIEVP_MD_CTX_set_params()\fR can be used with the following \s-1OSSL_PARAM\s0 keys: +.ie n .IP """xoflen"" (\fB\s-1OSSL_PARAM_DIGEST_KEY_XOFLEN\s0\fR) " 4 +.el .IP "``xoflen'' (\fB\s-1OSSL_PARAM_DIGEST_KEY_XOFLEN\s0\fR) " 4 +.IX Item "xoflen (OSSL_PARAM_DIGEST_KEY_XOFLEN) " +Sets the digest length for extendable output functions. +It is used by the \s-1SHAKE\s0 algorithm and should not exceed what can be given +using a \fBsize_t\fR. +.ie n .IP """pad_type"" (\fB\s-1OSSL_PARAM_DIGEST_KEY_PAD_TYPE\s0\fR) " 4 +.el .IP "``pad_type'' (\fB\s-1OSSL_PARAM_DIGEST_KEY_PAD_TYPE\s0\fR) " 4 +.IX Item "pad_type (OSSL_PARAM_DIGEST_KEY_PAD_TYPE) " +Sets the pad type. +It is used by the \s-1MDC2\s0 algorithm. +.PP +\&\fIEVP_MD_CTX_get_params()\fR can be used with the following \s-1OSSL_PARAM\s0 keys: +.ie n .IP """micalg"" (\fB\s-1OSSL_PARAM_DIGEST_KEY_MICALG\s0\fR) <\s-1UTF8\s0 string>." 4 +.el .IP "``micalg'' (\fB\s-1OSSL_PARAM_DIGEST_KEY_MICALG\s0\fR) <\s-1UTF8\s0 string>." 4 +.IX Item "micalg (OSSL_PARAM_DIGEST_KEY_MICALG) ." +Gets the digest Message Integrity Check algorithm string. This is used when +creating S/MIME multipart/signed messages, as specified in \s-1RFC\s0 3851. +It may be used by external engines or providers. +.SH "CONTROLS" +.IX Header "CONTROLS" +\&\fIEVP_MD_CTX_ctrl()\fR can be used to send the following standard controls: +.IP "\s-1EVP_MD_CTRL_MICALG\s0" 4 +.IX Item "EVP_MD_CTRL_MICALG" +Gets the digest Message Integrity Check algorithm string. This is used when +creating S/MIME multipart/signed messages, as specified in \s-1RFC\s0 3851. +The string value is written to \fBp2\fR. +.IP "\s-1EVP_MD_CTRL_XOF_LEN\s0" 4 +.IX Item "EVP_MD_CTRL_XOF_LEN" +This control sets the digest length for extendable output functions to \fBp1\fR. +Sending this control directly should not be necessary, the use of +\&\f(CW\*(C`EVP_DigestFinalXOF()\*(C'\fR is preferred. +Currently used by \s-1SHAKE\s0. +.SH "FLAGS" +.IX Header "FLAGS" +\&\fIEVP_MD_CTX_set_flags()\fR, \fIEVP_MD_CTX_clear_flags()\fR and \fIEVP_MD_CTX_test_flags()\fR +can be used the manipulate and test these \fB\s-1EVP_MD_CTX\s0\fR flags: +.IP "\s-1EVP_MD_CTX_FLAG_ONESHOT\s0" 4 +.IX Item "EVP_MD_CTX_FLAG_ONESHOT" +This flag instructs the digest to optimize for one update only, if possible. +.IP "\s-1EVP_MD_CTX_FLAG_NO_INIT\s0" 4 +.IX Item "EVP_MD_CTX_FLAG_NO_INIT" +This flag instructs \fIEVP_DigestInit()\fR and similar not to initialise the +implementation specific data. +.IP "\s-1EVP_MD_CTX_FLAG_FINALISE\s0" 4 +.IX Item "EVP_MD_CTX_FLAG_FINALISE" +Some functions such as EVP_DigestSign only finalise copies of internal +contexts so additional data can be included after the finalisation call. +This is inefficient if this functionality is not required, and can be +disabled with this flag. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +.IP "\fIEVP_MD_fetch()\fR" 4 +.IX Item "EVP_MD_fetch()" +Returns a pointer to a \fB\s-1EVP_MD\s0\fR for success or \s-1NULL\s0 for failure. +.IP "\fIEVP_MD_up_ref()\fR" 4 +.IX Item "EVP_MD_up_ref()" +Returns 1 for success or 0 for failure. +.IP "\fIEVP_DigestInit_ex()\fR, \fIEVP_DigestUpdate()\fR, \fIEVP_DigestFinal_ex()\fR" 4 +.IX Item "EVP_DigestInit_ex(), EVP_DigestUpdate(), EVP_DigestFinal_ex()" +Returns 1 for +success and 0 for failure. +.IP "\fIEVP_MD_CTX_ctrl()\fR" 4 +.IX Item "EVP_MD_CTX_ctrl()" +Returns 1 if successful or 0 for failure. +.IP "\fIEVP_MD_CTX_set_params()\fR, \fIEVP_MD_CTX_get_params()\fR" 4 +.IX Item "EVP_MD_CTX_set_params(), EVP_MD_CTX_get_params()" +Returns 1 if successful or 0 for failure. +.IP "\fIEVP_MD_CTX_settable_params()\fR, \fIEVP_MD_CTX_gettable_params()\fR" 4 +.IX Item "EVP_MD_CTX_settable_params(), EVP_MD_CTX_gettable_params()" +Return an array of constant \fB\s-1OSSL_PARAM\s0\fRs, or \s-1NULL\s0 if there is none +to get. +.IP "\fIEVP_MD_CTX_copy_ex()\fR" 4 +.IX Item "EVP_MD_CTX_copy_ex()" +Returns 1 if successful or 0 for failure. +.IP "\fIEVP_MD_type()\fR, \fIEVP_MD_pkey_type()\fR" 4 +.IX Item "EVP_MD_type(), EVP_MD_pkey_type()" +Returns the \s-1NID\s0 of the corresponding \s-1OBJECT\s0 \s-1IDENTIFIER\s0 or NID_undef if none +exists. +.IP "\fIEVP_MD_size()\fR, \fIEVP_MD_block_size()\fR, \fIEVP_MD_CTX_size()\fR, \fIEVP_MD_CTX_block_size()\fR" 4 +.IX Item "EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size(), EVP_MD_CTX_block_size()" +Returns the digest or block size in bytes. +.IP "\fIEVP_md_null()\fR" 4 +.IX Item "EVP_md_null()" +Returns a pointer to the \fB\s-1EVP_MD\s0\fR structure of the \*(L"null\*(R" message digest. +.IP "\fIEVP_get_digestbyname()\fR, \fIEVP_get_digestbynid()\fR, \fIEVP_get_digestbyobj()\fR" 4 +.IX Item "EVP_get_digestbyname(), EVP_get_digestbynid(), EVP_get_digestbyobj()" +Returns either an \fB\s-1EVP_MD\s0\fR structure or \s-1NULL\s0 if an error occurs. +.IP "\fIEVP_MD_CTX_set_pkey_ctx()\fR" 4 +.IX Item "EVP_MD_CTX_set_pkey_ctx()" +This function has no return value. +.SH "NOTES" +.IX Header "NOTES" +The \fB\s-1EVP\s0\fR interface to message digests should almost always be used in +preference to the low level interfaces. This is because the code then becomes +transparent to the digest used and much more flexible. +.PP +New applications should use the \s-1SHA\-2\s0 (such as \fIEVP_sha256\fR\|(3)) or the \s-1SHA\-3\s0 +digest algorithms (such as \fIEVP_sha3_512\fR\|(3)). The other digest algorithms +are still in common use. +.PP +For most applications the \fBimpl\fR parameter to \fIEVP_DigestInit_ex()\fR will be +set to \s-1NULL\s0 to use the default digest implementation. +.PP +The functions \fIEVP_DigestInit()\fR, \fIEVP_DigestFinal()\fR and \fIEVP_MD_CTX_copy()\fR are +obsolete but are retained to maintain compatibility with existing code. New +applications should use \fIEVP_DigestInit_ex()\fR, \fIEVP_DigestFinal_ex()\fR and +\&\fIEVP_MD_CTX_copy_ex()\fR because they can efficiently reuse a digest context +instead of initializing and cleaning it up on each call and allow non default +implementations of digests to be specified. +.PP +If digest contexts are not cleaned up after use, +memory leaks will occur. +.PP +\&\fIEVP_MD_CTX_name()\fR, \fIEVP_MD_CTX_size()\fR, \fIEVP_MD_CTX_block_size()\fR, +\&\fIEVP_MD_CTX_type()\fR, \fIEVP_get_digestbynid()\fR and \fIEVP_get_digestbyobj()\fR are defined +as macros. +.PP +\&\fIEVP_MD_CTX_ctrl()\fR sends commands to message digests for additional configuration +or control. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This example digests the data \*(L"Test Message\en\*(R" and \*(L"Hello World\en\*(R", using the +digest name passed on the command line. +.PP +.Vb 3 +\& #include +\& #include +\& #include +\& +\& int main(int argc, char *argv[]) +\& { +\& EVP_MD_CTX *mdctx; +\& const EVP_MD *md; +\& char mess1[] = "Test Message\en"; +\& char mess2[] = "Hello World\en"; +\& unsigned char md_value[EVP_MAX_MD_SIZE]; +\& unsigned int md_len, i; +\& +\& if (argv[1] == NULL) { +\& printf("Usage: mdtest digestname\en"); +\& exit(1); +\& } +\& +\& md = EVP_get_digestbyname(argv[1]); +\& if (md == NULL) { +\& printf("Unknown message digest %s\en", argv[1]); +\& exit(1); +\& } +\& +\& mdctx = EVP_MD_CTX_new(); +\& EVP_DigestInit_ex(mdctx, md, NULL); +\& EVP_DigestUpdate(mdctx, mess1, strlen(mess1)); +\& EVP_DigestUpdate(mdctx, mess2, strlen(mess2)); +\& EVP_DigestFinal_ex(mdctx, md_value, &md_len); +\& EVP_MD_CTX_free(mdctx); +\& +\& printf("Digest is: "); +\& for (i = 0; i < md_len; i++) +\& printf("%02x", md_value[i]); +\& printf("\en"); +\& +\& exit(0); +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_MD_meth_new\fR\|(3), +\&\fIopenssl\-dgst\fR\|(1), +\&\fIevp\fR\|(7), +\&\s-1\fIOSSL_PROVIDER\s0\fR\|(3), +\&\s-1\fIOSSL_PARAM\s0\fR\|(3) +.PP +The full list of digest algorithms are provided below. +.PP +\&\fIEVP_blake2b512\fR\|(3), +\&\fIEVP_md2\fR\|(3), +\&\fIEVP_md4\fR\|(3), +\&\fIEVP_md5\fR\|(3), +\&\fIEVP_mdc2\fR\|(3), +\&\fIEVP_ripemd160\fR\|(3), +\&\fIEVP_sha1\fR\|(3), +\&\fIEVP_sha224\fR\|(3), +\&\fIEVP_sha3_224\fR\|(3), +\&\fIEVP_sm3\fR\|(3), +\&\fIEVP_whirlpool\fR\|(3) +\&\*(L"Fetching algorithms\*(R" in \fIprovider\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \fIEVP_MD_CTX_create()\fR and \fIEVP_MD_CTX_destroy()\fR functions were renamed to +\&\fIEVP_MD_CTX_new()\fR and \fIEVP_MD_CTX_free()\fR in OpenSSL 1.1.0, respectively. +.PP +The link between digests and signing algorithms was fixed in OpenSSL 1.0 and +later, so now \fIEVP_sha1()\fR can be used with \s-1RSA\s0 and \s-1DSA\s0. +.PP +The \fIEVP_dss1()\fR function was removed in OpenSSL 1.1.0. +.PP +The \fIEVP_MD_CTX_set_pkey_ctx()\fR function was added in 1.1.1. +.PP +The \fIEVP_MD_fetch()\fR, \fIEVP_MD_free()\fR, \fIEVP_MD_up_ref()\fR, \fIEVP_MD_CTX_set_params()\fR +and \fIEVP_MD_CTX_get_params()\fR functions were added in 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_DigestSignInit.3 b/linux_amd64/ssl/share/man/man3/EVP_DigestSignInit.3 new file mode 100755 index 0000000..9b31a1e --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_DigestSignInit.3 @@ -0,0 +1,305 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_DIGESTSIGNINIT 3" +.TH EVP_DIGESTSIGNINIT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_DigestSignInit_ex, EVP_DigestSignInit, EVP_DigestSignUpdate, +EVP_DigestSignFinal, EVP_DigestSign \- EVP signing functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, +\& const char *mdname, const char *props, +\& EVP_PKEY *pkey); +\& int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, +\& const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); +\& int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt); +\& int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen); +\& +\& int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, +\& size_t *siglen, const unsigned char *tbs, +\& size_t tbslen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP\s0 signature routines are a high level interface to digital signatures. +Input data is digested first before the signing takes place. +.PP +\&\fIEVP_DigestSignInit_ex()\fR sets up signing context \fIctx\fR to use a digest with the +name \fImdname\fR and private key \fIpkey\fR. The name of the digest to be used is +passed to the provider of the signature algorithm in use. How that provider +interprets the digest name is provider specific. The provider may implement +that digest directly itself or it may (optionally) choose to fetch it (which +could result in a digest from a different provider being selected). If the +provider supports fetching the digest then it may use the \fIprops\fR argument for +the properties to be used during the fetch. +.PP +The \fIpkey\fR algorithm is used to fetch a \fB\s-1EVP_SIGNATURE\s0\fR method implicitly, to +be used for the actual signing. See \*(L"Implicit fetch\*(R" in \fIprovider\fR\|(7) for +more information about implict fetches. +.PP +The OpenSSL default and legacy providers support fetching digests and can fetch +those digests from any available provider. The OpenSSL fips provider also +supports fetching digests but will only fetch digests that are themselves +implemented inside the fips provider. +.PP +\&\fIctx\fR must be created with \fIEVP_MD_CTX_new()\fR before calling this function. If +\&\fIpctx\fR is not \s-1NULL\s0, the \s-1EVP_PKEY_CTX\s0 of the signing operation will be written +to \fI*pctx\fR: this can be used to set alternative signing options. Note that any +existing value in \fI*pctx\fR is overwritten. The \s-1EVP_PKEY_CTX\s0 value returned must +not be freed directly by the application if \fIctx\fR is not assigned an +\&\s-1EVP_PKEY_CTX\s0 value before being passed to \fIEVP_DigestSignInit_ex()\fR (which means +the \s-1EVP_PKEY_CTX\s0 is created inside \fIEVP_DigestSignInit_ex()\fR and it will be freed +automatically when the \s-1EVP_MD_CTX\s0 is freed). +.PP +The digest \fImdname\fR may be \s-1NULL\s0 if the signing algorithm supports it. The +\&\fIprops\fR argument can always be \s-1NULL\s0. +.PP +No \fB\s-1EVP_PKEY_CTX\s0\fR will be created by \fIEVP_DigestSignInit_ex()\fR if the passed +\&\fIctx\fR has already been assigned one via \fIEVP_MD_CTX_set_pkey_ctx\fR\|(3). See also +\&\s-1\fISM2\s0\fR\|(7). +.PP +Only \s-1EVP_PKEY\s0 types that support signing can be used with these functions. This +includes \s-1MAC\s0 algorithms where the \s-1MAC\s0 generation is considered as a form of +\&\*(L"signing\*(R". Built-in \s-1EVP_PKEY\s0 types supported by these functions are \s-1CMAC\s0, +Poly1305, \s-1DSA\s0, \s-1ECDSA\s0, \s-1HMAC\s0, \s-1RSA\s0, SipHash, Ed25519 and Ed448. +.PP +Not all digests can be used for all key types. The following combinations apply. +.IP "\s-1DSA\s0" 4 +.IX Item "DSA" +Supports \s-1SHA1\s0, \s-1SHA224\s0, \s-1SHA256\s0, \s-1SHA384\s0 and \s-1SHA512\s0 +.IP "\s-1ECDSA\s0" 4 +.IX Item "ECDSA" +Supports \s-1SHA1\s0, \s-1SHA224\s0, \s-1SHA256\s0, \s-1SHA384\s0, \s-1SHA512\s0 and \s-1SM3\s0 +.IP "\s-1RSA\s0 with no padding" 4 +.IX Item "RSA with no padding" +Supports no digests (the digest \fItype\fR must be \s-1NULL\s0) +.IP "\s-1RSA\s0 with X931 padding" 4 +.IX Item "RSA with X931 padding" +Supports \s-1SHA1\s0, \s-1SHA256\s0, \s-1SHA384\s0 and \s-1SHA512\s0 +.IP "All other \s-1RSA\s0 padding types" 4 +.IX Item "All other RSA padding types" +Support \s-1SHA1\s0, \s-1SHA224\s0, \s-1SHA256\s0, \s-1SHA384\s0, \s-1SHA512\s0, \s-1MD5\s0, \s-1MD5_SHA1\s0, \s-1MD2\s0, \s-1MD4\s0, \s-1MDC2\s0, +\&\s-1SHA3\-224\s0, \s-1SHA3\-256\s0, \s-1SHA3\-384\s0, \s-1SHA3\-512\s0 +.IP "Ed25519 and Ed448" 4 +.IX Item "Ed25519 and Ed448" +Support no digests (the digest \fItype\fR must be \s-1NULL\s0) +.IP "\s-1HMAC\s0" 4 +.IX Item "HMAC" +Supports any digest +.IP "\s-1CMAC\s0, Poly1305 and SipHash" 4 +.IX Item "CMAC, Poly1305 and SipHash" +Will ignore any digest provided. +.PP +If RSA-PSS is used and restrictions apply then the digest must match. +.PP +\&\fIEVP_DigestSignInit()\fR works in the same way as \fIEVP_DigestSignInit_ex()\fR except +that the \fImdname\fR parameter will be inferred from the supplied digest \fItype\fR, +and \fIprops\fR will be \s-1NULL\s0. Where supplied the \s-1ENGINE\s0 \fIe\fR will be used for the +signing and digest algorithm implementations. \fIe\fR may be \s-1NULL\s0. +.PP +\&\fIEVP_DigestSignUpdate()\fR hashes \fIcnt\fR bytes of data at \fId\fR into the +signature context \fIctx\fR. This function can be called several times on the +same \fIctx\fR to include additional data. +.PP +\&\fIEVP_DigestSignFinal()\fR signs the data in \fIctx\fR and places the signature in \fIsig\fR. +If \fIsig\fR is \s-1NULL\s0 then the maximum size of the output buffer is written to +the \fIsiglen\fR parameter. If \fIsig\fR is not \s-1NULL\s0 then before the call the +\&\fIsiglen\fR parameter should contain the length of the \fIsig\fR buffer. If the +call is successful the signature is written to \fIsig\fR and the amount of data +written to \fIsiglen\fR. +.PP +\&\fIEVP_DigestSign()\fR signs \fItbslen\fR bytes of data at \fItbs\fR and places the +signature in \fIsig\fR and its length in \fIsiglen\fR in a similar way to +\&\fIEVP_DigestSignFinal()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_DigestSignInit()\fR, \fIEVP_DigestSignUpdate()\fR, \fIEVP_DigestSignFinal()\fR and +\&\fIEVP_DigestSign()\fR return 1 for success and 0 for failure. +.PP +The error codes can be obtained from \fIERR_get_error\fR\|(3). +.SH "NOTES" +.IX Header "NOTES" +The \fB\s-1EVP\s0\fR interface to digital signatures should almost always be used in +preference to the low level interfaces. This is because the code then becomes +transparent to the algorithm used and much more flexible. +.PP +\&\fIEVP_DigestSign()\fR is a one shot operation which signs a single block of data +in one function. For algorithms that support streaming it is equivalent to +calling \fIEVP_DigestSignUpdate()\fR and \fIEVP_DigestSignFinal()\fR. For algorithms which +do not support streaming (e.g. PureEdDSA) it is the only way to sign data. +.PP +In previous versions of OpenSSL there was a link between message digest types +and public key algorithms. This meant that \*(L"clone\*(R" digests such as \fIEVP_dss1()\fR +needed to be used to sign using \s-1SHA1\s0 and \s-1DSA\s0. This is no longer necessary and +the use of clone digest is now discouraged. +.PP +For some key types and parameters the random number generator must be seeded. +If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to +external circumstances (see \s-1\fIRAND\s0\fR\|(7)), the operation will fail. +.PP +The call to \fIEVP_DigestSignFinal()\fR internally finalizes a copy of the digest +context. This means that calls to \fIEVP_DigestSignUpdate()\fR and +\&\fIEVP_DigestSignFinal()\fR can be called later to digest and sign additional data. +.PP +Since only a copy of the digest context is ever finalized, the context must +be cleaned up after use by calling \fIEVP_MD_CTX_free()\fR or a memory leak +will occur. +.PP +The use of \fIEVP_PKEY_size()\fR with these functions is discouraged because some +signature operations may have a signature length which depends on the +parameters set. As a result \fIEVP_PKEY_size()\fR would have to return a value +which indicates the maximum possible signature for any set of parameters. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_DigestVerifyInit\fR\|(3), +\&\fIEVP_DigestInit\fR\|(3), +\&\fIevp\fR\|(7), \s-1\fIHMAC\s0\fR\|(3), \s-1\fIMD2\s0\fR\|(3), +\&\s-1\fIMD5\s0\fR\|(3), \s-1\fIMDC2\s0\fR\|(3), \s-1\fIRIPEMD160\s0\fR\|(3), +\&\s-1\fISHA1\s0\fR\|(3), \fIopenssl\-dgst\fR\|(1), +\&\s-1\fIRAND\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIEVP_DigestSignInit()\fR, \fIEVP_DigestSignUpdate()\fR and \fIEVP_DigestSignFinal()\fR +were added in OpenSSL 1.0.0. +.PP +\&\fIEVP_DigestSignInit_ex()\fR was added in OpenSSL 3.0. +.PP +\&\fIEVP_DigestSignUpdate()\fR was converted from a macro to a function in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_DigestVerifyInit.3 b/linux_amd64/ssl/share/man/man3/EVP_DigestVerifyInit.3 new file mode 100755 index 0000000..3dc8e5d --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_DigestVerifyInit.3 @@ -0,0 +1,297 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_DIGESTVERIFYINIT 3" +.TH EVP_DIGESTVERIFYINIT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_DigestVerifyInit_ex, EVP_DigestVerifyInit, EVP_DigestVerifyUpdate, +EVP_DigestVerifyFinal, EVP_DigestVerify \- EVP signature verification functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, +\& const char *mdname, const char *props, +\& EVP_PKEY *pkey, EVP_SIGNATURE *signature); +\& int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, +\& const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); +\& int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt); +\& int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, +\& size_t siglen); +\& int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, +\& size_t siglen, const unsigned char *tbs, size_t tbslen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP\s0 signature routines are a high level interface to digital signatures. +Input data is digested first before the signature verification takes place. +.PP +\&\fIEVP_DigestVerifyInit_ex()\fR sets up verification context \fBctx\fR to use a digest +with the name \fBmdname\fR and public key \fBpkey\fR. The signature algorithm +\&\fBsignature\fR will be used for the actual signature verification which must be +compatible with the public key. The name of the digest to be used is passed to +the provider of the signature algorithm in use. How that provider interprets the +digest name is provider specific. The provider may implement that digest +directly itself or it may (optionally) choose to fetch it (which could result in +a digest from a different provider being selected). If the provider supports +fetching the digest then it may use the \fBprops\fR argument for the properties to +be used during the fetch. +.PP +The \fBsignature\fR parameter may be \s-1NULL\s0 in which case a suitable signature +algorithm implementation will be implicitly fetched based on the type of key in +use. See \fIprovider\fR\|(7) for further information about providers and fetching +algorithms. +.PP +The OpenSSL default and legacy providers support fetching digests and can fetch +those digests from any available provider. The OpenSSL fips provider also +supports fetching digests but will only fetch digests that are themselves +implemented inside the fips provider. +.PP +\&\fBctx\fR must be created with \fIEVP_MD_CTX_new()\fR before calling this function. If +\&\fBpctx\fR is not \s-1NULL\s0, the \s-1EVP_PKEY_CTX\s0 of the verification operation will be +written to \fB*pctx\fR: this can be used to set alternative verification options. +Note that any existing value in \fB*pctx\fR is overwritten. The \s-1EVP_PKEY_CTX\s0 value +returned must not be freed directly by the application if \fBctx\fR is not assigned +an \s-1EVP_PKEY_CTX\s0 value before being passed to \fIEVP_DigestVerifyInit_ex()\fR (which +means the \s-1EVP_PKEY_CTX\s0 is created inside \fIEVP_DigestVerifyInit_ex()\fR and it will +be freed automatically when the \s-1EVP_MD_CTX\s0 is freed). +.PP +No \fB\s-1EVP_PKEY_CTX\s0\fR will be created by \fIEVP_DigestSignInit_ex()\fR if the passed +\&\fBctx\fR has already been assigned one via \fIEVP_MD_CTX_set_pkey_ctx\fR\|(3). See also +\&\s-1\fISM2\s0\fR\|(7). +.PP +Not all digests can be used for all key types. The following combinations apply. +.IP "\s-1DSA\s0" 4 +.IX Item "DSA" +Supports \s-1SHA1\s0, \s-1SHA224\s0, \s-1SHA256\s0, \s-1SHA384\s0 and \s-1SHA512\s0 +.IP "\s-1ECDSA\s0" 4 +.IX Item "ECDSA" +Supports \s-1SHA1\s0, \s-1SHA224\s0, \s-1SHA256\s0, \s-1SHA384\s0, \s-1SHA512\s0 and \s-1SM3\s0 +.IP "\s-1RSA\s0 with no padding" 4 +.IX Item "RSA with no padding" +Supports no digests (the digest \fBtype\fR must be \s-1NULL\s0) +.IP "\s-1RSA\s0 with X931 padding" 4 +.IX Item "RSA with X931 padding" +Supports \s-1SHA1\s0, \s-1SHA256\s0, \s-1SHA384\s0 and \s-1SHA512\s0 +.IP "All other \s-1RSA\s0 padding types" 4 +.IX Item "All other RSA padding types" +Support \s-1SHA1\s0, \s-1SHA224\s0, \s-1SHA256\s0, \s-1SHA384\s0, \s-1SHA512\s0, \s-1MD5\s0, \s-1MD5_SHA1\s0, \s-1MD2\s0, \s-1MD4\s0, \s-1MDC2\s0, +\&\s-1SHA3\-224\s0, \s-1SHA3\-256\s0, \s-1SHA3\-384\s0, \s-1SHA3\-512\s0 +.IP "Ed25519 and Ed448" 4 +.IX Item "Ed25519 and Ed448" +Support no digests (the digest \fBtype\fR must be \s-1NULL\s0) +.IP "\s-1HMAC\s0" 4 +.IX Item "HMAC" +Supports any digest +.IP "\s-1CMAC\s0, Poly1305 and SipHash" 4 +.IX Item "CMAC, Poly1305 and SipHash" +Will ignore any digest provided. +.PP +If RSA-PSS is used and restrictions apply then the digest must match. +.PP +\&\fIEVP_DigestVerifyInit()\fR works in the same way as \fIEVP_DigestVerifyInit_ex()\fR except +that the \fBmdname\fR parameter will be inferred from the supplied digest \fBtype\fR, +and \fBprops\fR will be \s-1NULL\s0. Where supplied the \s-1ENGINE\s0 \fBe\fR will be used for the +signature verification and digest algorithm implementations. \fBe\fR may be \s-1NULL\s0. +.PP +\&\fIEVP_DigestVerifyUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the +verification context \fBctx\fR. This function can be called several times on the +same \fBctx\fR to include additional data. +.PP +\&\fIEVP_DigestVerifyFinal()\fR verifies the data in \fBctx\fR against the signature in +\&\fBsig\fR of length \fBsiglen\fR. +.PP +\&\fIEVP_DigestVerify()\fR verifies \fBtbslen\fR bytes at \fBtbs\fR against the signature +in \fBsig\fR of length \fBsiglen\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_DigestVerifyInit()\fR and \fIEVP_DigestVerifyUpdate()\fR return 1 for success and 0 +for failure. +.PP +\&\fIEVP_DigestVerifyFinal()\fR and \fIEVP_DigestVerify()\fR return 1 for success; any other +value indicates failure. A return value of zero indicates that the signature +did not verify successfully (that is, \fBtbs\fR did not match the original data or +the signature had an invalid form), while other values indicate a more serious +error (and sometimes also indicate an invalid signature form). +.PP +The error codes can be obtained from \fIERR_get_error\fR\|(3). +.SH "NOTES" +.IX Header "NOTES" +The \fB\s-1EVP\s0\fR interface to digital signatures should almost always be used in +preference to the low level interfaces. This is because the code then becomes +transparent to the algorithm used and much more flexible. +.PP +\&\fIEVP_DigestVerify()\fR is a one shot operation which verifies a single block of +data in one function. For algorithms that support streaming it is equivalent +to calling \fIEVP_DigestVerifyUpdate()\fR and \fIEVP_DigestVerifyFinal()\fR. For +algorithms which do not support streaming (e.g. PureEdDSA) it is the only way +to verify data. +.PP +In previous versions of OpenSSL there was a link between message digest types +and public key algorithms. This meant that \*(L"clone\*(R" digests such as \fIEVP_dss1()\fR +needed to be used to sign using \s-1SHA1\s0 and \s-1DSA\s0. This is no longer necessary and +the use of clone digest is now discouraged. +.PP +For some key types and parameters the random number generator must be seeded. +If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to +external circumstances (see \s-1\fIRAND\s0\fR\|(7)), the operation will fail. +.PP +The call to \fIEVP_DigestVerifyFinal()\fR internally finalizes a copy of the digest +context. This means that \fIEVP_VerifyUpdate()\fR and \fIEVP_VerifyFinal()\fR can +be called later to digest and verify additional data. +.PP +Since only a copy of the digest context is ever finalized, the context must +be cleaned up after use by calling \fIEVP_MD_CTX_free()\fR or a memory leak +will occur. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_DigestSignInit\fR\|(3), +\&\fIEVP_DigestInit\fR\|(3), +\&\fIevp\fR\|(7), \s-1\fIHMAC\s0\fR\|(3), \s-1\fIMD2\s0\fR\|(3), +\&\s-1\fIMD5\s0\fR\|(3), \s-1\fIMDC2\s0\fR\|(3), \s-1\fIRIPEMD160\s0\fR\|(3), +\&\s-1\fISHA1\s0\fR\|(3), \fIopenssl\-dgst\fR\|(1), +\&\s-1\fIRAND\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIEVP_DigestVerifyInit()\fR, \fIEVP_DigestVerifyUpdate()\fR and \fIEVP_DigestVerifyFinal()\fR +were added in OpenSSL 1.0.0. +.PP +\&\fIEVP_DigestVerifyInit_ex()\fR was added in OpenSSL 3.0. +.PP +\&\fIEVP_DigestVerifyUpdate()\fR was converted from a macro to a function in OpenSSL +3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_EncodeInit.3 b/linux_amd64/ssl/share/man/man3/EVP_EncodeInit.3 new file mode 100755 index 0000000..f5eb6b8 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_EncodeInit.3 @@ -0,0 +1,284 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_ENCODEINIT 3" +.TH EVP_ENCODEINIT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_ENCODE_CTX_new, EVP_ENCODE_CTX_free, EVP_ENCODE_CTX_copy, +EVP_ENCODE_CTX_num, EVP_EncodeInit, EVP_EncodeUpdate, EVP_EncodeFinal, +EVP_EncodeBlock, EVP_DecodeInit, EVP_DecodeUpdate, EVP_DecodeFinal, +EVP_DecodeBlock \- EVP base 64 encode/decode routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void); +\& void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx); +\& int EVP_ENCODE_CTX_copy(EVP_ENCODE_CTX *dctx, EVP_ENCODE_CTX *sctx); +\& int EVP_ENCODE_CTX_num(EVP_ENCODE_CTX *ctx); +\& void EVP_EncodeInit(EVP_ENCODE_CTX *ctx); +\& int EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, +\& const unsigned char *in, int inl); +\& void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl); +\& int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n); +\& +\& void EVP_DecodeInit(EVP_ENCODE_CTX *ctx); +\& int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, +\& const unsigned char *in, int inl); +\& int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl); +\& int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP\s0 encode routines provide a high level interface to base 64 encoding and +decoding. Base 64 encoding converts binary data into a printable form that uses +the characters A\-Z, a\-z, 0\-9, \*(L"+\*(R" and \*(L"/\*(R" to represent the data. For every 3 +bytes of binary data provided 4 bytes of base 64 encoded data will be produced +plus some occasional newlines (see below). If the input data length is not a +multiple of 3 then the output data will be padded at the end using the \*(L"=\*(R" +character. +.PP +\&\fIEVP_ENCODE_CTX_new()\fR allocates, initializes and returns a context to be used for +the encode/decode functions. +.PP +\&\fIEVP_ENCODE_CTX_free()\fR cleans up an encode/decode context \fBctx\fR and frees up the +space allocated to it. +.PP +Encoding of binary data is performed in blocks of 48 input bytes (or less for +the final block). For each 48 byte input block encoded 64 bytes of base 64 data +is output plus an additional newline character (i.e. 65 bytes in total). The +final block (which may be less than 48 bytes) will output 4 bytes for every 3 +bytes of input. If the data length is not divisible by 3 then a full 4 bytes is +still output for the final 1 or 2 bytes of input. Similarly a newline character +will also be output. +.PP +\&\fIEVP_EncodeInit()\fR initialises \fBctx\fR for the start of a new encoding operation. +.PP +\&\fIEVP_EncodeUpdate()\fR encode \fBinl\fR bytes of data found in the buffer pointed to by +\&\fBin\fR. The output is stored in the buffer \fBout\fR and the number of bytes output +is stored in \fB*outl\fR. It is the caller's responsibility to ensure that the +buffer at \fBout\fR is sufficiently large to accommodate the output data. Only full +blocks of data (48 bytes) will be immediately processed and output by this +function. Any remainder is held in the \fBctx\fR object and will be processed by a +subsequent call to \fIEVP_EncodeUpdate()\fR or \fIEVP_EncodeFinal()\fR. To calculate the +required size of the output buffer add together the value of \fBinl\fR with the +amount of unprocessed data held in \fBctx\fR and divide the result by 48 (ignore +any remainder). This gives the number of blocks of data that will be processed. +Ensure the output buffer contains 65 bytes of storage for each block, plus an +additional byte for a \s-1NUL\s0 terminator. \fIEVP_EncodeUpdate()\fR may be called +repeatedly to process large amounts of input data. In the event of an error +\&\fIEVP_EncodeUpdate()\fR will set \fB*outl\fR to 0 and return 0. On success 1 will be +returned. +.PP +\&\fIEVP_EncodeFinal()\fR must be called at the end of an encoding operation. It will +process any partial block of data remaining in the \fBctx\fR object. The output +data will be stored in \fBout\fR and the length of the data written will be stored +in \fB*outl\fR. It is the caller's responsibility to ensure that \fBout\fR is +sufficiently large to accommodate the output data which will never be more than +65 bytes plus an additional \s-1NUL\s0 terminator (i.e. 66 bytes in total). +.PP +\&\fIEVP_ENCODE_CTX_copy()\fR can be used to copy a context \fBsctx\fR to a context +\&\fBdctx\fR. \fBdctx\fR must be initialized before calling this function. +.PP +\&\fIEVP_ENCODE_CTX_num()\fR will return the number of as yet unprocessed bytes still to +be encoded or decoded that are pending in the \fBctx\fR object. +.PP +\&\fIEVP_EncodeBlock()\fR encodes a full block of input data in \fBf\fR and of length +\&\fBdlen\fR and stores it in \fBt\fR. For every 3 bytes of input provided 4 bytes of +output data will be produced. If \fBdlen\fR is not divisible by 3 then the block is +encoded as a final block of data and the output is padded such that it is always +divisible by 4. Additionally a \s-1NUL\s0 terminator character will be added. For +example if 16 bytes of input data is provided then 24 bytes of encoded data is +created plus 1 byte for a \s-1NUL\s0 terminator (i.e. 25 bytes in total). The length of +the data generated \fIwithout\fR the \s-1NUL\s0 terminator is returned from the function. +.PP +\&\fIEVP_DecodeInit()\fR initialises \fBctx\fR for the start of a new decoding operation. +.PP +\&\fIEVP_DecodeUpdate()\fR decodes \fBinl\fR characters of data found in the buffer pointed +to by \fBin\fR. The output is stored in the buffer \fBout\fR and the number of bytes +output is stored in \fB*outl\fR. It is the caller's responsibility to ensure that +the buffer at \fBout\fR is sufficiently large to accommodate the output data. This +function will attempt to decode as much data as possible in 4 byte chunks. Any +whitespace, newline or carriage return characters are ignored. Any partial chunk +of unprocessed data (1, 2 or 3 bytes) that remains at the end will be held in +the \fBctx\fR object and processed by a subsequent call to \fIEVP_DecodeUpdate()\fR. If +any illegal base 64 characters are encountered or if the base 64 padding +character \*(L"=\*(R" is encountered in the middle of the data then the function returns +\&\-1 to indicate an error. A return value of 0 or 1 indicates successful +processing of the data. A return value of 0 additionally indicates that the last +input data characters processed included the base 64 padding character \*(L"=\*(R" and +therefore no more non-padding character data is expected to be processed. For +every 4 valid base 64 bytes processed (ignoring whitespace, carriage returns and +line feeds), 3 bytes of binary output data will be produced (or less at the end +of the data where the padding character \*(L"=\*(R" has been used). +.PP +\&\fIEVP_DecodeFinal()\fR must be called at the end of a decoding operation. If there +is any unprocessed data still in \fBctx\fR then the input data must not have been +a multiple of 4 and therefore an error has occurred. The function will return \-1 +in this case. Otherwise the function returns 1 on success. +.PP +\&\fIEVP_DecodeBlock()\fR will decode the block of \fBn\fR characters of base 64 data +contained in \fBf\fR and store the result in \fBt\fR. Any leading whitespace will be +trimmed as will any trailing whitespace, newlines, carriage returns or \s-1EOF\s0 +characters. After such trimming the length of the data in \fBf\fR must be divisible +by 4. For every 4 input bytes exactly 3 output bytes will be produced. The +output will be padded with 0 bits if necessary to ensure that the output is +always 3 bytes for every 4 input bytes. This function will return the length of +the data decoded or \-1 on error. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_ENCODE_CTX_new()\fR returns a pointer to the newly allocated \s-1EVP_ENCODE_CTX\s0 +object or \s-1NULL\s0 on error. +.PP +\&\fIEVP_ENCODE_CTX_num()\fR returns the number of bytes pending encoding or decoding in +\&\fBctx\fR. +.PP +\&\fIEVP_EncodeUpdate()\fR returns 0 on error or 1 on success. +.PP +\&\fIEVP_EncodeBlock()\fR returns the number of bytes encoded excluding the \s-1NUL\s0 +terminator. +.PP +\&\fIEVP_DecodeUpdate()\fR returns \-1 on error and 0 or 1 on success. If 0 is returned +then no more non-padding base 64 characters are expected. +.PP +\&\fIEVP_DecodeFinal()\fR returns \-1 on error or 1 on success. +.PP +\&\fIEVP_DecodeBlock()\fR returns the length of the data decoded or \-1 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIevp\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_EncryptInit.3 b/linux_amd64/ssl/share/man/man3/EVP_EncryptInit.3 new file mode 100755 index 0000000..0da261e --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_EncryptInit.3 @@ -0,0 +1,931 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_ENCRYPTINIT 3" +.TH EVP_ENCRYPTINIT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_CIPHER_fetch, +EVP_CIPHER_up_ref, +EVP_CIPHER_free, +EVP_CIPHER_CTX_new, +EVP_CIPHER_CTX_reset, +EVP_CIPHER_CTX_free, +EVP_EncryptInit_ex, +EVP_EncryptUpdate, +EVP_EncryptFinal_ex, +EVP_DecryptInit_ex, +EVP_DecryptUpdate, +EVP_DecryptFinal_ex, +EVP_CipherInit_ex, +EVP_CipherUpdate, +EVP_CipherFinal_ex, +EVP_CIPHER_CTX_set_key_length, +EVP_CIPHER_CTX_ctrl, +EVP_EncryptInit, +EVP_EncryptFinal, +EVP_DecryptInit, +EVP_DecryptFinal, +EVP_CipherInit, +EVP_CipherFinal, +EVP_Cipher, +EVP_get_cipherbyname, +EVP_get_cipherbynid, +EVP_get_cipherbyobj, +EVP_CIPHER_is_a, +EVP_CIPHER_name, +EVP_CIPHER_number, +EVP_CIPHER_names_do_all, +EVP_CIPHER_provider, +EVP_CIPHER_nid, +EVP_CIPHER_get_params, +EVP_CIPHER_gettable_params, +EVP_CIPHER_block_size, +EVP_CIPHER_key_length, +EVP_CIPHER_iv_length, +EVP_CIPHER_flags, +EVP_CIPHER_mode, +EVP_CIPHER_type, +EVP_CIPHER_CTX_cipher, +EVP_CIPHER_CTX_name, +EVP_CIPHER_CTX_nid, +EVP_CIPHER_CTX_get_params, +EVP_CIPHER_gettable_ctx_params, +EVP_CIPHER_CTX_set_params, +EVP_CIPHER_settable_ctx_params, +EVP_CIPHER_CTX_block_size, +EVP_CIPHER_CTX_key_length, +EVP_CIPHER_CTX_iv_length, +EVP_CIPHER_CTX_tag_length, +EVP_CIPHER_CTX_get_app_data, +EVP_CIPHER_CTX_set_app_data, +EVP_CIPHER_CTX_type, +EVP_CIPHER_CTX_flags, +EVP_CIPHER_CTX_mode, +EVP_CIPHER_param_to_asn1, +EVP_CIPHER_asn1_to_param, +EVP_CIPHER_CTX_set_padding, +EVP_enc_null, +EVP_CIPHER_do_all_provided +\&\- EVP cipher routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EVP_CIPHER *EVP_CIPHER_fetch(OPENSSL_CTX *ctx, const char *algorithm, +\& const char *properties); +\& int EVP_CIPHER_up_ref(EVP_CIPHER *cipher); +\& void EVP_CIPHER_free(EVP_CIPHER *cipher); +\& EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void); +\& int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx); +\& void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx); +\& +\& int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, +\& ENGINE *impl, const unsigned char *key, const unsigned char *iv); +\& int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, +\& int *outl, const unsigned char *in, int inl); +\& int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); +\& +\& int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, +\& ENGINE *impl, const unsigned char *key, const unsigned char *iv); +\& int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, +\& int *outl, const unsigned char *in, int inl); +\& int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); +\& +\& int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, +\& ENGINE *impl, const unsigned char *key, const unsigned char *iv, int enc); +\& int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, +\& int *outl, const unsigned char *in, int inl); +\& int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); +\& +\& int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, +\& const unsigned char *key, const unsigned char *iv); +\& int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); +\& +\& int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, +\& const unsigned char *key, const unsigned char *iv); +\& int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); +\& +\& int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, +\& const unsigned char *key, const unsigned char *iv, int enc); +\& int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); +\& +\& int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +\& const unsigned char *in, unsigned int inl); +\& +\& int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *x, int padding); +\& int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen); +\& int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); +\& int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key); +\& +\& const EVP_CIPHER *EVP_get_cipherbyname(const char *name); +\& const EVP_CIPHER *EVP_get_cipherbynid(int nid); +\& const EVP_CIPHER *EVP_get_cipherbyobj(const ASN1_OBJECT *a); +\& +\& int EVP_CIPHER_nid(const EVP_CIPHER *e); +\& int EVP_CIPHER_number(const EVP_CIPHER *e); +\& int EVP_CIPHER_is_a(const EVP_CIPHER *cipher, const char *name); +\& void EVP_CIPHER_names_do_all(const EVP_CIPHER *cipher, +\& void (*fn)(const char *name, void *data), +\& void *data); +\& const char *EVP_CIPHER_name(const EVP_CIPHER *cipher); +\& const OSSL_PROVIDER *EVP_CIPHER_provider(const EVP_CIPHER *cipher); +\& int EVP_CIPHER_block_size(const EVP_CIPHER *e); +\& int EVP_CIPHER_key_length(const EVP_CIPHER *e); +\& int EVP_CIPHER_iv_length(const EVP_CIPHER *e); +\& unsigned long EVP_CIPHER_flags(const EVP_CIPHER *e); +\& unsigned long EVP_CIPHER_mode(const EVP_CIPHER *e); +\& int EVP_CIPHER_type(const EVP_CIPHER *ctx); +\& +\& const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx); +\& int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx); +\& const char *EVP_CIPHER_CTX_name(const EVP_CIPHER_CTX *ctx); +\& +\& int EVP_CIPHER_get_params(EVP_CIPHER *cipher, OSSL_PARAM params[]); +\& int EVP_CIPHER_CTX_set_params(EVP_CIPHER_CTX *ctx, const OSSL_PARAM params[]); +\& int EVP_CIPHER_CTX_get_params(EVP_CIPHER_CTX *ctx, OSSL_PARAM params[]); +\& const OSSL_PARAM *EVP_CIPHER_gettable_params(const EVP_CIPHER *cipher); +\& const OSSL_PARAM *EVP_CIPHER_settable_ctx_params(const EVP_CIPHER *cipher); +\& const OSSL_PARAM *EVP_CIPHER_gettable_ctx_params(const EVP_CIPHER *cipher); +\& int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx); +\& int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx); +\& int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx); +\& int EVP_CIPHER_CTX_tag_length(const EVP_CIPHER_CTX *ctx); +\& void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx); +\& void EVP_CIPHER_CTX_set_app_data(const EVP_CIPHER_CTX *ctx, void *data); +\& int EVP_CIPHER_CTX_type(const EVP_CIPHER_CTX *ctx); +\& int EVP_CIPHER_CTX_mode(const EVP_CIPHER_CTX *ctx); +\& +\& int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type); +\& int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type); +\& +\& void EVP_CIPHER_do_all_provided(OPENSSL_CTX *libctx, +\& void (*fn)(EVP_CIPHER *cipher, void *arg), +\& void *arg); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP\s0 cipher routines are a high level interface to certain +symmetric ciphers. +.PP +The \fB\s-1EVP_CIPHER\s0\fR type is a structure for cipher method implementation. +.PP +\&\fIEVP_CIPHER_fetch()\fR fetches the cipher implementation for the given +\&\fBalgorithm\fR from any provider offering it, within the criteria given +by the \fBproperties\fR. +See \*(L"Fetching algorithms\*(R" in \fIprovider\fR\|(7) for further information. +.PP +The returned value must eventually be freed with \fIEVP_CIPHER_free()\fR. +.PP +\&\fIEVP_CIPHER_up_ref()\fR increments the reference count for an \fB\s-1EVP_CIPHER\s0\fR +structure. +.PP +\&\fIEVP_CIPHER_free()\fR decrements the reference count for the \fB\s-1EVP_CIPHER\s0\fR +structure. +If the reference count drops to 0 then the structure is freed. +.PP +\&\fIEVP_CIPHER_CTX_new()\fR creates a cipher context. +.PP +\&\fIEVP_CIPHER_CTX_free()\fR clears all information from a cipher context +and free up any allocated memory associate with it, including \fBctx\fR +itself. This function should be called after all operations using a +cipher are complete so sensitive information does not remain in +memory. +.PP +\&\fIEVP_EncryptInit_ex()\fR sets up cipher context \fBctx\fR for encryption +with cipher \fBtype\fR. \fBtype\fR is typically supplied by a function such +as \fIEVP_aes_256_cbc()\fR, or a value explicitly fetched with +\&\fIEVP_CIPHER_fetch()\fR. If \fBimpl\fR is non-NULL, its implementation of the +cipher \fBtype\fR is used if there is one, and if not, the default +implementation is used. \fBkey\fR is the symmetric key to use +and \fBiv\fR is the \s-1IV\s0 to use (if necessary), the actual number of bytes +used for the key and \s-1IV\s0 depends on the cipher. It is possible to set +all parameters to \s-1NULL\s0 except \fBtype\fR in an initial call and supply +the remaining parameters in subsequent calls, all of which have \fBtype\fR +set to \s-1NULL\s0. This is done when the default cipher parameters are not +appropriate. +For \s-1EVP_CIPH_GCM_MODE\s0 the \s-1IV\s0 will be generated internally if it is not +specified. +.PP +\&\fIEVP_EncryptUpdate()\fR encrypts \fBinl\fR bytes from the buffer \fBin\fR and +writes the encrypted version to \fBout\fR. This function can be called +multiple times to encrypt successive blocks of data. The amount +of data written depends on the block alignment of the encrypted data: +as a result the amount of data written may be anything from zero bytes +to (inl + cipher_block_size \- 1) so \fBout\fR should contain sufficient +room. The actual number of bytes written is placed in \fBoutl\fR. It also +checks if \fBin\fR and \fBout\fR are partially overlapping, and if they are +0 is returned to indicate failure. +.PP +If padding is enabled (the default) then \fIEVP_EncryptFinal_ex()\fR encrypts +the \*(L"final\*(R" data, that is any data that remains in a partial block. +It uses standard block padding (aka \s-1PKCS\s0 padding) as described in +the \s-1NOTES\s0 section, below. The encrypted +final data is written to \fBout\fR which should have sufficient space for +one cipher block. The number of bytes written is placed in \fBoutl\fR. After +this function is called the encryption operation is finished and no further +calls to \fIEVP_EncryptUpdate()\fR should be made. +.PP +If padding is disabled then \fIEVP_EncryptFinal_ex()\fR will not encrypt any more +data and it will return an error if any data remains in a partial block: +that is if the total data length is not a multiple of the block size. +.PP +\&\fIEVP_DecryptInit_ex()\fR, \fIEVP_DecryptUpdate()\fR and \fIEVP_DecryptFinal_ex()\fR are the +corresponding decryption operations. \fIEVP_DecryptFinal()\fR will return an +error code if padding is enabled and the final block is not correctly +formatted. The parameters and restrictions are identical to the encryption +operations except that if padding is enabled the decrypted data buffer \fBout\fR +passed to \fIEVP_DecryptUpdate()\fR should have sufficient room for +(\fBinl\fR + cipher_block_size) bytes unless the cipher block size is 1 in +which case \fBinl\fR bytes is sufficient. +.PP +\&\fIEVP_CipherInit_ex()\fR, \fIEVP_CipherUpdate()\fR and \fIEVP_CipherFinal_ex()\fR are +functions that can be used for decryption or encryption. The operation +performed depends on the value of the \fBenc\fR parameter. It should be set +to 1 for encryption, 0 for decryption and \-1 to leave the value unchanged +(the actual value of 'enc' being supplied in a previous call). +.PP +\&\fIEVP_CIPHER_CTX_reset()\fR clears all information from a cipher context +and free up any allocated memory associate with it, except the \fBctx\fR +itself. This function should be called anytime \fBctx\fR is to be reused +for another \fIEVP_CipherInit()\fR / \fIEVP_CipherUpdate()\fR / \fIEVP_CipherFinal()\fR +series of calls. +.PP +\&\fIEVP_EncryptInit()\fR, \fIEVP_DecryptInit()\fR and \fIEVP_CipherInit()\fR behave in a +similar way to \fIEVP_EncryptInit_ex()\fR, \fIEVP_DecryptInit_ex()\fR and +\&\fIEVP_CipherInit_ex()\fR except they always use the default cipher implementation. +.PP +\&\fIEVP_EncryptFinal()\fR, \fIEVP_DecryptFinal()\fR and \fIEVP_CipherFinal()\fR are +identical to \fIEVP_EncryptFinal_ex()\fR, \fIEVP_DecryptFinal_ex()\fR and +\&\fIEVP_CipherFinal_ex()\fR. In previous releases they also cleaned up +the \fBctx\fR, but this is no longer done and \fIEVP_CIPHER_CTX_clean()\fR +must be called to free any context resources. +.PP +\&\fIEVP_Cipher()\fR encrypts or decrypts a maximum \fIinl\fR amount of bytes from +\&\fIin\fR and leaves the result in \fIout\fR. +If the cipher doesn't have the flag \fB\s-1EVP_CIPH_FLAG_CUSTOM_CIPHER\s0\fR set, +then \fIinl\fR must be a multiple of \fIEVP_CIPHER_block_size()\fR. If it isn't, +the result is undefined. If the cipher has that flag set, then \fIinl\fR +can be any size. +This function is historic and shouldn't be used in an application, please +consider using \fIEVP_CipherUpdate()\fR and EVP_CipherFinal_ex instead. +.PP +\&\fIEVP_get_cipherbyname()\fR, \fIEVP_get_cipherbynid()\fR and \fIEVP_get_cipherbyobj()\fR +return an \s-1EVP_CIPHER\s0 structure when passed a cipher name, a \s-1NID\s0 or an +\&\s-1ASN1_OBJECT\s0 structure. +.PP +\&\fIEVP_CIPHER_nid()\fR and \fIEVP_CIPHER_CTX_nid()\fR return the \s-1NID\s0 of a cipher when +passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR structure. The actual \s-1NID\s0 +value is an internal value which may not have a corresponding \s-1OBJECT\s0 +\&\s-1IDENTIFIER\s0. +.PP +\&\fIEVP_CIPHER_CTX_set_padding()\fR enables or disables padding. This +function should be called after the context is set up for encryption +or decryption with \fIEVP_EncryptInit_ex()\fR, \fIEVP_DecryptInit_ex()\fR or +\&\fIEVP_CipherInit_ex()\fR. By default encryption operations are padded using +standard block padding and the padding is checked and removed when +decrypting. If the \fBpad\fR parameter is zero then no padding is +performed, the total amount of data encrypted or decrypted must then +be a multiple of the block size or an error will occur. +.PP +\&\fIEVP_CIPHER_get_params()\fR retrieves the requested list of algorithm +\&\fBparams\fR from a \fBcipher\fR. +.PP +\&\fIEVP_CIPHER_CTX_set_params()\fR Sets the list of operation \fBparams\fR into a \s-1CIPHER\s0 +context \fBctx\fR. +.PP +\&\fIEVP_CIPHER_CTX_get_params()\fR retrieves the requested list of operation +\&\fBparams\fR from \s-1CIPHER\s0 context \fBctx\fR. +.PP +\&\fIEVP_CIPHER_gettable_params()\fR, \fIEVP_CIPHER_gettable_ctx_params()\fR, and +\&\fIEVP_CIPHER_settable_ctx_params()\fR get a constant \fB\s-1OSSL_PARAM\s0\fR array +that describes the retrievable and settable parameters, i.e. parameters +that can be used with \fIEVP_CIPHER_get_params()\fR, \fIEVP_CIPHER_CTX_get_params()\fR +and \fIEVP_CIPHER_CTX_set_params()\fR, respectively. +See \s-1\fIOSSL_PARAM\s0\fR\|(3) for the use of \fB\s-1OSSL_PARAM\s0\fR as parameter descriptor. +.PP +\&\fIEVP_CIPHER_key_length()\fR and \fIEVP_CIPHER_CTX_key_length()\fR return the key +length of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR +structure. The constant \fB\s-1EVP_MAX_KEY_LENGTH\s0\fR is the maximum key length +for all ciphers. Note: although \fIEVP_CIPHER_key_length()\fR is fixed for a +given cipher, the value of \fIEVP_CIPHER_CTX_key_length()\fR may be different +for variable key length ciphers. +.PP +\&\fIEVP_CIPHER_CTX_set_key_length()\fR sets the key length of the cipher ctx. +If the cipher is a fixed length cipher then attempting to set the key +length to any value other than the fixed value is an error. +.PP +\&\fIEVP_CIPHER_iv_length()\fR and \fIEVP_CIPHER_CTX_iv_length()\fR return the \s-1IV\s0 +length of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR. +It will return zero if the cipher does not use an \s-1IV\s0. The constant +\&\fB\s-1EVP_MAX_IV_LENGTH\s0\fR is the maximum \s-1IV\s0 length for all ciphers. +.PP +\&\fIEVP_CIPHER_CTX_tag_length()\fR returns the tag length of a \s-1AEAD\s0 cipher when passed +a \fB\s-1EVP_CIPHER_CTX\s0\fR. It will return zero if the cipher does not support a tag. +It returns a default value if the tag length has not been set. +.PP +\&\fIEVP_CIPHER_block_size()\fR and \fIEVP_CIPHER_CTX_block_size()\fR return the block +size of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR +structure. The constant \fB\s-1EVP_MAX_BLOCK_LENGTH\s0\fR is also the maximum block +length for all ciphers. +.PP +\&\fIEVP_CIPHER_type()\fR and \fIEVP_CIPHER_CTX_type()\fR return the type of the passed +cipher or context. This \*(L"type\*(R" is the actual \s-1NID\s0 of the cipher \s-1OBJECT\s0 +\&\s-1IDENTIFIER\s0 as such it ignores the cipher parameters and 40 bit \s-1RC2\s0 and +128 bit \s-1RC2\s0 have the same \s-1NID\s0. If the cipher does not have an object +identifier or does not have \s-1ASN1\s0 support this function will return +\&\fBNID_undef\fR. +.PP +\&\fIEVP_CIPHER_is_a()\fR returns 1 if \fIcipher\fR is an implementation of an +algorithm that's identifiable with \fIname\fR, otherwise 0. +If \fIcipher\fR is a legacy cipher (it's the return value from the likes +of \fIEVP_aes128()\fR rather than the result of an \fIEVP_CIPHER_fetch()\fR), only +cipher names registered with the default library context (see +\&\s-1\fIOPENSSL_CTX\s0\fR\|(3)) will be considered. +.PP +\&\fIEVP_CIPHER_number()\fR returns the internal dynamic number assigned to +the \fIcipher\fR. This is only useful with fetched \fB\s-1EVP_CIPHER\s0\fRs. +.PP +\&\fIEVP_CIPHER_name()\fR and \fIEVP_CIPHER_CTX_name()\fR return the name of the passed +cipher or context. For fetched ciphers with multiple names, only one +of them is returned; it's recommended to use \fIEVP_CIPHER_names_do_all()\fR +instead. +.PP +\&\fIEVP_CIPHER_names_do_all()\fR traverses all names for the \fIcipher\fR, and +calls \fIfn\fR with each name and \fIdata\fR. This is only useful with +fetched \fB\s-1EVP_CIPHER\s0\fRs. +.PP +\&\fIEVP_CIPHER_provider()\fR returns an \fB\s-1OSSL_PROVIDER\s0\fR pointer to the provider +that implements the given \fB\s-1EVP_CIPHER\s0\fR. +.PP +\&\fIEVP_CIPHER_CTX_cipher()\fR returns the \fB\s-1EVP_CIPHER\s0\fR structure when passed +an \fB\s-1EVP_CIPHER_CTX\s0\fR structure. +.PP +\&\fIEVP_CIPHER_mode()\fR and \fIEVP_CIPHER_CTX_mode()\fR return the block cipher mode: +\&\s-1EVP_CIPH_ECB_MODE\s0, \s-1EVP_CIPH_CBC_MODE\s0, \s-1EVP_CIPH_CFB_MODE\s0, \s-1EVP_CIPH_OFB_MODE\s0, +\&\s-1EVP_CIPH_CTR_MODE\s0, \s-1EVP_CIPH_GCM_MODE\s0, \s-1EVP_CIPH_CCM_MODE\s0, \s-1EVP_CIPH_XTS_MODE\s0, +\&\s-1EVP_CIPH_WRAP_MODE\s0, \s-1EVP_CIPH_OCB_MODE\s0 or \s-1EVP_CIPH_SIV_MODE\s0. If the cipher is a +stream cipher then \s-1EVP_CIPH_STREAM_CIPHER\s0 is returned. +.PP +\&\fIEVP_CIPHER_flags()\fR returns any flags associated with the cipher. See +\&\fIEVP_CIPHER_meth_set_flags()\fR for a list of currently defined flags. +.PP +\&\fIEVP_CIPHER_param_to_asn1()\fR sets the AlgorithmIdentifier \*(L"parameter\*(R" based +on the passed cipher. This will typically include any parameters and an +\&\s-1IV\s0. The cipher \s-1IV\s0 (if any) must be set when this call is made. This call +should be made before the cipher is actually \*(L"used\*(R" (before any +\&\fIEVP_EncryptUpdate()\fR, \fIEVP_DecryptUpdate()\fR calls for example). This function +may fail if the cipher does not have any \s-1ASN1\s0 support. +.PP +\&\fIEVP_CIPHER_asn1_to_param()\fR sets the cipher parameters based on an \s-1ASN1\s0 +AlgorithmIdentifier \*(L"parameter\*(R". The precise effect depends on the cipher +In the case of \s-1RC2\s0, for example, it will set the \s-1IV\s0 and effective key length. +This function should be called after the base cipher type is set but before +the key is set. For example \fIEVP_CipherInit()\fR will be called with the \s-1IV\s0 and +key set to \s-1NULL\s0, \fIEVP_CIPHER_asn1_to_param()\fR will be called and finally +\&\fIEVP_CipherInit()\fR again with all parameters except the key set to \s-1NULL\s0. It is +possible for this function to fail if the cipher does not have any \s-1ASN1\s0 support +or the parameters cannot be set (for example the \s-1RC2\s0 effective key length +is not supported. +.PP +\&\fIEVP_CIPHER_CTX_ctrl()\fR allows various cipher specific parameters to be determined +and set. +.PP +\&\fIEVP_CIPHER_CTX_rand_key()\fR generates a random key of the appropriate length +based on the cipher context. The \s-1EVP_CIPHER\s0 can provide its own random key +generation routine to support keys of a specific form. \fBKey\fR must point to a +buffer at least as big as the value returned by \fIEVP_CIPHER_CTX_key_length()\fR. +.PP +\&\fIEVP_CIPHER_do_all_provided()\fR traverses all ciphers implemented by all activated +providers in the given library context \fIlibctx\fR, and for each of the +implementations, calls the given function \fIfn\fR with the implementation method +and the given \fIarg\fR as argument. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_CIPHER_fetch()\fR returns a pointer to a \fB\s-1EVP_CIPHER\s0\fR for success +and \fB\s-1NULL\s0\fR for failure. +.PP +\&\fIEVP_CIPHER_up_ref()\fR returns 1 for success or 0 otherwise. +.PP +\&\fIEVP_CIPHER_CTX_new()\fR returns a pointer to a newly created +\&\fB\s-1EVP_CIPHER_CTX\s0\fR for success and \fB\s-1NULL\s0\fR for failure. +.PP +\&\fIEVP_EncryptInit_ex()\fR, \fIEVP_EncryptUpdate()\fR and \fIEVP_EncryptFinal_ex()\fR +return 1 for success and 0 for failure. +.PP +\&\fIEVP_DecryptInit_ex()\fR and \fIEVP_DecryptUpdate()\fR return 1 for success and 0 for failure. +\&\fIEVP_DecryptFinal_ex()\fR returns 0 if the decrypt failed or 1 for success. +.PP +\&\fIEVP_CipherInit_ex()\fR and \fIEVP_CipherUpdate()\fR return 1 for success and 0 for failure. +\&\fIEVP_CipherFinal_ex()\fR returns 0 for a decryption failure or 1 for success. +.PP +\&\fIEVP_Cipher()\fR returns the amount of encrypted / decrypted bytes, or \-1 +on failure, if the flag \fB\s-1EVP_CIPH_FLAG_CUSTOM_CIPHER\s0\fR is set for the +cipher. \fIEVP_Cipher()\fR returns 1 on success or 0 on failure, if the flag +\&\fB\s-1EVP_CIPH_FLAG_CUSTOM_CIPHER\s0\fR is not set for the cipher. +.PP +\&\fIEVP_CIPHER_CTX_reset()\fR returns 1 for success and 0 for failure. +.PP +\&\fIEVP_get_cipherbyname()\fR, \fIEVP_get_cipherbynid()\fR and \fIEVP_get_cipherbyobj()\fR +return an \fB\s-1EVP_CIPHER\s0\fR structure or \s-1NULL\s0 on error. +.PP +\&\fIEVP_CIPHER_nid()\fR and \fIEVP_CIPHER_CTX_nid()\fR return a \s-1NID\s0. +.PP +\&\fIEVP_CIPHER_block_size()\fR and \fIEVP_CIPHER_CTX_block_size()\fR return the block +size. +.PP +\&\fIEVP_CIPHER_key_length()\fR and \fIEVP_CIPHER_CTX_key_length()\fR return the key +length. +.PP +\&\fIEVP_CIPHER_CTX_set_padding()\fR always returns 1. +.PP +\&\fIEVP_CIPHER_iv_length()\fR and \fIEVP_CIPHER_CTX_iv_length()\fR return the \s-1IV\s0 +length or zero if the cipher does not use an \s-1IV\s0. +.PP +\&\fIEVP_CIPHER_CTX_tag_length()\fR return the tag length or zero if the cipher does not +use a tag. +.PP +\&\fIEVP_CIPHER_type()\fR and \fIEVP_CIPHER_CTX_type()\fR return the \s-1NID\s0 of the cipher's +\&\s-1OBJECT\s0 \s-1IDENTIFIER\s0 or NID_undef if it has no defined \s-1OBJECT\s0 \s-1IDENTIFIER\s0. +.PP +\&\fIEVP_CIPHER_CTX_cipher()\fR returns an \fB\s-1EVP_CIPHER\s0\fR structure. +.PP +\&\fIEVP_CIPHER_param_to_asn1()\fR and \fIEVP_CIPHER_asn1_to_param()\fR return greater +than zero for success and zero or a negative number on failure. +.PP +\&\fIEVP_CIPHER_CTX_rand_key()\fR returns 1 for success. +.SH "CIPHER LISTING" +.IX Header "CIPHER LISTING" +All algorithms have a fixed key length unless otherwise stated. +.PP +Refer to \*(L"\s-1SEE\s0 \s-1ALSO\s0\*(R" for the full list of ciphers available through the \s-1EVP\s0 +interface. +.IP "\fIEVP_enc_null()\fR" 4 +.IX Item "EVP_enc_null()" +Null cipher: does nothing. +.SH "AEAD INTERFACE" +.IX Header "AEAD INTERFACE" +The \s-1EVP\s0 interface for Authenticated Encryption with Associated Data (\s-1AEAD\s0) +modes are subtly altered and several additional \fIctrl\fR operations are supported +depending on the mode specified. +.PP +To specify additional authenticated data (\s-1AAD\s0), a call to \fIEVP_CipherUpdate()\fR, +\&\fIEVP_EncryptUpdate()\fR or \fIEVP_DecryptUpdate()\fR should be made with the output +parameter \fBout\fR set to \fB\s-1NULL\s0\fR. +.PP +When decrypting, the return value of \fIEVP_DecryptFinal()\fR or \fIEVP_CipherFinal()\fR +indicates whether the operation was successful. If it does not indicate success, +the authentication operation has failed and any output data \fB\s-1MUST\s0 \s-1NOT\s0\fR be used +as it is corrupted. +.SS "\s-1GCM\s0 and \s-1OCB\s0 Modes" +.IX Subsection "GCM and OCB Modes" +The following \fIctrl\fRs are supported in \s-1GCM\s0 and \s-1OCB\s0 modes. +.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_SET_IVLEN\s0, ivlen, \s-1NULL\s0)" 4 +.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL)" +Sets the \s-1IV\s0 length. This call can only be made before specifying an \s-1IV\s0. If +not called a default \s-1IV\s0 length is used. +.Sp +For \s-1GCM\s0 \s-1AES\s0 and \s-1OCB\s0 \s-1AES\s0 the default is 12 (i.e. 96 bits). For \s-1OCB\s0 mode the +maximum is 15. +.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_GET_TAG\s0, taglen, tag)" 4 +.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag)" +Writes \f(CW\*(C`taglen\*(C'\fR bytes of the tag value to the buffer indicated by \f(CW\*(C`tag\*(C'\fR. +This call can only be made when encrypting data and \fBafter\fR all data has been +processed (e.g. after an \fIEVP_EncryptFinal()\fR call). +.Sp +For \s-1OCB\s0, \f(CW\*(C`taglen\*(C'\fR must either be 16 or the value previously set via +\&\fB\s-1EVP_CTRL_AEAD_SET_TAG\s0\fR. +.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_SET_TAG\s0, taglen, tag)" 4 +.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag)" +Sets the expected tag to \f(CW\*(C`taglen\*(C'\fR bytes from \f(CW\*(C`tag\*(C'\fR. +The tag length can only be set before specifying an \s-1IV\s0. +\&\f(CW\*(C`taglen\*(C'\fR must be between 1 and 16 inclusive. +.Sp +For \s-1GCM\s0, this call is only valid when decrypting data. +.Sp +For \s-1OCB\s0, this call is valid when decrypting data to set the expected tag, +and before encryption to set the desired tag length. +.Sp +In \s-1OCB\s0 mode, calling this before encryption with \f(CW\*(C`tag\*(C'\fR set to \f(CW\*(C`NULL\*(C'\fR sets the +tag length. If this is not called prior to encryption, a default tag length is +used. +.Sp +For \s-1OCB\s0 \s-1AES\s0, the default tag length is 16 (i.e. 128 bits). It is also the +maximum tag length for \s-1OCB\s0. +.SS "\s-1CCM\s0 Mode" +.IX Subsection "CCM Mode" +The \s-1EVP\s0 interface for \s-1CCM\s0 mode is similar to that of the \s-1GCM\s0 mode but with a +few additional requirements and different \fIctrl\fR values. +.PP +For \s-1CCM\s0 mode, the total plaintext or ciphertext length \fB\s-1MUST\s0\fR be passed to +\&\fIEVP_CipherUpdate()\fR, \fIEVP_EncryptUpdate()\fR or \fIEVP_DecryptUpdate()\fR with the output +and input parameters (\fBin\fR and \fBout\fR) set to \fB\s-1NULL\s0\fR and the length passed in +the \fBinl\fR parameter. +.PP +The following \fIctrl\fRs are supported in \s-1CCM\s0 mode. +.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_SET_TAG\s0, taglen, tag)" 4 +.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag)" +This call is made to set the expected \fB\s-1CCM\s0\fR tag value when decrypting or +the length of the tag (with the \f(CW\*(C`tag\*(C'\fR parameter set to \s-1NULL\s0) when encrypting. +The tag length is often referred to as \fBM\fR. If not set a default value is +used (12 for \s-1AES\s0). When decrypting, the tag needs to be set before passing +in data to be decrypted, but as in \s-1GCM\s0 and \s-1OCB\s0 mode, it can be set after +passing additional authenticated data (see \*(L"\s-1AEAD\s0 \s-1INTERFACE\s0\*(R"). +.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_CCM_SET_L\s0, ivlen, \s-1NULL\s0)" 4 +.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_L, ivlen, NULL)" +Sets the \s-1CCM\s0 \fBL\fR value. If not set a default is used (8 for \s-1AES\s0). +.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_SET_IVLEN\s0, ivlen, \s-1NULL\s0)" 4 +.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL)" +Sets the \s-1CCM\s0 nonce (\s-1IV\s0) length. This call can only be made before specifying an +nonce value. The nonce length is given by \fB15 \- L\fR so it is 7 by default for +\&\s-1AES\s0. +.SS "\s-1SIV\s0 Mode" +.IX Subsection "SIV Mode" +For \s-1SIV\s0 mode ciphers the behaviour of the \s-1EVP\s0 interface is subtly +altered and several additional ctrl operations are supported. +.PP +To specify any additional authenticated data (\s-1AAD\s0) and/or a Nonce, a call to +\&\fIEVP_CipherUpdate()\fR, \fIEVP_EncryptUpdate()\fR or \fIEVP_DecryptUpdate()\fR should be made +with the output parameter \fBout\fR set to \fB\s-1NULL\s0\fR. +.PP +\&\s-1RFC5297\s0 states that the Nonce is the last piece of \s-1AAD\s0 before the actual +encrypt/decrypt takes place. The \s-1API\s0 does not differentiate the Nonce from +other \s-1AAD\s0. +.PP +When decrypting the return value of \fIEVP_DecryptFinal()\fR or \fIEVP_CipherFinal()\fR +indicates if the operation was successful. If it does not indicate success +the authentication operation has failed and any output data \fB\s-1MUST\s0 \s-1NOT\s0\fR +be used as it is corrupted. +.PP +The following ctrls are supported in both \s-1SIV\s0 modes. +.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_GET_TAG\s0, taglen, tag);" 4 +.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag);" +Writes \fBtaglen\fR bytes of the tag value to the buffer indicated by \fBtag\fR. +This call can only be made when encrypting data and \fBafter\fR all data has been +processed (e.g. after an \fIEVP_EncryptFinal()\fR call). For \s-1SIV\s0 mode the taglen must +be 16. +.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_SET_TAG\s0, taglen, tag);" 4 +.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag);" +Sets the expected tag to \fBtaglen\fR bytes from \fBtag\fR. This call is only legal +when decrypting data and must be made \fBbefore\fR any data is processed (e.g. +before any \fIEVP_DecryptUpdate()\fR call). For \s-1SIV\s0 mode the taglen must be 16. +.PP +\&\s-1SIV\s0 mode makes two passes over the input data, thus, only one call to +\&\fIEVP_CipherUpdate()\fR, \fIEVP_EncryptUpdate()\fR or \fIEVP_DecryptUpdate()\fR should be made +with \fBout\fR set to a non\-\fB\s-1NULL\s0\fR value. A call to \fIEVP_Decrypt_Final()\fR or +\&\fIEVP_CipherFinal()\fR is not required, but will indicate if the update +operation succeeded. +.SS "ChaCha20\-Poly1305" +.IX Subsection "ChaCha20-Poly1305" +The following \fIctrl\fRs are supported for the ChaCha20\-Poly1305 \s-1AEAD\s0 algorithm. +.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_SET_IVLEN\s0, ivlen, \s-1NULL\s0)" 4 +.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL)" +Sets the nonce length. This call can only be made before specifying the nonce. +If not called a default nonce length of 12 (i.e. 96 bits) is used. The maximum +nonce length is 12 bytes (i.e. 96\-bits). If a nonce of less than 12 bytes is set +then the nonce is automatically padded with leading 0 bytes to make it 12 bytes +in length. +.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_GET_TAG\s0, taglen, tag)" 4 +.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag)" +Writes \f(CW\*(C`taglen\*(C'\fR bytes of the tag value to the buffer indicated by \f(CW\*(C`tag\*(C'\fR. +This call can only be made when encrypting data and \fBafter\fR all data has been +processed (e.g. after an \fIEVP_EncryptFinal()\fR call). +.Sp +\&\f(CW\*(C`taglen\*(C'\fR specified here must be 16 (\fB\s-1POLY1305_BLOCK_SIZE\s0\fR, i.e. 128\-bits) or +less. +.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_SET_TAG\s0, taglen, tag)" 4 +.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag)" +Sets the expected tag to \f(CW\*(C`taglen\*(C'\fR bytes from \f(CW\*(C`tag\*(C'\fR. +The tag length can only be set before specifying an \s-1IV\s0. +\&\f(CW\*(C`taglen\*(C'\fR must be between 1 and 16 (\fB\s-1POLY1305_BLOCK_SIZE\s0\fR) inclusive. +This call is only valid when decrypting data. +.SH "NOTES" +.IX Header "NOTES" +Where possible the \fB\s-1EVP\s0\fR interface to symmetric ciphers should be used in +preference to the low level interfaces. This is because the code then becomes +transparent to the cipher used and much more flexible. Additionally, the +\&\fB\s-1EVP\s0\fR interface will ensure the use of platform specific cryptographic +acceleration such as AES-NI (the low level interfaces do not provide the +guarantee). +.PP +\&\s-1PKCS\s0 padding works by adding \fBn\fR padding bytes of value \fBn\fR to make the total +length of the encrypted data a multiple of the block size. Padding is always +added so if the data is already a multiple of the block size \fBn\fR will equal +the block size. For example if the block size is 8 and 11 bytes are to be +encrypted then 5 padding bytes of value 5 will be added. +.PP +When decrypting the final block is checked to see if it has the correct form. +.PP +Although the decryption operation can produce an error if padding is enabled, +it is not a strong test that the input data or key is correct. A random block +has better than 1 in 256 chance of being of the correct format and problems with +the input data earlier on will not produce a final decrypt error. +.PP +If padding is disabled then the decryption operation will always succeed if +the total amount of data decrypted is a multiple of the block size. +.PP +The functions \fIEVP_EncryptInit()\fR, \fIEVP_EncryptFinal()\fR, \fIEVP_DecryptInit()\fR, +\&\fIEVP_CipherInit()\fR and \fIEVP_CipherFinal()\fR are obsolete but are retained for +compatibility with existing code. New code should use \fIEVP_EncryptInit_ex()\fR, +\&\fIEVP_EncryptFinal_ex()\fR, \fIEVP_DecryptInit_ex()\fR, \fIEVP_DecryptFinal_ex()\fR, +\&\fIEVP_CipherInit_ex()\fR and \fIEVP_CipherFinal_ex()\fR because they can reuse an +existing context without allocating and freeing it up on each call. +.PP +There are some differences between functions \fIEVP_CipherInit()\fR and +\&\fIEVP_CipherInit_ex()\fR, significant in some circumstances. \fIEVP_CipherInit()\fR fills +the passed context object with zeros. As a consequence, \fIEVP_CipherInit()\fR does +not allow step-by-step initialization of the ctx when the \fIkey\fR and \fIiv\fR are +passed in separate calls. It also means that the flags set for the \s-1CTX\s0 are +removed, and it is especially important for the +\&\fB\s-1EVP_CIPHER_CTX_FLAG_WRAP_ALLOW\s0\fR flag treated specially in +\&\fIEVP_CipherInit_ex()\fR. +.PP +\&\fIEVP_get_cipherbynid()\fR, and \fIEVP_get_cipherbyobj()\fR are implemented as macros. +.SH "BUGS" +.IX Header "BUGS" +\&\fB\s-1EVP_MAX_KEY_LENGTH\s0\fR and \fB\s-1EVP_MAX_IV_LENGTH\s0\fR only refer to the internal +ciphers with default key lengths. If custom ciphers exceed these values the +results are unpredictable. This is because it has become standard practice to +define a generic key as a fixed unsigned char array containing +\&\fB\s-1EVP_MAX_KEY_LENGTH\s0\fR bytes. +.PP +The \s-1ASN1\s0 code is incomplete (and sometimes inaccurate) it has only been tested +for certain common S/MIME ciphers (\s-1RC2\s0, \s-1DES\s0, triple \s-1DES\s0) in \s-1CBC\s0 mode. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Encrypt a string using \s-1IDEA:\s0 +.PP +.Vb 10 +\& int do_crypt(char *outfile) +\& { +\& unsigned char outbuf[1024]; +\& int outlen, tmplen; +\& /* +\& * Bogus key and IV: we\*(Aqd normally set these from +\& * another source. +\& */ +\& unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15}; +\& unsigned char iv[] = {1,2,3,4,5,6,7,8}; +\& char intext[] = "Some Crypto Text"; +\& EVP_CIPHER_CTX *ctx; +\& FILE *out; +\& +\& ctx = EVP_CIPHER_CTX_new(); +\& EVP_EncryptInit_ex(ctx, EVP_idea_cbc(), NULL, key, iv); +\& +\& if (!EVP_EncryptUpdate(ctx, outbuf, &outlen, intext, strlen(intext))) { +\& /* Error */ +\& EVP_CIPHER_CTX_free(ctx); +\& return 0; +\& } +\& /* +\& * Buffer passed to EVP_EncryptFinal() must be after data just +\& * encrypted to avoid overwriting it. +\& */ +\& if (!EVP_EncryptFinal_ex(ctx, outbuf + outlen, &tmplen)) { +\& /* Error */ +\& EVP_CIPHER_CTX_free(ctx); +\& return 0; +\& } +\& outlen += tmplen; +\& EVP_CIPHER_CTX_free(ctx); +\& /* +\& * Need binary mode for fopen because encrypted data is +\& * binary data. Also cannot use strlen() on it because +\& * it won\*(Aqt be NUL terminated and may contain embedded +\& * NULs. +\& */ +\& out = fopen(outfile, "wb"); +\& if (out == NULL) { +\& /* Error */ +\& return 0; +\& } +\& fwrite(outbuf, 1, outlen, out); +\& fclose(out); +\& return 1; +\& } +.Ve +.PP +The ciphertext from the above example can be decrypted using the \fBopenssl\fR +utility with the command line (shown on two lines for clarity): +.PP +.Vb 2 +\& openssl idea \-d \e +\& \-K 000102030405060708090A0B0C0D0E0F \-iv 0102030405060708 . diff --git a/linux_amd64/ssl/share/man/man3/EVP_KDF.3 b/linux_amd64/ssl/share/man/man3/EVP_KDF.3 new file mode 100755 index 0000000..fc34d52 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_KDF.3 @@ -0,0 +1,390 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_KDF 3" +.TH EVP_KDF 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_KDF, EVP_KDF_fetch, EVP_KDF_free, EVP_KDF_up_ref, +EVP_KDF_CTX, EVP_KDF_CTX_new, EVP_KDF_CTX_free, EVP_KDF_CTX_dup, +EVP_KDF_reset, EVP_KDF_derive, +EVP_KDF_size, EVP_KDF_provider, EVP_KDF_CTX_kdf, EVP_KDF_is_a, +EVP_KDF_number, EVP_KDF_names_do_all, +EVP_KDF_CTX_get_params, EVP_KDF_CTX_set_params, EVP_KDF_do_all_provided, +EVP_KDF_get_params, EVP_KDF_gettable_ctx_params, EVP_KDF_settable_ctx_params, +EVP_KDF_gettable_params \- EVP KDF routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct evp_kdf_st EVP_KDF; +\& typedef struct evp_kdf_ctx_st EVP_KDF_CTX; +\& +\& EVP_KDF_CTX *EVP_KDF_CTX_new(const EVP_KDF *kdf); +\& const EVP_KDF *EVP_KDF_CTX_kdf(EVP_KDF_CTX *ctx); +\& void EVP_KDF_CTX_free(EVP_KDF_CTX *ctx); +\& EVP_KDF_CTX *EVP_KDF_CTX_dup(const EVP_KDF_CTX *src); +\& void EVP_KDF_reset(EVP_KDF_CTX *ctx); +\& size_t EVP_KDF_size(EVP_KDF_CTX *ctx); +\& int EVP_KDF_derive(EVP_KDF_CTX *ctx, unsigned char *key, size_t keylen); +\& int EVP_KDF_up_ref(EVP_KDF *kdf); +\& void EVP_KDF_free(EVP_KDF *kdf); +\& EVP_KDF *EVP_KDF_fetch(OPENSSL_CTX *libctx, const char *algorithm, +\& const char *properties); +\& int EVP_KDF_number(const EVP_KDF *kdf); +\& int EVP_KDF_is_a(const EVP_KDF *kdf, const char *name); +\& const OSSL_PROVIDER *EVP_KDF_provider(const EVP_KDF *kdf); +\& void EVP_KDF_do_all_provided(OPENSSL_CTX *libctx, +\& void (*fn)(EVP_KDF *kdf, void *arg), +\& void *arg); +\& void EVP_KDF_names_do_all(const EVP_KDF *kdf, +\& void (*fn)(const char *name, void *data), +\& void *data); +\& int EVP_KDF_get_params(EVP_KDF *kdf, OSSL_PARAM params[]); +\& int EVP_KDF_CTX_get_params(EVP_KDF_CTX *ctx, OSSL_PARAM params[]); +\& int EVP_KDF_CTX_set_params(EVP_KDF_CTX *ctx, const OSSL_PARAM params[]); +\& const OSSL_PARAM *EVP_KDF_gettable_params(const EVP_KDF *kdf); +\& const OSSL_PARAM *EVP_KDF_gettable_ctx_params(const EVP_KDF *kdf); +\& const OSSL_PARAM *EVP_KDF_settable_ctx_params(const EVP_KDF *kdf); +\& const OSSL_PROVIDER *EVP_KDF_provider(const EVP_KDF *kdf); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP\s0 \s-1KDF\s0 routines are a high level interface to Key Derivation Function +algorithms and should be used instead of algorithm-specific functions. +.PP +After creating a \fB\s-1EVP_KDF_CTX\s0\fR for the required algorithm using +\&\fIEVP_KDF_CTX_new()\fR, inputs to the algorithm are supplied +using calls to \fIEVP_KDF_CTX_set_params()\fR before +calling \fIEVP_KDF_derive()\fR to derive the key. +.SS "Types" +.IX Subsection "Types" +\&\fB\s-1EVP_KDF\s0\fR is a type that holds the implementation of a \s-1KDF\s0. +.PP +\&\fB\s-1EVP_KDF_CTX\s0\fR is a context type that holds the algorithm inputs. +.SS "Algorithm implementation fetching" +.IX Subsection "Algorithm implementation fetching" +\&\fIEVP_KDF_fetch()\fR fetches an implementation of a \s-1KDF\s0 \fIalgorithm\fR, given +a library context \fIlibctx\fR and a set of \fIproperties\fR. +See \*(L"Fetching algorithms\*(R" in \fIprovider\fR\|(7) for further information. +.PP +The returned value must eventually be freed with +\&\fIEVP_KDF_free\fR\|(3). +.PP +\&\fIEVP_KDF_up_ref()\fR increments the reference count of an already fetched +\&\s-1KDF\s0. +.PP +\&\fIEVP_KDF_free()\fR frees a fetched algorithm. +\&\s-1NULL\s0 is a valid parameter, for which this function is a no-op. +.SS "Context manipulation functions" +.IX Subsection "Context manipulation functions" +\&\fIEVP_KDF_CTX_new()\fR creates a new context for the \s-1KDF\s0 implementation \fIkdf\fR. +.PP +\&\fIEVP_KDF_CTX_free()\fR frees up the context \fIctx\fR. If \fIctx\fR is \s-1NULL\s0, nothing +is done. +.PP +\&\fIEVP_KDF_CTX_kdf()\fR returns the \fB\s-1EVP_KDF\s0\fR associated with the context +\&\fIctx\fR. +.SS "Computing functions" +.IX Subsection "Computing functions" +\&\fIEVP_KDF_reset()\fR resets the context to the default state as if the context +had just been created. +.PP +\&\fIEVP_KDF_derive()\fR derives \fIkeylen\fR bytes of key material and places it in the +\&\fIkey\fR buffer. If the algorithm produces a fixed amount of output then an +error will occur unless the \fIkeylen\fR parameter is equal to that output size, +as returned by \fIEVP_KDF_size()\fR. +.PP +\&\fIEVP_KDF_get_params()\fR retrieves details about the implementation +\&\fIkdf\fR. +The set of parameters given with \fIparams\fR determine exactly what +parameters should be retrieved. +Note that a parameter that is unknown in the underlying context is +simply ignored. +.PP +\&\fIEVP_KDF_CTX_get_params()\fR retrieves chosen parameters, given the +context \fIctx\fR and its underlying context. +The set of parameters given with \fIparams\fR determine exactly what +parameters should be retrieved. +Note that a parameter that is unknown in the underlying context is +simply ignored. +.PP +\&\fIEVP_KDF_CTX_set_params()\fR passes chosen parameters to the underlying +context, given a context \fIctx\fR. +The set of parameters given with \fIparams\fR determine exactly what +parameters are passed down. +Note that a parameter that is unknown in the underlying context is +simply ignored. +Also, what happens when a needed parameter isn't passed down is +defined by the implementation. +.PP +\&\fIEVP_KDF_gettable_params()\fR, \fIEVP_KDF_gettable_ctx_params()\fR and +\&\fIEVP_KDF_settable_ctx_params()\fR get a constant \fB\s-1OSSL_PARAM\s0\fR array that +describes the retrievable and settable parameters, i.e. parameters that +can be used with \fIEVP_KDF_get_params()\fR, \fIEVP_KDF_CTX_get_params()\fR +and \fIEVP_KDF_CTX_set_params()\fR, respectively. +See \s-1\fIOSSL_PARAM\s0\fR\|(3) for the use of \fB\s-1OSSL_PARAM\s0\fR as parameter descriptor. +.SS "Information functions" +.IX Subsection "Information functions" +\&\fIEVP_KDF_size()\fR returns the output size if the algorithm produces a fixed amount +of output and \fB\s-1SIZE_MAX\s0\fR otherwise. If an error occurs then 0 is returned. +For some algorithms an error may result if input parameters necessary to +calculate a fixed output size have not yet been supplied. +.PP +\&\fIEVP_KDF_is_a()\fR returns 1 if \fIkdf\fR is an implementation of an +algorithm that's identifiable with \fIname\fR, otherwise 0. +.PP +\&\fIEVP_KDF_provider()\fR returns the provider that holds the implementation +of the given \fIkdf\fR. +.PP +\&\fIEVP_KDF_do_all_provided()\fR traverses all \s-1KDF\s0 implemented by all activated +providers in the given library context \fIlibctx\fR, and for each of the +implementations, calls the given function \fIfn\fR with the implementation method +and the given \fIarg\fR as argument. +.PP +\&\fIEVP_KDF_number()\fR returns the internal dynamic number assigned to +\&\fIkdf\fR. +.PP +\&\fIEVP_KDF_names_do_all()\fR traverses all names for \fIkdf\fR, and calls +\&\fIfn\fR with each name and \fIdata\fR. +.SH "PARAMETERS" +.IX Header "PARAMETERS" +The standard parameter names are: +.ie n .IP """pass"" (\fB\s-1OSSL_KDF_PARAM_PASSWORD\s0\fR) " 4 +.el .IP "``pass'' (\fB\s-1OSSL_KDF_PARAM_PASSWORD\s0\fR) " 4 +.IX Item "pass (OSSL_KDF_PARAM_PASSWORD) " +Some \s-1KDF\s0 implementations require a password. +For those \s-1KDF\s0 implementations that support it, this parameter sets the password. +.ie n .IP """salt"" (\fB\s-1OSSL_KDF_PARAM_SALT\s0\fR) " 4 +.el .IP "``salt'' (\fB\s-1OSSL_KDF_PARAM_SALT\s0\fR) " 4 +.IX Item "salt (OSSL_KDF_PARAM_SALT) " +Some \s-1KDF\s0 implementations can take a salt. +For those \s-1KDF\s0 implementations that support it, this parameter sets the salt. +.Sp +The default value, if any, is implementation dependent. +.ie n .IP """iter"" (\fB\s-1OSSL_KDF_PARAM_ITER\s0\fR) " 4 +.el .IP "``iter'' (\fB\s-1OSSL_KDF_PARAM_ITER\s0\fR) " 4 +.IX Item "iter (OSSL_KDF_PARAM_ITER) " +Some \s-1KDF\s0 implementations require an iteration count. +For those \s-1KDF\s0 implementations that support it, this parameter sets the +iteration count. +.Sp +The default value, if any, is implementation dependent. +.ie n .IP """properties"" (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``properties'' (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "properties (OSSL_KDF_PARAM_PROPERTIES) " +.PD 0 +.ie n .IP """mac"" (\fB\s-1OSSL_KDF_PARAM_MAC\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``mac'' (\fB\s-1OSSL_KDF_PARAM_MAC\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "mac (OSSL_KDF_PARAM_MAC) " +.ie n .IP """digest"" (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``digest'' (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "digest (OSSL_KDF_PARAM_DIGEST) " +.ie n .IP """cipher"" (\fB\s-1OSSL_KDF_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``cipher'' (\fB\s-1OSSL_KDF_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "cipher (OSSL_KDF_PARAM_CIPHER) " +.PD +For \s-1KDF\s0 implementations that use an underlying computation \s-1MAC\s0, digest or +cipher, these parameters set what the algorithm should be. +.Sp +The value is always the name of the intended algorithm, +or the properties. +.Sp +Note that not all algorithms may support all possible underlying +implementations. +.ie n .IP """key"" (\fB\s-1OSSL_KDF_PARAM_KEY\s0\fR) " 4 +.el .IP "``key'' (\fB\s-1OSSL_KDF_PARAM_KEY\s0\fR) " 4 +.IX Item "key (OSSL_KDF_PARAM_KEY) " +Some \s-1KDF\s0 implementations require a key. +For those \s-1KDF\s0 implementations that support it, this octet string parameter +sets the key. +.ie n .IP """maclen"" (\fB\s-1OSSL_KDF_PARAM_MAC_SIZE\s0\fR) " 4 +.el .IP "``maclen'' (\fB\s-1OSSL_KDF_PARAM_MAC_SIZE\s0\fR) " 4 +.IX Item "maclen (OSSL_KDF_PARAM_MAC_SIZE) " +Used by implementations that use a \s-1MAC\s0 with a variable output size (\s-1KMAC\s0). +For those \s-1KDF\s0 implementations that support it, this parameter +sets the \s-1MAC\s0 output size. +.Sp +The default value, if any, is implementation dependent. +The length must never exceed what can be given with a \fBsize_t\fR. +.ie n .IP """maxmem_bytes"" (\fB\s-1OSSL_KDF_PARAM_SCRYPT_MAXMEM\s0\fR) " 4 +.el .IP "``maxmem_bytes'' (\fB\s-1OSSL_KDF_PARAM_SCRYPT_MAXMEM\s0\fR) " 4 +.IX Item "maxmem_bytes (OSSL_KDF_PARAM_SCRYPT_MAXMEM) " +Memory-hard password-based \s-1KDF\s0 algorithms, such as scrypt, use an amount of +memory that depends on the load factors provided as input. +For those \s-1KDF\s0 implementations that support it, this \fBuint64_t\fR parameter sets +an upper limit on the amount of memory that may be consumed while performing +a key derivation. +If this memory usage limit is exceeded because the load factors are chosen +too high, the key derivation will fail. +.Sp +The default value is implementation dependent. +The memory size must never exceed what can be given with a \fBsize_t\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_KDF_fetch()\fR returns a pointer to a newly fetched \fB\s-1EVP_KDF\s0\fR, or +\&\s-1NULL\s0 if allocation failed. +.PP +\&\fIEVP_KDF_provider()\fR returns a pointer to the provider for the \s-1KDF\s0, or +\&\s-1NULL\s0 on error. +.PP +\&\fIEVP_KDF_up_ref()\fR returns 1 on success, 0 on error. +.PP +\&\fIEVP_KDF_CTX_new()\fR returns either the newly allocated +\&\fB\s-1EVP_KDF_CTX\s0\fR structure or \s-1NULL\s0 if an error occurred. +.PP +\&\fIEVP_KDF_CTX_free()\fR and \fIEVP_KDF_reset()\fR do not return a value. +.PP +\&\fIEVP_KDF_size()\fR returns the output size. \fB\s-1SIZE_MAX\s0\fR is returned to indicate +that the algorithm produces a variable amount of output; 0 to indicate failure. +.PP +The remaining functions return 1 for success and 0 or a negative value for +failure. In particular, a return value of \-2 indicates the operation is not +supported by the \s-1KDF\s0 algorithm. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fIEVP_KDF\-SCRYPT\s0\fR\|(7) +\&\s-1\fIEVP_KDF\-TLS1_PRF\s0\fR\|(7) +\&\s-1\fIEVP_KDF\-PBKDF2\s0\fR\|(7) +\&\s-1\fIEVP_KDF\-HKDF\s0\fR\|(7) +\&\s-1\fIEVP_KDF\-SS\s0\fR\|(7) +\&\s-1\fIEVP_KDF\-SSHKDF\s0\fR\|(7) +\&\s-1\fIEVP_KDF\-X963\s0\fR\|(7) +\&\s-1\fIEVP_KDF\-X942\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +This functionality was added to OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_KEYEXCH_free.3 b/linux_amd64/ssl/share/man/man3/EVP_KEYEXCH_free.3 new file mode 100755 index 0000000..0f4bca6 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_KEYEXCH_free.3 @@ -0,0 +1,212 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_KEYEXCH_FREE 3" +.TH EVP_KEYEXCH_FREE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_KEYEXCH_fetch, EVP_KEYEXCH_free, EVP_KEYEXCH_up_ref, EVP_KEYEXCH_provider, +EVP_KEYEXCH_is_a, EVP_KEYEXCH_do_all_provided, +EVP_KEYEXCH_number, EVP_KEYEXCH_names_do_all +\&\- Functions to manage EVP_KEYEXCH algorithm objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EVP_KEYEXCH *EVP_KEYEXCH_fetch(OPENSSL_CTX *ctx, const char *algorithm, +\& const char *properties); +\& void EVP_KEYEXCH_free(EVP_KEYEXCH *exchange); +\& int EVP_KEYEXCH_up_ref(EVP_KEYEXCH *exchange); +\& OSSL_PROVIDER *EVP_KEYEXCH_provider(const EVP_KEYEXCH *exchange); +\& int EVP_KEYEXCH_is_a(const EVP_KEYEXCH *exchange, const char *name); +\& int EVP_KEYEXCH_number(const EVP_KEYEXCH *exchange); +\& void EVP_KEYEXCH_do_all_provided(OPENSSL_CTX *libctx, +\& void (*fn)(EVP_KEYEXCH *exchange, void *arg), +\& void *arg); +\& void EVP_KEYEXCH_names_do_all(const EVP_KEYEXCH *exchange, +\& void (*fn)(const char *name, void *data), +\& void *data); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIEVP_KEYEXCH_fetch()\fR fetches the key exchange implementation for the given +\&\fIalgorithm\fR from any provider offering it, within the criteria given +by the \fIproperties\fR. +See \*(L"Fetching algorithms\*(R" in \fIprovider\fR\|(7) for further information. +.PP +The returned value must eventually be freed with \fIEVP_KEYEXCH_free()\fR. +.PP +\&\fIEVP_KEYEXCH_free()\fR decrements the reference count for the \fB\s-1EVP_KEYEXCH\s0\fR +structure. Typically this structure will have been obtained from an earlier call +to \fIEVP_KEYEXCH_fetch()\fR. If the reference count drops to 0 then the +structure is freed. +.PP +\&\fIEVP_KEYEXCH_up_ref()\fR increments the reference count for an \fB\s-1EVP_KEYEXCH\s0\fR +structure. +.PP +\&\fIEVP_KEYEXCH_provider()\fR returns the provider that \fIexchange\fR was fetched from. +.PP +\&\fIEVP_KEYEXCH_is_a()\fR checks if \fIexchange\fR is an implementation of an +algorithm that's identifiable with \fIname\fR. +.PP +\&\fIEVP_KEYEXCH_number()\fR returns the internal dynamic number assigned to +the \fIexchange\fR. +.PP +\&\fIEVP_KEYEXCH_names_do_all()\fR traverses all names for the \fIexchange\fR, and +calls \fIfn\fR with each name and \fIdata\fR. +.PP +\&\fIEVP_KEYEXCH_do_all_provided()\fR traverses all key exchange implementations by +all activated providers in the library context \fIlibctx\fR, and for each +of the implementations, calls \fIfn\fR with the implementation method and +\&\fIdata\fR as arguments. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_KEYEXCH_fetch()\fR returns a pointer to a \fB\s-1EVP_KEYEXCH\s0\fR for success +or \s-1NULL\s0 for failure. +.PP +\&\fIEVP_KEYEXCH_up_ref()\fR returns 1 for success or 0 otherwise. +.PP +\&\fIEVP_KEYEXCH_is_a()\fR returns 1 of \fIexchange\fR was identifiable, +otherwise 0. +.PP +\&\fIEVP_KEYEXCH_number()\fR returns an integer. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\*(L"Fetching algorithms\*(R" in \fIprovider\fR\|(7), \s-1\fIOSSL_PROVIDER\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_KEYMGMT.3 b/linux_amd64/ssl/share/man/man3/EVP_KEYMGMT.3 new file mode 100755 index 0000000..99d337e --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_KEYMGMT.3 @@ -0,0 +1,236 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_KEYMGMT 3" +.TH EVP_KEYMGMT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_KEYMGMT, +EVP_KEYMGMT_fetch, +EVP_KEYMGMT_up_ref, +EVP_KEYMGMT_free, +EVP_KEYMGMT_provider, +EVP_KEYMGMT_is_a, +EVP_KEYMGMT_number, +EVP_KEYMGMT_do_all_provided, +EVP_KEYMGMT_names_do_all +\&\- EVP key management routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct evp_keymgmt_st EVP_KEYMGMT; +\& +\& EVP_KEYMGMT *EVP_KEYMGMT_fetch(OPENSSL_CTX *ctx, const char *algorithm, +\& const char *properties); +\& int EVP_KEYMGMT_up_ref(EVP_KEYMGMT *keymgmt); +\& void EVP_KEYMGMT_free(EVP_KEYMGMT *keymgmt); +\& const OSSL_PROVIDER *EVP_KEYMGMT_provider(const EVP_KEYMGMT *keymgmt); +\& int EVP_KEYMGMT_is_a(const EVP_KEYMGMT *keymgmt, const char *name); +\& int EVP_KEYMGMT_number(const EVP_KEYMGMT *keymgmt); +\& void EVP_KEYMGMT_do_all_provided(OPENSSL_CTX *libctx, +\& void (*fn)(EVP_KEYMGMT *keymgmt, void *arg), +\& void *arg); +\& void EVP_KEYMGMT_names_do_all(const EVP_KEYMGMT *keymgmt, +\& void (*fn)(const char *name, void *data), +\& void *data); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fB\s-1EVP_KEYMGMT\s0\fR is a method object that represents key management +implementations for different cryptographic algorithms. +This method object provides functionality to have providers import key +material from the outside, as well as export key material to the +outside. +Most of the functionality can only be used internally and has no +public interface, this object is simply passed into other functions +when needed. +.PP +\&\fIEVP_KEYMGMT_fetch()\fR looks for an algorithm within the provider that +has been loaded into the \fB\s-1OPENSSL_CTX\s0\fR given by \fIctx\fR, having the +name given by \fIalgorithm\fR and the properties given by \fIproperties\fR. +.PP +\&\fIEVP_KEYMGMT_up_ref()\fR increments the reference count for the given +\&\fB\s-1EVP_KEYMGMT\s0\fR \fIkeymgmt\fR. +.PP +\&\fIEVP_KEYMGMT_free()\fR decrements the reference count for the given +\&\fB\s-1EVP_KEYMGMT\s0\fR \fIkeymgmt\fR, and when the count reaches zero, frees it. +.PP +\&\fIEVP_KEYMGMT_provider()\fR returns the provider that has this particular +implementation. +.PP +\&\fIEVP_KEYMGMT_is_a()\fR checks if \fIkeymgmt\fR is an implementation of an +algorithm that's identifiable with \fIname\fR. +.PP +\&\fIEVP_KEYMGMT_number()\fR returns the internal dynamic number assigned to +the \fIkeymgmt\fR. +.PP +\&\fIEVP_KEYMGMT_names_do_all()\fR traverses all names for the \fIkeymgmt\fR, and +calls \fIfn\fR with each name and \fIdata\fR. +.PP +\&\fIEVP_KEYMGMT_do_all_provided()\fR traverses all key keymgmt implementations by +all activated providers in the library context \fIlibctx\fR, and for each +of the implementations, calls \fIfn\fR with the implementation method and +\&\fIdata\fR as arguments. +.SH "NOTES" +.IX Header "NOTES" +\&\fIEVP_KEYMGMT_fetch()\fR may be called implicitly by other fetching +functions, using the same library context and properties. +Any other \s-1API\s0 that uses keys will typically do this. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_KEYMGMT_fetch()\fR returns a pointer to the key management +implementation represented by an \s-1EVP_KEYMGMT\s0 object, or \s-1NULL\s0 on +error. +.PP +\&\fIEVP_KEYMGMT_up_ref()\fR returns 1 on success, or 0 on error. +.PP +\&\fIEVP_KEYMGMT_free()\fR doesn't return any value. +.PP +\&\fIEVP_KEYMGMT_provider()\fR returns a pointer to a provider object, or \s-1NULL\s0 +on error. +.PP +\&\fIEVP_KEYMGMT_is_a()\fR returns 1 of \fIkeymgmt\fR was identifiable, +otherwise 0. +.PP +\&\fIEVP_KEYMGMT_number()\fR returns an integer. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_MD_fetch\fR\|(3), \s-1\fIOPENSSL_CTX\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_MAC.3 b/linux_amd64/ssl/share/man/man3/EVP_MAC.3 new file mode 100755 index 0000000..3d2c7f5 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_MAC.3 @@ -0,0 +1,513 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_MAC 3" +.TH EVP_MAC 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_MAC, EVP_MAC_fetch, EVP_MAC_up_ref, EVP_MAC_free, +EVP_MAC_is_a, EVP_MAC_number, EVP_MAC_names_do_all, +EVP_MAC_provider, EVP_MAC_get_params, EVP_MAC_gettable_params, +EVP_MAC_CTX, EVP_MAC_CTX_new, EVP_MAC_CTX_free, EVP_MAC_CTX_dup, +EVP_MAC_CTX_mac, EVP_MAC_CTX_get_params, EVP_MAC_CTX_set_params, +EVP_MAC_size, EVP_MAC_init, EVP_MAC_update, EVP_MAC_final, +EVP_MAC_gettable_ctx_params, EVP_MAC_settable_ctx_params, +EVP_MAC_do_all_provided \- EVP MAC routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct evp_mac_st EVP_MAC; +\& typedef struct evp_mac_ctx_st EVP_MAC_CTX; +\& +\& EVP_MAC *EVP_MAC_fetch(OPENSSL_CTX *libctx, const char *algorithm, +\& const char *properties); +\& int EVP_MAC_up_ref(EVP_MAC *mac); +\& void EVP_MAC_free(EVP_MAC *mac); +\& int EVP_MAC_is_a(const EVP_MAC *mac, const char *name); +\& int EVP_MAC_number(const EVP_MAC *mac); +\& void EVP_MAC_names_do_all(const EVP_MAC *mac, +\& void (*fn)(const char *name, void *data), +\& void *data); +\& const OSSL_PROVIDER *EVP_MAC_provider(const EVP_MAC *mac); +\& int EVP_MAC_get_params(EVP_MAC *mac, OSSL_PARAM params[]); +\& +\& EVP_MAC_CTX *EVP_MAC_CTX_new(EVP_MAC *mac); +\& void EVP_MAC_CTX_free(EVP_MAC_CTX *ctx); +\& EVP_MAC_CTX *EVP_MAC_CTX_dup(const EVP_MAC_CTX *src); +\& EVP_MAC *EVP_MAC_CTX_mac(EVP_MAC_CTX *ctx); +\& int EVP_MAC_CTX_get_params(EVP_MAC_CTX *ctx, OSSL_PARAM params[]); +\& int EVP_MAC_CTX_set_params(EVP_MAC_CTX *ctx, const OSSL_PARAM params[]); +\& +\& size_t EVP_MAC_size(EVP_MAC_CTX *ctx); +\& int EVP_MAC_init(EVP_MAC_CTX *ctx); +\& int EVP_MAC_update(EVP_MAC_CTX *ctx, const unsigned char *data, size_t datalen); +\& int EVP_MAC_final(EVP_MAC_CTX *ctx, +\& unsigned char *out, size_t *outl, size_t outsize); +\& +\& const OSSL_PARAM *EVP_MAC_gettable_params(const EVP_MAC *mac); +\& const OSSL_PARAM *EVP_MAC_gettable_ctx_params(const EVP_MAC *mac); +\& const OSSL_PARAM *EVP_MAC_settable_ctx_params(const EVP_MAC *mac); +\& +\& void EVP_MAC_do_all_provided(OPENSSL_CTX *libctx, +\& void (*fn)(EVP_MAC *mac, void *arg), +\& void *arg); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These types and functions help the application to calculate MACs of +different types and with different underlying algorithms if there are +any. +.PP +MACs are a bit complex insofar that some of them use other algorithms +for actual computation. \s-1HMAC\s0 uses a digest, and \s-1CMAC\s0 uses a cipher. +Therefore, there are sometimes two contexts to keep track of, one for +the \s-1MAC\s0 algorithm itself and one for the underlying computation +algorithm if there is one. +.PP +To make things less ambiguous, this manual talks about a \*(L"context\*(R" or +\&\*(L"\s-1MAC\s0 context\*(R", which is to denote the \s-1MAC\s0 level context, and about a +\&\*(L"underlying context\*(R", or \*(L"computation context\*(R", which is to denote the +context for the underlying computation algorithm if there is one. +.SS "Types" +.IX Subsection "Types" +\&\fB\s-1EVP_MAC\s0\fR is a type that holds the implementation of a \s-1MAC\s0. +.PP +\&\fB\s-1EVP_MAC_CTX\s0\fR is a context type that holds internal \s-1MAC\s0 information +as well as a reference to a computation context, for those MACs that +rely on an underlying computation algorithm. +.SS "Algorithm implementation fetching" +.IX Subsection "Algorithm implementation fetching" +\&\fIEVP_MAC_fetch()\fR fetches an implementation of a \s-1MAC\s0 \fIalgorithm\fR, given +a library context \fIlibctx\fR and a set of \fIproperties\fR. +See \*(L"Fetching algorithms\*(R" in \fIprovider\fR\|(7) for further information. +.PP +The returned value must eventually be freed with +\&\fIEVP_MAC_free\fR\|(3). +.PP +\&\fIEVP_MAC_up_ref()\fR increments the reference count of an already fetched +\&\s-1MAC\s0. +.PP +\&\fIEVP_MAC_free()\fR frees a fetched algorithm. +\&\s-1NULL\s0 is a valid parameter, for which this function is a no-op. +.SS "Context manipulation functions" +.IX Subsection "Context manipulation functions" +\&\fIEVP_MAC_CTX_new()\fR creates a new context for the \s-1MAC\s0 type \fImac\fR. +The created context can then be used with most other functions +described here. +.PP +\&\fIEVP_MAC_CTX_free()\fR frees the contents of the context, including an +underlying context if there is one, as well as the context itself. +\&\s-1NULL\s0 is a valid parameter, for which this function is a no-op. +.PP +\&\fIEVP_MAC_CTX_dup()\fR duplicates the \fIsrc\fR context and returns a newly allocated +context. +.PP +\&\fIEVP_MAC_CTX_mac()\fR returns the \fB\s-1EVP_MAC\s0\fR associated with the context +\&\fIctx\fR. +.SS "Computing functions" +.IX Subsection "Computing functions" +\&\fIEVP_MAC_init()\fR sets up the underlying context with information given +through diverse controls. +This should be called before calling \fIEVP_MAC_update()\fR and +\&\fIEVP_MAC_final()\fR. +.PP +\&\fIEVP_MAC_update()\fR adds \fIdatalen\fR bytes from \fIdata\fR to the \s-1MAC\s0 input. +.PP +\&\fIEVP_MAC_final()\fR does the final computation and stores the result in +the memory pointed at by \fIout\fR of size \fIoutsize\fR, and sets the number +of bytes written in \fI*outl\fR at. +If \fIout\fR is \s-1NULL\s0 or \fIoutsize\fR is too small, then no computation +is made. +To figure out what the output length will be and allocate space for it +dynamically, simply call with \fIout\fR being \s-1NULL\s0 and \fIoutl\fR +pointing at a valid location, then allocate space and make a second +call with \fIout\fR pointing at the allocated space. +.PP +\&\fIEVP_MAC_get_params()\fR retrieves details about the implementation +\&\fImac\fR. +The set of parameters given with \fIparams\fR determine exactly what +parameters should be retrieved. +Note that a parameter that is unknown in the underlying context is +simply ignored. +.PP +\&\fIEVP_MAC_CTX_get_params()\fR retrieves chosen parameters, given the +context \fIctx\fR and its underlying context. +The set of parameters given with \fIparams\fR determine exactly what +parameters should be retrieved. +Note that a parameter that is unknown in the underlying context is +simply ignored. +.PP +\&\fIEVP_MAC_CTX_set_params()\fR passes chosen parameters to the underlying +context, given a context \fIctx\fR. +The set of parameters given with \fIparams\fR determine exactly what +parameters are passed down. +Note that a parameter that is unknown in the underlying context is +simply ignored. +Also, what happens when a needed parameter isn't passed down is +defined by the implementation. +.PP +\&\fIEVP_MAC_gettable_params()\fR, \fIEVP_MAC_gettable_ctx_params()\fR and +\&\fIEVP_MAC_settable_ctx_params()\fR get a constant \fB\s-1OSSL_PARAM\s0\fR array that +describes the retrievable and settable parameters, i.e. parameters that +can be used with \fIEVP_MAC_get_params()\fR, \fIEVP_MAC_CTX_get_params()\fR +and \fIEVP_MAC_CTX_set_params()\fR, respectively. +See \s-1\fIOSSL_PARAM\s0\fR\|(3) for the use of \fB\s-1OSSL_PARAM\s0\fR as parameter descriptor. +.SS "Information functions" +.IX Subsection "Information functions" +\&\fIEVP_MAC_size()\fR returns the \s-1MAC\s0 output size for the given context. +.PP +\&\fIEVP_MAC_is_a()\fR checks if the given \fImac\fR is an implementation of an +algorithm that's identifiable with \fIname\fR. +.PP +\&\fIEVP_MAC_provider()\fR returns the provider that holds the implementation +of the given \fImac\fR. +.PP +\&\fIEVP_MAC_do_all_provided()\fR traverses all \s-1MAC\s0 implemented by all activated +providers in the given library context \fIlibctx\fR, and for each of the +implementations, calls the given function \fIfn\fR with the implementation method +and the given \fIarg\fR as argument. +.PP +\&\fIEVP_MAC_number()\fR returns the internal dynamic number assigned to +\&\fImac\fR. +.PP +\&\fIEVP_MAC_names_do_all()\fR traverses all names for \fImac\fR, and calls +\&\fIfn\fR with each name and \fIdata\fR. +.SH "PARAMETERS" +.IX Header "PARAMETERS" +Parameters are identified by name as strings, and have an expected +data type and maximum size. +OpenSSL has a set of macros for parameter names it expects to see in +its own \s-1MAC\s0 implementations. +Here, we show all three, the OpenSSL macro for the parameter name, the +name in string form, and a type description. +.PP +The standard parameter names are: +.ie n .IP """key"" (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) " 4 +.el .IP "``key'' (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) " 4 +.IX Item "key (OSSL_MAC_PARAM_KEY) " +Its value is the \s-1MAC\s0 key as an array of bytes. +.Sp +For MACs that use an underlying computation algorithm, the algorithm +must be set first, see parameter names \*(L"algorithm\*(R" below. +.ie n .IP """iv"" (\fB\s-1OSSL_MAC_PARAM_IV\s0\fR) " 4 +.el .IP "``iv'' (\fB\s-1OSSL_MAC_PARAM_IV\s0\fR) " 4 +.IX Item "iv (OSSL_MAC_PARAM_IV) " +Some \s-1MAC\s0 implementations require an \s-1IV\s0, this parameter sets the \s-1IV\s0. +.ie n .IP """custom"" (\fB\s-1OSSL_MAC_PARAM_CUSTOM\s0\fR) " 4 +.el .IP "``custom'' (\fB\s-1OSSL_MAC_PARAM_CUSTOM\s0\fR) " 4 +.IX Item "custom (OSSL_MAC_PARAM_CUSTOM) " +Some \s-1MAC\s0 implementations (\s-1KMAC\s0, \s-1BLAKE2\s0) accept a Customization String, +this parameter sets the Customization String. The default value is the +empty string. +.ie n .IP """salt"" (\fB\s-1OSSL_MAC_PARAM_SALT\s0\fR) " 4 +.el .IP "``salt'' (\fB\s-1OSSL_MAC_PARAM_SALT\s0\fR) " 4 +.IX Item "salt (OSSL_MAC_PARAM_SALT) " +This option is used by \s-1BLAKE2\s0 \s-1MAC\s0. +.ie n .IP """xof"" (\fB\s-1OSSL_MAC_PARAM_XOF\s0\fR) " 4 +.el .IP "``xof'' (\fB\s-1OSSL_MAC_PARAM_XOF\s0\fR) " 4 +.IX Item "xof (OSSL_MAC_PARAM_XOF) " +It's a simple flag, the value 0 or 1 are expected. +.Sp +This option is used by \s-1KMAC\s0. +.ie n .IP """flags"" (\fB\s-1OSSL_MAC_PARAM_FLAGS\s0\fR) " 4 +.el .IP "``flags'' (\fB\s-1OSSL_MAC_PARAM_FLAGS\s0\fR) " 4 +.IX Item "flags (OSSL_MAC_PARAM_FLAGS) " +These will set the \s-1MAC\s0 flags to the given numbers. +Some MACs do not support this option. +.ie n .IP """properties"" (\fB\s-1OSSL_MAC_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``properties'' (\fB\s-1OSSL_MAC_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "properties (OSSL_MAC_PARAM_PROPERTIES) " +.PD 0 +.ie n .IP """digest"" (\fB\s-1OSSL_MAC_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``digest'' (\fB\s-1OSSL_MAC_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "digest (OSSL_MAC_PARAM_DIGEST) " +.ie n .IP """cipher"" (\fB\s-1OSSL_MAC_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``cipher'' (\fB\s-1OSSL_MAC_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "cipher (OSSL_MAC_PARAM_CIPHER) " +.PD +For \s-1MAC\s0 implementations that use an underlying computation cipher or +digest, these parameters set what the algorithm should be. +.Sp +The value is always the name of the intended algorithm, +or the properties. +.Sp +Note that not all algorithms may support all digests. +\&\s-1HMAC\s0 does not support variable output length digests such as \s-1SHAKE128\s0 +or \s-1SHAKE256\s0. +.ie n .IP """size"" (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) " 4 +.el .IP "``size'' (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) " 4 +.IX Item "size (OSSL_MAC_PARAM_SIZE) " +For \s-1MAC\s0 implementations that support it, set the output size that +\&\fIEVP_MAC_final()\fR should produce. +The allowed sizes vary between \s-1MAC\s0 implementations, but must never exceed +what can be given with a \fBsize_t\fR. +.PP +All these parameters should be used before the calls to any of +\&\fIEVP_MAC_init()\fR, \fIEVP_MAC_update()\fR and \fIEVP_MAC_final()\fR for a full +computation. +Anything else may give undefined results. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_MAC_fetch()\fR returns a pointer to a newly fetched \s-1EVP_MAC\s0, or +\&\s-1NULL\s0 if allocation failed. +.PP +\&\fIEVP_MAC_up_ref()\fR returns 1 on success, 0 on error. +.PP +\&\fIEVP_MAC_free()\fR returns nothing at all. +.PP +\&\fIEVP_MAC_is_a()\fR returns 1 if the given method can be identified with +the given name, otherwise 0. +.PP +\&\fIEVP_MAC_provider()\fR returns a pointer to the provider for the \s-1MAC\s0, or +\&\s-1NULL\s0 on error. +.PP +\&\fIEVP_MAC_CTX_new()\fR and \fIEVP_MAC_CTX_dup()\fR return a pointer to a newly +created \s-1EVP_MAC_CTX\s0, or \s-1NULL\s0 if allocation failed. +.PP +\&\fIEVP_MAC_CTX_free()\fR returns nothing at all. +.PP +\&\fIEVP_MAC_CTX_get_params()\fR and \fIEVP_MAC_CTX_set_params()\fR return 1 on +success, 0 on error. +.PP +\&\fIEVP_MAC_init()\fR, \fIEVP_MAC_update()\fR, and \fIEVP_MAC_final()\fR return 1 on success, 0 +on error. +.PP +\&\fIEVP_MAC_size()\fR returns the expected output size, or 0 if it isn't +set. +If it isn't set, a call to \fIEVP_MAC_init()\fR should get it set. +.PP +\&\fIEVP_MAC_do_all_provided()\fR returns nothing at all. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +.Vb 5 +\& #include +\& #include +\& #include +\& #include +\& #include +\& +\& #include +\& #include +\& #include +\& +\& int main() { +\& EVP_MAC *mac = EVP_MAC_fetch(NULL, getenv("MY_MAC"), NULL); +\& const char *cipher = getenv("MY_MAC_CIPHER"); +\& const char *digest = getenv("MY_MAC_DIGEST"); +\& const char *key = getenv("MY_KEY"); +\& EVP_MAC_CTX *ctx = NULL; +\& +\& unsigned char buf[4096]; +\& ssize_t read_l; +\& size_t final_l; +\& +\& size_t i; +\& +\& OSSL_PARAM params[4]; +\& size_t params_n = 0; +\& +\& if (cipher != NULL) +\& params[params_n++] = +\& OSSL_PARAM_construct_utf8_string("cipher", cipher, 0, NULL); +\& if (digest != NULL) +\& params[params_n++] = +\& OSSL_PARAM_construct_utf8_string("digest", digest, 0, NULL); +\& params[params_n++] = +\& OSSL_PARAM_construct_octet_string("key", key, strlen(key), NULL); +\& params[params_n] = OSSL_PARAM_construct_end(); +\& +\& if (mac == NULL +\& || key == NULL +\& || (ctx = EVP_MAC_CTX_new(mac)) == NULL +\& || EVP_MAC_CTX_set_params(ctx, params) <= 0) +\& goto err; +\& +\& if (!EVP_MAC_init(ctx)) +\& goto err; +\& +\& while ( (read_l = read(STDIN_FILENO, buf, sizeof(buf))) > 0) { +\& if (!EVP_MAC_update(ctx, buf, read_l)) +\& goto err; +\& } +\& +\& if (!EVP_MAC_final(ctx, buf, &final_l)) +\& goto err; +\& +\& printf("Result: "); +\& for (i = 0; i < final_l; i++) +\& printf("%02X", buf[i]); +\& printf("\en"); +\& +\& EVP_MAC_CTX_free(ctx); +\& EVP_MAC_free(mac); +\& exit(0); +\& +\& err: +\& EVP_MAC_CTX_free(ctx); +\& EVP_MAC_free(mac); +\& fprintf(stderr, "Something went wrong\en"); +\& ERR_print_errors_fp(stderr); +\& exit (1); +\& } +.Ve +.PP +A run of this program, called with correct environment variables, can +look like this: +.PP +.Vb 3 +\& $ MY_MAC=cmac MY_KEY=secret0123456789 MY_MAC_CIPHER=aes\-128\-cbc \e +\& LD_LIBRARY_PATH=. ./foo < foo.c +\& Result: C5C06683CD9DDEF904D754505C560A4E +.Ve +.PP +(in this example, that program was stored in \fIfoo.c\fR and compiled to +\&\fI./foo\fR) +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIproperty\fR\|(7) +\&\s-1\fIOSSL_PARAM\s0\fR\|(3), +\&\s-1\fIEVP_MAC\-BLAKE2\s0\fR\|(7), +\&\s-1\fIEVP_MAC\-CMAC\s0\fR\|(7), +\&\s-1\fIEVP_MAC\-GMAC\s0\fR\|(7), +\&\s-1\fIEVP_MAC\-HMAC\s0\fR\|(7), +\&\s-1\fIEVP_MAC\-KMAC\s0\fR\|(7), +\&\fIEVP_MAC\-Siphash\fR\|(7), +\&\fIEVP_MAC\-Poly1305\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_MD_meth_new.3 b/linux_amd64/ssl/share/man/man3/EVP_MD_meth_new.3 new file mode 100755 index 0000000..407066a --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_MD_meth_new.3 @@ -0,0 +1,307 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_MD_METH_NEW 3" +.TH EVP_MD_METH_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_MD_meth_new, EVP_MD_meth_dup, EVP_MD_meth_free, +EVP_MD_meth_set_input_blocksize, +EVP_MD_meth_set_result_size, EVP_MD_meth_set_app_datasize, +EVP_MD_meth_set_flags, EVP_MD_meth_set_init, EVP_MD_meth_set_update, +EVP_MD_meth_set_final, EVP_MD_meth_set_copy, EVP_MD_meth_set_cleanup, +EVP_MD_meth_set_ctrl, EVP_MD_meth_get_input_blocksize, +EVP_MD_meth_get_result_size, EVP_MD_meth_get_app_datasize, +EVP_MD_meth_get_flags, EVP_MD_meth_get_init, EVP_MD_meth_get_update, +EVP_MD_meth_get_final, EVP_MD_meth_get_copy, EVP_MD_meth_get_cleanup, +EVP_MD_meth_get_ctrl +\&\- Routines to build up legacy EVP_MD methods +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type); +\& void EVP_MD_meth_free(EVP_MD *md); +\& EVP_MD *EVP_MD_meth_dup(const EVP_MD *md); +\& +\& int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize); +\& int EVP_MD_meth_set_result_size(EVP_MD *md, int resultsize); +\& int EVP_MD_meth_set_app_datasize(EVP_MD *md, int datasize); +\& int EVP_MD_meth_set_flags(EVP_MD *md, unsigned long flags); +\& int EVP_MD_meth_set_init(EVP_MD *md, int (*init)(EVP_MD_CTX *ctx)); +\& int EVP_MD_meth_set_update(EVP_MD *md, int (*update)(EVP_MD_CTX *ctx, +\& const void *data, +\& size_t count)); +\& int EVP_MD_meth_set_final(EVP_MD *md, int (*final)(EVP_MD_CTX *ctx, +\& unsigned char *md)); +\& int EVP_MD_meth_set_copy(EVP_MD *md, int (*copy)(EVP_MD_CTX *to, +\& const EVP_MD_CTX *from)); +\& int EVP_MD_meth_set_cleanup(EVP_MD *md, int (*cleanup)(EVP_MD_CTX *ctx)); +\& int EVP_MD_meth_set_ctrl(EVP_MD *md, int (*ctrl)(EVP_MD_CTX *ctx, int cmd, +\& int p1, void *p2)); +\& +\& int EVP_MD_meth_get_input_blocksize(const EVP_MD *md); +\& int EVP_MD_meth_get_result_size(const EVP_MD *md); +\& int EVP_MD_meth_get_app_datasize(const EVP_MD *md); +\& unsigned long EVP_MD_meth_get_flags(const EVP_MD *md); +\& int (*EVP_MD_meth_get_init(const EVP_MD *md))(EVP_MD_CTX *ctx); +\& int (*EVP_MD_meth_get_update(const EVP_MD *md))(EVP_MD_CTX *ctx, +\& const void *data, +\& size_t count); +\& int (*EVP_MD_meth_get_final(const EVP_MD *md))(EVP_MD_CTX *ctx, +\& unsigned char *md); +\& int (*EVP_MD_meth_get_copy(const EVP_MD *md))(EVP_MD_CTX *to, +\& const EVP_MD_CTX *from); +\& int (*EVP_MD_meth_get_cleanup(const EVP_MD *md))(EVP_MD_CTX *ctx); +\& int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd, +\& int p1, void *p2); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1EVP_MD\s0\fR type is a structure for digest method implementation. +It can also have associated public/private key signing and verifying +routines. +.PP +\&\fIEVP_MD_meth_new()\fR creates a new \fB\s-1EVP_MD\s0\fR structure. +These \fB\s-1EVP_MD\s0\fR structures are reference counted. +.PP +\&\fIEVP_MD_meth_dup()\fR creates a copy of \fBmd\fR. +.PP +\&\fIEVP_MD_meth_free()\fR decrements the reference count for the \fB\s-1EVP_MD\s0\fR structure. +If the reference count drops to 0 then the structure is freed. +.PP +\&\fIEVP_MD_meth_set_input_blocksize()\fR sets the internal input block size +for the method \fBmd\fR to \fBblocksize\fR bytes. +.PP +\&\fIEVP_MD_meth_set_result_size()\fR sets the size of the result that the +digest method in \fBmd\fR is expected to produce to \fBresultsize\fR bytes. +.PP +The digest method may have its own private data, which OpenSSL will +allocate for it. \fIEVP_MD_meth_set_app_datasize()\fR should be used to +set the size for it to \fBdatasize\fR. +.PP +\&\fIEVP_MD_meth_set_flags()\fR sets the flags to describe optional +behaviours in the particular \fBmd\fR. Several flags can be or'd +together. The available flags are: +.IP "\s-1EVP_MD_FLAG_ONESHOT\s0" 4 +.IX Item "EVP_MD_FLAG_ONESHOT" +This digest method can only handle one block of input. +.IP "\s-1EVP_MD_FLAG_XOF\s0" 4 +.IX Item "EVP_MD_FLAG_XOF" +This digest method is an extensible-output function (\s-1XOF\s0) and supports +the \fB\s-1EVP_MD_CTRL_XOF_LEN\s0\fR control. +.IP "\s-1EVP_MD_FLAG_DIGALGID_NULL\s0" 4 +.IX Item "EVP_MD_FLAG_DIGALGID_NULL" +When setting up a DigestAlgorithmIdentifier, this flag will have the +parameter set to \s-1NULL\s0 by default. Use this for PKCS#1. \fINote: if +combined with \s-1EVP_MD_FLAG_DIGALGID_ABSENT\s0, the latter will override.\fR +.IP "\s-1EVP_MD_FLAG_DIGALGID_ABSENT\s0" 4 +.IX Item "EVP_MD_FLAG_DIGALGID_ABSENT" +When setting up a DigestAlgorithmIdentifier, this flag will have the +parameter be left absent by default. \fINote: if combined with +\&\s-1EVP_MD_FLAG_DIGALGID_NULL\s0, the latter will be overridden.\fR +.IP "\s-1EVP_MD_FLAG_DIGALGID_CUSTOM\s0" 4 +.IX Item "EVP_MD_FLAG_DIGALGID_CUSTOM" +Custom DigestAlgorithmIdentifier handling via ctrl, with +\&\fB\s-1EVP_MD_FLAG_DIGALGID_ABSENT\s0\fR as default. \fINote: if combined with +\&\s-1EVP_MD_FLAG_DIGALGID_NULL\s0, the latter will be overridden.\fR +Currently unused. +.IP "\s-1EVP_MD_FLAG_FIPS\s0" 4 +.IX Item "EVP_MD_FLAG_FIPS" +This digest method is suitable for use in \s-1FIPS\s0 mode. +Currently unused. +.PP +\&\fIEVP_MD_meth_set_init()\fR sets the digest init function for \fBmd\fR. +The digest init function is called by \fIEVP_Digest()\fR, \fIEVP_DigestInit()\fR, +\&\fIEVP_DigestInit_ex()\fR, EVP_SignInit, \fIEVP_SignInit_ex()\fR, \fIEVP_VerifyInit()\fR +and \fIEVP_VerifyInit_ex()\fR. +.PP +\&\fIEVP_MD_meth_set_update()\fR sets the digest update function for \fBmd\fR. +The digest update function is called by \fIEVP_Digest()\fR, \fIEVP_DigestUpdate()\fR and +\&\fIEVP_SignUpdate()\fR. +.PP +\&\fIEVP_MD_meth_set_final()\fR sets the digest final function for \fBmd\fR. +The digest final function is called by \fIEVP_Digest()\fR, \fIEVP_DigestFinal()\fR, +\&\fIEVP_DigestFinal_ex()\fR, \fIEVP_SignFinal()\fR and \fIEVP_VerifyFinal()\fR. +.PP +\&\fIEVP_MD_meth_set_copy()\fR sets the function for \fBmd\fR to do extra +computations after the method's private data structure has been copied +from one \fB\s-1EVP_MD_CTX\s0\fR to another. If all that's needed is to copy +the data, there is no need for this copy function. +Note that the copy function is passed two \fB\s-1EVP_MD_CTX\s0 *\fR, the private +data structure is then available with \fIEVP_MD_CTX_md_data()\fR. +This copy function is called by \fIEVP_MD_CTX_copy()\fR and +\&\fIEVP_MD_CTX_copy_ex()\fR. +.PP +\&\fIEVP_MD_meth_set_cleanup()\fR sets the function for \fBmd\fR to do extra +cleanup before the method's private data structure is cleaned out and +freed. +Note that the cleanup function is passed a \fB\s-1EVP_MD_CTX\s0 *\fR, the +private data structure is then available with \fIEVP_MD_CTX_md_data()\fR. +This cleanup function is called by \fIEVP_MD_CTX_reset()\fR and +\&\fIEVP_MD_CTX_free()\fR. +.PP +\&\fIEVP_MD_meth_set_ctrl()\fR sets the control function for \fBmd\fR. +See \fIEVP_MD_CTX_ctrl\fR\|(3) for the available controls. +.PP +\&\fIEVP_MD_meth_get_input_blocksize()\fR, \fIEVP_MD_meth_get_result_size()\fR, +\&\fIEVP_MD_meth_get_app_datasize()\fR, \fIEVP_MD_meth_get_flags()\fR, +\&\fIEVP_MD_meth_get_init()\fR, \fIEVP_MD_meth_get_update()\fR, +\&\fIEVP_MD_meth_get_final()\fR, \fIEVP_MD_meth_get_copy()\fR, +\&\fIEVP_MD_meth_get_cleanup()\fR and \fIEVP_MD_meth_get_ctrl()\fR are all used +to retrieve the method data given with the EVP_MD_meth_set_*() +functions above. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_MD_meth_new()\fR and \fIEVP_MD_meth_dup()\fR return a pointer to a newly +created \fB\s-1EVP_MD\s0\fR, or \s-1NULL\s0 on failure. +All EVP_MD_meth_set_*() functions return 1. +\&\fIEVP_MD_get_input_blocksize()\fR, \fIEVP_MD_meth_get_result_size()\fR, +\&\fIEVP_MD_meth_get_app_datasize()\fR and \fIEVP_MD_meth_get_flags()\fR return the +indicated sizes or flags. +All other EVP_CIPHER_meth_get_*() functions return pointers to their +respective \fBmd\fR function. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_DigestInit\fR\|(3), \fIEVP_SignInit\fR\|(3), \fIEVP_VerifyInit\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fB\s-1EVP_MD\s0\fR structure was openly available in OpenSSL before version +1.1. +The functions described here were added in OpenSSL 1.1. +The \fB\s-1EVP_MD\s0\fR structure created with these functions became reference +counted in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_OpenInit.3 b/linux_amd64/ssl/share/man/man3/EVP_OpenInit.3 new file mode 100755 index 0000000..13c67cc --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_OpenInit.3 @@ -0,0 +1,191 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_OPENINIT 3" +.TH EVP_OPENINIT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_OpenInit, EVP_OpenUpdate, EVP_OpenFinal \- EVP envelope decryption +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_OpenInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char *ek, +\& int ekl, unsigned char *iv, EVP_PKEY *priv); +\& int EVP_OpenUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, +\& int *outl, unsigned char *in, int inl); +\& int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP\s0 envelope routines are a high level interface to envelope +decryption. They decrypt a public key encrypted symmetric key and +then decrypt data using it. +.PP +\&\fIEVP_OpenInit()\fR initializes a cipher context \fBctx\fR for decryption +with cipher \fBtype\fR. It decrypts the encrypted symmetric key of length +\&\fBekl\fR bytes passed in the \fBek\fR parameter using the private key \fBpriv\fR. +The \s-1IV\s0 is supplied in the \fBiv\fR parameter. +.PP +\&\fIEVP_OpenUpdate()\fR and \fIEVP_OpenFinal()\fR have exactly the same properties +as the \fIEVP_DecryptUpdate()\fR and \fIEVP_DecryptFinal()\fR routines, as +documented on the \fIEVP_EncryptInit\fR\|(3) manual +page. +.SH "NOTES" +.IX Header "NOTES" +It is possible to call \fIEVP_OpenInit()\fR twice in the same way as +\&\fIEVP_DecryptInit()\fR. The first call should have \fBpriv\fR set to \s-1NULL\s0 +and (after setting any cipher parameters) it should be called again +with \fBtype\fR set to \s-1NULL\s0. +.PP +If the cipher passed in the \fBtype\fR parameter is a variable length +cipher then the key length will be set to the value of the recovered +key length. If the cipher is a fixed length cipher then the recovered +key length must match the fixed cipher length. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_OpenInit()\fR returns 0 on error or a non zero integer (actually the +recovered secret key size) if successful. +.PP +\&\fIEVP_OpenUpdate()\fR returns 1 for success or 0 for failure. +.PP +\&\fIEVP_OpenFinal()\fR returns 0 if the decrypt failed or 1 for success. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIevp\fR\|(7), \fIRAND_bytes\fR\|(3), +\&\fIEVP_EncryptInit\fR\|(3), +\&\fIEVP_SealInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_PKEY_ASN1_METHOD.3 b/linux_amd64/ssl/share/man/man3/EVP_PKEY_ASN1_METHOD.3 new file mode 100755 index 0000000..6e8a11b --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_PKEY_ASN1_METHOD.3 @@ -0,0 +1,579 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_ASN1_METHOD 3" +.TH EVP_PKEY_ASN1_METHOD 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_ASN1_METHOD, +EVP_PKEY_asn1_new, +EVP_PKEY_asn1_copy, +EVP_PKEY_asn1_free, +EVP_PKEY_asn1_add0, +EVP_PKEY_asn1_add_alias, +EVP_PKEY_asn1_set_public, +EVP_PKEY_asn1_set_private, +EVP_PKEY_asn1_set_param, +EVP_PKEY_asn1_set_free, +EVP_PKEY_asn1_set_ctrl, +EVP_PKEY_asn1_set_item, +EVP_PKEY_asn1_set_siginf, +EVP_PKEY_asn1_set_check, +EVP_PKEY_asn1_set_public_check, +EVP_PKEY_asn1_set_param_check, +EVP_PKEY_asn1_set_security_bits, +EVP_PKEY_asn1_set_set_priv_key, +EVP_PKEY_asn1_set_set_pub_key, +EVP_PKEY_asn1_set_get_priv_key, +EVP_PKEY_asn1_set_get_pub_key, +EVP_PKEY_get0_asn1 +\&\- manipulating and registering EVP_PKEY_ASN1_METHOD structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD; +\& +\& EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags, +\& const char *pem_str, +\& const char *info); +\& void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst, +\& const EVP_PKEY_ASN1_METHOD *src); +\& void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth); +\& int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth); +\& int EVP_PKEY_asn1_add_alias(int to, int from); +\& +\& void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*pub_decode) (EVP_PKEY *pk, +\& X509_PUBKEY *pub), +\& int (*pub_encode) (X509_PUBKEY *pub, +\& const EVP_PKEY *pk), +\& int (*pub_cmp) (const EVP_PKEY *a, +\& const EVP_PKEY *b), +\& int (*pub_print) (BIO *out, +\& const EVP_PKEY *pkey, +\& int indent, ASN1_PCTX *pctx), +\& int (*pkey_size) (const EVP_PKEY *pk), +\& int (*pkey_bits) (const EVP_PKEY *pk)); +\& void EVP_PKEY_asn1_set_private(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*priv_decode) (EVP_PKEY *pk, +\& const PKCS8_PRIV_KEY_INFO +\& *p8inf), +\& int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8, +\& const EVP_PKEY *pk), +\& int (*priv_print) (BIO *out, +\& const EVP_PKEY *pkey, +\& int indent, +\& ASN1_PCTX *pctx)); +\& void EVP_PKEY_asn1_set_param(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*param_decode) (EVP_PKEY *pkey, +\& const unsigned char **pder, +\& int derlen), +\& int (*param_encode) (const EVP_PKEY *pkey, +\& unsigned char **pder), +\& int (*param_missing) (const EVP_PKEY *pk), +\& int (*param_copy) (EVP_PKEY *to, +\& const EVP_PKEY *from), +\& int (*param_cmp) (const EVP_PKEY *a, +\& const EVP_PKEY *b), +\& int (*param_print) (BIO *out, +\& const EVP_PKEY *pkey, +\& int indent, +\& ASN1_PCTX *pctx)); +\& +\& void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth, +\& void (*pkey_free) (EVP_PKEY *pkey)); +\& void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*pkey_ctrl) (EVP_PKEY *pkey, int op, +\& long arg1, void *arg2)); +\& void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*item_verify) (EVP_MD_CTX *ctx, +\& const ASN1_ITEM *it, +\& void *asn, +\& X509_ALGOR *a, +\& ASN1_BIT_STRING *sig, +\& EVP_PKEY *pkey), +\& int (*item_sign) (EVP_MD_CTX *ctx, +\& const ASN1_ITEM *it, +\& void *asn, +\& X509_ALGOR *alg1, +\& X509_ALGOR *alg2, +\& ASN1_BIT_STRING *sig)); +\& +\& void EVP_PKEY_asn1_set_siginf(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*siginf_set) (X509_SIG_INFO *siginf, +\& const X509_ALGOR *alg, +\& const ASN1_STRING *sig)); +\& +\& void EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*pkey_check) (const EVP_PKEY *pk)); +\& +\& void EVP_PKEY_asn1_set_public_check(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*pkey_pub_check) (const EVP_PKEY *pk)); +\& +\& void EVP_PKEY_asn1_set_param_check(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*pkey_param_check) (const EVP_PKEY *pk)); +\& +\& void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*pkey_security_bits) (const EVP_PKEY +\& *pk)); +\& +\& void EVP_PKEY_asn1_set_set_priv_key(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*set_priv_key) (EVP_PKEY *pk, +\& const unsigned char +\& *priv, +\& size_t len)); +\& +\& void EVP_PKEY_asn1_set_set_pub_key(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*set_pub_key) (EVP_PKEY *pk, +\& const unsigned char *pub, +\& size_t len)); +\& +\& void EVP_PKEY_asn1_set_get_priv_key(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*get_priv_key) (const EVP_PKEY *pk, +\& unsigned char *priv, +\& size_t *len)); +\& +\& void EVP_PKEY_asn1_set_get_pub_key(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*get_pub_key) (const EVP_PKEY *pk, +\& unsigned char *pub, +\& size_t *len)); +\& +\& const EVP_PKEY_ASN1_METHOD *EVP_PKEY_get0_asn1(const EVP_PKEY *pkey); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR is a structure which holds a set of \s-1ASN\s0.1 +conversion, printing and information methods for a specific public key +algorithm. +.PP +There are two places where the \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR objects are +stored: one is a built-in array representing the standard methods for +different algorithms, and the other one is a stack of user-defined +application-specific methods, which can be manipulated by using +\&\fIEVP_PKEY_asn1_add0\fR\|(3). +.SS "Methods" +.IX Subsection "Methods" +The methods are the underlying implementations of a particular public +key algorithm present by the \fB\s-1EVP_PKEY\s0\fR object. +.PP +.Vb 5 +\& int (*pub_decode) (EVP_PKEY *pk, X509_PUBKEY *pub); +\& int (*pub_encode) (X509_PUBKEY *pub, const EVP_PKEY *pk); +\& int (*pub_cmp) (const EVP_PKEY *a, const EVP_PKEY *b); +\& int (*pub_print) (BIO *out, const EVP_PKEY *pkey, int indent, +\& ASN1_PCTX *pctx); +.Ve +.PP +The \fIpub_decode()\fR and \fIpub_encode()\fR methods are called to decode / +encode \fBX509_PUBKEY\fR \s-1ASN\s0.1 parameters to / from \fBpk\fR. +They \s-1MUST\s0 return 0 on error, 1 on success. +They're called by \fIX509_PUBKEY_get0\fR\|(3) and \fIX509_PUBKEY_set\fR\|(3). +.PP +The \fIpub_cmp()\fR method is called when two public keys are to be +compared. +It \s-1MUST\s0 return 1 when the keys are equal, 0 otherwise. +It's called by \fIEVP_PKEY_cmp\fR\|(3). +.PP +The \fIpub_print()\fR method is called to print a public key in humanly +readable text to \fBout\fR, indented \fBindent\fR spaces. +It \s-1MUST\s0 return 0 on error, 1 on success. +It's called by \fIEVP_PKEY_print_public\fR\|(3). +.PP +.Vb 4 +\& int (*priv_decode) (EVP_PKEY *pk, const PKCS8_PRIV_KEY_INFO *p8inf); +\& int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk); +\& int (*priv_print) (BIO *out, const EVP_PKEY *pkey, int indent, +\& ASN1_PCTX *pctx); +.Ve +.PP +The \fIpriv_decode()\fR and \fIpriv_encode()\fR methods are called to decode / +encode \fB\s-1PKCS8_PRIV_KEY_INFO\s0\fR form private key to / from \fBpk\fR. +They \s-1MUST\s0 return 0 on error, 1 on success. +They're called by \s-1\fIEVP_PKCS82PKEY\s0\fR\|(3) and \s-1\fIEVP_PKEY2PKCS8\s0\fR\|(3). +.PP +The \fIpriv_print()\fR method is called to print a private key in humanly +readable text to \fBout\fR, indented \fBindent\fR spaces. +It \s-1MUST\s0 return 0 on error, 1 on success. +It's called by \fIEVP_PKEY_print_private\fR\|(3). +.PP +.Vb 3 +\& int (*pkey_size) (const EVP_PKEY *pk); +\& int (*pkey_bits) (const EVP_PKEY *pk); +\& int (*pkey_security_bits) (const EVP_PKEY *pk); +.Ve +.PP +The \fIpkey_size()\fR method returns the key size in bytes. +It's called by \fIEVP_PKEY_size\fR\|(3). +.PP +The \fIpkey_bits()\fR method returns the key size in bits. +It's called by \fIEVP_PKEY_bits\fR\|(3). +.PP +.Vb 8 +\& int (*param_decode) (EVP_PKEY *pkey, +\& const unsigned char **pder, int derlen); +\& int (*param_encode) (const EVP_PKEY *pkey, unsigned char **pder); +\& int (*param_missing) (const EVP_PKEY *pk); +\& int (*param_copy) (EVP_PKEY *to, const EVP_PKEY *from); +\& int (*param_cmp) (const EVP_PKEY *a, const EVP_PKEY *b); +\& int (*param_print) (BIO *out, const EVP_PKEY *pkey, int indent, +\& ASN1_PCTX *pctx); +.Ve +.PP +The \fIparam_decode()\fR and \fIparam_encode()\fR methods are called to decode / +encode \s-1DER\s0 formatted parameters to / from \fBpk\fR. +They \s-1MUST\s0 return 0 on error, 1 on success. +They're called by \fIPEM_read_bio_Parameters\fR\|(3) and the \fBfile:\fR +\&\s-1\fIOSSL_STORE_LOADER\s0\fR\|(3). +.PP +The \fIparam_missing()\fR method returns 0 if a key parameter is missing, +otherwise 1. +It's called by \fIEVP_PKEY_missing_parameters\fR\|(3). +.PP +The \fIparam_copy()\fR method copies key parameters from \fBfrom\fR to \fBto\fR. +It \s-1MUST\s0 return 0 on error, 1 on success. +It's called by \fIEVP_PKEY_copy_parameters\fR\|(3). +.PP +The \fIparam_cmp()\fR method compares the parameters of keys \fBa\fR and \fBb\fR. +It \s-1MUST\s0 return 1 when the keys are equal, 0 when not equal, or a +negative number on error. +It's called by \fIEVP_PKEY_cmp_parameters\fR\|(3). +.PP +The \fIparam_print()\fR method prints the private key parameters in humanly +readable text to \fBout\fR, indented \fBindent\fR spaces. +It \s-1MUST\s0 return 0 on error, 1 on success. +It's called by \fIEVP_PKEY_print_params\fR\|(3). +.PP +.Vb 3 +\& int (*sig_print) (BIO *out, +\& const X509_ALGOR *sigalg, const ASN1_STRING *sig, +\& int indent, ASN1_PCTX *pctx); +.Ve +.PP +The \fIsig_print()\fR method prints a signature in humanly readable text to +\&\fBout\fR, indented \fBindent\fR spaces. +\&\fBsigalg\fR contains the exact signature algorithm. +If the signature in \fBsig\fR doesn't correspond to what this method +expects, \fIX509_signature_dump()\fR must be used as a last resort. +It \s-1MUST\s0 return 0 on error, 1 on success. +It's called by \fIX509_signature_print\fR\|(3). +.PP +.Vb 1 +\& void (*pkey_free) (EVP_PKEY *pkey); +.Ve +.PP +The \fIpkey_free()\fR method helps freeing the internals of \fBpkey\fR. +It's called by \fIEVP_PKEY_free\fR\|(3), \fIEVP_PKEY_set_type\fR\|(3), +\&\fIEVP_PKEY_set_type_str\fR\|(3), and \fIEVP_PKEY_assign\fR\|(3). +.PP +.Vb 1 +\& int (*pkey_ctrl) (EVP_PKEY *pkey, int op, long arg1, void *arg2); +.Ve +.PP +The \fIpkey_ctrl()\fR method adds extra algorithm specific control. +It's called by \fIEVP_PKEY_get_default_digest_nid\fR\|(3), +\&\fIEVP_PKEY_supports_digest_nid\fR\|(3), +\&\fIEVP_PKEY_set1_tls_encodedpoint\fR\|(3), +\&\fIEVP_PKEY_get1_tls_encodedpoint\fR\|(3), \fIPKCS7_SIGNER_INFO_set\fR\|(3), +\&\fIPKCS7_RECIP_INFO_set\fR\|(3), ... +.PP +.Vb 3 +\& int (*old_priv_decode) (EVP_PKEY *pkey, +\& const unsigned char **pder, int derlen); +\& int (*old_priv_encode) (const EVP_PKEY *pkey, unsigned char **pder); +.Ve +.PP +The \fIold_priv_decode()\fR and \fIold_priv_encode()\fR methods decode / encode +they private key \fBpkey\fR from / to a \s-1DER\s0 formatted array. +These are exclusively used to help decoding / encoding older (pre +PKCS#8) \s-1PEM\s0 formatted encrypted private keys. +\&\fIold_priv_decode()\fR \s-1MUST\s0 return 0 on error, 1 on success. +\&\fIold_priv_encode()\fR \s-1MUST\s0 the return same kind of values as +\&\fIi2d_PrivateKey()\fR. +They're called by \fId2i_PrivateKey\fR\|(3) and \fIi2d_PrivateKey\fR\|(3). +.PP +.Vb 5 +\& int (*item_verify) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, +\& X509_ALGOR *a, ASN1_BIT_STRING *sig, EVP_PKEY *pkey); +\& int (*item_sign) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, +\& X509_ALGOR *alg1, X509_ALGOR *alg2, +\& ASN1_BIT_STRING *sig); +.Ve +.PP +The \fIitem_sign()\fR and \fIitem_verify()\fR methods make it possible to have +algorithm specific signatures and verification of them. +.PP +\&\fIitem_sign()\fR \s-1MUST\s0 return one of: +.IP "<=0" 4 +.IX Item "<=0" +error +.IP "1" 4 +.IX Item "1" +\&\fIitem_sign()\fR did everything, OpenSSL internals just needs to pass the +signature length back. +.IP "2" 4 +.IX Item "2" +\&\fIitem_sign()\fR did nothing, OpenSSL internal standard routines are +expected to continue with the default signature production. +.IP "3" 4 +.IX Item "3" +\&\fIitem_sign()\fR set the algorithm identifier \fBalgor1\fR and \fBalgor2\fR, +OpenSSL internals should just sign using those algorithms. +.PP +\&\fIitem_verify()\fR \s-1MUST\s0 return one of: +.IP "<=0" 4 +.IX Item "<=0" +error +.IP "1" 4 +.IX Item "1" +\&\fIitem_sign()\fR did everything, OpenSSL internals just needs to pass the +signature length back. +.IP "2" 4 +.IX Item "2" +\&\fIitem_sign()\fR did nothing, OpenSSL internal standard routines are +expected to continue with the default signature production. +.PP +\&\fIitem_verify()\fR and \fIitem_sign()\fR are called by \fIASN1_item_verify\fR\|(3) and +\&\fIASN1_item_sign\fR\|(3), and by extension, \fIX509_verify\fR\|(3), +\&\fIX509_REQ_verify\fR\|(3), \fIX509_sign\fR\|(3), \fIX509_REQ_sign\fR\|(3), ... +.PP +.Vb 2 +\& int (*siginf_set) (X509_SIG_INFO *siginf, const X509_ALGOR *alg, +\& const ASN1_STRING *sig); +.Ve +.PP +The \fIsiginf_set()\fR method is used to set custom \fBX509_SIG_INFO\fR +parameters. +It \s-1MUST\s0 return 0 on error, or 1 on success. +It's called as part of \fIX509_check_purpose\fR\|(3), \fIX509_check_ca\fR\|(3) +and \fIX509_check_issued\fR\|(3). +.PP +.Vb 3 +\& int (*pkey_check) (const EVP_PKEY *pk); +\& int (*pkey_public_check) (const EVP_PKEY *pk); +\& int (*pkey_param_check) (const EVP_PKEY *pk); +.Ve +.PP +The \fIpkey_check()\fR, \fIpkey_public_check()\fR and \fIpkey_param_check()\fR methods are used +to check the validity of \fBpk\fR for key-pair, public component and parameters, +respectively. +They \s-1MUST\s0 return 0 for an invalid key, or 1 for a valid key. +They are called by \fIEVP_PKEY_check\fR\|(3), \fIEVP_PKEY_public_check\fR\|(3) and +\&\fIEVP_PKEY_param_check\fR\|(3) respectively. +.PP +.Vb 2 +\& int (*set_priv_key) (EVP_PKEY *pk, const unsigned char *priv, size_t len); +\& int (*set_pub_key) (EVP_PKEY *pk, const unsigned char *pub, size_t len); +.Ve +.PP +The \fIset_priv_key()\fR and \fIset_pub_key()\fR methods are used to set the raw private and +public key data for an \s-1EVP_PKEY\s0. They \s-1MUST\s0 return 0 on error, or 1 on success. +They are called by \fIEVP_PKEY_new_raw_private_key\fR\|(3), and +\&\fIEVP_PKEY_new_raw_public_key\fR\|(3) respectively. +.PP +.Vb 2 +\& size_t (*dirty) (const EVP_PKEY *pk); +\& void *(*export_to) (const EVP_PKEY *pk, EVP_KEYMGMT *keymgmt); +.Ve +.PP +\&\fIdirty_cnt()\fR returns the internal key's dirty count. +This can be used to synchronise different copies of the same keys. +.PP +The \fIexport_to()\fR method exports the key material from the given key to +a provider, through the \s-1\fIEVP_KEYMGMT\s0\fR\|(3) interface, if that provider +supports importing key material. +.SS "Functions" +.IX Subsection "Functions" +\&\fIEVP_PKEY_asn1_new()\fR creates and returns a new \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR +object, and associates the given \fBid\fR, \fBflags\fR, \fBpem_str\fR and +\&\fBinfo\fR. +\&\fBid\fR is a \s-1NID\s0, \fBpem_str\fR is the \s-1PEM\s0 type string, \fBinfo\fR is a +descriptive string. +The following \fBflags\fR are supported: +.PP +.Vb 1 +\& ASN1_PKEY_SIGPARAM_NULL +.Ve +.PP +If \fB\s-1ASN1_PKEY_SIGPARAM_NULL\s0\fR is set, then the signature algorithm +parameters are given the type \fBV_ASN1_NULL\fR by default, otherwise +they will be given the type \fBV_ASN1_UNDEF\fR (i.e. the parameter is +omitted). +See \fIX509_ALGOR_set0\fR\|(3) for more information. +.PP +\&\fIEVP_PKEY_asn1_copy()\fR copies an \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR object from +\&\fBsrc\fR to \fBdst\fR. +This function is not thread safe, it's recommended to only use this +when initializing the application. +.PP +\&\fIEVP_PKEY_asn1_free()\fR frees an existing \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR pointed +by \fBameth\fR. +.PP +\&\fIEVP_PKEY_asn1_add0()\fR adds \fBameth\fR to the user defined stack of +methods unless another \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR with the same \s-1NID\s0 is +already there. +This function is not thread safe, it's recommended to only use this +when initializing the application. +.PP +\&\fIEVP_PKEY_asn1_add_alias()\fR creates an alias with the \s-1NID\s0 \fBto\fR for the +\&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR with \s-1NID\s0 \fBfrom\fR unless another +\&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR with the same \s-1NID\s0 is already added. +This function is not thread safe, it's recommended to only use this +when initializing the application. +.PP +\&\fIEVP_PKEY_asn1_set_public()\fR, \fIEVP_PKEY_asn1_set_private()\fR, +\&\fIEVP_PKEY_asn1_set_param()\fR, \fIEVP_PKEY_asn1_set_free()\fR, +\&\fIEVP_PKEY_asn1_set_ctrl()\fR, \fIEVP_PKEY_asn1_set_item()\fR, +\&\fIEVP_PKEY_asn1_set_siginf()\fR, \fIEVP_PKEY_asn1_set_check()\fR, +\&\fIEVP_PKEY_asn1_set_public_check()\fR, \fIEVP_PKEY_asn1_set_param_check()\fR, +\&\fIEVP_PKEY_asn1_set_security_bits()\fR, \fIEVP_PKEY_asn1_set_set_priv_key()\fR, +\&\fIEVP_PKEY_asn1_set_set_pub_key()\fR, \fIEVP_PKEY_asn1_set_get_priv_key()\fR and +\&\fIEVP_PKEY_asn1_set_get_pub_key()\fR set the diverse methods of the given +\&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR object. +.PP +\&\fIEVP_PKEY_get0_asn1()\fR finds the \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR associated +with the key \fBpkey\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_PKEY_asn1_new()\fR returns \s-1NULL\s0 on error, or a pointer to an +\&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR object otherwise. +.PP +\&\fIEVP_PKEY_asn1_add0()\fR and \fIEVP_PKEY_asn1_add_alias()\fR return 0 on error, +or 1 on success. +.PP +\&\fIEVP_PKEY_get0_asn1()\fR returns \s-1NULL\s0 on error, or a pointer to a constant +\&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR object otherwise. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_PKEY_CTX_ctrl.3 b/linux_amd64/ssl/share/man/man3/EVP_PKEY_CTX_ctrl.3 new file mode 100755 index 0000000..4153901 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_PKEY_CTX_ctrl.3 @@ -0,0 +1,734 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_CTX_CTRL 3" +.TH EVP_PKEY_CTX_CTRL 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_CTX_get_params, +EVP_PKEY_CTX_gettable_params, +EVP_PKEY_CTX_set_params, +EVP_PKEY_CTX_settable_params, +EVP_PKEY_CTX_ctrl, +EVP_PKEY_CTX_ctrl_str, +EVP_PKEY_CTX_ctrl_uint64, +EVP_PKEY_CTX_md, +EVP_PKEY_CTX_set_signature_md, +EVP_PKEY_CTX_get_signature_md, +EVP_PKEY_CTX_set_mac_key, +EVP_PKEY_CTX_set_rsa_padding, +EVP_PKEY_CTX_get_rsa_padding, +EVP_PKEY_CTX_set_rsa_pss_saltlen, +EVP_PKEY_CTX_get_rsa_pss_saltlen, +EVP_PKEY_CTX_set_rsa_keygen_bits, +EVP_PKEY_CTX_set_rsa_keygen_pubexp, +EVP_PKEY_CTX_set_rsa_keygen_primes, +EVP_PKEY_CTX_set_rsa_mgf1_md_name, +EVP_PKEY_CTX_set_rsa_mgf1_md, +EVP_PKEY_CTX_get_rsa_mgf1_md, +EVP_PKEY_CTX_get_rsa_mgf1_md_name, +EVP_PKEY_CTX_set_rsa_oaep_md_name, +EVP_PKEY_CTX_set_rsa_oaep_md, +EVP_PKEY_CTX_get_rsa_oaep_md, +EVP_PKEY_CTX_get_rsa_oaep_md_name, +EVP_PKEY_CTX_set0_rsa_oaep_label, +EVP_PKEY_CTX_get0_rsa_oaep_label, +EVP_PKEY_CTX_set_dsa_paramgen_bits, +EVP_PKEY_CTX_set_dsa_paramgen_q_bits, +EVP_PKEY_CTX_set_dsa_paramgen_md, +EVP_PKEY_CTX_set_dh_paramgen_prime_len, +EVP_PKEY_CTX_set_dh_paramgen_subprime_len, +EVP_PKEY_CTX_set_dh_paramgen_generator, +EVP_PKEY_CTX_set_dh_paramgen_type, +EVP_PKEY_CTX_set_dh_rfc5114, +EVP_PKEY_CTX_set_dhx_rfc5114, +EVP_PKEY_CTX_set_dh_pad, +EVP_PKEY_CTX_set_dh_nid, +EVP_PKEY_CTX_set_dh_kdf_type, +EVP_PKEY_CTX_get_dh_kdf_type, +EVP_PKEY_CTX_set0_dh_kdf_oid, +EVP_PKEY_CTX_get0_dh_kdf_oid, +EVP_PKEY_CTX_set_dh_kdf_md, +EVP_PKEY_CTX_get_dh_kdf_md, +EVP_PKEY_CTX_set_dh_kdf_outlen, +EVP_PKEY_CTX_get_dh_kdf_outlen, +EVP_PKEY_CTX_set0_dh_kdf_ukm, +EVP_PKEY_CTX_get0_dh_kdf_ukm, +EVP_PKEY_CTX_set_ec_paramgen_curve_nid, +EVP_PKEY_CTX_set_ec_param_enc, +EVP_PKEY_CTX_set_ecdh_cofactor_mode, +EVP_PKEY_CTX_get_ecdh_cofactor_mode, +EVP_PKEY_CTX_set_ecdh_kdf_type, +EVP_PKEY_CTX_get_ecdh_kdf_type, +EVP_PKEY_CTX_set_ecdh_kdf_md, +EVP_PKEY_CTX_get_ecdh_kdf_md, +EVP_PKEY_CTX_set_ecdh_kdf_outlen, +EVP_PKEY_CTX_get_ecdh_kdf_outlen, +EVP_PKEY_CTX_set0_ecdh_kdf_ukm, +EVP_PKEY_CTX_get0_ecdh_kdf_ukm, +EVP_PKEY_CTX_set1_id, EVP_PKEY_CTX_get1_id, EVP_PKEY_CTX_get1_id_len +\&\- algorithm specific control operations +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_CTX_get_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params); +\& const OSSL_PARAM *EVP_PKEY_CTX_gettable_params(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_CTX_set_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params); +\& const OSSL_PARAM *EVP_PKEY_CTX_settable_params(EVP_PKEY_CTX *ctx); +\& +\& int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, +\& int cmd, int p1, void *p2); +\& int EVP_PKEY_CTX_ctrl_uint64(EVP_PKEY_CTX *ctx, int keytype, int optype, +\& int cmd, uint64_t value); +\& int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, +\& const char *value); +\& +\& int EVP_PKEY_CTX_md(EVP_PKEY_CTX *ctx, int optype, int cmd, const char *md); +\& +\& int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); +\& int EVP_PKEY_CTX_get_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD **pmd); +\& +\& int EVP_PKEY_CTX_set_mac_key(EVP_PKEY_CTX *ctx, const unsigned char *key, +\& int len); +\& +\& #include +\& +\& int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int pad); +\& int EVP_PKEY_CTX_get_rsa_padding(EVP_PKEY_CTX *ctx, int *pad); +\& int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int saltlen); +\& int EVP_PKEY_CTX_get_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int *saltlen); +\& int EVP_PKEY_CTX_set_rsa_keygen_bits(EVP_PKEY_CTX *ctx, int mbits); +\& int EVP_PKEY_CTX_set_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *pubexp); +\& int EVP_PKEY_CTX_set_rsa_keygen_primes(EVP_PKEY_CTX *ctx, int primes); +\& int EVP_PKEY_CTX_set_rsa_mgf1_md_name(EVP_PKEY_CTX *ctx, const char *mdname, +\& const char *mdprops); +\& int EVP_PKEY_CTX_set_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); +\& int EVP_PKEY_CTX_get_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD **md); +\& int EVP_PKEY_CTX_get_rsa_mgf1_md_name(EVP_PKEY_CTX *ctx, char *name, +\& size_t namelen); +\& int EVP_PKEY_CTX_set_rsa_oaep_md_name(EVP_PKEY_CTX *ctx, const char *mdname, +\& const char *mdprops); +\& int EVP_PKEY_CTX_set_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); +\& int EVP_PKEY_CTX_get_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD **md); +\& int EVP_PKEY_CTX_get_rsa_oaep_md_name(EVP_PKEY_CTX *ctx, char *name, +\& size_t namelen) +\& int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char *label, int len); +\& int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label); +\& +\& #include +\& +\& int EVP_PKEY_CTX_set_dsa_paramgen_bits(EVP_PKEY_CTX *ctx, int nbits); +\& int EVP_PKEY_CTX_set_dsa_paramgen_q_bits(EVP_PKEY_CTX *ctx, int qbits); +\& int EVP_PKEY_CTX_set_dsa_paramgen_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); +\& +\& #include +\& +\& int EVP_PKEY_CTX_set_dh_paramgen_prime_len(EVP_PKEY_CTX *ctx, int len); +\& int EVP_PKEY_CTX_set_dh_paramgen_subprime_len(EVP_PKEY_CTX *ctx, int len); +\& int EVP_PKEY_CTX_set_dh_paramgen_generator(EVP_PKEY_CTX *ctx, int gen); +\& int EVP_PKEY_CTX_set_dh_paramgen_type(EVP_PKEY_CTX *ctx, int type); +\& int EVP_PKEY_CTX_set_dh_pad(EVP_PKEY_CTX *ctx, int pad); +\& int EVP_PKEY_CTX_set_dh_nid(EVP_PKEY_CTX *ctx, int nid); +\& int EVP_PKEY_CTX_set_dh_rfc5114(EVP_PKEY_CTX *ctx, int rfc5114); +\& int EVP_PKEY_CTX_set_dhx_rfc5114(EVP_PKEY_CTX *ctx, int rfc5114); +\& int EVP_PKEY_CTX_set_dh_kdf_type(EVP_PKEY_CTX *ctx, int kdf); +\& int EVP_PKEY_CTX_get_dh_kdf_type(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_CTX_set0_dh_kdf_oid(EVP_PKEY_CTX *ctx, ASN1_OBJECT *oid); +\& int EVP_PKEY_CTX_get0_dh_kdf_oid(EVP_PKEY_CTX *ctx, ASN1_OBJECT **oid); +\& int EVP_PKEY_CTX_set_dh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); +\& int EVP_PKEY_CTX_get_dh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD **md); +\& int EVP_PKEY_CTX_set_dh_kdf_outlen(EVP_PKEY_CTX *ctx, int len); +\& int EVP_PKEY_CTX_get_dh_kdf_outlen(EVP_PKEY_CTX *ctx, int *len); +\& int EVP_PKEY_CTX_set0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char *ukm, int len); +\& int EVP_PKEY_CTX_get0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm); +\& +\& #include +\& +\& int EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx, int nid); +\& int EVP_PKEY_CTX_set_ec_param_enc(EVP_PKEY_CTX *ctx, int param_enc); +\& int EVP_PKEY_CTX_set_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx, int cofactor_mode); +\& int EVP_PKEY_CTX_get_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_CTX_set_ecdh_kdf_type(EVP_PKEY_CTX *ctx, int kdf); +\& int EVP_PKEY_CTX_get_ecdh_kdf_type(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_CTX_set_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); +\& int EVP_PKEY_CTX_get_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD **md); +\& int EVP_PKEY_CTX_set_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int len); +\& int EVP_PKEY_CTX_get_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int *len); +\& int EVP_PKEY_CTX_set0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char *ukm, int len); +\& int EVP_PKEY_CTX_get0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm); +\& +\& int EVP_PKEY_CTX_set1_id(EVP_PKEY_CTX *ctx, void *id, size_t id_len); +\& int EVP_PKEY_CTX_get1_id(EVP_PKEY_CTX *ctx, void *id); +\& int EVP_PKEY_CTX_get1_id_len(EVP_PKEY_CTX *ctx, size_t *id_len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fIEVP_PKEY_CTX_get_params()\fR and \fIEVP_PKEY_CTX_set_params()\fR functions get and +send arbitrary parameters from and to the algorithm implementation respectively. +Not all parameters may be supported by all providers. +See \s-1\fIOSSL_PROVIDER\s0\fR\|(3) for more information on providers. +See \s-1\fIOSSL_PARAM\s0\fR\|(3) for more information on parameters. +These functions must only be called after the \s-1EVP_PKEY_CTX\s0 has been initialised +for use in an operation. +.PP +The parameters currently supported by the default provider are: +.ie n .IP """pad"" (\fB\s-1OSSL_EXCHANGE_PARAM_PAD\s0\fR) " 4 +.el .IP "``pad'' (\fB\s-1OSSL_EXCHANGE_PARAM_PAD\s0\fR) " 4 +.IX Item "pad (OSSL_EXCHANGE_PARAM_PAD) " +Sets the \s-1DH\s0 padding mode. +If \fB\s-1OSSL_EXCHANGE_PARAM_PAD\s0\fR is 1 then the shared secret is padded with zeros +up to the size of the \s-1DH\s0 prime \fIp\fR. +If \fB\s-1OSSL_EXCHANGE_PARAM_PAD\s0\fR is zero (the default) then no padding is +performed. +.ie n .IP """digest"" (\fB\s-1OSSL_SIGNATURE_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``digest'' (\fB\s-1OSSL_SIGNATURE_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "digest (OSSL_SIGNATURE_PARAM_DIGEST) " +Gets and sets the name of the digest algorithm used for the input to the +signature functions. +.ie n .IP """digest-size"" (\fB\s-1OSSL_SIGNATURE_PARAM_DIGEST_SIZE\s0\fR) " 4 +.el .IP "``digest-size'' (\fB\s-1OSSL_SIGNATURE_PARAM_DIGEST_SIZE\s0\fR) " 4 +.IX Item "digest-size (OSSL_SIGNATURE_PARAM_DIGEST_SIZE) " +Gets and sets the output size of the digest algorithm used for the input to the +signature functions. +The length of the \*(L"digest-size\*(R" parameter should not exceed that of a \fBsize_t\fR. +The internal algorithm that supports this parameter is \s-1DSA\s0. +.PP +\&\fIEVP_PKEY_CTX_gettable_params()\fR and \fIEVP_PKEY_CTX_settable_params()\fR gets a +constant \fB\s-1OSSL_PARAM\s0\fR array that describes the gettable and +settable parameters for the current algorithm implementation, i.e. parameters +that can be used with \fIEVP_PKEY_CTX_get_params()\fR and \fIEVP_PKEY_CTX_set_params()\fR +respectively. +See \s-1\fIOSSL_PARAM\s0\fR\|(3) for the use of \fB\s-1OSSL_PARAM\s0\fR as parameter descriptor. +These functions must only be called after the \s-1EVP_PKEY_CTX\s0 has been initialised +for use in an operation. +.PP +The function \fIEVP_PKEY_CTX_ctrl()\fR sends a control operation to the context +\&\fIctx\fR. The key type used must match \fIkeytype\fR if it is not \-1. The parameter +\&\fIoptype\fR is a mask indicating which operations the control can be applied to. +The control command is indicated in \fIcmd\fR and any additional arguments in +\&\fIp1\fR and \fIp2\fR. +.PP +For \fIcmd\fR = \fB\s-1EVP_PKEY_CTRL_SET_MAC_KEY\s0\fR, \fIp1\fR is the length of the \s-1MAC\s0 key, +and \fIp2\fR is the \s-1MAC\s0 key. This is used by Poly1305, SipHash, \s-1HMAC\s0 and \s-1CMAC\s0. +.PP +Applications will not normally call \fIEVP_PKEY_CTX_ctrl()\fR directly but will +instead call one of the algorithm specific macros below. +.PP +The function \fIEVP_PKEY_CTX_ctrl_uint64()\fR is a wrapper that directly passes a +uint64 value as \fIp2\fR to \fIEVP_PKEY_CTX_ctrl()\fR. +.PP +The function \fIEVP_PKEY_CTX_ctrl_str()\fR allows an application to send an algorithm +specific control operation to a context \fIctx\fR in string form. This is +intended to be used for options specified on the command line or in text +files. The commands supported are documented in the openssl utility +command line pages for the option \fI\-pkeyopt\fR which is supported by the +\&\fIpkeyutl\fR, \fIgenpkey\fR and \fIreq\fR commands. +.PP +The function \fIEVP_PKEY_CTX_md()\fR sends a message digest control operation +to the context \fIctx\fR. The message digest is specified by its name \fImd\fR. +.PP +The \fIEVP_PKEY_CTX_set_signature_md()\fR function sets the message digest type used +in a signature. It can be used in the \s-1RSA\s0, \s-1DSA\s0 and \s-1ECDSA\s0 algorithms. +.PP +The \fIEVP_PKEY_CTX_get_signature_md()\fR function gets the message digest type used +in a signature. It can be used in the \s-1RSA\s0, \s-1DSA\s0 and \s-1ECDSA\s0 algorithms. +.PP +All the remaining \*(L"functions\*(R" are implemented as macros. +.PP +Key generation typically involves setting up parameters to be used and +generating the private and public key data. Some algorithm implementations +allow private key data to be set explicitly using the \fIEVP_PKEY_CTX_set_mac_key()\fR +macro. In this case key generation is simply the process of setting up the +parameters for the key and then setting the raw key data to the value explicitly +provided by that macro. Normally applications would call +\&\fIEVP_PKEY_new_raw_private_key\fR\|(3) or similar functions instead of this macro. +.PP +The \fIEVP_PKEY_CTX_set_mac_key()\fR macro can be used with any of the algorithms +supported by the \fIEVP_PKEY_new_raw_private_key\fR\|(3) function. +.SS "\s-1RSA\s0 parameters" +.IX Subsection "RSA parameters" +The \fIEVP_PKEY_CTX_set_rsa_padding()\fR function sets the \s-1RSA\s0 padding mode for \fIctx\fR. +The \fIpad\fR parameter can take the value \fB\s-1RSA_PKCS1_PADDING\s0\fR for PKCS#1 +padding, \fB\s-1RSA_SSLV23_PADDING\s0\fR for SSLv23 padding, \fB\s-1RSA_NO_PADDING\s0\fR for +no padding, \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR for \s-1OAEP\s0 padding (encrypt and +decrypt only), \fB\s-1RSA_X931_PADDING\s0\fR for X9.31 padding (signature operations +only), \fB\s-1RSA_PKCS1_PSS_PADDING\s0\fR (sign and verify only) and +\&\fB\s-1RSA_PKCS1_WITH_TLS_PADDING\s0\fR for \s-1TLS\s0 \s-1RSA\s0 ClientKeyExchange message padding +(decryption only). +.PP +Two \s-1RSA\s0 padding modes behave differently if \fIEVP_PKEY_CTX_set_signature_md()\fR +is used. If this macro is called for PKCS#1 padding the plaintext buffer is +an actual digest value and is encapsulated in a DigestInfo structure according +to PKCS#1 when signing and this structure is expected (and stripped off) when +verifying. If this control is not used with \s-1RSA\s0 and PKCS#1 padding then the +supplied data is used directly and not encapsulated. In the case of X9.31 +padding for \s-1RSA\s0 the algorithm identifier byte is added or checked and removed +if this control is called. If it is not called then the first byte of the plaintext +buffer is expected to be the algorithm identifier byte. +.PP +The \fIEVP_PKEY_CTX_get_rsa_padding()\fR function gets the \s-1RSA\s0 padding mode for \fIctx\fR. +.PP +The \fIEVP_PKEY_CTX_set_rsa_pss_saltlen()\fR function sets the \s-1RSA\s0 \s-1PSS\s0 salt +length to \fIsaltlen\fR. As its name implies it is only supported for \s-1PSS\s0 +padding. If this function is not called then the maximum salt length +is used when signing and auto detection when verifying. Three special +values are supported: +.IP "\fB\s-1RSA_PSS_SALTLEN_DIGEST\s0\fR" 4 +.IX Item "RSA_PSS_SALTLEN_DIGEST" +sets the salt length to the digest length. +.IP "\fB\s-1RSA_PSS_SALTLEN_MAX\s0\fR" 4 +.IX Item "RSA_PSS_SALTLEN_MAX" +sets the salt length to the maximum permissible value. +.IP "\fB\s-1RSA_PSS_SALTLEN_AUTO\s0\fR" 4 +.IX Item "RSA_PSS_SALTLEN_AUTO" +causes the salt length to be automatically determined based on the +\&\fB\s-1PSS\s0\fR block structure when verifying. When signing, it has the same +meaning as \fB\s-1RSA_PSS_SALTLEN_MAX\s0\fR. +.PP +The \fIEVP_PKEY_CTX_get_rsa_pss_saltlen()\fR function gets the \s-1RSA\s0 \s-1PSS\s0 salt length +for \fIctx\fR. The padding mode must already have been set to +\&\fB\s-1RSA_PKCS1_PSS_PADDING\s0\fR. +.PP +The \fIEVP_PKEY_CTX_set_rsa_keygen_bits()\fR macro sets the \s-1RSA\s0 key length for +\&\s-1RSA\s0 key generation to \fIbits\fR. If not specified 2048 bits is used. +.PP +The \fIEVP_PKEY_CTX_set_rsa_keygen_pubexp()\fR macro sets the public exponent value +for \s-1RSA\s0 key generation to \fIpubexp\fR. Currently it should be an odd integer. The +\&\fIpubexp\fR pointer is used internally by this function so it should not be +modified or freed after the call. If not specified 65537 is used. +.PP +The \fIEVP_PKEY_CTX_set_rsa_keygen_primes()\fR macro sets the number of primes for +\&\s-1RSA\s0 key generation to \fIprimes\fR. If not specified 2 is used. +.PP +The \fIEVP_PKEY_CTX_set_rsa_mgf1_md_name()\fR function sets the \s-1MGF1\s0 digest for \s-1RSA\s0 +padding schemes to the digest named \fImdname\fR. If the \s-1RSA\s0 algorithm +implementation for the selected provider supports it then the digest will be +fetched using the properties \fImdprops\fR. If not explicitly set the signing +digest is used. The padding mode must have been set to \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR +or \fB\s-1RSA_PKCS1_PSS_PADDING\s0\fR. +.PP +The \fIEVP_PKEY_CTX_set_rsa_mgf1_md()\fR function does the same as +\&\fIEVP_PKEY_CTX_set_rsa_mgf1_md_name()\fR except that the name of the digest is +inferred from the supplied \fImd\fR and it is not possible to specify any +properties. +.PP +The \fIEVP_PKEY_CTX_get_rsa_mgf1_md_name()\fR function gets the name of the \s-1MGF1\s0 +digest algorithm for \fIctx\fR. If not explicitly set the signing digest is used. +The padding mode must have been set to \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR or +\&\fB\s-1RSA_PKCS1_PSS_PADDING\s0\fR. +.PP +The \fIEVP_PKEY_CTX_get_rsa_mgf1_md()\fR function does the same as +\&\fIEVP_PKEY_CTX_get_rsa_mgf1_md_name()\fR except that it returns a pointer to an +\&\s-1EVP_MD\s0 object instead. Note that only known, built-in \s-1EVP_MD\s0 objects will be +returned. The \s-1EVP_MD\s0 object may be \s-1NULL\s0 if the digest is not one of these (such +as a digest only implemented in a third party provider). +.PP +The \fIEVP_PKEY_CTX_set_rsa_oaep_md_name()\fR function sets the message digest type +used in \s-1RSA\s0 \s-1OAEP\s0 to the digest named \fImdname\fR. If the \s-1RSA\s0 algorithm +implementation for the selected provider supports it then the digest will be +fetched using the properties \fImdprops\fR. The padding mode must have been set to +\&\fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR. +.PP +The \fIEVP_PKEY_CTX_set_rsa_oaep_md()\fR function does the same as +\&\fIEVP_PKEY_CTX_set_rsa_oaep_md_name()\fR except that the name of the digest is +inferred from the supplied \fImd\fR and it is not possible to specify any +properties. +.PP +The \fIEVP_PKEY_CTX_get_rsa_oaep_md_name()\fR function gets the message digest +algorithm name used in \s-1RSA\s0 \s-1OAEP\s0 and stores it in the buffer \fIname\fR which is of +size \fInamelen\fR. The padding mode must have been set to +\&\fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR. The buffer should be sufficiently large for any +expected digest algorithm names or the function will fail. +.PP +The \fIEVP_PKEY_CTX_get_rsa_oaep_md()\fR function does the same as +\&\fIEVP_PKEY_CTX_get_rsa_oaep_md_name()\fR except that it returns a pointer to an +\&\s-1EVP_MD\s0 object instead. Note that only known, built-in \s-1EVP_MD\s0 objects will be +returned. The \s-1EVP_MD\s0 object may be \s-1NULL\s0 if the digest is not one of these (such +as a digest only implemented in a third party provider). +.PP +The \fIEVP_PKEY_CTX_set0_rsa_oaep_label()\fR function sets the \s-1RSA\s0 \s-1OAEP\s0 label to +\&\fIlabel\fR and its length to \fIlen\fR. If \fIlabel\fR is \s-1NULL\s0 or \fIlen\fR is 0, +the label is cleared. The library takes ownership of the label so the +caller should not free the original memory pointed to by \fIlabel\fR. +The padding mode must have been set to \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR. +.PP +The \fIEVP_PKEY_CTX_get0_rsa_oaep_label()\fR function gets the \s-1RSA\s0 \s-1OAEP\s0 label to +\&\fIlabel\fR. The return value is the label length. The padding mode +must have been set to \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR. The resulting pointer is owned +by the library and should not be freed by the caller. +.PP +\&\fB\s-1RSA_PKCS1_WITH_TLS_PADDING\s0\fR is used when decrypting an \s-1RSA\s0 encrypted \s-1TLS\s0 +pre-master secret in a \s-1TLS\s0 ClientKeyExchange message. It is the same as +\&\s-1RSA_PKCS1_PADDING\s0 except that it additionally verifies that the result is the +correct length and the first two bytes are the protocol version initially +requested by the client. If the encrypted content is publicly invalid then the +decryption will fail. However, if the padding checks fail then decryption will +still appear to succeed but a random \s-1TLS\s0 premaster secret will be returned +instead. This padding mode accepts two parameters which can be set using the +\&\fIEVP_PKEY_CTX_set_params\fR\|(3) function. These are +\&\s-1OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION\s0 and +\&\s-1OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION\s0, both of which are expected to be +unsigned integers. Normally only the first of these will be set and represents +the \s-1TLS\s0 protocol version that was first requested by the client (e.g. 0x0303 for +TLSv1.2, 0x0302 for TLSv1.1 etc). Historically some buggy clients would use the +negotiated protocol version instead of the protocol version first requested. If +this behaviour should be tolerated then +\&\s-1OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION\s0 should be set to the actual +negotiated protocol version. Otherwise it should be left unset. +.SS "\s-1DSA\s0 parameters" +.IX Subsection "DSA parameters" +The \fIEVP_PKEY_CTX_set_dsa_paramgen_bits()\fR macro sets the number of bits used +for \s-1DSA\s0 parameter generation to \fInbits\fR. If not specified, 2048 is used. +.PP +The \fIEVP_PKEY_CTX_set_dsa_paramgen_q_bits()\fR macro sets the number of bits in the +subprime parameter \fIq\fR for \s-1DSA\s0 parameter generation to \fIqbits\fR. If not +specified, 224 is used. If a digest function is specified below, this parameter +is ignored and instead, the number of bits in \fIq\fR matches the size of the +digest. +.PP +The \fIEVP_PKEY_CTX_set_dsa_paramgen_md()\fR macro sets the digest function used for +\&\s-1DSA\s0 parameter generation to \fImd\fR. If not specified, one of \s-1SHA\-1\s0, \s-1SHA\-224\s0, or +\&\s-1SHA\-256\s0 is selected to match the bit length of \fIq\fR above. +.SS "\s-1DH\s0 parameters" +.IX Subsection "DH parameters" +The \fIEVP_PKEY_CTX_set_dh_paramgen_prime_len()\fR macro sets the length of the \s-1DH\s0 +prime parameter \fIp\fR for \s-1DH\s0 parameter generation. If this macro is not called +then 2048 is used. Only accepts lengths greater than or equal to 256. +.PP +The \fIEVP_PKEY_CTX_set_dh_paramgen_subprime_len()\fR macro sets the length of the \s-1DH\s0 +optional subprime parameter \fIq\fR for \s-1DH\s0 parameter generation. The default is +256 if the prime is at least 2048 bits long or 160 otherwise. The \s-1DH\s0 +paramgen type must have been set to \fB\s-1DH_PARAMGEN_TYPE_FIPS_186_2\s0\fR or +\&\fB\s-1DH_PARAMGEN_TYPE_FIPS_186_4\s0\fR. +.PP +The \fIEVP_PKEY_CTX_set_dh_paramgen_generator()\fR macro sets \s-1DH\s0 generator to \fIgen\fR +for \s-1DH\s0 parameter generation. If not specified 2 is used. +.PP +The \fIEVP_PKEY_CTX_set_dh_paramgen_type()\fR macro sets the key type for \s-1DH\s0 +parameter generation. The supported parameters are: +.IP "\fB\s-1DH_PARAMGEN_TYPE_GENERATOR\s0\fR" 4 +.IX Item "DH_PARAMGEN_TYPE_GENERATOR" +Uses a generator g (PKCS#3 format). +.IP "\fB\s-1DH_PARAMGEN_TYPE_FIPS_186_2\s0\fR" 4 +.IX Item "DH_PARAMGEN_TYPE_FIPS_186_2" +\&\s-1FIPS186\-2\s0 \s-1FFC\s0 parameter generator (X9.42 \s-1DH\s0). +.IP "\fB\s-1DH_PARAMGEN_TYPE_FIPS_186_4\s0\fR" 4 +.IX Item "DH_PARAMGEN_TYPE_FIPS_186_4" +\&\s-1FIPS186\-4\s0 \s-1FFC\s0 parameter generator. +.PP +The default is \fB\s-1DH_PARAMGEN_TYPE_GENERATOR\s0\fR. +.PP +The \fIEVP_PKEY_CTX_set_dh_pad()\fR function sets the \s-1DH\s0 padding mode. +If \fIpad\fR is 1 the shared secret is padded with zeros up to the size of the \s-1DH\s0 +prime \fIp\fR. +If \fIpad\fR is zero (the default) then no padding is performed. +.PP +\&\fIEVP_PKEY_CTX_set_dh_nid()\fR sets the \s-1DH\s0 parameters to values corresponding to +\&\fInid\fR as defined in \s-1RFC7919\s0 or \s-1RFC3526\s0. The \fInid\fR parameter must be +\&\fBNID_ffdhe2048\fR, \fBNID_ffdhe3072\fR, \fBNID_ffdhe4096\fR, \fBNID_ffdhe6144\fR, +\&\fBNID_ffdhe8192\fR, \fBNID_modp_1536\fR, \fBNID_modp_2048\fR, \fBNID_modp_3072\fR, +\&\fBNID_modp_4096\fR, \fBNID_modp_6144\fR, \fBNID_modp_8192\fR or \fBNID_undef\fR to clear +the stored value. This macro can be called during parameter or key generation. +The nid parameter and the rfc5114 parameter are mutually exclusive. +.PP +The \fIEVP_PKEY_CTX_set_dh_rfc5114()\fR and \fIEVP_PKEY_CTX_set_dhx_rfc5114()\fR macros are +synonymous. They set the \s-1DH\s0 parameters to the values defined in \s-1RFC5114\s0. The +\&\fIrfc5114\fR parameter must be 1, 2 or 3 corresponding to \s-1RFC5114\s0 sections +2.1, 2.2 and 2.3. or 0 to clear the stored value. This macro can be called +during parameter generation. The \fIctx\fR must have a key type of +\&\fB\s-1EVP_PKEY_DHX\s0\fR. +The rfc5114 parameter and the nid parameter are mutually exclusive. +.SS "\s-1DH\s0 key derivation function parameters" +.IX Subsection "DH key derivation function parameters" +Note that all of the following functions require that the \fIctx\fR parameter has +a private key type of \fB\s-1EVP_PKEY_DHX\s0\fR. When using key derivation, the output of +\&\fIEVP_PKEY_derive()\fR is the output of the \s-1KDF\s0 instead of the \s-1DH\s0 shared secret. +The \s-1KDF\s0 output is typically used as a Key Encryption Key (\s-1KEK\s0) that in turn +encrypts a Content Encryption Key (\s-1CEK\s0). +.PP +The \fIEVP_PKEY_CTX_set_dh_kdf_type()\fR macro sets the key derivation function type +to \fIkdf\fR for \s-1DH\s0 key derivation. Possible values are \fB\s-1EVP_PKEY_DH_KDF_NONE\s0\fR +and \fB\s-1EVP_PKEY_DH_KDF_X9_42\s0\fR which uses the key derivation specified in \s-1RFC2631\s0 +(based on the keying algorithm described in X9.42). When using key derivation, +the \fIkdf_oid\fR, \fIkdf_md\fR and \fIkdf_outlen\fR parameters must also be specified. +.PP +The \fIEVP_PKEY_CTX_get_dh_kdf_type()\fR macro gets the key derivation function type +for \fIctx\fR used for \s-1DH\s0 key derivation. Possible values are \fB\s-1EVP_PKEY_DH_KDF_NONE\s0\fR +and \fB\s-1EVP_PKEY_DH_KDF_X9_42\s0\fR. +.PP +The \fIEVP_PKEY_CTX_set0_dh_kdf_oid()\fR macro sets the key derivation function +object identifier to \fIoid\fR for \s-1DH\s0 key derivation. This \s-1OID\s0 should identify +the algorithm to be used with the Content Encryption Key. +The library takes ownership of the object identifier so the caller should not +free the original memory pointed to by \fIoid\fR. +.PP +The \fIEVP_PKEY_CTX_get0_dh_kdf_oid()\fR macro gets the key derivation function oid +for \fIctx\fR used for \s-1DH\s0 key derivation. The resulting pointer is owned by the +library and should not be freed by the caller. +.PP +The \fIEVP_PKEY_CTX_set_dh_kdf_md()\fR macro sets the key derivation function +message digest to \fImd\fR for \s-1DH\s0 key derivation. Note that \s-1RFC2631\s0 specifies +that this digest should be \s-1SHA1\s0 but OpenSSL tolerates other digests. +.PP +The \fIEVP_PKEY_CTX_get_dh_kdf_md()\fR macro gets the key derivation function +message digest for \fIctx\fR used for \s-1DH\s0 key derivation. +.PP +The \fIEVP_PKEY_CTX_set_dh_kdf_outlen()\fR macro sets the key derivation function +output length to \fIlen\fR for \s-1DH\s0 key derivation. +.PP +The \fIEVP_PKEY_CTX_get_dh_kdf_outlen()\fR macro gets the key derivation function +output length for \fIctx\fR used for \s-1DH\s0 key derivation. +.PP +The \fIEVP_PKEY_CTX_set0_dh_kdf_ukm()\fR macro sets the user key material to +\&\fIukm\fR and its length to \fIlen\fR for \s-1DH\s0 key derivation. This parameter is optional +and corresponds to the partyAInfo field in \s-1RFC2631\s0 terms. The specification +requires that it is 512 bits long but this is not enforced by OpenSSL. +The library takes ownership of the user key material so the caller should not +free the original memory pointed to by \fIukm\fR. +.PP +The \fIEVP_PKEY_CTX_get0_dh_kdf_ukm()\fR macro gets the user key material for \fIctx\fR. +The return value is the user key material length. The resulting pointer is owned +by the library and should not be freed by the caller. +.SS "\s-1EC\s0 parameters" +.IX Subsection "EC parameters" +The \fIEVP_PKEY_CTX_set_ec_paramgen_curve_nid()\fR sets the \s-1EC\s0 curve for \s-1EC\s0 parameter +generation to \fInid\fR. For \s-1EC\s0 parameter generation this macro must be called +or an error occurs because there is no default curve. +This function can also be called to set the curve explicitly when +generating an \s-1EC\s0 key. +.PP +The \fIEVP_PKEY_CTX_set_ec_param_enc()\fR macro sets the \s-1EC\s0 parameter encoding to +\&\fIparam_enc\fR when generating \s-1EC\s0 parameters or an \s-1EC\s0 key. The encoding can be +\&\fB\s-1OPENSSL_EC_EXPLICIT_CURVE\s0\fR for explicit parameters (the default in versions +of OpenSSL before 1.1.0) or \fB\s-1OPENSSL_EC_NAMED_CURVE\s0\fR to use named curve form. +For maximum compatibility the named curve form should be used. Note: the +\&\fB\s-1OPENSSL_EC_NAMED_CURVE\s0\fR value was added in OpenSSL 1.1.0; previous +versions should use 0 instead. +.SS "\s-1ECDH\s0 parameters" +.IX Subsection "ECDH parameters" +The \fIEVP_PKEY_CTX_set_ecdh_cofactor_mode()\fR macro sets the cofactor mode to +\&\fIcofactor_mode\fR for \s-1ECDH\s0 key derivation. Possible values are 1 to enable +cofactor key derivation, 0 to disable it and \-1 to clear the stored cofactor +mode and fallback to the private key cofactor mode. +.PP +The \fIEVP_PKEY_CTX_get_ecdh_cofactor_mode()\fR macro returns the cofactor mode for +\&\fIctx\fR used for \s-1ECDH\s0 key derivation. Possible values are 1 when cofactor key +derivation is enabled and 0 otherwise. +.SS "\s-1ECDH\s0 key derivation function parameters" +.IX Subsection "ECDH key derivation function parameters" +The \fIEVP_PKEY_CTX_set_ecdh_kdf_type()\fR macro sets the key derivation function type +to \fIkdf\fR for \s-1ECDH\s0 key derivation. Possible values are \fB\s-1EVP_PKEY_ECDH_KDF_NONE\s0\fR +and \fB\s-1EVP_PKEY_ECDH_KDF_X9_63\s0\fR which uses the key derivation specified in X9.63. +When using key derivation, the \fIkdf_md\fR and \fIkdf_outlen\fR parameters must +also be specified. +.PP +The \fIEVP_PKEY_CTX_get_ecdh_kdf_type()\fR macro returns the key derivation function +type for \fIctx\fR used for \s-1ECDH\s0 key derivation. Possible values are +\&\fB\s-1EVP_PKEY_ECDH_KDF_NONE\s0\fR and \fB\s-1EVP_PKEY_ECDH_KDF_X9_63\s0\fR. +.PP +The \fIEVP_PKEY_CTX_set_ecdh_kdf_md()\fR macro sets the key derivation function +message digest to \fImd\fR for \s-1ECDH\s0 key derivation. Note that X9.63 specifies +that this digest should be \s-1SHA1\s0 but OpenSSL tolerates other digests. +.PP +The \fIEVP_PKEY_CTX_get_ecdh_kdf_md()\fR macro gets the key derivation function +message digest for \fIctx\fR used for \s-1ECDH\s0 key derivation. +.PP +The \fIEVP_PKEY_CTX_set_ecdh_kdf_outlen()\fR macro sets the key derivation function +output length to \fIlen\fR for \s-1ECDH\s0 key derivation. +.PP +The \fIEVP_PKEY_CTX_get_ecdh_kdf_outlen()\fR macro gets the key derivation function +output length for \fIctx\fR used for \s-1ECDH\s0 key derivation. +.PP +The \fIEVP_PKEY_CTX_set0_ecdh_kdf_ukm()\fR macro sets the user key material to \fIukm\fR +for \s-1ECDH\s0 key derivation. This parameter is optional and corresponds to the +shared info in X9.63 terms. The library takes ownership of the user key material +so the caller should not free the original memory pointed to by \fIukm\fR. +.PP +The \fIEVP_PKEY_CTX_get0_ecdh_kdf_ukm()\fR macro gets the user key material for \fIctx\fR. +The return value is the user key material length. The resulting pointer is owned +by the library and should not be freed by the caller. +.SS "Other parameters" +.IX Subsection "Other parameters" +The \fIEVP_PKEY_CTX_set1_id()\fR, \fIEVP_PKEY_CTX_get1_id()\fR and \fIEVP_PKEY_CTX_get1_id_len()\fR +macros are used to manipulate the special identifier field for specific signature +algorithms such as \s-1SM2\s0. The \fIEVP_PKEY_CTX_set1_id()\fR sets an \s-1ID\s0 pointed by \fIid\fR with +the length \fIid_len\fR to the library. The library takes a copy of the id so that +the caller can safely free the original memory pointed to by \fIid\fR. The +\&\fIEVP_PKEY_CTX_get1_id_len()\fR macro returns the length of the \s-1ID\s0 set via a previous +call to \fIEVP_PKEY_CTX_set1_id()\fR. The length is usually used to allocate adequate +memory for further calls to \fIEVP_PKEY_CTX_get1_id()\fR. The \fIEVP_PKEY_CTX_get1_id()\fR +macro returns the previously set \s-1ID\s0 value to caller in \fIid\fR. The caller should +allocate adequate memory space for the \fIid\fR before calling \fIEVP_PKEY_CTX_get1_id()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_PKEY_CTX_set_params()\fR returns 1 for success or 0 otherwise. +\&\fIEVP_PKEY_CTX_settable_params()\fR returns an \s-1OSSL_PARAM\s0 array on success or \s-1NULL\s0 on +error. +It may also return \s-1NULL\s0 if there are no settable parameters available. +.PP +All other functions and macros described on this page return a positive value +for success and 0 or a negative value for failure. In particular a return value +of \-2 indicates the operation is not supported by the public key algorithm. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_PKEY_CTX_new\fR\|(3), +\&\fIEVP_PKEY_encrypt\fR\|(3), +\&\fIEVP_PKEY_decrypt\fR\|(3), +\&\fIEVP_PKEY_sign\fR\|(3), +\&\fIEVP_PKEY_verify\fR\|(3), +\&\fIEVP_PKEY_verify_recover\fR\|(3), +\&\fIEVP_PKEY_derive\fR\|(3), +\&\fIEVP_PKEY_keygen\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIEVP_PKEY_CTX_get_signature_md()\fR, \fIEVP_PKEY_CTX_set_signature_md()\fR, +\&\fIEVP_PKEY_CTX_set_dh_pad()\fR, \fIEVP_PKEY_CTX_set_rsa_padding()\fR, +\&\fIEVP_PKEY_CTX_get_rsa_padding()\fR, \fIEVP_PKEY_CTX_get_rsa_mgf1_md()\fR, +\&\fIEVP_PKEY_CTX_set_rsa_mgf1_md()\fR, \fIEVP_PKEY_CTX_set_rsa_oaep_md()\fR, +\&\fIEVP_PKEY_CTX_get_rsa_oaep_md()\fR, \fIEVP_PKEY_CTX_set0_rsa_oaep_label()\fR, +\&\fIEVP_PKEY_CTX_get0_rsa_oaep_label()\fR, \fIEVP_PKEY_CTX_set_rsa_pss_saltlen()\fR, +\&\fIEVP_PKEY_CTX_get_rsa_pss_saltlen()\fR, were macros in OpenSSL 1.1.1 and below. +From OpenSSL 3.0 they are functions. +.PP +\&\fIEVP_PKEY_CTX_get_rsa_oaep_md_name()\fR, \fIEVP_PKEY_CTX_get_rsa_mgf1_md_name()\fR, +\&\fIEVP_PKEY_CTX_set_rsa_mgf1_md_name()\fR and \fIEVP_PKEY_CTX_set_rsa_oaep_md_name()\fR were +added in OpenSSL 3.0. +.PP +The \fIEVP_PKEY_CTX_set1_id()\fR, \fIEVP_PKEY_CTX_get1_id()\fR and +\&\fIEVP_PKEY_CTX_get1_id_len()\fR macros were added in 1.1.1, other functions were +added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_PKEY_CTX_new.3 b/linux_amd64/ssl/share/man/man3/EVP_PKEY_CTX_new.3 new file mode 100755 index 0000000..deea118 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_PKEY_CTX_new.3 @@ -0,0 +1,216 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_CTX_NEW 3" +.TH EVP_PKEY_CTX_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_CTX_new, EVP_PKEY_CTX_new_id, EVP_PKEY_CTX_new_from_name, +EVP_PKEY_CTX_new_from_pkey, EVP_PKEY_CTX_dup, EVP_PKEY_CTX_free +\&\- public key algorithm context functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e); +\& EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e); +\& EVP_PKEY_CTX *EVP_PKEY_CTX_new_from_name(OPENSSL_CTX *libctx, +\& const char *name, +\& const char *propquery); +\& EVP_PKEY_CTX *EVP_PKEY_CTX_new_from_pkey(OPENSSL_CTX *libctx, +\& EVP_PKEY *pkey); +\& EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *ctx); +\& void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fIEVP_PKEY_CTX_new()\fR function allocates public key algorithm context using +the \fIpkey\fR key type and \s-1ENGINE\s0 \fIe\fR. +.PP +The \fIEVP_PKEY_CTX_new_id()\fR function allocates public key algorithm context +using the key type specified by \fIid\fR and \s-1ENGINE\s0 \fIe\fR. +.PP +The \fIEVP_PKEY_CTX_new_from_name()\fR function allocates a public key algorithm +context using the library context \fIlibctx\fR (see \s-1\fIOPENSSL_CTX\s0\fR\|(3)), the +key type specified by \fIname\fR and the property query \fIpropquery\fR. None +of the arguments are duplicated, so they must remain unchanged for the +lifetime of the returned \fB\s-1EVP_PKEY_CTX\s0\fR or of any of its duplicates. +.PP +The \fIEVP_PKEY_CTX_new_from_pkey()\fR function allocates a public key algorithm +context using the library context \fIlibctx\fR (see \s-1\fIOPENSSL_CTX\s0\fR\|(3)) and the +algorithm specified by \fIpkey\fR and the property query \fIpropquery\fR. None of the +arguments are duplicated, so they must remain unchanged for the lifetime of the +returned \fB\s-1EVP_PKEY_CTX\s0\fR or any of its duplicates. +.PP +\&\fIEVP_PKEY_CTX_new_id()\fR and \fIEVP_PKEY_CTX_new_from_name()\fR are normally +used when no \fB\s-1EVP_PKEY\s0\fR structure is associated with the operations, +for example during parameter generation or key generation for some +algorithms. +.PP +\&\fIEVP_PKEY_CTX_dup()\fR duplicates the context \fIctx\fR. +.PP +\&\fIEVP_PKEY_CTX_free()\fR frees up the context \fIctx\fR. +If \fIctx\fR is \s-1NULL\s0, nothing is done. +.SH "NOTES" +.IX Header "NOTES" +.IP "1." 4 +The \fB\s-1EVP_PKEY_CTX\s0\fR structure is an opaque public key algorithm context used +by the OpenSSL high level public key \s-1API\s0. Contexts \fB\s-1MUST\s0 \s-1NOT\s0\fR be shared between +threads: that is it is not permissible to use the same context simultaneously +in two threads. +.IP "2." 4 +We mention \*(L"key type\*(R" in this manual, which is the same +as \*(L"algorithm\*(R" in most cases, allowing either term to be used +interchangeably. There are algorithms where the \fIkey type\fR and the +\&\fIalgorithm\fR of the operations that use the keys are not the same, +such as \s-1EC\s0 keys being used for \s-1ECDSA\s0 and \s-1ECDH\s0 operations. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_PKEY_CTX_new()\fR, \fIEVP_PKEY_CTX_new_id()\fR, \fIEVP_PKEY_CTX_dup()\fR returns either +the newly allocated \fB\s-1EVP_PKEY_CTX\s0\fR structure of \fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fIEVP_PKEY_CTX_free()\fR does not return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_PKEY_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fIEVP_PKEY_CTX_new()\fR, \fIEVP_PKEY_CTX_new_id()\fR, \fIEVP_PKEY_CTX_dup()\fR and +\&\fIEVP_PKEY_CTX_free()\fR functions were added in OpenSSL 1.0.0. +.PP +The \fIEVP_PKEY_CTX_new_from_name()\fR and \fIEVP_PKEY_CTX_new_from_pkey()\fR functions were +added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 b/linux_amd64/ssl/share/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 new file mode 100755 index 0000000..64a5951 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 @@ -0,0 +1,175 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_CTX_SET1_PBE_PASS 3" +.TH EVP_PKEY_CTX_SET1_PBE_PASS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_CTX_set1_pbe_pass +\&\- generic KDF support functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_CTX_set1_pbe_pass(EVP_PKEY_CTX *pctx, unsigned char *pass, +\& int passlen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions are generic support functions for all \s-1KDF\s0 algorithms. +.PP +\&\fIEVP_PKEY_CTX_set1_pbe_pass()\fR sets the password to the \fBpasslen\fR first +bytes from \fBpass\fR. +.SH "STRING CTRLS" +.IX Header "STRING CTRLS" +There is also support for string based control operations via +\&\fIEVP_PKEY_CTX_ctrl_str\fR\|(3). +The \fBpassword\fR can be directly specified using the \fBtype\fR parameter +\&\*(L"pass\*(R" or given in hex encoding using the \*(L"hexpass\*(R" parameter. +.SH "NOTES" +.IX Header "NOTES" +All these functions are implemented as macros. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All these functions return 1 for success and 0 or a negative value for failure. +In particular a return value of \-2 indicates the operation is not supported by +the public key algorithm. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_PKEY_CTX_new\fR\|(3), +\&\fIEVP_PKEY_CTX_ctrl_str\fR\|(3), +\&\fIEVP_PKEY_derive\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 b/linux_amd64/ssl/share/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 new file mode 100755 index 0000000..e2100ad --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 @@ -0,0 +1,282 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_CTX_SET_HKDF_MD 3" +.TH EVP_PKEY_CTX_SET_HKDF_MD 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_CTX_set_hkdf_md, EVP_PKEY_CTX_set1_hkdf_salt, +EVP_PKEY_CTX_set1_hkdf_key, EVP_PKEY_CTX_add1_hkdf_info, +EVP_PKEY_CTX_hkdf_mode \- +HMAC\-based Extract\-and\-Expand key derivation algorithm +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_CTX_hkdf_mode(EVP_PKEY_CTX *pctx, int mode); +\& +\& int EVP_PKEY_CTX_set_hkdf_md(EVP_PKEY_CTX *pctx, const EVP_MD *md); +\& +\& int EVP_PKEY_CTX_set1_hkdf_salt(EVP_PKEY_CTX *pctx, unsigned char *salt, +\& int saltlen); +\& +\& int EVP_PKEY_CTX_set1_hkdf_key(EVP_PKEY_CTX *pctx, unsigned char *key, +\& int keylen); +\& +\& int EVP_PKEY_CTX_add1_hkdf_info(EVP_PKEY_CTX *pctx, unsigned char *info, +\& int infolen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP_PKEY_HKDF\s0 algorithm implements the \s-1HKDF\s0 key derivation function. +\&\s-1HKDF\s0 follows the \*(L"extract-then-expand\*(R" paradigm, where the \s-1KDF\s0 logically +consists of two modules. The first stage takes the input keying material +and \*(L"extracts\*(R" from it a fixed-length pseudorandom key K. The second stage +\&\*(L"expands\*(R" the key K into several additional pseudorandom keys (the output +of the \s-1KDF\s0). +.PP +\&\fIEVP_PKEY_CTX_hkdf_mode()\fR sets the mode for the \s-1HKDF\s0 operation. There are three +modes that are currently defined: +.IP "\s-1EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND\s0" 4 +.IX Item "EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND" +This is the default mode. Calling \fIEVP_PKEY_derive\fR\|(3) on an \s-1EVP_PKEY_CTX\s0 set +up for \s-1HKDF\s0 will perform an extract followed by an expand operation in one go. +The derived key returned will be the result after the expand operation. The +intermediate fixed-length pseudorandom key K is not returned. +.Sp +In this mode the digest, key, salt and info values must be set before a key is +derived or an error occurs. +.IP "\s-1EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY\s0" 4 +.IX Item "EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY" +In this mode calling \fIEVP_PKEY_derive\fR\|(3) will just perform the extract +operation. The value returned will be the intermediate fixed-length pseudorandom +key K. +.Sp +The digest, key and salt values must be set before a key is derived or an +error occurs. +.IP "\s-1EVP_PKEY_HKDEF_MODE_EXPAND_ONLY\s0" 4 +.IX Item "EVP_PKEY_HKDEF_MODE_EXPAND_ONLY" +In this mode calling \fIEVP_PKEY_derive\fR\|(3) will just perform the expand +operation. The input key should be set to the intermediate fixed-length +pseudorandom key K returned from a previous extract operation. +.Sp +The digest, key and info values must be set before a key is derived or an +error occurs. +.PP +\&\fIEVP_PKEY_CTX_set_hkdf_md()\fR sets the message digest associated with the \s-1HKDF\s0. +.PP +\&\fIEVP_PKEY_CTX_set1_hkdf_salt()\fR sets the salt to \fBsaltlen\fR bytes of the +buffer \fBsalt\fR. Any existing value is replaced. +.PP +\&\fIEVP_PKEY_CTX_set1_hkdf_key()\fR sets the key to \fBkeylen\fR bytes of the buffer +\&\fBkey\fR. Any existing value is replaced. +.PP +\&\fIEVP_PKEY_CTX_add1_hkdf_info()\fR sets the info value to \fBinfolen\fR bytes of the +buffer \fBinfo\fR. If a value is already set, it is appended to the existing +value. +.SH "STRING CTRLS" +.IX Header "STRING CTRLS" +\&\s-1HKDF\s0 also supports string based control operations via +\&\fIEVP_PKEY_CTX_ctrl_str\fR\|(3). +The \fBtype\fR parameter \*(L"md\*(R" uses the supplied \fBvalue\fR as the name of the digest +algorithm to use. +The \fBtype\fR parameter \*(L"mode\*(R" uses the values \*(L"\s-1EXTRACT_AND_EXPAND\s0\*(R", +\&\*(L"\s-1EXTRACT_ONLY\s0\*(R" and \*(L"\s-1EXPAND_ONLY\s0\*(R" to determine the mode to use. +The \fBtype\fR parameters \*(L"salt\*(R", \*(L"key\*(R" and \*(L"info\*(R" use the supplied \fBvalue\fR +parameter as a \fBseed\fR, \fBkey\fR or \fBinfo\fR value. +The names \*(L"hexsalt\*(R", \*(L"hexkey\*(R" and \*(L"hexinfo\*(R" are similar except they take a hex +string which is converted to binary. +.SH "NOTES" +.IX Header "NOTES" +All these functions are implemented as macros. +.PP +A context for \s-1HKDF\s0 can be obtained by calling: +.PP +.Vb 1 +\& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL); +.Ve +.PP +The total length of the info buffer cannot exceed 1024 bytes in length: this +should be more than enough for any normal use of \s-1HKDF\s0. +.PP +The output length of an \s-1HKDF\s0 expand operation is specified via the length +parameter to the \fIEVP_PKEY_derive\fR\|(3) function. +Since the \s-1HKDF\s0 output length is variable, passing a \fB\s-1NULL\s0\fR buffer as a means +to obtain the requisite length is not meaningful with \s-1HKDF\s0 in any mode that +performs an expand operation. Instead, the caller must allocate a buffer of the +desired length, and pass that buffer to \fIEVP_PKEY_derive\fR\|(3) along with (a +pointer initialized to) the desired length. Passing a \fB\s-1NULL\s0\fR buffer to obtain +the length is allowed when using \s-1EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY\s0. +.PP +Optimised versions of \s-1HKDF\s0 can be implemented in an \s-1ENGINE\s0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All these functions return 1 for success and 0 or a negative value for failure. +In particular a return value of \-2 indicates the operation is not supported by +the public key algorithm. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This example derives 10 bytes using \s-1SHA\-256\s0 with the secret key \*(L"secret\*(R", +salt value \*(L"salt\*(R" and info value \*(L"label\*(R": +.PP +.Vb 4 +\& EVP_PKEY_CTX *pctx; +\& unsigned char out[10]; +\& size_t outlen = sizeof(out); +\& pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL); +\& +\& if (EVP_PKEY_derive_init(pctx) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set1_hkdf_salt(pctx, "salt", 4) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set1_hkdf_key(pctx, "secret", 6) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_add1_hkdf_info(pctx, "label", 5) <= 0) +\& /* Error */ +\& if (EVP_PKEY_derive(pctx, out, &outlen) <= 0) +\& /* Error */ +.Ve +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1RFC\s0 5869 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_PKEY_CTX_new\fR\|(3), +\&\fIEVP_PKEY_CTX_ctrl_str\fR\|(3), +\&\fIEVP_PKEY_derive\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 b/linux_amd64/ssl/share/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 new file mode 100755 index 0000000..491ec2e --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 @@ -0,0 +1,216 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_CTX_SET_RSA_PSS_KEYGEN_MD 3" +.TH EVP_PKEY_CTX_SET_RSA_PSS_KEYGEN_MD 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_CTX_set_rsa_pss_keygen_md, +EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md, +EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen +\&\- EVP_PKEY RSA\-PSS algorithm support functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_CTX_set_rsa_pss_keygen_md(EVP_PKEY_CTX *pctx, +\& const EVP_MD *md); +\& int EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(EVP_PKEY_CTX *pctx, +\& const EVP_MD *md); +\& int EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(EVP_PKEY_CTX *pctx, +\& int saltlen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These are the functions that implement \s-1\fIRSA\-PSS\s0\fR\|(7). +.SS "Signing and Verification" +.IX Subsection "Signing and Verification" +The macro \fIEVP_PKEY_CTX_set_rsa_padding()\fR is supported but an error is +returned if an attempt is made to set the padding mode to anything other +than \fB\s-1PSS\s0\fR. It is otherwise similar to the \fB\s-1RSA\s0\fR version. +.PP +The \fIEVP_PKEY_CTX_set_rsa_pss_saltlen()\fR macro is used to set the salt length. +If the key has usage restrictions then an error is returned if an attempt is +made to set the salt length below the minimum value. It is otherwise similar +to the \fB\s-1RSA\s0\fR operation except detection of the salt length (using +\&\s-1RSA_PSS_SALTLEN_AUTO\s0) is not supported for verification if the key has +usage restrictions. +.PP +The \fIEVP_PKEY_CTX_set_signature_md\fR\|(3) and \fIEVP_PKEY_CTX_set_rsa_mgf1_md\fR\|(3) +fuunctions are used to set the digest and \s-1MGF1\s0 algorithms respectively. If the +key has usage restrictions then an error is returned if an attempt is made to +set the digest to anything other than the restricted value. Otherwise these are +similar to the \fB\s-1RSA\s0\fR versions. +.SS "Key Generation" +.IX Subsection "Key Generation" +As with \s-1RSA\s0 key generation the \fIEVP_PKEY_CTX_set_rsa_keygen_bits()\fR +and \fIEVP_PKEY_CTX_set_rsa_keygen_pubexp()\fR macros are supported for RSA-PSS: +they have exactly the same meaning as for the \s-1RSA\s0 algorithm. +.PP +Optional parameter restrictions can be specified when generating a \s-1PSS\s0 key. +If any restrictions are set (using the macros described below) then \fBall\fR +parameters are restricted. For example, setting a minimum salt length also +restricts the digest and \s-1MGF1\s0 algorithms. If any restrictions are in place +then they are reflected in the corresponding parameters of the public key +when (for example) a certificate request is signed. +.PP +\&\fIEVP_PKEY_CTX_set_rsa_pss_keygen_md()\fR restricts the digest algorithm the +generated key can use to \fBmd\fR. +.PP +\&\fIEVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md()\fR restricts the \s-1MGF1\s0 algorithm the +generated key can use to \fBmd\fR. +.PP +\&\fIEVP_PKEY_CTX_set_rsa_pss_keygen_saltlen()\fR restricts the minimum salt length +to \fBsaltlen\fR. +.SH "NOTES" +.IX Header "NOTES" +A context for the \fBRSA-PSS\fR algorithm can be obtained by calling: +.PP +.Vb 1 +\& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA_PSS, NULL); +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All these functions return 1 for success and 0 or a negative value for failure. +In particular a return value of \-2 indicates the operation is not supported by +the public key algorithm. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fIRSA\-PSS\s0\fR\|(7), +\&\fIEVP_PKEY_CTX_new\fR\|(3), +\&\fIEVP_PKEY_CTX_ctrl_str\fR\|(3), +\&\fIEVP_PKEY_derive\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 b/linux_amd64/ssl/share/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 new file mode 100755 index 0000000..618e15d --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 @@ -0,0 +1,210 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_CTX_SET_SCRYPT_N 3" +.TH EVP_PKEY_CTX_SET_SCRYPT_N 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_CTX_set1_scrypt_salt, +EVP_PKEY_CTX_set_scrypt_N, +EVP_PKEY_CTX_set_scrypt_r, +EVP_PKEY_CTX_set_scrypt_p, +EVP_PKEY_CTX_set_scrypt_maxmem_bytes +\&\- EVP_PKEY scrypt KDF support functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_CTX_set1_scrypt_salt(EVP_PKEY_CTX *pctx, unsigned char *salt, +\& int saltlen); +\& +\& int EVP_PKEY_CTX_set_scrypt_N(EVP_PKEY_CTX *pctx, uint64_t N); +\& +\& int EVP_PKEY_CTX_set_scrypt_r(EVP_PKEY_CTX *pctx, uint64_t r); +\& +\& int EVP_PKEY_CTX_set_scrypt_p(EVP_PKEY_CTX *pctx, uint64_t p); +\& +\& int EVP_PKEY_CTX_set_scrypt_maxmem_bytes(EVP_PKEY_CTX *pctx, +\& uint64_t maxmem); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions are used to set up the necessary data to use the +scrypt \s-1KDF\s0. +For more information on scrypt, see \s-1\fIEVP_KDF\-SCRYPT\s0\fR\|(7). +.PP +\&\fIEVP_PKEY_CTX_set1_scrypt_salt()\fR sets the \fBsaltlen\fR bytes long salt +value. +.PP +\&\fIEVP_PKEY_CTX_set_scrypt_N()\fR, \fIEVP_PKEY_CTX_set_scrypt_r()\fR and +\&\fIEVP_PKEY_CTX_set_scrypt_p()\fR configure the work factors N, r and p. +.PP +\&\fIEVP_PKEY_CTX_set_scrypt_maxmem_bytes()\fR sets how much \s-1RAM\s0 key +derivation may maximally use, given in bytes. +If \s-1RAM\s0 is exceeded because the load factors are chosen too high, the +key derivation will fail. +.SH "STRING CTRLS" +.IX Header "STRING CTRLS" +scrypt also supports string based control operations via +\&\fIEVP_PKEY_CTX_ctrl_str\fR\|(3). +Similarly, the \fBsalt\fR can either be specified using the \fBtype\fR +parameter \*(L"salt\*(R" or in hex encoding by using the \*(L"hexsalt\*(R" parameter. +The work factors \fBN\fR, \fBr\fR and \fBp\fR as well as \fBmaxmem_bytes\fR can be +set by using the parameters \*(L"N\*(R", \*(L"r\*(R", \*(L"p\*(R" and \*(L"maxmem_bytes\*(R", +respectively. +.SH "NOTES" +.IX Header "NOTES" +There is a newer generic \s-1API\s0 for KDFs, \s-1\fIEVP_KDF\s0\fR\|(3), which is +preferred over the \s-1EVP_PKEY\s0 method. +.PP +The scrypt \s-1KDF\s0 also uses \fIEVP_PKEY_CTX_set1_pbe_pass()\fR as well as +the value from the string controls \*(L"pass\*(R" and \*(L"hexpass\*(R". +See \fIEVP_PKEY_CTX_set1_pbe_pass\fR\|(3). +.PP +All the functions described here are implemented as macros. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All these functions return 1 for success and 0 or a negative value for +failure. +In particular a return value of \-2 indicates the operation is not +supported by the public key algorithm. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fIEVP_KDF\s0\fR\|(3) +\&\fIEVP_PKEY_CTX_new\fR\|(3), +\&\fIEVP_PKEY_CTX_ctrl_str\fR\|(3), +\&\fIEVP_PKEY_derive\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 b/linux_amd64/ssl/share/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 new file mode 100755 index 0000000..8d9c918 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 @@ -0,0 +1,233 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_CTX_SET_TLS1_PRF_MD 3" +.TH EVP_PKEY_CTX_SET_TLS1_PRF_MD 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_CTX_set_tls1_prf_md, +EVP_PKEY_CTX_set1_tls1_prf_secret, EVP_PKEY_CTX_add1_tls1_prf_seed \- +TLS PRF key derivation algorithm +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_CTX_set_tls1_prf_md(EVP_PKEY_CTX *pctx, const EVP_MD *md); +\& int EVP_PKEY_CTX_set1_tls1_prf_secret(EVP_PKEY_CTX *pctx, +\& unsigned char *sec, int seclen); +\& int EVP_PKEY_CTX_add1_tls1_prf_seed(EVP_PKEY_CTX *pctx, +\& unsigned char *seed, int seedlen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1EVP_PKEY_TLS1_PRF\s0\fR algorithm implements the \s-1PRF\s0 key derivation function for +\&\s-1TLS\s0. It has no associated private key and only implements key derivation +using \fIEVP_PKEY_derive\fR\|(3). +.PP +\&\fIEVP_PKEY_set_tls1_prf_md()\fR sets the message digest associated with the +\&\s-1TLS\s0 \s-1PRF\s0. \fIEVP_md5_sha1()\fR is treated as a special case which uses the \s-1PRF\s0 +algorithm using both \fB\s-1MD5\s0\fR and \fB\s-1SHA1\s0\fR as used in \s-1TLS\s0 1.0 and 1.1. +.PP +\&\fIEVP_PKEY_CTX_set_tls1_prf_secret()\fR sets the secret value of the \s-1TLS\s0 \s-1PRF\s0 +to \fBseclen\fR bytes of the buffer \fBsec\fR. Any existing secret value is replaced +and any seed is reset. +.PP +\&\fIEVP_PKEY_CTX_add1_tls1_prf_seed()\fR sets the seed to \fBseedlen\fR bytes of \fBseed\fR. +If a seed is already set it is appended to the existing value. +.SH "STRING CTRLS" +.IX Header "STRING CTRLS" +The \s-1TLS\s0 \s-1PRF\s0 also supports string based control operations using +\&\fIEVP_PKEY_CTX_ctrl_str\fR\|(3). +The \fBtype\fR parameter \*(L"md\*(R" uses the supplied \fBvalue\fR as the name of the digest +algorithm to use. +The \fBtype\fR parameters \*(L"secret\*(R" and \*(L"seed\*(R" use the supplied \fBvalue\fR parameter +as a secret or seed value. +The names \*(L"hexsecret\*(R" and \*(L"hexseed\*(R" are similar except they take a hex string +which is converted to binary. +.SH "NOTES" +.IX Header "NOTES" +All these functions are implemented as macros. +.PP +A context for the \s-1TLS\s0 \s-1PRF\s0 can be obtained by calling: +.PP +.Vb 1 +\& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL); +.Ve +.PP +The digest, secret value and seed must be set before a key is derived or an +error occurs. +.PP +The total length of all seeds cannot exceed 1024 bytes in length: this should +be more than enough for any normal use of the \s-1TLS\s0 \s-1PRF\s0. +.PP +The output length of the \s-1PRF\s0 is specified by the length parameter in the +\&\fIEVP_PKEY_derive()\fR function. Since the output length is variable, setting +the buffer to \fB\s-1NULL\s0\fR is not meaningful for the \s-1TLS\s0 \s-1PRF\s0. +.PP +Optimised versions of the \s-1TLS\s0 \s-1PRF\s0 can be implemented in an \s-1ENGINE\s0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All these functions return 1 for success and 0 or a negative value for failure. +In particular a return value of \-2 indicates the operation is not supported by +the public key algorithm. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This example derives 10 bytes using \s-1SHA\-256\s0 with the secret key \*(L"secret\*(R" +and seed value \*(L"seed\*(R": +.PP +.Vb 3 +\& EVP_PKEY_CTX *pctx; +\& unsigned char out[10]; +\& size_t outlen = sizeof(out); +\& +\& pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL); +\& if (EVP_PKEY_derive_init(pctx) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set_tls1_prf_md(pctx, EVP_sha256()) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, "secret", 6) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, "seed", 4) <= 0) +\& /* Error */ +\& if (EVP_PKEY_derive(pctx, out, &outlen) <= 0) +\& /* Error */ +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_PKEY_CTX_new\fR\|(3), +\&\fIEVP_PKEY_CTX_ctrl_str\fR\|(3), +\&\fIEVP_PKEY_derive\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_PKEY_asn1_get_count.3 b/linux_amd64/ssl/share/man/man3/EVP_PKEY_asn1_get_count.3 new file mode 100755 index 0000000..c3ee916 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_PKEY_asn1_get_count.3 @@ -0,0 +1,203 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_ASN1_GET_COUNT 3" +.TH EVP_PKEY_ASN1_GET_COUNT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_asn1_find, +EVP_PKEY_asn1_find_str, +EVP_PKEY_asn1_get_count, +EVP_PKEY_asn1_get0, +EVP_PKEY_asn1_get0_info +\&\- enumerate public key ASN.1 methods +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_asn1_get_count(void); +\& const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx); +\& const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type); +\& const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe, +\& const char *str, int len); +\& int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *pkey_base_id, +\& int *ppkey_flags, const char **pinfo, +\& const char **ppem_str, +\& const EVP_PKEY_ASN1_METHOD *ameth); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIEVP_PKEY_asn1_count()\fR returns a count of the number of public key +\&\s-1ASN\s0.1 methods available: it includes standard methods and any methods +added by the application. +.PP +\&\fIEVP_PKEY_asn1_get0()\fR returns the public key \s-1ASN\s0.1 method \fBidx\fR. +The value of \fBidx\fR must be between zero and \fIEVP_PKEY_asn1_get_count()\fR +\&\- 1. +.PP +\&\fIEVP_PKEY_asn1_find()\fR looks up the \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR with \s-1NID\s0 +\&\fBtype\fR. +If \fBpe\fR isn't \fB\s-1NULL\s0\fR, then it will look up an engine implementing a +\&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR for the \s-1NID\s0 \fBtype\fR and return that instead, +and also set \fB*pe\fR to point at the engine that implements it. +.PP +\&\fIEVP_PKEY_asn1_find_str()\fR looks up the \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR with \s-1PEM\s0 +type string \fBstr\fR. +Just like \fIEVP_PKEY_asn1_find()\fR, if \fBpe\fR isn't \fB\s-1NULL\s0\fR, then it will +look up an engine implementing a \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR for the \s-1NID\s0 +\&\fBtype\fR and return that instead, and also set \fB*pe\fR to point at the +engine that implements it. +.PP +\&\fIEVP_PKEY_asn1_get0_info()\fR returns the public key \s-1ID\s0, base public key +\&\s-1ID\s0 (both NIDs), any flags, the method description and \s-1PEM\s0 type string +associated with the public key \s-1ASN\s0.1 method \fB*ameth\fR. +.PP +\&\fIEVP_PKEY_asn1_count()\fR, \fIEVP_PKEY_asn1_get0()\fR, \fIEVP_PKEY_asn1_find()\fR and +\&\fIEVP_PKEY_asn1_find_str()\fR are not thread safe, but as long as all +\&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR objects are added before the application gets +threaded, using them is safe. See \fIEVP_PKEY_asn1_add0\fR\|(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_PKEY_asn1_count()\fR returns the number of available public key methods. +.PP +\&\fIEVP_PKEY_asn1_get0()\fR return a public key method or \fB\s-1NULL\s0\fR if \fBidx\fR is +out of range. +.PP +\&\fIEVP_PKEY_asn1_get0_info()\fR returns 0 on failure, 1 on success. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_PKEY_asn1_new\fR\|(3), \fIEVP_PKEY_asn1_add0\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_PKEY_check.3 b/linux_amd64/ssl/share/man/man3/EVP_PKEY_check.3 new file mode 100755 index 0000000..6694f1b --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_PKEY_check.3 @@ -0,0 +1,194 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_CHECK 3" +.TH EVP_PKEY_CHECK 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_check, EVP_PKEY_param_check, EVP_PKEY_public_check, +EVP_PKEY_private_check, EVP_PKEY_pairwise_check +\&\- key and parameter validation functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_check(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_private_check(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_pairwise_check(EVP_PKEY_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIEVP_PKEY_param_check()\fR validates the parameters component of the key +given by \fBctx\fR. +.PP +\&\fIEVP_PKEY_public_check()\fR validates the public component of the key given by \fBctx\fR. +.PP +\&\fIEVP_PKEY_private_check()\fR validates the private component of the key given by \fBctx\fR. +.PP +\&\fIEVP_PKEY_pairwise_check()\fR validates that the public and private components have +the correct mathematical relationship to each other for the key given by \fBctx\fR. +.PP +\&\fIEVP_PKEY_check()\fR validates all components of a key given by \fBctx\fR. +.SH "NOTES" +.IX Header "NOTES" +Refer to \s-1SP800\-56A\s0 and \s-1SP800\-56B\s0 for rules relating to when these functions +should be called during key establishment. +It is not necessary to call these functions after locally calling an approved key +generation method, but may be required for assurance purposes when receiving +keys from a third party. +.PP +In OpenSSL an \s-1EVP_PKEY\s0 structure containing a private key also contains the +public key components and parameters (if any). An OpenSSL private key is +equivalent to what some libraries call a \*(L"key pair\*(R". A private key can be used +in functions which require the use of a public key or parameters. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All functions return 1 for success or others for failure. +They return \-2 if the operation is not supported for the specific algorithm. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_PKEY_CTX_new\fR\|(3), +\&\fIEVP_PKEY_fromdata\fR\|(3), +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIEVP_PKEY_check()\fR, \fIEVP_PKEY_public_check()\fR and \fIEVP_PKEY_param_check()\fR were added +in OpenSSL 1.1.1. +.PP +\&\fIEVP_PKEY_private_check()\fR and \fIEVP_PKEY_pairwise_check()\fR were added +in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_PKEY_cmp.3 b/linux_amd64/ssl/share/man/man3/EVP_PKEY_cmp.3 new file mode 100755 index 0000000..7537f56 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_PKEY_cmp.3 @@ -0,0 +1,195 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_CMP 3" +.TH EVP_PKEY_CMP 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_copy_parameters, EVP_PKEY_missing_parameters, EVP_PKEY_cmp_parameters, +EVP_PKEY_cmp \- public key parameter and comparison functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey); +\& int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from); +\& +\& int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b); +\& int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fIEVP_PKEY_missing_parameters()\fR returns 1 if the public key +parameters of \fBpkey\fR are missing and 0 if they are present or the algorithm +doesn't use parameters. +.PP +The function \fIEVP_PKEY_copy_parameters()\fR copies the parameters from key +\&\fBfrom\fR to key \fBto\fR. An error is returned if the parameters are missing in +\&\fBfrom\fR or present in both \fBfrom\fR and \fBto\fR and mismatch. If the parameters +in \fBfrom\fR and \fBto\fR are both present and match this function has no effect. +.PP +The function \fIEVP_PKEY_cmp_parameters()\fR compares the parameters of keys +\&\fBa\fR and \fBb\fR. +.PP +The function \fIEVP_PKEY_cmp()\fR compares the public key components and parameters +(if present) of keys \fBa\fR and \fBb\fR. +.SH "NOTES" +.IX Header "NOTES" +The main purpose of the functions \fIEVP_PKEY_missing_parameters()\fR and +\&\fIEVP_PKEY_copy_parameters()\fR is to handle public keys in certificates where the +parameters are sometimes omitted from a public key if they are inherited from +the \s-1CA\s0 that signed it. +.PP +Since OpenSSL private keys contain public key components too the function +\&\fIEVP_PKEY_cmp()\fR can also be used to determine if a private key matches +a public key. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The function \fIEVP_PKEY_missing_parameters()\fR returns 1 if the public key +parameters of \fBpkey\fR are missing and 0 if they are present or the algorithm +doesn't use parameters. +.PP +These functions \fIEVP_PKEY_copy_parameters()\fR returns 1 for success and 0 for +failure. +.PP +The function \fIEVP_PKEY_cmp_parameters()\fR and \fIEVP_PKEY_cmp()\fR return 1 if the +keys match, 0 if they don't match, \-1 if the key types are different and +\&\-2 if the operation is not supported. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_PKEY_CTX_new\fR\|(3), +\&\fIEVP_PKEY_keygen\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_PKEY_decrypt.3 b/linux_amd64/ssl/share/man/man3/EVP_PKEY_decrypt.3 new file mode 100755 index 0000000..f9a512c --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_PKEY_decrypt.3 @@ -0,0 +1,227 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_DECRYPT 3" +.TH EVP_PKEY_DECRYPT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_decrypt_init, EVP_PKEY_decrypt \- decrypt using a public key algorithm +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, +\& unsigned char *out, size_t *outlen, +\& const unsigned char *in, size_t inlen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fIEVP_PKEY_decrypt_init()\fR function initializes a public key algorithm +context using key \fBpkey\fR for a decryption operation. +.PP +The \fIEVP_PKEY_decrypt()\fR function performs a public key decryption operation +using \fBctx\fR. The data to be decrypted is specified using the \fBin\fR and +\&\fBinlen\fR parameters. If \fBout\fR is \fB\s-1NULL\s0\fR then the maximum size of the output +buffer is written to the \fBoutlen\fR parameter. If \fBout\fR is not \fB\s-1NULL\s0\fR then +before the call the \fBoutlen\fR parameter should contain the length of the +\&\fBout\fR buffer, if the call is successful the decrypted data is written to +\&\fBout\fR and the amount of data written to \fBoutlen\fR. +.SH "NOTES" +.IX Header "NOTES" +After the call to \fIEVP_PKEY_decrypt_init()\fR algorithm specific control +operations can be performed to set any appropriate parameters for the +operation. +.PP +The function \fIEVP_PKEY_decrypt()\fR can be called more than once on the same +context if several operations are performed using the same parameters. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_PKEY_decrypt_init()\fR and \fIEVP_PKEY_decrypt()\fR return 1 for success and 0 +or a negative value for failure. In particular a return value of \-2 +indicates the operation is not supported by the public key algorithm. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Decrypt data using \s-1OAEP\s0 (for \s-1RSA\s0 keys): +.PP +.Vb 2 +\& #include +\& #include +\& +\& EVP_PKEY_CTX *ctx; +\& ENGINE *eng; +\& unsigned char *out, *in; +\& size_t outlen, inlen; +\& EVP_PKEY *key; +\& +\& /* +\& * NB: assumes key, eng, in, inlen are already set up +\& * and that key is an RSA private key +\& */ +\& ctx = EVP_PKEY_CTX_new(key, eng); +\& if (!ctx) +\& /* Error occurred */ +\& if (EVP_PKEY_decrypt_init(ctx) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_OAEP_PADDING) <= 0) +\& /* Error */ +\& +\& /* Determine buffer length */ +\& if (EVP_PKEY_decrypt(ctx, NULL, &outlen, in, inlen) <= 0) +\& /* Error */ +\& +\& out = OPENSSL_malloc(outlen); +\& +\& if (!out) +\& /* malloc failure */ +\& +\& if (EVP_PKEY_decrypt(ctx, out, &outlen, in, inlen) <= 0) +\& /* Error */ +\& +\& /* Decrypted data is outlen bytes written to buffer out */ +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_PKEY_CTX_new\fR\|(3), +\&\fIEVP_PKEY_encrypt\fR\|(3), +\&\fIEVP_PKEY_sign\fR\|(3), +\&\fIEVP_PKEY_verify\fR\|(3), +\&\fIEVP_PKEY_verify_recover\fR\|(3), +\&\fIEVP_PKEY_derive\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_PKEY_derive.3 b/linux_amd64/ssl/share/man/man3/EVP_PKEY_derive.3 new file mode 100755 index 0000000..1299f6f --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_PKEY_derive.3 @@ -0,0 +1,231 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_DERIVE 3" +.TH EVP_PKEY_DERIVE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_derive_init, EVP_PKEY_derive_set_peer, EVP_PKEY_derive +\&\- derive public key algorithm shared secret +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer); +\& int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIEVP_PKEY_derive_init()\fR initializes a public key algorithm context \fIctx\fR for +shared secret derivation using the algorithm given when the context was created +using \fIEVP_PKEY_CTX_new\fR\|(3) or variants thereof. The algorithm is used to +fetch a \fB\s-1EVP_KEYEXCH\s0\fR method implicitly, see \*(L"Implicit fetch\*(R" in \fIprovider\fR\|(7) for +more information about implict fetches. +.PP +\&\fIEVP_PKEY_derive_set_peer()\fR sets the peer key: this will normally +be a public key. +.PP +\&\fIEVP_PKEY_derive()\fR derives a shared secret using \fIctx\fR. +If \fIkey\fR is \s-1NULL\s0 then the maximum size of the output buffer is written to the +\&\fIkeylen\fR parameter. If \fIkey\fR is not \s-1NULL\s0 then before the call the \fIkeylen\fR +parameter should contain the length of the \fIkey\fR buffer, if the call is +successful the shared secret is written to \fIkey\fR and the amount of data +written to \fIkeylen\fR. +.SH "NOTES" +.IX Header "NOTES" +After the call to \fIEVP_PKEY_derive_init()\fR, algorithm +specific control operations can be performed to set any appropriate parameters +for the operation. +.PP +The function \fIEVP_PKEY_derive()\fR can be called more than once on the same +context if several operations are performed using the same parameters. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_PKEY_derive_init()\fR and \fIEVP_PKEY_derive()\fR return 1 +for success and 0 or a negative value for failure. +In particular a return value of \-2 indicates the operation is not supported by +the public key algorithm. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Derive shared secret (for example \s-1DH\s0 or \s-1EC\s0 keys): +.PP +.Vb 2 +\& #include +\& #include +\& +\& EVP_PKEY_CTX *ctx; +\& ENGINE *eng; +\& unsigned char *skey; +\& size_t skeylen; +\& EVP_PKEY *pkey, *peerkey; +\& /* NB: assumes pkey, eng, peerkey have been already set up */ +\& +\& ctx = EVP_PKEY_CTX_new(pkey, eng); +\& if (!ctx) +\& /* Error occurred */ +\& if (EVP_PKEY_derive_init(ctx) <= 0) +\& /* Error */ +\& if (EVP_PKEY_derive_set_peer(ctx, peerkey) <= 0) +\& /* Error */ +\& +\& /* Determine buffer length */ +\& if (EVP_PKEY_derive(ctx, NULL, &skeylen) <= 0) +\& /* Error */ +\& +\& skey = OPENSSL_malloc(skeylen); +\& +\& if (!skey) +\& /* malloc failure */ +\& +\& if (EVP_PKEY_derive(ctx, skey, &skeylen) <= 0) +\& /* Error */ +\& +\& /* Shared secret is skey bytes written to buffer skey */ +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_PKEY_CTX_new\fR\|(3), +\&\fIEVP_PKEY_encrypt\fR\|(3), +\&\fIEVP_PKEY_decrypt\fR\|(3), +\&\fIEVP_PKEY_sign\fR\|(3), +\&\fIEVP_PKEY_verify\fR\|(3), +\&\fIEVP_PKEY_verify_recover\fR\|(3), +\&\fIEVP_KEYEXCH_fetch\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_PKEY_encrypt.3 b/linux_amd64/ssl/share/man/man3/EVP_PKEY_encrypt.3 new file mode 100755 index 0000000..5dff2d8 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_PKEY_encrypt.3 @@ -0,0 +1,232 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_ENCRYPT 3" +.TH EVP_PKEY_ENCRYPT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_encrypt_init, EVP_PKEY_encrypt \- encrypt using a public key algorithm +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx, +\& unsigned char *out, size_t *outlen, +\& const unsigned char *in, size_t inlen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fIEVP_PKEY_encrypt_init()\fR function initializes a public key algorithm +context using key \fBpkey\fR for an encryption operation. +.PP +The \fIEVP_PKEY_encrypt()\fR function performs a public key encryption operation +using \fBctx\fR. The data to be encrypted is specified using the \fBin\fR and +\&\fBinlen\fR parameters. If \fBout\fR is \fB\s-1NULL\s0\fR then the maximum size of the output +buffer is written to the \fBoutlen\fR parameter. If \fBout\fR is not \fB\s-1NULL\s0\fR then +before the call the \fBoutlen\fR parameter should contain the length of the +\&\fBout\fR buffer, if the call is successful the encrypted data is written to +\&\fBout\fR and the amount of data written to \fBoutlen\fR. +.SH "NOTES" +.IX Header "NOTES" +After the call to \fIEVP_PKEY_encrypt_init()\fR algorithm specific control +operations can be performed to set any appropriate parameters for the +operation. +.PP +The function \fIEVP_PKEY_encrypt()\fR can be called more than once on the same +context if several operations are performed using the same parameters. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_PKEY_encrypt_init()\fR and \fIEVP_PKEY_encrypt()\fR return 1 for success and 0 +or a negative value for failure. In particular a return value of \-2 +indicates the operation is not supported by the public key algorithm. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Encrypt data using \s-1OAEP\s0 (for \s-1RSA\s0 keys). See also \fIPEM_read_PUBKEY\fR\|(3) or +\&\fId2i_X509\fR\|(3) for means to load a public key. You may also simply +set 'eng = \s-1NULL\s0;' to start with the default OpenSSL \s-1RSA\s0 implementation: +.PP +.Vb 3 +\& #include +\& #include +\& #include +\& +\& EVP_PKEY_CTX *ctx; +\& ENGINE *eng; +\& unsigned char *out, *in; +\& size_t outlen, inlen; +\& EVP_PKEY *key; +\& +\& /* +\& * NB: assumes eng, key, in, inlen are already set up, +\& * and that key is an RSA public key +\& */ +\& ctx = EVP_PKEY_CTX_new(key, eng); +\& if (!ctx) +\& /* Error occurred */ +\& if (EVP_PKEY_encrypt_init(ctx) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_OAEP_PADDING) <= 0) +\& /* Error */ +\& +\& /* Determine buffer length */ +\& if (EVP_PKEY_encrypt(ctx, NULL, &outlen, in, inlen) <= 0) +\& /* Error */ +\& +\& out = OPENSSL_malloc(outlen); +\& +\& if (!out) +\& /* malloc failure */ +\& +\& if (EVP_PKEY_encrypt(ctx, out, &outlen, in, inlen) <= 0) +\& /* Error */ +\& +\& /* Encrypted data is outlen bytes written to buffer out */ +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fId2i_X509\fR\|(3), +\&\fIENGINE_by_id\fR\|(3), +\&\fIEVP_PKEY_CTX_new\fR\|(3), +\&\fIEVP_PKEY_decrypt\fR\|(3), +\&\fIEVP_PKEY_sign\fR\|(3), +\&\fIEVP_PKEY_verify\fR\|(3), +\&\fIEVP_PKEY_verify_recover\fR\|(3), +\&\fIEVP_PKEY_derive\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_PKEY_fromdata.3 b/linux_amd64/ssl/share/man/man3/EVP_PKEY_fromdata.3 new file mode 100755 index 0000000..3148666 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_PKEY_fromdata.3 @@ -0,0 +1,189 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_FROMDATA 3" +.TH EVP_PKEY_FROMDATA 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_param_fromdata_init, EVP_PKEY_key_fromdata_init, EVP_PKEY_fromdata, +EVP_PKEY_param_fromdata_settable, EVP_PKEY_key_fromdata_settable +\&\- functions to create key parameters and keys from user data +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_param_fromdata_init(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_key_fromdata_init(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_fromdata(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey, OSSL_PARAM params[]); +\& const OSSL_PARAM *EVP_PKEY_param_fromdata_settable(EVP_PKEY_CTX *ctx); +\& const OSSL_PARAM *EVP_PKEY_key_fromdata_settable(EVP_PKEY_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIEVP_PKEY_param_fromdata_init()\fR initializes a public key algorithm context +for creating key parameters from user data. +.PP +\&\fIEVP_PKEY_key_fromdata_init()\fR initializes a public key algorithm context for +creating a key from user data. +.PP +\&\fIEVP_PKEY_fromdata()\fR creates key parameters or a key, given data from +\&\fIparams\fR and a context that's been initialized with +\&\fIEVP_PKEY_param_fromdata_init()\fR or \fIEVP_PKEY_key_fromdata_init()\fR. The result is +written to \fI*ppkey\fR. The parameters that can be used for various types of key +are as described in the \*(L"Built-in \s-1RSA\s0 Import/Export Types\*(R" section on the +\&\fIprovider\-keymgmt\fR\|(7) page. +.PP +\&\fIEVP_PKEY_param_fromdata_settable()\fR and \fIEVP_PKEY_key_fromdata_settable()\fR +get a constant \fB\s-1OSSL_PARAM\s0\fR array that describes the settable parameters +that can be used with \fIEVP_PKEY_fromdata()\fR. +See \s-1\fIOSSL_PARAM\s0\fR\|(3) for the use of \fB\s-1OSSL_PARAM\s0\fR as parameter descriptor. +.SH "NOTES" +.IX Header "NOTES" +These functions only work with key management methods coming from a +provider. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_PKEY_key_fromdata_init()\fR, \fIEVP_PKEY_param_fromdata_init()\fR and +\&\fIEVP_PKEY_fromdata()\fR return 1 for success and 0 or a negative value for +failure. In particular a return value of \-2 indicates the operation is +not supported by the public key algorithm. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_PKEY_CTX_new\fR\|(3), \fIprovider\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_PKEY_get_default_digest_nid.3 b/linux_amd64/ssl/share/man/man3/EVP_PKEY_get_default_digest_nid.3 new file mode 100755 index 0000000..66f7104 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_PKEY_get_default_digest_nid.3 @@ -0,0 +1,187 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_GET_DEFAULT_DIGEST_NID 3" +.TH EVP_PKEY_GET_DEFAULT_DIGEST_NID 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_get_default_digest_nid, EVP_PKEY_get_default_digest_name +\&\- get default signature digest +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_get_default_digest_name(EVP_PKEY *pkey, +\& char *mdname, size_t mdname_sz) +\& int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIEVP_PKEY_get_default_digest_name()\fR fills in the default message digest +name for the public key signature operations associated with key +\&\fIpkey\fR into \fImdname\fR, up to at most \fImdname_sz\fR bytes including the +ending \s-1NUL\s0 byte. +.PP +\&\fIEVP_PKEY_get_default_digest_nid()\fR sets \fIpnid\fR to the default message +digest \s-1NID\s0 for the public key signature operations associated with key +\&\fIpkey\fR. Note that some signature algorithms (i.e. Ed25519 and Ed448) +do not use a digest during signing. In this case \fIpnid\fR will be set +to NID_undef. This function is only reliable for legacy keys, which +are keys with a \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR; these keys have typically +been loaded from engines, or created with \fIEVP_PKEY_assign_RSA\fR\|(3) or +similar. +.SH "NOTES" +.IX Header "NOTES" +For all current standard OpenSSL public key algorithms \s-1SHA256\s0 is returned. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_PKEY_get_default_digest_name()\fR and \fIEVP_PKEY_get_default_digest_nid()\fR +both return 1 if the message digest is advisory (that is other digests +can be used) and 2 if it is mandatory (other digests can not be used). +They return 0 or a negative value for failure. In particular a return +value of \-2 indicates the operation is not supported by the public key +algorithm. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_PKEY_CTX_new\fR\|(3), +\&\fIEVP_PKEY_sign\fR\|(3), +\&\fIEVP_PKEY_supports_digest_nid\fR\|(3), +\&\fIEVP_PKEY_verify\fR\|(3), +\&\fIEVP_PKEY_verify_recover\fR\|(3), +.SH "HISTORY" +.IX Header "HISTORY" +This function was added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_PKEY_keygen.3 b/linux_amd64/ssl/share/man/man3/EVP_PKEY_keygen.3 new file mode 100755 index 0000000..04d40ea --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_PKEY_keygen.3 @@ -0,0 +1,308 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_KEYGEN 3" +.TH EVP_PKEY_KEYGEN 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_keygen_init, EVP_PKEY_keygen, EVP_PKEY_paramgen_init, +EVP_PKEY_paramgen, EVP_PKEY_CTX_set_cb, EVP_PKEY_CTX_get_cb, +EVP_PKEY_CTX_get_keygen_info, EVP_PKEY_CTX_set_app_data, +EVP_PKEY_CTX_get_app_data, +EVP_PKEY_gen_cb +\&\- key and parameter generation and check functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); +\& int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); +\& +\& typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx); +\& +\& void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb); +\& EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx); +\& +\& int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx); +\& +\& void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data); +\& void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fIEVP_PKEY_keygen_init()\fR function initializes a public key algorithm +context using key \fBpkey\fR for a key generation operation. +.PP +The \fIEVP_PKEY_keygen()\fR function performs a key generation operation, the +generated key is written to \fBppkey\fR. +.PP +The functions \fIEVP_PKEY_paramgen_init()\fR and \fIEVP_PKEY_paramgen()\fR are similar +except parameters are generated. +.PP +The function \fIEVP_PKEY_set_cb()\fR sets the key or parameter generation callback +to \fBcb\fR. The function \fIEVP_PKEY_CTX_get_cb()\fR returns the key or parameter +generation callback. +.PP +The function \fIEVP_PKEY_CTX_get_keygen_info()\fR returns parameters associated +with the generation operation. If \fBidx\fR is \-1 the total number of +parameters available is returned. Any non negative value returns the value of +that parameter. \fIEVP_PKEY_CTX_gen_keygen_info()\fR with a non-negative value for +\&\fBidx\fR should only be called within the generation callback. +.PP +If the callback returns 0 then the key generation operation is aborted and an +error occurs. This might occur during a time consuming operation where +a user clicks on a \*(L"cancel\*(R" button. +.PP +The functions \fIEVP_PKEY_CTX_set_app_data()\fR and \fIEVP_PKEY_CTX_get_app_data()\fR set +and retrieve an opaque pointer. This can be used to set some application +defined value which can be retrieved in the callback: for example a handle +which is used to update a \*(L"progress dialog\*(R". +.SH "NOTES" +.IX Header "NOTES" +After the call to \fIEVP_PKEY_keygen_init()\fR or \fIEVP_PKEY_paramgen_init()\fR algorithm +specific control operations can be performed to set any appropriate parameters +for the operation. +.PP +The functions \fIEVP_PKEY_keygen()\fR and \fIEVP_PKEY_paramgen()\fR can be called more than +once on the same context if several operations are performed using the same +parameters. +.PP +The meaning of the parameters passed to the callback will depend on the +algorithm and the specific implementation of the algorithm. Some might not +give any useful information at all during key or parameter generation. Others +might not even call the callback. +.PP +The operation performed by key or parameter generation depends on the algorithm +used. In some cases (e.g. \s-1EC\s0 with a supplied named curve) the \*(L"generation\*(R" +option merely sets the appropriate fields in an \s-1EVP_PKEY\s0 structure. +.PP +In OpenSSL an \s-1EVP_PKEY\s0 structure containing a private key also contains the +public key components and parameters (if any). An OpenSSL private key is +equivalent to what some libraries call a \*(L"key pair\*(R". A private key can be used +in functions which require the use of a public key or parameters. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_PKEY_keygen_init()\fR, \fIEVP_PKEY_paramgen_init()\fR, \fIEVP_PKEY_keygen()\fR and +\&\fIEVP_PKEY_paramgen()\fR return 1 for success and 0 or a negative value for failure. +In particular a return value of \-2 indicates the operation is not supported by +the public key algorithm. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Generate a 2048 bit \s-1RSA\s0 key: +.PP +.Vb 2 +\& #include +\& #include +\& +\& EVP_PKEY_CTX *ctx; +\& EVP_PKEY *pkey = NULL; +\& +\& ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL); +\& if (!ctx) +\& /* Error occurred */ +\& if (EVP_PKEY_keygen_init(ctx) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048) <= 0) +\& /* Error */ +\& +\& /* Generate key */ +\& if (EVP_PKEY_keygen(ctx, &pkey) <= 0) +\& /* Error */ +.Ve +.PP +Generate a key from a set of parameters: +.PP +.Vb 2 +\& #include +\& #include +\& +\& EVP_PKEY_CTX *ctx; +\& ENGINE *eng; +\& EVP_PKEY *pkey = NULL, *param; +\& +\& /* Assumed param, eng are set up already */ +\& ctx = EVP_PKEY_CTX_new(param, eng); +\& if (!ctx) +\& /* Error occurred */ +\& if (EVP_PKEY_keygen_init(ctx) <= 0) +\& /* Error */ +\& +\& /* Generate key */ +\& if (EVP_PKEY_keygen(ctx, &pkey) <= 0) +\& /* Error */ +.Ve +.PP +Example of generation callback for OpenSSL public key implementations: +.PP +.Vb 1 +\& /* Application data is a BIO to output status to */ +\& +\& EVP_PKEY_CTX_set_app_data(ctx, status_bio); +\& +\& static int genpkey_cb(EVP_PKEY_CTX *ctx) +\& { +\& char c = \*(Aq*\*(Aq; +\& BIO *b = EVP_PKEY_CTX_get_app_data(ctx); +\& int p = EVP_PKEY_CTX_get_keygen_info(ctx, 0); +\& +\& if (p == 0) +\& c = \*(Aq.\*(Aq; +\& if (p == 1) +\& c = \*(Aq+\*(Aq; +\& if (p == 2) +\& c = \*(Aq*\*(Aq; +\& if (p == 3) +\& c = \*(Aq\en\*(Aq; +\& BIO_write(b, &c, 1); +\& (void)BIO_flush(b); +\& return 1; +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_PKEY_CTX_new\fR\|(3), +\&\fIEVP_PKEY_encrypt\fR\|(3), +\&\fIEVP_PKEY_decrypt\fR\|(3), +\&\fIEVP_PKEY_sign\fR\|(3), +\&\fIEVP_PKEY_verify\fR\|(3), +\&\fIEVP_PKEY_verify_recover\fR\|(3), +\&\fIEVP_PKEY_derive\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_PKEY_meth_get_count.3 b/linux_amd64/ssl/share/man/man3/EVP_PKEY_meth_get_count.3 new file mode 100755 index 0000000..87e5e2f --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_PKEY_meth_get_count.3 @@ -0,0 +1,173 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_METH_GET_COUNT 3" +.TH EVP_PKEY_METH_GET_COUNT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_meth_get_count, EVP_PKEY_meth_get0, EVP_PKEY_meth_get0_info \- enumerate public key methods +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& size_t EVP_PKEY_meth_get_count(void); +\& const EVP_PKEY_METHOD *EVP_PKEY_meth_get0(size_t idx); +\& void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags, +\& const EVP_PKEY_METHOD *meth); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIEVP_PKEY_meth_count()\fR returns a count of the number of public key methods +available: it includes standard methods and any methods added by the +application. +.PP +\&\fIEVP_PKEY_meth_get0()\fR returns the public key method \fBidx\fR. The value of \fBidx\fR +must be between zero and \fIEVP_PKEY_meth_get_count()\fR \- 1. +.PP +\&\fIEVP_PKEY_meth_get0_info()\fR returns the public key \s-1ID\s0 (a \s-1NID\s0) and any flags +associated with the public key method \fB*meth\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_PKEY_meth_count()\fR returns the number of available public key methods. +.PP +\&\fIEVP_PKEY_meth_get0()\fR return a public key method or \fB\s-1NULL\s0\fR if \fBidx\fR is +out of range. +.PP +\&\fIEVP_PKEY_meth_get0_info()\fR does not return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_PKEY_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_PKEY_meth_new.3 b/linux_amd64/ssl/share/man/man3/EVP_PKEY_meth_new.3 new file mode 100755 index 0000000..2eb52f1 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_PKEY_meth_new.3 @@ -0,0 +1,606 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_METH_NEW 3" +.TH EVP_PKEY_METH_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_meth_new, EVP_PKEY_meth_free, EVP_PKEY_meth_copy, EVP_PKEY_meth_find, +EVP_PKEY_meth_add0, EVP_PKEY_METHOD, +EVP_PKEY_meth_set_init, EVP_PKEY_meth_set_copy, EVP_PKEY_meth_set_cleanup, +EVP_PKEY_meth_set_paramgen, EVP_PKEY_meth_set_keygen, EVP_PKEY_meth_set_sign, +EVP_PKEY_meth_set_verify, EVP_PKEY_meth_set_verify_recover, EVP_PKEY_meth_set_signctx, +EVP_PKEY_meth_set_verifyctx, EVP_PKEY_meth_set_encrypt, EVP_PKEY_meth_set_decrypt, +EVP_PKEY_meth_set_derive, EVP_PKEY_meth_set_ctrl, +EVP_PKEY_meth_set_digestsign, EVP_PKEY_meth_set_digestverify, +EVP_PKEY_meth_set_check, +EVP_PKEY_meth_set_public_check, EVP_PKEY_meth_set_param_check, +EVP_PKEY_meth_set_digest_custom, +EVP_PKEY_meth_get_init, EVP_PKEY_meth_get_copy, EVP_PKEY_meth_get_cleanup, +EVP_PKEY_meth_get_paramgen, EVP_PKEY_meth_get_keygen, EVP_PKEY_meth_get_sign, +EVP_PKEY_meth_get_verify, EVP_PKEY_meth_get_verify_recover, EVP_PKEY_meth_get_signctx, +EVP_PKEY_meth_get_verifyctx, EVP_PKEY_meth_get_encrypt, EVP_PKEY_meth_get_decrypt, +EVP_PKEY_meth_get_derive, EVP_PKEY_meth_get_ctrl, +EVP_PKEY_meth_get_digestsign, EVP_PKEY_meth_get_digestverify, +EVP_PKEY_meth_get_check, +EVP_PKEY_meth_get_public_check, EVP_PKEY_meth_get_param_check, +EVP_PKEY_meth_get_digest_custom, +EVP_PKEY_meth_remove +\&\- manipulating EVP_PKEY_METHOD structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct evp_pkey_method_st EVP_PKEY_METHOD; +\& +\& EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags); +\& void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth); +\& void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src); +\& const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type); +\& int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth); +\& int EVP_PKEY_meth_remove(const EVP_PKEY_METHOD *pmeth); +\& +\& void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth, +\& int (*init) (EVP_PKEY_CTX *ctx)); +\& void EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD *pmeth, +\& int (*copy) (EVP_PKEY_CTX *dst, +\& EVP_PKEY_CTX *src)); +\& void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD *pmeth, +\& void (*cleanup) (EVP_PKEY_CTX *ctx)); +\& void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD *pmeth, +\& int (*paramgen_init) (EVP_PKEY_CTX *ctx), +\& int (*paramgen) (EVP_PKEY_CTX *ctx, +\& EVP_PKEY *pkey)); +\& void EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD *pmeth, +\& int (*keygen_init) (EVP_PKEY_CTX *ctx), +\& int (*keygen) (EVP_PKEY_CTX *ctx, +\& EVP_PKEY *pkey)); +\& void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth, +\& int (*sign_init) (EVP_PKEY_CTX *ctx), +\& int (*sign) (EVP_PKEY_CTX *ctx, +\& unsigned char *sig, size_t *siglen, +\& const unsigned char *tbs, +\& size_t tbslen)); +\& void EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD *pmeth, +\& int (*verify_init) (EVP_PKEY_CTX *ctx), +\& int (*verify) (EVP_PKEY_CTX *ctx, +\& const unsigned char *sig, +\& size_t siglen, +\& const unsigned char *tbs, +\& size_t tbslen)); +\& void EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD *pmeth, +\& int (*verify_recover_init) (EVP_PKEY_CTX +\& *ctx), +\& int (*verify_recover) (EVP_PKEY_CTX +\& *ctx, +\& unsigned char +\& *sig, +\& size_t *siglen, +\& const unsigned +\& char *tbs, +\& size_t tbslen)); +\& void EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD *pmeth, +\& int (*signctx_init) (EVP_PKEY_CTX *ctx, +\& EVP_MD_CTX *mctx), +\& int (*signctx) (EVP_PKEY_CTX *ctx, +\& unsigned char *sig, +\& size_t *siglen, +\& EVP_MD_CTX *mctx)); +\& void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD *pmeth, +\& int (*verifyctx_init) (EVP_PKEY_CTX *ctx, +\& EVP_MD_CTX *mctx), +\& int (*verifyctx) (EVP_PKEY_CTX *ctx, +\& const unsigned char *sig, +\& int siglen, +\& EVP_MD_CTX *mctx)); +\& void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *pmeth, +\& int (*encrypt_init) (EVP_PKEY_CTX *ctx), +\& int (*encryptfn) (EVP_PKEY_CTX *ctx, +\& unsigned char *out, +\& size_t *outlen, +\& const unsigned char *in, +\& size_t inlen)); +\& void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *pmeth, +\& int (*decrypt_init) (EVP_PKEY_CTX *ctx), +\& int (*decrypt) (EVP_PKEY_CTX *ctx, +\& unsigned char *out, +\& size_t *outlen, +\& const unsigned char *in, +\& size_t inlen)); +\& void EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD *pmeth, +\& int (*derive_init) (EVP_PKEY_CTX *ctx), +\& int (*derive) (EVP_PKEY_CTX *ctx, +\& unsigned char *key, +\& size_t *keylen)); +\& void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, +\& int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, +\& void *p2), +\& int (*ctrl_str) (EVP_PKEY_CTX *ctx, +\& const char *type, +\& const char *value)); +\& void EVP_PKEY_meth_set_digestsign(EVP_PKEY_METHOD *pmeth, +\& int (*digestsign) (EVP_MD_CTX *ctx, +\& unsigned char *sig, +\& size_t *siglen, +\& const unsigned char *tbs, +\& size_t tbslen)); +\& void EVP_PKEY_meth_set_digestverify(EVP_PKEY_METHOD *pmeth, +\& int (*digestverify) (EVP_MD_CTX *ctx, +\& const unsigned char *sig, +\& size_t siglen, +\& const unsigned char *tbs, +\& size_t tbslen)); +\& void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth, +\& int (*check) (EVP_PKEY *pkey)); +\& void EVP_PKEY_meth_set_public_check(EVP_PKEY_METHOD *pmeth, +\& int (*check) (EVP_PKEY *pkey)); +\& void EVP_PKEY_meth_set_param_check(EVP_PKEY_METHOD *pmeth, +\& int (*check) (EVP_PKEY *pkey)); +\& void EVP_PKEY_meth_set_digest_custom(EVP_PKEY_METHOD *pmeth, +\& int (*digest_custom) (EVP_PKEY_CTX *ctx, +\& EVP_MD_CTX *mctx)); +\& +\& void EVP_PKEY_meth_get_init(const EVP_PKEY_METHOD *pmeth, +\& int (**pinit) (EVP_PKEY_CTX *ctx)); +\& void EVP_PKEY_meth_get_copy(const EVP_PKEY_METHOD *pmeth, +\& int (**pcopy) (EVP_PKEY_CTX *dst, +\& EVP_PKEY_CTX *src)); +\& void EVP_PKEY_meth_get_cleanup(const EVP_PKEY_METHOD *pmeth, +\& void (**pcleanup) (EVP_PKEY_CTX *ctx)); +\& void EVP_PKEY_meth_get_paramgen(const EVP_PKEY_METHOD *pmeth, +\& int (**pparamgen_init) (EVP_PKEY_CTX *ctx), +\& int (**pparamgen) (EVP_PKEY_CTX *ctx, +\& EVP_PKEY *pkey)); +\& void EVP_PKEY_meth_get_keygen(const EVP_PKEY_METHOD *pmeth, +\& int (**pkeygen_init) (EVP_PKEY_CTX *ctx), +\& int (**pkeygen) (EVP_PKEY_CTX *ctx, +\& EVP_PKEY *pkey)); +\& void EVP_PKEY_meth_get_sign(const EVP_PKEY_METHOD *pmeth, +\& int (**psign_init) (EVP_PKEY_CTX *ctx), +\& int (**psign) (EVP_PKEY_CTX *ctx, +\& unsigned char *sig, size_t *siglen, +\& const unsigned char *tbs, +\& size_t tbslen)); +\& void EVP_PKEY_meth_get_verify(const EVP_PKEY_METHOD *pmeth, +\& int (**pverify_init) (EVP_PKEY_CTX *ctx), +\& int (**pverify) (EVP_PKEY_CTX *ctx, +\& const unsigned char *sig, +\& size_t siglen, +\& const unsigned char *tbs, +\& size_t tbslen)); +\& void EVP_PKEY_meth_get_verify_recover(const EVP_PKEY_METHOD *pmeth, +\& int (**pverify_recover_init) (EVP_PKEY_CTX +\& *ctx), +\& int (**pverify_recover) (EVP_PKEY_CTX +\& *ctx, +\& unsigned char +\& *sig, +\& size_t *siglen, +\& const unsigned +\& char *tbs, +\& size_t tbslen)); +\& void EVP_PKEY_meth_get_signctx(const EVP_PKEY_METHOD *pmeth, +\& int (**psignctx_init) (EVP_PKEY_CTX *ctx, +\& EVP_MD_CTX *mctx), +\& int (**psignctx) (EVP_PKEY_CTX *ctx, +\& unsigned char *sig, +\& size_t *siglen, +\& EVP_MD_CTX *mctx)); +\& void EVP_PKEY_meth_get_verifyctx(const EVP_PKEY_METHOD *pmeth, +\& int (**pverifyctx_init) (EVP_PKEY_CTX *ctx, +\& EVP_MD_CTX *mctx), +\& int (**pverifyctx) (EVP_PKEY_CTX *ctx, +\& const unsigned char *sig, +\& int siglen, +\& EVP_MD_CTX *mctx)); +\& void EVP_PKEY_meth_get_encrypt(const EVP_PKEY_METHOD *pmeth, +\& int (**pencrypt_init) (EVP_PKEY_CTX *ctx), +\& int (**pencryptfn) (EVP_PKEY_CTX *ctx, +\& unsigned char *out, +\& size_t *outlen, +\& const unsigned char *in, +\& size_t inlen)); +\& void EVP_PKEY_meth_get_decrypt(const EVP_PKEY_METHOD *pmeth, +\& int (**pdecrypt_init) (EVP_PKEY_CTX *ctx), +\& int (**pdecrypt) (EVP_PKEY_CTX *ctx, +\& unsigned char *out, +\& size_t *outlen, +\& const unsigned char *in, +\& size_t inlen)); +\& void EVP_PKEY_meth_get_derive(const EVP_PKEY_METHOD *pmeth, +\& int (**pderive_init) (EVP_PKEY_CTX *ctx), +\& int (**pderive) (EVP_PKEY_CTX *ctx, +\& unsigned char *key, +\& size_t *keylen)); +\& void EVP_PKEY_meth_get_ctrl(const EVP_PKEY_METHOD *pmeth, +\& int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1, +\& void *p2), +\& int (**pctrl_str) (EVP_PKEY_CTX *ctx, +\& const char *type, +\& const char *value)); +\& void EVP_PKEY_meth_get_digestsign(EVP_PKEY_METHOD *pmeth, +\& int (**digestsign) (EVP_MD_CTX *ctx, +\& unsigned char *sig, +\& size_t *siglen, +\& const unsigned char *tbs, +\& size_t tbslen)); +\& void EVP_PKEY_meth_get_digestverify(EVP_PKEY_METHOD *pmeth, +\& int (**digestverify) (EVP_MD_CTX *ctx, +\& const unsigned char *sig, +\& size_t siglen, +\& const unsigned char *tbs, +\& size_t tbslen)); +\& void EVP_PKEY_meth_get_check(const EVP_PKEY_METHOD *pmeth, +\& int (**pcheck) (EVP_PKEY *pkey)); +\& void EVP_PKEY_meth_get_public_check(const EVP_PKEY_METHOD *pmeth, +\& int (**pcheck) (EVP_PKEY *pkey)); +\& void EVP_PKEY_meth_get_param_check(const EVP_PKEY_METHOD *pmeth, +\& int (**pcheck) (EVP_PKEY *pkey)); +\& void EVP_PKEY_meth_get_digest_custom(EVP_PKEY_METHOD *pmeth, +\& int (**pdigest_custom) (EVP_PKEY_CTX *ctx, +\& EVP_MD_CTX *mctx)); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fB\s-1EVP_PKEY_METHOD\s0\fR is a structure which holds a set of methods for a +specific public key cryptographic algorithm. Those methods are usually +used to perform different jobs, such as generating a key, signing or +verifying, encrypting or decrypting, etc. +.PP +There are two places where the \fB\s-1EVP_PKEY_METHOD\s0\fR objects are stored: one +is a built-in static array representing the standard methods for different +algorithms, and the other one is a stack of user-defined application-specific +methods, which can be manipulated by using \fIEVP_PKEY_meth_add0\fR\|(3). +.PP +The \fB\s-1EVP_PKEY_METHOD\s0\fR objects are usually referenced by \fB\s-1EVP_PKEY_CTX\s0\fR +objects. +.SS "Methods" +.IX Subsection "Methods" +The methods are the underlying implementations of a particular public key +algorithm present by the \fB\s-1EVP_PKEY_CTX\s0\fR object. +.PP +.Vb 3 +\& int (*init) (EVP_PKEY_CTX *ctx); +\& int (*copy) (EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src); +\& void (*cleanup) (EVP_PKEY_CTX *ctx); +.Ve +.PP +The \fIinit()\fR method is called to initialize algorithm-specific data when a new +\&\fB\s-1EVP_PKEY_CTX\s0\fR is created. As opposed to \fIinit()\fR, the \fIcleanup()\fR method is called +when an \fB\s-1EVP_PKEY_CTX\s0\fR is freed. The \fIcopy()\fR method is called when an \fB\s-1EVP_PKEY_CTX\s0\fR +is being duplicated. Refer to \fIEVP_PKEY_CTX_new\fR\|(3), \fIEVP_PKEY_CTX_new_id\fR\|(3), +\&\fIEVP_PKEY_CTX_free\fR\|(3) and \fIEVP_PKEY_CTX_dup\fR\|(3). +.PP +.Vb 2 +\& int (*paramgen_init) (EVP_PKEY_CTX *ctx); +\& int (*paramgen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); +.Ve +.PP +The \fIparamgen_init()\fR and \fIparamgen()\fR methods deal with key parameter generation. +They are called by \fIEVP_PKEY_paramgen_init\fR\|(3) and \fIEVP_PKEY_paramgen\fR\|(3) to +handle the parameter generation process. +.PP +.Vb 2 +\& int (*keygen_init) (EVP_PKEY_CTX *ctx); +\& int (*keygen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); +.Ve +.PP +The \fIkeygen_init()\fR and \fIkeygen()\fR methods are used to generate the actual key for +the specified algorithm. They are called by \fIEVP_PKEY_keygen_init\fR\|(3) and +\&\fIEVP_PKEY_keygen\fR\|(3). +.PP +.Vb 3 +\& int (*sign_init) (EVP_PKEY_CTX *ctx); +\& int (*sign) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, +\& const unsigned char *tbs, size_t tbslen); +.Ve +.PP +The \fIsign_init()\fR and \fIsign()\fR methods are used to generate the signature of a +piece of data using a private key. They are called by \fIEVP_PKEY_sign_init\fR\|(3) +and \fIEVP_PKEY_sign\fR\|(3). +.PP +.Vb 4 +\& int (*verify_init) (EVP_PKEY_CTX *ctx); +\& int (*verify) (EVP_PKEY_CTX *ctx, +\& const unsigned char *sig, size_t siglen, +\& const unsigned char *tbs, size_t tbslen); +.Ve +.PP +The \fIverify_init()\fR and \fIverify()\fR methods are used to verify whether a signature is +valid. They are called by \fIEVP_PKEY_verify_init\fR\|(3) and \fIEVP_PKEY_verify\fR\|(3). +.PP +.Vb 4 +\& int (*verify_recover_init) (EVP_PKEY_CTX *ctx); +\& int (*verify_recover) (EVP_PKEY_CTX *ctx, +\& unsigned char *rout, size_t *routlen, +\& const unsigned char *sig, size_t siglen); +.Ve +.PP +The \fIverify_recover_init()\fR and \fIverify_recover()\fR methods are used to verify a +signature and then recover the digest from the signature (for instance, a +signature that was generated by \s-1RSA\s0 signing algorithm). They are called by +\&\fIEVP_PKEY_verify_recover_init\fR\|(3) and \fIEVP_PKEY_verify_recover\fR\|(3). +.PP +.Vb 3 +\& int (*signctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); +\& int (*signctx) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, +\& EVP_MD_CTX *mctx); +.Ve +.PP +The \fIsignctx_init()\fR and \fIsignctx()\fR methods are used to sign a digest present by +a \fB\s-1EVP_MD_CTX\s0\fR object. They are called by the EVP_DigestSign functions. See +\&\fIEVP_DigestSignInit\fR\|(3) for details. +.PP +.Vb 3 +\& int (*verifyctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); +\& int (*verifyctx) (EVP_PKEY_CTX *ctx, const unsigned char *sig, int siglen, +\& EVP_MD_CTX *mctx); +.Ve +.PP +The \fIverifyctx_init()\fR and \fIverifyctx()\fR methods are used to verify a signature +against the data in a \fB\s-1EVP_MD_CTX\s0\fR object. They are called by the various +EVP_DigestVerify functions. See \fIEVP_DigestVerifyInit\fR\|(3) for details. +.PP +.Vb 3 +\& int (*encrypt_init) (EVP_PKEY_CTX *ctx); +\& int (*encrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, +\& const unsigned char *in, size_t inlen); +.Ve +.PP +The \fIencrypt_init()\fR and \fIencrypt()\fR methods are used to encrypt a piece of data. +They are called by \fIEVP_PKEY_encrypt_init\fR\|(3) and \fIEVP_PKEY_encrypt\fR\|(3). +.PP +.Vb 3 +\& int (*decrypt_init) (EVP_PKEY_CTX *ctx); +\& int (*decrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, +\& const unsigned char *in, size_t inlen); +.Ve +.PP +The \fIdecrypt_init()\fR and \fIdecrypt()\fR methods are used to decrypt a piece of data. +They are called by \fIEVP_PKEY_decrypt_init\fR\|(3) and \fIEVP_PKEY_decrypt\fR\|(3). +.PP +.Vb 2 +\& int (*derive_init) (EVP_PKEY_CTX *ctx); +\& int (*derive) (EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); +.Ve +.PP +The \fIderive_init()\fR and \fIderive()\fR methods are used to derive the shared secret +from a public key algorithm (for instance, the \s-1DH\s0 algorithm). They are called by +\&\fIEVP_PKEY_derive_init\fR\|(3) and \fIEVP_PKEY_derive\fR\|(3). +.PP +.Vb 2 +\& int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2); +\& int (*ctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value); +.Ve +.PP +The \fIctrl()\fR and \fIctrl_str()\fR methods are used to adjust algorithm-specific +settings. See \fIEVP_PKEY_CTX_ctrl\fR\|(3) and related functions for details. +.PP +.Vb 5 +\& int (*digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, +\& const unsigned char *tbs, size_t tbslen); +\& int (*digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig, +\& size_t siglen, const unsigned char *tbs, +\& size_t tbslen); +.Ve +.PP +The \fIdigestsign()\fR and \fIdigestverify()\fR methods are used to generate or verify +a signature in a one-shot mode. They could be called by \fIEVP_DigestSign\fR\|(3) +and \fIEVP_DigestVerify\fR\|(3). +.PP +.Vb 3 +\& int (*check) (EVP_PKEY *pkey); +\& int (*public_check) (EVP_PKEY *pkey); +\& int (*param_check) (EVP_PKEY *pkey); +.Ve +.PP +The \fIcheck()\fR, \fIpublic_check()\fR and \fIparam_check()\fR methods are used to validate a +key-pair, the public component and parameters respectively for a given \fBpkey\fR. +They could be called by \fIEVP_PKEY_check\fR\|(3), \fIEVP_PKEY_public_check\fR\|(3) and +\&\fIEVP_PKEY_param_check\fR\|(3) respectively. +.PP +.Vb 1 +\& int (*digest_custom) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); +.Ve +.PP +The \fIdigest_custom()\fR method is used to generate customized digest content before +the real message is passed to functions like \fIEVP_DigestSignUpdate\fR\|(3) or +\&\fIEVP_DigestVerifyInit\fR\|(3). This is usually required by some public key +signature algorithms like \s-1SM2\s0 which requires a hashed prefix to the message to +be signed. The \fIdigest_custom()\fR function will be called by \fIEVP_DigestSignInit\fR\|(3) +and \fIEVP_DigestVerifyInit\fR\|(3). +.SS "Functions" +.IX Subsection "Functions" +\&\fIEVP_PKEY_meth_new()\fR creates and returns a new \fB\s-1EVP_PKEY_METHOD\s0\fR object, +and associates the given \fBid\fR and \fBflags\fR. The following flags are +supported: +.PP +.Vb 2 +\& EVP_PKEY_FLAG_AUTOARGLEN +\& EVP_PKEY_FLAG_SIGCTX_CUSTOM +.Ve +.PP +If an \fB\s-1EVP_PKEY_METHOD\s0\fR is set with the \fB\s-1EVP_PKEY_FLAG_AUTOARGLEN\s0\fR flag, the +maximum size of the output buffer will be automatically calculated or checked +in corresponding \s-1EVP\s0 methods by the \s-1EVP\s0 framework. Thus the implementations of +these methods don't need to care about handling the case of returning output +buffer size by themselves. For details on the output buffer size, refer to +\&\fIEVP_PKEY_sign\fR\|(3). +.PP +The \fB\s-1EVP_PKEY_FLAG_SIGCTX_CUSTOM\s0\fR is used to indicate the \fIsignctx()\fR method +of an \fB\s-1EVP_PKEY_METHOD\s0\fR is always called by the \s-1EVP\s0 framework while doing a +digest signing operation by calling \fIEVP_DigestSignFinal\fR\|(3). +.PP +\&\fIEVP_PKEY_meth_free()\fR frees an existing \fB\s-1EVP_PKEY_METHOD\s0\fR pointed by +\&\fBpmeth\fR. +.PP +\&\fIEVP_PKEY_meth_copy()\fR copies an \fB\s-1EVP_PKEY_METHOD\s0\fR object from \fBsrc\fR +to \fBdst\fR. +.PP +\&\fIEVP_PKEY_meth_find()\fR finds an \fB\s-1EVP_PKEY_METHOD\s0\fR object with the \fBid\fR. +This function first searches through the user-defined method objects and +then the built-in objects. +.PP +\&\fIEVP_PKEY_meth_add0()\fR adds \fBpmeth\fR to the user defined stack of methods. +.PP +\&\fIEVP_PKEY_meth_remove()\fR removes an \fB\s-1EVP_PKEY_METHOD\s0\fR object added by +\&\fIEVP_PKEY_meth_add0()\fR. +.PP +The EVP_PKEY_meth_set functions set the corresponding fields of +\&\fB\s-1EVP_PKEY_METHOD\s0\fR structure with the arguments passed. +.PP +The EVP_PKEY_meth_get functions get the corresponding fields of +\&\fB\s-1EVP_PKEY_METHOD\s0\fR structure to the arguments provided. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_PKEY_meth_new()\fR returns a pointer to a new \fB\s-1EVP_PKEY_METHOD\s0\fR +object or returns \s-1NULL\s0 on error. +.PP +\&\fIEVP_PKEY_meth_free()\fR and \fIEVP_PKEY_meth_copy()\fR do not return values. +.PP +\&\fIEVP_PKEY_meth_find()\fR returns a pointer to the found \fB\s-1EVP_PKEY_METHOD\s0\fR +object or returns \s-1NULL\s0 if not found. +.PP +\&\fIEVP_PKEY_meth_add0()\fR returns 1 if method is added successfully or 0 +if an error occurred. +.PP +\&\fIEVP_PKEY_meth_remove()\fR returns 1 if method is removed successfully or +0 if an error occurred. +.PP +All EVP_PKEY_meth_set and EVP_PKEY_meth_get functions have no return +values. For the 'get' functions, function pointers are returned by +arguments. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_PKEY_new.3 b/linux_amd64/ssl/share/man/man3/EVP_PKEY_new.3 new file mode 100755 index 0000000..254966e --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_PKEY_new.3 @@ -0,0 +1,257 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_NEW 3" +.TH EVP_PKEY_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_new, +EVP_PKEY_up_ref, +EVP_PKEY_free, +EVP_PKEY_new_raw_private_key, +EVP_PKEY_new_raw_public_key, +EVP_PKEY_new_CMAC_key, +EVP_PKEY_new_mac_key, +EVP_PKEY_get_raw_private_key, +EVP_PKEY_get_raw_public_key +\&\- public/private key allocation and raw key handling functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EVP_PKEY *EVP_PKEY_new(void); +\& int EVP_PKEY_up_ref(EVP_PKEY *key); +\& void EVP_PKEY_free(EVP_PKEY *key); +\& +\& EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *e, +\& const unsigned char *key, size_t keylen); +\& EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *e, +\& const unsigned char *key, size_t keylen); +\& EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv, +\& size_t len, const EVP_CIPHER *cipher); +\& EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, const unsigned char *key, +\& int keylen); +\& +\& int EVP_PKEY_get_raw_private_key(const EVP_PKEY *pkey, unsigned char *priv, +\& size_t *len); +\& int EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey, unsigned char *pub, +\& size_t *len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fIEVP_PKEY_new()\fR function allocates an empty \fB\s-1EVP_PKEY\s0\fR structure which is +used by OpenSSL to store public and private keys. The reference count is set to +\&\fB1\fR. +.PP +\&\fIEVP_PKEY_up_ref()\fR increments the reference count of \fBkey\fR. +.PP +\&\fIEVP_PKEY_free()\fR decrements the reference count of \fBkey\fR and, if the reference +count is zero, frees it up. If \fBkey\fR is \s-1NULL\s0, nothing is done. +.PP +\&\fIEVP_PKEY_new_raw_private_key()\fR allocates a new \fB\s-1EVP_PKEY\s0\fR. If \fBe\fR is non-NULL +then the new \fB\s-1EVP_PKEY\s0\fR structure is associated with the engine \fBe\fR. The +\&\fBtype\fR argument indicates what kind of key this is. The value should be a \s-1NID\s0 +for a public key algorithm that supports raw private keys, i.e. one of +\&\fB\s-1EVP_PKEY_HMAC\s0\fR, \fB\s-1EVP_PKEY_POLY1305\s0\fR, \fB\s-1EVP_PKEY_SIPHASH\s0\fR, \fB\s-1EVP_PKEY_X25519\s0\fR, +\&\fB\s-1EVP_PKEY_ED25519\s0\fR, \fB\s-1EVP_PKEY_X448\s0\fR or \fB\s-1EVP_PKEY_ED448\s0\fR. \fBkey\fR points to the +raw private key data for this \fB\s-1EVP_PKEY\s0\fR which should be of length \fBkeylen\fR. +The length should be appropriate for the type of the key. The public key data +will be automatically derived from the given private key data (if appropriate +for the algorithm type). +.PP +\&\fIEVP_PKEY_new_raw_public_key()\fR works in the same way as +\&\fIEVP_PKEY_new_raw_private_key()\fR except that \fBkey\fR points to the raw public key +data. The \fB\s-1EVP_PKEY\s0\fR structure will be initialised without any private key +information. Algorithm types that support raw public keys are +\&\fB\s-1EVP_PKEY_X25519\s0\fR, \fB\s-1EVP_PKEY_ED25519\s0\fR, \fB\s-1EVP_PKEY_X448\s0\fR or \fB\s-1EVP_PKEY_ED448\s0\fR. +.PP +\&\fIEVP_PKEY_new_CMAC_key()\fR works in the same way as \fIEVP_PKEY_new_raw_private_key()\fR +except it is only for the \fB\s-1EVP_PKEY_CMAC\s0\fR algorithm type. In addition to the +raw private key data, it also takes a cipher algorithm to be used during +creation of a \s-1CMAC\s0 in the \fBcipher\fR argument. +.PP +\&\fIEVP_PKEY_new_mac_key()\fR works in the same way as \fIEVP_PKEY_new_raw_private_key()\fR. +New applications should use \fIEVP_PKEY_new_raw_private_key()\fR instead. +.PP +\&\fIEVP_PKEY_get_raw_private_key()\fR fills the buffer provided by \fBpriv\fR with raw +private key data. The number of bytes written is populated in \fB*len\fR. If the +buffer \fBpriv\fR is \s-1NULL\s0 then \fB*len\fR is populated with the number of bytes +required to hold the key. The calling application is responsible for ensuring +that the buffer is large enough to receive the private key data. This function +only works for algorithms that support raw private keys. Currently this is: +\&\fB\s-1EVP_PKEY_HMAC\s0\fR, \fB\s-1EVP_PKEY_POLY1305\s0\fR, \fB\s-1EVP_PKEY_SIPHASH\s0\fR, \fB\s-1EVP_PKEY_X25519\s0\fR, +\&\fB\s-1EVP_PKEY_ED25519\s0\fR, \fB\s-1EVP_PKEY_X448\s0\fR or \fB\s-1EVP_PKEY_ED448\s0\fR. +.PP +\&\fIEVP_PKEY_get_raw_public_key()\fR fills the buffer provided by \fBpub\fR with raw +public key data. The number of bytes written is populated in \fB*len\fR. If the +buffer \fBpub\fR is \s-1NULL\s0 then \fB*len\fR is populated with the number of bytes +required to hold the key. The calling application is responsible for ensuring +that the buffer is large enough to receive the public key data. This function +only works for algorithms that support raw public keys. Currently this is: +\&\fB\s-1EVP_PKEY_X25519\s0\fR, \fB\s-1EVP_PKEY_ED25519\s0\fR, \fB\s-1EVP_PKEY_X448\s0\fR or \fB\s-1EVP_PKEY_ED448\s0\fR. +.SH "NOTES" +.IX Header "NOTES" +The \fB\s-1EVP_PKEY\s0\fR structure is used by various OpenSSL functions which require a +general private key without reference to any particular algorithm. +.PP +The structure returned by \fIEVP_PKEY_new()\fR is empty. To add a private or public +key to this empty structure use the appropriate functions described in +\&\fIEVP_PKEY_set1_RSA\fR\|(3), \fIEVP_PKEY_set1_DSA\fR\|(3), \fIEVP_PKEY_set1_DH\fR\|(3) or +\&\fIEVP_PKEY_set1_EC_KEY\fR\|(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_PKEY_new()\fR, \fIEVP_PKEY_new_raw_private_key()\fR, \fIEVP_PKEY_new_raw_public_key()\fR, +\&\fIEVP_PKEY_new_CMAC_key()\fR and \fIEVP_PKEY_new_mac_key()\fR return either the newly +allocated \fB\s-1EVP_PKEY\s0\fR structure or \fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fIEVP_PKEY_up_ref()\fR, \fIEVP_PKEY_get_raw_private_key()\fR and +\&\fIEVP_PKEY_get_raw_public_key()\fR return 1 for success and 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_PKEY_set1_RSA\fR\|(3), \fIEVP_PKEY_set1_DSA\fR\|(3), \fIEVP_PKEY_set1_DH\fR\|(3) or +\&\fIEVP_PKEY_set1_EC_KEY\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The +\&\fIEVP_PKEY_new()\fR and \fIEVP_PKEY_free()\fR functions exist in all versions of OpenSSL. +.PP +The \fIEVP_PKEY_up_ref()\fR function was added in OpenSSL 1.1.0. +.PP +The +\&\fIEVP_PKEY_new_raw_private_key()\fR, \fIEVP_PKEY_new_raw_public_key()\fR, +\&\fIEVP_PKEY_new_CMAC_key()\fR, \fIEVP_PKEY_new_raw_private_key()\fR and +\&\fIEVP_PKEY_get_raw_public_key()\fR functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_PKEY_print_private.3 b/linux_amd64/ssl/share/man/man3/EVP_PKEY_print_private.3 new file mode 100755 index 0000000..df13c6e --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_PKEY_print_private.3 @@ -0,0 +1,182 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_PRINT_PRIVATE 3" +.TH EVP_PKEY_PRINT_PRIVATE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_print_public, EVP_PKEY_print_private, EVP_PKEY_print_params \- public key algorithm printing routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey, +\& int indent, ASN1_PCTX *pctx); +\& int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey, +\& int indent, ASN1_PCTX *pctx); +\& int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey, +\& int indent, ASN1_PCTX *pctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The functions \fIEVP_PKEY_print_public()\fR, \fIEVP_PKEY_print_private()\fR and +\&\fIEVP_PKEY_print_params()\fR print out the public, private or parameter components +of key \fBpkey\fR respectively. The key is sent to \s-1BIO\s0 \fBout\fR in human readable +form. The parameter \fBindent\fR indicated how far the printout should be indented. +.PP +The \fBpctx\fR parameter allows the print output to be finely tuned by using +\&\s-1ASN1\s0 printing options. If \fBpctx\fR is set to \s-1NULL\s0 then default values will +be used. +.SH "NOTES" +.IX Header "NOTES" +Currently no public key algorithms include any options in the \fBpctx\fR parameter. +.PP +If the key does not include all the components indicated by the function then +only those contained in the key will be printed. For example passing a public +key to \fIEVP_PKEY_print_private()\fR will only print the public components. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions all return 1 for success and 0 or a negative value for failure. +In particular a return value of \-2 indicates the operation is not supported by +the public key algorithm. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_PKEY_CTX_new\fR\|(3), +\&\fIEVP_PKEY_keygen\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_PKEY_set1_RSA.3 b/linux_amd64/ssl/share/man/man3/EVP_PKEY_set1_RSA.3 new file mode 100755 index 0000000..e4e1e07 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_PKEY_set1_RSA.3 @@ -0,0 +1,289 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_SET1_RSA 3" +.TH EVP_PKEY_SET1_RSA 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY, +EVP_PKEY_get1_RSA, EVP_PKEY_get1_DSA, EVP_PKEY_get1_DH, EVP_PKEY_get1_EC_KEY, +EVP_PKEY_get0_RSA, EVP_PKEY_get0_DSA, EVP_PKEY_get0_DH, EVP_PKEY_get0_EC_KEY, +EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH, +EVP_PKEY_assign_EC_KEY, EVP_PKEY_assign_POLY1305, EVP_PKEY_assign_SIPHASH, +EVP_PKEY_get0_hmac, EVP_PKEY_get0_poly1305, EVP_PKEY_get0_siphash, +EVP_PKEY_type, EVP_PKEY_id, EVP_PKEY_base_id, EVP_PKEY_set_alias_type, +EVP_PKEY_set1_engine, EVP_PKEY_get0_engine \- EVP_PKEY assignment functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key); +\& int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key); +\& int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key); +\& int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key); +\& +\& RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey); +\& DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey); +\& DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey); +\& EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey); +\& +\& const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len); +\& const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len); +\& const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len); +\& RSA *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey); +\& DSA *EVP_PKEY_get0_DSA(const EVP_PKEY *pkey); +\& DH *EVP_PKEY_get0_DH(const EVP_PKEY *pkey); +\& EC_KEY *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey); +\& +\& int EVP_PKEY_assign_RSA(EVP_PKEY *pkey, RSA *key); +\& int EVP_PKEY_assign_DSA(EVP_PKEY *pkey, DSA *key); +\& int EVP_PKEY_assign_DH(EVP_PKEY *pkey, DH *key); +\& int EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey, EC_KEY *key); +\& int EVP_PKEY_assign_POLY1305(EVP_PKEY *pkey, ASN1_OCTET_STRING *key); +\& int EVP_PKEY_assign_SIPHASH(EVP_PKEY *pkey, ASN1_OCTET_STRING *key); +\& +\& int EVP_PKEY_id(const EVP_PKEY *pkey); +\& int EVP_PKEY_base_id(const EVP_PKEY *pkey); +\& int EVP_PKEY_type(int type); +\& int EVP_PKEY_set_alias_type(EVP_PKEY *pkey, int type); +\& +\& ENGINE *EVP_PKEY_get0_engine(const EVP_PKEY *pkey); +\& int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *engine); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIEVP_PKEY_set1_RSA()\fR, \fIEVP_PKEY_set1_DSA()\fR, \fIEVP_PKEY_set1_DH()\fR and +\&\fIEVP_PKEY_set1_EC_KEY()\fR set the key referenced by \fBpkey\fR to \fBkey\fR. +.PP +\&\fIEVP_PKEY_get1_RSA()\fR, \fIEVP_PKEY_get1_DSA()\fR, \fIEVP_PKEY_get1_DH()\fR and +\&\fIEVP_PKEY_get1_EC_KEY()\fR return the referenced key in \fBpkey\fR or +\&\fB\s-1NULL\s0\fR if the key is not of the correct type. +.PP +\&\fIEVP_PKEY_get0_hmac()\fR, \fIEVP_PKEY_get0_poly1305()\fR, \fIEVP_PKEY_get0_siphash()\fR, +\&\fIEVP_PKEY_get0_RSA()\fR, \fIEVP_PKEY_get0_DSA()\fR, \fIEVP_PKEY_get0_DH()\fR +and \fIEVP_PKEY_get0_EC_KEY()\fR also return the referenced key in \fBpkey\fR or \fB\s-1NULL\s0\fR +if the key is not of the correct type but the reference count of the +returned key is \fBnot\fR incremented and so must not be freed up after use. +.PP +\&\fIEVP_PKEY_assign_RSA()\fR, \fIEVP_PKEY_assign_DSA()\fR, \fIEVP_PKEY_assign_DH()\fR, +\&\fIEVP_PKEY_assign_EC_KEY()\fR, \fIEVP_PKEY_assign_POLY1305()\fR and +\&\fIEVP_PKEY_assign_SIPHASH()\fR also set the referenced key to \fBkey\fR +however these use the supplied \fBkey\fR internally and so \fBkey\fR +will be freed when the parent \fBpkey\fR is freed. +.PP +\&\fIEVP_PKEY_base_id()\fR returns the type of \fBpkey\fR. For example +an \s-1RSA\s0 key will return \fB\s-1EVP_PKEY_RSA\s0\fR. +.PP +\&\fIEVP_PKEY_id()\fR returns the actual \s-1OID\s0 associated with \fBpkey\fR. Historically keys +using the same algorithm could use different OIDs. For example an \s-1RSA\s0 key could +use the OIDs corresponding to the NIDs \fBNID_rsaEncryption\fR (equivalent to +\&\fB\s-1EVP_PKEY_RSA\s0\fR) or \fBNID_rsa\fR (equivalent to \fB\s-1EVP_PKEY_RSA2\s0\fR). The use of +alternative non-standard OIDs is now rare so \fB\s-1EVP_PKEY_RSA2\s0\fR et al are not +often seen in practice. +.PP +\&\fIEVP_PKEY_type()\fR returns the underlying type of the \s-1NID\s0 \fBtype\fR. For example +EVP_PKEY_type(\s-1EVP_PKEY_RSA2\s0) will return \fB\s-1EVP_PKEY_RSA\s0\fR. +.PP +\&\fIEVP_PKEY_get0_engine()\fR returns a reference to the \s-1ENGINE\s0 handling \fBpkey\fR. +.PP +\&\fIEVP_PKEY_set1_engine()\fR sets the \s-1ENGINE\s0 handling \fBpkey\fR to \fBengine\fR. It +must be called after the key algorithm and components are set up. +If \fBengine\fR does not include an \fB\s-1EVP_PKEY_METHOD\s0\fR for \fBpkey\fR an +error occurs. +.PP +\&\fIEVP_PKEY_set_alias_type()\fR allows modifying a \s-1EVP_PKEY\s0 to use a +different set of algorithms than the default. +.SH "NOTES" +.IX Header "NOTES" +In accordance with the OpenSSL naming convention the key obtained +from or assigned to the \fBpkey\fR using the \fB1\fR functions must be +freed as well as \fBpkey\fR. +.PP +\&\fIEVP_PKEY_assign_RSA()\fR, \fIEVP_PKEY_assign_DSA()\fR, \fIEVP_PKEY_assign_DH()\fR, +\&\fIEVP_PKEY_assign_EC_KEY()\fR, \fIEVP_PKEY_assign_POLY1305()\fR +and \fIEVP_PKEY_assign_SIPHASH()\fR are implemented as macros. +.PP +\&\fIEVP_PKEY_assign_EC_KEY()\fR looks at the curve name id to determine if +the passed \fB\s-1EC_KEY\s0\fR is an \s-1\fISM2\s0\fR\|(7) key, and will set the \fB\s-1EVP_PKEY\s0\fR +type to \fB\s-1EVP_PKEY_SM2\s0\fR in that case, instead of \fB\s-1EVP_PKEY_EC\s0\fR. +.PP +It's possible to switch back and forth between the types \fB\s-1EVP_PKEY_EC\s0\fR +and \fB\s-1EVP_PKEY_SM2\s0\fR with a call to \fIEVP_PKEY_set_alias_type()\fR on keys +assigned with this macro if it's desirable to do a normal \s-1EC\s0 +computations with the \s-1SM2\s0 curve instead of the special \s-1SM2\s0 +computations, and vice versa. +.PP +Most applications wishing to know a key type will simply call +\&\fIEVP_PKEY_base_id()\fR and will not care about the actual type: +which will be identical in almost all cases. +.PP +Previous versions of this document suggested using EVP_PKEY_type(pkey\->type) +to determine the type of a key. Since \fB\s-1EVP_PKEY\s0\fR is now opaque this +is no longer possible: the equivalent is EVP_PKEY_base_id(pkey). +.PP +\&\fIEVP_PKEY_set1_engine()\fR is typically used by an \s-1ENGINE\s0 returning an \s-1HSM\s0 +key as part of its routine to load a private key. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_PKEY_set1_RSA()\fR, \fIEVP_PKEY_set1_DSA()\fR, \fIEVP_PKEY_set1_DH()\fR and +\&\fIEVP_PKEY_set1_EC_KEY()\fR return 1 for success or 0 for failure. +.PP +\&\fIEVP_PKEY_get1_RSA()\fR, \fIEVP_PKEY_get1_DSA()\fR, \fIEVP_PKEY_get1_DH()\fR and +\&\fIEVP_PKEY_get1_EC_KEY()\fR return the referenced key or \fB\s-1NULL\s0\fR if +an error occurred. +.PP +\&\fIEVP_PKEY_assign_RSA()\fR, \fIEVP_PKEY_assign_DSA()\fR, \fIEVP_PKEY_assign_DH()\fR, +\&\fIEVP_PKEY_assign_EC_KEY()\fR, \fIEVP_PKEY_assign_POLY1305()\fR +and \fIEVP_PKEY_assign_SIPHASH()\fR return 1 for success and 0 for failure. +.PP +\&\fIEVP_PKEY_base_id()\fR, \fIEVP_PKEY_id()\fR and \fIEVP_PKEY_type()\fR return a key +type or \fBNID_undef\fR (equivalently \fB\s-1EVP_PKEY_NONE\s0\fR) on error. +.PP +\&\fIEVP_PKEY_set1_engine()\fR returns 1 for success and 0 for failure. +.PP +\&\fIEVP_PKEY_set_alias_type()\fR returns 1 for success and 0 for error. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +After loading an \s-1ECC\s0 key, it is possible to convert it to using \s-1SM2\s0 +algorithms with EVP_PKEY_set_alias_type: +.PP +.Vb 1 +\& EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_PKEY_new\fR\|(3), \s-1\fISM2\s0\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_PKEY_sign.3 b/linux_amd64/ssl/share/man/man3/EVP_PKEY_sign.3 new file mode 100755 index 0000000..e86398f --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_PKEY_sign.3 @@ -0,0 +1,240 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_SIGN 3" +.TH EVP_PKEY_SIGN 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_sign_init, EVP_PKEY_sign +\&\- sign using a public key algorithm +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_sign(EVP_PKEY_CTX *ctx, +\& unsigned char *sig, size_t *siglen, +\& const unsigned char *tbs, size_t tbslen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIEVP_PKEY_sign_init()\fR initializes a public key algorithm context \fIctx\fR for +signing using the algorithm given when the context was created +using \fIEVP_PKEY_CTX_new\fR\|(3) or variants thereof. The algorithm is used to +fetch a \fB\s-1EVP_SIGNATURE\s0\fR method implicitly, see \*(L"Implicit fetch\*(R" in \fIprovider\fR\|(7) +for more information about implict fetches. +.PP +The \fIEVP_PKEY_sign()\fR function performs a public key signing operation +using \fIctx\fR. The data to be signed is specified using the \fItbs\fR and +\&\fItbslen\fR parameters. If \fIsig\fR is \s-1NULL\s0 then the maximum size of the output +buffer is written to the \fIsiglen\fR parameter. If \fIsig\fR is not \s-1NULL\s0 then +before the call the \fIsiglen\fR parameter should contain the length of the +\&\fIsig\fR buffer, if the call is successful the signature is written to +\&\fIsig\fR and the amount of data written to \fIsiglen\fR. +.SH "NOTES" +.IX Header "NOTES" +\&\fIEVP_PKEY_sign()\fR does not hash the data to be signed, and therefore is +normally used to sign digests. For signing arbitrary messages, see the +\&\fIEVP_DigestSignInit\fR\|(3) and +\&\fIEVP_SignInit\fR\|(3) signing interfaces instead. +.PP +After the call to \fIEVP_PKEY_sign_init()\fR algorithm specific control +operations can be performed to set any appropriate parameters for the +operation (see \fIEVP_PKEY_CTX_ctrl\fR\|(3)). +.PP +The function \fIEVP_PKEY_sign()\fR can be called more than once on the same +context if several operations are performed using the same parameters. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_PKEY_sign_init()\fR and \fIEVP_PKEY_sign()\fR return 1 for success and 0 +or a negative value for failure. In particular a return value of \-2 +indicates the operation is not supported by the public key algorithm. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Sign data using \s-1RSA\s0 with PKCS#1 padding and \s-1SHA256\s0 digest: +.PP +.Vb 2 +\& #include +\& #include +\& +\& EVP_PKEY_CTX *ctx; +\& /* md is a SHA\-256 digest in this example. */ +\& unsigned char *md, *sig; +\& size_t mdlen = 32, siglen; +\& EVP_PKEY *signing_key; +\& +\& /* +\& * NB: assumes signing_key and md are set up before the next +\& * step. signing_key must be an RSA private key and md must +\& * point to the SHA\-256 digest to be signed. +\& */ +\& ctx = EVP_PKEY_CTX_new(signing_key, NULL /* no engine */); +\& if (!ctx) +\& /* Error occurred */ +\& if (EVP_PKEY_sign_init(ctx) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0) +\& /* Error */ +\& +\& /* Determine buffer length */ +\& if (EVP_PKEY_sign(ctx, NULL, &siglen, md, mdlen) <= 0) +\& /* Error */ +\& +\& sig = OPENSSL_malloc(siglen); +\& +\& if (!sig) +\& /* malloc failure */ +\& +\& if (EVP_PKEY_sign(ctx, sig, &siglen, md, mdlen) <= 0) +\& /* Error */ +\& +\& /* Signature is siglen bytes written to buffer sig */ +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_PKEY_CTX_new\fR\|(3), +\&\fIEVP_PKEY_CTX_ctrl\fR\|(3), +\&\fIEVP_PKEY_encrypt\fR\|(3), +\&\fIEVP_PKEY_decrypt\fR\|(3), +\&\fIEVP_PKEY_verify\fR\|(3), +\&\fIEVP_PKEY_verify_recover\fR\|(3), +\&\fIEVP_PKEY_derive\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_PKEY_size.3 b/linux_amd64/ssl/share/man/man3/EVP_PKEY_size.3 new file mode 100755 index 0000000..ac6812e --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_PKEY_size.3 @@ -0,0 +1,202 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_SIZE 3" +.TH EVP_PKEY_SIZE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_size, EVP_PKEY_bits, EVP_PKEY_security_bits +\&\- EVP_PKEY information functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_size(const EVP_PKEY *pkey); +\& int EVP_PKEY_bits(const EVP_PKEY *pkey); +\& int EVP_PKEY_security_bits(const EVP_PKEY *pkey); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIEVP_PKEY_size()\fR returns the maximum suitable size for the output +buffers for almost all operations that can be done with \fIpkey\fR. +The primary documented use is with \fIEVP_SignFinal\fR\|(3) and +\&\fIEVP_SealInit\fR\|(3), but it isn't limited there. The returned size is +also large enough for the output buffer of \fIEVP_PKEY_sign\fR\|(3), +\&\fIEVP_PKEY_encrypt\fR\|(3), \fIEVP_PKEY_decrypt\fR\|(3), \fIEVP_PKEY_derive\fR\|(3). +.PP +It must be stressed that, unless the documentation for the operation +that's being performed says otherwise, the size returned by +\&\fIEVP_PKEY_size()\fR is only preliminary and not exact, so the final +contents of the target buffer may be smaller. It is therefore crucial +to take note of the size given back by the function that performs the +operation, such as \fIEVP_PKEY_sign\fR\|(3) (the \fIsiglen\fR argument will +receive that length), to avoid bugs. +.PP +\&\fIEVP_PKEY_bits()\fR returns the cryptographic length of the cryptosystem +to which the key in \fIpkey\fR belongs, in bits. Note that the definition +of cryptographic length is specific to the key cryptosystem. +.PP +\&\fIEVP_PKEY_security_bits()\fR returns the number of security bits of the given +\&\fIpkey\fR, bits of security is defined in \s-1NIST\s0 \s-1SP800\-57\s0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_PKEY_size()\fR, \fIEVP_PKEY_bits()\fR and \fIEVP_PKEY_security_bits()\fR return a +positive number, or 0 if this size isn't available. +.SH "NOTES" +.IX Header "NOTES" +Most functions that have an output buffer and are mentioned with +\&\fIEVP_PKEY_size()\fR have a functionality where you can pass \s-1NULL\s0 for the +buffer and still pass a pointer to an integer and get the exact size +that this function call delivers in the context that it's called in. +This allows those functions to be called twice, once to find out the +exact buffer size, then allocate the buffer in between, and call that +function again actually output the data. For those functions, it +isn't strictly necessary to call \fIEVP_PKEY_size()\fR to find out the +buffer size, but may be useful in cases where it's desirable to know +the upper limit in advance. +.PP +It should also be especially noted that \fIEVP_PKEY_size()\fR shouldn't be +used to get the output size for \fIEVP_DigestSignFinal()\fR, according to +\&\*(L"\s-1NOTES\s0\*(R" in \fIEVP_DigestSignFinal\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_SignFinal\fR\|(3), +\&\fIEVP_SealInit\fR\|(3), +\&\fIEVP_PKEY_sign\fR\|(3), +\&\fIEVP_PKEY_encrypt\fR\|(3), +\&\fIEVP_PKEY_decrypt\fR\|(3), +\&\fIEVP_PKEY_derive\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_PKEY_supports_digest_nid.3 b/linux_amd64/ssl/share/man/man3/EVP_PKEY_supports_digest_nid.3 new file mode 100755 index 0000000..8e1ee2c --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_PKEY_supports_digest_nid.3 @@ -0,0 +1,174 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_SUPPORTS_DIGEST_NID 3" +.TH EVP_PKEY_SUPPORTS_DIGEST_NID 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_supports_digest_nid \- indicate support for signature digest +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& #include +\& int EVP_PKEY_supports_digest_nid(EVP_PKEY *pkey, int nid); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fIEVP_PKEY_supports_digest_nid()\fR function queries whether the message digest +\&\s-1NID\s0 \fBnid\fR is supported for public key signature operations associated with key +\&\fBpkey\fR. +.SH "NOTES" +.IX Header "NOTES" +If the \s-1EVP_PKEY\s0 implementation does not explicitly support this method, but +\&\fIEVP_PKEY_get_default_digest_nid\fR\|(3) returns a mandatory digest result, then +only that mandatory digest will be supported. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The \fIEVP_PKEY_supports_digest_nid()\fR function returns 1 if the message digest +algorithm identified by \fBnid\fR can be used for public key signature operations +associated with key \fBpkey\fR and 0 if it cannot be used. It returns a negative +value for failure. In particular a return value of \-2 indicates the query +operation is not supported by the public key algorithm. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_PKEY_CTX_new\fR\|(3), +\&\fIEVP_PKEY_get_default_digest_nid\fR\|(3), +\&\fIEVP_PKEY_sign\fR\|(3), +\&\fIEVP_PKEY_verify\fR\|(3), +\&\fIEVP_PKEY_verify_recover\fR\|(3), +.SH "HISTORY" +.IX Header "HISTORY" +The \fIEVP_PKEY_supports_digest_nid()\fR function was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_PKEY_verify.3 b/linux_amd64/ssl/share/man/man3/EVP_PKEY_verify.3 new file mode 100755 index 0000000..bcca611 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_PKEY_verify.3 @@ -0,0 +1,229 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_VERIFY 3" +.TH EVP_PKEY_VERIFY 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_verify_init, EVP_PKEY_verify +\&\- signature verification using a public key algorithm +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_verify(EVP_PKEY_CTX *ctx, +\& const unsigned char *sig, size_t siglen, +\& const unsigned char *tbs, size_t tbslen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIEVP_PKEY_verify_init()\fR initializes a public key algorithm context \fIctx\fR for +signing using the algorithm given when the context was created +using \fIEVP_PKEY_CTX_new\fR\|(3) or variants thereof. The algorithm is used to +fetch a \fB\s-1EVP_SIGNATURE\s0\fR method implicitly, see \*(L"Implicit fetch\*(R" in \fIprovider\fR\|(7) +for more information about implict fetches. +.PP +The \fIEVP_PKEY_verify()\fR function performs a public key verification operation +using \fIctx\fR. The signature is specified using the \fIsig\fR and +\&\fIsiglen\fR parameters. The verified data (i.e. the data believed originally +signed) is specified using the \fItbs\fR and \fItbslen\fR parameters. +.SH "NOTES" +.IX Header "NOTES" +After the call to \fIEVP_PKEY_verify_init()\fR algorithm specific control +operations can be performed to set any appropriate parameters for the +operation. +.PP +The function \fIEVP_PKEY_verify()\fR can be called more than once on the same +context if several operations are performed using the same parameters. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_PKEY_verify_init()\fR and \fIEVP_PKEY_verify()\fR return 1 if the verification was +successful and 0 if it failed. Unlike other functions the return value 0 from +\&\fIEVP_PKEY_verify()\fR only indicates that the signature did not verify +successfully (that is tbs did not match the original data or the signature was +of invalid form) it is not an indication of a more serious error. +.PP +A negative value indicates an error other that signature verification failure. +In particular a return value of \-2 indicates the operation is not supported by +the public key algorithm. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Verify signature using PKCS#1 and \s-1SHA256\s0 digest: +.PP +.Vb 2 +\& #include +\& #include +\& +\& EVP_PKEY_CTX *ctx; +\& unsigned char *md, *sig; +\& size_t mdlen, siglen; +\& EVP_PKEY *verify_key; +\& +\& /* +\& * NB: assumes verify_key, sig, siglen md and mdlen are already set up +\& * and that verify_key is an RSA public key +\& */ +\& ctx = EVP_PKEY_CTX_new(verify_key, NULL /* no engine */); +\& if (!ctx) +\& /* Error occurred */ +\& if (EVP_PKEY_verify_init(ctx) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0) +\& /* Error */ +\& +\& /* Perform operation */ +\& ret = EVP_PKEY_verify(ctx, sig, siglen, md, mdlen); +\& +\& /* +\& * ret == 1 indicates success, 0 verify failure and < 0 for some +\& * other error. +\& */ +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_PKEY_CTX_new\fR\|(3), +\&\fIEVP_PKEY_encrypt\fR\|(3), +\&\fIEVP_PKEY_decrypt\fR\|(3), +\&\fIEVP_PKEY_sign\fR\|(3), +\&\fIEVP_PKEY_verify_recover\fR\|(3), +\&\fIEVP_PKEY_derive\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_PKEY_verify_recover.3 b/linux_amd64/ssl/share/man/man3/EVP_PKEY_verify_recover.3 new file mode 100755 index 0000000..30395f6 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_PKEY_verify_recover.3 @@ -0,0 +1,240 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_VERIFY_RECOVER 3" +.TH EVP_PKEY_VERIFY_RECOVER 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_verify_recover_init, EVP_PKEY_verify_recover +\&\- recover signature using a public key algorithm +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx, +\& unsigned char *rout, size_t *routlen, +\& const unsigned char *sig, size_t siglen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIEVP_PKEY_verify_recover_init()\fR initializes a public key algorithm context +\&\fIctx\fR for signing using the algorithm given when the context was created +using \fIEVP_PKEY_CTX_new\fR\|(3) or variants thereof. The algorithm is used to +fetch a \fB\s-1EVP_SIGNATURE\s0\fR method implicitly, see \*(L"Implicit fetch\*(R" in \fIprovider\fR\|(7) +for more information about implict fetches. +.PP +The \fIEVP_PKEY_verify_recover()\fR function recovers signed data +using \fIctx\fR. The signature is specified using the \fIsig\fR and +\&\fIsiglen\fR parameters. If \fIrout\fR is \s-1NULL\s0 then the maximum size of the output +buffer is written to the \fIroutlen\fR parameter. If \fIrout\fR is not \s-1NULL\s0 then +before the call the \fIroutlen\fR parameter should contain the length of the +\&\fIrout\fR buffer, if the call is successful recovered data is written to +\&\fIrout\fR and the amount of data written to \fIroutlen\fR. +.SH "NOTES" +.IX Header "NOTES" +Normally an application is only interested in whether a signature verification +operation is successful in those cases the \fIEVP_verify()\fR function should be +used. +.PP +Sometimes however it is useful to obtain the data originally signed using a +signing operation. Only certain public key algorithms can recover a signature +in this way (for example \s-1RSA\s0 in \s-1PKCS\s0 padding mode). +.PP +After the call to \fIEVP_PKEY_verify_recover_init()\fR algorithm specific control +operations can be performed to set any appropriate parameters for the +operation. +.PP +The function \fIEVP_PKEY_verify_recover()\fR can be called more than once on the same +context if several operations are performed using the same parameters. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_PKEY_verify_recover_init()\fR and \fIEVP_PKEY_verify_recover()\fR return 1 for success +and 0 or a negative value for failure. In particular a return value of \-2 +indicates the operation is not supported by the public key algorithm. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Recover digest originally signed using PKCS#1 and \s-1SHA256\s0 digest: +.PP +.Vb 2 +\& #include +\& #include +\& +\& EVP_PKEY_CTX *ctx; +\& unsigned char *rout, *sig; +\& size_t routlen, siglen; +\& EVP_PKEY *verify_key; +\& +\& /* +\& * NB: assumes verify_key, sig and siglen are already set up +\& * and that verify_key is an RSA public key +\& */ +\& ctx = EVP_PKEY_CTX_new(verify_key, NULL /* no engine */); +\& if (!ctx) +\& /* Error occurred */ +\& if (EVP_PKEY_verify_recover_init(ctx) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0) +\& /* Error */ +\& +\& /* Determine buffer length */ +\& if (EVP_PKEY_verify_recover(ctx, NULL, &routlen, sig, siglen) <= 0) +\& /* Error */ +\& +\& rout = OPENSSL_malloc(routlen); +\& +\& if (!rout) +\& /* malloc failure */ +\& +\& if (EVP_PKEY_verify_recover(ctx, rout, &routlen, sig, siglen) <= 0) +\& /* Error */ +\& +\& /* Recovered data is routlen bytes written to buffer rout */ +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_PKEY_CTX_new\fR\|(3), +\&\fIEVP_PKEY_encrypt\fR\|(3), +\&\fIEVP_PKEY_decrypt\fR\|(3), +\&\fIEVP_PKEY_sign\fR\|(3), +\&\fIEVP_PKEY_verify\fR\|(3), +\&\fIEVP_PKEY_derive\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2013\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_SIGNATURE_free.3 b/linux_amd64/ssl/share/man/man3/EVP_SIGNATURE_free.3 new file mode 100755 index 0000000..31f8af7 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_SIGNATURE_free.3 @@ -0,0 +1,210 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_SIGNATURE_FREE 3" +.TH EVP_SIGNATURE_FREE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_SIGNATURE_fetch, EVP_SIGNATURE_free, EVP_SIGNATURE_up_ref, +EVP_SIGNATURE_number, EVP_SIGNATURE_is_a, EVP_SIGNATURE_provider, +EVP_SIGNATURE_do_all_provided, EVP_SIGNATURE_names_do_all +\&\- Functions to manage EVP_SIGNATURE algorithm objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EVP_SIGNATURE *EVP_SIGNATURE_fetch(OPENSSL_CTX *ctx, const char *algorithm, +\& const char *properties); +\& void EVP_SIGNATURE_free(EVP_SIGNATURE *signature); +\& int EVP_SIGNATURE_up_ref(EVP_SIGNATURE *signature); +\& int EVP_SIGNATURE_number(const EVP_SIGNATURE *signature); +\& int EVP_SIGNATURE_is_a(const EVP_SIGNATURE *signature, const char *name); +\& OSSL_PROVIDER *EVP_SIGNATURE_provider(const EVP_SIGNATURE *signature); +\& void EVP_SIGNATURE_do_all_provided(OPENSSL_CTX *libctx, +\& void (*fn)(EVP_SIGNATURE *signature, +\& void *arg), +\& void *arg); +\& void EVP_SIGNATURE_names_do_all(const EVP_SIGNATURE *signature, +\& void (*fn)(const char *name, void *data), +\& void *data); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIEVP_SIGNATURE_fetch()\fR fetches the implementation for the given +\&\fBalgorithm\fR from any provider offering it, within the criteria given +by the \fBproperties\fR. +The algorithm will be one offering functions for performing signature related +tasks such as signing and verifying. +See \*(L"Fetching algorithms\*(R" in \fIprovider\fR\|(7) for further information. +.PP +The returned value must eventually be freed with \fIEVP_SIGNATURE_free()\fR. +.PP +\&\fIEVP_SIGNATURE_free()\fR decrements the reference count for the \fB\s-1EVP_SIGNATURE\s0\fR +structure. Typically this structure will have been obtained from an earlier call +to \fIEVP_SIGNATURE_fetch()\fR. If the reference count drops to 0 then the +structure is freed. +.PP +\&\fIEVP_SIGNATURE_up_ref()\fR increments the reference count for an \fB\s-1EVP_SIGNATURE\s0\fR +structure. +.PP +\&\fIEVP_SIGNATURE_is_a()\fR returns 1 if \fIsignature\fR is an implementation of an +algorithm that's identifiable with \fIname\fR, otherwise 0. +.PP +\&\fIEVP_SIGNATURE_provider()\fR returns the provider that \fIsignature\fR was fetched from. +.PP +\&\fIEVP_SIGNATURE_do_all_provided()\fR traverses all \s-1SIGNATURE\s0 implemented by all +activated roviders in the given library context \fIlibctx\fR, and for each of the +implementations, calls the given function \fIfn\fR with the implementation method +and the given \fIarg\fR as argument. +.PP +\&\fIEVP_SIGNATURE_number()\fR returns the internal dynamic number assigned to +\&\fIsignature\fR. +.PP +\&\fIEVP_SIGNATURE_names_do_all()\fR traverses all names for \fIsignature\fR, and calls +\&\fIfn\fR with each name and \fIdata\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_SIGNATURE_fetch()\fR returns a pointer to an \fB\s-1EVP_SIGNATURE\s0\fR for success +or \fB\s-1NULL\s0\fR for failure. +.PP +\&\fIEVP_SIGNATURE_up_ref()\fR returns 1 for success or 0 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\*(L"Fetching algorithms\*(R" in \fIprovider\fR\|(7), \s-1\fIOSSL_PROVIDER\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_SealInit.3 b/linux_amd64/ssl/share/man/man3/EVP_SealInit.3 new file mode 100755 index 0000000..99d4baf --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_SealInit.3 @@ -0,0 +1,214 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_SEALINIT 3" +.TH EVP_SEALINIT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_SealInit, EVP_SealUpdate, EVP_SealFinal \- EVP envelope encryption +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, +\& unsigned char **ek, int *ekl, unsigned char *iv, +\& EVP_PKEY **pubk, int npubk); +\& int EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, +\& int *outl, unsigned char *in, int inl); +\& int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP\s0 envelope routines are a high level interface to envelope +encryption. They generate a random key and \s-1IV\s0 (if required) then +\&\*(L"envelope\*(R" it by using public key encryption. Data can then be +encrypted using this key. +.PP +\&\fIEVP_SealInit()\fR initializes a cipher context \fBctx\fR for encryption +with cipher \fBtype\fR using a random secret key and \s-1IV\s0. \fBtype\fR is normally +supplied by a function such as \fIEVP_aes_256_cbc()\fR. The secret key is encrypted +using one or more public keys, this allows the same encrypted data to be +decrypted using any of the corresponding private keys. \fBek\fR is an array of +buffers where the public key encrypted secret key will be written, each buffer +must contain enough room for the corresponding encrypted key: that is +\&\fBek[i]\fR must have room for \fBEVP_PKEY_size(pubk[i])\fR bytes. The actual +size of each encrypted secret key is written to the array \fBekl\fR. \fBpubk\fR is +an array of \fBnpubk\fR public keys. +.PP +The \fBiv\fR parameter is a buffer where the generated \s-1IV\s0 is written to. It must +contain enough room for the corresponding cipher's \s-1IV\s0, as determined by (for +example) EVP_CIPHER_iv_length(type). +.PP +If the cipher does not require an \s-1IV\s0 then the \fBiv\fR parameter is ignored +and can be \fB\s-1NULL\s0\fR. +.PP +\&\fIEVP_SealUpdate()\fR and \fIEVP_SealFinal()\fR have exactly the same properties +as the \fIEVP_EncryptUpdate()\fR and \fIEVP_EncryptFinal()\fR routines, as +documented on the \fIEVP_EncryptInit\fR\|(3) manual +page. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_SealInit()\fR returns 0 on error or \fBnpubk\fR if successful. +.PP +\&\fIEVP_SealUpdate()\fR and \fIEVP_SealFinal()\fR return 1 for success and 0 for +failure. +.SH "NOTES" +.IX Header "NOTES" +Because a random secret key is generated the random number generator +must be seeded when \fIEVP_SealInit()\fR is called. +If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to +external circumstances (see \s-1\fIRAND\s0\fR\|(7)), the operation will fail. +.PP +The public key must be \s-1RSA\s0 because it is the only OpenSSL public key +algorithm that supports key transport. +.PP +Envelope encryption is the usual method of using public key encryption +on large amounts of data, this is because public key encryption is slow +but symmetric encryption is fast. So symmetric encryption is used for +bulk encryption and the small random symmetric key used is transferred +using public key encryption. +.PP +It is possible to call \fIEVP_SealInit()\fR twice in the same way as +\&\fIEVP_EncryptInit()\fR. The first call should have \fBnpubk\fR set to 0 +and (after setting any cipher parameters) it should be called again +with \fBtype\fR set to \s-1NULL\s0. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIevp\fR\|(7), \fIRAND_bytes\fR\|(3), +\&\fIEVP_EncryptInit\fR\|(3), +\&\fIEVP_OpenInit\fR\|(3), +\&\s-1\fIRAND\s0\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_SignInit.3 b/linux_amd64/ssl/share/man/man3/EVP_SignInit.3 new file mode 100755 index 0000000..6c428ff --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_SignInit.3 @@ -0,0 +1,220 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_SIGNINIT 3" +.TH EVP_SIGNINIT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_SignInit, EVP_SignInit_ex, EVP_SignUpdate, EVP_SignFinal +\&\- EVP signing functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_SignInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); +\& int EVP_SignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); +\& int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sig, unsigned int *s, EVP_PKEY *pkey); +\& +\& void EVP_SignInit(EVP_MD_CTX *ctx, const EVP_MD *type); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP\s0 signature routines are a high level interface to digital +signatures. +.PP +\&\fIEVP_SignInit_ex()\fR sets up signing context \fIctx\fR to use digest +\&\fItype\fR from \fB\s-1ENGINE\s0\fR \fIimpl\fR. \fIctx\fR must be created with +\&\fIEVP_MD_CTX_new()\fR before calling this function. +.PP +\&\fIEVP_SignUpdate()\fR hashes \fIcnt\fR bytes of data at \fId\fR into the +signature context \fIctx\fR. This function can be called several times on the +same \fIctx\fR to include additional data. +.PP +\&\fIEVP_SignFinal()\fR signs the data in \fIctx\fR using the private key \fIpkey\fR and +places the signature in \fIsig\fR. \fIsig\fR must be at least \f(CW\*(C`EVP_PKEY_size(pkey)\*(C'\fR +bytes in size. \fIs\fR is an \s-1OUT\s0 parameter, and not used as an \s-1IN\s0 parameter. +The number of bytes of data written (i.e. the length of the signature) +will be written to the integer at \fIs\fR, at most \f(CW\*(C`EVP_PKEY_size(pkey)\*(C'\fR bytes +will be written. +.PP +\&\fIEVP_SignInit()\fR initializes a signing context \fIctx\fR to use the default +implementation of digest \fItype\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_SignInit_ex()\fR, \fIEVP_SignUpdate()\fR and \fIEVP_SignFinal()\fR return 1 +for success and 0 for failure. +.PP +The error codes can be obtained by \fIERR_get_error\fR\|(3). +.SH "NOTES" +.IX Header "NOTES" +The \fB\s-1EVP\s0\fR interface to digital signatures should almost always be used in +preference to the low level interfaces. This is because the code then becomes +transparent to the algorithm used and much more flexible. +.PP +When signing with \s-1DSA\s0 private keys the random number generator must be seeded. +If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to +external circumstances (see \s-1\fIRAND\s0\fR\|(7)), the operation will fail. +This requirement does not hold for \s-1RSA\s0 signatures. +.PP +The call to \fIEVP_SignFinal()\fR internally finalizes a copy of the digest context. +This means that calls to \fIEVP_SignUpdate()\fR and \fIEVP_SignFinal()\fR can be called +later to digest and sign additional data. +.PP +Since only a copy of the digest context is ever finalized the context must +be cleaned up after use by calling \fIEVP_MD_CTX_free()\fR or a memory leak +will occur. +.SH "BUGS" +.IX Header "BUGS" +Older versions of this documentation wrongly stated that calls to +\&\fIEVP_SignUpdate()\fR could not be made after calling \fIEVP_SignFinal()\fR. +.PP +Since the private key is passed in the call to \fIEVP_SignFinal()\fR any error +relating to the private key (for example an unsuitable key and digest +combination) will not be indicated until after potentially large amounts of +data have been passed through \fIEVP_SignUpdate()\fR. +.PP +It is not possible to change the signing parameters using these function. +.PP +The previous two bugs are fixed in the newer EVP_SignDigest*() function. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_PKEY_size\fR\|(3), \fIEVP_PKEY_bits\fR\|(3), \fIEVP_PKEY_security_bits\fR\|(3), +\&\fIEVP_VerifyInit\fR\|(3), +\&\fIEVP_DigestInit\fR\|(3), +\&\fIevp\fR\|(7), \s-1\fIHMAC\s0\fR\|(3), \s-1\fIMD2\s0\fR\|(3), +\&\s-1\fIMD5\s0\fR\|(3), \s-1\fIMDC2\s0\fR\|(3), \s-1\fIRIPEMD160\s0\fR\|(3), +\&\s-1\fISHA1\s0\fR\|(3), \fIopenssl\-dgst\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_VerifyInit.3 b/linux_amd64/ssl/share/man/man3/EVP_VerifyInit.3 new file mode 100755 index 0000000..3f67c0e --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_VerifyInit.3 @@ -0,0 +1,216 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_VERIFYINIT 3" +.TH EVP_VERIFYINIT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_VerifyInit_ex, +EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal +\&\- EVP signature verification functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_VerifyInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); +\& int EVP_VerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); +\& int EVP_VerifyFinal(EVP_MD_CTX *ctx, unsigned char *sigbuf, unsigned int siglen, +\& EVP_PKEY *pkey); +\& +\& int EVP_VerifyInit(EVP_MD_CTX *ctx, const EVP_MD *type); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP\s0 signature verification routines are a high level interface to digital +signatures. +.PP +\&\fIEVP_VerifyInit_ex()\fR sets up verification context \fBctx\fR to use digest +\&\fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be created by calling +\&\fIEVP_MD_CTX_new()\fR before calling this function. +.PP +\&\fIEVP_VerifyUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the +verification context \fBctx\fR. This function can be called several times on the +same \fBctx\fR to include additional data. +.PP +\&\fIEVP_VerifyFinal()\fR verifies the data in \fBctx\fR using the public key \fBpkey\fR +and against the \fBsiglen\fR bytes at \fBsigbuf\fR. +.PP +\&\fIEVP_VerifyInit()\fR initializes verification context \fBctx\fR to use the default +implementation of digest \fBtype\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_VerifyInit_ex()\fR and \fIEVP_VerifyUpdate()\fR return 1 for success and 0 for +failure. +.PP +\&\fIEVP_VerifyFinal()\fR returns 1 for a correct signature, 0 for failure and \-1 if some +other error occurred. +.PP +The error codes can be obtained by \fIERR_get_error\fR\|(3). +.SH "NOTES" +.IX Header "NOTES" +The \fB\s-1EVP\s0\fR interface to digital signatures should almost always be used in +preference to the low level interfaces. This is because the code then becomes +transparent to the algorithm used and much more flexible. +.PP +The call to \fIEVP_VerifyFinal()\fR internally finalizes a copy of the digest context. +This means that calls to \fIEVP_VerifyUpdate()\fR and \fIEVP_VerifyFinal()\fR can be called +later to digest and verify additional data. +.PP +Since only a copy of the digest context is ever finalized the context must +be cleaned up after use by calling \fIEVP_MD_CTX_free()\fR or a memory leak +will occur. +.SH "BUGS" +.IX Header "BUGS" +Older versions of this documentation wrongly stated that calls to +\&\fIEVP_VerifyUpdate()\fR could not be made after calling \fIEVP_VerifyFinal()\fR. +.PP +Since the public key is passed in the call to \fIEVP_SignFinal()\fR any error +relating to the private key (for example an unsuitable key and digest +combination) will not be indicated until after potentially large amounts of +data have been passed through \fIEVP_SignUpdate()\fR. +.PP +It is not possible to change the signing parameters using these function. +.PP +The previous two bugs are fixed in the newer EVP_DigestVerify*() function. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIevp\fR\|(7), +\&\fIEVP_SignInit\fR\|(3), +\&\fIEVP_DigestInit\fR\|(3), +\&\fIevp\fR\|(7), \s-1\fIHMAC\s0\fR\|(3), \s-1\fIMD2\s0\fR\|(3), +\&\s-1\fIMD5\s0\fR\|(3), \s-1\fIMDC2\s0\fR\|(3), \s-1\fIRIPEMD160\s0\fR\|(3), +\&\s-1\fISHA1\s0\fR\|(3), \fIopenssl\-dgst\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_aes_128_gcm.3 b/linux_amd64/ssl/share/man/man3/EVP_aes_128_gcm.3 new file mode 100755 index 0000000..5eedb2c --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_aes_128_gcm.3 @@ -0,0 +1,252 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_AES_128_GCM 3" +.TH EVP_AES_128_GCM 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_aes_128_cbc, +EVP_aes_192_cbc, +EVP_aes_256_cbc, +EVP_aes_128_cfb, +EVP_aes_192_cfb, +EVP_aes_256_cfb, +EVP_aes_128_cfb1, +EVP_aes_192_cfb1, +EVP_aes_256_cfb1, +EVP_aes_128_cfb8, +EVP_aes_192_cfb8, +EVP_aes_256_cfb8, +EVP_aes_128_cfb128, +EVP_aes_192_cfb128, +EVP_aes_256_cfb128, +EVP_aes_128_ctr, +EVP_aes_192_ctr, +EVP_aes_256_ctr, +EVP_aes_128_ecb, +EVP_aes_192_ecb, +EVP_aes_256_ecb, +EVP_aes_128_ofb, +EVP_aes_192_ofb, +EVP_aes_256_ofb, +EVP_aes_128_cbc_hmac_sha1, +EVP_aes_256_cbc_hmac_sha1, +EVP_aes_128_cbc_hmac_sha256, +EVP_aes_256_cbc_hmac_sha256, +EVP_aes_128_ccm, +EVP_aes_192_ccm, +EVP_aes_256_ccm, +EVP_aes_128_gcm, +EVP_aes_192_gcm, +EVP_aes_256_gcm, +EVP_aes_128_ocb, +EVP_aes_192_ocb, +EVP_aes_256_ocb, +EVP_aes_128_wrap, +EVP_aes_192_wrap, +EVP_aes_256_wrap, +EVP_aes_128_wrap_pad, +EVP_aes_192_wrap_pad, +EVP_aes_256_wrap_pad, +EVP_aes_128_xts, +EVP_aes_256_xts +\&\- EVP AES cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_ciphername(void) +.Ve +.PP +\&\fIEVP_ciphername\fR is used a placeholder for any of the described cipher +functions, such as \fIEVP_aes_128_cbc\fR. +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1AES\s0 encryption algorithm for \s-1EVP\s0. +.IP "\fIEVP_aes_128_cbc()\fR, \fIEVP_aes_192_cbc()\fR, \fIEVP_aes_256_cbc()\fR, \fIEVP_aes_128_cfb()\fR, \fIEVP_aes_192_cfb()\fR, \fIEVP_aes_256_cfb()\fR, \fIEVP_aes_128_cfb1()\fR, \fIEVP_aes_192_cfb1()\fR, \fIEVP_aes_256_cfb1()\fR, \fIEVP_aes_128_cfb8()\fR, \fIEVP_aes_192_cfb8()\fR, \fIEVP_aes_256_cfb8()\fR, \fIEVP_aes_128_cfb128()\fR, \fIEVP_aes_192_cfb128()\fR, \fIEVP_aes_256_cfb128()\fR, \fIEVP_aes_128_ctr()\fR, \fIEVP_aes_192_ctr()\fR, \fIEVP_aes_256_ctr()\fR, \fIEVP_aes_128_ecb()\fR, \fIEVP_aes_192_ecb()\fR, \fIEVP_aes_256_ecb()\fR, \fIEVP_aes_128_ofb()\fR, \fIEVP_aes_192_ofb()\fR, \fIEVP_aes_256_ofb()\fR" 4 +.IX Item "EVP_aes_128_cbc(), EVP_aes_192_cbc(), EVP_aes_256_cbc(), EVP_aes_128_cfb(), EVP_aes_192_cfb(), EVP_aes_256_cfb(), EVP_aes_128_cfb1(), EVP_aes_192_cfb1(), EVP_aes_256_cfb1(), EVP_aes_128_cfb8(), EVP_aes_192_cfb8(), EVP_aes_256_cfb8(), EVP_aes_128_cfb128(), EVP_aes_192_cfb128(), EVP_aes_256_cfb128(), EVP_aes_128_ctr(), EVP_aes_192_ctr(), EVP_aes_256_ctr(), EVP_aes_128_ecb(), EVP_aes_192_ecb(), EVP_aes_256_ecb(), EVP_aes_128_ofb(), EVP_aes_192_ofb(), EVP_aes_256_ofb()" +\&\s-1AES\s0 for 128, 192 and 256 bit keys in the following modes: \s-1CBC\s0, \s-1CFB\s0 with 128\-bit +shift, \s-1CFB\s0 with 1\-bit shift, \s-1CFB\s0 with 8\-bit shift, \s-1CTR\s0, \s-1ECB\s0, and \s-1OFB\s0. +.IP "\fIEVP_aes_128_cbc_hmac_sha1()\fR, \fIEVP_aes_256_cbc_hmac_sha1()\fR" 4 +.IX Item "EVP_aes_128_cbc_hmac_sha1(), EVP_aes_256_cbc_hmac_sha1()" +Authenticated encryption with \s-1AES\s0 in \s-1CBC\s0 mode using \s-1SHA\-1\s0 as \s-1HMAC\s0, with keys of +128 and 256 bits length respectively. The authentication tag is 160 bits long. +.Sp +\&\s-1WARNING:\s0 this is not intended for usage outside of \s-1TLS\s0 and requires calling of +some undocumented ctrl functions. These ciphers do not conform to the \s-1EVP\s0 \s-1AEAD\s0 +interface. +.IP "\fIEVP_aes_128_cbc_hmac_sha256()\fR, \fIEVP_aes_256_cbc_hmac_sha256()\fR" 4 +.IX Item "EVP_aes_128_cbc_hmac_sha256(), EVP_aes_256_cbc_hmac_sha256()" +Authenticated encryption with \s-1AES\s0 in \s-1CBC\s0 mode using \s-1SHA256\s0 (\s-1SHA\-2\s0, 256\-bits) as +\&\s-1HMAC\s0, with keys of 128 and 256 bits length respectively. The authentication tag +is 256 bits long. +.Sp +\&\s-1WARNING:\s0 this is not intended for usage outside of \s-1TLS\s0 and requires calling of +some undocumented ctrl functions. These ciphers do not conform to the \s-1EVP\s0 \s-1AEAD\s0 +interface. +.IP "\fIEVP_aes_128_ccm()\fR, \fIEVP_aes_192_ccm()\fR, \fIEVP_aes_256_ccm()\fR, \fIEVP_aes_128_gcm()\fR, \fIEVP_aes_192_gcm()\fR, \fIEVP_aes_256_gcm()\fR, \fIEVP_aes_128_ocb()\fR, \fIEVP_aes_192_ocb()\fR, \fIEVP_aes_256_ocb()\fR" 4 +.IX Item "EVP_aes_128_ccm(), EVP_aes_192_ccm(), EVP_aes_256_ccm(), EVP_aes_128_gcm(), EVP_aes_192_gcm(), EVP_aes_256_gcm(), EVP_aes_128_ocb(), EVP_aes_192_ocb(), EVP_aes_256_ocb()" +\&\s-1AES\s0 for 128, 192 and 256 bit keys in CBC-MAC Mode (\s-1CCM\s0), Galois Counter Mode +(\s-1GCM\s0) and \s-1OCB\s0 Mode respectively. These ciphers require additional control +operations to function correctly, see the \*(L"\s-1AEAD\s0 Interface\*(R" in \fIEVP_EncryptInit\fR\|(3) +section for details. +.IP "\fIEVP_aes_128_wrap()\fR, \fIEVP_aes_192_wrap()\fR, \fIEVP_aes_256_wrap()\fR, \fIEVP_aes_128_wrap_pad()\fR, \fIEVP_aes_128_wrap()\fR, \fIEVP_aes_192_wrap()\fR, \fIEVP_aes_256_wrap()\fR, \fIEVP_aes_192_wrap_pad()\fR, \fIEVP_aes_128_wrap()\fR, \fIEVP_aes_192_wrap()\fR, \fIEVP_aes_256_wrap()\fR, \fIEVP_aes_256_wrap_pad()\fR" 4 +.IX Item "EVP_aes_128_wrap(), EVP_aes_192_wrap(), EVP_aes_256_wrap(), EVP_aes_128_wrap_pad(), EVP_aes_128_wrap(), EVP_aes_192_wrap(), EVP_aes_256_wrap(), EVP_aes_192_wrap_pad(), EVP_aes_128_wrap(), EVP_aes_192_wrap(), EVP_aes_256_wrap(), EVP_aes_256_wrap_pad()" +\&\s-1AES\s0 key wrap with 128, 192 and 256 bit keys, as according to \s-1RFC\s0 3394 section +2.2.1 (\*(L"wrap\*(R") and \s-1RFC\s0 5649 section 4.1 (\*(L"wrap with padding\*(R") respectively. +.IP "\fIEVP_aes_128_xts()\fR, \fIEVP_aes_256_xts()\fR" 4 +.IX Item "EVP_aes_128_xts(), EVP_aes_256_xts()" +\&\s-1AES\s0 \s-1XTS\s0 mode (XTS-AES) is standardized in \s-1IEEE\s0 Std. 1619\-2007 and described in \s-1NIST\s0 +\&\s-1SP\s0 800\-38E. The \s-1XTS\s0 (XEX-based tweaked-codebook mode with ciphertext stealing) +mode was designed by Prof. Phillip Rogaway of University of California, Davis, +intended for encrypting data on a storage device. +.Sp +XTS-AES provides confidentiality but not authentication of data. It also +requires a key of double-length for protection of a certain key size. +In particular, \s-1XTS\-AES\-128\s0 (\fBEVP_aes_128_xts\fR) takes input of a 256\-bit key to +achieve \s-1AES\s0 128\-bit security, and \s-1XTS\-AES\-256\s0 (\fBEVP_aes_256_xts\fR) takes input +of a 512\-bit key to achieve \s-1AES\s0 256\-bit security. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fIEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIevp\fR\|(7), +\&\fIEVP_EncryptInit\fR\|(3), +\&\fIEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_aria_128_gcm.3 b/linux_amd64/ssl/share/man/man3/EVP_aria_128_gcm.3 new file mode 100755 index 0000000..7ab93a0 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_aria_128_gcm.3 @@ -0,0 +1,203 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_ARIA_128_GCM 3" +.TH EVP_ARIA_128_GCM 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_aria_128_cbc, +EVP_aria_192_cbc, +EVP_aria_256_cbc, +EVP_aria_128_cfb, +EVP_aria_192_cfb, +EVP_aria_256_cfb, +EVP_aria_128_cfb1, +EVP_aria_192_cfb1, +EVP_aria_256_cfb1, +EVP_aria_128_cfb8, +EVP_aria_192_cfb8, +EVP_aria_256_cfb8, +EVP_aria_128_cfb128, +EVP_aria_192_cfb128, +EVP_aria_256_cfb128, +EVP_aria_128_ctr, +EVP_aria_192_ctr, +EVP_aria_256_ctr, +EVP_aria_128_ecb, +EVP_aria_192_ecb, +EVP_aria_256_ecb, +EVP_aria_128_ofb, +EVP_aria_192_ofb, +EVP_aria_256_ofb, +EVP_aria_128_ccm, +EVP_aria_192_ccm, +EVP_aria_256_ccm, +EVP_aria_128_gcm, +EVP_aria_192_gcm, +EVP_aria_256_gcm, +\&\- EVP ARIA cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_ciphername(void) +.Ve +.PP +\&\fIEVP_ciphername\fR is used a placeholder for any of the described cipher +functions, such as \fIEVP_aria_128_cbc\fR. +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1ARIA\s0 encryption algorithm for \s-1EVP\s0. +.IP "\fIEVP_aria_128_cbc()\fR, \fIEVP_aria_192_cbc()\fR, \fIEVP_aria_256_cbc()\fR, \fIEVP_aria_128_cfb()\fR, \fIEVP_aria_192_cfb()\fR, \fIEVP_aria_256_cfb()\fR, \fIEVP_aria_128_cfb1()\fR, \fIEVP_aria_192_cfb1()\fR, \fIEVP_aria_256_cfb1()\fR, \fIEVP_aria_128_cfb8()\fR, \fIEVP_aria_192_cfb8()\fR, \fIEVP_aria_256_cfb8()\fR, \fIEVP_aria_128_cfb128()\fR, \fIEVP_aria_192_cfb128()\fR, \fIEVP_aria_256_cfb128()\fR, \fIEVP_aria_128_ctr()\fR, \fIEVP_aria_192_ctr()\fR, \fIEVP_aria_256_ctr()\fR, \fIEVP_aria_128_ecb()\fR, \fIEVP_aria_192_ecb()\fR, \fIEVP_aria_256_ecb()\fR, \fIEVP_aria_128_ofb()\fR, \fIEVP_aria_192_ofb()\fR, \fIEVP_aria_256_ofb()\fR" 4 +.IX Item "EVP_aria_128_cbc(), EVP_aria_192_cbc(), EVP_aria_256_cbc(), EVP_aria_128_cfb(), EVP_aria_192_cfb(), EVP_aria_256_cfb(), EVP_aria_128_cfb1(), EVP_aria_192_cfb1(), EVP_aria_256_cfb1(), EVP_aria_128_cfb8(), EVP_aria_192_cfb8(), EVP_aria_256_cfb8(), EVP_aria_128_cfb128(), EVP_aria_192_cfb128(), EVP_aria_256_cfb128(), EVP_aria_128_ctr(), EVP_aria_192_ctr(), EVP_aria_256_ctr(), EVP_aria_128_ecb(), EVP_aria_192_ecb(), EVP_aria_256_ecb(), EVP_aria_128_ofb(), EVP_aria_192_ofb(), EVP_aria_256_ofb()" +\&\s-1ARIA\s0 for 128, 192 and 256 bit keys in the following modes: \s-1CBC\s0, \s-1CFB\s0 with +128\-bit shift, \s-1CFB\s0 with 1\-bit shift, \s-1CFB\s0 with 8\-bit shift, \s-1CTR\s0, \s-1ECB\s0 and \s-1OFB\s0. +.IP "\fIEVP_aria_128_ccm()\fR, \fIEVP_aria_192_ccm()\fR, \fIEVP_aria_256_ccm()\fR, \fIEVP_aria_128_gcm()\fR, \fIEVP_aria_192_gcm()\fR, \fIEVP_aria_256_gcm()\fR," 4 +.IX Item "EVP_aria_128_ccm(), EVP_aria_192_ccm(), EVP_aria_256_ccm(), EVP_aria_128_gcm(), EVP_aria_192_gcm(), EVP_aria_256_gcm()," +\&\s-1ARIA\s0 for 128, 192 and 256 bit keys in CBC-MAC Mode (\s-1CCM\s0) and Galois Counter +Mode (\s-1GCM\s0). These ciphers require additional control operations to function +correctly, see the \*(L"\s-1AEAD\s0 Interface\*(R" in \fIEVP_EncryptInit\fR\|(3) section for details. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fIEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIevp\fR\|(7), +\&\fIEVP_EncryptInit\fR\|(3), +\&\fIEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_bf_cbc.3 b/linux_amd64/ssl/share/man/man3/EVP_bf_cbc.3 new file mode 100755 index 0000000..3638f26 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_bf_cbc.3 @@ -0,0 +1,175 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_BF_CBC 3" +.TH EVP_BF_CBC 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_bf_cbc, +EVP_bf_cfb, +EVP_bf_cfb64, +EVP_bf_ecb, +EVP_bf_ofb +\&\- EVP Blowfish cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_bf_cbc(void) +\& const EVP_CIPHER *EVP_bf_cfb(void) +\& const EVP_CIPHER *EVP_bf_cfb64(void) +\& const EVP_CIPHER *EVP_bf_ecb(void) +\& const EVP_CIPHER *EVP_bf_ofb(void) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The Blowfish encryption algorithm for \s-1EVP\s0. +.PP +This is a variable key length cipher. +.IP "\fIEVP_bf_cbc()\fR, \fIEVP_bf_cfb()\fR, \fIEVP_bf_cfb64()\fR, \fIEVP_bf_ecb()\fR, \fIEVP_bf_ofb()\fR" 4 +.IX Item "EVP_bf_cbc(), EVP_bf_cfb(), EVP_bf_cfb64(), EVP_bf_ecb(), EVP_bf_ofb()" +Blowfish encryption algorithm in \s-1CBC\s0, \s-1CFB\s0, \s-1ECB\s0 and \s-1OFB\s0 modes respectively. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fIEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIevp\fR\|(7), +\&\fIEVP_EncryptInit\fR\|(3), +\&\fIEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_blake2b512.3 b/linux_amd64/ssl/share/man/man3/EVP_blake2b512.3 new file mode 100755 index 0000000..ce7a2d9 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_blake2b512.3 @@ -0,0 +1,179 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_BLAKE2B512 3" +.TH EVP_BLAKE2B512 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_blake2b512, +EVP_blake2s256 +\&\- BLAKE2 For EVP +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_MD *EVP_blake2b512(void); +\& const EVP_MD *EVP_blake2s256(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1BLAKE2\s0 is an improved version of \s-1BLAKE\s0, which was submitted to the \s-1NIST\s0 \s-1SHA\-3\s0 +algorithm competition. The BLAKE2s and BLAKE2b algorithms are described in +\&\s-1RFC\s0 7693. +.IP "\fIEVP_blake2s256()\fR" 4 +.IX Item "EVP_blake2s256()" +The BLAKE2s algorithm that produces a 256\-bit output from a given input. +.IP "\fIEVP_blake2b512()\fR" 4 +.IX Item "EVP_blake2b512()" +The BLAKE2b algorithm that produces a 512\-bit output from a given input. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the +implementation of the symmetric cipher. See \fIEVP_MD_meth_new\fR\|(3) for +details of the \fB\s-1EVP_MD\s0\fR structure. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1RFC\s0 7693. +.SH "NOTES" +.IX Header "NOTES" +While the BLAKE2b and BLAKE2s algorithms supports a variable length digest, +this implementation outputs a digest of a fixed length (the maximum length +supported), which is 512\-bits for BLAKE2b and 256\-bits for BLAKE2s. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIevp\fR\|(7), +\&\fIEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_camellia_128_ecb.3 b/linux_amd64/ssl/share/man/man3/EVP_camellia_128_ecb.3 new file mode 100755 index 0000000..978a0ea --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_camellia_128_ecb.3 @@ -0,0 +1,192 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_CAMELLIA_128_ECB 3" +.TH EVP_CAMELLIA_128_ECB 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_camellia_128_cbc, +EVP_camellia_192_cbc, +EVP_camellia_256_cbc, +EVP_camellia_128_cfb, +EVP_camellia_192_cfb, +EVP_camellia_256_cfb, +EVP_camellia_128_cfb1, +EVP_camellia_192_cfb1, +EVP_camellia_256_cfb1, +EVP_camellia_128_cfb8, +EVP_camellia_192_cfb8, +EVP_camellia_256_cfb8, +EVP_camellia_128_cfb128, +EVP_camellia_192_cfb128, +EVP_camellia_256_cfb128, +EVP_camellia_128_ctr, +EVP_camellia_192_ctr, +EVP_camellia_256_ctr, +EVP_camellia_128_ecb, +EVP_camellia_192_ecb, +EVP_camellia_256_ecb, +EVP_camellia_128_ofb, +EVP_camellia_192_ofb, +EVP_camellia_256_ofb +\&\- EVP Camellia cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_ciphername(void) +.Ve +.PP +\&\fIEVP_ciphername\fR is used a placeholder for any of the described cipher +functions, such as \fIEVP_camellia_128_cbc\fR. +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The Camellia encryption algorithm for \s-1EVP\s0. +.IP "\fIEVP_camellia_128_cbc()\fR, \fIEVP_camellia_192_cbc()\fR, \fIEVP_camellia_256_cbc()\fR, \fIEVP_camellia_128_cfb()\fR, \fIEVP_camellia_192_cfb()\fR, \fIEVP_camellia_256_cfb()\fR, \fIEVP_camellia_128_cfb1()\fR, \fIEVP_camellia_192_cfb1()\fR, \fIEVP_camellia_256_cfb1()\fR, \fIEVP_camellia_128_cfb8()\fR, \fIEVP_camellia_192_cfb8()\fR, \fIEVP_camellia_256_cfb8()\fR, \fIEVP_camellia_128_cfb128()\fR, \fIEVP_camellia_192_cfb128()\fR, \fIEVP_camellia_256_cfb128()\fR, \fIEVP_camellia_128_ctr()\fR, \fIEVP_camellia_192_ctr()\fR, \fIEVP_camellia_256_ctr()\fR, \fIEVP_camellia_128_ecb()\fR, \fIEVP_camellia_192_ecb()\fR, \fIEVP_camellia_256_ecb()\fR, \fIEVP_camellia_128_ofb()\fR, \fIEVP_camellia_192_ofb()\fR, \fIEVP_camellia_256_ofb()\fR" 4 +.IX Item "EVP_camellia_128_cbc(), EVP_camellia_192_cbc(), EVP_camellia_256_cbc(), EVP_camellia_128_cfb(), EVP_camellia_192_cfb(), EVP_camellia_256_cfb(), EVP_camellia_128_cfb1(), EVP_camellia_192_cfb1(), EVP_camellia_256_cfb1(), EVP_camellia_128_cfb8(), EVP_camellia_192_cfb8(), EVP_camellia_256_cfb8(), EVP_camellia_128_cfb128(), EVP_camellia_192_cfb128(), EVP_camellia_256_cfb128(), EVP_camellia_128_ctr(), EVP_camellia_192_ctr(), EVP_camellia_256_ctr(), EVP_camellia_128_ecb(), EVP_camellia_192_ecb(), EVP_camellia_256_ecb(), EVP_camellia_128_ofb(), EVP_camellia_192_ofb(), EVP_camellia_256_ofb()" +Camellia for 128, 192 and 256 bit keys in the following modes: \s-1CBC\s0, \s-1CFB\s0 with +128\-bit shift, \s-1CFB\s0 with 1\-bit shift, \s-1CFB\s0 with 8\-bit shift, \s-1CTR\s0, \s-1ECB\s0 and \s-1OFB\s0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fIEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIevp\fR\|(7), +\&\fIEVP_EncryptInit\fR\|(3), +\&\fIEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_cast5_cbc.3 b/linux_amd64/ssl/share/man/man3/EVP_cast5_cbc.3 new file mode 100755 index 0000000..a70c0c2 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_cast5_cbc.3 @@ -0,0 +1,175 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_CAST5_CBC 3" +.TH EVP_CAST5_CBC 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_cast5_cbc, +EVP_cast5_cfb, +EVP_cast5_cfb64, +EVP_cast5_ecb, +EVP_cast5_ofb +\&\- EVP CAST cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_cast5_cbc(void) +\& const EVP_CIPHER *EVP_cast5_cfb(void) +\& const EVP_CIPHER *EVP_cast5_cfb64(void) +\& const EVP_CIPHER *EVP_cast5_ecb(void) +\& const EVP_CIPHER *EVP_cast5_ofb(void) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1CAST\s0 encryption algorithm for \s-1EVP\s0. +.PP +This is a variable key length cipher. +.IP "\fIEVP_cast5_cbc()\fR, \fIEVP_cast5_ecb()\fR, \fIEVP_cast5_cfb()\fR, \fIEVP_cast5_cfb64()\fR, \fIEVP_cast5_ofb()\fR" 4 +.IX Item "EVP_cast5_cbc(), EVP_cast5_ecb(), EVP_cast5_cfb(), EVP_cast5_cfb64(), EVP_cast5_ofb()" +\&\s-1CAST\s0 encryption algorithm in \s-1CBC\s0, \s-1ECB\s0, \s-1CFB\s0 and \s-1OFB\s0 modes respectively. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fIEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIevp\fR\|(7), +\&\fIEVP_EncryptInit\fR\|(3), +\&\fIEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_chacha20.3 b/linux_amd64/ssl/share/man/man3/EVP_chacha20.3 new file mode 100755 index 0000000..0b122a9 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_chacha20.3 @@ -0,0 +1,181 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_CHACHA20 3" +.TH EVP_CHACHA20 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_chacha20, +EVP_chacha20_poly1305 +\&\- EVP ChaCha20 stream cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_chacha20(void) +\& const EVP_CIPHER *EVP_chacha20_poly1305(void) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The ChaCha20 stream cipher for \s-1EVP\s0. +.IP "\fIEVP_chacha20()\fR" 4 +.IX Item "EVP_chacha20()" +The ChaCha20 stream cipher. The key length is 256 bits, the \s-1IV\s0 is 128 bits long. +The first 32 bits consists of a counter in little-endian order followed by a 96 +bit nonce. For example a nonce of: +.Sp +000000000000000000000002 +.Sp +With an initial counter of 42 (2a in hex) would be expressed as: +.Sp +2a000000000000000000000000000002 +.IP "\fIEVP_chacha20_poly1305()\fR" 4 +.IX Item "EVP_chacha20_poly1305()" +Authenticated encryption with ChaCha20\-Poly1305. Like \fIEVP_chacha20()\fR, the key +is 256 bits and the \s-1IV\s0 is 96 bits. This supports additional authenticated data +(\s-1AAD\s0) and produces a 128\-bit authentication tag. See the +\&\*(L"\s-1AEAD\s0 Interface\*(R" in \fIEVP_EncryptInit\fR\|(3) section for more information. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fIEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIevp\fR\|(7), +\&\fIEVP_EncryptInit\fR\|(3), +\&\fIEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_des_cbc.3 b/linux_amd64/ssl/share/man/man3/EVP_des_cbc.3 new file mode 100755 index 0000000..a8e7940 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_des_cbc.3 @@ -0,0 +1,200 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_DES_CBC 3" +.TH EVP_DES_CBC 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_des_cbc, +EVP_des_cfb, +EVP_des_cfb1, +EVP_des_cfb8, +EVP_des_cfb64, +EVP_des_ecb, +EVP_des_ofb, +EVP_des_ede, +EVP_des_ede_cbc, +EVP_des_ede_cfb, +EVP_des_ede_cfb64, +EVP_des_ede_ecb, +EVP_des_ede_ofb, +EVP_des_ede3, +EVP_des_ede3_cbc, +EVP_des_ede3_cfb, +EVP_des_ede3_cfb1, +EVP_des_ede3_cfb8, +EVP_des_ede3_cfb64, +EVP_des_ede3_ecb, +EVP_des_ede3_ofb, +EVP_des_ede3_wrap +\&\- EVP DES cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_ciphername(void) +.Ve +.PP +\&\fIEVP_ciphername\fR is used a placeholder for any of the described cipher +functions, such as \fIEVP_des_cbc\fR. +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1DES\s0 encryption algorithm for \s-1EVP\s0. +.IP "\fIEVP_des_cbc()\fR, \fIEVP_des_ecb()\fR, \fIEVP_des_cfb()\fR, \fIEVP_des_cfb1()\fR, \fIEVP_des_cfb8()\fR, \fIEVP_des_cfb64()\fR, \fIEVP_des_ofb()\fR" 4 +.IX Item "EVP_des_cbc(), EVP_des_ecb(), EVP_des_cfb(), EVP_des_cfb1(), EVP_des_cfb8(), EVP_des_cfb64(), EVP_des_ofb()" +\&\s-1DES\s0 in \s-1CBC\s0, \s-1ECB\s0, \s-1CFB\s0 with 64\-bit shift, \s-1CFB\s0 with 1\-bit shift, \s-1CFB\s0 with 8\-bit +shift and \s-1OFB\s0 modes. +.IP "\fIEVP_des_ede()\fR, \fIEVP_des_ede_cbc()\fR, \fIEVP_des_ede_cfb()\fR, \fIEVP_des_ede_cfb64()\fR, \fIEVP_des_ede_ecb()\fR, \fIEVP_des_ede_ofb()\fR" 4 +.IX Item "EVP_des_ede(), EVP_des_ede_cbc(), EVP_des_ede_cfb(), EVP_des_ede_cfb64(), EVP_des_ede_ecb(), EVP_des_ede_ofb()" +Two key triple \s-1DES\s0 in \s-1ECB\s0, \s-1CBC\s0, \s-1CFB\s0 with 64\-bit shift and \s-1OFB\s0 modes. +.IP "\fIEVP_des_ede3()\fR, \fIEVP_des_ede3_cbc()\fR, \fIEVP_des_ede3_cfb()\fR, \fIEVP_des_ede3_cfb1()\fR, \fIEVP_des_ede3_cfb8()\fR, \fIEVP_des_ede3_cfb64()\fR, \fIEVP_des_ede3_ecb()\fR, \fIEVP_des_ede3_ofb()\fR" 4 +.IX Item "EVP_des_ede3(), EVP_des_ede3_cbc(), EVP_des_ede3_cfb(), EVP_des_ede3_cfb1(), EVP_des_ede3_cfb8(), EVP_des_ede3_cfb64(), EVP_des_ede3_ecb(), EVP_des_ede3_ofb()" +Three-key triple \s-1DES\s0 in \s-1ECB\s0, \s-1CBC\s0, \s-1CFB\s0 with 64\-bit shift, \s-1CFB\s0 with 1\-bit shift, +\&\s-1CFB\s0 with 8\-bit shift and \s-1OFB\s0 modes. +.IP "\fIEVP_des_ede3_wrap()\fR" 4 +.IX Item "EVP_des_ede3_wrap()" +Triple-DES key wrap according to \s-1RFC\s0 3217 Section 3. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fIEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIevp\fR\|(7), +\&\fIEVP_EncryptInit\fR\|(3), +\&\fIEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_desx_cbc.3 b/linux_amd64/ssl/share/man/man3/EVP_desx_cbc.3 new file mode 100755 index 0000000..0f1e4e6 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_desx_cbc.3 @@ -0,0 +1,167 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_DESX_CBC 3" +.TH EVP_DESX_CBC 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_desx_cbc +\&\- EVP DES\-X cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_desx_cbc(void) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The DES-X encryption algorithm for \s-1EVP\s0. +.PP +All modes below use a key length of 128 bits and acts on blocks of 128\-bits. +.IP "\fIEVP_desx_cbc()\fR" 4 +.IX Item "EVP_desx_cbc()" +The DES-X algorithm in \s-1CBC\s0 mode. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fIEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIevp\fR\|(7), +\&\fIEVP_EncryptInit\fR\|(3), +\&\fIEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_idea_cbc.3 b/linux_amd64/ssl/share/man/man3/EVP_idea_cbc.3 new file mode 100755 index 0000000..e95243f --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_idea_cbc.3 @@ -0,0 +1,173 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_IDEA_CBC 3" +.TH EVP_IDEA_CBC 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_idea_cbc, +EVP_idea_cfb, +EVP_idea_cfb64, +EVP_idea_ecb, +EVP_idea_ofb +\&\- EVP IDEA cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_idea_cbc(void) +\& const EVP_CIPHER *EVP_idea_cfb(void) +\& const EVP_CIPHER *EVP_idea_cfb64(void) +\& const EVP_CIPHER *EVP_idea_ecb(void) +\& const EVP_CIPHER *EVP_idea_ofb(void) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1IDEA\s0 encryption algorithm for \s-1EVP\s0. +.IP "\fIEVP_idea_cbc()\fR, \fIEVP_idea_cfb()\fR, \fIEVP_idea_cfb64()\fR, \fIEVP_idea_ecb()\fR, \fIEVP_idea_ofb()\fR" 4 +.IX Item "EVP_idea_cbc(), EVP_idea_cfb(), EVP_idea_cfb64(), EVP_idea_ecb(), EVP_idea_ofb()" +The \s-1IDEA\s0 encryption algorithm in \s-1CBC\s0, \s-1CFB\s0, \s-1ECB\s0 and \s-1OFB\s0 modes respectively. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fIEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIevp\fR\|(7), +\&\fIEVP_EncryptInit\fR\|(3), +\&\fIEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_md2.3 b/linux_amd64/ssl/share/man/man3/EVP_md2.3 new file mode 100755 index 0000000..e00efcb --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_md2.3 @@ -0,0 +1,168 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_MD2 3" +.TH EVP_MD2 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_md2 +\&\- MD2 For EVP +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_MD *EVP_md2(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1MD2\s0 is a cryptographic hash function standardized in \s-1RFC\s0 1319 and designed by +Ronald Rivest. +.IP "\fIEVP_md2()\fR" 4 +.IX Item "EVP_md2()" +The \s-1MD2\s0 algorithm which produces a 128\-bit output from a given input. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the +implementation of the symmetric cipher. See \fIEVP_MD_meth_new\fR\|(3) for +details of the \fB\s-1EVP_MD\s0\fR structure. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1IETF\s0 \s-1RFC\s0 1319. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIevp\fR\|(7), +\&\fIEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_md4.3 b/linux_amd64/ssl/share/man/man3/EVP_md4.3 new file mode 100755 index 0000000..184d1a8 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_md4.3 @@ -0,0 +1,168 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_MD4 3" +.TH EVP_MD4 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_md4 +\&\- MD4 For EVP +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_MD *EVP_md4(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1MD4\s0 is a cryptographic hash function standardized in \s-1RFC\s0 1320 and designed by +Ronald Rivest, first published in 1990. +.IP "\fIEVP_md4()\fR" 4 +.IX Item "EVP_md4()" +The \s-1MD4\s0 algorithm which produces a 128\-bit output from a given input. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the +implementation of the symmetric cipher. See \fIEVP_MD_meth_new\fR\|(3) for +details of the \fB\s-1EVP_MD\s0\fR structure. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1IETF\s0 \s-1RFC\s0 1320. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIevp\fR\|(7), +\&\fIEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_md5.3 b/linux_amd64/ssl/share/man/man3/EVP_md5.3 new file mode 100755 index 0000000..803d642 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_md5.3 @@ -0,0 +1,179 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_MD5 3" +.TH EVP_MD5 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_md5, +EVP_md5_sha1 +\&\- MD5 For EVP +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_MD *EVP_md5(void); +\& const EVP_MD *EVP_md5_sha1(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1MD5\s0 is a cryptographic hash function standardized in \s-1RFC\s0 1321 and designed by +Ronald Rivest. +.PP +The \s-1CMU\s0 Software Engineering Institute considers \s-1MD5\s0 unsuitable for further +use since its security has been severely compromised. +.IP "\fIEVP_md5()\fR" 4 +.IX Item "EVP_md5()" +The \s-1MD5\s0 algorithm which produces a 128\-bit output from a given input. +.IP "\fIEVP_md5_sha1()\fR" 4 +.IX Item "EVP_md5_sha1()" +A hash algorithm of \s-1SSL\s0 v3 that combines \s-1MD5\s0 with \s-1SHA\-1\s0 as described in \s-1RFC\s0 +6101. +.Sp +\&\s-1WARNING:\s0 this algorithm is not intended for non-SSL usage. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the +implementation of the symmetric cipher. See \fIEVP_MD_meth_new\fR\|(3) for +details of the \fB\s-1EVP_MD\s0\fR structure. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1IETF\s0 \s-1RFC\s0 1321. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIevp\fR\|(7), +\&\fIEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_mdc2.3 b/linux_amd64/ssl/share/man/man3/EVP_mdc2.3 new file mode 100755 index 0000000..da65edd --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_mdc2.3 @@ -0,0 +1,169 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_MDC2 3" +.TH EVP_MDC2 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_mdc2 +\&\- MDC\-2 For EVP +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_MD *EVP_mdc2(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1MDC\-2\s0 (Modification Detection Code 2 or Meyer-Schilling) is a cryptographic +hash function based on a block cipher. +.IP "\fIEVP_mdc2()\fR" 4 +.IX Item "EVP_mdc2()" +The \s-1MDC\-2DES\s0 algorithm of using \s-1MDC\-2\s0 with the \s-1DES\s0 block cipher. It produces a +128\-bit output from a given input. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the +implementation of the symmetric cipher. See \fIEVP_MD_meth_new\fR\|(3) for +details of the \fB\s-1EVP_MD\s0\fR structure. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1ISO/IEC\s0 10118\-2:2000 Hash-Function 2, with \s-1DES\s0 as the underlying block cipher. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIevp\fR\|(7), +\&\fIEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_rc2_cbc.3 b/linux_amd64/ssl/share/man/man3/EVP_rc2_cbc.3 new file mode 100755 index 0000000..7510d47 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_rc2_cbc.3 @@ -0,0 +1,187 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_RC2_CBC 3" +.TH EVP_RC2_CBC 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_rc2_cbc, +EVP_rc2_cfb, +EVP_rc2_cfb64, +EVP_rc2_ecb, +EVP_rc2_ofb, +EVP_rc2_40_cbc, +EVP_rc2_64_cbc +\&\- EVP RC2 cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_rc2_cbc(void) +\& const EVP_CIPHER *EVP_rc2_cfb(void) +\& const EVP_CIPHER *EVP_rc2_cfb64(void) +\& const EVP_CIPHER *EVP_rc2_ecb(void) +\& const EVP_CIPHER *EVP_rc2_ofb(void) +\& const EVP_CIPHER *EVP_rc2_40_cbc(void) +\& const EVP_CIPHER *EVP_rc2_64_cbc(void) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1RC2\s0 encryption algorithm for \s-1EVP\s0. +.IP "\fIEVP_rc2_cbc()\fR, \fIEVP_rc2_cfb()\fR, \fIEVP_rc2_cfb64()\fR, \fIEVP_rc2_ecb()\fR, \fIEVP_rc2_ofb()\fR" 4 +.IX Item "EVP_rc2_cbc(), EVP_rc2_cfb(), EVP_rc2_cfb64(), EVP_rc2_ecb(), EVP_rc2_ofb()" +\&\s-1RC2\s0 encryption algorithm in \s-1CBC\s0, \s-1CFB\s0, \s-1ECB\s0 and \s-1OFB\s0 modes respectively. This is a +variable key length cipher with an additional parameter called \*(L"effective key +bits\*(R" or \*(L"effective key length\*(R". By default both are set to 128 bits. +.IP "\fIEVP_rc2_40_cbc()\fR, \fIEVP_rc2_64_cbc()\fR" 4 +.IX Item "EVP_rc2_40_cbc(), EVP_rc2_64_cbc()" +\&\s-1RC2\s0 algorithm in \s-1CBC\s0 mode with a default key length and effective key length of +40 and 64 bits. +.Sp +\&\s-1WARNING:\s0 these functions are obsolete. Their usage should be replaced with the +\&\fIEVP_rc2_cbc()\fR, \fIEVP_CIPHER_CTX_set_key_length()\fR and \fIEVP_CIPHER_CTX_ctrl()\fR +functions to set the key length and effective key length. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fIEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIevp\fR\|(7), +\&\fIEVP_EncryptInit\fR\|(3), +\&\fIEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_rc4.3 b/linux_amd64/ssl/share/man/man3/EVP_rc4.3 new file mode 100755 index 0000000..6fde757 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_rc4.3 @@ -0,0 +1,183 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_RC4 3" +.TH EVP_RC4 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_rc4, +EVP_rc4_40, +EVP_rc4_hmac_md5 +\&\- EVP RC4 stream cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_rc4(void) +\& const EVP_CIPHER *EVP_rc4_40(void) +\& const EVP_CIPHER *EVP_rc4_hmac_md5(void) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1RC4\s0 stream cipher for \s-1EVP\s0. +.IP "\fIEVP_rc4()\fR" 4 +.IX Item "EVP_rc4()" +\&\s-1RC4\s0 stream cipher. This is a variable key length cipher with a default key +length of 128 bits. +.IP "\fIEVP_rc4_40()\fR" 4 +.IX Item "EVP_rc4_40()" +\&\s-1RC4\s0 stream cipher with 40 bit key length. +.Sp +\&\s-1WARNING:\s0 this function is obsolete. Its usage should be replaced with the +\&\fIEVP_rc4()\fR and the \fIEVP_CIPHER_CTX_set_key_length()\fR functions. +.IP "\fIEVP_rc4_hmac_md5()\fR" 4 +.IX Item "EVP_rc4_hmac_md5()" +Authenticated encryption with the \s-1RC4\s0 stream cipher with \s-1MD5\s0 as \s-1HMAC\s0. +.Sp +\&\s-1WARNING:\s0 this is not intended for usage outside of \s-1TLS\s0 and requires calling of +some undocumented ctrl functions. These ciphers do not conform to the \s-1EVP\s0 \s-1AEAD\s0 +interface. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fIEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIevp\fR\|(7), +\&\fIEVP_EncryptInit\fR\|(3), +\&\fIEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_rc5_32_12_16_cbc.3 b/linux_amd64/ssl/share/man/man3/EVP_rc5_32_12_16_cbc.3 new file mode 100755 index 0000000..ac387c8 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_rc5_32_12_16_cbc.3 @@ -0,0 +1,192 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_RC5_32_12_16_CBC 3" +.TH EVP_RC5_32_12_16_CBC 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_rc5_32_12_16_cbc, +EVP_rc5_32_12_16_cfb, +EVP_rc5_32_12_16_cfb64, +EVP_rc5_32_12_16_ecb, +EVP_rc5_32_12_16_ofb +\&\- EVP RC5 cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_rc5_32_12_16_cbc(void) +\& const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void) +\& const EVP_CIPHER *EVP_rc5_32_12_16_cfb64(void) +\& const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void) +\& const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1RC5\s0 encryption algorithm for \s-1EVP\s0. +.IP "\fIEVP_rc5_32_12_16_cbc()\fR, \fIEVP_rc5_32_12_16_cfb()\fR, \fIEVP_rc5_32_12_16_cfb64()\fR, \fIEVP_rc5_32_12_16_ecb()\fR, \fIEVP_rc5_32_12_16_ofb()\fR" 4 +.IX Item "EVP_rc5_32_12_16_cbc(), EVP_rc5_32_12_16_cfb(), EVP_rc5_32_12_16_cfb64(), EVP_rc5_32_12_16_ecb(), EVP_rc5_32_12_16_ofb()" +\&\s-1RC5\s0 encryption algorithm in \s-1CBC\s0, \s-1CFB\s0, \s-1ECB\s0 and \s-1OFB\s0 modes respectively. This is a +variable key length cipher with an additional \*(L"number of rounds\*(R" parameter. By +default the key length is set to 128 bits and 12 rounds. Alternative key lengths +can be set using \fIEVP_CIPHER_CTX_set_key_length\fR\|(3). The maximum key length is +2040 bits. +.Sp +The following rc5 specific \fIctrl\fRs are supported (see +\&\fIEVP_CIPHER_CTX_ctrl\fR\|(3)). +.RS 4 +.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_SET_RC5_ROUNDS\s0, rounds, \s-1NULL\s0)" 4 +.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC5_ROUNDS, rounds, NULL)" +Sets the number of rounds to \fBrounds\fR. This must be one of \s-1RC5_8_ROUNDS\s0, +\&\s-1RC5_12_ROUNDS\s0 or \s-1RC5_16_ROUNDS\s0. +.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_GET_RC5_ROUNDS\s0, 0, &rounds)" 4 +.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC5_ROUNDS, 0, &rounds)" +Stores the number of rounds currently configured in \fB*rounds\fR where \fB*rounds\fR +is an int. +.RE +.RS 4 +.RE +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fIEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIevp\fR\|(7), +\&\fIEVP_EncryptInit\fR\|(3), +\&\fIEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_ripemd160.3 b/linux_amd64/ssl/share/man/man3/EVP_ripemd160.3 new file mode 100755 index 0000000..b4a6d82 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_ripemd160.3 @@ -0,0 +1,168 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_RIPEMD160 3" +.TH EVP_RIPEMD160 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_ripemd160 +\&\- RIPEMD160 For EVP +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_MD *EVP_ripemd160(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1RIPEMD\-160\s0 is a cryptographic hash function first published in 1996 belonging +to the \s-1RIPEMD\s0 family (\s-1RACE\s0 Integrity Primitives Evaluation Message Digest). +.IP "\fIEVP_ripemd160()\fR" 4 +.IX Item "EVP_ripemd160()" +The \s-1RIPEMD\-160\s0 algorithm which produces a 160\-bit output from a given input. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the +implementation of the symmetric cipher. See \fIEVP_MD_meth_new\fR\|(3) for +details of the \fB\s-1EVP_MD\s0\fR structure. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1ISO/IEC\s0 10118\-3:2016 Dedicated Hash-Function 1 (\s-1RIPEMD\-160\s0). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIevp\fR\|(7), +\&\fIEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_seed_cbc.3 b/linux_amd64/ssl/share/man/man3/EVP_seed_cbc.3 new file mode 100755 index 0000000..4e8037a --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_seed_cbc.3 @@ -0,0 +1,175 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_SEED_CBC 3" +.TH EVP_SEED_CBC 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_seed_cbc, +EVP_seed_cfb, +EVP_seed_cfb128, +EVP_seed_ecb, +EVP_seed_ofb +\&\- EVP SEED cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_seed_cbc(void) +\& const EVP_CIPHER *EVP_seed_cfb(void) +\& const EVP_CIPHER *EVP_seed_cfb128(void) +\& const EVP_CIPHER *EVP_seed_ecb(void) +\& const EVP_CIPHER *EVP_seed_ofb(void) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1SEED\s0 encryption algorithm for \s-1EVP\s0. +.PP +All modes below use a key length of 128 bits and acts on blocks of 128\-bits. +.IP "\fIEVP_seed_cbc()\fR, \fIEVP_seed_cfb()\fR, \fIEVP_seed_cfb128()\fR, \fIEVP_seed_ecb()\fR, \fIEVP_seed_ofb()\fR" 4 +.IX Item "EVP_seed_cbc(), EVP_seed_cfb(), EVP_seed_cfb128(), EVP_seed_ecb(), EVP_seed_ofb()" +The \s-1SEED\s0 encryption algorithm in \s-1CBC\s0, \s-1CFB\s0, \s-1ECB\s0 and \s-1OFB\s0 modes respectively. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fIEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIevp\fR\|(7), +\&\fIEVP_EncryptInit\fR\|(3), +\&\fIEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_set_default_properties.3 b/linux_amd64/ssl/share/man/man3/EVP_set_default_properties.3 new file mode 100755 index 0000000..0679887 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_set_default_properties.3 @@ -0,0 +1,170 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_SET_DEFAULT_PROPERTIES 3" +.TH EVP_SET_DEFAULT_PROPERTIES 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_set_default_properties +\&\- Set default properties for future algorithm fetches +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_set_default_properties(OPENSSL_CTX *libctx, const char *propq); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIEVP_set_default_properties()\fR sets the default properties for all +future \s-1EVP\s0 algorithm fetches, implicit as well as explicit. +.PP +EVP_set_default_properties stores the properties given with the string +\&\fIpropq\fR among the \s-1EVP\s0 data that's been stored in the library context +given with \fIlibctx\fR (\s-1NULL\s0 signifies the default library context). +.PP +Any previous default property for the specified library context will +be dropped. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_set_default_properties()\fR returns 1 on success, or 0 on failure. +The latter adds an error on the error stack. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_MD_fetch\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_sha1.3 b/linux_amd64/ssl/share/man/man3/EVP_sha1.3 new file mode 100755 index 0000000..de2d36d --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_sha1.3 @@ -0,0 +1,169 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_SHA1 3" +.TH EVP_SHA1 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_sha1 +\&\- SHA\-1 For EVP +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_MD *EVP_sha1(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1SHA\-1\s0 (Secure Hash Algorithm 1) is a cryptographic hash function standardized +in \s-1NIST\s0 \s-1FIPS\s0 180\-4. The algorithm was designed by the United States National +Security Agency and initially published in 1995. +.IP "\fIEVP_sha1()\fR" 4 +.IX Item "EVP_sha1()" +The \s-1SHA\-1\s0 algorithm which produces a 160\-bit output from a given input. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the +implementation of the symmetric cipher. See \fIEVP_MD_meth_new\fR\|(3) for +details of the \fB\s-1EVP_MD\s0\fR structure. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1NIST\s0 \s-1FIPS\s0 180\-4. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIevp\fR\|(7), +\&\fIEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_sha224.3 b/linux_amd64/ssl/share/man/man3/EVP_sha224.3 new file mode 100755 index 0000000..4e2083f --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_sha224.3 @@ -0,0 +1,184 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_SHA224 3" +.TH EVP_SHA224 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_sha224, +EVP_sha256, +EVP_sha512_224, +EVP_sha512_256, +EVP_sha384, +EVP_sha512 +\&\- SHA\-2 For EVP +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_MD *EVP_sha224(void); +\& const EVP_MD *EVP_sha256(void); +\& const EVP_MD *EVP_sha512_224(void); +\& const EVP_MD *EVP_sha512_256(void); +\& const EVP_MD *EVP_sha384(void); +\& const EVP_MD *EVP_sha512(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1SHA\-2\s0 (Secure Hash Algorithm 2) is a family of cryptographic hash functions +standardized in \s-1NIST\s0 \s-1FIPS\s0 180\-4, first published in 2001. +.IP "\fIEVP_sha224()\fR, \fIEVP_sha256()\fR, EVP_sha512_224, EVP_sha512_256, \fIEVP_sha384()\fR, \fIEVP_sha512()\fR" 4 +.IX Item "EVP_sha224(), EVP_sha256(), EVP_sha512_224, EVP_sha512_256, EVP_sha384(), EVP_sha512()" +The \s-1SHA\-2\s0 \s-1SHA\-224\s0, \s-1SHA\-256\s0, \s-1SHA\-512/224\s0, \s-1SHA512/256\s0, \s-1SHA\-384\s0 and \s-1SHA\-512\s0 +algorithms, which generate 224, 256, 224, 256, 384 and 512 bits +respectively of output from a given input. +.Sp +The two algorithms: \s-1SHA\-512/224\s0 and \s-1SHA512/256\s0 are truncated forms of the +\&\s-1SHA\-512\s0 algorithm. They are distinct from \s-1SHA\-224\s0 and \s-1SHA\-256\s0 even though +their outputs are of the same size. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the +implementation of the symmetric cipher. See \fIEVP_MD_meth_new\fR\|(3) for +details of the \fB\s-1EVP_MD\s0\fR structure. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1NIST\s0 \s-1FIPS\s0 180\-4. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIevp\fR\|(7), +\&\fIEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_sha3_224.3 b/linux_amd64/ssl/share/man/man3/EVP_sha3_224.3 new file mode 100755 index 0000000..dde361e --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_sha3_224.3 @@ -0,0 +1,189 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_SHA3_224 3" +.TH EVP_SHA3_224 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_sha3_224, +EVP_sha3_256, +EVP_sha3_384, +EVP_sha3_512, +EVP_shake128, +EVP_shake256 +\&\- SHA\-3 For EVP +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_MD *EVP_sha3_224(void); +\& const EVP_MD *EVP_sha3_256(void); +\& const EVP_MD *EVP_sha3_384(void); +\& const EVP_MD *EVP_sha3_512(void); +\& +\& const EVP_MD *EVP_shake128(void); +\& const EVP_MD *EVP_shake256(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1SHA\-3\s0 (Secure Hash Algorithm 3) is a family of cryptographic hash functions +standardized in \s-1NIST\s0 \s-1FIPS\s0 202, first published in 2015. It is based on the +Keccak algorithm. +.IP "\fIEVP_sha3_224()\fR, \fIEVP_sha3_256()\fR, \fIEVP_sha3_384()\fR, \fIEVP_sha3_512()\fR" 4 +.IX Item "EVP_sha3_224(), EVP_sha3_256(), EVP_sha3_384(), EVP_sha3_512()" +The \s-1SHA\-3\s0 \s-1SHA\-3\-224\s0, \s-1SHA\-3\-256\s0, \s-1SHA\-3\-384\s0, and \s-1SHA\-3\-512\s0 algorithms +respectively. They produce 224, 256, 384 and 512 bits of output from a given +input. +.IP "\fIEVP_shake128()\fR, \fIEVP_shake256()\fR" 4 +.IX Item "EVP_shake128(), EVP_shake256()" +The \s-1SHAKE\-128\s0 and \s-1SHAKE\-256\s0 Extendable Output Functions (\s-1XOF\s0) that can generate +a variable hash length. +.Sp +Specifically, \fBEVP_shake128\fR provides an overall security of 128 bits, while +\&\fBEVP_shake256\fR provides that of 256 bits. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the +implementation of the symmetric cipher. See \fIEVP_MD_meth_new\fR\|(3) for +details of the \fB\s-1EVP_MD\s0\fR structure. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1NIST\s0 \s-1FIPS\s0 202. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIevp\fR\|(7), +\&\fIEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_sm3.3 b/linux_amd64/ssl/share/man/man3/EVP_sm3.3 new file mode 100755 index 0000000..5fe265d --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_sm3.3 @@ -0,0 +1,169 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_SM3 3" +.TH EVP_SM3 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_sm3 +\&\- SM3 for EVP +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_MD *EVP_sm3(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1SM3\s0 is a cryptographic hash function with a 256\-bit output, defined in \s-1GB/T\s0 +32905\-2016. +.IP "\fIEVP_sm3()\fR" 4 +.IX Item "EVP_sm3()" +The \s-1SM3\s0 hash function. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the +implementation of the symmetric cipher. See \fIEVP_MD_meth_new\fR\|(3) for +details of the \fB\s-1EVP_MD\s0\fR structure. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1GB/T\s0 32905\-2016 and \s-1GM/T\s0 0004\-2012. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIevp\fR\|(7), +\&\fIEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017 Ribose Inc. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_sm4_cbc.3 b/linux_amd64/ssl/share/man/man3/EVP_sm4_cbc.3 new file mode 100755 index 0000000..f135964 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_sm4_cbc.3 @@ -0,0 +1,179 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_SM4_CBC 3" +.TH EVP_SM4_CBC 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_sm4_cbc, +EVP_sm4_ecb, +EVP_sm4_cfb, +EVP_sm4_cfb128, +EVP_sm4_ofb, +EVP_sm4_ctr +\&\- EVP SM4 cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_sm4_cbc(void); +\& const EVP_CIPHER *EVP_sm4_ecb(void); +\& const EVP_CIPHER *EVP_sm4_cfb(void); +\& const EVP_CIPHER *EVP_sm4_cfb128(void); +\& const EVP_CIPHER *EVP_sm4_ofb(void); +\& const EVP_CIPHER *EVP_sm4_ctr(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1SM4\s0 blockcipher (\s-1GB/T\s0 32907\-2016) for \s-1EVP\s0. +.PP +All modes below use a key length of 128 bits and acts on blocks of 128 bits. +.IP "\fIEVP_sm4_cbc()\fR, \fIEVP_sm4_ecb()\fR, \fIEVP_sm4_cfb()\fR, \fIEVP_sm4_cfb128()\fR, \fIEVP_sm4_ofb()\fR, \fIEVP_sm4_ctr()\fR" 4 +.IX Item "EVP_sm4_cbc(), EVP_sm4_ecb(), EVP_sm4_cfb(), EVP_sm4_cfb128(), EVP_sm4_ofb(), EVP_sm4_ctr()" +The \s-1SM4\s0 blockcipher with a 128\-bit key in \s-1CBC\s0, \s-1ECB\s0, \s-1CFB\s0, \s-1OFB\s0 and \s-1CTR\s0 modes +respectively. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return a \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fIEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIevp\fR\|(7), +\&\fIEVP_EncryptInit\fR\|(3), +\&\fIEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017 Ribose Inc. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/EVP_whirlpool.3 b/linux_amd64/ssl/share/man/man3/EVP_whirlpool.3 new file mode 100755 index 0000000..f406fae --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/EVP_whirlpool.3 @@ -0,0 +1,169 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_WHIRLPOOL 3" +.TH EVP_WHIRLPOOL 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_whirlpool +\&\- WHIRLPOOL For EVP +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_MD *EVP_whirlpool(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1WHIRLPOOL\s0 is a cryptographic hash function standardized in \s-1ISO/IEC\s0 10118\-3:2004 +designed by Vincent Rijmen and Paulo S. L. M. Barreto. +.IP "\fIEVP_whirlpool()\fR" 4 +.IX Item "EVP_whirlpool()" +The \s-1WHIRLPOOL\s0 algorithm that produces a message digest of 512\-bits from a given +input. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the +implementation of the symmetric cipher. See \fIEVP_MD_meth_new\fR\|(3) for +details of the \fB\s-1EVP_MD\s0\fR structure. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1ISO/IEC\s0 10118\-3:2004. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIevp\fR\|(7), +\&\fIEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/HMAC.3 b/linux_amd64/ssl/share/man/man3/HMAC.3 new file mode 100755 index 0000000..64bce32 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/HMAC.3 @@ -0,0 +1,294 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "HMAC 3" +.TH HMAC 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +HMAC, +HMAC_CTX_new, +HMAC_CTX_reset, +HMAC_CTX_free, +HMAC_Init, +HMAC_Init_ex, +HMAC_Update, +HMAC_Final, +HMAC_CTX_copy, +HMAC_CTX_set_flags, +HMAC_CTX_get_md, +HMAC_size +\&\- HMAC message authentication code +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 3 +\& unsigned char *HMAC(const EVP_MD *evp_md, const void *key, +\& int key_len, const unsigned char *d, int n, +\& unsigned char *md, unsigned int *md_len); +\& +\& HMAC_CTX *HMAC_CTX_new(void); +\& int HMAC_CTX_reset(HMAC_CTX *ctx); +\& +\& int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len, +\& const EVP_MD *md, ENGINE *impl); +\& int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len); +\& int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len); +\& +\& void HMAC_CTX_free(HMAC_CTX *ctx); +\& +\& int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx); +\& void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags); +\& const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx); +\& +\& size_t HMAC_size(const HMAC_CTX *e); +.Ve +.PP +Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 2 +\& int HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len, +\& const EVP_MD *md); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. Applications should +instead use \fIEVP_MAC_CTX_new\fR\|(3), \fIEVP_MAC_CTX_free\fR\|(3), \fIEVP_MAC_init\fR\|(3), +\&\fIEVP_MAC_update\fR\|(3) and \fIEVP_MAC_final\fR\|(3). +.PP +\&\s-1HMAC\s0 is a \s-1MAC\s0 (message authentication code), i.e. a keyed hash +function used for message authentication, which is based on a hash +function. +.PP +\&\s-1\fIHMAC\s0()\fR computes the message authentication code of the \fBn\fR bytes at +\&\fBd\fR using the hash function \fBevp_md\fR and the key \fBkey\fR which is +\&\fBkey_len\fR bytes long. +.PP +It places the result in \fBmd\fR (which must have space for the output of +the hash function, which is no more than \fB\s-1EVP_MAX_MD_SIZE\s0\fR bytes). +If \fBmd\fR is \s-1NULL\s0, the digest is placed in a static array. The size of +the output is placed in \fBmd_len\fR, unless it is \fB\s-1NULL\s0\fR. Note: passing a \s-1NULL\s0 +value for \fBmd\fR to use the static array is not thread safe. +.PP +\&\fBevp_md\fR is a message digest such as \fIEVP_sha1()\fR, \fIEVP_ripemd160()\fR etc. \s-1HMAC\s0 does +not support variable output length digests such as \fIEVP_shake128()\fR and +\&\fIEVP_shake256()\fR. +.PP +\&\fIHMAC_CTX_new()\fR creates a new \s-1HMAC_CTX\s0 in heap memory. +.PP +\&\fIHMAC_CTX_reset()\fR clears an existing \fB\s-1HMAC_CTX\s0\fR and associated +resources, making it suitable for new computations as if it was newly +created with \fIHMAC_CTX_new()\fR. +.PP +\&\fIHMAC_CTX_free()\fR erases the key and other data from the \fB\s-1HMAC_CTX\s0\fR, +releases any associated resources and finally frees the \fB\s-1HMAC_CTX\s0\fR +itself. +.PP +The following functions may be used if the message is not completely +stored in memory: +.PP +\&\fIHMAC_Init_ex()\fR initializes or reuses a \fB\s-1HMAC_CTX\s0\fR structure to use the hash +function \fBevp_md\fR and key \fBkey\fR. If both are \s-1NULL\s0, or if \fBkey\fR is \s-1NULL\s0 +and \fBevp_md\fR is the same as the previous call, then the +existing key is +reused. \fBctx\fR must have been created with \fIHMAC_CTX_new()\fR before the first use +of an \fB\s-1HMAC_CTX\s0\fR in this function. +.PP +If \fIHMAC_Init_ex()\fR is called with \fBkey\fR \s-1NULL\s0 and \fBevp_md\fR is not the +same as the previous digest used by \fBctx\fR then an error is returned +because reuse of an existing key with a different digest is not supported. +.PP +\&\fIHMAC_Init()\fR initializes a \fB\s-1HMAC_CTX\s0\fR structure to use the hash +function \fBevp_md\fR and the key \fBkey\fR which is \fBkey_len\fR bytes +long. +.PP +\&\fIHMAC_Update()\fR can be called repeatedly with chunks of the message to +be authenticated (\fBlen\fR bytes at \fBdata\fR). +.PP +\&\fIHMAC_Final()\fR places the message authentication code in \fBmd\fR, which +must have space for the hash function output. +.PP +\&\fIHMAC_CTX_copy()\fR copies all of the internal state from \fBsctx\fR into \fBdctx\fR. +.PP +\&\fIHMAC_CTX_set_flags()\fR applies the specified flags to the internal EVP_MD_CTXs. +These flags have the same meaning as for \fIEVP_MD_CTX_set_flags\fR\|(3). +.PP +\&\fIHMAC_CTX_get_md()\fR returns the \s-1EVP_MD\s0 that has previously been set for the +supplied \s-1HMAC_CTX\s0. +.PP +\&\fIHMAC_size()\fR returns the length in bytes of the underlying hash function output. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\s-1\fIHMAC\s0()\fR returns a pointer to the message authentication code or \s-1NULL\s0 if +an error occurred. +.PP +\&\fIHMAC_CTX_new()\fR returns a pointer to a new \fB\s-1HMAC_CTX\s0\fR on success or +\&\fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fIHMAC_CTX_reset()\fR, \fIHMAC_Init_ex()\fR, \fIHMAC_Update()\fR, \fIHMAC_Final()\fR and +\&\fIHMAC_CTX_copy()\fR return 1 for success or 0 if an error occurred. +.PP +\&\fIHMAC_CTX_get_md()\fR return the \s-1EVP_MD\s0 previously set for the supplied \s-1HMAC_CTX\s0 or +\&\s-1NULL\s0 if no \s-1EVP_MD\s0 has been set. +.PP +\&\fIHMAC_size()\fR returns the length in bytes of the underlying hash function output +or zero on error. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1RFC\s0 2104 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fISHA1\s0\fR\|(3), \fIevp\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. +.PP +\&\fIHMAC_CTX_init()\fR was replaced with \fIHMAC_CTX_reset()\fR in OpenSSL 1.1.0. +.PP +\&\fIHMAC_CTX_cleanup()\fR existed in OpenSSL before version 1.1.0. +.PP +\&\fIHMAC_CTX_new()\fR, \fIHMAC_CTX_free()\fR and \fIHMAC_CTX_get_md()\fR are new in OpenSSL 1.1.0. +.PP +\&\fIHMAC_Init_ex()\fR, \fIHMAC_Update()\fR and \fIHMAC_Final()\fR did not return values in +OpenSSL before version 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/MD5.3 b/linux_amd64/ssl/share/man/man3/MD5.3 new file mode 100755 index 0000000..2facb70 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/MD5.3 @@ -0,0 +1,241 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "MD5 3" +.TH MD5 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +MD2, MD4, MD5, MD2_Init, MD2_Update, MD2_Final, MD4_Init, MD4_Update, +MD4_Final, MD5_Init, MD5_Update, MD5_Final \- MD2, MD4, and MD5 hash functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& unsigned char *MD2(const unsigned char *d, unsigned long n, unsigned char *md); +\& +\& int MD2_Init(MD2_CTX *c); +\& int MD2_Update(MD2_CTX *c, const unsigned char *data, unsigned long len); +\& int MD2_Final(unsigned char *md, MD2_CTX *c); +\& +\& +\& #include +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& unsigned char *MD4(const unsigned char *d, unsigned long n, unsigned char *md); +\& +\& int MD4_Init(MD4_CTX *c); +\& int MD4_Update(MD4_CTX *c, const void *data, unsigned long len); +\& int MD4_Final(unsigned char *md, MD4_CTX *c); +\& +\& +\& #include +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& unsigned char *MD5(const unsigned char *d, unsigned long n, unsigned char *md); +\& +\& int MD5_Init(MD5_CTX *c); +\& int MD5_Update(MD5_CTX *c, const void *data, unsigned long len); +\& int MD5_Final(unsigned char *md, MD5_CTX *c); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. +Applications should instead use \fIEVP_DigestInit_ex\fR\|(3), \fIEVP_DigestUpdate\fR\|(3) +and \fIEVP_DigestFinal_ex\fR\|(3). +.PP +\&\s-1MD2\s0, \s-1MD4\s0, and \s-1MD5\s0 are cryptographic hash functions with a 128 bit output. +.PP +\&\s-1\fIMD2\s0()\fR, \s-1\fIMD4\s0()\fR, and \s-1\fIMD5\s0()\fR compute the \s-1MD2\s0, \s-1MD4\s0, and \s-1MD5\s0 message digest +of the \fBn\fR bytes at \fBd\fR and place it in \fBmd\fR (which must have space +for \s-1MD2_DIGEST_LENGTH\s0 == \s-1MD4_DIGEST_LENGTH\s0 == \s-1MD5_DIGEST_LENGTH\s0 == 16 +bytes of output). If \fBmd\fR is \s-1NULL\s0, the digest is placed in a static +array. +.PP +The following functions may be used if the message is not completely +stored in memory: +.PP +\&\fIMD2_Init()\fR initializes a \fB\s-1MD2_CTX\s0\fR structure. +.PP +\&\fIMD2_Update()\fR can be called repeatedly with chunks of the message to +be hashed (\fBlen\fR bytes at \fBdata\fR). +.PP +\&\fIMD2_Final()\fR places the message digest in \fBmd\fR, which must have space +for \s-1MD2_DIGEST_LENGTH\s0 == 16 bytes of output, and erases the \fB\s-1MD2_CTX\s0\fR. +.PP +\&\fIMD4_Init()\fR, \fIMD4_Update()\fR, \fIMD4_Final()\fR, \fIMD5_Init()\fR, \fIMD5_Update()\fR, and +\&\fIMD5_Final()\fR are analogous using an \fB\s-1MD4_CTX\s0\fR and \fB\s-1MD5_CTX\s0\fR structure. +.PP +Applications should use the higher level functions +\&\fIEVP_DigestInit\fR\|(3) +etc. instead of calling the hash functions directly. +.SH "NOTE" +.IX Header "NOTE" +\&\s-1MD2\s0, \s-1MD4\s0, and \s-1MD5\s0 are recommended only for compatibility with existing +applications. In new applications, \s-1SHA\-1\s0 or \s-1RIPEMD\-160\s0 should be +preferred. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\s-1\fIMD2\s0()\fR, \s-1\fIMD4\s0()\fR, and \s-1\fIMD5\s0()\fR return pointers to the hash value. +.PP +\&\fIMD2_Init()\fR, \fIMD2_Update()\fR, \fIMD2_Final()\fR, \fIMD4_Init()\fR, \fIMD4_Update()\fR, +\&\fIMD4_Final()\fR, \fIMD5_Init()\fR, \fIMD5_Update()\fR, and \fIMD5_Final()\fR return 1 for +success, 0 otherwise. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1RFC\s0 1319, \s-1RFC\s0 1320, \s-1RFC\s0 1321 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_DigestInit\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/MDC2_Init.3 b/linux_amd64/ssl/share/man/man3/MDC2_Init.3 new file mode 100755 index 0000000..ae51356 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/MDC2_Init.3 @@ -0,0 +1,203 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "MDC2_INIT 3" +.TH MDC2_INIT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +MDC2, MDC2_Init, MDC2_Update, MDC2_Final \- MDC2 hash function +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 2 +\& unsigned char *MDC2(const unsigned char *d, unsigned long n, +\& unsigned char *md); +\& +\& int MDC2_Init(MDC2_CTX *c); +\& int MDC2_Update(MDC2_CTX *c, const unsigned char *data, +\& unsigned long len); +\& int MDC2_Final(unsigned char *md, MDC2_CTX *c); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. +Applications should instead use \fIEVP_DigestInit_ex\fR\|(3), \fIEVP_DigestUpdate\fR\|(3) +and \fIEVP_DigestFinal_ex\fR\|(3). +.PP +\&\s-1MDC2\s0 is a method to construct hash functions with 128 bit output from +block ciphers. These functions are an implementation of \s-1MDC2\s0 with +\&\s-1DES\s0. +.PP +\&\s-1\fIMDC2\s0()\fR computes the \s-1MDC2\s0 message digest of the \fBn\fR +bytes at \fBd\fR and places it in \fBmd\fR (which must have space for +\&\s-1MDC2_DIGEST_LENGTH\s0 == 16 bytes of output). If \fBmd\fR is \s-1NULL\s0, the digest +is placed in a static array. +.PP +The following functions may be used if the message is not completely +stored in memory: +.PP +\&\fIMDC2_Init()\fR initializes a \fB\s-1MDC2_CTX\s0\fR structure. +.PP +\&\fIMDC2_Update()\fR can be called repeatedly with chunks of the message to +be hashed (\fBlen\fR bytes at \fBdata\fR). +.PP +\&\fIMDC2_Final()\fR places the message digest in \fBmd\fR, which must have space +for \s-1MDC2_DIGEST_LENGTH\s0 == 16 bytes of output, and erases the \fB\s-1MDC2_CTX\s0\fR. +.PP +Applications should use the higher level functions +\&\fIEVP_DigestInit\fR\|(3) etc. instead of calling the +hash functions directly. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\s-1\fIMDC2\s0()\fR returns a pointer to the hash value. +.PP +\&\fIMDC2_Init()\fR, \fIMDC2_Update()\fR and \fIMDC2_Final()\fR return 1 for success, 0 otherwise. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1ISO/IEC\s0 10118\-2:2000 Hash-Function 2, with \s-1DES\s0 as the underlying block cipher. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_DigestInit\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/OBJ_nid2obj.3 b/linux_amd64/ssl/share/man/man3/OBJ_nid2obj.3 new file mode 100755 index 0000000..1eca971 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/OBJ_nid2obj.3 @@ -0,0 +1,322 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OBJ_NID2OBJ 3" +.TH OBJ_NID2OBJ 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +i2t_ASN1_OBJECT, +OBJ_length, OBJ_get0_data, OBJ_nid2obj, OBJ_nid2ln, +OBJ_nid2sn, OBJ_obj2nid, OBJ_txt2nid, OBJ_ln2nid, OBJ_sn2nid, OBJ_cmp, +OBJ_dup, OBJ_txt2obj, OBJ_obj2txt, OBJ_create, OBJ_cleanup +\&\- ASN1 object utility functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& ASN1_OBJECT *OBJ_nid2obj(int n); +\& const char *OBJ_nid2ln(int n); +\& const char *OBJ_nid2sn(int n); +\& +\& int OBJ_obj2nid(const ASN1_OBJECT *o); +\& int OBJ_ln2nid(const char *ln); +\& int OBJ_sn2nid(const char *sn); +\& +\& int OBJ_txt2nid(const char *s); +\& +\& ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name); +\& int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name); +\& +\& int i2t_ASN1_OBJECT(char *buf, int buf_len, const ASN1_OBJECT *a); +\& +\& int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b); +\& ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o); +\& +\& int OBJ_create(const char *oid, const char *sn, const char *ln); +\& +\& size_t OBJ_length(const ASN1_OBJECT *obj); +\& const unsigned char *OBJ_get0_data(const ASN1_OBJECT *obj); +.Ve +.PP +Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& void OBJ_cleanup(void) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1ASN1\s0 object utility functions process \s-1ASN1_OBJECT\s0 structures which are +a representation of the \s-1ASN1\s0 \s-1OBJECT\s0 \s-1IDENTIFIER\s0 (\s-1OID\s0) type. +For convenience, OIDs are usually represented in source code as numeric +identifiers, or \fB\s-1NID\s0\fRs. OpenSSL has an internal table of OIDs that +are generated when the library is built, and their corresponding NIDs +are available as defined constants. For the functions below, application +code should treat all returned values \*(-- OIDs, NIDs, or names \*(-- as +constants. +.PP +\&\fIOBJ_nid2obj()\fR, \fIOBJ_nid2ln()\fR and \fIOBJ_nid2sn()\fR convert the \s-1NID\s0 \fBn\fR to +an \s-1ASN1_OBJECT\s0 structure, its long name and its short name respectively, +or \fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fIOBJ_obj2nid()\fR, \fIOBJ_ln2nid()\fR, \fIOBJ_sn2nid()\fR return the corresponding \s-1NID\s0 +for the object \fBo\fR, the long name or the short name respectively +or NID_undef if an error occurred. +.PP +\&\fIOBJ_txt2nid()\fR returns \s-1NID\s0 corresponding to text string . \fBs\fR can be +a long name, a short name or the numerical representation of an object. +.PP +\&\fIOBJ_txt2obj()\fR converts the text string \fBs\fR into an \s-1ASN1_OBJECT\s0 structure. +If \fBno_name\fR is 0 then long names and short names will be interpreted +as well as numerical forms. If \fBno_name\fR is 1 only the numerical form +is acceptable. +.PP +\&\fIOBJ_obj2txt()\fR converts the \fB\s-1ASN1_OBJECT\s0\fR \fBa\fR into a textual representation. +The representation is written as a null terminated string to \fBbuf\fR +at most \fBbuf_len\fR bytes are written, truncating the result if necessary. +The total amount of space required is returned. If \fBno_name\fR is 0 then +if the object has a long or short name then that will be used, otherwise +the numerical form will be used. If \fBno_name\fR is 1 then the numerical +form will always be used. +.PP +\&\fIi2t_ASN1_OBJECT()\fR is the same as \fIOBJ_obj2txt()\fR with the \fBno_name\fR set to zero. +.PP +\&\fIOBJ_cmp()\fR compares \fBa\fR to \fBb\fR. If the two are identical 0 is returned. +.PP +\&\fIOBJ_dup()\fR returns a copy of \fBo\fR. +.PP +\&\fIOBJ_create()\fR adds a new object to the internal table. \fBoid\fR is the +numerical form of the object, \fBsn\fR the short name and \fBln\fR the +long name. A new \s-1NID\s0 is returned for the created object in case of +success and NID_undef in case of failure. +.PP +\&\fIOBJ_length()\fR returns the size of the content octets of \fBobj\fR. +.PP +\&\fIOBJ_get0_data()\fR returns a pointer to the content octets of \fBobj\fR. +The returned pointer is an internal pointer which \fBmust not\fR be freed. +.PP +\&\fIOBJ_cleanup()\fR releases any resources allocated by creating new objects. +.SH "NOTES" +.IX Header "NOTES" +Objects in OpenSSL can have a short name, a long name and a numerical +identifier (\s-1NID\s0) associated with them. A standard set of objects is +represented in an internal table. The appropriate values are defined +in the header file \fBobjects.h\fR. +.PP +For example the \s-1OID\s0 for commonName has the following definitions: +.PP +.Vb 3 +\& #define SN_commonName "CN" +\& #define LN_commonName "commonName" +\& #define NID_commonName 13 +.Ve +.PP +New objects can be added by calling \fIOBJ_create()\fR. +.PP +Table objects have certain advantages over other objects: for example +their NIDs can be used in a C language switch statement. They are +also static constant structures which are shared: that is there +is only a single constant structure for each table object. +.PP +Objects which are not in the table have the \s-1NID\s0 value NID_undef. +.PP +Objects do not need to be in the internal tables to be processed, +the functions \fIOBJ_txt2obj()\fR and \fIOBJ_obj2txt()\fR can process the numerical +form of an \s-1OID\s0. +.PP +Some objects are used to represent algorithms which do not have a +corresponding \s-1ASN\s0.1 \s-1OBJECT\s0 \s-1IDENTIFIER\s0 encoding (for example no \s-1OID\s0 currently +exists for a particular algorithm). As a result they \fBcannot\fR be encoded or +decoded as part of \s-1ASN\s0.1 structures. Applications can determine if there +is a corresponding \s-1OBJECT\s0 \s-1IDENTIFIER\s0 by checking \fIOBJ_length()\fR is not zero. +.PP +These functions cannot return \fBconst\fR because an \fB\s-1ASN1_OBJECT\s0\fR can +represent both an internal, constant, \s-1OID\s0 and a dynamically-created one. +The latter cannot be constant because it needs to be freed after use. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOBJ_nid2obj()\fR returns an \fB\s-1ASN1_OBJECT\s0\fR structure or \fB\s-1NULL\s0\fR is an +error occurred. +.PP +\&\fIOBJ_nid2ln()\fR and \fIOBJ_nid2sn()\fR returns a valid string or \fB\s-1NULL\s0\fR +on error. +.PP +\&\fIOBJ_obj2nid()\fR, \fIOBJ_ln2nid()\fR, \fIOBJ_sn2nid()\fR and \fIOBJ_txt2nid()\fR return +a \s-1NID\s0 or \fBNID_undef\fR on error. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Create an object for \fBcommonName\fR: +.PP +.Vb 1 +\& ASN1_OBJECT *o = OBJ_nid2obj(NID_commonName); +.Ve +.PP +Check if an object is \fBcommonName\fR +.PP +.Vb 2 +\& if (OBJ_obj2nid(obj) == NID_commonName) +\& /* Do something */ +.Ve +.PP +Create a new \s-1NID\s0 and initialize an object from it: +.PP +.Vb 2 +\& int new_nid = OBJ_create("1.2.3.4", "NewOID", "New Object Identifier"); +\& ASN1_OBJECT *obj = OBJ_nid2obj(new_nid); +.Ve +.PP +Create a new object directly: +.PP +.Vb 1 +\& obj = OBJ_txt2obj("1.2.3.4", 1); +.Ve +.SH "BUGS" +.IX Header "BUGS" +\&\fIOBJ_obj2txt()\fR is awkward and messy to use: it doesn't follow the +convention of other OpenSSL functions where the buffer can be set +to \fB\s-1NULL\s0\fR to determine the amount of data that should be written. +Instead \fBbuf\fR must point to a valid buffer and \fBbuf_len\fR should +be set to a positive value. A buffer length of 80 should be more +than enough to handle any \s-1OID\s0 encountered in practice. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIOBJ_cleanup()\fR was deprecated in OpenSSL 1.1.0 by \fIOPENSSL_init_crypto\fR\|(3) +and should not be used. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/OCSP_REQUEST_new.3 b/linux_amd64/ssl/share/man/man3/OCSP_REQUEST_new.3 new file mode 100755 index 0000000..c21456f --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/OCSP_REQUEST_new.3 @@ -0,0 +1,241 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OCSP_REQUEST_NEW 3" +.TH OCSP_REQUEST_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OCSP_REQUEST_new, OCSP_REQUEST_free, OCSP_request_add0_id, OCSP_request_sign, +OCSP_request_add1_cert, OCSP_request_onereq_count, +OCSP_request_onereq_get0 \- OCSP request functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& OCSP_REQUEST *OCSP_REQUEST_new(void); +\& void OCSP_REQUEST_free(OCSP_REQUEST *req); +\& +\& OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid); +\& +\& int OCSP_request_sign(OCSP_REQUEST *req, +\& X509 *signer, EVP_PKEY *key, const EVP_MD *dgst, +\& STACK_OF(X509) *certs, unsigned long flags); +\& +\& int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert); +\& +\& int OCSP_request_onereq_count(OCSP_REQUEST *req); +\& OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIOCSP_REQUEST_new()\fR allocates and returns an empty \fB\s-1OCSP_REQUEST\s0\fR structure. +.PP +\&\fIOCSP_REQUEST_free()\fR frees up the request structure \fBreq\fR. +.PP +\&\fIOCSP_request_add0_id()\fR adds certificate \s-1ID\s0 \fBcid\fR to \fBreq\fR. It returns +the \fB\s-1OCSP_ONEREQ\s0\fR structure added so an application can add additional +extensions to the request. The \fBid\fR parameter \fB\s-1MUST\s0 \s-1NOT\s0\fR be freed up after +the operation. +.PP +\&\fIOCSP_request_sign()\fR signs \s-1OCSP\s0 request \fBreq\fR using certificate +\&\fBsigner\fR, private key \fBkey\fR, digest \fBdgst\fR and additional certificates +\&\fBcerts\fR. If the \fBflags\fR option \fB\s-1OCSP_NOCERTS\s0\fR is set then no certificates +will be included in the request. +.PP +\&\fIOCSP_request_add1_cert()\fR adds certificate \fBcert\fR to request \fBreq\fR. The +application is responsible for freeing up \fBcert\fR after use. +.PP +\&\fIOCSP_request_onereq_count()\fR returns the total number of \fB\s-1OCSP_ONEREQ\s0\fR +structures in \fBreq\fR. +.PP +\&\fIOCSP_request_onereq_get0()\fR returns an internal pointer to the \fB\s-1OCSP_ONEREQ\s0\fR +contained in \fBreq\fR of index \fBi\fR. The index value \fBi\fR runs from 0 to +OCSP_request_onereq_count(req) \- 1. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOCSP_REQUEST_new()\fR returns an empty \fB\s-1OCSP_REQUEST\s0\fR structure or \fB\s-1NULL\s0\fR if +an error occurred. +.PP +\&\fIOCSP_request_add0_id()\fR returns the \fB\s-1OCSP_ONEREQ\s0\fR structure containing \fBcid\fR +or \fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fIOCSP_request_sign()\fR and \fIOCSP_request_add1_cert()\fR return 1 for success and 0 +for failure. +.PP +\&\fIOCSP_request_onereq_count()\fR returns the total number of \fB\s-1OCSP_ONEREQ\s0\fR +structures in \fBreq\fR. +.PP +\&\fIOCSP_request_onereq_get0()\fR returns a pointer to an \fB\s-1OCSP_ONEREQ\s0\fR structure +or \fB\s-1NULL\s0\fR if the index value is out or range. +.SH "NOTES" +.IX Header "NOTES" +An \s-1OCSP\s0 request structure contains one or more \fB\s-1OCSP_ONEREQ\s0\fR structures +corresponding to each certificate. +.PP +\&\fIOCSP_request_onereq_count()\fR and \fIOCSP_request_onereq_get0()\fR are mainly used by +\&\s-1OCSP\s0 responders. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Create an \fB\s-1OCSP_REQUEST\s0\fR structure for certificate \fBcert\fR with issuer +\&\fBissuer\fR: +.PP +.Vb 2 +\& OCSP_REQUEST *req; +\& OCSP_ID *cid; +\& +\& req = OCSP_REQUEST_new(); +\& if (req == NULL) +\& /* error */ +\& cid = OCSP_cert_to_id(EVP_sha1(), cert, issuer); +\& if (cid == NULL) +\& /* error */ +\& +\& if (OCSP_REQUEST_add0_id(req, cid) == NULL) +\& /* error */ +\& +\& /* Do something with req, e.g. query responder */ +\& +\& OCSP_REQUEST_free(req); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIcrypto\fR\|(7), +\&\fIOCSP_cert_to_id\fR\|(3), +\&\fIOCSP_request_add1_nonce\fR\|(3), +\&\fIOCSP_resp_find_status\fR\|(3), +\&\fIOCSP_response_status\fR\|(3), +\&\fIOCSP_sendreq_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/OCSP_cert_to_id.3 b/linux_amd64/ssl/share/man/man3/OCSP_cert_to_id.3 new file mode 100755 index 0000000..8122390 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/OCSP_cert_to_id.3 @@ -0,0 +1,210 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OCSP_CERT_TO_ID 3" +.TH OCSP_CERT_TO_ID 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OCSP_cert_to_id, OCSP_cert_id_new, OCSP_CERTID_free, OCSP_id_issuer_cmp, +OCSP_id_cmp, OCSP_id_get0_info \- OCSP certificate ID utility functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, +\& X509 *subject, X509 *issuer); +\& +\& OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, +\& X509_NAME *issuerName, +\& ASN1_BIT_STRING *issuerKey, +\& ASN1_INTEGER *serialNumber); +\& +\& void OCSP_CERTID_free(OCSP_CERTID *id); +\& +\& int OCSP_id_issuer_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b); +\& int OCSP_id_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b); +\& +\& int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd, +\& ASN1_OCTET_STRING **pikeyHash, +\& ASN1_INTEGER **pserial, OCSP_CERTID *cid); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIOCSP_cert_to_id()\fR creates and returns a new \fB\s-1OCSP_CERTID\s0\fR structure using +message digest \fBdgst\fR for certificate \fBsubject\fR with issuer \fBissuer\fR. If +\&\fBdgst\fR is \fB\s-1NULL\s0\fR then \s-1SHA1\s0 is used. +.PP +\&\fIOCSP_cert_id_new()\fR creates and returns a new \fB\s-1OCSP_CERTID\s0\fR using \fBdgst\fR and +issuer name \fBissuerName\fR, issuer key hash \fBissuerKey\fR and serial number +\&\fBserialNumber\fR. +.PP +\&\fIOCSP_CERTID_free()\fR frees up \fBid\fR. +.PP +\&\fIOCSP_id_cmp()\fR compares \fB\s-1OCSP_CERTID\s0\fR \fBa\fR and \fBb\fR. +.PP +\&\fIOCSP_id_issuer_cmp()\fR compares only the issuer name of \fB\s-1OCSP_CERTID\s0\fR \fBa\fR and \fBb\fR. +.PP +\&\fIOCSP_id_get0_info()\fR returns the issuer name hash, hash \s-1OID\s0, issuer key hash and +serial number contained in \fBcid\fR. If any of the values are not required the +corresponding parameter can be set to \fB\s-1NULL\s0\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOCSP_cert_to_id()\fR and \fIOCSP_cert_id_new()\fR return either a pointer to a valid +\&\fB\s-1OCSP_CERTID\s0\fR structure or \fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fIOCSP_id_cmp()\fR and \fIOCSP_id_issuer_cmp()\fR returns zero for a match and nonzero +otherwise. +.PP +\&\fIOCSP_CERTID_free()\fR does not return a value. +.PP +\&\fIOCSP_id_get0_info()\fR returns 1 for success and 0 for failure. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1OCSP\s0 clients will typically only use \fIOCSP_cert_to_id()\fR or \fIOCSP_cert_id_new()\fR: +the other functions are used by responder applications. +.PP +The values returned by \fIOCSP_id_get0_info()\fR are internal pointers and \fB\s-1MUST\s0 +\&\s-1NOT\s0\fR be freed up by an application: they will be freed when the corresponding +\&\fB\s-1OCSP_CERTID\s0\fR structure is freed. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIcrypto\fR\|(7), +\&\fIOCSP_request_add1_nonce\fR\|(3), +\&\fIOCSP_REQUEST_new\fR\|(3), +\&\fIOCSP_resp_find_status\fR\|(3), +\&\fIOCSP_response_status\fR\|(3), +\&\fIOCSP_sendreq_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/OCSP_request_add1_nonce.3 b/linux_amd64/ssl/share/man/man3/OCSP_request_add1_nonce.3 new file mode 100755 index 0000000..15a9966 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/OCSP_request_add1_nonce.3 @@ -0,0 +1,206 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OCSP_REQUEST_ADD1_NONCE 3" +.TH OCSP_REQUEST_ADD1_NONCE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OCSP_request_add1_nonce, OCSP_basic_add1_nonce, OCSP_check_nonce, OCSP_copy_nonce \- OCSP nonce functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len); +\& int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len); +\& int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req); +\& int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *resp); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIOCSP_request_add1_nonce()\fR adds a nonce of value \fBval\fR and length \fBlen\fR to +\&\s-1OCSP\s0 request \fBreq\fR. If \fBval\fR is \fB\s-1NULL\s0\fR a random nonce is used. If \fBlen\fR +is zero or negative a default length will be used (currently 16 bytes). +.PP +\&\fIOCSP_basic_add1_nonce()\fR is identical to \fIOCSP_request_add1_nonce()\fR except +it adds a nonce to \s-1OCSP\s0 basic response \fBresp\fR. +.PP +\&\fIOCSP_check_nonce()\fR compares the nonce value in \fBreq\fR and \fBresp\fR. +.PP +\&\fIOCSP_copy_nonce()\fR copies any nonce value present in \fBreq\fR to \fBresp\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOCSP_request_add1_nonce()\fR and \fIOCSP_basic_add1_nonce()\fR return 1 for success +and 0 for failure. +.PP +\&\fIOCSP_copy_nonce()\fR returns 1 if a nonce was successfully copied, 2 if no nonce +was present in \fBreq\fR and 0 if an error occurred. +.PP +\&\fIOCSP_check_nonce()\fR returns the result of the nonce comparison between \fBreq\fR +and \fBresp\fR. The return value indicates the result of the comparison. If +nonces are present and equal 1 is returned. If the nonces are absent 2 is +returned. If a nonce is present in the response only 3 is returned. If nonces +are present and unequal 0 is returned. If the nonce is present in the request +only then \-1 is returned. +.SH "NOTES" +.IX Header "NOTES" +For most purposes the nonce value in a request is set to a random value so +the \fBval\fR parameter in \fIOCSP_request_add1_nonce()\fR is usually \s-1NULL\s0. +.PP +An \s-1OCSP\s0 nonce is typically added to an \s-1OCSP\s0 request to thwart replay attacks +by checking the same nonce value appears in the response. +.PP +Some responders may include a nonce in all responses even if one is not +supplied. +.PP +Some responders cache \s-1OCSP\s0 responses and do not sign each response for +performance reasons. As a result they do not support nonces. +.PP +The return values of \fIOCSP_check_nonce()\fR can be checked to cover each case. A +positive return value effectively indicates success: nonces are both present +and match, both absent or present in the response only. A nonzero return +additionally covers the case where the nonce is present in the request only: +this will happen if the responder doesn't support nonces. A zero return value +indicates present and mismatched nonces: this should be treated as an error +condition. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIcrypto\fR\|(7), +\&\fIOCSP_cert_to_id\fR\|(3), +\&\fIOCSP_REQUEST_new\fR\|(3), +\&\fIOCSP_resp_find_status\fR\|(3), +\&\fIOCSP_response_status\fR\|(3), +\&\fIOCSP_sendreq_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/OCSP_resp_find_status.3 b/linux_amd64/ssl/share/man/man3/OCSP_resp_find_status.3 new file mode 100755 index 0000000..1867c87 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/OCSP_resp_find_status.3 @@ -0,0 +1,321 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OCSP_RESP_FIND_STATUS 3" +.TH OCSP_RESP_FIND_STATUS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OCSP_resp_get0_certs, +OCSP_resp_get0_signer, +OCSP_resp_get0_id, +OCSP_resp_get1_id, +OCSP_resp_get0_produced_at, +OCSP_resp_get0_signature, +OCSP_resp_get0_tbs_sigalg, +OCSP_resp_get0_respdata, +OCSP_resp_find_status, OCSP_resp_count, OCSP_resp_get0, OCSP_resp_find, +OCSP_single_get0_status, OCSP_check_validity, +OCSP_basic_verify +\&\- OCSP response utility functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status, +\& int *reason, +\& ASN1_GENERALIZEDTIME **revtime, +\& ASN1_GENERALIZEDTIME **thisupd, +\& ASN1_GENERALIZEDTIME **nextupd); +\& +\& int OCSP_resp_count(OCSP_BASICRESP *bs); +\& OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx); +\& int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last); +\& int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason, +\& ASN1_GENERALIZEDTIME **revtime, +\& ASN1_GENERALIZEDTIME **thisupd, +\& ASN1_GENERALIZEDTIME **nextupd); +\& +\& const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at( +\& const OCSP_BASICRESP* single); +\& +\& const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs); +\& const X509_ALGOR *OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *bs); +\& const OCSP_RESPDATA *OCSP_resp_get0_respdata(const OCSP_BASICRESP *bs); +\& const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs); +\& +\& int OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer, +\& STACK_OF(X509) *extra_certs); +\& +\& int OCSP_resp_get0_id(const OCSP_BASICRESP *bs, +\& const ASN1_OCTET_STRING **pid, +\& const X509_NAME **pname); +\& int OCSP_resp_get1_id(const OCSP_BASICRESP *bs, +\& ASN1_OCTET_STRING **pid, +\& X509_NAME **pname); +\& +\& int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, +\& ASN1_GENERALIZEDTIME *nextupd, +\& long sec, long maxsec); +\& +\& int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, +\& X509_STORE *st, unsigned long flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIOCSP_resp_find_status()\fR searches \fBbs\fR for an \s-1OCSP\s0 response for \fBid\fR. If it is +successful the fields of the response are returned in \fB*status\fR, \fB*reason\fR, +\&\fB*revtime\fR, \fB*thisupd\fR and \fB*nextupd\fR. The \fB*status\fR value will be one of +\&\fBV_OCSP_CERTSTATUS_GOOD\fR, \fBV_OCSP_CERTSTATUS_REVOKED\fR or +\&\fBV_OCSP_CERTSTATUS_UNKNOWN\fR. The \fB*reason\fR and \fB*revtime\fR fields are only +set if the status is \fBV_OCSP_CERTSTATUS_REVOKED\fR. If set the \fB*reason\fR field +will be set to the revocation reason which will be one of +\&\fB\s-1OCSP_REVOKED_STATUS_NOSTATUS\s0\fR, \fB\s-1OCSP_REVOKED_STATUS_UNSPECIFIED\s0\fR, +\&\fB\s-1OCSP_REVOKED_STATUS_KEYCOMPROMISE\s0\fR, \fB\s-1OCSP_REVOKED_STATUS_CACOMPROMISE\s0\fR, +\&\fB\s-1OCSP_REVOKED_STATUS_AFFILIATIONCHANGED\s0\fR, \fB\s-1OCSP_REVOKED_STATUS_SUPERSEDED\s0\fR, +\&\fB\s-1OCSP_REVOKED_STATUS_CESSATIONOFOPERATION\s0\fR, +\&\fB\s-1OCSP_REVOKED_STATUS_CERTIFICATEHOLD\s0\fR or \fB\s-1OCSP_REVOKED_STATUS_REMOVEFROMCRL\s0\fR. +.PP +\&\fIOCSP_resp_count()\fR returns the number of \fB\s-1OCSP_SINGLERESP\s0\fR structures in \fBbs\fR. +.PP +\&\fIOCSP_resp_get0()\fR returns the \fB\s-1OCSP_SINGLERESP\s0\fR structure in \fBbs\fR +corresponding to index \fBidx\fR. Where \fBidx\fR runs from 0 to +OCSP_resp_count(bs) \- 1. +.PP +\&\fIOCSP_resp_find()\fR searches \fBbs\fR for \fBid\fR and returns the index of the first +matching entry after \fBlast\fR or starting from the beginning if \fBlast\fR is \-1. +.PP +\&\fIOCSP_single_get0_status()\fR extracts the fields of \fBsingle\fR in \fB*reason\fR, +\&\fB*revtime\fR, \fB*thisupd\fR and \fB*nextupd\fR. +.PP +\&\fIOCSP_resp_get0_produced_at()\fR extracts the \fBproducedAt\fR field from the +single response \fBbs\fR. +.PP +\&\fIOCSP_resp_get0_signature()\fR returns the signature from \fBbs\fR. +.PP +\&\fIOCSP_resp_get0_tbs_sigalg()\fR returns the \fBsignatureAlgorithm\fR from \fBbs\fR. +.PP +\&\fIOCSP_resp_get0_respdata()\fR returns the \fBtbsResponseData\fR from \fBbs\fR. +.PP +\&\fIOCSP_resp_get0_certs()\fR returns any certificates included in \fBbs\fR. +.PP +\&\fIOCSP_resp_get0_signer()\fR attempts to retrieve the certificate that directly +signed \fBbs\fR. The \s-1OCSP\s0 protocol does not require that this certificate +is included in the \fBcerts\fR field of the response, so additional certificates +can be supplied in \fBextra_certs\fR if the certificates that may have +signed the response are known via some out-of-band mechanism. +.PP +\&\fIOCSP_resp_get0_id()\fR gets the responder id of \fBbs\fR. If the responder \s-1ID\s0 is +a name then <*pname> is set to the name and \fB*pid\fR is set to \s-1NULL\s0. If the +responder \s-1ID\s0 is by key \s-1ID\s0 then \fB*pid\fR is set to the key \s-1ID\s0 and \fB*pname\fR +is set to \s-1NULL\s0. \fIOCSP_resp_get1_id()\fR leaves ownership of \fB*pid\fR and \fB*pname\fR +with the caller, who is responsible for freeing them. Both functions return 1 +in case of success and 0 in case of failure. If \fIOCSP_resp_get1_id()\fR returns 0, +no freeing of the results is necessary. +.PP +\&\fIOCSP_check_validity()\fR checks the validity of \fBthisupd\fR and \fBnextupd\fR values +which will be typically obtained from \fIOCSP_resp_find_status()\fR or +\&\fIOCSP_single_get0_status()\fR. If \fBsec\fR is nonzero it indicates how many seconds +leeway should be allowed in the check. If \fBmaxsec\fR is positive it indicates +the maximum age of \fBthisupd\fR in seconds. +.PP +\&\fIOCSP_basic_verify()\fR checks that the basic response message \fBbs\fR is correctly +signed and that the signer certificate can be validated. It takes \fBst\fR as +the trusted store and \fBcerts\fR as a set of untrusted intermediate certificates. +The function first tries to find the signer certificate of the response +in . It also searches the certificates the responder may have included +in \fBbs\fR unless the \fBflags\fR contain \fB\s-1OCSP_NOINTERN\s0\fR. +It fails if the signer certificate cannot be found. +Next, the function checks the signature of \fBbs\fR and fails on error +unless the \fBflags\fR contain \fB\s-1OCSP_NOSIGS\s0\fR. Then the function already returns +success if the \fBflags\fR contain \fB\s-1OCSP_NOVERIFY\s0\fR or if the signer certificate +was found in \fBcerts\fR and the \fBflags\fR contain \fB\s-1OCSP_TRUSTOTHER\s0\fR. +Otherwise the function continues by validating the signer certificate. +To this end, all certificates in \fBcert\fR and in \fBbs\fR are considered as +untrusted certificates for the construction of the validation path for the +signer certificate unless the \fB\s-1OCSP_NOCHAIN\s0\fR flag is set. After successful path +validation the function returns success if the \fB\s-1OCSP_NOCHECKS\s0\fR flag is set. +Otherwise it verifies that the signer certificate meets the \s-1OCSP\s0 issuer +criteria including potential delegation. If this does not succeed and the +\&\fBflags\fR do not contain \fB\s-1OCSP_NOEXPLICIT\s0\fR the function checks for explicit +trust for \s-1OCSP\s0 signing in the root \s-1CA\s0 certificate. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOCSP_resp_find_status()\fR returns 1 if \fBid\fR is found in \fBbs\fR and 0 otherwise. +.PP +\&\fIOCSP_resp_count()\fR returns the total number of \fB\s-1OCSP_SINGLERESP\s0\fR fields in +\&\fBbs\fR. +.PP +\&\fIOCSP_resp_get0()\fR returns a pointer to an \fB\s-1OCSP_SINGLERESP\s0\fR structure or +\&\fB\s-1NULL\s0\fR if \fBidx\fR is out of range. +.PP +\&\fIOCSP_resp_find()\fR returns the index of \fBid\fR in \fBbs\fR (which may be 0) or \-1 if +\&\fBid\fR was not found. +.PP +\&\fIOCSP_single_get0_status()\fR returns the status of \fBsingle\fR or \-1 if an error +occurred. +.PP +\&\fIOCSP_resp_get0_signer()\fR returns 1 if the signing certificate was located, +or 0 on error. +.PP +\&\fIOCSP_basic_verify()\fR returns 1 on success, 0 on error, or \-1 on fatal error such +as malloc failure. +.SH "NOTES" +.IX Header "NOTES" +Applications will typically call \fIOCSP_resp_find_status()\fR using the certificate +\&\s-1ID\s0 of interest and then check its validity using \fIOCSP_check_validity()\fR. They +can then take appropriate action based on the status of the certificate. +.PP +An \s-1OCSP\s0 response for a certificate contains \fBthisUpdate\fR and \fBnextUpdate\fR +fields. Normally the current time should be between these two values. To +account for clock skew the \fBmaxsec\fR field can be set to nonzero in +\&\fIOCSP_check_validity()\fR. Some responders do not set the \fBnextUpdate\fR field, this +would otherwise mean an ancient response would be considered valid: the +\&\fBmaxsec\fR parameter to \fIOCSP_check_validity()\fR can be used to limit the permitted +age of responses. +.PP +The values written to \fB*revtime\fR, \fB*thisupd\fR and \fB*nextupd\fR by +\&\fIOCSP_resp_find_status()\fR and \fIOCSP_single_get0_status()\fR are internal pointers +which \fB\s-1MUST\s0 \s-1NOT\s0\fR be freed up by the calling application. Any or all of these +parameters can be set to \s-1NULL\s0 if their value is not required. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIcrypto\fR\|(7), +\&\fIOCSP_cert_to_id\fR\|(3), +\&\fIOCSP_request_add1_nonce\fR\|(3), +\&\fIOCSP_REQUEST_new\fR\|(3), +\&\fIOCSP_response_status\fR\|(3), +\&\fIOCSP_sendreq_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/OCSP_response_status.3 b/linux_amd64/ssl/share/man/man3/OCSP_response_status.3 new file mode 100755 index 0000000..a6e94ea --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/OCSP_response_status.3 @@ -0,0 +1,238 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OCSP_RESPONSE_STATUS 3" +.TH OCSP_RESPONSE_STATUS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OCSP_response_status, OCSP_response_get1_basic, OCSP_response_create, +OCSP_RESPONSE_free, OCSP_RESPID_set_by_name, +OCSP_RESPID_set_by_key, OCSP_RESPID_match, +OCSP_basic_sign, OCSP_basic_sign_ctx \- OCSP response functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int OCSP_response_status(OCSP_RESPONSE *resp); +\& OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp); +\& OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs); +\& void OCSP_RESPONSE_free(OCSP_RESPONSE *resp); +\& +\& int OCSP_RESPID_set_by_name(OCSP_RESPID *respid, X509 *cert); +\& int OCSP_RESPID_set_by_key(OCSP_RESPID *respid, X509 *cert); +\& int OCSP_RESPID_match(OCSP_RESPID *respid, X509 *cert); +\& +\& int OCSP_basic_sign(OCSP_BASICRESP *brsp, X509 *signer, EVP_PKEY *key, +\& const EVP_MD *dgst, STACK_OF(X509) *certs, +\& unsigned long flags); +\& int OCSP_basic_sign_ctx(OCSP_BASICRESP *brsp, X509 *signer, EVP_MD_CTX *ctx, +\& STACK_OF(X509) *certs, unsigned long flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIOCSP_response_status()\fR returns the \s-1OCSP\s0 response status of \fBresp\fR. It returns +one of the values: \fB\s-1OCSP_RESPONSE_STATUS_SUCCESSFUL\s0\fR, +\&\fB\s-1OCSP_RESPONSE_STATUS_MALFORMEDREQUEST\s0\fR, +\&\fB\s-1OCSP_RESPONSE_STATUS_INTERNALERROR\s0\fR, \fB\s-1OCSP_RESPONSE_STATUS_TRYLATER\s0\fR +\&\fB\s-1OCSP_RESPONSE_STATUS_SIGREQUIRED\s0\fR, or \fB\s-1OCSP_RESPONSE_STATUS_UNAUTHORIZED\s0\fR. +.PP +\&\fIOCSP_response_get1_basic()\fR decodes and returns the \fB\s-1OCSP_BASICRESP\s0\fR structure +contained in \fBresp\fR. +.PP +\&\fIOCSP_response_create()\fR creates and returns an \fB\s-1OCSP_RESPONSE\s0\fR structure for +\&\fBstatus\fR and optionally including basic response \fBbs\fR. +.PP +\&\fIOCSP_RESPONSE_free()\fR frees up \s-1OCSP\s0 response \fBresp\fR. +.PP +\&\fIOCSP_RESPID_set_by_name()\fR sets the name of the \s-1OCSP_RESPID\s0 to be the same as the +subject name in the supplied X509 certificate \fBcert\fR for the \s-1OCSP\s0 responder. +.PP +\&\fIOCSP_RESPID_set_by_key()\fR sets the key of the \s-1OCSP_RESPID\s0 to be the same as the +key in the supplied X509 certificate \fBcert\fR for the \s-1OCSP\s0 responder. The key is +stored as a \s-1SHA1\s0 hash. +.PP +Note that an \s-1OCSP_RESPID\s0 can only have one of the name, or the key set. Calling +\&\fIOCSP_RESPID_set_by_name()\fR or \fIOCSP_RESPID_set_by_key()\fR will clear any existing +setting. +.PP +\&\fIOCSP_RESPID_match()\fR tests whether the \s-1OCSP_RESPID\s0 given in \fBrespid\fR matches +with the X509 certificate \fBcert\fR. +.PP +\&\fIOCSP_basic_sign()\fR signs \s-1OCSP\s0 response \fBbrsp\fR using certificate \fBsigner\fR, private key +\&\fBkey\fR, digest \fBdgst\fR and additional certificates \fBcerts\fR. If the \fBflags\fR option +\&\fB\s-1OCSP_NOCERTS\s0\fR is set then no certificates will be included in the response. If the +\&\fBflags\fR option \fB\s-1OCSP_RESPID_KEY\s0\fR is set then the responder is identified by key \s-1ID\s0 +rather than by name. \fIOCSP_basic_sign_ctx()\fR also signs \s-1OCSP\s0 response \fBbrsp\fR but +uses the parameters contained in digest context \fBctx\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOCSP_RESPONSE_status()\fR returns a status value. +.PP +\&\fIOCSP_response_get1_basic()\fR returns an \fB\s-1OCSP_BASICRESP\s0\fR structure pointer or +\&\fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fIOCSP_response_create()\fR returns an \fB\s-1OCSP_RESPONSE\s0\fR structure pointer or \fB\s-1NULL\s0\fR +if an error occurred. +.PP +\&\fIOCSP_RESPONSE_free()\fR does not return a value. +.PP +\&\fIOCSP_RESPID_set_by_name()\fR, \fIOCSP_RESPID_set_by_key()\fR, \fIOCSP_basic_sign()\fR, and +\&\fIOCSP_basic_sign_ctx()\fR return 1 on success or 0 +on failure. +.PP +\&\fIOCSP_RESPID_match()\fR returns 1 if the \s-1OCSP_RESPID\s0 and the X509 certificate match +or 0 otherwise. +.SH "NOTES" +.IX Header "NOTES" +\&\fIOCSP_response_get1_basic()\fR is only called if the status of a response is +\&\fB\s-1OCSP_RESPONSE_STATUS_SUCCESSFUL\s0\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIcrypto\fR\|(7) +\&\fIOCSP_cert_to_id\fR\|(3) +\&\fIOCSP_request_add1_nonce\fR\|(3) +\&\fIOCSP_REQUEST_new\fR\|(3) +\&\fIOCSP_resp_find_status\fR\|(3) +\&\fIOCSP_sendreq_new\fR\|(3) +\&\fIOCSP_RESPID_new\fR\|(3) +\&\fIOCSP_RESPID_free\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fIOCSP_RESPID_set_by_name()\fR, \fIOCSP_RESPID_set_by_key()\fR and \fIOCSP_RESPID_match()\fR +functions were added in OpenSSL 1.1.0a. +.PP +The \fIOCSP_basic_sign_ctx()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/OCSP_sendreq_new.3 b/linux_amd64/ssl/share/man/man3/OCSP_sendreq_new.3 new file mode 100755 index 0000000..d15da0a --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/OCSP_sendreq_new.3 @@ -0,0 +1,239 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OCSP_SENDREQ_NEW 3" +.TH OCSP_SENDREQ_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OCSP_sendreq_new, OCSP_sendreq_nbio, OCSP_REQ_CTX_free, +OCSP_set_max_response_length, OCSP_REQ_CTX_add1_header, +OCSP_REQ_CTX_set1_req, OCSP_sendreq_bio \- OCSP responder query functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, +\& OCSP_REQUEST *req, int maxline); +\& +\& int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx); +\& +\& void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx); +\& +\& void OCSP_set_max_response_length(OCSP_REQ_CTX *rctx, +\& unsigned long len); +\& +\& int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx, +\& const char *name, const char *value); +\& +\& int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, const OCSP_REQUEST *req); +\& +\& OCSP_RESPONSE *OCSP_sendreq_bio(BIO *io, const char *path, OCSP_REQUEST *req); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fIOCSP_sendreq_new()\fR returns an \fB\s-1OCSP_CTX\s0\fR structure using the +responder \fBio\fR, the \s-1URL\s0 path \fBpath\fR, the \s-1OCSP\s0 request \fBreq\fR and with a +response header maximum line length of \fBmaxline\fR. If \fBmaxline\fR is zero a +default value of 4k is used. The \s-1OCSP\s0 request \fBreq\fR may be set to \fB\s-1NULL\s0\fR +and provided later if required. +.PP +\&\fIOCSP_sendreq_nbio()\fR performs I/O on the \s-1OCSP\s0 request context \fBrctx\fR. +When the operation is complete it returns the response in \fB*presp\fR. +.PP +\&\fIOCSP_REQ_CTX_free()\fR frees up the \s-1OCSP\s0 context \fBrctx\fR. +.PP +\&\fIOCSP_set_max_response_length()\fR sets the maximum response length +for \fBrctx\fR to \fBlen\fR. If the response exceeds this length an error occurs. +If not set a default value of 100k is used. +.PP +\&\fIOCSP_REQ_CTX_add1_header()\fR adds header \fBname\fR with value \fBvalue\fR to the +context \fBrctx\fR. It can be called more than once to add multiple headers. +It \fB\s-1MUST\s0\fR be called before any calls to \fIOCSP_sendreq_nbio()\fR. The \fBreq\fR +parameter in the initial to \fIOCSP_sendreq_new()\fR call \s-1MUST\s0 be set to \fB\s-1NULL\s0\fR if +additional headers are set. +.PP +\&\fIOCSP_REQ_CTX_set1_req()\fR sets the \s-1OCSP\s0 request in \fBrctx\fR to \fBreq\fR. This +function should be called after any calls to \fIOCSP_REQ_CTX_add1_header()\fR. +.PP +\&\fIOCSP_sendreq_bio()\fR performs an \s-1OCSP\s0 request using the responder \fBio\fR, the \s-1URL\s0 +path \fBpath\fR, the \s-1OCSP\s0 request \fBreq\fR and with a response header maximum line +length 4k. It waits indefinitely on a response. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOCSP_sendreq_new()\fR returns a valid \fB\s-1OCSP_REQ_CTX\s0\fR structure or \fB\s-1NULL\s0\fR +if an error occurred. +.PP +\&\fIOCSP_sendreq_nbio()\fR, \fIOCSP_REQ_CTX_add1_header()\fR and \fIOCSP_REQ_CTX_set1_req()\fR +return \fB1\fR for success and \fB0\fR for failure. +.PP +\&\fIOCSP_sendreq_bio()\fR returns the \fB\s-1OCSP_RESPONSE\s0\fR structure sent by the +responder or \fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fIOCSP_REQ_CTX_free()\fR and \fIOCSP_set_max_response_length()\fR +do not return values. +.SH "NOTES" +.IX Header "NOTES" +These functions only perform a minimal \s-1HTTP\s0 query to a responder. If an +application wishes to support more advanced features it should use an +alternative more complete \s-1HTTP\s0 library. +.PP +Currently only \s-1HTTP\s0 \s-1POST\s0 queries to responders are supported. +.PP +The arguments to \fIOCSP_sendreq_new()\fR correspond to the components of the \s-1URL\s0. +For example if the responder \s-1URL\s0 is \fBhttp://ocsp.com/ocspreq\fR the \s-1BIO\s0 +\&\fBio\fR should be connected to host \fBocsp.com\fR on port 80 and \fBpath\fR +should be set to \fB\*(L"/ocspreq\*(R"\fR +.PP +The headers added with \fIOCSP_REQ_CTX_add1_header()\fR are of the form +"\fBname\fR: \fBvalue\fR\*(L" or just \*(R"\fBname\fR" if \fBvalue\fR is \fB\s-1NULL\s0\fR. So to add +a Host header for \fBocsp.com\fR you would call: +.PP +.Vb 1 +\& OCSP_REQ_CTX_add1_header(ctx, "Host", "ocsp.com"); +.Ve +.PP +\&\fIOCSP_sendreq_bio()\fR does not support timeout nor setting extra headers. +It is retained for compatibility. +Better use \fB\f(BIOCSP_sendreq_nbio()\fB\fR instead. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIcrypto\fR\|(7), +\&\fIOCSP_cert_to_id\fR\|(3), +\&\fIOCSP_request_add1_nonce\fR\|(3), +\&\fIOCSP_REQUEST_new\fR\|(3), +\&\fIOCSP_resp_find_status\fR\|(3), +\&\fIOCSP_response_status\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/OPENSSL_Applink.3 b/linux_amd64/ssl/share/man/man3/OPENSSL_Applink.3 new file mode 100755 index 0000000..8c65c7a --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/OPENSSL_Applink.3 @@ -0,0 +1,159 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_APPLINK 3" +.TH OPENSSL_APPLINK 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_Applink \- glue between OpenSSL BIO and Win32 compiler run\-time +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& _\|_declspec(dllexport) void **OPENSSL_Applink(); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +OPENSSL_Applink is application-side interface which provides a glue +between OpenSSL \s-1BIO\s0 layer and Win32 compiler run-time environment. +Even though it appears at application side, it's essentially OpenSSL +private interface. For this reason application developers are not +expected to implement it, but to compile provided module with +compiler of their choice and link it into the target application. +The referred module is available as \fIapplink.c\fR, located alongside +the public header files (only on the platforms where applicable). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Not available. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2004\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/OPENSSL_CTX.3 b/linux_amd64/ssl/share/man/man3/OPENSSL_CTX.3 new file mode 100755 index 0000000..63e7d65 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/OPENSSL_CTX.3 @@ -0,0 +1,175 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_CTX 3" +.TH OPENSSL_CTX 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_CTX, OPENSSL_CTX_new, OPENSSL_CTX_free \- OpenSSL library context +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct openssl_ctx_st OPENSSL_CTX; +\& +\& OPENSSL_CTX *OPENSSL_CTX_new(void); +\& void OPENSSL_CTX_free(OPENSSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\f(CW\*(C`OPENSSL_CTX\*(C'\fR is an internal OpenSSL library context type. +Applications may allocate their own, but may also use \f(CW\*(C`NULL\*(C'\fR to use +the internal default context with functions that take a \f(CW\*(C`OPENSSL_CTX\*(C'\fR +argument. +.PP +\&\fIOPENSSL_CTX_new()\fR creates a new OpenSSL library context. +When a non default library context is in use care should be taken with +multi-threaded applications to properly clean up thread local resources before +the \s-1OPENSSL_CTX\s0 is freed. +See \fIOPENSSL_thread_stop_ex\fR\|(3) for more information. +.PP +\&\fIOPENSSL_CTX_free()\fR frees the given \f(CW\*(C`ctx\*(C'\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOPENSSL_CTX_new()\fR return a library context pointer on success, or +\&\f(CW\*(C`NULL\*(C'\fR on error. +.PP +\&\fIOPENSSL_CTX_free()\fR doesn't return any value. +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1OPENSSL_CTX\s0, \fIOPENSSL_CTX_new()\fR and \fIOPENSSL_CTX_free()\fR +were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/OPENSSL_FILE.3 b/linux_amd64/ssl/share/man/man3/OPENSSL_FILE.3 new file mode 100755 index 0000000..fbb6196 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/OPENSSL_FILE.3 @@ -0,0 +1,178 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_FILE 3" +.TH OPENSSL_FILE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_FILE, OPENSSL_LINE, OPENSSL_FUNC, +OPENSSL_MSTR, OPENSSL_MSTR_HELPER +\&\- generic C programming utility macros +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& #define OPENSSL_FILE /* typically: _\|_FILE_\|_ */ +\& #define OPENSSL_LINE /* typically: _\|_LINE_\|_ */ +\& #define OPENSSL_FUNC /* typically: _\|_func_\|_ */ +\& +\& #define OPENSSL_MSTR_HELPER(x) #x +\& #define OPENSSL_MSTR(x) OPENSSL_MSTR_HELPER(x) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The macros \fB\s-1OPENSSL_FILE\s0\fR and \fB\s-1OPENSSL_LINE\s0\fR +typically yield the current filename and line number during C compilation. +When \fB\s-1OPENSSL_NO_FILENAMES\s0\fR is defined they yield \fB""\fR and \fB0\fR, respectively. +.PP +The macro \fB\s-1OPENSSL_FUNC\s0\fR attempts to yield the name of the C function +currently being compiled, as far as language and compiler versions allow. +Otherwise, it yields \*(L"(unknown function)\*(R". +.PP +The macro \fB\s-1OPENSSL_MSTR\s0\fR yields the expansion of the macro given as argument, +which is useful for concatenation with string constants. +The macro \fB\s-1OPENSSL_MSTR_HELPER\s0\fR is an auxiliary macro for this purpose. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +see above +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIcrypto\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fB\s-1OPENSSL_FUNC\s0\fR, \fB\s-1OPENSSL_MSTR\s0\fR, and \fB\s-1OPENSSL_MSTR_HELPER\s0\fR +were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/OPENSSL_LH_COMPFUNC.3 b/linux_amd64/ssl/share/man/man3/OPENSSL_LH_COMPFUNC.3 new file mode 100755 index 0000000..09889c1 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/OPENSSL_LH_COMPFUNC.3 @@ -0,0 +1,373 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_LH_COMPFUNC 3" +.TH OPENSSL_LH_COMPFUNC 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +LHASH, DECLARE_LHASH_OF, +OPENSSL_LH_COMPFUNC, OPENSSL_LH_HASHFUNC, OPENSSL_LH_DOALL_FUNC, +LHASH_DOALL_ARG_FN_TYPE, +IMPLEMENT_LHASH_HASH_FN, IMPLEMENT_LHASH_COMP_FN, +lh_TYPE_new, lh_TYPE_free, lh_TYPE_flush, +lh_TYPE_insert, lh_TYPE_delete, lh_TYPE_retrieve, +lh_TYPE_doall, lh_TYPE_doall_arg, lh_TYPE_error \- dynamic hash table +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& DECLARE_LHASH_OF(TYPE); +\& +\& LHASH *lh_TYPE_new(OPENSSL_LH_HASHFUNC hash, OPENSSL_LH_COMPFUNC compare); +\& void lh_TYPE_free(LHASH_OF(TYPE) *table); +\& void lh_TYPE_flush(LHASH_OF(TYPE) *table); +\& +\& TYPE *lh_TYPE_insert(LHASH_OF(TYPE) *table, TYPE *data); +\& TYPE *lh_TYPE_delete(LHASH_OF(TYPE) *table, TYPE *data); +\& TYPE *lh_retrieve(LHASH_OF(TYPE) *table, TYPE *data); +\& +\& void lh_TYPE_doall(LHASH_OF(TYPE) *table, OPENSSL_LH_DOALL_FUNC func); +\& void lh_TYPE_doall_arg(LHASH_OF(TYPE) *table, OPENSSL_LH_DOALL_FUNCARG func, +\& TYPE *arg); +\& +\& int lh_TYPE_error(LHASH_OF(TYPE) *table); +\& +\& typedef int (*OPENSSL_LH_COMPFUNC)(const void *, const void *); +\& typedef unsigned long (*OPENSSL_LH_HASHFUNC)(const void *); +\& typedef void (*OPENSSL_LH_DOALL_FUNC)(const void *); +\& typedef void (*LHASH_DOALL_ARG_FN_TYPE)(const void *, const void *); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This library implements type-checked dynamic hash tables. The hash +table entries can be arbitrary structures. Usually they consist of key +and value fields. In the description here, \fB\f(BI\s-1TYPE\s0\fB\fR is used a placeholder +for any of the OpenSSL datatypes, such as \fI\s-1SSL_SESSION\s0\fR. +.PP +\&\fBlh_\f(BI\s-1TYPE\s0\fB_new\fR() creates a new \fB\s-1LHASH_OF\s0\fR(\fB\f(BI\s-1TYPE\s0\fB\fR) structure to store +arbitrary data entries, and specifies the 'hash' and 'compare' +callbacks to be used in organising the table's entries. The \fIhash\fR +callback takes a pointer to a table entry as its argument and returns +an unsigned long hash value for its key field. The hash value is +normally truncated to a power of 2, so make sure that your hash +function returns well mixed low order bits. The \fIcompare\fR callback +takes two arguments (pointers to two hash table entries), and returns +0 if their keys are equal, nonzero otherwise. +.PP +If your hash table +will contain items of some particular type and the \fIhash\fR and +\&\fIcompare\fR callbacks hash/compare these types, then the +\&\fB\s-1IMPLEMENT_LHASH_HASH_FN\s0\fR and \fB\s-1IMPLEMENT_LHASH_COMP_FN\s0\fR macros can be +used to create callback wrappers of the prototypes required by +\&\fBlh_\f(BI\s-1TYPE\s0\fB_new\fR() as shown in this example: +.PP +.Vb 11 +\& /* +\& * Implement the hash and compare functions; "stuff" can be any word. +\& */ +\& static unsigned long stuff_hash(const TYPE *a) +\& { +\& ... +\& } +\& static int stuff_cmp(const TYPE *a, const TYPE *b) +\& { +\& ... +\& } +\& +\& /* +\& * Implement the wrapper functions. +\& */ +\& static IMPLEMENT_LHASH_HASH_FN(stuff, TYPE) +\& static IMPLEMENT_LHASH_COMP_FN(stuff, TYPE) +.Ve +.PP +If the type is going to be used in several places, the following macros +can be used in a common header file to declare the function wrappers: +.PP +.Vb 2 +\& DECLARE_LHASH_HASH_FN(stuff, TYPE) +\& DECLARE_LHASH_COMP_FN(stuff, TYPE) +.Ve +.PP +Then a hash table of \fB\f(BI\s-1TYPE\s0\fB\fR objects can be created using this: +.PP +.Vb 1 +\& LHASH_OF(TYPE) *htable; +\& +\& htable = B_new>(LHASH_HASH_FN(stuff), LHASH_COMP_FN(stuff)); +.Ve +.PP +\&\fBlh_\f(BI\s-1TYPE\s0\fB_free\fR() frees the \fB\s-1LHASH_OF\s0\fR(\fB\f(BI\s-1TYPE\s0\fB\fR) structure +\&\fItable\fR. Allocated hash table entries will not be freed; consider +using \fBlh_\f(BI\s-1TYPE\s0\fB_doall\fR() to deallocate any remaining entries in the +hash table (see below). +.PP +\&\fBlh_\f(BI\s-1TYPE\s0\fB_flush\fR() empties the \fB\s-1LHASH_OF\s0\fR(\fB\f(BI\s-1TYPE\s0\fB\fR) structure \fItable\fR. New +entries can be added to the flushed table. Allocated hash table entries +will not be freed; consider using \fBlh_\f(BI\s-1TYPE\s0\fB_doall\fR() to deallocate any +remaining entries in the hash table (see below). +.PP +\&\fBlh_\f(BI\s-1TYPE\s0\fB_insert\fR() inserts the structure pointed to by \fIdata\fR into +\&\fItable\fR. If there already is an entry with the same key, the old +value is replaced. Note that \fBlh_\f(BI\s-1TYPE\s0\fB_insert\fR() stores pointers, the +data are not copied. +.PP +\&\fBlh_\f(BI\s-1TYPE\s0\fB_delete\fR() deletes an entry from \fItable\fR. +.PP +\&\fBlh_\f(BI\s-1TYPE\s0\fB_retrieve\fR() looks up an entry in \fItable\fR. Normally, \fIdata\fR +is a structure with the key field(s) set; the function will return a +pointer to a fully populated structure. +.PP +\&\fBlh_\f(BI\s-1TYPE\s0\fB_doall\fR() will, for every entry in the hash table, call +\&\fIfunc\fR with the data item as its parameter. +For example: +.PP +.Vb 2 +\& /* Cleans up resources belonging to \*(Aqa\*(Aq (this is implemented elsewhere) */ +\& void TYPE_cleanup_doall(TYPE *a); +\& +\& /* Implement a prototype\-compatible wrapper for "TYPE_cleanup" */ +\& IMPLEMENT_LHASH_DOALL_FN(TYPE_cleanup, TYPE) +\& +\& /* Call "TYPE_cleanup" against all items in a hash table. */ +\& lh_TYPE_doall(hashtable, LHASH_DOALL_FN(TYPE_cleanup)); +\& +\& /* Then the hash table itself can be deallocated */ +\& lh_TYPE_free(hashtable); +.Ve +.PP +When doing this, be careful if you delete entries from the hash table +in your callbacks: the table may decrease in size, moving the item +that you are currently on down lower in the hash table \- this could +cause some entries to be skipped during the iteration. The second +best solution to this problem is to set hash\->down_load=0 before +you start (which will stop the hash table ever decreasing in size). +The best solution is probably to avoid deleting items from the hash +table inside a \*(L"doall\*(R" callback! +.PP +\&\fBlh_\f(BI\s-1TYPE\s0\fB_doall_arg\fR() is the same as \fBlh_\f(BI\s-1TYPE\s0\fB_doall\fR() except that +\&\fIfunc\fR will be called with \fIarg\fR as the second argument and \fIfunc\fR +should be of type \fB\s-1LHASH_DOALL_ARG_FN\s0\fR(\fB\f(BI\s-1TYPE\s0\fB\fR) (a callback prototype +that is passed both the table entry and an extra argument). As with +\&\fIlh_doall()\fR, you can instead choose to declare your callback with a +prototype matching the types you are dealing with and use the +declare/implement macros to create compatible wrappers that cast +variables before calling your type-specific callbacks. An example of +this is demonstrated here (printing all hash table entries to a \s-1BIO\s0 +that is provided by the caller): +.PP +.Vb 2 +\& /* Prints item \*(Aqa\*(Aq to \*(Aqoutput_bio\*(Aq (this is implemented elsewhere) */ +\& void TYPE_print_doall_arg(const TYPE *a, BIO *output_bio); +\& +\& /* Implement a prototype\-compatible wrapper for "TYPE_print" */ +\& static IMPLEMENT_LHASH_DOALL_ARG_FN(TYPE, const TYPE, BIO) +\& +\& /* Print out the entire hashtable to a particular BIO */ +\& lh_TYPE_doall_arg(hashtable, LHASH_DOALL_ARG_FN(TYPE_print), BIO, +\& logging_bio); +.Ve +.PP +\&\fBlh_\f(BI\s-1TYPE\s0\fB_error\fR() can be used to determine if an error occurred in the last +operation. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBlh_\f(BI\s-1TYPE\s0\fB_new\fR() returns \s-1NULL\s0 on error, otherwise a pointer to the new +\&\fB\s-1LHASH\s0\fR structure. +.PP +When a hash table entry is replaced, \fBlh_\f(BI\s-1TYPE\s0\fB_insert\fR() returns the value +being replaced. \s-1NULL\s0 is returned on normal operation and on error. +.PP +\&\fBlh_\f(BI\s-1TYPE\s0\fB_delete\fR() returns the entry being deleted. \s-1NULL\s0 is returned if +there is no such value in the hash table. +.PP +\&\fBlh_\f(BI\s-1TYPE\s0\fB_retrieve\fR() returns the hash table entry if it has been found, +\&\s-1NULL\s0 otherwise. +.PP +\&\fBlh_\f(BI\s-1TYPE\s0\fB_error\fR() returns 1 if an error occurred in the last operation, 0 +otherwise. It's meaningful only after non-retrieve operations. +.PP +\&\fBlh_\f(BI\s-1TYPE\s0\fB_free\fR(), \fBlh_\f(BI\s-1TYPE\s0\fB_flush\fR(), \fBlh_\f(BI\s-1TYPE\s0\fB_doall\fR() and +\&\fBlh_\f(BI\s-1TYPE\s0\fB_doall_arg\fR() return no values. +.SH "NOTE" +.IX Header "NOTE" +The \s-1LHASH\s0 code is not thread safe. All updating operations, as well as +\&\fBlh_\f(BI\s-1TYPE\s0\fB_error\fR() call must be performed under a write lock. All retrieve +operations should be performed under a read lock, \fIunless\fR accurate +usage statistics are desired. In which case, a write lock should be used +for retrieve operations as well. For output of the usage statistics, +using the functions from \fIOPENSSL_LH_stats\fR\|(3), a read lock suffices. +.PP +The \s-1LHASH\s0 code regards table entries as constant data. As such, it +internally represents \fIlh_insert()\fR'd items with a \*(L"const void *\*(R" +pointer type. This is why callbacks such as those used by \fIlh_doall()\fR +and \fIlh_doall_arg()\fR declare their prototypes with \*(L"const\*(R", even for the +parameters that pass back the table items' data pointers \- for +consistency, user-provided data is \*(L"const\*(R" at all times as far as the +\&\s-1LHASH\s0 code is concerned. However, as callers are themselves providing +these pointers, they can choose whether they too should be treating +all such parameters as constant. +.PP +As an example, a hash table may be maintained by code that, for +reasons of encapsulation, has only \*(L"const\*(R" access to the data being +indexed in the hash table (ie. it is returned as \*(L"const\*(R" from +elsewhere in their code) \- in this case the \s-1LHASH\s0 prototypes are +appropriate as-is. Conversely, if the caller is responsible for the +life-time of the data in question, then they may well wish to make +modifications to table item passed back in the \fIlh_doall()\fR or +\&\fIlh_doall_arg()\fR callbacks (see the \*(L"TYPE_cleanup\*(R" example above). If +so, the caller can either cast the \*(L"const\*(R" away (if they're providing +the raw callbacks themselves) or use the macros to declare/implement +the wrapper functions without \*(L"const\*(R" types. +.PP +Callers that only have \*(L"const\*(R" access to data they're indexing in a +table, yet declare callbacks without constant types (or cast the +\&\*(L"const\*(R" away themselves), are therefore creating their own risks/bugs +without being encouraged to do so by the \s-1API\s0. On a related note, +those auditing code should pay special attention to any instances of +DECLARE/IMPLEMENT_LHASH_DOALL_[\s-1ARG_\s0]_FN macros that provide types +without any \*(L"const\*(R" qualifiers. +.SH "BUGS" +.IX Header "BUGS" +\&\fBlh_\f(BI\s-1TYPE\s0\fB_insert\fR() returns \s-1NULL\s0 both for success and error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIOPENSSL_LH_stats\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +In OpenSSL 1.0.0, the lhash interface was revamped for better +type checking. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/OPENSSL_LH_stats.3 b/linux_amd64/ssl/share/man/man3/OPENSSL_LH_stats.3 new file mode 100755 index 0000000..5b49859 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/OPENSSL_LH_stats.3 @@ -0,0 +1,190 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_LH_STATS 3" +.TH OPENSSL_LH_STATS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_LH_stats, OPENSSL_LH_node_stats, OPENSSL_LH_node_usage_stats, +OPENSSL_LH_stats_bio, +OPENSSL_LH_node_stats_bio, OPENSSL_LH_node_usage_stats_bio \- LHASH statistics +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void OPENSSL_LH_stats(LHASH *table, FILE *out); +\& void OPENSSL_LH_node_stats(LHASH *table, FILE *out); +\& void OPENSSL_LH_node_usage_stats(LHASH *table, FILE *out); +\& +\& void OPENSSL_LH_stats_bio(LHASH *table, BIO *out); +\& void OPENSSL_LH_node_stats_bio(LHASH *table, BIO *out); +\& void OPENSSL_LH_node_usage_stats_bio(LHASH *table, BIO *out); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1LHASH\s0\fR structure records statistics about most aspects of +accessing the hash table. +.PP +\&\fIOPENSSL_LH_stats()\fR prints out statistics on the size of the hash table, how +many entries are in it, and the number and result of calls to the +routines in this library. +.PP +\&\fIOPENSSL_LH_node_stats()\fR prints the number of entries for each 'bucket' in the +hash table. +.PP +\&\fIOPENSSL_LH_node_usage_stats()\fR prints out a short summary of the state of the +hash table. It prints the 'load' and the 'actual load'. The load is +the average number of data items per 'bucket' in the hash table. The +\&'actual load' is the average number of items per 'bucket', but only +for buckets which contain entries. So the 'actual load' is the +average number of searches that will need to find an item in the hash +table, while the 'load' is the average number that will be done to +record a miss. +.PP +\&\fIOPENSSL_LH_stats_bio()\fR, \fIOPENSSL_LH_node_stats_bio()\fR and \fIOPENSSL_LH_node_usage_stats_bio()\fR +are the same as the above, except that the output goes to a \fB\s-1BIO\s0\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions do not return values. +.SH "NOTE" +.IX Header "NOTE" +These calls should be made under a read lock. Refer to +\&\*(L"\s-1NOTE\s0\*(R" in \s-1\fIOPENSSL_LH_COMPFUNC\s0\fR\|(3) for more details about the locks required +when using the \s-1LHASH\s0 data structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIbio\fR\|(7), \s-1\fIOPENSSL_LH_COMPFUNC\s0\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/OPENSSL_config.3 b/linux_amd64/ssl/share/man/man3/OPENSSL_config.3 new file mode 100755 index 0000000..658bb2a --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/OPENSSL_config.3 @@ -0,0 +1,205 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_CONFIG 3" +.TH OPENSSL_CONFIG 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_config, OPENSSL_no_config \- simple OpenSSL configuration functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.PP +Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 2 +\& void OPENSSL_config(const char *appname); +\& void OPENSSL_no_config(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIOPENSSL_config()\fR configures OpenSSL using the standard \fBopenssl.cnf\fR and +reads from the application section \fBappname\fR. If \fBappname\fR is \s-1NULL\s0 then +the default section, \fBopenssl_conf\fR, will be used. +Errors are silently ignored. +Multiple calls have no effect. +.PP +\&\fIOPENSSL_no_config()\fR disables configuration. If called before \fIOPENSSL_config()\fR +no configuration takes place. +.PP +If the application is built with \fB\s-1OPENSSL_LOAD_CONF\s0\fR defined, then a +call to \fIOpenSSL_add_all_algorithms()\fR will implicitly call \fIOPENSSL_config()\fR +first. +.SH "NOTES" +.IX Header "NOTES" +The \fIOPENSSL_config()\fR function is designed to be a very simple \*(L"call it and +forget it\*(R" function. +It is however \fBmuch\fR better than nothing. Applications which need finer +control over their configuration functionality should use the configuration +functions such as \fICONF_modules_load()\fR directly. This function is deprecated +and its use should be avoided. +Applications should instead call \fICONF_modules_load()\fR during +initialization (that is before starting any threads). +.PP +There are several reasons why calling the OpenSSL configuration routines is +advisable. For example, to load dynamic ENGINEs from shared libraries (DSOs). +However very few applications currently support the control interface and so +very few can load and use dynamic ENGINEs. Equally in future more sophisticated +ENGINEs will require certain control operations to customize them. If an +application calls \fIOPENSSL_config()\fR it doesn't need to know or care about +\&\s-1ENGINE\s0 control operations because they can be performed by editing a +configuration file. +.SH "ENVIRONMENT" +.IX Header "ENVIRONMENT" +.IP "\fB\s-1OPENSSL_CONF\s0\fR" 4 +.IX Item "OPENSSL_CONF" +The path to the config file. +Ignored in set-user-ID and set-group-ID programs. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Neither \fIOPENSSL_config()\fR nor \fIOPENSSL_no_config()\fR return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIconfig\fR\|(5), +\&\fICONF_modules_load_file\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fIOPENSSL_no_config()\fR and \fIOPENSSL_config()\fR functions were +deprecated in OpenSSL 1.1.0 by \fIOPENSSL_init_crypto()\fR. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2004\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/OPENSSL_fork_prepare.3 b/linux_amd64/ssl/share/man/man3/OPENSSL_fork_prepare.3 new file mode 100755 index 0000000..8c9df30 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/OPENSSL_fork_prepare.3 @@ -0,0 +1,185 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_FORK_PREPARE 3" +.TH OPENSSL_FORK_PREPARE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_fork_prepare, +OPENSSL_fork_parent, +OPENSSL_fork_child +\&\- OpenSSL fork handlers +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void OPENSSL_fork_prepare(void); +\& void OPENSSL_fork_parent(void); +\& void OPENSSL_fork_child(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +OpenSSL has state that should be reset when a process forks. For example, +the entropy pool used to generate random numbers (and therefore encryption +keys) should not be shared across multiple programs. +The \fIOPENSSL_fork_prepare()\fR, \fIOPENSSL_fork_parent()\fR, and \fIOPENSSL_fork_child()\fR +functions are used to reset this internal state. +.PP +Platforms without \fIfork\fR\|(2) will probably not need to use these functions. +Platforms with \fIfork\fR\|(2) but without \fIpthread_atfork\fR\|(3) will probably need +to call them manually, as described in the following paragraph. Platforms +such as Linux that have both functions will normally not need to call these +functions as the OpenSSL library will do so automatically. +.PP +\&\fIOPENSSL_init_crypto\fR\|(3) will register these functions with the appropriate +handler, when the \fB\s-1OPENSSL_INIT_ATFORK\s0\fR flag is used. For other +applications, these functions can be called directly. They should be used +according to the calling sequence described by the \fIpthread_atfork\fR\|(3) +documentation, which is summarized here. \fIOPENSSL_fork_prepare()\fR should +be called before a \fIfork()\fR is done. After the \fIfork()\fR returns, the parent +process should call \fIOPENSSL_fork_parent()\fR and the child process should +call \fIOPENSSL_fork_child()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOPENSSL_fork_prepare()\fR, \fIOPENSSL_fork_parent()\fR and \fIOPENSSL_fork_child()\fR do not +return values. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIOPENSSL_init_crypto\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/OPENSSL_hexchar2int.3 b/linux_amd64/ssl/share/man/man3/OPENSSL_hexchar2int.3 new file mode 100755 index 0000000..5805de2 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/OPENSSL_hexchar2int.3 @@ -0,0 +1,198 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_HEXCHAR2INT 3" +.TH OPENSSL_HEXCHAR2INT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_hexchar2int, +OPENSSL_hexstr2buf_ex, OPENSSL_hexstr2buf, +OPENSSL_buf2hexstr_ex, OPENSSL_buf2hexstr +\&\- Hex encoding and decoding functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int OPENSSL_hexchar2int(unsigned char c); +\& int OPENSSL_hexstr2buf_ex(unsigned char *buf, size_t buf_n, long *buflen, +\& const char *str); +\& unsigned char *OPENSSL_hexstr2buf(const char *str, long *len); +\& int OPENSSL_buf2hexstr_ex(char *str, size_t str_n, size_t *strlen, +\& const unsigned char *buf, long buflen); +\& char *OPENSSL_buf2hexstr(const unsigned char *buf, long buflen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIOPENSSL_hexchar2int()\fR converts a hexadecimal character to its numeric +equivalent. +.PP +\&\fIOPENSSL_hexstr2buf_ex()\fR decodes the hex string \fBstr\fR and places the +resulting string of bytes in the given \fIbuf\fR. +\&\fIbuf_n\fR gives the size of the buffer. +If \fIbuflen\fR is not \s-1NULL\s0, it is filled in with the result length. +To find out how large the result will be, call this function with \s-1NULL\s0 +for \fIbuf\fR. +Colons between two-character hex \*(L"bytes\*(R" are accepted and ignored. +An odd number of hex digits is an error. +.PP +\&\fIOPENSSL_hexstr2buf()\fR does the same thing as \fIOPENSSL_hexstr2buf_ex()\fR, +but allocates the space for the result, and returns the result. +The memory is allocated by calling \fIOPENSSL_malloc()\fR and should be +released by calling \fIOPENSSL_free()\fR. +.PP +\&\fIOPENSSL_buf2hexstr_ex()\fR encodes the contents of the given \fIbuf\fR with +length \fIbuflen\fR and places the resulting hexadecimal character string +in the given \fIstr\fR. +\&\fIstr_n\fR gives the size of the of the string buffer. +If \fIstrlen\fR is not \s-1NULL\s0, it is filled in with the result length. +To find out how large the result will be, call this function with \s-1NULL\s0 +for \fIstr\fR. +.PP +\&\fIOPENSSL_buf2hexstr()\fR does the same thing as \fIOPENSSL_buf2hexstr_ex()\fR, +but allocates the space for the result, and returns the result. +The memory is allocated by calling \fIOPENSSL_malloc()\fR and should be +released by calling \fIOPENSSL_free()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +OPENSSL_hexchar2int returns the value of a decoded hex character, +or \-1 on error. +.PP +\&\fIOPENSSL_buf2hexstr()\fR and \fIOPENSSL_hexstr2buf()\fR +return a pointer to allocated memory, or \s-1NULL\s0 on error. +.PP +\&\fIOPENSSL_buf2hexstr_ex()\fR and \fIOPENSSL_hexstr2buf_ex()\fR return 1 on +success, or 0 on error. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/OPENSSL_ia32cap.3 b/linux_amd64/ssl/share/man/man3/OPENSSL_ia32cap.3 new file mode 100755 index 0000000..fdd69e7 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/OPENSSL_ia32cap.3 @@ -0,0 +1,286 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_IA32CAP 3" +.TH OPENSSL_IA32CAP 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_ia32cap \- the x86[_64] processor capabilities vector +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& env OPENSSL_ia32cap=... +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +OpenSSL supports a range of x86[_64] instruction set extensions. These +extensions are denoted by individual bits in capability vector returned +by processor in \s-1EDX:ECX\s0 register pair after executing \s-1CPUID\s0 instruction +with EAX=1 input value (see Intel Application Note #241618). This vector +is copied to memory upon toolkit initialization and used to choose +between different code paths to provide optimal performance across wide +range of processors. For the moment of this writing following bits are +significant: +.IP "bit #4 denoting presence of Time-Stamp Counter." 4 +.IX Item "bit #4 denoting presence of Time-Stamp Counter." +.PD 0 +.IP "bit #19 denoting availability of \s-1CLFLUSH\s0 instruction;" 4 +.IX Item "bit #19 denoting availability of CLFLUSH instruction;" +.IP "bit #20, reserved by Intel, is used to choose among \s-1RC4\s0 code paths;" 4 +.IX Item "bit #20, reserved by Intel, is used to choose among RC4 code paths;" +.IP "bit #23 denoting \s-1MMX\s0 support;" 4 +.IX Item "bit #23 denoting MMX support;" +.IP "bit #24, \s-1FXSR\s0 bit, denoting availability of \s-1XMM\s0 registers;" 4 +.IX Item "bit #24, FXSR bit, denoting availability of XMM registers;" +.IP "bit #25 denoting \s-1SSE\s0 support;" 4 +.IX Item "bit #25 denoting SSE support;" +.IP "bit #26 denoting \s-1SSE2\s0 support;" 4 +.IX Item "bit #26 denoting SSE2 support;" +.IP "bit #28 denoting Hyperthreading, which is used to distinguish cores with shared cache;" 4 +.IX Item "bit #28 denoting Hyperthreading, which is used to distinguish cores with shared cache;" +.IP "bit #30, reserved by Intel, denotes specifically Intel CPUs;" 4 +.IX Item "bit #30, reserved by Intel, denotes specifically Intel CPUs;" +.IP "bit #33 denoting availability of \s-1PCLMULQDQ\s0 instruction;" 4 +.IX Item "bit #33 denoting availability of PCLMULQDQ instruction;" +.IP "bit #41 denoting \s-1SSSE3\s0, Supplemental \s-1SSE3\s0, support;" 4 +.IX Item "bit #41 denoting SSSE3, Supplemental SSE3, support;" +.IP "bit #43 denoting \s-1AMD\s0 \s-1XOP\s0 support (forced to zero on non-AMD CPUs);" 4 +.IX Item "bit #43 denoting AMD XOP support (forced to zero on non-AMD CPUs);" +.IP "bit #54 denoting availability of \s-1MOVBE\s0 instruction;" 4 +.IX Item "bit #54 denoting availability of MOVBE instruction;" +.IP "bit #57 denoting AES-NI instruction set extension;" 4 +.IX Item "bit #57 denoting AES-NI instruction set extension;" +.IP "bit #58, \s-1XSAVE\s0 bit, lack of which in combination with \s-1MOVBE\s0 is used to identify Atom Silvermont core;" 4 +.IX Item "bit #58, XSAVE bit, lack of which in combination with MOVBE is used to identify Atom Silvermont core;" +.IP "bit #59, \s-1OSXSAVE\s0 bit, denoting availability of \s-1YMM\s0 registers;" 4 +.IX Item "bit #59, OSXSAVE bit, denoting availability of YMM registers;" +.IP "bit #60 denoting \s-1AVX\s0 extension;" 4 +.IX Item "bit #60 denoting AVX extension;" +.IP "bit #62 denoting availability of \s-1RDRAND\s0 instruction;" 4 +.IX Item "bit #62 denoting availability of RDRAND instruction;" +.PD +.PP +For example, in 32\-bit application context clearing bit #26 at run-time +disables high-performance \s-1SSE2\s0 code present in the crypto library, while +clearing bit #24 disables \s-1SSE2\s0 code operating on 128\-bit \s-1XMM\s0 register +bank. You might have to do the latter if target OpenSSL application is +executed on \s-1SSE2\s0 capable \s-1CPU\s0, but under control of \s-1OS\s0 that does not +enable \s-1XMM\s0 registers. Historically address of the capability vector copy +was exposed to application through \fIOPENSSL_ia32cap_loc()\fR, but not +anymore. Now the only way to affect the capability detection is to set +\&\fBOPENSSL_ia32cap\fR environment variable prior target application start. To +give a specific example, on Intel P4 processor +\&\f(CW\*(C`env OPENSSL_ia32cap=0x16980010 apps/openssl\*(C'\fR, or better yet +\&\f(CW\*(C`env OPENSSL_ia32cap=~0x1000000 apps/openssl\*(C'\fR would achieve the desired +effect. Alternatively you can reconfigure the toolkit with no\-sse2 +option and recompile. +.PP +Less intuitive is clearing bit #28, or ~0x10000000 in the \*(L"environment +variable\*(R" terms. The truth is that it's not copied from \s-1CPUID\s0 output +verbatim, but is adjusted to reflect whether or not the data cache is +actually shared between logical cores. This in turn affects the decision +on whether or not expensive countermeasures against cache-timing attacks +are applied, most notably in \s-1AES\s0 assembler module. +.PP +The capability vector is further extended with \s-1EBX\s0 value returned by +\&\s-1CPUID\s0 with EAX=7 and ECX=0 as input. Following bits are significant: +.IP "bit #64+3 denoting availability of \s-1BMI1\s0 instructions, e.g. \s-1ANDN\s0;" 4 +.IX Item "bit #64+3 denoting availability of BMI1 instructions, e.g. ANDN;" +.PD 0 +.IP "bit #64+5 denoting availability of \s-1AVX2\s0 instructions;" 4 +.IX Item "bit #64+5 denoting availability of AVX2 instructions;" +.IP "bit #64+8 denoting availability of \s-1BMI2\s0 instructions, e.g. \s-1MULX\s0 and \s-1RORX\s0;" 4 +.IX Item "bit #64+8 denoting availability of BMI2 instructions, e.g. MULX and RORX;" +.IP "bit #64+16 denoting availability of \s-1AVX512F\s0 extension;" 4 +.IX Item "bit #64+16 denoting availability of AVX512F extension;" +.IP "bit #64+18 denoting availability of \s-1RDSEED\s0 instruction;" 4 +.IX Item "bit #64+18 denoting availability of RDSEED instruction;" +.IP "bit #64+19 denoting availability of \s-1ADCX\s0 and \s-1ADOX\s0 instructions;" 4 +.IX Item "bit #64+19 denoting availability of ADCX and ADOX instructions;" +.IP "bit #64+21 denoting availability of VPMADD52[\s-1LH\s0]UQ instructions, a.k.a. \s-1AVX512IFMA\s0 extension;" 4 +.IX Item "bit #64+21 denoting availability of VPMADD52[LH]UQ instructions, a.k.a. AVX512IFMA extension;" +.IP "bit #64+29 denoting availability of \s-1SHA\s0 extension;" 4 +.IX Item "bit #64+29 denoting availability of SHA extension;" +.IP "bit #64+30 denoting availability of \s-1AVX512BW\s0 extension;" 4 +.IX Item "bit #64+30 denoting availability of AVX512BW extension;" +.IP "bit #64+31 denoting availability of \s-1AVX512VL\s0 extension;" 4 +.IX Item "bit #64+31 denoting availability of AVX512VL extension;" +.IP "bit #64+41 denoting availability of \s-1VAES\s0 extension;" 4 +.IX Item "bit #64+41 denoting availability of VAES extension;" +.IP "bit #64+42 denoting availability of \s-1VPCLMULQDQ\s0 extension;" 4 +.IX Item "bit #64+42 denoting availability of VPCLMULQDQ extension;" +.PD +.PP +To control this extended capability word use \f(CW\*(C`:\*(C'\fR as delimiter when +setting up \fBOPENSSL_ia32cap\fR environment variable. For example assigning +\&\f(CW\*(C`:~0x20\*(C'\fR would disable \s-1AVX2\s0 code paths, and \f(CW\*(C`:0\*(C'\fR \- all post-AVX +extensions. +.PP +It should be noted that whether or not some of the most \*(L"fancy\*(R" +extension code paths are actually assembled depends on current assembler +version. Base minimum of \s-1AES\-NI/PCLMULQDQ\s0, \s-1SSSE3\s0 and \s-1SHA\s0 extension code +paths are always assembled. Apart from that, minimum assembler version +requirements are summarized in below table: +.PP +.Vb 8 +\& Extension | GNU as | nasm | llvm +\& \-\-\-\-\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\-\- +\& AVX | 2.19 | 2.09 | 3.0 +\& AVX2 | 2.22 | 2.10 | 3.1 +\& ADCX/ADOX | 2.23 | 2.10 | 3.3 +\& AVX512 | 2.25 | 2.11.8 | see NOTES +\& AVX512IFMA | 2.26 | 2.11.8 | see NOTES +\& VAES | 2.30 | 2.13.3 | +.Ve +.SH "NOTES" +.IX Header "NOTES" +Even though \s-1AVX512\s0 support was implemented in llvm 3.6, compilation of +assembly modules apparently requires explicit \-march flag. But then +compiler generates processor-specific code, which in turn contradicts +the mere idea of run-time switch execution facilitated by the variable +in question. Till the limitation is lifted, it's possible to work around +the problem by making build procedure use following script: +.PP +.Vb 2 +\& #!/bin/sh +\& exec clang \-no\-integrated\-as "$@" +.Ve +.PP +instead of real clang. In which case it doesn't matter which clang +version is used, as it is \s-1GNU\s0 assembler version that will be checked. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Not available. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2004\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/OPENSSL_init_crypto.3 b/linux_amd64/ssl/share/man/man3/OPENSSL_init_crypto.3 new file mode 100755 index 0000000..f2b8992 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/OPENSSL_init_crypto.3 @@ -0,0 +1,391 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_INIT_CRYPTO 3" +.TH OPENSSL_INIT_CRYPTO 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_INIT_new, OPENSSL_INIT_set_config_filename, +OPENSSL_INIT_set_config_appname, OPENSSL_INIT_set_config_file_flags, +OPENSSL_INIT_free, OPENSSL_init_crypto, OPENSSL_cleanup, OPENSSL_atexit, +OPENSSL_thread_stop_ex, OPENSSL_thread_stop \- OpenSSL initialisation +and deinitialisation functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void OPENSSL_cleanup(void); +\& int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); +\& int OPENSSL_atexit(void (*handler)(void)); +\& void OPENSSL_thread_stop_ex(OPENSSL_CTX *ctx); +\& void OPENSSL_thread_stop(void); +\& +\& OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void); +\& int OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *init, +\& const char* filename); +\& int OPENSSL_INIT_set_config_file_flags(OPENSSL_INIT_SETTINGS *init, +\& unsigned long flags); +\& int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *init, +\& const char* name); +\& void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *init); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +During normal operation OpenSSL (libcrypto) will allocate various resources at +start up that must, subsequently, be freed on close down of the library. +Additionally some resources are allocated on a per thread basis (if the +application is multi-threaded), and these resources must be freed prior to the +thread closing. +.PP +As of version 1.1.0 OpenSSL will automatically allocate all resources that it +needs so no explicit initialisation is required. Similarly it will also +automatically deinitialise as required. +.PP +However, there may be situations when explicit initialisation is desirable or +needed, for example when some non-default initialisation is required. The +function \fIOPENSSL_init_crypto()\fR can be used for this purpose for +libcrypto (see also \fIOPENSSL_init_ssl\fR\|(3) for the libssl +equivalent). +.PP +Numerous internal OpenSSL functions call \fIOPENSSL_init_crypto()\fR. +Therefore, in order to perform non-default initialisation, +\&\fIOPENSSL_init_crypto()\fR \s-1MUST\s0 be called by application code prior to +any other OpenSSL function calls. +.PP +The \fBopts\fR parameter specifies which aspects of libcrypto should be +initialised. Valid options are: +.IP "\s-1OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS\s0" 4 +.IX Item "OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS" +Suppress automatic loading of the libcrypto error strings. This option is +not a default option. Once selected subsequent calls to +\&\fIOPENSSL_init_crypto()\fR with the option +\&\fB\s-1OPENSSL_INIT_LOAD_CRYPTO_STRINGS\s0\fR will be ignored. +.IP "\s-1OPENSSL_INIT_LOAD_CRYPTO_STRINGS\s0" 4 +.IX Item "OPENSSL_INIT_LOAD_CRYPTO_STRINGS" +Automatic loading of the libcrypto error strings. With this option the +library will automatically load the libcrypto error strings. +This option is a default option. Once selected subsequent calls to +\&\fIOPENSSL_init_crypto()\fR with the option +\&\fB\s-1OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS\s0\fR will be ignored. +.IP "\s-1OPENSSL_INIT_ADD_ALL_CIPHERS\s0" 4 +.IX Item "OPENSSL_INIT_ADD_ALL_CIPHERS" +With this option the library will automatically load and make available all +libcrypto ciphers. This option is a default option. Once selected subsequent +calls to \fIOPENSSL_init_crypto()\fR with the option +\&\fB\s-1OPENSSL_INIT_NO_ADD_ALL_CIPHERS\s0\fR will be ignored. +.IP "\s-1OPENSSL_INIT_ADD_ALL_DIGESTS\s0" 4 +.IX Item "OPENSSL_INIT_ADD_ALL_DIGESTS" +With this option the library will automatically load and make available all +libcrypto digests. This option is a default option. Once selected subsequent +calls to \fIOPENSSL_init_crypto()\fR with the option +\&\fB\s-1OPENSSL_INIT_NO_ADD_ALL_CIPHERS\s0\fR will be ignored. +.IP "\s-1OPENSSL_INIT_NO_ADD_ALL_CIPHERS\s0" 4 +.IX Item "OPENSSL_INIT_NO_ADD_ALL_CIPHERS" +With this option the library will suppress automatic loading of libcrypto +ciphers. This option is not a default option. Once selected subsequent +calls to \fIOPENSSL_init_crypto()\fR with the option +\&\fB\s-1OPENSSL_INIT_ADD_ALL_CIPHERS\s0\fR will be ignored. +.IP "\s-1OPENSSL_INIT_NO_ADD_ALL_DIGESTS\s0" 4 +.IX Item "OPENSSL_INIT_NO_ADD_ALL_DIGESTS" +With this option the library will suppress automatic loading of libcrypto +digests. This option is not a default option. Once selected subsequent +calls to \fIOPENSSL_init_crypto()\fR with the option +\&\fB\s-1OPENSSL_INIT_ADD_ALL_DIGESTS\s0\fR will be ignored. +.IP "\s-1OPENSSL_INIT_LOAD_CONFIG\s0" 4 +.IX Item "OPENSSL_INIT_LOAD_CONFIG" +With this option an OpenSSL configuration file will be automatically loaded and +used by calling \fIOPENSSL_config()\fR. This is a default option. +Note that in OpenSSL 1.1.1 this was the default for libssl but not for +libcrypto (see \fIOPENSSL_init_ssl\fR\|(3) for further details about libssl +initialisation). +In OpenSSL 1.1.0 this was a non-default option for both libssl and libcrypto. +See the description of \fIOPENSSL_INIT_new()\fR, below. +.IP "\s-1OPENSSL_INIT_NO_LOAD_CONFIG\s0" 4 +.IX Item "OPENSSL_INIT_NO_LOAD_CONFIG" +With this option the loading of OpenSSL configuration files will be suppressed. +It is the equivalent of calling \fIOPENSSL_no_config()\fR. This is not a default +option. +.IP "\s-1OPENSSL_INIT_ASYNC\s0" 4 +.IX Item "OPENSSL_INIT_ASYNC" +With this option the library with automatically initialise the libcrypto async +sub-library (see \fIASYNC_start_job\fR\|(3)). This is a default option. +.IP "\s-1OPENSSL_INIT_ENGINE_RDRAND\s0" 4 +.IX Item "OPENSSL_INIT_ENGINE_RDRAND" +With this option the library will automatically load and initialise the +\&\s-1RDRAND\s0 engine (if available). This not a default option. +.IP "\s-1OPENSSL_INIT_ENGINE_DYNAMIC\s0" 4 +.IX Item "OPENSSL_INIT_ENGINE_DYNAMIC" +With this option the library will automatically load and initialise the +dynamic engine. This not a default option. +.IP "\s-1OPENSSL_INIT_ENGINE_OPENSSL\s0" 4 +.IX Item "OPENSSL_INIT_ENGINE_OPENSSL" +With this option the library will automatically load and initialise the +openssl engine. This not a default option. +.IP "\s-1OPENSSL_INIT_ENGINE_CRYPTODEV\s0" 4 +.IX Item "OPENSSL_INIT_ENGINE_CRYPTODEV" +With this option the library will automatically load and initialise the +cryptodev engine (if available). This not a default option. +.IP "\s-1OPENSSL_INIT_ENGINE_CAPI\s0" 4 +.IX Item "OPENSSL_INIT_ENGINE_CAPI" +With this option the library will automatically load and initialise the +\&\s-1CAPI\s0 engine (if available). This not a default option. +.IP "\s-1OPENSSL_INIT_ENGINE_PADLOCK\s0" 4 +.IX Item "OPENSSL_INIT_ENGINE_PADLOCK" +With this option the library will automatically load and initialise the +padlock engine (if available). This not a default option. +.IP "\s-1OPENSSL_INIT_ENGINE_AFALG\s0" 4 +.IX Item "OPENSSL_INIT_ENGINE_AFALG" +With this option the library will automatically load and initialise the +\&\s-1AFALG\s0 engine. This not a default option. +.IP "\s-1OPENSSL_INIT_ENGINE_ALL_BUILTIN\s0" 4 +.IX Item "OPENSSL_INIT_ENGINE_ALL_BUILTIN" +With this option the library will automatically load and initialise all the +built in engines listed above with the exception of the openssl and afalg +engines. This not a default option. +.IP "\s-1OPENSSL_INIT_ATFORK\s0" 4 +.IX Item "OPENSSL_INIT_ATFORK" +With this option the library will register its fork handlers. +See \fIOPENSSL_fork_prepare\fR\|(3) for details. +.IP "\s-1OPENSSL_INIT_NO_ATEXIT\s0" 4 +.IX Item "OPENSSL_INIT_NO_ATEXIT" +By default OpenSSL will attempt to clean itself up when the process exits via an +\&\*(L"atexit\*(R" handler. Using this option suppresses that behaviour. This means that +the application will have to clean up OpenSSL explicitly using +\&\fIOPENSSL_cleanup()\fR. +.PP +Multiple options may be combined together in a single call to +\&\fIOPENSSL_init_crypto()\fR. For example: +.PP +.Vb 2 +\& OPENSSL_init_crypto(OPENSSL_INIT_NO_ADD_ALL_CIPHERS +\& | OPENSSL_INIT_NO_ADD_ALL_DIGESTS, NULL); +.Ve +.PP +The \fIOPENSSL_cleanup()\fR function deinitialises OpenSSL (both libcrypto +and libssl). All resources allocated by OpenSSL are freed. Typically there +should be no need to call this function directly as it is initiated +automatically on application exit. This is done via the standard C library +\&\fIatexit()\fR function. In the event that the application will close in a manner +that will not call the registered \fIatexit()\fR handlers then the application should +call \fIOPENSSL_cleanup()\fR directly. Developers of libraries using OpenSSL +are discouraged from calling this function and should instead, typically, rely +on auto-deinitialisation. This is to avoid error conditions where both an +application and a library it depends on both use OpenSSL, and the library +deinitialises it before the application has finished using it. +.PP +Once \fIOPENSSL_cleanup()\fR has been called the library cannot be reinitialised. +Attempts to call \fIOPENSSL_init_crypto()\fR will fail and an \s-1ERR_R_INIT_FAIL\s0 error +will be added to the error stack. Note that because initialisation has failed +OpenSSL error strings will not be available, only an error code. This code can +be put through the openssl errstr command line application to produce a human +readable error (see \fIopenssl\-errstr\fR\|(1)). +.PP +The \fIOPENSSL_atexit()\fR function enables the registration of a +function to be called during \fIOPENSSL_cleanup()\fR. Stop handlers are +called after deinitialisation of resources local to a thread, but before other +process wide resources are freed. In the event that multiple stop handlers are +registered, no guarantees are made about the order of execution. +.PP +The \fIOPENSSL_thread_stop_ex()\fR function deallocates resources associated +with the current thread for the given \s-1OPENSSL_CTX\s0 \fBctx\fR. The \fBctx\fR parameter +can be \s-1NULL\s0 in which case the default \s-1OPENSSL_CTX\s0 is used. +.PP +Typically, this function will be called automatically by the library when +the thread exits as long as the \s-1OPENSSL_CTX\s0 has not been freed before the thread +exits. If \fIOPENSSL_CTX_free()\fR is called OPENSSL_thread_stop_ex will be called +automatically for the current thread (but not any other threads that may have +used this \s-1OPENSSL_CTX\s0). +.PP +OPENSSL_thread_stop_ex should be called on all threads that will exit after the +\&\s-1OPENSSL_CTX\s0 is freed. +Typically this is not necessary for the default \s-1OPENSSL_CTX\s0 (because all +resources are cleaned up on library exit) except if thread local resources +should be freed before library exit, or under the circumstances described in +the \s-1NOTES\s0 section below. +.PP +\&\fIOPENSSL_thread_stop()\fR is the same as \fIOPENSSL_thread_stop_ex()\fR except that the +default \s-1OPENSSL_CTX\s0 is always used. +.PP +The \fB\s-1OPENSSL_INIT_LOAD_CONFIG\s0\fR flag will load a configuration file, as with +\&\fICONF_modules_load_file\fR\|(3) with \s-1NULL\s0 filename and application name and the +\&\fB\s-1CONF_MFLAGS_IGNORE_MISSING_FILE\s0\fR, \fB\s-1CONF_MFLAGS_IGNORE_RETURN_CODES\s0\fR and +\&\fB\s-1CONF_MFLAGS_DEFAULT_SECTION\s0\fR flags. +The filename, application name, and flags can be customized by providing a +non-null \fB\s-1OPENSSL_INIT_SETTINGS\s0\fR object. +The object can be allocated via \fB\f(BIOPENSSL_INIT_new()\fB\fR. +The \fB\f(BIOPENSSL_INIT_set_config_filename()\fB\fR function can be used to specify a +non-default filename, which is copied and need not refer to persistent storage. +Similarly, \fIOPENSSL_INIT_set_config_appname()\fR can be used to specify a +non-default application name. +Finally, OPENSSL_INIT_set_file_flags can be used to specify non-default flags. +If the \fB\s-1CONF_MFLAGS_IGNORE_RETURN_CODES\s0\fR flag is not included, any errors in +the configuration file will cause an error return from \fBOPENSSL_init_crypto\fR +or indirectly \fIOPENSSL_init_ssl\fR\|(3). +The object can be released with \fIOPENSSL_INIT_free()\fR when done. +.SH "NOTES" +.IX Header "NOTES" +Resources local to a thread are deallocated automatically when the thread exits +(e.g. in a pthreads environment, when \fIpthread_exit()\fR is called). On Windows +platforms this is done in response to a \s-1DLL_THREAD_DETACH\s0 message being sent to +the libcrypto32.dll entry point. Some windows functions may cause threads to exit +without sending this message (for example \fIExitProcess()\fR). If the application +uses such functions, then the application must free up OpenSSL resources +directly via a call to \fIOPENSSL_thread_stop()\fR on each thread. Similarly this +message will also not be sent if OpenSSL is linked statically, and therefore +applications using static linking should also call \fIOPENSSL_thread_stop()\fR on each +thread. Additionally if OpenSSL is loaded dynamically via \fILoadLibrary()\fR and the +threads are not destroyed until after \fIFreeLibrary()\fR is called then each thread +should call \fIOPENSSL_thread_stop()\fR prior to the \fIFreeLibrary()\fR call. +.PP +On Linux/Unix where OpenSSL has been loaded via \fIdlopen()\fR and the application is +multi-threaded and if \fIdlclose()\fR is subsequently called prior to the threads +being destroyed then OpenSSL will not be able to deallocate resources associated +with those threads. The application should either call \fIOPENSSL_thread_stop()\fR on +each thread prior to the \fIdlclose()\fR call, or alternatively the original \fIdlopen()\fR +call should use the \s-1RTLD_NODELETE\s0 flag (where available on the platform). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The functions OPENSSL_init_crypto, \fIOPENSSL_atexit()\fR and +\&\fIOPENSSL_INIT_set_config_appname()\fR return 1 on success or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIOPENSSL_init_ssl\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fIOPENSSL_init_crypto()\fR, \fIOPENSSL_cleanup()\fR, \fIOPENSSL_atexit()\fR, +\&\fIOPENSSL_thread_stop()\fR, \fIOPENSSL_INIT_new()\fR, \fIOPENSSL_INIT_set_config_appname()\fR +and \fIOPENSSL_INIT_free()\fR functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/OPENSSL_init_ssl.3 b/linux_amd64/ssl/share/man/man3/OPENSSL_init_ssl.3 new file mode 100755 index 0000000..1a811bb --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/OPENSSL_init_ssl.3 @@ -0,0 +1,200 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_INIT_SSL 3" +.TH OPENSSL_INIT_SSL 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_init_ssl \- OpenSSL (libssl and libcrypto) initialisation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +During normal operation OpenSSL (libssl and libcrypto) will allocate various +resources at start up that must, subsequently, be freed on close down of the +library. Additionally some resources are allocated on a per thread basis (if the +application is multi-threaded), and these resources must be freed prior to the +thread closing. +.PP +As of version 1.1.0 OpenSSL will automatically allocate all resources that it +needs so no explicit initialisation is required. Similarly it will also +automatically deinitialise as required. +.PP +However, there may be situations when explicit initialisation is desirable or +needed, for example when some non-default initialisation is required. The +function \fIOPENSSL_init_ssl()\fR can be used for this purpose. Calling +this function will explicitly initialise \s-1BOTH\s0 libcrypto and libssl. To +explicitly initialise \s-1ONLY\s0 libcrypto see the +\&\fIOPENSSL_init_crypto\fR\|(3) function. +.PP +Numerous internal OpenSSL functions call \fIOPENSSL_init_ssl()\fR. +Therefore, in order to perform non-default initialisation, +\&\fIOPENSSL_init_ssl()\fR \s-1MUST\s0 be called by application code prior to +any other OpenSSL function calls. +.PP +The \fBopts\fR parameter specifies which aspects of libssl and libcrypto should be +initialised. Valid options for libcrypto are described on the +\&\fIOPENSSL_init_crypto\fR\|(3) page. In addition to any libcrypto +specific option the following libssl options can also be used: +.IP "\s-1OPENSSL_INIT_NO_LOAD_SSL_STRINGS\s0" 4 +.IX Item "OPENSSL_INIT_NO_LOAD_SSL_STRINGS" +Suppress automatic loading of the libssl error strings. This option is +not a default option. Once selected subsequent calls to +\&\fIOPENSSL_init_ssl()\fR with the option +\&\fB\s-1OPENSSL_INIT_LOAD_SSL_STRINGS\s0\fR will be ignored. +.IP "\s-1OPENSSL_INIT_LOAD_SSL_STRINGS\s0" 4 +.IX Item "OPENSSL_INIT_LOAD_SSL_STRINGS" +Automatic loading of the libssl error strings. This option is a +default option. Once selected subsequent calls to +\&\fIOPENSSL_init_ssl()\fR with the option +\&\fB\s-1OPENSSL_INIT_LOAD_SSL_STRINGS\s0\fR will be ignored. +.PP +\&\fIOPENSSL_init_ssl()\fR takes a \fBsettings\fR parameter which can be used to +set parameter values. See \fIOPENSSL_init_crypto\fR\|(3) for details. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The function \fIOPENSSL_init_ssl()\fR returns 1 on success or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIOPENSSL_init_crypto\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fIOPENSSL_init_ssl()\fR function was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/OPENSSL_instrument_bus.3 b/linux_amd64/ssl/share/man/man3/OPENSSL_instrument_bus.3 new file mode 100755 index 0000000..cdf4104 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/OPENSSL_instrument_bus.3 @@ -0,0 +1,177 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_INSTRUMENT_BUS 3" +.TH OPENSSL_INSTRUMENT_BUS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_instrument_bus, OPENSSL_instrument_bus2 \- instrument references to memory bus +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 4 +\& #ifdef OPENSSL_CPUID_OBJ +\& size_t OPENSSL_instrument_bus(int *vector, size_t num); +\& size_t OPENSSL_instrument_bus2(int *vector, size_t num, size_t max); +\& #endif +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +It was empirically found that timings of references to primary memory +are subject to irregular, apparently non-deterministic variations. The +subroutines in question instrument these references for purposes of +gathering randomness for random number generator. In order to make it +bus-bound a 'flush cache line' instruction is used between probes. In +addition probes are added to \fBvector\fR elements in atomic or +interlocked manner, which should contribute additional noise on +multi-processor systems. This also means that \fBvector[num]\fR should be +zeroed upon invocation (if you want to retrieve actual probe values). +.PP +\&\fIOPENSSL_instrument_bus()\fR performs \fBnum\fR probes and records the number of +oscillator cycles every probe took. +.PP +\&\fIOPENSSL_instrument_bus2()\fR on the other hand \fBaccumulates\fR consecutive +probes with the same value, i.e. in a way it records duration of +periods when probe values appeared deterministic. The subroutine +performs at most \fBmax\fR probes in attempt to fill the \fBvector[num]\fR, +with \fBmax\fR value of 0 meaning \*(L"as many as it takes.\*(R" +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Return value of 0 indicates that \s-1CPU\s0 is not capable of performing the +benchmark, either because oscillator counter or 'flush cache line' is +not available on current platform. For reference, on x86 'flush cache +line' was introduced with the \s-1SSE2\s0 extensions. +.PP +Otherwise number of recorded values is returned. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2011\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/OPENSSL_load_builtin_modules.3 b/linux_amd64/ssl/share/man/man3/OPENSSL_load_builtin_modules.3 new file mode 100755 index 0000000..df941ba --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/OPENSSL_load_builtin_modules.3 @@ -0,0 +1,178 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_LOAD_BUILTIN_MODULES 3" +.TH OPENSSL_LOAD_BUILTIN_MODULES 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_load_builtin_modules, ASN1_add_oid_module, ENGINE_add_conf_module \- add standard configuration modules +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void OPENSSL_load_builtin_modules(void); +\& void ASN1_add_oid_module(void); +\& void ENGINE_add_conf_module(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fIOPENSSL_load_builtin_modules()\fR adds all the standard OpenSSL +configuration modules to the internal list. They can then be used by the +OpenSSL configuration code. +.PP +\&\fIASN1_add_oid_module()\fR adds just the \s-1ASN1\s0 \s-1OBJECT\s0 module. +.PP +\&\fIENGINE_add_conf_module()\fR adds just the \s-1ENGINE\s0 configuration module. +.SH "NOTES" +.IX Header "NOTES" +If the simple configuration function \fIOPENSSL_config()\fR is called then +\&\fIOPENSSL_load_builtin_modules()\fR is called automatically. +.PP +Applications which use the configuration functions directly will need to +call \fIOPENSSL_load_builtin_modules()\fR themselves \fIbefore\fR any other +configuration code. +.PP +Applications should call \fIOPENSSL_load_builtin_modules()\fR to load all +configuration modules instead of adding modules selectively: otherwise +functionality may be missing from the application if an when new +modules are added. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +None of the functions return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIconfig\fR\|(5), \fIOPENSSL_config\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2004\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/OPENSSL_malloc.3 b/linux_amd64/ssl/share/man/man3/OPENSSL_malloc.3 new file mode 100755 index 0000000..c4a283f --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/OPENSSL_malloc.3 @@ -0,0 +1,331 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_MALLOC 3" +.TH OPENSSL_MALLOC 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_malloc_init, +OPENSSL_malloc, OPENSSL_zalloc, OPENSSL_realloc, OPENSSL_free, +OPENSSL_clear_realloc, OPENSSL_clear_free, OPENSSL_cleanse, +CRYPTO_malloc, CRYPTO_zalloc, CRYPTO_realloc, CRYPTO_free, +OPENSSL_strdup, OPENSSL_strndup, +OPENSSL_memdup, OPENSSL_strlcpy, OPENSSL_strlcat, +CRYPTO_strdup, CRYPTO_strndup, +OPENSSL_mem_debug_push, OPENSSL_mem_debug_pop, +CRYPTO_mem_debug_push, CRYPTO_mem_debug_pop, +CRYPTO_clear_realloc, CRYPTO_clear_free, +CRYPTO_malloc_fn, CRYPTO_realloc_fn, CRYPTO_free_fn, +CRYPTO_get_mem_functions, CRYPTO_set_mem_functions, +CRYPTO_get_alloc_counts, +CRYPTO_set_mem_debug, CRYPTO_mem_ctrl, +CRYPTO_mem_leaks, CRYPTO_mem_leaks_fp, CRYPTO_mem_leaks_cb, +OPENSSL_MALLOC_FAILURES, +OPENSSL_MALLOC_FD +\&\- Memory allocation functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int OPENSSL_malloc_init(void); +\& +\& void *OPENSSL_malloc(size_t num); +\& void *OPENSSL_zalloc(size_t num); +\& void *OPENSSL_realloc(void *addr, size_t num); +\& void OPENSSL_free(void *addr); +\& char *OPENSSL_strdup(const char *str); +\& char *OPENSSL_strndup(const char *str, size_t s); +\& size_t OPENSSL_strlcat(char *dst, const char *src, size_t size); +\& size_t OPENSSL_strlcpy(char *dst, const char *src, size_t size); +\& void *OPENSSL_memdup(void *data, size_t s); +\& void *OPENSSL_clear_realloc(void *p, size_t old_len, size_t num); +\& void OPENSSL_clear_free(void *str, size_t num); +\& void OPENSSL_cleanse(void *ptr, size_t len); +\& +\& void *CRYPTO_malloc(size_t num, const char *file, int line); +\& void *CRYPTO_zalloc(size_t num, const char *file, int line); +\& void *CRYPTO_realloc(void *p, size_t num, const char *file, int line); +\& void CRYPTO_free(void *str, const char *, int); +\& char *CRYPTO_strdup(const char *p, const char *file, int line); +\& char *CRYPTO_strndup(const char *p, size_t num, const char *file, int line); +\& void *CRYPTO_clear_realloc(void *p, size_t old_len, size_t num, +\& const char *file, int line); +\& void CRYPTO_clear_free(void *str, size_t num, const char *, int) +\& +\& typedef void *(*CRYPTO_malloc_fn)(size_t num, const char *file, int line); +\& typedef void *(*CRYPTO_realloc_fn)(void *addr, size_t num, const char *file, +\& int line); +\& typedef void (*CRYPTO_free_fn)(void *addr, const char *file, int line); +\& void CRYPTO_get_mem_functions(CRYPTO_malloc_fn *malloc_fn, +\& CRYPTO_realloc_fn *realloc_fn, +\& CRYPTO_free_fn *free_fn); +\& int CRYPTO_set_mem_functions(CRYPTO_malloc_fn malloc_fn, +\& CRYPTO_realloc_fn realloc_fn, +\& CRYPTO_free_fn free_fn); +\& +\& void CRYPTO_get_alloc_counts(int *mcount, int *rcount, int *fcount); +\& +\& env OPENSSL_MALLOC_FAILURES=... +\& env OPENSSL_MALLOC_FD=... +.Ve +.PP +Deprecated: +.PP +.Vb 4 +\& int CRYPTO_mem_leaks(BIO *b); +\& int CRYPTO_mem_leaks_fp(FILE *fp); +\& int CRYPTO_mem_leaks_cb(int (*cb)(const char *str, size_t len, void *u), +\& void *u); +\& +\& int CRYPTO_set_mem_debug(int onoff) +\& int CRYPTO_mem_ctrl(int mode); +\& int OPENSSL_mem_debug_push(const char *info) +\& int OPENSSL_mem_debug_pop(void); +\& int CRYPTO_mem_debug_push(const char *info, const char *file, int line); +\& int CRYPTO_mem_debug_pop(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +OpenSSL memory allocation is handled by the \fBOPENSSL_xxx\fR \s-1API\s0. These are +generally macro's that add the standard C \fB_\|_FILE_\|_\fR and \fB_\|_LINE_\|_\fR +parameters and call a lower-level \fBCRYPTO_xxx\fR \s-1API\s0. +Some functions do not add those parameters, but exist for consistency. +.PP +\&\fIOPENSSL_malloc_init()\fR does nothing and does not need to be called. It is +included for compatibility with older versions of OpenSSL. +.PP +\&\fIOPENSSL_malloc()\fR, \fIOPENSSL_realloc()\fR, and \fIOPENSSL_free()\fR are like the +C \fImalloc()\fR, \fIrealloc()\fR, and \fIfree()\fR functions. +\&\fIOPENSSL_zalloc()\fR calls \fImemset()\fR to zero the memory before returning. +.PP +\&\fIOPENSSL_clear_realloc()\fR and \fIOPENSSL_clear_free()\fR should be used +when the buffer at \fBaddr\fR holds sensitive information. +The old buffer is filled with zero's by calling \fIOPENSSL_cleanse()\fR +before ultimately calling \fIOPENSSL_free()\fR. +.PP +\&\fIOPENSSL_cleanse()\fR fills \fBptr\fR of size \fBlen\fR with a string of 0's. +Use \fIOPENSSL_cleanse()\fR with care if the memory is a mapping of a file. +If the storage controller uses write compression, then its possible +that sensitive tail bytes will survive zeroization because the block of +zeros will be compressed. If the storage controller uses wear leveling, +then the old sensitive data will not be overwritten; rather, a block of +0's will be written at a new physical location. +.PP +\&\fIOPENSSL_strdup()\fR, \fIOPENSSL_strndup()\fR and \fIOPENSSL_memdup()\fR are like the +equivalent C functions, except that memory is allocated by calling the +\&\fIOPENSSL_malloc()\fR and should be released by calling \fIOPENSSL_free()\fR. +.PP +\&\fIOPENSSL_strlcpy()\fR, +\&\fIOPENSSL_strlcat()\fR and \fIOPENSSL_strnlen()\fR are equivalents of the common C +library functions and are provided for portability. +.PP +If no allocations have been done, it is possible to \*(L"swap out\*(R" the default +implementations for \fIOPENSSL_malloc()\fR, \fIOPENSSL_realloc()\fR and \fIOPENSSL_free()\fR +and replace them with alternate versions. +\&\fICRYPTO_get_mem_functions()\fR function fills in the given arguments with the +function pointers for the current implementations. +With \fICRYPTO_set_mem_functions()\fR, you can specify a different set of functions. +If any of \fBmalloc_fn\fR, \fBrealloc_fn\fR, or \fBfree_fn\fR are \s-1NULL\s0, then +the function is not changed. +While it's permitted to swap out only a few and not all the functions +with \fICRYPTO_set_mem_functions()\fR, it's recommended to swap them all out +at once. +.PP +If the library is built with the \f(CW\*(C`crypto\-mdebug\*(C'\fR option, then one +function, \fICRYPTO_get_alloc_counts()\fR, and two additional environment +variables, \fB\s-1OPENSSL_MALLOC_FAILURES\s0\fR and \fB\s-1OPENSSL_MALLOC_FD\s0\fR, +are available. +.PP +The function \fICRYPTO_get_alloc_counts()\fR fills in the number of times +each of \fICRYPTO_malloc()\fR, \fICRYPTO_realloc()\fR, and \fICRYPTO_free()\fR have been +called, into the values pointed to by \fBmcount\fR, \fBrcount\fR, and \fBfcount\fR, +respectively. If a pointer is \s-1NULL\s0, then the corresponding count is not stored. +.PP +The variable +\&\fB\s-1OPENSSL_MALLOC_FAILURES\s0\fR controls how often allocations should fail. +It is a set of fields separated by semicolons, which each field is a count +(defaulting to zero) and an optional atsign and percentage (defaulting +to 100). If the count is zero, then it lasts forever. For example, +\&\f(CW\*(C`100;@25\*(C'\fR or \f(CW\*(C`100@0;0@25\*(C'\fR means the first 100 allocations pass, then all +other allocations (until the program exits or crashes) have a 25% chance of +failing. +.PP +If the variable \fB\s-1OPENSSL_MALLOC_FD\s0\fR is parsed as a positive integer, then +it is taken as an open file descriptor, and a record of all allocations is +written to that descriptor. If an allocation will fail, and the platform +supports it, then a backtrace will be written to the descriptor. This can +be useful because a malloc may fail but not be checked, and problems will +only occur later. The following example in classic shell syntax shows how +to use this (will not work on all platforms): +.PP +.Vb 5 +\& OPENSSL_MALLOC_FAILURES=\*(Aq200;@10\*(Aq +\& export OPENSSL_MALLOC_FAILURES +\& OPENSSL_MALLOC_FD=3 +\& export OPENSSL_MALLOC_FD +\& ...app invocation... 3>/tmp/log$$ +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOPENSSL_malloc_init()\fR, \fIOPENSSL_free()\fR, \fIOPENSSL_clear_free()\fR +\&\fICRYPTO_free()\fR, \fICRYPTO_clear_free()\fR and \fICRYPTO_get_mem_functions()\fR +return no value. +.PP +\&\fIOPENSSL_malloc()\fR, \fIOPENSSL_zalloc()\fR, \fIOPENSSL_realloc()\fR, +\&\fIOPENSSL_clear_realloc()\fR, +\&\fICRYPTO_malloc()\fR, \fICRYPTO_zalloc()\fR, \fICRYPTO_realloc()\fR, +\&\fICRYPTO_clear_realloc()\fR, +\&\fIOPENSSL_strdup()\fR, and \fIOPENSSL_strndup()\fR +return a pointer to allocated memory or \s-1NULL\s0 on error. +.PP +\&\fICRYPTO_set_mem_functions()\fR returns 1 on success or 0 on failure (almost +always because allocations have already happened). +.PP +\&\fICRYPTO_mem_leaks()\fR, \fICRYPTO_mem_leaks_fp()\fR, \fICRYPTO_mem_leaks_cb()\fR, +\&\fICRYPTO_set_mem_debug()\fR, and \fICRYPTO_mem_ctrl()\fR are deprecated and return \-1. +\&\fIOPENSSL_mem_debug_push()\fR, \fIOPENSSL_mem_debug_pop()\fR, +\&\fICRYPTO_mem_debug_push()\fR, and \fICRYPTO_mem_debug_pop()\fR +are deprecated and return 0. +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIOPENSSL_mem_debug_push()\fR, \fIOPENSSL_mem_debug_pop()\fR, +\&\fICRYPTO_mem_debug_push()\fR, \fICRYPTO_mem_debug_pop()\fR, +\&\fICRYPTO_mem_leaks()\fR, \fICRYPTO_mem_leaks_fp()\fR, +\&\fICRYPTO_mem_leaks_cb()\fR, \fICRYPTO_set_mem_debug()\fR, \fICRYPTO_mem_ctrl()\fR +were deprecated in OpenSSL 3.0. +The memory-leak checking has been deprecated in OpenSSL 3.0 in favor of +clang's memory and leak sanitizer. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/OPENSSL_s390xcap.3 b/linux_amd64/ssl/share/man/man3/OPENSSL_s390xcap.3 new file mode 100755 index 0000000..944df3e --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/OPENSSL_s390xcap.3 @@ -0,0 +1,324 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_S390XCAP 3" +.TH OPENSSL_S390XCAP 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_s390xcap \- the IBM z processor capabilities vector +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& env OPENSSL_s390xcap=... +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +libcrypto supports z/Architecture instruction set extensions. These +extensions are denoted by individual bits in the capabilities vector. +When libcrypto is initialized, the bits returned by the \s-1STFLE\s0 instruction +and by the \s-1QUERY\s0 functions are stored in the vector. +.PP +To change the set of instructions available to an application, you can +set the \fBOPENSSL_s390xcap\fR environment variable before you start the +application. After initialization, the capability vector is ANDed bitwise +with a mask which is derived from the environment variable. +.PP +The environment variable is a semicolon-separated list of tokens which is +processed from left to right (whitespace is ignored): +.PP +.Vb 1 +\& OPENSSL_s390xcap=";;..." +.Ve +.PP +There are three types of tokens: +.IP "" 4 +.IX Item "" +The name of a processor generation. A bit in the environment variable's +mask is set to one if and only if the specified processor generation +implements the corresponding instruction set extension. Possible values +are \fBz900\fR, \fBz990\fR, \fBz9\fR, \fBz10\fR, \fBz196\fR, \fBzEC12\fR, \fBz13\fR, \fBz14\fR +and \fBz15\fR. +.IP "::" 4 +.IX Item "::" +The name of an instruction followed by two 64\-bit masks. The part of the +environment variable's mask corresponding to the specified instruction is +set to the specified 128\-bit mask. Possible values are \fBkimd\fR, \fBklmd\fR, +\&\fBkm\fR, \fBkmc\fR, \fBkmac\fR, \fBkmctr\fR, \fBkmo\fR, \fBkmf\fR, \fBprno\fR, \fBkma\fR, \fBpcc\fR +and \fBkdsa\fR. +.IP "stfle:::" 4 +.IX Item "stfle:::" +Store-facility-list-extended (stfle) followed by three 64\-bit masks. The +part of the environment variable's mask corresponding to the stfle +instruction is set to the specified 192\-bit mask. +.PP +The 64\-bit masks are specified in hexadecimal notation. The 0x prefix is +optional. Prefix a mask with a tilde, \f(CW\*(C`~\*(C'\fR, to denote a bitwise \s-1NOT\s0 operation. +.PP +The following is a list of significant bits for each instruction. Colon +rows separate the individual 64\-bit masks. The bit numbers in the first +column are consistent with [1], that is, 0 denotes the leftmost bit and +the numbering is continuous across 64\-bit mask boundaries. +.PP +.Vb 1 +\& Bit Mask Facility/Function +\& +\& stfle: +\& # 17 1<<46 message\-security assist +\& # 25 1<<38 store\-clock\-fast facility +\& : +\& # 76 1<<51 message\-security assist extension 3 +\& # 77 1<<50 message\-security assist extension 4 +\& : +\& #129 1<<62 vector facility +\& #134 1<<57 vector packed decimal facility +\& #135 1<<56 vector enhancements facility 1 +\& #146 1<<45 message\-security assist extension 8 +\& #155 1<<36 message\-security assist extension 9 +\& +\& kimd : +\& # 1 1<<62 KIMD\-SHA\-1 +\& # 2 1<<61 KIMD\-SHA\-256 +\& # 3 1<<60 KIMD\-SHA\-512 +\& # 32 1<<31 KIMD\-SHA3\-224 +\& # 33 1<<30 KIMD\-SHA3\-256 +\& # 34 1<<29 KIMD\-SHA3\-384 +\& # 35 1<<28 KIMD\-SHA3\-512 +\& # 36 1<<27 KIMD\-SHAKE\-128 +\& # 37 1<<26 KIMD\-SHAKE\-256 +\& : +\& # 65 1<<62 KIMD\-GHASH +\& +\& klmd : +\& # 32 1<<31 KLMD\-SHA3\-224 +\& # 33 1<<30 KLMD\-SHA3\-256 +\& # 34 1<<29 KLMD\-SHA3\-384 +\& # 35 1<<28 KLMD\-SHA3\-512 +\& # 36 1<<27 KLMD\-SHAKE\-128 +\& # 37 1<<26 KLMD\-SHAKE\-256 +\& : +\& +\& km : +\& # 18 1<<45 KM\-AES\-128 +\& # 19 1<<44 KM\-AES\-192 +\& # 20 1<<43 KM\-AES\-256 +\& # 50 1<<13 KM\-XTS\-AES\-128 +\& # 52 1<<11 KM\-XTS\-AES\-256 +\& : +\& +\& kmc : +\& # 18 1<<45 KMC\-AES\-128 +\& # 19 1<<44 KMC\-AES\-192 +\& # 20 1<<43 KMC\-AES\-256 +\& : +\& +\& kmac : +\& # 18 1<<45 KMAC\-AES\-128 +\& # 19 1<<44 KMAC\-AES\-192 +\& # 20 1<<43 KMAC\-AES\-256 +\& : +\& +\& kmctr: +\& : +\& +\& kmo : +\& # 18 1<<45 KMO\-AES\-128 +\& # 19 1<<44 KMO\-AES\-192 +\& # 20 1<<43 KMO\-AES\-256 +\& : +\& +\& kmf : +\& # 18 1<<45 KMF\-AES\-128 +\& # 19 1<<44 KMF\-AES\-192 +\& # 20 1<<43 KMF\-AES\-256 +\& : +\& +\& prno : +\& : +\& +\& kma : +\& # 18 1<<45 KMA\-GCM\-AES\-128 +\& # 19 1<<44 KMA\-GCM\-AES\-192 +\& # 20 1<<43 KMA\-GCM\-AES\-256 +\& : +\& +\& pcc : +\& : +\& # 64 1<<63 PCC\-Scalar\-Multiply\-P256 +\& # 65 1<<62 PCC\-Scalar\-Multiply\-P384 +\& # 66 1<<61 PCC\-Scalar\-Multiply\-P521 +\& # 72 1<<55 PCC\-Scalar\-Multiply\-Ed25519 +\& # 73 1<<54 PCC\-Scalar\-Multiply\-Ed448 +\& # 80 1<<47 PCC\-Scalar\-Multiply\-X25519 +\& # 81 1<<46 PCC\-Scalar\-Multiply\-X448 +\& +\& kdsa : +\& # 1 1<<62 KDSA\-ECDSA\-Verify\-P256 +\& # 2 1<<61 KDSA\-ECDSA\-Verify\-P384 +\& # 3 1<<60 KDSA\-ECDSA\-Verify\-P521 +\& # 9 1<<54 KDSA\-ECDSA\-Sign\-P256 +\& # 10 1<<53 KDSA\-ECDSA\-Sign\-P384 +\& # 11 1<<52 KDSA\-ECDSA\-Sign\-P521 +\& # 32 1<<31 KDSA\-EdDSA\-Verify\-Ed25519 +\& # 36 1<<27 KDSA\-EdDSA\-Verify\-Ed448 +\& # 40 1<<23 KDSA\-EdDSA\-Sign\-Ed25519 +\& # 44 1<<19 KDSA\-EdDSA\-Sign\-Ed448 +\& : +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Not available. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Disables all instruction set extensions which the z196 processor does not implement: +.PP +.Vb 1 +\& OPENSSL_s390xcap="z196" +.Ve +.PP +Disables the vector facility: +.PP +.Vb 1 +\& OPENSSL_s390xcap="stfle:~0:~0:~0x4000000000000000" +.Ve +.PP +Disables the KM-XTS-AES and and the KIMD-SHAKE function codes: +.PP +.Vb 1 +\& OPENSSL_s390xcap="km:~0x2800:~0;kimd:~0xc000000:~0" +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +[1] z/Architecture Principles of Operation, \s-1SA22\-7832\-12\s0 +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/OPENSSL_secure_malloc.3 b/linux_amd64/ssl/share/man/man3/OPENSSL_secure_malloc.3 new file mode 100755 index 0000000..b8be38b --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/OPENSSL_secure_malloc.3 @@ -0,0 +1,265 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_SECURE_MALLOC 3" +.TH OPENSSL_SECURE_MALLOC 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CRYPTO_secure_malloc_init, CRYPTO_secure_malloc_initialized, +CRYPTO_secure_malloc_done, OPENSSL_secure_malloc, CRYPTO_secure_malloc, +OPENSSL_secure_zalloc, CRYPTO_secure_zalloc, OPENSSL_secure_free, +CRYPTO_secure_free, OPENSSL_secure_clear_free, +CRYPTO_secure_clear_free, OPENSSL_secure_actual_size, +CRYPTO_secure_allocated, +CRYPTO_secure_used \- secure heap storage +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int CRYPTO_secure_malloc_init(size_t size, size_t minsize); +\& +\& int CRYPTO_secure_malloc_initialized(); +\& +\& int CRYPTO_secure_malloc_done(); +\& +\& void *OPENSSL_secure_malloc(size_t num); +\& void *CRYPTO_secure_malloc(size_t num, const char *file, int line); +\& +\& void *OPENSSL_secure_zalloc(size_t num); +\& void *CRYPTO_secure_zalloc(size_t num, const char *file, int line); +\& +\& void OPENSSL_secure_free(void* ptr); +\& void CRYPTO_secure_free(void *ptr, const char *, int); +\& +\& void OPENSSL_secure_clear_free(void* ptr, size_t num); +\& void CRYPTO_secure_clear_free(void *ptr, size_t num, const char *, int); +\& +\& size_t OPENSSL_secure_actual_size(const void *ptr); +\& +\& int CRYPTO_secure_allocated(const void *ptr); +\& size_t CRYPTO_secure_used(); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +In order to help protect applications (particularly long-running servers) +from pointer overruns or underruns that could return arbitrary data from +the program's dynamic memory area, where keys and other sensitive +information might be stored, OpenSSL supports the concept of a \*(L"secure heap.\*(R" +The level and type of security guarantees depend on the operating system. +It is a good idea to review the code and see if it addresses your +threat model and concerns. +.PP +If a secure heap is used, then private key \fB\s-1BIGNUM\s0\fR values are stored there. +This protects long-term storage of private keys, but will not necessarily +put all intermediate values and computations there. +.PP +\&\fICRYPTO_secure_malloc_init()\fR creates the secure heap, with the specified +\&\f(CW\*(C`size\*(C'\fR in bytes. The \f(CW\*(C`minsize\*(C'\fR parameter is the minimum size to +allocate from the heap or zero to use a reasonable default value. +Both \f(CW\*(C`size\*(C'\fR and, if specified, \f(CW\*(C`minsize\*(C'\fR must be a power of two and +\&\f(CW\*(C`minsize\*(C'\fR should generally be small, for example 16 or 32. +\&\f(CW\*(C`minsize\*(C'\fR must be less than a quarter of \f(CW\*(C`size\*(C'\fR in any case. +.PP +\&\fICRYPTO_secure_malloc_initialized()\fR indicates whether or not the secure +heap as been initialized and is available. +.PP +\&\fICRYPTO_secure_malloc_done()\fR releases the heap and makes the memory unavailable +to the process if all secure memory has been freed. +It can take noticeably long to complete. +.PP +\&\fIOPENSSL_secure_malloc()\fR allocates \f(CW\*(C`num\*(C'\fR bytes from the heap. +If \fICRYPTO_secure_malloc_init()\fR is not called, this is equivalent to +calling \fIOPENSSL_malloc()\fR. +It is a macro that expands to +\&\fICRYPTO_secure_malloc()\fR and adds the \f(CW\*(C`_\|_FILE_\|_\*(C'\fR and \f(CW\*(C`_\|_LINE_\|_\*(C'\fR parameters. +.PP +\&\fIOPENSSL_secure_zalloc()\fR and \fICRYPTO_secure_zalloc()\fR are like +\&\fIOPENSSL_secure_malloc()\fR and \fICRYPTO_secure_malloc()\fR, respectively, +except that they call \fImemset()\fR to zero the memory before returning. +.PP +\&\fIOPENSSL_secure_free()\fR releases the memory at \f(CW\*(C`ptr\*(C'\fR back to the heap. +It must be called with a value previously obtained from +\&\fIOPENSSL_secure_malloc()\fR. +If \fICRYPTO_secure_malloc_init()\fR is not called, this is equivalent to +calling \fIOPENSSL_free()\fR. +It exists for consistency with \fIOPENSSL_secure_malloc()\fR , and +is a macro that expands to \fICRYPTO_secure_free()\fR and adds the \f(CW\*(C`_\|_FILE_\|_\*(C'\fR +and \f(CW\*(C`_\|_LINE_\|_\*(C'\fR parameters.. +.PP +\&\fIOPENSSL_secure_clear_free()\fR is similar to \fIOPENSSL_secure_free()\fR except +that it has an additional \f(CW\*(C`num\*(C'\fR parameter which is used to clear +the memory if it was not allocated from the secure heap. +If \fICRYPTO_secure_malloc_init()\fR is not called, this is equivalent to +calling \fIOPENSSL_clear_free()\fR. +.PP +\&\fIOPENSSL_secure_actual_size()\fR tells the actual size allocated to the +pointer; implementations may allocate more space than initially +requested, in order to \*(L"round up\*(R" and reduce secure heap fragmentation. +.PP +\&\fIOPENSSL_secure_allocated()\fR tells if a pointer is allocated in the secure heap. +.PP +\&\fICRYPTO_secure_used()\fR returns the number of bytes allocated in the +secure heap. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fICRYPTO_secure_malloc_init()\fR returns 0 on failure, 1 if successful, +and 2 if successful but the heap could not be protected by memory +mapping. +.PP +\&\fICRYPTO_secure_malloc_initialized()\fR returns 1 if the secure heap is +available (that is, if \fICRYPTO_secure_malloc_init()\fR has been called, +but \fICRYPTO_secure_malloc_done()\fR has not been called or failed) or 0 if not. +.PP +\&\fIOPENSSL_secure_malloc()\fR and \fIOPENSSL_secure_zalloc()\fR return a pointer into +the secure heap of the requested size, or \f(CW\*(C`NULL\*(C'\fR if memory could not be +allocated. +.PP +\&\fICRYPTO_secure_allocated()\fR returns 1 if the pointer is in the secure heap, or 0 if not. +.PP +\&\fICRYPTO_secure_malloc_done()\fR returns 1 if the secure memory area is released, or 0 if not. +.PP +\&\fIOPENSSL_secure_free()\fR and \fIOPENSSL_secure_clear_free()\fR return no values. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIOPENSSL_malloc\fR\|(3), +\&\fIBN_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fIOPENSSL_secure_clear_free()\fR function was added in OpenSSL 1.1.0g. +.PP +The second argument to \fICRYPTO_secure_malloc_init()\fR was changed from an \fBint\fR to +a \fBsize_t\fR in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/OSSL_CMP_CTX_new.3 b/linux_amd64/ssl/share/man/man3/OSSL_CMP_CTX_new.3 new file mode 100755 index 0000000..99549a3 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/OSSL_CMP_CTX_new.3 @@ -0,0 +1,805 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_CMP_CTX_NEW 3" +.TH OSSL_CMP_CTX_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_CMP_CTX_new, +OSSL_CMP_CTX_free, +OSSL_CMP_CTX_reinit, +OSSL_CMP_CTX_set_option, +OSSL_CMP_CTX_get_option, +OSSL_CMP_CTX_set_log_cb, +OSSL_CMP_CTX_set_log_verbosity, +OSSL_CMP_CTX_print_errors, +OSSL_CMP_CTX_set1_serverPath, +OSSL_CMP_CTX_set1_serverName, +OSSL_CMP_CTX_set_serverPort, +OSSL_CMP_CTX_set1_proxyName, +OSSL_CMP_CTX_set_proxyPort, +OSSL_CMP_DEFAULT_PORT, +OSSL_CMP_CTX_set_http_cb, +OSSL_CMP_CTX_set_http_cb_arg, +OSSL_CMP_CTX_get_http_cb_arg, +OSSL_cmp_transfer_cb_t, +OSSL_CMP_CTX_set_transfer_cb, +OSSL_CMP_CTX_set_transfer_cb_arg, +OSSL_CMP_CTX_get_transfer_cb_arg, +OSSL_CMP_CTX_set1_srvCert, +OSSL_CMP_CTX_set1_expected_sender, +OSSL_CMP_CTX_set0_trustedStore, +OSSL_CMP_CTX_get0_trustedStore, +OSSL_CMP_CTX_set1_untrusted_certs, +OSSL_CMP_CTX_get0_untrusted_certs, +OSSL_CMP_CTX_set1_clCert, +OSSL_CMP_CTX_set1_pkey, +OSSL_CMP_CTX_set1_referenceValue, +OSSL_CMP_CTX_set1_secretValue, +OSSL_CMP_CTX_set1_recipient, +OSSL_CMP_CTX_push0_geninfo_ITAV, +OSSL_CMP_CTX_set1_extraCertsOut, +OSSL_CMP_CTX_set0_newPkey, +OSSL_CMP_CTX_get0_newPkey, +OSSL_CMP_CTX_set1_issuer, +OSSL_CMP_CTX_set1_subjectName, +OSSL_CMP_CTX_push1_subjectAltName, +OSSL_CMP_CTX_set0_reqExtensions, +OSSL_CMP_CTX_reqExtensions_have_SAN, +OSSL_CMP_CTX_push0_policy, +OSSL_CMP_CTX_set1_oldCert, +OSSL_CMP_CTX_set1_p10CSR, +OSSL_CMP_CTX_push0_genm_ITAV, +OSSL_cmp_certConf_cb_t, +OSSL_CMP_CTX_set_certConf_cb, +OSSL_CMP_CTX_set_certConf_cb_arg, +OSSL_CMP_CTX_get_certConf_cb_arg, +OSSL_CMP_CTX_get_status, +OSSL_CMP_CTX_get0_statusString, +OSSL_CMP_CTX_get_failInfoCode, +OSSL_CMP_CTX_get0_newCert, +OSSL_CMP_CTX_get1_caPubs, +OSSL_CMP_CTX_get1_extraCertsIn, +OSSL_CMP_CTX_set1_transactionID, +OSSL_CMP_CTX_set1_senderNonce +\&\- functions for managing the CMP client context data structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& OSSL_CMP_CTX *OSSL_CMP_CTX_new(void); +\& void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx); +\& int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx); +\& int OSSL_CMP_CTX_set_option(OSSL_CMP_CTX *ctx, int opt, int val); +\& int OSSL_CMP_CTX_get_option(const OSSL_CMP_CTX *ctx, int opt); +\& +\& /* logging and error reporting: */ +\& int OSSL_CMP_CTX_set_log_cb(OSSL_CMP_CTX *ctx, OSSL_cmp_log_cb_t cb); +\& #define OSSL_CMP_CTX_set_log_verbosity(ctx, level) +\& void OSSL_CMP_CTX_print_errors(OSSL_CMP_CTX *ctx); +\& +\& /* message transfer: */ +\& int OSSL_CMP_CTX_set1_serverPath(OSSL_CMP_CTX *ctx, const char *path); +\& int OSSL_CMP_CTX_set1_serverName(OSSL_CMP_CTX *ctx, const char *name); +\& int OSSL_CMP_CTX_set_serverPort(OSSL_CMP_CTX *ctx, int port); +\& int OSSL_CMP_CTX_set1_proxyName(OSSL_CMP_CTX *ctx, const char *name); +\& int OSSL_CMP_CTX_set_proxyPort(OSSL_CMP_CTX *ctx, int port); +\& #define OSSL_CMP_DEFAULT_PORT 80 +\& int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, HTTP_bio_cb_t cb); +\& int OSSL_CMP_CTX_set_http_cb_arg(OSSL_CMP_CTX *ctx, void *arg); +\& void *OSSL_CMP_CTX_get_http_cb_arg(const OSSL_CMP_CTX *ctx); +\& typedef OSSL_CMP_MSG *(*OSSL_cmp_transfer_cb_t)(OSSL_CMP_CTX *ctx, +\& const OSSL_CMP_MSG *req); +\& int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX *ctx, +\& OSSL_cmp_transfer_cb_t cb); +\& int OSSL_CMP_CTX_set_transfer_cb_arg(OSSL_CMP_CTX *ctx, void *arg); +\& void *OSSL_CMP_CTX_get_transfer_cb_arg(const OSSL_CMP_CTX *ctx); +\& +\& /* server authentication: */ +\& int OSSL_CMP_CTX_set1_srvCert(OSSL_CMP_CTX *ctx, X509 *cert); +\& int OSSL_CMP_CTX_set1_expected_sender(OSSL_CMP_CTX *ctx, +\& const X509_NAME *name); +\& int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX *ctx, X509_STORE *store); +\& X509_STORE *OSSL_CMP_CTX_get0_trustedStore(const OSSL_CMP_CTX *ctx); +\& int OSSL_CMP_CTX_set1_untrusted_certs(OSSL_CMP_CTX *ctx, +\& STACK_OF(X509) *certs); +\& STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted_certs(const OSSL_CMP_CTX *ctx); +\& +\& /* client authentication: */ +\& int OSSL_CMP_CTX_set1_clCert(OSSL_CMP_CTX *ctx, X509 *cert); +\& int OSSL_CMP_CTX_set1_pkey(OSSL_CMP_CTX *ctx, EVP_PKEY *pkey); +\& int OSSL_CMP_CTX_set1_referenceValue(OSSL_CMP_CTX *ctx, +\& const unsigned char *ref, int len); +\& int OSSL_CMP_CTX_set1_secretValue(OSSL_CMP_CTX *ctx, const unsigned char *sec, +\& const int len); +\& +\& /* CMP message header and extra certificates: */ +\& int OSSL_CMP_CTX_set1_recipient(OSSL_CMP_CTX *ctx, const X509_NAME *name); +\& int OSSL_CMP_CTX_push0_geninfo_ITAV(OSSL_CMP_CTX *ctx, OSSL_CMP_ITAV *itav); +\& int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx, +\& STACK_OF(X509) *extraCertsOut); +\& +\& /* certificate template: */ +\& int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey); +\& EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv); +\& int OSSL_CMP_CTX_set1_issuer(OSSL_CMP_CTX *ctx, const X509_NAME *name); +\& int OSSL_CMP_CTX_set1_subjectName(OSSL_CMP_CTX *ctx, const X509_NAME *name); +\& int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx, +\& const GENERAL_NAME *name); +\& int OSSL_CMP_CTX_set0_reqExtensions(OSSL_CMP_CTX *ctx, X509_EXTENSIONS *exts); +\& int OSSL_CMP_CTX_reqExtensions_have_SAN(OSSL_CMP_CTX *ctx); +\& int OSSL_CMP_CTX_push0_policy(OSSL_CMP_CTX *ctx, POLICYINFO *pinfo); +\& int OSSL_CMP_CTX_set1_oldCert(OSSL_CMP_CTX *ctx, X509 *cert); +\& int OSSL_CMP_CTX_set1_p10CSR(OSSL_CMP_CTX *ctx, const X509_REQ *csr); +\& +\& /* misc body contents: */ +\& int OSSL_CMP_CTX_push0_genm_ITAV(OSSL_CMP_CTX *ctx, OSSL_CMP_ITAV *itav); +\& +\& /* certificate confirmation: */ +\& typedef int (*OSSL_cmp_certConf_cb_t)(OSSL_CMP_CTX *ctx, X509 *cert, +\& int fail_info, const char **txt); +\& int OSSL_CMP_CTX_set_certConf_cb(OSSL_CMP_CTX *ctx, OSSL_cmp_certConf_cb_t cb); +\& int OSSL_CMP_CTX_set_certConf_cb_arg(OSSL_CMP_CTX *ctx, void *arg); +\& void *OSSL_CMP_CTX_get_certConf_cb_arg(const OSSL_CMP_CTX *ctx); +\& +\& /* result fetching: */ +\& int OSSL_CMP_CTX_get_status(const OSSL_CMP_CTX *ctx); +\& OSSL_CMP_PKIFREETEXT *OSSL_CMP_CTX_get0_statusString(const OSSL_CMP_CTX *ctx); +\& int OSSL_CMP_CTX_get_failInfoCode(const OSSL_CMP_CTX *ctx); +\& +\& X509 *OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX *ctx); +\& STACK_OF(X509) *OSSL_CMP_CTX_get1_caPubs(const OSSL_CMP_CTX *ctx); +\& STACK_OF(X509) *OSSL_CMP_CTX_get1_extraCertsIn(const OSSL_CMP_CTX *ctx); +\& +\& /* for test purposes only: */ +\& int OSSL_CMP_CTX_set1_transactionID(OSSL_CMP_CTX *ctx, +\& const ASN1_OCTET_STRING *id); +\& int OSSL_CMP_CTX_set1_senderNonce(OSSL_CMP_CTX *ctx, +\& const ASN1_OCTET_STRING *nonce); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This is the context \s-1API\s0 for using \s-1CMP\s0 (Certificate Management Protocol) with +OpenSSL. +.PP +\&\fIOSSL_CMP_CTX_new()\fR allocates and initializes an \s-1OSSL_CMP_CTX\s0 structure to +default values, e.g., proof-of-possession method is set to POPOSigningKey. +.PP +\&\fIOSSL_CMP_CTX_free()\fR deallocates an \s-1OSSL_CMP_CTX\s0 structure. +.PP +\&\fIOSSL_CMP_CTX_reinit()\fR prepares the given \fBctx\fR for a further transaction by +clearing the internal \s-1CMP\s0 transaction (aka session) status, PKIStatusInfo, +and any previous results (newCert, caPubs, and extraCertsIn) +from the last executed transaction. +All other field values (i.e., \s-1CMP\s0 options) are retained for potential re-use. +.PP +\&\fIOSSL_CMP_CTX_set_option()\fR sets the given value for the given option +(e.g., \s-1OSSL_CMP_OPT_IMPLICITCONFIRM\s0) in the given \s-1OSSL_CMP_CTX\s0 structure. +.PP +The following options can be set: +.IP "\fB\s-1OSSL_CMP_OPT_LOG_VERBOSITY\s0\fR" 4 +.IX Item "OSSL_CMP_OPT_LOG_VERBOSITY" +.Vb 3 +\& The level of severity needed for actually outputting log messages +\& due to errors, warnings, general info, debugging, etc. +\& Default is OSSL_CMP_LOG_INFO. See also L. +.Ve +.IP "\fB\s-1OSSL_CMP_OPT_MSGTIMEOUT\s0\fR" 4 +.IX Item "OSSL_CMP_OPT_MSGTIMEOUT" +.Vb 2 +\& Number of seconds (or 0 for infinite) a CMP message round trip is +\& allowed to take before a timeout error is returned. Default is 120. +.Ve +.IP "\fB\s-1OSSL_CMP_OPT_TOTALTIMEOUT\s0\fR" 4 +.IX Item "OSSL_CMP_OPT_TOTALTIMEOUT" +.Vb 2 +\& Maximum total number of seconds an enrollment (including polling) +\& may take. Default is 0 (infinite). +.Ve +.IP "\fB\s-1OSSL_CMP_OPT_VALIDITYDAYS\s0\fR" 4 +.IX Item "OSSL_CMP_OPT_VALIDITYDAYS" +.Vb 1 +\& Number of days new certificates are asked to be valid for. +.Ve +.IP "\fB\s-1OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT\s0\fR" 4 +.IX Item "OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT" +.Vb 2 +\& Do not take default Subject Alternative Names +\& from the reference certificate. +.Ve +.IP "\fB\s-1OSSL_CMP_OPT_SUBJECTALTNAME_CRITICAL\s0\fR" 4 +.IX Item "OSSL_CMP_OPT_SUBJECTALTNAME_CRITICAL" +.Vb 1 +\& Demand that the given Subject Alternative Names are flagged as critical. +.Ve +.IP "\fB\s-1OSSL_CMP_OPT_POLICIES_CRITICAL\s0\fR" 4 +.IX Item "OSSL_CMP_OPT_POLICIES_CRITICAL" +.Vb 1 +\& Demand that the given policies are flagged as critical. +.Ve +.IP "\fB\s-1OSSL_CMP_OPT_POPOMETHOD\s0\fR" 4 +.IX Item "OSSL_CMP_OPT_POPOMETHOD" +.Vb 1 +\& Select the proof of possession method to use. Possible values are: +\& +\& OSSL_CRMF_POPO_NONE \- ProofOfPossession field omitted +\& OSSL_CRMF_POPO_RAVERIFIED \- assert that the RA has already +\& verified the PoPo +\& OSSL_CRMF_POPO_SIGNATURE \- sign a value with private key, +\& which is the default. +\& OSSL_CRMF_POPO_KEYENC \- decrypt the encrypted certificate +\& ("indirect method") +\& +\& Note that a signature\-based POPO can only be produced if a private key +\& is provided as the newPkey or client pkey component of the CMP context. +.Ve +.IP "\fB\s-1OSSL_CMP_OPT_DIGEST_ALGNID\s0\fR" 4 +.IX Item "OSSL_CMP_OPT_DIGEST_ALGNID" +.Vb 3 +\& The digest algorithm NID to be used in RFC 4210\*(Aqs MSG_SIG_ALG, +\& if applicable used for message protection and Proof\-of\-Possession. +\& Default is SHA256. +\& +\& OSSL_CMP_OPT_OWF_ALGNID +\& The digest algorithm NID to be used as one\-way function (OWF) +\& in RFC 4210\*(Aqs MSG_MAC_ALG, if applicable used for message protection. +\& Default is SHA256. +\& +\& OSSL_CMP_OPT_MAC_ALGNID +\& The MAC algorithm NID to be used in RFC 4210\*(Aqs MSG_MAC_ALG, +\& if applicable used for message protection. +\& Default is HMAC\-SHA1 as per RFC 4210. +.Ve +.IP "\fB\s-1OSSL_CMP_OPT_REVOCATION_REASON\s0\fR" 4 +.IX Item "OSSL_CMP_OPT_REVOCATION_REASON" +.Vb 2 +\& The reason code to be included in a Revocation Request (RR); +\& values: 0..10 (RFC 5210, 5.3.1) or \-1 for none, which is the default. +.Ve +.IP "\fB\s-1OSSL_CMP_OPT_IMPLICITCONFIRM\s0\fR" 4 +.IX Item "OSSL_CMP_OPT_IMPLICITCONFIRM" +.Vb 4 +\& Request server to enable implicit confirm mode, where the client +\& does not need to send confirmation upon receiving the +\& certificate. If the server does not enable implicit confirmation +\& in the return message, then confirmation is sent anyway. +.Ve +.IP "\fB\s-1OSSL_CMP_OPT_DISABLECONFIRM\s0\fR" 4 +.IX Item "OSSL_CMP_OPT_DISABLECONFIRM" +.Vb 5 +\& Do not confirm enrolled certificates, to cope with broken servers +\& not supporting implicit confirmation correctly. +\&B This setting leads to unspecified behavior and it is meant +\&exclusively to allow interoperability with server implementations violating +\&RFC 4210. +.Ve +.IP "\fB\s-1OSSL_CMP_OPT_UNPROTECTED_SEND\s0\fR" 4 +.IX Item "OSSL_CMP_OPT_UNPROTECTED_SEND" +.Vb 1 +\& Send messages without CMP\-level protection. +.Ve +.IP "\fB\s-1OSSL_CMP_OPT_UNPROTECTED_ERRORS\s0\fR" 4 +.IX Item "OSSL_CMP_OPT_UNPROTECTED_ERRORS" +.Vb 7 +\& Accept unprotected error responses which are either explicitly +\& unprotected or where protection verification failed. Applies to regular +\& error messages as well as certificate responses (IP/CP/KUP) and +\& revocation responses (RP) with rejection. +\&B This setting leads to unspecified behavior and it is meant +\&exclusively to allow interoperability with server implementations violating +\&RFC 4210. +.Ve +.IP "\fB\s-1OSSL_CMP_OPT_IGNORE_KEYUSAGE\s0\fR" 4 +.IX Item "OSSL_CMP_OPT_IGNORE_KEYUSAGE" +.Vb 3 +\& Ignore key usage restrictions in signer certificate when +\& validating signature\-based protection in received CMP messages. +\& Else, \*(AqdigitalSignature\*(Aq must be allowed by CMP signer certificates. +.Ve +.IP "\fB\s-1OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR\s0\fR" 4 +.IX Item "OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR" +.Vb 2 +\& Allow retrieving a trust anchor from extraCerts and using that +\& to validate the certificate chain of an IP message. +.Ve +.PP +\&\fIOSSL_CMP_CTX_get_option()\fR reads the current value of the given option +(e.g., \s-1OSSL_CMP_OPT_IMPLICITCONFIRM\s0) from the given \s-1OSSL_CMP_CTX\s0 structure. +.PP +\&\fIOSSL_CMP_CTX_set_log_cb()\fR sets in \fBctx\fR the callback function \f(CW\*(C`cb\*(C'\fR +for handling error queue entries and logging messages. +When \f(CW\*(C`cb\*(C'\fR is \s-1NULL\s0 errors are printed to \s-1STDERR\s0 (if available, else ignored) +any log messages are ignored. +Alternatively, \fIOSSL_CMP_log_open\fR\|(3) may be used to direct logging to \s-1STDOUT\s0. +.PP +\&\fIOSSL_CMP_CTX_set_log_verbosity()\fR is a macro setting the +\&\s-1OSSL_CMP_OPT_LOG_VERBOSITY\s0 context option to the given level. +.PP +\&\fIOSSL_CMP_CTX_print_errors()\fR outputs any entries in the OpenSSL error queue. +It is similar to \fB\f(BIERR_print_errors_cb()\fB\fR but uses the \s-1CMP\s0 log callback function +if set in the \f(CW\*(C`ctx\*(C'\fR for uniformity with \s-1CMP\s0 logging if given. Otherwise it uses +\&\fB\f(BIERR_print_errors\fB\|(3)\fR to print to \s-1STDERR\s0 (unless \s-1OPENSSL_NO_STDIO\s0 is defined). +.PP +\&\fIOSSL_CMP_CTX_set1_serverPath()\fR sets the \s-1HTTP\s0 path of the \s-1CMP\s0 server on the host. +.PP +\&\fIOSSL_CMP_CTX_set1_serverName()\fR sets the given server Address (as \s-1IP\s0 or name) +in the given \s-1OSSL_CMP_CTX\s0 structure. +.PP +\&\fIOSSL_CMP_CTX_set_serverPort()\fR sets the port of the \s-1CMP\s0 server to connect to. +Port defaults to \s-1OSSL_CMP_DEFAULT_PORT\s0 = 80 if not set explicitly. +.PP +\&\fIOSSL_CMP_CTX_set1_proxyName()\fR sets the hostname of the \s-1HTTP\s0 proxy to be used +for connecting to the \s-1CA\s0 server. +.PP +\&\fIOSSL_CMP_CTX_set_proxyPort()\fR sets the port of the \s-1HTTP\s0 proxy. +Port defaults to \s-1OSSL_CMP_DEFAULT_PORT\s0 = 80 if not set explicitly. +.PP +\&\fIOSSL_CMP_CTX_set_http_cb()\fR sets the optional \s-1BIO\s0 connect/disconnect callback +function, which has the prototype +.PP +.Vb 1 +\& typedef BIO *(*HTTP_bio_cb_t) (BIO *bio, void *ctx, int connect, int detail); +.Ve +.PP +The callback may modify the \s-1BIO\s0 \fBbio\fR provided by \fIOSSL_CMP_MSG_http_perform()\fR, +whereby it may make use of a custom defined argument \fBctx\fR +stored in the \s-1OSSL_CMP_CTX\s0 by means of \fIOSSL_CMP_CTX_set_http_cb_arg()\fR. +During connection establishment, just after calling \fIBIO_connect_retry()\fR, +the function is invoked with the \fBconnect\fR argument being 1 and the \fBdetail\fR +argument being 1 if \s-1HTTPS\s0 is requested, i.e., \s-1SSL/TLS\s0 should be enabled. On +disconnect \fBconnect\fR is 0 and \fBdetail\fR is 1 in case no error occurred, else 0. +For instance, on connect the function may prepend a \s-1TLS\s0 \s-1BIO\s0 to implement \s-1HTTPS\s0; +after disconnect it may do some diagnostic output and/or specific cleanup. +The function should return \s-1NULL\s0 to indicate failure. +After disconnect the modified \s-1BIO\s0 will be deallocated using \fIBIO_free_all()\fR. +.PP +\&\fIOSSL_CMP_CTX_set_http_cb_arg()\fR sets an argument, respectively a pointer to +a structure containing arguments, +optionally to be used by the http connect/disconnect callback function. +\&\fBarg\fR is not consumed, and it must therefore explicitly be freed when not +needed any more. \fBarg\fR may be \s-1NULL\s0 to clear the entry. +.PP +\&\fIOSSL_CMP_CTX_get_http_cb_arg()\fR gets the argument, respectively the pointer to a +structure containing arguments, previously set by +\&\fIOSSL_CMP_CTX_set_http_cb_arg()\fR or \s-1NULL\s0 if unset. +.PP +\&\fIOSSL_CMP_CTX_set_transfer_cb()\fR sets the message transfer callback function, +which has the type +.PP +.Vb 2 +\& typedef OSSL_CMP_MSG *(*OSSL_cmp_transfer_cb_t) (OSSL_CMP_CTX *ctx, +\& const OSSL_CMP_MSG *req); +.Ve +.PP +Returns 1 on success, 0 on error. +.PP +Default is \s-1NULL\s0, which implies the use of \fIOSSL_CMP_MSG_http_perform\fR\|(3). +The callback should send the \s-1CMP\s0 request message it obtains via the \fBreq\fR +parameter and on success return the response. +The transfer callback may make use of a custom defined argument stored in +the ctx by means of \fIOSSL_CMP_CTX_set_transfer_cb_arg()\fR, which may be retrieved +again through \fIOSSL_CMP_CTX_get_transfer_cb_arg()\fR. +.PP +\&\fIOSSL_CMP_CTX_set_transfer_cb_arg()\fR sets an argument, respectively a pointer to a +structure containing arguments, optionally to be used by the transfer callback. +\&\fBarg\fR is not consumed, and it must therefore explicitly be freed when not +needed any more. \fBarg\fR may be \s-1NULL\s0 to clear the entry. +.PP +\&\fIOSSL_CMP_CTX_get_transfer_cb_arg()\fR gets the argument, respectively the pointer +to a structure containing arguments, previously set by +\&\fIOSSL_CMP_CTX_set_transfer_cb_arg()\fR or \s-1NULL\s0 if unset. +.PP +\&\fIOSSL_CMP_CTX_set1_srvCert()\fR pins the server certificate to be directly trusted +(even if it is expired) for verifying response messages. +The cert pointer is not consumed. It may be \s-1NULL\s0 to clear the entry. +.PP +\&\fIOSSL_CMP_CTX_set1_expected_sender()\fR sets the Distinguished Name (\s-1DN\s0) expected to +be given in the sender response for messages protected with \s-1MSG_SIG_ALG\s0. This +may be used to enforce that during validation of received messages the given \s-1DN\s0 +matches the sender field of the PKIMessage header, which in turn is used to +identify the server certificate. +This can be used to ensure that only a particular entity is accepted to act as +\&\s-1CMP\s0 server, and attackers are not able to use arbitrary certificates of a +trusted \s-1PKI\s0 hierarchy to fraudulently pose as server. +This defaults to the subject \s-1DN\s0 of the certificate set via +\&\fIOSSL_CMP_CTX_set1_srvCert()\fR, if any. +.PP +\&\fIOSSL_CMP_CTX_set0_trustedStore()\fR sets the X509_STORE type certificate store +containing trusted (root) \s-1CA\s0 certificates. The certificate store may also hold +CRLs and a certificate verification callback function used for \s-1CMP\s0 server +authentication. Any already existing store entry is freed. When given a \s-1NULL\s0 +parameter the entry is cleared. +.PP +\&\fIOSSL_CMP_CTX_get0_trustedStore()\fR returns a pointer to the certificate store +containing trusted root \s-1CA\s0 certificates, which may be empty if unset. +.PP +\&\fIOSSL_CMP_CTX_set1_untrusted_certs()\fR takes over a list of certificates containing +non-trusted intermediate certs used for path construction in authentication +of the \s-1CMP\s0 server and potentially others (\s-1TLS\s0 server, newly enrolled cert). +The reference counts of those certificates handled successfully are increased. +.PP +OSSL_CMP_CTX_get0_untrusted_certs(\s-1OSSL_CMP_CTX\s0 *ctx) returns a pointer to the +list of untrusted certs, which my be empty if unset. +.PP +\&\fIOSSL_CMP_CTX_set1_clCert()\fR sets the client certificate in the given +\&\s-1OSSL_CMP_CTX\s0 structure. The client certificate will then be used by the +functions to set the \*(L"sender\*(R" field for outgoing messages and it will be +included in the extraCerts field. +.PP +\&\fIOSSL_CMP_CTX_set1_pkey()\fR sets the private key corresponding to the client +certificate set with \fB\f(BIOSSL_CMP_CTX_set1_clCert()\fB\fR in the given \s-1CMP\s0 context. +Used to create the protection in case of \s-1MSG_SIG_ALG\s0. +.PP +\&\fIOSSL_CMP_CTX_set1_referenceValue()\fR sets the given referenceValue in the given +\&\fBctx\fR or clears it if the \fBref\fR argument is \s-1NULL\s0. +.PP +\&\fIOSSL_CMP_CTX_set1_secretValue()\fR sets the \fBsec\fR with the length \fBlen\fR in the +given \fBctx\fR or clears it if the \fBsec\fR argument is \s-1NULL\s0. +.PP +\&\fIOSSL_CMP_CTX_set1_recipient()\fR sets the recipient name that will be used in the +PKIHeader of a request message, i.e. the X509 name of the (\s-1CA\s0) server. +Setting is overruled by subject of srvCert if set. +If neither srvCert nor recipient are set, the recipient of the \s-1PKI\s0 message is +determined in the following order: issuer, issuer of old cert (oldCert), +issuer of client cert (clCert), else NULL-DN. +When a response is received, its sender must match the recipient of the request. +.PP +\&\fIOSSL_CMP_CTX_push0_geninfo_ITAV()\fR adds \fBitav\fR to the stack in the \fBctx\fR to be +added to the GeneralInfo field of the \s-1CMP\s0 PKIMessage header of a request +message sent with this context. Consumes the pointer to \fBitav\fR. +.PP +\&\fIOSSL_CMP_CTX_set1_extraCertsOut()\fR sets the stack of extraCerts that will be +sent to remote. +.PP +\&\fIOSSL_CMP_CTX_set0_newPkey()\fR can be used to explicitly set the given \s-1EVP_PKEY\s0 +structure as the private or public key to be certified in the \s-1CMP\s0 context. +The \fBpriv\fR parameter must be 0 if and only if the given key is a public key. +.PP +\&\fIOSSL_CMP_CTX_get0_newPkey()\fR gives the key to use for certificate enrollment +dependent on fields of the \s-1CMP\s0 context structure: +the newPkey (which may be a private or public key) if present, +else the public key in the p10CSR if present, else the client private key. +If the \fBpriv\fR parameter is not 0 and the selected key does not have a +private component then \s-1NULL\s0 is returned. +.PP +\&\fIOSSL_CMP_CTX_set1_issuer()\fR sets the name of the intended issuer that +will be set in the CertTemplate, i.e., the X509 name of the \s-1CA\s0 server. +.PP +\&\fIOSSL_CMP_CTX_set1_subjectName()\fR sets the subject \s-1DN\s0 that will be used in +the CertTemplate structure when requesting a new cert. For Key Update Requests +(\s-1KUR\s0), it defaults to the subject \s-1DN\s0 of the reference certificate, +see \fB\f(BIOSSL_CMP_CTX_set1_oldCert()\fB\fR. This default is used for Initialization +Requests (\s-1IR\s0) and Certification Requests (\s-1CR\s0) only if no SANs are set. +.PP +If clCert is not set (e.g. in case of \s-1IR\s0 with \s-1MSG_MAC_ALG\s0), the subject \s-1DN\s0 +is also used as sender of the \s-1PKI\s0 message. +.PP +\&\fIOSSL_CMP_CTX_push1_subjectAltName()\fR adds the given X509 name to the list of +alternate names on the certificate template request. This cannot be used if +any Subject Alternative Name extension is set via +\&\fIOSSL_CMP_CTX_set0_reqExtensions()\fR. +By default, unless \s-1OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT\s0 has been set, +the Subject Alternative Names are copied from the reference certificate, +see \fIOSSL_CMP_CTX_set1_oldCert()\fR. +.PP +If set and the subject \s-1DN\s0 is not set with \fIOSSL_CMP_CTX_set1_subjectName()\fR, then +the certificate template of an \s-1IR\s0 and \s-1CR\s0 will not be filled with the default +subject \s-1DN\s0 from the reference certificate (see \fIOSSL_CMP_CTX_set1_oldCert()\fR. +If a subject \s-1DN\s0 is desired it needs to be set explicitly with +\&\fIOSSL_CMP_CTX_set1_subjectName()\fR. +.PP +\&\fIOSSL_CMP_CTX_set0_reqExtensions()\fR sets the X.509v3 extensions to be used in +\&\s-1IR/CR/KUR\s0. +.PP +\&\fIOSSL_CMP_CTX_reqExtensions_have_SAN()\fR returns 1 if the context contains +a Subject Alternative Name extension, else 0 or \-1 on error. +.PP +\&\fIOSSL_CMP_CTX_push0_policy()\fR adds the certificate policy info object +to the X509_EXTENSIONS of the requested certificate template. +.PP +\&\fIOSSL_CMP_CTX_set1_oldCert()\fR sets the old certificate to be updated in +Key Update Requests (\s-1KUR\s0) or to be revoked in Revocation Requests (\s-1RR\s0). +It must be given for \s-1RR\s0, else it defaults to \fBclCert\fR. +The reference certificate determined in this way, if any, is also used for +deriving default subject \s-1DN\s0 and Subject Alternative Names for \s-1IR\s0, \s-1CR\s0, and \s-1KUR\s0. +Its issuer, if any, is used as default recipient in the \s-1CMP\s0 message header. +.PP +\&\fIOSSL_CMP_CTX_set1_p10CSR()\fR sets the PKCS#10 \s-1CSR\s0 to be used in P10CR. +.PP +\&\fIOSSL_CMP_CTX_push0_genm_ITAV()\fR adds \fBitav\fR to the stack in the \fBctx\fR which +will be the body of a General Message sent with this context. +Consumes the pointer to \fBitav\fR. +.PP +\&\fIOSSL_CMP_CTX_set_certConf_cb()\fR sets the callback used for evaluating the newly +enrolled certificate before the library sends, depending on its result, +a positive or negative certConf message to the server. The callback has type +.PP +.Vb 2 +\& typedef int (*OSSL_cmp_certConf_cb_t) (OSSL_CMP_CTX *ctx, X509 *cert, +\& int fail_info, const char **txt); +.Ve +.PP +and should inspect the certificate it obtains via the \fBcert\fR parameter and may +overrule the pre-decision given in the \fBfail_info\fR and \fB*txt\fR parameters. +If it accepts the certificate it must return 0, indicating success. Else it must +return a bit field reflecting PKIFailureInfo with at least one failure bit and +may set the \fB*txt\fR output parameter to point to a string constant with more +detail. The transfer callback may make use of a custom defined argument stored +in the \fBctx\fR by means of \fIOSSL_CMP_CTX_set_certConf_cb_arg()\fR, which may be +retrieved again through \fIOSSL_CMP_CTX_get_certConf_cb_arg()\fR. +Typically, the callback will check at least that the certificate can be verified +using a set of trusted certificates. +It also could compare the subject \s-1DN\s0 and other fields of the newly +enrolled certificate with the certificate template of the request. +.PP +\&\fIOSSL_CMP_CTX_set_certConf_cb_arg()\fR sets an argument, respectively a pointer to a +structure containing arguments, optionally to be used by the certConf callback. +\&\fBarg\fR is not consumed, and it must therefore explicitly be freed when not +needed any more. \fBarg\fR may be \s-1NULL\s0 to clear the entry. +.PP +\&\fIOSSL_CMP_CTX_get_certConf_cb_arg()\fR gets the argument, respectively the pointer +to a structure containing arguments, previously set by +\&\fIOSSL_CMP_CTX_set_certConf_cb_arg()\fR, or \s-1NULL\s0 if unset. +.PP +\&\fIOSSL_CMP_CTX_get_status()\fR returns the PKIstatus from the last received +CertRepMessage or Revocation Response or error message, or \-1 if unset. +.PP +\&\fIOSSL_CMP_CTX_get0_statusString()\fR returns the statusString from the last received +CertRepMessage or Revocation Response or error message, or \s-1NULL\s0 if unset. +.PP +\&\fIOSSL_CMP_CTX_get_failInfoCode()\fR returns the error code from the failInfo field +of the last received CertRepMessage or Revocation Response or error message. +This is a bit field and the flags for it are specified in the header file +\&\fI\fR. +The flags start with \s-1OSSL_CMP_CTX_FAILINFO\s0, for example: +OSSL_CMP_CTX_FAILINFO_badAlg. Returns \-1 if the failInfoCode field is unset. +.PP +\&\fIOSSL_CMP_CTX_get0_newCert()\fR returns the pointer to the newly obtained +certificate in case it is available, else \s-1NULL\s0. +.PP +\&\fIOSSL_CMP_CTX_get1_caPubs()\fR returns a pointer to a duplicate of the stack of +X.509 certificates received in the caPubs field of last received certificate +response message \s-1IP/CP/KUP\s0. +.PP +\&\fIOSSL_CMP_CTX_get1_extraCertsIn()\fR returns a pointer to a duplicate of the stack +of X.509 certificates received in the last received non-empty extraCerts field. +Returns an empty stack if no extraCerts have been received in the current +transaction. +.PP +\&\fIOSSL_CMP_CTX_set1_transactionID()\fR sets the given transaction \s-1ID\s0 in the given +\&\s-1OSSL_CMP_CTX\s0 structure. +.PP +\&\fIOSSL_CMP_CTX_set1_senderNonce()\fR stores the last sent sender \fBnonce\fR in +the \fBctx\fR. This will be used to validate the recipNonce in incoming messages. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1CMP\s0 is defined in \s-1RFC\s0 4210 (and \s-1CRMF\s0 in \s-1RFC\s0 4211). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOSSL_CMP_CTX_free()\fR and \fIOSSL_CMP_CTX_print_errors()\fR do not return anything. +.PP +\&\fIOSSL_CMP_CTX_new()\fR, +\&\fIOSSL_CMP_CTX_get_http_cb_arg()\fR, +\&\fIOSSL_CMP_CTX_get_transfer_cb_arg()\fR, +\&\fIOSSL_CMP_CTX_get0_trustedStore()\fR, +\&\fIOSSL_CMP_CTX_get0_untrusted_certs()\fR, +\&\fIOSSL_CMP_CTX_get0_newPkey()\fR, +\&\fIOSSL_CMP_CTX_get_certConf_cb_arg()\fR, +\&\fIOSSL_CMP_CTX_get0_statusString()\fR, +\&\fIOSSL_CMP_CTX_get0_newCert()\fR, +\&\fIOSSL_CMP_CTX_get1_caPubs()\fR, and +\&\fIOSSL_CMP_CTX_get1_extraCertsIn()\fR +return the intended pointer value as described above or \s-1NULL\s0 on error. +.PP +\&\fIOSSL_CMP_CTX_get_option()\fR, +\&\fIOSSL_CMP_CTX_reqExtensions_have_SAN()\fR, +\&\fIOSSL_CMP_CTX_get_status()\fR, and +\&\fIOSSL_CMP_CTX_get_failInfoCode()\fR +return the intended value as described above or \-1 on error. +.PP +All other functions return 1 on success, 0 on error. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The following code does an Initialization Request: +.PP +.Vb 6 +\& cmp_ctx = OSSL_CMP_CTX_new(); +\& OSSL_CMP_CTX_set1_serverName(cmp_ctx, opt_serverName); +\& OSSL_CMP_CTX_set1_referenceValue(cmp_ctx, ref, ref_len); +\& OSSL_CMP_CTX_set1_secretValue(cmp_ctx, sec, sec_len); +\& OSSL_CMP_CTX_set0_newPkey(cmp_ctx, new_pkey, 1); +\& OSSL_CMP_CTX_set1_caCert(cmp_ctx, ca_cert); +\& +\& initialClCert = OSSL_CMP_exec_IR_ses(cmp_ctx); +.Ve +.PP +The following code does an Initialization Request using an +external identity certificate (\s-1RFC\s0 4210, Appendix E.7): +.PP +.Vb 6 +\& cmp_ctx = OSSL_CMP_CTX_new(); +\& OSSL_CMP_CTX_set1_serverName(cmp_ctx, sname); +\& OSSL_CMP_CTX_set1_clCert(cmp_ctx, cl_cert); +\& OSSL_CMP_CTX_set1_pkey(cmp_ctx, pkey); +\& OSSL_CMP_CTX_set0_newPkey(cmp_ctx, new_pkey, 1); +\& OSSL_CMP_CTX_set1_caCert(cmp_ctx, ca_cert); +\& +\& initialClCert = OSSL_CMP_exec_IR_ses(cmp_ctx); +.Ve +.PP +Here externalCert is an X509 certificate granted to the \s-1EE\s0 by another \s-1CA\s0 +which is trusted by the current \s-1CA\s0 the code will connect to. +.PP +The following code does a Key Update Request: +.PP +.Vb 6 +\& cmp_ctx = OSSL_CMP_CTX_new(); +\& OSSL_CMP_CTX_set1_serverName(cmp_ctx, sname); +\& OSSL_CMP_CTX_set1_pkey(cmp_ctx, pkey); +\& OSSL_CMP_CTX_set0_newPkey(cmp_ctx, new_pkey, 1); +\& OSSL_CMP_CTX_set1_clCert(cmp_ctx, cl_cert); +\& OSSL_CMP_CTX_set1_caCert(cmp_ctx, ca_cert); +\& +\& updatedClCert = OSSL_CMP_exec_KUR_ses(cmp_ctx); +.Ve +.PP +The following code (which omits error handling) sends a General Message +including, as an example, the id-it-signKeyPairTypes \s-1OID\s0 and prints info on +the General Response contents. +.PP +.Vb 4 +\& cmp_ctx = OSSL_CMP_CTX_new(); +\& OSSL_CMP_CTX_set1_serverName(cmp_ctx, sname); +\& OSSL_CMP_CTX_set1_referenceValue(cmp_ctx, ref, ref_len); +\& OSSL_CMP_CTX_set1_secretValue(cmp_ctx, sec, sec_len); +\& +\& ASN1_OBJECT *type = OBJ_txt2obj("1.3.6.1.5.5.7.4.2", 1); +\& OSSL_CMP_ITAV *itav = OSSL_CMP_ITAV_new(type, NULL); +\& OSSL_CMP_CTX_push0_genm_ITAV(cmp_ctx, itav); +\& +\& STACK_OF(OSSL_CMP_ITAV) *itavs; +\& itavs = OSSL_CMP_exec_GENM_ses(cmp_ctx); +\& print_itavs(itavs); +\& sk_OSSL_CMP_ITAV_pop_free(itavs, OSSL_CMP_ITAV_free); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIOSSL_CMP_exec_IR_ses\fR\|(3), \fIOSSL_CMP_exec_KUR_ses\fR\|(3), +\&\fIOSSL_CMP_exec_GENM_ses\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The OpenSSL \s-1CMP\s0 support was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2007\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/OSSL_CMP_CTX_snprint_PKIStatus.3 b/linux_amd64/ssl/share/man/man3/OSSL_CMP_CTX_snprint_PKIStatus.3 new file mode 100755 index 0000000..feedb46 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/OSSL_CMP_CTX_snprint_PKIStatus.3 @@ -0,0 +1,168 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_CMP_CTX_SNPRINT_PKISTATUS 3" +.TH OSSL_CMP_CTX_SNPRINT_PKISTATUS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_CMP_CTX_snprint_PKIStatus +\&\- function(s) for managing the CMP PKIStatus +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& char *OSSL_CMP_CTX_snprint_PKIStatus(OSSL_CMP_CTX *ctx, char *buf, int bufsize); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This is the PKIStatus \s-1API\s0 for using \s-1CMP\s0 (Certificate Management Protocol) with +OpenSSL. +.PP +\&\fIOSSL_CMP_CTX_snprint_PKIStatus()\fR takes the PKIStatusInfo components contained +in the given \s-1CMP\s0 context and places a human-readable string created from them +in the given buffer, with the given maximal length. +On success it returns a copy of the buffer pointer containing the string. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1CMP\s0 is defined in \s-1RFC\s0 4210 (and \s-1CRMF\s0 in \s-1RFC\s0 4211). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOSSL_CMP_CTX_snprint_PKIStatus()\fR +returns the intended pointer value as described above or \s-1NULL\s0 on error. +.SH "HISTORY" +.IX Header "HISTORY" +The OpenSSL \s-1CMP\s0 support was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2007\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/OSSL_CMP_HDR_get0_transactionID.3 b/linux_amd64/ssl/share/man/man3/OSSL_CMP_HDR_get0_transactionID.3 new file mode 100755 index 0000000..ebe66d3 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/OSSL_CMP_HDR_get0_transactionID.3 @@ -0,0 +1,169 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_CMP_HDR_GET0_TRANSACTIONID 3" +.TH OSSL_CMP_HDR_GET0_TRANSACTIONID 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_CMP_HDR_get0_transactionID, +OSSL_CMP_HDR_get0_recipNonce +\&\- functions manipulating CMP message headers +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_transactionID(const +\& OSSL_CMP_PKIHEADER *hdr); +\& ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_recipNonce(const +\& OSSL_CMP_PKIHEADER *hdr); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +OSSL_CMP_HDR_get0_transactionID returns the transaction \s-1ID\s0 of the given +PKIHeader. +.PP +OSSL_CMP_HDR_get0_recipNonce returns the recipient nonce of the given PKIHeader. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1CMP\s0 is defined in \s-1RFC\s0 4210. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The functions return the intended pointer value as described above +or \s-1NULL\s0 if the respective entry does not exist and on error. +.SH "HISTORY" +.IX Header "HISTORY" +The OpenSSL \s-1CMP\s0 support was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2007\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/OSSL_CMP_ITAV_set0.3 b/linux_amd64/ssl/share/man/man3/OSSL_CMP_ITAV_set0.3 new file mode 100755 index 0000000..7f1f7e9 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/OSSL_CMP_ITAV_set0.3 @@ -0,0 +1,233 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_CMP_ITAV_SET0 3" +.TH OSSL_CMP_ITAV_SET0 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_CMP_ITAV_create, +OSSL_CMP_ITAV_set0, +OSSL_CMP_ITAV_get0_type, +OSSL_CMP_ITAV_get0_value, +OSSL_CMP_ITAV_push0_stack_item +\&\- OSSL_CMP_ITAV utility functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 6 +\& #include +\& OSSL_CMP_ITAV *OSSL_CMP_ITAV_create(ASN1_OBJECT *type, ASN1_TYPE *value); +\& void OSSL_CMP_ITAV_set0(OSSL_CMP_ITAV *itav, ASN1_OBJECT *type, +\& ASN1_TYPE *value); +\& ASN1_OBJECT *OSSL_CMP_ITAV_get0_type(const OSSL_CMP_ITAV *itav); +\& ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav); +\& +\& int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p, +\& OSSL_CMP_ITAV *itav); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Certificate Management Protocol (\s-1CMP\s0, \s-1RFC\s0 4210) extension to OpenSSL +.PP +\&\s-1ITAV\s0 is short for InfoTypeAndValue. This type is defined in \s-1RFC\s0 4210 +section 5.3.19 and Appendix F. It is used at various places in \s-1CMP\s0 messages, +e.g., in the generalInfo PKIHeader field, to hold a key-value pair. +.PP +\&\fIOSSL_CMP_ITAV_create()\fR creates a new \s-1OSSL_CMP_ITAV\s0 structure and fills it in. +It combines \fB\f(BIOSSL_CMP_ITAV_new()\fB\fR and \fBOSSL_CMP_ITAV_set0\fR. +.PP +\&\fIOSSL_CMP_ITAV_set0()\fR sets the \fBitav\fR with an infoType of \fBtype\fR and an +infoValue of \fBvalue\fR. This function uses the pointers \fBtype\fR and \fBvalue\fR +internally, so they must \fBnot\fR be freed up after the call. +.PP +\&\fIOSSL_CMP_ITAV_get0_type()\fR returns a direct pointer to the infoType in the +\&\fBitav\fR. +.PP +\&\fIOSSL_CMP_ITAV_get0_value()\fR returns a direct pointer to the infoValue in +the \fBitav\fR as generic ASN1_TYPE*. +.PP +\&\fIOSSL_CMP_ITAV_push0_stack_item()\fR pushes \fBitav\fR to the stack pointed to +by \fB*itav_sk_p\fR. It creates a new stack if \fB*itav_sk_p\fR points to \s-1NULL\s0. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1CMP\s0 is defined in \s-1RFC\s0 4210 (and \s-1CRMF\s0 in \s-1RFC\s0 4211). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOSSL_CMP_ITAV_create()\fR returns a pointer to the \s-1ITAV\s0 structure on success, +or \s-1NULL\s0 on error. +.PP +\&\fIOSSL_CMP_ITAV_set0()\fR does not return a value. +.PP +\&\fIOSSL_CMP_ITAV_get0_type()\fR and \fIOSSL_CMP_ITAV_get0_value()\fR +return the respective pointer or \s-1NULL\s0 if their input is \s-1NULL\s0. +.PP +\&\fIOSSL_CMP_ITAV_push0_stack_item()\fR returns 1 on success, 0 on error. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The following code creates and sets a structure representing a generic +InfoTypeAndValue sequence, using an \s-1OID\s0 created from text as type, and an +integer as value. Afterwards, it is pushed to the \s-1OSSL_CMP_CTX\s0 to be later +included in the requests' PKIHeader's genInfo field. +.PP +.Vb 2 +\& ASN1_OBJECT *type = OBJ_txt2obj("1.2.3.4.5", 1); +\& if (type == NULL) ... +\& +\& ASN1_INTEGER *asn1int = ASN1_INTEGER_new(); +\& if (asn1int == NULL || !ASN1_INTEGER_set(asn1int, 12345)) ... +\& +\& ASN1_TYPE *val = ASN1_TYPE_new(); +\& if (val == NULL) ... +\& ASN1_TYPE_set(val, V_ASN1_INTEGER, asn1int); +\& +\& OSSL_CMP_ITAV *itav = OSSL_CMP_ITAV_create(type, val); +\& if (itav == NULL) ... +\& +\& OSSL_CMP_CTX *ctx = OSSL_CMP_CTX_new(); +\& if (ctx == NULL || !OSSL_CMP_CTX_geninfo_push0_ITAV(ctx, itav)) { +\& OSSL_CMP_ITAV_free(itav); /* also frees type and val */ +\& goto err; +\& } +\& +\& ... +\& +\& OSSL_CMP_CTX_free(ctx); /* also frees itav */ +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIOSSL_CMP_CTX_new\fR\|(3), \fIOSSL_CMP_CTX_free\fR\|(3), \fIASN1_TYPE_set\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The OpenSSL \s-1CMP\s0 support was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2007\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/OSSL_CMP_MSG_get0_header.3 b/linux_amd64/ssl/share/man/man3/OSSL_CMP_MSG_get0_header.3 new file mode 100755 index 0000000..3bc08a0 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/OSSL_CMP_MSG_get0_header.3 @@ -0,0 +1,162 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_CMP_MSG_GET0_HEADER 3" +.TH OSSL_CMP_MSG_GET0_HEADER 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_CMP_MSG_get0_header +\&\- function(s) manipulating CMP messages +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +OSSL_CMP_MSG_get0_header returns the header of the given \s-1CMP\s0 message. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1CMP\s0 is defined in \s-1RFC\s0 4210. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fICMP_MSG_get0_header()\fR returns the intended pointer value as described above +or \s-1NULL\s0 if the respective entry does not exist and on error. +.SH "HISTORY" +.IX Header "HISTORY" +The OpenSSL \s-1CMP\s0 support was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2007\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/OSSL_CMP_log_open.3 b/linux_amd64/ssl/share/man/man3/OSSL_CMP_log_open.3 new file mode 100755 index 0000000..0387d25 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/OSSL_CMP_log_open.3 @@ -0,0 +1,245 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_CMP_LOG_OPEN 3" +.TH OSSL_CMP_LOG_OPEN 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_CMP_log_open, +OSSL_CMP_log_close, +OSSL_CMP_severity, +OSSL_CMP_LOG_EMERG, +OSSL_CMP_LOG_ALERT, +OSSL_CMP_LOG_CRIT, +OSSL_CMP_LOG_ERR, +OSSL_CMP_LOG_WARNING, +OSSL_CMP_LOG_NOTICE, +OSSL_CMP_LOG_INFO, +OSSL_CMP_LOG_DEBUG, +OSSL_cmp_log_cb_t, +OSSL_CMP_print_to_bio, +OSSL_CMP_print_errors_cb +\&\- functions for logging and error reporting +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int OSSL_CMP_log_open(void); +\& void OSSL_CMP_log_close(void); +\& +\& /* severity level declarations resemble those from syslog.h */ +\& typedef int OSSL_CMP_severity; +\& #define OSSL_CMP_LOG_EMERG 0 +\& #define OSSL_CMP_LOG_ALERT 1 +\& #define OSSL_CMP_LOG_CRIT 2 +\& #define OSSL_CMP_LOG_ERR 3 +\& #define OSSL_CMP_LOG_WARNING 4 +\& #define OSSL_CMP_LOG_NOTICE 5 +\& #define OSSL_CMP_LOG_INFO 6 +\& #define OSSL_CMP_LOG_DEBUG 7 +\& +\& typedef int (*OSSL_cmp_log_cb_t)(const char *component, +\& const char *file, int line, +\& OSSL_CMP_severity level, const char *msg); +\& int OSSL_CMP_print_to_bio(BIO *bio, const char *component, const char *file, +\& int line, OSSL_CMP_severity level, const char *msg); +\& void OSSL_CMP_print_errors_cb(OSSL_cmp_log_cb_t log_fn); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The logging and error reporting facility described here contains +convenience functions for CMP-specific logging, +including a string prefix mirroring the severity levels of syslog.h, +and enhancements of the error queue mechanism needed for large diagnostic +messages produced by the \s-1CMP\s0 library in case of certificate validation failures. +.PP +When an interesting activity is performed or an error occurs, some detail +should be provided for user information, debugging, and auditing purposes. +A \s-1CMP\s0 application can obtain this information by providing a callback function +with the following type: +.PP +.Vb 3 +\& typedef int (*OSSL_cmp_log_cb_t)(const char *component, +\& const char *file, int line, +\& OSSL_CMP_severity level, const char *msg); +.Ve +.PP +The parameters may provide +some component info (which may be a module name and/or function name) or \s-1NULL\s0, +a file pathname or \s-1NULL\s0, +a line number or 0 indicating the source code location, +a severity level, and +a message string describing the nature of the event, terminated by '\en'. +.PP +Even when an activity is successful some warnings may be useful and some degree +of auditing may be required. Therefore the logging facility supports a severity +level and the callback function has a \fBlevel\fR parameter indicating such a +level, such that error, warning, info, debug, etc. can be treated differently. +The callback is activated only when the severity level is sufficient according +to the current level of verbosity, which by default is \s-1OSSL_CMP_LOG_INFO\s0. +.PP +The callback function may itself do non-trivial tasks like writing to +a log file or remote stream, which in turn may fail. +Therefore the function should return 1 on success and 0 on failure. +.PP +\&\fIOSSL_CMP_log_open()\fR initializes the CMP-specific logging facility to output +everything to \s-1STDOUT\s0. It fails if the integrated tracing is disabled or \s-1STDIO\s0 +is not available. It may be called during application startup. +Alternatively, \fIOSSL_CMP_CTX_set_log_cb\fR\|(3) can be used for more flexibility. +As long as neither if the two is used any logging output is ignored. +.PP +\&\fIOSSL_CMP_log_close()\fR may be called when all activities are finished to flush +any pending CMP-specific log output and deallocate related resources. +It may be called multiple times. It does get called at OpenSSL stutdown. +.PP +\&\fIOSSL_CMP_print_to_bio()\fR prints the given component info, filename, line number, +severity level, and log message or error queue message to the given \fBbio\fR. +\&\fBcomponent\fR usually is a function or module name. +If it is \s-1NULL\s0, empty, or \*(L"(unknown function)\*(R" then \*(L"\s-1CMP\s0\*(R" is used as fallback. +.PP +\&\fIOSSL_CMP_print_errors_cb()\fR outputs any entries in the OpenSSL error queue. +It is similar to \fB\f(BIERR_print_errors_cb()\fB\fR but uses the \s-1CMP\s0 log callback function +\&\f(CW\*(C`log_fn\*(C'\fR for uniformity with \s-1CMP\s0 logging if not \fB\s-1NULL\s0\fR. Otherwise it prints to +\&\s-1STDERR\s0 using \fB\f(BIOSSL_CMP_print_to_bio\fB\|(3)\fR (unless \s-1OPENSSL_NO_STDIO\s0 is defined). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOSSL_CMP_log_close()\fR and \fIOSSL_CMP_print_errors_cb()\fR do not return anything. +.PP +All other functions return 1 on success, 0 on error. +.SH "HISTORY" +.IX Header "HISTORY" +The OpenSSL \s-1CMP\s0 support was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2007\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/OSSL_CMP_validate_msg.3 b/linux_amd64/ssl/share/man/man3/OSSL_CMP_validate_msg.3 new file mode 100755 index 0000000..ec527a4 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/OSSL_CMP_validate_msg.3 @@ -0,0 +1,207 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_CMP_VALIDATE_MSG 3" +.TH OSSL_CMP_VALIDATE_MSG 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_CMP_validate_msg, +OSSL_CMP_validate_cert_path +\&\- functions for verifying CMP message protection +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 4 +\& #include +\& int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg); +\& int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX *ctx, +\& X509_STORE *trusted_store, X509 *cert); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This is the \s-1API\s0 for validating the protection of \s-1CMP\s0 messages, +which includes validating \s-1CMP\s0 message sender certificates and their paths +while optionally checking the revocation status of the certificates(s). +.PP +\&\fIOSSL_CMP_validate_msg()\fR validates the protection of the given \f(CW\*(C`msg\*(C'\fR +using either password-based mac (\s-1PBM\s0) or a signature algorithm. +.PP +In case of signature algorithm, the certificate to use for the signature check +is preferably the one provided by a call to \fIOSSL_CMP_CTX_set1_srvCert\fR\|(3). +If no such sender cert has been pinned then candidate sender certificates are +taken from the list of certificates received in the \f(CW\*(C`msg\*(C'\fR extraCerts, then any +certificates provided before via \fIOSSL_CMP_CTX_set1_untrusted_certs\fR\|(3), and +then all trusted certificates provided via \fIOSSL_CMP_CTX_set0_trustedStore\fR\|(3), +where a candidate is acceptable only if has not expired, its subject \s-1DN\s0 matches +the \f(CW\*(C`msg\*(C'\fR sender \s-1DN\s0 (as far as present), and its subject key identifier +is present and matches the senderKID (as far as the latter present). +Each acceptable cert is tried in the given order to see if the message +signature check succeeds and the cert and its path can be verified +using any trust store set via \fIOSSL_CMP_CTX_set0_trustedStore\fR\|(3). +.PP +If the option \s-1OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR\s0 was set by calling +\&\fIOSSL_CMP_CTX_set_option\fR\|(3), for an Initialization Response (\s-1IP\s0) message +any self-issued certificate from the \f(CW\*(C`msg\*(C'\fR extraCerts field may also be used +as trust anchor for the path verification of an acceptable cert if it can be +used also to validate the issued certificate returned in the \s-1IP\s0 message. This is +according to \s-1TS\s0 33.310 [Network Domain Security (\s-1NDS\s0); Authentication Framework +(\s-1AF\s0)] document specified by the The 3rd Generation Partnership Project (3GPP). +.PP +Any cert that has been found as described above is cached and tried first when +validating the signatures of subsequent messages in the same transaction. +.PP +After successful validation of PBM-based protection of a certificate response +the certificates in the caPubs field (if any) are added to the trusted +certificates provided via \fIOSSL_CMP_CTX_set0_trustedStore\fR\|(3), such that +they are available for validating subsequent messages in the same context. +Those could apply to any Polling Response (pollRep), error, or \s-1PKI\s0 Confirmation +(PKIConf) messages following in the same or future transactions. +.PP +\&\fIOSSL_CMP_validate_cert_path()\fR attempts to validate the given certificate and its +path using the given store of trusted certs (possibly including CRLs and a cert +verification callback) and non-trusted intermediate certs from the \fBctx\fR. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1CMP\s0 is defined in \s-1RFC\s0 4210 (and \s-1CRMF\s0 in \s-1RFC\s0 4211). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOSSL_CMP_validate_msg()\fR and \fIOSSL_CMP_validate_cert_path()\fR +return 1 on success, 0 on error or validation failed. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIOSSL_CMP_CTX_new\fR\|(3), \fIOSSL_CMP_exec_IR_ses\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The OpenSSL \s-1CMP\s0 support was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2007\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 b/linux_amd64/ssl/share/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 new file mode 100755 index 0000000..03fc014 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 @@ -0,0 +1,201 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_CRMF_MSG_GET0_TMPL 3" +.TH OSSL_CRMF_MSG_GET0_TMPL 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_CRMF_MSG_get0_tmpl, +OSSL_CRMF_CERTTEMPLATE_get0_serialNumber, +OSSL_CRMF_CERTTEMPLATE_get0_issuer, +OSSL_CRMF_CERTID_get0_serialNumber, +OSSL_CRMF_CERTID_get0_issuer, +OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert, +OSSL_CRMF_MSG_get_certReqId +\&\- functions reading from CRMF CertReqMsg structures +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm); +\& ASN1_INTEGER +\& *OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(OSSL_CRMF_CERTTEMPLATE *tmpl); +\& X509_NAME *OSSL_CRMF_CERTTEMPLATE_get0_issuer(OSSL_CRMF_CERTTEMPLATE *tmpl); +\& +\& ASN1_INTEGER *OSSL_CRMF_CERTID_get0_serialNumber(const OSSL_CRMF_CERTID *cid); +\& X509_NAME *OSSL_CRMF_CERTID_get0_issuer(const OSSL_CRMF_CERTID *cid); +\& +\& X509 *OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert(OSSL_CRMF_ENCRYPTEDVALUE *ecert, +\& EVP_PKEY *pkey); +\& +\& int OSSL_CRMF_MSG_get_certReqId(OSSL_CRMF_MSG *crm); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIOSSL_CRMF_MSG_get0_tmpl()\fR retrieves the certificate template of \fBcrm\fR. +.PP +\&\fIOSSL_CRMF_CERTTEMPLATE_get0_serialNumber()\fR retrieves the serialNumber of the +given certificate template \fBtmpl\fR. +.PP +\&\fIOSSL_CRMF_CERTTEMPLATE_get0_issuer()\fR retrieves the issuer name of the +given certificate template \fBtmpl\fR. +.PP +OSSL_CRMF_CERTID_get0_serialNumber retrieves the serialNumber +of the given CertId \fBcid\fR. +.PP +OSSL_CRMF_CERTID_get0_issuer retrieves the issuer name +of the given CertId \fBcid\fR, which must be of \s-1ASN\s0.1 type \s-1GEN_DIRNAME\s0. +.PP +\&\fIOSSL_CRMF_ENCRYPTEDVALUE_get1_encCert()\fR decrypts the certificate in the given +encryptedValue \fBecert\fR, using the private key \fBpkey\fR. +This is needed for the indirect PoP method as in \s-1RFC\s0 4210 section 5.2.8.2. +The function returns the decrypted certificate as a copy, leaving its ownership +with the caller, who is responsible for freeing it. +.PP +\&\fIOSSL_CRMF_MSG_get_certReqId()\fR retrieves the certReqId of \fBcrm\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOSSL_CRMF_MSG_get_certReqId()\fR returns the certificate request \s-1ID\s0 as a +non-negative integer or \-1 on error. +.PP +All other functions return a pointer with the intended result or \s-1NULL\s0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fB\s-1RFC\s0 4211\fR +.SH "HISTORY" +.IX Header "HISTORY" +The OpenSSL \s-1CRMF\s0 support was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2007\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 b/linux_amd64/ssl/share/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 new file mode 100755 index 0000000..a208f20 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 @@ -0,0 +1,231 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_CRMF_MSG_SET1_REGCTRL_REGTOKEN 3" +.TH OSSL_CRMF_MSG_SET1_REGCTRL_REGTOKEN 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_CRMF_MSG_set1_regCtrl_regToken, +OSSL_CRMF_MSG_set1_regCtrl_authenticator, +OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo, +OSSL_CRMF_MSG_set0_SinglePubInfo, +OSSL_CRMF_MSG_set_PKIPublicationInfo_action, +OSSL_CRMF_MSG_set1_regCtrl_pkiPublicationInfo, +OSSL_CRMF_MSG_set1_regCtrl_protocolEncrKey, +OSSL_CRMF_MSG_set1_regCtrl_oldCertID, +OSSL_CRMF_CERTID_gen +\&\- functions setting CRMF Registration Controls +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int OSSL_CRMF_MSG_set1_regCtrl_regToken(OSSL_CRMF_MSG *msg, +\& const ASN1_UTF8STRING *tok); +\& int OSSL_CRMF_MSG_set1_regCtrl_authenticator(OSSL_CRMF_MSG *msg, +\& const ASN1_UTF8STRING *auth); +\& int OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo( +\& OSSL_CRMF_PKIPUBLICATIONINFO *pi, +\& OSSL_CRMF_SINGLEPUBINFO *spi); +\& int OSSL_CRMF_MSG_set0_SinglePubInfo(OSSL_CRMF_SINGLEPUBINFO *spi, +\& int method, GENERAL_NAME *nm); +\& int OSSL_CRMF_MSG_set_PKIPublicationInfo_action( +\& OSSL_CRMF_PKIPUBLICATIONINFO *pi, int action); +\& int OSSL_CRMF_MSG_set1_regCtrl_pkiPublicationInfo(OSSL_CRMF_MSG *msg, +\& const OSSL_CRMF_PKIPUBLICATIONINFO *pi); +\& int OSSL_CRMF_MSG_set1_regCtrl_protocolEncrKey(OSSL_CRMF_MSG *msg, +\& const X509_PUBKEY *pubkey); +\& int OSSL_CRMF_MSG_set1_regCtrl_oldCertID(OSSL_CRMF_MSG *msg, +\& const OSSL_CRMF_CERTID *cid); +\& OSSL_CRMF_CERTID *OSSL_CRMF_CERTID_gen(const X509_NAME *issuer, +\& const ASN1_INTEGER *serial); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIOSSL_CRMF_MSG_set1_regCtrl_regToken()\fR sets the regToken control in the given +\&\fBmsg\fR copying the given \fBtok\fR as value. See \s-1RFC\s0 4211, section 6.1. +.PP +\&\fIOSSL_CRMF_MSG_set1_regCtrl_authenticator()\fR sets the authenticator control in +the given \fBmsg\fR copying the given \fBauth\fR as value. See \s-1RFC\s0 4211, section 6.2. +.PP +\&\fIOSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo()\fR pushes the given \fBspi\fR +to \fBsi\fR. Consumes the \fBspi\fR pointer. +.PP +\&\fIOSSL_CRMF_MSG_set0_SinglePubInfo()\fR sets in the given SinglePubInfo \fBspi\fR +the \fBmethod\fR and publication location, in the form of a GeneralName, \fBnm\fR. +The publication location is optional, and therefore \fBnm\fR may be \s-1NULL\s0. +The function consumes the \fBnm\fR pointer if present. +Available methods are: + # define \s-1OSSL_CRMF_PUB_METHOD_DONTCARE\s0 0 + # define \s-1OSSL_CRMF_PUB_METHOD_X500\s0 1 + # define \s-1OSSL_CRMF_PUB_METHOD_WEB\s0 2 + # define \s-1OSSL_CRMF_PUB_METHOD_LDAP\s0 3 +.PP +\&\fIOSSL_CRMF_MSG_set_PKIPublicationInfo_action()\fR sets the action in the given \fBpi\fR +using the given \fBaction\fR as value. See \s-1RFC\s0 4211, section 6.3. +Available actions are: + # define \s-1OSSL_CRMF_PUB_ACTION_DONTPUBLISH\s0 0 + # define \s-1OSSL_CRMF_PUB_ACTION_PLEASEPUBLISH\s0 1 +.PP +\&\fIOSSL_CRMF_MSG_set1_regCtrl_pkiPublicationInfo()\fR sets the pkiPublicationInfo +control in the given \fBmsg\fR copying the given \fBtok\fR as value. See \s-1RFC\s0 4211, +section 6.3. +.PP +\&\fIOSSL_CRMF_MSG_set1_regCtrl_protocolEncrKey()\fR sets the protocolEncrKey control in +the given \fBmsg\fR copying the given \fBpubkey\fR as value. See \s-1RFC\s0 4211 section 6.6. +.PP +\&\fIOSSL_CRMF_MSG_set1_regCtrl_oldCertID()\fR sets the oldCertID control in the given +\&\fBmsg\fR copying the given \fBcid\fR as value. See \s-1RFC\s0 4211, section 6.5. +.PP +OSSL_CRMF_CERTID_gen produces an OSSL_CRMF_CERTID_gen structure copying the +given \fBissuer\fR name and \fBserial\fR number. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +OSSL_CRMF_CERTID_gen returns a pointer to the resulting structure +or \s-1NULL\s0 on error. +.PP +All other functions return 1 on success, 0 on error. +.SH "NOTES" +.IX Header "NOTES" +A function \fIOSSL_CRMF_MSG_set1_regCtrl_pkiArchiveOptions()\fR for setting an +Archive Options Control is not yet implemented due to missing features to +create the needed \s-1OSSL_CRMF_PKIARCHIVEOPTINS\s0 content. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1RFC\s0 4211 +.SH "HISTORY" +.IX Header "HISTORY" +The OpenSSL \s-1CRMF\s0 support was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2007\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 b/linux_amd64/ssl/share/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 new file mode 100755 index 0000000..d10d895 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 @@ -0,0 +1,174 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_CRMF_MSG_SET1_REGINFO_CERTREQ 3" +.TH OSSL_CRMF_MSG_SET1_REGINFO_CERTREQ 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_CRMF_MSG_set1_regInfo_utf8Pairs, +OSSL_CRMF_MSG_set1_regInfo_certReq +\&\- functions setting CRMF Registration Info +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int OSSL_CRMF_MSG_set1_regInfo_utf8Pairs(OSSL_CRMF_MSG *msg, +\& const ASN1_UTF8STRING *utf8pairs); +\& int OSSL_CRMF_MSG_set1_regInfo_certReq(OSSL_CRMF_MSG *msg, +\& const OSSL_CRMF_CERTREQUEST *cr); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIOSSL_CRMF_MSG_set1_regInfo_utf8Pairs()\fR adds a copy of the given \fButf8pairs\fR +value as utf8Pairs regInfo to the given \fBmsg\fR. See \s-1RFC\s0 4211 section 7.1. +.PP +\&\fIOSSL_CRMF_MSG_set1_regInfo_certReq()\fR adds a copy of the given \fBcr\fR value +as certReq regInfo to the given \fBmsg\fR. See \s-1RFC\s0 4211 section 7.2. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All functions return 1 on success, 0 on error. +.SH "NOTES" +.IX Header "NOTES" +Calling these functions multiple times adds multiple instances of the respective +control to the regInfo structure of the given \fBmsg\fR. While \s-1RFC\s0 4211 expects +multiple utf8Pairs in one regInfo structure, it does not allow multiple certReq. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1RFC\s0 4211 +.SH "HISTORY" +.IX Header "HISTORY" +The OpenSSL \s-1CRMF\s0 support was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2007\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/OSSL_CRMF_MSG_set_validity.3 b/linux_amd64/ssl/share/man/man3/OSSL_CRMF_MSG_set_validity.3 new file mode 100755 index 0000000..a560746 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/OSSL_CRMF_MSG_set_validity.3 @@ -0,0 +1,226 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_CRMF_MSG_SET_VALIDITY 3" +.TH OSSL_CRMF_MSG_SET_VALIDITY 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_CRMF_MSG_set_validity, +OSSL_CRMF_MSG_set_certReqId, +OSSL_CRMF_CERTTEMPLATE_fill, +OSSL_CRMF_MSG_set0_extensions, +OSSL_CRMF_MSG_push0_extension, +OSSL_CRMF_MSG_create_popo, +OSSL_CRMF_MSGS_verify_popo +\&\- functions populating and verifying CRMF CertReqMsg structures +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int OSSL_CRMF_MSG_set_validity(OSSL_CRMF_MSG *crm, time_t from, time_t to); +\& +\& int OSSL_CRMF_MSG_set_certReqId(OSSL_CRMF_MSG *crm, int rid); +\& +\& int OSSL_CRMF_CERTTEMPLATE_fill(OSSL_CRMF_CERTTEMPLATE *tmpl, +\& EVP_PKEY *pubkey, +\& const X509_NAME *subject, +\& const X509_NAME *issuer, +\& const ASN1_INTEGER *serial); +\& +\& int OSSL_CRMF_MSG_set0_extensions(OSSL_CRMF_MSG *crm, X509_EXTENSIONS *exts); +\& +\& int OSSL_CRMF_MSG_push0_extension(OSSL_CRMF_MSG *crm, X509_EXTENSION *ext); +\& +\& int OSSL_CRMF_MSG_create_popo(OSSL_CRMF_MSG *crm, EVP_PKEY *pkey, +\& int dgst, int ppmtd); +\& +\& int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs, +\& int rid, int acceptRAVerified); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIOSSL_CRMF_MSG_set_validity()\fR sets \fBfrom\fR as notBefore and \fBto\fR as notAfter +as the validity in the certTemplate of \fBcrm\fR. +.PP +\&\fIOSSL_CRMF_MSG_set_certReqId()\fR sets \fBrid\fR as the certReqId of \fBcrm\fR. +.PP +\&\fIOSSL_CRMF_CERTTEMPLATE_fill()\fR sets those fields of the certTemplate \fBtmpl\fR +for which non-NULL values are provided: \fBpubkey\fR, \fBsubject\fR, \fBissuer\fR, +and/or \fBserial\fR. +On success the reference counter of the \fBpubkey\fR (if given) is incremented, +while the \fBsubject\fR, \fBissuer\fR, and \fBserial\fR structures (if given) are copied. +.PP +\&\fIOSSL_CRMF_MSG_set0_extensions()\fR sets \fBexts\fR as the extensions in the +certTemplate of \fBcrm\fR. Frees any pre-existing ones and consumes \fBexts\fR. +.PP +\&\fIOSSL_CRMF_MSG_push0_extension()\fR pushes the X509 extension \fBext\fR to the +extensions in the certTemplate of \fBcrm\fR. Consumes \fBext\fR. +.PP +\&\fIOSSL_CRMF_MSG_create_popo()\fR creates and sets the Proof-of-Possession (\s-1POPO\s0) +according to the method \fBppmtd\fR in \fBcrm\fR. +In case the method is \s-1OSSL_CRMF_POPO_SIGNATURE\s0 the \s-1POPO\s0 is calculated +using the private \fBpkey\fR and the digest algorithm \s-1NID\s0 \fBdgst\fR. +.PP +\&\fBppmtd\fR can be one of the following: +.IP "\(bu" 8 +\&\s-1OSSL_CRMF_POPO_NONE\s0 \- \s-1RFC\s0 4211, section 4, \s-1POP\s0 field omitted. +\&\s-1CA/RA\s0 uses out-of-band method to verify \s-1POP\s0. Note that servers may fail in this +case, resulting for instance in \s-1HTTP\s0 error code 500 (Internal error). +.IP "\(bu" 8 +\&\s-1OSSL_CRMF_POPO_RAVERIFIED\s0 \- \s-1RFC\s0 4211, section 4, explicit indication +that the \s-1RA\s0 has already verified the \s-1POP\s0. +.IP "\(bu" 8 +\&\s-1OSSL_CRMF_POPO_SIGNATURE\s0 \- \s-1RFC\s0 4211, section 4.1, only case 3 supported +so far. +.IP "\(bu" 8 +\&\s-1OSSL_CRMF_POPO_KEYENC\s0 \- \s-1RFC\s0 4211, section 4.2, only indirect method +(subsequentMessage/enccert) supported, +challenge-response exchange (challengeResp) not yet supported. +.IP "\(bu" 8 +\&\s-1OSSL_CRMF_POPO_KEYAGREE\s0 \- \s-1RFC\s0 4211, section 4.3, not yet supported. +.PP +OSSL_CRMF_MSGS_verify_popo verifies the Proof-of-Possession of the request with +the given \fBrid\fR in the list of \fBreqs\fR. Optionally accepts RAVerified. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All functions return 1 on success, 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1RFC\s0 4211 +.SH "HISTORY" +.IX Header "HISTORY" +The OpenSSL \s-1CRMF\s0 support was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2007\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/OSSL_CRMF_pbmp_new.3 b/linux_amd64/ssl/share/man/man3/OSSL_CRMF_pbmp_new.3 new file mode 100755 index 0000000..9812ec6 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/OSSL_CRMF_pbmp_new.3 @@ -0,0 +1,204 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_CRMF_PBMP_NEW 3" +.TH OSSL_CRMF_PBMP_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_CRMF_pbm_new, +OSSL_CRMF_pbmp_new +\&\- functions for producing Password\-Based MAC (PBM) +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int OSSL_CRMF_pbm_new(const OSSL_CRMF_PBMPARAMETER *pbmp, +\& const unsigned char *msg, size_t msglen, +\& const unsigned char *sec, size_t seclen, +\& unsigned char **mac, size_t *maclen); +\& +\& OSSL_CRMF_PBMPARAMETER *OSSL_CRMF_pbmp_new(size_t saltlen, int owfnid, +\& int itercnt, int macnid); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIOSSL_CRMF_pbm_new()\fR generates a \s-1PBM\s0 (Password-Based \s-1MAC\s0) based on given \s-1PBM\s0 +parameters \fBpbmp\fR, message \fBmsg\fR, and secret \fBsec\fR, along with the respective +lengths \fBmsglen\fR and \fBseclen\fR. On success writes the address of the newly +allocated \s-1MAC\s0 via the \fBmac\fR reference parameter and writes the length via the +\&\fBmaclen\fR reference parameter unless it its \s-1NULL\s0. +.PP +The iteration count must be at least 100, as stipulated by \s-1RFC\s0 4211, and is +limited to at most 100000 to avoid DoS through manipulated or otherwise +malformed input. +.PP +\&\fIOSSL_CRMF_pbmp_new()\fR initializes and returns a new PBMParameter +structure with a new random salt of given length \fBsaltlen\fR, \s-1OWF\s0 (one-way +function) \s-1NID\s0 \fBowfnid\fR, iteration count \fBitercnt\fR, and \s-1MAC\s0 \s-1NID\s0 \fBmacnid\fR. +.SH "NOTES" +.IX Header "NOTES" +The algorithms for the \s-1OWF\s0 (one-way function) and for the \s-1MAC\s0 (message +authentication code) may be any with a \s-1NID\s0 defined in \fBopenssl/objects.h\fR. +As specified by \s-1RFC\s0 4210, these should include NID_hmac_sha1. +.PP +\&\s-1RFC\s0 4210 recommends that the salt \s-1SHOULD\s0 be at least 8 bytes (64 bits) long. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOSSL_CRMF_pbm_new()\fR returns 1 on success, 0 on error. +.PP +\&\fIOSSL_CRMF_pbmp_new()\fR returns a new and initialized \s-1OSSL_CRMF_PBMPARAMETER\s0 +structure, or \s-1NULL\s0 on error. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +.Vb 5 +\& OSSL_CRMF_PBMPARAMETER *pbm = NULL; +\& unsigned char *msg = "Hello"; +\& unsigned char *sec = "SeCrEt"; +\& unsigned char *mac = NULL; +\& size_t maclen; +\& +\& if ((pbm = OSSL_CRMF_pbmp_new(16, NID_sha256, 500, NID_hmac_sha1) == NULL)) +\& goto err; +\& if (!OSSL_CRMF_pbm_new(pbm, msg, 5, sec, 6, &mac, &maclen)) +\& goto err; +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1RFC\s0 4211 section 4.4 +.SH "HISTORY" +.IX Header "HISTORY" +The OpenSSL \s-1CRMF\s0 support was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2007\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/OSSL_HTTP_transfer.3 b/linux_amd64/ssl/share/man/man3/OSSL_HTTP_transfer.3 new file mode 100755 index 0000000..9e77f6a --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/OSSL_HTTP_transfer.3 @@ -0,0 +1,337 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_HTTP_TRANSFER 3" +.TH OSSL_HTTP_TRANSFER 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_HTTP_get, +OSSL_HTTP_get_asn1, +OSSL_HTTP_post_asn1, +OSSL_HTTP_transfer, +OSSL_HTTP_bio_cb_t, +OSSL_HTTP_proxy_connect, +OSSL_HTTP_parse_url +\&\- http client functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef BIO *(*OSSL_HTTP_bio_cb_t)(BIO *bio, void *arg, +\& int connect, int detail); +\& BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *proxy_port, +\& BIO *bio, BIO *rbio, +\& OSSL_HTTP_bio_cb_t bio_update_fn, void *arg, +\& const STACK_OF(CONF_VALUE) *headers, +\& int maxline, unsigned long max_resp_len, int timeout, +\& const char *expected_content_type, int expect_asn1); +\& ASN1_VALUE *OSSL_HTTP_get_asn1(const char *url, +\& const char *proxy, const char *proxy_port, +\& BIO *bio, BIO *rbio, +\& OSSL_HTTP_bio_cb_t bio_update_fn, void *arg, +\& const STACK_OF(CONF_VALUE) *headers, +\& int maxline, unsigned long max_resp_len, +\& int timeout, const char *expected_content_type, +\& const ASN1_ITEM *it); +\& ASN1_VALUE *OSSL_HTTP_post_asn1(const char *server, const char *port, +\& const char *path, int use_ssl, +\& const char *proxy, const char *proxy_port, +\& BIO *bio, BIO *rbio, +\& OSSL_HTTP_bio_cb_t bio_update_fn, void *arg, +\& const STACK_OF(CONF_VALUE) *headers, +\& const char *content_type, +\& ASN1_VALUE *req, const ASN1_ITEM *req_it, +\& int maxline, unsigned long max_resp_len, +\& int timeout, const char *expected_ct, +\& const ASN1_ITEM *rsp_it); +\& BIO *OSSL_HTTP_transfer(const char *server, const char *port, const char *path, +\& int use_ssl, const char *proxy, const char *proxy_port, +\& BIO *bio, BIO *rbio, +\& OSSL_HTTP_bio_cb_t bio_update_fn, void *arg, +\& const STACK_OF(CONF_VALUE) *headers, +\& const char *content_type, BIO *req_mem, +\& int maxline, unsigned long max_resp_len, int timeout, +\& const char *expected_ct, int expect_asn1, +\& char **redirection_url); +\& int OSSL_HTTP_proxy_connect(BIO *bio, const char *server, const char *port, +\& const char *proxyuser, const char *proxypass, +\& int timeout, BIO *bio_err, const char *prog); +\& int OSSL_HTTP_parse_url(const char *url, char **phost, char **pport, +\& char **ppath, int *pssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIOSSL_HTTP_get()\fR uses \s-1HTTP\s0 \s-1GET\s0 to obtain data (of any type) from the given \fBurl\fR +and returns it as a memory \s-1BIO\s0. +.PP +\&\fIOSSL_HTTP_get_asn1()\fR uses \s-1HTTP\s0 \s-1GET\s0 to obtain an \s-1ASN\s0.1\-encoded value +(e.g., an X.509 certificate) with the expected structure specified by \fBit\fR +(e.g., \fIASN1_ITEM_rptr(X509)\fR) from the given \fBurl\fR +and returns it on success as a pointer to \fI\s-1ASN1_VALUE\s0\fR. +.PP +\&\fIOSSL_HTTP_post_asn1()\fR uses the \s-1HTTP\s0 \s-1POST\s0 method to send a request \fBreq\fR +with the \s-1ASN\s0.1 structure defined in \fBreq_it\fR and the given \fBcontent_type\fR to +the given \fBserver\fR and optional \fBport\fR and \fBpath\fR, which defaults to \*(L"/\*(R". +If \fBuse_ssl\fR is nonzero a \s-1TLS\s0 connection is requested and the \fBbio_update_fn\fR +parameter, described below, must be provided. +The optional list \fBheaders\fR may contain additional custom \s-1HTTP\s0 header lines. +The expected structure of the response is specified by \fBrsp_it\fR. +On success it returns the response as a pointer to \fB\s-1ASN1_VALUE\s0\fR. +.PP +\&\fIOSSL_HTTP_transfer()\fR exchanges an \s-1HTTP\s0 request and response with +the given \fBserver\fR and optional \fBport\fR and \fBpath\fR, which defaults to \*(L"/\*(R". +If \fBuse_ssl\fR is nonzero a \s-1TLS\s0 connection is requested and the \fBbio_update_fn\fR +parameter, described below, must be provided. +If \fBreq_mem\fR is \s-1NULL\s0 it uses the \s-1HTTP\s0 \s-1GET\s0 method, else it uses \s-1HTTP\s0 \s-1POST\s0 to +send a request with the contents of the memory \s-1BIO\s0 and optional \fBcontent_type\fR. +The optional list \fBheaders\fR may contain additional custom \s-1HTTP\s0 header lines. +If \fBreq_mem\fR is \s-1NULL\s0 (i.e., the \s-1HTTP\s0 method is \s-1GET\s0) and \fBredirection_url\fR +is not \s-1NULL\s0 the latter pointer is used to provide any new location that +the server may return with \s-1HTTP\s0 code 301 (\s-1MOVED_PERMANENTLY\s0) or 302 (\s-1FOUND\s0). +In this case the caller is responsible for deallocating this \s-1URL\s0 with +\&\fIOPENSSL_free\fR\|(3). +.PP +The above functions have the following parameters in common. +.PP +If the \fBproxy\fR parameter is not \s-1NULL\s0 the \s-1HTTP\s0 client functions connect +via the given proxy and the optionally given \fBproxy_port\fR. +Proxying plain \s-1HTTP\s0 is supported directly, +while using a proxy for \s-1HTTPS\s0 connections requires a suitable callback function +such as \fIOSSL_HTTP_proxy_connect()\fR, described below. +.PP +Typically the \fBbio\fR and \fBrbio\fR parameters are \s-1NULL\s0 and the client creates a +network \s-1BIO\s0 internally for connecting to the given server and port (optionally +via a proxy and its port), and uses it for exchanging the request and response. +If \fBbio\fR is given and \fBrbio\fR is \s-1NULL\s0 then the client uses this \s-1BIO\s0 instead. +If both \fBbio\fR and \fBrbio\fR are given (which may be memory BIOs for instance) +then no explicit connection is attempted, +\&\fBbio\fR is used for writing the request, and \fBrbio\fR for reading the response. +As soon as the client has flushed \fBbio\fR the server must be ready to provide +a response or indicate a waiting condition via \fBrbio\fR. +.PP +The \fBmaxline\fR parameter specifies the response header maximum line length, +where 0 indicates the default value, which currently is 4k. +The \fBmax_resp_len\fR parameter specifies the maximum response length, +where 0 indicates the default value, which currently is 100k. +.PP +An \s-1ASN\s0.1\-encoded response is expected by \fIOSSL_HTTP_get_asn1()\fR and +\&\fIOSSL_HTTP_post_asn1()\fR, while for \fIOSSL_HTTP_get()\fR or \fIOSSL_HTTP_transfer()\fR +this is only the case if the \fBexpect_asn1\fR parameter is nonzero. +If the response header contains one or more Content-Length header lines and/or +an \s-1ASN\s0.1\-encoded response is expected, which should include a total length, +the length indications received are checked for consistency +and for not exceeding the maximum response length. +.PP +If the parameter \fBexpected_content_type\fR (or \fBexpected_ct\fR, respectively) +is not \s-1NULL\s0 then the \s-1HTTP\s0 client checks that the given content type string +is included in the \s-1HTTP\s0 header of the response and returns an error if not. +.PP +If the \fBtimeout\fR parameter is > 0 this indicates the maximum number of seconds +to wait until the transfer is complete. +A value of 0 enables waiting indefinitely, +while a value < 0 immediately leads to a timeout condition. +.PP +The optional parameter \fBbio_update_fn\fR with its optional argument \fBarg\fR may +be used to modify the connection \s-1BIO\s0 used by the \s-1HTTP\s0 client (and cannot be +used when both \fBbio\fR and \fBrbio\fR are given). +\&\fBbio_update_fn\fR is a \s-1BIO\s0 connect/disconnect callback function with prototype +.PP +.Vb 1 +\& BIO *(*OSSL_HTTP_bio_cb_t)(BIO *bio, void *arg, int connect, int detail) +.Ve +.PP +The callback may modify the \s-1HTTP\s0 \s-1BIO\s0 provided in the \fBbio\fR argument, +whereby it may make use of a custom defined argument \fBarg\fR, +which may for instance refer to an \fI\s-1SSL_CTX\s0\fR structure. +During connection establishment, just after calling \fIBIO_connect_retry()\fR, +the function is invoked with the \fBconnect\fR argument being 1 and the \fBdetail\fR +argument being 1 if \s-1HTTPS\s0 is requested, i.e., \s-1SSL/TLS\s0 should be enabled. +On disconnect \fBconnect\fR is 0 and \fBdetail\fR is 1 if no error occurred, else 0. +For instance, on connect the function may prepend a \s-1TLS\s0 \s-1BIO\s0 to implement \s-1HTTPS\s0; +after disconnect it may do some diagnostic output and/or specific cleanup. +The function should return \s-1NULL\s0 to indicate failure. +Here is a simple example that supports \s-1TLS\s0 connections (but not via a proxy): +.PP +.Vb 3 +\& BIO *http_tls_cb(BIO *hbio, void *arg, int connect, int detail) +\& { +\& SSL_CTX *ctx = (SSL_CTX *)arg; +\& +\& if (connect && detail) { /* connecting with TLS */ +\& BIO *sbio = BIO_new_ssl(ctx, 1); +\& hbio = sbio != NULL ? BIO_push(sbio, hbio) : NULL; +\& } else if (!connect && !detail) { /* disconnecting after error */ +\& /* optionally add diagnostics here */ +\& } +\& return hbio; +\& } +.Ve +.PP +After disconnect the modified \s-1BIO\s0 will be deallocated using \fIBIO_free_all()\fR. +.PP +\&\fIOSSL_HTTP_proxy_connect()\fR may be used by an above \s-1BIO\s0 connect callback function +to set up an \s-1SSL/TLS\s0 connection via an \s-1HTTP\s0 proxy. +It promotes the given \s-1BIO\s0 \fBbio\fR representing a connection +pre-established with a \s-1TLS\s0 proxy using the \s-1HTTP\s0 \s-1CONNECT\s0 method, +optionally using proxy client credentials \fBproxyuser\fR and \fBproxypass\fR, +to connect with \s-1TLS\s0 protection ultimately to \fBserver\fR and \fBport\fR. +The \fBtimeout\fR parameter is used as described above. +Since this function is typically called by appplications such as +\&\fIopenssl\-s_client\fR\|(1) it uses the \fBbio_err\fR and \fBprog\fR parameters (unless +\&\s-1NULL\s0) to print additional diagnostic information in a user-oriented way. +.PP +\&\fIOSSL_HTTP_parse_url()\fR parses its input string \fBurl\fR as a \s-1URL\s0 and splits it up +into host, port and path components and a flag whether it begins with 'https'. +The host component may be a \s-1DNS\s0 name or an IPv4 or an IPv6 address. +The port component is optional and defaults to \*(L"443\*(R" for \s-1HTTPS\s0, else \*(L"80\*(R". +The path component is also optional and defaults to \*(L"/\*(R". +As far as the result pointer arguments are not \s-1NULL\s0 it assigns via +them copies of the respective string components. +The strings returned this way must be deallocated by the caller using +\&\fIOPENSSL_free\fR\|(3) unless they are \s-1NULL\s0, which is their default value on error. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOSSL_HTTP_get()\fR, \fIOSSL_HTTP_get_asn1()\fR, \fIOSSL_HTTP_post_asn1()\fR, and +\&\fIOSSL_HTTP_transfer()\fR return on success the data received via \s-1HTTP\s0, else \s-1NULL\s0. +Error conditions include connection/transfer timeout, parse errors, etc. +.PP +\&\fIOSSL_HTTP_proxy_connect()\fR and \fIOSSL_HTTP_parse_url()\fR +return 1 on success, 0 on error. +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIOSSL_HTTP_get()\fR, \fIOSSL_HTTP_get_asn1()\fR, \fIOSSL_HTTP_post_asn1()\fR, +\&\fIOSSL_HTTP_proxy_connect()\fR, and \fIOSSL_HTTP_parse_url()\fR were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/OSSL_PARAM.3 b/linux_amd64/ssl/share/man/man3/OSSL_PARAM.3 new file mode 100755 index 0000000..7b9b133 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/OSSL_PARAM.3 @@ -0,0 +1,421 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_PARAM 3" +.TH OSSL_PARAM 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_PARAM \- a structure to pass or request object parameters +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct ossl_param_st OSSL_PARAM; +\& struct ossl_param_st { +\& const char *key; /* the name of the parameter */ +\& unsigned char data_type; /* declare what kind of content is in data */ +\& void *data; /* value being passed in or out */ +\& size_t data_size; /* data size */ +\& size_t return_size; /* returned size */ +\& }; +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fB\s-1OSSL_PARAM\s0\fR is a type that allows passing arbitrary data for some +object between two parties that have no or very little shared +knowledge about their respective internal structures for that object. +.PP +A typical usage example could be an application that wants to set some +parameters for an object, or wants to find out some parameters of an +object. +.PP +Arrays of this type can be used for the following purposes: +.IP "\(bu" 4 +Setting parameters for some object +.Sp +The caller sets up the \fB\s-1OSSL_PARAM\s0\fR array and calls some function +(the \fIsetter\fR) that has intimate knowledge about the object that can +take the data from the \fB\s-1OSSL_PARAM\s0\fR array and assign them in a +suitable form for the internal structure of the object. +.IP "\(bu" 4 +Request parameters of some object +.Sp +The caller (the \fIrequestor\fR) sets up the \fB\s-1OSSL_PARAM\s0\fR array and +calls some function (the \fIresponder\fR) that has intimate knowledge +about the object, which can take the internal data of the object and +copy (possibly convert) that to the memory prepared by the +\&\fIrequestor\fR and pointed at with the \fB\s-1OSSL_PARAM\s0\fR \fIdata\fR. +.IP "\(bu" 4 +Request parameter descriptors +.Sp +The caller gets an array of constant \fB\s-1OSSL_PARAM\s0\fR, which describe +available parameters and some of their properties; name, data type and +expected data size. +For a detailed description of each field for this use, see the field +descriptions below. +.Sp +The caller may then use the information from this descriptor array to +build up its own \fB\s-1OSSL_PARAM\s0\fR array to pass down to a \fIsetter\fR or +\&\fIresponder\fR. +.PP +Normally, the order of the an \fB\s-1OSSL_PARAM\s0\fR array is not relevant. +However, if the \fIresponder\fR can handle multiple elements with the +same key, those elements must be handled in the order they are in. +.SS "\fB\s-1OSSL_PARAM\s0\fP fields" +.IX Subsection "OSSL_PARAM fields" +.IP "\fIkey\fR" 4 +.IX Item "key" +The identity of the parameter in the form of a string. +.IP "\fIdata_type\fR" 4 +.IX Item "data_type" +The \fIdata_type\fR is a value that describes the type and organization of +the data. +See \*(L"Supported types\*(R" below for a description of the types. +.IP "\fIdata\fR" 4 +.IX Item "data" +.PD 0 +.IP "\fIdata_size\fR" 4 +.IX Item "data_size" +.PD +\&\fIdata\fR is a pointer to the memory where the parameter data is (when +setting parameters) or shall (when requesting parameters) be stored, +and \fIdata_size\fR is its size in bytes. +The organization of the data depends on the parameter type and flag. +.Sp +When \fIrequesting parameters\fR, it's acceptable for \fIdata\fR to be \s-1NULL\s0. +This can be used by the \fIrequestor\fR to figure out dynamically exactly +how much buffer space is needed to store the parameter data. +In this case, \fIdata_size\fR is ignored. +.Sp +When the \fB\s-1OSSL_PARAM\s0\fR is used as a parameter descriptor, \fIdata\fR +should be ignored. +If \fIdata_size\fR is zero, it means that an arbitrary data size is +accepted, otherwise it specifies the maximum size allowed. +.IP "\fIreturn_size\fR" 4 +.IX Item "return_size" +When an array of \fB\s-1OSSL_PARAM\s0\fR is used to request data, the +\&\fIresponder\fR must set this field to indicate size of the parameter +data, including padding as the case may be. +In case the \fIdata_size\fR is an unsuitable size for the data, the +\&\fIresponder\fR must still set this field to indicate the minimum data +size required. +(further notes on this in \*(L"\s-1NOTES\s0\*(R" below). +.Sp +When the \fB\s-1OSSL_PARAM\s0\fR is used as a parameter descriptor, +\&\fIreturn_size\fR should be ignored. +.PP +\&\fB\s-1NOTE:\s0\fR +.PP +The key names and associated types are defined by the entity that +offers these parameters, i.e. names for parameters provided by the +OpenSSL libraries are defined by the libraries, and names for +parameters provided by providers are defined by those providers, +except for the pointer form of strings (see data type descriptions +below). +Entities that want to set or request parameters need to know what +those keys are and of what type, any functionality between those two +entities should remain oblivious and just pass the \fB\s-1OSSL_PARAM\s0\fR array +along. +.SS "Supported types" +.IX Subsection "Supported types" +The \fIdata_type\fR field can be one of the following types: +.IP "\fB\s-1OSSL_PARAM_INTEGER\s0\fR" 4 +.IX Item "OSSL_PARAM_INTEGER" +.PD 0 +.IP "\fB\s-1OSSL_PARAM_UNSIGNED_INTEGER\s0\fR" 4 +.IX Item "OSSL_PARAM_UNSIGNED_INTEGER" +.PD +The parameter data is an integer (signed or unsigned) of arbitrary +length, organized in native form, i.e. most significant byte first on +Big-Endian systems, and least significant byte first on Little-Endian +systems. +.IP "\fB\s-1OSSL_PARAM_REAL\s0\fR" 4 +.IX Item "OSSL_PARAM_REAL" +The parameter data is a floating point value in native form. +.IP "\fB\s-1OSSL_PARAM_UTF8_STRING\s0\fR" 4 +.IX Item "OSSL_PARAM_UTF8_STRING" +The parameter data is a printable string. +.IP "\fB\s-1OSSL_PARAM_OCTET_STRING\s0\fR" 4 +.IX Item "OSSL_PARAM_OCTET_STRING" +The parameter data is an arbitrary string of bytes. +.IP "\fB\s-1OSSL_PARAM_UTF8_PTR\s0\fR" 4 +.IX Item "OSSL_PARAM_UTF8_PTR" +The parameter data is a pointer to a printable string. +.Sp +The difference between this and \fB\s-1OSSL_PARAM_UTF8_STRING\s0\fR is that \fIdata\fR +doesn't point directly at the data, but to a pointer that points to the data. +.Sp +This is used to indicate that constant data is or will be passed, +and there is therefore no need to copy the data that is passed, just +the pointer to it. +.Sp +\&\fIdata_size\fR must be set to the size of the data, not the size of the +pointer to the data. +If this is used in a parameter request, +\&\fIdata_size\fR is not relevant. However, the \fIresponder\fR will set +\&\fIreturn_size\fR to the size of the data. +.Sp +Note that the use of this type is \fBfragile\fR and can only be safely +used for data that remains constant and in a constant location for a +long enough duration (such as the life-time of the entity that +offers these parameters). +.IP "\fB\s-1OSSL_PARAM_OCTET_PTR\s0\fR" 4 +.IX Item "OSSL_PARAM_OCTET_PTR" +The parameter data is a pointer to an arbitrary string of bytes. +.Sp +The difference between this and \fB\s-1OSSL_PARAM_OCTET_STRING\s0\fR is that +\&\fIdata\fR doesn't point directly at the data, but to a pointer that +points to the data. +.Sp +This is used to indicate that constant data is or will be passed, and +there is therefore no need to copy the data that is passed, just the +pointer to it. +.Sp +\&\fIdata_size\fR must be set to the size of the data, not the size of the +pointer to the data. +If this is used in a parameter request, +\&\fIdata_size\fR is not relevant. However, the \fIresponder\fR will set +\&\fIreturn_size\fR to the size of the data. +.Sp +Note that the use of this type is \fBfragile\fR and can only be safely +used for data that remains constant and in a constant location for a +long enough duration (such as the life-time of the entity that +offers these parameters). +.SH "NOTES" +.IX Header "NOTES" +Both when setting and requesting parameters, the functions that are +called will have to decide what is and what is not an error. +The recommended behaviour is: +.IP "\(bu" 4 +Keys that a \fIsetter\fR or \fIresponder\fR doesn't recognise should simply +be ignored. +That in itself isn't an error. +.IP "\(bu" 4 +If the keys that a called \fIsetter\fR recognises form a consistent +enough set of data, that call should succeed. +.IP "\(bu" 4 +Apart from the \fIreturn_size\fR, a \fIresponder\fR must never change the fields +of an \fB\s-1OSSL_PARAM\s0\fR. +To return a value, it should change the contents of the memory that +\&\fIdata\fR points at. +.IP "\(bu" 4 +If the data type for a key that it's associated with is incorrect, +the called function may return an error. +.Sp +The called function may also try to convert the data to a suitable +form (for example, it's plausible to pass a large number as an octet +string, so even though a given key is defined as an +\&\fB\s-1OSSL_PARAM_UNSIGNED_INTEGER\s0\fR, is plausible to pass the value as an +\&\fB\s-1OSSL_PARAM_OCTET_STRING\s0\fR), but this is in no way mandatory. +.IP "\(bu" 4 +If a \fIresponder\fR finds that some data sizes are too small for the +requested data, it must set \fIreturn_size\fR for each such +\&\fB\s-1OSSL_PARAM\s0\fR item to the minimum required size, and eventually return +an error. +.IP "\(bu" 4 +For the integer type parameters (\fB\s-1OSSL_PARAM_UNSIGNED_INTEGER\s0\fR and +\&\fB\s-1OSSL_PARAM_INTEGER\s0\fR), a \fIresponder\fR may choose to return an error +if the \fIdata_size\fR isn't a suitable size (even if \fIdata_size\fR is +bigger than needed). If the \fIresponder\fR finds the size suitable, it +must fill all \fIdata_size\fR bytes and ensure correct padding for the +native endianness, and set \fIreturn_size\fR to the same value as +\&\fIdata_size\fR. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +A couple of examples to just show how \fB\s-1OSSL_PARAM\s0\fR arrays could be +set up. +.PP +\fIExample 1\fR +.IX Subsection "Example 1" +.PP +This example is for setting parameters on some object: +.PP +.Vb 1 +\& #include +\& +\& const char *foo = "some string"; +\& size_t foo_l = strlen(foo) + 1; +\& const char bar[] = "some other string"; +\& OSSL_PARAM set[] = { +\& { "foo", OSSL_PARAM_UTF8_STRING_PTR, &foo, foo_l, 0 }, +\& { "bar", OSSL_PARAM_UTF8_STRING, &bar, sizeof(bar), 0 }, +\& { NULL, 0, NULL, 0, NULL } +\& }; +.Ve +.PP +\fIExample 2\fR +.IX Subsection "Example 2" +.PP +This example is for requesting parameters on some object: +.PP +.Vb 9 +\& const char *foo = NULL; +\& size_t foo_l; +\& char bar[1024]; +\& size_t bar_l; +\& OSSL_PARAM request[] = { +\& { "foo", OSSL_PARAM_UTF8_STRING_PTR, &foo, 0 /*irrelevant*/, 0 }, +\& { "bar", OSSL_PARAM_UTF8_STRING, &bar, sizeof(bar), 0 }, +\& { NULL, 0, NULL, 0, NULL } +\& }; +.Ve +.PP +A \fIresponder\fR that receives this array (as \fIparams\fR in this example) +could fill in the parameters like this: +.PP +.Vb 1 +\& /* OSSL_PARAM *params */ +\& +\& int i; +\& +\& for (i = 0; params[i].key != NULL; i++) { +\& if (strcmp(params[i].key, "foo") == 0) { +\& *(char **)params[i].data = "foo value"; +\& params[i].return_size = 10; /* size of "foo value" */ +\& } else if (strcmp(params[i].key, "bar") == 0) { +\& memcpy(params[i].data, "bar value", 10); +\& params[i].return_size = 10; /* size of "bar value" */ +\& } +\& /* Ignore stuff we don\*(Aqt know */ +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\-core.h\fR\|(7), \fIOSSL_PARAM_get_int\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fB\s-1OSSL_PARAM\s0\fR was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/OSSL_PARAM_allocate_from_text.3 b/linux_amd64/ssl/share/man/man3/OSSL_PARAM_allocate_from_text.3 new file mode 100755 index 0000000..b661c20 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/OSSL_PARAM_allocate_from_text.3 @@ -0,0 +1,286 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_PARAM_ALLOCATE_FROM_TEXT 3" +.TH OSSL_PARAM_ALLOCATE_FROM_TEXT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_PARAM_allocate_from_text +\&\- OSSL_PARAM construction utilities +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int OSSL_PARAM_allocate_from_text(OSSL_PARAM *to, +\& const OSSL_PARAM *paramdefs, +\& const char *key, const char *value, +\& size_t value_n, +\& int *found); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +With OpenSSL before version 3.0, parameters were passed down to or +retrieved from algorithm implementations via control functions. +Some of these control functions existed in variants that took string +parameters, for example \fIEVP_PKEY_CTX_ctrl_str\fR\|(3). +.PP +OpenSSL 3.0 introduces a new mechanism to do the same thing with an +array of parameters that contain name, value, value type and value +size (see \s-1\fIOSSL_PARAM\s0\fR\|(3) for more information). +.PP +\&\fIOSSL_PARAM_allocate_from_text()\fR takes a control \fIkey\fR, \fIvalue\fR and +value size \fIvalue_n\fR, and given a parameter descriptor array +\&\fIparamdefs\fR, it converts the value to something suitable for +\&\s-1\fIOSSL_PARAM\s0\fR\|(3) and stores that in the buffer \fIbuf\fR, and modifies +the parameter \fIto\fR to match. +\&\fIbuf_n\fR, if not \s-1NULL\s0, will be assigned the number of bytes used in +\&\fIbuf\fR. +If \fIbuf\fR is \s-1NULL\s0, only \fIbuf_n\fR will be modified, everything else is +left untouched, allowing a caller to find out how large the buffer +should be. +\&\fIbuf\fR needs to be correctly aligned for the type of the \fB\s-1OSSL_PARAM\s0\fR +\&\fIkey\fR. +If is not \s-1NULL\s0, it is set to 1 if the parameter can be located and +to 0 otherwise. +.PP +The caller must remember to free the data of \fIto\fR when it's not +useful any more. +.PP +For parameters having the type \fB\s-1OSSL_PARAM_INTEGER\s0\fR, +\&\fB\s-1OSSL_PARAM_UNSIGNED_INTEGER\s0\fR, or \fB\s-1OSSL_PARAM_OCTET_STRING\s0\fR, both +functions will interpret the \fIvalue\fR differently if the key starts +with \*(L"hex\*(R". +In that case, the value is decoded first, and the result will be used +as parameter value. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOSSL_PARAM_allocate_from_text()\fR returns 1 on success, and 0 on error. +.SH "NOTES" +.IX Header "NOTES" +The parameter descriptor array comes from functions dedicated to +return them. +The following \fB\s-1OSSL_PARAM\s0\fR attributes are used: +.IP "\fIkey\fR" 4 +.IX Item "key" +.PD 0 +.IP "\fIdata\fR" 4 +.IX Item "data" +.IP "\fIdata_size\fR" 4 +.IX Item "data_size" +.PD +.PP +All other attributes are ignored. +.PP +The \fIdata_size\fR attribute can be zero, meaning that the parameter it +describes expects arbitrary length data. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Code that looked like this: +.PP +.Vb 4 +\& int mac_ctrl_string(EVP_PKEY_CTX *ctx, const char *value) +\& { +\& int rv; +\& char *stmp, *vtmp = NULL; +\& +\& stmp = OPENSSL_strdup(value); +\& if (stmp == NULL) +\& return \-1; +\& vtmp = strchr(stmp, \*(Aq:\*(Aq); +\& if (vtmp != NULL) +\& *vtmp++ = \*(Aq\e0\*(Aq; +\& rv = EVP_MAC_ctrl_str(ctx, stmp, vtmp); +\& OPENSSL_free(stmp); +\& return rv; +\& } +\& +\& ... +\& +\& +\& for (i = 0; i < sk_OPENSSL_STRING_num(macopts); i++) { +\& char *macopt = sk_OPENSSL_STRING_value(macopts, i); +\& +\& if (pkey_ctrl_string(mac_ctx, macopt) <= 0) { +\& BIO_printf(bio_err, +\& "MAC parameter error \e"%s\e"\en", macopt); +\& ERR_print_errors(bio_err); +\& goto mac_end; +\& } +\& } +.Ve +.PP +Can be written like this instead: +.PP +.Vb 6 +\& OSSL_PARAM *params = +\& OPENSSL_zalloc(sizeof(*params) +\& * (sk_OPENSSL_STRING_num(opts) + 1)); +\& const OSSL_PARAM *paramdefs = EVP_MAC_settable_ctx_params(mac); +\& size_t params_n; +\& char *opt = ""; +\& +\& for (params_n = 0; params_n < (size_t)sk_OPENSSL_STRING_num(opts); +\& params_n++) { +\& char *stmp, *vtmp = NULL; +\& +\& opt = sk_OPENSSL_STRING_value(opts, (int)params_n); +\& if ((stmp = OPENSSL_strdup(opt)) == NULL +\& || (vtmp = strchr(stmp, \*(Aq:\*(Aq)) == NULL) +\& goto err; +\& +\& *vtmp++ = \*(Aq\e0\*(Aq; +\& if (!OSSL_PARAM_allocate_from_text(¶ms[params_n], +\& paramdefs, stmp, +\& vtmp, strlen(vtmp), NULL)) +\& goto err; +\& } +\& params[params_n] = OSSL_PARAM_construct_end(); +\& if (!EVP_MAC_CTX_set_params(ctx, params)) +\& goto err; +\& while (params_n\-\- > 0) +\& OPENSSL_free(params[params_n].data); +\& OPENSSL_free(params); +\& /* ... */ +\& return; +\& +\& err: +\& BIO_printf(bio_err, "MAC parameter error \*(Aq%s\*(Aq\en", opt); +\& ERR_print_errors(bio_err); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fIOSSL_PARAM\s0\fR\|(3), \fIOSSL_PARAM_int\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/OSSL_PARAM_int.3 b/linux_amd64/ssl/share/man/man3/OSSL_PARAM_int.3 new file mode 100755 index 0000000..fbf2564 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/OSSL_PARAM_int.3 @@ -0,0 +1,444 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_PARAM_INT 3" +.TH OSSL_PARAM_INT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_PARAM_double, OSSL_PARAM_int, OSSL_PARAM_int32, OSSL_PARAM_int64, +OSSL_PARAM_long, OSSL_PARAM_size_t, OSSL_PARAM_uint, OSSL_PARAM_uint32, +OSSL_PARAM_uint64, OSSL_PARAM_ulong, OSSL_PARAM_BN, OSSL_PARAM_utf8_string, +OSSL_PARAM_octet_string, OSSL_PARAM_utf8_ptr, OSSL_PARAM_octet_ptr, +OSSL_PARAM_END, +OSSL_PARAM_construct_double, OSSL_PARAM_construct_int, +OSSL_PARAM_construct_int32, OSSL_PARAM_construct_int64, +OSSL_PARAM_construct_long, OSSL_PARAM_construct_size_t, +OSSL_PARAM_construct_uint, OSSL_PARAM_construct_uint32, +OSSL_PARAM_construct_uint64, OSSL_PARAM_construct_ulong, +OSSL_PARAM_construct_BN, OSSL_PARAM_construct_utf8_string, +OSSL_PARAM_construct_utf8_ptr, OSSL_PARAM_construct_octet_string, +OSSL_PARAM_construct_octet_ptr, OSSL_PARAM_construct_end, +OSSL_PARAM_locate, OSSL_PARAM_locate_const, +OSSL_PARAM_get_double, OSSL_PARAM_get_int, OSSL_PARAM_get_int32, +OSSL_PARAM_get_int64, OSSL_PARAM_get_long, OSSL_PARAM_get_size_t, +OSSL_PARAM_get_uint, OSSL_PARAM_get_uint32, OSSL_PARAM_get_uint64, +OSSL_PARAM_get_ulong, OSSL_PARAM_get_BN, OSSL_PARAM_get_utf8_string, +OSSL_PARAM_get_octet_string, OSSL_PARAM_get_utf8_ptr, +OSSL_PARAM_get_octet_ptr, +OSSL_PARAM_set_double, OSSL_PARAM_set_int, OSSL_PARAM_set_int32, +OSSL_PARAM_set_int64, OSSL_PARAM_set_long, OSSL_PARAM_set_size_t, +OSSL_PARAM_set_uint, OSSL_PARAM_set_uint32, OSSL_PARAM_set_uint64, +OSSL_PARAM_set_ulong, OSSL_PARAM_set_BN, OSSL_PARAM_set_utf8_string, +OSSL_PARAM_set_octet_string, OSSL_PARAM_set_utf8_ptr, +OSSL_PARAM_set_octet_ptr +\&\- OSSL_PARAM helpers +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& /* +\& * TYPE in function names is one of: +\& * double, int, int32, int64, long, size_t, uint, uint32, uint64, ulong +\& * Corresponding TYPE in function arguments is one of: +\& * double, int, int32_t, int64_t, long, size_t, unsigned int, uint32_t, +\& * uint64_t, unsigned long +\& */ +\& +\& #define OSSL_PARAM_TYPE(key, address) +\& #define OSSL_PARAM_BN(key, address, size) +\& #define OSSL_PARAM_utf8_string(key, address, size) +\& #define OSSL_PARAM_octet_string(key, address, size) +\& #define OSSL_PARAM_utf8_ptr(key, address, size) +\& #define OSSL_PARAM_octet_ptr(key, address, size) +\& #define OSSL_PARAM_END +\& +\& OSSL_PARAM OSSL_PARAM_construct_TYPE(const char *key, TYPE *buf); +\& OSSL_PARAM OSSL_PARAM_construct_BN(const char *key, unsigned char *buf, +\& size_t bsize); +\& OSSL_PARAM OSSL_PARAM_construct_utf8_string(const char *key, char *buf, +\& size_t bsize); +\& OSSL_PARAM OSSL_PARAM_construct_octet_string(const char *key, void *buf, +\& size_t bsize); +\& OSSL_PARAM OSSL_PARAM_construct_utf8_ptr(const char *key, char **buf, +\& size_t bsize); +\& OSSL_PARAM OSSL_PARAM_construct_octet_ptr(const char *key, void **buf, +\& size_t bsize); +\& OSSL_PARAM OSSL_PARAM_construct_end(void); +\& +\& OSSL_PARAM *OSSL_PARAM_locate(OSSL_PARAM *array, const char *key); +\& const OSSL_PARAM *OSSL_PARAM_locate_const(const OSSL_PARAM *array, +\& const char *key); +\& +\& int OSSL_PARAM_get_TYPE(const OSSL_PARAM *p, TYPE *val); +\& int OSSL_PARAM_set_TYPE(OSSL_PARAM *p, TYPE val); +\& +\& int OSSL_PARAM_get_BN(const OSSL_PARAM *p, BIGNUM **val); +\& int OSSL_PARAM_set_BN(OSSL_PARAM *p, const BIGNUM *val); +\& +\& int OSSL_PARAM_get_utf8_string(const OSSL_PARAM *p, char **val, +\& size_t max_len); +\& int OSSL_PARAM_set_utf8_string(OSSL_PARAM *p, const char *val); +\& +\& int OSSL_PARAM_get_octet_string(const OSSL_PARAM *p, void **val, +\& size_t max_len, size_t *used_len); +\& int OSSL_PARAM_set_octet_string(OSSL_PARAM *p, const void *val, size_t len); +\& +\& int OSSL_PARAM_get_utf8_ptr(const OSSL_PARAM *p, const char **val); +\& int OSSL_PARAM_set_utf8_ptr(OSSL_PARAM *p, const char *val); +\& +\& int OSSL_PARAM_get_octet_ptr(const OSSL_PARAM *p, const void **val, +\& size_t *used_len); +\& int OSSL_PARAM_set_octet_ptr(OSSL_PARAM *p, const void *val, +\& size_t used_len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A collection of utility functions that simplify and add type safety to the +\&\s-1OSSL_PARAM\s0 arrays. The following \fB\s-1TYPE\s0\fR names are supported: +.IP "\(bu" 1 +double +.IP "\(bu" 1 +int +.IP "\(bu" 1 +int32 (int32_t) +.IP "\(bu" 1 +int64 (int64_t) +.IP "\(bu" 1 +long int (long) +.IP "\(bu" 1 +size_t +.IP "\(bu" 1 +uint32 (uint32_t) +.IP "\(bu" 1 +uint64 (uint64_t) +.IP "\(bu" 1 +unsigned int (uint) +.IP "\(bu" 1 +unsigned long int (ulong) +.PP +\&\s-1\fIOSSL_PARAM_TYPE\s0()\fR are a series of macros designed to assist initialising an +array of \s-1OSSL_PARAM\s0 structures. +Each of these macros defines a parameter of the specified \fB\s-1TYPE\s0\fR with the +provided \fBkey\fR and parameter variable \fBaddress\fR. +.PP +\&\fIOSSL_PARAM_utf8_string()\fR, \fIOSSL_PARAM_octet_string()\fR, \fIOSSL_PARAM_utf8_ptr()\fR, +\&\fIOSSL_PARAM_octet_ptr()\fR, \s-1\fIOSSL_PARAM_BN\s0()\fR are macros that provide support +for defining \s-1UTF8\s0 strings, \s-1OCTET\s0 strings and big numbers. +A parameter with name \fBkey\fR is defined. +The storage for this parameter is at \fBaddress\fR and is of \fBsize\fR bytes. +.PP +\&\s-1OSSL_PARAM_END\s0 provides an end of parameter list marker. +This should terminate all \s-1OSSL_PARAM\s0 arrays. +.PP +\&\fIOSSL_PARAM_construct_TYPE()\fR are a series of functions that create \s-1OSSL_PARAM\s0 +records dynamically. +A parameter with name \fBkey\fR is created. +The parameter will use storage pointed to by \fBbuf\fR and return size of \fBret\fR. +.PP +\&\fIOSSL_PARAM_construct_BN()\fR is a function that constructs a large integer +\&\s-1OSSL_PARAM\s0 structure. +A parameter with name \fBkey\fR, storage \fBbuf\fR, size \fBbsize\fR and return +size \fBrsize\fR is created. +.PP +\&\fIOSSL_PARAM_construct_utf8_string()\fR is a function that constructs a \s-1UTF8\s0 +string \s-1OSSL_PARAM\s0 structure. +A parameter with name \fBkey\fR, storage \fBbuf\fR and size \fBbsize\fR is created. +If \fBbsize\fR is zero, the string length is determined using \fIstrlen\fR\|(3) + 1 for the +null termination byte. +Generally pass zero for \fBbsize\fR instead of calling \fIstrlen\fR\|(3) yourself. +.PP +\&\fIOSSL_PARAM_construct_octet_string()\fR is a function that constructs an \s-1OCTET\s0 +string \s-1OSSL_PARAM\s0 structure. +A parameter with name \fBkey\fR, storage \fBbuf\fR and size \fBbsize\fR is created. +.PP +\&\fIOSSL_PARAM_construct_utf8_ptr()\fR is a function that constructes a \s-1UTF\s0 string +pointer \s-1OSSL_PARAM\s0 structure. +A parameter with name \fBkey\fR, storage pointer \fB*buf\fR and size \fBbsize\fR +is created. +.PP +\&\fIOSSL_PARAM_construct_octet_ptr()\fR is a function that constructes an \s-1OCTET\s0 string +pointer \s-1OSSL_PARAM\s0 structure. +A parameter with name \fBkey\fR, storage pointer \fB*buf\fR and size \fBbsize\fR +is created. +.PP +\&\fIOSSL_PARAM_construct_end()\fR is a function that constructs the terminating +\&\s-1OSSL_PARAM\s0 structure. +.PP +\&\fIOSSL_PARAM_locate()\fR is a function that searches an \fBarray\fR of parameters for +the one matching the \fBkey\fR name. +.PP +\&\fIOSSL_PARAM_locate_const()\fR behaves exactly like \fIOSSL_PARAM_locate()\fR except for +the presence of \fIconst\fR for the \fBarray\fR argument and its return value. +.PP +\&\fIOSSL_PARAM_get_TYPE()\fR retrieves a value of type \fB\s-1TYPE\s0\fR from the parameter \fBp\fR. +The value is copied to the address \fBval\fR. +Type coercion takes place as discussed in the \s-1NOTES\s0 section. +.PP +\&\fIOSSL_PARAM_set_TYPE()\fR stores a value \fBval\fR of type \fB\s-1TYPE\s0\fR into the parameter +\&\fBp\fR. +If the parameter's \fIdata\fR field is \s-1NULL\s0, then only its \fIreturn_size\fR field +will be assigned the size the parameter's \fIdata\fR buffer should have. +Type coercion takes place as discussed in the \s-1NOTES\s0 section. +.PP +\&\fIOSSL_PARAM_get_BN()\fR retrieves a \s-1BIGNUM\s0 from the parameter pointed to by \fBp\fR. +The \s-1BIGNUM\s0 referenced by \fBval\fR is updated and is allocated if \fB*val\fR is +\&\fB\s-1NULL\s0\fR. +.PP +\&\fIOSSL_PARAM_set_BN()\fR stores the \s-1BIGNUM\s0 \fBval\fR into the parameter \fBp\fR. +If the parameter's \fIdata\fR field is \s-1NULL\s0, then only its \fIreturn_size\fR field +will be assigned the size the parameter's \fIdata\fR buffer should have. +.PP +\&\fIOSSL_PARAM_get_utf8_string()\fR retrieves a \s-1UTF8\s0 string from the parameter +pointed to by \fBp\fR. +The string is either stored into \fB*val\fR with a length limit of \fBmax_len\fR or, +in the case when \fB*val\fR is \fB\s-1NULL\s0\fR, memory is allocated for the string and +\&\fBmax_len\fR is ignored. +If memory is allocated by this function, it must be freed by the caller. +.PP +\&\fIOSSL_PARAM_set_utf8_string()\fR sets a \s-1UTF8\s0 string from the parameter pointed to +by \fBp\fR to the value referenced by \fBval\fR. +If the parameter's \fIdata\fR field is \s-1NULL\s0, then only its \fIreturn_size\fR field +will be assigned the size the parameter's \fIdata\fR buffer should have. +.PP +\&\fIOSSL_PARAM_get_octet_string()\fR retrieves an \s-1OCTET\s0 string from the parameter +pointed to by \fBp\fR. +The OCTETs are either stored into \fB*val\fR with a length limit of \fBmax_len\fR or, +in the case when \fB*val\fR is \fB\s-1NULL\s0\fR, memory is allocated and +\&\fBmax_len\fR is ignored. +If memory is allocated by this function, it must be freed by the caller. +.PP +\&\fIOSSL_PARAM_set_octet_string()\fR sets an \s-1OCTET\s0 string from the parameter +pointed to by \fBp\fR to the value referenced by \fBval\fR. +If the parameter's \fIdata\fR field is \s-1NULL\s0, then only its \fIreturn_size\fR field +will be assigned the size the parameter's \fIdata\fR buffer should have. +.PP +\&\fIOSSL_PARAM_get_utf8_ptr()\fR retrieves the \s-1UTF8\s0 string pointer from the parameter +referenced by \fBp\fR and stores it in \fB*val\fR. +.PP +\&\fIOSSL_PARAM_set_utf8_ptr()\fR sets the \s-1UTF8\s0 string pointer in the parameter +referenced by \fBp\fR to the values \fBval\fR. +.PP +\&\fIOSSL_PARAM_get_octet_ptr()\fR retrieves the \s-1OCTET\s0 string pointer from the parameter +referenced by \fBp\fR and stores it in \fB*val\fR. +The length of the \s-1OCTET\s0 string is stored in \fB*used_len\fR. +.PP +\&\fIOSSL_PARAM_set_octet_ptr()\fR sets the \s-1OCTET\s0 string pointer in the parameter +referenced by \fBp\fR to the values \fBval\fR. +The length of the \s-1OCTET\s0 string is provided by \fBused_len\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOSSL_PARAM_construct_TYPE()\fR, \fIOSSL_PARAM_construct_BN()\fR, +\&\fIOSSL_PARAM_construct_utf8_string()\fR, \fIOSSL_PARAM_construct_octet_string()\fR, +\&\fIOSSL_PARAM_construct_utf8_ptr()\fR and \fIOSSL_PARAM_construct_octet_ptr()\fR +return a populated \s-1OSSL_PARAM\s0 structure. +.PP +\&\fIOSSL_PARAM_locate()\fR and \fIOSSL_PARAM_locate_const()\fR return a pointer to +the matching \s-1OSSL_PARAM\s0 object. They return \fB\s-1NULL\s0\fR on error or when +no object matching \fBkey\fR exists in the \fBarray\fR. +.PP +All other functions return \fB1\fR on success and \fB0\fR on failure. +.SH "NOTES" +.IX Header "NOTES" +Native types will be converted as required only if the value is exactly +representable by the target type or parameter. +Apart from that, the functions must be used appropriately for the +expected type of the parameter. +.PP +For \fIOSSL_PARAM_construct_utf8_ptr()\fR and \fIOSSL_PARAM_consstruct_octet_ptr()\fR, +\&\fBbsize\fR is not relevant if the purpose is to send the \fB\s-1OSSL_PARAM\s0\fR array +to a \fIresponder\fR, i.e. to get parameter data back. +In that case, \fBbsize\fR can safely be given zero. +See \*(L"\s-1DESCRIPTION\s0\*(R" in \s-1\fIOSSL_PARAM\s0\fR\|(3) for further information on the +possible purposes. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Reusing the examples from \s-1\fIOSSL_PARAM\s0\fR\|(3) to just show how +\&\f(CW\*(C`OSSL_PARAM\*(C'\fR arrays can be handled using the macros and functions +defined herein. +.SS "Example 1" +.IX Subsection "Example 1" +This example is for setting parameters on some object: +.PP +.Vb 1 +\& #include +\& +\& const char *foo = "some string"; +\& size_t foo_l = strlen(foo) + 1; +\& const char bar[] = "some other string"; +\& const OSSL_PARAM set[] = { +\& OSSL_PARAM_utf8_ptr("foo", foo, foo_l), +\& OSSL_PARAM_utf8_string("bar", bar, sizeof(bar)), +\& OSSL_PARAM_END +\& }; +.Ve +.SS "Example 2" +.IX Subsection "Example 2" +This example is for requesting parameters on some object, and also +demonstrates that the requestor isn't obligated to request all +available parameters: +.PP +.Vb 7 +\& const char *foo = NULL; +\& char bar[1024]; +\& OSSL_PARAM request[] = { +\& OSSL_PARAM_utf8_ptr("foo", foo, 0), +\& OSSL_PARAM_utf8_string("bar", bar, sizeof(bar)), +\& OSSL_PARAM_END +\& }; +.Ve +.PP +A \fIresponder\fR that receives this array (as \f(CW\*(C`params\*(C'\fR in this example) +could fill in the parameters like this: +.PP +.Vb 1 +\& /* OSSL_PARAM *params */ +\& +\& OSSL_PARAM *p; +\& +\& if ((p = OSSL_PARAM_locate(params, "foo")) == NULL) +\& OSSL_PARAM_set_utf8_ptr(p, "foo value"); +\& if ((p = OSSL_PARAM_locate(params, "bar")) == NULL) +\& OSSL_PARAM_set_utf8_ptr(p, "bar value"); +\& if ((p = OSSL_PARAM_locate(params, "cookie")) == NULL) +\& OSSL_PARAM_set_utf8_ptr(p, "cookie value"); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\-core.h\fR\|(7), \s-1\fIOSSL_PARAM\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These APIs were introduced in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/OSSL_PROVIDER.3 b/linux_amd64/ssl/share/man/man3/OSSL_PROVIDER.3 new file mode 100755 index 0000000..2f5f92c --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/OSSL_PROVIDER.3 @@ -0,0 +1,246 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_PROVIDER 3" +.TH OSSL_PROVIDER 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_PROVIDER, OSSL_PROVIDER_load, OSSL_PROVIDER_unload, +OSSL_PROVIDER_available, +OSSL_PROVIDER_gettable_params, OSSL_PROVIDER_get_params, +OSSL_PROVIDER_add_builtin, OSSL_PROVIDER_name \- provider routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct ossl_provider_st OSSL_PROVIDER; +\& +\& OSSL_PROVIDER *OSSL_PROVIDER_load(OPENSSL_CTX *libctx, const char *name); +\& int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov); +\& int OSSL_PROVIDER_available(OPENSSL_CTX *libctx, const char *name); +\& +\& const OSSL_PARAM *OSSL_PROVIDER_gettable_params(OSSL_PROVIDER *prov); +\& int OSSL_PROVIDER_get_params(OSSL_PROVIDER *prov, OSSL_PARAM params[]); +\& +\& int OSSL_PROVIDER_add_builtin(OPENSSL_CTX *libctx, const char *name, +\& ossl_provider_init_fn *init_fn); +\& +\& const char *OSSL_PROVIDER_name(const OSSL_PROVIDER *prov); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fB\s-1OSSL_PROVIDER\s0\fR is a type that holds internal information about +implementation providers (see \fIprovider\fR\|(7) for information on what a +provider is). +A provider can be built in to the application or the OpenSSL +libraries, or can be a loadable module. +The functions described here handle both forms. +.PP +Some of these functions operate within a library context, please see +\&\s-1\fIOPENSSL_CTX\s0\fR\|(3) for further details. +.SS "Functions" +.IX Subsection "Functions" +\&\fIOSSL_PROVIDER_add_builtin()\fR is used to add a built in provider to +\&\fB\s-1OSSL_PROVIDER\s0\fR store in the given library context, by associating a +provider name with a provider initialization function. +This name can then be used with \fIOSSL_PROVIDER_load()\fR. +.PP +\&\fIOSSL_PROVIDER_load()\fR loads and initializes a provider. +This may simply initialize a provider that was previously added with +\&\fIOSSL_PROVIDER_add_builtin()\fR and run its given initialization function, +or load a provider module with the given name and run its provider +entry point, \f(CW\*(C`OSSL_provider_init\*(C'\fR. +.PP +\&\fIOSSL_PROVIDER_unload()\fR unloads the given provider. +For a provider added with \fIOSSL_PROVIDER_add_builtin()\fR, this simply +runs its teardown function. +.PP +\&\fIOSSL_PROVIDER_available()\fR checks if a named provider is available +for use. +.PP +\&\fIOSSL_PROVIDER_gettable_params()\fR is used to get a provider parameter +descriptor set as a constant \fB\s-1OSSL_PARAM\s0\fR array. +See \s-1\fIOSSL_PARAM\s0\fR\|(3) for more information. +.PP +\&\fIOSSL_PROVIDER_get_params()\fR is used to get provider parameter values. +The caller must prepare the \fB\s-1OSSL_PARAM\s0\fR array before calling this +function, and the variables acting as buffers for this parameter array +should be filled with data when it returns successfully. +.PP +\&\fIOSSL_PROVIDER_name()\fR returns the name of the given provider. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOSSL_PROVIDER_add()\fR returns 1 on success, or 0 on error. +.PP +\&\fIOSSL_PROVIDER_load()\fR returns a pointer to a provider object on +success, or \fB\s-1NULL\s0\fR on error. +.PP +\&\fIOSSL_PROVIDER_unload()\fR returns 1 on success, or 0 on error. +.PP +\&\fIOSSL_PROVIDER_available()\fR returns 1 if the named provider is available, +otherwise 0. +.PP +\&\fIOSSL_PROVIDER_gettable_params()\fR returns a pointer to an array +of constant \fB\s-1OSSL_PARAM\s0\fR, or \s-1NULL\s0 if none is provided. +.PP +\&\fIOSSL_PROVIDER_get_params()\fR returns 1 on success, or 0 on error. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This demonstrates how to load the provider module \*(L"foo\*(R" and ask for +its build number. +.PP +.Vb 7 +\& OSSL_PROVIDER *prov = NULL; +\& const char *build = NULL; +\& size_t built_l = 0; +\& OSSL_PARAM request[] = { +\& { "build", OSSL_PARAM_UTF8_STRING_PTR, &build, 0, &build_l }, +\& { NULL, 0, NULL, 0, NULL } +\& }; +\& +\& if ((prov = OSSL_PROVIDER_load(NULL, "foo")) != NULL +\& && OSSL_PROVIDER_get_params(prov, request)) +\& printf("Provider \*(Aqfoo\*(Aq build %s\en", build); +\& else +\& ERR_print_errors_fp(stderr); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\-core.h\fR\|(7), \s-1\fIOPENSSL_CTX\s0\fR\|(3), \fIprovider\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The type and functions described here were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/OSSL_SELF_TEST_set_callback.3 b/linux_amd64/ssl/share/man/man3/OSSL_SELF_TEST_set_callback.3 new file mode 100755 index 0000000..ab009d8 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/OSSL_SELF_TEST_set_callback.3 @@ -0,0 +1,172 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_SELF_TEST_SET_CALLBACK 3" +.TH OSSL_SELF_TEST_SET_CALLBACK 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_SELF_TEST_set_callback, +OSSL_SELF_TEST_get_callback \- specify a callback for processing self tests +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void OSSL_SELF_TEST_set_callback(OPENSSL_CTX *ctx, OSSL_CALLBACK *cb, void *cbarg); +\& void OSSL_SELF_TEST_get_callback(OPENSSL_CTX *ctx, OSSL_CALLBACK **cb, void **cbarg); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Set or gets the optional application callback (and the callback argument) that +is called during self testing. +The application callback \fB\s-1OSSL_CALLBACK\s0\fR is associated with a \fB\s-1OPENSSL_CTX\s0\fR. +The application callback function receives information about a running self test, +and may return a result to the calling self test. +See \fIopenssl\-core.h\fR\|(7) for further information on the callback. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOSSL_SELF_TEST_get_callback()\fR returns the callback and callback argument that +has been set via \fIOSSL_SELF_TEST_set_callback()\fR for the given library context \fBctx\fR. +These returned parameters will be \s-1NULL\s0 if \fIOSSL_SELF_TEST_set_callback()\fR has +not been called. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\-core.h\fR\|(7), +\&\s-1\fIOSSL_PROVIDER\-FIPS\s0\fR\|(7) +\&\s-1\fIOPENSSL_CTX\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/OSSL_SERIALIZER.3 b/linux_amd64/ssl/share/man/man3/OSSL_SERIALIZER.3 new file mode 100755 index 0000000..513ec5d --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/OSSL_SERIALIZER.3 @@ -0,0 +1,248 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_SERIALIZER 3" +.TH OSSL_SERIALIZER 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_SERIALIZER, +OSSL_SERIALIZER_fetch, +OSSL_SERIALIZER_up_ref, +OSSL_SERIALIZER_free, +OSSL_SERIALIZER_provider, +OSSL_SERIALIZER_properties, +OSSL_SERIALIZER_is_a, +OSSL_SERIALIZER_number, +OSSL_SERIALIZER_do_all_provided, +OSSL_SERIALIZER_names_do_all +\&\- Serializer method routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct ossl_serializer_st OSSL_SERIALIZER; +\& +\& OSSL_SERIALIZER *OSSL_SERIALIZER_fetch(OPENSSL_CTX *ctx, const char *name, +\& const char *properties); +\& int OSSL_SERIALIZER_up_ref(OSSL_SERIALIZER *serializer); +\& void OSSL_SERIALIZER_free(OSSL_SERIALIZER *serializer); +\& const OSSL_PROVIDER *OSSL_SERIALIZER_provider(const OSSL_SERIALIZER +\& *serializer); +\& const char *OSSL_SERIALIZER_properties(const OSSL_SERIALIZER *ser); +\& int OSSL_SERIALIZER_is_a(const OSSL_SERIALIZER *serializer, +\& const char *name); +\& int OSSL_SERIALIZER_number(const OSSL_SERIALIZER *serializer); +\& void OSSL_SERIALIZER_do_all_provided(OPENSSL_CTX *libctx, +\& void (*fn)(OSSL_SERIALIZER *serializer, +\& void *arg), +\& void *arg); +\& void OSSL_SERIALIZER_names_do_all(const OSSL_SERIALIZER *serializer, +\& void (*fn)(const char *name, void *data), +\& void *data); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fB\s-1OSSL_SERIALIZER\s0\fR is a method for serializers, which know how to +serialize an object of some kind to a serialized form, such as \s-1PEM\s0, +\&\s-1DER\s0, or even human readable text. +.PP +\&\fIOSSL_SERIALIZER_fetch()\fR looks for an algorithm within the provider that +has been loaded into the \fB\s-1OPENSSL_CTX\s0\fR given by \fIctx\fR, having the +name given by \fIname\fR and the properties given by \fIproperties\fR. +The \fIname\fR determines what type of object the fetched serializer +method is expected to be able to serialize, and the properties are +used to determine the expected output type. +For known properties and the values they may have, please have a look +in \*(L"Names and properties\*(R" in \fIprovider\-serializer\fR\|(7). +.PP +\&\fIOSSL_SERIALIZER_up_ref()\fR increments the reference count for the given +\&\fIserializer\fR. +.PP +\&\fIOSSL_SERIALIZER_free()\fR decrements the reference count for the given +\&\fIserializer\fR, and when the count reaches zero, frees it. +.PP +\&\fIOSSL_SERIALIZER_provider()\fR returns the provider of the given +\&\fIserializer\fR. +.PP +\&\fIOSSL_SERIALIZER_provider()\fR returns the property definition associated +with the given \fIserializer\fR. +.PP +\&\fIOSSL_SERIALIZER_is_a()\fR checks if \fIserializer\fR is an implementation of an +algorithm that's identifiable with \fIname\fR. +.PP +\&\fIOSSL_SERIALIZER_number()\fR returns the internal dynamic number assigned to +the given \fIserializer\fR. +.PP +\&\fIOSSL_SERIALIZER_names_do_all()\fR traverses all names for the given +\&\fIserializer\fR, and calls \fIfn\fR with each name and \fIdata\fR. +.PP +\&\fIOSSL_SERIALIZER_do_all_provided()\fR traverses all serializer +implementations by all activated providers in the library context +\&\fIlibctx\fR, and for each of the implementations, calls \fIfn\fR with the +implementation method and \fIdata\fR as arguments. +.SH "NOTES" +.IX Header "NOTES" +\&\fIOSSL_SERIALIZER_fetch()\fR may be called implicitly by other fetching +functions, using the same library context and properties. +Any other \s-1API\s0 that uses keys will typically do this. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOSSL_SERIALIZER_fetch()\fR returns a pointer to the key management +implementation represented by an \s-1OSSL_SERIALIZER\s0 object, or \s-1NULL\s0 on +error. +.PP +\&\fIOSSL_SERIALIZER_up_ref()\fR returns 1 on success, or 0 on error. +.PP +\&\fIOSSL_SERIALIZER_free()\fR doesn't return any value. +.PP +\&\fIOSSL_SERIALIZER_provider()\fR returns a pointer to a provider object, or +\&\s-1NULL\s0 on error. +.PP +\&\fIOSSL_SERIALIZER_properties()\fR returns a pointer to a property +definition string, or \s-1NULL\s0 on error. +.PP +\&\fIOSSL_SERIALIZER_is_a()\fR returns 1 of \fIserializer\fR was identifiable, +otherwise 0. +.PP +\&\fIOSSL_SERIALIZER_number()\fR returns an integer. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIprovider\fR\|(7), \s-1\fIOSSL_SERIALIZER_CTX\s0\fR\|(3), \fIOSSL_SERIALIZER_to_bio\fR\|(3), +\&\fIOSSL_SERIALIZER_CTX_new_by_EVP_PKEY\fR\|(3), \s-1\fIOPENSSL_CTX\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/OSSL_SERIALIZER_CTX.3 b/linux_amd64/ssl/share/man/man3/OSSL_SERIALIZER_CTX.3 new file mode 100755 index 0000000..6153f96 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/OSSL_SERIALIZER_CTX.3 @@ -0,0 +1,208 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_SERIALIZER_CTX 3" +.TH OSSL_SERIALIZER_CTX 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_SERIALIZER_CTX, +OSSL_SERIALIZER_CTX_new, +OSSL_SERIALIZER_CTX_get_serializer, +OSSL_SERIALIZER_settable_ctx_params, +OSSL_SERIALIZER_CTX_set_params, +OSSL_SERIALIZER_CTX_free +\&\- Serializer context routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct ossl_serializer_ctx_st OSSL_SERIALIZER_CTX; +\& +\& OSSL_SERIALIZER_CTX *OSSL_SERIALIZER_CTX_new(OSSL_SERIALIZER *ser); +\& const OSSL_SERIALIZER * +\& OSSL_SERIALIZER_CTX_get_serializer(OSSL_SERIALIZER_CTX *ctx); +\& const OSSL_PARAM *OSSL_SERIALIZER_settable_ctx_params(OSSL_SERIALIZER *ser); +\& int OSSL_SERIALIZER_CTX_set_params(OSSL_SERIALIZER_CTX *ctx, +\& const OSSL_PARAM params[]); +\& void OSSL_SERIALIZER_CTX_free(OSSL_SERIALIZER_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fB\s-1OSSL_SERIALIZER_CTX\s0\fR is a context with which \fB\s-1OSSL_SERIALIZER\s0\fR +operations are performed. The context typically holds values, both +internal and supplied by the application, which are useful for the +implementations supplied by providers. +.PP +\&\fIOSSL_SERIALIZER_CTX_new()\fR creates a \fB\s-1OSSL_SERIALIZER_CTX\s0\fR associated +with the serializer \fIser\fR. \s-1NULL\s0 is a valid \fIser\fR, the context will +be created anyway, it's just not very useful. This is intentional, to +distinguish between errors in allocating the context or assigning it +values on one hand, and the lack of serializer support on the other. +.PP +\&\fIOSSL_SERIALIZER_CTX_get_serializer()\fR gets the serializer method +currently associated with the context \fIctx\fR. +.PP +\&\fIOSSL_SERIALIZER_settable_ctx_params()\fR returns an \s-1\fIOSSL_PARAM\s0\fR\|(3) +array of parameter descriptors. +.PP +\&\fIOSSL_SERIALIZER_CTX_set_params()\fR attempts to set parameters specified +with an \s-1\fIOSSL_PARAM\s0\fR\|(3) array \fIparams\fR. Parameters that the +implementation doesn't recognise should be ignored. +.PP +\&\fIOSSL_SERIALIZER_CTX_free()\fR frees the given context \fIctx\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOSSL_SERIALIZER_CTX_new()\fR returns a pointer to a +\&\fB\s-1OSSL_SERIALIZER_CTX\s0\fR, or \s-1NULL\s0 if the context structure couldn't be +allocated. +.PP +\&\fIOSSL_SERIALIZER_CTX_get_serializer()\fR returns a pointer to the +serializer method associated with \fIctx\fR. \s-1NULL\s0 is a valid return +value and signifies that there is no associated serializer method. +.PP +\&\fIOSSL_SERIALIZER_settable_ctx_params()\fR returns an \s-1\fIOSSL_PARAM\s0\fR\|(3) +array, or \s-1NULL\s0 if none is available. +.PP +\&\fIOSSL_SERIALIZER_CTX_set_params()\fR returns 1 if all recognised +parameters were valid, or 0 if one of them was invalid or caused some +other failure in the implementation. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIprovider\fR\|(7), \s-1\fIOSSL_SERIALIZER\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.3 b/linux_amd64/ssl/share/man/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.3 new file mode 100755 index 0000000..5d3f7fb --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.3 @@ -0,0 +1,262 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_SERIALIZER_CTX_NEW_BY_EVP_PKEY 3" +.TH OSSL_SERIALIZER_CTX_NEW_BY_EVP_PKEY 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_SERIALIZER_CTX_new_by_EVP_PKEY, +OSSL_SERIALIZER_CTX_set_cipher, +OSSL_SERIALIZER_CTX_set_passphrase, +OSSL_SERIALIZER_CTX_set_passphrase_cb, +OSSL_SERIALIZER_CTX_set_passphrase_ui, +OSSL_SERIALIZER_PUBKEY_TO_PEM_PQ, +OSSL_SERIALIZER_PrivateKey_TO_PEM_PQ, +OSSL_SERIALIZER_Parameters_TO_PEM_PQ, +OSSL_SERIALIZER_PUBKEY_TO_DER_PQ, +OSSL_SERIALIZER_PrivateKey_TO_DER_PQ, +OSSL_SERIALIZER_Parameters_TO_DER_PQ, +OSSL_SERIALIZER_PUBKEY_TO_TEXT_PQ, +OSSL_SERIALIZER_PrivateKey_TO_TEXT_PQ, +OSSL_SERIALIZER_Parameters_TO_TEXT_PQ +\&\- Serializer routines to serialize EVP_PKEYs +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& OSSL_SERIALIZER_CTX *OSSL_SERIALIZER_CTX_new_by_EVP_PKEY(const EVP_PKEY *pkey, +\& const char *propquery); +\& +\& int OSSL_SERIALIZER_CTX_set_cipher(OSSL_SERIALIZER_CTX *ctx, +\& const char *cipher_name, +\& const char *propquery); +\& int OSSL_SERIALIZER_CTX_set_passphrase(OSSL_SERIALIZER_CTX *ctx, +\& const unsigned char *kstr, +\& size_t klen); +\& int OSSL_SERIALIZER_CTX_set_passphrase_cb(OSSL_SERIALIZER_CTX *ctx, int enc, +\& pem_password_cb *cb, void *cbarg); +\& int OSSL_SERIALIZER_CTX_set_passphrase_ui(OSSL_SERIALIZER_CTX *ctx, +\& const UI_METHOD *ui_method, +\& void *ui_data); +\& +\& #define OSSL_SERIALIZER_PUBKEY_TO_PEM_PQ "format=pem,type=public" +\& #define OSSL_SERIALIZER_PrivateKey_TO_PEM_PQ "format=pem,type=private" +\& #define OSSL_SERIALIZER_Parameters_TO_PEM_PQ "format=pem,type=parameters" +\& +\& #define OSSL_SERIALIZER_PUBKEY_TO_DER_PQ "format=der,type=public" +\& #define OSSL_SERIALIZER_PrivateKey_TO_DER_PQ "format=der,type=private" +\& #define OSSL_SERIALIZER_Parameters_TO_DER_PQ "format=der,type=parameters" +\& +\& #define OSSL_SERIALIZER_PUBKEY_TO_TEXT_PQ "format=text,type=public" +\& #define OSSL_SERIALIZER_PrivateKey_TO_TEXT_PQ "format=text,type=private" +\& #define OSSL_SERIALIZER_Parameters_TO_TEXT_PQ "format=text,type=parameters" +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIOSSL_SERIALIZER_CTX_new_by_EVP_PKEY()\fR creates a \fB\s-1OSSL_SERIALIZER_CTX\s0\fR +with a suitable attached output routine for \fB\s-1EVP_PKEY\s0\fRs. It will +search for a serializer implementation that matches the algorithm of +the \fB\s-1EVP_PKEY\s0\fR and the property query given with \fIpropquery\fR. It +will prefer to find a serializer from the same provider as the key +data of the \fB\s-1EVP_PKEY\s0\fR itself, but failing that, it will choose the +first serializer that supplies a generic serializing function. +.PP +If no suitable serializer was found, \fIOSSL_SERIALIZER_CTX_new_by_EVP_PKEY()\fR +still creates a \fB\s-1OSSL_SERIALIZER_CTX\s0\fR, but with no associated +serializer (\fIOSSL_SERIALIZER_CTX_get_serializer\fR\|(3) returns \s-1NULL\s0). +This helps the caller distinguish between an error when creating +the \fB\s-1OSSL_SERIALIZER_CTX\s0\fR, and the lack the serializer support and +act accordingly. +.PP +\&\fIOSSL_SERIALIZER_CTX_set_cipher()\fR tells the implementation what cipher +should be used to encrypt serialized keys. The cipher is given by +name \fIcipher_name\fR. The interpretation of that \fIcipher_name\fR is +implementation dependent. The implementation may implement the digest +directly itself or by other implementations, or it may choose to fetch +it. If the implementation supports fetching the cipher, then it may +use \fIpropquery\fR as properties to be queried for when fetching. +\&\fIcipher_name\fR may also be \s-1NULL\s0, which will result in unencrypted +serialization. +.PP +\&\fIOSSL_SERIALIZER_CTX_set_passphrase()\fR gives the implementation a +pass phrase to use when encrypting the serialized private key. +Alternatively, a pass phrase callback may be specified with the +following functions. +.PP +\&\fIOSSL_SERIALIZER_CTX_set_passphrase_cb()\fR and +\&\fIOSSL_SERIALIZER_CTX_set_passphrase_ui()\fR sets up a callback method that +the implementation can use to prompt for a pass phrase. +.PP +The macros \fB\s-1OSSL_SERIALIZER_PUBKEY_TO_PEM_PQ\s0\fR, +\&\fBOSSL_SERIALIZER_PrivateKey_TO_PEM_PQ\fR, +\&\fBOSSL_SERIALIZER_Parameters_TO_PEM_PQ\fR, +\&\fB\s-1OSSL_SERIALIZER_PUBKEY_TO_DER_PQ\s0\fR, +\&\fBOSSL_SERIALIZER_PrivateKey_TO_DER_PQ\fR, +\&\fBOSSL_SERIALIZER_Parameters_TO_DER_PQ\fR, +\&\fB\s-1OSSL_SERIALIZER_PUBKEY_TO_TEXT_PQ\s0\fR, +\&\fBOSSL_SERIALIZER_PrivateKey_TO_TEXT_PQ\fR, +\&\fBOSSL_SERIALIZER_Parameters_TO_TEXT_PQ\fR are convenience macros with +property queries to serialize the \fB\s-1EVP_PKEY\s0\fR as a public key, private +key or parameters to \fB\s-1PEM\s0\fR, to \fB\s-1DER\s0\fR, or to text. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOSSL_SERIALIZER_CTX_new_by_EVP_PKEY()\fR returns a pointer to a +\&\fB\s-1OSSL_SERIALIZER_CTX\s0\fR, or \s-1NULL\s0 if it couldn't be created. +.PP +\&\fIOSSL_SERIALIZER_CTX_set_cipher()\fR, +\&\fIOSSL_SERIALIZER_CTX_set_passphrase()\fR, +\&\fIOSSL_SERIALIZER_CTX_set_passphrase_cb()\fR, and +\&\fIOSSL_SERIALIZER_CTX_set_passphrase_ui()\fR all return 1 on success, or 0 +on failure. +.SH "NOTES" +.IX Header "NOTES" +Parts of the function and macro names are made to match already +existing OpenSSL names. +.PP +\&\fB\s-1EVP_PKEY\s0\fR in \fIOSSL_SERIALIZER_CTX_new_by_EVP_PKEY()\fR matches the type +name, thus making for the naming pattern +\&\fBOSSL_SERIALIZER_CTX_new_by_\f(BI\s-1TYPE\s0\fB\fR() when new types are handled. +.PP +\&\fB\s-1PUBKEY\s0\fR, \fBPrivateKey\fR and \fBParameters\fR in the macro names match +the \fB\f(BI\s-1TYPE\s0\fB\fR part of of \fBPEM_write_bio_\f(BI\s-1TYPE\s0\fB\fR functions as well +as \fBi2d_\f(BI\s-1TYPE\s0\fB_bio\fR functions. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIprovider\fR\|(7), \s-1\fIOSSL_SERIALIZER\s0\fR\|(3), \s-1\fIOSSL_SERIALIZER_CTX\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/OSSL_SERIALIZER_to_bio.3 b/linux_amd64/ssl/share/man/man3/OSSL_SERIALIZER_to_bio.3 new file mode 100755 index 0000000..c88cdaa --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/OSSL_SERIALIZER_to_bio.3 @@ -0,0 +1,174 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_SERIALIZER_TO_BIO 3" +.TH OSSL_SERIALIZER_TO_BIO 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_SERIALIZER_to_bio, +OSSL_SERIALIZER_to_fp +\&\- Serializer file output routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int OSSL_SERIALIZER_to_bio(OSSL_SERIALIZER_CTX *ctx, BIO *out); +\& int OSSL_SERIALIZER_to_fp(OSSL_SERIALIZER_CTX *ctx, FILE *fp); +.Ve +.PP +Feature availability macros: +.IP "\fIOSSL_SERIALIZER_to_fp()\fR is only available when \fB\s-1OPENSSL_NO_STDIO\s0\fR is undefined." 4 +.IX Item "OSSL_SERIALIZER_to_fp() is only available when OPENSSL_NO_STDIO is undefined." +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIOSSL_SERIALIZER_to_bio()\fR runs the serialization process for the +context \fIctx\fR, with the output going to the \fB\s-1BIO\s0\fR \fIout\fR. The +application is required to set up the \fB\s-1BIO\s0\fR properly, for example to +have it in text or binary mode if that's appropriate. +.PP +\&\fIOSSL_SERIALIZER_to_fp()\fR does the same thing as \fIOSSL_SERIALIZER_to_bio()\fR, +except that the output is going to the \fB\s-1FILE\s0\fR \fIfp\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOSSL_SERIALIZER_to_bio()\fR and \fIOSSL_SERIALIZER_to_fp()\fR return 1 on +success, or 0 on failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIprovider\fR\|(7), \s-1\fIOSSL_SERIALIZER_CTX\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/OSSL_STORE_INFO.3 b/linux_amd64/ssl/share/man/man3/OSSL_STORE_INFO.3 new file mode 100755 index 0000000..1b2f93f --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/OSSL_STORE_INFO.3 @@ -0,0 +1,314 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_STORE_INFO 3" +.TH OSSL_STORE_INFO 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_STORE_INFO, OSSL_STORE_INFO_get_type, OSSL_STORE_INFO_get0_NAME, +OSSL_STORE_INFO_get0_NAME_description, OSSL_STORE_INFO_get0_PARAMS, +OSSL_STORE_INFO_get0_PKEY, OSSL_STORE_INFO_get0_CERT, OSSL_STORE_INFO_get0_CRL, +OSSL_STORE_INFO_get1_NAME, OSSL_STORE_INFO_get1_NAME_description, +OSSL_STORE_INFO_get1_PARAMS, OSSL_STORE_INFO_get1_PKEY, +OSSL_STORE_INFO_get1_CERT, +OSSL_STORE_INFO_get1_CRL, OSSL_STORE_INFO_type_string, OSSL_STORE_INFO_free, +OSSL_STORE_INFO_new_NAME, OSSL_STORE_INFO_set0_NAME_description, +OSSL_STORE_INFO_new_PARAMS, OSSL_STORE_INFO_new_PKEY, OSSL_STORE_INFO_new_CERT, +OSSL_STORE_INFO_new_CRL \- Functions to manipulate OSSL_STORE_INFO objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct ossl_store_info_st OSSL_STORE_INFO; +\& +\& int OSSL_STORE_INFO_get_type(const OSSL_STORE_INFO *store_info); +\& const char *OSSL_STORE_INFO_get0_NAME(const OSSL_STORE_INFO *store_info); +\& char *OSSL_STORE_INFO_get1_NAME(const OSSL_STORE_INFO *store_info); +\& const char *OSSL_STORE_INFO_get0_NAME_description(const OSSL_STORE_INFO +\& *store_info); +\& char *OSSL_STORE_INFO_get1_NAME_description(const OSSL_STORE_INFO *store_info); +\& EVP_PKEY *OSSL_STORE_INFO_get0_PARAMS(const OSSL_STORE_INFO *store_info); +\& EVP_PKEY *OSSL_STORE_INFO_get1_PARAMS(const OSSL_STORE_INFO *store_info); +\& EVP_PKEY *OSSL_STORE_INFO_get0_PKEY(const OSSL_STORE_INFO *store_info); +\& EVP_PKEY *OSSL_STORE_INFO_get1_PKEY(const OSSL_STORE_INFO *store_info); +\& X509 *OSSL_STORE_INFO_get0_CERT(const OSSL_STORE_INFO *store_info); +\& X509 *OSSL_STORE_INFO_get1_CERT(const OSSL_STORE_INFO *store_info); +\& X509_CRL *OSSL_STORE_INFO_get0_CRL(const OSSL_STORE_INFO *store_info); +\& X509_CRL *OSSL_STORE_INFO_get1_CRL(const OSSL_STORE_INFO *store_info); +\& +\& const char *OSSL_STORE_INFO_type_string(int type); +\& +\& void OSSL_STORE_INFO_free(OSSL_STORE_INFO *store_info); +\& +\& OSSL_STORE_INFO *OSSL_STORE_INFO_new_NAME(char *name); +\& int OSSL_STORE_INFO_set0_NAME_description(OSSL_STORE_INFO *info, char *desc); +\& OSSL_STORE_INFO *OSSL_STORE_INFO_new_PARAMS(DSA *dsa_params); +\& OSSL_STORE_INFO *OSSL_STORE_INFO_new_PKEY(EVP_PKEY *pkey); +\& OSSL_STORE_INFO *OSSL_STORE_INFO_new_CERT(X509 *x509); +\& OSSL_STORE_INFO *OSSL_STORE_INFO_new_CRL(X509_CRL *crl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions are primarily useful for applications to retrieve +supported objects from \fB\s-1OSSL_STORE_INFO\s0\fR objects and for scheme specific +loaders to create \fB\s-1OSSL_STORE_INFO\s0\fR holders. +.SS "Types" +.IX Subsection "Types" +\&\fB\s-1OSSL_STORE_INFO\s0\fR is an opaque type that's just an intermediary holder for +the objects that have been retrieved by \fIOSSL_STORE_load()\fR and similar +functions. +Supported OpenSSL type object can be extracted using one of +\&\fISTORE_INFO_get0_TYPE()\fR. +The life time of this extracted object is as long as the life time of +the \fB\s-1OSSL_STORE_INFO\s0\fR it was extracted from, so care should be taken not +to free the latter too early. +As an alternative, \fISTORE_INFO_get1_TYPE()\fR extracts a duplicate (or the +same object with its reference count increased), which can be used +after the containing \fB\s-1OSSL_STORE_INFO\s0\fR has been freed. +The object returned by \fISTORE_INFO_get1_TYPE()\fR must be freed separately +by the caller. +See \*(L"\s-1SUPPORTED\s0 \s-1OBJECTS\s0\*(R" for more information on the types that are +supported. +.SS "Functions" +.IX Subsection "Functions" +\&\fIOSSL_STORE_INFO_get_type()\fR takes a \fB\s-1OSSL_STORE_INFO\s0\fR and returns the \s-1STORE\s0 +type number for the object inside. +\&\fISTORE_INFO_get_type_string()\fR takes a \s-1STORE\s0 type number and returns a +short string describing it. +.PP +\&\fIOSSL_STORE_INFO_get0_NAME()\fR, \fIOSSL_STORE_INFO_get0_NAME_description()\fR, +\&\fIOSSL_STORE_INFO_get0_PARAMS()\fR, \fIOSSL_STORE_INFO_get0_PKEY()\fR, +\&\fIOSSL_STORE_INFO_get0_CERT()\fR and \fIOSSL_STORE_INFO_get0_CRL()\fR all take a +\&\fB\s-1OSSL_STORE_INFO\s0\fR and return the held object of the appropriate OpenSSL +type provided that's what's held. +.PP +\&\fIOSSL_STORE_INFO_get1_NAME()\fR, \fIOSSL_STORE_INFO_get1_NAME_description()\fR, +\&\fIOSSL_STORE_INFO_get1_PARAMS()\fR, \fIOSSL_STORE_INFO_get1_PKEY()\fR, +\&\fIOSSL_STORE_INFO_get1_CERT()\fR and \fIOSSL_STORE_INFO_get1_CRL()\fR all take a +\&\fB\s-1OSSL_STORE_INFO\s0\fR and return a duplicate of the held object of the +appropriate OpenSSL type provided that's what's held. +.PP +\&\fIOSSL_STORE_INFO_free()\fR frees a \fB\s-1OSSL_STORE_INFO\s0\fR and its contained type. +.PP +\&\fIOSSL_STORE_INFO_new_NAME()\fR , \fIOSSL_STORE_INFO_new_PARAMS()\fR, +\&\fIOSSL_STORE_INFO_new_PKEY()\fR, \fIOSSL_STORE_INFO_new_CERT()\fR and +\&\fIOSSL_STORE_INFO_new_CRL()\fR create a \fB\s-1OSSL_STORE_INFO\s0\fR +object to hold the given input object. +Additionally, for \fB\s-1OSSL_STORE_INFO_NAME\s0\fR` objects, +\&\fIOSSL_STORE_INFO_set0_NAME_description()\fR can be used to add an extra +description. +This description is meant to be human readable and should be used for +information printout. +.SH "SUPPORTED OBJECTS" +.IX Header "SUPPORTED OBJECTS" +Currently supported object types are: +.IP "\s-1OSSL_STORE_INFO_NAME\s0" 4 +.IX Item "OSSL_STORE_INFO_NAME" +A name is exactly that, a name. +It's like a name in a directory, but formatted as a complete \s-1URI\s0. +For example, the path in \s-1URI\s0 \f(CW\*(C`file:/foo/bar/\*(C'\fR could include a file +named \f(CW\*(C`cookie.pem\*(C'\fR, and in that case, the returned \fB\s-1OSSL_STORE_INFO_NAME\s0\fR +object would have the \s-1URI\s0 \f(CW\*(C`file:/foo/bar/cookie.pem\*(C'\fR, which can be +used by the application to get the objects in that file. +This can be applied to all schemes that can somehow support a listing +of object URIs. +.Sp +For \f(CW\*(C`file:\*(C'\fR URIs that are used without the explicit scheme, the +returned name will be the path of each object, so if \f(CW\*(C`/foo/bar\*(C'\fR was +given and that path has the file \f(CW\*(C`cookie.pem\*(C'\fR, the name +\&\f(CW\*(C`/foo/bar/cookie.pem\*(C'\fR will be returned. +.Sp +The returned \s-1URI\s0 is considered canonical and must be unique and permanent +for the storage where the object (or collection of objects) resides. +Each loader is responsible for ensuring that it only returns canonical +URIs. +However, it's possible that certain schemes allow an object (or collection +thereof) to be reached with alternative URIs; just because one \s-1URI\s0 is +canonical doesn't mean that other variants can't be used. +.Sp +At the discretion of the loader that was used to get these names, an +extra description may be attached as well. +.IP "\s-1OSSL_STORE_INFO_PARAMS\s0" 4 +.IX Item "OSSL_STORE_INFO_PARAMS" +Key parameters. +.IP "\s-1OSSL_STORE_INFO_PKEY\s0" 4 +.IX Item "OSSL_STORE_INFO_PKEY" +A private/public key of some sort. +.IP "\s-1OSSL_STORE_INFO_CERT\s0" 4 +.IX Item "OSSL_STORE_INFO_CERT" +An X.509 certificate. +.IP "\s-1OSSL_STORE_INFO_CRL\s0" 4 +.IX Item "OSSL_STORE_INFO_CRL" +A X.509 certificate revocation list. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOSSL_STORE_INFO_get_type()\fR returns the \s-1STORE\s0 type number of the given +\&\fB\s-1OSSL_STORE_INFO\s0\fR. +There is no error value. +.PP +\&\fIOSSL_STORE_INFO_get0_NAME()\fR, \fIOSSL_STORE_INFO_get0_NAME_description()\fR, +\&\fIOSSL_STORE_INFO_get0_PARAMS()\fR, \fIOSSL_STORE_INFO_get0_PKEY()\fR, +\&\fIOSSL_STORE_INFO_get0_CERT()\fR and \fIOSSL_STORE_INFO_get0_CRL()\fR all return +a pointer to the OpenSSL object on success, \s-1NULL\s0 otherwise. +.PP +\&\fIOSSL_STORE_INFO_get0_NAME()\fR, \fIOSSL_STORE_INFO_get0_NAME_description()\fR, +\&\fIOSSL_STORE_INFO_get0_PARAMS()\fR, \fIOSSL_STORE_INFO_get0_PKEY()\fR, +\&\fIOSSL_STORE_INFO_get0_CERT()\fR and \fIOSSL_STORE_INFO_get0_CRL()\fR all return +a pointer to a duplicate of the OpenSSL object on success, \s-1NULL\s0 otherwise. +.PP +\&\fIOSSL_STORE_INFO_type_string()\fR returns a string on success, or \fB\s-1NULL\s0\fR on +failure. +.PP +\&\fIOSSL_STORE_INFO_new_NAME()\fR, \fIOSSL_STORE_INFO_new_PARAMS()\fR, +\&\fIOSSL_STORE_INFO_new_PKEY()\fR, \fIOSSL_STORE_INFO_new_CERT()\fR and +\&\fIOSSL_STORE_INFO_new_CRL()\fR return a \fB\s-1OSSL_STORE_INFO\s0\fR +pointer on success, or \fB\s-1NULL\s0\fR on failure. +.PP +\&\fIOSSL_STORE_INFO_set0_NAME_description()\fR returns 1 on success, or 0 on +failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIossl_store\fR\|(7), \fIOSSL_STORE_open\fR\|(3), \fIOSSL_STORE_register_loader\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1\fIOSSL_STORE_INFO\s0()\fR, \fIOSSL_STORE_INFO_get_type()\fR, \fIOSSL_STORE_INFO_get0_NAME()\fR, +\&\fIOSSL_STORE_INFO_get0_PARAMS()\fR, \fIOSSL_STORE_INFO_get0_PKEY()\fR, +\&\fIOSSL_STORE_INFO_get0_CERT()\fR, \fIOSSL_STORE_INFO_get0_CRL()\fR, +\&\fIOSSL_STORE_INFO_type_string()\fR, \fIOSSL_STORE_INFO_free()\fR, \fIOSSL_STORE_INFO_new_NAME()\fR, +\&\fIOSSL_STORE_INFO_new_PARAMS()\fR, \fIOSSL_STORE_INFO_new_PKEY()\fR, +\&\fIOSSL_STORE_INFO_new_CERT()\fR and \fIOSSL_STORE_INFO_new_CRL()\fR +were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/OSSL_STORE_LOADER.3 b/linux_amd64/ssl/share/man/man3/OSSL_STORE_LOADER.3 new file mode 100755 index 0000000..08f4d6a --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/OSSL_STORE_LOADER.3 @@ -0,0 +1,364 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_STORE_LOADER 3" +.TH OSSL_STORE_LOADER 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_STORE_LOADER, OSSL_STORE_LOADER_CTX, OSSL_STORE_LOADER_new, +OSSL_STORE_LOADER_get0_engine, OSSL_STORE_LOADER_get0_scheme, +OSSL_STORE_LOADER_set_open, OSSL_STORE_LOADER_set_ctrl, +OSSL_STORE_LOADER_set_expect, OSSL_STORE_LOADER_set_find, +OSSL_STORE_LOADER_set_load, OSSL_STORE_LOADER_set_eof, +OSSL_STORE_LOADER_set_error, OSSL_STORE_LOADER_set_close, +OSSL_STORE_LOADER_free, OSSL_STORE_register_loader, +OSSL_STORE_unregister_loader, OSSL_STORE_open_fn, OSSL_STORE_ctrl_fn, +OSSL_STORE_expect_fn, OSSL_STORE_find_fn, +OSSL_STORE_load_fn, OSSL_STORE_eof_fn, OSSL_STORE_error_fn, +OSSL_STORE_close_fn \- Types and functions to manipulate, register and +unregister STORE loaders for different URI schemes +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct ossl_store_loader_st OSSL_STORE_LOADER; +\& +\& OSSL_STORE_LOADER *OSSL_STORE_LOADER_new(ENGINE *e, const char *scheme); +\& const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER +\& *store_loader); +\& const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER +\& *store_loader); +\& +\& /* struct ossl_store_loader_ctx_st is defined differently by each loader */ +\& typedef struct ossl_store_loader_ctx_st OSSL_STORE_LOADER_CTX; +\& +\& typedef OSSL_STORE_LOADER_CTX *(*OSSL_STORE_open_fn)(const char *uri, +\& const UI_METHOD *ui_method, +\& void *ui_data); +\& int OSSL_STORE_LOADER_set_open(OSSL_STORE_LOADER *store_loader, +\& OSSL_STORE_open_fn store_open_function); +\& typedef int (*OSSL_STORE_ctrl_fn)(OSSL_STORE_LOADER_CTX *ctx, int cmd, +\& va_list args); +\& int OSSL_STORE_LOADER_set_ctrl(OSSL_STORE_LOADER *store_loader, +\& OSSL_STORE_ctrl_fn store_ctrl_function); +\& typedef int (*OSSL_STORE_expect_fn)(OSSL_STORE_LOADER_CTX *ctx, int expected); +\& int OSSL_STORE_LOADER_set_expect(OSSL_STORE_LOADER *loader, +\& OSSL_STORE_expect_fn expect_function); +\& typedef int (*OSSL_STORE_find_fn)(OSSL_STORE_LOADER_CTX *ctx, +\& OSSL_STORE_SEARCH *criteria); +\& int OSSL_STORE_LOADER_set_find(OSSL_STORE_LOADER *loader, +\& OSSL_STORE_find_fn find_function); +\& typedef OSSL_STORE_INFO *(*OSSL_STORE_load_fn)(OSSL_STORE_LOADER_CTX *ctx, +\& UI_METHOD *ui_method, +\& void *ui_data); +\& int OSSL_STORE_LOADER_set_load(OSSL_STORE_LOADER *store_loader, +\& OSSL_STORE_load_fn store_load_function); +\& typedef int (*OSSL_STORE_eof_fn)(OSSL_STORE_LOADER_CTX *ctx); +\& int OSSL_STORE_LOADER_set_eof(OSSL_STORE_LOADER *store_loader, +\& OSSL_STORE_eof_fn store_eof_function); +\& typedef int (*OSSL_STORE_error_fn)(OSSL_STORE_LOADER_CTX *ctx); +\& int OSSL_STORE_LOADER_set_error(OSSL_STORE_LOADER *store_loader, +\& OSSL_STORE_error_fn store_error_function); +\& typedef int (*OSSL_STORE_close_fn)(OSSL_STORE_LOADER_CTX *ctx); +\& int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *store_loader, +\& OSSL_STORE_close_fn store_close_function); +\& void OSSL_STORE_LOADER_free(OSSL_STORE_LOADER *store_loader); +\& +\& int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader); +\& OSSL_STORE_LOADER *OSSL_STORE_unregister_loader(const char *scheme); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions help applications and engines to create loaders for +schemes they support. +.SS "Types" +.IX Subsection "Types" +\&\fB\s-1OSSL_STORE_LOADER\s0\fR is the type to hold a loader. +It contains a scheme and the functions needed to implement +\&\fIOSSL_STORE_open()\fR, \fIOSSL_STORE_load()\fR, \fIOSSL_STORE_eof()\fR, \fIOSSL_STORE_error()\fR and +\&\fIOSSL_STORE_close()\fR for this scheme. +.PP +\&\fB\s-1OSSL_STORE_LOADER_CTX\s0\fR is a type template, to be defined by each loader +using \fBstruct ossl_store_loader_ctx_st { ... }\fR. +.PP +\&\fBOSSL_STORE_open_fn\fR, \fBOSSL_STORE_ctrl_fn\fR, \fBOSSL_STORE_expect_fn\fR, +\&\fBOSSL_STORE_find_fn\fR, \fBOSSL_STORE_load_fn\fR, \fBOSSL_STORE_eof_fn\fR, +and \fBOSSL_STORE_close_fn\fR +are the function pointer types used within a \s-1STORE\s0 loader. +The functions pointed at define the functionality of the given loader. +.IP "\fBOSSL_STORE_open_fn\fR" 4 +.IX Item "OSSL_STORE_open_fn" +This function takes a \s-1URI\s0 and is expected to interpret it in the best +manner possible according to the scheme the loader implements, it also +takes a \fB\s-1UI_METHOD\s0\fR and associated data, to be used any time +something needs to be prompted for. +Furthermore, this function is expected to initialize what needs to be +initialized, to create a private data store (\fB\s-1OSSL_STORE_LOADER_CTX\s0\fR, see +above), and to return it. +If something goes wrong, this function is expected to return \s-1NULL\s0. +.IP "\fBOSSL_STORE_ctrl_fn\fR" 4 +.IX Item "OSSL_STORE_ctrl_fn" +This function takes a \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer, a command number +\&\fBcmd\fR and a \fBva_list\fR \fBargs\fR and is used to manipulate loader +specific parameters. +.Sp +Loader specific command numbers must begin at \fB\s-1OSSL_STORE_C_CUSTOM_START\s0\fR. +Any number below that is reserved for future globally known command +numbers. +.Sp +This function is expected to return 1 on success, 0 on error. +.IP "\fBOSSL_STORE_expect_fn\fR" 4 +.IX Item "OSSL_STORE_expect_fn" +This function takes a \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer and a \fB\s-1OSSL_STORE_INFO\s0\fR +identity \fBexpected\fR, and is used to tell the loader what object type is +expected. +\&\fBexpected\fR may be zero to signify that no specific object type is expected. +.Sp +This function is expected to return 1 on success, 0 on error. +.IP "\fBOSSL_STORE_find_fn\fR" 4 +.IX Item "OSSL_STORE_find_fn" +This function takes a \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer and a +\&\fB\s-1OSSL_STORE_SEARCH\s0\fR search criterion, and is used to tell the loader what +to search for. +.Sp +When called with the loader context being \fB\s-1NULL\s0\fR, this function is expected +to return 1 if the loader supports the criterion, otherwise 0. +.Sp +When called with the loader context being something other than \fB\s-1NULL\s0\fR, this +function is expected to return 1 on success, 0 on error. +.IP "\fBOSSL_STORE_load_fn\fR" 4 +.IX Item "OSSL_STORE_load_fn" +This function takes a \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer and a \fB\s-1UI_METHOD\s0\fR +with associated data. +It's expected to load the next available data, mold it into a data +structure that can be wrapped in a \fB\s-1OSSL_STORE_INFO\s0\fR using one of the +\&\s-1\fIOSSL_STORE_INFO\s0\fR\|(3) functions. +If no more data is available or an error occurs, this function is +expected to return \s-1NULL\s0. +The \fBOSSL_STORE_eof_fn\fR and \fBOSSL_STORE_error_fn\fR functions must indicate if +it was in fact the end of data or if an error occurred. +.Sp +Note that this function retrieves \fIone\fR data item only. +.IP "\fBOSSL_STORE_eof_fn\fR" 4 +.IX Item "OSSL_STORE_eof_fn" +This function takes a \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer and is expected to +return 1 to indicate that the end of available data has been reached. +It is otherwise expected to return 0. +.IP "\fBOSSL_STORE_error_fn\fR" 4 +.IX Item "OSSL_STORE_error_fn" +This function takes a \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer and is expected to +return 1 to indicate that an error occurred in a previous call to the +\&\fBOSSL_STORE_load_fn\fR function. +It is otherwise expected to return 0. +.IP "\fBOSSL_STORE_close_fn\fR" 4 +.IX Item "OSSL_STORE_close_fn" +This function takes a \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer and is expected to +close or shut down what needs to be closed, and finally free the +contents of the \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer. +It returns 1 on success and 0 on error. +.SS "Functions" +.IX Subsection "Functions" +\&\fIOSSL_STORE_LOADER_new()\fR creates a new \fB\s-1OSSL_STORE_LOADER\s0\fR. +It takes an \fB\s-1ENGINE\s0\fR \fBe\fR and a string \fBscheme\fR. +\&\fBscheme\fR must \fIalways\fR be set. +Both \fBe\fR and \fBscheme\fR are used as is and must therefore be alive as +long as the created loader is. +.PP +\&\fIOSSL_STORE_LOADER_get0_engine()\fR returns the engine of the \fBstore_loader\fR. +\&\fIOSSL_STORE_LOADER_get0_scheme()\fR returns the scheme of the \fBstore_loader\fR. +.PP +\&\fIOSSL_STORE_LOADER_set_open()\fR sets the opener function for the +\&\fBstore_loader\fR. +.PP +\&\fIOSSL_STORE_LOADER_set_ctrl()\fR sets the control function for the +\&\fBstore_loader\fR. +.PP +\&\fIOSSL_STORE_LOADER_set_expect()\fR sets the expect function for the +\&\fBstore_loader\fR. +.PP +\&\fIOSSL_STORE_LOADER_set_load()\fR sets the loader function for the +\&\fBstore_loader\fR. +.PP +\&\fIOSSL_STORE_LOADER_set_eof()\fR sets the end of file checker function for the +\&\fBstore_loader\fR. +.PP +\&\fIOSSL_STORE_LOADER_set_close()\fR sets the closing function for the +\&\fBstore_loader\fR. +.PP +\&\fIOSSL_STORE_LOADER_free()\fR frees the given \fBstore_loader\fR. +.PP +\&\fIOSSL_STORE_register_loader()\fR register the given \fBstore_loader\fR and thereby +makes it available for use with \fIOSSL_STORE_open()\fR, \fIOSSL_STORE_load()\fR, +\&\fIOSSL_STORE_eof()\fR and \fIOSSL_STORE_close()\fR. +.PP +\&\fIOSSL_STORE_unregister_loader()\fR unregister the store loader for the given +\&\fBscheme\fR. +.SH "NOTES" +.IX Header "NOTES" +The \fBfile:\fR scheme has built in support. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The functions with the types \fBOSSL_STORE_open_fn\fR, \fBOSSL_STORE_ctrl_fn\fR, +\&\fBOSSL_STORE_expect_fn\fR, +\&\fBOSSL_STORE_load_fn\fR, \fBOSSL_STORE_eof_fn\fR and \fBOSSL_STORE_close_fn\fR have the +same return values as \fIOSSL_STORE_open()\fR, \fIOSSL_STORE_ctrl()\fR, \fIOSSL_STORE_expect()\fR, +\&\fIOSSL_STORE_load()\fR, \fIOSSL_STORE_eof()\fR and \fIOSSL_STORE_close()\fR, respectively. +.PP +\&\fIOSSL_STORE_LOADER_new()\fR returns a pointer to a \fB\s-1OSSL_STORE_LOADER\s0\fR on success, +or \fB\s-1NULL\s0\fR on failure. +.PP +\&\fIOSSL_STORE_LOADER_set_open()\fR, \fIOSSL_STORE_LOADER_set_ctrl()\fR, +\&\fIOSSL_STORE_LOADER_set_load()\fR, \fIOSSL_STORE_LOADER_set_eof()\fR and +\&\fIOSSL_STORE_LOADER_set_close()\fR return 1 on success, or 0 on failure. +.PP +\&\fIOSSL_STORE_register_loader()\fR returns 1 on success, or 0 on failure. +.PP +\&\fIOSSL_STORE_unregister_loader()\fR returns the unregistered loader on success, +or \fB\s-1NULL\s0\fR on failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIossl_store\fR\|(7), \fIOSSL_STORE_open\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1\fIOSSL_STORE_LOADER\s0()\fR, \s-1\fIOSSL_STORE_LOADER_CTX\s0()\fR, \fIOSSL_STORE_LOADER_new()\fR, +\&\fIOSSL_STORE_LOADER_set0_scheme()\fR, \fIOSSL_STORE_LOADER_set_open()\fR, +\&\fIOSSL_STORE_LOADER_set_ctrl()\fR, \fIOSSL_STORE_LOADER_set_load()\fR, +\&\fIOSSL_STORE_LOADER_set_eof()\fR, \fIOSSL_STORE_LOADER_set_close()\fR, +\&\fIOSSL_STORE_LOADER_free()\fR, \fIOSSL_STORE_register_loader()\fR, +\&\fIOSSL_STORE_unregister_loader()\fR, \fIOSSL_STORE_open_fn()\fR, \fIOSSL_STORE_ctrl_fn()\fR, +\&\fIOSSL_STORE_load_fn()\fR, \fIOSSL_STORE_eof_fn()\fR and \fIOSSL_STORE_close_fn()\fR +were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/OSSL_STORE_SEARCH.3 b/linux_amd64/ssl/share/man/man3/OSSL_STORE_SEARCH.3 new file mode 100755 index 0000000..55d9b2c --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/OSSL_STORE_SEARCH.3 @@ -0,0 +1,303 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_STORE_SEARCH 3" +.TH OSSL_STORE_SEARCH 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_STORE_SEARCH, +OSSL_STORE_SEARCH_by_name, +OSSL_STORE_SEARCH_by_issuer_serial, +OSSL_STORE_SEARCH_by_key_fingerprint, +OSSL_STORE_SEARCH_by_alias, +OSSL_STORE_SEARCH_free, +OSSL_STORE_SEARCH_get_type, +OSSL_STORE_SEARCH_get0_name, +OSSL_STORE_SEARCH_get0_serial, +OSSL_STORE_SEARCH_get0_bytes, +OSSL_STORE_SEARCH_get0_string, +OSSL_STORE_SEARCH_get0_digest +\&\- Type and functions to create OSSL_STORE search criteria +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct ossl_store_search_st OSSL_STORE_SEARCH; +\& +\& OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_name(X509_NAME *name); +\& OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_issuer_serial(X509_NAME *name, +\& const ASN1_INTEGER +\& *serial); +\& OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_key_fingerprint(const EVP_MD *digest, +\& const unsigned char +\& *bytes, int len); +\& OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_alias(const char *alias); +\& +\& void OSSL_STORE_SEARCH_free(OSSL_STORE_SEARCH *search); +\& +\& int OSSL_STORE_SEARCH_get_type(const OSSL_STORE_SEARCH *criterion); +\& X509_NAME *OSSL_STORE_SEARCH_get0_name(OSSL_STORE_SEARCH *criterion); +\& const ASN1_INTEGER *OSSL_STORE_SEARCH_get0_serial(const OSSL_STORE_SEARCH +\& *criterion); +\& const unsigned char *OSSL_STORE_SEARCH_get0_bytes(const OSSL_STORE_SEARCH +\& *criterion, size_t *length); +\& const char *OSSL_STORE_SEARCH_get0_string(const OSSL_STORE_SEARCH *criterion); +\& const EVP_MD *OSSL_STORE_SEARCH_get0_digest(const OSSL_STORE_SEARCH +\& *criterion); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions are used to specify search criteria to help search for specific +objects through other names than just the \s-1URI\s0 that's given to \fIOSSL_STORE_open()\fR. +For example, this can be useful for an application that has received a \s-1URI\s0 +and then wants to add on search criteria in a uniform and supported manner. +.SS "Types" +.IX Subsection "Types" +\&\fB\s-1OSSL_STORE_SEARCH\s0\fR is an opaque type that holds the constructed search +criterion, and that can be given to an \s-1OSSL_STORE\s0 context with +\&\fIOSSL_STORE_find()\fR. +.PP +The calling application owns the allocation of an \fB\s-1OSSL_STORE_SEARCH\s0\fR at all +times, and should therefore be careful not to deallocate it before +\&\fIOSSL_STORE_close()\fR has been called for the \s-1OSSL_STORE\s0 context it was given +to. +.SS "Application Functions" +.IX Subsection "Application Functions" +\&\fIOSSL_STORE_SEARCH_by_name()\fR, +\&\fIOSSL_STORE_SEARCH_by_issuer_serial()\fR, +\&\fIOSSL_STORE_SEARCH_by_key_fingerprint()\fR, +and \fIOSSL_STORE_SEARCH_by_alias()\fR +are used to create an \fB\s-1OSSL_STORE_SEARCH\s0\fR from a subject name, an issuer name +and serial number pair, a key fingerprint, and an alias (for example a friendly +name). +The parameters that are provided are not copied, only referred to in a +criterion, so they must have at least the same life time as the created +\&\fB\s-1OSSL_STORE_SEARCH\s0\fR. +.PP +\&\fIOSSL_STORE_SEARCH_free()\fR is used to free the \fB\s-1OSSL_STORE_SEARCH\s0\fR. +.SS "Loader Functions" +.IX Subsection "Loader Functions" +\&\fIOSSL_STORE_SEARCH_get_type()\fR returns the criterion type for the given +\&\fB\s-1OSSL_STORE_SEARCH\s0\fR. +.PP +\&\fIOSSL_STORE_SEARCH_get0_name()\fR, \fIOSSL_STORE_SEARCH_get0_serial()\fR, +\&\fIOSSL_STORE_SEARCH_get0_bytes()\fR, \fIOSSL_STORE_SEARCH_get0_string()\fR, +and \fIOSSL_STORE_SEARCH_get0_digest()\fR +are used to retrieve different data from a \fB\s-1OSSL_STORE_SEARCH\s0\fR, as +available for each type. +For more information, see \*(L"\s-1SUPPORTED\s0 \s-1CRITERION\s0 \s-1TYPES\s0\*(R" below. +.SH "SUPPORTED CRITERION TYPES" +.IX Header "SUPPORTED CRITERION TYPES" +Currently supported criterion types are: +.IP "\s-1OSSL_STORE_SEARCH_BY_NAME\s0" 4 +.IX Item "OSSL_STORE_SEARCH_BY_NAME" +This criterion supports a search by exact match of subject name. +The subject name itself is a \fBX509_NAME\fR pointer. +A criterion of this type is created with \fIOSSL_STORE_SEARCH_by_name()\fR, +and the actual subject name is retrieved with \fIOSSL_STORE_SEARCH_get0_name()\fR. +.IP "\s-1OSSL_STORE_SEARCH_BY_ISSUER_SERIAL\s0" 4 +.IX Item "OSSL_STORE_SEARCH_BY_ISSUER_SERIAL" +This criterion supports a search by exact match of both issuer name and serial +number. +The issuer name itself is a \fBX509_NAME\fR pointer, and the serial number is +a \fB\s-1ASN1_INTEGER\s0\fR pointer. +A criterion of this type is created with \fIOSSL_STORE_SEARCH_by_issuer_serial()\fR +and the actual issuer name and serial number are retrieved with +\&\fIOSSL_STORE_SEARCH_get0_name()\fR and \fIOSSL_STORE_SEARCH_get0_serial()\fR. +.IP "\s-1OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT\s0" 4 +.IX Item "OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT" +This criterion supports a search by exact match of key fingerprint. +The key fingerprint in itself is a string of bytes and its length, as +well as the algorithm that was used to compute the fingerprint. +The digest may be left unspecified (\s-1NULL\s0), and in that case, the +loader has to decide on a default digest and compare fingerprints +accordingly. +A criterion of this type is created with \fIOSSL_STORE_SEARCH_by_key_fingerprint()\fR +and the actual fingerprint and its length can be retrieved with +\&\fIOSSL_STORE_SEARCH_get0_bytes()\fR. +The digest can be retrieved with \fIOSSL_STORE_SEARCH_get0_digest()\fR. +.IP "\s-1OSSL_STORE_SEARCH_BY_ALIAS\s0" 4 +.IX Item "OSSL_STORE_SEARCH_BY_ALIAS" +This criterion supports a search by match of an alias of some kind. +The alias in itself is a simple C string. +A criterion of this type is created with \fIOSSL_STORE_SEARCH_by_alias()\fR +and the actual alias is retrieved with \fIOSSL_STORE_SEARCH_get0_string()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOSSL_STORE_SEARCH_by_name()\fR, +\&\fIOSSL_STORE_SEARCH_by_issuer_serial()\fR, +\&\fIOSSL_STORE_SEARCH_by_key_fingerprint()\fR, +and \fIOSSL_STORE_SEARCH_by_alias()\fR +return a \fB\s-1OSSL_STORE_SEARCH\s0\fR pointer on success, or \fB\s-1NULL\s0\fR on failure. +.PP +\&\fIOSSL_STORE_SEARCH_get_type()\fR returns the criterion type of the given +\&\fB\s-1OSSL_STORE_SEARCH\s0\fR. +There is no error value. +.PP +\&\fIOSSL_STORE_SEARCH_get0_name()\fR returns a \fBX509_NAME\fR pointer on success, +or \fB\s-1NULL\s0\fR when the given \fB\s-1OSSL_STORE_SEARCH\s0\fR was of a different type. +.PP +\&\fIOSSL_STORE_SEARCH_get0_serial()\fR returns a \fB\s-1ASN1_INTEGER\s0\fR pointer on success, +or \fB\s-1NULL\s0\fR when the given \fB\s-1OSSL_STORE_SEARCH\s0\fR was of a different type. +.PP +\&\fIOSSL_STORE_SEARCH_get0_bytes()\fR returns a \fBconst unsigned char\fR pointer and +sets \fB*length\fR to the strings length on success, or \fB\s-1NULL\s0\fR when the given +\&\fB\s-1OSSL_STORE_SEARCH\s0\fR was of a different type. +.PP +\&\fIOSSL_STORE_SEARCH_get0_string()\fR returns a \fBconst char\fR pointer on success, +or \fB\s-1NULL\s0\fR when the given \fB\s-1OSSL_STORE_SEARCH\s0\fR was of a different type. +.PP +\&\fIOSSL_STORE_SEARCH_get0_digest()\fR returns a \fBconst \s-1EVP_MD\s0\fR pointer. +\&\fB\s-1NULL\s0\fR is a valid value and means that the store loader default will +be used when applicable. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIossl_store\fR\|(7), \fIOSSL_STORE_supports_search\fR\|(3), \fIOSSL_STORE_find\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fB\s-1OSSL_STORE_SEARCH\s0\fR, +\&\fIOSSL_STORE_SEARCH_by_name()\fR, +\&\fIOSSL_STORE_SEARCH_by_issuer_serial()\fR, +\&\fIOSSL_STORE_SEARCH_by_key_fingerprint()\fR, +\&\fIOSSL_STORE_SEARCH_by_alias()\fR, +\&\fIOSSL_STORE_SEARCH_free()\fR, +\&\fIOSSL_STORE_SEARCH_get_type()\fR, +\&\fIOSSL_STORE_SEARCH_get0_name()\fR, +\&\fIOSSL_STORE_SEARCH_get0_serial()\fR, +\&\fIOSSL_STORE_SEARCH_get0_bytes()\fR, +and \fIOSSL_STORE_SEARCH_get0_string()\fR +were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/OSSL_STORE_expect.3 b/linux_amd64/ssl/share/man/man3/OSSL_STORE_expect.3 new file mode 100755 index 0000000..c89d415 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/OSSL_STORE_expect.3 @@ -0,0 +1,200 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_STORE_EXPECT 3" +.TH OSSL_STORE_EXPECT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_STORE_expect, +OSSL_STORE_supports_search, +OSSL_STORE_find +\&\- Specify what object type is expected +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int OSSL_STORE_expect(OSSL_STORE_CTX *ctx, int expected_type); +\& +\& int OSSL_STORE_supports_search(OSSL_STORE_CTX *ctx, int criterion_type); +\& +\& int OSSL_STORE_find(OSSL_STORE_CTX *ctx, OSSL_STORE_SEARCH *search); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIOSSL_STORE_expect()\fR helps applications filter what \fIOSSL_STORE_load()\fR returns +by specifying a \fB\s-1OSSL_STORE_INFO\s0\fR type. +For example, if \f(CW\*(C`file:/foo/bar/store.pem\*(C'\fR contains several different objects +and only the certificates are interesting, the application can simply say +that it expects the type \fB\s-1OSSL_STORE_INFO_CERT\s0\fR. +All known object types (see \*(L"\s-1SUPPORTED\s0 \s-1OBJECTS\s0\*(R" in \s-1\fIOSSL_STORE_INFO\s0\fR\|(3)) +except for \fB\s-1OSSL_STORE_INFO_NAME\s0\fR are supported. +.PP +\&\fIOSSL_STORE_find()\fR helps applications specify a criterion for a more fine +grained search of objects. +.PP +\&\fIOSSL_STORE_supports_search()\fR checks if the loader of the given \s-1OSSL_STORE\s0 +context supports the given search type. +See \*(L"\s-1SUPPORTED\s0 \s-1CRITERION\s0 \s-1TYPES\s0\*(R" in \s-1\fIOSSL_STORE_SEARCH\s0\fR\|(3) for information on the +supported search criterion types. +.PP +\&\fIOSSL_STORE_expect()\fR and OSSL_STORE_find \fImust\fR be called before the first +\&\fIOSSL_STORE_load()\fR of a given session, or they will fail. +.SH "NOTES" +.IX Header "NOTES" +If a more elaborate filter is required by the application, a better choice +would be to use a post-processing function. +See \fIOSSL_STORE_open\fR\|(3) for more information. +.PP +However, some loaders may take advantage of the knowledge of an expected type +to make object retrieval more efficient, so if a single type is expected, this +method is usually preferable. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOSSL_STORE_expect()\fR returns 1 on success, or 0 on failure. +.PP +\&\fIOSSL_STORE_supports_search()\fR returns 1 if the criterion is supported, or 0 +otherwise. +.PP +\&\fIOSSL_STORE_find()\fR returns 1 on success, or 0 on failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIossl_store\fR\|(7), \s-1\fIOSSL_STORE_INFO\s0\fR\|(3), \s-1\fIOSSL_STORE_SEARCH\s0\fR\|(3), +\&\fIOSSL_STORE_load\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIOSSL_STORE_expect()\fR, \fIOSSL_STORE_supports_search()\fR and \fIOSSL_STORE_find()\fR +were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/OSSL_STORE_open.3 b/linux_amd64/ssl/share/man/man3/OSSL_STORE_open.3 new file mode 100755 index 0000000..a84f73b --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/OSSL_STORE_open.3 @@ -0,0 +1,274 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_STORE_OPEN 3" +.TH OSSL_STORE_OPEN 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_STORE_CTX, OSSL_STORE_post_process_info_fn, OSSL_STORE_open, +OSSL_STORE_ctrl, OSSL_STORE_load, OSSL_STORE_eof, OSSL_STORE_error, +OSSL_STORE_close \- Types and functions to read objects from a URI +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct ossl_store_ctx_st OSSL_STORE_CTX; +\& +\& typedef OSSL_STORE_INFO *(*OSSL_STORE_post_process_info_fn)(OSSL_STORE_INFO *, +\& void *); +\& +\& OSSL_STORE_CTX *OSSL_STORE_open(const char *uri, const UI_METHOD *ui_method, +\& void *ui_data, +\& OSSL_STORE_post_process_info_fn post_process, +\& void *post_process_data); +\& int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd, ... /* args */); +\& OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx); +\& int OSSL_STORE_eof(OSSL_STORE_CTX *ctx); +\& int OSSL_STORE_error(OSSL_STORE_CTX *ctx); +\& int OSSL_STORE_close(OSSL_STORE_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions help the application to fetch supported objects (see +\&\*(L"\s-1SUPPORTED\s0 \s-1OBJECTS\s0\*(R" in \s-1\fIOSSL_STORE_INFO\s0\fR\|(3) for information on which those are) +from a given \s-1URI\s0 (see \*(L"\s-1SUPPORTED\s0 \s-1SCHEMES\s0\*(R" for more information on +the supported \s-1URI\s0 schemes). +The general method to do so is to \*(L"open\*(R" the \s-1URI\s0 using \fIOSSL_STORE_open()\fR, +read each available and supported object using \fIOSSL_STORE_load()\fR as long as +\&\fIOSSL_STORE_eof()\fR hasn't been reached, and finish it off with \fIOSSL_STORE_close()\fR. +.PP +The retrieved information is stored in a \fB\s-1OSSL_STORE_INFO\s0\fR, which is further +described in \s-1\fIOSSL_STORE_INFO\s0\fR\|(3). +.SS "Types" +.IX Subsection "Types" +\&\fB\s-1OSSL_STORE_CTX\s0\fR is a context variable that holds all the internal +information for \fIOSSL_STORE_open()\fR, \fIOSSL_STORE_load()\fR, \fIOSSL_STORE_eof()\fR and +\&\fIOSSL_STORE_close()\fR to work together. +.SS "Functions" +.IX Subsection "Functions" +\&\fIOSSL_STORE_open()\fR takes a uri or path \fBuri\fR, password \s-1UI\s0 method +\&\fBui_method\fR with associated data \fBui_data\fR, and post processing +callback \fBpost_process\fR with associated data \fBpost_process_data\fR, +opens a channel to the data located at that \s-1URI\s0 and returns a +\&\fB\s-1OSSL_STORE_CTX\s0\fR with all necessary internal information. +The given \fBui_method\fR and \fBui_data_data\fR will be reused by all +functions that use \fB\s-1OSSL_STORE_CTX\s0\fR when interaction is needed. +The given \fBpost_process\fR and \fBpost_process_data\fR will be reused by +\&\fIOSSL_STORE_load()\fR to manipulate or drop the value to be returned. +The \fBpost_process\fR function drops values by returning \fB\s-1NULL\s0\fR, which +will cause \fIOSSL_STORE_load()\fR to start its process over with loading +the next object, until \fBpost_process\fR returns something other than +\&\fB\s-1NULL\s0\fR, or the end of data is reached as indicated by \fIOSSL_STORE_eof()\fR. +.PP +\&\fIOSSL_STORE_ctrl()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR, and command number \fBcmd\fR and +more arguments not specified here. +The available loader specific command numbers and arguments they each +take depends on the loader that's used and is documented together with +that loader. +.PP +There are also global controls available: +.IP "\fB\s-1OSSL_STORE_C_USE_SECMEM\s0\fR" 4 +.IX Item "OSSL_STORE_C_USE_SECMEM" +Controls if the loader should attempt to use secure memory for any +allocated \fB\s-1OSSL_STORE_INFO\s0\fR and its contents. +This control expects one argument, a pointer to an \fBint\fR that is expected to +have the value 1 (yes) or 0 (no). +Any other value is an error. +.PP +\&\fIOSSL_STORE_load()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR, tries to load the next available +object and return it wrapped with \fB\s-1OSSL_STORE_INFO\s0\fR. +.PP +\&\fIOSSL_STORE_eof()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR and checks if we've reached the end +of data. +.PP +\&\fIOSSL_STORE_error()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR and checks if an error occurred in +the last \fIOSSL_STORE_load()\fR call. +Note that it may still be meaningful to try and load more objects, unless +\&\fIOSSL_STORE_eof()\fR shows that the end of data has been reached. +.PP +\&\fIOSSL_STORE_close()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR, closes the channel that was opened +by \fIOSSL_STORE_open()\fR and frees all other information that was stored in the +\&\fB\s-1OSSL_STORE_CTX\s0\fR, as well as the \fB\s-1OSSL_STORE_CTX\s0\fR itself. +.SH "SUPPORTED SCHEMES" +.IX Header "SUPPORTED SCHEMES" +The basic supported scheme is \fBfile:\fR. +Any other scheme can be added dynamically, using +\&\fIOSSL_STORE_register_loader()\fR. +.SH "NOTES" +.IX Header "NOTES" +A string without a scheme prefix (that is, a non-URI string) is +implicitly interpreted as using the \fIfile:\fR scheme. +.PP +There are some tools that can be used together with +\&\fIOSSL_STORE_open()\fR to determine if any failure is caused by an unparsable +\&\s-1URI\s0, or if it's a different error (such as memory allocation +failures); if the \s-1URI\s0 was parsable but the scheme unregistered, the +top error will have the reason \f(CW\*(C`OSSL_STORE_R_UNREGISTERED_SCHEME\*(C'\fR. +.PP +These functions make no direct assumption regarding the pass phrase received +from the password callback. +The loaders may make assumptions, however. +For example, the \fBfile:\fR scheme loader inherits the assumptions made by +OpenSSL functionality that handles the different file types; this is mostly +relevant for PKCS#12 objects. +See \fIpassphrase\-encoding\fR\|(7) for further information. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOSSL_STORE_open()\fR returns a pointer to a \fB\s-1OSSL_STORE_CTX\s0\fR on success, or +\&\fB\s-1NULL\s0\fR on failure. +.PP +\&\fIOSSL_STORE_load()\fR returns a pointer to a \fB\s-1OSSL_STORE_INFO\s0\fR on success, or +\&\fB\s-1NULL\s0\fR on error or when end of data is reached. +Use \fIOSSL_STORE_error()\fR and \fIOSSL_STORE_eof()\fR to determine the meaning of a +returned \fB\s-1NULL\s0\fR. +.PP +\&\fIOSSL_STORE_eof()\fR returns 1 if the end of data has been reached, otherwise +0. +.PP +\&\fIOSSL_STORE_error()\fR returns 1 if an error occurred in an \fIOSSL_STORE_load()\fR call, +otherwise 0. +.PP +\&\fIOSSL_STORE_ctrl()\fR and \fIOSSL_STORE_close()\fR returns 1 on success, or 0 on failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIossl_store\fR\|(7), \s-1\fIOSSL_STORE_INFO\s0\fR\|(3), \fIOSSL_STORE_register_loader\fR\|(3), +\&\fIpassphrase\-encoding\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1\fIOSSL_STORE_CTX\s0()\fR, \fIOSSL_STORE_post_process_info_fn()\fR, \fIOSSL_STORE_open()\fR, +\&\fIOSSL_STORE_ctrl()\fR, \fIOSSL_STORE_load()\fR, \fIOSSL_STORE_eof()\fR and \fIOSSL_STORE_close()\fR +were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/OSSL_trace_enabled.3 b/linux_amd64/ssl/share/man/man3/OSSL_trace_enabled.3 new file mode 100755 index 0000000..71a67e9 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/OSSL_trace_enabled.3 @@ -0,0 +1,419 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_TRACE_ENABLED 3" +.TH OSSL_TRACE_ENABLED 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_trace_enabled, OSSL_trace_begin, OSSL_trace_end, +OSSL_TRACE_BEGIN, OSSL_TRACE_END, OSSL_TRACE_CANCEL, +OSSL_TRACE, OSSL_TRACE1, OSSL_TRACE2, OSSL_TRACE3, OSSL_TRACE4, +OSSL_TRACE5, OSSL_TRACE6, OSSL_TRACE7, OSSL_TRACE8, OSSL_TRACE9, +OSSL_TRACEV, +OSSL_TRACE_ENABLED +\&\- OpenSSL Tracing API +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int OSSL_trace_enabled(int category); +\& +\& BIO *OSSL_trace_begin(int category); +\& void OSSL_trace_end(int category, BIO *channel); +\& +\& /* trace group macros */ +\& OSSL_TRACE_BEGIN(category) { +\& ... +\& if (some_error) { +\& /* Leave trace group prematurely in case of an error */ +\& OSSL_TRACE_CANCEL(category); +\& goto err; +\& } +\& ... +\& } OSSL_TRACE_END(category); +\& +\& /* one\-shot trace macros */ +\& OSSL_TRACE1(category, format, arg1) +\& OSSL_TRACE2(category, format, arg1, arg2) +\& ... +\& OSSL_TRACE9(category, format, arg1, ..., arg9) +\& +\& /* check whether a trace category is enabled */ +\& if (OSSL_TRACE_ENABLED(category)) { +\& ... +\& } +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The functions described here are mainly interesting for those who provide +OpenSSL functionality, either in OpenSSL itself or in engine modules +or similar. +.PP +If tracing is enabled (see \*(L"\s-1NOTES\s0\*(R" below), these functions are used to +generate free text tracing output. +.PP +The tracing output is divided into types which are enabled +individually by the application. +The tracing types are described in detail in +\&\*(L"Trace types\*(R" in \fIOSSL_trace_set_callback\fR\|(3). +The fallback type \f(CW\*(C`OSSL_TRACE_CATEGORY_ALL\*(C'\fR should \fInot\fR be used +with the functions described here. +.PP +Tracing for a specific category is enabled if a so called +\&\fItrace channel\fR is attached to it. A trace channel is simply a +\&\s-1BIO\s0 object to which the application can write its trace output. +.PP +The application has two different ways of registering a trace channel, +either by directly providing a \s-1BIO\s0 object using \fIOSSL_trace_set_channel()\fR, +or by providing a callback routine using \fIOSSL_trace_set_callback()\fR. +The latter is wrapped internally by a dedicated \s-1BIO\s0 object, so for the +tracing code both channel types are effectively indistinguishable. +We call them a \fIsimple trace channel\fR and a \fIcallback trace channel\fR, +respectively. +.PP +To produce trace output, it is necessary to obtain a pointer to the +trace channel (i.e., the \s-1BIO\s0 object) using \fIOSSL_trace_begin()\fR, write +to it using arbitrary \s-1BIO\s0 output routines, and finally releases the +channel using \fIOSSL_trace_end()\fR. The \fIOSSL_trace_begin()\fR/\fIOSSL_trace_end()\fR +calls surrounding the trace output create a group, which acts as a +critical section (guarded by a mutex) to ensure that the trace output +of different threads does not get mixed up. +.PP +The tracing code normally does not call OSSL_trace_{begin,end}() directly, +but rather uses a set of convenience macros, see the \*(L"Macros\*(R" section below. +.SS "Functions" +.IX Subsection "Functions" +\&\fIOSSL_trace_enabled()\fR can be used to check if tracing for the given +\&\f(CW\*(C`category\*(C'\fR is enabled. +.PP +\&\fIOSSL_trace_begin()\fR is used to starts a tracing section, and get the +channel for the given \f(CW\*(C`category\*(C'\fR in form of a \s-1BIO\s0. +This \s-1BIO\s0 can only be used for output. +.PP +\&\fIOSSL_trace_end()\fR is used to end a tracing section. +.PP +Using \fIOSSL_trace_begin()\fR and \fIOSSL_trace_end()\fR to wrap tracing sections +is \fImandatory\fR. +The result of trying to produce tracing output outside of such +sections is undefined. +.SS "Macros" +.IX Subsection "Macros" +There are a number of convenience macros defined, to make tracing +easy and consistent. +.PP +\&\f(CW\*(C`OSSL_TRACE_BEGIN(category)\*(C'\fR and \f(CW\*(C`OSSL_TRACE_END(category)\*(C'\fR reserve +the \fB\s-1BIO\s0\fR \f(CW\*(C`trc_out\*(C'\fR and are used as follows to wrap a trace section: +.PP +.Vb 1 +\& OSSL_TRACE_BEGIN(TLS) { +\& +\& BIO_fprintf(trc_out, ... ); +\& +\& } OSSL_TRACE_END(TLS); +.Ve +.PP +This will normally expand to: +.PP +.Vb 8 +\& do { +\& BIO *trc_out = OSSL_trace_begin(OSSL_TRACE_CATEGORY_TLS); +\& if (trc_out != NULL) { +\& ... +\& BIO_fprintf(trc_out, ...); +\& } +\& OSSL_trace_end(OSSL_TRACE_CATEGORY_TLS, trc_out); +\& } while (0); +.Ve +.PP +\&\f(CW\*(C`OSSL_TRACE_CANCEL(category)\*(C'\fR must be used before returning from or +jumping out of a trace section: +.PP +.Vb 1 +\& OSSL_TRACE_BEGIN(TLS) { +\& +\& if (some_error) { +\& OSSL_TRACE_CANCEL(TLS); +\& goto err; +\& } +\& BIO_fprintf(trc_out, ... ); +\& +\& } OSSL_TRACE_END(TLS); +.Ve +.PP +This will normally expand to: +.PP +.Vb 11 +\& do { +\& BIO *trc_out = OSSL_trace_begin(OSSL_TRACE_CATEGORY_TLS); +\& if (trc_out != NULL) { +\& if (some_error) { +\& OSSL_trace_end(OSSL_TRACE_CATEGORY_TLS, trc_out); +\& goto err; +\& } +\& BIO_fprintf(trc_out, ... ); +\& } +\& OSSL_trace_end(OSSL_TRACE_CATEGORY_TLS, trc_out); +\& } while (0); +.Ve +.PP +\&\f(CW\*(C`OSSL_TRACE()\*(C'\fR and \f(CW\*(C`OSSL_TRACE1()\*(C'\fR, \f(CW\*(C`OSSL_TRACE2()\*(C'\fR, ... \f(CW\*(C`OSSL_TRACE9()\*(C'\fR are +so-called one-shot macros: +.PP +The macro call \f(CW\*(C`OSSL_TRACE(category, text)\*(C'\fR, produces literal text trace output. +.PP +The macro call \f(CW\*(C`OSSL_TRACEn(category, format, arg1, ..., argn)\*(C'\fR produces +printf-style trace output with n format field arguments (n=1,...,9). +It expands to: +.PP +.Vb 3 +\& OSSL_TRACE_BEGIN(category) { +\& BIO_printf(trc_out, format, arg1, ..., argN) +\& } OSSL_TRACE_END(category) +.Ve +.PP +Internally, all one-shot macros are implemented using a generic \f(CW\*(C`OSSL_TRACEV()\*(C'\fR +macro, since C90 does not support variadic macros. This helper macro has a rather +weird synopsis and should not be used directly. +.PP +The \f(CW\*(C`OSSL_TRACE_ENABLED(category)\*(C'\fR macro can be used to conditionally execute +some code only if a specific trace category is enabled. +In some situations this is simpler than entering a trace section using +\&\f(CW\*(C`OSSL_TRACE_BEGIN(category)\*(C'\fR and \f(CW\*(C`OSSL_TRACE_END(category)\*(C'\fR. +For example, the code +.PP +.Vb 3 +\& if (OSSL_TRACE_ENABLED(TLS)) { +\& ... +\& } +.Ve +.PP +expands to +.PP +.Vb 3 +\& if (OSSL_trace_enabled(OSSL_TRACE_CATEGORY_TLS) { +\& ... +\& } +.Ve +.SH "NOTES" +.IX Header "NOTES" +If producing the trace output requires carrying out auxiliary calculations, +this auxiliary code should be placed inside a conditional block which is +executed only if the trace category is enabled. +.PP +The most natural way to do this is to place the code inside the trace section +itself because it already introduces such a conditional block. +.PP +.Vb 2 +\& OSSL_TRACE_BEGIN(TLS) { +\& int var = do_some_auxiliary_calculation(); +\& +\& BIO_printf(trc_out, "var = %d\en", var); +\& +\& } OSSL_TRACE_END(TLS); +.Ve +.PP +In some cases it is more advantageous to use a simple conditional group instead +of a trace section. This is the case if calculations and tracing happen in +different locations of the code, or if the calculations are so time consuming +that placing them inside a (critical) trace section would create too much +contention. +.PP +.Vb 2 +\& if (OSSL_TRACE_ENABLED(TLS)) { +\& int var = do_some_auxiliary_calculation(); +\& +\& OSSL_TRACE1("var = %d\en", var); +\& } +.Ve +.PP +Note however that premature optimization of tracing code is in general futile +and it's better to keep the tracing code as simple as possible. +Because most often the limiting factor for the application's speed is the time +it takes to print the trace output, not to calculate it. +.SS "Configure Tracing" +.IX Subsection "Configure Tracing" +By default, the OpenSSL library is built with tracing disabled. To +use the tracing functionality documented here, it is therefore +necessary to configure and build OpenSSL with the 'enable\-trace' option. +.PP +When the library is built with tracing disabled: +.IP "\(bu" 4 +The macro \f(CW\*(C`OPENSSL_NO_TRACE\*(C'\fR is defined in \f(CW\*(C`openssl/opensslconf.h\*(C'\fR. +.IP "\(bu" 4 +all functions are still present, bu \fIOSSL_trace_enabled()\fR will always +report the categories as disabled, and all other functions will do +nothing. +.IP "\(bu" 4 +the convenience macros are defined to produce dead code. +For example, take this example from \*(L"Macros\*(R" section above: +.Sp +.Vb 1 +\& OSSL_TRACE_BEGIN(TLS) { +\& +\& if (condition) { +\& OSSL_TRACE_CANCEL(TLS); +\& goto err; +\& } +\& BIO_fprintf(trc_out, ... ); +\& +\& } OSSL_TRACE_END(TLS); +.Ve +.Sp +When the tracing \s-1API\s0 isn't operational, that will expand to: +.Sp +.Vb 10 +\& do { +\& BIO *trc_out = NULL; +\& if (0) { +\& if (condition) { +\& ((void)0); +\& goto err; +\& } +\& BIO_fprintf(trc_out, ... ); +\& } +\& } while (0); +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOSSL_trace_enabled()\fR returns 1 if tracing for the given \fBtype\fR is +operational and enabled, otherwise 0. +.PP +\&\fIOSSL_trace_begin()\fR returns a \f(CW\*(C`BIO *\*(C'\fR if the given \fBtype\fR is enabled, +otherwise \f(CW\*(C`NULL\*(C'\fR. +.SH "HISTORY" +.IX Header "HISTORY" +The OpenSSL Tracing \s-1API\s0 was added ino OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/OSSL_trace_get_category_num.3 b/linux_amd64/ssl/share/man/man3/OSSL_trace_get_category_num.3 new file mode 100755 index 0000000..aada50e --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/OSSL_trace_get_category_num.3 @@ -0,0 +1,167 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_TRACE_GET_CATEGORY_NUM 3" +.TH OSSL_TRACE_GET_CATEGORY_NUM 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_trace_get_category_num, OSSL_trace_get_category_name +\&\- OpenSSL tracing information functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int OSSL_trace_get_category_num(const char *name); +\& const char *OSSL_trace_get_category_name(int num); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIOSSL_trace_get_category_num()\fR gives the category number corresponding +to the given \f(CW\*(C`name\*(C'\fR. +.PP +\&\fIOSSL_trace_get_category_name()\fR gives the category name corresponding +to the given \f(CW\*(C`num\*(C'\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOSSL_trace_get_category_num()\fR returns the category number if the given +\&\f(CW\*(C`name\*(C'\fR is a recognised category name, otherwise \-1. +.PP +\&\fIOSSL_trace_get_category_name()\fR returns the category name if the given +\&\f(CW\*(C`num\*(C'\fR is a recognised category number, otherwise \s-1NULL\s0. +.SH "HISTORY" +.IX Header "HISTORY" +The OpenSSL Tracing \s-1API\s0 was added ino OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/OSSL_trace_set_channel.3 b/linux_amd64/ssl/share/man/man3/OSSL_trace_set_channel.3 new file mode 100755 index 0000000..770b1ea --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/OSSL_trace_set_channel.3 @@ -0,0 +1,429 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_TRACE_SET_CHANNEL 3" +.TH OSSL_TRACE_SET_CHANNEL 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_trace_set_channel, OSSL_trace_set_prefix, OSSL_trace_set_suffix, +OSSL_trace_set_callback, OSSL_trace_cb \- Enabling trace output +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef size_t (*OSSL_trace_cb)(const char *buf, size_t cnt, +\& int category, int cmd, void *data); +\& +\& void OSSL_trace_set_channel(int category, BIO *bio); +\& void OSSL_trace_set_prefix(int category, const char *prefix); +\& void OSSL_trace_set_suffix(int category, const char *suffix); +\& void OSSL_trace_set_callback(int category, OSSL_trace_cb cb, void *data); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +If available (see \*(L"\s-1NOTES\s0\*(R" below), the application can request +internal trace output. +This output comes in form of free text for humans to read. +.PP +The trace output is divided into categories which can be +enabled individually. +Every category can be enabled individually by attaching a so called +\&\fItrace channel\fR to it, which in the simplest case is just a \s-1BIO\s0 object +to which the application can write the tracing output for this category. +Alternatively, the application can provide a tracer callback in order to +get more finegrained trace information. This callback will be wrapped +internally by a dedicated \s-1BIO\s0 object. +.PP +For the tracing code, both trace channel types are indistinguishable. +These are called a \fIsimple trace channel\fR and a \fIcallback trace channel\fR, +respectively. +.SS "Functions" +.IX Subsection "Functions" +\&\fIOSSL_trace_set_channel()\fR is used to enable the given trace \f(CW\*(C`category\*(C'\fR +by attaching the \fB\s-1BIO\s0\fR \f(CW\*(C`bio\*(C'\fR object as (simple) trace channel. +.PP +\&\fIOSSL_trace_set_prefix()\fR and \fIOSSL_trace_set_suffix()\fR can be used to add +an extra line for each channel, to be output before and after group of +tracing output. +What constitues an output group is decided by the code that produces +the output. +The lines given here are considered immutable; for more dynamic +tracing prefixes, consider setting a callback with +\&\fIOSSL_trace_set_callback()\fR instead. +.PP +\&\fIOSSL_trace_set_callback()\fR is used to enable the given trace +\&\f(CW\*(C`category\*(C'\fR by giving it the tracer callback \f(CW\*(C`cb\*(C'\fR with the associated +data \f(CW\*(C`data\*(C'\fR, which will simply be passed through to \f(CW\*(C`cb\*(C'\fR whenever +it's called. The callback function is internally wrapped by a +dedicated \s-1BIO\s0 object, the so called \fIcallback trace channel\fR. +This should be used when it's desirable to do form the trace output to +something suitable for application needs where a prefix and suffix +line aren't enough. +.PP +\&\fIOSSL_trace_set_channel()\fR and \fIOSSL_trace_set_callback()\fR are mutually +exclusive, calling one of them will clear whatever was set by the +previous call. +.PP +Calling \fIOSSL_trace_set_channel()\fR with \f(CW\*(C`NULL\*(C'\fR for \f(CW\*(C`channel\*(C'\fR or +\&\fIOSSL_trace_set_callback()\fR with \f(CW\*(C`NULL\*(C'\fR for \f(CW\*(C`cb\*(C'\fR disables tracing for +the given \f(CW\*(C`category\*(C'\fR +.SS "Trace callback" +.IX Subsection "Trace callback" +The tracer callback must return a \f(CW\*(C`size_t\*(C'\fR, which must be zero on +error and otherwise return the number of bytes that were output. +It receives a text buffer \f(CW\*(C`buf\*(C'\fR with \f(CW\*(C`cnt\*(C'\fR bytes of text, as well as +the \f(CW\*(C`category\*(C'\fR, a control number \f(CW\*(C`cmd\*(C'\fR, and the \f(CW\*(C`data\*(C'\fR that was +passed to \fIOSSL_trace_set_callback()\fR. +.PP +The possible control numbers are: +.ie n .IP """OSSL_TRACE_CTRL_BEGIN""" 4 +.el .IP "\f(CWOSSL_TRACE_CTRL_BEGIN\fR" 4 +.IX Item "OSSL_TRACE_CTRL_BEGIN" +The callback is called from \fIOSSL_trace_begin()\fR, which gives the +callback the possibility to output a dynamic starting line, or set a +prefix that should be output at the beginning of each line, or +something other. +.ie n .IP """OSSL_TRACE_CTRL_WRITE""" 4 +.el .IP "\f(CWOSSL_TRACE_CTRL_WRITE\fR" 4 +.IX Item "OSSL_TRACE_CTRL_WRITE" +This callback is called whenever data is written to the \s-1BIO\s0 by some +regular \s-1BIO\s0 output routine. +An arbitrary number of \f(CW\*(C`OSSL_TRACE_CTRL_WRITE\*(C'\fR callbacks can occur +inside a group marked by a pair of \f(CW\*(C`OSSL_TRACE_CTRL_BEGIN\*(C'\fR and +\&\f(CW\*(C`OSSL_TRACE_CTRL_END\*(C'\fR calls, but never outside such a group. +.ie n .IP """OSSL_TRACE_CTRL_END""" 4 +.el .IP "\f(CWOSSL_TRACE_CTRL_END\fR" 4 +.IX Item "OSSL_TRACE_CTRL_END" +The callback is called from \fIOSSL_trace_end()\fR, which gives the callback +the possibility to output a dynamic ending line, or reset the line +prefix that was set with \s-1OSSL_TRACE_CTRL_BEGIN\s0, or something other. +.SS "Trace categories" +.IX Subsection "Trace categories" +The trace categories are simple numbers available through macros. +.ie n .IP """OSSL_TRACE_CATEGORY_TRACE""" 4 +.el .IP "\f(CWOSSL_TRACE_CATEGORY_TRACE\fR" 4 +.IX Item "OSSL_TRACE_CATEGORY_TRACE" +Traces the OpenSSL trace \s-1API\s0 itself. +.Sp +More precisely, this will generate trace output any time a new +trace hook is set. +.ie n .IP """OSSL_TRACE_CATEGORY_INIT""" 4 +.el .IP "\f(CWOSSL_TRACE_CATEGORY_INIT\fR" 4 +.IX Item "OSSL_TRACE_CATEGORY_INIT" +Traces OpenSSL library initialization and cleanup. +.Sp +This needs special care, as OpenSSL will do automatic cleanup after +exit from \f(CW\*(C`main()\*(C'\fR, and any tracing output done during this cleanup +will be lost if the tracing channel or callback were cleaned away +prematurely. +A suggestion is to make such cleanup part of a function that's +registered very early with \fIatexit\fR\|(3). +.ie n .IP """OSSL_TRACE_CATEGORY_TLS""" 4 +.el .IP "\f(CWOSSL_TRACE_CATEGORY_TLS\fR" 4 +.IX Item "OSSL_TRACE_CATEGORY_TLS" +Traces the \s-1TLS/SSL\s0 protocol. +.ie n .IP """OSSL_TRACE_CATEGORY_TLS_CIPHER""" 4 +.el .IP "\f(CWOSSL_TRACE_CATEGORY_TLS_CIPHER\fR" 4 +.IX Item "OSSL_TRACE_CATEGORY_TLS_CIPHER" +Traces the ciphers used by the \s-1TLS/SSL\s0 protocol. +.ie n .IP """OSSL_TRACE_CATEGORY_ENGINE_CONF""" 4 +.el .IP "\f(CWOSSL_TRACE_CATEGORY_ENGINE_CONF\fR" 4 +.IX Item "OSSL_TRACE_CATEGORY_ENGINE_CONF" +Traces the \s-1ENGINE\s0 configuration. +.ie n .IP """OSSL_TRACE_CATEGORY_ENGINE_TABLE""" 4 +.el .IP "\f(CWOSSL_TRACE_CATEGORY_ENGINE_TABLE\fR" 4 +.IX Item "OSSL_TRACE_CATEGORY_ENGINE_TABLE" +Traces the \s-1ENGINE\s0 algorithm table selection. +.Sp +More precisely, \fIengine_table_select()\fR, the function that is used by +\&\s-1RSA\s0, \s-1DSA\s0 (etc) code to select registered ENGINEs, cache defaults and +functional references (etc), will generate trace summaries. +.ie n .IP """OSSL_TRACE_CATEGORY_ENGINE_REF_COUNT""" 4 +.el .IP "\f(CWOSSL_TRACE_CATEGORY_ENGINE_REF_COUNT\fR" 4 +.IX Item "OSSL_TRACE_CATEGORY_ENGINE_REF_COUNT" +Tracds the \s-1ENGINE\s0 reference counting. +.Sp +More precisely, both reference counts in the \s-1ENGINE\s0 structure will be +monitored with a line of trace output generated for each change. +.ie n .IP """OSSL_TRACE_CATEGORY_PKCS5V2""" 4 +.el .IP "\f(CWOSSL_TRACE_CATEGORY_PKCS5V2\fR" 4 +.IX Item "OSSL_TRACE_CATEGORY_PKCS5V2" +Traces PKCS#5 v2 key generation. +.ie n .IP """OSSL_TRACE_CATEGORY_PKCS12_KEYGEN""" 4 +.el .IP "\f(CWOSSL_TRACE_CATEGORY_PKCS12_KEYGEN\fR" 4 +.IX Item "OSSL_TRACE_CATEGORY_PKCS12_KEYGEN" +Traces PKCS#12 key generation. +.ie n .IP """OSSL_TRACE_CATEGORY_PKCS12_DECRYPT""" 4 +.el .IP "\f(CWOSSL_TRACE_CATEGORY_PKCS12_DECRYPT\fR" 4 +.IX Item "OSSL_TRACE_CATEGORY_PKCS12_DECRYPT" +Traces PKCS#12 decryption. +.ie n .IP """OSSL_TRACE_CATEGORY_X509V3_POLICY""" 4 +.el .IP "\f(CWOSSL_TRACE_CATEGORY_X509V3_POLICY\fR" 4 +.IX Item "OSSL_TRACE_CATEGORY_X509V3_POLICY" +Traces X509v3 policy processing. +.Sp +More precisely, this generates the complete policy tree at various +point during evaluation. +.ie n .IP """OSSL_TRACE_CATEGORY_BN_CTX""" 4 +.el .IP "\f(CWOSSL_TRACE_CATEGORY_BN_CTX\fR" 4 +.IX Item "OSSL_TRACE_CATEGORY_BN_CTX" +Traces \s-1BIGNUM\s0 context operations. +.ie n .IP """OSSL_TRACE_CATEGORY_PROVIDER_CONF""" 4 +.el .IP "\f(CWOSSL_TRACE_CATEGORY_PROVIDER_CONF\fR" 4 +.IX Item "OSSL_TRACE_CATEGORY_PROVIDER_CONF" +Traces the \s-1OSSL_PROVIDER\s0 configuration. +.PP +There is also \f(CW\*(C`OSSL_TRACE_CATEGORY_ALL\*(C'\fR, which works as a fallback +and can be used to get \fIall\fR trace output. +.PP +Note, however, that in this case all trace output will effectively be +associated with the '\s-1ALL\s0' category, which is undesirable if the +application intends to include the category name in the trace output. +In this case it is better to register separate channels for each +trace category instead. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOSSL_trace_set_channel()\fR, \fIOSSL_trace_set_prefix()\fR, +\&\fIOSSL_trace_set_suffix()\fR, and \fIOSSL_trace_set_callback()\fR return 1 on +success, or 0 on failure. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +In all examples below, the trace producing code is assumed to be +the following: +.PP +.Vb 3 +\& int foo = 42; +\& const char bar[] = { 0, 1, 2, 3, 4, 5, 6, 7, +\& 8, 9, 10, 11, 12, 13, 14, 15 }; +\& +\& OSSL_TRACE_BEGIN(TLS) { +\& BIO_puts(trc_out, "foo: "); +\& BIO_printf(trc_out, "%d\en", foo); +\& BIO_dump(trc_out, bar, sizeof(bar)); +\& } OSSL_TRACE_END(TLS); +.Ve +.SS "Simple example" +.IX Subsection "Simple example" +An example with just a channel and constant prefix / suffix. +.PP +.Vb 6 +\& int main(int argc, char *argv[]) +\& { +\& BIO *err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); +\& OSSL_trace_set_channel(OSSL_TRACE_CATEGORY_SSL, err); +\& OSSL_trace_set_prefix(OSSL_TRACE_CATEGORY_SSL, "BEGIN TRACE[TLS]"); +\& OSSL_trace_set_suffix(OSSL_TRACE_CATEGORY_SSL, "END TRACE[TLS]"); +\& +\& /* ... work ... */ +\& } +.Ve +.PP +When the trace producing code above is performed, this will be output +on standard error: +.PP +.Vb 4 +\& BEGIN TRACE[TLS] +\& foo: 42 +\& 0000 \- 00 01 02 03 04 05 06 07\-08 09 0a 0b 0c 0d 0e 0f ................ +\& END TRACE[TLS] +.Ve +.SS "Advanced example" +.IX Subsection "Advanced example" +This example uses the callback, and depends on pthreads functionality. +.PP +.Vb 5 +\& static size_t cb(const char *buf, size_t cnt, +\& int category, int cmd, void *vdata) +\& { +\& BIO *bio = vdata; +\& const char *label = NULL; +\& +\& switch (cmd) { +\& case OSSL_TRACE_CTRL_BEGIN: +\& label = "BEGIN"; +\& break; +\& case OSSL_TRACE_CTRL_END: +\& label = "END"; +\& break; +\& } +\& +\& if (label != NULL) { +\& union { +\& pthread_t tid; +\& unsigned long ltid; +\& } tid; +\& +\& tid.tid = pthread_self(); +\& BIO_printf(bio, "%s TRACE[%s]:%lx\en", +\& label, OSSL_trace_get_category_name(category), tid.ltid); +\& } +\& return (size_t)BIO_puts(bio, buf); +\& } +\& +\& int main(int argc, char *argv[]) +\& { +\& BIO *err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); +\& OSSL_trace_set_callback(OSSL_TRACE_CATEGORY_SSL, cb, err); +\& +\& /* ... work ... */ +\& } +.Ve +.PP +The output is almost the same as for the simple example above. +.PP +.Vb 4 +\& BEGIN TRACE[TLS]:7f9eb0193b80 +\& foo: 42 +\& 0000 \- 00 01 02 03 04 05 06 07\-08 09 0a 0b 0c 0d 0e 0f ................ +\& END TRACE[TLS]:7f9eb0193b80 +.Ve +.SH "NOTES" +.IX Header "NOTES" +.SS "Configure Tracing" +.IX Subsection "Configure Tracing" +By default, the OpenSSL library is built with tracing disabled. To +use the tracing functionality documented here, it is therefore +necessary to configure and build OpenSSL with the 'enable\-trace' option. +.PP +When the library is built with tracing disabled, the macro +\&\f(CW\*(C`OPENSSL_NO_TRACE\*(C'\fR is defined in \f(CW\*(C`openssl/opensslconf.h\*(C'\fR and all +functions described here are inoperational, i.e. will do nothing. +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIOSSL_trace_set_channel()\fR, \fIOSSL_trace_set_prefix()\fR, +\&\fIOSSL_trace_set_suffix()\fR, and \fIOSSL_trace_set_callback()\fR were all added +in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/OpenSSL_add_all_algorithms.3 b/linux_amd64/ssl/share/man/man3/OpenSSL_add_all_algorithms.3 new file mode 100755 index 0000000..160974f --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/OpenSSL_add_all_algorithms.3 @@ -0,0 +1,187 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_ADD_ALL_ALGORITHMS 3" +.TH OPENSSL_ADD_ALL_ALGORITHMS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OpenSSL_add_all_algorithms, OpenSSL_add_all_ciphers, OpenSSL_add_all_digests, EVP_cleanup \- +add algorithms to internal table +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.PP +Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 3 +\& void OpenSSL_add_all_algorithms(void); +\& void OpenSSL_add_all_ciphers(void); +\& void OpenSSL_add_all_digests(void); +\& +\& void EVP_cleanup(void) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +OpenSSL keeps an internal table of digest algorithms and ciphers. It uses +this table to lookup ciphers via functions such as \fIEVP_get_cipher_byname()\fR. +.PP +\&\fIOpenSSL_add_all_digests()\fR adds all digest algorithms to the table. +.PP +\&\fIOpenSSL_add_all_algorithms()\fR adds all algorithms to the table (digests and +ciphers). +.PP +\&\fIOpenSSL_add_all_ciphers()\fR adds all encryption algorithms to the table including +password based encryption algorithms. +.PP +In versions prior to 1.1.0 \fIEVP_cleanup()\fR removed all ciphers and digests from +the table. It no longer has any effect in OpenSSL 1.1.0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +None of the functions return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIevp\fR\|(7), \fIEVP_DigestInit\fR\|(3), +\&\fIEVP_EncryptInit\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fIOpenSSL_add_all_algorithms()\fR, \fIOpenSSL_add_all_ciphers()\fR, +\&\fIOpenSSL_add_all_digests()\fR, and \fIEVP_cleanup()\fR, functions +were deprecated in OpenSSL 1.1.0 by \fIOPENSSL_init_crypto()\fR and should +not be used. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/OpenSSL_version.3 b/linux_amd64/ssl/share/man/man3/OpenSSL_version.3 new file mode 100755 index 0000000..812fd1d --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/OpenSSL_version.3 @@ -0,0 +1,341 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_VERSION 3" +.TH OPENSSL_VERSION 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_VERSION_MAJOR, OPENSSL_VERSION_MINOR, OPENSSL_VERSION_PATCH, +OPENSSL_VERSION_PRE_RELEASE, OPENSSL_VERSION_BUILD_METADATA, +OPENSSL_VERSION_TEXT, +OPENSSL_version_major, OPENSSL_version_minor, OPENSSL_version_patch, +OPENSSL_version_pre_release, OPENSSL_version_build_metadata, OpenSSL_version, +OPENSSL_VERSION_NUMBER, OpenSSL_version_num, OPENSSL_info +\&\- get OpenSSL version number and other information +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& #define OPENSSL_VERSION_MAJOR x +\& #define OPENSSL_VERSION_MINOR y +\& #define OPENSSL_VERSION_PATCH z +\& +\& /* The definitions here are typical release values */ +\& #define OPENSSL_VERSION_PRE_RELEASE "" +\& #define OPENSSL_VERSION_BUILD_METADATA "" +\& +\& #define OPENSSL_VERSION_TEXT "OpenSSL x.y.z xx XXX xxxx" +\& +\& #include +\& +\& unsigned int OPENSSL_version_major(void); +\& unsigned int OPENSSL_version_minor(void); +\& unsigned int OPENSSL_version_patch(void); +\& const char *OPENSSL_version_pre_release(void); +\& const char *OPENSSL_version_build_metadata(void); +\& +\& const char *OpenSSL_version(int t); +\& +\& const char *OPENSSL_info(int t); +.Ve +.PP +Deprecated: +.PP +.Vb 2 +\& /* from openssl/opensslv.h */ +\& #define OPENSSL_VERSION_NUMBER 0xnnnnnnnnnL +\& +\& /* from openssl/crypto.h */ +\& unsigned long OpenSSL_version_num(); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +.SS "Macros" +.IX Subsection "Macros" +The three macros \fB\s-1OPENSSL_VERSION_MAJOR\s0\fR, \fB\s-1OPENSSL_VERSION_MINOR\s0\fR and +\&\fB\s-1OPENSSL_VERSION_PATCH\s0\fR represent the three parts of a version +identifier, \fB\f(BI\s-1MAJOR\s0\fB.\f(BI\s-1MINOR\s0\fB.\f(BI\s-1PATCH\s0\fB\fR. +.PP +The macro \fB\s-1OPENSSL_VERSION_PRE_RELEASE\s0\fR is an added bit of text that +indicates that this is a pre-release version, such as \f(CW"\-dev"\fR for an +ongoing development snapshot or \f(CW"\-alpha3"\fR for an alpha release. +The value must be a string. +.PP +The macro \fB\s-1OPENSSL_VERSION_BUILD_METADATA\s0\fR is extra information, reserved +for other parties, such as \f(CW"+fips"\fR, or \f(CW"+vendor.1"\fR). +The OpenSSL project will not touch this macro (will leave it an empty string). +The value must be a string. +.PP +\&\fB\s-1OPENSSL_VERSION_STR\s0\fR is a convenience macro to get the short version +identifier string, \f(CW"\f(CIMAJOR\f(CW.\f(CIMINOR\f(CW.\f(CIPATCH\f(CW"\fR. +.PP +\&\fB\s-1OPENSSL_FULL_VERSION_STR\s0\fR is a convenience macro to get the longer +version identifier string, which combines \fB\s-1OPENSSL_VERSION_STR\s0\fR, +\&\fB\s-1OPENSSL_VERSION_PRE_RELEASE\s0\fR and \fB\s-1OPENSSL_VERSION_BUILD_METADATA\s0\fR. +.PP +\&\fB\s-1OPENSSL_VERSION_TEXT\s0\fR is a convenience macro to get a full descriptive +version text, which includes \fB\s-1OPENSSL_FULL_VERSION_STR\s0\fR and the release +date. +.SS "Functions" +.IX Subsection "Functions" +\&\fIOPENSSL_version_major()\fR, \fIOPENSSL_version_minor()\fR, \fIOPENSSL_version_patch()\fR, +\&\fIOPENSSL_version_pre_release()\fR, and \fIOPENSSL_version_build_metadata()\fR return +the values of the macros above for the build of the library, respectively. +.PP +\&\fIOpenSSL_version()\fR returns different strings depending on \fIt\fR: +.IP "\s-1OPENSSL_VERSION\s0" 4 +.IX Item "OPENSSL_VERSION" +The value of \fB\s-1OPENSSL_VERSION_TEXT\s0\fR +.IP "\s-1OPENSSL_VERSION_STRING\s0" 4 +.IX Item "OPENSSL_VERSION_STRING" +The value of \fB\s-1OPENSSL_VERSION_STR\s0\fR +.IP "\s-1OPENSSL_FULL_VERSION_STRING\s0" 4 +.IX Item "OPENSSL_FULL_VERSION_STRING" +The value of \fB\s-1OPENSSL_FULL_VERSION_STR\s0\fR +.IP "\s-1OPENSSL_CFLAGS\s0" 4 +.IX Item "OPENSSL_CFLAGS" +The compiler flags set for the compilation process in the form +\&\f(CW\*(C`compiler: ...\*(C'\fR if available, or \f(CW\*(C`compiler: information not available\*(C'\fR +otherwise. +.IP "\s-1OPENSSL_BUILT_ON\s0" 4 +.IX Item "OPENSSL_BUILT_ON" +The date of the build process in the form \f(CW\*(C`built on: ...\*(C'\fR if available +or \f(CW\*(C`built on: date not available\*(C'\fR otherwise. +The date would not be available in a reproducible build, for example. +.IP "\s-1OPENSSL_PLATFORM\s0" 4 +.IX Item "OPENSSL_PLATFORM" +The \*(L"Configure\*(R" target of the library build in the form \f(CW\*(C`platform: ...\*(C'\fR +if available, or \f(CW\*(C`platform: information not available\*(C'\fR otherwise. +.IP "\s-1OPENSSL_DIR\s0" 4 +.IX Item "OPENSSL_DIR" +The \fB\s-1OPENSSLDIR\s0\fR setting of the library build in the form \f(CW\*(C`OPENSSLDIR: "..."\*(C'\fR +if available, or \f(CW\*(C`OPENSSLDIR: N/A\*(C'\fR otherwise. +.IP "\s-1OPENSSL_ENGINES_DIR\s0" 4 +.IX Item "OPENSSL_ENGINES_DIR" +The \fB\s-1ENGINESDIR\s0\fR setting of the library build in the form \f(CW\*(C`ENGINESDIR: "..."\*(C'\fR +if available, or \f(CW\*(C`ENGINESDIR: N/A\*(C'\fR otherwise. +.IP "\s-1OPENSSL_MODULES_DIR\s0" 4 +.IX Item "OPENSSL_MODULES_DIR" +The \fB\s-1MODULESDIR\s0\fR setting of the library build in the form \f(CW\*(C`MODULESDIR: "..."\*(C'\fR +if available, or \f(CW\*(C`MODULESDIR: N/A\*(C'\fR otherwise. +.IP "\s-1OPENSSL_CPU_INFO\s0" 4 +.IX Item "OPENSSL_CPU_INFO" +The current OpenSSL cpu settings. +This is the current setting of the cpu capability flags. It is usually +automatically configured but may be set via an environment variable. +The value has the same syntax as the environment variable. +For x86 the string looks like \f(CW\*(C`CPUINFO: OPENSSL_ia32cap=0x123:0x456\*(C'\fR +or \f(CW\*(C`CPUINFO: N/A\*(C'\fR if not available. +.PP +For an unknown \fIt\fR, the text \f(CW\*(C`not available\*(C'\fR is returned. +.PP +\&\fIOPENSSL_info()\fR also returns different strings depending on \fIt\fR: +.IP "\s-1OPENSSL_INFO_CONFIG_DIR\s0" 4 +.IX Item "OPENSSL_INFO_CONFIG_DIR" +The configured \f(CW\*(C`OPENSSLDIR\*(C'\fR, which is the default location for +OpenSSL configuration files. +.IP "\s-1OPENSSL_INFO_ENGINES_DIR\s0" 4 +.IX Item "OPENSSL_INFO_ENGINES_DIR" +The configured \f(CW\*(C`ENGINESDIR\*(C'\fR, which is the default location for +OpenSSL engines. +.IP "\s-1OPENSSL_INFO_MODULES_DIR\s0" 4 +.IX Item "OPENSSL_INFO_MODULES_DIR" +The configured \f(CW\*(C`MODULESDIR\*(C'\fR, which is the default location for +dynamically loadable OpenSSL modules other than engines. +.IP "\s-1OPENSSL_INFO_DSO_EXTENSION\s0" 4 +.IX Item "OPENSSL_INFO_DSO_EXTENSION" +The configured dynamically loadable module extension. +.IP "\s-1OPENSSL_INFO_DIR_FILENAME_SEPARATOR\s0" 4 +.IX Item "OPENSSL_INFO_DIR_FILENAME_SEPARATOR" +The separator between a directory specification and a filename. +Note that on some operating systems, this is not the same as the +separator between directory elements. +.IP "\s-1OPENSSL_INFO_LIST_SEPARATOR\s0" 4 +.IX Item "OPENSSL_INFO_LIST_SEPARATOR" +The OpenSSL list separator. +This is typically used in strings that are lists of items, such as the +value of the environment variable \f(CW$PATH\fR on Unix (where the +separator is \f(CW\*(C`:\*(C'\fR) or \f(CW\*(C`%PATH%\*(C'\fR on Windows (where the separator is +\&\f(CW\*(C`;\*(C'\fR). +.IP "\s-1OPENSSL_INFO_CPU_SETTINGS\s0" 4 +.IX Item "OPENSSL_INFO_CPU_SETTINGS" +The current OpenSSL cpu settings. +This is the current setting of the cpu capability flags. It is usually +automatically configured but may be set via an environment variable. +The value has the same syntax as the environment variable. +For x86 the string looks like \f(CW\*(C`OPENSSL_ia32cap=0x123:0x456\*(C'\fR. +.PP +For an unknown \fIt\fR, \s-1NULL\s0 is returned. +.SH "BACKWARD COMPATIBILITY" +.IX Header "BACKWARD COMPATIBILITY" +For compatibility, some older macros and functions are retained or +synthesised. +They are all considered deprecated. +.SS "Macros" +.IX Subsection "Macros" +\&\fB\s-1OPENSSL_VERSION_NUMBER\s0\fR is a combination of the major, minor and +patch version into a single integer 0xMNN00PP0L, where: +.IP "M" 4 +.IX Item "M" +is the number from \fB\s-1OPENSSL_VERSION_MAJOR\s0\fR, in hexadecimal notation +.IP "\s-1NN\s0" 4 +.IX Item "NN" +is the number from \fB\s-1OPENSSL_VERSION_MINOR\s0\fR, in hexadecimal notation +.IP "\s-1PP\s0" 4 +.IX Item "PP" +is the number from \fB\s-1OPENSSL_VERSION_PATCH\s0\fR, in hexadecimal notation +.SS "Functions" +.IX Subsection "Functions" +\&\fIOpenSSL_version_num()\fR returns the value of \fB\s-1OPENSSL_VERSION_NUMBER\s0\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOPENSSL_version_major()\fR, \fIOPENSSL_version_minor()\fR and \fIOPENSSL_version_patch()\fR +return the version number parts as integers. +.PP +\&\fIOPENSSL_version_pre_release()\fR and \fIOPENSSL_version_build_metadata()\fR return +the values of \fB\s-1OPENSSL_VERSION_PRE_RELEASE\s0\fR and +\&\fB\s-1OPENSSL_VERSION_BUILD_METADATA\s0\fR respectively as constant strings. +For any of them that is undefined, the empty string is returned. +.PP +\&\fIOpenSSL_version()\fR returns constant strings. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIcrypto\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The macros and functions described here were added in OpenSSL 3.0, +with the exception of the \*(L"\s-1BACKWARD\s0 \s-1COMPATIBILITY\s0\*(R" ones. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/PEM_bytes_read_bio.3 b/linux_amd64/ssl/share/man/man3/PEM_bytes_read_bio.3 new file mode 100755 index 0000000..7145c73 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/PEM_bytes_read_bio.3 @@ -0,0 +1,207 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PEM_BYTES_READ_BIO 3" +.TH PEM_BYTES_READ_BIO 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PEM_bytes_read_bio, PEM_bytes_read_bio_secmem \- read a PEM\-encoded data structure from a BIO +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, +\& const char *name, BIO *bp, pem_password_cb *cb, +\& void *u); +\& int PEM_bytes_read_bio_secmem(unsigned char **pdata, long *plen, char **pnm, +\& const char *name, BIO *bp, pem_password_cb *cb, +\& void *u); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIPEM_bytes_read_bio()\fR reads PEM-formatted (\s-1IETF\s0 \s-1RFC\s0 1421 and \s-1IETF\s0 \s-1RFC\s0 7468) +data from the \s-1BIO\s0 +\&\fIbp\fR for the data type given in \fIname\fR (\s-1RSA\s0 \s-1PRIVATE\s0 \s-1KEY\s0, \s-1CERTIFICATE\s0, +etc.). If multiple PEM-encoded data structures are present in the same +stream, \fIPEM_bytes_read_bio()\fR will skip non-matching data types and +continue reading. Non-PEM data present in the stream may cause an +error. +.PP +The \s-1PEM\s0 header may indicate that the following data is encrypted; if so, +the data will be decrypted, waiting on user input to supply a passphrase +if needed. The password callback \fIcb\fR and rock \fIu\fR are used to obtain +the decryption passphrase, if applicable. +.PP +Some data types have compatibility aliases, such as a file containing +X509 \s-1CERTIFICATE\s0 matching a request for the deprecated type \s-1CERTIFICATE\s0. +The actual type indicated by the file is returned in \fI*pnm\fR if \fIpnm\fR is +non-NULL. The caller must free the storage pointed to by \fI*pnm\fR. +.PP +The returned data is the DER-encoded form of the requested type, in +\&\fI*pdata\fR with length \fI*plen\fR. The caller must free the storage pointed +to by \fI*pdata\fR. +.PP +\&\fIPEM_bytes_read_bio_secmem()\fR is similar to \fIPEM_bytes_read_bio()\fR, but uses +memory from the secure heap for its temporary buffers and the storage +returned in \fI*pdata\fR and \fI*pnm\fR. Accordingly, the caller must use +\&\fIOPENSSL_secure_free()\fR to free that storage. +.SH "NOTES" +.IX Header "NOTES" +\&\fIPEM_bytes_read_bio_secmem()\fR only enforces that the secure heap is used for +storage allocated within the \s-1PEM\s0 processing stack. The \s-1BIO\s0 stack from +which input is read may also use temporary buffers, which are not necessarily +allocated from the secure heap. In cases where it is desirable to ensure +that the contents of the \s-1PEM\s0 file only appears in memory from the secure heap, +care is needed in generating the \s-1BIO\s0 passed as \fIbp\fR. In particular, the +use of \fIBIO_s_file()\fR indicates the use of the operating system stdio +functionality, which includes buffering as a feature; \fIBIO_s_fd()\fR is likely +to be more appropriate in such cases. +.PP +These functions make no assumption regarding the pass phrase received from the +password callback. +It will simply be treated as a byte sequence. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIPEM_bytes_read_bio()\fR and \fIPEM_bytes_read_bio_secmem()\fR return 1 for success or +0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIPEM_read_bio_ex\fR\|(3), +\&\fIpassphrase\-encoding\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIPEM_bytes_read_bio_secmem()\fR was introduced in OpenSSL 1.1.1 +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/PEM_read.3 b/linux_amd64/ssl/share/man/man3/PEM_read.3 new file mode 100755 index 0000000..90691a9 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/PEM_read.3 @@ -0,0 +1,256 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PEM_READ 3" +.TH PEM_READ 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PEM_write, PEM_write_bio, +PEM_read, PEM_read_bio, PEM_do_header, PEM_get_EVP_CIPHER_INFO +\&\- PEM encoding routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int PEM_write(FILE *fp, const char *name, const char *header, +\& const unsigned char *data, long len) +\& int PEM_write_bio(BIO *bp, const char *name, const char *header, +\& const unsigned char *data, long len) +\& +\& int PEM_read(FILE *fp, char **name, char **header, +\& unsigned char **data, long *len); +\& int PEM_read_bio(BIO *bp, char **name, char **header, +\& unsigned char **data, long *len); +\& +\& int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cinfo); +\& int PEM_do_header(EVP_CIPHER_INFO *cinfo, unsigned char *data, long *len, +\& pem_password_cb *cb, void *u); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions read and write PEM-encoded objects, using the \s-1PEM\s0 +type \fBname\fR, any additional \fBheader\fR information, and the raw +\&\fBdata\fR of length \fBlen\fR. +.PP +\&\s-1PEM\s0 is the term used for binary content encoding first defined in \s-1IETF\s0 +\&\s-1RFC\s0 1421. The content is a series of base64\-encoded lines, surrounded +by begin/end markers each on their own line. For example: +.PP +.Vb 4 +\& \-\-\-\-\-BEGIN PRIVATE KEY\-\-\-\-\- +\& MIICdg.... +\& ... bhTQ== +\& \-\-\-\-\-END PRIVATE KEY\-\-\-\-\- +.Ve +.PP +Optional header line(s) may appear after the begin line, and their +existence depends on the type of object being written or read. +.PP +\&\fIPEM_write()\fR writes to the file \fBfp\fR, while \fIPEM_write_bio()\fR writes to +the \s-1BIO\s0 \fBbp\fR. The \fBname\fR is the name to use in the marker, the +\&\fBheader\fR is the header value or \s-1NULL\s0, and \fBdata\fR and \fBlen\fR specify +the data and its length. +.PP +The final \fBdata\fR buffer is typically an \s-1ASN\s0.1 object which can be decoded with +the \fBd2i\fR function appropriate to the type \fBname\fR; see \fId2i_X509\fR\|(3) +for examples. +.PP +\&\fIPEM_read()\fR reads from the file \fBfp\fR, while \fIPEM_read_bio()\fR reads +from the \s-1BIO\s0 \fBbp\fR. +Both skip any non-PEM data that precedes the start of the next \s-1PEM\s0 object. +When an object is successfully retrieved, the type name from the \*(L"\-\-\-\-BEGIN +\-\-\-\-\-\*(R" is returned via the \fBname\fR argument, any encapsulation headers +are returned in \fBheader\fR and the base64\-decoded content and its length are +returned via \fBdata\fR and \fBlen\fR respectively. +The \fBname\fR, \fBheader\fR and \fBdata\fR pointers are allocated via \fIOPENSSL_malloc()\fR +and should be freed by the caller via \fIOPENSSL_free()\fR when no longer needed. +.PP +\&\fIPEM_get_EVP_CIPHER_INFO()\fR can be used to determine the \fBdata\fR returned by +\&\fIPEM_read()\fR or \fIPEM_read_bio()\fR is encrypted and to retrieve the associated cipher +and \s-1IV\s0. +The caller passes a pointer to structure of type \fB\s-1EVP_CIPHER_INFO\s0\fR via the +\&\fBcinfo\fR argument and the \fBheader\fR returned via \fIPEM_read()\fR or \fIPEM_read_bio()\fR. +If the call is successful 1 is returned and the cipher and \s-1IV\s0 are stored at the +address pointed to by \fBcinfo\fR. +When the header is malformed, or not supported or when the cipher is unknown +or some internal error happens 0 is returned. +This function is deprecated, see \fB\s-1NOTES\s0\fR below. +.PP +\&\fIPEM_do_header()\fR can then be used to decrypt the data if the header +indicates encryption. +The \fBcinfo\fR argument is a pointer to the structure initialized by the previous +call to \fIPEM_get_EVP_CIPHER_INFO()\fR. +The \fBdata\fR and \fBlen\fR arguments are those returned by the previous call to +\&\fIPEM_read()\fR or \fIPEM_read_bio()\fR. +The \fBcb\fR and \fBu\fR arguments make it possible to override the default password +prompt function as described in \fIPEM_read_PrivateKey\fR\|(3). +On successful completion the \fBdata\fR is decrypted in place, and \fBlen\fR is +updated to indicate the plaintext length. +This function is deprecated, see \fB\s-1NOTES\s0\fR below. +.PP +If the data is a priori known to not be encrypted, then neither \fIPEM_do_header()\fR +nor \fIPEM_get_EVP_CIPHER_INFO()\fR need be called. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIPEM_read()\fR and \fIPEM_read_bio()\fR return 1 on success and 0 on failure, the latter +includes the case when no more \s-1PEM\s0 objects remain in the input file. +To distinguish end of file from more serious errors the caller must peek at the +error stack and check for \fB\s-1PEM_R_NO_START_LINE\s0\fR, which indicates that no more +\&\s-1PEM\s0 objects were found. See \fIERR_peek_last_error\fR\|(3), \s-1\fIERR_GET_REASON\s0\fR\|(3). +.PP +\&\fIPEM_get_EVP_CIPHER_INFO()\fR and \fIPEM_do_header()\fR return 1 on success, and 0 on +failure. +The \fBdata\fR is likely meaningless if these functions fail. +.SH "NOTES" +.IX Header "NOTES" +The \fIPEM_get_EVP_CIPHER_INFO()\fR and \fIPEM_do_header()\fR functions are deprecated. +This is because the underlying \s-1PEM\s0 encryption format is obsolete, and should +be avoided. +It uses an encryption format with an OpenSSL-specific key-derivation function, +which employs \s-1MD5\s0 with an iteration count of 1! +Instead, private keys should be stored in PKCS#8 form, with a strong PKCS#5 +v2.0 \s-1PBE\s0. +See \fIPEM_write_PrivateKey\fR\|(3) and \fId2i_PKCS8PrivateKey_bio\fR\|(3). +.PP +\&\fIPEM_do_header()\fR makes no assumption regarding the pass phrase received from the +password callback. +It will simply be treated as a byte sequence. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_peek_last_error\fR\|(3), \s-1\fIERR_GET_LIB\s0\fR\|(3), +\&\fId2i_PKCS8PrivateKey_bio\fR\|(3), +\&\fIpassphrase\-encoding\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 1998\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/PEM_read_CMS.3 b/linux_amd64/ssl/share/man/man3/PEM_read_CMS.3 new file mode 100755 index 0000000..c98e5ef --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/PEM_read_CMS.3 @@ -0,0 +1,231 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PEM_READ_CMS 3" +.TH PEM_READ_CMS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DECLARE_PEM_rw, +PEM_read_CMS, +PEM_read_bio_CMS, +PEM_write_CMS, +PEM_write_bio_CMS, +PEM_write_DHxparams, +PEM_write_bio_DHxparams, +PEM_read_ECPKParameters, +PEM_read_bio_ECPKParameters, +PEM_write_ECPKParameters, +PEM_write_bio_ECPKParameters, +PEM_read_ECPrivateKey, +PEM_write_ECPrivateKey, +PEM_write_bio_ECPrivateKey, +PEM_read_EC_PUBKEY, +PEM_read_bio_EC_PUBKEY, +PEM_write_EC_PUBKEY, +PEM_write_bio_EC_PUBKEY, +PEM_read_NETSCAPE_CERT_SEQUENCE, +PEM_read_bio_NETSCAPE_CERT_SEQUENCE, +PEM_write_NETSCAPE_CERT_SEQUENCE, +PEM_write_bio_NETSCAPE_CERT_SEQUENCE, +PEM_read_PKCS8, +PEM_read_bio_PKCS8, +PEM_write_PKCS8, +PEM_write_bio_PKCS8, +PEM_write_PKCS8_PRIV_KEY_INFO, +PEM_read_bio_PKCS8_PRIV_KEY_INFO, +PEM_read_PKCS8_PRIV_KEY_INFO, +PEM_write_bio_PKCS8_PRIV_KEY_INFO, +PEM_read_SSL_SESSION, +PEM_read_bio_SSL_SESSION, +PEM_write_SSL_SESSION, +PEM_write_bio_SSL_SESSION, +PEM_read_X509_PUBKEY, +PEM_read_bio_X509_PUBKEY, +PEM_write_X509_PUBKEY, +PEM_write_bio_X509_PUBKEY +\&\- PEM object encoding routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& DECLARE_PEM_rw(name, TYPE) +\& +\& TYPE *PEM_read_TYPE(FILE *fp, TYPE **a, pem_password_cb *cb, void *u); +\& TYPE *PEM_read_bio_TYPE(BIO *bp, TYPE **a, pem_password_cb *cb, void *u); +\& int PEM_write_TYPE(FILE *fp, const TYPE *a); +\& int PEM_write_bio_TYPE(BIO *bp, const TYPE *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +In the description below, \fB\f(BI\s-1TYPE\s0\fB\fR is used +as a placeholder for any of the OpenSSL datatypes, such as \fBX509\fR. +The macro \fBDECLARE_PEM_rw\fR expands to the set of declarations shown in +the next four lines of the synopsis. +.PP +These routines convert between local instances of \s-1ASN1\s0 datatypes and +the \s-1PEM\s0 encoding. For more information on the templates, see +\&\s-1\fIASN1_ITEM\s0\fR\|(3). For more information on the lower-level routines used +by the functions here, see \fIPEM_read\fR\|(3). +.PP +\&\fBPEM_read_\f(BI\s-1TYPE\s0\fB\fR() reads a PEM-encoded object of \fB\f(BI\s-1TYPE\s0\fB\fR from the file +\&\fIfp\fR and returns it. The \fIcb\fR and \fIu\fR parameters are as described in +\&\fIpem_password_cb\fR\|(3). +.PP +\&\fBPEM_read_bio_\f(BI\s-1TYPE\s0\fB\fR() is similar to \fBPEM_read_\f(BI\s-1TYPE\s0\fB\fR() but reads from +the \s-1BIO\s0 \fIbp\fR. +.PP +\&\fBPEM_write_\f(BI\s-1TYPE\s0\fB\fR() writes the \s-1PEM\s0 encoding of the object \fIa\fR to the file +\&\fIfp\fR. +.PP +\&\fBPEM_write_bio_\f(BI\s-1TYPE\s0\fB\fR() similarly writes to the \s-1BIO\s0 \fIbp\fR. +.SH "NOTES" +.IX Header "NOTES" +These functions make no assumption regarding the pass phrase received from the +password callback. +It will simply be treated as a byte sequence. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBPEM_read_\f(BI\s-1TYPE\s0\fB\fR() and \fBPEM_read_bio_\f(BI\s-1TYPE\s0\fB\fR() return a pointer to an +allocated object, which should be released by calling \fB\f(BI\s-1TYPE\s0\fB_free\fR(), or +\&\s-1NULL\s0 on error. +.PP +\&\fBPEM_write_\f(BI\s-1TYPE\s0\fB\fR() and \fBPEM_write_bio_\f(BI\s-1TYPE\s0\fB\fR() return the number of bytes +written or zero on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIPEM_read\fR\|(3), +\&\fIpassphrase\-encoding\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 1998\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/PEM_read_bio_PrivateKey.3 b/linux_amd64/ssl/share/man/man3/PEM_read_bio_PrivateKey.3 new file mode 100755 index 0000000..74a2010 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/PEM_read_bio_PrivateKey.3 @@ -0,0 +1,635 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PEM_READ_BIO_PRIVATEKEY 3" +.TH PEM_READ_BIO_PRIVATEKEY 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +pem_password_cb, +PEM_read_bio_PrivateKey, PEM_read_PrivateKey, PEM_write_bio_PrivateKey, +PEM_write_bio_PrivateKey_traditional, PEM_write_PrivateKey, +PEM_write_bio_PKCS8PrivateKey, PEM_write_PKCS8PrivateKey, +PEM_write_bio_PKCS8PrivateKey_nid, PEM_write_PKCS8PrivateKey_nid, +PEM_read_bio_PUBKEY, PEM_read_PUBKEY, PEM_write_bio_PUBKEY, PEM_write_PUBKEY, +PEM_read_bio_RSAPrivateKey, PEM_read_RSAPrivateKey, +PEM_write_bio_RSAPrivateKey, PEM_write_RSAPrivateKey, +PEM_read_bio_RSAPublicKey, PEM_read_RSAPublicKey, PEM_write_bio_RSAPublicKey, +PEM_write_RSAPublicKey, PEM_read_bio_RSA_PUBKEY, PEM_read_RSA_PUBKEY, +PEM_write_bio_RSA_PUBKEY, PEM_write_RSA_PUBKEY, PEM_read_bio_DSAPrivateKey, +PEM_read_DSAPrivateKey, PEM_write_bio_DSAPrivateKey, PEM_write_DSAPrivateKey, +PEM_read_bio_DSA_PUBKEY, PEM_read_DSA_PUBKEY, PEM_write_bio_DSA_PUBKEY, +PEM_write_DSA_PUBKEY, PEM_read_bio_Parameters, PEM_write_bio_Parameters, +PEM_read_bio_DSAparams, PEM_read_DSAparams, +PEM_write_bio_DSAparams, PEM_write_DSAparams, PEM_read_bio_DHparams, +PEM_read_DHparams, PEM_write_bio_DHparams, PEM_write_DHparams, +PEM_read_bio_X509, PEM_read_X509, PEM_write_bio_X509, PEM_write_X509, +PEM_read_bio_X509_AUX, PEM_read_X509_AUX, PEM_write_bio_X509_AUX, +PEM_write_X509_AUX, PEM_read_bio_X509_REQ, PEM_read_X509_REQ, +PEM_write_bio_X509_REQ, PEM_write_X509_REQ, PEM_write_bio_X509_REQ_NEW, +PEM_write_X509_REQ_NEW, PEM_read_bio_X509_CRL, PEM_read_X509_CRL, +PEM_write_bio_X509_CRL, PEM_write_X509_CRL, PEM_read_bio_PKCS7, PEM_read_PKCS7, +PEM_write_bio_PKCS7, PEM_write_PKCS7 \- PEM routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef int pem_password_cb(char *buf, int size, int rwflag, void *u); +\& +\& EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, +\& pem_password_cb *cb, void *u); +\& EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, +\& pem_password_cb *cb, void *u); +\& int PEM_write_bio_PrivateKey(BIO *bp, const EVP_PKEY *x, const EVP_CIPHER *enc, +\& unsigned char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& int PEM_write_bio_PrivateKey_traditional(BIO *bp, EVP_PKEY *x, +\& const EVP_CIPHER *enc, +\& unsigned char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, +\& unsigned char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& int PEM_write_bio_PKCS8PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, +\& char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, +\& char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, const EVP_PKEY *x, int nid, +\& char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& int PEM_write_PKCS8PrivateKey_nid(FILE *fp, const EVP_PKEY *x, int nid, +\& char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& +\& EVP_PKEY *PEM_read_bio_PUBKEY(BIO *bp, EVP_PKEY **x, +\& pem_password_cb *cb, void *u); +\& EVP_PKEY *PEM_read_PUBKEY(FILE *fp, EVP_PKEY **x, +\& pem_password_cb *cb, void *u); +\& int PEM_write_bio_PUBKEY(BIO *bp, EVP_PKEY *x); +\& int PEM_write_PUBKEY(FILE *fp, EVP_PKEY *x); +\& +\& RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **x, +\& pem_password_cb *cb, void *u); +\& RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **x, +\& pem_password_cb *cb, void *u); +\& int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc, +\& unsigned char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc, +\& unsigned char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& +\& RSA *PEM_read_bio_RSAPublicKey(BIO *bp, RSA **x, +\& pem_password_cb *cb, void *u); +\& RSA *PEM_read_RSAPublicKey(FILE *fp, RSA **x, +\& pem_password_cb *cb, void *u); +\& int PEM_write_bio_RSAPublicKey(BIO *bp, RSA *x); +\& int PEM_write_RSAPublicKey(FILE *fp, RSA *x); +\& +\& RSA *PEM_read_bio_RSA_PUBKEY(BIO *bp, RSA **x, +\& pem_password_cb *cb, void *u); +\& RSA *PEM_read_RSA_PUBKEY(FILE *fp, RSA **x, +\& pem_password_cb *cb, void *u); +\& int PEM_write_bio_RSA_PUBKEY(BIO *bp, RSA *x); +\& int PEM_write_RSA_PUBKEY(FILE *fp, RSA *x); +\& +\& DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **x, +\& pem_password_cb *cb, void *u); +\& DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **x, +\& pem_password_cb *cb, void *u); +\& int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc, +\& unsigned char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc, +\& unsigned char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& +\& DSA *PEM_read_bio_DSA_PUBKEY(BIO *bp, DSA **x, +\& pem_password_cb *cb, void *u); +\& DSA *PEM_read_DSA_PUBKEY(FILE *fp, DSA **x, +\& pem_password_cb *cb, void *u); +\& int PEM_write_bio_DSA_PUBKEY(BIO *bp, DSA *x); +\& int PEM_write_DSA_PUBKEY(FILE *fp, DSA *x); +\& +\& EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x); +\& int PEM_write_bio_Parameters(BIO *bp, const EVP_PKEY *x); +\& +\& DSA *PEM_read_bio_DSAparams(BIO *bp, DSA **x, pem_password_cb *cb, void *u); +\& DSA *PEM_read_DSAparams(FILE *fp, DSA **x, pem_password_cb *cb, void *u); +\& int PEM_write_bio_DSAparams(BIO *bp, DSA *x); +\& int PEM_write_DSAparams(FILE *fp, DSA *x); +\& +\& DH *PEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u); +\& DH *PEM_read_DHparams(FILE *fp, DH **x, pem_password_cb *cb, void *u); +\& int PEM_write_bio_DHparams(BIO *bp, DH *x); +\& int PEM_write_DHparams(FILE *fp, DH *x); +\& +\& X509 *PEM_read_bio_X509(BIO *bp, X509 **x, pem_password_cb *cb, void *u); +\& X509 *PEM_read_X509(FILE *fp, X509 **x, pem_password_cb *cb, void *u); +\& int PEM_write_bio_X509(BIO *bp, X509 *x); +\& int PEM_write_X509(FILE *fp, X509 *x); +\& +\& X509 *PEM_read_bio_X509_AUX(BIO *bp, X509 **x, pem_password_cb *cb, void *u); +\& X509 *PEM_read_X509_AUX(FILE *fp, X509 **x, pem_password_cb *cb, void *u); +\& int PEM_write_bio_X509_AUX(BIO *bp, X509 *x); +\& int PEM_write_X509_AUX(FILE *fp, X509 *x); +\& +\& X509_REQ *PEM_read_bio_X509_REQ(BIO *bp, X509_REQ **x, +\& pem_password_cb *cb, void *u); +\& X509_REQ *PEM_read_X509_REQ(FILE *fp, X509_REQ **x, +\& pem_password_cb *cb, void *u); +\& int PEM_write_bio_X509_REQ(BIO *bp, X509_REQ *x); +\& int PEM_write_X509_REQ(FILE *fp, X509_REQ *x); +\& int PEM_write_bio_X509_REQ_NEW(BIO *bp, X509_REQ *x); +\& int PEM_write_X509_REQ_NEW(FILE *fp, X509_REQ *x); +\& +\& X509_CRL *PEM_read_bio_X509_CRL(BIO *bp, X509_CRL **x, +\& pem_password_cb *cb, void *u); +\& X509_CRL *PEM_read_X509_CRL(FILE *fp, X509_CRL **x, +\& pem_password_cb *cb, void *u); +\& int PEM_write_bio_X509_CRL(BIO *bp, X509_CRL *x); +\& int PEM_write_X509_CRL(FILE *fp, X509_CRL *x); +\& +\& PKCS7 *PEM_read_bio_PKCS7(BIO *bp, PKCS7 **x, pem_password_cb *cb, void *u); +\& PKCS7 *PEM_read_PKCS7(FILE *fp, PKCS7 **x, pem_password_cb *cb, void *u); +\& int PEM_write_bio_PKCS7(BIO *bp, PKCS7 *x); +\& int PEM_write_PKCS7(FILE *fp, PKCS7 *x); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1PEM\s0 functions read or write structures in \s-1PEM\s0 format. In +this sense \s-1PEM\s0 format is simply base64 encoded data surrounded +by header lines. +.PP +For more details about the meaning of arguments see the +\&\fB\s-1PEM\s0 \s-1FUNCTION\s0 \s-1ARGUMENTS\s0\fR section. +.PP +Each operation has four functions associated with it. For +brevity the term "\fB\f(BI\s-1TYPE\s0\fB\fR functions" will be used below to collectively +refer to the \fBPEM_read_bio_\f(BI\s-1TYPE\s0\fB\fR(), \fBPEM_read_\f(BI\s-1TYPE\s0\fB\fR(), +\&\fBPEM_write_bio_\f(BI\s-1TYPE\s0\fB\fR(), and \fBPEM_write_\f(BI\s-1TYPE\s0\fB\fR() functions. +.PP +The \fBPrivateKey\fR functions read or write a private key in \s-1PEM\s0 format using an +\&\s-1EVP_PKEY\s0 structure. The write routines use PKCS#8 private key format and are +equivalent to \fIPEM_write_bio_PKCS8PrivateKey()\fR.The read functions transparently +handle traditional and PKCS#8 format encrypted and unencrypted keys. +.PP +\&\fIPEM_write_bio_PrivateKey_traditional()\fR writes out a private key in the +\&\*(L"traditional\*(R" format with a simple private key marker and should only +be used for compatibility with legacy programs. +.PP +\&\fIPEM_write_bio_PKCS8PrivateKey()\fR and \fIPEM_write_PKCS8PrivateKey()\fR write a private +key in an \s-1EVP_PKEY\s0 structure in PKCS#8 EncryptedPrivateKeyInfo format using +PKCS#5 v2.0 password based encryption algorithms. The \fIcipher\fR argument +specifies the encryption algorithm to use: unlike some other \s-1PEM\s0 routines the +encryption is applied at the PKCS#8 level and not in the \s-1PEM\s0 headers. If +\&\fIcipher\fR is \s-1NULL\s0 then no encryption is used and a PKCS#8 PrivateKeyInfo +structure is used instead. +.PP +\&\fIPEM_write_bio_PKCS8PrivateKey_nid()\fR and \fIPEM_write_PKCS8PrivateKey_nid()\fR +also write out a private key as a PKCS#8 EncryptedPrivateKeyInfo however +it uses PKCS#5 v1.5 or PKCS#12 encryption algorithms instead. The algorithm +to use is specified in the \fInid\fR parameter and should be the \s-1NID\s0 of the +corresponding \s-1OBJECT\s0 \s-1IDENTIFIER\s0 (see \s-1NOTES\s0 section). +.PP +The \fB\s-1PUBKEY\s0\fR functions process a public key using an \s-1EVP_PKEY\s0 +structure. The public key is encoded as a SubjectPublicKeyInfo +structure. +.PP +The \fBRSAPrivateKey\fR functions process an \s-1RSA\s0 private key using an +\&\s-1RSA\s0 structure. The write routines uses traditional format. The read +routines handles the same formats as the \fBPrivateKey\fR +functions but an error occurs if the private key is not \s-1RSA\s0. +.PP +The \fBRSAPublicKey\fR functions process an \s-1RSA\s0 public key using an +\&\s-1RSA\s0 structure. The public key is encoded using a PKCS#1 RSAPublicKey +structure. +.PP +The \fB\s-1RSA_PUBKEY\s0\fR functions also process an \s-1RSA\s0 public key using +an \s-1RSA\s0 structure. However the public key is encoded using a +SubjectPublicKeyInfo structure and an error occurs if the public +key is not \s-1RSA\s0. +.PP +The \fBDSAPrivateKey\fR functions process a \s-1DSA\s0 private key using a +\&\s-1DSA\s0 structure. The write routines uses traditional format. The read +routines handles the same formats as the \fBPrivateKey\fR +functions but an error occurs if the private key is not \s-1DSA\s0. +.PP +The \fB\s-1DSA_PUBKEY\s0\fR functions process a \s-1DSA\s0 public key using +a \s-1DSA\s0 structure. The public key is encoded using a +SubjectPublicKeyInfo structure and an error occurs if the public +key is not \s-1DSA\s0. +.PP +The \fBParameters\fR functions read or write key parameters in \s-1PEM\s0 format using +an \s-1EVP_PKEY\s0 structure. The encoding depends on the type of key; for \s-1DSA\s0 key +parameters, it will be a Dss-Parms structure as defined in \s-1RFC2459\s0, and for \s-1DH\s0 +key parameters, it will be a PKCS#3 DHparameter structure. \fIThese functions +only exist for the \f(BI\s-1BIO\s0\fI type\fR. +.PP +The \fBDSAparams\fR functions process \s-1DSA\s0 parameters using a \s-1DSA\s0 +structure. The parameters are encoded using a Dss-Parms structure +as defined in \s-1RFC2459\s0. +.PP +The \fBDHparams\fR functions process \s-1DH\s0 parameters using a \s-1DH\s0 +structure. The parameters are encoded using a PKCS#3 DHparameter +structure. +.PP +The \fBX509\fR functions process an X509 certificate using an X509 +structure. They will also process a trusted X509 certificate but +any trust settings are discarded. +.PP +The \fBX509_AUX\fR functions process a trusted X509 certificate using +an X509 structure. +.PP +The \fBX509_REQ\fR and \fBX509_REQ_NEW\fR functions process a PKCS#10 +certificate request using an X509_REQ structure. The \fBX509_REQ\fR +write functions use \fB\s-1CERTIFICATE\s0 \s-1REQUEST\s0\fR in the header whereas +the \fBX509_REQ_NEW\fR functions use \fB\s-1NEW\s0 \s-1CERTIFICATE\s0 \s-1REQUEST\s0\fR +(as required by some CAs). The \fBX509_REQ\fR read functions will +handle either form so there are no \fBX509_REQ_NEW\fR read functions. +.PP +The \fBX509_CRL\fR functions process an X509 \s-1CRL\s0 using an X509_CRL +structure. +.PP +The \fB\s-1PKCS7\s0\fR functions process a PKCS#7 ContentInfo using a \s-1PKCS7\s0 +structure. +.SH "PEM FUNCTION ARGUMENTS" +.IX Header "PEM FUNCTION ARGUMENTS" +The \s-1PEM\s0 functions have many common arguments. +.PP +The \fIbp\fR \s-1BIO\s0 parameter (if present) specifies the \s-1BIO\s0 to read from +or write to. +.PP +The \fIfp\fR \s-1FILE\s0 parameter (if present) specifies the \s-1FILE\s0 pointer to +read from or write to. +.PP +The \s-1PEM\s0 read functions all take an argument \fI\f(BI\s-1TYPE\s0\fI **x\fR and return +a \fI\f(BI\s-1TYPE\s0\fI *\fR pointer. Where \fI\f(BI\s-1TYPE\s0\fI\fR is whatever structure the function +uses. If \fIx\fR is \s-1NULL\s0 then the parameter is ignored. If \fIx\fR is not +\&\s-1NULL\s0 but \fI*x\fR is \s-1NULL\s0 then the structure returned will be written +to \fI*x\fR. If neither \fIx\fR nor \fI*x\fR is \s-1NULL\s0 then an attempt is made +to reuse the structure at \fI*x\fR (but see \s-1BUGS\s0 and \s-1EXAMPLES\s0 sections). +Irrespective of the value of \fIx\fR a pointer to the structure is always +returned (or \s-1NULL\s0 if an error occurred). +.PP +The \s-1PEM\s0 functions which write private keys take an \fIenc\fR parameter +which specifies the encryption algorithm to use, encryption is done +at the \s-1PEM\s0 level. If this parameter is set to \s-1NULL\s0 then the private +key is written in unencrypted form. +.PP +The \fIcb\fR argument is the callback to use when querying for the pass +phrase used for encrypted \s-1PEM\s0 structures (normally only private keys). +.PP +For the \s-1PEM\s0 write routines if the \fIkstr\fR parameter is not \s-1NULL\s0 then +\&\fIklen\fR bytes at \fIkstr\fR are used as the passphrase and \fIcb\fR is +ignored. +.PP +If the \fIcb\fR parameters is set to \s-1NULL\s0 and the \fIu\fR parameter is not +\&\s-1NULL\s0 then the \fIu\fR parameter is interpreted as a null terminated string +to use as the passphrase. If both \fIcb\fR and \fIu\fR are \s-1NULL\s0 then the +default callback routine is used which will typically prompt for the +passphrase on the current terminal with echoing turned off. +.PP +The default passphrase callback is sometimes inappropriate (for example +in a \s-1GUI\s0 application) so an alternative can be supplied. The callback +routine has the following form: +.PP +.Vb 1 +\& int cb(char *buf, int size, int rwflag, void *u); +.Ve +.PP +\&\fIbuf\fR is the buffer to write the passphrase to. \fIsize\fR is the maximum +length of the passphrase (i.e. the size of buf). \fIrwflag\fR is a flag +which is set to 0 when reading and 1 when writing. A typical routine +will ask the user to verify the passphrase (for example by prompting +for it twice) if \fIrwflag\fR is 1. The \fIu\fR parameter has the same +value as the \fIu\fR parameter passed to the \s-1PEM\s0 routine. It allows +arbitrary data to be passed to the callback by the application +(for example a window handle in a \s-1GUI\s0 application). The callback +\&\fImust\fR return the number of characters in the passphrase or \-1 if +an error occurred. +.SH "NOTES" +.IX Header "NOTES" +The old \fBPrivateKey\fR write routines are retained for compatibility. +New applications should write private keys using the +\&\fIPEM_write_bio_PKCS8PrivateKey()\fR or \fIPEM_write_PKCS8PrivateKey()\fR routines +because they are more secure (they use an iteration count of 2048 whereas +the traditional routines use a count of 1) unless compatibility with older +versions of OpenSSL is important. +.PP +The \fBPrivateKey\fR read routines can be used in all applications because +they handle all formats transparently. +.PP +A frequent cause of problems is attempting to use the \s-1PEM\s0 routines like +this: +.PP +.Vb 1 +\& X509 *x; +\& +\& PEM_read_bio_X509(bp, &x, 0, NULL); +.Ve +.PP +this is a bug because an attempt will be made to reuse the data at \fIx\fR +which is an uninitialised pointer. +.PP +These functions make no assumption regarding the pass phrase received from the +password callback. +It will simply be treated as a byte sequence. +.SH "PEM ENCRYPTION FORMAT" +.IX Header "PEM ENCRYPTION FORMAT" +These old \fBPrivateKey\fR routines use a non standard technique for encryption. +.PP +The private key (or other data) takes the following form: +.PP +.Vb 3 +\& \-\-\-\-\-BEGIN RSA PRIVATE KEY\-\-\-\-\- +\& Proc\-Type: 4,ENCRYPTED +\& DEK\-Info: DES\-EDE3\-CBC,3F17F5316E2BAC89 +\& +\& ...base64 encoded data... +\& \-\-\-\-\-END RSA PRIVATE KEY\-\-\-\-\- +.Ve +.PP +The line beginning with \fIProc-Type\fR contains the version and the +protection on the encapsulated data. The line beginning \fIDEK-Info\fR +contains two comma separated values: the encryption algorithm name as +used by \fIEVP_get_cipherbyname()\fR and an initialization vector used by the +cipher encoded as a set of hexadecimal digits. After those two lines is +the base64\-encoded encrypted data. +.PP +The encryption key is derived using \fIEVP_BytesToKey()\fR. The cipher's +initialization vector is passed to \fIEVP_BytesToKey()\fR as the \fIsalt\fR +parameter. Internally, \fB\s-1PKCS5_SALT_LEN\s0\fR bytes of the salt are used +(regardless of the size of the initialization vector). The user's +password is passed to \fIEVP_BytesToKey()\fR using the \fIdata\fR and \fIdatal\fR +parameters. Finally, the library uses an iteration count of 1 for +\&\fIEVP_BytesToKey()\fR. +.PP +The \fIkey\fR derived by \fIEVP_BytesToKey()\fR along with the original initialization +vector is then used to decrypt the encrypted data. The \fIiv\fR produced by +\&\fIEVP_BytesToKey()\fR is not utilized or needed, and \s-1NULL\s0 should be passed to +the function. +.PP +The pseudo code to derive the key would look similar to: +.PP +.Vb 2 +\& EVP_CIPHER* cipher = EVP_des_ede3_cbc(); +\& EVP_MD* md = EVP_md5(); +\& +\& unsigned int nkey = EVP_CIPHER_key_length(cipher); +\& unsigned int niv = EVP_CIPHER_iv_length(cipher); +\& unsigned char key[nkey]; +\& unsigned char iv[niv]; +\& +\& memcpy(iv, HexToBin("3F17F5316E2BAC89"), niv); +\& rc = EVP_BytesToKey(cipher, md, iv /*salt*/, pword, plen, 1, key, NULL /*iv*/); +\& if (rc != nkey) +\& /* Error */ +\& +\& /* On success, use key and iv to initialize the cipher */ +.Ve +.SH "BUGS" +.IX Header "BUGS" +The \s-1PEM\s0 read routines in some versions of OpenSSL will not correctly reuse +an existing structure. Therefore the following: +.PP +.Vb 1 +\& PEM_read_bio_X509(bp, &x, 0, NULL); +.Ve +.PP +where \fIx\fR already contains a valid certificate, may not work, whereas: +.PP +.Vb 2 +\& X509_free(x); +\& x = PEM_read_bio_X509(bp, NULL, 0, NULL); +.Ve +.PP +is guaranteed to work. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The read routines return either a pointer to the structure read or \s-1NULL\s0 +if an error occurred. +.PP +The write routines return 1 for success or 0 for failure. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Although the \s-1PEM\s0 routines take several arguments in almost all applications +most of them are set to 0 or \s-1NULL\s0. +.PP +Read a certificate in \s-1PEM\s0 format from a \s-1BIO:\s0 +.PP +.Vb 1 +\& X509 *x; +\& +\& x = PEM_read_bio_X509(bp, NULL, 0, NULL); +\& if (x == NULL) +\& /* Error */ +.Ve +.PP +Alternative method: +.PP +.Vb 1 +\& X509 *x = NULL; +\& +\& if (!PEM_read_bio_X509(bp, &x, 0, NULL)) +\& /* Error */ +.Ve +.PP +Write a certificate to a \s-1BIO:\s0 +.PP +.Vb 2 +\& if (!PEM_write_bio_X509(bp, x)) +\& /* Error */ +.Ve +.PP +Write a private key (using traditional format) to a \s-1BIO\s0 using +triple \s-1DES\s0 encryption, the pass phrase is prompted for: +.PP +.Vb 2 +\& if (!PEM_write_bio_PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, NULL)) +\& /* Error */ +.Ve +.PP +Write a private key (using PKCS#8 format) to a \s-1BIO\s0 using triple +\&\s-1DES\s0 encryption, using the pass phrase \*(L"hello\*(R": +.PP +.Vb 3 +\& if (!PEM_write_bio_PKCS8PrivateKey(bp, key, EVP_des_ede3_cbc(), +\& NULL, 0, 0, "hello")) +\& /* Error */ +.Ve +.PP +Read a private key from a \s-1BIO\s0 using a pass phrase callback: +.PP +.Vb 3 +\& key = PEM_read_bio_PrivateKey(bp, NULL, pass_cb, "My Private Key"); +\& if (key == NULL) +\& /* Error */ +.Ve +.PP +Skeleton pass phrase callback: +.PP +.Vb 2 +\& int pass_cb(char *buf, int size, int rwflag, void *u) +\& { +\& +\& /* We\*(Aqd probably do something else if \*(Aqrwflag\*(Aq is 1 */ +\& printf("Enter pass phrase for \e"%s\e"\en", (char *)u); +\& +\& /* get pass phrase, length \*(Aqlen\*(Aq into \*(Aqtmp\*(Aq */ +\& char *tmp = "hello"; +\& if (tmp == NULL) /* An error occurred */ +\& return \-1; +\& +\& size_t len = strlen(tmp); +\& +\& if (len > size) +\& len = size; +\& memcpy(buf, tmp, len); +\& return len; +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_EncryptInit\fR\|(3), \fIEVP_BytesToKey\fR\|(3), +\&\fIpassphrase\-encoding\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The old Netscape certificate sequences were no longer documented +in OpenSSL 1.1.0; applications should use the \s-1PKCS7\s0 standard instead +as they will be formally deprecated in a future releases. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/PEM_read_bio_ex.3 b/linux_amd64/ssl/share/man/man3/PEM_read_bio_ex.3 new file mode 100755 index 0000000..b339114 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/PEM_read_bio_ex.3 @@ -0,0 +1,191 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PEM_READ_BIO_EX 3" +.TH PEM_READ_BIO_EX 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PEM_read_bio_ex, PEM_FLAG_SECURE, PEM_FLAG_EAY_COMPATIBLE, +PEM_FLAG_ONLY_B64 \- read PEM format files with custom processing +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& #define PEM_FLAG_SECURE 0x1 +\& #define PEM_FLAG_EAY_COMPATIBLE 0x2 +\& #define PEM_FLAG_ONLY_B64 0x4 +\& int PEM_read_bio_ex(BIO *in, char **name, char **header, +\& unsigned char **data, long *len, unsigned int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIPEM_read_bio_ex()\fR reads in \s-1PEM\s0 formatted data from an input \s-1BIO\s0, outputting +the name of the type of contained data, the header information regarding +the possibly encrypted data, and the binary data payload (after base64 decoding). +It should generally only be used to implement PEM_read_bio_\-family functions +for specific data types or other usage, but is exposed to allow greater flexibility +over how processing is performed, if needed. +.PP +If \s-1PEM_FLAG_SECURE\s0 is set, the intermediate buffers used to read in lines of +input are allocated from the secure heap. +.PP +If \s-1PEM_FLAG_EAY_COMPATIBLE\s0 is set, a simple algorithm is used to remove whitespace +and control characters from the end of each line, so as to be compatible with +the historical behavior of \fIPEM_read_bio()\fR. +.PP +If \s-1PEM_FLAG_ONLY_B64\s0 is set, all characters are required to be valid base64 +characters (or newlines); non\-base64 characters are treated as end of input. +.PP +If neither \s-1PEM_FLAG_EAY_COMPATIBLE\s0 or \s-1PEM_FLAG_ONLY_B64\s0 is set, control characters +are ignored. +.PP +If both \s-1PEM_FLAG_EAY_COMPATIBLE\s0 and \s-1PEM_FLAG_ONLY_B64\s0 are set, an error is returned; +these options are not compatible with each other. +.SH "NOTES" +.IX Header "NOTES" +The caller must release the storage allocated for *name, *header, and *data. +If \s-1PEM_FLAG_SECURE\s0 was set, use \fIOPENSSL_secure_free()\fR; otherwise, +\&\fIOPENSSL_free()\fR is used. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIPEM_read_bio_ex()\fR returns 1 for success or 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIPEM_bytes_read_bio\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fIPEM_read_bio_ex()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/PEM_write_bio_CMS_stream.3 b/linux_amd64/ssl/share/man/man3/PEM_write_bio_CMS_stream.3 new file mode 100755 index 0000000..d04d8ab --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/PEM_write_bio_CMS_stream.3 @@ -0,0 +1,171 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PEM_WRITE_BIO_CMS_STREAM 3" +.TH PEM_WRITE_BIO_CMS_STREAM 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PEM_write_bio_CMS_stream \- output CMS_ContentInfo structure in PEM format +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *data, int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIPEM_write_bio_CMS_stream()\fR outputs a CMS_ContentInfo structure in \s-1PEM\s0 format. +.PP +It is otherwise identical to the function \fISMIME_write_CMS()\fR. +.SH "NOTES" +.IX Header "NOTES" +This function is effectively a version of the \fIPEM_write_bio_CMS()\fR supporting +streaming. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIPEM_write_bio_CMS_stream()\fR returns 1 for success or 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3), +\&\fICMS_verify\fR\|(3), \fICMS_encrypt\fR\|(3) +\&\fICMS_decrypt\fR\|(3), +\&\fIPEM_write\fR\|(3), +\&\fISMIME_write_CMS\fR\|(3), +\&\fIi2d_CMS_bio_stream\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fIPEM_write_bio_CMS_stream()\fR function was added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/PEM_write_bio_PKCS7_stream.3 b/linux_amd64/ssl/share/man/man3/PEM_write_bio_PKCS7_stream.3 new file mode 100755 index 0000000..655a9ad --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/PEM_write_bio_PKCS7_stream.3 @@ -0,0 +1,170 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PEM_WRITE_BIO_PKCS7_STREAM 3" +.TH PEM_WRITE_BIO_PKCS7_STREAM 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PEM_write_bio_PKCS7_stream \- output PKCS7 structure in PEM format +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *data, int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIPEM_write_bio_PKCS7_stream()\fR outputs a \s-1PKCS7\s0 structure in \s-1PEM\s0 format. +.PP +It is otherwise identical to the function \fISMIME_write_PKCS7()\fR. +.SH "NOTES" +.IX Header "NOTES" +This function is effectively a version of the \fIPEM_write_bio_PKCS7()\fR supporting +streaming. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIPEM_write_bio_PKCS7_stream()\fR returns 1 for success or 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fIPKCS7_sign\fR\|(3), +\&\fIPKCS7_verify\fR\|(3), \fIPKCS7_encrypt\fR\|(3) +\&\fIPKCS7_decrypt\fR\|(3), +\&\fISMIME_write_PKCS7\fR\|(3), +\&\fIi2d_PKCS7_bio_stream\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fIPEM_write_bio_PKCS7_stream()\fR function was added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2007\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/PKCS12_SAFEBAG_get0_attrs.3 b/linux_amd64/ssl/share/man/man3/PKCS12_SAFEBAG_get0_attrs.3 new file mode 100755 index 0000000..1d95ae4 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/PKCS12_SAFEBAG_get0_attrs.3 @@ -0,0 +1,172 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS12_SAFEBAG_GET0_ATTRS 3" +.TH PKCS12_SAFEBAG_GET0_ATTRS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS12_SAFEBAG_get0_attrs, PKCS12_get_attr_gen \- Retrieve attributes from a PKCS#12 safeBag +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const STACK_OF(X509_ATTRIBUTE) *PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag); +\& +\& ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs, +\& int attr_nid) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIPKCS12_SAFEBAG_get0_attrs()\fR retrieves the stack of \fBX509_ATTRIBUTE\fRs from a +PKCS#12 safeBag. \fIbag\fR is the \fB\s-1PKCS12_SAFEBAG\s0\fR to retrieve the attributes from. +.PP +\&\fIPKCS12_get_attr_gen()\fR retrieves an attribute by \s-1NID\s0 from a stack of +\&\fBX509_ATTRIBUTE\fRs. \fIattr_nid\fR is the \s-1NID\s0 of the attribute to retrieve. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIPKCS12_SAFEBAG_get0_attrs()\fR returns the stack of \fBX509_ATTRIBUTE\fRs from a +PKCS#12 safeBag, which could be empty. +.PP +\&\fIPKCS12_get_attr_gen()\fR returns an \fB\s-1ASN1_TYPE\s0\fR object containing the attribute, +or \s-1NULL\s0 if the attribute was either not present or an error occurred. +.PP +\&\fIPKCS12_get_attr_gen()\fR does not allocate a new attribute. The returned attribute +is still owned by the \fB\s-1PKCS12_SAFEBAG\s0\fR in which it resides. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIPKCS12_get_friendlyname\fR\|(3), +\&\fIPKCS12_add_friendlyname_asc\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/PKCS12_add_CSPName_asc.3 b/linux_amd64/ssl/share/man/man3/PKCS12_add_CSPName_asc.3 new file mode 100755 index 0000000..3ef7360 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/PKCS12_add_CSPName_asc.3 @@ -0,0 +1,159 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS12_ADD_CSPNAME_ASC 3" +.TH PKCS12_ADD_CSPNAME_ASC 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS12_add_CSPName_asc \- Add a Microsoft CSP Name attribute to a PKCS#12 safeBag +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name, int namelen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIPKCS12_add_CSPName_asc()\fR adds an \s-1ASCII\s0 string representation of the Microsoft \s-1CSP\s0 Name attribute to a PKCS#12 safeBag. +.PP +\&\fIbag\fR is the \fB\s-1PKCS12_SAFEBAG\s0\fR to add the attribute to. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Returns 1 for success or 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIPKCS12_add_friendlyname_asc\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/PKCS12_add_friendlyname_asc.3 b/linux_amd64/ssl/share/man/man3/PKCS12_add_friendlyname_asc.3 new file mode 100755 index 0000000..640cd55 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/PKCS12_add_friendlyname_asc.3 @@ -0,0 +1,175 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS12_ADD_FRIENDLYNAME_ASC 3" +.TH PKCS12_ADD_FRIENDLYNAME_ASC 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS12_add_friendlyname_asc, PKCS12_add_friendlyname_utf8, +PKCS12_add_friendlyname_uni \- Functions to add the friendlyname attribute to a +PKCS#12 safeBag +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name, +\& int namelen); +\& +\& int PKCS12_add_friendlyname_utf8(PKCS12_SAFEBAG *bag, const char *name, +\& int namelen); +\& +\& int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, +\& const unsigned char *name, int namelen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIPKCS12_add_friendlyname_asc()\fR adds an \s-1ASCII\s0 string representation of the PKCS#9 +friendlyName attribute to a PKCS#12 safeBag. +.PP +\&\fIPKCS12_add_friendlyname_utf8()\fR adds a \s-1UTF\-8\s0 string representation of the PKCS#9 +friendlyName attribute to a PKCS#12 safeBag. +.PP +\&\fIPKCS12_add_friendlyname_uni()\fR adds a Unicode string representation of the PKCS#9 +friendlyName attribute to a PKCS#12 safeBag. +.PP +\&\fIbag\fR is the \fB\s-1PKCS12_SAFEBAG\s0\fR to add the attribute to. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Returns 1 for success or 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIPKCS12_get_friendlyname\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/PKCS12_add_localkeyid.3 b/linux_amd64/ssl/share/man/man3/PKCS12_add_localkeyid.3 new file mode 100755 index 0000000..6c748cd --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/PKCS12_add_localkeyid.3 @@ -0,0 +1,161 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS12_ADD_LOCALKEYID 3" +.TH PKCS12_ADD_LOCALKEYID 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS12_add_localkeyid \- Add the localKeyId attribute to a PKCS#12 safeBag +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, const char *name, +\& int namelen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIPKCS12_add_localkeyid()\fR adds an octet string representation of the PKCS#9 +localKeyId attribute to a PKCS#12 safeBag. +.PP +\&\fIbag\fR is the \fB\s-1PKCS12_SAFEBAG\s0\fR to add the attribute to. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Returns 1 for success or 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIPKCS12_add_friendlyname_asc\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/PKCS12_create.3 b/linux_amd64/ssl/share/man/man3/PKCS12_create.3 new file mode 100755 index 0000000..ec5452b --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/PKCS12_create.3 @@ -0,0 +1,208 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS12_CREATE 3" +.TH PKCS12_CREATE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS12_create \- create a PKCS#12 structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey, +\& X509 *cert, STACK_OF(X509) *ca, +\& int nid_key, int nid_cert, int iter, int mac_iter, int keytype); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIPKCS12_create()\fR creates a PKCS#12 structure. +.PP +\&\fBpass\fR is the passphrase to use. \fBname\fR is the \fBfriendlyName\fR to use for +the supplied certificate and key. \fBpkey\fR is the private key to include in +the structure and \fBcert\fR its corresponding certificates. \fBca\fR, if not \fB\s-1NULL\s0\fR +is an optional set of certificates to also include in the structure. +.PP +\&\fBnid_key\fR and \fBnid_cert\fR are the encryption algorithms that should be used +for the key and certificate respectively. The modes +\&\s-1GCM\s0, \s-1CCM\s0, \s-1XTS\s0, and \s-1OCB\s0 are unsupported. \fBiter\fR is the encryption algorithm +iteration count to use and \fBmac_iter\fR is the \s-1MAC\s0 iteration count to use. +\&\fBkeytype\fR is the type of key. +.SH "NOTES" +.IX Header "NOTES" +The parameters \fBnid_key\fR, \fBnid_cert\fR, \fBiter\fR, \fBmac_iter\fR and \fBkeytype\fR +can all be set to zero and sensible defaults will be used. +.PP +These defaults are: 40 bit \s-1RC2\s0 encryption for certificates, triple \s-1DES\s0 +encryption for private keys, a key iteration count of \s-1PKCS12_DEFAULT_ITER\s0 +(currently 2048) and a \s-1MAC\s0 iteration count of 1. +.PP +The default \s-1MAC\s0 iteration count is 1 in order to retain compatibility with +old software which did not interpret \s-1MAC\s0 iteration counts. If such compatibility +is not required then \fBmac_iter\fR should be set to \s-1PKCS12_DEFAULT_ITER\s0. +.PP +\&\fBkeytype\fR adds a flag to the store private key. This is a non standard extension +that is only currently interpreted by \s-1MSIE\s0. If set to zero the flag is omitted, +if set to \fB\s-1KEY_SIG\s0\fR the key can be used for signing only, if set to \fB\s-1KEY_EX\s0\fR +it can be used for signing and encryption. This option was useful for old +export grade software which could use signing only keys of arbitrary size but +had restrictions on the permissible sizes of keys which could be used for +encryption. +.PP +If a certificate contains an \fBalias\fR or \fBkeyid\fR then this will be +used for the corresponding \fBfriendlyName\fR or \fBlocalKeyID\fR in the +\&\s-1PKCS12\s0 structure. +.PP +Either \fBpkey\fR, \fBcert\fR or both can be \fB\s-1NULL\s0\fR to indicate that no key or +certificate is required. In previous versions both had to be present or +a fatal error is returned. +.PP +\&\fBnid_key\fR or \fBnid_cert\fR can be set to \-1 indicating that no encryption +should be used. +.PP +\&\fBmac_iter\fR can be set to \-1 and the \s-1MAC\s0 will then be omitted entirely. +.PP +\&\fIPKCS12_create()\fR makes assumptions regarding the encoding of the given pass +phrase. +See \fIpassphrase\-encoding\fR\|(7) for more information. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIPKCS12_create()\fR returns a valid \fB\s-1PKCS12\s0\fR structure or \s-1NULL\s0 if an error occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fId2i_PKCS12\fR\|(3), +\&\fIpassphrase\-encoding\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/PKCS12_get_friendlyname.3 b/linux_amd64/ssl/share/man/man3/PKCS12_get_friendlyname.3 new file mode 100755 index 0000000..5332e48 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/PKCS12_get_friendlyname.3 @@ -0,0 +1,162 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS12_GET_FRIENDLYNAME 3" +.TH PKCS12_GET_FRIENDLYNAME 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS12_get_friendlyname \- Retrieve the friendlyname attribute from a PKCS#12 safeBag +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIPKCS12_get_friendlyname()\fR retrieves a \s-1UTF\-8\s0 string representation of the PKCS#9 +friendlyName attribute for a PKCS#12 safeBag item. +.PP +\&\fIbag\fR is the \fB\s-1PKCS12_SAFEBAG\s0\fR to retrieve the attribute from. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +A \s-1UTF\-8\s0 string, or \s-1NULL\s0 if the attribute was either not present or an error occurred. +.PP +The returned string is allocated by OpenSSL and should be freed by the user. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIPKCS12_add_friendlyname_asc\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/PKCS12_newpass.3 b/linux_amd64/ssl/share/man/man3/PKCS12_newpass.3 new file mode 100755 index 0000000..44af9c2 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/PKCS12_newpass.3 @@ -0,0 +1,235 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS12_NEWPASS 3" +.TH PKCS12_NEWPASS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS12_newpass \- change the password of a PKCS12 structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIPKCS12_newpass()\fR changes the password of a \s-1PKCS12\s0 structure. +.PP +\&\fBp12\fR is a pointer to a \s-1PKCS12\s0 structure. \fBoldpass\fR is the existing password +and \fBnewpass\fR is the new password. +.PP +Each of \fBoldpass\fR and \fBnewpass\fR is independently interpreted as a string in +the \s-1UTF\-8\s0 encoding. If it is not valid \s-1UTF\-8\s0, it is assumed to be \s-1ISO8859\-1\s0 +instead. +.PP +In particular, this means that passwords in the locale character set +(or code page on Windows) must potentially be converted to \s-1UTF\-8\s0 before +use. This may include passwords from local text files, or input from +the terminal or command line. Refer to the documentation of +\&\fIUI_OpenSSL\fR\|(3), for example. +.PP +If the PKCS#12 structure does not have a password, then you must use the empty +string "" for \fBoldpass\fR. Using \s-1NULL\s0 for \fBoldpass\fR will result in a +\&\fIPKCS12_newpass()\fR failure. +.PP +If the wrong password is used for \fBoldpass\fR then the function will fail, +with a \s-1MAC\s0 verification error. In rare cases the \s-1PKCS12\s0 structure does not +contain a \s-1MAC:\s0 in this case it will usually fail with a decryption padding +error. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIPKCS12_newpass()\fR returns 1 on success or 0 on failure. Applications can +retrieve the most recent error from \fIPKCS12_newpass()\fR with \fIERR_get_error()\fR. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This example loads a PKCS#12 file, changes its password and writes out +the result to a new file. +.PP +.Vb 5 +\& #include +\& #include +\& #include +\& #include +\& #include +\& +\& int main(int argc, char **argv) +\& { +\& FILE *fp; +\& PKCS12 *p12; +\& +\& if (argc != 5) { +\& fprintf(stderr, "Usage: pkread p12file password newpass opfile\en"); +\& return 1; +\& } +\& if ((fp = fopen(argv[1], "rb")) == NULL) { +\& fprintf(stderr, "Error opening file %s\en", argv[1]); +\& return 1; +\& } +\& p12 = d2i_PKCS12_fp(fp, NULL); +\& fclose(fp); +\& if (p12 == NULL) { +\& fprintf(stderr, "Error reading PKCS#12 file\en"); +\& ERR_print_errors_fp(stderr); +\& return 1; +\& } +\& if (PKCS12_newpass(p12, argv[2], argv[3]) == 0) { +\& fprintf(stderr, "Error changing password\en"); +\& ERR_print_errors_fp(stderr); +\& PKCS12_free(p12); +\& return 1; +\& } +\& if ((fp = fopen(argv[4], "wb")) == NULL) { +\& fprintf(stderr, "Error opening file %s\en", argv[4]); +\& PKCS12_free(p12); +\& return 1; +\& } +\& i2d_PKCS12_fp(fp, p12); +\& PKCS12_free(p12); +\& fclose(fp); +\& return 0; +\& } +.Ve +.SH "BUGS" +.IX Header "BUGS" +The password format is a \s-1NULL\s0 terminated \s-1ASCII\s0 string which is converted to +Unicode form internally. As a result some passwords cannot be supplied to +this function. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIPKCS12_create\fR\|(3), \fIERR_get_error\fR\|(3), +\&\fIpassphrase\-encoding\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/PKCS12_parse.3 b/linux_amd64/ssl/share/man/man3/PKCS12_parse.3 new file mode 100755 index 0000000..f66b82b --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/PKCS12_parse.3 @@ -0,0 +1,194 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS12_PARSE 3" +.TH PKCS12_PARSE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS12_parse \- parse a PKCS#12 structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, +\& STACK_OF(X509) **ca); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIPKCS12_parse()\fR parses a \s-1PKCS12\s0 structure. +.PP +\&\fBp12\fR is the \fB\s-1PKCS12\s0\fR structure to parse. \fBpass\fR is the passphrase to use. +If successful the private key will be written to \fB*pkey\fR, the corresponding +certificate to \fB*cert\fR and any additional certificates to \fB*ca\fR. +.SH "NOTES" +.IX Header "NOTES" +The parameters \fBpkey\fR and \fBcert\fR cannot be \fB\s-1NULL\s0\fR. \fBca\fR can be <\s-1NULL\s0> in +which case additional certificates will be discarded. \fB*ca\fR can also be a +valid \s-1STACK\s0 in which case additional certificates are appended to \fB*ca\fR. If +\&\fB*ca\fR is \fB\s-1NULL\s0\fR a new \s-1STACK\s0 will be allocated. +.PP +The \fBfriendlyName\fR and \fBlocalKeyID\fR attributes (if present) on each +certificate will be stored in the \fBalias\fR and \fBkeyid\fR attributes of the +\&\fBX509\fR structure. +.PP +The parameter \fBpass\fR is interpreted as a string in the \s-1UTF\-8\s0 encoding. If it +is not valid \s-1UTF\-8\s0, then it is assumed to be \s-1ISO8859\-1\s0 instead. +.PP +In particular, this means that passwords in the locale character set +(or code page on Windows) must potentially be converted to \s-1UTF\-8\s0 before +use. This may include passwords from local text files, or input from +the terminal or command line. Refer to the documentation of +\&\fIUI_OpenSSL\fR\|(3), for example. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIPKCS12_parse()\fR returns 1 for success and zero if an error occurred. +.PP +The error can be obtained from \fIERR_get_error\fR\|(3) +.SH "BUGS" +.IX Header "BUGS" +Only a single private key and corresponding certificate is returned by this +function. More complex PKCS#12 files with multiple private keys will only +return the first match. +.PP +Only \fBfriendlyName\fR and \fBlocalKeyID\fR attributes are currently stored in +certificates. Other attributes are discarded. +.PP +Attributes currently cannot be stored in the private key \fB\s-1EVP_PKEY\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fId2i_PKCS12\fR\|(3), +\&\fIpassphrase\-encoding\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/PKCS5_PBKDF2_HMAC.3 b/linux_amd64/ssl/share/man/man3/PKCS5_PBKDF2_HMAC.3 new file mode 100755 index 0000000..79c5c17 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/PKCS5_PBKDF2_HMAC.3 @@ -0,0 +1,199 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS5_PBKDF2_HMAC 3" +.TH PKCS5_PBKDF2_HMAC 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS5_PBKDF2_HMAC, PKCS5_PBKDF2_HMAC_SHA1 \- password based derivation routines with salt and iteration count +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, +\& const unsigned char *salt, int saltlen, int iter, +\& const EVP_MD *digest, +\& int keylen, unsigned char *out); +\& +\& int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, +\& const unsigned char *salt, int saltlen, int iter, +\& int keylen, unsigned char *out); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1\fIPKCS5_PBKDF2_HMAC\s0()\fR derives a key from a password using a salt and iteration count +as specified in \s-1RFC\s0 2898. +.PP +\&\fBpass\fR is the password used in the derivation of length \fBpasslen\fR. \fBpass\fR +is an optional parameter and can be \s-1NULL\s0. If \fBpasslen\fR is \-1, then the +function will calculate the length of \fBpass\fR using \fIstrlen()\fR. +.PP +\&\fBsalt\fR is the salt used in the derivation of length \fBsaltlen\fR. If the +\&\fBsalt\fR is \s-1NULL\s0, then \fBsaltlen\fR must be 0. The function will not +attempt to calculate the length of the \fBsalt\fR because it is not assumed to +be \s-1NULL\s0 terminated. +.PP +\&\fBiter\fR is the iteration count and its value should be greater than or +equal to 1. \s-1RFC\s0 2898 suggests an iteration count of at least 1000. Any +\&\fBiter\fR less than 1 is treated as a single iteration. +.PP +\&\fBdigest\fR is the message digest function used in the derivation. Values include +any of the EVP_* message digests. \s-1\fIPKCS5_PBKDF2_HMAC_SHA1\s0()\fR calls +\&\s-1\fIPKCS5_PBKDF2_HMAC\s0()\fR with \fIEVP_sha1()\fR. +.PP +The derived key will be written to \fBout\fR. The size of the \fBout\fR buffer +is specified via \fBkeylen\fR. +.SH "NOTES" +.IX Header "NOTES" +A typical application of this function is to derive keying material for an +encryption algorithm from a password in the \fBpass\fR, a salt in \fBsalt\fR, +and an iteration count. +.PP +Increasing the \fBiter\fR parameter slows down the algorithm which makes it +harder for an attacker to perform a brute force attack using a large number +of candidate passwords. +.PP +These functions make no assumption regarding the given password. +It will simply be treated as a byte sequence. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\s-1\fIPKCS5_PBKDF2_HMAC\s0()\fR and \s-1\fIPBKCS5_PBKDF2_HMAC_SHA1\s0()\fR return 1 on success or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIevp\fR\|(7), \fIRAND_bytes\fR\|(3), +\&\fIEVP_BytesToKey\fR\|(3), +\&\fIpassphrase\-encoding\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2014\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/PKCS7_decrypt.3 b/linux_amd64/ssl/share/man/man3/PKCS7_decrypt.3 new file mode 100755 index 0000000..ba32c54 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/PKCS7_decrypt.3 @@ -0,0 +1,178 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS7_DECRYPT 3" +.TH PKCS7_DECRYPT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS7_decrypt \- decrypt content from a PKCS#7 envelopedData structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIPKCS7_decrypt()\fR extracts and decrypts the content from a PKCS#7 envelopedData +structure. \fBpkey\fR is the private key of the recipient, \fBcert\fR is the +recipients certificate, \fBdata\fR is a \s-1BIO\s0 to write the content to and +\&\fBflags\fR is an optional set of flags. +.SH "NOTES" +.IX Header "NOTES" +Although the recipients certificate is not needed to decrypt the data it is needed +to locate the appropriate (of possible several) recipients in the PKCS#7 structure. +.PP +The following flags can be passed in the \fBflags\fR parameter. +.PP +If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are deleted +from the content. If the content is not of type \fBtext/plain\fR then an error is +returned. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIPKCS7_decrypt()\fR returns either 1 for success or 0 for failure. +The error can be obtained from \fIERR_get_error\fR\|(3) +.SH "BUGS" +.IX Header "BUGS" +\&\fIPKCS7_decrypt()\fR must be passed the correct recipient key and certificate. It would +be better if it could look up the correct key and certificate from a database. +.PP +The lack of single pass processing and need to hold all data in memory as +mentioned in \fIPKCS7_sign()\fR also applies to \fIPKCS7_verify()\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fIPKCS7_encrypt\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/PKCS7_encrypt.3 b/linux_amd64/ssl/share/man/man3/PKCS7_encrypt.3 new file mode 100755 index 0000000..a9fd1e1 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/PKCS7_encrypt.3 @@ -0,0 +1,207 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS7_ENCRYPT 3" +.TH PKCS7_ENCRYPT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS7_encrypt \- create a PKCS#7 envelopedData structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, +\& int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIPKCS7_encrypt()\fR creates and returns a PKCS#7 envelopedData structure. \fBcerts\fR +is a list of recipient certificates. \fBin\fR is the content to be encrypted. +\&\fBcipher\fR is the symmetric cipher to use. \fBflags\fR is an optional set of flags. +.PP +Only \s-1RSA\s0 keys are supported in PKCS#7 and envelopedData so the recipient +certificates supplied to this function must all contain \s-1RSA\s0 public keys, though +they do not have to be signed using the \s-1RSA\s0 algorithm. +.PP +\&\fIEVP_des_ede3_cbc()\fR (triple \s-1DES\s0) is the algorithm of choice for S/MIME use +because most clients will support it. +.PP +Some old \*(L"export grade\*(R" clients may only support weak encryption using 40 or 64 +bit \s-1RC2\s0. These can be used by passing \fIEVP_rc2_40_cbc()\fR and \fIEVP_rc2_64_cbc()\fR +respectively. +.PP +The algorithm passed in the \fBcipher\fR parameter must support \s-1ASN1\s0 encoding of +its parameters. +.PP +Many browsers implement a \*(L"sign and encrypt\*(R" option which is simply an S/MIME +envelopedData containing an S/MIME signed message. This can be readily produced +by storing the S/MIME signed message in a memory \s-1BIO\s0 and passing it to +\&\fIPKCS7_encrypt()\fR. +.PP +The following flags can be passed in the \fBflags\fR parameter. +.PP +If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are +prepended to the data. +.PP +Normally the supplied content is translated into \s-1MIME\s0 canonical format (as +required by the S/MIME specifications) if \fB\s-1PKCS7_BINARY\s0\fR is set no translation +occurs. This option should be used if the supplied data is in binary format +otherwise the translation will corrupt it. If \fB\s-1PKCS7_BINARY\s0\fR is set then +\&\fB\s-1PKCS7_TEXT\s0\fR is ignored. +.PP +If the \fB\s-1PKCS7_STREAM\s0\fR flag is set a partial \fB\s-1PKCS7\s0\fR structure is output +suitable for streaming I/O: no data is read from the \s-1BIO\s0 \fBin\fR. +.PP +If the flag \fB\s-1PKCS7_STREAM\s0\fR is set the returned \fB\s-1PKCS7\s0\fR structure is \fBnot\fR +complete and outputting its contents via a function that does not +properly finalize the \fB\s-1PKCS7\s0\fR structure will give unpredictable +results. +.PP +Several functions including \fISMIME_write_PKCS7()\fR, \fIi2d_PKCS7_bio_stream()\fR, +\&\fIPEM_write_bio_PKCS7_stream()\fR finalize the structure. Alternatively finalization +can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using +\&\fIBIO_new_PKCS7()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIPKCS7_encrypt()\fR returns either a \s-1PKCS7\s0 structure or \s-1NULL\s0 if an error occurred. +The error can be obtained from \fIERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fIPKCS7_decrypt\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fB\s-1PKCS7_STREAM\s0\fR flag was added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/PKCS7_sign.3 b/linux_amd64/ssl/share/man/man3/PKCS7_sign.3 new file mode 100755 index 0000000..551e551 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/PKCS7_sign.3 @@ -0,0 +1,241 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS7_SIGN 3" +.TH PKCS7_SIGN 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS7_sign \- create a PKCS#7 signedData structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, +\& BIO *data, int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIPKCS7_sign()\fR creates and returns a PKCS#7 signedData structure. \fBsigncert\fR is +the certificate to sign with, \fBpkey\fR is the corresponding private key. +\&\fBcerts\fR is an optional additional set of certificates to include in the PKCS#7 +structure (for example any intermediate CAs in the chain). +.PP +The data to be signed is read from \s-1BIO\s0 \fBdata\fR. +.PP +\&\fBflags\fR is an optional set of flags. +.PP +Any of the following flags (ored together) can be passed in the \fBflags\fR +parameter. +.PP +Many S/MIME clients expect the signed content to include valid \s-1MIME\s0 headers. If +the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are prepended +to the data. +.PP +If \fB\s-1PKCS7_NOCERTS\s0\fR is set the signer's certificate will not be included in the +\&\s-1PKCS7\s0 structure, the signer's certificate must still be supplied in the +\&\fBsigncert\fR parameter though. This can reduce the size of the signature if the +signers certificate can be obtained by other means: for example a previously +signed message. +.PP +The data being signed is included in the \s-1PKCS7\s0 structure, unless +\&\fB\s-1PKCS7_DETACHED\s0\fR is set in which case it is omitted. This is used for \s-1PKCS7\s0 +detached signatures which are used in S/MIME plaintext signed messages for +example. +.PP +Normally the supplied content is translated into \s-1MIME\s0 canonical format (as +required by the S/MIME specifications) if \fB\s-1PKCS7_BINARY\s0\fR is set no translation +occurs. This option should be used if the supplied data is in binary format +otherwise the translation will corrupt it. +.PP +The signedData structure includes several PKCS#7 authenticatedAttributes +including the signing time, the PKCS#7 content type and the supported list of +ciphers in an SMIMECapabilities attribute. If \fB\s-1PKCS7_NOATTR\s0\fR is set then no +authenticatedAttributes will be used. If \fB\s-1PKCS7_NOSMIMECAP\s0\fR is set then just +the SMIMECapabilities are omitted. +.PP +If present the SMIMECapabilities attribute indicates support for the following +algorithms: triple \s-1DES\s0, 128 bit \s-1RC2\s0, 64 bit \s-1RC2\s0, \s-1DES\s0 and 40 bit \s-1RC2\s0. If any of +these algorithms is disabled then it will not be included. +.PP +If the flags \fB\s-1PKCS7_STREAM\s0\fR is set then the returned \fB\s-1PKCS7\s0\fR structure is +just initialized ready to perform the signing operation. The signing is however +\&\fBnot\fR performed and the data to be signed is not read from the \fBdata\fR +parameter. Signing is deferred until after the data has been written. In this +way data can be signed in a single pass. +.PP +If the \fB\s-1PKCS7_PARTIAL\s0\fR flag is set a partial \fB\s-1PKCS7\s0\fR structure is output to +which additional signers and capabilities can be added before finalization. +.PP +If the flag \fB\s-1PKCS7_STREAM\s0\fR is set the returned \fB\s-1PKCS7\s0\fR structure is \fBnot\fR +complete and outputting its contents via a function that does not properly +finalize the \fB\s-1PKCS7\s0\fR structure will give unpredictable results. +.PP +Several functions including \fISMIME_write_PKCS7()\fR, \fIi2d_PKCS7_bio_stream()\fR, +\&\fIPEM_write_bio_PKCS7_stream()\fR finalize the structure. Alternatively finalization +can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using +\&\fIBIO_new_PKCS7()\fR. +.PP +If a signer is specified it will use the default digest for the signing +algorithm. This is \fB\s-1SHA1\s0\fR for both \s-1RSA\s0 and \s-1DSA\s0 keys. +.PP +The \fBcerts\fR, \fBsigncert\fR and \fBpkey\fR parameters can all be +\&\fB\s-1NULL\s0\fR if the \fB\s-1PKCS7_PARTIAL\s0\fR flag is set. One or more signers can be added +using the function \fIPKCS7_sign_add_signer()\fR. \fIPKCS7_final()\fR must also be +called to finalize the structure if streaming is not enabled. Alternative +signing digests can also be specified using this method. +.PP +If \fBsigncert\fR and \fBpkey\fR are \s-1NULL\s0 then a certificates only +PKCS#7 structure is output. +.PP +In versions of OpenSSL before 1.0.0 the \fBsigncert\fR and \fBpkey\fR parameters must +\&\fB\s-1NOT\s0\fR be \s-1NULL\s0. +.SH "BUGS" +.IX Header "BUGS" +Some advanced attributes such as counter signatures are not supported. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIPKCS7_sign()\fR returns either a valid \s-1PKCS7\s0 structure or \s-1NULL\s0 if an error +occurred. The error can be obtained from \fIERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fIPKCS7_verify\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fB\s-1PKCS7_PARTIAL\s0\fR flag, and the ability for \fBcerts\fR, \fBsigncert\fR, +and \fBpkey\fR parameters to be \fB\s-1NULL\s0\fR were added in OpenSSL 1.0.0. +.PP +The \fB\s-1PKCS7_STREAM\s0\fR flag was added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/PKCS7_sign_add_signer.3 b/linux_amd64/ssl/share/man/man3/PKCS7_sign_add_signer.3 new file mode 100755 index 0000000..b9a8421 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/PKCS7_sign_add_signer.3 @@ -0,0 +1,215 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS7_SIGN_ADD_SIGNER 3" +.TH PKCS7_SIGN_ADD_SIGNER 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS7_sign_add_signer \- add a signer PKCS7 signed data structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert, +\& EVP_PKEY *pkey, const EVP_MD *md, int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIPKCS7_sign_add_signer()\fR adds a signer with certificate \fBsigncert\fR and private +key \fBpkey\fR using message digest \fBmd\fR to a \s-1PKCS7\s0 signed data structure +\&\fBp7\fR. +.PP +The \s-1PKCS7\s0 structure should be obtained from an initial call to \fIPKCS7_sign()\fR +with the flag \fB\s-1PKCS7_PARTIAL\s0\fR set or in the case or re-signing a valid \s-1PKCS7\s0 +signed data structure. +.PP +If the \fBmd\fR parameter is \fB\s-1NULL\s0\fR then the default digest for the public +key algorithm will be used. +.PP +Unless the \fB\s-1PKCS7_REUSE_DIGEST\s0\fR flag is set the returned \s-1PKCS7\s0 structure +is not complete and must be finalized either by streaming (if applicable) or +a call to \fIPKCS7_final()\fR. +.SH "NOTES" +.IX Header "NOTES" +The main purpose of this function is to provide finer control over a PKCS#7 +signed data structure where the simpler \fIPKCS7_sign()\fR function defaults are +not appropriate. For example if multiple signers or non default digest +algorithms are needed. +.PP +Any of the following flags (ored together) can be passed in the \fBflags\fR +parameter. +.PP +If \fB\s-1PKCS7_REUSE_DIGEST\s0\fR is set then an attempt is made to copy the content +digest value from the \s-1PKCS7\s0 structure: to add a signer to an existing structure. +An error occurs if a matching digest value cannot be found to copy. The +returned \s-1PKCS7\s0 structure will be valid and finalized when this flag is set. +.PP +If \fB\s-1PKCS7_PARTIAL\s0\fR is set in addition to \fB\s-1PKCS7_REUSE_DIGEST\s0\fR then the +\&\fB\s-1PKCS7_SIGNER_INO\s0\fR structure will not be finalized so additional attributes +can be added. In this case an explicit call to \fIPKCS7_SIGNER_INFO_sign()\fR is +needed to finalize it. +.PP +If \fB\s-1PKCS7_NOCERTS\s0\fR is set the signer's certificate will not be included in the +\&\s-1PKCS7\s0 structure, the signer's certificate must still be supplied in the +\&\fBsigncert\fR parameter though. This can reduce the size of the signature if the +signers certificate can be obtained by other means: for example a previously +signed message. +.PP +The signedData structure includes several PKCS#7 authenticatedAttributes +including the signing time, the PKCS#7 content type and the supported list of +ciphers in an SMIMECapabilities attribute. If \fB\s-1PKCS7_NOATTR\s0\fR is set then no +authenticatedAttributes will be used. If \fB\s-1PKCS7_NOSMIMECAP\s0\fR is set then just +the SMIMECapabilities are omitted. +.PP +If present the SMIMECapabilities attribute indicates support for the following +algorithms: triple \s-1DES\s0, 128 bit \s-1RC2\s0, 64 bit \s-1RC2\s0, \s-1DES\s0 and 40 bit \s-1RC2\s0. If any of +these algorithms is disabled then it will not be included. +.PP +\&\fIPKCS7_sign_add_signers()\fR returns an internal pointer to the \s-1PKCS7_SIGNER_INFO\s0 +structure just added, this can be used to set additional attributes +before it is finalized. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIPKCS7_sign_add_signers()\fR returns an internal pointer to the \s-1PKCS7_SIGNER_INFO\s0 +structure just added or \s-1NULL\s0 if an error occurs. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fIPKCS7_sign\fR\|(3), +\&\fIPKCS7_final\fR\|(3), +.SH "HISTORY" +.IX Header "HISTORY" +The \fIPPKCS7_sign_add_signer()\fR function was added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2007\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/PKCS7_verify.3 b/linux_amd64/ssl/share/man/man3/PKCS7_verify.3 new file mode 100755 index 0000000..e42ac83 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/PKCS7_verify.3 @@ -0,0 +1,249 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS7_VERIFY 3" +.TH PKCS7_VERIFY 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS7_verify, PKCS7_get0_signers \- verify a PKCS#7 signedData structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, +\& BIO *indata, BIO *out, int flags); +\& +\& STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIPKCS7_verify()\fR verifies a PKCS#7 signedData structure. \fBp7\fR is the \s-1PKCS7\s0 +structure to verify. \fBcerts\fR is a set of certificates in which to search for +the signer's certificate. \fBstore\fR is a trusted certificate store (used for +chain verification). \fBindata\fR is the signed data if the content is not +present in \fBp7\fR (that is it is detached). The content is written to \fBout\fR +if it is not \s-1NULL\s0. +.PP +\&\fBflags\fR is an optional set of flags, which can be used to modify the verify +operation. +.PP +\&\fIPKCS7_get0_signers()\fR retrieves the signer's certificates from \fBp7\fR, it does +\&\fBnot\fR check their validity or whether any signatures are valid. The \fBcerts\fR +and \fBflags\fR parameters have the same meanings as in \fIPKCS7_verify()\fR. +.SH "VERIFY PROCESS" +.IX Header "VERIFY PROCESS" +Normally the verify process proceeds as follows. +.PP +Initially some sanity checks are performed on \fBp7\fR. The type of \fBp7\fR must +be signedData. There must be at least one signature on the data and if +the content is detached \fBindata\fR cannot be \fB\s-1NULL\s0\fR. If the content is +not detached and \fBindata\fR is not \fB\s-1NULL\s0\fR, then the structure has both +embedded and external content. To treat this as an error, use the flag +\&\fB\s-1PKCS7_NO_DUAL_CONTENT\s0\fR. +The default behavior allows this, for compatibility with older +versions of OpenSSL. +.PP +An attempt is made to locate all the signer's certificates, first looking in +the \fBcerts\fR parameter (if it is not \fB\s-1NULL\s0\fR) and then looking in any certificates +contained in the \fBp7\fR structure itself. If any signer's certificates cannot be +located the operation fails. +.PP +Each signer's certificate is chain verified using the \fBsmimesign\fR purpose and +the supplied trusted certificate store. Any internal certificates in the message +are used as untrusted CAs. If any chain verify fails an error code is returned. +.PP +Finally the signed content is read (and written to \fBout\fR is it is not \s-1NULL\s0) and +the signature's checked. +.PP +If all signature's verify correctly then the function is successful. +.PP +Any of the following flags (ored together) can be passed in the \fBflags\fR parameter +to change the default verify behaviour. Only the flag \fB\s-1PKCS7_NOINTERN\s0\fR is +meaningful to \fIPKCS7_get0_signers()\fR. +.PP +If \fB\s-1PKCS7_NOINTERN\s0\fR is set the certificates in the message itself are not +searched when locating the signer's certificate. This means that all the signers +certificates must be in the \fBcerts\fR parameter. +.PP +If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are deleted +from the content. If the content is not of type \fBtext/plain\fR then an error is +returned. +.PP +If \fB\s-1PKCS7_NOVERIFY\s0\fR is set the signer's certificates are not chain verified. +.PP +If \fB\s-1PKCS7_NOCHAIN\s0\fR is set then the certificates contained in the message are +not used as untrusted CAs. This means that the whole verify chain (apart from +the signer's certificate) must be contained in the trusted store. +.PP +If \fB\s-1PKCS7_NOSIGS\s0\fR is set then the signatures on the data are not checked. +.SH "NOTES" +.IX Header "NOTES" +One application of \fB\s-1PKCS7_NOINTERN\s0\fR is to only accept messages signed by +a small number of certificates. The acceptable certificates would be passed +in the \fBcerts\fR parameter. In this case if the signer is not one of the +certificates supplied in \fBcerts\fR then the verify will fail because the +signer cannot be found. +.PP +Care should be taken when modifying the default verify behaviour, for example +setting \f(CW\*(C`PKCS7_NOVERIFY|PKCS7_NOSIGS\*(C'\fR will totally disable all verification +and any signed message will be considered valid. This combination is however +useful if one merely wishes to write the content to \fBout\fR and its validity +is not considered important. +.PP +Chain verification should arguably be performed using the signing time rather +than the current time. However since the signing time is supplied by the +signer it cannot be trusted without additional evidence (such as a trusted +timestamp). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIPKCS7_verify()\fR returns one for a successful verification and zero +if an error occurs. +.PP +\&\fIPKCS7_get0_signers()\fR returns all signers or \fB\s-1NULL\s0\fR if an error occurred. +.PP +The error can be obtained from \fIERR_get_error\fR\|(3) +.SH "BUGS" +.IX Header "BUGS" +The trusted certificate store is not searched for the signers certificate, +this is primarily due to the inadequacies of the current \fBX509_STORE\fR +functionality. +.PP +The lack of single pass processing and need to hold all data in memory as +mentioned in \fIPKCS7_sign()\fR also applies to \fIPKCS7_verify()\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fIPKCS7_sign\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/PKCS8_pkey_add1_attr.3 b/linux_amd64/ssl/share/man/man3/PKCS8_pkey_add1_attr.3 new file mode 100755 index 0000000..423cfd9 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/PKCS8_pkey_add1_attr.3 @@ -0,0 +1,176 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS8_PKEY_ADD1_ATTR 3" +.TH PKCS8_PKEY_ADD1_ATTR 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS8_pkey_get0_attrs, PKCS8_pkey_add1_attr, PKCS8_pkey_add1_attr_by_NID, PKCS8_pkey_add1_attr_by_OBJ \- PKCS8 attribute functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const STACK_OF(X509_ATTRIBUTE) * +\& PKCS8_pkey_get0_attrs(const PKCS8_PRIV_KEY_INFO *p8); +\& int PKCS8_pkey_add1_attr(PKCS8_PRIV_KEY_INFO *p8, X509_ATTRIBUTE *attr); +\& int PKCS8_pkey_add1_attr_by_NID(PKCS8_PRIV_KEY_INFO *p8, int nid, int type, +\& const unsigned char *bytes, int len); +\& int PKCS8_pkey_add1_attr_by_OBJ(PKCS8_PRIV_KEY_INFO *p8, const ASN1_OBJECT *obj, +\& int type, const unsigned char *bytes, int len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIPKCS8_pkey_get0_attrs()\fR returns a const \s-1STACK\s0 of X509_ATTRIBUTE present in +the passed const \s-1PKCS8_PRIV_KEY_INFO\s0 structure \fBp8\fR. +.PP +\&\fIPKCS8_pkey_add1_attr()\fR adds a constructed X509_ATTRIBUTE \fBattr\fR to the +existing \s-1PKCS8_PRIV_KEY_INFO\s0 structure \fBp8\fR. +.PP +\&\fIPKCS8_pkey_add1_attr_by_NID()\fR and \fIPKCS8_pkey_add1_attr_by_OBJ()\fR construct a new +X509_ATTRIBUTE from the passed arguments and add it to the existing +\&\s-1PKCS8_PRIV_KEY_INFO\s0 structure \fBp8\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIPKCS8_pkey_add1_attr()\fR, \fIPKCS8_pkey_add1_attr_by_NID()\fR, and +\&\fIPKCS8_pkey_add1_attr_by_OBJ()\fR return 1 for success and 0 for failure. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1STACK\s0 of X509_ATTRIBUTE is present in many X509\-related structures and some of +them have the corresponding set of similar functions. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIcrypto\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/RAND_DRBG_generate.3 b/linux_amd64/ssl/share/man/man3/RAND_DRBG_generate.3 new file mode 100755 index 0000000..69805a5 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/RAND_DRBG_generate.3 @@ -0,0 +1,209 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND_DRBG_GENERATE 3" +.TH RAND_DRBG_GENERATE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND_DRBG_generate, +RAND_DRBG_bytes +\&\- generate random bytes using the given drbg instance +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RAND_DRBG_generate(RAND_DRBG *drbg, +\& unsigned char *out, size_t outlen, +\& int prediction_resistance, +\& const unsigned char *adin, size_t adinlen); +\& +\& int RAND_DRBG_bytes(RAND_DRBG *drbg, +\& unsigned char *out, size_t outlen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIRAND_DRBG_generate()\fR generates \fBoutlen\fR random bytes using the given +\&\s-1DRBG\s0 instance \fBdrbg\fR and stores them in the buffer at \fBout\fR. +.PP +Before generating the output, the \s-1DRBG\s0 instance checks whether the maximum +number of generate requests (\fIreseed interval\fR) or the maximum timespan +(\fIreseed time interval\fR) since its last seeding have been reached. +If this is the case, the \s-1DRBG\s0 reseeds automatically. +Additionally, an immediate reseeding can be requested by setting the +\&\fBprediction_resistance\fR flag to 1. +Requesting prediction resistance is a relative expensive operation. +See \s-1NOTES\s0 section for more details. +.PP +The caller can optionally provide additional data to be used for reseeding +by passing a pointer \fBadin\fR to a buffer of length \fBadinlen\fR. +This additional data is mixed into the internal state of the random +generator but does not contribute to the entropy count. +The additional data can be omitted by setting \fBadin\fR to \s-1NULL\s0 and +\&\fBadinlen\fR to 0; +.PP +\&\fIRAND_DRBG_bytes()\fR generates \fBoutlen\fR random bytes using the given +\&\s-1DRBG\s0 instance \fBdrbg\fR and stores them in the buffer at \fBout\fR. +This function is a wrapper around the \fIRAND_DRBG_generate()\fR call, +which collects some additional data from low entropy sources +(e.g., a high resolution timer) and calls +RAND_DRBG_generate(drbg, out, outlen, 0, adin, adinlen). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIRAND_DRBG_generate()\fR and \fIRAND_DRBG_bytes()\fR return 1 on success, +and 0 on failure. +.SH "NOTES" +.IX Header "NOTES" +The \fIreseed interval\fR and \fIreseed time interval\fR of the \fBdrbg\fR are set to +reasonable default values, which in general do not have to be adjusted. +If necessary, they can be changed using \fIRAND_DRBG_set_reseed_interval\fR\|(3) +and \fIRAND_DRBG_set_reseed_time_interval\fR\|(3), respectively. +.PP +A request for prediction resistance can only be satisfied by pulling fresh +entropy from a live entropy source (section 5.5.2 of [\s-1NIST\s0 \s-1SP\s0 800\-90C]). +It is up to the user to ensure that a live entropy source is configured +and is being used. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIRAND_bytes\fR\|(3), +\&\fIRAND_DRBG_set_reseed_interval\fR\|(3), +\&\fIRAND_DRBG_set_reseed_time_interval\fR\|(3), +\&\s-1\fIRAND_DRBG\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \s-1RAND_DRBG\s0 functions were added in OpenSSL 1.1.1. +.PP +Prediction resistance is supported from OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/RAND_DRBG_get0_master.3 b/linux_amd64/ssl/share/man/man3/RAND_DRBG_get0_master.3 new file mode 100755 index 0000000..2b0cf0c --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/RAND_DRBG_get0_master.3 @@ -0,0 +1,217 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND_DRBG_GET0_MASTER 3" +.TH RAND_DRBG_GET0_MASTER 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_CTX_get0_master_drbg, +OPENSSL_CTX_get0_public_drbg, +OPENSSL_CTX_get0_private_drbg, +RAND_DRBG_get0_master, +RAND_DRBG_get0_public, +RAND_DRBG_get0_private +\&\- get access to the global RAND_DRBG instances +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& RAND_DRBG *OPENSSL_CTX_get0_master_drbg(OPENSSL_CTX *ctx); +\& RAND_DRBG *OPENSSL_CTX_get0_public_drbg(OPENSSL_CTX *ctx); +\& RAND_DRBG *OPENSSL_CTX_get0_private_drbg(OPENSSL_CTX *ctx); +\& RAND_DRBG *RAND_DRBG_get0_master(void); +\& RAND_DRBG *RAND_DRBG_get0_public(void); +\& RAND_DRBG *RAND_DRBG_get0_private(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The default \s-1RAND\s0 \s-1API\s0 implementation (\fIRAND_OpenSSL()\fR) utilizes three +shared \s-1DRBG\s0 instances which are accessed via the \s-1RAND\s0 \s-1API:\s0 +.PP +The \fIpublic\fR and \fIprivate\fR \s-1DRBG\s0 are thread-local instances, which are used +by \fIRAND_bytes()\fR and \fIRAND_priv_bytes()\fR, respectively. +The \fImaster\fR \s-1DRBG\s0 is a global instance, which is not intended to be used +directly, but is used internally to reseed the other two instances. +.PP +These functions here provide access to the shared \s-1DRBG\s0 instances. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOPENSSL_CTX_get0_master_drbg()\fR returns a pointer to the \fImaster\fR \s-1DRBG\s0 instance +for the given \s-1OPENSSL_CTX\s0 \fBctx\fR. +.PP +\&\fIOPENSSL_CTX_get0_public_drbg()\fR returns a pointer to the \fIpublic\fR \s-1DRBG\s0 instance +for the given \s-1OPENSSL_CTX\s0 \fBctx\fR. +.PP +\&\fIOPENSSL_CTX_get0_private_drbg()\fR returns a pointer to the \fIprivate\fR \s-1DRBG\s0 instance +for the given \s-1OPENSSL_CTX\s0 \fBctx\fR. +.PP +In all the above cases the \fBctx\fR parameter can +be \s-1NULL\s0 in which case the default \s-1OPENSSL_CTX\s0 is used. \fIRAND_DRBG_get0_master()\fR, +\&\fIRAND_DRBG_get0_public()\fR and \fIRAND_DRBG_get0_private()\fR are the same as +\&\fIOPENSSL_CTX_get0_master_drbg()\fR, \fIOPENSSL_CTX_get0_public_drbg()\fR and +\&\fIOPENSSL_CTX_get0_private_drbg()\fR respectively except that the default \s-1OPENSSL_CTX\s0 +is always used. +.SH "NOTES" +.IX Header "NOTES" +It is not thread-safe to access the \fImaster\fR \s-1DRBG\s0 instance. +The \fIpublic\fR and \fIprivate\fR \s-1DRBG\s0 instance can be accessed safely, because +they are thread-local. Note however, that changes to these two instances +apply only to the current thread. +.PP +For that reason it is recommended not to change the settings of these +three instances directly. +Instead, an application should change the default settings for new \s-1DRBG\s0 instances +at initialization time, before creating additional threads. +.PP +During initialization, it is possible to change the reseed interval +and reseed time interval. +It is also possible to exchange the reseeding callbacks entirely. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIRAND_DRBG_set_callbacks\fR\|(3), +\&\fIRAND_DRBG_set_reseed_defaults\fR\|(3), +\&\fIRAND_DRBG_set_reseed_interval\fR\|(3), +\&\fIRAND_DRBG_set_reseed_time_interval\fR\|(3), +\&\fIRAND_DRBG_set_callbacks\fR\|(3), +\&\fIRAND_DRBG_generate\fR\|(3), +\&\s-1\fIRAND_DRBG\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \fIOPENSSL_CTX_get0_master_drbg()\fR, \fIOPENSSL_CTX_get0_public_drbg()\fR and +\&\fIOPENSSL_CTX_get0_private_drbg()\fR functions were added in OpenSSL 3.0. +.PP +All other \s-1RAND_DRBG\s0 functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/RAND_DRBG_new.3 b/linux_amd64/ssl/share/man/man3/RAND_DRBG_new.3 new file mode 100755 index 0000000..4d0d3a6 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/RAND_DRBG_new.3 @@ -0,0 +1,285 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND_DRBG_NEW 3" +.TH RAND_DRBG_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND_DRBG_new_ex, +RAND_DRBG_new, +RAND_DRBG_secure_new_ex, +RAND_DRBG_secure_new, +RAND_DRBG_set, +RAND_DRBG_set_defaults, +RAND_DRBG_instantiate, +RAND_DRBG_uninstantiate, +RAND_DRBG_free +\&\- initialize and cleanup a RAND_DRBG instance +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& RAND_DRBG *RAND_DRBG_new_ex(OPENSSL_CTX *ctx, +\& int type, +\& unsigned int flags, +\& RAND_DRBG *parent); +\& +\& RAND_DRBG *RAND_DRBG_new(int type, +\& unsigned int flags, +\& RAND_DRBG *parent); +\& +\& RAND_DRBG *RAND_DRBG_secure_new_ex(OPENSSL_CTX *ctx, +\& int type, +\& unsigned int flags, +\& RAND_DRBG *parent); +\& +\& RAND_DRBG *RAND_DRBG_secure_new(int type, +\& unsigned int flags, +\& RAND_DRBG *parent); +\& +\& int RAND_DRBG_set(RAND_DRBG *drbg, +\& int type, unsigned int flags); +\& +\& int RAND_DRBG_set_defaults(int type, unsigned int flags); +\& +\& int RAND_DRBG_instantiate(RAND_DRBG *drbg, +\& const unsigned char *pers, size_t perslen); +\& +\& int RAND_DRBG_uninstantiate(RAND_DRBG *drbg); +\& +\& void RAND_DRBG_free(RAND_DRBG *drbg); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIRAND_DRBG_new_ex()\fR and \fIRAND_DRBG_secure_new_ex()\fR +create a new \s-1DRBG\s0 instance of the given \fBtype\fR, allocated from the heap resp. +the secure heap, for the given \s-1OPENSSL_CTX\s0 +(using \fIOPENSSL_zalloc()\fR resp. \fIOPENSSL_secure_zalloc()\fR). The parameter can +be \s-1NULL\s0 in which case the default \s-1OPENSSL_CTX\s0 is used. \fIRAND_DRBG_new()\fR and +\&\fIRAND_DRBG_secure_new()\fR are the same as \fIRAND_DRBG_new_ex()\fR and +\&\fIRAND_DRBG_secure_new_ex()\fR except that the default \s-1OPENSSL_CTX\s0 is always used. +.PP +\&\fIRAND_DRBG_set()\fR initializes the \fBdrbg\fR with the given \fBtype\fR and \fBflags\fR. +.PP +\&\fIRAND_DRBG_set_defaults()\fR sets the default \fBtype\fR and \fBflags\fR for new \s-1DRBG\s0 +instances. +.PP +The \s-1DRBG\s0 types are AES-CTR, \s-1HMAC\s0 and \s-1HASH\s0 so \fBtype\fR can be one of the +following values: +.PP +NID_aes_128_ctr, NID_aes_192_ctr, NID_aes_256_ctr, NID_sha1, NID_sha224, +NID_sha256, NID_sha384, NID_sha512, NID_sha512_224, NID_sha512_256, +NID_sha3_224, NID_sha3_256, NID_sha3_384 or NID_sha3_512. +.PP +If this method is not called then the default type is given by NID_aes_256_ctr +and the default flags are zero. +.PP +Before the \s-1DRBG\s0 can be used to generate random bits, it is necessary to set +its type and to instantiate it. +.PP +The optional \fBflags\fR argument specifies a set of bit flags which can be +joined using the | operator. The supported flags are: +.IP "\s-1RAND_DRBG_FLAG_CTR_NO_DF\s0" 4 +.IX Item "RAND_DRBG_FLAG_CTR_NO_DF" +Disables the use of the derivation function ctr_df. For an explanation, +see [\s-1NIST\s0 \s-1SP\s0 800\-90A Rev. 1]. +.IP "\s-1RAND_DRBG_FLAG_HMAC\s0" 4 +.IX Item "RAND_DRBG_FLAG_HMAC" +Enables use of \s-1HMAC\s0 instead of the \s-1HASH\s0 \s-1DRBG\s0. +.IP "\s-1RAND_DRBG_FLAG_MASTER\s0" 4 +.IX Item "RAND_DRBG_FLAG_MASTER" +.PD 0 +.IP "\s-1RAND_DRBG_FLAG_PUBLIC\s0" 4 +.IX Item "RAND_DRBG_FLAG_PUBLIC" +.IP "\s-1RAND_DRBG_FLAG_PRIVATE\s0" 4 +.IX Item "RAND_DRBG_FLAG_PRIVATE" +.PD +These 3 flags can be used to set the individual \s-1DRBG\s0 types created. Multiple +calls are required to set the types to different values. If none of these 3 +flags are used, then the same type and flags are used for all 3 DRBGs in the +\&\fBdrbg\fR chain (, and ). +.PP +If a \fBparent\fR instance is specified then this will be used instead of +the default entropy source for reseeding the \fBdrbg\fR. It is said that the +\&\fBdrbg\fR is \fIchained\fR to its \fBparent\fR. +For more information, see the \s-1NOTES\s0 section. +.PP +\&\fIRAND_DRBG_instantiate()\fR +seeds the \fBdrbg\fR instance using random input from trusted entropy sources. +Optionally, a personalization string \fBpers\fR of length \fBperslen\fR can be +specified. +To omit the personalization string, set \fBpers\fR=NULL and \fBperslen\fR=0; +.PP +\&\fIRAND_DRBG_uninstantiate()\fR +clears the internal state of the \fBdrbg\fR and puts it back in the +uninstantiated state. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIRAND_DRBG_new_ex()\fR, \fIRAND_DRBG_new()\fR, \fIRAND_DRBG_secure_new_ex()\fR and +\&\fIRAND_DRBG_secure_new()\fR return a pointer to a \s-1DRBG\s0 instance allocated on the +heap, resp. secure heap. +.PP +\&\fIRAND_DRBG_set()\fR, +\&\fIRAND_DRBG_instantiate()\fR, and +\&\fIRAND_DRBG_uninstantiate()\fR +return 1 on success, and 0 on failure. +.PP +\&\fIRAND_DRBG_free()\fR does not return a value. +.SH "NOTES" +.IX Header "NOTES" +The \s-1DRBG\s0 design supports \fIchaining\fR, which means that a \s-1DRBG\s0 instance can +use another \fBparent\fR \s-1DRBG\s0 instance instead of the default entropy source +to obtain fresh random input for reseeding, provided that \fBparent\fR \s-1DRBG\s0 +instance was properly instantiated, either from a trusted entropy source, +or from yet another parent \s-1DRBG\s0 instance. +For a detailed description of the reseeding process, see \s-1\fIRAND_DRBG\s0\fR\|(7). +.PP +The default \s-1DRBG\s0 type and flags are applied only during creation of a \s-1DRBG\s0 +instance. +To ensure that they are applied to the global and thread-local \s-1DRBG\s0 instances +(, resp. and ), it is necessary to call +\&\fIRAND_DRBG_set_defaults()\fR before creating any thread and before calling any +cryptographic routines that obtain random data directly or indirectly. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIOPENSSL_zalloc\fR\|(3), +\&\fIOPENSSL_secure_zalloc\fR\|(3), +\&\fIRAND_DRBG_generate\fR\|(3), +\&\s-1\fIRAND_DRBG\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \s-1RAND_DRBG\s0 functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/RAND_DRBG_reseed.3 b/linux_amd64/ssl/share/man/man3/RAND_DRBG_reseed.3 new file mode 100755 index 0000000..efcdc92 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/RAND_DRBG_reseed.3 @@ -0,0 +1,236 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND_DRBG_RESEED 3" +.TH RAND_DRBG_RESEED 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND_DRBG_reseed, +RAND_DRBG_set_reseed_interval, +RAND_DRBG_set_reseed_time_interval, +RAND_DRBG_set_reseed_defaults +\&\- reseed a RAND_DRBG instance +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RAND_DRBG_reseed(RAND_DRBG *drbg, +\& const unsigned char *adin, size_t adinlen, +\& int prediction_resistance); +\& +\& int RAND_DRBG_set_reseed_interval(RAND_DRBG *drbg, +\& unsigned int interval); +\& +\& int RAND_DRBG_set_reseed_time_interval(RAND_DRBG *drbg, +\& time_t interval); +\& +\& int RAND_DRBG_set_reseed_defaults( +\& unsigned int master_reseed_interval, +\& unsigned int slave_reseed_interval, +\& time_t master_reseed_time_interval, +\& time_t slave_reseed_time_interval +\& ); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIRAND_DRBG_reseed()\fR +reseeds the given \fBdrbg\fR, obtaining entropy input from its entropy source +and mixing in the specified additional data provided in the buffer \fBadin\fR +of length \fBadinlen\fR. +The additional data can be omitted by setting \fBadin\fR to \s-1NULL\s0 and \fBadinlen\fR +to 0. +An immediate reseeding can be requested by setting the +\&\fBprediction_resistance\fR flag to 1. +Requesting prediction resistance is a relative expensive operation. +See \s-1NOTES\s0 section for more details. +.PP +\&\fIRAND_DRBG_set_reseed_interval()\fR +sets the reseed interval of the \fBdrbg\fR, which is the maximum allowed number +of generate requests between consecutive reseedings. +If \fBinterval\fR > 0, then the \fBdrbg\fR will reseed automatically whenever the +number of generate requests since its last seeding exceeds the given reseed +interval. +If \fBinterval\fR == 0, then this feature is disabled. +.PP +\&\fIRAND_DRBG_set_reseed_time_interval()\fR +sets the reseed time interval of the \fBdrbg\fR, which is the maximum allowed +number of seconds between consecutive reseedings. +If \fBinterval\fR > 0, then the \fBdrbg\fR will reseed automatically whenever the +elapsed time since its last reseeding exceeds the given reseed time interval. +If \fBinterval\fR == 0, then this feature is disabled. +.PP +\&\fIRAND_DRBG_set_reseed_defaults()\fR sets the default values for the reseed interval +(\fBmaster_reseed_interval\fR and \fBslave_reseed_interval\fR) +and the reseed time interval +(\fBmaster_reseed_time_interval\fR and \fBslave_reseed_tme_interval\fR) +of \s-1DRBG\s0 instances. +The default values are set independently for master \s-1DRBG\s0 instances (which don't +have a parent) and slave \s-1DRBG\s0 instances (which are chained to a parent \s-1DRBG\s0). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIRAND_DRBG_reseed()\fR, +\&\fIRAND_DRBG_set_reseed_interval()\fR, and +\&\fIRAND_DRBG_set_reseed_time_interval()\fR, +return 1 on success, 0 on failure. +.SH "NOTES" +.IX Header "NOTES" +The default OpenSSL random generator is already set up for automatic reseeding, +so in general it is not necessary to reseed it explicitly, or to modify +its reseeding thresholds. +.PP +Normally, the entropy input for seeding a \s-1DRBG\s0 is either obtained from a +trusted os entropy source or from a parent \s-1DRBG\s0 instance, which was seeded +(directly or indirectly) from a trusted os entropy source. +In exceptional cases it is possible to replace the reseeding mechanism entirely +by providing application defined callbacks using \fIRAND_DRBG_set_callbacks()\fR. +.PP +The reseeding default values are applied only during creation of a \s-1DRBG\s0 instance. +To ensure that they are applied to the global and thread-local \s-1DRBG\s0 instances +(, resp. and ), it is necessary to call +\&\fIRAND_DRBG_set_reseed_defaults()\fR before creating any thread and before calling any + cryptographic routines that obtain random data directly or indirectly. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIRAND_DRBG_generate\fR\|(3), +\&\fIRAND_DRBG_bytes\fR\|(3), +\&\fIRAND_DRBG_set_callbacks\fR\|(3). +\&\s-1\fIRAND_DRBG\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \s-1RAND_DRBG\s0 functions were added in OpenSSL 1.1.1. +.PP +Prediction resistance is supported from OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/RAND_DRBG_set_callbacks.3 b/linux_amd64/ssl/share/man/man3/RAND_DRBG_set_callbacks.3 new file mode 100755 index 0000000..f74ddc3 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/RAND_DRBG_set_callbacks.3 @@ -0,0 +1,289 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND_DRBG_SET_CALLBACKS 3" +.TH RAND_DRBG_SET_CALLBACKS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND_DRBG_set_callbacks, +RAND_DRBG_set_callback_data, +RAND_DRBG_get_callback_data, +RAND_DRBG_get_entropy_fn, +RAND_DRBG_cleanup_entropy_fn, +RAND_DRBG_get_nonce_fn, +RAND_DRBG_cleanup_nonce_fn +\&\- set callbacks for reseeding +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& +\& int RAND_DRBG_set_callbacks(RAND_DRBG *drbg, +\& RAND_DRBG_get_entropy_fn get_entropy, +\& RAND_DRBG_cleanup_entropy_fn cleanup_entropy, +\& RAND_DRBG_get_nonce_fn get_nonce, +\& RAND_DRBG_cleanup_nonce_fn cleanup_nonce); +\& +\& int RAND_DRBG_set_callback_data(RAND_DRBG *drbg, void *ctx); +\& +\& void *RAND_DRBG_get_callback_data(RAND_DRBG *drbg); +.Ve +.SS "Callback Functions" +.IX Subsection "Callback Functions" +.Vb 6 +\& typedef size_t (*RAND_DRBG_get_entropy_fn)( +\& RAND_DRBG *drbg, +\& unsigned char **pout, +\& int entropy, +\& size_t min_len, size_t max_len, +\& int prediction_resistance); +\& +\& typedef void (*RAND_DRBG_cleanup_entropy_fn)( +\& RAND_DRBG *drbg, +\& unsigned char *out, size_t outlen); +\& +\& typedef size_t (*RAND_DRBG_get_nonce_fn)( +\& RAND_DRBG *drbg, +\& unsigned char **pout, +\& int entropy, +\& size_t min_len, size_t max_len); +\& +\& typedef void (*RAND_DRBG_cleanup_nonce_fn)( +\& RAND_DRBG *drbg, +\& unsigned char *out, size_t outlen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIRAND_DRBG_set_callbacks()\fR sets the callbacks for obtaining fresh entropy and +the nonce when reseeding the given \fBdrbg\fR. +The callback functions are implemented and provided by the caller. +Their parameter lists need to match the function prototypes above. +.PP +\&\fIRAND_DRBG_set_callback_data()\fR can be used to store a pointer to some context +specific data, which can subsequently be retrieved by the entropy and nonce +callbacks using \fIRAND_DRBG_get_callback_data()\fR. +The ownership of the context data remains with the caller, i.e., it is the +caller's responsibility to keep it available as long as it is needed by the +callbacks and free it after use. +For more information about the the callback data see the \s-1NOTES\s0 section. +.PP +Setting the callbacks or the callback data is allowed only if the \s-1DRBG\s0 has +not been initialized yet. +Otherwise, the operation will fail. +To change the settings for one of the three shared DRBGs it is necessary to call +\&\fIRAND_DRBG_uninstantiate()\fR first. +.PP +The \fBget_entropy\fR() callback is called by the \fBdrbg\fR when it requests fresh +random input. +It is expected that the callback allocates and fills a random buffer of size +\&\fBmin_len\fR <= size <= \fBmax_len\fR (in bytes) which contains at least \fBentropy\fR +bits of randomness. +The \fBprediction_resistance\fR flag indicates whether the reseeding was +triggered by a prediction resistance request. +.PP +The buffer's address is to be returned in *\fBpout\fR and the number of collected +randomness bytes as return value. +.PP +If the callback fails to acquire at least \fBentropy\fR bits of randomness, +it must indicate an error by returning a buffer length of 0. +.PP +If \fBprediction_resistance\fR was requested and the random source of the \s-1DRBG\s0 +does not satisfy the conditions requested by [\s-1NIST\s0 \s-1SP\s0 800\-90C], then +it must also indicate an error by returning a buffer length of 0. +See \s-1NOTES\s0 section for more details. +.PP +The \fBcleanup_entropy\fR() callback is called from the \fBdrbg\fR to to clear and +free the buffer allocated previously by \fIget_entropy()\fR. +The values \fBout\fR and \fBoutlen\fR are the random buffer's address and length, +as returned by the \fIget_entropy()\fR callback. +.PP +The \fBget_nonce\fR() and \fBcleanup_nonce\fR() callbacks are used to obtain a nonce +and free it again. A nonce is only required for instantiation (not for reseeding) +and only in the case where the \s-1DRBG\s0 uses a derivation function. +The callbacks are analogous to \fIget_entropy()\fR and \fIcleanup_entropy()\fR, +except for the missing prediction_resistance flag. +.PP +If the derivation function is disabled, then no nonce is used for instantiation, +and the \fBget_nonce\fR() and \fBcleanup_nonce\fR() callbacks can be omitted by +setting them to \s-1NULL\s0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIRAND_DRBG_set_callbacks()\fR returns 1 on success, and 0 on failure. +.PP +\&\fIRAND_DRBG_set_callback_data()\fR returns 1 on success, and 0 on failure. +.PP +\&\fIRAND_DRBG_get_callback_data()\fR returns the pointer to the callback data, +which is \s-1NULL\s0 if none has been set previously. +.SH "NOTES" +.IX Header "NOTES" +It is important that \fBcleanup_entropy\fR() and \fBcleanup_nonce\fR() clear the buffer +contents safely before freeing it, in order not to leave sensitive information +about the \s-1DRBG\s0's state in memory. +.PP +A request for prediction resistance can only be satisfied by pulling fresh +entropy from a live entropy source (section 5.5.2 of [\s-1NIST\s0 \s-1SP\s0 800\-90C]). +It is up to the user to ensure that a live entropy source is configured +and is being used. +.PP +The derivation function is disabled during initialization by calling the +\&\fIRAND_DRBG_set()\fR function with the \s-1RAND_DRBG_FLAG_CTR_NO_DF\s0 flag. +For more information on the derivation function and when it can be omitted, +see [\s-1NIST\s0 \s-1SP\s0 800\-90A Rev. 1]. Roughly speaking it can be omitted if the random +source has \*(L"full entropy\*(R", i.e., contains 8 bits of entropy per byte. +.PP +Even if a nonce is required, the \fBget_nonce\fR() and \fBcleanup_nonce\fR() +callbacks can be omitted by setting them to \s-1NULL\s0. +In this case the \s-1DRBG\s0 will automatically request an extra amount of entropy +(using the \fBget_entropy\fR() and \fBcleanup_entropy\fR() callbacks) which it will +utilize for the nonce, following the recommendations of [\s-1NIST\s0 \s-1SP\s0 800\-90A Rev. 1], +section 8.6.7. +.PP +The callback data is a rather specialized feature, because in general the +random sources don't (and in fact, they must not) depend on any state provided +by the \s-1DRBG\s0. +There are however exceptional cases where this feature is useful, most notably +for implementing known answer tests (KATs) or deterministic signatures like +those specified in \s-1RFC6979\s0, which require passing a specified entropy and nonce +for instantiating the \s-1DRBG\s0. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIRAND_DRBG_new\fR\|(3), +\&\fIRAND_DRBG_reseed\fR\|(3), +\&\s-1\fIRAND_DRBG\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \s-1RAND_DRBG\s0 functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/RAND_add.3 b/linux_amd64/ssl/share/man/man3/RAND_add.3 new file mode 100755 index 0000000..5b2c11e --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/RAND_add.3 @@ -0,0 +1,234 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND_ADD 3" +.TH RAND_ADD 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND_add, RAND_poll, RAND_seed, RAND_status, RAND_event, RAND_screen, +RAND_keep_random_devices_open +\&\- add randomness to the PRNG or get its status +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RAND_status(void); +\& int RAND_poll(); +\& +\& void RAND_add(const void *buf, int num, double randomness); +\& void RAND_seed(const void *buf, int num); +\& +\& void RAND_keep_random_devices_open(int keep); +.Ve +.PP +Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 2 +\& int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam); +\& void RAND_screen(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions can be used to seed the random generator and to check its +seeded state. +In general, manual (re\-)seeding of the default OpenSSL random generator +(\fIRAND_OpenSSL\fR\|(3)) is not necessary (but allowed), since it does (re\-)seed +itself automatically using trusted system entropy sources. +This holds unless the default \s-1RAND_METHOD\s0 has been replaced or OpenSSL was +built with automatic reseeding disabled, see \s-1\fIRAND\s0\fR\|(7) for more details. +.PP +\&\fIRAND_status()\fR indicates whether or not the random generator has been sufficiently +seeded. If not, functions such as \fIRAND_bytes\fR\|(3) will fail. +.PP +\&\fIRAND_poll()\fR uses the system's capabilities to seed the random generator using +random input obtained from polling various trusted entropy sources. +The default choice of the entropy source can be modified at build time, +see \s-1\fIRAND\s0\fR\|(7) for more details. +.PP +\&\fIRAND_add()\fR mixes the \fBnum\fR bytes at \fBbuf\fR into the internal state +of the random generator. +This function will not normally be needed, as mentioned above. +The \fBrandomness\fR argument is an estimate of how much randomness is +contained in +\&\fBbuf\fR, in bytes, and should be a number between zero and \fBnum\fR. +Details about sources of randomness and how to estimate their randomness +can be found in the literature; for example [\s-1NIST\s0 \s-1SP\s0 800\-90B]. +The content of \fBbuf\fR cannot be recovered from subsequent random generator output. +Applications that intend to save and restore random state in an external file +should consider using \fIRAND_load_file\fR\|(3) instead. +.PP +\&\s-1NOTE:\s0 In \s-1FIPS\s0 mode, random data provided by the application is not considered to +be a trusted entropy source. It is mixed into the internal state of the \s-1RNG\s0 as +additional data only and this does not count as a full reseed. +For more details, see \s-1\fIRAND_DRBG\s0\fR\|(7). +.PP +\&\fIRAND_seed()\fR is equivalent to \fIRAND_add()\fR with \fBrandomness\fR set to \fBnum\fR. +.PP +\&\fIRAND_keep_random_devices_open()\fR is used to control file descriptor +usage by the random seed sources. Some seed sources maintain open file +descriptors by default, which allows such sources to operate in a +\&\fIchroot\fR\|(2) jail without the associated device nodes being available. When +the \fBkeep\fR argument is zero, this call disables the retention of file +descriptors. Conversely, a nonzero argument enables the retention of +file descriptors. This function is usually called during initialization +and it takes effect immediately. +.PP +\&\fIRAND_event()\fR and \fIRAND_screen()\fR are equivalent to \fIRAND_poll()\fR and exist +for compatibility reasons only. See \s-1HISTORY\s0 section below. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIRAND_status()\fR returns 1 if the random generator has been seeded +with enough data, 0 otherwise. +.PP +\&\fIRAND_poll()\fR returns 1 if it generated seed data, 0 otherwise. +.PP +\&\fIRAND_event()\fR returns \fIRAND_status()\fR. +.PP +The other functions do not return values. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIRAND_bytes\fR\|(3), +\&\fIRAND_egd\fR\|(3), +\&\fIRAND_load_file\fR\|(3), +\&\s-1\fIRAND\s0\fR\|(7) +\&\s-1\fIRAND_DRBG\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIRAND_event()\fR and \fIRAND_screen()\fR were deprecated in OpenSSL 1.1.0 and should +not be used. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/RAND_bytes.3 b/linux_amd64/ssl/share/man/man3/RAND_bytes.3 new file mode 100755 index 0000000..669065b --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/RAND_bytes.3 @@ -0,0 +1,209 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND_BYTES 3" +.TH RAND_BYTES 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND_bytes, RAND_priv_bytes, RAND_bytes_ex, RAND_priv_bytes_ex, +RAND_pseudo_bytes \- generate random data +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RAND_bytes(unsigned char *buf, int num); +\& int RAND_priv_bytes(unsigned char *buf, int num); +\& +\& int RAND_bytes_ex(OPENSSL_CTX *ctx, unsigned char *buf, int num); +\& int RAND_priv_bytes_ex(OPENSSL_CTX *ctx, unsigned char *buf, int num); +.Ve +.PP +Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& int RAND_pseudo_bytes(unsigned char *buf, int num); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIRAND_bytes()\fR puts \fBnum\fR cryptographically strong pseudo-random bytes +into \fBbuf\fR. +.PP +\&\fIRAND_priv_bytes()\fR has the same semantics as \fIRAND_bytes()\fR. It is intended to +be used for generating values that should remain private. If using the +default \s-1RAND_METHOD\s0, this function uses a separate \*(L"private\*(R" \s-1PRNG\s0 +instance so that a compromise of the \*(L"public\*(R" \s-1PRNG\s0 instance will not +affect the secrecy of these private values, as described in \s-1\fIRAND\s0\fR\|(7) +and \s-1\fIRAND_DRBG\s0\fR\|(7). +.PP +\&\fIRAND_bytes_ex()\fR and \fIRAND_priv_bytes_ex()\fR are the same as \fIRAND_bytes()\fR and +\&\fIRAND_priv_bytes()\fR except that they both take an additional \fIctx\fR parameter. +The \s-1DRBG\s0 used for the operation is the public or private \s-1DRBG\s0 associated with +the specified \fIctx\fR. The parameter can be \s-1NULL\s0, in which case +the default library context is used (see \s-1\fIOPENSSL_CTX\s0\fR\|(3). +If the default \s-1RAND_METHOD\s0 has been changed then for compatibility reasons the +\&\s-1RAND_METHOD\s0 will be used in preference and the \s-1DRBG\s0 of the library context +ignored. +.SH "NOTES" +.IX Header "NOTES" +Always check the error return value of \fIRAND_bytes()\fR and +\&\fIRAND_priv_bytes()\fR and do not take randomness for granted: an error occurs +if the \s-1CSPRNG\s0 has not been seeded with enough randomness to ensure an +unpredictable byte sequence. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIRAND_bytes()\fR and \fIRAND_priv_bytes()\fR +return 1 on success, \-1 if not supported by the current +\&\s-1RAND\s0 method, or 0 on other failure. The error code can be +obtained by \fIERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIRAND_add\fR\|(3), +\&\fIRAND_bytes\fR\|(3), +\&\fIRAND_priv_bytes\fR\|(3), +\&\fIERR_get_error\fR\|(3), +\&\s-1\fIRAND\s0\fR\|(7), +\&\s-1\fIRAND_DRBG\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +.IP "\(bu" 2 +\&\fIRAND_pseudo_bytes()\fR was deprecated in OpenSSL 1.1.0; use \fIRAND_bytes()\fR instead. +.IP "\(bu" 2 +The \fIRAND_priv_bytes()\fR function was added in OpenSSL 1.1.1. +.IP "\(bu" 2 +The \fIRAND_bytes_ex()\fR and \fIRAND_priv_bytes_ex()\fR functions were added in OpenSSL 3.0 +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/RAND_cleanup.3 b/linux_amd64/ssl/share/man/man3/RAND_cleanup.3 new file mode 100755 index 0000000..f60fb2d --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/RAND_cleanup.3 @@ -0,0 +1,170 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND_CLEANUP 3" +.TH RAND_CLEANUP 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND_cleanup \- erase the PRNG state +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.PP +Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& void RAND_cleanup(void) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Prior to OpenSSL 1.1.0, \fIRAND_cleanup()\fR released all resources used by +the \s-1PRNG\s0. As of version 1.1.0, it does nothing and should not be called, +since no explicit initialisation or de-initialisation is necessary. See +\&\fIOPENSSL_init_crypto\fR\|(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIRAND_cleanup()\fR returns no value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fIRAND\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIRAND_cleanup()\fR was deprecated in OpenSSL 1.1.0; do not use it. +See \fIOPENSSL_init_crypto\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/RAND_egd.3 b/linux_amd64/ssl/share/man/man3/RAND_egd.3 new file mode 100755 index 0000000..92549ec --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/RAND_egd.3 @@ -0,0 +1,184 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND_EGD 3" +.TH RAND_EGD 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND_egd, RAND_egd_bytes, RAND_query_egd_bytes \- query entropy gathering daemon +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RAND_egd_bytes(const char *path, int num); +\& int RAND_egd(const char *path); +\& +\& int RAND_query_egd_bytes(const char *path, unsigned char *buf, int num); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +On older platforms without a good source of randomness such as \f(CW\*(C`/dev/urandom\*(C'\fR, +it is possible to query an Entropy Gathering Daemon (\s-1EGD\s0) over a local +socket to obtain randomness and seed the OpenSSL \s-1RNG\s0. +The protocol used is defined by the EGDs available at + or . +.PP +\&\fIRAND_egd_bytes()\fR requests \fBnum\fR bytes of randomness from an \s-1EGD\s0 at the +specified socket \fBpath\fR, and passes the data it receives into \fIRAND_add()\fR. +\&\fIRAND_egd()\fR is equivalent to \fIRAND_egd_bytes()\fR with \fBnum\fR set to 255. +.PP +\&\fIRAND_query_egd_bytes()\fR requests \fBnum\fR bytes of randomness from an \s-1EGD\s0 at +the specified socket \fBpath\fR, where \fBnum\fR must be less than 256. +If \fBbuf\fR is \fB\s-1NULL\s0\fR, it is equivalent to \fIRAND_egd_bytes()\fR. +If \fBbuf\fR is not \fB\s-1NULL\s0\fR, then the data is copied to the buffer and +\&\fIRAND_add()\fR is not called. +.PP +OpenSSL can be configured at build time to try to use the \s-1EGD\s0 for seeding +automatically. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIRAND_egd()\fR and \fIRAND_egd_bytes()\fR return the number of bytes read from the +daemon on success, or \-1 if the connection failed or the daemon did not +return enough data to fully seed the \s-1PRNG\s0. +.PP +\&\fIRAND_query_egd_bytes()\fR returns the number of bytes read from the daemon on +success, or \-1 if the connection failed. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIRAND_add\fR\|(3), +\&\fIRAND_bytes\fR\|(3), +\&\s-1\fIRAND\s0\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/RAND_load_file.3 b/linux_amd64/ssl/share/man/man3/RAND_load_file.3 new file mode 100755 index 0000000..db94142 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/RAND_load_file.3 @@ -0,0 +1,209 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND_LOAD_FILE 3" +.TH RAND_LOAD_FILE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND_load_file, RAND_write_file, RAND_file_name \- PRNG seed file +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RAND_load_file(const char *filename, long max_bytes); +\& +\& int RAND_write_file(const char *filename); +\& +\& const char *RAND_file_name(char *buf, size_t num); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIRAND_load_file()\fR reads a number of bytes from file \fBfilename\fR and +adds them to the \s-1PRNG\s0. If \fBmax_bytes\fR is non-negative, +up to \fBmax_bytes\fR are read; +if \fBmax_bytes\fR is \-1, the complete file is read. +Do not load the same file multiple times unless its contents have +been updated by \fIRAND_write_file()\fR between reads. +Also, note that \fBfilename\fR should be adequately protected so that an +attacker cannot replace or examine the contents. +If \fBfilename\fR is not a regular file, then user is considered to be +responsible for any side effects, e.g. non-anticipated blocking or +capture of controlling terminal. +.PP +\&\fIRAND_write_file()\fR writes a number of random bytes (currently 128) to +file \fBfilename\fR which can be used to initialize the \s-1PRNG\s0 by calling +\&\fIRAND_load_file()\fR in a later session. +.PP +\&\fIRAND_file_name()\fR generates a default path for the random seed +file. \fBbuf\fR points to a buffer of size \fBnum\fR in which to store the +filename. +.PP +On all systems, if the environment variable \fB\s-1RANDFILE\s0\fR is set, its +value will be used as the seed filename. +Otherwise, the file is called \f(CW\*(C`.rnd\*(C'\fR, found in platform dependent locations: +.IP "On Windows (in order of preference)" 4 +.IX Item "On Windows (in order of preference)" +.Vb 1 +\& %HOME%, %USERPROFILE%, %SYSTEMROOT%, C:\e +.Ve +.IP "On \s-1VMS\s0" 4 +.IX Item "On VMS" +.Vb 1 +\& SYS$LOGIN: +.Ve +.IP "On all other systems" 4 +.IX Item "On all other systems" +.Vb 1 +\& $HOME +.Ve +.PP +If \f(CW$HOME\fR (on non-Windows and non-VMS system) is not set either, or +\&\fBnum\fR is too small for the pathname, an error occurs. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIRAND_load_file()\fR returns the number of bytes read or \-1 on error. +.PP +\&\fIRAND_write_file()\fR returns the number of bytes written, or \-1 if the +bytes written were generated without appropriate seeding. +.PP +\&\fIRAND_file_name()\fR returns a pointer to \fBbuf\fR on success, and \s-1NULL\s0 on +error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIRAND_add\fR\|(3), +\&\fIRAND_bytes\fR\|(3), +\&\s-1\fIRAND\s0\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/RAND_set_rand_method.3 b/linux_amd64/ssl/share/man/man3/RAND_set_rand_method.3 new file mode 100755 index 0000000..368cca9 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/RAND_set_rand_method.3 @@ -0,0 +1,194 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND_SET_RAND_METHOD 3" +.TH RAND_SET_RAND_METHOD 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND_set_rand_method, RAND_get_rand_method, RAND_OpenSSL \- select RAND method +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& RAND_METHOD *RAND_OpenSSL(void); +\& +\& int RAND_set_rand_method(const RAND_METHOD *meth); +\& +\& const RAND_METHOD *RAND_get_rand_method(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A \fB\s-1RAND_METHOD\s0\fR specifies the functions that OpenSSL uses for random number +generation. +.PP +\&\fIRAND_OpenSSL()\fR returns the default \fB\s-1RAND_METHOD\s0\fR implementation by OpenSSL. +This implementation ensures that the \s-1PRNG\s0 state is unique for each thread. +.PP +If an \fB\s-1ENGINE\s0\fR is loaded that provides the \s-1RAND\s0 \s-1API\s0, however, it will +be used instead of the method returned by \fIRAND_OpenSSL()\fR. +.PP +\&\fIRAND_set_rand_method()\fR makes \fBmeth\fR the method for \s-1PRNG\s0 use. If an +\&\s-1ENGINE\s0 was providing the method, it will be released first. +.PP +\&\fIRAND_get_rand_method()\fR returns a pointer to the current \fB\s-1RAND_METHOD\s0\fR. +.SH "THE RAND_METHOD STRUCTURE" +.IX Header "THE RAND_METHOD STRUCTURE" +.Vb 8 +\& typedef struct rand_meth_st { +\& void (*seed)(const void *buf, int num); +\& int (*bytes)(unsigned char *buf, int num); +\& void (*cleanup)(void); +\& void (*add)(const void *buf, int num, int randomness); +\& int (*pseudorand)(unsigned char *buf, int num); +\& int (*status)(void); +\& } RAND_METHOD; +.Ve +.PP +The fields point to functions that are used by, in order, +\&\fIRAND_seed()\fR, \fIRAND_bytes()\fR, internal \s-1RAND\s0 cleanup, \fIRAND_add()\fR, \fIRAND_pseudo_rand()\fR +and \fIRAND_status()\fR. +Each pointer may be \s-1NULL\s0 if the function is not implemented. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIRAND_set_rand_method()\fR returns 1 on success and 0 on failure. +\&\fIRAND_get_rand_method()\fR and \fIRAND_OpenSSL()\fR return pointers to the respective +methods. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIRAND_bytes\fR\|(3), +\&\fIENGINE_by_id\fR\|(3), +\&\s-1\fIRAND\s0\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/RC4_set_key.3 b/linux_amd64/ssl/share/man/man3/RC4_set_key.3 new file mode 100755 index 0000000..f34266a --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/RC4_set_key.3 @@ -0,0 +1,201 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RC4_SET_KEY 3" +.TH RC4_SET_KEY 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RC4_set_key, RC4 \- RC4 encryption +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); +\& +\& void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata, +\& unsigned char *outdata); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. Applications should +instead use \fIEVP_EncryptInit_ex\fR\|(3), \fIEVP_EncryptUpdate\fR\|(3) and +\&\fIEVP_EncryptFinal_ex\fR\|(3) or the equivalently named decrypt functions. +.PP +This library implements the Alleged \s-1RC4\s0 cipher, which is described for +example in \fIApplied Cryptography\fR. It is believed to be compatible +with RC4[\s-1TM\s0], a proprietary cipher of \s-1RSA\s0 Security Inc. +.PP +\&\s-1RC4\s0 is a stream cipher with variable key length. Typically, 128 bit +(16 byte) keys are used for strong encryption, but shorter insecure +key sizes have been widely used due to export restrictions. +.PP +\&\s-1RC4\s0 consists of a key setup phase and the actual encryption or +decryption phase. +.PP +\&\fIRC4_set_key()\fR sets up the \fB\s-1RC4_KEY\s0\fR \fBkey\fR using the \fBlen\fR bytes long +key at \fBdata\fR. +.PP +\&\s-1\fIRC4\s0()\fR encrypts or decrypts the \fBlen\fR bytes of data at \fBindata\fR using +\&\fBkey\fR and places the result at \fBoutdata\fR. Repeated \s-1\fIRC4\s0()\fR calls with +the same \fBkey\fR yield a continuous key stream. +.PP +Since \s-1RC4\s0 is a stream cipher (the input is XORed with a pseudo-random +key stream to produce the output), decryption uses the same function +calls as encryption. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIRC4_set_key()\fR and \s-1\fIRC4\s0()\fR do not return values. +.SH "NOTE" +.IX Header "NOTE" +Applications should use the higher level functions +\&\fIEVP_EncryptInit\fR\|(3) etc. instead of calling these +functions directly. +.PP +It is difficult to securely use stream ciphers. For example, do not perform +multiple encryptions using the same key stream. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_EncryptInit\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/RIPEMD160_Init.3 b/linux_amd64/ssl/share/man/man3/RIPEMD160_Init.3 new file mode 100755 index 0000000..d8da26b --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/RIPEMD160_Init.3 @@ -0,0 +1,205 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RIPEMD160_INIT 3" +.TH RIPEMD160_INIT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RIPEMD160, RIPEMD160_Init, RIPEMD160_Update, RIPEMD160_Final \- +RIPEMD\-160 hash function +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 2 +\& unsigned char *RIPEMD160(const unsigned char *d, unsigned long n, +\& unsigned char *md); +\& +\& int RIPEMD160_Init(RIPEMD160_CTX *c); +\& int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, unsigned long len); +\& int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. +Applications should instead use \fIEVP_DigestInit_ex\fR\|(3), \fIEVP_DigestUpdate\fR\|(3) +and \fIEVP_DigestFinal_ex\fR\|(3). +.PP +\&\s-1RIPEMD\-160\s0 is a cryptographic hash function with a +160 bit output. +.PP +\&\s-1\fIRIPEMD160\s0()\fR computes the \s-1RIPEMD\-160\s0 message digest of the \fBn\fR +bytes at \fBd\fR and places it in \fBmd\fR (which must have space for +\&\s-1RIPEMD160_DIGEST_LENGTH\s0 == 20 bytes of output). If \fBmd\fR is \s-1NULL\s0, the digest +is placed in a static array. +.PP +The following functions may be used if the message is not completely +stored in memory: +.PP +\&\fIRIPEMD160_Init()\fR initializes a \fB\s-1RIPEMD160_CTX\s0\fR structure. +.PP +\&\fIRIPEMD160_Update()\fR can be called repeatedly with chunks of the message to +be hashed (\fBlen\fR bytes at \fBdata\fR). +.PP +\&\fIRIPEMD160_Final()\fR places the message digest in \fBmd\fR, which must have +space for \s-1RIPEMD160_DIGEST_LENGTH\s0 == 20 bytes of output, and erases +the \fB\s-1RIPEMD160_CTX\s0\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\s-1\fIRIPEMD160\s0()\fR returns a pointer to the hash value. +.PP +\&\fIRIPEMD160_Init()\fR, \fIRIPEMD160_Update()\fR and \fIRIPEMD160_Final()\fR return 1 for +success, 0 otherwise. +.SH "NOTE" +.IX Header "NOTE" +Applications should use the higher level functions +\&\fIEVP_DigestInit\fR\|(3) etc. instead of calling these +functions directly. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1ISO/IEC\s0 10118\-3:2016 Dedicated Hash-Function 1 (\s-1RIPEMD\-160\s0). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_DigestInit\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/RSA_blinding_on.3 b/linux_amd64/ssl/share/man/man3/RSA_blinding_on.3 new file mode 100755 index 0000000..5ae6d7b --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/RSA_blinding_on.3 @@ -0,0 +1,167 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_BLINDING_ON 3" +.TH RSA_BLINDING_ON 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_blinding_on, RSA_blinding_off \- protect the RSA operation from timing attacks +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RSA_blinding_on(RSA *rsa, BN_CTX *ctx); +\& +\& void RSA_blinding_off(RSA *rsa); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1RSA\s0 is vulnerable to timing attacks. In a setup where attackers can +measure the time of \s-1RSA\s0 decryption or signature operations, blinding +must be used to protect the \s-1RSA\s0 operation from that attack. +.PP +\&\fIRSA_blinding_on()\fR turns blinding on for key \fBrsa\fR and generates a +random blinding factor. \fBctx\fR is \fB\s-1NULL\s0\fR or a pre-allocated and +initialized \fB\s-1BN_CTX\s0\fR. +.PP +\&\fIRSA_blinding_off()\fR turns blinding off and frees the memory used for +the blinding factor. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIRSA_blinding_on()\fR returns 1 on success, and 0 if an error occurred. +.PP +\&\fIRSA_blinding_off()\fR returns no value. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/RSA_check_key.3 b/linux_amd64/ssl/share/man/man3/RSA_check_key.3 new file mode 100755 index 0000000..89ce6c6 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/RSA_check_key.3 @@ -0,0 +1,216 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_CHECK_KEY 3" +.TH RSA_CHECK_KEY 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_check_key_ex, RSA_check_key \- validate private RSA keys +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& int RSA_check_key_ex(RSA *rsa, BN_GENCB *cb); +\& +\& int RSA_check_key(RSA *rsa); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Both of the functions described on this page are deprecated. +Applications should instead use \fIEVP_PKEY_public_check\fR\|(3), +\&\fIEVP_PKEY_private_check\fR\|(3) and \fIEVP_PKEY_pairwise_check\fR\|(3). +.PP +\&\fIRSA_check_key_ex()\fR function validates \s-1RSA\s0 keys. +It checks that \fBp\fR and \fBq\fR are +in fact prime, and that \fBn = p*q\fR. +.PP +It does not work on \s-1RSA\s0 public keys that have only the modulus +and public exponent elements populated. +It also checks that \fBd*e = 1 mod (p\-1*q\-1)\fR, +and that \fBdmp1\fR, \fBdmq1\fR and \fBiqmp\fR are set correctly or are \fB\s-1NULL\s0\fR. +It performs integrity checks on all +the \s-1RSA\s0 key material, so the \s-1RSA\s0 key structure must contain all the private +key data too. +Therefore, it cannot be used with any arbitrary \s-1RSA\s0 key object, +even if it is otherwise fit for regular \s-1RSA\s0 operation. +.PP +The \fBcb\fR parameter is a callback that will be invoked in the same +manner as \fIBN_is_prime_ex\fR\|(3). +.PP +\&\fIRSA_check_key()\fR is equivalent to \fIRSA_check_key_ex()\fR with a \s-1NULL\s0 \fBcb\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIRSA_check_key_ex()\fR and \fIRSA_check_key()\fR +return 1 if \fBrsa\fR is a valid \s-1RSA\s0 key, and 0 otherwise. +They return \-1 if an error occurs while checking the key. +.PP +If the key is invalid or an error occurred, the reason code can be +obtained using \fIERR_get_error\fR\|(3). +.SH "NOTES" +.IX Header "NOTES" +Unlike most other \s-1RSA\s0 functions, this function does \fBnot\fR work +transparently with any underlying \s-1ENGINE\s0 implementation because it uses the +key data in the \s-1RSA\s0 structure directly. An \s-1ENGINE\s0 implementation can +override the way key data is stored and handled, and can even provide +support for \s-1HSM\s0 keys \- in which case the \s-1RSA\s0 structure may contain \fBno\fR +key data at all! If the \s-1ENGINE\s0 in question is only being used for +acceleration or analysis purposes, then in all likelihood the \s-1RSA\s0 key data +is complete and untouched, but this can't be assumed in the general case. +.SH "BUGS" +.IX Header "BUGS" +A method of verifying the \s-1RSA\s0 key using opaque \s-1RSA\s0 \s-1API\s0 functions might need +to be considered. Right now \fIRSA_check_key()\fR simply uses the \s-1RSA\s0 structure +elements directly, bypassing the \s-1RSA_METHOD\s0 table altogether (and +completely violating encapsulation and object-orientation in the process). +The best fix will probably be to introduce a \*(L"\fIcheck_key()\fR\*(R" handler to the +\&\s-1RSA_METHOD\s0 function table so that alternative implementations can also +provide their own verifiers. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIBN_is_prime_ex\fR\|(3), +\&\fIERR_get_error\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. +.PP +\&\fIRSA_check_key_ex()\fR appeared after OpenSSL 1.0.2. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/RSA_generate_key.3 b/linux_amd64/ssl/share/man/man3/RSA_generate_key.3 new file mode 100755 index 0000000..07cc4dc --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/RSA_generate_key.3 @@ -0,0 +1,237 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_GENERATE_KEY 3" +.TH RSA_GENERATE_KEY 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_generate_key_ex, RSA_generate_key, +RSA_generate_multi_prime_key \- generate RSA key pair +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 2 +\& int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); +\& int RSA_generate_multi_prime_key(RSA *rsa, int bits, int primes, BIGNUM *e, BN_GENCB *cb); +.Ve +.PP +Deprecated since OpenSSL 0.9.8, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 2 +\& RSA *RSA_generate_key(int bits, unsigned long e, +\& void (*callback)(int, int, void *), void *cb_arg); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. +Applications should instead use \fIEVP_PKEY_keygen_init\fR\|(3) and +\&\fIEVP_PKEY_keygen\fR\|(3). +.PP +\&\fIRSA_generate_key_ex()\fR generates a 2\-prime \s-1RSA\s0 key pair and stores it in the +\&\fB\s-1RSA\s0\fR structure provided in \fBrsa\fR. The pseudo-random number generator must +be seeded prior to calling \fIRSA_generate_key_ex()\fR. +.PP +\&\fIRSA_generate_multi_prime_key()\fR generates a multi-prime \s-1RSA\s0 key pair and stores +it in the \fB\s-1RSA\s0\fR structure provided in \fBrsa\fR. The number of primes is given by +the \fBprimes\fR parameter. The random number generator must be seeded when +calling \fIRSA_generate_multi_prime_key()\fR. +If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to +external circumstances (see \s-1\fIRAND\s0\fR\|(7)), the operation will fail. +.PP +The modulus size will be of length \fBbits\fR, the number of primes to form the +modulus will be \fBprimes\fR, and the public exponent will be \fBe\fR. Key sizes +with \fBnum\fR < 1024 should be considered insecure. The exponent is an odd +number, typically 3, 17 or 65537. +.PP +In order to maintain adequate security level, the maximum number of permitted +\&\fBprimes\fR depends on modulus bit length: +.PP +.Vb 3 +\& <1024 | >=1024 | >=4096 | >=8192 +\& \-\-\-\-\-\-+\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\- +\& 2 | 3 | 4 | 5 +.Ve +.PP +A callback function may be used to provide feedback about the +progress of the key generation. If \fBcb\fR is not \fB\s-1NULL\s0\fR, it +will be called as follows using the \fIBN_GENCB_call()\fR function +described on the \fIBN_generate_prime\fR\|(3) page. +.PP +\&\fIRSA_generate_key()\fR is similar to \fIRSA_generate_key_ex()\fR but +expects an old-style callback function; see +\&\fIBN_generate_prime\fR\|(3) for information on the old-style callback. +.IP "\(bu" 2 +While a random prime number is generated, it is called as +described in \fIBN_generate_prime\fR\|(3). +.IP "\(bu" 2 +When the n\-th randomly generated prime is rejected as not +suitable for the key, \fBBN_GENCB_call(cb, 2, n)\fR is called. +.IP "\(bu" 2 +When a random p has been found with p\-1 relatively prime to \fBe\fR, +it is called as \fBBN_GENCB_call(cb, 3, 0)\fR. +.PP +The process is then repeated for prime q and other primes (if any) +with \fBBN_GENCB_call(cb, 3, i)\fR where \fBi\fR indicates the i\-th prime. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIRSA_generate_multi_prime_key()\fR returns 1 on success or 0 on error. +\&\fIRSA_generate_key_ex()\fR returns 1 on success or 0 on error. +The error codes can be obtained by \fIERR_get_error\fR\|(3). +.PP +\&\fIRSA_generate_key()\fR returns a pointer to the \s-1RSA\s0 structure or +\&\fB\s-1NULL\s0\fR if the key generation fails. +.SH "BUGS" +.IX Header "BUGS" +\&\fBBN_GENCB_call(cb, 2, x)\fR is used with two different meanings. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fIRAND_bytes\fR\|(3), \fIBN_generate_prime\fR\|(3), +\&\s-1\fIRAND\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. +.PP +\&\fIRSA_generate_key()\fR was deprecated in OpenSSL 0.9.8; use +\&\fIRSA_generate_key_ex()\fR instead. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/RSA_get0_key.3 b/linux_amd64/ssl/share/man/man3/RSA_get0_key.3 new file mode 100755 index 0000000..f0faaa9 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/RSA_get0_key.3 @@ -0,0 +1,305 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_GET0_KEY 3" +.TH RSA_GET0_KEY 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_set0_key, RSA_set0_factors, RSA_set0_crt_params, RSA_get0_key, +RSA_get0_factors, RSA_get0_crt_params, +RSA_get0_n, RSA_get0_e, RSA_get0_d, RSA_get0_p, RSA_get0_q, +RSA_get0_dmp1, RSA_get0_dmq1, RSA_get0_iqmp, RSA_get0_pss_params, +RSA_clear_flags, +RSA_test_flags, RSA_set_flags, RSA_get0_engine, RSA_get_multi_prime_extra_count, +RSA_get0_multi_prime_factors, RSA_get0_multi_prime_crt_params, +RSA_set0_multi_prime_params, RSA_get_version +\&\- Routines for getting and setting data in an RSA object +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d); +\& int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q); +\& int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp); +\& void RSA_get0_key(const RSA *r, +\& const BIGNUM **n, const BIGNUM **e, const BIGNUM **d); +\& void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q); +\& void RSA_get0_crt_params(const RSA *r, +\& const BIGNUM **dmp1, const BIGNUM **dmq1, +\& const BIGNUM **iqmp); +\& const BIGNUM *RSA_get0_n(const RSA *d); +\& const BIGNUM *RSA_get0_e(const RSA *d); +\& const BIGNUM *RSA_get0_d(const RSA *d); +\& const BIGNUM *RSA_get0_p(const RSA *d); +\& const BIGNUM *RSA_get0_q(const RSA *d); +\& const BIGNUM *RSA_get0_dmp1(const RSA *r); +\& const BIGNUM *RSA_get0_dmq1(const RSA *r); +\& const BIGNUM *RSA_get0_iqmp(const RSA *r); +\& const RSA_PSS_PARAMS *RSA_get0_pss_params(const RSA *r); +\& void RSA_clear_flags(RSA *r, int flags); +\& int RSA_test_flags(const RSA *r, int flags); +\& void RSA_set_flags(RSA *r, int flags); +\& ENGINE *RSA_get0_engine(RSA *r); +\& int RSA_get_multi_prime_extra_count(const RSA *r); +\& int RSA_get0_multi_prime_factors(const RSA *r, const BIGNUM *primes[]); +\& int RSA_get0_multi_prime_crt_params(const RSA *r, const BIGNUM *exps[], +\& const BIGNUM *coeffs[]); +\& int RSA_set0_multi_prime_params(RSA *r, BIGNUM *primes[], BIGNUM *exps[], +\& BIGNUM *coeffs[], int pnum); +\& int RSA_get_version(RSA *r); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +An \s-1RSA\s0 object contains the components for the public and private key, +\&\fBn\fR, \fBe\fR, \fBd\fR, \fBp\fR, \fBq\fR, \fBdmp1\fR, \fBdmq1\fR and \fBiqmp\fR. \fBn\fR is +the modulus common to both public and private key, \fBe\fR is the public +exponent and \fBd\fR is the private exponent. \fBp\fR, \fBq\fR, \fBdmp1\fR, +\&\fBdmq1\fR and \fBiqmp\fR are the factors for the second representation of a +private key (see PKCS#1 section 3 Key Types), where \fBp\fR and \fBq\fR are +the first and second factor of \fBn\fR and \fBdmp1\fR, \fBdmq1\fR and \fBiqmp\fR +are the exponents and coefficient for \s-1CRT\s0 calculations. +.PP +For multi-prime \s-1RSA\s0 (defined in \s-1RFC\s0 8017), there are also one or more +\&'triplet' in an \s-1RSA\s0 object. A triplet contains three members, \fBr\fR, \fBd\fR +and \fBt\fR. \fBr\fR is the additional prime besides \fBp\fR and \fBq\fR. \fBd\fR and +\&\fBt\fR are the exponent and coefficient for \s-1CRT\s0 calculations. +.PP +The \fBn\fR, \fBe\fR and \fBd\fR parameters can be obtained by calling +\&\fIRSA_get0_key()\fR. If they have not been set yet, then \fB*n\fR, \fB*e\fR and +\&\fB*d\fR will be set to \s-1NULL\s0. Otherwise, they are set to pointers to +their respective values. These point directly to the internal +representations of the values and therefore should not be freed +by the caller. +.PP +The \fBn\fR, \fBe\fR and \fBd\fR parameter values can be set by calling +\&\fIRSA_set0_key()\fR and passing the new values for \fBn\fR, \fBe\fR and \fBd\fR as +parameters to the function. The values \fBn\fR and \fBe\fR must be non-NULL +the first time this function is called on a given \s-1RSA\s0 object. The +value \fBd\fR may be \s-1NULL\s0. On subsequent calls any of these values may be +\&\s-1NULL\s0 which means the corresponding \s-1RSA\s0 field is left untouched. +Calling this function transfers the memory management of the values to +the \s-1RSA\s0 object, and therefore the values that have been passed in +should not be freed by the caller after this function has been called. +.PP +In a similar fashion, the \fBp\fR and \fBq\fR parameters can be obtained and +set with \fIRSA_get0_factors()\fR and \fIRSA_set0_factors()\fR, and the \fBdmp1\fR, +\&\fBdmq1\fR and \fBiqmp\fR parameters can be obtained and set with +\&\fIRSA_get0_crt_params()\fR and \fIRSA_set0_crt_params()\fR. +.PP +For \fIRSA_get0_key()\fR, \fIRSA_get0_factors()\fR, and \fIRSA_get0_crt_params()\fR, +\&\s-1NULL\s0 value \s-1BIGNUM\s0 ** output parameters are permitted. The functions +ignore \s-1NULL\s0 parameters but return values for other, non-NULL, parameters. +.PP +For multi-prime \s-1RSA\s0, \fIRSA_get0_multi_prime_factors()\fR and \fIRSA_get0_multi_prime_params()\fR +can be used to obtain other primes and related \s-1CRT\s0 parameters. The +return values are stored in an array of \fB\s-1BIGNUM\s0 *\fR. \fIRSA_set0_multi_prime_params()\fR +sets a collect of multi-prime 'triplet' members (prime, exponent and coefficient) +into an \s-1RSA\s0 object. +.PP +Any of the values \fBn\fR, \fBe\fR, \fBd\fR, \fBp\fR, \fBq\fR, \fBdmp1\fR, \fBdmq1\fR, and \fBiqmp\fR can also be +retrieved separately by the corresponding function +\&\fIRSA_get0_n()\fR, \fIRSA_get0_e()\fR, \fIRSA_get0_d()\fR, \fIRSA_get0_p()\fR, \fIRSA_get0_q()\fR, +\&\fIRSA_get0_dmp1()\fR, \fIRSA_get0_dmq1()\fR, and \fIRSA_get0_iqmp()\fR, respectively. +.PP +\&\fIRSA_get0_pss_params()\fR is used to retrieve the RSA-PSS parameters. +.PP +\&\fIRSA_set_flags()\fR sets the flags in the \fBflags\fR parameter on the \s-1RSA\s0 +object. Multiple flags can be passed in one go (bitwise ORed together). +Any flags that are already set are left set. \fIRSA_test_flags()\fR tests to +see whether the flags passed in the \fBflags\fR parameter are currently +set in the \s-1RSA\s0 object. Multiple flags can be tested in one go. All +flags that are currently set are returned, or zero if none of the +flags are set. \fIRSA_clear_flags()\fR clears the specified flags within the +\&\s-1RSA\s0 object. +.PP +\&\fIRSA_get0_engine()\fR returns a handle to the \s-1ENGINE\s0 that has been set for +this \s-1RSA\s0 object, or \s-1NULL\s0 if no such \s-1ENGINE\s0 has been set. +.PP +\&\fIRSA_get_version()\fR returns the version of an \s-1RSA\s0 object \fBr\fR. +.SH "NOTES" +.IX Header "NOTES" +Values retrieved with \fIRSA_get0_key()\fR are owned by the \s-1RSA\s0 object used +in the call and may therefore \fInot\fR be passed to \fIRSA_set0_key()\fR. If +needed, duplicate the received value using \fIBN_dup()\fR and pass the +duplicate. The same applies to \fIRSA_get0_factors()\fR and \fIRSA_set0_factors()\fR +as well as \fIRSA_get0_crt_params()\fR and \fIRSA_set0_crt_params()\fR. +.PP +The caller should obtain the size by calling \fIRSA_get_multi_prime_extra_count()\fR +in advance and allocate sufficient buffer to store the return values before +calling \fIRSA_get0_multi_prime_factors()\fR and \fIRSA_get0_multi_prime_params()\fR. +.PP +\&\fIRSA_set0_multi_prime_params()\fR always clears the original multi-prime +triplets in \s-1RSA\s0 object \fBr\fR and assign the new set of triplets into it. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIRSA_set0_key()\fR, \fIRSA_set0_factors()\fR, \fIRSA_set0_crt_params()\fR and +\&\fIRSA_set0_multi_prime_params()\fR return 1 on success or 0 on failure. +.PP +\&\fIRSA_get0_n()\fR, \fIRSA_get0_e()\fR, \fIRSA_get0_d()\fR, \fIRSA_get0_p()\fR, \fIRSA_get0_q()\fR, +\&\fIRSA_get0_dmp1()\fR, \fIRSA_get0_dmq1()\fR, and \fIRSA_get0_iqmp()\fR +return the respective value. +.PP +\&\fIRSA_get0_pss_params()\fR returns a \fB\s-1RSA_PSS_PARAMS\s0\fR pointer, or \s-1NULL\s0 if +there is none. +.PP +\&\fIRSA_get0_multi_prime_factors()\fR and \fIRSA_get0_multi_prime_crt_params()\fR return +1 on success or 0 on failure. +.PP +\&\fIRSA_get_multi_prime_extra_count()\fR returns two less than the number of primes +in use, which is 0 for traditional \s-1RSA\s0 and the number of extra primes for +multi-prime \s-1RSA\s0. +.PP +\&\fIRSA_get_version()\fR returns \fB\s-1RSA_ASN1_VERSION_MULTI\s0\fR for multi-prime \s-1RSA\s0 and +\&\fB\s-1RSA_ASN1_VERSION_DEFAULT\s0\fR for normal two-prime \s-1RSA\s0, as defined in \s-1RFC\s0 8017. +.PP +\&\fIRSA_test_flags()\fR returns the current state of the flags in the \s-1RSA\s0 object. +.PP +\&\fIRSA_get0_engine()\fR returns the \s-1ENGINE\s0 set for the \s-1RSA\s0 object or \s-1NULL\s0 if no +\&\s-1ENGINE\s0 has been set. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIRSA_new\fR\|(3), \fIRSA_size\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fIRSA_get0_pss_params()\fR function was added in OpenSSL 1.1.1e. +.PP +The +\&\fIRSA_get_multi_prime_extra_count()\fR, \fIRSA_get0_multi_prime_factors()\fR, +\&\fIRSA_get0_multi_prime_crt_params()\fR, \fIRSA_set0_multi_prime_params()\fR, +and \fIRSA_get_version()\fR functions were added in OpenSSL 1.1.1. +.PP +Other functions described here were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/RSA_meth_new.3 b/linux_amd64/ssl/share/man/man3/RSA_meth_new.3 new file mode 100755 index 0000000..7faf0f1 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/RSA_meth_new.3 @@ -0,0 +1,395 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_METH_NEW 3" +.TH RSA_METH_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_meth_get0_app_data, RSA_meth_set0_app_data, +RSA_meth_new, RSA_meth_free, RSA_meth_dup, RSA_meth_get0_name, +RSA_meth_set1_name, RSA_meth_get_flags, RSA_meth_set_flags, +RSA_meth_get_pub_enc, +RSA_meth_set_pub_enc, RSA_meth_get_pub_dec, RSA_meth_set_pub_dec, +RSA_meth_get_priv_enc, RSA_meth_set_priv_enc, RSA_meth_get_priv_dec, +RSA_meth_set_priv_dec, RSA_meth_get_mod_exp, RSA_meth_set_mod_exp, +RSA_meth_get_bn_mod_exp, RSA_meth_set_bn_mod_exp, RSA_meth_get_init, +RSA_meth_set_init, RSA_meth_get_finish, RSA_meth_set_finish, +RSA_meth_get_sign, RSA_meth_set_sign, RSA_meth_get_verify, +RSA_meth_set_verify, RSA_meth_get_keygen, RSA_meth_set_keygen, +RSA_meth_get_multi_prime_keygen, RSA_meth_set_multi_prime_keygen +\&\- Routines to build up RSA methods +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 2 +\& RSA_METHOD *RSA_meth_new(const char *name, int flags); +\& void RSA_meth_free(RSA_METHOD *meth); +\& +\& RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth); +\& +\& const char *RSA_meth_get0_name(const RSA_METHOD *meth); +\& int RSA_meth_set1_name(RSA_METHOD *meth, const char *name); +\& +\& int RSA_meth_get_flags(const RSA_METHOD *meth); +\& int RSA_meth_set_flags(RSA_METHOD *meth, int flags); +\& +\& void *RSA_meth_get0_app_data(const RSA_METHOD *meth); +\& int RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data); +\& +\& int (*RSA_meth_get_pub_enc(const RSA_METHOD *meth))(int flen, const unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding); +\& int RSA_meth_set_pub_enc(RSA_METHOD *rsa, +\& int (*pub_enc)(int flen, const unsigned char *from, +\& unsigned char *to, RSA *rsa, +\& int padding)); +\& +\& int (*RSA_meth_get_pub_dec(const RSA_METHOD *meth)) +\& (int flen, const unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding); +\& int RSA_meth_set_pub_dec(RSA_METHOD *rsa, +\& int (*pub_dec)(int flen, const unsigned char *from, +\& unsigned char *to, RSA *rsa, +\& int padding)); +\& +\& int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth))(int flen, const unsigned char *from, +\& unsigned char *to, RSA *rsa, +\& int padding); +\& int RSA_meth_set_priv_enc(RSA_METHOD *rsa, +\& int (*priv_enc)(int flen, const unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding)); +\& +\& int (*RSA_meth_get_priv_dec(const RSA_METHOD *meth))(int flen, const unsigned char *from, +\& unsigned char *to, RSA *rsa, +\& int padding); +\& int RSA_meth_set_priv_dec(RSA_METHOD *rsa, +\& int (*priv_dec)(int flen, const unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding)); +\& +\& /* Can be null */ +\& int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth))(BIGNUM *r0, const BIGNUM *i, +\& RSA *rsa, BN_CTX *ctx); +\& int RSA_meth_set_mod_exp(RSA_METHOD *rsa, +\& int (*mod_exp)(BIGNUM *r0, const BIGNUM *i, RSA *rsa, +\& BN_CTX *ctx)); +\& +\& /* Can be null */ +\& int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth))(BIGNUM *r, const BIGNUM *a, +\& const BIGNUM *p, const BIGNUM *m, +\& BN_CTX *ctx, BN_MONT_CTX *m_ctx); +\& int RSA_meth_set_bn_mod_exp(RSA_METHOD *rsa, +\& int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, +\& const BIGNUM *p, const BIGNUM *m, +\& BN_CTX *ctx, BN_MONT_CTX *m_ctx)); +\& +\& /* called at new */ +\& int (*RSA_meth_get_init(const RSA_METHOD *meth) (RSA *rsa); +\& int RSA_meth_set_init(RSA_METHOD *rsa, int (*init (RSA *rsa)); +\& +\& /* called at free */ +\& int (*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa); +\& int RSA_meth_set_finish(RSA_METHOD *rsa, int (*finish)(RSA *rsa)); +\& +\& int (*RSA_meth_get_sign(const RSA_METHOD *meth))(int type, const unsigned char *m, +\& unsigned int m_length, +\& unsigned char *sigret, +\& unsigned int *siglen, const RSA *rsa); +\& int RSA_meth_set_sign(RSA_METHOD *rsa, +\& int (*sign)(int type, const unsigned char *m, +\& unsigned int m_length, unsigned char *sigret, +\& unsigned int *siglen, const RSA *rsa)); +\& +\& int (*RSA_meth_get_verify(const RSA_METHOD *meth))(int dtype, const unsigned char *m, +\& unsigned int m_length, +\& const unsigned char *sigbuf, +\& unsigned int siglen, const RSA *rsa); +\& int RSA_meth_set_verify(RSA_METHOD *rsa, +\& int (*verify)(int dtype, const unsigned char *m, +\& unsigned int m_length, +\& const unsigned char *sigbuf, +\& unsigned int siglen, const RSA *rsa)); +\& +\& int (*RSA_meth_get_keygen(const RSA_METHOD *meth))(RSA *rsa, int bits, BIGNUM *e, +\& BN_GENCB *cb); +\& int RSA_meth_set_keygen(RSA_METHOD *rsa, +\& int (*keygen)(RSA *rsa, int bits, BIGNUM *e, +\& BN_GENCB *cb)); +\& +\& int (*RSA_meth_get_multi_prime_keygen(const RSA_METHOD *meth))(RSA *rsa, int bits, +\& int primes, BIGNUM *e, +\& BN_GENCB *cb); +\& +\& int RSA_meth_set_multi_prime_keygen(RSA_METHOD *meth, +\& int (*keygen) (RSA *rsa, int bits, +\& int primes, BIGNUM *e, +\& BN_GENCB *cb)); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. +Applications should instead use the \s-1OSSL_PROVIDER\s0 APIs. +.PP +The \fB\s-1RSA_METHOD\s0\fR type is a structure used for the provision of custom +\&\s-1RSA\s0 implementations. It provides a set of functions used by OpenSSL +for the implementation of the various \s-1RSA\s0 capabilities. +.PP +\&\fIRSA_meth_new()\fR creates a new \fB\s-1RSA_METHOD\s0\fR structure. It should be +given a unique \fBname\fR and a set of \fBflags\fR. The \fBname\fR should be a +\&\s-1NULL\s0 terminated string, which will be duplicated and stored in the +\&\fB\s-1RSA_METHOD\s0\fR object. It is the callers responsibility to free the +original string. The flags will be used during the construction of a +new \fB\s-1RSA\s0\fR object based on this \fB\s-1RSA_METHOD\s0\fR. Any new \fB\s-1RSA\s0\fR object +will have those flags set by default. +.PP +\&\fIRSA_meth_dup()\fR creates a duplicate copy of the \fB\s-1RSA_METHOD\s0\fR object +passed as a parameter. This might be useful for creating a new +\&\fB\s-1RSA_METHOD\s0\fR based on an existing one, but with some differences. +.PP +\&\fIRSA_meth_free()\fR destroys an \fB\s-1RSA_METHOD\s0\fR structure and frees up any +memory associated with it. +.PP +\&\fIRSA_meth_get0_name()\fR will return a pointer to the name of this +\&\s-1RSA_METHOD\s0. This is a pointer to the internal name string and so +should not be freed by the caller. \fIRSA_meth_set1_name()\fR sets the name +of the \s-1RSA_METHOD\s0 to \fBname\fR. The string is duplicated and the copy is +stored in the \s-1RSA_METHOD\s0 structure, so the caller remains responsible +for freeing the memory associated with the name. +.PP +\&\fIRSA_meth_get_flags()\fR returns the current value of the flags associated +with this \s-1RSA_METHOD\s0. \fIRSA_meth_set_flags()\fR provides the ability to set +these flags. +.PP +The functions \fIRSA_meth_get0_app_data()\fR and \fIRSA_meth_set0_app_data()\fR +provide the ability to associate implementation specific data with the +\&\s-1RSA_METHOD\s0. It is the application's responsibility to free this data +before the \s-1RSA_METHOD\s0 is freed via a call to \fIRSA_meth_free()\fR. +.PP +\&\fIRSA_meth_get_sign()\fR and \fIRSA_meth_set_sign()\fR get and set the function +used for creating an \s-1RSA\s0 signature respectively. This function will be +called in response to the application calling \fIRSA_sign()\fR. The +parameters for the function have the same meaning as for \fIRSA_sign()\fR. +.PP +\&\fIRSA_meth_get_verify()\fR and \fIRSA_meth_set_verify()\fR get and set the +function used for verifying an \s-1RSA\s0 signature respectively. This +function will be called in response to the application calling +\&\fIRSA_verify()\fR. The parameters for the function have the same meaning as +for \fIRSA_verify()\fR. +.PP +\&\fIRSA_meth_get_mod_exp()\fR and \fIRSA_meth_set_mod_exp()\fR get and set the +function used for \s-1CRT\s0 computations. +.PP +\&\fIRSA_meth_get_bn_mod_exp()\fR and \fIRSA_meth_set_bn_mod_exp()\fR get and set +the function used for \s-1CRT\s0 computations, specifically the following +value: +.PP +.Vb 1 +\& r = a ^ p mod m +.Ve +.PP +Both the \fImod_exp()\fR and \fIbn_mod_exp()\fR functions are called by the +default OpenSSL method during encryption, decryption, signing and +verification. +.PP +\&\fIRSA_meth_get_init()\fR and \fIRSA_meth_set_init()\fR get and set the function +used for creating a new \s-1RSA\s0 instance respectively. This function will +be called in response to the application calling \fIRSA_new()\fR (if the +current default \s-1RSA_METHOD\s0 is this one) or \fIRSA_new_method()\fR. The +\&\fIRSA_new()\fR and \fIRSA_new_method()\fR functions will allocate the memory for +the new \s-1RSA\s0 object, and a pointer to this newly allocated structure +will be passed as a parameter to the function. This function may be +\&\s-1NULL\s0. +.PP +\&\fIRSA_meth_get_finish()\fR and \fIRSA_meth_set_finish()\fR get and set the +function used for destroying an instance of an \s-1RSA\s0 object respectively. +This function will be called in response to the application calling +\&\fIRSA_free()\fR. A pointer to the \s-1RSA\s0 to be destroyed is passed as a +parameter. The destroy function should be used for \s-1RSA\s0 implementation +specific clean up. The memory for the \s-1RSA\s0 itself should not be freed +by this function. This function may be \s-1NULL\s0. +.PP +\&\fIRSA_meth_get_keygen()\fR and \fIRSA_meth_set_keygen()\fR get and set the +function used for generating a new \s-1RSA\s0 key pair respectively. This +function will be called in response to the application calling +\&\fIRSA_generate_key_ex()\fR. The parameter for the function has the same +meaning as for \fIRSA_generate_key_ex()\fR. +.PP +\&\fIRSA_meth_get_multi_prime_keygen()\fR and \fIRSA_meth_set_multi_prime_keygen()\fR get +and set the function used for generating a new multi-prime \s-1RSA\s0 key pair +respectively. This function will be called in response to the application calling +\&\fIRSA_generate_multi_prime_key()\fR. The parameter for the function has the same +meaning as for \fIRSA_generate_multi_prime_key()\fR. +.PP +\&\fIRSA_meth_get_pub_enc()\fR, \fIRSA_meth_set_pub_enc()\fR, +\&\fIRSA_meth_get_pub_dec()\fR, \fIRSA_meth_set_pub_dec()\fR, +\&\fIRSA_meth_get_priv_enc()\fR, \fIRSA_meth_set_priv_enc()\fR, +\&\fIRSA_meth_get_priv_dec()\fR, \fIRSA_meth_set_priv_dec()\fR get and set the +functions used for public and private key encryption and decryption. +These functions will be called in response to the application calling +\&\fIRSA_public_encrypt()\fR, \fIRSA_private_decrypt()\fR, \fIRSA_private_encrypt()\fR and +\&\fIRSA_public_decrypt()\fR and take the same parameters as those. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIRSA_meth_new()\fR and \fIRSA_meth_dup()\fR return the newly allocated +\&\s-1RSA_METHOD\s0 object or \s-1NULL\s0 on failure. +.PP +\&\fIRSA_meth_get0_name()\fR and \fIRSA_meth_get_flags()\fR return the name and +flags associated with the \s-1RSA_METHOD\s0 respectively. +.PP +All other RSA_meth_get_*() functions return the appropriate function +pointer that has been set in the \s-1RSA_METHOD\s0, or \s-1NULL\s0 if no such +pointer has yet been set. +.PP +RSA_meth_set1_name and all RSA_meth_set_*() functions return 1 on +success or 0 on failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIRSA_new\fR\|(3), \fIRSA_generate_key_ex\fR\|(3), \fIRSA_sign\fR\|(3), +\&\fIRSA_set_method\fR\|(3), \fIRSA_size\fR\|(3), \fIRSA_get0_key\fR\|(3), +\&\fIRSA_generate_multi_prime_key\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. +.PP +\&\fIRSA_meth_get_multi_prime_keygen()\fR and \fIRSA_meth_set_multi_prime_keygen()\fR were +added in OpenSSL 1.1.1. +.PP +Other functions described here were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/RSA_new.3 b/linux_amd64/ssl/share/man/man3/RSA_new.3 new file mode 100755 index 0000000..b51bc8d --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/RSA_new.3 @@ -0,0 +1,170 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_NEW 3" +.TH RSA_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_new, RSA_free \- allocate and free RSA objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& RSA *RSA_new(void); +\& +\& void RSA_free(RSA *rsa); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIRSA_new()\fR allocates and initializes an \fB\s-1RSA\s0\fR structure. It is equivalent to +calling RSA_new_method(\s-1NULL\s0). +.PP +\&\fIRSA_free()\fR frees the \fB\s-1RSA\s0\fR structure and its components. The key is +erased before the memory is returned to the system. +If \fBrsa\fR is \s-1NULL\s0 nothing is done. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +If the allocation fails, \fIRSA_new()\fR returns \fB\s-1NULL\s0\fR and sets an error +code that can be obtained by \fIERR_get_error\fR\|(3). Otherwise it returns +a pointer to the newly allocated structure. +.PP +\&\fIRSA_free()\fR returns no value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), +\&\fIRSA_generate_key\fR\|(3), +\&\fIRSA_new_method\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/RSA_padding_add_PKCS1_type_1.3 b/linux_amd64/ssl/share/man/man3/RSA_padding_add_PKCS1_type_1.3 new file mode 100755 index 0000000..c8b04f1 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/RSA_padding_add_PKCS1_type_1.3 @@ -0,0 +1,285 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_PADDING_ADD_PKCS1_TYPE_1 3" +.TH RSA_PADDING_ADD_PKCS1_TYPE_1 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_padding_add_PKCS1_type_1, RSA_padding_check_PKCS1_type_1, +RSA_padding_add_PKCS1_type_2, RSA_padding_check_PKCS1_type_2, +RSA_padding_add_PKCS1_OAEP, RSA_padding_check_PKCS1_OAEP, +RSA_padding_add_PKCS1_OAEP_mgf1, RSA_padding_check_PKCS1_OAEP_mgf1, +RSA_padding_add_SSLv23, RSA_padding_check_SSLv23, +RSA_padding_add_none, RSA_padding_check_none \- asymmetric encryption +padding +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 2 +\& int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen, +\& const unsigned char *f, int fl); +\& +\& int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen, +\& const unsigned char *f, int fl, int rsa_len); +\& +\& int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen, +\& const unsigned char *f, int fl); +\& +\& int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, +\& const unsigned char *f, int fl, int rsa_len); +\& +\& int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, +\& const unsigned char *f, int fl, +\& const unsigned char *p, int pl); +\& +\& int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, +\& const unsigned char *f, int fl, int rsa_len, +\& const unsigned char *p, int pl); +\& +\& int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, +\& const unsigned char *f, int fl, +\& const unsigned char *p, int pl, +\& const EVP_MD *md, const EVP_MD *mgf1md); +\& +\& int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, +\& const unsigned char *f, int fl, int rsa_len, +\& const unsigned char *p, int pl, +\& const EVP_MD *md, const EVP_MD *mgf1md); +\& +\& int RSA_padding_add_SSLv23(unsigned char *to, int tlen, +\& const unsigned char *f, int fl); +\& +\& int RSA_padding_check_SSLv23(unsigned char *to, int tlen, +\& const unsigned char *f, int fl, int rsa_len); +\& +\& int RSA_padding_add_none(unsigned char *to, int tlen, +\& const unsigned char *f, int fl); +\& +\& int RSA_padding_check_none(unsigned char *to, int tlen, +\& const unsigned char *f, int fl, int rsa_len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. +Applications should instead use the \s-1EVP\s0 \s-1PKEY\s0 APIs. +.PP +The \fIRSA_padding_xxx_xxx()\fR functions are called from the \s-1RSA\s0 encrypt, +decrypt, sign and verify functions. Normally they should not be called +from application programs. +.PP +However, they can also be called directly to implement padding for other +asymmetric ciphers. \fIRSA_padding_add_PKCS1_OAEP()\fR and +\&\fIRSA_padding_check_PKCS1_OAEP()\fR may be used in an application combined +with \fB\s-1RSA_NO_PADDING\s0\fR in order to implement \s-1OAEP\s0 with an encoding +parameter. +.PP +\&\fIRSA_padding_add_xxx()\fR encodes \fBfl\fR bytes from \fBf\fR so as to fit into +\&\fBtlen\fR bytes and stores the result at \fBto\fR. An error occurs if \fBfl\fR +does not meet the size requirements of the encoding method. +.PP +The following encoding methods are implemented: +.IP "PKCS1_type_1" 4 +.IX Item "PKCS1_type_1" +\&\s-1PKCS\s0 #1 v2.0 EMSA\-PKCS1\-v1_5 (\s-1PKCS\s0 #1 v1.5 block type 1); used for signatures +.IP "PKCS1_type_2" 4 +.IX Item "PKCS1_type_2" +\&\s-1PKCS\s0 #1 v2.0 EME\-PKCS1\-v1_5 (\s-1PKCS\s0 #1 v1.5 block type 2) +.IP "\s-1PKCS1_OAEP\s0" 4 +.IX Item "PKCS1_OAEP" +\&\s-1PKCS\s0 #1 v2.0 EME-OAEP +.IP "SSLv23" 4 +.IX Item "SSLv23" +\&\s-1PKCS\s0 #1 EME\-PKCS1\-v1_5 with SSL-specific modification +.IP "none" 4 +.IX Item "none" +simply copy the data +.PP +The random number generator must be seeded prior to calling +\&\fIRSA_padding_add_xxx()\fR. +If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to +external circumstances (see \s-1\fIRAND\s0\fR\|(7)), the operation will fail. +.PP +\&\fIRSA_padding_check_xxx()\fR verifies that the \fBfl\fR bytes at \fBf\fR contain +a valid encoding for a \fBrsa_len\fR byte \s-1RSA\s0 key in the respective +encoding method and stores the recovered data of at most \fBtlen\fR bytes +(for \fB\s-1RSA_NO_PADDING\s0\fR: of size \fBtlen\fR) +at \fBto\fR. +.PP +For \fIRSA_padding_xxx_OAEP()\fR, \fBp\fR points to the encoding parameter +of length \fBpl\fR. \fBp\fR may be \fB\s-1NULL\s0\fR if \fBpl\fR is 0. +.PP +For \fIRSA_padding_xxx_OAEP_mgf1()\fR, \fBmd\fR points to the md hash, +if \fBmd\fR is \fB\s-1NULL\s0\fR that means md=sha1, and \fBmgf1md\fR points to +the mgf1 hash, if \fBmgf1md\fR is \fB\s-1NULL\s0\fR that means mgf1md=md. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The \fIRSA_padding_add_xxx()\fR functions return 1 on success, 0 on error. +The \fIRSA_padding_check_xxx()\fR functions return the length of the +recovered data, \-1 on error. Error codes can be obtained by calling +\&\fIERR_get_error\fR\|(3). +.SH "WARNINGS" +.IX Header "WARNINGS" +The result of \fIRSA_padding_check_PKCS1_type_2()\fR is a very sensitive +information which can potentially be used to mount a Bleichenbacher +padding oracle attack. This is an inherent weakness in the \s-1PKCS\s0 #1 +v1.5 padding design. Prefer \s-1PKCS1_OAEP\s0 padding. If that is not +possible, the result of \fIRSA_padding_check_PKCS1_type_2()\fR should be +checked in constant time if it matches the expected length of the +plaintext and additionally some application specific consistency +checks on the plaintext need to be performed in constant time. +If the plaintext is rejected it must be kept secret which of the +checks caused the application to reject the message. +Do not remove the zero-padding from the decrypted raw \s-1RSA\s0 data +which was computed by \fIRSA_private_decrypt()\fR with \fB\s-1RSA_NO_PADDING\s0\fR, +as this would create a small timing side channel which could be +used to mount a Bleichenbacher attack against any padding mode +including \s-1PKCS1_OAEP\s0. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIRSA_public_encrypt\fR\|(3), +\&\fIRSA_private_decrypt\fR\|(3), +\&\fIRSA_sign\fR\|(3), \fIRSA_verify\fR\|(3), +\&\s-1\fIRAND\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/RSA_print.3 b/linux_amd64/ssl/share/man/man3/RSA_print.3 new file mode 100755 index 0000000..c68a52e --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/RSA_print.3 @@ -0,0 +1,204 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_PRINT 3" +.TH RSA_PRINT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_print, RSA_print_fp, +DSAparams_print, DSAparams_print_fp, DSA_print, DSA_print_fp, +DHparams_print, DHparams_print_fp \- print cryptographic parameters +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 2 +\& int RSA_print(BIO *bp, RSA *x, int offset); +\& int RSA_print_fp(FILE *fp, RSA *x, int offset); +\& +\& #include +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 4 +\& int DSAparams_print(BIO *bp, DSA *x); +\& int DSAparams_print_fp(FILE *fp, DSA *x); +\& int DSA_print(BIO *bp, DSA *x, int offset); +\& int DSA_print_fp(FILE *fp, DSA *x, int offset); +\& +\& #include +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 2 +\& int DHparams_print(BIO *bp, DH *x); +\& int DHparams_print_fp(FILE *fp, DH *x); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. +Applications should instead use \fIEVP_PKEY_print_params\fR\|(3) and +\&\fIEVP_PKEY_print_private\fR\|(3). +.PP +A human-readable hexadecimal output of the components of the \s-1RSA\s0 +key, \s-1DSA\s0 parameters or key or \s-1DH\s0 parameters is printed to \fBbp\fR or \fBfp\fR. +.PP +The output lines are indented by \fBoffset\fR spaces. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return 1 on success, 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +.Vb 3 +\& L, +\& L, +\& L +.Ve +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/RSA_private_encrypt.3 b/linux_amd64/ssl/share/man/man3/RSA_private_encrypt.3 new file mode 100755 index 0000000..cae2071 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/RSA_private_encrypt.3 @@ -0,0 +1,204 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_PRIVATE_ENCRYPT 3" +.TH RSA_PRIVATE_ENCRYPT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_private_encrypt, RSA_public_decrypt \- low level signature operations +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 2 +\& int RSA_private_encrypt(int flen, unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding); +\& +\& int RSA_public_decrypt(int flen, unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Both of the functions described on this page are deprecated. +Applications should instead use \fIEVP_PKEY_encrypt_init\fR\|(3), +\&\fIEVP_PKEY_encrypt\fR\|(3), \fIEVP_PKEY_decrypt_init\fR\|(3) and \fIEVP_PKEY_decrypt\fR\|(3). +.PP +These functions handle \s-1RSA\s0 signatures at a low level. +.PP +\&\fIRSA_private_encrypt()\fR signs the \fBflen\fR bytes at \fBfrom\fR (usually a +message digest with an algorithm identifier) using the private key +\&\fBrsa\fR and stores the signature in \fBto\fR. \fBto\fR must point to +\&\fBRSA_size(rsa)\fR bytes of memory. +.PP +\&\fBpadding\fR denotes one of the following modes: +.IP "\s-1RSA_PKCS1_PADDING\s0" 4 +.IX Item "RSA_PKCS1_PADDING" +\&\s-1PKCS\s0 #1 v1.5 padding. This function does not handle the +\&\fBalgorithmIdentifier\fR specified in \s-1PKCS\s0 #1. When generating or +verifying \s-1PKCS\s0 #1 signatures, \fIRSA_sign\fR\|(3) and \fIRSA_verify\fR\|(3) should be +used. +.IP "\s-1RSA_NO_PADDING\s0" 4 +.IX Item "RSA_NO_PADDING" +Raw \s-1RSA\s0 signature. This mode should \fIonly\fR be used to implement +cryptographically sound padding modes in the application code. +Signing user data directly with \s-1RSA\s0 is insecure. +.PP +\&\fIRSA_public_decrypt()\fR recovers the message digest from the \fBflen\fR +bytes long signature at \fBfrom\fR using the signer's public key +\&\fBrsa\fR. \fBto\fR must point to a memory section large enough to hold the +message digest (which is smaller than \fBRSA_size(rsa) \- +11\fR). \fBpadding\fR is the padding mode that was used to sign the data. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIRSA_private_encrypt()\fR returns the size of the signature (i.e., +RSA_size(rsa)). \fIRSA_public_decrypt()\fR returns the size of the +recovered message digest. +.PP +On error, \-1 is returned; the error codes can be +obtained by \fIERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), +\&\fIRSA_sign\fR\|(3), \fIRSA_verify\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +Both of these functions were deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/RSA_public_encrypt.3 b/linux_amd64/ssl/share/man/man3/RSA_public_encrypt.3 new file mode 100755 index 0000000..97d2a2b --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/RSA_public_encrypt.3 @@ -0,0 +1,235 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_PUBLIC_ENCRYPT 3" +.TH RSA_PUBLIC_ENCRYPT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_public_encrypt, RSA_private_decrypt \- RSA public key cryptography +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 2 +\& int RSA_public_encrypt(int flen, const unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding); +\& +\& int RSA_private_decrypt(int flen, const unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Both of the functions described on this page are deprecated. +Applications should instead use \fIEVP_PKEY_encrypt_init\fR\|(3), +\&\fIEVP_PKEY_encrypt\fR\|(3), \fIEVP_PKEY_decrypt_init\fR\|(3) and \fIEVP_PKEY_decrypt\fR\|(3). +.PP +\&\fIRSA_public_encrypt()\fR encrypts the \fBflen\fR bytes at \fBfrom\fR (usually a +session key) using the public key \fBrsa\fR and stores the ciphertext in +\&\fBto\fR. \fBto\fR must point to RSA_size(\fBrsa\fR) bytes of memory. +.PP +\&\fBpadding\fR denotes one of the following modes: +.IP "\s-1RSA_PKCS1_PADDING\s0" 4 +.IX Item "RSA_PKCS1_PADDING" +\&\s-1PKCS\s0 #1 v1.5 padding. This currently is the most widely used mode. +However, it is highly recommended to use \s-1RSA_PKCS1_OAEP_PADDING\s0 in +new applications. \s-1SEE\s0 \s-1WARNING\s0 \s-1BELOW\s0. +.IP "\s-1RSA_PKCS1_OAEP_PADDING\s0" 4 +.IX Item "RSA_PKCS1_OAEP_PADDING" +EME-OAEP as defined in \s-1PKCS\s0 #1 v2.0 with \s-1SHA\-1\s0, \s-1MGF1\s0 and an empty +encoding parameter. This mode is recommended for all new applications. +.IP "\s-1RSA_SSLV23_PADDING\s0" 4 +.IX Item "RSA_SSLV23_PADDING" +\&\s-1PKCS\s0 #1 v1.5 padding with an SSL-specific modification that denotes +that the server is \s-1SSL3\s0 capable. +.IP "\s-1RSA_NO_PADDING\s0" 4 +.IX Item "RSA_NO_PADDING" +Raw \s-1RSA\s0 encryption. This mode should \fIonly\fR be used to implement +cryptographically sound padding modes in the application code. +Encrypting user data directly with \s-1RSA\s0 is insecure. +.PP +\&\fBflen\fR must not be more than RSA_size(\fBrsa\fR) \- 11 for the \s-1PKCS\s0 #1 v1.5 +based padding modes, not more than RSA_size(\fBrsa\fR) \- 42 for +\&\s-1RSA_PKCS1_OAEP_PADDING\s0 and exactly RSA_size(\fBrsa\fR) for \s-1RSA_NO_PADDING\s0. +When a padding mode other than \s-1RSA_NO_PADDING\s0 is in use, then +\&\fIRSA_public_encrypt()\fR will include some random bytes into the ciphertext +and therefore the ciphertext will be different each time, even if the +plaintext and the public key are exactly identical. +The returned ciphertext in \fBto\fR will always be zero padded to exactly +RSA_size(\fBrsa\fR) bytes. +\&\fBto\fR and \fBfrom\fR may overlap. +.PP +\&\fIRSA_private_decrypt()\fR decrypts the \fBflen\fR bytes at \fBfrom\fR using the +private key \fBrsa\fR and stores the plaintext in \fBto\fR. \fBflen\fR should +be equal to RSA_size(\fBrsa\fR) but may be smaller, when leading zero +bytes are in the ciphertext. Those are not important and may be removed, +but \fIRSA_public_encrypt()\fR does not do that. \fBto\fR must point +to a memory section large enough to hold the maximal possible decrypted +data (which is equal to RSA_size(\fBrsa\fR) for \s-1RSA_NO_PADDING\s0, +RSA_size(\fBrsa\fR) \- 11 for the \s-1PKCS\s0 #1 v1.5 based padding modes and +RSA_size(\fBrsa\fR) \- 42 for \s-1RSA_PKCS1_OAEP_PADDING\s0). +\&\fBpadding\fR is the padding mode that was used to encrypt the data. +\&\fBto\fR and \fBfrom\fR may overlap. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIRSA_public_encrypt()\fR returns the size of the encrypted data (i.e., +RSA_size(\fBrsa\fR)). \fIRSA_private_decrypt()\fR returns the size of the +recovered plaintext. A return value of 0 is not an error and +means only that the plaintext was empty. +.PP +On error, \-1 is returned; the error codes can be +obtained by \fIERR_get_error\fR\|(3). +.SH "WARNINGS" +.IX Header "WARNINGS" +Decryption failures in the \s-1RSA_PKCS1_PADDING\s0 mode leak information +which can potentially be used to mount a Bleichenbacher padding oracle +attack. This is an inherent weakness in the \s-1PKCS\s0 #1 v1.5 padding +design. Prefer \s-1RSA_PKCS1_OAEP_PADDING\s0. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1SSL\s0, \s-1PKCS\s0 #1 v2.0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fIRAND_bytes\fR\|(3), +\&\fIRSA_size\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +Both of these functions were deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/RSA_set_method.3 b/linux_amd64/ssl/share/man/man3/RSA_set_method.3 new file mode 100755 index 0000000..f144aae --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/RSA_set_method.3 @@ -0,0 +1,319 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_SET_METHOD 3" +.TH RSA_SET_METHOD 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_set_default_method, RSA_get_default_method, RSA_set_method, +RSA_get_method, RSA_PKCS1_OpenSSL, RSA_flags, +RSA_new_method \- select RSA method +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& void RSA_set_default_method(const RSA_METHOD *meth); +\& +\& RSA_METHOD *RSA_get_default_method(void); +\& +\& int RSA_set_method(RSA *rsa, const RSA_METHOD *meth); +\& +\& RSA_METHOD *RSA_get_method(const RSA *rsa); +\& +\& RSA_METHOD *RSA_PKCS1_OpenSSL(void); +\& +\& int RSA_flags(const RSA *rsa); +\& +\& RSA *RSA_new_method(ENGINE *engine); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. +Applications should instead use the \s-1OSSL_PROVIDER\s0 APIs. +.PP +An \fB\s-1RSA_METHOD\s0\fR specifies the functions that OpenSSL uses for \s-1RSA\s0 +operations. By modifying the method, alternative implementations such as +hardware accelerators may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for +important information about how these \s-1RSA\s0 \s-1API\s0 functions are affected by the +use of \fB\s-1ENGINE\s0\fR \s-1API\s0 calls. +.PP +Initially, the default \s-1RSA_METHOD\s0 is the OpenSSL internal implementation, +as returned by \fIRSA_PKCS1_OpenSSL()\fR. +.PP +\&\fIRSA_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1RSA\s0 +structures created later. +\&\fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has +been set as a default for \s-1RSA\s0, so this function is no longer recommended. +This function is not thread-safe and should not be called at the same time +as other OpenSSL functions. +.PP +\&\fIRSA_get_default_method()\fR returns a pointer to the current default +\&\s-1RSA_METHOD\s0. However, the meaningfulness of this result is dependent on +whether the \s-1ENGINE\s0 \s-1API\s0 is being used, so this function is no longer +recommended. +.PP +\&\fIRSA_set_method()\fR selects \fBmeth\fR to perform all operations using the key +\&\fBrsa\fR. This will replace the \s-1RSA_METHOD\s0 used by the \s-1RSA\s0 key and if the +previous method was supplied by an \s-1ENGINE\s0, the handle to that \s-1ENGINE\s0 will +be released during the change. It is possible to have \s-1RSA\s0 keys that only +work with certain \s-1RSA_METHOD\s0 implementations (eg. from an \s-1ENGINE\s0 module +that supports embedded hardware-protected keys), and in such cases +attempting to change the \s-1RSA_METHOD\s0 for the key can have unexpected +results. +.PP +\&\fIRSA_get_method()\fR returns a pointer to the \s-1RSA_METHOD\s0 being used by \fBrsa\fR. +This method may or may not be supplied by an \s-1ENGINE\s0 implementation, but if +it is, the return value can only be guaranteed to be valid as long as the +\&\s-1RSA\s0 key itself is valid and does not have its implementation changed by +\&\fIRSA_set_method()\fR. +.PP +\&\fIRSA_flags()\fR returns the \fBflags\fR that are set for \fBrsa\fR's current +\&\s-1RSA_METHOD\s0. See the \s-1BUGS\s0 section. +.PP +\&\fIRSA_new_method()\fR allocates and initializes an \s-1RSA\s0 structure so that +\&\fBengine\fR will be used for the \s-1RSA\s0 operations. If \fBengine\fR is \s-1NULL\s0, the +default \s-1ENGINE\s0 for \s-1RSA\s0 operations is used, and if no default \s-1ENGINE\s0 is set, +the \s-1RSA_METHOD\s0 controlled by \fIRSA_set_default_method()\fR is used. +.PP +\&\fIRSA_flags()\fR returns the \fBflags\fR that are set for \fBrsa\fR's current method. +.PP +\&\fIRSA_new_method()\fR allocates and initializes an \fB\s-1RSA\s0\fR structure so that +\&\fBmethod\fR will be used for the \s-1RSA\s0 operations. If \fBmethod\fR is \fB\s-1NULL\s0\fR, +the default method is used. +.SH "THE RSA_METHOD STRUCTURE" +.IX Header "THE RSA_METHOD STRUCTURE" +.Vb 4 +\& typedef struct rsa_meth_st +\& { +\& /* name of the implementation */ +\& const char *name; +\& +\& /* encrypt */ +\& int (*rsa_pub_enc)(int flen, unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding); +\& +\& /* verify arbitrary data */ +\& int (*rsa_pub_dec)(int flen, unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding); +\& +\& /* sign arbitrary data */ +\& int (*rsa_priv_enc)(int flen, unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding); +\& +\& /* decrypt */ +\& int (*rsa_priv_dec)(int flen, unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding); +\& +\& /* compute r0 = r0 ^ I mod rsa\->n (May be NULL for some implementations) */ +\& int (*rsa_mod_exp)(BIGNUM *r0, BIGNUM *I, RSA *rsa); +\& +\& /* compute r = a ^ p mod m (May be NULL for some implementations) */ +\& int (*bn_mod_exp)(BIGNUM *r, BIGNUM *a, const BIGNUM *p, +\& const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +\& +\& /* called at RSA_new */ +\& int (*init)(RSA *rsa); +\& +\& /* called at RSA_free */ +\& int (*finish)(RSA *rsa); +\& +\& /* +\& * RSA_FLAG_EXT_PKEY \- rsa_mod_exp is called for private key +\& * operations, even if p,q,dmp1,dmq1,iqmp +\& * are NULL +\& * RSA_METHOD_FLAG_NO_CHECK \- don\*(Aqt check pub/private match +\& */ +\& int flags; +\& +\& char *app_data; /* ?? */ +\& +\& int (*rsa_sign)(int type, +\& const unsigned char *m, unsigned int m_length, +\& unsigned char *sigret, unsigned int *siglen, const RSA *rsa); +\& int (*rsa_verify)(int dtype, +\& const unsigned char *m, unsigned int m_length, +\& const unsigned char *sigbuf, unsigned int siglen, +\& const RSA *rsa); +\& /* keygen. If NULL built\-in RSA key generation will be used */ +\& int (*rsa_keygen)(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); +\& +\& } RSA_METHOD; +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIRSA_PKCS1_OpenSSL()\fR, \fIRSA_PKCS1_null_method()\fR, \fIRSA_get_default_method()\fR +and \fIRSA_get_method()\fR return pointers to the respective RSA_METHODs. +.PP +\&\fIRSA_set_default_method()\fR returns no value. +.PP +\&\fIRSA_set_method()\fR returns a pointer to the old \s-1RSA_METHOD\s0 implementation +that was replaced. However, this return value should probably be ignored +because if it was supplied by an \s-1ENGINE\s0, the pointer could be invalidated +at any time if the \s-1ENGINE\s0 is unloaded (in fact it could be unloaded as a +result of the \fIRSA_set_method()\fR function releasing its handle to the +\&\s-1ENGINE\s0). For this reason, the return type may be replaced with a \fBvoid\fR +declaration in a future release. +.PP +\&\fIRSA_new_method()\fR returns \s-1NULL\s0 and sets an error code that can be obtained +by \fIERR_get_error\fR\|(3) if the allocation fails. Otherwise +it returns a pointer to the newly allocated structure. +.SH "BUGS" +.IX Header "BUGS" +The behaviour of \fIRSA_flags()\fR is a mis-feature that is left as-is for now +to avoid creating compatibility problems. \s-1RSA\s0 functionality, such as the +encryption functions, are controlled by the \fBflags\fR value in the \s-1RSA\s0 key +itself, not by the \fBflags\fR value in the \s-1RSA_METHOD\s0 attached to the \s-1RSA\s0 key +(which is what this function returns). If the flags element of an \s-1RSA\s0 key +is changed, the changes will be honoured by \s-1RSA\s0 functionality but will not +be reflected in the return value of the \fIRSA_flags()\fR function \- in effect +\&\fIRSA_flags()\fR behaves more like an \fIRSA_default_flags()\fR function (which does +not currently exist). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIRSA_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. +.PP +The \fIRSA_null_method()\fR, which was a partial attempt to avoid patent issues, +was replaced to always return \s-1NULL\s0 in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/RSA_sign.3 b/linux_amd64/ssl/share/man/man3/RSA_sign.3 new file mode 100755 index 0000000..4189773 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/RSA_sign.3 @@ -0,0 +1,200 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_SIGN 3" +.TH RSA_SIGN 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_sign, RSA_verify \- RSA signatures +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 2 +\& int RSA_sign(int type, const unsigned char *m, unsigned int m_len, +\& unsigned char *sigret, unsigned int *siglen, RSA *rsa); +\& +\& int RSA_verify(int type, const unsigned char *m, unsigned int m_len, +\& unsigned char *sigbuf, unsigned int siglen, RSA *rsa); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. +Applications should instead use \fIEVP_PKEY_sign_init\fR\|(3), \fIEVP_PKEY_sign\fR\|(3), +\&\fIEVP_PKEY_verify_init\fR\|(3) and \fIEVP_PKEY_verify\fR\|(3). +.PP +\&\fIRSA_sign()\fR signs the message digest \fBm\fR of size \fBm_len\fR using the +private key \fBrsa\fR using RSASSA\-PKCS1\-v1_5 as specified in \s-1RFC\s0 3447. It +stores the signature in \fBsigret\fR and the signature size in \fBsiglen\fR. +\&\fBsigret\fR must point to RSA_size(\fBrsa\fR) bytes of memory. +Note that \s-1PKCS\s0 #1 adds meta-data, placing limits on the size of the +key that can be used. +See \fIRSA_private_encrypt\fR\|(3) for lower-level +operations. +.PP +\&\fBtype\fR denotes the message digest algorithm that was used to generate +\&\fBm\fR. +If \fBtype\fR is \fBNID_md5_sha1\fR, +an \s-1SSL\s0 signature (\s-1MD5\s0 and \s-1SHA1\s0 message digests with \s-1PKCS\s0 #1 padding +and no algorithm identifier) is created. +.PP +\&\fIRSA_verify()\fR verifies that the signature \fBsigbuf\fR of size \fBsiglen\fR +matches a given message digest \fBm\fR of size \fBm_len\fR. \fBtype\fR denotes +the message digest algorithm that was used to generate the signature. +\&\fBrsa\fR is the signer's public key. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIRSA_sign()\fR returns 1 on success. +\&\fIRSA_verify()\fR returns 1 on successful verification. +.PP +The error codes can be obtained by \fIERR_get_error\fR\|(3). +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1SSL\s0, \s-1PKCS\s0 #1 v2.0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), +\&\fIRSA_private_encrypt\fR\|(3), +\&\fIRSA_public_decrypt\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/RSA_sign_ASN1_OCTET_STRING.3 b/linux_amd64/ssl/share/man/man3/RSA_sign_ASN1_OCTET_STRING.3 new file mode 100755 index 0000000..7a18990 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/RSA_sign_ASN1_OCTET_STRING.3 @@ -0,0 +1,201 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_SIGN_ASN1_OCTET_STRING 3" +.TH RSA_SIGN_ASN1_OCTET_STRING 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_sign_ASN1_OCTET_STRING, RSA_verify_ASN1_OCTET_STRING \- RSA signatures +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 3 +\& int RSA_sign_ASN1_OCTET_STRING(int dummy, unsigned char *m, +\& unsigned int m_len, unsigned char *sigret, +\& unsigned int *siglen, RSA *rsa); +\& +\& int RSA_verify_ASN1_OCTET_STRING(int dummy, unsigned char *m, +\& unsigned int m_len, unsigned char *sigbuf, +\& unsigned int siglen, RSA *rsa); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. +Applications should instead use \s-1EVP\s0 \s-1PKEY\s0 APIs. +.PP +\&\fIRSA_sign_ASN1_OCTET_STRING()\fR signs the octet string \fBm\fR of size +\&\fBm_len\fR using the private key \fBrsa\fR represented in \s-1DER\s0 using \s-1PKCS\s0 #1 +padding. It stores the signature in \fBsigret\fR and the signature size +in \fBsiglen\fR. \fBsigret\fR must point to \fBRSA_size(rsa)\fR bytes of +memory. +.PP +\&\fBdummy\fR is ignored. +.PP +The random number generator must be seeded when calling +\&\fIRSA_sign_ASN1_OCTET_STRING()\fR. +If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to +external circumstances (see \s-1\fIRAND\s0\fR\|(7)), the operation will fail. +.PP +\&\fIRSA_verify_ASN1_OCTET_STRING()\fR verifies that the signature \fBsigbuf\fR +of size \fBsiglen\fR is the \s-1DER\s0 representation of a given octet string +\&\fBm\fR of size \fBm_len\fR. \fBdummy\fR is ignored. \fBrsa\fR is the signer's +public key. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIRSA_sign_ASN1_OCTET_STRING()\fR returns 1 on success, 0 otherwise. +\&\fIRSA_verify_ASN1_OCTET_STRING()\fR returns 1 on successful verification, 0 +otherwise. +.PP +The error codes can be obtained by \fIERR_get_error\fR\|(3). +.SH "BUGS" +.IX Header "BUGS" +These functions serve no recognizable purpose. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), +\&\fIRAND_bytes\fR\|(3), \fIRSA_sign\fR\|(3), +\&\fIRSA_verify\fR\|(3), +\&\s-1\fIRAND\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/RSA_size.3 b/linux_amd64/ssl/share/man/man3/RSA_size.3 new file mode 100755 index 0000000..b3e61f0 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/RSA_size.3 @@ -0,0 +1,189 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_SIZE 3" +.TH RSA_SIZE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_size, RSA_bits, RSA_security_bits \- get RSA modulus size or security bits +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& int RSA_size(const RSA *rsa); +\& +\& int RSA_bits(const RSA *rsa); +\& +\& int RSA_security_bits(const RSA *rsa) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. +Applications should instead use \fIEVP_PKEY_size\fR\|(3), \fIEVP_PKEY_bits\fR\|(3) +and \fIEVP_PKEY_security_bits\fR\|(3). +.PP +\&\fIRSA_size()\fR returns the \s-1RSA\s0 modulus size in bytes. It can be used to +determine how much memory must be allocated for an \s-1RSA\s0 encrypted +value. +.PP +\&\fIRSA_bits()\fR returns the number of significant bits. +.PP +\&\fBrsa\fR and \fBrsa\->n\fR must not be \fB\s-1NULL\s0\fR. +.PP +\&\fIRSA_security_bits()\fR returns the number of security bits of the given \fBrsa\fR +key. See \fIBN_security_bits\fR\|(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIRSA_size()\fR returns the size of modulus in bytes. +.PP +\&\fIDSA_bits()\fR returns the number of bits in the key. +.PP +\&\fIRSA_security_bits()\fR returns the number of security bits. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIBN_num_bits\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. +.PP +The \fIRSA_bits()\fR function was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SCT_new.3 b/linux_amd64/ssl/share/man/man3/SCT_new.3 new file mode 100755 index 0000000..9c32215 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SCT_new.3 @@ -0,0 +1,307 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SCT_NEW 3" +.TH SCT_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SCT_new, SCT_new_from_base64, SCT_free, SCT_LIST_free, +SCT_get_version, SCT_set_version, +SCT_get_log_entry_type, SCT_set_log_entry_type, +SCT_get0_log_id, SCT_set0_log_id, SCT_set1_log_id, +SCT_get_timestamp, SCT_set_timestamp, +SCT_get_signature_nid, SCT_set_signature_nid, +SCT_get0_signature, SCT_set0_signature, SCT_set1_signature, +SCT_get0_extensions, SCT_set0_extensions, SCT_set1_extensions, +SCT_get_source, SCT_set_source +\&\- A Certificate Transparency Signed Certificate Timestamp +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef enum { +\& CT_LOG_ENTRY_TYPE_NOT_SET = \-1, +\& CT_LOG_ENTRY_TYPE_X509 = 0, +\& CT_LOG_ENTRY_TYPE_PRECERT = 1 +\& } ct_log_entry_type_t; +\& +\& typedef enum { +\& SCT_VERSION_NOT_SET = \-1, +\& SCT_VERSION_V1 = 0 +\& } sct_version_t; +\& +\& typedef enum { +\& SCT_SOURCE_UNKNOWN, +\& SCT_SOURCE_TLS_EXTENSION, +\& SCT_SOURCE_X509V3_EXTENSION, +\& SCT_SOURCE_OCSP_STAPLED_RESPONSE +\& } sct_source_t; +\& +\& SCT *SCT_new(void); +\& SCT *SCT_new_from_base64(unsigned char version, +\& const char *logid_base64, +\& ct_log_entry_type_t entry_type, +\& uint64_t timestamp, +\& const char *extensions_base64, +\& const char *signature_base64); +\& +\& void SCT_free(SCT *sct); +\& void SCT_LIST_free(STACK_OF(SCT) *a); +\& +\& sct_version_t SCT_get_version(const SCT *sct); +\& int SCT_set_version(SCT *sct, sct_version_t version); +\& +\& ct_log_entry_type_t SCT_get_log_entry_type(const SCT *sct); +\& int SCT_set_log_entry_type(SCT *sct, ct_log_entry_type_t entry_type); +\& +\& size_t SCT_get0_log_id(const SCT *sct, unsigned char **log_id); +\& int SCT_set0_log_id(SCT *sct, unsigned char *log_id, size_t log_id_len); +\& int SCT_set1_log_id(SCT *sct, const unsigned char *log_id, size_t log_id_len); +\& +\& uint64_t SCT_get_timestamp(const SCT *sct); +\& void SCT_set_timestamp(SCT *sct, uint64_t timestamp); +\& +\& int SCT_get_signature_nid(const SCT *sct); +\& int SCT_set_signature_nid(SCT *sct, int nid); +\& +\& size_t SCT_get0_signature(const SCT *sct, unsigned char **sig); +\& void SCT_set0_signature(SCT *sct, unsigned char *sig, size_t sig_len); +\& int SCT_set1_signature(SCT *sct, const unsigned char *sig, size_t sig_len); +\& +\& size_t SCT_get0_extensions(const SCT *sct, unsigned char **ext); +\& void SCT_set0_extensions(SCT *sct, unsigned char *ext, size_t ext_len); +\& int SCT_set1_extensions(SCT *sct, const unsigned char *ext, size_t ext_len); +\& +\& sct_source_t SCT_get_source(const SCT *sct); +\& int SCT_set_source(SCT *sct, sct_source_t source); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Signed Certificate Timestamps (SCTs) are defined by \s-1RFC\s0 6962, Section 3.2. +They constitute a promise by a Certificate Transparency (\s-1CT\s0) log to publicly +record a certificate. By cryptographically verifying that a log did indeed issue +an \s-1SCT\s0, some confidence can be gained that the certificate is publicly known. +.PP +An internal representation of an \s-1SCT\s0 can be created in one of two ways. +The first option is to create a blank \s-1SCT\s0, using \fISCT_new()\fR, and then populate +it using: +.IP "\(bu" 2 +\&\fISCT_set_version()\fR to set the \s-1SCT\s0 version. +.Sp +Only \s-1SCT_VERSION_V1\s0 is currently supported. +.IP "\(bu" 2 +\&\fISCT_set_log_entry_type()\fR to set the type of certificate the \s-1SCT\s0 was issued for: +.Sp +\&\fB\s-1CT_LOG_ENTRY_TYPE_X509\s0\fR for a normal certificate. +\&\fB\s-1CT_LOG_ENTRY_TYPE_PRECERT\s0\fR for a pre-certificate. +.IP "\(bu" 2 +\&\fISCT_set0_log_id()\fR or \fISCT_set1_log_id()\fR to set the LogID of the \s-1CT\s0 log that the \s-1SCT\s0 came from. +.Sp +The former takes ownership, whereas the latter makes a copy. +See \s-1RFC\s0 6962, Section 3.2 for the definition of LogID. +.IP "\(bu" 2 +\&\fISCT_set_timestamp()\fR to set the time the \s-1SCT\s0 was issued (time in milliseconds +since the Unix Epoch). +.IP "\(bu" 2 +\&\fISCT_set_signature_nid()\fR to set the \s-1NID\s0 of the signature. +.IP "\(bu" 2 +\&\fISCT_set0_signature()\fR or \fISCT_set1_signature()\fR to set the raw signature value. +.Sp +The former takes ownership, whereas the latter makes a copy. +.IP "\(bu" 2 +\&\fISCT_set0_extensions()\fR or \fBSCT_set1_extensions\fR to provide \s-1SCT\s0 extensions. +.Sp +The former takes ownership, whereas the latter makes a copy. +.PP +Alternatively, the \s-1SCT\s0 can be pre-populated from the following data using +\&\fISCT_new_from_base64()\fR: +.IP "\(bu" 2 +The \s-1SCT\s0 version (only \s-1SCT_VERSION_V1\s0 is currently supported). +.IP "\(bu" 2 +The LogID (see \s-1RFC\s0 6962, Section 3.2), base64 encoded. +.IP "\(bu" 2 +The type of certificate the \s-1SCT\s0 was issued for: +\&\fB\s-1CT_LOG_ENTRY_TYPE_X509\s0\fR for a normal certificate. +\&\fB\s-1CT_LOG_ENTRY_TYPE_PRECERT\s0\fR for a pre-certificate. +.IP "\(bu" 2 +The time that the \s-1SCT\s0 was issued (time in milliseconds since the Unix Epoch). +.IP "\(bu" 2 +The \s-1SCT\s0 extensions, base64 encoded. +.IP "\(bu" 2 +The \s-1SCT\s0 signature, base64 encoded. +.PP +\&\fISCT_set_source()\fR can be used to record where the \s-1SCT\s0 was found +(\s-1TLS\s0 extension, X.509 certificate extension or \s-1OCSP\s0 response). This is not +required for verifying the \s-1SCT\s0. +.SH "NOTES" +.IX Header "NOTES" +Some of the setters return int, instead of void. These will all return 1 on +success, 0 on failure. They will not make changes on failure. +.PP +All of the setters will reset the validation status of the \s-1SCT\s0 to +\&\s-1SCT_VALIDATION_STATUS_NOT_SET\s0 (see \fISCT_validate\fR\|(3)). +.PP +\&\fISCT_set_source()\fR will call \fISCT_set_log_entry_type()\fR if the type of +certificate the \s-1SCT\s0 was issued for can be inferred from where the \s-1SCT\s0 was found. +For example, an \s-1SCT\s0 found in an X.509 extension must have been issued for a pre\- +certificate. +.PP +\&\fISCT_set_source()\fR will not refuse unknown values. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISCT_set_version()\fR returns 1 if the specified version is supported, 0 otherwise. +.PP +\&\fISCT_set_log_entry_type()\fR returns 1 if the specified log entry type is supported, 0 otherwise. +.PP +\&\fISCT_set0_log_id()\fR and \fBSCT_set1_log_id\fR return 1 if the specified LogID is a +valid \s-1SHA\-256\s0 hash, 0 otherwise. Additionally, \fBSCT_set1_log_id\fR returns 0 if +malloc fails. +.PP +\&\fBSCT_set_signature_nid\fR returns 1 if the specified \s-1NID\s0 is supported, 0 otherwise. +.PP +\&\fBSCT_set1_extensions\fR and \fBSCT_set1_signature\fR return 1 if the supplied buffer +is copied successfully, 0 otherwise (i.e. if malloc fails). +.PP +\&\fBSCT_set_source\fR returns 1 on success, 0 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIct\fR\|(7), +\&\fISCT_validate\fR\|(3), +\&\fIOBJ_nid2obj\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SCT_print.3 b/linux_amd64/ssl/share/man/man3/SCT_print.3 new file mode 100755 index 0000000..5e60980 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SCT_print.3 @@ -0,0 +1,179 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SCT_PRINT 3" +.TH SCT_PRINT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SCT_print, SCT_LIST_print, SCT_validation_status_string \- +Prints Signed Certificate Timestamps in a human\-readable way +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SCT_print(const SCT *sct, BIO *out, int indent, const CTLOG_STORE *logs); +\& void SCT_LIST_print(const STACK_OF(SCT) *sct_list, BIO *out, int indent, +\& const char *separator, const CTLOG_STORE *logs); +\& const char *SCT_validation_status_string(const SCT *sct); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISCT_print()\fR prints a single Signed Certificate Timestamp (\s-1SCT\s0) to a \fB\s-1BIO\s0\fR in +a human-readable format. \fISCT_LIST_print()\fR prints an entire list of SCTs in a +similar way. A separator can be specified to delimit each \s-1SCT\s0 in the output. +.PP +The output can be indented by a specified number of spaces. If a \fB\s-1CTLOG_STORE\s0\fR +is provided, it will be used to print the description of the \s-1CT\s0 log that issued +each \s-1SCT\s0 (if that log is in the \s-1CTLOG_STORE\s0). Alternatively, \s-1NULL\s0 can be passed +as the \s-1CTLOG_STORE\s0 parameter to disable this feature. +.PP +\&\fISCT_validation_status_string()\fR will return the validation status of an \s-1SCT\s0 as +a human-readable string. Call \fISCT_validate()\fR or \fISCT_LIST_validate()\fR +beforehand in order to set the validation status of an \s-1SCT\s0 first. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISCT_validation_status_string()\fR returns a null-terminated string representing +the validation status of an \fB\s-1SCT\s0\fR object. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIct\fR\|(7), +\&\fIbio\fR\|(7), +\&\fICTLOG_STORE_new\fR\|(3), +\&\fISCT_validate\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SCT_validate.3 b/linux_amd64/ssl/share/man/man3/SCT_validate.3 new file mode 100755 index 0000000..fed00d6 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SCT_validate.3 @@ -0,0 +1,215 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SCT_VALIDATE 3" +.TH SCT_VALIDATE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SCT_validate, SCT_LIST_validate, SCT_get_validation_status \- +checks Signed Certificate Timestamps (SCTs) are valid +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef enum { +\& SCT_VALIDATION_STATUS_NOT_SET, +\& SCT_VALIDATION_STATUS_UNKNOWN_LOG, +\& SCT_VALIDATION_STATUS_VALID, +\& SCT_VALIDATION_STATUS_INVALID, +\& SCT_VALIDATION_STATUS_UNVERIFIED, +\& SCT_VALIDATION_STATUS_UNKNOWN_VERSION +\& } sct_validation_status_t; +\& +\& int SCT_validate(SCT *sct, const CT_POLICY_EVAL_CTX *ctx); +\& int SCT_LIST_validate(const STACK_OF(SCT) *scts, CT_POLICY_EVAL_CTX *ctx); +\& sct_validation_status_t SCT_get_validation_status(const SCT *sct); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISCT_validate()\fR will check that an \s-1SCT\s0 is valid and verify its signature. +\&\fISCT_LIST_validate()\fR performs the same checks on an entire stack of SCTs. +The result of the validation checks can be obtained by passing the \s-1SCT\s0 to +\&\fISCT_get_validation_status()\fR. +.PP +A \s-1CT_POLICY_EVAL_CTX\s0 must be provided that specifies: +.IP "\(bu" 2 +The certificate the \s-1SCT\s0 was issued for. +.Sp +Failure to provide the certificate will result in the validation status being +\&\s-1SCT_VALIDATION_STATUS_UNVERIFIED\s0. +.IP "\(bu" 2 +The issuer of that certificate. +.Sp +This is only required if the \s-1SCT\s0 was issued for a pre-certificate +(see \s-1RFC\s0 6962). If it is required but not provided, the validation status will +be \s-1SCT_VALIDATION_STATUS_UNVERIFIED\s0. +.IP "\(bu" 2 +A \s-1CTLOG_STORE\s0 that contains the \s-1CT\s0 log that issued this \s-1SCT\s0. +.Sp +If the \s-1SCT\s0 was issued by a log that is not in this \s-1CTLOG_STORE\s0, the validation +status will be \s-1SCT_VALIDATION_STATUS_UNKNOWN_LOG\s0. +.PP +If the \s-1SCT\s0 is of an unsupported version (only v1 is currently supported), the +validation status will be \s-1SCT_VALIDATION_STATUS_UNKNOWN_VERSION\s0. +.PP +If the \s-1SCT\s0's signature is incorrect, its timestamp is in the future (relative to +the time in \s-1CT_POLICY_EVAL_CTX\s0), or if it is otherwise invalid, the validation +status will be \s-1SCT_VALIDATION_STATUS_INVALID\s0. +.PP +If all checks pass, the validation status will be \s-1SCT_VALIDATION_STATUS_VALID\s0. +.SH "NOTES" +.IX Header "NOTES" +A return value of 0 from \fISCT_LIST_validate()\fR should not be interpreted as a +failure. At a minimum, only one valid \s-1SCT\s0 may provide sufficient confidence +that a certificate has been publicly logged. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISCT_validate()\fR returns a negative integer if an internal error occurs, 0 if the +\&\s-1SCT\s0 fails validation, or 1 if the \s-1SCT\s0 passes validation. +.PP +\&\fISCT_LIST_validate()\fR returns a negative integer if an internal error occurs, 0 +if any of SCTs fails validation, or 1 if they all pass validation. +.PP +\&\fISCT_get_validation_status()\fR returns the validation status of the \s-1SCT\s0. +If \fISCT_validate()\fR or \fISCT_LIST_validate()\fR have not been passed that \s-1SCT\s0, the +returned value will be \s-1SCT_VALIDATION_STATUS_NOT_SET\s0. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIct\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SHA256_Init.3 b/linux_amd64/ssl/share/man/man3/SHA256_Init.3 new file mode 100755 index 0000000..2ad0ca6 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SHA256_Init.3 @@ -0,0 +1,239 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SHA256_INIT 3" +.TH SHA256_INIT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SHA1, SHA1_Init, SHA1_Update, SHA1_Final, SHA224, SHA224_Init, SHA224_Update, +SHA224_Final, SHA256, SHA256_Init, SHA256_Update, SHA256_Final, SHA384, +SHA384_Init, SHA384_Update, SHA384_Final, SHA512, SHA512_Init, SHA512_Update, +SHA512_Final \- Secure Hash Algorithm +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 5 +\& int SHA1_Init(SHA_CTX *c); +\& int SHA1_Update(SHA_CTX *c, const void *data, size_t len); +\& int SHA1_Final(unsigned char *md, SHA_CTX *c); +\& unsigned char *SHA1(const unsigned char *d, size_t n, +\& unsigned char *md); +\& +\& int SHA224_Init(SHA256_CTX *c); +\& int SHA224_Update(SHA256_CTX *c, const void *data, size_t len); +\& int SHA224_Final(unsigned char *md, SHA256_CTX *c); +\& unsigned char *SHA224(const unsigned char *d, size_t n, +\& unsigned char *md); +\& +\& int SHA256_Init(SHA256_CTX *c); +\& int SHA256_Update(SHA256_CTX *c, const void *data, size_t len); +\& int SHA256_Final(unsigned char *md, SHA256_CTX *c); +\& unsigned char *SHA256(const unsigned char *d, size_t n, +\& unsigned char *md); +\& +\& int SHA384_Init(SHA512_CTX *c); +\& int SHA384_Update(SHA512_CTX *c, const void *data, size_t len); +\& int SHA384_Final(unsigned char *md, SHA512_CTX *c); +\& unsigned char *SHA384(const unsigned char *d, size_t n, +\& unsigned char *md); +\& +\& int SHA512_Init(SHA512_CTX *c); +\& int SHA512_Update(SHA512_CTX *c, const void *data, size_t len); +\& int SHA512_Final(unsigned char *md, SHA512_CTX *c); +\& unsigned char *SHA512(const unsigned char *d, size_t n, +\& unsigned char *md); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +All of the functions described on this page are deprecated. +Applications should instead use \fIEVP_DigestInit_ex\fR\|(3), \fIEVP_DigestUpdate\fR\|(3) +and \fIEVP_DigestFinal_ex\fR\|(3). +.PP +\&\s-1SHA\-1\s0 (Secure Hash Algorithm) is a cryptographic hash function with a +160 bit output. +.PP +\&\s-1\fISHA1\s0()\fR computes the \s-1SHA\-1\s0 message digest of the \fBn\fR +bytes at \fBd\fR and places it in \fBmd\fR (which must have space for +\&\s-1SHA_DIGEST_LENGTH\s0 == 20 bytes of output). If \fBmd\fR is \s-1NULL\s0, the digest +is placed in a static array. Note: setting \fBmd\fR to \s-1NULL\s0 is \fBnot thread safe\fR. +.PP +The following functions may be used if the message is not completely +stored in memory: +.PP +\&\fISHA1_Init()\fR initializes a \fB\s-1SHA_CTX\s0\fR structure. +.PP +\&\fISHA1_Update()\fR can be called repeatedly with chunks of the message to +be hashed (\fBlen\fR bytes at \fBdata\fR). +.PP +\&\fISHA1_Final()\fR places the message digest in \fBmd\fR, which must have space +for \s-1SHA_DIGEST_LENGTH\s0 == 20 bytes of output, and erases the \fB\s-1SHA_CTX\s0\fR. +.PP +The \s-1SHA224\s0, \s-1SHA256\s0, \s-1SHA384\s0 and \s-1SHA512\s0 families of functions operate in the +same way as for the \s-1SHA1\s0 functions. Note that \s-1SHA224\s0 and \s-1SHA256\s0 use a +\&\fB\s-1SHA256_CTX\s0\fR object instead of \fB\s-1SHA_CTX\s0\fR. \s-1SHA384\s0 and \s-1SHA512\s0 use \fB\s-1SHA512_CTX\s0\fR. +The buffer \fBmd\fR must have space for the output from the \s-1SHA\s0 variant being used +(defined by \s-1SHA224_DIGEST_LENGTH\s0, \s-1SHA256_DIGEST_LENGTH\s0, \s-1SHA384_DIGEST_LENGTH\s0 and +\&\s-1SHA512_DIGEST_LENGTH\s0). Also note that, as for the \s-1\fISHA1\s0()\fR function above, the +\&\s-1\fISHA224\s0()\fR, \s-1\fISHA256\s0()\fR, \s-1\fISHA384\s0()\fR and \s-1\fISHA512\s0()\fR functions are not thread safe if +\&\fBmd\fR is \s-1NULL\s0. +.PP +The predecessor of \s-1SHA\-1\s0, \s-1SHA\s0, is also implemented, but it should be +used only when backward compatibility is required. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\s-1\fISHA1\s0()\fR, \s-1\fISHA224\s0()\fR, \s-1\fISHA256\s0()\fR, \s-1\fISHA384\s0()\fR and \s-1\fISHA512\s0()\fR return a pointer to the hash +value. +.PP +\&\fISHA1_Init()\fR, \fISHA1_Update()\fR and \fISHA1_Final()\fR and equivalent \s-1SHA224\s0, \s-1SHA256\s0, +\&\s-1SHA384\s0 and \s-1SHA512\s0 functions return 1 for success, 0 otherwise. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1US\s0 Federal Information Processing Standard \s-1FIPS\s0 \s-1PUB\s0 180\-4 (Secure Hash +Standard), +\&\s-1ANSI\s0 X9.30 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_DigestInit\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +All of these functions were deprecated in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SMIME_read_CMS.3 b/linux_amd64/ssl/share/man/man3/SMIME_read_CMS.3 new file mode 100755 index 0000000..3a990ce --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SMIME_read_CMS.3 @@ -0,0 +1,198 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SMIME_READ_CMS 3" +.TH SMIME_READ_CMS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SMIME_read_CMS \- parse S/MIME message +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& CMS_ContentInfo *SMIME_read_CMS(BIO *in, BIO **bcont); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISMIME_read_CMS()\fR parses a message in S/MIME format. +.PP +\&\fBin\fR is a \s-1BIO\s0 to read the message from. +.PP +If cleartext signing is used then the content is saved in a memory bio which is +written to \fB*bcont\fR, otherwise \fB*bcont\fR is set to \s-1NULL\s0. +.PP +The parsed CMS_ContentInfo structure is returned or \s-1NULL\s0 if an +error occurred. +.SH "NOTES" +.IX Header "NOTES" +If \fB*bcont\fR is not \s-1NULL\s0 then the message is clear text signed. \fB*bcont\fR can +then be passed to \fICMS_verify()\fR with the \fB\s-1CMS_DETACHED\s0\fR flag set. +.PP +Otherwise the type of the returned structure can be determined +using \fICMS_get0_type()\fR. +.PP +To support future functionality if \fBbcont\fR is not \s-1NULL\s0 \fB*bcont\fR should be +initialized to \s-1NULL\s0. For example: +.PP +.Vb 2 +\& BIO *cont = NULL; +\& CMS_ContentInfo *cms; +\& +\& cms = SMIME_read_CMS(in, &cont); +.Ve +.SH "BUGS" +.IX Header "BUGS" +The \s-1MIME\s0 parser used by \fISMIME_read_CMS()\fR is somewhat primitive. While it will +handle most S/MIME messages more complex compound formats may not work. +.PP +The parser assumes that the CMS_ContentInfo structure is always base64 encoded +and will not handle the case where it is in binary format or uses quoted +printable format. +.PP +The use of a memory \s-1BIO\s0 to hold the signed content limits the size of message +which can be processed due to memory restraints: a streaming single pass option +should be available. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISMIME_read_CMS()\fR returns a valid \fBCMS_ContentInfo\fR structure or \fB\s-1NULL\s0\fR +if an error occurred. The error can be obtained from \fIERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), +\&\fISMIME_read_CMS\fR\|(3), \fICMS_sign\fR\|(3), +\&\fICMS_verify\fR\|(3), \fICMS_encrypt\fR\|(3), +\&\fICMS_decrypt\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SMIME_read_PKCS7.3 b/linux_amd64/ssl/share/man/man3/SMIME_read_PKCS7.3 new file mode 100755 index 0000000..f6b72ad --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SMIME_read_PKCS7.3 @@ -0,0 +1,201 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SMIME_READ_PKCS7 3" +.TH SMIME_READ_PKCS7 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SMIME_read_PKCS7 \- parse S/MIME message +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& PKCS7 *SMIME_read_PKCS7(BIO *in, BIO **bcont); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISMIME_read_PKCS7()\fR parses a message in S/MIME format. +.PP +\&\fBin\fR is a \s-1BIO\s0 to read the message from. +.PP +If cleartext signing is used then the content is saved in +a memory bio which is written to \fB*bcont\fR, otherwise +\&\fB*bcont\fR is set to \fB\s-1NULL\s0\fR. +.PP +The parsed PKCS#7 structure is returned or \fB\s-1NULL\s0\fR if an +error occurred. +.SH "NOTES" +.IX Header "NOTES" +If \fB*bcont\fR is not \fB\s-1NULL\s0\fR then the message is clear text +signed. \fB*bcont\fR can then be passed to \fIPKCS7_verify()\fR with +the \fB\s-1PKCS7_DETACHED\s0\fR flag set. +.PP +Otherwise the type of the returned structure can be determined +using \fIPKCS7_type_is_enveloped()\fR, etc. +.PP +To support future functionality if \fBbcont\fR is not \fB\s-1NULL\s0\fR +\&\fB*bcont\fR should be initialized to \fB\s-1NULL\s0\fR. For example: +.PP +.Vb 2 +\& BIO *cont = NULL; +\& PKCS7 *p7; +\& +\& p7 = SMIME_read_PKCS7(in, &cont); +.Ve +.SH "BUGS" +.IX Header "BUGS" +The \s-1MIME\s0 parser used by \fISMIME_read_PKCS7()\fR is somewhat primitive. +While it will handle most S/MIME messages more complex compound +formats may not work. +.PP +The parser assumes that the \s-1PKCS7\s0 structure is always base64 +encoded and will not handle the case where it is in binary format +or uses quoted printable format. +.PP +The use of a memory \s-1BIO\s0 to hold the signed content limits the size +of message which can be processed due to memory restraints: a +streaming single pass option should be available. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISMIME_read_PKCS7()\fR returns a valid \fB\s-1PKCS7\s0\fR structure or \fB\s-1NULL\s0\fR +if an error occurred. The error can be obtained from \fIERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), +\&\fISMIME_read_PKCS7\fR\|(3), \fIPKCS7_sign\fR\|(3), +\&\fIPKCS7_verify\fR\|(3), \fIPKCS7_encrypt\fR\|(3) +\&\fIPKCS7_decrypt\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SMIME_write_CMS.3 b/linux_amd64/ssl/share/man/man3/SMIME_write_CMS.3 new file mode 100755 index 0000000..629878a --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SMIME_write_CMS.3 @@ -0,0 +1,190 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SMIME_WRITE_CMS 3" +.TH SMIME_WRITE_CMS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SMIME_write_CMS \- convert CMS structure to S/MIME format +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SMIME_write_CMS(BIO *out, CMS_ContentInfo *cms, BIO *data, int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISMIME_write_CMS()\fR adds the appropriate \s-1MIME\s0 headers to a \s-1CMS\s0 +structure to produce an S/MIME message. +.PP +\&\fBout\fR is the \s-1BIO\s0 to write the data to. \fBcms\fR is the appropriate +\&\fBCMS_ContentInfo\fR structure. If streaming is enabled then the content must be +supplied in the \fBdata\fR argument. \fBflags\fR is an optional set of flags. +.SH "NOTES" +.IX Header "NOTES" +The following flags can be passed in the \fBflags\fR parameter. +.PP +If \fB\s-1CMS_DETACHED\s0\fR is set then cleartext signing will be used, this option only +makes sense for SignedData where \fB\s-1CMS_DETACHED\s0\fR is also set when \fICMS_sign()\fR is +called. +.PP +If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are added to +the content, this only makes sense if \fB\s-1CMS_DETACHED\s0\fR is also set. +.PP +If the \fB\s-1CMS_STREAM\s0\fR flag is set streaming is performed. This flag should only +be set if \fB\s-1CMS_STREAM\s0\fR was also set in the previous call to a CMS_ContentInfo +creation function. +.PP +If cleartext signing is being used and \fB\s-1CMS_STREAM\s0\fR not set then the data must +be read twice: once to compute the signature in \fICMS_sign()\fR and once to output +the S/MIME message. +.PP +If streaming is performed the content is output in \s-1BER\s0 format using indefinite +length constructed encoding except in the case of signed data with detached +content where the content is absent and \s-1DER\s0 format is used. +.SH "BUGS" +.IX Header "BUGS" +\&\fISMIME_write_CMS()\fR always base64 encodes \s-1CMS\s0 structures, there should be an +option to disable this. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISMIME_write_CMS()\fR returns 1 for success or 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3), +\&\fICMS_verify\fR\|(3), \fICMS_encrypt\fR\|(3) +\&\fICMS_decrypt\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SMIME_write_PKCS7.3 b/linux_amd64/ssl/share/man/man3/SMIME_write_PKCS7.3 new file mode 100755 index 0000000..554d2ef --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SMIME_write_PKCS7.3 @@ -0,0 +1,191 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SMIME_WRITE_PKCS7 3" +.TH SMIME_WRITE_PKCS7 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SMIME_write_PKCS7 \- convert PKCS#7 structure to S/MIME format +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SMIME_write_PKCS7(BIO *out, PKCS7 *p7, BIO *data, int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISMIME_write_PKCS7()\fR adds the appropriate \s-1MIME\s0 headers to a PKCS#7 +structure to produce an S/MIME message. +.PP +\&\fBout\fR is the \s-1BIO\s0 to write the data to. \fBp7\fR is the appropriate \fB\s-1PKCS7\s0\fR +structure. If streaming is enabled then the content must be supplied in the +\&\fBdata\fR argument. \fBflags\fR is an optional set of flags. +.SH "NOTES" +.IX Header "NOTES" +The following flags can be passed in the \fBflags\fR parameter. +.PP +If \fB\s-1PKCS7_DETACHED\s0\fR is set then cleartext signing will be used, +this option only makes sense for signedData where \fB\s-1PKCS7_DETACHED\s0\fR +is also set when \fIPKCS7_sign()\fR is also called. +.PP +If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR +are added to the content, this only makes sense if \fB\s-1PKCS7_DETACHED\s0\fR +is also set. +.PP +If the \fB\s-1PKCS7_STREAM\s0\fR flag is set streaming is performed. This flag should +only be set if \fB\s-1PKCS7_STREAM\s0\fR was also set in the previous call to +\&\fIPKCS7_sign()\fR or \fIPKCS7_encrypt()\fR. +.PP +If cleartext signing is being used and \fB\s-1PKCS7_STREAM\s0\fR not set then +the data must be read twice: once to compute the signature in \fIPKCS7_sign()\fR +and once to output the S/MIME message. +.PP +If streaming is performed the content is output in \s-1BER\s0 format using indefinite +length constructed encoding except in the case of signed data with detached +content where the content is absent and \s-1DER\s0 format is used. +.SH "BUGS" +.IX Header "BUGS" +\&\fISMIME_write_PKCS7()\fR always base64 encodes PKCS#7 structures, there +should be an option to disable this. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISMIME_write_PKCS7()\fR returns 1 for success or 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fIPKCS7_sign\fR\|(3), +\&\fIPKCS7_verify\fR\|(3), \fIPKCS7_encrypt\fR\|(3) +\&\fIPKCS7_decrypt\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SRP_VBASE_new.3 b/linux_amd64/ssl/share/man/man3/SRP_VBASE_new.3 new file mode 100755 index 0000000..9cd57e8 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SRP_VBASE_new.3 @@ -0,0 +1,221 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SRP_VBASE_NEW 3" +.TH SRP_VBASE_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SRP_VBASE_new, +SRP_VBASE_free, +SRP_VBASE_init, +SRP_VBASE_add0_user, +SRP_VBASE_get1_by_user, +SRP_VBASE_get_by_user +\&\- Functions to create and manage a stack of SRP user verifier information +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& SRP_VBASE *SRP_VBASE_new(char *seed_key); +\& void SRP_VBASE_free(SRP_VBASE *vb); +\& +\& int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file); +\& +\& int SRP_VBASE_add0_user(SRP_VBASE *vb, SRP_user_pwd *user_pwd); +\& SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username); +\& SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fISRP_VBASE_new()\fR function allocates a structure to store server side \s-1SRP\s0 +verifier information. +If \fBseed_key\fR is not \s-1NULL\s0 a copy is stored and used to generate dummy parameters +for users that are not found by \fISRP_VBASE_get1_by_user()\fR. This allows the server +to hide the fact that it doesn't have a verifier for a particular username, +as described in section 2.5.1.3 'Unknown \s-1SRP\s0' of \s-1RFC\s0 5054. +The seed string should contain random \s-1NUL\s0 terminated binary data (therefore +the random data should not contain \s-1NUL\s0 bytes!). +.PP +The \fISRP_VBASE_free()\fR function frees up the \fBvb\fR structure. +If \fBvb\fR is \s-1NULL\s0, nothing is done. +.PP +The \fISRP_VBASE_init()\fR function parses the information in a verifier file and +populates the \fBvb\fR structure. +The verifier file is a text file containing multiple entries, whose format is: +flag base64(verifier) base64(salt) username gNid userinfo(optional) +where the flag can be 'V' (valid) or 'R' (revoked). +Note that the base64 encoding used here is non-standard so it is recommended +to use \fIopenssl\-srp\fR\|(1) to generate this file. +.PP +The \fISRP_VBASE_add0_user()\fR function adds the \fBuser_pwd\fR verifier information +to the \fBvb\fR structure. See \fISRP_user_pwd_new\fR\|(3) to create and populate this +record. +The library takes ownership of \fBuser_pwd\fR, it should not be freed by the caller. +.PP +The \fISRP_VBASE_get1_by_user()\fR function returns the password info for the user +whose username matches \fBusername\fR. It replaces the deprecated +\&\fISRP_VBASE_get_by_user()\fR. +If no matching user is found but a seed_key and default gN parameters have been +set, dummy authentication information is generated from the seed_key, allowing +the server to hide the fact that it doesn't have a verifier for a particular +username. When using \s-1SRP\s0 as a \s-1TLS\s0 authentication mechanism, this will cause +the handshake to proceed normally but the first client will be rejected with +a \*(L"bad_record_mac\*(R" alert, as if the password was incorrect. +If no matching user is found and the seed_key is not set, \s-1NULL\s0 is returned. +Ownership of the returned pointer is released to the caller, it must be freed +with \fISRP_user_pwd_free()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISRP_VBASE_init()\fR returns \fB\s-1SRP_NO_ERROR\s0\fR (0) on success and a positive value +on failure. +The error codes are \fB\s-1SRP_ERR_OPEN_FILE\s0\fR if the file could not be opened, +\&\fB\s-1SRP_ERR_VBASE_INCOMPLETE_FILE\s0\fR if the file could not be parsed, +\&\fB\s-1SRP_ERR_MEMORY\s0\fR on memory allocation failure and \fB\s-1SRP_ERR_VBASE_BN_LIB\s0\fR +for invalid decoded parameter values. +.PP +\&\fISRP_VBASE_add0_user()\fR returns 1 on success and 0 on failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\-srp\fR\|(1), +\&\fISRP_create_verifier\fR\|(3), +\&\fISRP_user_pwd_new\fR\|(3), +\&\fISSL_CTX_set_srp_password\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fISRP_VBASE_add0_user()\fR function was added in OpenSSL 3.0. +.PP +All other functions were added in OpenSSL 1.0.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SRP_create_verifier.3 b/linux_amd64/ssl/share/man/man3/SRP_create_verifier.3 new file mode 100755 index 0000000..49fdd4f --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SRP_create_verifier.3 @@ -0,0 +1,233 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SRP_CREATE_VERIFIER 3" +.TH SRP_CREATE_VERIFIER 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SRP_create_verifier, +SRP_create_verifier_BN, +SRP_check_known_gN_param, +SRP_get_default_gN +\&\- SRP authentication primitives +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& char *SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, +\& BIGNUM **verifier, const BIGNUM *N, const BIGNUM *g); +\& char *SRP_create_verifier(const char *user, const char *pass, char **salt, +\& char **verifier, const char *N, const char *g); +\& +\& char *SRP_check_known_gN_param(const BIGNUM *g, const BIGNUM *N); +\& SRP_gN *SRP_get_default_gN(const char *id); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fISRP_create_verifier_BN()\fR function creates an \s-1SRP\s0 password verifier from +the supplied parameters as defined in section 2.4 of \s-1RFC\s0 5054. +On successful exit \fB*verifier\fR will point to a newly allocated \s-1BIGNUM\s0 containing +the verifier and (if a salt was not provided) \fB*salt\fR will be populated with a +newly allocated \s-1BIGNUM\s0 containing a random salt. If \fB*salt\fR is not \s-1NULL\s0 then +the provided salt is used instead. +The caller is responsible for freeing the allocated \fB*salt\fR and \fB*verifier\fR +\&\s-1BIGNUMS\s0 (use \fIBN_free\fR\|(3)). +.PP +The \fISRP_create_verifier()\fR function is similar to \fISRP_create_verifier_BN()\fR but +all numeric parameters are in a non-standard base64 encoding originally designed +for compatibility with libsrp. This is mainly present for historical compatibility +and its use is discouraged. +It is possible to pass \s-1NULL\s0 as \fBN\fR and an \s-1SRP\s0 group id as \fBg\fR instead to +load the appropriate gN values (see \fISRP_get_default_gN()\fR). +If both \fBN\fR and \fBg\fR are \s-1NULL\s0 the 8192\-bit \s-1SRP\s0 group parameters are used. +The caller is responsible for freeing the allocated \fB*salt\fR and \fB*verifier\fR +(use \fIOPENSSL_free\fR\|(3)). +.PP +The \fISRP_check_known_gN_param()\fR function checks that \fBg\fR and \fBN\fR are valid +\&\s-1SRP\s0 group parameters from \s-1RFC\s0 5054 appendix A. +.PP +The \fISRP_get_default_gN()\fR function returns the gN parameters for the \s-1RFC\s0 5054 \fBid\fR +\&\s-1SRP\s0 group size. +The known ids are \*(L"1024\*(R", \*(L"1536\*(R", \*(L"2048\*(R", \*(L"3072\*(R", \*(L"4096\*(R", \*(L"6144\*(R" and \*(L"8192\*(R". +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISRP_create_verifier_BN()\fR returns 1 on success and 0 on failure. +.PP +\&\fISRP_create_verifier()\fR returns \s-1NULL\s0 on failure and a non-NULL value on success: +\&\*(L"*\*(R" if \fBN\fR is not \s-1NULL\s0, the selected group id otherwise. This value should +not be freed. +.PP +\&\fISRP_check_known_gN_param()\fR returns the text representation of the group id +(ie. the prime bit size) or \s-1NULL\s0 if the arguments are not valid \s-1SRP\s0 group parameters. +This value should not be freed. +.PP +\&\fISRP_get_default_gN()\fR returns \s-1NULL\s0 if \fBid\fR is not a valid group size, +or the 8192\-bit group parameters if \fBid\fR is \s-1NULL\s0. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Generate and store a 8192 bit password verifier (error handling +omitted for clarity): +.PP +.Vb 2 +\& #include +\& #include +\& +\& const char *username = "username"; +\& const char *password = "password"; +\& +\& SRP_VBASE *srpData = SRP_VBASE_new(NULL); +\& +\& SRP_gN *gN = SRP_get_default_gN("8192"); +\& +\& BIGNUM *salt = NULL, *verifier = NULL; +\& SRP_create_verifier_BN(username, password, &salt, &verifier, gN\->N, gN\->g); +\& +\& SRP_user_pwd *pwd = SRP_user_pwd_new(); +\& SRP_user_pwd_set1_ids(pwd, username, NULL); +\& SRP_user_pwd_set0_sv(pwd, salt, verifier); +\& SRP_user_pwd_set_gN(pwd, gN\->g, gN\->N); +\& +\& SRP_VBASE_add0_user(srpData, pwd); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\-srp\fR\|(1), +\&\fISRP_VBASE_new\fR\|(3), +\&\fISRP_user_pwd_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SRP_user_pwd_new.3 b/linux_amd64/ssl/share/man/man3/SRP_user_pwd_new.3 new file mode 100755 index 0000000..bbe5d3f --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SRP_user_pwd_new.3 @@ -0,0 +1,192 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SRP_USER_PWD_NEW 3" +.TH SRP_USER_PWD_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SRP_user_pwd_new, +SRP_user_pwd_free, +SRP_user_pwd_set1_ids, +SRP_user_pwd_set_gN, +SRP_user_pwd_set0_sv +\&\- Functions to create a record of SRP user verifier information +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& SRP_user_pwd *SRP_user_pwd_new(void); +\& void SRP_user_pwd_free(SRP_user_pwd *user_pwd); +\& +\& int SRP_user_pwd_set1_ids(SRP_user_pwd *user_pwd, const char *id, const char *info); +\& void SRP_user_pwd_set_gN(SRP_user_pwd *user_pwd, const BIGNUM *g, const BIGNUM *N); +\& int SRP_user_pwd_set0_sv(SRP_user_pwd *user_pwd, BIGNUM *s, BIGNUM *v); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fISRP_user_pwd_new()\fR function allocates a structure to store a user verifier +record. +.PP +The \fISRP_user_pwd_free()\fR function frees up the \fBuser_pwd\fR structure. +If \fBuser_pwd\fR is \s-1NULL\s0, nothing is done. +.PP +The \fISRP_user_pwd_set1_ids()\fR function sets the username to \fBid\fR and the optional +user info to \fBinfo\fR for \fBuser_pwd\fR. +The library allocates new copies of \fBid\fR and \fBinfo\fR, the caller still +owns the original memory. +.PP +The \fISRP_user_pwd_set0_sv()\fR function sets the user salt to \fBs\fR and the verifier +to \fBv\fR for \fBuser_pwd\fR. +The library takes ownership of the values, they should not be freed by the caller. +.PP +The \fISRP_user_pwd_set_gN()\fR function sets the \s-1SRP\s0 group parameters for \fBuser_pwd\fR. +The memory is not freed by \fISRP_user_pwd_free()\fR, the caller must make sure it is +freed once it is no longer used. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISRP_user_pwd_set1_ids()\fR returns 1 on success and 0 on failure or if \fBid\fR was \s-1NULL\s0. +.PP +\&\fISRP_user_pwd_set0_sv()\fR returns 1 if both \fBs\fR and \fBv\fR are not \s-1NULL\s0, 0 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\-srp\fR\|(1), +\&\fISRP_create_verifier\fR\|(3), +\&\fISRP_VBASE_new\fR\|(3), +\&\fISSL_CTX_set_srp_password\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were made public in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CIPHER_get_name.3 b/linux_amd64/ssl/share/man/man3/SSL_CIPHER_get_name.3 new file mode 100755 index 0000000..cb5cd30 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CIPHER_get_name.3 @@ -0,0 +1,331 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CIPHER_GET_NAME 3" +.TH SSL_CIPHER_GET_NAME 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CIPHER_get_name, +SSL_CIPHER_standard_name, +OPENSSL_cipher_name, +SSL_CIPHER_get_bits, +SSL_CIPHER_get_version, +SSL_CIPHER_description, +SSL_CIPHER_get_cipher_nid, +SSL_CIPHER_get_digest_nid, +SSL_CIPHER_get_handshake_digest, +SSL_CIPHER_get_kx_nid, +SSL_CIPHER_get_auth_nid, +SSL_CIPHER_is_aead, +SSL_CIPHER_find, +SSL_CIPHER_get_id, +SSL_CIPHER_get_protocol_id +\&\- get SSL_CIPHER properties +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const char *SSL_CIPHER_get_name(const SSL_CIPHER *cipher); +\& const char *SSL_CIPHER_standard_name(const SSL_CIPHER *cipher); +\& const char *OPENSSL_cipher_name(const char *stdname); +\& int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, int *alg_bits); +\& char *SSL_CIPHER_get_version(const SSL_CIPHER *cipher); +\& char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int size); +\& int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c); +\& int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c); +\& const EVP_MD *SSL_CIPHER_get_handshake_digest(const SSL_CIPHER *c); +\& int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c); +\& int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c); +\& int SSL_CIPHER_is_aead(const SSL_CIPHER *c); +\& const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr); +\& uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c); +\& uint32_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *c); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CIPHER_get_name()\fR returns a pointer to the name of \fBcipher\fR. If the +\&\fBcipher\fR is \s-1NULL\s0, it returns \*(L"(\s-1NONE\s0)\*(R". +.PP +\&\fISSL_CIPHER_standard_name()\fR returns a pointer to the standard \s-1RFC\s0 name of +\&\fBcipher\fR. If the \fBcipher\fR is \s-1NULL\s0, it returns \*(L"(\s-1NONE\s0)\*(R". If the \fBcipher\fR +has no standard name, it returns \fB\s-1NULL\s0\fR. If \fBcipher\fR was defined in both +SSLv3 and \s-1TLS\s0, it returns the \s-1TLS\s0 name. +.PP +\&\fIOPENSSL_cipher_name()\fR returns a pointer to the OpenSSL name of \fBstdname\fR. +If the \fBstdname\fR is \s-1NULL\s0, or \fBstdname\fR has no corresponding OpenSSL name, +it returns \*(L"(\s-1NONE\s0)\*(R". Where both exist, \fBstdname\fR should be the \s-1TLS\s0 name rather +than the SSLv3 name. +.PP +\&\fISSL_CIPHER_get_bits()\fR returns the number of secret bits used for \fBcipher\fR. +If \fBcipher\fR is \s-1NULL\s0, 0 is returned. +.PP +\&\fISSL_CIPHER_get_version()\fR returns string which indicates the \s-1SSL/TLS\s0 protocol +version that first defined the cipher. It returns \*(L"(\s-1NONE\s0)\*(R" if \fBcipher\fR is \s-1NULL\s0. +.PP +\&\fISSL_CIPHER_get_cipher_nid()\fR returns the cipher \s-1NID\s0 corresponding to \fBc\fR. +If there is no cipher (e.g. for cipher suites with no encryption) then +\&\fBNID_undef\fR is returned. +.PP +\&\fISSL_CIPHER_get_digest_nid()\fR returns the digest \s-1NID\s0 corresponding to the \s-1MAC\s0 +used by \fBc\fR during record encryption/decryption. If there is no digest (e.g. +for \s-1AEAD\s0 cipher suites) then \fBNID_undef\fR is returned. +.PP +\&\fISSL_CIPHER_get_handshake_digest()\fR returns an \s-1EVP_MD\s0 for the digest used during +the \s-1SSL/TLS\s0 handshake when using the \s-1SSL_CIPHER\s0 \fBc\fR. Note that this may be +different to the digest used to calculate the \s-1MAC\s0 for encrypted records. +.PP +\&\fISSL_CIPHER_get_kx_nid()\fR returns the key exchange \s-1NID\s0 corresponding to the method +used by \fBc\fR. If there is no key exchange, then \fBNID_undef\fR is returned. +If any appropriate key exchange algorithm can be used (as in the case of \s-1TLS\s0 1.3 +cipher suites) \fBNID_kx_any\fR is returned. Examples (not comprehensive): +.PP +.Vb 4 +\& NID_kx_rsa +\& NID_kx_ecdhe +\& NID_kx_dhe +\& NID_kx_psk +.Ve +.PP +\&\fISSL_CIPHER_get_auth_nid()\fR returns the authentication \s-1NID\s0 corresponding to the method +used by \fBc\fR. If there is no authentication, then \fBNID_undef\fR is returned. +If any appropriate authentication algorithm can be used (as in the case of +\&\s-1TLS\s0 1.3 cipher suites) \fBNID_auth_any\fR is returned. Examples (not comprehensive): +.PP +.Vb 3 +\& NID_auth_rsa +\& NID_auth_ecdsa +\& NID_auth_psk +.Ve +.PP +\&\fISSL_CIPHER_is_aead()\fR returns 1 if the cipher \fBc\fR is \s-1AEAD\s0 (e.g. \s-1GCM\s0 or +ChaCha20/Poly1305), and 0 if it is not \s-1AEAD\s0. +.PP +\&\fISSL_CIPHER_find()\fR returns a \fB\s-1SSL_CIPHER\s0\fR structure which has the cipher \s-1ID\s0 stored +in \fBptr\fR. The \fBptr\fR parameter is a two element array of \fBchar\fR, which stores the +two-byte \s-1TLS\s0 cipher \s-1ID\s0 (as allocated by \s-1IANA\s0) in network byte order. This parameter +is usually retrieved from a \s-1TLS\s0 packet by using functions like +\&\fISSL_client_hello_get0_ciphers\fR\|(3). \fISSL_CIPHER_find()\fR returns \s-1NULL\s0 if an +error occurs or the indicated cipher is not found. +.PP +\&\fISSL_CIPHER_get_id()\fR returns the OpenSSL-specific \s-1ID\s0 of the given cipher \fBc\fR. That \s-1ID\s0 is +not the same as the IANA-specific \s-1ID\s0. +.PP +\&\fISSL_CIPHER_get_protocol_id()\fR returns the two-byte \s-1ID\s0 used in the \s-1TLS\s0 protocol of the given +cipher \fBc\fR. +.PP +\&\fISSL_CIPHER_description()\fR returns a textual description of the cipher used +into the buffer \fBbuf\fR of length \fBlen\fR provided. If \fBbuf\fR is provided, it +must be at least 128 bytes, otherwise a buffer will be allocated using +\&\fIOPENSSL_malloc()\fR. If the provided buffer is too small, or the allocation fails, +\&\fB\s-1NULL\s0\fR is returned. +.PP +The string returned by \fISSL_CIPHER_description()\fR consists of several fields +separated by whitespace: +.IP "" 4 +.IX Item "" +Textual representation of the cipher name. +.IP "" 4 +.IX Item "" +The minimum protocol version that the ciphersuite supports, such as \fBTLSv1.2\fR. +Note that this is not always the same as the protocol version in which the +ciphersuite was first defined because some ciphersuites are backwards compatible +with earlier protocol versions. +.IP "Kx=" 4 +.IX Item "Kx=" +Key exchange method such as \fB\s-1RSA\s0\fR, \fB\s-1ECDHE\s0\fR, etc. +.IP "Au=" 4 +.IX Item "Au=" +Authentication method such as \fB\s-1RSA\s0\fR, \fBNone\fR, etc.. None is the +representation of anonymous ciphers. +.IP "Enc=" 4 +.IX Item "Enc=" +Encryption method, with number of secret bits, such as \fB\s-1AESGCM\s0(128)\fR. +.IP "Mac=" 4 +.IX Item "Mac=" +Message digest, such as \fB\s-1SHA256\s0\fR. +.PP +Some examples for the output of \fISSL_CIPHER_description()\fR: +.PP +.Vb 2 +\& ECDHE\-RSA\-AES256\-GCM\-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD +\& RSA\-PSK\-AES256\-CBC\-SHA384 TLSv1.0 Kx=RSAPSK Au=RSA Enc=AES(256) Mac=SHA384 +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CIPHER_get_name()\fR, \fISSL_CIPHER_standard_name()\fR, \fIOPENSSL_cipher_name()\fR, +\&\fISSL_CIPHER_get_version()\fR and \fISSL_CIPHER_description()\fR return the corresponding +value in a null-terminated string for a specific cipher or \*(L"(\s-1NONE\s0)\*(R" +if the cipher is not found. +.PP +\&\fISSL_CIPHER_get_bits()\fR returns a positive integer representing the number of +secret bits or 0 if an error occurred. +.PP +\&\fISSL_CIPHER_get_cipher_nid()\fR, \fISSL_CIPHER_get_digest_nid()\fR, +\&\fISSL_CIPHER_get_kx_nid()\fR and \fISSL_CIPHER_get_auth_nid()\fR return the \s-1NID\s0 value or +\&\fBNID_undef\fR if an error occurred. +.PP +\&\fISSL_CIPHER_get_handshake_digest()\fR returns a valid \fB\s-1EVP_MD\s0\fR structure or \s-1NULL\s0 +if an error occurred. +.PP +\&\fISSL_CIPHER_is_aead()\fR returns 1 if the cipher is \s-1AEAD\s0 or 0 otherwise. +.PP +\&\fISSL_CIPHER_find()\fR returns a valid \fB\s-1SSL_CIPHER\s0\fR structure or \s-1NULL\s0 if an error +occurred. +.PP +\&\fISSL_CIPHER_get_id()\fR returns a 4\-byte integer representing the OpenSSL-specific \s-1ID\s0. +.PP +\&\fISSL_CIPHER_get_protocol_id()\fR returns a 2\-byte integer representing the \s-1TLS\s0 +protocol-specific \s-1ID\s0. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_get_current_cipher\fR\|(3), +\&\fISSL_get_ciphers\fR\|(3), \fIopenssl\-ciphers\fR\|(1) +.SH "HISTORY" +.IX Header "HISTORY" +The \fISSL_CIPHER_get_version()\fR function was updated to always return the +correct protocol string in OpenSSL 1.1.0. +.PP +The \fISSL_CIPHER_description()\fR function was changed to return \fB\s-1NULL\s0\fR on error, +rather than a fixed string, in OpenSSL 1.1.0. +.PP +The \fISSL_CIPHER_get_handshake_digest()\fR function was added in OpenSSL 1.1.1. +.PP +The \fISSL_CIPHER_standard_name()\fR function was globally available in OpenSSL 1.1.1. + Before OpenSSL 1.1.1, tracing (\fBenable-ssl-trace\fR argument to Configure) was +required to enable this function. +.PP +The \fIOPENSSL_cipher_name()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_COMP_add_compression_method.3 b/linux_amd64/ssl/share/man/man3/SSL_COMP_add_compression_method.3 new file mode 100755 index 0000000..c4cb5b2 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_COMP_add_compression_method.3 @@ -0,0 +1,222 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_COMP_ADD_COMPRESSION_METHOD 3" +.TH SSL_COMP_ADD_COMPRESSION_METHOD 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_COMP_add_compression_method, SSL_COMP_get_compression_methods, +SSL_COMP_get0_name, SSL_COMP_get_id, SSL_COMP_free_compression_methods +\&\- handle SSL/TLS integrated compression methods +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm); +\& STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); +\& const char *SSL_COMP_get0_name(const SSL_COMP *comp); +\& int SSL_COMP_get_id(const SSL_COMP *comp); +.Ve +.PP +Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 1 +\& void SSL_COMP_free_compression_methods(void) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_COMP_add_compression_method()\fR adds the compression method \fBcm\fR with +the identifier \fBid\fR to the list of available compression methods. This +list is globally maintained for all \s-1SSL\s0 operations within this application. +It cannot be set for specific \s-1SSL_CTX\s0 or \s-1SSL\s0 objects. +.PP +\&\fISSL_COMP_get_compression_methods()\fR returns a stack of all of the available +compression methods or \s-1NULL\s0 on error. +.PP +\&\fISSL_COMP_get0_name()\fR returns the name of the compression method \fBcomp\fR. +.PP +\&\fISSL_COMP_get_id()\fR returns the id of the compression method \fBcomp\fR. +.PP +\&\fISSL_COMP_free_compression_methods()\fR releases any resources acquired to +maintain the internal table of compression methods. +.SH "NOTES" +.IX Header "NOTES" +The \s-1TLS\s0 standard (or SSLv3) allows the integration of compression methods +into the communication. The \s-1TLS\s0 \s-1RFC\s0 does however not specify compression +methods or their corresponding identifiers, so there is currently no compatible +way to integrate compression with unknown peers. It is therefore currently not +recommended to integrate compression into applications. Applications for +non-public use may agree on certain compression methods. Using different +compression methods with the same identifier will lead to connection failure. +.PP +An OpenSSL client speaking a protocol that allows compression (SSLv3, TLSv1) +will unconditionally send the list of all compression methods enabled with +\&\fISSL_COMP_add_compression_method()\fR to the server during the handshake. +Unlike the mechanisms to set a cipher list, there is no method available to +restrict the list of compression method on a per connection basis. +.PP +An OpenSSL server will match the identifiers listed by a client against +its own compression methods and will unconditionally activate compression +when a matching identifier is found. There is no way to restrict the list +of compression methods supported on a per connection basis. +.PP +If enabled during compilation, the OpenSSL library will have the +\&\fICOMP_zlib()\fR compression method available. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_COMP_add_compression_method()\fR may return the following values: +.IP "0" 4 +The operation succeeded. +.IP "1" 4 +.IX Item "1" +The operation failed. Check the error queue to find out the reason. +.PP +\&\fISSL_COMP_get_compression_methods()\fR returns the stack of compressions methods or +\&\s-1NULL\s0 on error. +.PP +\&\fISSL_COMP_get0_name()\fR returns the name of the compression method or \s-1NULL\s0 on error. +.PP +\&\fISSL_COMP_get_id()\fR returns the name of the compression method or \-1 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \fISSL_COMP_free_compression_methods()\fR function was deprecated in OpenSSL 1.1.0. +The \fISSL_COMP_get0_name()\fR and \fISSL_comp_get_id()\fR functions were added in OpenSSL 1.1.0d. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CONF_CTX_new.3 b/linux_amd64/ssl/share/man/man3/SSL_CONF_CTX_new.3 new file mode 100755 index 0000000..798e133 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CONF_CTX_new.3 @@ -0,0 +1,173 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CONF_CTX_NEW 3" +.TH SSL_CONF_CTX_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CONF_CTX_new, SSL_CONF_CTX_free \- SSL configuration allocation functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& SSL_CONF_CTX *SSL_CONF_CTX_new(void); +\& void SSL_CONF_CTX_free(SSL_CONF_CTX *cctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fISSL_CONF_CTX_new()\fR allocates and initialises an \fB\s-1SSL_CONF_CTX\s0\fR +structure for use with the \s-1SSL_CONF\s0 functions. +.PP +The function \fISSL_CONF_CTX_free()\fR frees up the context \fBcctx\fR. +If \fBcctx\fR is \s-1NULL\s0 nothing is done. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CONF_CTX_new()\fR returns either the newly allocated \fB\s-1SSL_CONF_CTX\s0\fR structure +or \fB\s-1NULL\s0\fR if an error occurs. +.PP +\&\fISSL_CONF_CTX_free()\fR does not return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_CONF_CTX_set_flags\fR\|(3), +\&\fISSL_CONF_CTX_set_ssl_ctx\fR\|(3), +\&\fISSL_CONF_CTX_set1_prefix\fR\|(3), +\&\fISSL_CONF_cmd\fR\|(3), +\&\fISSL_CONF_cmd_argv\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.2. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2012\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CONF_CTX_set1_prefix.3 b/linux_amd64/ssl/share/man/man3/SSL_CONF_CTX_set1_prefix.3 new file mode 100755 index 0000000..db14ae0 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CONF_CTX_set1_prefix.3 @@ -0,0 +1,180 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CONF_CTX_SET1_PREFIX 3" +.TH SSL_CONF_CTX_SET1_PREFIX 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CONF_CTX_set1_prefix \- Set configuration context command prefix +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& unsigned int SSL_CONF_CTX_set1_prefix(SSL_CONF_CTX *cctx, const char *prefix); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fISSL_CONF_CTX_set1_prefix()\fR sets the command prefix of \fBcctx\fR +to \fBprefix\fR. If \fBprefix\fR is \fB\s-1NULL\s0\fR it is restored to the default value. +.SH "NOTES" +.IX Header "NOTES" +Command prefixes alter the commands recognised by subsequent \fISSL_CONF_cmd()\fR +calls. For example for files, if the prefix \*(L"\s-1SSL\s0\*(R" is set then command names +such as \*(L"SSLProtocol\*(R", \*(L"SSLOptions\*(R" etc. are recognised instead of \*(L"Protocol\*(R" +and \*(L"Options\*(R". Similarly for command lines if the prefix is \*(L"\-\-ssl\-\*(R" then +\&\*(L"\-\-ssl\-no_tls1_2\*(R" is recognised instead of \*(L"\-no_tls1_2\*(R". +.PP +If the \fB\s-1SSL_CONF_FLAG_CMDLINE\s0\fR flag is set then prefix checks are case +sensitive and \*(L"\-\*(R" is the default. In the unlikely even an application +explicitly wants to set no prefix it must be explicitly set to "". +.PP +If the \fB\s-1SSL_CONF_FLAG_FILE\s0\fR flag is set then prefix checks are case +insensitive and no prefix is the default. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CONF_CTX_set1_prefix()\fR returns 1 for success and 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_CONF_CTX_new\fR\|(3), +\&\fISSL_CONF_CTX_set_flags\fR\|(3), +\&\fISSL_CONF_CTX_set_ssl_ctx\fR\|(3), +\&\fISSL_CONF_cmd\fR\|(3), +\&\fISSL_CONF_cmd_argv\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.2. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2012\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CONF_CTX_set_flags.3 b/linux_amd64/ssl/share/man/man3/SSL_CONF_CTX_set_flags.3 new file mode 100755 index 0000000..053b0f2 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CONF_CTX_set_flags.3 @@ -0,0 +1,197 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CONF_CTX_SET_FLAGS 3" +.TH SSL_CONF_CTX_SET_FLAGS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CONF_CTX_set_flags, SSL_CONF_CTX_clear_flags \- Set or clear SSL configuration context flags +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& unsigned int SSL_CONF_CTX_set_flags(SSL_CONF_CTX *cctx, unsigned int flags); +\& unsigned int SSL_CONF_CTX_clear_flags(SSL_CONF_CTX *cctx, unsigned int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fISSL_CONF_CTX_set_flags()\fR sets \fBflags\fR in the context \fBcctx\fR. +.PP +The function \fISSL_CONF_CTX_clear_flags()\fR clears \fBflags\fR in the context \fBcctx\fR. +.SH "NOTES" +.IX Header "NOTES" +The flags set affect how subsequent calls to \fISSL_CONF_cmd()\fR or +\&\fISSL_CONF_argv()\fR behave. +.PP +Currently the following \fBflags\fR values are recognised: +.IP "\s-1SSL_CONF_FLAG_CMDLINE\s0, \s-1SSL_CONF_FLAG_FILE\s0" 4 +.IX Item "SSL_CONF_FLAG_CMDLINE, SSL_CONF_FLAG_FILE" +recognise options intended for command line or configuration file use. At +least one of these flags must be set. +.IP "\s-1SSL_CONF_FLAG_CLIENT\s0, \s-1SSL_CONF_FLAG_SERVER\s0" 4 +.IX Item "SSL_CONF_FLAG_CLIENT, SSL_CONF_FLAG_SERVER" +recognise options intended for use in \s-1SSL/TLS\s0 clients or servers. One or +both of these flags must be set. +.IP "\s-1SSL_CONF_FLAG_CERTIFICATE\s0" 4 +.IX Item "SSL_CONF_FLAG_CERTIFICATE" +recognise certificate and private key options. +.IP "\s-1SSL_CONF_FLAG_REQUIRE_PRIVATE\s0" 4 +.IX Item "SSL_CONF_FLAG_REQUIRE_PRIVATE" +If this option is set then if a private key is not specified for a certificate +it will attempt to load a private key from the certificate file when +\&\fISSL_CONF_CTX_finish()\fR is called. If a key cannot be loaded from the certificate +file an error occurs. +.IP "\s-1SSL_CONF_FLAG_SHOW_ERRORS\s0" 4 +.IX Item "SSL_CONF_FLAG_SHOW_ERRORS" +indicate errors relating to unrecognised options or missing arguments in +the error queue. If this option isn't set such errors are only reflected +in the return values of \fISSL_CONF_set_cmd()\fR or \fISSL_CONF_set_argv()\fR +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CONF_CTX_set_flags()\fR and \fISSL_CONF_CTX_clear_flags()\fR returns the new flags +value after setting or clearing flags. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_CONF_CTX_new\fR\|(3), +\&\fISSL_CONF_CTX_set_ssl_ctx\fR\|(3), +\&\fISSL_CONF_CTX_set1_prefix\fR\|(3), +\&\fISSL_CONF_cmd\fR\|(3), +\&\fISSL_CONF_cmd_argv\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.2. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2012\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 b/linux_amd64/ssl/share/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 new file mode 100755 index 0000000..26ba70f --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 @@ -0,0 +1,178 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CONF_CTX_SET_SSL_CTX 3" +.TH SSL_CONF_CTX_SET_SSL_CTX 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CONF_CTX_set_ssl_ctx, SSL_CONF_CTX_set_ssl \- set context to configure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *cctx, SSL_CTX *ctx); +\& void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CONF_CTX_set_ssl_ctx()\fR sets the context associated with \fBcctx\fR to the +\&\fB\s-1SSL_CTX\s0\fR structure \fBctx\fR. Any previous \fB\s-1SSL\s0\fR or \fB\s-1SSL_CTX\s0\fR associated with +\&\fBcctx\fR is cleared. Subsequent calls to \fISSL_CONF_cmd()\fR will be sent to +\&\fBctx\fR. +.PP +\&\fISSL_CONF_CTX_set_ssl()\fR sets the context associated with \fBcctx\fR to the +\&\fB\s-1SSL\s0\fR structure \fBssl\fR. Any previous \fB\s-1SSL\s0\fR or \fB\s-1SSL_CTX\s0\fR associated with +\&\fBcctx\fR is cleared. Subsequent calls to \fISSL_CONF_cmd()\fR will be sent to +\&\fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +The context need not be set or it can be set to \fB\s-1NULL\s0\fR in which case only +syntax checking of commands is performed, where possible. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CONF_CTX_set_ssl_ctx()\fR and \fISSL_CTX_set_ssl()\fR do not return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_CONF_CTX_new\fR\|(3), +\&\fISSL_CONF_CTX_set_flags\fR\|(3), +\&\fISSL_CONF_CTX_set1_prefix\fR\|(3), +\&\fISSL_CONF_cmd\fR\|(3), +\&\fISSL_CONF_cmd_argv\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.2. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2012\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CONF_cmd.3 b/linux_amd64/ssl/share/man/man3/SSL_CONF_cmd.3 new file mode 100755 index 0000000..b20686f --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CONF_cmd.3 @@ -0,0 +1,787 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CONF_CMD 3" +.TH SSL_CONF_CMD 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CONF_cmd_value_type, +SSL_CONF_cmd \- send configuration command +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CONF_cmd(SSL_CONF_CTX *ctx, const char *option, const char *value); +\& int SSL_CONF_cmd_value_type(SSL_CONF_CTX *ctx, const char *option); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fISSL_CONF_cmd()\fR performs configuration operation \fBoption\fR with +optional parameter \fBvalue\fR on \fBctx\fR. Its purpose is to simplify application +configuration of \fB\s-1SSL_CTX\s0\fR or \fB\s-1SSL\s0\fR structures by providing a common +framework for command line options or configuration files. +.PP +\&\fISSL_CONF_cmd_value_type()\fR returns the type of value that \fBoption\fR refers to. +.SH "SUPPORTED COMMAND LINE COMMANDS" +.IX Header "SUPPORTED COMMAND LINE COMMANDS" +Currently supported \fBoption\fR names for command lines (i.e. when the +flag \fB\s-1SSL_CONF_CMDLINE\s0\fR is set) are listed below. Note: all \fBoption\fR names +are case sensitive. Unless otherwise stated commands can be used by +both clients and servers and the \fBvalue\fR parameter is not used. The default +prefix for command line commands is \fB\-\fR and that is reflected below. +.IP "\fB\-bugs\fR" 4 +.IX Item "-bugs" +Various bug workarounds are set, same as setting \fB\s-1SSL_OP_ALL\s0\fR. +.IP "\fB\-no_comp\fR" 4 +.IX Item "-no_comp" +Disables support for \s-1SSL/TLS\s0 compression, same as setting +\&\fB\s-1SSL_OP_NO_COMPRESSION\s0\fR. +As of OpenSSL 1.1.0, compression is off by default. +.IP "\fB\-comp\fR" 4 +.IX Item "-comp" +Enables support for \s-1SSL/TLS\s0 compression, same as clearing +\&\fB\s-1SSL_OP_NO_COMPRESSION\s0\fR. +This command was introduced in OpenSSL 1.1.0. +As of OpenSSL 1.1.0, compression is off by default. +.IP "\fB\-no_ticket\fR" 4 +.IX Item "-no_ticket" +Disables support for session tickets, same as setting \fB\s-1SSL_OP_NO_TICKET\s0\fR. +.IP "\fB\-serverpref\fR" 4 +.IX Item "-serverpref" +Use server and not client preference order when determining which cipher suite, +signature algorithm or elliptic curve to use for an incoming connection. +Equivalent to \fB\s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0\fR. Only used by servers. +.IP "\fB\-legacyrenegotiation\fR" 4 +.IX Item "-legacyrenegotiation" +permits the use of unsafe legacy renegotiation. Equivalent to setting +\&\fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR. +.IP "\fB\-no_renegotiation\fR" 4 +.IX Item "-no_renegotiation" +Disables all attempts at renegotiation in TLSv1.2 and earlier, same as setting +\&\fB\s-1SSL_OP_NO_RENEGOTIATION\s0\fR. +.IP "\fB\-no_resumption_on_reneg\fR" 4 +.IX Item "-no_resumption_on_reneg" +set \s-1SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION\s0 flag. Only used by servers. +.IP "\fB\-legacy_server_connect\fR, \fB\-no_legacy_server_connect\fR" 4 +.IX Item "-legacy_server_connect, -no_legacy_server_connect" +permits or prohibits the use of unsafe legacy renegotiation for OpenSSL +clients only. Equivalent to setting or clearing \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR. +Set by default. +.IP "\fB\-prioritize_chacha\fR" 4 +.IX Item "-prioritize_chacha" +Prioritize ChaCha ciphers when the client has a ChaCha20 cipher at the top of +its preference list. This usually indicates a client without \s-1AES\s0 hardware +acceleration (e.g. mobile) is in use. Equivalent to \fB\s-1SSL_OP_PRIORITIZE_CHACHA\s0\fR. +Only used by servers. Requires \fB\-serverpref\fR. +.IP "\fB\-allow_no_dhe_kex\fR" 4 +.IX Item "-allow_no_dhe_kex" +In TLSv1.3 allow a non\-(ec)dhe based key exchange mode on resumption. This means +that there will be no forward secrecy for the resumed session. +.IP "\fB\-strict\fR" 4 +.IX Item "-strict" +enables strict mode protocol handling. Equivalent to setting +\&\fB\s-1SSL_CERT_FLAG_TLS_STRICT\s0\fR. +.IP "\fB\-sigalgs\fR \fIalgs\fR" 4 +.IX Item "-sigalgs algs" +This sets the supported signature algorithms for TLSv1.2 and TLSv1.3. +For clients this value is used directly for the supported signature +algorithms extension. For servers it is used to determine which signature +algorithms to support. +.Sp +The \fBalgs\fR argument should be a colon separated list of signature +algorithms in order of decreasing preference of the form \fBalgorithm+hash\fR +or \fBsignature_scheme\fR. \fBalgorithm\fR is one of \fB\s-1RSA\s0\fR, \fB\s-1DSA\s0\fR or \fB\s-1ECDSA\s0\fR and +\&\fBhash\fR is a supported algorithm \s-1OID\s0 short name such as \fB\s-1SHA1\s0\fR, \fB\s-1SHA224\s0\fR, +\&\fB\s-1SHA256\s0\fR, \fB\s-1SHA384\s0\fR of \fB\s-1SHA512\s0\fR. Note: algorithm and hash names are case +sensitive. \fBsignature_scheme\fR is one of the signature schemes defined in +TLSv1.3, specified using the \s-1IETF\s0 name, e.g., \fBecdsa_secp256r1_sha256\fR, +\&\fBed25519\fR, or \fBrsa_pss_pss_sha256\fR. +.Sp +If this option is not set then all signature algorithms supported by the +OpenSSL library are permissible. +.Sp +Note: algorithms which specify a PKCS#1 v1.5 signature scheme (either by +using \fB\s-1RSA\s0\fR as the \fBalgorithm\fR or by using one of the \fBrsa_pkcs1_*\fR +identifiers) are ignored in TLSv1.3 and will not be negotiated. +.IP "\fB\-client_sigalgs\fR \fIalgs\fR" 4 +.IX Item "-client_sigalgs algs" +This sets the supported signature algorithms associated with client +authentication for TLSv1.2 and TLSv1.3. For servers the \fBalgs\fR is used +in the \fBsignature_algorithms\fR field of a \fBCertificateRequest\fR message. +For clients it is used to determine which signature algorithm to use with +the client certificate. If a server does not request a certificate this +option has no effect. +.Sp +The syntax of \fBalgs\fR is identical to \fB\-sigalgs\fR. If not set, then the +value set for \fB\-sigalgs\fR will be used instead. +.IP "\fB\-groups\fR \fIgroups\fR" 4 +.IX Item "-groups groups" +This sets the supported groups. For clients, the groups are sent using +the supported groups extension. For servers, it is used to determine which +group to use. This setting affects groups used for signatures (in TLSv1.2 +and earlier) and key exchange. The first group listed will also be used +for the \fBkey_share\fR sent by a client in a TLSv1.3 \fBClientHello\fR. +.Sp +The \fBgroups\fR argument is a colon separated list of groups. The group can +be either the \fB\s-1NIST\s0\fR name (e.g. \fBP\-256\fR), some other commonly used name +where applicable (e.g. \fBX25519\fR, \fBffdhe2048\fR) or an OpenSSL \s-1OID\s0 name +(e.g \fBprime256v1\fR). Group names are case sensitive. The list should be +in order of preference with the most preferred group first. +.Sp +Currently supported groups for \fBTLSv1.3\fR are \fBP\-256\fR, \fBP\-384\fR, \fBP\-521\fR, +\&\fBX25519\fR, \fBX448\fR, \fBffdhe2048\fR, \fBffdhe3072\fR, \fBffdhe4096\fR, \fBffdhe6144\fR, +\&\fBffdhe8192\fR. +.IP "\fB\-curves\fR \fIgroups\fR" 4 +.IX Item "-curves groups" +This is a synonym for the \fB\-groups\fR command. +.IP "\fB\-named_curve\fR \fIcurve\fR" 4 +.IX Item "-named_curve curve" +This sets the temporary curve used for ephemeral \s-1ECDH\s0 modes. Only used +by servers. +.Sp +The \fBgroups\fR argument is a curve name or the special value \fBauto\fR which +picks an appropriate curve based on client and server preferences. The +curve can be either the \fB\s-1NIST\s0\fR name (e.g. \fBP\-256\fR) or an OpenSSL \s-1OID\s0 name +(e.g \fBprime256v1\fR). Curve names are case sensitive. +.IP "\fB\-cipher\fR \fIciphers\fR" 4 +.IX Item "-cipher ciphers" +Sets the TLSv1.2 and below ciphersuite list to \fBciphers\fR. This list will be +combined with any configured TLSv1.3 ciphersuites. Note: syntax checking +of \fBciphers\fR is currently not performed unless a \fB\s-1SSL\s0\fR or \fB\s-1SSL_CTX\s0\fR +structure is associated with \fBctx\fR. +.IP "\fB\-ciphersuites\fR \fI1.3ciphers\fR" 4 +.IX Item "-ciphersuites 1.3ciphers" +Sets the available ciphersuites for TLSv1.3 to value. This is a +colon-separated list of TLSv1.3 ciphersuite names in order of preference. This +list will be combined any configured TLSv1.2 and below ciphersuites. +See \fIopenssl\-ciphers\fR\|(1) for more information. +.IP "\fB\-min_protocol\fR \fIminprot\fR, \fB\-max_protocol\fR \fImaxprot\fR" 4 +.IX Item "-min_protocol minprot, -max_protocol maxprot" +Sets the minimum and maximum supported protocol. Currently supported +protocol values are \fBSSLv3\fR, \fBTLSv1\fR, \fBTLSv1.1\fR, \fBTLSv1.2\fR, \fBTLSv1.3\fR +for \s-1TLS\s0 and \fBDTLSv1\fR, \fBDTLSv1.2\fR for \s-1DTLS\s0, and \fBNone\fR for no limit. +If either bound is not specified then only the other bound applies, +if specified. To restrict the supported protocol versions use these +commands rather than the deprecated alternative commands below. +.IP "\fB\-record_padding\fR \fIpadding\fR" 4 +.IX Item "-record_padding padding" +Attempts to pad TLSv1.3 records so that they are a multiple of \fBpadding\fR +in length on send. A \fBpadding\fR of 0 or 1 turns off padding. Otherwise, +the \fBpadding\fR must be >1 or <=16384. +.IP "\fB\-debug_broken_protocol\fR" 4 +.IX Item "-debug_broken_protocol" +Ignored. +.IP "\fB\-no_middlebox\fR" 4 +.IX Item "-no_middlebox" +Turn off \*(L"middlebox compatibility\*(R", as described below. +.SS "Additional Options" +.IX Subsection "Additional Options" +The following options are accepted by \fISSL_CONF_cmd()\fR, but are not +processed by the OpenSSL commands. +.IP "\fB\-cert\fR \fIfile\fR" 4 +.IX Item "-cert file" +Attempts to use \fBfile\fR as the certificate for the appropriate context. It +currently uses \fISSL_CTX_use_certificate_chain_file()\fR if an \fB\s-1SSL_CTX\s0\fR +structure is set or \fISSL_use_certificate_file()\fR with filetype \s-1PEM\s0 if an +\&\fB\s-1SSL\s0\fR structure is set. This option is only supported if certificate +operations are permitted. +.IP "\fB\-key\fR \fIfile\fR" 4 +.IX Item "-key file" +Attempts to use \fBfile\fR as the private key for the appropriate context. This +option is only supported if certificate operations are permitted. Note: +if no \fB\-key\fR option is set then a private key is not loaded unless the +flag \fB\s-1SSL_CONF_FLAG_REQUIRE_PRIVATE\s0\fR is set. +.IP "\fB\-dhparam\fR \fIfile\fR" 4 +.IX Item "-dhparam file" +Attempts to use \fBfile\fR as the set of temporary \s-1DH\s0 parameters for +the appropriate context. This option is only supported if certificate +operations are permitted. +.IP "\fB\-no_ssl3\fR, \fB\-no_tls1\fR, \fB\-no_tls1_1\fR, \fB\-no_tls1_2\fR, \fB\-no_tls1_3\fR" 4 +.IX Item "-no_ssl3, -no_tls1, -no_tls1_1, -no_tls1_2, -no_tls1_3" +Disables protocol support for SSLv3, TLSv1.0, TLSv1.1, TLSv1.2 or TLSv1.3 by +setting the corresponding options \fBSSL_OP_NO_SSLv3\fR, \fBSSL_OP_NO_TLSv1\fR, +\&\fBSSL_OP_NO_TLSv1_1\fR, \fBSSL_OP_NO_TLSv1_2\fR and \fBSSL_OP_NO_TLSv1_3\fR +respectively. These options are deprecated, use \fB\-min_protocol\fR and +\&\fB\-max_protocol\fR instead. +.IP "\fB\-anti_replay\fR, \fB\-no_anti_replay\fR" 4 +.IX Item "-anti_replay, -no_anti_replay" +Switches replay protection, on or off respectively. With replay protection on, +OpenSSL will automatically detect if a session ticket has been used more than +once, TLSv1.3 has been negotiated, and early data is enabled on the server. A +full handshake is forced if a session ticket is used a second or subsequent +time. Anti-Replay is on by default unless overridden by a configuration file and +is only used by servers. Anti-replay measures are required for compliance with +the TLSv1.3 specification. Some applications may be able to mitigate the replay +risks in other ways and in such cases the built-in OpenSSL functionality is not +required. Switching off anti-replay is equivalent to \fB\s-1SSL_OP_NO_ANTI_REPLAY\s0\fR. +.SH "SUPPORTED CONFIGURATION FILE COMMANDS" +.IX Header "SUPPORTED CONFIGURATION FILE COMMANDS" +Currently supported \fBoption\fR names for configuration files (i.e., when the +flag \fB\s-1SSL_CONF_FLAG_FILE\s0\fR is set) are listed below. All configuration file +\&\fBoption\fR names are case insensitive so \fBsignaturealgorithms\fR is recognised +as well as \fBSignatureAlgorithms\fR. Unless otherwise stated the \fBvalue\fR names +are also case insensitive. +.PP +Note: the command prefix (if set) alters the recognised \fBoption\fR values. +.IP "\fBCipherString\fR" 4 +.IX Item "CipherString" +Sets the ciphersuite list for TLSv1.2 and below to \fBvalue\fR. This list will be +combined with any configured TLSv1.3 ciphersuites. Note: syntax +checking of \fBvalue\fR is currently not performed unless an \fB\s-1SSL\s0\fR or \fB\s-1SSL_CTX\s0\fR +structure is associated with \fBctx\fR. +.IP "\fBCiphersuites\fR" 4 +.IX Item "Ciphersuites" +Sets the available ciphersuites for TLSv1.3 to \fBvalue\fR. This is a +colon-separated list of TLSv1.3 ciphersuite names in order of preference. This +list will be combined any configured TLSv1.2 and below ciphersuites. +See \fIopenssl\-ciphers\fR\|(1) for more information. +.IP "\fBCertificate\fR" 4 +.IX Item "Certificate" +Attempts to use the file \fBvalue\fR as the certificate for the appropriate +context. It currently uses \fISSL_CTX_use_certificate_chain_file()\fR if an \fB\s-1SSL_CTX\s0\fR +structure is set or \fISSL_use_certificate_file()\fR with filetype \s-1PEM\s0 if an \fB\s-1SSL\s0\fR +structure is set. This option is only supported if certificate operations +are permitted. +.IP "\fBPrivateKey\fR" 4 +.IX Item "PrivateKey" +Attempts to use the file \fBvalue\fR as the private key for the appropriate +context. This option is only supported if certificate operations +are permitted. Note: if no \fBPrivateKey\fR option is set then a private key is +not loaded unless the \fB\s-1SSL_CONF_FLAG_REQUIRE_PRIVATE\s0\fR is set. +.IP "\fBChainCAFile\fR, \fBChainCAPath\fR, \fBVerifyCAFile\fR, \fBVerifyCAPath\fR" 4 +.IX Item "ChainCAFile, ChainCAPath, VerifyCAFile, VerifyCAPath" +These options indicate a file or directory used for building certificate +chains or verifying certificate chains. These options are only supported +if certificate operations are permitted. +.IP "\fBRequestCAFile\fR" 4 +.IX Item "RequestCAFile" +This option indicates a file containing a set of certificates in \s-1PEM\s0 form. +The subject names of the certificates are sent to the peer in the +\&\fBcertificate_authorities\fR extension for \s-1TLS\s0 1.3 (in ClientHello or +CertificateRequest) or in a certificate request for previous versions or +\&\s-1TLS\s0. +.IP "\fBServerInfoFile\fR" 4 +.IX Item "ServerInfoFile" +Attempts to use the file \fBvalue\fR in the \*(L"serverinfo\*(R" extension using the +function SSL_CTX_use_serverinfo_file. +.IP "\fBDHParameters\fR" 4 +.IX Item "DHParameters" +Attempts to use the file \fBvalue\fR as the set of temporary \s-1DH\s0 parameters for +the appropriate context. This option is only supported if certificate +operations are permitted. +.IP "\fBRecordPadding\fR" 4 +.IX Item "RecordPadding" +Attempts to pad TLSv1.3 records so that they are a multiple of \fBvalue\fR in +length on send. A \fBvalue\fR of 0 or 1 turns off padding. Otherwise, the +\&\fBvalue\fR must be >1 or <=16384. +.IP "\fBSignatureAlgorithms\fR" 4 +.IX Item "SignatureAlgorithms" +This sets the supported signature algorithms for TLSv1.2 and TLSv1.3. +For clients this +value is used directly for the supported signature algorithms extension. For +servers it is used to determine which signature algorithms to support. +.Sp +The \fBvalue\fR argument should be a colon separated list of signature algorithms +in order of decreasing preference of the form \fBalgorithm+hash\fR or +\&\fBsignature_scheme\fR. \fBalgorithm\fR +is one of \fB\s-1RSA\s0\fR, \fB\s-1DSA\s0\fR or \fB\s-1ECDSA\s0\fR and \fBhash\fR is a supported algorithm +\&\s-1OID\s0 short name such as \fB\s-1SHA1\s0\fR, \fB\s-1SHA224\s0\fR, \fB\s-1SHA256\s0\fR, \fB\s-1SHA384\s0\fR of \fB\s-1SHA512\s0\fR. +Note: algorithm and hash names are case sensitive. +\&\fBsignature_scheme\fR is one of the signature schemes defined in TLSv1.3, +specified using the \s-1IETF\s0 name, e.g., \fBecdsa_secp256r1_sha256\fR, \fBed25519\fR, +or \fBrsa_pss_pss_sha256\fR. +.Sp +If this option is not set then all signature algorithms supported by the +OpenSSL library are permissible. +.Sp +Note: algorithms which specify a PKCS#1 v1.5 signature scheme (either by +using \fB\s-1RSA\s0\fR as the \fBalgorithm\fR or by using one of the \fBrsa_pkcs1_*\fR +identifiers) are ignored in TLSv1.3 and will not be negotiated. +.IP "\fBClientSignatureAlgorithms\fR" 4 +.IX Item "ClientSignatureAlgorithms" +This sets the supported signature algorithms associated with client +authentication for TLSv1.2 and TLSv1.3. +For servers the value is used in the +\&\fBsignature_algorithms\fR field of a \fBCertificateRequest\fR message. +For clients it is +used to determine which signature algorithm to use with the client certificate. +If a server does not request a certificate this option has no effect. +.Sp +The syntax of \fBvalue\fR is identical to \fBSignatureAlgorithms\fR. If not set then +the value set for \fBSignatureAlgorithms\fR will be used instead. +.IP "\fBGroups\fR" 4 +.IX Item "Groups" +This sets the supported groups. For clients, the groups are +sent using the supported groups extension. For servers, it is used +to determine which group to use. This setting affects groups used for +signatures (in TLSv1.2 and earlier) and key exchange. The first group listed +will also be used for the \fBkey_share\fR sent by a client in a TLSv1.3 +\&\fBClientHello\fR. +.Sp +The \fBvalue\fR argument is a colon separated list of groups. The group can be +either the \fB\s-1NIST\s0\fR name (e.g. \fBP\-256\fR), some other commonly used name where +applicable (e.g. \fBX25519\fR, \fBffdhe2048\fR) or an OpenSSL \s-1OID\s0 name +(e.g \fBprime256v1\fR). Group names are case sensitive. The list should be in +order of preference with the most preferred group first. +.Sp +Currently supported groups for \fBTLSv1.3\fR are \fBP\-256\fR, \fBP\-384\fR, \fBP\-521\fR, +\&\fBX25519\fR, \fBX448\fR, \fBffdhe2048\fR, \fBffdhe3072\fR, \fBffdhe4096\fR, \fBffdhe6144\fR, +\&\fBffdhe8192\fR. +.IP "\fBCurves\fR" 4 +.IX Item "Curves" +This is a synonym for the \*(L"Groups\*(R" command. +.IP "\fBMinProtocol\fR" 4 +.IX Item "MinProtocol" +This sets the minimum supported \s-1SSL\s0, \s-1TLS\s0 or \s-1DTLS\s0 version. +.Sp +Currently supported protocol values are \fBSSLv3\fR, \fBTLSv1\fR, \fBTLSv1.1\fR, +\&\fBTLSv1.2\fR, \fBTLSv1.3\fR, \fBDTLSv1\fR and \fBDTLSv1.2\fR. +The value \fBNone\fR will disable the limit. +.IP "\fBMaxProtocol\fR" 4 +.IX Item "MaxProtocol" +This sets the maximum supported \s-1SSL\s0, \s-1TLS\s0 or \s-1DTLS\s0 version. +.Sp +Currently supported protocol values are \fBSSLv3\fR, \fBTLSv1\fR, \fBTLSv1.1\fR, +\&\fBTLSv1.2\fR, \fBTLSv1.3\fR, \fBDTLSv1\fR and \fBDTLSv1.2\fR. +The value \fBNone\fR will disable the limit. +.IP "\fBProtocol\fR" 4 +.IX Item "Protocol" +This can be used to enable or disable certain versions of the \s-1SSL\s0, +\&\s-1TLS\s0 or \s-1DTLS\s0 protocol. +.Sp +The \fBvalue\fR argument is a comma separated list of supported protocols +to enable or disable. +If a protocol is preceded by \fB\-\fR that version is disabled. +.Sp +All protocol versions are enabled by default. +You need to disable at least one protocol version for this setting have any +effect. +Only enabling some protocol versions does not disable the other protocol +versions. +.Sp +Currently supported protocol values are \fBSSLv3\fR, \fBTLSv1\fR, \fBTLSv1.1\fR, +\&\fBTLSv1.2\fR, \fBTLSv1.3\fR, \fBDTLSv1\fR and \fBDTLSv1.2\fR. +The special value \fB\s-1ALL\s0\fR refers to all supported versions. +.Sp +This can't enable protocols that are disabled using \fBMinProtocol\fR +or \fBMaxProtocol\fR, but can disable protocols that are still allowed +by them. +.Sp +The \fBProtocol\fR command is fragile and deprecated; do not use it. +Use \fBMinProtocol\fR and \fBMaxProtocol\fR instead. +If you do use \fBProtocol\fR, make sure that the resulting range of enabled +protocols has no \*(L"holes\*(R", e.g. if \s-1TLS\s0 1.0 and \s-1TLS\s0 1.2 are both enabled, make +sure to also leave \s-1TLS\s0 1.1 enabled. +.IP "\fBOptions\fR" 4 +.IX Item "Options" +The \fBvalue\fR argument is a comma separated list of various flags to set. +If a flag string is preceded \fB\-\fR it is disabled. +See the \fISSL_CTX_set_options\fR\|(3) function for more details of +individual options. +.Sp +Each option is listed below. Where an operation is enabled by default +the \fB\-flag\fR syntax is needed to disable it. +.Sp +\&\fBSessionTicket\fR: session ticket support, enabled by default. Inverse of +\&\fB\s-1SSL_OP_NO_TICKET\s0\fR: that is \fB\-SessionTicket\fR is the same as setting +\&\fB\s-1SSL_OP_NO_TICKET\s0\fR. +.Sp +\&\fBCompression\fR: \s-1SSL/TLS\s0 compression support, enabled by default. Inverse +of \fB\s-1SSL_OP_NO_COMPRESSION\s0\fR. +.Sp +\&\fBEmptyFragments\fR: use empty fragments as a countermeasure against a +\&\s-1SSL\s0 3.0/TLS 1.0 protocol vulnerability affecting \s-1CBC\s0 ciphers. It +is set by default. Inverse of \fB\s-1SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS\s0\fR. +.Sp +\&\fBBugs\fR: enable various bug workarounds. Same as \fB\s-1SSL_OP_ALL\s0\fR. +.Sp +\&\fBDHSingle\fR: enable single use \s-1DH\s0 keys, set by default. Inverse of +\&\fB\s-1SSL_OP_DH_SINGLE\s0\fR. Only used by servers. +.Sp +\&\fBECDHSingle\fR: enable single use \s-1ECDH\s0 keys, set by default. Inverse of +\&\fB\s-1SSL_OP_ECDH_SINGLE\s0\fR. Only used by servers. +.Sp +\&\fBServerPreference\fR: use server and not client preference order when +determining which cipher suite, signature algorithm or elliptic curve +to use for an incoming connection. Equivalent to +\&\fB\s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0\fR. Only used by servers. +.Sp +\&\fBPrioritizeChaCha\fR: prioritizes ChaCha ciphers when the client has a +ChaCha20 cipher at the top of its preference list. This usually indicates +a mobile client is in use. Equivalent to \fB\s-1SSL_OP_PRIORITIZE_CHACHA\s0\fR. +Only used by servers. +.Sp +\&\fBNoResumptionOnRenegotiation\fR: set +\&\fB\s-1SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION\s0\fR flag. Only used by servers. +.Sp +\&\fBNoRenegotiation\fR: disables all attempts at renegotiation in TLSv1.2 and +earlier, same as setting \fB\s-1SSL_OP_NO_RENEGOTIATION\s0\fR. +.Sp +\&\fBUnsafeLegacyRenegotiation\fR: permits the use of unsafe legacy renegotiation. +Equivalent to \fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR. +.Sp +\&\fBUnsafeLegacyServerConnect\fR: permits the use of unsafe legacy renegotiation +for OpenSSL clients only. Equivalent to \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR. +Set by default. +.Sp +\&\fBEncryptThenMac\fR: use encrypt-then-mac extension, enabled by +default. Inverse of \fB\s-1SSL_OP_NO_ENCRYPT_THEN_MAC\s0\fR: that is, +\&\fB\-EncryptThenMac\fR is the same as setting \fB\s-1SSL_OP_NO_ENCRYPT_THEN_MAC\s0\fR. +.Sp +\&\fBAllowNoDHEKEX\fR: In TLSv1.3 allow a non\-(ec)dhe based key exchange mode on +resumption. This means that there will be no forward secrecy for the resumed +session. Equivalent to \fB\s-1SSL_OP_ALLOW_NO_DHE_KEX\s0\fR. +.Sp +\&\fBMiddleboxCompat\fR: If set then dummy Change Cipher Spec (\s-1CCS\s0) messages are sent +in TLSv1.3. This has the effect of making TLSv1.3 look more like TLSv1.2 so that +middleboxes that do not understand TLSv1.3 will not drop the connection. This +option is set by default. A future version of OpenSSL may not set this by +default. Equivalent to \fB\s-1SSL_OP_ENABLE_MIDDLEBOX_COMPAT\s0\fR. +.Sp +\&\fBAntiReplay\fR: If set then OpenSSL will automatically detect if a session ticket +has been used more than once, TLSv1.3 has been negotiated, and early data is +enabled on the server. A full handshake is forced if a session ticket is used a +second or subsequent time. This option is set by default and is only used by +servers. Anti-replay measures are required to comply with the TLSv1.3 +specification. Some applications may be able to mitigate the replay risks in +other ways and in such cases the built-in OpenSSL functionality is not required. +Disabling anti-replay is equivalent to setting \fB\s-1SSL_OP_NO_ANTI_REPLAY\s0\fR. +.Sp +\&\fBExtendedMasterSecret\fR: use extended master secret extension, enabled by +default. Inverse of \fB\s-1SSL_OP_NO_EXTENDED_MASTER_SECRET\s0\fR: that is, +\&\fB\-ExtendedMasterSecret\fR is the same as setting \fB\s-1SSL_OP_NO_EXTENDED_MASTER_SECRET\s0\fR. +.IP "\fBVerifyMode\fR" 4 +.IX Item "VerifyMode" +The \fBvalue\fR argument is a comma separated list of flags to set. +.Sp +\&\fBPeer\fR enables peer verification: for clients only. +.Sp +\&\fBRequest\fR requests but does not require a certificate from the client. +Servers only. +.Sp +\&\fBRequire\fR requests and requires a certificate from the client: an error +occurs if the client does not present a certificate. Servers only. +.Sp +\&\fBOnce\fR requests a certificate from a client only on the initial connection: +not when renegotiating. Servers only. +.Sp +\&\fBRequestPostHandshake\fR configures the connection to support requests but does +not require a certificate from the client post-handshake. A certificate will +not be requested during the initial handshake. The server application must +provide a mechanism to request a certificate post-handshake. Servers only. +TLSv1.3 only. +.Sp +\&\fBRequiresPostHandshake\fR configures the connection to support requests and +requires a certificate from the client post-handshake: an error occurs if the +client does not present a certificate. A certificate will not be requested +during the initial handshake. The server application must provide a mechanism +to request a certificate post-handshake. Servers only. TLSv1.3 only. +.IP "\fBClientCAFile\fR, \fBClientCAPath\fR" 4 +.IX Item "ClientCAFile, ClientCAPath" +A file or directory of certificates in \s-1PEM\s0 format whose names are used as the +set of acceptable names for client CAs. Servers only. This option is only +supported if certificate operations are permitted. +.SH "SUPPORTED COMMAND TYPES" +.IX Header "SUPPORTED COMMAND TYPES" +The function \fISSL_CONF_cmd_value_type()\fR currently returns one of the following +types: +.IP "\fB\s-1SSL_CONF_TYPE_UNKNOWN\s0\fR" 4 +.IX Item "SSL_CONF_TYPE_UNKNOWN" +The \fBoption\fR string is unrecognised, this return value can be use to flag +syntax errors. +.IP "\fB\s-1SSL_CONF_TYPE_STRING\s0\fR" 4 +.IX Item "SSL_CONF_TYPE_STRING" +The value is a string without any specific structure. +.IP "\fB\s-1SSL_CONF_TYPE_FILE\s0\fR" 4 +.IX Item "SSL_CONF_TYPE_FILE" +The value is a filename. +.IP "\fB\s-1SSL_CONF_TYPE_DIR\s0\fR" 4 +.IX Item "SSL_CONF_TYPE_DIR" +The value is a directory name. +.IP "\fB\s-1SSL_CONF_TYPE_NONE\s0\fR" 4 +.IX Item "SSL_CONF_TYPE_NONE" +The value string is not used e.g. a command line option which doesn't take an +argument. +.SH "NOTES" +.IX Header "NOTES" +The order of operations is significant. This can be used to set either defaults +or values which cannot be overridden. For example if an application calls: +.PP +.Vb 2 +\& SSL_CONF_cmd(ctx, "Protocol", "\-SSLv3"); +\& SSL_CONF_cmd(ctx, userparam, uservalue); +.Ve +.PP +it will disable SSLv3 support by default but the user can override it. If +however the call sequence is: +.PP +.Vb 2 +\& SSL_CONF_cmd(ctx, userparam, uservalue); +\& SSL_CONF_cmd(ctx, "Protocol", "\-SSLv3"); +.Ve +.PP +SSLv3 is \fBalways\fR disabled and attempt to override this by the user are +ignored. +.PP +By checking the return code of \fISSL_CONF_cmd()\fR it is possible to query if a +given \fBoption\fR is recognised, this is useful if \fISSL_CONF_cmd()\fR values are +mixed with additional application specific operations. +.PP +For example an application might call \fISSL_CONF_cmd()\fR and if it returns +\&\-2 (unrecognised command) continue with processing of application specific +commands. +.PP +Applications can also use \fISSL_CONF_cmd()\fR to process command lines though the +utility function \fISSL_CONF_cmd_argv()\fR is normally used instead. One way +to do this is to set the prefix to an appropriate value using +\&\fISSL_CONF_CTX_set1_prefix()\fR, pass the current argument to \fBoption\fR and the +following argument to \fBvalue\fR (which may be \s-1NULL\s0). +.PP +In this case if the return value is positive then it is used to skip that +number of arguments as they have been processed by \fISSL_CONF_cmd()\fR. If \-2 is +returned then \fBoption\fR is not recognised and application specific arguments +can be checked instead. If \-3 is returned a required argument is missing +and an error is indicated. If 0 is returned some other error occurred and +this can be reported back to the user. +.PP +The function \fISSL_CONF_cmd_value_type()\fR can be used by applications to +check for the existence of a command or to perform additional syntax +checking or translation of the command value. For example if the return +value is \fB\s-1SSL_CONF_TYPE_FILE\s0\fR an application could translate a relative +pathname to an absolute pathname. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CONF_cmd()\fR returns 1 if the value of \fBoption\fR is recognised and \fBvalue\fR is +\&\fB\s-1NOT\s0\fR used and 2 if both \fBoption\fR and \fBvalue\fR are used. In other words it +returns the number of arguments processed. This is useful when processing +command lines. +.PP +A return value of \-2 means \fBoption\fR is not recognised. +.PP +A return value of \-3 means \fBoption\fR is recognised and the command requires a +value but \fBvalue\fR is \s-1NULL\s0. +.PP +A return code of 0 indicates that both \fBoption\fR and \fBvalue\fR are valid but an +error occurred attempting to perform the operation: for example due to an +error in the syntax of \fBvalue\fR in this case the error queue may provide +additional information. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Set supported signature algorithms: +.PP +.Vb 1 +\& SSL_CONF_cmd(ctx, "SignatureAlgorithms", "ECDSA+SHA256:RSA+SHA256:DSA+SHA256"); +.Ve +.PP +There are various ways to select the supported protocols. +.PP +This set the minimum protocol version to TLSv1, and so disables SSLv3. +This is the recommended way to disable protocols. +.PP +.Vb 1 +\& SSL_CONF_cmd(ctx, "MinProtocol", "TLSv1"); +.Ve +.PP +The following also disables SSLv3: +.PP +.Vb 1 +\& SSL_CONF_cmd(ctx, "Protocol", "\-SSLv3"); +.Ve +.PP +The following will first enable all protocols, and then disable +SSLv3. +If no protocol versions were disabled before this has the same effect as +\&\*(L"\-SSLv3\*(R", but if some versions were disables this will re-enable them before +disabling SSLv3. +.PP +.Vb 1 +\& SSL_CONF_cmd(ctx, "Protocol", "ALL,\-SSLv3"); +.Ve +.PP +Only enable TLSv1.2: +.PP +.Vb 2 +\& SSL_CONF_cmd(ctx, "MinProtocol", "TLSv1.2"); +\& SSL_CONF_cmd(ctx, "MaxProtocol", "TLSv1.2"); +.Ve +.PP +This also only enables TLSv1.2: +.PP +.Vb 1 +\& SSL_CONF_cmd(ctx, "Protocol", "\-ALL,TLSv1.2"); +.Ve +.PP +Disable \s-1TLS\s0 session tickets: +.PP +.Vb 1 +\& SSL_CONF_cmd(ctx, "Options", "\-SessionTicket"); +.Ve +.PP +Enable compression: +.PP +.Vb 1 +\& SSL_CONF_cmd(ctx, "Options", "Compression"); +.Ve +.PP +Set supported curves to P\-256, P\-384: +.PP +.Vb 1 +\& SSL_CONF_cmd(ctx, "Curves", "P\-256:P\-384"); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_CONF_CTX_new\fR\|(3), +\&\fISSL_CONF_CTX_set_flags\fR\|(3), +\&\fISSL_CONF_CTX_set1_prefix\fR\|(3), +\&\fISSL_CONF_CTX_set_ssl_ctx\fR\|(3), +\&\fISSL_CONF_cmd_argv\fR\|(3), +\&\fISSL_CTX_set_options\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fISSL_CONF_cmd()\fR function was added in OpenSSL 1.0.2. +.PP +The \fB\s-1SSL_OP_NO_SSL2\s0\fR option doesn't have effect since 1.1.0, but the macro +is retained for backwards compatibility. +.PP +The \fB\s-1SSL_CONF_TYPE_NONE\s0\fR was added in OpenSSL 1.1.0. In earlier versions of +OpenSSL passing a command which didn't take an argument would return +\&\fB\s-1SSL_CONF_TYPE_UNKNOWN\s0\fR. +.PP +\&\fBMinProtocol\fR and \fBMaxProtocol\fR where added in OpenSSL 1.1.0. +.PP +\&\fBAllowNoDHEKEX\fR and \fBPrioritizeChaCha\fR were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2012\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CONF_cmd_argv.3 b/linux_amd64/ssl/share/man/man3/SSL_CONF_cmd_argv.3 new file mode 100755 index 0000000..f0a94d9 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CONF_cmd_argv.3 @@ -0,0 +1,174 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CONF_CMD_ARGV 3" +.TH SSL_CONF_CMD_ARGV 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CONF_cmd_argv \- SSL configuration command line processing +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CONF_cmd_argv(SSL_CONF_CTX *cctx, int *pargc, char ***pargv); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fISSL_CONF_cmd_argv()\fR processes at most two command line +arguments from \fBpargv\fR and \fBpargc\fR. The values of \fBpargv\fR and \fBpargc\fR +are updated to reflect the number of command options processed. The \fBpargc\fR +argument can be set to \fB\s-1NULL\s0\fR if it is not used. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CONF_cmd_argv()\fR returns the number of command arguments processed: 0, 1, 2 +or a negative error code. +.PP +If \-2 is returned then an argument for a command is missing. +.PP +If \-1 is returned the command is recognised but couldn't be processed due +to an error: for example a syntax error in the argument. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_CONF_CTX_new\fR\|(3), +\&\fISSL_CONF_CTX_set_flags\fR\|(3), +\&\fISSL_CONF_CTX_set1_prefix\fR\|(3), +\&\fISSL_CONF_CTX_set_ssl_ctx\fR\|(3), +\&\fISSL_CONF_cmd\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.2. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2012\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CTX_add1_chain_cert.3 b/linux_amd64/ssl/share/man/man3/SSL_CTX_add1_chain_cert.3 new file mode 100755 index 0000000..27776c6 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CTX_add1_chain_cert.3 @@ -0,0 +1,280 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_ADD1_CHAIN_CERT 3" +.TH SSL_CTX_ADD1_CHAIN_CERT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set0_chain, SSL_CTX_set1_chain, SSL_CTX_add0_chain_cert, +SSL_CTX_add1_chain_cert, SSL_CTX_get0_chain_certs, SSL_CTX_clear_chain_certs, +SSL_set0_chain, SSL_set1_chain, SSL_add0_chain_cert, SSL_add1_chain_cert, +SSL_get0_chain_certs, SSL_clear_chain_certs, SSL_CTX_build_cert_chain, +SSL_build_cert_chain, SSL_CTX_select_current_cert, +SSL_select_current_cert, SSL_CTX_set_current_cert, SSL_set_current_cert \- extra +chain certificate processing +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_set0_chain(SSL_CTX *ctx, STACK_OF(X509) *sk); +\& int SSL_CTX_set1_chain(SSL_CTX *ctx, STACK_OF(X509) *sk); +\& int SSL_CTX_add0_chain_cert(SSL_CTX *ctx, X509 *x509); +\& int SSL_CTX_add1_chain_cert(SSL_CTX *ctx, X509 *x509); +\& int SSL_CTX_get0_chain_certs(SSL_CTX *ctx, STACK_OF(X509) **sk); +\& int SSL_CTX_clear_chain_certs(SSL_CTX *ctx); +\& +\& int SSL_set0_chain(SSL *ssl, STACK_OF(X509) *sk); +\& int SSL_set1_chain(SSL *ssl, STACK_OF(X509) *sk); +\& int SSL_add0_chain_cert(SSL *ssl, X509 *x509); +\& int SSL_add1_chain_cert(SSL *ssl, X509 *x509); +\& int SSL_get0_chain_certs(SSL *ssl, STACK_OF(X509) **sk); +\& int SSL_clear_chain_certs(SSL *ssl); +\& +\& int SSL_CTX_build_cert_chain(SSL_CTX *ctx, flags); +\& int SSL_build_cert_chain(SSL *ssl, flags); +\& +\& int SSL_CTX_select_current_cert(SSL_CTX *ctx, X509 *x509); +\& int SSL_select_current_cert(SSL *ssl, X509 *x509); +\& int SSL_CTX_set_current_cert(SSL_CTX *ctx, long op); +\& int SSL_set_current_cert(SSL *ssl, long op); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set0_chain()\fR and \fISSL_CTX_set1_chain()\fR set the certificate chain +associated with the current certificate of \fBctx\fR to \fBsk\fR. +.PP +\&\fISSL_CTX_add0_chain_cert()\fR and \fISSL_CTX_add1_chain_cert()\fR append the single +certificate \fBx509\fR to the chain associated with the current certificate of +\&\fBctx\fR. +.PP +\&\fISSL_CTX_get0_chain_certs()\fR retrieves the chain associated with the current +certificate of \fBctx\fR. +.PP +\&\fISSL_CTX_clear_chain_certs()\fR clears any existing chain associated with the +current certificate of \fBctx\fR. (This is implemented by calling +\&\fISSL_CTX_set0_chain()\fR with \fBsk\fR set to \fB\s-1NULL\s0\fR). +.PP +\&\fISSL_CTX_build_cert_chain()\fR builds the certificate chain for \fBctx\fR normally +this uses the chain store or the verify store if the chain store is not set. +If the function is successful the built chain will replace any existing chain. +The \fBflags\fR parameter can be set to \fB\s-1SSL_BUILD_CHAIN_FLAG_UNTRUSTED\s0\fR to use +existing chain certificates as untrusted CAs, \fB\s-1SSL_BUILD_CHAIN_FLAG_NO_ROOT\s0\fR +to omit the root \s-1CA\s0 from the built chain, \fB\s-1SSL_BUILD_CHAIN_FLAG_CHECK\s0\fR to +use all existing chain certificates only to build the chain (effectively +sanity checking and rearranging them if necessary), the flag +\&\fB\s-1SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR\s0\fR ignores any errors during verification: +if flag \fB\s-1SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR\s0\fR is also set verification errors +are cleared from the error queue. +.PP +Each of these functions operates on the \fIcurrent\fR end entity +(i.e. server or client) certificate. This is the last certificate loaded or +selected on the corresponding \fBctx\fR structure. +.PP +\&\fISSL_CTX_select_current_cert()\fR selects \fBx509\fR as the current end entity +certificate, but only if \fBx509\fR has already been loaded into \fBctx\fR using a +function such as \fISSL_CTX_use_certificate()\fR. +.PP +\&\fISSL_set0_chain()\fR, \fISSL_set1_chain()\fR, \fISSL_add0_chain_cert()\fR, +\&\fISSL_add1_chain_cert()\fR, \fISSL_get0_chain_certs()\fR, \fISSL_clear_chain_certs()\fR, +\&\fISSL_build_cert_chain()\fR, \fISSL_select_current_cert()\fR and \fISSL_set_current_cert()\fR +are similar except they apply to \s-1SSL\s0 structure \fBssl\fR. +.PP +\&\fISSL_CTX_set_current_cert()\fR changes the current certificate to a value based +on the \fBop\fR argument. Currently \fBop\fR can be \fB\s-1SSL_CERT_SET_FIRST\s0\fR to use +the first valid certificate or \fB\s-1SSL_CERT_SET_NEXT\s0\fR to set the next valid +certificate after the current certificate. These two operations can be +used to iterate over all certificates in an \fB\s-1SSL_CTX\s0\fR structure. +.PP +\&\fISSL_set_current_cert()\fR also supports the option \fB\s-1SSL_CERT_SET_SERVER\s0\fR. +If \fBssl\fR is a server and has sent a certificate to a connected client +this option sets that certificate to the current certificate and returns 1. +If the negotiated cipher suite is anonymous (and thus no certificate will +be sent) 2 is returned and the current certificate is unchanged. If \fBssl\fR +is not a server or a certificate has not been sent 0 is returned and +the current certificate is unchanged. +.PP +All these functions are implemented as macros. Those containing a \fB1\fR +increment the reference count of the supplied certificate or chain so it must +be freed at some point after the operation. Those containing a \fB0\fR do +not increment reference counts and the supplied certificate or chain +\&\fB\s-1MUST\s0 \s-1NOT\s0\fR be freed after the operation. +.SH "NOTES" +.IX Header "NOTES" +The chains associate with an \s-1SSL_CTX\s0 structure are copied to any \s-1SSL\s0 +structures when \fISSL_new()\fR is called. \s-1SSL\s0 structures will not be affected +by any chains subsequently changed in the parent \s-1SSL_CTX\s0. +.PP +One chain can be set for each key type supported by a server. So, for example, +an \s-1RSA\s0 and a \s-1DSA\s0 certificate can (and often will) have different chains. +.PP +The functions \fISSL_CTX_build_cert_chain()\fR and \fISSL_build_cert_chain()\fR can +be used to check application configuration and to ensure any necessary +subordinate CAs are sent in the correct order. Misconfigured applications +sending incorrect certificate chains often cause problems with peers. +.PP +For example an application can add any set of certificates using +\&\fISSL_CTX_use_certificate_chain_file()\fR then call \fISSL_CTX_build_cert_chain()\fR +with the option \fB\s-1SSL_BUILD_CHAIN_FLAG_CHECK\s0\fR to check and reorder them. +.PP +Applications can issue non fatal warnings when checking chains by setting +the flag \fB\s-1SSL_BUILD_CHAIN_FLAG_IGNORE_ERRORS\s0\fR and checking the return +value. +.PP +Calling \fISSL_CTX_build_cert_chain()\fR or \fISSL_build_cert_chain()\fR is more +efficient than the automatic chain building as it is only performed once. +Automatic chain building is performed on each new session. +.PP +If any certificates are added using these functions no certificates added +using \fISSL_CTX_add_extra_chain_cert()\fR will be used. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_set_current_cert()\fR with \fB\s-1SSL_CERT_SET_SERVER\s0\fR return 1 for success, 2 if +no server certificate is used because the cipher suites is anonymous and 0 +for failure. +.PP +\&\fISSL_CTX_build_cert_chain()\fR and \fISSL_build_cert_chain()\fR return 1 for success +and 0 for failure. If the flag \fB\s-1SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR\s0\fR and +a verification error occurs then 2 is returned. +.PP +All other functions return 1 for success and 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_CTX_add_extra_chain_cert\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.2. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2013\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CTX_add_extra_chain_cert.3 b/linux_amd64/ssl/share/man/man3/SSL_CTX_add_extra_chain_cert.3 new file mode 100755 index 0000000..98ab46e --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CTX_add_extra_chain_cert.3 @@ -0,0 +1,215 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_ADD_EXTRA_CHAIN_CERT 3" +.TH SSL_CTX_ADD_EXTRA_CHAIN_CERT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_add_extra_chain_cert, +SSL_CTX_get_extra_chain_certs, +SSL_CTX_get_extra_chain_certs_only, +SSL_CTX_clear_extra_chain_certs +\&\- add, get or clear extra chain certificates +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509); +\& long SSL_CTX_get_extra_chain_certs(SSL_CTX *ctx, STACK_OF(X509) **sk); +\& long SSL_CTX_get_extra_chain_certs_only(SSL_CTX *ctx, STACK_OF(X509) **sk); +\& long SSL_CTX_clear_extra_chain_certs(SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_add_extra_chain_cert()\fR adds the certificate \fBx509\fR to the extra chain +certificates associated with \fBctx\fR. Several certificates can be added one +after another. +.PP +\&\fISSL_CTX_get_extra_chain_certs()\fR retrieves the extra chain certificates +associated with \fBctx\fR, or the chain associated with the current certificate +of \fBctx\fR if the extra chain is empty. +The returned stack should not be freed by the caller. +.PP +\&\fISSL_CTX_get_extra_chain_certs_only()\fR retrieves the extra chain certificates +associated with \fBctx\fR. +The returned stack should not be freed by the caller. +.PP +\&\fISSL_CTX_clear_extra_chain_certs()\fR clears all extra chain certificates +associated with \fBctx\fR. +.PP +These functions are implemented as macros. +.SH "NOTES" +.IX Header "NOTES" +When sending a certificate chain, extra chain certificates are sent in order +following the end entity certificate. +.PP +If no chain is specified, the library will try to complete the chain from the +available \s-1CA\s0 certificates in the trusted \s-1CA\s0 storage, see +\&\fISSL_CTX_load_verify_locations\fR\|(3). +.PP +The \fBx509\fR certificate provided to \fISSL_CTX_add_extra_chain_cert()\fR will be +freed by the library when the \fB\s-1SSL_CTX\s0\fR is destroyed. An application +\&\fBshould not\fR free the \fBx509\fR object. +.SH "RESTRICTIONS" +.IX Header "RESTRICTIONS" +Only one set of extra chain certificates can be specified per \s-1SSL_CTX\s0 +structure. Different chains for different certificates (for example if both +\&\s-1RSA\s0 and \s-1DSA\s0 certificates are specified by the same server) or different \s-1SSL\s0 +structures with the same parent \s-1SSL_CTX\s0 cannot be specified using this +function. For more flexibility functions such as \fISSL_add1_chain_cert()\fR should +be used instead. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_add_extra_chain_cert()\fR and \fISSL_CTX_clear_extra_chain_certs()\fR return +1 on success and 0 for failure. Check out the error stack to find out the +reason for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_CTX_use_certificate\fR\|(3), +\&\fISSL_CTX_set_client_cert_cb\fR\|(3), +\&\fISSL_CTX_load_verify_locations\fR\|(3) +\&\fISSL_CTX_set0_chain\fR\|(3) +\&\fISSL_CTX_set1_chain\fR\|(3) +\&\fISSL_CTX_add0_chain_cert\fR\|(3) +\&\fISSL_CTX_add1_chain_cert\fR\|(3) +\&\fISSL_set0_chain\fR\|(3) +\&\fISSL_set1_chain\fR\|(3) +\&\fISSL_add0_chain_cert\fR\|(3) +\&\fISSL_add1_chain_cert\fR\|(3) +\&\fISSL_CTX_build_cert_chain\fR\|(3) +\&\fISSL_build_cert_chain\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CTX_add_session.3 b/linux_amd64/ssl/share/man/man3/SSL_CTX_add_session.3 new file mode 100755 index 0000000..3f86f47 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CTX_add_session.3 @@ -0,0 +1,191 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_ADD_SESSION 3" +.TH SSL_CTX_ADD_SESSION 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_add_session, SSL_CTX_remove_session \- manipulate session cache +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c); +\& +\& int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_add_session()\fR adds the session \fBc\fR to the context \fBctx\fR. The +reference count for session \fBc\fR is incremented by 1. If a session with +the same session id already exists, the old session is removed by calling +\&\fISSL_SESSION_free\fR\|(3). +.PP +\&\fISSL_CTX_remove_session()\fR removes the session \fBc\fR from the context \fBctx\fR and +marks it as non-resumable. \fISSL_SESSION_free\fR\|(3) is called once for \fBc\fR. +.SH "NOTES" +.IX Header "NOTES" +When adding a new session to the internal session cache, it is examined +whether a session with the same session id already exists. In this case +it is assumed that both sessions are identical. If the same session is +stored in a different \s-1SSL_SESSION\s0 object, The old session is +removed and replaced by the new session. If the session is actually +identical (the \s-1SSL_SESSION\s0 object is identical), \fISSL_CTX_add_session()\fR +is a no-op, and the return value is 0. +.PP +If a server \s-1SSL_CTX\s0 is configured with the \s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0 +flag then the internal cache will not be populated automatically by new +sessions negotiated by the \s-1SSL/TLS\s0 implementation, even though the internal +cache will be searched automatically for session-resume requests (the +latter can be suppressed by \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0). So the +application can use \fISSL_CTX_add_session()\fR directly to have full control +over the sessions that can be resumed if desired. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following values are returned by all functions: +.IP "0" 4 +The operation failed. In case of the add operation, it was tried to add +the same (identical) session twice. In case of the remove operation, the +session was not found in the cache. +.IP "1" 4 +.IX Item "1" +The operation succeeded. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_CTX_set_session_cache_mode\fR\|(3), +\&\fISSL_SESSION_free\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CTX_config.3 b/linux_amd64/ssl/share/man/man3/SSL_CTX_config.3 new file mode 100755 index 0000000..68ccf6b --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CTX_config.3 @@ -0,0 +1,216 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_CONFIG 3" +.TH SSL_CTX_CONFIG 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_config, SSL_config \- configure SSL_CTX or SSL structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_config(SSL_CTX *ctx, const char *name); +\& int SSL_config(SSL *s, const char *name); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The functions \fISSL_CTX_config()\fR and \fISSL_config()\fR configure an \fB\s-1SSL_CTX\s0\fR or +\&\fB\s-1SSL\s0\fR structure using the configuration \fBname\fR. +.SH "NOTES" +.IX Header "NOTES" +By calling \fISSL_CTX_config()\fR or \fISSL_config()\fR an application can perform many +complex tasks based on the contents of the configuration file: greatly +simplifying application configuration code. A degree of future proofing +can also be achieved: an application can support configuration features +in newer versions of OpenSSL automatically. +.PP +A configuration file must have been previously loaded, for example using +\&\fICONF_modules_load_file()\fR. See \fIconfig\fR\|(5) for details of the configuration +file syntax. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_config()\fR and \fISSL_config()\fR return 1 for success or 0 if an error +occurred. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +If the file \*(L"config.cnf\*(R" contains the following: +.PP +.Vb 1 +\& testapp = test_sect +\& +\& [test_sect] +\& # list of configuration modules +\& +\& ssl_conf = ssl_sect +\& +\& [ssl_sect] +\& server = server_section +\& +\& [server_section] +\& RSA.Certificate = server\-rsa.pem +\& ECDSA.Certificate = server\-ecdsa.pem +\& Ciphers = ALL:!RC4 +.Ve +.PP +An application could call: +.PP +.Vb 4 +\& if (CONF_modules_load_file("config.cnf", "testapp", 0) <= 0) { +\& fprintf(stderr, "Error processing config file\en"); +\& goto err; +\& } +\& +\& ctx = SSL_CTX_new(TLS_server_method()); +\& +\& if (SSL_CTX_config(ctx, "server") == 0) { +\& fprintf(stderr, "Error configuring server.\en"); +\& goto err; +\& } +.Ve +.PP +In this example two certificates and the cipher list are configured without +the need for any additional application code. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fIconfig\fR\|(5), +\&\fISSL_CONF_cmd\fR\|(3), +\&\fICONF_modules_load_file\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fISSL_CTX_config()\fR and \fISSL_config()\fR functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CTX_ctrl.3 b/linux_amd64/ssl/share/man/man3/SSL_CTX_ctrl.3 new file mode 100755 index 0000000..5b2425c --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CTX_ctrl.3 @@ -0,0 +1,166 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_CTRL 3" +.TH SSL_CTX_CTRL 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_ctrl, SSL_CTX_callback_ctrl, SSL_ctrl, SSL_callback_ctrl \- internal handling functions for SSL_CTX and SSL objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg); +\& long SSL_CTX_callback_ctrl(SSL_CTX *, int cmd, void (*fp)()); +\& +\& long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg); +\& long SSL_callback_ctrl(SSL *, int cmd, void (*fp)()); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The SSL_*\fI_ctrl()\fR family of functions is used to manipulate settings of +the \s-1SSL_CTX\s0 and \s-1SSL\s0 objects. Depending on the command \fBcmd\fR the arguments +\&\fBlarg\fR, \fBparg\fR, or \fBfp\fR are evaluated. These functions should never +be called directly. All functionalities needed are made available via +other functions or macros. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The return values of the SSL*\fI_ctrl()\fR functions depend on the command +supplied via the \fBcmd\fR parameter. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CTX_dane_enable.3 b/linux_amd64/ssl/share/man/man3/SSL_CTX_dane_enable.3 new file mode 100755 index 0000000..562cbb5 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CTX_dane_enable.3 @@ -0,0 +1,505 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_DANE_ENABLE 3" +.TH SSL_CTX_DANE_ENABLE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_dane_enable, SSL_CTX_dane_mtype_set, SSL_dane_enable, +SSL_dane_tlsa_add, SSL_get0_dane_authority, SSL_get0_dane_tlsa, +SSL_CTX_dane_set_flags, SSL_CTX_dane_clear_flags, +SSL_dane_set_flags, SSL_dane_clear_flags +\&\- enable DANE TLS authentication of the remote TLS server in the local +TLS client +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_dane_enable(SSL_CTX *ctx); +\& int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md, +\& uint8_t mtype, uint8_t ord); +\& int SSL_dane_enable(SSL *s, const char *basedomain); +\& int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector, +\& uint8_t mtype, unsigned const char *data, size_t dlen); +\& int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki); +\& int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector, +\& uint8_t *mtype, unsigned const char **data, +\& size_t *dlen); +\& unsigned long SSL_CTX_dane_set_flags(SSL_CTX *ctx, unsigned long flags); +\& unsigned long SSL_CTX_dane_clear_flags(SSL_CTX *ctx, unsigned long flags); +\& unsigned long SSL_dane_set_flags(SSL *ssl, unsigned long flags); +\& unsigned long SSL_dane_clear_flags(SSL *ssl, unsigned long flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions implement support for \s-1DANE\s0 \s-1TLSA\s0 (\s-1RFC6698\s0 and \s-1RFC7671\s0) +peer authentication. +.PP +\&\fISSL_CTX_dane_enable()\fR must be called first to initialize the shared state +required for \s-1DANE\s0 support. +Individual connections associated with the context can then enable +per-connection \s-1DANE\s0 support as appropriate. +\&\s-1DANE\s0 authentication is implemented in the \fIX509_verify_cert\fR\|(3) function, and +applications that override \fIX509_verify_cert\fR\|(3) via +\&\fISSL_CTX_set_cert_verify_callback\fR\|(3) are responsible to authenticate the peer +chain in whatever manner they see fit. +.PP +\&\fISSL_CTX_dane_mtype_set()\fR may then be called zero or more times to adjust the +supported digest algorithms. +This must be done before any \s-1SSL\s0 handles are created for the context. +.PP +The \fBmtype\fR argument specifies a \s-1DANE\s0 \s-1TLSA\s0 matching type and the \fBmd\fR +argument specifies the associated digest algorithm handle. +The \fBord\fR argument specifies a strength ordinal. +Algorithms with a larger strength ordinal are considered more secure. +Strength ordinals are used to implement \s-1RFC7671\s0 digest algorithm agility. +Specifying a \fB\s-1NULL\s0\fR digest algorithm for a matching type disables +support for that matching type. +Matching type \fIFull\fR\|(0) cannot be modified or disabled. +.PP +By default, matching type \f(CW\*(C`SHA2\-256(1)\*(C'\fR (see \s-1RFC7218\s0 for definitions +of the \s-1DANE\s0 \s-1TLSA\s0 parameter acronyms) is mapped to \f(CW\*(C`EVP_sha256()\*(C'\fR +with a strength ordinal of \f(CW1\fR and matching type \f(CW\*(C`SHA2\-512(2)\*(C'\fR +is mapped to \f(CW\*(C`EVP_sha512()\*(C'\fR with a strength ordinal of \f(CW2\fR. +.PP +\&\fISSL_dane_enable()\fR must be called before the \s-1SSL\s0 handshake is initiated with +\&\fISSL_connect\fR\|(3) if (and only if) you want to enable \s-1DANE\s0 for that connection. +(The connection must be associated with a DANE-enabled \s-1SSL\s0 context). +The \fBbasedomain\fR argument specifies the \s-1RFC7671\s0 \s-1TLSA\s0 base domain, +which will be the primary peer reference identifier for certificate +name checks. +Additional server names can be specified via \fISSL_add1_host\fR\|(3). +The \fBbasedomain\fR is used as the default \s-1SNI\s0 hint if none has yet been +specified via \fISSL_set_tlsext_host_name\fR\|(3). +.PP +\&\fISSL_dane_tlsa_add()\fR may then be called one or more times, to load each of the +\&\s-1TLSA\s0 records that apply to the remote \s-1TLS\s0 peer. +(This too must be done prior to the beginning of the \s-1SSL\s0 handshake). +The arguments specify the fields of the \s-1TLSA\s0 record. +The \fBdata\fR field is provided in binary (wire \s-1RDATA\s0) form, not the hexadecimal +\&\s-1ASCII\s0 presentation form, with an explicit length passed via \fBdlen\fR. +The library takes a copy of the \fBdata\fR buffer contents and the caller may +free the original \fBdata\fR buffer when convenient. +A return value of 0 indicates that \*(L"unusable\*(R" \s-1TLSA\s0 records (with invalid or +unsupported parameters) were provided. +A negative return value indicates an internal error in processing the record. +.PP +The caller is expected to check the return value of each \fISSL_dane_tlsa_add()\fR +call and take appropriate action if none are usable or an internal error +is encountered in processing some records. +.PP +If no \s-1TLSA\s0 records are added successfully, \s-1DANE\s0 authentication is not enabled, +and authentication will be based on any configured traditional trust-anchors; +authentication success in this case does not mean that the peer was +DANE-authenticated. +.PP +\&\fISSL_get0_dane_authority()\fR can be used to get more detailed information about +the matched \s-1DANE\s0 trust-anchor after successful connection completion. +The return value is negative if \s-1DANE\s0 verification failed (or was not enabled), +0 if an \s-1EE\s0 \s-1TLSA\s0 record directly matched the leaf certificate, or a positive +number indicating the depth at which a \s-1TA\s0 record matched an issuer certificate. +The complete verified chain can be retrieved via \fISSL_get0_verified_chain\fR\|(3). +The return value is an index into this verified chain, rather than the list of +certificates sent by the peer as returned by \fISSL_get_peer_cert_chain\fR\|(3). +.PP +If the \fBmcert\fR argument is not \fB\s-1NULL\s0\fR and a \s-1TLSA\s0 record matched a chain +certificate, a pointer to the matching certificate is returned via \fBmcert\fR. +The returned address is a short-term internal reference to the certificate and +must not be freed by the application. +Applications that want to retain access to the certificate can call +\&\fIX509_up_ref\fR\|(3) to obtain a long-term reference which must then be freed via +\&\fIX509_free\fR\|(3) once no longer needed. +.PP +If no \s-1TLSA\s0 records directly matched any elements of the certificate chain, but +a \s-1\fIDANE\-TA\s0\fR\|(2) \s-1\fISPKI\s0\fR\|(1) \fIFull\fR\|(0) record provided the public key that signed an +element of the chain, then that key is returned via \fBmspki\fR argument (if not +\&\s-1NULL\s0). +In this case the return value is the depth of the top-most element of the +validated certificate chain. +As with \fBmcert\fR this is a short-term internal reference, and +\&\fIEVP_PKEY_up_ref\fR\|(3) and \fIEVP_PKEY_free\fR\|(3) can be used to acquire and +release long-term references respectively. +.PP +\&\fISSL_get0_dane_tlsa()\fR can be used to retrieve the fields of the \s-1TLSA\s0 record that +matched the peer certificate chain. +The return value indicates the match depth or failure to match just as with +\&\fISSL_get0_dane_authority()\fR. +When the return value is non-negative, the storage pointed to by the \fBusage\fR, +\&\fBselector\fR, \fBmtype\fR and \fBdata\fR parameters is updated to the corresponding +\&\s-1TLSA\s0 record fields. +The \fBdata\fR field is in binary wire form, and is therefore not NUL-terminated, +its length is returned via the \fBdlen\fR parameter. +If any of these parameters is \s-1NULL\s0, the corresponding field is not returned. +The \fBdata\fR parameter is set to a short-term internal-copy of the associated +data field and must not be freed by the application. +Applications that need long-term access to this field need to copy the content. +.PP +\&\fISSL_CTX_dane_set_flags()\fR and \fISSL_dane_set_flags()\fR can be used to enable +optional \s-1DANE\s0 verification features. +\&\fISSL_CTX_dane_clear_flags()\fR and \fISSL_dane_clear_flags()\fR can be used to disable +the same features. +The \fBflags\fR argument is a bit-mask of the features to enable or disable. +The \fBflags\fR set for an \fB\s-1SSL_CTX\s0\fR context are copied to each \fB\s-1SSL\s0\fR handle +associated with that context at the time the handle is created. +Subsequent changes in the context's \fBflags\fR have no effect on the \fBflags\fR set +for the handle. +.PP +At present, the only available option is \fB\s-1DANE_FLAG_NO_DANE_EE_NAMECHECKS\s0\fR +which can be used to disable server name checks when authenticating via +\&\s-1\fIDANE\-EE\s0\fR\|(3) \s-1TLSA\s0 records. +For some applications, primarily web browsers, it is not safe to disable name +checks due to \*(L"unknown key share\*(R" attacks, in which a malicious server can +convince a client that a connection to a victim server is instead a secure +connection to the malicious server. +The malicious server may then be able to violate cross-origin scripting +restrictions. +Thus, despite the text of \s-1RFC7671\s0, name checks are by default enabled for +\&\s-1\fIDANE\-EE\s0\fR\|(3) \s-1TLSA\s0 records, and can be disabled in applications where it is safe +to do so. +In particular, \s-1SMTP\s0 and \s-1XMPP\s0 clients should set this option as \s-1SRV\s0 and \s-1MX\s0 +records already make it possible for a remote domain to redirect client +connections to any server of its choice, and in any case \s-1SMTP\s0 and \s-1XMPP\s0 clients +do not execute scripts downloaded from remote servers. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The functions \fISSL_CTX_dane_enable()\fR, \fISSL_CTX_dane_mtype_set()\fR, +\&\fISSL_dane_enable()\fR and \fISSL_dane_tlsa_add()\fR return a positive value on success. +Negative return values indicate resource problems (out of memory, etc.) in the +\&\s-1SSL\s0 library, while a return value of \fB0\fR indicates incorrect usage or invalid +input, such as an unsupported \s-1TLSA\s0 record certificate usage, selector or +matching type. +Invalid input also includes malformed data, either a digest length that does +not match the digest algorithm, or a \f(CWFull(0)\fR (binary \s-1ASN\s0.1 \s-1DER\s0 form) +certificate or a public key that fails to parse. +.PP +The functions \fISSL_get0_dane_authority()\fR and \fISSL_get0_dane_tlsa()\fR return a +negative value when \s-1DANE\s0 authentication failed or was not enabled, a +non-negative value indicates the chain depth at which the \s-1TLSA\s0 record matched a +chain certificate, or the depth of the top-most certificate, when the \s-1TLSA\s0 +record is a full public key that is its signer. +.PP +The functions \fISSL_CTX_dane_set_flags()\fR, \fISSL_CTX_dane_clear_flags()\fR, +\&\fISSL_dane_set_flags()\fR and \fISSL_dane_clear_flags()\fR return the \fBflags\fR in effect +before they were called. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Suppose \*(L"smtp.example.com\*(R" is the \s-1MX\s0 host of the domain \*(L"example.com\*(R", and has +DNSSEC-validated \s-1TLSA\s0 records. +The calls below will perform \s-1DANE\s0 authentication and arrange to match either +the \s-1MX\s0 hostname or the destination domain name in the \s-1SMTP\s0 server certificate. +Wildcards are supported, but must match the entire label. +The actual name matched in the certificate (which might be a wildcard) is +retrieved, and must be copied by the application if it is to be retained beyond +the lifetime of the \s-1SSL\s0 connection. +.PP +.Vb 7 +\& SSL_CTX *ctx; +\& SSL *ssl; +\& int (*verify_cb)(int ok, X509_STORE_CTX *sctx) = NULL; +\& int num_usable = 0; +\& const char *nexthop_domain = "example.com"; +\& const char *dane_tlsa_domain = "smtp.example.com"; +\& uint8_t usage, selector, mtype; +\& +\& if ((ctx = SSL_CTX_new(TLS_client_method())) == NULL) +\& /* error */ +\& if (SSL_CTX_dane_enable(ctx) <= 0) +\& /* error */ +\& if ((ssl = SSL_new(ctx)) == NULL) +\& /* error */ +\& if (SSL_dane_enable(ssl, dane_tlsa_domain) <= 0) +\& /* error */ +\& +\& /* +\& * For many applications it is safe to skip DANE\-EE(3) namechecks. Do not +\& * disable the checks unless "unknown key share" attacks pose no risk for +\& * your application. +\& */ +\& SSL_dane_set_flags(ssl, DANE_FLAG_NO_DANE_EE_NAMECHECKS); +\& +\& if (!SSL_add1_host(ssl, nexthop_domain)) +\& /* error */ +\& SSL_set_hostflags(ssl, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); +\& +\& for (... each TLSA record ...) { +\& unsigned char *data; +\& size_t len; +\& int ret; +\& +\& /* set usage, selector, mtype, data, len */ +\& +\& /* +\& * Opportunistic DANE TLS clients support only DANE\-TA(2) or DANE\-EE(3). +\& * They treat all other certificate usages, and in particular PKIX\-TA(0) +\& * and PKIX\-EE(1), as unusable. +\& */ +\& switch (usage) { +\& default: +\& case 0: /* PKIX\-TA(0) */ +\& case 1: /* PKIX\-EE(1) */ +\& continue; +\& case 2: /* DANE\-TA(2) */ +\& case 3: /* DANE\-EE(3) */ +\& break; +\& } +\& +\& ret = SSL_dane_tlsa_add(ssl, usage, selector, mtype, data, len); +\& /* free data as appropriate */ +\& +\& if (ret < 0) +\& /* handle SSL library internal error */ +\& else if (ret == 0) +\& /* handle unusable TLSA record */ +\& else +\& ++num_usable; +\& } +\& +\& /* +\& * At this point, the verification mode is still the default SSL_VERIFY_NONE. +\& * Opportunistic DANE clients use unauthenticated TLS when all TLSA records +\& * are unusable, so continue the handshake even if authentication fails. +\& */ +\& if (num_usable == 0) { +\& /* Log all records unusable? */ +\& +\& /* Optionally set verify_cb to a suitable non\-NULL callback. */ +\& SSL_set_verify(ssl, SSL_VERIFY_NONE, verify_cb); +\& } else { +\& /* At least one usable record. We expect to verify the peer */ +\& +\& /* Optionally set verify_cb to a suitable non\-NULL callback. */ +\& +\& /* +\& * Below we elect to fail the handshake when peer verification fails. +\& * Alternatively, use the permissive SSL_VERIFY_NONE verification mode, +\& * complete the handshake, check the verification status, and if not +\& * verified disconnect gracefully at the application layer, especially if +\& * application protocol supports informing the server that authentication +\& * failed. +\& */ +\& SSL_set_verify(ssl, SSL_VERIFY_PEER, verify_cb); +\& } +\& +\& /* +\& * Load any saved session for resumption, making sure that the previous +\& * session applied the same security and authentication requirements that +\& * would be expected of a fresh connection. +\& */ +\& +\& /* Perform SSL_connect() handshake and handle errors here */ +\& +\& if (SSL_session_reused(ssl)) { +\& if (SSL_get_verify_result(ssl) == X509_V_OK) { +\& /* +\& * Resumed session was originally verified, this connection is +\& * authenticated. +\& */ +\& } else { +\& /* +\& * Resumed session was not originally verified, this connection is not +\& * authenticated. +\& */ +\& } +\& } else if (SSL_get_verify_result(ssl) == X509_V_OK) { +\& const char *peername = SSL_get0_peername(ssl); +\& EVP_PKEY *mspki = NULL; +\& +\& int depth = SSL_get0_dane_authority(ssl, NULL, &mspki); +\& if (depth >= 0) { +\& (void) SSL_get0_dane_tlsa(ssl, &usage, &selector, &mtype, NULL, NULL); +\& printf("DANE TLSA %d %d %d %s at depth %d\en", usage, selector, mtype, +\& (mspki != NULL) ? "TA public key verified certificate" : +\& depth ? "matched TA certificate" : "matched EE certificate", +\& depth); +\& } +\& if (peername != NULL) { +\& /* Name checks were in scope and matched the peername */ +\& printf("Verified peername: %s\en", peername); +\& } +\& } else { +\& /* +\& * Not authenticated, presumably all TLSA rrs unusable, but possibly a +\& * callback suppressed connection termination despite the presence of +\& * usable TLSA RRs none of which matched. Do whatever is appropriate for +\& * fresh unauthenticated connections. +\& */ +\& } +.Ve +.SH "NOTES" +.IX Header "NOTES" +It is expected that the majority of clients employing \s-1DANE\s0 \s-1TLS\s0 will be doing +\&\*(L"opportunistic \s-1DANE\s0 \s-1TLS\s0\*(R" in the sense of \s-1RFC7672\s0 and \s-1RFC7435\s0. +That is, they will use \s-1DANE\s0 authentication when DNSSEC-validated \s-1TLSA\s0 records +are published for a given peer, and otherwise will use unauthenticated \s-1TLS\s0 or +even cleartext. +.PP +Such applications should generally treat any \s-1TLSA\s0 records published by the peer +with usages \s-1\fIPKIX\-TA\s0\fR\|(0) and \s-1\fIPKIX\-EE\s0\fR\|(1) as \*(L"unusable\*(R", and should not include +them among the \s-1TLSA\s0 records used to authenticate peer connections. +In addition, some \s-1TLSA\s0 records with supported usages may be \*(L"unusable\*(R" as a +result of invalid or unsupported parameters. +.PP +When a peer has \s-1TLSA\s0 records, but none are \*(L"usable\*(R", an opportunistic +application must avoid cleartext, but cannot authenticate the peer, +and so should generally proceed with an unauthenticated connection. +Opportunistic applications need to note the return value of each +call to \fISSL_dane_tlsa_add()\fR, and if all return 0 (due to invalid +or unsupported parameters) disable peer authentication by calling +\&\fISSL_set_verify\fR\|(3) with \fBmode\fR equal to \fB\s-1SSL_VERIFY_NONE\s0\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_new\fR\|(3), +\&\fISSL_add1_host\fR\|(3), +\&\fISSL_set_hostflags\fR\|(3), +\&\fISSL_set_tlsext_host_name\fR\|(3), +\&\fISSL_set_verify\fR\|(3), +\&\fISSL_CTX_set_cert_verify_callback\fR\|(3), +\&\fISSL_get0_verified_chain\fR\|(3), +\&\fISSL_get_peer_cert_chain\fR\|(3), +\&\fISSL_get_verify_result\fR\|(3), +\&\fISSL_connect\fR\|(3), +\&\fISSL_get0_peername\fR\|(3), +\&\fIX509_verify_cert\fR\|(3), +\&\fIX509_up_ref\fR\|(3), +\&\fIX509_free\fR\|(3), +\&\fIEVP_get_digestbyname\fR\|(3), +\&\fIEVP_PKEY_up_ref\fR\|(3), +\&\fIEVP_PKEY_free\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CTX_flush_sessions.3 b/linux_amd64/ssl/share/man/man3/SSL_CTX_flush_sessions.3 new file mode 100755 index 0000000..7b1333e --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CTX_flush_sessions.3 @@ -0,0 +1,179 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_FLUSH_SESSIONS 3" +.TH SSL_CTX_FLUSH_SESSIONS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_flush_sessions \- remove expired sessions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_flush_sessions()\fR causes a run through the session cache of +\&\fBctx\fR to remove sessions expired at time \fBtm\fR. +.SH "NOTES" +.IX Header "NOTES" +If enabled, the internal session cache will collect all sessions established +up to the specified maximum number (see \fISSL_CTX_sess_set_cache_size()\fR). +As sessions will not be reused ones they are expired, they should be +removed from the cache to save resources. This can either be done +automatically whenever 255 new sessions were established (see +\&\fISSL_CTX_set_session_cache_mode\fR\|(3)) +or manually by calling \fISSL_CTX_flush_sessions()\fR. +.PP +The parameter \fBtm\fR specifies the time which should be used for the +expiration test, in most cases the actual time given by \fItime\fR\|(0) +will be used. +.PP +\&\fISSL_CTX_flush_sessions()\fR will only check sessions stored in the internal +cache. When a session is found and removed, the remove_session_cb is however +called to synchronize with the external cache (see +\&\fISSL_CTX_sess_set_get_cb\fR\|(3)). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_flush_sessions()\fR does not return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_CTX_set_session_cache_mode\fR\|(3), +\&\fISSL_CTX_set_timeout\fR\|(3), +\&\fISSL_CTX_sess_set_get_cb\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CTX_free.3 b/linux_amd64/ssl/share/man/man3/SSL_CTX_free.3 new file mode 100755 index 0000000..f891e3a --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CTX_free.3 @@ -0,0 +1,173 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_FREE 3" +.TH SSL_CTX_FREE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_free \- free an allocated SSL_CTX object +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_free(SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_free()\fR decrements the reference count of \fBctx\fR, and removes the +\&\s-1SSL_CTX\s0 object pointed to by \fBctx\fR and frees up the allocated memory if the reference count has reached 0. +.PP +It also calls the \fIfree()\fRing procedures for indirectly affected items, if +applicable: the session cache, the list of ciphers, the list of Client CAs, +the certificates and keys. +.PP +If \fBctx\fR is \s-1NULL\s0 nothing is done. +.SH "WARNINGS" +.IX Header "WARNINGS" +If a session-remove callback is set (\fISSL_CTX_sess_set_remove_cb()\fR), this +callback will be called for each session being freed from \fBctx\fR's +session cache. This implies, that all corresponding sessions from an +external session cache are removed as well. If this is not desired, the user +should explicitly unset the callback by calling +SSL_CTX_sess_set_remove_cb(\fBctx\fR, \s-1NULL\s0) prior to calling \fISSL_CTX_free()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_free()\fR does not provide diagnostic information. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fISSL_CTX_new\fR\|(3), \fIssl\fR\|(7), +\&\fISSL_CTX_sess_set_get_cb\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CTX_get0_param.3 b/linux_amd64/ssl/share/man/man3/SSL_CTX_get0_param.3 new file mode 100755 index 0000000..aa93b4d --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CTX_get0_param.3 @@ -0,0 +1,187 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_GET0_PARAM 3" +.TH SSL_CTX_GET0_PARAM 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_get0_param, SSL_get0_param, SSL_CTX_set1_param, SSL_set1_param \- +get and set verification parameters +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx) +\& X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl) +\& int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm) +\& int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_get0_param()\fR and \fISSL_get0_param()\fR retrieve an internal pointer to +the verification parameters for \fBctx\fR or \fBssl\fR respectively. The returned +pointer must not be freed by the calling application. +.PP +\&\fISSL_CTX_set1_param()\fR and \fISSL_set1_param()\fR set the verification parameters +to \fBvpm\fR for \fBctx\fR or \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +Typically parameters are retrieved from an \fB\s-1SSL_CTX\s0\fR or \fB\s-1SSL\s0\fR structure +using \fISSL_CTX_get0_param()\fR or \fISSL_get0_param()\fR and an application modifies +them to suit its needs: for example to add a hostname check. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_get0_param()\fR and \fISSL_get0_param()\fR return a pointer to an +\&\fBX509_VERIFY_PARAM\fR structure. +.PP +\&\fISSL_CTX_set1_param()\fR and \fISSL_set1_param()\fR return 1 for success and 0 +for failure. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Check hostname matches \*(L"www.foo.com\*(R" in peer certificate: +.PP +.Vb 2 +\& X509_VERIFY_PARAM *vpm = SSL_get0_param(ssl); +\& X509_VERIFY_PARAM_set1_host(vpm, "www.foo.com", 0); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fIX509_VERIFY_PARAM_set_flags\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.2. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CTX_get_verify_mode.3 b/linux_amd64/ssl/share/man/man3/SSL_CTX_get_verify_mode.3 new file mode 100755 index 0000000..e1b65cf --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CTX_get_verify_mode.3 @@ -0,0 +1,182 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_GET_VERIFY_MODE 3" +.TH SSL_CTX_GET_VERIFY_MODE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_get_verify_mode, SSL_get_verify_mode, SSL_CTX_get_verify_depth, SSL_get_verify_depth, SSL_get_verify_callback, SSL_CTX_get_verify_callback \- get currently set verification parameters +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_get_verify_mode(const SSL_CTX *ctx); +\& int SSL_get_verify_mode(const SSL *ssl); +\& int SSL_CTX_get_verify_depth(const SSL_CTX *ctx); +\& int SSL_get_verify_depth(const SSL *ssl); +\& int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *); +\& int (*SSL_get_verify_callback(const SSL *ssl))(int, X509_STORE_CTX *); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_get_verify_mode()\fR returns the verification mode currently set in +\&\fBctx\fR. +.PP +\&\fISSL_get_verify_mode()\fR returns the verification mode currently set in +\&\fBssl\fR. +.PP +\&\fISSL_CTX_get_verify_depth()\fR returns the verification depth limit currently set +in \fBctx\fR. If no limit has been explicitly set, \-1 is returned and the +default value will be used. +.PP +\&\fISSL_get_verify_depth()\fR returns the verification depth limit currently set +in \fBssl\fR. If no limit has been explicitly set, \-1 is returned and the +default value will be used. +.PP +\&\fISSL_CTX_get_verify_callback()\fR returns a function pointer to the verification +callback currently set in \fBctx\fR. If no callback was explicitly set, the +\&\s-1NULL\s0 pointer is returned and the default callback will be used. +.PP +\&\fISSL_get_verify_callback()\fR returns a function pointer to the verification +callback currently set in \fBssl\fR. If no callback was explicitly set, the +\&\s-1NULL\s0 pointer is returned and the default callback will be used. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +See \s-1DESCRIPTION\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_CTX_set_verify\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CTX_has_client_custom_ext.3 b/linux_amd64/ssl/share/man/man3/SSL_CTX_has_client_custom_ext.3 new file mode 100755 index 0000000..e66cae0 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CTX_has_client_custom_ext.3 @@ -0,0 +1,160 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_HAS_CLIENT_CUSTOM_EXT 3" +.TH SSL_CTX_HAS_CLIENT_CUSTOM_EXT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_has_client_custom_ext \- check whether a handler exists for a particular +client extension type +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_has_client_custom_ext(const SSL_CTX *ctx, unsigned int ext_type); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_has_client_custom_ext()\fR checks whether a handler has been set for a +client extension of type \fBext_type\fR using \fISSL_CTX_add_client_custom_ext()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Returns 1 if a handler has been set, 0 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_CTX_add_client_custom_ext\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CTX_load_verify_locations.3 b/linux_amd64/ssl/share/man/man3/SSL_CTX_load_verify_locations.3 new file mode 100755 index 0000000..d7c1c5a --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CTX_load_verify_locations.3 @@ -0,0 +1,307 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_LOAD_VERIFY_LOCATIONS 3" +.TH SSL_CTX_LOAD_VERIFY_LOCATIONS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_load_verify_dir, SSL_CTX_load_verify_file, +SSL_CTX_load_verify_store, SSL_CTX_set_default_verify_paths, +SSL_CTX_set_default_verify_dir, SSL_CTX_set_default_verify_file, +SSL_CTX_set_default_verify_store, SSL_CTX_load_verify_locations +\&\- set default locations for trusted CA certificates +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_load_verify_dir(SSL_CTX *ctx, const char *CApath); +\& int SSL_CTX_load_verify_file(SSL_CTX *ctx, const char *CAfile); +\& int SSL_CTX_load_verify_store(SSL_CTX *ctx, const char *CAstore); +\& +\& int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); +\& +\& int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx); +\& int SSL_CTX_set_default_verify_file(SSL_CTX *ctx); +\& int SSL_CTX_set_default_verify_store(SSL_CTX *ctx); +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 2 +\& int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, +\& const char *CApath); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_load_verify_dir()\fR, \fISSL_CTX_load_verify_file()\fR, +\&\fISSL_CTX_load_verify_store()\fR specifies the locations for \fBctx\fR, at +which \s-1CA\s0 certificates for verification purposes are located. The +certificates available via \fBCAfile\fR, \fBCApath\fR and \fBCAstore\fR are +trusted. +.PP +\&\fISSL_CTX_set_default_verify_paths()\fR specifies that the default locations from +which \s-1CA\s0 certificates are loaded should be used. There is one default directory, +one default file and one default store. +The default \s-1CA\s0 certificates directory is called \fIcerts\fR in the default OpenSSL +directory, and this is also the default store. +Alternatively the \fB\s-1SSL_CERT_DIR\s0\fR environment variable can be defined to +override this location. +The default \s-1CA\s0 certificates file is called \fIcert.pem\fR in the default +OpenSSL directory. +Alternatively the \fB\s-1SSL_CERT_FILE\s0\fR environment variable can be defined to +override this location. +.PP +\&\fISSL_CTX_set_default_verify_dir()\fR is similar to +\&\fISSL_CTX_set_default_verify_paths()\fR except that just the default directory is +used. +.PP +\&\fISSL_CTX_set_default_verify_file()\fR is similar to +\&\fISSL_CTX_set_default_verify_paths()\fR except that just the default file is +used. +.PP +\&\fISSL_CTX_set_default_verify_store()\fR is similar to +\&\fISSL_CTX_set_default_verify_paths()\fR except that just the default store is +used. +.SH "NOTES" +.IX Header "NOTES" +If \fBCAfile\fR is not \s-1NULL\s0, it points to a file of \s-1CA\s0 certificates in \s-1PEM\s0 +format. The file can contain several \s-1CA\s0 certificates identified by +.PP +.Vb 3 +\& \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\- +\& ... (CA certificate in base64 encoding) ... +\& \-\-\-\-\-END CERTIFICATE\-\-\-\-\- +.Ve +.PP +sequences. Before, between, and after the certificates text is allowed +which can be used e.g. for descriptions of the certificates. +.PP +The \fBCAfile\fR is processed on execution of the \fISSL_CTX_load_verify_locations()\fR +function. +.PP +If \fBCApath\fR is not \s-1NULL\s0, it points to a directory containing \s-1CA\s0 certificates +in \s-1PEM\s0 format. The files each contain one \s-1CA\s0 certificate. The files are +looked up by the \s-1CA\s0 subject name hash value, which must hence be available. +If more than one \s-1CA\s0 certificate with the same name hash value exist, the +extension must be different (e.g. 9d66eef0.0, 9d66eef0.1 etc). The search +is performed in the ordering of the extension number, regardless of other +properties of the certificates. +Use the \fBc_rehash\fR utility to create the necessary links. +.PP +The certificates in \fBCApath\fR are only looked up when required, e.g. when +building the certificate chain or when actually performing the verification +of a peer certificate. +.PP +When looking up \s-1CA\s0 certificates, the OpenSSL library will first search the +certificates in \fBCAfile\fR, then those in \fBCApath\fR. Certificate matching +is done based on the subject name, the key identifier (if present), and the +serial number as taken from the certificate to be verified. If these data +do not match, the next certificate will be tried. If a first certificate +matching the parameters is found, the verification process will be performed; +no other certificates for the same parameters will be searched in case of +failure. +.PP +If \fBCAstore\fR is not \s-1NULL\s0, it's a \s-1URI\s0 for to a store, which may +represent a single container or a whole catalogue of containers. +Apart from the \fBCAstore\fR not necessarily being a local file or +directory, it's generally treated the same way as a \fBCApath\fR. +.PP +In server mode, when requesting a client certificate, the server must send +the list of CAs of which it will accept client certificates. This list +is not influenced by the contents of \fBCAfile\fR or \fBCApath\fR and must +explicitly be set using the +\&\fISSL_CTX_set_client_CA_list\fR\|(3) +family of functions. +.PP +When building its own certificate chain, an OpenSSL client/server will +try to fill in missing certificates from \fBCAfile\fR/\fBCApath\fR, if the +certificate chain was not explicitly specified (see +\&\fISSL_CTX_add_extra_chain_cert\fR\|(3), +\&\fISSL_CTX_use_certificate\fR\|(3). +.SH "WARNINGS" +.IX Header "WARNINGS" +If several \s-1CA\s0 certificates matching the name, key identifier, and serial +number condition are available, only the first one will be examined. This +may lead to unexpected results if the same \s-1CA\s0 certificate is available +with different expiration dates. If a \*(L"certificate expired\*(R" verification +error occurs, no other certificate will be searched. Make sure to not +have expired certificates mixed with valid ones. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +For SSL_CTX_load_verify_locations the following return values can occur: +.IP "0" 4 +The operation failed because \fBCAfile\fR and \fBCApath\fR are \s-1NULL\s0 or the +processing at one of the locations specified failed. Check the error +stack to find out the reason. +.IP "1" 4 +.IX Item "1" +The operation succeeded. +.PP +\&\fISSL_CTX_set_default_verify_paths()\fR, \fISSL_CTX_set_default_verify_dir()\fR and +\&\fISSL_CTX_set_default_verify_file()\fR all return 1 on success or 0 on failure. A +missing default location is still treated as a success. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Generate a \s-1CA\s0 certificate file with descriptive text from the \s-1CA\s0 certificates +ca1.pem ca2.pem ca3.pem: +.PP +.Vb 5 +\& #!/bin/sh +\& rm CAfile.pem +\& for i in ca1.pem ca2.pem ca3.pem ; do +\& openssl x509 \-in $i \-text >> CAfile.pem +\& done +.Ve +.PP +Prepare the directory /some/where/certs containing several \s-1CA\s0 certificates +for use as \fBCApath\fR: +.PP +.Vb 2 +\& cd /some/where/certs +\& c_rehash . +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_CTX_set_client_CA_list\fR\|(3), +\&\fISSL_get_client_CA_list\fR\|(3), +\&\fISSL_CTX_use_certificate\fR\|(3), +\&\fISSL_CTX_add_extra_chain_cert\fR\|(3), +\&\fISSL_CTX_set_cert_store\fR\|(3), +\&\fISSL_CTX_set_client_CA_list\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CTX_new.3 b/linux_amd64/ssl/share/man/man3/SSL_CTX_new.3 new file mode 100755 index 0000000..6aa6f19 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CTX_new.3 @@ -0,0 +1,340 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_NEW 3" +.TH SSL_CTX_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +TLSv1_2_method, TLSv1_2_server_method, TLSv1_2_client_method, +SSL_CTX_new, SSL_CTX_new_with_libctx, SSL_CTX_up_ref, SSLv3_method, +SSLv3_server_method, SSLv3_client_method, TLSv1_method, TLSv1_server_method, +TLSv1_client_method, TLSv1_1_method, TLSv1_1_server_method, +TLSv1_1_client_method, TLS_method, TLS_server_method, TLS_client_method, +SSLv23_method, SSLv23_server_method, SSLv23_client_method, DTLS_method, +DTLS_server_method, DTLS_client_method, DTLSv1_method, DTLSv1_server_method, +DTLSv1_client_method, DTLSv1_2_method, DTLSv1_2_server_method, +DTLSv1_2_client_method +\&\- create a new SSL_CTX object as framework for TLS/SSL or DTLS enabled +functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& SSL_CTX *SSL_CTX_new_with_libctx(OPENSSL_CTX *libctx, const char *propq, +\& const SSL_METHOD *method); +\& SSL_CTX *SSL_CTX_new(const SSL_METHOD *method); +\& int SSL_CTX_up_ref(SSL_CTX *ctx); +\& +\& const SSL_METHOD *TLS_method(void); +\& const SSL_METHOD *TLS_server_method(void); +\& const SSL_METHOD *TLS_client_method(void); +\& +\& const SSL_METHOD *SSLv23_method(void); +\& const SSL_METHOD *SSLv23_server_method(void); +\& const SSL_METHOD *SSLv23_client_method(void); +\& +\& #ifndef OPENSSL_NO_SSL3_METHOD +\& const SSL_METHOD *SSLv3_method(void); +\& const SSL_METHOD *SSLv3_server_method(void); +\& const SSL_METHOD *SSLv3_client_method(void); +\& #endif +\& +\& #ifndef OPENSSL_NO_TLS1_METHOD +\& const SSL_METHOD *TLSv1_method(void); +\& const SSL_METHOD *TLSv1_server_method(void); +\& const SSL_METHOD *TLSv1_client_method(void); +\& #endif +\& +\& #ifndef OPENSSL_NO_TLS1_1_METHOD +\& const SSL_METHOD *TLSv1_1_method(void); +\& const SSL_METHOD *TLSv1_1_server_method(void); +\& const SSL_METHOD *TLSv1_1_client_method(void); +\& #endif +\& +\& #ifndef OPENSSL_NO_TLS1_2_METHOD +\& const SSL_METHOD *TLSv1_2_method(void); +\& const SSL_METHOD *TLSv1_2_server_method(void); +\& const SSL_METHOD *TLSv1_2_client_method(void); +\& #endif +\& +\& const SSL_METHOD *DTLS_method(void); +\& const SSL_METHOD *DTLS_server_method(void); +\& const SSL_METHOD *DTLS_client_method(void); +\& +\& #ifndef OPENSSL_NO_DTLS1_METHOD +\& const SSL_METHOD *DTLSv1_method(void); +\& const SSL_METHOD *DTLSv1_server_method(void); +\& const SSL_METHOD *DTLSv1_client_method(void); +\& #endif +\& +\& #ifndef OPENSSL_NO_DTLS1_2_METHOD +\& const SSL_METHOD *DTLSv1_2_method(void); +\& const SSL_METHOD *DTLSv1_2_server_method(void); +\& const SSL_METHOD *DTLSv1_2_client_method(void); +\& #endif +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_new_with_libctx()\fR creates a new \fB\s-1SSL_CTX\s0\fR object as a framework to +establish \s-1TLS/SSL\s0 or \s-1DTLS\s0 enabled connections using the library context +\&\fIlibctx\fR (see \s-1\fIOPENSSL_CTX\s0\fR\|(3)). Any cryptographic algorithms that are used +by any \fB\s-1SSL\s0\fR objects created from this \fB\s-1SSL_CTX\s0\fR will be fetched from the +\&\fIlibctx\fR using the property query string \fIpropq\fR (see +\&\*(L"Fetching algorithms\*(R" in \fIprovider\fR\|(7). Either or both the \fIlibctx\fR or \fIpropq\fR +parameters may be \s-1NULL\s0. +.PP +\&\fISSL_CTX_new()\fR does the same as \fISSL_CTX_new_with_libctx()\fR except that the default +library context is used and no property query string is specified. +.PP +An \fB\s-1SSL_CTX\s0\fR object is reference counted. Creating an \fB\s-1SSL_CTX\s0\fR object for the +first time increments the reference count. Freeing the \fB\s-1SSL_CTX\s0\fR (using +SSL_CTX_free) decrements it. When the reference count drops to zero, any memory +or resources allocated to the \fB\s-1SSL_CTX\s0\fR object are freed. \fISSL_CTX_up_ref()\fR +increments the reference count for an existing \fB\s-1SSL_CTX\s0\fR structure. +.SH "NOTES" +.IX Header "NOTES" +The \s-1SSL_CTX\s0 object uses \fImethod\fR as the connection method. +The methods exist in a generic type (for client and server use), a server only +type, and a client only type. +\&\fBmethod\fR can be one of the following types: +.IP "\fITLS_method()\fR, \fITLS_server_method()\fR, \fITLS_client_method()\fR" 4 +.IX Item "TLS_method(), TLS_server_method(), TLS_client_method()" +These are the general-purpose \fIversion-flexible\fR \s-1SSL/TLS\s0 methods. +The actual protocol version used will be negotiated to the highest version +mutually supported by the client and the server. +The supported protocols are SSLv3, TLSv1, TLSv1.1, TLSv1.2 and TLSv1.3. +Applications should use these methods, and avoid the version-specific +methods described below, which are deprecated. +.IP "\fISSLv23_method()\fR, \fISSLv23_server_method()\fR, \fISSLv23_client_method()\fR" 4 +.IX Item "SSLv23_method(), SSLv23_server_method(), SSLv23_client_method()" +These functions do not exist anymore, they have been renamed to +\&\fITLS_method()\fR, \fITLS_server_method()\fR and \fITLS_client_method()\fR respectively. +Currently, the old function calls are renamed to the corresponding new +ones by preprocessor macros, to ensure that existing code which uses the +old function names still compiles. However, using the old function names +is deprecated and new code should call the new functions instead. +.IP "\fITLSv1_2_method()\fR, \fITLSv1_2_server_method()\fR, \fITLSv1_2_client_method()\fR" 4 +.IX Item "TLSv1_2_method(), TLSv1_2_server_method(), TLSv1_2_client_method()" +A \s-1TLS/SSL\s0 connection established with these methods will only understand the +TLSv1.2 protocol. These methods are deprecated. +.IP "\fITLSv1_1_method()\fR, \fITLSv1_1_server_method()\fR, \fITLSv1_1_client_method()\fR" 4 +.IX Item "TLSv1_1_method(), TLSv1_1_server_method(), TLSv1_1_client_method()" +A \s-1TLS/SSL\s0 connection established with these methods will only understand the +TLSv1.1 protocol. These methods are deprecated. +.IP "\fITLSv1_method()\fR, \fITLSv1_server_method()\fR, \fITLSv1_client_method()\fR" 4 +.IX Item "TLSv1_method(), TLSv1_server_method(), TLSv1_client_method()" +A \s-1TLS/SSL\s0 connection established with these methods will only understand the +TLSv1 protocol. These methods are deprecated. +.IP "\fISSLv3_method()\fR, \fISSLv3_server_method()\fR, \fISSLv3_client_method()\fR" 4 +.IX Item "SSLv3_method(), SSLv3_server_method(), SSLv3_client_method()" +A \s-1TLS/SSL\s0 connection established with these methods will only understand the +SSLv3 protocol. +The SSLv3 protocol is deprecated and should not be used. +.IP "\fIDTLS_method()\fR, \fIDTLS_server_method()\fR, \fIDTLS_client_method()\fR" 4 +.IX Item "DTLS_method(), DTLS_server_method(), DTLS_client_method()" +These are the version-flexible \s-1DTLS\s0 methods. +Currently supported protocols are \s-1DTLS\s0 1.0 and \s-1DTLS\s0 1.2. +.IP "\fIDTLSv1_2_method()\fR, \fIDTLSv1_2_server_method()\fR, \fIDTLSv1_2_client_method()\fR" 4 +.IX Item "DTLSv1_2_method(), DTLSv1_2_server_method(), DTLSv1_2_client_method()" +These are the version-specific methods for DTLSv1.2. +These methods are deprecated. +.IP "\fIDTLSv1_method()\fR, \fIDTLSv1_server_method()\fR, \fIDTLSv1_client_method()\fR" 4 +.IX Item "DTLSv1_method(), DTLSv1_server_method(), DTLSv1_client_method()" +These are the version-specific methods for DTLSv1. +These methods are deprecated. +.PP +\&\fISSL_CTX_new()\fR initializes the list of ciphers, the session cache setting, the +callbacks, the keys and certificates and the options to their default values. +.PP +\&\fITLS_method()\fR, \fITLS_server_method()\fR, \fITLS_client_method()\fR, \fIDTLS_method()\fR, +\&\fIDTLS_server_method()\fR and \fIDTLS_client_method()\fR are the \fIversion-flexible\fR +methods. +All other methods only support one specific protocol version. +Use the \fIversion-flexible\fR methods instead of the version specific methods. +.PP +If you want to limit the supported protocols for the version flexible +methods you can use \fISSL_CTX_set_min_proto_version\fR\|(3), +\&\fISSL_set_min_proto_version\fR\|(3), \fISSL_CTX_set_max_proto_version\fR\|(3) and +\&\fISSL_set_max_proto_version\fR\|(3) functions. +Using these functions it is possible to choose e.g. \fITLS_server_method()\fR +and be able to negotiate with all possible clients, but to only +allow newer protocols like \s-1TLS\s0 1.0, \s-1TLS\s0 1.1, \s-1TLS\s0 1.2 or \s-1TLS\s0 1.3. +.PP +The list of protocols available can also be limited using the +\&\fBSSL_OP_NO_SSLv3\fR, \fBSSL_OP_NO_TLSv1\fR, \fBSSL_OP_NO_TLSv1_1\fR, +\&\fBSSL_OP_NO_TLSv1_3\fR, \fBSSL_OP_NO_TLSv1_2\fR and \fBSSL_OP_NO_TLSv1_3\fR +options of the +\&\fISSL_CTX_set_options\fR\|(3) or \fISSL_set_options\fR\|(3) functions, but this approach +is not recommended. Clients should avoid creating \*(L"holes\*(R" in the set of +protocols they support. When disabling a protocol, make sure that you also +disable either all previous or all subsequent protocol versions. +In clients, when a protocol version is disabled without disabling \fIall\fR +previous protocol versions, the effect is to also disable all subsequent +protocol versions. +.PP +The SSLv3 protocol is deprecated and should generally not be used. +Applications should typically use \fISSL_CTX_set_min_proto_version\fR\|(3) to set +the minimum protocol to at least \fB\s-1TLS1_VERSION\s0\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "\s-1NULL\s0" 4 +.IX Item "NULL" +The creation of a new \s-1SSL_CTX\s0 object failed. Check the error stack to find out +the reason. +.IP "Pointer to an \s-1SSL_CTX\s0 object" 4 +.IX Item "Pointer to an SSL_CTX object" +The return value points to an allocated \s-1SSL_CTX\s0 object. +.Sp +\&\fISSL_CTX_up_ref()\fR returns 1 for success and 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fISSL_CTX_set_options\fR\|(3), \fISSL_CTX_free\fR\|(3), \fISSL_accept\fR\|(3), +\&\fISSL_CTX_set_min_proto_version\fR\|(3), \fIssl\fR\|(7), \fISSL_set_connect_state\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +Support for SSLv2 and the corresponding \fISSLv2_method()\fR, +\&\fISSLv2_server_method()\fR and \fISSLv2_client_method()\fR functions where +removed in OpenSSL 1.1.0. +.PP +\&\fISSLv23_method()\fR, \fISSLv23_server_method()\fR and \fISSLv23_client_method()\fR +were deprecated and the preferred \fITLS_method()\fR, \fITLS_server_method()\fR +and \fITLS_client_method()\fR functions were added in OpenSSL 1.1.0. +.PP +All version-specific methods were deprecated in OpenSSL 1.1.0. +.PP +\&\fISSL_CTX_new_with_libctx()\fR was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CTX_sess_number.3 b/linux_amd64/ssl/share/man/man3/SSL_CTX_sess_number.3 new file mode 100755 index 0000000..d399c7e --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CTX_sess_number.3 @@ -0,0 +1,208 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SESS_NUMBER 3" +.TH SSL_CTX_SESS_NUMBER 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_sess_number, SSL_CTX_sess_connect, SSL_CTX_sess_connect_good, SSL_CTX_sess_connect_renegotiate, SSL_CTX_sess_accept, SSL_CTX_sess_accept_good, SSL_CTX_sess_accept_renegotiate, SSL_CTX_sess_hits, SSL_CTX_sess_cb_hits, SSL_CTX_sess_misses, SSL_CTX_sess_timeouts, SSL_CTX_sess_cache_full \- obtain session cache statistics +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_sess_number(SSL_CTX *ctx); +\& long SSL_CTX_sess_connect(SSL_CTX *ctx); +\& long SSL_CTX_sess_connect_good(SSL_CTX *ctx); +\& long SSL_CTX_sess_connect_renegotiate(SSL_CTX *ctx); +\& long SSL_CTX_sess_accept(SSL_CTX *ctx); +\& long SSL_CTX_sess_accept_good(SSL_CTX *ctx); +\& long SSL_CTX_sess_accept_renegotiate(SSL_CTX *ctx); +\& long SSL_CTX_sess_hits(SSL_CTX *ctx); +\& long SSL_CTX_sess_cb_hits(SSL_CTX *ctx); +\& long SSL_CTX_sess_misses(SSL_CTX *ctx); +\& long SSL_CTX_sess_timeouts(SSL_CTX *ctx); +\& long SSL_CTX_sess_cache_full(SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_sess_number()\fR returns the current number of sessions in the internal +session cache. +.PP +\&\fISSL_CTX_sess_connect()\fR returns the number of started \s-1SSL/TLS\s0 handshakes in +client mode. +.PP +\&\fISSL_CTX_sess_connect_good()\fR returns the number of successfully established +\&\s-1SSL/TLS\s0 sessions in client mode. +.PP +\&\fISSL_CTX_sess_connect_renegotiate()\fR returns the number of started renegotiations +in client mode. +.PP +\&\fISSL_CTX_sess_accept()\fR returns the number of started \s-1SSL/TLS\s0 handshakes in +server mode. +.PP +\&\fISSL_CTX_sess_accept_good()\fR returns the number of successfully established +\&\s-1SSL/TLS\s0 sessions in server mode. +.PP +\&\fISSL_CTX_sess_accept_renegotiate()\fR returns the number of started renegotiations +in server mode. +.PP +\&\fISSL_CTX_sess_hits()\fR returns the number of successfully reused sessions. +In client mode a session set with \fISSL_set_session\fR\|(3) +successfully reused is counted as a hit. In server mode a session successfully +retrieved from internal or external cache is counted as a hit. +.PP +\&\fISSL_CTX_sess_cb_hits()\fR returns the number of successfully retrieved sessions +from the external session cache in server mode. +.PP +\&\fISSL_CTX_sess_misses()\fR returns the number of sessions proposed by clients +that were not found in the internal session cache in server mode. +.PP +\&\fISSL_CTX_sess_timeouts()\fR returns the number of sessions proposed by clients +and either found in the internal or external session cache in server mode, + but that were invalid due to timeout. These sessions are not included in +the \fISSL_CTX_sess_hits()\fR count. +.PP +\&\fISSL_CTX_sess_cache_full()\fR returns the number of sessions that were removed +because the maximum session cache size was exceeded. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The functions return the values indicated in the \s-1DESCRIPTION\s0 section. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_set_session\fR\|(3), +\&\fISSL_CTX_set_session_cache_mode\fR\|(3) +\&\fISSL_CTX_sess_set_cache_size\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CTX_sess_set_cache_size.3 b/linux_amd64/ssl/share/man/man3/SSL_CTX_sess_set_cache_size.3 new file mode 100755 index 0000000..99d80e4 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CTX_sess_set_cache_size.3 @@ -0,0 +1,184 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SESS_SET_CACHE_SIZE 3" +.TH SSL_CTX_SESS_SET_CACHE_SIZE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_sess_set_cache_size, SSL_CTX_sess_get_cache_size \- manipulate session cache size +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_sess_set_cache_size(SSL_CTX *ctx, long t); +\& long SSL_CTX_sess_get_cache_size(SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_sess_set_cache_size()\fR sets the size of the internal session cache +of context \fBctx\fR to \fBt\fR. +This value is a hint and not an absolute; see the notes below. +.PP +\&\fISSL_CTX_sess_get_cache_size()\fR returns the currently valid session cache size. +.SH "NOTES" +.IX Header "NOTES" +The internal session cache size is \s-1SSL_SESSION_CACHE_MAX_SIZE_DEFAULT\s0, +currently 1024*20, so that up to 20000 sessions can be held. This size +can be modified using the \fISSL_CTX_sess_set_cache_size()\fR call. A special +case is the size 0, which is used for unlimited size. +.PP +If adding the session makes the cache exceed its size, then unused +sessions are dropped from the end of the cache. +Cache space may also be reclaimed by calling +\&\fISSL_CTX_flush_sessions\fR\|(3) to remove +expired sessions. +.PP +If the size of the session cache is reduced and more sessions are already +in the session cache, old session will be removed at the next time a +session shall be added. This removal is not synchronized with the +expiration of sessions. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_sess_set_cache_size()\fR returns the previously valid size. +.PP +\&\fISSL_CTX_sess_get_cache_size()\fR returns the currently valid size. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_CTX_set_session_cache_mode\fR\|(3), +\&\fISSL_CTX_sess_number\fR\|(3), +\&\fISSL_CTX_flush_sessions\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CTX_sess_set_get_cb.3 b/linux_amd64/ssl/share/man/man3/SSL_CTX_sess_set_get_cb.3 new file mode 100755 index 0000000..ca74eca --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CTX_sess_set_get_cb.3 @@ -0,0 +1,242 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SESS_SET_GET_CB 3" +.TH SSL_CTX_SESS_SET_GET_CB 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_sess_set_new_cb, SSL_CTX_sess_set_remove_cb, SSL_CTX_sess_set_get_cb, SSL_CTX_sess_get_new_cb, SSL_CTX_sess_get_remove_cb, SSL_CTX_sess_get_get_cb \- provide callback functions for server side external session caching +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, +\& int (*new_session_cb)(SSL *, SSL_SESSION *)); +\& void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, +\& void (*remove_session_cb)(SSL_CTX *ctx, +\& SSL_SESSION *)); +\& void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, +\& SSL_SESSION (*get_session_cb)(SSL *, +\& const unsigned char *, +\& int, int *)); +\& +\& int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, +\& SSL_SESSION *sess); +\& void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx, +\& SSL_SESSION *sess); +\& SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl, +\& const unsigned char *data, +\& int len, int *copy); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_sess_set_new_cb()\fR sets the callback function, which is automatically +called whenever a new session was negotiated. +.PP +\&\fISSL_CTX_sess_set_remove_cb()\fR sets the callback function, which is +automatically called whenever a session is removed by the \s-1SSL\s0 engine, +because it is considered faulty or the session has become obsolete because +of exceeding the timeout value. +.PP +\&\fISSL_CTX_sess_set_get_cb()\fR sets the callback function which is called, +whenever a \s-1SSL/TLS\s0 client proposed to resume a session but the session +could not be found in the internal session cache (see +\&\fISSL_CTX_set_session_cache_mode\fR\|(3)). +(\s-1SSL/TLS\s0 server only.) +.PP +\&\fISSL_CTX_sess_get_new_cb()\fR, \fISSL_CTX_sess_get_remove_cb()\fR, and +\&\fISSL_CTX_sess_get_get_cb()\fR retrieve the function pointers set by the +corresponding set callback functions. If a callback function has not been +set, the \s-1NULL\s0 pointer is returned. +.SH "NOTES" +.IX Header "NOTES" +In order to allow external session caching, synchronization with the internal +session cache is realized via callback functions. Inside these callback +functions, session can be saved to disk or put into a database using the +\&\fId2i_SSL_SESSION\fR\|(3) interface. +.PP +The \fInew_session_cb()\fR is called whenever a new session has been negotiated and +session caching is enabled (see \fISSL_CTX_set_session_cache_mode\fR\|(3)). The +\&\fInew_session_cb()\fR is passed the \fBssl\fR connection and the ssl session \fBsess\fR. +Since sessions are reference-counted objects, the reference count on the +session is incremented before the callback, on behalf of the application. If +the callback returns \fB0\fR, the session will be immediately removed from the +internal cache and the reference count released. If the callback returns \fB1\fR, +the application retains the reference (for an entry in the +application-maintained \*(L"external session cache\*(R"), and is responsible for +calling \fISSL_SESSION_free()\fR when the session reference is no longer in use. +.PP +Note that in TLSv1.3, sessions are established after the main +handshake has completed. The server decides when to send the client the session +information and this may occur some time after the end of the handshake (or not +at all). This means that applications should expect the \fInew_session_cb()\fR +function to be invoked during the handshake (for <= TLSv1.2) or after the +handshake (for TLSv1.3). It is also possible in TLSv1.3 for multiple sessions to +be established with a single connection. In these case the \fInew_session_cb()\fR +function will be invoked multiple times. +.PP +In TLSv1.3 it is recommended that each \s-1SSL_SESSION\s0 object is only used for +resumption once. One way of enforcing that is for applications to call +\&\fISSL_CTX_remove_session\fR\|(3) after a session has been used. +.PP +The \fIremove_session_cb()\fR is called, whenever the \s-1SSL\s0 engine removes a session +from the internal cache. This happens when the session is removed because +it is expired or when a connection was not shutdown cleanly. It also happens +for all sessions in the internal session cache when +\&\fISSL_CTX_free\fR\|(3) is called. The \fIremove_session_cb()\fR is passed +the \fBctx\fR and the ssl session \fBsess\fR. It does not provide any feedback. +.PP +The \fIget_session_cb()\fR is only called on \s-1SSL/TLS\s0 servers with the session id +proposed by the client. The \fIget_session_cb()\fR is always called, also when +session caching was disabled. The \fIget_session_cb()\fR is passed the +\&\fBssl\fR connection, the session id of length \fBlength\fR at the memory location +\&\fBdata\fR. With the parameter \fBcopy\fR the callback can require the +\&\s-1SSL\s0 engine to increment the reference count of the \s-1SSL_SESSION\s0 object, +Normally the reference count is not incremented and therefore the +session must not be explicitly freed with +\&\fISSL_SESSION_free\fR\|(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_sess_get_new_cb()\fR, \fISSL_CTX_sess_get_remove_cb()\fR and \fISSL_CTX_sess_get_get_cb()\fR +return different callback function pointers respectively. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fId2i_SSL_SESSION\fR\|(3), +\&\fISSL_CTX_set_session_cache_mode\fR\|(3), +\&\fISSL_CTX_flush_sessions\fR\|(3), +\&\fISSL_SESSION_free\fR\|(3), +\&\fISSL_CTX_free\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CTX_sessions.3 b/linux_amd64/ssl/share/man/man3/SSL_CTX_sessions.3 new file mode 100755 index 0000000..6b9fc32 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CTX_sessions.3 @@ -0,0 +1,169 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SESSIONS 3" +.TH SSL_CTX_SESSIONS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_sessions \- access internal session cache +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_sessions()\fR returns a pointer to the lhash databases containing the +internal session cache for \fBctx\fR. +.SH "NOTES" +.IX Header "NOTES" +The sessions in the internal session cache are kept in an +\&\s-1\fILHASH\s0\fR\|(3) type database. It is possible to directly +access this database e.g. for searching. In parallel, the sessions +form a linked list which is maintained separately from the +\&\s-1\fILHASH\s0\fR\|(3) operations, so that the database must not be +modified directly but by using the +\&\fISSL_CTX_add_session\fR\|(3) family of functions. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_sessions()\fR returns a pointer to the lhash of \fB\s-1SSL_SESSION\s0\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \s-1\fILHASH\s0\fR\|(3), +\&\fISSL_CTX_add_session\fR\|(3), +\&\fISSL_CTX_set_session_cache_mode\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CTX_set0_CA_list.3 b/linux_amd64/ssl/share/man/man3/SSL_CTX_set0_CA_list.3 new file mode 100755 index 0000000..568537a --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CTX_set0_CA_list.3 @@ -0,0 +1,311 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET0_CA_LIST 3" +.TH SSL_CTX_SET0_CA_LIST 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_client_CA_list, +SSL_set_client_CA_list, +SSL_get_client_CA_list, +SSL_CTX_get_client_CA_list, +SSL_CTX_add_client_CA, +SSL_add_client_CA, +SSL_set0_CA_list, +SSL_CTX_set0_CA_list, +SSL_get0_CA_list, +SSL_CTX_get0_CA_list, +SSL_add1_to_CA_list, +SSL_CTX_add1_to_CA_list, +SSL_get0_peer_CA_list +\&\- get or set CA list +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list); +\& void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list); +\& STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s); +\& STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx); +\& int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *cacert); +\& int SSL_add_client_CA(SSL *ssl, X509 *cacert); +\& +\& void SSL_CTX_set0_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); +\& void SSL_set0_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list); +\& const STACK_OF(X509_NAME) *SSL_CTX_get0_CA_list(const SSL_CTX *ctx); +\& const STACK_OF(X509_NAME) *SSL_get0_CA_list(const SSL *s); +\& int SSL_CTX_add1_to_CA_list(SSL_CTX *ctx, const X509 *x); +\& int SSL_add1_to_CA_list(SSL *ssl, const X509 *x); +\& +\& const STACK_OF(X509_NAME) *SSL_get0_peer_CA_list(const SSL *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The functions described here set and manage the list of \s-1CA\s0 names that are sent +between two communicating peers. +.PP +For \s-1TLS\s0 versions 1.2 and earlier the list of \s-1CA\s0 names is only sent from the +server to the client when requesting a client certificate. So any list of \s-1CA\s0 +names set is never sent from client to server and the list of \s-1CA\s0 names retrieved +by \fISSL_get0_peer_CA_list()\fR is always \fB\s-1NULL\s0\fR. +.PP +For \s-1TLS\s0 1.3 the list of \s-1CA\s0 names is sent using the \fBcertificate_authorities\fR +extension and may be sent by a client (in the ClientHello message) or by +a server (when requesting a certificate). +.PP +In most cases it is not necessary to set \s-1CA\s0 names on the client side. The list +of \s-1CA\s0 names that are acceptable to the client will be sent in plaintext to the +server. This has privacy implications and may also have performance implications +if the list is large. This optional capability was introduced as part of TLSv1.3 +and therefore setting \s-1CA\s0 names on the client side will have no impact if that +protocol version has been disabled. Most servers do not need this and so this +should be avoided unless required. +.PP +The \*(L"client \s-1CA\s0 list\*(R" functions below only have an effect when called on the +server side. +.PP +\&\fISSL_CTX_set_client_CA_list()\fR sets the \fBlist\fR of CAs sent to the client when +requesting a client certificate for \fBctx\fR. Ownership of \fBlist\fR is transferred +to \fBctx\fR and it should not be freed by the caller. +.PP +\&\fISSL_set_client_CA_list()\fR sets the \fBlist\fR of CAs sent to the client when +requesting a client certificate for the chosen \fBssl\fR, overriding the +setting valid for \fBssl\fR's \s-1SSL_CTX\s0 object. Ownership of \fBlist\fR is transferred +to \fBs\fR and it should not be freed by the caller. +.PP +\&\fISSL_CTX_get_client_CA_list()\fR returns the list of client CAs explicitly set for +\&\fBctx\fR using \fISSL_CTX_set_client_CA_list()\fR. The returned list should not be freed +by the caller. +.PP +\&\fISSL_get_client_CA_list()\fR returns the list of client CAs explicitly +set for \fBssl\fR using \fISSL_set_client_CA_list()\fR or \fBssl\fR's \s-1SSL_CTX\s0 object with +\&\fISSL_CTX_set_client_CA_list()\fR, when in server mode. In client mode, +SSL_get_client_CA_list returns the list of client CAs sent from the server, if +any. The returned list should not be freed by the caller. +.PP +\&\fISSL_CTX_add_client_CA()\fR adds the \s-1CA\s0 name extracted from \fBcacert\fR to the +list of CAs sent to the client when requesting a client certificate for +\&\fBctx\fR. +.PP +\&\fISSL_add_client_CA()\fR adds the \s-1CA\s0 name extracted from \fBcacert\fR to the +list of CAs sent to the client when requesting a client certificate for +the chosen \fBssl\fR, overriding the setting valid for \fBssl\fR's \s-1SSL_CTX\s0 object. +.PP +\&\fISSL_get0_peer_CA_list()\fR retrieves the list of \s-1CA\s0 names (if any) the peer +has sent. This can be called on either the server or the client side. The +returned list should not be freed by the caller. +.PP +The \*(L"generic \s-1CA\s0 list\*(R" functions below are very similar to the \*(L"client \s-1CA\s0 +list\*(R" functions except that they have an effect on both the server and client +sides. The lists of \s-1CA\s0 names managed are separate \- so you cannot (for example) +set \s-1CA\s0 names using the \*(L"client \s-1CA\s0 list\*(R" functions and then get them using the +\&\*(L"generic \s-1CA\s0 list\*(R" functions. Where a mix of the two types of functions has been +used on the server side then the \*(L"client \s-1CA\s0 list\*(R" functions take precedence. +Typically, on the server side, the \*(L"client \s-1CA\s0 list \*(R" functions should be used in +preference. As noted above in most cases it is not necessary to set \s-1CA\s0 names on +the client side. +.PP +\&\fISSL_CTX_set0_CA_list()\fR sets the list of CAs to be sent to the peer to +\&\fBname_list\fR. Ownership of \fBname_list\fR is transferred to \fBctx\fR and +it should not be freed by the caller. +.PP +\&\fISSL_set0_CA_list()\fR sets the list of CAs to be sent to the peer to \fBname_list\fR +overriding any list set in the parent \fB\s-1SSL_CTX\s0\fR of \fBs\fR. Ownership of +\&\fBname_list\fR is transferred to \fBs\fR and it should not be freed by the caller. +.PP +\&\fISSL_CTX_get0_CA_list()\fR retrieves any previously set list of CAs set for +\&\fBctx\fR. The returned list should not be freed by the caller. +.PP +\&\fISSL_get0_CA_list()\fR retrieves any previously set list of CAs set for +\&\fBs\fR or if none are set the list from the parent \fB\s-1SSL_CTX\s0\fR is retrieved. The +returned list should not be freed by the caller. +.PP +\&\fISSL_CTX_add1_to_CA_list()\fR appends the \s-1CA\s0 subject name extracted from \fBx\fR to the +list of CAs sent to peer for \fBctx\fR. +.PP +\&\fISSL_add1_to_CA_list()\fR appends the \s-1CA\s0 subject name extracted from \fBx\fR to the +list of CAs sent to the peer for \fBs\fR, overriding the setting in the parent +\&\fB\s-1SSL_CTX\s0\fR. +.SH "NOTES" +.IX Header "NOTES" +When a \s-1TLS/SSL\s0 server requests a client certificate (see +\&\fB\f(BISSL_CTX_set_verify\fB\|(3)\fR), it sends a list of CAs, for which it will accept +certificates, to the client. +.PP +This list must explicitly be set using \fISSL_CTX_set_client_CA_list()\fR or +\&\fISSL_CTX_set0_CA_list()\fR for \fBctx\fR and \fISSL_set_client_CA_list()\fR or +\&\fISSL_set0_CA_list()\fR for the specific \fBssl\fR. The list specified +overrides the previous setting. The CAs listed do not become trusted (\fBlist\fR +only contains the names, not the complete certificates); use +\&\fISSL_CTX_load_verify_locations\fR\|(3) to additionally load them for verification. +.PP +If the list of acceptable CAs is compiled in a file, the +\&\fISSL_load_client_CA_file\fR\|(3) function can be used to help to import the +necessary data. +.PP +\&\fISSL_CTX_add_client_CA()\fR, \fISSL_CTX_add1_to_CA_list()\fR, \fISSL_add_client_CA()\fR and +\&\fISSL_add1_to_CA_list()\fR can be used to add additional items the list of CAs. If no +list was specified before using \fISSL_CTX_set_client_CA_list()\fR, +\&\fISSL_CTX_set0_CA_list()\fR, \fISSL_set_client_CA_list()\fR or \fISSL_set0_CA_list()\fR, a +new \s-1CA\s0 list for \fBctx\fR or \fBssl\fR (as appropriate) is opened. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_client_CA_list()\fR, \fISSL_set_client_CA_list()\fR, +\&\fISSL_CTX_set_client_CA_list()\fR, \fISSL_set_client_CA_list()\fR, \fISSL_CTX_set0_CA_list()\fR +and \fISSL_set0_CA_list()\fR do not return a value. +.PP +\&\fISSL_CTX_get_client_CA_list()\fR, \fISSL_get_client_CA_list()\fR, \fISSL_CTX_get0_CA_list()\fR +and \fISSL_get0_CA_list()\fR return a stack of \s-1CA\s0 names or \fB\s-1NULL\s0\fR is no \s-1CA\s0 names are +set. +.PP +\&\fISSL_CTX_add_client_CA()\fR,\fISSL_add_client_CA()\fR, \fISSL_CTX_add1_to_CA_list()\fR and +\&\fISSL_add1_to_CA_list()\fR return 1 for success and 0 for failure. +.PP +\&\fISSL_get0_peer_CA_list()\fR returns a stack of \s-1CA\s0 names sent by the peer or +\&\fB\s-1NULL\s0\fR or an empty stack if no list was sent. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Scan all certificates in \fBCAfile\fR and list them as acceptable CAs: +.PP +.Vb 1 +\& SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile)); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_load_client_CA_file\fR\|(3), +\&\fISSL_CTX_load_verify_locations\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CTX_set1_curves.3 b/linux_amd64/ssl/share/man/man3/SSL_CTX_set1_curves.3 new file mode 100755 index 0000000..161b369 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CTX_set1_curves.3 @@ -0,0 +1,248 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET1_CURVES 3" +.TH SSL_CTX_SET1_CURVES 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set1_groups, SSL_CTX_set1_groups_list, SSL_set1_groups, +SSL_set1_groups_list, SSL_get1_groups, SSL_get_shared_group, +SSL_get_negotiated_group, SSL_CTX_set1_curves, SSL_CTX_set1_curves_list, +SSL_set1_curves, SSL_set1_curves_list, SSL_get1_curves, SSL_get_shared_curve +\&\- EC supported curve functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_set1_groups(SSL_CTX *ctx, int *glist, int glistlen); +\& int SSL_CTX_set1_groups_list(SSL_CTX *ctx, char *list); +\& +\& int SSL_set1_groups(SSL *ssl, int *glist, int glistlen); +\& int SSL_set1_groups_list(SSL *ssl, char *list); +\& +\& int SSL_get1_groups(SSL *ssl, int *groups); +\& int SSL_get_shared_group(SSL *s, int n); +\& int SSL_get_negotiated_group(SSL *s); +\& +\& int SSL_CTX_set1_curves(SSL_CTX *ctx, int *clist, int clistlen); +\& int SSL_CTX_set1_curves_list(SSL_CTX *ctx, char *list); +\& +\& int SSL_set1_curves(SSL *ssl, int *clist, int clistlen); +\& int SSL_set1_curves_list(SSL *ssl, char *list); +\& +\& int SSL_get1_curves(SSL *ssl, int *curves); +\& int SSL_get_shared_curve(SSL *s, int n); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +For all of the functions below that set the supported groups there must be at +least one group in the list. +.PP +\&\fISSL_CTX_set1_groups()\fR sets the supported groups for \fBctx\fR to \fBglistlen\fR +groups in the array \fBglist\fR. The array consist of all NIDs of groups in +preference order. For a \s-1TLS\s0 client the groups are used directly in the +supported groups extension. For a \s-1TLS\s0 server the groups are used to +determine the set of shared groups. Currently supported groups for +\&\fBTLSv1.3\fR are \fBNID_X9_62_prime256v1\fR, \fBNID_secp384r1\fR, \fBNID_secp521r1\fR, +\&\fB\s-1NID_X25519\s0\fR, \fB\s-1NID_X448\s0\fR, \fBNID_ffdhe2048\fR, \fBNID_ffdhe3072\fR, +\&\fBNID_ffdhe4096\fR, \fBNID_ffdhe6144\fR and \fBNID_ffdhe8192\fR. +.PP +\&\fISSL_CTX_set1_groups_list()\fR sets the supported groups for \fBctx\fR to +string \fBlist\fR. The string is a colon separated list of group NIDs or +names, for example \*(L"P\-521:P\-384:P\-256:X25519:ffdhe2048\*(R". Currently supported +groups for \fBTLSv1.3\fR are \fBP\-256\fR, \fBP\-384\fR, \fBP\-521\fR, \fBX25519\fR, \fBX448\fR, +\&\fBffdhe2048\fR, \fBffdhe3072\fR, \fBffdhe4096\fR, \fBffdhe6144\fR, \fBffdhe8192\fR. +.PP +\&\fISSL_set1_groups()\fR and \fISSL_set1_groups_list()\fR are similar except they set +supported groups for the \s-1SSL\s0 structure \fBssl\fR. +.PP +\&\fISSL_get1_groups()\fR returns the set of supported groups sent by a client +in the supported groups extension. It returns the total number of +supported groups. The \fBgroups\fR parameter can be \fB\s-1NULL\s0\fR to simply +return the number of groups for memory allocation purposes. The +\&\fBgroups\fR array is in the form of a set of group NIDs in preference +order. It can return zero if the client did not send a supported groups +extension. +.PP +\&\fISSL_get_shared_group()\fR returns shared group \fBn\fR for a server-side +\&\s-1SSL\s0 \fBssl\fR. If \fBn\fR is \-1 then the total number of shared groups is +returned, which may be zero. Other than for diagnostic purposes, +most applications will only be interested in the first shared group +so \fBn\fR is normally set to zero. If the value \fBn\fR is out of range, +NID_undef is returned. +.PP +\&\fISSL_get_negotiated_group()\fR returns the negotiated group on a TLSv1.3 connection +for key exchange. This can be called by either client or server. +.PP +All these functions are implemented as macros. +.PP +The curve functions are synonyms for the equivalently named group functions and +are identical in every respect. They exist because, prior to \s-1TLS1\s0.3, there was +only the concept of supported curves. In \s-1TLS1\s0.3 this was renamed to supported +groups, and extended to include Diffie Hellman groups. The group functions +should be used in preference. +.SH "NOTES" +.IX Header "NOTES" +If an application wishes to make use of several of these functions for +configuration purposes either on a command line or in a file it should +consider using the \s-1SSL_CONF\s0 interface instead of manually parsing options. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set1_groups()\fR, \fISSL_CTX_set1_groups_list()\fR, \fISSL_set1_groups()\fR and +\&\fISSL_set1_groups_list()\fR, return 1 for success and 0 for failure. +.PP +\&\fISSL_get1_groups()\fR returns the number of groups, which may be zero. +.PP +\&\fISSL_get_shared_group()\fR returns the \s-1NID\s0 of shared group \fBn\fR or NID_undef if there +is no shared group \fBn\fR; or the total number of shared groups if \fBn\fR +is \-1. +.PP +When called on a client \fBssl\fR, \fISSL_get_shared_group()\fR has no meaning and +returns \-1. +.PP +\&\fISSL_get_negotiated_group()\fR returns the \s-1NID\s0 of the negotiated group on a +TLSv1.3 connection for key exchange. Or it returns NID_undef if no negotiated +group. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_CTX_add_extra_chain_cert\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The curve functions were added in OpenSSL 1.0.2. The equivalent group +functions were added in OpenSSL 1.1.1. The \fISSL_get_negotiated_group()\fR function +was added in OpenSSL 3.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2013\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CTX_set1_sigalgs.3 b/linux_amd64/ssl/share/man/man3/SSL_CTX_set1_sigalgs.3 new file mode 100755 index 0000000..709d0e4 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CTX_set1_sigalgs.3 @@ -0,0 +1,243 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET1_SIGALGS 3" +.TH SSL_CTX_SET1_SIGALGS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set1_sigalgs, SSL_set1_sigalgs, SSL_CTX_set1_sigalgs_list, +SSL_set1_sigalgs_list, SSL_CTX_set1_client_sigalgs, +SSL_set1_client_sigalgs, SSL_CTX_set1_client_sigalgs_list, +SSL_set1_client_sigalgs_list \- set supported signature algorithms +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_set1_sigalgs(SSL_CTX *ctx, const int *slist, long slistlen); +\& long SSL_set1_sigalgs(SSL *ssl, const int *slist, long slistlen); +\& long SSL_CTX_set1_sigalgs_list(SSL_CTX *ctx, const char *str); +\& long SSL_set1_sigalgs_list(SSL *ssl, const char *str); +\& +\& long SSL_CTX_set1_client_sigalgs(SSL_CTX *ctx, const int *slist, long slistlen); +\& long SSL_set1_client_sigalgs(SSL *ssl, const int *slist, long slistlen); +\& long SSL_CTX_set1_client_sigalgs_list(SSL_CTX *ctx, const char *str); +\& long SSL_set1_client_sigalgs_list(SSL *ssl, const char *str); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set1_sigalgs()\fR and \fISSL_set1_sigalgs()\fR set the supported signature +algorithms for \fBctx\fR or \fBssl\fR. The array \fBslist\fR of length \fBslistlen\fR +must consist of pairs of NIDs corresponding to digest and public key +algorithms. +.PP +\&\fISSL_CTX_set1_sigalgs_list()\fR and \fISSL_set1_sigalgs_list()\fR set the supported +signature algorithms for \fBctx\fR or \fBssl\fR. The \fBstr\fR parameter +must be a null terminated string consisting of a colon separated list of +elements, where each element is either a combination of a public key +algorithm and a digest separated by \fB+\fR, or a \s-1TLS\s0 1.3\-style named +SignatureScheme such as rsa_pss_pss_sha256. +.PP +\&\fISSL_CTX_set1_client_sigalgs()\fR, \fISSL_set1_client_sigalgs()\fR, +\&\fISSL_CTX_set1_client_sigalgs_list()\fR and \fISSL_set1_client_sigalgs_list()\fR set +signature algorithms related to client authentication, otherwise they are +identical to \fISSL_CTX_set1_sigalgs()\fR, \fISSL_set1_sigalgs()\fR, +\&\fISSL_CTX_set1_sigalgs_list()\fR and \fISSL_set1_sigalgs_list()\fR. +.PP +All these functions are implemented as macros. The signature algorithm +parameter (integer array or string) is not freed: the application should +free it, if necessary. +.SH "NOTES" +.IX Header "NOTES" +If an application wishes to allow the setting of signature algorithms +as one of many user configurable options it should consider using the more +flexible \s-1SSL_CONF\s0 \s-1API\s0 instead. +.PP +The signature algorithms set by a client are used directly in the supported +signature algorithm in the client hello message. +.PP +The supported signature algorithms set by a server are not sent to the +client but are used to determine the set of shared signature algorithms +and (if server preferences are set with \s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0) +their order. +.PP +The client authentication signature algorithms set by a server are sent +in a certificate request message if client authentication is enabled, +otherwise they are unused. +.PP +Similarly client authentication signature algorithms set by a client are +used to determined the set of client authentication shared signature +algorithms. +.PP +Signature algorithms will neither be advertised nor used if the security level +prohibits them (for example \s-1SHA1\s0 if the security level is 4 or more). +.PP +Currently the NID_md5, NID_sha1, NID_sha224, NID_sha256, NID_sha384 and +NID_sha512 digest NIDs are supported and the public key algorithm NIDs +\&\s-1EVP_PKEY_RSA\s0, \s-1EVP_PKEY_RSA_PSS\s0, \s-1EVP_PKEY_DSA\s0 and \s-1EVP_PKEY_EC\s0. +.PP +The short or long name values for digests can be used in a string (for +example \*(L"\s-1MD5\s0\*(R", \*(L"\s-1SHA1\s0\*(R", \*(L"\s-1SHA224\s0\*(R", \*(L"\s-1SHA256\s0\*(R", \*(L"\s-1SHA384\s0\*(R", \*(L"\s-1SHA512\s0\*(R") and +the public key algorithm strings \*(L"\s-1RSA\s0\*(R", \*(L"RSA-PSS\*(R", \*(L"\s-1DSA\s0\*(R" or \*(L"\s-1ECDSA\s0\*(R". +.PP +The \s-1TLS\s0 1.3 signature scheme names (such as \*(L"rsa_pss_pss_sha256\*(R") can also +be used with the \fB_list\fR forms of the \s-1API\s0. +.PP +The use of \s-1MD5\s0 as a digest is strongly discouraged due to security weaknesses. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All these functions return 1 for success and 0 for failure. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Set supported signature algorithms to \s-1SHA256\s0 with \s-1ECDSA\s0 and \s-1SHA256\s0 with \s-1RSA\s0 +using an array: +.PP +.Vb 1 +\& const int slist[] = {NID_sha256, EVP_PKEY_EC, NID_sha256, EVP_PKEY_RSA}; +\& +\& SSL_CTX_set1_sigalgs(ctx, slist, 4); +.Ve +.PP +Set supported signature algorithms to \s-1SHA256\s0 with \s-1ECDSA\s0 and \s-1SHA256\s0 with \s-1RSA\s0 +using a string: +.PP +.Vb 1 +\& SSL_CTX_set1_sigalgs_list(ctx, "ECDSA+SHA256:RSA+SHA256"); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_get_shared_sigalgs\fR\|(3), +\&\fISSL_CONF_CTX_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CTX_set1_verify_cert_store.3 b/linux_amd64/ssl/share/man/man3/SSL_CTX_set1_verify_cert_store.3 new file mode 100755 index 0000000..0c6743d --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CTX_set1_verify_cert_store.3 @@ -0,0 +1,222 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET1_VERIFY_CERT_STORE 3" +.TH SSL_CTX_SET1_VERIFY_CERT_STORE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set0_verify_cert_store, SSL_CTX_set1_verify_cert_store, +SSL_CTX_set0_chain_cert_store, SSL_CTX_set1_chain_cert_store, +SSL_set0_verify_cert_store, SSL_set1_verify_cert_store, +SSL_set0_chain_cert_store, SSL_set1_chain_cert_store \- set certificate +verification or chain store +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_set0_verify_cert_store(SSL_CTX *ctx, X509_STORE *st); +\& int SSL_CTX_set1_verify_cert_store(SSL_CTX *ctx, X509_STORE *st); +\& int SSL_CTX_set0_chain_cert_store(SSL_CTX *ctx, X509_STORE *st); +\& int SSL_CTX_set1_chain_cert_store(SSL_CTX *ctx, X509_STORE *st); +\& +\& int SSL_set0_verify_cert_store(SSL *ctx, X509_STORE *st); +\& int SSL_set1_verify_cert_store(SSL *ctx, X509_STORE *st); +\& int SSL_set0_chain_cert_store(SSL *ctx, X509_STORE *st); +\& int SSL_set1_chain_cert_store(SSL *ctx, X509_STORE *st); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set0_verify_cert_store()\fR and \fISSL_CTX_set1_verify_cert_store()\fR +set the certificate store used for certificate verification to \fBst\fR. +.PP +\&\fISSL_CTX_set0_chain_cert_store()\fR and \fISSL_CTX_set1_chain_cert_store()\fR +set the certificate store used for certificate chain building to \fBst\fR. +.PP +\&\fISSL_set0_verify_cert_store()\fR, \fISSL_set1_verify_cert_store()\fR, +\&\fISSL_set0_chain_cert_store()\fR and \fISSL_set1_chain_cert_store()\fR are similar +except they apply to \s-1SSL\s0 structure \fBssl\fR. +.PP +All these functions are implemented as macros. Those containing a \fB1\fR +increment the reference count of the supplied store so it must +be freed at some point after the operation. Those containing a \fB0\fR do +not increment reference counts and the supplied store \fB\s-1MUST\s0 \s-1NOT\s0\fR be freed +after the operation. +.SH "NOTES" +.IX Header "NOTES" +The stores pointers associated with an \s-1SSL_CTX\s0 structure are copied to any \s-1SSL\s0 +structures when \fISSL_new()\fR is called. As a result \s-1SSL\s0 structures will not be +affected if the parent \s-1SSL_CTX\s0 store pointer is set to a new value. +.PP +The verification store is used to verify the certificate chain sent by the +peer: that is an \s-1SSL/TLS\s0 client will use the verification store to verify +the server's certificate chain and a \s-1SSL/TLS\s0 server will use it to verify +any client certificate chain. +.PP +The chain store is used to build the certificate chain. +.PP +If the mode \fB\s-1SSL_MODE_NO_AUTO_CHAIN\s0\fR is set or a certificate chain is +configured already (for example using the functions such as +\&\fISSL_CTX_add1_chain_cert\fR\|(3) or +\&\fISSL_CTX_add_extra_chain_cert\fR\|(3)) then +automatic chain building is disabled. +.PP +If the mode \fB\s-1SSL_MODE_NO_AUTO_CHAIN\s0\fR is set then automatic chain building +is disabled. +.PP +If the chain or the verification store is not set then the store associated +with the parent \s-1SSL_CTX\s0 is used instead to retain compatibility with previous +versions of OpenSSL. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All these functions return 1 for success and 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_CTX_add_extra_chain_cert\fR\|(3) +\&\fISSL_CTX_set0_chain\fR\|(3) +\&\fISSL_CTX_set1_chain\fR\|(3) +\&\fISSL_CTX_add0_chain_cert\fR\|(3) +\&\fISSL_CTX_add1_chain_cert\fR\|(3) +\&\fISSL_set0_chain\fR\|(3) +\&\fISSL_set1_chain\fR\|(3) +\&\fISSL_add0_chain_cert\fR\|(3) +\&\fISSL_add1_chain_cert\fR\|(3) +\&\fISSL_CTX_build_cert_chain\fR\|(3) +\&\fISSL_build_cert_chain\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.2. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2013\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CTX_set_alpn_select_cb.3 b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_alpn_select_cb.3 new file mode 100755 index 0000000..081eada --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_alpn_select_cb.3 @@ -0,0 +1,308 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_ALPN_SELECT_CB 3" +.TH SSL_CTX_SET_ALPN_SELECT_CB 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_alpn_protos, SSL_set_alpn_protos, SSL_CTX_set_alpn_select_cb, +SSL_CTX_set_next_proto_select_cb, SSL_CTX_set_next_protos_advertised_cb, +SSL_select_next_proto, SSL_get0_alpn_selected, SSL_get0_next_proto_negotiated +\&\- handle application layer protocol negotiation (ALPN) +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, +\& unsigned int protos_len); +\& int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos, +\& unsigned int protos_len); +\& void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, +\& int (*cb) (SSL *ssl, +\& const unsigned char **out, +\& unsigned char *outlen, +\& const unsigned char *in, +\& unsigned int inlen, +\& void *arg), void *arg); +\& void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, +\& unsigned int *len); +\& +\& void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, +\& int (*cb)(SSL *ssl, +\& const unsigned char **out, +\& unsigned int *outlen, +\& void *arg), +\& void *arg); +\& void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, +\& int (*cb)(SSL *s, +\& unsigned char **out, +\& unsigned char *outlen, +\& const unsigned char *in, +\& unsigned int inlen, +\& void *arg), +\& void *arg); +\& int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, +\& const unsigned char *server, +\& unsigned int server_len, +\& const unsigned char *client, +\& unsigned int client_len) +\& void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, +\& unsigned *len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_alpn_protos()\fR and \fISSL_set_alpn_protos()\fR are used by the client to +set the list of protocols available to be negotiated. The \fBprotos\fR must be in +protocol-list format, described below. The length of \fBprotos\fR is specified in +\&\fBprotos_len\fR. +.PP +\&\fISSL_CTX_set_alpn_select_cb()\fR sets the application callback \fBcb\fR used by a +server to select which protocol to use for the incoming connection. When \fBcb\fR +is \s-1NULL\s0, \s-1ALPN\s0 is not used. The \fBarg\fR value is a pointer which is passed to +the application callback. +.PP +\&\fBcb\fR is the application defined callback. The \fBin\fR, \fBinlen\fR parameters are a +vector in protocol-list format. The value of the \fBout\fR, \fBoutlen\fR vector +should be set to the value of a single protocol selected from the \fBin\fR, +\&\fBinlen\fR vector. The \fBout\fR buffer may point directly into \fBin\fR, or to a +buffer that outlives the handshake. The \fBarg\fR parameter is the pointer set via +\&\fISSL_CTX_set_alpn_select_cb()\fR. +.PP +\&\fISSL_select_next_proto()\fR is a helper function used to select protocols. It +implements the standard protocol selection. It is expected that this function +is called from the application callback \fBcb\fR. The protocol data in \fBserver\fR, +\&\fBserver_len\fR and \fBclient\fR, \fBclient_len\fR must be in the protocol-list format +described below. The first item in the \fBserver\fR, \fBserver_len\fR list that +matches an item in the \fBclient\fR, \fBclient_len\fR list is selected, and returned +in \fBout\fR, \fBoutlen\fR. The \fBout\fR value will point into either \fBserver\fR or +\&\fBclient\fR, so it should be copied immediately. If no match is found, the first +item in \fBclient\fR, \fBclient_len\fR is returned in \fBout\fR, \fBoutlen\fR. This +function can also be used in the \s-1NPN\s0 callback. +.PP +\&\fISSL_CTX_set_next_proto_select_cb()\fR sets a callback \fBcb\fR that is called when a +client needs to select a protocol from the server's provided list, and a +user-defined pointer argument \fBarg\fR which will be passed to this callback. +For the callback itself, \fBout\fR +must be set to point to the selected protocol (which may be within \fBin\fR). +The length of the protocol name must be written into \fBoutlen\fR. The +server's advertised protocols are provided in \fBin\fR and \fBinlen\fR. The +callback can assume that \fBin\fR is syntactically valid. The client must +select a protocol. It is fatal to the connection if this callback returns +a value other than \fB\s-1SSL_TLSEXT_ERR_OK\s0\fR. The \fBarg\fR parameter is the pointer +set via \fISSL_CTX_set_next_proto_select_cb()\fR. +.PP +\&\fISSL_CTX_set_next_protos_advertised_cb()\fR sets a callback \fBcb\fR that is called +when a \s-1TLS\s0 server needs a list of supported protocols for Next Protocol +Negotiation. The returned list must be in protocol-list format, described +below. The list is +returned by setting \fBout\fR to point to it and \fBoutlen\fR to its length. This +memory will not be modified, but the \fB\s-1SSL\s0\fR does keep a +reference to it. The callback should return \fB\s-1SSL_TLSEXT_ERR_OK\s0\fR if it +wishes to advertise. Otherwise, no such extension will be included in the +ServerHello. +.PP +\&\fISSL_get0_alpn_selected()\fR returns a pointer to the selected protocol in \fBdata\fR +with length \fBlen\fR. It is not NUL-terminated. \fBdata\fR is set to \s-1NULL\s0 and \fBlen\fR +is set to 0 if no protocol has been selected. \fBdata\fR must not be freed. +.PP +\&\fISSL_get0_next_proto_negotiated()\fR sets \fBdata\fR and \fBlen\fR to point to the +client's requested protocol for this connection. If the client did not +request any protocol or \s-1NPN\s0 is not enabled, then \fBdata\fR is set to \s-1NULL\s0 and +\&\fBlen\fR to 0. Note that +the client can request any protocol it chooses. The value returned from +this function need not be a member of the list of supported protocols +provided by the callback. +.SH "NOTES" +.IX Header "NOTES" +The protocol-lists must be in wire-format, which is defined as a vector of +non-empty, 8\-bit length-prefixed, byte strings. The length-prefix byte is not +included in the length. Each string is limited to 255 bytes. A byte-string +length of 0 is invalid. A truncated byte-string is invalid. The length of the +vector is not in the vector itself, but in a separate variable. +.PP +Example: +.PP +.Vb 5 +\& unsigned char vector[] = { +\& 6, \*(Aqs\*(Aq, \*(Aqp\*(Aq, \*(Aqd\*(Aq, \*(Aqy\*(Aq, \*(Aq/\*(Aq, \*(Aq1\*(Aq, +\& 8, \*(Aqh\*(Aq, \*(Aqt\*(Aq, \*(Aqt\*(Aq, \*(Aqp\*(Aq, \*(Aq/\*(Aq, \*(Aq1\*(Aq, \*(Aq.\*(Aq, \*(Aq1\*(Aq +\& }; +\& unsigned int length = sizeof(vector); +.Ve +.PP +The \s-1ALPN\s0 callback is executed after the servername callback; as that servername +callback may update the \s-1SSL_CTX\s0, and subsequently, the \s-1ALPN\s0 callback. +.PP +If there is no \s-1ALPN\s0 proposed in the ClientHello, the \s-1ALPN\s0 callback is not +invoked. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_alpn_protos()\fR and \fISSL_set_alpn_protos()\fR return 0 on success, and +non\-0 on failure. \s-1WARNING:\s0 these functions reverse the return value convention. +.PP +\&\fISSL_select_next_proto()\fR returns one of the following: +.IP "\s-1OPENSSL_NPN_NEGOTIATED\s0" 4 +.IX Item "OPENSSL_NPN_NEGOTIATED" +A match was found and is returned in \fBout\fR, \fBoutlen\fR. +.IP "\s-1OPENSSL_NPN_NO_OVERLAP\s0" 4 +.IX Item "OPENSSL_NPN_NO_OVERLAP" +No match was found. The first item in \fBclient\fR, \fBclient_len\fR is returned in +\&\fBout\fR, \fBoutlen\fR. +.PP +The \s-1ALPN\s0 select callback \fBcb\fR, must return one of the following: +.IP "\s-1SSL_TLSEXT_ERR_OK\s0" 4 +.IX Item "SSL_TLSEXT_ERR_OK" +\&\s-1ALPN\s0 protocol selected. +.IP "\s-1SSL_TLSEXT_ERR_ALERT_FATAL\s0" 4 +.IX Item "SSL_TLSEXT_ERR_ALERT_FATAL" +There was no overlap between the client's supplied list and the server +configuration. +.IP "\s-1SSL_TLSEXT_ERR_NOACK\s0" 4 +.IX Item "SSL_TLSEXT_ERR_NOACK" +\&\s-1ALPN\s0 protocol not selected, e.g., because no \s-1ALPN\s0 protocols are configured for +this connection. +.PP +The callback set using \fISSL_CTX_set_next_proto_select_cb()\fR should return +\&\fB\s-1SSL_TLSEXT_ERR_OK\s0\fR if successful. Any other value is fatal to the connection. +.PP +The callback set using \fISSL_CTX_set_next_protos_advertised_cb()\fR should return +\&\fB\s-1SSL_TLSEXT_ERR_OK\s0\fR if it wishes to advertise. Otherwise, no such extension +will be included in the ServerHello. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_CTX_set_tlsext_servername_callback\fR\|(3), +\&\fISSL_CTX_set_tlsext_servername_arg\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CTX_set_cert_cb.3 b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_cert_cb.3 new file mode 100755 index 0000000..0ffc766 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_cert_cb.3 @@ -0,0 +1,204 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_CERT_CB 3" +.TH SSL_CTX_SET_CERT_CB 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_cert_cb, SSL_set_cert_cb \- handle certificate callback function +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cert_cb)(SSL *ssl, void *arg), +\& void *arg); +\& void SSL_set_cert_cb(SSL *s, int (*cert_cb)(SSL *ssl, void *arg), void *arg); +\& +\& int (*cert_cb)(SSL *ssl, void *arg); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_cert_cb()\fR and \fISSL_set_cert_cb()\fR sets the \fIcert_cb()\fR callback, +\&\fBarg\fR value is pointer which is passed to the application callback. +.PP +When \fIcert_cb()\fR is \s-1NULL\s0, no callback function is used. +.PP +\&\fIcert_cb()\fR is the application defined callback. It is called before a +certificate will be used by a client or server. The callback can then inspect +the passed \fBssl\fR structure and set or clear any appropriate certificates. If +the callback is successful it \fB\s-1MUST\s0\fR return 1 even if no certificates have +been set. A zero is returned on error which will abort the handshake with a +fatal internal error alert. A negative return value will suspend the handshake +and the handshake function will return immediately. +\&\fISSL_get_error\fR\|(3) will return \s-1SSL_ERROR_WANT_X509_LOOKUP\s0 to +indicate, that the handshake was suspended. The next call to the handshake +function will again lead to the call of \fIcert_cb()\fR. It is the job of the +\&\fIcert_cb()\fR to store information about the state of the last call, +if required to continue. +.SH "NOTES" +.IX Header "NOTES" +An application will typically call \fISSL_use_certificate()\fR and +\&\fISSL_use_PrivateKey()\fR to set the end entity certificate and private key. +It can add intermediate and optionally the root \s-1CA\s0 certificates using +\&\fISSL_add1_chain_cert()\fR. +.PP +It might also call \fISSL_certs_clear()\fR to delete any certificates associated +with the \fB\s-1SSL\s0\fR object. +.PP +The certificate callback functionality supersedes the (largely broken) +functionality provided by the old client certificate callback interface. +It is \fBalways\fR called even is a certificate is already set so the callback +can modify or delete the existing certificate. +.PP +A more advanced callback might examine the handshake parameters and set +whatever chain is appropriate. For example a legacy client supporting only +TLSv1.0 might receive a certificate chain signed using \s-1SHA1\s0 whereas a +TLSv1.2 or later client which advertises support for \s-1SHA256\s0 could receive a +chain using \s-1SHA256\s0. +.PP +Normal server sanity checks are performed on any certificates set +by the callback. So if an \s-1EC\s0 chain is set for a curve the client does not +support it will \fBnot\fR be used. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_cert_cb()\fR and \fISSL_set_cert_cb()\fR do not return values. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_use_certificate\fR\|(3), +\&\fISSL_add1_chain_cert\fR\|(3), +\&\fISSL_get_client_CA_list\fR\|(3), +\&\fISSL_clear\fR\|(3), \fISSL_free\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2014\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CTX_set_cert_store.3 b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_cert_store.3 new file mode 100755 index 0000000..87e296c --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_cert_store.3 @@ -0,0 +1,210 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_CERT_STORE 3" +.TH SSL_CTX_SET_CERT_STORE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_cert_store, SSL_CTX_set1_cert_store, SSL_CTX_get_cert_store \- manipulate X509 certificate verification storage +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store); +\& void SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *store); +\& X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_cert_store()\fR sets/replaces the certificate verification storage +of \fBctx\fR to/with \fBstore\fR. If another X509_STORE object is currently +set in \fBctx\fR, it will be \fIX509_STORE_free()\fRed. +.PP +\&\fISSL_CTX_set1_cert_store()\fR sets/replaces the certificate verification storage +of \fBctx\fR to/with \fBstore\fR. The \fBstore\fR's reference count is incremented. +If another X509_STORE object is currently set in \fBctx\fR, it will be \fIX509_STORE_free()\fRed. +.PP +\&\fISSL_CTX_get_cert_store()\fR returns a pointer to the current certificate +verification storage. +.SH "NOTES" +.IX Header "NOTES" +In order to verify the certificates presented by the peer, trusted \s-1CA\s0 +certificates must be accessed. These \s-1CA\s0 certificates are made available +via lookup methods, handled inside the X509_STORE. From the X509_STORE +the X509_STORE_CTX used when verifying certificates is created. +.PP +Typically the trusted certificate store is handled indirectly via using +\&\fISSL_CTX_load_verify_locations\fR\|(3). +Using the \fISSL_CTX_set_cert_store()\fR and \fISSL_CTX_get_cert_store()\fR functions +it is possible to manipulate the X509_STORE object beyond the +\&\fISSL_CTX_load_verify_locations\fR\|(3) +call. +.PP +Currently no detailed documentation on how to use the X509_STORE +object is available. Not all members of the X509_STORE are used when +the verification takes place. So will e.g. the \fIverify_callback()\fR be +overridden with the \fIverify_callback()\fR set via the +\&\fISSL_CTX_set_verify\fR\|(3) family of functions. +This document must therefore be updated when documentation about the +X509_STORE object and its handling becomes available. +.PP +\&\fISSL_CTX_set_cert_store()\fR does not increment the \fBstore\fR's reference +count, so it should not be used to assign an X509_STORE that is owned +by another \s-1SSL_CTX\s0. +.PP +To share X509_STOREs between two SSL_CTXs, use \fISSL_CTX_get_cert_store()\fR +to get the X509_STORE from the first \s-1SSL_CTX\s0, and then use +\&\fISSL_CTX_set1_cert_store()\fR to assign to the second \s-1SSL_CTX\s0 and +increment the reference count of the X509_STORE. +.SH "RESTRICTIONS" +.IX Header "RESTRICTIONS" +The X509_STORE structure used by an \s-1SSL_CTX\s0 is used for verifying peer +certificates and building certificate chains, it is also shared by +every child \s-1SSL\s0 structure. Applications wanting finer control can use +functions such as \fISSL_CTX_set1_verify_cert_store()\fR instead. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_cert_store()\fR does not return diagnostic output. +.PP +\&\fISSL_CTX_set1_cert_store()\fR does not return diagnostic output. +.PP +\&\fISSL_CTX_get_cert_store()\fR returns the current setting. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_CTX_load_verify_locations\fR\|(3), +\&\fISSL_CTX_set_verify\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CTX_set_cert_verify_callback.3 b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_cert_verify_callback.3 new file mode 100755 index 0000000..703a4d5 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_cert_verify_callback.3 @@ -0,0 +1,200 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_CERT_VERIFY_CALLBACK 3" +.TH SSL_CTX_SET_CERT_VERIFY_CALLBACK 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_cert_verify_callback \- set peer certificate verification procedure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, +\& int (*callback)(X509_STORE_CTX *, void *), +\& void *arg); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_cert_verify_callback()\fR sets the verification callback function for +\&\fIctx\fR. \s-1SSL\s0 objects that are created from \fIctx\fR inherit the setting valid at +the time when \fISSL_new\fR\|(3) is called. +.SH "NOTES" +.IX Header "NOTES" +Whenever a certificate is verified during a \s-1SSL/TLS\s0 handshake, a verification +function is called. If the application does not explicitly specify a +verification callback function, the built-in verification function is used. +If a verification callback \fIcallback\fR is specified via +\&\fISSL_CTX_set_cert_verify_callback()\fR, the supplied callback function is called +instead. By setting \fIcallback\fR to \s-1NULL\s0, the default behaviour is restored. +.PP +When the verification must be performed, \fIcallback\fR will be called with +the arguments callback(X509_STORE_CTX *x509_store_ctx, void *arg). The +argument \fIarg\fR is specified by the application when setting \fIcallback\fR. +.PP +\&\fIcallback\fR should return 1 to indicate verification success and 0 to +indicate verification failure. If \s-1SSL_VERIFY_PEER\s0 is set and \fIcallback\fR +returns 0, the handshake will fail. As the verification procedure may +allow the connection to continue in the case of failure (by always +returning 1) the verification result must be set in any case using the +\&\fBerror\fR member of \fIx509_store_ctx\fR so that the calling application +will be informed about the detailed result of the verification procedure! +.PP +Within \fIx509_store_ctx\fR, \fIcallback\fR has access to the \fIverify_callback\fR +function set using \fISSL_CTX_set_verify\fR\|(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_cert_verify_callback()\fR does not return a value. +.SH "WARNINGS" +.IX Header "WARNINGS" +Do not mix the verification callback described in this function with the +\&\fBverify_callback\fR function called during the verification process. The +latter is set using the \fISSL_CTX_set_verify\fR\|(3) +family of functions. +.PP +Providing a complete verification procedure including certificate purpose +settings etc is a complex task. The built-in procedure is quite powerful +and in most cases it should be sufficient to modify its behaviour using +the \fBverify_callback\fR function. +.SH "BUGS" +.IX Header "BUGS" +\&\fISSL_CTX_set_cert_verify_callback()\fR does not provide diagnostic information. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_CTX_set_verify\fR\|(3), +\&\fISSL_get_verify_result\fR\|(3), +\&\fISSL_CTX_load_verify_locations\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CTX_set_cipher_list.3 b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_cipher_list.3 new file mode 100755 index 0000000..05a2053 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_cipher_list.3 @@ -0,0 +1,248 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_CIPHER_LIST 3" +.TH SSL_CTX_SET_CIPHER_LIST 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_cipher_list, +SSL_set_cipher_list, +SSL_CTX_set_ciphersuites, +SSL_set_ciphersuites, +OSSL_default_cipher_list, +OSSL_default_ciphersuites +\&\- choose list of available SSL_CIPHERs +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str); +\& int SSL_set_cipher_list(SSL *ssl, const char *str); +\& +\& int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str); +\& int SSL_set_ciphersuites(SSL *s, const char *str); +\& +\& const char *OSSL_default_cipher_list(void); +\& const char *OSSL_default_ciphersuites(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_cipher_list()\fR sets the list of available ciphers (TLSv1.2 and below) +for \fBctx\fR using the control string \fBstr\fR. The format of the string is described +in \fIopenssl\-ciphers\fR\|(1). The list of ciphers is inherited by all +\&\fBssl\fR objects created from \fBctx\fR. This function does not impact TLSv1.3 +ciphersuites. Use \fISSL_CTX_set_ciphersuites()\fR to configure those. +.PP +\&\fISSL_set_cipher_list()\fR sets the list of ciphers (TLSv1.2 and below) only for +\&\fBssl\fR. +.PP +\&\fISSL_CTX_set_ciphersuites()\fR is used to configure the available TLSv1.3 +ciphersuites for \fBctx\fR. This is a simple colon (\*(L":\*(R") separated list of TLSv1.3 +ciphersuite names in order of preference. Valid TLSv1.3 ciphersuite names are: +.IP "\s-1TLS_AES_128_GCM_SHA256\s0" 4 +.IX Item "TLS_AES_128_GCM_SHA256" +.PD 0 +.IP "\s-1TLS_AES_256_GCM_SHA384\s0" 4 +.IX Item "TLS_AES_256_GCM_SHA384" +.IP "\s-1TLS_CHACHA20_POLY1305_SHA256\s0" 4 +.IX Item "TLS_CHACHA20_POLY1305_SHA256" +.IP "\s-1TLS_AES_128_CCM_SHA256\s0" 4 +.IX Item "TLS_AES_128_CCM_SHA256" +.IP "\s-1TLS_AES_128_CCM_8_SHA256\s0" 4 +.IX Item "TLS_AES_128_CCM_8_SHA256" +.PD +.PP +An empty list is permissible. The default value for the this setting is: +.PP +\&\*(L"\s-1TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256\s0\*(R" +.PP +\&\fISSL_set_ciphersuites()\fR is the same as \fISSL_CTX_set_ciphersuites()\fR except it +configures the ciphersuites for \fBssl\fR. +.PP +\&\fIOSSL_default_cipher_list()\fR returns the default cipher string for TLSv1.2 +(and earlier) ciphers. \fIOSSL_default_ciphersuites()\fR returns the default +cipher string for TLSv1.3 ciphersuites. +.SH "NOTES" +.IX Header "NOTES" +The control string \fBstr\fR for \fISSL_CTX_set_cipher_list()\fR and +\&\fISSL_set_cipher_list()\fR should be universally usable and not depend +on details of the library configuration (ciphers compiled in). Thus no +syntax checking takes place. Items that are not recognized, because the +corresponding ciphers are not compiled in or because they are mistyped, +are simply ignored. Failure is only flagged if no ciphers could be collected +at all. +.PP +It should be noted, that inclusion of a cipher to be used into the list is +a necessary condition. On the client side, the inclusion into the list is +also sufficient unless the security level excludes it. On the server side, +additional restrictions apply. All ciphers have additional requirements. +\&\s-1ADH\s0 ciphers don't need a certificate, but DH-parameters must have been set. +All other ciphers need a corresponding certificate and key. +.PP +A \s-1RSA\s0 cipher can only be chosen, when a \s-1RSA\s0 certificate is available. +\&\s-1RSA\s0 ciphers using \s-1DHE\s0 need a certificate and key and additional DH-parameters +(see \fISSL_CTX_set_tmp_dh_callback\fR\|(3)). +.PP +A \s-1DSA\s0 cipher can only be chosen, when a \s-1DSA\s0 certificate is available. +\&\s-1DSA\s0 ciphers always use \s-1DH\s0 key exchange and therefore need DH-parameters +(see \fISSL_CTX_set_tmp_dh_callback\fR\|(3)). +.PP +When these conditions are not met for any cipher in the list (e.g. a +client only supports export \s-1RSA\s0 ciphers with an asymmetric key length +of 512 bits and the server is not configured to use temporary \s-1RSA\s0 +keys), the \*(L"no shared cipher\*(R" (\s-1SSL_R_NO_SHARED_CIPHER\s0) error is generated +and the handshake will fail. +.PP +\&\fIOSSL_default_cipher_list()\fR and \fIOSSL_default_ciphersuites()\fR replace +\&\s-1SSL_DEFAULT_CIPHER_LIST\s0 and \s-1TLS_DEFAULT_CIPHERSUITES\s0, respectively. The +cipher list defines are deprecated as of 3.0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_cipher_list()\fR and \fISSL_set_cipher_list()\fR return 1 if any cipher +could be selected and 0 on complete failure. +.PP +\&\fISSL_CTX_set_ciphersuites()\fR and \fISSL_set_ciphersuites()\fR return 1 if the requested +ciphersuite list was configured, and 0 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_get_ciphers\fR\|(3), +\&\fISSL_CTX_use_certificate\fR\|(3), +\&\fISSL_CTX_set_tmp_dh_callback\fR\|(3), +\&\fIopenssl\-ciphers\fR\|(1) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIOSSL_default_cipher_list()\fR and \fIOSSL_default_ciphersites()\fR are new in 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CTX_set_client_cert_cb.3 b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_client_cert_cb.3 new file mode 100755 index 0000000..163ccdc --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_client_cert_cb.3 @@ -0,0 +1,232 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_CLIENT_CERT_CB 3" +.TH SSL_CTX_SET_CLIENT_CERT_CB 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_client_cert_cb, SSL_CTX_get_client_cert_cb \- handle client certificate callback function +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, +\& int (*client_cert_cb)(SSL *ssl, X509 **x509, +\& EVP_PKEY **pkey)); +\& int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, +\& EVP_PKEY **pkey); +\& int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_client_cert_cb()\fR sets the \fIclient_cert_cb()\fR callback, that is +called when a client certificate is requested by a server and no certificate +was yet set for the \s-1SSL\s0 object. +.PP +When \fIclient_cert_cb()\fR is \s-1NULL\s0, no callback function is used. +.PP +\&\fISSL_CTX_get_client_cert_cb()\fR returns a pointer to the currently set callback +function. +.PP +\&\fIclient_cert_cb()\fR is the application defined callback. If it wants to +set a certificate, a certificate/private key combination must be set +using the \fBx509\fR and \fBpkey\fR arguments and \*(L"1\*(R" must be returned. The +certificate will be installed into \fBssl\fR, see the \s-1NOTES\s0 and \s-1BUGS\s0 sections. +If no certificate should be set, \*(L"0\*(R" has to be returned and no certificate +will be sent. A negative return value will suspend the handshake and the +handshake function will return immediately. \fISSL_get_error\fR\|(3) +will return \s-1SSL_ERROR_WANT_X509_LOOKUP\s0 to indicate, that the handshake was +suspended. The next call to the handshake function will again lead to the call +of \fIclient_cert_cb()\fR. It is the job of the \fIclient_cert_cb()\fR to store information +about the state of the last call, if required to continue. +.SH "NOTES" +.IX Header "NOTES" +During a handshake (or renegotiation) a server may request a certificate +from the client. A client certificate must only be sent, when the server +did send the request. +.PP +When a certificate was set using the +\&\fISSL_CTX_use_certificate\fR\|(3) family of functions, +it will be sent to the server. The \s-1TLS\s0 standard requires that only a +certificate is sent, if it matches the list of acceptable CAs sent by the +server. This constraint is violated by the default behavior of the OpenSSL +library. Using the callback function it is possible to implement a proper +selection routine or to allow a user interaction to choose the certificate to +be sent. +.PP +If a callback function is defined and no certificate was yet defined for the +\&\s-1SSL\s0 object, the callback function will be called. +If the callback function returns a certificate, the OpenSSL library +will try to load the private key and certificate data into the \s-1SSL\s0 +object using the \fISSL_use_certificate()\fR and \fISSL_use_private_key()\fR functions. +Thus it will permanently install the certificate and key for this \s-1SSL\s0 +object. It will not be reset by calling \fISSL_clear\fR\|(3). +If the callback returns no certificate, the OpenSSL library will not send +a certificate. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_get_client_cert_cb()\fR returns function pointer of \fIclient_cert_cb()\fR or +\&\s-1NULL\s0 if the callback is not set. +.SH "BUGS" +.IX Header "BUGS" +The \fIclient_cert_cb()\fR cannot return a complete certificate chain, it can +only return one client certificate. If the chain only has a length of 2, +the root \s-1CA\s0 certificate may be omitted according to the \s-1TLS\s0 standard and +thus a standard conforming answer can be sent to the server. For a +longer chain, the client must send the complete chain (with the option +to leave out the root \s-1CA\s0 certificate). This can only be accomplished by +either adding the intermediate \s-1CA\s0 certificates into the trusted +certificate store for the \s-1SSL_CTX\s0 object (resulting in having to add +\&\s-1CA\s0 certificates that otherwise maybe would not be trusted), or by adding +the chain certificates using the +\&\fISSL_CTX_add_extra_chain_cert\fR\|(3) +function, which is only available for the \s-1SSL_CTX\s0 object as a whole and that +therefore probably can only apply for one client certificate, making +the concept of the callback function (to allow the choice from several +certificates) questionable. +.PP +Once the \s-1SSL\s0 object has been used in conjunction with the callback function, +the certificate will be set for the \s-1SSL\s0 object and will not be cleared +even when \fISSL_clear\fR\|(3) is being called. It is therefore +mandatory to destroy the \s-1SSL\s0 object using \fISSL_free\fR\|(3) +and create a new one to return to the previous state. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_CTX_use_certificate\fR\|(3), +\&\fISSL_CTX_add_extra_chain_cert\fR\|(3), +\&\fISSL_get_client_CA_list\fR\|(3), +\&\fISSL_clear\fR\|(3), \fISSL_free\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CTX_set_client_hello_cb.3 b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_client_hello_cb.3 new file mode 100755 index 0000000..b60cb10 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_client_hello_cb.3 @@ -0,0 +1,253 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_CLIENT_HELLO_CB 3" +.TH SSL_CTX_SET_CLIENT_HELLO_CB 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_client_hello_cb, SSL_client_hello_cb_fn, SSL_client_hello_isv2, SSL_client_hello_get0_legacy_version, SSL_client_hello_get0_random, SSL_client_hello_get0_session_id, SSL_client_hello_get0_ciphers, SSL_client_hello_get0_compression_methods, SSL_client_hello_get1_extensions_present, SSL_client_hello_get0_ext \- callback functions for early server\-side ClientHello processing +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 10 +\& typedef int (*SSL_client_hello_cb_fn)(SSL *s, int *al, void *arg); +\& void SSL_CTX_set_client_hello_cb(SSL_CTX *c, SSL_client_hello_cb_fn *f, +\& void *arg); +\& int SSL_client_hello_isv2(SSL *s); +\& unsigned int SSL_client_hello_get0_legacy_version(SSL *s); +\& size_t SSL_client_hello_get0_random(SSL *s, const unsigned char **out); +\& size_t SSL_client_hello_get0_session_id(SSL *s, const unsigned char **out); +\& size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out); +\& size_t SSL_client_hello_get0_compression_methods(SSL *s, +\& const unsigned char **out); +\& int SSL_client_hello_get1_extensions_present(SSL *s, int **out, +\& size_t *outlen); +\& int SSL_client_hello_get0_ext(SSL *s, int type, const unsigned char **out, +\& size_t *outlen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_client_hello_cb()\fR sets the callback function, which is automatically +called during the early stages of ClientHello processing on the server. +The argument supplied when setting the callback is passed back to the +callback at run time. A callback that returns failure (0) will cause the +connection to terminate, and callbacks returning failure should indicate +what alert value is to be sent in the \fBal\fR parameter. A callback may +also return a negative value to suspend the handshake, and the handshake +function will return immediately. \fISSL_get_error\fR\|(3) will return +\&\s-1SSL_ERROR_WANT_CLIENT_HELLO_CB\s0 to indicate that the handshake was suspended. +It is the job of the ClientHello callback to store information about the state +of the last call if needed to continue. On the next call into the handshake +function, the ClientHello callback will be called again, and, if it returns +success, normal handshake processing will continue from that point. +.PP +\&\fISSL_client_hello_isv2()\fR indicates whether the ClientHello was carried in a +SSLv2 record and is in the SSLv2 format. The SSLv2 format has substantial +differences from the normal SSLv3 format, including using three bytes per +cipher suite, and not allowing extensions. Additionally, the SSLv2 format +\&'challenge' field is exposed via \fISSL_client_hello_get0_random()\fR, padded to +\&\s-1SSL3_RANDOM_SIZE\s0 bytes with zeros if needed. For SSLv2 format ClientHellos, +\&\fISSL_client_hello_get0_compression_methods()\fR returns a dummy list that only includes +the null compression method, since the SSLv2 format does not include a +mechanism by which to negotiate compression. +.PP +\&\fISSL_client_hello_get0_random()\fR, \fISSL_client_hello_get0_session_id()\fR, +\&\fISSL_client_hello_get0_ciphers()\fR, and +\&\fISSL_client_hello_get0_compression_methods()\fR provide access to the corresponding +ClientHello fields, returning the field length and optionally setting an out +pointer to the octets of that field. +.PP +Similarly, \fISSL_client_hello_get0_ext()\fR provides access to individual extensions +from the ClientHello on a per-extension basis. For the provided wire +protocol extension type value, the extension value and length are returned +in the output parameters (if present). +.PP +\&\fISSL_client_hello_get1_extensions_present()\fR can be used prior to +\&\fISSL_client_hello_get0_ext()\fR, to determine which extensions are present in the +ClientHello before querying for them. The \fBout\fR and \fBoutlen\fR parameters are +both required, and on success the caller must release the storage allocated for +\&\fB*out\fR using \fIOPENSSL_free()\fR. The contents of \fB*out\fR is an array of integers +holding the numerical value of the \s-1TLS\s0 extension types in the order they appear +in the ClientHello. \fB*outlen\fR contains the number of elements in the array. +In situations when the ClientHello has no extensions, the function will return +success with \fB*out\fR set to \s-1NULL\s0 and \fB*outlen\fR set to 0. +.SH "NOTES" +.IX Header "NOTES" +The ClientHello callback provides a vast window of possibilities for application +code to affect the \s-1TLS\s0 handshake. A primary use of the callback is to +allow the server to examine the server name indication extension provided +by the client in order to select an appropriate certificate to present, +and make other configuration adjustments relevant to that server name +and its configuration. Such configuration changes can include swapping out +the associated \s-1SSL_CTX\s0 pointer, modifying the server's list of permitted \s-1TLS\s0 +versions, changing the server's cipher list in response to the client's +cipher list, etc. +.PP +It is also recommended that applications utilize a ClientHello callback and +not use a servername callback, in order to avoid unexpected behavior that +occurs due to the relative order of processing between things like session +resumption and the historical servername callback. +.PP +The SSL_client_hello_* family of functions may only be called from code executing +within a ClientHello callback. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The application's supplied ClientHello callback returns +\&\s-1SSL_CLIENT_HELLO_SUCCESS\s0 on success, \s-1SSL_CLIENT_HELLO_ERROR\s0 on failure, and +\&\s-1SSL_CLIENT_HELLO_RETRY\s0 to suspend processing. +.PP +\&\fISSL_client_hello_isv2()\fR returns 1 for SSLv2\-format ClientHellos and 0 otherwise. +.PP +\&\fISSL_client_hello_get0_random()\fR, \fISSL_client_hello_get0_session_id()\fR, +\&\fISSL_client_hello_get0_ciphers()\fR, and +\&\fISSL_client_hello_get0_compression_methods()\fR return the length of the +corresponding ClientHello fields. If zero is returned, the output pointer +should not be assumed to be valid. +.PP +\&\fISSL_client_hello_get0_ext()\fR returns 1 if the extension of type 'type' is present, and +0 otherwise. +.PP +\&\fISSL_client_hello_get1_extensions_present()\fR returns 1 on success and 0 on failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_CTX_set_tlsext_servername_callback\fR\|(3), +\&\fISSL_bytes_to_cipher_list\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \s-1SSL\s0 ClientHello callback, \fISSL_client_hello_isv2()\fR, +\&\fISSL_client_hello_get0_random()\fR, \fISSL_client_hello_get0_session_id()\fR, +\&\fISSL_client_hello_get0_ciphers()\fR, \fISSL_client_hello_get0_compression_methods()\fR, +\&\fISSL_client_hello_get0_ext()\fR, and \fISSL_client_hello_get1_extensions_present()\fR +were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CTX_set_ct_validation_callback.3 b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_ct_validation_callback.3 new file mode 100755 index 0000000..3a1f59f --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_ct_validation_callback.3 @@ -0,0 +1,266 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_CT_VALIDATION_CALLBACK 3" +.TH SSL_CTX_SET_CT_VALIDATION_CALLBACK 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ssl_ct_validation_cb, +SSL_enable_ct, SSL_CTX_enable_ct, SSL_disable_ct, SSL_CTX_disable_ct, +SSL_set_ct_validation_callback, SSL_CTX_set_ct_validation_callback, +SSL_ct_is_enabled, SSL_CTX_ct_is_enabled \- +control Certificate Transparency policy +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef int (*ssl_ct_validation_cb)(const CT_POLICY_EVAL_CTX *ctx, +\& const STACK_OF(SCT) *scts, void *arg); +\& +\& int SSL_enable_ct(SSL *s, int validation_mode); +\& int SSL_CTX_enable_ct(SSL_CTX *ctx, int validation_mode); +\& int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback, +\& void *arg); +\& int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx, +\& ssl_ct_validation_cb callback, +\& void *arg); +\& void SSL_disable_ct(SSL *s); +\& void SSL_CTX_disable_ct(SSL_CTX *ctx); +\& int SSL_ct_is_enabled(const SSL *s); +\& int SSL_CTX_ct_is_enabled(const SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_enable_ct()\fR and \fISSL_CTX_enable_ct()\fR enable the processing of signed +certificate timestamps (SCTs) either for a given \s-1SSL\s0 connection or for all +connections that share the given \s-1SSL\s0 context, respectively. +This is accomplished by setting a built-in \s-1CT\s0 validation callback. +The behaviour of the callback is determined by the \fBvalidation_mode\fR argument, +which can be either of \fB\s-1SSL_CT_VALIDATION_PERMISSIVE\s0\fR or +\&\fB\s-1SSL_CT_VALIDATION_STRICT\s0\fR as described below. +.PP +If \fBvalidation_mode\fR is equal to \fB\s-1SSL_CT_VALIDATION_STRICT\s0\fR, then in a full +\&\s-1TLS\s0 handshake with the verification mode set to \fB\s-1SSL_VERIFY_PEER\s0\fR, if the peer +presents no valid SCTs the handshake will be aborted. +If the verification mode is \fB\s-1SSL_VERIFY_NONE\s0\fR, the handshake will continue +despite lack of valid SCTs. +However, in that case if the verification status before the built-in callback +was \fBX509_V_OK\fR it will be set to \fBX509_V_ERR_NO_VALID_SCTS\fR after the +callback. +Applications can call \fISSL_get_verify_result\fR\|(3) to check the status at +handshake completion, even after session resumption since the verification +status is part of the saved session state. +See \fISSL_set_verify\fR\|(3), <\fISSL_get_verify_result\fR\|(3)>, \fISSL_session_reused\fR\|(3). +.PP +If \fBvalidation_mode\fR is equal to \fB\s-1SSL_CT_VALIDATION_PERMISSIVE\s0\fR, then the +handshake continues, and the verification status is not modified, regardless of +the validation status of any SCTs. +The application can still inspect the validation status of the SCTs at +handshake completion. +Note that with session resumption there will not be any SCTs presented during +the handshake. +Therefore, in applications that delay \s-1SCT\s0 policy enforcement until after +handshake completion, such delayed \s-1SCT\s0 checks should only be performed when the +session is not resumed. +.PP +\&\fISSL_set_ct_validation_callback()\fR and \fISSL_CTX_set_ct_validation_callback()\fR +register a custom callback that may implement a different policy than either of +the above. +This callback can examine the peer's SCTs and determine whether they are +sufficient to allow the connection to continue. +The \s-1TLS\s0 handshake is aborted if the verification mode is not \fB\s-1SSL_VERIFY_NONE\s0\fR +and the callback returns a non-positive result. +.PP +An arbitrary callback data argument, \fBarg\fR, can be passed in when setting +the callback. +This will be passed to the callback whenever it is invoked. +Ownership of this context remains with the caller. +.PP +If no callback is set, SCTs will not be requested and Certificate Transparency +validation will not occur. +.PP +No callback will be invoked when the peer presents no certificate, e.g. by +employing an anonymous (aNULL) cipher suite. +In that case the handshake continues as it would had no callback been +requested. +Callbacks are also not invoked when the peer certificate chain is invalid or +validated via \s-1\fIDANE\-TA\s0\fR\|(2) or \s-1\fIDANE\-EE\s0\fR\|(3) \s-1TLSA\s0 records which use a private X.509 +\&\s-1PKI\s0, or no X.509 \s-1PKI\s0 at all, respectively. +Clients that require SCTs are expected to not have enabled any aNULL ciphers +nor to have specified server verification via \s-1\fIDANE\-TA\s0\fR\|(2) or \s-1\fIDANE\-EE\s0\fR\|(3) \s-1TLSA\s0 +records. +.PP +\&\fISSL_disable_ct()\fR and \fISSL_CTX_disable_ct()\fR turn off \s-1CT\s0 processing, whether +enabled via the built-in or the custom callbacks, by setting a \s-1NULL\s0 callback. +These may be implemented as macros. +.PP +\&\fISSL_ct_is_enabled()\fR and \fISSL_CTX_ct_is_enabled()\fR return 1 if \s-1CT\s0 processing is +enabled via either \fISSL_enable_ct()\fR or a non-null custom callback, and 0 +otherwise. +.SH "NOTES" +.IX Header "NOTES" +When \s-1SCT\s0 processing is enabled, \s-1OCSP\s0 stapling will be enabled. This is because +one possible source of SCTs is the \s-1OCSP\s0 response from a server. +.PP +The time returned by \fISSL_SESSION_get_time()\fR will be used to evaluate whether any +presented SCTs have timestamps that are in the future (and therefore invalid). +.SH "RESTRICTIONS" +.IX Header "RESTRICTIONS" +Certificate Transparency validation cannot be enabled and so a callback cannot +be set if a custom client extension handler has been registered to handle \s-1SCT\s0 +extensions (\fBTLSEXT_TYPE_signed_certificate_timestamp\fR). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_enable_ct()\fR, \fISSL_CTX_enable_ct()\fR, \fISSL_CTX_set_ct_validation_callback()\fR and +\&\fISSL_set_ct_validation_callback()\fR return 1 if the \fBcallback\fR is successfully +set. +They return 0 if an error occurs, e.g. a custom client extension handler has +been setup to handle SCTs. +.PP +\&\fISSL_disable_ct()\fR and \fISSL_CTX_disable_ct()\fR do not return a result. +.PP +\&\fISSL_CTX_ct_is_enabled()\fR and \fISSL_ct_is_enabled()\fR return a 1 if a non-null \s-1CT\s0 +validation callback is set, or 0 if no callback (or equivalently a \s-1NULL\s0 +callback) is set. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +<\fISSL_get_verify_result\fR\|(3)>, +\&\fISSL_session_reused\fR\|(3), +\&\fISSL_set_verify\fR\|(3), +\&\fISSL_CTX_set_verify\fR\|(3), +\&\fISSL_SESSION_get_time\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CTX_set_ctlog_list_file.3 b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_ctlog_list_file.3 new file mode 100755 index 0000000..7c037be --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_ctlog_list_file.3 @@ -0,0 +1,175 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_CTLOG_LIST_FILE 3" +.TH SSL_CTX_SET_CTLOG_LIST_FILE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_default_ctlog_list_file, SSL_CTX_set_ctlog_list_file \- +load a Certificate Transparency log list from a file +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_set_default_ctlog_list_file(SSL_CTX *ctx); +\& int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_default_ctlog_list_file()\fR loads a list of Certificate Transparency +(\s-1CT\s0) logs from the default file location, \*(L"ct_log_list.cnf\*(R", found in the +directory where OpenSSL is installed. +.PP +\&\fISSL_CTX_set_ctlog_list_file()\fR loads a list of \s-1CT\s0 logs from a specific path. +See \fICTLOG_STORE_new\fR\|(3) for the file format. +.SH "NOTES" +.IX Header "NOTES" +These functions will not clear the existing \s-1CT\s0 log list \- it will be appended +to. To replace the existing list, use \fISSL_CTX_set0_ctlog_store\fR\|(3) first. +.PP +If an error occurs whilst parsing a particular log entry in the file, that log +entry will be skipped. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_default_ctlog_list_file()\fR and \fISSL_CTX_set_ctlog_list_file()\fR +return 1 if the log list is successfully loaded, and 0 if an error occurs. In +the case of an error, the log list may have been partially loaded. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_CTX_set_ct_validation_callback\fR\|(3), +\&\fICTLOG_STORE_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CTX_set_default_passwd_cb.3 b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_default_passwd_cb.3 new file mode 100755 index 0000000..012c93c --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_default_passwd_cb.3 @@ -0,0 +1,235 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_DEFAULT_PASSWD_CB 3" +.TH SSL_CTX_SET_DEFAULT_PASSWD_CB 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_default_passwd_cb, SSL_CTX_set_default_passwd_cb_userdata, +SSL_CTX_get_default_passwd_cb, SSL_CTX_get_default_passwd_cb_userdata, +SSL_set_default_passwd_cb, SSL_set_default_passwd_cb_userdata, +SSL_get_default_passwd_cb, SSL_get_default_passwd_cb_userdata \- set or +get passwd callback for encrypted PEM file handling +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb); +\& void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u); +\& pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx); +\& void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx); +\& +\& void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb); +\& void SSL_set_default_passwd_cb_userdata(SSL *s, void *u); +\& pem_password_cb *SSL_get_default_passwd_cb(SSL *s); +\& void *SSL_get_default_passwd_cb_userdata(SSL *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_default_passwd_cb()\fR sets the default password callback called +when loading/storing a \s-1PEM\s0 certificate with encryption. +.PP +\&\fISSL_CTX_set_default_passwd_cb_userdata()\fR sets a pointer to userdata, \fBu\fR, +which will be provided to the password callback on invocation. +.PP +\&\fISSL_CTX_get_default_passwd_cb()\fR returns a function pointer to the password +callback currently set in \fBctx\fR. If no callback was explicitly set, the +\&\s-1NULL\s0 pointer is returned. +.PP +\&\fISSL_CTX_get_default_passwd_cb_userdata()\fR returns a pointer to the userdata +currently set in \fBctx\fR. If no userdata was explicitly set, the \s-1NULL\s0 pointer +is returned. +.PP +\&\fISSL_set_default_passwd_cb()\fR, \fISSL_set_default_passwd_cb_userdata()\fR, +\&\fISSL_get_default_passwd_cb()\fR and \fISSL_get_default_passwd_cb_userdata()\fR perform +the same function as their \s-1SSL_CTX\s0 counterparts, but using an \s-1SSL\s0 object. +.PP +The password callback, which must be provided by the application, hands back the +password to be used during decryption. +On invocation a pointer to userdata +is provided. The function must store the password into the provided buffer +\&\fBbuf\fR which is of size \fBsize\fR. The actual length of the password must +be returned to the calling function. \fBrwflag\fR indicates whether the +callback is used for reading/decryption (rwflag=0) or writing/encryption +(rwflag=1). +For more details, see \fIpem_password_cb\fR\|(3). +.SH "NOTES" +.IX Header "NOTES" +When loading or storing private keys, a password might be supplied to +protect the private key. The way this password can be supplied may depend +on the application. If only one private key is handled, it can be practical +to have the callback handle the password dialog interactively. If several +keys have to be handled, it can be practical to ask for the password once, +then keep it in memory and use it several times. In the last case, the +password could be stored into the userdata storage and the +callback only returns the password already stored. +.PP +When asking for the password interactively, the callback can use +\&\fBrwflag\fR to check, whether an item shall be encrypted (rwflag=1). +In this case the password dialog may ask for the same password twice +for comparison in order to catch typos, that would make decryption +impossible. +.PP +Other items in \s-1PEM\s0 formatting (certificates) can also be encrypted, it is +however not usual, as certificate information is considered public. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions do not provide diagnostic information. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The following example returns the password provided as userdata to the +calling function. The password is considered to be a '\e0' terminated +string. If the password does not fit into the buffer, the password is +truncated. +.PP +.Vb 6 +\& int my_cb(char *buf, int size, int rwflag, void *u) +\& { +\& strncpy(buf, (char *)u, size); +\& buf[size \- 1] = \*(Aq\e0\*(Aq; +\& return strlen(buf); +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_CTX_use_certificate\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fISSL_CTX_get_default_passwd_cb()\fR, \fISSL_CTX_get_default_passwd_cb_userdata()\fR, +\&\fISSL_set_default_passwd_cb()\fR and \fISSL_set_default_passwd_cb_userdata()\fR were +added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CTX_set_generate_session_id.3 b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_generate_session_id.3 new file mode 100755 index 0000000..c3c8bfd --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_generate_session_id.3 @@ -0,0 +1,260 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_GENERATE_SESSION_ID 3" +.TH SSL_CTX_SET_GENERATE_SESSION_ID 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_generate_session_id, SSL_set_generate_session_id, +SSL_has_matching_session_id, GEN_SESSION_CB +\&\- manipulate generation of SSL session IDs (server only) +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef int (*GEN_SESSION_CB)(SSL *ssl, unsigned char *id, +\& unsigned int *id_len); +\& +\& int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb); +\& int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB, cb); +\& int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, +\& unsigned int id_len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_generate_session_id()\fR sets the callback function for generating +new session ids for \s-1SSL/TLS\s0 sessions for \fBctx\fR to be \fBcb\fR. +.PP +\&\fISSL_set_generate_session_id()\fR sets the callback function for generating +new session ids for \s-1SSL/TLS\s0 sessions for \fBssl\fR to be \fBcb\fR. +.PP +\&\fISSL_has_matching_session_id()\fR checks, whether a session with id \fBid\fR +(of length \fBid_len\fR) is already contained in the internal session cache +of the parent context of \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +When a new session is established between client and server, the server +generates a session id. The session id is an arbitrary sequence of bytes. +The length of the session id is between 1 and 32 bytes. The session id is not +security critical but must be unique for the server. Additionally, the session id is +transmitted in the clear when reusing the session so it must not contain +sensitive information. +.PP +Without a callback being set, an OpenSSL server will generate a unique +session id from pseudo random numbers of the maximum possible length. +Using the callback function, the session id can be changed to contain +additional information like e.g. a host id in order to improve load balancing +or external caching techniques. +.PP +The callback function receives a pointer to the memory location to put +\&\fBid\fR into and a pointer to the maximum allowed length \fBid_len\fR. The +buffer at location \fBid\fR is only guaranteed to have the size \fBid_len\fR. +The callback is only allowed to generate a shorter id and reduce \fBid_len\fR; +the callback \fBmust never\fR increase \fBid_len\fR or write to the location +\&\fBid\fR exceeding the given limit. +.PP +The location \fBid\fR is filled with 0x00 before the callback is called, so the +callback may only fill part of the possible length and leave \fBid_len\fR +untouched while maintaining reproducibility. +.PP +Since the sessions must be distinguished, session ids must be unique. +Without the callback a random number is used, so that the probability +of generating the same session id is extremely small (2^256 for SSLv3/TLSv1). +In order to assure the uniqueness of the generated session id, the callback must call +\&\fISSL_has_matching_session_id()\fR and generate another id if a conflict occurs. +If an id conflict is not resolved, the handshake will fail. +If the application codes e.g. a unique host id, a unique process number, and +a unique sequence number into the session id, uniqueness could easily be +achieved without randomness added (it should however be taken care that +no confidential information is leaked this way). If the application can not +guarantee uniqueness, it is recommended to use the maximum \fBid_len\fR and +fill in the bytes not used to code special information with random data +to avoid collisions. +.PP +\&\fISSL_has_matching_session_id()\fR will only query the internal session cache, +not the external one. Since the session id is generated before the +handshake is completed, it is not immediately added to the cache. If +another thread is using the same internal session cache, a race condition +can occur in that another thread generates the same session id. +Collisions can also occur when using an external session cache, since +the external cache is not tested with \fISSL_has_matching_session_id()\fR +and the same race condition applies. +.PP +The callback must return 0 if it cannot generate a session id for whatever +reason and return 1 on success. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_generate_session_id()\fR and \fISSL_set_generate_session_id()\fR +always return 1. +.PP +\&\fISSL_has_matching_session_id()\fR returns 1 if another session with the +same id is already in the cache. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The callback function listed will generate a session id with the +server id given, and will fill the rest with pseudo random bytes: +.PP +.Vb 1 +\& const char session_id_prefix = "www\-18"; +\& +\& #define MAX_SESSION_ID_ATTEMPTS 10 +\& static int generate_session_id(SSL *ssl, unsigned char *id, +\& unsigned int *id_len) +\& { +\& unsigned int count = 0; +\& +\& do { +\& RAND_pseudo_bytes(id, *id_len); +\& /* +\& * Prefix the session_id with the required prefix. NB: If our +\& * prefix is too long, clip it \- but there will be worse effects +\& * anyway, eg. the server could only possibly create 1 session +\& * ID (ie. the prefix!) so all future session negotiations will +\& * fail due to conflicts. +\& */ +\& memcpy(id, session_id_prefix, strlen(session_id_prefix) < *id_len ? +\& strlen(session_id_prefix) : *id_len); +\& } while (SSL_has_matching_session_id(ssl, id, *id_len) +\& && ++count < MAX_SESSION_ID_ATTEMPTS); +\& if (count >= MAX_SESSION_ID_ATTEMPTS) +\& return 0; +\& return 1; +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_get_version\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CTX_set_info_callback.3 b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_info_callback.3 new file mode 100755 index 0000000..a7a0b54 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_info_callback.3 @@ -0,0 +1,280 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_INFO_CALLBACK 3" +.TH SSL_CTX_SET_INFO_CALLBACK 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_info_callback, +SSL_CTX_get_info_callback, +SSL_set_info_callback, +SSL_get_info_callback +\&\- handle information callback for SSL connections +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*callback)()); +\& void (*SSL_CTX_get_info_callback(const SSL_CTX *ctx))(); +\& +\& void SSL_set_info_callback(SSL *ssl, void (*callback)()); +\& void (*SSL_get_info_callback(const SSL *ssl))(); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_info_callback()\fR sets the \fBcallback\fR function, that can be used to +obtain state information for \s-1SSL\s0 objects created from \fBctx\fR during connection +setup and use. The setting for \fBctx\fR is overridden from the setting for +a specific \s-1SSL\s0 object, if specified. +When \fBcallback\fR is \s-1NULL\s0, no callback function is used. +.PP +\&\fISSL_set_info_callback()\fR sets the \fBcallback\fR function, that can be used to +obtain state information for \fBssl\fR during connection setup and use. +When \fBcallback\fR is \s-1NULL\s0, the callback setting currently valid for +\&\fBctx\fR is used. +.PP +\&\fISSL_CTX_get_info_callback()\fR returns a pointer to the currently set information +callback function for \fBctx\fR. +.PP +\&\fISSL_get_info_callback()\fR returns a pointer to the currently set information +callback function for \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +When setting up a connection and during use, it is possible to obtain state +information from the \s-1SSL/TLS\s0 engine. When set, an information callback function +is called whenever a significant event occurs such as: the state changes, +an alert appears, or an error occurs. +.PP +The callback function is called as \fBcallback(\s-1SSL\s0 *ssl, int where, int ret)\fR. +The \fBwhere\fR argument specifies information about where (in which context) +the callback function was called. If \fBret\fR is 0, an error condition occurred. +If an alert is handled, \s-1SSL_CB_ALERT\s0 is set and \fBret\fR specifies the alert +information. +.PP +\&\fBwhere\fR is a bit-mask made up of the following bits: +.IP "\s-1SSL_CB_LOOP\s0" 4 +.IX Item "SSL_CB_LOOP" +Callback has been called to indicate state change or some other significant +state machine event. This may mean that the callback gets invoked more than once +per state in some situations. +.IP "\s-1SSL_CB_EXIT\s0" 4 +.IX Item "SSL_CB_EXIT" +Callback has been called to indicate exit of a handshake function. This will +happen after the end of a handshake, but may happen at other times too such as +on error or when \s-1IO\s0 might otherwise block and non-blocking is being used. +.IP "\s-1SSL_CB_READ\s0" 4 +.IX Item "SSL_CB_READ" +Callback has been called during read operation. +.IP "\s-1SSL_CB_WRITE\s0" 4 +.IX Item "SSL_CB_WRITE" +Callback has been called during write operation. +.IP "\s-1SSL_CB_ALERT\s0" 4 +.IX Item "SSL_CB_ALERT" +Callback has been called due to an alert being sent or received. +.IP "\s-1SSL_CB_READ_ALERT\s0 (SSL_CB_ALERT|SSL_CB_READ)" 4 +.IX Item "SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ)" +.PD 0 +.IP "\s-1SSL_CB_WRITE_ALERT\s0 (SSL_CB_ALERT|SSL_CB_WRITE)" 4 +.IX Item "SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE)" +.IP "\s-1SSL_CB_ACCEPT_LOOP\s0 (SSL_ST_ACCEPT|SSL_CB_LOOP)" 4 +.IX Item "SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP)" +.IP "\s-1SSL_CB_ACCEPT_EXIT\s0 (SSL_ST_ACCEPT|SSL_CB_EXIT)" 4 +.IX Item "SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT)" +.IP "\s-1SSL_CB_CONNECT_LOOP\s0 (SSL_ST_CONNECT|SSL_CB_LOOP)" 4 +.IX Item "SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP)" +.IP "\s-1SSL_CB_CONNECT_EXIT\s0 (SSL_ST_CONNECT|SSL_CB_EXIT)" 4 +.IX Item "SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT)" +.IP "\s-1SSL_CB_HANDSHAKE_START\s0" 4 +.IX Item "SSL_CB_HANDSHAKE_START" +.PD +Callback has been called because a new handshake is started. It also occurs when +resuming a handshake following a pause to handle early data. +.IP "\s-1SSL_CB_HANDSHAKE_DONE\s0" 4 +.IX Item "SSL_CB_HANDSHAKE_DONE" +Callback has been called because a handshake is finished. It also occurs if the +handshake is paused to allow the exchange of early data. +.PP +The current state information can be obtained using the +\&\fISSL_state_string\fR\|(3) family of functions. +.PP +The \fBret\fR information can be evaluated using the +\&\fISSL_alert_type_string\fR\|(3) family of functions. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_set_info_callback()\fR does not provide diagnostic information. +.PP +\&\fISSL_get_info_callback()\fR returns the current setting. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The following example callback function prints state strings, information +about alerts being handled and error messages to the \fBbio_err\fR \s-1BIO\s0. +.PP +.Vb 4 +\& void apps_ssl_info_callback(SSL *s, int where, int ret) +\& { +\& const char *str; +\& int w = where & ~SSL_ST_MASK; +\& +\& if (w & SSL_ST_CONNECT) +\& str = "SSL_connect"; +\& else if (w & SSL_ST_ACCEPT) +\& str = "SSL_accept"; +\& else +\& str = "undefined"; +\& +\& if (where & SSL_CB_LOOP) { +\& BIO_printf(bio_err, "%s:%s\en", str, SSL_state_string_long(s)); +\& } else if (where & SSL_CB_ALERT) { +\& str = (where & SSL_CB_READ) ? "read" : "write"; +\& BIO_printf(bio_err, "SSL3 alert %s:%s:%s\en", str, +\& SSL_alert_type_string_long(ret), +\& SSL_alert_desc_string_long(ret)); +\& } else if (where & SSL_CB_EXIT) { +\& if (ret == 0) { +\& BIO_printf(bio_err, "%s:failed in %s\en", +\& str, SSL_state_string_long(s)); +\& } else if (ret < 0) { +\& BIO_printf(bio_err, "%s:error in %s\en", +\& str, SSL_state_string_long(s)); +\& } +\& } +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_state_string\fR\|(3), +\&\fISSL_alert_type_string\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CTX_set_keylog_callback.3 b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_keylog_callback.3 new file mode 100755 index 0000000..9ec3fd9 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_keylog_callback.3 @@ -0,0 +1,175 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_KEYLOG_CALLBACK 3" +.TH SSL_CTX_SET_KEYLOG_CALLBACK 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_keylog_callback, SSL_CTX_get_keylog_callback, +SSL_CTX_keylog_cb_func \- logging TLS key material +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef void (*SSL_CTX_keylog_cb_func)(const SSL *ssl, const char *line); +\& +\& void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb); +\& SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_keylog_callback()\fR sets the \s-1TLS\s0 key logging callback. This callback +is called whenever \s-1TLS\s0 key material is generated or received, in order to allow +applications to store this keying material for debugging purposes. +.PP +\&\fISSL_CTX_get_keylog_callback()\fR retrieves the previously set \s-1TLS\s0 key logging +callback. If no callback has been set, this will return \s-1NULL\s0. When there is no +key logging callback, or if SSL_CTX_set_keylog_callback is called with \s-1NULL\s0 as +the value of cb, no logging of key material will be done. +.PP +The key logging callback is called with two items: the \fBssl\fR object associated +with the connection, and \fBline\fR, a string containing the key material in the +format used by \s-1NSS\s0 for its \fB\s-1SSLKEYLOGFILE\s0\fR debugging output. To recreate that +file, the key logging callback should log \fBline\fR, followed by a newline. +\&\fBline\fR will always be a NULL-terminated string. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_get_keylog_callback()\fR returns a pointer to \fBSSL_CTX_keylog_cb_func\fR or +\&\s-1NULL\s0 if the callback is not set. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CTX_set_max_cert_list.3 b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_max_cert_list.3 new file mode 100755 index 0000000..23c250d --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_max_cert_list.3 @@ -0,0 +1,204 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_MAX_CERT_LIST 3" +.TH SSL_CTX_SET_MAX_CERT_LIST 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_max_cert_list, SSL_CTX_get_max_cert_list, SSL_set_max_cert_list, SSL_get_max_cert_list \- manipulate allowed size for the peer's certificate chain +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_set_max_cert_list(SSL_CTX *ctx, long size); +\& long SSL_CTX_get_max_cert_list(SSL_CTX *ctx); +\& +\& long SSL_set_max_cert_list(SSL *ssl, long size); +\& long SSL_get_max_cert_list(SSL *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_max_cert_list()\fR sets the maximum size allowed for the peer's +certificate chain for all \s-1SSL\s0 objects created from \fBctx\fR to be bytes. +The \s-1SSL\s0 objects inherit the setting valid for \fBctx\fR at the time +\&\fISSL_new\fR\|(3) is being called. +.PP +\&\fISSL_CTX_get_max_cert_list()\fR returns the currently set maximum size for \fBctx\fR. +.PP +\&\fISSL_set_max_cert_list()\fR sets the maximum size allowed for the peer's +certificate chain for \fBssl\fR to be bytes. This setting stays valid +until a new value is set. +.PP +\&\fISSL_get_max_cert_list()\fR returns the currently set maximum size for \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +During the handshake process, the peer may send a certificate chain. +The \s-1TLS/SSL\s0 standard does not give any maximum size of the certificate chain. +The OpenSSL library handles incoming data by a dynamically allocated buffer. +In order to prevent this buffer from growing without bounds due to data +received from a faulty or malicious peer, a maximum size for the certificate +chain is set. +.PP +The default value for the maximum certificate chain size is 100kB (30kB +on the 16bit \s-1DOS\s0 platform). This should be sufficient for usual certificate +chains (OpenSSL's default maximum chain length is 10, see +\&\fISSL_CTX_set_verify\fR\|(3), and certificates +without special extensions have a typical size of 1\-2kB). +.PP +For special applications it can be necessary to extend the maximum certificate +chain size allowed to be sent by the peer, see e.g. the work on +\&\*(L"Internet X.509 Public Key Infrastructure Proxy Certificate Profile\*(R" +and \*(L"\s-1TLS\s0 Delegation Protocol\*(R" at http://www.ietf.org/ and +http://www.globus.org/ . +.PP +Under normal conditions it should never be necessary to set a value smaller +than the default, as the buffer is handled dynamically and only uses the +memory actually required by the data sent by the peer. +.PP +If the maximum certificate chain size allowed is exceeded, the handshake will +fail with a \s-1SSL_R_EXCESSIVE_MESSAGE_SIZE\s0 error. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_max_cert_list()\fR and \fISSL_set_max_cert_list()\fR return the previously +set value. +.PP +\&\fISSL_CTX_get_max_cert_list()\fR and \fISSL_get_max_cert_list()\fR return the currently +set value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_new\fR\|(3), +\&\fISSL_CTX_set_verify\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CTX_set_min_proto_version.3 b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_min_proto_version.3 new file mode 100755 index 0000000..9f932a6 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_min_proto_version.3 @@ -0,0 +1,195 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_MIN_PROTO_VERSION 3" +.TH SSL_CTX_SET_MIN_PROTO_VERSION 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_min_proto_version, SSL_CTX_set_max_proto_version, +SSL_CTX_get_min_proto_version, SSL_CTX_get_max_proto_version, +SSL_set_min_proto_version, SSL_set_max_proto_version, +SSL_get_min_proto_version, SSL_get_max_proto_version \- Get and set minimum +and maximum supported protocol version +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, int version); +\& int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, int version); +\& int SSL_CTX_get_min_proto_version(SSL_CTX *ctx); +\& int SSL_CTX_get_max_proto_version(SSL_CTX *ctx); +\& +\& int SSL_set_min_proto_version(SSL *ssl, int version); +\& int SSL_set_max_proto_version(SSL *ssl, int version); +\& int SSL_get_min_proto_version(SSL *ssl); +\& int SSL_get_max_proto_version(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The functions get or set the minimum and maximum supported protocol versions +for the \fBctx\fR or \fBssl\fR. +This works in combination with the options set via +\&\fISSL_CTX_set_options\fR\|(3) that also make it possible to disable +specific protocol versions. +Use these functions instead of disabling specific protocol versions. +.PP +Setting the minimum or maximum version to 0, will enable protocol +versions down to the lowest version, or up to the highest version +supported by the library, respectively. +.PP +Getters return 0 in case \fBctx\fR or \fBssl\fR have been configured to +automatically use the lowest or highest version supported by the library. +.PP +Currently supported versions are \fB\s-1SSL3_VERSION\s0\fR, \fB\s-1TLS1_VERSION\s0\fR, +\&\fB\s-1TLS1_1_VERSION\s0\fR, \fB\s-1TLS1_2_VERSION\s0\fR, \fB\s-1TLS1_3_VERSION\s0\fR for \s-1TLS\s0 and +\&\fB\s-1DTLS1_VERSION\s0\fR, \fB\s-1DTLS1_2_VERSION\s0\fR for \s-1DTLS\s0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These setter functions return 1 on success and 0 on failure. The getter +functions return the configured version or 0 for auto-configuration of +lowest or highest protocol, respectively. +.SH "NOTES" +.IX Header "NOTES" +All these functions are implemented using macros. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_CTX_set_options\fR\|(3), \fISSL_CONF_cmd\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The setter functions were added in OpenSSL 1.1.0. The getter functions +were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CTX_set_mode.3 b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_mode.3 new file mode 100755 index 0000000..7cc2a9b --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_mode.3 @@ -0,0 +1,273 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_MODE 3" +.TH SSL_CTX_SET_MODE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_mode, SSL_CTX_clear_mode, SSL_set_mode, SSL_clear_mode, SSL_CTX_get_mode, SSL_get_mode \- manipulate SSL engine mode +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_set_mode(SSL_CTX *ctx, long mode); +\& long SSL_CTX_clear_mode(SSL_CTX *ctx, long mode); +\& long SSL_set_mode(SSL *ssl, long mode); +\& long SSL_clear_mode(SSL *ssl, long mode); +\& +\& long SSL_CTX_get_mode(SSL_CTX *ctx); +\& long SSL_get_mode(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_mode()\fR adds the mode set via bit-mask in \fBmode\fR to \fBctx\fR. +Options already set before are not cleared. +\&\fISSL_CTX_clear_mode()\fR removes the mode set via bit-mask in \fBmode\fR from \fBctx\fR. +.PP +\&\fISSL_set_mode()\fR adds the mode set via bit-mask in \fBmode\fR to \fBssl\fR. +Options already set before are not cleared. +\&\fISSL_clear_mode()\fR removes the mode set via bit-mask in \fBmode\fR from \fBssl\fR. +.PP +\&\fISSL_CTX_get_mode()\fR returns the mode set for \fBctx\fR. +.PP +\&\fISSL_get_mode()\fR returns the mode set for \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +The following mode changes are available: +.IP "\s-1SSL_MODE_ENABLE_PARTIAL_WRITE\s0" 4 +.IX Item "SSL_MODE_ENABLE_PARTIAL_WRITE" +Allow SSL_write_ex(..., n, &r) to return with 0 < r < n (i.e. report success +when just a single record has been written). This works in a similar way for +\&\fISSL_write()\fR. When not set (the default), \fISSL_write_ex()\fR or \fISSL_write()\fR will only +report success once the complete chunk was written. Once \fISSL_write_ex()\fR or +\&\fISSL_write()\fR returns successful, \fBr\fR bytes have been written and the next call +to \fISSL_write_ex()\fR or \fISSL_write()\fR must only send the n\-r bytes left, imitating +the behaviour of \fIwrite()\fR. +.IP "\s-1SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER\s0" 4 +.IX Item "SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER" +Make it possible to retry \fISSL_write_ex()\fR or \fISSL_write()\fR with changed buffer +location (the buffer contents must stay the same). This is not the default to +avoid the misconception that non-blocking \fISSL_write()\fR behaves like +non-blocking \fIwrite()\fR. +.IP "\s-1SSL_MODE_AUTO_RETRY\s0" 4 +.IX Item "SSL_MODE_AUTO_RETRY" +During normal operations, non-application data records might need to be sent or +received that the application is not aware of. +If a non-application data record was processed, +\&\fISSL_read_ex\fR\|(3) and \fISSL_read\fR\|(3) can return with a failure and indicate the +need to retry with \fB\s-1SSL_ERROR_WANT_READ\s0\fR. +If such a non-application data record was processed, the flag +\&\fB\s-1SSL_MODE_AUTO_RETRY\s0\fR causes it to try to process the next record instead of +returning. +.Sp +In a non-blocking environment applications must be prepared to handle +incomplete read/write operations. +Setting \fB\s-1SSL_MODE_AUTO_RETRY\s0\fR for a non-blocking \fB\s-1BIO\s0\fR will process +non-application data records until either no more data is available or +an application data record has been processed. +.Sp +In a blocking environment, applications are not always prepared to +deal with the functions returning intermediate reports such as retry +requests, and setting the \fB\s-1SSL_MODE_AUTO_RETRY\s0\fR flag will cause the functions +to only return after successfully processing an application data record or a +failure. +.Sp +Turning off \fB\s-1SSL_MODE_AUTO_RETRY\s0\fR can be useful with blocking \fB\s-1BIO\s0\fRs in case +they are used in combination with something like \fIselect()\fR or \fIpoll()\fR. +Otherwise the call to \fISSL_read()\fR or \fISSL_read_ex()\fR might hang when a +non-application record was sent and no application data was sent. +.IP "\s-1SSL_MODE_RELEASE_BUFFERS\s0" 4 +.IX Item "SSL_MODE_RELEASE_BUFFERS" +When we no longer need a read buffer or a write buffer for a given \s-1SSL\s0, +then release the memory we were using to hold it. +Using this flag can +save around 34k per idle \s-1SSL\s0 connection. +This flag has no effect on \s-1SSL\s0 v2 connections, or on \s-1DTLS\s0 connections. +.IP "\s-1SSL_MODE_SEND_FALLBACK_SCSV\s0" 4 +.IX Item "SSL_MODE_SEND_FALLBACK_SCSV" +Send \s-1TLS_FALLBACK_SCSV\s0 in the ClientHello. +To be set only by applications that reconnect with a downgraded protocol +version; see draft\-ietf\-tls\-downgrade\-scsv\-00 for details. +.Sp +\&\s-1DO\s0 \s-1NOT\s0 \s-1ENABLE\s0 \s-1THIS\s0 if your application attempts a normal handshake. +Only use this in explicit fallback retries, following the guidance +in draft\-ietf\-tls\-downgrade\-scsv\-00. +.IP "\s-1SSL_MODE_ASYNC\s0" 4 +.IX Item "SSL_MODE_ASYNC" +Enable asynchronous processing. \s-1TLS\s0 I/O operations may indicate a retry with +\&\s-1SSL_ERROR_WANT_ASYNC\s0 with this mode set if an asynchronous capable engine is +used to perform cryptographic operations. See \fISSL_get_error\fR\|(3). +.IP "\s-1SSL_MODE_NO_KTLS_TX\s0" 4 +.IX Item "SSL_MODE_NO_KTLS_TX" +Disable the use of the kernel \s-1TLS\s0 egress data-path. +By default kernel \s-1TLS\s0 is enabled if it is supported by the negotiated ciphersuites +and extensions and OpenSSL has been compiled with support for it. +The kernel \s-1TLS\s0 data-path implements the record layer, +and the crypto algorithm. The kernel will utilize the best hardware +available for crypto. Using the kernel data-path should reduce the memory +footprint of OpenSSL because no buffering is required. Also, the throughput +should improve because data copy is avoided when user data is encrypted into +kernel memory instead of the usual encrypt than copy to kernel. +.Sp +Kernel \s-1TLS\s0 might not support all the features of OpenSSL. For instance, +renegotiation, and setting the maximum fragment size is not possible as of +Linux 4.20. +.IP "\s-1SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG\s0" 4 +.IX Item "SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG" +Older versions of OpenSSL had a bug in the computation of the label length +used for computing the endpoint-pair shared secret. The bug was that the +terminating zero was included in the length of the label. Setting this option +enables this behaviour to allow interoperability with such broken +implementations. Please note that setting this option breaks interoperability +with correct implementations. This option only applies to \s-1DTLS\s0 over \s-1SCTP\s0. +.PP +All modes are off by default except for \s-1SSL_MODE_AUTO_RETRY\s0 which is on by +default since 1.1.1. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_mode()\fR and \fISSL_set_mode()\fR return the new mode bit-mask +after adding \fBmode\fR. +.PP +\&\fISSL_CTX_get_mode()\fR and \fISSL_get_mode()\fR return the current bit-mask. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_read_ex\fR\|(3), \fISSL_read\fR\|(3), \fISSL_write_ex\fR\|(3) or +\&\fISSL_write\fR\|(3), \fISSL_get_error\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1SSL_MODE_ASYNC\s0 was added in OpenSSL 1.1.0. +\&\s-1SSL_MODE_NO_KTLS_TX\s0 was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CTX_set_msg_callback.3 b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_msg_callback.3 new file mode 100755 index 0000000..a3cf35f --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_msg_callback.3 @@ -0,0 +1,247 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_MSG_CALLBACK 3" +.TH SSL_CTX_SET_MSG_CALLBACK 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_msg_callback, +SSL_CTX_set_msg_callback_arg, +SSL_set_msg_callback, +SSL_set_msg_callback_arg +\&\- install callback for observing protocol messages +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_set_msg_callback(SSL_CTX *ctx, +\& void (*cb)(int write_p, int version, +\& int content_type, const void *buf, +\& size_t len, SSL *ssl, void *arg)); +\& void SSL_CTX_set_msg_callback_arg(SSL_CTX *ctx, void *arg); +\& +\& void SSL_set_msg_callback(SSL *ssl, +\& void (*cb)(int write_p, int version, +\& int content_type, const void *buf, +\& size_t len, SSL *ssl, void *arg)); +\& void SSL_set_msg_callback_arg(SSL *ssl, void *arg); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_msg_callback()\fR or \fISSL_set_msg_callback()\fR can be used to +define a message callback function \fIcb\fR for observing all \s-1SSL/TLS\s0 +protocol messages (such as handshake messages) that are received or +sent, as well as other events that occur during processing. +\&\fISSL_CTX_set_msg_callback_arg()\fR and \fISSL_set_msg_callback_arg()\fR +can be used to set argument \fIarg\fR to the callback function, which is +available for arbitrary application use. +.PP +\&\fISSL_CTX_set_msg_callback()\fR and \fISSL_CTX_set_msg_callback_arg()\fR specify +default settings that will be copied to new \fB\s-1SSL\s0\fR objects by +\&\fISSL_new\fR\|(3). \fISSL_set_msg_callback()\fR and +\&\fISSL_set_msg_callback_arg()\fR modify the actual settings of an \fB\s-1SSL\s0\fR +object. Using a \fB\s-1NULL\s0\fR pointer for \fIcb\fR disables the message callback. +.PP +When \fIcb\fR is called by the \s-1SSL/TLS\s0 library the function arguments have the +following meaning: +.IP "\fIwrite_p\fR" 4 +.IX Item "write_p" +This flag is \fB0\fR when a protocol message has been received and \fB1\fR +when a protocol message has been sent. +.IP "\fIversion\fR" 4 +.IX Item "version" +The protocol version according to which the protocol message is +interpreted by the library such as \fB\s-1TLS1_3_VERSION\s0\fR, \fB\s-1TLS1_2_VERSION\s0\fR etc. +This is set to 0 for the \s-1SSL3_RT_HEADER\s0 pseudo content type (see \s-1NOTES\s0 below). +.IP "\fIcontent_type\fR" 4 +.IX Item "content_type" +This is one of the content type values defined in the protocol specification +(\fB\s-1SSL3_RT_CHANGE_CIPHER_SPEC\s0\fR, \fB\s-1SSL3_RT_ALERT\s0\fR, \fB\s-1SSL3_RT_HANDSHAKE\s0\fR; but never +\&\fB\s-1SSL3_RT_APPLICATION_DATA\s0\fR because the callback will only be called for protocol +messages). Alternatively it may be a \*(L"pseudo\*(R" content type. These pseudo +content types are used to signal some other event in the processing of data (see +\&\s-1NOTES\s0 below). +.IP "\fIbuf\fR, \fIlen\fR" 4 +.IX Item "buf, len" +\&\fIbuf\fR points to a buffer containing the protocol message or other data (in the +case of pseudo content types), which consists of \fIlen\fR bytes. The buffer is no +longer valid after the callback function has returned. +.IP "\fIssl\fR" 4 +.IX Item "ssl" +The \fB\s-1SSL\s0\fR object that received or sent the message. +.IP "\fIarg\fR" 4 +.IX Item "arg" +The user-defined argument optionally defined by +\&\fISSL_CTX_set_msg_callback_arg()\fR or \fISSL_set_msg_callback_arg()\fR. +.SH "NOTES" +.IX Header "NOTES" +Protocol messages are passed to the callback function after decryption +and fragment collection where applicable. (Thus record boundaries are +not visible.) +.PP +If processing a received protocol message results in an error, +the callback function may not be called. For example, the callback +function will never see messages that are considered too large to be +processed. +.PP +Due to automatic protocol version negotiation, \fIversion\fR is not +necessarily the protocol version used by the sender of the message: If +a \s-1TLS\s0 1.0 ClientHello message is received by an \s-1SSL\s0 3.0\-only server, +\&\fIversion\fR will be \fB\s-1SSL3_VERSION\s0\fR. +.PP +Pseudo content type values may be sent at various points during the processing +of data. The following pseudo content types are currently defined: +.IP "\fB\s-1SSL3_RT_HEADER\s0\fR" 4 +.IX Item "SSL3_RT_HEADER" +Used when a record is sent or received. The \fBbuf\fR contains the record header +bytes only. +.IP "\fB\s-1SSL3_RT_INNER_CONTENT_TYPE\s0\fR" 4 +.IX Item "SSL3_RT_INNER_CONTENT_TYPE" +Used when an encrypted TLSv1.3 record is sent or received. In encrypted TLSv1.3 +records the content type in the record header is always +\&\s-1SSL3_RT_APPLICATION_DATA\s0. The real content type for the record is contained in +an \*(L"inner\*(R" content type. \fBbuf\fR contains the encoded \*(L"inner\*(R" content type byte. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_msg_callback()\fR, \fISSL_CTX_set_msg_callback_arg()\fR, \fISSL_set_msg_callback()\fR +and \fISSL_set_msg_callback_arg()\fR do not return values. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The pseudo content type \fB\s-1SSL3_RT_INNER_CONTENT_TYPE\s0\fR was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CTX_set_num_tickets.3 b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_num_tickets.3 new file mode 100755 index 0000000..bb1bced --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_num_tickets.3 @@ -0,0 +1,194 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_NUM_TICKETS 3" +.TH SSL_CTX_SET_NUM_TICKETS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_set_num_tickets, +SSL_get_num_tickets, +SSL_CTX_set_num_tickets, +SSL_CTX_get_num_tickets +\&\- control the number of TLSv1.3 session tickets that are issued +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_set_num_tickets(SSL *s, size_t num_tickets); +\& size_t SSL_get_num_tickets(SSL *s); +\& int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets); +\& size_t SSL_CTX_get_num_tickets(SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_num_tickets()\fR and \fISSL_set_num_tickets()\fR can be called for a server +application and set the number of TLSv1.3 session tickets that will be sent to +the client after a full handshake. Set the desired value (which could be 0) in +the \fBnum_tickets\fR argument. Typically these functions should be called before +the start of the handshake. +.PP +The default number of tickets is 2; the default number of tickets sent following +a resumption handshake is 1 but this cannot be changed using these functions. +The number of tickets following a resumption handshake can be reduced to 0 using +custom session ticket callbacks (see \fISSL_CTX_set_session_ticket_cb\fR\|(3)). +.PP +Tickets are also issued on receipt of a post-handshake certificate from the +client following a request by the server using +\&\fISSL_verify_client_post_handshake\fR\|(3). These new tickets will be associated +with the updated client identity (i.e. including their certificate and +verification status). The number of tickets issued will normally be the same as +was used for the initial handshake. If the initial handshake was a full +handshake then \fISSL_set_num_tickets()\fR can be called again prior to calling +\&\fISSL_verify_client_post_handshake()\fR to update the number of tickets that will be +sent. +.PP +\&\fISSL_CTX_get_num_tickets()\fR and \fISSL_get_num_tickets()\fR return the number of +tickets set by a previous call to \fISSL_CTX_set_num_tickets()\fR or +\&\fISSL_set_num_tickets()\fR, or 2 if no such call has been made. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_num_tickets()\fR and \fISSL_set_num_tickets()\fR return 1 on success or 0 on +failure. +.PP +\&\fISSL_CTX_get_num_tickets()\fR and \fISSL_get_num_tickets()\fR return the number of tickets +that have been previously set. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CTX_set_options.3 b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_options.3 new file mode 100755 index 0000000..5a9d110 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_options.3 @@ -0,0 +1,473 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_OPTIONS 3" +.TH SSL_CTX_SET_OPTIONS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_options, SSL_set_options, SSL_CTX_clear_options, +SSL_clear_options, SSL_CTX_get_options, SSL_get_options, +SSL_get_secure_renegotiation_support \- manipulate SSL options +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_set_options(SSL_CTX *ctx, long options); +\& long SSL_set_options(SSL *ssl, long options); +\& +\& long SSL_CTX_clear_options(SSL_CTX *ctx, long options); +\& long SSL_clear_options(SSL *ssl, long options); +\& +\& long SSL_CTX_get_options(SSL_CTX *ctx); +\& long SSL_get_options(SSL *ssl); +\& +\& long SSL_get_secure_renegotiation_support(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_options()\fR adds the options set via bit-mask in \fBoptions\fR to \fBctx\fR. +Options already set before are not cleared! +.PP +\&\fISSL_set_options()\fR adds the options set via bit-mask in \fBoptions\fR to \fBssl\fR. +Options already set before are not cleared! +.PP +\&\fISSL_CTX_clear_options()\fR clears the options set via bit-mask in \fBoptions\fR +to \fBctx\fR. +.PP +\&\fISSL_clear_options()\fR clears the options set via bit-mask in \fBoptions\fR to \fBssl\fR. +.PP +\&\fISSL_CTX_get_options()\fR returns the options set for \fBctx\fR. +.PP +\&\fISSL_get_options()\fR returns the options set for \fBssl\fR. +.PP +\&\fISSL_get_secure_renegotiation_support()\fR indicates whether the peer supports +secure renegotiation. +Note, this is implemented via a macro. +.SH "NOTES" +.IX Header "NOTES" +The behaviour of the \s-1SSL\s0 library can be changed by setting several options. +The options are coded as bit-masks and can be combined by a bitwise \fBor\fR +operation (|). +.PP +\&\fISSL_CTX_set_options()\fR and \fISSL_set_options()\fR affect the (external) +protocol behaviour of the \s-1SSL\s0 library. The (internal) behaviour of +the \s-1API\s0 can be changed by using the similar +\&\fISSL_CTX_set_mode\fR\|(3) and \fISSL_set_mode()\fR functions. +.PP +During a handshake, the option settings of the \s-1SSL\s0 object are used. When +a new \s-1SSL\s0 object is created from a context using \fISSL_new()\fR, the current +option setting is copied. Changes to \fBctx\fR do not affect already created +\&\s-1SSL\s0 objects. \fISSL_clear()\fR does not affect the settings. +.PP +The following \fBbug workaround\fR options are available: +.IP "\s-1SSL_OP_SAFARI_ECDHE_ECDSA_BUG\s0" 4 +.IX Item "SSL_OP_SAFARI_ECDHE_ECDSA_BUG" +Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on \s-1OS\s0 X. +\&\s-1OS\s0 X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers. +.IP "\s-1SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS\s0" 4 +.IX Item "SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS" +Disables a countermeasure against a \s-1SSL\s0 3.0/TLS 1.0 protocol +vulnerability affecting \s-1CBC\s0 ciphers, which cannot be handled by some +broken \s-1SSL\s0 implementations. This option has no effect for connections +using other ciphers. +.IP "\s-1SSL_OP_TLSEXT_PADDING\s0" 4 +.IX Item "SSL_OP_TLSEXT_PADDING" +Adds a padding extension to ensure the ClientHello size is never between +256 and 511 bytes in length. This is needed as a workaround for some +implementations. +.IP "\s-1SSL_OP_ALL\s0" 4 +.IX Item "SSL_OP_ALL" +All of the above bug workarounds plus \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR as +mentioned below. +.PP +It is usually safe to use \fB\s-1SSL_OP_ALL\s0\fR to enable the bug workaround +options if compatibility with somewhat broken implementations is +desired. +.PP +The following \fBmodifying\fR options are available: +.IP "\s-1SSL_OP_TLS_ROLLBACK_BUG\s0" 4 +.IX Item "SSL_OP_TLS_ROLLBACK_BUG" +Disable version rollback attack detection. +.Sp +During the client key exchange, the client must send the same information +about acceptable \s-1SSL/TLS\s0 protocol levels as during the first hello. Some +clients violate this rule by adapting to the server's answer. (Example: +the client sends a SSLv2 hello and accepts up to SSLv3.1=TLSv1, the server +only understands up to SSLv3. In this case the client must still use the +same SSLv3.1=TLSv1 announcement. Some clients step down to SSLv3 with respect +to the server's answer and violate the version rollback protection.) +.IP "\s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0" 4 +.IX Item "SSL_OP_CIPHER_SERVER_PREFERENCE" +When choosing a cipher, use the server's preferences instead of the client +preferences. When not set, the \s-1SSL\s0 server will always follow the clients +preferences. When set, the \s-1SSL/TLS\s0 server will choose following its +own preferences. +.IP "SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1, SSL_OP_NO_TLSv1_2, SSL_OP_NO_TLSv1_3, SSL_OP_NO_DTLSv1, SSL_OP_NO_DTLSv1_2" 4 +.IX Item "SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1, SSL_OP_NO_TLSv1_2, SSL_OP_NO_TLSv1_3, SSL_OP_NO_DTLSv1, SSL_OP_NO_DTLSv1_2" +These options turn off the SSLv3, TLSv1, TLSv1.1, TLSv1.2 or TLSv1.3 protocol +versions with \s-1TLS\s0 or the DTLSv1, DTLSv1.2 versions with \s-1DTLS\s0, +respectively. +As of OpenSSL 1.1.0, these options are deprecated, use +\&\fISSL_CTX_set_min_proto_version\fR\|(3) and +\&\fISSL_CTX_set_max_proto_version\fR\|(3) instead. +.IP "\s-1SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION\s0" 4 +.IX Item "SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION" +When performing renegotiation as a server, always start a new session +(i.e., session resumption requests are only accepted in the initial +handshake). This option is not needed for clients. +.IP "\s-1SSL_OP_NO_COMPRESSION\s0" 4 +.IX Item "SSL_OP_NO_COMPRESSION" +Do not use compression even if it is supported. +.IP "\s-1SSL_OP_NO_QUERY_MTU\s0" 4 +.IX Item "SSL_OP_NO_QUERY_MTU" +Do not query the \s-1MTU\s0. Only affects \s-1DTLS\s0 connections. +.IP "\s-1SSL_OP_COOKIE_EXCHANGE\s0" 4 +.IX Item "SSL_OP_COOKIE_EXCHANGE" +Turn on Cookie Exchange as described in \s-1RFC4347\s0 Section 4.2.1. Only affects +\&\s-1DTLS\s0 connections. +.IP "\s-1SSL_OP_NO_TICKET\s0" 4 +.IX Item "SSL_OP_NO_TICKET" +\&\s-1SSL/TLS\s0 supports two mechanisms for resuming sessions: session ids and stateless +session tickets. +.Sp +When using session ids a copy of the session information is +cached on the server and a unique id is sent to the client. When the client +wishes to resume it provides the unique id so that the server can retrieve the +session information from its cache. +.Sp +When using stateless session tickets the server uses a session ticket encryption +key to encrypt the session information. This encrypted data is sent to the +client as a \*(L"ticket\*(R". When the client wishes to resume it sends the encrypted +data back to the server. The server uses its key to decrypt the data and resume +the session. In this way the server can operate statelessly \- no session +information needs to be cached locally. +.Sp +The TLSv1.3 protocol only supports tickets and does not directly support session +ids. However OpenSSL allows two modes of ticket operation in TLSv1.3: stateful +and stateless. Stateless tickets work the same way as in TLSv1.2 and below. +Stateful tickets mimic the session id behaviour available in TLSv1.2 and below. +The session information is cached on the server and the session id is wrapped up +in a ticket and sent back to the client. When the client wishes to resume, it +presents a ticket in the same way as for stateless tickets. The server can then +extract the session id from the ticket and retrieve the session information from +its cache. +.Sp +By default OpenSSL will use stateless tickets. The \s-1SSL_OP_NO_TICKET\s0 option will +cause stateless tickets to not be issued. In TLSv1.2 and below this means no +ticket gets sent to the client at all. In TLSv1.3 a stateful ticket will be +sent. This is a server-side option only. +.Sp +In TLSv1.3 it is possible to suppress all tickets (stateful and stateless) from +being sent by calling \fISSL_CTX_set_num_tickets\fR\|(3) or +\&\fISSL_set_num_tickets\fR\|(3). +.IP "\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0" 4 +.IX Item "SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION" +Allow legacy insecure renegotiation between OpenSSL and unpatched clients or +servers. See the \fB\s-1SECURE\s0 \s-1RENEGOTIATION\s0\fR section for more details. +.IP "\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0" 4 +.IX Item "SSL_OP_LEGACY_SERVER_CONNECT" +Allow legacy insecure renegotiation between OpenSSL and unpatched servers +\&\fBonly\fR: this option is currently set by default. See the +\&\fB\s-1SECURE\s0 \s-1RENEGOTIATION\s0\fR section for more details. +.IP "\s-1SSL_OP_NO_ENCRYPT_THEN_MAC\s0" 4 +.IX Item "SSL_OP_NO_ENCRYPT_THEN_MAC" +Normally clients and servers will transparently attempt to negotiate the +\&\s-1RFC7366\s0 Encrypt-then-MAC option on \s-1TLS\s0 and \s-1DTLS\s0 connection. +.Sp +If this option is set, Encrypt-then-MAC is disabled. Clients will not +propose, and servers will not accept the extension. +.IP "\s-1SSL_OP_NO_EXTENDED_MASTER_SECRET\s0" 4 +.IX Item "SSL_OP_NO_EXTENDED_MASTER_SECRET" +Normally clients and servers will transparently attempt to negotiate the +\&\s-1RFC7627\s0 Extended Master Secret option on \s-1TLS\s0 and \s-1DTLS\s0 connection. +.Sp +If this option is set, Extended Master Secret is disabled. Clients will +not propose, and servers will not accept the extension. +.IP "\s-1SSL_OP_NO_RENEGOTIATION\s0" 4 +.IX Item "SSL_OP_NO_RENEGOTIATION" +Disable all renegotiation in TLSv1.2 and earlier. Do not send HelloRequest +messages, and ignore renegotiation requests via ClientHello. +.IP "\s-1SSL_OP_ALLOW_NO_DHE_KEX\s0" 4 +.IX Item "SSL_OP_ALLOW_NO_DHE_KEX" +In TLSv1.3 allow a non\-(ec)dhe based key exchange mode on resumption. This means +that there will be no forward secrecy for the resumed session. +.IP "\s-1SSL_OP_PRIORITIZE_CHACHA\s0" 4 +.IX Item "SSL_OP_PRIORITIZE_CHACHA" +When \s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0 is set, temporarily reprioritize +ChaCha20\-Poly1305 ciphers to the top of the server cipher list if a +ChaCha20\-Poly1305 cipher is at the top of the client cipher list. This helps +those clients (e.g. mobile) use ChaCha20\-Poly1305 if that cipher is anywhere +in the server cipher list; but still allows other clients to use \s-1AES\s0 and other +ciphers. Requires \fB\s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0\fR. +.IP "\s-1SSL_OP_ENABLE_MIDDLEBOX_COMPAT\s0" 4 +.IX Item "SSL_OP_ENABLE_MIDDLEBOX_COMPAT" +If set then dummy Change Cipher Spec (\s-1CCS\s0) messages are sent in TLSv1.3. This +has the effect of making TLSv1.3 look more like TLSv1.2 so that middleboxes that +do not understand TLSv1.3 will not drop the connection. Regardless of whether +this option is set or not \s-1CCS\s0 messages received from the peer will always be +ignored in TLSv1.3. This option is set by default. To switch it off use +\&\fISSL_clear_options()\fR. A future version of OpenSSL may not set this by default. +.IP "\s-1SSL_OP_NO_ANTI_REPLAY\s0" 4 +.IX Item "SSL_OP_NO_ANTI_REPLAY" +By default, when a server is configured for early data (i.e., max_early_data > 0), +OpenSSL will switch on replay protection. See \fISSL_read_early_data\fR\|(3) for a +description of the replay protection feature. Anti-replay measures are required +to comply with the TLSv1.3 specification. Some applications may be able to +mitigate the replay risks in other ways and in such cases the built in OpenSSL +functionality is not required. Those applications can turn this feature off by +setting this option. This is a server-side opton only. It is ignored by +clients. +.PP +The following options no longer have any effect but their identifiers are +retained for compatibility purposes: +.IP "\s-1SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG\s0" 4 +.IX Item "SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG" +.PD 0 +.IP "\s-1SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER\s0" 4 +.IX Item "SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER" +.IP "\s-1SSL_OP_SSLEAY_080_CLIENT_DH_BUG\s0" 4 +.IX Item "SSL_OP_SSLEAY_080_CLIENT_DH_BUG" +.IP "\s-1SSL_OP_TLS_D5_BUG\s0" 4 +.IX Item "SSL_OP_TLS_D5_BUG" +.IP "\s-1SSL_OP_TLS_BLOCK_PADDING_BUG\s0" 4 +.IX Item "SSL_OP_TLS_BLOCK_PADDING_BUG" +.IP "\s-1SSL_OP_MSIE_SSLV2_RSA_PADDING\s0" 4 +.IX Item "SSL_OP_MSIE_SSLV2_RSA_PADDING" +.IP "\s-1SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG\s0" 4 +.IX Item "SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG" +.IP "\s-1SSL_OP_MICROSOFT_SESS_ID_BUG\s0" 4 +.IX Item "SSL_OP_MICROSOFT_SESS_ID_BUG" +.IP "\s-1SSL_OP_NETSCAPE_CHALLENGE_BUG\s0" 4 +.IX Item "SSL_OP_NETSCAPE_CHALLENGE_BUG" +.IP "\s-1SSL_OP_PKCS1_CHECK_1\s0" 4 +.IX Item "SSL_OP_PKCS1_CHECK_1" +.IP "\s-1SSL_OP_PKCS1_CHECK_2\s0" 4 +.IX Item "SSL_OP_PKCS1_CHECK_2" +.IP "\s-1SSL_OP_SINGLE_DH_USE\s0" 4 +.IX Item "SSL_OP_SINGLE_DH_USE" +.IP "\s-1SSL_OP_SINGLE_ECDH_USE\s0" 4 +.IX Item "SSL_OP_SINGLE_ECDH_USE" +.IP "\s-1SSL_OP_EPHEMERAL_RSA\s0" 4 +.IX Item "SSL_OP_EPHEMERAL_RSA" +.PD +.SH "SECURE RENEGOTIATION" +.IX Header "SECURE RENEGOTIATION" +OpenSSL always attempts to use secure renegotiation as +described in \s-1RFC5746\s0. This counters the prefix attack described in +\&\s-1CVE\-2009\-3555\s0 and elsewhere. +.PP +This attack has far reaching consequences which application writers should be +aware of. In the description below an implementation supporting secure +renegotiation is referred to as \fIpatched\fR. A server not supporting secure +renegotiation is referred to as \fIunpatched\fR. +.PP +The following sections describe the operations permitted by OpenSSL's secure +renegotiation implementation. +.SS "Patched client and server" +.IX Subsection "Patched client and server" +Connections and renegotiation are always permitted by OpenSSL implementations. +.SS "Unpatched client and patched OpenSSL server" +.IX Subsection "Unpatched client and patched OpenSSL server" +The initial connection succeeds but client renegotiation is denied by the +server with a \fBno_renegotiation\fR warning alert if \s-1TLS\s0 v1.0 is used or a fatal +\&\fBhandshake_failure\fR alert in \s-1SSL\s0 v3.0. +.PP +If the patched OpenSSL server attempts to renegotiate a fatal +\&\fBhandshake_failure\fR alert is sent. This is because the server code may be +unaware of the unpatched nature of the client. +.PP +If the option \fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR is set then +renegotiation \fBalways\fR succeeds. +.SS "Patched OpenSSL client and unpatched server" +.IX Subsection "Patched OpenSSL client and unpatched server" +If the option \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR or +\&\fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR is set then initial connections +and renegotiation between patched OpenSSL clients and unpatched servers +succeeds. If neither option is set then initial connections to unpatched +servers will fail. +.PP +The option \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR is currently set by default even +though it has security implications: otherwise it would be impossible to +connect to unpatched servers (i.e. all of them initially) and this is clearly +not acceptable. Renegotiation is permitted because this does not add any +additional security issues: during an attack clients do not see any +renegotiations anyway. +.PP +As more servers become patched the option \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR will +\&\fBnot\fR be set by default in a future version of OpenSSL. +.PP +OpenSSL client applications wishing to ensure they can connect to unpatched +servers should always \fBset\fR \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR +.PP +OpenSSL client applications that want to ensure they can \fBnot\fR connect to +unpatched servers (and thus avoid any security issues) should always \fBclear\fR +\&\fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR using \fISSL_CTX_clear_options()\fR or +\&\fISSL_clear_options()\fR. +.PP +The difference between the \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR and +\&\fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR options is that +\&\fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR enables initial connections and secure +renegotiation between OpenSSL clients and unpatched servers \fBonly\fR, while +\&\fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR allows initial connections +and renegotiation between OpenSSL and unpatched clients or servers. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_options()\fR and \fISSL_set_options()\fR return the new options bit-mask +after adding \fBoptions\fR. +.PP +\&\fISSL_CTX_clear_options()\fR and \fISSL_clear_options()\fR return the new options bit-mask +after clearing \fBoptions\fR. +.PP +\&\fISSL_CTX_get_options()\fR and \fISSL_get_options()\fR return the current bit-mask. +.PP +\&\fISSL_get_secure_renegotiation_support()\fR returns 1 is the peer supports +secure renegotiation and 0 if it does not. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_new\fR\|(3), \fISSL_clear\fR\|(3), +\&\fISSL_CTX_set_tmp_dh_callback\fR\|(3), +\&\fISSL_CTX_set_min_proto_version\fR\|(3), +\&\fIopenssl\-dhparam\fR\|(1) +.SH "HISTORY" +.IX Header "HISTORY" +The attempt to always try to use secure renegotiation was added in +OpenSSL 0.9.8m. +.PP +The \fB\s-1SSL_OP_PRIORITIZE_CHACHA\s0\fR and \fB\s-1SSL_OP_NO_RENEGOTIATION\s0\fR options +were added in OpenSSL 1.1.1. +.PP +The \fB\s-1SSL_OP_NO_EXTENDED_MASTER_SECRET\s0\fR option was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CTX_set_psk_client_callback.3 b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_psk_client_callback.3 new file mode 100755 index 0000000..b98fb61 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_psk_client_callback.3 @@ -0,0 +1,290 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_PSK_CLIENT_CALLBACK 3" +.TH SSL_CTX_SET_PSK_CLIENT_CALLBACK 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_psk_client_cb_func, +SSL_psk_use_session_cb_func, +SSL_CTX_set_psk_client_callback, +SSL_set_psk_client_callback, +SSL_CTX_set_psk_use_session_callback, +SSL_set_psk_use_session_callback +\&\- set PSK client callback +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef int (*SSL_psk_use_session_cb_func)(SSL *ssl, const EVP_MD *md, +\& const unsigned char **id, +\& size_t *idlen, +\& SSL_SESSION **sess); +\& +\& +\& void SSL_CTX_set_psk_use_session_callback(SSL_CTX *ctx, +\& SSL_psk_use_session_cb_func cb); +\& void SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb); +\& +\& +\& typedef unsigned int (*SSL_psk_client_cb_func)(SSL *ssl, +\& const char *hint, +\& char *identity, +\& unsigned int max_identity_len, +\& unsigned char *psk, +\& unsigned int max_psk_len); +\& +\& void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, SSL_psk_client_cb_func cb); +\& void SSL_set_psk_client_callback(SSL *ssl, SSL_psk_client_cb_func cb); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A client application wishing to use TLSv1.3 PSKs should use either +\&\fISSL_CTX_set_psk_use_session_callback()\fR or \fISSL_set_psk_use_session_callback()\fR as +appropriate. These functions cannot be used for TLSv1.2 and below PSKs. +.PP +The callback function is given a pointer to the \s-1SSL\s0 connection in \fBssl\fR. +.PP +The first time the callback is called for a connection the \fBmd\fR parameter is +\&\s-1NULL\s0. In some circumstances the callback will be called a second time. In that +case the server will have specified a ciphersuite to use already and the \s-1PSK\s0 +must be compatible with the digest for that ciphersuite. The digest will be +given in \fBmd\fR. The \s-1PSK\s0 returned by the callback is allowed to be different +between the first and second time it is called. +.PP +On successful completion the callback must store a pointer to an identifier for +the \s-1PSK\s0 in \fB*id\fR. The identifier length in bytes should be stored in \fB*idlen\fR. +The memory pointed to by \fB*id\fR remains owned by the application and should +be freed by it as required at any point after the handshake is complete. +.PP +Additionally the callback should store a pointer to an \s-1SSL_SESSION\s0 object in +\&\fB*sess\fR. This is used as the basis for the \s-1PSK\s0, and should, at a minimum, have +the following fields set: +.IP "The master key" 4 +.IX Item "The master key" +This can be set via a call to \fISSL_SESSION_set1_master_key\fR\|(3). +.IP "A ciphersuite" 4 +.IX Item "A ciphersuite" +Only the handshake digest associated with the ciphersuite is relevant for the +\&\s-1PSK\s0 (the server may go on to negotiate any ciphersuite which is compatible with +the digest). The application can use any TLSv1.3 ciphersuite. If \fBmd\fR is +not \s-1NULL\s0 the handshake digest for the ciphersuite should be the same. +The ciphersuite can be set via a call to <\fISSL_SESSION_set_cipher\fR\|(3)>. The +handshake digest of an \s-1SSL_CIPHER\s0 object can be checked using +<\fISSL_CIPHER_get_handshake_digest\fR\|(3)>. +.IP "The protocol version" 4 +.IX Item "The protocol version" +This can be set via a call to \fISSL_SESSION_set_protocol_version\fR\|(3) and should +be \s-1TLS1_3_VERSION\s0. +.PP +Additionally the maximum early data value should be set via a call to +\&\fISSL_SESSION_set_max_early_data\fR\|(3) if the \s-1PSK\s0 will be used for sending early +data. +.PP +Alternatively an \s-1SSL_SESSION\s0 created from a previous non-PSK handshake may also +be used as the basis for a \s-1PSK\s0. +.PP +Ownership of the \s-1SSL_SESSION\s0 object is passed to the OpenSSL library and so it +should not be freed by the application. +.PP +It is also possible for the callback to succeed but not supply a \s-1PSK\s0. In this +case no \s-1PSK\s0 will be sent to the server but the handshake will continue. To do +this the callback should return successfully and ensure that \fB*sess\fR is +\&\s-1NULL\s0. The contents of \fB*id\fR and \fB*idlen\fR will be ignored. +.PP +A client application wishing to use \s-1PSK\s0 ciphersuites for TLSv1.2 and below must +provide a different callback function. This function will be called when the +client is sending the ClientKeyExchange message to the server. +.PP +The purpose of the callback function is to select the \s-1PSK\s0 identity and +the pre-shared key to use during the connection setup phase. +.PP +The callback is set using functions \fISSL_CTX_set_psk_client_callback()\fR +or \fISSL_set_psk_client_callback()\fR. The callback function is given the +connection in parameter \fBssl\fR, a \fB\s-1NULL\s0\fR\-terminated \s-1PSK\s0 identity hint +sent by the server in parameter \fBhint\fR, a buffer \fBidentity\fR of +length \fBmax_identity_len\fR bytes where the resulting +\&\fB\s-1NUL\s0\fR\-terminated identity is to be stored, and a buffer \fBpsk\fR of +length \fBmax_psk_len\fR bytes where the resulting pre-shared key is to +be stored. +.PP +The callback for use in TLSv1.2 will also work in TLSv1.3 although it is +recommended to use \fISSL_CTX_set_psk_use_session_callback()\fR +or \fISSL_set_psk_use_session_callback()\fR for this purpose instead. If TLSv1.3 has +been negotiated then OpenSSL will first check to see if a callback has been set +via \fISSL_CTX_set_psk_use_session_callback()\fR or \fISSL_set_psk_use_session_callback()\fR +and it will use that in preference. If no such callback is present then it will +check to see if a callback has been set via \fISSL_CTX_set_psk_client_callback()\fR or +\&\fISSL_set_psk_client_callback()\fR and use that. In this case the \fBhint\fR value will +always be \s-1NULL\s0 and the handshake digest will default to \s-1SHA\-256\s0 for any returned +\&\s-1PSK\s0. +.SH "NOTES" +.IX Header "NOTES" +Note that parameter \fBhint\fR given to the callback may be \fB\s-1NULL\s0\fR. +.PP +A connection established via a TLSv1.3 \s-1PSK\s0 will appear as if session resumption +has occurred so that \fISSL_session_reused\fR\|(3) will return true. +.PP +There are no known security issues with sharing the same \s-1PSK\s0 between TLSv1.2 (or +below) and TLSv1.3. However the \s-1RFC\s0 has this note of caution: +.PP +\&\*(L"While there is no known way in which the same \s-1PSK\s0 might produce related output +in both versions, only limited analysis has been done. Implementations can +ensure safety from cross-protocol related output by not reusing PSKs between +\&\s-1TLS\s0 1.3 and \s-1TLS\s0 1.2.\*(R" +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Return values from the \fBSSL_psk_client_cb_func\fR callback are interpreted as +follows: +.PP +On success (callback found a \s-1PSK\s0 identity and a pre-shared key to use) +the length (> 0) of \fBpsk\fR in bytes is returned. +.PP +Otherwise or on errors the callback should return 0. In this case +the connection setup fails. +.PP +The SSL_psk_use_session_cb_func callback should return 1 on success or 0 on +failure. In the event of failure the connection setup fails. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_CTX_set_psk_find_session_callback\fR\|(3), +\&\fISSL_set_psk_find_session_callback\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fISSL_CTX_set_psk_use_session_callback()\fR and \fISSL_set_psk_use_session_callback()\fR +were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CTX_set_quiet_shutdown.3 b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_quiet_shutdown.3 new file mode 100755 index 0000000..1d6a4a4 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_quiet_shutdown.3 @@ -0,0 +1,194 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_QUIET_SHUTDOWN 3" +.TH SSL_CTX_SET_QUIET_SHUTDOWN 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_quiet_shutdown, SSL_CTX_get_quiet_shutdown, SSL_set_quiet_shutdown, SSL_get_quiet_shutdown \- manipulate shutdown behaviour +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode); +\& int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx); +\& +\& void SSL_set_quiet_shutdown(SSL *ssl, int mode); +\& int SSL_get_quiet_shutdown(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_quiet_shutdown()\fR sets the \*(L"quiet shutdown\*(R" flag for \fBctx\fR to be +\&\fBmode\fR. \s-1SSL\s0 objects created from \fBctx\fR inherit the \fBmode\fR valid at the time +\&\fISSL_new\fR\|(3) is called. \fBmode\fR may be 0 or 1. +.PP +\&\fISSL_CTX_get_quiet_shutdown()\fR returns the \*(L"quiet shutdown\*(R" setting of \fBctx\fR. +.PP +\&\fISSL_set_quiet_shutdown()\fR sets the \*(L"quiet shutdown\*(R" flag for \fBssl\fR to be +\&\fBmode\fR. The setting stays valid until \fBssl\fR is removed with +\&\fISSL_free\fR\|(3) or \fISSL_set_quiet_shutdown()\fR is called again. +It is not changed when \fISSL_clear\fR\|(3) is called. +\&\fBmode\fR may be 0 or 1. +.PP +\&\fISSL_get_quiet_shutdown()\fR returns the \*(L"quiet shutdown\*(R" setting of \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +Normally when a \s-1SSL\s0 connection is finished, the parties must send out +close_notify alert messages using \fISSL_shutdown\fR\|(3) +for a clean shutdown. +.PP +When setting the \*(L"quiet shutdown\*(R" flag to 1, \fISSL_shutdown\fR\|(3) +will set the internal flags to SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN. +(\fISSL_shutdown\fR\|(3) then behaves like +\&\fISSL_set_shutdown\fR\|(3) called with +SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN.) +The session is thus considered to be shutdown, but no close_notify alert +is sent to the peer. This behaviour violates the \s-1TLS\s0 standard. +.PP +The default is normal shutdown behaviour as described by the \s-1TLS\s0 standard. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_quiet_shutdown()\fR and \fISSL_set_quiet_shutdown()\fR do not return +diagnostic information. +.PP +\&\fISSL_CTX_get_quiet_shutdown()\fR and SSL_get_quiet_shutdown return the current +setting. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_shutdown\fR\|(3), +\&\fISSL_set_shutdown\fR\|(3), \fISSL_new\fR\|(3), +\&\fISSL_clear\fR\|(3), \fISSL_free\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CTX_set_read_ahead.3 b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_read_ahead.3 new file mode 100755 index 0000000..a6c5e10 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_read_ahead.3 @@ -0,0 +1,196 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_READ_AHEAD 3" +.TH SSL_CTX_SET_READ_AHEAD 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_read_ahead, SSL_CTX_get_read_ahead, +SSL_set_read_ahead, SSL_get_read_ahead, +SSL_CTX_get_default_read_ahead +\&\- manage whether to read as many input bytes as possible +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_set_read_ahead(SSL *s, int yes); +\& int SSL_get_read_ahead(const SSL *s); +\& +\& SSL_CTX_set_read_ahead(SSL_CTX *ctx, int yes); +\& long SSL_CTX_get_read_ahead(SSL_CTX *ctx); +\& long SSL_CTX_get_default_read_ahead(SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_read_ahead()\fR and \fISSL_set_read_ahead()\fR set whether we should read as +many input bytes as possible (for non-blocking reads) or not. For example if +\&\fBx\fR bytes are currently required by OpenSSL, but \fBy\fR bytes are available from +the underlying \s-1BIO\s0 (where \fBy\fR > \fBx\fR), then OpenSSL will read all \fBy\fR bytes +into its buffer (providing that the buffer is large enough) if reading ahead is +on, or \fBx\fR bytes otherwise. +Setting the parameter \fByes\fR to 0 turns reading ahead is off, other values turn +it on. +\&\fISSL_CTX_set_default_read_ahead()\fR is identical to \fISSL_CTX_set_read_ahead()\fR. +.PP +\&\fISSL_CTX_get_read_ahead()\fR and \fISSL_get_read_ahead()\fR indicate whether reading +ahead has been set or not. +\&\fISSL_CTX_get_default_read_ahead()\fR is identical to \fISSL_CTX_get_read_ahead()\fR. +.SH "NOTES" +.IX Header "NOTES" +These functions have no impact when used with \s-1DTLS\s0. The return values for +\&\fISSL_CTX_get_read_head()\fR and \fISSL_get_read_ahead()\fR are undefined for \s-1DTLS\s0. Setting +\&\fBread_ahead\fR can impact the behaviour of the \fISSL_pending()\fR function +(see \fISSL_pending\fR\|(3)). +.PP +Since \fISSL_read()\fR can return \fB\s-1SSL_ERROR_WANT_READ\s0\fR for non-application data +records, and \fISSL_has_pending()\fR can't tell the difference between processed and +unprocessed data, it's recommended that if read ahead is turned on that +\&\fB\s-1SSL_MODE_AUTO_RETRY\s0\fR is not turned off using \fISSL_CTX_clear_mode()\fR. +That will prevent getting \fB\s-1SSL_ERROR_WANT_READ\s0\fR when there is still a complete +record available that hasn't been processed. +.PP +If the application wants to continue to use the underlying transport (e.g. \s-1TCP\s0 +connection) after the \s-1SSL\s0 connection is finished using \fISSL_shutdown()\fR reading +ahead should be turned off. +Otherwise the \s-1SSL\s0 structure might read data that it shouldn't. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_get_read_ahead()\fR and \fISSL_CTX_get_read_ahead()\fR return 0 if reading ahead is off, +and non zero otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_pending\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CTX_set_record_padding_callback.3 b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_record_padding_callback.3 new file mode 100755 index 0000000..912c490 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_record_padding_callback.3 @@ -0,0 +1,217 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_RECORD_PADDING_CALLBACK 3" +.TH SSL_CTX_SET_RECORD_PADDING_CALLBACK 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_record_padding_callback, +SSL_set_record_padding_callback, +SSL_CTX_set_record_padding_callback_arg, +SSL_set_record_padding_callback_arg, +SSL_CTX_get_record_padding_callback_arg, +SSL_get_record_padding_callback_arg, +SSL_CTX_set_block_padding, +SSL_set_block_padding \- install callback to specify TLS 1.3 record padding +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx, size_t (*cb)(SSL *s, int type, size_t len, void *arg)); +\& void SSL_set_record_padding_callback(SSL *ssl, size_t (*cb)(SSL *s, int type, size_t len, void *arg)); +\& +\& void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg); +\& void *SSL_CTX_get_record_padding_callback_arg(const SSL_CTX *ctx); +\& +\& void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg); +\& void *SSL_get_record_padding_callback_arg(const SSL *ssl); +\& +\& int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size); +\& int SSL_set_block_padding(SSL *ssl, size_t block_size); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_record_padding_callback()\fR or \fISSL_set_record_padding_callback()\fR +can be used to assign a callback function \fIcb\fR to specify the padding +for \s-1TLS\s0 1.3 records. The value set in \fBctx\fR is copied to a new \s-1SSL\s0 by \fISSL_new()\fR. +.PP +\&\fISSL_CTX_set_record_padding_callback_arg()\fR and \fISSL_set_record_padding_callback_arg()\fR +assign a value \fBarg\fR that is passed to the callback when it is invoked. The value +set in \fBctx\fR is copied to a new \s-1SSL\s0 by \fISSL_new()\fR. +.PP +\&\fISSL_CTX_get_record_padding_callback_arg()\fR and \fISSL_get_record_padding_callback_arg()\fR +retrieve the \fBarg\fR value that is passed to the callback. +.PP +\&\fISSL_CTX_set_block_padding()\fR and \fISSL_set_block_padding()\fR pads the record to a multiple +of the \fBblock_size\fR. A \fBblock_size\fR of 0 or 1 disables block padding. The limit of +\&\fBblock_size\fR is \s-1SSL3_RT_MAX_PLAIN_LENGTH\s0. +.PP +The callback is invoked for every record before encryption. +The \fBtype\fR parameter is the \s-1TLS\s0 record type that is being processed; may be +one of \s-1SSL3_RT_APPLICATION_DATA\s0, \s-1SSL3_RT_HANDSHAKE\s0, or \s-1SSL3_RT_ALERT\s0. +The \fBlen\fR parameter is the current plaintext length of the record before encryption. +The \fBarg\fR parameter is the value set via \fISSL_CTX_set_record_padding_callback_arg()\fR +or \fISSL_set_record_padding_callback_arg()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The \fISSL_CTX_get_record_padding_callback_arg()\fR and \fISSL_get_record_padding_callback_arg()\fR +functions return the \fBarg\fR value assigned in the corresponding set functions. +.PP +The \fISSL_CTX_set_block_padding()\fR and \fISSL_set_block_padding()\fR functions return 1 on success +or 0 if \fBblock_size\fR is too large. +.PP +The \fBcb\fR returns the number of padding bytes to add to the record. A return of 0 +indicates no padding will be added. A return value that causes the record to +exceed the maximum record size (\s-1SSL3_RT_MAX_PLAIN_LENGTH\s0) will pad out to the +maximum record size. +.SH "NOTES" +.IX Header "NOTES" +The default behavior is to add no padding to the record. +.PP +A user-supplied padding callback function will override the behavior set by +\&\fISSL_set_block_padding()\fR or \fISSL_CTX_set_block_padding()\fR. Setting the user-supplied +callback to \s-1NULL\s0 will restore the configured block padding behavior. +.PP +These functions only apply to \s-1TLS\s0 1.3 records being written. +.PP +Padding bytes are not added in constant-time. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The record padding \s-1API\s0 was added for \s-1TLS\s0 1.3 support in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CTX_set_security_level.3 b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_security_level.3 new file mode 100755 index 0000000..e04e8b3 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_security_level.3 @@ -0,0 +1,303 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_SECURITY_LEVEL 3" +.TH SSL_CTX_SET_SECURITY_LEVEL 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_security_level, SSL_set_security_level, SSL_CTX_get_security_level, SSL_get_security_level, SSL_CTX_set_security_callback, SSL_set_security_callback, SSL_CTX_get_security_callback, SSL_get_security_callback, SSL_CTX_set0_security_ex_data, SSL_set0_security_ex_data, SSL_CTX_get0_security_ex_data, SSL_get0_security_ex_data \- SSL/TLS security framework +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_set_security_level(SSL_CTX *ctx, int level); +\& void SSL_set_security_level(SSL *s, int level); +\& +\& int SSL_CTX_get_security_level(const SSL_CTX *ctx); +\& int SSL_get_security_level(const SSL *s); +\& +\& void SSL_CTX_set_security_callback(SSL_CTX *ctx, +\& int (*cb)(SSL *s, SSL_CTX *ctx, int op, +\& int bits, int nid, +\& void *other, void *ex)); +\& +\& void SSL_set_security_callback(SSL *s, int (*cb)(SSL *s, SSL_CTX *ctx, int op, +\& int bits, int nid, +\& void *other, void *ex)); +\& +\& int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx))(SSL *s, SSL_CTX *ctx, int op, +\& int bits, int nid, void *other, +\& void *ex); +\& int (*SSL_get_security_callback(const SSL *s))(SSL *s, SSL_CTX *ctx, int op, +\& int bits, int nid, void *other, +\& void *ex); +\& +\& void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex); +\& void SSL_set0_security_ex_data(SSL *s, void *ex); +\& +\& void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx); +\& void *SSL_get0_security_ex_data(const SSL *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The functions \fISSL_CTX_set_security_level()\fR and \fISSL_set_security_level()\fR set +the security level to \fBlevel\fR. If not set the library default security level +is used. +.PP +The functions \fISSL_CTX_get_security_level()\fR and \fISSL_get_security_level()\fR +retrieve the current security level. +.PP +\&\fISSL_CTX_set_security_callback()\fR, \fISSL_set_security_callback()\fR, +\&\fISSL_CTX_get_security_callback()\fR and \fISSL_get_security_callback()\fR get or set +the security callback associated with \fBctx\fR or \fBs\fR. If not set a default +security callback is used. The meaning of the parameters and the behaviour +of the default callbacks is described below. +.PP +\&\fISSL_CTX_set0_security_ex_data()\fR, \fISSL_set0_security_ex_data()\fR, +\&\fISSL_CTX_get0_security_ex_data()\fR and \fISSL_get0_security_ex_data()\fR set the +extra data pointer passed to the \fBex\fR parameter of the callback. This +value is passed to the callback verbatim and can be set to any convenient +application specific value. +.SH "DEFAULT CALLBACK BEHAVIOUR" +.IX Header "DEFAULT CALLBACK BEHAVIOUR" +If an application doesn't set its own security callback the default +callback is used. It is intended to provide sane defaults. The meaning +of each level is described below. +.IP "\fBLevel 0\fR" 4 +.IX Item "Level 0" +Everything is permitted. This retains compatibility with previous versions of +OpenSSL. +.IP "\fBLevel 1\fR" 4 +.IX Item "Level 1" +The security level corresponds to a minimum of 80 bits of security. Any +parameters offering below 80 bits of security are excluded. As a result \s-1RSA\s0, +\&\s-1DSA\s0 and \s-1DH\s0 keys shorter than 1024 bits and \s-1ECC\s0 keys shorter than 160 bits +are prohibited. All export cipher suites are prohibited since they all offer +less than 80 bits of security. \s-1SSL\s0 version 2 is prohibited. Any cipher suite +using \s-1MD5\s0 for the \s-1MAC\s0 is also prohibited. +.IP "\fBLevel 2\fR" 4 +.IX Item "Level 2" +Security level set to 112 bits of security. As a result \s-1RSA\s0, \s-1DSA\s0 and \s-1DH\s0 keys +shorter than 2048 bits and \s-1ECC\s0 keys shorter than 224 bits are prohibited. +In addition to the level 1 exclusions any cipher suite using \s-1RC4\s0 is also +prohibited. \s-1SSL\s0 version 3 is also not allowed. Compression is disabled. +.IP "\fBLevel 3\fR" 4 +.IX Item "Level 3" +Security level set to 128 bits of security. As a result \s-1RSA\s0, \s-1DSA\s0 and \s-1DH\s0 keys +shorter than 3072 bits and \s-1ECC\s0 keys shorter than 256 bits are prohibited. +In addition to the level 2 exclusions cipher suites not offering forward +secrecy are prohibited. \s-1TLS\s0 versions below 1.1 are not permitted. Session +tickets are disabled. +.IP "\fBLevel 4\fR" 4 +.IX Item "Level 4" +Security level set to 192 bits of security. As a result \s-1RSA\s0, \s-1DSA\s0 and +\&\s-1DH\s0 keys shorter than 7680 bits and \s-1ECC\s0 keys shorter than 384 bits are +prohibited. Cipher suites using \s-1SHA1\s0 for the \s-1MAC\s0 are prohibited. \s-1TLS\s0 +versions below 1.2 are not permitted. +.IP "\fBLevel 5\fR" 4 +.IX Item "Level 5" +Security level set to 256 bits of security. As a result \s-1RSA\s0, \s-1DSA\s0 and \s-1DH\s0 keys +shorter than 15360 bits and \s-1ECC\s0 keys shorter than 512 bits are prohibited. +.SH "APPLICATION DEFINED SECURITY CALLBACKS" +.IX Header "APPLICATION DEFINED SECURITY CALLBACKS" +\&\fIDocumentation to be provided.\fR +.SH "NOTES" +.IX Header "NOTES" +\&\fB\s-1WARNING\s0\fR at this time setting the security level higher than 1 for +general internet use is likely to cause \fBconsiderable\fR interoperability +issues and is not recommended. This is because the \fB\s-1SHA1\s0\fR algorithm +is very widely used in certificates and will be rejected at levels +higher than 1 because it only offers 80 bits of security. +.PP +The default security level can be configured when OpenSSL is compiled by +setting \fB\-DOPENSSL_TLS_SECURITY_LEVEL=level\fR. If not set then 1 is used. +.PP +The security framework disables or reject parameters inconsistent with the +set security level. In the past this was difficult as applications had to set +a number of distinct parameters (supported ciphers, supported curves supported +signature algorithms) to achieve this end and some cases (\s-1DH\s0 parameter size +for example) could not be checked at all. +.PP +By setting an appropriate security level much of this complexity can be +avoided. +.PP +The bits of security limits affect all relevant parameters including +cipher suite encryption algorithms, supported \s-1ECC\s0 curves, supported +signature algorithms, \s-1DH\s0 parameter sizes, certificate key sizes and +signature algorithms. This limit applies no matter what other custom +settings an application has set: so if the cipher suite is set to \fB\s-1ALL\s0\fR +then only cipher suites consistent with the security level are permissible. +.PP +See \s-1SP800\-57\s0 for how the security limits are related to individual +algorithms. +.PP +Some security levels require large key sizes for non-ECC public key +algorithms which can severely degrade performance. For example 256 bits +of security requires the use of \s-1RSA\s0 keys of at least 15360 bits in size. +.PP +Some restrictions can be gracefully handled: for example cipher suites +offering insufficient security are not sent by the client and will not +be selected by the server. Other restrictions such as the peer certificate +key size or the \s-1DH\s0 parameter size will abort the handshake with a fatal +alert. +.PP +Attempts to set certificates or parameters with insufficient security are +also blocked. For example trying to set a certificate using a 512 bit \s-1RSA\s0 +key using \fISSL_CTX_use_certificate()\fR at level 1. Applications which do not +check the return values for errors will misbehave: for example it might +appear that a certificate is not set at all because it had been rejected. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_security_level()\fR and \fISSL_set_security_level()\fR do not return values. +.PP +\&\fISSL_CTX_get_security_level()\fR and \fISSL_get_security_level()\fR return a integer that +represents the security level with \fB\s-1SSL_CTX\s0\fR or \fB\s-1SSL\s0\fR, respectively. +.PP +\&\fISSL_CTX_set_security_callback()\fR and \fISSL_set_security_callback()\fR do not return +values. +.PP +\&\fISSL_CTX_get_security_callback()\fR and \fISSL_get_security_callback()\fR return the pointer +to the security callback or \s-1NULL\s0 if the callback is not set. +.PP +\&\fISSL_CTX_get0_security_ex_data()\fR and \fISSL_get0_security_ex_data()\fR return the extra +data pointer or \s-1NULL\s0 if the ex data is not set. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2014\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CTX_set_session_cache_mode.3 b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_session_cache_mode.3 new file mode 100755 index 0000000..d4e1838 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_session_cache_mode.3 @@ -0,0 +1,249 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_SESSION_CACHE_MODE 3" +.TH SSL_CTX_SET_SESSION_CACHE_MODE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_session_cache_mode, SSL_CTX_get_session_cache_mode \- enable/disable session caching +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_set_session_cache_mode(SSL_CTX ctx, long mode); +\& long SSL_CTX_get_session_cache_mode(SSL_CTX ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_session_cache_mode()\fR enables/disables session caching +by setting the operational mode for \fBctx\fR to . +.PP +\&\fISSL_CTX_get_session_cache_mode()\fR returns the currently used cache mode. +.SH "NOTES" +.IX Header "NOTES" +The OpenSSL library can store/retrieve \s-1SSL/TLS\s0 sessions for later reuse. +The sessions can be held in memory for each \fBctx\fR, if more than one +\&\s-1SSL_CTX\s0 object is being maintained, the sessions are unique for each \s-1SSL_CTX\s0 +object. +.PP +In order to reuse a session, a client must send the session's id to the +server. It can only send exactly one id. The server then either +agrees to reuse the session or it starts a full handshake (to create a new +session). +.PP +A server will look up the session in its internal session storage. If the +session is not found in internal storage or lookups for the internal storage +have been deactivated (\s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0), the server will try +the external storage if available. +.PP +Since a client may try to reuse a session intended for use in a different +context, the session id context must be set by the server (see +\&\fISSL_CTX_set_session_id_context\fR\|(3)). +.PP +The following session cache modes and modifiers are available: +.IP "\s-1SSL_SESS_CACHE_OFF\s0" 4 +.IX Item "SSL_SESS_CACHE_OFF" +No session caching for client or server takes place. +.IP "\s-1SSL_SESS_CACHE_CLIENT\s0" 4 +.IX Item "SSL_SESS_CACHE_CLIENT" +Client sessions are added to the session cache. As there is no reliable way +for the OpenSSL library to know whether a session should be reused or which +session to choose (due to the abstract \s-1BIO\s0 layer the \s-1SSL\s0 engine does not +have details about the connection), the application must select the session +to be reused by using the \fISSL_set_session\fR\|(3) +function. This option is not activated by default. +.IP "\s-1SSL_SESS_CACHE_SERVER\s0" 4 +.IX Item "SSL_SESS_CACHE_SERVER" +Server sessions are added to the session cache. When a client proposes a +session to be reused, the server looks for the corresponding session in (first) +the internal session cache (unless \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0 is set), +then (second) in the external cache if available. If the session is found, the +server will try to reuse the session. This is the default. +.IP "\s-1SSL_SESS_CACHE_BOTH\s0" 4 +.IX Item "SSL_SESS_CACHE_BOTH" +Enable both \s-1SSL_SESS_CACHE_CLIENT\s0 and \s-1SSL_SESS_CACHE_SERVER\s0 at the same time. +.IP "\s-1SSL_SESS_CACHE_NO_AUTO_CLEAR\s0" 4 +.IX Item "SSL_SESS_CACHE_NO_AUTO_CLEAR" +Normally the session cache is checked for expired sessions every +255 connections using the +\&\fISSL_CTX_flush_sessions\fR\|(3) function. Since +this may lead to a delay which cannot be controlled, the automatic +flushing may be disabled and +\&\fISSL_CTX_flush_sessions\fR\|(3) can be called +explicitly by the application. +.IP "\s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0" 4 +.IX Item "SSL_SESS_CACHE_NO_INTERNAL_LOOKUP" +By setting this flag, session-resume operations in an \s-1SSL/TLS\s0 server will not +automatically look up sessions in the internal cache, even if sessions are +automatically stored there. If external session caching callbacks are in use, +this flag guarantees that all lookups are directed to the external cache. +As automatic lookup only applies for \s-1SSL/TLS\s0 servers, the flag has no effect on +clients. +.IP "\s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0" 4 +.IX Item "SSL_SESS_CACHE_NO_INTERNAL_STORE" +Depending on the presence of \s-1SSL_SESS_CACHE_CLIENT\s0 and/or \s-1SSL_SESS_CACHE_SERVER\s0, +sessions negotiated in an \s-1SSL/TLS\s0 handshake may be cached for possible reuse. +Normally a new session is added to the internal cache as well as any external +session caching (callback) that is configured for the \s-1SSL_CTX\s0. This flag will +prevent sessions being stored in the internal cache (though the application can +add them manually using \fISSL_CTX_add_session\fR\|(3)). Note: +in any \s-1SSL/TLS\s0 servers where external caching is configured, any successful +session lookups in the external cache (ie. for session-resume requests) would +normally be copied into the local cache before processing continues \- this flag +prevents these additions to the internal cache as well. +.IP "\s-1SSL_SESS_CACHE_NO_INTERNAL\s0" 4 +.IX Item "SSL_SESS_CACHE_NO_INTERNAL" +Enable both \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0 and +\&\s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0 at the same time. +.PP +The default mode is \s-1SSL_SESS_CACHE_SERVER\s0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_session_cache_mode()\fR returns the previously set cache mode. +.PP +\&\fISSL_CTX_get_session_cache_mode()\fR returns the currently set cache mode. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_set_session\fR\|(3), +\&\fISSL_session_reused\fR\|(3), +\&\fISSL_CTX_add_session\fR\|(3), +\&\fISSL_CTX_sess_number\fR\|(3), +\&\fISSL_CTX_sess_set_cache_size\fR\|(3), +\&\fISSL_CTX_sess_set_get_cb\fR\|(3), +\&\fISSL_CTX_set_session_id_context\fR\|(3), +\&\fISSL_CTX_set_timeout\fR\|(3), +\&\fISSL_CTX_flush_sessions\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CTX_set_session_id_context.3 b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_session_id_context.3 new file mode 100755 index 0000000..ef0d960 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_session_id_context.3 @@ -0,0 +1,206 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_SESSION_ID_CONTEXT 3" +.TH SSL_CTX_SET_SESSION_ID_CONTEXT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_session_id_context, SSL_set_session_id_context \- set context within which session can be reused (server side only) +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, +\& unsigned int sid_ctx_len); +\& int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, +\& unsigned int sid_ctx_len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_session_id_context()\fR sets the context \fBsid_ctx\fR of length +\&\fBsid_ctx_len\fR within which a session can be reused for the \fBctx\fR object. +.PP +\&\fISSL_set_session_id_context()\fR sets the context \fBsid_ctx\fR of length +\&\fBsid_ctx_len\fR within which a session can be reused for the \fBssl\fR object. +.SH "NOTES" +.IX Header "NOTES" +Sessions are generated within a certain context. When exporting/importing +sessions with \fBi2d_SSL_SESSION\fR/\fBd2i_SSL_SESSION\fR it would be possible, +to re-import a session generated from another context (e.g. another +application), which might lead to malfunctions. Therefore each application +must set its own session id context \fBsid_ctx\fR which is used to distinguish +the contexts and is stored in exported sessions. The \fBsid_ctx\fR can be +any kind of binary data with a given length, it is therefore possible +to use e.g. the name of the application and/or the hostname and/or service +name ... +.PP +The session id context becomes part of the session. The session id context +is set by the \s-1SSL/TLS\s0 server. The \fISSL_CTX_set_session_id_context()\fR and +\&\fISSL_set_session_id_context()\fR functions are therefore only useful on the +server side. +.PP +OpenSSL clients will check the session id context returned by the server +when reusing a session. +.PP +The maximum length of the \fBsid_ctx\fR is limited to +\&\fB\s-1SSL_MAX_SID_CTX_LENGTH\s0\fR. +.SH "WARNINGS" +.IX Header "WARNINGS" +If the session id context is not set on an \s-1SSL/TLS\s0 server and client +certificates are used, stored sessions +will not be reused but a fatal error will be flagged and the handshake +will fail. +.PP +If a server returns a different session id context to an OpenSSL client +when reusing a session, an error will be flagged and the handshake will +fail. OpenSSL servers will always return the correct session id context, +as an OpenSSL server checks the session id context itself before reusing +a session as described above. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_session_id_context()\fR and \fISSL_set_session_id_context()\fR +return the following values: +.IP "0" 4 +The length \fBsid_ctx_len\fR of the session id context \fBsid_ctx\fR exceeded +the maximum allowed length of \fB\s-1SSL_MAX_SID_CTX_LENGTH\s0\fR. The error +is logged to the error stack. +.IP "1" 4 +.IX Item "1" +The operation succeeded. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CTX_set_session_ticket_cb.3 b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_session_ticket_cb.3 new file mode 100755 index 0000000..580d70f --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_session_ticket_cb.3 @@ -0,0 +1,296 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_SESSION_TICKET_CB 3" +.TH SSL_CTX_SET_SESSION_TICKET_CB 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_session_ticket_cb, +SSL_SESSION_get0_ticket_appdata, +SSL_SESSION_set1_ticket_appdata, +SSL_CTX_generate_session_ticket_fn, +SSL_CTX_decrypt_session_ticket_fn \- manage session ticket application data +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef int (*SSL_CTX_generate_session_ticket_fn)(SSL *s, void *arg); +\& typedef SSL_TICKET_RETURN (*SSL_CTX_decrypt_session_ticket_fn)(SSL *s, SSL_SESSION *ss, +\& const unsigned char *keyname, +\& size_t keyname_len, +\& SSL_TICKET_STATUS status, +\& void *arg); +\& int SSL_CTX_set_session_ticket_cb(SSL_CTX *ctx, +\& SSL_CTX_generate_session_ticket_fn gen_cb, +\& SSL_CTX_decrypt_session_ticket_fn dec_cb, +\& void *arg); +\& int SSL_SESSION_set1_ticket_appdata(SSL_SESSION *ss, const void *data, size_t len); +\& int SSL_SESSION_get0_ticket_appdata(SSL_SESSION *ss, void **data, size_t *len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_set_session_ticket_cb()\fR sets the application callbacks \fBgen_cb\fR +and \fBdec_cb\fR that are used by a server to set and get application data stored +with a session, and placed into a session ticket. Either callback function may +be set to \s-1NULL\s0. The value of \fBarg\fR is passed to the callbacks. +.PP +\&\fBgen_cb\fR is the application defined callback invoked when a session ticket is +about to be created. The application can call \fISSL_SESSION_set1_ticket_appdata()\fR +at this time to add application data to the session ticket. The value of \fBarg\fR +is the same as that given to \fISSL_CTX_set_session_ticket_cb()\fR. The \fBgen_cb\fR +callback is defined as type \fBSSL_CTX_generate_session_ticket_fn\fR. +.PP +\&\fBdec_cb\fR is the application defined callback invoked after session ticket +decryption has been attempted and any session ticket application data is +available. If ticket decryption was successful then the \fBss\fR argument contains +the session data. The \fBkeyname\fR and \fBkeyname_len\fR arguments identify the key +used to decrypt the session ticket. The \fBstatus\fR argument is the result of the +ticket decryption. See the \*(L"\s-1NOTES\s0\*(R" section below for further details. The value +of \fBarg\fR is the same as that given to \fISSL_CTX_set_session_ticket_cb()\fR. The +\&\fBdec_cb\fR callback is defined as type \fBSSL_CTX_decrypt_session_ticket_fn\fR. +.PP +\&\fISSL_SESSION_set1_ticket_appdata()\fR sets the application data specified by +\&\fBdata\fR and \fBlen\fR into \fBss\fR which is then placed into any generated session +tickets. It can be called at any time before a session ticket is created to +update the data placed into the session ticket. However, given that sessions +and tickets are created by the handshake, the \fBgen_cb\fR is provided to notify +the application that a session ticket is about to be generated. +.PP +\&\fISSL_SESSION_get0_ticket_appdata()\fR assigns \fBdata\fR to the session ticket +application data and assigns \fBlen\fR to the length of the session ticket +application data from \fBss\fR. The application data can be set via +\&\fISSL_SESSION_set1_ticket_appdata()\fR or by a session ticket. \s-1NULL\s0 will be assigned +to \fBdata\fR and 0 will be assigned to \fBlen\fR if there is no session ticket +application data. \fISSL_SESSION_get0_ticket_appdata()\fR can be called any time +after a session has been created. The \fBdec_cb\fR is provided to notify the +application that a session ticket has just been decrypted. +.SH "NOTES" +.IX Header "NOTES" +When the \fBdec_cb\fR callback is invoked, the \s-1SSL_SESSION\s0 \fBss\fR has not yet been +assigned to the \s-1SSL\s0 \fBs\fR. The \fBstatus\fR indicates the result of the ticket +decryption. The callback must check the \fBstatus\fR value before performing any +action, as it is called even if ticket decryption fails. +.PP +The \fBkeyname\fR and \fBkeyname_len\fR arguments to \fBdec_cb\fR may be used to identify +the key that was used to encrypt the session ticket. +.PP +The \fBstatus\fR argument can be any of these values: +.IP "\s-1SSL_TICKET_EMPTY\s0" 4 +.IX Item "SSL_TICKET_EMPTY" +Empty ticket present. No ticket data will be used and a new ticket should be +sent to the client. This only occurs in TLSv1.2 or below. In TLSv1.3 it is not +valid for a client to send an empty ticket. +.IP "\s-1SSL_TICKET_NO_DECRYPT\s0" 4 +.IX Item "SSL_TICKET_NO_DECRYPT" +The ticket couldn't be decrypted. No ticket data will be used and a new ticket +should be sent to the client. +.IP "\s-1SSL_TICKET_SUCCESS\s0" 4 +.IX Item "SSL_TICKET_SUCCESS" +A ticket was successfully decrypted, any session ticket application data should +be available. A new ticket should not be sent to the client. +.IP "\s-1SSL_TICKET_SUCCESS_RENEW\s0" 4 +.IX Item "SSL_TICKET_SUCCESS_RENEW" +Same as \fB\s-1SSL_TICKET_SUCCESS\s0\fR, but a new ticket should be sent to the client. +.PP +The return value can be any of these values: +.IP "\s-1SSL_TICKET_RETURN_ABORT\s0" 4 +.IX Item "SSL_TICKET_RETURN_ABORT" +The handshake should be aborted, either because of an error or because of some +policy. Note that in TLSv1.3 a client may send more than one ticket in a single +handshake. Therefore just because one ticket is unacceptable it does not mean +that all of them are. For this reason this option should be used with caution. +.IP "\s-1SSL_TICKET_RETURN_IGNORE\s0" 4 +.IX Item "SSL_TICKET_RETURN_IGNORE" +Do not use a ticket (if one was available). Do not send a renewed ticket to the +client. +.IP "\s-1SSL_TICKET_RETURN_IGNORE_RENEW\s0" 4 +.IX Item "SSL_TICKET_RETURN_IGNORE_RENEW" +Do not use a ticket (if one was available). Send a renewed ticket to the client. +.Sp +If the callback does not wish to change the default ticket behaviour then it +should return this value if \fBstatus\fR is \fB\s-1SSL_TICKET_EMPTY\s0\fR or +\&\fB\s-1SSL_TICKET_NO_DECRYPT\s0\fR. +.IP "\s-1SSL_TICKET_RETURN_USE\s0" 4 +.IX Item "SSL_TICKET_RETURN_USE" +Use the ticket. Do not send a renewed ticket to the client. It is an error for +the callback to return this value if \fBstatus\fR has a value other than +\&\fB\s-1SSL_TICKET_SUCCESS\s0\fR or \fB\s-1SSL_TICKET_SUCCESS_RENEW\s0\fR. +.Sp +If the callback does not wish to change the default ticket behaviour then it +should return this value if \fBstatus\fR is \fB\s-1SSL_TICKET_SUCCESS\s0\fR. +.IP "\s-1SSL_TICKET_RETURN_USE_RENEW\s0" 4 +.IX Item "SSL_TICKET_RETURN_USE_RENEW" +Use the ticket. Send a renewed ticket to the client. It is an error for the +callback to return this value if \fBstatus\fR has a value other than +\&\fB\s-1SSL_TICKET_SUCCESS\s0\fR or \fB\s-1SSL_TICKET_SUCCESS_RENEW\s0\fR. +.Sp +If the callback does not wish to change the default ticket behaviour then it +should return this value if \fBstatus\fR is \fB\s-1SSL_TICKET_SUCCESS_RENEW\s0\fR. +.PP +If \fBstatus\fR has the value \fB\s-1SSL_TICKET_EMPTY\s0\fR or \fB\s-1SSL_TICKET_NO_DECRYPT\s0\fR then +no session data will be available and the callback must not use the \fBss\fR +argument. If \fBstatus\fR has the value \fB\s-1SSL_TICKET_SUCCESS\s0\fR or +\&\fB\s-1SSL_TICKET_SUCCESS_RENEW\s0\fR then the application can call +\&\fISSL_SESSION_get0_ticket_appdata()\fR using the session provided in the \fBss\fR +argument to retrieve the application data. +.PP +When the \fBgen_cb\fR callback is invoked, the \fISSL_get_session()\fR function can be +used to retrieve the \s-1SSL_SESSION\s0 for \fISSL_SESSION_set1_ticket_appdata()\fR. +.PP +By default, in TLSv1.2 and below, a new session ticket is not issued on a +successful resumption and therefore \fBgen_cb\fR will not be called. In TLSv1.3 the +default behaviour is to always issue a new ticket on resumption. In both cases +this behaviour can be changed if a ticket key callback is in use (see +\&\fISSL_CTX_set_tlsext_ticket_key_cb\fR\|(3)). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The \fISSL_CTX_set_session_ticket_cb()\fR, \fISSL_SESSION_set1_ticket_appdata()\fR and +\&\fISSL_SESSION_get0_ticket_appdata()\fR functions return 1 on success and 0 on +failure. +.PP +The \fBgen_cb\fR callback must return 1 to continue the connection. A return of 0 +will terminate the connection with an \s-1INTERNAL_ERROR\s0 alert. +.PP +The \fBdec_cb\fR callback must return a value as described in \*(L"\s-1NOTES\s0\*(R" above. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_get_session\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fISSL_CTX_set_session_ticket_cb()\fR, \fISSSL_SESSION_set1_ticket_appdata()\fR +and \fISSL_SESSION_get_ticket_appdata()\fR functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CTX_set_split_send_fragment.3 b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_split_send_fragment.3 new file mode 100755 index 0000000..8d33567 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_split_send_fragment.3 @@ -0,0 +1,301 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_SPLIT_SEND_FRAGMENT 3" +.TH SSL_CTX_SET_SPLIT_SEND_FRAGMENT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_max_send_fragment, SSL_set_max_send_fragment, +SSL_CTX_set_split_send_fragment, SSL_set_split_send_fragment, +SSL_CTX_set_max_pipelines, SSL_set_max_pipelines, +SSL_CTX_set_default_read_buffer_len, SSL_set_default_read_buffer_len, +SSL_CTX_set_tlsext_max_fragment_length, +SSL_set_tlsext_max_fragment_length, +SSL_SESSION_get_max_fragment_length \- Control fragment size settings and pipelining operations +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_set_max_send_fragment(SSL_CTX *ctx, long); +\& long SSL_set_max_send_fragment(SSL *ssl, long m); +\& +\& long SSL_CTX_set_max_pipelines(SSL_CTX *ctx, long m); +\& long SSL_set_max_pipelines(SSL_CTX *ssl, long m); +\& +\& long SSL_CTX_set_split_send_fragment(SSL_CTX *ctx, long m); +\& long SSL_set_split_send_fragment(SSL *ssl, long m); +\& +\& void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len); +\& void SSL_set_default_read_buffer_len(SSL *s, size_t len); +\& +\& int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode); +\& int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode); +\& uint8_t SSL_SESSION_get_max_fragment_length(SSL_SESSION *session); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Some engines are able to process multiple simultaneous crypto operations. This +capability could be utilised to parallelise the processing of a single +connection. For example a single write can be split into multiple records and +each one encrypted independently and in parallel. Note: this will only work in +\&\s-1TLS1\s0.1+. There is no support in SSLv3, TLSv1.0 or \s-1DTLS\s0 (any version). This +capability is known as \*(L"pipelining\*(R" within OpenSSL. +.PP +In order to benefit from the pipelining capability. You need to have an engine +that provides ciphers that support this. The OpenSSL \*(L"dasync\*(R" engine provides +\&\s-1AES128\-SHA\s0 based ciphers that have this capability. However these are for +development and test purposes only. +.PP +\&\fISSL_CTX_set_max_send_fragment()\fR and \fISSL_set_max_send_fragment()\fR set the +\&\fBmax_send_fragment\fR parameter for \s-1SSL_CTX\s0 and \s-1SSL\s0 objects respectively. This +value restricts the amount of plaintext bytes that will be sent in any one +\&\s-1SSL/TLS\s0 record. By default its value is \s-1SSL3_RT_MAX_PLAIN_LENGTH\s0 (16384). These +functions will only accept a value in the range 512 \- \s-1SSL3_RT_MAX_PLAIN_LENGTH\s0. +.PP +\&\fISSL_CTX_set_max_pipelines()\fR and \fISSL_set_max_pipelines()\fR set the maximum number +of pipelines that will be used at any one time. This value applies to both +\&\*(L"read\*(R" pipelining and \*(L"write\*(R" pipelining. By default only one pipeline will be +used (i.e. normal non-parallel operation). The number of pipelines set must be +in the range 1 \- \s-1SSL_MAX_PIPELINES\s0 (32). Setting this to a value > 1 will also +automatically turn on \*(L"read_ahead\*(R" (see \fISSL_CTX_set_read_ahead\fR\|(3)). This is +explained further below. OpenSSL will only every use more than one pipeline if +a cipher suite is negotiated that uses a pipeline capable cipher provided by an +engine. +.PP +Pipelining operates slightly differently for reading encrypted data compared to +writing encrypted data. \fISSL_CTX_set_split_send_fragment()\fR and +\&\fISSL_set_split_send_fragment()\fR define how data is split up into pipelines when +writing encrypted data. The number of pipelines used will be determined by the +amount of data provided to the \fISSL_write_ex()\fR or \fISSL_write()\fR call divided by +\&\fBsplit_send_fragment\fR. +.PP +For example if \fBsplit_send_fragment\fR is set to 2000 and \fBmax_pipelines\fR is 4 +then: +.PP +SSL_write/SSL_write_ex called with 0\-2000 bytes == 1 pipeline used +.PP +SSL_write/SSL_write_ex called with 2001\-4000 bytes == 2 pipelines used +.PP +SSL_write/SSL_write_ex called with 4001\-6000 bytes == 3 pipelines used +.PP +SSL_write/SSL_write_ex called with 6001+ bytes == 4 pipelines used +.PP +\&\fBsplit_send_fragment\fR must always be less than or equal to +\&\fBmax_send_fragment\fR. By default it is set to be equal to \fBmax_send_fragment\fR. +This will mean that the same number of records will always be created as would +have been created in the non-parallel case, although the data will be +apportioned differently. In the parallel case data will be spread equally +between the pipelines. +.PP +Read pipelining is controlled in a slightly different way than with write +pipelining. While reading we are constrained by the number of records that the +peer (and the network) can provide to us in one go. The more records we can get +in one go the more opportunity we have to parallelise the processing. As noted +above when setting \fBmax_pipelines\fR to a value greater than one, \fBread_ahead\fR +is automatically set. The \fBread_ahead\fR parameter causes OpenSSL to attempt to +read as much data into the read buffer as the network can provide and will fit +into the buffer. Without this set data is read into the read buffer one record +at a time. The more data that can be read, the more opportunity there is for +parallelising the processing at the cost of increased memory overhead per +connection. Setting \fBread_ahead\fR can impact the behaviour of the \fISSL_pending()\fR +function (see \fISSL_pending\fR\|(3)). +.PP +The \fISSL_CTX_set_default_read_buffer_len()\fR and \fISSL_set_default_read_buffer_len()\fR +functions control the size of the read buffer that will be used. The \fBlen\fR +parameter sets the size of the buffer. The value will only be used if it is +greater than the default that would have been used anyway. The normal default +value depends on a number of factors but it will be at least +\&\s-1SSL3_RT_MAX_PLAIN_LENGTH\s0 + \s-1SSL3_RT_MAX_ENCRYPTED_OVERHEAD\s0 (16704) bytes. +.PP +\&\fISSL_CTX_set_tlsext_max_fragment_length()\fR sets the default maximum fragment +length negotiation mode via value \fBmode\fR to \fBctx\fR. +This setting affects only \s-1SSL\s0 instances created after this function is called. +It affects the client-side as only its side may initiate this extension use. +.PP +\&\fISSL_set_tlsext_max_fragment_length()\fR sets the maximum fragment length +negotiation mode via value \fBmode\fR to \fBssl\fR. +This setting will be used during a handshake when extensions are exchanged +between client and server. +So it only affects \s-1SSL\s0 sessions created after this function is called. +It affects the client-side as only its side may initiate this extension use. +.PP +\&\fISSL_SESSION_get_max_fragment_length()\fR gets the maximum fragment length +negotiated in \fBsession\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All non-void functions return 1 on success and 0 on failure. +.SH "NOTES" +.IX Header "NOTES" +The Maximum Fragment Length extension support is optional on the server side. +If the server does not support this extension then +\&\fISSL_SESSION_get_max_fragment_length()\fR will return: +TLSEXT_max_fragment_length_DISABLED. +.PP +The following modes are available: +.IP "TLSEXT_max_fragment_length_DISABLED" 4 +.IX Item "TLSEXT_max_fragment_length_DISABLED" +Disables Maximum Fragment Length Negotiation (default). +.IP "TLSEXT_max_fragment_length_512" 4 +.IX Item "TLSEXT_max_fragment_length_512" +Sets Maximum Fragment Length to 512 bytes. +.IP "TLSEXT_max_fragment_length_1024" 4 +.IX Item "TLSEXT_max_fragment_length_1024" +Sets Maximum Fragment Length to 1024. +.IP "TLSEXT_max_fragment_length_2048" 4 +.IX Item "TLSEXT_max_fragment_length_2048" +Sets Maximum Fragment Length to 2048. +.IP "TLSEXT_max_fragment_length_4096" 4 +.IX Item "TLSEXT_max_fragment_length_4096" +Sets Maximum Fragment Length to 4096. +.PP +With the exception of \fISSL_CTX_set_default_read_buffer_len()\fR +\&\fISSL_set_default_read_buffer_len()\fR, \fISSL_CTX_set_tlsext_max_fragment_length()\fR, +\&\fISSL_set_tlsext_max_fragment_length()\fR and \fISSL_SESSION_get_max_fragment_length()\fR +all these functions are implemented using macros. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_CTX_set_read_ahead\fR\|(3), \fISSL_pending\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fISSL_CTX_set_max_pipelines()\fR, \fISSL_set_max_pipelines()\fR, +\&\fISSL_CTX_set_split_send_fragment()\fR, \fISSL_set_split_send_fragment()\fR, +\&\fISSL_CTX_set_default_read_buffer_len()\fR and \fISSL_set_default_read_buffer_len()\fR +functions were added in OpenSSL 1.1.0. +.PP +The \fISSL_CTX_set_tlsext_max_fragment_length()\fR, \fISSL_set_tlsext_max_fragment_length()\fR +and \fISSL_SESSION_get_max_fragment_length()\fR functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CTX_set_srp_password.3 b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_srp_password.3 new file mode 100755 index 0000000..7c503f3 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_srp_password.3 @@ -0,0 +1,342 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_SRP_PASSWORD 3" +.TH SSL_CTX_SET_SRP_PASSWORD 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_srp_username, +SSL_CTX_set_srp_password, +SSL_CTX_set_srp_strength, +SSL_CTX_set_srp_cb_arg, +SSL_CTX_set_srp_username_callback, +SSL_CTX_set_srp_client_pwd_callback, +SSL_CTX_set_srp_verify_param_callback, +SSL_set_srp_server_param, +SSL_set_srp_server_param_pw, +SSL_get_srp_g, +SSL_get_srp_N, +SSL_get_srp_username, +SSL_get_srp_userinfo +\&\- SRP control operations +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_set_srp_username(SSL_CTX *ctx, char *name); +\& int SSL_CTX_set_srp_password(SSL_CTX *ctx, char *password); +\& int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength); +\& int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg); +\& int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx, +\& int (*cb) (SSL *s, int *ad, void *arg)); +\& int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx, +\& char *(*cb) (SSL *s, void *arg)); +\& int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx, +\& int (*cb) (SSL *s, void *arg)); +\& +\& int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g, +\& BIGNUM *sa, BIGNUM *v, char *info); +\& int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass, +\& const char *grp); +\& +\& BIGNUM *SSL_get_srp_g(SSL *s); +\& BIGNUM *SSL_get_srp_N(SSL *s); +\& +\& char *SSL_get_srp_username(SSL *s); +\& char *SSL_get_srp_userinfo(SSL *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions provide access to \s-1SRP\s0 (Secure Remote Password) parameters, +an alternate authentication mechanism for \s-1TLS\s0. \s-1SRP\s0 allows the use of user names +and passwords over unencrypted channels without revealing the password to an +eavesdropper. \s-1SRP\s0 also supplies a shared secret at the end of the authentication +sequence that can be used to generate encryption keys. +.PP +The \s-1SRP\s0 protocol, version 3 is specified in \s-1RFC\s0 2945. \s-1SRP\s0 version 6 is described +in \s-1RFC\s0 5054 with applications to \s-1TLS\s0 authentication. +.PP +The \fISSL_CTX_set_srp_username()\fR function sets the \s-1SRP\s0 username for \fBctx\fR. This +should be called on the client prior to creating a connection to the server. +The length of \fBname\fR must be shorter or equal to 255 characters. +.PP +The \fISSL_CTX_set_srp_password()\fR function sets the \s-1SRP\s0 password for \fBctx\fR. This +may be called on the client prior to creating a connection to the server. +This overrides the effect of \fISSL_CTX_set_srp_client_pwd_callback()\fR. +.PP +The \fISSL_CTX_set_srp_strength()\fR function sets the \s-1SRP\s0 strength for \fBctx\fR. This +is the minimal length of the \s-1SRP\s0 prime in bits. If not specified 1024 is used. +If not satisfied by the server key exchange the connection will be rejected. +.PP +The \fISSL_CTX_set_srp_cb_arg()\fR function sets an extra parameter that will +be passed to all following callbacks as \fBarg\fR. +.PP +The \fISSL_CTX_set_srp_username_callback()\fR function sets the server side callback +that is invoked when an \s-1SRP\s0 username is found in a ClientHello. +The callback parameters are the \s-1SSL\s0 connection \fBs\fR, a writable error flag \fBad\fR +and the extra argument \fBarg\fR set by \fISSL_CTX_set_srp_cb_arg()\fR. +This callback should setup the server for the key exchange by calling +\&\fISSL_set_srp_server_param()\fR with the appropriate parameters for the received +username. The username can be obtained by calling \fISSL_get_srp_username()\fR. +See \fISRP_VBASE_init\fR\|(3) to parse the verifier file created by \fIopenssl\-srp\fR\|(1) or +\&\fISRP_create_verifier\fR\|(3) to generate it. +The callback should return \fB\s-1SSL_ERROR_NONE\s0\fR to proceed with the server key exchange, +\&\fB\s-1SSL3_AL_FATAL\s0\fR for a fatal error or any value < 0 for a retryable error. +In the event of a \fB\s-1SSL3_AL_FATAL\s0\fR the alert flag given by \fB*al\fR will be sent +back. By default this will be \fB\s-1SSL_AD_UNKNOWN_PSK_IDENTITY\s0\fR. +.PP +The \fISSL_CTX_set_srp_client_pwd_callback()\fR function sets the client password +callback on the client. +The callback parameters are the \s-1SSL\s0 connection \fBs\fR and the extra argument \fBarg\fR +set by \fISSL_CTX_set_srp_cb_arg()\fR. +The callback will be called as part of the generation of the client secrets. +It should return the client password in text form or \s-1NULL\s0 to abort the connection. +The resulting memory will be freed by the library as part of the callback resolution. +This overrides the effect of \fISSL_CTX_set_srp_password()\fR. +.PP +The \fISSL_CTX_set_srp_verify_param_callback()\fR sets the \s-1SRP\s0 gN parameter verification +callback on the client. This allows the client to perform custom verification when +receiving the server \s-1SRP\s0 proposed parameters. +The callback parameters are the \s-1SSL\s0 connection \fBs\fR and the extra argument \fBarg\fR +set by \fISSL_CTX_set_srp_cb_arg()\fR. +The callback should return a positive value to accept the server parameters. +Returning 0 or a negative value will abort the connection. The server parameters +can be obtained by calling \fISSL_get_srp_N()\fR and \fISSL_get_srp_g()\fR. +Sanity checks are already performed by the library after the handshake +(B % N non zero, check against the strength parameter) and are not necessary. +If no callback is set the g and N parameters will be checked against +known \s-1RFC\s0 5054 values. +.PP +The \fISSL_set_srp_server_param()\fR function sets all \s-1SRP\s0 parameters for +the connection \fBs\fR. \fBN\fR and \fBg\fR are the \s-1SRP\s0 group parameters, \fBsa\fR is the +user salt, \fBv\fR the password verifier and \fBinfo\fR is the optional user info. +.PP +The \fISSL_set_srp_server_param_pw()\fR function sets all \s-1SRP\s0 parameters for the +connection \fBs\fR by generating a random salt and a password verifier. +\&\fBuser\fR is the username, \fBpass\fR the password and \fBgrp\fR the \s-1SRP\s0 group parameters +identifier for \fISRP_get_default_gN\fR\|(3). +.PP +The \fISSL_get_srp_g()\fR function returns the \s-1SRP\s0 group generator for \fBs\fR, or from +the underlying \s-1SSL_CTX\s0 if it is \s-1NULL\s0. +.PP +The \fISSL_get_srp_N()\fR function returns the \s-1SRP\s0 prime for \fBs\fR, or from +the underlying \s-1SSL_CTX\s0 if it is \s-1NULL\s0. +.PP +The \fISSL_get_srp_username()\fR function returns the \s-1SRP\s0 username for \fBs\fR, or from +the underlying \s-1SSL_CTX\s0 if it is \s-1NULL\s0. +.PP +The \fISSL_get_srp_userinfo()\fR function returns the \s-1SRP\s0 user info for \fBs\fR, or from +the underlying \s-1SSL_CTX\s0 if it is \s-1NULL\s0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All SSL_CTX_set_* functions return 1 on success and 0 on failure. +.PP +\&\fISSL_set_srp_server_param()\fR returns 1 on success and \-1 on failure. +.PP +The SSL_get_SRP_* functions return a pointer to the requested data, the memory +is owned by the library and should not be freed by the caller. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Setup \s-1SRP\s0 parameters on the client: +.PP +.Vb 1 +\& #include +\& +\& const char *username = "username"; +\& const char *password = "password"; +\& +\& SSL_CTX *ctx = SSL_CTX_new(TLS_client_method()); +\& if (!ctx) +\& /* Error */ +\& if (!SSL_CTX_set_srp_username(ctx, username)) +\& /* Error */ +\& if (!SSL_CTX_set_srp_password(ctx, password)) +\& /* Error */ +.Ve +.PP +Setup \s-1SRP\s0 server with verifier file: +.PP +.Vb 2 +\& #include +\& #include +\& +\& const char *srpvfile = "password.srpv"; +\& +\& int srpServerCallback(SSL *s, int *ad, void *arg) +\& { +\& SRP_VBASE *srpData = (SRP_VBASE*) arg; +\& char *username = SSL_get_srp_username(s); +\& +\& SRP_user_pwd *user_pwd = SRP_VBASE_get1_by_user(srpData, username); +\& if (!user_pwd) +\& /* Error */ +\& return SSL3_AL_FATAL; +\& +\& if (SSL_set_srp_server_param(s, user_pwd\->N, user_pwd\->g, +\& user_pwd\->s, user_pwd\->v, user_pwd\->info) < 0) +\& /* Error */ +\& +\& SRP_user_pwd_free(user_pwd); +\& return SSL_ERROR_NONE; +\& } +\& +\& SSL_CTX *ctx = SSL_CTX_new(TLS_server_method()); +\& if (!ctx) +\& /* Error */ +\& +\& /* +\& * seedKey should contain a NUL terminated sequence +\& * of random non NUL bytes +\& */ +\& const char *seedKey; +\& +\& SRP_VBASE *srpData = SRP_VBASE_new(seedKey); +\& if (SRP_VBASE_init(srpData, (char*) srpvfile) != SRP_NO_ERROR) +\& /* Error */ +\& +\& SSL_CTX_set_srp_cb_arg(ctx, srpData); +\& SSL_CTX_set_srp_username_callback(ctx, srpServerCallback); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fIopenssl\-srp\fR\|(1), +\&\fISRP_VBASE_new\fR\|(3), +\&\fISRP_create_verifier\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CTX_set_ssl_version.3 b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_ssl_version.3 new file mode 100755 index 0000000..926563d --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_ssl_version.3 @@ -0,0 +1,185 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_SSL_VERSION 3" +.TH SSL_CTX_SET_SSL_VERSION 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_ssl_version, SSL_set_ssl_method, SSL_get_ssl_method +\&\- choose a new TLS/SSL method +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *method); +\& int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method); +\& const SSL_METHOD *SSL_get_ssl_method(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_ssl_version()\fR sets a new default \s-1TLS/SSL\s0 \fBmethod\fR for \s-1SSL\s0 objects +newly created from this \fBctx\fR. \s-1SSL\s0 objects already created with +\&\fISSL_new\fR\|(3) are not affected, except when +\&\fISSL_clear\fR\|(3) is being called. +.PP +\&\fISSL_set_ssl_method()\fR sets a new \s-1TLS/SSL\s0 \fBmethod\fR for a particular \fBssl\fR +object. It may be reset, when \fISSL_clear()\fR is called. +.PP +\&\fISSL_get_ssl_method()\fR returns a function pointer to the \s-1TLS/SSL\s0 method +set in \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +The available \fBmethod\fR choices are described in +\&\fISSL_CTX_new\fR\|(3). +.PP +When \fISSL_clear\fR\|(3) is called and no session is connected to +an \s-1SSL\s0 object, the method of the \s-1SSL\s0 object is reset to the method currently +set in the corresponding \s-1SSL_CTX\s0 object. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur for \fISSL_CTX_set_ssl_version()\fR +and \fISSL_set_ssl_method()\fR: +.IP "0" 4 +The new choice failed, check the error stack to find out the reason. +.IP "1" 4 +.IX Item "1" +The operation succeeded. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fISSL_CTX_new\fR\|(3), \fISSL_new\fR\|(3), +\&\fISSL_clear\fR\|(3), \fIssl\fR\|(7), +\&\fISSL_set_connect_state\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 new file mode 100755 index 0000000..c765152 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 @@ -0,0 +1,218 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_STATELESS_COOKIE_GENERATE_CB 3" +.TH SSL_CTX_SET_STATELESS_COOKIE_GENERATE_CB 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_stateless_cookie_generate_cb, +SSL_CTX_set_stateless_cookie_verify_cb, +SSL_CTX_set_cookie_generate_cb, +SSL_CTX_set_cookie_verify_cb +\&\- Callback functions for stateless TLS1.3 cookies +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_set_stateless_cookie_generate_cb( +\& SSL_CTX *ctx, +\& int (*gen_stateless_cookie_cb) (SSL *ssl, +\& unsigned char *cookie, +\& size_t *cookie_len)); +\& void SSL_CTX_set_stateless_cookie_verify_cb( +\& SSL_CTX *ctx, +\& int (*verify_stateless_cookie_cb) (SSL *ssl, +\& const unsigned char *cookie, +\& size_t cookie_len)); +\& +\& void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, +\& int (*app_gen_cookie_cb) (SSL *ssl, +\& unsigned char +\& *cookie, +\& unsigned int +\& *cookie_len)); +\& void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, +\& int (*app_verify_cookie_cb) (SSL *ssl, +\& const unsigned +\& char *cookie, +\& unsigned int +\& cookie_len)); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_stateless_cookie_generate_cb()\fR sets the callback used by +\&\fISSL_stateless\fR\|(3) to generate the application-controlled portion of the cookie +provided to clients in the HelloRetryRequest transmitted as a response to a +ClientHello with a missing or invalid cookie. \fIgen_stateless_cookie_cb()\fR must +write at most \s-1SSL_COOKIE_LENGTH\s0 bytes into \fBcookie\fR, and must write the number +of bytes written to \fBcookie_len\fR. If a cookie cannot be generated, a zero +return value can be used to abort the handshake. +.PP +\&\fISSL_CTX_set_stateless_cookie_verify_cb()\fR sets the callback used by +\&\fISSL_stateless\fR\|(3) to determine whether the application-controlled portion of a +ClientHello cookie is valid. The cookie data is pointed to by \fBcookie\fR and is of +length \fBcookie_len\fR. A nonzero return value from \fIverify_stateless_cookie_cb()\fR +communicates that the cookie is valid. The integrity of the entire cookie, +including the application-controlled portion, is automatically verified by \s-1HMAC\s0 +before \fIverify_stateless_cookie_cb()\fR is called. +.PP +\&\fISSL_CTX_set_cookie_generate_cb()\fR sets the callback used by \fIDTLSv1_listen\fR\|(3) +to generate the cookie provided to clients in the HelloVerifyRequest transmitted +as a response to a ClientHello with a missing or invalid cookie. +\&\fIapp_gen_cookie_cb()\fR must write at most \s-1DTLS1_COOKIE_LENGTH\s0 bytes into +\&\fBcookie\fR, and must write the number of bytes written to \fBcookie_len\fR. If a +cookie cannot be generated, a zero return value can be used to abort the +handshake. +.PP +\&\fISSL_CTX_set_cookie_verify_cb()\fR sets the callback used by \fIDTLSv1_listen\fR\|(3) to +determine whether the cookie in a ClientHello is valid. The cookie data is +pointed to by \fBcookie\fR and is of length \fBcookie_len\fR. A nonzero return value +from \fIapp_verify_cookie_cb()\fR communicates that the cookie is valid. The +integrity of the cookie is not verified by OpenSSL. This is an application +responsibility. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Neither function returns a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_stateless\fR\|(3), +\&\fIDTLSv1_listen\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fISSL_CTX_set_stateless_cookie_generate_cb()\fR and +\&\fISSL_CTX_set_stateless_cookie_verify_cb()\fR were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CTX_set_timeout.3 b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_timeout.3 new file mode 100755 index 0000000..10dc177 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_timeout.3 @@ -0,0 +1,190 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_TIMEOUT 3" +.TH SSL_CTX_SET_TIMEOUT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_timeout, SSL_CTX_get_timeout \- manipulate timeout values for session caching +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_set_timeout(SSL_CTX *ctx, long t); +\& long SSL_CTX_get_timeout(SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_timeout()\fR sets the timeout for newly created sessions for +\&\fBctx\fR to \fBt\fR. The timeout value \fBt\fR must be given in seconds. +.PP +\&\fISSL_CTX_get_timeout()\fR returns the currently set timeout value for \fBctx\fR. +.SH "NOTES" +.IX Header "NOTES" +Whenever a new session is created, it is assigned a maximum lifetime. This +lifetime is specified by storing the creation time of the session and the +timeout value valid at this time. If the actual time is later than creation +time plus timeout, the session is not reused. +.PP +Due to this realization, all sessions behave according to the timeout value +valid at the time of the session negotiation. Changes of the timeout value +do not affect already established sessions. +.PP +The expiration time of a single session can be modified using the +\&\fISSL_SESSION_get_time\fR\|(3) family of functions. +.PP +Expired sessions are removed from the internal session cache, whenever +\&\fISSL_CTX_flush_sessions\fR\|(3) is called, either +directly by the application or automatically (see +\&\fISSL_CTX_set_session_cache_mode\fR\|(3)) +.PP +The default value for session timeout is decided on a per protocol +basis, see \fISSL_get_default_timeout\fR\|(3). +All currently supported protocols have the same default timeout value +of 300 seconds. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_timeout()\fR returns the previously set timeout value. +.PP +\&\fISSL_CTX_get_timeout()\fR returns the currently set timeout value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_CTX_set_session_cache_mode\fR\|(3), +\&\fISSL_SESSION_get_time\fR\|(3), +\&\fISSL_CTX_flush_sessions\fR\|(3), +\&\fISSL_get_default_timeout\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CTX_set_tlsext_servername_callback.3 b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_tlsext_servername_callback.3 new file mode 100755 index 0000000..f8002d6 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_tlsext_servername_callback.3 @@ -0,0 +1,278 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_TLSEXT_SERVERNAME_CALLBACK 3" +.TH SSL_CTX_SET_TLSEXT_SERVERNAME_CALLBACK 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_tlsext_servername_callback, SSL_CTX_set_tlsext_servername_arg, +SSL_get_servername_type, SSL_get_servername, +SSL_set_tlsext_host_name \- handle server name indication (SNI) +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_set_tlsext_servername_callback(SSL_CTX *ctx, +\& int (*cb)(SSL *s, int *al, void *arg)); +\& long SSL_CTX_set_tlsext_servername_arg(SSL_CTX *ctx, void *arg); +\& +\& const char *SSL_get_servername(const SSL *s, const int type); +\& int SSL_get_servername_type(const SSL *s); +\& +\& int SSL_set_tlsext_host_name(const SSL *s, const char *name); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The functionality provided by the servername callback is mostly superseded by +the ClientHello callback, which can be set using \fISSL_CTX_set_client_hello_cb()\fR. +However, even where the ClientHello callback is used, the servername callback is +still necessary in order to acknowledge the servername requested by the client. +.PP +\&\fISSL_CTX_set_tlsext_servername_callback()\fR sets the application callback \fBcb\fR +used by a server to perform any actions or configuration required based on +the servername extension received in the incoming connection. When \fBcb\fR +is \s-1NULL\s0, \s-1SNI\s0 is not used. +.PP +The servername callback should return one of the following values: +.IP "\s-1SSL_TLSEXT_ERR_OK\s0" 4 +.IX Item "SSL_TLSEXT_ERR_OK" +This is used to indicate that the servername requested by the client has been +accepted. Typically a server will call \fISSL_set_SSL_CTX()\fR in the callback to set +up a different configuration for the selected servername in this case. +.IP "\s-1SSL_TLSEXT_ERR_ALERT_FATAL\s0" 4 +.IX Item "SSL_TLSEXT_ERR_ALERT_FATAL" +In this case the servername requested by the client is not accepted and the +handshake will be aborted. The value of the alert to be used should be stored in +the location pointed to by the \fBal\fR parameter to the callback. By default this +value is initialised to \s-1SSL_AD_UNRECOGNIZED_NAME\s0. +.IP "\s-1SSL_TLSEXT_ERR_ALERT_WARNING\s0" 4 +.IX Item "SSL_TLSEXT_ERR_ALERT_WARNING" +If this value is returned then the servername is not accepted by the server. +However the handshake will continue and send a warning alert instead. The value +of the alert should be stored in the location pointed to by the \fBal\fR parameter +as for \s-1SSL_TLSEXT_ERR_ALERT_FATAL\s0 above. Note that TLSv1.3 does not support +warning alerts, so if TLSv1.3 has been negotiated then this return value is +treated the same way as \s-1SSL_TLSEXT_ERR_NOACK\s0. +.IP "\s-1SSL_TLSEXT_ERR_NOACK\s0" 4 +.IX Item "SSL_TLSEXT_ERR_NOACK" +This return value indicates that the servername is not accepted by the server. +No alerts are sent and the server will not acknowledge the requested servername. +.PP +\&\fISSL_CTX_set_tlsext_servername_arg()\fR sets a context-specific argument to be +passed into the callback (via the \fBarg\fR parameter) for this \fB\s-1SSL_CTX\s0\fR. +.PP +The behaviour of \fISSL_get_servername()\fR depends on a number of different factors. +In particular note that in TLSv1.3 the servername is negotiated in every +handshake. In TLSv1.2 the servername is only negotiated on initial handshakes +and not on resumption handshakes. +.IP "On the client, before the handshake" 4 +.IX Item "On the client, before the handshake" +If a servername has been set via a call to \fISSL_set_tlsext_host_name()\fR then it +will return that servername. +.Sp +If one has not been set, but a TLSv1.2 resumption is being attempted and the +session from the original handshake had a servername accepted by the server then +it will return that servername. +.Sp +Otherwise it returns \s-1NULL\s0. +.IP "On the client, during or after the handshake and a TLSv1.2 (or below) resumption occurred" 4 +.IX Item "On the client, during or after the handshake and a TLSv1.2 (or below) resumption occurred" +If the session from the orignal handshake had a servername accepted by the +server then it will return that servername. +.Sp +Otherwise it returns the servername set via \fISSL_set_tlsext_host_name()\fR or \s-1NULL\s0 +if it was not called. +.IP "On the client, during or after the handshake and a TLSv1.2 (or below) resumption did not occur" 4 +.IX Item "On the client, during or after the handshake and a TLSv1.2 (or below) resumption did not occur" +It will return the servername set via \fISSL_set_tlsext_host_name()\fR or \s-1NULL\s0 if it +was not called. +.IP "On the server, before the handshake" 4 +.IX Item "On the server, before the handshake" +The function will always return \s-1NULL\s0 before the handshake +.IP "On the server, after the servername extension has been processed and a TLSv1.2 (or below) resumption occurred" 4 +.IX Item "On the server, after the servername extension has been processed and a TLSv1.2 (or below) resumption occurred" +If a servername was accepted by the server in the original handshake then it +will return that servername, or \s-1NULL\s0 otherwise. +.IP "On the server, after the servername extension has been processed and a TLSv1.2 (or below) resumption did not occur" 4 +.IX Item "On the server, after the servername extension has been processed and a TLSv1.2 (or below) resumption did not occur" +The function will return the servername requested by the client in this +handshake or \s-1NULL\s0 if none was requested. +.PP +Note that the ClientHello callback occurs before a servername extension from the +client is processed. The servername, certificate and \s-1ALPN\s0 callbacks occur after +a servername extension from the client is processed. +.PP +\&\fISSL_get_servername_type()\fR returns the servername type or \-1 if no servername +is present. Currently the only supported type (defined in \s-1RFC3546\s0) is +\&\fBTLSEXT_NAMETYPE_host_name\fR. +.PP +\&\fISSL_set_tlsext_host_name()\fR sets the server name indication ClientHello extension +to contain the value \fBname\fR. The type of server name indication extension is set +to \fBTLSEXT_NAMETYPE_host_name\fR (defined in \s-1RFC3546\s0). +.SH "NOTES" +.IX Header "NOTES" +Several callbacks are executed during ClientHello processing, including +the ClientHello, \s-1ALPN\s0, and servername callbacks. The ClientHello callback is +executed first, then the servername callback, followed by the \s-1ALPN\s0 callback. +.PP +The \fISSL_set_tlsext_host_name()\fR function should only be called on \s-1SSL\s0 objects +that will act as clients; otherwise the configured \fBname\fR will be ignored. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_tlsext_servername_callback()\fR and +\&\fISSL_CTX_set_tlsext_servername_arg()\fR both always return 1 indicating success. +\&\fISSL_set_tlsext_host_name()\fR returns 1 on success, 0 in case of error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_CTX_set_alpn_select_cb\fR\|(3), +\&\fISSL_get0_alpn_selected\fR\|(3), \fISSL_CTX_set_client_hello_cb\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fISSL_get_servername()\fR historically provided some unexpected results in certain +corner cases. This has been fixed from OpenSSL 1.1.1e. +.PP +Prior to 1.1.1e, when the client requested a servername in an initial TLSv1.2 +handshake, the server accepted it, and then the client successfully resumed but +set a different explict servername in the second handshake then when called by +the client it returned the servername from the second handshake. This has now +been changed to return the servername requested in the original handshake. +.PP +Also prior to 1.1.1e, if the client sent a servername in the first handshake but +the server did not accept it, and then a second handshake occured where TLSv1.2 +resumption was successful then when called by the server it returned the +servername requested in the original handshake. This has now been changed to +\&\s-1NULL\s0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CTX_set_tlsext_status_cb.3 b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_tlsext_status_cb.3 new file mode 100755 index 0000000..04de3c2 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_tlsext_status_cb.3 @@ -0,0 +1,249 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_TLSEXT_STATUS_CB 3" +.TH SSL_CTX_SET_TLSEXT_STATUS_CB 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_tlsext_status_cb, +SSL_CTX_get_tlsext_status_cb, +SSL_CTX_set_tlsext_status_arg, +SSL_CTX_get_tlsext_status_arg, +SSL_CTX_set_tlsext_status_type, +SSL_CTX_get_tlsext_status_type, +SSL_set_tlsext_status_type, +SSL_get_tlsext_status_type, +SSL_get_tlsext_status_ocsp_resp, +SSL_set_tlsext_status_ocsp_resp +\&\- OCSP Certificate Status Request functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_set_tlsext_status_cb(SSL_CTX *ctx, int (*callback)(SSL *, void *)); +\& long SSL_CTX_get_tlsext_status_cb(SSL_CTX *ctx, int (**callback)(SSL *, void *)); +\& +\& long SSL_CTX_set_tlsext_status_arg(SSL_CTX *ctx, void *arg); +\& long SSL_CTX_get_tlsext_status_arg(SSL_CTX *ctx, void **arg); +\& +\& long SSL_CTX_set_tlsext_status_type(SSL_CTX *ctx, int type); +\& long SSL_CTX_get_tlsext_status_type(SSL_CTX *ctx); +\& +\& long SSL_set_tlsext_status_type(SSL *s, int type); +\& long SSL_get_tlsext_status_type(SSL *s); +\& +\& long SSL_get_tlsext_status_ocsp_resp(ssl, unsigned char **resp); +\& long SSL_set_tlsext_status_ocsp_resp(ssl, unsigned char *resp, int len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A client application may request that a server send back an \s-1OCSP\s0 status response +(also known as \s-1OCSP\s0 stapling). To do so the client should call the +\&\fISSL_CTX_set_tlsext_status_type()\fR function prior to the creation of any \s-1SSL\s0 +objects. Alternatively an application can call the \fISSL_set_tlsext_status_type()\fR +function on an individual \s-1SSL\s0 object prior to the start of the handshake. +Currently the only supported type is \fBTLSEXT_STATUSTYPE_ocsp\fR. This value +should be passed in the \fBtype\fR argument. Calling +\&\fISSL_CTX_get_tlsext_status_type()\fR will return the type \fBTLSEXT_STATUSTYPE_ocsp\fR +previously set via \fISSL_CTX_set_tlsext_status_type()\fR or \-1 if not set. +.PP +The client should additionally provide a callback function to decide what to do +with the returned \s-1OCSP\s0 response by calling \fISSL_CTX_set_tlsext_status_cb()\fR. The +callback function should determine whether the returned \s-1OCSP\s0 response is +acceptable or not. The callback will be passed as an argument the value +previously set via a call to \fISSL_CTX_set_tlsext_status_arg()\fR. Note that the +callback will not be called in the event of a handshake where session resumption +occurs (because there are no Certificates exchanged in such a handshake). +The callback previously set via \fISSL_CTX_set_tlsext_status_cb()\fR can be retrieved +by calling \fISSL_CTX_get_tlsext_status_cb()\fR, and the argument by calling +\&\fISSL_CTX_get_tlsext_status_arg()\fR. +.PP +On the client side \fISSL_get_tlsext_status_type()\fR can be used to determine whether +the client has previously called \fISSL_set_tlsext_status_type()\fR. It will return +\&\fBTLSEXT_STATUSTYPE_ocsp\fR if it has been called or \-1 otherwise. On the server +side \fISSL_get_tlsext_status_type()\fR can be used to determine whether the client +requested \s-1OCSP\s0 stapling. If the client requested it then this function will +return \fBTLSEXT_STATUSTYPE_ocsp\fR, or \-1 otherwise. +.PP +The response returned by the server can be obtained via a call to +\&\fISSL_get_tlsext_status_ocsp_resp()\fR. The value \fB*resp\fR will be updated to point +to the \s-1OCSP\s0 response data and the return value will be the length of that data. +Typically a callback would obtain an \s-1OCSP_RESPONSE\s0 object from this data via a +call to the \fId2i_OCSP_RESPONSE()\fR function. If the server has not provided any +response data then \fB*resp\fR will be \s-1NULL\s0 and the return value from +\&\fISSL_get_tlsext_status_ocsp_resp()\fR will be \-1. +.PP +A server application must also call the \fISSL_CTX_set_tlsext_status_cb()\fR function +if it wants to be able to provide clients with \s-1OCSP\s0 Certificate Status +responses. Typically the server callback would obtain the server certificate +that is being sent back to the client via a call to \fISSL_get_certificate()\fR; +obtain the \s-1OCSP\s0 response to be sent back; and then set that response data by +calling \fISSL_set_tlsext_status_ocsp_resp()\fR. A pointer to the response data should +be provided in the \fBresp\fR argument, and the length of that data should be in +the \fBlen\fR argument. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The callback when used on the client side should return a negative value on +error; 0 if the response is not acceptable (in which case the handshake will +fail) or a positive value if it is acceptable. +.PP +The callback when used on the server side should return with either +\&\s-1SSL_TLSEXT_ERR_OK\s0 (meaning that the \s-1OCSP\s0 response that has been set should be +returned), \s-1SSL_TLSEXT_ERR_NOACK\s0 (meaning that an \s-1OCSP\s0 response should not be +returned) or \s-1SSL_TLSEXT_ERR_ALERT_FATAL\s0 (meaning that a fatal error has +occurred). +.PP +\&\fISSL_CTX_set_tlsext_status_cb()\fR, \fISSL_CTX_set_tlsext_status_arg()\fR, +\&\fISSL_CTX_set_tlsext_status_type()\fR, \fISSL_set_tlsext_status_type()\fR and +\&\fISSL_set_tlsext_status_ocsp_resp()\fR return 0 on error or 1 on success. +.PP +\&\fISSL_CTX_get_tlsext_status_type()\fR returns the value previously set by +\&\fISSL_CTX_set_tlsext_status_type()\fR, or \-1 if not set. +.PP +\&\fISSL_get_tlsext_status_ocsp_resp()\fR returns the length of the \s-1OCSP\s0 response data +or \-1 if there is no \s-1OCSP\s0 response data. +.PP +\&\fISSL_get_tlsext_status_type()\fR returns \fBTLSEXT_STATUSTYPE_ocsp\fR on the client +side if \fISSL_set_tlsext_status_type()\fR was previously called, or on the server +side if the client requested \s-1OCSP\s0 stapling. Otherwise \-1 is returned. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \fISSL_get_tlsext_status_type()\fR, \fISSL_CTX_get_tlsext_status_type()\fR +and \fISSL_CTX_set_tlsext_status_type()\fR functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 new file mode 100755 index 0000000..bff43fd --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 @@ -0,0 +1,358 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_TLSEXT_TICKET_KEY_CB 3" +.TH SSL_CTX_SET_TLSEXT_TICKET_KEY_CB 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_tlsext_ticket_key_evp_cb, +SSL_CTX_set_tlsext_ticket_key_cb +\&\- set a callback for session ticket processing +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_set_tlsext_ticket_key_evp_cb(SSL_CTX sslctx, +\& int (*cb)(SSL *s, unsigned char key_name[16], +\& unsigned char iv[EVP_MAX_IV_LENGTH], +\& EVP_CIPHER_CTX *ctx, EVP_MAC_CTX *hctx, int enc)); +.Ve +.PP +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +\&\fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value, see +\&\fIopenssl_user_macros\fR\|(7): +.PP +.Vb 4 +\& int SSL_CTX_set_tlsext_ticket_key_cb(SSL_CTX sslctx, +\& int (*cb)(SSL *s, unsigned char key_name[16], +\& unsigned char iv[EVP_MAX_IV_LENGTH], +\& EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc)); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_tlsext_ticket_key_evp_cb()\fR sets a callback function \fIcb\fR for handling +session tickets for the ssl context \fIsslctx\fR. Session tickets, defined in +\&\s-1RFC5077\s0 provide an enhanced session resumption capability where the server +implementation is not required to maintain per session state. It only applies +to \s-1TLS\s0 and there is no SSLv3 implementation. +.PP +The callback function \fIcb\fR will be called for every client instigated \s-1TLS\s0 +session when session ticket extension is presented in the \s-1TLS\s0 hello +message. It is the responsibility of this function to create or retrieve the +cryptographic parameters and to maintain their state. +.PP +The OpenSSL library uses your callback function to help implement a common \s-1TLS\s0 +ticket construction state according to \s-1RFC5077\s0 Section 4 such that per session +state is unnecessary and a small set of cryptographic variables needs to be +maintained by the callback function implementation. +.PP +In order to reuse a session, a \s-1TLS\s0 client must send the a session ticket +extension to the server. The client can only send exactly one session ticket. +The server, through the callback function, either agrees to reuse the session +ticket information or it starts a full \s-1TLS\s0 handshake to create a new session +ticket. +.PP +Before the callback function is started \fIctx\fR and \fIhctx\fR have been +initialised with \fIEVP_CIPHER_CTX_reset\fR\|(3) and \fIEVP_MAC_CTX_new\fR\|(3) +respectively. +.PP +For new sessions tickets, when the client doesn't present a session ticket, or +an attempted retrieval of the ticket failed, or a renew option was indicated, +the callback function will be called with \fIenc\fR equal to 1. The OpenSSL +library expects that the function will set an arbitrary \fIname\fR, initialize +\&\fIiv\fR, and set the cipher context \fIctx\fR and the hash context \fIhctx\fR. +.PP +The \fIname\fR is 16 characters long and is used as a key identifier. +.PP +The \fIiv\fR length is the length of the \s-1IV\s0 of the corresponding cipher. The +maximum \s-1IV\s0 length is \fB\s-1EVP_MAX_IV_LENGTH\s0\fR bytes defined in \fBevp.h\fR. +.PP +The initialization vector \fIiv\fR should be a random value. The cipher context +\&\fIctx\fR should use the initialisation vector \fIiv\fR. The cipher context can be +set using \fIEVP_EncryptInit_ex\fR\|(3). The hmac context and digest can be set using +\&\fIEVP_MAC_CTX_set_params\fR\|(3) with the \fB\s-1OSSL_MAC_PARAM_KEY\s0\fR and +\&\fB\s-1OSSL_MAC_PARAM_DIGEST\s0\fR parameters respectively. +.PP +When the client presents a session ticket, the callback function with be called +with \fIenc\fR set to 0 indicating that the \fIcb\fR function should retrieve a set +of parameters. In this case \fIname\fR and \fIiv\fR have already been parsed out of +the session ticket. The OpenSSL library expects that the \fIname\fR will be used +to retrieve a cryptographic parameters and that the cryptographic context +\&\fIctx\fR will be set with the retrieved parameters and the initialization vector +\&\fIiv\fR. using a function like \fIEVP_DecryptInit_ex\fR\|(3). The key material and +digest for \fIhctx\fR need to be set using \fIEVP_MAC_CTX_set_params\fR\|(3) with the +\&\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR and \fB\s-1OSSL_MAC_PARAM_DIGEST\s0\fR parameters respectively. +.PP +If the \fIname\fR is still valid but a renewal of the ticket is required the +callback function should return 2. The library will call the callback again +with an argument of enc equal to 1 to set the new ticket. +.PP +The return value of the \fIcb\fR function is used by OpenSSL to determine what +further processing will occur. The following return values have meaning: +.IP "2" 4 +.IX Item "2" +This indicates that the \fIctx\fR and \fIhctx\fR have been set and the session can +continue on those parameters. Additionally it indicates that the session +ticket is in a renewal period and should be replaced. The OpenSSL library will +call \fIcb\fR again with an enc argument of 1 to set the new ticket (see \s-1RFC5077\s0 +3.3 paragraph 2). +.IP "1" 4 +.IX Item "1" +This indicates that the \fIctx\fR and \fIhctx\fR have been set and the session can +continue on those parameters. +.IP "0" 4 +This indicates that it was not possible to set/retrieve a session ticket and +the \s-1SSL/TLS\s0 session will continue by negotiating a set of cryptographic +parameters or using the alternate \s-1SSL/TLS\s0 resumption mechanism, session ids. +.Sp +If called with enc equal to 0 the library will call the \fIcb\fR again to get +a new set of parameters. +.IP "less than 0" 4 +.IX Item "less than 0" +This indicates an error. +.PP +The \fISSL_CTX_set_tlsext_ticket_key_cb()\fR function is identical to +\&\fISSL_CTX_set_tlsext_ticket_key_evp_cb()\fR except that it takes a deprecated +\&\s-1HMAC_CTX\s0 pointer instead of an \s-1EVP_MAC_CTX\s0 one. +Before this callback function is started \fIhctx\fR will have been +initialised with \fIEVP_MAC_CTX_new\fR\|(3) and the digest set with +\&\fIEVP_MAC_CTX_set_params\fR\|(3). +The \fIhctx\fR key material can be set using \fIHMAC_Init_ex\fR\|(3). +.SH "NOTES" +.IX Header "NOTES" +Session resumption shortcuts the \s-1TLS\s0 so that the client certificate +negotiation don't occur. It makes up for this by storing client certificate +an all other negotiated state information encrypted within the ticket. In a +resumed session the applications will have all this state information available +exactly as if a full negotiation had occurred. +.PP +If an attacker can obtain the key used to encrypt a session ticket, they can +obtain the master secret for any ticket using that key and decrypt any traffic +using that session: even if the cipher suite supports forward secrecy. As +a result applications may wish to use multiple keys and avoid using long term +keys stored in files. +.PP +Applications can use longer keys to maintain a consistent level of security. +For example if a cipher suite uses 256 bit ciphers but only a 128 bit ticket key +the overall security is only 128 bits because breaking the ticket key will +enable an attacker to obtain the session keys. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +returns 0 to indicate the callback function was set. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Reference Implementation: +.PP +.Vb 2 +\& SSL_CTX_set_tlsext_ticket_key_evp_cb(SSL, ssl_tlsext_ticket_key_cb); +\& ... +\& +\& static int ssl_tlsext_ticket_key_cb(SSL *s, unsigned char key_name[16], +\& unsigned char *iv, EVP_CIPHER_CTX *ctx, +\& EVP_MAC_CTX *hctx, int enc) +\& { +\& OSSL_PARAM params[3]; +\& +\& if (enc) { /* create new session */ +\& if (RAND_bytes(iv, EVP_MAX_IV_LENGTH) <= 0) +\& return \-1; /* insufficient random */ +\& +\& key = currentkey(); /* something that you need to implement */ +\& if (key == NULL) { +\& /* current key doesn\*(Aqt exist or isn\*(Aqt valid */ +\& key = createkey(); /* +\& * Something that you need to implement. +\& * createkey needs to initialise a name, +\& * an aes_key, a hmac_key and optionally +\& * an expire time. +\& */ +\& if (key == NULL) /* key couldn\*(Aqt be created */ +\& return 0; +\& } +\& memcpy(key_name, key\->name, 16); +\& +\& EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key\->aes_key, iv); +\& +\& params[0] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, +\& key\->hmac_key, 16); +\& params[1] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, +\& "sha256", 0); +\& params[2] = OSSL_PARAM_construct_end(); +\& EVP_MAC_CTX_set_params(hctx, params); +\& +\& return 1; +\& +\& } else { /* retrieve session */ +\& key = findkey(name); +\& +\& if (key == NULL || key\->expire < now()) +\& return 0; +\& +\& params[0] = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, +\& key\->hmac_key, 16); +\& params[1] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, +\& "sha256", 0); +\& params[2] = OSSL_PARAM_construct_end(); +\& EVP_MAC_CTX_set_params(hctx, params); +\& +\& EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key\->aes_key, iv); +\& +\& if (key\->expire < now() \- RENEW_TIME) { +\& /* +\& * return 2 \- This session will get a new ticket even though the +\& * current one is still valid. +\& */ +\& return 2; +\& } +\& return 1; +\& } +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_set_session\fR\|(3), +\&\fISSL_session_reused\fR\|(3), +\&\fISSL_CTX_add_session\fR\|(3), +\&\fISSL_CTX_sess_number\fR\|(3), +\&\fISSL_CTX_sess_set_get_cb\fR\|(3), +\&\fISSL_CTX_set_session_id_context\fR\|(3), +.SH "HISTORY" +.IX Header "HISTORY" +The \fISSL_CTX_set_tlsext_ticket_key_cb()\fR function was deprecated in OpenSSL 3.0. +.PP +The \fISSL_CTX_set_tlsext_ticket_key_evp_cb()\fR function was introduced in +OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2014\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CTX_set_tlsext_use_srtp.3 b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_tlsext_use_srtp.3 new file mode 100755 index 0000000..d6f202c --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_tlsext_use_srtp.3 @@ -0,0 +1,227 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_TLSEXT_USE_SRTP 3" +.TH SSL_CTX_SET_TLSEXT_USE_SRTP 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_tlsext_use_srtp, +SSL_set_tlsext_use_srtp, +SSL_get_srtp_profiles, +SSL_get_selected_srtp_profile +\&\- Configure and query SRTP support +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles); +\& int SSL_set_tlsext_use_srtp(SSL *ssl, const char *profiles); +\& +\& STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl); +\& SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1SRTP\s0 is the Secure Real-Time Transport Protocol. OpenSSL implements support for +the \*(L"use_srtp\*(R" \s-1DTLS\s0 extension defined in \s-1RFC5764\s0. This provides a mechanism for +establishing \s-1SRTP\s0 keying material, algorithms and parameters using \s-1DTLS\s0. This +capability may be used as part of an implementation that conforms to \s-1RFC5763\s0. +OpenSSL does not implement \s-1SRTP\s0 itself or \s-1RFC5763\s0. Note that OpenSSL does not +support the use of \s-1SRTP\s0 Master Key Identifiers (MKIs). Also note that this +extension is only supported in \s-1DTLS\s0. Any \s-1SRTP\s0 configuration will be ignored if a +\&\s-1TLS\s0 connection is attempted. +.PP +An OpenSSL client wishing to send the \*(L"use_srtp\*(R" extension should call +\&\fISSL_CTX_set_tlsext_use_srtp()\fR to set its use for all \s-1SSL\s0 objects subsequently +created from an \s-1SSL_CTX\s0. Alternatively a client may call +\&\fISSL_set_tlsext_use_srtp()\fR to set its use for an individual \s-1SSL\s0 object. The +\&\fBprofiles\fR parameters should point to a NUL-terminated, colon delimited list of +\&\s-1SRTP\s0 protection profile names. +.PP +The currently supported protection profile names are: +.IP "\s-1SRTP_AES128_CM_SHA1_80\s0" 4 +.IX Item "SRTP_AES128_CM_SHA1_80" +This corresponds to \s-1SRTP_AES128_CM_HMAC_SHA1_80\s0 defined in \s-1RFC5764\s0. +.IP "\s-1SRTP_AES128_CM_SHA1_32\s0" 4 +.IX Item "SRTP_AES128_CM_SHA1_32" +This corresponds to \s-1SRTP_AES128_CM_HMAC_SHA1_32\s0 defined in \s-1RFC5764\s0. +.IP "\s-1SRTP_AEAD_AES_128_GCM\s0" 4 +.IX Item "SRTP_AEAD_AES_128_GCM" +This corresponds to the profile of the same name defined in \s-1RFC7714\s0. +.IP "\s-1SRTP_AEAD_AES_256_GCM\s0" 4 +.IX Item "SRTP_AEAD_AES_256_GCM" +This corresponds to the profile of the same name defined in \s-1RFC7714\s0. +.PP +Supplying an unrecognised protection profile name will result in an error. +.PP +An OpenSSL server wishing to support the \*(L"use_srtp\*(R" extension should also call +\&\fISSL_CTX_set_tlsext_use_srtp()\fR or \fISSL_set_tlsext_use_srtp()\fR to indicate the +protection profiles that it is willing to negotiate. +.PP +The currently configured list of protection profiles for either a client or a +server can be obtained by calling \fISSL_get_srtp_profiles()\fR. This returns a stack +of \s-1SRTP_PROTECTION_PROFILE\s0 objects. The memory pointed to in the return value of +this function should not be freed by the caller. +.PP +After a handshake has been completed the negotiated \s-1SRTP\s0 protection profile (if +any) can be obtained (on the client or the server) by calling +\&\fISSL_get_selected_srtp_profile()\fR. This function will return \s-1NULL\s0 if no \s-1SRTP\s0 +protection profile was negotiated. The memory returned from this function should +not be freed by the caller. +.PP +If an \s-1SRTP\s0 protection profile has been successfully negotiated then the \s-1SRTP\s0 +keying material (on both the client and server) should be obtained via a call to +\&\fISSL_export_keying_material\fR\|(3). This call should provide a label value of +\&\*(L"EXTRACTOR\-dtls_srtp\*(R" and a \s-1NULL\s0 context value (use_context is 0). The total +length of keying material obtained should be equal to two times the sum of the +master key length and the salt length as defined for the protection profile in +use. This provides the client write master key, the server write master key, the +client write master salt and the server write master salt in that order. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_tlsext_use_srtp()\fR and \fISSL_set_tlsext_use_srtp()\fR return 0 on success +or 1 on error. +.PP +\&\fISSL_get_srtp_profiles()\fR returns a stack of \s-1SRTP_PROTECTION_PROFILE\s0 objects on +success or \s-1NULL\s0 on error or if no protection profiles have been configured. +.PP +\&\fISSL_get_selected_srtp_profile()\fR returns a pointer to an \s-1SRTP_PROTECTION_PROFILE\s0 +object if one has been negotiated or \s-1NULL\s0 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_export_keying_material\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CTX_set_tmp_dh_callback.3 b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_tmp_dh_callback.3 new file mode 100755 index 0000000..b34cb27 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_tmp_dh_callback.3 @@ -0,0 +1,260 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_TMP_DH_CALLBACK 3" +.TH SSL_CTX_SET_TMP_DH_CALLBACK 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh, SSL_set_tmp_dh_callback, SSL_set_tmp_dh \- handle DH keys for ephemeral key exchange +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, +\& DH *(*tmp_dh_callback)(SSL *ssl, int is_export, +\& int keylength)); +\& long SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh); +\& +\& void SSL_set_tmp_dh_callback(SSL *ctx, +\& DH *(*tmp_dh_callback)(SSL *ssl, int is_export, +\& int keylength)); +\& long SSL_set_tmp_dh(SSL *ssl, DH *dh) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_tmp_dh_callback()\fR sets the callback function for \fBctx\fR to be +used when a \s-1DH\s0 parameters are required to \fBtmp_dh_callback\fR. +The callback is inherited by all \fBssl\fR objects created from \fBctx\fR. +.PP +\&\fISSL_CTX_set_tmp_dh()\fR sets \s-1DH\s0 parameters to be used to be \fBdh\fR. +The key is inherited by all \fBssl\fR objects created from \fBctx\fR. +.PP +\&\fISSL_set_tmp_dh_callback()\fR sets the callback only for \fBssl\fR. +.PP +\&\fISSL_set_tmp_dh()\fR sets the parameters only for \fBssl\fR. +.PP +These functions apply to \s-1SSL/TLS\s0 servers only. +.SH "NOTES" +.IX Header "NOTES" +When using a cipher with \s-1RSA\s0 authentication, an ephemeral \s-1DH\s0 key exchange +can take place. Ciphers with \s-1DSA\s0 keys always use ephemeral \s-1DH\s0 keys as well. +In these cases, the session data are negotiated using the +ephemeral/temporary \s-1DH\s0 key and the key supplied and certified +by the certificate chain is only used for signing. +Anonymous ciphers (without a permanent server key) also use ephemeral \s-1DH\s0 keys. +.PP +Using ephemeral \s-1DH\s0 key exchange yields forward secrecy, as the connection +can only be decrypted, when the \s-1DH\s0 key is known. By generating a temporary +\&\s-1DH\s0 key inside the server application that is lost when the application +is left, it becomes impossible for an attacker to decrypt past sessions, +even if he gets hold of the normal (certified) key, as this key was +only used for signing. +.PP +In order to perform a \s-1DH\s0 key exchange the server must use a \s-1DH\s0 group +(\s-1DH\s0 parameters) and generate a \s-1DH\s0 key. The server will always generate +a new \s-1DH\s0 key during the negotiation. +.PP +As generating \s-1DH\s0 parameters is extremely time consuming, an application +should not generate the parameters on the fly but supply the parameters. +\&\s-1DH\s0 parameters can be reused, as the actual key is newly generated during +the negotiation. The risk in reusing \s-1DH\s0 parameters is that an attacker +may specialize on a very often used \s-1DH\s0 group. Applications should therefore +generate their own \s-1DH\s0 parameters during the installation process using the +openssl \fIopenssl\-dhparam\fR\|(1) application. This application +guarantees that \*(L"strong\*(R" primes are used. +.PP +Files dh2048.pem, and dh4096.pem in the 'apps' directory of the current +version of the OpenSSL distribution contain the '\s-1SKIP\s0' \s-1DH\s0 parameters, +which use safe primes and were generated verifiably pseudo-randomly. +These files can be converted into C code using the \fB\-C\fR option of the +\&\fIopenssl\-dhparam\fR\|(1) application. Generation of custom \s-1DH\s0 +parameters during installation should still be preferred to stop an +attacker from specializing on a commonly used group. File dh1024.pem +contains old parameters that must not be used by applications. +.PP +An application may either directly specify the \s-1DH\s0 parameters or +can supply the \s-1DH\s0 parameters via a callback function. +.PP +Previous versions of the callback used \fBis_export\fR and \fBkeylength\fR +parameters to control parameter generation for export and non-export +cipher suites. Modern servers that do not support export cipher suites +are advised to either use \fISSL_CTX_set_tmp_dh()\fR or alternatively, use +the callback but ignore \fBkeylength\fR and \fBis_export\fR and simply +supply at least 2048\-bit parameters in the callback. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_tmp_dh_callback()\fR and \fISSL_set_tmp_dh_callback()\fR do not return +diagnostic output. +.PP +\&\fISSL_CTX_set_tmp_dh()\fR and \fISSL_set_tmp_dh()\fR do return 1 on success and 0 +on failure. Check the error queue to find out the reason of failure. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Setup \s-1DH\s0 parameters with a key length of 2048 bits. (Error handling +partly left out.) +.PP +Command-line parameter generation: +.PP +.Vb 1 +\& $ openssl dhparam \-out dh_param_2048.pem 2048 +.Ve +.PP +Code for setting up parameters during server initialization: +.PP +.Vb 1 +\& SSL_CTX ctx = SSL_CTX_new(); +\& +\& DH *dh_2048 = NULL; +\& FILE *paramfile = fopen("dh_param_2048.pem", "r"); +\& +\& if (paramfile) { +\& dh_2048 = PEM_read_DHparams(paramfile, NULL, NULL, NULL); +\& fclose(paramfile); +\& } else { +\& /* Error. */ +\& } +\& if (dh_2048 == NULL) +\& /* Error. */ +\& if (SSL_CTX_set_tmp_dh(ctx, dh_2048) != 1) +\& /* Error. */ +\& ... +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_CTX_set_cipher_list\fR\|(3), +\&\fISSL_CTX_set_options\fR\|(3), +\&\fIopenssl\-ciphers\fR\|(1), \fIopenssl\-dhparam\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CTX_set_tmp_ecdh.3 b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_tmp_ecdh.3 new file mode 100755 index 0000000..e62a98c --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_tmp_ecdh.3 @@ -0,0 +1,173 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_TMP_ECDH 3" +.TH SSL_CTX_SET_TMP_ECDH 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_tmp_ecdh, SSL_set_tmp_ecdh, SSL_CTX_set_ecdh_auto, SSL_set_ecdh_auto +\&\- handle ECDH keys for ephemeral key exchange +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_set_tmp_ecdh(SSL_CTX *ctx, const EC_KEY *ecdh); +\& long SSL_set_tmp_ecdh(SSL *ssl, const EC_KEY *ecdh); +\& +\& long SSL_CTX_set_ecdh_auto(SSL_CTX *ctx, int state); +\& long SSL_set_ecdh_auto(SSL *ssl, int state); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_tmp_ecdh()\fR sets \s-1ECDH\s0 parameters to be used to be \fBecdh\fR. +The key is inherited by all \fBssl\fR objects created from \fBctx\fR. +This macro is deprecated in favor of \fISSL_CTX_set1_groups\fR\|(3). +.PP +\&\fISSL_set_tmp_ecdh()\fR sets the parameters only for \fBssl\fR. +This macro is deprecated in favor of \fISSL_set1_groups\fR\|(3). +.PP +\&\fISSL_CTX_set_ecdh_auto()\fR and \fISSL_set_ecdh_auto()\fR are deprecated and +have no effect. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_tmp_ecdh()\fR and \fISSL_set_tmp_ecdh()\fR return 1 on success and 0 +on failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_CTX_set1_curves\fR\|(3), \fISSL_CTX_set_cipher_list\fR\|(3), +\&\fISSL_CTX_set_options\fR\|(3), \fISSL_CTX_set_tmp_dh_callback\fR\|(3), +\&\fIopenssl\-ciphers\fR\|(1), \fIopenssl\-ecparam\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CTX_set_verify.3 b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_verify.3 new file mode 100755 index 0000000..c5f8cee --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CTX_set_verify.3 @@ -0,0 +1,470 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_VERIFY 3" +.TH SSL_CTX_SET_VERIFY 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_ex_data_X509_STORE_CTX_idx, +SSL_CTX_set_verify, SSL_set_verify, +SSL_CTX_set_verify_depth, SSL_set_verify_depth, +SSL_verify_cb, +SSL_verify_client_post_handshake, +SSL_set_post_handshake_auth, +SSL_CTX_set_post_handshake_auth +\&\- set peer certificate verification parameters +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx); +\& +\& void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, SSL_verify_cb verify_callback); +\& void SSL_set_verify(SSL *ssl, int mode, SSL_verify_cb verify_callback); +\& SSL_get_ex_data_X509_STORE_CTX_idx(void); +\& +\& void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth); +\& void SSL_set_verify_depth(SSL *ssl, int depth); +\& +\& int SSL_verify_client_post_handshake(SSL *ssl); +\& void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val); +\& void SSL_set_post_handshake_auth(SSL *ssl, int val); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_verify()\fR sets the verification flags for \fBctx\fR to be \fBmode\fR and +specifies the \fBverify_callback\fR function to be used. If no callback function +shall be specified, the \s-1NULL\s0 pointer can be used for \fBverify_callback\fR. +.PP +\&\fISSL_set_verify()\fR sets the verification flags for \fBssl\fR to be \fBmode\fR and +specifies the \fBverify_callback\fR function to be used. If no callback function +shall be specified, the \s-1NULL\s0 pointer can be used for \fBverify_callback\fR. In +this case last \fBverify_callback\fR set specifically for this \fBssl\fR remains. If +no special \fBcallback\fR was set before, the default callback for the underlying +\&\fBctx\fR is used, that was valid at the time \fBssl\fR was created with +\&\fISSL_new\fR\|(3). Within the callback function, +\&\fBSSL_get_ex_data_X509_STORE_CTX_idx\fR can be called to get the data index +of the current \s-1SSL\s0 object that is doing the verification. +.PP +\&\fISSL_CTX_set_verify_depth()\fR sets the maximum \fBdepth\fR for the certificate chain +verification that shall be allowed for \fBctx\fR. +.PP +\&\fISSL_set_verify_depth()\fR sets the maximum \fBdepth\fR for the certificate chain +verification that shall be allowed for \fBssl\fR. +.PP +\&\fISSL_CTX_set_post_handshake_auth()\fR and \fISSL_set_post_handshake_auth()\fR enable the +Post-Handshake Authentication extension to be added to the ClientHello such that +post-handshake authentication can be requested by the server. If \fBval\fR is 0 +then the extension is not sent, otherwise it is. By default the extension is not +sent. A certificate callback will need to be set via +\&\fISSL_CTX_set_client_cert_cb()\fR if no certificate is provided at initialization. +.PP +\&\fISSL_verify_client_post_handshake()\fR causes a CertificateRequest message to be +sent by a server on the given \fBssl\fR connection. The \s-1SSL_VERIFY_PEER\s0 flag must +be set; the \s-1SSL_VERIFY_POST_HANDSHAKE\s0 flag is optional. +.SH "NOTES" +.IX Header "NOTES" +The verification of certificates can be controlled by a set of logically +or'ed \fBmode\fR flags: +.IP "\s-1SSL_VERIFY_NONE\s0" 4 +.IX Item "SSL_VERIFY_NONE" +\&\fBServer mode:\fR the server will not send a client certificate request to the +client, so the client will not send a certificate. +.Sp +\&\fBClient mode:\fR if not using an anonymous cipher (by default disabled), the +server will send a certificate which will be checked. The result of the +certificate verification process can be checked after the \s-1TLS/SSL\s0 handshake +using the \fISSL_get_verify_result\fR\|(3) function. +The handshake will be continued regardless of the verification result. +.IP "\s-1SSL_VERIFY_PEER\s0" 4 +.IX Item "SSL_VERIFY_PEER" +\&\fBServer mode:\fR the server sends a client certificate request to the client. +The certificate returned (if any) is checked. If the verification process +fails, the \s-1TLS/SSL\s0 handshake is +immediately terminated with an alert message containing the reason for +the verification failure. +The behaviour can be controlled by the additional +\&\s-1SSL_VERIFY_FAIL_IF_NO_PEER_CERT\s0, \s-1SSL_VERIFY_CLIENT_ONCE\s0 and +\&\s-1SSL_VERIFY_POST_HANDSHAKE\s0 flags. +.Sp +\&\fBClient mode:\fR the server certificate is verified. If the verification process +fails, the \s-1TLS/SSL\s0 handshake is +immediately terminated with an alert message containing the reason for +the verification failure. If no server certificate is sent, because an +anonymous cipher is used, \s-1SSL_VERIFY_PEER\s0 is ignored. +.IP "\s-1SSL_VERIFY_FAIL_IF_NO_PEER_CERT\s0" 4 +.IX Item "SSL_VERIFY_FAIL_IF_NO_PEER_CERT" +\&\fBServer mode:\fR if the client did not return a certificate, the \s-1TLS/SSL\s0 +handshake is immediately terminated with a \*(L"handshake failure\*(R" alert. +This flag must be used together with \s-1SSL_VERIFY_PEER\s0. +.Sp +\&\fBClient mode:\fR ignored (see \s-1BUGS\s0) +.IP "\s-1SSL_VERIFY_CLIENT_ONCE\s0" 4 +.IX Item "SSL_VERIFY_CLIENT_ONCE" +\&\fBServer mode:\fR only request a client certificate once during the +connection. Do not ask for a client certificate again during +renegotiation or post-authentication if a certificate was requested +during the initial handshake. This flag must be used together with +\&\s-1SSL_VERIFY_PEER\s0. +.Sp +\&\fBClient mode:\fR ignored (see \s-1BUGS\s0) +.IP "\s-1SSL_VERIFY_POST_HANDSHAKE\s0" 4 +.IX Item "SSL_VERIFY_POST_HANDSHAKE" +\&\fBServer mode:\fR the server will not send a client certificate request +during the initial handshake, but will send the request via +\&\fISSL_verify_client_post_handshake()\fR. This allows the \s-1SSL_CTX\s0 or \s-1SSL\s0 +to be configured for post-handshake peer verification before the +handshake occurs. This flag must be used together with +\&\s-1SSL_VERIFY_PEER\s0. TLSv1.3 only; no effect on pre\-TLSv1.3 connections. +.Sp +\&\fBClient mode:\fR ignored (see \s-1BUGS\s0) +.PP +If the \fBmode\fR is \s-1SSL_VERIFY_NONE\s0 none of the other flags may be set. +.PP +The actual verification procedure is performed either using the built-in +verification procedure or using another application provided verification +function set with +\&\fISSL_CTX_set_cert_verify_callback\fR\|(3). +The following descriptions apply in the case of the built-in procedure. An +application provided procedure also has access to the verify depth information +and the \fIverify_callback()\fR function, but the way this information is used +may be different. +.PP +\&\fISSL_CTX_set_verify_depth()\fR and \fISSL_set_verify_depth()\fR set a limit on the +number of certificates between the end-entity and trust-anchor certificates. +Neither the +end-entity nor the trust-anchor certificates count against \fBdepth\fR. If the +certificate chain needed to reach a trusted issuer is longer than \fBdepth+2\fR, +X509_V_ERR_CERT_CHAIN_TOO_LONG will be issued. +The depth count is \*(L"level 0:peer certificate\*(R", \*(L"level 1: \s-1CA\s0 certificate\*(R", +\&\*(L"level 2: higher level \s-1CA\s0 certificate\*(R", and so on. Setting the maximum +depth to 2 allows the levels 0, 1, 2 and 3 (0 being the end-entity and 3 the +trust-anchor). +The default depth limit is 100, +allowing for the peer certificate, at most 100 intermediate \s-1CA\s0 certificates and +a final trust anchor certificate. +.PP +The \fBverify_callback\fR function is used to control the behaviour when the +\&\s-1SSL_VERIFY_PEER\s0 flag is set. It must be supplied by the application and +receives two arguments: \fBpreverify_ok\fR indicates, whether the verification of +the certificate in question was passed (preverify_ok=1) or not +(preverify_ok=0). \fBx509_ctx\fR is a pointer to the complete context used +for the certificate chain verification. +.PP +The certificate chain is checked starting with the deepest nesting level +(the root \s-1CA\s0 certificate) and worked upward to the peer's certificate. +At each level signatures and issuer attributes are checked. Whenever +a verification error is found, the error number is stored in \fBx509_ctx\fR +and \fBverify_callback\fR is called with \fBpreverify_ok\fR=0. By applying +X509_CTX_store_* functions \fBverify_callback\fR can locate the certificate +in question and perform additional steps (see \s-1EXAMPLES\s0). If no error is +found for a certificate, \fBverify_callback\fR is called with \fBpreverify_ok\fR=1 +before advancing to the next level. +.PP +The return value of \fBverify_callback\fR controls the strategy of the further +verification process. If \fBverify_callback\fR returns 0, the verification +process is immediately stopped with \*(L"verification failed\*(R" state. If +\&\s-1SSL_VERIFY_PEER\s0 is set, a verification failure alert is sent to the peer and +the \s-1TLS/SSL\s0 handshake is terminated. If \fBverify_callback\fR returns 1, +the verification process is continued. If \fBverify_callback\fR always returns +1, the \s-1TLS/SSL\s0 handshake will not be terminated with respect to verification +failures and the connection will be established. The calling process can +however retrieve the error code of the last verification error using +\&\fISSL_get_verify_result\fR\|(3) or by maintaining its +own error storage managed by \fBverify_callback\fR. +.PP +If no \fBverify_callback\fR is specified, the default callback will be used. +Its return value is identical to \fBpreverify_ok\fR, so that any verification +failure will lead to a termination of the \s-1TLS/SSL\s0 handshake with an +alert message, if \s-1SSL_VERIFY_PEER\s0 is set. +.PP +After calling \fISSL_set_post_handshake_auth()\fR, the client will need to add a +certificate or certificate callback to its configuration before it can +successfully authenticate. This must be called before \fISSL_connect()\fR. +.PP +\&\fISSL_verify_client_post_handshake()\fR requires that verify flags have been +previously set, and that a client sent the post-handshake authentication +extension. When the client returns a certificate the verify callback will be +invoked. A write operation must take place for the Certificate Request to be +sent to the client, this can be done with \fISSL_do_handshake()\fR or \fISSL_write_ex()\fR. +Only one certificate request may be outstanding at any time. +.PP +When post-handshake authentication occurs, a refreshed NewSessionTicket +message is sent to the client. +.SH "BUGS" +.IX Header "BUGS" +In client mode, it is not checked whether the \s-1SSL_VERIFY_PEER\s0 flag +is set, but whether any flags other than \s-1SSL_VERIFY_NONE\s0 are set. This can +lead to unexpected behaviour if \s-1SSL_VERIFY_PEER\s0 and other flags are not used as +required. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The SSL*_set_verify*() functions do not provide diagnostic information. +.PP +The \fISSL_verify_client_post_handshake()\fR function returns 1 if the request +succeeded, and 0 if the request failed. The error stack can be examined +to determine the failure reason. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The following code sequence realizes an example \fBverify_callback\fR function +that will always continue the \s-1TLS/SSL\s0 handshake regardless of verification +failure, if wished. The callback realizes a verification depth limit with +more informational output. +.PP +All verification errors are printed; information about the certificate chain +is printed on request. +The example is realized for a server that does allow but not require client +certificates. +.PP +The example makes use of the ex_data technique to store application data +into/retrieve application data from the \s-1SSL\s0 structure +(see \fICRYPTO_get_ex_new_index\fR\|(3), +\&\fISSL_get_ex_data_X509_STORE_CTX_idx\fR\|(3)). +.PP +.Vb 7 +\& ... +\& typedef struct { +\& int verbose_mode; +\& int verify_depth; +\& int always_continue; +\& } mydata_t; +\& int mydata_index; +\& +\& ... +\& static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx) +\& { +\& char buf[256]; +\& X509 *err_cert; +\& int err, depth; +\& SSL *ssl; +\& mydata_t *mydata; +\& +\& err_cert = X509_STORE_CTX_get_current_cert(ctx); +\& err = X509_STORE_CTX_get_error(ctx); +\& depth = X509_STORE_CTX_get_error_depth(ctx); +\& +\& /* +\& * Retrieve the pointer to the SSL of the connection currently treated +\& * and the application specific data stored into the SSL object. +\& */ +\& ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()); +\& mydata = SSL_get_ex_data(ssl, mydata_index); +\& +\& X509_NAME_oneline(X509_get_subject_name(err_cert), buf, 256); +\& +\& /* +\& * Catch a too long certificate chain. The depth limit set using +\& * SSL_CTX_set_verify_depth() is by purpose set to "limit+1" so +\& * that whenever the "depth>verify_depth" condition is met, we +\& * have violated the limit and want to log this error condition. +\& * We must do it here, because the CHAIN_TOO_LONG error would not +\& * be found explicitly; only errors introduced by cutting off the +\& * additional certificates would be logged. +\& */ +\& if (depth > mydata\->verify_depth) { +\& preverify_ok = 0; +\& err = X509_V_ERR_CERT_CHAIN_TOO_LONG; +\& X509_STORE_CTX_set_error(ctx, err); +\& } +\& if (!preverify_ok) { +\& printf("verify error:num=%d:%s:depth=%d:%s\en", err, +\& X509_verify_cert_error_string(err), depth, buf); +\& } else if (mydata\->verbose_mode) { +\& printf("depth=%d:%s\en", depth, buf); +\& } +\& +\& /* +\& * At this point, err contains the last verification error. We can use +\& * it for something special +\& */ +\& if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT)) { +\& X509_NAME_oneline(X509_get_issuer_name(err_cert), buf, 256); +\& printf("issuer= %s\en", buf); +\& } +\& +\& if (mydata\->always_continue) +\& return 1; +\& else +\& return preverify_ok; +\& } +\& ... +\& +\& mydata_t mydata; +\& +\& ... +\& mydata_index = SSL_get_ex_new_index(0, "mydata index", NULL, NULL, NULL); +\& +\& ... +\& SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, +\& verify_callback); +\& +\& /* +\& * Let the verify_callback catch the verify_depth error so that we get +\& * an appropriate error in the logfile. +\& */ +\& SSL_CTX_set_verify_depth(verify_depth + 1); +\& +\& /* +\& * Set up the SSL specific data into "mydata" and store it into th SSL +\& * structure. +\& */ +\& mydata.verify_depth = verify_depth; ... +\& SSL_set_ex_data(ssl, mydata_index, &mydata); +\& +\& ... +\& SSL_accept(ssl); /* check of success left out for clarity */ +\& if (peer = SSL_get_peer_certificate(ssl)) { +\& if (SSL_get_verify_result(ssl) == X509_V_OK) { +\& /* The client sent a certificate which verified OK */ +\& } +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_new\fR\|(3), +\&\fISSL_CTX_get_verify_mode\fR\|(3), +\&\fISSL_get_verify_result\fR\|(3), +\&\fISSL_CTX_load_verify_locations\fR\|(3), +\&\fISSL_get_peer_certificate\fR\|(3), +\&\fISSL_CTX_set_cert_verify_callback\fR\|(3), +\&\fISSL_get_ex_data_X509_STORE_CTX_idx\fR\|(3), +\&\fISSL_CTX_set_client_cert_cb\fR\|(3), +\&\fICRYPTO_get_ex_new_index\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \s-1SSL_VERIFY_POST_HANDSHAKE\s0 option, and the \fISSL_verify_client_post_handshake()\fR +and \fISSL_set_post_handshake_auth()\fR functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CTX_use_certificate.3 b/linux_amd64/ssl/share/man/man3/SSL_CTX_use_certificate.3 new file mode 100755 index 0000000..066393c --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CTX_use_certificate.3 @@ -0,0 +1,326 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_USE_CERTIFICATE 3" +.TH SSL_CTX_USE_CERTIFICATE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_use_certificate, SSL_CTX_use_certificate_ASN1, +SSL_CTX_use_certificate_file, SSL_use_certificate, SSL_use_certificate_ASN1, +SSL_use_certificate_file, SSL_CTX_use_certificate_chain_file, +SSL_use_certificate_chain_file, +SSL_CTX_use_PrivateKey, SSL_CTX_use_PrivateKey_ASN1, +SSL_CTX_use_PrivateKey_file, SSL_CTX_use_RSAPrivateKey, +SSL_CTX_use_RSAPrivateKey_ASN1, SSL_CTX_use_RSAPrivateKey_file, +SSL_use_PrivateKey_file, SSL_use_PrivateKey_ASN1, SSL_use_PrivateKey, +SSL_use_RSAPrivateKey, SSL_use_RSAPrivateKey_ASN1, +SSL_use_RSAPrivateKey_file, SSL_CTX_check_private_key, SSL_check_private_key, +SSL_CTX_use_cert_and_key, SSL_use_cert_and_key +\&\- load certificate and key data +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); +\& int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d); +\& int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type); +\& int SSL_use_certificate(SSL *ssl, X509 *x); +\& int SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len); +\& int SSL_use_certificate_file(SSL *ssl, const char *file, int type); +\& +\& int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); +\& int SSL_use_certificate_chain_file(SSL *ssl, const char *file); +\& +\& int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); +\& int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, unsigned char *d, +\& long len); +\& int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type); +\& int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); +\& int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len); +\& int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type); +\& int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); +\& int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, unsigned char *d, long len); +\& int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type); +\& int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); +\& int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len); +\& int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); +\& +\& int SSL_CTX_check_private_key(const SSL_CTX *ctx); +\& int SSL_check_private_key(const SSL *ssl); +\& +\& int SSL_CTX_use_cert_and_key(SSL_CTX *ctx, X509 *x, EVP_PKEY *pkey, STACK_OF(X509) *chain, int override); +\& int SSL_use_cert_and_key(SSL *ssl, X509 *x, EVP_PKEY *pkey, STACK_OF(X509) *chain, int override); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions load the certificates and private keys into the \s-1SSL_CTX\s0 +or \s-1SSL\s0 object, respectively. +.PP +The SSL_CTX_* class of functions loads the certificates and keys into the +\&\s-1SSL_CTX\s0 object \fBctx\fR. The information is passed to \s-1SSL\s0 objects \fBssl\fR +created from \fBctx\fR with \fISSL_new\fR\|(3) by copying, so that +changes applied to \fBctx\fR do not propagate to already existing \s-1SSL\s0 objects. +.PP +The SSL_* class of functions only loads certificates and keys into a +specific \s-1SSL\s0 object. The specific information is kept, when +\&\fISSL_clear\fR\|(3) is called for this \s-1SSL\s0 object. +.PP +\&\fISSL_CTX_use_certificate()\fR loads the certificate \fBx\fR into \fBctx\fR, +\&\fISSL_use_certificate()\fR loads \fBx\fR into \fBssl\fR. The rest of the +certificates needed to form the complete certificate chain can be +specified using the +\&\fISSL_CTX_add_extra_chain_cert\fR\|(3) +function. +.PP +\&\fISSL_CTX_use_certificate_ASN1()\fR loads the \s-1ASN1\s0 encoded certificate from +the memory location \fBd\fR (with length \fBlen\fR) into \fBctx\fR, +\&\fISSL_use_certificate_ASN1()\fR loads the \s-1ASN1\s0 encoded certificate into \fBssl\fR. +.PP +\&\fISSL_CTX_use_certificate_file()\fR loads the first certificate stored in \fBfile\fR +into \fBctx\fR. The formatting \fBtype\fR of the certificate must be specified +from the known types \s-1SSL_FILETYPE_PEM\s0, \s-1SSL_FILETYPE_ASN1\s0. +\&\fISSL_use_certificate_file()\fR loads the certificate from \fBfile\fR into \fBssl\fR. +See the \s-1NOTES\s0 section on why \fISSL_CTX_use_certificate_chain_file()\fR +should be preferred. +.PP +\&\fISSL_CTX_use_certificate_chain_file()\fR loads a certificate chain from +\&\fBfile\fR into \fBctx\fR. The certificates must be in \s-1PEM\s0 format and must +be sorted starting with the subject's certificate (actual client or server +certificate), followed by intermediate \s-1CA\s0 certificates if applicable, and +ending at the highest level (root) \s-1CA\s0. \fISSL_use_certificate_chain_file()\fR is +similar except it loads the certificate chain into \fBssl\fR. +.PP +\&\fISSL_CTX_use_PrivateKey()\fR adds \fBpkey\fR as private key to \fBctx\fR. +\&\fISSL_CTX_use_RSAPrivateKey()\fR adds the private key \fBrsa\fR of type \s-1RSA\s0 +to \fBctx\fR. \fISSL_use_PrivateKey()\fR adds \fBpkey\fR as private key to \fBssl\fR; +\&\fISSL_use_RSAPrivateKey()\fR adds \fBrsa\fR as private key of type \s-1RSA\s0 to \fBssl\fR. +If a certificate has already been set and the private does not belong +to the certificate an error is returned. To change a certificate, private +key pair the new certificate needs to be set with \fISSL_use_certificate()\fR +or \fISSL_CTX_use_certificate()\fR before setting the private key with +\&\fISSL_CTX_use_PrivateKey()\fR or \fISSL_use_PrivateKey()\fR. +.PP +\&\fISSL_CTX_use_cert_and_key()\fR and \fISSL_use_cert_and_key()\fR assign the X.509 +certificate \fBx\fR, private key \fBkey\fR, and certificate \fBchain\fR onto the +corresponding \fBssl\fR or \fBctx\fR. The \fBpkey\fR argument must be the private +key of the X.509 certificate \fBx\fR. If the \fBoverride\fR argument is 0, then +\&\fBx\fR, \fBpkey\fR and \fBchain\fR are set only if all were not previously set. +If \fBoverride\fR is non\-0, then the certificate, private key and chain certs +are always set. If \fBpkey\fR is \s-1NULL\s0, then the public key of \fBx\fR is used as +the private key. This is intended to be used with hardware (via the \s-1ENGINE\s0 +interface) that stores the private key securely, such that it cannot be +accessed by OpenSSL. The reference count of the public key is incremented +(twice if there is no private key); it is not copied nor duplicated. This +allows all private key validations checks to succeed without an actual +private key being assigned via \fISSL_CTX_use_PrivateKey()\fR, etc. +.PP +\&\fISSL_CTX_use_PrivateKey_ASN1()\fR adds the private key of type \fBpk\fR +stored at memory location \fBd\fR (length \fBlen\fR) to \fBctx\fR. +\&\fISSL_CTX_use_RSAPrivateKey_ASN1()\fR adds the private key of type \s-1RSA\s0 +stored at memory location \fBd\fR (length \fBlen\fR) to \fBctx\fR. +\&\fISSL_use_PrivateKey_ASN1()\fR and \fISSL_use_RSAPrivateKey_ASN1()\fR add the private +key to \fBssl\fR. +.PP +\&\fISSL_CTX_use_PrivateKey_file()\fR adds the first private key found in +\&\fBfile\fR to \fBctx\fR. The formatting \fBtype\fR of the private key must be specified +from the known types \s-1SSL_FILETYPE_PEM\s0, \s-1SSL_FILETYPE_ASN1\s0. +\&\fISSL_CTX_use_RSAPrivateKey_file()\fR adds the first private \s-1RSA\s0 key found in +\&\fBfile\fR to \fBctx\fR. \fISSL_use_PrivateKey_file()\fR adds the first private key found +in \fBfile\fR to \fBssl\fR; \fISSL_use_RSAPrivateKey_file()\fR adds the first private +\&\s-1RSA\s0 key found to \fBssl\fR. +.PP +\&\fISSL_CTX_check_private_key()\fR checks the consistency of a private key with +the corresponding certificate loaded into \fBctx\fR. If more than one +key/certificate pair (\s-1RSA/DSA\s0) is installed, the last item installed will +be checked. If e.g. the last item was a \s-1RSA\s0 certificate or key, the \s-1RSA\s0 +key/certificate pair will be checked. \fISSL_check_private_key()\fR performs +the same check for \fBssl\fR. If no key/certificate was explicitly added for +this \fBssl\fR, the last item added into \fBctx\fR will be checked. +.SH "NOTES" +.IX Header "NOTES" +The internal certificate store of OpenSSL can hold several private +key/certificate pairs at a time. The certificate used depends on the +cipher selected, see also \fISSL_CTX_set_cipher_list\fR\|(3). +.PP +When reading certificates and private keys from file, files of type +\&\s-1SSL_FILETYPE_ASN1\s0 (also known as \fB\s-1DER\s0\fR, binary encoding) can only contain +one certificate or private key, consequently +\&\fISSL_CTX_use_certificate_chain_file()\fR is only applicable to \s-1PEM\s0 formatting. +Files of type \s-1SSL_FILETYPE_PEM\s0 can contain more than one item. +.PP +\&\fISSL_CTX_use_certificate_chain_file()\fR adds the first certificate found +in the file to the certificate store. The other certificates are added +to the store of chain certificates using \fISSL_CTX_add1_chain_cert\fR\|(3). Note: versions of OpenSSL before 1.0.2 only had a single +certificate chain store for all certificate types, OpenSSL 1.0.2 and later +have a separate chain store for each type. \fISSL_CTX_use_certificate_chain_file()\fR +should be used instead of the \fISSL_CTX_use_certificate_file()\fR function in order +to allow the use of complete certificate chains even when no trusted \s-1CA\s0 +storage is used or when the \s-1CA\s0 issuing the certificate shall not be added to +the trusted \s-1CA\s0 storage. +.PP +If additional certificates are needed to complete the chain during the +\&\s-1TLS\s0 negotiation, \s-1CA\s0 certificates are additionally looked up in the +locations of trusted \s-1CA\s0 certificates, see +\&\fISSL_CTX_load_verify_locations\fR\|(3). +.PP +The private keys loaded from file can be encrypted. In order to successfully +load encrypted keys, a function returning the passphrase must have been +supplied, see +\&\fISSL_CTX_set_default_passwd_cb\fR\|(3). +(Certificate files might be encrypted as well from the technical point +of view, it however does not make sense as the data in the certificate +is considered public anyway.) +.PP +All of the functions to set a new certificate will replace any existing +certificate of the same type that has already been set. Similarly all of the +functions to set a new private key will replace any private key that has already +been set. Applications should call \fISSL_CTX_check_private_key\fR\|(3) or +\&\fISSL_check_private_key\fR\|(3) as appropriate after loading a new certificate and +private key to confirm that the certificate and key match. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +On success, the functions return 1. +Otherwise check out the error stack to find out the reason. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_new\fR\|(3), \fISSL_clear\fR\|(3), +\&\fISSL_CTX_load_verify_locations\fR\|(3), +\&\fISSL_CTX_set_default_passwd_cb\fR\|(3), +\&\fISSL_CTX_set_cipher_list\fR\|(3), +\&\fISSL_CTX_set_client_CA_list\fR\|(3), +\&\fISSL_CTX_set_client_cert_cb\fR\|(3), +\&\fISSL_CTX_add_extra_chain_cert\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CTX_use_psk_identity_hint.3 b/linux_amd64/ssl/share/man/man3/SSL_CTX_use_psk_identity_hint.3 new file mode 100755 index 0000000..8bc1b13 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CTX_use_psk_identity_hint.3 @@ -0,0 +1,268 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_USE_PSK_IDENTITY_HINT 3" +.TH SSL_CTX_USE_PSK_IDENTITY_HINT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_psk_server_cb_func, +SSL_psk_find_session_cb_func, +SSL_CTX_use_psk_identity_hint, +SSL_use_psk_identity_hint, +SSL_CTX_set_psk_server_callback, +SSL_set_psk_server_callback, +SSL_CTX_set_psk_find_session_callback, +SSL_set_psk_find_session_callback +\&\- set PSK identity hint to use +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef int (*SSL_psk_find_session_cb_func)(SSL *ssl, +\& const unsigned char *identity, +\& size_t identity_len, +\& SSL_SESSION **sess); +\& +\& +\& void SSL_CTX_set_psk_find_session_callback(SSL_CTX *ctx, +\& SSL_psk_find_session_cb_func cb); +\& void SSL_set_psk_find_session_callback(SSL *s, SSL_psk_find_session_cb_func cb); +\& +\& typedef unsigned int (*SSL_psk_server_cb_func)(SSL *ssl, +\& const char *identity, +\& unsigned char *psk, +\& unsigned int max_psk_len); +\& +\& int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *hint); +\& int SSL_use_psk_identity_hint(SSL *ssl, const char *hint); +\& +\& void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb); +\& void SSL_set_psk_server_callback(SSL *ssl, SSL_psk_server_cb_func cb); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A server application wishing to use TLSv1.3 PSKs should set a callback +using either \fISSL_CTX_set_psk_find_session_callback()\fR or +\&\fISSL_set_psk_find_session_callback()\fR as appropriate. +.PP +The callback function is given a pointer to the \s-1SSL\s0 connection in \fBssl\fR and +an identity in \fBidentity\fR of length \fBidentity_len\fR. The callback function +should identify an \s-1SSL_SESSION\s0 object that provides the \s-1PSK\s0 details and store it +in \fB*sess\fR. The \s-1SSL_SESSION\s0 object should, as a minimum, set the master key, +the ciphersuite and the protocol version. See +\&\fISSL_CTX_set_psk_use_session_callback\fR\|(3) for details. +.PP +It is also possible for the callback to succeed but not supply a \s-1PSK\s0. In this +case no \s-1PSK\s0 will be used but the handshake will continue. To do this the +callback should return successfully and ensure that \fB*sess\fR is +\&\s-1NULL\s0. +.PP +Identity hints are not relevant for TLSv1.3. A server application wishing to use +\&\s-1PSK\s0 ciphersuites for TLSv1.2 and below may call \fISSL_CTX_use_psk_identity_hint()\fR +to set the given \fB\s-1NUL\s0\fR\-terminated \s-1PSK\s0 identity hint \fBhint\fR for \s-1SSL\s0 context +object \fBctx\fR. \fISSL_use_psk_identity_hint()\fR sets the given \fB\s-1NUL\s0\fR\-terminated \s-1PSK\s0 +identity hint \fBhint\fR for the \s-1SSL\s0 connection object \fBssl\fR. If \fBhint\fR is +\&\fB\s-1NULL\s0\fR the current hint from \fBctx\fR or \fBssl\fR is deleted. +.PP +In the case where \s-1PSK\s0 identity hint is \fB\s-1NULL\s0\fR, the server does not send the +ServerKeyExchange message to the client. +.PP +A server application wishing to use PSKs for TLSv1.2 and below must provide a +callback function which is called when the server receives the +ClientKeyExchange message from the client. The purpose of the callback function +is to validate the received \s-1PSK\s0 identity and to fetch the pre-shared key used +during the connection setup phase. The callback is set using the functions +\&\fISSL_CTX_set_psk_server_callback()\fR or \fISSL_set_psk_server_callback()\fR. The callback +function is given the connection in parameter \fBssl\fR, \fB\s-1NUL\s0\fR\-terminated \s-1PSK\s0 +identity sent by the client in parameter \fBidentity\fR, and a buffer \fBpsk\fR of +length \fBmax_psk_len\fR bytes where the pre-shared key is to be stored. +.PP +The callback for use in TLSv1.2 will also work in TLSv1.3 although it is +recommended to use \fISSL_CTX_set_psk_find_session_callback()\fR +or \fISSL_set_psk_find_session_callback()\fR for this purpose instead. If TLSv1.3 has +been negotiated then OpenSSL will first check to see if a callback has been set +via \fISSL_CTX_set_psk_find_session_callback()\fR or \fISSL_set_psk_find_session_callback()\fR +and it will use that in preference. If no such callback is present then it will +check to see if a callback has been set via \fISSL_CTX_set_psk_server_callback()\fR or +\&\fISSL_set_psk_server_callback()\fR and use that. In this case the handshake digest +will default to \s-1SHA\-256\s0 for any returned \s-1PSK\s0. +.PP +A connection established via a TLSv1.3 \s-1PSK\s0 will appear as if session resumption +has occurred so that \fISSL_session_reused\fR\|(3) will return true. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fB\f(BISSL_CTX_use_psk_identity_hint()\fB\fR and \fB\f(BISSL_use_psk_identity_hint()\fB\fR return +1 on success, 0 otherwise. +.PP +Return values from the TLSv1.2 and below server callback are interpreted as +follows: +.IP "0" 4 +\&\s-1PSK\s0 identity was not found. An \*(L"unknown_psk_identity\*(R" alert message +will be sent and the connection setup fails. +.IP ">0" 4 +.IX Item ">0" +\&\s-1PSK\s0 identity was found and the server callback has provided the \s-1PSK\s0 +successfully in parameter \fBpsk\fR. Return value is the length of +\&\fBpsk\fR in bytes. It is an error to return a value greater than +\&\fBmax_psk_len\fR. +.Sp +If the \s-1PSK\s0 identity was not found but the callback instructs the +protocol to continue anyway, the callback must provide some random +data to \fBpsk\fR and return the length of the random data, so the +connection will fail with decryption_error before it will be finished +completely. +.PP +The \fBSSL_psk_find_session_cb_func\fR callback should return 1 on success or 0 on +failure. In the event of failure the connection setup fails. +.SH "NOTES" +.IX Header "NOTES" +There are no known security issues with sharing the same \s-1PSK\s0 between TLSv1.2 (or +below) and TLSv1.3. However the \s-1RFC\s0 has this note of caution: +.PP +\&\*(L"While there is no known way in which the same \s-1PSK\s0 might produce related output +in both versions, only limited analysis has been done. Implementations can +ensure safety from cross-protocol related output by not reusing PSKs between +\&\s-1TLS\s0 1.3 and \s-1TLS\s0 1.2.\*(R" +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_CTX_set_psk_use_session_callback\fR\|(3), +\&\fISSL_set_psk_use_session_callback\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fISSL_CTX_set_psk_find_session_callback()\fR and \fISSL_set_psk_find_session_callback()\fR +were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_CTX_use_serverinfo.3 b/linux_amd64/ssl/share/man/man3/SSL_CTX_use_serverinfo.3 new file mode 100755 index 0000000..cb21339 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_CTX_use_serverinfo.3 @@ -0,0 +1,212 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_USE_SERVERINFO 3" +.TH SSL_CTX_USE_SERVERINFO 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_use_serverinfo_ex, +SSL_CTX_use_serverinfo, +SSL_CTX_use_serverinfo_file +\&\- use serverinfo extension +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_use_serverinfo_ex(SSL_CTX *ctx, unsigned int version, +\& const unsigned char *serverinfo, +\& size_t serverinfo_length); +\& +\& int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo, +\& size_t serverinfo_length); +\& +\& int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions load \*(L"serverinfo\*(R" \s-1TLS\s0 extensions into the \s-1SSL_CTX\s0. A +\&\*(L"serverinfo\*(R" extension is returned in response to an empty ClientHello +Extension. +.PP +\&\fISSL_CTX_use_serverinfo_ex()\fR loads one or more serverinfo extensions from +a byte array into \fBctx\fR. The \fBversion\fR parameter specifies the format of the +byte array provided in \fB*serverinfo\fR which is of length \fBserverinfo_length\fR. +.PP +If \fBversion\fR is \fB\s-1SSL_SERVERINFOV2\s0\fR then the extensions in the array must +consist of a 4\-byte context, a 2\-byte Extension Type, a 2\-byte length, and then +length bytes of extension_data. The context and type values have the same +meaning as for \fISSL_CTX_add_custom_ext\fR\|(3). If serverinfo is being loaded for +extensions to be added to a Certificate message, then the extension will only +be added for the first certificate in the message (which is always the +end-entity certificate). +.PP +If \fBversion\fR is \fB\s-1SSL_SERVERINFOV1\s0\fR then the extensions in the array must +consist of a 2\-byte Extension Type, a 2\-byte length, and then length bytes of +extension_data. The type value has the same meaning as for +\&\fISSL_CTX_add_custom_ext\fR\|(3). The following default context value will be used +in this case: +.PP +.Vb 2 +\& SSL_EXT_TLS1_2_AND_BELOW_ONLY | SSL_EXT_CLIENT_HELLO +\& | SSL_EXT_TLS1_2_SERVER_HELLO | SSL_EXT_IGNORE_ON_RESUMPTION +.Ve +.PP +\&\fISSL_CTX_use_serverinfo()\fR does the same thing as \fISSL_CTX_use_serverinfo_ex()\fR +except that there is no \fBversion\fR parameter so a default version of +\&\s-1SSL_SERVERINFOV1\s0 is used instead. +.PP +\&\fISSL_CTX_use_serverinfo_file()\fR loads one or more serverinfo extensions from +\&\fBfile\fR into \fBctx\fR. The extensions must be in \s-1PEM\s0 format. Each extension +must be in a format as described above for \fISSL_CTX_use_serverinfo_ex()\fR. Each +\&\s-1PEM\s0 extension name must begin with the phrase \*(L"\s-1BEGIN\s0 \s-1SERVERINFOV2\s0 \s-1FOR\s0 \*(R" for +\&\s-1SSL_SERVERINFOV2\s0 data or \*(L"\s-1BEGIN\s0 \s-1SERVERINFO\s0 \s-1FOR\s0 \*(R" for \s-1SSL_SERVERINFOV1\s0 data. +.PP +If more than one certificate (\s-1RSA/DSA\s0) is installed using +\&\fISSL_CTX_use_certificate()\fR, the serverinfo extension will be loaded into the +last certificate installed. If e.g. the last item was a \s-1RSA\s0 certificate, the +loaded serverinfo extension data will be loaded for that certificate. To +use the serverinfo extension for multiple certificates, +\&\fISSL_CTX_use_serverinfo()\fR needs to be called multiple times, once \fBafter\fR +each time a certificate is loaded via a call to \fISSL_CTX_use_certificate()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +On success, the functions return 1. +On failure, the functions return 0. Check out the error stack to find out +the reason. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2013\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_SESSION_free.3 b/linux_amd64/ssl/share/man/man3/SSL_SESSION_free.3 new file mode 100755 index 0000000..9d74e53 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_SESSION_free.3 @@ -0,0 +1,208 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_FREE 3" +.TH SSL_SESSION_FREE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_SESSION_new, +SSL_SESSION_dup, +SSL_SESSION_up_ref, +SSL_SESSION_free \- create, free and manage SSL_SESSION structures +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& SSL_SESSION *SSL_SESSION_new(void); +\& SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src); +\& int SSL_SESSION_up_ref(SSL_SESSION *ses); +\& void SSL_SESSION_free(SSL_SESSION *session); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_SESSION_new()\fR creates a new \s-1SSL_SESSION\s0 structure and returns a pointer to +it. +.PP +\&\fISSL_SESSION_dup()\fR copies the contents of the \s-1SSL_SESSION\s0 structure in \fBsrc\fR +and returns a pointer to it. +.PP +\&\fISSL_SESSION_up_ref()\fR increments the reference count on the given \s-1SSL_SESSION\s0 +structure. +.PP +\&\fISSL_SESSION_free()\fR decrements the reference count of \fBsession\fR and removes +the \fB\s-1SSL_SESSION\s0\fR structure pointed to by \fBsession\fR and frees up the allocated +memory, if the reference count has reached 0. +If \fBsession\fR is \s-1NULL\s0 nothing is done. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1SSL_SESSION\s0 objects are allocated, when a \s-1TLS/SSL\s0 handshake operation +is successfully completed. Depending on the settings, see +\&\fISSL_CTX_set_session_cache_mode\fR\|(3), +the \s-1SSL_SESSION\s0 objects are internally referenced by the \s-1SSL_CTX\s0 and +linked into its session cache. \s-1SSL\s0 objects may be using the \s-1SSL_SESSION\s0 object; +as a session may be reused, several \s-1SSL\s0 objects may be using one \s-1SSL_SESSION\s0 +object at the same time. It is therefore crucial to keep the reference +count (usage information) correct and not delete a \s-1SSL_SESSION\s0 object +that is still used, as this may lead to program failures due to +dangling pointers. These failures may also appear delayed, e.g. +when an \s-1SSL_SESSION\s0 object was completely freed as the reference count +incorrectly became 0, but it is still referenced in the internal +session cache and the cache list is processed during a +\&\fISSL_CTX_flush_sessions\fR\|(3) operation. +.PP +\&\fISSL_SESSION_free()\fR must only be called for \s-1SSL_SESSION\s0 objects, for +which the reference count was explicitly incremented (e.g. +by calling \fISSL_get1_session()\fR, see \fISSL_get_session\fR\|(3)) +or when the \s-1SSL_SESSION\s0 object was generated outside a \s-1TLS\s0 handshake +operation, e.g. by using \fId2i_SSL_SESSION\fR\|(3). +It must not be called on other \s-1SSL_SESSION\s0 objects, as this would cause +incorrect reference counts and therefore program failures. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +SSL_SESSION_new returns a pointer to the newly allocated \s-1SSL_SESSION\s0 structure +or \s-1NULL\s0 on error. +.PP +SSL_SESSION_up_ref returns 1 on success or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_get_session\fR\|(3), +\&\fISSL_CTX_set_session_cache_mode\fR\|(3), +\&\fISSL_CTX_flush_sessions\fR\|(3), +\&\fId2i_SSL_SESSION\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fISSL_SESSION_dup()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_SESSION_get0_cipher.3 b/linux_amd64/ssl/share/man/man3/SSL_SESSION_get0_cipher.3 new file mode 100755 index 0000000..df679ca --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_SESSION_get0_cipher.3 @@ -0,0 +1,180 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_GET0_CIPHER 3" +.TH SSL_SESSION_GET0_CIPHER 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_SESSION_get0_cipher, +SSL_SESSION_set_cipher +\&\- set and retrieve the SSL cipher associated with a session +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *s); +\& int SSL_SESSION_set_cipher(SSL_SESSION *s, const SSL_CIPHER *cipher); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_SESSION_get0_cipher()\fR retrieves the cipher that was used by the +connection when the session was created, or \s-1NULL\s0 if it cannot be determined. +.PP +The value returned is a pointer to an object maintained within \fBs\fR and +should not be released. +.PP +\&\fISSL_SESSION_set_cipher()\fR can be used to set the ciphersuite associated with the +\&\s-1SSL_SESSION\s0 \fBs\fR to \fBcipher\fR. For example, this could be used to set up a +session based \s-1PSK\s0 (see \fISSL_CTX_set_psk_use_session_callback\fR\|(3)). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_SESSION_get0_cipher()\fR returns the \s-1SSL_CIPHER\s0 associated with the \s-1SSL_SESSION\s0 +or \s-1NULL\s0 if it cannot be determined. +.PP +\&\fISSL_SESSION_set_cipher()\fR returns 1 on success or 0 on failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fId2i_SSL_SESSION\fR\|(3), +\&\fISSL_SESSION_get_time\fR\|(3), +\&\fISSL_SESSION_get0_hostname\fR\|(3), +\&\fISSL_SESSION_free\fR\|(3), +\&\fISSL_CTX_set_psk_use_session_callback\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fISSL_SESSION_get0_cipher()\fR function was added in OpenSSL 1.1.0. +The \fISSL_SESSION_set_cipher()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_SESSION_get0_hostname.3 b/linux_amd64/ssl/share/man/man3/SSL_SESSION_get0_hostname.3 new file mode 100755 index 0000000..44c19a1 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_SESSION_get0_hostname.3 @@ -0,0 +1,199 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_GET0_HOSTNAME 3" +.TH SSL_SESSION_GET0_HOSTNAME 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_SESSION_get0_hostname, +SSL_SESSION_set1_hostname, +SSL_SESSION_get0_alpn_selected, +SSL_SESSION_set1_alpn_selected +\&\- get and set SNI and ALPN data associated with a session +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s); +\& int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname); +\& +\& void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s, +\& const unsigned char **alpn, +\& size_t *len); +\& int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s, const unsigned char *alpn, +\& size_t len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_SESSION_get0_hostname()\fR retrieves the \s-1SNI\s0 value that was sent by the +client when the session was created if it was accepted by the server and TLSv1.2 +or below was negotiated. Otherwise \s-1NULL\s0 is returned. Note that in TLSv1.3 the +\&\s-1SNI\s0 hostname is negotiated with each handshake including resumption handshakes +and is therefore never associated with the session. +.PP +The value returned is a pointer to memory maintained within \fBs\fR and +should not be free'd. +.PP +\&\fISSL_SESSION_set1_hostname()\fR sets the \s-1SNI\s0 value for the hostname to a copy of +the string provided in hostname. +.PP +\&\fISSL_SESSION_get0_alpn_selected()\fR retrieves the selected \s-1ALPN\s0 protocol for this +session and its associated length in bytes. The returned value of \fB*alpn\fR is a +pointer to memory maintained within \fBs\fR and should not be free'd. +.PP +\&\fISSL_SESSION_set1_alpn_selected()\fR sets the \s-1ALPN\s0 protocol for this session to the +value in \fBalpn\fR which should be of length \fBlen\fR bytes. A copy of the input +value is made, and the caller retains ownership of the memory pointed to by +\&\fBalpn\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_SESSION_get0_hostname()\fR returns either a string or \s-1NULL\s0 based on if there +is the \s-1SNI\s0 value sent by client. +.PP +\&\fISSL_SESSION_set1_hostname()\fR returns 1 on success or 0 on error. +.PP +\&\fISSL_SESSION_set1_alpn_selected()\fR returns 1 on success or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fId2i_SSL_SESSION\fR\|(3), +\&\fISSL_SESSION_get_time\fR\|(3), +\&\fISSL_SESSION_free\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fISSL_SESSION_set1_hostname()\fR, \fISSL_SESSION_get0_alpn_selected()\fR and +\&\fISSL_SESSION_set1_alpn_selected()\fR functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_SESSION_get0_id_context.3 b/linux_amd64/ssl/share/man/man3/SSL_SESSION_get0_id_context.3 new file mode 100755 index 0000000..ff917dc --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_SESSION_get0_id_context.3 @@ -0,0 +1,178 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_GET0_ID_CONTEXT 3" +.TH SSL_SESSION_GET0_ID_CONTEXT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_SESSION_get0_id_context, +SSL_SESSION_set1_id_context +\&\- get and set the SSL ID context associated with a session +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s, +\& unsigned int *len) +\& int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, +\& unsigned int sid_ctx_len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +See \fISSL_CTX_set_session_id_context\fR\|(3) for further details on session \s-1ID\s0 +contexts. +.PP +\&\fISSL_SESSION_get0_id_context()\fR returns the \s-1ID\s0 context associated with +the \s-1SSL/TLS\s0 session \fBs\fR. The length of the \s-1ID\s0 context is written to +\&\fB*len\fR if \fBlen\fR is not \s-1NULL\s0. +.PP +The value returned is a pointer to an object maintained within \fBs\fR and +should not be released. +.PP +\&\fISSL_SESSION_set1_id_context()\fR takes a copy of the provided \s-1ID\s0 context given in +\&\fBsid_ctx\fR and associates it with the session \fBs\fR. The length of the \s-1ID\s0 context +is given by \fBsid_ctx_len\fR which must not exceed \s-1SSL_MAX_SID_CTX_LENGTH\s0 bytes. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_SESSION_set1_id_context()\fR returns 1 on success or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_set_session_id_context\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fISSL_SESSION_get0_id_context()\fR function was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_SESSION_get0_peer.3 b/linux_amd64/ssl/share/man/man3/SSL_SESSION_get0_peer.3 new file mode 100755 index 0000000..eac40e9 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_SESSION_get0_peer.3 @@ -0,0 +1,161 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_GET0_PEER 3" +.TH SSL_SESSION_GET0_PEER 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_SESSION_get0_peer +\&\- get details about peer's certificate for a session +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& X509 *SSL_SESSION_get0_peer(SSL_SESSION *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_SESSION_get0_peer()\fR returns the peer certificate associated with the session +\&\fBs\fR or \s-1NULL\s0 if no peer certificate is available. The caller should not free the +returned value (unless \fIX509_up_ref\fR\|(3) has also been called). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_SESSION_get0_peer()\fR returns a pointer to the peer certificate or \s-1NULL\s0 if +no peer certificate is available. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_SESSION_get_compress_id.3 b/linux_amd64/ssl/share/man/man3/SSL_SESSION_get_compress_id.3 new file mode 100755 index 0000000..3248a21 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_SESSION_get_compress_id.3 @@ -0,0 +1,162 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_GET_COMPRESS_ID 3" +.TH SSL_SESSION_GET_COMPRESS_ID 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_SESSION_get_compress_id +\&\- get details about the compression associated with a session +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +If compression has been negotiated for an ssl session then +\&\fISSL_SESSION_get_compress_id()\fR will return the id for the compression method or +0 otherwise. The only built-in supported compression method is zlib which has an +id of 1. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_SESSION_get_compress_id()\fR returns the id of the compression method or 0 if +none. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_SESSION_get_protocol_version.3 b/linux_amd64/ssl/share/man/man3/SSL_SESSION_get_protocol_version.3 new file mode 100755 index 0000000..361dfe3 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_SESSION_get_protocol_version.3 @@ -0,0 +1,178 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_GET_PROTOCOL_VERSION 3" +.TH SSL_SESSION_GET_PROTOCOL_VERSION 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_SESSION_get_protocol_version, +SSL_SESSION_set_protocol_version +\&\- get and set the session protocol version +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_SESSION_get_protocol_version(const SSL_SESSION *s); +\& int SSL_SESSION_set_protocol_version(SSL_SESSION *s, int version); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_SESSION_get_protocol_version()\fR returns the protocol version number used +by session \fBs\fR. +.PP +\&\fISSL_SESSION_set_protocol_version()\fR sets the protocol version associated with the +\&\s-1SSL_SESSION\s0 object \fBs\fR to the value \fBversion\fR. This value should be a version +constant such as \fB\s-1TLS1_3_VERSION\s0\fR etc. For example, this could be used to set +up a session based \s-1PSK\s0 (see \fISSL_CTX_set_psk_use_session_callback\fR\|(3)). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_SESSION_get_protocol_version()\fR returns a number indicating the protocol +version used for the session; this number matches the constants \fIe.g.\fR +\&\fB\s-1TLS1_VERSION\s0\fR, \fB\s-1TLS1_2_VERSION\s0\fR or \fB\s-1TLS1_3_VERSION\s0\fR. +.PP +Note that the \fISSL_SESSION_get_protocol_version()\fR function +does \fBnot\fR perform a null check on the provided session \fBs\fR pointer. +.PP +\&\fISSL_SESSION_set_protocol_version()\fR returns 1 on success or 0 on failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_CTX_set_psk_use_session_callback\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fISSL_SESSION_get_protocol_version()\fR function was added in OpenSSL 1.1.0. +The \fISSL_SESSION_set_protocol_version()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_SESSION_get_time.3 b/linux_amd64/ssl/share/man/man3/SSL_SESSION_get_time.3 new file mode 100755 index 0000000..a1df60e --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_SESSION_get_time.3 @@ -0,0 +1,198 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_GET_TIME 3" +.TH SSL_SESSION_GET_TIME 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_SESSION_get_time, SSL_SESSION_set_time, SSL_SESSION_get_timeout, +SSL_SESSION_set_timeout, +SSL_get_time, SSL_set_time, SSL_get_timeout, SSL_set_timeout +\&\- retrieve and manipulate session time and timeout settings +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_SESSION_get_time(const SSL_SESSION *s); +\& long SSL_SESSION_set_time(SSL_SESSION *s, long tm); +\& long SSL_SESSION_get_timeout(const SSL_SESSION *s); +\& long SSL_SESSION_set_timeout(SSL_SESSION *s, long tm); +\& +\& long SSL_get_time(const SSL_SESSION *s); +\& long SSL_set_time(SSL_SESSION *s, long tm); +\& long SSL_get_timeout(const SSL_SESSION *s); +\& long SSL_set_timeout(SSL_SESSION *s, long tm); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_SESSION_get_time()\fR returns the time at which the session \fBs\fR was +established. The time is given in seconds since the Epoch and therefore +compatible to the time delivered by the \fItime()\fR call. +.PP +\&\fISSL_SESSION_set_time()\fR replaces the creation time of the session \fBs\fR with +the chosen value \fBtm\fR. +.PP +\&\fISSL_SESSION_get_timeout()\fR returns the timeout value set for session \fBs\fR +in seconds. +.PP +\&\fISSL_SESSION_set_timeout()\fR sets the timeout value for session \fBs\fR in seconds +to \fBtm\fR. +.PP +The \fISSL_get_time()\fR, \fISSL_set_time()\fR, \fISSL_get_timeout()\fR, and \fISSL_set_timeout()\fR +functions are synonyms for the SSL_SESSION_*() counterparts. +.SH "NOTES" +.IX Header "NOTES" +Sessions are expired by examining the creation time and the timeout value. +Both are set at creation time of the session to the actual time and the +default timeout value at creation, respectively, as set by +\&\fISSL_CTX_set_timeout\fR\|(3). +Using these functions it is possible to extend or shorten the lifetime +of the session. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_SESSION_get_time()\fR and \fISSL_SESSION_get_timeout()\fR return the currently +valid values. +.PP +\&\fISSL_SESSION_set_time()\fR and \fISSL_SESSION_set_timeout()\fR return 1 on success. +.PP +If any of the function is passed the \s-1NULL\s0 pointer for the session \fBs\fR, +0 is returned. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_CTX_set_timeout\fR\|(3), +\&\fISSL_get_default_timeout\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_SESSION_has_ticket.3 b/linux_amd64/ssl/share/man/man3/SSL_SESSION_has_ticket.3 new file mode 100755 index 0000000..6790e23 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_SESSION_has_ticket.3 @@ -0,0 +1,181 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_HAS_TICKET 3" +.TH SSL_SESSION_HAS_TICKET 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_SESSION_get0_ticket, +SSL_SESSION_has_ticket, SSL_SESSION_get_ticket_lifetime_hint +\&\- get details about the ticket associated with a session +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_SESSION_has_ticket(const SSL_SESSION *s); +\& unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s); +\& void SSL_SESSION_get0_ticket(const SSL_SESSION *s, const unsigned char **tick, +\& size_t *len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_SESSION_has_ticket()\fR returns 1 if there is a Session Ticket associated with +this session, and 0 otherwise. +.PP +SSL_SESSION_get_ticket_lifetime_hint returns the lifetime hint in seconds +associated with the session ticket. +.PP +SSL_SESSION_get0_ticket obtains a pointer to the ticket associated with a +session. The length of the ticket is written to \fB*len\fR. If \fBtick\fR is non +\&\s-1NULL\s0 then a pointer to the ticket is written to \fB*tick\fR. The pointer is only +valid while the connection is in use. The session (and hence the ticket pointer) +may also become invalid as a result of a call to \fISSL_CTX_flush_sessions()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_SESSION_has_ticket()\fR returns 1 if session ticket exists or 0 otherwise. +.PP +\&\fISSL_SESSION_get_ticket_lifetime_hint()\fR returns the number of seconds. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fId2i_SSL_SESSION\fR\|(3), +\&\fISSL_SESSION_get_time\fR\|(3), +\&\fISSL_SESSION_free\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fISSL_SESSION_has_ticket()\fR, \fISSL_SESSION_get_ticket_lifetime_hint()\fR +and \fISSL_SESSION_get0_ticket()\fR functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_SESSION_is_resumable.3 b/linux_amd64/ssl/share/man/man3/SSL_SESSION_is_resumable.3 new file mode 100755 index 0000000..b478ac1 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_SESSION_is_resumable.3 @@ -0,0 +1,166 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_IS_RESUMABLE 3" +.TH SSL_SESSION_IS_RESUMABLE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_SESSION_is_resumable +\&\- determine whether an SSL_SESSION object can be used for resumption +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_SESSION_is_resumable(const SSL_SESSION *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_SESSION_is_resumable()\fR determines whether an \s-1SSL_SESSION\s0 object can be used +to resume a session or not. Returns 1 if it can or 0 if not. Note that +attempting to resume with a non-resumable session will result in a full +handshake. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_SESSION_is_resumable()\fR returns 1 if the session is resumable or 0 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_get_session\fR\|(3), +\&\fISSL_CTX_sess_set_new_cb\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fISSL_SESSION_is_resumable()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_SESSION_print.3 b/linux_amd64/ssl/share/man/man3/SSL_SESSION_print.3 new file mode 100755 index 0000000..09f0c9f --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_SESSION_print.3 @@ -0,0 +1,170 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_PRINT 3" +.TH SSL_SESSION_PRINT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_SESSION_print, +SSL_SESSION_print_fp, +SSL_SESSION_print_keylog +\&\- printf information about a session +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses); +\& int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses); +\& int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_SESSION_print()\fR prints summary information about the session provided in +\&\fBses\fR to the \s-1BIO\s0 \fBfp\fR. +.PP +\&\fISSL_SESSION_print_fp()\fR does the same as \fISSL_SESSION_print()\fR except it prints it +to the \s-1FILE\s0 \fBfp\fR. +.PP +\&\fISSL_SESSION_print_keylog()\fR prints session information to the provided \s-1BIO\s0 +in \s-1NSS\s0 keylog format. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_SESSION_print()\fR, \fISSL_SESSION_print_fp()\fR and SSL_SESSION_print_keylog return +1 on success or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_SESSION_set1_id.3 b/linux_amd64/ssl/share/man/man3/SSL_SESSION_set1_id.3 new file mode 100755 index 0000000..dba81c8 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_SESSION_set1_id.3 @@ -0,0 +1,172 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_SET1_ID 3" +.TH SSL_SESSION_SET1_ID 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_SESSION_get_id, +SSL_SESSION_set1_id +\&\- get and set the SSL session ID +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, +\& unsigned int *len) +\& int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid, +\& unsigned int sid_len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_SESSION_get_id()\fR returns a pointer to the internal session id value for the +session \fBs\fR. The length of the id in bytes is stored in \fB*len\fR. The length may +be 0. The caller should not free the returned pointer directly. +.PP +\&\fISSL_SESSION_set1_id()\fR sets the session \s-1ID\s0 for the \fBssl\fR \s-1SSL/TLS\s0 session +to \fBsid\fR of length \fBsid_len\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_SESSION_get_id()\fR returns a pointer to the session id value. +\&\fISSL_SESSION_set1_id()\fR returns 1 for success and 0 for failure, for example +if the supplied session \s-1ID\s0 length exceeds \fB\s-1SSL_MAX_SSL_SESSION_ID_LENGTH\s0\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \fISSL_SESSION_set1_id()\fR function was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_accept.3 b/linux_amd64/ssl/share/man/man3/SSL_accept.3 new file mode 100755 index 0000000..7bfa12a --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_accept.3 @@ -0,0 +1,196 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_ACCEPT 3" +.TH SSL_ACCEPT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_accept \- wait for a TLS/SSL client to initiate a TLS/SSL handshake +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_accept(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_accept()\fR waits for a \s-1TLS/SSL\s0 client to initiate the \s-1TLS/SSL\s0 handshake. +The communication channel must already have been set and assigned to the +\&\fBssl\fR by setting an underlying \fB\s-1BIO\s0\fR. +.SH "NOTES" +.IX Header "NOTES" +The behaviour of \fISSL_accept()\fR depends on the underlying \s-1BIO\s0. +.PP +If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_accept()\fR will only return once the +handshake has been finished or an error occurred. +.PP +If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fISSL_accept()\fR will also return +when the underlying \s-1BIO\s0 could not satisfy the needs of \fISSL_accept()\fR +to continue the handshake, indicating the problem by the return value \-1. +In this case a call to \fISSL_get_error()\fR with the +return value of \fISSL_accept()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or +\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after +taking appropriate action to satisfy the needs of \fISSL_accept()\fR. +The action depends on the underlying \s-1BIO\s0. When using a non-blocking socket, +nothing is to be done, but \fIselect()\fR can be used to check for the required +condition. When using a buffering \s-1BIO\s0, like a \s-1BIO\s0 pair, data must be written +into or retrieved out of the \s-1BIO\s0 before being able to continue. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "0" 4 +The \s-1TLS/SSL\s0 handshake was not successful but was shut down controlled and +by the specifications of the \s-1TLS/SSL\s0 protocol. Call \fISSL_get_error()\fR with the +return value \fBret\fR to find out the reason. +.IP "1" 4 +.IX Item "1" +The \s-1TLS/SSL\s0 handshake was successfully completed, a \s-1TLS/SSL\s0 connection has been +established. +.IP "<0" 4 +.IX Item "<0" +The \s-1TLS/SSL\s0 handshake was not successful because a fatal error occurred either +at the protocol level or a connection failure occurred. The shutdown was +not clean. It can also occur of action is need to continue the operation +for non-blocking BIOs. Call \fISSL_get_error()\fR with the return value \fBret\fR +to find out the reason. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fISSL_get_error\fR\|(3), \fISSL_connect\fR\|(3), +\&\fISSL_shutdown\fR\|(3), \fIssl\fR\|(7), \fIbio\fR\|(7), +\&\fISSL_set_connect_state\fR\|(3), +\&\fISSL_do_handshake\fR\|(3), +\&\fISSL_CTX_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_alert_type_string.3 b/linux_amd64/ssl/share/man/man3/SSL_alert_type_string.3 new file mode 100755 index 0000000..563e36f --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_alert_type_string.3 @@ -0,0 +1,360 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_ALERT_TYPE_STRING 3" +.TH SSL_ALERT_TYPE_STRING 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_alert_type_string, SSL_alert_type_string_long, SSL_alert_desc_string, SSL_alert_desc_string_long \- get textual description of alert information +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const char *SSL_alert_type_string(int value); +\& const char *SSL_alert_type_string_long(int value); +\& +\& const char *SSL_alert_desc_string(int value); +\& const char *SSL_alert_desc_string_long(int value); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_alert_type_string()\fR returns a one letter string indicating the +type of the alert specified by \fBvalue\fR. +.PP +\&\fISSL_alert_type_string_long()\fR returns a string indicating the type of the alert +specified by \fBvalue\fR. +.PP +\&\fISSL_alert_desc_string()\fR returns a two letter string as a short form +describing the reason of the alert specified by \fBvalue\fR. +.PP +\&\fISSL_alert_desc_string_long()\fR returns a string describing the reason +of the alert specified by \fBvalue\fR. +.SH "NOTES" +.IX Header "NOTES" +When one side of an \s-1SSL/TLS\s0 communication wants to inform the peer about +a special situation, it sends an alert. The alert is sent as a special message +and does not influence the normal data stream (unless its contents results +in the communication being canceled). +.PP +A warning alert is sent, when a non-fatal error condition occurs. The +\&\*(L"close notify\*(R" alert is sent as a warning alert. Other examples for +non-fatal errors are certificate errors (\*(L"certificate expired\*(R", +\&\*(L"unsupported certificate\*(R"), for which a warning alert may be sent. +(The sending party may however decide to send a fatal error.) The +receiving side may cancel the connection on reception of a warning +alert on it discretion. +.PP +Several alert messages must be sent as fatal alert messages as specified +by the \s-1TLS\s0 \s-1RFC\s0. A fatal alert always leads to a connection abort. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following strings can occur for \fISSL_alert_type_string()\fR or +\&\fISSL_alert_type_string_long()\fR: +.ie n .IP """W""/""warning""" 4 +.el .IP "``W''/``warning''" 4 +.IX Item "W/warning" +.PD 0 +.ie n .IP """F""/""fatal""" 4 +.el .IP "``F''/``fatal''" 4 +.IX Item "F/fatal" +.ie n .IP """U""/""unknown""" 4 +.el .IP "``U''/``unknown''" 4 +.IX Item "U/unknown" +.PD +This indicates that no support is available for this alert type. +Probably \fBvalue\fR does not contain a correct alert message. +.PP +The following strings can occur for \fISSL_alert_desc_string()\fR or +\&\fISSL_alert_desc_string_long()\fR: +.ie n .IP """\s-1CN\s0""/""close notify""" 4 +.el .IP "``\s-1CN\s0''/``close notify''" 4 +.IX Item "CN/close notify" +The connection shall be closed. This is a warning alert. +.ie n .IP """\s-1UM\s0""/""unexpected message""" 4 +.el .IP "``\s-1UM\s0''/``unexpected message''" 4 +.IX Item "UM/unexpected message" +An inappropriate message was received. This alert is always fatal +and should never be observed in communication between proper +implementations. +.ie n .IP """\s-1BM\s0""/""bad record mac""" 4 +.el .IP "``\s-1BM\s0''/``bad record mac''" 4 +.IX Item "BM/bad record mac" +This alert is returned if a record is received with an incorrect +\&\s-1MAC\s0. This message is always fatal. +.ie n .IP """\s-1DF\s0""/""decompression failure""" 4 +.el .IP "``\s-1DF\s0''/``decompression failure''" 4 +.IX Item "DF/decompression failure" +The decompression function received improper input (e.g. data +that would expand to excessive length). This message is always +fatal. +.ie n .IP """\s-1HF\s0""/""handshake failure""" 4 +.el .IP "``\s-1HF\s0''/``handshake failure''" 4 +.IX Item "HF/handshake failure" +Reception of a handshake_failure alert message indicates that the +sender was unable to negotiate an acceptable set of security +parameters given the options available. This is a fatal error. +.ie n .IP """\s-1NC\s0""/""no certificate""" 4 +.el .IP "``\s-1NC\s0''/``no certificate''" 4 +.IX Item "NC/no certificate" +A client, that was asked to send a certificate, does not send a certificate +(SSLv3 only). +.ie n .IP """\s-1BC\s0""/""bad certificate""" 4 +.el .IP "``\s-1BC\s0''/``bad certificate''" 4 +.IX Item "BC/bad certificate" +A certificate was corrupt, contained signatures that did not +verify correctly, etc +.ie n .IP """\s-1UC\s0""/""unsupported certificate""" 4 +.el .IP "``\s-1UC\s0''/``unsupported certificate''" 4 +.IX Item "UC/unsupported certificate" +A certificate was of an unsupported type. +.ie n .IP """\s-1CR\s0""/""certificate revoked""" 4 +.el .IP "``\s-1CR\s0''/``certificate revoked''" 4 +.IX Item "CR/certificate revoked" +A certificate was revoked by its signer. +.ie n .IP """\s-1CE\s0""/""certificate expired""" 4 +.el .IP "``\s-1CE\s0''/``certificate expired''" 4 +.IX Item "CE/certificate expired" +A certificate has expired or is not currently valid. +.ie n .IP """\s-1CU\s0""/""certificate unknown""" 4 +.el .IP "``\s-1CU\s0''/``certificate unknown''" 4 +.IX Item "CU/certificate unknown" +Some other (unspecified) issue arose in processing the +certificate, rendering it unacceptable. +.ie n .IP """\s-1IP\s0""/""illegal parameter""" 4 +.el .IP "``\s-1IP\s0''/``illegal parameter''" 4 +.IX Item "IP/illegal parameter" +A field in the handshake was out of range or inconsistent with +other fields. This is always fatal. +.ie n .IP """\s-1DC\s0""/""decryption failed""" 4 +.el .IP "``\s-1DC\s0''/``decryption failed''" 4 +.IX Item "DC/decryption failed" +A TLSCiphertext decrypted in an invalid way: either it wasn't an +even multiple of the block length or its padding values, when +checked, weren't correct. This message is always fatal. +.ie n .IP """\s-1RO\s0""/""record overflow""" 4 +.el .IP "``\s-1RO\s0''/``record overflow''" 4 +.IX Item "RO/record overflow" +A TLSCiphertext record was received which had a length more than +2^14+2048 bytes, or a record decrypted to a TLSCompressed record +with more than 2^14+1024 bytes. This message is always fatal. +.ie n .IP """\s-1CA\s0""/""unknown \s-1CA\s0""" 4 +.el .IP "``\s-1CA\s0''/``unknown \s-1CA\s0''" 4 +.IX Item "CA/unknown CA" +A valid certificate chain or partial chain was received, but the +certificate was not accepted because the \s-1CA\s0 certificate could not +be located or couldn't be matched with a known, trusted \s-1CA\s0. This +message is always fatal. +.ie n .IP """\s-1AD\s0""/""access denied""" 4 +.el .IP "``\s-1AD\s0''/``access denied''" 4 +.IX Item "AD/access denied" +A valid certificate was received, but when access control was +applied, the sender decided not to proceed with negotiation. +This message is always fatal. +.ie n .IP """\s-1DE\s0""/""decode error""" 4 +.el .IP "``\s-1DE\s0''/``decode error''" 4 +.IX Item "DE/decode error" +A message could not be decoded because some field was out of the +specified range or the length of the message was incorrect. This +message is always fatal. +.ie n .IP """\s-1CY\s0""/""decrypt error""" 4 +.el .IP "``\s-1CY\s0''/``decrypt error''" 4 +.IX Item "CY/decrypt error" +A handshake cryptographic operation failed, including being +unable to correctly verify a signature, decrypt a key exchange, +or validate a finished message. +.ie n .IP """\s-1ER\s0""/""export restriction""" 4 +.el .IP "``\s-1ER\s0''/``export restriction''" 4 +.IX Item "ER/export restriction" +A negotiation not in compliance with export restrictions was +detected; for example, attempting to transfer a 1024 bit +ephemeral \s-1RSA\s0 key for the \s-1RSA_EXPORT\s0 handshake method. This +message is always fatal. +.ie n .IP """\s-1PV\s0""/""protocol version""" 4 +.el .IP "``\s-1PV\s0''/``protocol version''" 4 +.IX Item "PV/protocol version" +The protocol version the client has attempted to negotiate is +recognized, but not supported. (For example, old protocol +versions might be avoided for security reasons). This message is +always fatal. +.ie n .IP """\s-1IS\s0""/""insufficient security""" 4 +.el .IP "``\s-1IS\s0''/``insufficient security''" 4 +.IX Item "IS/insufficient security" +Returned instead of handshake_failure when a negotiation has +failed specifically because the server requires ciphers more +secure than those supported by the client. This message is always +fatal. +.ie n .IP """\s-1IE\s0""/""internal error""" 4 +.el .IP "``\s-1IE\s0''/``internal error''" 4 +.IX Item "IE/internal error" +An internal error unrelated to the peer or the correctness of the +protocol makes it impossible to continue (such as a memory +allocation failure). This message is always fatal. +.ie n .IP """\s-1US\s0""/""user canceled""" 4 +.el .IP "``\s-1US\s0''/``user canceled''" 4 +.IX Item "US/user canceled" +This handshake is being canceled for some reason unrelated to a +protocol failure. If the user cancels an operation after the +handshake is complete, just closing the connection by sending a +close_notify is more appropriate. This alert should be followed +by a close_notify. This message is generally a warning. +.ie n .IP """\s-1NR\s0""/""no renegotiation""" 4 +.el .IP "``\s-1NR\s0''/``no renegotiation''" 4 +.IX Item "NR/no renegotiation" +Sent by the client in response to a hello request or by the +server in response to a client hello after initial handshaking. +Either of these would normally lead to renegotiation; when that +is not appropriate, the recipient should respond with this alert; +at that point, the original requester can decide whether to +proceed with the connection. One case where this would be +appropriate would be where a server has spawned a process to +satisfy a request; the process might receive security parameters +(key length, authentication, etc.) at startup and it might be +difficult to communicate changes to these parameters after that +point. This message is always a warning. +.ie n .IP """\s-1UP\s0""/""unknown \s-1PSK\s0 identity""" 4 +.el .IP "``\s-1UP\s0''/``unknown \s-1PSK\s0 identity''" 4 +.IX Item "UP/unknown PSK identity" +Sent by the server to indicate that it does not recognize a \s-1PSK\s0 +identity or an \s-1SRP\s0 identity. +.ie n .IP """\s-1UK\s0""/""unknown""" 4 +.el .IP "``\s-1UK\s0''/``unknown''" 4 +.IX Item "UK/unknown" +This indicates that no description is available for this alert type. +Probably \fBvalue\fR does not contain a correct alert message. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_CTX_set_info_callback\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_alloc_buffers.3 b/linux_amd64/ssl/share/man/man3/SSL_alloc_buffers.3 new file mode 100755 index 0000000..b3f3f6f --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_alloc_buffers.3 @@ -0,0 +1,185 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_ALLOC_BUFFERS 3" +.TH SSL_ALLOC_BUFFERS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_free_buffers, SSL_alloc_buffers \- manage SSL structure buffers +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_free_buffers(SSL *ssl); +\& int SSL_alloc_buffers(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_free_buffers()\fR frees the read and write buffers of the given \fBssl\fR. +\&\fISSL_alloc_buffers()\fR allocates the read and write buffers of the given \fBssl\fR. +.PP +The \fB\s-1SSL_MODE_RELEASE_BUFFERS\s0\fR mode releases read or write buffers whenever +the buffers have been drained. These functions allow applications to manually +control when buffers are freed and allocated. +.PP +After freeing the buffers, the buffers are automatically reallocated upon a +new read or write. The \fISSL_alloc_buffers()\fR does not need to be called, but +can be used to make sure the buffers are pre-allocated. This can be used to +avoid allocation during data processing or with \fICRYPTO_set_mem_functions()\fR +to control where and how buffers are allocated. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "0 (Failure)" 4 +.IX Item "0 (Failure)" +The \fISSL_free_buffers()\fR function returns 0 when there is pending data to be +read or written. The \fISSL_alloc_buffers()\fR function returns 0 when there is +an allocation failure. +.IP "1 (Success)" 4 +.IX Item "1 (Success)" +The \fISSL_free_buffers()\fR function returns 1 if the buffers have been freed. This +value is also returned if the buffers had been freed before calling +\&\fISSL_free_buffers()\fR. +The \fISSL_alloc_buffers()\fR function returns 1 if the buffers have been allocated. +This value is also returned if the buffers had been allocated before calling +\&\fISSL_alloc_buffers()\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_free\fR\|(3), \fISSL_clear\fR\|(3), +\&\fISSL_new\fR\|(3), \fISSL_CTX_set_mode\fR\|(3), +\&\fICRYPTO_set_mem_functions\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_check_chain.3 b/linux_amd64/ssl/share/man/man3/SSL_check_chain.3 new file mode 100755 index 0000000..50a242d --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_check_chain.3 @@ -0,0 +1,216 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CHECK_CHAIN 3" +.TH SSL_CHECK_CHAIN 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_check_chain \- check certificate chain suitability +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_check_chain()\fR checks whether certificate \fBx\fR, private key \fBpk\fR and +certificate chain \fBchain\fR is suitable for use with the current session +\&\fBs\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_check_chain()\fR returns a bitmap of flags indicating the validity of the +chain. +.PP +\&\fB\s-1CERT_PKEY_VALID\s0\fR: the chain can be used with the current session. +If this flag is \fBnot\fR set then the certificate will never be used even +if the application tries to set it because it is inconsistent with the +peer preferences. +.PP +\&\fB\s-1CERT_PKEY_SIGN\s0\fR: the \s-1EE\s0 key can be used for signing. +.PP +\&\fB\s-1CERT_PKEY_EE_SIGNATURE\s0\fR: the signature algorithm of the \s-1EE\s0 certificate is +acceptable. +.PP +\&\fB\s-1CERT_PKEY_CA_SIGNATURE\s0\fR: the signature algorithms of all \s-1CA\s0 certificates +are acceptable. +.PP +\&\fB\s-1CERT_PKEY_EE_PARAM\s0\fR: the parameters of the end entity certificate are +acceptable (e.g. it is a supported curve). +.PP +\&\fB\s-1CERT_PKEY_CA_PARAM\s0\fR: the parameters of all \s-1CA\s0 certificates are acceptable. +.PP +\&\fB\s-1CERT_PKEY_EXPLICIT_SIGN\s0\fR: the end entity certificate algorithm +can be used explicitly for signing (i.e. it is mentioned in the signature +algorithms extension). +.PP +\&\fB\s-1CERT_PKEY_ISSUER_NAME\s0\fR: the issuer name is acceptable. This is only +meaningful for client authentication. +.PP +\&\fB\s-1CERT_PKEY_CERT_TYPE\s0\fR: the certificate type is acceptable. Only meaningful +for client authentication. +.PP +\&\fB\s-1CERT_PKEY_SUITEB\s0\fR: chain is suitable for Suite B use. +.SH "NOTES" +.IX Header "NOTES" +\&\fISSL_check_chain()\fR must be called in servers after a client hello message or in +clients after a certificate request message. It will typically be called +in the certificate callback. +.PP +An application wishing to support multiple certificate chains may call this +function on each chain in turn: starting with the one it considers the +most secure. It could then use the chain of the first set which returns +suitable flags. +.PP +As a minimum the flag \fB\s-1CERT_PKEY_VALID\s0\fR must be set for a chain to be +usable. An application supporting multiple chains with different \s-1CA\s0 signature +algorithms may also wish to check \fB\s-1CERT_PKEY_CA_SIGNATURE\s0\fR too. If no +chain is suitable a server should fall back to the most secure chain which +sets \fB\s-1CERT_PKEY_VALID\s0\fR. +.PP +The validity of a chain is determined by checking if it matches a supported +signature algorithm, supported curves and in the case of client authentication +certificate types and issuer names. +.PP +Since the supported signature algorithms extension is only used in \s-1TLS\s0 1.2, +\&\s-1TLS\s0 1.3 and \s-1DTLS\s0 1.2 the results for earlier versions of \s-1TLS\s0 and \s-1DTLS\s0 may not +be very useful. Applications may wish to specify a different \*(L"legacy\*(R" chain +for earlier versions of \s-1TLS\s0 or \s-1DTLS\s0. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fISSL_CTX_set_cert_cb\fR\|(3), +\&\fIssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_clear.3 b/linux_amd64/ssl/share/man/man3/SSL_clear.3 new file mode 100755 index 0000000..0907517 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_clear.3 @@ -0,0 +1,199 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CLEAR 3" +.TH SSL_CLEAR 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_clear \- reset SSL object to allow another connection +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_clear(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Reset \fBssl\fR to allow another connection. All settings (method, ciphers, +BIOs) are kept. +.SH "NOTES" +.IX Header "NOTES" +SSL_clear is used to prepare an \s-1SSL\s0 object for a new connection. While all +settings are kept, a side effect is the handling of the current \s-1SSL\s0 session. +If a session is still \fBopen\fR, it is considered bad and will be removed +from the session cache, as required by \s-1RFC2246\s0. A session is considered open, +if \fISSL_shutdown\fR\|(3) was not called for the connection +or at least \fISSL_set_shutdown\fR\|(3) was used to +set the \s-1SSL_SENT_SHUTDOWN\s0 state. +.PP +If a session was closed cleanly, the session object will be kept and all +settings corresponding. This explicitly means, that e.g. the special method +used during the session will be kept for the next handshake. So if the +session was a TLSv1 session, a \s-1SSL\s0 client object will use a TLSv1 client +method for the next handshake and a \s-1SSL\s0 server object will use a TLSv1 +server method, even if TLS_*_methods were chosen on startup. This +will might lead to connection failures (see \fISSL_new\fR\|(3)) +for a description of the method's properties. +.SH "WARNINGS" +.IX Header "WARNINGS" +\&\fISSL_clear()\fR resets the \s-1SSL\s0 object to allow for another connection. The +reset operation however keeps several settings of the last sessions +(some of these settings were made automatically during the last +handshake). It only makes sense for a new connection with the exact +same peer that shares these settings, and may fail if that peer +changes its settings between connections. Use the sequence +\&\fISSL_get_session\fR\|(3); +\&\fISSL_new\fR\|(3); +\&\fISSL_set_session\fR\|(3); +\&\fISSL_free\fR\|(3) +instead to avoid such failures +(or simply \fISSL_free\fR\|(3); \fISSL_new\fR\|(3) +if session reuse is not desired). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "0" 4 +The \fISSL_clear()\fR operation could not be performed. Check the error stack to +find out the reason. +.IP "1" 4 +.IX Item "1" +The \fISSL_clear()\fR operation was successful. +.PP +\&\fISSL_new\fR\|(3), \fISSL_free\fR\|(3), +\&\fISSL_shutdown\fR\|(3), \fISSL_set_shutdown\fR\|(3), +\&\fISSL_CTX_set_options\fR\|(3), \fIssl\fR\|(7), +\&\fISSL_CTX_set_client_cert_cb\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_connect.3 b/linux_amd64/ssl/share/man/man3/SSL_connect.3 new file mode 100755 index 0000000..7bc4d30 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_connect.3 @@ -0,0 +1,211 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CONNECT 3" +.TH SSL_CONNECT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_connect \- initiate the TLS/SSL handshake with an TLS/SSL server +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_connect(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_connect()\fR initiates the \s-1TLS/SSL\s0 handshake with a server. The communication +channel must already have been set and assigned to the \fBssl\fR by setting an +underlying \fB\s-1BIO\s0\fR. +.SH "NOTES" +.IX Header "NOTES" +The behaviour of \fISSL_connect()\fR depends on the underlying \s-1BIO\s0. +.PP +If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_connect()\fR will only return once the +handshake has been finished or an error occurred. +.PP +If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fISSL_connect()\fR will also return +when the underlying \s-1BIO\s0 could not satisfy the needs of \fISSL_connect()\fR +to continue the handshake, indicating the problem by the return value \-1. +In this case a call to \fISSL_get_error()\fR with the +return value of \fISSL_connect()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or +\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after +taking appropriate action to satisfy the needs of \fISSL_connect()\fR. +The action depends on the underlying \s-1BIO\s0. When using a non-blocking socket, +nothing is to be done, but \fIselect()\fR can be used to check for the required +condition. When using a buffering \s-1BIO\s0, like a \s-1BIO\s0 pair, data must be written +into or retrieved out of the \s-1BIO\s0 before being able to continue. +.PP +Many systems implement Nagle's algorithm by default which means that it will +buffer outgoing \s-1TCP\s0 data if a \s-1TCP\s0 packet has already been sent for which no +corresponding \s-1ACK\s0 has been received yet from the peer. This can have performance +impacts after a successful TLSv1.3 handshake or a successful TLSv1.2 (or below) +resumption handshake, because the last peer to communicate in the handshake is +the client. If the client is also the first to send application data (as is +typical for many protocols) then this data could be buffered until an \s-1ACK\s0 has +been received for the final handshake message. +.PP +The \fB\s-1TCP_NODELAY\s0\fR socket option is often available to disable Nagle's +algorithm. If an application opts to disable Nagle's algorithm consideration +should be given to turning it back on again later if appropriate. The helper +function \fIBIO_set_tcp_ndelay()\fR can be used to turn on or off the \fB\s-1TCP_NODELAY\s0\fR +option. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "0" 4 +The \s-1TLS/SSL\s0 handshake was not successful but was shut down controlled and +by the specifications of the \s-1TLS/SSL\s0 protocol. Call \fISSL_get_error()\fR with the +return value \fBret\fR to find out the reason. +.IP "1" 4 +.IX Item "1" +The \s-1TLS/SSL\s0 handshake was successfully completed, a \s-1TLS/SSL\s0 connection has been +established. +.IP "<0" 4 +.IX Item "<0" +The \s-1TLS/SSL\s0 handshake was not successful, because a fatal error occurred either +at the protocol level or a connection failure occurred. The shutdown was +not clean. It can also occur of action is need to continue the operation +for non-blocking BIOs. Call \fISSL_get_error()\fR with the return value \fBret\fR +to find out the reason. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fISSL_get_error\fR\|(3), \fISSL_accept\fR\|(3), +\&\fISSL_shutdown\fR\|(3), \fIssl\fR\|(7), \fIbio\fR\|(7), +\&\fISSL_set_connect_state\fR\|(3), +\&\fISSL_do_handshake\fR\|(3), +\&\fISSL_CTX_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_do_handshake.3 b/linux_amd64/ssl/share/man/man3/SSL_do_handshake.3 new file mode 100755 index 0000000..8644a1c --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_do_handshake.3 @@ -0,0 +1,195 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_DO_HANDSHAKE 3" +.TH SSL_DO_HANDSHAKE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_do_handshake \- perform a TLS/SSL handshake +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_do_handshake(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_do_handshake()\fR will wait for a \s-1SSL/TLS\s0 handshake to take place. If the +connection is in client mode, the handshake will be started. The handshake +routines may have to be explicitly set in advance using either +\&\fISSL_set_connect_state\fR\|(3) or +\&\fISSL_set_accept_state\fR\|(3). +.SH "NOTES" +.IX Header "NOTES" +The behaviour of \fISSL_do_handshake()\fR depends on the underlying \s-1BIO\s0. +.PP +If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_do_handshake()\fR will only return +once the handshake has been finished or an error occurred. +.PP +If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fISSL_do_handshake()\fR will also return +when the underlying \s-1BIO\s0 could not satisfy the needs of \fISSL_do_handshake()\fR +to continue the handshake. In this case a call to \fISSL_get_error()\fR with the +return value of \fISSL_do_handshake()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or +\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after +taking appropriate action to satisfy the needs of \fISSL_do_handshake()\fR. +The action depends on the underlying \s-1BIO\s0. When using a non-blocking socket, +nothing is to be done, but \fIselect()\fR can be used to check for the required +condition. When using a buffering \s-1BIO\s0, like a \s-1BIO\s0 pair, data must be written +into or retrieved out of the \s-1BIO\s0 before being able to continue. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "0" 4 +The \s-1TLS/SSL\s0 handshake was not successful but was shut down controlled and +by the specifications of the \s-1TLS/SSL\s0 protocol. Call \fISSL_get_error()\fR with the +return value \fBret\fR to find out the reason. +.IP "1" 4 +.IX Item "1" +The \s-1TLS/SSL\s0 handshake was successfully completed, a \s-1TLS/SSL\s0 connection has been +established. +.IP "<0" 4 +.IX Item "<0" +The \s-1TLS/SSL\s0 handshake was not successful because a fatal error occurred either +at the protocol level or a connection failure occurred. The shutdown was +not clean. It can also occur of action is need to continue the operation +for non-blocking BIOs. Call \fISSL_get_error()\fR with the return value \fBret\fR +to find out the reason. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fISSL_get_error\fR\|(3), \fISSL_connect\fR\|(3), +\&\fISSL_accept\fR\|(3), \fIssl\fR\|(7), \fIbio\fR\|(7), +\&\fISSL_set_connect_state\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_export_keying_material.3 b/linux_amd64/ssl/share/man/man3/SSL_export_keying_material.3 new file mode 100755 index 0000000..c4ae0a3 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_export_keying_material.3 @@ -0,0 +1,213 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_EXPORT_KEYING_MATERIAL 3" +.TH SSL_EXPORT_KEYING_MATERIAL 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_export_keying_material, +SSL_export_keying_material_early +\&\- obtain keying material for application use +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, +\& const char *label, size_t llen, +\& const unsigned char *context, +\& size_t contextlen, int use_context); +\& +\& int SSL_export_keying_material_early(SSL *s, unsigned char *out, size_t olen, +\& const char *label, size_t llen, +\& const unsigned char *context, +\& size_t contextlen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +During the creation of a \s-1TLS\s0 or \s-1DTLS\s0 connection shared keying material is +established between the two endpoints. The functions +\&\fISSL_export_keying_material()\fR and \fISSL_export_keying_material_early()\fR enable an +application to use some of this keying material for its own purposes in +accordance with \s-1RFC5705\s0 (for TLSv1.2 and below) or \s-1RFC8446\s0 (for TLSv1.3). +.PP +\&\fISSL_export_keying_material()\fR derives keying material using +the \fIexporter_master_secret\fR established in the handshake. +.PP +\&\fISSL_export_keying_material_early()\fR is only usable with TLSv1.3, and derives +keying material using the \fIearly_exporter_master_secret\fR (as defined in the +\&\s-1TLS\s0 1.3 \s-1RFC\s0). For the client, the \fIearly_exporter_master_secret\fR is only +available when the client attempts to send 0\-RTT data. For the server, it is +only available when the server accepts 0\-RTT data. +.PP +An application may need to securely establish the context within which this +keying material will be used. For example this may include identifiers for the +application session, application algorithms or parameters, or the lifetime of +the context. The context value is left to the application but must be the same +on both sides of the communication. +.PP +For a given \s-1SSL\s0 connection \fBs\fR, \fBolen\fR bytes of data will be written to +\&\fBout\fR. The application specific context should be supplied in the location +pointed to by \fBcontext\fR and should be \fBcontextlen\fR bytes long. Provision of +a context is optional. If the context should be omitted entirely then +\&\fBuse_context\fR should be set to 0. Otherwise it should be any other value. If +\&\fBuse_context\fR is 0 then the values of \fBcontext\fR and \fBcontextlen\fR are ignored. +Note that in TLSv1.2 and below a zero length context is treated differently from +no context at all, and will result in different keying material being returned. +In TLSv1.3 a zero length context is that same as no context at all and will +result in the same keying material being returned. +.PP +An application specific label should be provided in the location pointed to by +\&\fBlabel\fR and should be \fBllen\fR bytes long. Typically this will be a value from +the \s-1IANA\s0 Exporter Label Registry +(https://www.iana.org/assignments/tls\-parameters/tls\-parameters.xhtml#exporter\-labels ). +Alternatively labels beginning with \*(L"\s-1EXPERIMENTAL\s0\*(R" are permitted by the standard +to be used without registration. TLSv1.3 imposes a maximum label length of +249 bytes. +.PP +Note that this function is only defined for TLSv1.0 and above, and DTLSv1.0 and +above. Attempting to use it in SSLv3 will result in an error. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_export_keying_material()\fR returns 0 or \-1 on failure or 1 on success. +.PP +\&\fISSL_export_keying_material_early()\fR returns 0 on failure or 1 on success. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \fISSL_export_keying_material_early()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_extension_supported.3 b/linux_amd64/ssl/share/man/man3/SSL_extension_supported.3 new file mode 100755 index 0000000..f38a814 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_extension_supported.3 @@ -0,0 +1,400 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_EXTENSION_SUPPORTED 3" +.TH SSL_EXTENSION_SUPPORTED 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_extension_supported, +SSL_custom_ext_add_cb_ex, +SSL_custom_ext_free_cb_ex, +SSL_custom_ext_parse_cb_ex, +SSL_CTX_add_custom_ext, +SSL_CTX_add_client_custom_ext, SSL_CTX_add_server_custom_ext, +custom_ext_add_cb, custom_ext_free_cb, custom_ext_parse_cb +\&\- custom TLS extension handling +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef int (*SSL_custom_ext_add_cb_ex)(SSL *s, unsigned int ext_type, +\& unsigned int context, +\& const unsigned char **out, +\& size_t *outlen, X509 *x, +\& size_t chainidx, int *al, +\& void *add_arg); +\& +\& typedef void (*SSL_custom_ext_free_cb_ex)(SSL *s, unsigned int ext_type, +\& unsigned int context, +\& const unsigned char *out, +\& void *add_arg); +\& +\& typedef int (*SSL_custom_ext_parse_cb_ex)(SSL *s, unsigned int ext_type, +\& unsigned int context, +\& const unsigned char *in, +\& size_t inlen, X509 *x, +\& size_t chainidx, int *al, +\& void *parse_arg); +\& +\& int SSL_CTX_add_custom_ext(SSL_CTX *ctx, unsigned int ext_type, +\& unsigned int context, +\& SSL_custom_ext_add_cb_ex add_cb, +\& SSL_custom_ext_free_cb_ex free_cb, +\& void *add_arg, +\& SSL_custom_ext_parse_cb_ex parse_cb, +\& void *parse_arg); +\& +\& typedef int (*custom_ext_add_cb)(SSL *s, unsigned int ext_type, +\& const unsigned char **out, +\& size_t *outlen, int *al, +\& void *add_arg); +\& +\& typedef void (*custom_ext_free_cb)(SSL *s, unsigned int ext_type, +\& const unsigned char *out, +\& void *add_arg); +\& +\& typedef int (*custom_ext_parse_cb)(SSL *s, unsigned int ext_type, +\& const unsigned char *in, +\& size_t inlen, int *al, +\& void *parse_arg); +\& +\& int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type, +\& custom_ext_add_cb add_cb, +\& custom_ext_free_cb free_cb, void *add_arg, +\& custom_ext_parse_cb parse_cb, +\& void *parse_arg); +\& +\& int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type, +\& custom_ext_add_cb add_cb, +\& custom_ext_free_cb free_cb, void *add_arg, +\& custom_ext_parse_cb parse_cb, +\& void *parse_arg); +\& +\& int SSL_extension_supported(unsigned int ext_type); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_add_custom_ext()\fR adds a custom extension for a \s-1TLS/DTLS\s0 client or server +for all supported protocol versions with extension type \fBext_type\fR and +callbacks \fBadd_cb\fR, \fBfree_cb\fR and \fBparse_cb\fR (see the +\&\*(L"\s-1EXTENSION\s0 \s-1CALLBACKS\s0\*(R" section below). The \fBcontext\fR value determines +which messages and under what conditions the extension will be added/parsed (see +the \*(L"\s-1EXTENSION\s0 \s-1CONTEXTS\s0\*(R" section below). +.PP +\&\fISSL_CTX_add_client_custom_ext()\fR adds a custom extension for a \s-1TLS/DTLS\s0 client +with extension type \fBext_type\fR and callbacks \fBadd_cb\fR, \fBfree_cb\fR and +\&\fBparse_cb\fR. This function is similar to \fISSL_CTX_add_custom_ext()\fR except it only +applies to clients, uses the older style of callbacks, and implicitly sets the +\&\fBcontext\fR value to: +.PP +.Vb 2 +\& SSL_EXT_TLS1_2_AND_BELOW_ONLY | SSL_EXT_CLIENT_HELLO +\& | SSL_EXT_TLS1_2_SERVER_HELLO | SSL_EXT_IGNORE_ON_RESUMPTION +.Ve +.PP +\&\fISSL_CTX_add_server_custom_ext()\fR adds a custom extension for a \s-1TLS/DTLS\s0 server +with extension type \fBext_type\fR and callbacks \fBadd_cb\fR, \fBfree_cb\fR and +\&\fBparse_cb\fR. This function is similar to \fISSL_CTX_add_custom_ext()\fR except it +only applies to servers, uses the older style of callbacks, and implicitly sets +the \fBcontext\fR value to the same as for \fISSL_CTX_add_client_custom_ext()\fR above. +.PP +The \fBext_type\fR parameter corresponds to the \fBextension_type\fR field of +\&\s-1RFC5246\s0 et al. It is \fBnot\fR a \s-1NID\s0. In all cases the extension type must not be +handled by OpenSSL internally or an error occurs. +.PP +\&\fISSL_extension_supported()\fR returns 1 if the extension \fBext_type\fR is handled +internally by OpenSSL and 0 otherwise. +.SH "EXTENSION CALLBACKS" +.IX Header "EXTENSION CALLBACKS" +The callback \fBadd_cb\fR is called to send custom extension data to be +included in various \s-1TLS\s0 messages. The \fBext_type\fR parameter is set to the +extension type which will be added and \fBadd_arg\fR to the value set when the +extension handler was added. When using the new style callbacks the \fBcontext\fR +parameter will indicate which message is currently being constructed e.g. for +the ClientHello it will be set to \fB\s-1SSL_EXT_CLIENT_HELLO\s0\fR. +.PP +If the application wishes to include the extension \fBext_type\fR it should +set \fB*out\fR to the extension data, set \fB*outlen\fR to the length of the +extension data and return 1. +.PP +If the \fBadd_cb\fR does not wish to include the extension it must return 0. +.PP +If \fBadd_cb\fR returns \-1 a fatal handshake error occurs using the \s-1TLS\s0 +alert value specified in \fB*al\fR. +.PP +When constructing the ClientHello, if \fBadd_cb\fR is set to \s-1NULL\s0 a zero length +extension is added for \fBext_type\fR. For all other messages if \fBadd_cb\fR is set +to \s-1NULL\s0 then no extension is added. +.PP +When constructing a Certificate message the callback will be called for each +certificate in the message. The \fBx\fR parameter will indicate the +current certificate and the \fBchainidx\fR parameter will indicate the position +of the certificate in the message. The first certificate is always the end +entity certificate and has a \fBchainidx\fR value of 0. The certificates are in the +order that they were received in the Certificate message. +.PP +For all messages except the ServerHello and EncryptedExtensions every +registered \fBadd_cb\fR is always called to see if the application wishes to add an +extension (as long as all requirements of the specified \fBcontext\fR are met). +.PP +For the ServerHello and EncryptedExtension messages every registered \fBadd_cb\fR +is called once if and only if the requirements of the specified \fBcontext\fR are +met and the corresponding extension was received in the ClientHello. That is, if +no corresponding extension was received in the ClientHello then \fBadd_cb\fR will +not be called. +.PP +If an extension is added (that is \fBadd_cb\fR returns 1) \fBfree_cb\fR is called +(if it is set) with the value of \fBout\fR set by the add callback. It can be +used to free up any dynamic extension data set by \fBadd_cb\fR. Since \fBout\fR is +constant (to permit use of constant data in \fBadd_cb\fR) applications may need to +cast away const to free the data. +.PP +The callback \fBparse_cb\fR receives data for \s-1TLS\s0 extensions. The callback is only +called if the extension is present and relevant for the context (see +\&\*(L"\s-1EXTENSION\s0 \s-1CONTEXTS\s0\*(R" below). +.PP +The extension data consists of \fBinlen\fR bytes in the buffer \fBin\fR for the +extension \fBext_type\fR. +.PP +If the message being parsed is a TLSv1.3 compatible Certificate message then +\&\fBparse_cb\fR will be called for each certificate contained within the message. +The \fBx\fR parameter will indicate the current certificate and the \fBchainidx\fR +parameter will indicate the position of the certificate in the message. The +first certificate is always the end entity certificate and has a \fBchainidx\fR +value of 0. +.PP +If the \fBparse_cb\fR considers the extension data acceptable it must return +1. If it returns 0 or a negative value a fatal handshake error occurs +using the \s-1TLS\s0 alert value specified in \fB*al\fR. +.PP +The buffer \fBin\fR is a temporary internal buffer which will not be valid after +the callback returns. +.SH "EXTENSION CONTEXTS" +.IX Header "EXTENSION CONTEXTS" +An extension context defines which messages and under which conditions an +extension should be added or expected. The context is built up by performing +a bitwise \s-1OR\s0 of multiple pre-defined values together. The valid context values +are: +.IP "\s-1SSL_EXT_TLS_ONLY\s0" 4 +.IX Item "SSL_EXT_TLS_ONLY" +The extension is only allowed in \s-1TLS\s0 +.IP "\s-1SSL_EXT_DTLS_ONLY\s0" 4 +.IX Item "SSL_EXT_DTLS_ONLY" +The extension is only allowed in \s-1DTLS\s0 +.IP "\s-1SSL_EXT_TLS_IMPLEMENTATION_ONLY\s0" 4 +.IX Item "SSL_EXT_TLS_IMPLEMENTATION_ONLY" +The extension is allowed in \s-1DTLS\s0, but there is only a \s-1TLS\s0 implementation +available (so it is ignored in \s-1DTLS\s0). +.IP "\s-1SSL_EXT_SSL3_ALLOWED\s0" 4 +.IX Item "SSL_EXT_SSL3_ALLOWED" +Extensions are not typically defined for SSLv3. Setting this value will allow +the extension in SSLv3. Applications will not typically need to use this. +.IP "\s-1SSL_EXT_TLS1_2_AND_BELOW_ONLY\s0" 4 +.IX Item "SSL_EXT_TLS1_2_AND_BELOW_ONLY" +The extension is only defined for TLSv1.2/DTLSv1.2 and below. Servers will +ignore this extension if it is present in the ClientHello and TLSv1.3 is +negotiated. +.IP "\s-1SSL_EXT_TLS1_3_ONLY\s0" 4 +.IX Item "SSL_EXT_TLS1_3_ONLY" +The extension is only defined for \s-1TLS1\s0.3 and above. Servers will ignore this +extension if it is present in the ClientHello and TLSv1.2 or below is +negotiated. +.IP "\s-1SSL_EXT_IGNORE_ON_RESUMPTION\s0" 4 +.IX Item "SSL_EXT_IGNORE_ON_RESUMPTION" +The extension will be ignored during parsing if a previous session is being +successfully resumed. +.IP "\s-1SSL_EXT_CLIENT_HELLO\s0" 4 +.IX Item "SSL_EXT_CLIENT_HELLO" +The extension may be present in the ClientHello message. +.IP "\s-1SSL_EXT_TLS1_2_SERVER_HELLO\s0" 4 +.IX Item "SSL_EXT_TLS1_2_SERVER_HELLO" +The extension may be present in a TLSv1.2 or below compatible ServerHello +message. +.IP "\s-1SSL_EXT_TLS1_3_SERVER_HELLO\s0" 4 +.IX Item "SSL_EXT_TLS1_3_SERVER_HELLO" +The extension may be present in a TLSv1.3 compatible ServerHello message. +.IP "\s-1SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS\s0" 4 +.IX Item "SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS" +The extension may be present in an EncryptedExtensions message. +.IP "\s-1SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST\s0" 4 +.IX Item "SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST" +The extension may be present in a HelloRetryRequest message. +.IP "\s-1SSL_EXT_TLS1_3_CERTIFICATE\s0" 4 +.IX Item "SSL_EXT_TLS1_3_CERTIFICATE" +The extension may be present in a TLSv1.3 compatible Certificate message. +.IP "\s-1SSL_EXT_TLS1_3_NEW_SESSION_TICKET\s0" 4 +.IX Item "SSL_EXT_TLS1_3_NEW_SESSION_TICKET" +The extension may be present in a TLSv1.3 compatible NewSessionTicket message. +.IP "\s-1SSL_EXT_TLS1_3_CERTIFICATE_REQUEST\s0" 4 +.IX Item "SSL_EXT_TLS1_3_CERTIFICATE_REQUEST" +The extension may be present in a TLSv1.3 compatible CertificateRequest message. +.PP +The context must include at least one message value (otherwise the extension +will never be used). +.SH "NOTES" +.IX Header "NOTES" +The \fBadd_arg\fR and \fBparse_arg\fR parameters can be set to arbitrary values +which will be passed to the corresponding callbacks. They can, for example, +be used to store the extension data received in a convenient structure or +pass the extension data to be added or freed when adding extensions. +.PP +If the same custom extension type is received multiple times a fatal +\&\fBdecode_error\fR alert is sent and the handshake aborts. If a custom extension +is received in a ServerHello/EncryptedExtensions message which was not sent in +the ClientHello a fatal \fBunsupported_extension\fR alert is sent and the +handshake is aborted. The ServerHello/EncryptedExtensions \fBadd_cb\fR callback is +only called if the corresponding extension was received in the ClientHello. This +is compliant with the \s-1TLS\s0 specifications. This behaviour ensures that each +callback is called at most once and that an application can never send +unsolicited extensions. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_add_custom_ext()\fR, \fISSL_CTX_add_client_custom_ext()\fR and +\&\fISSL_CTX_add_server_custom_ext()\fR return 1 for success and 0 for failure. A +failure can occur if an attempt is made to add the same \fBext_type\fR more than +once, if an attempt is made to use an extension type handled internally by +OpenSSL or if an internal error occurs (for example a memory allocation +failure). +.PP +\&\fISSL_extension_supported()\fR returns 1 if the extension \fBext_type\fR is handled +internally by OpenSSL and 0 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \fISSL_CTX_add_custom_ext()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2014\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_free.3 b/linux_amd64/ssl/share/man/man3/SSL_free.3 new file mode 100755 index 0000000..f1015b3 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_free.3 @@ -0,0 +1,177 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_FREE 3" +.TH SSL_FREE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_free \- free an allocated SSL structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_free(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_free()\fR decrements the reference count of \fBssl\fR, and removes the \s-1SSL\s0 +structure pointed to by \fBssl\fR and frees up the allocated memory if the +reference count has reached 0. +If \fBssl\fR is \s-1NULL\s0 nothing is done. +.SH "NOTES" +.IX Header "NOTES" +\&\fISSL_free()\fR also calls the \fIfree()\fRing procedures for indirectly affected items, if +applicable: the buffering \s-1BIO\s0, the read and write BIOs, +cipher lists specially created for this \fBssl\fR, the \fB\s-1SSL_SESSION\s0\fR. +Do not explicitly free these indirectly freed up items before or after +calling \fISSL_free()\fR, as trying to free things twice may lead to program +failure. +.PP +The ssl session has reference counts from two users: the \s-1SSL\s0 object, for +which the reference count is removed by \fISSL_free()\fR and the internal +session cache. If the session is considered bad, because +\&\fISSL_shutdown\fR\|(3) was not called for the connection +and \fISSL_set_shutdown\fR\|(3) was not used to set the +\&\s-1SSL_SENT_SHUTDOWN\s0 state, the session will also be removed +from the session cache as required by \s-1RFC2246\s0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_free()\fR does not provide diagnostic information. +.PP +\&\fISSL_new\fR\|(3), \fISSL_clear\fR\|(3), +\&\fISSL_shutdown\fR\|(3), \fISSL_set_shutdown\fR\|(3), +\&\fIssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_get0_peer_scts.3 b/linux_amd64/ssl/share/man/man3/SSL_get0_peer_scts.3 new file mode 100755 index 0000000..bdae00f --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_get0_peer_scts.3 @@ -0,0 +1,167 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET0_PEER_SCTS 3" +.TH SSL_GET0_PEER_SCTS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get0_peer_scts \- get SCTs received +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_get0_peer_scts()\fR returns the signed certificate timestamps (SCTs) that have +been received. If this is the first time that this function has been called for +a given \fB\s-1SSL\s0\fR instance, it will examine the \s-1TLS\s0 extensions, \s-1OCSP\s0 response and +the peer's certificate for SCTs. Future calls will return the same SCTs. +.SH "RESTRICTIONS" +.IX Header "RESTRICTIONS" +If no Certificate Transparency validation callback has been set (using +\&\fBSSL_CTX_set_ct_validation_callback\fR or \fBSSL_set_ct_validation_callback\fR), +this function is not guaranteed to return all of the SCTs that the peer is +capable of sending. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_get0_peer_scts()\fR returns a list of SCTs found, or \s-1NULL\s0 if an error occurs. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_CTX_set_ct_validation_callback\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_get_SSL_CTX.3 b/linux_amd64/ssl/share/man/man3/SSL_get_SSL_CTX.3 new file mode 100755 index 0000000..034d959 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_get_SSL_CTX.3 @@ -0,0 +1,158 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_SSL_CTX 3" +.TH SSL_GET_SSL_CTX 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_SSL_CTX \- get the SSL_CTX from which an SSL is created +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_get_SSL_CTX()\fR returns a pointer to the \s-1SSL_CTX\s0 object, from which +\&\fBssl\fR was created with \fISSL_new\fR\|(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The pointer to the \s-1SSL_CTX\s0 object is returned. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_get_all_async_fds.3 b/linux_amd64/ssl/share/man/man3/SSL_get_all_async_fds.3 new file mode 100755 index 0000000..0f1120f --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_get_all_async_fds.3 @@ -0,0 +1,208 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_ALL_ASYNC_FDS 3" +.TH SSL_GET_ALL_ASYNC_FDS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_waiting_for_async, +SSL_get_all_async_fds, +SSL_get_changed_async_fds +\&\- manage asynchronous operations +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& #include +\& #include +\& +\& int SSL_waiting_for_async(SSL *s); +\& int SSL_get_all_async_fds(SSL *s, OSSL_ASYNC_FD *fd, size_t *numfds); +\& int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd, size_t *numaddfds, +\& OSSL_ASYNC_FD *delfd, size_t *numdelfds); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_waiting_for_async()\fR determines whether an \s-1SSL\s0 connection is currently +waiting for asynchronous operations to complete (see the \fB\s-1SSL_MODE_ASYNC\s0\fR mode +in \fISSL_CTX_set_mode\fR\|(3)). +.PP +\&\fISSL_get_all_async_fds()\fR returns a list of file descriptor which can be used in a +call to \fIselect()\fR or \fIpoll()\fR to determine whether the current asynchronous +operation has completed or not. A completed operation will result in data +appearing as \*(L"read ready\*(R" on the file descriptor (no actual data should be read +from the file descriptor). This function should only be called if the \fB\s-1SSL\s0\fR +object is currently waiting for asynchronous work to complete (i.e. +\&\fB\s-1SSL_ERROR_WANT_ASYNC\s0\fR has been received \- see \fISSL_get_error\fR\|(3)). Typically +the list will only contain one file descriptor. However if multiple asynchronous +capable engines are in use then more than one is possible. The number of file +descriptors returned is stored in \fI*numfds\fR and the file descriptors themselves +are in \fI*fds\fR. The \fIfds\fR parameter may be \s-1NULL\s0 in which case no file +descriptors are returned but \fI*numfds\fR is still populated. It is the callers +responsibility to ensure sufficient memory is allocated at \fI*fds\fR so typically +this function is called twice (once with a \s-1NULL\s0 \fIfds\fR parameter and once +without). +.PP +\&\fISSL_get_changed_async_fds()\fR returns a list of the asynchronous file descriptors +that have been added and a list that have been deleted since the last +\&\fB\s-1SSL_ERROR_WANT_ASYNC\s0\fR was received (or since the \fB\s-1SSL\s0\fR object was created if +no \fB\s-1SSL_ERROR_WANT_ASYNC\s0\fR has been received). Similar to \fISSL_get_all_async_fds()\fR +it is the callers responsibility to ensure that \fI*addfd\fR and \fI*delfd\fR have +sufficient memory allocated, although they may be \s-1NULL\s0. The number of added fds +and the number of deleted fds are stored in \fI*numaddfds\fR and \fI*numdelfds\fR +respectively. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_waiting_for_async()\fR will return 1 if the current \s-1SSL\s0 operation is waiting +for an async operation to complete and 0 otherwise. +.PP +\&\fISSL_get_all_async_fds()\fR and \fISSL_get_changed_async_fds()\fR return 1 on success or +0 on error. +.SH "NOTES" +.IX Header "NOTES" +On Windows platforms the openssl/async.h header is dependent on some +of the types customarily made available by including windows.h. The +application developer is likely to require control over when the latter +is included, commonly as one of the first included headers. Therefore +it is defined as an application developer's responsibility to include +windows.h prior to async.h. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_get_error\fR\|(3), \fISSL_CTX_set_mode\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fISSL_waiting_for_async()\fR, \fISSL_get_all_async_fds()\fR +and \fISSL_get_changed_async_fds()\fR functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_get_ciphers.3 b/linux_amd64/ssl/share/man/man3/SSL_get_ciphers.3 new file mode 100755 index 0000000..c1f09f6 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_get_ciphers.3 @@ -0,0 +1,239 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_CIPHERS 3" +.TH SSL_GET_CIPHERS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get1_supported_ciphers, +SSL_get_client_ciphers, +SSL_get_ciphers, +SSL_CTX_get_ciphers, +SSL_bytes_to_cipher_list, +SSL_get_cipher_list, +SSL_get_shared_ciphers +\&\- get list of available SSL_CIPHERs +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *ssl); +\& STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx); +\& STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s); +\& STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *ssl); +\& int SSL_bytes_to_cipher_list(SSL *s, const unsigned char *bytes, size_t len, +\& int isv2format, STACK_OF(SSL_CIPHER) **sk, +\& STACK_OF(SSL_CIPHER) **scsvs); +\& const char *SSL_get_cipher_list(const SSL *ssl, int priority); +\& char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_get_ciphers()\fR returns the stack of available SSL_CIPHERs for \fBssl\fR, +sorted by preference. If \fBssl\fR is \s-1NULL\s0 or no ciphers are available, \s-1NULL\s0 +is returned. +.PP +\&\fISSL_CTX_get_ciphers()\fR returns the stack of available SSL_CIPHERs for \fBctx\fR. +.PP +\&\fISSL_get1_supported_ciphers()\fR returns the stack of enabled SSL_CIPHERs for +\&\fBssl\fR as would be sent in a ClientHello (that is, sorted by preference). +The list depends on settings like the cipher list, the supported protocol +versions, the security level, and the enabled signature algorithms. +\&\s-1SRP\s0 and \s-1PSK\s0 ciphers are only enabled if the appropriate callbacks or settings +have been applied. +The list of ciphers that would be sent in a ClientHello can differ from +the list of ciphers that would be acceptable when acting as a server. +For example, additional ciphers may be usable by a server if there is +a gap in the list of supported protocols, and some ciphers may not be +usable by a server if there is not a suitable certificate configured. +If \fBssl\fR is \s-1NULL\s0 or no ciphers are available, \s-1NULL\s0 is returned. +.PP +\&\fISSL_get_client_ciphers()\fR returns the stack of available SSL_CIPHERs matching the +list received from the client on \fBssl\fR. If \fBssl\fR is \s-1NULL\s0, no ciphers are +available, or \fBssl\fR is not operating in server mode, \s-1NULL\s0 is returned. +.PP +\&\fISSL_bytes_to_cipher_list()\fR treats the supplied \fBlen\fR octets in \fBbytes\fR +as a wire-protocol cipher suite specification (in the three-octet-per-cipher +SSLv2 wire format if \fBisv2format\fR is nonzero; otherwise the two-octet +SSLv3/TLS wire format), and parses the cipher suites supported by the library +into the returned stacks of \s-1SSL_CIPHER\s0 objects sk and Signalling Cipher-Suite +Values scsvs. Unsupported cipher suites are ignored. Returns 1 on success +and 0 on failure. +.PP +\&\fISSL_get_cipher_list()\fR returns a pointer to the name of the \s-1SSL_CIPHER\s0 +listed for \fBssl\fR with \fBpriority\fR. If \fBssl\fR is \s-1NULL\s0, no ciphers are +available, or there are less ciphers than \fBpriority\fR available, \s-1NULL\s0 +is returned. +.PP +\&\fISSL_get_shared_ciphers()\fR creates a colon separated and \s-1NUL\s0 terminated list of +\&\s-1SSL_CIPHER\s0 names that are available in both the client and the server. \fBbuf\fR is +the buffer that should be populated with the list of names and \fBsize\fR is the +size of that buffer. A pointer to \fBbuf\fR is returned on success or \s-1NULL\s0 on +error. If the supplied buffer is not large enough to contain the complete list +of names then a truncated list of names will be returned. Note that just because +a ciphersuite is available (i.e. it is configured in the cipher list) and shared +by both the client and the server it does not mean that it is enabled (see the +description of \fISSL_get1_supported_ciphers()\fR above). This function will return +available shared ciphersuites whether or not they are enabled. This is a server +side function only and must only be called after the completion of the initial +handshake. +.SH "NOTES" +.IX Header "NOTES" +The details of the ciphers obtained by \fISSL_get_ciphers()\fR, \fISSL_CTX_get_ciphers()\fR +\&\fISSL_get1_supported_ciphers()\fR and \fISSL_get_client_ciphers()\fR can be obtained using +the \fISSL_CIPHER_get_name\fR\|(3) family of functions. +.PP +Call \fISSL_get_cipher_list()\fR with \fBpriority\fR starting from 0 to obtain the +sorted list of available ciphers, until \s-1NULL\s0 is returned. +.PP +Note: \fISSL_get_ciphers()\fR, \fISSL_CTX_get_ciphers()\fR and \fISSL_get_client_ciphers()\fR +return a pointer to an internal cipher stack, which will be freed later on when +the \s-1SSL\s0 or \s-1SSL_SESSION\s0 object is freed. Therefore, the calling code \fB\s-1MUST\s0 \s-1NOT\s0\fR +free the return value itself. +.PP +The stack returned by \fISSL_get1_supported_ciphers()\fR should be freed using +\&\fIsk_SSL_CIPHER_free()\fR. +.PP +The stacks returned by \fISSL_bytes_to_cipher_list()\fR should be freed using +\&\fIsk_SSL_CIPHER_free()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +See \s-1DESCRIPTION\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_CTX_set_cipher_list\fR\|(3), +\&\fISSL_CIPHER_get_name\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_get_client_random.3 b/linux_amd64/ssl/share/man/man3/SSL_get_client_random.3 new file mode 100755 index 0000000..4eb8e27 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_get_client_random.3 @@ -0,0 +1,224 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_CLIENT_RANDOM 3" +.TH SSL_GET_CLIENT_RANDOM 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_client_random, +SSL_get_server_random, +SSL_SESSION_get_master_key, +SSL_SESSION_set1_master_key +\&\- get internal TLS/SSL random values and get/set master key +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, size_t outlen); +\& size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen); +\& size_t SSL_SESSION_get_master_key(const SSL_SESSION *session, +\& unsigned char *out, size_t outlen); +\& int SSL_SESSION_set1_master_key(SSL_SESSION *sess, const unsigned char *in, +\& size_t len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_get_client_random()\fR extracts the random value sent from the client +to the server during the initial \s-1SSL/TLS\s0 handshake. It copies as many +bytes as it can of this value into the buffer provided in \fBout\fR, +which must have at least \fBoutlen\fR bytes available. It returns the +total number of bytes that were actually copied. If \fBoutlen\fR is +zero, \fISSL_get_client_random()\fR copies nothing, and returns the +total size of the client_random value. +.PP +\&\fISSL_get_server_random()\fR behaves the same, but extracts the random value +sent from the server to the client during the initial \s-1SSL/TLS\s0 handshake. +.PP +\&\fISSL_SESSION_get_master_key()\fR behaves the same, but extracts the master +secret used to guarantee the security of the \s-1SSL/TLS\s0 session. This one +can be dangerous if misused; see \s-1NOTES\s0 below. +.PP +\&\fISSL_SESSION_set1_master_key()\fR sets the master key value associated with the +\&\s-1SSL_SESSION\s0 \fBsess\fR. For example, this could be used to set up a session based +\&\s-1PSK\s0 (see \fISSL_CTX_set_psk_use_session_callback\fR\|(3)). The master key of length +\&\fBlen\fR should be provided at \fBin\fR. The supplied master key is copied by the +function, so the caller is responsible for freeing and cleaning any memory +associated with \fBin\fR. The caller must ensure that the length of the key is +suitable for the ciphersuite associated with the \s-1SSL_SESSION\s0. +.SH "NOTES" +.IX Header "NOTES" +You probably shouldn't use these functions. +.PP +These functions expose internal values from the \s-1TLS\s0 handshake, for +use in low-level protocols. You probably should not use them, unless +you are implementing something that needs access to the internal protocol +details. +.PP +Despite the names of \fISSL_get_client_random()\fR and \fISSL_get_server_random()\fR, they +\&\s-1ARE\s0 \s-1NOT\s0 random number generators. Instead, they return the mostly-random values that +were already generated and used in the \s-1TLS\s0 protocol. Using them +in place of \fIRAND_bytes()\fR would be grossly foolish. +.PP +The security of your \s-1TLS\s0 session depends on keeping the master key secret: +do not expose it, or any information about it, to anybody. +If you need to calculate another secret value that depends on the master +secret, you should probably use \fISSL_export_keying_material()\fR instead, and +forget that you ever saw these functions. +.PP +In current versions of the \s-1TLS\s0 protocols, the length of client_random +(and also server_random) is always \s-1SSL3_RANDOM_SIZE\s0 bytes. Support for +other outlen arguments to the SSL_get_*\fI_random()\fR functions is provided +in case of the unlikely event that a future version or variant of \s-1TLS\s0 +uses some other length there. +.PP +Finally, though the \*(L"client_random\*(R" and \*(L"server_random\*(R" values are called +\&\*(L"random\*(R", many \s-1TLS\s0 implementations will generate four bytes of those +values based on their view of the current time. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_SESSION_set1_master_key()\fR returns 1 on success or 0 on failure. +.PP +For the other functions, if \fBoutlen\fR is greater than 0 then these functions +return the number of bytes actually copied, which will be less than or equal to +\&\fBoutlen\fR. If \fBoutlen\fR is 0 then these functions return the maximum number +of bytes they would copy \*(-- that is, the length of the underlying field. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fIRAND_bytes\fR\|(3), +\&\fISSL_export_keying_material\fR\|(3), +\&\fISSL_CTX_set_psk_use_session_callback\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_get_current_cipher.3 b/linux_amd64/ssl/share/man/man3/SSL_get_current_cipher.3 new file mode 100755 index 0000000..5672b4f --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_get_current_cipher.3 @@ -0,0 +1,193 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_CURRENT_CIPHER 3" +.TH SSL_GET_CURRENT_CIPHER 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_current_cipher, SSL_get_cipher_name, SSL_get_cipher, +SSL_get_cipher_bits, SSL_get_cipher_version, +SSL_get_pending_cipher \- get SSL_CIPHER of a connection +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& SSL_CIPHER *SSL_get_current_cipher(const SSL *ssl); +\& SSL_CIPHER *SSL_get_pending_cipher(const SSL *ssl); +\& +\& const char *SSL_get_cipher_name(const SSL *s); +\& const char *SSL_get_cipher(const SSL *s); +\& int SSL_get_cipher_bits(const SSL *s, int *np); +\& const char *SSL_get_cipher_version(const SSL *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_get_current_cipher()\fR returns a pointer to an \s-1SSL_CIPHER\s0 object containing +the description of the actually used cipher of a connection established with +the \fBssl\fR object. +See \fISSL_CIPHER_get_name\fR\|(3) for more details. +.PP +\&\fISSL_get_cipher_name()\fR obtains the +name of the currently used cipher. +\&\fISSL_get_cipher()\fR is identical to \fISSL_get_cipher_name()\fR. +\&\fISSL_get_cipher_bits()\fR is a +macro to obtain the number of secret/algorithm bits used and +\&\fISSL_get_cipher_version()\fR returns the protocol name. +.PP +\&\fISSL_get_pending_cipher()\fR returns a pointer to an \s-1SSL_CIPHER\s0 object containing +the description of the cipher (if any) that has been negotiated for future use +on the connection established with the \fBssl\fR object, but is not yet in use. +This may be the case during handshake processing, when control flow can be +returned to the application via any of several callback methods. The internal +sequencing of handshake processing and callback invocation is not guaranteed +to be stable from release to release, and at present only the callback set +by \fISSL_CTX_set_alpn_select_cb()\fR is guaranteed to have a non-NULL return value. +Other callbacks may be added to this list over time. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_get_current_cipher()\fR returns the cipher actually used, or \s-1NULL\s0 if +no session has been established. +.PP +\&\fISSL_get_pending_cipher()\fR returns the cipher to be used at the next change +of cipher suite, or \s-1NULL\s0 if no such cipher is known. +.SH "NOTES" +.IX Header "NOTES" +SSL_get_cipher, SSL_get_cipher_bits, SSL_get_cipher_version, and +SSL_get_cipher_name are implemented as macros. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_CIPHER_get_name\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_get_default_timeout.3 b/linux_amd64/ssl/share/man/man3/SSL_get_default_timeout.3 new file mode 100755 index 0000000..2897304 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_get_default_timeout.3 @@ -0,0 +1,172 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_DEFAULT_TIMEOUT 3" +.TH SSL_GET_DEFAULT_TIMEOUT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_default_timeout \- get default session timeout value +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_get_default_timeout(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_get_default_timeout()\fR returns the default timeout value assigned to +\&\s-1SSL_SESSION\s0 objects negotiated for the protocol valid for \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +Whenever a new session is negotiated, it is assigned a timeout value, +after which it will not be accepted for session reuse. If the timeout +value was not explicitly set using +\&\fISSL_CTX_set_timeout\fR\|(3), the hardcoded default +timeout for the protocol will be used. +.PP +\&\fISSL_get_default_timeout()\fR return this hardcoded value, which is 300 seconds +for all currently supported protocols. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +See description. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_CTX_set_session_cache_mode\fR\|(3), +\&\fISSL_SESSION_get_time\fR\|(3), +\&\fISSL_CTX_flush_sessions\fR\|(3), +\&\fISSL_get_default_timeout\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_get_error.3 b/linux_amd64/ssl/share/man/man3/SSL_get_error.3 new file mode 100755 index 0000000..5dda0cb --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_get_error.3 @@ -0,0 +1,284 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_ERROR 3" +.TH SSL_GET_ERROR 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_error \- obtain result code for TLS/SSL I/O operation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_get_error(const SSL *ssl, int ret); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_get_error()\fR returns a result code (suitable for the C \*(L"switch\*(R" +statement) for a preceding call to \fISSL_connect()\fR, \fISSL_accept()\fR, \fISSL_do_handshake()\fR, +\&\fISSL_read_ex()\fR, \fISSL_read()\fR, \fISSL_peek_ex()\fR, \fISSL_peek()\fR, \fISSL_shutdown()\fR, +\&\fISSL_write_ex()\fR or \fISSL_write()\fR on \fBssl\fR. The value returned by that \s-1TLS/SSL\s0 I/O +function must be passed to \fISSL_get_error()\fR in parameter \fBret\fR. +.PP +In addition to \fBssl\fR and \fBret\fR, \fISSL_get_error()\fR inspects the +current thread's OpenSSL error queue. Thus, \fISSL_get_error()\fR must be +used in the same thread that performed the \s-1TLS/SSL\s0 I/O operation, and no +other OpenSSL function calls should appear in between. The current +thread's error queue must be empty before the \s-1TLS/SSL\s0 I/O operation is +attempted, or \fISSL_get_error()\fR will not work reliably. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can currently occur: +.IP "\s-1SSL_ERROR_NONE\s0" 4 +.IX Item "SSL_ERROR_NONE" +The \s-1TLS/SSL\s0 I/O operation completed. This result code is returned +if and only if \fBret > 0\fR. +.IP "\s-1SSL_ERROR_ZERO_RETURN\s0" 4 +.IX Item "SSL_ERROR_ZERO_RETURN" +The \s-1TLS/SSL\s0 peer has closed the connection for writing by sending the +close_notify alert. +No more data can be read. +Note that \fB\s-1SSL_ERROR_ZERO_RETURN\s0\fR does not necessarily +indicate that the underlying transport has been closed. +.IP "\s-1SSL_ERROR_WANT_READ\s0, \s-1SSL_ERROR_WANT_WRITE\s0" 4 +.IX Item "SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE" +The operation did not complete and can be retried later. +.Sp +\&\fB\s-1SSL_ERROR_WANT_READ\s0\fR is returned when the last operation was a read +operation from a non-blocking \fB\s-1BIO\s0\fR. +It means that not enough data was available at this time to complete the +operation. +If at a later time the underlying \fB\s-1BIO\s0\fR has data available for reading the same +function can be called again. +.Sp +\&\fISSL_read()\fR and \fISSL_read_ex()\fR can also set \fB\s-1SSL_ERROR_WANT_READ\s0\fR when there is +still unprocessed data available at either the \fB\s-1SSL\s0\fR or the \fB\s-1BIO\s0\fR layer, even +for a blocking \fB\s-1BIO\s0\fR. +See \fISSL_read\fR\|(3) for more information. +.Sp +\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR is returned when the last operation was a write +to a non-blocking \fB\s-1BIO\s0\fR and it was unable to sent all data to the \fB\s-1BIO\s0\fR. +When the \fB\s-1BIO\s0\fR is writeable again, the same function can be called again. +.Sp +Note that the retry may again lead to an \fB\s-1SSL_ERROR_WANT_READ\s0\fR or +\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR condition. +There is no fixed upper limit for the number of iterations that +may be necessary until progress becomes visible at application +protocol level. +.Sp +It is safe to call \fISSL_read()\fR or \fISSL_read_ex()\fR when more data is available +even when the call that set this error was an \fISSL_write()\fR or \fISSL_write_ex()\fR. +However if the call was an \fISSL_write()\fR or \fISSL_write_ex()\fR, it should be called +again to continue sending the application data. +.Sp +For socket \fB\s-1BIO\s0\fRs (e.g. when \fISSL_set_fd()\fR was used), \fIselect()\fR or +\&\fIpoll()\fR on the underlying socket can be used to find out when the +\&\s-1TLS/SSL\s0 I/O function should be retried. +.Sp +Caveat: Any \s-1TLS/SSL\s0 I/O function can lead to either of +\&\fB\s-1SSL_ERROR_WANT_READ\s0\fR and \fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. +In particular, +\&\fISSL_read_ex()\fR, \fISSL_read()\fR, \fISSL_peek_ex()\fR, or \fISSL_peek()\fR may want to write data +and \fISSL_write()\fR or \fISSL_write_ex()\fR may want to read data. +This is mainly because +\&\s-1TLS/SSL\s0 handshakes may occur at any time during the protocol (initiated by +either the client or the server); \fISSL_read_ex()\fR, \fISSL_read()\fR, \fISSL_peek_ex()\fR, +\&\fISSL_peek()\fR, \fISSL_write_ex()\fR, and \fISSL_write()\fR will handle any pending handshakes. +.IP "\s-1SSL_ERROR_WANT_CONNECT\s0, \s-1SSL_ERROR_WANT_ACCEPT\s0" 4 +.IX Item "SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT" +The operation did not complete; the same \s-1TLS/SSL\s0 I/O function should be +called again later. The underlying \s-1BIO\s0 was not connected yet to the peer +and the call would block in \fIconnect()\fR/\fIaccept()\fR. The \s-1SSL\s0 function should be +called again when the connection is established. These messages can only +appear with a \fIBIO_s_connect()\fR or \fIBIO_s_accept()\fR \s-1BIO\s0, respectively. +In order to find out, when the connection has been successfully established, +on many platforms \fIselect()\fR or \fIpoll()\fR for writing on the socket file descriptor +can be used. +.IP "\s-1SSL_ERROR_WANT_X509_LOOKUP\s0" 4 +.IX Item "SSL_ERROR_WANT_X509_LOOKUP" +The operation did not complete because an application callback set by +\&\fISSL_CTX_set_client_cert_cb()\fR has asked to be called again. +The \s-1TLS/SSL\s0 I/O function should be called again later. +Details depend on the application. +.IP "\s-1SSL_ERROR_WANT_ASYNC\s0" 4 +.IX Item "SSL_ERROR_WANT_ASYNC" +The operation did not complete because an asynchronous engine is still +processing data. This will only occur if the mode has been set to \s-1SSL_MODE_ASYNC\s0 +using \fISSL_CTX_set_mode\fR\|(3) or \fISSL_set_mode\fR\|(3) and an asynchronous capable +engine is being used. An application can determine whether the engine has +completed its processing using \fIselect()\fR or \fIpoll()\fR on the asynchronous wait file +descriptor. This file descriptor is available by calling +\&\fISSL_get_all_async_fds\fR\|(3) or \fISSL_get_changed_async_fds\fR\|(3). The \s-1TLS/SSL\s0 I/O +function should be called again later. The function \fBmust\fR be called from the +same thread that the original call was made from. +.IP "\s-1SSL_ERROR_WANT_ASYNC_JOB\s0" 4 +.IX Item "SSL_ERROR_WANT_ASYNC_JOB" +The asynchronous job could not be started because there were no async jobs +available in the pool (see \fIASYNC_init_thread\fR\|(3)). This will only occur if the +mode has been set to \s-1SSL_MODE_ASYNC\s0 using \fISSL_CTX_set_mode\fR\|(3) or +\&\fISSL_set_mode\fR\|(3) and a maximum limit has been set on the async job pool +through a call to \fIASYNC_init_thread\fR\|(3). The application should retry the +operation after a currently executing asynchronous operation for the current +thread has completed. +.IP "\s-1SSL_ERROR_WANT_CLIENT_HELLO_CB\s0" 4 +.IX Item "SSL_ERROR_WANT_CLIENT_HELLO_CB" +The operation did not complete because an application callback set by +\&\fISSL_CTX_set_client_hello_cb()\fR has asked to be called again. +The \s-1TLS/SSL\s0 I/O function should be called again later. +Details depend on the application. +.IP "\s-1SSL_ERROR_SYSCALL\s0" 4 +.IX Item "SSL_ERROR_SYSCALL" +Some non-recoverable, fatal I/O error occurred. The OpenSSL error queue may +contain more information on the error. For socket I/O on Unix systems, consult +\&\fBerrno\fR for details. If this error occurs then no further I/O operations should +be performed on the connection and \fISSL_shutdown()\fR must not be called. +.Sp +This value can also be returned for other errors, check the error queue for +details. +.IP "\s-1SSL_ERROR_SSL\s0" 4 +.IX Item "SSL_ERROR_SSL" +A non-recoverable, fatal error in the \s-1SSL\s0 library occurred, usually a protocol +error. The OpenSSL error queue contains more information on the error. If this +error occurs then no further I/O operations should be performed on the +connection and \fISSL_shutdown()\fR must not be called. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \s-1SSL_ERROR_WANT_ASYNC\s0 error code was added in OpenSSL 1.1.0. +The \s-1SSL_ERROR_WANT_CLIENT_HELLO_CB\s0 error code was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_get_extms_support.3 b/linux_amd64/ssl/share/man/man3/SSL_get_extms_support.3 new file mode 100755 index 0000000..0f3664f --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_get_extms_support.3 @@ -0,0 +1,163 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_EXTMS_SUPPORT 3" +.TH SSL_GET_EXTMS_SUPPORT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_extms_support \- extended master secret support +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_get_extms_support(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_get_extms_support()\fR indicates whether the current session used extended +master secret. +.PP +This function is implemented as a macro. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_get_extms_support()\fR returns 1 if the current session used extended +master secret, 0 if it did not and \-1 if a handshake is currently in +progress i.e. it is not possible to determine if extended master secret +was used. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_get_fd.3 b/linux_amd64/ssl/share/man/man3/SSL_get_fd.3 new file mode 100755 index 0000000..0b942d3 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_get_fd.3 @@ -0,0 +1,170 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_FD 3" +.TH SSL_GET_FD 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_fd, SSL_get_rfd, SSL_get_wfd \- get file descriptor linked to an SSL object +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_get_fd(const SSL *ssl); +\& int SSL_get_rfd(const SSL *ssl); +\& int SSL_get_wfd(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_get_fd()\fR returns the file descriptor which is linked to \fBssl\fR. +\&\fISSL_get_rfd()\fR and \fISSL_get_wfd()\fR return the file descriptors for the +read or the write channel, which can be different. If the read and the +write channel are different, \fISSL_get_fd()\fR will return the file descriptor +of the read channel. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "\-1" 4 +.IX Item "-1" +The operation failed, because the underlying \s-1BIO\s0 is not of the correct type +(suitable for file descriptors). +.IP ">=0" 4 +.IX Item ">=0" +The file descriptor linked to \fBssl\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fISSL_set_fd\fR\|(3), \fIssl\fR\|(7) , \fIbio\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_get_peer_cert_chain.3 b/linux_amd64/ssl/share/man/man3/SSL_get_peer_cert_chain.3 new file mode 100755 index 0000000..1cf0f61 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_get_peer_cert_chain.3 @@ -0,0 +1,193 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_PEER_CERT_CHAIN 3" +.TH SSL_GET_PEER_CERT_CHAIN 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_peer_cert_chain, SSL_get0_verified_chain \- get the X509 certificate +chain of the peer +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *ssl); +\& STACK_OF(X509) *SSL_get0_verified_chain(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_get_peer_cert_chain()\fR returns a pointer to \s-1STACK_OF\s0(X509) certificates +forming the certificate chain sent by the peer. If called on the client side, +the stack also contains the peer's certificate; if called on the server +side, the peer's certificate must be obtained separately using +\&\fISSL_get_peer_certificate\fR\|(3). +If the peer did not present a certificate, \s-1NULL\s0 is returned. +.PP +\&\s-1NB:\s0 \fISSL_get_peer_cert_chain()\fR returns the peer chain as sent by the peer: it +only consists of certificates the peer has sent (in the order the peer +has sent them) it is \fBnot\fR a verified chain. +.PP +\&\fISSL_get0_verified_chain()\fR returns the \fBverified\fR certificate chain +of the peer including the peer's end entity certificate. It must be called +after a session has been successfully established. If peer verification was +not successful (as indicated by \fISSL_get_verify_result()\fR not returning +X509_V_OK) the chain may be incomplete or invalid. +.SH "NOTES" +.IX Header "NOTES" +If the session is resumed peers do not send certificates so a \s-1NULL\s0 pointer +is returned by these functions. Applications can call \fISSL_session_reused()\fR +to determine whether a session is resumed. +.PP +The reference count of each certificate in the returned \s-1STACK_OF\s0(X509) object +is not incremented and the returned stack may be invalidated by renegotiation. +If applications wish to use any certificates in the returned chain +indefinitely they must increase the reference counts using \fIX509_up_ref()\fR or +obtain a copy of the whole chain with \fIX509_chain_up_ref()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "\s-1NULL\s0" 4 +.IX Item "NULL" +No certificate was presented by the peer or no connection was established +or the certificate chain is no longer available when a session is reused. +.IP "Pointer to a \s-1STACK_OF\s0(X509)" 4 +.IX Item "Pointer to a STACK_OF(X509)" +The return value points to the certificate chain presented by the peer. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_get_peer_certificate\fR\|(3), \fIX509_up_ref\fR\|(3), +\&\fIX509_chain_up_ref\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_get_peer_certificate.3 b/linux_amd64/ssl/share/man/man3/SSL_get_peer_certificate.3 new file mode 100755 index 0000000..4e545f3 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_get_peer_certificate.3 @@ -0,0 +1,180 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_PEER_CERTIFICATE 3" +.TH SSL_GET_PEER_CERTIFICATE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_peer_certificate \- get the X509 certificate of the peer +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& X509 *SSL_get_peer_certificate(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_get_peer_certificate()\fR returns a pointer to the X509 certificate the +peer presented. If the peer did not present a certificate, \s-1NULL\s0 is returned. +.SH "NOTES" +.IX Header "NOTES" +Due to the protocol definition, a \s-1TLS/SSL\s0 server will always send a +certificate, if present. A client will only send a certificate when +explicitly requested to do so by the server (see +\&\fISSL_CTX_set_verify\fR\|(3)). If an anonymous cipher +is used, no certificates are sent. +.PP +That a certificate is returned does not indicate information about the +verification state, use \fISSL_get_verify_result\fR\|(3) +to check the verification state. +.PP +The reference count of the X509 object is incremented by one, so that it +will not be destroyed when the session containing the peer certificate is +freed. The X509 object must be explicitly freed using \fIX509_free()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "\s-1NULL\s0" 4 +.IX Item "NULL" +No certificate was presented by the peer or no connection was established. +.IP "Pointer to an X509 certificate" 4 +.IX Item "Pointer to an X509 certificate" +The return value points to the certificate presented by the peer. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_get_verify_result\fR\|(3), +\&\fISSL_CTX_set_verify\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_get_peer_signature_nid.3 b/linux_amd64/ssl/share/man/man3/SSL_get_peer_signature_nid.3 new file mode 100755 index 0000000..c686298 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_get_peer_signature_nid.3 @@ -0,0 +1,176 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_PEER_SIGNATURE_NID 3" +.TH SSL_GET_PEER_SIGNATURE_NID 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_peer_signature_nid, SSL_get_peer_signature_type_nid, +SSL_get_signature_nid, SSL_get_signature_type_nid \- get TLS message signing +types +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_get_peer_signature_nid(SSL *ssl, int *psig_nid); +\& int SSL_get_peer_signature_type_nid(const SSL *ssl, int *psigtype_nid); +\& int SSL_get_signature_nid(SSL *ssl, int *psig_nid); +\& int SSL_get_signature_type_nid(const SSL *ssl, int *psigtype_nid); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_get_peer_signature_nid()\fR sets \fB*psig_nid\fR to the \s-1NID\s0 of the digest used +by the peer to sign \s-1TLS\s0 messages. It is implemented as a macro. +.PP +\&\fISSL_get_peer_signature_type_nid()\fR sets \fB*psigtype_nid\fR to the signature +type used by the peer to sign \s-1TLS\s0 messages. Currently the signature type +is the \s-1NID\s0 of the public key type used for signing except for \s-1PSS\s0 signing +where it is \fB\s-1EVP_PKEY_RSA_PSS\s0\fR. To differentiate between +\&\fBrsa_pss_rsae_*\fR and \fBrsa_pss_pss_*\fR signatures, it's necessary to check +the type of public key in the peer's certificate. +.PP +\&\fISSL_get_signature_nid()\fR and \fISSL_get_signature_type_nid()\fR return the equivalent +information for the local end of the connection. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return 1 for success and 0 for failure. There are several +possible reasons for failure: the cipher suite has no signature (e.g. it +uses \s-1RSA\s0 key exchange or is anonymous), the \s-1TLS\s0 version is below 1.2 or +the functions were called too early, e.g. before the peer signed a message. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_get_peer_certificate\fR\|(3), +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_get_peer_tmp_key.3 b/linux_amd64/ssl/share/man/man3/SSL_get_peer_tmp_key.3 new file mode 100755 index 0000000..25ecd05 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_get_peer_tmp_key.3 @@ -0,0 +1,175 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_PEER_TMP_KEY 3" +.TH SSL_GET_PEER_TMP_KEY 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_peer_tmp_key, SSL_get_server_tmp_key, SSL_get_tmp_key \- get information +about temporary keys used during a handshake +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_get_peer_tmp_key(SSL *ssl, EVP_PKEY **key); +\& long SSL_get_server_tmp_key(SSL *ssl, EVP_PKEY **key); +\& long SSL_get_tmp_key(SSL *ssl, EVP_PKEY **key); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_get_peer_tmp_key()\fR returns the temporary key provided by the peer and +used during key exchange. For example, if \s-1ECDHE\s0 is in use, then this represents +the peer's public \s-1ECDHE\s0 key. On success a pointer to the key is stored in +\&\fB*key\fR. It is the caller's responsibility to free this key after use using +\&\fIEVP_PKEY_free\fR\|(3). +.PP +\&\fISSL_get_server_tmp_key()\fR is a backwards compatibility alias for +\&\fISSL_get_peer_tmp_key()\fR. +Under that name it worked just on the client side of the connection, its +behaviour on the server end is release-dependent. +.PP +\&\fISSL_get_tmp_key()\fR returns the equivalent information for the local +end of the connection. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All these functions return 1 on success and 0 otherwise. +.SH "NOTES" +.IX Header "NOTES" +This function is implemented as a macro. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fIEVP_PKEY_free\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_get_psk_identity.3 b/linux_amd64/ssl/share/man/man3/SSL_get_psk_identity.3 new file mode 100755 index 0000000..c2c7cd8 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_get_psk_identity.3 @@ -0,0 +1,167 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_PSK_IDENTITY 3" +.TH SSL_GET_PSK_IDENTITY 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_psk_identity, SSL_get_psk_identity_hint \- get PSK client identity and hint +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const char *SSL_get_psk_identity_hint(const SSL *ssl); +\& const char *SSL_get_psk_identity(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_get_psk_identity_hint()\fR is used to retrieve the \s-1PSK\s0 identity hint +used during the connection setup related to \s-1SSL\s0 object +\&\fBssl\fR. Similarly, \fISSL_get_psk_identity()\fR is used to retrieve the \s-1PSK\s0 +identity used during the connection setup. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +If non\-\fB\s-1NULL\s0\fR, \fISSL_get_psk_identity_hint()\fR returns the \s-1PSK\s0 identity +hint and \fISSL_get_psk_identity()\fR returns the \s-1PSK\s0 identity. Both are +\&\fB\s-1NULL\s0\fR\-terminated. \fISSL_get_psk_identity_hint()\fR may return \fB\s-1NULL\s0\fR if +no \s-1PSK\s0 identity hint was used during the connection setup. +.PP +Note that the return value is valid only during the lifetime of the +\&\s-1SSL\s0 object \fBssl\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_get_rbio.3 b/linux_amd64/ssl/share/man/man3/SSL_get_rbio.3 new file mode 100755 index 0000000..1fefe7a --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_get_rbio.3 @@ -0,0 +1,166 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_RBIO 3" +.TH SSL_GET_RBIO 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_rbio, SSL_get_wbio \- get BIO linked to an SSL object +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& BIO *SSL_get_rbio(SSL *ssl); +\& BIO *SSL_get_wbio(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_get_rbio()\fR and \fISSL_get_wbio()\fR return pointers to the BIOs for the +read or the write channel, which can be different. The reference count +of the \s-1BIO\s0 is not incremented. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "\s-1NULL\s0" 4 +.IX Item "NULL" +No \s-1BIO\s0 was connected to the \s-1SSL\s0 object +.IP "Any other pointer" 4 +.IX Item "Any other pointer" +The \s-1BIO\s0 linked to \fBssl\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fISSL_set_bio\fR\|(3), \fIssl\fR\|(7) , \fIbio\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_get_session.3 b/linux_amd64/ssl/share/man/man3/SSL_get_session.3 new file mode 100755 index 0000000..62b8537 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_get_session.3 @@ -0,0 +1,226 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_SESSION 3" +.TH SSL_GET_SESSION 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_session, SSL_get0_session, SSL_get1_session \- retrieve TLS/SSL session data +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& SSL_SESSION *SSL_get_session(const SSL *ssl); +\& SSL_SESSION *SSL_get0_session(const SSL *ssl); +\& SSL_SESSION *SSL_get1_session(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_get_session()\fR returns a pointer to the \fB\s-1SSL_SESSION\s0\fR actually used in +\&\fBssl\fR. The reference count of the \fB\s-1SSL_SESSION\s0\fR is not incremented, so +that the pointer can become invalid by other operations. +.PP +\&\fISSL_get0_session()\fR is the same as \fISSL_get_session()\fR. +.PP +\&\fISSL_get1_session()\fR is the same as \fISSL_get_session()\fR, but the reference +count of the \fB\s-1SSL_SESSION\s0\fR is incremented by one. +.SH "NOTES" +.IX Header "NOTES" +The ssl session contains all information required to re-establish the +connection without a full handshake for \s-1SSL\s0 versions up to and including +TLSv1.2. In TLSv1.3 the same is true, but sessions are established after the +main handshake has occurred. The server will send the session information to the +client at a time of its choosing, which may be some while after the initial +connection is established (or never). Calling these functions on the client side +in TLSv1.3 before the session has been established will still return an +\&\s-1SSL_SESSION\s0 object but that object cannot be used for resuming the session. See +\&\fISSL_SESSION_is_resumable\fR\|(3) for information on how to determine whether an +\&\s-1SSL_SESSION\s0 object can be used for resumption or not. +.PP +Additionally, in TLSv1.3, a server can send multiple messages that establish a +session for a single connection. In that case the above functions will only +return information on the last session that was received. +.PP +The preferred way for applications to obtain a resumable \s-1SSL_SESSION\s0 object is +to use a new session callback as described in \fISSL_CTX_sess_set_new_cb\fR\|(3). +The new session callback is only invoked when a session is actually established, +so this avoids the problem described above where an application obtains an +\&\s-1SSL_SESSION\s0 object that cannot be used for resumption in TLSv1.3. It also +enables applications to obtain information about all sessions sent by the +server. +.PP +A session will be automatically removed from the session cache and marked as +non-resumable if the connection is not closed down cleanly, e.g. if a fatal +error occurs on the connection or \fISSL_shutdown\fR\|(3) is not called prior to +\&\fISSL_free\fR\|(3). +.PP +In TLSv1.3 it is recommended that each \s-1SSL_SESSION\s0 object is only used for +resumption once. +.PP +\&\fISSL_get0_session()\fR returns a pointer to the actual session. As the +reference counter is not incremented, the pointer is only valid while +the connection is in use. If \fISSL_clear\fR\|(3) or +\&\fISSL_free\fR\|(3) is called, the session may be removed completely +(if considered bad), and the pointer obtained will become invalid. Even +if the session is valid, it can be removed at any time due to timeout +during \fISSL_CTX_flush_sessions\fR\|(3). +.PP +If the data is to be kept, \fISSL_get1_session()\fR will increment the reference +count, so that the session will not be implicitly removed by other operations +but stays in memory. In order to remove the session +\&\fISSL_SESSION_free\fR\|(3) must be explicitly called once +to decrement the reference count again. +.PP +\&\s-1SSL_SESSION\s0 objects keep internal link information about the session cache +list, when being inserted into one \s-1SSL_CTX\s0 object's session cache. +One \s-1SSL_SESSION\s0 object, regardless of its reference count, must therefore +only be used with one \s-1SSL_CTX\s0 object (and the \s-1SSL\s0 objects created +from this \s-1SSL_CTX\s0 object). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "\s-1NULL\s0" 4 +.IX Item "NULL" +There is no session available in \fBssl\fR. +.IP "Pointer to an \s-1SSL_SESSION\s0" 4 +.IX Item "Pointer to an SSL_SESSION" +The return value points to the data of an \s-1SSL\s0 session. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_free\fR\|(3), +\&\fISSL_clear\fR\|(3), +\&\fISSL_SESSION_free\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_get_shared_sigalgs.3 b/linux_amd64/ssl/share/man/man3/SSL_get_shared_sigalgs.3 new file mode 100755 index 0000000..9f98abe --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_get_shared_sigalgs.3 @@ -0,0 +1,210 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_SHARED_SIGALGS 3" +.TH SSL_GET_SHARED_SIGALGS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_shared_sigalgs, SSL_get_sigalgs \- get supported signature algorithms +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_get_shared_sigalgs(SSL *s, int idx, +\& int *psign, int *phash, int *psignhash, +\& unsigned char *rsig, unsigned char *rhash); +\& +\& int SSL_get_sigalgs(SSL *s, int idx, +\& int *psign, int *phash, int *psignhash, +\& unsigned char *rsig, unsigned char *rhash); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_get_shared_sigalgs()\fR returns information about the shared signature +algorithms supported by peer \fBs\fR. The parameter \fBidx\fR indicates the index +of the shared signature algorithm to return starting from zero. The signature +algorithm \s-1NID\s0 is written to \fB*psign\fR, the hash \s-1NID\s0 to \fB*phash\fR and the +sign and hash \s-1NID\s0 to \fB*psignhash\fR. The raw signature and hash values +are written to \fB*rsig\fR and \fB*rhash\fR. +.PP +\&\fISSL_get_sigalgs()\fR is similar to \fISSL_get_shared_sigalgs()\fR except it returns +information about all signature algorithms supported by \fBs\fR in the order +they were sent by the peer. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_get_shared_sigalgs()\fR and \fISSL_get_sigalgs()\fR return the number of +signature algorithms or \fB0\fR if the \fBidx\fR parameter is out of range. +.SH "NOTES" +.IX Header "NOTES" +These functions are typically called for debugging purposes (to report +the peer's preferences) or where an application wants finer control over +certificate selection. Most applications will rely on internal handling +and will not need to call them. +.PP +If an application is only interested in the highest preference shared +signature algorithm it can just set \fBidx\fR to zero. +.PP +Any or all of the parameters \fBpsign\fR, \fBphash\fR, \fBpsignhash\fR, \fBrsig\fR or +\&\fBrhash\fR can be set to \fB\s-1NULL\s0\fR if the value is not required. By setting +them all to \fB\s-1NULL\s0\fR and setting \fBidx\fR to zero the total number of +signature algorithms can be determined: which can be zero. +.PP +These functions must be called after the peer has sent a list of supported +signature algorithms: after a client hello (for servers) or a certificate +request (for clients). They can (for example) be called in the certificate +callback. +.PP +Only \s-1TLS\s0 1.2, \s-1TLS\s0 1.3 and \s-1DTLS\s0 1.2 currently support signature algorithms. +If these +functions are called on an earlier version of \s-1TLS\s0 or \s-1DTLS\s0 zero is returned. +.PP +The shared signature algorithms returned by \fISSL_get_shared_sigalgs()\fR are +ordered according to configuration and peer preferences. +.PP +The raw values correspond to the on the wire form as defined by \s-1RFC5246\s0 et al. +The NIDs are OpenSSL equivalents. For example if the peer sent \fIsha256\fR\|(4) and +\&\fIrsa\fR\|(1) then \fB*rhash\fR would be 4, \fB*rsign\fR 1, \fB*phash\fR NID_sha256, \fB*psig\fR +NID_rsaEncryption and \fB*psighash\fR NID_sha256WithRSAEncryption. +.PP +If a signature algorithm is not recognised the corresponding NIDs +will be set to \fBNID_undef\fR. This may be because the value is not supported, +is not an appropriate combination (for example \s-1MD5\s0 and \s-1DSA\s0) or the +signature algorithm does not use a hash (for example Ed25519). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fISSL_CTX_set_cert_cb\fR\|(3), +\&\fIssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_get_verify_result.3 b/linux_amd64/ssl/share/man/man3/SSL_get_verify_result.3 new file mode 100755 index 0000000..0218497 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_get_verify_result.3 @@ -0,0 +1,181 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_VERIFY_RESULT 3" +.TH SSL_GET_VERIFY_RESULT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_verify_result \- get result of peer certificate verification +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_get_verify_result(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_get_verify_result()\fR returns the result of the verification of the +X509 certificate presented by the peer, if any. +.SH "NOTES" +.IX Header "NOTES" +\&\fISSL_get_verify_result()\fR can only return one error code while the verification +of a certificate can fail because of many reasons at the same time. Only +the last verification error that occurred during the processing is available +from \fISSL_get_verify_result()\fR. +.PP +The verification result is part of the established session and is restored +when a session is reused. +.SH "BUGS" +.IX Header "BUGS" +If no peer certificate was presented, the returned result code is +X509_V_OK. This is because no verification error occurred, it does however +not indicate success. \fISSL_get_verify_result()\fR is only useful in connection +with \fISSL_get_peer_certificate\fR\|(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can currently occur: +.IP "X509_V_OK" 4 +.IX Item "X509_V_OK" +The verification succeeded or no peer certificate was presented. +.IP "Any other value" 4 +.IX Item "Any other value" +Documented in \fIopenssl\-verify\fR\|(1). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_set_verify_result\fR\|(3), +\&\fISSL_get_peer_certificate\fR\|(3), +\&\fIopenssl\-verify\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_get_version.3 b/linux_amd64/ssl/share/man/man3/SSL_get_version.3 new file mode 100755 index 0000000..82efebd --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_get_version.3 @@ -0,0 +1,213 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_VERSION 3" +.TH SSL_GET_VERSION 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_client_version, SSL_get_version, SSL_is_dtls, SSL_version \- get the +protocol information of a connection +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_client_version(const SSL *s); +\& +\& const char *SSL_get_version(const SSL *ssl); +\& +\& int SSL_is_dtls(const SSL *ssl); +\& +\& int SSL_version(const SSL *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_client_version()\fR returns the numeric protocol version advertised by the +client in the legacy_version field of the ClientHello when initiating the +connection. Note that, for \s-1TLS\s0, this value will never indicate a version greater +than TLSv1.2 even if TLSv1.3 is subsequently negotiated. \fISSL_get_version()\fR +returns the name of the protocol used for the connection. \fISSL_version()\fR returns +the numeric protocol version used for the connection. They should only be called +after the initial handshake has been completed. Prior to that the results +returned from these functions may be unreliable. +.PP +\&\fISSL_is_dtls()\fR returns one if the connection is using \s-1DTLS\s0, zero if not. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_get_version()\fR returns one of the following strings: +.IP "SSLv3" 4 +.IX Item "SSLv3" +The connection uses the SSLv3 protocol. +.IP "TLSv1" 4 +.IX Item "TLSv1" +The connection uses the TLSv1.0 protocol. +.IP "TLSv1.1" 4 +.IX Item "TLSv1.1" +The connection uses the TLSv1.1 protocol. +.IP "TLSv1.2" 4 +.IX Item "TLSv1.2" +The connection uses the TLSv1.2 protocol. +.IP "TLSv1.3" 4 +.IX Item "TLSv1.3" +The connection uses the TLSv1.3 protocol. +.IP "unknown" 4 +.IX Item "unknown" +This indicates an unknown protocol version. +.PP +\&\fISSL_version()\fR and \fISSL_client_version()\fR return an integer which could include any +of the following: +.IP "\s-1SSL3_VERSION\s0" 4 +.IX Item "SSL3_VERSION" +The connection uses the SSLv3 protocol. +.IP "\s-1TLS1_VERSION\s0" 4 +.IX Item "TLS1_VERSION" +The connection uses the TLSv1.0 protocol. +.IP "\s-1TLS1_1_VERSION\s0" 4 +.IX Item "TLS1_1_VERSION" +The connection uses the TLSv1.1 protocol. +.IP "\s-1TLS1_2_VERSION\s0" 4 +.IX Item "TLS1_2_VERSION" +The connection uses the TLSv1.2 protocol. +.IP "\s-1TLS1_3_VERSION\s0" 4 +.IX Item "TLS1_3_VERSION" +The connection uses the TLSv1.3 protocol (never returned for +\&\fISSL_client_version()\fR). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \fISSL_is_dtls()\fR function was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_in_init.3 b/linux_amd64/ssl/share/man/man3/SSL_in_init.3 new file mode 100755 index 0000000..d0ca0bf --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_in_init.3 @@ -0,0 +1,224 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_IN_INIT 3" +.TH SSL_IN_INIT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_in_before, +SSL_in_init, +SSL_is_init_finished, +SSL_in_connect_init, +SSL_in_accept_init, +SSL_get_state +\&\- retrieve information about the handshake state machine +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_in_init(const SSL *s); +\& int SSL_in_before(const SSL *s); +\& int SSL_is_init_finished(const SSL *s); +\& +\& int SSL_in_connect_init(SSL *s); +\& int SSL_in_accept_init(SSL *s); +\& +\& OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_in_init()\fR returns 1 if the \s-1SSL/TLS\s0 state machine is currently processing or +awaiting handshake messages, or 0 otherwise. +.PP +\&\fISSL_in_before()\fR returns 1 if no \s-1SSL/TLS\s0 handshake has yet been initiated, or 0 +otherwise. +.PP +\&\fISSL_is_init_finished()\fR returns 1 if the \s-1SSL/TLS\s0 connection is in a state where +fully protected application data can be transferred or 0 otherwise. +.PP +Note that in some circumstances (such as when early data is being transferred) +\&\fISSL_in_init()\fR, \fISSL_in_before()\fR and \fISSL_is_init_finished()\fR can all return 0. +.PP +\&\fISSL_in_connect_init()\fR returns 1 if \fBs\fR is acting as a client and \fISSL_in_init()\fR +would return 1, or 0 otherwise. +.PP +\&\fISSL_in_accept_init()\fR returns 1 if \fBs\fR is acting as a server and \fISSL_in_init()\fR +would return 1, or 0 otherwise. +.PP +\&\fISSL_in_connect_init()\fR and \fISSL_in_accept_init()\fR are implemented as macros. +.PP +\&\fISSL_get_state()\fR returns a value indicating the current state of the handshake +state machine. \s-1OSSL_HANDSHAKE_STATE\s0 is an enumerated type where each value +indicates a discrete state machine state. Note that future versions of OpenSSL +may define more states so applications should expect to receive unrecognised +state values. The naming format is made up of a number of elements as follows: +.PP +\&\fBprotocol\fR_ST_\fBrole\fR_\fBmessage\fR +.PP +\&\fBprotocol\fR is one of \s-1TLS\s0 or \s-1DTLS\s0. \s-1DTLS\s0 is used where a state is specific to the +\&\s-1DTLS\s0 protocol. Otherwise \s-1TLS\s0 is used. +.PP +\&\fBrole\fR is one of \s-1CR\s0, \s-1CW\s0, \s-1SR\s0 or \s-1SW\s0 to indicate \*(L"client reading\*(R", +\&\*(L"client writing\*(R", \*(L"server reading\*(R" or \*(L"server writing\*(R" respectively. +.PP +\&\fBmessage\fR is the name of a handshake message that is being or has been sent, or +is being or has been processed. +.PP +Additionally there are some special states that do not conform to the above +format. These are: +.IP "\s-1TLS_ST_BEFORE\s0" 4 +.IX Item "TLS_ST_BEFORE" +No handshake messages have yet been been sent or received. +.IP "\s-1TLS_ST_OK\s0" 4 +.IX Item "TLS_ST_OK" +Handshake message sending/processing has completed. +.IP "\s-1TLS_ST_EARLY_DATA\s0" 4 +.IX Item "TLS_ST_EARLY_DATA" +Early data is being processed +.IP "\s-1TLS_ST_PENDING_EARLY_DATA_END\s0" 4 +.IX Item "TLS_ST_PENDING_EARLY_DATA_END" +Awaiting the end of early data processing +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_in_init()\fR, \fISSL_in_before()\fR, \fISSL_is_init_finished()\fR, \fISSL_in_connect_init()\fR +and \fISSL_in_accept_init()\fR return values as indicated above. +.PP +\&\fISSL_get_state()\fR returns the current handshake state. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fISSL_read_early_data\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_key_update.3 b/linux_amd64/ssl/share/man/man3/SSL_key_update.3 new file mode 100755 index 0000000..ace1565 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_key_update.3 @@ -0,0 +1,232 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_KEY_UPDATE 3" +.TH SSL_KEY_UPDATE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_key_update, +SSL_get_key_update_type, +SSL_renegotiate, +SSL_renegotiate_abbreviated, +SSL_renegotiate_pending +\&\- initiate and obtain information about updating connection keys +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_key_update(SSL *s, int updatetype); +\& int SSL_get_key_update_type(const SSL *s); +\& +\& int SSL_renegotiate(SSL *s); +\& int SSL_renegotiate_abbreviated(SSL *s); +\& int SSL_renegotiate_pending(const SSL *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_key_update()\fR schedules an update of the keys for the current \s-1TLS\s0 connection. +If the \fBupdatetype\fR parameter is set to \fB\s-1SSL_KEY_UPDATE_NOT_REQUESTED\s0\fR then +the sending keys for this connection will be updated and the peer will be +informed of the change. If the \fBupdatetype\fR parameter is set to +\&\fB\s-1SSL_KEY_UPDATE_REQUESTED\s0\fR then the sending keys for this connection will be +updated and the peer will be informed of the change along with a request for the +peer to additionally update its sending keys. It is an error if \fBupdatetype\fR is +set to \fB\s-1SSL_KEY_UPDATE_NONE\s0\fR. +.PP +\&\fISSL_key_update()\fR must only be called after the initial handshake has been +completed and TLSv1.3 has been negotiated. The key update will not take place +until the next time an \s-1IO\s0 operation such as \fISSL_read_ex()\fR or \fISSL_write_ex()\fR +takes place on the connection. Alternatively \fISSL_do_handshake()\fR can be called to +force the update to take place immediately. +.PP +\&\fISSL_get_key_update_type()\fR can be used to determine whether a key update +operation has been scheduled but not yet performed. The type of the pending key +update operation will be returned if there is one, or \s-1SSL_KEY_UPDATE_NONE\s0 +otherwise. +.PP +\&\fISSL_renegotiate()\fR and \fISSL_renegotiate_abbreviated()\fR should only be called for +connections that have negotiated TLSv1.2 or less. Calling them on any other +connection will result in an error. +.PP +When called from the client side, \fISSL_renegotiate()\fR schedules a completely new +handshake over an existing \s-1SSL/TLS\s0 connection. The next time an \s-1IO\s0 operation +such as \fISSL_read_ex()\fR or \fISSL_write_ex()\fR takes place on the connection a check +will be performed to confirm that it is a suitable time to start a +renegotiation. If so, then it will be initiated immediately. OpenSSL will not +attempt to resume any session associated with the connection in the new +handshake. +.PP +When called from the client side, \fISSL_renegotiate_abbreviated()\fR works in the +same was as \fISSL_renegotiate()\fR except that OpenSSL will attempt to resume the +session associated with the current connection in the new handshake. +.PP +When called from the server side, \fISSL_renegotiate()\fR and +\&\fISSL_renegotiate_abbreviated()\fR behave identically. They both schedule a request +for a new handshake to be sent to the client. The next time an \s-1IO\s0 operation is +performed then the same checks as on the client side are performed and then, if +appropriate, the request is sent. The client may or may not respond with a new +handshake and it may or may not attempt to resume an existing session. If +a new handshake is started then this will be handled transparently by calling +any OpenSSL \s-1IO\s0 function. +.PP +If an OpenSSL client receives a renegotiation request from a server then again +this will be handled transparently through calling any OpenSSL \s-1IO\s0 function. For +a \s-1TLS\s0 connection the client will attempt to resume the current session in the +new handshake. For historical reasons, \s-1DTLS\s0 clients will not attempt to resume +the session in the new handshake. +.PP +The \fISSL_renegotiate_pending()\fR function returns 1 if a renegotiation or +renegotiation request has been scheduled but not yet acted on, or 0 otherwise. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_key_update()\fR, \fISSL_renegotiate()\fR and \fISSL_renegotiate_abbreviated()\fR return 1 +on success or 0 on error. +.PP +\&\fISSL_get_key_update_type()\fR returns the update type of the pending key update +operation or \s-1SSL_KEY_UPDATE_NONE\s0 if there is none. +.PP +\&\fISSL_renegotiate_pending()\fR returns 1 if a renegotiation or renegotiation request +has been scheduled but not yet acted on, or 0 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_read_ex\fR\|(3), +\&\fISSL_write_ex\fR\|(3), +\&\fISSL_do_handshake\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fISSL_key_update()\fR and \fISSL_get_key_update_type()\fR functions were added in +OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_library_init.3 b/linux_amd64/ssl/share/man/man3/SSL_library_init.3 new file mode 100755 index 0000000..0be8722 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_library_init.3 @@ -0,0 +1,177 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_LIBRARY_INIT 3" +.TH SSL_LIBRARY_INIT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_library_init, OpenSSL_add_ssl_algorithms +\&\- initialize SSL library by registering algorithms +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_library_init(void); +\& +\& int OpenSSL_add_ssl_algorithms(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_library_init()\fR registers the available \s-1SSL/TLS\s0 ciphers and digests. +.PP +\&\fIOpenSSL_add_ssl_algorithms()\fR is a synonym for \fISSL_library_init()\fR and is +implemented as a macro. +.SH "NOTES" +.IX Header "NOTES" +\&\fISSL_library_init()\fR must be called before any other action takes place. +\&\fISSL_library_init()\fR is not reentrant. +.SH "WARNINGS" +.IX Header "WARNINGS" +\&\fISSL_library_init()\fR adds ciphers and digests used directly and indirectly by +\&\s-1SSL/TLS\s0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_library_init()\fR always returns \*(L"1\*(R", so it is safe to discard the return +value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fIRAND_add\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fISSL_library_init()\fR and \fIOpenSSL_add_ssl_algorithms()\fR functions were +deprecated in OpenSSL 1.1.0 by \fIOPENSSL_init_ssl()\fR. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_load_client_CA_file.3 b/linux_amd64/ssl/share/man/man3/SSL_load_client_CA_file.3 new file mode 100755 index 0000000..05b8dbc --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_load_client_CA_file.3 @@ -0,0 +1,214 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_LOAD_CLIENT_CA_FILE 3" +.TH SSL_LOAD_CLIENT_CA_FILE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_load_client_CA_file, +SSL_add_file_cert_subjects_to_stack, +SSL_add_dir_cert_subjects_to_stack, +SSL_add_store_cert_subjects_to_stack +\&\- load certificate names +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); +\& +\& int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, +\& const char *file) +\& int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, +\& const char *dir) +\& int SSL_add_store_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, +\& const char *store) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_load_client_CA_file()\fR reads certificates from \fIfile\fR and returns +a \s-1STACK_OF\s0(X509_NAME) with the subject names found. +.PP +\&\fISSL_add_file_cert_subjects_to_stack()\fR reads certificates from \fIfile\fR, +and adds their subject name to the already existing \fIstack\fR. +.PP +\&\fISSL_add_dir_cert_subjects_to_stack()\fR reads certificates from every +file in the directory \fIdir\fR, and adds their subject name to the +already existing \fIstack\fR. +.PP +\&\fISSL_add_store_cert_subjects_to_stack()\fR loads certificates from the +\&\fIstore\fR \s-1URI\s0, and adds their subject name to the already existing +\&\fIstack\fR. +.SH "NOTES" +.IX Header "NOTES" +\&\fISSL_load_client_CA_file()\fR reads a file of \s-1PEM\s0 formatted certificates and +extracts the X509_NAMES of the certificates found. While the name suggests +the specific usage as support function for +\&\fISSL_CTX_set_client_CA_list\fR\|(3), +it is not limited to \s-1CA\s0 certificates. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "\s-1NULL\s0" 4 +.IX Item "NULL" +The operation failed, check out the error stack for the reason. +.IP "Pointer to \s-1STACK_OF\s0(X509_NAME)" 4 +.IX Item "Pointer to STACK_OF(X509_NAME)" +Pointer to the subject names of the successfully read certificates. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Load names of CAs from file and use it as a client \s-1CA\s0 list: +.PP +.Vb 2 +\& SSL_CTX *ctx; +\& STACK_OF(X509_NAME) *cert_names; +\& +\& ... +\& cert_names = SSL_load_client_CA_file("/path/to/CAfile.pem"); +\& if (cert_names != NULL) +\& SSL_CTX_set_client_CA_list(ctx, cert_names); +\& else +\& /* error */ +\& ... +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fIossl_store\fR\|(7), +\&\fISSL_CTX_set_client_CA_list\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fISSL_add_store_cert_subjects_to_stack()\fR was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_new.3 b/linux_amd64/ssl/share/man/man3/SSL_new.3 new file mode 100755 index 0000000..6d2d9c6 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_new.3 @@ -0,0 +1,200 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_NEW 3" +.TH SSL_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_dup, SSL_new, SSL_up_ref \- create an SSL structure for a connection +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& SSL *SSL_dup(SSL *s); +\& SSL *SSL_new(SSL_CTX *ctx); +\& int SSL_up_ref(SSL *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_new()\fR creates a new \fB\s-1SSL\s0\fR structure which is needed to hold the +data for a \s-1TLS/SSL\s0 connection. The new structure inherits the settings +of the underlying context \fBctx\fR: connection method, +options, verification settings, timeout settings. An \fB\s-1SSL\s0\fR structure is +reference counted. Creating an \fB\s-1SSL\s0\fR structure for the first time increments +the reference count. Freeing it (using SSL_free) decrements it. When the +reference count drops to zero, any memory or resources allocated to the \fB\s-1SSL\s0\fR +structure are freed. +.PP +\&\fISSL_up_ref()\fR increments the reference count for an +existing \fB\s-1SSL\s0\fR structure. +.PP +\&\fISSL_dup()\fR duplicates an existing \fB\s-1SSL\s0\fR structure into a new allocated one +or just increments the reference count if the connection is active. All +settings are inherited from the original \fB\s-1SSL\s0\fR structure. Dynamic data (i.e. +existing connection details) are not copied, the new \fB\s-1SSL\s0\fR is set into an +initial accept (server) or connect (client) state. +.PP +\&\fISSL_dup()\fR allows applications to configure an \s-1SSL\s0 handle for use in multiple +\&\s-1SSL\s0 connections, and then duplicate it prior to initiating each connection +with the duplicated handle. Use of \fISSL_dup()\fR avoids the need to repeat +the configuration of the handles for each connection. +.PP +For \fISSL_dup()\fR to work, the connection \s-1MUST\s0 be in its initial state and +\&\s-1MUST\s0 \s-1NOT\s0 have not yet have started the \s-1SSL\s0 handshake. For connections +that are not in their initial state \fISSL_dup()\fR just increments an internal +reference count and returns the \fIsame\fR handle. It may be possible to +use \fISSL_clear\fR\|(3) to recycle an \s-1SSL\s0 handle that is not in its initial +state for re-use, but this is best avoided. Instead, save and restore +the session, if desired, and construct a fresh handle for each connection. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "\s-1NULL\s0" 4 +.IX Item "NULL" +The creation of a new \s-1SSL\s0 structure failed. Check the error stack to +find out the reason. +.IP "Pointer to an \s-1SSL\s0 structure" 4 +.IX Item "Pointer to an SSL structure" +The return value points to an allocated \s-1SSL\s0 structure. +.Sp +\&\fISSL_up_ref()\fR returns 1 for success and 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fISSL_free\fR\|(3), \fISSL_clear\fR\|(3), +\&\fISSL_CTX_set_options\fR\|(3), +\&\fISSL_get_SSL_CTX\fR\|(3), +\&\fIssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_pending.3 b/linux_amd64/ssl/share/man/man3/SSL_pending.3 new file mode 100755 index 0000000..39c7362 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_pending.3 @@ -0,0 +1,191 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_PENDING 3" +.TH SSL_PENDING 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_pending, SSL_has_pending \- check for readable bytes buffered in an +SSL object +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_pending(const SSL *ssl); +\& int SSL_has_pending(const SSL *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Data is received in whole blocks known as records from the peer. A whole record +is processed (e.g. decrypted) in one go and is buffered by OpenSSL until it is +read by the application via a call to \fISSL_read_ex\fR\|(3) or \fISSL_read\fR\|(3). +.PP +\&\fISSL_pending()\fR returns the number of bytes which have been processed, buffered +and are available inside \fBssl\fR for immediate read. +.PP +If the \fB\s-1SSL\s0\fR object's \fIread_ahead\fR flag is set (see +\&\fISSL_CTX_set_read_ahead\fR\|(3)), additional protocol bytes (beyond the current +record) may have been read containing more \s-1TLS/SSL\s0 records. This also applies to +\&\s-1DTLS\s0 and pipelining (see \fISSL_CTX_set_split_send_fragment\fR\|(3)). These +additional bytes will be buffered by OpenSSL but will remain unprocessed until +they are needed. As these bytes are still in an unprocessed state \fISSL_pending()\fR +will ignore them. Therefore it is possible for no more bytes to be readable from +the underlying \s-1BIO\s0 (because OpenSSL has already read them) and for \fISSL_pending()\fR +to return 0, even though readable application data bytes are available (because +the data is in unprocessed buffered records). +.PP +\&\fISSL_has_pending()\fR returns 1 if \fBs\fR has buffered data (whether processed or +unprocessed) and 0 otherwise. Note that it is possible for \fISSL_has_pending()\fR to +return 1, and then a subsequent call to \fISSL_read_ex()\fR or \fISSL_read()\fR to return no +data because the unprocessed buffered data when processed yielded no application +data (for example this can happen during renegotiation). It is also possible in +this scenario for \fISSL_has_pending()\fR to continue to return 1 even after an +\&\fISSL_read_ex()\fR or \fISSL_read()\fR call because the buffered and unprocessed data is +not yet processable (e.g. because OpenSSL has only received a partial record so +far). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_pending()\fR returns the number of buffered and processed application data +bytes that are pending and are available for immediate read. \fISSL_has_pending()\fR +returns 1 if there is buffered record data in the \s-1SSL\s0 object and 0 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fISSL_read_ex\fR\|(3), \fISSL_read\fR\|(3), \fISSL_CTX_set_read_ahead\fR\|(3), +\&\fISSL_CTX_set_split_send_fragment\fR\|(3), \fIssl\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \fISSL_has_pending()\fR function was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_read.3 b/linux_amd64/ssl/share/man/man3/SSL_read.3 new file mode 100755 index 0000000..a4b0e79 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_read.3 @@ -0,0 +1,267 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_READ 3" +.TH SSL_READ 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_read_ex, SSL_read, SSL_peek_ex, SSL_peek +\&\- read bytes from a TLS/SSL connection +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_read_ex(SSL *ssl, void *buf, size_t num, size_t *readbytes); +\& int SSL_read(SSL *ssl, void *buf, int num); +\& +\& int SSL_peek_ex(SSL *ssl, void *buf, size_t num, size_t *readbytes); +\& int SSL_peek(SSL *ssl, void *buf, int num); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_read_ex()\fR and \fISSL_read()\fR try to read \fBnum\fR bytes from the specified \fBssl\fR +into the buffer \fBbuf\fR. On success \fISSL_read_ex()\fR will store the number of bytes +actually read in \fB*readbytes\fR. +.PP +\&\fISSL_peek_ex()\fR and \fISSL_peek()\fR are identical to \fISSL_read_ex()\fR and \fISSL_read()\fR +respectively except no bytes are actually removed from the underlying \s-1BIO\s0 during +the read, so that a subsequent call to \fISSL_read_ex()\fR or \fISSL_read()\fR will yield +at least the same bytes. +.SH "NOTES" +.IX Header "NOTES" +In the paragraphs below a \*(L"read function\*(R" is defined as one of \fISSL_read_ex()\fR, +\&\fISSL_read()\fR, \fISSL_peek_ex()\fR or \fISSL_peek()\fR. +.PP +If necessary, a read function will negotiate a \s-1TLS/SSL\s0 session, if not already +explicitly performed by \fISSL_connect\fR\|(3) or \fISSL_accept\fR\|(3). If the +peer requests a re-negotiation, it will be performed transparently during +the read function operation. The behaviour of the read functions depends on the +underlying \s-1BIO\s0. +.PP +For the transparent negotiation to succeed, the \fBssl\fR must have been +initialized to client or server mode. This is being done by calling +\&\fISSL_set_connect_state\fR\|(3) or \fISSL_set_accept_state()\fR before the first +invocation of a read function. +.PP +The read functions work based on the \s-1SSL/TLS\s0 records. The data are received in +records (with a maximum record size of 16kB). Only when a record has been +completely received, can it be processed (decryption and check of integrity). +Therefore data that was not retrieved at the last read call can still be +buffered inside the \s-1SSL\s0 layer and will be retrieved on the next read +call. If \fBnum\fR is higher than the number of bytes buffered then the read +functions will return with the bytes buffered. If no more bytes are in the +buffer, the read functions will trigger the processing of the next record. +Only when the record has been received and processed completely will the read +functions return reporting success. At most the contents of one record will +be returned. As the size of an \s-1SSL/TLS\s0 record may exceed the maximum packet size +of the underlying transport (e.g. \s-1TCP\s0), it may be necessary to read several +packets from the transport layer before the record is complete and the read call +can succeed. +.PP +If \fB\s-1SSL_MODE_AUTO_RETRY\s0\fR has been switched off and a non-application data +record has been processed, the read function can return and set the error to +\&\fB\s-1SSL_ERROR_WANT_READ\s0\fR. +In this case there might still be unprocessed data available in the \fB\s-1BIO\s0\fR. +If read ahead was set using \fISSL_CTX_set_read_ahead\fR\|(3), there might also still +be unprocessed data available in the \fB\s-1SSL\s0\fR. +This behaviour can be controlled using the \fISSL_CTX_set_mode\fR\|(3) call. +.PP +If the underlying \s-1BIO\s0 is \fBblocking\fR, a read function will only return once the +read operation has been finished or an error occurred, except when a +non-application data record has been processed and \fB\s-1SSL_MODE_AUTO_RETRY\s0\fR is +not set. +Note that if \fB\s-1SSL_MODE_AUTO_RETRY\s0\fR is set and only non-application data is +available the call will hang. +.PP +If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, a read function will also return when +the underlying \s-1BIO\s0 could not satisfy the needs of the function to continue the +operation. +In this case a call to \fISSL_get_error\fR\|(3) with the +return value of the read function will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or +\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. +As at any time it's possible that non-application data needs to be sent, +a read function can also cause write operations. +The calling process then must repeat the call after taking appropriate action +to satisfy the needs of the read function. +The action depends on the underlying \s-1BIO\s0. +When using a non-blocking socket, nothing is to be done, but \fIselect()\fR can be +used to check for the required condition. +When using a buffering \s-1BIO\s0, like a \s-1BIO\s0 pair, data must be written into or +retrieved out of the \s-1BIO\s0 before being able to continue. +.PP +\&\fISSL_pending\fR\|(3) can be used to find out whether there +are buffered bytes available for immediate retrieval. +In this case the read function can be called without blocking or actually +receiving new data from the underlying socket. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_read_ex()\fR and \fISSL_peek_ex()\fR will return 1 for success or 0 for failure. +Success means that 1 or more application data bytes have been read from the \s-1SSL\s0 +connection. +Failure means that no bytes could be read from the \s-1SSL\s0 connection. +Failures can be retryable (e.g. we are waiting for more bytes to +be delivered by the network) or non-retryable (e.g. a fatal network error). +In the event of a failure call \fISSL_get_error\fR\|(3) to find out the reason which +indicates whether the call is retryable or not. +.PP +For \fISSL_read()\fR and \fISSL_peek()\fR the following return values can occur: +.IP "> 0" 4 +.IX Item "> 0" +The read operation was successful. +The return value is the number of bytes actually read from the \s-1TLS/SSL\s0 +connection. +.IP "<= 0" 4 +.IX Item "<= 0" +The read operation was not successful, because either the connection was closed, +an error occurred or action must be taken by the calling process. +Call \fISSL_get_error\fR\|(3) with the return value \fBret\fR to find out the reason. +.Sp +Old documentation indicated a difference between 0 and \-1, and that \-1 was +retryable. +You should instead call \fISSL_get_error()\fR to find out if it's retryable. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fISSL_get_error\fR\|(3), \fISSL_write_ex\fR\|(3), +\&\fISSL_CTX_set_mode\fR\|(3), \fISSL_CTX_new\fR\|(3), +\&\fISSL_connect\fR\|(3), \fISSL_accept\fR\|(3) +\&\fISSL_set_connect_state\fR\|(3), +\&\fISSL_pending\fR\|(3), +\&\fISSL_shutdown\fR\|(3), \fISSL_set_shutdown\fR\|(3), +\&\fIssl\fR\|(7), \fIbio\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \fISSL_read_ex()\fR and \fISSL_peek_ex()\fR functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_read_early_data.3 b/linux_amd64/ssl/share/man/man3/SSL_read_early_data.3 new file mode 100755 index 0000000..b9f3aaa --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_read_early_data.3 @@ -0,0 +1,487 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_READ_EARLY_DATA 3" +.TH SSL_READ_EARLY_DATA 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_set_max_early_data, +SSL_CTX_set_max_early_data, +SSL_get_max_early_data, +SSL_CTX_get_max_early_data, +SSL_set_recv_max_early_data, +SSL_CTX_set_recv_max_early_data, +SSL_get_recv_max_early_data, +SSL_CTX_get_recv_max_early_data, +SSL_SESSION_get_max_early_data, +SSL_SESSION_set_max_early_data, +SSL_write_early_data, +SSL_read_early_data, +SSL_get_early_data_status, +SSL_allow_early_data_cb_fn, +SSL_CTX_set_allow_early_data_cb, +SSL_set_allow_early_data_cb +\&\- functions for sending and receiving early data +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_set_max_early_data(SSL_CTX *ctx, uint32_t max_early_data); +\& uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx); +\& int SSL_set_max_early_data(SSL *s, uint32_t max_early_data); +\& uint32_t SSL_get_max_early_data(const SSL *s); +\& +\& int SSL_CTX_set_recv_max_early_data(SSL_CTX *ctx, uint32_t recv_max_early_data); +\& uint32_t SSL_CTX_get_recv_max_early_data(const SSL_CTX *ctx); +\& int SSL_set_recv_max_early_data(SSL *s, uint32_t recv_max_early_data); +\& uint32_t SSL_get_recv_max_early_data(const SSL *s); +\& +\& uint32_t SSL_SESSION_get_max_early_data(const SSL_SESSION *s); +\& int SSL_SESSION_set_max_early_data(SSL_SESSION *s, uint32_t max_early_data); +\& +\& int SSL_write_early_data(SSL *s, const void *buf, size_t num, size_t *written); +\& +\& int SSL_read_early_data(SSL *s, void *buf, size_t num, size_t *readbytes); +\& +\& int SSL_get_early_data_status(const SSL *s); +\& +\& +\& typedef int (*SSL_allow_early_data_cb_fn)(SSL *s, void *arg); +\& +\& void SSL_CTX_set_allow_early_data_cb(SSL_CTX *ctx, +\& SSL_allow_early_data_cb_fn cb, +\& void *arg); +\& void SSL_set_allow_early_data_cb(SSL *s, +\& SSL_allow_early_data_cb_fn cb, +\& void *arg); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions are used to send and receive early data where TLSv1.3 has been +negotiated. Early data can be sent by the client immediately after its initial +ClientHello without having to wait for the server to complete the handshake. +Early data can only be sent if a session has previously been established with +the server, and the server is known to support it. Additionally these functions +can be used to send data from the server to the client when the client has not +yet completed the authentication stage of the handshake. +.PP +Early data has weaker security properties than other data sent over an \s-1SSL/TLS\s0 +connection. In particular the data does not have forward secrecy. There are also +additional considerations around replay attacks (see \*(L"\s-1REPLAY\s0 \s-1PROTECTION\s0\*(R" +below). For these reasons extreme care should be exercised when using early +data. For specific details, consult the \s-1TLS\s0 1.3 specification. +.PP +When a server receives early data it may opt to immediately respond by sending +application data back to the client. Data sent by the server at this stage is +done before the full handshake has been completed. Specifically the client's +authentication messages have not yet been received, i.e. the client is +unauthenticated at this point and care should be taken when using this +capability. +.PP +A server or client can determine whether the full handshake has been completed +or not by calling \fISSL_is_init_finished\fR\|(3). +.PP +On the client side, the function \fISSL_SESSION_get_max_early_data()\fR can be used to +determine if a session established with a server can be used to send early data. +If the session cannot be used then this function will return 0. Otherwise it +will return the maximum number of early data bytes that can be sent. +.PP +The function \fISSL_SESSION_set_max_early_data()\fR sets the maximum number of early +data bytes that can be sent for a session. This would typically be used when +creating a \s-1PSK\s0 session file (see \fISSL_CTX_set_psk_use_session_callback\fR\|(3)). If +using a ticket based \s-1PSK\s0 then this is set automatically to the value provided by +the server. +.PP +A client uses the function \fISSL_write_early_data()\fR to send early data. This +function is similar to the \fISSL_write_ex\fR\|(3) function, but with the following +differences. See \fISSL_write_ex\fR\|(3) for information on how to write bytes to +the underlying connection, and how to handle any errors that may arise. This +page describes the differences between \fISSL_write_early_data()\fR and +\&\fISSL_write_ex\fR\|(3). +.PP +When called by a client, \fISSL_write_early_data()\fR must be the first \s-1IO\s0 function +called on a new connection, i.e. it must occur before any calls to +\&\fISSL_write_ex\fR\|(3), \fISSL_read_ex\fR\|(3), \fISSL_connect\fR\|(3), \fISSL_do_handshake\fR\|(3) +or other similar functions. It may be called multiple times to stream data to +the server, but the total number of bytes written must not exceed the value +returned from \fISSL_SESSION_get_max_early_data()\fR. Once the initial +\&\fISSL_write_early_data()\fR call has completed successfully the client may interleave +calls to \fISSL_read_ex\fR\|(3) and \fISSL_read\fR\|(3) with calls to +\&\fISSL_write_early_data()\fR as required. +.PP +If \fISSL_write_early_data()\fR fails you should call \fISSL_get_error\fR\|(3) to determine +the correct course of action, as for \fISSL_write_ex\fR\|(3). +.PP +When the client no longer wishes to send any more early data then it should +complete the handshake by calling a function such as \fISSL_connect\fR\|(3) or +\&\fISSL_do_handshake\fR\|(3). Alternatively you can call a standard write function +such as \fISSL_write_ex\fR\|(3), which will transparently complete the connection and +write the requested data. +.PP +A server may choose to ignore early data that has been sent to it. Once the +connection has been completed you can determine whether the server accepted or +rejected the early data by calling \fISSL_get_early_data_status()\fR. This will return +\&\s-1SSL_EARLY_DATA_ACCEPTED\s0 if the data was accepted, \s-1SSL_EARLY_DATA_REJECTED\s0 if it +was rejected or \s-1SSL_EARLY_DATA_NOT_SENT\s0 if no early data was sent. This function +may be called by either the client or the server. +.PP +A server uses the \fISSL_read_early_data()\fR function to receive early data on a +connection for which early data has been enabled using +\&\fISSL_CTX_set_max_early_data()\fR or \fISSL_set_max_early_data()\fR. As for +\&\fISSL_write_early_data()\fR, this must be the first \s-1IO\s0 function +called on a connection, i.e. it must occur before any calls to +\&\fISSL_write_ex\fR\|(3), \fISSL_read_ex\fR\|(3), \fISSL_accept\fR\|(3), \fISSL_do_handshake\fR\|(3), +or other similar functions. +.PP +\&\fISSL_read_early_data()\fR is similar to \fISSL_read_ex\fR\|(3) with the following +differences. Refer to \fISSL_read_ex\fR\|(3) for full details. +.PP +\&\fISSL_read_early_data()\fR may return 3 possible values: +.IP "\s-1SSL_READ_EARLY_DATA_ERROR\s0" 4 +.IX Item "SSL_READ_EARLY_DATA_ERROR" +This indicates an \s-1IO\s0 or some other error occurred. This should be treated in the +same way as a 0 return value from \fISSL_read_ex\fR\|(3). +.IP "\s-1SSL_READ_EARLY_DATA_SUCCESS\s0" 4 +.IX Item "SSL_READ_EARLY_DATA_SUCCESS" +This indicates that early data was successfully read. This should be treated in +the same way as a 1 return value from \fISSL_read_ex\fR\|(3). You should continue to +call \fISSL_read_early_data()\fR to read more data. +.IP "\s-1SSL_READ_EARLY_DATA_FINISH\s0" 4 +.IX Item "SSL_READ_EARLY_DATA_FINISH" +This indicates that no more early data can be read. It may be returned on the +first call to \fISSL_read_early_data()\fR if the client has not sent any early data, +or if the early data was rejected. +.PP +Once the initial \fISSL_read_early_data()\fR call has completed successfully (i.e. it +has returned \s-1SSL_READ_EARLY_DATA_SUCCESS\s0 or \s-1SSL_READ_EARLY_DATA_FINISH\s0) then the +server may choose to write data immediately to the unauthenticated client using +\&\fISSL_write_early_data()\fR. If \fISSL_read_early_data()\fR returned +\&\s-1SSL_READ_EARLY_DATA_FINISH\s0 then in some situations (e.g. if the client only +supports TLSv1.2) the handshake may have already been completed and calls +to \fISSL_write_early_data()\fR are not allowed. Call \fISSL_is_init_finished\fR\|(3) to +determine whether the handshake has completed or not. If the handshake is still +in progress then the server may interleave calls to \fISSL_write_early_data()\fR with +calls to \fISSL_read_early_data()\fR as required. +.PP +Servers must not call \fISSL_read_ex\fR\|(3), \fISSL_read\fR\|(3), \fISSL_write_ex\fR\|(3) or +\&\fISSL_write\fR\|(3) until \fISSL_read_early_data()\fR has returned with +\&\s-1SSL_READ_EARLY_DATA_FINISH\s0. Once it has done so the connection to the client +still needs to be completed. Complete the connection by calling a function such +as \fISSL_accept\fR\|(3) or \fISSL_do_handshake\fR\|(3). Alternatively you can call a +standard read function such as \fISSL_read_ex\fR\|(3), which will transparently +complete the connection and read the requested data. Note that it is an error to +attempt to complete the connection before \fISSL_read_early_data()\fR has returned +\&\s-1SSL_READ_EARLY_DATA_FINISH\s0. +.PP +Only servers may call \fISSL_read_early_data()\fR. +.PP +Calls to \fISSL_read_early_data()\fR may, in certain circumstances, complete the +connection immediately without further need to call a function such as +\&\fISSL_accept\fR\|(3). This can happen if the client is using a protocol version less +than TLSv1.3. Applications can test for this by calling +\&\fISSL_is_init_finished\fR\|(3). Alternatively, applications may choose to call +\&\fISSL_accept\fR\|(3) anyway. Such a call will successfully return immediately with no +further action taken. +.PP +When a session is created between a server and a client the server will specify +the maximum amount of any early data that it will accept on any future +connection attempt. By default the server does not accept early data; a +server may indicate support for early data by calling +\&\fISSL_CTX_set_max_early_data()\fR or +\&\fISSL_set_max_early_data()\fR to set it for the whole \s-1SSL_CTX\s0 or an individual \s-1SSL\s0 +object respectively. The \fBmax_early_data\fR parameter specifies the maximum +amount of early data in bytes that is permitted to be sent on a single +connection. Similarly the \fISSL_CTX_get_max_early_data()\fR and +\&\fISSL_get_max_early_data()\fR functions can be used to obtain the current maximum +early data settings for the \s-1SSL_CTX\s0 and \s-1SSL\s0 objects respectively. Generally a +server application will either use both of \fISSL_read_early_data()\fR and +\&\fISSL_CTX_set_max_early_data()\fR (or \fISSL_set_max_early_data()\fR), or neither of them, +since there is no practical benefit from using only one of them. If the maximum +early data setting for a server is nonzero then replay protection is +automatically enabled (see \*(L"\s-1REPLAY\s0 \s-1PROTECTION\s0\*(R" below). +.PP +If the server rejects the early data sent by a client then it will skip over +the data that is sent. The maximum amount of received early data that is skipped +is controlled by the recv_max_early_data setting. If a client sends more than +this then the connection will abort. This value can be set by calling +\&\fISSL_CTX_set_recv_max_early_data()\fR or \fISSL_set_recv_max_early_data()\fR. The current +value for this setting can be obtained by calling +\&\fISSL_CTX_get_recv_max_early_data()\fR or \fISSL_get_recv_max_early_data()\fR. The default +value for this setting is 16,384 bytes. +.PP +The recv_max_early_data value also has an impact on early data that is accepted. +The amount of data that is accepted will always be the lower of the +max_early_data for the session and the recv_max_early_data setting for the +server. If a client sends more data than this then the connection will abort. +.PP +The configured value for max_early_data on a server may change over time as +required. However clients may have tickets containing the previously configured +max_early_data value. The recv_max_early_data should always be equal to or +higher than any recently configured max_early_data value in order to avoid +aborted connections. The recv_max_early_data should never be set to less than +the current configured max_early_data value. +.PP +Some server applications may wish to have more control over whether early data +is accepted or not, for example to mitigate replay risks (see \*(L"\s-1REPLAY\s0 \s-1PROTECTION\s0\*(R" +below) or to decline early_data when the server is heavily loaded. The functions +\&\fISSL_CTX_set_allow_early_data_cb()\fR and \fISSL_set_allow_early_data_cb()\fR set a +callback which is called at a point in the handshake immediately before a +decision is made to accept or reject early data. The callback is provided with a +pointer to the user data argument that was provided when the callback was first +set. Returning 1 from the callback will allow early data and returning 0 will +reject it. Note that the OpenSSL library may reject early data for other reasons +in which case this callback will not get called. Notably, the built-in replay +protection feature will still be used even if a callback is present unless it +has been explicitly disabled using the \s-1SSL_OP_NO_ANTI_REPLAY\s0 option. See +\&\*(L"\s-1REPLAY\s0 \s-1PROTECTION\s0\*(R" below. +.SH "NOTES" +.IX Header "NOTES" +The whole purpose of early data is to enable a client to start sending data to +the server before a full round trip of network traffic has occurred. Application +developers should ensure they consider optimisation of the underlying \s-1TCP\s0 socket +to obtain a performant solution. For example Nagle's algorithm is commonly used +by operating systems in an attempt to avoid lots of small \s-1TCP\s0 packets. In many +scenarios this is beneficial for performance, but it does not work well with the +early data solution as implemented in OpenSSL. In Nagle's algorithm the \s-1OS\s0 will +buffer outgoing \s-1TCP\s0 data if a \s-1TCP\s0 packet has already been sent which we have not +yet received an \s-1ACK\s0 for from the peer. The buffered data will only be +transmitted if enough data to fill an entire \s-1TCP\s0 packet is accumulated, or if +the \s-1ACK\s0 is received from the peer. The initial ClientHello will be sent in the +first \s-1TCP\s0 packet along with any data from the first call to +\&\fISSL_write_early_data()\fR. If the amount of data written will exceed the size of a +single \s-1TCP\s0 packet, or if there are more calls to \fISSL_write_early_data()\fR then +that additional data will be sent in subsequent \s-1TCP\s0 packets which will be +buffered by the \s-1OS\s0 and not sent until an \s-1ACK\s0 is received for the first packet +containing the ClientHello. This means the early data is not actually +sent until a complete round trip with the server has occurred which defeats the +objective of early data. +.PP +In many operating systems the \s-1TCP_NODELAY\s0 socket option is available to disable +Nagle's algorithm. If an application opts to disable Nagle's algorithm +consideration should be given to turning it back on again after the handshake is +complete if appropriate. +.PP +In rare circumstances, it may be possible for a client to have a session that +reports a max early data value greater than 0, but where the server does not +support this. For example, this can occur if a server has had its configuration +changed to accept a lower max early data value such as by calling +\&\fISSL_CTX_set_recv_max_early_data()\fR. Another example is if a server used to +support TLSv1.3 but was later downgraded to TLSv1.2. Sending early data to such +a server will cause the connection to abort. Clients that encounter an aborted +connection while sending early data may want to retry the connection without +sending early data as this does not happen automatically. A client will have to +establish a new transport layer connection to the server and attempt the \s-1SSL/TLS\s0 +connection again but without sending early data. Note that it is inadvisable to +retry with a lower maximum protocol version. +.SH "REPLAY PROTECTION" +.IX Header "REPLAY PROTECTION" +When early data is in use the \s-1TLS\s0 protocol provides no security guarantees that +the same early data was not replayed across multiple connections. As a +mitigation for this issue OpenSSL automatically enables replay protection if the +server is configured with a nonzero max early data value. With replay +protection enabled sessions are forced to be single use only. If a client +attempts to reuse a session ticket more than once, then the second and +subsequent attempts will fall back to a full handshake (and any early data that +was submitted will be ignored). Note that single use tickets are enforced even +if a client does not send any early data. +.PP +The replay protection mechanism relies on the internal OpenSSL server session +cache (see \fISSL_CTX_set_session_cache_mode\fR\|(3)). When replay protection is +being used the server will operate as if the \s-1SSL_OP_NO_TICKET\s0 option had been +selected (see \fISSL_CTX_set_options\fR\|(3)). Sessions will be added to the cache +whenever a session ticket is issued. When a client attempts to resume the +session, OpenSSL will check for its presence in the internal cache. If it exists +then the resumption is allowed and the session is removed from the cache. If it +does not exist then the resumption is not allowed and a full handshake will +occur. +.PP +Note that some applications may maintain an external cache of sessions (see +\&\fISSL_CTX_sess_set_new_cb\fR\|(3) and similar functions). It is the application's +responsibility to ensure that any sessions in the external cache are also +populated in the internal cache and that once removed from the internal cache +they are similarly removed from the external cache. Failing to do this could +result in an application becoming vulnerable to replay attacks. Note that +OpenSSL will lock the internal cache while a session is removed but that lock is +not held when the remove session callback (see \fISSL_CTX_sess_set_remove_cb\fR\|(3)) +is called. This could result in a small amount of time where the session has +been removed from the internal cache but is still available in the external +cache. Applications should be designed with this in mind in order to minimise +the possibility of replay attacks. +.PP +The OpenSSL replay protection does not apply to external Pre Shared Keys (PSKs) +(e.g. see \fISSL_CTX_set_psk_find_session_callback\fR\|(3)). Therefore extreme caution +should be applied when combining external PSKs with early data. +.PP +Some applications may mitigate the replay risks in other ways. For those +applications it is possible to turn off the built-in replay protection feature +using the \fB\s-1SSL_OP_NO_ANTI_REPLAY\s0\fR option. See \fISSL_CTX_set_options\fR\|(3) for +details. Applications can also set a callback to make decisions about accepting +early data or not. See \fISSL_CTX_set_allow_early_data_cb()\fR above for details. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_write_early_data()\fR returns 1 for success or 0 for failure. In the event of a +failure call \fISSL_get_error\fR\|(3) to determine the correct course of action. +.PP +\&\fISSL_read_early_data()\fR returns \s-1SSL_READ_EARLY_DATA_ERROR\s0 for failure, +\&\s-1SSL_READ_EARLY_DATA_SUCCESS\s0 for success with more data to read and +\&\s-1SSL_READ_EARLY_DATA_FINISH\s0 for success with no more to data be read. In the +event of a failure call \fISSL_get_error\fR\|(3) to determine the correct course of +action. +.PP +\&\fISSL_get_max_early_data()\fR, \fISSL_CTX_get_max_early_data()\fR and +\&\fISSL_SESSION_get_max_early_data()\fR return the maximum number of early data bytes +that may be sent. +.PP +\&\fISSL_set_max_early_data()\fR, \fISSL_CTX_set_max_early_data()\fR and +\&\fISSL_SESSION_set_max_early_data()\fR return 1 for success or 0 for failure. +.PP +\&\fISSL_get_early_data_status()\fR returns \s-1SSL_EARLY_DATA_ACCEPTED\s0 if early data was +accepted by the server, \s-1SSL_EARLY_DATA_REJECTED\s0 if early data was rejected by +the server, or \s-1SSL_EARLY_DATA_NOT_SENT\s0 if no early data was sent. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fISSL_get_error\fR\|(3), +\&\fISSL_write_ex\fR\|(3), +\&\fISSL_read_ex\fR\|(3), +\&\fISSL_connect\fR\|(3), +\&\fISSL_accept\fR\|(3), +\&\fISSL_do_handshake\fR\|(3), +\&\fISSL_CTX_set_psk_use_session_callback\fR\|(3), +\&\fIssl\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +All of the functions described above were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_rstate_string.3 b/linux_amd64/ssl/share/man/man3/SSL_rstate_string.3 new file mode 100755 index 0000000..bc150a9 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_rstate_string.3 @@ -0,0 +1,186 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_RSTATE_STRING 3" +.TH SSL_RSTATE_STRING 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_rstate_string, SSL_rstate_string_long \- get textual description of state of an SSL object during read operation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const char *SSL_rstate_string(SSL *ssl); +\& const char *SSL_rstate_string_long(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_rstate_string()\fR returns a 2 letter string indicating the current read state +of the \s-1SSL\s0 object \fBssl\fR. +.PP +\&\fISSL_rstate_string_long()\fR returns a string indicating the current read state of +the \s-1SSL\s0 object \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +When performing a read operation, the \s-1SSL/TLS\s0 engine must parse the record, +consisting of header and body. When working in a blocking environment, +SSL_rstate_string[_long]() should always return \*(L"\s-1RD\s0\*(R"/\*(L"read done\*(R". +.PP +This function should only seldom be needed in applications. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_rstate_string()\fR and \fISSL_rstate_string_long()\fR can return the following +values: +.ie n .IP """\s-1RH\s0""/""read header""" 4 +.el .IP "``\s-1RH\s0''/``read header''" 4 +.IX Item "RH/read header" +The header of the record is being evaluated. +.ie n .IP """\s-1RB\s0""/""read body""" 4 +.el .IP "``\s-1RB\s0''/``read body''" 4 +.IX Item "RB/read body" +The body of the record is being evaluated. +.ie n .IP """\s-1RD\s0""/""read done""" 4 +.el .IP "``\s-1RD\s0''/``read done''" 4 +.IX Item "RD/read done" +The record has been completely processed. +.ie n .IP """unknown""/""unknown""" 4 +.el .IP "``unknown''/``unknown''" 4 +.IX Item "unknown/unknown" +The read state is unknown. This should never happen. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_session_reused.3 b/linux_amd64/ssl/share/man/man3/SSL_session_reused.3 new file mode 100755 index 0000000..f36a1f7 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_session_reused.3 @@ -0,0 +1,169 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_REUSED 3" +.TH SSL_SESSION_REUSED 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_session_reused \- query whether a reused session was negotiated during handshake +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_session_reused(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Query, whether a reused session was negotiated during the handshake. +.SH "NOTES" +.IX Header "NOTES" +During the negotiation, a client can propose to reuse a session. The server +then looks up the session in its cache. If both client and server agree +on the session, it will be reused and a flag is being set that can be +queried by the application. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "0" 4 +A new session was negotiated. +.IP "1" 4 +.IX Item "1" +A session was reused. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_set_session\fR\|(3), +\&\fISSL_CTX_set_session_cache_mode\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_set1_host.3 b/linux_amd64/ssl/share/man/man3/SSL_set1_host.3 new file mode 100755 index 0000000..7e82ab8 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_set1_host.3 @@ -0,0 +1,242 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SET1_HOST 3" +.TH SSL_SET1_HOST 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_set1_host, SSL_add1_host, SSL_set_hostflags, SSL_get0_peername \- +SSL server verification parameters +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_set1_host(SSL *s, const char *hostname); +\& int SSL_add1_host(SSL *s, const char *hostname); +\& void SSL_set_hostflags(SSL *s, unsigned int flags); +\& const char *SSL_get0_peername(SSL *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions configure server hostname checks in the \s-1SSL\s0 client. +.PP +\&\fISSL_set1_host()\fR sets the expected \s-1DNS\s0 hostname to \fBname\fR clearing +any previously specified hostname. If \fBname\fR is \s-1NULL\s0 +or the empty string, the list of hostnames is cleared and name +checks are not performed on the peer certificate. When a non-empty +\&\fBname\fR is specified, certificate verification automatically checks +the peer hostname via \fIX509_check_host\fR\|(3) with \fBflags\fR as specified +via \fISSL_set_hostflags()\fR. Clients that enable \s-1DANE\s0 \s-1TLSA\s0 authentication +via \fISSL_dane_enable\fR\|(3) should leave it to that function to set +the primary reference identifier of the peer, and should not call +\&\fISSL_set1_host()\fR. +.PP +\&\fISSL_add1_host()\fR adds \fBname\fR as an additional reference identifier +that can match the peer's certificate. Any previous names set via +\&\fISSL_set1_host()\fR or \fISSL_add1_host()\fR are retained, no change is made +if \fBname\fR is \s-1NULL\s0 or empty. When multiple names are configured, +the peer is considered verified when any name matches. This function +is required for \s-1DANE\s0 \s-1TLSA\s0 in the presence of service name indirection +via \s-1CNAME\s0, \s-1MX\s0 or \s-1SRV\s0 records as specified in \s-1RFC7671\s0, \s-1RFC7672\s0 or +\&\s-1RFC7673\s0. +.PP +\&\fISSL_set_hostflags()\fR sets the \fBflags\fR that will be passed to +\&\fIX509_check_host\fR\|(3) when name checks are applicable, by default +the \fBflags\fR value is 0. See \fIX509_check_host\fR\|(3) for the list +of available flags and their meaning. +.PP +\&\fISSL_get0_peername()\fR returns the \s-1DNS\s0 hostname or subject CommonName +from the peer certificate that matched one of the reference +identifiers. When wildcard matching is not disabled, the name +matched in the peer certificate may be a wildcard name. When one +of the reference identifiers configured via \fISSL_set1_host()\fR or +\&\fISSL_add1_host()\fR starts with \*(L".\*(R", which indicates a parent domain prefix +rather than a fixed name, the matched peer name may be a sub-domain +of the reference identifier. The returned string is allocated by +the library and is no longer valid once the associated \fBssl\fR handle +is cleared or freed, or a renegotiation takes place. Applications +must not free the return value. +.PP +\&\s-1SSL\s0 clients are advised to use these functions in preference to +explicitly calling \fIX509_check_host\fR\|(3). Hostname checks may be out +of scope with the \s-1RFC7671\s0 \s-1\fIDANE\-EE\s0\fR\|(3) certificate usage, and the +internal check will be suppressed as appropriate when \s-1DANE\s0 is +enabled. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_set1_host()\fR and \fISSL_add1_host()\fR return 1 for success and 0 for +failure. +.PP +\&\fISSL_get0_peername()\fR returns \s-1NULL\s0 if peername verification is not +applicable (as with \s-1RFC7671\s0 \s-1\fIDANE\-EE\s0\fR\|(3)), or no trusted peername was +matched. Otherwise, it returns the matched peername. To determine +whether verification succeeded call \fISSL_get_verify_result\fR\|(3). +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Suppose \*(L"smtp.example.com\*(R" is the \s-1MX\s0 host of the domain \*(L"example.com\*(R". +The calls below will arrange to match either the \s-1MX\s0 hostname or the +destination domain name in the \s-1SMTP\s0 server certificate. Wildcards +are supported, but must match the entire label. The actual name +matched in the certificate (which might be a wildcard) is retrieved, +and must be copied by the application if it is to be retained beyond +the lifetime of the \s-1SSL\s0 connection. +.PP +.Vb 5 +\& SSL_set_hostflags(ssl, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); +\& if (!SSL_set1_host(ssl, "smtp.example.com")) +\& /* error */ +\& if (!SSL_add1_host(ssl, "example.com")) +\& /* error */ +\& +\& /* XXX: Perform SSL_connect() handshake and handle errors here */ +\& +\& if (SSL_get_verify_result(ssl) == X509_V_OK) { +\& const char *peername = SSL_get0_peername(ssl); +\& +\& if (peername != NULL) +\& /* Name checks were in scope and matched the peername */ +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), +\&\fIX509_check_host\fR\|(3), +\&\fISSL_get_verify_result\fR\|(3). +\&\fISSL_dane_enable\fR\|(3). +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_set_async_callback.3 b/linux_amd64/ssl/share/man/man3/SSL_set_async_callback.3 new file mode 100755 index 0000000..d43483b --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_set_async_callback.3 @@ -0,0 +1,229 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SET_ASYNC_CALLBACK 3" +.TH SSL_SET_ASYNC_CALLBACK 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_async_callback, +SSL_CTX_set_async_callback_arg, +SSL_set_async_callback, +SSL_set_async_callback_arg, +SSL_get_async_status, +SSL_async_callback_fn +\&\- manage asynchronous operations +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef int (*SSL_async_callback_fn)(SSL *s, void *arg); +\& int SSL_CTX_set_async_callback(SSL_CTX *ctx, SSL_async_callback_fn callback); +\& int SSL_CTX_set_async_callback_arg(SSL_CTX *ctx, void *arg); +\& int SSL_set_async_callback(SSL *s, SSL_async_callback_fn callback); +\& int SSL_set_async_callback_arg(SSL *s, void *arg); +\& int SSL_get_async_status(SSL *s, int *status); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_async_callback()\fR sets an asynchronous callback function. All \fB\s-1SSL\s0\fR +objects generated based on this \fB\s-1SSL_CTX\s0\fR will get this callback. If an engine +supports the callback mechanism, it will be automatically called if +\&\fB\s-1SSL_MODE_ASYNC\s0\fR has been set and an asynchronous capable engine completes a +cryptography operation to notify the application to resume the paused work flow. +.PP +\&\fISSL_CTX_set_async_callback_arg()\fR sets the callback argument. +.PP +\&\fISSL_set_async_callback()\fR allows an application to set a callback in an +asynchronous \fB\s-1SSL\s0\fR object, so that when an engine completes a cryptography +operation, the callback will be called to notify the application to resume the +paused work flow. +.PP +\&\fISSL_set_async_callback_arg()\fR sets an argument for the \fB\s-1SSL\s0\fR object when the +above callback is called. +.PP +\&\fISSL_get_async_status()\fR returns the engine status. This function facilitates the +communication from the engine to the application. During an \s-1SSL\s0 session, +cryptographic operations are dispatched to an engine. The engine status is very +useful for an application to know if the operation has been successfully +dispatched. If the engine does not support this additional callback method, +\&\fB\s-1ASYNC_STATUS_UNSUPPORTED\s0\fR will be returned. See \fIASYNC_WAIT_CTX_set_status()\fR +for a description of all of the status values. +.PP +An example of the above functions would be the following: +.IP "1." 4 +Application sets the async callback and callback data on an \s-1SSL\s0 connection +by calling \fISSL_set_async_callback()\fR. +.IP "2." 4 +Application sets \fB\s-1SSL_MODE_ASYNC\s0\fR and makes an asynchronous \s-1SSL\s0 call +.IP "3." 4 +OpenSSL submits the asynchronous request to the engine. If a retry occurs at +this point then the status within the \fB\s-1ASYNC_WAIT_CTX\s0\fR would be set and the +async callback function would be called (goto Step 7). +.IP "4." 4 +The OpenSSL engine pauses the current job and returns, so that the +application can continue processing other connections. +.IP "5." 4 +At a future point in time (probably via a polling mechanism or via an +interrupt) the engine will become aware that the asynchronous request has +finished processing. +.IP "6." 4 +The engine will call the application's callback passing the callback data as +a parameter. +.IP "7." 4 +The callback function should then run. Note: it is a requirement that the +callback function is small and non-blocking as it will be run in the context of +a polling mechanism or an interrupt. +.IP "8." 4 +It is the application's responsibility via the callback function to schedule +recalling the OpenSSL asynchronous function and to continue processing. +.IP "9." 4 +The callback function has the option to check the status returned via +\&\fISSL_get_async_status()\fR to determine whether a retry happened instead of the +request being submitted, allowing different processing if required. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_async_callback()\fR, \fISSL_set_async_callback()\fR, +\&\fISSL_CTX_set_async_callback_arg()\fR, \fISSL_CTX_set_async_callback_arg()\fR and +\&\fISSL_get_async_status()\fR return 1 on success or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fISSL_CTX_set_async_callback()\fR, \fISSL_CTX_set_async_callback_arg()\fR, +\&\fISSL_set_async_callback()\fR, \fISSL_set_async_callback_arg()\fR and +\&\fISSL_get_async_status()\fR were first added to OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_set_bio.3 b/linux_amd64/ssl/share/man/man3/SSL_set_bio.3 new file mode 100755 index 0000000..99a743a --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_set_bio.3 @@ -0,0 +1,218 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SET_BIO 3" +.TH SSL_SET_BIO 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_set_bio, SSL_set0_rbio, SSL_set0_wbio \- connect the SSL object with a BIO +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio); +\& void SSL_set0_rbio(SSL *s, BIO *rbio); +\& void SSL_set0_wbio(SSL *s, BIO *wbio); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_set0_rbio()\fR connects the \s-1BIO\s0 \fBrbio\fR for the read operations of the \fBssl\fR +object. The \s-1SSL\s0 engine inherits the behaviour of \fBrbio\fR. If the \s-1BIO\s0 is +non-blocking then the \fBssl\fR object will also have non-blocking behaviour. This +function transfers ownership of \fBrbio\fR to \fBssl\fR. It will be automatically +freed using \fIBIO_free_all\fR\|(3) when the \fBssl\fR is freed. On calling this +function, any existing \fBrbio\fR that was previously set will also be freed via a +call to \fIBIO_free_all\fR\|(3) (this includes the case where the \fBrbio\fR is set to +the same value as previously). +.PP +\&\fISSL_set0_wbio()\fR works in the same as \fISSL_set0_rbio()\fR except that it connects +the \s-1BIO\s0 \fBwbio\fR for the write operations of the \fBssl\fR object. Note that if the +rbio and wbio are the same then \fISSL_set0_rbio()\fR and \fISSL_set0_wbio()\fR each take +ownership of one reference. Therefore it may be necessary to increment the +number of references available using \fIBIO_up_ref\fR\|(3) before calling the set0 +functions. +.PP +\&\fISSL_set_bio()\fR is similar to \fISSL_set0_rbio()\fR and \fISSL_set0_wbio()\fR except +that it connects both the \fBrbio\fR and the \fBwbio\fR at the same time, and +transfers the ownership of \fBrbio\fR and \fBwbio\fR to \fBssl\fR according to +the following set of rules: +.IP "\(bu" 2 +If neither the \fBrbio\fR or \fBwbio\fR have changed from their previous values +then nothing is done. +.IP "\(bu" 2 +If the \fBrbio\fR and \fBwbio\fR parameters are different and both are different +to their +previously set values then one reference is consumed for the rbio and one +reference is consumed for the wbio. +.IP "\(bu" 2 +If the \fBrbio\fR and \fBwbio\fR parameters are the same and the \fBrbio\fR is not +the same as the previously set value then one reference is consumed. +.IP "\(bu" 2 +If the \fBrbio\fR and \fBwbio\fR parameters are the same and the \fBrbio\fR is the +same as the previously set value, then no additional references are consumed. +.IP "\(bu" 2 +If the \fBrbio\fR and \fBwbio\fR parameters are different and the \fBrbio\fR is the +same as the +previously set value then one reference is consumed for the \fBwbio\fR and no +references are consumed for the \fBrbio\fR. +.IP "\(bu" 2 +If the \fBrbio\fR and \fBwbio\fR parameters are different and the \fBwbio\fR is the +same as the previously set value and the old \fBrbio\fR and \fBwbio\fR values +were the same as each other then one reference is consumed for the \fBrbio\fR +and no references are consumed for the \fBwbio\fR. +.IP "\(bu" 2 +If the \fBrbio\fR and \fBwbio\fR parameters are different and the \fBwbio\fR +is the same as the +previously set value and the old \fBrbio\fR and \fBwbio\fR values were different +to each +other then one reference is consumed for the \fBrbio\fR and one reference +is consumed +for the \fBwbio\fR. +.PP +Because of this complexity, this function should be avoided; +use \fISSL_set0_rbio()\fR and \fISSL_set0_wbio()\fR instead. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_set_bio()\fR, \fISSL_set0_rbio()\fR and \fISSL_set0_wbio()\fR cannot fail. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fISSL_get_rbio\fR\|(3), +\&\fISSL_connect\fR\|(3), \fISSL_accept\fR\|(3), +\&\fISSL_shutdown\fR\|(3), \fIssl\fR\|(7), \fIbio\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fISSL_set0_rbio()\fR and \fISSL_set0_wbio()\fR were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_set_connect_state.3 b/linux_amd64/ssl/share/man/man3/SSL_set_connect_state.3 new file mode 100755 index 0000000..b14ef80 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_set_connect_state.3 @@ -0,0 +1,199 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SET_CONNECT_STATE 3" +.TH SSL_SET_CONNECT_STATE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_set_connect_state, SSL_set_accept_state, SSL_is_server +\&\- functions for manipulating and examining the client or server mode of an SSL object +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_set_connect_state(SSL *ssl); +\& +\& void SSL_set_accept_state(SSL *ssl); +\& +\& int SSL_is_server(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_set_connect_state()\fR sets \fBssl\fR to work in client mode. +.PP +\&\fISSL_set_accept_state()\fR sets \fBssl\fR to work in server mode. +.PP +\&\fISSL_is_server()\fR checks if \fBssl\fR is working in server mode. +.SH "NOTES" +.IX Header "NOTES" +When the \s-1SSL_CTX\s0 object was created with \fISSL_CTX_new\fR\|(3), +it was either assigned a dedicated client method, a dedicated server +method, or a generic method, that can be used for both client and +server connections. (The method might have been changed with +\&\fISSL_CTX_set_ssl_version\fR\|(3) or +\&\fISSL_set_ssl_method\fR\|(3).) +.PP +When beginning a new handshake, the \s-1SSL\s0 engine must know whether it must +call the connect (client) or accept (server) routines. Even though it may +be clear from the method chosen, whether client or server mode was +requested, the handshake routines must be explicitly set. +.PP +When using the \fISSL_connect\fR\|(3) or +\&\fISSL_accept\fR\|(3) routines, the correct handshake +routines are automatically set. When performing a transparent negotiation +using \fISSL_write_ex\fR\|(3), \fISSL_write\fR\|(3), \fISSL_read_ex\fR\|(3), or \fISSL_read\fR\|(3), +the handshake routines must be explicitly set in advance using either +\&\fISSL_set_connect_state()\fR or \fISSL_set_accept_state()\fR. +.PP +If \fISSL_is_server()\fR is called before \fISSL_set_connect_state()\fR or +\&\fISSL_set_accept_state()\fR is called (either automatically or explicitly), +the result depends on what method was used when \s-1SSL_CTX\s0 was created with +\&\fISSL_CTX_new\fR\|(3). If a generic method or a dedicated server method was +passed to \fISSL_CTX_new\fR\|(3), \fISSL_is_server()\fR returns 1; otherwise, it returns 0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_set_connect_state()\fR and \fISSL_set_accept_state()\fR do not return diagnostic +information. +.PP +\&\fISSL_is_server()\fR returns 1 if \fBssl\fR is working in server mode or 0 for client mode. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_new\fR\|(3), \fISSL_CTX_new\fR\|(3), +\&\fISSL_connect\fR\|(3), \fISSL_accept\fR\|(3), +\&\fISSL_write_ex\fR\|(3), \fISSL_write\fR\|(3), \fISSL_read_ex\fR\|(3), \fISSL_read\fR\|(3), +\&\fISSL_do_handshake\fR\|(3), +\&\fISSL_CTX_set_ssl_version\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_set_fd.3 b/linux_amd64/ssl/share/man/man3/SSL_set_fd.3 new file mode 100755 index 0000000..d0ab32d --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_set_fd.3 @@ -0,0 +1,179 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SET_FD 3" +.TH SSL_SET_FD 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_set_fd, SSL_set_rfd, SSL_set_wfd \- connect the SSL object with a file descriptor +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_set_fd(SSL *ssl, int fd); +\& int SSL_set_rfd(SSL *ssl, int fd); +\& int SSL_set_wfd(SSL *ssl, int fd); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_set_fd()\fR sets the file descriptor \fBfd\fR as the input/output facility +for the \s-1TLS/SSL\s0 (encrypted) side of \fBssl\fR. \fBfd\fR will typically be the +socket file descriptor of a network connection. +.PP +When performing the operation, a \fBsocket \s-1BIO\s0\fR is automatically created to +interface between the \fBssl\fR and \fBfd\fR. The \s-1BIO\s0 and hence the \s-1SSL\s0 engine +inherit the behaviour of \fBfd\fR. If \fBfd\fR is non-blocking, the \fBssl\fR will +also have non-blocking behaviour. +.PP +If there was already a \s-1BIO\s0 connected to \fBssl\fR, \fIBIO_free()\fR will be called +(for both the reading and writing side, if different). +.PP +\&\fISSL_set_rfd()\fR and \fISSL_set_wfd()\fR perform the respective action, but only +for the read channel or the write channel, which can be set independently. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "0" 4 +The operation failed. Check the error stack to find out why. +.IP "1" 4 +.IX Item "1" +The operation succeeded. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fISSL_get_fd\fR\|(3), \fISSL_set_bio\fR\|(3), +\&\fISSL_connect\fR\|(3), \fISSL_accept\fR\|(3), +\&\fISSL_shutdown\fR\|(3), \fIssl\fR\|(7) , \fIbio\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_set_session.3 b/linux_amd64/ssl/share/man/man3/SSL_set_session.3 new file mode 100755 index 0000000..ab75063 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_set_session.3 @@ -0,0 +1,185 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SET_SESSION 3" +.TH SSL_SET_SESSION 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_set_session \- set a TLS/SSL session to be used during TLS/SSL connect +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_set_session(SSL *ssl, SSL_SESSION *session); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_set_session()\fR sets \fBsession\fR to be used when the \s-1TLS/SSL\s0 connection +is to be established. \fISSL_set_session()\fR is only useful for \s-1TLS/SSL\s0 clients. +When the session is set, the reference count of \fBsession\fR is incremented +by 1. If the session is not reused, the reference count is decremented +again during \fISSL_connect()\fR. Whether the session was reused can be queried +with the \fISSL_session_reused\fR\|(3) call. +.PP +If there is already a session set inside \fBssl\fR (because it was set with +\&\fISSL_set_session()\fR before or because the same \fBssl\fR was already used for +a connection), \fISSL_SESSION_free()\fR will be called for that session. If that old +session is still \fBopen\fR, it is considered bad and will be removed from the +session cache (if used). A session is considered open, if \fISSL_shutdown\fR\|(3) was +not called for the connection (or at least \fISSL_set_shutdown\fR\|(3) was used to +set the \s-1SSL_SENT_SHUTDOWN\s0 state). +.SH "NOTES" +.IX Header "NOTES" +\&\s-1SSL_SESSION\s0 objects keep internal link information about the session cache +list, when being inserted into one \s-1SSL_CTX\s0 object's session cache. +One \s-1SSL_SESSION\s0 object, regardless of its reference count, must therefore +only be used with one \s-1SSL_CTX\s0 object (and the \s-1SSL\s0 objects created +from this \s-1SSL_CTX\s0 object). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "0" 4 +The operation failed; check the error stack to find out the reason. +.IP "1" 4 +.IX Item "1" +The operation succeeded. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_SESSION_free\fR\|(3), +\&\fISSL_get_session\fR\|(3), +\&\fISSL_session_reused\fR\|(3), +\&\fISSL_CTX_set_session_cache_mode\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_set_shutdown.3 b/linux_amd64/ssl/share/man/man3/SSL_set_shutdown.3 new file mode 100755 index 0000000..f380823 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_set_shutdown.3 @@ -0,0 +1,195 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SET_SHUTDOWN 3" +.TH SSL_SET_SHUTDOWN 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_set_shutdown, SSL_get_shutdown \- manipulate shutdown state of an SSL connection +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_set_shutdown(SSL *ssl, int mode); +\& +\& int SSL_get_shutdown(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_set_shutdown()\fR sets the shutdown state of \fBssl\fR to \fBmode\fR. +.PP +\&\fISSL_get_shutdown()\fR returns the shutdown mode of \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +The shutdown state of an ssl connection is a bit-mask of: +.IP "0" 4 +No shutdown setting, yet. +.IP "\s-1SSL_SENT_SHUTDOWN\s0" 4 +.IX Item "SSL_SENT_SHUTDOWN" +A close_notify shutdown alert was sent to the peer, the connection is being +considered closed and the session is closed and correct. +.IP "\s-1SSL_RECEIVED_SHUTDOWN\s0" 4 +.IX Item "SSL_RECEIVED_SHUTDOWN" +A shutdown alert was received form the peer, either a normal close_notify +or a fatal error. +.PP +\&\s-1SSL_SENT_SHUTDOWN\s0 and \s-1SSL_RECEIVED_SHUTDOWN\s0 can be set at the same time. +.PP +The shutdown state of the connection is used to determine the state of +the ssl session. If the session is still open, when +\&\fISSL_clear\fR\|(3) or \fISSL_free\fR\|(3) is called, +it is considered bad and removed according to \s-1RFC2246\s0. +The actual condition for a correctly closed session is \s-1SSL_SENT_SHUTDOWN\s0 +(according to the \s-1TLS\s0 \s-1RFC\s0, it is acceptable to only send the close_notify +alert but to not wait for the peer's answer, when the underlying connection +is closed). +\&\fISSL_set_shutdown()\fR can be used to set this state without sending a +close alert to the peer (see \fISSL_shutdown\fR\|(3)). +.PP +If a close_notify was received, \s-1SSL_RECEIVED_SHUTDOWN\s0 will be set, +for setting \s-1SSL_SENT_SHUTDOWN\s0 the application must however still call +\&\fISSL_shutdown\fR\|(3) or \fISSL_set_shutdown()\fR itself. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_set_shutdown()\fR does not return diagnostic information. +.PP +\&\fISSL_get_shutdown()\fR returns the current setting. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_shutdown\fR\|(3), +\&\fISSL_CTX_set_quiet_shutdown\fR\|(3), +\&\fISSL_clear\fR\|(3), \fISSL_free\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_set_verify_result.3 b/linux_amd64/ssl/share/man/man3/SSL_set_verify_result.3 new file mode 100755 index 0000000..4f40a5f --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_set_verify_result.3 @@ -0,0 +1,169 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SET_VERIFY_RESULT 3" +.TH SSL_SET_VERIFY_RESULT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_set_verify_result \- override result of peer certificate verification +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_set_verify_result(SSL *ssl, long verify_result); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_set_verify_result()\fR sets \fBverify_result\fR of the object \fBssl\fR to be the +result of the verification of the X509 certificate presented by the peer, +if any. +.SH "NOTES" +.IX Header "NOTES" +\&\fISSL_set_verify_result()\fR overrides the verification result. It only changes +the verification result of the \fBssl\fR object. It does not become part of the +established session, so if the session is to be reused later, the original +value will reappear. +.PP +The valid codes for \fBverify_result\fR are documented in \fIopenssl\-verify\fR\|(1). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_set_verify_result()\fR does not provide a return value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_get_verify_result\fR\|(3), +\&\fISSL_get_peer_certificate\fR\|(3), +\&\fIopenssl\-verify\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_shutdown.3 b/linux_amd64/ssl/share/man/man3/SSL_shutdown.3 new file mode 100755 index 0000000..a70b1e0 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_shutdown.3 @@ -0,0 +1,276 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SHUTDOWN 3" +.TH SSL_SHUTDOWN 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_shutdown \- shut down a TLS/SSL connection +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_shutdown(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_shutdown()\fR shuts down an active \s-1TLS/SSL\s0 connection. It sends the +close_notify shutdown alert to the peer. +.PP +\&\fISSL_shutdown()\fR tries to send the close_notify shutdown alert to the peer. +Whether the operation succeeds or not, the \s-1SSL_SENT_SHUTDOWN\s0 flag is set and +a currently open session is considered closed and good and will be kept in the +session cache for further reuse. +.PP +Note that \fISSL_shutdown()\fR must not be called if a previous fatal error has +occurred on a connection i.e. if \fISSL_get_error()\fR has returned \s-1SSL_ERROR_SYSCALL\s0 +or \s-1SSL_ERROR_SSL\s0. +.PP +The shutdown procedure consists of two steps: sending of the close_notify +shutdown alert, and reception of the peer's close_notify shutdown alert. +The order of those two steps depends on the application. +.PP +It is acceptable for an application to only send its shutdown alert and +then close the underlying connection without waiting for the peer's response. +This way resources can be saved, as the process can already terminate or +serve another connection. +This should only be done when it is known that the other side will not send more +data, otherwise there is a risk of a truncation attack. +.PP +When a client only writes and never reads from the connection, and the server +has sent a session ticket to establish a session, the client might not be able +to resume the session because it did not received and process the session ticket +from the server. +In case the application wants to be able to resume the session, it is recommended to +do a complete shutdown procedure (bidirectional close_notify alerts). +.PP +When the underlying connection shall be used for more communications, the +complete shutdown procedure must be performed, so that the peers stay +synchronized. +.PP +\&\fISSL_shutdown()\fR only closes the write direction. +It is not possible to call \fISSL_write()\fR after calling \fISSL_shutdown()\fR. +The read direction is closed by the peer. +.PP +The behaviour of \fISSL_shutdown()\fR additionally depends on the underlying \s-1BIO\s0. +If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_shutdown()\fR will only return once the +handshake step has been finished or an error occurred. +.PP +If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fISSL_shutdown()\fR will also return +when the underlying \s-1BIO\s0 could not satisfy the needs of \fISSL_shutdown()\fR +to continue the handshake. In this case a call to \fISSL_get_error()\fR with the +return value of \fISSL_shutdown()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or +\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after +taking appropriate action to satisfy the needs of \fISSL_shutdown()\fR. +The action depends on the underlying \s-1BIO\s0. When using a non-blocking socket, +nothing is to be done, but \fIselect()\fR can be used to check for the required +condition. When using a buffering \s-1BIO\s0, like a \s-1BIO\s0 pair, data must be written +into or retrieved out of the \s-1BIO\s0 before being able to continue. +.PP +After \fISSL_shutdown()\fR returned 0, it is possible to call \fISSL_shutdown()\fR again +to wait for the peer's close_notify alert. +\&\fISSL_shutdown()\fR will return 1 in that case. +However, it is recommended to wait for it using \fISSL_read()\fR instead. +.PP +\&\fISSL_shutdown()\fR can be modified to only set the connection to \*(L"shutdown\*(R" +state but not actually send the close_notify alert messages, +see \fISSL_CTX_set_quiet_shutdown\fR\|(3). +When \*(L"quiet shutdown\*(R" is enabled, \fISSL_shutdown()\fR will always succeed +and return 1. +.SS "First to close the connection" +.IX Subsection "First to close the connection" +When the application is the first party to send the close_notify +alert, \fISSL_shutdown()\fR will only send the alert and then set the +\&\s-1SSL_SENT_SHUTDOWN\s0 flag (so that the session is considered good and will +be kept in the cache). +If successful, \fISSL_shutdown()\fR will return 0. +.PP +If a unidirectional shutdown is enough (the underlying connection shall be +closed anyway), this first successful call to \fISSL_shutdown()\fR is sufficient. +.PP +In order to complete the bidirectional shutdown handshake, the peer needs +to send back a close_notify alert. +The \s-1SSL_RECEIVED_SHUTDOWN\s0 flag will be set after receiving and processing +it. +.PP +The peer is still allowed to send data after receiving the close_notify +event. +When it is done sending data, it will send the close_notify alert. +\&\fISSL_read()\fR should be called until all data is received. +\&\fISSL_read()\fR will indicate the end of the peer data by returning <= 0 +and \fISSL_get_error()\fR returning \s-1SSL_ERROR_ZERO_RETURN\s0. +.SS "Peer closes the connection" +.IX Subsection "Peer closes the connection" +If the peer already sent the close_notify alert \fBand\fR it was +already processed implicitly inside another function +(\fISSL_read\fR\|(3)), the \s-1SSL_RECEIVED_SHUTDOWN\s0 flag is set. +\&\fISSL_read()\fR will return <= 0 in that case, and \fISSL_get_error()\fR will return +\&\s-1SSL_ERROR_ZERO_RETURN\s0. +\&\fISSL_shutdown()\fR will send the close_notify alert, set the \s-1SSL_SENT_SHUTDOWN\s0 +flag. +If successful, \fISSL_shutdown()\fR will return 1. +.PP +Whether \s-1SSL_RECEIVED_SHUTDOWN\s0 is already set can be checked using the +\&\fISSL_get_shutdown()\fR (see also \fISSL_set_shutdown\fR\|(3) call. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "0" 4 +The shutdown is not yet finished: the close_notify was sent but the peer +did not send it back yet. +Call \fISSL_read()\fR to do a bidirectional shutdown. +The output of \fISSL_get_error\fR\|(3) may be misleading, as an +erroneous \s-1SSL_ERROR_SYSCALL\s0 may be flagged even though no error occurred. +.IP "1" 4 +.IX Item "1" +The shutdown was successfully completed. The close_notify alert was sent +and the peer's close_notify alert was received. +.IP "<0" 4 +.IX Item "<0" +The shutdown was not successful. +Call \fISSL_get_error\fR\|(3) with the return value \fBret\fR to find out the reason. +It can occur if an action is needed to continue the operation for non-blocking +BIOs. +.Sp +It can also occur when not all data was read using \fISSL_read()\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fISSL_get_error\fR\|(3), \fISSL_connect\fR\|(3), +\&\fISSL_accept\fR\|(3), \fISSL_set_shutdown\fR\|(3), +\&\fISSL_CTX_set_quiet_shutdown\fR\|(3), +\&\fISSL_clear\fR\|(3), \fISSL_free\fR\|(3), +\&\fIssl\fR\|(7), \fIbio\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_state_string.3 b/linux_amd64/ssl/share/man/man3/SSL_state_string.3 new file mode 100755 index 0000000..1ed579d --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_state_string.3 @@ -0,0 +1,176 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_STATE_STRING 3" +.TH SSL_STATE_STRING 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_state_string, SSL_state_string_long \- get textual description of state of an SSL object +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const char *SSL_state_string(const SSL *ssl); +\& const char *SSL_state_string_long(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_state_string()\fR returns a 6 letter string indicating the current state +of the \s-1SSL\s0 object \fBssl\fR. +.PP +\&\fISSL_state_string_long()\fR returns a string indicating the current state of +the \s-1SSL\s0 object \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +During its use, an \s-1SSL\s0 objects passes several states. The state is internally +maintained. Querying the state information is not very informative before +or when a connection has been established. It however can be of significant +interest during the handshake. +.PP +When using non-blocking sockets, the function call performing the handshake +may return with \s-1SSL_ERROR_WANT_READ\s0 or \s-1SSL_ERROR_WANT_WRITE\s0 condition, +so that SSL_state_string[_long]() may be called. +.PP +For both blocking or non-blocking sockets, the details state information +can be used within the info_callback function set with the +\&\fISSL_set_info_callback()\fR call. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Detailed description of possible states to be included later. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_CTX_set_info_callback\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_want.3 b/linux_amd64/ssl/share/man/man3/SSL_want.3 new file mode 100755 index 0000000..8c8078e --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_want.3 @@ -0,0 +1,226 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_WANT 3" +.TH SSL_WANT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_want, SSL_want_nothing, SSL_want_read, SSL_want_write, SSL_want_x509_lookup, +SSL_want_async, SSL_want_async_job, SSL_want_client_hello_cb \- obtain state +information TLS/SSL I/O operation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_want(const SSL *ssl); +\& int SSL_want_nothing(const SSL *ssl); +\& int SSL_want_read(const SSL *ssl); +\& int SSL_want_write(const SSL *ssl); +\& int SSL_want_x509_lookup(const SSL *ssl); +\& int SSL_want_async(const SSL *ssl); +\& int SSL_want_async_job(const SSL *ssl); +\& int SSL_want_client_hello_cb(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_want()\fR returns state information for the \s-1SSL\s0 object \fBssl\fR. +.PP +The other SSL_want_*() calls are shortcuts for the possible states returned +by \fISSL_want()\fR. +.SH "NOTES" +.IX Header "NOTES" +\&\fISSL_want()\fR examines the internal state information of the \s-1SSL\s0 object. Its +return values are similar to that of \fISSL_get_error\fR\|(3). +Unlike \fISSL_get_error\fR\|(3), which also evaluates the +error queue, the results are obtained by examining an internal state flag +only. The information must therefore only be used for normal operation under +non-blocking I/O. Error conditions are not handled and must be treated +using \fISSL_get_error\fR\|(3). +.PP +The result returned by \fISSL_want()\fR should always be consistent with +the result of \fISSL_get_error\fR\|(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can currently occur for \fISSL_want()\fR: +.IP "\s-1SSL_NOTHING\s0" 4 +.IX Item "SSL_NOTHING" +There is no data to be written or to be read. +.IP "\s-1SSL_WRITING\s0" 4 +.IX Item "SSL_WRITING" +There are data in the \s-1SSL\s0 buffer that must be written to the underlying +\&\fB\s-1BIO\s0\fR layer in order to complete the actual SSL_*() operation. +A call to \fISSL_get_error\fR\|(3) should return +\&\s-1SSL_ERROR_WANT_WRITE\s0. +.IP "\s-1SSL_READING\s0" 4 +.IX Item "SSL_READING" +More data must be read from the underlying \fB\s-1BIO\s0\fR layer in order to +complete the actual SSL_*() operation. +A call to \fISSL_get_error\fR\|(3) should return +\&\s-1SSL_ERROR_WANT_READ\s0. +.IP "\s-1SSL_X509_LOOKUP\s0" 4 +.IX Item "SSL_X509_LOOKUP" +The operation did not complete because an application callback set by +\&\fISSL_CTX_set_client_cert_cb()\fR has asked to be called again. +A call to \fISSL_get_error\fR\|(3) should return +\&\s-1SSL_ERROR_WANT_X509_LOOKUP\s0. +.IP "\s-1SSL_ASYNC_PAUSED\s0" 4 +.IX Item "SSL_ASYNC_PAUSED" +An asynchronous operation partially completed and was then paused. See +\&\fISSL_get_all_async_fds\fR\|(3). A call to \fISSL_get_error\fR\|(3) should return +\&\s-1SSL_ERROR_WANT_ASYNC\s0. +.IP "\s-1SSL_ASYNC_NO_JOBS\s0" 4 +.IX Item "SSL_ASYNC_NO_JOBS" +The asynchronous job could not be started because there were no async jobs +available in the pool (see \fIASYNC_init_thread\fR\|(3)). A call to \fISSL_get_error\fR\|(3) +should return \s-1SSL_ERROR_WANT_ASYNC_JOB\s0. +.IP "\s-1SSL_CLIENT_HELLO_CB\s0" 4 +.IX Item "SSL_CLIENT_HELLO_CB" +The operation did not complete because an application callback set by +\&\fISSL_CTX_set_client_hello_cb()\fR has asked to be called again. +A call to \fISSL_get_error\fR\|(3) should return +\&\s-1SSL_ERROR_WANT_CLIENT_HELLO_CB\s0. +.PP +\&\fISSL_want_nothing()\fR, \fISSL_want_read()\fR, \fISSL_want_write()\fR, \fISSL_want_x509_lookup()\fR, +\&\fISSL_want_async()\fR, \fISSL_want_async_job()\fR, and \fISSL_want_client_hello_cb()\fR return +1, when the corresponding condition is true or 0 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_get_error\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fISSL_want_client_hello_cb()\fR function and the \s-1SSL_CLIENT_HELLO_CB\s0 return value +were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/SSL_write.3 b/linux_amd64/ssl/share/man/man3/SSL_write.3 new file mode 100755 index 0000000..df05b06 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/SSL_write.3 @@ -0,0 +1,263 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_WRITE 3" +.TH SSL_WRITE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_write_ex, SSL_write, SSL_sendfile \- write bytes to a TLS/SSL connection +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& ossl_ssize_t SSL_sendfile(SSL *s, int fd, off_t offset, size_t size, int flags); +\& int SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *written); +\& int SSL_write(SSL *ssl, const void *buf, int num); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_write_ex()\fR and \fISSL_write()\fR write \fBnum\fR bytes from the buffer \fBbuf\fR into +the specified \fBssl\fR connection. On success \fISSL_write_ex()\fR will store the number +of bytes written in \fB*written\fR. +.PP +\&\fISSL_sendfile()\fR writes \fBsize\fR bytes from offset \fBoffset\fR in the file +descriptor \fBfd\fR to the specified \s-1SSL\s0 connection \fBs\fR. This function provides +efficient zero-copy semantics. \fISSL_sendfile()\fR is available only when +Kernel \s-1TLS\s0 is enabled, which can be checked by calling \fIBIO_get_ktls_send()\fR. +It is provided here to allow users to maintain the same interface. +The meaning of \fBflags\fR is platform dependent. +Currently, under Linux it is ignored. +.SH "NOTES" +.IX Header "NOTES" +In the paragraphs below a \*(L"write function\*(R" is defined as one of either +\&\fISSL_write_ex()\fR, or \fISSL_write()\fR. +.PP +If necessary, a write function will negotiate a \s-1TLS/SSL\s0 session, if not already +explicitly performed by \fISSL_connect\fR\|(3) or \fISSL_accept\fR\|(3). If the peer +requests a re-negotiation, it will be performed transparently during +the write function operation. The behaviour of the write functions depends on the +underlying \s-1BIO\s0. +.PP +For the transparent negotiation to succeed, the \fBssl\fR must have been +initialized to client or server mode. This is being done by calling +\&\fISSL_set_connect_state\fR\|(3) or \fISSL_set_accept_state()\fR +before the first call to a write function. +.PP +If the underlying \s-1BIO\s0 is \fBblocking\fR, the write functions will only return, once +the write operation has been finished or an error occurred. +.PP +If the underlying \s-1BIO\s0 is \fBnon-blocking\fR the write functions will also return +when the underlying \s-1BIO\s0 could not satisfy the needs of the function to continue +the operation. In this case a call to \fISSL_get_error\fR\|(3) with the +return value of the write function will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR +or \fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. As at any time a re-negotiation is possible, a +call to a write function can also cause read operations! The calling process +then must repeat the call after taking appropriate action to satisfy the needs +of the write function. The action depends on the underlying \s-1BIO\s0. When using a +non-blocking socket, nothing is to be done, but \fIselect()\fR can be used to check +for the required condition. When using a buffering \s-1BIO\s0, like a \s-1BIO\s0 pair, data +must be written into or retrieved out of the \s-1BIO\s0 before being able to continue. +.PP +The write functions will only return with success when the complete contents of +\&\fBbuf\fR of length \fBnum\fR has been written. This default behaviour can be changed +with the \s-1SSL_MODE_ENABLE_PARTIAL_WRITE\s0 option of \fISSL_CTX_set_mode\fR\|(3). When +this flag is set the write functions will also return with success when a +partial write has been successfully completed. In this case the write function +operation is considered completed. The bytes are sent and a new write call with +a new buffer (with the already sent bytes removed) must be started. A partial +write is performed with the size of a message block, which is 16kB. +.SH "WARNINGS" +.IX Header "WARNINGS" +When a write function call has to be repeated because \fISSL_get_error\fR\|(3) +returned \fB\s-1SSL_ERROR_WANT_READ\s0\fR or \fB\s-1SSL_ERROR_WANT_WRITE\s0\fR, it must be repeated +with the same arguments. +The data that was passed might have been partially processed. +When \fB\s-1SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER\s0\fR was set using \fISSL_CTX_set_mode\fR\|(3) +the pointer can be different, but the data and length should still be the same. +.PP +You should not call \fISSL_write()\fR with num=0, it will return an error. +\&\fISSL_write_ex()\fR can be called with num=0, but will not send application data to +the peer. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_write_ex()\fR will return 1 for success or 0 for failure. Success means that +all requested application data bytes have been written to the \s-1SSL\s0 connection or, +if \s-1SSL_MODE_ENABLE_PARTIAL_WRITE\s0 is in use, at least 1 application data byte has +been written to the \s-1SSL\s0 connection. Failure means that not all the requested +bytes have been written yet (if \s-1SSL_MODE_ENABLE_PARTIAL_WRITE\s0 is not in use) or +no bytes could be written to the \s-1SSL\s0 connection (if +\&\s-1SSL_MODE_ENABLE_PARTIAL_WRITE\s0 is in use). Failures can be retryable (e.g. the +network write buffer has temporarily filled up) or non-retryable (e.g. a fatal +network error). In the event of a failure call \fISSL_get_error\fR\|(3) to find out +the reason which indicates whether the call is retryable or not. +.PP +For \fISSL_write()\fR the following return values can occur: +.IP "> 0" 4 +.IX Item "> 0" +The write operation was successful, the return value is the number of +bytes actually written to the \s-1TLS/SSL\s0 connection. +.IP "<= 0" 4 +.IX Item "<= 0" +The write operation was not successful, because either the connection was +closed, an error occurred or action must be taken by the calling process. +Call \fISSL_get_error()\fR with the return value \fBret\fR to find out the reason. +.Sp +Old documentation indicated a difference between 0 and \-1, and that \-1 was +retryable. +You should instead call \fISSL_get_error()\fR to find out if it's retryable. +.PP +For \fISSL_sendfile()\fR, the following return values can occur: +.IP ">= 0" 4 +.IX Item ">= 0" +The write operation was successful, the return value is the number +of bytes of the file written to the \s-1TLS/SSL\s0 connection. +.IP "< 0" 4 +.IX Item "< 0" +The write operation was not successful, because either the connection was +closed, an error occurred or action must be taken by the calling process. +Call \fISSL_get_error()\fR with the return value to find out the reason. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fISSL_get_error\fR\|(3), \fISSL_read_ex\fR\|(3), \fISSL_read\fR\|(3) +\&\fISSL_CTX_set_mode\fR\|(3), \fISSL_CTX_new\fR\|(3), +\&\fISSL_connect\fR\|(3), \fISSL_accept\fR\|(3) +\&\fISSL_set_connect_state\fR\|(3), \fIBIO_ctrl\fR\|(3), +\&\fIssl\fR\|(7), \fIbio\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \fISSL_write_ex()\fR function was added in OpenSSL 1.1.1. +The \fISSL_sendfile()\fR function was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/TS_VERIFY_CTX_set_certs.3 b/linux_amd64/ssl/share/man/man3/TS_VERIFY_CTX_set_certs.3 new file mode 100755 index 0000000..8b0a7bc --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/TS_VERIFY_CTX_set_certs.3 @@ -0,0 +1,180 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "TS_VERIFY_CTX_SET_CERTS 3" +.TH TS_VERIFY_CTX_SET_CERTS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +TS_VERIFY_CTX_set_certs, TS_VERIFY_CTS_set_certs +\&\- set certificates for TS response verification +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& STACK_OF(X509) *TS_VERIFY_CTX_set_certs(TS_VERIFY_CTX *ctx, +\& STACK_OF(X509) *certs); +\& STACK_OF(X509) *TS_VERIFY_CTS_set_certs(TS_VERIFY_CTX *ctx, +\& STACK_OF(X509) *certs); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The Time-Stamp Protocol (\s-1TSP\s0) is defined by \s-1RFC\s0 3161. \s-1TSP\s0 is a protocol used to +provide long term proof of the existence of a certain datum before a particular +time. \s-1TSP\s0 defines a Time Stamping Authority (\s-1TSA\s0) and an entity who shall make +requests to the \s-1TSA\s0. Usually the \s-1TSA\s0 is denoted as the server side and the +requesting entity is denoted as the client. +.PP +In \s-1TSP\s0, when a server is sending a response to a client, the server normally +needs to sign the response data \- the TimeStampToken (\s-1TST\s0) \- with its private +key. Then the client shall verify the received \s-1TST\s0 by the server's certificate +chain. +.PP +\&\fITS_VERIFY_CTX_set_certs()\fR is used to set the server's certificate chain when +verifying a \s-1TST\s0. \fBctx\fR is the verification context created in advance and +\&\fBcerts\fR is a stack of \fBX509\fR certificates. +.PP +\&\fITS_VERIFY_CTS_set_certs()\fR is a misspelled version of \fITS_VERIFY_CTX_set_certs()\fR +which takes the same parameters and returns the same result. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fITS_VERIFY_CTX_set_certs()\fR returns the stack of \fBX509\fR certificates the user +passes in via parameter \fBcerts\fR. +.SH "HISTORY" +.IX Header "HISTORY" +The spelling of \fITS_VERIFY_CTX_set_certs()\fR was corrected in OpenSSL 3.0.0. +The misspelled version \fITS_VERIFY_CTS_set_certs()\fR has been retained for +compatibility reasons, but it is deprecated in OpenSSL 3.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/UI_STRING.3 b/linux_amd64/ssl/share/man/man3/UI_STRING.3 new file mode 100755 index 0000000..2b1e696 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/UI_STRING.3 @@ -0,0 +1,270 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "UI_STRING 3" +.TH UI_STRING 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +UI_STRING, UI_string_types, UI_get_string_type, +UI_get_input_flags, UI_get0_output_string, +UI_get0_action_string, UI_get0_result_string, UI_get_result_string_length, +UI_get0_test_string, UI_get_result_minsize, +UI_get_result_maxsize, UI_set_result, UI_set_result_ex +\&\- User interface string parsing +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct ui_string_st UI_STRING; +\& +\& enum UI_string_types { +\& UIT_NONE = 0, +\& UIT_PROMPT, /* Prompt for a string */ +\& UIT_VERIFY, /* Prompt for a string and verify */ +\& UIT_BOOLEAN, /* Prompt for a yes/no response */ +\& UIT_INFO, /* Send info to the user */ +\& UIT_ERROR /* Send an error message to the user */ +\& }; +\& +\& enum UI_string_types UI_get_string_type(UI_STRING *uis); +\& int UI_get_input_flags(UI_STRING *uis); +\& const char *UI_get0_output_string(UI_STRING *uis); +\& const char *UI_get0_action_string(UI_STRING *uis); +\& const char *UI_get0_result_string(UI_STRING *uis); +\& int UI_get_result_string_length(UI_STRING *uis); +\& const char *UI_get0_test_string(UI_STRING *uis); +\& int UI_get_result_minsize(UI_STRING *uis); +\& int UI_get_result_maxsize(UI_STRING *uis); +\& int UI_set_result(UI *ui, UI_STRING *uis, const char *result); +\& int UI_set_result_ex(UI *ui, UI_STRING *uis, const char *result, int len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1UI_STRING\s0\fR gets created internally and added to a \fB\s-1UI\s0\fR whenever +one of the functions \fIUI_add_input_string()\fR, \fIUI_dup_input_string()\fR, +\&\fIUI_add_verify_string()\fR, \fIUI_dup_verify_string()\fR, +\&\fIUI_add_input_boolean()\fR, \fIUI_dup_input_boolean()\fR, \fIUI_add_info_string()\fR, +\&\fIUI_dup_info_string()\fR, \fIUI_add_error_string()\fR or \fIUI_dup_error_string()\fR +is called. +For a \fB\s-1UI_METHOD\s0\fR user, there's no need to know more. +For a \fB\s-1UI_METHOD\s0\fR creator, it is of interest to fetch text from these +\&\fB\s-1UI_STRING\s0\fR objects as well as adding results to some of them. +.PP +\&\fIUI_get_string_type()\fR is used to retrieve the type of the given +\&\fB\s-1UI_STRING\s0\fR. +.PP +\&\fIUI_get_input_flags()\fR is used to retrieve the flags associated with the +given \fB\s-1UI_STRING\s0\fR. +.PP +\&\fIUI_get0_output_string()\fR is used to retrieve the actual string to +output (prompt, info, error, ...). +.PP +\&\fIUI_get0_action_string()\fR is used to retrieve the action description +associated with a \fB\s-1UIT_BOOLEAN\s0\fR type \fB\s-1UI_STRING\s0\fR. +For all other \fB\s-1UI_STRING\s0\fR types, \s-1NULL\s0 is returned. +See \fIUI_add_input_boolean\fR\|(3). +.PP +\&\fIUI_get0_result_string()\fR and \fIUI_get_result_string_length()\fR are used to +retrieve the result of a prompt and its length. +This is only useful for \fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type strings. +For all other \fB\s-1UI_STRING\s0\fR types, \fIUI_get0_result_string()\fR returns \s-1NULL\s0 +and \fIUI_get_result_string_length()\fR returns \-1. +.PP +\&\fIUI_get0_test_string()\fR is used to retrieve the string to compare the +prompt result with. +This is only useful for \fB\s-1UIT_VERIFY\s0\fR type strings. +For all other \fB\s-1UI_STRING\s0\fR types, \s-1NULL\s0 is returned. +.PP +\&\fIUI_get_result_minsize()\fR and \fIUI_get_result_maxsize()\fR are used to +retrieve the minimum and maximum required size of the result. +This is only useful for \fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type strings. +For all other \fB\s-1UI_STRING\s0\fR types, \-1 is returned. +.PP +\&\fIUI_set_result_ex()\fR is used to set the result value of a prompt and its length. +For \fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type \s-1UI\s0 strings, this sets the +result retrievable with \fIUI_get0_result_string()\fR by copying the +contents of \fBresult\fR if its length fits the minimum and maximum size +requirements. +For \fB\s-1UIT_BOOLEAN\s0\fR type \s-1UI\s0 strings, this sets the first character of +the result retrievable with \fIUI_get0_result_string()\fR to the first +\&\fBok_char\fR given with \fIUI_add_input_boolean()\fR or \fIUI_dup_input_boolean()\fR +if the \fBresult\fR matched any of them, or the first of the +\&\fBcancel_chars\fR if the \fBresult\fR matched any of them, otherwise it's +set to the \s-1NUL\s0 char \f(CW\*(C`\e0\*(C'\fR. +See \fIUI_add_input_boolean\fR\|(3) for more information on \fBok_chars\fR and +\&\fBcancel_chars\fR. +.PP +\&\fIUI_set_result()\fR does the same thing as \fIUI_set_result_ex()\fR, but calculates +its length internally. +It expects the string to be terminated with a \s-1NUL\s0 byte, and is therefore +only useful with normal C strings. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIUI_get_string_type()\fR returns the \s-1UI\s0 string type. +.PP +\&\fIUI_get_input_flags()\fR returns the \s-1UI\s0 string flags. +.PP +\&\fIUI_get0_output_string()\fR returns the \s-1UI\s0 string output string. +.PP +\&\fIUI_get0_action_string()\fR returns the \s-1UI\s0 string action description +string for \fB\s-1UIT_BOOLEAN\s0\fR type \s-1UI\s0 strings, \s-1NULL\s0 for any other type. +.PP +\&\fIUI_get0_result_string()\fR returns the \s-1UI\s0 string result buffer for +\&\fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type \s-1UI\s0 strings, \s-1NULL\s0 for any other +type. +.PP +\&\fIUI_get_result_string_length()\fR returns the \s-1UI\s0 string result buffer's +content length for \fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type \s-1UI\s0 strings, +\&\-1 for any other type. +.PP +\&\fIUI_get0_test_string()\fR returns the \s-1UI\s0 string action description +string for \fB\s-1UIT_VERIFY\s0\fR type \s-1UI\s0 strings, \s-1NULL\s0 for any other type. +.PP +\&\fIUI_get_result_minsize()\fR returns the minimum allowed result size for +the \s-1UI\s0 string for \fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type strings, +\&\-1 for any other type. +.PP +\&\fIUI_get_result_maxsize()\fR returns the minimum allowed result size for +the \s-1UI\s0 string for \fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type strings, +\&\-1 for any other type. +.PP +\&\fIUI_set_result()\fR returns 0 on success or when the \s-1UI\s0 string is of any +type other than \fB\s-1UIT_PROMPT\s0\fR, \fB\s-1UIT_VERIFY\s0\fR or \fB\s-1UIT_BOOLEAN\s0\fR, \-1 on +error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fIUI\s0\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/UI_UTIL_read_pw.3 b/linux_amd64/ssl/share/man/man3/UI_UTIL_read_pw.3 new file mode 100755 index 0000000..cdd03ac --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/UI_UTIL_read_pw.3 @@ -0,0 +1,194 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "UI_UTIL_READ_PW 3" +.TH UI_UTIL_READ_PW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +UI_UTIL_read_pw_string, UI_UTIL_read_pw, +UI_UTIL_wrap_read_pem_callback \- user interface utilities +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt, +\& int verify); +\& int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt, +\& int verify); +\& UI_METHOD *UI_UTIL_wrap_read_pem_callback(pem_password_cb *cb, int rwflag); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIUI_UTIL_read_pw_string()\fR asks for a passphrase, using \fBprompt\fR as a +prompt, and stores it in \fBbuf\fR. +The maximum allowed size is given with \fBlength\fR, including the +terminating \s-1NUL\s0 byte. +If \fBverify\fR is nonzero, the password will be verified as well. +.PP +\&\fIUI_UTIL_read_pw()\fR does the same as \fIUI_UTIL_read_pw_string()\fR, the +difference is that you can give it an external buffer \fBbuff\fR for the +verification passphrase. +.PP +\&\fIUI_UTIL_wrap_read_pem_callback()\fR can be used to create a temporary +\&\fB\s-1UI_METHOD\s0\fR that wraps a given \s-1PEM\s0 password callback \fBcb\fR. +\&\fBrwflag\fR is used to specify if this method will be used for +passphrase entry without (0) or with (1) verification. +When not used any more, the returned method should be freed with +\&\fIUI_destroy_method()\fR. +.SH "NOTES" +.IX Header "NOTES" +\&\fIUI_UTIL_read_pw_string()\fR and \fIUI_UTIL_read_pw()\fR use default +\&\fB\s-1UI_METHOD\s0\fR. +See \fIUI_get_default_method\fR\|(3) and friends for more information. +.PP +The result from the \fB\s-1UI_METHOD\s0\fR created by +\&\fIUI_UTIL_wrap_read_pem_callback()\fR will generate password strings in the +encoding that the given password callback generates. +The default password prompting functions (apart from +\&\fIUI_UTIL_read_pw_string()\fR and \fIUI_UTIL_read_pw()\fR, there is +\&\fIPEM_def_callback()\fR, \fIEVP_read_pw_string()\fR and \fIEVP_read_pw_string_min()\fR) +all use the default \fB\s-1UI_METHOD\s0\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIUI_UTIL_read_pw_string()\fR and \fIUI_UTIL_read_pw()\fR return 0 on success or a negative +value on error. +.PP +\&\fIUI_UTIL_wrap_read_pem_callback()\fR returns a valid \fB\s-1UI_METHOD\s0\fR structure or \s-1NULL\s0 +if an error occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIUI_get_default_method\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/UI_create_method.3 b/linux_amd64/ssl/share/man/man3/UI_create_method.3 new file mode 100755 index 0000000..58a7310 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/UI_create_method.3 @@ -0,0 +1,319 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "UI_CREATE_METHOD 3" +.TH UI_CREATE_METHOD 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +UI_METHOD, +UI_create_method, UI_destroy_method, UI_method_set_opener, +UI_method_set_writer, UI_method_set_flusher, UI_method_set_reader, +UI_method_set_closer, UI_method_set_data_duplicator, +UI_method_set_prompt_constructor, UI_method_set_ex_data, +UI_method_get_opener, UI_method_get_writer, UI_method_get_flusher, +UI_method_get_reader, UI_method_get_closer, +UI_method_get_data_duplicator, UI_method_get_data_destructor, +UI_method_get_prompt_constructor, UI_method_get_ex_data \- user +interface method creation and destruction +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct ui_method_st UI_METHOD; +\& +\& UI_METHOD *UI_create_method(const char *name); +\& void UI_destroy_method(UI_METHOD *ui_method); +\& int UI_method_set_opener(UI_METHOD *method, int (*opener) (UI *ui)); +\& int UI_method_set_writer(UI_METHOD *method, +\& int (*writer) (UI *ui, UI_STRING *uis)); +\& int UI_method_set_flusher(UI_METHOD *method, int (*flusher) (UI *ui)); +\& int UI_method_set_reader(UI_METHOD *method, +\& int (*reader) (UI *ui, UI_STRING *uis)); +\& int UI_method_set_closer(UI_METHOD *method, int (*closer) (UI *ui)); +\& int UI_method_set_data_duplicator(UI_METHOD *method, +\& void *(*duplicator) (UI *ui, void *ui_data), +\& void (*destructor)(UI *ui, void *ui_data)); +\& int UI_method_set_prompt_constructor(UI_METHOD *method, +\& char *(*prompt_constructor) (UI *ui, +\& const char +\& *object_desc, +\& const char +\& *object_name)); +\& int UI_method_set_ex_data(UI_METHOD *method, int idx, void *data); +\& int (*UI_method_get_opener(const UI_METHOD *method)) (UI *); +\& int (*UI_method_get_writer(const UI_METHOD *method)) (UI *, UI_STRING *); +\& int (*UI_method_get_flusher(const UI_METHOD *method)) (UI *); +\& int (*UI_method_get_reader(const UI_METHOD *method)) (UI *, UI_STRING *); +\& int (*UI_method_get_closer(const UI_METHOD *method)) (UI *); +\& char *(*UI_method_get_prompt_constructor(const UI_METHOD *method)) +\& (UI *, const char *, const char *); +\& void *(*UI_method_get_data_duplicator(const UI_METHOD *method)) (UI *, void *); +\& void (*UI_method_get_data_destructor(const UI_METHOD *method)) (UI *, void *); +\& const void *UI_method_get_ex_data(const UI_METHOD *method, int idx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A method contains a few functions that implement the low level of the +User Interface. +These functions are: +.IP "an opener" 4 +.IX Item "an opener" +This function takes a reference to a \s-1UI\s0 and starts a session, for +example by opening a channel to a tty, or by creating a dialog box. +.IP "a writer" 4 +.IX Item "a writer" +This function takes a reference to a \s-1UI\s0 and a \s-1UI\s0 String, and writes +the string where appropriate, maybe to the tty, maybe added as a field +label in a dialog box. +Note that this gets fed all strings associated with a \s-1UI\s0, one after +the other, so care must be taken which ones it actually uses. +.IP "a flusher" 4 +.IX Item "a flusher" +This function takes a reference to a \s-1UI\s0, and flushes everything that +has been output so far. +For example, if the method builds up a dialog box, this can be used to +actually display it and accepting input ended with a pressed button. +.IP "a reader" 4 +.IX Item "a reader" +This function takes a reference to a \s-1UI\s0 and a \s-1UI\s0 string and reads off +the given prompt, maybe from the tty, maybe from a field in a dialog +box. +Note that this gets fed all strings associated with a \s-1UI\s0, one after +the other, so care must be taken which ones it actually uses. +.IP "a closer" 4 +.IX Item "a closer" +This function takes a reference to a \s-1UI\s0, and closes the session, maybe +by closing the channel to the tty, maybe by destroying a dialog box. +.PP +All of these functions are expected to return 0 on error, 1 on +success, or \-1 on out-off-band events, for example if some prompting +has been cancelled (by pressing Ctrl-C, for example). +Only the flusher or the reader are expected to return \-1. +If returned by another of the functions, it's treated as if 0 was +returned. +.PP +Regarding the writer and the reader, don't assume the former should +only write and don't assume the latter should only read. +This depends on the needs of the method. +.PP +For example, a typical tty reader wouldn't write the prompts in the +write, but would rather do so in the reader, because of the sequential +nature of prompting on a tty. +This is how the \fIUI_OpenSSL()\fR method does it. +.PP +In contrast, a method that builds up a dialog box would add all prompt +text in the writer, have all input read in the flusher and store the +results in some temporary buffer, and finally have the reader just +fetch those results. +.PP +The central function that uses these method functions is \fIUI_process()\fR, +and it does it in five steps: +.IP "1." 4 +Open the session using the opener function if that one's defined. +If an error occurs, jump to 5. +.IP "2." 4 +For every \s-1UI\s0 String associated with the \s-1UI\s0, call the writer function +if that one's defined. +If an error occurs, jump to 5. +.IP "3." 4 +Flush everything using the flusher function if that one's defined. +If an error occurs, jump to 5. +.IP "4." 4 +For every \s-1UI\s0 String associated with the \s-1UI\s0, call the reader function +if that one's defined. +If an error occurs, jump to 5. +.IP "5." 4 +Close the session using the closer function if that one's defined. +.PP +\&\fIUI_create_method()\fR creates a new \s-1UI\s0 method with a given \fBname\fR. +.PP +\&\fIUI_destroy_method()\fR destroys the given \s-1UI\s0 method \fBui_method\fR. +.PP +\&\fIUI_method_set_opener()\fR, \fIUI_method_set_writer()\fR, +\&\fIUI_method_set_flusher()\fR, \fIUI_method_set_reader()\fR and +\&\fIUI_method_set_closer()\fR set the five main method function to the given +function pointer. +.PP +\&\fIUI_method_set_data_duplicator()\fR sets the user data duplicator and destructor. +See \fIUI_dup_user_data\fR\|(3). +.PP +\&\fIUI_method_set_prompt_constructor()\fR sets the prompt constructor. +See \fIUI_construct_prompt\fR\|(3). +.PP +\&\fIUI_method_set_ex_data()\fR sets application specific data with a given +\&\s-1EX_DATA\s0 index. +See \fICRYPTO_get_ex_new_index\fR\|(3) for general information on how to +get that index. +.PP +\&\fIUI_method_get_opener()\fR, \fIUI_method_get_writer()\fR, +\&\fIUI_method_get_flusher()\fR, \fIUI_method_get_reader()\fR, +\&\fIUI_method_get_closer()\fR, \fIUI_method_get_data_duplicator()\fR, +\&\fIUI_method_get_data_destructor()\fR and \fIUI_method_get_prompt_constructor()\fR +return the different method functions. +.PP +\&\fIUI_method_get_ex_data()\fR returns the application data previously stored +with \fIUI_method_set_ex_data()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIUI_create_method()\fR returns a \s-1UI_METHOD\s0 pointer on success, \s-1NULL\s0 on +error. +.PP +\&\fIUI_method_set_opener()\fR, \fIUI_method_set_writer()\fR, +\&\fIUI_method_set_flusher()\fR, \fIUI_method_set_reader()\fR, +\&\fIUI_method_set_closer()\fR, \fIUI_method_set_data_duplicator()\fR and +\&\fIUI_method_set_prompt_constructor()\fR +return 0 on success, \-1 if the given \fBmethod\fR is \s-1NULL\s0. +.PP +\&\fIUI_method_set_ex_data()\fR returns 1 on success and 0 on error (because +\&\fICRYPTO_set_ex_data()\fR does so). +.PP +\&\fIUI_method_get_opener()\fR, \fIUI_method_get_writer()\fR, +\&\fIUI_method_get_flusher()\fR, \fIUI_method_get_reader()\fR, +\&\fIUI_method_get_closer()\fR, \fIUI_method_get_data_duplicator()\fR, +\&\fIUI_method_get_data_destructor()\fR and \fIUI_method_get_prompt_constructor()\fR +return the requested function pointer if it's set in the method, +otherwise \s-1NULL\s0. +.PP +\&\fIUI_method_get_ex_data()\fR returns a pointer to the application specific +data associated with the method. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fIUI\s0\fR\|(3), \fICRYPTO_get_ex_data\fR\|(3), \s-1\fIUI_STRING\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fIUI_method_set_data_duplicator()\fR, \fIUI_method_get_data_duplicator()\fR +and \fIUI_method_get_data_destructor()\fR functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/UI_new.3 b/linux_amd64/ssl/share/man/man3/UI_new.3 new file mode 100755 index 0000000..fd7d1c6 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/UI_new.3 @@ -0,0 +1,375 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "UI_NEW 3" +.TH UI_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +UI, +UI_new, UI_new_method, UI_free, UI_add_input_string, UI_dup_input_string, +UI_add_verify_string, UI_dup_verify_string, UI_add_input_boolean, +UI_dup_input_boolean, UI_add_info_string, UI_dup_info_string, +UI_add_error_string, UI_dup_error_string, UI_construct_prompt, +UI_add_user_data, UI_dup_user_data, UI_get0_user_data, UI_get0_result, +UI_get_result_length, +UI_process, UI_ctrl, UI_set_default_method, UI_get_default_method, +UI_get_method, UI_set_method, UI_OpenSSL, UI_null \- user interface +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct ui_st UI; +\& +\& UI *UI_new(void); +\& UI *UI_new_method(const UI_METHOD *method); +\& void UI_free(UI *ui); +\& +\& int UI_add_input_string(UI *ui, const char *prompt, int flags, +\& char *result_buf, int minsize, int maxsize); +\& int UI_dup_input_string(UI *ui, const char *prompt, int flags, +\& char *result_buf, int minsize, int maxsize); +\& int UI_add_verify_string(UI *ui, const char *prompt, int flags, +\& char *result_buf, int minsize, int maxsize, +\& const char *test_buf); +\& int UI_dup_verify_string(UI *ui, const char *prompt, int flags, +\& char *result_buf, int minsize, int maxsize, +\& const char *test_buf); +\& int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc, +\& const char *ok_chars, const char *cancel_chars, +\& int flags, char *result_buf); +\& int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc, +\& const char *ok_chars, const char *cancel_chars, +\& int flags, char *result_buf); +\& int UI_add_info_string(UI *ui, const char *text); +\& int UI_dup_info_string(UI *ui, const char *text); +\& int UI_add_error_string(UI *ui, const char *text); +\& int UI_dup_error_string(UI *ui, const char *text); +\& +\& char *UI_construct_prompt(UI *ui_method, +\& const char *object_desc, const char *object_name); +\& +\& void *UI_add_user_data(UI *ui, void *user_data); +\& int UI_dup_user_data(UI *ui, void *user_data); +\& void *UI_get0_user_data(UI *ui); +\& +\& const char *UI_get0_result(UI *ui, int i); +\& int UI_get_result_length(UI *ui, int i); +\& +\& int UI_process(UI *ui); +\& +\& int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)()); +\& +\& void UI_set_default_method(const UI_METHOD *meth); +\& const UI_METHOD *UI_get_default_method(void); +\& const UI_METHOD *UI_get_method(UI *ui); +\& const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth); +\& +\& UI_METHOD *UI_OpenSSL(void); +\& const UI_METHOD *UI_null(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1UI\s0 stands for User Interface, and is general purpose set of routines to +prompt the user for text-based information. Through user-written methods +(see \fIUI_create_method\fR\|(3)), prompting can be done in any way +imaginable, be it plain text prompting, through dialog boxes or from a +cell phone. +.PP +All the functions work through a context of the type \s-1UI\s0. This context +contains all the information needed to prompt correctly as well as a +reference to a \s-1UI_METHOD\s0, which is an ordered vector of functions that +carry out the actual prompting. +.PP +The first thing to do is to create a \s-1UI\s0 with \fIUI_new()\fR or \fIUI_new_method()\fR, +then add information to it with the UI_add or UI_dup functions. Also, +user-defined random data can be passed down to the underlying method +through calls to \fIUI_add_user_data()\fR or \fIUI_dup_user_data()\fR. The default +\&\s-1UI\s0 method doesn't care about these data, but other methods might. Finally, +use \fIUI_process()\fR to actually perform the prompting and \fIUI_get0_result()\fR +and \fIUI_get_result_length()\fR to find the result to the prompt and its length. +.PP +A \s-1UI\s0 can contain more than one prompt, which are performed in the given +sequence. Each prompt gets an index number which is returned by the +UI_add and UI_dup functions, and has to be used to get the corresponding +result with \fIUI_get0_result()\fR and \fIUI_get_result_length()\fR. +.PP +\&\fIUI_process()\fR can be called more than once on the same \s-1UI\s0, thereby allowing +a \s-1UI\s0 to have a long lifetime, but can just as well have a short lifetime. +.PP +The functions are as follows: +.PP +\&\fIUI_new()\fR creates a new \s-1UI\s0 using the default \s-1UI\s0 method. When done with +this \s-1UI\s0, it should be freed using \fIUI_free()\fR. +.PP +\&\fIUI_new_method()\fR creates a new \s-1UI\s0 using the given \s-1UI\s0 method. When done with +this \s-1UI\s0, it should be freed using \fIUI_free()\fR. +.PP +\&\fIUI_OpenSSL()\fR returns the built-in \s-1UI\s0 method (note: not necessarily the +default one, since the default can be changed. See further on). This +method is the most machine/OS dependent part of OpenSSL and normally +generates the most problems when porting. +.PP +\&\fIUI_null()\fR returns a \s-1UI\s0 method that does nothing. Its use is to avoid +getting internal defaults for passed \s-1UI_METHOD\s0 pointers. +.PP +\&\fIUI_free()\fR removes a \s-1UI\s0 from memory, along with all other pieces of memory +that's connected to it, like duplicated input strings, results and others. +If \fBui\fR is \s-1NULL\s0 nothing is done. +.PP +\&\fIUI_add_input_string()\fR and \fIUI_add_verify_string()\fR add a prompt to the \s-1UI\s0, +as well as flags and a result buffer and the desired minimum and maximum +sizes of the result, not counting the final \s-1NUL\s0 character. The given +information is used to prompt for information, for example a password, +and to verify a password (i.e. having the user enter it twice and check +that the same string was entered twice). \fIUI_add_verify_string()\fR takes +and extra argument that should be a pointer to the result buffer of the +input string that it's supposed to verify, or verification will fail. +.PP +\&\fIUI_add_input_boolean()\fR adds a prompt to the \s-1UI\s0 that's supposed to be answered +in a boolean way, with a single character for yes and a different character +for no. A set of characters that can be used to cancel the prompt is given +as well. The prompt itself is divided in two, one part being the +descriptive text (given through the \fIprompt\fR argument) and one describing +the possible answers (given through the \fIaction_desc\fR argument). +.PP +\&\fIUI_add_info_string()\fR and \fIUI_add_error_string()\fR add strings that are shown at +the same time as the prompt for extra information or to show an error string. +The difference between the two is only conceptual. With the built-in method, +there's no technical difference between them. Other methods may make a +difference between them, however. +.PP +The flags currently supported are \fB\s-1UI_INPUT_FLAG_ECHO\s0\fR, which is relevant for +\&\fIUI_add_input_string()\fR and will have the users response be echoed (when +prompting for a password, this flag should obviously not be used, and +\&\fB\s-1UI_INPUT_FLAG_DEFAULT_PWD\s0\fR, which means that a default password of some +sort will be used (completely depending on the application and the \s-1UI\s0 +method). +.PP +\&\fIUI_dup_input_string()\fR, \fIUI_dup_verify_string()\fR, \fIUI_dup_input_boolean()\fR, +\&\fIUI_dup_info_string()\fR and \fIUI_dup_error_string()\fR are basically the same +as their UI_add counterparts, except that they make their own copies +of all strings. +.PP +\&\fIUI_construct_prompt()\fR is a helper function that can be used to create +a prompt from two pieces of information: an description and a name. +The default constructor (if there is none provided by the method used) +creates a string "Enter \fIdescription\fR for \fIname\fR:\*(L". With the +description \*(R"pass phrase\*(L" and the filename \*(R"foo.key\*(L", that becomes +\&\*(R"Enter pass phrase for foo.key:". Other methods may create whatever +string and may include encodings that will be processed by the other +method functions. +.PP +\&\fIUI_add_user_data()\fR adds a user data pointer for the method to use at any +time. The built-in \s-1UI\s0 method doesn't care about this info. Note that several +calls to this function doesn't add data, it replaces the previous blob +with the one given as argument. +.PP +\&\fIUI_dup_user_data()\fR duplicates the user data and works as an alternative +to \fIUI_add_user_data()\fR when the user data needs to be preserved for a longer +duration, perhaps even the lifetime of the application. The \s-1UI\s0 object takes +ownership of this duplicate and will free it whenever it gets replaced or +the \s-1UI\s0 is destroyed. \fIUI_dup_user_data()\fR returns 0 on success, or \-1 on memory +allocation failure or if the method doesn't have a duplicator function. +.PP +\&\fIUI_get0_user_data()\fR retrieves the data that has last been given to the +\&\s-1UI\s0 with \fIUI_add_user_data()\fR or UI_dup_user_data. +.PP +\&\fIUI_get0_result()\fR returns a pointer to the result buffer associated with +the information indexed by \fIi\fR. +.PP +\&\fIUI_get_result_length()\fR returns the length of the result buffer associated with +the information indexed by \fIi\fR. +.PP +\&\fIUI_process()\fR goes through the information given so far, does all the printing +and prompting and returns the final status, which is \-2 on out-of-band events +(Interrupt, Cancel, ...), \-1 on error and 0 on success. +.PP +\&\fIUI_ctrl()\fR adds extra control for the application author. For now, it +understands two commands: \fB\s-1UI_CTRL_PRINT_ERRORS\s0\fR, which makes \fIUI_process()\fR +print the OpenSSL error stack as part of processing the \s-1UI\s0, and +\&\fB\s-1UI_CTRL_IS_REDOABLE\s0\fR, which returns a flag saying if the used \s-1UI\s0 can +be used again or not. +.PP +\&\fIUI_set_default_method()\fR changes the default \s-1UI\s0 method to the one given. +This function is not thread-safe and should not be called at the same time +as other OpenSSL functions. +.PP +\&\fIUI_get_default_method()\fR returns a pointer to the current default \s-1UI\s0 method. +.PP +\&\fIUI_get_method()\fR returns the \s-1UI\s0 method associated with a given \s-1UI\s0. +.PP +\&\fIUI_set_method()\fR changes the \s-1UI\s0 method associated with a given \s-1UI\s0. +.SH "NOTES" +.IX Header "NOTES" +The resulting strings that the built in method \fIUI_OpenSSL()\fR generate +are assumed to be encoded according to the current locale or (for +Windows) code page. +For applications having different demands, these strings need to be +converted appropriately by the caller. +For Windows, if the \fB\s-1OPENSSL_WIN32_UTF8\s0\fR environment variable is set, +the built-in method \fIUI_OpenSSL()\fR will produce \s-1UTF\-8\s0 encoded strings +instead. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIUI_new()\fR and \fIUI_new_method()\fR return a valid \fB\s-1UI\s0\fR structure or \s-1NULL\s0 if an error +occurred. +.PP +\&\fIUI_add_input_string()\fR, \fIUI_dup_input_string()\fR, \fIUI_add_verify_string()\fR, +\&\fIUI_dup_verify_string()\fR, \fIUI_add_input_boolean()\fR, \fIUI_dup_input_boolean()\fR, +\&\fIUI_add_info_string()\fR, \fIUI_dup_info_string()\fR, \fIUI_add_error_string()\fR +and \fIUI_dup_error_string()\fR return a positive number on success or a value which +is less than or equal to 0 otherwise. +.PP +\&\fIUI_construct_prompt()\fR returns a string or \s-1NULL\s0 if an error occurred. +.PP +\&\fIUI_dup_user_data()\fR returns 0 on success or \-1 on error. +.PP +\&\fIUI_get0_result()\fR returns a string or \s-1NULL\s0 on error. +.PP +\&\fIUI_get_result_length()\fR returns a positive integer or 0 on success; otherwise it +returns \-1 on error. +.PP +\&\fIUI_process()\fR returns 0 on success or a negative value on error. +.PP +\&\fIUI_ctrl()\fR returns a mask on success or \-1 on error. +.PP +\&\fIUI_get_default_method()\fR, \fIUI_get_method()\fR, \fIUI_OpenSSL()\fR, \fIUI_null()\fR and +\&\fIUI_set_method()\fR return either a valid \fB\s-1UI_METHOD\s0\fR structure or \s-1NULL\s0 +respectively. +.SH "HISTORY" +.IX Header "HISTORY" +The \fIUI_dup_user_data()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/X509V3_get_d2i.3 b/linux_amd64/ssl/share/man/man3/X509V3_get_d2i.3 new file mode 100755 index 0000000..e785ad0 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/X509V3_get_d2i.3 @@ -0,0 +1,370 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509V3_GET_D2I 3" +.TH X509V3_GET_D2I 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_get0_extensions, X509_CRL_get0_extensions, X509_REVOKED_get0_extensions, +X509V3_get_d2i, X509V3_add1_i2d, X509V3_EXT_d2i, X509V3_EXT_i2d, +X509_get_ext_d2i, X509_add1_ext_i2d, X509_CRL_get_ext_d2i, +X509_CRL_add1_ext_i2d, X509_REVOKED_get_ext_d2i, +X509_REVOKED_add1_ext_i2d \- X509 extension decode and encode functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit, +\& int *idx); +\& int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, +\& int crit, unsigned long flags); +\& +\& void *X509V3_EXT_d2i(X509_EXTENSION *ext); +\& X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext); +\& +\& void *X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx); +\& int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, +\& unsigned long flags); +\& +\& void *X509_CRL_get_ext_d2i(const X509_CRL *crl, int nid, int *crit, int *idx); +\& int X509_CRL_add1_ext_i2d(X509_CRL *crl, int nid, void *value, int crit, +\& unsigned long flags); +\& +\& void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *r, int nid, int *crit, int *idx); +\& int X509_REVOKED_add1_ext_i2d(X509_REVOKED *r, int nid, void *value, int crit, +\& unsigned long flags); +\& +\& const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x); +\& const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(const X509_CRL *crl); +\& const STACK_OF(X509_EXTENSION) *X509_REVOKED_get0_extensions(const X509_REVOKED *r); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIX509V3_get_ext_d2i()\fR looks for an extension with \s-1OID\s0 \fBnid\fR in the extensions +\&\fBx\fR and, if found, decodes it. If \fBidx\fR is \fB\s-1NULL\s0\fR then only one +occurrence of an extension is permissible otherwise the first extension after +index \fB*idx\fR is returned and \fB*idx\fR updated to the location of the extension. +If \fBcrit\fR is not \fB\s-1NULL\s0\fR then \fB*crit\fR is set to a status value: \-2 if the +extension occurs multiple times (this is only returned if \fBidx\fR is \fB\s-1NULL\s0\fR), +\&\-1 if the extension could not be found, 0 if the extension is found and is +not critical and 1 if critical. A pointer to an extension specific structure +or \fB\s-1NULL\s0\fR is returned. +.PP +\&\fIX509V3_add1_i2d()\fR adds extension \fBvalue\fR to \s-1STACK\s0 \fB*x\fR (allocating a new +\&\s-1STACK\s0 if necessary) using \s-1OID\s0 \fBnid\fR and criticality \fBcrit\fR according +to \fBflags\fR. +.PP +\&\fIX509V3_EXT_d2i()\fR attempts to decode the \s-1ASN\s0.1 data contained in extension +\&\fBext\fR and returns a pointer to an extension specific structure or \fB\s-1NULL\s0\fR +if the extension could not be decoded (invalid syntax or not supported). +.PP +\&\fIX509V3_EXT_i2d()\fR encodes the extension specific structure \fBext\fR +with \s-1OID\s0 \fBext_nid\fR and criticality \fBcrit\fR. +.PP +\&\fIX509_get_ext_d2i()\fR and \fIX509_add1_ext_i2d()\fR operate on the extensions of +certificate \fBx\fR, they are otherwise identical to \fIX509V3_get_d2i()\fR and +\&\fIX509V3_add_i2d()\fR. +.PP +\&\fIX509_CRL_get_ext_d2i()\fR and \fIX509_CRL_add1_ext_i2d()\fR operate on the extensions +of \s-1CRL\s0 \fBcrl\fR, they are otherwise identical to \fIX509V3_get_d2i()\fR and +\&\fIX509V3_add_i2d()\fR. +.PP +\&\fIX509_REVOKED_get_ext_d2i()\fR and \fIX509_REVOKED_add1_ext_i2d()\fR operate on the +extensions of \fBX509_REVOKED\fR structure \fBr\fR (i.e for \s-1CRL\s0 entry extensions), +they are otherwise identical to \fIX509V3_get_d2i()\fR and \fIX509V3_add_i2d()\fR. +.PP +\&\fIX509_get0_extensions()\fR, \fIX509_CRL_get0_extensions()\fR and +\&\fIX509_REVOKED_get0_extensions()\fR return a stack of all the extensions +of a certificate a \s-1CRL\s0 or a \s-1CRL\s0 entry respectively. +.SH "NOTES" +.IX Header "NOTES" +In almost all cases an extension can occur at most once and multiple +occurrences is an error. Therefore the \fBidx\fR parameter is usually \fB\s-1NULL\s0\fR. +.PP +The \fBflags\fR parameter may be one of the following values. +.PP +\&\fBX509V3_ADD_DEFAULT\fR appends a new extension only if the extension does +not already exist. An error is returned if the extension does already +exist. +.PP +\&\fBX509V3_ADD_APPEND\fR appends a new extension, ignoring whether the extension +already exists. +.PP +\&\fBX509V3_ADD_REPLACE\fR replaces an extension if it exists otherwise appends +a new extension. +.PP +\&\fBX509V3_ADD_REPLACE_EXISTING\fR replaces an existing extension if it exists +otherwise returns an error. +.PP +\&\fBX509V3_ADD_KEEP_EXISTING\fR appends a new extension only if the extension does +not already exist. An error \fBis not\fR returned if the extension does already +exist. +.PP +\&\fBX509V3_ADD_DELETE\fR extension \fBnid\fR is deleted: no new extension is added. +.PP +If \fBX509V3_ADD_SILENT\fR is ored with \fBflags\fR: any error returned will not +be added to the error queue. +.PP +The function \fIX509V3_get_d2i()\fR will return \fB\s-1NULL\s0\fR if the extension is not +found, occurs multiple times or cannot be decoded. It is possible to +determine the precise reason by checking the value of \fB*crit\fR. +.SH "SUPPORTED EXTENSIONS" +.IX Header "SUPPORTED EXTENSIONS" +The following sections contain a list of all supported extensions +including their name and \s-1NID\s0. +.SS "\s-1PKIX\s0 Certificate Extensions" +.IX Subsection "PKIX Certificate Extensions" +The following certificate extensions are defined in \s-1PKIX\s0 standards such as +\&\s-1RFC5280\s0. +.PP +.Vb 3 +\& Basic Constraints NID_basic_constraints +\& Key Usage NID_key_usage +\& Extended Key Usage NID_ext_key_usage +\& +\& Subject Key Identifier NID_subject_key_identifier +\& Authority Key Identifier NID_authority_key_identifier +\& +\& Private Key Usage Period NID_private_key_usage_period +\& +\& Subject Alternative Name NID_subject_alt_name +\& Issuer Alternative Name NID_issuer_alt_name +\& +\& Authority Information Access NID_info_access +\& Subject Information Access NID_sinfo_access +\& +\& Name Constraints NID_name_constraints +\& +\& Certificate Policies NID_certificate_policies +\& Policy Mappings NID_policy_mappings +\& Policy Constraints NID_policy_constraints +\& Inhibit Any Policy NID_inhibit_any_policy +\& +\& TLS Feature NID_tlsfeature +.Ve +.SS "Netscape Certificate Extensions" +.IX Subsection "Netscape Certificate Extensions" +The following are (largely obsolete) Netscape certificate extensions. +.PP +.Vb 8 +\& Netscape Cert Type NID_netscape_cert_type +\& Netscape Base Url NID_netscape_base_url +\& Netscape Revocation Url NID_netscape_revocation_url +\& Netscape CA Revocation Url NID_netscape_ca_revocation_url +\& Netscape Renewal Url NID_netscape_renewal_url +\& Netscape CA Policy Url NID_netscape_ca_policy_url +\& Netscape SSL Server Name NID_netscape_ssl_server_name +\& Netscape Comment NID_netscape_comment +.Ve +.SS "Miscellaneous Certificate Extensions" +.IX Subsection "Miscellaneous Certificate Extensions" +.Vb 2 +\& Strong Extranet ID NID_sxnet +\& Proxy Certificate Information NID_proxyCertInfo +.Ve +.SS "\s-1PKIX\s0 \s-1CRL\s0 Extensions" +.IX Subsection "PKIX CRL Extensions" +The following are \s-1CRL\s0 extensions from \s-1PKIX\s0 standards such as \s-1RFC5280\s0. +.PP +.Vb 6 +\& CRL Number NID_crl_number +\& CRL Distribution Points NID_crl_distribution_points +\& Delta CRL Indicator NID_delta_crl +\& Freshest CRL NID_freshest_crl +\& Invalidity Date NID_invalidity_date +\& Issuing Distribution Point NID_issuing_distribution_point +.Ve +.PP +The following are \s-1CRL\s0 entry extensions from \s-1PKIX\s0 standards such as \s-1RFC5280\s0. +.PP +.Vb 2 +\& CRL Reason Code NID_crl_reason +\& Certificate Issuer NID_certificate_issuer +.Ve +.SS "\s-1OCSP\s0 Extensions" +.IX Subsection "OCSP Extensions" +.Vb 7 +\& OCSP Nonce NID_id_pkix_OCSP_Nonce +\& OCSP CRL ID NID_id_pkix_OCSP_CrlID +\& Acceptable OCSP Responses NID_id_pkix_OCSP_acceptableResponses +\& OCSP No Check NID_id_pkix_OCSP_noCheck +\& OCSP Archive Cutoff NID_id_pkix_OCSP_archiveCutoff +\& OCSP Service Locator NID_id_pkix_OCSP_serviceLocator +\& Hold Instruction Code NID_hold_instruction_code +.Ve +.SS "Certificate Transparency Extensions" +.IX Subsection "Certificate Transparency Extensions" +The following extensions are used by certificate transparency, \s-1RFC6962\s0 +.PP +.Vb 2 +\& CT Precertificate SCTs NID_ct_precert_scts +\& CT Certificate SCTs NID_ct_cert_scts +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509V3_EXT_d2i()\fR and *\fIX509V3_get_d2i()\fR return a pointer to an extension +specific structure of \fB\s-1NULL\s0\fR if an error occurs. +.PP +\&\fIX509V3_EXT_i2d()\fR returns a pointer to an \fBX509_EXTENSION\fR structure +or \fB\s-1NULL\s0\fR if an error occurs. +.PP +\&\fIX509V3_add1_i2d()\fR returns 1 if the operation is successful and 0 if it +fails due to a non-fatal error (extension not found, already exists, +cannot be encoded) or \-1 due to a fatal error such as a memory allocation +failure. +.PP +\&\fIX509_get0_extensions()\fR, \fIX509_CRL_get0_extensions()\fR and +\&\fIX509_REVOKED_get0_extensions()\fR return a stack of extensions. They return +\&\s-1NULL\s0 if no extensions are present. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fId2i_X509\fR\|(3), +\&\fIERR_get_error\fR\|(3), +\&\fIX509_CRL_get0_by_serial\fR\|(3), +\&\fIX509_get0_signature\fR\|(3), +\&\fIX509_get_ext_d2i\fR\|(3), +\&\fIX509_get_extension_flags\fR\|(3), +\&\fIX509_get_pubkey\fR\|(3), +\&\fIX509_get_subject_name\fR\|(3), +\&\fIX509_get_version\fR\|(3), +\&\fIX509_NAME_add_entry_by_txt\fR\|(3), +\&\fIX509_NAME_ENTRY_get_object\fR\|(3), +\&\fIX509_NAME_get_index_by_NID\fR\|(3), +\&\fIX509_NAME_print_ex\fR\|(3), +\&\fIX509_new\fR\|(3), +\&\fIX509_sign\fR\|(3), +\&\fIX509_verify_cert\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/X509_ALGOR_dup.3 b/linux_amd64/ssl/share/man/man3/X509_ALGOR_dup.3 new file mode 100755 index 0000000..030caeb --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/X509_ALGOR_dup.3 @@ -0,0 +1,184 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_ALGOR_DUP 3" +.TH X509_ALGOR_DUP 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_ALGOR_dup, X509_ALGOR_set0, X509_ALGOR_get0, X509_ALGOR_set_md, X509_ALGOR_cmp \- AlgorithmIdentifier functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *alg); +\& int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval); +\& void X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype, +\& const void **ppval, const X509_ALGOR *alg); +\& void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md); +\& int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIX509_ALGOR_dup()\fR returns a copy of \fBalg\fR. +.PP +\&\fIX509_ALGOR_set0()\fR sets the algorithm \s-1OID\s0 of \fBalg\fR to \fBaobj\fR and the +associated parameter type to \fBptype\fR with value \fBpval\fR. If \fBptype\fR is +\&\fBV_ASN1_UNDEF\fR the parameter is omitted, otherwise \fBptype\fR and \fBpval\fR have +the same meaning as the \fBtype\fR and \fBvalue\fR parameters to \fIASN1_TYPE_set()\fR. +All the supplied parameters are used internally so must \fB\s-1NOT\s0\fR be freed after +this call. +.PP +\&\fIX509_ALGOR_get0()\fR is the inverse of \fIX509_ALGOR_set0()\fR: it returns the +algorithm \s-1OID\s0 in \fB*paobj\fR and the associated parameter in \fB*pptype\fR +and \fB*ppval\fR from the \fBAlgorithmIdentifier\fR \fBalg\fR. +.PP +\&\fIX509_ALGOR_set_md()\fR sets the \fBAlgorithmIdentifier\fR \fBalg\fR to appropriate +values for the message digest \fBmd\fR. +.PP +\&\fIX509_ALGOR_cmp()\fR compares \fBa\fR and \fBb\fR and returns 0 if they have identical +encodings and nonzero otherwise. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_ALGOR_dup()\fR returns a valid \fBX509_ALGOR\fR structure or \s-1NULL\s0 if an error +occurred. +.PP +\&\fIX509_ALGOR_set0()\fR returns 1 on success or 0 on error. +.PP +\&\fIX509_ALGOR_get0()\fR and \fIX509_ALGOR_set_md()\fR return no values. +.PP +\&\fIX509_ALGOR_cmp()\fR returns 0 if the two parameters have identical encodings and +nonzero otherwise. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/X509_CRL_get0_by_serial.3 b/linux_amd64/ssl/share/man/man3/X509_CRL_get0_by_serial.3 new file mode 100755 index 0000000..dadb3a1 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/X509_CRL_get0_by_serial.3 @@ -0,0 +1,237 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_CRL_GET0_BY_SERIAL 3" +.TH X509_CRL_GET0_BY_SERIAL 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_CRL_get0_by_serial, X509_CRL_get0_by_cert, X509_CRL_get_REVOKED, +X509_REVOKED_get0_serialNumber, X509_REVOKED_get0_revocationDate, +X509_REVOKED_set_serialNumber, X509_REVOKED_set_revocationDate, +X509_CRL_add0_revoked, X509_CRL_sort \- CRL revoked entry utility +functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_CRL_get0_by_serial(X509_CRL *crl, +\& X509_REVOKED **ret, ASN1_INTEGER *serial); +\& int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x); +\& +\& STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl); +\& +\& const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *r); +\& const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOKED *r); +\& +\& int X509_REVOKED_set_serialNumber(X509_REVOKED *r, ASN1_INTEGER *serial); +\& int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm); +\& +\& int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev); +\& +\& int X509_CRL_sort(X509_CRL *crl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIX509_CRL_get0_by_serial()\fR attempts to find a revoked entry in \fBcrl\fR for +serial number \fBserial\fR. If it is successful it sets \fB*ret\fR to the internal +pointer of the matching entry, as a result \fB*ret\fR must not be freed up +after the call. +.PP +\&\fIX509_CRL_get0_by_cert()\fR is similar to \fIX509_get0_by_serial()\fR except it +looks for a revoked entry using the serial number of certificate \fBx\fR. +.PP +\&\fIX509_CRL_get_REVOKED()\fR returns an internal pointer to a stack of all +revoked entries for \fBcrl\fR. +.PP +\&\fIX509_REVOKED_get0_serialNumber()\fR returns an internal pointer to the +serial number of \fBr\fR. +.PP +\&\fIX509_REVOKED_get0_revocationDate()\fR returns an internal pointer to the +revocation date of \fBr\fR. +.PP +\&\fIX509_REVOKED_set_serialNumber()\fR sets the serial number of \fBr\fR to \fBserial\fR. +The supplied \fBserial\fR pointer is not used internally so it should be +freed up after use. +.PP +\&\fIX509_REVOKED_set_revocationDate()\fR sets the revocation date of \fBr\fR to +\&\fBtm\fR. The supplied \fBtm\fR pointer is not used internally so it should be +freed up after use. +.PP +\&\fIX509_CRL_add0_revoked()\fR appends revoked entry \fBrev\fR to \s-1CRL\s0 \fBcrl\fR. The +pointer \fBrev\fR is used internally so it must not be freed up after the call: +it is freed when the parent \s-1CRL\s0 is freed. +.PP +\&\fIX509_CRL_sort()\fR sorts the revoked entries of \fBcrl\fR into ascending serial +number order. +.SH "NOTES" +.IX Header "NOTES" +Applications can determine the number of revoked entries returned by +\&\fIX509_CRL_get_revoked()\fR using \fIsk_X509_REVOKED_num()\fR and examine each one +in turn using \fIsk_X509_REVOKED_value()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_CRL_get0_by_serial()\fR and \fIX509_CRL_get0_by_cert()\fR return 0 for failure, +1 on success except if the revoked entry has the reason \f(CW\*(C`removeFromCRL\*(C'\fR (8), +in which case 2 is returned. +.PP +\&\fIX509_REVOKED_set_serialNumber()\fR, \fIX509_REVOKED_set_revocationDate()\fR, +\&\fIX509_CRL_add0_revoked()\fR and \fIX509_CRL_sort()\fR return 1 for success and 0 for +failure. +.PP +\&\fIX509_REVOKED_get0_serialNumber()\fR returns an \fB\s-1ASN1_INTEGER\s0\fR pointer. +.PP +\&\fIX509_REVOKED_get0_revocationDate()\fR returns an \fB\s-1ASN1_TIME\s0\fR value. +.PP +\&\fIX509_CRL_get_REVOKED()\fR returns a \s-1STACK\s0 of revoked entries. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fId2i_X509\fR\|(3), +\&\fIERR_get_error\fR\|(3), +\&\fIX509_get0_signature\fR\|(3), +\&\fIX509_get_ext_d2i\fR\|(3), +\&\fIX509_get_extension_flags\fR\|(3), +\&\fIX509_get_pubkey\fR\|(3), +\&\fIX509_get_subject_name\fR\|(3), +\&\fIX509_get_version\fR\|(3), +\&\fIX509_NAME_add_entry_by_txt\fR\|(3), +\&\fIX509_NAME_ENTRY_get_object\fR\|(3), +\&\fIX509_NAME_get_index_by_NID\fR\|(3), +\&\fIX509_NAME_print_ex\fR\|(3), +\&\fIX509_new\fR\|(3), +\&\fIX509_sign\fR\|(3), +\&\fIX509V3_get_d2i\fR\|(3), +\&\fIX509_verify_cert\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/X509_EXTENSION_set_object.3 b/linux_amd64/ssl/share/man/man3/X509_EXTENSION_set_object.3 new file mode 100755 index 0000000..d3d0364 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/X509_EXTENSION_set_object.3 @@ -0,0 +1,218 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_EXTENSION_SET_OBJECT 3" +.TH X509_EXTENSION_SET_OBJECT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_EXTENSION_set_object, X509_EXTENSION_set_critical, +X509_EXTENSION_set_data, X509_EXTENSION_create_by_NID, +X509_EXTENSION_create_by_OBJ, X509_EXTENSION_get_object, +X509_EXTENSION_get_critical, X509_EXTENSION_get_data \- extension utility +functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 3 +\& int X509_EXTENSION_set_object(X509_EXTENSION *ex, const ASN1_OBJECT *obj); +\& int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit); +\& int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data); +\& +\& X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, +\& int nid, int crit, +\& ASN1_OCTET_STRING *data); +\& X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex, +\& const ASN1_OBJECT *obj, int crit, +\& ASN1_OCTET_STRING *data); +\& +\& ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex); +\& int X509_EXTENSION_get_critical(const X509_EXTENSION *ex); +\& ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIX509_EXTENSION_set_object()\fR sets the extension type of \fBex\fR to \fBobj\fR. The +\&\fBobj\fR pointer is duplicated internally so \fBobj\fR should be freed up after use. +.PP +\&\fIX509_EXTENSION_set_critical()\fR sets the criticality of \fBex\fR to \fBcrit\fR. If +\&\fBcrit\fR is zero the extension in non-critical otherwise it is critical. +.PP +\&\fIX509_EXTENSION_set_data()\fR sets the data in extension \fBex\fR to \fBdata\fR. The +\&\fBdata\fR pointer is duplicated internally. +.PP +\&\fIX509_EXTENSION_create_by_NID()\fR creates an extension of type \fBnid\fR, +criticality \fBcrit\fR using data \fBdata\fR. The created extension is returned and +written to \fB*ex\fR reusing or allocating a new extension if necessary so \fB*ex\fR +should either be \fB\s-1NULL\s0\fR or a valid \fBX509_EXTENSION\fR structure it must +\&\fBnot\fR be an uninitialised pointer. +.PP +\&\fIX509_EXTENSION_create_by_OBJ()\fR is identical to \fIX509_EXTENSION_create_by_NID()\fR +except it creates and extension using \fBobj\fR instead of a \s-1NID\s0. +.PP +\&\fIX509_EXTENSION_get_object()\fR returns the extension type of \fBex\fR as an +\&\fB\s-1ASN1_OBJECT\s0\fR pointer. The returned pointer is an internal value which must +not be freed up. +.PP +\&\fIX509_EXTENSION_get_critical()\fR returns the criticality of extension \fBex\fR it +returns \fB1\fR for critical and \fB0\fR for non-critical. +.PP +\&\fIX509_EXTENSION_get_data()\fR returns the data of extension \fBex\fR. The returned +pointer is an internal value which must not be freed up. +.SH "NOTES" +.IX Header "NOTES" +These functions manipulate the contents of an extension directly. Most +applications will want to parse or encode and add an extension: they should +use the extension encode and decode functions instead such as +\&\fIX509_add1_ext_i2d()\fR and \fIX509_get_ext_d2i()\fR. +.PP +The \fBdata\fR associated with an extension is the extension encoding in an +\&\fB\s-1ASN1_OCTET_STRING\s0\fR structure. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_EXTENSION_set_object()\fR \fIX509_EXTENSION_set_critical()\fR and +\&\fIX509_EXTENSION_set_data()\fR return \fB1\fR for success and \fB0\fR for failure. +.PP +\&\fIX509_EXTENSION_create_by_NID()\fR and \fIX509_EXTENSION_create_by_OBJ()\fR return +an \fBX509_EXTENSION\fR pointer or \fB\s-1NULL\s0\fR if an error occurs. +.PP +\&\fIX509_EXTENSION_get_object()\fR returns an \fB\s-1ASN1_OBJECT\s0\fR pointer. +.PP +\&\fIX509_EXTENSION_get_critical()\fR returns \fB0\fR for non-critical and \fB1\fR for +critical. +.PP +\&\fIX509_EXTENSION_get_data()\fR returns an \fB\s-1ASN1_OCTET_STRING\s0\fR pointer. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIX509V3_get_d2i\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/X509_LOOKUP.3 b/linux_amd64/ssl/share/man/man3/X509_LOOKUP.3 new file mode 100755 index 0000000..9772df7 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/X509_LOOKUP.3 @@ -0,0 +1,306 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_LOOKUP 3" +.TH X509_LOOKUP 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_LOOKUP, X509_LOOKUP_TYPE, +X509_LOOKUP_new, X509_LOOKUP_free, X509_LOOKUP_init, +X509_LOOKUP_shutdown, +X509_LOOKUP_set_method_data, X509_LOOKUP_get_method_data, +X509_LOOKUP_ctrl, +X509_LOOKUP_load_file, X509_LOOKUP_add_dir, X509_LOOKUP_add_store, +X509_LOOKUP_load_store, +X509_LOOKUP_get_store, X509_LOOKUP_by_subject, +X509_LOOKUP_by_issuer_serial, X509_LOOKUP_by_fingerprint, +X509_LOOKUP_by_alias +\&\- OpenSSL certificate lookup mechanisms +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef x509_lookup_st X509_LOOKUP; +\& +\& typedef enum X509_LOOKUP_TYPE; +\& +\& X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method); +\& int X509_LOOKUP_init(X509_LOOKUP *ctx); +\& int X509_LOOKUP_shutdown(X509_LOOKUP *ctx); +\& void X509_LOOKUP_free(X509_LOOKUP *ctx); +\& +\& int X509_LOOKUP_set_method_data(X509_LOOKUP *ctx, void *data); +\& void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx); +\& +\& int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, +\& long argl, char **ret); +\& int X509_LOOKUP_load_file(X509_LOOKUP *ctx, char *name, long type); +\& int X509_LOOKUP_add_dir(X509_LOOKUP *ctx, char *name, long type); +\& int X509_LOOKUP_add_store(X509_LOOKUP *ctx, char *uri); +\& int X509_LOOKUP_load_store(X509_LOOKUP *ctx, char *uri); +\& +\& X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx); +\& +\& int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, +\& X509_NAME *name, X509_OBJECT *ret); +\& int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, +\& X509_NAME *name, ASN1_INTEGER *serial, +\& X509_OBJECT *ret); +\& int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, +\& const unsigned char *bytes, int len, +\& X509_OBJECT *ret); +\& int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, +\& const char *str, int len, X509_OBJECT *ret); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBX509_LOOKUP\fR structure holds the information needed to look up +certificates and CRLs according to an associated \fIX509_LOOKUP_METHOD\fR\|(3). +Multiple \fBX509_LOOKUP\fR instances can be added to an \fIX509_STORE\fR\|(3) +to enable lookup in that store. +.PP +\&\fIX509_LOOKUP_new()\fR creates a new \fBX509_LOOKUP\fR using the given lookup +\&\fImethod\fR. +It can also be created by calling \fIX509_STORE_add_lookup\fR\|(3), which +will associate a \fBX509_STORE\fR with the lookup mechanism. +.PP +\&\fIX509_LOOKUP_init()\fR initializes the internal state and resources as +needed by the given \fBX509_LOOKUP\fR to do its work. +.PP +\&\fIX509_LOOKUP_shutdown()\fR tears down the internal state and resources of +the given \fBX509_LOOKUP\fR. +.PP +\&\fIX509_LOOKUP_free()\fR destructs the given \fBX509_LOOKUP\fR. +.PP +\&\fIX509_LOOKUP_set_method_data()\fR and \fIX509_LOOKUP_get_method_data()\fR +associates and retrieves a pointer to application data to and from the +given \fBX509_LOOKUP\fR, respectively. +.PP +\&\fIX509_LOOKUP_ctrl()\fR is used to set or get additional data to or from a +\&\fBX509_LOOKUP\fR structure or its associated \fIX509_LOOKUP_METHOD\fR\|(3). +The arguments of the control command are passed via \fIargc\fR and \fIargl\fR, +its return value via \fI*ret\fR. +The meaning of the arguments depends on the \fIcmd\fR number of the +control command. In general, this function is not called directly, but +wrapped by a macro call, see below. +The control \fIcmd\fRs known to OpenSSL are discussed in more depth +in \*(L"Control Commands\*(R". +.PP +\&\fIX509_LOOKUP_load_file()\fR passes a filename to be loaded immediately +into the associated \fBX509_STORE\fR. +\&\fItype\fR indicates what type of object is expected. +This can only be used with a lookup using the implementation +\&\fIX509_LOOKUP_file\fR\|(3). +.PP +\&\fIX509_LOOKUP_add_dir()\fR passes a directory specification from which +certificates and CRLs are loaded on demand into the associated +\&\fBX509_STORE\fR. +\&\fItype\fR indicates what type of object is expected. +This can only be used with a lookup using the implementation +\&\fIX509_LOOKUP_hash_dir\fR\|(3). +.PP +\&\fIX509_LOOKUP_add_store()\fR passes a \s-1URI\s0 for a directory-like structure +from which containers with certificates and CRLs are loaded on demand +into the associated \fBX509_STORE\fR. +\&\fIX509_LOOKUP_load_store()\fR passes a \s-1URI\s0 for a single container from +which certificates and CRLs are immediately loaded into the associated +\&\fBX509_STORE\fR. +These functions can only be used with a lookup using the +implementation \fIX509_LOOKUP_store\fR\|(3). +.PP +\&\fIX509_LOOKUP_load_file()\fR, \fIX509_LOOKUP_add_dir()\fR, +\&\fIX509_LOOKUP_add_store()\fR, and \fIX509_LOOKUP_load_store()\fR are implemented +as macros that use \fIX509_LOOKUP_ctrl()\fR. +.PP +\&\fIX509_LOOKUP_by_subject()\fR, \fIX509_LOOKUP_by_issuer_serial()\fR, +\&\fIX509_LOOKUP_by_fingerprint()\fR, and \fIX509_LOOKUP_by_alias()\fR look up +certificates and CRLs in the \fIX509_STORE\fR\|(3) associated with the +\&\fBX509_LOOKUP\fR using different criteria, where the looked up object is +stored in \fIret\fR. +Some of the underlying \fBX509_LOOKUP_METHOD\fRs will also cache objects +matching the criteria in the associated \fBX509_STORE\fR, which makes it +possible to handle cases where the criteria have more than one hit. +.SS "Control Commands" +.IX Subsection "Control Commands" +The \fBX509_LOOKUP_METHOD\fRs built into OpenSSL recognise the following +\&\fIX509_LOOKUP_ctrl()\fR \fIcmd\fRs: +.IP "\fBX509_L_FILE_LOAD\fR" 4 +.IX Item "X509_L_FILE_LOAD" +This is the command that \fIX509_LOOKUP_load_file()\fR uses. +The filename is passed in \fIargc\fR, and the type in \fIargl\fR. +.IP "\fBX509_L_ADD_DIR\fR" 4 +.IX Item "X509_L_ADD_DIR" +This is the command that \fIX509_LOOKUP_add_dir()\fR uses. +The directory specification is passed in \fIargc\fR, and the type in +\&\fIargl\fR. +.IP "\fBX509_L_ADD_STORE\fR" 4 +.IX Item "X509_L_ADD_STORE" +This is the command that \fIX509_LOOKUP_add_store()\fR uses. +The \s-1URI\s0 is passed in \fIargc\fR. +.IP "\fBX509_L_LOAD_STORE\fR" 4 +.IX Item "X509_L_LOAD_STORE" +This is the command that \fIX509_LOOKUP_load_store()\fR uses. +The \s-1URI\s0 is passed in \fIargc\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_LOOKUP_new()\fR returns a \fBX509_LOOKUP\fR pointer when successful, +or \s-1NULL\s0 on error. +.PP +\&\fIX509_LOOKUP_init()\fR and \fIX509_LOOKUP_shutdown()\fR return 1 on success, or +0 on error. +.PP +\&\fIX509_LOOKUP_ctrl()\fR returns \-1 if the \fBX509_LOOKUP\fR doesn't have an +associated \fBX509_LOOKUP_METHOD\fR, or 1 if the +doesn't have a control function. +Otherwise, it returns what the control function in the +\&\fBX509_LOOKUP_METHOD\fR returns, which is usually 1 on success and 0 in +error. +.IX Xref "509_LOOKUP_METHOD" +.PP +\&\fIX509_LOOKUP_get_store()\fR returns a \fBX509_STORE\fR pointer if there is +one, otherwise \s-1NULL\s0. +.PP +\&\fIX509_LOOKUP_by_subject()\fR, \fIX509_LOOKUP_by_issuer_serial()\fR, +\&\fIX509_LOOKUP_by_fingerprint()\fR, and \fIX509_LOOKUP_by_alias()\fR all return 0 +if there is no \fBX509_LOOKUP_METHOD\fR or that method doesn't implement +the corresponding function. +Otherwise, it returns what the corresponding function in the +\&\fBX509_LOOKUP_METHOD\fR returns, which is usually 1 on success and 0 in +error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIX509_LOOKUP_METHOD\fR\|(3), \fIX509_STORE\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/X509_LOOKUP_hash_dir.3 b/linux_amd64/ssl/share/man/man3/X509_LOOKUP_hash_dir.3 new file mode 100755 index 0000000..e76578a --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/X509_LOOKUP_hash_dir.3 @@ -0,0 +1,277 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_LOOKUP_HASH_DIR 3" +.TH X509_LOOKUP_HASH_DIR 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_LOOKUP_hash_dir, X509_LOOKUP_file, X509_LOOKUP_store, +X509_load_cert_file, +X509_load_crl_file, +X509_load_cert_crl_file \- Default OpenSSL certificate +lookup methods +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void); +\& X509_LOOKUP_METHOD *X509_LOOKUP_file(void); +\& X509_LOOKUP_METHOD *X509_LOOKUP_store(void); +\& +\& int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type); +\& int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type); +\& int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_LOOKUP_hash_dir\fR and \fBX509_LOOKUP_file\fR are two certificate +lookup methods to use with \fBX509_STORE\fR, provided by OpenSSL library. +.PP +Users of the library typically do not need to create instances of these +methods manually, they would be created automatically by +\&\fIX509_STORE_load_locations\fR\|(3) or +\&\fISSL_CTX_load_verify_locations\fR\|(3) +functions. +.PP +Internally loading of certificates and CRLs is implemented via functions +\&\fBX509_load_cert_crl_file\fR, \fBX509_load_cert_file\fR and +\&\fBX509_load_crl_file\fR. These functions support parameter \fItype\fR, which +can be one of constants \fB\s-1FILETYPE_PEM\s0\fR, \fB\s-1FILETYPE_ASN1\s0\fR and +\&\fB\s-1FILETYPE_DEFAULT\s0\fR. They load certificates and/or CRLs from specified +file into memory cache of \fBX509_STORE\fR objects which given \fBctx\fR +parameter is associated with. +.PP +Functions \fBX509_load_cert_file\fR and +\&\fBX509_load_crl_file\fR can load both \s-1PEM\s0 and \s-1DER\s0 formats depending of +type value. Because \s-1DER\s0 format cannot contain more than one certificate +or \s-1CRL\s0 object (while \s-1PEM\s0 can contain several concatenated \s-1PEM\s0 objects) +\&\fBX509_load_cert_crl_file\fR with \fB\s-1FILETYPE_ASN1\s0\fR is equivalent to +\&\fBX509_load_cert_file\fR. +.PP +Constant \fB\s-1FILETYPE_DEFAULT\s0\fR with \s-1NULL\s0 filename causes these functions +to load default certificate store file (see +\&\fIX509_STORE_set_default_paths\fR\|(3). +.PP +Functions return number of objects loaded from file or 0 in case of +error. +.PP +Both methods support adding several certificate locations into one +\&\fBX509_STORE\fR. +.PP +This page documents certificate store formats used by these methods and +caching policy. +.SS "File Method" +.IX Subsection "File Method" +The \fBX509_LOOKUP_file\fR method loads all the certificates or CRLs +present in a file into memory at the time the file is added as a +lookup source. +.PP +File format is \s-1ASCII\s0 text which contains concatenated \s-1PEM\s0 certificates +and CRLs. +.PP +This method should be used by applications which work with a small +set of CAs. +.SS "Hashed Directory Method" +.IX Subsection "Hashed Directory Method" +\&\fBX509_LOOKUP_hash_dir\fR is a more advanced method, which loads +certificates and CRLs on demand, and caches them in memory once +they are loaded. As of OpenSSL 1.0.0, it also checks for newer CRLs +upon each lookup, so that newer CRLs are as soon as they appear in +the directory. +.PP +The directory should contain one certificate or \s-1CRL\s0 per file in \s-1PEM\s0 format, +with a filename of the form \fIhash\fR.\fIN\fR for a certificate, or +\&\fIhash\fR.\fBr\fR\fIN\fR for a \s-1CRL\s0. +The \fIhash\fR is the value returned by the \fIX509_NAME_hash\fR\|(3) function applied +to the subject name for certificates or issuer name for CRLs. +The hash can also be obtained via the \fB\-hash\fR option of the +\&\fIopenssl\-x509\fR\|(1) or \fIopenssl\-crl\fR\|(1) commands. +.PP +The .\fIN\fR or .\fBr\fR\fIN\fR suffix is a sequence number that starts at zero, and is +incremented consecutively for each certificate or \s-1CRL\s0 with the same \fIhash\fR +value. +Gaps in the sequence numbers are not supported, it is assumed that there are no +more objects with the same hash beyond the first missing number in the +sequence. +.PP +Sequence numbers make it possible for the directory to contain multiple +certificates with same subject name hash value. +For example, it is possible to have in the store several certificates with same +subject or several CRLs with same issuer (and, for example, different validity +period). +.PP +When checking for new CRLs once one \s-1CRL\s0 for given hash value is +loaded, hash_dir lookup method checks only for certificates with +sequence number greater than that of the already cached \s-1CRL\s0. +.PP +Note that the hash algorithm used for subject name hashing changed in OpenSSL +1.0.0, and all certificate stores have to be rehashed when moving from OpenSSL +0.9.8 to 1.0.0. +.PP +OpenSSL includes a \fIopenssl\-rehash\fR\|(1) utility which creates symlinks with +hashed names for all files with \fI.pem\fR suffix in a given directory. +.SS "\s-1OSSL_STORE\s0 Method" +.IX Subsection "OSSL_STORE Method" +\&\fBX509_LOOKUP_store\fR is a method that allows access to any store of +certificates and CRLs through any loader supported by +\&\fIossl_store\fR\|(7). +It works with the help of URIs, which can be direct references to +certificates or CRLs, but can also be references to catalogues of such +objects (that behave like directories). +.PP +This method overlaps the \*(L"File Method\*(R" and \*(L"Hashed Directory Method\*(R" +because of the 'file:' scheme loader. +It does no caching of its own, but can use a caching \fIossl_store\fR\|(7) +loader, and therefore depends on the loader's capability. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_LOOKUP_hash_dir()\fR, \fIX509_LOOKUP_file()\fR and \fIX509_LOOKUP_store()\fR +always return a valid \fBX509_LOOKUP_METHOD\fR structure. +.PP +\&\fIX509_load_cert_file()\fR, \fIX509_load_crl_file()\fR and \fIX509_load_cert_crl_file()\fR return +the number of loaded objects or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIPEM_read_PrivateKey\fR\|(3), +\&\fIX509_STORE_load_locations\fR\|(3), +\&\fIX509_store_add_lookup\fR\|(3), +\&\fISSL_CTX_load_verify_locations\fR\|(3), +\&\fIX509_LOOKUP_meth_new\fR\|(3), +\&\fIossl_store\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBX509_LOOKUP_store\fR was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/X509_LOOKUP_meth_new.3 b/linux_amd64/ssl/share/man/man3/X509_LOOKUP_meth_new.3 new file mode 100755 index 0000000..4050c66 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/X509_LOOKUP_meth_new.3 @@ -0,0 +1,317 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_LOOKUP_METH_NEW 3" +.TH X509_LOOKUP_METH_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_LOOKUP_METHOD, +X509_LOOKUP_meth_new, X509_LOOKUP_meth_free, X509_LOOKUP_meth_set_new_item, +X509_LOOKUP_meth_get_new_item, X509_LOOKUP_meth_set_free, +X509_LOOKUP_meth_get_free, X509_LOOKUP_meth_set_init, +X509_LOOKUP_meth_get_init, X509_LOOKUP_meth_set_shutdown, +X509_LOOKUP_meth_get_shutdown, +X509_LOOKUP_ctrl_fn, X509_LOOKUP_meth_set_ctrl, X509_LOOKUP_meth_get_ctrl, +X509_LOOKUP_get_by_subject_fn, X509_LOOKUP_meth_set_get_by_subject, +X509_LOOKUP_meth_get_get_by_subject, +X509_LOOKUP_get_by_issuer_serial_fn, X509_LOOKUP_meth_set_get_by_issuer_serial, +X509_LOOKUP_meth_get_get_by_issuer_serial, +X509_LOOKUP_get_by_fingerprint_fn, X509_LOOKUP_meth_set_get_by_fingerprint, +X509_LOOKUP_meth_get_get_by_fingerprint, +X509_LOOKUP_get_by_alias_fn, X509_LOOKUP_meth_set_get_by_alias, +X509_LOOKUP_meth_get_get_by_alias, +X509_OBJECT_set1_X509, X509_OBJECT_set1_X509_CRL +\&\- Routines to build up X509_LOOKUP methods +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef x509_lookup_method_st X509_LOOKUP_METHOD; +\& +\& X509_LOOKUP_METHOD *X509_LOOKUP_meth_new(const char *name); +\& void X509_LOOKUP_meth_free(X509_LOOKUP_METHOD *method); +\& +\& int X509_LOOKUP_meth_set_new_item(X509_LOOKUP_METHOD *method, +\& int (*new_item) (X509_LOOKUP *ctx)); +\& int (*X509_LOOKUP_meth_get_new_item(const X509_LOOKUP_METHOD* method)) +\& (X509_LOOKUP *ctx); +\& +\& int X509_LOOKUP_meth_set_free(X509_LOOKUP_METHOD *method, +\& void (*free) (X509_LOOKUP *ctx)); +\& void (*X509_LOOKUP_meth_get_free(const X509_LOOKUP_METHOD* method)) +\& (X509_LOOKUP *ctx); +\& +\& int X509_LOOKUP_meth_set_init(X509_LOOKUP_METHOD *method, +\& int (*init) (X509_LOOKUP *ctx)); +\& int (*X509_LOOKUP_meth_get_init(const X509_LOOKUP_METHOD* method)) +\& (X509_LOOKUP *ctx); +\& +\& int X509_LOOKUP_meth_set_shutdown(X509_LOOKUP_METHOD *method, +\& int (*shutdown) (X509_LOOKUP *ctx)); +\& int (*X509_LOOKUP_meth_get_shutdown(const X509_LOOKUP_METHOD* method)) +\& (X509_LOOKUP *ctx); +\& +\& typedef int (*X509_LOOKUP_ctrl_fn)(X509_LOOKUP *ctx, int cmd, const char *argc, +\& long argl, char **ret); +\& int X509_LOOKUP_meth_set_ctrl(X509_LOOKUP_METHOD *method, +\& X509_LOOKUP_ctrl_fn ctrl_fn); +\& X509_LOOKUP_ctrl_fn X509_LOOKUP_meth_get_ctrl(const X509_LOOKUP_METHOD *method); +\& +\& typedef int (*X509_LOOKUP_get_by_subject_fn)(X509_LOOKUP *ctx, +\& X509_LOOKUP_TYPE type, +\& X509_NAME *name, +\& X509_OBJECT *ret); +\& int X509_LOOKUP_meth_set_get_by_subject(X509_LOOKUP_METHOD *method, +\& X509_LOOKUP_get_by_subject_fn fn); +\& X509_LOOKUP_get_by_subject_fn X509_LOOKUP_meth_get_get_by_subject( +\& const X509_LOOKUP_METHOD *method); +\& +\& typedef int (*X509_LOOKUP_get_by_issuer_serial_fn)(X509_LOOKUP *ctx, +\& X509_LOOKUP_TYPE type, +\& X509_NAME *name, +\& ASN1_INTEGER *serial, +\& X509_OBJECT *ret); +\& int X509_LOOKUP_meth_set_get_by_issuer_serial( +\& X509_LOOKUP_METHOD *method, X509_LOOKUP_get_by_issuer_serial_fn fn); +\& X509_LOOKUP_get_by_issuer_serial_fn X509_LOOKUP_meth_get_get_by_issuer_serial( +\& const X509_LOOKUP_METHOD *method); +\& +\& typedef int (*X509_LOOKUP_get_by_fingerprint_fn)(X509_LOOKUP *ctx, +\& X509_LOOKUP_TYPE type, +\& const unsigned char* bytes, +\& int len, +\& X509_OBJECT *ret); +\& int X509_LOOKUP_meth_set_get_by_fingerprint(X509_LOOKUP_METHOD *method, +\& X509_LOOKUP_get_by_fingerprint_fn fn); +\& X509_LOOKUP_get_by_fingerprint_fn X509_LOOKUP_meth_get_get_by_fingerprint( +\& const X509_LOOKUP_METHOD *method); +\& +\& typedef int (*X509_LOOKUP_get_by_alias_fn)(X509_LOOKUP *ctx, +\& X509_LOOKUP_TYPE type, +\& const char *str, +\& int len, +\& X509_OBJECT *ret); +\& int X509_LOOKUP_meth_set_get_by_alias(X509_LOOKUP_METHOD *method, +\& X509_LOOKUP_get_by_alias_fn fn); +\& X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias( +\& const X509_LOOKUP_METHOD *method); +\& +\& int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj); +\& int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBX509_LOOKUP_METHOD\fR type is a structure used for the implementation of new +X509_LOOKUP types. It provides a set of functions used by OpenSSL for the +implementation of various X509 and X509_CRL lookup capabilities. One instance +of an X509_LOOKUP_METHOD can be associated to many instantiations of an +\&\fBX509_LOOKUP\fR structure. +.PP +\&\fIX509_LOOKUP_meth_new()\fR creates a new \fBX509_LOOKUP_METHOD\fR structure. It should +be given a human-readable string containing a brief description of the lookup +method. +.PP +\&\fIX509_LOOKUP_meth_free()\fR destroys a \fBX509_LOOKUP_METHOD\fR structure. +.PP +\&\fIX509_LOOKUP_get_new_item()\fR and \fIX509_LOOKUP_set_new_item()\fR get and set the +function that is called when an \fBX509_LOOKUP\fR object is created with +\&\fIX509_LOOKUP_new()\fR. If an X509_LOOKUP_METHOD requires any per\-X509_LOOKUP +specific data, the supplied new_item function should allocate this data and +invoke \fIX509_LOOKUP_set_method_data\fR\|(3). +.PP +\&\fIX509_LOOKUP_get_free()\fR and \fIX509_LOOKUP_set_free()\fR get and set the function +that is used to free any method data that was allocated and set from within +new_item function. +.PP +\&\fIX509_LOOKUP_meth_get_init()\fR and \fIX509_LOOKUP_meth_set_init()\fR get and set the +function that is used to initialize the method data that was set with +\&\fIX509_LOOKUP_set_method_data\fR\|(3) as part of the new_item routine. +.PP +\&\fIX509_LOOKUP_meth_get_shutdown()\fR and \fIX509_LOOKUP_meth_set_shutdown()\fR get and set +the function that is used to shut down the method data whose state was +previously initialized in the init function. +.PP +\&\fIX509_LOOKUP_meth_get_ctrl()\fR and \fIX509_LOOKUP_meth_set_ctrl()\fR get and set a +function to be used to handle arbitrary control commands issued by +\&\fIX509_LOOKUP_ctrl()\fR. The control function is given the X509_LOOKUP +\&\fBctx\fR, along with the arguments passed by X509_LOOKUP_ctrl. \fBcmd\fR is +an arbitrary integer that defines some operation. \fBargc\fR is a pointer +to an array of characters. \fBargl\fR is an integer. \fBret\fR, if set, +points to a location where any return data should be written to. How +\&\fBargc\fR and \fBargl\fR are used depends entirely on the control function. +.PP +\&\fIX509_LOOKUP_set_get_by_subject()\fR, \fIX509_LOOKUP_set_get_by_issuer_serial()\fR, +\&\fIX509_LOOKUP_set_get_by_fingerprint()\fR, \fIX509_LOOKUP_set_get_by_alias()\fR set +the functions used to retrieve an X509 or X509_CRL object by the object's +subject, issuer, fingerprint, and alias respectively. These functions are given +the X509_LOOKUP context, the type of the X509_OBJECT being requested, parameters +related to the lookup, and an X509_OBJECT that will receive the requested +object. +.PP +Implementations must add objects they find to the \fBX509_STORE\fR object +using \fIX509_STORE_add_cert()\fR or \fIX509_STORE_add_crl()\fR. This increments +its reference count. However, the \fIX509_STORE_CTX_get_by_subject()\fR +function also increases the reference count which leads to one too +many references being held. Therefore applications should +additionally call \fIX509_free()\fR or \fIX509_CRL_free()\fR to decrement the +reference count again. +.PP +Implementations should also use either \fIX509_OBJECT_set1_X509()\fR or +\&\fIX509_OBJECT_set1_X509_CRL()\fR to set the result. Note that this also +increments the result's reference count. +.PP +Any method data that was created as a result of the new_item function +set by \fIX509_LOOKUP_meth_set_new_item()\fR can be accessed with +\&\fIX509_LOOKUP_get_method_data\fR\|(3). The \fBX509_STORE\fR object that owns the +X509_LOOKUP may be accessed with \fIX509_LOOKUP_get_store\fR\|(3). Successful +lookups should return 1, and unsuccessful lookups should return 0. +.PP +\&\fIX509_LOOKUP_get_get_by_subject()\fR, \fIX509_LOOKUP_get_get_by_issuer_serial()\fR, +\&\fIX509_LOOKUP_get_get_by_fingerprint()\fR, \fIX509_LOOKUP_get_get_by_alias()\fR retrieve +the function set by the corresponding setter. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The \fBX509_LOOKUP_meth_set\fR functions return 1 on success or 0 on error. +.PP +The \fBX509_LOOKUP_meth_get\fR functions return the corresponding function +pointers. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIX509_STORE_new\fR\|(3), \fISSL_CTX_set_cert_store\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 1.1.0i. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/X509_NAME_ENTRY_get_object.3 b/linux_amd64/ssl/share/man/man3/X509_NAME_ENTRY_get_object.3 new file mode 100755 index 0000000..7b1dbf2 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/X509_NAME_ENTRY_get_object.3 @@ -0,0 +1,218 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_NAME_ENTRY_GET_OBJECT 3" +.TH X509_NAME_ENTRY_GET_OBJECT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_NAME_ENTRY_get_object, X509_NAME_ENTRY_get_data, +X509_NAME_ENTRY_set_object, X509_NAME_ENTRY_set_data, +X509_NAME_ENTRY_create_by_txt, X509_NAME_ENTRY_create_by_NID, +X509_NAME_ENTRY_create_by_OBJ \- X509_NAME_ENTRY utility functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne); +\& ASN1_STRING *X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne); +\& +\& int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, const ASN1_OBJECT *obj); +\& int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, +\& const unsigned char *bytes, int len); +\& +\& X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, const char *field, +\& int type, const unsigned char *bytes, +\& int len); +\& X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, +\& int type, const unsigned char *bytes, +\& int len); +\& X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, +\& const ASN1_OBJECT *obj, int type, +\& const unsigned char *bytes, int len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIX509_NAME_ENTRY_get_object()\fR retrieves the field name of \fBne\fR in +and \fB\s-1ASN1_OBJECT\s0\fR structure. +.PP +\&\fIX509_NAME_ENTRY_get_data()\fR retrieves the field value of \fBne\fR in +and \fB\s-1ASN1_STRING\s0\fR structure. +.PP +\&\fIX509_NAME_ENTRY_set_object()\fR sets the field name of \fBne\fR to \fBobj\fR. +.PP +\&\fIX509_NAME_ENTRY_set_data()\fR sets the field value of \fBne\fR to string type +\&\fBtype\fR and value determined by \fBbytes\fR and \fBlen\fR. +.PP +\&\fIX509_NAME_ENTRY_create_by_txt()\fR, \fIX509_NAME_ENTRY_create_by_NID()\fR +and \fIX509_NAME_ENTRY_create_by_OBJ()\fR create and return an +\&\fBX509_NAME_ENTRY\fR structure. +.SH "NOTES" +.IX Header "NOTES" +\&\fIX509_NAME_ENTRY_get_object()\fR and \fIX509_NAME_ENTRY_get_data()\fR can be +used to examine an \fBX509_NAME_ENTRY\fR function as returned by +\&\fIX509_NAME_get_entry()\fR for example. +.PP +\&\fIX509_NAME_ENTRY_create_by_txt()\fR, \fIX509_NAME_ENTRY_create_by_OBJ()\fR, +\&\fIX509_NAME_ENTRY_create_by_NID()\fR and \fIX509_NAME_ENTRY_set_data()\fR +are seldom used in practice because \fBX509_NAME_ENTRY\fR structures +are almost always part of \fBX509_NAME\fR structures and the +corresponding \fBX509_NAME\fR functions are typically used to +create and add new entries in a single operation. +.PP +The arguments of these functions support similar options to the similarly +named ones of the corresponding \fBX509_NAME\fR functions such as +\&\fIX509_NAME_add_entry_by_txt()\fR. So for example \fBtype\fR can be set to +\&\fB\s-1MBSTRING_ASC\s0\fR but in the case of \fIX509_set_data()\fR the field name must be +set first so the relevant field information can be looked up internally. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_NAME_ENTRY_get_object()\fR returns a valid \fB\s-1ASN1_OBJECT\s0\fR structure if it is +set or \s-1NULL\s0 if an error occurred. +.PP +\&\fIX509_NAME_ENTRY_get_data()\fR returns a valid \fB\s-1ASN1_STRING\s0\fR structure if it is set +or \s-1NULL\s0 if an error occurred. +.PP +\&\fIX509_NAME_ENTRY_set_object()\fR and \fIX509_NAME_ENTRY_set_data()\fR return 1 on success +or 0 on error. +.PP +\&\fIX509_NAME_ENTRY_create_by_txt()\fR, \fIX509_NAME_ENTRY_create_by_NID()\fR and +\&\fIX509_NAME_ENTRY_create_by_OBJ()\fR return a valid \fBX509_NAME_ENTRY\fR on success or +\&\s-1NULL\s0 if an error occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fId2i_X509_NAME\fR\|(3), +\&\fIOBJ_nid2obj\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/X509_NAME_add_entry_by_txt.3 b/linux_amd64/ssl/share/man/man3/X509_NAME_add_entry_by_txt.3 new file mode 100755 index 0000000..845558a --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/X509_NAME_add_entry_by_txt.3 @@ -0,0 +1,249 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_NAME_ADD_ENTRY_BY_TXT 3" +.TH X509_NAME_ADD_ENTRY_BY_TXT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_NAME_add_entry_by_txt, X509_NAME_add_entry_by_OBJ, X509_NAME_add_entry_by_NID, +X509_NAME_add_entry, X509_NAME_delete_entry \- X509_NAME modification functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, +\& const unsigned char *bytes, int len, int loc, int set); +\& +\& int X509_NAME_add_entry_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int type, +\& const unsigned char *bytes, int len, int loc, int set); +\& +\& int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, +\& const unsigned char *bytes, int len, int loc, int set); +\& +\& int X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *ne, int loc, int set); +\& +\& X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIX509_NAME_add_entry_by_txt()\fR, \fIX509_NAME_add_entry_by_OBJ()\fR and +\&\fIX509_NAME_add_entry_by_NID()\fR add a field whose name is defined +by a string \fBfield\fR, an object \fBobj\fR or a \s-1NID\s0 \fBnid\fR respectively. +The field value to be added is in \fBbytes\fR of length \fBlen\fR. If +\&\fBlen\fR is \-1 then the field length is calculated internally using +strlen(bytes). +.PP +The type of field is determined by \fBtype\fR which can either be a +definition of the type of \fBbytes\fR (such as \fB\s-1MBSTRING_ASC\s0\fR) or a +standard \s-1ASN1\s0 type (such as \fBV_ASN1_IA5STRING\fR). The new entry is +added to a position determined by \fBloc\fR and \fBset\fR. +.PP +\&\fIX509_NAME_add_entry()\fR adds a copy of \fBX509_NAME_ENTRY\fR structure \fBne\fR +to \fBname\fR. The new entry is added to a position determined by \fBloc\fR +and \fBset\fR. Since a copy of \fBne\fR is added \fBne\fR must be freed up after +the call. +.PP +\&\fIX509_NAME_delete_entry()\fR deletes an entry from \fBname\fR at position +\&\fBloc\fR. The deleted entry is returned and must be freed up. +.SH "NOTES" +.IX Header "NOTES" +The use of string types such as \fB\s-1MBSTRING_ASC\s0\fR or \fB\s-1MBSTRING_UTF8\s0\fR +is strongly recommended for the \fBtype\fR parameter. This allows the +internal code to correctly determine the type of the field and to +apply length checks according to the relevant standards. This is +done using \fIASN1_STRING_set_by_NID()\fR. +.PP +If instead an \s-1ASN1\s0 type is used no checks are performed and the +supplied data in \fBbytes\fR is used directly. +.PP +In \fIX509_NAME_add_entry_by_txt()\fR the \fBfield\fR string represents +the field name using OBJ_txt2obj(field, 0). +.PP +The \fBloc\fR and \fBset\fR parameters determine where a new entry should +be added. For almost all applications \fBloc\fR can be set to \-1 and \fBset\fR +to 0. This adds a new entry to the end of \fBname\fR as a single valued +RelativeDistinguishedName (\s-1RDN\s0). +.PP +\&\fBloc\fR actually determines the index where the new entry is inserted: +if it is \-1 it is appended. +.PP +\&\fBset\fR determines how the new type is added. If it is zero a +new \s-1RDN\s0 is created. +.PP +If \fBset\fR is \-1 or 1 it is added to the previous or next \s-1RDN\s0 +structure respectively. This will then be a multivalued \s-1RDN:\s0 +since multivalues RDNs are very seldom used \fBset\fR is almost +always set to zero. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_NAME_add_entry_by_txt()\fR, \fIX509_NAME_add_entry_by_OBJ()\fR, +\&\fIX509_NAME_add_entry_by_NID()\fR and \fIX509_NAME_add_entry()\fR return 1 for +success of 0 if an error occurred. +.PP +\&\fIX509_NAME_delete_entry()\fR returns either the deleted \fBX509_NAME_ENTRY\fR +structure of \fB\s-1NULL\s0\fR if an error occurred. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Create an \fBX509_NAME\fR structure: +.PP +\&\*(L"C=UK, O=Disorganized Organization, CN=Joe Bloggs\*(R" +.PP +.Vb 1 +\& X509_NAME *nm; +\& +\& nm = X509_NAME_new(); +\& if (nm == NULL) +\& /* Some error */ +\& if (!X509_NAME_add_entry_by_txt(nm, "C", MBSTRING_ASC, +\& "UK", \-1, \-1, 0)) +\& /* Error */ +\& if (!X509_NAME_add_entry_by_txt(nm, "O", MBSTRING_ASC, +\& "Disorganized Organization", \-1, \-1, 0)) +\& /* Error */ +\& if (!X509_NAME_add_entry_by_txt(nm, "CN", MBSTRING_ASC, +\& "Joe Bloggs", \-1, \-1, 0)) +\& /* Error */ +.Ve +.SH "BUGS" +.IX Header "BUGS" +\&\fBtype\fR can still be set to \fBV_ASN1_APP_CHOOSE\fR to use a +different algorithm to determine field types. Since this form does +not understand multicharacter types, performs no length checks and +can result in invalid field types its use is strongly discouraged. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fId2i_X509_NAME\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/X509_NAME_get0_der.3 b/linux_amd64/ssl/share/man/man3/X509_NAME_get0_der.3 new file mode 100755 index 0000000..9ad510b --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/X509_NAME_get0_der.3 @@ -0,0 +1,162 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_NAME_GET0_DER 3" +.TH X509_NAME_GET0_DER 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_NAME_get0_der \- get X509_NAME DER encoding +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_NAME_get0_der(X509_NAME *nm, const unsigned char **pder, +\& size_t *pderlen) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fIX509_NAME_get0_der()\fR returns an internal pointer to the +encoding of an \fBX509_NAME\fR structure in \fB*pder\fR and consisting of +\&\fB*pderlen\fR bytes. It is useful for applications that wish to examine +the encoding of an \fBX509_NAME\fR structure without copying it. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The function \fIX509_NAME_get0_der()\fR returns 1 for success and 0 if an error +occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fId2i_X509\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/X509_NAME_get_index_by_NID.3 b/linux_amd64/ssl/share/man/man3/X509_NAME_get_index_by_NID.3 new file mode 100755 index 0000000..c75e8d4 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/X509_NAME_get_index_by_NID.3 @@ -0,0 +1,247 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_NAME_GET_INDEX_BY_NID 3" +.TH X509_NAME_GET_INDEX_BY_NID 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_NAME_get_index_by_NID, X509_NAME_get_index_by_OBJ, X509_NAME_get_entry, +X509_NAME_entry_count, X509_NAME_get_text_by_NID, X509_NAME_get_text_by_OBJ \- +X509_NAME lookup and enumeration functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos); +\& int X509_NAME_get_index_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int lastpos); +\& +\& int X509_NAME_entry_count(const X509_NAME *name); +\& X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc); +\& +\& int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len); +\& int X509_NAME_get_text_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, char *buf, int len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions allow an \fBX509_NAME\fR structure to be examined. The +\&\fBX509_NAME\fR structure is the same as the \fBName\fR type defined in +\&\s-1RFC2459\s0 (and elsewhere) and used for example in certificate subject +and issuer names. +.PP +\&\fIX509_NAME_get_index_by_NID()\fR and \fIX509_NAME_get_index_by_OBJ()\fR retrieve +the next index matching \fBnid\fR or \fBobj\fR after \fBlastpos\fR. \fBlastpos\fR +should initially be set to \-1. If there are no more entries \-1 is returned. +If \fBnid\fR is invalid (doesn't correspond to a valid \s-1OID\s0) then \-2 is returned. +.PP +\&\fIX509_NAME_entry_count()\fR returns the total number of entries in \fBname\fR. +.PP +\&\fIX509_NAME_get_entry()\fR retrieves the \fBX509_NAME_ENTRY\fR from \fBname\fR +corresponding to index \fBloc\fR. Acceptable values for \fBloc\fR run from +0 to (X509_NAME_entry_count(name) \- 1). The value returned is an +internal pointer which must not be freed. +.PP +\&\fIX509_NAME_get_text_by_NID()\fR, \fIX509_NAME_get_text_by_OBJ()\fR retrieve +the \*(L"text\*(R" from the first entry in \fBname\fR which matches \fBnid\fR or +\&\fBobj\fR, if no such entry exists \-1 is returned. At most \fBlen\fR bytes +will be written and the text written to \fBbuf\fR will be null +terminated. The length of the output string written is returned +excluding the terminating null. If \fBbuf\fR is <\s-1NULL\s0> then the amount +of space needed in \fBbuf\fR (excluding the final null) is returned. +.SH "NOTES" +.IX Header "NOTES" +\&\fIX509_NAME_get_text_by_NID()\fR and \fIX509_NAME_get_text_by_OBJ()\fR should be +considered deprecated because they +have various limitations which make them +of minimal use in practice. They can only find the first matching +entry and will copy the contents of the field verbatim: this can +be highly confusing if the target is a multicharacter string type +like a BMPString or a UTF8String. +.PP +For a more general solution \fIX509_NAME_get_index_by_NID()\fR or +\&\fIX509_NAME_get_index_by_OBJ()\fR should be used followed by +\&\fIX509_NAME_get_entry()\fR on any matching indices and then the +various \fBX509_NAME_ENTRY\fR utility functions on the result. +.PP +The list of all relevant \fBNID_*\fR and \fBOBJ_* codes\fR can be found in +the source code header files and/or +. +.PP +Applications which could pass invalid NIDs to \fIX509_NAME_get_index_by_NID()\fR +should check for the return value of \-2. Alternatively the \s-1NID\s0 validity +can be determined first by checking OBJ_nid2obj(nid) is not \s-1NULL\s0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_NAME_get_index_by_NID()\fR and \fIX509_NAME_get_index_by_OBJ()\fR +return the index of the next matching entry or \-1 if not found. +\&\fIX509_NAME_get_index_by_NID()\fR can also return \-2 if the supplied +\&\s-1NID\s0 is invalid. +.PP +\&\fIX509_NAME_entry_count()\fR returns the total number of entries. +.PP +\&\fIX509_NAME_get_entry()\fR returns an \fBX509_NAME\fR pointer to the +requested entry or \fB\s-1NULL\s0\fR if the index is invalid. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Process all entries: +.PP +.Vb 2 +\& int i; +\& X509_NAME_ENTRY *e; +\& +\& for (i = 0; i < X509_NAME_entry_count(nm); i++) { +\& e = X509_NAME_get_entry(nm, i); +\& /* Do something with e */ +\& } +.Ve +.PP +Process all commonName entries: +.PP +.Vb 2 +\& int lastpos = \-1; +\& X509_NAME_ENTRY *e; +\& +\& for (;;) { +\& lastpos = X509_NAME_get_index_by_NID(nm, NID_commonName, lastpos); +\& if (lastpos == \-1) +\& break; +\& e = X509_NAME_get_entry(nm, lastpos); +\& /* Do something with e */ +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fId2i_X509_NAME\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/X509_NAME_print_ex.3 b/linux_amd64/ssl/share/man/man3/X509_NAME_print_ex.3 new file mode 100755 index 0000000..32a31b9 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/X509_NAME_print_ex.3 @@ -0,0 +1,244 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_NAME_PRINT_EX 3" +.TH X509_NAME_PRINT_EX 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_NAME_print_ex, X509_NAME_print_ex_fp, X509_NAME_print, +X509_NAME_oneline \- X509_NAME printing routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent, unsigned long flags); +\& int X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, int indent, unsigned long flags); +\& char *X509_NAME_oneline(const X509_NAME *a, char *buf, int size); +\& int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIX509_NAME_print_ex()\fR prints a human readable version of \fBnm\fR to \s-1BIO\s0 \fBout\fR. Each +line (for multiline formats) is indented by \fBindent\fR spaces. The output format +can be extensively customised by use of the \fBflags\fR parameter. +.PP +\&\fIX509_NAME_print_ex_fp()\fR is identical to \fIX509_NAME_print_ex()\fR except the output is +written to \s-1FILE\s0 pointer \fBfp\fR. +.PP +\&\fIX509_NAME_oneline()\fR prints an \s-1ASCII\s0 version of \fBa\fR to \fBbuf\fR. +If \fBbuf\fR is \fB\s-1NULL\s0\fR then a buffer is dynamically allocated and returned, and +\&\fBsize\fR is ignored. +Otherwise, at most \fBsize\fR bytes will be written, including the ending '\e0', +and \fBbuf\fR is returned. +.PP +\&\fIX509_NAME_print()\fR prints out \fBname\fR to \fBbp\fR indenting each line by \fBobase\fR +characters. Multiple lines are used if the output (including indent) exceeds +80 characters. +.SH "NOTES" +.IX Header "NOTES" +The functions \fIX509_NAME_oneline()\fR and \fIX509_NAME_print()\fR +produce a non standard output form, they don't handle multi character fields and +have various quirks and inconsistencies. +Their use is strongly discouraged in new applications and they could +be deprecated in a future release. +.PP +Although there are a large number of possible flags for most purposes +\&\fB\s-1XN_FLAG_ONELINE\s0\fR, \fB\s-1XN_FLAG_MULTILINE\s0\fR or \fB\s-1XN_FLAG_RFC2253\s0\fR will suffice. +As noted on the \fIASN1_STRING_print_ex\fR\|(3) manual page +for \s-1UTF8\s0 terminals the \fB\s-1ASN1_STRFLGS_ESC_MSB\s0\fR should be unset: so for example +\&\fB\s-1XN_FLAG_ONELINE\s0 & ~ASN1_STRFLGS_ESC_MSB\fR would be used. +.PP +The complete set of the flags supported by \fIX509_NAME_print_ex()\fR is listed below. +.PP +Several options can be ored together. +.PP +The options \fB\s-1XN_FLAG_SEP_COMMA_PLUS\s0\fR, \fB\s-1XN_FLAG_SEP_CPLUS_SPC\s0\fR, +\&\fB\s-1XN_FLAG_SEP_SPLUS_SPC\s0\fR and \fB\s-1XN_FLAG_SEP_MULTILINE\s0\fR determine the field separators +to use. Two distinct separators are used between distinct RelativeDistinguishedName +components and separate values in the same \s-1RDN\s0 for a multi-valued \s-1RDN\s0. Multi-valued +RDNs are currently very rare so the second separator will hardly ever be used. +.PP +\&\fB\s-1XN_FLAG_SEP_COMMA_PLUS\s0\fR uses comma and plus as separators. \fB\s-1XN_FLAG_SEP_CPLUS_SPC\s0\fR +uses comma and plus with spaces: this is more readable that plain comma and plus. +\&\fB\s-1XN_FLAG_SEP_SPLUS_SPC\s0\fR uses spaced semicolon and plus. \fB\s-1XN_FLAG_SEP_MULTILINE\s0\fR uses +spaced newline and plus respectively. +.PP +If \fB\s-1XN_FLAG_DN_REV\s0\fR is set the whole \s-1DN\s0 is printed in reversed order. +.PP +The fields \fB\s-1XN_FLAG_FN_SN\s0\fR, \fB\s-1XN_FLAG_FN_LN\s0\fR, \fB\s-1XN_FLAG_FN_OID\s0\fR, +\&\fB\s-1XN_FLAG_FN_NONE\s0\fR determine how a field name is displayed. It will +use the short name (e.g. \s-1CN\s0) the long name (e.g. commonName) always +use \s-1OID\s0 numerical form (normally OIDs are only used if the field name is not +recognised) and no field name respectively. +.PP +If \fB\s-1XN_FLAG_SPC_EQ\s0\fR is set then spaces will be placed around the '=' character +separating field names and values. +.PP +If \fB\s-1XN_FLAG_DUMP_UNKNOWN_FIELDS\s0\fR is set then the encoding of unknown fields is +printed instead of the values. +.PP +If \fB\s-1XN_FLAG_FN_ALIGN\s0\fR is set then field names are padded to 20 characters: this +is only of use for multiline format. +.PP +Additionally all the options supported by \fIASN1_STRING_print_ex()\fR can be used to +control how each field value is displayed. +.PP +In addition a number options can be set for commonly used formats. +.PP +\&\fB\s-1XN_FLAG_RFC2253\s0\fR sets options which produce an output compatible with \s-1RFC2253\s0 it +is equivalent to: + \f(CW\*(C`ASN1_STRFLGS_RFC2253 | XN_FLAG_SEP_COMMA_PLUS | XN_FLAG_DN_REV | XN_FLAG_FN_SN | XN_FLAG_DUMP_UNKNOWN_FIELDS\*(C'\fR +.PP +\&\fB\s-1XN_FLAG_ONELINE\s0\fR is a more readable one line format which is the same as: + \f(CW\*(C`ASN1_STRFLGS_RFC2253 | ASN1_STRFLGS_ESC_QUOTE | XN_FLAG_SEP_CPLUS_SPC | XN_FLAG_SPC_EQ | XN_FLAG_FN_SN\*(C'\fR +.PP +\&\fB\s-1XN_FLAG_MULTILINE\s0\fR is a multiline format which is the same as: + \f(CW\*(C`ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB | XN_FLAG_SEP_MULTILINE | XN_FLAG_SPC_EQ | XN_FLAG_FN_LN | XN_FLAG_FN_ALIGN\*(C'\fR +.PP +\&\fB\s-1XN_FLAG_COMPAT\s0\fR uses a format identical to \fIX509_NAME_print()\fR: in fact it calls \fIX509_NAME_print()\fR internally. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_NAME_oneline()\fR returns a valid string on success or \s-1NULL\s0 on error. +.PP +\&\fIX509_NAME_print()\fR returns 1 on success or 0 on error. +.PP +\&\fIX509_NAME_print_ex()\fR and \fIX509_NAME_print_ex_fp()\fR return 1 on success or 0 on error +if the \fB\s-1XN_FLAG_COMPAT\s0\fR is set, which is the same as \fIX509_NAME_print()\fR. Otherwise, +it returns \-1 on error or other values on success. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIASN1_STRING_print_ex\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/X509_PUBKEY_new.3 b/linux_amd64/ssl/share/man/man3/X509_PUBKEY_new.3 new file mode 100755 index 0000000..64bc491 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/X509_PUBKEY_new.3 @@ -0,0 +1,244 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_PUBKEY_NEW 3" +.TH X509_PUBKEY_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_PUBKEY_new, X509_PUBKEY_free, X509_PUBKEY_dup, +X509_PUBKEY_set, X509_PUBKEY_get0, X509_PUBKEY_get, +d2i_PUBKEY, i2d_PUBKEY, d2i_PUBKEY_bio, d2i_PUBKEY_fp, +i2d_PUBKEY_fp, i2d_PUBKEY_bio, X509_PUBKEY_set0_param, +X509_PUBKEY_get0_param \- SubjectPublicKeyInfo public key functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& X509_PUBKEY *X509_PUBKEY_new(void); +\& void X509_PUBKEY_free(X509_PUBKEY *a); +\& X509_PUBKEY *X509_PUBKEY_dup(const X509_PUBKEY *a); +\& +\& int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey); +\& EVP_PKEY *X509_PUBKEY_get0(X509_PUBKEY *key); +\& EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key); +\& +\& EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length); +\& int i2d_PUBKEY(const EVP_PKEY *a, unsigned char **pp); +\& +\& EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a); +\& EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a); +\& +\& int i2d_PUBKEY_fp(const FILE *fp, EVP_PKEY *pkey); +\& int i2d_PUBKEY_bio(BIO *bp, const EVP_PKEY *pkey); +\& +\& int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj, +\& int ptype, void *pval, +\& unsigned char *penc, int penclen); +\& int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, +\& const unsigned char **pk, int *ppklen, +\& X509_ALGOR **pa, X509_PUBKEY *pub); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBX509_PUBKEY\fR structure represents the \s-1ASN\s0.1 \fBSubjectPublicKeyInfo\fR +structure defined in \s-1RFC5280\s0 and used in certificates and certificate requests. +.PP +\&\fIX509_PUBKEY_new()\fR allocates and initializes an \fBX509_PUBKEY\fR structure. +.PP +\&\fIX509_PUBKEY_free()\fR frees up \fBX509_PUBKEY\fR structure \fBa\fR. If \fBa\fR is \s-1NULL\s0 +nothing is done. +.PP +\&\fIX509_PUBKEY_set()\fR sets the public key in \fB*x\fR to the public key contained +in the \fB\s-1EVP_PKEY\s0\fR structure \fBpkey\fR. If \fB*x\fR is not \s-1NULL\s0 any existing +public key structure will be freed. +.PP +\&\fIX509_PUBKEY_get0()\fR returns the public key contained in \fBkey\fR. The returned +value is an internal pointer which \fB\s-1MUST\s0 \s-1NOT\s0\fR be freed after use. +.PP +\&\fIX509_PUBKEY_get()\fR is similar to \fIX509_PUBKEY_get0()\fR except the reference +count on the returned key is incremented so it \fB\s-1MUST\s0\fR be freed using +\&\fIEVP_PKEY_free()\fR after use. +.PP +\&\fId2i_PUBKEY()\fR and \fIi2d_PUBKEY()\fR decode and encode an \fB\s-1EVP_PKEY\s0\fR structure +using \fBSubjectPublicKeyInfo\fR format. They otherwise follow the conventions of +other \s-1ASN\s0.1 functions such as \fId2i_X509()\fR. +.PP +\&\fId2i_PUBKEY_bio()\fR, \fId2i_PUBKEY_fp()\fR, \fIi2d_PUBKEY_bio()\fR and \fIi2d_PUBKEY_fp()\fR are +similar to \fId2i_PUBKEY()\fR and \fIi2d_PUBKEY()\fR except they decode or encode using a +\&\fB\s-1BIO\s0\fR or \fB\s-1FILE\s0\fR pointer. +.PP +\&\fIX509_PUBKEY_set0_param()\fR sets the public key parameters of \fBpub\fR. The +\&\s-1OID\s0 associated with the algorithm is set to \fBaobj\fR. The type of the +algorithm parameters is set to \fBtype\fR using the structure \fBpval\fR. +The encoding of the public key itself is set to the \fBpenclen\fR +bytes contained in buffer \fBpenc\fR. On success ownership of all the supplied +parameters is passed to \fBpub\fR so they must not be freed after the +call. +.PP +\&\fIX509_PUBKEY_get0_param()\fR retrieves the public key parameters from \fBpub\fR, +\&\fB*ppkalg\fR is set to the associated \s-1OID\s0 and the encoding consists of +\&\fB*ppklen\fR bytes at \fB*pk\fR, \fB*pa\fR is set to the associated +AlgorithmIdentifier for the public key. If the value of any of these +parameters is not required it can be set to \fB\s-1NULL\s0\fR. All of the +retrieved pointers are internal and must not be freed after the +call. +.SH "NOTES" +.IX Header "NOTES" +The \fBX509_PUBKEY\fR functions can be used to encode and decode public keys +in a standard format. +.PP +In many cases applications will not call the \fBX509_PUBKEY\fR functions +directly: they will instead call wrapper functions such as \fIX509_get0_pubkey()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +If the allocation fails, \fIX509_PUBKEY_new()\fR returns \fB\s-1NULL\s0\fR and sets an error +code that can be obtained by \fIERR_get_error\fR\|(3). +.PP +Otherwise it returns a pointer to the newly allocated structure. +.PP +\&\fIX509_PUBKEY_free()\fR does not return a value. +.PP +\&\fIX509_PUBKEY_get0()\fR and \fIX509_PUBKEY_get()\fR return a pointer to an \fB\s-1EVP_PKEY\s0\fR +structure or \fB\s-1NULL\s0\fR if an error occurs. +.PP +\&\fIX509_PUBKEY_set()\fR, \fIX509_PUBKEY_set0_param()\fR and \fIX509_PUBKEY_get0_param()\fR +return 1 for success and 0 if an error occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fId2i_X509\fR\|(3), +\&\fIERR_get_error\fR\|(3), +\&\fIX509_get_pubkey\fR\|(3), +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/X509_SIG_get0.3 b/linux_amd64/ssl/share/man/man3/X509_SIG_get0.3 new file mode 100755 index 0000000..cc9a0b8 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/X509_SIG_get0.3 @@ -0,0 +1,163 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_SIG_GET0 3" +.TH X509_SIG_GET0 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_SIG_get0, X509_SIG_getm \- DigestInfo functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg, +\& const ASN1_OCTET_STRING **pdigest); +\& void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg, +\& ASN1_OCTET_STRING **pdigest, +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIX509_SIG_get0()\fR returns pointers to the algorithm identifier and digest +value in \fBsig\fR. \fIX509_SIG_getm()\fR is identical to \fIX509_SIG_get0()\fR +except the pointers returned are not constant and can be modified: +for example to initialise them. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_SIG_get0()\fR and \fIX509_SIG_getm()\fR return no values. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fId2i_X509\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/X509_STORE_CTX_get_error.3 b/linux_amd64/ssl/share/man/man3/X509_STORE_CTX_get_error.3 new file mode 100755 index 0000000..833319d --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/X509_STORE_CTX_get_error.3 @@ -0,0 +1,501 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_STORE_CTX_GET_ERROR 3" +.TH X509_STORE_CTX_GET_ERROR 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_STORE_CTX_get_error, X509_STORE_CTX_set_error, +X509_STORE_CTX_get_error_depth, X509_STORE_CTX_set_error_depth, +X509_STORE_CTX_get_current_cert, X509_STORE_CTX_set_current_cert, +X509_STORE_CTX_get0_cert, X509_STORE_CTX_get1_chain, +X509_verify_cert_error_string \- get or set certificate verification status +information +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); +\& void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s); +\& int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); +\& void X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth); +\& X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); +\& void X509_STORE_CTX_set_current_cert(X509_STORE_CTX *ctx, X509 *x); +\& X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx); +\& +\& STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx); +\& +\& const char *X509_verify_cert_error_string(long n); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions are typically called after \fIX509_verify_cert()\fR has indicated +an error or in a verification callback to determine the nature of an error. +.PP +\&\fIX509_STORE_CTX_get_error()\fR returns the error code of \fBctx\fR, see +the \fB\s-1ERROR\s0 \s-1CODES\s0\fR section for a full description of all error codes. +.PP +\&\fIX509_STORE_CTX_set_error()\fR sets the error code of \fBctx\fR to \fBs\fR. For example +it might be used in a verification callback to set an error based on additional +checks. +.PP +\&\fIX509_STORE_CTX_get_error_depth()\fR returns the \fBdepth\fR of the error. This is a +non-negative integer representing where in the certificate chain the error +occurred. If it is zero it occurred in the end entity certificate, one if +it is the certificate which signed the end entity certificate and so on. +.PP +\&\fIX509_STORE_CTX_set_error_depth()\fR sets the error \fBdepth\fR. +This can be used in combination with \fIX509_STORE_CTX_set_error()\fR to set the +depth at which an error condition was detected. +.PP +\&\fIX509_STORE_CTX_get_current_cert()\fR returns the certificate in \fBctx\fR which +caused the error or \fB\s-1NULL\s0\fR if no certificate is relevant. +.PP +\&\fIX509_STORE_CTX_set_current_cert()\fR sets the certificate \fBx\fR in \fBctx\fR which +caused the error. +This value is not intended to remain valid for very long, and remains owned by +the caller. +It may be examined by a verification callback invoked to handle each error +encountered during chain verification and is no longer required after such a +callback. +If a callback wishes the save the certificate for use after it returns, it +needs to increment its reference count via \fIX509_up_ref\fR\|(3). +Once such a \fIsaved\fR certificate is no longer needed it can be freed with +\&\fIX509_free\fR\|(3). +.PP +\&\fIX509_STORE_CTX_get0_cert()\fR retrieves an internal pointer to the +certificate being verified by the \fBctx\fR. +.PP +\&\fIX509_STORE_CTX_get1_chain()\fR returns a complete validate chain if a previous +call to \fIX509_verify_cert()\fR is successful. If the call to \fIX509_verify_cert()\fR +is \fBnot\fR successful the returned chain may be incomplete or invalid. The +returned chain persists after the \fBctx\fR structure is freed, when it is +no longer needed it should be free up using: +.PP +.Vb 1 +\& sk_X509_pop_free(chain, X509_free); +.Ve +.PP +\&\fIX509_verify_cert_error_string()\fR returns a human readable error string for +verification error \fBn\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_STORE_CTX_get_error()\fR returns \fBX509_V_OK\fR or an error code. +.PP +\&\fIX509_STORE_CTX_get_error_depth()\fR returns a non-negative error depth. +.PP +\&\fIX509_STORE_CTX_get_current_cert()\fR returns the certificate which caused the +error or \fB\s-1NULL\s0\fR if no certificate is relevant to the error. +.PP +\&\fIX509_verify_cert_error_string()\fR returns a human readable error string for +verification error \fBn\fR. +.SH "ERROR CODES" +.IX Header "ERROR CODES" +A list of error codes and messages is shown below. Some of the +error codes are defined but currently never returned: these are described as +\&\*(L"unused\*(R". +.IP "\fBX509_V_OK: ok\fR" 4 +.IX Item "X509_V_OK: ok" +The operation was successful. +.IP "\fBX509_V_ERR_UNSPECIFIED: unspecified certificate verification error\fR" 4 +.IX Item "X509_V_ERR_UNSPECIFIED: unspecified certificate verification error" +Unspecified error; should not happen. +.IP "\fBX509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certificate\fR" 4 +.IX Item "X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certificate" +The issuer certificate of a locally looked up certificate could not be found. +This normally means the list of trusted certificates is not complete. +.IP "\fBX509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate \s-1CRL\s0\fR" 4 +.IX Item "X509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate CRL" +The \s-1CRL\s0 of a certificate could not be found. +.IP "\fBX509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature\fR" 4 +.IX Item "X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature" +The certificate signature could not be decrypted. This means that the actual +signature value could not be determined rather than it not matching the +expected value, this is only meaningful for \s-1RSA\s0 keys. +.IP "\fBX509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt \s-1CRL\s0's signature\fR" 4 +.IX Item "X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt CRL's signature" +The \s-1CRL\s0 signature could not be decrypted: this means that the actual signature +value could not be determined rather than it not matching the expected value. +Unused. +.IP "\fBX509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: unable to decode issuer public key\fR" 4 +.IX Item "X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: unable to decode issuer public key" +The public key in the certificate \f(CW\*(C`SubjectPublicKeyInfo\*(C'\fR field could +not be read. +.IP "\fBX509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure\fR" 4 +.IX Item "X509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure" +The signature of the certificate is invalid. +.IP "\fBX509_V_ERR_CRL_SIGNATURE_FAILURE: \s-1CRL\s0 signature failure\fR" 4 +.IX Item "X509_V_ERR_CRL_SIGNATURE_FAILURE: CRL signature failure" +The signature of the certificate is invalid. +.IP "\fBX509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid\fR" 4 +.IX Item "X509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid" +The certificate is not yet valid: the \f(CW\*(C`notBefore\*(C'\fR date is after the +current time. +.IP "\fBX509_V_ERR_CERT_HAS_EXPIRED: certificate has expired\fR" 4 +.IX Item "X509_V_ERR_CERT_HAS_EXPIRED: certificate has expired" +The certificate has expired: that is the \f(CW\*(C`notAfter\*(C'\fR date is before the +current time. +.IP "\fBX509_V_ERR_CRL_NOT_YET_VALID: \s-1CRL\s0 is not yet valid\fR" 4 +.IX Item "X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid" +The \s-1CRL\s0 is not yet valid. +.IP "\fBX509_V_ERR_CRL_HAS_EXPIRED: \s-1CRL\s0 has expired\fR" 4 +.IX Item "X509_V_ERR_CRL_HAS_EXPIRED: CRL has expired" +The \s-1CRL\s0 has expired. +.IP "\fBX509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field\fR" 4 +.IX Item "X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field" +The certificate \fBnotBefore\fR field contains an invalid time. +.IP "\fBX509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: format error in certificate's notAfter field\fR" 4 +.IX Item "X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: format error in certificate's notAfter field" +The certificate \fBnotAfter\fR field contains an invalid time. +.IP "\fBX509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in \s-1CRL\s0's lastUpdate field\fR" 4 +.IX Item "X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in CRL's lastUpdate field" +The \s-1CRL\s0 \fBlastUpdate\fR field contains an invalid time. +.IP "\fBX509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in \s-1CRL\s0's nextUpdate field\fR" 4 +.IX Item "X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in CRL's nextUpdate field" +The \s-1CRL\s0 \fBnextUpdate\fR field contains an invalid time. +.IP "\fBX509_V_ERR_OUT_OF_MEM: out of memory\fR" 4 +.IX Item "X509_V_ERR_OUT_OF_MEM: out of memory" +An error occurred trying to allocate memory. +.IP "\fBX509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self signed certificate\fR" 4 +.IX Item "X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self signed certificate" +The passed certificate is self-signed and the same certificate cannot be found +in the list of trusted certificates. +.IP "\fBX509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain\fR" 4 +.IX Item "X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain" +The certificate chain could be built up using the untrusted certificates but +the root could not be found locally. +.IP "\fBX509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate\fR" 4 +.IX Item "X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate" +The issuer certificate could not be found: this occurs if the issuer certificate +of an untrusted certificate cannot be found. +.IP "\fBX509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate\fR" 4 +.IX Item "X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate" +No signatures could be verified because the chain contains only one certificate +and it is not self signed. +.IP "\fBX509_V_ERR_CERT_CHAIN_TOO_LONG: certificate chain too long\fR" 4 +.IX Item "X509_V_ERR_CERT_CHAIN_TOO_LONG: certificate chain too long" +The certificate chain length is greater than the supplied maximum depth. Unused. +.IP "\fBX509_V_ERR_CERT_REVOKED: certificate revoked\fR" 4 +.IX Item "X509_V_ERR_CERT_REVOKED: certificate revoked" +The certificate has been revoked. +.IP "\fBX509_V_ERR_INVALID_CA: invalid \s-1CA\s0 certificate\fR" 4 +.IX Item "X509_V_ERR_INVALID_CA: invalid CA certificate" +A \s-1CA\s0 certificate is invalid. Either it is not a \s-1CA\s0 or its extensions are not +consistent with the supplied purpose. +.IP "\fBX509_V_ERR_PATH_LENGTH_EXCEEDED: path length constraint exceeded\fR" 4 +.IX Item "X509_V_ERR_PATH_LENGTH_EXCEEDED: path length constraint exceeded" +The basicConstraints path-length parameter has been exceeded. +.IP "\fBX509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose\fR" 4 +.IX Item "X509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose" +The supplied certificate cannot be used for the specified purpose. +.IP "\fBX509_V_ERR_CERT_UNTRUSTED: certificate not trusted\fR" 4 +.IX Item "X509_V_ERR_CERT_UNTRUSTED: certificate not trusted" +The root \s-1CA\s0 is not marked as trusted for the specified purpose. +.IP "\fBX509_V_ERR_CERT_REJECTED: certificate rejected\fR" 4 +.IX Item "X509_V_ERR_CERT_REJECTED: certificate rejected" +The root \s-1CA\s0 is marked to reject the specified purpose. +.IP "\fBX509_V_ERR_SUBJECT_ISSUER_MISMATCH: subject issuer mismatch\fR" 4 +.IX Item "X509_V_ERR_SUBJECT_ISSUER_MISMATCH: subject issuer mismatch" +The current candidate issuer certificate was rejected because its subject name +did not match the issuer name of the current certificate. +.IP "\fBX509_V_ERR_AKID_SKID_MISMATCH: authority and subject key identifier mismatch\fR" 4 +.IX Item "X509_V_ERR_AKID_SKID_MISMATCH: authority and subject key identifier mismatch" +The current candidate issuer certificate was rejected because its subject key +identifier was present and did not match the authority key identifier current +certificate. +Not used as of OpenSSL 1.1.0. +.IP "\fBX509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: authority and issuer serial number mismatch\fR" 4 +.IX Item "X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: authority and issuer serial number mismatch" +The current candidate issuer certificate was rejected because its issuer name +and serial number was present and did not match the authority key identifier of +the current certificate. +Not used as of OpenSSL 1.1.0. +.IP "\fBX509_V_ERR_KEYUSAGE_NO_CERTSIGN:key usage does not include certificate signing\fR" 4 +.IX Item "X509_V_ERR_KEYUSAGE_NO_CERTSIGN:key usage does not include certificate signing" +The current candidate issuer certificate was rejected because its \fBkeyUsage\fR +extension does not permit certificate signing. +Not used as of OpenSSL 1.1.0. +.IP "\fBX509_V_ERR_INVALID_EXTENSION: invalid or inconsistent certificate extension\fR" 4 +.IX Item "X509_V_ERR_INVALID_EXTENSION: invalid or inconsistent certificate extension" +A certificate extension had an invalid value (for example an incorrect +encoding) or some value inconsistent with other extensions. +.IP "\fBX509_V_ERR_INVALID_POLICY_EXTENSION: invalid or inconsistent certificate policy extension\fR" 4 +.IX Item "X509_V_ERR_INVALID_POLICY_EXTENSION: invalid or inconsistent certificate policy extension" +A certificate policies extension had an invalid value (for example an incorrect +encoding) or some value inconsistent with other extensions. This error only +occurs if policy processing is enabled. +.IP "\fBX509_V_ERR_NO_EXPLICIT_POLICY: no explicit policy\fR" 4 +.IX Item "X509_V_ERR_NO_EXPLICIT_POLICY: no explicit policy" +The verification flags were set to require and explicit policy but none was +present. +.IP "\fBX509_V_ERR_DIFFERENT_CRL_SCOPE: Different \s-1CRL\s0 scope\fR" 4 +.IX Item "X509_V_ERR_DIFFERENT_CRL_SCOPE: Different CRL scope" +The only CRLs that could be found did not match the scope of the certificate. +.IP "\fBX509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE: Unsupported extension feature\fR" 4 +.IX Item "X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE: Unsupported extension feature" +Some feature of a certificate extension is not supported. Unused. +.IP "\fBX509_V_ERR_PERMITTED_VIOLATION: permitted subtree violation\fR" 4 +.IX Item "X509_V_ERR_PERMITTED_VIOLATION: permitted subtree violation" +A name constraint violation occurred in the permitted subtrees. +.IP "\fBX509_V_ERR_EXCLUDED_VIOLATION: excluded subtree violation\fR" 4 +.IX Item "X509_V_ERR_EXCLUDED_VIOLATION: excluded subtree violation" +A name constraint violation occurred in the excluded subtrees. +.IP "\fBX509_V_ERR_SUBTREE_MINMAX: name constraints minimum and maximum not supported\fR" 4 +.IX Item "X509_V_ERR_SUBTREE_MINMAX: name constraints minimum and maximum not supported" +A certificate name constraints extension included a minimum or maximum field: +this is not supported. +.IP "\fBX509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: unsupported name constraint type\fR" 4 +.IX Item "X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: unsupported name constraint type" +An unsupported name constraint type was encountered. OpenSSL currently only +supports directory name, \s-1DNS\s0 name, email and \s-1URI\s0 types. +.IP "\fBX509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: unsupported or invalid name constraint syntax\fR" 4 +.IX Item "X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: unsupported or invalid name constraint syntax" +The format of the name constraint is not recognised: for example an email +address format of a form not mentioned in \s-1RFC3280\s0. This could be caused by +a garbage extension or some new feature not currently supported. +.IP "\fBX509_V_ERR_CRL_PATH_VALIDATION_ERROR: \s-1CRL\s0 path validation error\fR" 4 +.IX Item "X509_V_ERR_CRL_PATH_VALIDATION_ERROR: CRL path validation error" +An error occurred when attempting to verify the \s-1CRL\s0 path. This error can only +happen if extended \s-1CRL\s0 checking is enabled. +.IP "\fBX509_V_ERR_APPLICATION_VERIFICATION: application verification failure\fR" 4 +.IX Item "X509_V_ERR_APPLICATION_VERIFICATION: application verification failure" +An application specific error. This will never be returned unless explicitly +set by an application callback. +.IP "\fBX509_V_ERR_UNABLE_TO_GET_CRL_ISSUER: unable to get \s-1CRL\s0 issuer certificate\fR" 4 +.IX Item "X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER: unable to get CRL issuer certificate" +Unable to get \s-1CRL\s0 issuer certificate. +.IP "\fBX509_V_ERR_UNHANDLED_CRITICAL_EXTENSION: unhandled critical extension\fR" 4 +.IX Item "X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION: unhandled critical extension" +Unhandled critical extension. +.IP "\fBX509_V_ERR_KEYUSAGE_NO_CRL_SIGN: key usage does not include \s-1CRL\s0 signing\fR" 4 +.IX Item "X509_V_ERR_KEYUSAGE_NO_CRL_SIGN: key usage does not include CRL signing" +Key usage does not include \s-1CRL\s0 signing. +.IP "\fBX509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION: unhandled critical \s-1CRL\s0 extension\fR" 4 +.IX Item "X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION: unhandled critical CRL extension" +Unhandled critical \s-1CRL\s0 extension. +.IP "\fBX509_V_ERR_INVALID_NON_CA: invalid non-CA certificate (has \s-1CA\s0 markings)\fR" 4 +.IX Item "X509_V_ERR_INVALID_NON_CA: invalid non-CA certificate (has CA markings)" +Invalid non-CA certificate has \s-1CA\s0 markings. +.IP "\fBX509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED: proxy path length contraint exceeded\fR" 4 +.IX Item "X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED: proxy path length contraint exceeded" +Proxy path length constraint exceeded. +.IP "\fBX509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE: key usage does not include digital signature\fR" 4 +.IX Item "X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE: key usage does not include digital signature" +Key usage does not include digital signature, and therefore cannot sign +certificates. +.IP "\fBX509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED: proxy certificates not allowed, please set the appropriate flag\fR" 4 +.IX Item "X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED: proxy certificates not allowed, please set the appropriate flag" +Proxy certificates not allowed unless the \fB\-allow_proxy_certs\fR option is used. +.IP "\fBX509_V_ERR_UNNESTED_RESOURCE: \s-1RFC\s0 3779 resource not subset of parent's resrouces\fR" 4 +.IX Item "X509_V_ERR_UNNESTED_RESOURCE: RFC 3779 resource not subset of parent's resrouces" +See \s-1RFC\s0 3779 for details. +.IP "\fBX509_V_ERR_UNSUPPORTED_NAME_SYNTAX: unsupported or invalid name syntax\fR" 4 +.IX Item "X509_V_ERR_UNSUPPORTED_NAME_SYNTAX: unsupported or invalid name syntax" +Unsupported or invalid name syntax. +.IP "\fBX509_V_ERR_PATH_LOOP: path loop\fR" 4 +.IX Item "X509_V_ERR_PATH_LOOP: path loop" +Path loop. +.IP "\fBX509_V_ERR_HOSTNAME_MISMATCH: hostname mismatch\fR" 4 +.IX Item "X509_V_ERR_HOSTNAME_MISMATCH: hostname mismatch" +Hostname mismatch. +.IP "\fBX509_V_ERR_EMAIL_MISMATCH: email address mismatch\fR" 4 +.IX Item "X509_V_ERR_EMAIL_MISMATCH: email address mismatch" +Email address mismatch. +.IP "\fBX509_V_ERR_IP_ADDRESS_MISMATCH: \s-1IP\s0 address mismatch\fR" 4 +.IX Item "X509_V_ERR_IP_ADDRESS_MISMATCH: IP address mismatch" +\&\s-1IP\s0 address mismatch. +.IP "\fBX509_V_ERR_DANE_NO_MATCH: no matching \s-1DANE\s0 \s-1TLSA\s0 records\fR" 4 +.IX Item "X509_V_ERR_DANE_NO_MATCH: no matching DANE TLSA records" +\&\s-1DANE\s0 \s-1TLSA\s0 authentication is enabled, but no \s-1TLSA\s0 records matched the +certificate chain. +This error is only possible in \fIopenssl\-s_client\fR\|(1). +.IP "\fBX509_V_ERR_EE_KEY_TOO_SMALL: \s-1EE\s0 certificate key too weak\fR" 4 +.IX Item "X509_V_ERR_EE_KEY_TOO_SMALL: EE certificate key too weak" +\&\s-1EE\s0 certificate key too weak. +.IP "\fBX509_ERR_CA_KEY_TOO_SMALL: \s-1CA\s0 certificate key too weak\fR" 4 +.IX Item "X509_ERR_CA_KEY_TOO_SMALL: CA certificate key too weak" +\&\s-1CA\s0 certificate key too weak. +.IP "\fBX509_ERR_CA_MD_TOO_WEAK: \s-1CA\s0 signature digest algorithm too weak\fR" 4 +.IX Item "X509_ERR_CA_MD_TOO_WEAK: CA signature digest algorithm too weak" +\&\s-1CA\s0 signature digest algorithm too weak. +.IP "\fBX509_V_ERR_INVALID_CALL: invalid certificate verification context\fR" 4 +.IX Item "X509_V_ERR_INVALID_CALL: invalid certificate verification context" +invalid certificate verification context. +.IP "\fBX509_V_ERR_STORE_LOOKUP: issuer certificate lookup error\fR" 4 +.IX Item "X509_V_ERR_STORE_LOOKUP: issuer certificate lookup error" +Issuer certificate lookup error. +.IP "\fBX509_V_ERR_NO_VALID_SCTS: certificate transparency required, but no valid SCTs found\fR" 4 +.IX Item "X509_V_ERR_NO_VALID_SCTS: certificate transparency required, but no valid SCTs found" +Certificate Transparency required, but no valid SCTs found. +.IP "\fBX509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION: proxy subject name violation\fR" 4 +.IX Item "X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION: proxy subject name violation" +Proxy subject name violation. +.IP "\fBX509_V_ERR_OCSP_VERIFY_NEEDED: \s-1OCSP\s0 verification needed\fR" 4 +.IX Item "X509_V_ERR_OCSP_VERIFY_NEEDED: OCSP verification needed" +Returned by the verify callback to indicate an \s-1OCSP\s0 verification is needed. +.IP "\fBX509_V_ERR_OCSP_VERIFY_FAILED: \s-1OCSP\s0 verification failed\fR" 4 +.IX Item "X509_V_ERR_OCSP_VERIFY_FAILED: OCSP verification failed" +Returned by the verify callback to indicate \s-1OCSP\s0 verification failed. +.IP "\fBX509_V_ERR_OCSP_CERT_UNKNOWN: \s-1OCSP\s0 unknown cert\fR" 4 +.IX Item "X509_V_ERR_OCSP_CERT_UNKNOWN: OCSP unknown cert" +Returned by the verify callback to indicate that the certificate is not +recognized by the \s-1OCSP\s0 responder. +.IP "\fB509_V_ERROR_NO_ISSUER_PUBLI_KEY, issuer certificate doesn't have a public key\fR" 4 +.IX Item "509_V_ERROR_NO_ISSUER_PUBLI_KEY, issuer certificate doesn't have a public key" +The issuer certificate does not have a public key. +.IP "\fBX509_V_ERROR_SIGNATURE_ALGORITHM_MISMATCH, Subject signature algorithm and issuer public key algoritm mismatch\fR" 4 +.IX Item "X509_V_ERROR_SIGNATURE_ALGORITHM_MISMATCH, Subject signature algorithm and issuer public key algoritm mismatch" +The issuer's public key is not of the type required by the signature in +the subject's certificate. +.SH "NOTES" +.IX Header "NOTES" +The above functions should be used instead of directly referencing the fields +in the \fBX509_VERIFY_CTX\fR structure. +.PP +In versions of OpenSSL before 1.0 the current certificate returned by +\&\fIX509_STORE_CTX_get_current_cert()\fR was never \fB\s-1NULL\s0\fR. Applications should +check the return value before printing out any debugging information relating +to the current certificate. +.PP +If an unrecognised error code is passed to \fIX509_verify_cert_error_string()\fR the +numerical value of the unknown code is returned in a static buffer. This is not +thread safe but will never happen unless an invalid code is passed. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIX509_verify_cert\fR\|(3), +\&\fIX509_up_ref\fR\|(3), +\&\fIX509_free\fR\|(3). +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2009\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/X509_STORE_CTX_new.3 b/linux_amd64/ssl/share/man/man3/X509_STORE_CTX_new.3 new file mode 100755 index 0000000..d4d8b63 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/X509_STORE_CTX_new.3 @@ -0,0 +1,296 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_STORE_CTX_NEW 3" +.TH X509_STORE_CTX_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_STORE_CTX_new, X509_STORE_CTX_cleanup, X509_STORE_CTX_free, +X509_STORE_CTX_init, X509_STORE_CTX_set0_trusted_stack, X509_STORE_CTX_set_cert, +X509_STORE_CTX_set0_crls, +X509_STORE_CTX_get0_chain, X509_STORE_CTX_set0_verified_chain, +X509_STORE_CTX_get0_param, X509_STORE_CTX_set0_param, +X509_STORE_CTX_get0_untrusted, X509_STORE_CTX_set0_untrusted, +X509_STORE_CTX_get_num_untrusted, +X509_STORE_CTX_set_default, +X509_STORE_CTX_set_verify, +X509_STORE_CTX_verify_fn +\&\- X509_STORE_CTX initialisation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& X509_STORE_CTX *X509_STORE_CTX_new(void); +\& void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx); +\& void X509_STORE_CTX_free(X509_STORE_CTX *ctx); +\& +\& int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, +\& X509 *x509, STACK_OF(X509) *chain); +\& +\& void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); +\& +\& void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x); +\& STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx); +\& void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *chain); +\& void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk); +\& +\& X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx); +\& void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param); +\& int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name); +\& +\& STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx); +\& void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); +\& +\& int X509_STORE_CTX_get_num_untrusted(X509_STORE_CTX *ctx); +\& +\& typedef int (*X509_STORE_CTX_verify_fn)(X509_STORE_CTX *); +\& void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, X509_STORE_CTX_verify_fn verify); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions initialise an \fBX509_STORE_CTX\fR structure for subsequent use +by \fIX509_verify_cert()\fR. +.PP +\&\fIX509_STORE_CTX_new()\fR returns a newly initialised \fBX509_STORE_CTX\fR structure. +.PP +\&\fIX509_STORE_CTX_cleanup()\fR internally cleans up an \fBX509_STORE_CTX\fR structure. +The context can then be reused with an new call to \fIX509_STORE_CTX_init()\fR. +.PP +\&\fIX509_STORE_CTX_free()\fR completely frees up \fBctx\fR. After this call \fBctx\fR +is no longer valid. +If \fBctx\fR is \s-1NULL\s0 nothing is done. +.PP +\&\fIX509_STORE_CTX_init()\fR sets up \fBctx\fR for a subsequent verification operation. +It must be called before each call to \fIX509_verify_cert()\fR, i.e. a \fBctx\fR is only +good for one call to \fIX509_verify_cert()\fR; if you want to verify a second +certificate with the same \fBctx\fR then you must call \fIX509_STORE_CTX_cleanup()\fR +and then \fIX509_STORE_CTX_init()\fR again before the second call to +\&\fIX509_verify_cert()\fR. The trusted certificate store is set to \fBstore\fR, the end +entity certificate to be verified is set to \fBx509\fR and a set of additional +certificates (which will be untrusted but may be used to build the chain) in +\&\fBchain\fR. Any or all of the \fBstore\fR, \fBx509\fR and \fBchain\fR parameters can be +\&\fB\s-1NULL\s0\fR. +.PP +\&\fIX509_STORE_CTX_set0_trusted_stack()\fR sets the set of trusted certificates of +\&\fBctx\fR to \fBsk\fR. This is an alternative way of specifying trusted certificates +instead of using an \fBX509_STORE\fR. +.PP +\&\fIX509_STORE_CTX_set_cert()\fR sets the certificate to be verified in \fBctx\fR to +\&\fBx\fR. +.PP +\&\fIX509_STORE_CTX_set0_verified_chain()\fR sets the validated chain used +by \fBctx\fR to be \fBchain\fR. +Ownership of the chain is transferred to \fBctx\fR and should not be +free'd by the caller. +\&\fIX509_STORE_CTX_get0_chain()\fR returns a the internal pointer used by the +\&\fBctx\fR that contains the validated chain. +.PP +\&\fIX509_STORE_CTX_set0_crls()\fR sets a set of CRLs to use to aid certificate +verification to \fBsk\fR. These CRLs will only be used if \s-1CRL\s0 verification is +enabled in the associated \fBX509_VERIFY_PARAM\fR structure. This might be +used where additional \*(L"useful\*(R" CRLs are supplied as part of a protocol, +for example in a PKCS#7 structure. +.PP +\&\fIX509_STORE_CTX_get0_param()\fR retrieves an internal pointer +to the verification parameters associated with \fBctx\fR. +.PP +\&\fIX509_STORE_CTX_get0_untrusted()\fR retrieves an internal pointer to the +stack of untrusted certificates associated with \fBctx\fR. +.PP +\&\fIX509_STORE_CTX_set0_untrusted()\fR sets the internal point to the stack +of untrusted certificates associated with \fBctx\fR to \fBsk\fR. +.PP +\&\fIX509_STORE_CTX_set0_param()\fR sets the internal verification parameter pointer +to \fBparam\fR. After this call \fBparam\fR should not be used. +.PP +\&\fIX509_STORE_CTX_set_default()\fR looks up and sets the default verification +method to \fBname\fR. This uses the function \fIX509_VERIFY_PARAM_lookup()\fR to +find an appropriate set of parameters from \fBname\fR. +.PP +\&\fIX509_STORE_CTX_get_num_untrusted()\fR returns the number of untrusted certificates +that were used in building the chain following a call to \fIX509_verify_cert()\fR. +.PP +\&\fIX509_STORE_CTX_set_verify()\fR provides the capability for overriding the default +verify function. This function is responsible for verifying chain signatures and +expiration times. +.PP +A verify function is defined as an X509_STORE_CTX_verify type which has the +following signature: +.PP +.Vb 1 +\& int (*verify)(X509_STORE_CTX *); +.Ve +.PP +This function should receive the current X509_STORE_CTX as a parameter and +return 1 on success or 0 on failure. +.SH "NOTES" +.IX Header "NOTES" +The certificates and CRLs in a store are used internally and should \fBnot\fR +be freed up until after the associated \fBX509_STORE_CTX\fR is freed. +.SH "BUGS" +.IX Header "BUGS" +The certificates and CRLs in a context are used internally and should \fBnot\fR +be freed up until after the associated \fBX509_STORE_CTX\fR is freed. Copies +should be made or reference counts increased instead. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_STORE_CTX_new()\fR returns an newly allocates context or \fB\s-1NULL\s0\fR is an +error occurred. +.PP +\&\fIX509_STORE_CTX_init()\fR returns 1 for success or 0 if an error occurred. +.PP +\&\fIX509_STORE_CTX_get0_param()\fR returns a pointer to an \fBX509_VERIFY_PARAM\fR +structure or \fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fIX509_STORE_CTX_cleanup()\fR, \fIX509_STORE_CTX_free()\fR, +\&\fIX509_STORE_CTX_set0_trusted_stack()\fR, +\&\fIX509_STORE_CTX_set_cert()\fR, +\&\fIX509_STORE_CTX_set0_crls()\fR and \fIX509_STORE_CTX_set0_param()\fR do not return +values. +.PP +\&\fIX509_STORE_CTX_set_default()\fR returns 1 for success or 0 if an error occurred. +.PP +\&\fIX509_STORE_CTX_get_num_untrusted()\fR returns the number of untrusted certificates +used. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIX509_verify_cert\fR\|(3) +\&\fIX509_VERIFY_PARAM_set_flags\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fIX509_STORE_CTX_set0_crls()\fR function was added in OpenSSL 1.0.0. +The \fIX509_STORE_CTX_get_num_untrusted()\fR function was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2009\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/X509_STORE_CTX_set_verify_cb.3 b/linux_amd64/ssl/share/man/man3/X509_STORE_CTX_set_verify_cb.3 new file mode 100755 index 0000000..f08c266 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/X509_STORE_CTX_set_verify_cb.3 @@ -0,0 +1,348 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_STORE_CTX_SET_VERIFY_CB 3" +.TH X509_STORE_CTX_SET_VERIFY_CB 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_STORE_CTX_get_cleanup, +X509_STORE_CTX_get_lookup_crls, +X509_STORE_CTX_get_lookup_certs, +X509_STORE_CTX_get_check_policy, +X509_STORE_CTX_get_cert_crl, +X509_STORE_CTX_get_check_crl, +X509_STORE_CTX_get_get_crl, +X509_STORE_CTX_get_check_revocation, +X509_STORE_CTX_get_check_issued, +X509_STORE_CTX_get_get_issuer, +X509_STORE_CTX_get_verify_cb, +X509_STORE_CTX_set_verify_cb, +X509_STORE_CTX_verify_cb, +X509_STORE_CTX_print_verify_cb +\&\- get and set X509_STORE_CTX components such as verification callback +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *); +\& int X509_STORE_CTX_print_verify_cb(int ok, X509_STORE_CTX *ctx); +\& +\& X509_STORE_CTX_verify_cb X509_STORE_CTX_get_verify_cb(X509_STORE_CTX *ctx); +\& +\& void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, +\& X509_STORE_CTX_verify_cb verify_cb); +\& +\& X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(X509_STORE_CTX *ctx); +\& X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(X509_STORE_CTX *ctx); +\& X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(X509_STORE_CTX *ctx); +\& X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(X509_STORE_CTX *ctx); +\& X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(X509_STORE_CTX *ctx); +\& X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(X509_STORE_CTX *ctx); +\& X509_STORE_CTX_check_policy_fn X509_STORE_CTX_get_check_policy(X509_STORE_CTX *ctx); +\& X509_STORE_CTX_lookup_certs_fn X509_STORE_CTX_get_lookup_certs(X509_STORE_CTX *ctx); +\& X509_STORE_CTX_lookup_crls_fn X509_STORE_CTX_get_lookup_crls(X509_STORE_CTX *ctx); +\& X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(X509_STORE_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIX509_STORE_CTX_set_verify_cb()\fR sets the verification callback of \fBctx\fR to +\&\fBverify_cb\fR overwriting any existing callback. +.PP +The verification callback can be used to customise the operation of certificate +verification, either by overriding error conditions or logging errors for +debugging purposes. +.PP +However a verification callback is \fBnot\fR essential and the default operation +is often sufficient. +.PP +The \fBok\fR parameter to the callback indicates the value the callback should +return to retain the default behaviour. If it is zero then an error condition +is indicated. If it is 1 then no error occurred. If the flag +\&\fBX509_V_FLAG_NOTIFY_POLICY\fR is set then \fBok\fR is set to 2 to indicate the +policy checking is complete. +.PP +The \fBctx\fR parameter to the callback is the \fBX509_STORE_CTX\fR structure that +is performing the verification operation. A callback can examine this +structure and receive additional information about the error, for example +by calling \fIX509_STORE_CTX_get_current_cert()\fR. Additional application data can +be passed to the callback via the \fBex_data\fR mechanism. +.PP +\&\fIX509_STORE_CTX_print_verify_cb()\fR is a verification callback function that, +when a certificate verification has failed, adds an entry to the error queue +with code \fBX509_R_CERTIFICATE_VERIFICATION_FAILED\fR and with diagnostic details, +including the most relevant fields of the target certificate that failed to +verify and, if appropriate, of the available untrusted and trusted certificates. +.PP +\&\fIX509_STORE_CTX_get_verify_cb()\fR returns the value of the current callback +for the specific \fBctx\fR. +.PP +\&\fIX509_STORE_CTX_get_get_issuer()\fR, +\&\fIX509_STORE_CTX_get_check_issued()\fR, \fIX509_STORE_CTX_get_check_revocation()\fR, +\&\fIX509_STORE_CTX_get_get_crl()\fR, \fIX509_STORE_CTX_get_check_crl()\fR, +\&\fIX509_STORE_CTX_get_cert_crl()\fR, \fIX509_STORE_CTX_get_check_policy()\fR, +\&\fIX509_STORE_CTX_get_lookup_certs()\fR, \fIX509_STORE_CTX_get_lookup_crls()\fR +and \fIX509_STORE_CTX_get_cleanup()\fR return the function pointers cached +from the corresponding \fBX509_STORE\fR, please see +\&\fIX509_STORE_set_verify\fR\|(3) for more information. +.SH "WARNINGS" +.IX Header "WARNINGS" +In general a verification callback should \fB\s-1NOT\s0\fR unconditionally return 1 in +all circumstances because this will allow verification to succeed no matter +what the error. This effectively removes all security from the application +because \fBany\fR certificate (including untrusted generated ones) will be +accepted. +.SH "NOTES" +.IX Header "NOTES" +The verification callback can be set and inherited from the parent structure +performing the operation. In some cases (such as S/MIME verification) the +\&\fBX509_STORE_CTX\fR structure is created and destroyed internally and the +only way to set a custom verification callback is by inheriting it from the +associated \fBX509_STORE\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_STORE_CTX_set_verify_cb()\fR does not return a value. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Default callback operation: +.PP +.Vb 3 +\& int verify_callback(int ok, X509_STORE_CTX *ctx) { +\& return ok; +\& } +.Ve +.PP +Simple example, suppose a certificate in the chain is expired and we wish +to continue after this error: +.PP +.Vb 7 +\& int verify_callback(int ok, X509_STORE_CTX *ctx) { +\& /* Tolerate certificate expiration */ +\& if (X509_STORE_CTX_get_error(ctx) == X509_V_ERR_CERT_HAS_EXPIRED) +\& return 1; +\& /* Otherwise don\*(Aqt override */ +\& return ok; +\& } +.Ve +.PP +More complex example, we don't wish to continue after \fBany\fR certificate has +expired just one specific case: +.PP +.Vb 4 +\& int verify_callback(int ok, X509_STORE_CTX *ctx) +\& { +\& int err = X509_STORE_CTX_get_error(ctx); +\& X509 *err_cert = X509_STORE_CTX_get_current_cert(ctx); +\& +\& if (err == X509_V_ERR_CERT_HAS_EXPIRED) { +\& if (check_is_acceptable_expired_cert(err_cert) +\& return 1; +\& } +\& return ok; +\& } +.Ve +.PP +Full featured logging callback. In this case the \fBbio_err\fR is assumed to be +a global logging \fB\s-1BIO\s0\fR, an alternative would to store a \s-1BIO\s0 in \fBctx\fR using +\&\fBex_data\fR. +.PP +.Vb 4 +\& int verify_callback(int ok, X509_STORE_CTX *ctx) +\& { +\& X509 *err_cert; +\& int err, depth; +\& +\& err_cert = X509_STORE_CTX_get_current_cert(ctx); +\& err = X509_STORE_CTX_get_error(ctx); +\& depth = X509_STORE_CTX_get_error_depth(ctx); +\& +\& BIO_printf(bio_err, "depth=%d ", depth); +\& if (err_cert) { +\& X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert), +\& 0, XN_FLAG_ONELINE); +\& BIO_puts(bio_err, "\en"); +\& } +\& else +\& BIO_puts(bio_err, "\en"); +\& if (!ok) +\& BIO_printf(bio_err, "verify error:num=%d:%s\en", err, +\& X509_verify_cert_error_string(err)); +\& switch (err) { +\& case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: +\& BIO_puts(bio_err, "issuer= "); +\& X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert), +\& 0, XN_FLAG_ONELINE); +\& BIO_puts(bio_err, "\en"); +\& break; +\& case X509_V_ERR_CERT_NOT_YET_VALID: +\& case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: +\& BIO_printf(bio_err, "notBefore="); +\& ASN1_TIME_print(bio_err, X509_get_notBefore(err_cert)); +\& BIO_printf(bio_err, "\en"); +\& break; +\& case X509_V_ERR_CERT_HAS_EXPIRED: +\& case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: +\& BIO_printf(bio_err, "notAfter="); +\& ASN1_TIME_print(bio_err, X509_get_notAfter(err_cert)); +\& BIO_printf(bio_err, "\en"); +\& break; +\& case X509_V_ERR_NO_EXPLICIT_POLICY: +\& policies_print(bio_err, ctx); +\& break; +\& } +\& if (err == X509_V_OK && ok == 2) +\& /* print out policies */ +\& +\& BIO_printf(bio_err, "verify return:%d\en", ok); +\& return(ok); +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIX509_STORE_CTX_get_error\fR\|(3) +\&\fIX509_STORE_set_verify_cb_func\fR\|(3) +\&\fIX509_STORE_CTX_get_ex_new_index\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The +\&\fIX509_STORE_CTX_get_get_issuer()\fR, +\&\fIX509_STORE_CTX_get_check_issued()\fR, \fIX509_STORE_CTX_get_check_revocation()\fR, +\&\fIX509_STORE_CTX_get_get_crl()\fR, \fIX509_STORE_CTX_get_check_crl()\fR, +\&\fIX509_STORE_CTX_get_cert_crl()\fR, \fIX509_STORE_CTX_get_check_policy()\fR, +\&\fIX509_STORE_CTX_get_lookup_certs()\fR, \fIX509_STORE_CTX_get_lookup_crls()\fR +and \fIX509_STORE_CTX_get_cleanup()\fR functions were added in OpenSSL 1.1.0. +.PP +\&\fIX509_STORE_CTX_print_verify_cb()\fR was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2009\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/X509_STORE_add_cert.3 b/linux_amd64/ssl/share/man/man3/X509_STORE_add_cert.3 new file mode 100755 index 0000000..15f731e --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/X509_STORE_add_cert.3 @@ -0,0 +1,261 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_STORE_ADD_CERT 3" +.TH X509_STORE_ADD_CERT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_STORE, +X509_STORE_add_cert, X509_STORE_add_crl, X509_STORE_set_depth, +X509_STORE_set_flags, X509_STORE_set_purpose, X509_STORE_set_trust, +X509_STORE_add_lookup, +X509_STORE_load_file, X509_STORE_load_path, X509_STORE_load_store, +X509_STORE_set_default_paths, +X509_STORE_load_locations +\&\- X509_STORE manipulation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef x509_store_st X509_STORE; +\& +\& int X509_STORE_add_cert(X509_STORE *ctx, X509 *x); +\& int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x); +\& int X509_STORE_set_depth(X509_STORE *store, int depth); +\& int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags); +\& int X509_STORE_set_purpose(X509_STORE *ctx, int purpose); +\& int X509_STORE_set_trust(X509_STORE *ctx, int trust); +\& +\& X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *store, +\& X509_LOOKUP_METHOD *meth); +\& +\& int X509_STORE_set_default_paths(X509_STORE *ctx); +\& int X509_STORE_load_file(X509_STORE *ctx, const char *file); +\& int X509_STORE_load_path(X509_STORE *ctx, const char *dir); +\& int X509_STORE_load_store(X509_STORE *ctx, const char *uri); +.Ve +.PP +Deprecated: +.PP +.Vb 2 +\& int X509_STORE_load_locations(X509_STORE *ctx, +\& const char *file, const char *dir); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBX509_STORE\fR structure is intended to be a consolidated mechanism for +holding information about X.509 certificates and CRLs, and constructing +and validating chains of certificates terminating in trusted roots. +It admits multiple lookup mechanisms and efficient scaling performance +with large numbers of certificates, and a great deal of flexibility in +how validation and policy checks are performed. +.PP +\&\fIX509_STORE_new\fR\|(3) creates an empty \fBX509_STORE\fR structure, which contains +no information about trusted certificates or where such certificates +are located on disk, and is generally not usable. Normally, trusted +certificates will be added to the \fBX509_STORE\fR to prepare it for use, +via mechanisms such as \fIX509_STORE_add_lookup()\fR and \fIX509_LOOKUP_file()\fR, or +\&\fIPEM_read_bio_X509_AUX()\fR and \fIX509_STORE_add_cert()\fR. CRLs can also be added, +and many behaviors configured as desired. +.PP +Once the \fBX509_STORE\fR is suitably configured, \fIX509_STORE_CTX_new()\fR is +used to instantiate a single-use \fBX509_STORE_CTX\fR for each chain-building +and verification operation. That process includes providing the end-entity +certificate to be verified and an additional set of untrusted certificates +that may be used in chain-building. As such, it is expected that the +certificates included in the \fBX509_STORE\fR are certificates that represent +trusted entities such as root certificate authorities (CAs). +OpenSSL represents these trusted certificates internally as \fBX509\fR objects +with an associated \fBX509_CERT_AUX\fR, as are produced by +\&\fIPEM_read_bio_X509_AUX()\fR and similar routines that refer to X509_AUX. +The public interfaces that operate on such trusted certificates still +operate on pointers to \fBX509\fR objects, though. +.PP +\&\fIX509_STORE_add_cert()\fR and \fIX509_STORE_add_crl()\fR add the respective object +to the \fBX509_STORE\fR's local storage. Untrusted objects should not be +added in this way. The added object's reference count is incremented by one, +hence the caller retains ownership of the object and needs to free it when it +is no longer needed. +.PP +\&\fIX509_STORE_set_depth()\fR, \fIX509_STORE_set_flags()\fR, \fIX509_STORE_set_purpose()\fR, +\&\fIX509_STORE_set_trust()\fR, and \fIX509_STORE_set1_param()\fR set the default values +for the corresponding values used in certificate chain validation. Their +behavior is documented in the corresponding \fBX509_VERIFY_PARAM\fR manual +pages, e.g., \fIX509_VERIFY_PARAM_set_depth\fR\|(3). +.PP +\&\fIX509_STORE_add_lookup()\fR finds or creates a \fIX509_LOOKUP\fR\|(3) with the +\&\fIX509_LOOKUP_METHOD\fR\|(3) \fImeth\fR and adds it to the \fBX509_STORE\fR +\&\fIstore\fR. This also associates the \fBX509_STORE\fR with the lookup, so +\&\fBX509_LOOKUP\fR functions can look up objects in that store. +.PP +\&\fIX509_STORE_load_file()\fR loads trusted certificate(s) into an +\&\fBX509_STORE\fR from a given file. +.PP +\&\fIX509_STORE_load_path()\fR loads trusted certificate(s) into an +\&\fBX509_STORE\fR from a given directory path. +The certificates in the directory must be in hashed form, as +documented in \fIX509_LOOKUP_hash_dir\fR\|(3). +.PP +\&\fIX509_STORE_load_store()\fR loads trusted certificate(s) into an +\&\fBX509_STORE\fR from a store at a given \s-1URI\s0. +.PP +\&\fIX509_STORE_load_locations()\fR combines \fIX509_STORE_load_file()\fR and +\&\fIX509_STORE_load_dir()\fR for a given file and/or directory path. +It is permitted to specify just a file, just a directory, or both +paths. +.PP +\&\fIX509_STORE_set_default_paths()\fR is somewhat misnamed, in that it does not +set what default paths should be used for loading certificates. Instead, +it loads certificates into the \fBX509_STORE\fR from the hardcoded default +paths. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_STORE_add_cert()\fR, \fIX509_STORE_add_crl()\fR, \fIX509_STORE_set_depth()\fR, +\&\fIX509_STORE_set_flags()\fR, \fIX509_STORE_set_purpose()\fR, +\&\fIX509_STORE_set_trust()\fR, \fIX509_STORE_load_file()\fR, +\&\fIX509_STORE_load_path()\fR, \fIX509_STORE_load_store()\fR, +\&\fIX509_STORE_load_locations()\fR, and \fIX509_STORE_set_default_paths()\fR return +1 on success or 0 on failure. +.PP +\&\fIX509_STORE_add_lookup()\fR returns the found or created +\&\fIX509_LOOKUP\fR\|(3), or \s-1NULL\s0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIX509_LOOKUP_hash_dir\fR\|(3). +\&\fIX509_VERIFY_PARAM_set_depth\fR\|(3). +\&\fIX509_STORE_new\fR\|(3), +\&\fIX509_STORE_get0_param\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/X509_STORE_get0_param.3 b/linux_amd64/ssl/share/man/man3/X509_STORE_get0_param.3 new file mode 100755 index 0000000..6b66029 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/X509_STORE_get0_param.3 @@ -0,0 +1,187 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_STORE_GET0_PARAM 3" +.TH X509_STORE_GET0_PARAM 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_STORE_get0_param, X509_STORE_set1_param, +X509_STORE_get0_objects, X509_STORE_get1_all_certs +\&\- X509_STORE setter and getter functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx); +\& int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm); +\& STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *ctx); +\& STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *st); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIX509_STORE_set1_param()\fR sets the verification parameters +to \fBpm\fR for \fBctx\fR. +.PP +\&\fIX509_STORE_get0_param()\fR retrieves an internal pointer to the verification +parameters for \fBctx\fR. The returned pointer must not be freed by the +calling application +.PP +\&\fIX509_STORE_get0_objects()\fR retrieves an internal pointer to the store's +X509 object cache. The cache contains \fBX509\fR and \fBX509_CRL\fR objects. The +returned pointer must not be freed by the calling application. +.PP +\&\fIX509_STORE_get1_all_certs()\fR returns a list of all certificates in the store. +The caller is responsible for freeing the returned list. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_STORE_get0_param()\fR returns a pointer to an +\&\fBX509_VERIFY_PARAM\fR structure. +.PP +\&\fIX509_STORE_set1_param()\fR returns 1 for success and 0 for failure. +.PP +\&\fIX509_STORE_get0_objects()\fR returns a pointer to a stack of \fBX509_OBJECT\fR. +.PP +\&\fIX509_STORE_get1_all_certs()\fR returns a pointer to a stack of the retrieved +certificates on success, else \s-1NULL\s0. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIX509_STORE_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBX509_STORE_get0_param\fR and \fBX509_STORE_get0_objects\fR were added in +OpenSSL 1.1.0. +\&\fBX509_STORE_get1_certs\fR was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/X509_STORE_new.3 b/linux_amd64/ssl/share/man/man3/X509_STORE_new.3 new file mode 100755 index 0000000..7f987e6 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/X509_STORE_new.3 @@ -0,0 +1,180 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_STORE_NEW 3" +.TH X509_STORE_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_STORE_new, X509_STORE_up_ref, X509_STORE_free, X509_STORE_lock, +X509_STORE_unlock \- X509_STORE allocation, freeing and locking functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& X509_STORE *X509_STORE_new(void); +\& void X509_STORE_free(X509_STORE *v); +\& int X509_STORE_lock(X509_STORE *v); +\& int X509_STORE_unlock(X509_STORE *v); +\& int X509_STORE_up_ref(X509_STORE *v); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fIX509_STORE_new()\fR function returns a new X509_STORE. +.PP +\&\fIX509_STORE_up_ref()\fR increments the reference count associated with the +X509_STORE object. +.PP +\&\fIX509_STORE_lock()\fR locks the store from modification by other threads, +\&\fIX509_STORE_unlock()\fR unlocks it. +.PP +\&\fIX509_STORE_free()\fR frees up a single X509_STORE object. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_STORE_new()\fR returns a newly created X509_STORE or \s-1NULL\s0 if the call fails. +.PP +\&\fIX509_STORE_up_ref()\fR, \fIX509_STORE_lock()\fR and \fIX509_STORE_unlock()\fR return +1 for success and 0 for failure. +.PP +\&\fIX509_STORE_free()\fR does not return values. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIX509_STORE_set_verify_cb_func\fR\|(3) +\&\fIX509_STORE_get0_param\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fIX509_STORE_up_ref()\fR, \fIX509_STORE_lock()\fR and \fIX509_STORE_unlock()\fR +functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/X509_STORE_set_verify_cb_func.3 b/linux_amd64/ssl/share/man/man3/X509_STORE_set_verify_cb_func.3 new file mode 100755 index 0000000..ee13b30 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/X509_STORE_set_verify_cb_func.3 @@ -0,0 +1,386 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_STORE_SET_VERIFY_CB_FUNC 3" +.TH X509_STORE_SET_VERIFY_CB_FUNC 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_STORE_set_lookup_crls_cb, +X509_STORE_set_verify_func, +X509_STORE_get_cleanup, +X509_STORE_set_cleanup, +X509_STORE_get_lookup_crls, +X509_STORE_set_lookup_crls, +X509_STORE_get_lookup_certs, +X509_STORE_set_lookup_certs, +X509_STORE_get_check_policy, +X509_STORE_set_check_policy, +X509_STORE_get_cert_crl, +X509_STORE_set_cert_crl, +X509_STORE_get_check_crl, +X509_STORE_set_check_crl, +X509_STORE_get_get_crl, +X509_STORE_set_get_crl, +X509_STORE_get_check_revocation, +X509_STORE_set_check_revocation, +X509_STORE_get_check_issued, +X509_STORE_set_check_issued, +X509_STORE_get_get_issuer, +X509_STORE_set_get_issuer, +X509_STORE_CTX_get_verify, +X509_STORE_set_verify, +X509_STORE_get_verify_cb, +X509_STORE_set_verify_cb_func, X509_STORE_set_verify_cb, +X509_STORE_CTX_cert_crl_fn, X509_STORE_CTX_check_crl_fn, +X509_STORE_CTX_check_issued_fn, X509_STORE_CTX_check_policy_fn, +X509_STORE_CTX_check_revocation_fn, X509_STORE_CTX_cleanup_fn, +X509_STORE_CTX_get_crl_fn, X509_STORE_CTX_get_issuer_fn, +X509_STORE_CTX_lookup_certs_fn, X509_STORE_CTX_lookup_crls_fn +\&\- set verification callback +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef int (*X509_STORE_CTX_get_issuer_fn)(X509 **issuer, +\& X509_STORE_CTX *ctx, X509 *x); +\& typedef int (*X509_STORE_CTX_check_issued_fn)(X509_STORE_CTX *ctx, +\& X509 *x, X509 *issuer); +\& typedef int (*X509_STORE_CTX_check_revocation_fn)(X509_STORE_CTX *ctx); +\& typedef int (*X509_STORE_CTX_get_crl_fn)(X509_STORE_CTX *ctx, +\& X509_CRL **crl, X509 *x); +\& typedef int (*X509_STORE_CTX_check_crl_fn)(X509_STORE_CTX *ctx, X509_CRL *crl); +\& typedef int (*X509_STORE_CTX_cert_crl_fn)(X509_STORE_CTX *ctx, +\& X509_CRL *crl, X509 *x); +\& typedef int (*X509_STORE_CTX_check_policy_fn)(X509_STORE_CTX *ctx); +\& typedef STACK_OF(X509) *(*X509_STORE_CTX_lookup_certs_fn)(X509_STORE_CTX *ctx, +\& X509_NAME *nm); +\& typedef STACK_OF(X509_CRL) *(*X509_STORE_CTX_lookup_crls_fn)(X509_STORE_CTX *ctx, +\& X509_NAME *nm); +\& typedef int (*X509_STORE_CTX_cleanup_fn)(X509_STORE_CTX *ctx); +\& +\& void X509_STORE_set_verify_cb(X509_STORE *ctx, +\& X509_STORE_CTX_verify_cb verify_cb); +\& X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(X509_STORE_CTX *ctx); +\& +\& void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify); +\& X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx); +\& +\& void X509_STORE_set_get_issuer(X509_STORE *ctx, +\& X509_STORE_CTX_get_issuer_fn get_issuer); +\& X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(X509_STORE_CTX *ctx); +\& +\& void X509_STORE_set_check_issued(X509_STORE *ctx, +\& X509_STORE_CTX_check_issued_fn check_issued); +\& X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(X509_STORE_CTX *ctx); +\& +\& void X509_STORE_set_check_revocation(X509_STORE *ctx, +\& X509_STORE_CTX_check_revocation_fn check_revocation); +\& X509_STORE_CTX_check_revocation_fn X509_STORE_get_check_revocation(X509_STORE_CTX *ctx); +\& +\& void X509_STORE_set_get_crl(X509_STORE *ctx, +\& X509_STORE_CTX_get_crl_fn get_crl); +\& X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(X509_STORE_CTX *ctx); +\& +\& void X509_STORE_set_check_crl(X509_STORE *ctx, +\& X509_STORE_CTX_check_crl_fn check_crl); +\& X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(X509_STORE_CTX *ctx); +\& +\& void X509_STORE_set_cert_crl(X509_STORE *ctx, +\& X509_STORE_CTX_cert_crl_fn cert_crl); +\& X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(X509_STORE_CTX *ctx); +\& +\& void X509_STORE_set_check_policy(X509_STORE *ctx, +\& X509_STORE_CTX_check_policy_fn check_policy); +\& X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(X509_STORE_CTX *ctx); +\& +\& void X509_STORE_set_lookup_certs(X509_STORE *ctx, +\& X509_STORE_CTX_lookup_certs_fn lookup_certs); +\& X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(X509_STORE_CTX *ctx); +\& +\& void X509_STORE_set_lookup_crls(X509_STORE *ctx, +\& X509_STORE_CTX_lookup_crls_fn lookup_crls); +\& X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(X509_STORE_CTX *ctx); +\& +\& void X509_STORE_set_cleanup(X509_STORE *ctx, +\& X509_STORE_CTX_cleanup_fn cleanup); +\& X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(X509_STORE_CTX *ctx); +\& +\& /* Aliases */ +\& void X509_STORE_set_verify_cb_func(X509_STORE *st, +\& X509_STORE_CTX_verify_cb verify_cb); +\& void X509_STORE_set_verify_func(X509_STORE *ctx, +\& X509_STORE_CTX_verify_fn verify); +\& void X509_STORE_set_lookup_crls_cb(X509_STORE *ctx, +\& X509_STORE_CTX_lookup_crls_fn lookup_crls); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIX509_STORE_set_verify_cb()\fR sets the verification callback of \fBctx\fR to +\&\fBverify_cb\fR overwriting the previous callback. +The callback assigned with this function becomes a default for the one +that can be assigned directly to the corresponding \fBX509_STORE_CTX\fR, +please see \fIX509_STORE_CTX_set_verify_cb\fR\|(3) for further information. +.PP +\&\fIX509_STORE_set_verify()\fR sets the final chain verification function for +\&\fBctx\fR to \fBverify\fR. +Its purpose is to go through the chain of certificates and check that +all signatures are valid and that the current time is within the +limits of each certificate's first and last validity time. +The final chain verification functions must return 0 on failure and 1 +on success. +\&\fIIf no chain verification function is provided, the internal default +function will be used instead.\fR +.PP +\&\fIX509_STORE_set_get_issuer()\fR sets the function to get the issuer +certificate that verifies the given certificate \fBx\fR. +When found, the issuer certificate must be assigned to \fB*issuer\fR. +This function must return 0 on failure and 1 on success. +\&\fIIf no function to get the issuer is provided, the internal default +function will be used instead.\fR +.PP +\&\fIX509_STORE_set_check_issued()\fR sets the function to check that a given +certificate \fBx\fR is issued with the issuer certificate \fBissuer\fR. +This function must return 0 on failure (among others if \fBx\fR hasn't +been issued with \fBissuer\fR) and 1 on success. +\&\fIIf no function to get the issuer is provided, the internal default +function will be used instead.\fR +.PP +\&\fIX509_STORE_set_check_revocation()\fR sets the revocation checking +function. +Its purpose is to look through the final chain and check the +revocation status for each certificate. +It must return 0 on failure and 1 on success. +\&\fIIf no function to get the issuer is provided, the internal default +function will be used instead.\fR +.PP +\&\fIX509_STORE_set_get_crl()\fR sets the function to get the crl for a given +certificate \fBx\fR. +When found, the crl must be assigned to \fB*crl\fR. +This function must return 0 on failure and 1 on success. +\&\fIIf no function to get the issuer is provided, the internal default +function will be used instead.\fR +.PP +\&\fIX509_STORE_set_check_crl()\fR sets the function to check the validity of +the given \fBcrl\fR. +This function must return 0 on failure and 1 on success. +\&\fIIf no function to get the issuer is provided, the internal default +function will be used instead.\fR +.PP +\&\fIX509_STORE_set_cert_crl()\fR sets the function to check the revocation +status of the given certificate \fBx\fR against the given \fBcrl\fR. +This function must return 0 on failure and 1 on success. +\&\fIIf no function to get the issuer is provided, the internal default +function will be used instead.\fR +.PP +\&\fIX509_STORE_set_check_policy()\fR sets the function to check the policies +of all the certificates in the final chain.. +This function must return 0 on failure and 1 on success. +\&\fIIf no function to get the issuer is provided, the internal default +function will be used instead.\fR +.PP +\&\fIX509_STORE_set_lookup_certs()\fR and \fIX509_STORE_set_lookup_crls()\fR set the +functions to look up all the certs or all the CRLs that match the +given name \fBnm\fR. +These functions return \s-1NULL\s0 on failure and a pointer to a stack of +certificates (\fBX509\fR) or to a stack of CRLs (\fBX509_CRL\fR) on +success. +\&\fIIf no function to get the issuer is provided, the internal default +function will be used instead.\fR +.PP +\&\fIX509_STORE_set_cleanup()\fR sets the final cleanup function, which is +called when the context (\fBX509_STORE_CTX\fR) is being torn down. +This function doesn't return any value. +\&\fIIf no function to get the issuer is provided, the internal default +function will be used instead.\fR +.PP +\&\fIX509_STORE_get_verify_cb()\fR, \fIX509_STORE_CTX_get_verify()\fR, +\&\fIX509_STORE_get_get_issuer()\fR, \fIX509_STORE_get_check_issued()\fR, +\&\fIX509_STORE_get_check_revocation()\fR, \fIX509_STORE_get_get_crl()\fR, +\&\fIX509_STORE_get_check_crl()\fR, \fIX509_STORE_set_verify()\fR, +\&\fIX509_STORE_set_get_issuer()\fR, \fIX509_STORE_get_cert_crl()\fR, +\&\fIX509_STORE_get_check_policy()\fR, \fIX509_STORE_get_lookup_certs()\fR, +\&\fIX509_STORE_get_lookup_crls()\fR and \fIX509_STORE_get_cleanup()\fR all return +the function pointer assigned with \fIX509_STORE_set_check_issued()\fR, +\&\fIX509_STORE_set_check_revocation()\fR, \fIX509_STORE_set_get_crl()\fR, +\&\fIX509_STORE_set_check_crl()\fR, \fIX509_STORE_set_cert_crl()\fR, +\&\fIX509_STORE_set_check_policy()\fR, \fIX509_STORE_set_lookup_certs()\fR, +\&\fIX509_STORE_set_lookup_crls()\fR and \fIX509_STORE_set_cleanup()\fR, or \s-1NULL\s0 if +no assignment has been made. +.PP +\&\fIX509_STORE_set_verify_cb_func()\fR, \fIX509_STORE_set_verify_func()\fR and +\&\fIX509_STORE_set_lookup_crls_cb()\fR are aliases for +\&\fIX509_STORE_set_verify_cb()\fR, \fIX509_STORE_set_verify()\fR and +X509_STORE_set_lookup_crls, available as macros for backward +compatibility. +.SH "NOTES" +.IX Header "NOTES" +All the callbacks from a \fBX509_STORE\fR are inherited by the +corresponding \fBX509_STORE_CTX\fR structure when it is initialized. +See \fIX509_STORE_CTX_set_verify_cb\fR\|(3) for further details. +.SH "BUGS" +.IX Header "BUGS" +The macro version of this function was the only one available before +OpenSSL 1.0.0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The X509_STORE_set_*() functions do not return a value. +.PP +The X509_STORE_get_*() functions return a pointer of the appropriate +function type. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIX509_STORE_CTX_set_verify_cb\fR\|(3), \fIX509_STORE_CTX_get0_chain\fR\|(3), +\&\fIX509_STORE_CTX_verify_cb\fR\|(3), \fIX509_STORE_CTX_verify_fn\fR\|(3), +\&\fICMS_verify\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fIX509_STORE_set_verify_cb()\fR function was added in OpenSSL 1.0.0. +.PP +The functions +\&\fIX509_STORE_set_verify_cb()\fR, \fIX509_STORE_get_verify_cb()\fR, +\&\fIX509_STORE_set_verify()\fR, \fIX509_STORE_CTX_get_verify()\fR, +\&\fIX509_STORE_set_get_issuer()\fR, \fIX509_STORE_get_get_issuer()\fR, +\&\fIX509_STORE_set_check_issued()\fR, \fIX509_STORE_get_check_issued()\fR, +\&\fIX509_STORE_set_check_revocation()\fR, \fIX509_STORE_get_check_revocation()\fR, +\&\fIX509_STORE_set_get_crl()\fR, \fIX509_STORE_get_get_crl()\fR, +\&\fIX509_STORE_set_check_crl()\fR, \fIX509_STORE_get_check_crl()\fR, +\&\fIX509_STORE_set_cert_crl()\fR, \fIX509_STORE_get_cert_crl()\fR, +\&\fIX509_STORE_set_check_policy()\fR, \fIX509_STORE_get_check_policy()\fR, +\&\fIX509_STORE_set_lookup_certs()\fR, \fIX509_STORE_get_lookup_certs()\fR, +\&\fIX509_STORE_set_lookup_crls()\fR, \fIX509_STORE_get_lookup_crls()\fR, +\&\fIX509_STORE_set_cleanup()\fR and \fIX509_STORE_get_cleanup()\fR +were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2009\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/X509_VERIFY_PARAM_set_flags.3 b/linux_amd64/ssl/share/man/man3/X509_VERIFY_PARAM_set_flags.3 new file mode 100755 index 0000000..058e77d --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/X509_VERIFY_PARAM_set_flags.3 @@ -0,0 +1,505 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_VERIFY_PARAM_SET_FLAGS 3" +.TH X509_VERIFY_PARAM_SET_FLAGS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags, +X509_VERIFY_PARAM_get_flags, X509_VERIFY_PARAM_set_purpose, +X509_VERIFY_PARAM_get_inh_flags, X509_VERIFY_PARAM_set_inh_flags, +X509_VERIFY_PARAM_set_trust, X509_VERIFY_PARAM_set_depth, +X509_VERIFY_PARAM_get_depth, X509_VERIFY_PARAM_set_auth_level, +X509_VERIFY_PARAM_get_auth_level, X509_VERIFY_PARAM_set_time, +X509_VERIFY_PARAM_get_time, +X509_VERIFY_PARAM_add0_policy, X509_VERIFY_PARAM_set1_policies, +X509_VERIFY_PARAM_set1_host, X509_VERIFY_PARAM_add1_host, +X509_VERIFY_PARAM_set_hostflags, +X509_VERIFY_PARAM_get_hostflags, +X509_VERIFY_PARAM_get0_peername, +X509_VERIFY_PARAM_set1_email, X509_VERIFY_PARAM_set1_ip, +X509_VERIFY_PARAM_set1_ip_asc +\&\- X509 verification parameters +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, +\& unsigned long flags); +\& int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param, +\& unsigned long flags); +\& unsigned long X509_VERIFY_PARAM_get_flags(const X509_VERIFY_PARAM *param); +\& +\& int X509_VERIFY_PARAM_set_inh_flags(X509_VERIFY_PARAM *param, +\& uint32_t flags); +\& uint32_t X509_VERIFY_PARAM_get_inh_flags(const X509_VERIFY_PARAM *param); +\& +\& int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose); +\& int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust); +\& +\& void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t); +\& time_t X509_VERIFY_PARAM_get_time(const X509_VERIFY_PARAM *param); +\& +\& int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, +\& ASN1_OBJECT *policy); +\& int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, +\& STACK_OF(ASN1_OBJECT) *policies); +\& +\& void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth); +\& int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param); +\& +\& void X509_VERIFY_PARAM_set_auth_level(X509_VERIFY_PARAM *param, +\& int auth_level); +\& int X509_VERIFY_PARAM_get_auth_level(const X509_VERIFY_PARAM *param); +\& +\& int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, +\& const char *name, size_t namelen); +\& int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param, +\& const char *name, size_t namelen); +\& void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, +\& unsigned int flags); +\& unsigned int X509_VERIFY_PARAM_get_hostflags(const X509_VERIFY_PARAM *param); +\& char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param); +\& int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, +\& const char *email, size_t emaillen); +\& int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param, +\& const unsigned char *ip, size_t iplen); +\& int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions manipulate the \fBX509_VERIFY_PARAM\fR structure associated with +a certificate verification operation. +.PP +The \fIX509_VERIFY_PARAM_set_flags()\fR function sets the flags in \fBparam\fR by oring +it with \fBflags\fR. See the \fB\s-1VERIFICATION\s0 \s-1FLAGS\s0\fR section for a complete +description of values the \fBflags\fR parameter can take. +.PP +\&\fIX509_VERIFY_PARAM_get_flags()\fR returns the flags in \fBparam\fR. +.PP +\&\fIX509_VERIFY_PARAM_get_inh_flags()\fR returns the inheritance flags in \fBparam\fR +which specifies how verification flags are copied from one structure to +another. \fIX509_VERIFY_PARAM_set_inh_flags()\fR sets the inheritance flags. +See the \fB\s-1INHERITANCE\s0 \s-1FLAGS\s0\fR section for a description of these bits. +.PP +\&\fIX509_VERIFY_PARAM_clear_flags()\fR clears the flags \fBflags\fR in \fBparam\fR. +.PP +\&\fIX509_VERIFY_PARAM_set_purpose()\fR sets the verification purpose in \fBparam\fR +to \fBpurpose\fR. This determines the acceptable purpose of the certificate +chain, for example \s-1SSL\s0 client or \s-1SSL\s0 server. +.PP +\&\fIX509_VERIFY_PARAM_set_trust()\fR sets the trust setting in \fBparam\fR to +\&\fBtrust\fR. +.PP +\&\fIX509_VERIFY_PARAM_set_time()\fR sets the verification time in \fBparam\fR to +\&\fBt\fR. Normally the current time is used. +.PP +\&\fIX509_VERIFY_PARAM_add0_policy()\fR enables policy checking (it is disabled +by default) and adds \fBpolicy\fR to the acceptable policy set. +.PP +\&\fIX509_VERIFY_PARAM_set1_policies()\fR enables policy checking (it is disabled +by default) and sets the acceptable policy set to \fBpolicies\fR. Any existing +policy set is cleared. The \fBpolicies\fR parameter can be \fB\s-1NULL\s0\fR to clear +an existing policy set. +.PP +\&\fIX509_VERIFY_PARAM_set_depth()\fR sets the maximum verification depth to \fBdepth\fR. +That is the maximum number of intermediate \s-1CA\s0 certificates that can appear in a +chain. +A maximal depth chain contains 2 more certificates than the limit, since +neither the end-entity certificate nor the trust-anchor count against this +limit. +Thus a \fBdepth\fR limit of 0 only allows the end-entity certificate to be signed +directly by the trust-anchor, while with a \fBdepth\fR limit of 1 there can be one +intermediate \s-1CA\s0 certificate between the trust-anchor and the end-entity +certificate. +.PP +\&\fIX509_VERIFY_PARAM_set_auth_level()\fR sets the authentication security level to +\&\fBauth_level\fR. +The authentication security level determines the acceptable signature and public +key strength when verifying certificate chains. +For a certificate chain to validate, the public keys of all the certificates +must meet the specified security level. +The signature algorithm security level is not enforced for the chain's \fItrust +anchor\fR certificate, which is either directly trusted or validated by means other +than its signature. +See \fISSL_CTX_set_security_level\fR\|(3) for the definitions of the available +levels. +The default security level is \-1, or \*(L"not set\*(R". +At security level 0 or lower all algorithms are acceptable. +Security level 1 requires at least 80\-bit\-equivalent security and is broadly +interoperable, though it will, for example, reject \s-1MD5\s0 signatures or \s-1RSA\s0 keys +shorter than 1024 bits. +.PP +\&\fIX509_VERIFY_PARAM_set1_host()\fR sets the expected \s-1DNS\s0 hostname to +\&\fBname\fR clearing any previously specified hostname. If +\&\fBname\fR is \s-1NULL\s0, or empty the list of hostnames is cleared, and +name checks are not performed on the peer certificate. If \fBname\fR +is NUL-terminated, \fBnamelen\fR may be zero, otherwise \fBnamelen\fR +must be set to the length of \fBname\fR. +.PP +When a hostname is specified, +certificate verification automatically invokes \fIX509_check_host\fR\|(3) +with flags equal to the \fBflags\fR argument given to +\&\fIX509_VERIFY_PARAM_set_hostflags()\fR (default zero). Applications +are strongly advised to use this interface in preference to explicitly +calling \fIX509_check_host\fR\|(3), hostname checks may be out of scope +with the \s-1\fIDANE\-EE\s0\fR\|(3) certificate usage, and the internal check will +be suppressed as appropriate when \s-1DANE\s0 verification is enabled. +.PP +When the subject CommonName will not be ignored, whether as a result of the +\&\fBX509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT\fR host flag, or because no \s-1DNS\s0 subject +alternative names are present in the certificate, any \s-1DNS\s0 name constraints in +issuer certificates apply to the subject CommonName as well as the subject +alternative name extension. +.PP +When the subject CommonName will be ignored, whether as a result of the +\&\fBX509_CHECK_FLAG_NEVER_CHECK_SUBJECT\fR host flag, or because some \s-1DNS\s0 subject +alternative names are present in the certificate, \s-1DNS\s0 name constraints in +issuer certificates will not be applied to the subject \s-1DN\s0. +As described in \fIX509_check_host\fR\|(3) the \fBX509_CHECK_FLAG_NEVER_CHECK_SUBJECT\fR +flag takes precedence over the \fBX509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT\fR flag. +.PP +\&\fIX509_VERIFY_PARAM_get_hostflags()\fR returns any host flags previously set via a +call to \fIX509_VERIFY_PARAM_set_hostflags()\fR. +.PP +\&\fIX509_VERIFY_PARAM_add1_host()\fR adds \fBname\fR as an additional reference +identifier that can match the peer's certificate. Any previous names +set via \fIX509_VERIFY_PARAM_set1_host()\fR or \fIX509_VERIFY_PARAM_add1_host()\fR +are retained, no change is made if \fBname\fR is \s-1NULL\s0 or empty. When +multiple names are configured, the peer is considered verified when +any name matches. +.PP +\&\fIX509_VERIFY_PARAM_get0_peername()\fR returns the \s-1DNS\s0 hostname or subject +CommonName from the peer certificate that matched one of the reference +identifiers. When wildcard matching is not disabled, or when a +reference identifier specifies a parent domain (starts with \*(L".\*(R") +rather than a hostname, the peer name may be a wildcard name or a +sub-domain of the reference identifier respectively. The return +string is allocated by the library and is no longer valid once the +associated \fBparam\fR argument is freed. Applications must not free +the return value. +.PP +\&\fIX509_VERIFY_PARAM_set1_email()\fR sets the expected \s-1RFC822\s0 email address to +\&\fBemail\fR. If \fBemail\fR is NUL-terminated, \fBemaillen\fR may be zero, otherwise +\&\fBemaillen\fR must be set to the length of \fBemail\fR. When an email address +is specified, certificate verification automatically invokes +\&\fIX509_check_email\fR\|(3). +.PP +\&\fIX509_VERIFY_PARAM_set1_ip()\fR sets the expected \s-1IP\s0 address to \fBip\fR. +The \fBip\fR argument is in binary format, in network byte-order and +\&\fBiplen\fR must be set to 4 for IPv4 and 16 for IPv6. When an \s-1IP\s0 +address is specified, certificate verification automatically invokes +\&\fIX509_check_ip\fR\|(3). +.PP +\&\fIX509_VERIFY_PARAM_set1_ip_asc()\fR sets the expected \s-1IP\s0 address to +\&\fBipasc\fR. The \fBipasc\fR argument is a NUL-terminal \s-1ASCII\s0 string: +dotted decimal quad for IPv4 and colon-separated hexadecimal for +IPv6. The condensed \*(L"::\*(R" notation is supported for IPv6 addresses. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_VERIFY_PARAM_set_flags()\fR, \fIX509_VERIFY_PARAM_clear_flags()\fR, +\&\fIX509_VERIFY_PARAM_set_inh_flags()\fR, +\&\fIX509_VERIFY_PARAM_set_purpose()\fR, \fIX509_VERIFY_PARAM_set_trust()\fR, +\&\fIX509_VERIFY_PARAM_add0_policy()\fR \fIX509_VERIFY_PARAM_set1_policies()\fR, +\&\fIX509_VERIFY_PARAM_set1_host()\fR, \fIX509_VERIFY_PARAM_add1_host()\fR, +\&\fIX509_VERIFY_PARAM_set1_email()\fR, \fIX509_VERIFY_PARAM_set1_ip()\fR and +\&\fIX509_VERIFY_PARAM_set1_ip_asc()\fR return 1 for success and 0 for +failure. +.PP +\&\fIX509_VERIFY_PARAM_get_flags()\fR returns the current verification flags. +.PP +\&\fIX509_VERIFY_PARAM_get_hostflags()\fR returns any current host flags. +.PP +\&\fIX509_VERIFY_PARAM_get_inh_flags()\fR returns the current inheritance flags. +.PP +\&\fIX509_VERIFY_PARAM_set_time()\fR and \fIX509_VERIFY_PARAM_set_depth()\fR do not return +values. +.PP +\&\fIX509_VERIFY_PARAM_get_depth()\fR returns the current verification depth. +.PP +\&\fIX509_VERIFY_PARAM_get_auth_level()\fR returns the current authentication security +level. +.SH "VERIFICATION FLAGS" +.IX Header "VERIFICATION FLAGS" +The verification flags consists of zero or more of the following flags +ored together. +.PP +\&\fBX509_V_FLAG_CRL_CHECK\fR enables \s-1CRL\s0 checking for the certificate chain leaf +certificate. An error occurs if a suitable \s-1CRL\s0 cannot be found. +.PP +\&\fBX509_V_FLAG_CRL_CHECK_ALL\fR enables \s-1CRL\s0 checking for the entire certificate +chain. +.PP +\&\fBX509_V_FLAG_IGNORE_CRITICAL\fR disabled critical extension checking. By default +any unhandled critical extensions in certificates or (if checked) CRLs results +in a fatal error. If this flag is set unhandled critical extensions are +ignored. \fB\s-1WARNING\s0\fR setting this option for anything other than debugging +purposes can be a security risk. Finer control over which extensions are +supported can be performed in the verification callback. +.PP +The \fBX509_V_FLAG_X509_STRICT\fR flag disables workarounds for some broken +certificates and makes the verification strictly apply \fBX509\fR rules. +.PP +\&\fBX509_V_FLAG_ALLOW_PROXY_CERTS\fR enables proxy certificate verification. +.PP +\&\fBX509_V_FLAG_POLICY_CHECK\fR enables certificate policy checking, by default +no policy checking is performed. Additional information is sent to the +verification callback relating to policy checking. +.PP +\&\fBX509_V_FLAG_EXPLICIT_POLICY\fR, \fBX509_V_FLAG_INHIBIT_ANY\fR and +\&\fBX509_V_FLAG_INHIBIT_MAP\fR set the \fBrequire explicit policy\fR, \fBinhibit any +policy\fR and \fBinhibit policy mapping\fR flags respectively as defined in +\&\fB\s-1RFC3280\s0\fR. Policy checking is automatically enabled if any of these flags +are set. +.PP +If \fBX509_V_FLAG_NOTIFY_POLICY\fR is set and the policy checking is successful +a special status code is set to the verification callback. This permits it +to examine the valid policy tree and perform additional checks or simply +log it for debugging purposes. +.PP +By default some additional features such as indirect CRLs and CRLs signed by +different keys are disabled. If \fBX509_V_FLAG_EXTENDED_CRL_SUPPORT\fR is set +they are enabled. +.PP +If \fBX509_V_FLAG_USE_DELTAS\fR is set delta CRLs (if present) are used to +determine certificate status. If not set deltas are ignored. +.PP +\&\fBX509_V_FLAG_CHECK_SS_SIGNATURE\fR enables checking of the root \s-1CA\s0 self signed +certificate signature. By default this check is disabled because it doesn't +add any additional security but in some cases applications might want to +check the signature anyway. A side effect of not checking the root \s-1CA\s0 +signature is that disabled or unsupported message digests on the root \s-1CA\s0 +are not treated as fatal errors. +.PP +When \fBX509_V_FLAG_TRUSTED_FIRST\fR is set, construction of the certificate chain +in \fIX509_verify_cert\fR\|(3) will search the trust store for issuer certificates +before searching the provided untrusted certificates. +Local issuer certificates are often more likely to satisfy local security +requirements and lead to a locally trusted root. +This is especially important when some certificates in the trust store have +explicit trust settings (see \*(L"\s-1TRUST\s0 \s-1SETTINGS\s0\*(R" in \fIopenssl\-x509\fR\|(1)). +As of OpenSSL 1.1.0 this option is on by default. +.PP +The \fBX509_V_FLAG_NO_ALT_CHAINS\fR flag suppresses checking for alternative +chains. +By default, unless \fBX509_V_FLAG_TRUSTED_FIRST\fR is set, when building a +certificate chain, if the first certificate chain found is not trusted, then +OpenSSL will attempt to replace untrusted certificates supplied by the peer +with certificates from the trust store to see if an alternative chain can be +found that is trusted. +As of OpenSSL 1.1.0, with \fBX509_V_FLAG_TRUSTED_FIRST\fR always set, this option +has no effect. +.PP +The \fBX509_V_FLAG_PARTIAL_CHAIN\fR flag causes intermediate certificates in the +trust store to be treated as trust-anchors, in the same way as the self-signed +root \s-1CA\s0 certificates. +This makes it possible to trust certificates issued by an intermediate \s-1CA\s0 +without having to trust its ancestor root \s-1CA\s0. +With OpenSSL 1.1.0 and later and set, chain +construction stops as soon as the first certificate from the trust store is +added to the chain, whether that certificate is a self-signed \*(L"root\*(R" +certificate or a not self-signed intermediate certificate. +Thus, when an intermediate certificate is found in the trust store, the +verified chain passed to callbacks may be shorter than it otherwise would +be without the \fBX509_V_FLAG_PARTIAL_CHAIN\fR flag. +.PP +The \fBX509_V_FLAG_NO_CHECK_TIME\fR flag suppresses checking the validity period +of certificates and CRLs against the current time. If \fIX509_VERIFY_PARAM_set_time()\fR +is used to specify a verification time, the check is not suppressed. +.SH "INHERITANCE FLAGS" +.IX Header "INHERITANCE FLAGS" +These flags specify how parameters are \*(L"inherited\*(R" from one structure to +another. +.PP +If \fBX509_VP_FLAG_ONCE\fR is set then the current setting is zeroed +after the next call. +.PP +If \fBX509_VP_FLAG_LOCKED\fR is set then no values are copied. This overrides +all of the following flags. +.PP +If \fBX509_VP_FLAG_DEFAULT\fR is set then anything set in the source is copied +to the destination. Effectively the values in \*(L"to\*(R" become default values +which will be used only if nothing new is set in \*(L"from\*(R". This is the +default. +.PP +If \fBX509_VP_FLAG_OVERWRITE\fR is set then all value are copied across whether +they are set or not. Flags is still Ored though. +.PP +If \fBX509_VP_FLAG_RESET_FLAGS\fR is set then the flags value is copied instead +of ORed. +.SH "NOTES" +.IX Header "NOTES" +The above functions should be used to manipulate verification parameters +instead of functions which work in specific structures such as +\&\fIX509_STORE_CTX_set_flags()\fR which are likely to be deprecated in a future +release. +.SH "BUGS" +.IX Header "BUGS" +Delta \s-1CRL\s0 checking is currently primitive. Only a single delta can be used and +(partly due to limitations of \fBX509_STORE\fR) constructed CRLs are not +maintained. +.PP +If CRLs checking is enable CRLs are expected to be available in the +corresponding \fBX509_STORE\fR structure. No attempt is made to download +CRLs from the \s-1CRL\s0 distribution points extension. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Enable \s-1CRL\s0 checking when performing certificate verification during \s-1SSL\s0 +connections associated with an \fB\s-1SSL_CTX\s0\fR structure \fBctx\fR: +.PP +.Vb 1 +\& X509_VERIFY_PARAM *param; +\& +\& param = X509_VERIFY_PARAM_new(); +\& X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK); +\& SSL_CTX_set1_param(ctx, param); +\& X509_VERIFY_PARAM_free(param); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIX509_verify_cert\fR\|(3), +\&\fIX509_check_host\fR\|(3), +\&\fIX509_check_email\fR\|(3), +\&\fIX509_check_ip\fR\|(3), +\&\fIopenssl\-x509\fR\|(1) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBX509_V_FLAG_NO_ALT_CHAINS\fR flag was added in OpenSSL 1.1.0. +The flag \fBX509_V_FLAG_CB_ISSUER_CHECK\fR was deprecated in OpenSSL 1.1.0 +and has no effect. +.PP +The \fIX509_VERIFY_PARAM_get_hostflags()\fR function was added in OpenSSL 1.1.0i. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2009\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/X509_check_ca.3 b/linux_amd64/ssl/share/man/man3/X509_check_ca.3 new file mode 100755 index 0000000..75876c8 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/X509_check_ca.3 @@ -0,0 +1,168 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_CHECK_CA 3" +.TH X509_CHECK_CA 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_check_ca \- check if given certificate is CA certificate +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_check_ca(X509 *cert); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This function checks if given certificate is \s-1CA\s0 certificate (can be used +to sign other certificates). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Function return 0, if it is not \s-1CA\s0 certificate, 1 if it is proper X509v3 +\&\s-1CA\s0 certificate with \fBbasicConstraints\fR extension \s-1CA:TRUE\s0, +3, if it is self-signed X509 v1 certificate, 4, if it is certificate with +\&\fBkeyUsage\fR extension with bit \fBkeyCertSign\fR set, but without +\&\fBbasicConstraints\fR, and 5 if it has outdated Netscape Certificate Type +extension telling that it is \s-1CA\s0 certificate. +.PP +Actually, any nonzero value means that this certificate could have been +used to sign other certificates. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIX509_verify_cert\fR\|(3), +\&\fIX509_check_issued\fR\|(3), +\&\fIX509_check_purpose\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/X509_check_host.3 b/linux_amd64/ssl/share/man/man3/X509_check_host.3 new file mode 100755 index 0000000..2bd4755 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/X509_check_host.3 @@ -0,0 +1,279 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_CHECK_HOST 3" +.TH X509_CHECK_HOST 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_check_host, X509_check_email, X509_check_ip, X509_check_ip_asc \- X.509 certificate matching +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_check_host(X509 *, const char *name, size_t namelen, +\& unsigned int flags, char **peername); +\& int X509_check_email(X509 *, const char *address, size_t addresslen, +\& unsigned int flags); +\& int X509_check_ip(X509 *, const unsigned char *address, size_t addresslen, +\& unsigned int flags); +\& int X509_check_ip_asc(X509 *, const char *address, unsigned int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The certificate matching functions are used to check whether a +certificate matches a given hostname, email address, or \s-1IP\s0 address. +The validity of the certificate and its trust level has to be checked by +other means. +.PP +\&\fIX509_check_host()\fR checks if the certificate Subject Alternative +Name (\s-1SAN\s0) or Subject CommonName (\s-1CN\s0) matches the specified host +name, which must be encoded in the preferred name syntax described +in section 3.5 of \s-1RFC\s0 1034. By default, wildcards are supported +and they match only in the left-most label; but they may match +part of that label with an explicit prefix or suffix. For example, +by default, the host \fBname\fR \*(L"www.example.com\*(R" would match a +certificate with a \s-1SAN\s0 or \s-1CN\s0 value of \*(L"*.example.com\*(R", \*(L"w*.example.com\*(R" +or \*(L"*w.example.com\*(R". +.PP +Per section 6.4.2 of \s-1RFC\s0 6125, \fBname\fR values representing international +domain names must be given in A\-label form. The \fBnamelen\fR argument +must be the number of characters in the name string or zero in which +case the length is calculated with strlen(\fBname\fR). When \fBname\fR starts +with a dot (e.g \*(L".example.com\*(R"), it will be matched by a certificate +valid for any sub-domain of \fBname\fR, (see also +\&\fBX509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS\fR below). +.PP +When the certificate is matched, and \fBpeername\fR is not \s-1NULL\s0, a +pointer to a copy of the matching \s-1SAN\s0 or \s-1CN\s0 from the peer certificate +is stored at the address passed in \fBpeername\fR. The application +is responsible for freeing the peername via \fIOPENSSL_free()\fR when it +is no longer needed. +.PP +\&\fIX509_check_email()\fR checks if the certificate matches the specified +email \fBaddress\fR. Only the mailbox syntax of \s-1RFC\s0 822 is supported, +comments are not allowed, and no attempt is made to normalize quoted +characters. The \fBaddresslen\fR argument must be the number of +characters in the address string or zero in which case the length +is calculated with strlen(\fBaddress\fR). +.PP +\&\fIX509_check_ip()\fR checks if the certificate matches a specified IPv4 or +IPv6 address. The \fBaddress\fR array is in binary format, in network +byte order. The length is either 4 (IPv4) or 16 (IPv6). Only +explicitly marked addresses in the certificates are considered; \s-1IP\s0 +addresses stored in \s-1DNS\s0 names and Common Names are ignored. +.PP +\&\fIX509_check_ip_asc()\fR is similar, except that the NUL-terminated +string \fBaddress\fR is first converted to the internal representation. +.PP +The \fBflags\fR argument is usually 0. It can be the bitwise \s-1OR\s0 of the +flags: +.IP "\fBX509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT\fR," 4 +.IX Item "X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT," +.PD 0 +.IP "\fBX509_CHECK_FLAG_NEVER_CHECK_SUBJECT\fR," 4 +.IX Item "X509_CHECK_FLAG_NEVER_CHECK_SUBJECT," +.IP "\fBX509_CHECK_FLAG_NO_WILDCARDS\fR," 4 +.IX Item "X509_CHECK_FLAG_NO_WILDCARDS," +.IP "\fBX509_CHECK_FLAG_NO_PARTIAL_WILDCARDS\fR," 4 +.IX Item "X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS," +.IP "\fBX509_CHECK_FLAG_MULTI_LABEL_WILDCARDS\fR." 4 +.IX Item "X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS." +.IP "\fBX509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS\fR." 4 +.IX Item "X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS." +.PD +.PP +The \fBX509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT\fR flag causes the function +to consider the subject \s-1DN\s0 even if the certificate contains at least +one subject alternative name of the right type (\s-1DNS\s0 name or email +address as appropriate); the default is to ignore the subject \s-1DN\s0 +when at least one corresponding subject alternative names is present. +.PP +The \fBX509_CHECK_FLAG_NEVER_CHECK_SUBJECT\fR flag causes the function to never +consider the subject \s-1DN\s0 even if the certificate contains no subject alternative +names of the right type (\s-1DNS\s0 name or email address as appropriate); the default +is to use the subject \s-1DN\s0 when no corresponding subject alternative names are +present. +If both \fBX509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT\fR and +\&\fBX509_CHECK_FLAG_NEVER_CHECK_SUBJECT\fR are specified, the latter takes +precedence and the subject \s-1DN\s0 is not checked for matching names. +.PP +If set, \fBX509_CHECK_FLAG_NO_WILDCARDS\fR disables wildcard +expansion; this only applies to \fBX509_check_host\fR. +.PP +If set, \fBX509_CHECK_FLAG_NO_PARTIAL_WILDCARDS\fR suppresses support +for \*(L"*\*(R" as wildcard pattern in labels that have a prefix or suffix, +such as: \*(L"www*\*(R" or \*(L"*www\*(R"; this only applies to \fBX509_check_host\fR. +.PP +If set, \fBX509_CHECK_FLAG_MULTI_LABEL_WILDCARDS\fR allows a \*(L"*\*(R" that +constitutes the complete label of a \s-1DNS\s0 name (e.g. \*(L"*.example.com\*(R") +to match more than one label in \fBname\fR; this flag only applies +to \fBX509_check_host\fR. +.PP +If set, \fBX509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS\fR restricts \fBname\fR +values which start with \*(L".\*(R", that would otherwise match any sub-domain +in the peer certificate, to only match direct child sub-domains. +Thus, for instance, with this flag set a \fBname\fR of \*(L".example.com\*(R" +would match a peer certificate with a \s-1DNS\s0 name of \*(L"www.example.com\*(R", +but would not match a peer certificate with a \s-1DNS\s0 name of +\&\*(L"www.sub.example.com\*(R"; this flag only applies to \fBX509_check_host\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The functions return 1 for a successful match, 0 for a failed match +and \-1 for an internal error: typically a memory allocation failure +or an \s-1ASN\s0.1 decoding error. +.PP +All functions can also return \-2 if the input is malformed. For example, +\&\fIX509_check_host()\fR returns \-2 if the provided \fBname\fR contains embedded +NULs. +.SH "NOTES" +.IX Header "NOTES" +Applications are encouraged to use \fIX509_VERIFY_PARAM_set1_host()\fR +rather than explicitly calling \fIX509_check_host\fR\|(3). Hostname +checks may be out of scope with the \s-1\fIDANE\-EE\s0\fR\|(3) certificate usage, +and the internal checks will be suppressed as appropriate when +\&\s-1DANE\s0 support is enabled. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fISSL_get_verify_result\fR\|(3), +\&\fIX509_VERIFY_PARAM_set1_host\fR\|(3), +\&\fIX509_VERIFY_PARAM_add1_host\fR\|(3), +\&\fIX509_VERIFY_PARAM_set1_email\fR\|(3), +\&\fIX509_VERIFY_PARAM_set1_ip\fR\|(3), +\&\fIX509_VERIFY_PARAM_set1_ipasc\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.2. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2012\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/X509_check_issued.3 b/linux_amd64/ssl/share/man/man3/X509_check_issued.3 new file mode 100755 index 0000000..e159984 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/X509_check_issued.3 @@ -0,0 +1,167 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_CHECK_ISSUED 3" +.TH X509_CHECK_ISSUED 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_check_issued \- checks if certificate is issued by another +certificate +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_check_issued(X509 *issuer, X509 *subject); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This function checks if certificate \fIsubject\fR was issued using \s-1CA\s0 +certificate \fIissuer\fR. This function takes into account not only +matching of issuer field of \fIsubject\fR with subject field of \fIissuer\fR, +but also compares \fBauthorityKeyIdentifier\fR extension of \fIsubject\fR with +\&\fBsubjectKeyIdentifier\fR of \fIissuer\fR if \fBauthorityKeyIdentifier\fR +present in the \fIsubject\fR certificate and checks \fBkeyUsage\fR field of +\&\fIissuer\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Function return \fBX509_V_OK\fR if certificate \fIsubject\fR is issued by +\&\fIissuer\fR or some \fBX509_V_ERR*\fR constant to indicate an error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIX509_verify_cert\fR\|(3), +\&\fIX509_check_ca\fR\|(3), +\&\fIopenssl\-verify\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/X509_check_private_key.3 b/linux_amd64/ssl/share/man/man3/X509_check_private_key.3 new file mode 100755 index 0000000..cd20175 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/X509_check_private_key.3 @@ -0,0 +1,176 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_CHECK_PRIVATE_KEY 3" +.TH X509_CHECK_PRIVATE_KEY 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_check_private_key, X509_REQ_check_private_key \- check the consistency +of a private key with the public key in an X509 certificate or certificate +request +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_check_private_key(X509 *x, EVP_PKEY *k); +\& +\& int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIX509_check_private_key()\fR function checks the consistency of private +key \fBk\fR with the public key in \fBx\fR. +.PP +\&\fIX509_REQ_check_private_key()\fR is equivalent to \fIX509_check_private_key()\fR +except that \fBx\fR represents a certificate request of structure \fBX509_REQ\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_check_private_key()\fR and \fIX509_REQ_check_private_key()\fR return 1 if +the keys match each other, and 0 if not. +.PP +If the key is invalid or an error occurred, the reason code can be +obtained using \fIERR_get_error\fR\|(3). +.SH "BUGS" +.IX Header "BUGS" +The \fBcheck_private_key\fR functions don't check if \fBk\fR itself is indeed +a private key or not. It merely compares the public materials (e.g. exponent +and modulus of an \s-1RSA\s0 key) and/or key parameters (e.g. \s-1EC\s0 params of an \s-1EC\s0 key) +of a key pair. So if you pass a public key to these functions in \fBk\fR, it will +return success. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/X509_cmp.3 b/linux_amd64/ssl/share/man/man3/X509_cmp.3 new file mode 100755 index 0000000..09d1aaa --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/X509_cmp.3 @@ -0,0 +1,203 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_CMP 3" +.TH X509_CMP 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_cmp, X509_NAME_cmp, +X509_issuer_and_serial_cmp, X509_issuer_name_cmp, X509_subject_name_cmp, +X509_CRL_cmp, X509_CRL_match +\&\- compare X509 certificates and related values +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_cmp(const X509 *a, const X509 *b); +\& int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b); +\& int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b); +\& int X509_issuer_name_cmp(const X509 *a, const X509 *b); +\& int X509_subject_name_cmp(const X509 *a, const X509 *b); +\& int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b); +\& int X509_CRL_match(const X509_CRL *a, const X509_CRL *b); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This set of functions are used to compare X509 objects, including X509 +certificates, X509 \s-1CRL\s0 objects and various values in an X509 certificate. +.PP +The \fIX509_cmp()\fR function compares two \fBX509\fR objects indicated by parameters +\&\fBa\fR and \fBb\fR. The comparison is based on the \fBmemcmp\fR result of the hash +values of two \fBX509\fR objects and the canonical (\s-1DER\s0) encoding values. +.PP +The \fIX509_NAME_cmp()\fR function compares two \fBX509_NAME\fR objects indicated by +parameters \fBa\fR and \fBb\fR. The comparison is based on the \fBmemcmp\fR result of +the canonical (\s-1DER\s0) encoding values of the two objects. \fIi2d_X509_NAME\fR\|(3) +has a more detailed description of the \s-1DER\s0 encoding of the \fBX509_NAME\fR structure. +.PP +The \fIX509_issuer_and_serial_cmp()\fR function compares the serial number and issuer +values in the given \fBX509\fR objects \fBa\fR and \fBb\fR. +.PP +The \fIX509_issuer_name_cmp()\fR, \fIX509_subject_name_cmp()\fR and \fIX509_CRL_cmp()\fR functions +are effectively wrappers of the \fIX509_NAME_cmp()\fR function. These functions compare +issuer names and subject names of the objects, or issuers of \fBX509_CRL\fR +objects, respectively. +.IX Xref "509" +.PP +The \fIX509_CRL_match()\fR function compares two \fBX509_CRL\fR objects. Unlike the +\&\fIX509_CRL_cmp()\fR function, this function compares the whole \s-1CRL\s0 content instead +of just the issuer name. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Like common memory comparison functions, the \fBX509\fR comparison functions return +an integer less than, equal to, or greater than zero if object \fBa\fR is found to +be less than, to match, or be greater than object \fBb\fR, respectively. +.PP +\&\fIX509_NAME_cmp()\fR, \fIX509_issuer_and_serial_cmp()\fR, \fIX509_issuer_name_cmp()\fR, +\&\fIX509_subject_name_cmp()\fR and \fIX509_CRL_cmp()\fR may return \fB\-2\fR to indicate an error. +.SH "NOTES" +.IX Header "NOTES" +These functions in fact utilize the underlying \fBmemcmp\fR of the C library to do +the comparison job. Data to be compared varies from \s-1DER\s0 encoding data, hash +value or \fB\s-1ASN1_STRING\s0\fR. The sign of the comparison can be used to order the +objects but it does not have a special meaning in some cases. +.PP +\&\fIX509_NAME_cmp()\fR and wrappers utilize the value \fB\-2\fR to indicate errors in some +circumstances, which could cause confusion for the applications. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIi2d_X509_NAME\fR\|(3), \fIi2d_X509\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/X509_cmp_time.3 b/linux_amd64/ssl/share/man/man3/X509_cmp_time.3 new file mode 100755 index 0000000..70f400b --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/X509_cmp_time.3 @@ -0,0 +1,205 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_CMP_TIME 3" +.TH X509_CMP_TIME 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_cmp_time, X509_cmp_current_time, X509_cmp_timeframe, +X509_time_adj, X509_time_adj_ex +\&\- X509 time functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 7 +\& int X509_cmp_time(const ASN1_TIME *asn1_time, time_t *in_tm); +\& int X509_cmp_current_time(const ASN1_TIME *asn1_time); +\& int X509_cmp_timeframe(const X509_VERIFY_PARAM *vpm, +\& const ASN1_TIME *start, const ASN1_TIME *end); +\& ASN1_TIME *X509_time_adj(ASN1_TIME *asn1_time, long offset_sec, time_t *in_tm); +\& ASN1_TIME *X509_time_adj_ex(ASN1_TIME *asn1_time, int offset_day, long +\& offset_sec, time_t *in_tm); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIX509_cmp_time()\fR compares the \s-1ASN1_TIME\s0 in \fBasn1_time\fR with the time +in . +.PP +\&\fIX509_cmp_current_time()\fR compares the \s-1ASN1_TIME\s0 in +\&\fBasn1_time\fR with the current time, expressed as time_t. +.PP +\&\fIX509_cmp_timeframe()\fR compares the given time period with the reference time +included in the verification parameters \fBvpm\fR if they are not \s-1NULL\s0 and contain +\&\fBX509_V_FLAG_USE_CHECK_TIME\fR; else the current time is used as reference time. +.PP +\&\fIX509_time_adj_ex()\fR sets the \s-1ASN1_TIME\s0 structure \fBasn1_time\fR to the time +\&\fBoffset_day\fR and \fBoffset_sec\fR after \fBin_tm\fR. +.PP +\&\fIX509_time_adj()\fR sets the \s-1ASN1_TIME\s0 structure \fBasn1_time\fR to the time +\&\fBoffset_sec\fR after \fBin_tm\fR. This method can only handle second +offsets up to the capacity of long, so the newer \fIX509_time_adj_ex()\fR +\&\s-1API\s0 should be preferred. +.PP +In both methods, if \fBasn1_time\fR is \s-1NULL\s0, a new \s-1ASN1_TIME\s0 structure +is allocated and returned. +.PP +In all methods, if \fBin_tm\fR is \s-1NULL\s0, the current time, expressed as +time_t, is used. +.PP +\&\fBasn1_time\fR must satisfy the \s-1ASN1_TIME\s0 format mandated by \s-1RFC\s0 5280, +i.e., its format must be either \s-1YYMMDDHHMMSSZ\s0 or \s-1YYYYMMDDHHMMSSZ\s0. +.SH "BUGS" +.IX Header "BUGS" +Unlike many standard comparison functions, \fIX509_cmp_time()\fR and +\&\fIX509_cmp_current_time()\fR return 0 on error. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_cmp_time()\fR and \fIX509_cmp_current_time()\fR return \-1 if \fBasn1_time\fR +is earlier than, or equal to, \fBin_tm\fR (resp. current time), and 1 +otherwise. These methods return 0 on error. +.PP +\&\fIX509_cmp_timeframe()\fR returns 0 if \fBvpm\fR is not \s-1NULL\s0 and the verification +parameters do not contain \fBX509_V_FLAG_USE_CHECK_TIME\fR +but do contain \fBX509_V_FLAG_NO_CHECK_TIME\fR. Otherwise it returns +1 if the end time is not \s-1NULL\s0 and the reference time (which has determined as +stated above) is past the end time, \-1 if the start time is not \s-1NULL\s0 and the +reference time is before, else 0 to indicate that the reference time is in range +(implying that the end time is not before the start time if both are present). +.PP +\&\fIX509_time_adj()\fR and \fIX509_time_adj_ex()\fR return a pointer to the updated +\&\s-1ASN1_TIME\s0 structure, and \s-1NULL\s0 on error. +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIX509_cmp_timeframe()\fR was added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/X509_digest.3 b/linux_amd64/ssl/share/man/man3/X509_digest.3 new file mode 100755 index 0000000..1035134 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/X509_digest.3 @@ -0,0 +1,190 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_DIGEST 3" +.TH X509_DIGEST 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_digest, X509_CRL_digest, +X509_pubkey_digest, +X509_NAME_digest, +X509_REQ_digest, +PKCS7_ISSUER_AND_SERIAL_digest +\&\- get digest of various objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md, +\& unsigned int *len); +\& +\& int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, unsigned char *md, +\& unsigned int *len); +\& +\& int X509_pubkey_digest(const X509 *data, const EVP_MD *type, +\& unsigned char *md, unsigned int *len); +\& +\& int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, +\& unsigned char *md, unsigned int *len); +\& +\& int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, +\& unsigned char *md, unsigned int *len); +\& +\& #include +\& +\& int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, +\& const EVP_MD *type, unsigned char *md, +\& unsigned int *len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIX509_pubkey_digest()\fR returns a digest of the \s-1DER\s0 representation of the public +key in the specified X509 \fBdata\fR object. +All other functions described here return a digest of the \s-1DER\s0 representation +of their entire \fBdata\fR objects. +.PP +The \fBtype\fR parameter specifies the digest to +be used, such as \fIEVP_sha1()\fR. The \fBmd\fR is a pointer to the buffer where the +digest will be copied and is assumed to be large enough; the constant +\&\fB\s-1EVP_MAX_MD_SIZE\s0\fR is suggested. The \fBlen\fR parameter, if not \s-1NULL\s0, points +to a place where the digest size will be stored. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All functions described here return 1 for success and 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_sha1\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/X509_dup.3 b/linux_amd64/ssl/share/man/man3/X509_dup.3 new file mode 100755 index 0000000..36e8f0b --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/X509_dup.3 @@ -0,0 +1,475 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_DUP 3" +.TH X509_DUP 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DECLARE_ASN1_FUNCTIONS, +IMPLEMENT_ASN1_FUNCTIONS, +ASN1_ITEM, +ACCESS_DESCRIPTION_free, +ACCESS_DESCRIPTION_new, +ADMISSIONS_free, +ADMISSIONS_new, +ADMISSION_SYNTAX_free, +ADMISSION_SYNTAX_new, +ASIdOrRange_free, +ASIdOrRange_new, +ASIdentifierChoice_free, +ASIdentifierChoice_new, +ASIdentifiers_free, +ASIdentifiers_new, +ASRange_free, +ASRange_new, +AUTHORITY_INFO_ACCESS_free, +AUTHORITY_INFO_ACCESS_new, +AUTHORITY_KEYID_free, +AUTHORITY_KEYID_new, +BASIC_CONSTRAINTS_free, +BASIC_CONSTRAINTS_new, +CERTIFICATEPOLICIES_free, +CERTIFICATEPOLICIES_new, +CMS_ContentInfo_free, +CMS_ContentInfo_new, +CMS_ContentInfo_print_ctx, +CMS_ReceiptRequest_free, +CMS_ReceiptRequest_new, +CRL_DIST_POINTS_free, +CRL_DIST_POINTS_new, +DIRECTORYSTRING_free, +DIRECTORYSTRING_new, +DISPLAYTEXT_free, +DISPLAYTEXT_new, +DIST_POINT_NAME_free, +DIST_POINT_NAME_new, +DIST_POINT_free, +DIST_POINT_new, +DSAparams_dup, +ECPARAMETERS_free, +ECPARAMETERS_new, +ECPKPARAMETERS_free, +ECPKPARAMETERS_new, +EDIPARTYNAME_free, +EDIPARTYNAME_new, +ESS_CERT_ID_dup, +ESS_CERT_ID_free, +ESS_CERT_ID_new, +ESS_CERT_ID_V2_dup, +ESS_CERT_ID_V2_free, +ESS_CERT_ID_V2_new, +ESS_ISSUER_SERIAL_dup, +ESS_ISSUER_SERIAL_free, +ESS_ISSUER_SERIAL_new, +ESS_SIGNING_CERT_dup, +ESS_SIGNING_CERT_free, +ESS_SIGNING_CERT_new, +ESS_SIGNING_CERT_V2_dup, +ESS_SIGNING_CERT_V2_free, +ESS_SIGNING_CERT_V2_new, +EXTENDED_KEY_USAGE_free, +EXTENDED_KEY_USAGE_new, +GENERAL_NAMES_free, +GENERAL_NAMES_new, +GENERAL_NAME_dup, +GENERAL_NAME_free, +GENERAL_NAME_new, +GENERAL_SUBTREE_free, +GENERAL_SUBTREE_new, +IPAddressChoice_free, +IPAddressChoice_new, +IPAddressFamily_free, +IPAddressFamily_new, +IPAddressOrRange_free, +IPAddressOrRange_new, +IPAddressRange_free, +IPAddressRange_new, +ISSUING_DIST_POINT_free, +ISSUING_DIST_POINT_new, +NAME_CONSTRAINTS_free, +NAME_CONSTRAINTS_new, +NAMING_AUTHORITY_free, +NAMING_AUTHORITY_new, +NETSCAPE_CERT_SEQUENCE_free, +NETSCAPE_CERT_SEQUENCE_new, +NETSCAPE_SPKAC_free, +NETSCAPE_SPKAC_new, +NETSCAPE_SPKI_free, +NETSCAPE_SPKI_new, +NOTICEREF_free, +NOTICEREF_new, +OCSP_BASICRESP_free, +OCSP_BASICRESP_new, +OCSP_CERTID_dup, +OCSP_CERTID_new, +OCSP_CERTSTATUS_free, +OCSP_CERTSTATUS_new, +OCSP_CRLID_free, +OCSP_CRLID_new, +OCSP_ONEREQ_free, +OCSP_ONEREQ_new, +OCSP_REQINFO_free, +OCSP_REQINFO_new, +OCSP_RESPBYTES_free, +OCSP_RESPBYTES_new, +OCSP_RESPDATA_free, +OCSP_RESPDATA_new, +OCSP_RESPID_free, +OCSP_RESPID_new, +OCSP_RESPONSE_new, +OCSP_REVOKEDINFO_free, +OCSP_REVOKEDINFO_new, +OCSP_SERVICELOC_free, +OCSP_SERVICELOC_new, +OCSP_SIGNATURE_free, +OCSP_SIGNATURE_new, +OCSP_SINGLERESP_free, +OCSP_SINGLERESP_new, +OSSL_CMP_ITAV_free, +OSSL_CMP_MSG_it, +OSSL_CMP_MSG_free, +OSSL_CMP_PKIHEADER_free, +OSSL_CMP_PKIHEADER_it, +OSSL_CMP_PKIHEADER_new, +OSSL_CMP_PKISI_free, +OSSL_CMP_PKISI_new, +OSSL_CMP_PKISTATUS_it, +OSSL_CRMF_CERTID_free, +OSSL_CRMF_CERTID_it, +OSSL_CRMF_CERTID_new, +OSSL_CRMF_CERTTEMPLATE_free, +OSSL_CRMF_CERTTEMPLATE_it, +OSSL_CRMF_CERTTEMPLATE_new, +OSSL_CRMF_ENCRYPTEDVALUE_free, +OSSL_CRMF_ENCRYPTEDVALUE_it, +OSSL_CRMF_ENCRYPTEDVALUE_new, +OSSL_CRMF_MSGS_free, +OSSL_CRMF_MSGS_it, +OSSL_CRMF_MSGS_new, +OSSL_CRMF_MSG_free, +OSSL_CRMF_MSG_it, +OSSL_CRMF_MSG_new, +OSSL_CRMF_PBMPARAMETER_free, +OSSL_CRMF_PBMPARAMETER_it, +OSSL_CRMF_PBMPARAMETER_new, +OSSL_CRMF_PKIPUBLICATIONINFO_free, +OSSL_CRMF_PKIPUBLICATIONINFO_it, +OSSL_CRMF_PKIPUBLICATIONINFO_new, +OSSL_CRMF_SINGLEPUBINFO_free, +OSSL_CRMF_SINGLEPUBINFO_it, +OSSL_CRMF_SINGLEPUBINFO_new, +OTHERNAME_free, +OTHERNAME_new, +PBE2PARAM_free, +PBE2PARAM_new, +PBEPARAM_free, +PBEPARAM_new, +PBKDF2PARAM_free, +PBKDF2PARAM_new, +PKCS12_BAGS_free, +PKCS12_BAGS_new, +PKCS12_MAC_DATA_free, +PKCS12_MAC_DATA_new, +PKCS12_SAFEBAG_free, +PKCS12_SAFEBAG_new, +PKCS12_free, +PKCS12_new, +PKCS7_DIGEST_free, +PKCS7_DIGEST_new, +PKCS7_ENCRYPT_free, +PKCS7_ENCRYPT_new, +PKCS7_ENC_CONTENT_free, +PKCS7_ENC_CONTENT_new, +PKCS7_ENVELOPE_free, +PKCS7_ENVELOPE_new, +PKCS7_ISSUER_AND_SERIAL_free, +PKCS7_ISSUER_AND_SERIAL_new, +PKCS7_RECIP_INFO_free, +PKCS7_RECIP_INFO_new, +PKCS7_SIGNED_free, +PKCS7_SIGNED_new, +PKCS7_SIGNER_INFO_free, +PKCS7_SIGNER_INFO_new, +PKCS7_SIGN_ENVELOPE_free, +PKCS7_SIGN_ENVELOPE_new, +PKCS7_dup, +PKCS7_free, +PKCS7_new, +PKCS7_print_ctx, +PKCS8_PRIV_KEY_INFO_free, +PKCS8_PRIV_KEY_INFO_new, +PKEY_USAGE_PERIOD_free, +PKEY_USAGE_PERIOD_new, +POLICYINFO_free, +POLICYINFO_new, +POLICYQUALINFO_free, +POLICYQUALINFO_new, +POLICY_CONSTRAINTS_free, +POLICY_CONSTRAINTS_new, +POLICY_MAPPING_free, +POLICY_MAPPING_new, +PROFESSION_INFOS_free, +PROFESSION_INFOS_new, +PROFESSION_INFO_free, +PROFESSION_INFO_new, +PROXY_CERT_INFO_EXTENSION_free, +PROXY_CERT_INFO_EXTENSION_new, +PROXY_POLICY_free, +PROXY_POLICY_new, +RSAPrivateKey_dup, +RSAPublicKey_dup, +RSA_OAEP_PARAMS_free, +RSA_OAEP_PARAMS_new, +RSA_PSS_PARAMS_free, +RSA_PSS_PARAMS_new, +SCRYPT_PARAMS_free, +SCRYPT_PARAMS_new, +SXNETID_free, +SXNETID_new, +SXNET_free, +SXNET_new, +TLS_FEATURE_free, +TLS_FEATURE_new, +TS_ACCURACY_dup, +TS_ACCURACY_free, +TS_ACCURACY_new, +TS_MSG_IMPRINT_dup, +TS_MSG_IMPRINT_free, +TS_MSG_IMPRINT_new, +TS_REQ_dup, +TS_REQ_free, +TS_REQ_new, +TS_RESP_dup, +TS_RESP_free, +TS_RESP_new, +TS_STATUS_INFO_dup, +TS_STATUS_INFO_free, +TS_STATUS_INFO_new, +TS_TST_INFO_dup, +TS_TST_INFO_free, +TS_TST_INFO_new, +USERNOTICE_free, +USERNOTICE_new, +X509_ALGOR_free, +X509_ALGOR_new, +X509_ATTRIBUTE_dup, +X509_ATTRIBUTE_free, +X509_ATTRIBUTE_new, +X509_CERT_AUX_free, +X509_CERT_AUX_new, +X509_CINF_free, +X509_CINF_new, +X509_CRL_INFO_free, +X509_CRL_INFO_new, +X509_CRL_dup, +X509_CRL_free, +X509_CRL_new, +X509_EXTENSION_dup, +X509_EXTENSION_free, +X509_EXTENSION_new, +X509_NAME_ENTRY_dup, +X509_NAME_ENTRY_free, +X509_NAME_ENTRY_new, +X509_NAME_dup, +X509_NAME_free, +X509_NAME_new, +X509_REQ_INFO_free, +X509_REQ_INFO_new, +X509_REQ_dup, +X509_REQ_free, +X509_REQ_new, +X509_REVOKED_dup, +X509_REVOKED_free, +X509_REVOKED_new, +X509_SIG_free, +X509_SIG_new, +X509_VAL_free, +X509_VAL_new, +X509_dup, +\&\- ASN1 object utilities +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& DECLARE_ASN1_FUNCTIONS(type) +\& IMPLEMENT_ASN1_FUNCTIONS(stname) +\& +\& typedef struct ASN1_ITEM_st ASN1_ITEM; +\& +\& extern const ASN1_ITEM TYPE_it; +\& TYPE *TYPE_new(void); +\& TYPE *TYPE_dup(const TYPE *a); +\& void TYPE_free(TYPE *a); +\& int TYPE_print_ctx(BIO *out, TYPE *a, int indent, const ASN1_PCTX *pctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +In the description below, \fB\f(BI\s-1TYPE\s0\fB\fR is used +as a placeholder for any of the OpenSSL datatypes, such as \fBX509\fR. +.PP +The OpenSSL \s-1ASN1\s0 parsing library templates are like a data-driven bytecode +interpreter. +Every \s-1ASN1\s0 object as a global variable, TYPE_it, that describes the item +such as its fields. (On systems which cannot export variables from shared +libraries, the global is instead a function which returns a pointer to a +static variable. +.PP +The macro \s-1\fIDECLARE_ASN1_FUNCTIONS\s0()\fR is typically used in header files +to generate the function declarations. +.PP +The macro \s-1\fIIMPLEMENT_ASN1_FUNCTIONS\s0()\fR is used once in a source file +to generate the function bodies. +.PP +\&\fB\f(BI\s-1TYPE\s0\fB_new\fR() allocates an empty object of the indicated type. +The object returned must be released by calling \fB\f(BI\s-1TYPE\s0\fB_free\fR(). +.PP +\&\fB\f(BI\s-1TYPE\s0\fB_dup\fR() copies an existing object, leaving it untouched. +.PP +\&\fB\f(BI\s-1TYPE\s0\fB_free\fR() releases the object and all pointers and sub-objects +within it. +.PP +\&\fB\f(BI\s-1TYPE\s0\fB_print_ctx\fR() prints the object \fIa\fR on the specified \s-1BIO\s0 \fIout\fR. +Each line will be prefixed with \fIindent\fR spaces. +The \fIpctx\fR specifies the printing context and is for internal +use; use \s-1NULL\s0 to get the default behavior. If a print function is +user-defined, then pass in any \fIpctx\fR down to any nested calls. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fB\f(BI\s-1TYPE\s0\fB_new\fR() and \fB\f(BI\s-1TYPE\s0\fB_dup\fR() return a pointer to the object or \s-1NULL\s0 on +failure. +.PP +\&\fB\f(BI\s-1TYPE\s0\fB_print_ctx\fR() returns 1 on success or zero on failure. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/X509_get0_notBefore.3 b/linux_amd64/ssl/share/man/man3/X509_get0_notBefore.3 new file mode 100755 index 0000000..3f6edb7 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/X509_get0_notBefore.3 @@ -0,0 +1,225 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_GET0_NOTBEFORE 3" +.TH X509_GET0_NOTBEFORE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_get0_notBefore, X509_getm_notBefore, X509_get0_notAfter, +X509_getm_notAfter, X509_set1_notBefore, X509_set1_notAfter, +X509_CRL_get0_lastUpdate, X509_CRL_get0_nextUpdate, X509_CRL_set1_lastUpdate, +X509_CRL_set1_nextUpdate \- get or set certificate or CRL dates +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const ASN1_TIME *X509_get0_notBefore(const X509 *x); +\& const ASN1_TIME *X509_get0_notAfter(const X509 *x); +\& +\& ASN1_TIME *X509_getm_notBefore(const X509 *x); +\& ASN1_TIME *X509_getm_notAfter(const X509 *x); +\& +\& int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm); +\& int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm); +\& +\& const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl); +\& const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl); +\& +\& int X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm); +\& int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIX509_get0_notBefore()\fR and \fIX509_get0_notAfter()\fR return the \fBnotBefore\fR +and \fBnotAfter\fR fields of certificate \fBx\fR respectively. The value +returned is an internal pointer which must not be freed up after +the call. +.PP +\&\fIX509_getm_notBefore()\fR and \fIX509_getm_notAfter()\fR are similar to +\&\fIX509_get0_notBefore()\fR and \fIX509_get0_notAfter()\fR except they return +non-constant mutable references to the associated date field of +the certificate. +.PP +\&\fIX509_set1_notBefore()\fR and \fIX509_set1_notAfter()\fR set the \fBnotBefore\fR +and \fBnotAfter\fR fields of \fBx\fR to \fBtm\fR. Ownership of the passed +parameter \fBtm\fR is not transferred by these functions so it must +be freed up after the call. +.PP +\&\fIX509_CRL_get0_lastUpdate()\fR and \fIX509_CRL_get0_nextUpdate()\fR return the +\&\fBlastUpdate\fR and \fBnextUpdate\fR fields of \fBcrl\fR. The value +returned is an internal pointer which must not be freed up after +the call. If the \fBnextUpdate\fR field is absent from \fBcrl\fR then +\&\fB\s-1NULL\s0\fR is returned. +.PP +\&\fIX509_CRL_set1_lastUpdate()\fR and \fIX509_CRL_set1_nextUpdate()\fR set the \fBlastUpdate\fR +and \fBnextUpdate\fR fields of \fBcrl\fR to \fBtm\fR. Ownership of the passed parameter +\&\fBtm\fR is not transferred by these functions so it must be freed up after the +call. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_get0_notBefore()\fR, \fIX509_get0_notAfter()\fR and \fIX509_CRL_get0_lastUpdate()\fR +return a pointer to an \fB\s-1ASN1_TIME\s0\fR structure. +.PP +\&\fIX509_CRL_get0_lastUpdate()\fR return a pointer to an \fB\s-1ASN1_TIME\s0\fR structure +or \s-1NULL\s0 if the \fBlastUpdate\fR field is absent. +.PP +\&\fIX509_set1_notBefore()\fR, \fIX509_set1_notAfter()\fR, \fIX509_CRL_set1_lastUpdate()\fR and +\&\fIX509_CRL_set1_nextUpdate()\fR return 1 for success or 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fId2i_X509\fR\|(3), +\&\fIERR_get_error\fR\|(3), +\&\fIX509_CRL_get0_by_serial\fR\|(3), +\&\fIX509_get0_signature\fR\|(3), +\&\fIX509_get_ext_d2i\fR\|(3), +\&\fIX509_get_extension_flags\fR\|(3), +\&\fIX509_get_pubkey\fR\|(3), +\&\fIX509_get_subject_name\fR\|(3), +\&\fIX509_NAME_add_entry_by_txt\fR\|(3), +\&\fIX509_NAME_ENTRY_get_object\fR\|(3), +\&\fIX509_NAME_get_index_by_NID\fR\|(3), +\&\fIX509_NAME_print_ex\fR\|(3), +\&\fIX509_new\fR\|(3), +\&\fIX509_sign\fR\|(3), +\&\fIX509V3_get_d2i\fR\|(3), +\&\fIX509_verify_cert\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions are available in all versions of OpenSSL. +.PP +\&\fIX509_get_notBefore()\fR and \fIX509_get_notAfter()\fR were deprecated in OpenSSL +1.1.0 +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/X509_get0_signature.3 b/linux_amd64/ssl/share/man/man3/X509_get0_signature.3 new file mode 100755 index 0000000..6a692db --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/X509_get0_signature.3 @@ -0,0 +1,251 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_GET0_SIGNATURE 3" +.TH X509_GET0_SIGNATURE 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_get0_signature, X509_get_signature_nid, X509_get0_tbs_sigalg, +X509_REQ_get0_signature, X509_REQ_get_signature_nid, X509_CRL_get0_signature, +X509_CRL_get_signature_nid, X509_get_signature_info, X509_SIG_INFO_get, +X509_SIG_INFO_set \- signature information +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void X509_get0_signature(const ASN1_BIT_STRING **psig, +\& const X509_ALGOR **palg, +\& const X509 *x); +\& int X509_get_signature_nid(const X509 *x); +\& const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x); +\& +\& void X509_REQ_get0_signature(const X509_REQ *crl, +\& const ASN1_BIT_STRING **psig, +\& const X509_ALGOR **palg); +\& int X509_REQ_get_signature_nid(const X509_REQ *crl); +\& +\& void X509_CRL_get0_signature(const X509_CRL *crl, +\& const ASN1_BIT_STRING **psig, +\& const X509_ALGOR **palg); +\& int X509_CRL_get_signature_nid(const X509_CRL *crl); +\& +\& int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits, +\& uint32_t *flags); +\& +\& int X509_SIG_INFO_get(const X509_SIG_INFO *siginf, int *mdnid, int *pknid, +\& int *secbits, uint32_t *flags); +\& void X509_SIG_INFO_set(X509_SIG_INFO *siginf, int mdnid, int pknid, +\& int secbits, uint32_t flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIX509_get0_signature()\fR sets \fB*psig\fR to the signature of \fBx\fR and \fB*palg\fR +to the signature algorithm of \fBx\fR. The values returned are internal +pointers which \fB\s-1MUST\s0 \s-1NOT\s0\fR be freed up after the call. +.PP +\&\fIX509_get0_tbs_sigalg()\fR returns the signature algorithm in the signed +portion of \fBx\fR. +.PP +\&\fIX509_get_signature_nid()\fR returns the \s-1NID\s0 corresponding to the signature +algorithm of \fBx\fR. +.PP +\&\fIX509_REQ_get0_signature()\fR, \fIX509_REQ_get_signature_nid()\fR +\&\fIX509_CRL_get0_signature()\fR and \fIX509_CRL_get_signature_nid()\fR perform the +same function for certificate requests and CRLs. +.PP +\&\fIX509_get_signature_info()\fR retrieves information about the signature of +certificate \fBx\fR. The \s-1NID\s0 of the signing digest is written to \fB*mdnid\fR, +the public key algorithm to \fB*pknid\fR, the effective security bits to +\&\fB*secbits\fR and flag details to \fB*flags\fR. Any of the parameters can +be set to \fB\s-1NULL\s0\fR if the information is not required. +.PP +\&\fIX509_SIG_INFO_get()\fR and \fIX509_SIG_INFO_set()\fR get and set information +about a signature in an \fBX509_SIG_INFO\fR structure. They are only +used by implementations of algorithms which need to set custom +signature information: most applications will never need to call +them. +.SH "NOTES" +.IX Header "NOTES" +These functions provide lower level access to signatures in certificates +where an application wishes to analyse or generate a signature in a form +where \fIX509_sign()\fR et al is not appropriate (for example a non standard +or unsupported format). +.PP +The security bits returned by \fIX509_get_signature_info()\fR refers to information +available from the certificate signature (such as the signing digest). In some +cases the actual security of the signature is less because the signing +key is less secure: for example a certificate signed using \s-1SHA\-512\s0 and a +1024 bit \s-1RSA\s0 key. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_get_signature_nid()\fR, \fIX509_REQ_get_signature_nid()\fR and +\&\fIX509_CRL_get_signature_nid()\fR return a \s-1NID\s0. +.PP +\&\fIX509_get0_signature()\fR, \fIX509_REQ_get0_signature()\fR and +\&\fIX509_CRL_get0_signature()\fR do not return values. +.PP +\&\fIX509_get_signature_info()\fR returns 1 if the signature information +returned is valid or 0 if the information is not available (e.g. +unknown algorithms or malformed parameters). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fId2i_X509\fR\|(3), +\&\fIERR_get_error\fR\|(3), +\&\fIX509_CRL_get0_by_serial\fR\|(3), +\&\fIX509_get_ext_d2i\fR\|(3), +\&\fIX509_get_extension_flags\fR\|(3), +\&\fIX509_get_pubkey\fR\|(3), +\&\fIX509_get_subject_name\fR\|(3), +\&\fIX509_get_version\fR\|(3), +\&\fIX509_NAME_add_entry_by_txt\fR\|(3), +\&\fIX509_NAME_ENTRY_get_object\fR\|(3), +\&\fIX509_NAME_get_index_by_NID\fR\|(3), +\&\fIX509_NAME_print_ex\fR\|(3), +\&\fIX509_new\fR\|(3), +\&\fIX509_sign\fR\|(3), +\&\fIX509V3_get_d2i\fR\|(3), +\&\fIX509_verify_cert\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The +\&\fIX509_get0_signature()\fR and \fIX509_get_signature_nid()\fR functions were +added in OpenSSL 1.0.2. +.PP +The +\&\fIX509_REQ_get0_signature()\fR, \fIX509_REQ_get_signature_nid()\fR, +\&\fIX509_CRL_get0_signature()\fR and \fIX509_CRL_get_signature_nid()\fR were +added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/X509_get0_sm2_id.3 b/linux_amd64/ssl/share/man/man3/X509_get0_sm2_id.3 new file mode 100755 index 0000000..1c81eb3 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/X509_get0_sm2_id.3 @@ -0,0 +1,177 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_GET0_SM2_ID 3" +.TH X509_GET0_SM2_ID 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_get0_sm2_id, X509_set0_sm2_id, +X509_REQ_get0_sm2_id, X509_REQ_set0_sm2_id +\&\- get or set SM2 ID for certificate operations +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& ASN1_OCTET_STRING *X509_get0_sm2_id(X509 *x); +\& void X509_set0_sm2_id(X509 *x, ASN1_OCTET_STRING *sm2_id); +\& ASN1_OCTET_STRING *X509_REQ_get0_sm2_id(X509_REQ *x); +\& void X509_REQ_set0_sm2_id(X509_REQ *x, ASN1_OCTET_STRING *sm2_id); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIX509_get0_sm2_id()\fR gets the \s-1ID\s0 value of an \s-1SM2\s0 certificate \fBx\fR by returning an +\&\fB\s-1ASN1_OCTET_STRING\s0\fR object which should not be freed by the caller. +.PP +\&\fIX509_set0_sm2_id()\fR sets the \fBsm2_id\fR value to an \s-1SM2\s0 certificate \fBx\fR. Calling +this function transfers the memory management of the value to the X509 object, +and therefore the value that has been passed in should not be freed by the +caller after this function has been called. +.PP +\&\fIX509_REQ_get0_sm2_id()\fR and \fIX509_REQ_set0_sm2_id()\fR have the same functionality +as \fIX509_get0_sm2_id()\fR and \fIX509_set0_sm2_id()\fR except that they deal with +\&\fBX509_REQ\fR objects instead of \fBX509\fR. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1SM2\s0 signature algorithm requires an \s-1ID\s0 value when generating and verifying a +signature. The functions described in this manual provide the user with the +ability to set and retrieve the \s-1SM2\s0 \s-1ID\s0 value. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_set0_sm2_id()\fR and \fIX509_REQ_set0_sm2_id()\fR do not return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIX509_verify\fR\|(3), \s-1\fISM2\s0\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/X509_get0_uids.3 b/linux_amd64/ssl/share/man/man3/X509_get0_uids.3 new file mode 100755 index 0000000..2a59e28 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/X509_get0_uids.3 @@ -0,0 +1,179 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_GET0_UIDS 3" +.TH X509_GET0_UIDS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_get0_uids \- get certificate unique identifiers +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void X509_get0_uids(const X509 *x, const ASN1_BIT_STRING **piuid, +\& const ASN1_BIT_STRING **psuid); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIX509_get0_uids()\fR sets \fB*piuid\fR and \fB*psuid\fR to the issuer and subject unique +identifiers of certificate \fBx\fR or \s-1NULL\s0 if the fields are not present. +.SH "NOTES" +.IX Header "NOTES" +The issuer and subject unique identifier fields are very rarely encountered in +practice outside test cases. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_get0_uids()\fR does not return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fId2i_X509\fR\|(3), +\&\fIERR_get_error\fR\|(3), +\&\fIX509_CRL_get0_by_serial\fR\|(3), +\&\fIX509_get0_signature\fR\|(3), +\&\fIX509_get_ext_d2i\fR\|(3), +\&\fIX509_get_extension_flags\fR\|(3), +\&\fIX509_get_pubkey\fR\|(3), +\&\fIX509_get_subject_name\fR\|(3), +\&\fIX509_get_version\fR\|(3), +\&\fIX509_NAME_add_entry_by_txt\fR\|(3), +\&\fIX509_NAME_ENTRY_get_object\fR\|(3), +\&\fIX509_NAME_get_index_by_NID\fR\|(3), +\&\fIX509_NAME_print_ex\fR\|(3), +\&\fIX509_new\fR\|(3), +\&\fIX509_sign\fR\|(3), +\&\fIX509V3_get_d2i\fR\|(3), +\&\fIX509_verify_cert\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/X509_get_extension_flags.3 b/linux_amd64/ssl/share/man/man3/X509_get_extension_flags.3 new file mode 100755 index 0000000..bdc9805 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/X509_get_extension_flags.3 @@ -0,0 +1,299 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_GET_EXTENSION_FLAGS 3" +.TH X509_GET_EXTENSION_FLAGS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_get0_subject_key_id, +X509_get0_authority_key_id, +X509_get0_authority_issuer, +X509_get0_authority_serial, +X509_get_pathlen, +X509_get_extension_flags, +X509_get_key_usage, +X509_get_extended_key_usage, +X509_set_proxy_flag, +X509_set_proxy_pathlen, +X509_get_proxy_pathlen \- retrieve certificate extension data +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long X509_get_pathlen(X509 *x); +\& uint32_t X509_get_extension_flags(X509 *x); +\& uint32_t X509_get_key_usage(X509 *x); +\& uint32_t X509_get_extended_key_usage(X509 *x); +\& const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x); +\& const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x); +\& const GENERAL_NAMES *X509_get0_authority_issuer(X509 *x); +\& const ASN1_INTEGER *X509_get0_authority_serial(X509 *x); +\& void X509_set_proxy_flag(X509 *x); +\& void X509_set_proxy_pathlen(int l); +\& long X509_get_proxy_pathlen(X509 *x); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions retrieve information related to commonly used certificate extensions. +.PP +\&\fIX509_get_pathlen()\fR retrieves the path length extension from a certificate. +This extension is used to limit the length of a cert chain that may be +issued from that \s-1CA\s0. +.PP +\&\fIX509_get_extension_flags()\fR retrieves general information about a certificate, +it will return one or more of the following flags ored together. +.IP "\fB\s-1EXFLAG_V1\s0\fR" 4 +.IX Item "EXFLAG_V1" +The certificate is an obsolete version 1 certificate. +.IP "\fB\s-1EXFLAG_BCONS\s0\fR" 4 +.IX Item "EXFLAG_BCONS" +The certificate contains a basic constraints extension. +.IP "\fB\s-1EXFLAG_CA\s0\fR" 4 +.IX Item "EXFLAG_CA" +The certificate contains basic constraints and asserts the \s-1CA\s0 flag. +.IP "\fB\s-1EXFLAG_PROXY\s0\fR" 4 +.IX Item "EXFLAG_PROXY" +The certificate is a valid proxy certificate. +.IP "\fB\s-1EXFLAG_SI\s0\fR" 4 +.IX Item "EXFLAG_SI" +The certificate is self issued (that is subject and issuer names match). +.IP "\fB\s-1EXFLAG_SS\s0\fR" 4 +.IX Item "EXFLAG_SS" +The subject and issuer names match and extension values imply it is self +signed. +.IP "\fB\s-1EXFLAG_FRESHEST\s0\fR" 4 +.IX Item "EXFLAG_FRESHEST" +The freshest \s-1CRL\s0 extension is present in the certificate. +.IP "\fB\s-1EXFLAG_CRITICAL\s0\fR" 4 +.IX Item "EXFLAG_CRITICAL" +The certificate contains an unhandled critical extension. +.IP "\fB\s-1EXFLAG_INVALID\s0\fR" 4 +.IX Item "EXFLAG_INVALID" +Some certificate extension values are invalid or inconsistent. The +certificate should be rejected. +.IP "\fB\s-1EXFLAG_KUSAGE\s0\fR" 4 +.IX Item "EXFLAG_KUSAGE" +The certificate contains a key usage extension. The value can be retrieved +using \fIX509_get_key_usage()\fR. +.IP "\fB\s-1EXFLAG_XKUSAGE\s0\fR" 4 +.IX Item "EXFLAG_XKUSAGE" +The certificate contains an extended key usage extension. The value can be +retrieved using \fIX509_get_extended_key_usage()\fR. +.PP +\&\fIX509_get_key_usage()\fR returns the value of the key usage extension. If key +usage is present will return zero or more of the flags: +\&\fB\s-1KU_DIGITAL_SIGNATURE\s0\fR, \fB\s-1KU_NON_REPUDIATION\s0\fR, \fB\s-1KU_KEY_ENCIPHERMENT\s0\fR, +\&\fB\s-1KU_DATA_ENCIPHERMENT\s0\fR, \fB\s-1KU_KEY_AGREEMENT\s0\fR, \fB\s-1KU_KEY_CERT_SIGN\s0\fR, +\&\fB\s-1KU_CRL_SIGN\s0\fR, \fB\s-1KU_ENCIPHER_ONLY\s0\fR or \fB\s-1KU_DECIPHER_ONLY\s0\fR corresponding to +individual key usage bits. If key usage is absent then \fB\s-1UINT32_MAX\s0\fR is +returned. +.PP +\&\fIX509_get_extended_key_usage()\fR returns the value of the extended key usage +extension. If extended key usage is present it will return zero or more of the +flags: \fB\s-1XKU_SSL_SERVER\s0\fR, \fB\s-1XKU_SSL_CLIENT\s0\fR, \fB\s-1XKU_SMIME\s0\fR, \fB\s-1XKU_CODE_SIGN\s0\fR +\&\fB\s-1XKU_OCSP_SIGN\s0\fR, \fB\s-1XKU_TIMESTAMP\s0\fR, \fB\s-1XKU_DVCS\s0\fR or \fB\s-1XKU_ANYEKU\s0\fR. These +correspond to the OIDs \fBid-kp-serverAuth\fR, \fBid-kp-clientAuth\fR, +\&\fBid-kp-emailProtection\fR, \fBid-kp-codeSigning\fR, \fBid-kp-OCSPSigning\fR, +\&\fBid-kp-timeStamping\fR, \fBid-kp-dvcs\fR and \fBanyExtendedKeyUsage\fR respectively. +Additionally \fB\s-1XKU_SGC\s0\fR is set if either Netscape or Microsoft \s-1SGC\s0 OIDs are +present. +.PP +\&\fIX509_get0_subject_key_id()\fR returns an internal pointer to the subject key +identifier of \fBx\fR as an \fB\s-1ASN1_OCTET_STRING\s0\fR or \fB\s-1NULL\s0\fR if the extension +is not present or cannot be parsed. +.PP +\&\fIX509_get0_authority_key_id()\fR returns an internal pointer to the authority key +identifier of \fBx\fR as an \fB\s-1ASN1_OCTET_STRING\s0\fR or \fB\s-1NULL\s0\fR if the extension +is not present or cannot be parsed. +.PP +\&\fIX509_get0_authority_issuer()\fR returns an internal pointer to the authority +certificate issuer of \fBx\fR as a stack of \fB\s-1GENERAL_NAME\s0\fR structures or +\&\fB\s-1NULL\s0\fR if the extension is not present or cannot be parsed. +.PP +\&\fIX509_get0_authority_serial()\fR returns an internal pointer to the authority +certificate serial number of \fBx\fR as an \fB\s-1ASN1_INTEGER\s0\fR or \fB\s-1NULL\s0\fR if the +extension is not present or cannot be parsed. +.PP +\&\fIX509_set_proxy_flag()\fR marks the certificate with the \fB\s-1EXFLAG_PROXY\s0\fR flag. +This is for the users who need to mark non\-RFC3820 proxy certificates as +such, as OpenSSL only detects \s-1RFC3820\s0 compliant ones. +.PP +\&\fIX509_set_proxy_pathlen()\fR sets the proxy certificate path length for the given +certificate \fBx\fR. This is for the users who need to mark non\-RFC3820 proxy +certificates as such, as OpenSSL only detects \s-1RFC3820\s0 compliant ones. +.PP +\&\fIX509_get_proxy_pathlen()\fR returns the proxy certificate path length for the +given certificate \fBx\fR if it is a proxy certificate. +.SH "NOTES" +.IX Header "NOTES" +The value of the flags correspond to extension values which are cached +in the \fBX509\fR structure. If the flags returned do not provide sufficient +information an application should examine extension values directly +for example using \fIX509_get_ext_d2i()\fR. +.PP +If the key usage or extended key usage extension is absent then typically usage +is unrestricted. For this reason \fIX509_get_key_usage()\fR and +\&\fIX509_get_extended_key_usage()\fR return \fB\s-1UINT32_MAX\s0\fR when the corresponding +extension is absent. Applications can additionally check the return value of +\&\fIX509_get_extension_flags()\fR and take appropriate action is an extension is +absent. +.PP +If \fIX509_get0_subject_key_id()\fR returns \fB\s-1NULL\s0\fR then the extension may be +absent or malformed. Applications can determine the precise reason using +\&\fIX509_get_ext_d2i()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_get_pathlen()\fR returns the path length value, or \-1 if the extension +is not present. +.PP +\&\fIX509_get_extension_flags()\fR, \fIX509_get_key_usage()\fR and +\&\fIX509_get_extended_key_usage()\fR return sets of flags corresponding to the +certificate extension values. +.PP +\&\fIX509_get0_subject_key_id()\fR returns the subject key identifier as a +pointer to an \fB\s-1ASN1_OCTET_STRING\s0\fR structure or \fB\s-1NULL\s0\fR if the extension +is absent or an error occurred during parsing. +.PP +\&\fIX509_get_proxy_pathlen()\fR returns the path length value if the given +certificate is a proxy one and has a path length set, and \-1 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIX509_check_purpose\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIX509_get_pathlen()\fR, \fIX509_set_proxy_flag()\fR, \fIX509_set_proxy_pathlen()\fR and +\&\fIX509_get_proxy_pathlen()\fR were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/X509_get_pubkey.3 b/linux_amd64/ssl/share/man/man3/X509_get_pubkey.3 new file mode 100755 index 0000000..8ba5485 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/X509_get_pubkey.3 @@ -0,0 +1,209 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_GET_PUBKEY 3" +.TH X509_GET_PUBKEY 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_get_pubkey, X509_get0_pubkey, X509_set_pubkey, X509_get_X509_PUBKEY, +X509_REQ_get_pubkey, X509_REQ_get0_pubkey, X509_REQ_set_pubkey, +X509_REQ_get_X509_PUBKEY \- get or set certificate or certificate request +public key +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EVP_PKEY *X509_get_pubkey(X509 *x); +\& EVP_PKEY *X509_get0_pubkey(const X509 *x); +\& int X509_set_pubkey(X509 *x, EVP_PKEY *pkey); +\& X509_PUBKEY *X509_get_X509_PUBKEY(X509 *x); +\& +\& EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req); +\& EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req); +\& int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey); +\& X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *x); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIX509_get_pubkey()\fR attempts to decode the public key for certificate \fBx\fR. If +successful it returns the public key as an \fB\s-1EVP_PKEY\s0\fR pointer with its +reference count incremented: this means the returned key must be freed up +after use. \fIX509_get0_pubkey()\fR is similar except it does \fBnot\fR increment +the reference count of the returned \fB\s-1EVP_PKEY\s0\fR so it must not be freed up +after use. +.PP +\&\fIX509_get_X509_PUBKEY()\fR returns an internal pointer to the \fBX509_PUBKEY\fR +structure which encodes the certificate of \fBx\fR. The returned value +must not be freed up after use. +.PP +\&\fIX509_set_pubkey()\fR attempts to set the public key for certificate \fBx\fR to +\&\fBpkey\fR. The key \fBpkey\fR should be freed up after use. +.PP +\&\fIX509_REQ_get_pubkey()\fR, \fIX509_REQ_get0_pubkey()\fR, \fIX509_REQ_set_pubkey()\fR and +\&\fIX509_REQ_get_X509_PUBKEY()\fR are similar but operate on certificate request \fBreq\fR. +.SH "NOTES" +.IX Header "NOTES" +The first time a public key is decoded the \fB\s-1EVP_PKEY\s0\fR structure is +cached in the certificate or certificate request itself. Subsequent calls +return the cached structure with its reference count incremented to +improve performance. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_get_pubkey()\fR, \fIX509_get0_pubkey()\fR, \fIX509_get_X509_PUBKEY()\fR, +\&\fIX509_REQ_get_pubkey()\fR and \fIX509_REQ_get_X509_PUBKEY()\fR return a public key or +\&\fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fIX509_set_pubkey()\fR and \fIX509_REQ_set_pubkey()\fR return 1 for success and 0 +for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fId2i_X509\fR\|(3), +\&\fIERR_get_error\fR\|(3), +\&\fIX509_CRL_get0_by_serial\fR\|(3), +\&\fIX509_get0_signature\fR\|(3), +\&\fIX509_get_ext_d2i\fR\|(3), +\&\fIX509_get_extension_flags\fR\|(3), +\&\fIX509_get_subject_name\fR\|(3), +\&\fIX509_get_version\fR\|(3), +\&\fIX509_NAME_add_entry_by_txt\fR\|(3), +\&\fIX509_NAME_ENTRY_get_object\fR\|(3), +\&\fIX509_NAME_get_index_by_NID\fR\|(3), +\&\fIX509_NAME_print_ex\fR\|(3), +\&\fIX509_new\fR\|(3), +\&\fIX509_sign\fR\|(3), +\&\fIX509V3_get_d2i\fR\|(3), +\&\fIX509_verify_cert\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/X509_get_serialNumber.3 b/linux_amd64/ssl/share/man/man3/X509_get_serialNumber.3 new file mode 100755 index 0000000..fc7f077 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/X509_get_serialNumber.3 @@ -0,0 +1,194 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_GET_SERIALNUMBER 3" +.TH X509_GET_SERIALNUMBER 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_get_serialNumber, +X509_get0_serialNumber, +X509_set_serialNumber +\&\- get or set certificate serial number +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& ASN1_INTEGER *X509_get_serialNumber(X509 *x); +\& const ASN1_INTEGER *X509_get0_serialNumber(const X509 *x); +\& int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIX509_get_serialNumber()\fR returns the serial number of certificate \fBx\fR as an +\&\fB\s-1ASN1_INTEGER\s0\fR structure which can be examined or initialised. The value +returned is an internal pointer which \fB\s-1MUST\s0 \s-1NOT\s0\fR be freed up after the call. +.PP +\&\fIX509_get0_serialNumber()\fR is the same as \fIX509_get_serialNumber()\fR except it +accepts a const parameter and returns a const result. +.PP +\&\fIX509_set_serialNumber()\fR sets the serial number of certificate \fBx\fR to +\&\fBserial\fR. A copy of the serial number is used internally so \fBserial\fR should +be freed up after use. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_get_serialNumber()\fR and \fIX509_get0_serialNumber()\fR return an \fB\s-1ASN1_INTEGER\s0\fR +structure. +.PP +\&\fIX509_set_serialNumber()\fR returns 1 for success and 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fId2i_X509\fR\|(3), +\&\fIERR_get_error\fR\|(3), +\&\fIX509_CRL_get0_by_serial\fR\|(3), +\&\fIX509_get0_signature\fR\|(3), +\&\fIX509_get_ext_d2i\fR\|(3), +\&\fIX509_get_extension_flags\fR\|(3), +\&\fIX509_get_pubkey\fR\|(3), +\&\fIX509_get_subject_name\fR\|(3), +\&\fIX509_NAME_add_entry_by_txt\fR\|(3), +\&\fIX509_NAME_ENTRY_get_object\fR\|(3), +\&\fIX509_NAME_get_index_by_NID\fR\|(3), +\&\fIX509_NAME_print_ex\fR\|(3), +\&\fIX509_new\fR\|(3), +\&\fIX509_sign\fR\|(3), +\&\fIX509V3_get_d2i\fR\|(3), +\&\fIX509_verify_cert\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fIX509_get_serialNumber()\fR and \fIX509_set_serialNumber()\fR functions are +available in all versions of OpenSSL. +The \fIX509_get0_serialNumber()\fR function was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/X509_get_subject_name.3 b/linux_amd64/ssl/share/man/man3/X509_get_subject_name.3 new file mode 100755 index 0000000..8c330bb --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/X509_get_subject_name.3 @@ -0,0 +1,208 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_GET_SUBJECT_NAME 3" +.TH X509_GET_SUBJECT_NAME 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_get_subject_name, X509_set_subject_name, X509_get_issuer_name, +X509_set_issuer_name, X509_REQ_get_subject_name, X509_REQ_set_subject_name, +X509_CRL_get_issuer, X509_CRL_set_issuer_name \- get and set issuer or +subject names +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& X509_NAME *X509_get_subject_name(const X509 *x); +\& int X509_set_subject_name(X509 *x, X509_NAME *name); +\& +\& X509_NAME *X509_get_issuer_name(const X509 *x); +\& int X509_set_issuer_name(X509 *x, X509_NAME *name); +\& +\& X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req); +\& int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name); +\& +\& X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl); +\& int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIX509_get_subject_name()\fR returns the subject name of certificate \fBx\fR. The +returned value is an internal pointer which \fB\s-1MUST\s0 \s-1NOT\s0\fR be freed. +.PP +\&\fIX509_set_subject_name()\fR sets the issuer name of certificate \fBx\fR to +\&\fBname\fR. The \fBname\fR parameter is copied internally and should be freed +up when it is no longer needed. +.PP +\&\fIX509_get_issuer_name()\fR and \fIX509_set_issuer_name()\fR are identical to +\&\fIX509_get_subject_name()\fR and \fIX509_set_subject_name()\fR except the get and +set the issuer name of \fBx\fR. +.PP +Similarly \fIX509_REQ_get_subject_name()\fR, \fIX509_REQ_set_subject_name()\fR, +\&\fIX509_CRL_get_issuer()\fR and \fIX509_CRL_set_issuer_name()\fR get or set the subject +or issuer names of certificate requests of CRLs respectively. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_get_subject_name()\fR, \fIX509_get_issuer_name()\fR, \fIX509_REQ_get_subject_name()\fR +and \fIX509_CRL_get_issuer()\fR return an \fBX509_NAME\fR pointer. +.PP +\&\fIX509_set_subject_name()\fR, \fIX509_set_issuer_name()\fR, \fIX509_REQ_set_subject_name()\fR +and \fIX509_CRL_set_issuer_name()\fR return 1 for success and 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fId2i_X509\fR\|(3), +\&\fIERR_get_error\fR\|(3), \fId2i_X509\fR\|(3) +\&\fIX509_CRL_get0_by_serial\fR\|(3), +\&\fIX509_get0_signature\fR\|(3), +\&\fIX509_get_ext_d2i\fR\|(3), +\&\fIX509_get_extension_flags\fR\|(3), +\&\fIX509_get_pubkey\fR\|(3), +\&\fIX509_NAME_add_entry_by_txt\fR\|(3), +\&\fIX509_NAME_ENTRY_get_object\fR\|(3), +\&\fIX509_NAME_get_index_by_NID\fR\|(3), +\&\fIX509_NAME_print_ex\fR\|(3), +\&\fIX509_new\fR\|(3), +\&\fIX509_sign\fR\|(3), +\&\fIX509V3_get_d2i\fR\|(3), +\&\fIX509_verify_cert\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIX509_REQ_get_subject_name()\fR is a function in OpenSSL 1.1.0 and a macro in +earlier versions. +.PP +\&\fIX509_CRL_get_issuer()\fR is a function in OpenSSL 1.1.0. It was previously +added in OpenSSL 1.0.0 as a macro. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/X509_get_version.3 b/linux_amd64/ssl/share/man/man3/X509_get_version.3 new file mode 100755 index 0000000..2465879 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/X509_get_version.3 @@ -0,0 +1,204 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_GET_VERSION 3" +.TH X509_GET_VERSION 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_get_version, X509_set_version, X509_REQ_get_version, X509_REQ_set_version, +X509_CRL_get_version, X509_CRL_set_version \- get or set certificate, +certificate request or CRL version +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long X509_get_version(const X509 *x); +\& int X509_set_version(X509 *x, long version); +\& +\& long X509_REQ_get_version(const X509_REQ *req); +\& int X509_REQ_set_version(X509_REQ *x, long version); +\& +\& long X509_CRL_get_version(const X509_CRL *crl); +\& int X509_CRL_set_version(X509_CRL *x, long version); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIX509_get_version()\fR returns the numerical value of the version field of +certificate \fBx\fR. Note: this is defined by standards (X.509 et al) to be one +less than the certificate version. So a version 3 certificate will return 2 and +a version 1 certificate will return 0. +.PP +\&\fIX509_set_version()\fR sets the numerical value of the version field of certificate +\&\fBx\fR to \fBversion\fR. +.PP +Similarly \fIX509_REQ_get_version()\fR, \fIX509_REQ_set_version()\fR, +\&\fIX509_CRL_get_version()\fR and \fIX509_CRL_set_version()\fR get and set the version +number of certificate requests and CRLs. +.SH "NOTES" +.IX Header "NOTES" +The version field of certificates, certificate requests and CRLs has a +\&\s-1DEFAULT\s0 value of \fB\f(BIv1\fB\|(0)\fR meaning the field should be omitted for version +1. This is handled transparently by these functions. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_get_version()\fR, \fIX509_REQ_get_version()\fR and \fIX509_CRL_get_version()\fR +return the numerical value of the version field. +.PP +\&\fIX509_set_version()\fR, \fIX509_REQ_set_version()\fR and \fIX509_CRL_set_version()\fR +return 1 for success and 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fId2i_X509\fR\|(3), +\&\fIERR_get_error\fR\|(3), +\&\fIX509_CRL_get0_by_serial\fR\|(3), +\&\fIX509_get0_signature\fR\|(3), +\&\fIX509_get_ext_d2i\fR\|(3), +\&\fIX509_get_extension_flags\fR\|(3), +\&\fIX509_get_pubkey\fR\|(3), +\&\fIX509_get_subject_name\fR\|(3), +\&\fIX509_NAME_add_entry_by_txt\fR\|(3), +\&\fIX509_NAME_ENTRY_get_object\fR\|(3), +\&\fIX509_NAME_get_index_by_NID\fR\|(3), +\&\fIX509_NAME_print_ex\fR\|(3), +\&\fIX509_new\fR\|(3), +\&\fIX509_sign\fR\|(3), +\&\fIX509V3_get_d2i\fR\|(3), +\&\fIX509_verify_cert\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIX509_get_version()\fR, \fIX509_REQ_get_version()\fR and \fIX509_CRL_get_version()\fR are +functions in OpenSSL 1.1.0, in previous versions they were macros. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/X509_load_http.3 b/linux_amd64/ssl/share/man/man3/X509_load_http.3 new file mode 100755 index 0000000..1f3935b --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/X509_load_http.3 @@ -0,0 +1,185 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_LOAD_HTTP 3" +.TH X509_LOAD_HTTP 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_load_http, +X509_http_nbio, +X509_CRL_load_http, +X509_CRL_http_nbio +\&\- certificate and CRL loading functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& X509 *X509_load_http(const char *url, BIO *bio, BIO *rbio, int timeout); +\& X509_CRL *X509_CRL_load_http(const char *url, BIO *bio, BIO *rbio, int timeout); +\& +\& #define X509_http_nbio(url) +\& #define X509_CRL_http_nbio(url) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIX509_load_http()\fR and \fIX509_CRL_load_http()\fR loads a certificate or a \s-1CRL\s0, +respectively, in \s-1ASN\s0.1 format using \s-1HTTP\s0 from the given \fBurl\fR. +.PP +If \fBbio\fR is given and \fBrbio\fR is \s-1NULL\s0 then this \s-1BIO\s0 is used instead of an +interal one for connecting, writing the request, and reading the response. +If both \fBbio\fR and \fBrbio\fR are given (which may be memory BIOs, for instance) +then no explicit connection is attempted, +\&\fBbio\fR is used for writing the request, and \fBrbio\fR for reading the response. +.PP +If the \fBtimeout\fR parameter is > 0 this indicates the maximum number of seconds +to wait until the transfer is complete. +A value of 0 enables waiting indefinitely, +while a value < 0 immediately leads to a timeout condition. +.PP +\&\fIX509_http_nbio()\fR and \fIX509_CRL_http_nbio()\fR are macros for backward compatibility +that have the same effect as the functions above but with infinite timeout +and without the possiblity to specify custom BIOs. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +On success the function yield the loaded value, else \s-1NULL\s0. +Error conditions include connection/transfer timeout, parse errors, etc. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIOSSL_HTTP_get_asn1\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIX509_load_http()\fR and \fIX509_CRL_load_http()\fR were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/X509_new.3 b/linux_amd64/ssl/share/man/man3/X509_new.3 new file mode 100755 index 0000000..4b40202 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/X509_new.3 @@ -0,0 +1,205 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_NEW 3" +.TH X509_NEW 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_chain_up_ref, +X509_new, X509_free, X509_up_ref \- X509 certificate ASN1 allocation functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& X509 *X509_new(void); +\& void X509_free(X509 *a); +\& int X509_up_ref(X509 *a); +\& STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *x); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The X509 \s-1ASN1\s0 allocation routines, allocate and free an +X509 structure, which represents an X509 certificate. +.PP +\&\fIX509_new()\fR allocates and initializes a X509 structure with reference count +\&\fB1\fR. +.PP +\&\fIX509_free()\fR decrements the reference count of \fBX509\fR structure \fBa\fR and +frees it up if the reference count is zero. If \fBa\fR is \s-1NULL\s0 nothing is done. +.PP +\&\fIX509_up_ref()\fR increments the reference count of \fBa\fR. +.PP +\&\fIX509_chain_up_ref()\fR increases the reference count of all certificates in +chain \fBx\fR and returns a copy of the stack. +.SH "NOTES" +.IX Header "NOTES" +The function \fIX509_up_ref()\fR if useful if a certificate structure is being +used by several different operations each of which will free it up after +use: this avoids the need to duplicate the entire certificate structure. +.PP +The function \fIX509_chain_up_ref()\fR doesn't just up the reference count of +each certificate it also returns a copy of the stack, using \fIsk_X509_dup()\fR, +but it serves a similar purpose: the returned chain persists after the +original has been freed. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +If the allocation fails, \fIX509_new()\fR returns \fB\s-1NULL\s0\fR and sets an error +code that can be obtained by \fIERR_get_error\fR\|(3). +Otherwise it returns a pointer to the newly allocated structure. +.PP +\&\fIX509_up_ref()\fR returns 1 for success and 0 for failure. +.PP +\&\fIX509_chain_up_ref()\fR returns a copy of the stack or \fB\s-1NULL\s0\fR if an error +occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fId2i_X509\fR\|(3), +\&\fIERR_get_error\fR\|(3), +\&\fIX509_CRL_get0_by_serial\fR\|(3), +\&\fIX509_get0_signature\fR\|(3), +\&\fIX509_get_ext_d2i\fR\|(3), +\&\fIX509_get_extension_flags\fR\|(3), +\&\fIX509_get_pubkey\fR\|(3), +\&\fIX509_get_subject_name\fR\|(3), +\&\fIX509_get_version\fR\|(3), +\&\fIX509_NAME_add_entry_by_txt\fR\|(3), +\&\fIX509_NAME_ENTRY_get_object\fR\|(3), +\&\fIX509_NAME_get_index_by_NID\fR\|(3), +\&\fIX509_NAME_print_ex\fR\|(3), +\&\fIX509_sign\fR\|(3), +\&\fIX509V3_get_d2i\fR\|(3), +\&\fIX509_verify_cert\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/X509_sign.3 b/linux_amd64/ssl/share/man/man3/X509_sign.3 new file mode 100755 index 0000000..cc994a8 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/X509_sign.3 @@ -0,0 +1,220 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_SIGN 3" +.TH X509_SIGN 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_sign, X509_sign_ctx, X509_verify, X509_REQ_sign, X509_REQ_sign_ctx, +X509_REQ_verify, X509_CRL_sign, X509_CRL_sign_ctx, X509_CRL_verify \- +sign or verify certificate, certificate request or CRL signature +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); +\& int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx); +\& int X509_verify(X509 *a, EVP_PKEY *r); +\& +\& int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md); +\& int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx); +\& int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r); +\& +\& int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md); +\& int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx); +\& int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIX509_sign()\fR signs certificate \fBx\fR using private key \fBpkey\fR and message +digest \fBmd\fR and sets the signature in \fBx\fR. \fIX509_sign_ctx()\fR also signs +certificate \fBx\fR but uses the parameters contained in digest context \fBctx\fR. +.PP +\&\fIX509_verify()\fR verifies the signature of certificate \fBx\fR using public key +\&\fBpkey\fR. Only the signature is checked: no other checks (such as certificate +chain validity) are performed. +.PP +\&\fIX509_REQ_sign()\fR, \fIX509_REQ_sign_ctx()\fR, \fIX509_REQ_verify()\fR, +\&\fIX509_CRL_sign()\fR, \fIX509_CRL_sign_ctx()\fR and \fIX509_CRL_verify()\fR sign and verify +certificate requests and CRLs respectively. +.SH "NOTES" +.IX Header "NOTES" +\&\fIX509_sign_ctx()\fR is used where the default parameters for the corresponding +public key and digest are not suitable. It can be used to sign keys using +RSA-PSS for example. +.PP +For efficiency reasons and to work around \s-1ASN\s0.1 encoding issues the encoding +of the signed portion of a certificate, certificate request and \s-1CRL\s0 is cached +internally. If the signed portion of the structure is modified the encoding +is not always updated meaning a stale version is sometimes used. This is not +normally a problem because modifying the signed portion will invalidate the +signature and signing will always update the encoding. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_sign()\fR, \fIX509_sign_ctx()\fR, \fIX509_REQ_sign()\fR, \fIX509_REQ_sign_ctx()\fR, +\&\fIX509_CRL_sign()\fR and \fIX509_CRL_sign_ctx()\fR return the size of the signature +in bytes for success and zero for failure. +.PP +\&\fIX509_verify()\fR, \fIX509_REQ_verify()\fR and \fIX509_CRL_verify()\fR return 1 if the +signature is valid and 0 if the signature check fails. If the signature +could not be checked at all because it was invalid or some other error +occurred then \-1 is returned. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fId2i_X509\fR\|(3), +\&\fIERR_get_error\fR\|(3), +\&\fIX509_CRL_get0_by_serial\fR\|(3), +\&\fIX509_get0_signature\fR\|(3), +\&\fIX509_get_ext_d2i\fR\|(3), +\&\fIX509_get_extension_flags\fR\|(3), +\&\fIX509_get_pubkey\fR\|(3), +\&\fIX509_get_subject_name\fR\|(3), +\&\fIX509_get_version\fR\|(3), +\&\fIX509_NAME_add_entry_by_txt\fR\|(3), +\&\fIX509_NAME_ENTRY_get_object\fR\|(3), +\&\fIX509_NAME_get_index_by_NID\fR\|(3), +\&\fIX509_NAME_print_ex\fR\|(3), +\&\fIX509_new\fR\|(3), +\&\fIX509V3_get_d2i\fR\|(3), +\&\fIX509_verify_cert\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fIX509_sign()\fR, \fIX509_REQ_sign()\fR and \fIX509_CRL_sign()\fR functions are +available in all versions of OpenSSL. +.PP +The \fIX509_sign_ctx()\fR, \fIX509_REQ_sign_ctx()\fR +and \fIX509_CRL_sign_ctx()\fR functions were added OpenSSL 1.0.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/X509_verify_cert.3 b/linux_amd64/ssl/share/man/man3/X509_verify_cert.3 new file mode 100755 index 0000000..175a69a --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/X509_verify_cert.3 @@ -0,0 +1,181 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_VERIFY_CERT 3" +.TH X509_VERIFY_CERT 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_verify_cert \- discover and verify X509 certificate chain +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_verify_cert(X509_STORE_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fIX509_verify_cert()\fR function attempts to discover and validate a +certificate chain based on parameters in \fBctx\fR. A complete description of +the process is contained in the \fIopenssl\-verify\fR\|(1) manual page. +.PP +Applications rarely call this function directly but it is used by +OpenSSL internally for certificate validation, in both the S/MIME and +\&\s-1SSL/TLS\s0 code. +.PP +A negative return value from \fIX509_verify_cert()\fR can occur if it is invoked +incorrectly, such as with no certificate set in \fBctx\fR, or when it is called +twice in succession without reinitialising \fBctx\fR for the second call. +A negative return value can also happen due to internal resource problems or if +a retry operation is requested during internal lookups (which never happens +with standard lookup methods). +Applications must check for <= 0 return value on error. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +If a complete chain can be built and validated this function returns 1, +otherwise it return zero, in exceptional circumstances it can also +return a negative code. +.PP +If the function fails additional error information can be obtained by +examining \fBctx\fR using, for example \fIX509_STORE_CTX_get_error()\fR. +.SH "BUGS" +.IX Header "BUGS" +This function uses the header \fI\fR +as opposed to most chain verification +functions which use \fI\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIX509_STORE_CTX_get_error\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2009\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/X509v3_get_ext_by_NID.3 b/linux_amd64/ssl/share/man/man3/X509v3_get_ext_by_NID.3 new file mode 100755 index 0000000..38544ca --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/X509v3_get_ext_by_NID.3 @@ -0,0 +1,264 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509V3_GET_EXT_BY_NID 3" +.TH X509V3_GET_EXT_BY_NID 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509v3_get_ext_count, X509v3_get_ext, X509v3_get_ext_by_NID, +X509v3_get_ext_by_OBJ, X509v3_get_ext_by_critical, X509v3_delete_ext, +X509v3_add_ext, X509_get_ext_count, X509_get_ext, +X509_get_ext_by_NID, X509_get_ext_by_OBJ, X509_get_ext_by_critical, +X509_delete_ext, X509_add_ext, X509_CRL_get_ext_count, X509_CRL_get_ext, +X509_CRL_get_ext_by_NID, X509_CRL_get_ext_by_OBJ, X509_CRL_get_ext_by_critical, +X509_CRL_delete_ext, X509_CRL_add_ext, X509_REVOKED_get_ext_count, +X509_REVOKED_get_ext, X509_REVOKED_get_ext_by_NID, X509_REVOKED_get_ext_by_OBJ, +X509_REVOKED_get_ext_by_critical, X509_REVOKED_delete_ext, +X509_REVOKED_add_ext \- extension stack utility functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x); +\& X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc); +\& +\& int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, +\& int nid, int lastpos); +\& int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x, +\& const ASN1_OBJECT *obj, int lastpos); +\& int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x, +\& int crit, int lastpos); +\& X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc); +\& STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, +\& X509_EXTENSION *ex, int loc); +\& +\& int X509_get_ext_count(const X509 *x); +\& X509_EXTENSION *X509_get_ext(const X509 *x, int loc); +\& int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos); +\& int X509_get_ext_by_OBJ(const X509 *x, const ASN1_OBJECT *obj, int lastpos); +\& int X509_get_ext_by_critical(const X509 *x, int crit, int lastpos); +\& X509_EXTENSION *X509_delete_ext(X509 *x, int loc); +\& int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc); +\& +\& int X509_CRL_get_ext_count(const X509_CRL *x); +\& X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc); +\& int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, int lastpos); +\& int X509_CRL_get_ext_by_OBJ(const X509_CRL *x, const ASN1_OBJECT *obj, int lastpos); +\& int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit, int lastpos); +\& X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc); +\& int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc); +\& +\& int X509_REVOKED_get_ext_count(const X509_REVOKED *x); +\& X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc); +\& int X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid, int lastpos); +\& int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x, const ASN1_OBJECT *obj, +\& int lastpos); +\& int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x, int crit, int lastpos); +\& X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc); +\& int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIX509v3_get_ext_count()\fR retrieves the number of extensions in \fBx\fR. +.PP +\&\fIX509v3_get_ext()\fR retrieves extension \fBloc\fR from \fBx\fR. The index \fBloc\fR +can take any value from \fB0\fR to X509_get_ext_count(x) \- 1. The returned +extension is an internal pointer which \fBmust not\fR be freed up by the +application. +.PP +\&\fIX509v3_get_ext_by_NID()\fR and \fIX509v3_get_ext_by_OBJ()\fR look for an extension +with \fBnid\fR or \fBobj\fR from extension stack \fBx\fR. The search starts from the +extension after \fBlastpos\fR or from the beginning if is \fB\-1\fR. If +the extension is found its index is returned otherwise \fB\-1\fR is returned. +.PP +\&\fIX509v3_get_ext_by_critical()\fR is similar to \fIX509v3_get_ext_by_NID()\fR except it +looks for an extension of criticality \fBcrit\fR. A zero value for \fBcrit\fR +looks for a non-critical extension a nonzero value looks for a critical +extension. +.PP +\&\fIX509v3_delete_ext()\fR deletes the extension with index \fBloc\fR from \fBx\fR. The +deleted extension is returned and must be freed by the caller. If \fBloc\fR +is in invalid index value \fB\s-1NULL\s0\fR is returned. +.PP +\&\fIX509v3_add_ext()\fR adds extension \fBex\fR to stack \fB*x\fR at position \fBloc\fR. If +\&\fBloc\fR is \fB\-1\fR the new extension is added to the end. If \fB*x\fR is \fB\s-1NULL\s0\fR +a new stack will be allocated. The passed extension \fBex\fR is duplicated +internally so it must be freed after use. +.PP +\&\fIX509_get_ext_count()\fR, \fIX509_get_ext()\fR, \fIX509_get_ext_by_NID()\fR, +\&\fIX509_get_ext_by_OBJ()\fR, \fIX509_get_ext_by_critical()\fR, \fIX509_delete_ext()\fR +and \fIX509_add_ext()\fR operate on the extensions of certificate \fBx\fR they are +otherwise identical to the X509v3 functions. +.PP +\&\fIX509_CRL_get_ext_count()\fR, \fIX509_CRL_get_ext()\fR, \fIX509_CRL_get_ext_by_NID()\fR, +\&\fIX509_CRL_get_ext_by_OBJ()\fR, \fIX509_CRL_get_ext_by_critical()\fR, +\&\fIX509_CRL_delete_ext()\fR and \fIX509_CRL_add_ext()\fR operate on the extensions of +\&\s-1CRL\s0 \fBx\fR they are otherwise identical to the X509v3 functions. +.PP +\&\fIX509_REVOKED_get_ext_count()\fR, \fIX509_REVOKED_get_ext()\fR, +\&\fIX509_REVOKED_get_ext_by_NID()\fR, \fIX509_REVOKED_get_ext_by_OBJ()\fR, +\&\fIX509_REVOKED_get_ext_by_critical()\fR, \fIX509_REVOKED_delete_ext()\fR and +\&\fIX509_REVOKED_add_ext()\fR operate on the extensions of \s-1CRL\s0 entry \fBx\fR +they are otherwise identical to the X509v3 functions. +.SH "NOTES" +.IX Header "NOTES" +These functions are used to examine stacks of extensions directly. Many +applications will want to parse or encode and add an extension: they should +use the extension encode and decode functions instead such as +\&\fIX509_add1_ext_i2d()\fR and \fIX509_get_ext_d2i()\fR. +.PP +Extension indices start from zero, so a zero index return value is \fBnot\fR an +error. These search functions start from the extension \fBafter\fR the \fBlastpos\fR +parameter so it should initially be set to \fB\-1\fR, if it is set to zero the +initial extension will not be checked. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509v3_get_ext_count()\fR returns the extension count. +.PP +\&\fIX509v3_get_ext()\fR, \fIX509v3_delete_ext()\fR and \fIX509_delete_ext()\fR return an +\&\fBX509_EXTENSION\fR pointer or \fB\s-1NULL\s0\fR if an error occurs. +.PP +\&\fIX509v3_get_ext_by_NID()\fR \fIX509v3_get_ext_by_OBJ()\fR and +\&\fIX509v3_get_ext_by_critical()\fR return the an extension index or \fB\-1\fR if an +error occurs. +.PP +\&\fIX509v3_add_ext()\fR returns a stack of extensions or \fB\s-1NULL\s0\fR on error. +.PP +\&\fIX509_add_ext()\fR returns 1 on success and 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIX509V3_get_d2i\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/d2i_DHparams.3 b/linux_amd64/ssl/share/man/man3/d2i_DHparams.3 new file mode 100755 index 0000000..6533b82 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/d2i_DHparams.3 @@ -0,0 +1,165 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "D2I_DHPARAMS 3" +.TH D2I_DHPARAMS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +d2i_DHparams, i2d_DHparams \- PKCS#3 DH parameter functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& DH *d2i_DHparams(DH **a, unsigned char **pp, long length); +\& int i2d_DHparams(DH *a, unsigned char **pp); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions decode and encode PKCS#3 \s-1DH\s0 parameters using the +DHparameter structure described in PKCS#3. +.PP +Otherwise these behave in a similar way to \fId2i_X509()\fR and \fIi2d_X509()\fR +described in the \fId2i_X509\fR\|(3) manual page. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fId2i_DHparams()\fR returns a valid \fB\s-1DH\s0\fR structure or \s-1NULL\s0 if an error occurred. +.PP +\&\fIi2d_DHparams()\fR returns the length of encoded data on success or a value which +is less than or equal to 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fId2i_X509\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/d2i_PKCS8PrivateKey_bio.3 b/linux_amd64/ssl/share/man/man3/d2i_PKCS8PrivateKey_bio.3 new file mode 100755 index 0000000..787f8f1 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/d2i_PKCS8PrivateKey_bio.3 @@ -0,0 +1,196 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "D2I_PKCS8PRIVATEKEY_BIO 3" +.TH D2I_PKCS8PRIVATEKEY_BIO 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +d2i_PKCS8PrivateKey_bio, d2i_PKCS8PrivateKey_fp, +i2d_PKCS8PrivateKey_bio, i2d_PKCS8PrivateKey_fp, +i2d_PKCS8PrivateKey_nid_bio, i2d_PKCS8PrivateKey_nid_fp \- PKCS#8 format private key functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u); +\& EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u); +\& +\& int i2d_PKCS8PrivateKey_bio(BIO *bp, const EVP_PKEY *x, const EVP_CIPHER *enc, +\& char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& +\& int i2d_PKCS8PrivateKey_fp(FILE *fp, const EVP_PKEY *x, const EVP_CIPHER *enc, +\& char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& +\& int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, const EVP_PKEY *x, int nid, +\& char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& +\& int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, const EVP_PKEY *x, int nid, +\& char *kstr, int klen, +\& pem_password_cb *cb, void *u); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The PKCS#8 functions encode and decode private keys in PKCS#8 format using both +PKCS#5 v1.5 and PKCS#5 v2.0 password based encryption algorithms. +.PP +Other than the use of \s-1DER\s0 as opposed to \s-1PEM\s0 these functions are identical to the +corresponding \fB\s-1PEM\s0\fR function as described in \fIPEM_read_PrivateKey\fR\|(3). +.SH "NOTES" +.IX Header "NOTES" +These functions are currently the only way to store encrypted private keys using \s-1DER\s0 format. +.PP +Currently all the functions use BIOs or \s-1FILE\s0 pointers, there are no functions which +work directly on memory: this can be readily worked around by converting the buffers +to memory BIOs, see \fIBIO_s_mem\fR\|(3) for details. +.PP +These functions make no assumption regarding the pass phrase received from the +password callback. +It will simply be treated as a byte sequence. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fId2i_PKCS8PrivateKey_bio()\fR and \fId2i_PKCS8PrivateKey_fp()\fR return a valid \fB\s-1EVP_PKEY\s0\fR +structure or \s-1NULL\s0 if an error occurred. +.PP +\&\fIi2d_PKCS8PrivateKey_bio()\fR, \fIi2d_PKCS8PrivateKey_fp()\fR, \fIi2d_PKCS8PrivateKey_nid_bio()\fR +and \fIi2d_PKCS8PrivateKey_nid_fp()\fR return 1 on success or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIPEM_read_PrivateKey\fR\|(3), +\&\fIpassphrase\-encoding\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/d2i_PrivateKey.3 b/linux_amd64/ssl/share/man/man3/d2i_PrivateKey.3 new file mode 100755 index 0000000..5488a0a --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/d2i_PrivateKey.3 @@ -0,0 +1,211 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "D2I_PRIVATEKEY 3" +.TH D2I_PRIVATEKEY 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +d2i_PrivateKey, d2i_PublicKey, d2i_KeyParams, d2i_AutoPrivateKey, +i2d_PrivateKey, i2d_PublicKey, i2d_KeyParams, i2d_KeyParams_bio, +d2i_PrivateKey_bio, d2i_PrivateKey_fp, d2i_KeyParams_bio +\&\- decode and encode functions for reading and saving EVP_PKEY structures +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, +\& long length); +\& EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, +\& long length); +\& EVP_PKEY *d2i_KeyParams(int type, EVP_PKEY **a, const unsigned char **pp, +\& long length); +\& EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, +\& long length); +\& +\& int i2d_PrivateKey(const EVP_PKEY *a, unsigned char **pp); +\& int i2d_PublicKey(const EVP_PKEY *a, unsigned char **pp); +\& int i2d_KeyParams(const EVP_PKEY *a, unsigned char **pp); +\& int i2d_KeyParams_bio(BIO *bp, const EVP_PKEY *pkey); +\& +\& EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a); +\& EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a) +\& EVP_PKEY *d2i_KeyParams_bio(int type, EVP_PKEY **a, BIO *in); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fId2i_PrivateKey()\fR decodes a private key using algorithm \fBtype\fR. It attempts to +use any key specific format or PKCS#8 unencrypted PrivateKeyInfo format. The +\&\fBtype\fR parameter should be a public key algorithm constant such as +\&\fB\s-1EVP_PKEY_RSA\s0\fR. An error occurs if the decoded key does not match \fBtype\fR. +\&\fId2i_PublicKey()\fR does the same for public keys. +\&\fId2i_KeyParams()\fR does the same for key parameters. +.PP +\&\fId2i_AutoPrivateKey()\fR is similar to \fId2i_PrivateKey()\fR except it attempts to +automatically detect the private key format. +.PP +\&\fIi2d_PrivateKey()\fR encodes \fBkey\fR. It uses a key specific format or, if none is +defined for that key type, PKCS#8 unencrypted PrivateKeyInfo format. +\&\fIi2d_PublicKey()\fR does the same for public keys. +\&\fIi2d_KeyParams()\fR does the same for key parameters. +These functions are similar to the \fId2i_X509()\fR functions; see \fId2i_X509\fR\|(3). +.SH "NOTES" +.IX Header "NOTES" +All these functions use \s-1DER\s0 format and unencrypted keys. Applications wishing +to encrypt or decrypt private keys should use other functions such as +\&\fId2i_PKCS8PrivateKey()\fR instead. +.PP +If the \fB*a\fR is not \s-1NULL\s0 when calling \fId2i_PrivateKey()\fR or \fId2i_AutoPrivateKey()\fR +(i.e. an existing structure is being reused) and the key format is PKCS#8 +then \fB*a\fR will be freed and replaced on a successful call. +.PP +To decode a key with type \fB\s-1EVP_PKEY_EC\s0\fR, \fId2i_PublicKey()\fR requires \fB*a\fR to be +a non-NULL \s-1EVP_PKEY\s0 structure assigned an \s-1EC_KEY\s0 structure referencing the proper +\&\s-1EC_GROUP\s0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The \fId2i_PrivateKey()\fR, \fId2i_AutoPrivateKey()\fR, \fId2i_PrivateKey_bio()\fR, \fId2i_PrivateKey_fp()\fR, +\&\fId2i_PublicKey()\fR, \fId2i_KeyParams()\fR and \fId2i_KeyParams_bio()\fR functions return a valid +\&\fB\s-1EVP_KEY\s0\fR structure or \fB\s-1NULL\s0\fR if an error occurs. The error code can be +obtained by calling \fIERR_get_error\fR\|(3). +.PP +\&\fIi2d_PrivateKey()\fR, \fIi2d_PublicKey()\fR, \fIi2d_KeyParams()\fR \fIi2d_KeyParams_bio()\fR return +the number of bytes successfully encoded or a negative value if an error occurs. +The error code can be obtained by calling \fIERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIcrypto\fR\|(7), +\&\fId2i_PKCS8PrivateKey_bio\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/d2i_SSL_SESSION.3 b/linux_amd64/ssl/share/man/man3/d2i_SSL_SESSION.3 new file mode 100755 index 0000000..47911f4 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/d2i_SSL_SESSION.3 @@ -0,0 +1,173 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "D2I_SSL_SESSION 3" +.TH D2I_SSL_SESSION 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +d2i_SSL_SESSION, i2d_SSL_SESSION \- convert SSL_SESSION object from/to ASN1 representation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, +\& long length); +\& int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions decode and encode an \s-1SSL_SESSION\s0 object. +For encoding details see \fId2i_X509\fR\|(3). +.PP +\&\s-1SSL_SESSION\s0 objects keep internal link information about the session cache +list, when being inserted into one \s-1SSL_CTX\s0 object's session cache. +One \s-1SSL_SESSION\s0 object, regardless of its reference count, must therefore +only be used with one \s-1SSL_CTX\s0 object (and the \s-1SSL\s0 objects created +from this \s-1SSL_CTX\s0 object). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fId2i_SSL_SESSION()\fR returns a pointer to the newly allocated \s-1SSL_SESSION\s0 +object. In case of failure the NULL-pointer is returned and the error message +can be retrieved from the error stack. +.PP +\&\fIi2d_SSL_SESSION()\fR returns the size of the \s-1ASN1\s0 representation in bytes. +When the session is not valid, \fB0\fR is returned and no operation is performed. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(7), \fISSL_SESSION_free\fR\|(3), +\&\fISSL_CTX_sess_set_get_cb\fR\|(3), +\&\fId2i_X509\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/d2i_X509.3 b/linux_amd64/ssl/share/man/man3/d2i_X509.3 new file mode 100755 index 0000000..08cdb12 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/d2i_X509.3 @@ -0,0 +1,764 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "D2I_X509 3" +.TH D2I_X509 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +d2i_ACCESS_DESCRIPTION, +d2i_ADMISSIONS, +d2i_ADMISSION_SYNTAX, +d2i_ASIdOrRange, +d2i_ASIdentifierChoice, +d2i_ASIdentifiers, +d2i_ASN1_BIT_STRING, +d2i_ASN1_BMPSTRING, +d2i_ASN1_ENUMERATED, +d2i_ASN1_GENERALIZEDTIME, +d2i_ASN1_GENERALSTRING, +d2i_ASN1_IA5STRING, +d2i_ASN1_INTEGER, +d2i_ASN1_NULL, +d2i_ASN1_OBJECT, +d2i_ASN1_OCTET_STRING, +d2i_ASN1_PRINTABLE, +d2i_ASN1_PRINTABLESTRING, +d2i_ASN1_SEQUENCE_ANY, +d2i_ASN1_SET_ANY, +d2i_ASN1_T61STRING, +d2i_ASN1_TIME, +d2i_ASN1_TYPE, +d2i_ASN1_UINTEGER, +d2i_ASN1_UNIVERSALSTRING, +d2i_ASN1_UTCTIME, +d2i_ASN1_UTF8STRING, +d2i_ASN1_VISIBLESTRING, +d2i_ASRange, +d2i_AUTHORITY_INFO_ACCESS, +d2i_AUTHORITY_KEYID, +d2i_BASIC_CONSTRAINTS, +d2i_CERTIFICATEPOLICIES, +d2i_CMS_ContentInfo, +d2i_CMS_ReceiptRequest, +d2i_CMS_bio, +d2i_CRL_DIST_POINTS, +d2i_DHxparams, +d2i_DIRECTORYSTRING, +d2i_DISPLAYTEXT, +d2i_DIST_POINT, +d2i_DIST_POINT_NAME, +d2i_DSAPrivateKey, +d2i_DSAPrivateKey_bio, +d2i_DSAPrivateKey_fp, +d2i_DSAPublicKey, +d2i_DSA_PUBKEY, +d2i_DSA_PUBKEY_bio, +d2i_DSA_PUBKEY_fp, +d2i_DSA_SIG, +d2i_DSAparams, +d2i_ECDSA_SIG, +d2i_ECPKParameters, +d2i_ECParameters, +d2i_ECPrivateKey, +d2i_ECPrivateKey_bio, +d2i_ECPrivateKey_fp, +d2i_EC_PUBKEY, +d2i_EC_PUBKEY_bio, +d2i_EC_PUBKEY_fp, +d2i_EDIPARTYNAME, +d2i_ESS_CERT_ID, +d2i_ESS_CERT_ID_V2, +d2i_ESS_ISSUER_SERIAL, +d2i_ESS_SIGNING_CERT, +d2i_ESS_SIGNING_CERT_V2, +d2i_EXTENDED_KEY_USAGE, +d2i_GENERAL_NAME, +d2i_GENERAL_NAMES, +d2i_IPAddressChoice, +d2i_IPAddressFamily, +d2i_IPAddressOrRange, +d2i_IPAddressRange, +d2i_ISSUING_DIST_POINT, +d2i_NAMING_AUTHORITY, +d2i_NETSCAPE_CERT_SEQUENCE, +d2i_NETSCAPE_SPKAC, +d2i_NETSCAPE_SPKI, +d2i_NOTICEREF, +d2i_OCSP_BASICRESP, +d2i_OCSP_CERTID, +d2i_OCSP_CERTSTATUS, +d2i_OCSP_CRLID, +d2i_OCSP_ONEREQ, +d2i_OCSP_REQINFO, +d2i_OCSP_REQUEST, +d2i_OCSP_RESPBYTES, +d2i_OCSP_RESPDATA, +d2i_OCSP_RESPID, +d2i_OCSP_RESPONSE, +d2i_OCSP_REVOKEDINFO, +d2i_OCSP_SERVICELOC, +d2i_OCSP_SIGNATURE, +d2i_OCSP_SINGLERESP, +d2i_OSSL_CMP_MSG, +d2i_OSSL_CMP_PKIHEADER, +d2i_OSSL_CRMF_CERTID, +d2i_OSSL_CRMF_CERTTEMPLATE, +d2i_OSSL_CRMF_ENCRYPTEDVALUE, +d2i_OSSL_CRMF_MSG, +d2i_OSSL_CRMF_MSGS, +d2i_OSSL_CRMF_PBMPARAMETER, +d2i_OSSL_CRMF_PKIPUBLICATIONINFO, +d2i_OSSL_CRMF_SINGLEPUBINFO, +d2i_OTHERNAME, +d2i_PBE2PARAM, +d2i_PBEPARAM, +d2i_PBKDF2PARAM, +d2i_PKCS12, +d2i_PKCS12_BAGS, +d2i_PKCS12_MAC_DATA, +d2i_PKCS12_SAFEBAG, +d2i_PKCS12_bio, +d2i_PKCS12_fp, +d2i_PKCS7, +d2i_PKCS7_DIGEST, +d2i_PKCS7_ENCRYPT, +d2i_PKCS7_ENC_CONTENT, +d2i_PKCS7_ENVELOPE, +d2i_PKCS7_ISSUER_AND_SERIAL, +d2i_PKCS7_RECIP_INFO, +d2i_PKCS7_SIGNED, +d2i_PKCS7_SIGNER_INFO, +d2i_PKCS7_SIGN_ENVELOPE, +d2i_PKCS7_bio, +d2i_PKCS7_fp, +d2i_PKCS8_PRIV_KEY_INFO, +d2i_PKCS8_PRIV_KEY_INFO_bio, +d2i_PKCS8_PRIV_KEY_INFO_fp, +d2i_PKCS8_bio, +d2i_PKCS8_fp, +d2i_PKEY_USAGE_PERIOD, +d2i_POLICYINFO, +d2i_POLICYQUALINFO, +d2i_PROFESSION_INFO, +d2i_PROXY_CERT_INFO_EXTENSION, +d2i_PROXY_POLICY, +d2i_RSAPrivateKey, +d2i_RSAPrivateKey_bio, +d2i_RSAPrivateKey_fp, +d2i_RSAPublicKey, +d2i_RSAPublicKey_bio, +d2i_RSAPublicKey_fp, +d2i_RSA_OAEP_PARAMS, +d2i_RSA_PSS_PARAMS, +d2i_RSA_PUBKEY, +d2i_RSA_PUBKEY_bio, +d2i_RSA_PUBKEY_fp, +d2i_SCRYPT_PARAMS, +d2i_SCT_LIST, +d2i_SXNET, +d2i_SXNETID, +d2i_TS_ACCURACY, +d2i_TS_MSG_IMPRINT, +d2i_TS_MSG_IMPRINT_bio, +d2i_TS_MSG_IMPRINT_fp, +d2i_TS_REQ, +d2i_TS_REQ_bio, +d2i_TS_REQ_fp, +d2i_TS_RESP, +d2i_TS_RESP_bio, +d2i_TS_RESP_fp, +d2i_TS_STATUS_INFO, +d2i_TS_TST_INFO, +d2i_TS_TST_INFO_bio, +d2i_TS_TST_INFO_fp, +d2i_USERNOTICE, +d2i_X509, +d2i_X509_ALGOR, +d2i_X509_ALGORS, +d2i_X509_ATTRIBUTE, +d2i_X509_CERT_AUX, +d2i_X509_CINF, +d2i_X509_CRL, +d2i_X509_CRL_INFO, +d2i_X509_CRL_bio, +d2i_X509_CRL_fp, +d2i_X509_EXTENSION, +d2i_X509_EXTENSIONS, +d2i_X509_NAME, +d2i_X509_NAME_ENTRY, +d2i_X509_PUBKEY, +d2i_X509_PUBKEY_bio, +d2i_X509_PUBKEY_fp, +d2i_X509_REQ, +d2i_X509_REQ_INFO, +d2i_X509_REQ_bio, +d2i_X509_REQ_fp, +d2i_X509_REVOKED, +d2i_X509_SIG, +d2i_X509_VAL, +i2d_ACCESS_DESCRIPTION, +i2d_ADMISSIONS, +i2d_ADMISSION_SYNTAX, +i2d_ASIdOrRange, +i2d_ASIdentifierChoice, +i2d_ASIdentifiers, +i2d_ASN1_BIT_STRING, +i2d_ASN1_BMPSTRING, +i2d_ASN1_ENUMERATED, +i2d_ASN1_GENERALIZEDTIME, +i2d_ASN1_GENERALSTRING, +i2d_ASN1_IA5STRING, +i2d_ASN1_INTEGER, +i2d_ASN1_NULL, +i2d_ASN1_OBJECT, +i2d_ASN1_OCTET_STRING, +i2d_ASN1_PRINTABLE, +i2d_ASN1_PRINTABLESTRING, +i2d_ASN1_SEQUENCE_ANY, +i2d_ASN1_SET_ANY, +i2d_ASN1_T61STRING, +i2d_ASN1_TIME, +i2d_ASN1_TYPE, +i2d_ASN1_UNIVERSALSTRING, +i2d_ASN1_UTCTIME, +i2d_ASN1_UTF8STRING, +i2d_ASN1_VISIBLESTRING, +i2d_ASN1_bio_stream, +i2d_ASRange, +i2d_AUTHORITY_INFO_ACCESS, +i2d_AUTHORITY_KEYID, +i2d_BASIC_CONSTRAINTS, +i2d_CERTIFICATEPOLICIES, +i2d_CMS_ContentInfo, +i2d_CMS_ReceiptRequest, +i2d_CMS_bio, +i2d_CRL_DIST_POINTS, +i2d_DHxparams, +i2d_DIRECTORYSTRING, +i2d_DISPLAYTEXT, +i2d_DIST_POINT, +i2d_DIST_POINT_NAME, +i2d_DSAPrivateKey, +i2d_DSAPrivateKey_bio, +i2d_DSAPrivateKey_fp, +i2d_DSAPublicKey, +i2d_DSA_PUBKEY, +i2d_DSA_PUBKEY_bio, +i2d_DSA_PUBKEY_fp, +i2d_DSA_SIG, +i2d_DSAparams, +i2d_ECDSA_SIG, +i2d_ECPKParameters, +i2d_ECParameters, +i2d_ECPrivateKey, +i2d_ECPrivateKey_bio, +i2d_ECPrivateKey_fp, +i2d_EC_PUBKEY, +i2d_EC_PUBKEY_bio, +i2d_EC_PUBKEY_fp, +i2d_EDIPARTYNAME, +i2d_ESS_CERT_ID, +i2d_ESS_CERT_ID_V2, +i2d_ESS_ISSUER_SERIAL, +i2d_ESS_SIGNING_CERT, +i2d_ESS_SIGNING_CERT_V2, +i2d_EXTENDED_KEY_USAGE, +i2d_GENERAL_NAME, +i2d_GENERAL_NAMES, +i2d_IPAddressChoice, +i2d_IPAddressFamily, +i2d_IPAddressOrRange, +i2d_IPAddressRange, +i2d_ISSUING_DIST_POINT, +i2d_NAMING_AUTHORITY, +i2d_NETSCAPE_CERT_SEQUENCE, +i2d_NETSCAPE_SPKAC, +i2d_NETSCAPE_SPKI, +i2d_NOTICEREF, +i2d_OCSP_BASICRESP, +i2d_OCSP_CERTID, +i2d_OCSP_CERTSTATUS, +i2d_OCSP_CRLID, +i2d_OCSP_ONEREQ, +i2d_OCSP_REQINFO, +i2d_OCSP_REQUEST, +i2d_OCSP_RESPBYTES, +i2d_OCSP_RESPDATA, +i2d_OCSP_RESPID, +i2d_OCSP_RESPONSE, +i2d_OCSP_REVOKEDINFO, +i2d_OCSP_SERVICELOC, +i2d_OCSP_SIGNATURE, +i2d_OCSP_SINGLERESP, +i2d_OSSL_CMP_MSG, +i2d_OSSL_CMP_PKIHEADER, +i2d_OSSL_CRMF_CERTID, +i2d_OSSL_CRMF_CERTTEMPLATE, +i2d_OSSL_CRMF_ENCRYPTEDVALUE, +i2d_OSSL_CRMF_MSG, +i2d_OSSL_CRMF_MSGS, +i2d_OSSL_CRMF_PBMPARAMETER, +i2d_OSSL_CRMF_PKIPUBLICATIONINFO, +i2d_OSSL_CRMF_SINGLEPUBINFO, +i2d_OTHERNAME, +i2d_PBE2PARAM, +i2d_PBEPARAM, +i2d_PBKDF2PARAM, +i2d_PKCS12, +i2d_PKCS12_BAGS, +i2d_PKCS12_MAC_DATA, +i2d_PKCS12_SAFEBAG, +i2d_PKCS12_bio, +i2d_PKCS12_fp, +i2d_PKCS7, +i2d_PKCS7_DIGEST, +i2d_PKCS7_ENCRYPT, +i2d_PKCS7_ENC_CONTENT, +i2d_PKCS7_ENVELOPE, +i2d_PKCS7_ISSUER_AND_SERIAL, +i2d_PKCS7_NDEF, +i2d_PKCS7_RECIP_INFO, +i2d_PKCS7_SIGNED, +i2d_PKCS7_SIGNER_INFO, +i2d_PKCS7_SIGN_ENVELOPE, +i2d_PKCS7_bio, +i2d_PKCS7_fp, +i2d_PKCS8PrivateKeyInfo_bio, +i2d_PKCS8PrivateKeyInfo_fp, +i2d_PKCS8_PRIV_KEY_INFO, +i2d_PKCS8_PRIV_KEY_INFO_bio, +i2d_PKCS8_PRIV_KEY_INFO_fp, +i2d_PKCS8_bio, +i2d_PKCS8_fp, +i2d_PKEY_USAGE_PERIOD, +i2d_POLICYINFO, +i2d_POLICYQUALINFO, +i2d_PROFESSION_INFO, +i2d_PROXY_CERT_INFO_EXTENSION, +i2d_PROXY_POLICY, +i2d_RSAPrivateKey, +i2d_RSAPrivateKey_bio, +i2d_RSAPrivateKey_fp, +i2d_RSAPublicKey, +i2d_RSAPublicKey_bio, +i2d_RSAPublicKey_fp, +i2d_RSA_OAEP_PARAMS, +i2d_RSA_PSS_PARAMS, +i2d_RSA_PUBKEY, +i2d_RSA_PUBKEY_bio, +i2d_RSA_PUBKEY_fp, +i2d_SCRYPT_PARAMS, +i2d_SCT_LIST, +i2d_SXNET, +i2d_SXNETID, +i2d_TS_ACCURACY, +i2d_TS_MSG_IMPRINT, +i2d_TS_MSG_IMPRINT_bio, +i2d_TS_MSG_IMPRINT_fp, +i2d_TS_REQ, +i2d_TS_REQ_bio, +i2d_TS_REQ_fp, +i2d_TS_RESP, +i2d_TS_RESP_bio, +i2d_TS_RESP_fp, +i2d_TS_STATUS_INFO, +i2d_TS_TST_INFO, +i2d_TS_TST_INFO_bio, +i2d_TS_TST_INFO_fp, +i2d_USERNOTICE, +i2d_X509, +i2d_X509_ALGOR, +i2d_X509_ALGORS, +i2d_X509_ATTRIBUTE, +i2d_X509_CERT_AUX, +i2d_X509_CINF, +i2d_X509_CRL, +i2d_X509_CRL_INFO, +i2d_X509_CRL_bio, +i2d_X509_CRL_fp, +i2d_X509_EXTENSION, +i2d_X509_EXTENSIONS, +i2d_X509_NAME, +i2d_X509_NAME_ENTRY, +i2d_X509_PUBKEY, +i2d_X509_PUBKEY_bio, +i2d_X509_PUBKEY_fp, +i2d_X509_REQ, +i2d_X509_REQ_INFO, +i2d_X509_REQ_bio, +i2d_X509_REQ_fp, +i2d_X509_REVOKED, +i2d_X509_SIG, +i2d_X509_VAL, +\&\- convert objects from/to ASN.1/DER representation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 3 +\& TYPE *d2i_TYPE(TYPE **a, unsigned char **ppin, long length); +\& TYPE *d2i_TYPE_bio(BIO *bp, TYPE **a); +\& TYPE *d2i_TYPE_fp(FILE *fp, TYPE **a); +\& +\& int i2d_TYPE(const TYPE *a, unsigned char **ppout); +\& int i2d_TYPE(TYPE *a, unsigned char **ppout); +\& int i2d_TYPE_fp(FILE *fp, const TYPE *a); +\& int i2d_TYPE_fp(FILE *fp, TYPE *a); +\& int i2d_TYPE_bio(BIO *bp, const TYPE *a); +\& int i2d_TYPE_bio(BIO *bp, TYPE *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +In the description here, \fB\f(BI\s-1TYPE\s0\fB\fR is used a placeholder +for any of the OpenSSL datatypes, such as \fIX509_CRL\fR. +The function parameters \fIppin\fR and \fIppout\fR are generally +either both named \fIpp\fR in the headers, or \fIin\fR and \fIout\fR. +.PP +These functions convert OpenSSL objects to and from their \s-1ASN\s0.1/DER +encoding. Unlike the C structures which can have pointers to sub-objects +within, the \s-1DER\s0 is a serialized encoding, suitable for sending over the +network, writing to a file, and so on. +.PP +\&\fBd2i_\f(BI\s-1TYPE\s0\fB\fR() attempts to decode \fIlen\fR bytes at \fI*ppin\fR. If successful a +pointer to the \fB\f(BI\s-1TYPE\s0\fB\fR structure is returned and \fI*ppin\fR is incremented to +the byte following the parsed data. If \fIa\fR is not \s-1NULL\s0 then a pointer +to the returned structure is also written to \fI*a\fR. If an error occurred +then \s-1NULL\s0 is returned. +.PP +On a successful return, if \fI*a\fR is not \s-1NULL\s0 then it is assumed that \fI*a\fR +contains a valid \fB\f(BI\s-1TYPE\s0\fB\fR structure and an attempt is made to reuse it. This +\&\*(L"reuse\*(R" capability is present for historical compatibility but its use is +\&\fBstrongly discouraged\fR (see \s-1BUGS\s0 below, and the discussion in the \s-1RETURN\s0 +\&\s-1VALUES\s0 section). +.PP +\&\fBd2i_\f(BI\s-1TYPE\s0\fB_bio\fR() is similar to \fBd2i_\f(BI\s-1TYPE\s0\fB\fR() except it attempts +to parse data from \s-1BIO\s0 \fIbp\fR. +.PP +\&\fBd2i_\f(BI\s-1TYPE\s0\fB_fp\fR() is similar to \fBd2i_\f(BI\s-1TYPE\s0\fB\fR() except it attempts +to parse data from \s-1FILE\s0 pointer \fIfp\fR. +.PP +\&\fBi2d_\f(BI\s-1TYPE\s0\fB\fR() encodes the structure pointed to by \fIa\fR into \s-1DER\s0 format. +If \fIppout\fR is not \s-1NULL\s0, it writes the \s-1DER\s0 encoded data to the buffer +at \fI*ppout\fR, and increments it to point after the data just written. +If the return value is negative an error occurred, otherwise it +returns the length of the encoded data. +.PP +If \fI*ppout\fR is \s-1NULL\s0 memory will be allocated for a buffer and the encoded +data written to it. In this case \fI*ppout\fR is not incremented and it points +to the start of the data just written. +.PP +\&\fBi2d_\f(BI\s-1TYPE\s0\fB_bio\fR() is similar to \fBi2d_\f(BI\s-1TYPE\s0\fB\fR() except it writes +the encoding of the structure \fIa\fR to \s-1BIO\s0 \fIbp\fR and it +returns 1 for success and 0 for failure. +.PP +\&\fBi2d_\f(BI\s-1TYPE\s0\fB_fp\fR() is similar to \fBi2d_\f(BI\s-1TYPE\s0\fB\fR() except it writes +the encoding of the structure \fIa\fR to \s-1BIO\s0 \fIbp\fR and it +returns 1 for success and 0 for failure. +.PP +These routines do not encrypt private keys and therefore offer no +security; use \fIPEM_write_PrivateKey\fR\|(3) or similar for writing to files. +.SH "NOTES" +.IX Header "NOTES" +The letters \fBi\fR and \fBd\fR in \fBi2d_\f(BI\s-1TYPE\s0\fB\fR() stand for +\&\*(L"internal\*(R" (that is, an internal C structure) and \*(L"\s-1DER\s0\*(R" respectively. +So \fBi2d_\f(BI\s-1TYPE\s0\fB\fR() converts from internal to \s-1DER\s0. +.PP +The functions can also understand \fB\s-1BER\s0\fR forms. +.PP +The actual \s-1TYPE\s0 structure passed to \fBi2d_\f(BI\s-1TYPE\s0\fB\fR() must be a valid +populated \fB\f(BI\s-1TYPE\s0\fB\fR structure \*(-- it \fBcannot\fR simply be fed with an +empty structure such as that returned by \fITYPE_new()\fR. +.PP +The encoded data is in binary form and may contain embedded zeros. +Therefore any \s-1FILE\s0 pointers or BIOs should be opened in binary mode. +Functions such as \fIstrlen()\fR will \fBnot\fR return the correct length +of the encoded structure. +.PP +The ways that \fI*ppin\fR and \fI*ppout\fR are incremented after the operation +can trap the unwary. See the \fB\s-1WARNINGS\s0\fR section for some common +errors. +The reason for this-auto increment behaviour is to reflect a typical +usage of \s-1ASN1\s0 functions: after one structure is encoded or decoded +another will be processed after it. +.PP +The following points about the data types might be useful: +.IP "\fB\s-1ASN1_OBJECT\s0\fR" 4 +.IX Item "ASN1_OBJECT" +Represents an \s-1ASN1\s0 \s-1OBJECT\s0 \s-1IDENTIFIER\s0. +.IP "\fBDHparams\fR" 4 +.IX Item "DHparams" +Represents a PKCS#3 \s-1DH\s0 parameters structure. +.IP "\fBDHxparams\fR" 4 +.IX Item "DHxparams" +Represents an \s-1ANSI\s0 X9.42 \s-1DH\s0 parameters structure. +.IP "\fB\s-1DSA_PUBKEY\s0\fR" 4 +.IX Item "DSA_PUBKEY" +Represents a \s-1DSA\s0 public key using a \fBSubjectPublicKeyInfo\fR structure. +.IP "\fBDSAPublicKey\fR, \fBDSAPrivateKey\fR" 4 +.IX Item "DSAPublicKey, DSAPrivateKey" +Use a non-standard OpenSSL format and should be avoided; use \fB\s-1DSA_PUBKEY\s0\fR, +\&\fIPEM_write_PrivateKey\fR\|(3), or similar instead. +.IP "\fB\s-1ECDSA_SIG\s0\fR" 4 +.IX Item "ECDSA_SIG" +Represents an \s-1ECDSA\s0 signature. +.IP "\fBRSAPublicKey\fR" 4 +.IX Item "RSAPublicKey" +Represents a PKCS#1 \s-1RSA\s0 public key structure. +.IP "\fBX509_ALGOR\fR" 4 +.IX Item "X509_ALGOR" +Represents an \fBAlgorithmIdentifier\fR structure as used in \s-1IETF\s0 \s-1RFC\s0 6960 and +elsewhere. +.IP "\fBX509_Name\fR" 4 +.IX Item "X509_Name" +Represents a \fBName\fR type as used for subject and issuer names in +\&\s-1IETF\s0 \s-1RFC\s0 6960 and elsewhere. +.IP "\fBX509_REQ\fR" 4 +.IX Item "X509_REQ" +Represents a PKCS#10 certificate request. +.IP "\fBX509_SIG\fR" 4 +.IX Item "X509_SIG" +Represents the \fBDigestInfo\fR structure defined in PKCS#1 and PKCS#7. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBd2i_\f(BI\s-1TYPE\s0\fB\fR(), \fBd2i_\f(BI\s-1TYPE\s0\fB_bio\fR() and \fBd2i_\f(BI\s-1TYPE\s0\fB_fp\fR() return a valid +\&\fB\f(BI\s-1TYPE\s0\fB\fR structure or \s-1NULL\s0 if an error occurs. If the \*(L"reuse\*(R" capability has +been used with a valid structure being passed in via \fIa\fR, then the object is +freed in the event of error and \fI*a\fR is set to \s-1NULL\s0. +.PP +\&\fBi2d_\f(BI\s-1TYPE\s0\fB\fR() returns the number of bytes successfully encoded or a negative +value if an error occurs. +.PP +\&\fBi2d_\f(BI\s-1TYPE\s0\fB_bio\fR() and \fBi2d_\f(BI\s-1TYPE\s0\fB_fp\fR() return 1 for success and 0 if an +error occurs. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Allocate and encode the \s-1DER\s0 encoding of an X509 structure: +.PP +.Vb 2 +\& int len; +\& unsigned char *buf; +\& +\& buf = NULL; +\& len = i2d_X509(x, &buf); +\& if (len < 0) +\& /* error */ +.Ve +.PP +Attempt to decode a buffer: +.PP +.Vb 3 +\& X509 *x; +\& unsigned char *buf, *p; +\& int len; +\& +\& /* Set up buf and len to point to the input buffer. */ +\& p = buf; +\& x = d2i_X509(NULL, &p, len); +\& if (x == NULL) +\& /* error */ +.Ve +.PP +Alternative technique: +.PP +.Vb 3 +\& X509 *x; +\& unsigned char *buf, *p; +\& int len; +\& +\& /* Set up buf and len to point to the input buffer. */ +\& p = buf; +\& x = NULL; +\& +\& if (d2i_X509(&x, &p, len) == NULL) +\& /* error */ +.Ve +.SH "WARNINGS" +.IX Header "WARNINGS" +Using a temporary variable is mandatory. A common +mistake is to attempt to use a buffer directly as follows: +.PP +.Vb 2 +\& int len; +\& unsigned char *buf; +\& +\& len = i2d_X509(x, NULL); +\& buf = OPENSSL_malloc(len); +\& ... +\& i2d_X509(x, &buf); +\& ... +\& OPENSSL_free(buf); +.Ve +.PP +This code will result in \fIbuf\fR apparently containing garbage because +it was incremented after the call to point after the data just written. +Also \fIbuf\fR will no longer contain the pointer allocated by \fIOPENSSL_malloc()\fR +and the subsequent call to \fIOPENSSL_free()\fR is likely to crash. +.PP +Another trap to avoid is misuse of the \fIa\fR argument to \fBd2i_\f(BI\s-1TYPE\s0\fB\fR(): +.PP +.Vb 1 +\& X509 *x; +\& +\& if (d2i_X509(&x, &p, len) == NULL) +\& /* error */ +.Ve +.PP +This will probably crash somewhere in \fId2i_X509()\fR. The reason for this +is that the variable \fIx\fR is uninitialized and an attempt will be made to +interpret its (invalid) value as an \fBX509\fR structure, typically causing +a segmentation violation. If \fIx\fR is set to \s-1NULL\s0 first then this will not +happen. +.SH "BUGS" +.IX Header "BUGS" +In some versions of OpenSSL the \*(L"reuse\*(R" behaviour of \fBd2i_\f(BI\s-1TYPE\s0\fB\fR() when +\&\fI*a\fR is valid is broken and some parts of the reused structure may +persist if they are not present in the new one. Additionally, in versions of +OpenSSL prior to 1.1.0, when the \*(L"reuse\*(R" behaviour is used and an error occurs +the behaviour is inconsistent. Some functions behaved as described here, while +some did not free \fI*a\fR on error and did not set \fI*a\fR to \s-1NULL\s0. +.PP +As a result of the above issues the \*(L"reuse\*(R" behaviour is strongly discouraged. +.PP +\&\fBi2d_\f(BI\s-1TYPE\s0\fB\fR() will not return an error in many versions of OpenSSL, +if mandatory fields are not initialized due to a programming error +then the encoded structure may contain invalid data or omit the +fields entirely and will not be parsed by \fBd2i_\f(BI\s-1TYPE\s0\fB\fR(). This may be +fixed in future so code should not assume that \fBi2d_\f(BI\s-1TYPE\s0\fB\fR() will +always succeed. +.PP +Any function which encodes a structure (\fBi2d_\f(BI\s-1TYPE\s0\fB\fR(), +\&\fBi2d_\f(BI\s-1TYPE\s0\fB\fR() or \fBi2d_\f(BI\s-1TYPE\s0\fB\fR()) may return a stale encoding if the +structure has been modified after deserialization or previous +serialization. This is because some objects cache the encoding for +efficiency reasons. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 1998\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/i2d_CMS_bio_stream.3 b/linux_amd64/ssl/share/man/man3/i2d_CMS_bio_stream.3 new file mode 100755 index 0000000..fc73af0 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/i2d_CMS_bio_stream.3 @@ -0,0 +1,173 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "I2D_CMS_BIO_STREAM 3" +.TH I2D_CMS_BIO_STREAM 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +i2d_CMS_bio_stream \- output CMS_ContentInfo structure in BER format +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *data, int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIi2d_CMS_bio_stream()\fR outputs a CMS_ContentInfo structure in \s-1BER\s0 format. +.PP +It is otherwise identical to the function \fISMIME_write_CMS()\fR. +.SH "NOTES" +.IX Header "NOTES" +This function is effectively a version of the \fIi2d_CMS_bio()\fR supporting +streaming. +.SH "BUGS" +.IX Header "BUGS" +The prefix \*(L"i2d\*(R" is arguably wrong because the function outputs \s-1BER\s0 format. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIi2d_CMS_bio_stream()\fR returns 1 for success or 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3), +\&\fICMS_verify\fR\|(3), \fICMS_encrypt\fR\|(3) +\&\fICMS_decrypt\fR\|(3), +\&\fISMIME_write_CMS\fR\|(3), +\&\fIPEM_write_bio_CMS_stream\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fIi2d_CMS_bio_stream()\fR function was added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/i2d_PKCS7_bio_stream.3 b/linux_amd64/ssl/share/man/man3/i2d_PKCS7_bio_stream.3 new file mode 100755 index 0000000..82e29eb --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/i2d_PKCS7_bio_stream.3 @@ -0,0 +1,173 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "I2D_PKCS7_BIO_STREAM 3" +.TH I2D_PKCS7_BIO_STREAM 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +i2d_PKCS7_bio_stream \- output PKCS7 structure in BER format +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *data, int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIi2d_PKCS7_bio_stream()\fR outputs a \s-1PKCS7\s0 structure in \s-1BER\s0 format. +.PP +It is otherwise identical to the function \fISMIME_write_PKCS7()\fR. +.SH "NOTES" +.IX Header "NOTES" +This function is effectively a version of the \fId2i_PKCS7_bio()\fR supporting +streaming. +.SH "BUGS" +.IX Header "BUGS" +The prefix \*(L"i2d\*(R" is arguably wrong because the function outputs \s-1BER\s0 format. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIi2d_PKCS7_bio_stream()\fR returns 1 for success or 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fIPKCS7_sign\fR\|(3), +\&\fIPKCS7_verify\fR\|(3), \fIPKCS7_encrypt\fR\|(3) +\&\fIPKCS7_decrypt\fR\|(3), +\&\fISMIME_write_PKCS7\fR\|(3), +\&\fIPEM_write_bio_PKCS7_stream\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fIi2d_PKCS7_bio_stream()\fR function was added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/i2d_re_X509_tbs.3 b/linux_amd64/ssl/share/man/man3/i2d_re_X509_tbs.3 new file mode 100755 index 0000000..068da33 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/i2d_re_X509_tbs.3 @@ -0,0 +1,211 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "I2D_RE_X509_TBS 3" +.TH I2D_RE_X509_TBS 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +d2i_X509_AUX, i2d_X509_AUX, +i2d_re_X509_tbs, i2d_re_X509_CRL_tbs, i2d_re_X509_REQ_tbs +\&\- X509 encode and decode functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& X509 *d2i_X509_AUX(X509 **px, const unsigned char **in, long len); +\& int i2d_X509_AUX(X509 *x, unsigned char **out); +\& int i2d_re_X509_tbs(X509 *x, unsigned char **out); +\& int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **pp); +\& int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The X509 encode and decode routines encode and parse an +\&\fBX509\fR structure, which represents an X509 certificate. +.PP +\&\fId2i_X509_AUX()\fR is similar to \fId2i_X509\fR\|(3) but the input is expected to +consist of an X509 certificate followed by auxiliary trust information. +This is used by the \s-1PEM\s0 routines to read \*(L"\s-1TRUSTED\s0 \s-1CERTIFICATE\s0\*(R" objects. +This function should not be called on untrusted input. +.PP +\&\fIi2d_X509_AUX()\fR is similar to \fIi2d_X509\fR\|(3), but the encoded output +contains both the certificate and any auxiliary trust information. +This is used by the \s-1PEM\s0 routines to write \*(L"\s-1TRUSTED\s0 \s-1CERTIFICATE\s0\*(R" objects. +Note that this is a non-standard OpenSSL-specific data format. +.PP +\&\fIi2d_re_X509_tbs()\fR is similar to \fIi2d_X509\fR\|(3) except it encodes only +the TBSCertificate portion of the certificate. \fIi2d_re_X509_CRL_tbs()\fR +and \fIi2d_re_X509_REQ_tbs()\fR are analogous for \s-1CRL\s0 and certificate request, +respectively. The \*(L"re\*(R" in \fBi2d_re_X509_tbs\fR stands for \*(L"re-encode\*(R", +and ensures that a fresh encoding is generated in case the object has been +modified after creation (see the \s-1BUGS\s0 section). +.PP +The encoding of the TBSCertificate portion of a certificate is cached +in the \fBX509\fR structure internally to improve encoding performance +and to ensure certificate signatures are verified correctly in some +certificates with broken (non-DER) encodings. +.PP +If, after modification, the \fBX509\fR object is re-signed with \fIX509_sign()\fR, +the encoding is automatically renewed. Otherwise, the encoding of the +TBSCertificate portion of the \fBX509\fR can be manually renewed by calling +\&\fIi2d_re_X509_tbs()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fId2i_X509_AUX()\fR returns a valid \fBX509\fR structure or \s-1NULL\s0 if an error occurred. +.PP +\&\fIi2d_X509_AUX()\fR returns the length of encoded data or \-1 on error. +.PP +\&\fIi2d_re_X509_tbs()\fR, \fIi2d_re_X509_CRL_tbs()\fR and \fIi2d_re_X509_REQ_tbs()\fR return the +length of encoded data or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3) +\&\fIX509_CRL_get0_by_serial\fR\|(3), +\&\fIX509_get0_signature\fR\|(3), +\&\fIX509_get_ext_d2i\fR\|(3), +\&\fIX509_get_extension_flags\fR\|(3), +\&\fIX509_get_pubkey\fR\|(3), +\&\fIX509_get_subject_name\fR\|(3), +\&\fIX509_get_version\fR\|(3), +\&\fIX509_NAME_add_entry_by_txt\fR\|(3), +\&\fIX509_NAME_ENTRY_get_object\fR\|(3), +\&\fIX509_NAME_get_index_by_NID\fR\|(3), +\&\fIX509_NAME_print_ex\fR\|(3), +\&\fIX509_new\fR\|(3), +\&\fIX509_sign\fR\|(3), +\&\fIX509V3_get_d2i\fR\|(3), +\&\fIX509_verify_cert\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/o2i_SCT_LIST.3 b/linux_amd64/ssl/share/man/man3/o2i_SCT_LIST.3 new file mode 100755 index 0000000..5ea5f66 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/o2i_SCT_LIST.3 @@ -0,0 +1,171 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "O2I_SCT_LIST 3" +.TH O2I_SCT_LIST 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +o2i_SCT_LIST, i2o_SCT_LIST, o2i_SCT, i2o_SCT \- +decode and encode Signed Certificate Timestamp lists in TLS wire format +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& STACK_OF(SCT) *o2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, +\& size_t len); +\& int i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp); +\& SCT *o2i_SCT(SCT **psct, const unsigned char **in, size_t len); +\& int i2o_SCT(const SCT *sct, unsigned char **out); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1SCT_LIST\s0 and \s-1SCT\s0 functions are very similar to the i2d and d2i family of +functions, except that they convert to and from \s-1TLS\s0 wire format, as described in +\&\s-1RFC\s0 6962. See \fId2i_SCT_LIST\fR\|(3) for more information about how the parameters are +treated and the return values. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All of the functions have return values consistent with those stated for +\&\fId2i_SCT_LIST\fR\|(3) and \fIi2d_SCT_LIST\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIct\fR\|(7), +\&\fId2i_SCT_LIST\fR\|(3), +\&\fIi2d_SCT_LIST\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man3/s2i_ASN1_IA5STRING.3 b/linux_amd64/ssl/share/man/man3/s2i_ASN1_IA5STRING.3 new file mode 100755 index 0000000..2380a96 --- /dev/null +++ b/linux_amd64/ssl/share/man/man3/s2i_ASN1_IA5STRING.3 @@ -0,0 +1,203 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "S2I_ASN1_IA5STRING 3" +.TH S2I_ASN1_IA5STRING 3 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +i2s_ASN1_IA5STRING, +s2i_ASN1_IA5STRING, +i2s_ASN1_INTEGER, +s2i_ASN1_INTEGER, +i2s_ASN1_OCTET_STRING, +s2i_ASN1_OCTET_STRING, +i2s_ASN1_ENUMERATED, +i2s_ASN1_ENUMERATED_TABLE, +\&\- convert objects from/to ASN.1/string representation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 12 +\& char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5); +\& ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, +\& X509V3_CTX *ctx, const char *str); +\& char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, const ASN1_INTEGER *a); +\& ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, const char *value); +\& char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, +\& const ASN1_OCTET_STRING *oct); +\& ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, +\& X509V3_CTX *ctx, const char *str); +\& char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *method, const ASN1_ENUMERATED *a); +\& char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method, +\& const ASN1_ENUMERATED *e); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions convert OpenSSL objects to and from their \s-1ASN\s0.1/string +representation. This function is used for \fBX509v3\fR extentions. +.SH "NOTES" +.IX Header "NOTES" +The letters \fBi\fR and \fBs\fR in \fBi2s_ASN1_IA5STRING\fR() stand for +\&\*(L"internal\*(R" (that is, an internal C structure) and string respectively. +So \fBi2s_ASN1_IA5STRING\fR() converts from internal to string. +.PP +It is the caller's responsibility to free the returned string. +In the \fBi2s_ASN1_IA5STRING\fR() function the string is copied and +the ownership of the original string remains with the caller. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBi2s_ASN1_IA5STRING\fR() returns the pointer to a \s-1IA5\s0 string +or \s-1NULL\s0 if an error occurs. +.PP +\&\fBs2i_ASN1_IA5STRING\fR() return a valid +\&\fB\s-1ASN1_IA5STRING\s0\fR structure or \s-1NULL\s0 if an error occurs. +.PP +\&\fBi2s_ASN1_INTEGER\fR() return a valid +string or \s-1NULL\s0 if an error occurs. +.PP +\&\fBs2i_ASN1_INTEGER\fR() returns the pointer to a \fB\s-1ASN1_INTEGER\s0\fR +structure or \s-1NULL\s0 if an error occurs. +.PP +\&\fBi2s_ASN1_OCTET_STRING\fR() returns the pointer to a \s-1OCTET_STRING\s0 string +or \s-1NULL\s0 if an error occurs. +.PP +\&\fBs2i_ASN1_OCTET_STRING\fR() return a valid +\&\fB\s-1ASN1_OCTET_STRING\s0\fR structure or \s-1NULL\s0 if an error occurs. +.PP +\&\fBi2s_ASN1_ENUMERATED\fR() return a valid +string or \s-1NULL\s0 if an error occurs. +.PP +\&\fBs2i_ASN1_ENUMERATED\fR() returns the pointer to a \fB\s-1ASN1_ENUMERATED\s0\fR +structure or \s-1NULL\s0 if an error occurs. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man5/config.5 b/linux_amd64/ssl/share/man/man5/config.5 new file mode 100755 index 0000000..e345326 --- /dev/null +++ b/linux_amd64/ssl/share/man/man5/config.5 @@ -0,0 +1,715 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CONFIG 5" +.TH CONFIG 5 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +config \- OpenSSL CONF library configuration files +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The OpenSSL \s-1CONF\s0 library can be used to read configuration files. +It is used for the OpenSSL master configuration file \fBopenssl.cnf\fR +and in a few other places like \fB\s-1SPKAC\s0\fR files and certificate extension +files for the \fBx509\fR utility. OpenSSL applications can also use the +\&\s-1CONF\s0 library for their own purposes. +.PP +A configuration file is divided into a number of sections. Each section +starts with a line \f(CW\*(C`[section_name]\*(C'\fR and ends when a new section is +started or end of file is reached. A section name can consist of +alphanumeric characters and underscores. The brackets are required. +.PP +The first section of a configuration file is special and is referred +to as the \fBdefault\fR section. This section is usually unnamed and spans from the +start of file until the first named section. When a name is being looked up +it is first looked up in a named section (if any) and then the +default section. +.PP +The environment is mapped onto a section called \fB\s-1ENV\s0\fR. +.PP +Comments can be included by preceding them with the \fB#\fR character +.PP +Other files can be included using the \fB.include\fR directive followed +by a path. If the path points to a directory all files with +names ending with \fB.cnf\fR or \fB.conf\fR are included from the directory. +Recursive inclusion of directories from files in such directory is not +supported. That means the files in the included directory can also contain +\&\fB.include\fR directives but only inclusion of regular files is supported +there. The inclusion of directories is not supported on systems without +\&\s-1POSIX\s0 \s-1IO\s0 support. +.PP +It is strongly recommended to use absolute paths with the \fB.include\fR +directive. Relative paths are evaluated based on the application current +working directory so unless the configuration file containing the +\&\fB.include\fR directive is application specific the inclusion will not +work as expected. The environment variable \fB\s-1OPENSSL_CONF_INCLUDE\s0\fR can also be +used to specify the path to prepend to all .include paths. +.PP +There can be optional \fB=\fR character and whitespace characters between +\&\fB.include\fR directive and the path which can be useful in cases the +configuration file needs to be loaded by old OpenSSL versions which do +not support the \fB.include\fR syntax. They would bail out with error +if the \fB=\fR character is not present but with it they just ignore +the include. +.PP +Pragmas can be specified with the \fB.pragma\fR directive. +See \*(L"\s-1PRAGMAS\s0\*(R" for more information. +.PP +Each section in a configuration file consists of a number of name and +value pairs of the form \fBname=value\fR +.PP +The \fBname\fR string can contain any alphanumeric characters as well as +a few punctuation symbols such as \fB.\fR \fB,\fR \fB;\fR and \fB_\fR. +.PP +The \fBvalue\fR string consists of the string following the \fB=\fR character +until end of line with any leading and trailing white space removed. +.PP +The value string undergoes variable expansion. This can be done by +including the form \fB\f(CB$var\fB\fR or \fB${var}\fR: this will substitute the value +of the named variable in the current section. It is also possible to +substitute a value from another section using the syntax \fB\f(CB$section::name\fB\fR +or \fB${section::name}\fR. By using the form \fB\f(CB$ENV::name\fB\fR environment +variables can be substituted. It is also possible to assign values to +environment variables by using the name \fBENV::name\fR, this will work +if the program looks up environment variables using the \fB\s-1CONF\s0\fR library +instead of calling \fIgetenv()\fR directly. The value string must not exceed 64k in +length after variable expansion. Otherwise an error will occur. +.PP +It is possible to escape certain characters by using any kind of quote +or the \fB\e\fR character. By making the last character of a line a \fB\e\fR +a \fBvalue\fR string can be spread across multiple lines. In addition +the sequences \fB\en\fR, \fB\er\fR, \fB\eb\fR and \fB\et\fR are recognized. +.PP +All expansion and escape rules as described above that apply to \fBvalue\fR +also apply to the path of the \fB.include\fR directive. +.SH "PRAGMAS" +.IX Header "PRAGMAS" +Pragmas can be used to change the behavior of the configuration file +parser, among others. Currently supported pragmas are: +.IP "\fB.pragma\fR \fBdollarid\fR:\fIvalue\fR" 4 +.IX Item ".pragma dollarid:value" +\&\fIvalue\fR can be one of: +.RS 4 +.ie n .IP "\fB""on""\fR or \fB""true""\fR" 4 +.el .IP "\fB``on''\fR or \fB``true''\fR" 4 +.IX Item "on or true" +this signifies that dollar signs are considered an identity character +from this point on and that variable expansion requires the use of +braces or parentheses. In other words, \f(CW\*(C`foo$bar\*(C'\fR will be considered +a name instead of \f(CW\*(C`foo\*(C'\fR followed by the expansion of the variable +\&\f(CW\*(C`bar\*(C'\fR. +This is suitable for platforms where the dollar sign is commonly used +as part of names. +.ie n .IP "\fB""off""\fR or \fB""false""\fR" 4 +.el .IP "\fB``off''\fR or \fB``false''\fR" 4 +.IX Item "off or false" +Turns this pragma off, i.e. \f(CW\*(C`foo$bar\*(C'\fR will be interpreted as \f(CW\*(C`foo\*(C'\fR +followed by the expansion of the variable \f(CW\*(C`bar\*(C'\fR. +.RE +.RS 4 +.Sp +By default, this pragma is turned off. +.RE +.SH "OPENSSL LIBRARY CONFIGURATION" +.IX Header "OPENSSL LIBRARY CONFIGURATION" +Applications can automatically configure certain +aspects of OpenSSL using the master OpenSSL configuration file, or optionally +an alternative configuration file. The \fBopenssl\fR utility includes this +functionality: any sub command uses the master OpenSSL configuration file +unless an option is used in the sub command to use an alternative configuration +file. +.PP +To enable library configuration the default section needs to contain an +appropriate line which points to the main configuration section. The default +name is \fBopenssl_conf\fR which is used by the \fBopenssl\fR utility. Other +applications may use an alternative name such as \fBmyapplication_conf\fR. +All library configuration lines appear in the default section at the start +of the configuration file. +.PP +The configuration section should consist of a set of name value pairs which +contain specific module configuration information. The \fBname\fR represents +the name of the \fIconfiguration module\fR. The meaning of the \fBvalue\fR is +module specific: it may, for example, represent a further configuration +section containing configuration module specific information. E.g.: +.PP +.Vb 2 +\& # This must be in the default section +\& openssl_conf = openssl_init +\& +\& [openssl_init] +\& +\& oid_section = new_oids +\& engines = engine_section +\& providers = provider_section +\& +\& [new_oids] +\& +\& ... new oids here ... +\& +\& [engine_section] +\& +\& ... engine stuff here ... +\& +\& [provider_section] +\& +\& ... provider stuff here ... +.Ve +.PP +The features of each configuration module are described below. +.SS "\s-1ASN1\s0 Object Configuration Module" +.IX Subsection "ASN1 Object Configuration Module" +This module has the name \fBoid_section\fR. The value of this variable points +to a section containing name value pairs of OIDs: the name is the \s-1OID\s0 short +and long name, the value is the numerical form of the \s-1OID\s0. Although some of +the \fBopenssl\fR utility sub commands already have their own \s-1ASN1\s0 \s-1OBJECT\s0 section +functionality not all do. By using the \s-1ASN1\s0 \s-1OBJECT\s0 configuration module +\&\fBall\fR the \fBopenssl\fR utility sub commands can see the new objects as well +as any compliant applications. For example: +.PP +.Vb 1 +\& [new_oids] +\& +\& some_new_oid = 1.2.3.4 +\& some_other_oid = 1.2.3.5 +.Ve +.PP +It is also possible to set the value to the long name followed +by a comma and the numerical \s-1OID\s0 form. For example: +.PP +.Vb 1 +\& shortName = some object long name, 1.2.3.4 +.Ve +.SS "Engine Configuration Module" +.IX Subsection "Engine Configuration Module" +This \s-1ENGINE\s0 configuration module has the name \fBengines\fR. The value of this +variable points to a section containing further \s-1ENGINE\s0 configuration +information. +.PP +The section pointed to by \fBengines\fR is a table of engine names (though see +\&\fBengine_id\fR below) and further sections containing configuration information +specific to each \s-1ENGINE\s0. +.PP +Each \s-1ENGINE\s0 specific section is used to set default algorithms, load +dynamic, perform initialization and send ctrls. The actual operation performed +depends on the \fIcommand\fR name which is the name of the name value pair. The +currently supported commands are listed below. +.PP +For example: +.PP +.Vb 1 +\& [engine_section] +\& +\& # Configure ENGINE named "foo" +\& foo = foo_section +\& # Configure ENGINE named "bar" +\& bar = bar_section +\& +\& [foo_section] +\& ... foo ENGINE specific commands ... +\& +\& [bar_section] +\& ... "bar" ENGINE specific commands ... +.Ve +.PP +The command \fBengine_id\fR is used to give the \s-1ENGINE\s0 name. If used this +command must be first. For example: +.PP +.Vb 3 +\& [engine_section] +\& # This would normally handle an ENGINE named "foo" +\& foo = foo_section +\& +\& [foo_section] +\& # Override default name and use "myfoo" instead. +\& engine_id = myfoo +.Ve +.PP +The command \fBdynamic_path\fR loads and adds an \s-1ENGINE\s0 from the given path. It +is equivalent to sending the ctrls \fB\s-1SO_PATH\s0\fR with the path argument followed +by \fB\s-1LIST_ADD\s0\fR with value 2 and \fB\s-1LOAD\s0\fR to the dynamic \s-1ENGINE\s0. If this is +not the required behaviour then alternative ctrls can be sent directly +to the dynamic \s-1ENGINE\s0 using ctrl commands. +.PP +The command \fBinit\fR determines whether to initialize the \s-1ENGINE\s0. If the value +is \fB0\fR the \s-1ENGINE\s0 will not be initialized, if \fB1\fR and attempt it made to +initialized the \s-1ENGINE\s0 immediately. If the \fBinit\fR command is not present +then an attempt will be made to initialize the \s-1ENGINE\s0 after all commands in +its section have been processed. +.PP +The command \fBdefault_algorithms\fR sets the default algorithms an \s-1ENGINE\s0 will +supply using the functions \fIENGINE_set_default_string()\fR. +.PP +If the name matches none of the above command names it is assumed to be a +ctrl command which is sent to the \s-1ENGINE\s0. The value of the command is the +argument to the ctrl command. If the value is the string \fB\s-1EMPTY\s0\fR then no +value is sent to the command. +.PP +For example: +.PP +.Vb 1 +\& [engine_section] +\& +\& # Configure ENGINE named "foo" +\& foo = foo_section +\& +\& [foo_section] +\& # Load engine from DSO +\& dynamic_path = /some/path/fooengine.so +\& # A foo specific ctrl. +\& some_ctrl = some_value +\& # Another ctrl that doesn\*(Aqt take a value. +\& other_ctrl = EMPTY +\& # Supply all default algorithms +\& default_algorithms = ALL +.Ve +.SS "Provider Configuration Module" +.IX Subsection "Provider Configuration Module" +This provider configuration module has the name \fBproviders\fR. The +value of this variable points to a section containing further provider +configuration information. +.PP +The section pointed to by \fBproviders\fR is a table of provider names +(though see \fBidentity\fR below) and further sections containing +configuration information specific to each provider module. +.PP +Each provider specific section is used to load its module, perform +activation and set parameters to pass to the provider on demand. The +actual operation performed depends on the name of the name value pair. +The currently supported commands are listed below. +.PP +For example: +.PP +.Vb 1 +\& [provider_section] +\& +\& # Configure provider named "foo" +\& foo = foo_section +\& # Configure provider named "bar" +\& bar = bar_section +\& +\& [foo_section] +\& ... "foo" provider specific parameters ... +\& +\& [bar_section] +\& ... "bar" provider specific parameters ... +.Ve +.PP +The command \fBidentity\fR is used to give the provider name. For example: +.PP +.Vb 3 +\& [provider_section] +\& # This would normally handle a provider named "foo" +\& foo = foo_section +\& +\& [foo_section] +\& # Override default name and use "myfoo" instead. +\& identity = myfoo +.Ve +.PP +The parameter \fBmodule\fR loads and adds a provider module from the +given module path. That path may be a simple filename, a relative +path or an absolute path. +.PP +The parameter \fBactivate\fR determines whether to activate the +provider. The value has no importance, the presence of the parameter +is enough for activation to take place. +.PP +All parameters in the section as well as sub-sections are made +available to the provider. +.SS "\s-1EVP\s0 Configuration Module" +.IX Subsection "EVP Configuration Module" +This module has the name \fBalg_section\fR which points to a section containing +algorithm commands. +.PP +The supported algorithm commands are: +.IP "\fBdefault_properties\fR" 4 +.IX Item "default_properties" +The value may be anything that is acceptable as a property query +string for \fIEVP_set_default_properties()\fR. +.IP "\fBfips_mode\fR (deprecated)" 4 +.IX Item "fips_mode (deprecated)" +The value is a boolean that can be \fByes\fR or \fBno\fR. If the value is +\&\fByes\fR, this is exactly equivalent to: +.Sp +.Vb 1 +\& default_properties = fips=yes +.Ve +.Sp +If the value is \fBno\fR, nothing happens. +.PP +These two commands should not be used together, as there is no control +over how they affect each other. +The use of \fBfips_mode\fR is strongly discouraged and is only present +for backward compatibility with earlier OpenSSL \s-1FIPS\s0 modules. +.SS "\s-1SSL\s0 Configuration Module" +.IX Subsection "SSL Configuration Module" +This module has the name \fBssl_conf\fR which points to a section containing +\&\s-1SSL\s0 configurations. +.PP +Each line in the \s-1SSL\s0 configuration section contains the name of the +configuration and the section containing it. +.PP +Each configuration section consists of command value pairs for \fB\s-1SSL_CONF\s0\fR. +Each pair will be passed to a \fB\s-1SSL_CTX\s0\fR or \fB\s-1SSL\s0\fR structure if it calls +\&\fISSL_CTX_config()\fR or \fISSL_config()\fR with the appropriate configuration name. +.PP +Note: any characters before an initial dot in the configuration section are +ignored so the same command can be used multiple times. +.PP +For example: +.PP +.Vb 1 +\& ssl_conf = ssl_sect +\& +\& [ssl_sect] +\& +\& server = server_section +\& +\& [server_section] +\& +\& RSA.Certificate = server\-rsa.pem +\& ECDSA.Certificate = server\-ecdsa.pem +\& Ciphers = ALL:!RC4 +.Ve +.PP +The system default configuration with name \fBsystem_default\fR if present will +be applied during any creation of the \fB\s-1SSL_CTX\s0\fR structure. +.PP +Example of a configuration with the system default: +.PP +.Vb 1 +\& ssl_conf = ssl_sect +\& +\& [ssl_sect] +\& +\& system_default = system_default_sect +\& +\& [system_default_sect] +\& +\& MinProtocol = TLSv1.2 +.Ve +.SH "NOTES" +.IX Header "NOTES" +If a configuration file attempts to expand a variable that doesn't exist +then an error is flagged and the file will not load. This can happen +if an attempt is made to expand an environment variable that doesn't +exist. For example in a previous version of OpenSSL the default OpenSSL +master configuration file used the value of \fB\s-1HOME\s0\fR which may not be +defined on non Unix systems and would cause an error. +.PP +This can be worked around by including a \fBdefault\fR section to provide +a default value: then if the environment lookup fails the default value +will be used instead. For this to work properly the default value must +be defined earlier in the configuration file than the expansion. See +the \fB\s-1EXAMPLES\s0\fR section for an example of how to do this. +.PP +If the same variable exists in the same section then all but the last +value will be silently ignored. In certain circumstances such as with +DNs the same field may occur multiple times. This is usually worked +around by ignoring any characters before an initial \fB.\fR e.g. +.PP +.Vb 2 +\& 1.OU="My first OU" +\& 2.OU="My Second OU" +.Ve +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Here is a sample configuration file using some of the features +mentioned above. +.PP +.Vb 1 +\& # This is the default section. +\& +\& HOME=/temp +\& configdir=$ENV::HOME/config +\& +\& [ section_one ] +\& +\& # We are now in section one. +\& +\& # Quotes permit leading and trailing whitespace +\& any = " any variable name " +\& +\& other = A string that can \e +\& cover several lines \e +\& by including \e\e characters +\& +\& message = Hello World\en +\& +\& [ section_two ] +\& +\& greeting = $section_one::message +.Ve +.PP +This next example shows how to expand environment variables safely. +.PP +Suppose you want a variable called \fBtmpfile\fR to refer to a +temporary filename. The directory it is placed in can determined by +the \fB\s-1TEMP\s0\fR or \fB\s-1TMP\s0\fR environment variables but they may not be +set to any value at all. If you just include the environment variable +names and the variable doesn't exist then this will cause an error when +an attempt is made to load the configuration file. By making use of the +default section both values can be looked up with \fB\s-1TEMP\s0\fR taking +priority and \fB/tmp\fR used if neither is defined: +.PP +.Vb 5 +\& TMP=/tmp +\& # The above value is used if TMP isn\*(Aqt in the environment +\& TEMP=$ENV::TMP +\& # The above value is used if TEMP isn\*(Aqt in the environment +\& tmpfile=${ENV::TEMP}/tmp.filename +.Ve +.PP +Simple OpenSSL library configuration example to enter \s-1FIPS\s0 mode: +.PP +.Vb 3 +\& # Default appname: should match "appname" parameter (if any) +\& # supplied to CONF_modules_load_file et al. +\& openssl_conf = openssl_conf_section +\& +\& [openssl_conf_section] +\& # Configuration module list +\& alg_section = evp_sect +\& +\& [evp_sect] +\& # Set to "yes" to enter FIPS mode if supported +\& fips_mode = yes +.Ve +.PP +Note: in the above example you will get an error in non \s-1FIPS\s0 capable versions +of OpenSSL. +.PP +Simple OpenSSL library configuration to make \s-1TLS\s0 1.3 the system-default +minimum \s-1TLS\s0 version: +.PP +.Vb 2 +\& # Toplevel section for openssl (including libssl) +\& openssl_conf = default_conf_section +\& +\& [default_conf_section] +\& # We only specify configuration for the "ssl module" +\& ssl_conf = ssl_section +\& +\& [ssl_section] +\& system_default = system_default_section +\& +\& [system_default_section] +\& MinProtocol = TLSv1.3 +.Ve +.PP +More complex OpenSSL library configuration. Add \s-1OID\s0 and don't enter \s-1FIPS\s0 mode: +.PP +.Vb 3 +\& # Default appname: should match "appname" parameter (if any) +\& # supplied to CONF_modules_load_file et al. +\& openssl_conf = openssl_conf_section +\& +\& [openssl_conf_section] +\& # Configuration module list +\& alg_section = evp_sect +\& oid_section = new_oids +\& +\& [evp_sect] +\& # This will have no effect as FIPS mode is off by default. +\& # Set to "yes" to enter FIPS mode, if supported +\& fips_mode = no +\& +\& [new_oids] +\& # New OID, just short name +\& newoid1 = 1.2.3.4.1 +\& # New OID shortname and long name +\& newoid2 = New OID 2 long name, 1.2.3.4.2 +.Ve +.PP +The above examples can be used with any application supporting library +configuration if \*(L"openssl_conf\*(R" is modified to match the appropriate \*(L"appname\*(R". +.PP +For example if the second sample file above is saved to \*(L"example.cnf\*(R" then +the command line: +.PP +.Vb 1 +\& OPENSSL_CONF=example.cnf openssl asn1parse \-genstr OID:1.2.3.4.1 +.Ve +.PP +will output: +.PP +.Vb 1 +\& 0:d=0 hl=2 l= 4 prim: OBJECT :newoid1 +.Ve +.PP +showing that the \s-1OID\s0 \*(L"newoid1\*(R" has been added as \*(L"1.2.3.4.1\*(R". +.SH "ENVIRONMENT" +.IX Header "ENVIRONMENT" +.IP "\fB\s-1OPENSSL_CONF\s0\fR" 4 +.IX Item "OPENSSL_CONF" +The path to the config file. +Ignored in set-user-ID and set-group-ID programs. +.IP "\fB\s-1OPENSSL_ENGINES\s0\fR" 4 +.IX Item "OPENSSL_ENGINES" +The path to the engines directory. +Ignored in set-user-ID and set-group-ID programs. +.IP "\fB\s-1OPENSSL_MODULES\s0\fR" 4 +.IX Item "OPENSSL_MODULES" +The path to the directory with OpenSSL modules, such as providers. +Ignored in set-user-ID and set-group-ID programs. +.IP "\fB\s-1OPENSSL_CONF_INCLUDE\s0\fR" 4 +.IX Item "OPENSSL_CONF_INCLUDE" +The optional path to prepend to all .include paths. +.SH "BUGS" +.IX Header "BUGS" +Currently there is no way to include characters using the octal \fB\ennn\fR +form. Strings are all null terminated so nulls cannot form part of +the value. +.PP +The escaping isn't quite right: if you want to use sequences like \fB\en\fR +you can't use any quote escaping on the same line. +.PP +Files are loaded in a single pass. This means that an variable expansion +will only work if the variables referenced are defined earlier in the +file. +.SH "HISTORY" +.IX Header "HISTORY" +An undocumented \s-1API\s0, \s-1\fINCONF_WIN32\s0()\fR, used a slightly different set +of parsing rules there were intended to be tailored to +the Microsoft Windows platform. +Specifically, the backslash character was not an escape character and +could be used in pathnames, only the double-quote character was recognized, +and comments began with a semi-colon. +This function was deprecated in OpenSSL 3.0; applications with +configuration files using that syntax will have to be modified. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\-x509\fR\|(1), \fIopenssl\-req\fR\|(1), \fIopenssl\-ca\fR\|(1), \fIfips_config\fR\|(5) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man5/fips_config.5 b/linux_amd64/ssl/share/man/man5/fips_config.5 new file mode 100755 index 0000000..593da88 --- /dev/null +++ b/linux_amd64/ssl/share/man/man5/fips_config.5 @@ -0,0 +1,185 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "FIPS_CONFIG 5" +.TH FIPS_CONFIG 5 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +fips_config \- OpenSSL FIPS configuration +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A separate configuration file containing data related to \s-1FIPS\s0 'self tests' is +written to during installation time. +This data is used for 2 purposes when the fips module is loaded: +.IP "\- Verify the module's checksum each time the fips module loads." 4 +.IX Item "- Verify the module's checksum each time the fips module loads." +.PD 0 +.IP "\- Run the startup \s-1FIPS\s0 self test \s-1KATS\s0 (known answer tests). This only needs to be run once during installation." 4 +.IX Item "- Run the startup FIPS self test KATS (known answer tests). This only needs to be run once during installation." +.PD +.PP +The supported options are: +.IP "\fBmodule-checksum\fR" 4 +.IX Item "module-checksum" +The calculated \s-1MAC\s0 of the module file +.IP "\fBinstall-version\fR" 4 +.IX Item "install-version" +A version number for the fips install process. Should be 1. +.IP "\fBinstall-status\fR" 4 +.IX Item "install-status" +The install status indicator description that will be verified. +If this field is not present the \s-1FIPS\s0 self tests will run when the fips module +loads. +This value should only be written to after the \s-1FIPS\s0 module has +successfully passed its self tests during installation. +.IP "\fBinstall-checksum\fR" 4 +.IX Item "install-checksum" +The calculated \s-1MAC\s0 of the install status indicator. +It is initially empty and is written to at the same time as the install_status. +.PP +For example: +.PP +.Vb 1 +\& [fips_install] +\& +\& install\-version = 1 +\& module\-checksum = 41:D0:FA:C2:5D:41:75:CD:7D:C3:90:55:6F:A4:DC +\& install\-checksum = FE:10:13:5A:D3:B4:C7:82:1B:1E:17:4C:AC:84:0C +\& install\-status = INSTALL_SELF_TEST_KATS_RUN +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIconfig\fR\|(5) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man5/x509v3_config.5 b/linux_amd64/ssl/share/man/man5/x509v3_config.5 new file mode 100755 index 0000000..43f7513 --- /dev/null +++ b/linux_amd64/ssl/share/man/man5/x509v3_config.5 @@ -0,0 +1,695 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509V3_CONFIG 5" +.TH X509V3_CONFIG 5 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +x509v3_config \- X509 V3 certificate extension configuration format +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Several of the OpenSSL utilities can add extensions to a certificate or +certificate request based on the contents of a configuration file. +.PP +Typically the application will contain an option to point to an extension +section. Each line of the extension section takes the form: +.PP +.Vb 1 +\& extension_name=[critical,] extension_options +.Ve +.PP +If \fBcritical\fR is present then the extension will be critical. +.PP +The format of \fBextension_options\fR depends on the value of \fBextension_name\fR. +.PP +There are four main types of extension: \fIstring\fR extensions, \fImulti-valued\fR +extensions, \fIraw\fR and \fIarbitrary\fR extensions. +.PP +String extensions simply have a string which contains either the value itself +or how it is obtained. +.PP +For example: +.PP +.Vb 1 +\& nsComment="This is a Comment" +.Ve +.PP +Multi-valued extensions have a short form and a long form. The short form +is a list of names and values: +.PP +.Vb 1 +\& basicConstraints=critical,CA:true,pathlen:1 +.Ve +.PP +The long form allows the values to be placed in a separate section: +.PP +.Vb 1 +\& basicConstraints=critical,@bs_section +\& +\& [bs_section] +\& +\& CA=true +\& pathlen=1 +.Ve +.PP +Both forms are equivalent. +.PP +The syntax of raw extensions is governed by the extension code: it can +for example contain data in multiple sections. The correct syntax to +use is defined by the extension code itself: check out the certificate +policies extension for an example. +.PP +If an extension type is unsupported then the \fIarbitrary\fR extension syntax +must be used, see the \*(L"\s-1ARBITRARY\s0 \s-1EXTENSIONS\s0\*(R" section for more details. +.SH "STANDARD EXTENSIONS" +.IX Header "STANDARD EXTENSIONS" +The following sections describe each supported extension in detail. +.SS "Basic Constraints" +.IX Subsection "Basic Constraints" +This is a multi valued extension which indicates whether a certificate is +a \s-1CA\s0 certificate. The first (mandatory) name is \fB\s-1CA\s0\fR followed by \fB\s-1TRUE\s0\fR or +\&\fB\s-1FALSE\s0\fR. If \fB\s-1CA\s0\fR is \fB\s-1TRUE\s0\fR then an optional \fBpathlen\fR name followed by a +non-negative value can be included. +.PP +For example: +.PP +.Vb 1 +\& basicConstraints=CA:TRUE +\& +\& basicConstraints=CA:FALSE +\& +\& basicConstraints=critical,CA:TRUE, pathlen:0 +.Ve +.PP +A \s-1CA\s0 certificate \fBmust\fR include the basicConstraints value with the \s-1CA\s0 field +set to \s-1TRUE\s0. An end user certificate must either set \s-1CA\s0 to \s-1FALSE\s0 or exclude the +extension entirely. Some software may require the inclusion of basicConstraints +with \s-1CA\s0 set to \s-1FALSE\s0 for end entity certificates. +.PP +The pathlen parameter indicates the maximum number of CAs that can appear +below this one in a chain. So if you have a \s-1CA\s0 with a pathlen of zero it can +only be used to sign end user certificates and not further CAs. +.SS "Key Usage" +.IX Subsection "Key Usage" +Key usage is a multi valued extension consisting of a list of names of the +permitted key usages. +.PP +The supported names are: digitalSignature, nonRepudiation, keyEncipherment, +dataEncipherment, keyAgreement, keyCertSign, cRLSign, encipherOnly +and decipherOnly. +.PP +Examples: +.PP +.Vb 1 +\& keyUsage=digitalSignature, nonRepudiation +\& +\& keyUsage=critical, keyCertSign +.Ve +.SS "Extended Key Usage" +.IX Subsection "Extended Key Usage" +This extensions consists of a list of usages indicating purposes for which +the certificate public key can be used for, +.PP +These can either be object short names or the dotted numerical form of OIDs. +While any \s-1OID\s0 can be used only certain values make sense. In particular the +following \s-1PKIX\s0, \s-1NS\s0 and \s-1MS\s0 values are meaningful: +.PP +.Vb 10 +\& Value Meaning +\& \-\-\-\-\- \-\-\-\-\-\-\- +\& serverAuth SSL/TLS Web Server Authentication. +\& clientAuth SSL/TLS Web Client Authentication. +\& codeSigning Code signing. +\& emailProtection E\-mail Protection (S/MIME). +\& timeStamping Trusted Timestamping +\& OCSPSigning OCSP Signing +\& ipsecIKE ipsec Internet Key Exchange +\& msCodeInd Microsoft Individual Code Signing (authenticode) +\& msCodeCom Microsoft Commercial Code Signing (authenticode) +\& msCTLSign Microsoft Trust List Signing +\& msEFS Microsoft Encrypted File System +.Ve +.PP +Examples: +.PP +.Vb 2 +\& extendedKeyUsage=critical,codeSigning,1.2.3.4 +\& extendedKeyUsage=serverAuth,clientAuth +.Ve +.SS "Subject Key Identifier" +.IX Subsection "Subject Key Identifier" +This is really a string extension and can take two possible values. Either +the word \fBhash\fR which will automatically follow the guidelines in \s-1RFC3280\s0 +or a hex string giving the extension value to include. The use of the hex +string is strongly discouraged. +.PP +Example: +.PP +.Vb 1 +\& subjectKeyIdentifier=hash +.Ve +.SS "Authority Key Identifier" +.IX Subsection "Authority Key Identifier" +The authority key identifier extension permits two options. keyid and issuer: +both can take the optional value \*(L"always\*(R". +.PP +If the keyid option is present an attempt is made to copy the subject key +identifier from the parent certificate. If the value \*(L"always\*(R" is present +then an error is returned if the option fails. +.PP +The issuer option copies the issuer and serial number from the issuer +certificate. This will only be done if the keyid option fails or +is not included unless the \*(L"always\*(R" flag will always include the value. +.PP +Example: +.PP +.Vb 1 +\& authorityKeyIdentifier=keyid,issuer +.Ve +.SS "Subject Alternative Name" +.IX Subsection "Subject Alternative Name" +The subject alternative name extension allows various literal values to be +included in the configuration file. These include \fBemail\fR (an email address) +\&\fB\s-1URI\s0\fR a uniform resource indicator, \fB\s-1DNS\s0\fR (a \s-1DNS\s0 domain name), \fB\s-1RID\s0\fR (a +registered \s-1ID:\s0 \s-1OBJECT\s0 \s-1IDENTIFIER\s0), \fB\s-1IP\s0\fR (an \s-1IP\s0 address), \fBdirName\fR +(a distinguished name) and otherName. +.PP +The email option include a special 'copy' value. This will automatically +include any email addresses contained in the certificate subject name in +the extension. +.PP +The \s-1IP\s0 address used in the \fB\s-1IP\s0\fR options can be in either IPv4 or IPv6 format. +.PP +The value of \fBdirName\fR should point to a section containing the distinguished +name to use as a set of name value pairs. Multi values AVAs can be formed by +prefacing the name with a \fB+\fR character. +.PP +otherName can include arbitrary data associated with an \s-1OID:\s0 the value +should be the \s-1OID\s0 followed by a semicolon and the content in standard +\&\fIASN1_generate_nconf\fR\|(3) format. +.PP +Examples: +.PP +.Vb 5 +\& subjectAltName=email:copy,email:my@other.address,URI:http://my.url.here/ +\& subjectAltName=IP:192.168.7.1 +\& subjectAltName=IP:13::17 +\& subjectAltName=email:my@other.address,RID:1.2.3.4 +\& subjectAltName=otherName:1.2.3.4;UTF8:some other identifier +\& +\& subjectAltName=dirName:dir_sect +\& +\& [dir_sect] +\& C=UK +\& O=My Organization +\& OU=My Unit +\& CN=My Name +.Ve +.SS "Issuer Alternative Name" +.IX Subsection "Issuer Alternative Name" +The issuer alternative name option supports all the literal options of +subject alternative name. It does \fBnot\fR support the email:copy option because +that would not make sense. It does support an additional issuer:copy option +that will copy all the subject alternative name values from the issuer +certificate (if possible). +.PP +Example: +.PP +.Vb 1 +\& issuerAltName = issuer:copy +.Ve +.SS "Authority Info Access" +.IX Subsection "Authority Info Access" +The authority information access extension gives details about how to access +certain information relating to the \s-1CA\s0. Its syntax is accessOID;location +where \fIlocation\fR has the same syntax as subject alternative name (except +that email:copy is not supported). accessOID can be any valid \s-1OID\s0 but only +certain values are meaningful, for example \s-1OCSP\s0 and caIssuers. +.PP +Example: +.PP +.Vb 2 +\& authorityInfoAccess = OCSP;URI:http://ocsp.my.host/ +\& authorityInfoAccess = caIssuers;URI:http://my.ca/ca.html +.Ve +.SS "\s-1CRL\s0 distribution points" +.IX Subsection "CRL distribution points" +This is a multi-valued extension whose options can be either in name:value pair +using the same form as subject alternative name or a single value representing +a section name containing all the distribution point fields. +.PP +For a name:value pair a new DistributionPoint with the fullName field set to +the given value both the cRLissuer and reasons fields are omitted in this case. +.PP +In the single option case the section indicated contains values for each +field. In this section: +.PP +If the name is \*(L"fullname\*(R" the value field should contain the full name +of the distribution point in the same format as subject alternative name. +.PP +If the name is \*(L"relativename\*(R" then the value field should contain a section +name whose contents represent a \s-1DN\s0 fragment to be placed in this field. +.PP +The name \*(L"CRLIssuer\*(R" if present should contain a value for this field in +subject alternative name format. +.PP +If the name is \*(L"reasons\*(R" the value field should consist of a comma +separated field containing the reasons. Valid reasons are: \*(L"keyCompromise\*(R", +\&\*(L"CACompromise\*(R", \*(L"affiliationChanged\*(R", \*(L"superseded\*(R", \*(L"cessationOfOperation\*(R", +\&\*(L"certificateHold\*(R", \*(L"privilegeWithdrawn\*(R" and \*(L"AACompromise\*(R". +.PP +Simple examples: +.PP +.Vb 2 +\& crlDistributionPoints=URI:http://myhost.com/myca.crl +\& crlDistributionPoints=URI:http://my.com/my.crl,URI:http://oth.com/my.crl +.Ve +.PP +Full distribution point example: +.PP +.Vb 1 +\& crlDistributionPoints=crldp1_section +\& +\& [crldp1_section] +\& +\& fullname=URI:http://myhost.com/myca.crl +\& CRLissuer=dirName:issuer_sect +\& reasons=keyCompromise, CACompromise +\& +\& [issuer_sect] +\& C=UK +\& O=Organisation +\& CN=Some Name +.Ve +.SS "Issuing Distribution Point" +.IX Subsection "Issuing Distribution Point" +This extension should only appear in CRLs. It is a multi valued extension +whose syntax is similar to the \*(L"section\*(R" pointed to by the \s-1CRL\s0 distribution +points extension with a few differences. +.PP +The names \*(L"reasons\*(R" and \*(L"CRLissuer\*(R" are not recognized. +.PP +The name \*(L"onlysomereasons\*(R" is accepted which sets this field. The value is +in the same format as the \s-1CRL\s0 distribution point \*(L"reasons\*(R" field. +.PP +The names \*(L"onlyuser\*(R", \*(L"onlyCA\*(R", \*(L"onlyAA\*(R" and \*(L"indirectCRL\*(R" are also accepted +the values should be a boolean value (\s-1TRUE\s0 or \s-1FALSE\s0) to indicate the value of +the corresponding field. +.PP +Example: +.PP +.Vb 1 +\& issuingDistributionPoint=critical, @idp_section +\& +\& [idp_section] +\& +\& fullname=URI:http://myhost.com/myca.crl +\& indirectCRL=TRUE +\& onlysomereasons=keyCompromise, CACompromise +\& +\& [issuer_sect] +\& C=UK +\& O=Organisation +\& CN=Some Name +.Ve +.SS "Certificate Policies" +.IX Subsection "Certificate Policies" +This is a \fIraw\fR extension. All the fields of this extension can be set by +using the appropriate syntax. +.PP +If you follow the \s-1PKIX\s0 recommendations and just using one \s-1OID\s0 then you just +include the value of that \s-1OID\s0. Multiple OIDs can be set separated by commas, +for example: +.PP +.Vb 1 +\& certificatePolicies= 1.2.4.5, 1.1.3.4 +.Ve +.PP +If you wish to include qualifiers then the policy \s-1OID\s0 and qualifiers need to +be specified in a separate section: this is done by using the \f(CW@section\fR syntax +instead of a literal \s-1OID\s0 value. +.PP +The section referred to must include the policy \s-1OID\s0 using the name +policyIdentifier, cPSuri qualifiers can be included using the syntax: +.PP +.Vb 1 +\& CPS.nnn=value +.Ve +.PP +userNotice qualifiers can be set using the syntax: +.PP +.Vb 1 +\& userNotice.nnn=@notice +.Ve +.PP +The value of the userNotice qualifier is specified in the relevant section. +This section can include explicitText, organization and noticeNumbers +options. explicitText and organization are text strings, noticeNumbers is a +comma separated list of numbers. The organization and noticeNumbers options +(if included) must \s-1BOTH\s0 be present. If you use the userNotice option with \s-1IE5\s0 +then you need the 'ia5org' option at the top level to modify the encoding: +otherwise it will not be interpreted properly. +.PP +Example: +.PP +.Vb 1 +\& certificatePolicies=ia5org,1.2.3.4,1.5.6.7.8,@polsect +\& +\& [polsect] +\& +\& policyIdentifier = 1.3.5.8 +\& CPS.1="http://my.host.name/" +\& CPS.2="http://my.your.name/" +\& userNotice.1=@notice +\& +\& [notice] +\& +\& explicitText="Explicit Text Here" +\& organization="Organisation Name" +\& noticeNumbers=1,2,3,4 +.Ve +.PP +The \fBia5org\fR option changes the type of the \fIorganization\fR field. In \s-1RFC2459\s0 +it can only be of type DisplayText. In \s-1RFC3280\s0 IA5String is also permissible. +Some software (for example some versions of \s-1MSIE\s0) may require ia5org. +.PP +\&\s-1ASN1\s0 type of explicitText can be specified by prepending \fB\s-1UTF8\s0\fR, +\&\fB\s-1BMP\s0\fR or \fB\s-1VISIBLE\s0\fR prefix followed by colon. For example: +.PP +.Vb 2 +\& [notice] +\& explicitText="UTF8:Explicit Text Here" +.Ve +.SS "Policy Constraints" +.IX Subsection "Policy Constraints" +This is a multi-valued extension which consisting of the names +\&\fBrequireExplicitPolicy\fR or \fBinhibitPolicyMapping\fR and a non negative integer +value. At least one component must be present. +.PP +Example: +.PP +.Vb 1 +\& policyConstraints = requireExplicitPolicy:3 +.Ve +.SS "Inhibit Any Policy" +.IX Subsection "Inhibit Any Policy" +This is a string extension whose value must be a non negative integer. +.PP +Example: +.PP +.Vb 1 +\& inhibitAnyPolicy = 2 +.Ve +.SS "Name Constraints" +.IX Subsection "Name Constraints" +The name constraints extension is a multi-valued extension. The name should +begin with the word \fBpermitted\fR or \fBexcluded\fR followed by a \fB;\fR. The rest of +the name and the value follows the syntax of subjectAltName except email:copy +is not supported and the \fB\s-1IP\s0\fR form should consist of an \s-1IP\s0 addresses and +subnet mask separated by a \fB/\fR. +.PP +Examples: +.PP +.Vb 1 +\& nameConstraints=permitted;IP:192.168.0.0/255.255.0.0 +\& +\& nameConstraints=permitted;email:.somedomain.com +\& +\& nameConstraints=excluded;email:.com +.Ve +.SS "\s-1OCSP\s0 No Check" +.IX Subsection "OCSP No Check" +The \s-1OCSP\s0 No Check extension is a string extension but its value is ignored. +.PP +Example: +.PP +.Vb 1 +\& noCheck = ignored +.Ve +.SS "\s-1TLS\s0 Feature (aka Must Staple)" +.IX Subsection "TLS Feature (aka Must Staple)" +This is a multi-valued extension consisting of a list of \s-1TLS\s0 extension +identifiers. Each identifier may be a number (0..65535) or a supported name. +When a \s-1TLS\s0 client sends a listed extension, the \s-1TLS\s0 server is expected to +include that extension in its reply. +.PP +The supported names are: \fBstatus_request\fR and \fBstatus_request_v2\fR. +.PP +Example: +.PP +.Vb 1 +\& tlsfeature = status_request +.Ve +.SH "DEPRECATED EXTENSIONS" +.IX Header "DEPRECATED EXTENSIONS" +The following extensions are non standard, Netscape specific and largely +obsolete. Their use in new applications is discouraged. +.SS "Netscape String extensions" +.IX Subsection "Netscape String extensions" +Netscape Comment (\fBnsComment\fR) is a string extension containing a comment +which will be displayed when the certificate is viewed in some browsers. +.PP +Example: +.PP +.Vb 1 +\& nsComment = "Some Random Comment" +.Ve +.PP +Other supported extensions in this category are: \fBnsBaseUrl\fR, +\&\fBnsRevocationUrl\fR, \fBnsCaRevocationUrl\fR, \fBnsRenewalUrl\fR, \fBnsCaPolicyUrl\fR +and \fBnsSslServerName\fR. +.SS "Netscape Certificate Type" +.IX Subsection "Netscape Certificate Type" +This is a multi-valued extensions which consists of a list of flags to be +included. It was used to indicate the purposes for which a certificate could +be used. The basicConstraints, keyUsage and extended key usage extensions are +now used instead. +.PP +Acceptable values for nsCertType are: \fBclient\fR, \fBserver\fR, \fBemail\fR, +\&\fBobjsign\fR, \fBreserved\fR, \fBsslCA\fR, \fBemailCA\fR, \fBobjCA\fR. +.SH "ARBITRARY EXTENSIONS" +.IX Header "ARBITRARY EXTENSIONS" +If an extension is not supported by the OpenSSL code then it must be encoded +using the arbitrary extension format. It is also possible to use the arbitrary +format for supported extensions. Extreme care should be taken to ensure that +the data is formatted correctly for the given extension type. +.PP +There are two ways to encode arbitrary extensions. +.PP +The first way is to use the word \s-1ASN1\s0 followed by the extension content +using the same syntax as \fIASN1_generate_nconf\fR\|(3). +For example: +.PP +.Vb 1 +\& 1.2.3.4=critical,ASN1:UTF8String:Some random data +\& +\& 1.2.3.4=ASN1:SEQUENCE:seq_sect +\& +\& [seq_sect] +\& +\& field1 = UTF8:field1 +\& field2 = UTF8:field2 +.Ve +.PP +It is also possible to use the word \s-1DER\s0 to include the raw encoded data in any +extension. +.PP +.Vb 2 +\& 1.2.3.4=critical,DER:01:02:03:04 +\& 1.2.3.4=DER:01020304 +.Ve +.PP +The value following \s-1DER\s0 is a hex dump of the \s-1DER\s0 encoding of the extension +Any extension can be placed in this form to override the default behaviour. +For example: +.PP +.Vb 1 +\& basicConstraints=critical,DER:00:01:02:03 +.Ve +.SH "WARNINGS" +.IX Header "WARNINGS" +There is no guarantee that a specific implementation will process a given +extension. It may therefore be sometimes possible to use certificates for +purposes prohibited by their extensions because a specific application does +not recognize or honour the values of the relevant extensions. +.PP +The \s-1DER\s0 and \s-1ASN1\s0 options should be used with caution. It is possible to create +totally invalid extensions if they are not used carefully. +.SH "NOTES" +.IX Header "NOTES" +If an extension is multi-value and a field value must contain a comma the long +form must be used otherwise the comma would be misinterpreted as a field +separator. For example: +.PP +.Vb 1 +\& subjectAltName=URI:ldap://somehost.com/CN=foo,OU=bar +.Ve +.PP +will produce an error but the equivalent form: +.PP +.Vb 1 +\& subjectAltName=@subject_alt_section +\& +\& [subject_alt_section] +\& subjectAltName=URI:ldap://somehost.com/CN=foo,OU=bar +.Ve +.PP +is valid. +.PP +Due to the behaviour of the OpenSSL \fBconf\fR library the same field name +can only occur once in a section. This means that: +.PP +.Vb 1 +\& subjectAltName=@alt_section +\& +\& [alt_section] +\& +\& email=steve@here +\& email=steve@there +.Ve +.PP +will only recognize the last value. This can be worked around by using the form: +.PP +.Vb 1 +\& [alt_section] +\& +\& email.1=steve@here +\& email.2=steve@there +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\-req\fR\|(1), \fIopenssl\-ca\fR\|(1), \fIopenssl\-x509\fR\|(1), +\&\fIASN1_generate_nconf\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2004\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man7/EVP_KDF-HKDF.7 b/linux_amd64/ssl/share/man/man7/EVP_KDF-HKDF.7 new file mode 100755 index 0000000..012b2c0 --- /dev/null +++ b/linux_amd64/ssl/share/man/man7/EVP_KDF-HKDF.7 @@ -0,0 +1,277 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_KDF-HKDF 7" +.TH EVP_KDF-HKDF 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_KDF\-HKDF \- The HKDF EVP_KDF implementation +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Support for computing the \fB\s-1HKDF\s0\fR \s-1KDF\s0 through the \fB\s-1EVP_KDF\s0\fR \s-1API\s0. +.PP +The \s-1EVP_KDF\-HKDF\s0 algorithm implements the \s-1HKDF\s0 key derivation function. +\&\s-1HKDF\s0 follows the \*(L"extract-then-expand\*(R" paradigm, where the \s-1KDF\s0 logically +consists of two modules. The first stage takes the input keying material +and \*(L"extracts\*(R" from it a fixed-length pseudorandom key K. The second stage +\&\*(L"expands\*(R" the key K into several additional pseudorandom keys (the output +of the \s-1KDF\s0). +.SS "Identity" +.IX Subsection "Identity" +\&\*(L"\s-1HKDF\s0\*(R" is the name for this implementation; it +can be used with the \fIEVP_KDF_fetch()\fR function. +.SS "Supported parameters" +.IX Subsection "Supported parameters" +The supported parameters are: +.ie n .IP """properties"" (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``properties'' (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "properties (OSSL_KDF_PARAM_PROPERTIES) " +.PD 0 +.ie n .IP """digest"" (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``digest'' (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "digest (OSSL_KDF_PARAM_DIGEST) " +.ie n .IP """key"" (\fB\s-1OSSL_KDF_PARAM_KEY\s0\fR) " 4 +.el .IP "``key'' (\fB\s-1OSSL_KDF_PARAM_KEY\s0\fR) " 4 +.IX Item "key (OSSL_KDF_PARAM_KEY) " +.ie n .IP """salt"" (\fB\s-1OSSL_KDF_PARAM_SALT\s0\fR) " 4 +.el .IP "``salt'' (\fB\s-1OSSL_KDF_PARAM_SALT\s0\fR) " 4 +.IX Item "salt (OSSL_KDF_PARAM_SALT) " +.PD +These parameters work as described in \*(L"\s-1PARAMETERS\s0\*(R" in \s-1\fIEVP_KDF\s0\fR\|(3). +.ie n .IP """info"" (\fB\s-1OSSL_KDF_PARAM_INFO\s0\fR) " 4 +.el .IP "``info'' (\fB\s-1OSSL_KDF_PARAM_INFO\s0\fR) " 4 +.IX Item "info (OSSL_KDF_PARAM_INFO) " +This parameter sets the info value. +The length of the context info buffer cannot exceed 1024 bytes; +this should be more than enough for any normal use of \s-1HKDF\s0. +.ie n .IP """mode"" (\fB\s-1OSSL_KDF_PARAM_MODE\s0\fR) <\s-1UTF8\s0 string> or " 4 +.el .IP "``mode'' (\fB\s-1OSSL_KDF_PARAM_MODE\s0\fR) <\s-1UTF8\s0 string> or " 4 +.IX Item "mode (OSSL_KDF_PARAM_MODE) or " +This parameter sets the mode for the \s-1HKDF\s0 operation. +There are three modes that are currently defined: +.RS 4 +.ie n .IP "\fB\s-1EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND\s0\fR ""\s-1EXTRACT_AND_EXPAND\s0""" 4 +.el .IP "\fB\s-1EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND\s0\fR ``\s-1EXTRACT_AND_EXPAND\s0''" 4 +.IX Item "EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND EXTRACT_AND_EXPAND" +This is the default mode. Calling \fIEVP_KDF_derive\fR\|(3) on an \s-1EVP_KDF_CTX\s0 set +up for \s-1HKDF\s0 will perform an extract followed by an expand operation in one go. +The derived key returned will be the result after the expand operation. The +intermediate fixed-length pseudorandom key K is not returned. +.Sp +In this mode the digest, key, salt and info values must be set before a key is +derived otherwise an error will occur. +.ie n .IP "\fB\s-1EVP_KDF_HKDF_MODE_EXTRACT_ONLY\s0\fR ""\s-1EXTRACT_ONLY\s0""" 4 +.el .IP "\fB\s-1EVP_KDF_HKDF_MODE_EXTRACT_ONLY\s0\fR ``\s-1EXTRACT_ONLY\s0''" 4 +.IX Item "EVP_KDF_HKDF_MODE_EXTRACT_ONLY EXTRACT_ONLY" +In this mode calling \fIEVP_KDF_derive\fR\|(3) will just perform the extract +operation. The value returned will be the intermediate fixed-length pseudorandom +key K. The \fIkeylen\fR parameter must match the size of K, which can be looked +up by calling \fIEVP_KDF_size()\fR after setting the mode and digest. +.Sp +The digest, key and salt values must be set before a key is derived otherwise +an error will occur. +.ie n .IP "\fB\s-1EVP_KDF_HKDF_MODE_EXPAND_ONLY\s0\fR ""\s-1EXPAND_ONLY\s0""" 4 +.el .IP "\fB\s-1EVP_KDF_HKDF_MODE_EXPAND_ONLY\s0\fR ``\s-1EXPAND_ONLY\s0''" 4 +.IX Item "EVP_KDF_HKDF_MODE_EXPAND_ONLY EXPAND_ONLY" +In this mode calling \fIEVP_KDF_derive\fR\|(3) will just perform the expand +operation. The input key should be set to the intermediate fixed-length +pseudorandom key K returned from a previous extract operation. +.Sp +The digest, key and info values must be set before a key is derived otherwise +an error will occur. +.RE +.RS 4 +.RE +.SH "NOTES" +.IX Header "NOTES" +A context for \s-1HKDF\s0 can be obtained by calling: +.PP +.Vb 2 +\& EVP_KDF *kdf = EVP_KDF_fetch(NULL, "HKDF", NULL); +\& EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf); +.Ve +.PP +The output length of an \s-1HKDF\s0 expand operation is specified via the \fIkeylen\fR +parameter to the \fIEVP_KDF_derive\fR\|(3) function. When using +\&\s-1EVP_KDF_HKDF_MODE_EXTRACT_ONLY\s0 the \fIkeylen\fR parameter must equal the size of +the intermediate fixed-length pseudorandom key otherwise an error will occur. +For that mode, the fixed output size can be looked up by calling \fIEVP_KDF_size()\fR +after setting the mode and digest on the \fB\s-1EVP_KDF_CTX\s0\fR. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This example derives 10 bytes using \s-1SHA\-256\s0 with the secret key \*(L"secret\*(R", +salt value \*(L"salt\*(R" and info value \*(L"label\*(R": +.PP +.Vb 4 +\& EVP_KDF *kdf; +\& EVP_KDF_CTX *kctx; +\& unsigned char out[10]; +\& OSSL_PARAM params[5], *p = params; +\& +\& kdf = EVP_KDF_fetch(NULL, "HKDF", NULL); +\& kctx = EVP_KDF_CTX_new(kdf); +\& EVP_KDF_free(kdf); +\& +\& *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, +\& SN_sha256, strlen(SN_sha256)); +\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, +\& "secret", (size_t)6); +\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, +\& "label", (size_t)5); +\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, +\& "salt", (size_t)4); +\& *p = OSSL_PARAM_construct_end(); +\& if (EVP_KDF_CTX_set_params(kctx, params) <= 0) { +\& error("EVP_KDF_CTX_set_params"); +\& } +\& if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) { +\& error("EVP_KDF_derive"); +\& } +\& +\& EVP_KDF_CTX_free(kctx); +.Ve +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1RFC\s0 5869 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fIEVP_KDF\s0\fR\|(3), +\&\fIEVP_KDF_CTX_new\fR\|(3), +\&\fIEVP_KDF_CTX_free\fR\|(3), +\&\fIEVP_KDF_size\fR\|(3), +\&\fIEVP_KDF_CTX_set_params\fR\|(3), +\&\fIEVP_KDF_derive\fR\|(3), +\&\*(L"\s-1PARAMETERS\s0\*(R" in \s-1\fIEVP_KDF\s0\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man7/EVP_KDF-KB.7 b/linux_amd64/ssl/share/man/man7/EVP_KDF-KB.7 new file mode 100755 index 0000000..18b0ea7 --- /dev/null +++ b/linux_amd64/ssl/share/man/man7/EVP_KDF-KB.7 @@ -0,0 +1,287 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_KDF-KB 7" +.TH EVP_KDF-KB 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_KDF\-KB \- The Key\-Based EVP_KDF implementation +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP_KDF\-KB\s0 algorithm implements the Key-Based key derivation function +(\s-1KBKDF\s0). \s-1KBKDF\s0 derives a key from repeated application of a keyed \s-1MAC\s0 to an +input secret (and other optional values). +.SS "Identity" +.IX Subsection "Identity" +\&\*(L"\s-1KBKDF\s0\*(R" is the name for this implementation; it can be used with the +\&\fIEVP_KDF_fetch()\fR function. +.SS "Supported parameters" +.IX Subsection "Supported parameters" +The supported parameters are: +.ie n .IP """properties"" (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``properties'' (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "properties (OSSL_KDF_PARAM_PROPERTIES) " +.PD 0 +.ie n .IP """mode"" (\fB\s-1OSSL_KDF_PARAM_MODE\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``mode'' (\fB\s-1OSSL_KDF_PARAM_MODE\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "mode (OSSL_KDF_PARAM_MODE) " +.ie n .IP """mac"" (\fB\s-1OSSL_KDF_PARAM_MAC\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``mac'' (\fB\s-1OSSL_KDF_PARAM_MAC\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "mac (OSSL_KDF_PARAM_MAC) " +.ie n .IP """digest"" (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``digest'' (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "digest (OSSL_KDF_PARAM_DIGEST) " +.ie n .IP """cipher"" (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``cipher'' (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "cipher (OSSL_KDF_PARAM_DIGEST) " +.ie n .IP """key"" (\fB\s-1OSSL_KDF_PARAM_KEY\s0\fR) " 4 +.el .IP "``key'' (\fB\s-1OSSL_KDF_PARAM_KEY\s0\fR) " 4 +.IX Item "key (OSSL_KDF_PARAM_KEY) " +.ie n .IP """salt"" (\fB\s-1OSSL_KDF_PARAM_SALT\s0\fR) " 4 +.el .IP "``salt'' (\fB\s-1OSSL_KDF_PARAM_SALT\s0\fR) " 4 +.IX Item "salt (OSSL_KDF_PARAM_SALT) " +.IP """info (\fB\s-1OSSL_KDF_PARAM_INFO\s0\fR) " 4 +.IX Item """info (OSSL_KDF_PARAM_INFO) " +.ie n .IP """seed"" (\fB\s-1OSSL_KDF_PARAM_SEED\s0\fR) " 4 +.el .IP "``seed'' (\fB\s-1OSSL_KDF_PARAM_SEED\s0\fR) " 4 +.IX Item "seed (OSSL_KDF_PARAM_SEED) " +.PD +.PP +The mode parameter determines which flavor of \s-1KBKDF\s0 to use \- currently the +choices are \*(L"counter\*(R" and \*(L"feedback\*(R". Counter is the default, and will be +used if unspecified. The seed parameter is unused in counter mode. +.PP +The parameters key, salt, info, and seed correspond to \s-1KI\s0, Label, Context, and +\&\s-1IV\s0 (respectively) in \s-1SP800\-108\s0. As in that document, salt, info, and seed are +optional and may be omitted. +.PP +Depending on whether mac is \s-1CMAC\s0 or \s-1HMAC\s0, either digest or cipher is required +(respectively) and the other is unused. +.SH "NOTES" +.IX Header "NOTES" +A context for \s-1KBKDF\s0 can be obtained by calling: +.PP +.Vb 2 +\& EVP_KDF *kdf = EVP_KDF_fetch(NULL, "KBKDF", NULL); +\& EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf); +.Ve +.PP +The output length of an \s-1KBKDF\s0 is specified via the \f(CW\*(C`keylen\*(C'\fR +parameter to the \fIEVP_KDF_derive\fR\|(3) function. +.PP +Note that currently OpenSSL only implements counter and feedback modes. Other +variants may be supported in the future. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This example derives 10 bytes using \s-1COUNTER\-HMAC\-SHA256\s0, with \s-1KI\s0 \*(L"secret\*(R", +Label \*(L"label\*(R", and Context \*(L"context\*(R". +.PP +.Vb 4 +\& EVP_KDF *kdf; +\& EVP_KDF_CTX *kctx; +\& unsigned char out[10]; +\& OSSL_PARAM params[6], *p = params; +\& +\& kdf = EVP_KDF_fetch(NULL, "KBKDF", NULL); +\& kctx = EVP_KDF_CTX_new(kdf); +\& EVP_KDF_free(kdf); +\& +\& *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, +\& "SHA2\-256", 0); +\& *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC, +\& "HMAC", 0); +\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, +\& "secret", strlen("secret")) +\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, +\& "label", strlen("label")); +\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, +\& "context", strlen("context")); +\& *p = OSSL_PARAM_construct_end(); +\& if (EVP_KDF_CTX_set_params(kctx, params) <= 0) +\& error("EVP_KDF_CTX_set_params"); +\& else if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) +\& error("EVP_KDF_derive"); +\& +\& EVP_KDF_CTX_free(kctx); +.Ve +.PP +This example derives 10 bytes using \s-1FEEDBACK\-CMAC\-AES256\s0, with \s-1KI\s0 \*(L"secret\*(R", +Label \*(L"label\*(R", and \s-1IV\s0 \*(L"sixteen bytes iv\*(R". +.PP +.Vb 5 +\& EVP_KDF *kdf; +\& EVP_KDF_CTX *kctx; +\& unsigned char out[10]; +\& OSSL_PARAM params[8], *p = params; +\& unsigned char *iv = "sixteen bytes iv"; +\& +\& kdf = EVP_KDF_fetch(NULL, "KBKDF", NULL); +\& kctx = EVP_KDF_CTX_new(kdf); +\& EVP_KDF_free(kdf); +\& +\& *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CIPHER, "AES256", 0); +\& *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC, "CMAC", 0); +\& *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MODE, "FEEDBACK", 0); +\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, +\& "secret", strlen("secret")); +\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, +\& "label", strlen("label")); +\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, +\& "context", strlen("context")); +\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED, +\& iv, strlen(iv)); +\& *p = OSSL_PARAM_construct_end(); +\& if (EVP_KDF_CTX_set_params(kctx, params) <= 0) +\& error("EVP_KDF_CTX_set_params"); +\& else if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) +\& error("EVP_KDF_derive"); +\& +\& EVP_KDF_CTX_free(kctx); +.Ve +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1NIST\s0 \s-1SP800\-108\s0, \s-1IETF\s0 \s-1RFC\s0 6803, \s-1IETF\s0 \s-1RFC\s0 8009. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fIEVP_KDF\s0\fR\|(3), +\&\fIEVP_KDF_CTX_free\fR\|(3), +\&\fIEVP_KDF_size\fR\|(3), +\&\fIEVP_KDF_derive\fR\|(3), +\&\*(L"\s-1PARAMETERS\s0\*(R" in \s-1\fIEVP_KDF\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +This functionality was added to OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019 Red Hat, Inc. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man7/EVP_KDF-KRB5KDF.7 b/linux_amd64/ssl/share/man/man7/EVP_KDF-KRB5KDF.7 new file mode 100755 index 0000000..34abcec --- /dev/null +++ b/linux_amd64/ssl/share/man/man7/EVP_KDF-KRB5KDF.7 @@ -0,0 +1,239 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_KDF-KRB5KDF 7" +.TH EVP_KDF-KRB5KDF 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_KDF\-KRB5KDF \- The RFC3961 Krb5 KDF EVP_KDF implementation +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Support for computing the \fB\s-1KRB5KDF\s0\fR \s-1KDF\s0 through the \fB\s-1EVP_KDF\s0\fR \s-1API\s0. +.PP +The \s-1EVP_KDF\-KRB5KDF\s0 algorithm implements the key derivation function defined +in \s-1RFC\s0 3961, section 5.1 and is used by Krb5 to derive session keys. +Three inputs are required to perform key derivation: a cipher, (for example +\&\s-1AES\-128\-CBC\s0), the initial key, and a constant. +.SS "Identity" +.IX Subsection "Identity" +\&\*(L"\s-1KRB5KDF\s0\*(R" is the name for this implementation; +it can be used with the \fIEVP_KDF_fetch()\fR function. +.SS "Supported parameters" +.IX Subsection "Supported parameters" +The supported parameters are: +.ie n .IP """properties"" (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``properties'' (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "properties (OSSL_KDF_PARAM_PROPERTIES) " +.PD 0 +.ie n .IP """cipher"" (\fB\s-1OSSL_KDF_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``cipher'' (\fB\s-1OSSL_KDF_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "cipher (OSSL_KDF_PARAM_CIPHER) " +.ie n .IP """key"" (\fB\s-1OSSL_KDF_PARAM_KEY\s0\fR) " 4 +.el .IP "``key'' (\fB\s-1OSSL_KDF_PARAM_KEY\s0\fR) " 4 +.IX Item "key (OSSL_KDF_PARAM_KEY) " +.PD +These parameters work as described in \*(L"\s-1PARAMETERS\s0\*(R" in \s-1\fIEVP_KDF\s0\fR\|(3). +.ie n .IP """constant"" (\fB\s-1OSSL_KDF_PARAM_CONSTANT\s0\fR) " 4 +.el .IP "``constant'' (\fB\s-1OSSL_KDF_PARAM_CONSTANT\s0\fR) " 4 +.IX Item "constant (OSSL_KDF_PARAM_CONSTANT) " +This parameter sets the constant value for the \s-1KDF\s0. +If a value is already set, the contents are replaced. +.SH "NOTES" +.IX Header "NOTES" +A context for \s-1KRB5KDF\s0 can be obtained by calling: +.PP +.Vb 2 +\& EVP_KDF *kdf = EVP_KDF_fetch(NULL, "KRB5KDF", NULL); +\& EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf); +.Ve +.PP +The output length of the \s-1KRB5KDF\s0 derivation is specified via the \fIkeylen\fR +parameter to the \fIEVP_KDF_derive\fR\|(3) function, and \s-1MUST\s0 match the key +length for the chosen cipher or an error is returned. Moreover the +constant's length must not exceed the block size of the cipher. +Since the \s-1KRB5KDF\s0 output length depends on the chosen cipher, calling +\&\fIEVP_KDF_size\fR\|(3) to obtain the requisite length returns the correct length +only after the cipher is set. Prior to that \fB\s-1EVP_MAX_KEY_LENGTH\s0\fR is returned. +The caller must allocate a buffer of the correct length for the chosen +cipher, and pass that buffer to the \fIEVP_KDF_derive\fR\|(3) function along +with that length. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This example derives a key using the \s-1AES\-128\-CBC\s0 cipher: +.PP +.Vb 7 +\& EVP_KDF *kdf; +\& EVP_KDF_CTX *kctx; +\& unsigned char key[16] = "01234..."; +\& unsigned char constant[] = "I\*(Aqm a constant"; +\& unsigned char out[16]; +\& size_t outlen = sizeof(out); +\& OSSL_PARAM params[4], *p = params; +\& +\& kdf = EVP_KDF_fetch(NULL, "KRB5KDF", NULL); +\& kctx = EVP_KDF_CTX_new(kdf); +\& EVP_KDF_free(kdf); +\& +\& *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CIPHER, +\& SN_aes_128_cbc, +\& strlen(SN_aes_128_cbc)); +\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, +\& key, (size_t)16); +\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_CONSTANT, +\& constant, strlen(constant)); +\& *p = OSSL_PARAM_construct_end(); +\& if (EVP_KDF_set_params(kctx, params) <= 0) +\& /* Error */ +\& +\& if (EVP_KDF_derive(kctx, out, outlen) <= 0) +\& /* Error */ +\& +\& EVP_KDF_CTX_free(kctx); +.Ve +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1RFC\s0 3961 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fIEVP_KDF\s0\fR\|(3), +\&\fIEVP_KDF_CTX_free\fR\|(3), +\&\fIEVP_KDF_ctrl\fR\|(3), +\&\fIEVP_KDF_size\fR\|(3), +\&\fIEVP_KDF_derive\fR\|(3), +\&\*(L"\s-1PARAMETERS\s0\*(R" in \s-1\fIEVP_KDF\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +This functionality was added to OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man7/EVP_KDF-PBKDF2.7 b/linux_amd64/ssl/share/man/man7/EVP_KDF-PBKDF2.7 new file mode 100755 index 0000000..24c6269 --- /dev/null +++ b/linux_amd64/ssl/share/man/man7/EVP_KDF-PBKDF2.7 @@ -0,0 +1,227 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_KDF-PBKDF2 7" +.TH EVP_KDF-PBKDF2 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_KDF\-PBKDF2 \- The PBKDF2 EVP_KDF implementation +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Support for computing the \fB\s-1PBKDF2\s0\fR password-based \s-1KDF\s0 through the \fB\s-1EVP_KDF\s0\fR +\&\s-1API\s0. +.PP +The \s-1EVP_KDF\-PBKDF2\s0 algorithm implements the \s-1PBKDF2\s0 password-based key +derivation function, as described in \s-1SP800\-132\s0; it derives a key from a password +using a salt and iteration count. +.SS "Identity" +.IX Subsection "Identity" +\&\*(L"\s-1PBKDF2\s0\*(R" is the name for this implementation; it +can be used with the \fIEVP_KDF_fetch()\fR function. +.SS "Supported parameters" +.IX Subsection "Supported parameters" +The supported parameters are: +.ie n .IP """pass"" (\fB\s-1OSSL_KDF_PARAM_PASSWORD\s0\fR) " 4 +.el .IP "``pass'' (\fB\s-1OSSL_KDF_PARAM_PASSWORD\s0\fR) " 4 +.IX Item "pass (OSSL_KDF_PARAM_PASSWORD) " +.PD 0 +.ie n .IP """salt"" (\fB\s-1OSSL_KDF_PARAM_SALT\s0\fR) " 4 +.el .IP "``salt'' (\fB\s-1OSSL_KDF_PARAM_SALT\s0\fR) " 4 +.IX Item "salt (OSSL_KDF_PARAM_SALT) " +.ie n .IP """iter"" (\fB\s-1OSSL_KDF_PARAM_ITER\s0\fR) " 4 +.el .IP "``iter'' (\fB\s-1OSSL_KDF_PARAM_ITER\s0\fR) " 4 +.IX Item "iter (OSSL_KDF_PARAM_ITER) " +.PD +This parameter has a default value of 2048. +.ie n .IP """properties"" (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``properties'' (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "properties (OSSL_KDF_PARAM_PROPERTIES) " +.PD 0 +.ie n .IP """digest"" (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``digest'' (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "digest (OSSL_KDF_PARAM_DIGEST) " +.PD +These parameters work as described in \*(L"\s-1PARAMETERS\s0\*(R" in \s-1\fIEVP_KDF\s0\fR\|(3). +.ie n .IP """pkcs5"" (\fB\s-1OSSL_KDF_PARAM_PKCS5\s0\fR) " 4 +.el .IP "``pkcs5'' (\fB\s-1OSSL_KDF_PARAM_PKCS5\s0\fR) " 4 +.IX Item "pkcs5 (OSSL_KDF_PARAM_PKCS5) " +This parameter can be used to enable or disable \s-1SP800\-132\s0 compliance checks. +Setting the mode to 0 enables the compliance checks. +.Sp +The checks performed are: +.RS 4 +.IP "\- the iteration count is at least 1000." 4 +.IX Item "- the iteration count is at least 1000." +.PD 0 +.IP "\- the salt length is at least 128 bits." 4 +.IX Item "- the salt length is at least 128 bits." +.IP "\- the derived key length is at least 112 bits." 4 +.IX Item "- the derived key length is at least 112 bits." +.RE +.RS 4 +.PD +.Sp +The default provider uses a default mode of 1 for backwards compatibility, +and the fips provider uses a default mode of 0. +.Sp +The value string is expected to be a decimal number 0 or 1. +.RE +.SH "NOTES" +.IX Header "NOTES" +A typical application of this algorithm is to derive keying material for an +encryption algorithm from a password in the \*(L"pass\*(R", a salt in \*(L"salt\*(R", +and an iteration count. +.PP +Increasing the \*(L"iter\*(R" parameter slows down the algorithm which makes it +harder for an attacker to perform a brute force attack using a large number +of candidate passwords. +.PP +No assumption is made regarding the given password; it is simply treated as a +byte sequence. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1SP800\-132\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fIEVP_KDF\s0\fR\|(3), +\&\fIEVP_KDF_CTX_new\fR\|(3), +\&\fIEVP_KDF_CTX_free\fR\|(3), +\&\fIEVP_KDF_CTX_set_params\fR\|(3), +\&\fIEVP_KDF_derive\fR\|(3), +\&\*(L"\s-1PARAMETERS\s0\*(R" in \s-1\fIEVP_KDF\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +This functionality was added to OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man7/EVP_KDF-SCRYPT.7 b/linux_amd64/ssl/share/man/man7/EVP_KDF-SCRYPT.7 new file mode 100755 index 0000000..968992a --- /dev/null +++ b/linux_amd64/ssl/share/man/man7/EVP_KDF-SCRYPT.7 @@ -0,0 +1,267 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_KDF-SCRYPT 7" +.TH EVP_KDF-SCRYPT 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_KDF\-SCRYPT \- The scrypt EVP_KDF implementation +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Support for computing the \fBscrypt\fR password-based \s-1KDF\s0 through the \fB\s-1EVP_KDF\s0\fR +\&\s-1API\s0. +.PP +The \s-1EVP_KDF\-SCRYPT\s0 algorithm implements the scrypt password-based key +derivation function, as described in \s-1RFC\s0 7914. It is memory-hard in the sense +that it deliberately requires a significant amount of \s-1RAM\s0 for efficient +computation. The intention of this is to render brute forcing of passwords on +systems that lack large amounts of main memory (such as GPUs or ASICs) +computationally infeasible. +.PP +scrypt provides three work factors that can be customized: N, r and p. N, which +has to be a positive power of two, is the general work factor and scales \s-1CPU\s0 +time in an approximately linear fashion. r is the block size of the internally +used hash function and p is the parallelization factor. Both r and p need to be +greater than zero. The amount of \s-1RAM\s0 that scrypt requires for its computation +is roughly (128 * N * r * p) bytes. +.PP +In the original paper of Colin Percival (\*(L"Stronger Key Derivation via +Sequential Memory-Hard Functions\*(R", 2009), the suggested values that give a +computation time of less than 5 seconds on a 2.5 GHz Intel Core 2 Duo are N = +2^20 = 1048576, r = 8, p = 1. Consequently, the required amount of memory for +this computation is roughly 1 GiB. On a more recent \s-1CPU\s0 (Intel i7\-5930K at 3.5 +GHz), this computation takes about 3 seconds. When N, r or p are not specified, +they default to 1048576, 8, and 1, respectively. The maximum amount of \s-1RAM\s0 that +may be used by scrypt defaults to 1025 MiB. +.SS "Identity" +.IX Subsection "Identity" +\&\*(L"\s-1SCRYPT\s0\*(R" is the name for this implementation; it +can be used with the \fIEVP_KDF_fetch()\fR function. +.SS "Supported parameters" +.IX Subsection "Supported parameters" +The supported parameters are: +.ie n .IP """pass"" (\fB\s-1OSSL_KDF_PARAM_PASSWORD\s0\fR) " 4 +.el .IP "``pass'' (\fB\s-1OSSL_KDF_PARAM_PASSWORD\s0\fR) " 4 +.IX Item "pass (OSSL_KDF_PARAM_PASSWORD) " +.PD 0 +.ie n .IP """salt"" (\fB\s-1OSSL_KDF_PARAM_SALT\s0\fR) " 4 +.el .IP "``salt'' (\fB\s-1OSSL_KDF_PARAM_SALT\s0\fR) " 4 +.IX Item "salt (OSSL_KDF_PARAM_SALT) " +.PD +These parameters work as described in \*(L"\s-1PARAMETERS\s0\*(R" in \s-1\fIEVP_KDF\s0\fR\|(3). +.ie n .IP """n"" (\fB\s-1OSSL_KDF_PARAM_SCRYPT_N\s0\fR) " 4 +.el .IP "``n'' (\fB\s-1OSSL_KDF_PARAM_SCRYPT_N\s0\fR) " 4 +.IX Item "n (OSSL_KDF_PARAM_SCRYPT_N) " +.PD 0 +.ie n .IP """r"" (\fB\s-1OSSL_KDF_PARAM_SCRYPT_R\s0\fR) " 4 +.el .IP "``r'' (\fB\s-1OSSL_KDF_PARAM_SCRYPT_R\s0\fR) " 4 +.IX Item "r (OSSL_KDF_PARAM_SCRYPT_R) " +.ie n .IP """p"" (\fB\s-1OSSL_KDF_PARAM_SCRYPT_P\s0\fR) " 4 +.el .IP "``p'' (\fB\s-1OSSL_KDF_PARAM_SCRYPT_P\s0\fR) " 4 +.IX Item "p (OSSL_KDF_PARAM_SCRYPT_P) " +.PD +These parameters configure the scrypt work factors N, r and p. +N is a parameter of type \fBuint64_t\fR. +Both r and p are parameters of type \fBuint32_t\fR. +.SH "NOTES" +.IX Header "NOTES" +A context for scrypt can be obtained by calling: +.PP +.Vb 2 +\& EVP_KDF *kdf = EVP_KDF_fetch(NULL, "SCRYPT", NULL); +\& EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf); +.Ve +.PP +The output length of an scrypt key derivation is specified via the +\&\*(L"keylen\*(R" parameter to the \fIEVP_KDF_derive\fR\|(3) function. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This example derives a 64\-byte long test vector using scrypt with the password +\&\*(L"password\*(R", salt \*(L"NaCl\*(R" and N = 1024, r = 8, p = 16. +.PP +.Vb 4 +\& EVP_KDF *kdf; +\& EVP_KDF_CTX *kctx; +\& unsigned char out[64]; +\& OSSL_PARAM params[6], *p = params; +\& +\& kdf = EVP_KDF_fetch(NULL, "SCRYPT", NULL); +\& kctx = EVP_KDF_CTX_new(kdf); +\& EVP_KDF_free(kdf); +\& +\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD, +\& "password", (size_t)8); +\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, +\& "NaCl", (size_t)4); +\& *p++ = OSSL_PARAM_construct_uint64(OSSL_KDF_PARAM_SCRYPT_N, (uint64_t)1024); +\& *p++ = OSSL_PARAM_construct_uint32(OSSL_KDF_PARAM_SCRYPT_R, (uint32_t)8); +\& *p++ = OSSL_PARAM_construct_uint32(OSSL_KDF_PARAM_SCRYPT_P, (uint32_t)16); +\& *p = OSSL_PARAM_construct_end(); +\& if (EVP_KDF_CTX_set_params(kctx, params) <= 0) { +\& error("EVP_KDF_CTX_set_params"); +\& } +\& if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) { +\& error("EVP_KDF_derive"); +\& } +\& +\& { +\& const unsigned char expected[sizeof(out)] = { +\& 0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00, +\& 0x78, 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe, +\& 0x7c, 0x6a, 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30, +\& 0xe7, 0x73, 0x76, 0x63, 0x4b, 0x37, 0x31, 0x62, +\& 0x2e, 0xaf, 0x30, 0xd9, 0x2e, 0x22, 0xa3, 0x88, +\& 0x6f, 0xf1, 0x09, 0x27, 0x9d, 0x98, 0x30, 0xda, +\& 0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d, +\& 0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40 +\& }; +\& +\& assert(!memcmp(out, expected, sizeof(out))); +\& } +\& +\& EVP_KDF_CTX_free(kctx); +.Ve +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1RFC\s0 7914 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fIEVP_KDF\s0\fR\|(3), +\&\fIEVP_KDF_CTX_new\fR\|(3), +\&\fIEVP_KDF_CTX_free\fR\|(3), +\&\fIEVP_KDF_CTX_set_params\fR\|(3), +\&\fIEVP_KDF_derive\fR\|(3), +\&\*(L"\s-1PARAMETERS\s0\*(R" in \s-1\fIEVP_KDF\s0\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man7/EVP_KDF-SS.7 b/linux_amd64/ssl/share/man/man7/EVP_KDF-SS.7 new file mode 100755 index 0000000..8c31f31 --- /dev/null +++ b/linux_amd64/ssl/share/man/man7/EVP_KDF-SS.7 @@ -0,0 +1,322 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_KDF-SS 7" +.TH EVP_KDF-SS 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_KDF\-SS \- The Single Step / One Step EVP_KDF implementation +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP_KDF\-SS\s0 algorithm implements the Single Step key derivation function (\s-1SSKDF\s0). +\&\s-1SSKDF\s0 derives a key using input such as a shared secret key (that was generated +during the execution of a key establishment scheme) and fixedinfo. +\&\s-1SSKDF\s0 is also informally referred to as 'Concat \s-1KDF\s0'. +.SS "Auxiliary function" +.IX Subsection "Auxiliary function" +The implementation uses a selectable auxiliary function H, which can be one of: +.IP "\fBH(x) = hash(x, digest=md)\fR" 4 +.IX Item "H(x) = hash(x, digest=md)" +.PD 0 +.IP "\fBH(x) = HMAC_hash(x, key=salt, digest=md)\fR" 4 +.IX Item "H(x) = HMAC_hash(x, key=salt, digest=md)" +.ie n .IP "\fBH(x) = KMACxxx(x, key=salt, custom=""\s-1KDF\s0"", outlen=mac_size)\fR" 4 +.el .IP "\fBH(x) = KMACxxx(x, key=salt, custom=``\s-1KDF\s0'', outlen=mac_size)\fR" 4 +.IX Item "H(x) = KMACxxx(x, key=salt, custom=KDF, outlen=mac_size)" +.PD +.PP +Both the \s-1HMAC\s0 and \s-1KMAC\s0 implementations set the key using the 'salt' value. +The hash and \s-1HMAC\s0 also require the digest to be set. +.SS "Identity" +.IX Subsection "Identity" +\&\*(L"\s-1SSKDF\s0\*(R" is the name for this implementation; it +can be used with the \fIEVP_KDF_fetch()\fR function. +.SS "Supported parameters" +.IX Subsection "Supported parameters" +The supported parameters are: +.ie n .IP """properties"" (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``properties'' (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "properties (OSSL_KDF_PARAM_PROPERTIES) " +.PD 0 +.ie n .IP """digest"" (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``digest'' (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "digest (OSSL_KDF_PARAM_DIGEST) " +.ie n .IP """mac"" (\fB\s-1OSSL_KDF_PARAM_MAC\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``mac'' (\fB\s-1OSSL_KDF_PARAM_MAC\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "mac (OSSL_KDF_PARAM_MAC) " +.ie n .IP """maclen"" (\fB\s-1OSSL_KDF_PARAM_MAC_SIZE\s0\fR) " 4 +.el .IP "``maclen'' (\fB\s-1OSSL_KDF_PARAM_MAC_SIZE\s0\fR) " 4 +.IX Item "maclen (OSSL_KDF_PARAM_MAC_SIZE) " +.ie n .IP """salt"" (\fB\s-1OSSL_KDF_PARAM_SALT\s0\fR) " 4 +.el .IP "``salt'' (\fB\s-1OSSL_KDF_PARAM_SALT\s0\fR) " 4 +.IX Item "salt (OSSL_KDF_PARAM_SALT) " +.PD +These parameters work as described in \*(L"\s-1PARAMETERS\s0\*(R" in \s-1\fIEVP_KDF\s0\fR\|(3). +.ie n .IP """key"" (\fB\s-1EVP_KDF_CTRL_SET_KEY\s0\fR) " 4 +.el .IP "``key'' (\fB\s-1EVP_KDF_CTRL_SET_KEY\s0\fR) " 4 +.IX Item "key (EVP_KDF_CTRL_SET_KEY) " +This parameter set the shared secret that is used for key derivation. +.ie n .IP """info"" (\fB\s-1OSSL_KDF_PARAM_INFO\s0\fR) " 4 +.el .IP "``info'' (\fB\s-1OSSL_KDF_PARAM_INFO\s0\fR) " 4 +.IX Item "info (OSSL_KDF_PARAM_INFO) " +This parameter sets an optional value for fixedinfo, also known as otherinfo. +.SH "NOTES" +.IX Header "NOTES" +A context for \s-1SSKDF\s0 can be obtained by calling: +.PP +.Vb 2 +\& EVP_KDF *kdf = EVP_KDF_fetch(NULL, "SSKDF", NULL); +\& EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf); +.Ve +.PP +The output length of an \s-1SSKDF\s0 is specified via the \fIkeylen\fR +parameter to the \fIEVP_KDF_derive\fR\|(3) function. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This example derives 10 bytes using H(x) = \s-1SHA\-256\s0, with the secret key \*(L"secret\*(R" +and fixedinfo value \*(L"label\*(R": +.PP +.Vb 4 +\& EVP_KDF *kdf; +\& EVP_KDF_CTX *kctx; +\& unsigned char out[10]; +\& OSSL_PARAM params[4], *p = params; +\& +\& kdf = EVP_KDF_fetch(NULL, "SSKDF", NULL); +\& kctx = EVP_KDF_CTX_new(kdf); +\& EVP_KDF_free(kdf); +\& +\& *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, +\& SN_sha256, strlen(SN_sha256)); +\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, +\& "secret", (size_t)6); +\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, +\& "label", (size_t)5); +\& *p = OSSL_PARAM_construct_end(); +\& if (EVP_KDF_CTX_set_params(kctx, params) <= 0) { +\& error("EVP_KDF_CTX_set_params"); +\& } +\& if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) { +\& error("EVP_KDF_derive"); +\& } +\& +\& EVP_KDF_CTX_free(kctx); +.Ve +.PP +This example derives 10 bytes using H(x) = \s-1HMAC\s0(\s-1SHA\-256\s0), with the secret key \*(L"secret\*(R", +fixedinfo value \*(L"label\*(R" and salt \*(L"salt\*(R": +.PP +.Vb 4 +\& EVP_KDF *kdf; +\& EVP_KDF_CTX *kctx; +\& unsigned char out[10]; +\& OSSL_PARAM params[6], *p = params; +\& +\& kdf = EVP_KDF_fetch(NULL, "SSKDF", NULL); +\& kctx = EVP_KDF_CTX_new(kdf); +\& EVP_KDF_free(kdf); +\& +\& *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC, +\& SN_hmac, strlen(SN_hmac)); +\& *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, +\& SN_sha256, strlen(SN_sha256)); +\& *p++ = OSSL_PARAM_construct_octet_string(EVP_KDF_CTRL_SET_KEY, +\& "secret", (size_t)6); +\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, +\& "label", (size_t)5); +\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, +\& "salt", (size_t)4); +\& *p = OSSL_PARAM_construct_end(); +\& if (EVP_KDF_CTX_set_params(kctx, params) <= 0) { +\& error("EVP_KDF_CTX_set_params"); +\& } +\& if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) { +\& error("EVP_KDF_derive"); +\& } +\& +\& EVP_KDF_CTX_free(kctx); +.Ve +.PP +This example derives 10 bytes using H(x) = \s-1KMAC128\s0(x,salt,outlen), with the secret key \*(L"secret\*(R" +fixedinfo value \*(L"label\*(R", salt of \*(L"salt\*(R" and \s-1KMAC\s0 outlen of 20: +.PP +.Vb 4 +\& EVP_KDF *kdf; +\& EVP_KDF_CTX *kctx; +\& unsigned char out[10]; +\& OSSL_PARAM params[7], *p = params; +\& +\& kdf = EVP_KDF_fetch(NULL, "SSKDF", NULL); +\& kctx = EVP_KDF_CTX_new(kdf); +\& EVP_KDF_free(kdf); +\& +\& *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC, +\& SN_kmac128, strlen(SN_kmac128)); +\& *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, +\& SN_sha256, strlen(SN_sha256)); +\& *p++ = OSSL_PARAM_construct_octet_string(EVP_KDF_CTRL_SET_KEY, +\& "secret", (size_t)6); +\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, +\& "label", (size_t)5); +\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, +\& "salt", (size_t)4); +\& *p++ = OSSL_PARAM_construct_size_t(OSSL_KDF_PARAM_MAC_SIZE, (size_t)20); +\& *p = OSSL_PARAM_construct_end(); +\& if (EVP_KDF_CTX_set_params(kctx, params) <= 0) { +\& error("EVP_KDF_CTX_set_params"); +\& } +\& if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) { +\& error("EVP_KDF_derive"); +\& } +\& +\& EVP_KDF_CTX_free(kctx); +.Ve +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1NIST\s0 SP800\-56Cr1. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fIEVP_KDF\s0\fR\|(3), +\&\fIEVP_KDF_CTX_new\fR\|(3), +\&\fIEVP_KDF_CTX_free\fR\|(3), +\&\fIEVP_KDF_CTX_set_params\fR\|(3), +\&\fIEVP_KDF_size\fR\|(3), +\&\fIEVP_KDF_derive\fR\|(3), +\&\*(L"\s-1PARAMETERS\s0\*(R" in \s-1\fIEVP_KDF\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +This functionality was added to OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. Copyright +(c) 2019, Oracle and/or its affiliates. All rights reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man7/EVP_KDF-SSHKDF.7 b/linux_amd64/ssl/share/man/man7/EVP_KDF-SSHKDF.7 new file mode 100755 index 0000000..63b0789 --- /dev/null +++ b/linux_amd64/ssl/share/man/man7/EVP_KDF-SSHKDF.7 @@ -0,0 +1,276 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_KDF-SSHKDF 7" +.TH EVP_KDF-SSHKDF 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_KDF\-SSHKDF \- The SSHKDF EVP_KDF implementation +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Support for computing the \fB\s-1SSHKDF\s0\fR \s-1KDF\s0 through the \fB\s-1EVP_KDF\s0\fR \s-1API\s0. +.PP +The \s-1EVP_KDF\-SSHKDF\s0 algorithm implements the \s-1SSHKDF\s0 key derivation function. +It is defined in \s-1RFC\s0 4253, section 7.2 and is used by \s-1SSH\s0 to derive IVs, +encryption keys and integrity keys. +Five inputs are required to perform key derivation: The hashing function +(for example \s-1SHA256\s0), the Initial Key, the Exchange Hash, the Session \s-1ID\s0, +and the derivation key type. +.SS "Identity" +.IX Subsection "Identity" +\&\*(L"\s-1SSHKDF\s0\*(R" is the name for this implementation; it +can be used with the \fIEVP_KDF_fetch()\fR function. +.SS "Supported parameters" +.IX Subsection "Supported parameters" +The supported parameters are: +.ie n .IP """properties"" (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``properties'' (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "properties (OSSL_KDF_PARAM_PROPERTIES) " +.PD 0 +.ie n .IP """digest"" (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``digest'' (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "digest (OSSL_KDF_PARAM_DIGEST) " +.ie n .IP """key"" (\fB\s-1OSSL_KDF_PARAM_KEY\s0\fR) " 4 +.el .IP "``key'' (\fB\s-1OSSL_KDF_PARAM_KEY\s0\fR) " 4 +.IX Item "key (OSSL_KDF_PARAM_KEY) " +.PD +These parameters work as described in \*(L"\s-1PARAMETERS\s0\*(R" in \s-1\fIEVP_KDF\s0\fR\|(3). +.ie n .IP """xcghash"" (\fB\s-1OSSL_KDF_PARAM_SSHKDF_XCGHASH\s0\fR) " 4 +.el .IP "``xcghash'' (\fB\s-1OSSL_KDF_PARAM_SSHKDF_XCGHASH\s0\fR) " 4 +.IX Item "xcghash (OSSL_KDF_PARAM_SSHKDF_XCGHASH) " +.PD 0 +.ie n .IP """session_id"" (\fB\s-1OSSL_KDF_PARAM_SSHKDF_SESSION_ID\s0\fR) " 4 +.el .IP "``session_id'' (\fB\s-1OSSL_KDF_PARAM_SSHKDF_SESSION_ID\s0\fR) " 4 +.IX Item "session_id (OSSL_KDF_PARAM_SSHKDF_SESSION_ID) " +.PD +These parameters set the respective values for the \s-1KDF\s0. +If a value is already set, the contents are replaced. +.ie n .IP """type"" (\fB\s-1OSSL_KDF_PARAM_SSHKDF_TYPE\s0\fR) " 4 +.el .IP "``type'' (\fB\s-1OSSL_KDF_PARAM_SSHKDF_TYPE\s0\fR) " 4 +.IX Item "type (OSSL_KDF_PARAM_SSHKDF_TYPE) " +This parameter sets the type for the \s-1SSHHKDF\s0 operation. +There are six supported types: +.RS 4 +.IP "\s-1EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV\s0" 4 +.IX Item "EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV" +The Initial \s-1IV\s0 from client to server. +A single char of value 65 (\s-1ASCII\s0 char 'A'). +.IP "\s-1EVP_KDF_SSHKDF_TYPE_INITIAL_IV_SRV_TO_CLI\s0" 4 +.IX Item "EVP_KDF_SSHKDF_TYPE_INITIAL_IV_SRV_TO_CLI" +The Initial \s-1IV\s0 from server to client +A single char of value 66 (\s-1ASCII\s0 char 'B'). +.IP "\s-1EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_CLI_TO_SRV\s0" 4 +.IX Item "EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_CLI_TO_SRV" +The Encryption Key from client to server +A single char of value 67 (\s-1ASCII\s0 char 'C'). +.IP "\s-1EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_SRV_TO_CLI\s0" 4 +.IX Item "EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_SRV_TO_CLI" +The Encryption Key from server to client +A single char of value 68 (\s-1ASCII\s0 char 'D'). +.IP "\s-1EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_CLI_TO_SRV\s0" 4 +.IX Item "EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_CLI_TO_SRV" +The Integrity Key from client to server +A single char of value 69 (\s-1ASCII\s0 char 'E'). +.IP "\s-1EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_SRV_TO_CLI\s0" 4 +.IX Item "EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_SRV_TO_CLI" +The Integrity Key from client to server +A single char of value 70 (\s-1ASCII\s0 char 'F'). +.RE +.RS 4 +.RE +.SH "NOTES" +.IX Header "NOTES" +A context for \s-1SSHKDF\s0 can be obtained by calling: +.PP +.Vb 2 +\& EVP_KDF *kdf = EVP_KDF_fetch(NULL, "SSHKDF", NULL); +\& EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf); +.Ve +.PP +The output length of the \s-1SSHKDF\s0 derivation is specified via the \fIkeylen\fR +parameter to the \fIEVP_KDF_derive\fR\|(3) function. +Since the \s-1SSHKDF\s0 output length is variable, calling \fIEVP_KDF_size\fR\|(3) +to obtain the requisite length is not meaningful. The caller must +allocate a buffer of the desired length, and pass that buffer to the +\&\fIEVP_KDF_derive\fR\|(3) function along with the desired length. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This example derives an 8 byte \s-1IV\s0 using \s-1SHA\-256\s0 with a 1K \*(L"key\*(R" and appropriate +\&\*(L"xcghash\*(R" and \*(L"session_id\*(R" values: +.PP +.Vb 8 +\& EVP_KDF *kdf; +\& EVP_KDF_CTX *kctx; +\& unsigned char key[1024] = "01234..."; +\& unsigned char xcghash[32] = "012345..."; +\& unsigned char session_id[32] = "012345..."; +\& unsigned char out[8]; +\& size_t outlen = sizeof(out); +\& OSSL_PARAM params[6], *p = params; +\& +\& kdf = EVP_KDF_fetch(NULL, "SSHKDF", NULL); +\& kctx = EVP_KDF_CTX_new(kdf); +\& EVP_KDF_free(kdf); +\& +\& *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, +\& SN_sha256, strlen(SN_sha256)); +\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, +\& key, (size_t)1024); +\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SSHKDF_XCGHASH, +\& xcghash, (size_t)32); +\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, +\& session_id, (size_t)32); +\& *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_SSHKDF_TYPE, +\& EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV); +\& *p = OSSL_PARAM_construct_end(); +\& if (EVP_KDF_CTX_set_params(kctx, params) <= 0) +\& /* Error */ +\& +\& if (EVP_KDF_derive(kctx, out, &outlen) <= 0) +\& /* Error */ +.Ve +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1RFC\s0 4253 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fIEVP_KDF\s0\fR\|(3), +\&\fIEVP_KDF_CTX_new\fR\|(3), +\&\fIEVP_KDF_CTX_free\fR\|(3), +\&\fIEVP_KDF_CTX_set_params\fR\|(3), +\&\fIEVP_KDF_size\fR\|(3), +\&\fIEVP_KDF_derive\fR\|(3), +\&\*(L"\s-1PARAMETERS\s0\*(R" in \s-1\fIEVP_KDF\s0\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man7/EVP_KDF-TLS1_PRF.7 b/linux_amd64/ssl/share/man/man7/EVP_KDF-TLS1_PRF.7 new file mode 100755 index 0000000..14ad60b --- /dev/null +++ b/linux_amd64/ssl/share/man/man7/EVP_KDF-TLS1_PRF.7 @@ -0,0 +1,234 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_KDF-TLS1_PRF 7" +.TH EVP_KDF-TLS1_PRF 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_KDF\-TLS1_PRF \- The TLS1 PRF EVP_KDF implementation +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Support for computing the \fB\s-1TLS1\s0\fR \s-1PRF\s0 through the \fB\s-1EVP_KDF\s0\fR \s-1API\s0. +.PP +The \s-1EVP_KDF\-TLS1_PRF\s0 algorithm implements the \s-1PRF\s0 used by \s-1TLS\s0 versions up to +and including \s-1TLS\s0 1.2. +.SS "Identity" +.IX Subsection "Identity" +\&\*(L"\s-1TLS1\-PRF\s0\*(R" is the name for this implementation; it +can be used with the \fIEVP_KDF_fetch()\fR function. +.SS "Supported parameters" +.IX Subsection "Supported parameters" +The supported parameters are: +.ie n .IP """properties"" (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``properties'' (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "properties (OSSL_KDF_PARAM_PROPERTIES) " +.PD 0 +.ie n .IP """digest"" (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``digest'' (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "digest (OSSL_KDF_PARAM_DIGEST) " +.PD +These parameters work as described in \*(L"\s-1PARAMETERS\s0\*(R" in \s-1\fIEVP_KDF\s0\fR\|(3). +.Sp +The \fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR parameter is used to set the message digest +associated with the \s-1TLS\s0 \s-1PRF\s0. +\&\fIEVP_md5_sha1()\fR is treated as a special case which uses the +\&\s-1PRF\s0 algorithm using both \fB\s-1MD5\s0\fR and \fB\s-1SHA1\s0\fR as used in \s-1TLS\s0 1.0 and 1.1. +.ie n .IP """secret"" (\fB\s-1OSSL_KDF_PARAM_SECRET\s0\fR) " 4 +.el .IP "``secret'' (\fB\s-1OSSL_KDF_PARAM_SECRET\s0\fR) " 4 +.IX Item "secret (OSSL_KDF_PARAM_SECRET) " +This parameter sets the secret value of the \s-1TLS\s0 \s-1PRF\s0. +Any existing secret value is replaced. +.ie n .IP """seed"" (\fB\s-1OSSL_KDF_PARAM_SEED\s0\fR) " 4 +.el .IP "``seed'' (\fB\s-1OSSL_KDF_PARAM_SEED\s0\fR) " 4 +.IX Item "seed (OSSL_KDF_PARAM_SEED) " +This parameter sets the context seed. +The length of the context seed cannot exceed 1024 bytes; +this should be more than enough for any normal use of the \s-1TLS\s0 \s-1PRF\s0. +.SH "NOTES" +.IX Header "NOTES" +A context for the \s-1TLS\s0 \s-1PRF\s0 can be obtained by calling: +.PP +.Vb 2 +\& EVP_KDF *kdf = EVP_KDF_fetch(NULL, "TLS1\-PRF", NULL); +\& EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf); +.Ve +.PP +The digest, secret value and seed must be set before a key is derived otherwise +an error will occur. +.PP +The output length of the \s-1PRF\s0 is specified by the \fIkeylen\fR parameter to the +\&\fIEVP_KDF_derive()\fR function. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This example derives 10 bytes using \s-1SHA\-256\s0 with the secret key \*(L"secret\*(R" +and seed value \*(L"seed\*(R": +.PP +.Vb 4 +\& EVP_KDF *kdf; +\& EVP_KDF_CTX *kctx; +\& unsigned char out[10]; +\& OSSL_PARAM params[4], *p = params; +\& +\& kdf = EVP_KDF_fetch(NULL, "TLS1\-PRF", NULL); +\& kctx = EVP_KDF_CTX_new(kdf); +\& EVP_KDF_free(kdf); +\& +\& *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, +\& SN_sha256, strlen(SN_sha256)); +\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET, +\& "secret", (size_t)6); +\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED, +\& "seed", (size_t)4); +\& *p = OSSL_PARAM_construct_end(); +\& if (EVP_KDF_CTX_set_params(kctx, params) <= 0) { +\& error("EVP_KDF_CTX_set_params"); +\& } +\& if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) { +\& error("EVP_KDF_derive"); +\& } +\& EVP_KDF_CTX_free(kctx); +.Ve +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1RFC\s0 2246, \s-1RFC\s0 5246 and \s-1NIST\s0 \s-1SP\s0 800\-135 r1 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fIEVP_KDF\s0\fR\|(3), +\&\fIEVP_KDF_CTX_new\fR\|(3), +\&\fIEVP_KDF_CTX_free\fR\|(3), +\&\fIEVP_KDF_CTX_set_params\fR\|(3), +\&\fIEVP_KDF_derive\fR\|(3), +\&\*(L"\s-1PARAMETERS\s0\*(R" in \s-1\fIEVP_KDF\s0\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man7/EVP_KDF-X942.7 b/linux_amd64/ssl/share/man/man7/EVP_KDF-X942.7 new file mode 100755 index 0000000..5c2d79f --- /dev/null +++ b/linux_amd64/ssl/share/man/man7/EVP_KDF-X942.7 @@ -0,0 +1,242 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_KDF-X942 7" +.TH EVP_KDF-X942 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_KDF\-X942 \- The X9.42\-2001 asn1 EVP_KDF implementation +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP_KDF\-X942\s0 algorithm implements the key derivation function (X942KDF). +X942KDF is used by Cryptographic Message Syntax (\s-1CMS\s0) for \s-1DH\s0 KeyAgreement, to +derive a key using input such as a shared secret key and other info. The other +info is \s-1DER\s0 encoded data that contains a 32 bit counter. +.SS "Identity" +.IX Subsection "Identity" +\&\*(L"X942KDF\*(R" is the name for this implementation; it +can be used with the \fIEVP_KDF_fetch()\fR function. +.SS "Supported parameters" +.IX Subsection "Supported parameters" +The supported parameters are: +.ie n .IP """properties"" (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``properties'' (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "properties (OSSL_KDF_PARAM_PROPERTIES) " +.PD 0 +.ie n .IP """digest"" (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``digest'' (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "digest (OSSL_KDF_PARAM_DIGEST) " +.PD +These parameters work as described in \*(L"\s-1PARAMETERS\s0\*(R" in \s-1\fIEVP_KDF\s0\fR\|(3). +.ie n .IP """key"" (\fB\s-1OSSL_KDF_PARAM_KEY\s0\fR) " 4 +.el .IP "``key'' (\fB\s-1OSSL_KDF_PARAM_KEY\s0\fR) " 4 +.IX Item "key (OSSL_KDF_PARAM_KEY) " +The shared secret used for key derivation. This parameter sets the secret. +.ie n .IP """ukm"" (\fB\s-1OSSL_KDF_PARAM_UKM\s0\fR) " 4 +.el .IP "``ukm'' (\fB\s-1OSSL_KDF_PARAM_UKM\s0\fR) " 4 +.IX Item "ukm (OSSL_KDF_PARAM_UKM) " +This parameter is an optional random string that is provided +by the sender called \*(L"partyAInfo\*(R". +In \s-1CMS\s0 this is the user keying material. +.ie n .IP """cekalg"" (\fB\s-1OSSL_KDF_PARAM_CEK_ALG\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``cekalg'' (\fB\s-1OSSL_KDF_PARAM_CEK_ALG\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "cekalg (OSSL_KDF_PARAM_CEK_ALG) " +This parameter sets the \s-1CEK\s0 wrapping algorithm name. +.SH "NOTES" +.IX Header "NOTES" +A context for X942KDF can be obtained by calling: +.PP +.Vb 2 +\& EVP_KDF *kdf = EVP_KDF_fetch(NULL, "X942KDF", NULL); +\& EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf); +.Ve +.PP +The output length of an X942KDF is specified via the \fIkeylen\fR +parameter to the \fIEVP_KDF_derive\fR\|(3) function. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This example derives 24 bytes, with the secret key \*(L"secret\*(R" and a random user +keying material: +.PP +.Vb 5 +\& EVP_KDF_CTX *kctx; +\& EVP_KDF_CTX *kctx; +\& unsigned char out[192/8]; +\& unsignred char ukm[64]; +\& OSSL_PARAM params[5], *p = params; +\& +\& if (RAND_bytes(ukm, sizeof(ukm)) <= 0) +\& error("RAND_bytes"); +\& +\& kdf = EVP_KDF_fetch(NULL, "X942KDF", NULL); +\& if (kctx == NULL) +\& error("EVP_KDF_fetch"); +\& kctx = EVP_KDF_CTX_new(kdf); +\& if (kctx == NULL) +\& error("EVP_KDF_CTX_new"); +\& EVP_KDF_free(kdf); +\& +\& *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, +\& SN_sha256, strlen(SN_sha256)); +\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET, +\& "secret", (size_t)6); +\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_UKM, ukm, sizeof(ukm)); +\& *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CEK_ALG, +\& SN_id_smime_alg_CMS3DESwrap, +\& strlen(SN_id_smime_alg_CMS3DESwrap)); +\& *p = OSSL_PARAM_construct_end(); +\& if (EVP_KDF_CTX_set_params(kctx, params) <= 0) +\& error("EVP_KDF_CTX_set_params"); +\& if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) +\& error("EVP_KDF_derive"); +\& +\& EVP_KDF_CTX_free(kctx); +.Ve +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1RFC\s0 2631 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fIEVP_KDF\s0\fR\|(3), +\&\fIEVP_KDF_CTX_new\fR\|(3), +\&\fIEVP_KDF_CTX_free\fR\|(3), +\&\fIEVP_KDF_CTX_set_params\fR\|(3), +\&\fIEVP_KDF_size\fR\|(3), +\&\fIEVP_KDF_derive\fR\|(3), +\&\*(L"\s-1PARAMETERS\s0\*(R" in \s-1\fIEVP_KDF\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +This functionality was added to OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man7/EVP_KDF-X963.7 b/linux_amd64/ssl/share/man/man7/EVP_KDF-X963.7 new file mode 100755 index 0000000..b532b29 --- /dev/null +++ b/linux_amd64/ssl/share/man/man7/EVP_KDF-X963.7 @@ -0,0 +1,231 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_KDF-X963 7" +.TH EVP_KDF-X963 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_KDF\-X963 \- The X9.63\-2001 EVP_KDF implementation +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP_KDF\-X963\s0 algorithm implements the key derivation function (X963KDF). +X963KDF is used by Cryptographic Message Syntax (\s-1CMS\s0) for \s-1EC\s0 KeyAgreement, to +derive a key using input such as a shared secret key and shared info. +.SS "Identity" +.IX Subsection "Identity" +\&\*(L"X963KDF\*(R" is the name for this implementation; it +can be used with the \fIEVP_KDF_fetch()\fR function. +.SS "Supported parameters" +.IX Subsection "Supported parameters" +The supported parameters are: +.ie n .IP """properties"" (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``properties'' (\fB\s-1OSSL_KDF_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "properties (OSSL_KDF_PARAM_PROPERTIES) " +.PD 0 +.ie n .IP """digest"" (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``digest'' (\fB\s-1OSSL_KDF_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "digest (OSSL_KDF_PARAM_DIGEST) " +.PD +These parameters work as described in \*(L"\s-1PARAMETERS\s0\*(R" in \s-1\fIEVP_KDF\s0\fR\|(3). +.ie n .IP """key"" (\fB\s-1OSSL_KDF_PARAM_KEY\s0\fR) " 4 +.el .IP "``key'' (\fB\s-1OSSL_KDF_PARAM_KEY\s0\fR) " 4 +.IX Item "key (OSSL_KDF_PARAM_KEY) " +The shared secret used for key derivation. +This parameter sets the secret. +.ie n .IP """info"" (\fB\s-1OSSL_KDF_PARAM_INFO\s0\fR) " 4 +.el .IP "``info'' (\fB\s-1OSSL_KDF_PARAM_INFO\s0\fR) " 4 +.IX Item "info (OSSL_KDF_PARAM_INFO) " +This parameter specifies an optional value for shared info. +.SH "NOTES" +.IX Header "NOTES" +X963KDF is very similar to the \s-1SSKDF\s0 that uses a digest as the auxiliary function, +X963KDF appends the counter to the secret, whereas \s-1SSKDF\s0 prepends the counter. +.PP +A context for X963KDF can be obtained by calling: +.PP +.Vb 2 +\& EVP_KDF *kdf = EVP_KDF_fetch(NULL, "X963KDF", NULL); +\& EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf); +.Ve +.PP +The output length of an X963KDF is specified via the \fIkeylen\fR +parameter to the \fIEVP_KDF_derive\fR\|(3) function. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This example derives 10 bytes, with the secret key \*(L"secret\*(R" and sharedinfo +value \*(L"label\*(R": +.PP +.Vb 4 +\& EVP_KDF *kdf; +\& EVP_KDF_CTX *kctx; +\& unsigned char out[10]; +\& OSSL_PARAM params[4], *p = params; +\& +\& kdf = EVP_KDF_fetch(NULL, "X963KDF", NULL); +\& kctx = EVP_KDF_CTX_new(kdf); +\& EVP_KDF_free(kdf); +\& +\& *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, +\& SN_sha256, strlen(SN_sha256)); +\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET, +\& "secret", (size_t)6); +\& *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, +\& "label", (size_t)5); +\& *p = OSSL_PARAM_construct_end(); +\& if (EVP_KDF_CTX_set_params(kctx, params) <= 0) { +\& error("EVP_KDF_CTX_set_params"); +\& } +\& if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) { +\& error("EVP_KDF_derive"); +\& } +\& +\& EVP_KDF_CTX_free(kctx); +.Ve +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\*(L"\s-1SEC\s0 1: Elliptic Curve Cryptography\*(R" +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fIEVP_KDF\s0\fR\|(3), +\&\fIEVP_KDF_CTX_new\fR\|(3), +\&\fIEVP_KDF_CTX_free\fR\|(3), +\&\fIEVP_KDF_CTX_set_params\fR\|(3), +\&\fIEVP_KDF_size\fR\|(3), +\&\fIEVP_KDF_derive\fR\|(3), +\&\*(L"\s-1PARAMETERS\s0\*(R" in \s-1\fIEVP_KDF\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +This functionality was added to OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man7/EVP_MAC-BLAKE2.7 b/linux_amd64/ssl/share/man/man7/EVP_MAC-BLAKE2.7 new file mode 100755 index 0000000..fd33c20 --- /dev/null +++ b/linux_amd64/ssl/share/man/man7/EVP_MAC-BLAKE2.7 @@ -0,0 +1,196 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_MAC-BLAKE2 7" +.TH EVP_MAC-BLAKE2 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_MAC\-BLAKE2, EVP_MAC\-BLAKE2BMAC, EVP_MAC\-BLAKE2SMAC +\&\- The BLAKE2 EVP_MAC implementations +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Support for computing \s-1BLAKE2\s0 MACs through the \fB\s-1EVP_MAC\s0\fR \s-1API\s0. +.SS "Identity" +.IX Subsection "Identity" +These implementations are identified with one of these names and +properties, to be used with \fIEVP_MAC_fetch()\fR: +.ie n .IP """\s-1BLAKE2BMAC\s0"", ""provider=default""" 4 +.el .IP "``\s-1BLAKE2BMAC\s0'', ``provider=default''" 4 +.IX Item "BLAKE2BMAC, provider=default" +.PD 0 +.ie n .IP """\s-1BLAKE2SMAC\s0"", ""provider=default""" 4 +.el .IP "``\s-1BLAKE2SMAC\s0'', ``provider=default''" 4 +.IX Item "BLAKE2SMAC, provider=default" +.PD +.SS "Supported parameters" +.IX Subsection "Supported parameters" +The general description of these parameters can be found in +\&\*(L"\s-1PARAMETERS\s0\*(R" in \s-1\fIEVP_MAC\s0\fR\|(3). +.PP +All these parameters can be set with \fIEVP_MAC_CTX_set_params()\fR. +Furthermore, the \*(L"size\*(R" parameter can be retrieved with +\&\fIEVP_MAC_CTX_get_params()\fR, or with \fIEVP_MAC_size()\fR. +The length of the \*(L"size\*(R" parameter should not exceed that of a \fBsize_t\fR. +.ie n .IP """key"" (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) " 4 +.el .IP "``key'' (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) " 4 +.IX Item "key (OSSL_MAC_PARAM_KEY) " +This may be at most 64 bytes for \s-1BLAKE2BMAC\s0 or 32 for \s-1BLAKE2SMAC\s0 and +at least 1 byte in both cases. +.ie n .IP """custom"" (\fB\s-1OSSL_MAC_PARAM_CUSTOM\s0\fR) " 4 +.el .IP "``custom'' (\fB\s-1OSSL_MAC_PARAM_CUSTOM\s0\fR) " 4 +.IX Item "custom (OSSL_MAC_PARAM_CUSTOM) " +This is an optional value of at most 16 bytes for \s-1BLAKE2BMAC\s0 or 8 for +\&\s-1BLAKE2SMAC\s0. +It is empty by default. +.ie n .IP """salt"" (\fB\s-1OSSL_MAC_PARAM_SALT\s0\fR) " 4 +.el .IP "``salt'' (\fB\s-1OSSL_MAC_PARAM_SALT\s0\fR) " 4 +.IX Item "salt (OSSL_MAC_PARAM_SALT) " +This is an optional value of at most 16 bytes for \s-1BLAKE2BMAC\s0 or 8 for +\&\s-1BLAKE2SMAC\s0. +It is empty by default. +.ie n .IP """size"" (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) " 4 +.el .IP "``size'' (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) " 4 +.IX Item "size (OSSL_MAC_PARAM_SIZE) " +When set, this can be any number between between 1 and 32 for +\&\s-1EVP_MAC_BLAKE2S\s0 or 64 for \s-1EVP_MAC_BLAKE2B\s0. +It is 32 and 64 respectively by default. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_MAC_CTX_get_params\fR\|(3), \fIEVP_MAC_CTX_set_params\fR\|(3), +\&\*(L"\s-1PARAMETERS\s0\*(R" in \s-1\fIEVP_MAC\s0\fR\|(3), \s-1\fIOSSL_PARAM\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The macros and functions described here were added to OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man7/EVP_MAC-CMAC.7 b/linux_amd64/ssl/share/man/man7/EVP_MAC-CMAC.7 new file mode 100755 index 0000000..a9dde07 --- /dev/null +++ b/linux_amd64/ssl/share/man/man7/EVP_MAC-CMAC.7 @@ -0,0 +1,181 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_MAC-CMAC 7" +.TH EVP_MAC-CMAC 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_MAC\-CMAC \- The CMAC EVP_MAC implementation +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Support for computing \s-1CMAC\s0 MACs through the \fB\s-1EVP_MAC\s0\fR \s-1API\s0. +.SS "Identity" +.IX Subsection "Identity" +This implementation is identified with this name and properties, to be +used with \fIEVP_MAC_fetch()\fR: +.ie n .IP """\s-1CMAC\s0"", ""provider=default"" or ""provider=fips""" 4 +.el .IP "``\s-1CMAC\s0'', ``provider=default'' or ``provider=fips''" 4 +.IX Item "CMAC, provider=default or provider=fips" +.SS "Supported parameters" +.IX Subsection "Supported parameters" +The general description of these parameters can be found in +\&\*(L"\s-1PARAMETERS\s0\*(R" in \s-1\fIEVP_MAC\s0\fR\|(3). +.PP +The following parameter can be set with \fIEVP_MAC_CTX_set_params()\fR: +.ie n .IP """key"" (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) " 4 +.el .IP "``key'' (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) " 4 +.IX Item "key (OSSL_MAC_PARAM_KEY) " +.PD 0 +.ie n .IP """cipher"" (\fB\s-1OSSL_MAC_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``cipher'' (\fB\s-1OSSL_MAC_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "cipher (OSSL_MAC_PARAM_CIPHER) " +.ie n .IP """properties"" (\fB\s-1OSSL_MAC_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``properties'' (\fB\s-1OSSL_MAC_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "properties (OSSL_MAC_PARAM_PROPERTIES) " +.PD +.PP +The following parameters can be retrieved with +\&\fIEVP_MAC_CTX_get_params()\fR: +.ie n .IP """size"" (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) " 4 +.el .IP "``size'' (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) " 4 +.IX Item "size (OSSL_MAC_PARAM_SIZE) " +.PP +The \*(L"size\*(R" parameter can also be retrieved with with \fIEVP_MAC_size()\fR. +The length of the \*(L"size\*(R" parameter is equal to that of an \fBunsigned int\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_MAC_CTX_get_params\fR\|(3), \fIEVP_MAC_CTX_set_params\fR\|(3), +\&\*(L"\s-1PARAMETERS\s0\*(R" in \s-1\fIEVP_MAC\s0\fR\|(3), \s-1\fIOSSL_PARAM\s0\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man7/EVP_MAC-GMAC.7 b/linux_amd64/ssl/share/man/man7/EVP_MAC-GMAC.7 new file mode 100755 index 0000000..ec70f7c --- /dev/null +++ b/linux_amd64/ssl/share/man/man7/EVP_MAC-GMAC.7 @@ -0,0 +1,184 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_MAC-GMAC 7" +.TH EVP_MAC-GMAC 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_MAC\-GMAC \- The GMAC EVP_MAC implementation +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Support for computing \s-1GMAC\s0 MACs through the \fB\s-1EVP_MAC\s0\fR \s-1API\s0. +.SS "Identity" +.IX Subsection "Identity" +This implementation is identified with this name and properties, to be +used with \fIEVP_MAC_fetch()\fR: +.ie n .IP """\s-1GMAC\s0"", ""provider=default"" or ""provider=fips""" 4 +.el .IP "``\s-1GMAC\s0'', ``provider=default'' or ``provider=fips''" 4 +.IX Item "GMAC, provider=default or provider=fips" +.SS "Supported parameters" +.IX Subsection "Supported parameters" +The general description of these parameters can be found in +\&\*(L"\s-1PARAMETERS\s0\*(R" in \s-1\fIEVP_MAC\s0\fR\|(3). +.PP +The following parameter can be set with \fIEVP_MAC_CTX_set_params()\fR: +.ie n .IP """key"" (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) " 4 +.el .IP "``key'' (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) " 4 +.IX Item "key (OSSL_MAC_PARAM_KEY) " +.PD 0 +.ie n .IP """iv"" (\fB\s-1OSSL_MAC_PARAM_IV\s0\fR) " 4 +.el .IP "``iv'' (\fB\s-1OSSL_MAC_PARAM_IV\s0\fR) " 4 +.IX Item "iv (OSSL_MAC_PARAM_IV) " +.ie n .IP """cipher"" (\fB\s-1OSSL_MAC_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``cipher'' (\fB\s-1OSSL_MAC_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "cipher (OSSL_MAC_PARAM_CIPHER) " +.ie n .IP """properties"" (\fB\s-1OSSL_MAC_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``properties'' (\fB\s-1OSSL_MAC_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "properties (OSSL_MAC_PARAM_PROPERTIES) " +.PD +.PP +The following parameters can be retrieved with +\&\fIEVP_MAC_CTX_get_params()\fR: +.ie n .IP """size"" (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) " 4 +.el .IP "``size'' (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) " 4 +.IX Item "size (OSSL_MAC_PARAM_SIZE) " +.PP +The \*(L"size\*(R" parameter can also be retrieved with \fIEVP_MAC_size()\fR. +The length of the \*(L"size\*(R" parameter is equal to that of an \fBunsigned int\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_MAC_CTX_get_params\fR\|(3), \fIEVP_MAC_CTX_set_params\fR\|(3), +\&\*(L"\s-1PARAMETERS\s0\*(R" in \s-1\fIEVP_MAC\s0\fR\|(3), \s-1\fIOSSL_PARAM\s0\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man7/EVP_MAC-HMAC.7 b/linux_amd64/ssl/share/man/man7/EVP_MAC-HMAC.7 new file mode 100755 index 0000000..52e62ec --- /dev/null +++ b/linux_amd64/ssl/share/man/man7/EVP_MAC-HMAC.7 @@ -0,0 +1,186 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_MAC-HMAC 7" +.TH EVP_MAC-HMAC 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_MAC\-HMAC \- The HMAC EVP_MAC implementation +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Support for computing \s-1HMAC\s0 MACs through the \fB\s-1EVP_MAC\s0\fR \s-1API\s0. +.SS "Identity" +.IX Subsection "Identity" +This implementation is identified with this name and properties, to be +used with \fIEVP_MAC_fetch()\fR: +.ie n .IP """\s-1HMAC\s0"", ""provider=default"" or ""provider=fips""" 4 +.el .IP "``\s-1HMAC\s0'', ``provider=default'' or ``provider=fips''" 4 +.IX Item "HMAC, provider=default or provider=fips" +.SS "Supported parameters" +.IX Subsection "Supported parameters" +The general description of these parameters can be found in +\&\*(L"\s-1PARAMETERS\s0\*(R" in \s-1\fIEVP_MAC\s0\fR\|(3). +.PP +The following parameter can be set with \fIEVP_MAC_CTX_set_params()\fR: +.ie n .IP """key"" (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) " 4 +.el .IP "``key'' (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) " 4 +.IX Item "key (OSSL_MAC_PARAM_KEY) " +.PD 0 +.ie n .IP """flags"" (\fB\s-1OSSL_MAC_PARAM_FLAGS\s0\fR) " 4 +.el .IP "``flags'' (\fB\s-1OSSL_MAC_PARAM_FLAGS\s0\fR) " 4 +.IX Item "flags (OSSL_MAC_PARAM_FLAGS) " +.ie n .IP """digest"" (\fB\s-1OSSL_MAC_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``digest'' (\fB\s-1OSSL_MAC_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "digest (OSSL_MAC_PARAM_DIGEST) " +.ie n .IP """properties"" (\fB\s-1OSSL_MAC_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``properties'' (\fB\s-1OSSL_MAC_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "properties (OSSL_MAC_PARAM_PROPERTIES) " +.PD +.PP +The \*(L"flags\*(R" parameter is passed directly to \fIHMAC_CTX_set_flags()\fR. +.PP +The following parameter can be retrieved with +\&\fIEVP_MAC_CTX_get_params()\fR: +.ie n .IP """size"" (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) " 4 +.el .IP "``size'' (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) " 4 +.IX Item "size (OSSL_MAC_PARAM_SIZE) " +.PP +The \*(L"size\*(R" parameter can also be retrieved with \fIEVP_MAC_size()\fR. +The length of the \*(L"size\*(R" parameter is equal to that of an \fBunsigned int\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_MAC_CTX_get_params\fR\|(3), \fIEVP_MAC_CTX_set_params\fR\|(3), +\&\*(L"\s-1PARAMETERS\s0\*(R" in \s-1\fIEVP_MAC\s0\fR\|(3), \s-1\fIOSSL_PARAM\s0\fR\|(3), \s-1\fIHMAC\s0\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man7/EVP_MAC-KMAC.7 b/linux_amd64/ssl/share/man/man7/EVP_MAC-KMAC.7 new file mode 100755 index 0000000..85e0810 --- /dev/null +++ b/linux_amd64/ssl/share/man/man7/EVP_MAC-KMAC.7 @@ -0,0 +1,188 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_MAC-KMAC 7" +.TH EVP_MAC-KMAC 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_MAC\-KMAC, EVP_MAC\-KMAC128, EVP_MAC\-KMAC256 +\&\- The KMAC EVP_MAC implementations +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Support for computing \s-1KMAC\s0 MACs through the \fB\s-1EVP_MAC\s0\fR \s-1API\s0. +.SS "Identity" +.IX Subsection "Identity" +These implementations are identified with one of these names and +properties, to be used with \fIEVP_MAC_fetch()\fR: +.ie n .IP """\s-1KMAC\-128\s0"", ""provider=default"" or ""provider=fips""" 4 +.el .IP "``\s-1KMAC\-128\s0'', ``provider=default'' or ``provider=fips''" 4 +.IX Item "KMAC-128, provider=default or provider=fips" +.PD 0 +.ie n .IP """\s-1KMAC\-256\s0"", ""provider=default"" or ""provider=fips""" 4 +.el .IP "``\s-1KMAC\-256\s0'', ``provider=default'' or ``provider=fips''" 4 +.IX Item "KMAC-256, provider=default or provider=fips" +.PD +.SS "Supported parameters" +.IX Subsection "Supported parameters" +The general description of these parameters can be found in +\&\*(L"\s-1PARAMETERS\s0\*(R" in \s-1\fIEVP_MAC\s0\fR\|(3). +.PP +All these parameters can be set with \fIEVP_MAC_CTX_set_params()\fR. +Furthermore, the \*(L"size\*(R" parameter can be retrieved with +\&\fIEVP_MAC_CTX_get_params()\fR, or with \fIEVP_MAC_size()\fR. +The length of the \*(L"size\*(R" parameter should not exceed that of a \fBsize_t\fR. +.ie n .IP """key"" (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) " 4 +.el .IP "``key'' (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) " 4 +.IX Item "key (OSSL_MAC_PARAM_KEY) " +.PD 0 +.ie n .IP """custom"" (\fB\s-1OSSL_MAC_PARAM_CUSTOM\s0\fR) " 4 +.el .IP "``custom'' (\fB\s-1OSSL_MAC_PARAM_CUSTOM\s0\fR) " 4 +.IX Item "custom (OSSL_MAC_PARAM_CUSTOM) " +.ie n .IP """size"" (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) " 4 +.el .IP "``size'' (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) " 4 +.IX Item "size (OSSL_MAC_PARAM_SIZE) " +.ie n .IP """xof"" (\fB\s-1OSSL_MAC_PARAM_XOF\s0\fR) " 4 +.el .IP "``xof'' (\fB\s-1OSSL_MAC_PARAM_XOF\s0\fR) " 4 +.IX Item "xof (OSSL_MAC_PARAM_XOF) " +.PD +.PP +The \*(L"xof\*(R" parameter value is expected to be 1 or 0. Use 1 to enable \s-1XOF\s0 +mode. If \s-1XOF\s0 is enabled then the output length that is encoded as part of +the input stream is set to zero. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_MAC_CTX_get_params\fR\|(3), \fIEVP_MAC_CTX_set_params\fR\|(3), +\&\*(L"\s-1PARAMETERS\s0\*(R" in \s-1\fIEVP_MAC\s0\fR\|(3), \s-1\fIOSSL_PARAM\s0\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man7/EVP_MAC-Poly1305.7 b/linux_amd64/ssl/share/man/man7/EVP_MAC-Poly1305.7 new file mode 100755 index 0000000..7b79ede --- /dev/null +++ b/linux_amd64/ssl/share/man/man7/EVP_MAC-Poly1305.7 @@ -0,0 +1,173 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_MAC-POLY1305 7" +.TH EVP_MAC-POLY1305 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_MAC\-Poly1305 \- The Poly1305 EVP_MAC implementation +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Support for computing Poly1305 MACs through the \fB\s-1EVP_MAC\s0\fR \s-1API\s0. +.SS "Identity" +.IX Subsection "Identity" +This implementation is identified with this name and properties, to be +used with \fIEVP_MAC_fetch()\fR: +.ie n .IP """\s-1POLY1305\s0"", ""provider=default""" 4 +.el .IP "``\s-1POLY1305\s0'', ``provider=default''" 4 +.IX Item "POLY1305, provider=default" +.SS "Supported parameters" +.IX Subsection "Supported parameters" +The general description of these parameters can be found in +\&\*(L"\s-1PARAMETERS\s0\*(R" in \s-1\fIEVP_MAC\s0\fR\|(3). +.PP +The following parameter can be set with \fIEVP_MAC_CTX_set_params()\fR: +.ie n .IP """key"" (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) " 4 +.el .IP "``key'' (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) " 4 +.IX Item "key (OSSL_MAC_PARAM_KEY) " +.PP +The following parameters can be retrieved with +\&\fIEVP_MAC_CTX_get_params()\fR: +.ie n .IP """size"" (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) " 4 +.el .IP "``size'' (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) " 4 +.IX Item "size (OSSL_MAC_PARAM_SIZE) " +.PP +The \*(L"size\*(R" parameter can also be retrieved with with \fIEVP_MAC_size()\fR. +The length of the \*(L"size\*(R" parameter should not exceed that of an \fBunsigned int\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_MAC_CTX_get_params\fR\|(3), \fIEVP_MAC_CTX_set_params\fR\|(3), +\&\*(L"\s-1PARAMETERS\s0\*(R" in \s-1\fIEVP_MAC\s0\fR\|(3), \s-1\fIOSSL_PARAM\s0\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man7/EVP_MAC-Siphash.7 b/linux_amd64/ssl/share/man/man7/EVP_MAC-Siphash.7 new file mode 100755 index 0000000..a86cd45 --- /dev/null +++ b/linux_amd64/ssl/share/man/man7/EVP_MAC-Siphash.7 @@ -0,0 +1,172 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_MAC-SIPHASH 7" +.TH EVP_MAC-SIPHASH 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_MAC\-Siphash \- The SipHash EVP_MAC implementation +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Support for computing SipHash MACs through the \fB\s-1EVP_MAC\s0\fR \s-1API\s0. +.SS "Identity" +.IX Subsection "Identity" +This implementation is identified with this name and properties, to be +used with \fIEVP_MAC_fetch()\fR: +.ie n .IP """\s-1SIPHASH\s0"", ""provider=default""" 4 +.el .IP "``\s-1SIPHASH\s0'', ``provider=default''" 4 +.IX Item "SIPHASH, provider=default" +.SS "Supported parameters" +.IX Subsection "Supported parameters" +The general description of these parameters can be found in +\&\*(L"\s-1PARAMETERS\s0\*(R" in \s-1\fIEVP_MAC\s0\fR\|(3). +.PP +All these parameters can be set with \fIEVP_MAC_CTX_set_params()\fR. +Furthermore, the \*(L"size\*(R" parameter can be retrieved with +\&\fIEVP_MAC_CTX_get_params()\fR, or with \fIEVP_MAC_size()\fR. +The length of the \*(L"size\*(R" parameter should not exceed that of a \fBsize_t\fR. +.ie n .IP """key"" (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) " 4 +.el .IP "``key'' (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) " 4 +.IX Item "key (OSSL_MAC_PARAM_KEY) " +.PD 0 +.ie n .IP """size"" (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) " 4 +.el .IP "``size'' (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) " 4 +.IX Item "size (OSSL_MAC_PARAM_SIZE) " +.PD +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_MAC_CTX_get_params\fR\|(3), \fIEVP_MAC_CTX_set_params\fR\|(3), +\&\*(L"\s-1PARAMETERS\s0\*(R" in \s-1\fIEVP_MAC\s0\fR\|(3), \s-1\fIOSSL_PARAM\s0\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man7/Ed25519.7 b/linux_amd64/ssl/share/man/man7/Ed25519.7 new file mode 100755 index 0000000..3f13b27 --- /dev/null +++ b/linux_amd64/ssl/share/man/man7/Ed25519.7 @@ -0,0 +1,215 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ED25519 7" +.TH ED25519 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +Ed25519, +Ed448 +\&\- EVP_PKEY Ed25519 and Ed448 support +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBEd25519\fR and \fBEd448\fR \s-1EVP_PKEY\s0 implementation supports key generation, +one-shot digest sign and digest verify using PureEdDSA and \fBEd25519\fR or \fBEd448\fR +(see \s-1RFC8032\s0). It has associated private and public key formats compatible with +draft\-ietf\-curdle\-pkix\-04. +.PP +No additional parameters can be set during key generation, one-shot signing or +verification. In particular, because PureEdDSA is used, a digest must \fB\s-1NOT\s0\fR be +specified when signing or verifying. +.SH "NOTES" +.IX Header "NOTES" +The PureEdDSA algorithm does not support the streaming mechanism +of other signature algorithms using, for example, \fIEVP_DigestUpdate()\fR. +The message to sign or verify must be passed using the one-shot +\&\fIEVP_DigestSign()\fR and \fIEVP_DigestVerify()\fR functions. +.PP +When calling \fIEVP_DigestSignInit()\fR or \fIEVP_DigestVerifyInit()\fR, the +digest \fItype\fR parameter \fB\s-1MUST\s0\fR be set to \s-1NULL\s0. +.PP +Applications wishing to sign certificates (or other structures such as +CRLs or certificate requests) using Ed25519 or Ed448 can either use \fIX509_sign()\fR +or \fIX509_sign_ctx()\fR in the usual way. +.PP +A context for the \fBEd25519\fR algorithm can be obtained by calling: +.PP +.Vb 1 +\& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_ED25519, NULL); +.Ve +.PP +For the \fBEd448\fR algorithm a context can be obtained by calling: +.PP +.Vb 1 +\& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_ED448, NULL); +.Ve +.PP +Ed25519 or Ed448 private keys can be set directly using +\&\fIEVP_PKEY_new_raw_private_key\fR\|(3) or loaded from a PKCS#8 private key file +using \fIPEM_read_bio_PrivateKey\fR\|(3) (or similar function). Completely new keys +can also be generated (see the example below). Setting a private key also sets +the associated public key. +.PP +Ed25519 or Ed448 public keys can be set directly using +\&\fIEVP_PKEY_new_raw_public_key\fR\|(3) or loaded from a SubjectPublicKeyInfo +structure in a \s-1PEM\s0 file using \fIPEM_read_bio_PUBKEY\fR\|(3) (or similar function). +.PP +Ed25519 and Ed448 can be tested with the \fIopenssl\-speed\fR\|(1) application +since version 1.1.1. +Valid algorithm names are \fBed25519\fR, \fBed448\fR and \fBeddsa\fR. If \fBeddsa\fR is +specified, then both Ed25519 and Ed448 are benchmarked. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This example generates an \fB\s-1ED25519\s0\fR private key and writes it to standard +output in \s-1PEM\s0 format: +.PP +.Vb 9 +\& #include +\& #include +\& ... +\& EVP_PKEY *pkey = NULL; +\& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_ED25519, NULL); +\& EVP_PKEY_keygen_init(pctx); +\& EVP_PKEY_keygen(pctx, &pkey); +\& EVP_PKEY_CTX_free(pctx); +\& PEM_write_PrivateKey(stdout, pkey, NULL, NULL, 0, NULL, NULL); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_PKEY_CTX_new\fR\|(3), +\&\fIEVP_PKEY_keygen\fR\|(3), +\&\fIEVP_DigestSignInit\fR\|(3), +\&\fIEVP_DigestVerifyInit\fR\|(3), +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man7/OSSL_PROVIDER-FIPS.7 b/linux_amd64/ssl/share/man/man7/OSSL_PROVIDER-FIPS.7 new file mode 100755 index 0000000..3b11764 --- /dev/null +++ b/linux_amd64/ssl/share/man/man7/OSSL_PROVIDER-FIPS.7 @@ -0,0 +1,403 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_PROVIDER-FIPS 7" +.TH OSSL_PROVIDER-FIPS 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_PROVIDER\-FIPS \- OPENSSL FIPS provider +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1OPENSSL\s0 \s-1FIPS\s0 provider is a special provider that conforms to the Federal +Information Processing Standards (\s-1FIPS\s0) specified in \s-1FIPS\s0 140\-2. This 'module' +contains an approved set of cryptographic algorithms that is validated by an +accredited testing laboratory. +.SH "SELF TESTING" +.IX Header "SELF TESTING" +One of the requirements for the \s-1FIPS\s0 module is self testing. An optional callback +mechanism is available to return information to the user using +\&\fIOSSL_SELF_TEST_set_callback\fR\|(3). +.PP +The \s-1OPENSSL\s0 \s-1FIPS\s0 module uses the following mechanism to provide information +about the self tests as they run. +This is useful for debugging if a self test is failing. +The callback also allows forcing any self test to fail, in order to check that +it operates correctly on failure. +.PP +The 'args' parameter of \fB\s-1OSSL_CALLBACK\s0\fR contains the \fB\s-1OPENSSL_CTX\s0\fR associated +with the provider that is triggering the self test. This may be useful if +multiple fips providers are present. +.PP +The \s-1OSSL_PARAM\s0 names used are: +.ie n .IP """st-phase"" (\fB\s-1OSSL_PROV_PARAM_SELF_TEST_PHASE\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``st-phase'' (\fB\s-1OSSL_PROV_PARAM_SELF_TEST_PHASE\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "st-phase (OSSL_PROV_PARAM_SELF_TEST_PHASE) " +Each self test calls the callback 3 times with the following string values +for the phase. +.RS 4 +.ie n .IP """Start"" (\fB\s-1OSSL_SELF_TEST_PHASE_START\s0\fR)" 4 +.el .IP "``Start'' (\fB\s-1OSSL_SELF_TEST_PHASE_START\s0\fR)" 4 +.IX Item "Start (OSSL_SELF_TEST_PHASE_START)" +This is the initial phase before the self test has run. +This is used for informational purposes only. +The value returned by the callback is ignored. +.ie n .IP """Corrupt"" (\fB\s-1OSSL_SELF_TEST_PHASE_CORRUPT\s0\fR)" 4 +.el .IP "``Corrupt'' (\fB\s-1OSSL_SELF_TEST_PHASE_CORRUPT\s0\fR)" 4 +.IX Item "Corrupt (OSSL_SELF_TEST_PHASE_CORRUPT)" +The corrupt phase is run after the self test has calculated its known value. +The callback may be used to force the self test to fail by returning a value +of 0 from the callback during this phase. +Returning any other value from the callback causes the self test to run normally. +.ie n .IP """Pass"" (\fB\s-1OSSL_SELF_TEST_PHASE_PASS\s0\fR)" 4 +.el .IP "``Pass'' (\fB\s-1OSSL_SELF_TEST_PHASE_PASS\s0\fR)" 4 +.IX Item "Pass (OSSL_SELF_TEST_PHASE_PASS)" +.PD 0 +.ie n .IP """Fail"" (\fB\s-1OSSL_SELF_TEST_PHASE_FAIL\s0\fR)" 4 +.el .IP "``Fail'' (\fB\s-1OSSL_SELF_TEST_PHASE_FAIL\s0\fR)" 4 +.IX Item "Fail (OSSL_SELF_TEST_PHASE_FAIL)" +.PD +The final phase runs after the self test is complete and indicates if a self +test passed or failed. This is used for informational purposes only. +The value returned by the callback is ignored. +\&\*(L"Fail\*(R" should normally only be returned if any self test was forced to fail +during the \*(L"Corrupt\*(R" phase (or if there was an error such as the integrity +check of the module failed). +.Sp +Note that all self tests run even if a self test failure occurs. +.RE +.RS 4 +.RE +.ie n .IP """st-type"" (\fB\s-1OSSL_PROV_PARAM_SELF_TEST_TYPE\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``st-type'' (\fB\s-1OSSL_PROV_PARAM_SELF_TEST_TYPE\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "st-type (OSSL_PROV_PARAM_SELF_TEST_TYPE) " +Used as a category to identify the type of self test being run. +It includes the following string values: +.RS 4 +.ie n .IP """Module_Integrity"" (\fB\s-1OSSL_SELF_TEST_TYPE_MODULE_INTEGRITY\s0\fR)" 4 +.el .IP "``Module_Integrity'' (\fB\s-1OSSL_SELF_TEST_TYPE_MODULE_INTEGRITY\s0\fR)" 4 +.IX Item "Module_Integrity (OSSL_SELF_TEST_TYPE_MODULE_INTEGRITY)" +Uses \s-1HMAC\s0 \s-1SHA256\s0 on the module file to validate that the module has not been +modified. The integrity value is compared to a value written to a configuration +file during installation. +.ie n .IP """Install_Integrity"" (\fB\s-1OSSL_SELF_TEST_TYPE_INSTALL_INTEGRITY\s0\fR)" 4 +.el .IP "``Install_Integrity'' (\fB\s-1OSSL_SELF_TEST_TYPE_INSTALL_INTEGRITY\s0\fR)" 4 +.IX Item "Install_Integrity (OSSL_SELF_TEST_TYPE_INSTALL_INTEGRITY)" +Uses \s-1HMAC\s0 \s-1SHA256\s0 on a fixed string to validate that the installation process +has already been performed and the self test \s-1KATS\s0 have already been tested, +The integrity value is compared to a value written to a configuration +file after successfully running the self tests during installation. +.ie n .IP """KAT_Cipher"" (\fB\s-1OSSL_SELF_TEST_TYPE_KAT_CIPHER\s0\fR)" 4 +.el .IP "``KAT_Cipher'' (\fB\s-1OSSL_SELF_TEST_TYPE_KAT_CIPHER\s0\fR)" 4 +.IX Item "KAT_Cipher (OSSL_SELF_TEST_TYPE_KAT_CIPHER)" +Known answer test for a symmetric cipher. +.ie n .IP """KAT_Digest"" (\fB\s-1OSSL_SELF_TEST_TYPE_KAT_DIGEST\s0\fR)" 4 +.el .IP "``KAT_Digest'' (\fB\s-1OSSL_SELF_TEST_TYPE_KAT_DIGEST\s0\fR)" 4 +.IX Item "KAT_Digest (OSSL_SELF_TEST_TYPE_KAT_DIGEST)" +Known answer test for a digest. +.ie n .IP """KAT_Signature"" (\fB\s-1OSSL_SELF_TEST_TYPE_KAT_SIGNATURE\s0\fR)" 4 +.el .IP "``KAT_Signature'' (\fB\s-1OSSL_SELF_TEST_TYPE_KAT_SIGNATURE\s0\fR)" 4 +.IX Item "KAT_Signature (OSSL_SELF_TEST_TYPE_KAT_SIGNATURE)" +Known answer test for a signature. +.ie n .IP """\s-1KAT_KDF\s0"" (\fB\s-1OSSL_SELF_TEST_TYPE_KAT_KDF\s0\fR)" 4 +.el .IP "``\s-1KAT_KDF\s0'' (\fB\s-1OSSL_SELF_TEST_TYPE_KAT_KDF\s0\fR)" 4 +.IX Item "KAT_KDF (OSSL_SELF_TEST_TYPE_KAT_KDF)" +Known answer test for a key derivation function. +.ie n .IP """\s-1KAT_KA\s0"" (\fB\s-1OSSL_SELF_TEST_TYPE_KAT_KA\s0\fR)" 4 +.el .IP "``\s-1KAT_KA\s0'' (\fB\s-1OSSL_SELF_TEST_TYPE_KAT_KA\s0\fR)" 4 +.IX Item "KAT_KA (OSSL_SELF_TEST_TYPE_KAT_KA)" +Known answer test for key agreement. +.ie n .IP """\s-1DRBG\s0"" (\fB\s-1OSSL_SELF_TEST_TYPE_DRBG\s0\fR)" 4 +.el .IP "``\s-1DRBG\s0'' (\fB\s-1OSSL_SELF_TEST_TYPE_DRBG\s0\fR)" 4 +.IX Item "DRBG (OSSL_SELF_TEST_TYPE_DRBG)" +Known answer test for a Deterministic Random Bit Generator. +.ie n .IP """Pairwise_Consistency_Test"" (\fB\s-1OSSL_SELF_TEST_TYPE_PCT\s0\fR)" 4 +.el .IP "``Pairwise_Consistency_Test'' (\fB\s-1OSSL_SELF_TEST_TYPE_PCT\s0\fR)" 4 +.IX Item "Pairwise_Consistency_Test (OSSL_SELF_TEST_TYPE_PCT)" +Conditional test that is run during the generation of key pairs. +.RE +.RS 4 +.Sp +The \*(L"Module_Integrity\*(R" self test is always run at startup. +The \*(L"Install_Integrity\*(R" self test is used to check if the self tests have +already been run at installation time. If they have already run then the +self tests are not run on subsequent startups. +All other self test categories are run once at installation time, except for the +\&\*(L"Pairwise_Consistency_Test\*(R". +.Sp +There is only one instance of the \*(L"Module_Integrity\*(R" and \*(L"Install_Integrity\*(R" +self tests. All other self tests may have multiple instances. +.RE +.ie n .IP """st-desc"" (\fB\s-1OSSL_PROV_PARAM_SELF_TEST_DESC\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``st-desc'' (\fB\s-1OSSL_PROV_PARAM_SELF_TEST_DESC\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "st-desc (OSSL_PROV_PARAM_SELF_TEST_DESC) " +Used as a sub category to identify an individual self test. +The following description strings are used. +.RS 4 +.ie n .IP """\s-1HMAC\s0"" (\fB\s-1OSSL_SELF_TEST_DESC_INTEGRITY_HMAC\s0\fR)" 4 +.el .IP "``\s-1HMAC\s0'' (\fB\s-1OSSL_SELF_TEST_DESC_INTEGRITY_HMAC\s0\fR)" 4 +.IX Item "HMAC (OSSL_SELF_TEST_DESC_INTEGRITY_HMAC)" +\&\*(L"Module_Integrity\*(R" and \*(L"Install_Integrity\*(R" use this. +.ie n .IP """\s-1RSA\s0"" (\fB\s-1OSSL_SELF_TEST_DESC_PCT_RSA_PKCS1\s0\fR)" 4 +.el .IP "``\s-1RSA\s0'' (\fB\s-1OSSL_SELF_TEST_DESC_PCT_RSA_PKCS1\s0\fR)" 4 +.IX Item "RSA (OSSL_SELF_TEST_DESC_PCT_RSA_PKCS1)" +.PD 0 +.ie n .IP """\s-1ECDSA\s0"" (\fB\s-1OSSL_SELF_TEST_DESC_PCT_ECDSA\s0\fR)" 4 +.el .IP "``\s-1ECDSA\s0'' (\fB\s-1OSSL_SELF_TEST_DESC_PCT_ECDSA\s0\fR)" 4 +.IX Item "ECDSA (OSSL_SELF_TEST_DESC_PCT_ECDSA)" +.ie n .IP """\s-1DSA\s0"" (\fB\s-1OSSL_SELF_TEST_DESC_PCT_DSA\s0\fR)" 4 +.el .IP "``\s-1DSA\s0'' (\fB\s-1OSSL_SELF_TEST_DESC_PCT_DSA\s0\fR)" 4 +.IX Item "DSA (OSSL_SELF_TEST_DESC_PCT_DSA)" +.PD +Key generation tests used with the \*(L"Pairwise_Consistency_Test\*(R" type. +.ie n .IP """\s-1AES_GCM\s0"" (\fB\s-1OSSL_SELF_TEST_DESC_CIPHER_AES_GCM\s0\fR)" 4 +.el .IP "``\s-1AES_GCM\s0'' (\fB\s-1OSSL_SELF_TEST_DESC_CIPHER_AES_GCM\s0\fR)" 4 +.IX Item "AES_GCM (OSSL_SELF_TEST_DESC_CIPHER_AES_GCM)" +.PD 0 +.ie n .IP """\s-1TDES\s0"" (\fB\s-1OSSL_SELF_TEST_DESC_CIPHER_TDES\s0\fR)" 4 +.el .IP "``\s-1TDES\s0'' (\fB\s-1OSSL_SELF_TEST_DESC_CIPHER_TDES\s0\fR)" 4 +.IX Item "TDES (OSSL_SELF_TEST_DESC_CIPHER_TDES)" +.PD +Symmetric cipher tests used with the \*(L"KAT_Cipher\*(R" type. +.ie n .IP """\s-1SHA1\s0"" (\fB\s-1OSSL_SELF_TEST_DESC_MD_SHA1\s0\fR)" 4 +.el .IP "``\s-1SHA1\s0'' (\fB\s-1OSSL_SELF_TEST_DESC_MD_SHA1\s0\fR)" 4 +.IX Item "SHA1 (OSSL_SELF_TEST_DESC_MD_SHA1)" +.PD 0 +.ie n .IP """\s-1SHA2\s0"" (\fB\s-1OSSL_SELF_TEST_DESC_MD_SHA2\s0\fR)" 4 +.el .IP "``\s-1SHA2\s0'' (\fB\s-1OSSL_SELF_TEST_DESC_MD_SHA2\s0\fR)" 4 +.IX Item "SHA2 (OSSL_SELF_TEST_DESC_MD_SHA2)" +.ie n .IP """\s-1SHA3\s0"" (\fB\s-1OSSL_SELF_TEST_DESC_MD_SHA3\s0\fR)" 4 +.el .IP "``\s-1SHA3\s0'' (\fB\s-1OSSL_SELF_TEST_DESC_MD_SHA3\s0\fR)" 4 +.IX Item "SHA3 (OSSL_SELF_TEST_DESC_MD_SHA3)" +.PD +Digest tests used with the \*(L"KAT_Digest\*(R" type. +.ie n .IP """\s-1DSA\s0"" (\fB\s-1OSSL_SELF_TEST_DESC_SIGN_DSA\s0\fR)" 4 +.el .IP "``\s-1DSA\s0'' (\fB\s-1OSSL_SELF_TEST_DESC_SIGN_DSA\s0\fR)" 4 +.IX Item "DSA (OSSL_SELF_TEST_DESC_SIGN_DSA)" +.PD 0 +.ie n .IP """\s-1RSA\s0"" (\fB\s-1OSSL_SELF_TEST_DESC_SIGN_RSA\s0\fR)" 4 +.el .IP "``\s-1RSA\s0'' (\fB\s-1OSSL_SELF_TEST_DESC_SIGN_RSA\s0\fR)" 4 +.IX Item "RSA (OSSL_SELF_TEST_DESC_SIGN_RSA)" +.ie n .IP """\s-1ECDSA\s0"" (\fB\s-1OSSL_SELF_TEST_DESC_SIGN_ECDSA\s0\fR)" 4 +.el .IP "``\s-1ECDSA\s0'' (\fB\s-1OSSL_SELF_TEST_DESC_SIGN_ECDSA\s0\fR)" 4 +.IX Item "ECDSA (OSSL_SELF_TEST_DESC_SIGN_ECDSA)" +.PD +Signature tests used with the \*(L"KAT_Signature\*(R" type. +.ie n .IP """\s-1ECDH\s0"" (\fB\s-1OSSL_SELF_TEST_DESC_KA_ECDH\s0\fR)" 4 +.el .IP "``\s-1ECDH\s0'' (\fB\s-1OSSL_SELF_TEST_DESC_KA_ECDH\s0\fR)" 4 +.IX Item "ECDH (OSSL_SELF_TEST_DESC_KA_ECDH)" +.PD 0 +.ie n .IP """\s-1ECDSA\s0"" (\fB\s-1OSSL_SELF_TEST_DESC_KA_ECDSA\s0\fR)" 4 +.el .IP "``\s-1ECDSA\s0'' (\fB\s-1OSSL_SELF_TEST_DESC_KA_ECDSA\s0\fR)" 4 +.IX Item "ECDSA (OSSL_SELF_TEST_DESC_KA_ECDSA)" +.PD +Key agreement tests used with the \*(L"\s-1KAT_KA\s0\*(R" type. +.ie n .IP """\s-1HKDF\s0"" (\fB\s-1OSSL_SELF_TEST_DESC_KDF_HKDF\s0\fR)" 4 +.el .IP "``\s-1HKDF\s0'' (\fB\s-1OSSL_SELF_TEST_DESC_KDF_HKDF\s0\fR)" 4 +.IX Item "HKDF (OSSL_SELF_TEST_DESC_KDF_HKDF)" +Key Derivation Function tests used with the \*(L"\s-1KAT_KDF\s0\*(R" type. +.ie n .IP """\s-1CTR\s0"" (\fB\s-1OSSL_SELF_TEST_DESC_DRBG_CTR\s0\fR)" 4 +.el .IP "``\s-1CTR\s0'' (\fB\s-1OSSL_SELF_TEST_DESC_DRBG_CTR\s0\fR)" 4 +.IX Item "CTR (OSSL_SELF_TEST_DESC_DRBG_CTR)" +.PD 0 +.ie n .IP """\s-1HASH\s0"" (\fB\s-1OSSL_SELF_TEST_DESC_DRBG_HASH\s0\fR)" 4 +.el .IP "``\s-1HASH\s0'' (\fB\s-1OSSL_SELF_TEST_DESC_DRBG_HASH\s0\fR)" 4 +.IX Item "HASH (OSSL_SELF_TEST_DESC_DRBG_HASH)" +.ie n .IP """\s-1HMAC\s0"" (\fB\s-1OSSL_SELF_TEST_DESC_DRBG_HMAC\s0\fR)" 4 +.el .IP "``\s-1HMAC\s0'' (\fB\s-1OSSL_SELF_TEST_DESC_DRBG_HMAC\s0\fR)" 4 +.IX Item "HMAC (OSSL_SELF_TEST_DESC_DRBG_HMAC)" +.PD +\&\s-1DRBG\s0 tests used with the \*(L"\s-1DRBG\s0\*(R" type. +.RE +.RS 4 +.RE +.SH "EXAMPLES" +.IX Header "EXAMPLES" +A simple self test callback is shown below for illustrative purposes. +.PP +.Vb 1 +\& #include +\& +\& static OSSL_CALLBACK self_test_cb; +\& +\& static int self_test_cb(const OSSL_PARAM params[], void *arg) +\& { +\& int ret = 0; +\& const OSSL_PARAM *p = NULL; +\& const char *phase = NULL, *type = NULL, *desc = NULL; +\& +\& p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_PHASE); +\& if (p == NULL || p\->data_type != OSSL_PARAM_UTF8_STRING) +\& goto err; +\& phase = (const char *)p\->data; +\& +\& p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_DESC); +\& if (p == NULL || p\->data_type != OSSL_PARAM_UTF8_STRING) +\& goto err; +\& desc = (const char *)p\->data; +\& +\& p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_TYPE); +\& if (p == NULL || p\->data_type != OSSL_PARAM_UTF8_STRING) +\& goto err; +\& type = (const char *)p\->data; +\& +\& /* Do some logging */ +\& if (strcmp(phase, OSSL_SELF_TEST_PHASE_START) == 0) +\& BIO_printf(bio_out, "%s : (%s) : ", desc, type); +\& if (strcmp(phase, OSSL_SELF_TEST_PHASE_PASS) == 0 +\& || strcmp(phase, OSSL_SELF_TEST_PHASE_FAIL) == 0) +\& BIO_printf(bio_out, "%s\en", phase); +\& +\& /* Corrupt the SHA1 self test during the \*(Aqcorrupt\*(Aq phase by returning 0 */ +\& if (strcmp(phase, OSSL_SELF_TEST_PHASE_CORRUPT) == 0 +\& && strcmp(desc, OSSL_SELF_TEST_DESC_MD_SHA1) == 0) { +\& BIO_printf(bio_out, "%s %s", phase, desc); +\& return 0; +\& } +\& ret = 1; +\& err: +\& return ret; +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\-fipsinstall\fR\|(1), +\&\fIfips_config\fR\|(5), +\&\fIOSSL_SELF_TEST_set_callback\fR\|(3), +\&\s-1\fIOSSL_PARAM\s0\fR\|(3), +\&\fIopenssl\-core.h\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The type and functions described here were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man7/RAND.7 b/linux_amd64/ssl/share/man/man7/RAND.7 new file mode 100755 index 0000000..b29298a --- /dev/null +++ b/linux_amd64/ssl/share/man/man7/RAND.7 @@ -0,0 +1,202 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND 7" +.TH RAND 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND +\&\- the OpenSSL random generator +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Random numbers are a vital part of cryptography, they are needed to provide +unpredictability for tasks like key generation, creating salts, and many more. +Software-based generators must be seeded with external randomness before they +can be used as a cryptographically-secure pseudo-random number generator +(\s-1CSPRNG\s0). +The availability of common hardware with special instructions and +modern operating systems, which may use items such as interrupt jitter +and network packet timings, can be reasonable sources of seeding material. +.PP +OpenSSL comes with a default implementation of the \s-1RAND\s0 \s-1API\s0 which is based on +the deterministic random bit generator (\s-1DRBG\s0) model as described in +[\s-1NIST\s0 \s-1SP\s0 800\-90A Rev. 1]. The default random generator will initialize +automatically on first use and will be fully functional without having +to be initialized ('seeded') explicitly. +It seeds and reseeds itself automatically using trusted random sources +provided by the operating system. +.PP +As a normal application developer, you do not have to worry about any details, +just use \fIRAND_bytes\fR\|(3) to obtain random data. +Having said that, there is one important rule to obey: Always check the error +return value of \fIRAND_bytes\fR\|(3) and do not take randomness for granted. +Although (re\-)seeding is automatic, it can fail because no trusted random source +is available or the trusted source(s) temporarily fail to provide sufficient +random seed material. +In this case the \s-1CSPRNG\s0 enters an error state and ceases to provide output, +until it is able to recover from the error by reseeding itself. +For more details on reseeding and error recovery, see \s-1\fIRAND_DRBG\s0\fR\|(7). +.PP +For values that should remain secret, you can use \fIRAND_priv_bytes\fR\|(3) +instead. +This method does not provide 'better' randomness, it uses the same type of \s-1CSPRNG\s0. +The intention behind using a dedicated \s-1CSPRNG\s0 exclusively for private +values is that none of its output should be visible to an attacker (e.g., +used as salt value), in order to reveal as little information as +possible about its internal state, and that a compromise of the \*(L"public\*(R" +\&\s-1CSPRNG\s0 instance will not affect the secrecy of these private values. +.PP +In the rare case where the default implementation does not satisfy your special +requirements, there are two options: +.IP "\(bu" 2 +Replace the default \s-1RAND\s0 method by your own \s-1RAND\s0 method using +\&\fIRAND_set_rand_method\fR\|(3). +.IP "\(bu" 2 +Modify the default settings of the OpenSSL \s-1RAND\s0 method by modifying the security +parameters of the underlying \s-1DRBG\s0, which is described in detail in \s-1\fIRAND_DRBG\s0\fR\|(7). +.PP +Changing the default random generator or its default parameters should be necessary +only in exceptional cases and is not recommended, unless you have a profound knowledge +of cryptographic principles and understand the implications of your changes. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIRAND_add\fR\|(3), +\&\fIRAND_bytes\fR\|(3), +\&\fIRAND_priv_bytes\fR\|(3), +\&\fIRAND_get_rand_method\fR\|(3), +\&\fIRAND_set_rand_method\fR\|(3), +\&\fIRAND_OpenSSL\fR\|(3), +\&\s-1\fIRAND_DRBG\s0\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man7/RAND_DRBG.7 b/linux_amd64/ssl/share/man/man7/RAND_DRBG.7 new file mode 100755 index 0000000..74e2276 --- /dev/null +++ b/linux_amd64/ssl/share/man/man7/RAND_DRBG.7 @@ -0,0 +1,395 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND_DRBG 7" +.TH RAND_DRBG 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND_DRBG \- the deterministic random bit generator +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The default OpenSSL \s-1RAND\s0 method is based on the \s-1RAND_DRBG\s0 class, +which implements a deterministic random bit generator (\s-1DRBG\s0). +A \s-1DRBG\s0 is a certain type of cryptographically-secure pseudo-random +number generator (\s-1CSPRNG\s0), which is described in +[\s-1NIST\s0 \s-1SP\s0 800\-90A Rev. 1]. +.PP +While the \s-1RAND\s0 \s-1API\s0 is the 'frontend' which is intended to be used by +application developers for obtaining random bytes, the \s-1RAND_DRBG\s0 \s-1API\s0 +serves as the 'backend', connecting the former with the operating +systems's entropy sources and providing access to the \s-1DRBG\s0's +configuration parameters. +.SS "Disclaimer" +.IX Subsection "Disclaimer" +Unless you have very specific requirements for your random generator, +it is in general not necessary to utilize the \s-1RAND_DRBG\s0 \s-1API\s0 directly. +The usual way to obtain random bytes is to use \fIRAND_bytes\fR\|(3) or +\&\fIRAND_priv_bytes\fR\|(3), see also \s-1\fIRAND\s0\fR\|(7). +.SS "Typical Use Cases" +.IX Subsection "Typical Use Cases" +Typical examples for such special use cases are the following: +.IP "\(bu" 2 +You want to use your own private \s-1DRBG\s0 instances. +Multiple \s-1DRBG\s0 instances which are accessed only by a single thread provide +additional security (because their internal states are independent) and +better scalability in multithreaded applications (because they don't need +to be locked). +.IP "\(bu" 2 +You need to integrate a previously unsupported entropy source. +.IP "\(bu" 2 +You need to change the default settings of the standard OpenSSL \s-1RAND\s0 +implementation to meet specific requirements. +.SH "CHAINING" +.IX Header "CHAINING" +A \s-1DRBG\s0 instance can be used as the entropy source of another \s-1DRBG\s0 instance, +provided it has itself access to a valid entropy source. +The \s-1DRBG\s0 instance which acts as entropy source is called the \fIparent\fR \s-1DRBG\s0, +the other instance the \fIchild\fR \s-1DRBG\s0. +.PP +This is called chaining. A chained \s-1DRBG\s0 instance is created by passing +a pointer to the parent \s-1DRBG\s0 as argument to the \fIRAND_DRBG_new()\fR call. +It is possible to create chains of more than two \s-1DRBG\s0 in a row. +.SH "THE THREE SHARED DRBG INSTANCES" +.IX Header "THE THREE SHARED DRBG INSTANCES" +Currently, there are three shared \s-1DRBG\s0 instances, +the , , and \s-1DRBG\s0. +While the \s-1DRBG\s0 is a single global instance, the and +\&\s-1DRBG\s0 are created per thread and accessed through thread-local storage. +.PP +By default, the functions \fIRAND_bytes\fR\|(3) and \fIRAND_priv_bytes\fR\|(3) use +the thread-local and \s-1DRBG\s0 instance, respectively. +.SS "The \s-1DRBG\s0 instance" +.IX Subsection "The DRBG instance" +The \s-1DRBG\s0 is not used directly by the application, only for reseeding +the two other two \s-1DRBG\s0 instances. It reseeds itself by obtaining randomness +either from os entropy sources or by consuming randomness which was added +previously by \fIRAND_add\fR\|(3). +.SS "The \s-1DRBG\s0 instance" +.IX Subsection "The DRBG instance" +This instance is used per default by \fIRAND_bytes\fR\|(3). +.SS "The \s-1DRBG\s0 instance" +.IX Subsection "The DRBG instance" +This instance is used per default by \fIRAND_priv_bytes\fR\|(3) +.SH "LOCKING" +.IX Header "LOCKING" +The \s-1DRBG\s0 is intended to be accessed concurrently for reseeding +by its child \s-1DRBG\s0 instances. The necessary locking is done internally. +It is \fInot\fR thread-safe to access the \s-1DRBG\s0 directly via the +\&\s-1RAND_DRBG\s0 interface. +The and \s-1DRBG\s0 are thread-local, i.e. there is an +instance of each per thread. So they can safely be accessed without +locking via the \s-1RAND_DRBG\s0 interface. +.PP +Pointers to these \s-1DRBG\s0 instances can be obtained using +\&\fIRAND_DRBG_get0_master()\fR, +\&\fIRAND_DRBG_get0_public()\fR, and +\&\fIRAND_DRBG_get0_private()\fR, respectively. +Note that it is not allowed to store a pointer to one of the thread-local +\&\s-1DRBG\s0 instances in a variable or other memory location where it will be +accessed and used by multiple threads. +.PP +All other \s-1DRBG\s0 instances created by an application don't support locking, +because they are intended to be used by a single thread. +Instead of accessing a single \s-1DRBG\s0 instance concurrently from different +threads, it is recommended to instantiate a separate \s-1DRBG\s0 instance per +thread. Using the \s-1DRBG\s0 as entropy source for multiple \s-1DRBG\s0 +instances on different threads is thread-safe, because the \s-1DRBG\s0 instance +will lock the \s-1DRBG\s0 automatically for obtaining random input. +.SH "THE OVERALL PICTURE" +.IX Header "THE OVERALL PICTURE" +The following picture gives an overview over how the \s-1DRBG\s0 instances work +together and are being used. +.PP +.Vb 10 +\& +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+ +\& | os entropy sources | +\& +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+ +\& | +\& v +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+ +\& RAND_add() ==> <\-| shared DRBG (with locking) | +\& / \e +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+ +\& / \e +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+ +\& <\- | per\-thread DRBG instances | +\& | | +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+ +\& v v +\& RAND_bytes() RAND_priv_bytes() +\& | ^ +\& | | +\& +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+ +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+ +\& | general purpose | | used for secrets like session keys | +\& | random generator | | and private keys for certificates | +\& +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+ +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+ +.Ve +.PP +The usual way to obtain random bytes is to call RAND_bytes(...) or +RAND_priv_bytes(...). These calls are roughly equivalent to calling +RAND_DRBG_bytes(, ...) and RAND_DRBG_bytes(, ...), +respectively. The method \fIRAND_DRBG_bytes\fR\|(3) is a convenience method +wrapping the \fIRAND_DRBG_generate\fR\|(3) function, which serves the actual +request for random data. +.SH "RESEEDING" +.IX Header "RESEEDING" +A \s-1DRBG\s0 instance seeds itself automatically, pulling random input from +its entropy source. The entropy source can be either a trusted operating +system entropy source, or another \s-1DRBG\s0 with access to such a source. +.PP +Automatic reseeding occurs after a predefined number of generate requests. +The selection of the trusted entropy sources is configured at build +time using the \-\-with\-rand\-seed option. The following sections explain +the reseeding process in more detail. +.SS "Automatic Reseeding" +.IX Subsection "Automatic Reseeding" +Before satisfying a generate request (\fIRAND_DRBG_generate\fR\|(3)), the \s-1DRBG\s0 +reseeds itself automatically, if one of the following conditions holds: +.PP +\&\- the \s-1DRBG\s0 was not instantiated (=seeded) yet or has been uninstantiated. +.PP +\&\- the number of generate requests since the last reseeding exceeds a +certain threshold, the so called \fIreseed_interval\fR. +This behaviour can be disabled by setting the \fIreseed_interval\fR to 0. +.PP +\&\- the time elapsed since the last reseeding exceeds a certain time +interval, the so called \fIreseed_time_interval\fR. +This can be disabled by setting the \fIreseed_time_interval\fR to 0. +.PP +\&\- the \s-1DRBG\s0 is in an error state. +.PP +\&\fBNote\fR: An error state is entered if the entropy source fails while +the \s-1DRBG\s0 is seeding or reseeding. +The last case ensures that the \s-1DRBG\s0 automatically recovers +from the error as soon as the entropy source is available again. +.SS "Manual Reseeding" +.IX Subsection "Manual Reseeding" +In addition to automatic reseeding, the caller can request an immediate +reseeding of the \s-1DRBG\s0 with fresh entropy by setting the +\&\fIprediction resistance\fR parameter to 1 when calling \fIRAND_DRBG_generate\fR\|(3). +.PP +The document [\s-1NIST\s0 \s-1SP\s0 800\-90C] describes prediction resistance requests +in detail and imposes strict conditions on the entropy sources that are +approved for providing prediction resistance. +A request for prediction resistance can only be satisfied by pulling fresh +entropy from a live entropy source (section 5.5.2 of [\s-1NIST\s0 \s-1SP\s0 800\-90C]). +It is up to the user to ensure that a live entropy source is configured +and is being used. +.PP +For the three shared DRBGs (and only for these) there is another way to +reseed them manually: +If \fIRAND_add\fR\|(3) is called with a positive \fIrandomness\fR argument +(or \fIRAND_seed\fR\|(3)), then this will immediately reseed the \s-1DRBG\s0. +The and \s-1DRBG\s0 will detect this on their next generate +call and reseed, pulling randomness from . +.PP +The last feature has been added to support the common practice used with +previous OpenSSL versions to call \fIRAND_add()\fR before calling \fIRAND_bytes()\fR. +.SS "Entropy Input and Additional Data" +.IX Subsection "Entropy Input and Additional Data" +The \s-1DRBG\s0 distinguishes two different types of random input: \fIentropy\fR, +which comes from a trusted source, and \fIadditional input\fR', +which can optionally be added by the user and is considered untrusted. +It is possible to add \fIadditional input\fR not only during reseeding, +but also for every generate request. +This is in fact done automatically by \fIRAND_DRBG_bytes\fR\|(3). +.SS "Configuring the Random Seed Source" +.IX Subsection "Configuring the Random Seed Source" +In most cases OpenSSL will automatically choose a suitable seed source +for automatically seeding and reseeding its \s-1DRBG\s0. In some cases +however, it will be necessary to explicitly specify a seed source during +configuration, using the \-\-with\-rand\-seed option. For more information, +see the \s-1INSTALL\s0 instructions. There are also operating systems where no +seed source is available and automatic reseeding is disabled by default. +.PP +The following two sections describe the reseeding process of the master +\&\s-1DRBG\s0, depending on whether automatic reseeding is available or not. +.SS "Reseeding the master \s-1DRBG\s0 with automatic seeding enabled" +.IX Subsection "Reseeding the master DRBG with automatic seeding enabled" +Calling \fIRAND_poll()\fR or \fIRAND_add()\fR is not necessary, because the \s-1DRBG\s0 +pulls the necessary entropy from its source automatically. +However, both calls are permitted, and do reseed the \s-1RNG\s0. +.PP +\&\fIRAND_add()\fR can be used to add both kinds of random input, depending on the +value of the \fIrandomness\fR argument: +.IP "randomness == 0:" 4 +.IX Item "randomness == 0:" +The random bytes are mixed as additional input into the current state of +the \s-1DRBG\s0. +Mixing in additional input is not considered a full reseeding, hence the +reseed counter is not reset. +.IP "randomness > 0:" 4 +.IX Item "randomness > 0:" +The random bytes are used as entropy input for a full reseeding +(resp. reinstantiation) if the \s-1DRBG\s0 is instantiated +(resp. uninstantiated or in an error state). +The number of random bits required for reseeding is determined by the +security strength of the \s-1DRBG\s0. Currently it defaults to 256 bits (32 bytes). +It is possible to provide less randomness than required. +In this case the missing randomness will be obtained by pulling random input +from the trusted entropy sources. +.PP +\&\s-1NOTE:\s0 Manual reseeding is *not allowed* in \s-1FIPS\s0 mode, because +[\s-1NIST\s0 SP\-800\-90Ar1] mandates that entropy *shall not* be provided by +the consuming application for instantiation (Section 9.1) or +reseeding (Section 9.2). For that reason, the \fIrandomness\fR +argument is ignored and the random bytes provided by the \fIRAND_add\fR\|(3) and +\&\fIRAND_seed\fR\|(3) calls are treated as additional data. +.SS "Reseeding the master \s-1DRBG\s0 with automatic seeding disabled" +.IX Subsection "Reseeding the master DRBG with automatic seeding disabled" +Calling \fIRAND_poll()\fR will always fail. +.PP +\&\fIRAND_add()\fR needs to be called for initial seeding and periodic reseeding. +At least 48 bytes (384 bits) of randomness have to be provided, otherwise +the (re\-)seeding of the \s-1DRBG\s0 will fail. This corresponds to one and a half +times the security strength of the \s-1DRBG\s0. The extra half is used for the +nonce during instantiation. +.PP +More precisely, the number of bytes needed for seeding depend on the +\&\fIsecurity strength\fR of the \s-1DRBG\s0, which is set to 256 by default. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIRAND_DRBG_bytes\fR\|(3), +\&\fIRAND_DRBG_generate\fR\|(3), +\&\fIRAND_DRBG_reseed\fR\|(3), +\&\fIRAND_DRBG_get0_master\fR\|(3), +\&\fIRAND_DRBG_get0_public\fR\|(3), +\&\fIRAND_DRBG_get0_private\fR\|(3), +\&\fIRAND_DRBG_set_reseed_interval\fR\|(3), +\&\fIRAND_DRBG_set_reseed_time_interval\fR\|(3), +\&\fIRAND_DRBG_set_reseed_defaults\fR\|(3), +\&\s-1\fIRAND\s0\fR\|(7), +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man7/RSA-PSS.7 b/linux_amd64/ssl/share/man/man7/RSA-PSS.7 new file mode 100755 index 0000000..5cb64b0 --- /dev/null +++ b/linux_amd64/ssl/share/man/man7/RSA-PSS.7 @@ -0,0 +1,180 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA-PSS 7" +.TH RSA-PSS 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA\-PSS \- EVP_PKEY RSA\-PSS algorithm support +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBRSA-PSS\fR \s-1EVP_PKEY\s0 implementation is a restricted version of the \s-1RSA\s0 +algorithm which only supports signing, verification and key generation +using \s-1PSS\s0 padding modes with optional parameter restrictions. +.PP +It has associated private key and public key formats. +.PP +This algorithm shares several control operations with the \fB\s-1RSA\s0\fR algorithm +but with some restrictions described below. +.SS "Signing and Verification" +.IX Subsection "Signing and Verification" +Signing and verification is similar to the \fB\s-1RSA\s0\fR algorithm except the +padding mode is always \s-1PSS\s0. If the key in use has parameter restrictions then +the corresponding signature parameters are set to the restrictions: +for example, if the key can only be used with digest \s-1SHA256\s0, \s-1MGF1\s0 \s-1SHA256\s0 +and minimum salt length 32 then the digest, \s-1MGF1\s0 digest and salt length +will be set to \s-1SHA256\s0, \s-1SHA256\s0 and 32 respectively. +.SS "Key Generation" +.IX Subsection "Key Generation" +By default no parameter restrictions are placed on the generated key. +.SH "NOTES" +.IX Header "NOTES" +The public key format is documented in \s-1RFC4055\s0. +.PP +The PKCS#8 private key format used for RSA-PSS keys is similar to the \s-1RSA\s0 +format except it uses the \fBid-RSASSA-PSS\fR \s-1OID\s0 and the parameters field, if +present, restricts the key parameters in the same way as the public key. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1RFC\s0 4055 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_PKEY_CTX_set_rsa_pss_keygen_md\fR\|(3), +\&\fIEVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md\fR\|(3), +\&\fIEVP_PKEY_CTX_set_rsa_pss_keygen_saltlen\fR\|(3), +\&\fIEVP_PKEY_CTX_new\fR\|(3), +\&\fIEVP_PKEY_CTX_ctrl_str\fR\|(3), +\&\fIEVP_PKEY_derive\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man7/SM2.7 b/linux_amd64/ssl/share/man/man7/SM2.7 new file mode 100755 index 0000000..8616e2b --- /dev/null +++ b/linux_amd64/ssl/share/man/man7/SM2.7 @@ -0,0 +1,199 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SM2 7" +.TH SM2 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SM2 \- Chinese SM2 signature and encryption algorithm support +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1SM2\s0\fR algorithm was first defined by the Chinese national standard \s-1GM/T\s0 +0003\-2012 and was later standardized by \s-1ISO\s0 as \s-1ISO/IEC\s0 14888. \fB\s-1SM2\s0\fR is actually +an elliptic curve based algorithm. The current implementation in OpenSSL supports +both signature and encryption schemes via the \s-1EVP\s0 interface. +.PP +When doing the \fB\s-1SM2\s0\fR signature algorithm, it requires a distinguishing identifier +to form the message prefix which is hashed before the real message is hashed. +.SH "NOTES" +.IX Header "NOTES" +\&\fB\s-1SM2\s0\fR signatures can be generated by using the 'DigestSign' series of APIs, for +instance, \fIEVP_DigestSignInit()\fR, \fIEVP_DigestSignUpdate()\fR and \fIEVP_DigestSignFinal()\fR. +Ditto for the verification process by calling the 'DigestVerify' series of APIs. +.PP +Before computing an \fB\s-1SM2\s0\fR signature, an \fB\s-1EVP_PKEY_CTX\s0\fR needs to be created, +and an \fB\s-1SM2\s0\fR \s-1ID\s0 must be set for it, like this: +.PP +.Vb 1 +\& EVP_PKEY_CTX_set1_id(pctx, id, id_len); +.Ve +.PP +Before calling the \fIEVP_DigestSignInit()\fR or \fIEVP_DigestVerifyInit()\fR functions, +that \fB\s-1EVP_PKEY_CTX\s0\fR should be assigned to the \fB\s-1EVP_MD_CTX\s0\fR, like this: +.PP +.Vb 1 +\& EVP_MD_CTX_set_pkey_ctx(mctx, pctx); +.Ve +.PP +There is normally no need to pass a \fBpctx\fR parameter to \fIEVP_DigestSignInit()\fR +or \fIEVP_DigestVerifyInit()\fR in such a scenario. +.PP +\&\s-1SM2\s0 can be tested with the \fIopenssl\-speed\fR\|(1) application since version 3.0.0. +Currently, the only valid algorithm name is \fBsm2\fR. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This example demonstrates the calling sequence for using an \fB\s-1EVP_PKEY\s0\fR to verify +a message with the \s-1SM2\s0 signature algorithm and the \s-1SM3\s0 hash algorithm: +.PP +.Vb 1 +\& #include +\& +\& /* obtain an EVP_PKEY using whatever methods... */ +\& mctx = EVP_MD_CTX_new(); +\& pctx = EVP_PKEY_CTX_new(pkey, NULL); +\& EVP_PKEY_CTX_set1_id(pctx, id, id_len); +\& EVP_MD_CTX_set_pkey_ctx(mctx, pctx); +\& EVP_DigestVerifyInit(mctx, NULL, EVP_sm3(), NULL, pkey); +\& EVP_DigestVerifyUpdate(mctx, msg, msg_len); +\& EVP_DigestVerifyFinal(mctx, sig, sig_len) +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_PKEY_CTX_new\fR\|(3), +\&\fIEVP_DigestSignInit\fR\|(3), +\&\fIEVP_DigestVerifyInit\fR\|(3), +\&\fIEVP_PKEY_CTX_set1_id\fR\|(3), +\&\fIEVP_MD_CTX_set_pkey_ctx\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man7/X25519.7 b/linux_amd64/ssl/share/man/man7/X25519.7 new file mode 100755 index 0000000..b3e7f95 --- /dev/null +++ b/linux_amd64/ssl/share/man/man7/X25519.7 @@ -0,0 +1,201 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X25519 7" +.TH X25519 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X25519, +X448 +\&\- EVP_PKEY X25519 and X448 support +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBX25519\fR and \fBX448\fR \s-1EVP_PKEY\s0 implementation supports key generation and +key derivation using \fBX25519\fR and \fBX448\fR. It has associated private and public +key formats compatible with draft\-ietf\-curdle\-pkix\-03. +.PP +No additional parameters can be set during key generation. +.PP +The peer public key must be set using \fIEVP_PKEY_derive_set_peer()\fR when +performing key derivation. +.SH "NOTES" +.IX Header "NOTES" +A context for the \fBX25519\fR algorithm can be obtained by calling: +.PP +.Vb 1 +\& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_X25519, NULL); +.Ve +.PP +For the \fBX448\fR algorithm a context can be obtained by calling: +.PP +.Vb 1 +\& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_X448, NULL); +.Ve +.PP +X25519 or X448 private keys can be set directly using +\&\fIEVP_PKEY_new_raw_private_key\fR\|(3) or loaded from a PKCS#8 private key file +using \fIPEM_read_bio_PrivateKey\fR\|(3) (or similar function). Completely new keys +can also be generated (see the example below). Setting a private key also sets +the associated public key. +.PP +X25519 or X448 public keys can be set directly using +\&\fIEVP_PKEY_new_raw_public_key\fR\|(3) or loaded from a SubjectPublicKeyInfo +structure in a \s-1PEM\s0 file using \fIPEM_read_bio_PUBKEY\fR\|(3) (or similar function). +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This example generates an \fBX25519\fR private key and writes it to standard +output in \s-1PEM\s0 format: +.PP +.Vb 9 +\& #include +\& #include +\& ... +\& EVP_PKEY *pkey = NULL; +\& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_X25519, NULL); +\& EVP_PKEY_keygen_init(pctx); +\& EVP_PKEY_keygen(pctx, &pkey); +\& EVP_PKEY_CTX_free(pctx); +\& PEM_write_PrivateKey(stdout, pkey, NULL, NULL, 0, NULL, NULL); +.Ve +.PP +The key derivation example in \fIEVP_PKEY_derive\fR\|(3) can be used with +\&\fBX25519\fR and \fBX448\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_PKEY_CTX_new\fR\|(3), +\&\fIEVP_PKEY_keygen\fR\|(3), +\&\fIEVP_PKEY_derive\fR\|(3), +\&\fIEVP_PKEY_derive_set_peer\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man7/bio.7 b/linux_amd64/ssl/share/man/man7/bio.7 new file mode 100755 index 0000000..97b1d7a --- /dev/null +++ b/linux_amd64/ssl/share/man/man7/bio.7 @@ -0,0 +1,208 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO 7" +.TH BIO 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +bio \- Basic I/O abstraction +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A \s-1BIO\s0 is an I/O abstraction, it hides many of the underlying I/O +details from an application. If an application uses a \s-1BIO\s0 for its +I/O it can transparently handle \s-1SSL\s0 connections, unencrypted network +connections and file I/O. +.PP +There are two type of \s-1BIO\s0, a source/sink \s-1BIO\s0 and a filter \s-1BIO\s0. +.PP +As its name implies a source/sink \s-1BIO\s0 is a source and/or sink of data, +examples include a socket \s-1BIO\s0 and a file \s-1BIO\s0. +.PP +A filter \s-1BIO\s0 takes data from one \s-1BIO\s0 and passes it through to +another, or the application. The data may be left unmodified (for +example a message digest \s-1BIO\s0) or translated (for example an +encryption \s-1BIO\s0). The effect of a filter \s-1BIO\s0 may change according +to the I/O operation it is performing: for example an encryption +\&\s-1BIO\s0 will encrypt data if it is being written to and decrypt data +if it is being read from. +.PP +BIOs can be joined together to form a chain (a single \s-1BIO\s0 is a chain +with one component). A chain normally consist of one source/sink +\&\s-1BIO\s0 and one or more filter BIOs. Data read from or written to the +first \s-1BIO\s0 then traverses the chain to the end (normally a source/sink +\&\s-1BIO\s0). +.PP +Some BIOs (such as memory BIOs) can be used immediately after calling +\&\fIBIO_new()\fR. Others (such as file BIOs) need some additional initialization, +and frequently a utility function exists to create and initialize such BIOs. +.PP +If \fIBIO_free()\fR is called on a \s-1BIO\s0 chain it will only free one \s-1BIO\s0 resulting +in a memory leak. +.PP +Calling \fIBIO_free_all()\fR on a single \s-1BIO\s0 has the same effect as calling +\&\fIBIO_free()\fR on it other than the discarded return value. +.PP +Normally the \fItype\fR argument is supplied by a function which returns a +pointer to a \s-1BIO_METHOD\s0. There is a naming convention for such functions: +a source/sink \s-1BIO\s0 typically starts with \fIBIO_s_\fR and +a filter \s-1BIO\s0 with \fIBIO_f_\fR. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Create a memory \s-1BIO:\s0 +.PP +.Vb 1 +\& BIO *mem = BIO_new(BIO_s_mem()); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIBIO_ctrl\fR\|(3), +\&\fIBIO_f_base64\fR\|(3), \fIBIO_f_buffer\fR\|(3), +\&\fIBIO_f_cipher\fR\|(3), \fIBIO_f_md\fR\|(3), +\&\fIBIO_f_null\fR\|(3), \fIBIO_f_ssl\fR\|(3), +\&\fIBIO_find_type\fR\|(3), \fIBIO_new\fR\|(3), +\&\fIBIO_new_bio_pair\fR\|(3), +\&\fIBIO_push\fR\|(3), \fIBIO_read_ex\fR\|(3), +\&\fIBIO_s_accept\fR\|(3), \fIBIO_s_bio\fR\|(3), +\&\fIBIO_s_connect\fR\|(3), \fIBIO_s_fd\fR\|(3), +\&\fIBIO_s_file\fR\|(3), \fIBIO_s_mem\fR\|(3), +\&\fIBIO_s_null\fR\|(3), \fIBIO_s_socket\fR\|(3), +\&\fIBIO_set_callback\fR\|(3), +\&\fIBIO_should_retry\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man7/crypto.7 b/linux_amd64/ssl/share/man/man7/crypto.7 new file mode 100755 index 0000000..047e8ae --- /dev/null +++ b/linux_amd64/ssl/share/man/man7/crypto.7 @@ -0,0 +1,182 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CRYPTO 7" +.TH CRYPTO 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +crypto \- OpenSSL cryptographic library +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +See the individual manual pages for details. +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The OpenSSL crypto library (\f(CW\*(C`libcrypto\*(C'\fR) implements a wide range of +cryptographic algorithms used in various Internet standards. The services +provided by this library are used by the OpenSSL implementations of \s-1SSL\s0, \s-1TLS\s0 +and S/MIME, and they have also been used to implement \s-1SSH\s0, OpenPGP, and +other cryptographic standards. +.PP +\&\f(CW\*(C`libcrypto\*(C'\fR consists of a number of sub-libraries that implement the +individual algorithms. +.PP +The functionality includes symmetric encryption, public key +cryptography and key agreement, certificate handling, cryptographic +hash functions, cryptographic pseudo-random number generator, and +various utilities. +.SH "NOTES" +.IX Header "NOTES" +Some of the newer functions follow a naming convention using the numbers +\&\fB0\fR and \fB1\fR. For example the functions: +.PP +.Vb 2 +\& int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev); +\& int X509_add1_trust_object(X509 *x, const ASN1_OBJECT *obj); +.Ve +.PP +The \fB0\fR version uses the supplied structure pointer directly +in the parent and it will be freed up when the parent is freed. +In the above example \fIcrl\fR would be freed but \fIrev\fR would not. +.PP +The \fB1\fR function uses a copy of the supplied structure pointer +(or in some cases increases its link count) in the parent and +so both (\fIx\fR and \fIobj\fR above) should be freed up. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +See the individual manual pages for details. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), \fIssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man7/ct.7 b/linux_amd64/ssl/share/man/man7/ct.7 new file mode 100755 index 0000000..10c8755 --- /dev/null +++ b/linux_amd64/ssl/share/man/man7/ct.7 @@ -0,0 +1,176 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CT 7" +.TH CT 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ct \- Certificate Transparency +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This library implements Certificate Transparency (\s-1CT\s0) verification for \s-1TLS\s0 +clients, as defined in \s-1RFC\s0 6962. This verification can provide some confidence +that a certificate has been publicly logged in a set of \s-1CT\s0 logs. +.PP +By default, these checks are disabled. They can be enabled using +\&\fISSL_CTX_enable_ct\fR\|(3) or \fISSL_enable_ct\fR\|(3). +.PP +This library can also be used to parse and examine \s-1CT\s0 data structures, such as +Signed Certificate Timestamps (SCTs), or to read a list of \s-1CT\s0 logs. There are +functions for: +\&\- decoding and encoding SCTs in \s-1DER\s0 and \s-1TLS\s0 wire format. +\&\- printing SCTs. +\&\- verifying the authenticity of SCTs. +\&\- loading a \s-1CT\s0 log list from a \s-1CONF\s0 file. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fId2i_SCT_LIST\fR\|(3), +\&\fICTLOG_STORE_new\fR\|(3), +\&\fICTLOG_STORE_get0_log_by_id\fR\|(3), +\&\fISCT_new\fR\|(3), +\&\fISCT_print\fR\|(3), +\&\fISCT_validate\fR\|(3), +\&\fISCT_validate\fR\|(3), +\&\fICT_POLICY_EVAL_CTX_new\fR\|(3), +\&\fISSL_CTX_set_ct_validation_callback\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The ct library was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man7/des_modes.7 b/linux_amd64/ssl/share/man/man7/des_modes.7 new file mode 100755 index 0000000..53b9598 --- /dev/null +++ b/linux_amd64/ssl/share/man/man7/des_modes.7 @@ -0,0 +1,286 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DES_MODES 7" +.TH DES_MODES 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +des_modes \- the variants of DES and other crypto algorithms of OpenSSL +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Several crypto algorithms for OpenSSL can be used in a number of modes. Those +are used for using block ciphers in a way similar to stream ciphers, among +other things. +.SH "OVERVIEW" +.IX Header "OVERVIEW" +.SS "Electronic Codebook Mode (\s-1ECB\s0)" +.IX Subsection "Electronic Codebook Mode (ECB)" +Normally, this is found as the function \fIalgorithm\fR\fI_ecb_encrypt()\fR. +.IP "\(bu" 2 +64 bits are enciphered at a time. +.IP "\(bu" 2 +The order of the blocks can be rearranged without detection. +.IP "\(bu" 2 +The same plaintext block always produces the same ciphertext block +(for the same key) making it vulnerable to a 'dictionary attack'. +.IP "\(bu" 2 +An error will only affect one ciphertext block. +.SS "Cipher Block Chaining Mode (\s-1CBC\s0)" +.IX Subsection "Cipher Block Chaining Mode (CBC)" +Normally, this is found as the function \fIalgorithm\fR\fI_cbc_encrypt()\fR. +Be aware that \fIdes_cbc_encrypt()\fR is not really \s-1DES\s0 \s-1CBC\s0 (it does +not update the \s-1IV\s0); use \fIdes_ncbc_encrypt()\fR instead. +.IP "\(bu" 2 +a multiple of 64 bits are enciphered at a time. +.IP "\(bu" 2 +The \s-1CBC\s0 mode produces the same ciphertext whenever the same +plaintext is encrypted using the same key and starting variable. +.IP "\(bu" 2 +The chaining operation makes the ciphertext blocks dependent on the +current and all preceding plaintext blocks and therefore blocks can not +be rearranged. +.IP "\(bu" 2 +The use of different starting variables prevents the same plaintext +enciphering to the same ciphertext. +.IP "\(bu" 2 +An error will affect the current and the following ciphertext blocks. +.SS "Cipher Feedback Mode (\s-1CFB\s0)" +.IX Subsection "Cipher Feedback Mode (CFB)" +Normally, this is found as the function \fIalgorithm\fR\fI_cfb_encrypt()\fR. +.IP "\(bu" 2 +a number of bits (j) <= 64 are enciphered at a time. +.IP "\(bu" 2 +The \s-1CFB\s0 mode produces the same ciphertext whenever the same +plaintext is encrypted using the same key and starting variable. +.IP "\(bu" 2 +The chaining operation makes the ciphertext variables dependent on the +current and all preceding variables and therefore j\-bit variables are +chained together and can not be rearranged. +.IP "\(bu" 2 +The use of different starting variables prevents the same plaintext +enciphering to the same ciphertext. +.IP "\(bu" 2 +The strength of the \s-1CFB\s0 mode depends on the size of k (maximal if +j == k). In my implementation this is always the case. +.IP "\(bu" 2 +Selection of a small value for j will require more cycles through +the encipherment algorithm per unit of plaintext and thus cause +greater processing overheads. +.IP "\(bu" 2 +Only multiples of j bits can be enciphered. +.IP "\(bu" 2 +An error will affect the current and the following ciphertext variables. +.SS "Output Feedback Mode (\s-1OFB\s0)" +.IX Subsection "Output Feedback Mode (OFB)" +Normally, this is found as the function \fIalgorithm\fR\fI_ofb_encrypt()\fR. +.IP "\(bu" 2 +a number of bits (j) <= 64 are enciphered at a time. +.IP "\(bu" 2 +The \s-1OFB\s0 mode produces the same ciphertext whenever the same +plaintext enciphered using the same key and starting variable. More +over, in the \s-1OFB\s0 mode the same key stream is produced when the same +key and start variable are used. Consequently, for security reasons +a specific start variable should be used only once for a given key. +.IP "\(bu" 2 +The absence of chaining makes the \s-1OFB\s0 more vulnerable to specific attacks. +.IP "\(bu" 2 +The use of different start variables values prevents the same +plaintext enciphering to the same ciphertext, by producing different +key streams. +.IP "\(bu" 2 +Selection of a small value for j will require more cycles through +the encipherment algorithm per unit of plaintext and thus cause +greater processing overheads. +.IP "\(bu" 2 +Only multiples of j bits can be enciphered. +.IP "\(bu" 2 +\&\s-1OFB\s0 mode of operation does not extend ciphertext errors in the +resultant plaintext output. Every bit error in the ciphertext causes +only one bit to be in error in the deciphered plaintext. +.IP "\(bu" 2 +\&\s-1OFB\s0 mode is not self-synchronizing. If the two operation of +encipherment and decipherment get out of synchronism, the system needs +to be re-initialized. +.IP "\(bu" 2 +Each re-initialization should use a value of the start variable +different from the start variable values used before with the same +key. The reason for this is that an identical bit stream would be +produced each time from the same parameters. This would be +susceptible to a 'known plaintext' attack. +.SS "Triple \s-1ECB\s0 Mode" +.IX Subsection "Triple ECB Mode" +Normally, this is found as the function \fIalgorithm\fR\fI_ecb3_encrypt()\fR. +.IP "\(bu" 2 +Encrypt with key1, decrypt with key2 and encrypt with key3 again. +.IP "\(bu" 2 +As for \s-1ECB\s0 encryption but increases the key length to 168 bits. +There are theoretic attacks that can be used that make the effective +key length 112 bits, but this attack also requires 2^56 blocks of +memory, not very likely, even for the \s-1NSA\s0. +.IP "\(bu" 2 +If both keys are the same it is equivalent to encrypting once with +just one key. +.IP "\(bu" 2 +If the first and last key are the same, the key length is 112 bits. +There are attacks that could reduce the effective key strength +to only slightly more than 56 bits, but these require a lot of memory. +.IP "\(bu" 2 +If all 3 keys are the same, this is effectively the same as normal +ecb mode. +.SS "Triple \s-1CBC\s0 Mode" +.IX Subsection "Triple CBC Mode" +Normally, this is found as the function \fIalgorithm\fR\fI_ede3_cbc_encrypt()\fR. +.IP "\(bu" 2 +Encrypt with key1, decrypt with key2 and then encrypt with key3. +.IP "\(bu" 2 +As for \s-1CBC\s0 encryption but increases the key length to 168 bits with +the same restrictions as for triple ecb mode. +.SH "NOTES" +.IX Header "NOTES" +This text was been written in large parts by Eric Young in his original +documentation for SSLeay, the predecessor of OpenSSL. In turn, he attributed +it to: +.PP +.Vb 5 +\& AS 2805.5.2 +\& Australian Standard +\& Electronic funds transfer \- Requirements for interfaces, +\& Part 5.2: Modes of operation for an n\-bit block cipher algorithm +\& Appendix A +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIBF_encrypt\fR\|(3), \fIDES_crypt\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man7/evp.7 b/linux_amd64/ssl/share/man/man7/evp.7 new file mode 100755 index 0000000..633b1e3 --- /dev/null +++ b/linux_amd64/ssl/share/man/man7/evp.7 @@ -0,0 +1,227 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP 7" +.TH EVP 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +evp \- high\-level cryptographic functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP\s0 library provides a high-level interface to cryptographic +functions. +.PP +The \fBEVP_Seal\fR\fI\s-1XXX\s0\fR and \fBEVP_Open\fR\fI\s-1XXX\s0\fR +functions provide public key encryption and decryption to implement digital \*(L"envelopes\*(R". +.PP +The \fBEVP_DigestSign\fR\fI\s-1XXX\s0\fR and +\&\fBEVP_DigestVerify\fR\fI\s-1XXX\s0\fR functions implement +digital signatures and Message Authentication Codes (MACs). Also see the older +\&\fBEVP_Sign\fR\fI\s-1XXX\s0\fR and \fBEVP_Verify\fR\fI\s-1XXX\s0\fR +functions. +.PP +Symmetric encryption is available with the \fBEVP_Encrypt\fR\fI\s-1XXX\s0\fR +functions. The \fBEVP_Digest\fR\fI\s-1XXX\s0\fR functions provide message digests. +.PP +The \fB\s-1EVP_PKEY\s0\fR\fI\s-1XXX\s0\fR functions provide a high level interface to +asymmetric algorithms. To create a new \s-1EVP_PKEY\s0 see +\&\fIEVP_PKEY_new\fR\|(3). EVP_PKEYs can be associated +with a private key of a particular algorithm by using the functions +described on the \fIEVP_PKEY_set1_RSA\fR\|(3) page, or +new keys can be generated using \fIEVP_PKEY_keygen\fR\|(3). +EVP_PKEYs can be compared using \fIEVP_PKEY_cmp\fR\|(3), or printed using +\&\fIEVP_PKEY_print_private\fR\|(3). +.PP +The \s-1EVP_PKEY\s0 functions support the full range of asymmetric algorithm operations: +.IP "For key agreement see \fIEVP_PKEY_derive\fR\|(3)" 4 +.IX Item "For key agreement see EVP_PKEY_derive" +.PD 0 +.IP "For signing and verifying see \fIEVP_PKEY_sign\fR\|(3), \fIEVP_PKEY_verify\fR\|(3) and \fIEVP_PKEY_verify_recover\fR\|(3). However, note that these functions do not perform a digest of the data to be signed. Therefore normally you would use the \fIEVP_DigestSignInit\fR\|(3) functions for this purpose." 4 +.IX Item "For signing and verifying see EVP_PKEY_sign, EVP_PKEY_verify and EVP_PKEY_verify_recover. However, note that these functions do not perform a digest of the data to be signed. Therefore normally you would use the EVP_DigestSignInit functions for this purpose." +.ie n .IP "For encryption and decryption see \fIEVP_PKEY_encrypt\fR\|(3) and \fIEVP_PKEY_decrypt\fR\|(3) respectively. However, note that these functions perform encryption and decryption only. As public key encryption is an expensive operation, normally you would wrap an encrypted message in a ""digital envelope"" using the \fIEVP_SealInit\fR\|(3) and \fIEVP_OpenInit\fR\|(3) functions." 4 +.el .IP "For encryption and decryption see \fIEVP_PKEY_encrypt\fR\|(3) and \fIEVP_PKEY_decrypt\fR\|(3) respectively. However, note that these functions perform encryption and decryption only. As public key encryption is an expensive operation, normally you would wrap an encrypted message in a ``digital envelope'' using the \fIEVP_SealInit\fR\|(3) and \fIEVP_OpenInit\fR\|(3) functions." 4 +.IX Item "For encryption and decryption see EVP_PKEY_encrypt and EVP_PKEY_decrypt respectively. However, note that these functions perform encryption and decryption only. As public key encryption is an expensive operation, normally you would wrap an encrypted message in a digital envelope using the EVP_SealInit and EVP_OpenInit functions." +.PD +.PP +The \fIEVP_BytesToKey\fR\|(3) function provides some limited support for password +based encryption. Careful selection of the parameters will provide a PKCS#5 \s-1PBKDF1\s0 compatible +implementation. However, new applications should not typically use this (preferring, for example, +\&\s-1PBKDF2\s0 from PCKS#5). +.PP +The \fBEVP_Encode\fR\fI\s-1XXX\s0\fR and +\&\fBEVP_Decode\fR\fI\s-1XXX\s0\fR functions implement base 64 encoding +and decoding. +.PP +All the symmetric algorithms (ciphers), digests and asymmetric algorithms +(public key algorithms) can be replaced by \s-1ENGINE\s0 modules providing alternative +implementations. If \s-1ENGINE\s0 implementations of ciphers or digests are registered +as defaults, then the various \s-1EVP\s0 functions will automatically use those +implementations automatically in preference to built in software +implementations. For more information, consult the \fIengine\fR\|(3) man page. +.PP +Although low level algorithm specific functions exist for many algorithms +their use is discouraged. They cannot be used with an \s-1ENGINE\s0 and \s-1ENGINE\s0 +versions of new algorithms cannot be accessed using the low level functions. +Also makes code harder to adapt to new algorithms and some options are not +cleanly supported at the low level and some operations are more efficient +using the high level interface. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_DigestInit\fR\|(3), +\&\fIEVP_EncryptInit\fR\|(3), +\&\fIEVP_OpenInit\fR\|(3), +\&\fIEVP_SealInit\fR\|(3), +\&\fIEVP_DigestSignInit\fR\|(3), +\&\fIEVP_SignInit\fR\|(3), +\&\fIEVP_VerifyInit\fR\|(3), +\&\fIEVP_EncodeInit\fR\|(3), +\&\fIEVP_PKEY_new\fR\|(3), +\&\fIEVP_PKEY_set1_RSA\fR\|(3), +\&\fIEVP_PKEY_keygen\fR\|(3), +\&\fIEVP_PKEY_print_private\fR\|(3), +\&\fIEVP_PKEY_decrypt\fR\|(3), +\&\fIEVP_PKEY_encrypt\fR\|(3), +\&\fIEVP_PKEY_sign\fR\|(3), +\&\fIEVP_PKEY_verify\fR\|(3), +\&\fIEVP_PKEY_verify_recover\fR\|(3), +\&\fIEVP_PKEY_derive\fR\|(3), +\&\fIEVP_BytesToKey\fR\|(3), +\&\fIENGINE_by_id\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man7/openssl-core.h.7 b/linux_amd64/ssl/share/man/man7/openssl-core.h.7 new file mode 100755 index 0000000..6e9a71f --- /dev/null +++ b/linux_amd64/ssl/share/man/man7/openssl-core.h.7 @@ -0,0 +1,246 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-CORE.H 7" +.TH OPENSSL-CORE.H 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl/core.h \- OpenSSL Core types +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fI\fR header defines a number of public types that +are used to communicate between the OpenSSL libraries and +implementation providers. +These types are designed to minimise the need for intimate knowledge +of internal structures between the OpenSSL libraries and the providers. +.PP +The types are: +.IP "\fB\s-1OSSL_DISPATCH\s0\fR" 4 +.IX Item "OSSL_DISPATCH" +This type is a tuple of function identity and function pointer. +Arrays of this type are passed between the OpenSSL libraries and the +providers to describe what functionality one side provides to the +other. +Arrays of this type must be terminated with a tuple having function +identity zero and function pointer \s-1NULL\s0. +.Sp +The available function identities and corresponding function +signatures are defined in \fIopenssl\-core_numbers.h\fR\|(7). +.Sp +Any function identity not recognised by the recipient of this type +will be ignored. +This ensures that providers built with one OpenSSL version in mind +will work together with any other OpenSSL version that supports this +mechanism. +.IP "\fB\s-1OSSL_ITEM\s0\fR" 4 +.IX Item "OSSL_ITEM" +This type is a tuple of integer and pointer. +It's a generic type used as a generic descriptor, its exact meaning +being defined by how it's used. +Arrays of this type are passed between the OpenSSL libraries and the +providers, and must be terminated with a tuple where the integer is +zero and the pointer \s-1NULL\s0. +.IP "\fB\s-1OSSL_ALGORITHM\s0\fR" 4 +.IX Item "OSSL_ALGORITHM" +This type is a tuple of an algorithm name (string), a property +definition (string) and a dispatch table (array of \fB\s-1OSSL_DISPATCH\s0\fR). +Arrays of this type are passed on demand from the providers to the +OpenSSL libraries to describe what algorithms the providers provide +implementations of, and with what properties. +Arrays of this type must be terminated with a tuple having function +identity zero and function pointer \s-1NULL\s0. +.Sp +The algorithm names and property definitions are defined by the +providers. +.IP "\fB\s-1OSSL_PARAM\s0\fR" 4 +.IX Item "OSSL_PARAM" +This type is a structure that allows passing arbitrary object data +between two parties that have no or very little shared knowledge about +their respective internal structures for that object. +It's normally passed in arrays, where the array is terminated with an +element where all fields are zero (for non-pointers) or \s-1NULL\s0 (for +pointers). +.Sp +These arrays can be used to set parameters for some object, to request +parameters, and to describe parameters. +.Sp +\&\fB\s-1OSSL_PARAM\s0\fR is further described in \s-1\fIOSSL_PARAM\s0\fR\|(3) +.IP "\fB\s-1OSSL_CALLBACK\s0\fR" 4 +.IX Item "OSSL_CALLBACK" +This is a function type for a generic feedback callback function: +.Sp +.Vb 1 +\& typedef int (OSSL_CALLBACK)(const OSSL_PARAM params[], void *arg); +.Ve +.Sp +A function that takes a pointer of this type should also take a +pointer to caller data. When calling this callback, the function is +expected to build an \fB\s-1OSSL_PARAM\s0\fR array of data it wants or is +expected to pass back, and pass that as \fIparams\fR, as well as +the caller data pointer it received, as \fIarg\fR. +.IP "\fB\s-1OSSL_PASSPHRASE_CALLBACK\s0\fR" 4 +.IX Item "OSSL_PASSPHRASE_CALLBACK" +This is a function type for a generic pass phrase callback function: +.Sp +.Vb 4 +\& typedef int (OSSL_PASSPHRASE_CALLBACK)(char *pass, size_t pass_size, +\& size_t *pass_len, +\& const OSSL_PARAM params[], +\& void *arg); +.Ve +.Sp +This callback can be used to prompt the user for a passphrase. When +calling it, a buffer to store the pass phrase needs to be given with +\&\fIpass\fR, and its size with \fIpass_size\fR. The length of the prompted +pass phrase will be given back in \fI*pass_len\fR. +.Sp +Additional parameters can be passed with the \fB\s-1OSSL_PARAM\s0\fR array +\&\fIparams\fR. +.Sp +A function that takes a pointer of this type should also take a +pointer to caller data, which should be passed as \fIarg\fR to this +callback. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\-core_numbers.h\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The types described here were added in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man7/openssl-env.7 b/linux_amd64/ssl/share/man/man7/openssl-env.7 new file mode 100755 index 0000000..efb4cae --- /dev/null +++ b/linux_amd64/ssl/share/man/man7/openssl-env.7 @@ -0,0 +1,191 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL-ENV 7" +.TH OPENSSL-ENV 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl\-env \- OpenSSL environment variables +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The OpenSSL libraries use environment variables to override the +compiled-in default paths for various data. +To avoid security risks, the environment is usually not consulted when +the executable is set-user-ID or set-group-ID. +.IP "\fB\s-1CTLOG_FILE\s0\fR" 4 +.IX Item "CTLOG_FILE" +Specifies the path to a certificate transparency log list. +See \fICTLOG_STORE_new\fR\|(3). +.IP "\fB\s-1OPENSSL\s0\fR" 4 +.IX Item "OPENSSL" +Specifies the path to the \fBopenssl\fR executable. Only used by +the \fBrehash\fR script. +See \*(L"Script Configuration\*(R" in \fIopenssl\-rehash\fR\|(1). +.IP "\fB\s-1OPENSSL_CONF\s0\fR" 4 +.IX Item "OPENSSL_CONF" +Specifies the path to a configuration file. +See \fIopenssl\fR\|(1) and \fIconfig\fR\|(5). +.IP "\fB\s-1OPENSSL_ENGINES\s0\fR" 4 +.IX Item "OPENSSL_ENGINES" +Specifies the directory from which dynamic engines are loaded. +See \fIopenssl\-engine\fR\|(1). +.IP "\fB\s-1OPENSSL_MALLOC_FD\s0\fR, \fB\s-1OPENSSL_MALLOC_FAILURES\s0\fR" 4 +.IX Item "OPENSSL_MALLOC_FD, OPENSSL_MALLOC_FAILURES" +If built with debugging, this allows memory allocation to fail. +See \fIOPENSSL_malloc\fR\|(3). +.IP "\fB\s-1OPENSSL_MODULES\s0\fR" 4 +.IX Item "OPENSSL_MODULES" +Specifies the directory from which cryptographic providers are loaded. +See \fIopenssl\-provider\fR\|(1). +.IP "\fB\s-1OPENSSL_WIN32_UTF8\s0\fR" 4 +.IX Item "OPENSSL_WIN32_UTF8" +If set, then \fIUI_OpenSSL\fR\|(3) returns \s-1UTF\-8\s0 encoded strings, rather than +ones encoded in the current code page, and +the \fIopenssl\fR\|(1) program also transcodes the command-line parameters +from the current code page to \s-1UTF\-8\s0. +This environment variable is only checked on Microsoft Windows platforms. +.IP "\fB\s-1RANDFILE\s0\fR" 4 +.IX Item "RANDFILE" +The state file for the random number generator. +This should not be needed in normal use. +See \fIRAND_load_file\fR\|(3). +.IP "\fB\s-1SSL_CERT_DIR\s0\fR, \fB\s-1SSL_CERT_FILE\s0\fR" 4 +.IX Item "SSL_CERT_DIR, SSL_CERT_FILE" +Specify the default directory or file containing \s-1CA\s0 certificates. +See \fISSL_CTX_load_verify_locations\fR\|(3). +.IP "\fB\s-1TSGET\s0\fR" 4 +.IX Item "TSGET" +Additional arguments for the \fItsget\fR\|(1) command. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man7/openssl_user_macros.7 b/linux_amd64/ssl/share/man/man7/openssl_user_macros.7 new file mode 100755 index 0000000..068358c --- /dev/null +++ b/linux_amd64/ssl/share/man/man7/openssl_user_macros.7 @@ -0,0 +1,221 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_USER_MACROS 7" +.TH OPENSSL_USER_MACROS 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +openssl_user_macros, OPENSSL_API_COMPAT \- User defined macros +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +User defined macros allow the programmer to control certain aspects of +what is exposed by the OpenSSL headers. +.PP +\&\fB\s-1NOTE:\s0\fR to be effective, a user defined macro \fImust be defined +before including any header file that depends on it\fR, either in the +compilation command (\f(CW\*(C`cc \-DMACRO=value\*(C'\fR) or by defining the macro in +source before including any headers. +.PP +Other manual pages may refer to this page when declarations depend on +user defined macros. +.SS "The macros" +.IX Subsection "The macros" +.IP "\fB\s-1OPENSSL_API_COMPAT\s0\fR" 4 +.IX Item "OPENSSL_API_COMPAT" +The value is a version number, given in one of the following two forms: +.RS 4 +.ie n .IP """0xMNNFF000L""" 4 +.el .IP "\f(CW0xMNNFF000L\fR" 4 +.IX Item "0xMNNFF000L" +This is the form supported for all versions up to 1.1.x, where \f(CW\*(C`M\*(C'\fR +represents the major number, \f(CW\*(C`NN\*(C'\fR represents the minor number, and +\&\f(CW\*(C`FF\*(C'\fR represents the fix number, as a hexadecimal number. For version +1.1.0, that's \f(CW\*(C`0x10100000L\*(C'\fR. +.Sp +Any version number may be given, but these numbers are +the current known major deprecation points, making them the most +meaningful: +.RS 4 +.ie n .IP """0x00908000L"" (version 0.9.8)" 4 +.el .IP "\f(CW0x00908000L\fR (version 0.9.8)" 4 +.IX Item "0x00908000L (version 0.9.8)" +.PD 0 +.ie n .IP """0x10000000L"" (version 1.0.0)" 4 +.el .IP "\f(CW0x10000000L\fR (version 1.0.0)" 4 +.IX Item "0x10000000L (version 1.0.0)" +.ie n .IP """0x10100000L"" (version 1.1.0)" 4 +.el .IP "\f(CW0x10100000L\fR (version 1.1.0)" 4 +.IX Item "0x10100000L (version 1.1.0)" +.RE +.RS 4 +.PD +.Sp +For convenience, higher numbers are accepted as well, as long as +feasible. For example, \f(CW\*(C`0x60000000L\*(C'\fR will work as expected. +However, it is recommended to start using the second form instead: +.RE +.ie n .IP """mmnnpp""" 4 +.el .IP "\f(CWmmnnpp\fR" 4 +.IX Item "mmnnpp" +This form is a simple decimal number calculated with this formula: +.Sp +\&\fImajor\fR * 10000 + \fIminor\fR * 100 + \fIpatch\fR +.Sp +where \fImajor\fR, \fIminor\fR and \fIpatch\fR are the desired major, +minor and patch components of the version number. For example: +.RS 4 +.IP "30000 corresponds to version 3.0.0" 4 +.IX Item "30000 corresponds to version 3.0.0" +.PD 0 +.IP "10002 corresponds to version 1.0.2" 4 +.IX Item "10002 corresponds to version 1.0.2" +.IP "420101 corresponds to version 42.1.1" 4 +.IX Item "420101 corresponds to version 42.1.1" +.RE +.RS 4 +.RE +.RE +.RS 4 +.PD +.Sp +If not set, this macro will default to +\&\f(CW30000\fR. +.RE +.IP "\fB\s-1OPENSSL_NO_DEPRECATED\s0\fR" 4 +.IX Item "OPENSSL_NO_DEPRECATED" +If this macro is defined, all deprecated public symbols in all OpenSSL +versions up to and including the version given by \fB\s-1OPENSSL_API_COMPAT\s0\fR +will be hidden. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man7/ossl_store-file.7 b/linux_amd64/ssl/share/man/man7/ossl_store-file.7 new file mode 100755 index 0000000..0aa17e8 --- /dev/null +++ b/linux_amd64/ssl/share/man/man7/ossl_store-file.7 @@ -0,0 +1,182 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_STORE-FILE 7" +.TH OSSL_STORE-FILE 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ossl_store\-file \- The store 'file' scheme loader +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +#include +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Support for the 'file' scheme is built into \f(CW\*(C`libcrypto\*(C'\fR. +Since files come in all kinds of formats and content types, the 'file' +scheme has its own layer of functionality called \*(L"file handlers\*(R", +which are used to try to decode diverse types of file contents. +.PP +In case a file is formatted as \s-1PEM\s0, each called file handler receives +the \s-1PEM\s0 name (everything following any '\f(CW\*(C`\-\-\-\-\-BEGIN \*(C'\fR') as well as +possible \s-1PEM\s0 headers, together with the decoded \s-1PEM\s0 body. Since \s-1PEM\s0 +formatted files can contain more than one object, the file handlers +are called upon for each such object. +.PP +If the file isn't determined to be formatted as \s-1PEM\s0, the content is +loaded in raw form in its entirety and passed to the available file +handlers as is, with no \s-1PEM\s0 name or headers. +.PP +Each file handler is expected to handle \s-1PEM\s0 and non-PEM content as +appropriate. Some may refuse non-PEM content for the sake of +determinism (for example, there are keys out in the wild that are +represented as an \s-1ASN\s0.1 \s-1OCTET\s0 \s-1STRING\s0. In raw form, it's not easily +possible to distinguish those from any other data coming as an \s-1ASN\s0.1 +\&\s-1OCTET\s0 \s-1STRING\s0, so such keys would naturally be accepted as \s-1PEM\s0 files +only). +.SH "NOTES" +.IX Header "NOTES" +When needed, the 'file' scheme loader will require a pass phrase by +using the \fB\s-1UI_METHOD\s0\fR that was passed via \fIOSSL_STORE_open()\fR. +This pass phrase is expected to be \s-1UTF\-8\s0 encoded, anything else will +give an undefined result. +The files made accessible through this loader are expected to be +standard compliant with regards to pass phrase encoding. +Files that aren't should be re-generated with a correctly encoded pass +phrase. +See \fIpassphrase\-encoding\fR\|(7) for more information. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIossl_store\fR\|(7), \fIpassphrase\-encoding\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man7/ossl_store.7 b/linux_amd64/ssl/share/man/man7/ossl_store.7 new file mode 100755 index 0000000..6b5ff4d --- /dev/null +++ b/linux_amd64/ssl/share/man/man7/ossl_store.7 @@ -0,0 +1,206 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_STORE 7" +.TH OSSL_STORE 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ossl_store \- Store retrieval functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +#include +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +.SS "General" +.IX Subsection "General" +A \s-1STORE\s0 is a layer of functionality to retrieve a number of supported +objects from a repository of any kind, addressable as a filename or +as a \s-1URI\s0. +.PP +The functionality supports the pattern \*(L"open a channel to the +repository\*(R", \*(L"loop and retrieve one object at a time\*(R", and \*(L"finish up +by closing the channel\*(R". +.PP +The retrieved objects are returned as a wrapper type \fB\s-1OSSL_STORE_INFO\s0\fR, +from which an OpenSSL type can be retrieved. +.SS "\s-1URI\s0 schemes and loaders" +.IX Subsection "URI schemes and loaders" +Support for a \s-1URI\s0 scheme is called a \s-1STORE\s0 \*(L"loader\*(R", and can be added +dynamically from the calling application or from a loadable engine. +.PP +Support for the 'file' scheme is built into \f(CW\*(C`libcrypto\*(C'\fR. +See \fIossl_store\-file\fR\|(7) for more information. +.SS "\s-1UI_METHOD\s0 and pass phrases" +.IX Subsection "UI_METHOD and pass phrases" +The \fB\s-1OSS_STORE\s0\fR \s-1API\s0 does nothing to enforce any specific format or +encoding on the pass phrase that the \fB\s-1UI_METHOD\s0\fR provides. However, +the pass phrase is expected to be \s-1UTF\-8\s0 encoded. The result of any +other encoding is undefined. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +.SS "A generic call" +.IX Subsection "A generic call" +.Vb 1 +\& OSSL_STORE_CTX *ctx = OSSL_STORE_open("file:/foo/bar/data.pem"); +\& +\& /* +\& * OSSL_STORE_eof() simulates file semantics for any repository to signal +\& * that no more data can be expected +\& */ +\& while (!OSSL_STORE_eof(ctx)) { +\& OSSL_STORE_INFO *info = OSSL_STORE_load(ctx); +\& +\& /* +\& * Do whatever is necessary with the OSSL_STORE_INFO, +\& * here just one example +\& */ +\& switch (OSSL_STORE_INFO_get_type(info)) { +\& case OSSL_STORE_INFO_X509: +\& /* Print the X.509 certificate text */ +\& X509_print_fp(stdout, OSSL_STORE_INFO_get0_CERT(info)); +\& /* Print the X.509 certificate PEM output */ +\& PEM_write_X509(stdout, OSSL_STORE_INFO_get0_CERT(info)); +\& break; +\& } +\& } +\& +\& OSSL_STORE_close(ctx); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fIOSSL_STORE_INFO\s0\fR\|(3), \s-1\fIOSSL_STORE_LOADER\s0\fR\|(3), +\&\fIOSSL_STORE_open\fR\|(3), \fIOSSL_STORE_expect\fR\|(3), +\&\s-1\fIOSSL_STORE_SEARCH\s0\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man7/passphrase-encoding.7 b/linux_amd64/ssl/share/man/man7/passphrase-encoding.7 new file mode 100755 index 0000000..83049d9 --- /dev/null +++ b/linux_amd64/ssl/share/man/man7/passphrase-encoding.7 @@ -0,0 +1,279 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PASSPHRASE-ENCODING 7" +.TH PASSPHRASE-ENCODING 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +passphrase\-encoding +\&\- How diverse parts of OpenSSL treat pass phrases character encoding +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +In a modern world with all sorts of character encodings, the treatment of pass +phrases has become increasingly complex. +This manual page attempts to give an overview over how this problem is +currently addressed in different parts of the OpenSSL library. +.SS "The general case" +.IX Subsection "The general case" +The OpenSSL library doesn't treat pass phrases in any special way as a general +rule, and trusts the application or user to choose a suitable character set +and stick to that throughout the lifetime of affected objects. +This means that for an object that was encrypted using a pass phrase encoded in +\&\s-1ISO\-8859\-1\s0, that object needs to be decrypted using a pass phrase encoded in +\&\s-1ISO\-8859\-1\s0. +Using the wrong encoding is expected to cause a decryption failure. +.SS "PKCS#12" +.IX Subsection "PKCS#12" +PKCS#12 is a bit different regarding pass phrase encoding. +The standard stipulates that the pass phrase shall be encoded as an \s-1ASN\s0.1 +BMPString, which consists of the code points of the basic multilingual plane, +encoded in big endian (\s-1UCS\-2\s0 \s-1BE\s0). +.PP +OpenSSL tries to adapt to this requirements in one of the following manners: +.IP "1." 4 +Treats the received pass phrase as \s-1UTF\-8\s0 encoded and tries to re-encode it to +\&\s-1UTF\-16\s0 (which is the same as \s-1UCS\-2\s0 for characters U+0000 to U+D7FF and U+E000 +to U+FFFF, but becomes an expansion for any other character), or failing that, +proceeds with step 2. +.IP "2." 4 +Assumes that the pass phrase is encoded in \s-1ASCII\s0 or \s-1ISO\-8859\-1\s0 and +opportunistically prepends each byte with a zero byte to obtain the \s-1UCS\-2\s0 +encoding of the characters, which it stores as a BMPString. +.Sp +Note that since there is no check of your locale, this may produce \s-1UCS\-2\s0 / +\&\s-1UTF\-16\s0 characters that do not correspond to the original pass phrase characters +for other character sets, such as any \s-1ISO\-8859\-X\s0 encoding other than +\&\s-1ISO\-8859\-1\s0 (or for Windows, \s-1CP\s0 1252 with exception for the extra \*(L"graphical\*(R" +characters in the 0x80\-0x9F range). +.PP +OpenSSL versions older than 1.1.0 do variant 2 only, and that is the reason why +OpenSSL still does this, to be able to read files produced with older versions. +.PP +It should be noted that this approach isn't entirely fault free. +.PP +A pass phrase encoded in \s-1ISO\-8859\-2\s0 could very well have a sequence such as +0xC3 0xAF (which is the two characters \*(L"\s-1LATIN\s0 \s-1CAPITAL\s0 \s-1LETTER\s0 A \s-1WITH\s0 \s-1BREVE\s0\*(R" +and \*(L"\s-1LATIN\s0 \s-1CAPITAL\s0 \s-1LETTER\s0 Z \s-1WITH\s0 \s-1DOT\s0 \s-1ABOVE\s0\*(R" in \s-1ISO\-8859\-2\s0 encoding), but would +be misinterpreted as the perfectly valid \s-1UTF\-8\s0 encoded code point U+00EF (\s-1LATIN\s0 +\&\s-1SMALL\s0 \s-1LETTER\s0 I \s-1WITH\s0 \s-1DIAERESIS\s0) \fIif the pass phrase doesn't contain anything that +would be invalid \s-1UTF\-8\s0\fR. +A pass phrase that contains this kind of byte sequence will give a different +outcome in OpenSSL 1.1.0 and newer than in OpenSSL older than 1.1.0. +.PP +.Vb 2 +\& 0x00 0xC3 0x00 0xAF # OpenSSL older than 1.1.0 +\& 0x00 0xEF # OpenSSL 1.1.0 and newer +.Ve +.PP +On the same accord, anything encoded in \s-1UTF\-8\s0 that was given to OpenSSL older +than 1.1.0 was misinterpreted as \s-1ISO\-8859\-1\s0 sequences. +.SS "\s-1OSSL_STORE\s0" +.IX Subsection "OSSL_STORE" +\&\fIossl_store\fR\|(7) acts as a general interface to access all kinds of objects, +potentially protected with a pass phrase, a \s-1PIN\s0 or something else. +This \s-1API\s0 stipulates that pass phrases should be \s-1UTF\-8\s0 encoded, and that any +other pass phrase encoding may give undefined results. +This \s-1API\s0 relies on the application to ensure \s-1UTF\-8\s0 encoding, and doesn't check +that this is the case, so what it gets, it will also pass to the underlying +loader. +.SH "RECOMMENDATIONS" +.IX Header "RECOMMENDATIONS" +This section assumes that you know what pass phrase was used for encryption, +but that it may have been encoded in a different character encoding than the +one used by your current input method. +For example, the pass phrase may have been used at a time when your default +encoding was \s-1ISO\-8859\-1\s0 (i.e. \*(L"nai\*:ve\*(R" resulting in the byte sequence 0x6E 0x61 +0xEF 0x76 0x65), and you're now in an environment where your default encoding +is \s-1UTF\-8\s0 (i.e. \*(L"nai\*:ve\*(R" resulting in the byte sequence 0x6E 0x61 0xC3 0xAF 0x76 +0x65). +Whenever it's mentioned that you should use a certain character encoding, it +should be understood that you either change the input method to use the +mentioned encoding when you type in your pass phrase, or use some suitable tool +to convert your pass phrase from your default encoding to the target encoding. +.PP +Also note that the sub-sections below discuss human readable pass phrases. +This is particularly relevant for PKCS#12 objects, where human readable pass +phrases are assumed. +For other objects, it's as legitimate to use any byte sequence (such as a +sequence of bytes from `/dev/urandom` that's been saved away), which makes any +character encoding discussion irrelevant; in such cases, simply use the same +byte sequence as it is. +.SS "Creating new objects" +.IX Subsection "Creating new objects" +For creating new pass phrase protected objects, make sure the pass phrase is +encoded using \s-1UTF\-8\s0. +This is default on most modern Unixes, but may involve an effort on other +platforms. +Specifically for Windows, setting the environment variable +\&\fB\s-1OPENSSL_WIN32_UTF8\s0\fR will have anything entered on [Windows] console prompt +converted to \s-1UTF\-8\s0 (command line and separately prompted pass phrases alike). +.SS "Opening existing objects" +.IX Subsection "Opening existing objects" +For opening pass phrase protected objects where you know what character +encoding was used for the encryption pass phrase, make sure to use the same +encoding again. +.PP +For opening pass phrase protected objects where the character encoding that was +used is unknown, or where the producing application is unknown, try one of the +following: +.IP "1." 4 +Try the pass phrase that you have as it is in the character encoding of your +environment. +It's possible that its byte sequence is exactly right. +.IP "2." 4 +Convert the pass phrase to \s-1UTF\-8\s0 and try with the result. +Specifically with PKCS#12, this should open up any object that was created +according to the specification. +.IP "3." 4 +Do a nai\*:ve (i.e. purely mathematical) \s-1ISO\-8859\-1\s0 to \s-1UTF\-8\s0 conversion and try +with the result. +This differs from the previous attempt because \s-1ISO\-8859\-1\s0 maps directly to +U+0000 to U+00FF, which other non\-UTF\-8 character sets do not. +.Sp +This also takes care of the case when a \s-1UTF\-8\s0 encoded string was used with +OpenSSL older than 1.1.0. +(for example, \f(CW\*(C`i\*:\*(C'\fR, which is 0xC3 0xAF when encoded in \s-1UTF\-8\s0, would become 0xC3 +0x83 0xC2 0xAF when re-encoded in the nai\*:ve manner. +The conversion to BMPString would then yield 0x00 0xC3 0x00 0xA4 0x00 0x00, the +erroneous/non\-compliant encoding used by OpenSSL older than 1.1.0) +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIevp\fR\|(7), +\&\fIossl_store\fR\|(7), +\&\fIEVP_BytesToKey\fR\|(3), \fIEVP_DecryptInit\fR\|(3), +\&\fIPEM_do_header\fR\|(3), +\&\fIPKCS12_parse\fR\|(3), \fIPKCS12_newpass\fR\|(3), +\&\fId2i_PKCS8PrivateKey_bio\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man7/property.7 b/linux_amd64/ssl/share/man/man7/property.7 new file mode 100755 index 0000000..51923a3 --- /dev/null +++ b/linux_amd64/ssl/share/man/man7/property.7 @@ -0,0 +1,275 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PROPERTY 7" +.TH PROPERTY 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +property \- Properties, a selection mechanism for algorithm implementations +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +As of OpenSSL 3.0, a new method has been introduced to decide which of +multiple implementations of an algorithm will be used. +The method is centered around the concept of properties. +Each implementation defines a number of properties and when an algorithm +is being selected, filters based on these properties can be used to +choose the most appropriate implementation of the algorithm. +.PP +Properties are like variables, they are referenced by name and have a value +assigned. +.SS "Property Names" +.IX Subsection "Property Names" +Property names fall into two categories: those reserved by the OpenSSL +project and user defined names. +A \fIreserved\fR property name consists of a single C\-style identifier +(except for leading underscores not being permitted), which begins +with a letter and can be followed by any number of letters, numbers +and underscores. +Property names are case-insensitive, but OpenSSL will only use lowercase +letters. +.PP +A \fIuser defined\fR property name is similar, but it \fBmust\fR consist of +two or more C\-style identifiers, separated by periods. +The last identifier in the name can be considered the 'true' property +name, which is prefixed by some sort of 'namespace'. +Providers for example could include their name in the prefix and use +property names like +.PP +.Vb 2 +\& . +\& .. +.Ve +.SS "Properties" +.IX Subsection "Properties" +A \fIproperty\fR is a \fIname=value\fR pair. +A \fIproperty definition\fR is a sequence of comma separated properties. +There can be any number of properties in a definition. +For example: "\*(L" defines a null property definition; \*(R"my.foo=bar" +defines a property named \fImy.foo\fR which has a string value \fIbar\fR and +\&\*(L"iteration.count=3\*(R" defines a property named \fIiteration.count\fR which +has a numeric value of \fI3\fR. +The full syntax for property definitions appears below. +.SS "Implementations" +.IX Subsection "Implementations" +Each implementation of an algorithm can define any number of +properties. +For example, the default provider defines the property \fIprovider=default\fR +for all of its algorithms. +Likewise, OpenSSL's \s-1FIPS\s0 provider defines \fIprovider=fips\fR and the legacy +provider defines \fIprovider=legacy\fR for all of their algorithms. +.SS "Queries" +.IX Subsection "Queries" +A \fIproperty query clause\fR is a single conditional test. +For example, \*(L"fips=yes\*(R", \*(L"provider!=default\*(R" or \*(L"?iteration.count!=3\*(R". +The first two represent mandatory clauses, such clauses \fBmust\fR match +for any algorithm to even be under consideration. +The third clause represents an optional clause. +Matching such clauses is not a requirement, but any additional optional +match counts in favor of the algorithm. +More details about that in the \fBLookups\fR section. +A \fIproperty query\fR is a sequence of comma separated property query clauses. +The full syntax for property queries appears below, but the available syntactic +features are: +.IP "\(bu" 4 +\&\fB=\fR is an infix operator providing an equality test. +.IP "\(bu" 4 +\&\fB!=\fR is an infix operator providing an inequality test. +.IP "\(bu" 4 +\&\fB?\fR is a prefix operator that means that the following clause is optional +but preferred. +.IP "\(bu" 4 +\&\fB\-\fR is a prefix operator that means any global query clause involving the +following property name should be ignored. +.IP "\(bu" 4 +\&\fB\*(L"...\*(R"\fR is a quoted string. +The quotes are not included in the body of the string. +.IP "\(bu" 4 +\&\fB'...'\fR is a quoted string. +The quotes are not included in the body of the string. +.SS "Lookups" +.IX Subsection "Lookups" +When an algorithm is looked up, a property query is used to determine +the best matching algorithm. +All mandatory query clauses \fBmust\fR be present and the implementation +that additionally has the largest number of matching optional query +clauses will be used. +If there is more than one such optimal candidate, the result will be +chosen from amongst those in an indeterminate way. +Ordering of optional clauses is not significant. +.SS "Shortcut" +.IX Subsection "Shortcut" +In order to permit a more concise expression of boolean properties, there +is one short cut: a property name alone (e.g. \*(L"my.property\*(R") is +exactly equivalent to \*(L"my.property=yes\*(R" in both definitions and queries. +.SS "Global and Local" +.IX Subsection "Global and Local" +Two levels of property query are supported. +A context based property query that applies to all fetch operations and a local +property query. +Where both the context and local queries include a clause with the same name, +the local clause overrides the context clause. +.PP +It is possible for a local property query to remove a clause in the context +property query by preceding the property name with a '\-'. +For example, a context property query that contains \*(L"fips=yes\*(R" would normally +result in implementations that have \*(L"fips=yes\*(R". +.PP +However, if the setting of the \*(L"fips\*(R" property is irrelevant to the +operations being performed, the local property query can include the +clause \*(L"\-fips\*(R". +Note that the local property query could not use \*(L"fips=no\*(R" because that would +disallow any implementations with \*(L"fips=yes\*(R" rather than not caring about the +setting. +.SH "SYNTAX" +.IX Header "SYNTAX" +The lexical syntax in \s-1EBNF\s0 is given by: +.PP +.Vb 11 +\& Definition ::= PropertyName ( \*(Aq=\*(Aq Value )? +\& ( \*(Aq,\*(Aq PropertyName ( \*(Aq=\*(Aq Value )? )* +\& Query ::= PropertyQuery ( \*(Aq,\*(Aq PropertyQuery )* +\& PropertyQuery ::= \*(Aq\-\*(Aq PropertyName +\& | \*(Aq?\*(Aq? ( PropertyName (( \*(Aq=\*(Aq | \*(Aq!=\*(Aq ) Value)?) +\& Value ::= NumberLiteral | StringLiteral +\& StringLiteral ::= QuotedString | UnquotedString +\& QuotedString ::= \*(Aq"\*(Aq [^"]* \*(Aq"\*(Aq | "\*(Aq" [^\*(Aq]* "\*(Aq" +\& UnquotedString ::= [^{space},]+ +\& NumberLiteral ::= \*(Aq0\*(Aq ( [0\-7]* | \*(Aqx\*(Aq [0\-9A\-Fa\-f]+ ) | \*(Aq\-\*(Aq? [1\-9] [0\-9]+ +\& PropertyName ::= [A\-Z] [A\-Z0\-9_]* ( \*(Aq.\*(Aq [A\-Z] [A\-Z0\-9_]* )* +.Ve +.SH "HISTORY" +.IX Header "HISTORY" +Properties were added in OpenSSL 3.0 +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man7/provider-asym_cipher.7 b/linux_amd64/ssl/share/man/man7/provider-asym_cipher.7 new file mode 100755 index 0000000..9a872be --- /dev/null +++ b/linux_amd64/ssl/share/man/man7/provider-asym_cipher.7 @@ -0,0 +1,375 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PROVIDER-ASYM_CIPHER 7" +.TH PROVIDER-ASYM_CIPHER 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +provider\-asym_cipher \- The asym_cipher library <\-> provider functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& #include +\& #include +\& +\& /* +\& * None of these are actual functions, but are displayed like this for +\& * the function signatures for functions that are offered as function +\& * pointers in OSSL_DISPATCH arrays. +\& */ +\& +\& /* Context management */ +\& void *OP_asym_cipher_newctx(void *provctx); +\& void OP_asym_cipher_freectx(void *ctx); +\& void *OP_asym_cipher_dupctx(void *ctx); +\& +\& /* Encryption */ +\& int OP_asym_cipher_encrypt_init(void *ctx, void *provkey); +\& int OP_asym_cipher_encrypt(void *ctx, unsigned char *out, size_t *outlen, +\& size_t outsize, const unsigned char *in, +\& size_t inlen); +\& +\& /* Decryption */ +\& int OP_asym_cipher_decrypt_init(void *ctx, void *provkey); +\& int OP_asym_cipher_decrypt(void *ctx, unsigned char *out, size_t *outlen, +\& size_t outsize, const unsigned char *in, +\& size_t inlen); +\& +\& /* Asymmetric Cipher parameters */ +\& int OP_asym_cipher_get_ctx_params(void *ctx, OSSL_PARAM params[]); +\& const OSSL_PARAM *OP_asym_cipher_gettable_ctx_params(void); +\& int OP_asym_cipher_set_ctx_params(void *ctx, const OSSL_PARAM params[]); +\& const OSSL_PARAM *OP_asym_cipher_settable_ctx_params(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This documentation is primarily aimed at provider authors. See \fIprovider\fR\|(7) +for further information. +.PP +The asymmetric cipher (\s-1OSSL_OP_ASYM_CIPHER\s0) operation enables providers to +implement asymmetric cipher algorithms and make them available to applications +via the \s-1API\s0 functions \fIEVP_PKEY_encrypt\fR\|(3), +\&\fIEVP_PKEY_decrypt\fR\|(3) and +other related functions). +.PP +All \*(L"functions\*(R" mentioned here are passed as function pointers between +\&\fIlibcrypto\fR and the provider in \fB\s-1OSSL_DISPATCH\s0\fR arrays via +\&\fB\s-1OSSL_ALGORITHM\s0\fR arrays that are returned by the provider's +\&\fIprovider_query_operation()\fR function +(see \*(L"Provider Functions\*(R" in \fIprovider\-base\fR\|(7)). +.PP +All these \*(L"functions\*(R" have a corresponding function type definition +named \fBOSSL_{name}_fn\fR, and a helper function to retrieve the +function pointer from an \fB\s-1OSSL_DISPATCH\s0\fR element named +\&\fBOSSL_get_{name}\fR. +For example, the \*(L"function\*(R" \fIOP_asym_cipher_newctx()\fR has these: +.PP +.Vb 3 +\& typedef void *(OSSL_OP_asym_cipher_newctx_fn)(void *provctx); +\& static ossl_inline OSSL_OP_asym_cipher_newctx_fn +\& OSSL_get_OP_asym_cipher_newctx(const OSSL_DISPATCH *opf); +.Ve +.PP +\&\fB\s-1OSSL_DISPATCH\s0\fR arrays are indexed by numbers that are provided as +macros in \fIopenssl\-core_numbers.h\fR\|(7), as follows: +.PP +.Vb 3 +\& OP_asym_cipher_newctx OSSL_FUNC_ASYM_CIPHER_NEWCTX +\& OP_asym_cipher_freectx OSSL_FUNC_ASYM_CIPHER_FREECTX +\& OP_asym_cipher_dupctx OSSL_FUNC_ASYM_CIPHER_DUPCTX +\& +\& OP_asym_cipher_encrypt_init OSSL_FUNC_ASYM_CIPHER_ENCRYPT_INIT +\& OP_asym_cipher_encrypt OSSL_FUNC_ASYM_CIPHER_ENCRYPT +\& +\& OP_asym_cipher_decrypt_init OSSL_FUNC_ASYM_CIPHER_DECRYPT_INIT +\& OP_asym_cipher_decrypt OSSL_FUNC_ASYM_CIPHER_DECRYPT +\& +\& OP_asym_cipher_get_ctx_params OSSL_FUNC_ASYM_CIPHER_GET_CTX_PARAMS +\& OP_asym_cipher_gettable_ctx_params OSSL_FUNC_ASYM_CIPHER_GETTABLE_CTX_PARAMS +\& OP_asym_cipher_set_ctx_params OSSL_FUNC_ASYM_CIPHER_SET_CTX_PARAMS +\& OP_asym_cipher_settable_ctx_params OSSL_FUNC_ASYM_CIPHER_SETTABLE_CTX_PARAMS +.Ve +.PP +An asymmetric cipher algorithm implementation may not implement all of these +functions. +In order to be a consistent set of functions a provider must implement +OP_asym_cipher_newctx and OP_asym_cipher_freectx. +It must also implement both of OP_asym_cipher_encrypt_init and +OP_asym_cipher_encrypt, or both of OP_asym_cipher_decrypt_init and +OP_asym_cipher_decrypt. +OP_asym_cipher_get_ctx_params is optional but if it is present then so must +OP_asym_cipher_gettable_ctx_params. +Similarly, OP_asym_cipher_set_ctx_params is optional but if it is present then +so must OP_asym_cipher_settable_ctx_params. +.PP +An asymmetric cipher algorithm must also implement some mechanism for generating, +loading or importing keys via the key management (\s-1OSSL_OP_KEYMGMT\s0) operation. +See \fIprovider\-keymgmt\fR\|(7) for further details. +.SS "Context Management Functions" +.IX Subsection "Context Management Functions" +\&\fIOP_asym_cipher_newctx()\fR should create and return a pointer to a provider side +structure for holding context information during an asymmetric cipher operation. +A pointer to this context will be passed back in a number of the other +asymmetric cipher operation function calls. +The parameter \fIprovctx\fR is the provider context generated during provider +initialisation (see \fIprovider\fR\|(7)). +.PP +\&\fIOP_asym_cipher_freectx()\fR is passed a pointer to the provider side asymmetric +cipher context in the \fIctx\fR parameter. +This function should free any resources associated with that context. +.PP +\&\fIOP_asym_cipher_dupctx()\fR should duplicate the provider side asymmetric cipher +context in the \fIctx\fR parameter and return the duplicate copy. +.SS "Encryption Functions" +.IX Subsection "Encryption Functions" +\&\fIOP_asym_cipher_encrypt_init()\fR initialises a context for an asymmetric encryption +given a provider side asymmetric cipher context in the \fIctx\fR parameter, and a +pointer to a provider key object in the \fIprovkey\fR parameter. +The key object should have been previously generated, loaded or imported into +the provider using the key management (\s-1OSSL_OP_KEYMGMT\s0) operation (see +\&\fIprovider\-keymgmt\fR\|(7)>. +.PP +\&\fIOP_asym_cipher_encrypt()\fR performs the actual encryption itself. +A previously initialised asymmetric cipher context is passed in the \fIctx\fR +parameter. +The data to be encrypted is pointed to by the \fIin\fR parameter which is \fIinlen\fR +bytes long. +Unless \fIout\fR is \s-1NULL\s0, the encrypted data should be written to the location +pointed to by the \fIout\fR parameter and it should not exceed \fIoutsize\fR bytes in +length. +The length of the encrypted data should be written to \fI*outlen\fR. +If \fIout\fR is \s-1NULL\s0 then the maximum length of the encrypted data should be +written to \fI*outlen\fR. +.SS "Decryption Functions" +.IX Subsection "Decryption Functions" +\&\fIOP_asym_cipher_decrypt_init()\fR initialises a context for an asymmetric decryption +given a provider side asymmetric cipher context in the \fIctx\fR parameter, and a +pointer to a provider key object in the \fIprovkey\fR parameter. +The key object should have been previously generated, loaded or imported into +the provider using the key management (\s-1OSSL_OP_KEYMGMT\s0) operation (see +\&\fIprovider\-keymgmt\fR\|(7)>. +.PP +\&\fIOP_asym_cipher_decrypt()\fR performs the actual decryption itself. +A previously initialised asymmetric cipher context is passed in the \fIctx\fR +parameter. +The data to be decrypted is pointed to by the \fIin\fR parameter which is \fIinlen\fR +bytes long. +Unless \fIout\fR is \s-1NULL\s0, the decrypted data should be written to the location +pointed to by the \fIout\fR parameter and it should not exceed \fIoutsize\fR bytes in +length. +The length of the decrypted data should be written to \fI*outlen\fR. +If \fIout\fR is \s-1NULL\s0 then the maximum length of the decrypted data should be +written to \fI*outlen\fR. +.SS "Asymmetric Cipher Parameters" +.IX Subsection "Asymmetric Cipher Parameters" +See \s-1\fIOSSL_PARAM\s0\fR\|(3) for further details on the parameters structure used by +the \fIOP_asym_cipher_get_ctx_params()\fR and \fIOP_asym_cipher_set_ctx_params()\fR +functions. +.PP +\&\fIOP_asym_cipher_get_ctx_params()\fR gets asymmetric cipher parameters associated +with the given provider side asymmetric cipher context \fIctx\fR and stores them in +\&\fIparams\fR. +\&\fIOP_asym_cipher_set_ctx_params()\fR sets the asymmetric cipher parameters associated +with the given provider side asymmetric cipher context \fIctx\fR to \fIparams\fR. +Any parameter settings are additional to any that were previously set. +.PP +Parameters currently recognised by built-in asymmetric cipher algorithms are as +follows. +Not all parameters are relevant to, or are understood by all asymmetric cipher +algorithms: +.ie n .IP """pad-mode"" (\fB\s-1OSSL_ASYM_CIPHER_PARAM_PAD_MODE\s0\fR) " 4 +.el .IP "``pad-mode'' (\fB\s-1OSSL_ASYM_CIPHER_PARAM_PAD_MODE\s0\fR) " 4 +.IX Item "pad-mode (OSSL_ASYM_CIPHER_PARAM_PAD_MODE) " +The type of padding to be used. The interpretation of this value will depend +on the algorithm in use. The default provider understands these \s-1RSA\s0 padding +modes: 1 (\s-1RSA_PKCS1_PADDING\s0), 2 (\s-1RSA_SSLV23_PADDING\s0), 3 (\s-1RSA_NO_PADDING\s0), +4 (\s-1RSA_PKCS1_OAEP_PADDING\s0), 5 (\s-1RSA_X931_PADDING\s0), 6 (\s-1RSA_PKCS1_PSS_PADDING\s0) and +7 (\s-1RSA_PKCS1_WITH_TLS_PADDING\s0). See \fIEVP_PKEY_CTX_set_rsa_padding\fR\|(3) for +further details. +.ie n .IP """digest"" (\fB\s-1OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``digest'' (\fB\s-1OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "digest (OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST) " +Gets or sets the name of the \s-1OAEP\s0 digest algorithm used when \s-1OAEP\s0 padding is in +use. +.ie n .IP """digest-props"" (\fB\s-1OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``digest-props'' (\fB\s-1OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "digest-props (OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS) " +Gets or sets the properties to use when fetching the \s-1OAEP\s0 digest algorithm. +.ie n .IP """mgf1\-digest"" (\fB\s-1OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``mgf1\-digest'' (\fB\s-1OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "mgf1-digest (OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST) " +Gets or sets the name of the \s-1MGF1\s0 digest algorithm used when \s-1OAEP\s0 or \s-1PSS\s0 padding +is in use. +.ie n .IP """mgf1\-digest\-props"" (\fB\s-1OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``mgf1\-digest\-props'' (\fB\s-1OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "mgf1-digest-props (OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS) " +Gets or sets the properties to use when fetching the \s-1MGF1\s0 digest algorithm. +.ie n .IP """oaep-label"" (\fB\s-1OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL\s0\fR) " 4 +.el .IP "``oaep-label'' (\fB\s-1OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL\s0\fR) " 4 +.IX Item "oaep-label (OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL) " +Gets or sets the \s-1OAEP\s0 label used when \s-1OAEP\s0 padding is in use. +.ie n .IP """oaep-label-len"" (\fB\s-1OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL_LEN\s0\fR) " 4 +.el .IP "``oaep-label-len'' (\fB\s-1OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL_LEN\s0\fR) " 4 +.IX Item "oaep-label-len (OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL_LEN) " +Gets the length of an \s-1OAEP\s0 label when \s-1OAEP\s0 padding is in use. +.ie n .IP """tls-client-version"" (\fB\s-1OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION\s0\fR) " 4 +.el .IP "``tls-client-version'' (\fB\s-1OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION\s0\fR) " 4 +.IX Item "tls-client-version (OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION) " +The \s-1TLS\s0 protocol version first requested by the client. See +\&\fB\s-1RSA_PKCS1_WITH_TLS_PADDING\s0\fR on the page \fIEVP_PKEY_CTX_set_rsa_padding\fR\|(3). +.ie n .IP """tls-negotiated-version"" (\fB\s-1OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION\s0\fR) " 4 +.el .IP "``tls-negotiated-version'' (\fB\s-1OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION\s0\fR) " 4 +.IX Item "tls-negotiated-version (OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION) " +The negotiated \s-1TLS\s0 protocol version. See +\&\fB\s-1RSA_PKCS1_WITH_TLS_PADDING\s0\fR on the page \fIEVP_PKEY_CTX_set_rsa_padding\fR\|(3). +.PP +\&\fIOP_asym_cipher_gettable_ctx_params()\fR and \fIOP_asym_cipher_settable_ctx_params()\fR +get a constant \fB\s-1OSSL_PARAM\s0\fR array that describes the gettable and settable +parameters, i.e. parameters that can be used with \fIOP_asym_cipherget_ctx_params()\fR +and \fIOP_asym_cipher_set_ctx_params()\fR respectively. +See \s-1\fIOSSL_PARAM\s0\fR\|(3) for the use of \fB\s-1OSSL_PARAM\s0\fR as parameter descriptor. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOP_asym_cipher_newctx()\fR and \fIOP_asym_cipher_dupctx()\fR should return the newly +created provider side asymmetric cipher context, or \s-1NULL\s0 on failure. +.PP +All other functions should return 1 for success or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIprovider\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The provider \s-1ASYM_CIPHER\s0 interface was introduced in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man7/provider-base.7 b/linux_amd64/ssl/share/man/man7/provider-base.7 new file mode 100755 index 0000000..e5ca978 --- /dev/null +++ b/linux_amd64/ssl/share/man/man7/provider-base.7 @@ -0,0 +1,611 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PROVIDER-BASE 7" +.TH PROVIDER-BASE 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +provider\-base +\&\- The basic OpenSSL library <\-> provider functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& /* +\& * None of these are actual functions, but are displayed like this for +\& * the function signatures for functions that are offered as function +\& * pointers in OSSL_DISPATCH arrays. +\& */ +\& +\& /* Functions offered by libcrypto to the providers */ +\& const OSSL_ITEM *core_gettable_params(const OSSL_PROVIDER *prov); +\& int core_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[]); +\& int core_thread_start(const OSSL_PROVIDER *prov, +\& OSSL_thread_stop_handler_fn handfn); +\& OPENSSL_CTX *core_get_library_context(const OSSL_PROVIDER *prov); +\& void core_new_error(const OSSL_PROVIDER *prov); +\& void core_set_error_debug(const OSSL_PROVIDER *prov, +\& const char *file, int line, const char *func); +\& void core_vset_error(const OSSL_PROVIDER *prov, +\& uint32_t reason, const char *fmt, va_list args); +\& +\& /* +\& * Some OpenSSL functionality is directly offered to providers via +\& * dispatch +\& */ +\& void *CRYPTO_malloc(size_t num, const char *file, int line); +\& void *CRYPTO_zalloc(size_t num, const char *file, int line); +\& void *CRYPTO_memdup(const void *str, size_t siz, +\& const char *file, int line); +\& char *CRYPTO_strdup(const char *str, const char *file, int line); +\& char *CRYPTO_strndup(const char *str, size_t s, +\& const char *file, int line); +\& void CRYPTO_free(void *ptr, const char *file, int line); +\& void CRYPTO_clear_free(void *ptr, size_t num, +\& const char *file, int line); +\& void *CRYPTO_realloc(void *addr, size_t num, +\& const char *file, int line); +\& void *CRYPTO_clear_realloc(void *addr, size_t old_num, size_t num, +\& const char *file, int line); +\& void *CRYPTO_secure_malloc(size_t num, const char *file, int line); +\& void *CRYPTO_secure_zalloc(size_t num, const char *file, int line); +\& void CRYPTO_secure_free(void *ptr, const char *file, int line); +\& void CRYPTO_secure_clear_free(void *ptr, size_t num, +\& const char *file, int line); +\& int CRYPTO_secure_allocated(const void *ptr); +\& void OPENSSL_cleanse(void *ptr, size_t len); +\& unsigned char *OPENSSL_hexstr2buf(const char *str, long *len); +\& +\& /* Functions offered by the provider to libcrypto */ +\& void provider_teardown(void *provctx); +\& const OSSL_ITEM *provider_gettable_params(void *provctx); +\& int provider_get_params(void *provctx, OSSL_PARAM params[]); +\& const OSSL_ALGORITHM *provider_query_operation(void *provctx, +\& int operation_id, +\& const int *no_store); +\& const OSSL_ITEM *provider_get_reason_strings(void *provctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +All \*(L"functions\*(R" mentioned here are passed as function pointers between +\&\fIlibcrypto\fR and the provider in \fB\s-1OSSL_DISPATCH\s0\fR arrays, in the call +of the provider initialization function. See \*(L"Provider\*(R" in \fIprovider\fR\|(7) +for a description of the initialization function. +.PP +All these \*(L"functions\*(R" have a corresponding function type definition +named \fBOSSL_{name}_fn\fR, and a helper function to retrieve the +function pointer from a \fB\s-1OSSL_DISPATCH\s0\fR element named +\&\fBOSSL_get_{name}\fR. +For example, the \*(L"function\*(R" \fIcore_gettable_params()\fR has these: +.PP +.Vb 4 +\& typedef OSSL_ITEM * +\& (OSSL_core_gettable_params_fn)(const OSSL_PROVIDER *prov); +\& static ossl_inline OSSL_NAME_core_gettable_params_fn +\& OSSL_get_core_gettable_params(const OSSL_DISPATCH *opf); +.Ve +.PP +\&\fB\s-1OSSL_DISPATCH\s0\fR arrays are indexed by numbers that are provided as +macros in \fIopenssl\-core_numbers.h\fR\|(7), as follows: +.PP +For \fIin\fR (the \fB\s-1OSSL_DISPATCH\s0\fR array passed from \fIlibcrypto\fR to the +provider): +.PP +.Vb 10 +\& core_gettable_params OSSL_FUNC_CORE_GETTABLE_PARAMS +\& core_get_params OSSL_FUNC_CORE_GET_PARAMS +\& core_thread_start OSSL_FUNC_CORE_THREAD_START +\& core_get_library_context OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT +\& core_new_error OSSL_FUNC_CORE_NEW_ERROR +\& core_set_error_debug OSSL_FUNC_CORE_SET_ERROR_DEBUG +\& core_set_error OSSL_FUNC_CORE_SET_ERROR +\& CRYPTO_malloc OSSL_FUNC_CRYPTO_MALLOC +\& CRYPTO_zalloc OSSL_FUNC_CRYPTO_ZALLOC +\& CRYPTO_memdup OSSL_FUNC_CRYPTO_MEMDUP +\& CRYPTO_strdup OSSL_FUNC_CRYPTO_STRDUP +\& CRYPTO_strndup OSSL_FUNC_CRYPTO_STRNDUP +\& CRYPTO_free OSSL_FUNC_CRYPTO_FREE +\& CRYPTO_clear_free OSSL_FUNC_CRYPTO_CLEAR_FREE +\& CRYPTO_realloc OSSL_FUNC_CRYPTO_REALLOC +\& CRYPTO_clear_realloc OSSL_FUNC_CRYPTO_CLEAR_REALLOC +\& CRYPTO_secure_malloc OSSL_FUNC_CRYPTO_SECURE_MALLOC +\& CRYPTO_secure_zalloc OSSL_FUNC_CRYPTO_SECURE_ZALLOC +\& CRYPTO_secure_free OSSL_FUNC_CRYPTO_SECURE_FREE +\& CRYPTO_secure_clear_free OSSL_FUNC_CRYPTO_SECURE_CLEAR_FREE +\& CRYPTO_secure_allocated OSSL_FUNC_CRYPTO_SECURE_ALLOCATED +\& BIO_new_file OSSL_FUNC_BIO_NEW_FILE +\& BIO_new_mem_buf OSSL_FUNC_BIO_NEW_MEMBUF +\& BIO_read_ex OSSL_FUNC_BIO_READ_EX +\& BIO_free OSSL_FUNC_BIO_FREE +\& BIO_vprintf OSSL_FUNC_BIO_VPRINTF +\& OPENSSL_cleanse OSSL_FUNC_OPENSSL_CLEANSE +\& OPENSSL_hexstr2buf OSSL_FUNC_OPENSSL_HEXSTR2BUF +\& OSSL_SELF_TEST_set_callback OSSL_FUNC_SELF_TEST_CB +.Ve +.PP +For \fI*out\fR (the \fB\s-1OSSL_DISPATCH\s0\fR array passed from the provider to +\&\fIlibcrypto\fR): +.PP +.Vb 5 +\& provider_teardown OSSL_FUNC_PROVIDER_TEARDOWN +\& provider_gettable_params OSSL_FUNC_PROVIDER_GETTABLE_PARAMS +\& provider_get_params OSSL_FUNC_PROVIDER_GET_PARAMS +\& provider_query_operation OSSL_FUNC_PROVIDER_QUERY_OPERATION +\& provider_get_reason_strings OSSL_FUNC_PROVIDER_GET_REASON_STRINGS +.Ve +.SS "Core functions" +.IX Subsection "Core functions" +\&\fIcore_gettable_params()\fR returns a constant array of descriptor +\&\fB\s-1OSSL_PARAM\s0\fR, for parameters that \fIcore_get_params()\fR can handle. +.PP +\&\fIcore_get_params()\fR retrieves \fIprov\fR parameters from the core. +See \*(L"Core parameters\*(R" below for a description of currently known +parameters. +.PP +\&\fIcore_get_library_context()\fR retrieves the library context in which the +\&\fB\s-1OSSL_PROVIDER\s0\fR object \fIprov\fR is stored. +This may sometimes be useful if the provider wishes to store a +reference to its context in the same library context. +.PP +\&\fIcore_new_error()\fR, \fIcore_set_error_debug()\fR and \fIcore_set_error()\fR are +building blocks for reporting an error back to the core, with +reference to the provider object \fIprov\fR. +.IP "\fIcore_new_error()\fR" 4 +.IX Item "core_new_error()" +allocates a new thread specific error record. +.Sp +This corresponds to the OpenSSL function \fIERR_new\fR\|(3). +.IP "\fIcore_set_error_debug()\fR" 4 +.IX Item "core_set_error_debug()" +sets debugging information in the current thread specific error +record. +The debugging information includes the name of the file \fIfile\fR, the +line \fIline\fR and the function name \fIfunc\fR where the error occurred. +.Sp +This corresponds to the OpenSSL function \fIERR_set_debug\fR\|(3). +.IP "\fIcore_set_error()\fR" 4 +.IX Item "core_set_error()" +sets the \fIreason\fR for the error, along with any addition data. +The \fIreason\fR is a number defined by the provider and used to index +the reason strings table that's returned by +\&\fIprovider_get_reason_strings()\fR. +The additional data is given as a format string \fIfmt\fR and a set of +arguments \fIargs\fR, which are treated in the same manner as with +\&\fIBIO_vsnprintf()\fR. +\&\fIfile\fR and \fIline\fR may also be passed to indicate exactly where the +error occurred or was reported. +.Sp +This corresponds to the OpenSSL function \fIERR_vset_error\fR\|(3). +.PP +\&\fICRYPTO_malloc()\fR, \fICRYPTO_zalloc()\fR, \fICRYPTO_memdup()\fR, \fICRYPTO_strdup()\fR, +\&\fICRYPTO_strndup()\fR, \fICRYPTO_free()\fR, \fICRYPTO_clear_free()\fR, +\&\fICRYPTO_realloc()\fR, \fICRYPTO_clear_realloc()\fR, \fICRYPTO_secure_malloc()\fR, +\&\fICRYPTO_secure_zalloc()\fR, \fICRYPTO_secure_free()\fR, +\&\fICRYPTO_secure_clear_free()\fR, \fICRYPTO_secure_allocated()\fR, +\&\fIBIO_new_file()\fR, \fIBIO_new_mem_buf()\fR, \fIBIO_read_ex()\fR, \fIBIO_free()\fR, +\&\fIBIO_vprintf()\fR, \fIOPENSSL_cleanse()\fR, and \fIOPENSSL_hexstr2buf()\fR +correspond exactly to the public functions with the same name. +As a matter of fact, the pointers in the \fB\s-1OSSL_DISPATCH\s0\fR array are +direct pointers to those public functions. +\&\fIOSSL_SELF_TEST_set_callback()\fR is used to set an optional callback that can be +passed into a provider. This may be ignored by a provider. +.SS "Provider functions" +.IX Subsection "Provider functions" +\&\fIprovider_teardown()\fR is called when a provider is shut down and removed +from the core's provider store. +It must free the passed \fIprovctx\fR. +.PP +\&\fIprovider_gettable_params()\fR should return a constant array of +descriptor \fB\s-1OSSL_PARAM\s0\fR, for parameters that \fIprovider_get_params()\fR +can handle. +.PP +\&\fIprovider_get_params()\fR should process the \fB\s-1OSSL_PARAM\s0\fR array +\&\fIparams\fR, setting the values of the parameters it understands. +.PP +\&\fIprovider_query_operation()\fR should return a constant \fB\s-1OSSL_ALGORITHM\s0\fR +that corresponds to the given \fIoperation_id\fR. +It should indicate if the core may store a reference to this array by +setting \fI*no_store\fR to 0 (core may store a reference) or 1 (core may +not store a reference). +.PP +\&\fIprovider_get_reason_strings()\fR should return a constant \fB\s-1OSSL_ITEM\s0\fR +array that provides reason strings for reason codes the provider may +use when reporting errors using \fIcore_put_error()\fR. +.PP +None of these functions are mandatory, but a provider is fairly +useless without at least \fIprovider_query_operation()\fR, and +\&\fIprovider_gettable_params()\fR is fairly useless if not accompanied by +\&\fIprovider_get_params()\fR. +.SS "Core parameters" +.IX Subsection "Core parameters" +\&\fIcore_get_params()\fR understands the following known parameters: +.ie n .IP """openssl-version""" 4 +.el .IP "``openssl-version''" 4 +.IX Item "openssl-version" +This is a \fB\s-1OSSL_PARAM_UTF8_PTR\s0\fR type of parameter, pointing at the +OpenSSL libraries' full version string, i.e. the string expanded from +the macro \fB\s-1OPENSSL_VERSION_STR\s0\fR. +.ie n .IP """provider-name""" 4 +.el .IP "``provider-name''" 4 +.IX Item "provider-name" +This is a \fB\s-1OSSL_PARAM_UTF8_PTR\s0\fR type of parameter, pointing at the +OpenSSL libraries' idea of what the calling provider is called. +.PP +Additionally, provider specific configuration parameters from the +config file are available, in dotted name form. +The dotted name form is a concatenation of section names and final +config command name separated by periods. +.PP +For example, let's say we have the following config example: +.PP +.Vb 1 +\& openssl_conf = openssl_init +\& +\& [openssl_init] +\& providers = providers_sect +\& +\& [providers_sect] +\& foo = foo_sect +\& +\& [foo_sect] +\& activate = 1 +\& data1 = 2 +\& data2 = str +\& more = foo_more +\& +\& [foo_more] +\& data3 = foo,bar +.Ve +.PP +The provider will have these additional parameters available: +.ie n .IP """activate""" 4 +.el .IP "``activate''" 4 +.IX Item "activate" +pointing at the string \*(L"1\*(R" +.ie n .IP """data1""" 4 +.el .IP "``data1''" 4 +.IX Item "data1" +pointing at the string \*(L"2\*(R" +.ie n .IP """data2""" 4 +.el .IP "``data2''" 4 +.IX Item "data2" +pointing at the string \*(L"str\*(R" +.ie n .IP """more.data3""" 4 +.el .IP "``more.data3''" 4 +.IX Item "more.data3" +pointing at the string \*(L"foo,bar\*(R" +.PP +For more information on handling parameters, see \s-1\fIOSSL_PARAM\s0\fR\|(3) as +\&\fIOSSL_PARAM_int\fR\|(3). +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This is an example of a simple provider made available as a +dynamically loadable module. +It implements the fictitious algorithm \f(CW\*(C`FOO\*(C'\fR for the fictitious +operation \f(CW\*(C`BAR\*(C'\fR. +.PP +.Vb 3 +\& #include +\& #include +\& #include +\& +\& /* Errors used in this provider */ +\& #define E_MALLOC 1 +\& +\& static const OSSL_ITEM reasons[] = { +\& { E_MALLOC, "memory allocation failure" }. +\& { 0, NULL } /* Termination */ +\& }; +\& +\& /* +\& * To ensure we get the function signature right, forward declare +\& * them using function types provided by openssl/core_numbers.h +\& */ +\& OSSL_OP_bar_newctx_fn foo_newctx; +\& OSSL_OP_bar_freectx_fn foo_freectx; +\& OSSL_OP_bar_init_fn foo_init; +\& OSSL_OP_bar_update_fn foo_update; +\& OSSL_OP_bar_final_fn foo_final; +\& +\& OSSL_provider_query_operation_fn p_query; +\& OSSL_provider_get_reason_strings_fn p_reasons; +\& OSSL_provider_teardown_fn p_teardown; +\& +\& OSSL_provider_init_fn OSSL_provider_init; +\& +\& OSSL_core_put_error *c_put_error = NULL; +\& +\& /* Provider context */ +\& struct prov_ctx_st { +\& OSSL_PROVIDER *prov; +\& } +\& +\& /* operation context for the algorithm FOO */ +\& struct foo_ctx_st { +\& struct prov_ctx_st *provctx; +\& int b; +\& }; +\& +\& static void *foo_newctx(void *provctx) +\& { +\& struct foo_ctx_st *fooctx = malloc(sizeof(*fooctx)); +\& +\& if (fooctx != NULL) +\& fooctx\->provctx = provctx; +\& else +\& c_put_error(provctx\->prov, E_MALLOC, _\|_FILE_\|_, _\|_LINE_\|_); +\& return fooctx; +\& } +\& +\& static void foo_freectx(void *fooctx) +\& { +\& free(fooctx); +\& } +\& +\& static int foo_init(void *vfooctx) +\& { +\& struct foo_ctx_st *fooctx = vfooctx; +\& +\& fooctx\->b = 0x33; +\& } +\& +\& static int foo_update(void *vfooctx, unsigned char *in, size_t inl) +\& { +\& struct foo_ctx_st *fooctx = vfooctx; +\& +\& /* did you expect something serious? */ +\& if (inl == 0) +\& return 1; +\& for (; inl\-\- > 0; in++) +\& *in ^= fooctx\->b; +\& return 1; +\& } +\& +\& static int foo_final(void *vfooctx) +\& { +\& struct foo_ctx_st *fooctx = vfooctx; +\& +\& fooctx\->b = 0x66; +\& } +\& +\& static const OSSL_DISPATCH foo_fns[] = { +\& { OSSL_FUNC_BAR_NEWCTX, (void (*)(void))foo_newctx }, +\& { OSSL_FUNC_BAR_FREECTX, (void (*)(void))foo_freectx }, +\& { OSSL_FUNC_BAR_INIT, (void (*)(void))foo_init }, +\& { OSSL_FUNC_BAR_UPDATE, (void (*)(void))foo_update }, +\& { OSSL_FUNC_BAR_FINAL, (void (*)(void))foo_final }, +\& { 0, NULL } +\& }; +\& +\& static const OSSL_ALGORITHM bars[] = { +\& { "FOO", "provider=chumbawamba", foo_fns }, +\& { NULL, NULL, NULL } +\& }; +\& +\& static const OSSL_ALGORITHM *p_query(void *provctx, int operation_id, +\& int *no_store) +\& { +\& switch (operation_id) { +\& case OSSL_OP_BAR: +\& return bars; +\& } +\& return NULL; +\& } +\& +\& static const OSSL_ITEM *p_reasons(void *provctx) +\& { +\& return reasons; +\& } +\& +\& static void p_teardown(void *provctx) +\& { +\& free(provctx); +\& } +\& +\& static const OSSL_DISPATCH prov_fns[] = { +\& { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))p_teardown }, +\& { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))p_query }, +\& { OSSL_FUNC_PROVIDER_GET_REASON_STRINGS, (void (*)(void))p_reasons }, +\& { 0, NULL } +\& }; +\& +\& int OSSL_provider_init(const OSSL_PROVIDER *provider, +\& const OSSL_DISPATCH *in, +\& const OSSL_DISPATCH **out, +\& void **provctx) +\& { +\& struct prov_ctx_st *pctx = NULL; +\& +\& for (; in\->function_id != 0; in++) +\& switch (in\->function_id) { +\& case OSSL_FUNC_CORE_PUT_ERROR: +\& c_put_error = OSSL_get_core_put_error(in); +\& break; +\& } +\& +\& *out = prov_fns; +\& +\& if ((pctx = malloc(sizeof(*pctx))) == NULL) { +\& /* +\& * ALEA IACTA EST, if the core retrieves the reason table +\& * regardless, that string will be displayed, otherwise not. +\& */ +\& c_put_error(provider, E_MALLOC, _\|_FILE_\|_, _\|_LINE_\|_); +\& return 0; +\& } +\& return 1; +\& } +.Ve +.PP +This relies on a few things existing in \fIopenssl/core_numbers.h\fR: +.PP +.Vb 1 +\& #define OSSL_OP_BAR 4711 +\& +\& #define OSSL_FUNC_BAR_NEWCTX 1 +\& typedef void *(OSSL_OP_bar_newctx_fn)(void *provctx); +\& static ossl_inline OSSL_get_bar_newctx(const OSSL_DISPATCH *opf) +\& { return (OSSL_OP_bar_newctx_fn *)opf\->function; } +\& +\& #define OSSL_FUNC_BAR_FREECTX 2 +\& typedef void (OSSL_OP_bar_freectx_fn)(void *ctx); +\& static ossl_inline OSSL_get_bar_newctx(const OSSL_DISPATCH *opf) +\& { return (OSSL_OP_bar_freectx_fn *)opf\->function; } +\& +\& #define OSSL_FUNC_BAR_INIT 3 +\& typedef void *(OSSL_OP_bar_init_fn)(void *ctx); +\& static ossl_inline OSSL_get_bar_init(const OSSL_DISPATCH *opf) +\& { return (OSSL_OP_bar_init_fn *)opf\->function; } +\& +\& #define OSSL_FUNC_BAR_UPDATE 4 +\& typedef void *(OSSL_OP_bar_update_fn)(void *ctx, +\& unsigned char *in, size_t inl); +\& static ossl_inline OSSL_get_bar_update(const OSSL_DISPATCH *opf) +\& { return (OSSL_OP_bar_update_fn *)opf\->function; } +\& +\& #define OSSL_FUNC_BAR_FINAL 5 +\& typedef void *(OSSL_OP_bar_final_fn)(void *ctx); +\& static ossl_inline OSSL_get_bar_final(const OSSL_DISPATCH *opf) +\& { return (OSSL_OP_bar_final_fn *)opf\->function; } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIprovider\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The concept of providers and everything surrounding them was +introduced in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man7/provider-cipher.7 b/linux_amd64/ssl/share/man/man7/provider-cipher.7 new file mode 100755 index 0000000..0ffef8a --- /dev/null +++ b/linux_amd64/ssl/share/man/man7/provider-cipher.7 @@ -0,0 +1,557 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PROVIDER-CIPHER 7" +.TH PROVIDER-CIPHER 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +provider\-cipher \- The cipher library <\-> provider functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& #include +\& #include +\& +\& /* +\& * None of these are actual functions, but are displayed like this for +\& * the function signatures for functions that are offered as function +\& * pointers in OSSL_DISPATCH arrays. +\& */ +\& +\& /* Context management */ +\& void *OP_cipher_newctx(void *provctx); +\& void OP_cipher_freectx(void *cctx); +\& void *OP_cipher_dupctx(void *cctx); +\& +\& /* Encryption/decryption */ +\& int OP_cipher_encrypt_init(void *cctx, const unsigned char *key, +\& size_t keylen, const unsigned char *iv, +\& size_t ivlen); +\& int OP_cipher_decrypt_init(void *cctx, const unsigned char *key, +\& size_t keylen, const unsigned char *iv, +\& size_t ivlen); +\& int OP_cipher_update(void *cctx, unsigned char *out, size_t *outl, +\& size_t outsize, const unsigned char *in, size_t inl); +\& int OP_cipher_final(void *cctx, unsigned char *out, size_t *outl, +\& size_t outsize); +\& int OP_cipher_cipher(void *cctx, unsigned char *out, size_t *outl, +\& size_t outsize, const unsigned char *in, size_t inl); +\& +\& /* Cipher parameter descriptors */ +\& const OSSL_PARAM *OP_cipher_gettable_params(void); +\& +\& /* Cipher operation parameter descriptors */ +\& const OSSL_PARAM *OP_cipher_gettable_ctx_params(void); +\& const OSSL_PARAM *OP_cipher_settable_ctx_params(void); +\& +\& /* Cipher parameters */ +\& int OP_cipher_get_params(OSSL_PARAM params[]); +\& +\& /* Cipher operation parameters */ +\& int OP_cipher_get_ctx_params(void *cctx, OSSL_PARAM params[]); +\& int OP_cipher_set_ctx_params(void *cctx, const OSSL_PARAM params[]); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This documentation is primarily aimed at provider authors. See \fIprovider\fR\|(7) +for further information. +.PP +The \s-1CIPHER\s0 operation enables providers to implement cipher algorithms and make +them available to applications via the \s-1API\s0 functions \fIEVP_EncryptInit_ex\fR\|(3), +\&\fIEVP_EncryptUpdate\fR\|(3) and \fIEVP_EncryptFinal\fR\|(3) (as well as the decrypt +equivalents and other related functions). +.PP +All \*(L"functions\*(R" mentioned here are passed as function pointers between +\&\fIlibcrypto\fR and the provider in \fB\s-1OSSL_DISPATCH\s0\fR arrays via +\&\fB\s-1OSSL_ALGORITHM\s0\fR arrays that are returned by the provider's +\&\fIprovider_query_operation()\fR function +(see \*(L"Provider Functions\*(R" in \fIprovider\-base\fR\|(7)). +.PP +All these \*(L"functions\*(R" have a corresponding function type definition +named \fBOSSL_{name}_fn\fR, and a helper function to retrieve the +function pointer from an \fB\s-1OSSL_DISPATCH\s0\fR element named +\&\fBOSSL_get_{name}\fR. +For example, the \*(L"function\*(R" \fIOP_cipher_newctx()\fR has these: +.PP +.Vb 3 +\& typedef void *(OSSL_OP_cipher_newctx_fn)(void *provctx); +\& static ossl_inline OSSL_OP_cipher_newctx_fn +\& OSSL_get_OP_cipher_newctx(const OSSL_DISPATCH *opf); +.Ve +.PP +\&\fB\s-1OSSL_DISPATCH\s0\fR arrays are indexed by numbers that are provided as +macros in \fIopenssl\-core_numbers.h\fR\|(7), as follows: +.PP +.Vb 3 +\& OP_cipher_newctx OSSL_FUNC_CIPHER_NEWCTX +\& OP_cipher_freectx OSSL_FUNC_CIPHER_FREECTX +\& OP_cipher_dupctx OSSL_FUNC_CIPHER_DUPCTX +\& +\& OP_cipher_encrypt_init OSSL_FUNC_CIPHER_ENCRYPT_INIT +\& OP_cipher_decrypt_init OSSL_FUNC_CIPHER_DECRYPT_INIT +\& OP_cipher_update OSSL_FUNC_CIPHER_UPDATE +\& OP_cipher_final OSSL_FUNC_CIPHER_FINAL +\& OP_cipher_cipher OSSL_FUNC_CIPHER_CIPHER +\& +\& OP_cipher_get_params OSSL_FUNC_CIPHER_GET_PARAMS +\& OP_cipher_get_ctx_params OSSL_FUNC_CIPHER_GET_CTX_PARAMS +\& OP_cipher_set_ctx_params OSSL_FUNC_CIPHER_SET_CTX_PARAMS +\& +\& OP_cipher_gettable_params OSSL_FUNC_CIPHER_GETTABLE_PARAMS +\& OP_cipher_gettable_ctx_params OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS +\& OP_cipher_settable_ctx_params OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS +.Ve +.PP +A cipher algorithm implementation may not implement all of these functions. +In order to be a consistent set of functions there must at least be a complete +set of \*(L"encrypt\*(R" functions, or a complete set of \*(L"decrypt\*(R" functions, or a +single \*(L"cipher\*(R" function. +In all cases both the OP_cipher_newctx and OP_cipher_freectx functions must be +present. +All other functions are optional. +.SS "Context Management Functions" +.IX Subsection "Context Management Functions" +\&\fIOP_cipher_newctx()\fR should create and return a pointer to a provider side +structure for holding context information during a cipher operation. +A pointer to this context will be passed back in a number of the other cipher +operation function calls. +The parameter \fIprovctx\fR is the provider context generated during provider +initialisation (see \fIprovider\fR\|(7)). +.PP +\&\fIOP_cipher_freectx()\fR is passed a pointer to the provider side cipher context in +the \fIcctx\fR parameter. +This function should free any resources associated with that context. +.PP +\&\fIOP_cipher_dupctx()\fR should duplicate the provider side cipher context in the +\&\fIcctx\fR parameter and return the duplicate copy. +.SS "Encryption/Decryption Functions" +.IX Subsection "Encryption/Decryption Functions" +\&\fIOP_cipher_encrypt_init()\fR initialises a cipher operation for encryption given a +newly created provider side cipher context in the \fIcctx\fR parameter. +The key to be used is given in \fIkey\fR which is \fIkeylen\fR bytes long. +The \s-1IV\s0 to be used is given in \fIiv\fR which is \fIivlen\fR bytes long. +.PP +\&\fIOP_cipher_decrypt_init()\fR is the same as \fIOP_cipher_encrypt_init()\fR except that it +initialises the context for a decryption operation. +.PP +\&\fIOP_cipher_update()\fR is called to supply data to be encrypted/decrypted as part of +a previously initialised cipher operation. +The \fIcctx\fR parameter contains a pointer to a previously initialised provider +side context. +\&\fIOP_cipher_update()\fR should encrypt/decrypt \fIinl\fR bytes of data at the location +pointed to by \fIin\fR. +The encrypted data should be stored in \fIout\fR and the amount of data written to +\&\fI*outl\fR which should not exceed \fIoutsize\fR bytes. +\&\fIOP_cipher_update()\fR may be called multiple times for a single cipher operation. +It is the responsibility of the cipher implementation to handle input lengths +that are not multiples of the block length. +In such cases a cipher implementation will typically cache partial blocks of +input data until a complete block is obtained. +\&\fIout\fR may be the same location as \fIin\fR but it should not partially overlap. +The same expectations apply to \fIoutsize\fR as documented for +\&\fIEVP_EncryptUpdate\fR\|(3) and \fIEVP_DecryptUpdate\fR\|(3). +.PP +\&\fIOP_cipher_final()\fR completes an encryption or decryption started through previous +\&\fIOP_cipher_encrypt_init()\fR or \fIOP_cipher_decrypt_init()\fR, and \fIOP_cipher_update()\fR +calls. +The \fIcctx\fR parameter contains a pointer to the provider side context. +Any final encryption/decryption output should be written to \fIout\fR and the +amount of data written to \fI*outl\fR which should not exceed \fIoutsize\fR bytes. +The same expectations apply to \fIoutsize\fR as documented for +\&\fIEVP_EncryptFinal\fR\|(3) and \fIEVP_DecryptFinal\fR\|(3). +.PP +\&\fIOP_cipher_cipher()\fR performs encryption/decryption using the provider side cipher +context in the \fIcctx\fR parameter that should have been previously initialised via +a call to \fIOP_cipher_encrypt_init()\fR or \fIOP_cipher_decrypt_init()\fR. +This should call the raw underlying cipher function without any padding. +This will be invoked in the provider as a result of the application calling +\&\fIEVP_Cipher\fR\|(3). +The application is responsible for ensuring that the input is a multiple of the +block length. +The data to be encrypted/decrypted will be in \fIin\fR, and it will be \fIinl\fR bytes +in length. +The output from the encryption/decryption should be stored in \fIout\fR and the +amount of data stored should be put in \fI*outl\fR which should be no more than +\&\fIoutsize\fR bytes. +.SS "Cipher Parameters" +.IX Subsection "Cipher Parameters" +See \s-1\fIOSSL_PARAM\s0\fR\|(3) for further details on the parameters structure used by +these functions. +.PP +\&\fIOP_cipher_get_params()\fR gets details of the algorithm implementation +and stores them in \fIparams\fR. +.PP +\&\fIOP_cipher_set_ctx_params()\fR sets cipher operation parameters for the +provider side cipher context \fIcctx\fR to \fIparams\fR. +Any parameter settings are additional to any that were previously set. +.PP +\&\fIOP_cipher_get_ctx_params()\fR gets cipher operation details details from +the given provider side cipher context \fIcctx\fR and stores them in \fIparams\fR. +.PP +\&\fIOP_cipher_gettable_params()\fR, \fIOP_cipher_gettable_ctx_params()\fR, and +\&\fIOP_cipher_settable_ctx_params()\fR all return constant \fB\s-1OSSL_PARAM\s0\fR arrays +as descriptors of the parameters that \fIOP_cipher_get_params()\fR, +\&\fIOP_cipher_get_ctx_params()\fR, and \fIOP_cipher_set_ctx_params()\fR can handle, +respectively. +.PP +Parameters currently recognised by built-in ciphers are as follows. Not all +parameters are relevant to, or are understood by all ciphers: +.ie n .IP """padding"" (\fB\s-1OSSL_CIPHER_PARAM_PADDING\s0\fR) " 4 +.el .IP "``padding'' (\fB\s-1OSSL_CIPHER_PARAM_PADDING\s0\fR) " 4 +.IX Item "padding (OSSL_CIPHER_PARAM_PADDING) " +Sets the padding mode for the associated cipher ctx. +Setting a value of 1 will turn padding on. +Setting a value of 0 will turn padding off. +.ie n .IP """mode"" (\fB\s-1OSSL_CIPHER_PARAM_MODE\s0\fR) " 4 +.el .IP "``mode'' (\fB\s-1OSSL_CIPHER_PARAM_MODE\s0\fR) " 4 +.IX Item "mode (OSSL_CIPHER_PARAM_MODE) " +Gets the mode for the associated cipher algorithm. +See \fIEVP_CIPHER_mode\fR\|(3) for a list of valid modes. +.ie n .IP """blocksize"" (\fB\s-1OSSL_CIPHER_PARAM_BLOCK_SIZE\s0\fR) " 4 +.el .IP "``blocksize'' (\fB\s-1OSSL_CIPHER_PARAM_BLOCK_SIZE\s0\fR) " 4 +.IX Item "blocksize (OSSL_CIPHER_PARAM_BLOCK_SIZE) " +Gets the block size for the associated cipher algorithm. +The block size should be 1 for stream ciphers. +Note that the block size for a cipher may be different to the block size for +the underlying encryption/decryption primitive. +For example \s-1AES\s0 in \s-1CTR\s0 mode has a block size of 1 (because it operates like a +stream cipher), even though \s-1AES\s0 has a block size of 16. +The length of the \*(L"blocksize\*(R" parameter should not exceed that of a \fBsize_t\fR. +.ie n .IP """flags"" (\fB\s-1OSSL_CIPHER_PARAM_FLAGS\s0\fR) " 4 +.el .IP "``flags'' (\fB\s-1OSSL_CIPHER_PARAM_FLAGS\s0\fR) " 4 +.IX Item "flags (OSSL_CIPHER_PARAM_FLAGS) " +Gets any flags for the associated cipher algorithm. +See \fIEVP_CIPHER_meth_set_flags\fR\|(3) for a list of currently defined cipher +flags. +The length of the \*(L"flags\*(R" parameter should equal that of an +\&\fBunsigned long int\fR. +.ie n .IP """keylen"" (\fB\s-1OSSL_CIPHER_PARAM_KEYLEN\s0\fR) " 4 +.el .IP "``keylen'' (\fB\s-1OSSL_CIPHER_PARAM_KEYLEN\s0\fR) " 4 +.IX Item "keylen (OSSL_CIPHER_PARAM_KEYLEN) " +Gets the key length for the associated cipher algorithm. +This can also be used to get or set the key length for the associated cipher +ctx. +The length of the \*(L"keylen\*(R" parameter should not exceed that of a \fBsize_t\fR. +.ie n .IP """ivlen"" (\fB\s-1OSSL_CIPHER_PARAM_IVLEN\s0\fR) " 4 +.el .IP "``ivlen'' (\fB\s-1OSSL_CIPHER_PARAM_IVLEN\s0\fR) " 4 +.IX Item "ivlen (OSSL_CIPHER_PARAM_IVLEN) " +Gets the \s-1IV\s0 length for the associated cipher algorithm. +The length of the \*(L"ivlen\*(R" parameter should not exceed that of a \fBsize_t\fR. +.ie n .IP """iv"" (\fB\s-1OSSL_CIPHER_PARAM_IV\s0\fR) " 4 +.el .IP "``iv'' (\fB\s-1OSSL_CIPHER_PARAM_IV\s0\fR) " 4 +.IX Item "iv (OSSL_CIPHER_PARAM_IV) " +Gets the \s-1IV\s0 for the associated cipher ctx. +.ie n .IP """num"" (\fB\s-1OSSL_CIPHER_PARAM_NUM\s0\fR) " 4 +.el .IP "``num'' (\fB\s-1OSSL_CIPHER_PARAM_NUM\s0\fR) " 4 +.IX Item "num (OSSL_CIPHER_PARAM_NUM) " +Gets or sets the cipher specific \*(L"num\*(R" parameter for the associated cipher ctx. +Built-in ciphers typically use this to track how much of the current underlying +block has been \*(L"used\*(R" already. +.ie n .IP """tag"" (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TAG\s0\fR) " 4 +.el .IP "``tag'' (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TAG\s0\fR) " 4 +.IX Item "tag (OSSL_CIPHER_PARAM_AEAD_TAG) " +Gets or sets the \s-1AEAD\s0 tag for the associated cipher ctx. +See \*(L"\s-1AEAD\s0 Interface\*(R" in \fIEVP_EncryptInit\fR\|(3). +.ie n .IP """taglen"" (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TAGLEN\s0\fR) " 4 +.el .IP "``taglen'' (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TAGLEN\s0\fR) " 4 +.IX Item "taglen (OSSL_CIPHER_PARAM_AEAD_TAGLEN) " +Gets the tag length to be used for an \s-1AEAD\s0 cipher for the associated cipher ctx. +It returns a default value if it has not been set. +The length of the \*(L"taglen\*(R" parameter should not exceed that of a \fBsize_t\fR. +.ie n .IP """tlsaad"" (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TLS1_AAD\s0\fR) " 4 +.el .IP "``tlsaad'' (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TLS1_AAD\s0\fR) " 4 +.IX Item "tlsaad (OSSL_CIPHER_PARAM_AEAD_TLS1_AAD) " +Sets TLSv1.2 \s-1AAD\s0 information for the associated cipher ctx. +TLSv1.2 \s-1AAD\s0 information is always 13 bytes in length and is as defined for the +\&\*(L"additional_data\*(R" field described in section 6.2.3.3 of \s-1RFC5246\s0. +.ie n .IP """tlsaadpad"" (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD\s0\fR) " 4 +.el .IP "``tlsaadpad'' (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD\s0\fR) " 4 +.IX Item "tlsaadpad (OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD) " +Gets the length of the tag that will be added to a \s-1TLS\s0 record for the \s-1AEAD\s0 +tag for the associated cipher ctx. +The length of the \*(L"tlsaadpad\*(R" parameter should not exceed that of a \fBsize_t\fR. +.ie n .IP """tlsivfixed"" (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED\s0\fR) " 4 +.el .IP "``tlsivfixed'' (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED\s0\fR) " 4 +.IX Item "tlsivfixed (OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED) " +Sets the fixed portion of an \s-1IV\s0 for an \s-1AEAD\s0 cipher used in a \s-1TLS\s0 record +encryption/ decryption for the associated cipher ctx. +\&\s-1TLS\s0 record encryption/decryption always occurs \*(L"in place\*(R" so that the input and +output buffers are always the same memory location. +\&\s-1AEAD\s0 IVs in TLSv1.2 consist of an implicit \*(L"fixed\*(R" part and an explicit part +that varies with every record. +Setting a \s-1TLS\s0 fixed \s-1IV\s0 changes a cipher to encrypt/decrypt \s-1TLS\s0 records. +\&\s-1TLS\s0 records are encrypted/decrypted using a single OP_cipher_cipher call per +record. +For a record decryption the first bytes of the input buffer will be the explicit +part of the \s-1IV\s0 and the final bytes of the input buffer will be the \s-1AEAD\s0 tag. +The length of the explicit part of the \s-1IV\s0 and the tag length will depend on the +cipher in use and will be defined in the \s-1RFC\s0 for the relevant ciphersuite. +In order to allow for \*(L"in place\*(R" decryption the plaintext output should be +written to the same location in the output buffer that the ciphertext payload +was read from, i.e. immediately after the explicit \s-1IV\s0. +.Sp +When encrypting a record the first bytes of the input buffer will be empty to +allow space for the explicit \s-1IV\s0, as will the final bytes where the tag will +be written. +The length of the input buffer will include the length of the explicit \s-1IV\s0, the +payload, and the tag bytes. +The cipher implementation should generate the explicit \s-1IV\s0 and write it to the +beginning of the output buffer, do \*(L"in place\*(R" encryption of the payload and +write that to the output buffer, and finally add the tag onto the end of the +output buffer. +.Sp +Whether encrypting or decrypting the value written to \fI*outl\fR in the +OP_cipher_cipher call should be the length of the payload excluding the explicit +\&\s-1IV\s0 length and the tag length. +.ie n .IP """ivlen"" (\fB\s-1OSSL_CIPHER_PARAM_AEAD_IVLEN\s0\fR) " 4 +.el .IP "``ivlen'' (\fB\s-1OSSL_CIPHER_PARAM_AEAD_IVLEN\s0\fR) " 4 +.IX Item "ivlen (OSSL_CIPHER_PARAM_AEAD_IVLEN) " +Sets the \s-1IV\s0 length to be used for an \s-1AEAD\s0 cipher for the associated cipher ctx. +The length of the \*(L"ivlen\*(R" parameter should not exceed that of a \fBsize_t\fR. +.ie n .IP """mackey"" (\fB\s-1OSSL_CIPHER_PARAM_AEAD_MAC_KEY\s0\fR) " 4 +.el .IP "``mackey'' (\fB\s-1OSSL_CIPHER_PARAM_AEAD_MAC_KEY\s0\fR) " 4 +.IX Item "mackey (OSSL_CIPHER_PARAM_AEAD_MAC_KEY) " +Sets the \s-1MAC\s0 key used by composite \s-1AEAD\s0 ciphers such as \s-1AES\-CBC\-HMAC\-SHA256\s0. +.ie n .IP """randkey"" (\fB\s-1OSSL_CIPHER_PARAM_RANDOM_KEY\s0\fR) " 4 +.el .IP "``randkey'' (\fB\s-1OSSL_CIPHER_PARAM_RANDOM_KEY\s0\fR) " 4 +.IX Item "randkey (OSSL_CIPHER_PARAM_RANDOM_KEY) " +Gets a implementation specific randomly generated key for the associated +cipher ctx. This is currently only supported by 3DES (which sets the key to +odd parity). +.ie n .IP """alg_id_param"" (\fB\s-1OSSL_CIPHER_PARAM_ALG_ID\s0\fR) " 4 +.el .IP "``alg_id_param'' (\fB\s-1OSSL_CIPHER_PARAM_ALG_ID\s0\fR) " 4 +.IX Item "alg_id_param (OSSL_CIPHER_PARAM_ALG_ID) " +Used to pass the \s-1DER\s0 encoded AlgorithmIdentifier parameter to or from +the cipher implementation. Functions like \fIEVP_CIPHER_param_to_asn1\fR\|(3) +and \fIEVP_CIPHER_asn1_to_param\fR\|(3) use this parameter for any implementation +that has the flag \fB\s-1EVP_CIPH_FLAG_CUSTOM_ASN1\s0\fR set. +.ie n .IP """rounds"" (\fB\s-1OSSL_CIPHER_PARAM_ROUNDS\s0\fR) " 4 +.el .IP "``rounds'' (\fB\s-1OSSL_CIPHER_PARAM_ROUNDS\s0\fR) " 4 +.IX Item "rounds (OSSL_CIPHER_PARAM_ROUNDS) " +Sets or gets the number of rounds to be used for a cipher. +This is used by the \s-1RC5\s0 cipher. +.ie n .IP """keybits"" (\fB\s-1OSSL_CIPHER_PARAM_RC2_KEYBITS\s0\fR) " 4 +.el .IP "``keybits'' (\fB\s-1OSSL_CIPHER_PARAM_RC2_KEYBITS\s0\fR) " 4 +.IX Item "keybits (OSSL_CIPHER_PARAM_RC2_KEYBITS) " +Gets or sets the effective keybits used for a \s-1RC2\s0 cipher. +The length of the \*(L"keybits\*(R" parameter should not exceed that of a \fBsize_t\fR. +.ie n .IP """speed"" (\fB\s-1OSSL_CIPHER_PARAM_SPEED\s0\fR) " 4 +.el .IP "``speed'' (\fB\s-1OSSL_CIPHER_PARAM_SPEED\s0\fR) " 4 +.IX Item "speed (OSSL_CIPHER_PARAM_SPEED) " +Sets the speed option for the associated cipher ctx. This is only supported +by \s-1AES\s0 \s-1SIV\s0 ciphers which disallow multiple operations by default. +Setting \*(L"speed\*(R" to 1 allows another encrypt or decrypt operation to be +performed. This is used for performance testing. +.ie n .IP """tlsivgen"" (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN\s0\fR) " 4 +.el .IP "``tlsivgen'' (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN\s0\fR) " 4 +.IX Item "tlsivgen (OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN) " +Gets the invocation field generated for encryption. +Can only be called after \*(L"tlsivfixed\*(R" is set. +This is only used for \s-1GCM\s0 mode. +.ie n .IP """tlsivinv"" (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV\s0\fR) " 4 +.el .IP "``tlsivinv'' (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV\s0\fR) " 4 +.IX Item "tlsivinv (OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV) " +Sets the invocation field used for decryption. +Can only be called after \*(L"tlsivfixed\*(R" is set. +This is only used for \s-1GCM\s0 mode. +.ie n .IP """tls1multi_enc"" (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC\s0\fR) " 4 +.el .IP "``tls1multi_enc'' (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC\s0\fR) " 4 +.IX Item "tls1multi_enc (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC) " +Triggers a multiblock tls1 encrypt operation for a tls1 aware cipher that supports +sending 4 or 8 records in one go. +The cipher performs both the \s-1MAC\s0 and encrypt stages and constructs the record +headers itself. +\&\*(L"tls1multi_enc\*(R" supplies the output buffer for the encrypt operation, +\&\*(L"tls1multi_encin\*(R" & \*(L"tls1multi_interleave\*(R" must also be set in order to supply +values to the encrypt operation. +.ie n .IP """tls1multi_enclen"" (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN\s0\fR) " 4 +.el .IP "``tls1multi_enclen'' (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN\s0\fR) " 4 +.IX Item "tls1multi_enclen (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN) " +Get the total length of the record returned from the \*(L"tls1multi_enc\*(R" operation. +.ie n .IP """tls1multi_interleave"" (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE\s0\fR) " 4 +.el .IP "``tls1multi_interleave'' (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE\s0\fR) " 4 +.IX Item "tls1multi_interleave (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE) " +Sets or gets the number of records being sent in one go for a tls1 multiblock +cipher operation (either 4 or 8 records). +.ie n .IP """tls1multi_encin"" (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN\s0\fR) " 4 +.el .IP "``tls1multi_encin'' (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN\s0\fR) " 4 +.IX Item "tls1multi_encin (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN) " +Supplies the data to encrypt for a tls1 multiblock cipher operation. +.ie n .IP """tls1multi_maxsndfrag"" (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT\s0\fR) " 4 +.el .IP "``tls1multi_maxsndfrag'' (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT\s0\fR) " 4 +.IX Item "tls1multi_maxsndfrag (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT) " +Sets the maximum send fragment size for a tls1 multiblock cipher operation. +It must be set before using \*(L"tls1multi_maxbufsz\*(R". +The length of the \*(L"tls1multi_maxsndfrag\*(R" parameter should not exceed that of a \fBsize_t\fR. +.ie n .IP """tls1multi_maxbufsz"" (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE\s0\fR) " 4 +.el .IP "``tls1multi_maxbufsz'' (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE\s0\fR) " 4 +.IX Item "tls1multi_maxbufsz (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE) " +Gets the maximum record length for a tls1 multiblock cipher operation. +The length of the \*(L"tls1multi_maxbufsz\*(R" parameter should not exceed that of a \fBsize_t\fR. +.ie n .IP """tls1multi_aad"" (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD\s0\fR) " 4 +.el .IP "``tls1multi_aad'' (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD\s0\fR) " 4 +.IX Item "tls1multi_aad (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD) " +Sets the authenticated additional data used by a tls1 multiblock cipher operation. +The supplied data consists of 13 bytes of record data containing: +Bytes 0\-7: The sequence number of the first record +Byte 8: The record type +Byte 9\-10: The protocol version +Byte 11\-12: Input length (Always 0) +.Sp +\&\*(L"tls1multi_interleave\*(R" must also be set for this operation. +.ie n .IP """tls1multi_aadpacklen"" (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN\s0\fR) " 4 +.el .IP "``tls1multi_aadpacklen'' (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN\s0\fR) " 4 +.IX Item "tls1multi_aadpacklen (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN) " +Gets the result of running the \*(L"tls1multi_aad\*(R" operation. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOP_cipher_newctx()\fR and \fIOP_cipher_dupctx()\fR should return the newly created +provider side cipher context, or \s-1NULL\s0 on failure. +.PP +\&\fIOP_cipher_encrypt_init()\fR, \fIOP_cipher_decrypt_init()\fR, \fIOP_cipher_update()\fR, +\&\fIOP_cipher_final()\fR, \fIOP_cipher_cipher()\fR, \fIOP_cipher_get_params()\fR, +\&\fIOP_cipher_get_ctx_params()\fR and \fIOP_cipher_set_ctx_params()\fR should return 1 for +success or 0 on error. +.PP +\&\fIOP_cipher_gettable_params()\fR, \fIOP_cipher_gettable_ctx_params()\fR and +\&\fIOP_cipher_settable_ctx_params()\fR should return a constant \fB\s-1OSSL_PARAM\s0\fR +array, or \s-1NULL\s0 if none is offered. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIprovider\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The provider \s-1CIPHER\s0 interface was introduced in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man7/provider-digest.7 b/linux_amd64/ssl/share/man/man7/provider-digest.7 new file mode 100755 index 0000000..c001bcf --- /dev/null +++ b/linux_amd64/ssl/share/man/man7/provider-digest.7 @@ -0,0 +1,406 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PROVIDER-DIGEST 7" +.TH PROVIDER-DIGEST 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +provider\-digest \- The digest library <\-> provider functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& #include +\& #include +\& +\& /* +\& * Digests support the following function signatures in OSSL_DISPATCH arrays. +\& * (The function signatures are not actual functions). +\& */ +\& +\& /* Context management */ +\& void *OP_digest_newctx(void *provctx); +\& void OP_digest_freectx(void *dctx); +\& void *OP_digest_dupctx(void *dctx); +\& +\& /* Digest generation */ +\& int OP_digest_init(void *dctx); +\& int OP_digest_update(void *dctx, const unsigned char *in, size_t inl); +\& int OP_digest_final(void *dctx, unsigned char *out, size_t *outl, +\& size_t outsz); +\& int OP_digest_digest(void *provctx, const unsigned char *in, size_t inl, +\& unsigned char *out, size_t *outl, size_t outsz); +\& +\& /* Digest parameter descriptors */ +\& const OSSL_PARAM *OP_digest_gettable_params(void); +\& +\& /* Digest operation parameter descriptors */ +\& const OSSL_PARAM *OP_digest_gettable_ctx_params(void); +\& const OSSL_PARAM *OP_digest_settable_ctx_params(void); +\& +\& /* Digest parameters */ +\& int OP_digest_get_params(OSSL_PARAM params[]); +\& +\& /* Digest operation parameters */ +\& int OP_digest_set_ctx_params(void *dctx, const OSSL_PARAM params[]); +\& int OP_digest_get_ctx_params(void *dctx, OSSL_PARAM params[]); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This documentation is primarily aimed at provider authors. See \fIprovider\fR\|(7) +for further information. +.PP +The \s-1DIGEST\s0 operation enables providers to implement digest algorithms and make +them available to applications via the \s-1API\s0 functions \fIEVP_DigestInit_ex\fR\|(3), +\&\fIEVP_DigestUpdate\fR\|(3) and \fIEVP_DigestFinal\fR\|(3) (and other related functions). +.PP +All \*(L"functions\*(R" mentioned here are passed as function pointers between +\&\fIlibcrypto\fR and the provider in \fB\s-1OSSL_DISPATCH\s0\fR arrays via +\&\fB\s-1OSSL_ALGORITHM\s0\fR arrays that are returned by the provider's +\&\fIprovider_query_operation()\fR function +(see \*(L"Provider Functions\*(R" in \fIprovider\-base\fR\|(7)). +.PP +All these \*(L"functions\*(R" have a corresponding function type definition +named \fBOSSL_{name}_fn\fR, and a helper function to retrieve the +function pointer from an \fB\s-1OSSL_DISPATCH\s0\fR element named +\&\fBOSSL_get_{name}\fR. +For example, the \*(L"function\*(R" \fIOP_digest_newctx()\fR has these: +.PP +.Vb 3 +\& typedef void *(OSSL_OP_digest_newctx_fn)(void *provctx); +\& static ossl_inline OSSL_OP_digest_newctx_fn +\& OSSL_get_OP_digest_newctx(const OSSL_DISPATCH *opf); +.Ve +.PP +\&\fB\s-1OSSL_DISPATCH\s0\fR arrays are indexed by numbers that are provided as +macros in \fIopenssl\-core_numbers.h\fR\|(7), as follows: +.PP +.Vb 3 +\& OP_digest_newctx OSSL_FUNC_DIGEST_NEWCTX +\& OP_digest_freectx OSSL_FUNC_DIGEST_FREECTX +\& OP_digest_dupctx OSSL_FUNC_DIGEST_DUPCTX +\& +\& OP_digest_init OSSL_FUNC_DIGEST_INIT +\& OP_digest_update OSSL_FUNC_DIGEST_UPDATE +\& OP_digest_final OSSL_FUNC_DIGEST_FINAL +\& OP_digest_digest OSSL_FUNC_DIGEST_DIGEST +\& +\& OP_digest_get_params OSSL_FUNC_DIGEST_GET_PARAMS +\& OP_digest_get_ctx_params OSSL_FUNC_DIGEST_GET_CTX_PARAMS +\& OP_digest_set_ctx_params OSSL_FUNC_DIGEST_SET_CTX_PARAMS +\& +\& OP_digest_gettable_params OSSL_FUNC_DIGEST_GETTABLE_PARAMS +\& OP_digest_gettable_ctx_params OSSL_FUNC_DIGEST_GETTABLE_CTX_PARAMS +\& OP_digest_settable_ctx_params OSSL_FUNC_DIGEST_SETTABLE_CTX_PARAMS +.Ve +.PP +A digest algorithm implementation may not implement all of these functions. +In order to be usable all or none of OP_digest_newctx, OP_digest_freectx, +OP_digest_init, OP_digest_update and OP_digest_final should be implemented. +All other functions are optional. +.SS "Context Management Functions" +.IX Subsection "Context Management Functions" +\&\fIOP_digest_newctx()\fR should create and return a pointer to a provider side +structure for holding context information during a digest operation. +A pointer to this context will be passed back in a number of the other digest +operation function calls. +The parameter \fIprovctx\fR is the provider context generated during provider +initialisation (see \fIprovider\fR\|(7)). +.PP +\&\fIOP_digest_freectx()\fR is passed a pointer to the provider side digest context in +the \fIdctx\fR parameter. +This function should free any resources associated with that context. +.PP +\&\fIOP_digest_dupctx()\fR should duplicate the provider side digest context in the +\&\fIdctx\fR parameter and return the duplicate copy. +.SS "Digest Generation Functions" +.IX Subsection "Digest Generation Functions" +\&\fIOP_digest_init()\fR initialises a digest operation given a newly created +provider side digest context in the \fIdctx\fR parameter. +.PP +\&\fIOP_digest_update()\fR is called to supply data to be digested as part of a +previously initialised digest operation. +The \fIdctx\fR parameter contains a pointer to a previously initialised provider +side context. +\&\fIOP_digest_update()\fR should digest \fIinl\fR bytes of data at the location pointed to +by \fIin\fR. +\&\fIOP_digest_update()\fR may be called multiple times for a single digest operation. +.PP +\&\fIOP_digest_final()\fR generates a digest started through previous \fIOP_digest_init()\fR +and \fIOP_digest_update()\fR calls. +The \fIdctx\fR parameter contains a pointer to the provider side context. +The digest should be written to \fI*out\fR and the length of the digest to +\&\fI*outl\fR. +The digest should not exceed \fIoutsz\fR bytes. +.PP +\&\fIOP_digest_digest()\fR is a \*(L"oneshot\*(R" digest function. +No provider side digest context is used. +Instead the provider context that was created during provider initialisation is +passed in the \fIprovctx\fR parameter (see \fIprovider\fR\|(7)). +\&\fIinl\fR bytes at \fIin\fR should be digested and the result should be stored at +\&\fIout\fR. The length of the digest should be stored in \fI*outl\fR which should not +exceed \fIoutsz\fR bytes. +.SS "Digest Parameters" +.IX Subsection "Digest Parameters" +See \s-1\fIOSSL_PARAM\s0\fR\|(3) for further details on the parameters structure used by +these functions. +.PP +\&\fIOP_digest_get_params()\fR gets details of the algorithm implementation +and stores them in \fIparams\fR. +.PP +\&\fIOP_digest_set_ctx_params()\fR sets digest operation parameters for the +provider side digest context \fIdctx\fR to \fIparams\fR. +Any parameter settings are additional to any that were previously set. +.PP +\&\fIOP_digest_get_ctx_params()\fR gets digest operation details details from +the given provider side digest context \fIdctx\fR and stores them in \fIparams\fR. +.PP +\&\fIOP_digest_gettable_params()\fR, \fIOP_digest_gettable_ctx_params()\fR, and +\&\fIOP_digest_settable_ctx_params()\fR all return constant \fB\s-1OSSL_PARAM\s0\fR arrays +as descriptors of the parameters that \fIOP_digest_get_params()\fR, +\&\fIOP_digest_get_ctx_params()\fR, and \fIOP_digest_set_ctx_params()\fR can handle, +respectively. +.PP +Parameters currently recognised by built-in digests with this function +are as follows. Not all parameters are relevant to, or are understood +by all digests: +.ie n .IP """blocksize"" (\fB\s-1OSSL_DIGEST_PARAM_BLOCK_SIZE\s0\fR) " 4 +.el .IP "``blocksize'' (\fB\s-1OSSL_DIGEST_PARAM_BLOCK_SIZE\s0\fR) " 4 +.IX Item "blocksize (OSSL_DIGEST_PARAM_BLOCK_SIZE) " +The digest block size. +The length of the \*(L"blocksize\*(R" parameter should not exceed that of a \fBsize_t\fR. +.ie n .IP """size"" (\fB\s-1OSSL_DIGEST_PARAM_SIZE\s0\fR) " 4 +.el .IP "``size'' (\fB\s-1OSSL_DIGEST_PARAM_SIZE\s0\fR) " 4 +.IX Item "size (OSSL_DIGEST_PARAM_SIZE) " +The digest output size. +The length of the \*(L"size\*(R" parameter should not exceed that of a \fBsize_t\fR. +.ie n .IP """flags"" (\fB\s-1OSSL_DIGEST_PARAM_FLAGS\s0\fR) " 4 +.el .IP "``flags'' (\fB\s-1OSSL_DIGEST_PARAM_FLAGS\s0\fR) " 4 +.IX Item "flags (OSSL_DIGEST_PARAM_FLAGS) " +Diverse flags that describe exceptional behaviour for the digest: +.RS 4 +.IP "\fB\s-1EVP_MD_FLAG_ONESHOT\s0\fR" 4 +.IX Item "EVP_MD_FLAG_ONESHOT" +This digest method can only handle one block of input. +.IP "\fB\s-1EVP_MD_FLAG_XOF\s0\fR" 4 +.IX Item "EVP_MD_FLAG_XOF" +This digest method is an extensible-output function (\s-1XOF\s0) and supports +setting the \fB\s-1OSSL_DIGEST_PARAM_XOFLEN\s0\fR parameter. +.IP "\fB\s-1EVP_MD_FLAG_DIGALGID_NULL\s0\fR" 4 +.IX Item "EVP_MD_FLAG_DIGALGID_NULL" +When setting up a DigestAlgorithmIdentifier, this flag will have the +parameter set to \s-1NULL\s0 by default. Use this for PKCS#1. \fINote: if +combined with \s-1EVP_MD_FLAG_DIGALGID_ABSENT\s0, the latter will override.\fR +.IP "\fB\s-1EVP_MD_FLAG_DIGALGID_ABSENT\s0\fR" 4 +.IX Item "EVP_MD_FLAG_DIGALGID_ABSENT" +When setting up a DigestAlgorithmIdentifier, this flag will have the +parameter be left absent by default. \fINote: if combined with +\&\s-1EVP_MD_FLAG_DIGALGID_NULL\s0, the latter will be overridden.\fR +.IP "\fB\s-1EVP_MD_FLAG_DIGALGID_CUSTOM\s0\fR" 4 +.IX Item "EVP_MD_FLAG_DIGALGID_CUSTOM" +Custom DigestAlgorithmIdentifier handling via ctrl, with +\&\fB\s-1EVP_MD_FLAG_DIGALGID_ABSENT\s0\fR as default. \fINote: if combined with +\&\s-1EVP_MD_FLAG_DIGALGID_NULL\s0, the latter will be overridden.\fR +Currently unused. +.RE +.RS 4 +.Sp +The length of the \*(L"flags\*(R" parameter should equal that of an +\&\fBunsigned long int\fR. +.RE +.SS "Digest Context Parameters" +.IX Subsection "Digest Context Parameters" +\&\fIOP_digest_set_ctx_params()\fR sets digest parameters associated with the +given provider side digest context \fIdctx\fR to \fIparams\fR. +Any parameter settings are additional to any that were previously set. +See \s-1\fIOSSL_PARAM\s0\fR\|(3) for further details on the parameters structure. +.PP +\&\fIOP_digest_get_ctx_params()\fR gets details of currently set parameters +values associated with the give provider side digest context \fIdctx\fR +and stores them in \fIparams\fR. +See \s-1\fIOSSL_PARAM\s0\fR\|(3) for further details on the parameters structure. +.PP +Parameters currently recognised by built-in digests are as follows. Not all +parameters are relevant to, or are understood by all digests: +.ie n .IP """xoflen"" (\fB\s-1OSSL_DIGEST_PARAM_XOFLEN\s0\fR) " 4 +.el .IP "``xoflen'' (\fB\s-1OSSL_DIGEST_PARAM_XOFLEN\s0\fR) " 4 +.IX Item "xoflen (OSSL_DIGEST_PARAM_XOFLEN) " +Sets the digest length for extendable output functions. +The length of the \*(L"xoflen\*(R" parameter should not exceed that of a \fBsize_t\fR. +.ie n .IP """ssl3\-ms"" (\fB\s-1OSSL_DIGEST_PARAM_SSL3_MS\s0\fR) " 4 +.el .IP "``ssl3\-ms'' (\fB\s-1OSSL_DIGEST_PARAM_SSL3_MS\s0\fR) " 4 +.IX Item "ssl3-ms (OSSL_DIGEST_PARAM_SSL3_MS) " +This parameter is set by libssl in order to calculate a signature hash for an +SSLv3 CertificateVerify message as per \s-1RFC6101\s0. +It is only set after all handshake messages have already been digested via +\&\fIOP_digest_update()\fR calls. +The parameter provides the master secret value to be added to the digest. +The digest implementation should calculate the complete digest as per \s-1RFC6101\s0 +section 5.6.8. +The next call after setting this parameter will be \fIOP_digest_final()\fR. +This is only relevant for implementations of \s-1SHA1\s0 or \s-1MD5_SHA1\s0. +.ie n .IP """pad_type"" (\fB\s-1OSSL_DIGEST_PARAM_PAD_TYPE\s0\fR) " 4 +.el .IP "``pad_type'' (\fB\s-1OSSL_DIGEST_PARAM_PAD_TYPE\s0\fR) " 4 +.IX Item "pad_type (OSSL_DIGEST_PARAM_PAD_TYPE) " +Sets the pad type to be used. +The only built-in digest that uses this is \s-1MDC2\s0. +Normally the final \s-1MDC2\s0 block is padded with 0s. +If the pad type is set to 2 then the final block is padded with 0x80 followed by +0s. +.ie n .IP """micalg"" (\fB\s-1OSSL_DIGEST_PARAM_MICALG\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``micalg'' (\fB\s-1OSSL_DIGEST_PARAM_MICALG\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "micalg (OSSL_DIGEST_PARAM_MICALG) " +Gets the digest Message Integrity Check algorithm string. +This is used when creating S/MIME multipart/signed messages, as specified in +\&\s-1RFC\s0 5751. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOP_digest_newctx()\fR and \fIOP_digest_dupctx()\fR should return the newly created +provider side digest context, or \s-1NULL\s0 on failure. +.PP +\&\fIOP_digest_init()\fR, \fIOP_digest_update()\fR, \fIOP_digest_final()\fR, \fIOP_digest_digest()\fR, +\&\fIOP_digest_set_params()\fR and \fIOP_digest_get_params()\fR should return 1 for success or +0 on error. +.PP +\&\fIOP_digest_size()\fR should return the digest size. +.PP +\&\fIOP_digest_block_size()\fR should return the block size of the underlying digest +algorithm. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIprovider\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The provider \s-1DIGEST\s0 interface was introduced in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man7/provider-keyexch.7 b/linux_amd64/ssl/share/man/man7/provider-keyexch.7 new file mode 100755 index 0000000..abf0e55 --- /dev/null +++ b/linux_amd64/ssl/share/man/man7/provider-keyexch.7 @@ -0,0 +1,375 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PROVIDER-KEYEXCH 7" +.TH PROVIDER-KEYEXCH 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +provider\-keyexch \- The keyexch library <\-> provider functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& #include +\& #include +\& +\& /* +\& * None of these are actual functions, but are displayed like this for +\& * the function signatures for functions that are offered as function +\& * pointers in OSSL_DISPATCH arrays. +\& */ +\& +\& /* Context management */ +\& void *OP_keyexch_newctx(void *provctx); +\& void OP_keyexch_freectx(void *ctx); +\& void *OP_keyexch_dupctx(void *ctx); +\& +\& /* Shared secret derivation */ +\& int OP_keyexch_init(void *ctx, void *provkey); +\& int OP_keyexch_set_peer(void *ctx, void *provkey); +\& int OP_keyexch_derive(void *ctx, unsigned char *secret, size_t *secretlen, +\& size_t outlen); +\& +\& /* Key Exchange parameters */ +\& int OP_keyexch_set_ctx_params(void *ctx, const OSSL_PARAM params[]); +\& const OSSL_PARAM *OP_keyexch_settable_ctx_params(void); +\& int OP_keyexch_get_ctx_params(void *ctx, OSSL_PARAM params[]); +\& const OSSL_PARAM *OP_keyexch_gettable_ctx_params(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This documentation is primarily aimed at provider authors. See \fIprovider\fR\|(7) +for further information. +.PP +The key exchange (\s-1OSSL_OP_KEYEXCH\s0) operation enables providers to implement key +exchange algorithms and make them available to applications via +\&\fIEVP_PKEY_derive\fR\|(3) and +other related functions). +.PP +All \*(L"functions\*(R" mentioned here are passed as function pointers between +\&\fIlibcrypto\fR and the provider in \fB\s-1OSSL_DISPATCH\s0\fR arrays via +\&\fB\s-1OSSL_ALGORITHM\s0\fR arrays that are returned by the provider's +\&\fIprovider_query_operation()\fR function +(see \*(L"Provider Functions\*(R" in \fIprovider\-base\fR\|(7)). +.PP +All these \*(L"functions\*(R" have a corresponding function type definition +named \fBOSSL_{name}_fn\fR, and a helper function to retrieve the +function pointer from an \fB\s-1OSSL_DISPATCH\s0\fR element named +\&\fBOSSL_get_{name}\fR. +For example, the \*(L"function\*(R" \fIOP_keyexch_newctx()\fR has these: +.PP +.Vb 3 +\& typedef void *(OSSL_OP_keyexch_newctx_fn)(void *provctx); +\& static ossl_inline OSSL_OP_keyexch_newctx_fn +\& OSSL_get_OP_keyexch_newctx(const OSSL_DISPATCH *opf); +.Ve +.PP +\&\fB\s-1OSSL_DISPATCH\s0\fR arrays are indexed by numbers that are provided as +macros in \fIopenssl\-core_numbers.h\fR\|(7), as follows: +.PP +.Vb 3 +\& OP_keyexch_newctx OSSL_FUNC_KEYEXCH_NEWCTX +\& OP_keyexch_freectx OSSL_FUNC_KEYEXCH_FREECTX +\& OP_keyexch_dupctx OSSL_FUNC_KEYEXCH_DUPCTX +\& +\& OP_keyexch_init OSSL_FUNC_KEYEXCH_INIT +\& OP_keyexch_set_peer OSSL_FUNC_KEYEXCH_SET_PEER +\& OP_keyexch_derive OSSL_FUNC_KEYEXCH_DERIVE +\& +\& OP_keyexch_set_ctx_params OSSL_FUNC_KEYEXCH_SET_CTX_PARAMS +\& OP_keyexch_settable_ctx_params OSSL_FUNC_KEYEXCH_SETTABLE_CTX_PARAMS +\& OP_keyexch_get_ctx_params OSSL_FUNC_KEYEXCH_GET_CTX_PARAMS +\& OP_keyexch_gettable_ctx_params OSSL_FUNC_KEYEXCH_GETTABLE_CTX_PARAMS +.Ve +.PP +A key exchange algorithm implementation may not implement all of these functions. +In order to be a consistent set of functions a provider must implement +OP_keyexch_newctx, OP_keyexch_freectx, OP_keyexch_init and OP_keyexch_derive. +All other functions are optional. +.PP +A key exchange algorithm must also implement some mechanism for generating, +loading or importing keys via the key management (\s-1OSSL_OP_KEYMGMT\s0) operation. +See \fIprovider\-keymgmt\fR\|(7) for further details. +.SS "Context Management Functions" +.IX Subsection "Context Management Functions" +\&\fIOP_keyexch_newctx()\fR should create and return a pointer to a provider side +structure for holding context information during a key exchange operation. +A pointer to this context will be passed back in a number of the other key +exchange operation function calls. +The parameter \fIprovctx\fR is the provider context generated during provider +initialisation (see \fIprovider\fR\|(7)). +.PP +\&\fIOP_keyexch_freectx()\fR is passed a pointer to the provider side key exchange +context in the \fIctx\fR parameter. +This function should free any resources associated with that context. +.PP +\&\fIOP_keyexch_dupctx()\fR should duplicate the provider side key exchange context in +the \fIctx\fR parameter and return the duplicate copy. +.SS "Shared Secret Derivation Functions" +.IX Subsection "Shared Secret Derivation Functions" +\&\fIOP_keyexch_init()\fR initialises a key exchange operation given a provider side key +exchange context in the \fIctx\fR parameter, and a pointer to a provider key object +in the \fIprovkey\fR parameter. The key object should have been previously +generated, loaded or imported into the provider using the key management +(\s-1OSSL_OP_KEYMGMT\s0) operation (see \fIprovider\-keymgmt\fR\|(7)>. +.PP +\&\fIOP_keyexch_set_peer()\fR is called to supply the peer's public key (in the +\&\fIprovkey\fR parameter) to be used when deriving the shared secret. +It is also passed a previously initialised key exchange context in the \fIctx\fR +parameter. +The key object should have been previously generated, loaded or imported into +the provider using the key management (\s-1OSSL_OP_KEYMGMT\s0) operation (see +\&\fIprovider\-keymgmt\fR\|(7)>. +.PP +\&\fIOP_keyexch_derive()\fR performs the actual key exchange itself by deriving a shared +secret. +A previously initialised key exchange context is passed in the \fIctx\fR +parameter. +The derived secret should be written to the location \fIsecret\fR which should not +exceed \fIoutlen\fR bytes. +The length of the shared secret should be written to \fI*secretlen\fR. +If \fIsecret\fR is \s-1NULL\s0 then the maximum length of the shared secret should be +written to \fI*secretlen\fR. +.SS "Key Exchange Parameters Functions" +.IX Subsection "Key Exchange Parameters Functions" +\&\fIOP_keyexch_set_ctx_params()\fR sets key exchange parameters associated with the +given provider side key exchange context \fIctx\fR to \fIparams\fR, +see \*(L"Key Exchange Parameters\*(R". +Any parameter settings are additional to any that were previously set. +.PP +\&\fIOP_keyexch_get_ctx_params()\fR gets key exchange parameters associated with the +given provider side key exchange context \fIctx\fR into \fIparams\fR, +see \*(L"Key Exchange Parameters\*(R". +.PP +\&\fIOP_keyexch_settable_ctx_params()\fR yields a constant \fB\s-1OSSL_PARAM\s0\fR array that +describes the settable parameters, i.e. parameters that can be used with +\&\fIOP_signature_set_ctx_params()\fR. +If \fIOP_keyexch_settable_ctx_params()\fR is present, \fIOP_keyexch_set_ctx_params()\fR must +also be present, and vice versa. +Similarly, \fIOP_keyexch_gettable_ctx_params()\fR yields a constant \fB\s-1OSSL_PARAM\s0\fR +array that describes the gettable parameters, i.e. parameters that can be +handled by \fIOP_signature_get_ctx_params()\fR. +If \fIOP_keyexch_gettable_ctx_params()\fR is present, \fIOP_keyexch_get_ctx_params()\fR must +also be present, and vice versa. +See \s-1\fIOSSL_PARAM\s0\fR\|(3) for the use of \fB\s-1OSSL_PARAM\s0\fR as parameter descriptor. +.PP +Notice that not all settable parameters are also gettable, and vice versa. +.SS "Key Exchange Parameters" +.IX Subsection "Key Exchange Parameters" +See \s-1\fIOSSL_PARAM\s0\fR\|(3) for further details on the parameters structure used by +the \fIOP_keyexch_set_ctx_params()\fR and \fIOP_keyexch_get_ctx_params()\fR functions. +.PP +Parameters currently recognised by built-in key exchange algorithms are as +follows. +Not all parameters are relevant to, or are understood by all key exchange +algorithms: +.ie n .IP """pad"" (\fB\s-1OSSL_EXCHANGE_PARAM_PAD\s0\fR) " 4 +.el .IP "``pad'' (\fB\s-1OSSL_EXCHANGE_PARAM_PAD\s0\fR) " 4 +.IX Item "pad (OSSL_EXCHANGE_PARAM_PAD) " +Sets the padding mode for the associated key exchange ctx. +Setting a value of 1 will turn padding on. +Setting a vlue of 0 will turn padding off. +If padding is off then the derived shared secret may be smaller than the largest +possible secret size. +If padding is on then the derived shared secret will have its first bytes filled +with 0s where necessary to make the shared secret the same size as the largest +possible secret size. +.ie n .IP """ecdh-cofactor-mode"" (\fB\s-1OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE\s0\fR) " 4 +.el .IP "``ecdh-cofactor-mode'' (\fB\s-1OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE\s0\fR) " 4 +.IX Item "ecdh-cofactor-mode (OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE) " +Sets/gets the \s-1ECDH\s0 mode of operation for the associated key exchange ctx. +.Sp +In the context of an Elliptic Curve Diffie-Hellman key exchange, this parameter +can be used to select between the plain Diffie-Hellman (\s-1DH\s0) or Cofactor +Diffie-Hellman (\s-1CDH\s0) variants of the key exchange algorithm. +.Sp +When setting, the value should be 1, 0 or \-1, respectively forcing cofactor mode +on, off, or resetting it to the default for the private key associated with the +given key exchange ctx. +.Sp +When getting, the value should be either 1 or 0, respectively signaling if the +cofactor mode is on or off. +.Sp +See also \fIprovider\-keymgmt\fR\|(7) for the related +\&\fB\s-1OSSL_PKEY_PARAM_USE_COFACTOR_ECDH\s0\fR parameter that can be set on a +per-key basis. +.ie n .IP """kdf-type"" (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_TYPE\s0\fR) " 4 +.el .IP "``kdf-type'' (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_TYPE\s0\fR) " 4 +.IX Item "kdf-type (OSSL_EXCHANGE_PARAM_KDF_TYPE) " +Sets/gets the Key Derivation Function type to apply within the associated key +exchange ctx. +.ie n .IP """kdf-digest"" (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_DIGEST\s0\fR) " 4 +.el .IP "``kdf-digest'' (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_DIGEST\s0\fR) " 4 +.IX Item "kdf-digest (OSSL_EXCHANGE_PARAM_KDF_DIGEST) " +Sets/gets the Digest algorithm to be used as part of the Key Derivation Function +associated with the given key exchange ctx. +.ie n .IP """kdf-digest-props"" (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS\s0\fR) " 4 +.el .IP "``kdf-digest-props'' (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS\s0\fR) " 4 +.IX Item "kdf-digest-props (OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS) " +Sets properties to be used upon look up of the implementation for the selected +Digest algorithm for the Key Derivation Function associated with the given key +exchange ctx. +.ie n .IP """kdf-outlen"" (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_OUTLEN\s0\fR) " 4 +.el .IP "``kdf-outlen'' (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_OUTLEN\s0\fR) " 4 +.IX Item "kdf-outlen (OSSL_EXCHANGE_PARAM_KDF_OUTLEN) " +Sets/gets the desired size for the output of the chosen Key Derivation Function +associated with the given key exchange ctx. +.ie n .IP """kdf-ukm"" (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_UKM\s0\fR) " 4 +.el .IP "``kdf-ukm'' (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_UKM\s0\fR) " 4 +.IX Item "kdf-ukm (OSSL_EXCHANGE_PARAM_KDF_UKM) " +Sets/gets User Key Material to be used as part of the selected Key Derivation +Function associated with the given key exchange ctx. +.ie n .IP """kdf-ukm-len"" (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_UKM_LEN\s0\fR) " 4 +.el .IP "``kdf-ukm-len'' (\fB\s-1OSSL_EXCHANGE_PARAM_KDF_UKM_LEN\s0\fR) " 4 +.IX Item "kdf-ukm-len (OSSL_EXCHANGE_PARAM_KDF_UKM_LEN) " +Sets/gets the size of the User Key Material to be used as part of the selected +Key Derivation Function associated with the given key exchange ctx. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOP_keyexch_newctx()\fR and \fIOP_keyexch_dupctx()\fR should return the newly created +provider side key exchange context, or \s-1NULL\s0 on failure. +.PP +\&\fIOP_keyexch_init()\fR, \fIOP_keyexch_set_peer()\fR, \fIOP_keyexch_derive()\fR, +\&\fIOP_keyexch_set_params()\fR, and \fIOP_keyexch_get_params()\fR should return 1 for success +or 0 on error. +.PP +\&\fIOP_keyexch_settable_ctx_params()\fR and \fIOP_keyexch_gettable_ctx_params()\fR should +always return a constant \fB\s-1OSSL_PARAM\s0\fR array. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIprovider\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The provider \s-1KEYEXCH\s0 interface was introduced in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man7/provider-keymgmt.7 b/linux_amd64/ssl/share/man/man7/provider-keymgmt.7 new file mode 100755 index 0000000..5c3e3b8 --- /dev/null +++ b/linux_amd64/ssl/share/man/man7/provider-keymgmt.7 @@ -0,0 +1,517 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PROVIDER-KEYMGMT 7" +.TH PROVIDER-KEYMGMT 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +provider\-keymgmt \- The KEYMGMT library <\-> provider functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& /* +\& * None of these are actual functions, but are displayed like this for +\& * the function signatures for functions that are offered as function +\& * pointers in OSSL_DISPATCH arrays. +\& */ +\& +\& /* Key object (keydata) creation and destruction */ +\& void *OP_keymgmt_new(void *provctx); +\& void OP_keymgmt_free(void *keydata); +\& +\& /* Key object information */ +\& int OP_keymgmt_get_params(void *keydata, OSSL_PARAM params[]); +\& const OSSL_PARAM *OP_keymgmt_gettable_params(void); +\& int OP_keymgmt_set_params(void *keydata, const OSSL_PARAM params[]); +\& const OSSL_PARAM *OP_keymgmt_settable_params(void); +\& +\& /* Key object content checks */ +\& int OP_keymgmt_has(void *keydata, int selection); +\& int OP_keymgmt_match(const void *keydata1, const void *keydata2, +\& int selection); +\& +\& /* Discovery of supported operations */ +\& const char *OP_keymgmt_query_operation_name(int operation_id); +\& +\& /* Key object import and export functions */ +\& int OP_keymgmt_import(int selection, void *keydata, const OSSL_PARAM params[]); +\& const OSSL_PARAM *OP_keymgmt_import_types(int selection); +\& int OP_keymgmt_export(int selection, void *keydata, +\& OSSL_CALLBACK *param_cb, void *cbarg); +\& const OSSL_PARAM *OP_keymgmt_export_types(int selection); +\& +\& /* Key object copy */ +\& int OP_keymgmt_copy(void *keydata_to, const void *keydata_from, int selection); +\& +\& /* Key object validation */ +\& int OP_keymgmt_validate(void *keydata, int selection); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1KEYMGMT\s0 operation doesn't have much public visibility in OpenSSL +libraries, it's rather an internal operation that's designed to work +in tandem with operations that use private/public key pairs. +.PP +Because the \s-1KEYMGMT\s0 operation shares knowledge with the operations it +works with in tandem, they must belong to the same provider. +The OpenSSL libraries will ensure that they do. +.PP +The primary responsibility of the \s-1KEYMGMT\s0 operation is to hold the +provider side key data for the OpenSSL library \s-1EVP_PKEY\s0 structure. +.PP +All \*(L"functions\*(R" mentioned here are passed as function pointers between +\&\fIlibcrypto\fR and the provider in \fB\s-1OSSL_DISPATCH\s0\fR arrays via +\&\fB\s-1OSSL_ALGORITHM\s0\fR arrays that are returned by the provider's +\&\fIprovider_query_operation()\fR function +(see \*(L"Provider Functions\*(R" in \fIprovider\-base\fR\|(7)). +.PP +All these \*(L"functions\*(R" have a corresponding function type definition +named \fBOSSL_{name}_fn\fR, and a helper function to retrieve the +function pointer from a \fB\s-1OSSL_DISPATCH\s0\fR element named +\&\fBOSSL_get_{name}\fR. +For example, the \*(L"function\*(R" \fIOP_keymgmt_new()\fR has these: +.PP +.Vb 3 +\& typedef void *(OSSL_OP_keymgmt_new_fn)(void *provctx); +\& static ossl_inline OSSL_OP_keymgmt_new_fn +\& OSSL_get_OP_keymgmt_new(const OSSL_DISPATCH *opf); +.Ve +.PP +\&\fB\s-1OSSL_DISPATCH\s0\fR arrays are indexed by numbers that are provided as +macros in \fIopenssl\-core_numbers.h\fR\|(7), as follows: +.PP +.Vb 2 +\& OP_keymgmt_new OSSL_FUNC_KEYMGMT_NEW +\& OP_keymgmt_free OSSL_FUNC_KEYMGMT_FREE +\& +\& OP_keymgmt_get_params OSSL_FUNC_KEYMGMT_GET_PARAMS +\& OP_keymgmt_gettable_params OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS +\& OP_keymgmt_set_params OSSL_FUNC_KEYMGMT_SET_PARAMS +\& OP_keymgmt_settable_params OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS +\& +\& OP_keymgmt_query_operation_name OSSL_FUNC_KEYMGMT_QUERY_OPERATION_NAME +\& +\& OP_keymgmt_has OSSL_FUNC_KEYMGMT_HAS +\& OP_keymgmt_validate OSSL_FUNC_KEYMGMT_VALIDATE +\& OP_keymgmt_match OSSL_FUNC_KEYMGMT_MATCH +\& +\& OP_keymgmt_import OSSL_FUNC_KEYMGMT_IMPORT +\& OP_keymgmt_import_types OSSL_FUNC_KEYMGMT_IMPORT_TYPES +\& OP_keymgmt_export OSSL_FUNC_KEYMGMT_EXPORT +\& OP_keymgmt_export_types OSSL_FUNC_KEYMGMT_EXPORT_TYPES +\& +\& OP_keymgmt_copy OSSL_FUNC_KEYMGMT_COPY +.Ve +.SS "Key Objects" +.IX Subsection "Key Objects" +A key object is a collection of data for an asymmetric key, and is +represented as \fIkeydata\fR in this manual. +.PP +The exact contents of a key object are defined by the provider, and it +is assumed that different operations in one and the same provider use +the exact same structure to represent this collection of data, so that +for example, a key object that has been created using the \s-1KEYMGMT\s0 +interface that we document here can be passed as is to other provider +operations, such as \fIOP_signature_sign_init()\fR (see +\&\fIprovider\-signature\fR\|(7)). +.PP +With some of the \s-1KEYMGMT\s0 functions, it's possible to select a specific +subset of data to handle, governed by the bits in a \fIselection\fR +indicator. The bits are: +.IP "\fB\s-1OSSL_KEYMGMT_SELECT_PRIVATE_KEY\s0\fR" 4 +.IX Item "OSSL_KEYMGMT_SELECT_PRIVATE_KEY" +Indicating that the private key data in a key object should be +considered. +.IP "\fB\s-1OSSL_KEYMGMT_SELECT_PUBLIC_KEY\s0\fR" 4 +.IX Item "OSSL_KEYMGMT_SELECT_PUBLIC_KEY" +Indicating that the public key data in a key object should be +considered. +.IP "\fB\s-1OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS\s0\fR" 4 +.IX Item "OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS" +Indicating that the domain parameters in a key object should be +considered. +.IP "\fB\s-1OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS\s0\fR" 4 +.IX Item "OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS" +Indicating that other parameters in a key object should be +considered. +.Sp +Other parameters are key parameters that don't fit any other +classification. In other words, this particular selector bit works as +a last resort bit bucket selector. +.PP +Some selector bits have also been combined for easier use: +.IP "\fB\s-1OSSL_KEYMGMT_SELECT_ALL_PARAMETERS\s0\fR" 4 +.IX Item "OSSL_KEYMGMT_SELECT_ALL_PARAMETERS" +Indicating that all key object parameters should be considered, +regardless of their more granular classification. +.Sp +This is a combination of \fB\s-1OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS\s0\fR and +\&\fB\s-1OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS\s0\fR. +.IP "\fB\s-1OSSL_KEYMGMT_SELECT_KEYPAIR\s0\fR" 4 +.IX Item "OSSL_KEYMGMT_SELECT_KEYPAIR" +Indicating that both the whole key pair in a key object should be +considered, i.e. the combination of public and private key. +.Sp +This is a combination of \fB\s-1OSSL_KEYMGMT_SELECT_PRIVATE_KEY\s0\fR and +\&\fB\s-1OSSL_KEYMGMT_SELECT_PUBLIC_KEY\s0\fR. +.IP "\fB\s-1OSSL_KEYMGMT_SELECT_ALL\s0\fR" 4 +.IX Item "OSSL_KEYMGMT_SELECT_ALL" +Indicating that everything in a key object should be considered. +.PP +The exact interpretation of those bits or how they combine is left to +each function where you can specify a selector. +.SS "Constructing and Destructing Functions" +.IX Subsection "Constructing and Destructing Functions" +\&\fIOP_keymgmt_new()\fR should create a provider side key object. The +provider context \fIprovctx\fR is passed and may be incorporated in the +key object, but that is not mandatory. +.PP +\&\fIOP_keymgmt_free()\fR should free the passed \fIkeydata\fR. +.PP +The constructor and destructor are mandatory, a \s-1KEYMGMT\s0 implementation +without them will not be accepted. +.SS "Key Object Information Functions" +.IX Subsection "Key Object Information Functions" +\&\fIOP_keymgmt_get_params()\fR should extract information data associated +with the given \fIkeydata\fR, see \*(L"Information Parameters\*(R". +.PP +\&\fIOP_keymgmt_gettable_params()\fR should return a constant array of +descriptor \fB\s-1OSSL_PARAM\s0\fR, for parameters that \fIOP_keymgmt_get_params()\fR +can handle. +.PP +If \fIOP_keymgmt_gettable_params()\fR is present, \fIOP_keymgmt_get_params()\fR +must also be present, and vice versa. +.PP +\&\fIOP_keymgmt_set_params()\fR should update information data associated +with the given \fIkeydata\fR, see \*(L"Information Parameters\*(R". +.PP +\&\fIOP_keymgmt_settable_params()\fR should return a constant array of +descriptor \fB\s-1OSSL_PARAM\s0\fR, for parameters that \fIOP_keymgmt_set_params()\fR +can handle. +.PP +If \fIOP_keymgmt_settable_params()\fR is present, \fIOP_keymgmt_set_params()\fR +must also be present, and vice versa. +.SS "Key Object Checking Functions" +.IX Subsection "Key Object Checking Functions" +\&\fIOP_keymgmt_query_operation_name()\fR should return the name of the +supported algorithm for the operation \fIoperation_id\fR. This is +similar to \fIprovider_query_operation()\fR (see \fIprovider\-base\fR\|(7)), +but only works as an advisory. If this function is not present, or +returns \s-1NULL\s0, the caller is free to assume that there's an algorithm +from the same provider, of the same name as the one used to fetch the +keymgmt and try to use that. +.PP +\&\fIOP_keymgmt_has()\fR should check whether the given \fIkeydata\fR contains the subsets +of data indicated by the \fIselector\fR. A combination of several +selector bits must consider all those subsets, not just one. An +implementation is, however, free to consider an empty subset of data +to still be a valid subset. +.PP +\&\fIOP_keymgmt_validate()\fR should check if the \fIkeydata\fR contains valid +data subsets indicated by \fIselection\fR. Some combined selections of +data subsets may cause validation of the combined data. +For example, the combination of \fB\s-1OSSL_KEYMGMT_SELECT_PRIVATE_KEY\s0\fR and +\&\fB\s-1OSSL_KEYMGMT_SELECT_PUBLIC_KEY\s0\fR (or \fB\s-1OSSL_KEYMGMT_SELECT_KEYPAIR\s0\fR +for short) is expected to check that the pairwise consistency of +\&\fIkeydata\fR is valid. +.PP +\&\fIOP_keymgmt_match()\fR should check if the data subset indicated by +\&\fIselection\fR in \fIkeydata1\fR and \fIkeydata2\fR match. It is assumed that +the caller has ensured that \fIkeydata1\fR and \fIkeydata2\fR are both owned +by the implementation of this function. +.SS "Key Object Import, Export and Copy Functions" +.IX Subsection "Key Object Import, Export and Copy Functions" +\&\fIOP_keymgmt_import()\fR should import data indicated by \fIselection\fR into +\&\fIkeydata\fR with values taken from the \fB\s-1OSSL_PARAM\s0\fR array \fIparams\fR. +.PP +\&\fIOP_keymgmt_export()\fR should extract values indicated by \fIselection\fR +from \fIkeydata\fR, create an \fB\s-1OSSL_PARAM\s0\fR array with them and call +\&\fIparam_cb\fR with that array as well as the given \fIcbarg\fR. +.PP +\&\fIOP_keymgmt_import_types()\fR should return a constant array of descriptor +\&\fB\s-1OSSL_PARAM\s0\fR for data indicated by \fIselection\fR, for parameters that +\&\fIOP_keymgmt_import()\fR can handle. +.PP +\&\fIOP_keymgmt_export_types()\fR should return a constant array of descriptor +\&\fB\s-1OSSL_PARAM\s0\fR for data indicated by \fIselection\fR, that the +\&\fIOP_keymgmt_export()\fR callback can expect to receive. +.PP +\&\fIOP_keymgmt_copy()\fR should copy data subsets indicated by \fIselection\fR +from \fIkeydata_from\fR to \fIkeydata_to\fR. It is assumed that the caller +has ensured that \fIkeydata_to\fR and \fIkeydata_from\fR are both owned by +the implementation of this function. +.SS "Built-in \s-1RSA\s0 Import/Export Types" +.IX Subsection "Built-in RSA Import/Export Types" +The following Import/Export types are available for the built-in \s-1RSA\s0 algorithm: +.ie n .IP """n"" (\fB\s-1OSSL_PKEY_PARAM_RSA_N\s0\fR) " 4 +.el .IP "``n'' (\fB\s-1OSSL_PKEY_PARAM_RSA_N\s0\fR) " 4 +.IX Item "n (OSSL_PKEY_PARAM_RSA_N) " +The \s-1RSA\s0 \*(L"n\*(R" value. +.ie n .IP """e"" (\fB\s-1OSSL_PKEY_PARAM_RSA_E\s0\fR) " 4 +.el .IP "``e'' (\fB\s-1OSSL_PKEY_PARAM_RSA_E\s0\fR) " 4 +.IX Item "e (OSSL_PKEY_PARAM_RSA_E) " +The \s-1RSA\s0 \*(L"e\*(R" value. +.ie n .IP """d"" (\fB\s-1OSSL_PKEY_PARAM_RSA_D\s0\fR) " 4 +.el .IP "``d'' (\fB\s-1OSSL_PKEY_PARAM_RSA_D\s0\fR) " 4 +.IX Item "d (OSSL_PKEY_PARAM_RSA_D) " +The \s-1RSA\s0 \*(L"d\*(R" value. +.ie n .IP """rsa-factor"" (\fB\s-1OSSL_PKEY_PARAM_RSA_FACTOR\s0\fR) " 4 +.el .IP "``rsa-factor'' (\fB\s-1OSSL_PKEY_PARAM_RSA_FACTOR\s0\fR) " 4 +.IX Item "rsa-factor (OSSL_PKEY_PARAM_RSA_FACTOR) " +An \s-1RSA\s0 factor. In 2 prime \s-1RSA\s0 these are often known as \*(L"p\*(R" or \*(L"q\*(R". This value +may be repeated up to 10 times in a single key. +.ie n .IP """rsa-exponent"" (\fB\s-1OSSL_PKEY_PARAM_RSA_EXPONENT\s0\fR) " 4 +.el .IP "``rsa-exponent'' (\fB\s-1OSSL_PKEY_PARAM_RSA_EXPONENT\s0\fR) " 4 +.IX Item "rsa-exponent (OSSL_PKEY_PARAM_RSA_EXPONENT) " +An \s-1RSA\s0 \s-1CRT\s0 (Chinese Remainder Theorem) exponent. This value may be repeated up +to 10 times in a single key. +.ie n .IP """rsa-coefficient"" (\fB\s-1OSSL_PKEY_PARAM_RSA_COEFFICIENT\s0\fR) " 4 +.el .IP "``rsa-coefficient'' (\fB\s-1OSSL_PKEY_PARAM_RSA_COEFFICIENT\s0\fR) " 4 +.IX Item "rsa-coefficient (OSSL_PKEY_PARAM_RSA_COEFFICIENT) " +An \s-1RSA\s0 \s-1CRT\s0 (Chinese Remainder Theorem) coefficient. This value may be repeated +up to 9 times in a single key. +.SS "Built-in \s-1DSA\s0 and Diffie-Hellman Import/Export Types" +.IX Subsection "Built-in DSA and Diffie-Hellman Import/Export Types" +The following Import/Export types are available for the built-in \s-1DSA\s0 and +Diffie-Hellman algorithms: +.ie n .IP """pub"" (\fB\s-1OSSL_PKEY_PARAM_PUB_KEY\s0\fR) or " 4 +.el .IP "``pub'' (\fB\s-1OSSL_PKEY_PARAM_PUB_KEY\s0\fR) or " 4 +.IX Item "pub (OSSL_PKEY_PARAM_PUB_KEY) or " +The public key value. +.ie n .IP """priv"" (\fB\s-1OSSL_PKEY_PARAM_PRIV_KEY\s0\fR) or " 4 +.el .IP "``priv'' (\fB\s-1OSSL_PKEY_PARAM_PRIV_KEY\s0\fR) or " 4 +.IX Item "priv (OSSL_PKEY_PARAM_PRIV_KEY) or " +The private key value. +.ie n .IP """p"" (\fB\s-1OSSL_PKEY_PARAM_FFC_P\s0\fR) " 4 +.el .IP "``p'' (\fB\s-1OSSL_PKEY_PARAM_FFC_P\s0\fR) " 4 +.IX Item "p (OSSL_PKEY_PARAM_FFC_P) " +A \s-1DSA\s0 or Diffie-Hellman \*(L"p\*(R" value. +.ie n .IP """q"" (\fB\s-1OSSL_PKEY_PARAM_FFC_Q\s0\fR) " 4 +.el .IP "``q'' (\fB\s-1OSSL_PKEY_PARAM_FFC_Q\s0\fR) " 4 +.IX Item "q (OSSL_PKEY_PARAM_FFC_Q) " +A \s-1DSA\s0 or Diffie-Hellman \*(L"q\*(R" value. +.ie n .IP """g"" (\fB\s-1OSSL_PKEY_PARAM_FFC_G\s0\fR) " 4 +.el .IP "``g'' (\fB\s-1OSSL_PKEY_PARAM_FFC_G\s0\fR) " 4 +.IX Item "g (OSSL_PKEY_PARAM_FFC_G) " +A \s-1DSA\s0 or Diffie-Hellman \*(L"g\*(R" value. +.SS "Built-in X25519, X448, \s-1ED25519\s0 and \s-1ED448\s0 Import/Export Types" +.IX Subsection "Built-in X25519, X448, ED25519 and ED448 Import/Export Types" +The following Import/Export types are available for the built-in X25519, X448, +\&\s-1ED25519\s0 and X448 algorithms: +.ie n .IP """pub"" (\fB\s-1OSSL_PKEY_PARAM_PUB_KEY\s0\fR) " 4 +.el .IP "``pub'' (\fB\s-1OSSL_PKEY_PARAM_PUB_KEY\s0\fR) " 4 +.IX Item "pub (OSSL_PKEY_PARAM_PUB_KEY) " +The public key value. +.ie n .IP """priv"" (\fB\s-1OSSL_PKEY_PARAM_PRIV_KEY\s0\fR) " 4 +.el .IP "``priv'' (\fB\s-1OSSL_PKEY_PARAM_PRIV_KEY\s0\fR) " 4 +.IX Item "priv (OSSL_PKEY_PARAM_PRIV_KEY) " +The private key value. +.SS "Information Parameters" +.IX Subsection "Information Parameters" +See \s-1\fIOSSL_PARAM\s0\fR\|(3) for further details on the parameters structure. +.PP +Parameters currently recognised by built-in keymgmt algorithms +are as follows. +Not all parameters are relevant to, or are understood by all keymgmt +algorithms: +.ie n .IP """bits"" (\fB\s-1OSSL_PKEY_PARAM_BITS\s0\fR) " 4 +.el .IP "``bits'' (\fB\s-1OSSL_PKEY_PARAM_BITS\s0\fR) " 4 +.IX Item "bits (OSSL_PKEY_PARAM_BITS) " +The value should be the cryptographic length of the cryptosystem to +which the key belongs, in bits. The definition of cryptographic +length is specific to the key cryptosystem. +.ie n .IP """max-size"" (\fB\s-1OSSL_PKEY_PARAM_MAX_SIZE\s0\fR) " 4 +.el .IP "``max-size'' (\fB\s-1OSSL_PKEY_PARAM_MAX_SIZE\s0\fR) " 4 +.IX Item "max-size (OSSL_PKEY_PARAM_MAX_SIZE) " +The value should be the maximum size that a caller should allocate to +safely store a signature (called \fIsig\fR in \fIprovider\-signature\fR\|(7)), +the result of asymmmetric encryption / decryption (\fIout\fR in +\&\fIprovider\-asym_cipher\fR\|(7), a derived secret (\fIsecret\fR in +\&\fIprovider\-keyexch\fR\|(7), and similar data). +.Sp +Because an \s-1EVP_KEYMGMT\s0 method is always tightly bound to another method +(signature, asymmetric cipher, key exchange, ...) and must be of the +same provider, this number only needs to be synchronised with the +dimensions handled in the rest of the same provider. +.ie n .IP """security-bits"" (\fB\s-1OSSL_PKEY_PARAM_SECURITY_BITS\s0\fR) " 4 +.el .IP "``security-bits'' (\fB\s-1OSSL_PKEY_PARAM_SECURITY_BITS\s0\fR) " 4 +.IX Item "security-bits (OSSL_PKEY_PARAM_SECURITY_BITS) " +The value should be the number of security bits of the given key. +Bits of security is defined in \s-1SP800\-57\s0. +.ie n .IP """use-cofactor-flag"" (\fB\s-1OSSL_PKEY_PARAM_USE_COFACTOR_FLAG\s0\fR, \fB\s-1OSSL_PKEY_PARAM_USE_COFACTOR_ECDH\s0\fR) " 4 +.el .IP "``use-cofactor-flag'' (\fB\s-1OSSL_PKEY_PARAM_USE_COFACTOR_FLAG\s0\fR, \fB\s-1OSSL_PKEY_PARAM_USE_COFACTOR_ECDH\s0\fR) " 4 +.IX Item "use-cofactor-flag (OSSL_PKEY_PARAM_USE_COFACTOR_FLAG, OSSL_PKEY_PARAM_USE_COFACTOR_ECDH) " +The value should be either 1 or 0, to respectively enable or disable +use of the cofactor in operations using this key. +.Sp +In the context of a key that can be used to perform an Elliptic Curve +Diffie-Hellman key exchange, this parameter can be used to mark a requirement +for using the Cofactor Diffie-Hellman (\s-1CDH\s0) variant of the key exchange +algorithm. +.Sp +See also \fIprovider\-keyexch\fR\|(7) for the related +\&\fB\s-1OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE\s0\fR parameter that can be set on a +per-operation basis. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOP_keymgmt_new()\fR should return a valid reference to the newly created provider +side key object, or \s-1NULL\s0 on failure. +.PP +\&\fIOP_keymgmt_import()\fR, \fIOP_keymgmt_export()\fR, \fIOP_keymgmt_get_params()\fR and +\&\fIOP_keymgmt_set_params()\fR should return 1 for success or 0 on error. +.PP +\&\fIOP_keymgmt_validate()\fR should return 1 on successful validation, or 0 on +failure. +.PP +\&\fIOP_keymgmt_has()\fR should return 1 if all the selected data subsets are contained +in the given \fIkeydata\fR or 0 otherwise. +.PP +\&\fIOP_keymgmt_query_operation_name()\fR should return a pointer to a string matching +the requested operation, or \s-1NULL\s0 if the same name used to fetch the keymgmt +applies. +.PP +\&\fIOP_keymgmt_gettable_params()\fR and \fIOP_keymgmt_settable_params()\fR +\&\fIOP_keymgmt_import_types()\fR, \fIOP_keymgmt_export_types()\fR +should +always return a constant \fB\s-1OSSL_PARAM\s0\fR array. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIprovider\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \s-1KEYMGMT\s0 interface was introduced in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019\-2020 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man7/provider-mac.7 b/linux_amd64/ssl/share/man/man7/provider-mac.7 new file mode 100755 index 0000000..8d40a61 --- /dev/null +++ b/linux_amd64/ssl/share/man/man7/provider-mac.7 @@ -0,0 +1,352 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PROVIDER-MAC 7" +.TH PROVIDER-MAC 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +provider\-mac \- The mac library <\-> provider functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& #include +\& #include +\& +\& /* +\& * None of these are actual functions, but are displayed like this for +\& * the function signatures for functions that are offered as function +\& * pointers in OSSL_DISPATCH arrays. +\& */ +\& +\& /* Context management */ +\& void *OP_mac_newctx(void *provctx); +\& void OP_mac_freectx(void *mctx); +\& void *OP_mac_dupctx(void *src); +\& +\& /* Encryption/decryption */ +\& int OP_mac_init(void *mctx); +\& int OP_mac_update(void *mctx, const unsigned char *in, size_t inl); +\& int OP_mac_final(void *mctx, unsigned char *out, size_t *outl, size_t outsize); +\& +\& /* MAC parameter descriptors */ +\& const OSSL_PARAM *OP_mac_get_params(void); +\& const OSSL_PARAM *OP_mac_get_ctx_params(void); +\& const OSSL_PARAM *OP_mac_set_ctx_params(void); +\& +\& /* MAC parameters */ +\& int OP_mac_get_params(OSSL_PARAM params[]); +\& int OP_mac_get_ctx_params(void *mctx, OSSL_PARAM params[]); +\& int OP_mac_set_ctx_params(void *mctx, const OSSL_PARAM params[]); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This documentation is primarily aimed at provider authors. See \fIprovider\fR\|(7) +for further information. +.PP +The \s-1MAC\s0 operation enables providers to implement mac algorithms and make +them available to applications via the \s-1API\s0 functions \fIEVP_MAC_init\fR\|(3), +\&\fIEVP_MAC_update\fR\|(3) and \fIEVP_MAC_final\fR\|(3). +.PP +All \*(L"functions\*(R" mentioned here are passed as function pointers between +\&\fIlibcrypto\fR and the provider in \fB\s-1OSSL_DISPATCH\s0\fR arrays via +\&\fB\s-1OSSL_ALGORITHM\s0\fR arrays that are returned by the provider's +\&\fIprovider_query_operation()\fR function +(see \*(L"Provider Functions\*(R" in \fIprovider\-base\fR\|(7)). +.PP +All these \*(L"functions\*(R" have a corresponding function type definition +named \fBOSSL_{name}_fn\fR, and a helper function to retrieve the +function pointer from an \fB\s-1OSSL_DISPATCH\s0\fR element named +\&\fBOSSL_get_{name}\fR. +For example, the \*(L"function\*(R" \fIOP_mac_newctx()\fR has these: +.PP +.Vb 3 +\& typedef void *(OSSL_OP_mac_newctx_fn)(void *provctx); +\& static ossl_inline OSSL_OP_mac_newctx_fn +\& OSSL_get_OP_mac_newctx(const OSSL_DISPATCH *opf); +.Ve +.PP +\&\fB\s-1OSSL_DISPATCH\s0\fR arrays are indexed by numbers that are provided as +macros in \fIopenssl\-core_numbers.h\fR\|(7), as follows: +.PP +.Vb 3 +\& OP_mac_newctx OSSL_FUNC_MAC_NEWCTX +\& OP_mac_freectx OSSL_FUNC_MAC_FREECTX +\& OP_mac_dupctx OSSL_FUNC_MAC_DUPCTX +\& +\& OP_mac_init OSSL_FUNC_MAC_INIT +\& OP_mac_update OSSL_FUNC_MAC_UPDATE +\& OP_mac_final OSSL_FUNC_MAC_FINAL +\& +\& OP_mac_get_params OSSL_FUNC_MAC_GET_PARAMS +\& OP_mac_get_ctx_params OSSL_FUNC_MAC_GET_CTX_PARAMS +\& OP_mac_set_ctx_params OSSL_FUNC_MAC_SET_CTX_PARAMS +\& +\& OP_mac_gettable_params OSSL_FUNC_MAC_GETTABLE_PARAMS +\& OP_mac_gettable_ctx_params OSSL_FUNC_MAC_GETTABLE_CTX_PARAMS +\& OP_mac_settable_ctx_params OSSL_FUNC_MAC_SETTABLE_CTX_PARAMS +.Ve +.PP +A mac algorithm implementation may not implement all of these functions. +In order to be a consistent set of functions, at least the following functions +must be implemented: \fIOP_mac_newctx()\fR, \fIOP_mac_freectx()\fR, \fIOP_mac_init()\fR, +\&\fIOP_mac_update()\fR, \fIOP_mac_final()\fR. +All other functions are optional. +.SS "Context Management Functions" +.IX Subsection "Context Management Functions" +\&\fIOP_mac_newctx()\fR should create and return a pointer to a provider side +structure for holding context information during a mac operation. +A pointer to this context will be passed back in a number of the other mac +operation function calls. +The parameter \fIprovctx\fR is the provider context generated during provider +initialisation (see \fIprovider\fR\|(7)). +.PP +\&\fIOP_mac_freectx()\fR is passed a pointer to the provider side mac context in +the \fImctx\fR parameter. +If it receives \s-1NULL\s0 as \fImctx\fR value, it should not do anything other than +return. +This function should free any resources associated with that context. +.PP +\&\fIOP_mac_dupctx()\fR should duplicate the provider side mac context in the +\&\fImctx\fR parameter and return the duplicate copy. +.SS "Encryption/Decryption Functions" +.IX Subsection "Encryption/Decryption Functions" +\&\fIOP_mac_init()\fR initialises a mac operation given a newly created provider +side mac context in the \fImctx\fR parameter. +.PP +\&\fIOP_mac_update()\fR is called to supply data for \s-1MAC\s0 computation of a previously +initialised mac operation. +The \fImctx\fR parameter contains a pointer to a previously initialised provider +side context. +\&\fIOP_mac_update()\fR may be called multiple times for a single mac operation. +.PP +\&\fIOP_mac_final()\fR completes the \s-1MAC\s0 computation started through previous +\&\fIOP_mac_init()\fR and \fIOP_mac_update()\fR calls. +The \fImctx\fR parameter contains a pointer to the provider side context. +The resulting \s-1MAC\s0 should be written to \fIout\fR and the amount of data written +to \fI*outl\fR, which should not exceed \fIoutsize\fR bytes. +The same expectations apply to \fIoutsize\fR as documented for +\&\fIEVP_MAC_final\fR\|(3). +.SS "Mac Parameters" +.IX Subsection "Mac Parameters" +See \s-1\fIOSSL_PARAM\s0\fR\|(3) for further details on the parameters structure used by +these functions. +.PP +\&\fIOP_mac_get_params()\fR gets details of parameter values associated with the +provider algorithm and stores them in \fIparams\fR. +.PP +\&\fIOP_mac_set_ctx_params()\fR sets mac parameters associated with the given +provider side mac context \fImctx\fR to \fIparams\fR. +Any parameter settings are additional to any that were previously set. +.PP +\&\fIOP_mac_get_ctx_params()\fR gets details of currently set parameter values +associated with the given provider side mac context \fImctx\fR and stores them +in \fIparams\fR. +.PP +\&\fIOP_mac_gettable_params()\fR, \fIOP_mac_gettable_ctx_params()\fR, and +\&\fIOP_mac_settable_ctx_params()\fR all return constant \fB\s-1OSSL_PARAM\s0\fR arrays +as descriptors of the parameters that \fIOP_mac_get_params()\fR, +\&\fIOP_mac_get_ctx_params()\fR, and \fIOP_mac_set_ctx_params()\fR can handle, +respectively. +.PP +Parameters currently recognised by built-in macs are as follows. Not all +parameters are relevant to, or are understood by all macs: +.ie n .IP """key"" (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) " 4 +.el .IP "``key'' (\fB\s-1OSSL_MAC_PARAM_KEY\s0\fR) " 4 +.IX Item "key (OSSL_MAC_PARAM_KEY) " +Sets the key in the associated \s-1MAC\s0 ctx. +.ie n .IP """iv"" (\fB\s-1OSSL_MAC_PARAM_IV\s0\fR) " 4 +.el .IP "``iv'' (\fB\s-1OSSL_MAC_PARAM_IV\s0\fR) " 4 +.IX Item "iv (OSSL_MAC_PARAM_IV) " +Sets the \s-1IV\s0 of the underlying cipher, when applicable. +.ie n .IP """custom"" (\fB\s-1OSSL_MAC_PARAM_CUSTOM\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``custom'' (\fB\s-1OSSL_MAC_PARAM_CUSTOM\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "custom (OSSL_MAC_PARAM_CUSTOM) " +Sets the custom string in the associated \s-1MAC\s0 ctx. +.ie n .IP """salt"" (\fB\s-1OSSL_MAC_PARAM_SALT\s0\fR) " 4 +.el .IP "``salt'' (\fB\s-1OSSL_MAC_PARAM_SALT\s0\fR) " 4 +.IX Item "salt (OSSL_MAC_PARAM_SALT) " +Sets the salt of the underlying cipher, when applicable. +.ie n .IP """xof"" (\fB\s-1OSSL_MAC_PARAM_BLOCK_XOF\s0\fR) " 4 +.el .IP "``xof'' (\fB\s-1OSSL_MAC_PARAM_BLOCK_XOF\s0\fR) " 4 +.IX Item "xof (OSSL_MAC_PARAM_BLOCK_XOF) " +Sets \s-1XOF\s0 mode in the associated \s-1MAC\s0 ctx. +0 means no \s-1XOF\s0 mode, 1 means \s-1XOF\s0 mode. +.ie n .IP """flags"" (\fB\s-1OSSL_MAC_PARAM_FLAGS\s0\fR) " 4 +.el .IP "``flags'' (\fB\s-1OSSL_MAC_PARAM_FLAGS\s0\fR) " 4 +.IX Item "flags (OSSL_MAC_PARAM_FLAGS) " +Gets flags associated with the \s-1MAC\s0. +.ie n .IP """cipher"" (\fB\s-1OSSL_MAC_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``cipher'' (\fB\s-1OSSL_MAC_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "cipher (OSSL_MAC_PARAM_CIPHER) " +.PD 0 +.ie n .IP """digest"" (\fB\s-1OSSL_MAC_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``digest'' (\fB\s-1OSSL_MAC_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "digest (OSSL_MAC_PARAM_DIGEST) " +.PD +Sets the name of the underlying cipher or digest to be used. +It must name a suitable algorithm for the \s-1MAC\s0 that's being used. +.ie n .IP """properties"" (\fB\s-1OSSL_MAC_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``properties'' (\fB\s-1OSSL_MAC_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "properties (OSSL_MAC_PARAM_PROPERTIES) " +Sets the properties to be queried when trying to fetch the underlying algorithm. +This must be given together with the algorithm naming parameter to be +considered valid. +.ie n .IP """size"" (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) " 4 +.el .IP "``size'' (\fB\s-1OSSL_MAC_PARAM_SIZE\s0\fR) " 4 +.IX Item "size (OSSL_MAC_PARAM_SIZE) " +Can be used to get the resulting \s-1MAC\s0 size. +.Sp +With some \s-1MAC\s0 algorithms, it can also be used to set the size that the +resulting \s-1MAC\s0 should have. +Allowable sizes are decided within each implementation. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOP_mac_newctx()\fR and \fIOP_mac_dupctx()\fR should return the newly created +provider side mac context, or \s-1NULL\s0 on failure. +.PP +\&\fIOP_mac_init()\fR, \fIOP_mac_update()\fR, \fIOP_mac_final()\fR, \fIOP_mac_get_params()\fR, +\&\fIOP_mac_get_ctx_params()\fR and \fIOP_mac_set_ctx_params()\fR should return 1 for +success or 0 on error. +.PP +\&\fIOP_mac_gettable_params()\fR, \fIOP_mac_gettable_ctx_params()\fR and +\&\fIOP_mac_settable_ctx_params()\fR should return a constant \fB\s-1OSSL_PARAM\s0\fR +array, or \s-1NULL\s0 if none is offered. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIprovider\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The provider \s-1MAC\s0 interface was introduced in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man7/provider-serializer.7 b/linux_amd64/ssl/share/man/man7/provider-serializer.7 new file mode 100755 index 0000000..fb2e8cf --- /dev/null +++ b/linux_amd64/ssl/share/man/man7/provider-serializer.7 @@ -0,0 +1,370 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PROVIDER-SERIALIZER 7" +.TH PROVIDER-SERIALIZER 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +provider\-serializer \- The SERIALIZER library <\-> provider functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& /* +\& * None of these are actual functions, but are displayed like this for +\& * the function signatures for functions that are offered as function +\& * pointers in OSSL_DISPATCH arrays. +\& */ +\& +\& /* Functions to construct / destruct / manipulate the serializer context */ +\& void *OP_serializer_newctx(void *provctx); +\& void OP_serializer_freectx(void *ctx); +\& int OP_serializer_set_ctx_params(void *ctx, const OSSL_PARAM params[]); +\& const OSSL_PARAM *OP_serializer_settable_ctx_params(void) +\& +\& /* Functions to serialize object data */ +\& int OP_serializer_serialize_data(void *ctx, const OSSL_PARAM *data, +\& BIO *out, +\& OSSL_PASSPHRASE_CALLBACK *cb, +\& void *cbarg); +\& int OP_serializer_serialize_object(void *ctx, void *obj, BIO *out, +\& OSSL_PASSPHRASE_CALLBACK *cb, +\& void *cbarg); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1SERIALIZER\s0 is a generic method to serialize any set of object data +in \s-1\fIOSSL_PARAM\s0\fR\|(3) array form, or any provider side object into +serialized form, and write it to the given \s-1BIO\s0. If the caller wants +to get the serialized stream to memory, it should provide a +\&\fIBIO_s_membuf\fR\|(3). +.PP +The serializer doesn't need to know more about the \fB\s-1BIO\s0\fR pointer than +being able to pass it to the appropriate \s-1BIO\s0 upcalls (see +\&\*(L"Core functions\*(R" in \fIprovider\-base\fR\|(7)). +.PP +The serialization using the \s-1\fIOSSL_PARAM\s0\fR\|(3) array form allows a +serializer to be used for data that's been exported from another +provider, and thereby allow them to exist independently of each +other. +.PP +The serialization using a provider side object can only be safely used +with provider data coming from the same provider, for example keys +with the \s-1KEYMGMT\s0 provider. +.PP +All \*(L"functions\*(R" mentioned here are passed as function pointers between +\&\fIlibcrypto\fR and the provider in \fB\s-1OSSL_DISPATCH\s0\fR arrays via +\&\fB\s-1OSSL_ALGORITHM\s0\fR arrays that are returned by the provider's +\&\fIprovider_query_operation()\fR function +(see \*(L"Provider Functions\*(R" in \fIprovider\-base\fR\|(7)). +.PP +All these \*(L"functions\*(R" have a corresponding function type definition +named \fBOSSL_{name}_fn\fR, and a helper function to retrieve the +function pointer from a \fB\s-1OSSL_DISPATCH\s0\fR element named +\&\fBOSSL_get_{name}\fR. +For example, the \*(L"function\*(R" \fIOP_serializer_serialize_data()\fR has these: +.PP +.Vb 6 +\& typedef int +\& (OSSL_OP_serializer_serialize_data_fn)(void *provctx, +\& const OSSL_PARAM params[], +\& BIO *out); +\& static ossl_inline OSSL_OP_serializer_serialize_data_fn +\& OSSL_get_OP_serializer_serialize_data(const OSSL_DISPATCH *opf); +.Ve +.PP +\&\fB\s-1OSSL_DISPATCH\s0\fR arrays are indexed by numbers that are provided as +macros in \fIopenssl\-core_numbers.h\fR\|(7), as follows: +.PP +.Vb 4 +\& OP_serializer_newctx OSSL_FUNC_SERIALIZER_NEWCTX +\& OP_serializer_freectx OSSL_FUNC_SERIALIZER_FREECTX +\& OP_serializer_set_ctx_params OSSL_FUNC_SERIALIZER_SET_CTX_PARAMS +\& OP_serializer_settable_ctx_params OSSL_FUNC_SERIALIZER_SETTABLE_CTX_PARAMS +\& +\& OP_serializer_serialize_data OSSL_FUNC_SERIALIZER_SERIALIZE_DATA +\& OP_serializer_serialize_object OSSL_FUNC_SERIALIZER_SERIALIZE_OBJECT +.Ve +.SS "Names and properties" +.IX Subsection "Names and properties" +The name of an implementation should match the type of object it +handles. For example, an implementation that serializes an \s-1RSA\s0 key +should be named accordingly. +.PP +To be able to specify exactly what serialization format and what type +of data a serializer implementation is expected to handle, two +additional properties may be given: +.IP "format" 4 +.IX Item "format" +This property is used to specify what kind of output format the +implementation produces. Currently known formats are: +.RS 4 +.IP "text" 4 +.IX Item "text" +An implementation with that format property value outputs human +readable text, making that implementation suitable for \f(CW\*(C`\-text\*(C'\fR output +in diverse \fIopenssl\fR\|(1) commands. +.IP "pem" 4 +.IX Item "pem" +An implementation with that format property value outputs \s-1PEM\s0 +formatted data. +.IP "der" 4 +.IX Item "der" +An implementation with that format property value outputs \s-1DER\s0 +formatted data. +.RE +.RS 4 +.RE +.IP "type" 4 +.IX Item "type" +With objects that have multiple purposes, this can be used to specify +the purpose type. The currently known use cases are asymmetric keys +and key parameters, where the type can be one of: +.RS 4 +.IP "private" 4 +.IX Item "private" +An implementation with that format property value outputs a private +key. +.IP "public" 4 +.IX Item "public" +An implementation with that format property value outputs a public +key. +.IP "parameters" 4 +.IX Item "parameters" +An implementation with that format property value outputs key +parameters. +.RE +.RS 4 +.RE +.PP +The possible values of both these properties is open ended. A +provider may very well specify other formats that libcrypto doesn't +know anything about. +.SS "Context functions" +.IX Subsection "Context functions" +\&\fIOP_serializer_newctx()\fR returns a context to be used with the rest of +the functions. +.PP +\&\fIOP_serializer_freectx()\fR frees the given \fIctx\fR, if it was created by +\&\fIOP_serializer_newctx()\fR. +.PP +\&\fIOP_serializer_set_ctx_params()\fR sets context data according to +parameters from \fIparams\fR that it recognises. Unrecognised parameters +should be ignored. +.PP +\&\fIOP_serializer_settable_ctx_params()\fR returns a constant \fB\s-1OSSL_PARAM\s0\fR +array describing the parameters that \fIOP_serializer_set_ctx_params()\fR +can handle. +.PP +See \s-1\fIOSSL_PARAM\s0\fR\|(3) for further details on the parameters structure used +by \fIOP_serializer_set_ctx_params()\fR and \fIOP_serializer_settable_ctx_params()\fR. +.SS "Serializing functions" +.IX Subsection "Serializing functions" +\&\fIOP_serializer_serialize_data()\fR should take an array of \fB\s-1OSSL_PARAM\s0\fR, +\&\fIdata\fR, and if it contains the data necessary for the object type +that the implementation handles, it should output the object in +serialized form to the \fB\s-1BIO\s0\fR. +.PP +\&\fIOP_serializer_serialize_object()\fR should take a pointer to an object +that it knows intimately, and output that object in serialized form to +the \fB\s-1BIO\s0\fR. The caller \fImust\fR ensure that this function is called +with a pointer that the provider of this function is familiar with. +It is not suitable to use with object pointers coming from other +providers. +.PP +Both serialization functions also take an \fB\s-1OSSL_PASSPHRASE_CALLBACK\s0\fR +function pointer along with a pointer to application data \fIcbarg\fR, +which should be used when a pass phrase prompt is needed. +.SS "Serializer parameters" +.IX Subsection "Serializer parameters" +Parameters currently recognised by built-in serializers are as +follows: +.ie n .IP """cipher"" (\fB\s-1OSSL_SERIALIZER_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``cipher'' (\fB\s-1OSSL_SERIALIZER_PARAM_CIPHER\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "cipher (OSSL_SERIALIZER_PARAM_CIPHER) " +The name of the encryption cipher to be used when generating encrypted +serialization. This is used when serializing private keys, as well as +other objects that need protection. +.Sp +If this name is invalid for the serialization implementation, the +implementation should refuse to perform the serialization, i.e. +\&\fIOP_serializer_serialize_data()\fR and \fIOP_serializer_serialize_object()\fR +should return an error. +.ie n .IP """properties"" (\fB\s-1OSSL_SERIALIZER_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``properties'' (\fB\s-1OSSL_SERIALIZER_PARAM_PROPERTIES\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "properties (OSSL_SERIALIZER_PARAM_PROPERTIES) " +The properties to be queried when trying to fetch the algorithm given +with the \*(L"cipher\*(R" parameter. +This must be given together with the \*(L"cipher\*(R" parameter to be +considered valid. +.Sp +The serialization implementation isn't obligated to use this value. +However, it is recommended that implementations that do not handle +property strings return an error on receiving this parameter unless +its value \s-1NULL\s0 or the empty string. +.ie n .IP """passphrase"" (\fB\s-1OSSL_SERIALIZER_PARAM_PASS\s0\fR) " 4 +.el .IP "``passphrase'' (\fB\s-1OSSL_SERIALIZER_PARAM_PASS\s0\fR) " 4 +.IX Item "passphrase (OSSL_SERIALIZER_PARAM_PASS) " +A pass phrase provided by the application. When this is given, the +built-in serializers will not attempt to use the passphrase callback. +.PP +Parameters currently recognised by the built-in pass phrase callback: +.ie n .IP """info"" (\fB\s-1OSSL_PASSPHRASE_PARAM_INFO\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``info'' (\fB\s-1OSSL_PASSPHRASE_PARAM_INFO\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "info (OSSL_PASSPHRASE_PARAM_INFO) " +A string of information that will become part of the pass phrase +prompt. This could be used to give the user information on what kind +of object it's being prompted for. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOP_serializer_newctx()\fR returns a pointer to a context, or \s-1NULL\s0 on +failure. +.PP +\&\fIOP_serializer_set_ctx_params()\fR returns 1, unless a recognised +parameters was invalid or caused an error, for which 0 is returned. +.PP +\&\fIOP_serializer_settable_ctx_params()\fR returns a pointer to an array of +constant \fB\s-1OSSL_PARAM\s0\fR elements. +.PP +\&\fIOP_serializer_serialize_data()\fR and \fIOP_serializer_serialize_object()\fR +return 1 on success, or 0 on failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIprovider\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \s-1SERIALIZER\s0 interface was introduced in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man7/provider-signature.7 b/linux_amd64/ssl/share/man/man7/provider-signature.7 new file mode 100755 index 0000000..b93841c --- /dev/null +++ b/linux_amd64/ssl/share/man/man7/provider-signature.7 @@ -0,0 +1,355 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PROVIDER-SIGNATURE 7" +.TH PROVIDER-SIGNATURE 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +provider\-signature \- The signature library <\-> provider functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& #include +\& #include +\& +\& /* +\& * None of these are actual functions, but are displayed like this for +\& * the function signatures for functions that are offered as function +\& * pointers in OSSL_DISPATCH arrays. +\& */ +\& +\& /* Context management */ +\& void *OP_signature_newctx(void *provctx); +\& void OP_signature_freectx(void *ctx); +\& void *OP_signature_dupctx(void *ctx); +\& +\& /* Signing */ +\& int OP_signature_sign_init(void *ctx, void *provkey); +\& int OP_signature_sign(void *ctx, unsigned char *sig, size_t *siglen, +\& size_t sigsize, const unsigned char *tbs, size_t tbslen); +\& +\& /* Verifying */ +\& int OP_signature_verify_init(void *ctx, void *provkey); +\& int OP_signature_verify(void *ctx, const unsigned char *sig, size_t siglen, +\& const unsigned char *tbs, size_t tbslen); +\& +\& /* Verify Recover */ +\& int OP_signature_verify_recover_init(void *ctx, void *provkey); +\& int OP_signature_verify_recover(void *ctx, unsigned char *rout, +\& size_t *routlen, size_t routsize, +\& const unsigned char *sig, size_t siglen); +\& +\& /* Signature parameters */ +\& int OP_signature_get_ctx_params(void *ctx, OSSL_PARAM params[]); +\& const OSSL_PARAM *OP_signature_gettable_ctx_params(void); +\& int OP_signature_set_ctx_params(void *ctx, const OSSL_PARAM params[]); +\& const OSSL_PARAM *OP_signature_settable_ctx_params(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This documentation is primarily aimed at provider authors. See \fIprovider\fR\|(7) +for further information. +.PP +The signature (\s-1OSSL_OP_SIGNATURE\s0) operation enables providers to implement +signature algorithms and make them available to applications via the \s-1API\s0 +functions \fIEVP_PKEY_sign\fR\|(3), +\&\fIEVP_PKEY_verify\fR\|(3), +and \fIEVP_PKEY_verify_recover\fR\|(3) (as well +as other related functions). +.PP +All \*(L"functions\*(R" mentioned here are passed as function pointers between +\&\fIlibcrypto\fR and the provider in \fB\s-1OSSL_DISPATCH\s0\fR arrays via +\&\fB\s-1OSSL_ALGORITHM\s0\fR arrays that are returned by the provider's +\&\fIprovider_query_operation()\fR function +(see \*(L"Provider Functions\*(R" in \fIprovider\-base\fR\|(7)). +.PP +All these \*(L"functions\*(R" have a corresponding function type definition +named \fBOSSL_{name}_fn\fR, and a helper function to retrieve the +function pointer from an \fB\s-1OSSL_DISPATCH\s0\fR element named +\&\fBOSSL_get_{name}\fR. +For example, the \*(L"function\*(R" \fIOP_signature_newctx()\fR has these: +.PP +.Vb 3 +\& typedef void *(OSSL_OP_signature_newctx_fn)(void *provctx); +\& static ossl_inline OSSL_OP_signature_newctx_fn +\& OSSL_get_OP_signature_newctx(const OSSL_DISPATCH *opf); +.Ve +.PP +\&\fB\s-1OSSL_DISPATCH\s0\fR arrays are indexed by numbers that are provided as +macros in \fIopenssl\-core_numbers.h\fR\|(7), as follows: +.PP +.Vb 3 +\& OP_signature_newctx OSSL_FUNC_SIGNATURE_NEWCTX +\& OP_signature_freectx OSSL_FUNC_SIGNATURE_FREECTX +\& OP_signature_dupctx OSSL_FUNC_SIGNATURE_DUPCTX +\& +\& OP_signature_sign_init OSSL_FUNC_SIGNATURE_SIGN_INIT +\& OP_signature_sign OSSL_FUNC_SIGNATURE_SIGN +\& +\& OP_signature_verify_init OSSL_FUNC_SIGNATURE_VERIFY_INIT +\& OP_signature_verify OSSL_FUNC_SIGNATURE_VERIFY +\& +\& OP_signature_verify_recover_init OSSL_FUNC_SIGNATURE_VERIFY_RECOVER_INIT +\& OP_signature_verify_recover OSSL_FUNC_SIGNATURE_VERIFY_RECOVER +\& +\& OP_signature_get_ctx_params OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS +\& OP_signature_gettable_ctx_params OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS +\& OP_signature_set_ctx_params OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS +\& OP_signature_settable_ctx_params OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS +.Ve +.PP +A signature algorithm implementation may not implement all of these functions. +In order to be a consistent set of functions a provider must implement +OP_signature_newctx and OP_signature_freectx. +It must also implement both of OP_signature_sign_init and OP_signature_sign, +or both of OP_signature_verify_init and OP_signature_verify, or both of +OP_signature_verify_recover_init and OP_signature_verify_recover. +All other functions are optional. +.PP +A signature algorithm must also implement some mechanism for generating, +loading or importing keys via the key management (\s-1OSSL_OP_KEYMGMT\s0) operation. +See \fIprovider\-keymgmt\fR\|(7) for further details. +.SS "Context Management Functions" +.IX Subsection "Context Management Functions" +\&\fIOP_signature_newctx()\fR should create and return a pointer to a provider side +structure for holding context information during a signature operation. +A pointer to this context will be passed back in a number of the other signature +operation function calls. +The parameter \fIprovctx\fR is the provider context generated during provider +initialisation (see \fIprovider\fR\|(7)). +.PP +\&\fIOP_signature_freectx()\fR is passed a pointer to the provider side signature +context in the \fIctx\fR parameter. +This function should free any resources associated with that context. +.PP +\&\fIOP_signature_dupctx()\fR should duplicate the provider side signature context in +the \fIctx\fR parameter and return the duplicate copy. +.SS "Signing Functions" +.IX Subsection "Signing Functions" +\&\fIOP_signature_sign_init()\fR initialises a context for signing given a provider side +signature context in the \fIctx\fR parameter, and a pointer to a provider key object +in the \fIprovkey\fR parameter. +The key object should have been previously generated, loaded or imported into +the provider using the key management (\s-1OSSL_OP_KEYMGMT\s0) operation (see +\&\fIprovider\-keymgmt\fR\|(7)>. +.PP +\&\fIOP_signature_sign()\fR performs the actual signing itself. +A previously initialised signature context is passed in the \fIctx\fR +parameter. +The data to be signed is pointed to be the \fItbs\fR parameter which is \fItbslen\fR +bytes long. +Unless \fIsig\fR is \s-1NULL\s0, the signature should be written to the location pointed +to by the \fIsig\fR parameter and it should not exceed \fIsigsize\fR bytes in length. +The length of the signature should be written to \fI*siglen\fR. +If \fIsig\fR is \s-1NULL\s0 then the maximum length of the signature should be written to +\&\fI*siglen\fR. +.SS "Verify Functions" +.IX Subsection "Verify Functions" +\&\fIOP_signature_verify_init()\fR initialises a context for verifying a signature given +a provider side signature context in the \fIctx\fR parameter, and a pointer to a +provider key object in the \fIprovkey\fR parameter. +The key object should have been previously generated, loaded or imported into +the provider using the key management (\s-1OSSL_OP_KEYMGMT\s0) operation (see +\&\fIprovider\-keymgmt\fR\|(7)>. +.PP +\&\fIOP_signature_verify()\fR performs the actual verification itself. +A previously initialised signature context is passed in the \fIctx\fR parameter. +The data that the signature covers is pointed to be the \fItbs\fR parameter which +is \fItbslen\fR bytes long. +The signature is pointed to by the \fIsig\fR parameter which is \fIsiglen\fR bytes +long. +.SS "Verify Recover Functions" +.IX Subsection "Verify Recover Functions" +\&\fIOP_signature_verify_recover_init()\fR initialises a context for recovering the +signed data given a provider side signature context in the \fIctx\fR parameter, and +a pointer to a provider key object in the \fIprovkey\fR parameter. +The key object should have been previously generated, loaded or imported into +the provider using the key management (\s-1OSSL_OP_KEYMGMT\s0) operation (see +\&\fIprovider\-keymgmt\fR\|(7)>. +.PP +\&\fIOP_signature_verify_recover()\fR performs the actual verify recover itself. +A previously initialised signature context is passed in the \fIctx\fR parameter. +The signature is pointed to by the \fIsig\fR parameter which is \fIsiglen\fR bytes +long. +Unless \fIrout\fR is \s-1NULL\s0, the recovered data should be written to the location +pointed to by \fIrout\fR which should not exceed \fIroutsize\fR bytes in length. +The length of the recovered data should be written to \fI*routlen\fR. +If \fIrout\fR is \s-1NULL\s0 then the maximum size of the output buffer is written to +the \fIroutlen\fR parameter. +.SS "Signature Parameters" +.IX Subsection "Signature Parameters" +See \s-1\fIOSSL_PARAM\s0\fR\|(3) for further details on the parameters structure used by +the \fIOP_signature_get_ctx_params()\fR and \fIOP_signature_set_ctx_params()\fR functions. +.PP +\&\fIOP_signature_get_ctx_params()\fR gets signature parameters associated with the +given provider side signature context \fIctx\fR and stored them in \fIparams\fR. +\&\fIOP_signature_set_ctx_params()\fR sets the signature parameters associated with the +given provider side signature context \fIctx\fR to \fIparams\fR. +Any parameter settings are additional to any that were previously set. +.PP +Parameters currently recognised by built-in signature algorithms are as +follows. +Not all parameters are relevant to, or are understood by all signature +algorithms: +.ie n .IP """digest"" (\fB\s-1OSSL_SIGNATURE_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.el .IP "``digest'' (\fB\s-1OSSL_SIGNATURE_PARAM_DIGEST\s0\fR) <\s-1UTF8\s0 string>" 4 +.IX Item "digest (OSSL_SIGNATURE_PARAM_DIGEST) " +Get or sets the name of the digest algorithm used for the input to the signature +functions. +.ie n .IP """digest-size"" (\fB\s-1OSSL_SIGNATURE_PARAM_DIGEST_SIZE\s0\fR) " 4 +.el .IP "``digest-size'' (\fB\s-1OSSL_SIGNATURE_PARAM_DIGEST_SIZE\s0\fR) " 4 +.IX Item "digest-size (OSSL_SIGNATURE_PARAM_DIGEST_SIZE) " +Gets or sets the output size of the digest algorithm used for the input to the +signature functions. +The length of the \*(L"digest-size\*(R" parameter should not exceed that of a \fBsize_t\fR. +.PP +\&\fIOP_signature_gettable_ctx_params()\fR and \fIOP_signature_settable_ctx_params()\fR get a +constant \fB\s-1OSSL_PARAM\s0\fR array that describes the gettable and settable parameters, +i.e. parameters that can be used with \fIOP_signature_get_ctx_params()\fR and +\&\fIOP_signature_set_ctx_params()\fR respectively. +See \s-1\fIOSSL_PARAM\s0\fR\|(3) for the use of \fB\s-1OSSL_PARAM\s0\fR as parameter descriptor. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOP_signature_newctx()\fR and \fIOP_signature_dupctx()\fR should return the newly created +provider side signature, or \s-1NULL\s0 on failure. +.PP +All other functions should return 1 for success or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIprovider\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The provider \s-1SIGNATURE\s0 interface was introduced in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man7/provider.7 b/linux_amd64/ssl/share/man/man7/provider.7 new file mode 100755 index 0000000..09d18f9 --- /dev/null +++ b/linux_amd64/ssl/share/man/man7/provider.7 @@ -0,0 +1,493 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PROVIDER 7" +.TH PROVIDER 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +provider \- OpenSSL operation implementation providers +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +#include +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +.SS "General" +.IX Subsection "General" +A \fIprovider\fR, in OpenSSL terms, is a unit of code that provides one +or more implementations for various operations for diverse algorithms +that one might want to perform. +.PP +An \fIoperation\fR is something one wants to do, such as encryption and +decryption, key derivation, \s-1MAC\s0 calculation, signing and verification, +etc. +.PP +An \fIalgorithm\fR is a named method to perform an operation. +Very often, the algorithms revolve around cryptographic operations, +but may also revolve around other types of operation, such as managing +certain types of objects. +.SS "Provider" +.IX Subsection "Provider" +\&\fI\s-1NOTE:\s0 This section is mostly interesting for provider authors.\fR +.PP +A \fIprovider\fR offers an initialization function, as a set of base +functions in the form of an \fB\s-1OSSL_DISPATCH\s0\fR array, and by extension, +a set of \fB\s-1OSSL_ALGORITHM\s0\fRs (see \fIopenssl\-core.h\fR\|(7)). +It may be a dynamically loadable module, or may be built-in, in +OpenSSL libraries or in the application. +If it's a dynamically loadable module, the initialization function +must be named \f(CW\*(C`OSSL_provider_init\*(C'\fR and must be exported. +If it's built-in, the initialization function may have any name. +.PP +The initialization function must have the following signature: +.PP +.Vb 3 +\& int NAME(const OSSL_PROVIDER *provider, +\& const OSSL_DISPATCH *in, const OSSL_DISPATCH **out, +\& void **provctx); +.Ve +.PP +\&\fIprovider\fR is the OpenSSL library object for the provider, and works +as a handle for everything the OpenSSL libraries need to know about +the provider. +For the provider itself, it may hold some interesting information, +and is also passed to some of the functions given in the dispatch +array \fIin\fR. +.PP +\&\fIin\fR is a dispatch array of base functions offered by the OpenSSL +libraries, and the available functions are further described in +\&\fIprovider\-base\fR\|(7). +.PP +\&\fI*out\fR must be assigned a dispatch array of base functions that the +provider offers to the OpenSSL libraries. +The functions that may be offered are further described in +\&\fIprovider\-base\fR\|(7), and they are the central means of communication +between the OpenSSL libraries and the provider. +.PP +\&\fI*provctx\fR should be assigned a provider specific context to allow +the provider multiple simultaneous uses. +This pointer will be passed to various operation functions offered by +the provider. +.PP +One of the functions the provider offers to the OpenSSL libraries is +the central mechanism for the OpenSSL libraries to get access to +operation implementations for diverse algorithms. +Its referred to with the number \fB\s-1OSSL_FUNC_PROVIDER_QUERY_OPERATION\s0\fR +and has the following signature: +.PP +.Vb 3 +\& const OSSL_ALGORITHM *provider_query_operation(void *provctx, +\& int operation_id, +\& const int *no_store); +.Ve +.PP +\&\fIprovctx\fR is the provider specific context that was passed back by +the initialization function. +.PP +\&\fIoperation_id\fR is an operation identity (see \*(L"Operations\*(R" below). +.PP +\&\fIno_store\fR is a flag back to the OpenSSL libraries which, when +nonzero, signifies that the OpenSSL libraries will not store a +reference to the returned data in their internal store of +implementations. +.PP +The returned \fB\s-1OSSL_ALGORITHM\s0\fR is the foundation of any OpenSSL +library \s-1API\s0 that uses providers for their implementation, most +commonly in the \fIfetching\fR type of functions +(see \*(L"Fetching algorithms\*(R" below). +.SS "Operations" +.IX Subsection "Operations" +\&\fI\s-1NOTE:\s0 This section is mostly interesting for provider authors.\fR +.PP +Operations are referred to with numbers, via macros with names +starting with \f(CW\*(C`OSSL_OP_\*(C'\fR. +.PP +With each operation comes a set of defined function types that a +provider may or may not offer, depending on its needs. +.PP +Currently available operations are: +.IP "Digests" 4 +.IX Item "Digests" +In the OpenSSL libraries, the corresponding method object is +\&\fB\s-1EVP_MD\s0\fR. +The number for this operation is \fB\s-1OSSL_OP_DIGEST\s0\fR. +The functions the provider can offer are described in +\&\fIprovider\-digest\fR\|(7) +.IP "Symmetric ciphers" 4 +.IX Item "Symmetric ciphers" +In the OpenSSL libraries, the corresponding method object is +\&\fB\s-1EVP_CIPHER\s0\fR. +The number for this operation is \fB\s-1OSSL_OP_CIPHER\s0\fR. +The functions the provider can offer are described in +\&\fIprovider\-cipher\fR\|(7) +.IP "Message Authentication Code (\s-1MAC\s0)" 4 +.IX Item "Message Authentication Code (MAC)" +In the OpenSSL libraries, the corresponding method object is +\&\fB\s-1EVP_MAC\s0\fR. +The number for this operation is \fB\s-1OSSL_OP_MAC\s0\fR. +The functions the provider can offer are described in +\&\fIprovider\-mac\fR\|(7) +.IP "Key Derivation Function (\s-1KDF\s0)" 4 +.IX Item "Key Derivation Function (KDF)" +In the OpenSSL libraries, the corresponding method object is +\&\fB\s-1EVP_KDF\s0\fR. +The number for this operation is \fB\s-1OSSL_OP_KDF\s0\fR. +The functions the provider can offer are described in +\&\fIprovider\-kdf\fR\|(7) +.IP "Key Exchange" 4 +.IX Item "Key Exchange" +In the OpenSSL libraries, the corresponding method object is +\&\fB\s-1EVP_KEYEXCH\s0\fR. +The number for this operation is \fB\s-1OSSL_OP_KEYEXCH\s0\fR. +The functions the provider can offer are described in +\&\fIprovider\-keyexch\fR\|(7) +.IP "Serialization" 4 +.IX Item "Serialization" +In the OpenSSL libraries, the corresponding method object is +\&\fB\s-1OSSL_SERIALIZER\s0\fR. +The number for this operation is \fB\s-1OSSL_OP_SERIALIZER\s0\fR. +The functions the provider can offer are described in +\&\fIprovider\-serializer\fR\|(7) +.SS "Fetching algorithms" +.IX Subsection "Fetching algorithms" +\fIExplicit fetch\fR +.IX Subsection "Explicit fetch" +.PP +\&\fI\s-1NOTE:\s0 This section is mostly interesting to OpenSSL users.\fR +.PP +Users of the OpenSSL libraries never query the provider directly for +its diverse implementations and dispatch tables. +Instead, the diverse OpenSSL APIs often have fetching functions that +do the work, and they return an appropriate method object back to the +user. +These functions usually have the name \f(CW\*(C`APINAME_fetch\*(C'\fR, where +\&\f(CW\*(C`APINAME\*(C'\fR is the name of the \s-1API\s0, for example \fIEVP_MD_fetch\fR\|(3). +.PP +These fetching functions follow a fairly common pattern, where three +arguments are passed: +.IP "The library context" 4 +.IX Item "The library context" +See \s-1\fIOPENSSL_CTX\s0\fR\|(3) for a more detailed description. +This may be \s-1NULL\s0 to signify the default (global) library context, or a +context created by the user. +Only providers loaded in this library context (see +\&\fIOSSL_PROVIDER_load\fR\|(3)) will be considered by the fetching +function. +.IP "An identifier" 4 +.IX Item "An identifier" +This is most commonly an algorithm name (this is the case for all \s-1EVP\s0 +methods), but may also be called something else. +.IP "A property query string" 4 +.IX Item "A property query string" +See \fIproperty\fR\|(7) for a more detailed description. +This is used to select more exactly which providers will get to offer +an implementation. +.PP +The method object that is fetched can then be used with diverse other +functions that use them, for example \fIEVP_DigestInit_ex\fR\|(3). +.PP +\fIImplicit fetch\fR +.IX Subsection "Implicit fetch" +.PP +\&\fI\s-1NOTE:\s0 This section is mostly interesting to OpenSSL users.\fR +.PP +OpenSSL has a number of functions that return a method object with no +associated implementation, such as \fIEVP_sha256\fR\|(3), +\&\fIEVP_blake2b512\fR\|(3) or \fIEVP_aes_128_cbc\fR\|(3), which are present for +compatibility with OpenSSL before version 3.0. +.PP +When they are used with functions like \fIEVP_DigestInit_ex\fR\|(3) or +\&\fIEVP_CipherInit_ex\fR\|(3), the actual implementation to be used is +fetched implicitly using default search criteria. +.PP +Implicit fetching can also occur when a \s-1NULL\s0 algorithm parameter is +supplied. +In this case an algorithm implementation is implicitly fetched using +default search criteria and an algorithm name that is consistent with +the type of \s-1EVP_PKEY\s0 being used. +.PP +\fIAlgorithm naming\fR +.IX Subsection "Algorithm naming" +.PP +Algorithm names are case insensitive. Any particular algorithm can have multiple +aliases associated with it. The canonical OpenSSL naming scheme follows this +format: +.PP +ALGNAME[\s-1VERSION\s0?][\-SUBNAME[\s-1VERSION\s0?]?][\-SIZE?][\-MODE?] +.PP +\&\s-1VERSION\s0 is only present if there are multiple versions of an algorithm (e.g. +\&\s-1MD2\s0, \s-1MD4\s0, \s-1MD5\s0). It may be omitted if there is only one version. +.PP +\&\s-1SUBNAME\s0 may be present where multiple algorithms are combined together, +e.g. \s-1MD5\-SHA1\s0. +.PP +\&\s-1SIZE\s0 is only present if multiple versions of an algorithm exist with different +sizes (e.g. \s-1AES\-128\-CBC\s0, \s-1AES\-256\-CBC\s0) +.PP +\&\s-1MODE\s0 is only present where applicable. +.PP +Other aliases may exist for example where standards bodies or common practice +use alternative names or names that OpenSSL has used historically. +.SH "OPENSSL PROVIDERS" +.IX Header "OPENSSL PROVIDERS" +OpenSSL comes with a set of providers. +.PP +The algorithms available in each of these providers may vary due to build time +configuration options. The \fIopenssl\-list\fR\|(1) command can be used to list the +currently available algorithms. +.PP +The names of the algorithms shown from \fIopenssl\-list\fR\|(1) can be used as an +algorithm identifier to the appropriate fetching function. +.SS "Default provider" +.IX Subsection "Default provider" +The default provider is built in as part of the \fIlibcrypto\fR library. +Should it be needed (if other providers are loaded and offer +implementations of the same algorithms), the property \*(L"provider=default\*(R" +can be used as a search criterion for these implementations. Some +non-cryptographic algorithms (such as serializers for loading keys and +parameters from files) are not \s-1FIPS\s0 algorithm implementations in themselves but +support algorithms from the \s-1FIPS\s0 provider and are allowed for use in \*(L"\s-1FIPS\s0 +mode\*(R". The property \*(L"fips=yes\*(R" can be used to select such algorithms. +.SS "\s-1FIPS\s0 provider" +.IX Subsection "FIPS provider" +The \s-1FIPS\s0 provider is a dynamically loadable module, and must therefore +be loaded explicitly, either in code or through OpenSSL configuration +(see \fIconfig\fR\|(5)). +Should it be needed (if other providers are loaded and offer +implementations of the same algorithms), the property \*(L"provider=fips\*(R" can +be used as a search criterion for these implementations. All algorithm +implementations in the \s-1FIPS\s0 provider can also be selected with the property +\&\*(L"fips=yes\*(R". +.SS "Legacy provider" +.IX Subsection "Legacy provider" +The legacy provider is a dynamically loadable module, and must therefore +be loaded explicitly, either in code or through OpenSSL configuration +(see \fIconfig\fR\|(5)). +Should it be needed (if other providers are loaded and offer +implementations of the same algorithms), the property \*(L"provider=legacy\*(R" can be +used as a search criterion for these implementations. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +.SS "Fetching" +.IX Subsection "Fetching" +Fetch any available implementation of \s-1SHA2\-256\s0 in the default context: +.PP +.Vb 3 +\& EVP_MD *md = EVP_MD_fetch(NULL, "SHA2\-256", NULL); +\& ... +\& EVP_MD_meth_free(md); +.Ve +.PP +Fetch any available implementation of \s-1AES\-128\-CBC\s0 in the default context: +.PP +.Vb 3 +\& EVP_CIPHER *cipher = EVP_CIPHER_fetch(NULL, "AES\-128\-CBC", NULL); +\& ... +\& EVP_CIPHER_meth_free(cipher); +.Ve +.PP +Fetch an implementation of \s-1SHA2\-256\s0 from the default provider in the default +context: +.PP +.Vb 3 +\& EVP_MD *md = EVP_MD_fetch(NULL, "SHA2\-256", "provider=default"); +\& ... +\& EVP_MD_meth_free(md); +.Ve +.PP +Fetch an implementation of \s-1SHA2\-256\s0 that is not from the default provider in the +default context: +.PP +.Vb 3 +\& EVP_MD *md = EVP_MD_fetch(NULL, "SHA2\-256", "provider!=default"); +\& ... +\& EVP_MD_meth_free(md); +.Ve +.PP +Fetch an implementation of \s-1SHA2\-256\s0 from the default provider in the specified +context: +.PP +.Vb 3 +\& EVP_MD *md = EVP_MD_fetch(ctx, "SHA2\-256", "provider=default"); +\& ... +\& EVP_MD_meth_free(md); +.Ve +.PP +Load the legacy provider into the default context and then fetch an +implementation of \s-1WHIRLPOOL\s0 from it: +.PP +.Vb 2 +\& /* This only needs to be done once \- usually at application start up */ +\& OSSL_PROVIDER *legacy = OSSL_PROVIDER_load(NULL, "legacy"); +\& +\& EVP_MD *md = EVP_MD_fetch(NULL, "WHIRLPOOL", "provider=legacy"); +\& ... +\& EVP_MD_meth_free(md); +.Ve +.PP +Note that in the above example the property string \*(L"provider=legacy\*(R" is optional +since, assuming no other providers have been loaded, the only implementation of +the \*(L"whirlpool\*(R" algorithm is in the \*(L"legacy\*(R" provider. Also note that the +default provider should be explicitly loaded if it is required in addition to +other providers: +.PP +.Vb 3 +\& /* This only needs to be done once \- usually at application start up */ +\& OSSL_PROVIDER *legacy = OSSL_PROVIDER_load(NULL, "legacy"); +\& OSSL_PROVIDER *default = OSSL_PROVIDER_load(NULL, "default"); +\& +\& EVP_MD *md_whirlpool = EVP_MD_fetch(NULL, "whirlpool", NULL); +\& EVP_MD *md_sha256 = EVP_MD_fetch(NULL, "SHA2\-256", NULL); +\& ... +\& EVP_MD_meth_free(md_whirlpool); +\& EVP_MD_meth_free(md_sha256); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_DigestInit_ex\fR\|(3), \fIEVP_EncryptInit_ex\fR\|(3), +\&\s-1\fIOPENSSL_CTX\s0\fR\|(3), +\&\fIEVP_set_default_properties\fR\|(3), +\&\fIEVP_MD_fetch\fR\|(3), +\&\fIEVP_CIPHER_fetch\fR\|(3), +\&\fIEVP_KEYMGMT_fetch\fR\|(3), +\&\fIopenssl\-core.h\fR\|(7), +\&\fIprovider\-base\fR\|(7), +\&\fIprovider\-digest\fR\|(7), +\&\fIprovider\-cipher\fR\|(7), +\&\fIprovider\-keyexch\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The concept of providers and everything surrounding them was +introduced in OpenSSL 3.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man7/proxy-certificates.7 b/linux_amd64/ssl/share/man/man7/proxy-certificates.7 new file mode 100755 index 0000000..8dfb636 --- /dev/null +++ b/linux_amd64/ssl/share/man/man7/proxy-certificates.7 @@ -0,0 +1,469 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PROXY-CERTIFICATES 7" +.TH PROXY-CERTIFICATES 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +proxy\-certificates \- Proxy certificates in OpenSSL +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Proxy certificates are defined in \s-1RFC\s0 3820. They are used to +extend rights to some other entity (a computer process, typically, or +sometimes to the user itself). This allows the entity to perform +operations on behalf of the owner of the \s-1EE\s0 (End Entity) certificate. +.PP +The requirements for a valid proxy certificate are: +.IP "\(bu" 4 +They are issued by an End Entity, either a normal \s-1EE\s0 certificate, or +another proxy certificate. +.IP "\(bu" 4 +They must not have the \fBsubjectAltName\fR or \fBissuerAltName\fR +extensions. +.IP "\(bu" 4 +They must have the \fBproxyCertInfo\fR extension. +.IP "\(bu" 4 +They must have the subject of their issuer, with one \fBcommonName\fR +added. +.SS "Enabling proxy certificate verification" +.IX Subsection "Enabling proxy certificate verification" +OpenSSL expects applications that want to use proxy certificates to be +specially aware of them, and make that explicit. This is done by +setting an X509 verification flag: +.PP +.Vb 1 +\& X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS); +.Ve +.PP +or +.PP +.Vb 1 +\& X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_ALLOW_PROXY_CERTS); +.Ve +.PP +See \*(L"\s-1NOTES\s0\*(R" for a discussion on this requirement. +.SS "Creating proxy certificates" +.IX Subsection "Creating proxy certificates" +Creating proxy certificates can be done using the \fIopenssl\-x509\fR\|(1) +command, with some extra extensions: +.PP +.Vb 3 +\& [ v3_proxy ] +\& # A proxy certificate MUST NEVER be a CA certificate. +\& basicConstraints=CA:FALSE +\& +\& # Usual authority key ID +\& authorityKeyIdentifier=keyid,issuer:always +\& +\& # The extension which marks this certificate as a proxy +\& proxyCertInfo=critical,language:id\-ppl\-anyLanguage,pathlen:1,policy:text:AB +.Ve +.PP +It's also possible to specify the proxy extension in a separate section: +.PP +.Vb 1 +\& proxyCertInfo=critical,@proxy_ext +\& +\& [ proxy_ext ] +\& language=id\-ppl\-anyLanguage +\& pathlen=0 +\& policy=text:BC +.Ve +.PP +The policy value has a specific syntax, \fIsyntag\fR:\fIstring\fR, where the +\&\fIsyntag\fR determines what will be done with the string. The following +\&\fIsyntag\fRs are recognised: +.IP "\fBtext\fR" 4 +.IX Item "text" +indicates that the string is a byte sequence, without any encoding: +.Sp +.Vb 1 +\& policy=text:ra\*:ksmo\*:rga\*os +.Ve +.IP "\fBhex\fR" 4 +.IX Item "hex" +indicates the string is encoded hexadecimal encoded binary data, with +colons between each byte (every second hex digit): +.Sp +.Vb 1 +\& policy=hex:72:E4:6B:73:6D:F6:72:67:E5:73 +.Ve +.IP "\fBfile\fR" 4 +.IX Item "file" +indicates that the text of the policy should be taken from a file. +The string is then a filename. This is useful for policies that are +large (more than a few lines, e.g. \s-1XML\s0 documents). +.PP +\&\fI\s-1NOTE:\s0 The proxy policy value is what determines the rights granted +to the process during the proxy certificate. It's up to the +application to interpret and combine these policies.\fR +.PP +With a proxy extension, creating a proxy certificate is a matter of +two commands: +.PP +.Vb 3 +\& openssl req \-new \-config proxy.cnf \e +\& \-out proxy.req \-keyout proxy.key \e +\& \-subj "/DC=org/DC=openssl/DC=users/CN=proxy 1" +\& +\& openssl x509 \-req \-CAcreateserial \-in proxy.req \-out proxy.crt \e +\& \-CA user.crt \-CAkey user.key \-days 7 \e +\& \-extfile proxy.cnf \-extensions v3_proxy1 +.Ve +.PP +You can also create a proxy certificate using another proxy +certificate as issuer (note: using a different configuration +section for the proxy extensions): +.PP +.Vb 3 +\& openssl req \-new \-config proxy.cnf \e +\& \-out proxy2.req \-keyout proxy2.key \e +\& \-subj "/DC=org/DC=openssl/DC=users/CN=proxy 1/CN=proxy 2" +\& +\& openssl x509 \-req \-CAcreateserial \-in proxy2.req \-out proxy2.crt \e +\& \-CA proxy.crt \-CAkey proxy.key \-days 7 \e +\& \-extfile proxy.cnf \-extensions v3_proxy2 +.Ve +.SS "Using proxy certs in applications" +.IX Subsection "Using proxy certs in applications" +To interpret proxy policies, the application would normally start with +some default rights (perhaps none at all), then compute the resulting +rights by checking the rights against the chain of proxy certificates, +user certificate and \s-1CA\s0 certificates. +.PP +The complicated part is figuring out how to pass data between your +application and the certificate validation procedure. +.PP +The following ingredients are needed for such processing: +.IP "\(bu" 4 +a callback function that will be called for every certificate being +validated. The callback is called several times for each certificate, +so you must be careful to do the proxy policy interpretation at the +right time. You also need to fill in the defaults when the \s-1EE\s0 +certificate is checked. +.IP "\(bu" 4 +a data structure that is shared between your application code and the +callback. +.IP "\(bu" 4 +a wrapper function that sets it all up. +.IP "\(bu" 4 +an ex_data index function that creates an index into the generic +ex_data store that is attached to an X509 validation context. +.PP +The following skeleton code can be used as a starting point: +.PP +.Vb 4 +\& #include +\& #include +\& #include +\& #include +\& +\& #define total_rights 25 +\& +\& /* +\& * In this example, I will use a view of granted rights as a bit +\& * array, one bit for each possible right. +\& */ +\& typedef struct your_rights { +\& unsigned char rights[(total_rights + 7) / 8]; +\& } YOUR_RIGHTS; +\& +\& /* +\& * The following procedure will create an index for the ex_data +\& * store in the X509 validation context the first time it\*(Aqs +\& * called. Subsequent calls will return the same index. +\& */ +\& static int get_proxy_auth_ex_data_idx(X509_STORE_CTX *ctx) +\& { +\& static volatile int idx = \-1; +\& +\& if (idx < 0) { +\& X509_STORE_lock(X509_STORE_CTX_get0_store(ctx)); +\& if (idx < 0) { +\& idx = X509_STORE_CTX_get_ex_new_index(0, +\& "for verify callback", +\& NULL,NULL,NULL); +\& } +\& X509_STORE_unlock(X509_STORE_CTX_get0_store(ctx)); +\& } +\& return idx; +\& } +\& +\& /* Callback to be given to the X509 validation procedure. */ +\& static int verify_callback(int ok, X509_STORE_CTX *ctx) +\& { +\& if (ok == 1) { +\& /* +\& * It\*(Aqs REALLY important you keep the proxy policy check +\& * within this section. It\*(Aqs important to know that when +\& * ok is 1, the certificates are checked from top to +\& * bottom. You get the CA root first, followed by the +\& * possible chain of intermediate CAs, followed by the EE +\& * certificate, followed by the possible proxy +\& * certificates. +\& */ +\& X509 *xs = X509_STORE_CTX_get_current_cert(ctx); +\& +\& if (X509_get_extension_flags(xs) & EXFLAG_PROXY) { +\& YOUR_RIGHTS *rights = +\& (YOUR_RIGHTS *)X509_STORE_CTX_get_ex_data(ctx, +\& get_proxy_auth_ex_data_idx(ctx)); +\& PROXY_CERT_INFO_EXTENSION *pci = +\& X509_get_ext_d2i(xs, NID_proxyCertInfo, NULL, NULL); +\& +\& switch (OBJ_obj2nid(pci\->proxyPolicy\->policyLanguage)) { +\& case NID_Independent: +\& /* +\& * Do whatever you need to grant explicit rights +\& * to this particular proxy certificate, usually +\& * by pulling them from some database. If there +\& * are none to be found, clear all rights (making +\& * this and any subsequent proxy certificate void +\& * of any rights). +\& */ +\& memset(rights\->rights, 0, sizeof(rights\->rights)); +\& break; +\& case NID_id_ppl_inheritAll: +\& /* +\& * This is basically a NOP, we simply let the +\& * current rights stand as they are. +\& */ +\& break; +\& default: +\& /* +\& * This is usually the most complex section of +\& * code. You really do whatever you want as long +\& * as you follow RFC 3820. In the example we use +\& * here, the simplest thing to do is to build +\& * another, temporary bit array and fill it with +\& * the rights granted by the current proxy +\& * certificate, then use it as a mask on the +\& * accumulated rights bit array, and voila\*`, you +\& * now have a new accumulated rights bit array. +\& */ +\& { +\& int i; +\& YOUR_RIGHTS tmp_rights; +\& memset(tmp_rights.rights, 0, +\& sizeof(tmp_rights.rights)); +\& +\& /* +\& * process_rights() is supposed to be a +\& * procedure that takes a string and its +\& * length, interprets it and sets the bits +\& * in the YOUR_RIGHTS pointed at by the +\& * third argument. +\& */ +\& process_rights((char *) pci\->proxyPolicy\->policy\->data, +\& pci\->proxyPolicy\->policy\->length, +\& &tmp_rights); +\& +\& for(i = 0; i < total_rights / 8; i++) +\& rights\->rights[i] &= tmp_rights.rights[i]; +\& } +\& break; +\& } +\& PROXY_CERT_INFO_EXTENSION_free(pci); +\& } else if (!(X509_get_extension_flags(xs) & EXFLAG_CA)) { +\& /* We have an EE certificate, let\*(Aqs use it to set default! */ +\& YOUR_RIGHTS *rights = +\& (YOUR_RIGHTS *)X509_STORE_CTX_get_ex_data(ctx, +\& get_proxy_auth_ex_data_idx(ctx)); +\& +\& /* +\& * The following procedure finds out what rights the +\& * owner of the current certificate has, and sets them +\& * in the YOUR_RIGHTS structure pointed at by the +\& * second argument. +\& */ +\& set_default_rights(xs, rights); +\& } +\& } +\& return ok; +\& } +\& +\& static int my_X509_verify_cert(X509_STORE_CTX *ctx, +\& YOUR_RIGHTS *needed_rights) +\& { +\& int ok; +\& int (*save_verify_cb)(int ok,X509_STORE_CTX *ctx) = +\& X509_STORE_CTX_get_verify_cb(ctx); +\& YOUR_RIGHTS rights; +\& +\& X509_STORE_CTX_set_verify_cb(ctx, verify_callback); +\& X509_STORE_CTX_set_ex_data(ctx, get_proxy_auth_ex_data_idx(ctx), +\& &rights); +\& X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS); +\& ok = X509_verify_cert(ctx); +\& +\& if (ok == 1) { +\& ok = check_needed_rights(rights, needed_rights); +\& } +\& +\& X509_STORE_CTX_set_verify_cb(ctx, save_verify_cb); +\& +\& return ok; +\& } +.Ve +.PP +If you use \s-1SSL\s0 or \s-1TLS\s0, you can easily set up a callback to have the +certificates checked properly, using the code above: +.PP +.Vb 2 +\& SSL_CTX_set_cert_verify_callback(s_ctx, my_X509_verify_cert, +\& &needed_rights); +.Ve +.SH "NOTES" +.IX Header "NOTES" +To this date, it seems that proxy certificates have only been used in +environments that are aware of them, and no one seems to have +investigated how they can be used or misused outside of such an +environment. +.PP +For that reason, OpenSSL requires that applications aware of proxy +certificates must also make that explicit. +.PP +\&\fBsubjectAltName\fR and \fBissuerAltName\fR are forbidden in proxy +certificates, and this is enforced in OpenSSL. The subject must be +the same as the issuer, with one commonName added on. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIX509_STORE_CTX_set_flags\fR\|(3), +\&\fIX509_STORE_CTX_set_verify_cb\fR\|(3), +\&\fIX509_VERIFY_PARAM_set_flags\fR\|(3), +\&\fISSL_CTX_set_cert_verify_callback\fR\|(3), +\&\fIopenssl\-req\fR\|(1), \fIopenssl\-x509\fR\|(1), +\&\s-1RFC\s0 3820 +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man7/ssl.7 b/linux_amd64/ssl/share/man/man7/ssl.7 new file mode 100755 index 0000000..0a2107c --- /dev/null +++ b/linux_amd64/ssl/share/man/man7/ssl.7 @@ -0,0 +1,220 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL 7" +.TH SSL 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ssl \- OpenSSL SSL/TLS library +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +See the individual manual pages for details. +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The OpenSSL \fBssl\fR library implements several versions of the +Secure Sockets Layer, Transport Layer Security, and Datagram Transport Layer +Security protocols. +This page gives a brief overview of the extensive \s-1API\s0 and data types +provided by the library. +.PP +An \fB\s-1SSL_CTX\s0\fR object is created as a framework to establish +\&\s-1TLS/SSL\s0 enabled connections (see \fISSL_CTX_new\fR\|(3)). +Various options regarding certificates, algorithms etc. can be set +in this object. +.PP +When a network connection has been created, it can be assigned to an +\&\fB\s-1SSL\s0\fR object. After the \fB\s-1SSL\s0\fR object has been created using +\&\fISSL_new\fR\|(3), \fISSL_set_fd\fR\|(3) or +\&\fISSL_set_bio\fR\|(3) can be used to associate the network +connection with the object. +.PP +When the \s-1TLS/SSL\s0 handshake is performed using +\&\fISSL_accept\fR\|(3) or \fISSL_connect\fR\|(3) +respectively. +\&\fISSL_read_ex\fR\|(3), \fISSL_read\fR\|(3), \fISSL_write_ex\fR\|(3) and \fISSL_write\fR\|(3) are +used to read and write data on the \s-1TLS/SSL\s0 connection. +\&\fISSL_shutdown\fR\|(3) can be used to shut down the +\&\s-1TLS/SSL\s0 connection. +.SH "DATA STRUCTURES" +.IX Header "DATA STRUCTURES" +Here are some of the main data structures in the library. +.IP "\fB\s-1SSL_METHOD\s0\fR (\s-1SSL\s0 Method)" 4 +.IX Item "SSL_METHOD (SSL Method)" +This is a dispatch structure describing the internal \fBssl\fR library +methods/functions which implement the various protocol versions (SSLv3 +TLSv1, ...). It's needed to create an \fB\s-1SSL_CTX\s0\fR. +.IP "\fB\s-1SSL_CIPHER\s0\fR (\s-1SSL\s0 Cipher)" 4 +.IX Item "SSL_CIPHER (SSL Cipher)" +This structure holds the algorithm information for a particular cipher which +are a core part of the \s-1SSL/TLS\s0 protocol. The available ciphers are configured +on a \fB\s-1SSL_CTX\s0\fR basis and the actual ones used are then part of the +\&\fB\s-1SSL_SESSION\s0\fR. +.IP "\fB\s-1SSL_CTX\s0\fR (\s-1SSL\s0 Context)" 4 +.IX Item "SSL_CTX (SSL Context)" +This is the global context structure which is created by a server or client +once per program life-time and which holds mainly default values for the +\&\fB\s-1SSL\s0\fR structures which are later created for the connections. +.IP "\fB\s-1SSL_SESSION\s0\fR (\s-1SSL\s0 Session)" 4 +.IX Item "SSL_SESSION (SSL Session)" +This is a structure containing the current \s-1TLS/SSL\s0 session details for a +connection: \fB\s-1SSL_CIPHER\s0\fRs, client and server certificates, keys, etc. +.IP "\fB\s-1SSL\s0\fR (\s-1SSL\s0 Connection)" 4 +.IX Item "SSL (SSL Connection)" +This is the main \s-1SSL/TLS\s0 structure which is created by a server or client per +established connection. This actually is the core structure in the \s-1SSL\s0 \s-1API\s0. +At run-time the application usually deals with this structure which has +links to mostly all other structures. +.SH "HEADER FILES" +.IX Header "HEADER FILES" +Currently the OpenSSL \fBssl\fR library provides the following C header files +containing the prototypes for the data structures and functions: +.IP "\fI\fR" 4 +.IX Item "" +This is the common header file for the \s-1SSL/TLS\s0 \s-1API\s0. Include it into your +program to make the \s-1API\s0 of the \fBssl\fR library available. It internally +includes both more private \s-1SSL\s0 headers and headers from the \fBcrypto\fR library. +Whenever you need hard-core details on the internals of the \s-1SSL\s0 \s-1API\s0, look +inside this header file. +This file also includes the others listed below. +.IP "\fI\fR" 4 +.IX Item "" +Unused. Present for backwards compatibility only. +.IP "\fI\fR" 4 +.IX Item "" +This is the sub header file dealing with the SSLv3 protocol only. +.IP "\fI\fR" 4 +.IX Item "" +This is the sub header file dealing with the TLSv1 protocol only. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/linux_amd64/ssl/share/man/man7/x509.7 b/linux_amd64/ssl/share/man/man7/x509.7 new file mode 100755 index 0000000..727d182 --- /dev/null +++ b/linux_amd64/ssl/share/man/man7/x509.7 @@ -0,0 +1,196 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509 7" +.TH X509 7 "2020-03-02" "3.0.0-dev" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +x509 \- X.509 certificate handling +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +An X.509 certificate is a structured grouping of information about +an individual, a device, or anything one can imagine. A X.509 \s-1CRL\s0 +(certificate revocation list) is a tool to help determine if a +certificate is still valid. The exact definition of those can be +found in the X.509 document from ITU-T, or in \s-1RFC3280\s0 from \s-1PKIX\s0. +In OpenSSL, the type X509 is used to express such a certificate, and +the type X509_CRL is used to express a \s-1CRL\s0. +.PP +A related structure is a certificate request, defined in PKCS#10 from +\&\s-1RSA\s0 Security, Inc, also reflected in \s-1RFC2896\s0. In OpenSSL, the type +X509_REQ is used to express such a certificate request. +.PP +To handle some complex parts of a certificate, there are the types +X509_NAME (to express a certificate name), X509_ATTRIBUTE (to express +a certificate attributes), X509_EXTENSION (to express a certificate +extension) and a few more. +.PP +Finally, there's the supertype X509_INFO, which can contain a \s-1CRL\s0, a +certificate and a corresponding private key. +.PP +\&\fBX509_\fR\fI\s-1XXX\s0\fR, \fBd2i_X509_\fR\fI\s-1XXX\s0\fR, and \fBi2d_X509_\fR\fI\s-1XXX\s0\fR functions +handle X.509 certificates, with some exceptions, shown below. +.PP +\&\fBX509_CRL_\fR\fI\s-1XXX\s0\fR, \fBd2i_X509_CRL_\fR\fI\s-1XXX\s0\fR, and \fBi2d_X509_CRL_\fR\fI\s-1XXX\s0\fR +functions handle X.509 CRLs. +.PP +\&\fBX509_REQ_\fR\fI\s-1XXX\s0\fR, \fBd2i_X509_REQ_\fR\fI\s-1XXX\s0\fR, and \fBi2d_X509_REQ_\fR\fI\s-1XXX\s0\fR +functions handle PKCS#10 certificate requests. +.PP +\&\fBX509_NAME_\fR\fI\s-1XXX\s0\fR functions handle certificate names. +.PP +\&\fBX509_ATTRIBUTE_\fR\fI\s-1XXX\s0\fR functions handle certificate attributes. +.PP +\&\fBX509_EXTENSION_\fR\fI\s-1XXX\s0\fR functions handle certificate extensions. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIX509_NAME_ENTRY_get_object\fR\|(3), +\&\fIX509_NAME_add_entry_by_txt\fR\|(3), +\&\fIX509_NAME_add_entry_by_NID\fR\|(3), +\&\fIX509_NAME_print_ex\fR\|(3), +\&\fIX509_NAME_new\fR\|(3), +\&\fId2i_X509\fR\|(3), +\&\fId2i_X509_ALGOR\fR\|(3), +\&\fId2i_X509_CRL\fR\|(3), +\&\fId2i_X509_NAME\fR\|(3), +\&\fId2i_X509_REQ\fR\|(3), +\&\fId2i_X509_SIG\fR\|(3), +\&\fIcrypto\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2003\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +.